From f8a1ac00c59679cffefa274c482e30bdaf5062b4 Mon Sep 17 00:00:00 2001
From: Daniel Keer <4249262+thedxt@users.noreply.github.com>
Date: Wed, 28 Jul 2021 13:09:12 -0600
Subject: [PATCH 001/671] Update
 user-account-control-group-policy-and-registry-key-settings.md

crorecting ConsentPromptBehaviorUser default state is Prompt for credentials not Prompt for credentials on the secure desktop
---
 ...er-account-control-group-policy-and-registry-key-settings.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md b/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
index 130688534d..5bb9b7b708 100644
--- a/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
+++ b/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
@@ -32,7 +32,7 @@ There are 10 Group Policy settings that can be configured for User Account Contr
 | [User Account Control: Admin Approval Mode for the built-in Administrator account](#user-account-control-admin-approval-mode-for-the-built-in-administrator-account) | FilterAdministratorToken | Disabled |
 | [User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop](#user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop) | EnableUIADesktopToggle | Disabled |
 | [User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode](#user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode) | ConsentPromptBehaviorAdmin | Prompt for consent for non-Windows binaries |
-| [User Account Control: Behavior of the elevation prompt for standard users](#user-account-control-behavior-of-the-elevation-prompt-for-standard-users) | ConsentPromptBehaviorUser | Prompt for credentials on the secure desktop |
+| [User Account Control: Behavior of the elevation prompt for standard users](#user-account-control-behavior-of-the-elevation-prompt-for-standard-users) | ConsentPromptBehaviorUser | Prompt for credentials |
 | [User Account Control: Detect application installations and prompt for elevation](#user-account-control-detect-application-installations-and-prompt-for-elevation) | EnableInstallerDetection | Enabled (default for home)<br />Disabled (default for enterprise) |
 | [User Account Control: Only elevate executables that are signed and validated](#user-account-control-only-elevate-executables-that-are-signed-and-validated) | ValidateAdminCodeSignatures | Disabled |
 | [User Account Control: Only elevate UIAccess applications that are installed in secure locations](#user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations) | EnableSecureUIAPaths | Enabled |

From b3109a3105b4bd1676648d1c4fa8fa6e688faa62 Mon Sep 17 00:00:00 2001
From: Daniel Keer <4249262+thedxt@users.noreply.github.com>
Date: Wed, 28 Jul 2021 13:24:52 -0600
Subject: [PATCH 002/671] Update
 user-account-control-group-policy-and-registry-key-settings.md

Correcting User Account Control: Behavior of the elevation prompt for standard users default. The default is Prompt for credentials
---
 ...-account-control-group-policy-and-registry-key-settings.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md b/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
index 5bb9b7b708..6f65b3199e 100644
--- a/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
+++ b/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
@@ -104,8 +104,8 @@ The **User Account Control: Behavior of the elevation prompt for standard users*
 The options are:
 
 -   **Automatically deny elevation requests.** When an operation requires elevation of privilege, a configurable access denied error message is displayed. An enterprise that is running desktops as standard user may choose this setting to reduce help desk calls.
--   **Prompt for credentials on the secure desktop.** (Default) When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a different user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
--   **Prompt for credentials.** When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
+-   **Prompt for credentials on the secure desktop.** When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a different user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
+-   **Prompt for credentials.** (Default) When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
 
 ### User Account Control: Detect application installations and prompt for elevation
 

From 4703174427b0cba0e07b8234680541473a4d10b7 Mon Sep 17 00:00:00 2001
From: Crimsonfox89 <40465227+Crimsonfox89@users.noreply.github.com>
Date: Fri, 13 Aug 2021 21:44:12 +0100
Subject: [PATCH 003/671] Typo fix

"to option to" -> "the option to"
---
 windows/deployment/update/waas-wu-settings.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/update/waas-wu-settings.md b/windows/deployment/update/waas-wu-settings.md
index c136773bec..eb37c09b3c 100644
--- a/windows/deployment/update/waas-wu-settings.md
+++ b/windows/deployment/update/waas-wu-settings.md
@@ -47,7 +47,7 @@ You can use Group Policy settings or mobile device management (MDM) to configure
 
 With Windows 10, admins have a lot of flexibility in configuring how their devices scan and receive updates.
 
-[Specify Intranet Microsoft update service location](#specify-intranet-microsoft-update-service-location) allows admins to point devices to an internal Microsoft update service location, while [Do not connect to any Windows Update Internet locations](#do-not-connect-to-any-windows-update-internet-locations) gives them to option to restrict devices to just that internal update service. [Automatic Updates Detection Frequency](#automatic-updates-detection-frequency) controls how frequently devices scan for updates.
+[Specify Intranet Microsoft update service location](#specify-intranet-microsoft-update-service-location) allows admins to point devices to an internal Microsoft update service location, while [Do not connect to any Windows Update Internet locations](#do-not-connect-to-any-windows-update-internet-locations) gives them the option to restrict devices to just that internal update service. [Automatic Updates Detection Frequency](#automatic-updates-detection-frequency) controls how frequently devices scan for updates.
 
 You can make custom device groups that'll work with your internal Microsoft update service by using [Enable client-side targeting](#enable-client-side-targeting). You can also make sure your devices receive updates that were not signed by Microsoft from your internal Microsoft update service, through [Allow signed updates from an intranet Microsoft update service location](#allow-signed-updates-from-an-intranet-microsoft-update-service-location).
 
@@ -255,4 +255,4 @@ HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\
 - [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md)
 - [Configure BranchCache for Windows 10 updates](waas-branchcache.md)
 - [Configure Windows Update for Business](waas-configure-wufb.md)
-- [Manage device restarts after updates](waas-restart.md)
\ No newline at end of file
+- [Manage device restarts after updates](waas-restart.md)

From e24d17efea14caa4e59f0ece8ec36fa0b1614f65 Mon Sep 17 00:00:00 2001
From: v-dihans <v-dihans@microsoft.com>
Date: Thu, 19 Aug 2021 09:55:15 -0600
Subject: [PATCH 004/671] dh-editpass-demonstrate-deployment-on-vm

---
 .../demonstrate-deployment-on-vm.md           | 144 +++++++++---------
 1 file changed, 75 insertions(+), 69 deletions(-)

diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
index d132aa99a6..effa84ef83 100644
--- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
+++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
@@ -32,7 +32,7 @@ In this topic you'll learn how to set-up a Windows Autopilot deployment for a VM
 > [!NOTE]
 > Although there are [multiple platforms](/mem/autopilot/add-devices#registering-devices) available to enable Autopilot, this lab primarily uses Intune.
 > 
-> Hyper-V and a VM are not required for this lab. You can also use a physical device. However, the instructions assume that you are using a VM. To use a physical device, skip the instructions to install Hyper-V and create a VM. All references to 'device' in the guide refer to the client device, either physical or virtual.
+> Hyper-V and a VM are not required for this lab. You can also use a physical device. However, the instructions assume that you're using a VM. To use a physical device, skip the instructions to install Hyper-V and create a VM. All references to 'device' in the guide refer to the client device, either physical or virtual.
 
 The following video provides an overview of the process:
 
@@ -45,13 +45,13 @@ The following video provides an overview of the process:
 
 These are the things you'll need to complete this lab:
 <table><tr><td>Windows 10 installation media</td><td>Windows 10 Professional or Enterprise (ISO file) for a supported version of Windows 10, semi-annual channel. If you do not already have an ISO to use, a link is provided to download an <a href="https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise" data-raw-source="[evaluation version of Windows 10 Enterprise](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise)">evaluation version of Windows 10 Enterprise</a>.</td></tr>
-<tr><td>Internet access</td><td>If you are behind a firewall, see the detailed <a href="/mem/autopilot/software-requirements#networking-requirements" data-raw-source="[networking requirements](/mem/autopilot/software-requirements#networking-requirements)">networking requirements</a>. Otherwise, just ensure that you have a connection to the Internet.</td></tr>
+<tr><td>Internet access</td><td>If you're behind a firewall, see the detailed <a href="/mem/autopilot/software-requirements#networking-requirements" data-raw-source="[networking requirements](/mem/autopilot/software-requirements#networking-requirements)">networking requirements</a>. Otherwise, just ensure that you have a connection to the Internet.</td></tr>
 <tr><td>Hyper-V or a physical device running Windows 10</td><td>The guide assumes that you will use a Hyper-V VM, and provides instructions to install and configure Hyper-V if needed. To use a physical device, skip the steps to install and configure Hyper-V.</td></tr>
 <tr><td>An account with Azure AD Premium license</td><td>This guide will describe how to obtain a free 30-day trial Azure AD Premium subscription that can be used to complete the lab.</td></tr></table>
 
 ## Procedures
 
-A summary of the sections and procedures in the lab is provided below. Follow each section in the order it is presented, skipping the sections that do not apply to you. Optional procedures are provided in the appendix.
+A summary of the sections and procedures in the lab is provided below. Follow each section in the order it's presented, skipping the sections that do not apply to you. Optional procedures are provided in the appendix.
 
 If you already have Hyper-V and a Windows 10 VM, you can skip directly to the [Capture the hardware ID](#capture-the-hardware-id) step. The VM must be running Windows 10, version 1903 or a later version.
 
@@ -91,11 +91,9 @@ If you already have Hyper-V and a Windows 10 VM, you can skip directly to the [C
 
 ## Verify support for Hyper-V
 
-If you don't already have Hyper-V, we must first enable this on a computer running Windows 10 or Windows Server (2012 R2 or later).
-
-> If you already have Hyper-V enabled, skip to the [create a demo VM](#create-a-demo-vm) step. If you are using a physical device instead of a VM, skip to [Install Windows 10](#install-windows-10).
-
-If you are not sure that your device supports Hyper-V, or you have problems installing Hyper-V, see [appendix A](#appendix-a-verify-support-for-hyper-v) below for details on verifying that Hyper-V can be successfully installed.
+- If you don't already have Hyper-V enabled, enable it on a computer running Windows 10 or Windows Server (2012 R2 or later).
+- If you already have Hyper-V enabled, skip to the [create a demo VM](#create-a-demo-vm) step. If you're using a physical device instead of a VM, skip to [Install Windows 10](#install-windows-10).
+- If you're not sure that your device supports Hyper-V, or you have problems installing Hyper-V, see [appendix A](#appendix-a-verify-support-for-hyper-v) in this article for details on verifying that Hyper-V can be successfully installed.
 
 ## Enable Hyper-V
 
@@ -111,7 +109,7 @@ This command works on all operating systems that support Hyper-V, but on Windows
 Install-WindowsFeature -Name Hyper-V -IncludeManagementTools
 ```
 
-When you are prompted to restart the computer, choose **Yes**. The computer might restart more than once.
+When you're prompted to restart the computer, choose **Yes**. The computer might restart more than once.
 
 Alternatively, you can install Hyper-V using the Control Panel in Windows under **Turn Windows features on or off** for a client operating system, or using Server Manager's **Add Roles and Features Wizard** on a server operating system, as shown below:
 
@@ -119,7 +117,7 @@ Alternatively, you can install Hyper-V using the Control Panel in Windows under
 
    ![Hyper-V](images/svr_mgr2.png)
 
-<P>If you choose to install Hyper-V using Server Manager, accept all default selections. Also be sure to install both items under <strong>Role Administration Tools\Hyper-V Management Tools</strong>.
+If you choose to install Hyper-V using Server Manager, accept all default selections. Also be sure to install both items under **Role Administration Tools\Hyper-V Management Tools**.
 
 After installation is complete, open Hyper-V Manager by typing **virtmgmt.msc** at an elevated command prompt, or by typing **Hyper-V** in the Start menu search box.
 
@@ -127,15 +125,15 @@ To read more about Hyper-V, see [Introduction to Hyper-V on Windows 10](/virtual
 
 ## Create a demo VM
 
-Now that Hyper-V is enabled, we need to create a VM running Windows 10. We can [create a VM](/virtualization/hyper-v-on-windows/quick-start/create-virtual-machine) and [virtual network](/virtualization/hyper-v-on-windows/quick-start/connect-to-network) using Hyper-V Manager, but it is simpler to use Windows PowerShell.
+Now that Hyper-V is enabled, we need to create a VM running Windows 10. We can [create a VM](/virtualization/hyper-v-on-windows/quick-start/create-virtual-machine) and [virtual network](/virtualization/hyper-v-on-windows/quick-start/connect-to-network) using Hyper-V Manager, but it's simpler to use Windows PowerShell.
 
-To use Windows PowerShell, we just need to know two things:
+To use Windows PowerShell, you need to know two things:
 
 1. The location of the Windows 10 ISO file.
 
    In the example, we assume the location is **c:\iso\win10-eval.iso**.
 
-2. The name of the network interface that connects to the Internet.
+2. The name of the network interface that connects to the internet.
 
    In the example, we use a Windows PowerShell command to determine this automatically.
 
@@ -149,7 +147,7 @@ When asked to select a platform, choose **64 bit**.
 
 After you download this file, the name will be extremely long (ex: 19042.508.200927-1902.20h2_release_svc_refresh_CLIENTENTERPRISEEVAL_OEMRET_x64FRE_en-us.iso).
 
-1. So that it is easier to type and remember, rename the file to **win10-eval.iso**.
+1. So that it's easier to type and remember, rename the file to **win10-eval.iso**.
 
 2. Create a directory on your computer named **c:\iso** and move the **win10-eval.iso** file there, so the path to the file is **c:\iso\win10-eval.iso**.
 
@@ -157,13 +155,13 @@ After you download this file, the name will be extremely long (ex: 19042.508.200
 
 ### Determine network adapter name
 
-The Get-NetAdaper cmdlet is used below to automatically find the network adapter that is most likely to be the one you use to connect to the Internet. You should test this command first by running the following at an elevated Windows PowerShell prompt:
+The Get-NetAdaper cmdlet is used to automatically find the network adapter that's most likely to be the one you use to connect to the internet. You should test this command first by running the following at an elevated Windows PowerShell prompt:
 
 ```powershell
 (Get-NetAdapter |?{$_.Status -eq "Up" -and !$_.Virtual}).Name
 ```
 
-The output of this command should be the name of the network interface you use to connect to the Internet. Verify that this is the correct interface name. If it is not the correct interface name, you'll need to edit the first command below to use your network interface name.
+The output of this command should be the name of the network interface you use to connect to the internet. Verify that this is the correct interface name. If it isn't the correct interface name, you'll need to edit the first command below to use your network interface name.
 
 For example, if the command above displays Ethernet but you wish to use Ethernet2, then the first command below would be New-VMSwitch -Name AutopilotExternal -AllowManagementOS $true -NetAdapterName **Ethernet2**.
 
@@ -172,7 +170,10 @@ For example, if the command above displays Ethernet but you wish to use Ethernet
 All VM data will be created under the current path in your PowerShell prompt. Consider navigating into a new folder before running the following commands.
 
 > [!IMPORTANT]
-> **VM switch**: a VM switch is how Hyper-V connects VMs to a network. <br><br>If you have previously enabled Hyper-V and your Internet-connected network interface is already bound to a VM switch, then the PowerShell commands below will fail. In this case, you can either delete the existing VM switch (so that the commands below can create one), or you can reuse this VM switch by skipping the first command below and either modifying the second command to replace the switch name **AutopilotExternal** with the name of your switch, or by renaming your existing switch to "AutopilotExternal."<br><br>If you have never created an external VM switch before, then just run the commands below.<br><br>If you are not sure if you already have an External VM switch, enter **get-vmswitch** at a Windows PowerShell prompt to display a currently list of the VM switches that are provisioned in Hyper-V. If one of them is of SwitchType **External**, then you already have a VM switch configured on the server that is used to connect to the Internet. In this case, you need to skip the first command below and modify the others to use the name of your VM switch instead of the name "AutopilotExternal" (or change the name of your switch).
+> **VM switch**: a VM switch is how Hyper-V connects VMs to a network.
+>- If you have previously enabled Hyper-V and your Internet-connected network interface is already bound to a VM switch, then the PowerShell commands below will fail. In this case, you can either delete the existing VM switch (so that the commands below can create one), or you can reuse this VM switch by skipping the first command below and either modifying the second command to replace the switch name **AutopilotExternal** with the name of your switch, or by renaming your existing switch to "AutopilotExternal."
+>- If you have never created an external VM switch before, then just run the commands below.
+>- If you're not sure if you already have an External VM switch, enter **get-vmswitch** at a Windows PowerShell prompt to display a currently list of the VM switches that are provisioned in Hyper-V. If one of them is of SwitchType **External**, then you already have a VM switch configured on the server that is used to connect to the Internet. In this case, you need to skip the first command below and modify the others to use the name of your VM switch instead of the name "AutopilotExternal" (or change the name of your switch).
 
 ```powershell
 New-VMSwitch -Name AutopilotExternal -AllowManagementOS $true -NetAdapterName (Get-NetAdapter |?{$_.Status -eq "Up" -and !$_.Virtual}).Name
@@ -228,22 +229,27 @@ PS C:\autopilot&gt;
 ### Install Windows 10
 
 > [!NOTE]
-> The VM will be booted to gather a hardware ID, then it will be reset. The goal in the next few steps is to get to the desktop quickly so don't worry about how it is configured at this stage. The VM only needs to be connected to the Internet.
+> The VM will be booted to gather a hardware ID, then it will be reset. The goal in the next few steps is to get to the desktop quickly so don't worry about how it's configured at this stage. The VM only needs to be connected to the Internet.
 
-Ensure the VM booted from the installation ISO, click **Next** then click **Install now** and complete the Windows installation process. See the following examples:
+Ensure the VM booted from the installation ISO, select **Next** then select **Install now** and complete the Windows installation process. See the following examples:
 
    ![Windows setup example 1](images/winsetup1.png)
+
    ![Windows setup example 2](images/winsetup2.png)
+
    ![Windows setup example 3](images/winsetup3.png)
+
    ![Windows setup example 4](images/winsetup4.png)
+
    ![Windows setup example 5](images/winsetup5.png)
+
    ![Windows setup example 6](images/winsetup6.png)
 
 After the VM restarts, during OOBE, it's fine to select **Set up for personal use** or **Domain join instead** and then choose an offline account on the **Sign in** screen.  This will offer the fastest way to the desktop. For example:
 
    ![Windows setup example 7](images/winsetup7.png)
 
-Once the installation is complete, sign in and verify that you are at the Windows 10 desktop, then create your first Hyper-V checkpoint. Checkpoints are used to restore the VM to a previous state.
+Once the installation is complete, sign in and verify that you're at the Windows 10 desktop, then create your first Hyper-V checkpoint. Checkpoints are used to restore the VM to a previous state.
 
    > [!div class="mx-imgBorder"]
    > ![Windows setup example 8](images/winsetup8.png)
@@ -254,16 +260,16 @@ To create a checkpoint, open an elevated Windows PowerShell prompt on the comput
 Checkpoint-VM -Name WindowsAutopilot -SnapshotName "Finished Windows install"
 ```
 
-Click on the **WindowsAutopilot** VM in Hyper-V Manager and verify that you see **Finished Windows Install** listed in the Checkpoints pane.
+Select the **WindowsAutopilot** VM in Hyper-V Manager and verify that you see **Finished Windows Install** listed in the Checkpoints pane.
 
 ## Capture the hardware ID
 
 > [!NOTE]
-> Normally, the Device ID is captured by the OEM as they run the OA3 Tool on each device in the factory.  The OEM then submits the 4K HH created by the OA3 Tool to Microsoft by submitting it with a Computer Build Report (CBR).  For purposes of this lab, you are acting as the OEM (capturing the 4K HH), but you're not going to use the OA3 Tool to capture the full 4K HH for various reasons (you'd have to install the OA3 tool, your device couldn't have a volume license version of Windows, it's a more complicated process than using a PowerShell script, etc.).  Instead, you'll simulate running the OA3 tool by running a PowerShell script, which captures the device 4K HH just like the OA3 tool.
+> Normally, the Device ID is captured by the OEM as they run the OA3 Tool on each device in the factory.  The OEM then submits the 4K HH created by the OA3 Tool to Microsoft by submitting it with a Computer Build Report (CBR).  For purposes of this lab, you're acting as the OEM (capturing the 4K HH), but you're not going to use the OA3 Tool to capture the full 4K HH for various reasons (you'd have to install the OA3 tool, your device couldn't have a volume license version of Windows, it's a more complicated process than using a PowerShell script, etc.).  Instead, you'll simulate running the OA3 tool by running a PowerShell script, which captures the device 4K HH just like the OA3 tool.
 
 Follow these steps to run the PowerShell script:
 
-1. **On the client VM**: Open an elevated Windows PowerShell prompt and run the following commands. These commands are the same regardless of whether you are using a VM or a physical device:
+1. **On the client VM**: Open an elevated Windows PowerShell prompt and run the following commands. These commands are the same regardless of whether you're using a VM or a physical device:
 
     ```powershell
     md c:\HWID
@@ -274,7 +280,7 @@ Follow these steps to run the PowerShell script:
     Get-WindowsAutopilotInfo.ps1 -OutputFile AutopilotHWID.csv
     ```
 
-1. When you are prompted to install the NuGet package, choose **Yes**.
+1. When you're prompted to install the NuGet package, choose **Yes**.
 
    See the sample output below.  A **dir** command is issued at the end to show the file that was created.
 
@@ -320,11 +326,11 @@ Follow these steps to run the PowerShell script:
 1. Verify that there is an **AutopilotHWID.csv** file in the **c:\HWID** directory that is about 8 KB in size.  This file contains the complete 4K HH.
 
    > [!NOTE]
-   > Although the .csv extension might be associated with Microsoft Excel, you cannot view the file properly by double-clicking it. To correctly parse the comma delimiters and view the file in Excel, you must use the **Data** > **From Text/CSV** function in Excel to import the appropriate data columns. You don't need to view the file in Excel unless you are curious. The file format will be validated when it is imported into Autopilot. An example of the data in this file is shown below.
+   > Although the .csv extension might be associated with Microsoft Excel, you cannot view the file properly by double-clicking it. To correctly parse the comma delimiters and view the file in Excel, you must use the **Data** > **From Text/CSV** function in Excel to import the appropriate data columns. You don't need to view the file in Excel unless you're curious. The file format will be validated when it's imported into Autopilot. An example of the data in this file is shown below.
 
    ![Serial number and hardware hash](images/hwid.png)
 
-   You will need to upload this data into Intune to register your device for Autopilot, so the next step is to transfer this file to the computer you will use to access the Azure portal.  If you are using a physical device instead of a VM, you can copy the file to a USB stick.  If you’re using a VM, you can right-click the AutopilotHWID.csv file and copy it, then right-click and paste the file to your desktop (outside the VM).
+   You will need to upload this data into Intune to register your device for Autopilot, so the next step is to transfer this file to the computer you will use to access the Azure portal.  If you're using a physical device instead of a VM, you can copy the file to a USB stick.  If you’re using a VM, you can right-click the AutopilotHWID.csv file and copy it, then right-click and paste the file to your desktop (outside the VM).
 
    If you have trouble copying and pasting the file, just view the contents in Notepad on the VM and copy the text into Notepad outside the VM. Do not use another text editor to do this.
 
@@ -335,8 +341,8 @@ Follow these steps to run the PowerShell script:
 
 With the hardware ID captured in a file, prepare your Virtual Machine for Windows Autopilot deployment by resetting it back to OOBE.
 
-On the Virtual Machine, go to **Settings > Update & Security > Recovery** and click on **Get started** under **Reset this PC**.
-Select **Remove everything** and **Just remove my files**. If you are asked **How would you like to reinstall Windows**, select Local reinstall. Finally, click on **Reset**.
+On the Virtual Machine, go to **Settings > Update & Security > Recovery** and select **Get started** under **Reset this PC**.
+Select **Remove everything** and **Just remove my files**. If you're asked **How would you like to reinstall Windows**, select Local reinstall. Finally, select **Reset**.
 
 ![Reset this PC final prompt](images/autopilot-reset-prompt.jpg)
 
@@ -365,11 +371,11 @@ If you already have company branding configured in Azure Active Directory, you c
 > [!IMPORTANT]
 > Make sure to sign-in with a Global Administrator account.
 
-Navigate to [Company branding in Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/LoginTenantBranding), click on **Configure** and configure any type of company branding you'd like to see during the OOBE.
+Navigate to [Company branding in Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/LoginTenantBranding), select **Configure** and configure any type of company branding you'd like to see during the OOBE.
 
 ![Configure company branding](images/branding.png)
 
-When you are finished, click **Save**.
+When you're finished, select **Save**.
 
 > [!NOTE]
 > Changes to company branding can take up to 30 minutes to apply.
@@ -378,9 +384,9 @@ When you are finished, click **Save**.
 
 If you already have MDM auto-enrollment configured in Azure Active Directory, you can skip this step.
 
-Open [Mobility (MDM and MAM) in Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Mobility) and select **Microsoft Intune**. If you do not see Microsoft Intune, click **Add application** and choose **Intune**.
+Open [Mobility (MDM and MAM) in Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Mobility) and select **Microsoft Intune**. If you do not see Microsoft Intune, select **Add application** and choose **Intune**.
 
-For the purposes of this demo, select **All** under the **MDM user scope** and click **Save**.
+For the purposes of this demo, select **All** under the **MDM user scope** and select **Save**.
 
 ![MDM user scope in the Mobility blade](images/ap-aad-mdm.png)
 
@@ -403,9 +409,9 @@ Your VM (or device) can be registered either via Intune or Microsoft Store for B
 
     You should receive confirmation that the file is formatted correctly before uploading it, as shown above.
 
-3. Click **Import** and wait until the import process completes. This can take up to 15 minutes.
+3. Select **Import** and wait until the import process completes. This can take up to 15 minutes.
 
-4. Click **Refresh** to verify your VM or device has been added. See the following example.
+4. Select **Refresh** to verify your VM or device has been added. See the following example.
 
    ![Import HWID](images/enroll3.png)
 
@@ -428,7 +434,7 @@ Select **Manage** from the top menu, then click the **Windows Autopilot Deployme
 
 ![Microsoft Store for Business](images/msfb.png)
 
-Click the **Add devices** link to upload your CSV file. A message will appear indicating your request is being processed. Wait a few moments before refreshing to see your new device has been added.
+Select the **Add devices** link to upload your CSV file. A message will appear indicating your request is being processed. Wait a few moments before refreshing to see your new device has been added.
 
 ![Microsoft Store for Business Devices](images/msfb-device.png)
 
@@ -460,21 +466,21 @@ The Autopilot deployment profile wizard will ask for a device group, so we must
     3. Azure AD roles can be assigned to the group: **No**
     4. For **Membership type**, choose **Assigned**.
 
-3. Click **Members** and add the Autopilot VM to the group. See the following example:
+3. Select **Members** and add the Autopilot VM to the group. See the following example:
 
    > [!div class="mx-imgBorder"]
    > ![add members](images/group1.png)
 
-4. Click **Create**. 
+4. Select **Create**.
 
 #### Create the deployment profile
 
-To create a Windows Autopilot profile, scroll back to the left hand pane and click **Devices**, then under **Enroll devices | Windows enrollment** select **Deployment Profiles**.
+To create a Windows Autopilot profile, scroll back to the left hand pane and select **Devices**, then under **Enroll devices | Windows enrollment** select **Deployment Profiles**.
 
 > [!div class="mx-imgBorder"]
 > ![Deployment profiles](images/dp.png)
 
-Click on **Create profile** and then select **Windows PC**.
+Select **Create profile** and then select **Windows PC**.
 
 > [!div class="mx-imgBorder"]
 > ![Create deployment profile](images/create-profile.png)
@@ -487,7 +493,7 @@ On the **Create profile** blade, use the following values:
 | Description | Lab |
 | Convert all targeted devices to Autopilot | No |
 
-Click **Next** to continue with the **Out-of-box experience (OOBE)** settings:
+Select **Next** to continue with the **Out-of-box experience (OOBE)** settings:
 
 | Setting | Value |
 |---|---|
@@ -502,19 +508,19 @@ Click **Next** to continue with the **Out-of-box experience (OOBE)** settings:
 | Automatically configure keyboard | Yes |
 | Apply device name template | No |
 
-Click **Next** to continue with the **Assignments** settings:
+Select **Next** to continue with the **Assignments** settings:
 
 | Setting | Value |
 |---|---|
 | Assign to | Selected groups |
 
-1. Click **Select groups to include**.
-2. Click the **Autopilot Lab** group, and then click **Select**.
-3. Click **Next** to continue and then click **Create**. See the following example:
+1. Select **Select groups to include**.
+2. Select the **Autopilot Lab** group, and then choose **Select**.
+3. Select **Next** to continue, and then select **Create**. See the following example:
 
 ![Deployment profile](images/profile.png)
 
-Click on **OK** and then click on **Create**.
+Select **OK**, and then select **Create**.
 
 > [!NOTE]
 > If you want to add an app to your profile via Intune, the OPTIONAL steps for doing so can be found in [Appendix B: Adding apps to your profile](#appendix-b-adding-apps-to-your-profile).
@@ -527,11 +533,11 @@ A [video](https://www.youtube.com/watch?v=IpLIZU_j7Z0) is available that covers
 
 First, sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com/manage/dashboard) using the Intune account you initially created for this lab.
 
-Click **Manage** from the top menu, then click **Devices** from the left navigation tree.
+Select **Manage** from the top menu, then select **Devices** from the left navigation tree.
 
 ![MSfB manage](images/msfb-manage.png)
 
-Click the **Windows Autopilot Deployment Program** link in the **Devices** tile.
+Select the **Windows Autopilot Deployment Program** link in the **Devices** tile.
 
 To CREATE the profile:
 
@@ -545,7 +551,7 @@ On the Autopilot deployment dropdown menu, select **Create new profile**:
 > [!div class="mx-imgBorder"]
 > ![MSfB create step 2](images/msfb-create2.png)
 
-Name the profile, choose your desired settings, and then click **Create**:
+Name the profile, choose your desired settings, and then select **Create**:
 
 > [!div class="mx-imgBorder"]
 > ![MSfB create step 3](images/msfb-create3.png)
@@ -577,7 +583,7 @@ If you shut down your VM after the last reset, it's time to start it back up aga
 Also, make sure to wait at least 30 minutes from the time you've [configured company branding](#configure-company-branding), otherwise these changes might not show up.
 
 > [!TIP]
-> If you reset your device previously after collecting the 4K HH info, and then let it restart back to the first OOBE screen, then you might need to restart the device again to ensure the device is recognized as an Autopilot device and displays the Autopilot OOBE experience you're expecting.  If you do not see the Autopilot OOBE experience, then reset the device again (Settings > Update & Security > Recovery and click on Get started.  Under Reset this PC, select Remove everything and Just remove my files. Click on Reset).
+> If you reset your device previously after collecting the 4K HH info, and then let it restart back to the first OOBE screen, then you might need to restart the device again to ensure the device is recognized as an Autopilot device and displays the Autopilot OOBE experience you're expecting.  If you do not see the Autopilot OOBE experience, then reset the device again (**Settings** > **Update & Security** > **Recovery** and select **Get started**.  Under **Reset this PC**, select **Remove everything and Just remove my files**. Select **Reset**).
 
 - Ensure your device has an internet connection.
 - Turn on the device
@@ -603,7 +609,7 @@ To use the device (or VM) for other purposes after completion of this lab, you w
 
 ### Delete (deregister) Autopilot device
 
-You need to delete (or retire, or factory reset) the device from Intune before deregistering the device from Autopilot. To delete the device from Intune (not Azure Active Directory), log into the MEM admin center, then navigate to **Intune > Devices > All Devices**.  Select the device you want to delete, then click the Delete button along the top menu.
+You need to delete (or retire, or factory reset) the device from Intune before deregistering the device from Autopilot. To delete the device from Intune (not Azure Active Directory), log into the MEM admin center, then navigate to **Intune > Devices > All Devices**.  Select the device you want to delete, then select the **Delete** button along the top menu.
 
 > [!div class="mx-imgBorder"]
 > ![Delete device step 1](images/delete-device1.png)
@@ -615,16 +621,16 @@ The **Intune > Devices > All Devices** list and the **Intune > Device Enrollment
 > [!NOTE]
 > A device will only appear in the All devices list once it has booted.  The latter (**Windows Autopilot Deployment Program** > **Devices**) is the list of devices currently registered from that Intune account into the Autopilot program - which may or may not be enrolled to Intune.
 
-To remove the device from the Autopilot program, select the device and click **Delete**. You will get a popup dialog box to confirm deletion.
+To remove the device from the Autopilot program, select the device, and then select **Delete**. You will get a popup dialog box to confirm deletion.
 
 > [!div class="mx-imgBorder"]
 > ![Delete device](images/delete-device2.png)
 
-At this point, your device has been unenrolled from Intune and also deregistered from Autopilot.  After several minutes, click the **Sync** button, followed by the **Refresh** button to confirm the device is no longer listed in the Autopilot program:
+At this point, your device has been unenrolled from Intune and also deregistered from Autopilot.  After several minutes, select the **Sync** button, followed by the **Refresh** button to confirm the device is no longer listed in the Autopilot program:
 
-Once the device no longer appears, you are free to reuse it for other purposes.
+Once the device no longer appears, you're free to reuse it for other purposes.
 
-If you also (optionally) want to remove your device from AAD, navigate to **Azure Active Directory > Devices > All Devices**, select your device, and click the delete button:
+If you also (optionally) want to remove your device from AAD, navigate to **Azure Active Directory > Devices > All Devices**, select your device, and then select the **Delete** button:
 
 ## Appendix A: Verify support for Hyper-V
 
@@ -702,7 +708,7 @@ Under **App Type**, select **Windows app (Win32)**:
 
 ![Add app step 2](images/app03.png)
 
-On the **App package file** blade, browse to the **npp.7.6.3.installer.x64.intunewin** file in your output folder, open it, then click **OK**:
+On the **App package file** blade, browse to the **npp.7.6.3.installer.x64.intunewin** file in your output folder, open it, then select **OK**:
 
 > [!div class="mx-imgBorder"]
 > ![Add app step 3](images/app04.png)
@@ -725,7 +731,7 @@ Uninstall:  msiexec /x "{F188A506-C3C6-4411-BE3A-DA5BF1EA6737}" /q
 
 Simply using an install command like "notepad++.exe /S" will not actually install Notepad++; it will only launch the app.  To actually install the program, we need to use the .msi file instead.  Notepad++ doesn't actually have an .msi version of their program, but we got an .msi version from a [third party provider](https://www.hass.de/content/notepad-msi-package-enterprise-deployment-available).
 
-Click **OK** to save your input and activate the **Requirements** blade.
+Select **OK** to save your input and activate the **Requirements** blade.
 
 On the **Requirements Configuration** blade, specify the **OS architecture** and the **Minimum OS version**:
 
@@ -737,22 +743,22 @@ Next, configure the **Detection rules**.  For our purposes, we will select manua
 > [!div class="mx-imgBorder"]
 > ![Add app step 7](images/app08.png)
 
-Click **Add** to define the rule properties.  For **Rule type**, select **MSI**, which will automatically import the right MSI product code into the rule:
+Select **Add** to define the rule properties.  For **Rule type**, select **MSI**, which will automatically import the right MSI product code into the rule:
 
 ![Add app step 8](images/app09.png)
 
-Click **OK** twice to save, as you back out to the main **Add app** blade again for the final configuration.
+Select **OK** twice to save, as you back out to the main **Add app** blade again for the final configuration.
 
 **Return codes**:  For our purposes, leave the return codes at their default values:
 
 > [!div class="mx-imgBorder"]
 > ![Add app step 9](images/app10.png)
 
-Click **OK** to exit.
+Select **OK** to exit.
 
 You may skip configuring the final **Scope (Tags)** blade.
 
-Click the **Add** button to finalize and save your app package.
+Select the **Add** button to finalize and save your app package.
 
 Once the indicator message says the addition has completed.
 
@@ -769,7 +775,7 @@ You will be able to find your app in your app list:
 > [!NOTE]
 > The following steps only work if you previously [created a GROUP in Intune and assigned a profile to it](#create-a-device-group).  If you have not done that, please return to the main part of the lab and complete those steps before returning here.
 
-In the **Intune > Client Apps > Apps** pane, select the app package you already created to reveal its properties blade.  Then click **Assignments** from the menu:
+In the **Intune > Client Apps > Apps** pane, select the app package you already created to reveal its properties blade.  Then select **Assignments** from the menu:
 
 > [!div class="mx-imgBorder"]
 > ![Assign app step 1](images/app13.png)
@@ -788,7 +794,7 @@ Select **Included Groups** and assign the groups you previously created that wil
 > [!div class="mx-imgBorder"]
 > ![Assign app step 3](images/app15.png)
 
-In the **Select groups** pane, click the **Select** button.
+In the **Select groups** pane, choose the **Select** button.
 
 In the **Assign group** pane, select **OK**.
 
@@ -809,7 +815,7 @@ For more information on adding apps to Intune, see [Intune Standalone - Win32 ap
 
 Log into the Azure portal and select **Intune**.
 
-Navigate to **Intune > Clients apps > Apps**, and then click the **Add** button to create a new app package.
+Navigate to **Intune > Clients apps > Apps**, and then select the **Add** button to create a new app package.
 
 ![Create app step 1](images/app17.png)
 
@@ -822,29 +828,29 @@ Under the **Configure App Suite** pane, select the Office apps you want to insta
 > [!div class="mx-imgBorder"]
 > ![Create app step 3](images/app19.png)
 
-Click **OK**.
+Select **OK**.
 
 In the **App Suite Information** pane, enter a <i>unique</i> suite name, and a suitable description.
 
-Enter the name of the app suite as it is displayed in the company portal. Make sure that all suite names that you use are unique. If the same app suite name exists twice, only one of the apps is displayed to users in the company portal.
+Enter the name of the app suite as it's displayed in the company portal. Make sure that all suite names that you use are unique. If the same app suite name exists twice, only one of the apps is displayed to users in the company portal.
 
 > [!div class="mx-imgBorder"]
 > ![Create app step 4](images/app20.png)
 
-Click **OK**.
+Select **OK**.
 
 In the **App Suite Settings** pane, select **Monthly** for the **Update channel** (any selection would be fine for the purposes of this lab).  Also select **Yes** for **Automatically accept the app end user license agreement**:
 
 ![Create app step 5](images/app21.png)
 
-Click **OK** and then click **Add**.
+Select **OK** and, then select **Add**.
 
 #### Assign the app to your Intune profile
 
 > [!NOTE]
 > The following steps only work if you previously [created a GROUP in Intune and assigned a profile to it](#create-a-device-group).  If you have not done that, please return to the main part of the lab and complete those steps before returning here.
 
-In the **Intune > Client Apps > Apps** pane, select the Office package you already created to reveal its properties blade.  Then click **Assignments** from the menu:
+In the **Intune > Client Apps > Apps** pane, select the Office package you already created to reveal its properties blade.  Then select **Assignments** from the menu:
 
 > [!div class="mx-imgBorder"]
 > ![Create app step 6](images/app22.png)
@@ -862,7 +868,7 @@ Select **Included Groups** and assign the groups you previously created that wil
 > [!div class="mx-imgBorder"]
 > ![Create app step 8](images/app24.png)
 
-In the **Select groups** pane, click the **Select** button.
+In the **Select groups** pane, choose the **Select** button.
 
 In the **Assign group** pane, select **OK**.
 

From 5f0645961045c10b9ae45522e566a6e33d73f0f6 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 19 Aug 2021 10:03:12 -0700
Subject: [PATCH 005/671] new landing

---
 windows/security/index.yml | 46 +++++++++++++++++++++++++++++---------
 1 file changed, 36 insertions(+), 10 deletions(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 83e7dcbb53..29ac6d128a 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -1,38 +1,64 @@
 ### YamlMime:Hub
 
 title: Windows 10 Enterprise Security # < 60 chars
-summary: Secure corporate data and manage risk. # < 160 chars
+summary: Security from chip to cloud. # < 160 chars
 # brand: aspnet | azure | dotnet | dynamics | m365 | ms-graph | office | power-bi | power-platform | sql | sql-server | vs | visual-studio | windows | xamarin
 brand: windows
 
 metadata:
   title: Windows 10 Enterprise Security # Required; page title displayed in search results. Include the brand. < 60 chars.
-  description: Learn about enterprise-grade security features for Windows 10. # Required; article description that is displayed in search results. < 160 chars.
+  description: Learn about enterprise-grade security features in Windows 10 and Windows 11. # Required; article description that is displayed in search results. < 160 chars.
   services: windows
   ms.product: windows
   ms.topic: hub-page # Required
   ms.collection: M365-security-compliance # Optional; Remove if no collection is used.
   author: dansimp #Required; your GitHub user alias, with correct capitalization.
   ms.author: dansimp #Required; microsoft alias of author; optional team alias.
-  ms.date: 01/08/2018 #Required; mm/dd/yyyy format.
+  ms.date: 09/30/2021 #Required; mm/dd/yyyy format.
   ms.localizationpriority: high
 
 # productDirectory section (optional)
 productDirectory:
   items:
     # Card
-    - title: Identity and access management
+    - title: Security foundation
+      imageSrc: https://docs.microsoft.com/media/common/i_information-protection.svg
+      summary: Security assurances and certifications
+      url: ./information-protection/index.md
+
+    # Card
+    - title: Hardware security
       # imageSrc should be square in ratio with no whitespace
       imageSrc: https://docs.microsoft.com/media/common/i_identity-protection.svg
-      summary: Deploy secure enterprise-grade authentication and access control to protect accounts and data
+      summary: Hardware root of trust and silicon-assisted security
       url: ./identity-protection/index.md
     # Card
-    - title: Threat protection
+    - title: Operating system protection
       imageSrc: https://docs.microsoft.com/media/common/i_threat-protection.svg
-      summary: Stop cyberthreats and quickly identify and respond to breaches
+      summary: Windows security enhancements
       url: ./threat-protection/index.md
     # Card
-    - title: Information protection
+    - title: Threat protection
       imageSrc: https://docs.microsoft.com/media/common/i_information-protection.svg
-      summary: Identify and secure critical data to prevent data loss
-      url: ./information-protection/index.md
\ No newline at end of file
+      summary: Protection from external attacks and threats
+      url: ./information-protection/index.md
+    # Card
+    - title: Application protection
+      imageSrc: https://docs.microsoft.com/media/common/i_information-protection.svg
+      summary: App protections
+      url: ./information-protection/index.md
+    # Card
+    - title: User protection
+      imageSrc: https://docs.microsoft.com/media/common/i_information-protection.svg
+      summary: Protecting your users
+      url: ./information-protection/index.md
+    # Card
+    - title: Privacy controls
+      imageSrc: https://docs.microsoft.com/media/common/i_information-protection.svg
+      summary: Manage your privacy settings
+      url: ./information-protection/index.md
+    # Card
+    - title: Cloud security
+      imageSrc: https://docs.microsoft.com/media/common/i_information-protection.svg
+      summary: Additional cloud-based security and management solutions
+      url: ./information-protection/index.md

From f5cebb67e82a1893f586feaabf0f02709fa48561 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 19 Aug 2021 10:35:09 -0700
Subject: [PATCH 006/671] more

---
 windows/security/security-foundation/TOC.yml  |  9 +++++
 .../security/security-foundation/index.yml    | 39 +++++++++++++++++++
 2 files changed, 48 insertions(+)
 create mode 100644 windows/security/security-foundation/TOC.yml
 create mode 100644 windows/security/security-foundation/index.yml

diff --git a/windows/security/security-foundation/TOC.yml b/windows/security/security-foundation/TOC.yml
new file mode 100644
index 0000000000..70e61e303f
--- /dev/null
+++ b/windows/security/security-foundation/TOC.yml
@@ -0,0 +1,9 @@
+- name: Security
+  href: index.yml
+  items: 
+    - name: Identity and access management
+      href: identity-protection/index.md
+    - name: Information protection
+      href: information-protection/index.md
+    - name: Threat protection
+      href: threat-protection/index.md
diff --git a/windows/security/security-foundation/index.yml b/windows/security/security-foundation/index.yml
new file mode 100644
index 0000000000..97eae49e18
--- /dev/null
+++ b/windows/security/security-foundation/index.yml
@@ -0,0 +1,39 @@
+### YamlMime:Landing
+
+title: Windows security foundation # < 60 chars
+summary: Learn about Windows security foundations.  # < 160 chars
+
+metadata:
+  title: Windows security foundation # Required; page title displayed in search results. Include the brand. < 60 chars.
+  description: Learn about Windows security foundation # Required; article description that is displayed in search results. < 160 chars.
+  ms.topic: landing-page # Required
+  ms.collection: m365-security-compliance
+  author: dansimp #Required; your GitHub user alias, with correct capitalization.
+  ms.author: dansimp #Required; microsoft alias of author; optional team alias.
+  ms.date: 09/30/2021 #Required; mm/dd/yyyy format.
+  localization_priority: Priority
+    
+# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
+
+landingContent:
+# Cards and links should be based on top customer tasks or top subjects
+# Start card title with a verb
+  # Card (optional)
+  - title: Security assurance
+    linkLists:
+      - linkListType: overview
+        links:
+          - text: Microsoft Security Development Lifecycle (SDL)
+            url:  /previous-versions/windows/desktop/cc307891(v=msdn.10)
+          - text: Microsoft bounty program
+            url: https://www.microsoft.com/msrc/bounty
+  # Card
+  - title: Certifications
+    linkLists:
+      - linkListType: overview
+        links:
+          - text: Federal Information Processing Standard (FIPS) 140 Validation
+            url: /windows/security/threat-protection/fips-140-validation
+          - text: Common Criteria Certifications
+            url: /windows/security/threat-protection/windows-platform-common-criteria
+ 
\ No newline at end of file

From 3ee4d7320172bb61dad3da1466c84c5ad5a9160d Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 19 Aug 2021 10:45:48 -0700
Subject: [PATCH 007/671] new toc

---
 windows/security/security-foundation/TOC.yml | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/windows/security/security-foundation/TOC.yml b/windows/security/security-foundation/TOC.yml
index 70e61e303f..e52bc796f3 100644
--- a/windows/security/security-foundation/TOC.yml
+++ b/windows/security/security-foundation/TOC.yml
@@ -1,9 +1,8 @@
-- name: Security
+- name: Security foundation
   href: index.yml
   items: 
-    - name: Identity and access management
-      href: identity-protection/index.md
-    - name: Information protection
-      href: information-protection/index.md
-    - name: Threat protection
-      href: threat-protection/index.md
+    - name: FIPS 140-2 Validation
+      href: /windows/security/threat-protection/fips-140-validation.md
+    - name: Common Criteria Certifications
+      href: /windows/security/threat-protection/windows-platform-common-criteria.md
+

From de0651579c191a6482de2d5ff59c35c9b7b8a6b2 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 19 Aug 2021 11:13:41 -0700
Subject: [PATCH 008/671] one big TOC

---
 windows/security/TOC.yml   | 22 ++++++---
 windows/security/index.yml | 94 +++++++++++++++-----------------------
 2 files changed, 52 insertions(+), 64 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 70e61e303f..818858dece 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -1,9 +1,17 @@
-- name: Security
+
+- name: Windows security foundation
   href: index.yml
+  expanded: true
   items: 
-    - name: Identity and access management
-      href: identity-protection/index.md
-    - name: Information protection
-      href: information-protection/index.md
-    - name: Threat protection
-      href: threat-protection/index.md
+    - name: FIPS 140-2 Validation
+      href: /windows/security/threat-protection/fips-140-validation.md
+    - name: Common Criteria Certifications
+      href: /windows/security/threat-protection/windows-platform-common-criteria.md
+- name: Windows hardware Security
+  items: 
+    - name: Trusted Platform Module (TPM) overview
+      href: /windows/security/information-protection/tpm/trusted-platform-module-overview.md
+    - name: Protect derived domain credentials with Windows Defender Credential Guard
+      href: /windows/security/identity-protection/credential-guard/credential-guard.md
+    - name: Kernel DMA Protection
+      href: /windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
\ No newline at end of file
diff --git a/windows/security/index.yml b/windows/security/index.yml
index 29ac6d128a..0e1f888e64 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -1,64 +1,44 @@
-### YamlMime:Hub
+### YamlMime:Landing
 
-title: Windows 10 Enterprise Security # < 60 chars
-summary: Security from chip to cloud. # < 160 chars
-# brand: aspnet | azure | dotnet | dynamics | m365 | ms-graph | office | power-bi | power-platform | sql | sql-server | vs | visual-studio | windows | xamarin
-brand: windows
+title: Windows security # < 60 chars
+summary: Learn about Windows security from chip to cloud.  # < 160 chars
 
 metadata:
-  title: Windows 10 Enterprise Security # Required; page title displayed in search results. Include the brand. < 60 chars.
-  description: Learn about enterprise-grade security features in Windows 10 and Windows 11. # Required; article description that is displayed in search results. < 160 chars.
-  services: windows
-  ms.product: windows
-  ms.topic: hub-page # Required
-  ms.collection: M365-security-compliance # Optional; Remove if no collection is used.
+  title: Windows security # Required; page title displayed in search results. Include the brand. < 60 chars.
+  description: Learn about Windows security # Required; article description that is displayed in search results. < 160 chars.
+  ms.topic: landing-page # Required
+  ms.collection: m365-security-compliance
   author: dansimp #Required; your GitHub user alias, with correct capitalization.
   ms.author: dansimp #Required; microsoft alias of author; optional team alias.
   ms.date: 09/30/2021 #Required; mm/dd/yyyy format.
-  ms.localizationpriority: high
+  localization_priority: Priority
+    
+# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
 
-# productDirectory section (optional)
-productDirectory:
-  items:
-    # Card
-    - title: Security foundation
-      imageSrc: https://docs.microsoft.com/media/common/i_information-protection.svg
-      summary: Security assurances and certifications
-      url: ./information-protection/index.md
-
-    # Card
-    - title: Hardware security
-      # imageSrc should be square in ratio with no whitespace
-      imageSrc: https://docs.microsoft.com/media/common/i_identity-protection.svg
-      summary: Hardware root of trust and silicon-assisted security
-      url: ./identity-protection/index.md
-    # Card
-    - title: Operating system protection
-      imageSrc: https://docs.microsoft.com/media/common/i_threat-protection.svg
-      summary: Windows security enhancements
-      url: ./threat-protection/index.md
-    # Card
-    - title: Threat protection
-      imageSrc: https://docs.microsoft.com/media/common/i_information-protection.svg
-      summary: Protection from external attacks and threats
-      url: ./information-protection/index.md
-    # Card
-    - title: Application protection
-      imageSrc: https://docs.microsoft.com/media/common/i_information-protection.svg
-      summary: App protections
-      url: ./information-protection/index.md
-    # Card
-    - title: User protection
-      imageSrc: https://docs.microsoft.com/media/common/i_information-protection.svg
-      summary: Protecting your users
-      url: ./information-protection/index.md
-    # Card
-    - title: Privacy controls
-      imageSrc: https://docs.microsoft.com/media/common/i_information-protection.svg
-      summary: Manage your privacy settings
-      url: ./information-protection/index.md
-    # Card
-    - title: Cloud security
-      imageSrc: https://docs.microsoft.com/media/common/i_information-protection.svg
-      summary: Additional cloud-based security and management solutions
-      url: ./information-protection/index.md
+landingContent:
+# Cards and links should be based on top customer tasks or top subjects
+# Start card title with a verb
+  # Card (optional)
+  - title: Security foundations
+    linkLists:
+      - linkListType: overview
+        links:
+          - text: Federal Information Processing Standard (FIPS) 140 Validation
+            url: /windows/security/threat-protection/fips-140-validation
+          - text: Common Criteria Certifications
+            url: /windows/security/threat-protection/windows-platform-common-criteria
+          - text: Microsoft Security Development Lifecycle (SDL)
+            url:  /previous-versions/windows/desktop/cc307891(v=msdn.10)
+          - text: Microsoft bounty program
+            url: https://www.microsoft.com/msrc/bounty
+  # Card (optional)
+  - title: Hardware security
+    linkLists:
+      - linkListType: overview
+        links:
+         - name: Trusted Platform Module (TPM) overview
+           href: /windows/security/information-protection/tpm/trusted-platform-module-overview.md
+         - name: Protect derived domain credentials with Windows Defender Credential Guard
+           href: /windows/security/identity-protection/credential-guard/credential-guard.md
+         - name: Kernel DMA Protection
+           href: /windows/security/information-protection/kernel-dma-protection-for-thunderbolt.m
\ No newline at end of file

From 49a29668dc3cda2dde74b920317854a71110a8e2 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 19 Aug 2021 11:19:38 -0700
Subject: [PATCH 009/671] fixing build issues

---
 windows/security/index.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 0e1f888e64..aca0718a29 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -24,9 +24,9 @@ landingContent:
       - linkListType: overview
         links:
           - text: Federal Information Processing Standard (FIPS) 140 Validation
-            url: /windows/security/threat-protection/fips-140-validation
+            url: /windows/security/threat-protection/fips-140-validation.md
           - text: Common Criteria Certifications
-            url: /windows/security/threat-protection/windows-platform-common-criteria
+            url: /windows/security/threat-protection/windows-platform-common-criteria.md
           - text: Microsoft Security Development Lifecycle (SDL)
             url:  /previous-versions/windows/desktop/cc307891(v=msdn.10)
           - text: Microsoft bounty program
@@ -41,4 +41,4 @@ landingContent:
          - name: Protect derived domain credentials with Windows Defender Credential Guard
            href: /windows/security/identity-protection/credential-guard/credential-guard.md
          - name: Kernel DMA Protection
-           href: /windows/security/information-protection/kernel-dma-protection-for-thunderbolt.m
\ No newline at end of file
+           href: /windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
\ No newline at end of file

From d7b21ad9297c397a5c555bd129dc4b5ca4577b83 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 19 Aug 2021 11:20:13 -0700
Subject: [PATCH 010/671] rm

---
 windows/security/security-foundation/TOC.yml  |  8 ----
 .../security/security-foundation/index.yml    | 39 -------------------
 2 files changed, 47 deletions(-)
 delete mode 100644 windows/security/security-foundation/TOC.yml
 delete mode 100644 windows/security/security-foundation/index.yml

diff --git a/windows/security/security-foundation/TOC.yml b/windows/security/security-foundation/TOC.yml
deleted file mode 100644
index e52bc796f3..0000000000
--- a/windows/security/security-foundation/TOC.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-- name: Security foundation
-  href: index.yml
-  items: 
-    - name: FIPS 140-2 Validation
-      href: /windows/security/threat-protection/fips-140-validation.md
-    - name: Common Criteria Certifications
-      href: /windows/security/threat-protection/windows-platform-common-criteria.md
-
diff --git a/windows/security/security-foundation/index.yml b/windows/security/security-foundation/index.yml
deleted file mode 100644
index 97eae49e18..0000000000
--- a/windows/security/security-foundation/index.yml
+++ /dev/null
@@ -1,39 +0,0 @@
-### YamlMime:Landing
-
-title: Windows security foundation # < 60 chars
-summary: Learn about Windows security foundations.  # < 160 chars
-
-metadata:
-  title: Windows security foundation # Required; page title displayed in search results. Include the brand. < 60 chars.
-  description: Learn about Windows security foundation # Required; article description that is displayed in search results. < 160 chars.
-  ms.topic: landing-page # Required
-  ms.collection: m365-security-compliance
-  author: dansimp #Required; your GitHub user alias, with correct capitalization.
-  ms.author: dansimp #Required; microsoft alias of author; optional team alias.
-  ms.date: 09/30/2021 #Required; mm/dd/yyyy format.
-  localization_priority: Priority
-    
-# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
-
-landingContent:
-# Cards and links should be based on top customer tasks or top subjects
-# Start card title with a verb
-  # Card (optional)
-  - title: Security assurance
-    linkLists:
-      - linkListType: overview
-        links:
-          - text: Microsoft Security Development Lifecycle (SDL)
-            url:  /previous-versions/windows/desktop/cc307891(v=msdn.10)
-          - text: Microsoft bounty program
-            url: https://www.microsoft.com/msrc/bounty
-  # Card
-  - title: Certifications
-    linkLists:
-      - linkListType: overview
-        links:
-          - text: Federal Information Processing Standard (FIPS) 140 Validation
-            url: /windows/security/threat-protection/fips-140-validation
-          - text: Common Criteria Certifications
-            url: /windows/security/threat-protection/windows-platform-common-criteria
- 
\ No newline at end of file

From fb6fc95b75a994efa5a2f8be614909bc7bd58df6 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 19 Aug 2021 11:23:32 -0700
Subject: [PATCH 011/671] url

---
 windows/security/index.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index aca0718a29..ee8986dea8 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -28,7 +28,7 @@ landingContent:
           - text: Common Criteria Certifications
             url: /windows/security/threat-protection/windows-platform-common-criteria.md
           - text: Microsoft Security Development Lifecycle (SDL)
-            url:  /previous-versions/windows/desktop/cc307891(v=msdn.10)
+            url: /previous-versions/windows/desktop/cc307891(v=msdn.10)
           - text: Microsoft bounty program
             url: https://www.microsoft.com/msrc/bounty
   # Card (optional)
@@ -37,8 +37,8 @@ landingContent:
       - linkListType: overview
         links:
          - name: Trusted Platform Module (TPM) overview
-           href: /windows/security/information-protection/tpm/trusted-platform-module-overview.md
+           url: /windows/security/information-protection/tpm/trusted-platform-module-overview.md
          - name: Protect derived domain credentials with Windows Defender Credential Guard
-           href: /windows/security/identity-protection/credential-guard/credential-guard.md
+           url: /windows/security/identity-protection/credential-guard/credential-guard.md
          - name: Kernel DMA Protection
-           href: /windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
\ No newline at end of file
+           url: /windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
\ No newline at end of file

From b8c9dd3dba72cb7002e3fb1a802ddb427e583ff0 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 19 Aug 2021 11:28:22 -0700
Subject: [PATCH 012/671] t

---
 windows/security/index.yml | 13 +------------
 1 file changed, 1 insertion(+), 12 deletions(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index ee8986dea8..86e84caf8f 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -30,15 +30,4 @@ landingContent:
           - text: Microsoft Security Development Lifecycle (SDL)
             url: /previous-versions/windows/desktop/cc307891(v=msdn.10)
           - text: Microsoft bounty program
-            url: https://www.microsoft.com/msrc/bounty
-  # Card (optional)
-  - title: Hardware security
-    linkLists:
-      - linkListType: overview
-        links:
-         - name: Trusted Platform Module (TPM) overview
-           url: /windows/security/information-protection/tpm/trusted-platform-module-overview.md
-         - name: Protect derived domain credentials with Windows Defender Credential Guard
-           url: /windows/security/identity-protection/credential-guard/credential-guard.md
-         - name: Kernel DMA Protection
-           url: /windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
\ No newline at end of file
+            url: https://www.microsoft.com/msrc/bounty
\ No newline at end of file

From 326837bfb85dfa32a838f59d9c1f508751347800 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 19 Aug 2021 11:36:47 -0700
Subject: [PATCH 013/671] testing

---
 windows/security/index.yml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 86e84caf8f..74890e02e3 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -17,6 +17,21 @@ metadata:
 
 landingContent:
 # Cards and links should be based on top customer tasks or top subjects
+# Start card title with a verb
+  # Card (optional)
+  - title: Security foundations
+    linkLists:
+      - linkListType: overview
+        links:
+          - text: Federal Information Processing Standard (FIPS) 140 Validation
+            url: /windows/security/threat-protection/fips-140-validation.md
+          - text: Common Criteria Certifications
+            url: /windows/security/threat-protection/windows-platform-common-criteria.md
+          - text: Microsoft Security Development Lifecycle (SDL)
+            url: /previous-versions/windows/desktop/cc307891(v=msdn.10)
+          - text: Microsoft bounty program
+            url: https://www.microsoft.com/msrc/bounty
+# Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)
   - title: Security foundations

From c0d3a328ddc11d8d8211321be73d4e3876a237fb Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 19 Aug 2021 11:53:30 -0700
Subject: [PATCH 014/671] adding more toc...

---
 windows/security/TOC.yml   | 48 ++++++++++++++++++++++++++++++++++----
 windows/security/index.yml | 25 +++++++++++++-------
 2 files changed, 59 insertions(+), 14 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 818858dece..99d00bd691 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -1,17 +1,55 @@
 
-- name: Windows security foundation
+- name: Windows security
   href: index.yml
   expanded: true
+- name: Windows security foundations
   items: 
     - name: FIPS 140-2 Validation
       href: /windows/security/threat-protection/fips-140-validation.md
     - name: Common Criteria Certifications
       href: /windows/security/threat-protection/windows-platform-common-criteria.md
-- name: Windows hardware Security
+- name: Windows hardware security
   items: 
-    - name: Trusted Platform Module (TPM) overview
-      href: /windows/security/information-protection/tpm/trusted-platform-module-overview.md
+    - name: Trusted Platform Module
+      href: tpm/trusted-platform-module-top-node.md
+      items: 
+        - name: Trusted Platform Module Overview
+          href: tpm/trusted-platform-module-overview.md
+        - name: TPM fundamentals
+          href: tpm/tpm-fundamentals.md
+        - name: How Windows 10 uses the TPM
+          href: tpm/how-windows-uses-the-tpm.md
+        - name: TPM Group Policy settings
+          href: tpm/trusted-platform-module-services-group-policy-settings.md
+        - name: Back up the TPM recovery information to AD DS
+          href: tpm/backup-tpm-recovery-information-to-ad-ds.md
+        - name: View status, clear, or troubleshoot the TPM
+          href: tpm/initialize-and-configure-ownership-of-the-tpm.md
+        - name: Understanding PCR banks on TPM 2.0 devices
+          href: tpm/switch-pcr-banks-on-tpm-2-0-devices.md
+        - name: TPM recommendations
+          href: tpm/tpm-recommendations.md
     - name: Protect derived domain credentials with Windows Defender Credential Guard
       href: /windows/security/identity-protection/credential-guard/credential-guard.md
     - name: Kernel DMA Protection
-      href: /windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
\ No newline at end of file
+      href: /windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
+- name: Windows operating system security
+  items: 
+   - name: system security
+     items:
+     - name: Secure the Windows 10 boot process
+       href: secure-the-windows-10-boot-process.md
+   - name: Encryption and data protection
+     items:
+     - name: Bitlocker 
+       href: information-protection/bitlocker/bitlocker-overview.md
+   - name: Network security
+     items:
+     - name: VPN 
+       href: identity-protection/vpn/vpn-guide.md
+     - name: Windows Defender Firewall
+       href: threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
+- name: Windows threat protection
+  items: 
+    - name: Microsoft Defender Antivirus
+      href: /microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows.md
\ No newline at end of file
diff --git a/windows/security/index.yml b/windows/security/index.yml
index 74890e02e3..4c3fe7d66c 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -34,15 +34,22 @@ landingContent:
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)
-  - title: Security foundations
+  - title: Hardware security
     linkLists:
       - linkListType: overview
         links:
-          - text: Federal Information Processing Standard (FIPS) 140 Validation
-            url: /windows/security/threat-protection/fips-140-validation.md
-          - text: Common Criteria Certifications
-            url: /windows/security/threat-protection/windows-platform-common-criteria.md
-          - text: Microsoft Security Development Lifecycle (SDL)
-            url: /previous-versions/windows/desktop/cc307891(v=msdn.10)
-          - text: Microsoft bounty program
-            url: https://www.microsoft.com/msrc/bounty
\ No newline at end of file
+        - name: Trusted Platform Module
+          url: tpm/trusted-platform-module-top-node.md
+        - name: Kernel DMA Protection
+          href: information-protection/kernel-dma-protection-for-thunderbolt.md
+# Cards and links should be based on top customer tasks or top subjects
+# Start card title with a verb
+  # Card (optional)
+  - title: Operating system security
+    linkLists:
+      - linkListType: overview
+        links:
+        - name: Secure the Windows boot process
+          url: information-protection/secure-the-windows-10-boot-process.md
+        - name: Configure S/MIME for Windows 10
+          url: identity-protection/configure-s-mime.md
\ No newline at end of file

From e1f59479bbcefdb167f347e225087986d6fe1deb Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 19 Aug 2021 12:04:14 -0700
Subject: [PATCH 015/671] fixing

---
 windows/security/TOC.yml   | 22 +++++++++++-----------
 windows/security/index.yml |  8 ++++----
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 99d00bd691..f3f4538b86 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -11,24 +11,24 @@
 - name: Windows hardware security
   items: 
     - name: Trusted Platform Module
-      href: tpm/trusted-platform-module-top-node.md
+      href: /windows/security/information-protection/tpm/trusted-platform-module-top-node.md
       items: 
         - name: Trusted Platform Module Overview
-          href: tpm/trusted-platform-module-overview.md
+          href: /windows/security/information-protection/tpm/trusted-platform-module-overview.md
         - name: TPM fundamentals
-          href: tpm/tpm-fundamentals.md
+          href: /windows/security/information-protection/tpm/tpm-fundamentals.md
         - name: How Windows 10 uses the TPM
-          href: tpm/how-windows-uses-the-tpm.md
+          href: /windows/security/information-protection/tpm/how-windows-uses-the-tpm.md
         - name: TPM Group Policy settings
-          href: tpm/trusted-platform-module-services-group-policy-settings.md
+          href: /windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
         - name: Back up the TPM recovery information to AD DS
-          href: tpm/backup-tpm-recovery-information-to-ad-ds.md
+          href: /windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md
         - name: View status, clear, or troubleshoot the TPM
-          href: tpm/initialize-and-configure-ownership-of-the-tpm.md
+          href: /windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
         - name: Understanding PCR banks on TPM 2.0 devices
-          href: tpm/switch-pcr-banks-on-tpm-2-0-devices.md
+          href: /windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
         - name: TPM recommendations
-          href: tpm/tpm-recommendations.md
+          href: /windows/security/information-protection/tpm/tpm-recommendations.md
     - name: Protect derived domain credentials with Windows Defender Credential Guard
       href: /windows/security/identity-protection/credential-guard/credential-guard.md
     - name: Kernel DMA Protection
@@ -38,11 +38,11 @@
    - name: system security
      items:
      - name: Secure the Windows 10 boot process
-       href: secure-the-windows-10-boot-process.md
+       href: /windows/security/information-protection/secure-the-windows-10-boot-process.md
    - name: Encryption and data protection
      items:
      - name: Bitlocker 
-       href: information-protection/bitlocker/bitlocker-overview.md
+       href: /windows/security/information-protection/bitlocker/bitlocker-overview.md
    - name: Network security
      items:
      - name: VPN 
diff --git a/windows/security/index.yml b/windows/security/index.yml
index 4c3fe7d66c..3ebfbd536f 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -39,9 +39,9 @@ landingContent:
       - linkListType: overview
         links:
         - name: Trusted Platform Module
-          url: tpm/trusted-platform-module-top-node.md
+          url: /windows/security/information-protection/trusted-platform-module-top-node.md
         - name: Kernel DMA Protection
-          href: information-protection/kernel-dma-protection-for-thunderbolt.md
+          url: /windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)
@@ -50,6 +50,6 @@ landingContent:
       - linkListType: overview
         links:
         - name: Secure the Windows boot process
-          url: information-protection/secure-the-windows-10-boot-process.md
+          url: /windows/security/information-protection/secure-the-windows-10-boot-process.md
         - name: Configure S/MIME for Windows 10
-          url: identity-protection/configure-s-mime.md
\ No newline at end of file
+          url: /windows/security/identity-protection/configure-s-mime.md
\ No newline at end of file

From bf753cf37da5935e75c69155b36ca0e6066d4009 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 19 Aug 2021 12:10:46 -0700
Subject: [PATCH 016/671] text

---
 windows/security/index.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 3ebfbd536f..2761ee94c4 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -38,9 +38,9 @@ landingContent:
     linkLists:
       - linkListType: overview
         links:
-        - name: Trusted Platform Module
-          url: /windows/security/information-protection/trusted-platform-module-top-node.md
-        - name: Kernel DMA Protection
+        - text: Trusted Platform Module
+          url: /windows/security/information-protection/tpm/trusted-platform-module-top-node.md
+        - text: Kernel DMA Protection
           url: /windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
@@ -49,7 +49,7 @@ landingContent:
     linkLists:
       - linkListType: overview
         links:
-        - name: Secure the Windows boot process
+        - text: Secure the Windows boot process
           url: /windows/security/information-protection/secure-the-windows-10-boot-process.md
-        - name: Configure S/MIME for Windows 10
+        - text: Configure S/MIME for Windows 10
           url: /windows/security/identity-protection/configure-s-mime.md
\ No newline at end of file

From 9cb21a66d89d04a468a7f8e9b1d807a57b806e87 Mon Sep 17 00:00:00 2001
From: v-dihans <v-dihans@microsoft.com>
Date: Thu, 19 Aug 2021 13:15:58 -0600
Subject: [PATCH 017/671] dh-make-bulleted-list

---
 .../demonstrate-deployment-on-vm.md           | 77 ++++++++++---------
 1 file changed, 40 insertions(+), 37 deletions(-)

diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
index effa84ef83..f41d64d23e 100644
--- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
+++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
@@ -44,10 +44,13 @@ The following video provides an overview of the process:
 ## Prerequisites
 
 These are the things you'll need to complete this lab:
-<table><tr><td>Windows 10 installation media</td><td>Windows 10 Professional or Enterprise (ISO file) for a supported version of Windows 10, semi-annual channel. If you do not already have an ISO to use, a link is provided to download an <a href="https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise" data-raw-source="[evaluation version of Windows 10 Enterprise](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise)">evaluation version of Windows 10 Enterprise</a>.</td></tr>
-<tr><td>Internet access</td><td>If you're behind a firewall, see the detailed <a href="/mem/autopilot/software-requirements#networking-requirements" data-raw-source="[networking requirements](/mem/autopilot/software-requirements#networking-requirements)">networking requirements</a>. Otherwise, just ensure that you have a connection to the Internet.</td></tr>
-<tr><td>Hyper-V or a physical device running Windows 10</td><td>The guide assumes that you will use a Hyper-V VM, and provides instructions to install and configure Hyper-V if needed. To use a physical device, skip the steps to install and configure Hyper-V.</td></tr>
-<tr><td>An account with Azure AD Premium license</td><td>This guide will describe how to obtain a free 30-day trial Azure AD Premium subscription that can be used to complete the lab.</td></tr></table>
+
+|    | Description |
+|:---|:---|
+|**Windows 10 installation media**|Windows 10 Professional or Enterprise (ISO file) for a supported version of Windows 10, semi-annual channel. If you do not already have an ISO to use, a link is provided to download an <a href="https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise" data-raw-source="[evaluation version of Windows 10 Enterprise](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise)">evaluation version of Windows 10 Enterprise</a>.|
+|**Internet access**|If you're behind a firewall, see the detailed <a href="/mem/autopilot/software-requirements#networking-requirements" data-raw-source="[networking requirements](/mem/autopilot/software-requirements#networking-requirements)">networking requirements</a>. Otherwise, just ensure that you have a connection to the Internet.|
+|**Hyper-V or a physical device running Windows 10**|The guide assumes that you will use a Hyper-V VM, and provides instructions to install and configure Hyper-V if needed. To use a physical device, skip the steps to install and configure Hyper-V.|
+|**An account with Azure AD Premium license**|This guide will describe how to obtain a free 30-day trial Azure AD Premium subscription that can be used to complete the lab.|
 
 ## Procedures
 
@@ -55,39 +58,39 @@ A summary of the sections and procedures in the lab is provided below. Follow ea
 
 If you already have Hyper-V and a Windows 10 VM, you can skip directly to the [Capture the hardware ID](#capture-the-hardware-id) step. The VM must be running Windows 10, version 1903 or a later version.
 
-[Verify support for Hyper-V](#verify-support-for-hyper-v)
-<br>[Enable Hyper-V](#enable-hyper-v)
-<br>[Create a demo VM](#create-a-demo-vm)
-<br>&nbsp;&nbsp;&nbsp; [Set ISO file location](#set-iso-file-location)
-<br>&nbsp;&nbsp;&nbsp; [Determine network adapter name](#determine-network-adapter-name)
-<br>&nbsp;&nbsp;&nbsp;  [Use Windows PowerShell to create the demo VM](#use-windows-powershell-to-create-the-demo-vm)
-<br>&nbsp;&nbsp;&nbsp; [Install Windows 10](#install-windows-10)
-<br>[Capture the hardware ID](#capture-the-hardware-id)
-<br>[Reset the VM back to Out-Of-Box-Experience (OOBE)](#reset-the-vm-back-to-out-of-box-experience-oobe)
-<br>[Verify subscription level](#verify-subscription-level)
-<br>[Configure company branding](#configure-company-branding)
-<br>[Configure Microsoft Intune auto-enrollment](#configure-microsoft-intune-auto-enrollment)
-<br>[Register your VM](#register-your-vm)
-<br>&nbsp;&nbsp;&nbsp; [Autopilot registration using Intune](#autopilot-registration-using-intune)
-<br>&nbsp;&nbsp;&nbsp; [Autopilot registration using MSfB](#autopilot-registration-using-msfb)
-<br>[Create and assign a Windows Autopilot deployment profile](#create-and-assign-a-windows-autopilot-deployment-profile)
-<br>&nbsp;&nbsp;&nbsp; [Create a Windows Autopilot deployment profile using Intune](#create-a-windows-autopilot-deployment-profile-using-intune)
-<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [Create a device group](#create-a-device-group)
-<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [Create the deployment profile](#create-the-deployment-profile)
-<br>&nbsp;&nbsp;&nbsp; [Create a Windows Autopilot deployment profile using MSfB](#create-a-windows-autopilot-deployment-profile-using-msfb)
-<br>[See Windows Autopilot in action](#see-windows-autopilot-in-action)
-<br>[Remove devices from Autopilot](#remove-devices-from-autopilot)
-<br>&nbsp;&nbsp;&nbsp; [Delete (deregister) Autopilot device](#delete-deregister-autopilot-device)
-<br>[Appendix A: Verify support for Hyper-V](#appendix-a-verify-support-for-hyper-v)
-<br>[Appendix B: Adding apps to your profile](#appendix-b-adding-apps-to-your-profile)
-<br>&nbsp;&nbsp;&nbsp; [Add a Win32 app](#add-a-win32-app)
-<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [Prepare the app for Intune](#prepare-the-app-for-intune)
-<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [Create app in Intune](#create-app-in-intune)
-<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [Assign the app to your Intune profile](#assign-the-app-to-your-intune-profile)
-<br>&nbsp;&nbsp;&nbsp; [Add Office 365](#add-office-365)
-<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [Create app in Intune](#create-app-in-intune)
-<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [Assign the app to your Intune profile](#assign-the-app-to-your-intune-profile)
-<br>[Glossary](#glossary)
+- [Verify support for Hyper-V](#verify-support-for-hyper-v)
+- [Enable Hyper-V](#enable-hyper-v)
+- [Create a demo VM](#create-a-demo-vm)
+  - [Set ISO file location](#set-iso-file-location)
+  - [Determine network adapter name](#determine-network-adapter-name)
+  - [Use Windows PowerShell to create the demo VM](#use-windows-powershell-to-create-the-demo-vm)
+  - [Install Windows 10](#install-windows-10)
+- [Capture the hardware ID](#capture-the-hardware-id)
+- [Reset the VM back to Out-Of-Box-Experience (OOBE)](#reset-the-vm-back-to-out-of-box-experience-oobe)
+- [Verify subscription level](#verify-subscription-level)
+- [Configure company branding](#configure-company-branding)
+- [Configure Microsoft Intune auto-enrollment](#configure-microsoft-intune-auto-enrollment)
+- [Register your VM](#register-your-vm)
+  - [Autopilot registration using Intune](#autopilot-registration-using-intune)
+  - [Autopilot registration using MSfB](#autopilot-registration-using-msfb)
+- [Create and assign a Windows Autopilot deployment profile](#create-and-assign-a-windows-autopilot-deployment-profile)
+  - [Create a Windows Autopilot deployment profile using Intune](#create-a-windows-autopilot-deployment-profile-using-intune)
+    - [Create a device group](#create-a-device-group)
+    - [Create the deployment profile](#create-the-deployment-profile)
+  - [Create a Windows Autopilot deployment profile using MSfB](#create-a-windows-autopilot-deployment-profile-using-msfb)
+- [See Windows Autopilot in action](#see-windows-autopilot-in-action)
+- [Remove devices from Autopilot](#remove-devices-from-autopilot)
+  - [Delete (deregister) Autopilot device](#delete-deregister-autopilot-device)
+- [Appendix A: Verify support for Hyper-V](#appendix-a-verify-support-for-hyper-v)
+- [Appendix B: Adding apps to your profile](#appendix-b-adding-apps-to-your-profile)
+  - [Add a Win32 app](#add-a-win32-app)
+    - [Prepare the app for Intune](#prepare-the-app-for-intune)
+    - [Create app in Intune](#create-app-in-intune)
+    - [Assign the app to your Intune profile](#assign-the-app-to-your-intune-profile)
+  - [Add Office 365](#add-office-365)
+    - [Create app in Intune](#create-app-in-intune)
+    - [Assign the app to your Intune profile](#assign-the-app-to-your-intune-profile)
+- [Glossary](#glossary)
 
 ## Verify support for Hyper-V
 

From 78d73dc75dd270b75b37b012226b13cef5fe73da Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 19 Aug 2021 12:30:47 -0700
Subject: [PATCH 018/671] oops all broken

---
 windows/security/TOC.yml | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index f3f4538b86..237dfd3ad2 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -5,44 +5,44 @@
 - name: Windows security foundations
   items: 
     - name: FIPS 140-2 Validation
-      href: /windows/security/threat-protection/fips-140-validation.md
+      href: threat-protection/fips-140-validation.md
     - name: Common Criteria Certifications
-      href: /windows/security/threat-protection/windows-platform-common-criteria.md
+      href: threat-protection/windows-platform-common-criteria.md
 - name: Windows hardware security
   items: 
     - name: Trusted Platform Module
-      href: /windows/security/information-protection/tpm/trusted-platform-module-top-node.md
+      href: information-protection/tpm/trusted-platform-module-top-node.md
       items: 
         - name: Trusted Platform Module Overview
-          href: /windows/security/information-protection/tpm/trusted-platform-module-overview.md
+          href: information-protection/tpm/trusted-platform-module-overview.md
         - name: TPM fundamentals
-          href: /windows/security/information-protection/tpm/tpm-fundamentals.md
+          href: information-protection/tpm/tpm-fundamentals.md
         - name: How Windows 10 uses the TPM
-          href: /windows/security/information-protection/tpm/how-windows-uses-the-tpm.md
+          href: information-protection/tpm/how-windows-uses-the-tpm.md
         - name: TPM Group Policy settings
-          href: /windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
+          href: information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
         - name: Back up the TPM recovery information to AD DS
-          href: /windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md
+          href: information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md
         - name: View status, clear, or troubleshoot the TPM
-          href: /windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
+          href: information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
         - name: Understanding PCR banks on TPM 2.0 devices
-          href: /windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
+          href: information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
         - name: TPM recommendations
-          href: /windows/security/information-protection/tpm/tpm-recommendations.md
+          href: information-protection/tpm/tpm-recommendations.md
     - name: Protect derived domain credentials with Windows Defender Credential Guard
-      href: /windows/security/identity-protection/credential-guard/credential-guard.md
+      href: identity-protection/credential-guard/credential-guard.md
     - name: Kernel DMA Protection
-      href: /windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
+      href: information-protection/kernel-dma-protection-for-thunderbolt.md
 - name: Windows operating system security
   items: 
    - name: system security
      items:
      - name: Secure the Windows 10 boot process
-       href: /windows/security/information-protection/secure-the-windows-10-boot-process.md
+       href: information-protection/secure-the-windows-10-boot-process.md
    - name: Encryption and data protection
      items:
      - name: Bitlocker 
-       href: /windows/security/information-protection/bitlocker/bitlocker-overview.md
+       href: information-protection/bitlocker/bitlocker-overview.md
    - name: Network security
      items:
      - name: VPN 

From f5909d966ce0745152e4c1702151f99d2d58a82a Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 19 Aug 2021 12:39:26 -0700
Subject: [PATCH 019/671] add

---
 windows/security/TOC.yml | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 237dfd3ad2..743bbc0044 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -2,13 +2,13 @@
 - name: Windows security
   href: index.yml
   expanded: true
-- name: Windows security foundations
+- name: Security foundations
   items: 
     - name: FIPS 140-2 Validation
       href: threat-protection/fips-140-validation.md
     - name: Common Criteria Certifications
       href: threat-protection/windows-platform-common-criteria.md
-- name: Windows hardware security
+- name: Hardware security
   items: 
     - name: Trusted Platform Module
       href: information-protection/tpm/trusted-platform-module-top-node.md
@@ -33,9 +33,9 @@
       href: identity-protection/credential-guard/credential-guard.md
     - name: Kernel DMA Protection
       href: information-protection/kernel-dma-protection-for-thunderbolt.md
-- name: Windows operating system security
+- name: Operating system security
   items: 
-   - name: system security
+   - name: System security
      items:
      - name: Secure the Windows 10 boot process
        href: information-protection/secure-the-windows-10-boot-process.md
@@ -49,7 +49,15 @@
        href: identity-protection/vpn/vpn-guide.md
      - name: Windows Defender Firewall
        href: threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
-- name: Windows threat protection
+- name: Threat protection
   items: 
     - name: Microsoft Defender Antivirus
-      href: /microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows.md
\ No newline at end of file
+      href: /microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows.md
+- name: Application protection
+  items:
+- name: User protection
+  items:
+- name: Privacy controls
+  items:
+  - name: Windows Privacy controls
+    href: https://docs.microsoft.com/windows/privacy/windows-10-and-privacy-compliance
\ No newline at end of file

From 7c596eaee5dc82515be9f2d6536ef0d2384e7ebe Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 19 Aug 2021 12:56:00 -0700
Subject: [PATCH 020/671] adding in bitlocker

---
 windows/security/TOC.yml | 74 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 74 insertions(+)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 743bbc0044..91ff61ce6f 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -41,8 +41,82 @@
        href: information-protection/secure-the-windows-10-boot-process.md
    - name: Encryption and data protection
      items:
+     - name: Encrypted Hard Drive
+       href: encrypted-hard-drive.md
      - name: Bitlocker 
        href: information-protection/bitlocker/bitlocker-overview.md
+       items: 
+        - name: Overview of BitLocker Device Encryption in Windows 10
+          href: information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
+        - name: BitLocker frequently asked questions (FAQ)
+          href: information-protection/bitlocker/bitlocker-frequently-asked-questions.yml
+          items: 
+            - name: Overview and requirements
+              href: information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml
+            - name: Upgrading
+              href: information-protection/bitlocker/bitlocker-upgrading-faq.yml
+            - name: Deployment and administration
+              href: information-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml
+            - name: Key management
+              href: information-protection/bitlocker/bitlocker-key-management-faq.yml
+            - name: BitLocker To Go
+              href: information-protection/bitlocker/bitlocker-to-go-faq.yml
+            - name: Active Directory Domain Services
+              href: information-protection/bitlocker/bitlocker-and-adds-faq.yml
+            - name: Security
+              href: information-protection/bitlocker/bitlocker-security-faq.yml
+            - name: BitLocker Network Unlock
+              href: information-protection/bitlocker/bitlocker-network-unlock-faq.yml
+            - name: General
+              href: information-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml
+        - name: "Prepare your organization for BitLocker: Planning and policies"
+          href: information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
+        - name: BitLocker deployment comparison
+          href: information-protection/bitlocker/bitlocker-deployment-comparison.md
+        - name: BitLocker basic deployment
+          href: information-protection/bitlocker/bitlocker-basic-deployment.md
+        - name: Deploy BitLocker on Windows Server 2012 and later
+          href: information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md
+        - name: BitLocker management for enterprises
+          href: information-protection/bitlocker/bitlocker-management-for-enterprises.md
+        - name: Enable Network Unlock with BitLocker
+          href: information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
+        - name: Use BitLocker Drive Encryption Tools to manage BitLocker
+          href: information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
+        - name: Use BitLocker Recovery Password Viewer
+          href: information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md
+        - name: BitLocker Group Policy settings
+          href: information-protection/bitlocker/bitlocker-group-policy-settings.md
+        - name: BCD settings and BitLocker
+          href: information-protection/bitlocker/bcd-settings-and-bitlocker.md
+        - name: BitLocker Recovery Guide
+          href: information-protection/bitlocker/bitlocker-recovery-guide-plan.md
+        - name: BitLocker Countermeasures
+          href: information-protection/bitlocker/bitlocker-countermeasures.md
+        - name: Protecting cluster shared volumes and storage area networks with BitLocker
+          href: information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
+        - name: Troubleshoot BitLocker
+          items: 
+            - name: Troubleshoot BitLocker
+              href: information-protection/bitlocker/troubleshoot-bitlocker.md
+            - name: "BitLocker cannot encrypt a drive: known issues"
+              href: information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md
+            - name: "Enforcing BitLocker policies by using Intune: known issues"
+              href: information-protection/bitlocker/ts-bitlocker-intune-issues.md
+            - name: "BitLocker Network Unlock: known issues"
+              href: information-protection/bitlocker/ts-bitlocker-network-unlock-issues.md
+            - name: "BitLocker recovery: known issues"
+              href: information-protection/bitlocker/ts-bitlocker-recovery-issues.md
+            - name: "BitLocker configuration: known issues"
+              href: information-protection/bitlocker/ts-bitlocker-config-issues.md
+            - name: Troubleshoot BitLocker and TPM issues
+              items: 
+                - name: "BitLocker cannot encrypt a drive: known TPM issues"
+                  href: information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md
+                - name: "BitLocker and TPM: other known issues"
+                  href: information-protection/bitlocker/ts-bitlocker-tpm-issues.md
+                - name: Decode Measured Boot logs to track PCR changes
+                  href: information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md
    - name: Network security
      items:
      - name: VPN 

From 5d9ce6746c4edbc594141d686bb734992c89bb34 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 19 Aug 2021 13:00:01 -0700
Subject: [PATCH 021/671] attempting to redirect TOC

---
 windows/security/information-protection/{TOC.yml => TOC-BAK.yml} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename windows/security/information-protection/{TOC.yml => TOC-BAK.yml} (100%)

diff --git a/windows/security/information-protection/TOC.yml b/windows/security/information-protection/TOC-BAK.yml
similarity index 100%
rename from windows/security/information-protection/TOC.yml
rename to windows/security/information-protection/TOC-BAK.yml

From e47977ed23df6f18a968ec290c7860028090fac8 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 19 Aug 2021 13:04:05 -0700
Subject: [PATCH 022/671] build fail

---
 .../information-protection/TOC-BAK.yml        | 149 ------------------
 1 file changed, 149 deletions(-)
 delete mode 100644 windows/security/information-protection/TOC-BAK.yml

diff --git a/windows/security/information-protection/TOC-BAK.yml b/windows/security/information-protection/TOC-BAK.yml
deleted file mode 100644
index bcaa9d74d7..0000000000
--- a/windows/security/information-protection/TOC-BAK.yml
+++ /dev/null
@@ -1,149 +0,0 @@
-- name: Information protection
-  href: index.md
-  items: 
-    - name: BitLocker
-      href: bitlocker\bitlocker-overview.md
-      items: 
-        - name: Overview of BitLocker Device Encryption in Windows 10
-          href: bitlocker\bitlocker-device-encryption-overview-windows-10.md
-        - name: BitLocker frequently asked questions (FAQ)
-          href: bitlocker\bitlocker-frequently-asked-questions.yml
-          items: 
-            - name: Overview and requirements
-              href: bitlocker\bitlocker-overview-and-requirements-faq.yml
-            - name: Upgrading
-              href: bitlocker\bitlocker-upgrading-faq.yml
-            - name: Deployment and administration
-              href: bitlocker\bitlocker-deployment-and-administration-faq.yml
-            - name: Key management
-              href: bitlocker\bitlocker-key-management-faq.yml
-            - name: BitLocker To Go
-              href: bitlocker\bitlocker-to-go-faq.yml
-            - name: Active Directory Domain Services
-              href: bitlocker\bitlocker-and-adds-faq.yml
-            - name: Security
-              href: bitlocker\bitlocker-security-faq.yml
-            - name: BitLocker Network Unlock
-              href: bitlocker\bitlocker-network-unlock-faq.yml
-            - name: General
-              href: bitlocker\bitlocker-using-with-other-programs-faq.yml
-        - name: "Prepare your organization for BitLocker: Planning and policies"
-          href: bitlocker\prepare-your-organization-for-bitlocker-planning-and-policies.md
-        - name: BitLocker deployment comparison
-          href: bitlocker\bitlocker-deployment-comparison.md
-        - name: BitLocker basic deployment
-          href: bitlocker\bitlocker-basic-deployment.md
-        - name: "BitLocker: How to deploy on Windows Server 2012 and later"
-          href: bitlocker\bitlocker-how-to-deploy-on-windows-server.md
-        - name: "BitLocker: Management for enterprises"
-          href: bitlocker\bitlocker-management-for-enterprises.md
-        - name: "BitLocker: How to enable Network Unlock"
-          href: bitlocker\bitlocker-how-to-enable-network-unlock.md
-        - name: "BitLocker: Use BitLocker Drive Encryption Tools to manage BitLocker"
-          href: bitlocker\bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
-        - name: "BitLocker: Use BitLocker Recovery Password Viewer"
-          href: bitlocker\bitlocker-use-bitlocker-recovery-password-viewer.md
-        - name: BitLocker Group Policy settings
-          href: bitlocker\bitlocker-group-policy-settings.md
-        - name: BCD settings and BitLocker
-          href: bitlocker\bcd-settings-and-bitlocker.md
-        - name: BitLocker Recovery Guide
-          href: bitlocker\bitlocker-recovery-guide-plan.md
-        - name: BitLocker Countermeasures
-          href: bitlocker\bitlocker-countermeasures.md
-        - name: Protecting cluster shared volumes and storage area networks with BitLocker
-          href: bitlocker\protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
-        - name: Troubleshoot BitLocker
-          items: 
-            - name: Troubleshoot BitLocker
-              href: bitlocker\troubleshoot-bitlocker.md
-            - name: "BitLocker cannot encrypt a drive: known issues"
-              href: bitlocker\ts-bitlocker-cannot-encrypt-issues.md
-            - name: "Enforcing BitLocker policies by using Intune: known issues"
-              href: bitlocker\ts-bitlocker-intune-issues.md
-            - name: "BitLocker Network Unlock: known issues"
-              href: bitlocker\ts-bitlocker-network-unlock-issues.md
-            - name: "BitLocker recovery: known issues"
-              href: bitlocker\ts-bitlocker-recovery-issues.md
-            - name: "BitLocker configuration: known issues"
-              href: bitlocker\ts-bitlocker-config-issues.md
-            - name: Troubleshoot BitLocker and TPM issues
-              items: 
-                - name: "BitLocker cannot encrypt a drive: known TPM issues"
-                  href: bitlocker\ts-bitlocker-cannot-encrypt-tpm-issues.md
-                - name: "BitLocker and TPM: other known issues"
-                  href: bitlocker\ts-bitlocker-tpm-issues.md
-                - name: Decode Measured Boot logs to track PCR changes
-                  href: bitlocker\ts-bitlocker-decode-measured-boot-logs.md
-    - name: Encrypted Hard Drive
-      href: encrypted-hard-drive.md
-    - name: Kernel DMA Protection
-      href: kernel-dma-protection-for-thunderbolt.md
-    - name: Protect your enterprise data using Windows Information Protection (WIP)
-      href: windows-information-protection\protect-enterprise-data-using-wip.md
-      items: 
-        - name: Create a WIP policy using Microsoft Intune
-          href: windows-information-protection\overview-create-wip-policy.md
-          items: 
-            - name: Create a WIP policy with MDM using the Azure portal for Microsoft Intune
-              href: windows-information-protection\create-wip-policy-using-intune-azure.md
-              items: 
-                - name: Deploy your WIP policy using the Azure portal for Microsoft Intune
-                  href: windows-information-protection\deploy-wip-policy-using-intune-azure.md
-                - name: Associate and deploy a VPN policy for WIP using the Azure portal for Microsoft Intune
-                  href: windows-information-protection\create-vpn-and-wip-policy-using-intune-azure.md
-            - name: Create and verify an EFS Data Recovery Agent (DRA) certificate
-              href: windows-information-protection\create-and-verify-an-efs-dra-certificate.md
-            - name: Determine the Enterprise Context of an app running in WIP
-              href: windows-information-protection\wip-app-enterprise-context.md
-        - name: Create a WIP policy using Microsoft Endpoint Configuration Manager
-          href: windows-information-protection\overview-create-wip-policy-configmgr.md
-          items: 
-            - name: Create and deploy a WIP policy using Microsoft Endpoint Configuration Manager
-              href: windows-information-protection\create-wip-policy-using-configmgr.md
-            - name: Create and verify an EFS Data Recovery Agent (DRA) certificate
-              href: windows-information-protection\create-and-verify-an-efs-dra-certificate.md
-            - name: Determine the Enterprise Context of an app running in WIP
-              href: windows-information-protection\wip-app-enterprise-context.md
-        - name: Mandatory tasks and settings required to turn on WIP
-          href: windows-information-protection\mandatory-settings-for-wip.md
-        - name: Testing scenarios for WIP
-          href: windows-information-protection\testing-scenarios-for-wip.md
-        - name: Limitations while using WIP
-          href: windows-information-protection\limitations-with-wip.md
-        - name: How to collect WIP audit event logs
-          href: windows-information-protection\collect-wip-audit-event-logs.md
-        - name: General guidance and best practices for WIP
-          href: windows-information-protection\guidance-and-best-practices-wip.md
-          items: 
-            - name: Enlightened apps for use with WIP
-              href: windows-information-protection\enlightened-microsoft-apps-and-wip.md
-            - name: Unenlightened and enlightened app behavior while using WIP
-              href: windows-information-protection\app-behavior-with-wip.md
-            - name: Recommended Enterprise Cloud Resources and Neutral Resources network settings with WIP
-              href: windows-information-protection\recommended-network-definitions-for-wip.md
-            - name: Using Outlook Web Access with WIP
-              href: windows-information-protection\using-owa-with-wip.md
-        - name: Fine-tune WIP Learning
-          href: windows-information-protection\wip-learning.md
-    - name: Secure the Windows 10 boot process
-      href: secure-the-windows-10-boot-process.md
-    - name: Trusted Platform Module
-      href: tpm/trusted-platform-module-top-node.md
-      items: 
-        - name: Trusted Platform Module Overview
-          href: tpm/trusted-platform-module-overview.md
-        - name: TPM fundamentals
-          href: tpm/tpm-fundamentals.md
-        - name: How Windows 10 uses the TPM
-          href: tpm/how-windows-uses-the-tpm.md
-        - name: TPM Group Policy settings
-          href: tpm/trusted-platform-module-services-group-policy-settings.md
-        - name: Back up the TPM recovery information to AD DS
-          href: tpm/backup-tpm-recovery-information-to-ad-ds.md
-        - name: View status, clear, or troubleshoot the TPM
-          href: tpm/initialize-and-configure-ownership-of-the-tpm.md
-        - name: Understanding PCR banks on TPM 2.0 devices
-          href: tpm/switch-pcr-banks-on-tpm-2-0-devices.md
-        - name: TPM recommendations
-          href: tpm/tpm-recommendations.md

From 9caab07acfd421dc1f240e5c97105ee4a107dcb5 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 19 Aug 2021 13:17:47 -0700
Subject: [PATCH 023/671] adding wip

---
 windows/security/TOC.yml | 49 +++++++++++++++++++++++++++++++++++++++-
 1 file changed, 48 insertions(+), 1 deletion(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 91ff61ce6f..2370e36f4e 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -42,7 +42,7 @@
    - name: Encryption and data protection
      items:
      - name: Encrypted Hard Drive
-       href: encrypted-hard-drive.md
+       href: information-protection/encrypted-hard-drive.md
      - name: Bitlocker 
        href: information-protection/bitlocker/bitlocker-overview.md
        items: 
@@ -117,6 +117,53 @@
                   href: information-protection/bitlocker/ts-bitlocker-tpm-issues.md
                 - name: Decode Measured Boot logs to track PCR changes
                   href: information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md
+     - name: Windows Information Protection (WIP)
+       href: information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
+       items: 
+        - name: Create a WIP policy using Microsoft Intune
+          href: information-protection/windows-information-protection/overview-create-wip-policy.md
+          items: 
+            - name: Create a WIP policy with MDM using the Azure portal for Microsoft Intune
+              href: information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
+              items: 
+                - name: Deploy your WIP policy using the Azure portal for Microsoft Intune
+                  href: information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md
+                - name: Associate and deploy a VPN policy for WIP using the Azure portal for Microsoft Intune
+                  href: information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md
+            - name: Create and verify an EFS Data Recovery Agent (DRA) certificate
+              href: information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
+            - name: Determine the Enterprise Context of an app running in WIP
+              href: information-protection/windows-information-protection/wip-app-enterprise-context.md
+        - name: Create a WIP policy using Microsoft Endpoint Configuration Manager
+          href: information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md
+          items: 
+            - name: Create and deploy a WIP policy using Microsoft Endpoint Configuration Manager
+              href: information-protection/windows-information-protection/create-wip-policy-using-configmgr.md
+            - name: Create and verify an EFS Data Recovery Agent (DRA) certificate
+              href: information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
+            - name: Determine the Enterprise Context of an app running in WIP
+              href: information-protection/windows-information-protection/wip-app-enterprise-context.md
+        - name: Mandatory tasks and settings required to turn on WIP
+          href: information-protection/windows-information-protection/mandatory-settings-for-wip.md
+        - name: Testing scenarios for WIP
+          href: information-protection/windows-information-protection/testing-scenarios-for-wip.md
+        - name: Limitations while using WIP
+          href: information-protection/windows-information-protection/limitations-with-wip.md
+        - name: How to collect WIP audit event logs
+          href: information-protection/windows-information-protection/collect-wip-audit-event-logs.md
+        - name: General guidance and best practices for WIP
+          href: information-protection/windows-information-protection/guidance-and-best-practices-wip.md
+          items: 
+            - name: Enlightened apps for use with WIP
+              href: information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
+            - name: Unenlightened and enlightened app behavior while using WIP
+              href: information-protection/windows-information-protection/app-behavior-with-wip.md
+            - name: Recommended Enterprise Cloud Resources and Neutral Resources network settings with WIP
+              href: information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
+            - name: Using Outlook Web Access with WIP
+              href: information-protection/windows-information-protection/using-owa-with-wip.md
+        - name: Fine-tune WIP Learning
+          href: information-protection/windows-information-protection/wip-learning.md
    - name: Network security
      items:
      - name: VPN 

From e794bc48fc50b76664029c2cce9571e35116adba Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 19 Aug 2021 15:11:13 -0700
Subject: [PATCH 024/671] adding identity

---
 windows/security/TOC.yml | 129 ++++++++++++++++++++++++++++++++++++++-
 1 file changed, 128 insertions(+), 1 deletion(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 2370e36f4e..51021a5be7 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -117,6 +117,8 @@
                   href: information-protection/bitlocker/ts-bitlocker-tpm-issues.md
                 - name: Decode Measured Boot logs to track PCR changes
                   href: information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md
+     - name: Configure S/MIME for Windows 10
+       href: configure-s-mime.md     
      - name: Windows Information Protection (WIP)
        href: information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
        items: 
@@ -166,8 +168,31 @@
           href: information-protection/windows-information-protection/wip-learning.md
    - name: Network security
      items:
-     - name: VPN 
+     - name: VPN technical guide
        href: identity-protection/vpn/vpn-guide.md
+       items: 
+        - name: VPN connection types
+          href: identity-protection/vpn/vpn-connection-type.md
+        - name: VPN routing decisions
+          href: identity-protection/vpn/vpn-routing.md
+        - name: VPN authentication options
+          href: identity-protection/vpn/vpn-authentication.md
+        - name: VPN and conditional access
+          href: identity-protection/vpn/vpn-conditional-access.md
+        - name: VPN name resolution
+          href: identity-protection/vpn/vpn-name-resolution.md
+        - name: VPN auto-triggered profile options
+          href: identity-protection/vpn/vpn-auto-trigger-profile.md
+        - name: VPN security features
+          href: identity-protection/vpn/vpn-security-features.md
+        - name: VPN profile options
+          href: identity-protection/vpn/vpn-profile-options.md
+        - name: How to configure Diffie Hellman protocol over IKEv2 VPN connections
+          href: identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
+        - name: How to use single sign-on (SSO) over VPN and Wi-Fi connections
+          href: identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
+        - name: Optimizing Office 365 traffic with the Windows 10 VPN client
+          href: identity-protection/vpn/vpn-office-365-optimization.md
      - name: Windows Defender Firewall
        href: threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
 - name: Threat protection
@@ -178,6 +203,108 @@
   items:
 - name: User protection
   items:
+    - name: Technical support policy for lost or forgotten passwords
+      href: identity-protection/password-support-policy.md
+    - name: Access Control Overview
+      href: identity-protection/access-control/access-control.md
+      items: 
+        - name: Dynamic Access Control Overview
+          href: identity-protection/access-control/dynamic-access-control.md
+        - name: Security identifiers
+          href: identity-protection/access-control/security-identifiers.md
+        - name: Security Principals
+          href: identity-protection/access-control/security-principals.md
+        - name: Local Accounts
+          href: identity-protection/access-control/local-accounts.md
+        - name: Active Directory Accounts
+          href: identity-protection/access-control/active-directory-accounts.md
+        - name: Microsoft Accounts
+          href: identity-protection/access-control/microsoft-accounts.md
+        - name: Service Accounts
+          href: identity-protection/access-control/service-accounts.md
+        - name: Active Directory Security Groups
+          href: identity-protection/access-control/active-directory-security-groups.md
+        - name: Special Identities
+          href: identity-protection/access-control/special-identities.md
+        - name: User Account Control
+          href: identity-protection/user-account-control/user-account-control-overview.md
+          items: 
+            - name: How User Account Control works
+              href: identity-protection/user-account-control/how-user-account-control-works.md
+            - name: User Account Control security policy settings
+              href: identity-protection/user-account-control/user-account-control-security-policy-settings.md
+            - name: User Account Control Group Policy and registry key settings
+              href: identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
+    - name: Windows Hello for Business
+      href: identity-protection/hello-for-business/index.yml
+    - name: Windows credential theft mitigation guide
+      href: identity-protection/windows-credential-theft-mitigation-guide-abstract.md
+    - name: Enterprise Certificate Pinning
+      href: identity-protection/enterprise-certificate-pinning.md
+    - name: Protect derived domain credentials with Credential Guard
+      href: identity-protection/credential-guard/credential-guard.md
+      items: 
+        - name: How Credential Guard works
+          href: identity-protection/credential-guard/credential-guard-how-it-works.md
+        - name: Credential Guard Requirements
+          href: identity-protection/credential-guard/credential-guard-requirements.md
+        - name: Manage Credential Guard
+          href: identity-protection/credential-guard/credential-guard-manage.md
+        - name: Hardware readiness tool
+          href: identity-protection/credential-guard/dg-readiness-tool.md
+        - name: Credential Guard protection limits
+          href: identity-protection/credential-guard/credential-guard-protection-limits.md
+        - name: Considerations when using Credential Guard
+          href: identity-protection/credential-guard/credential-guard-considerations.md
+        - name: "Credential Guard: Additional mitigations"
+          href: identity-protection/credential-guard/additional-mitigations.md
+        - name: "Credential Guard: Known issues"
+          href: identity-protection/credential-guard/credential-guard-known-issues.md
+    - name: Protect Remote Desktop credentials with Remote Credential Guard
+      href: identity-protection/remote-credential-guard.md
+    - name: Smart Cards
+      href: identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md
+      items: 
+        - name: How Smart Card Sign-in Works in Windows
+          href: identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md
+          items: 
+            - name: Smart Card Architecture
+              href: identity-protection/smart-cards/smart-card-architecture.md
+            - name: Certificate Requirements and Enumeration
+              href: identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md
+            - name: Smart Card and Remote Desktop Services
+              href: identity-protection/smart-cards/smart-card-and-remote-desktop-services.md
+            - name: Smart Cards for Windows Service
+              href: identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md
+            - name: Certificate Propagation Service
+              href: identity-protection/smart-cards/smart-card-certificate-propagation-service.md
+            - name: Smart Card Removal Policy Service
+              href: identity-protection/smart-cards/smart-card-removal-policy-service.md
+        - name: Smart Card Tools and Settings
+          href: identity-protection/smart-cards/smart-card-tools-and-settings.md
+          items: 
+            - name: Smart Cards Debugging Information
+              href: identity-protection/smart-cards/smart-card-debugging-information.md
+            - name: Smart Card Group Policy and Registry Settings
+              href: identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md
+            - name: Smart Card Events
+              href: identity-protection/smart-cards/smart-card-events.md
+        - name: Virtual Smart Cards
+          href: identity-protection/virtual-smart-cards/virtual-smart-card-overview.md
+          items: 
+            - name: Understanding and Evaluating Virtual Smart Cards
+              href: identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md
+              items: 
+                - name: "Get Started with Virtual Smart Cards: Walkthrough Guide"
+                  href: identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md
+                - name: Use Virtual Smart Cards
+                  href: identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md
+                - name: Deploy Virtual Smart Cards
+                  href: identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md
+                - name: Evaluate Virtual Smart Card Security
+                  href: identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md
+            - name: Tpmvscmgr
+              href: identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
 - name: Privacy controls
   items:
   - name: Windows Privacy controls

From ef521bf2852e395d97a501d4ec210b69d110f162 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 19 Aug 2021 15:19:28 -0700
Subject: [PATCH 025/671] rm identity-protection toc

---
 windows/security/identity-protection/TOC.yml | 132 -------------------
 1 file changed, 132 deletions(-)
 delete mode 100644 windows/security/identity-protection/TOC.yml

diff --git a/windows/security/identity-protection/TOC.yml b/windows/security/identity-protection/TOC.yml
deleted file mode 100644
index 5e4680879e..0000000000
--- a/windows/security/identity-protection/TOC.yml
+++ /dev/null
@@ -1,132 +0,0 @@
-- name: Identity and access management
-  href: index.md
-  items: 
-    - name: Technical support policy for lost or forgotten passwords
-      href: password-support-policy.md
-    - name: Access Control Overview
-      href: access-control/access-control.md
-      items: 
-        - name: Dynamic Access Control Overview
-          href: access-control/dynamic-access-control.md
-        - name: Security identifiers
-          href: access-control/security-identifiers.md
-        - name: Security Principals
-          href: access-control/security-principals.md
-        - name: Local Accounts
-          href: access-control/local-accounts.md
-        - name: Active Directory Accounts
-          href: access-control/active-directory-accounts.md
-        - name: Microsoft Accounts
-          href: access-control/microsoft-accounts.md
-        - name: Service Accounts
-          href: access-control/service-accounts.md
-        - name: Active Directory Security Groups
-          href: access-control/active-directory-security-groups.md
-        - name: Special Identities
-          href: access-control/special-identities.md
-        - name: User Account Control
-          href: user-account-control\user-account-control-overview.md
-          items: 
-            - name: How User Account Control works
-              href: user-account-control\how-user-account-control-works.md
-            - name: User Account Control security policy settings
-              href: user-account-control\user-account-control-security-policy-settings.md
-            - name: User Account Control Group Policy and registry key settings
-              href: user-account-control\user-account-control-group-policy-and-registry-key-settings.md
-    - name: Windows Hello for Business
-      href: hello-for-business/index.yml
-    - name: Protect derived domain credentials with Credential Guard
-      href: credential-guard/credential-guard.md
-      items: 
-        - name: How Credential Guard works
-          href: credential-guard/credential-guard-how-it-works.md
-        - name: Credential Guard Requirements
-          href: credential-guard/credential-guard-requirements.md
-        - name: Manage Credential Guard
-          href: credential-guard/credential-guard-manage.md
-        - name: Hardware readiness tool
-          href: credential-guard/dg-readiness-tool.md
-        - name: Credential Guard protection limits
-          href: credential-guard/credential-guard-protection-limits.md
-        - name: Considerations when using Credential Guard
-          href: credential-guard/credential-guard-considerations.md
-        - name: "Credential Guard: Additional mitigations"
-          href: credential-guard/additional-mitigations.md
-        - name: "Credential Guard: Known issues"
-          href: credential-guard/credential-guard-known-issues.md
-    - name: Protect Remote Desktop credentials with Remote Credential Guard
-      href: remote-credential-guard.md
-    - name: Smart Cards
-      href: smart-cards/smart-card-windows-smart-card-technical-reference.md
-      items: 
-        - name: How Smart Card Sign-in Works in Windows
-          href: smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md
-          items: 
-            - name: Smart Card Architecture
-              href: smart-cards/smart-card-architecture.md
-            - name: Certificate Requirements and Enumeration
-              href: smart-cards/smart-card-certificate-requirements-and-enumeration.md
-            - name: Smart Card and Remote Desktop Services
-              href: smart-cards/smart-card-and-remote-desktop-services.md
-            - name: Smart Cards for Windows Service
-              href: smart-cards/smart-card-smart-cards-for-windows-service.md
-            - name: Certificate Propagation Service
-              href: smart-cards/smart-card-certificate-propagation-service.md
-            - name: Smart Card Removal Policy Service
-              href: smart-cards/smart-card-removal-policy-service.md
-        - name: Smart Card Tools and Settings
-          href: smart-cards/smart-card-tools-and-settings.md
-          items: 
-            - name: Smart Cards Debugging Information
-              href: smart-cards/smart-card-debugging-information.md
-            - name: Smart Card Group Policy and Registry Settings
-              href: smart-cards/smart-card-group-policy-and-registry-settings.md
-            - name: Smart Card Events
-              href: smart-cards/smart-card-events.md
-        - name: Virtual Smart Cards
-          href: virtual-smart-cards\virtual-smart-card-overview.md
-          items: 
-            - name: Understanding and Evaluating Virtual Smart Cards
-              href: virtual-smart-cards\virtual-smart-card-understanding-and-evaluating.md
-              items: 
-                - name: "Get Started with Virtual Smart Cards: Walkthrough Guide"
-                  href: virtual-smart-cards\virtual-smart-card-get-started.md
-                - name: Use Virtual Smart Cards
-                  href: virtual-smart-cards\virtual-smart-card-use-virtual-smart-cards.md
-                - name: Deploy Virtual Smart Cards
-                  href: virtual-smart-cards\virtual-smart-card-deploy-virtual-smart-cards.md
-                - name: Evaluate Virtual Smart Card Security
-                  href: virtual-smart-cards\virtual-smart-card-evaluate-security.md
-            - name: Tpmvscmgr
-              href: virtual-smart-cards\virtual-smart-card-tpmvscmgr.md
-    - name: Enterprise Certificate Pinning
-      href: enterprise-certificate-pinning.md
-    - name: Windows 10 credential theft mitigation guide abstract
-      href: windows-credential-theft-mitigation-guide-abstract.md
-    - name: Configure S/MIME for Windows 10
-      href: configure-s-mime.md
-    - name: VPN technical guide
-      href: vpn\vpn-guide.md
-      items: 
-        - name: VPN connection types
-          href: vpn\vpn-connection-type.md
-        - name: VPN routing decisions
-          href: vpn\vpn-routing.md
-        - name: VPN authentication options
-          href: vpn\vpn-authentication.md
-        - name: VPN and conditional access
-          href: vpn\vpn-conditional-access.md
-        - name: VPN name resolution
-          href: vpn\vpn-name-resolution.md
-        - name: VPN auto-triggered profile options
-          href: vpn\vpn-auto-trigger-profile.md
-        - name: VPN security features
-          href: vpn\vpn-security-features.md
-        - name: VPN profile options
-          href: vpn\vpn-profile-options.md
-        - name: How to configure Diffie Hellman protocol over IKEv2 VPN connections
-          href: vpn\how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
-        - name: How to use single sign-on (SSO) over VPN and Wi-Fi connections
-          href: vpn\how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
-        - name: Optimizing Office 365 traffic with the Windows 10 VPN client
-          href: vpn\vpn-office-365-optimization.md

From 5ee4bf7891b3ddd8162fd6fb4f8fbd5d0ad49926 Mon Sep 17 00:00:00 2001
From: Alekhya Jupudi <v-aljupudi@microsoft.com>
Date: Fri, 20 Aug 2021 13:49:21 +0530
Subject: [PATCH 026/671] Windows 11 Inclusion

I've included and updated the files under  (windows-docs-pr\windows\configuration\cortana-at-work) with Windows 11 wherever necessary.
---
 .../cortana-at-work/cortana-at-work-crm.md       |  2 +-
 .../cortana-at-work/cortana-at-work-overview.md  | 13 ++++++++-----
 .../cortana-at-work-policy-settings.md           | 16 ++++++++--------
 .../cortana-at-work/cortana-at-work-powerbi.md   | 10 +++++-----
 .../cortana-at-work-scenario-2.md                |  2 +-
 .../cortana-at-work-scenario-3.md                |  2 +-
 .../cortana-at-work-scenario-4.md                |  2 +-
 .../cortana-at-work-scenario-5.md                |  2 +-
 .../cortana-at-work-scenario-6.md                |  2 +-
 .../cortana-at-work-scenario-7.md                |  2 +-
 .../cortana-at-work-voice-commands.md            |  2 +-
 .../set-up-and-test-cortana-in-windows-10.md     |  2 +-
 .../cortana-at-work/test-scenario-4.md           |  2 +-
 .../cortana-at-work/test-scenario-5.md           |  2 +-
 14 files changed, 32 insertions(+), 29 deletions(-)

diff --git a/windows/configuration/cortana-at-work/cortana-at-work-crm.md b/windows/configuration/cortana-at-work/cortana-at-work-crm.md
index e8a0cdee55..45deb89f54 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-crm.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-crm.md
@@ -1,5 +1,5 @@
 ---
-title: Set up and test Cortana with Microsoft Dynamics CRM (Preview feature) in your organization (Windows 10)
+title: Set up and test Cortana with Microsoft Dynamics CRM (Preview feature) in your organization (Windows)
 description: How to set up Cortana to give salespeople insights on important CRM activities, including sales leads, accounts, and opportunities.
 ms.prod: w10
 ms.mktglfcycl: manage
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-overview.md b/windows/configuration/cortana-at-work/cortana-at-work-overview.md
index 5d25f337c9..140f54edf4 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-overview.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-overview.md
@@ -1,5 +1,5 @@
 ---
-title: Configure Cortana in Windows 10
+title: Configure Cortana in Windows 10 and Windows 11
 ms.reviewer: 
 manager: dansimp
 description: Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and enterprise environments.
@@ -11,11 +11,11 @@ ms.localizationpriority: medium
 ms.author: greglin
 ---
 
-# Configure Cortana in Windows 10
+# Configure Cortana in Windows 10 and Windows 11
 
 ## Who is Cortana?
 
-Cortana is a personal productivity assistant in Microsoft 365, helping your users achieve more with less effort and focus on what matters. The Cortana app in Windows 10 helps users quickly get information across Microsoft 365, using typed or spoken queries to connect with people, check calendars, set reminders, add tasks, and more.
+Cortana is a personal productivity assistant in Microsoft 365, helping your users achieve more with less effort and focus on what matters. The Cortana app in Windows 10 and Windows 11 helps users quickly get information across Microsoft 365, using typed or spoken queries to connect with people, check calendars, set reminders, add tasks, and more.
 
 :::image type="content" source="../screenshot1.png" alt-text="Screenshot: Cortana home page example":::
 
@@ -38,6 +38,9 @@ Cortana requires a PC running Windows 10, version 1703 or later, as well as the
 |Azure Active Directory (Azure AD)    | While all employees signing into Cortana need an Azure AD account, an Azure AD premium tenant isn't required.        |
 |Additional policies (Group Policy and Mobile Device Management (MDM))     |There is a rich set of policies that can be used to manage various aspects of Cortana. Most of these policies will limit the abilities of Cortana but won't turn Cortana off. For example, if you turn **Speech** off, your employees won't be able to use the wake word ("Cortana") for hands-free activation or voice commands to easily ask for help.  |
 
+>[!NOTE]
+>For Windows 11, Cortana is no longer pinned to the taskbar by default. You can still pin the Cortana app to the taskbar as you would any other app. In addition, the keyboard shortcut that launched Cortana (Win+C) no longer opens Cortana.
+
 ## Signing in using Azure AD
 
 Your organization must have an Azure AD tenant and your employees&#39; devices must all be Azure AD-joined for the best Cortana experience. (Users may also sign into Cortana with a Microsoft account, but will not be able to use their enterprise email or calendar.) For info about what an Azure AD tenant is, how to get your devices joined, and other Azure AD maintenance info, see [Azure Active Directory documentation.](/azure/active-directory/)
@@ -46,9 +49,9 @@ Your organization must have an Azure AD tenant and your employees&#39; devices m
 
 Cortana's approach to integration with Microsoft 365 has changed with Windows 10, version 2004 and later.
 
-### Cortana in Windows 10, version 2004 and later
+### Cortana in Windows 10, version 2004 and later, or Windows 11
 
-Cortana enterprise services that can be accessed using Azure AD through Cortana in Windows 10, version 2004 and later, meet the same enterprise-level privacy, security, and compliance promises as reflected in the [Online Services Terms (OST)](https://www.microsoft.com/en-us/licensing/product-licensing/products). To learn more, see [Cortana in Microsoft 365](/microsoft-365/admin/misc/cortana-integration?view=o365-worldwide#what-data-is-processed-by-cortana-in-office-365).
+Cortana enterprise services that can be accessed using Azure AD through Cortana in Windows 10, version 2004 and later, or Windows 11, meet the same enterprise-level privacy, security, and compliance promises as reflected in the [Online Services Terms (OST)](https://www.microsoft.com/en-us/licensing/product-licensing/products). To learn more, see [Cortana in Microsoft 365](/microsoft-365/admin/misc/cortana-integration?view=o365-worldwide#what-data-is-processed-by-cortana-in-office-365).
 
 #### How does Microsoft store, retain, process, and use Customer Data in Cortana?
 
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md b/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
index 2d82042faa..a43fafd84b 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
@@ -1,5 +1,5 @@
 ---
-title: Configure Cortana with Group Policy and MDM settings (Windows 10)
+title: Configure Cortana with Group Policy and MDM settings (Windows)
 description: The list of Group Policy and mobile device management (MDM) policy settings that apply to Cortana at work.
 ms.prod: w10
 ms.mktglfcycl: manage
@@ -25,10 +25,10 @@ manager: dansimp
 > Cortana won’t work if this setting is turned off (disabled). However, on Windows 10, version 1809 and below, employees can still perform local searches even with Cortana turned off.         |
 |Computer Configuration\Administrative Templates\Windows Components\Search\AllowCortanaAboveLock     |AboveLock/AllowCortanaAboveLock         |Specifies whether an employee can interact with Cortana using voice commands when the system is locked. <br>
 > [!NOTE]
-> Cortana in Windows 10, versions 2004 and later do not currently support Above Lock.         |
+> Cortana in Windows 10, versions 2004 and later, or Windows 11 do not currently support Above Lock.         |
 |Computer Configuration\Administrative Templates\Windows Components\App Privacy\LetAppsActivateWithVoice     |[Privacy/LetAppsActivateWithVoice](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsactivatewithvoice)         |Specifies whether apps (such as Cortana or other voice assistants) can activate using a wake word (e.g. “Hey Cortana”). <br>
 > [!NOTE]
-> This setting only applies to Windows 10 versions 2004 and later. To disable wake word activation on Windows 10 versions 1909 and earlier, you will need to disable voice commands using Privacy/AllowInputPersonalization.        |
+> This setting only applies to Windows 10 versions 2004 and later, or Windows 11. To disable wake word activation on Windows 10 versions 1909 and earlier, you will need to disable voice commands using Privacy/AllowInputPersonalization.        |
 |Computer Configuration\Administrative Templates\Windows Components\App Privacy\LetAppsAccessMicrophone     |[Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmicrophone-forcedenytheseapps)         |  Use this to disable Cortana’s access to the microphone. To do so, specify Cortana’s Package Family Name: Microsoft.549981C3F5F10_8wekyb3d8bbwe <br>
 Users will still be able to type queries to Cortana.      |
 |Computer Configuration\Administrative Templates\Control Panel\Regional and Language Options\Allow users to enable online speech recognition services     |Privacy/AllowInputPersonalization         |Specifies whether an employee can use voice commands with Cortana in your organization. <br>
@@ -38,15 +38,15 @@ Users will still be able to type queries to Cortana.      |
 **In Windows 10, version 1607 and later** <br>
 Cortana still works if this setting is turned off (disabled). <br>
 **In Windows 10, version 2004 and later** <br>
-Cortana still works if this setting is turned off (disabled). Cortana in Windows 10, versions 2004 and later do not currently use the Location service.       |
+Cortana still works if this setting is turned off (disabled). Cortana in Windows 10, versions 2004 and later, or Windows 11 do not currently use the Location service.       |
 |None     |Accounts/AllowMicrosoftAccountConnection         |Specifies whether to allow employees to sign in using a Microsoft account (MSA) from Windows apps. <br>
 Disable this setting if you only want to allow users to sign in with their Azure AD account.         |
 |Computer Configuration\Administrative Templates\Windows Components\Search\Allow search and Cortana to use location     |Search/AllowSearchToUseLocation         |Specifies whether Cortana can use your current location during searches and for location reminders. <br>
-**In Windows 10, version 2004 and later** <br> Cortana still works if this setting is turned off (disabled). Cortana in Windows 10, versions 2004 and later, do not currently use the Location service.         |
+**In Windows 10, version 2004 and later** <br> Cortana still works if this setting is turned off (disabled). Cortana in Windows 10, versions 2004 and later, or Windows 11, do not currently use the Location service.         |
 |Computer Configuration\Administrative Templates\Windows Components\Search\Don't search the web or display web results     |Search/DoNotUseWebResults         |Specifies whether search can perform queries on the web and if the web results are displayed in search. <br>
-**In Windows 10 Pro edition** <br> This setting can’t be managed.
-**In Windows 10 Enterprise edition** <br> Cortana won't work if this setting is turned off (disabled).
-**In Windows 10, version 2004 and later** <br> This setting no longer affects Cortana.         |
+**In Windows 10 Pro edition** <br> This setting can’t be managed.<br>
+**In Windows 10 Enterprise edition** <br> Cortana won't work if this setting is turned off (disabled).<br>
+**In Windows 10, version 2004 and later** <br> This setting no longer affects Cortana. <br>       |
 |Computer Configuration\Administrative Templates\Windows Components\Search\Set the SafeSearch setting for Search     |Search/SafeSearchPermissions         |Specifies what level of safe search (filtering adult content) is required. <br>
 > [!NOTE]
 > This setting only applies to Windows 10 Mobile. Other versions of Windows should use Don't search the web or display web results.        |
\ No newline at end of file
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-powerbi.md b/windows/configuration/cortana-at-work/cortana-at-work-powerbi.md
index 65919eb8e8..1ddfd0c705 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-powerbi.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-powerbi.md
@@ -1,5 +1,5 @@
 ---
-title: Set up and test Cortana for Power BI in your organization (Windows 10)
+title: Set up and test Cortana for Power BI in your organization (Windows)
 description: How to integrate Cortana with Power BI to help your employees get answers directly from your key business data.
 ms.prod: w10
 ms.mktglfcycl: manage
@@ -25,7 +25,7 @@ Integration between Cortana and Power BI shows how Cortana can work with custom
 ## Before you begin
 To use this walkthrough, you’ll need:
 
-- **Windows 10**. You’ll need to be running at least Windows 10, version 1703.
+- **Windows 10 or Windows 11**. You’ll need your PC to be running at least Windows 10, version 1703 or later, or Windows 11.
 
 - **Cortana**. You need to have Cortana turned on and be logged into your account.
 
@@ -79,7 +79,7 @@ Before you can start this testing scenario, you must first set up your test envi
     ![Cortana at work, showing where to find the dataset options](../images/cortana-powerbi-retail-analysis-dataset.png)
 
     >[!NOTE]
-    >It can take up to 30 minutes for a new dataset to appear for Power BI and Cortana. Logging in and out of Windows 10, or otherwise restarting Cortana, causes the new content to appear immediately.<p>If you enable a dataset for Cortana, and that dataset is part of a content pack you own, you’ll need to re-publish for your colleagues to also use it with Cortana.
+    >It can take up to 30 minutes for a new dataset to appear for Power BI and Cortana. Logging in and out of Windows, or otherwise restarting Cortana, causes the new content to appear immediately.<p>If you enable a dataset for Cortana, and that dataset is part of a content pack you own, you’ll need to re-publish for your colleagues to also use it with Cortana.
 
 ## Create a custom Answer Page for Cortana
 You must create special reports, known as _Answer Pages_, to display the most commonly asked answers in Cortana. For example, if you want Cortana to quickly show sales data to your employees, you can create a 2016 sales data Answer Page that shows sales data, with various pivots, in Cortana.
@@ -87,7 +87,7 @@ You must create special reports, known as _Answer Pages_, to display the most co
 After you’ve finished creating your Answer Page, you can continue to the included testing scenarios.
 
 >[!NOTE]
->It can take up to 30 minutes for a custom Answer Page to appear for Power BI and Cortana. Logging in and out of Windows 10, or otherwise restarting Cortana, causes the new content to appear immediately.
+>It can take up to 30 minutes for a custom Answer Page to appear for Power BI and Cortana. Logging in and out of Windows, or otherwise restarting Cortana, causes the new content to appear immediately.
 
 **To create a custom sales data Answer Page for Cortana**
 1. In Power BI, click **My Workspace**, click **Create**, and then click **Report**.
@@ -116,7 +116,7 @@ After you’ve finished creating your Answer Page, you can continue to the inclu
     
 6. Click **File**, click **Save as**, and save the report as _Sales data 2016_. 
 
-    Because this is part of the Retail Analysis Sample, it will automatically be included as part of the dataset you included for Cortana. However, you will still need to log in and out of Windows 10, or otherwise restart Cortana, before the new content appears.
+    Because this is part of the Retail Analysis Sample, it will automatically be included as part of the dataset you included for Cortana. However, you will still need to log in and out of Windows, or otherwise restart Cortana, before the new content appears.
 
 ## Test Scenario: Use Cortana to show info from Power BI in your organization
 Now that you’ve set up your device, you can use Cortana to show your info from within Power BI.
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
index 33ac963a8e..dab5bf883a 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
@@ -1,5 +1,5 @@
 ---
-title: Perform a quick search with Cortana at work (Windows 10)
+title: Perform a quick search with Cortana at work (Windows)
 description: A test scenario about how to perform a quick search with Cortana at work.
 ms.prod: w10
 ms.mktglfcycl: manage
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md
index b3c72fad56..23981c8033 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md
@@ -1,5 +1,5 @@
 ---
-title: Set a reminder for a location with Cortana at work (Windows 10)
+title: Set a reminder for a location with Cortana at work (Windows)
 description: A test scenario about how to set a location-based reminder using Cortana at work.
 ms.prod: w10
 ms.mktglfcycl: manage
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md
index f5377cf7c3..b5784100ce 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md
@@ -1,5 +1,5 @@
 ---
-title: Use Cortana at work to find your upcoming meetings (Windows 10)
+title: Use Cortana at work to find your upcoming meetings (Windows)
 description: A test scenario about how to use Cortana at work to find your upcoming meetings.
 ms.prod: w10
 ms.mktglfcycl: manage
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
index a434e14f90..a2cefc5ce3 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
@@ -1,5 +1,5 @@
 ---
-title: Use Cortana to send email to a co-worker (Windows 10)
+title: Use Cortana to send email to a co-worker (Windows)
 description: A test scenario about how to use Cortana at work to send email to a co-worker.
 ms.prod: w10
 ms.mktglfcycl: manage
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
index 9abb865b58..003caaecc7 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
@@ -1,5 +1,5 @@
 ---
-title: Review a reminder suggested by Cortana (Windows 10)
+title: Review a reminder suggested by Cortana (Windows)
 description: A test scenario about how to use Cortana with the Suggested reminders feature.
 ms.prod: w10
 ms.mktglfcycl: manage
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md
index 5b6970f37b..b69ff5bdc1 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md
@@ -1,5 +1,5 @@
 ---
-title: Help protect data with Cortana and WIP (Windows 10)
+title: Help protect data with Cortana and WIP (Windows)
 description: An optional test scenario about how to use Cortana at work with Windows Information Protection (WIP).
 ms.prod: w10
 ms.mktglfcycl: manage
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md b/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md
index 478aeb7938..89d7c3aa0b 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md
@@ -1,5 +1,5 @@
 ---
-title: Set up and test custom voice commands in Cortana for your organization (Windows 10)
+title: Set up and test custom voice commands in Cortana for your organization (Windows)
 description: How to create voice commands that use Cortana to perform voice-enabled actions in your line-of-business (LOB) Universal Windows Platform (UWP) apps.
 ms.prod: w10
 ms.mktglfcycl: manage
diff --git a/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md b/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md
index addf307b70..06ff6a75f4 100644
--- a/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md
+++ b/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md
@@ -15,7 +15,7 @@ ms.author: greglin
 
 ## Before you begin
 
-- If your enterprise had previously disabled Cortana for your employees using the **Computer Configuration\Administrative Templates\Windows Components\Search\Allow Cortana** Group Policy or the **Experience\AllowCortana** MDM setting but want to enable it now that Cortana is part of Microsoft 365, you will need to re-enable it at least for Windows 10, version 2004 and later.
+- If your enterprise had previously disabled Cortana for your employees using the **Computer Configuration\Administrative Templates\Windows Components\Search\Allow Cortana** Group Policy or the **Experience\AllowCortana** MDM setting but want to enable it now that Cortana is part of Microsoft 365, you will need to re-enable it at least for Windows 10, version 2004 and later, or Windows 11.
 - **Cortana is regularly updated through the Microsoft Store.** Beginning with Windows 10, version 2004, Cortana is an appx preinstalled with Windows and is regularly updated through the Microsoft Store. To receive the latest updates to Cortana, you will need to [enable updates through the Microsoft Store](../stop-employees-from-using-microsoft-store.md).
 
 ## Set up and configure the Bing Answers feature
diff --git a/windows/configuration/cortana-at-work/test-scenario-4.md b/windows/configuration/cortana-at-work/test-scenario-4.md
index b15cd265db..74ca02298f 100644
--- a/windows/configuration/cortana-at-work/test-scenario-4.md
+++ b/windows/configuration/cortana-at-work/test-scenario-4.md
@@ -1,5 +1,5 @@
 ---
-title: Use Cortana at work to find your upcoming meetings (Windows 10)
+title: Use Cortana at work to find your upcoming meetings (Windows)
 description: A test scenario about how to use Cortana at work to find your upcoming meetings.
 ms.prod: w10
 ms.mktglfcycl: manage
diff --git a/windows/configuration/cortana-at-work/test-scenario-5.md b/windows/configuration/cortana-at-work/test-scenario-5.md
index 3dabe7811b..e798d2260a 100644
--- a/windows/configuration/cortana-at-work/test-scenario-5.md
+++ b/windows/configuration/cortana-at-work/test-scenario-5.md
@@ -1,5 +1,5 @@
 ---
-title: Use Cortana to send email to a co-worker (Windows 10)
+title: Use Cortana to send email to a co-worker (Windows)
 description: A test scenario about how to use Cortana at work to send email to a co-worker.
 ms.prod: w10
 ms.mktglfcycl: manage

From f8d10fdcd5a4c3984b0ef6e46029d83089ab9828 Mon Sep 17 00:00:00 2001
From: v-dihans <v-dihans@microsoft.com>
Date: Fri, 20 Aug 2021 10:09:27 -0600
Subject: [PATCH 027/671] dh-word-choice

---
 .../demonstrate-deployment-on-vm.md           | 24 +++++++++----------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
index f41d64d23e..3f1ace4736 100644
--- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
+++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
@@ -2,7 +2,7 @@
 title: Demonstrate Autopilot deployment
 ms.reviewer:
 manager: laurawi
-description: In this article, find step-by-step instructions on how to set-up a Virtual Machine with a Windows Autopilot deployment.
+description: In this article, find step-by-step instructions on how to set up a Virtual Machine with a Windows Autopilot deployment.
 keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune, upgrade
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -27,7 +27,7 @@ ms.custom:
 
 To get started with Windows Autopilot, you should try it out with a virtual machine (VM) or you can use a physical device that will be wiped and then have a fresh install of Windows 10.
 
-In this topic you'll learn how to set-up a Windows Autopilot deployment for a VM using Hyper-V.
+In this topic, you'll learn how to set up a Windows Autopilot deployment for a VM using Hyper-V.
 
 > [!NOTE]
 > Although there are [multiple platforms](/mem/autopilot/add-devices#registering-devices) available to enable Autopilot, this lab primarily uses Intune.
@@ -248,7 +248,7 @@ Ensure the VM booted from the installation ISO, select **Next** then select **In
 
    ![Windows setup example 6](images/winsetup6.png)
 
-After the VM restarts, during OOBE, it's fine to select **Set up for personal use** or **Domain join instead** and then choose an offline account on the **Sign in** screen.  This will offer the fastest way to the desktop. For example:
+After the VM restarts, during OOBE, it's fine to select **Set up for personal use** or **Domain join instead** and then choose an offline account on the **Sign in** screen.  This offers the fastest way to the desktop. For example:
 
    ![Windows setup example 7](images/winsetup7.png)
 
@@ -363,7 +363,7 @@ For this lab, you need an AAD Premium subscription.  You can tell if you have a
 
 If the configuration blade shown above does not appear, it's likely that you don't have a **Premium** subscription.  Auto-enrollment is a feature only available in AAD Premium.
 
-To convert your Intune trial account to a free Premium trial account, navigate to **Azure Active Directory** > **Licenses** > **All products** > **Try / Buy** and select **Free trial** for Azure AD Premium, or EMS E5.
+To convert your Intune trial account to a free Premium trial account, go to **Azure Active Directory** > **Licenses** > **All products** > **Try / Buy** and select **Free trial** for Azure AD Premium, or EMS E5.
 
 ![License conversion option](images/aad-lic1.png)
 
@@ -374,7 +374,7 @@ If you already have company branding configured in Azure Active Directory, you c
 > [!IMPORTANT]
 > Make sure to sign-in with a Global Administrator account.
 
-Navigate to [Company branding in Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/LoginTenantBranding), select **Configure** and configure any type of company branding you'd like to see during the OOBE.
+Go to [Company branding in Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/LoginTenantBranding), select **Configure**, and then configure any type of company branding you'd like to see during the OOBE.
 
 ![Configure company branding](images/branding.png)
 
@@ -478,7 +478,7 @@ The Autopilot deployment profile wizard will ask for a device group, so we must
 
 #### Create the deployment profile
 
-To create a Windows Autopilot profile, scroll back to the left hand pane and select **Devices**, then under **Enroll devices | Windows enrollment** select **Deployment Profiles**.
+To create a Windows Autopilot profile, scroll back to the left-side pane and select **Devices**, then under **Enroll devices | Windows enrollment** select **Deployment Profiles**.
 
 > [!div class="mx-imgBorder"]
 > ![Deployment profiles](images/dp.png)
@@ -612,7 +612,7 @@ To use the device (or VM) for other purposes after completion of this lab, you w
 
 ### Delete (deregister) Autopilot device
 
-You need to delete (or retire, or factory reset) the device from Intune before deregistering the device from Autopilot. To delete the device from Intune (not Azure Active Directory), log into the MEM admin center, then navigate to **Intune > Devices > All Devices**.  Select the device you want to delete, then select the **Delete** button along the top menu.
+You need to delete (or retire, or factory reset) the device from Intune before deregistering the device from Autopilot. To delete the device from Intune (not Azure Active Directory), log into the MEM admin center, then go to **Intune > Devices > All Devices**.  Select the device you want to delete, then select the **Delete** button along the top menu.
 
 > [!div class="mx-imgBorder"]
 > ![Delete device step 1](images/delete-device1.png)
@@ -633,7 +633,7 @@ At this point, your device has been unenrolled from Intune and also deregistered
 
 Once the device no longer appears, you're free to reuse it for other purposes.
 
-If you also (optionally) want to remove your device from AAD, navigate to **Azure Active Directory > Devices > All Devices**, select your device, and then select the **Delete** button:
+If you also (optionally) want to remove your device from AAD, go to **Azure Active Directory > Devices > All Devices**, select your device, and then select the **Delete** button:
 
 ## Appendix A: Verify support for Hyper-V
 
@@ -703,7 +703,7 @@ After the tool finishes running, you should have an .intunewin file in the Outpu
 
 Log into the Azure portal and select **Intune**.
 
-Navigate to **Intune > Clients apps > Apps**, and then click the **Add** button to create a new app package.
+Go to **Intune > Clients apps > Apps**, and then click the **Add** button to create a new app package.
 
 ![Add app step 1](images/app02.png)
 
@@ -732,7 +732,7 @@ Uninstall:  msiexec /x "{F188A506-C3C6-4411-BE3A-DA5BF1EA6737}" /q
 
 ![Add app step 5](images/app06.png)
 
-Simply using an install command like "notepad++.exe /S" will not actually install Notepad++; it will only launch the app.  To actually install the program, we need to use the .msi file instead.  Notepad++ doesn't actually have an .msi version of their program, but we got an .msi version from a [third party provider](https://www.hass.de/content/notepad-msi-package-enterprise-deployment-available).
+Simply using an install command like "notepad++.exe /S" will not actually install Notepad++; it will only launch the app.  To actually install the program, we need to use the .msi file instead.  Notepad++ doesn't actually have a .msi version of their program, but we got a .msi version from a [third party provider](https://www.hass.de/content/notepad-msi-package-enterprise-deployment-available).
 
 Select **OK** to save your input and activate the **Requirements** blade.
 
@@ -818,7 +818,7 @@ For more information on adding apps to Intune, see [Intune Standalone - Win32 ap
 
 Log into the Azure portal and select **Intune**.
 
-Navigate to **Intune > Clients apps > Apps**, and then select the **Add** button to create a new app package.
+Go to **Intune > Clients apps > Apps**, and then select the **Add** button to create a new app package.
 
 ![Create app step 1](images/app17.png)
 
@@ -826,7 +826,7 @@ Under **App Type**, select **Office 365 Suite > Windows 10**:
 
 ![Create app step 2](images/app18.png)
 
-Under the **Configure App Suite** pane, select the Office apps you want to install.  For the purposes of this labe we have only selected Excel:
+Under the **Configure App Suite** pane, select the Office apps you want to install.  For the purposes of this lab we have only selected Excel:
 
 > [!div class="mx-imgBorder"]
 > ![Create app step 3](images/app19.png)

From 75db81999f8d478c61fc1040c0e89f86f0b557a4 Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Fri, 20 Aug 2021 12:39:57 -0700
Subject: [PATCH 028/671] wds info

---
 windows/deployment/TOC.yml                    |  18 ++-
 .../deployment/planning/features-lifecycle.md |  16 ++-
 .../windows-11-deprecated-features.md         |  29 +++++
 .../planning/windows-11-removed-features.md   |  30 +++++
 windows/deployment/wds-boot-support.md        | 111 ++++++++++++++++++
 5 files changed, 194 insertions(+), 10 deletions(-)
 create mode 100644 windows/deployment/planning/windows-11-deprecated-features.md
 create mode 100644 windows/deployment/planning/windows-11-removed-features.md
 create mode 100644 windows/deployment/wds-boot-support.md

diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml
index 048a630323..ac5cfe9aac 100644
--- a/windows/deployment/TOC.yml
+++ b/windows/deployment/TOC.yml
@@ -62,12 +62,20 @@
           href: volume-activation/plan-for-volume-activation-client.md
         - name: Features removed or planned for replacement
           items:
-            - name: Windows 10 features lifecycle
+            - name: Windows client features lifecycle
               href: planning/features-lifecycle.md
             - name: Features we're no longer developing
-              href: planning/windows-10-deprecated-features.md
+              items:
+                - name: Windows 10 deprecated features
+                  href: planning/windows-10-deprecated-features.md
+                - name: Windows 11 deprecated features
+                  href: planning/windows-11-deprecated-features.md
             - name: Features we removed
-              href: planning/windows-10-removed-features.md         
+              items:
+                - name: Windows 10 features removed
+                  href: planning/windows-10-removed-features.md
+                - name: Windows 11 features removed
+                  href: planning/windows-11-removed-features.md         
 
     - name: Prepare
       items: 
@@ -287,8 +295,10 @@
           href: windows-10-pro-in-s-mode.md
         - name: Windows 10 deployment tools
           items:
-            - name: Windows 10 deployment scenarios and tools
+            - name: Windows client deployment scenarios and tools
               items:
+                - name: Windows Deployment Services (WDS) image deployment
+                  href: wds-boot-support.md
                 - name: Convert MBR partition to GPT
                   href: mbr-to-gpt.md
                 - name: Configure a PXE server to load Windows PE
diff --git a/windows/deployment/planning/features-lifecycle.md b/windows/deployment/planning/features-lifecycle.md
index 333be6284a..50c8adb217 100644
--- a/windows/deployment/planning/features-lifecycle.md
+++ b/windows/deployment/planning/features-lifecycle.md
@@ -1,5 +1,5 @@
 ---
-title: Windows 10 features lifecycle
+title: Windows client features lifecycle
 description: Learn about the lifecycle of Windows 10 features, as well as features that are no longer developed, removed features, and terminology assigned to a feature.
 ms.prod: w10
 ms.mktglfcycl: plan
@@ -14,21 +14,25 @@ ms.custom: seo-marvel-apr2020
 ---
 # Windows 10 features lifecycle
 
-- Applies to: Windows 10
+Applies to: 
+- Windows 10
+- Windows 11
 
-Each release of Windows 10 contains many new and improved features. Occasionally we also remove features and functionality, usually because there is a better option.
+Each release of Windows 10 and Windows 11 contains many new and improved features. Occasionally we also remove features and functionality, usually because there is a better option.
 
 ## Features no longer being developed
 
 The following topic lists features that are no longer being developed. These features might be removed in a future release.
 
-[Windows 10 features we're no longer developing](windows-10-deprecated-features.md)
+[Windows 10 features we're no longer developing](windows-10-deprecated-features.md)<br>
+[Windows 11 features we're no longer developing](windows-11-deprecated-features.md)
 
 ## Features removed
 
-The following topic has details about features that have been removed from Windows 10.
+The following topic has details about features that have been removed from Windows 10 or Windows 11. This includes features that are present in Windows 10, but are removed in Windows 11.
 
-[Windows 10 features we removed](windows-10-removed-features.md)
+[Windows 10 features we removed](windows-10-removed-features.md)<br>
+[Windows 11 features we removed](windows-11-removed-features.md)
 
 ## Terminology
 
diff --git a/windows/deployment/planning/windows-11-deprecated-features.md b/windows/deployment/planning/windows-11-deprecated-features.md
new file mode 100644
index 0000000000..ab1098d47a
--- /dev/null
+++ b/windows/deployment/planning/windows-11-deprecated-features.md
@@ -0,0 +1,29 @@
+---
+title: Windows 11 features we’re no longer developing
+description: Review the list of features that are no longer being developed in Windows 11
+ms.prod: w11
+ms.mktglfcycl: plan
+ms.localizationpriority: medium
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.author: greglin
+manager: laurawi
+ms.topic: article
+---
+# Windows 10 features we’re no longer developing
+
+> Applies to: Windows 11
+
+Each version of Windows 10 adds new features and functionality; occasionally we also remove features and functionality, often because we've added a better option. Below are the details about the features and functionalities that are no longer being developed in Windows 10. For information about features that have been removed, see [Features we removed](windows-10-removed-features.md).
+
+The features described below are no longer being actively developed, and might be removed in a future update. Some features have been replaced with other features or functionality and some are now available from other sources.
+
+**The following list is subject to change and might not include every affected feature or functionality.**
+
+> [!NOTE] 
+> If you have feedback about the proposed replacement of any of these features, you can use the [Feedback Hub app](https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app). 
+
+|Feature    |  Details and mitigation  | Announced in version |
+| ----------- | --------------------- | ---- |
+| Internet Explorer (IE) 11 | The IE11 desktop application will end support for certain operating systems starting June 15, 2022. For more information, see [Internet Explorer 11](/lifecycle/products/internet-explorer-11). | 21H1 |
\ No newline at end of file
diff --git a/windows/deployment/planning/windows-11-removed-features.md b/windows/deployment/planning/windows-11-removed-features.md
new file mode 100644
index 0000000000..34cd47b43c
--- /dev/null
+++ b/windows/deployment/planning/windows-11-removed-features.md
@@ -0,0 +1,30 @@
+---
+title: Windows 11 - Features that have been removed
+description: In this article, learn about the features and functionality that has been removed or replaced in Windows 10.
+ms.prod: w11
+ms.mktglfcycl: plan
+ms.localizationpriority: medium
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.author: greglin
+manager: laurawi
+ms.topic: article
+ms.custom: seo-marvel-apr2020
+---
+
+# Features and functionality removed in Windows 11
+
+> Applies to: Windows 11
+
+Windows 11 adds new features and functionality; however some features are removed. Below is a summary of features and functionalities that are present in earlier versions of Windows 10/11, but are removed in the specified versions of Windows 11. **The list below is subject to change and might not include every affected feature or functionality.** 
+
+> [!NOTE]
+> Join the [Windows Insider program](https://insider.windows.com) to get early access to new Windows 11 builds and test these changes yourself.
+
+The following features and functionalities have been removed from the installed product image for Windows 11. Applications or code that depend on these features won't function in the release when it was removed, or in later releases.
+
+|Feature    |  Details and mitigation  | Removed in version |
+| ----------- | --------------------- | ------ |
+| WDS image deployment | End to end WDS deployment workflows that use boot.wim from installation media are affected. For more information, see [WDS boot image support](wds-boot-support.md) | Windows 11 |
+
diff --git a/windows/deployment/wds-boot-support.md b/windows/deployment/wds-boot-support.md
new file mode 100644
index 0000000000..644071fbfa
--- /dev/null
+++ b/windows/deployment/wds-boot-support.md
@@ -0,0 +1,111 @@
+---
+title: Windows Deployment Services (WDS) boot.wim support
+description: This article provides details on the support capabilities of WDS for end to end operating system deployment.
+ms.prod: w11
+ms.mktglfcycl: plan
+ms.localizationpriority: medium
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.author: greglin
+manager: laurawi
+ms.topic: article
+ms.custom: seo-marvel-apr2020
+---
+
+# Windows Deployment Services (WDS) boot.wim support
+
+Applies to: 
+- Windows 10 
+- Windows 11
+
+The operating system deployment functionality of [Windows Deployment Services](/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831764(v=ws.11)) (WDS) is being partically deprecated. Starting with Windows 11, workflows that rely on boot.wim from installation media and/or on running Setup.exe in WDS mode will no longer be supported.
+
+When you PXE-boot from a WDS server that uses the **boot.wim** file from installation media as its boot image, Windows Setup automatically launches in WDS mode. This workflow is deprecated for Windows 11 and newer boot images. The following message will be displayed in this scenario:
+
+![WDS deprecation notice](images/wds-deprecation.png)
+
+## Deployment scenarios impacted
+
+See the following table for a summary of the impacted deployment scenarios.
+
+
+<br>
+<table border="0" cellpadding="1">
+    <tr>
+        <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+        <td>&nbsp;</td>
+        <th>Windows 10</th>
+        <th>Windows Server 2016</th>
+        <th>Windows Server 2019</th>
+        <th>Windows Server 2022</th>
+        <th>Windows Windows 11</th>
+    </tr>
+    <tr>
+        <th rowspan="6" nowrap="nowrap">Boot image version</th>
+    </tr>
+    <tr>
+        <td>Windows 10</td>
+        <td>Supported, using a boot image from matching or newer version.</td>
+        <td>Supported, using a boot image from Windows 10, version 1607 or later.</td>
+        <td>Supported, using a boot image from Windows 10, version 1809 or later.</td>
+        <td>Not supported.</td>
+        <td>Not supported.</td>
+    </tr>
+    <tr>
+        <td>Windows Server 2016</td>
+        <td>Supported, using a boot image from Windows 10, version 1607 or later.</td>
+        <td>Supported.</td>
+        <td>Not supported.</td>
+        <td>Not supported.</td>
+        <td>Not supported.</td>
+    </tr>
+    <tr>
+        <td>Windows Server 2019</td>
+        <td>Supported, using a boot image from Windows 10, version 1809 or later.</td>
+        <td>Supported.</td>
+        <td>Supported.</td>
+        <td>Not supported.</td>
+        <td>Not supported.</td>
+    </tr>
+    <tr>
+        <td>Windows Server 2022</td>
+        <td>Deprecated, with a warning message.</td>
+        <td>Deprecated, with a warning message.</td>
+        <td>Deprecated, with a warning message.</td>
+        <td>Deprecated, with a warning message.</td>
+        <td>Not supported.</td>
+    </tr>
+    <tr>
+        <td>Windows 11</td>
+        <td>Not supported, blocked.</td>
+        <td>Not supported, blocked.</td>
+        <td>Not supported, blocked.</td>
+        <td>Not supported, blocked.</td>
+        <td>Not supported, blocked.</td>
+    </tr>
+   </table>
+
+## What is not impacted
+
+WDS PXE boot is not affected by this change. You can still use WDS to PXE boot devices with a custom boot images, but you will no longer be able to use boot.wim as the boot image and run Windows Setup in WDS mode.
+
+You can still run Windows Setup from a network share. Workflows that leverage a custom boot.wim, such as MDT or Configuration Manager are also not affected by this change.
+
+## Reason for the change
+
+Alternatives to WDS, such as Configuration Manager and MDT provide a better, more flexible, and feature-rich experince for deploying Windows images. 
+
+## Summary
+
+- Windows 11 workflows that rely on boot.wim from installation media will be blocked. You cannot perform an end to end deployment of Windows 11 using only WDS.
+- Windows 10, Windows Server 2019, and previous operating system versions are not affected by this change.
+- Windows Server 2022 workflows that rely on boot.wim from installation media will show a non-blocking deprecation notice that can be dismissed, but the workflow is not blocked.
+- Windows Server workflows after Windows Server 2022 that rely on boot.wim from installation media will be blocked.
+
+If you currently use WDS with boot.wim from installation media for end-to-end operating system deployment, and your OS version is not supported, deprecated, or blocked, you can use other deployment tools, such as Microsoft Deployment Toolkit (MDT), Configuration Manager, or a non-Microsoft solution with a custom boot.wim image. 
+
+## Also see
+
+[Create a custom Windows PE boot image with Configuration Manager](deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md)<br>
+[Prepare for deployment with MDT](deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md)
\ No newline at end of file

From fee1a223340b6bbb231df6ff58b2c76028640a89 Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Fri, 20 Aug 2021 13:05:53 -0700
Subject: [PATCH 029/671] draft

---
 windows/deployment/TOC.yml                      |   2 +-
 windows/deployment/images/wds-deprecation.png   | Bin 0 -> 66966 bytes
 .../planning/windows-11-deprecated-features.md  |   7 ++++---
 .../planning/windows-11-removed-features.md     |   6 +++---
 4 files changed, 8 insertions(+), 7 deletions(-)
 create mode 100644 windows/deployment/images/wds-deprecation.png

diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml
index b62f364080..1923bd541b 100644
--- a/windows/deployment/TOC.yml
+++ b/windows/deployment/TOC.yml
@@ -297,7 +297,7 @@
           items:
             - name: Windows client deployment scenarios and tools
               items:
-                - name: Windows Deployment Services (WDS) image deployment
+                - name: WWindows Deployment Services (WDS) boot.wim support
                   href: wds-boot-support.md
                 - name: Convert MBR partition to GPT
                   href: mbr-to-gpt.md
diff --git a/windows/deployment/images/wds-deprecation.png b/windows/deployment/images/wds-deprecation.png
new file mode 100644
index 0000000000000000000000000000000000000000..2c6b02022ef5de54fedd422e3846fc1cb5f09447
GIT binary patch
literal 66966
zcmdqI1#DbhuqNol%*<@J*@@j|rZ%*hF=lqmF*7q`%#5*PcFfGo%*^bVVe<cZGoyWa
zvs!6Kn$?!nr*F5qOLglMey47jf}8|00s#U91O&1qSX2oD;v*6S#D`Egm_Ofql5f=h
z^Y+0(NkRmoVw~vc&j%<oVOe1ai0T-`7X#=&pW*Gmnhp>UI8^_<K1eD7E+HV^3nfK`
zRa|vX+hBdQRbTnNizcil&WrAK!6G8?xlnLzE_8Wh6cqGoR(gc=;Uy|Z?6;HT<mAX;
zvZUK}k0n`-m66-jckcT!0Az*f?_%1Q3(52Ldz;tQC+_?9=krGKyB40;!b<J%1UYVk
zzQPZ#UhoBRzKC=Lok{zo6no!hvL?oN{GL0^Xm*<$=Hv#QY{&jt$}(e5*3<r3)Og7k
z+SvbDemaX(czihv)V`lT{j>a9hHpCmx%6kTuE+eg_NDgEvhwvGHm3iB*Z-1@<$uBJ
zf6eB<66s%Q{xh4UtIwIf>hh&f&bAwVXM`M^fr|N)O6stvXF6;o&^h))hx5cCG{gbC
zXa0h*u=32PV@FuWM(CYqBAq87+P)Q0q*CL^H2xvSk9K_`;KDU<qY}8;Vp=l)WKD(+
zYgA(RtZ$l~5RLY;c#JS4(CbNr?`D(N?)6B$vVf`al&$equ@h5l89N^j$qEiqmdBbU
zQQX(3?dM*d)BjN5e-`=ws>T1T!2jyb|Icm4P;_7?w)kYWh%l|M>PYft{=Mn;@(2@X
z?p)_`CITEljsp1j83;p>B10~Og60gFw8i{O?X>VGsSdA;gr*z!kK-TJUJGi=fXQNI
z2}h*8u9Iu>{cn^*v>3Bj@GL=CGvAS}G%$31;GhflTwTWb0AQhZyEXMHH)Ue#j#i|K
zM^=}j5gu5yum$pz0}vm6;R{N79QZR3W1X-&_6{tL_%B8H5Nd+~ly+1`hs)JO3^=0$
zFD_=AY0{s?=kADA9_SuQBKYkR7!{fl*x<U13B=w!Pb1lO+StpcD&&1cDJ-n?YN3gj
zU4)eRBAqj((UIJy>MS6m&z4~MC5h7V#sEkb{V6Q!=rHy$4J#3Lj6vJcIzWdhj0gOI
zAiY+C6_?q33q7=~?6(K?hUQj-#y0z2+VTjBFuZ~p-9}Ng>4MJ|Q?UK})8E9y4ZlWF
zI%KzbPk%nS&#tevf48)6Fg4qG+lXjk=Ow&<*IoU&wAA>1zil&i&Wi6spz8uRWQ-;(
zFK}nG67l0_(&0uE=l0wf9DwgqtTc1ybK{OpqY+Zkb0FfCE5YwDK(g(6^cGD<v_nNJ
z!d|Aw_S&PgUH6gM&URU)sBjh3$ib+@L7o!UqlggTgF2rH65hIXB;t@ALTL)Dn_J;x
z-OrDH{w%lnY(!&QfF0Uk%hw<L7B0+@#`Ge|!t>kLJxSNBkXYf+TZToqX%uJClb^b}
ztE>K{hkKz5DmHE=A^LNP0e_KlU1n72buZlSS?(-p&KDwZ@DECo`3Y<8#9R9SU0nG{
z%vYQT1nH_;y5KOx<n2Hv?Pz7DMm)k_7eX60YgPOCZYg%}dO&wOL8Rj)=qxZ^JD#Kz
z{aHDS!T>J=l6&^17~l+K@SP;3+74c1&0}+vp`ts>%LxvExV7B)RehP*JeLa?!dws#
zNelN4m*C7ORGHq)7PMSw20NU0UaL;N@P8Zh{-@9WKM8vO(`Wxv?EIf>{;L4`|K9aO
ze$AZtpeEJFG%p0m1wm`DAAm+vnLiwm@FF;^aO9?VcFT9?$i{6WTA==}U5PTLh}549
z(#Rk|;5Ag1Mq*;p4KK54f-cT<L`Y_OgWIurC5}Fs!lrz72JtQXI@ZCHxA}mJGt@Dj
zMm&_z0bm>?gTr~m+J$n7sm?C0_mPF1Z+ehnFm7G_s=ShTX_9z#-J5<4nW*Yg&)9Xg
ztioG{qe*Hwo{<WbbTR_SEmK~1Pm=#X35)mk>VZ!j{wUCH8h39<GT!b){Ydzs!|V(S
zqGyEQ2xf(!mQKQfexqIT>7IH51Yf2@4;lvM0|{3?e$c*KyV$;@jP7qoPQQF=yC<vs
z%GA8)78^QCF@Y<=q9$>SPN@neqpK167$?($F6)kF|E##|ftGx>9-%ux6f$D_1aqg>
z&`F5gRd2CZQOCPDsK13|Fz5gmz|sS!<Blz?ULYdli*zU$B_qrNgk3sdG=G<5f+Y))
z*ZO68k9y_u@ug+^uiHLA<z-}ev|3;Uqa}}dqAF**f22Xi_Z^;NP&l?HH-`(jNrD37
z6&POg2>|j{p2bWShnrsK3sBWx9u5xKT)9jqGGp>XNP>-3p><zI&S*<2Mebu!{ag`0
zW^t8Dd<?rCfCn)iiAON_`jfm?<<%hY#}EdLbX>`*sLgesN-fqYdEg!6*9G|vYTZhS
zY*;8QG^Kv<I*yx10BMmrzZ46WIi@;}1=!Ef!`jAc1>3JL0oEjM*2VPWx-wZvj#PR1
ze>a7R6cV+ZsuO?apD~9#@H2DYWd#9saaXUUpA$Lq3cwk+QvK!Sv>fPkZPE7As*{k+
zDvDt&8LKk_Z+mmt2es?c+~Y9xdN)EHseE`TT!08AySu2t>@W#8CAmGZm{u<PNmcvH
zj^X~*G%jM&r}QTF$-cfunT$ZmYY42YyHqx$ntPv#|L+x2U2@N`hM!SevmllapsS4c
zTT-rWmATF?b4!-1V5o>zAXUx<+~>>S8px48KderBNS>lTR2MZtAFSH3Hlq;uNzRxV
zT+ia;bzO35dr(n${Mw#txe(R!fd~r2YNb2o50)nA7V3^8N3uVDFnvHjp2i$;xe!}0
ziXPb0dxoLEQ&o~sV6xU$jdO-3C@BIX71W6$mE3BJHytGf3e?V~qZ}|ya_p{Y2mPrm
z7bX8BtCuoVQ7-`ygr_9x3;b}BanVPi0_HHV0PBfd7qJ}0Wbfr@9mAmr;sxUMO`Oa;
z*%&j4I(kxv0HH<Ei=yk=qfGCFzXeOWavMM#UXREgM-<3IDgG>4^<gVn<YC5b@P2_T
zEr;>#8zB8;>poUNfsfc~57iYNb%4%PK*|1xfeR&{KzxJ-ona}hr(4u5o)Fu%-wJW@
z6?y-&zXDvC24$bV2^C$!z>+b6yes-3lPJgm+jE_31b|$*F>nbKu)JrqfD|(TrZ8(I
ze}(7lzPRrhshQ3t{ZVWVK(b{P(rh&kqn+3-0B8#&SAZ%GN3g2XcSHNSg7fNj<A36k
zH$-dwQ&Rtzb@l(T6k}aK6Uc`zn=A3G#F)VidC_{wI4*EUd%Dty0-Z4mQ&Q)7d%CxH
zmiqxdIQ8X;&zw59#40x{AH^cPe`*y&*uVhjB!u`o84>z+$L6c}fxifrYbg^(#-!4P
z#f85b9+E*07Vx;#OIGog(2Y$%qvm6#M0B_6f*11h-32IPxA!K~cI{i4G%Sat73&$>
z*OlE)a^yPBrYS2O8~29^ylO@|kxxycLr(FGk>-ri{@r}N>?=&a4J167Os!Kw!uzFW
z=jU@gLdKEOMY(Xq?Cm9b^ML?m*-KXhjR$XfXY|Yh#b)?@i7OgSF5MprF=~+h1(E{s
zp*)-zrEu|Gcptk^gjNwnCHYD+FtbD&6X2mVE+xnI+sc{yG38^|B>g-zr-tA(vk~J;
zz7MAzx#pMHMw4~q1U^c2T_9FNK|0d>HVkrWgI_*jRf{Lbm6YHCV^GEmDN)a-7`pqB
z-H100!s%EM0fUkE_bB5428Q78D*+0+B!;6NfZ<z<gWr>+CQ)&;(Ej9gRa?8z^-Muj
zqt~kLJoT)757S@m%9S!P?uMGH`Uxz{tM_ME)8ME}PH#lKPdC2!S%2Z&KFp66vIc!}
z!ov1uhI1i<qW?f9)N{o@bS0RS4J#NXVqky{FGg^7?SHsbNXe6gmB%L-Dsmj?JWH6#
z;~4mTE5Xy*UMUsfA?^;At8y=C0=_?c7_n=i0;*4^+3<@hHjm3im|p;lV#hBs;kMo7
z#%7AMYfgp2eo<sF!R@keC25IPfiX)uNhWKNDBha`*z(tjG+7!#&xA}!Db&q1LRF<Z
zlT>rE!TvRO3Y#r`vb9#&omipWLjPs`O+{C!M7F=<C}hl?rh+02r2B%hzi6-guX;=>
zsxvNLCK?0t&bOyb0FDmYH+$2p@O)}TTQy{a9RS{_B^R17BZ(;45h$0zzi}X<IR&xM
z&-ZGh_glOt3F!2?B(QL`M<yXC6JQWZwK;PPq7d2M1Z4nxk$PIq=*Jj9%Du8J%pYyy
z(J|76a^T{O;lmMldoJ?$WIa+vpg!1QOyT_e3?<22N60Z2tm40K+Qt)JQ?=-eS2==7
znHx$z*bkx>-j4SjxiHFbC*7xvlZii!C5l^YjAC@>24QsbSr!ThPEvaO)4fEz6R<_i
zg;xtO2{ocm@IR69-~`%@UUpsDDU~e15nXY+pFB{vu^a?WBn0DhmGW^*7NQi4PX%&)
z?e~$>Wv`?89nzenek5_kNDTZLR<7%3De{vUUXCcg)%_--%KQwbeB&3aUi%w$qRW|Z
zn~LrFC1E!NM)2%Agn>fQb{2EIZl*`3C|{-!MW@WK8-vwev&+SZn9Zu4=>9@nUH?K-
z#{T}Mva8<_?cu<lft+4te>)HobkO5sy(QtV^0KZikVHP{9`MU*Ex@JNrq4u=4}aZX
z+-hYtH2hNwI+#6&M=K^lo)?=Kvd{dhg?K)1m&iTk;PlmiMkwP_$wZWfEdP4;)#qq|
zBnzj>ufhmdRUDy3u`*|%xIrN!f?Q8E0AfWooqygoMV;vF57^KFNVtb#O+Nq@fWkr^
zvHOY|3pY9MN8Sf{{@*OWE>`_(KXaiTWV=vMd_o5IuEISbqRX<?<YCf|UIZ_v5yVSl
zlqztirRe$44&UZmL0OrbV*CFtQO6P(&J3jl;1Gm$Wf~h98KH^B-p)&i2m19+b^oF5
z4w&eLjK)W<5f`c*TBgyS@hHoyWe52HWkpwv3^*lNE)`*8VUKm!gE)J83`u@EjLmr|
z{@=;T?eJ~Qb}ihS%JNeQZu0_yvW%rFhm;nfpu1WrT$)rx@m&Vme#L?8$R2T$AdNIk
zwdS;;!*>FM&6hRCqhc;rXITD{-yC^GjnI0pW1N!)LNwYgdkdFSqfIGSqgXEw3>!U1
z5}E!OF2HRk^oLcg<9oxA<e#o*g_>Lzqeomvk#DYhb9AmRxo!`07ah^Ulv0=5h^$j8
znjsN#f(T<7V=hPQm}>|TiVKra@{-j{0lwx$=lxiSpP_s-(djvC`X;>ZSUvY(H@Xc%
z?t>Tlwq@%jLTexQlRv?^jl_iqp+%pG(K7k!=RnQXKX2u4k2BGWIs{^)k4S`cLl9Ux
z$72Dry-_8_5lPzb6%)U^NKAZq9o!|b?>_80)KCldSMVrE5Ds1o5Sk2<IM4Q-nZSz>
zfCQDlV2FO<1M8E1{LrRJ3-AleZLLFkKC#?FsYcP%*|K9bF@e<AIi5sKsve)=0^{9E
zbz`*${h>ae4+Q=*x`Gq{=ppmOr{19J_>ZR>ZI~+@<q{bQnr;-NWGrQf8M9w^^3>q@
z0MMpCeT{_yBG1cgZdly0a<ks9vfauVTxoc%avEnIm~oq=7BB)ph~MUwZ;<9N`9-<V
zJUc@_=b)b+vni1FrQtGJ@b7av(_`?=wx4eZE;mEu4X@|#?Z@sbLO4(RcSAP1gFq8q
zCN$cCj>;cP!BAPoSdY1U01OMP-S3-IA^rJvI%XMeZ?vs%Pi%}@8c{p)_`x$1yae~_
z&qU+I4hYew8|YC()Z>eYliJnUtiJ)j)YS8o7i<ofstNf%+0RORsWMoQ3yil}z3*&m
zJl?M~9HpZ%n0b;dS!_oX6C=MpnL{3PT8_jJQnWyll{HXN1x)!UFsX2!3(GpNHrHPS
zJB@IX?a>J-YLdG<I@T%zs>;3zdf$#bU*?m(VH6V!;<fzvs(@=DBw2+<sAdgfJMQo7
zGFfbQz_e+4)YX2kXWE)|c*-sP9QvYfmgpjv)1I3)Ayixwy;yHV7(OCh?LMQG=*$SZ
z5NKOkOxrZsVeSYN-$8@%LN`Rn{B5O``*+tMi9)_$5aol&<u;W}JG7;Z_?N%qP#WA7
zD?T@uKJ-Cw?Z{geb{-lXI6#Sa^8R#|J{w_@gbWjrV%P*Ad|pnkJbIAVgDx87g_m;|
zBVY*>ZWeyt5qX3TrI{%ywe%e+TPnd7h>ta<*tc?L>rkRAG9V)d(_pdhOwo9o4rEln
zPtf5c1thld>V!7`V7ogv7vlOj8w+=O#g^l!fs5sQ64=&aImOBb;e`N0-pU))?}e_S
zlzUQF7Qby6n7%_h%GB2{`$a)rFUCga+3>2Sp4L(?c;60h%^j(??&xBx2Jv%e?|0q)
zQ)q|DvI&TnH!~OgvnS*fHX{nt_6EHC7`y;~U)=kb-{g@#P8dJ#RdSn6N&B;Wc<xks
zFAoIyf}tJOdsm@JDRxhS`<vPJN8cd4U=xjw;_LD57qKFF_RUpJSN!Q_it<Z=!DiWB
z(1^H<q5~*<hfDbZOS@Vc3gMZ&WmoGhr19uQQ}q(+P$1#a^ftJi?DW9Gk@=k5cAPH_
z)?M9hU+6&WPq$1xkuErS-{cX4qYfjEW;XiDm^uP>VgyJ!-q$Xw^`{IOwQHafie<&_
z&)25%Jy36w!oJF9haC5N`j@I=)F-_&qu2cd3Ox+iS+cf<NC_kh6;MSgFq^l>&+Omg
zVY?<$$NRcDp-;7)maz6*LCI#^XWY$v>My&S4$8L=bW6I9Db_I+)Ioe57FFUY2z$d9
zkXp-m$ehVr10ehky&^{&mGC!+x5r5FooK~*ue3y{{ShnIvvU=@2B>mUhu*K$h~bvz
zG&s({PT_E&Q?p+3^Pi43kL;bAgezZdMD(~DsPdM^zB{!PnR|0*<2Ys&Hwl48kI2<~
zKd)Pfkv+MmAaUAi1VV1zdt6PmI_;~shKFCH#Z;r^tE833+C`vBkh*>B?_kS1Wh5nB
zP&a&QZ7L}(?P8VZ4;f*4j}PM<4^L$?pl)_13O>;D!sqllff>!HMk)+iQ_$25TWeuZ
z)a*L)rblG}t8o0>2qht2F`D_6X}9OnIU~;>jwsJN&iFdp=PRyu9Ao=N5KYL9HPHsd
zmlt?vp+K&8-481sdkeD3gwgM6E#$Jgv?JnlNAkXGBi-4>oXF9RN(@?J&$js}VEX|-
zhp-wP{&?aqLF)B!fYgH`nNc@-f4}O{S$*$RXhVbRUX$=|4T7U>YC<mSl@k?3-qD^m
z<L<j)<tks;M%3Xno)0_ZIN#`W`C-7WxhW$dWo9|G1aH;bXqC-fE{+UP=N9$02|ro+
zEX23(!i?Vllwrji<kYhQ?2K0$J(Z>>C~>IZysLKWC#$neW`>-8mGAMkDzEHKHm97Q
zU(h#Wi~Q~3LVn~zz8y}1o~Ja5YG6wd{Z;+rGeuM#4JeN#rltyHEQXE|k;TuO-)=x^
z_FOjgQ=0SkR3|WbUu!gzn=}CSj@%7R@=EvsJFw@Ix%x7Ek3^)gpV(xRGN+0<XI^_L
zN&pP9=rfAIp9Cc2_8cAh3!td36Qs*OvgH&s*>J$@cs7guSsu#71bVT$5S{(G8_(;7
zY<Bj1U^wZ^l<g#QhC_cT9)CHh_nl9J;c>a!<+rcd2XbVCPd}~0wp$uJp#`7j7plHZ
zd5&hiqf?ZZe_rFs^{5oda9HO~%tc%>Oks>QiFHhu7v34-(##=!gg%p5_iBegKturE
z6(ne)e0DsY9a0DYGj_uiitLjr@8-dySa4}T;`~GJ#09yPi>+)=Uu6+HmoYYx7FA}_
zkY-ZkccOBo`_0(|&3z^hRUPhh5jwT;H~gybT`-wuCV>d!$x!$Qnk<LX5sZotl^DVD
zBKYz_ttHL_RTI+Zvp*^C02EyB-6INGy8b%YD_ftDazO8I8j97J&)WvQrFdR$#xkQR
z906$#I2e+N$;mkdfIxL!Z*(2r28o#SJunpk&}bRzPl7@JkezIuHYw5_=Zn%@Leo`3
zJ|d-{$w`TJol{T;hlum3Gmq+|N`EV4vCW7R0dxk&k*YEofz@d7#1zP=&IrsWXnVpj
z?99n>-AXN`WjYJTlsk%{8aYs?AZz}881Xq%%6?0eCSIcv42P58%9cBMA+Eajnej_C
zOznQTgt8MALQ1ytUg6<V1FZj}ZidUc8y@=;Emi}Ah>V`otXfWPX`FE$KmDC`Pct%M
zweb)JTRmHBTt9k*c-3WoOqIcoGoxlR-eb@s?I#9S+mdg&>gZqDl7Sk3=;huZ(bbfq
z81gqtx8kiPo{LeP+~x!4@(j`;Y!7K;T4SBdSeP=<&D_kHiUe-Iw=&{aUEw$Cn{VR+
zuj=>A#_D)~z*C+9p0KqjgHx;Ud}tL%es}UMX^M>Xki-@eS>z~i@J*GQEM#-?Z3ySF
zus6LQ25HG)+u?jYq}ejib(P$eUs6{&G}v!Ojvrl&YFQM+Z(^s5u2|v2!E?3s3^mls
zBT(PY=X9e97c%%()Z*T-T%(Dkty%dfh9sO{HOck3i3ZFJCPTOe-d<7yj~CxG+F$rv
zZ%?sKS5!j?JM8g!oKVOF6JzQb?zd-I<%AY=Ey}-izz4t}4aAc3U+$;dZnndc2=kB(
zu&ZaqT;GZ9w?bvIUfrEk8m%_cR2!~wWH@xCa#^1O4;9p+7j%7)F{#@nMS!F|sHA~h
z@YB04x-=gK2jGq5IwSFwfhNZ*MM$u*qESRVSU09VzG=Z)tuIdzhpTObpIcs(9#WzO
z=Im3GbG;Dd80?or-(KXe{yF1`c-Iq=;<rSJoH8|8bi;wSlesHKV0mM`Ly6-$oCw@u
z_wvPu%eLbTp3i1OC~maSCehtH>v&8OO=dQyDb|y~m%vP^bt4s6RfySFkqDF;o+?#G
z<Gr5{0)53^?X$6}1m}`DLM`{Tbm~ooqHJjqO*LShMI>-NmH5GNQlZ&7>F=kd3L%=E
zW}-*;P7$r4`Y?w=$a)#^U%v_$P{0FjbV6fGb{n8J5#1)Y7tAvILODeh%hic(nmxcU
zw3d0?{)vJRKDtm_$pi&?nS-;Qo)uzzIO5*Auyu8=TgXM5h#a|8qs;IE9!4t5(4nFq
z?ZmnV5doVBy$TBoQNDtx0`d6;0@*U|XoJ!<Zv>hg!o%o7I@X`AZ*De!TYjfsqYaUB
zo;73FMZM|d$$PkL_5>(&PS`#I+b{RZn5}N(z(3->EJU@^(2VDfK7HrS%#o}?KV(f~
zOu!QUo2f6l%?+X_qHSi61~j>r)z3|LowE+hu|KR0>hOG7VC0N#xssLk60d~S8TFIv
zN3{rGL>i05CLOJ{=d;`6TOoQeHfBD5hn$oGW$^}z&`-*V5tkN#gme%<%gCY)t~9;#
zK~pO;#F+}wDyl^FE0$Z<SDnO8srUC!<81nJnzQ?&KxWRgp66JZ`py%S?z8Zl_T*!r
zu$Xk;(SjMRy=w^{qBMUfRoW<UbnKHV+@2XqwA27vv?^utSC(RhqG@Dvi?4q=<QRQs
zIWb+>243-Q<<O^Q>c#+7q*_vBCr0%K!YrW(hh0ZDBp)6bjLlq%dkPF2>Z>dALo-=(
z7b~*RZn9W7&Xfyt<wSNITOoU1Yp?~mq`6^ca2%Lpm{&4X?%=DTlX&U|PVB&>KvXdG
z@D3F$60@NFQ;ZmzajLnK@Sf%IGMhMi<mlYrjuByOSJ{R@$ArZh7MaG)v_4xZW5P7Z
zSKI~#WOpu0#I|G?F8y9}&f+d>;P^4hsIoEB>>w!+^RtI-DD0TuM*L)$Jhfa8`P)q;
zfK54h>e#>HDFcuU&Z*$GiEehJBA6=e4MM|qtTSaA28q#vvB|KI$<#Cv)pd|DoRSXL
z+OWvS=U1@ZC+k@y#Z;vDEwGBf!jZdOq?6H#K)QHe(OE0!*&z*g<h+cdTZSFZQqr*L
zc7-INWzUY|J1LIw@iBE69ssD;v%#n}ZEc{W(PF^vshZY0P34K?Ov$9_2unPvEPD4A
zm?x^$fj-P)GW_G4Y3i2FEiR>^{!^rKpajF`IJhtrlUuhoaPJP>LtE%EY@vqQ(<l{5
zL>yd`g*E{EDUm;j#H%^)%Y+<UP$Fc1F*fw@7H}`a!m5ZwOzN%8>8rsXx~lXem}*L+
z>$pj@yiFHu=8+$tTLgcf{&dgjSMcR_LQ{DBVMM#W4|qazve9^Q=PO%bfVU3zB6|1)
ze<LLlj+{Nt03QeCB~@BU=vX-xUhjllVijrR<1qblsKSiK94<iMlvsh1Z$5jft88VO
zQ<#d7B<1=(9)-8s#xIBO!D2RNAJ}8C!`XQW|J8VJBymO1*K`9R;q^8)V;D;X$JF`l
z4@!M>pum+#)MT+cY&4zQ=ACius}rrKj0a<}do)mz2aHEK(=>0f`ZuHF{1mPPM7|C2
zDbG!MhCfl2-4;O9N+}?Go>mFzKSt;!EJL?mjREUm|LL~DVgzWV8>o6L;dpDt*L(n+
z*5j1@yR(&aRt&7~p`mJ@jRSuj%I3$?fpD?`AAizq_yjY;g~U^GMrpgr@B~}!E_yMt
zD0}Qz6c+Ynm`$a%{*~aJ{_P~4q!6NTbFCFsf&$#sYUhzEko|jDi12k+!pz9Bo(vBu
z?EvnTK2rV;_!=E37d|T~&dh-5o=NsD)k81;PuYkV;e+f`+kI&vg231EBbNU}%LCzd
zChNl)E?5E$EU^{V(3xQF$B7@zJKy_k+DmZPLu@OK&K-2Byyb4bkuw;yt-Kn}<Y7DH
z|4$bf)c4N&#t=vzQLcnrM-VGTMW--aj&s;4)xZGXv0xH8u0jh3Gm48`ZHF0O4cA(i
zptr`!&XGpCGWj*=jxUt$a2*5YuT<|YFUSV5-uxxTnfKf8Hpc2Wfu~uJI?zp233R=Z
zWbt8G*(MT7`T{Pq)Dqd;(p@iaF3WC(xeM4&UDSQ{n`IHBOin{<|9EkCci!3HT;|eq
z3_6Tvky3Pk!v*c?`z)i*75&>O1JrVg{A)a$Ma%-;D>xzYTt`<B1B*K@UJ&(ls?mbB
z)}MidTpEY*FD(b327XDnI8}X8d4?WBK*0z;jrO6_rMoDXsC4EvUKJpYWsHU6>gX)g
zJNOoPPP~H#eZ#QXdi>J;KCOoI_r@lWMKMGP>coU5+o-pB);p^L<-Mum<P?Qze$V-b
z&}*i{80{;NgSiQzU$cWp(ENXihz=w<d+*Nty_ao0(0Q4sHTI+;wEMhpC;*;2kerxR
z0>4Gu8?dd?@lEE)Ni@-Kh+{Ql%?E+it!S{rT5rlu*O)eu3h6)02BEHb)6+ASrB_%2
z$9U_vJq4*e$)EWM^$byRKjUG@4yKKA=7NN$ufn1fCeci9j&K1W{5Lnxv`X2(S`ZMN
z{NcY8EJV4TqnuLDE-Wr+ma|hVcqb*IM*|fQM9XyI|MKE{gNdPaz99eQC<If0y|6s+
zJ++Qe^FQVcTyiQZP_VJF_v-^uq$39?CojlTsUS<ge3CF9_ygQg9y~mCQ7ngPxZX+#
z2<%b$oVBZ@HSezza(_E>{qM614MLtmf2IidbG?w3D)CU;jdFt4H313B#Hmx=;xy89
zKFeB~0I@uiil%$<U2Wc$X8nKSkipf3$ek5HM~t8*cAg!LidnGH3cKoG(+%pQ(TD3P
zZu9>8LxZcOZa?h5*7(OuI$)*o{=*7T;QzN?g78iaCjV{?&O02e8lEVD_Fbg;zt(~n
zp=RgH9Li8|rWEj3NHGTHz^>1X|5Ubr=!J4oHs(M68xr{6cNph?^CdabyEKi+$?OnT
zJbuF4iZbmO{ybZ$d`kIiu}NTz4wYy;br!Hyeq`M5Djs<SX9i~1^i^M~mG$U&c^+<0
zujZZKf%y)S3+-Oef7M~<-wk{y-|j@{DZbuO)+C-u8|uu36Hm)HK>GG-=9mX;x_h^v
zJWP}2^kDa?F&3s422Ju%^{i;yk7a}K$vs}7zO|XCHt(=6P+6jE+v@z5pOvAO#4MIH
zmYElLo`BzZd0kPdeRL2?XL}ti&>(3xebM?yS)O-)bZJie9`pX7k_=mC%3`Ms=Q4bT
zw<b+XNfh<c<VI<_lWVWcKUMH9cEib1H&-$%U}5&=Dqy2+qg+IXznsD#n|57{GAJx|
zoM)e)-&mrt1|-l;8nDWGN7+qunpa()!TS8uacr*7a-NHY%lq4f&db3#ki^L0GW(R}
z9j`N13jY<zfWO~G#vnhx^ax78p8m(Hw^<QEcqk~3?~t)5)5dI;EIbEfN-E9pM)4};
zlJtv-5isu=KvpyQ8lPo_k4A6(x>C#1J0o~&yh~GhV~fhEsUE|l+dHkMyY^y_GDZ~u
zB-0>&a{P;pfDB_5zdRbv{qK1{Wmp`XA}J-*?oQh%3FF55w_gL}y!vT72V&7bg9zTl
zRgB`0vl;$Ed1mPEg^GM-%{A2Og~Y8ycEkP?(G%rLw|M!_0VDg?&);RQHY@?(d5wtv
zB*Vm_o9}@%2SZIHNZBnEvFxN06&C^OG@|o+`it@e<kB3GauZr4mw=V>yzjtvEn$u%
z9|(0h?Ft{P?|%~p4_mlTc&z`>k2>uH=!<%yi?C~{ovG{A<YU$m<j<u_pHe-d?9<C)
z`X`=!=FP=Ah0lMJE=jJL(D`B28QN9I37gItMW>DOF|bSMqVD}RKCi85M9YD{765Os
zyvYo%&eqx$aKR;~nm(Gw_y%Z`Ml-^iI7Vi%&We)=q>5S&M%_Zx;P}YP6`6+m>lplt
zd6n-d6ZO^Zl9g$H%MOYZ{}xB)N`YS!>y^z^v-vP3wt~xtM8CtX{$sc9Ae;5&prjhB
zGWvR!{r)Y%*(M%Gr~cQLc;o_JCA_XA5v{VbhuB@3Vrl^lTSk+Ic^ys94UijUy~R<M
zTit8{f|C4JeP2J!#E|1cM5YT3#n1javCX9d)?^_9VTi%OPPJR~d!OGkk|eKwMq*|p
zT?XHDiYgRr)6`&y(e6M~!@u&LZg()BIn097YPS>J-aoPLq&R9FFT~KwrhMfXxAbSd
z#=5`+K*N6vGtMx;l0igm4c8ki*u&XVwPBgHuVE#;-NP|TyZ*jJ5*tnPNM!IM5u`qV
zNpno`Q8L)!R2xY@`OPg`rZ+Ndpqtu{ZB1ziPBt<aKF#$gajv*kQuIq~xPqeeffUa0
z*5ClcJ53&Zuq=Ml4!W2Sr_QciNk%+fTfd$E5J$3pE1MKRvRXJk*9*>KcvA{UK71&5
zlVvc|sy^t-=nr<t59><w;*+vP@1<a58zzu15jd0)rFGDDGbE?c^o38u8=>v9r2pcp
z#Z9J}V-8lD2h7M76Vn^jWI+yD{~O(x`in*JYJQ9Zl^CBQH}<xPQdoDPoMLY?sLRF~
zLeM~gU`$cGRyZ1N&Uu+M)-MeqH&3)lI`Mv33gPR_u;VHG<K^7=#fH*~OAcR2^RK06
zK1p)K8K<zl7MJd6Yr!xhByE*48pVZDLKuandyI`0#zu*YmQ%@?aYm7n3=>-$w5sGF
zZ10mc^>s&2%f!ykF3jdNc?<IC4xjE33CbCg?ftA|t=j^k7j@t?E8?&k$xl@d`)wIT
zN<j6}>K7dq$<!2c{v;E{WMnPES50lgZ=fSgCZx1WmB&wI0>bO+V8pszHnuS)u-)LW
z_ay-gl(guIs;!@GF#H>9lRM2~7Az}X<SF7r*{Cu0gfr|JqV3q^Ji=(EH-pnzXy5IX
z&xf<6{vL<j1j^e72}>#V`z6LDD#U9kGy~<%8r*v1Ml)KVD&;f-8;VAI61k;?*WgL(
zjRTuGi1PiDqw_GFAGuiXf=U;UW502-w43tS?O#MI*o$x7QE~Iy_zCKrKz;(?$<`SG
zbiK%hP2{`LA}ovKsE7uQGz60vlbH5^1)Z1$N+xNa6zN5ln_dCfSlYW(M^yIkii%IA
zGWZ`PqasB6N%L}A&({^BNZ&4TUCoZ!mSIy!Os?aZ8}nzkWN%4>SF&^XMj=fkbC(_@
z3(ae?wZicgmZS}&#T7&Nu~jwdOesf1E3M22YQV8FqK9TH^HOY_f%t+W%7BpQT^Uaf
z=>8H<xZrTGg2*tlr<>R%>`k@#&^ONm*arQTah?4$aen}aTPcNh$LaAS926oNH7GQp
z1dys;DLBaJ5u4|^B+n@(BT7W{jh6BYY%<^9^s@Ch-eA+DnvUdT9;2v`;r7c?J=k}n
z5||xp`aO>2K|R>ptl#Z&7_T(7F7jto#83gEpD$t*vi+*p0#_^000r9(YK6n5Kcndc
zXuFPqbUK5X$&01rrYM=Jj+t?#MAX131bs3OmByXhZRV-<XB^VPy-k>&&#Sv+sWN0-
znBJ|@o>fmxA-CD$0+ktMIG@U`<9al;(ezl7vI4fNm25AUMMYzLx$PD+ALGvWm1Qhh
z0|61Y!VphTDjeh}pU;iapJNa(S#1Qn%vwo8$|pd&=QNec>V#vW%>Yp+ubf(JK5c_K
z1hEHKa$3(rW-?Ke$2fd{Vk<jv@AF{!aI?HMNC~TKgH2s!DUVI!vrU!wJt@aB<}-lT
zTe*TH`@5!{GgCooMaX^2{oGbhleD5-)60jUad$I(6e2!6DypC&ZO7;U36t16e2Rh>
zk2Zk^S|31v&F`bRI5kq4+e9W4H3m<am~9>rlSmTco60)ke~P3CdBSQ9Bqt{)qWgMC
z`LEy|Zq=a2XVM<wzAYgwE^E^~Z=cS^6!lZbal|KdgyhX*hVj0&juv>-mq#2v&-+hy
z#fFVLS;f_rzs5_5WUqC)_<CC($4Ova1Prr8dRIRHN<Eb`eiy&Eg-*M4r%SYuVPq(d
z2%u!A8qjzN7nDNicxV5@CX=fENZ!oqM{5!XcFz<hw!tzY+ZC41U^xiE!~NuM$Pk&`
z_x<uoaW18sKc+QkE}bI+M5dzVOIYzv0TaW8F}56ggb4J?91+?<xk?RBWuaLWGnf1J
z>pU+~hFM&Y;?t)@nmB!ejI9&ofbUwVLpfEANN2n*1EWhL%r0A|`Q<~vNvvoVQgSH7
za9W}faO!nDEiJ;nWCRjWHy!U{Kir+~^%(2aIy^UM{ps!`>|)iG*!}k*lC_ya28F^8
z;1#l0PwqPj2JBLh|FYB(naI+%`y@T&iHZlMu?+vo4-<exk`71WzZu&MJ$oAgq-FrF
zHvb~DJnGt}A{x#kb@qF!ypZ<OjbZPgaK>X%9O?CTBc}LPz50fbu01yl%AwzJ5#Zd%
zisJn7#37|gA9J|*x9|Z9xhIz`C3Sl(#21&@t*rswPRN+nNE?0+L;d@^5`)!=j#~k>
zipt&-%#EIi9U6mCNg6{vS;+GyTfQvMebv_cE~Q(1W~jYFVQfg8ip8LfRcAq6cWVUd
ziIfmw5R9RZ4uatO7^SOqcZ=&?QUkO8A+sy!!|*lVK9fd3J>i|fNHk2M^KoEEe_KV8
z&+Yj#{@Cn~2|i9lm(^G1^>;hEq*r<(;8(72FYnPW?a-LTOkK^gs*MS~<}ZY`Q*B>3
zZ_jkY9TV#$7|<wa7;E>+oGDVihxi4+>L1rZbKO0}(ZahcY7+J@*SAcTxu7~;DEX)L
zbM-5qKa;w_Ohjcz>Uf+mABT2nv{^HqH=f{^FEtV~%%A0G0{{S^yx<Ma)9(wvX@9gI
zgcPo)R||IU0rH!33p7R(?bI2}$IO2Y@$h|Gjfk>5&SlHjRKol~Pq_uYfQY#=HF6TM
z=<a73uXGo=C7uP<iR;J8I`Y5%g6Lx#)P)AqcJqFZ2?K4K(N9|*IU8OpJkHoK6QMa@
z<P<;iyyP&STfi6?M+uA9!ew@l>kB)gW+QIoK;Q*)H=uJbBXnQ`-MB}HOTK*;*08P{
zi5WxaTS)q;zb&RUa6JHK>zF}aykWcz__nlk$lgdO#f!C_T5M+U6zO9Bd(LbtekNMX
zI)d<Cfa?QgG|3+~;16Ma#b{-H1rZ7E+c9c1V!LcSvwUtoMDpCq!`!@S0EM6wnwv)(
zTuyG)5k~p@v$V3gaU|U_-(IZ3mvPSR1lC3mu;UUL3||Ftn&rOxj^izt5x!j(H&of|
z$h|xyGuS;0_EdkHLt*^VfjdCT4w25Oy15>rD;DxO^D@A4qVsJTOV|4d6p6pnN&!Ae
zf*1j>K+c!1MDb&{TxQzpglUp~9;o22$MaJ0QDLX9wi2U?CRoSL^%q%v>x@`zH9+*f
zezjyiZp;T7o%1k$X@EY6<o=l3N>RS18pWjR0+bWXBXw3`GaRmqvAdR}-1_}!cVfM>
zdHr;CM#$7P*#pxfKd(ITknQo?OZ%;_*1oUMs5-6Ja;`awYk#oo5?HzK1PX_W#jPEh
zuEW=<wH8NN;`p~yz3PYrwZ}8}G#lO9`cup-bJb@$&rl6P)Qx6+GgB+WoF%8D7uA}v
zOlhTvL+K`lGZkqbjc?`<eG;J>WIBvC8M!x@%0s?%N4R|J{!~)26h^#aS!H0tzWlt6
z=WR@y@g8Jkr*UD^xc#DdsIiDn`f17L4&q@|H^XZl$aN8jjyGA!tM+Nh*Tk}{s)H(e
zX@tW-&xoJne9^Dal4CQ|Wq*4%p?|x^A*OTFyUp%*p%HVA1YI=g68_nWN7ZIPpO6t=
zgu1PSlLG=}i;I}9fdCK6*O)9FX~k`4awb7v5&Ctnmh@`pM*?lPv!KJd4%}#Rzoxs0
z1H-Lj`tprT5q$VLg8=ufVFr2TZ(gs%hzg17;m9p_smM{wIHl^86iA_kThT?6z}>!u
z4tEZLmrF=SvM{?xf5v%~!Fyc8=R2uU&01(q?-K%~;}y(&nEU=d_3Q{}2AAAi0ddV6
zG)7vXY;yjo+Vaq=C$t-!?w#KTQ`_|=))4Kt^&`MWAJRyEXTZ4N4iv^uszuGUP-G7m
zqoM0RV0LN$Fm}3Pb;nRFRBcJD6a~&y+ycITEP1HKcU(IBzo3%9%mZr7w$dwG>c|HW
zKoW0zi1t=9H;3uNs_8+S_dHJ!n8oUaV@72`H5YUs!WKdq+Iw$w@+&i?!;YWc`K-IN
z*in2yiPQhw)A4u}zruH++(Ka>&!bqWKaPX-wp9V{Y#DoI9-U$pteO#RaI^d=rNxn$
zfZzvkKd=X^;JH|z|Dgxgh2^XK#qavr3P@C44@({rpBLG3jb9%bzW?Nqnmln)_B+Ou
z^ZL2DOC`CNN;WgKrBLrt_Q>hqgL2~Q6)Ek(JS_cU3TfiiCYK7%F?u$HdX2{eATq+L
z6Ge?hiK8+wHGj1hKcMfW1O{3F-N8&5Zp(OlZ;M|RmC4=r#3_<R9E>pi-5w9u8Za>}
zIkqAqUM{Px(vJzzt<8nJy#<cbGr~g$w&C`0YhH8~8@&moRvstYMj<m7$!d!Dkv*K%
z^SNtqE!8UqJRBA}FC2Cft3xO^7p7L_!eBlMBtsXn@d8;3{N6LC1<e0Na0Jqs1GhST
zE9~DkkTFa1`68$K_WUPyfFndhf#c$_@iOEDmO0zgoJcl-e8RiR&2A3+1_$F~Dvc&^
zL56sX9Z2u@2_sjRwiR7^?-x=pr<TPA;CJVepNK~9?WPV{0f}WSbsayFSq~E*8E52!
z=%6cDQK&)}_Jl8NbS^{m^dew=uCZUPJihNp=(R!ROWcwRgAHzq+KTLMyZjyX#Z0hC
zyv>Qm1x^4jSHCWHnr*d1{QW5kz!-U1Z15j7!<=z3NIJeBS*T@-8(5%I#6fY`ln6_9
zaz8Yg`e28NVD$wF1m+t^B`{l<@AXLt+TfmnOOS$cGNaQJM!mBmf*-fqI0$vU_ENzE
zJ+3EFF6h^NbReiRsqi?f$Uk#OTGYw5$Mpt2P&O<z*Vjr=B7NY7x*SkD1up(|x3oMt
z{quDV%jrf7sjMsyeZ-@FlSQpb$h9F6=ds4><4)z)+s3Nz#>-_{;~Sz`9<$(tXYRH$
z!#huhpObrznC8Ega@MAK<2#-x*0=b<SeVR9ya+LFkGWhy6}DT7zC>_cPSFn%k2@8E
z`wIHjr$3MD-F0HEUKUyc>m+E1So27gK7DvOx|cT?IB!d-HHFnpzm5xA4uME!TJh!F
z$cPE&_W<r?CY4lJbe2%MQwjyGuWF3obIla!p(kPv+=@wiL6Z>Pll)RS?b9C5+DH@l
zUJYTE#Z81sBiFl4wNh<%pevKkLb}p$A%35=r}8Gds9jB3DeDQlGG7UjHbMy6^L8zD
zVrZ}$cuV798^8pMf0>-dkXShH<JvCqb3H%0D$(a@ak=Q)l}wOS^T(T=dla2L2`4Q4
znTNnRq_C7eA))b^kxA|_3MIOZjcoYVsd9nKgdDZ~F>0jRajWG)f1Y=rbx43;8dzZF
z(Rw|4v)JZ^%3-|}Vqx1JLJ8vnk{HHkq!n%~f>}|!5V3YZgqJ6p^SF;S7yC1bKv{q2
zZ<g%?`|NVsHN0mDG#b{<a2c0Oxmo9n^zZ;WpI7v*u;Ok7m{_9cX+N2EOMg7%*ku~7
znM(_xU;Y=2x(R&WRL4LlKdSDQlr`(V&Qrz_!%8&eOWI{zFhfCFuC|87@veiq7}N51
zDH;`b;EKwA*|p?KlM*C?kqYO-6R=|5_vRw4Y`?;pulN$u-qx&t=)1mH^$j=gu@DTc
zoWk}dX7#0okaOJ?UYuwhdP@U=x8YRup5zQz;^P9qQxA!DI~1&9SkL4jPN3<CD2z}y
zuzT0VTP=o#K|Siybdun6eaB1@@XFGx5Io7)iPgjEbYN-?D^y7ifVnp!D&#r}B&Qug
z?Ic9n9#f~utuSRm;k7~w6Q&AAJqjYxSut9?>{_gE`N-7zz)~ddO$@@nE92A&5b3~`
zontSF5uYrR_o+j4M@OcqGC5EqlKVDW=m4wymFHP0gjrSnjHXFyE0i)M;kf#C(6iZ@
z7U%&Li)3_~lCPkJ(H$p&(wB9%ay6SDqklE6iU<5gThVbxgn`N#E`6=AvKUC0V46dQ
zC33Oerl?tsDS><uQ9&GGKdabt+2!HD{8ort?cVnliO`*^KN3GQI<v*_dPVu_?u)Xd
zr?b&4P$CcXi~#^gzqp&_=a+~Pt^U|tz1#MTrsI<T7X^MFdGJUl(IHe<FW9op`Fb!L
z59uxKfaF!u8jgSv+0JP@H8wS(^rZCBItU{tnYBTHrlP!mQXr`A*A1Nwlc6N4WI(jG
zvxw;Evk#1P3)*b;F!g8p!Nm3(d5XiSCOFwYH3$U>NU;i2*ZoCjbV)gY(54CM^@i_~
z)%~bKt2fRx3zR4vLUCl}r!Z~Z3sz#Z9*I;wYAW%puU4pp{-~SH{Vr4qUuU4?{OEQI
zW>XaU)Ds~OAFuxA86G={K2GjM|Ko+Ax?bgC+FR@f-jEhMSNk)Y8|3B8r(V9kRMMfX
z80L-00c^WF7{KoqWI6<yZbLPLUPQ;uB#ww_9SP8gu+%bu=|YAUZ=3bgw&#2k+ERna
zazf4=HtHE5Vm*(Uhq>kQa=qO2Qn&c4JKxi$5(62M^tZg8TxCafVz(tMjKofbkK!d8
zg>Y5+Gsf&B#D5;j^0zN!IslDC!u9_Xyfj`e@=8nLzckp0#bO$CQ3Z+X<SM=jLY2bM
zqt<o{aXnGy0}IZftmhoMZ0}gPIIeMWFm9DugTOeuGqeu6?4V>qRV)Ng=)oJTSjIYK
zW(<_qeqr{P&&0*Ot}I7;k7Le4`8|Bo;c4&@&$Ks;kZu071;3asX~xPT_&O#=_kX|X
zKI4ioR`SI|50M+@m^>IRD<5=A_>eD$F@_3;D(?bON<FBhJ<zd!$P|ikN|3{j+Oi+Q
z)*^kf8#toglX1a-ZrCuoGXReqFMLu(`9ObV^%&}DZX*6nBGP`!WW&?<gPjnB!-5q-
zG>V2CZoHk4_kCJ@je*q7kxBo<p;PE!=rB02+YPzf^-#}){`MKq+cYoMyDlZ?cGXzX
zW)ATW#v%s*7lTO95*2Fvt!n!JjViV9QLpd93SzsoXt2=)_ARY!8ACHMSQ+!^HE3az
zFk%O~-lcewe8#I5q?NOdS{#$A^ny}-;?|4pp!Uaa$`$~2ucB@Thh<`l)Jr94n8A;p
znrD)nZ3OoF9dgSg!}NO<bC6@V4x%iE3}45p3Ts{+XV*V6C7JpTuSj!{V{E=?Cl@_w
z<t^Zh;O$896!^at#$toA5-T;EzhC1Halyr5)0tX>*$M{)r~6QDK}uRr>U41_m%0Wf
zA7y$AH*zN@{8@FWsJ`t{&|OXI28s|0IWcwTI*O_JlOzkyIMiBcSKzfiMIjEK2b$?h
z7I{9U1$9Tr45}S4xzheg)(6lc{n_ZVcw3uZ^Z%g`#G}r4vI6=PQ8gE^FhL&$twjhy
zC=1wLI!v;Ql+Asd(TmlSg8)-(-Z=5;iiR|dN!RUz+53l`ft`GWi2BY<B|fFtWzmu#
zA9@vf<;Gj7f*^ZljJ9;J#gUknX54W|ImQ0G>l`~n$GWOQ#i#*Bq<R@-ybcLf<f<FC
z2Xpt)(&LboJ@%eT+2{U_ZE`I3rU=Q2FwmV;1TJ~H#SXPmV6GzHQao0TJ<mdb#b9jX
zrKYomGKySN<CrAsa?f@k%PGUpR^Gra%`*KZ3(f+81!jA?4!PqWf?ZAf1PL=S`2RMW
z6Q47t-js#amQ1j-_Is5kVT;BC^IbD{!V5NucZO*j1D3x8t7(2pl*%nvMt65)+%Nxr
zMOY|jGQN5QTU2LvfrgqYLk7}46lQvm)kdPc*4KR~)4+?VR@aKA=dZ%=Y&G4QTV&wp
zpUF18Z(gua=`VZZvd0%G0GNc9Unfi8?y%cj+mJm+N;phq%V@z|ms~5arWPDZh}+FG
z6m%!qa2OtFRtjer->TdHuyVQ%BI{^Y&dP{&XQ?(FrhaCUzR7R}gvgxN{)>DZz`sw$
z>4f(KpS~-K!f5uzvq$?okg*qBe5|3DG^iO?3TD*?5g9*}mp0W|E5QoTu`i$Gg;j;o
zh~}%pt{tFZwT**=@RG%H#*m&Ytb*7jr*z+pFXk1c$LjI};yIa~s47ENg?fFd3o(&R
zR5ApN9J>un%|4E8bd!t6bERLb)(r3Zi4##dNay=B?<Xz@O9YIfAUHT}<H}Cf>h5su
zl_n4wAM|#~#O-n^9;Vt8PUkyeVoUT#yRr2bd~$(L2KLKW{5^kb6(%@W_RWuG;fcyo
znhIcxk5uHt5L2gLbYwQF+mQ>GmC``qYLSc0d<_r2l;cV5CAVpBC7YWx3syRQ>h`@#
zYj_D?pjBLw-U4QX28V$y{#ZR;X0c{N@+MUb7ND{}OV^~(BX}mSBa)~N5ft&FiSM)x
ziWHY1;||w=zp|y4e4Xn!CGdSq$z%3OEwke3|NJa}pGxmQLS#fX@$E)|S^|dV;}F?&
zry0nZNOR1EwkR^A#(uqu>y6kW7|1fzF&y1*oYjymvx2^wBG1G9@a69q>;z7MLFA9e
z+Z@0bX<&YNBt?Q@e4O6WUYeCFotBy6>Wh8LX1<8yFGY-H?h<TYNO!3%7K3_v{k%ag
z0x#-s<eZvZBe&xLgW+JrY<#{lLTJp<-knwHCR6*#m{Y*LFemI%>ygyt(p6m24OxaZ
z&wfI+CldZNm7v^Hwv75cg{<b6Cr(lN+P+zhW6f+6t{Az<m$C(h{sf0-py&0Yt-jQ7
zQ~kfEHZm0XA2Wc0WrFWI%=QF3qt|1nZ@%+GtHZ|p$K+)x-_}^{T92}~6XG2z#?7Ef
zc9o~Fr|^P`3JOl#*cC5hD#E8%Qx;&klb6bx76y{tb>gZy5meCkOZ1;cMq9?(+J7i~
zqqa^vZ4Sk(KR-;klbR1KM#c4aG;5+od*}5|qG`IyHac6K(c|c#ZrzDRcI-UdHeRux
z)f-~8jfSPcNg&)2bEBNvZtKS1;A!pJ0sr(&(MS~LF)?BB(E>Kbz~;^p!~aJ^^?)UD
z<<l|!kfO8=S?aH7*RLz-rEN*<IV-DHYxWsd|GZF+`1g?pQR15G#KVNF$h|l`X3fm2
z@cn2eNlpLaQSFdSNn~4z9|#m#3~6_Yy+6qnYeO9~u4g2?6B`OSVOk&L?RwHX-jRx(
z65vegVb^^e)AZMn-y#1SYv=e~S<tQfq|>oFwvCQ$+fK*aNyoNr+Z}h3j&1JPcCusJ
zxH<1R_m2Aqob{>JSYK+^8ly1h^ZY6rZkPc(Yv1L+=9{l4N|Bfq@E=9o*C;=|)&%$d
z*8=oaWsUz|ZGM&E39l^vqbV@Dj<Yum>3w7Ke-{@1pH65P8c6?VyP&0oj|vSF^nOkA
zKVQ0`zbgJ&F#q%B_x)Aozx(&U-NFAa+ONL8T_s2J-~6ZY^CgJESpL7thA7cpFrykl
z0ki*!<k1i&$OrAeU%uk{|D#A{`hNlaZ#3W5j3&pOZ4p2CfyUgmZ*&fytjC{UI1Sb(
zH{j!C&u4|44dUnJ@N21_?`PEgy+Z@#PPgPq)4)yK`y2lX5`mM>><7?-KlJm_{S)Pb
z!*!)0^`M&;=%?WeohN~tXM^2m=;!_STnVN4nJQy11*$ywgLone;YUdX>By@EX#lyg
zqsuqSxwkwC-OX@k(g<hT5bAT|$m9<cO>EDUcGxtbz%LtcIhTqYBk3c$Pm%E*kZXVF
zDw;3?9TeAi#T=2mYx=|{Pd-?dq4DeEh@WAqt&pIQ>L`wLR7B<Rm>TrQZzwGmh>dJ!
zm@Zc)mr1Ejmh~?Zm=J~x2e{a$jH89bp+bTb*tX4u4OJF9&^AJcW`sRp&xj_&0Zhu1
z;02(>%;k20q*IO9RR20^=Cb<MCD0L=6bhE?*7;hn_^L!x;hXa~%hqh7yG2`KKgwYr
z>VK-f0blZSA~?~)l2AeB+Qn-62!K%*LJbtInIDKKB|SItGxA6g7NZS_i@2Y)9qNpf
zmJ||#m5)qSS(X!2LnCa)F><2k@ZmFzSxMh&a58Y2hG?#%<s>vp5r=1V>j>-f#YqXw
z!!b8m%|8^G29rlqX38Ry^=<XI*(+-55_4?pe0M9mp_-P=2MUt|G=8^RHr=E1DwFRF
z+kMo)sVb)m^be?>i5{oZ0Lf2@8CtajDfLJHc&Gak!{6gAW<^#eOgV%qN|MFG)R`7g
zB}T^?C3<V{Ih5GEgvF0Ui79zUuI=$d05_#q16K2YlgtsqIE{QCNo^V(<YKB~yDi70
z&A|92H9%2+%wM8c#BMRInLITVHxM3tOjWSTWte7(OHWl|go}a3{JsK9<s_t^B)OXY
zW_n6zQr$G-7b}a|=JYnAUYIcCAN-P*py<PZ7dD&Pp`eG2W0A7$o*=`+tsdTz$O3LE
z`uW=cm-E@6KYfnnSo(g9ZTEyRdKkw9L+f4cJ>en}xF@Z0#qlcnpiMS?(NlOmz}tw2
zvq{OipCVUNb(C>mSj#KjI@cg&X<ZzBlO}VeZ6k5NKOiQUtbNXq)g;}YAVYck)EcB`
z^h8Ah$tZrphR!bF3dg~d@Dr;F?HDr{ZK6auGDLjkY31%Xk8t_NTm#>9I-AV2$!f|o
zN*p#`)p4={o--=*hL{iC?Gge2q43F(NB-b<8&68bcSmV3+P`W=Bf)CG7%@_Oot5L`
zWDb57yy<~V>42Qz3~44i$H1`(r2c^PNU3+Za@=PYqkHSU!eXeJ<dL*L&N$6MB-y<q
z0Zx9z3?OS2r=B%yZ91x(ZAV!Tu`+kDQJ7SnXjr=BwF$3-pVED1w4_;y_#PEeX#7M+
zwkPDLVM@Pf@tT1Xj=S5$g>A!X@=YJny57zrR$5M@M}~53Nfk6cxEr#}_E!$h5Pc{#
zjHy(o)a6_tnig(q*05;#9hQjUbgv;{$n@Q#)jp{#OALT10~RPkQk(HF<6^)`3gjPW
z6K0Bo9%=@%FqIVVJEPr6;w+??RpUfjA=*e~R{0Pm-HgCVQh=+`&BgaAe@g;)OqAcd
zThyv%D>9eEJgT`gs$p`RLx8z(Ehq+BM9pY7T9jW=!-Ie9EAr9@)D&Xf<~Wj{nLwzp
ztOe`zc+E+%eKi|@<p|i1M1pamYHcx^Bc_Hkev-VWP{iDR`p1Ce-DI@Q{=A+UKx=Cb
zItlgS6sJkRrzkB`Tjm#w-<P`{&BwmAsu3dmY$QiAIV&43>M5Eu9+xB?=a{^4G<9?|
zBWE*7Ap4RP4Y!Oj*+iHaqPj?stq|03BCTlAAodRoOKe#Fg)6krS=|1vS(ct4e>V~l
zUOdGDpdmxCWHX6%_ouPiq-%s(6V*CPLm3g6bT?reEgd3Peqe&lO|Dx{N&QV%Ma0YE
zAjJ_Y-NAD`ny7d%3fLT#kApUZQ`^sfNT(t2RKiU#Z$fT5WCPj)k>78$lj6BvlN~`U
z&yHCmvT`N@{l_ap%7EEf@%!pK!8k4<Y`I+dW1Tmj@C3(_p57rgZg%|1tG<&cT3(LP
z2D%>EA2hV!&u+cQago{(X+TKEbMK7B<OffSLka&Kv$Q*}gqvqBYWro@pzN$`5A30k
z{I_<W=%Jt=@0ncu0`6K4`s#!r#lNaoC-5vjp-cXz=>9z7<mNneTbDs`$D@<fl*-;D
z=O7|ZkowZyjR06&*du<&&MxcVBWo?2mtQpNptWj(=e22jn3yBQ&b}cdGLe;H;x$@)
zJ??gZMEdomE;W&~f4KhzViw?Iose<=1~=r$Tqrd@0SJ0XuXFICc-^8b(NcqKwd87k
zt1vc^qs8ksV1=Eq<(u>eX?%DjnRn2nCeR=w!pdaaQymMY;*a$W00n9NQmdn2y|k+n
zHLsLE!06Pz6BB}Zs6H7`!C2>Ed~vmZTbL7TJEel)J<HDA6%z>56GE3R0eURtDdAJV
z0C}?#4wKPdVahQaDXk2AY~<t=h;o?By!#x=Ynhg>ZB}8<8~Ho}_Ix~EB13`(WJ)B*
z^9Oml9SwGM)Oqqf=(;V3r!bmkv2-}&Z9pnn?+j0+awv9mqzr%JU-^2c0OK0{m|}!g
zk9li_+n%y~Mia1Q$6V0l*K>m`i}x&$r6|y~p5NRF&vs@M_7(oLPqNT+MEqf7PbTIO
zG>Jo<7kQmunES!;_**%HOG}@DgOZ4KN^M0^d#I9#@zpNU=U1D8X#k|yv)W^adN+Cj
zGCGUxgKR9jz{shxeh!-%67^5%2}gBDXo}bG0tp7<$rBL~A;_b=R=s>->K|v90(mc(
z8(LVTi*Qaq6tWMh-=@2>&Lx8<<h2)^<-o+tx`d3k&A8nchU7Sn@ywARZu;AhD-c@(
z@qLb{HiX<BB%AWSj}4}ngA|u)qs8*sZuW@X5{bEt-x2E^BVoj(U^?*O-vvfS>zD{O
z#aX`A35|2Hi(fmAtuz#;)R<;jCSG%<qbcXpk!)0*acNVB@GGvyGf-S(V`nWVF!YTL
zxR#_yd3of$4Vtx@$k5ICg-0s-O>Rhd)+@9iF5U#Ky1<e4^j6$XODlY#{xfT3+7~d4
zv@}F5-(~9@;mnv68mD~oLw1H2Its<~Pz6DJXNs`Y9~;)=goC}kTCzF4`BU`$nMjQN
z&IstO->1RKomp<7C2=B|sHafl2slxU0Ea>ZKSCS=YnIY?bb?wbJrjQ|;u_7jbVT;^
zok|ZS=m#Z+au)BljB#C*)HvIXjw#E4|6ay)U2HhBNHEP6%WSA5AfK5vJXY_th-a_m
zD(6b5ctcvp<(f4kz#+OV71o=}1;a=VeK<%>4Z0p4p+*^GbfMsKx#LuVWc`#VW{rlz
z?Nph0N}QMbbzc~e^qqeD-YK+yMN5VbO2OKkvN)Awmtq>39RZrI36a)jU;H{s?e`B2
z1vSQBMpBj$?7TswYC|uF>ww=voNO8JpVT4?jp$jKZ2LFg(<{x7E0?JE4Oh~&<hd<!
z%htK4RCpy!cMY>&L@mrmc~osq?_>2LjuwJtA!@@pF~q3%+;)v$)z_k#k(E(X!6K?<
zePZ85D%5AoDUH#ZQ3jX~`g9ZHEqwoSnNk%Ocm0Tx(8`tzvl;F{QvShus>v5f*7$pz
zrl30v0^EHp)oNAr;MuOnea|-VDwF&efX#@ul-L;-BV0F<w;GnZvG7+a&O)-dLdJYk
z98)a(Mp{MhnhArTv63f7WHzdt$HS#kfYPU_CA#Vbtvb_iSZ3i5?|qP*bIGT<PSoxg
zd?>z1Ul_S`LloS6gKuh%^wJX>EWW?&p8WJ*9O;01nLz+X8;uu0eNr-1h|qAgLxkM8
z(nR9o9!iUW6urSL&-ojmK#bkdn^b+yZZEafoB-K9kzj+`IUB7D28bf~nsgjD9(7zO
z$1CxzKst3b=S1wM?ugeB=g76T2U4vZ8)dofxK)bA)ivs~cP|@WRFg17yt%YKlC>}+
zFDBr-K1Y5&E<f;&Eu$sQ_s#mOD?TbREELI{$bYq7xa1l&6NOHJRm%x%;?N%xZn|4v
z9{VLHz&!JxMM)u32k$st7#14h#=6Rl<J@;KM@z_FkLpX<eTPJq*l)DSBD5ma=K9eh
z^jk1y(P+!The53Nj^@WVyn69IOGH<-_2^%MSchqroNVx2Hrvt5N;w!f`N66uuHn`>
zqYe8rH5dSsN}vKPSC_nGsi?-WDZK1drhVP;gwXMAh#b(>NdpruB)Sj9<90SEIUhYV
zY;+-m#&nm-@3@5gDV{BoFKb#@s@Q`|hZEHyS?SB*?_Dwh&W9Hf(0353S@nbHR+Q;m
z0>?yMHjZD9`#qBnW20|;eOb{kB8D{ak6o});nC#Z9JULJ<|+Qq<a7CbE;18u>Y+5%
zQP+v^b^O0;C}vDwrR&bat7*H3uyF{uG1{T}Ak1vOYw9G;<jWfiW$5Cc`6Nr84<y6i
z77{De1lbG(n8zx}AvsHmPT5YrC8%|M!w+ZAa?0RfuxuFpLB$=<6be$xDn3%T5x+0H
zy2e&7+X~{F{HCf#uHyYW1&+uldy-)8W=2VyLRm;foOHBTS54+sCwl?5l%A{>MkIR!
zdU*@~TVjZ1V}{pYM#Q5Xu^=tvzO?-t^=F%Ud&1uYqPbN|qnB>;jo<yrf<hj92S#1v
zuRh{Hn1=D6kw?L%0cCG;ES?z3{SH(iN+cMm_%J_5xeVVb?fFOB$pyE`r9vyKGT4eH
z;7L1?SXPXLkMd?Y%>J|)hJTl~B^OSdl<EY3F>9ZNOAbYXWFKBPB|;PnW}8%c>iDrn
zX?IU6UQL^`)Qq1dB{fk;L*d%~&H593wZc}LAzE<sCbD%+*_o(9W0qARR#J%hveEWb
zPA-}Coqfpij3`JK-|OBIMWgD1$%d3+x8ypT<*#l-W`5V-o7v@Z&zo1A0{x8Is^8r~
z#Iwh8!z}Nt@JY*uc)!IlZGu;WfM^3J`?t(yyJHr!uf`m^gH9#JyE>QoxdigJpO8*~
z-FxZ!>pdqs!=Z-bPy`FG$2!*En5AYMbN{$S<$k9Q4>g+{a`4?ugUbGu8IzwRMAEE%
zEHLE=FXCV>Z*yO9`Ka3}^e>oXvkWeC7lYly{VD#3<hJ<$@BO@5y>mlXJ>cWECG91d
zfpawaX+Axh*U&}}X?7S1Bo9hkRPMNXgHOM`-~%u*jZ)Y`VJl;?j#@;-PT|vVZ9buZ
zf;f;!7REmg&tjCM07DF-!y@RL2wIZ}i_~5dVk}dkB-80;KCaFvgcC3g;L^`-_4I&A
zZ=xk#r=JYnZ?yD!wWIS9u%ldJx^kQ3q%o$GMY#^~;16nN1DAI1KOZj2IU~mhvn{s*
zG9pKq2wEuM8(E>50r{vb`%ltbGb+xLzqqh%HrgPj1o^>Z5anAwC)=5<Ch->`pa<2^
zs$r3&RC;kQaH_Qjw|!)ur|VTc2O%o~l#)4P*NQkYCWon2E!RVKpz=fgnMjV)t`%z3
z`gPk;%^?!$*gpw-lW+kb;d-s}ex~9nhunF_TrpYl(AP^(R65McLh9cT42SBOG_epT
zVGofhwb#EN2GiMCVaFgok8)nWMl>MDi}vbZ;Mm=D-F>J~69A4LKRw#MgE0dGd_c!2
z%+n+Gx0g*0=Jd~)D+Nut2@3h$m66H}W^~ol+jyd$)21;F(lK^K`=Hn~6?VHv6&Y{M
zRS;t$H0mc`hj@eYT^*UYgYKm#i*#5B%S1-1y0ya;MJ`yJ(dwCfzjRuQ8RK&jkSP%X
z&khcue?P1j=fys>QX_^aJMOlVmb>Z`_ebuiqeW<<=YX)G3zeEX2m!`|?mH2H8tcJd
zp#JcxJ`-=6)Y1_~GVYp4ViPgrjruBHmGXf)x8Q5))#Ao+IiUrb*KR4<9;`hkGy0Wt
zX?Lk6RJk}|^mvDKUGBPc5#nVqyov|VAQjMP?7(Msuo5~I9LU}%A_%OGsE!5RFX@I^
z{cHQyym5_JZ@ILP-BS_Q<$r&=l;xt(C<S|LEO-}B$YYaAgX6&-Fq-V*%3(M#??ZVB
z=La^9b}mjhvLg*+jIa2n)$B@O+kTJ4RwJ-Z&WwxI*iE`U)elk>2)YJs{W-(;x(S4_
zPyB-cg92Hll8)FY!wO9couR1ZXKQ$}@~2A4X$ejQwSFrnTE6|EF3+ph`vLmtoaiIG
zQ$7a&sZfi_is6BC9@JtITIlx)u5eo507d<gV5InPb3&Cd?IddQlQPyXX=kO}J2ofK
zQp@r0NUKvB6fe<vwl6&=4p1^YC}~UaM8PXBb(Tvsi^B{z6ag=w;$O?Ru~hor7|!+K
zUTr*RoB+u$1C!mZ<1VEehisrgx4B66dF`o!uNO;G<yvoV97LW6+Af+6^DH)w=`r7Q
zH$oK~zwxEBc|~mUBx>0Q%E?SNc%9^|#ymL$+K`7UjXu=;*>i07dPH0*y-5fDpS{UC
zopwiVLccwuY^R46uFpSFHSNZXyxwS{v<k(8T;y1DiCmr;ed{=GC{V2VsOK_kJISgF
zfM*OR-8q4XVD0M}+W1*chy>E%qN)NJS|K(CxYa90H0_~q5=Vb$uUqU&7_Y~R{`#rT
zp6iVmGz9@1z4p6<o=KKF2g6Cw87;Agx<H1wvG`wp*f(f9aD9&p%Z|I<is4eCpKR&9
z$)lHD?UyV;YYAjwBTyf2e3W*&1g#WE)wJ>xV`6+5rPLV-OUXXr93=B<nme3=@BE1l
z6IT#iM)S%?n^pXMYSV;?Omp*UsiEUMiMY?$i}Pi+3)IE=>bBpA3S)k%y<8gir~brd
zGX;wkFegXNKK^_G2oA*(wExK0>~x(*ZIsGf&9xLhfskvr+uG#19zc_8&0>?H^d65(
z3RGRp`chU@RCgL{AVtfT`RivWBA)yPW=kI&?k5coF?-%oBjE831an;D6bee1@i2L~
zpcky#E@l;)dr(#N*Ck1kg?*dt4r4i-8M;HXR9`66AhT4i^??7lYu_SK7(AUA>#typ
z1OCg=Io7$ZrC_e4-1xO39e#YHeT@TR1o0Jozf{Z%WVc#MPk|+i&(P%xp47ThmRC%a
zW=JA>aF8cV#^OF|446$IszQx?vockMS7wtI7lOpU+anwJpz4B%m7d#lhnNz04TL?E
z^Pca2E4d$@{5rKlyh4w?KVuDLEeWG4U%qch4;>>rydfArRA#``=ID9PJZp72vghJF
zlFkZq>ifL2TW>YN3rl=42<d4pqK$FQ=PFQDUX5X+o_LBC6=@AqRVjf(i^F2+ngT<c
zE0RS%IDc9L{D}xwn}L?4xqXzRoK0v=Re^zg2U9VHu>#-7B$32b^~ij0lRialTw=6m
zqAei)g(q3Ue;*tjq#_j5yz)NOX<mnm6WBu;oE!fc;d(yG1yhSEw{jb2WcN3E%1Id?
zH}jox&cT_Qu4mk>^pD9WiiKu&9AcD!kjr{V09l*}4#rqf#O3y^Rkg53J1M%uwv5Ct
zrRHX+l$6(zTust${~REmDcQX-7C^5;qe{eQLV(_&4*W3JkMJhyw#IVfcO~&_)jmR@
zlQ!(hqh@}jDQRA0vBQ>v8fPd9HMLN~Kir+n-{jmqjK8|p5qi$y;J1-$L~AD#6C~sg
z4Sn9-?0ThvaYM|K1mc7Dq_JE#QqCu{7_W~PL%YQlN_v`cljpqo1$A%<rf3>=EB<<?
z5Bd278SIjGmUHHRG{d^E1zwm&+lb&Xy@P+MO`4e%+jDXjwzXkiycxHYSK^*n)s~ik
zm#0dQpWxMc_M4w=>cl-1pV!*H!&#fIKcBBUHI)Xe2j%E28R6WvRntV<5{xPXd;RQ0
zAyVyDqoGEZ3MvusIPC`Y9zRm{F@>rL`KSLCEnA1{bXwDx`!K<Ge}eMtpK1z@=Bs!C
zRRV16Y9^a~gUdrVKN(M86uCkOFfg?0-FRtTZNIAiImFQC)Qy)-dhPL3%C(}eu?--9
z%)0`K`&#QSYR+E~ONWRIM7xy+Tq_Mbk#v{Ygy(;iTTy0Xngx!JzDO*C^i)XJmXluP
zS7L7(j0O=gI!kqokkiY{(U4AQPX2sY#RQSc@p*9_`FRfuT5NtK4;TMLw3iqxBAW6O
zSuXUuq1QMrg&aI!0jm@4Pn+$v=2nm|h(xim<eb6}V>vpU+W}#@J;#8YFf>IT@R)mf
z7|x|SpZ&sOifA7Uc5A<oWgYE^lM>uY{Z9Om67#(@^x8w!!6c?C?XK@u&6T2ji^1w+
zn%fbQ1|oS~ozulSfTlu~y(E8kQHHZM&4?7)MdKy?MUOC+CoSIvcJ{KWiorJasM@$k
zihaFpg(4-rRtP$cpJoClN-ApRrapjKv1oyJwY&2L=n(ox`HEDK?IHjgwe-hWDng){
zRN#;UVCjR0jgzw=+-1ke4{jf;pe8>UPSD>cJAqNF2|*o^o%$zSMocha>SNRWTFn>j
z7J<(gtf_J<`j7Xs+q#?GTBQ2eVtg`ZeuFIc7ePe{pW2ilq_+Dv<HO>-$@|}wVG~}r
zByuS3pml><BH1*?y>ZTnHi=Q8j7HSG5<a7*xy(_CrUV&!T|Oe=rq@3ri3u;}mAd^m
zrk>VJ7C@eVYmI0aufJ=3UKQxGS@9UV?nrs=Pvicnsnt`;i{$NyN@2rmPlga<akAKM
z=#11cl1%-`n4^kR_HJ-zK5asgHTMf=fRJhnB^c87hQMUh4jz5?Qd%rVBaJ~}JGbj0
zY<hOd;vm*i8*n|B^w}3sJ6j1mPw`rQfLrmis(C9+Syq75nzaA;!XS86)Hpu#RQ_Ft
zuyY^@%vP%WRg0a)mHQ+zI9<9h#pg_fX}28O)sH0ET<3~Vj|Z>uZ=h)u&Y9lM?m>S+
zeZlznkC}ySIq+=7$$l2+FyAT66-O`ePb#b`vlr9r`wExqvO~*Wg@H&oxyj4gC1`wZ
zs#on{zdw#JCZLm>L%q)Lr%u4=Do?W8NhD^h6P_l+(BgUfib5bY1GSimEX2OPTw*OO
zB>t_4H5ISh#Xwz3h0@$~_yfTzS%D&D29Up<d&g+QbA@Q52yLy|&LoR&yJa2)GK6HF
zovE|fs>bV4AKl5@63G0QV9a>tEpB;=P-rTbf2P2RY7SE@^6odVR9cLIg;phPs;+5X
zVy~@@M`09y)eMHz2)17k97UI%uXfCAEVag=iIr|ahuaATUAla)kX$Vg`Ea~n-Jk=#
z`Qrpx?ZO47$oL5f<KYi`*40B6qtW1-2e#J*<njd4bwAN3k-2<cFaaLtpUk9>if(s`
z#h=+R25-Bi>5nt0<L-6>ZOKrz5fC%4@SNK%WT89dub<%&Nr0Wbxv3t>`Vyn-KXEmV
z@2=}UQ$cDfV`W@n`3(*8OxI!!IA~OI0|~%5@wC`;ZY`)<+kVOucw`JCLc*3;#wWv%
zZ(n{5f>`cd3%RT-KHpyL>CB()*DtJ~+IDl^p=@Wk5{1lIaJ`p&**M4bhqX1PkC+H8
zHZRJ*Znh?ew7@(fPbhvUWU*$~5O<q(GOh6d)6K*M_p^vY=Dd&1FYGx6#=ZOJyW92K
z?NlPzS?@||%pk{$*U?8iliLj3xLzwxVJK3+jv`;6&gBc;7b!n_3CJ(b9aZDw2C46P
zY^E0P>~gw^AsU8YeCSq?4skC@^s}eIZA((vfd=aCLV9q;-$79z8aAoK=%O#=Xt5U0
z7^AV}nwQgP=O26e^Q2l4R|}!TnZ?<PW(e<xBj*iQd&})(H?S5Mb3i;FEV%9qz3C15
zX}#J2TNq0iVuQB`+Ib}!%8olQx^HX5W^@0c?*U@xyFW@&OV?rcenO#UWMq+{P$+)J
z?B8_zg5i5jdfy$*M3~N*!0e=?>4qD89(h?PG~}BcPP#u;Bk#OxJ8`%8`V&ID8ZETB
zv^<ww8VX{7;HLz`8tH?&a-y#1MdOUfq(e&eB=P;mQL>A{lk~k{t2^(Jpu6BEgJXyG
zVC{Abx$EuwMoNt?)?1&(2#~jTZzubwe4ofVxOUXXKkYdv`5#$$9xsFRJ6{clg5AF0
zbQ=LH_&*vI&3o75nCxa8*)%jwp2ESO=Fa0t8LPh!4ibLh6}o$~(5OJ2maJve71|0w
zkXv^<fg=Ai`WKJPACT*n0%56%?;++#|89>t)OkfacKB04KZxsOIKln&K8-2W)bi^T
zZL&JXTH`h)A@{lsF@Wl8z0#KCFy5aaNf^ooz0G^!@qMAP-y{^-4DBJS$>~rJWIyTv
z-0AhY=o_$9t+fGiERHeJ#<<!Sua}V<xjWsQE~|7xpc#1J5&hH(n47|nn#fuL)k16A
zk++;m;l>IaW4}F5Lf5zqA|=l8t>5KjUC-Q9S#MPv^|rIx&#nNHzO!#H3BIy#=CXjx
zYSIs~Dt5=HD)OQ|lN?8&b0mWK-H&k^owuo{^O(>cjO#=)7b=QnlOMKX<qfruf6kZJ
zJKUtBF@bVmpLXJWW7xAEj8@*<YI7qyVr5RlH{WYQOgX0u&>7{kLqB|=^HsH(hxl)?
zH*?y-4zs=MaBR@7F{8cijMjZG`^#2a@pLq+2NFuNWgOSQ72ofT<b3RK1>P(eJQ2^n
z&`yinhn!o1_g{{Rg$O&tnG<!c&*-`9ZKBU;!HwG=v{HSq_ZR+$gkIm0w(>$Uq89Vr
z@^Yzn$oHOsgnb}IzKG(AMdK$F$#^C<<8@UK6X>1$%R+$m690qmeVTt+c@5@!6my+{
z8{gwRD4pxxXZ-Do{|=A^SESqW&e^<k??!1%M<wAUr8e1lH%3jvKpf|)Pjb?k%5W*~
zK|~PQzFT7wTCX=r8d2T%oR%B5w3X?PA{k4X0Y&&SMv%^JM+hw4$95f1z5?Phf6$By
z_)u=X8+MV5BvC33bUv;}naO_XICsLxP-Awwpos?FJe+F%2h4i>1CCY;$Py!{2|cd_
ztT)?Yl1f0e<`WWc_tkC*)@=@38*w}7Cb0wXAfVCu9H`cFf(M`3@jI2q87uj7MH>B(
zNFwm$FD(L&0K!JQt2lY_lu+Z9@nRSf>23ZP@J!I;$tzfxzUNPsR4EsoYVW?u9<xb}
z&4h~eW(#<&l4SNsFO7aZ#^scL=!d9e#(que3lE1HR$#%md3&&qkM^wrbk{xpQ%?Jy
zwFs<|uBhCzBec!jK&L4_2zhHG#O$iL_D^u{>(Pq;f^hA&S#<|%Zh1p&ydd@nOzLvj
zt_E_Y=;-<IYt$rF>b8TM<?tjeF!n90D)c{HPZ=GBCz!(;WU;zzN4lC;TxZfEKNU<p
z^EgooI?aCX;4ot0aXXg4B<#Us><s8|CZqDQT>oenRKnpCYwCo=!)wm!1Up~DFv5Y(
z{JBQQY;=O&@x02q+-{lSak%u)%Z>iPu%84;eT{SHFQaZ?Neg_+3|PvDQ_JxSBj~)D
za<^&gGt?BsJvpB01Xc;$D+L;%0B-cS+W%Gj9eTZ-5Q&Cs*NG!^-?^5&+PL(FukLz7
z?RpwyG(O8X+-b&tV`#r4y&cg^WF44QAh2g#@uLB3ba$L1b=>yqTK{TCRpk3X=lL?;
z)$O8oJgioftr`?cgZuiPUS403Db{pglC7Zj(<1#13PS|e7?DkIBbA$y<$AxtqJLjA
zx!D_Wk7jYcTtHOhf1qEqU5{kQ;WZp<LUgw}QKMZBX?a;aWwKp|z-B25du|i5D#Kf>
zBB${rY~K3tQVj!SI|u+~JP!1_GUFZ$o;n@qf3aXG3UU)}v^xu<09fq0-f3|&aZzs4
zlqU^#TT6)se^1sxA#>wv8u&2Vz8oxFCtd2=NsywvRoFdoOyYaN`Ci}Vsd^BGmXvtb
z&odr*xgO4~HfY;mbG+GiTpx&u!X2uToR@9Jg<W(KHNRgxre7U=_dYGTRH=POFC|oj
zyzPPDimo3HwMVN5QPjE<xHLAF@acPgh*xU0pzF9<1LWH$hNiKGx`Xk$efdiivH-X%
z%98l8JN+;9@8GwGjKZYZ!CQxts<QPN8_#^;2m6%S-s=fZ=XQQkTk9{ZiSe}78+C+U
z-0h3{A-7)~=bhl2KZ;~?Fi<y26Dzk856!3lURf?)Zw<=Wym+dQ(qmmampB`@Zz`%w
zQ8UI3C&-JluJ7Qdj430eKPUNX?Y8uz^Y}J9fDc}Q!ytr?(E24t-(#7?Aeu5t58Y;8
z{>@iI!f$eRH+wWsqm2d<CZbU*UVrwTt5`B2x_<4p+>FvOTh5Xn0OKHUH3}*<0r-k4
za}o8^#nyALt_!4uHoag?)ulrlL17oI(50~iLEY<K$WTNa*b^}>T-ilsnsFED0wyKp
z%@cS_JFAR-u*|my{UPr<P1~K1oBdICT_FZ<2O0+p@M&=_EMDNbexc+!HtV39M6NC~
zju{DUD8c8ExT{esyUcpZCcCvjHLge$AYqi(=aY_FJRAS#9sJRJso<NfAZ5oBu6frz
z%VMQY?2?vkb@vm#1Tt<o137A8tRN-<k8{uXqj{m#)aKL4Qdcltw=<&eeNa}7=ZrUM
z`C<CfBsBx$;Hh0#U<N)~11YQJteCD_KO*@ZA=_yOWD{(sKzJsr2pdb=1YI@2z?*QZ
z``NtX{lV0Gf5>Ww1U^<pIwfU)XF@vJ?1uLYZzCa^ZMzjfC|OGA<1p_)E=#a#GWLS8
z+};gWZ|)mj7$*P+GVsOuF9tQNU1z|EouUX<s1>Z_70Wqfo**)ozB4TBo3%i3Z94h(
zUabjp{wEll(|C$@yC=JX;Jw<zAyAs_rCtyypZ7i!=NpU`#|IV1cLOtWnP4%4rAY5&
z<2&Aw%mo%xuYK$BMVk2}SK&F2f>^2Pj~fVG7#lfQ%0JxhcUYbVUv4ym%(&!3AmAQ-
zLJV!t9aK=-3K#Hs$*00A6;M3eEQUD2#hVdZ<hQso1i1}|qg?Ip*Gur>n;M^mcSif<
z{qvx<+(HbP?V`TnG@4o0zG}o1<KRa>#p;gJ^E$C#A35AD$+God${D)n^o1V7WMIir
z|KSjyI?K7`*@?Z=(`~uo>3qBli-NTM&RuanS5KwD3$n=eeyI(wW6gHBi8#{zHICzj
za);=xF3KLs)gqCVS$>`<!Hre3|0LpZWWC%3Z8GxEY^NJEVka-GFD)qw)`0i2S6iBq
zl7^JiUf?z*V4hka+}u*hkBg@hZ;az?_=~^&vB%>udQiF)KhA<Jz(j((h)!@%aw&G-
zVn=AXuU8UIL`IVwhDVuU)<Pht<9=~#H#Dm&fNH3-N7xN*bS=g3swaRekTr>}x&xs=
z2yCM)U6h=k;(T?7DfLwh>91^B)j*H%JNMe9g~r041kAHTIpZUve)(rJ<td)C)mC08
z1pL4;hW77=xh@=CpA%VM?h>r6mj}ig*9qHtBc=N)O|X}LUP2H2+yxs;t9S_tU?c|d
zGGPc^O;G&WlpF2$Jx3r((9JDFieh4%QF1qWZ{Ig`Ow7Wz5+uaR3T(5vHQn369Erc~
ztgs>oJgP!4rd@bxUk#B8sh4PqJQ>fuVY28v1$-&cyhMuEV-}(f#49pOQ0{1B#y!db
zz4m^^<1P=etigtuG*?^QS@7<z3IdKZHf_1Ctn3<SfVp&fF>dx@zvH`db19_X`y4@Z
zDXM5Wb-U}i!t6Jsj!dJHnQ;#EB_z&U%K{BHlS({B1-@(daUCYCq*6JNC0qWPRv%tk
zmqxJ8_6K5Vmc=SfH*Zkb)}YEmz~$#2rgdedv1KiR(l*n`><+o8Bm$B6N4!M!WbqdU
z8w+(@GLEowI>l&;@6tNkb-uiWv1Qml>-1!%N(T#p$2!;@*7HUmz|Iy=j6eBN*5LJc
z9`lv2Bo(ZVmp9l)VG6GH>lWsESOy&dZB{+`PzS@RyMiLn3?!EbbEJikC7DkZpsid^
zCO^h#f0tJ;G~tMq4HpaPNO|%LAS>W`k)AwW4hBcq{Rav@*k#BuUz`4`&*AQj7wmjR
zGIFKlmB^JVF&je?#||)=?N#@g>v>b&vfCj$PHv2T+WH!=PoIeHosDn7n#XZ^f3}rZ
z$8yg9I^AW0b$2!gPnF}%*5&*xzTEA?J64KUp=e-8E!h*L$S?7SDFn3o1HqJ6fq8<b
zskgJz&8D}Cs`pfEaHHAIAe+k*VUqXNn%0~11sOZvl*w?K7(FeO^n6i5ItF7h)XYYk
z<rR5Wzk%*p=rid0{PG<Pm~9`;J=DPezOZyD?8FmMM;J6yp=g)wwiwZJvden?f``Vv
z^8ypJ^6_$iGH^W^@<l(ug^P-mcDL(^ERMoy0vAQX8?7yYR@nJ|(s4V<?xDhaI#-&9
zV`t#*(LqwuzbqgtJBCpH03FzJtkXPg0Jru0@bjzYP#B@<g_Ak4M{YD(hmx_diJju7
zFVxN%K1IiC0h!A5rfR6V<6i*5JGz=eCNcQ2T485+v?G~c<X`DF1~r~>PZ)}LF5N9}
zT84u9{V<-&$Ldnr(G}H7*hP>1o3P+$6dbe5iL<p<J@%LH3FSUz!8}4wcEL_Dv+t?N
zaIyVT31#1j=`?zCL-rbh*KuhRVr3<+Khw-fS!^&-a~Qk;3*(}-)M4Ar<f7vleZg{Y
z)qP=H*yQ!0YPrFZ^`iaM7T;q4<wzV#Zzv<44yTvdB(^^TkQ*5gc7Hg&5rb^*6OMt$
zVKO=1s)p-;aJCGcl7b-xTvuzNuqa=Ng3LDa{Yt+zX|NYab_ZbdI#R2=a_+{t34|w<
z>JKFIUp37WZ)lnAEw@)=@+e8-#oT$Q!vpvYwVO`oam>D8yWW$>Tp19arLpG;#A{1C
zG%7wk9e~fSuf*09*K$jZ#~kH6=e$*7Pn&&~Cgd%k3o!b7aCAWpOpp8No_(MauyxV0
zofu`mr%bkUAe8S2quL8q)}lz@MSIcpN{IAbI@|e9N=@@zR8Jo9=62199Dt%)+8tvi
zn`UwtOK=chCg9`ccyI|^0pyJIUVp21GZ~&P$acV&4}_@HYv)$ovqVY_l6JninvG&K
zzCDmv6XL<;7H`EHUnUjb-|=4wAs_7rzb`9{9fJJ2>VgC!w5DseOf$nnPc6`)e&Da!
z)t|So<B?dC%8b=G`=NIY!O4J7XCTVx*jS9nW}PMErr)QJ+Ia;>_4qhVB+h^~^owbw
zDsYlqiT`To6s^W~%$#k$QOV&jLp=hqLgNcKO3v(%kl!*LGHTi%>Y~-;UF^Zw>2;}p
zSBP5ix6&-vnJ4!cM@?&j9{8(LuND=M=SA3dcQ&NWza}(mqmYlV4?W?v#newu<K?9K
z1sKqdqD&O-e8}Ygy7nzg5V<s)V-cU-ds~(;)iOAeb*PKY`Uxg`AY&(%pSQ;B)s>cz
z{d*X3)vwlXb6;e!YB!F5TSBuQ2r0j*j`Ay26?iZXb36pTkjtS2?XF~)3W@Wr%Sh6{
z8l{tcz8t+V+OU?Izk+El<pwj=&(hE~#cY1A;pr4|Tv$TNpSoa>M<!9p_m%t{tMQ!h
zWF^z9wP1$33FJEbQ!mY9r4=_JF>_H}#R@%Cx^j5>yQ0<-$iY@SV-ecc-G(WtOoP<|
zYI)s!{X%R=9nQ(tdZnr>duUp3c45s?Dh%8}!ZSNf^0C#+JD<+3%%AV5<sKTilR!P3
zE2<=gA!Z{~zWMtk`Bpq!a#l}fp5UhQJ1uj{Xj7fTy<@XEGfnb+;x{dPVB7D(SpTZW
zWtAS_uw9FIX)~|X@50~UaqEeoiV-()!j8#)j#3y{!E)8S5cL2kpi@hBlZ5SzJ53Fh
zp#bCMFhLNho%+SGr7D{pHgwWb2`fo;dFMjVB*n`mY^00KG4+b=Fk2nZSzHPC8Ke<%
zz(3aTF62GdW9PEczVBQ+!AbTrg9buwi)-zdU6S8=9WLhQrst<kXNg3L{SI&dy;Ijl
z{cVk3=x3@-on5YjCliO`XF$R<!j}MFG!dKhnAi2rV%_5~2PP5!o@}MuG;bCzn<M+-
zcmwh4RDyfj4&LsjiJie7`yE^3UB;(1#3V`cm00S|ne=dL+fegWx9{Rh4@|t6Ye=>~
z+)I_?FR_R}3iLS48@c9}pd8h<cuc_d+O5TR*VUSuTr1SEbH3CH>|Aj9vZ10wlOb83
zY8X!M6x!cJP#Ir$#9f`K#yLr-hvvRZ7|&1lOF_jB7U8HeU9=vKc*9?V@;-*Gw{Ko=
zYF%C#ysyU$L_8c|517x60l7h&<nYMrpTvZ|N5V*f!f!{fTf+Lngl6-TN93?Q^l}*=
z43vtw131e@PY-V0c3n%COWmBV=bJIFA1^SJa+yJWLIO9aMwM$#NS9MO!TYyqyLek&
zC_XC*cOe5tof3uvD}@P2OFOY%7ya!-<GpEiFANf~*wOiPf%Xf(tyhV92AA|=P?5HI
zml!3mXlr}>ktKa(5ngFe$15rK<qZcjbGT9;fO*acsa0CxuY|sEc8VDx|IT>}rN*ZB
z37Fgmn1U<lR<yJ1`^o|N`m)he-Tq2OD6xEROti`9Dar`V?>ny1e)m7wlF;9dB)9sd
zkb3sdMOxk&AGar(Df0{3U`0p0@;A{$KUHHzGuGln7B?~*Pno>urBX-igQY2(tk<Ip
z<M>eu6|rNgbe48|!w7p5A-`<C!-Wou+@*#m(aqOSs){CkYje``H`hbKoL4vXQ_9zm
z1Df40;)x^#Lvw+<iLpo1T}dlMSCjK@W!Y;5MMeC$zkk_}W)#+%-SRYC&O?|e3Pz36
z2MVrV13F$-@ybB-WzeT}t^eSt@O}8!VFefMwBrgTkwvwo1t@F0U0Gs5aX4m^ANCHZ
z^&YoK2#4csR?V^2(49;!qiWG!2i%3$aa`VPv8A)?9Uf$D2xlQ(&R@`a`21Z$ui5LP
zxdPscu0z6(`^oRLPJ*%ACt8cQm~t5$C_&t^Hf529#27oZr7<G>&@)~azCUiU7zUcV
z+*qORPlNQ<=#)1Ll35#b%PRj$IMMsVPx0a2tMgtHo0a`THaUX@Y}W+%)OZhmyCdRH
z3?2wmF<_46F@nLEQs{VFm2*B_!6OSrF6hfcZWaudWo%bDq_0(^khaiK5=BLgc%DgP
zy%*egu<BrWCP2Vr{$}vrXBHZ631QyS28q{fHxOv%baj#ZX#cEk&{w7`xl@MHUu%7h
z%6D_sul8ZryY>^AfAl3EAgy_Kr0;)D9vM`Awwi`z2>Ppj#BB<rAh>U8t=|n9$M?a+
zT@~f=xO-MVC8AxvsYx}njQy2wWmR5N3OF?IjxfE1cNPSvcn)!YKW}Eb@7Er`P2lnw
zhqd^(6=G_{9ZJBAO2B3NmGgw1Qusnr`@E89Xhwk-N;r8R1)pr_)C3j1)LC@}8ZRme
z-MW7ur>5E;5PqqFK5-`SMP+zhdlRVg!kNjCCAIUxx;t-OJ6?uP%K&+nX_~?8PMEdl
zw*7djTSJ;%4iHF0OfWhcc0#_=IA&Z3{4b9}4aKmJ8_!^`Z((II;`aL(SR~3iL4q6a
z)Ft#<0VI+{5h(mT+r`(6pw8B@>E=(RYz}jDp48{-#l6Q`QymQ3jx+0IrKUC8PxwvW
zS46cXjop)quISN7TE3@Y2y*1-qxE7si9BZ{%Fg%L6$|g>Z4&z=7}=_`RgHkybDo0F
z=}lZM?J0as?#h2_O*rqNNI)E_?C^Ilj-A}si~g)jxd1A)=sAhFzSAkeQQs#4C<I<q
zNkS)jea~kzzPBET1G=p0ttZ52fe$X)SDAIUtxosb7-@4Caj!NZ$C8Ou2FI@RHP`z0
zJQ<dmIk}fR^`TlIVGNL{n<$R|Iocz~;eF{}?*)H~xiQzvGRm@e;v=85k|1hL?nXPF
zPx|x4z}v(^bVlnc0N2kBImilh64@{|g%iKHmp+$j{&V9_Qdu~_nUsXI7ca%R#Q)<n
znjG52$@Lq&67*Gzo^P;rDmW?>dqH|eQZe_kQ>euLc{Xf*zoqvojDq=SD;l(uPfX>m
zdie<(#KvGbv3KUVg{zUd=3nyC`vhPuZaQT|IFcEQWZGXd$C`NrniRuKZ&xpuU{n)1
zN|ZbMR3aOeytCuv<Z;t+1Tk~@EI2iy9$x76BUV~0!p?WaWsOdV=J)*%Ih#`DAh_gw
zh;@`9P%$w}vL^H`?O$)eWK`J44P8q+eoVzb9-`-3CTN|XDZD_g(}i$zu@_H)b9s_X
z1k&N2RmjOckU=%K9OW?5*_^arc6rFk!513`2DT_&k>G&z8l$3%9bgBzqu058p&0g#
zzslr2^v9@b8lWkhM7DSGOc{s%t7S)#;oOiXnlE;xbZr4u{y0au#e>&79}xCEV#kF`
zgE$E=g!L!s#&&N+O%-1C))DheGY6m#JIJm1K<T0n{hHKgZ+@z72x;h(Sx>OnlhM5!
zRm*To4vm+>eWJN_$gHl=oi0eU+we7sm7qcJ^GJmb=&P3>At9)d|Fn-{LN(&~`{EOw
zXVX`q&OrO`JLtj6Cwo#_BN~%_oWwX%HnAns!@zoXp{`Ej$B$CpwY)mInFTp{e>Jjq
zbf#qJi<*-h$74gt#bEH)Xxf61z#}KA+iw(uPa6Va%Lgt;$ycv}Z_%v%wb-l&2pD17
z1WwIoL7ZBBfT2M)y~;f7kbCB9=U)JY8vn#-p%9?#e18IcCgt-2Rbt&dDvRoTA|&I4
zGqQ?8Tw8Wps=&imFkY@ZJfPpUNS8+=M*$~;axy*q_0kuSk&hRNVo+Mc>Z>~cuZPk1
z8H?|2xs#f43UFRqnL`PD39oH3R(s00PBKf&H*}#7bZjfqMs8#vikwf&Kn8^zSkkV1
zr-Dv1xTR1+n2Xi5L{9Wfq0nv^QCQf0{1fq0xI06|`bL3DUyZ7|^M+O+lMm0Y^^zf9
z$tMyd%m!x{i4wf*x?;|zz>U}!gb5{6Cx|XWrv^@*wP8W-AXn3w3S15q2{}N3x=kJH
zAdMhChR>+igyZ@s+c|cVFH&0`ljryH4hgS~eJgQLf?CK}#SA)yc_kks>r0Klq-B}N
zG)`w>`6@rR;!_#_HZS3%)AUt!sZ~Q4|BW801i1^qTWkR``R1IZ{v1ZATPR4-D6VAI
zq1vhgXa3ow+UW?|lRA`15AA)U*x+%_K96<?0Xcl<_N7^4c)&ptggOcNi$-)?mSUd6
z2`VKbkhP6HAjW4-{=^RuFtOMrw>e#`f`Q5ruvREAn;{xbDA!+z8{7&>6>N-JJB6<k
z-6P3$tY@}DOI83^ox7`L1<IS;yTft6Ch#~z{k+Gvp_(q?a{1P%Lqk)J!$0;^7M{d2
zqYxYjCsLTtv3W$TM<aD>qHv;vZ++M4$vPrLKl6<svk<DP*y>$M83IEz9ZvRrhMJ$&
zt~kjo0u|UHr(RVGQrlB;ObqGz1};Y3Y<>~gfmulA;|Qklg^Zs*=5I?9sHoHm(&@To
zw_Z&d@F*pSA{8fCz<DMGmlMCCsYVwUG~SnSmx~4QbSfRk%Sn4UgtM2vSRQLo-S3w+
zAXE_%%1qm3*OlGM{&w+{IWRi0l{SQ1WHZM(91ufA*WdqrCqTA@y_kDEj1(%yOo*#o
zLTx242%GXldAkQa&QosVIL};sRp*bed{A0!e8h1xw>x8h-|qH;@msqT>cmK>^><HI
z8yRJ?l7u{cZu?U@`%UJWP_dC-ts`+aQush#DU9<p!Dn;rwi_D1$U4>9>%VAZ+FH(7
zwecdQ24<4NVwhb1<yAdXf)^43PGIJn#+&9Pm;re<G9D2uxX5c!!(|;&Xh--$Kao!@
zPN>HOWkM=h0yJA^M67X9LY-EdmeHkIZt0B=j6a-fl1Sj&q$u-#38NQ`kEFcZk9}VY
zHlF4Dh{B}rS>oos|32o>S4&0G^YSp56O^(3p>m*Dq)W8tpk)3T&oW!Uzj{_GHao5v
z>=0>vj1US&w$OgS2Akr`D(;dF=UDbgP7Q%kgA(V5%{TE-T_q7oHYh;V*J5?+y8Z$(
z*sd^WM-u$px3hm<05}cN_i95~&+#0Rom2o;$_b#fG}Lrg*8#Xeu@ow@lyclsf7oQy
z(|C{rO$*eTa9lMzo8bi8_JQf$rW6W<PNZ-vTB_sSlV-$pj>CaHNVZ7+q$1;1@#Knl
zaK%Mp0}H>MCxz9W&`u?ODvofn9x{;6mp)nhMv;y&XubSN4sq7xZng-r&dqZrpSMnv
zMin~uV>a!50vz!1*oguxOSl+j0z8yg68dIy(TG{UewV!Xfiot=+#Wp*MWO4UyR%wX
znn^x4p0Gob_|ajdvwM0{y5~QE?&!Htlf2C8zG5rx&A(N(y5n4!=6tJsmEq48qxzh<
zJ_{!3ag~jp3aAw=>^u3olr4Xwj7S~M#}ci7D=R!l!k1ePuH>q<NE;-ci^k|k@T&}D
zUE3#?bQ$VL)t==vNeGT+CG6iq-^%pukG%aM#Y^^~xPB}MGMT5IN1N|RG_5qA6L$S^
z%ln<4?3Q)G`B5Ac8t@yfz#R1ejF`q!HMnHq`VSO!NO_Q^7#G{pg1Qw3?zT9>QQD64
zTkT0-Ar2v)Y4Si%jR|F`+pK_Jd{C3Gq`xiUq!^CG24m4?NnR$qK7Vpj6QvFAWK&Tv
zyA%&qy2o^vj~4<SN1u218NQDEN{k#OjifUz*1K$|4p&L>jNAnJLB7XGD^{WG)IXk{
z#8J_DEy{_#b(OanbIOV!o3h~~wf&RsXa;dengq5iIcB0&-J-m=1&09?6oR20Dq(o5
z5^J{Zw>s;xj)`<SiXs^2ikn?Q6i8NT`)xL}$>i}6L-i|ZNW)x<y@a4*DCVyVl7^nm
z1e!BEPBl@BzZJ#L+0y=8EQEr|p{%%3vEWRJHQ$lZX0_;i#ZsYvWrJp)sLT!u&nBx^
z2bbu@lg<XGC(8{8<ehSyj^As5jd6@UBZd2mrH39j=O*uaC&evJ%Pvz|KIlSO%Bx@|
zexAg%7pT8$?SwBT&SEys7cJc9fcTUsb6lp!f)L_L{zEw4+tZJZcOpl92-m`FuLM`=
zbXrD7Lt?a)CxJFUBspkT)oZ?Fz?43euWA4GU&puJ4w0w32(WjG<pc58amIKR4FZKC
zfie}&ujvfOBB^>$#(sP8BxqFAvI3dbMH!BUi6FK34@;^0-_B`f@v2iJit<*@=A%cR
zh7p$0rggNhG>ZU3$B_svRVoffu);C|1{CvMnbFaFIbBN47Cmal0`Y@9oP!d>!CJ?O
z8DaKivMG7<8Gg6)1OK@h*X>z7v&A&nZ6(RT@ueU9V5wsq&;#g;j&SUT#HLZCH0khq
zl^~ffTKZ5a+r;}IpW=}Cth$-qR4t{}JexTAR4_Y(%qMMBl4OL+Qas`H;qrnVGqXzS
z3n%$aHsqKR+yt4V*NE3x(AA31sI^UcS4T=DMR3N1KsaY!EJ~SLpwy>c?#^(vdKFJL
z9EoQ|MbM*UDTcO@ZG@Ja^tJdz@%vCVNDdwaqAwaisfi?)A?v$RP7%3B+l}Nitq;i_
zoZMx>QqgFgG9EXJP#@#2O^He~<du_GTBm+zexLd<8g(+;U&je4Q#d1OG;6LdUUx!E
z#x0Qb6jn{XZD*KJXPBY<Dzi%@IyzfL7N;HmE3gV)Qfd5J2XH~fCA1`lN{x`<;q=4e
zH)TEI$s<Wo&$2)M#ITmT-4M#h%r6g~0fizY+T9YkU9h3pa>csDGp2$LZ+Ru|czeq6
z$Z<xc(gIQ`32ig{A4UEPBw5@^^t7h^ZUvdF{l>0uZx&=!RB~ZK#N~)dhyLXb29E9x
z0wNY*`GIUN%fph~G3l|S%E<qRwYLC{qiM25ZLws5EoNB^mc`7H#ms0iGcz-eWHGZX
zW@Z{OGxLa<8Qy&U_wK&8cVEPXotTK8=;*Gh%!298%5x6;_DBQ;@tBat3mx)TieEd#
z9O@~$Z8@3QR~G%T+c|kMKV`-1a|0(UyZSi)+(KtAeAFNV<B`O-H~=bUxu_CH_blkH
zl47vOGZe$Ivr&Qeo-7Q-%Cr8QZg>#MDkjk$Y$Pf8htw-cDqm<9exuVIv#r6Y&Bhq9
z_!;E}$op4$P5!hsnYh46No{7IhOqsbfFmG$!?JPb&_&!lh^S|d?7^j~wKL7Rmm0_v
z?+oMJO`R;Q%L50UocWa5!z4DGJkLfJqXRLtTuj4TDwH~Ll12rqW=cK+FhM0uX7_Jv
z+KV<9hWO%kvrHB%rqM>0l(1Ylhf2^qraB<bn=!<xt92mehW#lX^P~Nrj3-%(emS+*
z5Iq4<NKzZ?*IHUd{3;O~VPxquFm5A%$CPNRZ*+26Vf-vE?D0wgoK7yPKB1gK++g~J
zA=5R_!b*=HL4mPFJP7(0T?tvyi^6AEcxebD%7CRaR8WY3>Df&@V49J}>kIk#od${p
z-4NMO@*o<<A0t5DoZL;C-!zqMc)EYmnfGWXr6hU33rtd>Y9mRBeZlb@Zi{)~O&Ovo
zFzt<$!`-oroY|Tc6OLvTKkVfgO~IWJPmBL!eWq|rxFq$?Y-)u6?&h|-0R`mAH8PPt
zEP8k%(+)OCKo&q&?EA5sbvbsg`?*T%6?#sRVF>+LjY+F`HS*{JI|bx$d{jbZ)DyQQ
z|FFxsjZtc170u$Ym;T)$wy`0Re!!E;jDS>>^NA4I!4JOtNz+43e?=s&_XIyp#A|^^
zkxdqKvzoXlR>$p}L}c>98LdyF2E_xFLx91^;b~e=rVm7bC|oKHp90?E7a+?`D9>KH
zb&&N&p*MQn^fC17u%!=;fP-YfuIan7W5H^;9%*U(4nIy#8woBllKm6$^Gi3yX+rE!
zvdvhS1XzorZ2P=Dt}31I9p22O_`Zu!4)Hi?^at;Xm3iwOoTLUhhnIY5QkCDIuiBR;
zP*;)6=YtudMw-dZTSST04gTrfs=MjN16Da1#Afo>PY{b$Ht{&<5t2pSDgFI2c$26$
zCZT(q1LL{bUh|b&6r}oAKReJBd_M;VLoeg{Ig$1F|GKKe;xg(@Jx-}(%}Gi1gMmS2
zktUUFp3%f)s6|C8x)Ea!o=P#RcpAydv?vBnLpv&bi6)^>hyhc53Nn9Ftq>8^@C<sv
zr%I!#)?ZQG8wp)fGTq95jI6dgrKz*j4RGlrPZ-ocvz2p$yiTUoPZgbN_f!k{1j=Nm
zG`y@KhjY|Bn#%uly;K%Uc-Vx?D3OTWo`Q(Myh_5K=IM~bR3oX#e07nQ$ZdJP$Qhv;
z7-1qlOp1|O8orw-mp71#XI)piG9oxR=7At);AXu{t31b+C%3>fhni19kQ1k@PH7yP
zlTu@_bhyArO@?H=<(E>w@R`Clb@_o~XDzI_CK>v;-)*FUv_R0)v9gExQEwTy8j5D%
z>2(e)U-$`OC0VHR<`AGjk)$28qrhME=X{eqa#+3;0{7rXXJHfuWKWyP534UrXrPR5
z$z~-waOH4B0+Z94I>d~V*pSdjieIU@^sB5uwf4uicid)lHjqj)8?%>cp_U~RnL8O9
zZlJ;59AP4c#6((O?UVqtuDWJK&N7L%@GluU!1Ne8#4g*gN?=28&L95GffkIBDi@%p
z(^*BOg7Un@0u5z&*Q|Kc8W~~;ttY3N$-72}1KQQnet>4bX}THlqqy08<w8Kzf{ZaC
zg@*L6B6Da-d-qwj-XQGu+SQykY68P<Px6DZ6KsfYIHQoyzi<PF69Urb&}cMG6aD{m
z-Dm~g(H>s+m#5$7wADo!m$>B8$B=~8%colGhV8IR<dLCLG0{mR6vV}o6uQ<5mDuMx
zJhNG?x2JnI;FIGk-DuIo3F@+9H;JIYxBCz`hxJ=jTWzuJ?C$61$RnipGLNTWn(MFE
z*_KK$Dfo0Q<5Eg%#!g#e{~7x<)JcZfthQ9;^!xV`hcJGl?NSIi(U`~tp?8(ftw|hW
z`OdsP5T;>2@6Ia!cLs^SiD<S`R(}fqRT9cxr=osZ8Wp2WeY{hTM)AyINj8oex(D>t
zTZXw=nM;0I8Nu=TV;jepxss56p?axdF&r6ZlTy)p$>htU?3ckoMPL5XDp>Ycyc}d}
zTx`5CQj}Ey&WveE=A{3RFXi=CtZ%zRi;a!QPZZw$v&HJwUXXamt)(8}m+9>^qJk3^
zn@g01x#k}ha^<udta_U4LGmgp)~omD8!?61grS+-uBo;_6~I#;>zrvGc?AFZlNPO3
zO#(B&>C4srF1L4>O1bZ{nh}ikQ1@iokY)aF?8a!RThAXRF2ye?3siM;i^<;_bchZv
z(#@4jQshR~eRj>;?$=o;4#dXJ${+3)DuAA!7G^5(JR2&3N)vq1OP`WAL-}8!O~yTl
zm?`B3<T@@tAtOi)B~D}CpSXeJgxn8${ph1vY|ziH^IJpq6I=BXm4@?W_ZM%Y_tl*Z
z{?);sbC}pm^>KR>%y-8SN1p&t#Zc5{#kKfG&{)zMM!8FIFG`1&J;n(AfIgz}o&cQ4
zs7$Uft&!{uZQk2O!-wlr6oZ9m?E)`#!GfR472{t8ZR_OS3B>8so2Yw7t@rwyxm+|8
z?2gC>jJiDsB)>>mU%vSfDSa4M+38+{t@4<&08`yQ7v0pS#a>#OMA-;)8v4GU9xgVx
z)6e{FFZfO7hpNCxZa{6dUX^HV!*7bi4c?Gg?{-<}`YmFWnFtBH6vcFk$mn2&E(PO&
z$>i@8%ZQL+E+uG&qh%`TCn?!!R$NXUvHjNi7KE}#=RB<Lvvihm@UVbhbF^m3r{#Tp
z8@@Lqb=o&c_+hBZ^I6tvxhcFuS%U_;An}V#1aO~JMISHj4c)$|vT}gl_tNsN904<6
zd-@pOIzy(0J3isK9m)_s2%-4JtDv1s!=-?5EFhXB`RDjibiRf%-4*d}sVq5VC~Y-}
z5zpq@yK`qsP~mBGHY5AeHHYV6^-=v{N@&&Rd2Mel$W4T%T+JPR2dn1&X_nA@f@yk*
zsDMk^s4eB>7zJ>oLp_#pNB8Eipbb}w#Nb06F7UN$Peu-bY-0Rt&y_<o)cb9@Z%@|R
z)2ed1%^&4mK)|nrw1r5o*~KQqA%nIFMiLTFH2)X#xZiOK-zBiYJn`WV$z&AksK6(T
z(k=3-_G1*^zU}6bD!V<am)+=AY?N0;zE}=1I?*B$wYC;4C)RhA8wO3zdz0NMj+#|G
zJjTm<_{C;JqJi444RP2DY-hpry1RK(zpSSw?&u75gN9#*1P*;598?jq)#~DmBYolO
zVURP9LZP8ERBH2obAl#m#rP$!CSNBES45FHjFu`p?<h>hCx;9mBDor?ivv?(Y;24i
zKX@pbVg)W#54=9zcTaAOf0UEr1kq7bGj60Di&@=_m`4asJ^ye=%n*IPVw%xMl0H_6
zI%1Fox}wUnC+5Q_xqSXEb}=vW$F`U0`w!pIv4Na!Eq)zV-z6@uLreCpK|bv&<9u27
zoe$OKyfF7?5p&0C>HAAWK7NKVy!}?H+*d(pmj_K^7rl;hn^iiYTSKAQLO<O2bv#W`
zJKo05w=N5_`o3?xAs^kb>7z>Y(c3<=5_;djuRZ`OnH8M%#v^WJnX&hCsK^tkxsClH
zYZ6?NK)(2#6GS7?J?UK;&et*F^kEXVa=kaMCaFXsiVDB$5yzgJYxg%zJ6|v=T3;Z3
zJLl!8ZlOm-YZA`W9(_ppO=hp0L1GF8JB?XAmE-fdq!Kb0MVSy1yD!CA>DAc8JHVa^
zb=t^)fsnlNQ*NFC`qL-ufFxPg{7E#SEdHPYB47M(?A9#nB7&nwA9EKjz)bc(ALlAT
zi)aH?i)#g$+~1gc2k2hDkrVd~-r1@S7s239Co%sty)GB?V2x3x@c>ZH<$Ck&Sz;lN
z=h;z&zVRe^c9kU@5;P!7&!EH_8#w9BSF9BkSM=$gd-|!NIuBDr0Mzjdwe9#iJYJFd
z$4w395NDu>?d?o11Aaj9zy+sZhIhCV<O?5WyVBBIALPej5$6P>rw=;0h;&^*x+f^I
z-a5-m)(#tG)w*1v{jsOf=(F$%4078`HLdb`bTHg+Lw)kJvoFvV@+E5-4XxHs=`ko5
zNE5qLcuh%U_GNz|jc=O)3ro8ZKzR$I+h65wWZV0=`j>+#!c`C`d%SQ>rps6u#*IE+
zT|rRMv8{w2#*juvh#JQFSZ2D<c3aRS^-1mNy+lr6Go6Ixyo74hjMJnmv5h0@d?S5=
zGw7P^e%Oog?FqY8+WZ*g#6@+iQ)nA;BbnEhqr=YWoG_Li7?a$o8GoH{n;ejS+1z$g
zIR%&Hw!>$&SUd92wDpwEc$WZ@PQUS#k_dnxBK-twFb4?w><~9n|J1g9ozdva&C)@3
zo0m|FkeSu!wB+#fA-HmTM7Ie7PqnhkP>weo2@f;f@!r>GL?-3&t<~*hN^I;A?tH>4
zhPi%YON{@4SeExzndf<D#ANCGG`tdYQaj!wf~6f*f4s0AZZEeL<J%Eg>@KgS6pmZ-
z2#V&N|GlxgY7pJe`}P3h$a%OJ{zeaKsr14C=MrKR$h`~jW<wN=ex$3E%?P0X`Dkpl
z(E&-%_Y6VTyd!x%l;rbEg5jJOypZoLnO>~uu1DCe+YwYeZYMLIo-RF{xpu@T$#UYv
z@Z3bXXR~|v3;%TM4(7OT8)2~RaHN{O>Lbei(YSuFSj*qyLdQP9d2R^)xAh<pCGbWs
zaj|73ILP0%1T!@gp)0W1N->iljel_69m68duo4BGp~JX-AHbvMjpFsR-1<f*n*D`$
zvfU9j%J)EJ_N@3vYmWi4tj^2!erFeWSC+$VXDggiXFy7>BQVXI`@%Bm*4np)z%;`L
z#^?H&zv?G%3a>4p&s!<c)&PGqPGP18ZkE@DbG*$Dkm}w!9!I86<@=FqmDe0XQsAe~
zw_76n86<X4n<HJ%gW7t}wJlE!|Hfk#&M)nX&)}S1jZuT8HTQj9H_s=YUM1?6mv^6t
znF$U^-Ig6xa3XR{^~2>e|9W_O#Uq{1WBvvS>Vou0<X(vA%U&pd|7mCE%Angurf>g4
zqfWQRekOpvR%gC;l%-%ox1$GN$Z=l7bTh`cY3=i5d4|2u^|y^)wT>%mFY%rlA0X~e
z$J5)Uhixg2QXjQB84gla7X1G2{4XEJdH0=o?zbbuERLk}H~u_4v3EvBR<=Qbvb+&M
z+4!NZ`{O<IKKGVwtlls#Wov$T9S-fB9}YUivJ61tTSK1bjFkEool$Hz!9}B#Z5M5v
zTUQa^D#?jgZH(rJgT#9h7IgZGDYN~V$9ch7rH<^a;t|$9bUs%=-OYl^4Zmv2tf1uV
z)SS<vn(ZwfH`SDvZ>uVUg*_gdcN==!2^s}sqi&`&m_7`U-96DM?5=d<yzfju?{_Qp
z1{%sKPQVNF@SPWRhsSNAdWRV?p~oh1nR+|=g72v)7(3Wc>mTVgn#~o=Ji8);v-;Sz
zMw?t~e?7)8qM`y;w<-N(a}~h?<PVsU<;LhN+}JB%2*~}qy#@2KmE74)j-?wyw0`v?
z|Ff>w&6k(UM&B;y1z*VIpH9?!<C#F*dypFc^LLxJqx7bGx%+D5qf5(%R;fh_pSu~Y
zFOki~L1^HF7;gI~^TMruypG`IS4J-mM~aGv9^<CXm+R5XX?ig0!ro{qfcxx$RLAR*
zTsU6={1`wa!?W@JhN7URW{Zs7^2p5&DsvqFoqai)r&IX5cvkpPv1qv!<^BHp-7qEc
zawhw2vhB?6ehmftt+DAWt#WHesejwK;Lon#-kRqH0IxG}q{EKYL^e~j=65z+zR*|r
zm0C+!Lhl`)lf_!(EpgHg*K2~kMl3&T?Ds3?#fDtWCy}Yb?B<Oq<IcBEeo_$`U9H;W
z(>Kqioh$my!p3y~xg|TO*)*$b_TFSWNy{fXqC}Kpv%5v*)5QT=25nt$wfBHYL#%CH
zK?Mx!7MzaPF4FbU6+M3|h6DkEXz;1w^CW_RP$+k`g~$bd&wk%*IGSB|YVuazHC^9!
z44;7prTv1g`g~z_^rwl=4@6+i0*C#rTv(#~jLre_6UXGAE*Pq|>!Da#9_XL2zV}S{
zTz-=FwI%M~c>JJ~`GU)Kx*nqIb!_^u<ob?Mn9YUh+i}j<|54i065;G&Mmyx?WW5ct
z^I>bEs<HaxEi2N)(ilH@8Ptu^-LNmzNPTRhQI*1egAeQTWWn3|x}>-eR)0Ld<=WYf
z;oW-M{fRzmpcyMOhEy!7e~jH5js1O74F9X_0LBTAZqp0G$x0)N9RDpM_o8`IV(qLe
zg$yv_&o>6ceimd^!{QIw4E({~gs{IxIDf$%vs?8fjcJY97bvcJx}5hv-5%TZe&K3h
z6WMiu8Rvh;cRErJNgn8orZUys{X?F@WsQJIuM<Gz^X_>t-Hay73v$YEU5DQL4Q$-V
zve}+)oY%BhZ?p-F-94h$4ks0j>az8{#rkRANB*$xTG`jjUTAoKrzxHCKr(|LLP_Mi
zn1M>&!*bkyKb2*_?<lIOGyRbZOAomBeQ^aUisy*KY1mPJd|G7Cas!WGn9EKbpnyUi
zJH7M~KXtl;%qv6VFyl>k<Bof0-xDlQUfCyA*)CJ8_%M=vE+C`A+Tqn#pTg$Iq~V+L
z+v=Oe{T#!&1Zv^;#rAv{LS!@BPEJBXUAX(z=MSo7>LKn#W4j-eCz!n93$q-!e6CA%
z4W@&J7HjLL+f*kd`(E$)qH;q~x*+kf@kqzi+sw$r<*;6E{h#d~$+5QM9O?S7D&HWE
zGf0(5BA6$5i6{vj$-sOjBpEDEc04~w)Kyf1VTpXOO|zU32%F9;7n6%9?bQSF<iB*>
zp5l#d&Pxv&;=>iTv%=4@)|17c)c&Nz-o6#13EF-UYP&)WS0IbnP}1<)T|U0pghYvV
zs~8A!T^HTW;#IFTAg62J`E)STn5_WE>)}M2%MCkI*d7DGWBDZocp5Dc{NW9mIBq?-
zZ&lmT3=b`c<?|e`tB8rxAD1$ouLy=7hm1_LW9xQ2;&JRPP903OqtLa!C`NHSnYE36
z<X*-HHheD|iIAjmDUM|+xjzTiN!WrSr09(a&qO*q)-pG^b08LLJaDq`?h$=lM(8gF
zHr|orIS%MFnh_Hdo!zcwLYl7(egbQ}o`x3WTh*Qsr!O9OFPKh-$w%b1s*zR}DhEQ(
zCwlHOJsD#Hn=qa0ifvZrzc(FE_zE$6?rEZwFbQLp<wwH$Y4@?@_~@b=mS}UBUMDzz
zanI*1GCSXPgU`w^A(hP3mwd!#m!`~6E0qtV?R5{k0S2f(NX1PE4S&r88Tz_KM)>l*
z-4ycc_lA+m>n`Y-+=GETaKH)^&HY^R#I74xO8to>fEx(Vc)=U@Hq)OKvfs}iShC1R
ztJQ$o?s*5Cdjdpyo*A#KhB=ON!am<GU<bdhUenjm+xBX^ZUkq?8XYA|I+xuT>o%<p
zJ`aDZ)E`Y@WTD*l+;}D&=X;ip%cHEa+Y;(`%+lCR<+!w-aS8G~d;0{UV!)fZ*%eq`
zg7d#4SczZM^>ZBOTgVt}c4_x<w?|n|eWB}kEVl)V3(=8&aT|Rx8TNKv3ywbJ-fUR0
z4W!2w!Wcj<#|mRWPp)G|1Lw42rC*u=pVl7C-cZZbxry-D%S8lr7+tJ42FT(cfTtS+
z0nH;9-DTg+)aGL)ucc9InXAq26lZ5C?fO)(wt5-GK&|Y)@gQNoxGBtQ%g$qQMfS3_
z-lm0gCsl_l)?_l@kvnVUCi^ne_P$%qFhgPH@Tzg4$!)+L7nt^)b>{gz+^jt+`{ibU
zc7>bKY*3F!Oo+$#jAzyJUe|t3MQv*fmWagMvR{nsc_g{KE1RPtAvwv>$_*pg=h6b-
zT^+>>lyt6tQv?J<SR76&R-@9AETnx5ab>yggkO#tvO#m~>s{+>&PA)L{xT<6LStEy
zcO$!Ik^}bpx^Dqb%bFQ(M>vZb)eA2vtNR$>#Orv5?9%2zw;!i=Ls)d(TY;W>JCnI^
zVAcd}cN`4e&+Q)f!i99+ZrPza?Jc=wWr#8W0R9a<_{k;<kS_)hDwNGc!XtE86hA55
z*5k3py;D0iHMNNGY4=FM35llQOODV<$L*`&*KC3_9LS2|$+VmpX9-8x9b?}hk=h8U
znRdCr+|i%tkaXO+?E2`<7=kc9_R$x@l%BajR+Kq0+-T}yd&CP^scYG~lP6{OB4L^)
zSM!@En%jq^Kg$8avoLg+E?Oa9)FEUhtT>)u!1>lEE)0;c1|SWM9b||e4~!9<-0v$3
zr|(jm{Njy_=TEHtiQ%xEeX{!AE+Hv_gfQmo*?o_U@3d_!0&18WDgi9IJ*HNWmTfC6
z|7$nE?KE7h+U*Q10*?tg8+ePV^nKQRx$S<g@&ZvLVBU$qgJ3Nb6vqpWW&PsO5ed9#
zNA5Hc379@m#_-}}JTK&Q<ieX~dJv5BTth^0xiAa~QldtkW~?d4&Sr*ymEe9sA&N;9
z6D49GQPH3G`dcG<+!OXLsS-=5i#eTY!qig#0xC&_j>GLjPgeT6qGRsqlft$Mh9Zf)
z^Lg8i2Pfw^4$v*uy3)5e9Yq+%=)d0OWzZqn@CoDgL^ZN^IA1qT7U~k+oUUO7!lLwi
z0U{5G$JKezbgVt!rRC?-bDVqK;7r0&W;&ESR#O1tAfImfG)yylQ<GNk<yu|FxM<ZG
zuzY-{>lo(@nQ+*C-%O8m_~in@sqbX4kN7!ScOvp&jTQ{BnARIC(NP;-Lo@Jmxaef9
zFHs#mZC4tK$=28<sM==C;u_&=tZa&5%5C&U<sWyN1w9|QAENltx20+ZcNx%dN*d-9
zsmS9??S`Rkn|0T+6o>c#P&6I@p#kW|6t2WMGc$Sz#u^Ap*yCuX8Cdyh*28Zv=0^)P
z8F2Ictilf*$Osn5gSN!15D0Aj0E{6DG_V~W?FvOX3d|QH9PdRfvMd@Hsq6?q;ZF%~
z={LFNYZc%J{ZtMh{sCKiCNxgznC9*Xqob@Ic7;r^7$O#nJqm;+8fVreIe=YMwy9P}
z{}F=7*vaY8{fL!ooBeh&^28h4zF6&8s3BsuO{>VSd#119^_XU9KYQ^J+w+QA`4{=3
zcJ0aw+fZ>~c8}9=wXH2ugUy<4m^8^;m;e<Z^?ZW7yJ_*oMX+*xZ8W6iej`1aI-UXy
zFy~dCrc3h7jcwOzJljjmkETsZ<$eBf0_I?wU>E?w|8(05#%8g@9_PJ>_+jGwD?RCY
zP8KYF+i^8qnsS?~YB5W(ZPLc|xD#)G!$@jB9d0O}kQ^Fun=U^8vnhhiUcPgk<FSl6
zb{~a9ICASsL+<tI_J@cFE1zZ?VqqpD!gGlP7>Bdlq!KdD`)RUSN%yBiH<tZqQ8hlO
zB`3E6M~mIIe*}zWO(hx?Y|F)T_y2&v<!tm$*VVPoJGzdLS*E`Hr_$WCwLv9b+?p*u
zRmO6m_O+a`6H{xG)R}n61=?HOApp~v{MTIzQtTv{MB1FZ+UyPA>3A7>Ae$+|y8!Dd
z;3GJ&*Zm?e`ztrlj!i;~=q^)+jFSW&OV{hm6A~{3W!woX8>KudLQa|X=QWQz0pfx2
zyf%_~f2?XFs8A$A|9EhQeIdRp)3W2}s#^1e7u;t=D9*i)<i>yY3M+w(vPNtb1M|Eq
z)jRo*R@wEFFgFw5_&PbCQHZ%Gd-JWjM71FpuL&1o%$S1r3SMvW*{d_OMSD(m#*slU
zZC<qs3b1cxA13v3YTv={k>^|QmghVlZmEvy-`m<Ve5O574h4!N4#aI0e}^fHMEK<u
z={4sSsR=3z2nq_AlW2cN6+#L6EaXS_`+i-PfB*E<Gs}GfK6I7LR`}c%<Gs^pqLsUq
z`=8Id>F~JMF_?#DIDz`%xK>Vy9gAqF#ToArqN1+@bnmzVUt(2ndp07Sgk>mUh4c2Z
zA9@k$d1ey6uT^nVfhDQp7E0&>hjz(iWlZe}t-D>Uq}vOm?aLAoS(C3EkEe;n#PT-z
z4POwXV*-e;K&@5|-t(4^xwsy0N7#6;Ja1N9-Wi(Er$}_0@Cjsy`a^0Wb)m#F=XC7f
z$#)~>bi7Wq=IJ7)F&NW&{=f^-!7v=C{Tay&U21G~D8p~napM)cV}L;zg0p`_a-Z$8
z3Q}RdzDMTrr`p27DstX1O0`q7{xz3!!sC>(n%DwU*-};N{fRw}uB9U>uI5gKpx<6j
zOCEb3%kSH<Z&QnP;rIB!D{{cWg71gn(rNWZ`*3cT*A}+kM0@3ubFpQW$D_o-y;~6p
z`wP7LLlr^e$|^MTa3lNmkgEvEIu^_Yc3buRDDTEAI+k8)T==H}qr5mLTzDvIk~zYa
zF4V#zBY5U=Q<1z;zdRQ7l09kTnKrqk)xjELDR*R0BspLG9UE)kqnUS6j(ywN)3Js{
zJ631QY3Ed>F8`TYvG&{yA#F-!2N^Vbq(wBzm~Ms39mF`-`?cFcH!M}hnPB!8;AAhy
zrxNQdF@A>)Z;tbT>&xTT^E~|$0h)L*4qW@wr6FYqMucQ>vaoO9@ETp)PGr+_)-%KH
zF8it)2h(Vp0T&L)UJKn<19#N9$e5y3v&!Jy!dcqNFuckC{+B(8wDmTx=e=l-^`|U%
z9|V}0ixX}OxV^SpRFXAMCYg}Q24|&eTlk?r7`o7-8Vp#r<0;_0{nz+(<xyupLu^g+
z9Z;0#+y~4`iSDiuGW9e%!<V;%CnEVl{E*f&kDvfccwmmHBnW7jL{FcDtHNAmvj)Sr
zf`E{Nh|H;nO6YcB!()H%&0#eC<;+{>hdmkF#p^7Y@tS2T>7T0R30LZ%ct(83+1LvH
z9`F0NFJkyE96c;v$MYC7O|<$<v3&%cuYmNPH!=RFTr>oY0$5h<CW*qZtJH8bN^rcZ
z4F!eIjUTW^y{Op;ea%OEhosqLN1V?$VLHk)m>EA1FUJ#75p@qs=+*@|{EUd1j+2KD
zpPJBdc2)g*{64L}CD@+TbRK_yA(Y5x@Mf~VkZdOzHeWQlH)BbvTCdvy-~I#}_lO14
z>sQwzqv!Qfonn-c`Hkn*B3Vr{=DK0TpDRjvmGWc$u&w;io^&~qL_Mfy;JB@~0BUp*
zzc3Vt`a@y+3k3AMD!%tkwb`=bK9?JcK^AIxNl-yW%>H!PE{jb8pYJRd5m-6;*^{c1
zfX4`KUSYO=wh=Q^9qveRCD^`w-P%^)+;;>VMlpRBg4`@-4<D?uOIGlZ5Vw2!tP;x7
z%xpQ#oFxQJ)N?9hA1*ZNy_UPYYbKH^)jEu$3C5jSf>ha~T)|qfGtu1eC~NPOJkIB9
zUVCUM=UCaGLL@XqUs#XFpRRhge&m%jMzesdB7lr_Znr>?sNLrdkFj0aU>P9a^J!@7
z`7?pf^NLpHuui=NMu*#F-@{chU3Yh=w9xxU?~BOv&QLIbH2|I~GN0d(#m93YlLg9E
z@9m{ec?Gt*ZYmfDg2D673Y>%$Wub$n^=GQQAvE3YD8q5QKgRZj_?lQ}L(7g}w!?X?
zk-_PK;ip3%>*Dlc6z-FKzp0$V7zJ+%PNjA&CjU#f>(pvPc&bEDs>xJX>nPdDu2gO^
z)9*JCufCM#waaf_kJBSxB3bn>a=I65>c9LDi{4_y^{>H(&A(g5%kqL~Z?!z($SF|s
z1q*b;0-tD<a_J9w3OcW7#(7SylBi_+z9wDJcOE%VQk`|2vSswf-NI95MpV2$Zw?y9
zbosvDPiQRjEwL({v@X0ojPiwUT>$U<CT!o}$J-xxM!h_vM;7Oz)5Y1g_R@V$D0q%k
zSBPNGJfUu=%?+=aLY@sWUYjHBE_y*zj&^chhc(QMpmJ*3;>@UxjYle3&PVB_uO(*K
z>FN;kc0OGxQ=VJZoqQogQxo{v)h)ccno2eZM@9tz4I{#R-5YY+l-5ZVz{W*w_U5SL
zxS(rR<vzCB0HaCt8;?{|$-(WUohWNLGcyGR2|<3<C&1Ct^lFrUyT?|*C;A@ueQ!e3
z+MC7Y$uKlN$FgG{)y>Q9oCR+o*R5cz&8rdm0SU^?aH&qG@^8?VCz7}3oY$kw)CUxx
z1hkm`8}`B(7RIfr1fNrIY@*Wk5jtAm{B=8Wyzffnx_V)e@nNX317NC?5wZ1r9!T_Z
z(P=+KuIrGklsMBxHMOgrhXTclEDi^LX6T&&voKV=ccb87@=JjqZ@$Yw4oEvMuA_l-
z>q0?6Gck^@Up<`g{2=dELtT?i;IOgK_520U>+8SN_2EXceu$dWO!^&qdw!bc!V*5U
z$OvL^y`#mi+Q_1_smYRm{tS!~GC9I+S8%izPVJZDeMRSadO)Ksf0ozKiX1+o`RTqp
z=jJ)jgZnWHh}sxcA)FpHom|<3@A|gKhKSGbIS|HjPsUq9DW{2V6u#RqhC9h%+va}B
zi7B&J11nojp$d6`$PxU4bx)g=mMz8#ebZXI0hB1z^;@xR#h@hcgrEuVibnjwq~V29
z(R8HP#(Hgx?>NfH0lIO#T;0&=b?tnX0fT>(7o;yUk2^!HhR;oaFT-kd-M0(AE18A3
zLAgI*LH&5PJDyLbd+^Bym)m_T1!ABm=J8(L_b0@e{ztdH!$SL>p@A*%Tayq@aA84R
z66*}ZO}<!+K{v?VEB4Tg^Ao}uvrxxKT8jpZIy2i9jCOgX$=S=A?Ro$HMBAeGUYW%1
zi`To#H{vf0E)(skbTc-{3HF8|Uq4^v)epshNg1*s%KPTx%mk>y@8#7A;L}q#P6OEs
zIs>n9#tT{!(cR0j`5b&{HQEr88OCf1KC0PXmO%meJoSOYC=4E>W?=r7=z#cuVDn<%
zdmHgSP3q;;M)}_+kF>XRrOXu+*dxZQIcP(@_9x+{dR=}#99z9;cH=nvdYHjG8m7MM
zYv&S_89}x_p!ACV3eWrXs82+Sv}N$OBjHa}5vkEI$avA`I_}?1q;>twtpAAWh4QNi
z@DLda{(`282>r0}+XGV>nd?N4#kw3A?nTkr_PQ|Ycst~btoHK}gXf|*pCfJJ-ch&d
zL*<y8*lwU4Ih)<ghJOvGjP<ekNPcrJeEHgI(f7&_TWd&M2Z;ofqevd93ovhiP^Vzv
zPo$oJM@Mrri;HpYbG@S-^QNN`DfON(C4C}4fhIq4sdZCoj<GmHq<$te-3AA8fZE4O
z>C^xv^VugPWq8zwQ|nG(t{8q4qv73VgS4uD>Vs;TX0ty+BQ7{>BHUQ>fenlSyZQ*6
zO!}_3`$CS*?FP4u%Wn9Xrc!h|w@`e_5ZqUics*rnhh?Ipk6H2KV7e9|TpeM|*?!h(
z?zg5!nJ$_uj)s!e_xZB*06OiKTBzg!smiwC5xRCLL4K*vmmCgLHqsR3W=m}u<Wc%w
zvBT;H(T2xQNMH;kY+mBWy1E8~+bbC}6Z5W-M&FIsdtnBAgMzH?G?kHRpZF3J;G$v7
zm!k5+h=1_FGa+MPicz<?OR%|VG|Kf*ms@R|X7IE54VL^jrH7%t(|t`_h5WtY3qK<n
z0INFrcLG=udC%`xR61EN6crs$_-c_%E`v}(BW6!PfO>}=8k@DXs4+XeXbk=UB16EK
zC3~Kf@%I1){^@cYTHSX1@?5aWCT?g1qLjrU6dQYmXh#WNN$OV8Zo7KD0l~bD&cw9a
zhiAY>Is{Yb*fE|wW`!QiPk$(>{gUQM_SbZFwwjxnbO^EI<6rrg$`d!Md)Nj`=p|40
zP83#`qpk{O5(a}=qzY5*xXmq?EbLdQH>c3LVX0KvYtQH3h09pO&6*HN2X0))^wPk2
z9B}%#%dF@@kqp0j=+MhVP?9)U{bxeI&F57AiCvI0T%A-H?DxNCuNdfh^Pb|B?+W-c
z@+(|9$5IC6rldkJg4~y0s;JuxW8P|2NKgsDI>IL$*dxTa7_-efqNof_R+NIHwAt3_
z01vRmHN0Q{gkj8TW@D}2k(J|ju$MN=R<RUh!`n)VJ;i=$es3=#Wr%mqA5PfrNlY}+
zLi2R?14oXN|7hM;NJIvG*I0ptwSO{guikUECC;p@d9J?R^>`}sTmhQRdU^O>A2I}m
zAmnV0Hg|7E`rg@0W|~3XY)qE{3oLNb-h$k9@ufZ16fClX{^Y&8*z#w{nc{S*6ou)K
z0p{+T*l(Vgu}^8$Rx=cJjNkD2-M$h&EyesQA`F1!ccf}b7MXNaR;#;ut1WFmK&=pJ
ziVF_CVo;^k4MD;?c0-~E^Z7>cwR`Fv#w9K`*+YsbvBIDnM5^aOe^V>VX$sGg%YJjJ
z%+0j~wz(5Ay%Pkzy*?WPLy&AjG;n;HZ_n27A~C-k_$UliAq%LJM4boo7wv_r>Qwp}
zOU>sN|AF^@x^;R@*3@h_vy?UH%Ap%|O`EE!#_^^eX4O2(gD#yE0xjq3V(k$dpS90W
z_CgmV3$cYg?O|`I>><@F+*2ECNkwlR^&FE`nQJq9+?~h}9{`h(Eaeq2{QIBPtBf$t
zNdbgB6%8f0{>q$5<+{=86-b^;V`gVDP8?BHl)*^fFt6S3eu%gu9jR3cehW5pEr6VO
z@|acXQbRtAtjE)uVjfoXY9rLr1cf2uhErV^N7y0U1Wj=C^~^c!8EQmfa|fOK&|4XF
z)S7KM2$Slc@SF39kj|{Ph<4C_QFa9|oJT9=>`c{rA_I`ptGq<gdJL(qYq5#+kaNW`
z8p<s7mXCxKwtxkITdGf&nK8oEv5&_sNTsQ2$~kQXaSO*GaM`aJ?$?upH)og7j822{
zHz$gqw39dOrKK(zw#V5G|EN0jcK#ngU@`|L4Vy%QC87}~VWeR!Mr><IL?qGf2b9%o
zN@@2;R-PNXYEV)_nJ6Z0^sHJLYUCfy6b9Baf}aD-^{I>-L87E13It+#g08aB1tO4f
z=&y8q^1L)-@VWKBk2H!S*9dQ$?N*4kC`$4iCNQ?8XDuL;)0uqMLi>$!-fgIAKQqTb
zR6Z(T#}9GbL#tmQR()6+z3_~^tWFRC5={%R@rc!*Mxc5-L|8#U6N09MIf;Ip4lwpp
z=1eR_FsdS&(q#tFKTKU-)l+8+JM*3JnVycOp<r$vZ#2QMuX|&OBCDQCO=Ul8NTy$%
zq`N&#9BqyIF<2=7846vXrnRB?Y~-MjWaJKqlw;{T3%yc_M*sWssJuY4+&9*D{}!XY
zFVd5n&?GC-GXhMwJsjAy{gk%;_GB>*ZCPg{mBmyUu{-(p+h51rqK6@MnC7!omj_0j
zio6J=83TkYY&JO&BTJK<fgqQhJvfyGj|~4KGo7QZv9+x!URdtDg~ahqHRdQGHNO~`
zbcCtX>3A2%jDy+_{pnn(#XD+I2{9xEoZ5C1TFweb`R5K|uGu0rh=sCBX~WDqYhQ&W
zQEqwwxQF|R7;H$mqV&u-Ner*Mr#cK{JJd9*z&-eq>PxH{cd0z2M7nmbAR5}$-R3h{
zwMpjFY`QC)VwXj4@}+Pq(fn|lGcUvy7xQ@YW&y~3_}M0z#AfI0jrJWcC!A`cnH81O
zGx)l%(R42ZDmyHxctkaF+3)qB0HJDhWeCec0mgjSBHp?cc_Qdryf3JJGzzW-*KgJb
z5N#6>Goto+tuYnx1ziq@u>(bW!j9oZ)S|4aX}Ig;ZR3|cAR|~7QwchdznnL`c-o<$
zx2{tamvpOOP0$r4($~DNyDYMyXRVG8DZ{m^F0!MI4;`Lu3cph@0}wvx!l<l0w?8GM
zzg^&#TO7$>BfnF+b>LZKntHm^1sI!w$VuBO<Zz0T4^<s?>NaZkkf*-dWQ|Y68wmce
zeP&^YMQdEw+g&Tc5E3NKbI{JOq9I(#mmSl^^(7{ZX~ymN92_Fm=moE$bZwu4H$pM^
z?vkM6G_peUc-~7V<}v#dwZ-0B$Apyk3}L+!wV6WN03q&j{=oesg`G@x9@au-?08cN
z4*43+s5(X^r^!n_IH-P42z1Mu@K(vO?Zc=au4DaK!lY84NfY{MvS|0gz)W3*@4IkO
z$F+nB!YIQ-iGm%2!i;#)E7Jg?czxh-2kV)yC>lC72Q|vZ0!thM^TgDH*SZ%Tv!hNt
zgnT|d*Hm|umf?iuSFE+P=Z5rsBkCyhf;I}f+|E9KJ(j9ZYi>~%f4san+uixkQ}s>V
znpWB)Z5#+p5YC{J{P#Kxg3x_~bPNEh8bSUJMILjz3`C?Se1S7Me?%l0d-&6|`1?-V
z@0KIU-H~j|MwMU$=ZY1guo(juE}5cl+KliMzBxe&$x(E9QrR4PIy6d2WFF9b?2or}
zJm(03HA94sS+-n`L8G(bGRAFzHV)|Pu5_YXaQ1q(B*S7Sq4K>I(~WF>k!)Nz+e55Q
z>)I)>?)S$FD|8d)?z22#7W8J;>Fq<N)|m+wB;;tCK<e5tP!zkse$-fX;A=8$ZrXpm
zv~+$6!KVDkXGICc_2R<c=M0$3_3bgPArJ(WEQi!@a~+#!qDb4Tp{pW<o{3SKr8{|;
z5GU*KweU}IqHHvjxPh)+8lS5@sq$D<U+NshG`Jgiy^?>kG@T(L1LsA7m27u>udp2a
zx4r7Bsup&-y=GLFmG2-?9lll#)W+_Yu0P?(d@U~fpw$QDl}mfyW&1*A+RSN<FMZ~%
zR9n8hl(wzQE(TkM6J^->4vJiRiP-!^YXf4Aqz5T?XhGb9-*{HWWQUR3_s>4}5i~aT
zwXa)-cNts<Ooy(bizX93=<35c_}VA;e{!}JxI{g551^QIFju@^u^-!pK8%@`5#y-?
zK2vvG2Zg#geRgg#tpEOA_g!occxqqSCL!ZZr*~E-`^F`fdw~v|?{*=6Xf#T8lu$<k
zp5?O5mi6bT$!U|zQn;`x44xdddeN(x3lMyj2=x|@2$8fwwQ#aD-pfb+q2fUtulzK+
z$Z{#MEQQn6OWlbep%Yl5_Gi*9g&reYC1Js(cComzYWbEWKO40~GQf+^o~~xXC+Vl6
zm$HYEe@3=u4z&L-VX0tG58N+weWg@>U$SysMbL&WLa^z0?dH;`nD^uN8=l|}RF!Mw
zW3F-}2_$(4hwvltBFNRosH%xJrOuLxt`Z2F^edgCBrC6W^Rs<nj=t_8Vk*=I3i~r@
zCPHzcdL*4WNKwR3HtxO8e!$L_Oz=tIZ9(onJrqB0<_bqRrLSOMt;hTFr#9LU3AB-^
zEo-}$^#VYpvYc!Lr6u&KoK8)`nD3|<S2mc>0ZmnYbSc)Gj7gQc5Ep4eCIzIUiWen}
z49<V;mo1)o_;#&O_(SFqcf@EaBTB(d*bNFm^v6xX&~mz%13<b9C3W>E6bGHNeJfy3
z%&nW#YLYr59f-?8Ha;C|;i(dMIAOXuvKK3B9IKbY8qHlf8jr22#w*z!Kh!L(keZeL
zF2qXSR_8IqyhsD(KqN)zBu$~jqpA{-MjNtVp_14ntju`*^4{GbolaFdUz9vN$qf~d
z7JXxG0gHPy-y2ZfO7-V}_gwskhc0)eRG9^Be6-U;bzGyqmn1djMAVv4;;%I4nqN|e
z$4PT$Hdf9dv(7>Z-9}lt@af9!l}PMs-woY{p3lMLU9HHs;U+c~Tvpl4Ru*qcw>d8f
z3geFu7qG)kJxFu-MKaMa8bte#=I5y8!&OuyJQ^md=uj;=a?C5mxPVkG)mPM6<SbDP
zKu1h~2rKeZMjAVdU?Pe_7G7@lQPQuG!%Ih^*J;Gqqpsftp)D<AX4a)Y{Cq-Q(yAE_
z`I=|#YD==_<Qw{y$RX9M^ghzHpJ*;His$8mYOCI@69g?|873=(qDxN|0OFn@70a;A
z-zs+JHH@(P$K^F+Ippihf(oYNRui(grhm<I7ZyjS(E%S=42xgR{qHogZ{56%n;uR1
zyKfGkyh0Sz#anS<S!*A?o}^>RUG_*H?_9FINJ0Q$9P~tc9!rk}sgf8DdsuAtK5RRj
zy|(rR3u>oHfBfc!s1Oy3n?m>TE-!V0^GremA`G;IIw&`kT$~CjKwsEx%#3RA7}kvC
zki2r2tJIwZM+SPfO=oa2tiS*rnUE0pYN3;}rDp996R7B!nMPvM`KrqEx-hWJEI~LB
zPdZhFEJ71s&}xCF%zNwzInKhuGF8bSA~K9)ho$g7;$*blq9a!Dz58p1-?n3{+b{KB
zW|NnFRXC#N2_bb<Yff*c0_K(Z@IudsApVc(>rdzYQ#q*wrtOzBKK9q&)!VEfX-d8^
zI`oQ5dp{bl`s}YgY_2VUBj5DOb1trE#YH4-KDS(Lyq*+C>Q}y3Z=I7(kb(D$z`nhW
zw<q@1+tv-k!|h#cK7C)PM?{jkQRt+HY`2>)tB&uGi>qyzfuVQ6YhNEE?bg}6ng;y%
z!nOb-v|v%TaC5|osK=4D$u6HKE~5iI+6-1SDbvw`Pphu)Gjh3Fm4XK=wIS^CUFSCM
ztZy%i@#+(H0DMkV{Rscg3(d5T=eePTJ&{U<+d%hgg)hau2i1lb(^B-??46I_P1?bn
zR~dF+XGF1;3V1>{Uf=Hf1dG^MKveA0+T=*ijLgpFBBwePq=*>OV$0_5k75cG<%&6J
z#7?}dKg7R^ql?p;bxMXUH@+HRw+i(L7zmh41}Gg$96z0kYjK%8-x!&XJk(Xy%El;u
z>_6*y$@w*w+g5`Q-dz15(x@3xYSG4gtFiiY%&o9gOSIfDzh%n*!pLT}!=lz>TA+y8
z?Rh@dGmQ~xu3Tz=JYm}tf^^J~8u9?<^bvgbfvhqa<7#8_PCFJXvvt56&yMWmdnF4&
zCKURy0UQ1k^?ucxf1Yk()Iy)<>894rv7d)!o^^Xzif&+q+0;O9fv)L(eC2X0gf->u
zP0<S!as11|N|<gbOw0C-92G##a~s;JcXhLLz-so{M8*^6e*N-WZye*Q!^run9s?u{
zqJXn8%FP)U?wY4FaD`b12t<+Y@A40nUl8y$9qmderr(O@J{QhjU(+5)k<nr!E|ZJF
z?+g0Vqb}wz-T8hJ0c*TT5Z=t}a6UN5EgZz;4qVjcLhSS*7f+1ls%>WgZ=8i(nh!Wk
zcS4#zJa9WqyjE=-eBszjh_@RQM622a9AfjDp!?hazS*zccbvn_YBbxlw-9k$U2-6u
z3H)^KOMIAT?*zd#OfgJ+!W<o_Gq2oQb2Zt7w3+a<js6xnQe~nMp&&Qs?N$!|EEmwR
zf*c%ZLnfvmlAEXT$TWlw4mCtpdY@W&y*}9*_Ff34wAw(&y)jTob0F$I?y+Cy<8?$v
zgkfnVRrKJ|%M9#yxZzZ^UrGLa+x;|EWe#9|fP@9~V2yL5sA)T6P+WOX5_w`G^Pb4l
zro9vDxbIqz=6p@<)cXP^Xd$50Za^I%aK*1^-do`~f4Qb&uvpbowuloqy|ET!toSJr
z^`4O2@>0jk_om?#=06^gLkc?k{E5KIH$(p<;uKn7|0dr%DJkk*n0D@+ps7Jx&1yV9
zmvwLXMx<l&yN`wd0#2GZozEV-O_?{23{B|rGTllDp-sO1+`}1IB>*%CCIz*2eZiFD
ze<iDEKe8ZWfq|GHa_xfRdE1$ByWUm1?5orXkhukb)58T)pGW&5)!UHVbupoF`^2e&
zN{+Vu<kB0hMBJ%9cqc5CdX^uPev!gzs_G>`o~&x@sT7nG*U}2`f!acWik0ls#wHKP
z#XC+VF5&mXlKIYvkaXGfI=^yp!Yl`RUeJa0)+}lME-VTXd{FMWYI(ew`$?RT-C~cl
zyhQiTiU?$Q8>`|2?_u;Qius$cM5Z#E=slg>PyQ)@@%Fgyj-Qa}Z&N8{^d44rI-JKS
z%y{HfLn5Nxk#BV2J!{&(S8sIww(fKMomRIVRqf{+hO&z4))Hk_PYbJMwb`yBd){)G
z&+97Xuj7UCe`vV<!KsA#HLghgG5jB@WdLq3Q=!!zKCFZuFXkuB`)((kZd8O1AaC`l
zD(LezMnF#<VY03Zqw08S=swZww}!fT&=gn%3jZv^ahx9-2~Q0a+sShf@;v8M154<D
zEqcyN2;R>ky2Izj1!ooXW!!HJ)Gg==J6qS|ZM@q~ykd-~(G5)ZeM^-@C@SD^-+X(<
z>7PrvypyKYsYBk+yoYYP8df%{v3EM022ckd_TB31k)g8)$a*d_Zs}o%T+)w?KQW}}
zJ#bHTi9I>!ZBFLe(1oVa)pJ}mp-q*Fv6rd04UXYmCRX~)%|Y#$Kd^e&l?-?~oree*
z<FL)!_9d$MV!V3ZigfzCP6hTm@AlW5nMdY}oo6i?ZtC&E%-WU%X(K*)d$>O^4j7yi
zT^=lyV$E0R0x7qFze%IJ6haB1CicLDjoes)_Zw)p06^14z$b>^6CY@O&Iwpp2IS{!
z@$xX{nxY{7FyVKt!=5AQ(t)0&qgH(RGd$+^V@LMnweb4ZJ<kAFcH}TfN8$bRfFd}j
zK4LL~XkuWi;o-E3nFS!f!SuT<$CJ9Us;b^pUT_M7J_MiRg90{B6HyYawjaW};r-bf
zju<Mudja<MzEt!~lPWT!zup1Aq}2@-x?l~Lcwrv4!Ehi<BVv*&%~XkUBYi3>8Y_&*
z=kU0KX8%OiL*zVZ7}avQ+WzFhbQRk=X*ao!KVd(m9c9b<m4zgbu#XU#2n57h@0VeJ
z#b@V#hx2Ia4rfsfL;>$B(2Z)>{398s<eH&Lta!y9Cpzfesz8=o+{Ej1uVJET$hbo~
z8)_|3<lW{2AU$26#lh&a&TFRiI=x@_Z?h+@zdB=;%2E4q)(~@}o|E02!3Uc40Wu(h
zbW^pXZ_I)_*7`vG>KD%}pHZ#NN%lfw<`!RYkbWmf&vamB=&SZx1PvG%@?jwa8L<Vk
z!6T0WyFhKkxO0dL8a)$c2gZaT^K+`A3e+Vd)L`Z5u@Bg}>hb_+R1J1hPbF1mRmIR*
z<=pd0K_@9ibtAJBa(XW~mHE6DH56P|4>I2w&Ih41(>xB&gnlEc9nCM(ZYVqynQ~3t
zDax@43#OTAuXL$mG(*Qzi<YVq=AlNi3xhLK@bTyd)tHpDGf|-l6q1VgmtG=~7NuMk
zm<`8fHrOHhFX`3Rbnt4xu2DYBM%<9K5Y<fMyKS#;ECozaFZOi{n_l>5t_qSrrER#I
znufDUR>r?qm?=_a?iT=l#Yb`Zu3pw{KjC(ROn~w7TOSdBnc&Rk;{G1W{J}1Bei6(6
z0!rkFrMG#)e~XJwpNfS>fUV$kK8&8M?gMf4(Ac^KZ;OV4*qq8RrPxFCvES)VYC^gn
zf+l}Skx`-E9%n2kTYt;M$}?;f@u0lF%O)W>yHZ}*EZOmE6@4B$OVfNIe4xUNcxxc)
zf@GC(6adPO$WRWadh%ZtHvM^mF2}fcu*d83wwbZUsw_}>Jymzq;>t0+_WdfBY59-s
ztssZ%XonnxWN_W!?}}j`Ke(@f43Y)`-Txe;;!^bfIU?qhQDFab1X6{=!~8E_vJDl8
zbYb>S$^8|Js=&<x$jOJvf2&Gg2KDc+1fz7ls-eQag)idBGN?-h{cTHYPa4_(evSWg
zyJZ;`Kg9g4=_JCM6_M>R;cxNW!2ePF5L>riyd2IymsB%n=v5`b{k6{}m{sDRmWL>y
zq9OjPrM*yrfA1w{>;^A*`q-ip(hUFWmr!D__9|&w4T}A%c)z)SyEo1{pqnC_=^tAS
zO*y*tzJK{!+X;eY-2a8^|4T>gDE(W}rTYI?^a@m<44?7e9vZg`=+-3pS3h9Pll`^y
zf6v1Ie?NiU`Xv|XAHx?hRxGfs8YKVag#Q2J`v~ZNoey^QVELyd|7XMQzqCE<Ujy&|
zI|vN_)7a|^_-l4+4;L@)Kd$=k>w7C<vwxY^*MJL??lt_6|D!VheG>G-!>}v;!L&^O
z+b@Q&>PY`LL+yX+2>XC;7`MM3HB_@I)&GzA_V4}N0RJDY+JXwK7ydi2tG|^=^!#n=
zf9pc<AM@?si?>4ie@#tz7|ZZ~IYLc6{$I<%|Jj`TuN)!6^QSMw>tD|J4?izaU|U^L
z|Er5a&=BWQ{|<!yiYf~DzbF6uRzv`t_22pS&x)v5tMYf8RWtu5|Etjc5C6~P|82>C
zll_;pnVr>}@C{!>SsHo52Bxuj+^}gzM*Q25ho&;W5fUxP=>Ajjdq~qGO4Ck_-$p3w
zw|RrxJrARRk3kUsPi=1*6j%54i3WG~hT!fHTp9=-+yVr53l5>t#vwQ%!QCZ52oS7s
z_h2Exy^#RjxHJ7c|EZ~WX5J6CZr$78cJ-;=r_SlU_F8NI#5__;HeGFMJE~<Ps$M&^
zB1JhH3PM3T87WB_rKiMXOq=e7o|mNXd33)o9nMmP<;wP)s@w6V$@8C<*-bKxAA8Ub
zoHt64Qn}6fMS{A1HEC#p%pQ4KgWpLB^<_5{Avke@xDPdr7lz7Y&*v%uxqe|Obl7g>
za&*aWpo9)$tt8SQ>XM<qNCc;ThE2`QR=Z<gFk|}NmYKk0Kk$2d98+Ied;a^*hbnLZ
z(AS)Jhe-6K1JZs{3ALCu!VkZ{+lvQj<PZ@Arkp7ejzkj{e}j?fs-X6%=*UJoqC93v
zaWdIC#tm-}=)TaVXLe+FiYK~41wkmX-e(V25VC``w-Xt6`3gsK<ix0zV&5tL5TU)$
zW(MhGjp;J~EX0Tlr<c{^(n(pgNG>23XX21$ASncK^jM4(_jr(kUbfx09+xmoGsOxS
z3O=DGr~QV*aw)?vBtIn;2W)^YPAwuvJ{jLE8Bj22n;h4*yn2I;{+~b%to^yhs7Rz;
zXmvS9`Fyyh{4=mS0w$+NO>81k$hi<{gsF1#8q=N;6DkPv*Hy_-ZYX1kUOK}DrHSv%
zIqg82Vt@pLF$A}kFa8AKhg73m^eXqJybfdR)hc<ZigZv&F&T#Z`rrkplwA6Qo+A#j
zaed6<gf{;UQHf=WEliCcggq}(%>$Ew)61)`w{^=tdz0d>6<ZdX;qRQCv`4)rq(bK)
zQRx|X1t)F71_?LX$Zk2CBJV9>ur8HuICGu&IWsDki&^g91T$=OpLs-;@XzW7MvdeS
zI(g{bGIIvm-Tdh!unO@8q;4X7BGyXyzpliHxZ|s`Q6gjRdTH_t&GE=v5h70Dv{2|u
zc`oiAN%2Tggnp~?7HNl4SYj1~7v~}u^{}K(6#;-k72A&Gsiy|!(R+8Oi5{3A3x|dE
z^lkO~wPjbdNXB8ew$8Ul0P5D_cW78>j|=%zM-p#_Yeb4tt{IdWK402#&_jGG<}u6t
zeWU9eLaXT92C{iB_uKb0R<07&i0~d!gmM2(h7z=dg+NhX-y4(Df(iW|Hu*p<2TJNv
z2(xLx3^fWwXho=<18{9gjwxxAE6=+Vws@rYT|BAUF;<CEWq_TvSZ+rOt<<>Kup5;}
zFry9Em4g6VTVKHmX7h)}x~bp`QoT!gp^|JIvfL{6n4nbhFtb6kEJPP;YKlBJh5e@<
zdPgg7+XgQq1&{M*7(ec^2nXPWOg}wCDgpVl)^O;-k>Jhv&M4*l4?<B3KeV7C?EG)u
zA6O~Xk^WuaL?Cu_scHcIAAM|ix(IdzuJb-=Y#Ct^8)2dY;YU4wnCR#C5e4z0GjS?O
zNpO+$-$yzJlSSc5-Er2%fvA-_GQ$eguiH?ok<mWuiAM@z*)C=4oJ^J&&c~R#;6SQS
zkyY<<R6Lx*w4N%gA(~v_Rc~8PGzM3N<wxzGoO6a*O<KG0fO*sFmT}NC!{L}TECpim
zXz}>(M!37K9K6P;*-QKB2#=Cl*3a^B_kvltXQXrmr2lhi)1~(qXlk7s?)qO+t3(Am
zPO+unRQuF13dKX$-oqC&6sHR0aIu;|j+Hh2j_2hYM}Xe;yUUwBzpf<j?jRr#Jc<U|
z8+1tJDJke81+eqJJ8%%pR4n?H%;DZ09r*m<V9O-l6hNYaI=@Jt{GNW&#!JOZnrx(9
z5jr4`RvPYKibCZ^(b^qq%1)pam2uy5?)&v>H)RhlZUOM;g_U!}&cdAG_8ZsG6e}@o
zNK5&9^!&q07wpm2!&t58f79n}z2phoC1?@Sl`is&$tUD3GGJ5Gqho1otRBsPlVjSk
zTEdp>vcDEmQ8>Zv4`%E?xh_TP?ap{>AUIjVOHq8A=)|6SZ~)0$KC`56GO>pqq;_5O
zW8n-pPFCwV0yyqnFbT&a9RpfLSqqucMp&6{>`lKEZ(QXP|0k!LB}vU_lnXXM6dTGN
zRqtUG4!ow|L3FEDHJ{|QtVNLRS)D5LNnh6MaJAVC*|8jjxMBuPB!=tq*J0O&J-=Qf
zyUx6b!Xz7K`%gLyrweO;abqg;0t=JC>#n8&dq-AaW71>PzNi6kcFT=@n{Y%xI2O36
zVRw5J!FQxMPci`OitvO}bSE6ucjD^+ZiUqhnYOU3&Z{po@2>(gFZa|Jujw&m0^a%z
zk13AB)+YRZzN3(5rrSXNYW^Mh)mjiv4LPqOSyY$=cYqf#F5yomeC)_^bqV(!7(t;G
zF%LRH;|75lw(xi`ZLvq#zN<8|uv?y)lJ4PRo2ICB4EBGkVX_BiDD%sv7VlB|oethV
zGvCxbjWvsEAM*Fjx6MT0GJP#C$9dgrsq^W8U_lkWy`UAs@J||W)BW0hLb>D3cy!@n
zM9X?!{G`c0PJSv0)pd&3Kg3>VaX%Ongj3Ol3w4D6%*l7mx-r0<1lg7dbcb~?3T@z_
zs*wFBBMEl_PRG9lGEYWAq9WUMCZ|0(eCmUer&9yp8v19xRgv*M9}7?1dZ0g@-Pky~
z!ZuPKuZut+y!G2BE!a}d9BgTxV_$cfEFv0j_>n*+%3?j}mAxhyrO}>GHhB#NKD$k@
zkw-vbX%kF*e=H98lFAP$s-({3NO{AQ3upXX#y?_DSY(dr%*>9BP7tM7NjP}7Cq>R{
z8f|_+o-5@9zJY{Lut_rIX_iz~VTFL<V#$oj|4B&U2g)K^c@#~AbT~bn$WU)ITU{#V
zC2N%-VmH-+wAeusM>XcQd`neev^w|4rXPrALz)wF_A+c}ynZXmVm-PM7$|XfeGtJ$
z8%SE;b;gL0_)pfRj~%8BL_GjuujwN#THND3><rOaZ$hGsT7t-)F77)#c8ZiO&(iod
zCJ^RlYH0<-_Xy>SFd6CCg2#O&b^jeXeT6X?((2Ux3e;ogCfKu|ASB_0lzgOg#%Nt3
zj98g7{WXN=qgX$U!_5*gwjb_CAM7g9{)xaj%(TPoO})j0tz$6be=50W@g~F1E*qt|
z8K_>dyWeA>Z7|XF@e-Z_d9Dod(o|g@dDf4nB8l7?KCFsFGjVI30UPC#?t^F)K}ge5
zkEkN=-zD1$CRN8_UmPru^ef>GGbq!9+j1s(+6-C3Hjpa6a>|PV2FJdPbLd)A3i|L%
zg%F@$9QV&cC=k}Z3iQOU?d-$}FKnheuU?x-CH?rtik<n^mJ(?2h53`~2>JJsz)r^!
zJt+%I(7EH@tghv69ICpCnTc;Lf)iNnHH|i!D6h%5aDYVr*`A(hmhkNJ`{W|n><Uv!
z&zle`QQjOkK_fGS4v#?F;1K3u|A9_%W+MeHw6oaToAEM^<>)Uai`$vgd6E8H6x)f{
z>q><#;!-p8SK>Faxgl%Dlub|%Au?hRcr*wi4HhY%&Wegw$CZw`QnovNr@k#t$88Zw
z;Q&FmP{fqKrs;LDgR>^zTb{g^5<O<|p_6zKB}liGFGT*;B8u{w?E#md|I-CoiXn(<
zYOB~IFxBd}9vU`ITp=k17MicP$D`;IQt!qcKj_Ksjvpp*LOru3Y+$g%JL=KA$Ve73
z&`qltTKb7G)b?O+p&h^UHMh37E{I4%n<GG?DU~h0Num)JA_Qm|Le2o+>BJC1Wke<F
zaawA9AECa|7Z%HIvN(&rL&u!v<1fd{%*Mzhvv*P}#<r>4OpcZxeB2}~LJne+`<SpH
zbS>rQE5iQW558%MJ6>+uM5zm&D;04fxAiui$D0#mP1EC*qa8)czIn*oi-Szhdh(Lb
zAWA>DQMLXclXPLkmagPZohw?>b)TrFeC8SP!@?78eX1u^QmYvT)`TydY)#pLNM+7+
zN8ikp_9~Nd`mwct5TJiB{3_y8ArSP2xIJIe$ef)P1i?Ys?gClDE0~_X>+jOmC+Pt=
zh78QDK7renx3+p~_w^s=8aV@YUTfnfnZ)^R<MTwzHO!r~;OkuJK?ryf^vc_$$Yd-G
zPj;{pI&hOc^HTQfb4kx!p`@LB#jZ1dCixS(>8^o?Uv>hg4dDxI=ij=j&>k`HUU!dS
zi;9Gw>1ix|wmFbeme=wghop<YIG5gqdhV&MX%qfYz`m>!yOQuBZZ}xy(JFa7DMk~!
zY?}M#*{}4l*%b(Dffj7Tspj8)kk<>wG0%S@w(pe0Kv;KUDJ9b;bVUSg*6UgHlO#W7
zh1_{Qu~;ZH{U8rU$M2={fAUVV=rJc@-PqqwmN%G>xZax@#+gIB5Ua{+UgaffS#Bbm
zx=#^&8ZOWwBkh8CWI^6_tFGyZGQtFF0~Z|fTJyL!1D+FdBt(uaRFXCh!IV$QYz5BX
z@a2v6fDeM_QGBx}ZxxF4%Hv*>n*)Cqvh4%K<ti!5MX1{J@pbI_1d(TCJ1l>)uMED;
zL8cQ#Ha4`|#)>2yo87Q`MXGG&Ky7E?g-G3O36ZLWs1mqIQgGGMhgA`ZF!2UiqMZ{k
zqf6j|Uwwcql2%qnQVRH1s9s|bI>T<B088kKvTOAXMB?n3+Mz7>k%;0aDZvd|L%1jL
z+dAbtV%jB0NhzZ@$~M<*s=UHAiJj&i8K|~W!BIyIdois_Hrav9>AA7pS-QK0!yn*J
zm(Wl6Sn~PTA0Z?C>RzE@%#tW9zA?Q=+99&X>H89?#o=}C=QD`<z~#Wg2N4SEVs3yc
z-F6SuDMG6=ZoZaX%>wz*9Cd)>wLES_^7ZM;_n=R>jR}^T1?U1RxY(zON}_2>MysF7
zUPuk<3>9XCQGC4J-BYBxCKF7^xWY2osuEEM3i_DE>%+Gel!As<?K+f-itv~ZgbN0P
z9x-nyZ4xrnB~WD4NF-SMZ{i|R)VGM0AP!0z=4tKxrT_wS9YfMeVrz)o&(keKo7VC5
zR<@zw3rT8E=pAy<)L~Wb<|{6K)2_Fqlpid*zCRj_wQ|b4PsPV+3*^mVDEKFzbk4hy
zxlfuc!>2<o5$DNxohB1+gqX^d-aX7bB8+qGxIAyHls7^*nY4fXiWc0H3F*r5caLN7
zi$fz9!jA2!>BR-rC7*V^@7t*;kjuWc)Q!^Ga}U|$ATx7DkQvz+$03SnXu?#apssb2
zLWEV(P2_lB(0A7fx*)(<)@_hTjzgEia$m6Vl0bpXj#B(Z^_+F6KlV9I0XEG<z3zlJ
z2)z-5jFO6ckHwr^rkc1(W`aw1!hv|gq_IhI0?mny@^d!lglRW9A4K@2!6<3S<)zC^
zry1togilP;oV;Jyp7cEP$qoIIuL$Ax6;ijTb+?DYt%ry8TQM^CEK6Ie*{|$&ICaK<
zgMQBcjx+&Z;6UI@LJE#5qz!0F5NEX~pY;fk^%$2?i@op(<k9eVlNHxvdXZ|!6gy{+
z{Q^@uQSNSk8axFd6z@00KwC09G5ZrHx9gbeWsFUB$3rbgeez~e_X}>co+tKI`=uKE
zk-96Q;|Yebii~VUH;b#64XsA4%YH!xLq6SH?Cv7VF#jOl6})<B)Eq!YB0ED6C0D6m
zH*MvGTf$eFHRh;)$)OQ#wbhCKs2=$+3CsLt)JHYMo|xZPy7a|^e}qMwTkd@Afm9Ax
zdQhjs!skjmcYk|>yS~|L5c^@PZh2<5yls(EDcbmY1&(=+8x!Nqa+Dyt-7Q;E6*ybH
z72(w<KWLKTQvuEfe)zMs3xXA~5oximj?>GXZ@rq{h{$Sea9RkE@_H^&VfF`0v5aSE
zE`IKv$I(aFQ-%bNYf*`E<yjDaU4lY8?O2jPiEPhjsB2l0F@Q)u`soF=3I~#n;M<!Q
zpWl8OMOD-fg`R&|@M%(~9@P(@&a)0%oFQ!j-i>1VOzU13cX%$VV>op^c%}V@iKUiQ
z450Xbb9S+vLBTZ%4QCmuOx+*tz>R2N?*>&S-=7nUsk_h;pt1Xn@S#(9mrwWUO-n(S
zv{&ydyjw>cY5~!3t>VYk;vv2ej$WzSp8$EZb*Es?EIT<S!@>q${`H+tMJgk6JhD+l
zmcU&HIksYCn)8t#LrU-8H4tmm{3^0K4tQ_eiSF7Y03>g{Y_pBz^QHoiUtER{nT{|M
z**P(ODzN~J>fAbgx)nGt5ZuE+B1d>5zEATvp{Ip<t_(|wq`YAm2`^2)jY+;A%hZZ&
zrL`p|N$;NU7UceFOZF?5JgOjyw9bK;d&0hNqykcjucYJnK0;<P&_L-L>-PEFc-Jj&
zk5}mdw4c9jwH-ZKc`{38*5RvY7R+RxcO{{eOck{h$64xxN(#6n?!4II(@VYOKY*#m
zDlze%gHI<HJrAiIO8nM)#SUX5QsW0_+()!&m6_@X$G<n>Vj83;#D30?Sr%uF){ae`
zn2;jeAv1DLFT&A=qfya0pK0HxC%C4(nNwqWEiQY_pFtRM9$#Sn=T0KmX9Wu(gV>RI
z`4mGb8q&m7^=62jF*_$4{&@OGF<T`xlt`U;IOgo|aCdc(sGa#Ho&0yn5=}l6-afRx
zky}s%o4Cb*aj}cPf9nn8f#M7Cdr`5q7pn)|8CX2pw7#2fF_AB159g=v;o2S(pj|S^
z*_O+1XeeB$59?i(6gmMwX<PZ3j3DI8JO@8z#RZWZU=VqGw5DOf-*s_?VQ%kBgMDmf
zk8}_NsYAkhsi)tMH-9ulZDtvitz-*Mc>i{{ACRYi53c0E+1|5wBp%McGuHQ5?T<XI
z5V$-uzC(dz;4TC*Mw_Fc7bZ-bmVpgQ1nenaLUKYeS{`nOgP2OhEKlKXU_q+wIn0e;
zIj6Gg=D`S@cWsT?j5I0>IptSVh7*OHb!uy=N~LJ0&}m&&)0V9{k!=|{7Fv5T<Tw;y
znypE02z)I<F||_hI^PC@W`tdMTOl+125qQeZ-4+MuAL|zRv7mMn+;j0yNk9e2AOxl
zL&N`!3L@@}o+Pm;#ujjid8yo|FQ+Tvm*f^>MOi@Esomrr;P<6qDpQmWkH-~ZppH7m
zNEQ@<5(Ew&;ZIf*bWc8y()><X`sTE-z+dWoLM+jzv>4gu3Xn`969`~^89<3I{_sld
z@P>px=~kP>6)&Ftq9Ej(Y+uVu<E}++H^I}Q;NAFKy;|f|uXjJ%Je_3Tb}x63Jz9mu
zp1fOZJ9{<6KNLiY62;#l?^ZrZd43>tPSL$0E!Q+tw;(*&U_Th3ucJaE=>(1hJ$G0;
zXb?XOhRc-+P>o$XXgc^nb<B+;C@k`#?Zz{#M^dD}J%?dfUbY*U(nY2uNYOcZ%afSr
z-w_A+oQ5Nz+!q_x1KqM`GFWBe|IkfT7>SW9(+FZAvae84(`fov@bq7-cWt<di9AA>
zNJ65bh0V=)CL#+nJwA%^!P4ox#?fzCOC7}&n226;ruKb8(B#V8aKd-VDhuz^@h**i
zSko?9yCP~v6b;|Y)=TJfB1)13)-a7HYJTf8!-R1wCd%~+wb}gkg0L?Lp0f-dzrWbR
zkhwv+TJ^K|+jt7xUu&i=7W#Xu4v0_Z9@v}A(SB=wkS_-*!!i+RDRlFeHgJ2Tn~-y7
z1mH^NDSk6m__dlm)$&Cx<mpTiM|*t*S<8STGK+rc$NRkofv-zTvDMm`TyMF1#umoe
zKa5d<fl{|UD47pqE|ksdVU#Ns1a|^YXX>FufS;4pzpM`WSOU7Wjm>t;&0PPyOO6J8
zf;VCt8*D2(l18Y{26c&7!@|1^_SDJ%VZK~@8>`n2)&u*V3ENUi2`ea8faR9;019cB
z0IQAA6OiA@dv%Eu=Fb@Ym;%RS-#y<uz3+Jw-STPkx6QugO^Myexxc8Wkj=svi{{tn
z+3vVF!g3&-;^Jj9+aR8SuL;Un$1lsZ?*^@p6y1X<VUIKJmVUN3;d}@!8WRrQ$Dp;;
zZvzZ?f>D#d5)%;&(WH<c0wk5Txpf0WlhhkFkc?MPqG#e?%{s|>f;>5EstGYMsG=8)
znnR>d1!CW<frD3B=NCn7R-+SngTLrBy-^wB;9q)obZc7E@Zk~tA0u$MKE9bV=L$jx
z<nqlte2HssV)&O4PLkA<Se((xM&L#y9z{{Bug?QwuNW<S$@TMV`MkcY{LLAJK)Ya?
zu@}N`WR@tjen3v%lYLXSFt_4r$50w3!m*cZ&4nXRojL4krBj<U1d>jK#Tj9{5F2y5
zt6Ac$A2*M3Z;>q+74TYeCI5NTpragNW=h~@@~ph_G#o-M0dUk>Ix`n~l~!pJJ=3Fj
z{c{YWYoYO8gSEl&67VjNJS5Yd&huw}-M2Qbr%N=HXI1_n*vT?x405LUk+kXk<dMfL
zN5Noe1gqsnVOZT#5Q3;zN8URfTfO{^s>ZNZaWVT%lgNV2%G15gLAF7r^tlEgM}VE+
zvkfSj_vWOfewg-N!<IuLso?2GY2|r1ronntmnI0t{IG{G)18tGIgK36)Ukob7py1U
z)3p;Iigo5OCNut^<jvM=0>6!`<&cPjR}NP5=G!S_q#g+N+h!ZIpbt@eC`>PH{)U~X
zOZ9rEH<$mM&+f_5k_jV7=e4!Q-RS8YDwYEHHe-V!*T7uQAu38C+iyqPg$QqN|A7Um
z2l!f`$J}I#<=AJ6Z=eHgbt#xE<YH(0X6+grKFB3nY$%j`8UpPAxt;(XE>rIXPV+>+
zP0JM&6{>FRQHR9JNQ1hM*c*jO28!+z`%y%nUdTMI<{7nqU>d?(LYW3$(&q>48AC44
zB=_ga=$<ZO)-9(5<B);NKs&OVHH3cCfKAfyQgaP#vfey#l&>?v!5?haemxB9MS(ZR
z^Y-eIQi6l`sMK$laefCrQ2HF{sG(Hg=W%D94|?0#Vwd>Ycf}><{MuHt=pqLDUx@$p
z>v^iIi{1F+P*JF?;eK(T_mQHaGn`3N5~Z2cvZ=vH?AXrqths)3(3sBJNCS~+Zgx<9
zKV5T7bbwvfgE6M1AKC4@&+(r`{8=@n?;Ixrj{PCs&LsIkA)NV-+h&x4&SI=uIbj*k
zB2+n|ZhbHvX@T9_49_Fi?!mxD3d{Q7p~AoxOdJZLujY+N&|H72as*m5;Ii&@bsJfC
z`>hB>>e!%*eUh^0;_AHM85it-L-f_Ci-rV0Gq#N`D3<Q|f>j;t0yxaJL0F-R)wN$(
zOTi}2L6^H34O^XmC?!KI;*z~qo;ud8ZezS>N`3&Iea~w%&t~<%LcPU2R`Nlo$D;5B
zceD8G^}IykbMlfO?(Q^R6ApxKU>#;ked?mc=}zAQSo15~l2_G<lfCjxnGX4)!D}>s
zB|V8h2^AkLy7v9jFfmry_-@Db%XKx}*Y~crpOYNl(ABvwdWiCuXtVV~y3*HL_g?3x
zI`{V_fz)psWLtu4UZ&S=`{UIbH8xkZ&Nn}QFkjDFzPk6@`SBPMt!4E#%x`W_;;TEs
zeKe2Bw~&7HwQ+lg8)1zhV2KjrIP6q3fW5e=nD951Bnj?V@{<;O$V-@v&KFoY;wUV6
zc%}ku;p0%%om(biAg9o`d3BYs)#l9S=45y97uHW`qZ&k%h>(JIC~{Z_?*HkOM4kfO
z8sE8Fvi|MO1K%+*&UmQ@Z=%`n`xUAs=R3NoTRyZt!jG2ShjH{+OG5O>`80!(y6+!(
zG9UiB7@ci;P2`D^ROESL=Y#%w{+%X1uWeb4LJG#PI{Qq4$hN@L1WyM<GyyveV$k2y
z8^!T_Lw?<NcBU7%=djypi=M~z*TM@meYu)VZTGQ1{CvER?~dUJ)huJs-Dm}DLND3o
zY-iN*tNXy$gI9zXfjR~T5p>Tx-TXlp9$(EHu+#9xQT5DksF8zWz4y3#(x%nz!vBPh
zPRqndhFk}#BYNj9zkYR887n9KMiG5{V51ZXAjHq(C$bsB9e(h~AxwO`J)U6}m!@^k
z9r9rtukz#Pj)sYIe*(9=U01Qcu}q-Es()2B=JlrO8;Y=8gXFHt*aJ7C9DY{#5kQ`n
zT!gxGh6FWUqSd@(nSc8!p}9C|_@r?f^<w`Q0TX4kXhrwI3CZD$9i09g4LB&6r_fov
z-60g@l6F6J%hnA+BOw4%R{anedWU{3^Mraw00@WPtX!=+xW8Xpdf}U^e*Q;o1b7R@
z$V7BcwiCL!y1iIfHKd4I*6*kh7(y}i5G%o{=e|MEevza=^yWxIWKn!`Q&S%lXLE>d
z6`^N*k6ZV6x47!lgizS(b*b-~5)vfKS#%#F0Q)e7_#V~k=$M7&xOZhOj@u0U4u(%9
zWZk4N3MiC?3?XR!w+;o0p?${@e)dJY8N<=#O1S}tRINwDGK1-p)Eq&q)`MHSnU{Ce
zptDqE&s{RZjUo)%Vt%SfBknyRe~fp>zdw5*fMx}u=B(tiLENM@1oFN^@zJ+xDdx>c
zIl#=AGWX6zJNM~<Pc7@7-CV7mTRcxwcQ4}C^An>c3@N5T1UTj0{Wfd;_w|slKYX1@
zEU(u4i>VqL&N}_wjGs<uxP#P&r#?X2)~Ajny_Z9tlU9B#cR$qrF}nQKVT2H;i#{-m
zHaTki_I^mxNaEg%J6kx-DktgU&KENM1*UCzqsJ=(BzkrT?``(>E4DFN7+MXy@?e3~
zn_U{1dW~klU<GvYW@b!)Luz))pt|)iOw@>xpFIg{-rTicDEK;W7!mMW*WBPK3e({q
zO}O-UZ<O*5f{?zx>p<#v5<;ASzXTnu|19cnOYhy&$obiFDl38Le(uxbuG=sJ0Ph@y
z_y+HUT@Ys4K^UjC@1hkrqc;0}k}x9B@$H@3=l}qdls8A-G|hrDj;wl+4C|bxcHO=2
zRQmHDytk|n%zmFQwdah4_+m$eA(+AUSBl2|RIiKphZ0{Ray`bGr8q0dTVG#HfjbT+
z&=y>|4MQ|?sJyoJ%a~WZBs!@)3I@SYtMql>I~Ky~fnKTd+$V_erRxK{E6|B~{AY)j
zMO->RHiV#CLTQ%IUF@)Wp5!C5qB`v(x*+XH$o=UsF~}Vuuaw336@yhXSC#?2eW5jV
z&<A|DnKE7_BR@0Yy3~Z-vK~Saay#DP36HYqvjMjeBum|~weZ!Wv&9ihyIt0%gc=km
zQDB%JEVt0Lf2dIc=2?TnPmV~9=dehww&g<95!m{6-=i?xX@Yb`&#_Uq4k!D2{CzdB
zRGs(xxa(T;t{D#&gchtp!m01gRf~IXoWT*5dt6)i(fv%Vi{Ay^Pl5ye_#=htsc%4F
zBZ;OM5(cdpQbj?C1a07j&dOQ5$xm6u^(BD(HLWz^<|WX3hk;VWBPG5ODFWl*m&c7&
zjMZS=7trRe;m<VBl}-x_TN~HP%4#L?=`4OvaCuE{B|BHYC6Mi79vmTg;^pRk6gxo2
zR;ZF5&IbjO3FB_l#he0hu<nXg^PZCPJzhln)%Nx>p>GzG5DXhm0cj0$eQ~?I_GVfS
z6Sh4r4~Dm0DqhC8Xi6fl1LLFOUM2M`RM14$2VYqRolh`%Y*Wa@)0uiO^2)e@gC3jY
zTX+l$q()!fC%(e(7uAFo|Cd#;4jxLqSvpYe;J5Hh4@tKAojhpR8U$}Df$uhI4n$SZ
zMKBE!^oQ~i(Rkm0^bP!)XdfOQ3b3M&Q+q#)i(77488yAf8sp+LdcBHqf6_sxJBl0P
zImgHEl`KtoR?`9&@LssSyhD~NILy2GqX!@9CulGK?9qzdaHZ)iXEz`edY9m7*&TA@
zF=Z;csVpy#l1MYXn7f<B9DHswFp`R3Ym@z|HI5Lq0OP2oPYjy}CR;1X5J7VTd4IfL
zO+ZtlC<Z?RZ!AwRxE1RMkLtBbQWHzcwfIV{J#P$Jc-KM4!Zn6AE_#g}T@qM_9C-+t
zNYKq@4D4{;(6k_S@SMVWGuI#28<m>FXfKE#gZfwPkYuBM5nq1|AMLw$+4=&T52jsS
zWNSg&8rYRQpn~h!ZVNix{pFW9<h%oK^F@yr3>$3W$O+WqpOr+9w`5;6P6k2E0JmMO
zS4(^|+E7IO6Z)Dx63=DP#>IwY7NW$MrI5i(R>@x9vvR#Q{Ht9;>inWHp#nDm|8L9>
zqZ;Y}ecM^V?{e2)<b#8A0vW6E*h!aQhc5Mn7Ts2@f8%OAXGht#zK`?C(SIHe|3W8`
zTHzjp(@Xg7z``cj4DO^GwO@mqNJpf$lTvy!i|HT;`;w5;-GJKd`6vhhx&jUXM?U=T
za!e3yGy>wVp?20q$oA#oxeDyoO^$ORx+F;gfFKCq{;GB93)FuGMpA0}e!wkkt{n|N
zJaoAGs9TvxD@|_EeF(rF@D{L?1!E)Hf{5q28F3BeH+x^Y`~v%1QR^N8fL<IwrCb|1
zpI#dar>cQ@!Df_grXX!Mb95(zp2{y3DWW^oM19IYt*|q`ZG^&K>{I`>tT%VG6C|0(
zL}c^Q&|=8GyhfilCVG$jx~<}lr*cmf{%L&AG#3G=CMc$ObNh{}=tYS#Za;_e%doU$
zG0b7QpchG5O$14M#p^b0x%{3oxg+6YSR_N+tyqCxR#wM_ot|Sw_nZ5V!yA>4O52$z
zLtBk8$6D8Lv5+lux0ySvw78?^<#A7vYkQ;Nj@`_wU9srL(vSCB^Qssdtti*MqZo9t
zB=`l9CBRo$7&PCfWo$2>?NH@YAzW4k{!`Gbk8Xo$TGCMz=Af{$AG<eWb{0cx+e0(5
zgT@j(=*#1u&NqtWjn6c#VIvJ<w~ZCskjClVd}PE%o}g_&b+(2aok$y{V1m=-KWMk|
zr60|r9dpt2(qP_oErB5rSHZxQYE_!_Wkun7inFOlZxpw|T4Fu;2>Y`^G(6&THMHI=
z@MV-Djk0=XEEiuVp*a}eA^#Cg>b?c)F}e$7nwRb?%W!F&`W7qpRQS=TJAlQl?Ut3<
z_!A!~WD0ho42O3<-vQm)51^zB(2Wj+J}NdOxs%{G0R<RtZF+v`0*^Z99q?qMNk;0A
zF8uzT9L4EtS^Rv2C?Wp#!7%OcABVgc)fg~(;Hfya1NcNg0U(L*P~e9Y;yccBGi1nH
z6vr*!>fo+WY<F`1#FQ+JdOBqmi4Zu?DBI!PU+YY_c9fd^h+5bEBpIutfJ-IWx4>^2
zIBD2m)i047yq9Ivv>_jK?2^H#OCo1bK#O^9HwTSGcs?jh=Sw5h{N6nr{_4=tD#?-u
zjH<`iSa-v=_%=(^GzY3Gg2|x;_h{<b9)%>~kLVXlzKdRK%8|$(q|Thq`vrly2}jQ9
zHyDMC`%&H8adE)l8#fG(r#}u1IqDmb^Dcxf2%oGmm7-iv@)MI%aq;(+;H;k&&z2V_
zGZ@Ww41a~)2p)DEM7PM|D(If}m2aNF!HMDA$xO*ov1M1tv*LL0>_MZodi#>|yJ}b`
zwOh|NqJ*?bl0m1i@DYd_J!;)oquBms0#2MMQL<)E?hG4#IR4|{ap92E*9Nsn_;cDF
zqngHA1UA6Cs4A^j*21L{KrR6hFx_86U)p&NUUx_Ea2akq*d+BrfqwXFfnbq31ZRlf
z{|tweFhh6ahCSiBfA6lg^>)v~dNX{G`;m0TTboCvfp3P58y|ss##_wFe8(^@n5P8d
z7SSZ9SlH&E=KS@^IT>5Ylb184a-=Na0o+@*fg6F-0*vwVS2XusGLDu)A(tzxJ5znK
zsq4Gn+2Z-N6hgexqp?rf`mqcS`dc98p{JZ_O5~-yA3BA!i00q<I-ANrmSsRHkz4JZ
zIbX35Dq~t1ysUS&A}Pyu2+xR=m*A|G6jCI3-DU+`OAwmA{)S3(VcW(xtUNtyE;OL)
zM@^hXlc*5OVjHYG>QaeXvF-nirbP@-r%~HOQs4r0<C=4)ZvxXV_6_OZ;cFOHTZ*)}
z74=lf_E5+H<@&ez3co<h^w4~Yv~}E90@BYqK3Cnz=)4cdB$vrkZxSH7yRZub_MSJQ
z(powRCi=V^R;B#RG_3m}l)yszE_jCiE#DpC`pus2%~P$PrO|0!?CiJl&T4Cv@OA_i
z>P+YxS{yG}Fj=LYtW71-I+Vq+lW48=)xKTo2|Mh}oV7F|n*sDph8sT=`qM$&E+m>O
zP4-PQRv5eV;=_?RNKnYSh}|oSw66;{85*z_PpQ`1`)!EK5_t-aHXh)(?`*cxmP*+v
z4scHVW-Lp!{bn5>I?Dq?e{{6D2{w-YGL1|H6dkgtsmJ|78YU-Ajs2>izE3*P6DsYu
zb-B2=l^S?j3dL&T2O2bL%lFqeY&JsZ+=u#oW`-QNi^`!ymO*E?XS9#Nwbs5tQ+XSM
z(mB#XDPF?LBKA?nGEZL6vpJANw76n6d-^nc>{G*Mm+vYwJd+N@m#@rV{!yIHR0IH&
z@OqwUxJwGBwCLsBhPTF<v13y!>2{UWMnnO8ap>FOAHzVd6nt2xO#s%R<a=OXV#wyE
z@5R~uet}k5abA~vwAEky??T`CzgK;?eJL{c*nX|X^>SA3gG%>64J`q<;`sh~aM&$Y
zEgB&!vd5Mc3cOoX&dhGmy{v|C(U!2<;vF^B1agXd%ypwr_+*V%1KwVrpwn5a&MPxz
zmg#7BzreFE^~56$2rf5zTjYsFg(hVChdYrZnT!7|G6NsPinap4?oMkb6woF{#-w&@
zXZNM9v~KNzSpM#{0uKc(tzjWQrgC51p;Sf%+|n7l(ltk^FxR>_t;9>MN#ar8SVv=%
zSSg*V8$F>o$}72u^EEgE7)2;N!``nZ^IDD#^%M8ZcxB``V;zY@lT`5r6H)R^0S%)R
zaKt8_AX+OnTIkd|Vwl-WNJ1!SS4V+S$CeWFwyd10EY-1eLRii*h2Rghw!RbSI5v5+
zWad}vi&T~7`}v>2Y@>nml(u95vrpC)vfJehIleM)Y*YFB5%>XG&XRf?sUQ)6c4T_)
zX1PE`15VR*>!f5Gxg5J`FO<;cx1i?2oWiWOo{x$VN1@c$4XhrL1l?HvDVE=q$_b8(
z5YoMK4<4}~;9;iN^{OB2oZ7wAs2v>~u+KmP-qNYVLMe)^8Cxt8n#1Ml@4G0f&y<H$
zc(fAh02>bhzJizZBi{~}cevxJ07@ni@2bT6Du`I9>H&d_x<fY=t(e-a2y!lp>4VT2
z8kXKr%t}cSVfENW0x~I%@CDoP-E1XFg;sc|Q+bNktHhhsawA#Zk7p``3+gq%RVH`d
ziEmu*oxvU&gmG*#iWG{4UF}oM92+dMAn?lwe=0=(Q-}9(Te6I1VLV}^L@ram^QX>2
zPk2&Ixb|B5c3`%hTmHhx2h-{C&fo*1|1?w<UGE<yy_RR5as>mU^KJ`jBvj!UYN01h
zm=mdwu*3Y>CcKG`_>w>DB2OVtQRr^O6ZAOTiMm3t4_OC-p%bACbv3iy;e|wZLR-Zv
zK>+=TA*G0eCi_geS45~;=K)TbXQTj6b3>{Y>QTOWcUH%Ms`l(gEPyNk<*rII?o4@o
z3aZ~J&rJBK3i67wy)s)?$hlBI9r$v-M-CvT-Aw4V?-<QB?c&Ib?rT1$Uks?yS-d=>
z5p6H&kc=)+GI<&#;qc=#23U$tqnvV3+B#)kGYHi>i;;dnw|J)z!FJ0L5S{S5Us%WS
zLfN-|zDM&85qKlinX**uwQ22(3v-4@4ZUN~ac23;+Z}@24;L;;MR5bekkv}?Ss|+F
zxg4aeGR0|5e}zRO5)4w1Ig#RowaA}n@L14{^Ecn-Ht9-L2~DvLdYpv_3e_0{sbx<4
z$1MPpL(!S9`d%mZ;V}=kj<X2m3R!FrMt!b>M*Edp*^9BDuU1H1G&Z*pCFZoyYny-U
zPnN{D5PKA2b0&s3lugo~4j0%;>2Q+?MRG<Zs4-QmZh22?<2su9`u@<j#ub26qp4`i
zMuXh_?P&z3;xGoilcu@9%t`jP&ImV^i!iJ;M)$onbzxQ&4QHCunqqoce^KgU=dS^z
z8qx^k6J|jxaL>Kfi8~>>8y2(oX%;Xme?_HmMoOmcM<r9xJ)7XnNoiijAzGPP97>Iy
zfjF3=!7KT^+mYw+R2U?Gn&}+uB)7WJ4EQBI9Mr$NJC&CdG#!7{41!4h+8w5QbUS4Y
zT=aiFX%A-X{$e38!I9xUL))5=CrOD=QA~8&)0r^HguZg$c2D=G@m72~+Q(|Oc{9aQ
zbmh?g<ekI(rdXB~MOWeIuDrm?N@<Ldy~QciNg;E({SjcLQ{1PKTRLL-^E*(uvT`Yk
zstLbzM&oBIE0t|}KO#b$-y4tFqT^{{3$P;0l`7%4q)yIU=|w&oBngxY+LcWe3?+6e
zxv9Ig6p6ArMpf7C(-eCKRQS9Ae>JL(jI!V;;}1#};ycD?^C>;q>G~Q(Q;q_$*+;U%
zESj(p?=?Tpyi)CwZ$;07UPyFksVB<UQ-QF9c<il!X_u(Y*_6pC({Tb8H$c~W!9fsq
z8$&^G0Fq<EYNa)A5r4j8)OYUQyQP{Xp%8yomHuI0a2Ts*gu3d7R}g0}6#=AxaAI!`
z1suDPVW&_k=o(?aI^3YJ=z4_mu!~t~C4*5Q!`90<SdPex#lQ12ZUTw;n>sWqFEeGV
zwbkT#zG>+Bd3Cu0va(;b*oLr#cJLczlF+&$=X=71rXe4`8<x<E1W>oo??Hy*c%4dU
zapni7=;+mY0Ex6kIf}IMHTTU|A(EJZ@C^p3n2;KwVh8nxB6~sKH}k<Njuq@bm{t1G
z@XEeaY&hK9LQtZ<x!7MQ%q7TUj|Y8zf}2hT3<ti&C$p27uDnaxwDpk)qxaOyT}eRF
zcFn0aA@x82-vzk0V2`%6y%u}8yw{5zd>22spuAm|iWg%}IwyremHj=3&GP}n_4|KW
zB~I7PL}&aFy($IhW3@$Dl&3VWEyh?|#GiO3`4}OBS?S1~sdeTS-#P%m=V|J<aoWH$
zd`EA&1X0})u|Uj+Sv{qPvwFd}CmBnJViQ;lyx+&)U3~j;&e_Pf*P||CYDmmJ7WMoQ
zf6h)~Nabcfdr-w&tRi`9o5`WJnQq#E!X6M=Y(e+(S>_~S-+L%|Me^7$|6HrW`@(VM
z%YMB=qQ~-GS(MLHYvPCDD+4(!9bCiv@nT<Jd@{|z_HS=K@#pUlF#V<yxZAL=nIH7!
zdPCu3Q+ZntavxMX2r*zPvB2UjHw~zQGB1IbILur21Bn)5Nw?*2>KWpveepi>NLcIC
zy))I85Lt1;HXOcP?zQpBWLGk|SDoslbU#@<=6E8%_U4cv7ri~Yf)lVH8&Y~75BtR8
zQ5Z^?Pl|haaCU>N1tK4YHS+fGy@y+0(rs!o=dB`;yd5(&r3yeL^A|7B0#p^`^xvTu
zEvlYc49AxRzf{9`S#K)Pt;1`mFznd5ZRqoXB=7pPE@vMCR(2~s4<YwldFi_YBF5vr
zXBrEM6W1G-CT&p^fUb)_iv&}~$sOLfTDUqWE4{s!ELdnL0+>?x-?25&`*d*)R+A0C
z?39<_EjbE)$i7ex5r1BKe6Orbmi*U8$}rwwv^sc$Z256{GdRUstl7Qeaq3{(O=4EH
zRrBPf%SraK$P)PD+xVP8n2*>#h;Fs1_3=zkDSwk=s6aB}+2?en9;X8(zQ}{Iq<^%?
zoAkb#XQtkJ=_C_BuI`R&-4yqIJVvjt0iG`R{`Z#|Ct@Kc+7dJ?O3?F`h^dpSAIEMM
zo^FGe){aZ3E&cUZ{SqOoMaM_W)^#=o%Uk|SzYbPTcd8_ZA3c>@`)?hVt@^}26oXn3
zY$5u9M2WLD>-+_HImNonF3VW0M0zq*RHC@m=j-VNVo&Wj`tkVmvdy*I0!;RHp}YF&
zj~&^dnVZ>t(;vBE>0sSl3tcWZPs3OLvJY>>@&*wA00a$b2><^T)AGM#ef?MZo5!}D
z--O%0Gepl|{V$s3|G!+w|1T+cYp;t+<cfcXZI-yw7eL$ZgZd;y|9xIyY}%zqd}(dR
z)7A~th-oO78>rLmAO$1KXYG;v?Cw!T<)6!<;RlST?;n-PFxpI~urTU}k5(X?+9OV3
zro2ayVT)XF?a#Qt?v_dti3N%OdA<Br;d%Yfc22UhTN;QlXDs(%xI*|eRGFW018J}h
z?}V9`)({1rit*2{TLrai<H?KU_zL3?V>x^N3_vK$O`oCVU}OGZOw;PyzNF6@VE|N>
zO2HU&reLCp$lq6>(E7{Ne<*ngT1>>4y_SSo>gc1k#9^{MZ5Z;v9l?2|aSAt1)bUTT
zEG8*@q#M_Y+Uz%NbIp3NpQMnGW|#jEiW0QAsx?v^Js!z!j;`-hH7kg)=boVFu!#^C
z)uQSe3UMv$toP`0;LmKgrt49m5)#_{HxIONSOkl;#{aS$fr*vW;p7Yam8!3gs`Rmo
z3h5FrCt=6ZTO-uyc(maj^l?6d@hLLMe1l;Dif6E`NPSlFfBv%DdKwHCq0=U$*te!@
z2QPv#Q`OM;?<a*}H0{?cQ8;`OI3#R|%1x$|_)cTE!iuD+>K@s>IWbSJb9i2Vf44FH
z6W~wUKTaV|^#1pN-*NQMIQ5^v<F|^~0RGRhq}Trzn4VUB{~3>H_^fqzAOh9@HGbLl
z&m@cgeE;80`v2%A{>!BQ-qe2?{}Ubmn@JBUw!Pm36Uj9YVx!H>uOy(I)(@V7FKM3W
Y-fF(s5=3uAeS!F>Drzd!y|xVhA9>m_UH||9

literal 0
HcmV?d00001

diff --git a/windows/deployment/planning/windows-11-deprecated-features.md b/windows/deployment/planning/windows-11-deprecated-features.md
index ab1098d47a..7688a3ec96 100644
--- a/windows/deployment/planning/windows-11-deprecated-features.md
+++ b/windows/deployment/planning/windows-11-deprecated-features.md
@@ -11,11 +11,12 @@ ms.author: greglin
 manager: laurawi
 ms.topic: article
 ---
-# Windows 10 features we’re no longer developing
+
+# Windows 11 features we’re no longer developing
 
 > Applies to: Windows 11
 
-Each version of Windows 10 adds new features and functionality; occasionally we also remove features and functionality, often because we've added a better option. Below are the details about the features and functionalities that are no longer being developed in Windows 10. For information about features that have been removed, see [Features we removed](windows-10-removed-features.md).
+Each version of Windows 11 adds new features and functionality; occasionally we also remove features and functionality, often because we've added a better option. Below are the details about the features and functionalities that are no longer being developed in Windows 11. For information about features that have been removed, see [Features we removed](windows-11-removed-features.md).
 
 The features described below are no longer being actively developed, and might be removed in a future update. Some features have been replaced with other features or functionality and some are now available from other sources.
 
@@ -26,4 +27,4 @@ The features described below are no longer being actively developed, and might b
 
 |Feature    |  Details and mitigation  | Announced in version |
 | ----------- | --------------------- | ---- |
-| Internet Explorer (IE) 11 | The IE11 desktop application will end support for certain operating systems starting June 15, 2022. For more information, see [Internet Explorer 11](/lifecycle/products/internet-explorer-11). | 21H1 |
\ No newline at end of file
+| Feature | Description | Version |
\ No newline at end of file
diff --git a/windows/deployment/planning/windows-11-removed-features.md b/windows/deployment/planning/windows-11-removed-features.md
index 34cd47b43c..4c06d90db1 100644
--- a/windows/deployment/planning/windows-11-removed-features.md
+++ b/windows/deployment/planning/windows-11-removed-features.md
@@ -1,6 +1,6 @@
 ---
 title: Windows 11 - Features that have been removed
-description: In this article, learn about the features and functionality that has been removed or replaced in Windows 10.
+description: In this article, learn about the features and functionality that has been removed or replaced in Windows 11.
 ms.prod: w11
 ms.mktglfcycl: plan
 ms.localizationpriority: medium
@@ -17,7 +17,7 @@ ms.custom: seo-marvel-apr2020
 
 > Applies to: Windows 11
 
-Windows 11 adds new features and functionality; however some features are removed. Below is a summary of features and functionalities that are present in earlier versions of Windows 10/11, but are removed in the specified versions of Windows 11. **The list below is subject to change and might not include every affected feature or functionality.** 
+Windows 11 adds new features and functionality; however some features are removed. Below is a summary of features and functionalities that are present in earlier versions of Windows 10 or Windows 11, but are removed in the specified version of Windows 11. **The list below is subject to change and might not include every affected feature or functionality.** 
 
 > [!NOTE]
 > Join the [Windows Insider program](https://insider.windows.com) to get early access to new Windows 11 builds and test these changes yourself.
@@ -26,5 +26,5 @@ The following features and functionalities have been removed from the installed
 
 |Feature    |  Details and mitigation  | Removed in version |
 | ----------- | --------------------- | ------ |
-| WDS image deployment | End to end WDS deployment workflows that use boot.wim from installation media are affected. For more information, see [WDS boot image support](wds-boot-support.md) | Windows 11 |
+| WDS image deployment | End to end WDS deployment workflows that use boot.wim from installation media are affected. For more information, see [Windows Deployment Services (WDS) boot.wim support](..\wds-boot-support.md) | Windows 11 |
 

From 714385cf3680030f1eb2231d9a7c3c6864b9788d Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Fri, 20 Aug 2021 13:10:54 -0700
Subject: [PATCH 030/671] link?

---
 windows/deployment/planning/windows-11-removed-features.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/planning/windows-11-removed-features.md b/windows/deployment/planning/windows-11-removed-features.md
index 4c06d90db1..e4cbcdea4b 100644
--- a/windows/deployment/planning/windows-11-removed-features.md
+++ b/windows/deployment/planning/windows-11-removed-features.md
@@ -26,5 +26,5 @@ The following features and functionalities have been removed from the installed
 
 |Feature    |  Details and mitigation  | Removed in version |
 | ----------- | --------------------- | ------ |
-| WDS image deployment | End to end WDS deployment workflows that use boot.wim from installation media are affected. For more information, see [Windows Deployment Services (WDS) boot.wim support](..\wds-boot-support.md) | Windows 11 |
+| WDS image deployment | End to end WDS deployment workflows that use boot.wim from installation media are affected. For more information, see [Windows Deployment Services (WDS) boot.wim support](../wds-boot-support.md) | Windows 11 |
 

From d99ce40cd68160a8b8e9098d5dbd6d422face5ae Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Fri, 20 Aug 2021 13:36:42 -0700
Subject: [PATCH 031/671] draft

---
 windows/deployment/TOC.yml                    |  2 -
 .../windows-11-deprecated-features.md         | 30 --------------
 .../planning/windows-11-removed-features.md   |  2 +-
 windows/deployment/wds-boot-support.md        | 39 ++++++++++---------
 4 files changed, 21 insertions(+), 52 deletions(-)
 delete mode 100644 windows/deployment/planning/windows-11-deprecated-features.md

diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml
index 1923bd541b..fef24107a3 100644
--- a/windows/deployment/TOC.yml
+++ b/windows/deployment/TOC.yml
@@ -68,8 +68,6 @@
               items:
                 - name: Windows 10 deprecated features
                   href: planning/windows-10-deprecated-features.md
-                - name: Windows 11 deprecated features
-                  href: planning/windows-11-deprecated-features.md
             - name: Features we removed
               items:
                 - name: Windows 10 features removed
diff --git a/windows/deployment/planning/windows-11-deprecated-features.md b/windows/deployment/planning/windows-11-deprecated-features.md
deleted file mode 100644
index 7688a3ec96..0000000000
--- a/windows/deployment/planning/windows-11-deprecated-features.md
+++ /dev/null
@@ -1,30 +0,0 @@
----
-title: Windows 11 features we’re no longer developing
-description: Review the list of features that are no longer being developed in Windows 11
-ms.prod: w11
-ms.mktglfcycl: plan
-ms.localizationpriority: medium
-ms.sitesec: library
-audience: itpro
-author: greg-lindsay
-ms.author: greglin
-manager: laurawi
-ms.topic: article
----
-
-# Windows 11 features we’re no longer developing
-
-> Applies to: Windows 11
-
-Each version of Windows 11 adds new features and functionality; occasionally we also remove features and functionality, often because we've added a better option. Below are the details about the features and functionalities that are no longer being developed in Windows 11. For information about features that have been removed, see [Features we removed](windows-11-removed-features.md).
-
-The features described below are no longer being actively developed, and might be removed in a future update. Some features have been replaced with other features or functionality and some are now available from other sources.
-
-**The following list is subject to change and might not include every affected feature or functionality.**
-
-> [!NOTE] 
-> If you have feedback about the proposed replacement of any of these features, you can use the [Feedback Hub app](https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app). 
-
-|Feature    |  Details and mitigation  | Announced in version |
-| ----------- | --------------------- | ---- |
-| Feature | Description | Version |
\ No newline at end of file
diff --git a/windows/deployment/planning/windows-11-removed-features.md b/windows/deployment/planning/windows-11-removed-features.md
index e4cbcdea4b..da5a28c992 100644
--- a/windows/deployment/planning/windows-11-removed-features.md
+++ b/windows/deployment/planning/windows-11-removed-features.md
@@ -26,5 +26,5 @@ The following features and functionalities have been removed from the installed
 
 |Feature    |  Details and mitigation  | Removed in version |
 | ----------- | --------------------- | ------ |
-| WDS image deployment | End to end WDS deployment workflows that use boot.wim from installation media are affected. For more information, see [Windows Deployment Services (WDS) boot.wim support](../wds-boot-support.md) | Windows 11 |
+| WDS image deployment | End to end WDS deployment workflows that use **boot.wim** from installation media are affected. For more information, see [Windows Deployment Services (WDS) boot.wim support](../wds-boot-support.md) | Windows 11 |
 
diff --git a/windows/deployment/wds-boot-support.md b/windows/deployment/wds-boot-support.md
index 644071fbfa..49e0b790d2 100644
--- a/windows/deployment/wds-boot-support.md
+++ b/windows/deployment/wds-boot-support.md
@@ -19,15 +19,15 @@ Applies to:
 - Windows 10 
 - Windows 11
 
-The operating system deployment functionality of [Windows Deployment Services](/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831764(v=ws.11)) (WDS) is being partically deprecated. Starting with Windows 11, workflows that rely on boot.wim from installation media and/or on running Setup.exe in WDS mode will no longer be supported.
+The operating system deployment functionality of [Windows Deployment Services](/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831764(v=ws.11)) (WDS) is being partially deprecated. Starting with Windows 11, workflows that rely on **boot.wim** from installation media or on running Windows Setup in WDS mode will no longer be supported.
 
-When you PXE-boot from a WDS server that uses the **boot.wim** file from installation media as its boot image, Windows Setup automatically launches in WDS mode. This workflow is deprecated for Windows 11 and newer boot images. The following message will be displayed in this scenario:
+When you PXE-boot from a WDS server that uses the **boot.wim** file from installation media as its boot image, Windows Setup automatically launches in WDS mode. This workflow is deprecated for Windows 11 and newer boot images. In this scenario, the following message is displayed:
 
-![WDS deprecation notice](images/wds-deprecation.png)
+  ![WDS deprecation notice](images/wds-deprecation.png)
 
 ## Deployment scenarios impacted
 
-See the following table for a summary of the impacted deployment scenarios.
+The following table provides support details for possible deployment scenarios:
 
 
 <br>
@@ -42,10 +42,10 @@ See the following table for a summary of the impacted deployment scenarios.
         <th>Windows Windows 11</th>
     </tr>
     <tr>
-        <th rowspan="6" nowrap="nowrap">Boot image version</th>
+        <th rowspan="6" valign="center">Boot image version</th>
     </tr>
     <tr>
-        <td>Windows 10</td>
+        <td><b>Windows 10</b></td>
         <td>Supported, using a boot image from matching or newer version.</td>
         <td>Supported, using a boot image from Windows 10, version 1607 or later.</td>
         <td>Supported, using a boot image from Windows 10, version 1809 or later.</td>
@@ -53,7 +53,7 @@ See the following table for a summary of the impacted deployment scenarios.
         <td>Not supported.</td>
     </tr>
     <tr>
-        <td>Windows Server 2016</td>
+        <td><b>Windows Server 2016</b></td>
         <td>Supported, using a boot image from Windows 10, version 1607 or later.</td>
         <td>Supported.</td>
         <td>Not supported.</td>
@@ -61,7 +61,7 @@ See the following table for a summary of the impacted deployment scenarios.
         <td>Not supported.</td>
     </tr>
     <tr>
-        <td>Windows Server 2019</td>
+        <td><b>Windows Server 2019</b></td>
         <td>Supported, using a boot image from Windows 10, version 1809 or later.</td>
         <td>Supported.</td>
         <td>Supported.</td>
@@ -69,7 +69,7 @@ See the following table for a summary of the impacted deployment scenarios.
         <td>Not supported.</td>
     </tr>
     <tr>
-        <td>Windows Server 2022</td>
+        <td><b>Windows Server 2022</b></td>
         <td>Deprecated, with a warning message.</td>
         <td>Deprecated, with a warning message.</td>
         <td>Deprecated, with a warning message.</td>
@@ -77,7 +77,7 @@ See the following table for a summary of the impacted deployment scenarios.
         <td>Not supported.</td>
     </tr>
     <tr>
-        <td>Windows 11</td>
+        <td><b>Windows 11</b></td>
         <td>Not supported, blocked.</td>
         <td>Not supported, blocked.</td>
         <td>Not supported, blocked.</td>
@@ -86,15 +86,15 @@ See the following table for a summary of the impacted deployment scenarios.
     </tr>
    </table>
 
-## What is not impacted
-
-WDS PXE boot is not affected by this change. You can still use WDS to PXE boot devices with a custom boot images, but you will no longer be able to use boot.wim as the boot image and run Windows Setup in WDS mode.
-
-You can still run Windows Setup from a network share. Workflows that leverage a custom boot.wim, such as MDT or Configuration Manager are also not affected by this change.
-
 ## Reason for the change
 
-Alternatives to WDS, such as Configuration Manager and MDT provide a better, more flexible, and feature-rich experince for deploying Windows images. 
+Alternatives to WDS, such as [Microsoft Endpoint Configuration Manager](/mem/configmgr/) and [Microsoft Deployment Toolkit](/mem/configmgr/mdt/) (MDT) provide a better, more flexible, and feature-rich experince for deploying Windows images. 
+
+## What is not impacted
+
+WDS PXE boot is not affected by this change. You can still use WDS to PXE boot devices with a custom boot images, but you will no longer be able to use **boot.wim** as the boot image and run Windows Setup in WDS mode.
+
+You can still run Windows Setup from a network share. Workflows that leverage a custom boot.wim, such as MDT or Configuration Manager are also not affected by this change.
 
 ## Summary
 
@@ -103,9 +103,10 @@ Alternatives to WDS, such as Configuration Manager and MDT provide a better, mor
 - Windows Server 2022 workflows that rely on boot.wim from installation media will show a non-blocking deprecation notice that can be dismissed, but the workflow is not blocked.
 - Windows Server workflows after Windows Server 2022 that rely on boot.wim from installation media will be blocked.
 
-If you currently use WDS with boot.wim from installation media for end-to-end operating system deployment, and your OS version is not supported, deprecated, or blocked, you can use other deployment tools, such as Microsoft Deployment Toolkit (MDT), Configuration Manager, or a non-Microsoft solution with a custom boot.wim image. 
+If you currently use WDS with **boot.wim** from installation media for end-to-end operating system deployment, and your OS version is not supported, deprecated, or blocked, you can use other deployment tools, such as MDT, Configuration Manager, or a non-Microsoft solution with a custom boot.wim image. 
 
 ## Also see
 
 [Create a custom Windows PE boot image with Configuration Manager](deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md)<br>
-[Prepare for deployment with MDT](deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md)
\ No newline at end of file
+[Prepare for deployment with MDT](deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md)<br>
+[Features removed or no longer developed starting with Windows Server 2022](/windows-server/get-started/removed-deprecated-features-windows-server-2022)
\ No newline at end of file

From c4c5ebeb89eb50e0ece480f66cb9dca4ba4a3cd2 Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Fri, 20 Aug 2021 13:43:30 -0700
Subject: [PATCH 032/671] Update features-lifecycle.md

---
 windows/deployment/planning/features-lifecycle.md | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/windows/deployment/planning/features-lifecycle.md b/windows/deployment/planning/features-lifecycle.md
index 50c8adb217..af22f20db2 100644
--- a/windows/deployment/planning/features-lifecycle.md
+++ b/windows/deployment/planning/features-lifecycle.md
@@ -24,12 +24,11 @@ Each release of Windows 10 and Windows 11 contains many new and improved feature
 
 The following topic lists features that are no longer being developed. These features might be removed in a future release.
 
-[Windows 10 features we're no longer developing](windows-10-deprecated-features.md)<br>
-[Windows 11 features we're no longer developing](windows-11-deprecated-features.md)
+[Windows 10 features we're no longer developing](windows-10-deprecated-features.md)
 
 ## Features removed
 
-The following topic has details about features that have been removed from Windows 10 or Windows 11. This includes features that are present in Windows 10, but are removed in Windows 11.
+The following topics have details about features that have been removed from Windows 10 or Windows 11. This includes features that are present in Windows 10, but are removed in Windows 11.
 
 [Windows 10 features we removed](windows-10-removed-features.md)<br>
 [Windows 11 features we removed](windows-11-removed-features.md)

From 72060dff51ee58fb2c716347323879299309fa94 Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Fri, 20 Aug 2021 14:02:45 -0700
Subject: [PATCH 033/671] draft

---
 windows/deployment/wds-boot-support.md | 25 ++++++++++++-------------
 1 file changed, 12 insertions(+), 13 deletions(-)

diff --git a/windows/deployment/wds-boot-support.md b/windows/deployment/wds-boot-support.md
index 49e0b790d2..cf45e04e2e 100644
--- a/windows/deployment/wds-boot-support.md
+++ b/windows/deployment/wds-boot-support.md
@@ -21,17 +21,16 @@ Applies to:
 
 The operating system deployment functionality of [Windows Deployment Services](/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831764(v=ws.11)) (WDS) is being partially deprecated. Starting with Windows 11, workflows that rely on **boot.wim** from installation media or on running Windows Setup in WDS mode will no longer be supported.
 
-When you PXE-boot from a WDS server that uses the **boot.wim** file from installation media as its boot image, Windows Setup automatically launches in WDS mode. This workflow is deprecated for Windows 11 and newer boot images. In this scenario, the following message is displayed:
+When you PXE-boot from a WDS server that uses the **boot.wim** file from installation media as its boot image, Windows Setup automatically launches in WDS mode. This workflow is deprecated for Windows 11 and newer boot images. The following deprecation message is displayed:
 
   ![WDS deprecation notice](images/wds-deprecation.png)
 
 ## Deployment scenarios impacted
 
-The following table provides support details for possible deployment scenarios:
-
+The table below provides support details for specific deployment scenarios.
 
 <br>
-<table border="0" cellpadding="1">
+<table cellpadding="1">
     <tr>
         <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
         <td>&nbsp;</td>
@@ -42,7 +41,7 @@ The following table provides support details for possible deployment scenarios:
         <th>Windows Windows 11</th>
     </tr>
     <tr>
-        <th rowspan="6" valign="center">Boot image version</th>
+        <th rowspan="6" valign="middle">Boot image version</th>
     </tr>
     <tr>
         <td><b>Windows 10</b></td>
@@ -88,22 +87,22 @@ The following table provides support details for possible deployment scenarios:
 
 ## Reason for the change
 
-Alternatives to WDS, such as [Microsoft Endpoint Configuration Manager](/mem/configmgr/) and [Microsoft Deployment Toolkit](/mem/configmgr/mdt/) (MDT) provide a better, more flexible, and feature-rich experince for deploying Windows images. 
+Alternatives to WDS, such as [Microsoft Endpoint Configuration Manager](/mem/configmgr/) and [Microsoft Deployment Toolkit](/mem/configmgr/mdt/) (MDT) provide a better, more flexible, and feature-rich experience for deploying Windows images. 
 
-## What is not impacted
+## Not impacted
 
-WDS PXE boot is not affected by this change. You can still use WDS to PXE boot devices with a custom boot images, but you will no longer be able to use **boot.wim** as the boot image and run Windows Setup in WDS mode.
+WDS PXE boot is not affected by this change. You can still use WDS to PXE boot devices with a custom boot images, but you will no longer be able to use **boot.wim** as the boot image, and run Windows Setup in WDS mode.
 
-You can still run Windows Setup from a network share. Workflows that leverage a custom boot.wim, such as MDT or Configuration Manager are also not affected by this change.
+You can still run Windows Setup from a network share. Workflows that leverage a custom boot.wim, such as MDT or Configuration Manager are not affected by this change.
 
 ## Summary
 
-- Windows 11 workflows that rely on boot.wim from installation media will be blocked. You cannot perform an end to end deployment of Windows 11 using only WDS.
+- Windows 11 workflows that rely on **boot.wim** from installation media will be blocked. You cannot perform an end to end deployment of Windows 11 using only WDS.
 - Windows 10, Windows Server 2019, and previous operating system versions are not affected by this change.
-- Windows Server 2022 workflows that rely on boot.wim from installation media will show a non-blocking deprecation notice that can be dismissed, but the workflow is not blocked.
-- Windows Server workflows after Windows Server 2022 that rely on boot.wim from installation media will be blocked.
+- Windows Server 2022 workflows that rely on **boot.wim** from installation media will show a non-blocking deprecation notice that can be dismissed, but the workflow is not blocked.
+- Windows Server workflows after Windows Server 2022 that rely on **boot.wim** from installation media are blocked.
 
-If you currently use WDS with **boot.wim** from installation media for end-to-end operating system deployment, and your OS version is not supported, deprecated, or blocked, you can use other deployment tools, such as MDT, Configuration Manager, or a non-Microsoft solution with a custom boot.wim image. 
+If you currently use WDS with **boot.wim** from installation media for end-to-end operating system deployment, and your OS version is not supported, deprecated, or blocked, it is recommended that you use deployment tools such as MDT, Configuration Manager, or a non-Microsoft solution with a custom boot.wim image. 
 
 ## Also see
 

From a1294a0538f65738cc57ae52834351bdd77983ef Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Fri, 20 Aug 2021 14:09:45 -0700
Subject: [PATCH 034/671] typos and grammar

---
 .../planning/windows-11-removed-features.md          |  2 +-
 windows/deployment/wds-boot-support.md               | 12 ++++++------
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/deployment/planning/windows-11-removed-features.md b/windows/deployment/planning/windows-11-removed-features.md
index da5a28c992..447473ea86 100644
--- a/windows/deployment/planning/windows-11-removed-features.md
+++ b/windows/deployment/planning/windows-11-removed-features.md
@@ -26,5 +26,5 @@ The following features and functionalities have been removed from the installed
 
 |Feature    |  Details and mitigation  | Removed in version |
 | ----------- | --------------------- | ------ |
-| WDS image deployment | End to end WDS deployment workflows that use **boot.wim** from installation media are affected. For more information, see [Windows Deployment Services (WDS) boot.wim support](../wds-boot-support.md) | Windows 11 |
+| Windows Deployment Services (WDS) image deployment | End to end WDS deployment workflows that use **boot.wim** from installation media are affected. For more information, see [Windows Deployment Services (WDS) boot.wim support](../wds-boot-support.md) | Windows 11 |
 
diff --git a/windows/deployment/wds-boot-support.md b/windows/deployment/wds-boot-support.md
index cf45e04e2e..37ede74a28 100644
--- a/windows/deployment/wds-boot-support.md
+++ b/windows/deployment/wds-boot-support.md
@@ -25,7 +25,7 @@ When you PXE-boot from a WDS server that uses the **boot.wim** file from install
 
   ![WDS deprecation notice](images/wds-deprecation.png)
 
-## Deployment scenarios impacted
+## Deployment scenarios affected
 
 The table below provides support details for specific deployment scenarios.
 
@@ -38,7 +38,7 @@ The table below provides support details for specific deployment scenarios.
         <th>Windows Server 2016</th>
         <th>Windows Server 2019</th>
         <th>Windows Server 2022</th>
-        <th>Windows Windows 11</th>
+        <th>Windows 11</th>
     </tr>
     <tr>
         <th rowspan="6" valign="middle">Boot image version</th>
@@ -89,17 +89,17 @@ The table below provides support details for specific deployment scenarios.
 
 Alternatives to WDS, such as [Microsoft Endpoint Configuration Manager](/mem/configmgr/) and [Microsoft Deployment Toolkit](/mem/configmgr/mdt/) (MDT) provide a better, more flexible, and feature-rich experience for deploying Windows images. 
 
-## Not impacted
+## Not affected
 
-WDS PXE boot is not affected by this change. You can still use WDS to PXE boot devices with a custom boot images, but you will no longer be able to use **boot.wim** as the boot image, and run Windows Setup in WDS mode.
+WDS PXE boot is not affected by this change. You can still use WDS to PXE boot devices with custom boot images, but you cannot use **boot.wim** as the boot image and run Windows Setup in WDS mode.
 
-You can still run Windows Setup from a network share. Workflows that leverage a custom boot.wim, such as MDT or Configuration Manager are not affected by this change.
+You can still run Windows Setup from a network share. Workflows that use a custom boot.wim, such as MDT or Configuration Manager are not affected by this change.
 
 ## Summary
 
 - Windows 11 workflows that rely on **boot.wim** from installation media will be blocked. You cannot perform an end to end deployment of Windows 11 using only WDS.
 - Windows 10, Windows Server 2019, and previous operating system versions are not affected by this change.
-- Windows Server 2022 workflows that rely on **boot.wim** from installation media will show a non-blocking deprecation notice that can be dismissed, but the workflow is not blocked.
+- Windows Server 2022 workflows that rely on **boot.wim** from installation media will show a non-blocking deprecation notice. The notice can be dismissed, and currently the workflow is not blocked.
 - Windows Server workflows after Windows Server 2022 that rely on **boot.wim** from installation media are blocked.
 
 If you currently use WDS with **boot.wim** from installation media for end-to-end operating system deployment, and your OS version is not supported, deprecated, or blocked, it is recommended that you use deployment tools such as MDT, Configuration Manager, or a non-Microsoft solution with a custom boot.wim image. 

From 47f544489a88546a3a7094de151b7dea5eac423b Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Fri, 20 Aug 2021 14:19:40 -0700
Subject: [PATCH 035/671] table

---
 windows/deployment/TOC.yml             | 2 +-
 windows/deployment/wds-boot-support.md | 5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml
index fef24107a3..d604286b18 100644
--- a/windows/deployment/TOC.yml
+++ b/windows/deployment/TOC.yml
@@ -295,7 +295,7 @@
           items:
             - name: Windows client deployment scenarios and tools
               items:
-                - name: WWindows Deployment Services (WDS) boot.wim support
+                - name: Windows Deployment Services (WDS) boot.wim support
                   href: wds-boot-support.md
                 - name: Convert MBR partition to GPT
                   href: mbr-to-gpt.md
diff --git a/windows/deployment/wds-boot-support.md b/windows/deployment/wds-boot-support.md
index 37ede74a28..0d7de399b5 100644
--- a/windows/deployment/wds-boot-support.md
+++ b/windows/deployment/wds-boot-support.md
@@ -33,7 +33,7 @@ The table below provides support details for specific deployment scenarios.
 <table cellpadding="1">
     <tr>
         <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
-        <td>&nbsp;</td>
+        <td><i>OS deployed</i></td>
         <th>Windows 10</th>
         <th>Windows Server 2016</th>
         <th>Windows Server 2019</th>
@@ -41,7 +41,8 @@ The table below provides support details for specific deployment scenarios.
         <th>Windows 11</th>
     </tr>
     <tr>
-        <th rowspan="6" valign="middle">Boot image version</th>
+        <td rowspan="6" valign="middle"><i>
+    <br>&nbsp;<br>&nbsp;<br>&nbsp;<br>&nbsp;<br>&nbsp;<br>&nbsp;<br>&nbsp;<br>&nbsp;<br>&nbsp;<br>&nbsp;<br>Boot image version</i></td>
     </tr>
     <tr>
         <td><b>Windows 10</b></td>

From 35e7570e47702114b51cc54135e46b1f1e9f9b89 Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Fri, 20 Aug 2021 14:23:56 -0700
Subject: [PATCH 036/671] table

---
 windows/deployment/wds-boot-support.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/deployment/wds-boot-support.md b/windows/deployment/wds-boot-support.md
index 0d7de399b5..82ad38d20c 100644
--- a/windows/deployment/wds-boot-support.md
+++ b/windows/deployment/wds-boot-support.md
@@ -33,7 +33,7 @@ The table below provides support details for specific deployment scenarios.
 <table cellpadding="1">
     <tr>
         <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
-        <td><i>OS deployed</i></td>
+        <td>&nbsp;</td>
         <th>Windows 10</th>
         <th>Windows Server 2016</th>
         <th>Windows Server 2019</th>
@@ -41,8 +41,8 @@ The table below provides support details for specific deployment scenarios.
         <th>Windows 11</th>
     </tr>
     <tr>
-        <td rowspan="6" valign="middle"><i>
-    <br>&nbsp;<br>&nbsp;<br>&nbsp;<br>&nbsp;<br>&nbsp;<br>&nbsp;<br>&nbsp;<br>&nbsp;<br>&nbsp;<br>&nbsp;<br>Boot image version</i></td>
+        <td rowspan="6"><i>
+    <br>&nbsp;<br>&nbsp;<br>&nbsp;<br>&nbsp;<br>&nbsp;<br>&nbsp;<br>&nbsp;<br>&nbsp;<br>&nbsp;<br>Boot image version</i></td>
     </tr>
     <tr>
         <td><b>Windows 10</b></td>

From 589ab9dc7edcc0dec5fc8dccd22667f9c8a655d7 Mon Sep 17 00:00:00 2001
From: Alekhya Jupudi <v-aljupudi@microsoft.com>
Date: Mon, 23 Aug 2021 12:24:16 +0530
Subject: [PATCH 037/671] Resolving suggestions for better result

---
 .../configuration/cortana-at-work/cortana-at-work-overview.md | 4 ++--
 .../configuration/cortana-at-work/cortana-at-work-powerbi.md  | 2 +-
 .../cortana-at-work/cortana-at-work-scenario-2.md             | 2 +-
 .../cortana-at-work/cortana-at-work-scenario-4.md             | 4 ++--
 .../cortana-at-work/cortana-at-work-scenario-5.md             | 2 +-
 .../cortana-at-work/cortana-at-work-scenario-6.md             | 2 +-
 .../cortana-at-work/set-up-and-test-cortana-in-windows-10.md  | 2 +-
 windows/configuration/cortana-at-work/test-scenario-5.md      | 2 +-
 8 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/windows/configuration/cortana-at-work/cortana-at-work-overview.md b/windows/configuration/cortana-at-work/cortana-at-work-overview.md
index 140f54edf4..ac0783dddb 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-overview.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-overview.md
@@ -2,7 +2,7 @@
 title: Configure Cortana in Windows 10 and Windows 11
 ms.reviewer: 
 manager: dansimp
-description: Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and enterprise environments.
+description: Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and for enterprise environments.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -51,7 +51,7 @@ Cortana's approach to integration with Microsoft 365 has changed with Windows 10
 
 ### Cortana in Windows 10, version 2004 and later, or Windows 11
 
-Cortana enterprise services that can be accessed using Azure AD through Cortana in Windows 10, version 2004 and later, or Windows 11, meet the same enterprise-level privacy, security, and compliance promises as reflected in the [Online Services Terms (OST)](https://www.microsoft.com/en-us/licensing/product-licensing/products). To learn more, see [Cortana in Microsoft 365](/microsoft-365/admin/misc/cortana-integration?view=o365-worldwide#what-data-is-processed-by-cortana-in-office-365).
+Cortana enterprise services that can be accessed using Azure AD through Cortana in Windows 10, version 2004 and later, or Windows 11, meet the same enterprise-level privacy, security, and compliance promises as reflected in the [Online Services Terms (OST)](https://www.microsoft.com/en-us/licensing/product-licensing/products). To learn more, see [Cortana in Microsoft 365](/microsoft-365/admin/misc/cortana-integration?view=o365-worldwide#what-data-is-processed-by-cortana-in-office-365&preserve-view=true).
 
 #### How does Microsoft store, retain, process, and use Customer Data in Cortana?
 
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-powerbi.md b/windows/configuration/cortana-at-work/cortana-at-work-powerbi.md
index 1ddfd0c705..78c5c80ef5 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-powerbi.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-powerbi.md
@@ -56,7 +56,7 @@ Before you can start this testing scenario, you must first set up your test envi
 
 4. Click **Samples** from the **Content Pack Library** area of the **Get Data** screen.
 
-    ![Cortana at work, showing the Samples link](../images/cortana-powerbi-getdata-samples.png)
+    ![Cortana at work, showing Samples link](../images/cortana-powerbi-getdata-samples.png)
 
 5. Click **Retail Analysis Sample**, and then click **Connect**.
 
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
index dab5bf883a..029beac994 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
@@ -1,6 +1,6 @@
 ---
 title: Perform a quick search with Cortana at work (Windows)
-description: A test scenario about how to perform a quick search with Cortana at work.
+description: This is a test scenario about how to perform a quick search with Cortana at work.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md
index b5784100ce..ef74c5f580 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md
@@ -1,6 +1,6 @@
 ---
 title: Use Cortana at work to find your upcoming meetings (Windows)
-description: A test scenario about how to use Cortana at work to find your upcoming meetings.
+description: A test scenario on how to use Cortana at work to find your upcoming meetings.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -12,7 +12,7 @@ ms.reviewer:
 manager: dansimp
 ---
 
-# Test scenario 4 - Use Cortana to find free time on your calendar
+# Test scenario 4 - Use Cortana to find free time on your calendar for your upcoming meetings.
 
 This scenario helps you find out if a time slot is free on your calendar.
 
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
index a2cefc5ce3..926fcea790 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
@@ -1,6 +1,6 @@
 ---
 title: Use Cortana to send email to a co-worker (Windows)
-description: A test scenario about how to use Cortana at work to send email to a co-worker.
+description: A test scenario on how to use Cortana at work to send email to a co-worker.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
index 003caaecc7..b7ff043455 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
@@ -1,6 +1,6 @@
 ---
 title: Review a reminder suggested by Cortana (Windows)
-description: A test scenario about how to use Cortana with the Suggested reminders feature.
+description: A test scenario on how to use Cortana with the Suggested reminders feature.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md b/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md
index 06ff6a75f4..a4f82f1aac 100644
--- a/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md
+++ b/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md
@@ -2,7 +2,7 @@
 title: Set up and test Cortana in Windows 10, version 2004 and later
 ms.reviewer: 
 manager: dansimp
-description: Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and enterprise environments.
+description: Cortana includes powerful configuration options specifically to optimize unique small to medium-sized business and enterprise environments.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/windows/configuration/cortana-at-work/test-scenario-5.md b/windows/configuration/cortana-at-work/test-scenario-5.md
index e798d2260a..d730763085 100644
--- a/windows/configuration/cortana-at-work/test-scenario-5.md
+++ b/windows/configuration/cortana-at-work/test-scenario-5.md
@@ -1,6 +1,6 @@
 ---
 title: Use Cortana to send email to a co-worker (Windows)
-description: A test scenario about how to use Cortana at work to send email to a co-worker.
+description: A test scenario on how to use Cortana at work to send email to a co-worker.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library

From c37b11e2a673464f7ff2607d34e2e0dff723d9ba Mon Sep 17 00:00:00 2001
From: Alekhya Jupudi <v-aljupudi@microsoft.com>
Date: Mon, 23 Aug 2021 16:41:03 +0530
Subject: [PATCH 038/671] Fixing suggestions

---
 .../cortana-at-work/cortana-at-work-scenario-5.md             | 2 +-
 windows/configuration/cortana-at-work/test-scenario-4.md      | 4 ++--
 windows/configuration/cortana-at-work/test-scenario-5.md      | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
index 926fcea790..a2cefc5ce3 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
@@ -1,6 +1,6 @@
 ---
 title: Use Cortana to send email to a co-worker (Windows)
-description: A test scenario on how to use Cortana at work to send email to a co-worker.
+description: A test scenario about how to use Cortana at work to send email to a co-worker.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
diff --git a/windows/configuration/cortana-at-work/test-scenario-4.md b/windows/configuration/cortana-at-work/test-scenario-4.md
index 74ca02298f..6a77d8dcda 100644
--- a/windows/configuration/cortana-at-work/test-scenario-4.md
+++ b/windows/configuration/cortana-at-work/test-scenario-4.md
@@ -1,5 +1,5 @@
 ---
-title: Use Cortana at work to find your upcoming meetings (Windows)
+title: Use Cortana to find your upcoming meetings at work (Windows)
 description: A test scenario about how to use Cortana at work to find your upcoming meetings.
 ms.prod: w10
 ms.mktglfcycl: manage
@@ -12,7 +12,7 @@ ms.reviewer:
 manager: dansimp
 ---
 
-# Test scenario 4 - Use Cortana at work to find your upcoming meetings
+# Test scenario 4 - Use Cortana to find your upcoming meetings at work
 
 >[!Important]
 >The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.
diff --git a/windows/configuration/cortana-at-work/test-scenario-5.md b/windows/configuration/cortana-at-work/test-scenario-5.md
index d730763085..3338b84019 100644
--- a/windows/configuration/cortana-at-work/test-scenario-5.md
+++ b/windows/configuration/cortana-at-work/test-scenario-5.md
@@ -1,5 +1,5 @@
 ---
-title: Use Cortana to send email to a co-worker (Windows)
+title: Use Cortana to send an email to co-worker (Windows)
 description: A test scenario on how to use Cortana at work to send email to a co-worker.
 ms.prod: w10
 ms.mktglfcycl: manage
@@ -12,7 +12,7 @@ ms.reviewer:
 manager: dansimp
 ---
 
-# Test scenario 5 - Use Cortana to send email to a co-worker
+# Test scenario 5 - Use Cortana to send an email to co-worker
 
 >[!Important]
 >The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.

From 22e9c02cdec7a228305eece9ceb53c856ac20d23 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha <v-lsaldanha@microsoft.com>
Date: Mon, 23 Aug 2021 22:33:33 +0530
Subject: [PATCH 039/671] updated-5358710

Kernel DMA++ for W11 - updated topics per task 5358710
---
 .../encrypted-hard-drive.md                   |  3 +-
 .../kernel-dma-protection-for-thunderbolt.md  |  7 ++--
 .../secure-the-windows-10-boot-process.md     | 39 ++++++++++---------
 3 files changed, 26 insertions(+), 23 deletions(-)

diff --git a/windows/security/information-protection/encrypted-hard-drive.md b/windows/security/information-protection/encrypted-hard-drive.md
index 1fc11d00d4..94d231d8f3 100644
--- a/windows/security/information-protection/encrypted-hard-drive.md
+++ b/windows/security/information-protection/encrypted-hard-drive.md
@@ -1,5 +1,5 @@
 ---
-title: Encrypted Hard Drive (Windows 10)
+title: Encrypted Hard Drive (Windows)
 description: Encrypted Hard Drive uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management.
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
 ms.reviewer: 
@@ -17,6 +17,7 @@ ms.date: 04/02/2019
 
 **Applies to**
 - Windows 10
+- Windows 11
 - Windows Server 2022
 - Windows Server 2019
 - Windows Server 2016
diff --git a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
index 31fc1097a4..2a7cc852d6 100644
--- a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
+++ b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
@@ -1,5 +1,5 @@
 ---
-title: Kernel DMA Protection (Windows 10)
+title: Kernel DMA Protection (Windows)
 description: Kernel DMA Protection protects PCs against drive-by Direct Memory Access (DMA) attacks using PCI hot plug devices connected to Thunderbolt™ 3 ports.
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -19,6 +19,7 @@ ms.reviewer:
 
 **Applies to**
 -   Windows 10
+-   Windows 11
 
 In Windows 10 version 1803, Microsoft introduced a new feature called Kernel DMA Protection to protect PCs against drive-by Direct Memory Access (DMA) attacks using PCI hot plug devices connected to externally accessible PCIe ports (e.g., Thunderbolt™ 3 ports and CFexpress). In Windows 10 version 1903, Microsoft expanded the Kernel DMA Protection support to cover internal PCIe ports (e.g., M.2 slots)
 
@@ -92,7 +93,7 @@ Beginning with Windows 10 version 1809, you can use Security Center to check if
    - Reboot into BIOS settings
    - Turn on Intel Virtualization Technology.
    - Turn on Intel Virtualization Technology for I/O (VT-d). In Windows 10 version 1803, only Intel VT-d is supported. Other platforms can use DMA attack mitigations described in [BitLocker countermeasures](bitlocker/bitlocker-countermeasures.md).
-   - Reboot system into Windows 10.
+   - Reboot system into Windows.
 
    >[!NOTE]
    > **Hyper-V - Virtualization Enabled in Firmware** is not available when **A hypervisor has been detected. Features required for Hyper-V will not be displayed.** is displayed. This means that **Hyper-V - Virtualization Enabled in Firmware** is set to Yes and the **Hyper-V** Windows feature is enabled. Enabling Hyper-V virtualization in Firmware (IOMMU) is required to enable **Kernel DMA Protection**, even when the firmware has the flag of "ACPI Kernel DMA Protection Indicators" described in [Kernel DMA Protection (Memory Access Protection) for OEMs](/windows-hardware/design/device-experiences/oem-kernel-dma-protection).
@@ -121,7 +122,7 @@ Please check the driver instance for the device you are testing. Some drivers ma
 
 ### What should I do if the drivers for my PCI or Thunderbolt™ 3 peripherals do not support DMA-remapping?
 
-If the peripherals do have class drivers provided by Windows 10, please use these drivers on your systems. If there are no class drivers provided by Windows for your peripherals, please contact your peripheral vendor/driver vendor to update the driver to support [DMA Remapping](/windows-hardware/drivers/pci/enabling-dma-remapping-for-device-drivers).
+If the peripherals do have class drivers provided by Windows, please use these drivers on your systems. If there are no class drivers provided by Windows for your peripherals, please contact your peripheral vendor/driver vendor to update the driver to support [DMA Remapping](/windows-hardware/drivers/pci/enabling-dma-remapping-for-device-drivers).
 
 ### My system's Kernel DMA Protection is off. Can DMA-remapping for a specific device be turned on?
 
diff --git a/windows/security/information-protection/secure-the-windows-10-boot-process.md b/windows/security/information-protection/secure-the-windows-10-boot-process.md
index 721ae1e1e3..45fc317aa9 100644
--- a/windows/security/information-protection/secure-the-windows-10-boot-process.md
+++ b/windows/security/information-protection/secure-the-windows-10-boot-process.md
@@ -1,7 +1,7 @@
 ---
 title: Secure the Windows 10 boot process
 description: This article describes how Windows 10 security features helps protect your PC from malware, including rootkits and other applications
-keywords: trusted boot, windows 10 boot proces
+keywords: trusted boot, windows 10 boot process
 ms.prod: w10
 ms.mktglfcycl: Explore
 ms.pagetype: security
@@ -22,16 +22,17 @@ ms.author: dansimp
 **Applies to:**
 -  Windows 10
 -  Windows 8.1
+-  Windows 11
 
 The Windows operating system has many features to help protect you from malware, and it does an amazingly good job. Except for apps that businesses develop and use internally, all Microsoft Store apps must meet a series of requirements to be certified and included in the Microsoft Store. This certification process examines several criteria, including security, and is an effective means of preventing malware from entering the Microsoft Store. Even if a malicious app does get through, the Windows 10 operating system includes a series of security features that can mitigate the impact. For instance, Microsoft Store apps are sandboxed and lack the privileges necessary to access user data or change system settings.
 
-Windows 10 has multiple levels of protection for desktop apps and data, too. Windows Defender uses signatures to detect and quarantine apps that are known to be malicious. Windows Defender SmartScreen warns users before allowing them to run an untrustworthy app, even if it’s recognized as malware. Before an app can change system settings, the user would have to grant the app administrative privileges by using User Account Control.
+Windows has multiple levels of protection for desktop apps and data, too. Windows Defender uses signatures to detect and quarantine apps that are known to be malicious. Windows Defender SmartScreen warns users before allowing them to run an untrustworthy app, even if it’s recognized as malware. Before an app can change system settings, the user would have to grant the app administrative privileges by using User Account Control.
 
-Those are just some of the ways that Windows 10 protects you from malware. However, those security features protect you only after Windows 10 starts. Modern malware—and bootkits specifically—are capable of starting before Windows, completely bypassing operating system security, and remaining completely hidden.
+Those are just some of the ways that Windows protects you from malware. However, those security features protect you only after Windows starts. Modern malware—and bootkits specifically—are capable of starting before Windows, completely bypassing operating system security, and remaining completely hidden.
 
-When you run Windows 10 on a PC or any PC that supports Unified Extensible Firmware Interface (UEFI), Trusted Boot protects your PC from malware from the moment you power on your PC until your anti-malware starts. In the unlikely event that malware does infect a PC, it can’t remain hidden; Trusted Boot can prove the system’s integrity to your infrastructure in a way that malware can’t disguise. Even on PCs without UEFI, Windows 10 provides even better startup security than previous versions of Windows.
+When you run Windows 10 on a PC or any PC that supports Unified Extensible Firmware Interface (UEFI), Trusted Boot protects your PC from malware from the moment you power on your PC until your anti-malware starts. In the unlikely event that malware does infect a PC, it can’t remain hidden; Trusted Boot can prove the system’s integrity to your infrastructure in a way that malware can’t disguise. Even on PCs without UEFI, Windows provides even better startup security than previous versions of Windows.
 
-First, let’s examine what rootkits are and how they work. Then, we’ll show you how Windows 10 can protect you.
+First, let’s examine what rootkits are and how they work. Then, we’ll show you how Windows can protect you.
 
 
 ## The threat: rootkits
@@ -46,16 +47,16 @@ Different types of rootkits load during different phases of the startup process:
 -  **Driver rootkits.** These kits pretend to be one of the trusted drivers that Windows uses to communicate with the PC hardware.
 
 ## The countermeasures
-Windows 10 supports four features to help prevent rootkits and bootkits from loading during the startup process:
+Windows supports four features to help prevent rootkits and bootkits from loading during the startup process:
 -  **Secure Boot.** PCs with UEFI firmware and a Trusted Platform Module (TPM) can be configured to load only trusted operating system bootloaders.
 -  **Trusted Boot.** Windows checks the integrity of every component of the startup process before loading it.
 -  **Early Launch Anti-Malware (ELAM).** ELAM tests all drivers before they load and prevents unapproved drivers from loading.
 -  **Measured Boot.** The PC’s firmware logs the boot process, and Windows can send it to a trusted server that can objectively assess the PC’s health.
 
-Figure 1 shows the Windows 10 startup process.
+Figure 1 shows the Windows startup process.
 
 
-![Windows 10 startup process](./images/dn168167.boot_process(en-us,MSDN.10).png)
+![Windows startup process](./images/dn168167.boot_process(en-us,MSDN.10).png)
 
 **Figure 1. Secure Boot, Trusted Boot, and Measured Boot block malware at every stage**
 
@@ -68,10 +69,10 @@ When a PC starts, it first finds the operating system bootloader. PCs without Se
 
 When a PC equipped with UEFI starts, the PC first verifies that the firmware is digitally signed, reducing the risk of firmware rootkits. If Secure Boot is enabled, the firmware examines the bootloader’s digital signature to verify that it hasn’t been modified. If the bootloader is intact, the firmware starts the bootloader only if one of the following conditions is true:
 
--  **The bootloader was signed using a trusted certificate.** In the case of PCs certified for Windows 10, the Microsoft® certificate is trusted.
+-  **The bootloader was signed using a trusted certificate.** In the case of PCs certified for Windows, the Microsoft® certificate is trusted.
 -  **The user has manually approved the bootloader’s digital signature.** This allows the user to load non-Microsoft operating systems.
 
-All x86-based Certified For Windows 10 PCs must meet several requirements related to Secure Boot:
+All x86-based Certified For Windows PCs must meet several requirements related to Secure Boot:
 
 -  They must have Secure Boot enabled by default.
 -  They must trust Microsoft’s certificate (and thus any bootloader Microsoft has signed).
@@ -80,30 +81,30 @@ All x86-based Certified For Windows 10 PCs must meet several requirements relat
 
 These requirements help protect you from rootkits while allowing you to run any operating system you want. You have three options for running non-Microsoft operating systems:
 
--  **Use an operating system with a certified bootloader.** Because all Certified For Windows 10 PCs must trust Microsoft’s certificate, Microsoft offers a service to analyze and sign any non-Microsoft bootloader so that it will be trusted by all Certified For Windows 10 PCs. In fact, an [open source bootloader](http://mjg59.dreamwidth.org/20303.html) capable of loading Linux is already available. To begin the process of obtaining a certificate, go to <https://partner.microsoft.com/dashboard>.
--  **Configure UEFI to trust your custom bootloader.** All Certified For Windows 10 PCs allow you to trust a non-certified bootloader by adding a signature to the UEFI database, allowing you to run any operating system, including homemade operating systems.
--  **Turn off Secure Boot.** All Certified For Windows 10 PCs allow you to turn off Secure Boot so that you can run any software. This does not help protect you from bootkits, however.
+-  **Use an operating system with a certified bootloader.** Because all Certified For Windows PCs must trust Microsoft’s certificate, Microsoft offers a service to analyze and sign any non-Microsoft bootloader so that it will be trusted by all Certified For Windows PCs. In fact, an [open source bootloader](http://mjg59.dreamwidth.org/20303.html) capable of loading Linux is already available. To begin the process of obtaining a certificate, go to <https://partner.microsoft.com/dashboard>.
+-  **Configure UEFI to trust your custom bootloader.** All Certified For Windows PCs allow you to trust a non-certified bootloader by adding a signature to the UEFI database, allowing you to run any operating system, including homemade operating systems.
+-  **Turn off Secure Boot.** All Certified For Windows PCs allow you to turn off Secure Boot so that you can run any software. This does not help protect you from bootkits, however.
 
 To prevent malware from abusing these options, the user must manually configure the UEFI firmware to trust a non-certified bootloader or to turn off Secure Boot. Software cannot change the Secure Boot settings.
 
 Like most mobile devices, ARM-based Certified For Windows RT devices, such as the Microsoft Surface RT device, are designed to run only Windows 8.1. Therefore, Secure Boot cannot be turned off, and you cannot load a different operating system. Fortunately, there is a large market of ARM devices designed to run other operating systems.
 
 ## Trusted Boot
-Trusted Boot takes over where Secure Boot leaves off. The bootloader verifies the digital signature of the Windows 10 kernel before loading it. The Windows 10 kernel, in turn, verifies every other component of the Windows startup process, including the boot drivers, startup files, and ELAM. If a file has been modified, the bootloader detects the problem and refuses to load the corrupted component. Often, Windows 10 can automatically repair the corrupted component, restoring the integrity of Windows and allowing the PC to start normally.
+Trusted Boot takes over where Secure Boot leaves off. The bootloader verifies the digital signature of the Windows 10 kernel before loading it. The Windows 10 kernel, in turn, verifies every other component of the Windows startup process, including the boot drivers, startup files, and ELAM. If a file has been modified, the bootloader detects the problem and refuses to load the corrupted component. Often, Windows can automatically repair the corrupted component, restoring the integrity of Windows and allowing the PC to start normally.
 
 ## Early Launch Anti-Malware
 Because Secure Boot has protected the bootloader and Trusted Boot has protected the Windows kernel, the next opportunity for malware to start is by infecting a non-Microsoft boot driver. Traditional anti-malware apps don’t start until after the boot drivers have been loaded, giving a rootkit disguised as a driver the opportunity to work.
 
 Early Launch Anti-Malware (ELAM) can load a Microsoft or non-Microsoft anti-malware driver before all non-Microsoft boot drivers and applications, thus continuing the chain of trust established by Secure Boot and Trusted Boot. Because the operating system hasn’t started yet, and because Windows needs to boot as quickly as possible, ELAM has a simple task: examine every boot driver and determine whether it is on the list of trusted drivers. If it’s not trusted, Windows won’t load it.
 
-An ELAM driver isn’t a full-featured anti-malware solution; that loads later in the boot process. Windows Defender (included with Windows 10) supports ELAM, as does [Microsoft System Center 2012 Endpoint Protection](/lifecycle/products/microsoft-system-center-2012-endpoint-protection) and several non-Microsoft anti-malware apps.
+An ELAM driver isn’t a full-featured anti-malware solution; that loads later in the boot process. Windows Defender (included with Windows) supports ELAM, as does [Microsoft System Center 2012 Endpoint Protection](/lifecycle/products/microsoft-system-center-2012-endpoint-protection) and several non-Microsoft anti-malware apps.
 
 ## Measured Boot
 If a PC in your organization does become infected with a rootkit, you need to know about it. Enterprise anti-malware apps can report malware infections to the IT department, but that doesn’t work with rootkits that hide their presence. In other words, you can’t trust the client to tell you whether it’s healthy.
 
 As a result, PCs infected with rootkits appear to be healthy, even with anti-malware running. Infected PCs continue to connect to the enterprise network, giving the rootkit access to vast amounts of confidential data and potentially allowing the rootkit to spread across the internal network.
 
-Working with the TPM and non-Microsoft software, Measured Boot in Windows 10 allows a trusted server on the network to verify the integrity of the Windows startup process. Measured Boot uses the following process:
+Working with the TPM and non-Microsoft software, Measured Boot in Windows allows a trusted server on the network to verify the integrity of the Windows startup process. Measured Boot uses the following process:
 
 1. The PC’s UEFI firmware stores in the TPM a hash of the firmware, bootloader, boot drivers, and everything that will be loaded before the anti-malware app.
 2. At the end of the startup process, Windows starts the non-Microsoft remote attestation client. The trusted attestation server sends the client a unique key.
@@ -121,12 +122,12 @@ Figure 2 illustrates the Measured Boot and remote attestation process.
 **Figure 2. Measured Boot proves the PC’s health to a remote server**
 
 
-Windows 10 includes the application programming interfaces to support Measured Boot, but you’ll need non-Microsoft tools to implement a remote attestation client and trusted attestation server to take advantage of it. For an example of such a tool, download the [TPM Platform Crypto-Provider Toolkit](https://research.microsoft.com/en-us/downloads/74c45746-24ad-4cb7-ba4b-0c6df2f92d5d/) from Microsoft Research or Microsoft Enterprise Security MVP Dan Griffin’s [Measured Boot Tool](http://mbt.codeplex.com/).
+Windows includes the application programming interfaces to support Measured Boot, but you’ll need non-Microsoft tools to implement a remote attestation client and trusted attestation server to take advantage of it. For an example of such a tool, download the [TPM Platform Crypto-Provider Toolkit](https://research.microsoft.com/en-us/downloads/74c45746-24ad-4cb7-ba4b-0c6df2f92d5d/) from Microsoft Research or Microsoft Enterprise Security MVP Dan Griffin’s [Measured Boot Tool](http://mbt.codeplex.com/).
 
-Measured Boot uses the power of UEFI, TPM, and Windows 10 to give you a way to confidently assess the trustworthiness of a client PC across the network.
+Measured Boot uses the power of UEFI, TPM, and Windows to give you a way to confidently assess the trustworthiness of a client PC across the network.
 
 ## Summary
-Secure Boot, Trusted Boot, and Measured Boot create an architecture that is fundamentally resistant to bootkits and rootkits. In Windows 10, these features have the potential to eliminate kernel-level malware from your network. This is the most ground-breaking anti-malware solution that Windows has ever had; it’s leaps and bounds ahead of everything else. With Windows 10, you can truly trust the integrity of your operating system.
+Secure Boot, Trusted Boot, and Measured Boot create an architecture that is fundamentally resistant to bootkits and rootkits. In Windows, these features have the potential to eliminate kernel-level malware from your network. This is the most ground-breaking anti-malware solution that Windows has ever had; it’s leaps and bounds ahead of everything else. With Windows, you can truly trust the integrity of your operating system.
 
 ## Additional resources
 -  [Windows 10 Enterprise LTSC 2019 or v2004 Evaluation](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise)
\ No newline at end of file

From df9f5b6c8a7d8d9507d3b4f1e47e829e18ee7e74 Mon Sep 17 00:00:00 2001
From: v-dihans <v-dihans@microsoft.com>
Date: Mon, 23 Aug 2021 17:57:14 -0600
Subject: [PATCH 040/671] edits to line 732

---
 .../demonstrate-deployment-on-vm.md           | 111 +++++++++---------
 1 file changed, 56 insertions(+), 55 deletions(-)

diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
index 3f1ace4736..0c231195de 100644
--- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
+++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
@@ -32,7 +32,7 @@ In this topic, you'll learn how to set up a Windows Autopilot deployment for a V
 > [!NOTE]
 > Although there are [multiple platforms](/mem/autopilot/add-devices#registering-devices) available to enable Autopilot, this lab primarily uses Intune.
 > 
-> Hyper-V and a VM are not required for this lab. You can also use a physical device. However, the instructions assume that you're using a VM. To use a physical device, skip the instructions to install Hyper-V and create a VM. All references to 'device' in the guide refer to the client device, either physical or virtual.
+> Hyper-V and a VM are not required for this lab. You can use a physical device instead. However, the instructions assume that you're using a VM. To use a physical device, skip the instructions to install Hyper-V and create a VM. All references to 'device' in the guide refer to the client device, either physical or virtual.
 
 The following video provides an overview of the process:
 
@@ -54,7 +54,7 @@ These are the things you'll need to complete this lab:
 
 ## Procedures
 
-A summary of the sections and procedures in the lab is provided below. Follow each section in the order it's presented, skipping the sections that do not apply to you. Optional procedures are provided in the appendix.
+A summary of the sections and procedures in the lab is provided below. Follow each section in the order it's presented, skipping the sections that do not apply to you. Optional procedures are provided in the appendices.
 
 If you already have Hyper-V and a Windows 10 VM, you can skip directly to the [Capture the hardware ID](#capture-the-hardware-id) step. The VM must be running Windows 10, version 1903 or a later version.
 
@@ -95,8 +95,8 @@ If you already have Hyper-V and a Windows 10 VM, you can skip directly to the [C
 ## Verify support for Hyper-V
 
 - If you don't already have Hyper-V enabled, enable it on a computer running Windows 10 or Windows Server (2012 R2 or later).
-- If you already have Hyper-V enabled, skip to the [create a demo VM](#create-a-demo-vm) step. If you're using a physical device instead of a VM, skip to [Install Windows 10](#install-windows-10).
-- If you're not sure that your device supports Hyper-V, or you have problems installing Hyper-V, see [appendix A](#appendix-a-verify-support-for-hyper-v) in this article for details on verifying that Hyper-V can be successfully installed.
+- If you already have Hyper-V enabled, skip to the [Create a demo VM](#create-a-demo-vm) step. If you're using a physical device instead of a VM, skip to [Install Windows 10](#install-windows-10).
+- If you're not sure that your device supports Hyper-V, or you have problems installing Hyper-V, see [Appendix A](#appendix-a-verify-support-for-hyper-v) in this article for details on verifying that Hyper-V can be successfully installed.
 
 ## Enable Hyper-V
 
@@ -106,7 +106,7 @@ To enable Hyper-V, open an elevated Windows PowerShell prompt and run the follow
 Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All
 ```
 
-This command works on all operating systems that support Hyper-V, but on Windows Server operating systems you must type an additional command (below) to add the Hyper-V Windows PowerShell module and the Hyper-V Manager console. The following command will also install Hyper-V if it isn't already installed, so if you're using Windows Server, you can just type the following command instead of using the Enable-WindowsOptionalFeature command:
+This command works on all operating systems that support Hyper-V. However, on Windows Server operating systems you must type an additional command (below) to add the Hyper-V Windows PowerShell module and the Hyper-V Manager console. The following command will also install Hyper-V if it isn't already installed. So, if you're using Windows Server, you can just type the following command instead of using the **Enable-WindowsOptionalFeature** command:
 
 ```powershell
 Install-WindowsFeature -Name Hyper-V -IncludeManagementTools
@@ -120,7 +120,7 @@ Alternatively, you can install Hyper-V using the Control Panel in Windows under
 
    ![Hyper-V](images/svr_mgr2.png)
 
-If you choose to install Hyper-V using Server Manager, accept all default selections. Also be sure to install both items under **Role Administration Tools\Hyper-V Management Tools**.
+If you choose to install Hyper-V using Server Manager, accept all default selections. Make sure to install both items under **Role Administration Tools\Hyper-V Management Tools**.
 
 After installation is complete, open Hyper-V Manager by typing **virtmgmt.msc** at an elevated command prompt, or by typing **Hyper-V** in the Start menu search box.
 
@@ -158,7 +158,7 @@ After you download this file, the name will be extremely long (ex: 19042.508.200
 
 ### Determine network adapter name
 
-The Get-NetAdaper cmdlet is used to automatically find the network adapter that's most likely to be the one you use to connect to the internet. You should test this command first by running the following at an elevated Windows PowerShell prompt:
+The **Get-NetAdaper** cmdlet is used to automatically find the network adapter that's most likely to be the one you use to connect to the internet. You should test this command first by running the following at an elevated Windows PowerShell prompt:
 
 ```powershell
 (Get-NetAdapter |?{$_.Status -eq "Up" -and !$_.Virtual}).Name
@@ -166,7 +166,7 @@ The Get-NetAdaper cmdlet is used to automatically find the network adapter that'
 
 The output of this command should be the name of the network interface you use to connect to the internet. Verify that this is the correct interface name. If it isn't the correct interface name, you'll need to edit the first command below to use your network interface name.
 
-For example, if the command above displays Ethernet but you wish to use Ethernet2, then the first command below would be New-VMSwitch -Name AutopilotExternal -AllowManagementOS $true -NetAdapterName **Ethernet2**.
+For example, if the command above displays **Ethernet** but you wish to use **Ethernet2**, then the first command below would be **New-VMSwitch -Name AutopilotExternal -AllowManagementOS $true -NetAdapterName **Ethernet2**.
 
 ### Use Windows PowerShell to create the demo VM
 
@@ -174,6 +174,7 @@ All VM data will be created under the current path in your PowerShell prompt. Co
 
 > [!IMPORTANT]
 > **VM switch**: a VM switch is how Hyper-V connects VMs to a network.
+>
 >- If you have previously enabled Hyper-V and your Internet-connected network interface is already bound to a VM switch, then the PowerShell commands below will fail. In this case, you can either delete the existing VM switch (so that the commands below can create one), or you can reuse this VM switch by skipping the first command below and either modifying the second command to replace the switch name **AutopilotExternal** with the name of your switch, or by renaming your existing switch to "AutopilotExternal."
 >- If you have never created an external VM switch before, then just run the commands below.
 >- If you're not sure if you already have an External VM switch, enter **get-vmswitch** at a Windows PowerShell prompt to display a currently list of the VM switches that are provisioned in Hyper-V. If one of them is of SwitchType **External**, then you already have a VM switch configured on the server that is used to connect to the Internet. In this case, you need to skip the first command below and modify the others to use the name of your VM switch instead of the name "AutopilotExternal" (or change the name of your switch).
@@ -185,9 +186,9 @@ Add-VMDvdDrive -Path c:\iso\win10-eval.iso -VMName WindowsAutopilot
 Start-VM -VMName WindowsAutopilot
 ```
 
-After entering these commands, connect to the VM that you just created and wait for a prompt to press a key and boot from the DVD.  You can connect to the VM by double-clicking it in Hyper-V Manager.
+After you enter these commands, connect to the VM that you just created. Double-click the VM in Hyper-V Manager to connect to it. Then wait for a prompt to press a key and boot from the DVD. 
 
-See the sample output below. In this sample, the VM is created under the **c:\autopilot** directory and the vmconnect.exe command is used (which is only available on Windows Server). If you installed Hyper-V on Windows 10, use Hyper-V Manager to connect to your VM.
+See the sample output below. In this sample, the VM is created under the **c:\autopilot** directory and the **vmconnect.exe** command is used (which is only available on Windows Server). If you installed Hyper-V on Windows 10, use Hyper-V Manager to connect to your VM.
 
 <pre style="overflow-y: visible">
 PS C:\autopilot&gt; dir c:\iso
@@ -232,9 +233,9 @@ PS C:\autopilot&gt;
 ### Install Windows 10
 
 > [!NOTE]
-> The VM will be booted to gather a hardware ID, then it will be reset. The goal in the next few steps is to get to the desktop quickly so don't worry about how it's configured at this stage. The VM only needs to be connected to the Internet.
+> The VM will be booted to gather a hardware ID. Then it will be reset. The goal in the next few steps is to get to the desktop quickly, so don't worry about how it's configured at this stage. The VM only needs to be connected to the internet.
 
-Ensure the VM booted from the installation ISO, select **Next** then select **Install now** and complete the Windows installation process. See the following examples:
+Make sure that the VM booted from the installation ISO, select **Next**, select **Install now**, and then complete the Windows installation process. See the following examples:
 
    ![Windows setup example 1](images/winsetup1.png)
 
@@ -252,12 +253,12 @@ After the VM restarts, during OOBE, it's fine to select **Set up for personal us
 
    ![Windows setup example 7](images/winsetup7.png)
 
-Once the installation is complete, sign in and verify that you're at the Windows 10 desktop, then create your first Hyper-V checkpoint. Checkpoints are used to restore the VM to a previous state.
+Once the installation is complete, sign in and verify that you're at the Windows 10 desktop. Then create your first Hyper-V checkpoint. Checkpoints are used to restore the VM to a previous state.
 
    > [!div class="mx-imgBorder"]
    > ![Windows setup example 8](images/winsetup8.png)
 
-To create a checkpoint, open an elevated Windows PowerShell prompt on the computer running Hyper-V (not on the VM) and run the following:
+To create a checkpoint, open an elevated Windows PowerShell prompt on the computer running Hyper-V (not on the VM), and then run the following:
 
 ```powershell
 Checkpoint-VM -Name WindowsAutopilot -SnapshotName "Finished Windows install"
@@ -326,14 +327,14 @@ Follow these steps to run the PowerShell script:
     PS C:\HWID>
     ```
     
-1. Verify that there is an **AutopilotHWID.csv** file in the **c:\HWID** directory that is about 8 KB in size.  This file contains the complete 4K HH.
+1. Verify that there's an **AutopilotHWID.csv** file in the **c:\HWID** directory that is about 8 KB in size. This file contains the complete 4K HH.
 
    > [!NOTE]
-   > Although the .csv extension might be associated with Microsoft Excel, you cannot view the file properly by double-clicking it. To correctly parse the comma delimiters and view the file in Excel, you must use the **Data** > **From Text/CSV** function in Excel to import the appropriate data columns. You don't need to view the file in Excel unless you're curious. The file format will be validated when it's imported into Autopilot. An example of the data in this file is shown below.
+   > Although the .csv extension might be associated with Microsoft Excel, you cannot view the file properly by double-clicking it. To correctly parse the comma delimiters and view the file in Excel, you must use the **Data** > **From Text/CSV** function in Excel to import the appropriate data columns. You don't need to view the file in Excel unless you're curious. The file format is validated when it's imported into Autopilot. An example of the data in this file is shown below.
 
    ![Serial number and hardware hash](images/hwid.png)
 
-   You will need to upload this data into Intune to register your device for Autopilot, so the next step is to transfer this file to the computer you will use to access the Azure portal.  If you're using a physical device instead of a VM, you can copy the file to a USB stick.  If you’re using a VM, you can right-click the AutopilotHWID.csv file and copy it, then right-click and paste the file to your desktop (outside the VM).
+   You'll need to upload this data into Intune to register your device for Autopilot. So the next step is to transfer this file to the computer you will use to access the Azure portal.  If you're using a physical device instead of a VM, you can copy the file to a USB stick.  If you’re using a VM, you can right-click the **AutopilotHWID.csv** file and copy it. Then right-click and paste the file to your desktop (outside the VM).
 
    If you have trouble copying and pasting the file, just view the contents in Notepad on the VM and copy the text into Notepad outside the VM. Do not use another text editor to do this.
 
@@ -355,13 +356,13 @@ Resetting the VM or device can take a while. Proceed to the next step (verify su
 
 ## Verify subscription level
 
-For this lab, you need an AAD Premium subscription.  You can tell if you have a Premium subscription by navigating to the [MDM enrollment configuration](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Mobility) blade. See the following example:
+For this lab, you need an Azure AD Premium subscription.  You can tell if you have a Premium subscription by navigating to the [MDM enrollment configuration](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Mobility) blade. See the following example:
 
 **Azure Active Directory** > **Mobility (MDM and MAM)** > **Microsoft Intune**
 
 ![MDM and Intune](images/mdm-intune2.png)
 
-If the configuration blade shown above does not appear, it's likely that you don't have a **Premium** subscription.  Auto-enrollment is a feature only available in AAD Premium.
+If the configuration blade shown above does not appear, it's likely that you don't have a **Premium** subscription.  Auto-enrollment is a feature only available in Azure Active Directory (Azure AD) Premium.
 
 To convert your Intune trial account to a free Premium trial account, go to **Azure Active Directory** > **Licenses** > **All products** > **Try / Buy** and select **Free trial** for Azure AD Premium, or EMS E5.
 
@@ -369,7 +370,7 @@ To convert your Intune trial account to a free Premium trial account, go to **Az
 
 ## Configure company branding
 
-If you already have company branding configured in Azure Active Directory, you can skip this step.
+If you already have company branding configured in Azure AD, you can skip this step.
 
 > [!IMPORTANT]
 > Make sure to sign-in with a Global Administrator account.
@@ -385,7 +386,7 @@ When you're finished, select **Save**.
 
 ## Configure Microsoft Intune auto-enrollment
 
-If you already have MDM auto-enrollment configured in Azure Active Directory, you can skip this step.
+If you already have MDM auto-enrollment configured in Azure AD, you can skip this step.
 
 Open [Mobility (MDM and MAM) in Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Mobility) and select **Microsoft Intune**. If you do not see Microsoft Intune, select **Add application** and choose **Intune**.
 
@@ -395,7 +396,7 @@ For the purposes of this demo, select **All** under the **MDM user scope** and s
 
 ## Register your VM
 
-Your VM (or device) can be registered either via Intune or Microsoft Store for Business (MSfB).  Both processes are shown here, but <u>only pick one</u> for purposes of this lab. We highly recommend using Intune rather than MSfB.
+Your VM (or device) can be registered either via Intune or Microsoft Store for Business (MSfB).  Both processes are shown here, but *only pick one* for purposes of this lab. We highly recommend using Intune rather than MSfB.
 
 ### Autopilot registration using Intune
 
@@ -404,17 +405,17 @@ Your VM (or device) can be registered either via Intune or Microsoft Store for B
     ![Intune device import](images/enroll1.png)
 
     > [!NOTE]
-    > If menu items like **Windows enrollment** are not active for you, then look to the far-right blade in the UI.  You might need to provide Intune configuration privileges in a challenge window that appeared.
+    > If menu items like **Windows enrollment** are not active for you, then look to the far-right blade in the UI.  You might need to provide Intune configuration privileges in a challenge window that appears.
 
-2. Under **Add Windows Autopilot devices** in the far right pane, browse to the **AutopilotHWID.csv** file you previously copied to your local computer.  The file should contain the serial number and 4K HH of your VM (or device).  It's okay if other fields (Windows Product ID) are left blank.
+2. Under **Add Windows Autopilot devices** in the far-right pane, browse to the **AutopilotHWID.csv** file you previously copied to your local computer.  The file should contain the serial number and 4K HH of your VM (or device).  It's okay if other fields (Windows Product ID) are left blank.
 
     ![HWID CSV](images/enroll2.png)
 
-    You should receive confirmation that the file is formatted correctly before uploading it, as shown above.
+    You should receive confirmation that the file is formatted correctly before you upload it, as shown above.
 
 3. Select **Import** and wait until the import process completes. This can take up to 15 minutes.
 
-4. Select **Refresh** to verify your VM or device has been added. See the following example.
+4. Select **Refresh** to verify your VM or device is added. See the following example.
 
    ![Import HWID](images/enroll3.png)
 
@@ -437,14 +438,14 @@ Select **Manage** from the top menu, then click the **Windows Autopilot Deployme
 
 ![Microsoft Store for Business](images/msfb.png)
 
-Select the **Add devices** link to upload your CSV file. A message will appear indicating your request is being processed. Wait a few moments before refreshing to see your new device has been added.
+Select the **Add devices** link to upload your CSV file. A message appears indicating your request is being processed. Wait a few moments before refreshing to see that your new device is added.
 
 ![Microsoft Store for Business Devices](images/msfb-device.png)
 
 ## Create and assign a Windows Autopilot deployment profile
 
 > [!IMPORTANT]
-> Autopilot profiles can be created and assigned to your registered VM or device either through Intune or MSfB.  Both processes are shown here, but only <U>pick one for purposes of this lab</U>:
+> Autopilot profiles can be created and assigned to your registered VM or device either through Intune or MSfB.  Both processes are shown here, but only *pick one for purposes of this lab*:
 
 Pick one:
 - [Create profiles using Intune](#create-a-windows-autopilot-deployment-profile-using-intune)
@@ -453,13 +454,13 @@ Pick one:
 ### Create a Windows Autopilot deployment profile using Intune
 
 > [!NOTE]
-> Even if you registered your device in MSfB, it will still appear in Intune, though you might have to **sync** and then **refresh** your device list.
+> Even if you registered your device in MSfB, it still appears in Intune. Although, you might have to **sync** and then **refresh** your device list.
 
 ![Devices](images/enroll4.png)
 
 #### Create a device group
 
-The Autopilot deployment profile wizard will ask for a device group, so we must create one first.  To create a device group:
+The Autopilot deployment profile wizard asks for a device group, so we must create one first. To create a device group:
 
 1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), choose **Groups** > **New group**.
 
@@ -478,7 +479,7 @@ The Autopilot deployment profile wizard will ask for a device group, so we must
 
 #### Create the deployment profile
 
-To create a Windows Autopilot profile, scroll back to the left-side pane and select **Devices**, then under **Enroll devices | Windows enrollment** select **Deployment Profiles**.
+To create a Windows Autopilot profile, scroll back to the left-side pane and select **Devices**. Then, under **Enroll devices | Windows enrollment** select **Deployment Profiles**.
 
 > [!div class="mx-imgBorder"]
 > ![Deployment profiles](images/dp.png)
@@ -526,11 +527,11 @@ Select **Next** to continue with the **Assignments** settings:
 Select **OK**, and then select **Create**.
 
 > [!NOTE]
-> If you want to add an app to your profile via Intune, the OPTIONAL steps for doing so can be found in [Appendix B: Adding apps to your profile](#appendix-b-adding-apps-to-your-profile).
+> If you want to add an app to your profile via Intune, use the *optional* steps in [Appendix B: Adding apps to your profile](#appendix-b-adding-apps-to-your-profile).
 
 ### Create a Windows Autopilot deployment profile using MSfB
 
-If you have already created and assigned a profile via Intune by using the steps immediately above, then skip this section.
+If already created and assigned a profile via Intune by using the steps immediately above, then skip this section.
 
 A [video](https://www.youtube.com/watch?v=IpLIZU_j7Z0) is available that covers the steps required to create and assign profiles in MSfB. These steps are also summarized below.
 
@@ -563,30 +564,30 @@ The new profile is added to the Autopilot deployment list.
 
 To ASSIGN the profile:
 
-To assign (or reassign) the profile to a device, select the checkboxes next to the device you registered for this lab, then select the profile you want to assign from the **Autopilot deployment** dropdown menu as shown:
+To assign (or reassign) the profile to a device, select the checkboxes next to the device you registered for this lab. Then, select the profile you want to assign from the **Autopilot deployment** dropdown menu, as shown:
 
 > [!div class="mx-imgBorder"]
 > ![MSfB assign step 1](images/msfb-assign1.png)
 
-Confirm the profile was successfully assigned to the intended device by checking the contents of the **Profile** column:
+Confirm the profile was successfully assigned to the intended device, check the contents of the **Profile** column:
 
 > [!div class="mx-imgBorder"]
 > ![MSfB assign step 2](images/msfb-assign2.png)
 
 > [!IMPORTANT]
-> The new profile will only be applied if the device has not been started, and gone through OOBE. Settings from a different profile can't be applied when another profile has been applied. Windows would need to be reinstalled on the device for the second profile to be applied to the device.
+> The new profile is only applied if the device isn't started, and gone through OOBE. Settings from a different profile can't be applied when another profile has been applied. Windows would need to be reinstalled on the device for the second profile to be applied to the device.
 
 ## See Windows Autopilot in action
 
-If you shut down your VM after the last reset, it's time to start it back up again, so it can progress through the Autopilot OOBE experience but do not attempt to start your device again until the **PROFILE STATUS** for your device in Intune has changed from **Not assigned** to **Assigning** and finally **Assigned**:
+If you shut down your VM after the last reset, it's time to start it back up again, so it can progress through the Autopilot OOBE experience. However, don't attempt to start your device again until the **PROFILE STATUS** for your device in Intune is changed from **Not assigned** to **Assigning**, and finally to **Assigned**:
 
 > [!div class="mx-imgBorder"]
 > ![Device status](images/device-status.png)
 
-Also, make sure to wait at least 30 minutes from the time you've [configured company branding](#configure-company-branding), otherwise these changes might not show up.
+Also, make sure to wait at least 30 minutes from the time you've [configured company branding](#configure-company-branding). Otherwise, these changes might not show up.
 
 > [!TIP]
-> If you reset your device previously after collecting the 4K HH info, and then let it restart back to the first OOBE screen, then you might need to restart the device again to ensure the device is recognized as an Autopilot device and displays the Autopilot OOBE experience you're expecting.  If you do not see the Autopilot OOBE experience, then reset the device again (**Settings** > **Update & Security** > **Recovery** and select **Get started**.  Under **Reset this PC**, select **Remove everything and Just remove my files**. Select **Reset**).
+> If you reset your device previously, after collecting the 4K HH info, and then let it restart back to the first OOBE screen, then you might need to restart the device again to ensure the device is recognized as an Autopilot device and displays the Autopilot OOBE experience you're expecting. If you don't see the Autopilot OOBE experience, then reset the device again (**Settings** > **Update & Security** > **Recovery** and select **Get started**.  Under **Reset this PC**, select **Remove everything and Just remove my files**. Select **Reset**).
 
 - Ensure your device has an internet connection.
 - Turn on the device
@@ -594,46 +595,46 @@ Also, make sure to wait at least 30 minutes from the time you've [configured com
 
 ![OOBE sign-in page](images/autopilot-oobe.png)
 
-Soon after reaching the desktop, the device should show up in Intune as an **enabled** Autopilot device.  Go into the Intune Azure portal, and select **Devices > All devices**, then **Refresh** the data to verify that your device has changed from disabled to enabled, and the name of the device is updated.
+Soon after reaching the desktop, the device should show up in Intune as an **enabled** Autopilot device.  Go into the Intune Azure portal, and select **Devices > All devices**. Then, **Refresh** the data to verify that your device has changed from disabled to enabled, and the name of the device is updated.
 
 > [!div class="mx-imgBorder"]
 > ![Device enabled](images/devices1.png)
 
-Once you select a language and a keyboard layout, your company branded sign-in screen should appear. Provide your Azure Active Directory credentials and you're all done.
+Once you select a language and a keyboard layout, your company branded sign-in screen should appear. Provide your Azure AD credentials. Then you're all done.
 
 > [!TIP]
-> If you receive a message that "Something went wrong" and it "Looks like we can't connect to the URL for your organization's MDM terms of use", verify that you have correctly [assigned licenses](/mem/intune/fundamentals/licenses-assign) to the current user.
+> If you receive a message that "Something went wrong" and it "Looks like we can't connect to the URL for your organization's MDM terms of use", verify that you correctly [assigned licenses](/mem/intune/fundamentals/licenses-assign) to the current user.
 
-Windows Autopilot will now take over to automatically join your device into Azure Active Directory and enroll it to Microsoft Intune. Use the checkpoint you've created to go through this process again with different settings.
+Windows Autopilot takes over to automatically join your device into Azure AD and enroll it into Microsoft Intune. Use the checkpoint you've created to go through this process again with different settings.
 
 ## Remove devices from Autopilot
 
-To use the device (or VM) for other purposes after completion of this lab, you will need to remove (deregister) it from Autopilot via either Intune or MSfB, and then reset it.  Instructions for deregistering devices can be found at [Enroll Windows devices in Intune by using Windows Autopilot](/intune/enrollment-autopilot#create-an-autopilot-device-group) and [Remove devices by using wipe, retire, or manually unenrolling the device](/intune/devices-wipe#delete-devices-from-the-azure-active-directory-portal) and below.
+To use the device (or VM) for other purposes after completion of this lab, you need to remove (deregister) it from Autopilot via either Intune or MSfB, and then reset it.  Instructions for deregistering devices can be found at [Enroll Windows devices in Intune by using Windows Autopilot](/intune/enrollment-autopilot#create-an-autopilot-device-group), [Remove devices by using wipe, retire, or manually unenrolling the device](/intune/devices-wipe#delete-devices-from-the-azure-active-directory-portal), and below.
 
 ### Delete (deregister) Autopilot device
 
-You need to delete (or retire, or factory reset) the device from Intune before deregistering the device from Autopilot. To delete the device from Intune (not Azure Active Directory), log into the MEM admin center, then go to **Intune > Devices > All Devices**.  Select the device you want to delete, then select the **Delete** button along the top menu.
+You need to delete (or retire, or factory reset) the device from Intune before deregistering the device from Autopilot. To delete the device from Intune (not Azure AD), log into the MEM admin center, then go to **Intune > Devices > All Devices**.  Select the device you want to delete, then select the **Delete** button along the top menu.
 
 > [!div class="mx-imgBorder"]
 > ![Delete device step 1](images/delete-device1.png)
 
-This will remove the device from Intune management, and it will disappear from **Intune > Devices > All devices**. But this does not yet deregister the device from Autopilot, so the device should still appear under **Intune > Device Enrollment > Windows Enrollment > Windows Autopilot Deployment Program > Devices**.
+This action removes the device from Intune management, and it will disappear from **Intune > Devices > All devices**. But this does not yet deregister the device from Autopilot. So, the device should still appear under **Intune > Device Enrollment > Windows Enrollment > Windows Autopilot Deployment Program > Devices**.
 
 The **Intune > Devices > All Devices** list and the **Intune > Device Enrollment > Windows Enrollment > Windows Autopilot Deployment Program > Devices** list mean different things and are two completely separate datastores.  The former (All devices) is the list of devices currently enrolled into Intune.
 
 > [!NOTE]
-> A device will only appear in the All devices list once it has booted.  The latter (**Windows Autopilot Deployment Program** > **Devices**) is the list of devices currently registered from that Intune account into the Autopilot program - which may or may not be enrolled to Intune.
+> A device only appears in the All devices list once it has booted.  The latter (**Windows Autopilot Deployment Program** > **Devices**) is the list of devices currently registered from that Intune account into the Autopilot program - which may or may not be enrolled to Intune.
 
-To remove the device from the Autopilot program, select the device, and then select **Delete**. You will get a popup dialog box to confirm deletion.
+To remove the device from the Autopilot program, select the device, and then select **Delete**. A popup dialog box appears to confirm deletion.
 
 > [!div class="mx-imgBorder"]
 > ![Delete device](images/delete-device2.png)
 
-At this point, your device has been unenrolled from Intune and also deregistered from Autopilot.  After several minutes, select the **Sync** button, followed by the **Refresh** button to confirm the device is no longer listed in the Autopilot program:
+At this point, your device is unenrolled from Intune and also deregistered from Autopilot.  After several minutes, select the **Sync** button, followed by the **Refresh** button to confirm the device is no longer listed in the Autopilot program.
 
 Once the device no longer appears, you're free to reuse it for other purposes.
 
-If you also (optionally) want to remove your device from AAD, go to **Azure Active Directory > Devices > All Devices**, select your device, and then select the **Delete** button:
+If you also (optionally) want to remove your device from Azure AD, go to **Azure Active Directory > Devices > All Devices**, select your device, and then select the **Delete** button:
 
 ## Appendix A: Verify support for Hyper-V
 
@@ -654,7 +655,7 @@ Hyper-V Requirements:      VM Monitor Mode Extensions: Yes
 In this example, the computer supports SLAT and Hyper-V.
 
 > [!NOTE]
-> If one or more requirements are evaluated as **No** then the computer does not support installing Hyper-V.  However, if only the virtualization setting is incompatible, you might be able to enable virtualization in the BIOS and change the **Virtualization Enabled In Firmware** setting from **No** to **Yes**. The location of this setting will depend on the manufacturer and BIOS version, but is typically found associated with the BIOS security settings.
+> If one or more requirements are evaluated as **No** then the computer does not support installing Hyper-V.  However, if only the virtualization setting is incompatible, you might be able to enable virtualization in the BIOS and change the **Virtualization Enabled In Firmware** setting from **No** to **Yes**. The location of this setting depends on the manufacturer and BIOS version, but is typically found associated with the BIOS security settings.
 
 You can also identify Hyper-V support using [tools](/archive/blogs/taylorb/hyper-v-will-my-computer-run-hyper-v-detecting-intel-vt-and-amd-v) provided by the processor manufacturer, the [msinfo32](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc731397(v=ws.11)) tool, or you can download the [Coreinfo](/sysinternals/downloads/coreinfo) utility and run it, as shown in the following example:
 
@@ -682,7 +683,7 @@ EPT             *       Supports Intel extended page tables (SLAT)
 
 #### Prepare the app for Intune
 
-Before we can pull an application into Intune to make it part of our AP profile, we need to "package" the application for delivery using the [IntuneWinAppUtil.exe command-line tool](https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool).  After downloading the tool, gather the following three bits of information to use the tool:
+Before we can pull an application into Intune to make it part of our AP profile, we need to "package" the application for delivery using the [IntuneWinAppUtil.exe command-line tool](https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool). After downloading the tool, gather the following three bits of information to use the tool:
 
 1. The source folder for your application
 2. The name of the setup executable file
@@ -690,7 +691,7 @@ Before we can pull an application into Intune to make it part of our AP profile,
 
 For the purposes of this lab, we'll use the Notepad++ tool as our Win32 app.
 
-Download the Notepad++ msi package [here](https://www.hass.de/content/notepad-msi-package-enterprise-deployment-available) and then copy the file to a known location, such as C:\Notepad++msi.
+Download the [Notepad++ msi package](https://www.hass.de/content/notepad-msi-package-enterprise-deployment-available), and then copy the file to a known location, such as C:\Notepad++msi.
 
 Run the IntuneWinAppUtil tool, supplying answers to the three questions, for example:
 
@@ -701,7 +702,7 @@ After the tool finishes running, you should have an .intunewin file in the Outpu
 
 #### Create app in Intune
 
-Log into the Azure portal and select **Intune**.
+Log in to the Azure portal, and then select **Intune**.
 
 Go to **Intune > Clients apps > Apps**, and then click the **Add** button to create a new app package.
 
@@ -728,7 +729,7 @@ Uninstall:  msiexec /x "{F188A506-C3C6-4411-BE3A-DA5BF1EA6737}" /q
 ```
 
 > [!NOTE]
-> Likely, you do not have to write the install and uninstall commands yourself because the [IntuneWinAppUtil.exe command-line tool](https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool) automatically generated them when it converted the .msi file into a .intunewin file.
+> Likely, you don't have to write the install and uninstall commands yourself because the [IntuneWinAppUtil.exe command-line tool](https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool) automatically generated them when it converted the .msi file into a .intunewin file.
 
 ![Add app step 5](images/app06.png)
 

From 984cdfb77318e31ab89e1ff1b4b44c8976fbb506 Mon Sep 17 00:00:00 2001
From: Benzy Dharmanayagam <v-benzyd@microsoft.com>
Date: Tue, 24 Aug 2021 22:35:14 +0530
Subject: [PATCH 041/671] Updated-5358673

---
 .../bitlocker/bcd-settings-and-bitlocker.md   |  7 ++-
 .../bitlocker/bitlocker-basic-deployment.md   | 10 +++--
 .../bitlocker/bitlocker-countermeasures.md    | 17 +++++---
 .../bitlocker-deployment-comparison.md        | 12 +++---
 ...r-device-encryption-overview-windows-10.md | 43 ++++++++++---------
 .../bitlocker-group-policy-settings.md        | 16 +++----
 .../bitlocker-how-to-enable-network-unlock.md |  5 ++-
 .../bitlocker-management-for-enterprises.md   |  8 ++--
 .../bitlocker/bitlocker-overview.md           | 13 +++---
 .../bitlocker-recovery-guide-plan.md          | 10 +++--
 ...ve-encryption-tools-to-manage-bitlocker.md |  5 ++-
 ...-use-bitlocker-recovery-password-viewer.md |  5 ++-
 ...ion-for-bitlocker-planning-and-policies.md |  6 ++-
 .../ts-bitlocker-cannot-encrypt-issues.md     |  6 +--
 .../bitlocker/ts-bitlocker-config-issues.md   |  4 +-
 .../ts-bitlocker-decode-measured-boot-logs.md |  2 +-
 .../bitlocker/ts-bitlocker-intune-issues.md   | 20 ++++-----
 .../bitlocker/ts-bitlocker-recovery-issues.md | 16 +++----
 .../bitlocker/ts-bitlocker-tpm-issues.md      |  6 +--
 19 files changed, 120 insertions(+), 91 deletions(-)

diff --git a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md
index 876cf87f79..34a70a7698 100644
--- a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md
+++ b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md
@@ -21,7 +21,10 @@ ms.custom: bitlocker
 # Boot Configuration Data settings and BitLocker
 
 **Applies to**
--   Windows 10
+
+-   Windows 10
+-   Windows 11
+-   Windows Server 2016 and above
 
 This topic for IT professionals describes the Boot Configuration Data (BCD) settings that are used by BitLocker.
 
@@ -105,7 +108,7 @@ The following table contains the default BCD validation profile used by BitLocke
 
 ### Full list of friendly names for ignored BCD settings
 
-This following is a full list of BCD settings with friendly names which are ignored by default. These settings are not part of the default BitLocker validation profile, but can be added if you see a need to validate any of these settings before allowing a BitLocker–protected operating system drive to be unlocked.
+This following is a full list of BCD settings with friendly names, which are ignored by default. These settings are not part of the default BitLocker validation profile, but can be added if you see a need to validate any of these settings before allowing a BitLocker–protected operating system drive to be unlocked.
 > **Note:**  Additional BCD settings exist that have hex values but do not have friendly names. These settings are not included in this list.
 
 | Hex Value | Prefix | Friendly Name |
diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md
index 6d53e36d70..5582a89d66 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md
@@ -22,7 +22,9 @@ ms.custom: bitlocker
 
 **Applies to**
 
--   Windows 10
+-   Windows 10
+-   Windows 11
+-   Windows Server 2016 and above
 
 This article for the IT professional explains how BitLocker features can be used to protect your data through drive encryption.
 
@@ -108,14 +110,14 @@ Windows Explorer allows users to launch the BitLocker Drive Encryption wizard by
 
 The following table shows the compatibility matrix for systems that have been BitLocker enabled then presented to a different version of Windows.
 
-Table 1: Cross compatibility for Windows 10, Windows 8.1, Windows 8, and Windows 7 encrypted volumes
+Table 1: Cross compatibility for Windows 11, Windows 10, Windows 8.1, Windows 8, and Windows 7 encrypted volumes
 
-|Encryption Type|Windows 10 and Windows 8.1|Windows 8|Windows 7|
+|Encryption Type|Windows 11, Windows 10, and Windows 8.1|Windows 8|Windows 7|
 |--- |--- |--- |--- |
 |Fully encrypted on Windows 8|Presents as fully encrypted|N/A|Presented as fully encrypted|
 |Used Disk Space Only encrypted on Windows 8|Presents as encrypt on write|N/A|Presented as fully encrypted|
 |Fully encrypted volume from Windows 7|Presents as fully encrypted|Presented as fully encrypted|N/A|
-|Partially encrypted volume from Windows 7|Windows 10 and Windows 8.1 will complete encryption regardless of policy|Windows 8 will complete encryption regardless of policy|N/A|
+|Partially encrypted volume from Windows 7|Windows 11, Windows 10, and Windows 8.1 will complete encryption regardless of policy|Windows 8 will complete encryption regardless of policy|N/A|
 
 ## <a href="" id="bkmk-dep3"></a>Encrypting volumes using the manage-bde command-line interface
 
diff --git a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md
index fc9b15fdef..680f50a12b 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md
@@ -21,7 +21,10 @@ ms.custom: bitlocker
 # BitLocker Countermeasures
 
 **Applies to**
--   Windows 10
+
+-   Windows 10
+-   Windows 11
+-   Windows Server 2016 and above
 
 Windows uses technologies including Trusted Platform Module (TPM), Secure Boot, and Measured Boot to help protect BitLocker encryption keys against attacks. 
 BitLocker is part of a strategic approach to securing data against offline attacks through encryption technology. 
@@ -33,9 +36,9 @@ BitLocker helps mitigate unauthorized data access on lost or stolen computers be
 - **Encrypting volumes on your computer.** For example, you can turn on BitLocker for your operating system volume, or a volume on a fixed or removable data drive (such as a USB flash drive, SD card, and so on). Turning on BitLocker for your operating system volume encrypts all system files on the volume, including the paging files and hibernation files. The only exception is for the System partition, which includes the Windows Boot Manager and minimal boot collateral required for decryption of the operating system volume after the key is unsealed.
 - **Ensuring the integrity of early boot components and boot configuration data.** On devices that have a TPM version 1.2 or higher, BitLocker uses the enhanced security capabilities of the TPM to make data accessible only if the computer’s BIOS firmware code and configuration, original boot sequence, boot components, and BCD configuration all appear unaltered and the encrypted disk is located in the original computer. On systems that leverage TPM PCR[7], BCD setting changes deemed safe are permitted to improve usability.
  
-The next sections provide more details about how Windows protects against various attacks on the BitLocker encryption keys in Windows 10, Windows 8.1, and Windows 8.
+The next sections provide more details about how Windows protects against various attacks on the BitLocker encryption keys in Windows 11, Windows 10, Windows 8.1, and Windows 8.
 
-For more information about how to enable the best overall security configuration for devices beginning with Windows 10 version 1803, see [Standards for a highly secure Windows 10 device](/windows-hardware/design/device-experiences/oem-highly-secure). 
+For more information about how to enable the best overall security configuration for devices beginning with Windows 10 version 1803 or Windows 11, see [Standards for a highly secure Windows device](/windows-hardware/design/device-experiences/oem-highly-secure).
 
 ## Protection before startup
 
@@ -105,8 +108,8 @@ It requires direct ethernet connectivity to an enterprise Windows Deployment Ser
 ### Protecting Thunderbolt and other DMA ports
 
 There are a few different options to protect DMA ports, such as Thunderbolt™3. 
-Beginning with Windows 10 version 1803, new Intel-based devices have kernel protection against DMA attacks via Thunderbolt™ 3 ports enabled by default. 
-This Kernel DMA Protection is available only for new systems beginning with Windows 10 version 1803, as it requires changes in the system firmware and/or BIOS.  
+Beginning with Windows 10 version 1803 or Windows 11, new Intel-based devices have kernel protection against DMA attacks via Thunderbolt™ 3 ports enabled by default. 
+This Kernel DMA Protection is available only for new systems beginning with Windows 10 version 1803 or Windows 11, as it requires changes in the system firmware and/or BIOS.  
 
 You can use the System Information desktop app (MSINFO32) to check if a device has kernel DMA protection enabled: 
 
@@ -116,7 +119,7 @@ If kernel DMA protection *not* enabled, follow these steps to protect Thunderbol
 
 1. Require a password for BIOS changes 
 2. Intel Thunderbolt Security must be set to User Authorization in BIOS settings. Please refer to [Intel Thunderbolt™ 3 and Security on Microsoft Windows® 10 Operating System documentation](https://thunderbolttechnology.net/security/Thunderbolt%203%20and%20Security.pdf)
-3. Additional DMA security may be added by deploying policy (beginning with Windows 10 version 1607):
+3. Additional DMA security may be added by deploying policy (beginning with Windows 10 version 1607 or Windows 11):
 
     - MDM: [DataProtection/AllowDirectMemoryAccess](/windows/client-management/mdm/policy-csp-dataprotection#dataprotection-allowdirectmemoryaccess) policy 
     - Group Policy: [Disable new DMA devices when this computer is locked](./bitlocker-group-policy-settings.md#disable-new-dma-devices-when-this-computer-is-locked) (This setting is not configured by default.)
@@ -136,7 +139,7 @@ This is the default configuration.
 
 A BIOS password is recommended for defense-in-depth in case a BIOS exposes settings that may weaken the BitLocker security promise. 
 Intel Boot Guard and AMD Hardware Verified Boot support stronger implementations of Secure Boot that provide additional resilience against malware and physical attacks. 
-Intel Boot Guard and AMD Hardware Verified Boot are part of platform boot verification [standards for a highly secure Windows 10 device](/windows-hardware/design/device-experiences/oem-highly-secure).
+Intel Boot Guard and AMD Hardware Verified Boot are part of platform boot verification [standards for a highly secure Windows device](/windows-hardware/design/device-experiences/oem-highly-secure).
 
 ### Brute force attacks against a PIN
 Require TPM + PIN for anti-hammering protection. 
diff --git a/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md b/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md
index 4864bdf4d4..d8520ae44b 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md
@@ -20,7 +20,9 @@ ms.custom: bitlocker
 
 **Applies to**
 
-- Windows 10
+-   Windows 10
+-   Windows 11
+-   Windows Server 2016 and above
 
 This article depicts the BitLocker deployment comparison chart.
 
@@ -28,9 +30,9 @@ This article depicts the BitLocker deployment comparison chart.
 
 | Requirements |Microsoft Intune  |Microsoft Endpoint Configuration Manager  |Microsoft BitLocker Administration and Monitoring (MBAM) |
 |---------|---------|---------|---------|
-|Minimum client operating system version     |Windows 10     | Windows 10 and Windows 8.1  | Windows 7 and later        |
-|Supported Windows 10 SKUs     |    Enterprise, Pro, Education     |    Enterprise, Pro, Education     |     Enterprise    |
-|Minimum Windows 10 version     |1909   |    None     |    None     |
+|Minimum client operating system version     |Windows 11 and Windows 10    | Windows 11, Windows 10, and Windows 8.1  | Windows 7 and later        |
+|Supported Windows SKUs     |    Enterprise, Pro, Education     |    Enterprise, Pro, Education     |     Enterprise    |
+|Minimum Windows version     |1909   |    None     |    None     |
 |Supported domain-joined status     |     Microsoft Azure Active Directory (Azure AD) joined, hybrid Azure AD joined    |   Active Directory joined, hybrid Azure AD joined      |     Active Directory joined    |
 |Permissions required to manage policies     |    Endpoint security manager or custom     |   Full administrator or custom      |     Domain Admin or Delegated GPO access    |
 |Cloud or on premises      |     Cloud    |  On premises     |    On premises     |
@@ -54,7 +56,7 @@ This article depicts the BitLocker deployment comparison chart.
 |Can be administered outside company network     |  :::image type="content" source="images/yes-icon.png" alt-text="supported":::       |  :::image type="content" source="images/yes-icon.png" alt-text="supported":::     |         |
 |Support for organization unique IDs     |         |      :::image type="content" source="images/yes-icon.png" alt-text="supported":::   |     :::image type="content" source="images/yes-icon.png" alt-text="supported":::    |
 |Self-service recovery      |    Yes (through Azure AD or Company Portal app)     |   :::image type="content" source="images/yes-icon.png" alt-text="supported":::    |    :::image type="content" source="images/yes-icon.png" alt-text="supported":::     |
-|Recovery password rotation for fixed and operating environment drives     |   Yes (Windows 10, version 1909 and later)     |  :::image type="content" source="images/yes-icon.png" alt-text="supported":::       |  :::image type="content" source="images/yes-icon.png" alt-text="supported":::       |
+|Recovery password rotation for fixed and operating environment drives     |   Yes (Windows 10, version 1909 and later or Windows 11)     |  :::image type="content" source="images/yes-icon.png" alt-text="supported":::       |  :::image type="content" source="images/yes-icon.png" alt-text="supported":::       |
 |Wait to complete encryption until recovery information is backed up to Azure AD      |     :::image type="content" source="images/yes-icon.png" alt-text="supported":::    |       |        |
 |Wait to complete encryption until recovery information is backed up to Active Directory      |         |  :::image type="content" source="images/yes-icon.png" alt-text="supported":::     |    :::image type="content" source="images/yes-icon.png" alt-text="supported":::     |
 |Allow or deny Data Recovery Agent     |  :::image type="content" source="images/yes-icon.png" alt-text="supported":::       |  :::image type="content" source="images/yes-icon.png" alt-text="supported":::       |  :::image type="content" source="images/yes-icon.png" alt-text="supported":::       |
diff --git a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
index cf15c6cd30..ddb93cce30 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
@@ -1,6 +1,6 @@
 ---
-title: Overview of BitLocker Device Encryption in Windows 10
-description: This topic provides an overview of how BitLocker Device Encryption can help protect data on devices running Windows 10.
+title: Overview of BitLocker Device Encryption in Windows
+description: This topic provides an overview of how BitLocker Device Encryption can help protect data on devices running Windows.
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
@@ -17,21 +17,24 @@ ms.reviewer:
 ms.custom: bitlocker
 ---
 
-# Overview of BitLocker Device Encryption in Windows 10
+# Overview of BitLocker Device Encryption in Windows
 
 **Applies to**
--   Windows 10
 
-This topic explains how BitLocker Device Encryption can help protect data on devices running Windows 10. 
+-   Windows 10
+-   Windows 11
+-   Windows Server 2016 and above
+
+This topic explains how BitLocker Device Encryption can help protect data on devices running Windows. 
 For a general overview and list of topics about BitLocker, see [BitLocker](bitlocker-overview.md). 
 
 When users travel, their organization’s confidential data goes with them. Wherever confidential data is stored, it must be protected against unauthorized access. Windows has a long history of providing at-rest data-protection solutions that guard against nefarious attackers, beginning with the Encrypting File System in the Windows 2000 operating system. More recently, BitLocker has provided encryption for full drives and portable drives. Windows consistently improves data protection by improving existing options and by providing new strategies.
 
-Table 2 lists specific data-protection concerns and how they are addressed in Windows 10 and Windows 7.
+Table 2 lists specific data-protection concerns and how they are addressed in Windows 11, Windows 10, and Windows 7.
 
-**Table 2. Data Protection in Windows 10 and Windows 7**
+**Table 2. Data Protection in Windows 11, Windows 10, and Windows 7**
 
-| Windows 7 | Windows 10 |
+| Windows 7 | Windows 11 and Windows 10 |
 |---|---|
 | When BitLocker is used with a PIN to protect startup, PCs such as kiosks cannot be restarted remotely. | Modern Windows devices are increasingly protected with BitLocker Device Encryption out of the box and support SSO to seamlessly protect the BitLocker encryption keys from cold boot attacks.<br><br>Network Unlock allows PCs to start automatically when connected to the internal network. |
 | When BitLocker is enabled, the provisioning process can take several hours. | BitLocker pre-provisioning, encrypting hard drives, and Used Space Only encryption allow administrators to enable BitLocker quickly on new computers. |
@@ -44,7 +47,7 @@ Table 2 lists specific data-protection concerns and how they are addressed in Wi
 ## Prepare for drive and file encryption
 
 The best type of security measures are transparent to the user during implementation and use. Every time there is a possible delay or difficulty because of a security feature, there is strong likelihood that users will try to bypass security. This situation is especially true for data protection, and that’s a scenario that organizations need to avoid.
-Whether you’re planning to encrypt entire volumes, removable devices, or individual files, Windows 10 meets your needs by providing streamlined, usable solutions. In fact, you can take several steps in advance to prepare for data encryption and make the deployment quick and smooth.
+Whether you’re planning to encrypt entire volumes, removable devices, or individual files, Windows 11 and Windows 10 meet your needs by providing streamlined, usable solutions. In fact, you can take several steps in advance to prepare for data encryption and make the deployment quick and smooth.
 
 ### TPM pre-provisioning
 
@@ -55,22 +58,22 @@ In Windows 7, preparing the TPM for use offered a couple of challenges:
 
 Basically, it was a big hassle. If IT staff were provisioning new PCs, they could handle all of this, but if you wanted to add BitLocker to devices that were already in users’ hands, those users would have struggled with the technical challenges and would either call IT for support or simply leave BitLocker disabled.
 
-Microsoft includes instrumentation in Windows 10 that enables the operating system to fully manage the TPM. There is no need to go into the BIOS, and all scenarios that required a restart have been eliminated.
+Microsoft includes instrumentation in Windows 11 and Windows 10 that enable the operating system to fully manage the TPM. There is no need to go into the BIOS, and all scenarios that required a restart have been eliminated.
 
 ## Deploy hard drive encryption
 
-BitLocker is capable of encrypting entire hard drives, including both system and data drives. BitLocker pre-provisioning can drastically reduce the time required to provision new PCs with BitLocker enabled. With Windows 10, administrators can turn on BitLocker and the TPM from within the Windows Preinstallation Environment before they install Windows or as part of an automated deployment task sequence without any user interaction. Combined with Used Disk Space Only encryption and a mostly empty drive (because Windows is not yet installed), it takes only a few seconds to enable BitLocker.
-With earlier versions of Windows, administrators had to enable BitLocker after Windows had been installed. Although this process could be automated, BitLocker would need to encrypt the entire drive, a process that could take anywhere from several hours to more than a day depending on drive size and performance, which significantly delayed deployment. Microsoft has improved this process through multiple features in Windows 10.
+BitLocker is capable of encrypting entire hard drives, including both system and data drives. BitLocker pre-provisioning can drastically reduce the time required to provision new PCs with BitLocker enabled. With Windows 11 and Windows 10, administrators can turn on BitLocker and the TPM from within the Windows Preinstallation Environment before they install Windows or as part of an automated deployment task sequence without any user interaction. Combined with Used Disk Space Only encryption and a mostly empty drive (because Windows is not yet installed), it takes only a few seconds to enable BitLocker.
+With earlier versions of Windows, administrators had to enable BitLocker after Windows had been installed. Although this process could be automated, BitLocker would need to encrypt the entire drive, a process that could take anywhere from several hours to more than a day depending on drive size and performance, which significantly delayed deployment. Microsoft has improved this process through multiple features in Windows 11 and Windows 10.
 
 ## BitLocker Device Encryption 
 
-Beginning in Windows 8.1, Windows automatically enables BitLocker Device Encryption on devices that support Modern Standby. With Windows 10, Microsoft offers BitLocker Device Encryption support on a much broader range of devices, including those that are Modern Standby, and devices that run Windows 10 Home edition. 
+Beginning in Windows 8.1, Windows automatically enables BitLocker Device Encryption on devices that support Modern Standby. With Windows 11 and Windows 10, Microsoft offers BitLocker Device Encryption support on a much broader range of devices, including those that are Modern Standby, and devices that run Windows 10 Home edition or Windows 11.
 
 Microsoft expects that most devices in the future will pass the testing requirements, which makes BitLocker Device Encryption pervasive across modern Windows devices. BitLocker Device Encryption further protects the system by transparently implementing device-wide data encryption.
 
 Unlike a standard BitLocker implementation, BitLocker Device Encryption is enabled automatically so that the device is always protected. The following list outlines how this happens:
 
-* When a clean installation of Windows 10 is completed and the out-of-box experience is finished, the computer is prepared for first use. As part of this preparation, BitLocker Device Encryption is initialized on the operating system drive and fixed data drives on the computer with a clear key (this is the equivalent of standard BitLocker suspended state). In this state, the drive is shown with a warning icon in Windows Explorer.  The yellow warning icon is removed after the TPM protector is created and the recovery key is backed up, as explained in the following bullet points.
+* When a clean installation of Windows 11 or Windows 10 is completed and the out-of-box experience is finished, the computer is prepared for first use. As part of this preparation, BitLocker Device Encryption is initialized on the operating system drive and fixed data drives on the computer with a clear key (this is the equivalent of standard BitLocker suspended state). In this state, the drive is shown with a warning icon in Windows Explorer.  The yellow warning icon is removed after the TPM protector is created and the recovery key is backed up, as explained in the following bullet points.
 * If the device is not domain joined, a Microsoft account that has been granted administrative privileges on the device is required. When the administrator uses a Microsoft account to sign in, the clear key is removed, a recovery key is uploaded to the online Microsoft account, and a TPM protector is created. Should a device require the recovery key, the user will be guided to use an alternate device and navigate to a recovery key access URL to retrieve the recovery key by using his or her Microsoft account credentials.
 * If the user uses a domain account to sign in, the clear key is not removed until the user joins the device to a domain and the recovery key is successfully backed up to Active Directory Domain Services (AD DS). You must enable the **Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives** Group Policy setting, and select the **Do not enable BitLocker until recovery information is stored in AD DS for operating system drives** option. With this configuration, the recovery password is created automatically when the computer joins the domain, and then the recovery key is backed up to AD DS, the TPM protector is created, and the clear key is removed.
 * Similar to signing in with a domain account, the clear key is removed when the user logs on to an Azure AD account on the device. As described in the bullet point above, the recovery password is created automatically when the user authenticates to Azure AD. Then, the recovery key is backed up to Azure AD, the TPM protector is created, and the clear key is removed.
@@ -88,28 +91,28 @@ Administrators can manage domain-joined devices that have BitLocker Device Encry
 ## Used Disk Space Only encryption
 
 BitLocker in earlier Windows versions could take a long time to encrypt a drive, because it encrypted every byte on the volume (including parts that did not have data). That is still the most secure way to encrypt a drive, especially if a drive has previously contained confidential data that has since been moved or deleted. In that case, traces of the confidential data could remain on portions of the drive marked as unused.
-But why encrypt a new drive when you can simply encrypt the data as it is being written? To reduce encryption time, BitLocker in Windows 10 lets users choose to encrypt just their data. Depending on the amount of data on the drive, this option can reduce encryption time by more than 99 percent.
+But why encrypt a new drive when you can simply encrypt the data as it is being written? To reduce encryption time, BitLocker in Windows 11 and Windows 10 let users choose to encrypt just their data. Depending on the amount of data on the drive, this option can reduce encryption time by more than 99 percent.
 Exercise caution when encrypting only used space on an existing volume on which confidential data may have already been stored in an unencrypted state, however, because those sectors can be recovered through disk-recovery tools until they are overwritten by new encrypted data. In contrast, encrypting only used space on a brand-new volume can significantly decrease deployment time without the security risk because all new data will be encrypted as it is written to the disk.
 
 ## Encrypted hard drive support
 
 SEDs have been available for years, but Microsoft couldn’t support their use with some earlier versions of Windows because the drives lacked important key management features. Microsoft worked with storage vendors to improve the hardware capabilities, and now BitLocker supports the next generation of SEDs, which are called encrypted hard drives.
-Encrypted hard drives provide onboard cryptographic capabilities to encrypt data on drives, which improves both drive and system performance by offloading cryptographic calculations from the PC’s processor to the drive itself and rapidly encrypting the drive by using dedicated, purpose-built hardware. If you plan to use whole-drive encryption with Windows 10, Microsoft recommends that you investigate hard drive manufacturers and models to determine whether any of their encrypted hard drives meet your security and budget requirements.
+Encrypted hard drives provide onboard cryptographic capabilities to encrypt data on drives, which improves both drive and system performance by offloading cryptographic calculations from the PC’s processor to the drive itself and rapidly encrypting the drive by using dedicated, purpose-built hardware. If you plan to use whole-drive encryption with Windows 11 or Windows 10, Microsoft recommends that you investigate hard drive manufacturers and models to determine whether any of their encrypted hard drives meet your security and budget requirements.
 For more information about encrypted hard drives, see [Encrypted Hard Drive](../encrypted-hard-drive.md).
 
 ## Preboot information protection
 
 An effective implementation of information protection, like most security controls, considers usability as well as security. Users typically prefer a simple security experience. In fact, the more transparent a security solution becomes, the more likely users are to conform to it.
 It is crucial that organizations protect information on their PCs regardless of the state of the computer or the intent of users. This protection should not be cumbersome to users. One undesirable and previously commonplace situation is when the user is prompted for input during preboot, and then again during Windows logon. Challenging users for input more than once should be avoided.
-Windows 10 can enable a true SSO experience from the preboot environment on modern devices and in some cases even on older devices when robust information protection configurations are in place. The TPM in isolation is able to securely protect the BitLocker encryption key while it is at rest, and it can securely unlock the operating system drive. When the key is in use and thus in memory, a combination of hardware and Windows capabilities can secure the key and prevent unauthorized access through cold-boot attacks. Although other countermeasures like PIN-based unlock are available, they are not as user-friendly; depending on the devices’ configuration they may not offer additional security when it comes to key protection. For more information, see [BitLocker Countermeasures](bitlocker-countermeasures.md).
+Windows 11 and Windows 10 can enable a true SSO experience from the preboot environment on modern devices and in some cases even on older devices when robust information protection configurations are in place. The TPM in isolation is able to securely protect the BitLocker encryption key while it is at rest, and it can securely unlock the operating system drive. When the key is in use and thus in memory, a combination of hardware and Windows capabilities can secure the key and prevent unauthorized access through cold-boot attacks. Although other countermeasures like PIN-based unlock are available, they are not as user-friendly; depending on the devices’ configuration they may not offer additional security when it comes to key protection. For more information, see [BitLocker Countermeasures](bitlocker-countermeasures.md).
 
 ## Manage passwords and PINs
 
 When BitLocker is enabled on a system drive and the PC has a TPM, you can choose to require that users type a PIN before BitLocker will unlock the drive. Such a PIN requirement can prevent an attacker who has physical access to a PC from even getting to the Windows logon, which makes it virtually impossible for the attacker to access or modify user data and system files.
 
 Requiring a PIN at startup is a useful security feature because it acts as a second authentication factor (a second “something you know”). This configuration comes with some costs, however. One of the most significant is the need to change the PIN regularly. In enterprises that used BitLocker with Windows 7 and the Windows Vista operating system, users had to contact systems administrators to update their BitLocker PIN or password. This requirement not only increased management costs but made users less willing to change their BitLocker PIN or password on a regular basis.
-Windows 10 users can update their BitLocker PINs and passwords themselves, without administrator credentials. Not only will this feature reduce support costs, but it could improve security, too, because it encourages users to change their PINs and passwords more often. In addition, Modern Standby devices do not require a PIN for startup: They are designed to start infrequently and have other mitigations in place that further reduce the attack surface of the system.
-For more information about how startup security works and the countermeasures that Windows 10 provides, see [Protect BitLocker from pre-boot attacks](./bitlocker-countermeasures.md).
+Windows 11 and Windows 10 users can update their BitLocker PINs and passwords themselves, without administrator credentials. Not only will this feature reduce support costs, but it could improve security, too, because it encourages users to change their PINs and passwords more often. In addition, Modern Standby devices do not require a PIN for startup: They are designed to start infrequently and have other mitigations in place that further reduce the attack surface of the system.
+For more information about how startup security works and the countermeasures that Windows 11 and Windows 10 provide, see [Protect BitLocker from pre-boot attacks](./bitlocker-countermeasures.md).
 
 ## Configure Network Unlock
 
@@ -138,6 +141,6 @@ Part of the Microsoft Desktop Optimization Pack, MBAM makes it easier to manage
 * Enforces the BitLocker encryption policy options that you set for your enterprise.
 * Integrates with existing management tools, such as Microsoft Endpoint Configuration Manager.
 * Offers an IT-customizable recovery user experience.
-* Supports Windows 10.
+* Supports Windows 11 and Windows 10.
 
 For more information about MBAM, including how to obtain it, see [Microsoft BitLocker Administration and Monitoring](/microsoft-desktop-optimization-pack/) on the MDOP TechCenter.
\ No newline at end of file
diff --git a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md
index c695b4b77c..25c64a62b1 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md
@@ -22,7 +22,7 @@ ms.custom: bitlocker
 
 **Applies to:**
 
-- Windows 10, Windows Server 2019, Windows Server 2016, Windows 8.1, and Windows Server 2012 R2
+- Windows 10, Windows 11, Windows Server 2019, Windows Server 2016, Windows 8.1, and Windows Server 2012 R2
 
 This topic for IT professionals describes the function, location, and effect of each Group Policy setting that is used to manage BitLocker Drive Encryption.
 
@@ -108,7 +108,7 @@ This policy setting allows users on devices that are compliant with Modern Stand
 |    | &nbsp; |
 |:---|:---|
 |**Policy description**|With this policy setting, you can allow TPM-only protection for newer, more secure devices, such as devices that support Modern Standby or HSTI, while requiring PIN on older devices.|
-|**Introduced**|Windows 10, version 1703|
+|**Introduced**|Windows 10, version 1703, or Windows 11|
 |**Drive type**|Operating system drives|
 |**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives|
 |**Conflicts**|This setting overrides the **Require startup PIN with TPM** option of the [Require additional authentication at startup](#bkmk-unlockpol1) policy on compliant hardware.|
@@ -247,8 +247,8 @@ If the PIN is 4 digits, all 9999 possible PIN combinations could be attempted in
 Increasing the PIN length requires a greater number of guesses for an attacker.
 In that case, the lockout duration between each guess can be shortened to allow legitimate users to retry a failed attempt sooner, while maintaining a similar level of protection.
 
-Beginning with Windows 10, version 1703, the minimum length for the BitLocker PIN was increased to 6 characters to better align with other Windows features that leverage TPM 2.0, including Windows Hello.
-To help organizations with the transition, beginning with Windows 10, version 1709 and Windows 10, version 1703 with the October 2017 [cumulative update](https://support.microsoft.com/help/4018124) installed, the BitLocker PIN length is 6 characters by default, but it can be reduced to 4 characters.
+Beginning with Windows 10, version 1703, or Windows 11, the minimum length for the BitLocker PIN was increased to 6 characters to better align with other Windows features that leverage TPM 2.0, including Windows Hello.
+To help organizations with the transition, beginning with Windows 10, version 1709 and Windows 10, version 1703 with the October 2017, or Windows 11 [cumulative update](https://support.microsoft.com/help/4018124) installed, the BitLocker PIN length is 6 characters by default, but it can be reduced to 4 characters.
 If the minimum PIN length is reduced from the default of six characters, then the TPM 2.0 lockout period will be extended.
 
 ### Disable new DMA devices when this computer is locked
@@ -258,7 +258,7 @@ This policy setting allows you to block direct memory access (DMA) for all hot p
 |    | &nbsp; |
 |:---|:---|
 |**Policy description**|This setting helps prevent attacks that use external PCI-based devices to access BitLocker keys.|
-|**Introduced**|Windows 10, version 1703|
+|**Introduced**|Windows 10, version 1703, or Windows 11|
 |**Drive type**|Operating system drives|
 |**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption|
 |**Conflicts**|None|
@@ -612,7 +612,7 @@ This policy setting is used to control the encryption method and cipher strength
 |**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption|
 |**Conflicts**|None|
 |**When enabled**|You can choose an encryption algorithm and key cipher strength for BitLocker to use to encrypt drives.|
-|**When disabled or not configured**|Beginning with Windows 10, version 1511, BitLocker uses the default encryption method of XTS-AES 128-bit or the encryption method that is specified by the setup script. Windows Phone does not support XTS; it uses AES-CBC 128-bit by default and supports AES-CBC 256-bit by policy.|
+|**When disabled or not configured**|Beginning with Windows 10, version 1511, or Windows 11,  BitLocker uses the default encryption method of XTS-AES 128-bit or the encryption method that is specified by the setup script. Windows Phone does not support XTS; it uses AES-CBC 128-bit by default and supports AES-CBC 256-bit by policy.|
 
 **Reference**
 
@@ -621,7 +621,7 @@ Enterprises may want to control the encryption level for increased security (AES
 
 If you enable this setting, you will be able to configure an encryption algorithm and key cipher strength for fixed data drives, operating system drives, and removable data drives individually.
 For fixed and operating system drives, we recommend that you use the XTS-AES algorithm.
-For removable drives, you should use AES-CBC 128-bit or AES-CBC 256-bit if the drive will be used in other devices that are not running Windows 10, version 1511 or later.
+For removable drives, you should use AES-CBC 128-bit or AES-CBC 256-bit if the drive will be used in other devices that are not running Windows 10, version 1511 or later, or Windows 11.
 
 Changing the encryption method has no effect if the drive is already encrypted or if encryption is in progress. In these cases, this policy setting is ignored.
 
@@ -965,7 +965,7 @@ This policy setting is used to configure the entire recovery message and to repl
 |    | &nbsp; |
 |:---|:---|
 |**Policy description**|With this policy setting, you can configure the BitLocker recovery screen to display a customized message and URL.|
-|**Introduced**|Windows 10|
+|**Introduced**|Windows|
 |**Drive type**|Operating system drives|
 |**Policy path**|Computer Configuration \ Administrative Templates \ Windows Components \ BitLocker Drive Encryption \ Operating System Drives \ Configure pre-boot recovery message and URL|
 |**Conflicts**|None|
diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
index 0327b8ec18..5adf857335 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
@@ -21,7 +21,10 @@ ms.custom: bitlocker
 # BitLocker: How to enable Network Unlock
 
 **Applies to**
--   Windows 10
+
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
 
 This article for IT professionals describes how BitLocker Network Unlock works and how to configure it.
 
diff --git a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
index 54f967207f..eabe91593f 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
@@ -35,11 +35,11 @@ Enterprises can use [Microsoft BitLocker Administration and Monitoring (MBAM)](/
 
 ## Managing devices joined to Azure Active Directory
 
-Devices joined to Azure AD are managed using Mobile Device Management (MDM) policy from an MDM solution such as Microsoft Intune. Without Windows 10, version 1809, only local administrators can enable BitLocker via Intune policy. Starting with Windows 10, version 1809, Intune can enable BitLocker for standard users. [BitLocker Device Encryption](bitlocker-device-encryption-overview-windows-10.md#bitlocker-device-encryption) status can be queried from managed machines via the [Policy Configuration Settings Provider (CSP)](/windows/client-management/mdm/policy-configuration-service-provider/), which reports on whether BitLocker Device Encryption is enabled on the device. Compliance with BitLocker Device Encryption policy can be a requirement for [Conditional Access](https://www.microsoft.com/cloud-platform/conditional-access/) to services like Exchange Online and SharePoint Online.
+Devices joined to Azure AD are managed using Mobile Device Management (MDM) policy from an MDM solution such as Microsoft Intune. Without Windows 10, version 1809, or Windows 11, only local administrators can enable BitLocker via Intune policy. Starting with Windows 10, version 1809, or Windows 11, Intune can enable BitLocker for standard users. [BitLocker Device Encryption](bitlocker-device-encryption-overview-windows-10.md#bitlocker-device-encryption) status can be queried from managed machines via the [Policy Configuration Settings Provider (CSP)](/windows/client-management/mdm/policy-configuration-service-provider/), which reports on whether BitLocker Device Encryption is enabled on the device. Compliance with BitLocker Device Encryption policy can be a requirement for [Conditional Access](https://www.microsoft.com/cloud-platform/conditional-access/) to services like Exchange Online and SharePoint Online.
 
-Starting with Windows 10 version 1703 (also known as the Windows Creators Update), the enablement of BitLocker can be triggered over MDM either by the [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider/) or the [BitLocker CSP](/windows/client-management/mdm/bitlocker-csp/). The BitLocker CSP adds policy options that go beyond ensuring that encryption has occurred, and is available on computers that run Windows 10 and on Windows phones.
+Starting with Windows 10 version 1703 (also known as the Windows Creators Update), or Windows 11, the enablement of BitLocker can be triggered over MDM either by the [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider/) or the [BitLocker CSP](/windows/client-management/mdm/bitlocker-csp/). The BitLocker CSP adds policy options that go beyond ensuring that encryption has occurred, and is available on computers that run Windows 11, Windows 10, and on Windows phones.
 
-For hardware that is compliant with Modern Standby and HSTI, when using either of these features, [BitLocker Device Encryption](bitlocker-device-encryption-overview-windows-10.md#bitlocker-device-encryption) is automatically turned on whenever the user joins a device to Azure AD. Azure AD provides a portal where recovery keys are also backed up, so users can retrieve their own recovery key for self-service, if required. For older devices that are not yet encrypted, beginning with Windows 10 version 1703 (the Windows 10 Creators Update), admins can use the [BitLocker CSP](/windows/client-management/mdm/bitlocker-csp/) to trigger encryption and store the recovery key in Azure AD.
+For hardware that is compliant with Modern Standby and HSTI, when using either of these features, [BitLocker Device Encryption](bitlocker-device-encryption-overview-windows-10.md#bitlocker-device-encryption) is automatically turned on whenever the user joins a device to Azure AD. Azure AD provides a portal where recovery keys are also backed up, so users can retrieve their own recovery key for self-service, if required. For older devices that are not yet encrypted, beginning with Windows 10 version 1703 (the Windows 10 Creators Update), or Windows 11, admins can use the [BitLocker CSP](/windows/client-management/mdm/bitlocker-csp/) to trigger encryption and store the recovery key in Azure AD.
 
 This is applicable to Azure Hybrid AD as well. 
 
@@ -105,7 +105,7 @@ Enable-BitLocker -MountPoint "C:" -EncryptionMethod XtsAes256 -UsedSpaceOnly -Pi
 
 [Microsoft BitLocker Administration and Management (MBAM)](/microsoft-desktop-optimization-pack/mbam-v25/)
 
-[Overview of BitLocker Device Encryption in Windows 10](bitlocker-device-encryption-overview-windows-10.md#bitlocker-device-encryption) 
+[Overview of BitLocker Device Encryption in Windows](bitlocker-device-encryption-overview-windows-10.md#bitlocker-device-encryption) 
 
 [BitLocker Group Policy Reference](./bitlocker-group-policy-settings.md) 
 
diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview.md b/windows/security/information-protection/bitlocker/bitlocker-overview.md
index 60ab1074cd..fd212875f8 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-overview.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-overview.md
@@ -21,7 +21,10 @@ ms.custom: bitlocker
 # BitLocker
 
 **Applies to**
--   Windows 10
+
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
 
 This topic provides a high-level overview of BitLocker, including a list of system requirements, practical applications, and deprecated features.
 
@@ -49,7 +52,7 @@ BitLocker control panel, and they are appropriate to use for automated deploymen
 
 ## <a href="" id="bkmk-new"></a>New and changed functionality
 
-To find out what's new in BitLocker for Windows 10, such as support for the XTS-AES encryption algorithm, see the [BitLocker](/windows/whats-new/whats-new-windows-10-version-1507-and-1511#bitlocker) section in "What's new in Windows 10."
+To find out what's new in BitLocker for Windows, such as support for the XTS-AES encryption algorithm, see the [BitLocker](/windows/whats-new/whats-new-windows-10-version-1507-and-1511#bitlocker) section in "What's new in Windows 10."
  
 ## System requirements
 
@@ -84,7 +87,7 @@ When installing the BitLocker optional component on a server you will also need
 
 | Topic | Description |
 | - | - |
-| [Overview of BitLocker Device Encryption in Windows 10](bitlocker-device-encryption-overview-windows-10.md) | This topic for the IT professional provides an overview of the ways that BitLocker Device Encryption can help protect data on devices running Windows 10.  |
+| [Overview of BitLocker Device Encryption in Windows](bitlocker-device-encryption-overview-windows-10.md) | This topic for the IT professional provides an overview of the ways that BitLocker Device Encryption can help protect data on devices running Windows.  |
 | [BitLocker frequently asked questions (FAQ)](bitlocker-frequently-asked-questions.yml) | This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker.| 
 | [Prepare your organization for BitLocker: Planning and policies](prepare-your-organization-for-bitlocker-planning-and-policies.md)| This topic for the IT professional explains how can you plan your BitLocker deployment. |
 | [BitLocker basic deployment](bitlocker-basic-deployment.md) | This topic for the IT professional explains how BitLocker features can be used to protect your data through drive encryption. |
@@ -95,7 +98,7 @@ When installing the BitLocker optional component on a server you will also need
 | [BitLocker Group Policy settings](bitlocker-group-policy-settings.md) | This topic for IT professionals describes the function, location, and effect of each Group Policy setting that is used to manage BitLocker. |
 | [BCD settings and BitLocker](bcd-settings-and-bitlocker.md) | This topic for IT professionals describes the BCD settings that are used by BitLocker.| 
 | [BitLocker Recovery Guide](bitlocker-recovery-guide-plan.md)| This topic for IT professionals describes how to recover BitLocker keys from AD DS. |
-| [Protect BitLocker from pre-boot attacks](./bitlocker-countermeasures.md)| This detailed guide will help you understand the circumstances under which the use of pre-boot authentication is recommended for devices running Windows 10, Windows 8.1, Windows 8, or Windows 7; and when it can be safely omitted from a device’s configuration. |
+| [Protect BitLocker from pre-boot attacks](./bitlocker-countermeasures.md)| This detailed guide will help you understand the circumstances under which the use of pre-boot authentication is recommended for devices running Windows 11, Windows 10, Windows 8.1, Windows 8, or Windows 7; and when it can be safely omitted from a device’s configuration. |
 | [Troubleshoot BitLocker](troubleshoot-bitlocker.md) | This guide describes the resources that can help you troubleshoot BitLocker issues, and provides solutions for several common BitLocker issues. |
 | [Protecting cluster shared volumes and storage area networks with BitLocker](protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md)| This topic for IT pros describes how to protect CSVs and SANs with BitLocker.| 
-| [Enabling Secure Boot and BitLocker Device Encryption on Windows 10 IoT Core](/windows/iot-core/secure-your-device/SecureBootAndBitLocker) | This topic covers how to use BitLocker with Windows 10 IoT Core |
\ No newline at end of file
+| [Enabling Secure Boot and BitLocker Device Encryption on Windows IoT Core](/windows/iot-core/secure-your-device/SecureBootAndBitLocker) | This topic covers how to use BitLocker with Windows IoT Core |
\ No newline at end of file
diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md
index eaccfb9c9f..54fbc0d5fd 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md
@@ -22,7 +22,9 @@ ms.custom: bitlocker
 
 **Applies to:**
 
-- Windows 10
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
 
 This article for IT professionals describes how to recover BitLocker keys from AD DS.
 
@@ -123,7 +125,7 @@ Before you create a thorough BitLocker recovery process, we recommend that you t
 
 When planning the BitLocker recovery process, first consult your organization's current best practices for recovering sensitive information. For example: How does your enterprise handle lost Windows passwords? How does your organization perform smart card PIN resets? You can use these best practices and related resources (people and tools) to help formulate a BitLocker recovery model.
 
-Organizations that rely on BitLocker Drive Encryption and BitLocker To Go to protect data on a large number of computers and removable drives running the Windows 10, Windows 8, or Windows 7 operating systems and Windows to Go should consider using the Microsoft BitLocker Administration and Monitoring (MBAM) Tool version 2.0, which is included in the Microsoft Desktop Optimization Pack (MDOP) for Microsoft Software Assurance. MBAM makes BitLocker implementations easier to deploy and manage and allows administrators to provision and monitor encryption for operating system and fixed drives. MBAM prompts the user before encrypting fixed drives. MBAM also manages recovery keys for fixed and removable drives, making recovery easier to manage. MBAM can be used as part of a Microsoft System Center deployment or as a stand-alone solution. For more info, see [Microsoft BitLocker Administration and Monitoring](/microsoft-desktop-optimization-pack/mbam-v25/).
+Organizations that rely on BitLocker Drive Encryption and BitLocker To Go to protect data on a large number of computers and removable drives running the Windows 11, Windows 10, Windows 8, or Windows 7 operating systems and Windows to Go should consider using the Microsoft BitLocker Administration and Monitoring (MBAM) Tool version 2.0, which is included in the Microsoft Desktop Optimization Pack (MDOP) for Microsoft Software Assurance. MBAM makes BitLocker implementations easier to deploy and manage and allows administrators to provision and monitor encryption for operating system and fixed drives. MBAM prompts the user before encrypting fixed drives. MBAM also manages recovery keys for fixed and removable drives, making recovery easier to manage. MBAM can be used as part of a Microsoft System Center deployment or as a stand-alone solution. For more info, see [Microsoft BitLocker Administration and Monitoring](/microsoft-desktop-optimization-pack/mbam-v25/).
 
 After a BitLocker recovery has been initiated, users can use a recovery password to unlock access to encrypted data. Consider both self-recovery and recovery password retrieval methods for your organization.
 
@@ -291,7 +293,7 @@ During BitLocker recovery, Windows can display a custom recovery message and hin
 
 ### Custom recovery message
 
-BitLocker Group Policy settings in Windows 10, version 1511, let you configure a custom recovery message and URL on the BitLocker recovery screen, which can include the address of the BitLocker self-service recovery portal, the IT internal website, or a phone number for support.
+BitLocker Group Policy settings in Windows 10, version 1511, or Windows 11, let you configure a custom recovery message and URL on the BitLocker recovery screen, which can include the address of the BitLocker self-service recovery portal, the IT internal website, or a phone number for support.
 
 This policy can be configured using GPO under **Computer Configuration** > **Administrative Templates** > **Windows Components** > **BitLocker Drive Encryption** > **Operating System Drives** > **Configure pre-boot recovery message and URL**.
 
@@ -307,7 +309,7 @@ Example of customized recovery screen:
 
 ### BitLocker recovery key hints
 
-BitLocker metadata has been enhanced in Windows 10, version 1903 to include information about when and where the BitLocker recovery key was backed up. This information is not exposed through the UI or any public API. It is used solely by the BitLocker recovery screen in the form of hints to help a user locate a volume's recovery key. Hints are displayed on the recovery screen and refer to the location where the key has been saved. Hints are displayed on both the modern (blue) and legacy (black) recovery screen. This applies to both the boot manager recovery screen and the WinRE unlock screen.
+BitLocker metadata has been enhanced in Windows 10, version 1903 or Windows 11 to include information about when and where the BitLocker recovery key was backed up. This information is not exposed through the UI or any public API. It is used solely by the BitLocker recovery screen in the form of hints to help a user locate a volume's recovery key. Hints are displayed on the recovery screen and refer to the location where the key has been saved. Hints are displayed on both the modern (blue) and legacy (black) recovery screen. This applies to both the boot manager recovery screen and the WinRE unlock screen.
 
 ![Customized BitLocker recovery screen](./images/bl-password-hint2.png)
 
diff --git a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
index c6483a8057..7de4fac8f2 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
@@ -21,7 +21,10 @@ ms.custom: bitlocker
 # BitLocker: Use BitLocker Drive Encryption Tools to manage BitLocker
 
 **Applies to**
--   Windows 10
+
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
 
 This article for the IT professional describes how to use tools to manage BitLocker.
 
diff --git a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md
index ce88a53275..7c4a6c76bf 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md
@@ -21,7 +21,10 @@ ms.custom: bitlocker
 # BitLocker: Use BitLocker Recovery Password Viewer
 
 **Applies to**
--   Windows 10
+
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
 
 This topic for the IT professional describes how to use the BitLocker Recovery Password Viewer.
 
diff --git a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md b/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
index b3b6894cac..27cd120572 100644
--- a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
+++ b/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
@@ -22,7 +22,9 @@ ms.custom: bitlocker
 
 **Applies to**
 
-- Windows 10
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
 
 This topic for the IT professional explains how can you plan your BitLocker deployment.
 
@@ -98,7 +100,7 @@ In your deployment plan, identify what TPM-based hardware platforms will be supp
 
 ### TPM 1.2 states and initialization
 
-For TPM 1.2, there are multiple possible states. Windows 10 automatically initializes the TPM, which brings it to an enabled, activated, and owned state. This is the state that BitLocker requires before it can use the TPM.
+For TPM 1.2, there are multiple possible states. Windows automatically initializes the TPM, which brings it to an enabled, activated, and owned state. This is the state that BitLocker requires before it can use the TPM.
 
 ### Endorsement keys
 
diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md
index d41b2c7bf1..7766f6b14c 100644
--- a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md
+++ b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md
@@ -25,7 +25,7 @@ This article describes common issues that may prevent BitLocker from encrypting
 
 ## Error 0x80310059: BitLocker Drive Encryption is already performing an operation on this drive
 
-When you turn on BitLocker Drive Encryption on a computer that is running Windows 10 Professional, you receive a message that resembles the following:
+When you turn on BitLocker Drive Encryption on a computer that is running Windows 10 Professional or Windows 11, you receive a message that resembles the following:
 
 > **ERROR:** An error occurred (code 0x80310059):BitLocker Drive Encryption is already performing an operation on this drive. Please complete all operations before continuing.NOTE: If the -on switch has failed to add key protectors or start encryption,you may need to call manage-bde -off before attempting -on again.
 
@@ -52,7 +52,7 @@ To resolve this issue, follow these steps:
 
 ## "Access is denied" message when you try to encrypt removable drives
 
-You have a computer that is running Windows 10, version 1709 or version 1607. You try to encrypt a USB drive by following these steps:
+You have a computer that is running Windows 10, version 1709 or version 1607, or Windows 11. You try to encrypt a USB drive by following these steps:
 
 1. In Windows Explorer, right-click the USB drive and select **Turn on BitLocker**.
 1. On the **Choose how you want to unlock this drive** page, select **Use a password to unlock the drive**.
@@ -60,7 +60,7 @@ You have a computer that is running Windows 10, version 1709 or version 1607. Yo
 1. On the **Are you ready to encrypt this drive?** page, select **Start encrypting**.
 1. The **Starting encryption** page displays the message "Access is denied."
 
-You receive this message on any computer that runs Windows 10 version 1709 or version 1607, when you use any USB drive.
+You receive this message on any computer that runs Windows 10 version 1709 or version 1607, or Windows 11, when you use any USB drive.
 
 ### Cause
 
diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-config-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-config-issues.md
index 36adf14e88..6b1ee39717 100644
--- a/windows/security/information-protection/bitlocker/ts-bitlocker-config-issues.md
+++ b/windows/security/information-protection/bitlocker/ts-bitlocker-config-issues.md
@@ -20,9 +20,9 @@ ms.custom: bitlocker
 
 This article describes common issues that affect your BitLocker configuration and BitLocker's general functionality. This article also provides guidance to address these issues.
 
-## BitLocker encryption is slower in Windows 10
+## BitLocker encryption is slower in Windows 10 and Windows 11
 
-In both Windows 10 and Windows 7, BitLocker runs in the background to encrypt drives. However, in Windows 10, BitLocker is less aggressive about requesting resources. This behavior reduces the chance that BitLocker will affect the computer's performance.
+In both Windows 11, Windows 10, and Windows 7, BitLocker runs in the background to encrypt drives. However, in Windows 11 and Windows 10, BitLocker is less aggressive about requesting resources. This behavior reduces the chance that BitLocker will affect the computer's performance.
 
 To compensate for these changes, BitLocker uses a new conversion model. This model, (referred to as Encrypt-On-Write), makes sure that any new disk writes on all client SKUs and any internal drives are always encrypted *as soon as you turn on BitLocker*.
 
diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md b/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md
index bab9c21e3e..541e093039 100644
--- a/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md
+++ b/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md
@@ -31,7 +31,7 @@ For more information about Measured Boot and PCRs, see the following articles:
 
 ## Use TBSLogGenerator to decode Measured Boot logs
 
-Use TBSLogGenerator to decode Measured Boot logs that you have collected from Windows 10 and earlier versions. You can install this tool on the following systems:
+Use TBSLogGenerator to decode Measured Boot logs that you have collected from Windows 11, Windows 10, and earlier versions. You can install this tool on the following systems:
 
 - A computer that is running Windows Server 2016 and that has a TPM enabled
 - A Gen 2 virtual machine (running on Hyper-V) that is running Windows Server 2016 (you can use the virtual TPM)
diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md
index 60c34a7bb6..85fd424c68 100644
--- a/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md
+++ b/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md
@@ -98,7 +98,7 @@ You can resolve this issue by verifying the configuration of the disk partitions
 
 #### Step 1: Verify the configuration of the disk partitions
 
-The procedures described in this section depend on the default disk partitions that Windows configures during installation. Windows 10 automatically creates a recovery partition that contains the Winre.wim file. The partition configuration resembles the following.
+The procedures described in this section depend on the default disk partitions that Windows configures during installation. Windows 11 and Windows 10 automatically create a recovery partition that contains the Winre.wim file. The partition configuration resembles the following.
 
 ![Default disk partitions, including the recovery partition](./images/4509194-en-1.png)
 
@@ -221,7 +221,7 @@ To verify the Secure Boot state, use the System Information app. To do this, fol
 
 ## <a id="issue-7"></a>Event ID 846, 778, and 851: Error 0x80072f9a
 
-In this case, you are deploying Intune policy to encrypt a Windows 10, version 1809 device and store the recovery password in Azure Active Directory (Azure AD). As part of the policy configuration, you have selected the **Allow standard users to enable encryption during Azure AD Join** option.
+In this case, you are deploying Intune policy to encrypt a Windows 11, Windows 10, version 1809 device, and store the recovery password in Azure Active Directory (Azure AD). As part of the policy configuration, you have selected the **Allow standard users to enable encryption during Azure AD Join** option.
 
 The policy deployment fails and generates the following events (visible in Event Viewer in the **Applications and Services Logs\\Microsoft\\Windows\\BitLocker API** folder):
 
@@ -250,7 +250,7 @@ These events refer to Error code 0x80072f9a.
 
 These events indicate that the signed-in user does not have permission to read the private key on the certificate that is generated as part of the provisioning and enrollment process. Therefore, the BitLocker MDM policy refresh fails.
 
-The issue affects Windows 10 version 1809.
+The issue affects Windows 11 and Windows 10 version 1809.
 
 ### Resolution
 
@@ -282,11 +282,11 @@ For information about how to use policy together with BitLocker and Intune, see
 
 Intune offers the following enforcement types for BitLocker:
 
-- **Automatic** (Enforced when the device joins Azure AD during the provisioning process. This option is available in Windows 10 version 1703 and later.)
-- **Silent** (Endpoint protection policy. This option is available in Windows 10 version 1803 and later.)
-- **Interactive** (Endpoint policy for Windows versions that are older than Windows 10 version 1803.)
+- **Automatic** (Enforced when the device joins Azure AD during the provisioning process. This option is available in Windows 10 version 1703 and later, or Windows 11.)
+- **Silent** (Endpoint protection policy. This option is available in Windows 10 version 1803 and later, or Windows 11.)
+- **Interactive** (Endpoint policy for Windows versions that are older than Windows 10 version 1803, or Windows 11.)
 
-If your device runs Windows 10 version 1703 or later, supports Modern Standby (also known as Instant Go) and is HSTI-compliant, joining the device to Azure AD triggers automatic device encryption. A separate endpoint protection policy is not required to enforce device encryption.
+If your device runs Windows 10 version 1703 or later, or Windows 11, supports Modern Standby (also known as Instant Go) and is HSTI-compliant, joining the device to Azure AD triggers automatic device encryption. A separate endpoint protection policy is not required to enforce device encryption.
 
 If your device is HSTI-compliant but does not support Modern Standby, you have to configure an endpoint protection policy to enforce silent BitLocker Drive Encryption. The settings for this policy should resemble the following:
 
@@ -303,18 +303,18 @@ The OMA-URI references for these settings are as follows:
    Value: **0** (0 = Blocked, 1 = Allowed)  
 
 > [!NOTE]
-> Because of an update to the BitLocker Policy CSP, if the device uses Windows 10 version 1809 or later, you can use an endpoint protection policy to enforce silent BitLocker Device Encryption even if the device is not HSTI-compliant.
+> Because of an update to the BitLocker Policy CSP, if the device uses Windows 10 version 1809 or later, or Windows 11, you can use an endpoint protection policy to enforce silent BitLocker Device Encryption even if the device is not HSTI-compliant.
 
 > [!NOTE]
 > If the **Warning for other disk encryption** setting is set to **Not configured**, you have to manually start the BitLocker Drive Encryption wizard.  
 
-If the device does not support Modern Standby but is HSTI-compliant, and it uses a version of Windows that is earlier than Windows 10, version 1803, an endpoint protection policy that has the settings that are described in this article delivers the policy configuration to the device. However, Windows then notifies the user to manually enable BitLocker Drive Encryption. To do this, the user selects the notification. This action starts the BitLocker Drive Encryption wizard.  
+If the device does not support Modern Standby but is HSTI-compliant, and it uses a version of Windows that is earlier than Windows 10, version 1803, or Windows 11, an endpoint protection policy that has the settings that are described in this article delivers the policy configuration to the device. However, Windows then notifies the user to manually enable BitLocker Drive Encryption. To do this, the user selects the notification. This action starts the BitLocker Drive Encryption wizard.  
 
 The Intune 1901 release provides settings that you can use to configure automatic device encryption for Autopilot devices for standard users. Each device must meet the following requirements:
 
 - Be HSTI-compliant
 - Support Modern Standby
-- Use Windows 10 version 1803 or later
+- Use Windows 10 version 1803 or later, or Windows 11
 
 ![Intune policy setting](./images/4509188-en-1.png)
 
diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md
index 9d48930488..aa70c53412 100644
--- a/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md
+++ b/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md
@@ -23,9 +23,9 @@ This article describes common issues that may prevent BitLocker from behaving as
 > [!NOTE]
 > In this article, "recovery password" refers to the 48-digit recovery password and "recovery key" refers to 32-digit recovery key. For more information, see [BitLocker key protectors](./prepare-your-organization-for-bitlocker-planning-and-policies.md#bitlocker-key-protectors).
 
-## Windows 10 prompts for a non-existing BitLocker recovery password
+## Windows prompts for a non-existing BitLocker recovery password
 
-Windows 10 prompts you for a BitLocker recovery password. However, you did not configure a BitLocker recovery password.
+Windows prompts you for a BitLocker recovery password. However, you did not configure a BitLocker recovery password.
 
 ### Resolution
 
@@ -37,7 +37,7 @@ The BitLocker and Active Directory Domain Services (AD DS) FAQ addresses situati
 
 ## The recovery password for a laptop was not backed up, and the laptop is locked
 
-You have a Windows 10 Home-based laptop, and you have to recover its hard disk. The disk was encrypted by using BitLocker Driver Encryption. However, the BitLocker recovery password was not backed up, and the usual user of the laptop is not available to provide the password.
+You have a Windows 11 or Windows 10 Home-based laptop, and you have to recover its hard disk. The disk was encrypted by using BitLocker Driver Encryption. However, the BitLocker recovery password was not backed up, and the usual user of the laptop is not available to provide the password.
 
 ### Resolution
 
@@ -223,7 +223,7 @@ To re-enable BitLocker Drive Encryption, select **Start**, type **Manage BitLock
 
 ## After you install an update to a Hyper V-enabled computer, BitLocker prompts for the recovery password and returns error 0xC0210000
 
-You have a device that runs Windows 10, version 1703, Windows 10, version 1607, or Windows Server 2016. Also, Hyper-V is enabled on the device. After you install an affected update and restart the device, the device enters BitLocker Recovery mode and you see error code 0xC0210000.
+You have a device that runs Windows 11, Windows 10, version 1703, Windows 10, version 1607, or Windows Server 2016. Also, Hyper-V is enabled on the device. After you install an affected update and restart the device, the device enters BitLocker Recovery mode and you see error code 0xC0210000.
 
 ### Workaround
 
@@ -262,12 +262,12 @@ Manage-bde -protectors -disable c: -rc 1
 
 To resolve this issue, install the appropriate update on the affected device:  
 
-- For Windows 10, version 1703: [July 9, 2019—KB4507450 (OS Build 15063.1928)](https://support.microsoft.com/help/4507450/windows-10-update-kb4507450)
-- For Windows 10, version 1607 and Windows Server 2016: [July 9, 2019—KB4507460 (OS Build 14393.3085)](https://support.microsoft.com/help/4507460/windows-10-update-kb4507460)
+- For Windows 10, version 1703, or Windows 11: [July 9, 2019—KB4507450 (OS Build 15063.1928)](https://support.microsoft.com/help/4507450/windows-10-update-kb4507450)
+- For Windows 11, Windows 10, version 1607 and Windows Server 2016: [July 9, 2019—KB4507460 (OS Build 14393.3085)](https://support.microsoft.com/help/4507460/windows-10-update-kb4507460)
 
 ## Credential Guard/Device Guard on TPM 1.2: At every restart, BitLocker prompts for the recovery password and returns error 0xC0210000
 
-You have a device that uses TPM 1.2 and runs Windows 10, version 1809. Also, the device uses [Virtualization-based Security](/windows-hardware/design/device-experiences/oem-vbs) features such as [Device Guard and Credential Guard](/windows-hardware/drivers/bringup/device-guard-and-credential-guard). Every time that you start the device, the device enters BitLocker Recovery mode and you see error code 0xc0210000, and a message that resembles the following.
+You have a device that uses TPM 1.2 and runs Windows 10, version 1809, or Windows 11. Also, the device uses [Virtualization-based Security](/windows-hardware/design/device-experiences/oem-vbs) features such as [Device Guard and Credential Guard](/windows-hardware/drivers/bringup/device-guard-and-credential-guard). Every time that you start the device, the device enters BitLocker Recovery mode and you see error code 0xc0210000, and a message that resembles the following.
 
 > Recovery
 > 
@@ -282,7 +282,7 @@ You have a device that uses TPM 1.2 and runs Windows 10, version 1809. Also, the
 
 TPM 1.2 does not support Secure Launch. For more information, see [System Guard Secure Launch and SMM protection: Requirements Met by System Guard Enabled Machines](../../threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md)
 
-For more information about this technology, see [Windows Defender System Guard: How a hardware-based root of trust helps protect Windows 10](../../threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md)
+For more information about this technology, see [Windows Defender System Guard: How a hardware-based root of trust helps protect Windows](../../threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md)
 
 ### Resolution
 
diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md
index 8f914dd05c..6f05c69982 100644
--- a/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md
+++ b/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md
@@ -66,7 +66,7 @@ To resolve this issue, follow these steps to troubleshoot the TPM:
 
 ## TPM 1.2 Error: Loading the management console failed. The device that is required by the cryptographic provider is not ready for use
 
-You have a Windows 10 version 1703-based computer that uses TPM version 1.2. When you try to open the TPM management console, you receive a message that resembles the following:
+You have a Windows 11 or Windows 10 version 1703-based computer that uses TPM version 1.2. When you try to open the TPM management console, you receive a message that resembles the following:
 
 > Loading the management console failed. The device that is required by the cryptographic provider is not ready for use.  
 > HRESULT 0x800900300x80090030 - NTE\_DEVICE\_NOT\_READY  
@@ -103,8 +103,8 @@ This issue may occur when the Windows operating system is not the owner of the T
 |Message |Reason | Resolution|
 | - | - | - |
 |NTE\_BAD\_KEYSET (0x80090016/-2146893802) |TPM operation failed or was invalid |This issue was probably caused by a corrupted sysprep image. Make sure that you create the sysprep image by using a computer that is not joined to or registered in Azure AD or hybrid Azure AD. |
-|TPM\_E\_PCP\_INTERNAL\_ERROR (0x80290407/-2144795641) |Generic TPM error. |If the device returns this error, disable its TPM. Windows 10, version 1809 and later versions automatically detect TPM failures and finish the hybrid Azure AD join without using the TPM. |
-|TPM\_E\_NOTFIPS (0x80280036/-2144862154) |The FIPS mode of the TPM is currently not supported. |If the device gives this error, disable its TPM. Windows 10, version 1809 and later versions automatically detect TPM failures and finish the hybrid Azure AD join without using the TPM. |
+|TPM\_E\_PCP\_INTERNAL\_ERROR (0x80290407/-2144795641) |Generic TPM error. |If the device returns this error, disable its TPM. Windows 10, version 1809 and later versions, or Windows 11 automatically detect TPM failures and finish the hybrid Azure AD join without using the TPM. |
+|TPM\_E\_NOTFIPS (0x80280036/-2144862154) |The FIPS mode of the TPM is currently not supported. |If the device gives this error, disable its TPM. Windows 10, version 1809 and later versions, or Windows 11 automatically detect TPM failures and finish the hybrid Azure AD join without using the TPM. |
 |NTE\_AUTHENTICATION\_IGNORED (0x80090031/-2146893775) |The TPM is locked out. |This error is transient. Wait for the cooldown period, and then retry the join operation. |
 
 For more information about TPM issues, see the following articles:

From 8fa4270748c2aed4cbbe2ea46134c35adede2222 Mon Sep 17 00:00:00 2001
From: Benzy Dharmanayagam <v-benzyd@microsoft.com>
Date: Tue, 24 Aug 2021 22:45:46 +0530
Subject: [PATCH 042/671] Fixed suggestion

---
 ...ur-organization-for-bitlocker-planning-and-policies.md | 8 ++++----
 .../bitlocker/ts-bitlocker-cannot-encrypt-issues.md       | 2 +-
 .../bitlocker/ts-bitlocker-intune-issues.md               | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md b/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
index 27cd120572..8a15267bc2 100644
--- a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
+++ b/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
@@ -62,7 +62,7 @@ On computers that do not have a TPM version 1.2 or higher, you can still use Bi
 | TPM | A hardware device used to help establish a secure root-of-trust. BitLocker only supports TPM version 1.2 or higher.|
 | PIN | A user-entered numeric key protector that can only be used in addition to the TPM.|
 | Enhanced PIN | A user-entered alphanumeric key protector that can only be used in addition to the TPM.|
-| Startup key | An encryption key that can be stored on most removable media. This key protector can be used alone on non-TPM computers, or in conjunction with a TPM for added security.|
+| Startup key | An encryption key that can be stored on most removable media. This key protector can be used alone on non-TPM computers, or with a TPM for added security.|
 | Recovery password | A 48-digit number used to unlock a volume when it is in recovery mode. Numbers can often be typed on a regular keyboard, if the numbers on the normal keyboard are not responding you can always use the function keys (F1-F10) to input the numbers.|
 | Recovery key| An encryption key stored on removable media that can be used for recovering data encrypted on a BitLocker volume.|
 
@@ -88,7 +88,7 @@ However, TPM-only authentication method offers the lowest level of data protecti
 
 **What areas of your organization need a more secure level of data protection?**
 
-If there are areas of your organization where data residing on user computers is considered highly-sensitive, consider the best practice of deploying BitLocker with multifactor authentication on those systems. Requiring the user to input a PIN significantly increases the level of protection for the system. You can also use BitLocker Network Unlock to allow these computers to automatically unlock when connected to a trusted wired network that can provide the Network Unlock key.
+If there are areas of your organization where data residing on user computers is considered highly sensitive, consider the best practice of deploying BitLocker with multifactor authentication on those systems. Requiring the user to input a PIN significantly increases the level of protection for the system. You can also use BitLocker Network Unlock to allow these computers to automatically unlock when connected to a trusted wired network that can provide the Network Unlock key.
 
 **What multifactor authentication method does your organization prefer?**
 
@@ -127,7 +127,7 @@ Test your individual hardware platforms with the BitLocker system check option w
 To function correctly, BitLocker requires a specific disk configuration. BitLocker requires two partitions that meet the following requirements:
 
 - The operating system partition contains the operating system and its support files; it must be formatted with the NTFS file system
-- The system partition (or boot partition) contains the files that are needed to load Windows after the BIOS or UEFI firware has prepared the system hardware. BitLocker is not enabled on this partition. For BitLocker to work, the system partition must not be encrypted and must be on a different partition than the operating system. On UEFI platforms the system partition must be formatted with the FAT 32 file system. On BIOS platforms the system partition must be formatted with the NTFS file system. It should be at least 350 MB in size
+- The system partition (or boot partition) contains the files that are needed to load Windows after the BIOS or UEFI firmware has prepared the system hardware. BitLocker is not enabled on this partition. For BitLocker to work, the system partition must not be encrypted and must be on a different partition than the operating system. On UEFI platforms, the system partition must be formatted with the FAT 32 file system. On BIOS platforms the system partition must be formatted with the NTFS file system. It should be at least 350 MB in size
 
 Windows setup will automatically configure the disk drives of your computer to support BitLocker encryption.
 
@@ -139,7 +139,7 @@ Windows RE can also be used from boot media other than the local hard disk. If y
 
 In Windows Vista and Windows 7, BitLocker was provisioned post installation for system and data volumes through either the manage-bde command line interface or the Control Panel user interface. With newer operating systems, BitLocker can be easily provisioned before the operating system is installed. Preprovisioning requires that the computer have a TPM.
 
-To check the BitLocker status of a particular volume, administrators can look at the status of the drive in the BitLocker control panel applet or Windows Explorer. A status of "Waiting For Activation" with a yellow exclamation icon means that the drive was preprovisioned for BitLocker. This status means that there was only a clear protector used when encrypting the volume. In this case, the volume is not protected and needs to have a secure key added to the volume before the drive is considered fully protected. Administrators can use the control panel options, manage-bde tool or WMI APIs to add an appropriate key protector and the volume status will be updated.
+To check the BitLocker status of a particular volume, administrators can look at the status of the drive in the BitLocker control panel applet or Windows Explorer. A status of "Waiting For Activation" with a yellow exclamation icon means that the drive was preprovisioned for BitLocker. This status means that there was only a clear protector used when encrypting the volume. In this case, the volume is not protected and needs to have a secure key added to the volume before the drive is considered fully protected. Administrators can use the control panel options, manage-bde tool, or WMI APIs to add an appropriate key protector and the volume status will be updated.
 
 When using the control panel options, administrators can choose to **Turn on BitLocker** and follow the steps in the wizard to add a protector, such as a PIN for an operating system volume (or a password if no TPM exists), or a password or smart card protector to a data volume. Then the drive security window is presented prior to changing the volume status.
 
diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md
index 7766f6b14c..1861e5f188 100644
--- a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md
+++ b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md
@@ -80,7 +80,7 @@ To verify that this issue has occurred, follow these steps:
 
    > D:(A;;CCDCLCSWRPWPDTLORCWDWO;;;SY)(A;;CCDCLCSWRPWPDTLORCWDWO;;;BA)(A;;CCLCSWRPLORC;;;BU)(A;;CCLCSWRPLORC;;;AU)S:(AU;FA;CCDCLCSWRPWPDTLOSDRCWDWO;;;WD)
 
-1. Copy this output, and use it as part of the [**ConvertFrom-SddlString**](/powershell/module/microsoft.powershell.utility/convertfrom-sddlstring?view=powershell-6) command in the PowerShell window, as follows.
+1. Copy this output, and use it as part of the [**ConvertFrom-SddlString**](/powershell/module/microsoft.powershell.utility/convertfrom-sddlstring) command in the PowerShell window, as follows.
 
    ![Output of the ConvertFrom-SddlString command, showing NT AUTHORITY\\INTERACTIVE](./images/ts-bitlocker-usb-sddl.png)
 
diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md
index 85fd424c68..4234def6cf 100644
--- a/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md
+++ b/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md
@@ -209,7 +209,7 @@ To verify the Secure Boot state, use the System Information app. To do this, fol
    ![System Information app, showing a unsupported Secure Boot State](./images/4509202-en-1.png)
 
 > [!NOTE]
-> You can also use the [Confirm-SecureBootUEFI](/powershell/module/secureboot/confirm-securebootuefi?view=win10-ps) cmdlet to verify the Secure Boot state. To do this, open an elevated PowerShell window and run the following command:
+> You can also use the [Confirm-SecureBootUEFI](/powershell/module/secureboot/confirm-securebootuefi) cmdlet to verify the Secure Boot state. To do this, open an elevated PowerShell window and run the following command:
 > ```ps
 > PS C:\> Confirm-SecureBootUEFI
 > ```

From a3369733d619fe6cdd8089bcc99b6bc579da9a74 Mon Sep 17 00:00:00 2001
From: v-dihans <v-dihans@microsoft.com>
Date: Tue, 24 Aug 2021 20:03:56 -0600
Subject: [PATCH 043/671] dh-ep-various

---
 .../demonstrate-deployment-on-vm.md           | 60 +++++++++----------
 1 file changed, 30 insertions(+), 30 deletions(-)

diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
index 0c231195de..476b544dc0 100644
--- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
+++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
@@ -733,7 +733,7 @@ Uninstall:  msiexec /x "{F188A506-C3C6-4411-BE3A-DA5BF1EA6737}" /q
 
 ![Add app step 5](images/app06.png)
 
-Simply using an install command like "notepad++.exe /S" will not actually install Notepad++; it will only launch the app.  To actually install the program, we need to use the .msi file instead.  Notepad++ doesn't actually have a .msi version of their program, but we got a .msi version from a [third party provider](https://www.hass.de/content/notepad-msi-package-enterprise-deployment-available).
+Simply using an install command like "notepad++.exe /S" doesn't actually install Notepad++; it only launches the app.  To install the program, you need to use the .msi file instead. Notepad++ doesn't have a .msi version of their program, but there's a .msi version from a [third party provider](https://www.hass.de/content/notepad-msi-package-enterprise-deployment-available).
 
 Select **OK** to save your input and activate the **Requirements** blade.
 
@@ -742,12 +742,12 @@ On the **Requirements Configuration** blade, specify the **OS architecture** and
 > [!div class="mx-imgBorder"]
 > ![Add app step 6](images/app07.png)
 
-Next, configure the **Detection rules**.  For our purposes, we will select manual format:
+Next, configure the **Detection rules**.  For the purpose of this lab, select manual format:
 
 > [!div class="mx-imgBorder"]
 > ![Add app step 7](images/app08.png)
 
-Select **Add** to define the rule properties.  For **Rule type**, select **MSI**, which will automatically import the right MSI product code into the rule:
+Select **Add** to define the rule properties.  For **Rule type**, select **MSI**, which automatically imports the correct MSI product code into the rule:
 
 ![Add app step 8](images/app09.png)
 
@@ -760,16 +760,16 @@ Select **OK** twice to save, as you back out to the main **Add app** blade again
 
 Select **OK** to exit.
 
-You may skip configuring the final **Scope (Tags)** blade.
+You can skip configuring the final **Scope (Tags)** blade.
 
 Select the **Add** button to finalize and save your app package.
 
-Once the indicator message says the addition has completed.
+Wait for indicator message that says the addition has completed.
 
 > [!div class="mx-imgBorder"]
 > ![Add app step 10](images/app11.png)
 
-You will be able to find your app in your app list:
+Find your app in your app list:
 
 > [!div class="mx-imgBorder"]
 > ![Add app step 11](images/app12.png)
@@ -777,16 +777,16 @@ You will be able to find your app in your app list:
 #### Assign the app to your Intune profile
 
 > [!NOTE]
-> The following steps only work if you previously [created a GROUP in Intune and assigned a profile to it](#create-a-device-group).  If you have not done that, please return to the main part of the lab and complete those steps before returning here.
+> The following steps only work if you previously [created a GROUP in Intune and assigned a profile to it](#create-a-device-group).  If you haven't done that, return to the main part of the lab and complete those steps before returning here.
 
 In the **Intune > Client Apps > Apps** pane, select the app package you already created to reveal its properties blade.  Then select **Assignments** from the menu:
 
 > [!div class="mx-imgBorder"]
 > ![Assign app step 1](images/app13.png)
 
-Select **Add Group** to open the **Add group** pane that is related to the app.
+Select **Add Group** to open the **Add group** pane that's related to the app.
 
-For our purposes, select **Required** from the **Assignment type** dropdown menu.
+For the purpose of this lab, select **Required** from the **Assignment type** dropdown menu.
 
 > [!NOTE]
 > **Available for enrolled devices** means users install the app from the Company Portal app or Company Portal website.
@@ -817,7 +817,7 @@ For more information on adding apps to Intune, see [Intune Standalone - Win32 ap
 
 #### Create app in Intune
 
-Log into the Azure portal and select **Intune**.
+Log in to the Azure portal and select **Intune**.
 
 Go to **Intune > Clients apps > Apps**, and then select the **Add** button to create a new app package.
 
@@ -827,14 +827,14 @@ Under **App Type**, select **Office 365 Suite > Windows 10**:
 
 ![Create app step 2](images/app18.png)
 
-Under the **Configure App Suite** pane, select the Office apps you want to install.  For the purposes of this lab we have only selected Excel:
+Under the **Configure App Suite** pane, select the Office apps you want to install.  For the purposes of this lab, only select Excel:
 
 > [!div class="mx-imgBorder"]
 > ![Create app step 3](images/app19.png)
 
 Select **OK**.
 
-In the **App Suite Information** pane, enter a <i>unique</i> suite name, and a suitable description.
+In the **App Suite Information** pane, enter a *unique* suite name, and a suitable description.
 
 Enter the name of the app suite as it's displayed in the company portal. Make sure that all suite names that you use are unique. If the same app suite name exists twice, only one of the apps is displayed to users in the company portal.
 
@@ -843,7 +843,7 @@ Enter the name of the app suite as it's displayed in the company portal. Make su
 
 Select **OK**.
 
-In the **App Suite Settings** pane, select **Monthly** for the **Update channel** (any selection would be fine for the purposes of this lab).  Also select **Yes** for **Automatically accept the app end user license agreement**:
+In the **App Suite Settings** pane, select **Monthly** for the **Update channel** (any selection is okay for the purposes of this lab).  Also select **Yes** for **Automatically accept the app end user license agreement**:
 
 ![Create app step 5](images/app21.png)
 
@@ -852,14 +852,14 @@ Select **OK** and, then select **Add**.
 #### Assign the app to your Intune profile
 
 > [!NOTE]
-> The following steps only work if you previously [created a GROUP in Intune and assigned a profile to it](#create-a-device-group).  If you have not done that, please return to the main part of the lab and complete those steps before returning here.
+> The following steps only work if you previously [created a GROUP in Intune and assigned a profile to it](#create-a-device-group).  If you haven't done that, return to the main part of the lab and complete those steps before returning here.
 
 In the **Intune > Client Apps > Apps** pane, select the Office package you already created to reveal its properties blade.  Then select **Assignments** from the menu:
 
 > [!div class="mx-imgBorder"]
 > ![Create app step 6](images/app22.png)
 
-Select **Add Group** to open the **Add group** pane that is related to the app.
+Select **Add Group** to open the **Add group** pane that's related to the app.
 
 For our purposes, select **Required** from the **Assignment type** dropdown menu.
 
@@ -886,23 +886,23 @@ At this point, you have completed steps to add Office to Intune.
 
 For more information on adding Office apps to Intune, see [Assign Office 365 apps to Windows 10 devices with Microsoft Intune](/intune/apps-add-office365).
 
-If you installed both the win32 app (Notepad++) and Office (just Excel) per the instructions in this lab, your VM will show them in the apps list, although it could take several minutes to populate:
+If you installed both the win32 app (Notepad++) and Office (just Excel) per the instructions in this lab, your VM will show them in the apps list. It might take several minutes to populate.
 
 ![Create app step 10](images/app26.png)
 
 ## Glossary
 
-<table border="1">
-<tr><td>OEM</td><td>Original Equipment Manufacturer</td></tr>
-<tr><td>CSV</td><td>Comma Separated Values</td></tr>
-<tr><td>MPC</td><td>Microsoft Partner Center</td></tr>
-<tr><td>CSP</td><td>Cloud Solution Provider</td></tr>
-<tr><td>MSfB</td><td>Microsoft Store for Business</td></tr>
-<tr><td>AAD</td><td>Azure Active Directory</td></tr>
-<tr><td>4K HH</td><td>4K Hardware Hash</td></tr>
-<tr><td>CBR</td><td>Computer Build Report</td></tr>
-<tr><td>EC</td><td>Enterprise Commerce (server)</td></tr>
-<tr><td>DDS</td><td>Device Directory Service</td></tr>
-<tr><td>OOBE</td><td>Out of the Box Experience</td></tr>
-<tr><td>VM</td><td>Virtual Machine</td></tr>
-</table>
\ No newline at end of file
+|    | Description |
+|:---|:---|
+|**OEM** | Original Equipment Manufacturer |
+|**CSV** | Comma Separated Values |
+|**MPC** | Microsoft Partner Center |
+|**CSP** | Cloud Solution Provider |
+|**MSfB** | Microsoft Store for Business |
+|**Azure AD** | Azure Active Directory |
+|**4K HH** | 4K Hardware Hash |
+|**CBR** | Computer Build Report |
+|**EC** | Enterprise Commerce (server) |
+|**DDS** | Device Directory Service |
+|**OOBE** | Out of the Box Experience |
+|**VM** |Virtual Machine |

From 6b0616f71f6d79769a0b54b135aec3d139b867a0 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Wed, 25 Aug 2021 11:34:51 +0530
Subject: [PATCH 044/671] Updated

---
 images/no.png                                 | Bin 0 -> 874 bytes
 images/yes.png                                | Bin 0 -> 614 bytes
 includes/appliesto-2013-2016-2019-xxx-md.md   |   1 +
 .../appliesto-xxx-2016-2019-SUB-xxx-md.md     |   1 +
 .../mdm/policy-csp-abovelock.md               |  20 ++++++++----------
 5 files changed, 11 insertions(+), 11 deletions(-)
 create mode 100644 images/no.png
 create mode 100644 images/yes.png
 create mode 100644 includes/appliesto-2013-2016-2019-xxx-md.md
 create mode 100644 includes/appliesto-xxx-2016-2019-SUB-xxx-md.md

diff --git a/images/no.png b/images/no.png
new file mode 100644
index 0000000000000000000000000000000000000000..1aa084e6a3326f74e77306adc0bab27e6225b291
GIT binary patch
literal 874
zcmV-w1C{)VP)<h;3K|Lk000e1NJLTq0012T000pP1^@s6AyKDv00004b3#c}2nYxW
zd<bNS00009a7bBm000fw000fw0YWI7cmMzZ8FWQhbW?9;ba!ELWdL_~cP?peYja~^
zaAhuUa%Y?FJQ@H10_RCYK~y-6ot5iLQ*ju_zh|E9?95E3d1I)gk(Oj=7d1pH3N5e~
z_9i6grGJ5MBKiaLl?CNO6bh##T6xJXQzx{cc+E*|+ANLmwySeHyPjV!Wa`$m%?A#g
z@56b%pY!|u9-bdX2*FXJQLd21vf}b%v67o&MkI54ye6m1HL_)QsOsx#7Z0nYqJ=if
z70ijmgr_Gn(r@QxXQU@5N(D3>1D+=^TCDiFvbv#PS{_?BS{~Hb)mp=v5JDn;p0srp
zDBgaW-85T$<dE2QI7#=QO5f7icPE@r#K4B;cDAGU^PJz$AI1xc{vq|RhURuzsFxtp
zZB0&0cwSjvoG%bi0DyV@62cvg&ae!R*9QQ&QFbXSEjdXM`b|X8M!6y{Hz)I!G(JuM
z0K=MT464S^KdcD?Pib}NQ>xMZegr&Ez=(t>Ey}+rZ+~|$YN#|mt~xI#D<z;$Wyv6<
zY3P0|qi;wJo+p^n>M*RC1^}GS&Ol&CvNL58mSw8<`_Yj=Sus;0jgQ;anX**WR8^qo
z!zlEI6<DlxY?v$nfa_O^aN%6u-l_x?Vp*{)>Xk~wOloK@0FDs|c7az*3xk0BemZ5p
zjtJ`U`t0HIYnvwcd45-~uA9K~|2CI5q&^}j=W^>fmpdpo@%1}K$7cZm1$j9T(lqo-
zD;NlAE&y;ixwWXF)~)TqKWm$=fS#PwK{Yl50H`P_L}f)WYN{%Bn#-^p1h&}h;M|_6
zsG(k;PdPsOP3!af0RW6h2#TU`t+WW2&z}LXcg8}R1|t%IqISA>L^Hi$wr({A8Advh
znp(TgD!)wp4on-P*&22V8O^rc_nG+x>kCEi-6M}dLI~Pk4?I*)YBzZP|D#Z=GuU2s
z54MK$i3&;x!LwIAWgWdrt;u5Zhl6c9IP&J>=weG}-~EF;qQ2Sypi!<6CnX$zBw@ux
zu@W{-!ZJym%VTqLt~Ce8Ef~$V$Mto!=7Z}00)LUfCpD&o@&Et;07*qoM6N<$f~ppT
Awg3PC

literal 0
HcmV?d00001

diff --git a/images/yes.png b/images/yes.png
new file mode 100644
index 0000000000000000000000000000000000000000..d2285c5c46cfb8c983a2a725f4ff13e241a5f319
GIT binary patch
literal 614
zcmV-s0-61ZP)<h;3K|Lk000e1NJLTq0012T000pP1^@s6AyKDv00004b3#c}2nYxW
zd<bNS00009a7bBm000fw000fw0YWI7cmMzZ8FWQhbW?9;ba!ELWdL_~cP?peYja~^
zaAhuUa%Y?FJQ@H10pm$TK~y-6rIpP~R8bs;pEF&ZX@=3h+|(rHBFsK*Zj=i*!rkOf
zh=j<*8G;Cxt~>Mxgdo$d#k7bF$_Of$yBR1%&{?RX(S-St3z34+VrXLUxEO`o(2VC^
z&+dKC``+ikIsC3rO5tTmTbu{3118W0ECLx|N?K~XR#&)%N?U}1$3VPBECs}*rB?S1
zmA1GByabvx;(1^|T58NQRNA5u$N~}VQ$hi_EG_lbY5H7zU_=M#69$IQzbk`4QrhBx
zYpAqE6u6_4?QTsFyE=~F2=7`QK(A})PI1q5<wT5V<R1Ay%M?q$s`hoErc;FKn>ZRg
z^H1P-gUOB71V0No-put^_M={)ZBB8!{R91Gn!^WM00`C{<JP6uY^f5X(>)YRo0a`@
zUZ9IkkzRO6sJ@B5s7*s4!p)1LGzL!cc0SJf@3}quy3mYM<bJ$kEPIzjfm1x_nCJA7
zE+$rn$*#T7>gz(MDvjB-=e++ih~EgalK(_1H>BM+G@)tWBhcwIC%->I;N$c9E4Ear
zT6YO}<}}<)q!wTX2x%S^KmlFSQfa5DJ&~lPz5(}vzb=4}DuLkbFLMD%0_`<otCWYm
z{l87u&>e6c&_{XFn7~=ecbB33Xr4+-ZB*-T1Bh3d_?=3=T>t<807*qoM6N<$f|?{1
AbN~PV

literal 0
HcmV?d00001

diff --git a/includes/appliesto-2013-2016-2019-xxx-md.md b/includes/appliesto-2013-2016-2019-xxx-md.md
new file mode 100644
index 0000000000..9a496e3070
--- /dev/null
+++ b/includes/appliesto-2013-2016-2019-xxx-md.md
@@ -0,0 +1 @@
+<Token>**APPLIES TO:** ![yes](../media/yes.png)2013 ![yes](../media/yes.png)2016 ![yes](../media/yes.png)2019 ![no](../media/no.png)SharePoint in Microsoft 365</Token>
diff --git a/includes/appliesto-xxx-2016-2019-SUB-xxx-md.md b/includes/appliesto-xxx-2016-2019-SUB-xxx-md.md
new file mode 100644
index 0000000000..a97c23d538
--- /dev/null
+++ b/includes/appliesto-xxx-2016-2019-SUB-xxx-md.md
@@ -0,0 +1 @@
+<Token>**APPLIES TO:** ![no-img-13](../media/no.png)2013 ![yes-img-16](../media/yes.png)2016 ![yes-img-19](../media/yes.png)2019 ![yes-img-se](../media/yes.png)Subscription Edition ![no-img-sop](../media/no.png)SharePoint in Microsoft 365</Token>
diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md
index 23c1bb8142..b1bc434f3a 100644
--- a/windows/client-management/mdm/policy-csp-abovelock.md
+++ b/windows/client-management/mdm/policy-csp-abovelock.md
@@ -14,6 +14,7 @@ manager: dansimp
 
 # Policy CSP - AboveLock
 
+[!INCLUDE[appliesto-xxx-xxx-xxx-SUB-xxx-md](../includes/appliesto-xxx-xxx-xxx-SUB-xxx-md.md)]
 
 
 <hr/>
@@ -40,29 +41,26 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td><td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes, starting in Windows 10, version 1903</td><td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes, starting in Windows 10, version 1909</td><td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
+    <td>Yes, starting in Windows 10, version 2004</td><td>Yes</td>
+
 </table>
 
 <!--/SupportedSKUs-->

From c9e3804d059d509595f8ed4171d75aceb825c502 Mon Sep 17 00:00:00 2001
From: v-dihans <v-dihans@microsoft.com>
Date: Wed, 25 Aug 2021 15:50:17 -0600
Subject: [PATCH 045/671] dh-removing we

---
 .../demonstrate-deployment-on-vm.md           | 108 +++++++++---------
 1 file changed, 54 insertions(+), 54 deletions(-)

diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
index 476b544dc0..dedf8c406a 100644
--- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
+++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
@@ -31,7 +31,7 @@ In this topic, you'll learn how to set up a Windows Autopilot deployment for a V
 
 > [!NOTE]
 > Although there are [multiple platforms](/mem/autopilot/add-devices#registering-devices) available to enable Autopilot, this lab primarily uses Intune.
-> 
+>
 > Hyper-V and a VM are not required for this lab. You can use a physical device instead. However, the instructions assume that you're using a VM. To use a physical device, skip the instructions to install Hyper-V and create a VM. All references to 'device' in the guide refer to the client device, either physical or virtual.
 
 The following video provides an overview of the process:
@@ -50,7 +50,7 @@ These are the things you'll need to complete this lab:
 |**Windows 10 installation media**|Windows 10 Professional or Enterprise (ISO file) for a supported version of Windows 10, semi-annual channel. If you do not already have an ISO to use, a link is provided to download an <a href="https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise" data-raw-source="[evaluation version of Windows 10 Enterprise](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise)">evaluation version of Windows 10 Enterprise</a>.|
 |**Internet access**|If you're behind a firewall, see the detailed <a href="/mem/autopilot/software-requirements#networking-requirements" data-raw-source="[networking requirements](/mem/autopilot/software-requirements#networking-requirements)">networking requirements</a>. Otherwise, just ensure that you have a connection to the Internet.|
 |**Hyper-V or a physical device running Windows 10**|The guide assumes that you will use a Hyper-V VM, and provides instructions to install and configure Hyper-V if needed. To use a physical device, skip the steps to install and configure Hyper-V.|
-|**An account with Azure AD Premium license**|This guide will describe how to obtain a free 30-day trial Azure AD Premium subscription that can be used to complete the lab.|
+|**An account with Azure Active Directory (AD) Premium license**|This guide will describe how to obtain a free 30-day trial Azure AD Premium subscription that can be used to complete the lab.|
 
 ## Procedures
 
@@ -134,13 +134,13 @@ To use Windows PowerShell, you need to know two things:
 
 1. The location of the Windows 10 ISO file.
 
-   In the example, we assume the location is **c:\iso\win10-eval.iso**.
+   In the example, the location is **c:\iso\win10-eval.iso**.
 
 2. The name of the network interface that connects to the internet.
 
-   In the example, we use a Windows PowerShell command to determine this automatically.
+   In the example, you'll use a Windows PowerShell command to determine this automatically.
 
-After we have set the ISO file location and determined the name of the appropriate network interface, we can install Windows 10.
+After you determine the ISO file location and the name of the appropriate network interface, you can install Windows 10.
 
 ### Set ISO file location
 
@@ -175,9 +175,9 @@ All VM data will be created under the current path in your PowerShell prompt. Co
 > [!IMPORTANT]
 > **VM switch**: a VM switch is how Hyper-V connects VMs to a network.
 >
->- If you have previously enabled Hyper-V and your Internet-connected network interface is already bound to a VM switch, then the PowerShell commands below will fail. In this case, you can either delete the existing VM switch (so that the commands below can create one), or you can reuse this VM switch by skipping the first command below and either modifying the second command to replace the switch name **AutopilotExternal** with the name of your switch, or by renaming your existing switch to "AutopilotExternal."
+>- If you previously enabled Hyper-V and your Internet-connected network interface is already bound to a VM switch, then the PowerShell commands below will fail. In this case, you can either delete the existing VM switch (so that the commands below can create one), or you can reuse this VM switch by skipping the first command below and either modifying the second command to replace the switch name **AutopilotExternal** with the name of your switch, or by renaming your existing switch to "AutopilotExternal."
 >- If you have never created an external VM switch before, then just run the commands below.
->- If you're not sure if you already have an External VM switch, enter **get-vmswitch** at a Windows PowerShell prompt to display a currently list of the VM switches that are provisioned in Hyper-V. If one of them is of SwitchType **External**, then you already have a VM switch configured on the server that is used to connect to the Internet. In this case, you need to skip the first command below and modify the others to use the name of your VM switch instead of the name "AutopilotExternal" (or change the name of your switch).
+>- If you're not sure if you already have an External VM switch, enter **get-vmswitch** at a Windows PowerShell prompt to display a currently list of the VM switches that are provisioned in Hyper-V. If one of them is of SwitchType **External**, then you already have a VM switch configured on the server that's used to connect to the internet. In this case, you need to skip the first command below and modify the others to use the name of your VM switch instead of the name "AutopilotExternal" (or change the name of your switch).
 
 ```powershell
 New-VMSwitch -Name AutopilotExternal -AllowManagementOS $true -NetAdapterName (Get-NetAdapter |?{$_.Status -eq "Up" -and !$_.Virtual}).Name
@@ -186,7 +186,7 @@ Add-VMDvdDrive -Path c:\iso\win10-eval.iso -VMName WindowsAutopilot
 Start-VM -VMName WindowsAutopilot
 ```
 
-After you enter these commands, connect to the VM that you just created. Double-click the VM in Hyper-V Manager to connect to it. Then wait for a prompt to press a key and boot from the DVD. 
+After you enter these commands, connect to the VM that you just created. Double-click the VM in Hyper-V Manager to connect to it. Then wait for a prompt to press a key and boot from the DVD.
 
 See the sample output below. In this sample, the VM is created under the **c:\autopilot** directory and the **vmconnect.exe** command is used (which is only available on Windows Server). If you installed Hyper-V on Windows 10, use Hyper-V Manager to connect to your VM.
 
@@ -269,7 +269,7 @@ Select the **WindowsAutopilot** VM in Hyper-V Manager and verify that you see **
 ## Capture the hardware ID
 
 > [!NOTE]
-> Normally, the Device ID is captured by the OEM as they run the OA3 Tool on each device in the factory.  The OEM then submits the 4K HH created by the OA3 Tool to Microsoft by submitting it with a Computer Build Report (CBR).  For purposes of this lab, you're acting as the OEM (capturing the 4K HH), but you're not going to use the OA3 Tool to capture the full 4K HH for various reasons (you'd have to install the OA3 tool, your device couldn't have a volume license version of Windows, it's a more complicated process than using a PowerShell script, etc.).  Instead, you'll simulate running the OA3 tool by running a PowerShell script, which captures the device 4K HH just like the OA3 tool.
+> Normally, the Device ID is captured by the OEM as they run the OA3 Tool on each device in the factory. The OEM then submits the 4K HH created by the OA3 Tool to Microsoft by submitting it with a Computer Build Report (CBR). For the purposes of this lab, you're acting as the OEM (capturing the 4K HH), but you're not going to use the OA3 Tool to capture the full 4K HH for various reasons (you'd have to install the OA3 tool, your device couldn't have a volume license version of Windows, it's a more complicated process than using a PowerShell script, etc.).  Instead, you'll simulate running the OA3 tool by running a PowerShell script, which captures the device 4K HH just like the OA3 tool.
 
 Follow these steps to run the PowerShell script:
 
@@ -327,19 +327,19 @@ Follow these steps to run the PowerShell script:
     PS C:\HWID>
     ```
     
-1. Verify that there's an **AutopilotHWID.csv** file in the **c:\HWID** directory that is about 8 KB in size. This file contains the complete 4K HH.
+1. Verify that there's an **AutopilotHWID.csv** file in the **c:\HWID** directory that's about 8 KB in size. This file contains the complete 4K HH.
 
    > [!NOTE]
-   > Although the .csv extension might be associated with Microsoft Excel, you cannot view the file properly by double-clicking it. To correctly parse the comma delimiters and view the file in Excel, you must use the **Data** > **From Text/CSV** function in Excel to import the appropriate data columns. You don't need to view the file in Excel unless you're curious. The file format is validated when it's imported into Autopilot. An example of the data in this file is shown below.
+   > Although the .csv extension might be associated with Microsoft Excel, you cannot view the file properly by double-clicking it. To correctly parse the comma delimiters and view the file in Excel, you must use the **Data** > **From Text/CSV** function in Excel to import the appropriate data columns. You don't need to view the file in Excel unless you're curious. The file format is validated when it's imported into Autopilot. Here's an example of the data in this file:
 
    ![Serial number and hardware hash](images/hwid.png)
 
-   You'll need to upload this data into Intune to register your device for Autopilot. So the next step is to transfer this file to the computer you will use to access the Azure portal.  If you're using a physical device instead of a VM, you can copy the file to a USB stick.  If you’re using a VM, you can right-click the **AutopilotHWID.csv** file and copy it. Then right-click and paste the file to your desktop (outside the VM).
+   You'll need to upload this data into Intune to register your device for Autopilot. So, the next step is to transfer this file to the computer you'll use to access the Azure portal. If you're using a physical device instead of a VM, you can copy the file to a USB drive. If you’re using a VM, you can right-click the **AutopilotHWID.csv** file and copy it. Then right-click and paste the file to your desktop (outside the VM).
 
-   If you have trouble copying and pasting the file, just view the contents in Notepad on the VM and copy the text into Notepad outside the VM. Do not use another text editor to do this.
+   If you have trouble copying and pasting the file, just view the contents in Notepad on the VM, and then copy the text into Notepad outside the VM. Don't use another text editor to do this.
 
    > [!NOTE]
-   > When copying and pasting to or from VMs, avoid clicking other things with your mouse cursor between the copy and paste process as this can empty or overwrite the clipboard and require that you start over. Go directly from copy to paste.
+   > When copying and pasting to or from VMs, avoid selecting other things with your mouse cursor in between the copy and paste process. Doing so can empty or overwrite the clipboard and require that you start over. Go directly from copy to paste.
 
 ## Reset the VM back to Out-Of-Box-Experience (OOBE)
 
@@ -356,13 +356,13 @@ Resetting the VM or device can take a while. Proceed to the next step (verify su
 
 ## Verify subscription level
 
-For this lab, you need an Azure AD Premium subscription.  You can tell if you have a Premium subscription by navigating to the [MDM enrollment configuration](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Mobility) blade. See the following example:
+For this lab, you need an Azure AD Premium subscription. To tell if you have a Premium subscription, go to the [MDM enrollment configuration](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Mobility) blade. See the following example:
 
 **Azure Active Directory** > **Mobility (MDM and MAM)** > **Microsoft Intune**
 
 ![MDM and Intune](images/mdm-intune2.png)
 
-If the configuration blade shown above does not appear, it's likely that you don't have a **Premium** subscription.  Auto-enrollment is a feature only available in Azure Active Directory (Azure AD) Premium.
+If the configuration blade shown above does not appear, it's likely that you don't have a **Premium** subscription.  Auto-enrollment is a feature only available in Azure AD Premium.
 
 To convert your Intune trial account to a free Premium trial account, go to **Azure Active Directory** > **Licenses** > **All products** > **Try / Buy** and select **Free trial** for Azure AD Premium, or EMS E5.
 
@@ -388,7 +388,7 @@ When you're finished, select **Save**.
 
 If you already have MDM auto-enrollment configured in Azure AD, you can skip this step.
 
-Open [Mobility (MDM and MAM) in Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Mobility) and select **Microsoft Intune**. If you do not see Microsoft Intune, select **Add application** and choose **Intune**.
+Open [Mobility (MDM and MAM) in Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Mobility) and select **Microsoft Intune**. If you don't see Microsoft Intune, select **Add application** and choose **Intune**.
 
 For the purposes of this demo, select **All** under the **MDM user scope** and select **Save**.
 
@@ -396,7 +396,7 @@ For the purposes of this demo, select **All** under the **MDM user scope** and s
 
 ## Register your VM
 
-Your VM (or device) can be registered either via Intune or Microsoft Store for Business (MSfB).  Both processes are shown here, but *only pick one* for purposes of this lab. We highly recommend using Intune rather than MSfB.
+Your VM (or device) can be registered either via Intune or Microsoft Store for Business (MSfB).  Both processes are shown here, but *only pick one* for the purposes of this lab. It's highly recommend to use Intune rather than MSfB.
 
 ### Autopilot registration using Intune
 
@@ -405,9 +405,9 @@ Your VM (or device) can be registered either via Intune or Microsoft Store for B
     ![Intune device import](images/enroll1.png)
 
     > [!NOTE]
-    > If menu items like **Windows enrollment** are not active for you, then look to the far-right blade in the UI.  You might need to provide Intune configuration privileges in a challenge window that appears.
+    > If menu items like **Windows enrollment** aren't active for you, look to the far-right blade in the UI. You might need to provide Intune configuration privileges in a challenge window that appears.
 
-2. Under **Add Windows Autopilot devices** in the far-right pane, browse to the **AutopilotHWID.csv** file you previously copied to your local computer.  The file should contain the serial number and 4K HH of your VM (or device).  It's okay if other fields (Windows Product ID) are left blank.
+2. Under **Add Windows Autopilot devices** in the far-right pane, go to the **AutopilotHWID.csv** file you previously copied to your local computer. The file should contain the serial number and 4K HH of your VM (or device). It's okay if other fields (Windows Product ID) are left blank.
 
     ![HWID CSV](images/enroll2.png)
 
@@ -430,22 +430,22 @@ Optional: see the following video for an overview of the process.
 
 > [!video https://www.youtube.com/embed/IpLIZU_j7Z0]
 
-First, you need a MSfB account.  You can use the same one you created above for Intune, or follow [these instructions](/microsoft-store/windows-store-for-business-overview) to create a new one.
+First, you need a MSfB account. You can use the same one you created above for Intune, or follow [these instructions](/microsoft-store/windows-store-for-business-overview) to create a new one.
 
-Next, sign in to [Microsoft Store for Business](https://businessstore.microsoft.com/en-us/store) using your test account by clicking **Sign in** on the upper-right-corner of the main page.
+Next, to sign in to [Microsoft Store for Business](https://businessstore.microsoft.com/en-us/store) with your test account,  select **Sign in** on the upper-right-corner of the main page.
 
-Select **Manage** from the top menu, then click the **Windows Autopilot Deployment Program** link under the **Devices** card. See the following example:
+Select **Manage** from the top menu, then select the **Windows Autopilot Deployment Program** link under the **Devices** card. See the following example:
 
 ![Microsoft Store for Business](images/msfb.png)
 
-Select the **Add devices** link to upload your CSV file. A message appears indicating your request is being processed. Wait a few moments before refreshing to see that your new device is added.
+Select the **Add devices** link to upload your CSV file. A message appears that indicates your request is being processed. Wait a few moments before refreshing to see that your new device is added.
 
 ![Microsoft Store for Business Devices](images/msfb-device.png)
 
 ## Create and assign a Windows Autopilot deployment profile
 
 > [!IMPORTANT]
-> Autopilot profiles can be created and assigned to your registered VM or device either through Intune or MSfB.  Both processes are shown here, but only *pick one for purposes of this lab*:
+> Autopilot profiles can be created and assigned to your registered VM or device either through Intune or MSfB. Both processes are shown here, but only *pick one for the purposes of this lab*:
 
 Pick one:
 - [Create profiles using Intune](#create-a-windows-autopilot-deployment-profile-using-intune)
@@ -460,7 +460,7 @@ Pick one:
 
 #### Create a device group
 
-The Autopilot deployment profile wizard asks for a device group, so we must create one first. To create a device group:
+The Autopilot deployment profile wizard asks for a device group, so you must create one first. To create a device group:
 
 1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), choose **Groups** > **New group**.
 
@@ -531,7 +531,7 @@ Select **OK**, and then select **Create**.
 
 ### Create a Windows Autopilot deployment profile using MSfB
 
-If already created and assigned a profile via Intune by using the steps immediately above, then skip this section.
+If you already created and assigned a profile via Intune with the steps immediately above, then skip this section.
 
 A [video](https://www.youtube.com/watch?v=IpLIZU_j7Z0) is available that covers the steps required to create and assign profiles in MSfB. These steps are also summarized below.
 
@@ -569,17 +569,17 @@ To assign (or reassign) the profile to a device, select the checkboxes next to t
 > [!div class="mx-imgBorder"]
 > ![MSfB assign step 1](images/msfb-assign1.png)
 
-Confirm the profile was successfully assigned to the intended device, check the contents of the **Profile** column:
+To confirm the profile was successfully assigned to the intended device, check the contents of the **Profile** column:
 
 > [!div class="mx-imgBorder"]
 > ![MSfB assign step 2](images/msfb-assign2.png)
 
 > [!IMPORTANT]
-> The new profile is only applied if the device isn't started, and gone through OOBE. Settings from a different profile can't be applied when another profile has been applied. Windows would need to be reinstalled on the device for the second profile to be applied to the device.
+> The new profile is only applied if the device hasn't started and gone through OOBE. Settings from a different profile can't be applied when another profile has been applied. Windows would need to be reinstalled on the device for the second profile to be applied to the device.
 
 ## See Windows Autopilot in action
 
-If you shut down your VM after the last reset, it's time to start it back up again, so it can progress through the Autopilot OOBE experience. However, don't attempt to start your device again until the **PROFILE STATUS** for your device in Intune is changed from **Not assigned** to **Assigning**, and finally to **Assigned**:
+If you shut down your VM after the last reset, it's time to start it back up again so it can progress through the Autopilot OOBE experience. However, don't attempt to start your device again until the **PROFILE STATUS** for your device in Intune is changed from **Not assigned** to **Assigning**, and finally to **Assigned**:
 
 > [!div class="mx-imgBorder"]
 > ![Device status](images/device-status.png)
@@ -587,15 +587,15 @@ If you shut down your VM after the last reset, it's time to start it back up aga
 Also, make sure to wait at least 30 minutes from the time you've [configured company branding](#configure-company-branding). Otherwise, these changes might not show up.
 
 > [!TIP]
-> If you reset your device previously, after collecting the 4K HH info, and then let it restart back to the first OOBE screen, then you might need to restart the device again to ensure the device is recognized as an Autopilot device and displays the Autopilot OOBE experience you're expecting. If you don't see the Autopilot OOBE experience, then reset the device again (**Settings** > **Update & Security** > **Recovery** and select **Get started**.  Under **Reset this PC**, select **Remove everything and Just remove my files**. Select **Reset**).
+> If you reset your device previously, after collecting the 4K HH info, let it restart back to the first OOBE screen. Then you might need to restart the device again to make sure the device is recognized as an Autopilot device and displays the Autopilot OOBE experience you're expecting. If you don't see the Autopilot OOBE experience, then reset the device again (**Settings** > **Update & Security** > **Recovery** and select **Get started**.  Under **Reset this PC**, select **Remove everything and Just remove my files**. Select **Reset**).
 
-- Ensure your device has an internet connection.
-- Turn on the device
-- Verify that the appropriate OOBE screens (with appropriate Company Branding) appear.  You should see the region selection screen, the keyboard selection screen, and the second keyboard selection screen (which you can skip).
+1. Make sure your device has an internet connection.
+1. Turn on the device.
+1. Verify that the appropriate OOBE screens (with appropriate Company Branding) appear. You should see the region selection screen, the keyboard selection screen, and the second keyboard selection screen (which you can skip).
 
 ![OOBE sign-in page](images/autopilot-oobe.png)
 
-Soon after reaching the desktop, the device should show up in Intune as an **enabled** Autopilot device.  Go into the Intune Azure portal, and select **Devices > All devices**. Then, **Refresh** the data to verify that your device has changed from disabled to enabled, and the name of the device is updated.
+Soon after reaching the desktop, the device should show up in Intune as an **enabled** Autopilot device. Go into the Intune Azure portal, and select **Devices > All devices**. Then, **Refresh** the data to verify that your device has changed from disabled to enabled, and the name of the device is updated.
 
 > [!div class="mx-imgBorder"]
 > ![Device enabled](images/devices1.png)
@@ -620,17 +620,17 @@ You need to delete (or retire, or factory reset) the device from Intune before d
 
 This action removes the device from Intune management, and it will disappear from **Intune > Devices > All devices**. But this does not yet deregister the device from Autopilot. So, the device should still appear under **Intune > Device Enrollment > Windows Enrollment > Windows Autopilot Deployment Program > Devices**.
 
-The **Intune > Devices > All Devices** list and the **Intune > Device Enrollment > Windows Enrollment > Windows Autopilot Deployment Program > Devices** list mean different things and are two completely separate datastores.  The former (All devices) is the list of devices currently enrolled into Intune.
+The **Intune > Devices > All Devices** list and the **Intune > Device Enrollment > Windows Enrollment > Windows Autopilot Deployment Program > Devices** list mean different things and are two completely separate datastores. The former (All devices) is the list of devices currently enrolled into Intune.
 
 > [!NOTE]
-> A device only appears in the All devices list once it has booted.  The latter (**Windows Autopilot Deployment Program** > **Devices**) is the list of devices currently registered from that Intune account into the Autopilot program - which may or may not be enrolled to Intune.
+> A device only appears in the **All devices** list once it has booted. The latter (**Windows Autopilot Deployment Program** > **Devices**) is the list of devices currently registered from that Intune account into the Autopilot program - which may or may not be enrolled to Intune.
 
-To remove the device from the Autopilot program, select the device, and then select **Delete**. A popup dialog box appears to confirm deletion.
+To remove the device from the Autopilot program, select the device, and then select **Delete**. A pop-up dialog box appears to confirm deletion.
 
 > [!div class="mx-imgBorder"]
 > ![Delete device](images/delete-device2.png)
 
-At this point, your device is unenrolled from Intune and also deregistered from Autopilot.  After several minutes, select the **Sync** button, followed by the **Refresh** button to confirm the device is no longer listed in the Autopilot program.
+At this point, your device is unenrolled from Intune and also deregistered from Autopilot. After several minutes, select the **Sync** button, followed by the **Refresh** button to confirm the device is no longer listed in the Autopilot program.
 
 Once the device no longer appears, you're free to reuse it for other purposes.
 
@@ -640,7 +640,7 @@ If you also (optionally) want to remove your device from Azure AD, go to **Azure
 
 Starting with Windows 8, the host computer's microprocessor must support second level address translation (SLAT) to install Hyper-V. See [Hyper-V: List of SLAT-Capable CPUs for Hosts](https://social.technet.microsoft.com/wiki/contents/articles/1401.hyper-v-list-of-slat-capable-cpus-for-hosts.aspx) for more information.
 
-To verify your computer supports SLAT, open an administrator command prompt,  type **systeminfo**, press ENTER, scroll down, and review the section displayed at the bottom of the output, next to Hyper-V Requirements. See the following example:
+To verify your computer supports SLAT, open an administrator command prompt,  type **systeminfo**, press **ENTER**, scroll down, and review the section displayed at the bottom of the output, next to Hyper-V Requirements. See the following example:
 
 ```console
 C:>systeminfo
@@ -655,7 +655,7 @@ Hyper-V Requirements:      VM Monitor Mode Extensions: Yes
 In this example, the computer supports SLAT and Hyper-V.
 
 > [!NOTE]
-> If one or more requirements are evaluated as **No** then the computer does not support installing Hyper-V.  However, if only the virtualization setting is incompatible, you might be able to enable virtualization in the BIOS and change the **Virtualization Enabled In Firmware** setting from **No** to **Yes**. The location of this setting depends on the manufacturer and BIOS version, but is typically found associated with the BIOS security settings.
+> If one or more requirements are evaluated as **No** then the computer does not support installing Hyper-V. However, if only the virtualization setting is incompatible, you might be able to enable virtualization in the BIOS and change the **Virtualization Enabled In Firmware** setting from **No** to **Yes**. The location of this setting depends on the manufacturer and BIOS version, but is typically found associated with the BIOS security settings.
 
 You can also identify Hyper-V support using [tools](/archive/blogs/taylorb/hyper-v-will-my-computer-run-hyper-v-detecting-intel-vt-and-amd-v) provided by the processor manufacturer, the [msinfo32](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc731397(v=ws.11)) tool, or you can download the [Coreinfo](/sysinternals/downloads/coreinfo) utility and run it, as shown in the following example:
 
@@ -683,13 +683,13 @@ EPT             *       Supports Intel extended page tables (SLAT)
 
 #### Prepare the app for Intune
 
-Before we can pull an application into Intune to make it part of our AP profile, we need to "package" the application for delivery using the [IntuneWinAppUtil.exe command-line tool](https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool). After downloading the tool, gather the following three bits of information to use the tool:
+Before you can pull an application into Intune to make it part of your AP profile, you need to "package" the application for delivery using the [IntuneWinAppUtil.exe command-line tool](https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool). After downloading the tool, gather the following three bits of information to use the tool:
 
 1. The source folder for your application
 2. The name of the setup executable file
 3. The output folder for the new file
 
-For the purposes of this lab, we'll use the Notepad++ tool as our Win32 app.
+For the purposes of this lab, we'll use the Notepad++ tool as the Win32 app.
 
 Download the [Notepad++ msi package](https://www.hass.de/content/notepad-msi-package-enterprise-deployment-available), and then copy the file to a known location, such as C:\Notepad++msi.
 
@@ -698,13 +698,13 @@ Run the IntuneWinAppUtil tool, supplying answers to the three questions, for exa
 > [!div class="mx-imgBorder"]
 > ![Add app example](images/app01.png)
 
-After the tool finishes running, you should have an .intunewin file in the Output folder, which you can now upload into Intune using the following steps.
+After the tool finishes running, you should have an .intunewin file in the Output folder. You can upload the file into Intune by using the following steps.
 
 #### Create app in Intune
 
 Log in to the Azure portal, and then select **Intune**.
 
-Go to **Intune > Clients apps > Apps**, and then click the **Add** button to create a new app package.
+Go to **Intune > Clients apps > Apps**, and then select the **Add** button to create a new app package.
 
 ![Add app step 1](images/app02.png)
 
@@ -733,7 +733,7 @@ Uninstall:  msiexec /x "{F188A506-C3C6-4411-BE3A-DA5BF1EA6737}" /q
 
 ![Add app step 5](images/app06.png)
 
-Simply using an install command like "notepad++.exe /S" doesn't actually install Notepad++; it only launches the app.  To install the program, you need to use the .msi file instead. Notepad++ doesn't have a .msi version of their program, but there's a .msi version from a [third party provider](https://www.hass.de/content/notepad-msi-package-enterprise-deployment-available).
+Simply using an install command like "notepad++.exe /S" doesn't actually install Notepad++; it only launches the app. To install the program, you need to use the .msi file instead. Notepad++ doesn't have a .msi version of their program, but there's a .msi version from a [third party provider](https://www.hass.de/content/notepad-msi-package-enterprise-deployment-available).
 
 Select **OK** to save your input and activate the **Requirements** blade.
 
@@ -742,18 +742,18 @@ On the **Requirements Configuration** blade, specify the **OS architecture** and
 > [!div class="mx-imgBorder"]
 > ![Add app step 6](images/app07.png)
 
-Next, configure the **Detection rules**.  For the purpose of this lab, select manual format:
+Next, configure the **Detection rules**. For the purposes of this lab, select manual format:
 
 > [!div class="mx-imgBorder"]
 > ![Add app step 7](images/app08.png)
 
-Select **Add** to define the rule properties.  For **Rule type**, select **MSI**, which automatically imports the correct MSI product code into the rule:
+Select **Add** to define the rule properties. For **Rule type**, select **MSI**, which automatically imports the correct MSI product code into the rule:
 
 ![Add app step 8](images/app09.png)
 
 Select **OK** twice to save, as you back out to the main **Add app** blade again for the final configuration.
 
-**Return codes**:  For our purposes, leave the return codes at their default values:
+**Return codes**: For the purposes of this lab, leave the return codes at their default values:
 
 > [!div class="mx-imgBorder"]
 > ![Add app step 9](images/app10.png)
@@ -777,7 +777,7 @@ Find your app in your app list:
 #### Assign the app to your Intune profile
 
 > [!NOTE]
-> The following steps only work if you previously [created a GROUP in Intune and assigned a profile to it](#create-a-device-group).  If you haven't done that, return to the main part of the lab and complete those steps before returning here.
+> The following steps only work if you previously [created a GROUP in Intune and assigned a profile to it](#create-a-device-group). If you haven't done that, return to the main part of the lab and complete those steps before returning here.
 
 In the **Intune > Client Apps > Apps** pane, select the app package you already created to reveal its properties blade.  Then select **Assignments** from the menu:
 
@@ -786,7 +786,7 @@ In the **Intune > Client Apps > Apps** pane, select the app package you already
 
 Select **Add Group** to open the **Add group** pane that's related to the app.
 
-For the purpose of this lab, select **Required** from the **Assignment type** dropdown menu.
+For the purposes of this lab, select **Required** from the **Assignment type** dropdown menu.
 
 > [!NOTE]
 > **Available for enrolled devices** means users install the app from the Company Portal app or Company Portal website.
@@ -827,7 +827,7 @@ Under **App Type**, select **Office 365 Suite > Windows 10**:
 
 ![Create app step 2](images/app18.png)
 
-Under the **Configure App Suite** pane, select the Office apps you want to install.  For the purposes of this lab, only select Excel:
+Under the **Configure App Suite** pane, select the Office apps you want to install. For the purposes of this lab, only select Excel:
 
 > [!div class="mx-imgBorder"]
 > ![Create app step 3](images/app19.png)
@@ -852,7 +852,7 @@ Select **OK** and, then select **Add**.
 #### Assign the app to your Intune profile
 
 > [!NOTE]
-> The following steps only work if you previously [created a GROUP in Intune and assigned a profile to it](#create-a-device-group).  If you haven't done that, return to the main part of the lab and complete those steps before returning here.
+> The following steps only work if you previously [created a GROUP in Intune and assigned a profile to it](#create-a-device-group). If you haven't done that, return to the main part of the lab and complete those steps before returning here.
 
 In the **Intune > Client Apps > Apps** pane, select the Office package you already created to reveal its properties blade.  Then select **Assignments** from the menu:
 
@@ -861,7 +861,7 @@ In the **Intune > Client Apps > Apps** pane, select the Office package you alrea
 
 Select **Add Group** to open the **Add group** pane that's related to the app.
 
-For our purposes, select **Required** from the **Assignment type** dropdown menu.
+For the purposes of this lab, select **Required** from the **Assignment type** dropdown menu.
 
 **Available for enrolled devices** means users install the app from the Company Portal app or Company Portal website.
 

From 8b0f8c20faf7cc845d58e4fbfb75ec94ddfcc59b Mon Sep 17 00:00:00 2001
From: v-dihans <v-dihans@microsoft.com>
Date: Wed, 25 Aug 2021 16:07:16 -0600
Subject: [PATCH 046/671] dh acro fixes

---
 .../demonstrate-deployment-on-vm.md                | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
index dedf8c406a..caf50f2f1d 100644
--- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
+++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
@@ -47,14 +47,14 @@ These are the things you'll need to complete this lab:
 
 |    | Description |
 |:---|:---|
-|**Windows 10 installation media**|Windows 10 Professional or Enterprise (ISO file) for a supported version of Windows 10, semi-annual channel. If you do not already have an ISO to use, a link is provided to download an <a href="https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise" data-raw-source="[evaluation version of Windows 10 Enterprise](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise)">evaluation version of Windows 10 Enterprise</a>.|
+|**Windows 10 installation media**|Windows 10 Professional or Enterprise (ISO file) for a supported version of Windows 10, semi-annual channel. If you don't already have an ISO to use, a link is provided to download an <a href="https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise" data-raw-source="[evaluation version of Windows 10 Enterprise](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise)">evaluation version of Windows 10 Enterprise</a>.|
 |**Internet access**|If you're behind a firewall, see the detailed <a href="/mem/autopilot/software-requirements#networking-requirements" data-raw-source="[networking requirements](/mem/autopilot/software-requirements#networking-requirements)">networking requirements</a>. Otherwise, just ensure that you have a connection to the Internet.|
-|**Hyper-V or a physical device running Windows 10**|The guide assumes that you will use a Hyper-V VM, and provides instructions to install and configure Hyper-V if needed. To use a physical device, skip the steps to install and configure Hyper-V.|
+|**Hyper-V or a physical device running Windows 10**|The guide assumes that you'll use a Hyper-V VM, and provides instructions to install and configure Hyper-V if needed. To use a physical device, skip the steps to install and configure Hyper-V.|
 |**An account with Azure Active Directory (AD) Premium license**|This guide will describe how to obtain a free 30-day trial Azure AD Premium subscription that can be used to complete the lab.|
 
 ## Procedures
 
-A summary of the sections and procedures in the lab is provided below. Follow each section in the order it's presented, skipping the sections that do not apply to you. Optional procedures are provided in the appendices.
+A summary of the sections and procedures in the lab is provided below. Follow each section in the order it's presented, skipping the sections that don't apply to you. Optional procedures are provided in the appendices.
 
 If you already have Hyper-V and a Windows 10 VM, you can skip directly to the [Capture the hardware ID](#capture-the-hardware-id) step. The VM must be running Windows 10, version 1903 or a later version.
 
@@ -273,7 +273,7 @@ Select the **WindowsAutopilot** VM in Hyper-V Manager and verify that you see **
 
 Follow these steps to run the PowerShell script:
 
-1. **On the client VM**: Open an elevated Windows PowerShell prompt and run the following commands. These commands are the same regardless of whether you're using a VM or a physical device:
+1. **On the client VM**: Open an elevated Windows PowerShell prompt and run the following commands. These commands are the same whether you're using a VM or a physical device:
 
     ```powershell
     md c:\HWID
@@ -362,7 +362,7 @@ For this lab, you need an Azure AD Premium subscription. To tell if you have a P
 
 ![MDM and Intune](images/mdm-intune2.png)
 
-If the configuration blade shown above does not appear, it's likely that you don't have a **Premium** subscription.  Auto-enrollment is a feature only available in Azure AD Premium.
+If the configuration blade shown above doesn't appear, it's likely that you don't have a **Premium** subscription.  Auto-enrollment is a feature only available in Azure AD Premium.
 
 To convert your Intune trial account to a free Premium trial account, go to **Azure Active Directory** > **Licenses** > **All products** > **Try / Buy** and select **Free trial** for Azure AD Premium, or EMS E5.
 
@@ -618,7 +618,7 @@ You need to delete (or retire, or factory reset) the device from Intune before d
 > [!div class="mx-imgBorder"]
 > ![Delete device step 1](images/delete-device1.png)
 
-This action removes the device from Intune management, and it will disappear from **Intune > Devices > All devices**. But this does not yet deregister the device from Autopilot. So, the device should still appear under **Intune > Device Enrollment > Windows Enrollment > Windows Autopilot Deployment Program > Devices**.
+This action removes the device from Intune management, and it will disappear from **Intune > Devices > All devices**. But this doesn't yet deregister the device from Autopilot. So, the device should still appear under **Intune > Device Enrollment > Windows Enrollment > Windows Autopilot Deployment Program > Devices**.
 
 The **Intune > Devices > All Devices** list and the **Intune > Device Enrollment > Windows Enrollment > Windows Autopilot Deployment Program > Devices** list mean different things and are two completely separate datastores. The former (All devices) is the list of devices currently enrolled into Intune.
 
@@ -655,7 +655,7 @@ Hyper-V Requirements:      VM Monitor Mode Extensions: Yes
 In this example, the computer supports SLAT and Hyper-V.
 
 > [!NOTE]
-> If one or more requirements are evaluated as **No** then the computer does not support installing Hyper-V. However, if only the virtualization setting is incompatible, you might be able to enable virtualization in the BIOS and change the **Virtualization Enabled In Firmware** setting from **No** to **Yes**. The location of this setting depends on the manufacturer and BIOS version, but is typically found associated with the BIOS security settings.
+> If one or more requirements are evaluated as **No** then the computer doesn't support installing Hyper-V. However, if only the virtualization setting is incompatible, you might be able to enable virtualization in the BIOS and change the **Virtualization Enabled In Firmware** setting from **No** to **Yes**. The location of this setting depends on the manufacturer and BIOS version, but is typically found associated with the BIOS security settings.
 
 You can also identify Hyper-V support using [tools](/archive/blogs/taylorb/hyper-v-will-my-computer-run-hyper-v-detecting-intel-vt-and-amd-v) provided by the processor manufacturer, the [msinfo32](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc731397(v=ws.11)) tool, or you can download the [Coreinfo](/sysinternals/downloads/coreinfo) utility and run it, as shown in the following example:
 

From 46599fc90e9a126c62c59d6343a3e3e47230f1cb Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Thu, 26 Aug 2021 15:01:43 +0530
Subject: [PATCH 047/671] Updated

---
 .vscode/settings.json                         |   5 -
 .../policy-csp-admx-activexinstallservice.md  |   2 +-
 .../mdm/policy-csp-admx-addremoveprograms.md  | 243 +++++++++++-------
 .../mdm/policy-csp-admx-appcompat.md          | 199 ++++++++------
 4 files changed, 281 insertions(+), 168 deletions(-)
 delete mode 100644 .vscode/settings.json

diff --git a/.vscode/settings.json b/.vscode/settings.json
deleted file mode 100644
index f66a07d2e4..0000000000
--- a/.vscode/settings.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-    "cSpell.words": [
-        "emie"
-    ]
-}
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
index a4020d12f2..67982daf0e 100644
--- a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
+++ b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
@@ -95,7 +95,7 @@ If the trusted site uses the HTTPS protocol, this policy setting can also contro
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Establish ActiveX installation policy for sites in Trusted zones*
+-   GP Friendly name: *Establish ActiveX installation policy for sites in Trusted zones*
 -   GP name: *AxISURLZonePolicies*
 -   GP path: *Windows Components\ActiveX Installer Service*
 -   GP ADMX file name: *ActiveXInstallService.admx*
diff --git a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
index 647cff6ce4..478ce5c0d7 100644
--- a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
+++ b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
@@ -67,28 +67,33 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+     <td>No</td>
+     <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+     <td>No</td>
+     <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+     <td>No</td>
+     <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
+     <td>Yes</td>
+     <td>Yes</td>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+     <td>No</td>
+     <td>No</td>
 </tr>
 </table>
 
@@ -125,7 +130,7 @@ If you disable this setting or do not configure it, all programs (Category: All)
 
 <!--ADMXBacked-->
 ADMX Info:  
-- GP English name: *Specify default category for Add New Programs*
+- GP Friendly name: *Specify default category for Add New Programs*
 - GP name: *DefaultCategory*
 - GP path: *Control Panel/Add or Remove Programs*
 - GP ADMX file name: *addremoveprograms.admx*
@@ -150,28 +155,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 </table>
 
@@ -206,7 +217,7 @@ If you disable this setting or do not configure it, the "Add a program from CD-R
 
 <!--ADMXBacked-->
 ADMX Info:  
-- GP English name: *Hide the "Add a program from CD-ROM or floppy disk" option*
+- GP Friendly name: *Hide the "Add a program from CD-ROM or floppy disk" option*
 - GP name: *NoAddFromCDorFloppy*
 - GP path: *Control Panel/Add or Remove Programs*
 - GP ADMX file name: *addremoveprograms.admx*
@@ -231,28 +242,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 </table>
 
@@ -287,7 +304,7 @@ If you disable this setting or do not configure it, "Add programs from Microsoft
 
 <!--ADMXBacked-->
 ADMX Info:  
-- GP English name: *Hide the "Add programs from Microsoft" option*
+- GP Friendly name: *Hide the "Add programs from Microsoft" option*
 - GP name: *NoAddFromInternet*
 - GP path: *Control Panel/Add or Remove Programs*
 - GP ADMX file name: *addremoveprograms.admx*
@@ -312,28 +329,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 </table>
 
@@ -370,7 +393,7 @@ If you disable this setting or do not configure it, "Add programs from your netw
 
 <!--ADMXBacked-->
 ADMX Info:  
-- GP English name: *Hide the "Add programs from your network" option*
+- GP Friendly name: *Hide the "Add programs from your network" option*
 - GP name: *NoAddFromNetwork*
 - GP path: *Control Panel/Add or Remove Programs*
 - GP ADMX file name: *addremoveprograms.admx*
@@ -394,28 +417,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 </table>
 
@@ -447,7 +476,7 @@ If you disable this setting or do not configure it, the Add New Programs button
 
 <!--ADMXBacked-->
 ADMX Info:  
-- GP English name: *Hide Add New Programs page*
+- GP Friendly name: *Hide Add New Programs page*
 - GP name: *NoAddPage*
 - GP path: *Control Panel/Add or Remove Programs*
 - GP ADMX file name: *addremoveprograms.admx*
@@ -472,28 +501,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 </table>
 
@@ -525,7 +560,7 @@ If you disable this setting or do not configure it, Add or Remove Programs is av
 
 <!--ADMXBacked-->
 ADMX Info:  
-- GP English name: *Remove Add or Remove Programs*
+- GP Friendly name: *Remove Add or Remove Programs*
 - GP name: *NoAddRemovePrograms*
 - GP path: *Control Panel/Add or Remove Programs*
 - GP ADMX file name: *addremoveprograms.admx*
@@ -550,28 +585,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 </table>
 
@@ -604,7 +645,7 @@ If you disable this setting or do not configure it, the Set Program Access and D
 
 <!--ADMXBacked-->
 ADMX Info:  
-- GP English name: *Hide the Set Program Access and Defaults page*
+- GP Friendly name: *Hide the Set Program Access and Defaults page*
 - GP name: *NoChooseProgramsPage*
 - GP path: *Control Panel/Add or Remove Programs*
 - GP ADMX file name: *addremoveprograms.admx*
@@ -629,28 +670,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 </table>
 
@@ -682,7 +729,7 @@ If you disable this setting or do not configure it, the Change or Remove Program
 
 <!--ADMXBacked-->
 ADMX Info:  
-- GP English name: *Hide Change or Remove Programs page*
+- GP Friendly name: *Hide Change or Remove Programs page*
 - GP name: *NoRemovePage*
 - GP path: *Control Panel/Add or Remove Programs*
 - GP ADMX file name: *addremoveprograms.admx*
@@ -707,28 +754,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 </table>
 
@@ -763,7 +816,7 @@ If you disable this setting or do not configure it, "Set up services" appears on
 
 <!--ADMXBacked-->
 ADMX Info:  
-- GP English name: *Go directly to Components Wizard*
+- GP Friendly name: *Go directly to Components Wizard*
 - GP name: *NoServices*
 - GP path: *Control Panel/Add or Remove Programs*
 - GP ADMX file name: *addremoveprograms.admx*
@@ -788,28 +841,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 </table>
 
@@ -844,7 +903,7 @@ If you disable this setting or do not configure it, the Support Info hyperlink a
 
 <!--ADMXBacked-->
 ADMX Info:  
-- GP English name: *Remove Support Information*
+- GP Friendly name: *Remove Support Information*
 - GP name: *NoSupportInfo*
 - GP path: *Control Panel/Add or Remove Programs*
 - GP ADMX file name: *addremoveprograms.admx*
@@ -869,28 +928,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 </table>
 
@@ -922,7 +987,7 @@ If you disable this setting or do not configure it, the Add/Remove Windows Compo
 
 <!--ADMXBacked-->
 ADMX Info:  
-- GP English name: *Hide Add/Remove Windows Components page*
+- GP Friendly name: *Hide Add/Remove Windows Components page*
 - GP name: *NoWindowsSetupPage*
 - GP path: *Control Panel/Add or Remove Programs*
 - GP ADMX file name: *addremoveprograms.admx*
diff --git a/windows/client-management/mdm/policy-csp-admx-appcompat.md b/windows/client-management/mdm/policy-csp-admx-appcompat.md
index ff2c292c54..901a7a04b6 100644
--- a/windows/client-management/mdm/policy-csp-admx-appcompat.md
+++ b/windows/client-management/mdm/policy-csp-admx-appcompat.md
@@ -70,28 +70,34 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 </table>
 
@@ -131,7 +137,7 @@ If the status is set to Not Configured, the OS falls back on a local policy set
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Prevent access to 16-bit applications*
+-   GP Friendly name: *Prevent access to 16-bit applications*
 -   GP name: *AppCompatPrevent16BitMach*
 -   GP path: *Windows Components/Application Compatibility*
 -   GP ADMX file name: *AppCompat.admx*
@@ -147,28 +153,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 </table>
 
@@ -202,7 +214,7 @@ Enabling this policy setting removes the property page from the context-menus, b
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Remove Program Compatibility Property Page*
+-   GP Friendly name: *Remove Program Compatibility Property Page*
 -   GP name: *AppCompatRemoveProgramCompatPropPage*
 -   GP path: *Windows Components/Application Compatibility*
 -   GP ADMX file name: *AppCompat.admx*
@@ -218,28 +230,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 </table>
 
@@ -277,7 +295,7 @@ Disabling telemetry will take effect on any newly launched applications. To ensu
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn off Application Telemetry*
+-   GP Friendly name: *Turn off Application Telemetry*
 -   GP name: *AppCompatTurnOffApplicationImpactTelemetry*
 -   GP path: *Windows Components/Application Compatibility*
 -   GP ADMX file name: *AppCompat.admx*
@@ -293,28 +311,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 </table>
 
@@ -353,7 +377,7 @@ Reboot the system after changing the setting to ensure that your system accurate
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn off SwitchBack Compatibility Engine*
+-   GP Friendly name: *Turn off SwitchBack Compatibility Engine*
 -   GP name: *AppCompatTurnOffSwitchBack*
 -   GP path: *Windows Components/Application Compatibility*
 -   GP ADMX file name: *AppCompat.admx*
@@ -369,29 +393,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
+    <td>No</td>
+    <td>No</td>
 </table>
 
 <!--/SupportedSKUs-->
@@ -431,7 +460,7 @@ This option is useful to server administrators who require faster performance an
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn off Application Compatibility Engine*
+-   GP Friendly name: *Turn off Application Compatibility Engine*
 -   GP name: *AppCompatTurnOffEngine*
 -   GP path: *Windows Components/Application Compatibility*
 -   GP ADMX file name: *AppCompat.admx*
@@ -447,28 +476,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 </table>
 
@@ -498,7 +533,7 @@ Available in the latest Windows 10 Insider Preview Build. This policy setting ex
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn off Program Compatibility Assistant*
+-   GP Friendly name: *Turn off Program Compatibility Assistant*
 -   GP name: *AppCompatTurnOffProgramCompatibilityAssistant_1*
 -   GP path: *Windows Components/Application Compatibility*
 -   GP ADMX file name: *AppCompat.admx*
@@ -514,28 +549,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 </table>
 
@@ -572,7 +613,7 @@ If you disable or do not configure this policy setting, the PCA will be turned o
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn off Program Compatibility Assistant*
+-   GP Friendly name: *Turn off Program Compatibility Assistant*
 -   GP name: *AppCompatTurnOffProgramCompatibilityAssistant_2*
 -   GP path: *Windows Components/Application Compatibility*
 -   GP ADMX file name: *AppCompat.admx*
@@ -588,28 +629,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 </table>
 
@@ -645,7 +692,7 @@ If you disable or do not configure this policy setting, Steps Recorder will be e
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn off Steps Recorder*
+-   GP Friendly name: *Turn off Steps Recorder*
 -   GP name: *AppCompatTurnOffUserActionRecord*
 -   GP path: *Windows Components/Application Compatibility*
 -   GP ADMX file name: *AppCompat.admx*
@@ -661,28 +708,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 </table>
 
@@ -721,7 +774,7 @@ If you disable or do not configure this policy setting, the Inventory Collector
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn off Inventory Collector*
+-   GP Friendly name: *Turn off Inventory Collector*
 -   GP name: *AppCompatTurnOffProgramInventory*
 -   GP path: *Windows Components/Application Compatibility*
 -   GP ADMX file name: *AppCompat.admx*

From ade4256933687941f52d9354a39d2c24b7845582 Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Thu, 26 Aug 2021 09:39:08 -0700
Subject: [PATCH 048/671] BitLocker 2 go deprecation announce

---
 windows/deployment/planning/windows-10-deprecated-features.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/deployment/planning/windows-10-deprecated-features.md b/windows/deployment/planning/windows-10-deprecated-features.md
index 72bcfc72c9..9f5ea44089 100644
--- a/windows/deployment/planning/windows-10-deprecated-features.md
+++ b/windows/deployment/planning/windows-10-deprecated-features.md
@@ -8,7 +8,7 @@ ms.sitesec: library
 audience: itpro
 author: greg-lindsay
 ms.author: greglin
-manager: laurawi
+manager: dougeby
 ms.topic: article
 ---
 # Windows 10 features we’re no longer developing
@@ -26,6 +26,7 @@ The features described below are no longer being actively developed, and might b
 
 |Feature    |  Details and mitigation  | Announced in version |
 | ----------- | --------------------- | ---- |
+| BitLocker 2 Go Reader | Reading of BitLocker-protected removable drives from Windows XP or Windows Vista in later operating systems is deprecated and might be removed in a future release of Windows 10/11. The ADMX policy **Allow access to BitLocker-protected removable data drives from earlier versions of Windows**, the command line parameter [manage-bde -DiscoveryVolumeType](/windows-server/administration/windows-commands/manage-bde-on) (-dv), the catalog file **c:\windows\BitLockerDiscoveryVolumeContents**, and the BitLocker 2 Go Reader app **bitlockertogo.exe** might not be available in future releases of Windows client.  | 21H1 |
 | Internet Explorer (IE) 11 | The IE11 desktop application will end support for certain operating systems starting June 15, 2022. For more information, see [Internet Explorer 11](/lifecycle/products/internet-explorer-11). | 21H1 |
 | Personalization roaming | Roaming of Personalization settings (including wallpaper, slideshow, accent colors, and lock screen images) is no longer being developed and might be removed in a future release. | 21H1 |
 | Windows Management Instrumentation Command line (WMIC) tool. | The WMIC tool is deprecated in Windows 10, version 21H1 and the 21H1 semi-annual channel release of Windows Server. This tool is superseded by [Windows PowerShell for WMI](/powershell/scripting/learn/ps101/07-working-with-wmi). Note: This deprecation only applies to the [command-line management tool](/windows/win32/wmisdk/wmic). WMI itself is not affected. | 21H1 |

From 1359094c7792cd2b25bb730cc7b19f2ad56d671b Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Thu, 26 Aug 2021 09:58:55 -0700
Subject: [PATCH 049/671] update

---
 windows/deployment/planning/windows-10-deprecated-features.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/planning/windows-10-deprecated-features.md b/windows/deployment/planning/windows-10-deprecated-features.md
index 9f5ea44089..74bfc3ac68 100644
--- a/windows/deployment/planning/windows-10-deprecated-features.md
+++ b/windows/deployment/planning/windows-10-deprecated-features.md
@@ -26,7 +26,7 @@ The features described below are no longer being actively developed, and might b
 
 |Feature    |  Details and mitigation  | Announced in version |
 | ----------- | --------------------- | ---- |
-| BitLocker 2 Go Reader | Reading of BitLocker-protected removable drives from Windows XP or Windows Vista in later operating systems is deprecated and might be removed in a future release of Windows 10/11. The ADMX policy **Allow access to BitLocker-protected removable data drives from earlier versions of Windows**, the command line parameter [manage-bde -DiscoveryVolumeType](/windows-server/administration/windows-commands/manage-bde-on) (-dv), the catalog file **c:\windows\BitLockerDiscoveryVolumeContents**, and the BitLocker 2 Go Reader app **bitlockertogo.exe** might not be available in future releases of Windows client.  | 21H1 |
+| BitLocker To Go Reader | Reading of BitLocker-protected removable drives ([BitLocker To Go](/windows/security/information-protection/bitlocker/bitlocker-to-go-faq)) from Windows XP or Windows Vista in later operating systems is deprecated and might be removed in a future release of Windows 10/11.<br>The following might not be available in a future release of Windows client:<br>- ADMX policy: **Allow access to BitLocker-protected removable data drives from earlier versions of Windows**<br>- Command line parameter: [manage-bde -DiscoveryVolumeType](/windows-server/administration/windows-commands/manage-bde-on) (-dv)<br>- Catalog file: **c:\windows\BitLockerDiscoveryVolumeContents**<br>- BitLocker 2 Go Reader app: **bitlockertogo.exe** and associated files  | 21H1 |
 | Internet Explorer (IE) 11 | The IE11 desktop application will end support for certain operating systems starting June 15, 2022. For more information, see [Internet Explorer 11](/lifecycle/products/internet-explorer-11). | 21H1 |
 | Personalization roaming | Roaming of Personalization settings (including wallpaper, slideshow, accent colors, and lock screen images) is no longer being developed and might be removed in a future release. | 21H1 |
 | Windows Management Instrumentation Command line (WMIC) tool. | The WMIC tool is deprecated in Windows 10, version 21H1 and the 21H1 semi-annual channel release of Windows Server. This tool is superseded by [Windows PowerShell for WMI](/powershell/scripting/learn/ps101/07-working-with-wmi). Note: This deprecation only applies to the [command-line management tool](/windows/win32/wmisdk/wmic). WMI itself is not affected. | 21H1 |

From 0c2508c342452c369488065f68431d2c9c40722b Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Thu, 26 Aug 2021 12:20:12 -0700
Subject: [PATCH 050/671] update

---
 windows/deployment/planning/windows-10-deprecated-features.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/planning/windows-10-deprecated-features.md b/windows/deployment/planning/windows-10-deprecated-features.md
index 74bfc3ac68..c23e505800 100644
--- a/windows/deployment/planning/windows-10-deprecated-features.md
+++ b/windows/deployment/planning/windows-10-deprecated-features.md
@@ -26,7 +26,7 @@ The features described below are no longer being actively developed, and might b
 
 |Feature    |  Details and mitigation  | Announced in version |
 | ----------- | --------------------- | ---- |
-| BitLocker To Go Reader | Reading of BitLocker-protected removable drives ([BitLocker To Go](/windows/security/information-protection/bitlocker/bitlocker-to-go-faq)) from Windows XP or Windows Vista in later operating systems is deprecated and might be removed in a future release of Windows 10/11.<br>The following might not be available in a future release of Windows client:<br>- ADMX policy: **Allow access to BitLocker-protected removable data drives from earlier versions of Windows**<br>- Command line parameter: [manage-bde -DiscoveryVolumeType](/windows-server/administration/windows-commands/manage-bde-on) (-dv)<br>- Catalog file: **c:\windows\BitLockerDiscoveryVolumeContents**<br>- BitLocker 2 Go Reader app: **bitlockertogo.exe** and associated files  | 21H1 |
+| BitLocker To Go Reader | Reading of BitLocker-protected removable drives ([BitLocker To Go](/windows/security/information-protection/bitlocker/bitlocker-to-go-faq)) from Windows XP or Windows Vista in later operating systems is deprecated and might be removed in a future release of Windows 10/11.<br>The following items might not be available in a future release of Windows client:<br>- ADMX policy: **Allow access to BitLocker-protected removable data drives from earlier versions of Windows**<br>- Command line parameter: [manage-bde -DiscoveryVolumeType](/windows-server/administration/windows-commands/manage-bde-on) (-dv)<br>- Catalog file: **c:\windows\BitLockerDiscoveryVolumeContents**<br>- BitLocker 2 Go Reader app: **bitlockertogo.exe** and associated files  | 21H1 |
 | Internet Explorer (IE) 11 | The IE11 desktop application will end support for certain operating systems starting June 15, 2022. For more information, see [Internet Explorer 11](/lifecycle/products/internet-explorer-11). | 21H1 |
 | Personalization roaming | Roaming of Personalization settings (including wallpaper, slideshow, accent colors, and lock screen images) is no longer being developed and might be removed in a future release. | 21H1 |
 | Windows Management Instrumentation Command line (WMIC) tool. | The WMIC tool is deprecated in Windows 10, version 21H1 and the 21H1 semi-annual channel release of Windows Server. This tool is superseded by [Windows PowerShell for WMI](/powershell/scripting/learn/ps101/07-working-with-wmi). Note: This deprecation only applies to the [command-line management tool](/windows/win32/wmisdk/wmic). WMI itself is not affected. | 21H1 |

From 19d5bb2f415b2a41bd8ba454cd00152705e5bb09 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Fri, 27 Aug 2021 11:29:08 +0530
Subject: [PATCH 051/671] Updated

---
 .../mdm/policy-csp-abovelock.md               | 12 +++++------
 .../mdm/policy-csp-activexcontrols.md         | 20 ++++++++-----------
 .../policy-csp-admx-activexinstallservice.md  | 17 ++++++----------
 3 files changed, 20 insertions(+), 29 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md
index b1bc434f3a..341da28ece 100644
--- a/windows/client-management/mdm/policy-csp-abovelock.md
+++ b/windows/client-management/mdm/policy-csp-abovelock.md
@@ -14,7 +14,6 @@ manager: dansimp
 
 # Policy CSP - AboveLock
 
-[!INCLUDE[appliesto-xxx-xxx-xxx-SUB-xxx-md](../includes/appliesto-xxx-xxx-xxx-SUB-xxx-md.md)]
 
 
 <hr/>
@@ -55,11 +54,11 @@ manager: dansimp
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td>Yes, starting in Windows 10, version 1909</td><td>Yes</td>
+    <td>Yes, starting in Windows 10, version 1903</td><td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td>Yes, starting in Windows 10, version 2004</td><td>Yes</td>
+    <td>Yes, starting in Windows 10, version 1903</td><td>Yes</td>
 
 </table>
 
@@ -81,7 +80,7 @@ Added in Windows 10, version 1607. Specifies whether or not the user can intera
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
--   GP English name: *Allow Cortana above lock screen*
+-   GP Friendly name: *Allow Cortana above lock screen*
 -   GP name: *AllowCortanaAboveLock*
 -   GP path: *Windows Components/Search*
 -   GP ADMX file name: *Search.admx*
@@ -104,8 +103,9 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md
index d760021b1e..218006e1a3 100644
--- a/windows/client-management/mdm/policy-csp-activexcontrols.md
+++ b/windows/client-management/mdm/policy-csp-activexcontrols.md
@@ -36,29 +36,25 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td><td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
+    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
 </table>
 
 <!--/SupportedSKUs-->
@@ -92,7 +88,7 @@ Note: Wild card characters cannot be used when specifying the host URLs.
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Approved Installation Sites for ActiveX Controls*
+-   GP Friendly name: *Approved Installation Sites for ActiveX Controls*
 -   GP name: *ApprovedActiveXInstallSites*
 -   GP path: *Windows Components/ActiveX Installer Service*
 -   GP ADMX file name: *ActiveXInstallService.admx*
diff --git a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
index 67982daf0e..b4cea8e9e5 100644
--- a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
+++ b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
@@ -37,28 +37,23 @@ manager: dansimp
 <table>
 <tr>
     <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td><td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes, starting in Windows 10, version 1903</td><td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes, starting in Windows 10, version 1903</td><td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
+    <td>Yes, starting in Windows 10, version 1903</td><td>Yes</td>
 </table>
 
 <!--/SupportedSKUs-->

From 322e80329d7217a147f31d0178530beec13f894a Mon Sep 17 00:00:00 2001
From: Diana Hanson <v-dihans@microsoft.com>
Date: Fri, 27 Aug 2021 16:26:58 -0600
Subject: [PATCH 052/671] tweak

---
 .../windows-autopilot/demonstrate-deployment-on-vm.md       | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
index caf50f2f1d..b2291cb3a2 100644
--- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
+++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
@@ -48,7 +48,7 @@ These are the things you'll need to complete this lab:
 |    | Description |
 |:---|:---|
 |**Windows 10 installation media**|Windows 10 Professional or Enterprise (ISO file) for a supported version of Windows 10, semi-annual channel. If you don't already have an ISO to use, a link is provided to download an <a href="https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise" data-raw-source="[evaluation version of Windows 10 Enterprise](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise)">evaluation version of Windows 10 Enterprise</a>.|
-|**Internet access**|If you're behind a firewall, see the detailed <a href="/mem/autopilot/software-requirements#networking-requirements" data-raw-source="[networking requirements](/mem/autopilot/software-requirements#networking-requirements)">networking requirements</a>. Otherwise, just ensure that you have a connection to the Internet.|
+|**Internet access**|If you're behind a firewall, see the detailed <a href="/mem/autopilot/software-requirements#networking-requirements" data-raw-source="[networking requirements](/mem/autopilot/software-requirements#networking-requirements)">networking requirements</a>. Otherwise, just ensure that you have a connection to the internet.|
 |**Hyper-V or a physical device running Windows 10**|The guide assumes that you'll use a Hyper-V VM, and provides instructions to install and configure Hyper-V if needed. To use a physical device, skip the steps to install and configure Hyper-V.|
 |**An account with Azure Active Directory (AD) Premium license**|This guide will describe how to obtain a free 30-day trial Azure AD Premium subscription that can be used to complete the lab.|
 
@@ -175,7 +175,7 @@ All VM data will be created under the current path in your PowerShell prompt. Co
 > [!IMPORTANT]
 > **VM switch**: a VM switch is how Hyper-V connects VMs to a network.
 >
->- If you previously enabled Hyper-V and your Internet-connected network interface is already bound to a VM switch, then the PowerShell commands below will fail. In this case, you can either delete the existing VM switch (so that the commands below can create one), or you can reuse this VM switch by skipping the first command below and either modifying the second command to replace the switch name **AutopilotExternal** with the name of your switch, or by renaming your existing switch to "AutopilotExternal."
+>- If you previously enabled Hyper-V and your internet-connected network interface is already bound to a VM switch, then the PowerShell commands below will fail. In this case, you can either delete the existing VM switch (so that the commands below can create one), or you can reuse this VM switch by skipping the first command below and either modifying the second command to replace the switch name **AutopilotExternal** with the name of your switch, or by renaming your existing switch to "AutopilotExternal."
 >- If you have never created an external VM switch before, then just run the commands below.
 >- If you're not sure if you already have an External VM switch, enter **get-vmswitch** at a Windows PowerShell prompt to display a currently list of the VM switches that are provisioned in Hyper-V. If one of them is of SwitchType **External**, then you already have a VM switch configured on the server that's used to connect to the internet. In this case, you need to skip the first command below and modify the others to use the name of your VM switch instead of the name "AutopilotExternal" (or change the name of your switch).
 
@@ -396,7 +396,7 @@ For the purposes of this demo, select **All** under the **MDM user scope** and s
 
 ## Register your VM
 
-Your VM (or device) can be registered either via Intune or Microsoft Store for Business (MSfB).  Both processes are shown here, but *only pick one* for the purposes of this lab. It's highly recommend to use Intune rather than MSfB.
+Your VM (or device) can be registered either via Intune or Microsoft Store for Business (MSfB).  Both processes are shown here, but *only pick one* for the purposes of this lab. It's highly recommended that you use Intune rather than MSfB.
 
 ### Autopilot registration using Intune
 

From adf9cd22ec20145172714adc3b549405de7a2ebb Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Mon, 30 Aug 2021 11:21:34 +0530
Subject: [PATCH 053/671] Updated

---
 .../mdm/policy-csp-abovelock.md               | 19 +++++++------------
 .../mdm/policy-csp-accounts.md                | 13 +++++--------
 2 files changed, 12 insertions(+), 20 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md
index 341da28ece..ce57cf318f 100644
--- a/windows/client-management/mdm/policy-csp-abovelock.md
+++ b/windows/client-management/mdm/policy-csp-abovelock.md
@@ -50,15 +50,15 @@ manager: dansimp
 </tr>
 <tr>
     <td>Pro</td>
-    <td>Yes, starting in Windows 10, version 1903</td><td>Yes</td>
+    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td>Yes, starting in Windows 10, version 1903</td><td>Yes</td>
+    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td>Yes, starting in Windows 10, version 1903</td><td>Yes</td>
+    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
 
 </table>
 
@@ -109,24 +109,19 @@ The following list shows the supported values:
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td><td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
+    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
 </table>
 
 <!--/SupportedSKUs-->
diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md
index 644ff6136e..2d31514b75 100644
--- a/windows/client-management/mdm/policy-csp-accounts.md
+++ b/windows/client-management/mdm/policy-csp-accounts.md
@@ -42,20 +42,17 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td><td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>

From 0b7421daacf85820649220cc21036be50cd158ab Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Tue, 31 Aug 2021 20:55:26 +0530
Subject: [PATCH 054/671] Updated

---
 .../mdm/policy-csp-admx-ciphersuiteorder.md   |  44 +-
 .../mdm/policy-csp-admx-com.md                |  44 +-
 .../mdm/policy-csp-admx-controlpanel.md       |  90 ++-
 .../policy-csp-admx-controlpaneldisplay.md    | 624 ++++++++++++------
 .../mdm/policy-csp-admx-cpls.md               |  27 +-
 .../policy-csp-admx-credentialproviders.md    |  81 ++-
 .../mdm/policy-csp-admx-credssp.md            | 296 ++++++---
 .../mdm/policy-csp-admx-credui.md             |  52 +-
 .../mdm/policy-csp-admx-ctrlaltdel.md         | 108 ++-
 9 files changed, 952 insertions(+), 414 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
index 44e91fe2e9..b0f0a3ca01 100644
--- a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
+++ b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
@@ -40,28 +40,34 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 </table>
 
@@ -78,7 +84,7 @@ manager: dansimp
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the cipher suites used by the Secure Socket Layer (SSL).
+This policy setting determines the cipher suites used by the Secure Socket Layer (SSL).
 
 If you enable this policy setting, SSL cipher suites are prioritized in the order specified.
 
@@ -113,28 +119,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 </table>
 
@@ -151,7 +163,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the priority order of ECC curves used with ECDHE cipher suites.
+This policy setting determines the priority order of ECC curves used with ECDHE cipher suites.
 
 If you enable this policy setting, ECC curves are prioritized in the order specified. Enter one curve name per line.
 
diff --git a/windows/client-management/mdm/policy-csp-admx-com.md b/windows/client-management/mdm/policy-csp-admx-com.md
index 13d4fabf45..515d46c987 100644
--- a/windows/client-management/mdm/policy-csp-admx-com.md
+++ b/windows/client-management/mdm/policy-csp-admx-com.md
@@ -40,28 +40,34 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 </table>
 
@@ -78,7 +84,7 @@ manager: dansimp
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.
+This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.
 
 Many Windows programs, such as the MMC snap-ins, use the interfaces provided by the COM components. These programs cannot perform all their functions unless Windows has internally registered the required components.
 
@@ -115,28 +121,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 </table>
 
@@ -153,7 +165,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.
+This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.
 
 Many Windows programs, such as the MMC snap-ins, use the interfaces provided by the COM components. These programs cannot perform all their functions unless Windows has internally registered the required components.
 
diff --git a/windows/client-management/mdm/policy-csp-admx-controlpanel.md b/windows/client-management/mdm/policy-csp-admx-controlpanel.md
index 9dec30ad01..bd127d636b 100644
--- a/windows/client-management/mdm/policy-csp-admx-controlpanel.md
+++ b/windows/client-management/mdm/policy-csp-admx-controlpanel.md
@@ -45,28 +45,34 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 </table>
 
@@ -83,7 +89,7 @@ manager: dansimp
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This setting allows you to display or hide specified Control Panel items, such as Mouse, System, or Personalization, from the Control Panel window and the Start screen. The setting affects the Start screen and Control Panel window, as well as other ways to access Control Panel items, such as shortcuts in Help and Support or command lines that use control.exe. This policy has no effect on items displayed in PC settings.
+This setting allows you to display or hide specified Control Panel items, such as Mouse, System, or Personalization, from the Control Panel window and the Start screen. The setting affects the Start screen and Control Panel window, as well as other ways to access Control Panel items, such as shortcuts in Help and Support or command lines that use control.exe. This policy has no effect on items displayed in PC settings.
 
 If you enable this setting, you can select specific items not to display on the Control Panel window and the Start screen.
 
@@ -122,28 +128,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 </table>
 
@@ -160,7 +172,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the default Control Panel view, whether by category or icons. 
+This policy setting controls the default Control Panel view, whether by category or icons. 
 
 If this policy setting is enabled, the Control Panel opens to the icon view.
 
@@ -196,28 +208,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 </table>
 
@@ -277,28 +295,38 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -315,7 +343,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls which Control Panel items such as Mouse, System, or Personalization, are displayed on the Control Panel window and the Start screen. The only items displayed in Control Panel are those you specify in this setting. This setting affects the Start screen and Control Panel, as well as other ways to access Control Panel items such as shortcuts in Help and Support or command lines that use control.exe. This policy has no effect on items displayed in PC settings.
+This policy setting controls which Control Panel items such as Mouse, System, or Personalization, are displayed on the Control Panel window and the Start screen. The only items displayed in Control Panel are those you specify in this setting. This setting affects the Start screen and Control Panel, as well as other ways to access Control Panel items such as shortcuts in Help and Support or command lines that use control.exe. This policy has no effect on items displayed in PC settings.
 
 To display a Control Panel item, enable this policy setting and click Show to access the list of allowed Control Panel items. In the Show Contents dialog box in the Value column, enter the Control Panel item's canonical name. For example, enter Microsoft.Mouse, Microsoft.System, or Microsoft.Personalization.
 
diff --git a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
index f1f3907cbe..828dd52285 100644
--- a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
+++ b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
@@ -105,28 +105,34 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 </table>
 
@@ -143,7 +149,7 @@ manager: dansimp
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Disables the Display Control Panel.
+Disables the Display Control Panel.
 
 If you enable this setting, the Display Control Panel does not run. When users try to start Display, a message appears explaining that a setting prevents the action.
 
@@ -174,28 +180,39 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -212,7 +229,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Removes the Settings tab from Display in Control Panel.
+Removes the Settings tab from Display in Control Panel.
 
 This setting prevents users from using Control Panel to add, configure, or change the display settings on the computer.
 
@@ -241,28 +258,40 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+    
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -279,7 +308,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This setting forces the theme color scheme to be the default color scheme.
+This setting forces the theme color scheme to be the default color scheme.
 
 If you enable this setting, a user cannot change the color scheme of the current desktop theme.
 
@@ -312,28 +341,39 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -350,7 +390,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This setting disables the theme gallery in the Personalization Control Panel.
+This setting disables the theme gallery in the Personalization Control Panel.
 
 If you enable this setting, users cannot change or save a theme. Elements of a theme such as the desktop background, color, sounds, and screen saver can still be changed (unless policies are set to turn them off).
 
@@ -384,28 +424,39 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -422,7 +473,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Prevents users or applications from changing the visual style of the windows and buttons displayed on their screens.
+Prevents users or applications from changing the visual style of the windows and buttons displayed on their screens.
 
 When enabled on Windows XP, this setting disables the "Windows and buttons" drop-down list on the Appearance tab in Display Properties.
 
@@ -453,28 +504,39 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -491,7 +553,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Enables desktop screen savers.
+Enables desktop screen savers.
 
 If you disable this setting, screen savers do not run. Also, this setting disables the Screen Saver section of the Screen Saver dialog in the Personalization or Display Control Panel. As a result, users cannot change the screen saver options.
 
@@ -526,28 +588,39 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -564,7 +637,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This setting allows you to force a specific default lock screen and logon image by entering the path (location) of the image file. The same image will be used for both the lock and logon screens.
+This setting allows you to force a specific default lock screen and logon image by entering the path (location) of the image file. The same image will be used for both the lock and logon screens.
 
 This setting lets you specify the default lock screen and logon image shown when no user is signed in, and also sets the specified image as the default for all users (it replaces the inbox default image).
 
@@ -599,28 +672,39 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>  
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -637,7 +721,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Prevents users from changing the size of the font in the windows and buttons displayed on their screens.
+Prevents users from changing the size of the font in the windows and buttons displayed on their screens.
 
 If this setting is enabled, the "Font size" drop-down list on the Appearance tab in Display Properties is disabled. 
 
@@ -668,28 +752,39 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -706,7 +801,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Prevents users from changing the background image shown when the machine is locked or when on the logon screen.
+Prevents users from changing the background image shown when the machine is locked or when on the logon screen.
 
 By default, users can change the background image shown when the machine is locked or displaying the logon screen.
 
@@ -737,28 +832,39 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -775,7 +881,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Prevents users from changing the look of their start menu background, such as its color or accent.
+Prevents users from changing the look of their start menu background, such as its color or accent.
 
 By default, users can change the look of their start menu background, such as its color or accent.
 
@@ -810,28 +916,39 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -848,7 +965,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Disables the Color (or Window Color) page in the Personalization Control Panel, or the Color Scheme dialog in the Display Control Panel on systems where the Personalization feature is not available.
+Disables the Color (or Window Color) page in the Personalization Control Panel, or the Color Scheme dialog in the Display Control Panel on systems where the Personalization feature is not available.
 
 This setting prevents users from using Control Panel to change the window border and taskbar color (on Windows 8), glass color (on Windows Vista and Windows 7), system colors, or color scheme of the desktop and windows.
 
@@ -881,28 +998,39 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -919,7 +1047,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Prevents users from adding or changing the background design of the desktop.
+Prevents users from adding or changing the background design of the desktop.
 
 By default, users can use the Desktop Background page in the Personalization or Display Control Panel to add a background design (wallpaper) to their desktop.
 
@@ -956,28 +1084,39 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -994,7 +1133,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Prevents users from changing the desktop icons.
+Prevents users from changing the desktop icons.
 
 By default, users can use the Desktop Icon Settings dialog in the Personalization or Display Control Panel to show, hide, or change the desktop icons.
 
@@ -1027,28 +1166,39 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -1096,28 +1246,39 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -1165,28 +1326,39 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -1203,7 +1375,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Prevents the Screen Saver dialog from opening in the Personalization or Display Control Panel.
+Prevents the Screen Saver dialog from opening in the Personalization or Display Control Panel.
 
 This setting prevents users from using Control Panel to add, configure, or change the screen saver on the computer. It does not prevent a screen saver from running.
 
@@ -1232,28 +1404,39 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -1270,7 +1453,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Prevents users from changing the sound scheme.
+Prevents users from changing the sound scheme.
 
 By default, users can use the Sounds tab in the Sound Control Panel to add, remove, or change the system Sound Scheme.
 
@@ -1301,28 +1484,39 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -1339,7 +1533,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Forces Windows to use the specified colors for the background and accent. The color values are specified in hex as #RGB.
+Forces Windows to use the specified colors for the background and accent. The color values are specified in hex as #RGB.
 
 By default, users can change the background and accent colors.
 
@@ -1370,28 +1564,39 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -1408,7 +1613,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Determines whether screen savers used on the computer are password protected.
+Determines whether screen savers used on the computer are password protected.
 
 If you enable this setting, all screen savers are password protected. If you disable this setting, password protection cannot be set on any screen saver.
 
@@ -1446,8 +1651,9 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
@@ -1455,19 +1661,27 @@ ADMX Info:
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -1484,7 +1698,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Specifies how much user idle time must elapse before the screen saver is launched.
+Specifies how much user idle time must elapse before the screen saver is launched.
 
 When configured, this idle time can be set from a minimum of 1 second to a maximum of 86,400 seconds, or 24 hours. If set to zero, the screen saver will not be started.
 
@@ -1530,23 +1744,33 @@ ADMX Info:
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -1563,7 +1787,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Specifies the screen saver for the user's desktop.
+Specifies the screen saver for the user's desktop.
 
 If you enable this setting, the system displays the specified screen saver on the user's desktop. Also, this setting disables the drop-down list of screen savers in the Screen Saver dialog in the Personalization or Display Control Panel, which prevents users from changing the screen saver.
 
@@ -1601,28 +1825,39 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -1675,23 +1910,33 @@ ADMX Info:
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -1708,7 +1953,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This setting allows you to force a specific visual style file by entering the path (location) of the visual style file.
+This setting allows you to force a specific visual style file by entering the path (location) of the visual style file.
 
 This can be a local computer visual style (aero.msstyles), or a file located on a remote server using a UNC path (\\Server\Share\aero.msstyles).
 
@@ -1748,28 +1993,39 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -1786,7 +2042,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Forces the Start screen to use one of the available backgrounds, 1 through 20, and prevents the user from changing it.
+Forces the Start screen to use one of the available backgrounds, 1 through 20, and prevents the user from changing it.
 
 If this setting is set to zero or not configured, then Start uses the default background, and users can change it.
 
diff --git a/windows/client-management/mdm/policy-csp-admx-cpls.md b/windows/client-management/mdm/policy-csp-admx-cpls.md
index 6ad7cad008..e1ee9b86de 100644
--- a/windows/client-management/mdm/policy-csp-admx-cpls.md
+++ b/windows/client-management/mdm/policy-csp-admx-cpls.md
@@ -36,28 +36,39 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>  
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -74,7 +85,7 @@ manager: dansimp
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account picture. One application for this policy setting is to standardize the account pictures to a company logo.
+This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account picture. One application for this policy setting is to standardize the account pictures to a company logo.
 
 > [!NOTE] 
 > The default account picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\user.jpg. The default guest picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\guest.jpg. If the default pictures do not exist, an empty frame is displayed.
diff --git a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
index b7ed4ab54a..0cad585609 100644
--- a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
+++ b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
@@ -42,28 +42,39 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11<th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -80,7 +91,7 @@ manager: dansimp
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control whether a user can change the time before a password is required when a Connected Standby device screen turns off.
+This policy setting allows you to control whether a user can change the time before a password is required when a Connected Standby device screen turns off.
 
 If you enable this policy setting, a user on a Connected Standby device can change the amount of time after the device's screen turns off before a password is required when waking the device. The time is limited by any EAS settings or Group Policies that affect the maximum idle time before a device locks. Additionally, if a password is required when a screensaver turns on, the screensaver timeout will limit the options the user may choose.
 
@@ -115,28 +126,39 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -153,7 +175,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows the administrator to assign a specified credential provider as the default credential provider.
+This policy setting allows the administrator to assign a specified credential provider as the default credential provider.
 
 If you enable this policy setting, the specified credential provider is selected on other user tile.
 
@@ -188,28 +210,39 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -226,7 +259,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows the administrator to exclude the specified credential providers from use during authentication.  
+This policy setting allows the administrator to exclude the specified credential providers from use during authentication.  
 
 > [!NOTE]
 > Credential providers are used to process and validate user credentials during logon or when authentication is required. Windows Vista provides two default credential providers: Password and Smart Card. An administrator can install additional credential providers for different sets of credentials (for example, to support biometric authentication).
diff --git a/windows/client-management/mdm/policy-csp-admx-credssp.md b/windows/client-management/mdm/policy-csp-admx-credssp.md
index 04bbf46ba4..f55b199a4f 100644
--- a/windows/client-management/mdm/policy-csp-admx-credssp.md
+++ b/windows/client-management/mdm/policy-csp-admx-credssp.md
@@ -66,28 +66,38 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 </table>
 
@@ -104,7 +114,7 @@ manager: dansimp
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
+This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
 
 This policy setting applies when server authentication was achieved via NTLM.
 
@@ -146,28 +156,39 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -184,7 +205,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
+This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
 
 This policy setting applies when server authentication was achieved by using a trusted X509 certificate or Kerberos.
 
@@ -231,28 +252,39 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -269,7 +301,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the CredSSP component (for example: Remote Desktop Connection).
+This policy setting applies to applications using the CredSSP component (for example: Remote Desktop Connection).
 
 Some versions of the CredSSP protocol are vulnerable to an encryption oracle attack against the client.  This policy controls compatibility with vulnerable clients and servers.  This policy allows you to set the level of protection desired for the encryption oracle vulnerability.
 
@@ -311,28 +343,39 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -349,7 +392,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
+This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
 
 This policy setting applies when server authentication was achieved via a trusted X509 certificate or Kerberos.
 
@@ -393,28 +436,39 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -431,7 +485,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
+This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
 
 This policy setting applies when server authentication was achieved via NTLM.
 
@@ -475,28 +529,39 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -513,7 +578,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
+This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
 
 This policy setting applies when server authentication was achieved via a trusted X509 certificate or Kerberos.
 
@@ -557,28 +622,39 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -595,7 +671,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
+This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
 
 This policy setting applies when server authentication was achieved via NTLM.
 
@@ -639,28 +715,39 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -677,7 +764,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
+This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
 
 If you enable this policy setting, you can specify the servers to which the user's default credentials cannot be delegated (default credentials are those that you use when first logging on to Windows).
 
@@ -719,28 +806,39 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -757,7 +855,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
+This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
 
 If you enable this policy setting, you can specify the servers to which the user's fresh credentials cannot be delegated (fresh credentials are those that you are prompted for when executing the application).
 
@@ -799,28 +897,39 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -837,7 +946,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
+This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
 
 If you enable this policy setting, you can specify the servers to which the user's saved credentials cannot be delegated (saved credentials are those that you elect to save/remember using the Windows credential manager).
 
@@ -879,28 +988,39 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -917,7 +1037,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. When running in Restricted Admin or Remote Credential Guard mode, participating apps do not expose signed in or supplied credentials to a remote host. Restricted Admin limits access to resources located on other servers or networks from the remote host because credentials are not delegated. Remote Credential Guard does not limit access to resources because it redirects all requests back to the client device.
+When running in Restricted Admin or Remote Credential Guard mode, participating apps do not expose signed in or supplied credentials to a remote host. Restricted Admin limits access to resources located on other servers or networks from the remote host because credentials are not delegated. Remote Credential Guard does not limit access to resources because it redirects all requests back to the client device.
 
 Participating apps:
 Remote Desktop Client
diff --git a/windows/client-management/mdm/policy-csp-admx-credui.md b/windows/client-management/mdm/policy-csp-admx-credui.md
index acb7942b92..d1ad1b5737 100644
--- a/windows/client-management/mdm/policy-csp-admx-credui.md
+++ b/windows/client-management/mdm/policy-csp-admx-credui.md
@@ -39,28 +39,39 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -77,7 +88,7 @@ manager: dansimp
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting requires the user to enter Microsoft Windows credentials using a trusted path, to prevent a Trojan horse or other types of malicious code from stealing the user’s Windows credentials.
+This policy setting requires the user to enter Microsoft Windows credentials using a trusted path, to prevent a Trojan horse or other types of malicious code from stealing the user’s Windows credentials.
 
 > [!NOTE]
 > This policy affects nonlogon authentication tasks only. As a security best practice, this policy should be enabled.
@@ -111,28 +122,39 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
diff --git a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
index b42e1e9ad0..9836d5e9d0 100644
--- a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
+++ b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
@@ -45,28 +45,39 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -83,7 +94,7 @@ manager: dansimp
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from changing their Windows password on demand.
+This policy setting prevents users from changing their Windows password on demand.
 
 If you enable this policy setting, the 'Change Password' button on the Windows Security dialog box will not appear when you press Ctrl+Alt+Del.
 
@@ -115,28 +126,39 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -153,7 +175,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from locking the system.
+This policy setting prevents users from locking the system.
 
 While locked, the desktop is hidden and the system cannot be used. Only the user who locked the system or the system administrator can unlock it.
 
@@ -188,28 +210,39 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -226,7 +259,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from starting Task Manager.
+This policy setting prevents users from starting Task Manager.
 
 Task Manager (**taskmgr.exe**) lets users start and stop programs, monitor the performance of their computers, view and monitor all programs running on their computers, including system services, find the executable names of programs, and change the priority of the process in which programs run.
 
@@ -259,28 +292,39 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
+</tr>
 </tr>
 </table>
 
@@ -297,7 +341,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting disables or removes all menu items and buttons that log the user off the system.
+This policy setting disables or removes all menu items and buttons that log the user off the system.
 
 If you enable this policy setting, users will not see the Log off menu item when they press Ctrl+Alt+Del. This will prevent them from logging off unless they restart or shutdown the computer, or clicking Log off from the Start menu.
 

From c42cfb833ad094ffe4d40ae1a4f7fa6caf3731ba Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Tue, 31 Aug 2021 15:06:03 -0700
Subject: [PATCH 055/671] Update secure-the-windows-10-boot-process.md

---
 .../secure-the-windows-10-boot-process.md                    | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/windows/security/information-protection/secure-the-windows-10-boot-process.md b/windows/security/information-protection/secure-the-windows-10-boot-process.md
index 45fc317aa9..9776d72d6f 100644
--- a/windows/security/information-protection/secure-the-windows-10-boot-process.md
+++ b/windows/security/information-protection/secure-the-windows-10-boot-process.md
@@ -20,9 +20,10 @@ ms.author: dansimp
 # Secure the Windows 10 boot process
 
 **Applies to:**
+-  Windows 11
 -  Windows 10
 -  Windows 8.1
--  Windows 11
+
 
 The Windows operating system has many features to help protect you from malware, and it does an amazingly good job. Except for apps that businesses develop and use internally, all Microsoft Store apps must meet a series of requirements to be certified and included in the Microsoft Store. This certification process examines several criteria, including security, and is an effective means of preventing malware from entering the Microsoft Store. Even if a malicious app does get through, the Windows 10 operating system includes a series of security features that can mitigate the impact. For instance, Microsoft Store apps are sandboxed and lack the privileges necessary to access user data or change system settings.
 
@@ -130,4 +131,4 @@ Measured Boot uses the power of UEFI, TPM, and Windows to give you a way to conf
 Secure Boot, Trusted Boot, and Measured Boot create an architecture that is fundamentally resistant to bootkits and rootkits. In Windows, these features have the potential to eliminate kernel-level malware from your network. This is the most ground-breaking anti-malware solution that Windows has ever had; it’s leaps and bounds ahead of everything else. With Windows, you can truly trust the integrity of your operating system.
 
 ## Additional resources
--  [Windows 10 Enterprise LTSC 2019 or v2004 Evaluation](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise)
\ No newline at end of file
+-  [Windows 10 Enterprise LTSC 2019 or v2004 Evaluation](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise)

From 72e29533aae2534118ca7e717155cd7d82c0cb3d Mon Sep 17 00:00:00 2001
From: Mandi Ohlinger <Mandi.Ohlinger@microsoft.com>
Date: Tue, 31 Aug 2021 19:53:09 -0400
Subject: [PATCH 056/671] ADO 5367658: PM updates

---
 .../sideload-apps-in-windows-10.md                     | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/application-management/sideload-apps-in-windows-10.md b/windows/application-management/sideload-apps-in-windows-10.md
index 11defe4f8f..7edd100ef0 100644
--- a/windows/application-management/sideload-apps-in-windows-10.md
+++ b/windows/application-management/sideload-apps-in-windows-10.md
@@ -10,7 +10,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mobile
 author: greg-lindsay
-ms.date: 08/30/2021
+ms.date: 08/31/2021
 ms.localizationpriority: medium
 ---
 
@@ -21,7 +21,7 @@ ms.localizationpriority: medium
 > - Windows 10
 
 > [!NOTE]
-> As of Windows Insider Build 18956, sideloading is enabled by default. You can deploy a signed package onto a device without a special configuration.
+> Starting with Windows 10 2004, sideloading is enabled by default. You can deploy a signed package onto a device without a special configuration.
 
 Sideloading apps is when you install apps that aren't from an official source, such as the Microsoft store. Your organization may create its own apps, including line-of-business (LOB) apps. Many organizations create their own apps to solve problems unique to their business.
 
@@ -59,7 +59,7 @@ Unmanaged devices are devices that are not managed by your organization. These d
 > To install an app on Windows 10 and later, you can:
 >
 > - [Install Windows 10 apps from a web page](/windows/msix/app-installer/installing-windows10-apps-web).
-> - Users can double-click any `.APPX` or `.MSIX` package.
+> - Users can double-click any `.msix` or `.appx` package.
 
 ### User interface
 
@@ -90,7 +90,7 @@ Using Microsoft Intune, you can also enable sideloading apps on managed devices.
 
 This step installs the app certificate to the local device. Installing the certificate creates the trust between the app and the device.
 
-1. Open the security certificate for the `.appx` package, and select **Install Certificate**.
+1. Open the security certificate for the `.msix` package, and select **Install Certificate**.
 
 2. On the **Certificate Import Wizard**, select **Local Machine**.
 
@@ -102,6 +102,6 @@ This step installs the app certificate to the local device. Installing the certi
 
 ## Step 3: Install the app
 
-From the folder with the `.appx` package, run the Windows PowerShell `Add-AppxPackage` command to install the `.appx` package.
+From the folder with the `.msix` package, run the Windows PowerShell `Add-AppxPackage` command to install the `.msix` package.
 
 For more information on this command, see [Add-AppxPackage](/powershell/module/appx/add-appxpackage).

From db7c9b4dd07a620ba8c16d24fde62fdb1d6a34f6 Mon Sep 17 00:00:00 2001
From: Alekhya Jupudi <v-aljupudi@microsoft.com>
Date: Wed, 1 Sep 2021 13:48:11 +0530
Subject: [PATCH 057/671] Resolving suggestion

Suggestion: Title more than 100 characters : Resolved it!
---
 windows/configuration/cortana-at-work/cortana-at-work-crm.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/configuration/cortana-at-work/cortana-at-work-crm.md b/windows/configuration/cortana-at-work/cortana-at-work-crm.md
index 7a9063b41e..983c40f7d0 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-crm.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-crm.md
@@ -1,5 +1,5 @@
 ---
-title: Set up and test Cortana with Microsoft Dynamics CRM (Preview feature) in your organization (Windows)
+title: Set up and test Cortana with Microsoft Dynamics CRM (Preview feature) in Windows
 description: How to set up Cortana to give salespeople insights on important CRM activities, including sales leads, accounts, and opportunities.
 ms.prod: w10
 ms.mktglfcycl: manage

From cb6d02d109476697d70ea11c7d247d53ab6b902c Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 1 Sep 2021 16:02:44 -0700
Subject: [PATCH 058/671] new article

---
 .../block-untrusted-fonts-in-enterprise.md      |  2 +-
 .../threat-protection/fips-140-validation.md    |  2 +-
 .../mbsa-removal-and-guidance.md                |  2 +-
 .../msft-security-dev-lifecycle.md              | 17 +++++++++++++++++
 4 files changed, 20 insertions(+), 3 deletions(-)
 create mode 100644 windows/security/threat-protection/msft-security-dev-lifecycle.md

diff --git a/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md b/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md
index c1ffec9b59..3fff0198ed 100644
--- a/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md
+++ b/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md
@@ -13,7 +13,7 @@ author: dansimp
 ms.author: dansimp
 ms.date: 08/14/2017
 ms.localizationpriority: medium
-ms.technology: mde
+ms.technology: other
 ---
 
 # Block untrusted fonts in an enterprise
diff --git a/windows/security/threat-protection/fips-140-validation.md b/windows/security/threat-protection/fips-140-validation.md
index 9b2b985db5..b7e5fddec5 100644
--- a/windows/security/threat-protection/fips-140-validation.md
+++ b/windows/security/threat-protection/fips-140-validation.md
@@ -10,7 +10,7 @@ ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.reviewer: 
-ms.technology: mde
+ms.technology: other
 ---
 
 # FIPS 140-2 Validation
diff --git a/windows/security/threat-protection/mbsa-removal-and-guidance.md b/windows/security/threat-protection/mbsa-removal-and-guidance.md
index 83a6f5e00b..a12edb4f83 100644
--- a/windows/security/threat-protection/mbsa-removal-and-guidance.md
+++ b/windows/security/threat-protection/mbsa-removal-and-guidance.md
@@ -9,7 +9,7 @@ ms.author: dansimp
 author: dansimp
 ms.reviewer: 
 manager: dansimp
-ms.technology: mde
+ms.technology: other
 ---
  
 # What is Microsoft Baseline Security Analyzer and its uses?
diff --git a/windows/security/threat-protection/msft-security-dev-lifecycle.md b/windows/security/threat-protection/msft-security-dev-lifecycle.md
new file mode 100644
index 0000000000..18ce55f174
--- /dev/null
+++ b/windows/security/threat-protection/msft-security-dev-lifecycle.md
@@ -0,0 +1,17 @@
+---
+title: Microsoft Security Development Lifecycle
+description: Download the Microsoft Security Development Lifecycle white paper which covers a security assurance process focused on software development.
+ms.prod: m365-security
+audience: ITPro
+author: dansimp
+ms.author: dansimp
+manager: dansimp
+ms.collection: M365-identity-device-management
+ms.topic: article
+ms.localizationpriority: medium
+ms.reviewer: 
+ms.technology: other
+---
+
+# Microsoft Security Development Lifecycle
+

From a32eabdf469edad81bfa879dccf2f2bdb05cfb41 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 1 Sep 2021 16:19:36 -0700
Subject: [PATCH 059/671] Create simplified-sdl.png

---
 .../images/simplified-sdl.png                  | Bin 0 -> 218369 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 windows/security/threat-protection/images/simplified-sdl.png

diff --git a/windows/security/threat-protection/images/simplified-sdl.png b/windows/security/threat-protection/images/simplified-sdl.png
new file mode 100644
index 0000000000000000000000000000000000000000..004814102fc3e8272429bde640e4adc1e752f333
GIT binary patch
literal 218369
zcmY(qcR1Vc|2<w+t5#8a6~(L6s=ZfRs<n!uMyM*K_NtM@E-g}3wS}s!M%9WETPb4C
z#3p7?BZ$cN+4twVe%JN;BUh4V!t)-v&wb8$oIBpcNRR$H*Yzt`uFyZyzyI{g6$+~>
zSI7*hDS<1;mDjd_Co;dMdOBAshj=!DH`iRW4YjXase#d6I8p%bX}tBV{jOYLXa4sf
zbAgWn|AJKb=)Si3Tl<|Him;p56Xd4xp2y=-)A!93`r*_90$uvlGIEX0&5wP8g7AwB
zWIDGRLrb|IJhwG?ymo;Kc3#h!2~y;y_SoBl;vu=JS*bG_!Ej{)*jPkvjDG<_KoMYk
z63~;2v%`hUQ*sEA7!-x&?Dit9gZMCwTW=%qWkb%_ki<)>3nNL=`8HN_{#-^QC1q~0
zeV<=*o=`(Xp`e!scuh#u0+d7#A?!|B_EZ6X&5W_S%pvn9omHXWYGD`Ns}bZ>myb7a
z-h_iqGq?*1o<pQ>AvF+4J)DSxi{`%s{?nYl7ipT1%QLJU$o5hYW`bEd>1GGL3_e|5
z600DhHq{XU&bJXO=U$hW8$Eybu21Z14m<a&PgQ|nEM?oCRqBw7yfGB=;zFn;cMItW
z=8V9lUuHq+{a4O{Vka&^(BQu-m}Vgcy1?Afee{2@CM>!Nxk9+i3B63D{MXzwUTg~r
z8hS|>gXiMZz~?{5&?%Xj=R+y)@Rp>@IVltwioMNmap58h>H+CgminU(C+=f{WOR;^
zy}RYxL7D0o6pNDupvC4;<E5S`_+k$+4O^szPsb@^4pnyc&J;;$+Wd9jh-itU(*r4F
z=OC5w9*DR#htLW7vzwK*@VSw=af0bZ@plaBDK4HA*z9)}%#nKT_=nlEVM0iT4-YqH
z$lo6Q(LKez+bd!;;<(V%Ih*RbH#U@`O2SVPZB(JL@TJKW8!M8R+ti^KbxyBTq$h?X
z;?zWe=U<3{lipG`>|s=VF1IEGb%Hy=2s>nG3&9wv8KY_peOU)WRzf>Rnl1!4CW&76
zl5D)O2aNkW$|1zncg<6+P0wsLj1)UbQmxJF@m1jc(<wdgs3y{0jZYG0iTyzX4w{mD
z5vK+@xxsgNaibMMocLU7R(x4yGVcvNSneh@g7+SdO5Meyy9P*m=oOy-uW{|@!)RZ|
zL8uo`%f;@Rj!y7n957YKx%<6N;n<)hSaHJ@$oUd5?3xjCnZ5Tusa{FPLcu31n7IY;
zQ(d4<A4t&i-PO7*me$~XRi5(;y^U7VV^_qsnQIGH_93^njdt@lR33N~o4^oh6iPve
zlgg`2tn7jqDfXn%omb%ct{(U?{xUxD*RCRe7SgP1aK2ecKDEZ6?$H=#Ukm%I^zwF3
z&9lXoh}){#YEr$h4Z*yc-LDCL#VuEVEii4iY3U8qe=V^3q`G^}V`lUy;Uli@McDQ4
zfzay`$!r_KBeuhDu%g4}`F#v2v2&V^o;cDG)#=Hll=o&2k)IKCjwmvjZ_FY6^<S&P
zg;ByUz3JDXwLA!@%(Zif4D&fy#z30uT(+m}%FD&HE-Q|sHKiz6E032n2j}03Ywh=Y
zOnPodIf9HMmnc(Mi=-b?KXl8uUJ&P{RDjIr;W!qRVb+xGY$w*dz_<jfjrP7wE9nKN
zlks!&%EkJs4Ib3pI~DhDYddnfap-*aF!qA;*4g_n1taAn@4a|@KW-eZQEx>3nFrA|
z3?F`Q96mgB99}uhj}-Xru#xn~vvKGBn~OkhTO@%s%x{lY34feH6CWS{qp#mHOTi<A
zkg_KQJtIbWIS_)HeOiR_*eh)?3?B$@;d@b=NLf5pZQ(q)V+1THK|02fI4|8>2C47P
zKOO+rtL#dKV1>72f_ndbnA0pp<QGNryPq55govyQN@(yV5(D=Aj8-IKaV)ElViaXt
zLKRz^XhUVkZt+6r1h?hWAl|uDV^=S<#wG6WMHUPhGqwPaW&#<-@`32&>m%wP1;D2u
zE;!@G%azuw-e`XD36dk|VCCW|j%8yIZbzuYwcd^06I<7?$q8g{ITZVw?vhPVx-=rD
z)h(>ImJnYzEl|1t@VDR7XvY-KE}YdySiS3Qui1kwMH5uQAcPctW00!7;eTFeNk~BD
ztV=^xJ602N)emXE{4w+!;ni-?8i}-vE(lN*s(x#nPH+!UQQyb`W(UJddI!m=C*Z~*
z?wB;3DoP!UyibZDxMB8$ePJypDFi!B67@Fe#`Mu{;D9=)b1FSl65{s?z1dVuvT;Ru
z(oRVZgzWaDqCC}G8ElYqWG&r631~`t!q|4}1e6M2bJDz`kss2=1oSlV2!wTeSa7T$
zB%N)!L@4L`aFicp|CKK&2!onN3k{K#5i43}iI#4fI>Bf=yfyBO#}73{yHsn#-}zm1
zYH2Hoosm~5NNb(1pzrADWbJI9V0gMR#QF9F!*jYh7ysKl=5^$z!Yk=qu<F=qvvuT5
z|EKho-^Wcx>1mXQ-@}lLQnB>{In(%dG7O}c9aCc{y6~Y;#?x2LVl{oP(MaPX`zrN2
zRUu-s(IX`FCi-UkOXv77**;1{e|p<l$W=9Bh}u0iNC)bYICLi*<k?n*ufnwAiKS&a
zXULO!>`suyiS4g5z5Y5?>9gUq8;Eu0w^d4vYnFB|uic6$H;mj5{`&Qn|972bVd}@f
z=$5)vjG}M(s{6#4a>ffP*hYwPeN{B5)JaIRQq8K=$&NjhE7_t%;5UcCt=ByYC@_%!
zrtxPF@>g8G@>wR~rXRb$aZPZoxE*$JYBiev?5TrO((ow@o7Be}w>iK9zqx%&uAblj
zXh|0BowN@MAiJ=%5BH7ZuUWo&DyR{M|9hD5LqEegdo+%Hx#@`K^K)N@_YxYkb>7IS
zoHK?b@WGYg1OBOE$eXj;CUSO$RRiKnQZc({cI+<PGwQ^Wpmo%1m^WLuZbDpPGg(>r
z()fl(UemK%zj2a_Swmp<mPfwAQ*270N!m!R>E0NF$wHoxoE8^k_EEm9oS?=wU83gp
zRYN+&b%adjtgDFYrFBpYUjiE(Nv)32!ngY0sz<#?5R-lrf9?f^n8I=x4&SoaO<Se!
zALRRdJy_m9aBo{&G5B3m<WnWev-s1=)4Nf8l`g25e*C;qzN4kgQLDAi!Cbe@-h<)5
zGE1AM;EvFV8%tc%EXRvVx!4Wy#E-EFVwPN5&JV%VNLwm5dk>mF8rEdkRt+*yr1I5A
z>_ISI9<}My+NQ3qF47aCT=0C%T(Q9M;Y*H#gST;n#yedgcM&x9ax8E}VYI&ABWSI4
z6FCoFM|v;Vk=D|m+sWjNBCyOk+kyUjkE!}kGD_yE^a3n#|JR!abkG(6O5ZP={YhMB
zdtF5LXLt)zAJM7;wc5G`y%}Qsk-%iRrM>p&*zu_Dk@wD_uJ^$@r_$-crEYv_{9n}i
z^vjjS)K!(<)+aG$ApV#KQ(ts)U~}4Zl{UFhb9^D8;zV_vSl<D*+bwn~z>}QOUax#&
zR0{*74E<ZnH|A3q?hcig%<aW(RsA9fmh>9G+d@u&moyX2GI8RU&E9Zte`MWK>JZV5
zUlrjs4#^@|M3Yt_w-NjyO$t8=jf^{I{_M8rmvpb-pXY3h-Xu7$f0%23-0W8jsV9}w
zDjK!d8`tZEhJlZI6BE%wn6%5Wlm6Wx3&Prg_iif&3P9<4V_Bs){3ot3eke#4fp4Pm
zNLy<DH|Zs~OhPtfr`PzwvHkL5>;A$BF|AMiJs~}Rw+@6be(bwojjNf2jDaK3jCy!?
zI}eIKnrltit|`6CX{Zk>E;>4zbaSf~?RPpx{&;9XC8h~`h0djk3MC)iY}_Q8gJY4z
z?7a*tM)+!~*MYX}GdFA-3PM3D-uoIJc$x`-VW<bHnD52^#8?t7G1$w;cnnIth%n@a
z3~lNixcG5miLgzRkZ8iD5c{%>Jo_caU7E1%4R?;A$Y74eUY7msDe<K~EO==IYqu!F
z2k%v4fcgAVQeToe-#?}OnwF=irjr{sqBqQ*8}{hPYy(DT!cihkof~$XOiSs`u^gE%
z0wVQsz`xH`9(|qLOM4I$wmbaxKdT;t2T8(--&H1={TKakT~1`dI<4N{G&h)oyFcb8
z`~AkQ!WYLXsa0MNTMyH~_o!j}7okUw^xno{xr=#6xpE;gS1%h|*%vRBPmc-XbDFj@
z&to!BUeLkRilaRfN#)bC=ruiL)Px=~!m+tZyHI}o=pOfrah{aKAJT#c_spL<(3^j|
zCy?ngo?WgJ7i%ZSto!Dt0?W$Bw|yc>l{3~JhrN^&vf*3`Zk|geu+4e=y%IuR!Int;
zCC9J-++@@9`TU}L!auGEWc_;66tTFX$6;tC)A~iE!aLmdmf%gjm*iin<?Q>UmNMS7
zKD(J{NhyEIRB(p)d$kkVP4VA5la<tcYe;T;W>v*f2*Z0R4cZB2srHIhlmn(Ot9oNN
zZA#Qj6=Yq4^0XPMEJrL2%!Y<mzKLLU`J&bQxMlxOrSSM=BfSwq=7~Un&tJpw=2%dX
zKGB`y+egYNX?=mjO2_a|VUYq`EOf@#4K+8f4{EgE*e`u_Xe?uOOG2aDB=YC@=vdx_
zOAFoeV(lzcNb@89`ZpgQcZ5Be4@$(<=Hz=K`DXR}pddPojQ@Q;zjz*69bO^IL~b1?
z{gM@fl_$gL<qUE!9XNEqiSytX1#&(mF|G1wr(FA5L}v81>IF56dGlz3sl|<;LK-2q
zPIe~0CMH^2d8vl*4D73pA=)g5KW72ee}9h($hF_ta(N!?>l|T-WntWFt!GupF^rC2
zk3D=uL8%?kyjnkc;+K88*H82(cqNr@#SclSs#x;M@IohWEL$2%9T=!GDWG?lX(Cim
z7ag<@LR6ijFv*h2ewq=GgT;Puc6bS{7t~G@x1a0NBy-=c5|vq@E13{2;lk{Qs@ttT
zS?yQ%3rzeiIgT0+@!TfOdxs2md88>;A3Dv>Y?_b^R7--tr;g3;je<MYk!qftYZ{LD
z{-hxb?5}f#F|YwAYxaV50+2D{cp6b03mSj}8+Xkh(eH@80kBIQ9BsL+(ZmmK5^$HR
zYnf(w2DfGit@Mnd$4)|!asi&g`5MjNHS3GkW5>$(_F8|jKFhYd>LGP3=WFcYJhyt%
z4>rL7P?OVST!LdsT6vlD{ofF<=9CXD;cSQv$cM21o331BKhZKPbmy`hSAIDMto9&p
zP$_Y>weX~XpoSlhc%Ej{QQ=qXfDIl{XP<2U(Md}wDw1h9nR-W@)=Q~&{S;Sj<8U}r
z_Yjv)`=6_gZBx~`SI`14Y3<;PQy#ada($qsKcsZScA~(KR8>Mm6OkPxIv>yhfX0@@
zhABu60fE-VWi`3nT+a=t#;$l&pG^P72q~mDiOTrwlhm5ND6zI;uI?W{J3Sr?-akET
z)o1*cmIv!&KSi?>Z=TEMhRL*bxptYRB%SIzR>zNAq$ED5Gkxunp18!>J0+xaLf}jS
z^JnMJkrH|y=vwj$#i~G}c`R*Mp805nw3~tjpueTMOHrY;-@Kw{{p;jGnkj=*l?i(A
zKy4Lqf1Q%eSxU(H8|jP78Lsec)x`#>Nf6X~G&A(_Q<h%GB8jsex6@Ulsu4jmrx{zh
zEv2*JHvjUwe&VzH3LUo{-KAtZD8`=%z4ZJ37a@M*L7YhTi1&kpSK{vTJ}+2bcB1B~
zKTmVVO(=jb6x)5~=;R0og1?<s6zZKG1H?3GM4#2EFo|C`K|HalB}2@S-lCiS?|qLV
zgWuwRKX8@Z|2S&mY&elRZqo9*@}+ZJkz3OmdmH1y11qxt&f>dIUu`P?XLwhc%AQ)@
zy1YV-F-p-cvM;nXnu%Kqyx{)Gpu_}@d9{;a?v87}6ZC~Qhjxs?DEt|=Strpw?5iC?
zjIy%)G$xKCV%v$%hVJ6(1Fl>2n)OEY+@Q|k0D5FXvPfjn)aT*C;R}|Fuk1fhuaSrA
zJmxiMb9E-u{SZ4T72ydMIYD7d=0qDzoB0)X2)P;?)0?I+35nfa(1TbpE^%c~!~IsC
z#~PJ4E8Z+!?}guD|Hi(muO1<6oBtRsj<f8Tn51)x^oeN;51<g`&=2@F%PQ<(*ApJV
zDLR#wCGG0lF2a$<rF~Qg5ScWt>b{3{w1$pHOUc!@1K92=$*tf^n|tYQ%+}5|CU(*e
zJ;{CRzZu^oz1JqU5&RYIvlcr9ZYGU_RVa%{NjO=OJdVXTY?b4Yf6{czy^*uNk>FiP
z#Ier~9A(;IjCr`*I&FeiCtCf}3}1$Mq48S)O9}ZWiITiYhC$zqSHHO9n@B~3!3@Gg
zG+`9l3C?!V$H(`lZE3F-B8Cs&f~>q9RPL%OGrq#{A`2EeAl5PG8O)TT7pQ@6kIdNl
zGH5<94n{KR#p<^F`PwH|5A&!}nW=AD(AsI90OOF|V6|L?Q)N=3O0J4#c2oC=a#_%<
zo&WaAv}Tsmf<{x~EVw2g7kch<1PBU{jv{5WEU=YBm0MLv+(lzRS5@%4bqg5;w_O->
z9dagvL0a8e@UE%`<9gAP77gFyyjuXK3{K0oPX3BA+mleg$6mz8!zh6Y@)-b_$4|{s
zpbgVronTpfNiRwrPon`e!{0t*gJ*5yS0EJz@ni??g;AhIfNLBBlv}L8mZmVNd~Wji
zd1x;>rJhhmT21f<t@0(w;_ap&8KKl42nM^wXkBQ#8LuCzWSr?Pen9gcvEfc=&oSF<
zE%zUFf+*Z7w#fz3FSp_IL#i3^k<0EU*w<!krF9HlZ~)?E*RWqt-{LXN`GF`tOer{=
z<@MkG@nV6pJBZ?>(GzrYoM@!^Y{6oDMZ5+U(S>V0TEMj)qQ^$|JM8e7QsNLA07xOJ
zsm>iU{t(_hDq4mYIBlfMF1$KmzrTHt_E?tJ3cbp2JT#O}Ikiq^n?Z$=N{kYP_ldAe
za{i!sXkwO-`SKGaL9}8-EO}7D?bjp9JJVT#Cq?r&*y#c~q*MIm<uDKA3?@*H8}$#~
zd4g>7ZK(1?zw;6fZgS9@6AtuTpKxp`F>P@$zY<FA?7cX^GUK8qnB0cM2hIP+3lM*R
z`re1l^5%<MS(KFaSG{yjoG?}q%DHx7FsTRkU$k|H{fvcIp2TQMKA}1dW4Z`*JU^bJ
z>M_5uHD*x(Jx{H;AaAiD1yvRH7DIj>T&J@SVw$bgpmH4FXCAC_xcxFQ{#T~Ft;wBa
zmWba)+)TpOUQZu5C_Mk(CDyfcqQ8vMnnT|-As@F}-QL|c8399{mk^vB=3Ih?c@=}=
z?7i$0-4x6QWlVeH1$t1BfU@Wwo1_;1h+B$QW~m?NKk9Y}&zK8~RUq1^Z$GmSzY?6f
z)qj}Hip}R)Za{ajA6P>eex>=8)VL{Fq9W7sR+no{-Yi+iS%t8LRB4cRDuALO?nB^N
z@JRBN^_Ip&TSZ{Y#R%~YXh@Uw;J7IVQ2{TY9onGqzqH9<)Auw~;NX5KGugMMi}#ZA
z|780IDd?u1KAi$DJ>DVH=D+s@;PQ3L9Fa#QRdrQS1%xo{zDL6z?0&;u)pemK@mj*Y
zx`MrZbmp(BU*sEbg6ygVc{*4Hd7nn5GF9H@sHE1YSzqd>vr@C2A!o}slBCXbFpDbv
z+Z}Qvq?Ey2eU2k`hd*4~UG2%d`qosk%{zaV*;<>bHM{plXxZhBY~2)x{@jt_wYSFe
zFInf(>q!?JCA~eVg!|7g=Xibm``-_likB_C765sH-o<-zA1N_jFk>!}*LQGp0R0v<
z2XN&X-jHO0_b?RBBE4=xiLwv<yS%nK+YZit8C^hNV&Br58pla{pg7V4ysswA$=t2k
z8*SaAIhJL8FLs1<Qeezg5OU@jc)~@+&&xv{Al0yDDc7{7frlG5O5prR6DymQgy^kz
z^Wx$vdWJiYW}VjgRt6RfR<(Bv!Ha1{UcZZD+4Kitkrkn3w49q7hoB6r<`u}z5EQgY
zs}89kr!m6Tv&Tv1$6yp0ANtUqy9r{F2kbDh-*+vc%ekhE*0>o}p3IzWV6RG@dyR*m
zpzH}2c$&@DEo4XqX&zUc=*exHkAv}IE?wka|Btu?k|quU09C1p7d9kG0K_FIHT0#^
z#8zuYXvZ+PUtJeZA8AbxY5Ue91m&v>_I5F!Pj|rEpj)Q9FrCIj8giz6>JmBYe0umf
zKRl^pw(4-~{g9u_@2R;d$FFmgSS!1Rf;qfpL^t^Uajr>ky#62X7}N#VY)yzEAZFpu
z)-BzU{_qKiKXUXzzj}Z*E+eAJ<)l4c+H-E$0$dy<?Q1MLpw0+O%B4vwzLE{UinQk-
zGuB8=lnTnMxF$a_E>d3mP&{95-+xde)ahfs`)w87sq}&W{NZVA2x73QfA1f|@fBP+
zIDxt@*&y91>y>V*1gpzkdW%OYT;+e^)TdoJJ#MPnHuEoA##t_vWEmE>{7;W}PRoPL
zV!yC&k%UR+ZO~y-cRk-lNb!SGv(U=cE8u7FsCDrnEe>~xUG#f>X~C?QpQ`24Ze?4A
z(umOre$+=~vX<VB6P#3j`amlYnJyP6q_9sZB(Xx_4-(|}dpIFC+|tXrg?;{U?tRzn
zN5YHOU&LUKt%QyM-=&nt1`_7;Xb~KY-gRoPPE6y`RL+&FA2%;7<niKyo*3&beyR);
zk<v+x71KS{HNRgR`OH`BRz)cy(u^-Zwv6PP;`?VPihuc!5|zedRD|NwFIFA-MP*&?
z2iE(x{%i&U!t6N_%=#lSF1KFvz1~1v+&lt7SrL+|2f<@C-2L|m-H#MsdMtz#G%z-)
z2Jh)}w1(c2Q^!OQxs_=wy?=l?$){K^e%#-Zmi87naw!x!bq-|}<*_{Y!;!{AXJ>iv
z;am*jxbowm_f%NYwWDn~MvlOtn?}xY<1XGX6V&<fg|33%-Qkr@?FI%4p<7Gt--i`u
z>P;Oqif~!(nMEvz;ET7TKJqtMuJh%6F65xn&`27dmVfzJ;|o2tLjE^`(xlw{i=Azn
zt*<Prl*sFm@5*O47|wLZ5$N}(hd-DrB^w;fk>lB>yH8~)X|2-YL~aBnw|RHFUaMJd
zn3TEsLvrypc|0PV3^0bIw{&hZ`?N}$tAMC<Bqt-win-g{zO^bPbC9i^&=H+~&(80r
zpDj;@zD`>%Xn^>K^<SDw2V!q*_<!T3jjS66&q89CHFiaJHFs;>@iZzuMR;aCyoKHl
z-jD~QdsB~o|G+=r<{iD|rOm$%ir|Gk{2|2@P=3waq)Wfi6^(WxcI6HROV4V155S)!
z03$L8=CbspCIX$4?-Ck}gR;cA;8w2b`hd<sYdX5?Et?SaP9n9x=8n!)n?R$@t1N*G
zQFo{ww#N;UTgvluf3z-vHHn@aCudPUfv3yyh~T&=!6~7-m=7M)w|{34eBn9G3uLhT
z^4Yz9uxgQB(!39kZDH@|2QaS!Isoob98Rj36UA;^1jd|cC}NDqpqnkr8ZYEh(E*^w
zfBuSUIWZO>UQ~FdBYXRrRV#e(t|(q8d7rjU;ONCwIgMGahkF;)MIx}+kvS^Jq=%!P
z6hL|C?dO^=r*m}ojM~w%Z%|sU51Xhk#pq7FHlk`0(hW`o0N1$035RCszVk&!?($9&
z*W${iP6GpX2x)Lvw%#m4vuI9AT?IK7i8RKx4ycFVY0B};W8h9GJC0=lyo7usmT_6U
z3kk>~RQfWO6RiMmY5=;_Dv!UdRX3LCIGo!mtsL)*`Urnlxjpv`u#|~xfqyw_b_-JO
z;r-P{Q=R!Dogp3V;8s#BX@?`D_d`++fSJFJGZr$0ip-)XR3ny)$ux33{kKiM*C7ul
zAvtre+ZTFa#RViDmrK<U<6))#9U-*dTU;`Lp#Y{85GK)1fZm;&fNZv^<4rJW$8ap)
z1PSqQS5!v^e}7qdcumXlOQ?vb6K+Pu+k((e<8}R5R(P36DAj${5hHWOrKh6`s}U&*
zH(^Q0v{z@ExtTKfLxbyOK^?!E;}JVuwTy}NQz6v+PQk0Z*&93+TCj3WRi`*De75*1
zVQ0f$Jb7;WdH~6u>F--amj+wlYC4lIk24EvzKnuNuYEwrq)F;!wXn8P->Wj$5{TfY
z*y5mhl55FwFkypBLRE15NoritR_~{JeQs^{uu9eo{~FZ`AGh0WYc%^8r~4>Lj|~w&
z6v&rVoHVRsN}3BX>OUG1AJR=LEY2VKWOhR*vD$*&S~nrnsa-!VI`g&uG*^oEeUJJd
zvE_Nbf};Jgvvi+-Kg>@`KMr{Tl0l#n@^@=I;Nt#-^B>c&V)0cD{ncsx)$~UR54WCc
z)NfghP5&t>Te_x`bi++{!nNe9&HeB^wHF>Gx#XH;^5znT6T&W>&LtU$X#nUr_wO4>
zEPuB8ePH!A)AUXI>;Ke9a?w&s6uWFW;ka_irN7fNlq-s%(tF)foFP>k&!E32TN!(B
z=hT!Qd-R4zb)9_=AD;-nrnm7(h_C0Yzv1>PUdmb4yOf1t`(@N(etE6%f76}sRDZV}
z8tA)NjppOv?>XNOI3@G#^o}vj$tZT*WHe_E_(jcEIV*eG_}4+WhVt$hZO5Ct87Z{q
z4eeHKFMc|VOLIMT`+ZMzO6_HQU(Bub7rJo|$7up@8dVoaI{elVOs1x@OdXn1pl&r`
zSvHz{*Qy%2cz;=lqrMQe()w6c{>A!-*@ahbvM_<H&|HozIgVJbUB=y~sx=QeJX8-s
zJ85V=m&<LyS+waPOLlS%(!s*StxBeXvzUJA;Nva#kdfU)|8p;H_f5bl-Gq27(c|H2
zKbosvSIqwNjlJOnV*q+=PQ8LOSHmPq{3Xd$cDAVt8W^HYRjE3{<uU7&R8*v>8Cb*4
z{CpLo?U>VKiCxsRdkAiqGC*oET7ME!1A^+|X}&jblI2)RZ6d)W^Gj!R!x_9DP)JkF
zUXu_UM1H+hwQj*5`F;>wMl2&ZVp*zBrov-OB^)*;Tcthm4jjLlrZy#IZEmt})y^)s
z1Y=`6>raB8EYRP>bKpLp3(k!RUI!o^p%wr?S$yd%`28=xbtBz&6){j5z<wHk?~Ar;
ztir=#g|hfUQW+uI9e`If6xUil>lFmgLpx0ZN~w`F<ZFD<M>*`J7xX1G_RS`tWbd!!
zar&9yA>L}bCu)f1OK827AIu+w=|!6Dk}Lz@r`v8wRUEQ^b^)D#(wq`ng0t~s!~@PT
z(%cNA=x0pD5tH%iNOC~ky&0A8j~@;|e$^!%Lx_$B$Qf@>j<&x1{q4=m{ZlSG$N#vU
z{1@h3Ex6sU$y;w~`oC1bRv4;w%#X7SYOeG@GCUl<gLt)G{;+{pWt?b=N5vMBoqwH%
zmA(%_PxuTA^d|ItgcY`ymL(zIAL;t^xR%UjmN6UZrjErsDp*YPh{;<}JT$Wq<SOr)
zc&7jO8-<$c0>!1$B~#m(>Au-kcnbSe&|Q&n(qqpZ+FsTA<88wt{`48Qr8};*i`T}r
zBQ3LC25a(CvH60`zqZt(rAzuk$aH)jMSo{nbXtm=dD%kE<gS#gzjoi~^EHrA>8Jm!
zu=;WuM!%=-k2$@r(a71DjNq6{WjlI4dGsqmb9+QyBhhJz^6x3<;z8ogX?O}O%Zj^%
z$^D6#z|Q-ZlUm&}H&-|fobKiwC{#V^CTx&5-MIVfmgabo+v4>Zb9E}RF5lL>RdN=@
zG*hSJyQef(P64H^6+eo$I3I3yQ`_XmjD8r3occPJ@U*LA%w*KHBKIncqBu|K=^G6n
zuJ;3~^f4b7gM0J4e>n~FY1Yo{=!%xp+uKFYNO`t=32>8k)olpvY&eO~ut8|Auy{;+
z@y@(lVUCf!&|w{Sc39LImvTIpa3QCJycU;3B!IRoPuW$$n|}XY@y?ufEgRkuqm=Gr
zZMUGiS2-Nbm$oq}kPI&!Hh(eqtfN(mIRGmB>U1f+w?};^zb`zgj+ZAYHqA$kV>hv8
zX{Fl~Y9^5{QyD}P#VXK~%d@Dl@9@A-c+yJ8m|5~g8)EvZn_Y)@42zqQA3$x`Wo+%V
zBo&;^o&O`-4ik!N4qtjda^nRD$B!YWHl43SORHB)6WR@!gDV;CXLp7Nu(dm%Ha$;}
zzP(`^5U2i(J><>qH6iaG>fU~+W=vXrxzJA+mR+OTtYA8;x!v)7Ua;eE4{rF}AynwL
zFW!b5_n1VFmulW?RqlDlXl`ttb_uLEG<3V3c?&XKvv>FhVXX94%4f4RAdCmoa0Z+A
zBjq%qh>94!VdC>xV8v}h0{oF%6fQW$SC@XkQhX7qeF^XEqd40uBD8NnPB$}$Uj=b<
zAWGTkW@fq1D>l{Y`W8hVrpSMF?BWJb`De+z<kmpei2Bc9XtuJkDYq?gW5~HOgcQ*d
z_TA@Vrt!B=ZAhNV3;bqkv+>5H?r+r3WS}4{wT+BAWS$7^z(G{pkVl|@B^|$~-w~(_
z7r+iiZnf5(D4JdvcY>`6sH{4;$kYHh>RKo9qn~^R>6lS2Cc<h=Z)b-JJQbik5*(P-
zp#y$KXqI?AwO?R}d4Suzo@o3YuvbCLgc1bG4|dG4i57i=KW=*WF=-m?>kS_cF8g{o
z$BGEhA4joX*r7%54n0QufKK-+0fHiPGD<!Mb;l)NX5qvWh2No_g7{6*qQAk9clGcS
zv&OhA02(!K(x`xVmy@QVa%~3CV@|<@=L2C&kU4Am$0wkv<Dc?)6M%yS0Dd+AU2p2(
zzAz4UKXe6ONv>6n;1tEEW=??^z?^g%_;ese9Sg#TENoceKs@h-aWO$|au%KP48Tf7
zH_iNU00_U4eAxeKVFuisA1c@#XG+926|?=c@HJkL&k-qYa(Pn~KETL$luj;6d6kFz
z3d;B-R&=UFV3M2<szd)H_bNirbd-D3>8qR#JZ#b!u%52y-A&ZC6Ow76GY~}tO#1|>
z?pCpEoXp+%YgHH%V!JyHLkdlbl#S|J^rj}(-sgqtgb1kBgkMVUSe6P-A*fZv|1+F`
z3G-eXH%T?LSaq|}=8kw%c3rww4KaH4b&{rHl#7dM8^7K;SvD^nis4u#B-n$X^KX_&
zJKO|-n&ezI46T04FkFX6i`2q&5}Wh{-kvF!R4=Pt6R7Cx=W@Sz|A5B*N2Nl(h`9UD
z_v>ZX<)2&YnrM6coE=e+9g8niE=NO6{pU960yHh|4jKpBzL|z$KIp8Nyq4EXO1#gj
z82=`Ft~aC7?G?R6w7hu?JM-UYyFx_vqT$5ft{;AjUY%Z>*0EJ>E`8SX=5}E{d35s6
z*fZV=<kAM4r2;RrW0|StEv%hV<t>tfv%l&mH;LxoczT5<6HLc7q(&#fmJ@S6W(G6o
zZmqdh3p!o!ar_Xg&Z4TpQC%bMzYq@U5#4{BVyMvdl3SD~;O2CiREJJlwl^);Vw$oe
zeWTo_iO9VEiZ}<C?eKka+A~ib0mC3o34i$G^tmr5_2q=u5BR92reQfupLqDveq#++
zmGpO3ZZA3gCYKZFea7n*8QLZw75AK-hR&RFkW=3KsrEjALA2Tvv>cV!4({5<_Z<gk
zTiuf3D2v-TJeIMYkR@k(dS=V3?Gg8qOgw^VsHB@()rO^GXgqpYR{qxNlYkQMO0oO=
zrSx_RKV!7B5ZYB;4ER};`?C)jQjqq^u$Q}^)Gg~Ym0jI~Hgcw!p7Xdm$yo<nA{z<U
z@LJe}_d}XF<+zW0cp8jL*4&9@qp^Nf0E!9FUO{NA(mAMi9qEVndFpY9j9muYV{FOg
zp<g%wmO|?fm$&eFp`8wpB1RP(dL3hncVFggv`7JVc?(67!vWS=@$>WZq`{ruET{wt
z8fZQ1<_Qg}guZaus4n0gSAIwM{BU=w$@rHTo+hVUW%Zife1qoRbqqH1-$1fF!&;0x
zE%6WzWOF9f_0oqPo8#>W@W5S5OwiH7R_k-Zm_J-(ToRL32XB@FfCnO+NVvbB;kE&_
zD5*s<9kpi~)wN8O1-`Q}a!&`9NckH7>1kn6RpWA9&7J%QptAs(3b@=xiw@MR@oi+A
zjwqM-O|Wh$FG?a%!v1p`bme<uTRz@NxKp3v02oWrA#)H0>y++;GXsR%VNqED;GD<R
zqEm)uy%1i5>N5B6Z@!_&HtpY0d|%Eu6U6__Hf^|%uk%3Bp+^S=@cYC%gmI%Uycz~m
zu1AyS$cm|u{3{WHE%Pi0RO-G*C;)QR{F=C*IG^|lpw0$-k<~E>zKAQ%0r-@}-OIxP
zz>`MI8qaV08QXmzBrD)cPh|1(O`<#I^g?)(`pueO$5!T-nth=N2|k_+*t<tL*tU3$
zEAK+vt9qN;$J{YXeZ{{;?=xx}$Jl2Zht6#XZEQzEcs%?*9-99N_rGUynBJ@eY4udi
z5yX$&L9Bcl`CVgD151nKF(VK7RY=afN$LANE3Z6JG8?8!t0KcEt8!f>-PWUOnBjH#
zFy(7{Se5>B0SQCN2CYnSxz64!>D(MQ+K;p3i~gE#1FPM)db4I%S++<4hLdlY=od<4
zeD)F$vPs&Q($X7>htlS@foxZ;b$59Rmfs)lY(1NKQ&7&S8*d@vm_U0Y$^7}QJ`lV~
zj8<e7FOPfmEvH1241?|8ecE8=5!(+=Calw84n9tE=OLzUoJ@_>eCf^lsF}47n7zNX
z67ugSl}GnvDVm<0T7JB%Nfi+p?mVuq?%oc)Q=A>S_eqwH{{^6O*go6&Q}*9g@h}Nl
zdcFU2-`1PUKthQ^m_m3Rew8sgv#cAN6a7Meq>0C^j5!9I9j+63QERNFaoeGXNk9G5
zRr>YpSgsVar)3P&pR;D9F1!?xKAn~2HkiHCX*Ly+`snlC{SPe0FU|!G+qA3+f{>AW
z`yVW|Kpk&J1t2TN<BDxkeqEO_Rg}>W860l;r1Yf8jK?{L)KrOsts1N`{PAG;SaecK
zq*@@ZfG;RXMI<nxuj|3pUQ<pp7L9qilW01NyH<9K<Bj3@TUU)rDE>kGL>X4bie?$*
z)W~ePc@R&*XeEOMl#u>Ul~N@eMlpD|cg+3VLhr&Sl0)P7sP$I6A}K1y?gvn7*d;Rg
zmx+DWWTCQP5Y{5p4d$Z|C&M0w<u<!)a`BGqw0LggGMlf5f7yydyj-d5EbAhR2%84B
zXubP5fXTC5oF4krz-lop<&RaSYzzG6fLezy<F>*aUhl<%SK6@8566Hx-U=MciBGZ>
zCTJbmjLQO`#B0F&Xki3ALF$hs0VzIcp{!Dk3EDEtAP_H}TX~(Vctv3Kt-Nb}lg!a`
z44bzOJ?|Gez#itg00Dv^`1adhGd`~mt<|UMV))9R>u!JFxR{Yc>#h2j!@dV!fLaLA
zL%TnRzxS$F%)MCv1{4VlXli7^-0S@R4XBv!z!Or=zasA_v>AAWVuE%dD()mscK~+)
z>4&KbzxI_x)4Z+Skor9j6?-xqY<>9o%OTe)^FKM|W>g?z_pAXjOp8iPivONB?=#i(
zj<;6M7v`D0n`;FgJzM7joQ`}O7$JSmeStmR6KSW@YtTNj`_lxbs>jR1>Vi`}2ZUS>
zVaOLYV&c1`k^F^FL^9ZQ!EL)ED}bxUR0HZQckmUSiA}{3!gx8jMf2_T+}eA1xpuTr
zmCk1@GKvtVmb7)S)(eMy00Xxzk=(TNOC0hD8vg$0|KIHikDzJ<U=)4*WRKsyES>^F
zlUsnfa$~jCX*Vc0bf*pk4_$tXn;GW_`GFpzRJrSMPwj1WM(BpYBvt6_P?V6}6^6h_
z5G*jVm_G=pGreEW7%@qqSExICnD{Kd#i!W)?`CEMQ7fphP~6|pBxvNjl;P;a?TOu>
zhfbQ4f#W`=-m~|G$3?{Q<(|g>%q&e9;u$en`yE?0Ywm$^95iR0F?mpV<7<A1wMSX~
zVhO#)L$fHow9H$HoSJY~3hz9jws_qBVQW1>1LH8L4n0W(mq5RJk`nlu{6gyPyvv{M
zx*3-lLLK=fH|Dx{u$hFugWPip0c!W3vnJf&A7oa2LvCQ%r_4>~FEW1@xjf&Pckewo
z>;^lBa&Bo*uWHPi!lEb!Wm1OyRQ#(9X}S1$eJ@<qgx`d9D~+YIMEp@2f3lVx^LHcW
zx_g<VGVR(m$kl~z7Y@KWj#D(BC=!!5w>Aripm8r7((L{(zPe~j&BzB~5P*9WJ7Sg7
zc}I?Lt>D&E2R2d7PwaiN+e)9aK3%uy<qzi?OVT|$1>Z>~XS2?%ka#swy5RY`fGWpQ
zAxfc~OSeU6&}zCYfRB7C_+s>d8@yL)iB=>)(qWN#yg5AoasDO6#VAtWfkTUn!=cf{
zbtC#A9i4n-<EjV(ui~&kNoT|W8&OaNq`n?Y)83?$2`Tbg6fEMnF{7l)=U62L!6tp5
z)1jIfKXKqRoc{j6u#NEZn@rlc+5$SSN15(fLXnA`Nn%9%`-r9YN*~C!-v~YAVGd=B
zVkM7a^(oSbB-^H=y!(qkph&Xdo)1?iE4k<-9i3INjBSpfn~oB5Y;<nN$AIgi>|KxO
ztVGN2MH=<Uie)D_eb!{9HKlUXDrcq7-`-*y_I#8wH;5fiO`#8bpofw15uUy4>Hp);
zEZZ=|n#J|=_-A5ZD_g9=rY5h@apQzzqc_|nd-$yC@PqdsFc3{+#f0)ydqoj&W8eTy
z<uXFQkN5sU2>OZn-dKo4uO0q1I>F~9j%5@Y1eC)Y5K=dADR`d^HEn>~wE1h!#uLz_
z*$&dRZqiRo)qfXNx2U!7QLrBEg5%@7vA?f|A<iiaHbdo_S5p-upS^M4n*zd1n&o4e
zuZDeIv$(dF(%jDO28#gIFH9v-X+HWME@?;!QTR2;JnDa`IqPa@t12#w@S@S<79JBq
zhpr-S9ah@AbpI>HvyFN$Y$3Naj4J3!Syt}ILR<>r*GVr|0GuUp{%{t?;@%0}Y^?yy
zojN-F=5^t}AOycJv*`4D!jBUwK{EYBUYcPt_Ylj9U5_+{*(uMr7VfwVvj#_kGd+KR
z{S41@CtPXyDqqJwNI7r_1C*zpxcEaJ9VN{U2UqIi?P)KXdl2+Vmp1rzG-Ia+Z5d%%
zi38Wr>9pGadLr1es&*L-wkNEm_YvrpG=o6ve1|;4Q<p__bthv_0e{x(O*x?hFp%fL
z|72Ks)4OJ`@5J^FaBgVXdqB`JPF$9dPvlP+B!_-cXr1u2Z|NTh6T*+*9SO8vF}sU*
z*fsXT<*$5Cio$?9a0%ih%#gau)b7SSHXO`-=~)NDbBPB6b;aE#Q3?EDCiY)ja<F_r
zxNtYE>D>hu8@{9&0+6u|=z43*$sfQn_NpR&KGRL=sYQ=*`We5oNDpNj=kFO{Z*X1_
znt$8aviU}7oZ(gzy_zPPE!Tecy0J#Gp}br5qmchf=v6|=s~QqDBsaF>>VseFO<nvf
z2!*ro)ay2USJ@$CvYj}knwG3Y44-n8tQ37sk`U;%-Iobz%M*WUu{u#&AG<YSw14WR
zM`o8JRwHj-b;E;c=7~jS*|>@PN6S)!%+8g^_hq%s$S18@rmgasMsGkgX6Y`c7q}K(
z^-i6QKeQ}VdSsiGkct(pH_2z-y`pD;)Q%4G`jsVUQd>OSdsp3e$HcMk_52%~z%K$>
z-q(m`R})yVx9;CSEdQdY)8>%0b}sy6b~N~e%HPmfG|>bLkUOxd@Ro*hCxmCTqlU(f
z&&*}mXR1BdtVb^??M-gkZ=cj_*ROtgUZY@!(o*hQmR%J6IB34`ptzmtfUP=qONRkK
zIwcDGPiMt#W3DB+s{^Vu!Z#Sdo!T<ER}3kWJ)n5-v7@3igy;I83Ij#*RsGA1>@fZL
zjNV&&2~Hom^9%Q)Z^m)8u)h%DjW7@j#9ha={ssT#^BN$<rj#ps)_lW7)&Jqrsa-qH
z8*-$xy;(oxIL*A@r_hf4wz+^4+RE*f3i`%Jj=Z2aKKPJJA*D@DC0(tQzXXq4!EV=2
zpc#|Un&MlRey2Xky}x-^eZZ!xr{1gS0{vD7u3_<+*i2gQPp_|uuilLn|EBVE_pXuH
zkisjIl22Xm_P*|n*aW59Y@IjXMW!zLtH(Vola{uXk+#h#^SBXzKf9x^j@q)K#{W|Z
znIj!vrH=99Di@7L1Pk4_Wg0pw{TLRd_FGB4I=7g;)hPRO5@P#9%XMmn1M-OdJ;QE3
zIeT1#6>I|o?6@f|yF&BYm;j>&n;Giol4VrKc)6!&uc0Is-sYob<MbgVl|nz`y^ZpY
zgTsKi(h%bkg3AMS%Iu@Fs*nr8Z@u7-EzO{X{e^b0-v5kOU(m6p1irv11IWY85k>L3
zeWC0)Do(&&a%$tpRHbv#9$N})%?Z=ztu2Q@<#JPo;Tck%WMmIy6?1I-JhRs5^Nzos
z55IK+mjrOZC=TJx|MGW#-;SjdNoyMUxPtf)Iwfc!q3dy@)P?B(QYe@z6p*2wsyhXi
z_7J8RaEyT4Mibf@aJ^i0$cuQ6|DbAIWnQHb_EVj+3)Go|-|GtIqeCXqvV|eFY>&6q
zU7LTlKVIeY8!+Ur7_!P4Z7L2rvdAZdZ7cZh5c1DG_0$=7@I*^>2vfy8i|@em=fKH>
zOXOQzsoNiQpAMi(m4<6BBg*H0N)Fw@{h8&LazlE9PK|+=UaPsRiFs#VLl)%HZRMjg
zq|jCBGCk#IzYy5Dr9%n!DS1Ce`MEBcA6PyeK0hwSx|1wPs~n#r18na6m}ShrU(pzX
zpC>@m5V$kcc^9RGFGq$G9^$6XVNH7fVup1<%n*TgI;}zgy)PrQr-yP?tT$0%>yU~W
zcIAq)AT(vr-_Y&$`q)E(LW;KeqJ6bGVYMb5OW`s@1;hg8{fK{^;*ojC%tnsFY|pB=
z4*rae5I8ro>mE|0sD^pK7fOF3^Fzz2B&n2_=dk>~3;np(?#Ay_hJ;?r*}0E~=Izd3
z>2(avSqn2l9*yec$(c(TWC|MI<mxP-O}xo<o$J;yr)IH2tmdaovTyZ~pnApG^WE9!
zd)JSxcS*HgJGy=onWv~c?JSp=q$jb%OOH%^!tPy@)EFe)4cp`_X;Y%r{-bncOe6gT
z9^;@*y}}dCEY3sY*JB{QRK-ESzHWGwH^)ec6WT2oT0by>eIUxv@M_X-)fkd1vx)t1
zbVK+06dcsD+_LVt;}w-zT9N;r;Rd8jkU{>bwQRuBo&9J3efTWEmi=PTJbvmTh0gfJ
z{G<Pb|5M((_W9O&?iEHdc{AY$F8nSxnQp!^oNzMvm>x`b{nnWaPgGdsFWDrW+)a_D
zWZSNv1tza{AV(pL=3IU^BB}QDD~4aYJ$r?0oXBMxYaIFI#+WJfBs}(myH1BTQ{#|=
z%kYF@9nFPrC71!(MiDTyl&1F7(qu22&i>h!8MR*&B~}LgOUEC+Nr!<*yYeR^==>IF
zg4O&>dUw~D$gF(7=t8&LJ9-V1^1rQH(^({}a}*7jI7gSu8gfhwIW+2&-Q(iyg7<g}
z$Ejk%nLb3k&-*{8StX|3AR^NMzzt^d$-ZlGH}7Y6g~tqcMH)&PjXOl=w0Q$xQ23&g
z<kY6ZhbnoimLwoL$(qzHeKqL;_bGq*)itC0+N+fuuGM)evEOHhU)m?4+>H|s*=K9T
zRos$jBu2cA>c$4sZVw-t1nH@>Y21l6z-N$p4%VIWlD;ps_CRxNhK7~1k~cKW-huh=
za{Q~N!rn2IBc(p@&_-n8Sc*uit%D?4G!P=ORQEXd0#e0Nn1*v8(z}WD2LU@ea9RT1
z$}|K#Q;A)s>EVgP#Jta9AFF?f$$>szF~m-t7PcRqN)Cki9D42&L!vk>TomohX*0hP
zj;AJLpNnSwjjva-9{{Tr0mUL7OXW)vveE0@3#XcosMJ*tlzO+^G704LwtjUv@3P~X
z%?K+$0Y`^l2%UDxjT`HFZbsO}vBVN$Nt3huFUx@?_v=J2f;9499EhLM5IY&YZbjf8
zsLbV1RkBjBp7}mBKK;;e-4Z$-<|yIX7>(r%6oxC=|46zZEo(R~Fh)TI@MC{T&c3jJ
z0Y!EEGzR9o+<G`G<%^<iM7cwq<EB|@>9LmYzHC5r2h{6&y1xKpjW%<(dRrRnR|c>M
z4tHoyPI~CjiVt(sI|tl~jNuqGQA(vDJKs-1Xarm&>rd!7{euy`iLV1n=o)y^M5EL{
zis_ErY^|N$OAjr34&W#~DQA_h|AN)*YyQco+g-fea}#1PW^*J52uOTUnqC=v$L%&0
zL!>7QoO*}7W4N@rHuUSDC)4v9X0JykGa&lS;<2~3F?S1EcMk2(f;rEAv7iy}2^!V$
zaO+=r0Zpjp*HcV(%8TjIe*k`xRPf$4&t5=fCXcc#TJdRO?AF>zWFXf|Sqtydy1dlL
zS(68n^;(&8u9Pq-ISbcFxmRj0<RbO3++uQCTXQ8;u%U?<5W}RCy{>`N+xmi`vhuO=
z7SVCic4oy)OA83U+u-QASlx0%+Liq?e=Xxxww%beLKgw=K2Az`YwH3F6Vo3%cdv;@
z-}t)uo2$}@+AocDQwtBFN9@+<&Uwv<`hdFUPvw&0Bh~D8;Go|QR%7M~u=fBT;V>NU
zes+=U`@y?uLr!w=RoOzv*y4v%j<{D_S6SRjfEra8jaNy?;EIV^>VL{<y7Uvwen#O`
zPi;-!DCj9zd>B$;00>E>j_d=o0Lph<<!8nGQNPAu_kg%Dm#E?=_bsM}Mz>WZMES{3
z$)N)K1-v)p!Zbf`BZJN6MWPm7ozRlX6XRW<x&)#-DG!(PhdSPt1Xq)hB(R(pPuYgq
z<w?v~5KiQD4K^;*<{dHJNi7g{4vP0|rf$NBY-w006W*vZh)gaDCHEThN7`Qt2&<5D
z9`2gC&S;h}#!+VERKjdR{zy=lmG)V&w7EbH9bgI9(;Pp#s+$^aEav8vr(@($ts`i(
z*mbqk|7sL#hsZ>)j4f}~5Ouf11CFIF4uHli%g|ZUF;ynLXnf(&$oyH8xqIKmJk~dE
zuSTDG;Tgr&KvGN(ZJGA2at){}F@gH!I(JIq`$FbdUD+N#tHs8<rzU3YsiI1#3zy%H
z)&!!!kpw6FW9%|00^H2Owg(#ecl>g>DsUnD$w$BsnFzJS9TrYNXP&G9H5NS@0Bc?Y
zKkp!%hLL16X$VsV9Q|QLfE=ODB~AZPat(dI9`LGLqe@x0j9V5o4u&mOcul4=t0R{p
z-<D{Kv$<83GRPY*ADFoz)#l{_lbk&8pgoOzzXR0620Nf028`jOKP0Fy-tHVKrd|iw
zzDvMP4*-<QrTafX;$Hz+Pwgyh{$DW-<_nz00>d8aG<Bv5yfTyv;iaOlsh`T^s?%_*
zUa%Pe$}v3;6{=Jf*L`&5@!6JW(fzlF2eq&|3|MD{{j1+Wl~#jCRqKgM1tEGOm=%8k
zWdf8&A>b7E0|$xFBsq+wFHo_bgiL^4ntD?SkPhI3&n{e!xKdT|^;$Qfjtii`jqggN
zJFHL_Kfk(`8{+pLe*Bf?y~&$Ry<31D*~Ux(5_P|-t<{e11HP&QEa*fG^0)t_jT8D8
zRo>FTg91QVp>J?NEa>E)r~EI%l!_L*XmEiD;RoW2{T7ucA&*l6yhCA%{BO!yZ+zOi
zvQt8VO5tuBd+cBM!qUO=C)Y44PS?+P6hj~Kjq#mG5v~88F$+ck5#>puQPGeJSF88T
zPm1TAkqd||N)E9ujLK_?7%^`dHyVBx!By%8U_wo5cxDN+ThaU2EeaZWGY|TSL&J|f
z*As8p=pOT!g0u$B=S|keBlKLDp68a5BX_C>f5n0WmS%d~wl@}TvHhRHOW%t$MNFM5
zYeb!d2O)PCWnVCU2EF}6>N{PQrTh_ZNk$|1<#}nzjW^z31h`Y7!WGJ5_3xZ8uUHAK
zoN>ekA=rmsUV7?DQa!I}*LLqNo79eTuCW;y$z0q3QNSrg=4p*|X3nzjMUEa;RKMCn
z1LuFfeb(ty9yd{E;Hy>crs#fk@K6lPaZ}(GU(`PYNYd8sG5t?ECk2)sc=PYQB(2<1
zy;}`Bm3Q6=h<<YV@#v(lbYB1i_osf(h@saYHbm_$-rnD8fk5ix_`IYE-4dR*R%2YU
zf_#&?tQ7L=f_=x~kU3Oqqw&g9EvSLPZE81Q`_K1{ZM!8{;#7d+q*H+2JMs9q@9}x=
zZas*0S5yzzaGwwMd}rEwd?i)EKWwZhHp%Rh2wRzIcz*vC^3+?Gw<*QAeMDuf1pXgK
zR~go18-<nb?v!pR>5`C?PC*GlP>==zDd~`uMjE801nKT>5EvaJWT3>r0s9`lKkvB4
z58i9+J<mCJomz0=>dWfV>F-i&P)H%As?@S9m3*vbsl-eS3IOq-y--iQRgE5&R5)o&
zA=UlEuMkX4RTDQL|7;5jgSV)M7|%pSz>+CQrGV*F0Hd;(s)~xLD$)SY1S4@H;)*1K
zg~`L6buOJ6+Y>tYwBa2wWdVlqDexU2m)~A>MSrt@{@tT^qK#X}9i!ueh9<@H7cPba
z+?sIg{=jT^NjVF)7RLmWo5f>X7Ju-N3Tn`*EFRkwA*yZz1>qO>D5;IR9Nj7*xIMgB
zpb?RGYH<dg1c%?$ZC8<MWG*GPXKB@B<qfN?$6IULj`ww2HiiFo)ZIz<l;nHPM|7;8
z(anjkQ8~zI?IpWzSv$nZc=ha!ASK|~_xNq#Mf$hcH7|0^lPHh-PU0i5Oo?NHzv~X4
zExjFVLZ;B!2QGsrXV||#&;t-C#+xw4g;s6PPDnRaq$xEvwlKHiakF9Ga`LIfUBeA>
z_&4R<U>vq%_&R>N@05QfQiLE9Vol2fSeT>eQ*|h9zWcc$5a0G}b!Z@WeVkT-_9x)q
z%_72Su-m_f55PR%@1$CCI{<H8lHr@x0?zm*WU}v6V86fbF`*6w+F;?ier~asQ=^&4
zJ2{t4i7!$dk!$Qm=uoFjfOk<Y%lG#sy|kFU)*$3ZiW^~EtRjqQtQM;E>!o1Zj8w_l
z+5dkWqP1+hA}fAc4&gZOsJM9nld8Tw@XFm~*aJ3!!;X$iTsXbGoL6VCB23T$nBP-<
z<4T(`9sb1(aZIy>&<dSBTa}X*eRLM$DTr%n?D^@t>#3gwz4ymj)S3$VgJ>h%x{MNs
zyD|@V1-Kmbs_3t2$4;Id!MyFl*K$VH!CH@N#GW5-q?>=KUwr+pz}(;+3uq>y-xitc
zykpY&S~hfTizT9K_#S`W9k_Hcl!Y%Ui*oX+P(<_{R#ZPl^p&A`r-qt4SK!o?NJ2DX
za#p_^J=TC-|8Txh{NdYaUVvDZ$hrL>UuJHWcRsbc(Ye9eiQ_i?4)=F1@l$Sq;EI<p
zcdS#}l3wmwYU+;vV{19C>%F^uf!-YdA%?x=IK6bpwj@QLKNQ(>&h)jUGN`4ik8*G(
zj!+QE>it>Se#s|GD27zWR49$*Ynig5=Y(s>m(aJxLbmiFTdIQc(;4h@I($OgoMaSa
z3OHI&vh)w3iHyS$I*KAE25Sc6!WRNN8E#Z=xNchPdQ5|?S|3uPBB&U(dUiv}I3?d=
zdS5Q%fZGpNY3y5Kz>Y%pwo%?0Gf+%DvDF*ew%1o=a<UaSSg}Y$zQ7K6w`j9L*_pS%
zg-5O$oOj8E$AX4I$g@!M8ef1fZ{i)EEPt$Lc3kNSOTr3|<z`gsh%B+297sBF36ps+
zFMj>nKrYH^*pWtFB&?h&hxHG~Z_uMD(xGxtP!+KX4jwW4Q9J5H=sqLztQ0N$3z~x%
z(->9aN@h?aBuztz1L|ACYFI$2uxyefnZ!z^8*uRyPbCgD5Rci6R{b7qIn?v!dX5tn
zsVLqp9!mNST`tRjwn*udvpU<UgaNj~LWJVYj!tQi`QURbNyGeVXJXrq^!K5J=ltYS
zg8MHoGOUQixX{X-$|tHHbm<)ZM1-yiV`6IZUpy|Mboc)_=crrbcn0_#g_GvE^Cs<$
z(4JF94l)Ylt5%DCU<@!R1-7PDcYtr~1rWK*WwJmBb#5A481p^XwVN1gc<2i3!k=Ee
zvm%lbIS-f{`s<l-T>!KDJanmi-V}XSG2Z2lwi<5{o%F>z_E#>E8(=lWMCfXLZTew(
z2jA9qDZ5{mupIv6{PlB*9=>`3Koo`T2C01+FXfLnKx8_9YqHnzKfGeG-SG|9T6#O<
zAF+J00npZ+0P;P+IX5E~ma9FHmTadQ1QC(_RyvM)oCetp7={CAnrEt~H9I*&y5yPt
z+5`dI?%JLsGUq2GTfcyWg|dhP*dKlqWI7$b(&FFycV3#y2mZes%^cPc4xy3zkAtNg
z{sB3=9gx{P7>0Pa%iv~VhM4yEhix{j)5AyU>k$^%e$)QWtllzv8C*>1zTEP^i#A9T
z{cmvv&z`}sX<tqVJL&bG%}*n)hN-iCf6KX_gU{SFzFA9UZjz#Oh3Dss3-bbiCk=Ly
z6TnDms#oQq%{i1_78Z!?R&DWnrHog_r30jKj{z3&$psWFSH{|w$y>W-J5bfOiqYgs
zrG;ulK^u2Vef*>2+EQ}|<rgt(jRa1BS~<G*<DZxxb_;)IM8wk?D@WT}XYOaFRFkZV
zHmSAHe1+vXco(C;(mZ6Zlvme?YH<CxqbJ2NWLy3|ue{W_kX!tT-h6m@8+S@(SzW%m
zrh(Mfp}~TV;n#9}syKYZB?EHf(ws!id9<WiB|dM}ta5b11Vo8L&n>CQCUmuS-;?}N
zCu3z)`b<j$JWv?%rt?g@qn1Cb5<6s_cjnziTY*fYLZTCG{*H=NKICTmCVDumgz9_}
zvlMN)w8muj3EFMcP&of!2Vd6HD96@g#5ZR6>WJE@Hs&sc4Q~KWrIqA*^yCdGf%oKg
zvSA*GPifAYagR4U&9vT%O3w6;(bdcE<0Wt?onVa<ie`EiMNRkrY;w*LqYxZikZ)>v
zXf?z?6tP2o-#KZ9L6Y>D(jGxswFst_MABV!n8Ji*(PjJI#MKV#<gFWVF8h;`DR$y|
znTtszsRU=euQ9t4=o~O)N0W`oA;U5(##C%*$Ch^4O!J8)jm_V~#(O1dpWSsD#tN{7
z0v&|&C;zYFe!hkt2)6uNt<Q%XG|hWWIrf9J9YlulVlI!?xGtz&`)WVNn9vFiy0`@?
zG4|?s*8h|zm!F$PQ{F9X5LdAmVx|^(q@Z)4>ZyFSX;0BZVBI81H;JXTi&pZwOTFJE
zg{Buvvaieqt9L%1JElufm&jWH2Zg{W{BNY37P~mH4nZ%Oe9*|o17d;>@mixl-GjkK
zn2K|K4<fTE&{77`>985zWWNvnz;jG4BD?W?Yz{}~&Fe>fjxk~(LUFYd`14Hjg4v$~
zMGr62r#_gja(Ez=f5|N7U%Yy@Et3yybLB$j5a17_fRlp;-H;Bzks4sEUvEZ4BPSp#
zGe;f$$lLt@b@AkN8k|IZRHhGZL`s@iZKRTQFY#?Vu*||}$Uaugs3M!E^`~zCJS6%d
zPEyY37)k0l`>>U^T&~<&k`noT?pRPQ7dVWXh3h9O+Frx65tCr>z&*)sKKXDDRhS`$
z??ICFd~o!JkimJVVB3Am_iCADaAOC4syGofKJr8|Ohg47#-G%!Z#h1)+SEaF_JrU{
z`miPAuTTcTfe-u!fxmMO{BDG6o#Uf`tggd?yL@|M>R;8DARxBe>Dc<87hhRzT)2yI
zSvNdxY;j)j{|uaw#EdA6xTd6dhU}*hQi&=*`%_B?SlO?3zl@P>)X7>%NVRoy#9_yf
zOz0~9LHw#<c6=cF<*{J5qhVXxFSy3Di<c1#UQ*Qifyw~#ah{Yp@RU>7?hr=uH4nPv
zwk_^5K<}g$0?c4cAkzh#v^fIu7^%1~-~cR915%?QDOR{v4rpBiE>~~7487et=xZ=o
zUQK_jWs%Mgl<iXBpuJiS#QweVeMRiyaU-gSv`0OXv`etoJ^#A~18qHV{epW3`HY?-
zuDrXqpVrLtsX1lRi6t;&py89#bZrYO`G=_39lB~QlFt#(8L56!DY1Xy?Oo0;Ej{e>
z2_mP93d4rwlw!l<3?uBM3Z{<KPgnLL<rpgQs85cw5BMGGW-#mcv)(T;uMMqySZYIg
zC8pRBca*pP>3BozM7*=W?IDMy)iN5%6@#6DH@3%-{<LE}4{z)&ItR7KMOB>JS@t$Z
zhFyPJ*Wl8Oqn3al<f*6@AO2jkkqv3X7-Spc8#LW}T=Y*?KbOc6RUxZj62HdAjH2bc
z(h=oDkFa-b8KzWeVUcAjd3jwkI@vwL8u;_WO58gc$vDmE&Fsu`2HD<NZqM_;gwl(R
zx!L>Y3)w^yD$a0LErN-bPvs;G(k?0=G(nsHbWt;*^?2k@cXtT#bK4-T)B!ia`FjS*
zkrTB(ak<EJx(9#M8U)^N+JxMB%wdbfoApM?43+9k`A~Zt)fYN_R>y~EtzI6f8jDNX
z>RnKUGjjBm(Bi4TBeIjvP-SEjP?BK!S32`t@{1*t`qTVqOz!SYniwqkZ@pxdV=m;W
z>VOCir6I+|GmKy*t9t#S<~3cPOBfmhxa6zr$)fj?Z{-GW;%sh~lPGF&`|*KVu=#^=
zsiel37apOo;g)3?|0k?;_>M?u8LE?U*?%T<_9m%8`(1U-^cs{~n|silvi))9Z8JIU
zJdFz09{93PsE}vR0xy#m`Mg(3An@$ApM9x^c<sq~<syK`<})(lI{+Ts!9m%PWl}R7
zHW0XA;CZ^90;Y6Kco=f+stH*fO(a@NXQ13Oczvtm`Zhz{w!<a&PIF;n^9`l)7et|d
z{@-Ao(ho(lxo;il5^s3s?m#1QBXhGTRlNlXghRYq!6|4Ak`30+b3tLTO9p5D$sEXJ
z865QU3VV9W8yHFVIm1>#;_2j|4b52lATa*QGp0BZ%PvDXQhkdfA&Rl=v5a5jX8jc!
z&B;B@4DOtv470xBpO=ve_w9|>`aOGF42;~bz|-{&`2qe0XxbQWKkUi2GUAYP!t)R*
zg7DBd?yn@j2BipvErw<CS^OW@orKq>`z{Qg@~~<@nUQ4HrJubnEjW{q*<UCtaQZxg
z)XvCt>AY+`>HyhSw`t#RFUP9A0F^vDRt;jY^kLo58!<hYJbe1N#<e5e*UtuK<r(M_
zqTsyxint!@XDCV~Zg8$we^1hxW6-OxG6&8>nlBia?0dOEPEuqL`!DJq<C^4}g-K18
zgSDI2ZuM#*3wTg`19Hk(14m&)$I@tJZinJ>a9lq(q$#gVJp85O?^n#wTbo}lYFKuE
zap);bqFXcg{*X|6?h|G(V$h*WX3NBL;MEQRAE9xWomub01x(cUctH_7D9VHk(k6R3
zojU`v(he>NG52~?QGUA!{DdFJrkrzLJXaGE12hSDXIjBXKP?~mPd42ap)L5YrFMQU
zC9X`Qd!dX-bWdW}{W*|I+fKq*bB`|>r&Aeek*7vq;(P<QTag$z&3x0Jls?SWFOCBQ
zUaZ1#!2mbR{{;^1g1&l|%0zB1=?j6vguD$ht%t10WP=btaBTAnMv3YBC|(fl<bVel
z+f8d@2e7?^?k2*XbRv2wwudIcG-bhp;3>9dw4wd}G(HxBD$(*i;^i?3lW~M+Lg9RL
zVg?DxuTB*%=Uq%+(Q5ITBl)4y8KP(lt=iV|9~CAq^2C>k${G7lgXR*Za+6!oP@jkA
zn|0#XzB>Fcf}mT*BseC-L`{6!ZgKI}Kg2tQh5G_;3+*!Z`<!NyNy(g5->*p7N>mPF
z45}is0)oZhQUk3w7#Lg_;au`)g_25iJ(iwWs44P>%2X^2Jp^tFgah(eEEK_PTvU~M
zuYUz@3P<Xqb7P_C3z*QCj$w%t4WDv+5j4QQ`66gymCn3h&YJmL_3dBF8smhb8jij$
zUu{nB6N0c$VRuB*1y4d_;o*7t-w4p~ITJz9*u=w5C$_fWaNit4dSeXkIBrzkC|#<K
zX=<F6F=|)>0!AtsZ$Y;DkG${0QltLen5&0{Br<T=A2`6gEVkv`*QY@w0c&z|d=kzk
zaDa)|x*W*DJEhMoS}dYA$NVh>eSTh@jNPtc$yz)X#0nlr4ijK~Yj9xp5LH82_^jV1
zq{`;Iz?g&lkcmfN6Qx0>1#x-tf;Fil?C$ebwfohx>F?{|zaD!^?fS<#04b;$gd?lT
z8Tlf9%_nNjH@Nj=1F6w8dF!<)yAS{c+VNb3vpZuM=S><QS5c!-7nb=~#Q>@gAb#{!
zj#I&P$8H^~a>CFUUexZwksD%xK6mfpjpu*UMt@UGbsCIrBz|M0Zno0~V$GX%pkzmY
zTR*?jZi_*LuK6?j!;Szgumr>(g75^mU)iY4JTGjt1z;QX?(tilTfkoff>|(;J}|D%
z8fgO?Fxn$^Cfn6vR_<$c?a?XU1q#mlb;@s9G!%CmbO#L6?T?WwE!vTeNmWw+fI7Yy
zdEkkBbF=8n?{mFeeNRVB1n$XJ+|Kg?(Op{epoiQsgp{qVdaP}+6*T>^2K_)a&jFt;
zzvYD+bV2kn6u96qr!6l6671gCg03RUzwL*#39OS!6zxIfMMSQbK~M?Q6jg*iH^<p-
zSHYKZ<H$nd=VTjajojl}=gzR7kA2)aVtuD-M~F<D$E}q$c;*Di;kj83-4Z<SoC>L-
zStdD-BNDTH%GMJvOhttxR(0|p>aF)|>t7_a7?nnSj4s8G*K%XXeNHsjv-qf9`UNRN
zZfUo7U+ILmcblZNr9lW{P#hjvIKT1O4XSE5Va3|Oed9vKIOu-1G+_Cu@9(ME>n=uZ
z<5b$<5wn2i8@siA)awY_cz+p(*=M+Q4Q7}x%&LO@+Qot<e;3|N&O+%MpRkna9?0eD
z-)Soaup|7?Jy)K`{W$&*e)5u(k+ub+RDDTekd9M$MWSvqgK4a8OXR3D2>M)RPPO5Q
zz8#(5DG?c^ra?-<EP-$|k-nyhqNh4{VP4*+M@Sp{Vg{ihsVK!*1GTCsObJo~1uc1k
z1s(FhEq<EvrN~-LwBZED7^No$Dx`>wkZE6uLW3{jg^5<J8zEW_n<1hOk7)mz&pzu-
zX6HFuuMYgP_fSzL2ZMnBA^AXRc>1gP`<7r^6}8l9ipX9-U`$o1W?0<imZER_(2iy$
z=;27$J({F)NDHsn@=v+yMGI$3n|sqI!9>v;7ng2O@Y7@jA-QwLy|AbxOj2*)`hbIy
ztdhX0^!1#jlH{k&!$(1zBYE7RxIKDUSti0;kI1mQpFTrlOz6WZ$lrRHWx|8TZr!Cm
z0Bm@VB);ed$Z1spbdqWlPY%x@03l$rIYZg|<;1)>IY`|~41;I*G3iM*ifboC+5(Hp
z6h$$O0}YR-xzz>PBav~v^?9(`%!(h$)IVuV^(s0iVrZUtPYKokx^qL;=W$?wE<77x
z>Nx`R3yAm3xyH2};jPthkQp))7(lQO85|B<fo<;uUr*kv#;0#_0IeCw8qyk1iuW0u
zzt|G|u6weZ`yKO0ol`SI1{CGwP@F>bAY|m1^)y-o-rx-Wz~<kH7vpXr(iAgiyAdCs
z4rM)!lru;}#8-)5tZz9g%TH(|4_b@_{#{E!yt_Vu_-CJyR1C(+el4v|5$~9|UFL6Z
zY&mJWG@b=9Lm*Ic-rvpKlaXVA0z{htt%b?Gsubci3WR3xH8Qk2QVm7)%7Y*ljiB|X
z@!h3uSvED_2={XSDoO_wKuDid#SF>3Ytk+au*KSGQ<5$YU{G|5XoZndZ+A=t+Ce|H
zYPrt@d<Owd{;Q3)jO~bj%ZvjzUVz7~9+jzD6}xxR&Vv+!ncI3d!p(h9yXsKgC+Qej
z;K{T`eqJzwW_N+JXUFj41Ks67m*F!51Zuc7>;)<Ie7r7fv%_SSBQ%1-Ss3M|SLWR;
z)ZGJibPKH-&7FlJKR0U^?fy^$;7E!umT?1^#6nkZ?bTtrz`GZJ(0Oit?-PP`Ho#il
zauL-{lQ-I(2nysMiS-m|IGWWeoY812Tm~M4@6CS}(!ciEGMn+Hc7!%yi2_@D@+XO=
zy1jUG@eVq<nXs^;>jm|QXi=fnp(-uycWUjKo`v7_3ghF(VQ(`fr?R#yqwF7LmSSWo
zmj}%}m$7y(RtHWunYeFdrYbsL3q|$mH}DO$JVR6lD+C!Bwx#n14s|EmSqzs9%Sr6Z
z-L^JWx*h*fPmbChp*~!=>N%;nz4NYX`mIvh#s<Gx68kXIPC3PMwh~Lp@7HL^+_w5&
zVh2`B>}N|K=60t2X&tg{RH_>_>P9_)jVgyaI5{hCymEM&IF<sB4}rhmqVnFJ4E?4X
z9iNu%i8rz#yTT>2f+3?k=F!K)cj{ktn&pWmZRghZBsnu^5_?}(SMSX~UCyB7tnNSQ
z0qMfA{GV~7fsv6@GDY9Up4$$`HJuNaG>K3cN3*#2kV!dc7yu7$1oE=>#ahx>K4{Gx
zbgy@q2N;#~P6Kdu0KnkdCqESDCoURh^+bP=6MudhXw*vmPlIfB%$1(#y_0xNXt(1u
zfz>@Eli+zu;N5u4?cFFb^M3xsS>)wh1c;scUBt6eVX3js)X#8@&xLYFH3CG9yGi(X
z%pPw@b@|9qKPz1HQaL@Do67UeMy=OEM?i_)%w7^}|5DI@$&JCnYVH<EI#}8pDPv&v
zFmPZ>v2SBC3r+cn>y(Hg!RrmHQn+S8%D3o0G<d2cqAz6kvqmsoNi>UGnDxuINfZrm
zwDKGcdWMC!A7GTD{=u-q+@i_{r0H;0!VZ<Pi`$dJtpGK0<*7T)(wfdX`9~x*go@-W
z!MXt!Y-qjn=6HrEa(H?HR0UWTczWzq=|t-?-Bjhlf&$o_O1kOGQSm3`ks3CbL6b~x
z8jY1)n(@<Cg2k`=mX75&gn!^&;dA5cs(k!3na8{$-Qv?WI!0++mwK2`QaPy-#-B>7
zi+6)T84_ujazzdy8zZm&{n!*j{wo`Kv|6GTJRj&LbNhcD!B`;Poha0>Y49T)xW@32
z7JWc1>9PI|xeroB4g=D+IyU7r*@teQfNlWQ5r(M>cO71ZY8=RYeJ<V<uMvw_+mZF*
zm+#C#jJbbBo(s3zW-wk6@L}Bbeg>3P!TLWBeyXl9%I1=%3PHSUsL{NS#ZYn?4bZqJ
z&LgfuJeTI>cJxIyQ&yj01`@X-4y_N5>Zc^pFDJj0=1BD(2AYC4qy#~|DZ2>?EP)ly
z^6zwR$?|2loYY^QeG5SpT(&}Gt8Z`U1ROejL1BFXR9CbBdwFr}HS3RJvE45Fz;7@$
z)Gg#QitX3+kxL#(NJcfJ&6o1+wp9I)^@z-_3h?J=2sW$SF5O9DzRgBK*r^!|W^Z!C
z1wxM|?)xcs_$zBTByPgD$9w#9Q+&c%)lGG>GHmlAw+#w?+On$R0Xu^zu6>22C26wu
z`}%_t<MqWi9ob}a$J30NCMzre_X{<TFM#NK=$C!)StDKs2}+OS#bg5-ATA>^&zN3|
z>@ie=T!Z+2voHXuWFQZJiYr1p`oRDR>_DJy26#DivPhn={T7J^rovd@cJyy_=uCoG
zw>Vea3c=q(yo?a{v~Y&++`R}4;$NHGtYQq_A^^d^vZFFr<{7>Mv-&WumDU6~VT+xd
zK3ViSh{a9=*+OcNoRN3;q*>4AK}Kp<W}2PZ*DMF?LdStThmVqe6kv?|D$N9W7oKC-
z<qxf&nu3TBj8B|T;Vo`P7oYCbXR{l<6w%Vg)gs0xpW7>Yo0r3S_(H;PamR+<+pq4i
zv~18QX@kV2@*#G&tAb+@^I!#TdH1&U(4X?AN}Tw}Lc`7OY44`MBJSYP-mKP$?F}b;
zI*5c)-`N{`=^Gb;RM)SnOj{eGIfIP^TMn0oL3R#)4~<g8EsRsHZ%dxBwF;kI1A#68
zSN;-SsCo;#uQuZfiJ750KQYBwYORW>6OMm?aKDzAYbpxg%MJT(CAmVpz}q1FSxntC
z*@`n(KP6+LR!mLCj>xufHtxM&2Pa#}5to(SGVy6m7j0QTd9>y(SwlB%SyoTdcOBt|
zjUB}pl%(f>asO)W=qLg|ABT=2xmB!zme%W+I3Z#N5=+k%FBI*IaAY4TbMX8Yqb=Ji
zpQ~hvVjYrHs8gw-ts`jsfm=tw^1<yC3deK|Yc&1-X-qTnTc?fFlWIzL^FQl9RB|Z3
zVUqcoe$aV%N_+57cjfhqjq;CJienZ^ZK(Fvb2P~>i9dI%vSIWlC{ZT!ZgM<B?~PYT
zUYT>jU1Dtr?mqaGZEwm<Wk{X!1shLaw8w>{yIY{af}|HqK3MQMajIq5v(_zHJR?<f
zJpC_S?NpVQuWMcdQOAgN9`j9-i=N{rprr4%j}Jv5XAa~U&$A5EQT<Xgj26a?hDz4W
zF*{_09nLdMf&R~jRA`)Zgn;vbtRilZaVN?V?i1eAhZ6B(6iw=0V^Bj|%OLkPP^{$9
znchF+?A!`Mk^KlaPSAys-sdn`4BW~M24*8bz}hQ>bIZxTTr&_QX>)skn)DrvGsFJ#
zKvaI%`G>>lz+?T?0tzw=KCUu5b0T!*PpS3NQ*%>)8*-*+IN!Kkw~v|o<MI}{7vklx
z1kL(0iAn@%*H5>0q5uQ%?P9CbU<TqN@G76|cdoh9e+1%fNMPdfWcwtjWP0Nekf7Lp
zpIog1f5#kKRdM&3{mTMSbZ)i@!xxhy>I$QS2p2pmk)7U`qdZ?LZD9u~jXnqR=z*_6
z;NmXG!$Ts?VVkg4V+8UeJnFm^$?Zni3<%em6M%XY-amnSaO}<YRsVlJ!b0<7GH)<;
zw0Y-#_g3ymubCY4uW>nN)B)@xTnEO5X2sJZ0M`k*I7#z0FTPy4PoET?08~tCw%nw@
z|M6nW2`gM@4+`)m4diVSHy5n+tFO{=8Yp;$XRtkndH-PZ#v#lzEvD0FjiY$HSFUBU
z*W5y9VF+u}&ZJ$~4asLKPp&Kfci2}x?pV??tHEM&j+&#LaYkA`ujSvRn!fFJZG2&$
z=kS4~CEQLq|A{93+uta5ng-LV4LTOx3(sZLG!4|~C$JTs=u=~(0KI1cyR@v94yoa@
zCkAC1pvx&&iSix@VWC?xXiuXVY#PlhXP0AOeZ7fkU&>Gu1byPlBZ1+xH7Unx7@ljC
zf^MRVlf%z<F`6C5u$q1yxEY)6k%5wFcc*gO{P}L$2K`3+w*OQ<%~QwrpVh+7d5$NV
zpB>|mJO{sJ3+srg7{fmcH_vmwDa4xNUeOecJ%=XexT1|<?aM+1dNm%quD2C43ZB}~
zE$G>2s&gmLxlyS<AE%Oz<YMnHDcZ6wdtavaJY@Q5b{5Vv>WI@0wN14wz>bhcg~R}v
zcobJcAj;!Jpz++6@EIr(aEssGp>z0R{rlldH@BEg8x>hPP1at_LM76a)WXt4ZYnk7
zZzDYViNqd;+(OdWbp-3EFCv)cr0JE1Fv=}CYxQeT>j;>BnspDZA9Yf%z3m{on|>>C
z^P_tPTFo(LKb~dm)ZeoA?qHt(#Cr11CvWVuK*z@cuQfBI%061V4A;>09lBy->=jus
z;HEnwzH2bS9)&Z>x5bL%J=0PXjB5Dwa72MG<ZTe1#x&;ha;iC(M<Xa&eo5K7<9y61
z-w>9OdQ0(E_JM5*bSw~MDh#e9D&>7p1`q|*-7(x*?NsGdx-pON^p()%E%k~XD3XVB
zrTq2n>CPn{;Eb?}K3&la6?n_M`5FAEo6i#$NiU!JbhjNpko~8TrFbY;rjo#Evt|$$
zpXSJWrPF31T9j^w0>DC#qJE1Y`$W=yRyDLButKZg3(Pa!Mm{5{`$_OGiz+_dKLX9M
z%qhmI<MLdpJ#$@PvNE};Am@;JH^B66RIT@ObNr^ok<8|PGtYUP6bm1G_0PJ8+!K0O
z>o!mn$ZdkleXjl<NWpG&g|{CkVbA+#BX?x8QLmO~&PF~#Kl$l=bP3>G5<4jg%iR5A
zx%U~O|7bItm(6$Y#ny$cEa$wK*p)WlXlCV;X<OOClJY^iMHnf8+=};$`&{i4+2%Xu
zyQB8BeL(hjL8uL>%aK(OLQ)N2s|KUf?fKl@UtgEk->)pR^b!6k%hg^Mf7W1~qs#H}
z6|lmy84!w)VR*M8Q7Pb!KZI+3dv>Q+pi)IK=C`{y&1XSd9psY>9(*Z0_sLX~OI(b-
zvaM?J`M{6a!0tA9>v3J}oeONxg;quPufp8$BF2h)A6_AVPC9Y^!7497TtjXWWP1at
z#c}8COAP<skh`11hqae8L#h!8Nn(`#xNDwMVN?}}bNm9vwZP=Nr04(lRX${UUXC%e
z1`^_#oB5UhsN?Tl+J{^nh}Ur^DcliA$&fIRu;6bz-I`4y3MU2#GzWa&q0<4>?O}gm
zxC`<PY!irT8t1?VpS0|J#qUlid3+zSoq?$DTTIO{Hrinr6KOvSFsk&a`U1iX?usA3
zSPQ7h8zM0|c-YDR7)Q<-FSw*6vwQZ3<HkXT5#98ZAJ<L`Yl#_+bRv~;qNJi@vc32!
z1bch~8%A1EruLC0t0Z#ZqgL@l-&ZVc{9p49x)%gw%4WJouuVsJbg|7)FO*&dz0WG2
zvz3<3vD{5>qcIfKMIW@sDh=Y+r72UX;O=veb77#53yBy)4HnV2-n`2<X^MczymiC8
z7Gw+m(;Gz9l+D}ao{`#ksj_|h_GeodRLGTda`$Ufn|$?>A$EW%47;XHT-w6u{2KlP
z=cmoy8Et3jxpo_M=kx?w*6Cj0LQca~CoOLXvhv4+wUZhOb#09|<CAs5aa7)u&uK3%
zl-&*d@e(z48q+7Zjz7Ik)pCz3>3aJ`OH+iiEWeM8hk@qzxE3ZmW1S8!y^j7|535$<
z6He)aM|R952`CN)TH;vfRG=)ismaQlgMMR2Q2YUqo?A;u44MoJvQxXoXodequ`db`
z=ccX`EcLPf;<+OW8jm;pHuPFLEc5S+JLKMr*>Tq5E@7V#*8T_)_HMPLZ9^uy*AXmX
zoLnwpAy>QwZ;ad7PS+ctayKV5vxfpua^&ZWv88hFlb6~u|MnhKGle~RtxtZ*A?}JP
zFlU2>eZXuKOd6o}TnK|BY~Kb?gQlF-+C*<@GHTi4l?DKMnZs1^&Jz(c?5{1PA8YPI
z&-LChhO^;s`bL?QgbE6%a)rWT_gK}+pJI{lmZpaWMgLMXuthtL3dO+*@@0PHA{Ji0
z3X0Pv#;zB!)kb{s3Lttm8gWC&w?30%VdLsk6&bWOT1PU+42M1lNfgr}pmHPW?ny?`
zEE0QN(}RsBPl}Cu<Tzy=wVOZJ#Jn*r#gY6wmp0mCQbNYrr8qF*%-cG)IQV;A8sD1O
z;x!4Xn?h7abN<$sN3u++-5b>)hIOCbE4&b4bn>cMdmj)#$kC=r9}sja31x%$S0KX?
zJ^w>3@;&}uw}CI<{=aM#ysJU_2$(<YKpeCMV;4Jp&JXGCLhZ+#5|1d8_cIVm(?2Dm
z@6Y9vf9(jPKMWF-vuFLj&<CAd-<WJIGy`@M7IrD+Pnro{t#X)WBaD!<P}x6QcSl)i
z`&ns4y8&3h;Q~UY!KmZlAomeqIZ|Hh&L!i(ARPJa5`e}{NK>GLeGK9FeYfq~mU^ua
z75~>tQ>78H(`3=6|8sfFPXz8UzLvS0Bb)9U{u;JKG9J)f48M9d<y+P3l1t=?3|rOi
z1>+VH|Npf5a|_ShM4RuoAK(^GfIwaBrm?kib{fF3+N1Zh&N<a?PVKY&&>@-rk2~pK
z%5;j6Y|uXg_JPw2jQ=dhI}Hi~wK#*;iMus;Y+YbX=T$4N9=U}rxsQ<`xamx;9hTGy
zq^AndHrDUUCt9%S=E<AJx&P4_-v+r?%@NJoHXbl+12=6a&Nbo1#2dbK{+=;P&4q5m
zA8r12AA)vkDzR>U);yB#^^}oVBFoA7hVj-tjKV3eV@+xO>iK6|BVJ9tW{<G<F~!r5
z*h;StKDFm_)ryD;N0VN>dWx@SH#AT-^HiovZ$&vck0K(o6wf|O-3HarrM~4;X2~T6
zH*;o5e0*O9U0jGtgtbIj?J1E@0u3sh5Sw72ONN<^2FC0ai8_7Cl1PUy$7&q3f^hs@
zfzlY+uIr+YKKX7d9BuOC$OP5NnJ^?b_2UCxK9orciViRTk9TOccNQLndHvNk7Y?Tj
z4kEU^|KeLdGwF}}oN6INHbgFnrsj*@6qhhZ<d4Pl>KLKQz#g>A((CljB^sbszcZ31
zpBpHPwnn`m>g~mTC#u5X8m%Rn{y4g6R7u5Vw*It_3=>CFfQyql7X_W{Z@gUBkXT&O
zqH<0x<|8o{YPVRyVJ_<NuVoU-CwBK8P5-c{9&?p4eYcgSK~!<Z$P)gG2$H$y&wgtf
zET|f0mML$0RHVrFQQ&{2eu3#6<n^&C1X<omWM1)u>aK7iSSq7j(~yJqw^7q=gkv;(
z_^#As^1Y6|j%;Z?SF~omHQf4_ZsZTEz%>bRE22J=u1`hQ7Wg6DT4fWUIWddXT~gjL
z$5WvYc*I1^t@cG+8B_^1st*uWUTnpw&ovRGEtrZ)soXI{VV1l#-K`Sj)KtX@kCcn#
z!(I_%1Oe0q4^Ll8@cA*G@Tr|;-g5V!m7t(#;;~b5oyaXqOTFG?;&K7b+I4l@7=f^S
zHRfP4bXJGRo+;KBln=fcl8`T?Hf~OuZ#T5iB~!h?ioUoZiiVFr3~ROfnk6P){l4xm
z&kM7TlUGH95ow>{w?xqwBLw6W=rpAGFkY`;unxpMMRX+B0@mR4ja~zmB<;fDsG(H=
z>A6OF0MwQMfW-PgAb(IT%%wAH6G*FDPAUNI*w`BX_C7Rz(BBwje+;ULwinOUlk5k4
zINi@ho%&<lY-+>TH<qTkQ0leLz09{#w{=^mIL)xsWv8GPsa4*6V@!WH3*neLmYWAT
zi{LPSSxhSilHt7ofwDZgYJAh!?0j|d6EWcc_$z#52BPZ5qQqO9ssThfKUm*xuHhv+
ziBI}1Yl857)2d(UzK}WQ#|9@mJe6N5Xs?suTflXnR7v(NuTds-_=^=G+~ePPtI}vO
z<d5=7dnK^{+IXWw>F9%LQz8H#0E$|Ihy&|2fXQ{{);PgeXw1K_+dt9QC<Qe>5&apg
zdwGp-rAR?H%qA&iH%Gy7onODm?vf|jcc1dTd@98HV;1pU$)Nutkj`3EUY2BEd)`Gj
z+<d_B;Y~YWR|LQ<7zx4p43G8fWn>SG<z0(29GDH?z%rtnF@LnF$c@PWO=)JU>q79D
z-?sWfo3mW{*FY{_9;{BjAws$DXAvBOUmvvAC5s4u70!{Amvt@>RXX0!%zrGdw((Q^
zX{@gCTbg2ynP8f1l2?UEr4fUBhB}Mrm&Ik-%cnc(tnxu(I-2%9NrhR1DrK(a%wJ0j
z5<e;_;2Ws5eFDFEEm6iEPtf0`*c}o=w_u<dwWm3c3ZgmI)QXGk$*-*B>f#m04F=XY
z7j)WF`Vz<IzIu1)v!q-xOu9-fCZ5zhhAfld$?<XH)YLz^k?!ourq%yD3OP$#_1<``
zxp1H%Ja3McQ9c>uwfr5UdYEfN6MyzynO1(qD^G7t&jBXf92#}aT0Oltf0;P*yRHAq
z<MwmB;Ib{;S4tt{WX?!Hc}8q1Sy)2~BCQz11{no7_k&Tk>4y2Kzv5lL-yz?j?j8P~
z;BX!gl2v%ANTBqXZAk?dLN^o<{GR1`U0pF3)PJ~!l}8aCS)q%rSQ^Dm)t2;!!5Xs-
zKK+3w<R_Dv1ZtzWkmZjac9~mrZ{%&zS0;_chEqmQsC;o~*r{o(gqQHM`0DPgv`)(|
zvyM2%dTxl!(QJ>*S_DbRUxlmi5u(5c9Lv6ftP)JN{NZdIN+<m_HiaXgCg8Q@hH8jK
zs`s4Q=#X<uF}V?9aLR|G<7tuLJy%XxCLP6EkIh$AOsAK4_$xL@<xLuzV#3$Z-_h!n
z-L2f#30nq`cO><~BxzIy1_DaN<R6TJaiqjS<_bNt&T-e%hHNa6Q<V`%LaY38h-lVx
z&MT*iAqC)pF$<ykJ?Zn4slJcs&CA$Y^xj$9AUyrQcLNVNTOW46p?+ES;F$*Av#h_r
zaqxaB#hkKo%s5~LPT1pLLQiGPNB#4!ru?Yt>lBEyR4EU?cm_9m6(cE@g^^{$rlo@j
z%FpNBi|1n)po%=D)2iFP+*Fd^ZdZcJ<h$ppRwI-?0@qu0Q}q=Xh(afjF@T_zfW>$;
zch2I&-wAbty1{>=!n;-hK+o<JKwTUIPyjs~@tTAwI}I!Z0x8olS3m72wf;O8IAPw~
z_4hh82+RnaMnv8NVT-0*Hu2GwFiHQK<Q)FFV}DK!%>@~eN3zr$%QR3n$rJ2sc<82V
z{vSwO1565ze70I$FI8yYx#nuOPv?c<Zt*W(qZO&ON(qqG45XWoV+Amx>LRdx|9^)M
zcwn}z0rHW7*lAbNNAShYp3enbKpP%zNKE2JpO43RB2hUZd`Inm$Lkd%W5$`4*DH38
z#!XO!oG$E7p2cJ5n15;GGFrD@z5ai148bfSy=di{Thn|GZr;}02YyO|^xl*}wu>$u
zRsnwV7r0aa8mqF14}Z0j<I(CI=tmxWBIu?~IQFEy_R{Ol67O(==DD|ZgPg?=uTgSX
z;zeDi?^ap&Au}9wRQnJPbFiYw^dySXZT;D?mrL#y?G8i3C0JSXui72>YwR*Wk)glw
z+5=f6RKM;MNou~4B4^!lr(`(Xv=bT9egC})>5-9D<yvMplLhLYK-V;0=k<&XFLd5v
z!p@0NR5`ZP5RO6G-Xwj#jp3+bt+#(sHY8_@h@nj{MLm)*a4t0C4oXY%s}$&=bo06h
zHZ@huhUalaA|i8^(z1Hl?k0NU%7#gE-eKbCOX9IXgAqi{(q!Y_N^~*d5ttP&dgWcH
zJF>2y-1(bvAewQ(Qhj%vSGuRY9V0Hj{9lSb$*uS7ewRsfac>;P?}oREFaDwHjDxmh
zpRh_XZ<tk*H~wiuyt88Z)PKFPbkiocmX#?L2gnuW%j+Lb=Rs}LJM%loi(4hU0pAxC
zh724<+h%RqytULfjWe`liuxU*8MMW?M6UC~zI<S(?|Z!&iRqM9BrZ6uE{JZQr#Cyd
z^MEWd#!Jc3k0gwB+k;h6o|WIh1QsIQRFu1#|H-B@1v0l!*G%ZP`Gux<PU%gITDYI+
zU!hCk{U3%v;lBA{`ls64Rqi>RaoN}W+lum{udmFno(l0|*Wrw@gETiiwgp>mhtdEg
zVBuYUZb-$MS&sTU61<h=G&igLCL|1w`975Ql~HftLMCd))bXPIL~}~nA*;^}HOI>!
z(US(QU$^Zg=&hZ&{g^x9r=E$G(_~2oy<F2&kskZO`YAGB>?sN^4d(SSh@FX=%}DH+
zdK4<<zpV<!oW7DQU>Z{(pU}cnjN#<#mSSddF{46zZBiBqS3DKedV~7}m<|cZ@igBB
zGmR*)VJ*j5jVNzix+p(j!9#H|L;V>hG(sEtNlqc@-GEWt`a(3``gi#(J~~D`T@q(J
zU5c7?(!c7`)WyF-gS#H|cL^A#1}6h#Hi&8DK?q4czWx(e%jE4!kGMq~biZmS2_vVZ
zI3d~L9RnFGgZ!^oK;Uzr_dv4M+a<+8#@Ek=*LQDu!ajD!S0f&v>|JjwDL&_XvPN2d
z!c7eYXyrl2JTTqT-gPD*CT=;NLoLQ`arW7LI4AS#T_^obs}BIFdNT6AtgRT~bOm^1
z1b`)8T{*ilt}7Y~lQUX`ifH3*E44gL^U`;#_vHZQ^LKT7C+By1Zk<mTz4FI?ZRxx*
zHiUH!fV9RoRu%}yT#Ln06c}*6!&H6`3=2xq*VFsU4>7r|P6HU{<4IH+7(A+4;z{4O
zB21B<Ad2Xo-NA)h6knz-nJ}nV!QUjWZJaCv<?YX9@Pb0`wJXcCT7sx>U9t61*fbX(
zhDCX{ulP2ed3{`Ag6}xq%C9KMtRaTK_+BD4-QvvvLY(HgUJE9uTxk}sQVB)#l}Xf8
z-zlCwf`41_kJaQdtP4_0d<cq!;Y~*!=ea*ae#ZN;1&+5ky94bjnDI1@?ciZ>g1a=Y
z%3D#mg(%zv*!bF$eWU%9KnC_8L_hD$w=fyfYcIE(gYs&<)3kKaSEqCklc-7HlZEF$
z%3X#Y(91Bxq{d}bO+9lT*_9QiQciiPx7c@%-=1Fs+cT`w`WWg7Bzh3w-T|=CliM^f
z_XX0xaFN1K&bECcx3&e~9=pvPfs1fL&SsUD!|Iv~5FSf4^D9rM$KILyxY}_dp&T4v
zxyH4<h{vbvr$p5a=ZeeJ{Yld_^%WemB;VypI;I}dWJx9$m$cUGl@h$_H3$>a=A)}}
z>h@s~$=R+;jIO~bZ%DLvslnOSjUMhr)jfUclB>E0Sz$!?f*XfR^~p}e`||V>swKv(
ze38jAtIVKzDCXtr#Oc?W<nC|BMv#N-^YWgk@N?L9sH7EJ#O%>N!+pRzf!aAX>VLME
zEL}Tx(|J08O8IJ-M$U8CK?JH;T>fL@*oY@@ClvMfp}zg6kCNSMoNt~B<tx7%R^!rf
zV=f6Lm1ZT?%M%ZRQ+sz(IYnd_Y!lYlGK*lka}I@Df%BAPTak68hIL5BjggGO>j6%z
zrYPsz!Y-<pIDg}pPOt*lQBR<BwS?;05?I7%@tYsm6(<sX|NOBTikNIg6|vj(U;ePX
ze(E!rNA}n~Ms*8+R=41tq<t<qB<&^2!qabTPJ~tx4Bm9IHiN<Z)ZV=N-b8ax-)PR|
zXTi}=@Rv|eaQE+gL%iI>r`#x^EDA4EBqM)WZLS8bY^=&-@kKo}LpR%4z2p9h{&izD
zpieoegVrT#N^d5@<RsLSVr_8I4%S3+SGf27QKLnL<XOaXLDIsEvk@B>3j}<bY#%K8
zMOj@7e|_sN|MoST=yX*bt>TOmp2|C-Z*`yLC~A2qxSe_vYVc7}^sHzxUWcgbxcah&
zp2P$Vy`suNBkt3})0EmJ=}kh%)5Vy6Pu+p4NXne{#L6~lk3K7bo+|m5|4XOA;Xfbn
zlu7Vp@Y)z-R#@^KS@vZec^m^*ci468EUZgwQZB<32#;x*+0UGq7W(5O=y$K)_iwOT
z!v6?rQOSnOM+0roqtH$MrQjr{B0AKN<X}Agj;|83U%~z~0;cEyT)tZLG9g-lN5n_O
zIC>N=TM3a<xhF$J-@?m8sN#%RsB%h)``EF$$x?sK5Vob_?sr@*xo3ck@1a3-bDrD$
zxt=;5Z%eI(r`*4eZ`aR0c-x5|P6XDnr!tEE<IoaaYt_l)@WoHgHIB2$kS9eu|3z;A
zm-rJiGNSj)bIl*vaS9RM1XOFn@WSb(k@t}A)^U-4*!hRp+{~b|Ot*ILS%zL=YdzTU
z&)%jP(v@7KWqA9rw$(luxo6q$s{*956A<Xc=(lks-+kirt@!>bT$h7b+~*O*ZM{2i
zQ?}>MZ#)Ij^du_{8sri9?V$DEFzjLe+I`*KM?$%FI;^xAC+uT8p^sE&qnPiJ*Ixmk
zM;2ipmAaPd_)%#&31<p~Hs+uIdQH^8!f;!if05NeI3!%bC_bQi6-RZMS-L82r93$A
z-UUdeJ)o60girg%A`FhUFIk_Sg*fK>sGGg@$YV2O%qC53(Js<OTz6z3>{@aIkktD=
znVz{i0L)Q=-#2V5J8k;#arZ}>AjA<YZscrVW0YRJmOqa>)bX@)6n$~2e*Ob=L%I2L
z{s(>^SM35;bXF~tk4_^<W;LF6!(QZro2|L)bm#GE^<v4mwohs}_B}pr-F$KPSQ;M6
zrd%WU?!&oxybN6FxUQx8tdqIr>9%SDWr_gDv#sq9@Zoo&3uaeWU%pmGu^!1PRM!Fo
zSt2yUS6mW4EV7(4z{SVp<fVxPA+hz=&h3|zLOX;xqo8Wzht)zk<WIIynO>{#`c}d2
z26TKaSo|2h=DNMe&!uIWBT|cjAv``|kf~|BUNgmOK-kL%NRGvTlVIMz7x@GtcGw}+
zta1SikuPA0n#>>8&tDzM@fq^MwvXuCCVe}hCx0i1@}*Zzjwk1@_&WWv*V~^%F*`6u
zCc)yRSOdF;^+dc;nb0ke!&2e7ekkX|?U4QAZ0w_o)0D&h%Y=rtQUsPv$?NY3X~Zm4
zM0$#jhVgAIRGsI%g8N_O<0I)s`D*ee4@RqwR*&_=b`f}Kh6NpJ8jR<DM`cIF9S^|b
zAd~yc{Ml*0AYl7sTE8+S8IW2Arok_FV5jB;_uZy%EAI&;BgYz@cLa43x)Yka@ULsO
z5P#z!iv9H5M6oE5bicX2>*80wC+%FL?xfZAjtjoG8|NCf;pV|+=IOaAJ#7Oy$&<Mr
z_(7MagpT5i4%V^{<qkeyOf~b?(hPPrAYQkEQ9p=BB~*c+&e0%<gNr>LzhHyd^$`vO
zJ88=1!`e<EhzjgDKGYZC5(QzqR2G6gl4ED`W!{WfB|h!V!D@=t7^uQ(Vq2mH$AZyo
z$S+;&4&x<r>?&u%h$9o+jwDO^D~h!BnHh2u?T+q`?zoe^xqG|lCdsrp<0GC&mvayy
z_|*82Y~Vty?9}_Z0ZsEu(~IT=E+>q(RX6Hns=!YcuH{cO#|OBCraiZl6JqtT9rA<-
z1Wabh<OT_V5i~kxTgSSd^Kk{A1UBDdc7(0NgixmaTZKwlT)u^zkdd=E`L#sf{I2v{
zJdIw1Jkh7v_Q68R$3LEGj_jikZbIOM8zs<A`4OmGFf!TZ%4MHnC}dJfU?w!Pkh{L>
z@2nov#c1pMS0$b8n8ZKyUy#neEr|Q&&^@D+qOqX5i~q*7WLfpiI5-+An_@{mkaIf}
z{H@S=ftn(s%cjnfQXA5nS?VFeJ@~f3l&0)5y!?F;Gf;f*x9aAJ>b`oS<-4NhG3@KV
zD8F|(x+!Nr7W#Z1+U+oJYd&f4<~f?XdG`DIfD%5fy4;<kEcEE}(TDjJy(WcaI2ar)
zb;A!(F^I$DjlKzCu&S|Ty*Jh_M{SS0h`8gB3+@=iq&`>t$Z&+or?)J>b17b0^Nr*y
ztCEg)58SnYFVvZ%T%d<nNwCz_zUI3SOK8xhI#W7vcV3ix|95tIJUj&y9EpeG2Ux%8
zaD*REhWpB`N3;%Aes=E;R21-y(?oL#whE4y2x1qg!tVEUn?or1K*Ilm+V4nUt6>io
zVwt*eD@eR19dy<w>h;n`Pl`p;;>1G%(GyfTk#$r#yp{=HY990}kgeI329<;L!pEp=
z#y-}0J>Y!c#?!&W)BYwXP2K5Zn?Hi5O=oe*$o;41Q=iGmpZXt4TSr;_eriWtBGpgG
z4%6u0l4N%tNhMVGt}y1qQrR7HQmcKT$2XTLH>(FCC&5TMi^wH?`ho*WymAojGO=nL
z)rXA|0b>!D_=a7MbIoAo{eLUA>i-#zbxq&cN^vf}ke2N$6My;UoM^O4<)ead7N^p2
z>4@JWFYbb)%BUg`L%|W;r}vo_mK6UaNc;MZ=;r)L`0D%)I>p}1a#czAbkdb1sG8{|
z*cA?iNfoqI{{jBbOr3O?*^P0V9jqFJSfFNmHPNU&#s|~A!;SI%zLu{i+&i+}=0~{C
zRQBw~XHjI<!fxo-){+`;j~Io{`pM}%*c@`=PI$Sdw&{mfxNyB=xo}b%`wNib(?)G}
z<18MX{`Qnq9&ViHQhyS=yOI?1)Z8>8e=+pZfkdhJm0Rum{Y``Ss}m0WAN&*CnZxq_
zcci_)tbKaX>zp?+5pGh=L*x0sNAn~HNFJ~qV!gsaI>o$yJJR+T{tP;NBt(0w319)I
zmg*~Q(u0|!nxES{KMV@^zpAEb_2n*JbtNRRY%I*KoSvpd)a?J&<BXN{t-AEoML5DL
z)=F0V75=<>Hs_C_^;4$U`{|w2iDD4U1TJOQoYOjQMgUsdWZ#yK+b0%jjd`5AIU<|?
zAfUqe8vJg^l`eT>SJ{oKg%@<^z2+ee!Jmv0-)lOQzNQb!UB7+noSN}3mkLia$xQKd
zL3K>j=mg&cmY-EPDq{p6uAou#+`Kv_J^kI7ySd!1op;^wbEA<d(nm9PKKkm#nXEaM
zoNOy<;LRV*sblH|0H{iK&z%Wx+)Wa05Xg%C`AwD>p+Mi}H5u3rM{{^gyB1Lso;b<w
zL1l%{cGLWO;4e|^;NeEB!PP;d-RbbHcK%Yw!bZcyViZ_Q*8UBC)np34o?kRse3y~4
z4D4@Sx!3VdW;csK^A9qv2QQK{jR8s^;x@^6y<7`nX}4?U@Hz|pw{vuLX*eQ--qL}&
z3;kCc$UX1^=DI7}d<+(#dIAA`;pEMZl*rSH!rr-a=!=rvunCoqPj7EEA7Mc$cWWNk
znV#st>4oK(j%4R&F%Vz7V>!h7y+(xhQ)eP1Hp(xP7Tq!^02(ywFMPIg1f0M?RmKPV
zeE;pZjyE60C<pBf7(}E-Whmf@KnW~#Hsyc$aZHAV6W)gEv5B^Dmwh7UEh7a0r_P^d
zRbD6BleKgdJE71YKYC|H-fSKuemp(*wsu+Od@~0%$t>cY<MdR1#SzJVU}Yb-5SBY}
z5tLgM6O{Wnwnh*yXUjc4UL<S~bKBefOJ<3ah?awi>-6s(gHg+J(+y31^hTNz^|QJB
zpmK+za?LqT9?Zy*n8Be!n~C1rL@ei0*<Z%gu#?X=kQJUN%h6V~L>CS&6xi>mPmI(l
z-qtC<45Mx-@0?F|Aj{No2EkvYxVvMI>FkRGI{C8X@eQ#>3=B=q$c{pHXr<B#@oQ}T
zVyiow2PktUhVg3zC~v@?m&Hc*-O|1>B(C$#XO29dy~Wq;k4Ft0AKOG{U^q9LU@&Zd
zd7<CX7mA9(@a4~N%+_O0_U;R!XZV*ujc<KHX2kg<Jjr>^98!E+b27_lvVVOHmwWkF
zN}+L=qr+yr9mG;9n7_mffw2G~Ejh1TysFSplnr$gsV(De^mpU6kB;K#&gW}=IbN3D
zBs(=sjJ~*w^In7GwG;tg6Fjij_8T775pGux%f62fBNVZrRsS7M7|GPiR1piubl)K_
zJyDls{$NV|9{@!`y1qp0;0&Y&szf$Xc_Z~5N&hV-{WdFX;`H5UrOyUrJ*PLZ&PuOD
z!CE~%Ro1}UY49$-=Z)4&;kByM;k9aW;I)`3-)9ON8N{47n@yQ=wR*cfei=Q@(<w6)
z?vouS8(|QWR2{<<1}6+gjP0CA7X)n%hfasO!-Jn6!XNm*-~afXLH8-F|ML5Dxc&48
zICk>{^gB8TDsBviu&q%Lz6}EvBMQP4Lh-rKtvG=&z=?x~U<^#bTR0UlSeb;gC55dZ
zyic%jgxkr%K%@|e#ftFR5D0NQYrywUz87W!+<AHj!q!v<zjYN@^EF^oh#O!?Vqjo$
z03Y8-&s9{w0L8!%MQr4h+Zcq)Ahs-rlOcj8MSiS-glr%J89wWY0Ne)=rZ6-S^3Qk5
zuJ`9)kSdFziQwT0gA;+1X+D8aSS^=+?7qi}(ok%fC-|)ig0Kxy;Ik?KLljQ5DOlk|
zqBKn&@MkuOkWiq)0OYmI2bY2+9QyM%&&3)R+3phyy&YL3P#*Kb&{cA_Clu(N4f1x*
z0(rZ<{ac>4nR^N4>BjueRyT9Gyq(^<oUhy4kgwA_;6K|JCmMW`9fgzN^!QIuvq@4(
zvJEE>22~79?_b9KO3aatsa@fh-+p1|+3&yqhVXNbc>ddSHYvVz_X@1|WHr=JY6?E<
z0?@Y*%XuLEcZIv|mrC@80mlc6vxna{UE2aBmX_t-Gxt^how-j-;XiY~g4KW3eda&9
zkGSPNYoJQdZ-PxA6jb+Dq1(7DO-pi}mh!%IpG~CEbJc$~nGpO5?z8vcvdGZ9khfzN
z$k*c?$kXwy&4rr1nU$F@+@~gM?zUN0k^6Z%WQJ0sia_OUG3dYPKJ$2MG#vUqm5rfv
zilE#4^NS#8eK<tm`_kjS)qna9aOJ;q_o=><4<k>FVcSEudr$8}!iM_bvnIev?YGwb
zbh%Gxe77RqCY;rM!tQ=rwcqMKQF@&plw9l0))}=uj=hI@@63P2eM{{Z?iXL_1tnIM
zg`f@i-Mq0f^S<QDGEhFTB3!-mu{gq%KYxQtE2=>8C0<td$$RO(#d|_=AD3>qFMnQ0
z*gPks`^J*i?+e8z6oq_UaFX2(Yk!9<-(~OkW*{@)l6&6jh`HyP%snA8_n`aft^KO|
zs{iD7@a72E_w503<N$tn@&h#9)dB)Ggjn1s4|*T#&wfcDZxc>T0iV?YPW+d-rxL@O
zeH?R-H`YaJlB>7n7gvJM%JR%vs+%(|%@)s?w<kY8h5ma7!S|2MJoMH5uOT8a8obdf
z=l*NlCoH)~<G$g45c=)QTn)#1P#OL9!*hTrzP2><JN}W_8h%T>x*m!z^+NZ_e<$uM
zIMjZs^Y;3$)_%3#t99S*zpVT698hzQaG%wF)o~Tof4a~77k;bQ-ABBZ;Q2a>=N`If
zB46ise$Ue`b5Ef>-FWV4{FYzt&RIUD^8;T4{&Rdp?upMZ_np;#v+g_A{<LyWIjnho
zj}2nu&Ax}Q4*h{k%00x-zx@o?AAb+~zB>S|liRbr&KjW3GXEyW+E3?6qrJ`Hr|0H*
z*key0D7DO6<GLMZ?hF6juKjA==cskxW$qE~)49q0cf)=1USjdzmU~pld1tj>b^k?c
zzbp4ur2qJyQn)NUBoE6y`Fmil>G;-`?5*E?pP4V*-`nS%EO(}SxC$2JfakM5gr8QI
zg{Oz>0&B2Rv(+j18hV`;YLq&owiBpHiX5r|Pf}~c^B+&*Oc{jFV&2T=&gl8`NAT;z
z&)}!em&1dDb>K-#Jif0cd+*aj)s>~Bnue<I^q?JF4=$e=#HW+EbRrw1;^!2+&xlc$
zD$$M{AgU-(!_?Y5eUfbQI62bb(SAt;JVYMs<=mGfMZi7eZc-(<yN7dUx5<yl54*w{
zw|646+`;eP+7ZUMxt()^*cJxg6I;XJy5PGlp^R@;u<j7wY%=+JV+eeWb%Xc{@4F@x
zzQkH~6SLdX**SsSemwodZ@-_Ay#g~|`Q`GTedB@4tI6B1MNM4xTHGwi6g?HPG+P42
z#_WR<bk*s&{YbKwVq;B;j@@riWK7x=CPowcppb@w#3)Xl5qqI1ZqKo=?y`dK?rr_4
z&)}`@t0DLBJ-k^uJPC5y$T>_;4h3p(zCCaUv|M!xzj%IS>;CcKQ;3<o9p37>0kRL>
zlP=yKxD#UM9fmuPpRsj4{rMMYJTD2}?7kL09K0Jo9Ky*amc$46xSgyBHBhsDv<u#6
zSDl)?JBW~tQvrVNySN_)1GXz{<MiK($R+2Ue$+%2^xZ6=CaP$p_Q7QzTFOQ$(wh*?
z)LsNNQ3X8{Z4FaFk2MOb8E@nGy)d|**IO-y|A?Cknc`=|YcbQm%v5<)dFH%zve6zV
z8c%a~d=m=w{tzmz#0eYyc@IvUBe!C3vVftA!GER+cqLp0;z{1|U^jUB{3#n#S2udi
zfYia@pBM}wTQEo=A)7HoG35OS22D^xa3T?c6Ncc;oQj)pDG1txlL&?qp6EVq4~On!
zkiz?cSd0QBSj3F`NcjyId=M7O)`!84FLsHo1xUKK54`7>2j8`U?8+zuF%j0m!jUZ`
zSy+z~W+(V5upqUbLya+?b$B14`xK%mOtEl9VG2W&0Si(XlI#IWgs9ROo>*|QBLmb*
zYMPo*cq+N9EL7c63nrhL24`-cg~Q(+fq-Qp;IY`toJ3H7l2DMcgeeL_0t`kJh_oyq
z%9_kiKQt*XF{2dZ@0k^YR%Xc4Da&tp+h*=6l&2f>pRVZ0+3~H*c{*o?yq(?#zggb=
zN)4P~IJ!@m{!91yl20VUw<22zoIGd<L)QsoGGX!G>OMo`zVx5GCr3J@bYT+=cW(4c
zj*pHGg|chPGl%W|m&b{J09~CVezy3oqH$hAjh}kE8yl1IUw``*hU^^%9t*tC@ASBj
zSll=LXYMoqh5IylVD9t#4(==Wnfp5bUAXTsfl$c^_tnQ<(tURR%qt6pKFS5TJD}HH
zvq0{4Z*6=x>fN`P`NI7y6|%gOyUkn6^K`-I+rJ5=MizpI%~9-^Yvew;9JZ+noV<0K
zjiddx==4$uSP_g~i^(&&&-_=NH-DDy(=XPf`)1vj{+sUe+K;Xa|5f)ZqWe_m$%SDj
zMv5&0_~G%7P-9JPD7&(pQu{;9+K++NS?zb*eL~|sVX6DN+AloUp}J3vBxkjseD_-G
z3$Z(Dz@+n2;n>aNaOKWbsF+v@JXia$^T1i{*SYVt8XaEc15J}!!h*|-;qwPyz^W^2
zpvZ!fP+~dOQuKS-r4`}`1DyEkB$S;|4m=i?*1IqLH{2%__g&V0@>fCUcN$RbFE*|S
zn`r0l@)qRkl=;hS%`%r`=Bv4<<y#%p+!MSigw=k^J+A6LVbpw4_s!aGbw6NzFpN4e
zP8>OY8-8ds_^t{R&U5_M1;L7ItHmn-?moQ>wbwKN-<5$5?pt#YLd_$}JT7vN4?5E%
zsRi8m=?+`}FTef*eRlQ-uSLGhr>Jf5@a04E0*XsFE<?9Xy`amM?hwDC1|)sHPdo##
z@#1FiU5Gwntu>oM8vpI?yYOFipZSh;z2$*+u=wL;%*WLquZ5D!%YZk2W{EXrp!UuN
zaO3e!wmr{(eGdJ14}_xgOLFJeAsY9c`OnbQelNB5JFENYsr`SF`;>d~vE1_(<mvF%
z@3~sP)k!E%H|Bp%JRfp($Z|DL7s^JMduID^_o;De@m}I2_o(h${I{M9y4+)}`?B^&
zvbt~7eso{@?~@n+eUA)eW1iOS_LJMtVozJ}UgOVeKdbwMS^Lep&!M_s7QLyzy9qq{
z`H@%?K-cX(z++Jvmvx_bQTGY8?z7r&%RQFNPdH?Lk$Yao{Z+Qy<H~=x-6vkae~sH|
zLhG1ExhFT|Y5x}F?Un^{wavUPYjCDFnfb!~r5$p-cW3H{D`8%C_<80B@N|_IJUx^E
z>}phMil(|lZ3TR<Q)=P5?ND=6aIhLYK9~T%{HV`Z_S=(hcER1f@$e)iPHB{iW+^pZ
zE#PYqdaWa}xtRtBBrz|6Y>e7b8>Kdqqik3kr%#e2Ir}9MjK`9FoJadA!9&4=y(agQ
zkUf>)-kxx{mlO_nad~$)=guyZA9jXWxJ^(qb$cjh8|Nl+V=L!-VhiW`mJs-EGv`|Z
zYY_1bfi;NudSfu-E37{+%9qF&xUQQkO2gAxIRNHoho{rCfART<4}F;Vf8mXHcfDI@
z$y8<Bir3<2L8dB`AxpExP;}Hj@ECspijCQCP}E=_6dA3Dnx+hVze=G|dkqQ_Bdrt=
z<d=-t3;B>d!;_%kh$I-a?L4eLb`4e>z6^^}F2ae=Z-~>5Cb7T4&a<Dvl7kmvdFo|Y
ziLYt9BpKf7wi-Sdyo)s{a}M3ZnvvAtq-75LIfrOqQiGBn&oW?#@w{wq64`JaS^IB+
z>a+Jj-^9ZZF=hk2(|IXm8@P=<_x>RM?~>Aze*TcI6vg$t)qgu=>AwTl&mSi~z;(aV
zZ!1Jj-2;6Rk3ig{&G265CGdW~&FpjOeeWQ&9q$do&!ug{?RvfMHU@1Y|2I%&<5V_H
z@jc>o|J!>jyxwOkyp5m#cK>aVx$joSTgW@2flAw8Vr`(lZLkU6?jzX<Z}*mL5Uhu{
zd#SAB^du5FJ&3h}HSl(KiLD{pZIy*AMAwxsPPdi#d8^>{<_qZxR(Oq?tkILtW(po$
zj5)7NHgYt3vt7;(nV;os|2h=t`2hss#F_qWzKAUtqBct~OeuupWLy%kz9Mu;?hKE9
zc`S?s*mZd~4A}k=jM_UE4t#b{Jj!opZk&ZmYoZ`<T?mA1#4v>fZw!Y(oRIiom?)Q6
zflW?=@G-jDm6mj6P0)rgMuiQb;J>Z{_^d6@f_{1Y{6H)+{y0%7hmRBV7_EaI^Ggim
z;JW?samKoetf5N5jn+ZSa`;*bWpu^rpnXGN;I6?CJU0xy7WlCD(`&rf`ZMT0t&e`w
z>$%#SJw~5Pj}i2<7fyIftu6~*Ykb*f&^mkt^fM1Xerz4yY+nM{YfG#u4JB8VVb9S%
z(z?pxYiV5`bfwYC(ioO}*<)-S@;A-`&sE+~e1#_zTV4u0R(P?WS%4BDio#PVoIIBl
zc&)&ogp^oT8j3D1$tbzB42CEQQ}kyz-jIJ@VOV%^u^2&s%Qvrp_snuoc&-POT8!ad
zgem&>z>3ZHgd+GjJy&#YN${BOWerdcA*u}f6E_QUO-iN{_Pzz);4!rX2CesiCegV&
zyzwY|vwzeR%F~V2{%j31m&@7yt*f~@(`()WpP6OY6*FuyVYqMgUv)nmCkK+SO(vn6
zA`L<;pzjjHeVj-j<hmWz{R##+iAH?Um-hQR!LPsbUwqN+_*W-k<*C)M@xmrJ_T@2n
z`iu3K9`p;2j(fYJ13t`m37se8CHX_%l3)Cs;OCR-w(2*zPfK!<wufFvj@8~+A4VmQ
zfi~;ggVzjvewm-)KE00KPwyqqsWC+7Ls?oUel9_i0eTJjPma@Lo@>z4)xvvxz68FP
zJomu!fgYFsTPG31dllS11Drq*Ud#D8z?OtMiBKjJUU)8eE#Y_)asnYH5ey9b9GdhB
z-(9(H_g^|Jd`=Ja9#33v$vLH=;D8*Et37(%IWy#J{rb#I!I}QS%onvkZ`CYs=WO-n
zs@yoy&e`@2@EBGADs8F)k=x?9=Nqd)w|%`J<%<+y4{y#So>>Qt)-;6*E3kgc#t-^S
zu7{)hbf0Q3K@OAm{5*)jI!(1Z2+CvqC8yc@h5td+6j~o*KtI!K$WL;H>L;y}+z;Fk
zf^PW3&|~J6c|Sb<0jjS`U{}(!W+}dwz6a=ie3HrCA%FRIg@nEb_;(5UMz5#Gq~qk4
ztoICBA9^O;r}veU&#B<+<T^^NLKkpJKhwTQ*!O_^rI*+~Y9!Hp@|(U3ywH0(HwgON
z{7Z|%gfo-HUIW~I^aGSz5C}z=mSX1#U3o|Dd!g$kR+M3Xbx?F!DJYK1QY*?@+%LHd
zKVxZWIDX@VSR25GOPe6~<bvR_xHQ9WQ2_MZ-UkM49}E?zg+fuRtDcLf=A+|+5)1IV
zV_r#C^NY+Y0mbn<fW8Y<|4X8m9`n4Q_*_oOd8L{A#pifJ;aSBQ#b@LDgvUC+(}E`1
z<bTo81tC|*w}9Nv)%MLZ*_*uSkbAPXdZS~`cA0-xb5CW=J=VJKtoECA-&yUaD^+W4
ztqVUq{ZSlQfbG|IK)`a$Hs~-pPaap^90TWmI4@oSko@TZC^OR!0@u(v5Y9Z7nSs3G
z=RgR9-cPwn%|8C?gYY#K(d7W<3wh|Xsyx)++!#h57zeG_wZrxMg7<QN=2)YoX6&zz
z=tjS+>$SBnd^jdI6rEENO5r$%uZn^p`-egQodco5oM2YlXq~F-v~A=pof8EA{;*~q
z@|ygl98+>N)qS3u=yeiuo!mWn>lE7_x^29?2@1?Aisz6w%S0uXmw}q=>%z$WqoHMD
z8z?aiJz7$h*M5Zj=kC*A+?3+(FUK6T0=J7@d1|fwEDK@YDS^;0k}30)T8cSlQ7I_0
zs3a6$<jHEirS>cCGc>iI{C8gW3G&qjIV{lm?FxF2r;&T!#XR#S<igyO%bI)GKNXV`
zb5E}JZ(PgW3BMmYW&z)sWm(;SHMvL0JR<kVnlDK!_mst4-s@05VFbS|IldJ7ZW{oj
z_l<=!-<}nZ^4pG2cR}eTe&T!(nIF#!%Gu;5c}TUEJul81a<A^LhB%Kg8?0Tnb%){$
zJT0zM-In#Akl!f=bZ!Xf`-DEP6uzz`n+xD~KqCJRpzjn8cb^`o*HR{;j8Eq#y^p@T
zc>Nc7A0f}_`C^!VC<D>=3-e#peuvy6owvDf$vpP#Lm0USk?!05cW|H216=!$`<8*Z
zhmg6aK!2Wl=)#GdZQh)bDX%s69H9U3)s$?jVBUxD^Ng(UbfqV6e$thyhiVHFoZzZq
zYNv*V>Lw}i@c2Lt_~i%lyZ7n+Z{b?<DERE)82J9eYIy#P*JZl>@%wLZE43%w+Z_&1
z55yTfNsbmx#!9^5NDWNZAk{QG>G^%(@OWPsTe6>%si}$2(Q<!fgw{omiv}mHcV8%i
z?=fC)N4^%{yBA-#H-xhf-^-e!;(7KOg0_R!i`zg;_PO}jUi_S-int6GkMrg!W1j@K
zKPea<?+JoOyDPvWS|)|U!@c30q;Pn^2!s2(D#HDpfpBkU01|}9E)4DxyTag(WM?S+
zNbCrO9|X50N+b2wwh*|rH3V)7ZV+2S;Co_o2wdMB%=m5-=UZZ9FnqJIBID}~oUgDJ
z+4<7O7nqMZK~7L#gJ1^u0yFcirJnH9j1K|ke+ZAJWIb_p)cZx4`AY8jvv0h~TB`m#
zuT>tm;<eZrkSS^sWNESp3Xe>JqGOYx$SBc3rRB)I779zKd5X(IBRB=^;JONo;N%}J
z!29`d$r#4TD;d5A@(knT9=aQH4cH7hdai;GyDo#*+b)1!YmbW44&d>#Um$!`BD~dh
zK77!1DP%*k_goFR2X2Kt_+DzHX6e5jKXVUMn064u=U(_=&`x-(-*(oBq{qD{CPTo~
zgHRTi*#_=_*L!b;tOIvKwvTo(J{YtEGWS>qZ**D)nLDq5tke+2$3FOICwz#{XU8S+
z9=`XVy|&`M?16HVQ=sgGWO#qTc6hVTHnu+EeI#?w4e)xW<&1axY=rmlHPoQ}U=V&D
zTk@++|EK2`*081RD<jtRzr8lYJGeg#{F#=o_uc~k+jBD%9<dvI@wLTA?SX&x*a(?>
z<8}_feL>#uw*}s%#%UkXNW~?iw`ii$ve!lvYNAr(w5J05c^$ls$AULck?s=NNJYA>
zF`<TPx7F}=SEZ5K73s3lAd5=Z6}Uw3IGZd_2jV@rj<>t5gnu@f2d`C`1h2)+fY&Nd
zJf5k-V26_~N3%CNWN-WC&pF!h$wq}`LF{UdN*J1ma12U1!Zt>Ne_{}{+t<+&OhzP)
zf&vqYK*?F9A#_m$T)25rJj1WhsIevi{8j}(Fovf9ED+u}$&A_(3w3ulWFaSVV>Fb-
zpin-s0t8{<sIU$v73)IqvnoIt3=9#QqM**s`cQLwZSY@%lVN-<JzrrRPQDXEARw_K
zdoL{m@x1|wIN4qs1paF=Os&NUG+mJ@o+s#WKb(-z<7HQ1c)`hE@fjsCu$BeimF2;A
z4LyfpjDZvWHRYis2KbN-m7wO1I#6+a7;XawA>5AQ%S(YDzCM0ib*QnUHttImb_E8#
z-Uovs?JG40=<^u(T6$lx<t5p+R@+t+Vm4RB@PnZY-{ZLw!~U|85WGGds^W7|n__WN
zfFTSg4P{s1go1@AAAFrR6kbxCg`_I@nyOoBK&ACjI7!9{_Tmyy8Xqr>p{Wc`Aj&TH
z<FJ1R$r}pIF9v?g10ZfgHHcmp52Y9T;DosZcwvAljTFU+^WyVngZ0997r}peAO@S#
z;6>pIk5iGkI7yye41$)0K+M{Bh*=X4q01|Q=e)8|Vvd&*qHsc_f}x0@a8z=3#!+f6
z9=A!wA$R9@ASX^XvbTTZZjKgj)Dg;4-Dm#OpUvfHm-$N0PH*rg>+~`Zxiy+y(dWv4
za$gdPlLko$P8h6&qbHnTMi`@_4VrWZtq+9?40M@!FWt97o{&dv_jRx|SbJ^h1Np`j
z#0j(y_|7g5^;S28<KLJ8j&5gfoP+Xse*3KUXTJO5B%l-qdh#fGOFY!tQ5RyjR>w&>
zPQX`qF=xqlf+nvtX{GZZc55}Lf#+WwzBUNYJ9@v5cwMO_82)FKgrYM`LYc+*IDVFN
zpVmoE)A?Rwdjf=Qhy;)2p6nc;bAh1s(9Z-rUuYXv<3t3viJC-3mzIRk4G~anYfXsU
zPz5}edO?Y0UQmWj9?)|;!hMO?GBIJ6h{=NiI?usL(IOMpSi*^eBNXsC#^ga_nLsGs
zEABJ@H4eWp=zfWrUXZ_UcGf)2)gd$FX!YjgyiKf=jm+Vh-^<bV%@w(DqMf77>ri4?
zK?uk3h}?>kYV_V~Nm&?~I$D^6S>xx&&}d~7@S5!nVe2CCHBqb<(~{ixL!an=gWZjx
z-tI;af;EfR@K9DmtKgW^bG3KYg9=!u%i$zc`cLNu)l-6M9XUpIJqDeuhu;a+x7C7j
zs{>e_rSFWgxEykHnAkFaA0GVx)mGF5&!uHqZTG{;EB%=}IbL;J4M;$*X<g(9`A3h-
znqMBj!w6p61DK<M_`Oga{j7?Pk-y{}`RIXlm$r}GCHLu1DNEt!koVGma+W5(bWYG`
z(s@#4a~w`?eenCilRYoJ_QTg3-#xf~s`dQ)qXxupt--vf$7o$t?~9@PlTJ?+dkygY
zgYO}5ZZJ-Kar@|MB=o)Lk`hp8QE~8JRROAOjDxD1Ye3Zc7$}Vs<w6UJvtvZ}$@Q{J
z{NU(!$Hm$J)}Pw|g(enb-vMQo_&~||rJ?ZDVo+dw5hyyP1gq!L`x5iLpunsm%=?H{
zQ4pJ04Wd@ZvZieQ8HIV1PPp%hl%D4eW#-{}5pur3v?5Sut~XR!8Ota=#|H{dE2?+e
zUFOi|m4(8?^Fz*dndvH4oM^vsG)Jw>MVa|Z?#bTbjm|mR$=s6-f|gfwJNKkj_gOt(
z8v?t&*e#AMj@85Oq4J6<EQ^ry)PQNRw-r47)%-=+kln+;b52<Zz}J*n?Sr*71Z#2~
z%tZ|#Zc8=hqC5wrxAe<u{$0T{66FCp4-@b_qdG}GQJwRc;|V2ZV@+RL4$7?w1g}-z
z&@!owan&CE6A&FYb!K&oo@X^5YiIGfrJ(rCQs9MSPR&~Roj}_`wVTeT%A2Cu`9ef)
zs>03-={aQ^$}*vNT<Bb^zP%PiP%gs9=v<@MuzHX0@xycc#Ep||d+4_Q;sz)>qXd*)
z$-fWiH69B+q3{gM8`FzHDXhI^mYa3I*piY^WU&W3_OY9)GWRPbMnQ?i=&^90H;=Hs
zBW0HQg7-4qPCO=MmiR)k`6a<)fhR<+tpf4ut3!q5!B7~pO-Z_H+o<;{)Yx=U`&r#5
zl)A6f{tVAOczzbc^OxnG_E^_3_k7sm%><!5xzGI1(I|8IobBGYma`*$Kk(ecu2>bh
zN9R4Eb6@Ab%sp!6ag}>`_R;4as(rl<_7z6(Tf-GiAosZZ=s<C(vMdh1x&MuL2H@h2
zi%@ZC7;}YxkMP_<Ih|^8t?hO2d#*C`ugq#+R)48US!a6#%RHvj)~=X+OR&05(8UVm
zJDpQh|0$2t_gHbvL^A)d?6QXEdHP<UV<nxhv@uFJU)ne~2>L66BFjA3IYk+azU%0F
zBM|2;p7^~(>y}XNFS4`*`wpV-hgh5|lv@=Dg|Xh#yugxqB<|)OLS`Q|^SH`A&fF)`
zaG&|Fari}{x?hrVPoEEY?&(Oi|MiI;37P(foW~n;e`ANt@BKI_>l&Dw4W3PZAD&Q?
zHKiu7t5R8Ww3b-vnxujhYLe1Y-mj*h{#;dn_YdHb5f4w3W8v}sYVgZ#^Sk%{_h;ZF
z?!%`m{ozv_(;v>y6VLG5jS~~$*4AJ!8k^K;+>gs6P2kC~mhd>W0c$WmP6`Fy$Q10w
z$Myul6Z~xU+M~_k3BLBx{up@78lBYetc*nA`lu0$>)cxj9`CLIPjFw@>kl`?b>m~S
z9;4Z*G(C3*z~jAmKeZlyMl*bUV_a7}JlYk&w$pqq|GdZhE8}P5axX&ru{#hyt0vpN
z$0@bp(e5DpEPNkrdr}yK*2Oqb4IZU7WIRl+0rz)>!h>DGxTL0P7~I<t1b4Uk!reVl
za6hF!+)HTyclN}>?ahAh<F-KFOx+%W1T$`L6X3BWZf)V*+!BJ&vLf8vToG;{-*4hv
zX9UA{8!I9~@a+bZZ`O0ZM!s5C!NQmL{Ve%{!1_dd{<2^W_yW0wbN#0?J^+}P4IWJY
z;P9p4Sqn1rWv}xuxbeVMs@*%8B1SKJEo$N)nIgwS=Ee)5;IQ3LWHdEXlc4YjlR^q~
zg=xXzNl?JT9tJfp32Hb>@=Av8HlRi*LCsXwP#t0=$Do~%ZNN6hKf7;)o}12zQ;s)S
zL&t1}H@dEccl&LH5BhI~QAt-}-?dw??~~i?wbkYyhSV>9gximvLBB2MaUJU+cHR+K
zaO^95{0@A5?<w4V{4;#^<73!y`3BTmatyNcq5nwJcF5dkD@4sX3_Gvfgrtve!iMwT
zf!~C^@ISa6<)@^;ri<UhUi_@Bm%fLvX$PRi>eF!e%R3nSe}XUXJc0H2df)N;;GexV
z!<&7#v8L;mOE+N8$G2eT)tgXhMhg6Qw+&Eu<Q`ak_B%+zb?wH_iJN-};^!S^`|#cU
zr|`|aC$Q_v4fYxT=&=#rrmIi;Ze{n2j@$)P4}J#cuHT0n4}XFyHy^^dy;q_B;v=y2
z;&uG2n~-?+8}J&r9sb!Z5wi5!VA6BFjdh$J5_~<;omgwqZH<l9kfp1Hu0R#A#wl-j
z+MA|t87wpD<PJ+Uk2#X13$7daN5eVrT9t`Fzd(2`a@@X5<p+PjoL43r*;teHjr$+A
zejW06&kBKy`DB?IAe;yT3K*g5Ier+#+wSdP`O}*5DHEW~0$&zBd@#Ij{$#6o2H?))
zI}pFTI`}N-Aw7C?Jj}ba5YGQ_0e<-DN5;9^=U~?PIS`&0$tDyu*`?Rg`X-*40%w0X
z$NuE`yGPey>*w2`%l_`L^^5Ir<oly===x!3vAYes3Sr`z$?UPi-yeZF=jMUm3Y?&?
zEXRUK_k+FI<HW{KH$&)}N>FN98JKc*8XUfU1X8~{3^UHof>KLLvkB4CE6X7j*G<p$
zJ2(J3?eEI2JfZFFo6?_6T+6KRg#kwf!NKc?;QHh1aOc@wxOVpwNW8Wls%@$X9!ovh
z1U+F#J=purKDNH3ulGUiEp?&C!QOD<=1KM+6#3@ix3KB6EfBsok_DqFXQ#u3A1|?e
z{_4TkkofUB2wM}$nx_<?N-o9Fw!{m%9q0l3zDb5}9(~LHB=EC)pTU+-w?ger^`OW+
z4=A><Bt)%?h3#MLghSt^!ohD2L4!?=pi@#;IClLw+<bf!uH!M?_tk!=wXP22pIHc+
zZEpd|Umt*PAABoD5a8jnhmiW^VL0&hL1?<E8RVLr52~-L1*<Qwg^RZ@!L28^*_At=
z-1!tXUfm2q3qo;{<bff`i!;j#HG^ISG}$gXt|(5jakA0zP57|Q8+YDo@<xbI-k5A;
ztNYJ#+1q5koTKfVI4OS%%1-fw@Qs!EWWt5}A?tA>A)vskqvAT8NH9Vf)QptKNpS@X
z(gX!+lZp)aO8|0Eg&IYzliI;^wZXc*H{_pQ7`#`MW8M_O$wBy%%5e3z`R^$H^86QQ
zxup$wEb?R%kdn(wL-VATu>H%O@Wq2K;VwG+&BJe)M;-QcW^NfxDLmIlog9Pb%wg`>
zvpdZ5Q@2h-kK|rZcp*-9HpQ}Y@erOr2fs^&wn-hB_cS^1Smp_}(fuu7Y{k#|0?(Zv
z;PQ``VeE<V&_8t$J0DW<{91W+H3Y5-W)tOh`#a(}oyyKfI*(%4SA$8Xr@-YqSJ1H^
z(DBb<>7^A=VPy#0C)PMpClR)Z1T~^O*;UtwI)PA;lLs+@C?&B^AXxJhgFPW85A;h1
zhQs6;ebl)Bs{AiGy9{_tD+T#_WrG|z*~r-`Gkn<U%|YZl-i%)`<cZ1jPPW$nT#=*Q
zn}1|)^*R(Enjb>ehT~+qGWf0zfC;B233GUZwblAIP<oLMYm)BzY7ZQ{ah%oI4tqO8
z*8|<zzqNhq=`FbN<OU>vdjJ}2Zw&r8Sr~t264rREmpEqR%$~23pw6}itZ80uO#s%v
zo^a&GQ8;?z7}n!WtR~L9FdII;`!W28HTJ8AU$eSZds}@rf%IDG4IdpIDz=PY$w}WU
zo{P({2{pOh>rh`f@LdXg`{+AXi$A~rIs3k7u%i)_Sn36(R+M2)t36-uWlocSw7um0
zQQVfBPp}^1w(iFLjN6FoURD;yoE!&d@%xGP@mo9xwtc<>Vm4NVlFM+?%>H8^-t3%e
zpWG3WzS#?3<95?$fBE1m*!|@mXu7incr5W`uL)UK2{wPe#rR%nwW}>O-`xsQaa-s=
zw(|Ys8|*x4vZFcVUr-q8?`X)j^^5yoioFJS_WT(f{^|&%U@h;Q)C~&HD-O+fwPb%<
zee&ihw*5cicfnWq`TM_4hIYF<La})z*_By?Q-`tdfqOsQ6Klgs+=Cmi|MO(n{^<^=
zw7fF(P3{kezTw{$3(hWrGIMc~Ki3P2&M5(9=KH|F10TWuuae=5dtb6Y&;9P<bvSYT
zBuqO#11c^Gg+kMcL9v-7AaGGd*!b}#IQaD;ID|A?-x8W^XwH8A{?QHi{^1Qc_|+k3
znAjK!O)dr{X6U_k2l~Y>opXhT<VE*0L$1!5A$#jL_h+wX{df83maXL*9dI)KFgxX*
z9v?u!63jiDUFROP?mMmhSo5hVI5>5P@z1!>zmeT_M|UW@l>b858?(*$Qxn;9bfaGq
z#4V}@B^Q)tzc?OrbTF%Z^zTbjUH<g`XUvy++Z(d)eac2bn2FY0OGJN<;(2%s`d}96
zlH48h!bO%%dhGAbvJJT?J*&UH5d^Ibh4r6qfD4$r<S*%HJ1^b5%v@S{3CDVwAI!cm
zSG?~qj5{%bH7Du&fX+Y9<z><HPOt;NJ3hJhDLW@_J-LPF>@}EjdOEAU^a}#YMD+b~
z>CR=$Ft^$HOs`r0=|-r&xfT>(T8f=N!;g<-pLOrqeYQPxyMbOLe|Z45<9SAzCv0s5
zY{T!DgWny3gWn#4<~v$J@r9*W<Fx3)5>S0p0xZA00yE@!Jb%7tPJVj#Q`q^%ZfL)!
z6L`$`gc1wz++S3NEytgjgy&c)I}auun+%m#M#K7R8{o_TN8Ve2M{%z2|Dor!ND?Rz
zA?|JjcP~_F3lw*EcXvVv5#sIycPX@#LZQXo-QBHz?*H?=GqW?Z*+A&&Ip_Pk{%`xa
zW_M<Hb~oJf&i&l;&J1m1cVFDYkvm5*bLVVvkXRXYZ8&JA>H7=y`^D({O=<V<z~FlZ
zOTLG;f%_G^nm3ju&)S#H;33~*FMJQ}9|l;WYD|dmJxvY1N7es-$M;B{$JqDqV1rTH
z$I6P3TA!8u!~veFwEyr;3&O$M>L}JDH;$riY6H@*w4bQItT7^~Zs3v8ivEt#_K|ih
z15K8-5cNPH`SLdF+vBOGjv2gm7`zhwXkSuO1e-kYBaOBT-nMuhw@K^V$A<5VK+XKR
zVju+{+~93@@{d!6=Gmw4XY#hl`!a1Uz}rzE?SuHB1#6$Tb-r1n)>n-rU&Xo($*n5R
zE^D#!V`Lo9qVIoPtdsW>Ki%Ae*+0$`2eSh*LR1f=^*mbNW6JwzLsKO<HRXFuXy2fJ
zt@aK2Cq4cTe2>c*8`3@b`9b7+dKr8VH_`X+9dB9jL8Mjwt61xQy^N`V7rB9W`5m8f
z-x^XtS_IoUC{<7bQ)61He5df4%%>9DJ`w@suXlfv)kbyI?ISq5qye68`4CSwHNc~v
zM$1d2c5Qb!uCJ;mhm_6m^O2eO{qAo3`RXSA_3I=2@$3?Qx&Aet?&^!Dn;Xz;KER8u
zjqqZ}SNP>ZHhzD2gkF1Fy!Ou**YVrEeR%RiUp(1R6EF7;66^Z?-X8pV^BX+g(F3ne
zEW{s=PvFm=@8ge`H}LE2@A34<0eHHpF2qPx9)Y^00iJ(D-{sgmdjAjj<M|cw`afUY
z!tW0b<LC2Pc=BBvdQTlGEZtlSuMSVf@AvnJ&-(ew8a(>;EBt&e4Szg6D}C0pi+Fh<
z9}l;DM8AVasWukxf3~|1e!aF1zdt#RKYzJLJfO$t@$&Lo+}-ps9;~m2hwE$O;nyGH
z#mNNxdjAlu?=HRWK7M_898XVW;MT@ZaC>zv+!KLn1KeTON^pp(<<{!@f}5-A<AxE}
zMVML-*H+ZSRfXmCa7E^_2vO@wES0#(Pz}Xg&~Uye3QS<)b%u3`u(dvJXZYb|tTm8o
zgGW(TTYjA8SV1WNf7q0Cw^WIyVOvUk6a}*;VR*lLh9Ok-n6*WR`%D!#!Pf>{XGpkA
zS8+B>Hw&DmNjMteFjc}{ut}hd5Vf1K3Fc$hV(glu@+K#bU=3f3vZI!x;-rnRo4gU<
zpO<cm#qFo_w{h{FI@COD!y%Lzl83KPN!Kwl)n5McJGy1>#(Tq8;N4Mc&^1>*qWs(M
zzoU87W|$3FjE|Fc;a~ENwf;rs@!OL(#AD<3&8eHPpRfx57_kx!7pbQla_gM>9nAXW
zA!yzf`Ypf7bAj(p-=u<04G)xd;^rgxOkIsq!<VDf$QAIKxd}g9P=Bws-F~8u4EXi8
z-_T(0YP>rr7v)B+Py^JFj1r&{BRD+O1gOImOa!RIv}i`58U?B4hDaE~&%sP~5oDq4
zAX8+@Xdf%jHSqhj>l>0y-ysL3IwqpThYJN}jb^l#_0G+3WW%<H#dy1Zmay$r8ZIMk
z#c6YFvKmt%*l2lE16({PR3~%Lf9pWqk>5Gr&V^TkFB$Mqe6;FQGT-OrCBW{BKcY@j
zJu(4R!J{m-rzaY>Ef=?<9({*UDyVBw=d$eV3VDgX@y)2jmBQsVZp#EQnvx4+rTuhu
z52~a{M{#|!{HXv~BrgH(Kf8}+*)8Cm>W^(#zmw-e6t3R!eyF{;9!@_vBhLkXyz-MU
z?n;~f?F@Ltdn4mSR*~1lJooTCzF5&3j!CZQv!%a0m$#dL;rmPa%P1&q>&0(SaB`{q
zOy5?XT!mmVI$T@?WCUXo6*St>jM~N{XF9Ix0{cbIXuYZ}e);_uc?q!Xy!v~!?bz+(
z2#yQIgl{Ivb4<5UYsa8@`iHox31D@N{v02td<wS+PclGM+%R!OtUOg7YguGso|sR+
zRXf!!GkVU@y1Cf)neR=7#`~}zLWOp3^CXhGQed<8h5pO8D^<s?kLB%3{mi)-N412i
zqS#>VYxS?yz5z1u3Jqkq@D(hTruCLmF+tQ_N(F?VzQhs<9<fx1r$lWs=nNb6TD0S2
z?emlaP9DX_givwYXG=f)_NUrsj@>Yxbm&7xZ7td^YoS_xO?V{xVD1lLI$h4+u>fuf
zUI-wQ&mq*~U(|wD+xW&SW51(qDU}Z%RKw!aOXMYmTlT>m*hM?y3o4kkmkZ(3OFa{P
z;F}eI_8U8ig9oM>7qd#c^5BXHXIzrpsc=xQv-#-dBm8ttJ>suznTN9ApG1XvdSxmY
zs5r<Zc&deq23-L`uVqptf)teEK~q2&;L+GzY%^RqC{yDig3Z2|k_HvsYqc-yvylE-
z$ELLW7q#yn69nf`wy+;$0o%T1&X(_9%8B((&7gfVYcmVmUKU&I2hwYLmWKZ<Pcf3U
z2KDU``}6^8?-hL!M1SLMU-!gw&A&7MyZrVqRf|g7e{(-_kLSzJ^ljI*-DsHC7{S?<
zv0$GXG(COw1P5*&l%MI_*@x%w@v=|FsQf9rrpt5Xa4P3>`0@1^NvrXP6N>H+pWQ^~
zb=}~S?2fkUJJ9R?ke86}xVT;1WWu=Zxv>`+N3!H+`o;lc)yx{=V1$2G5N7=}N7u({
z+v8V{(Qng0xF&m|`En|xG-1+?OFOB+SG}6j_~t^jGU{T`mLc*S(=B30B-~@Xv4;xo
zq8i`CW#ERvaEWolsxxckxu#poj4zP3FI|2nU7xdZbX9oJXH-k8i8W`|%1cbQ12+z!
zMaD;Pif~2ajAnSO`K{Z}eXlzxtF$W*ub^>KGk7laQMJsP*P_+ASZ?&3w<)>ccAx4D
z`vI1)?`MHZ-3=r8RP9r%)U(WFyZ(~zaUE%c`uT76J;r^%((h~ge%^k*SlLE|&PvNW
zlrQ$%wU*Qoef{^>)P4Vk6B`i}9U?|krXSBV+*HoEU3qc^9oKY*e`X*WENLX3EA7Xt
zKjGFh)!R?nIt9&hKh&*j;QGO6nA=3$DZQw6_TD+_w<?S9Mrj*PZ$to(g3Ss>P)=nm
zIv87|&JSEa2)~3tF>?CF?=R%Jg&Q9r`*6u8aHH*E{e=zkT+{92oKNvl!6&-w{ZHI7
z86I&y@J{hV|IGt&LvvFu<Hk3HT=-)YeXjucrv$+#(O-BhrCoS%5l3#RmupZO|Lult
z7y-8^PpQ8*?)$a<z82$tU)$FkKWB>S_uoeQ46T>@e(x|Z@;&8+@2S+=JYAMMH-rAI
z+F8`M?`wHa_#X29lJAkUUtHf~O8Z6o9@+cIzK0*b&iAnAVXck)P9HXPUeXoL@$T@<
z^g-)&ZN<SbrL8!!0zT3H2+RsWqh(FSAcmsa?(09HL4G56ru(4Hx_0`2b@dQ<lCSs6
z3dCotzYqgIifT(wE<<Q$HF#(Eqt)6rc=21&nm>L2G->{0c&Gb`dL;Lh>HQ-&_Ej!1
z?(k0Y69*$s+}GbETHA7t<O<Icm>#0{J&NZs_B{-}-r#-y6TXKvu1q!hESB~aiqd}(
z+7BS@`$Y%Bd9)4r9zL*ae!k3CWh$}Wsj=>b|F2WW%<@5`)wjPVTH#sL`*@KT1QDDn
zK`IBX0&P&LMF~x1wsCN34E0xnkM(@ZBRD_R1*}iV^PI`4f~T8mi_xP$UtBCN0si>y
zSDann7dKbb#Ph99@$2~v^7N{2(YD`dTX?vmAD*nMffwI>iQn(5ms~M!w|7m&-Q@vz
zaZs)E{`mb@yt-}rJ-@%ajR)I%;OU0ic*&zow>HPG*IwUm|N8JG9&YQ5C+lnD+4`z@
zby~ft;_u{lUfkF%Khw7-r?PQ-WlcO@R};^E9E3k!sWrE@{r=l8xUlL=+*%fj2b({^
zFSmEfOA5CaH+SLM>K3>~>%FtOzTo!idbqVpW@SCxl)1sIkhs30F0L=Hi)%7hmq}ca
zxxBQFflIV+XD-TIpnA=i^W+T_&gB=)Sq-L^YuCeEkVDwpX}<U+&I-?CD&oTI3SY9`
z|M#ugta>GyFF0rR!2<l_!v(Mzv{;N{b!TSiahtIjt}-suRh*~Ml;A1jG;Nc>ajJ@g
zj*YONB4H;}X|k3LuqDKF(gu_swHl*W=|`|O30nh;5zA11!Ui#db<+v;8m)i)DH*FP
z_nzR&-N%@?>_=D*$-$OWx3KU0P0U=e3*8epqgTone0y9qYI`o;L8Y<FP-5tEbjbP<
zzx^St=i&2LXdJd0W_@$<LEQIv^6FPHU#Z`>9=U{sEeCP!fm$f=k^7dhTSbssFY;Tw
zkb_g6-#-3pnDwUOc=jgTdLrGyQ3(U~oV|fXoA%@M4e0{?O6!-k110+BiqWVEJI~2;
zrMBb56-2H73A<103wgddSKaAL@LvB+l;csX+R>+l0#u^N@YFa!CFB5AB1d8{lPxGa
zNFfWBG9nBem?@L-A3$FBU}9(v%5+P{J1rLQWddN<c&hfgOrqJeH@CIzWxlFXUn;VD
znZtLwI~o);LSr&04VRLcQjkqm!=)0{b8Ddg*Zp<H5}(#JXwzUSfTxL36-s;c>njXh
zK8$vZfvA;NM;Cxzx_=2XHqOHIO*3)nfjUBG&dz!8Nc6&_AEdj8D(%9(3&{E@8{5uo
zljlf{H8o=0NO;70Va++UfaGhNg~V4ua26R)GB)9R7RXDaqOMVD6A{YtNC~BFJ@XAb
zqkK>+w+;?zj*#<baN{88`lIU@xo$K@e?3Ob<HkWm{PzhMv0@~?JF5nm8_#SKL2TFc
z-SOgA$$*Jsp8nr@@*Cvs%@=pWHg4NaZ$tjx#d!Eaz1iKfS5HNt;JC;I!@n6}D4@9D
zN&g`eLzfK0x?}6bJZ?W-`3XKTe)w#0OFVoftw#wG_FUM5j2|+@zk#+5UNsc0a@yeA
z)8FFi1N9WFr}Wu7Pw&LHC%;99j7}&xq=vxfZlA}Ll~XY!e<&iiL}K;9HE0&w93J6b
zs!56=qUEUqKYt^EGNzWvXxB*u#)ZHy(jSgPD#DJ<R!{Q`lDoJTnYP*WEHjRb*mK+7
zWvIxuMeX!DXu<`?YqZ~xid&{W!G$hUpNa{l-V&mKX&|UuK*fZhp2}h>EEd-j@F+it
zI)a)^K2zI3jr>}I>O@F(DEe&fs|#4itmhG|o~W8v166aY)3iGLG6K<cU3cB~nYK3_
z4hx;|)!KHt(L(Evt{2;9*4}JG;e6xiP1MV5K$`7l2(0+#Rg3o(V92ten7m;MRvlT5
z>04&NDbfWkS9~ExLW@T7nz(TiT%z4jBeymc>uO)Xr=xB;xfSWV({b_sMR~5&PTo3+
zdWj9-66c0#JJk@4*Z12WzhUj+wOD>&1?~IPfbahEduW{2l!|6QwRoVSK?fHTR4fFi
zPys>&CCkXgLm{Ym2oi;ZR4j<80zW4+Z<vy~H%!^+i(-IKG;geZtyZ=AEt0p_zEpsO
zz;(O>?D|`<_Agm~QPxA2yrEh3uxMDRcbRjQ`kKSOe>pLNn~Upec{Q<MZ-o38mIK!1
zeW(}<L6;5P3<sH%{q;|m_J}_0_R~A!xwh@UydQb{@^S02>P@&G?X#vIypw$~=cl>y
zT(#{yw-XsZX5z?oedv*WI7fu`lXs|h6u<lIE<Vj_3D*P<jNU$0?GMR(XYS6#uoc6x
z;lw5}kK2z|e-wfI=c`)b$uCdjxl-fL&DoQSJ0^a|j~9PLHtlzAKUE8Q{*10GyTdNl
z3BAAWYq%pkYrH_-PL>^7E}nBcdG{2mrPe^B{KmSwv~xRr?FelX8904g9d*ua!q*eg
zGXG0#KD}A&`;^8bSa+WL0pFe8j=oF!i9mhN^}RTF<scSrS%~4wMqt#6G2(kGZU41{
z2#N{8#I2L?{ka{w{R;p4e0$<stU0s>4PqK1>8E6Q3B*mV0_O+AEz%RI2h-%aQrmZN
zKT@`*V$;#h;#$2*`}WMY@DBGy{p5zY@kD<B{>bGcNc%nwr*G<i>-3E?;5OHTG_BS9
z+v=aU$I9@U<w@EvD-N1jcPZ0Fmb{^vcQ&^nzq3~Op5Es0o9=;ziyIsH9=YFtP2XR*
z-)|`T`zo2$vGKfm<IE#BkD@_FBXNMaB^8A{qMI9ULzAd4by(meeAA!uHpQMP?T0js
zTsd0&EtR(Y()S2Wt4iLaE>7K7|9*<@*_+&WbOWQ-k4Cf1=6I?(0N!`S08~q<i6zIE
z;qdjt)SpZH5dIFwZXCmRXSO3@SCaUfZoi@qh~VJLZ&3g|Q+zOC=Op?pwZP|VAg?^M
z5^1~Bu=D&*Y&y9Keldagd<7N0&u-!ClUp!r<7^C}{mabFvveLW?La!*X}>k?`{~$0
z?|t+_GoqUG$o^;Tk+rBBUmqXkeWE)UH+t<DI7T?*<E5YKwxuU8pJ4g^70B3?fwOnc
z%5$ZC*Pyk7;TG)<pLl<)JENXm#qI8syU5<1gKej_8T=8qEvL7_e_<eeV*?8J{R&FR
z!~Oo>*7qyAe;e(~z9)iw&rmDa4djCd7J0Jdb&ckax9w-~(uO?0>nQd;wMF0mR@x`c
z8}u)0|8>4c@jOgzgYT&;c^)I*!+wW@(vjOn%Ks8li}@iIeK+>Q)ZNo?{Qe1ft~6Mp
zO=eqh`G|nbVC0-sZ_;=B$!*NtJQw5EjK{H?>SfE~_a?$6-W{!0x6vKo8nj9}5LGRw
zh8Qiav=cW^V8WV-nEmx^+;}YYX}s->*)kRmvCe3}t|R%T8~FOf*O*B)&5-3oF=xvh
zTz#l|=!89qaE)_E=k;CihrAt0`->$QymSaAuA79_N7i8Krs;59=#FYxHFO8gj$S*8
zF)PMmHvJwx>wp^%avHpTDAhjFWm^oshdqz%dxEsSNAW)Fb4>akIVdfr?-AN(otx6X
zR_lsRwfZfRVrZXH*2x%rk3IGMJc8Bya{1=vl>^I$c6)xs#?NCaod0D}1w4zj#mkko
z@#?$JiI#Y^jrq(3pQ?QOi3vW|^UX&FUJ5>x;M485euQ7|sQcxY4=>`z_R)B8U=n`4
zv>5;TL-G;aZc$BrBC9SQuBjnLuF^lYnEwZPk81~WapvpscyNBJn8)qqt)Fm*f6sB%
zzy0>}6I}i&5ob1!!Q~&qai3m)dCOqjUJ`^Cd&kl$^?~i<>j!b|Ko%Zd)gQ2ZcI6wf
z?q}<3;g_=+@?5Dsrv2O11KGHDb_@Q{9DI9u^GDoS-3X6Y1>?nW^%6(iI3T@!ay_w@
zevkT_e|~%oS66?AyDO^U*IVj=$Y=M?;pErTadOjmT;7|4TPN1wRKdr%v7{<qU05!^
zimz#V1E;<X!>KLP@bu0pc`k5ge;h95SHbNSb#Y7P=5nT<OkLa{t}m-&;M!7&t4r(B
zv@WhLsf#Pb<$~G<E-jY0D5!&r)Q?>d)E1o2tAz{1Ib(A5oRv`?8!tDYSqHCMz@I~X
z?2XJIyo$BP^XQ7WFtdDnS@QqG)^t{*63xP{nKh5VJ1xScaCO#JxK00>*lfU6#%0<j
zI2++KRmE}YMuEc=J@%6&>^L-?q=y4k!Nm0jY&2L;SdWq;R$<gieZbmi?kbcSwiM;Y
zu7lP1wb*n*Z`v2G-vf_fsqh_>4VTe*uo|@#b>?q^)u42keH8_>j`1+-oQM_?8_3W}
zMfBqrzo5aqbujCbiw+q-k};7sXc4f^TLrV;+4vxKyCGoZR<P>?EPKSjtV1-~#cei(
zvfPH}?}S;;4AhO-stZ`##crbc>F}Sq(Gak5+jjI49Qwz>tZf7u&s`}#S7}k34x&VF
zde4mYR0OF<;n(arO-3S`ep5J^ie!9!^s>A}3Rvq*Ta0)6rlahzB}4(SSkKUWl_7aX
z@Ca05Fr$n@l`#aUQixi1pdQPCnKBs?15A;wr+-@U(Y@Dby@NARrh5|J`7j(MK8!+%
zX0tDvRUf2WhgBTKuGGWAx>E158!8R3gmq7I_)K$0gT;+RxWplAVaQA^mZ*|l4ShDL
z*YV=UhJi;5D2)rQ)3?rG{OXAaT);Q72u8oJ`{QQ-96{s0c?1OqcJ0#Iq1>eMcz<RE
z3|=?HP_+MW=?7F#u7zFKcZuiRF5bI{PZB<b<182WEeJr)fn3AuSyRK;j(}T?2Uefe
z1gvMjL(n2J4C%pCAb2C}C-n}$T#PhKZX}LYZ#b_BSjkj-MtGrSR&CuWNc>shTNa?^
zg4(FJs6Lt`HN`0^nz?a-6ZZ9dn2)i*yOT<yb^>+Gw4>n0zq3htGqhXL!4R-=TYg|U
z+^2b<(lmR7eK+6mTexjJwh_KF{ZVPE9j0!cCeM{x_ky1AjP}Nl*VW)EZD%?xMwG?7
zV@kp|%pYg(NyP;h;;ph<qgloWhJcmZcc;EXz_dVEjk7_w-0pZnJ7J~8?TCl-ELV8U
zrh<BxT2QmOt3I<PJg0aeBrKGQMl}H0eDrI$jCVt+5oM?^vO&OXGW%h{@LL!F|ENHT
zNK?@ABH;IGG4&c#>*ONaZ-E~ihg-w850BupM8)>zorUr>Bbd0zsMOo?Pn%w4;4(rA
zSGmA`llJQ^rXs=!4oyXHnok9Uj=HGL<WVt^SI0ojJSrq)YS2zop?Yr3LR8DGA<TZ&
z96l8+2t7CU7J;MEcr-DGnV~s+Z8-_Q^Z>M8^_A}5JZ(=p92Ynv>sYothYEHos$HhJ
zq2#2}u$fZ{o6oA(4jj5}IL2*NuYtzFX4mX)FrQ?J3bQN1E5aL9;;O?d-Ult0eXa{w
zCv2DqoA65Lv$-GXTHPNcexC%->0Yp(;eZw?ABoXJO5=dFZhSpB$GBqZ_p0WV?apzs
zGaRQoA?o{Rd5N^FLvBa0J(vznsox<26E$cH2c>urkV%g-LMa+d6%V3-V7-y<s2DKG
zYqif5*0iGaH*25KuP-2qz7rK5ZWA0y`&48MDhrz)7Fi_scL|O5%^TVDvAAa2mq##_
zLugd681=&iH23Y=15y0%-fL-Z1SAEa)4DFYQT#j3?L_qjHAFBrVbesNF85vDhq{sV
z;WFD5Bi4>I1dZILZk-N~I4{iJt&UXYmi<!>g60LoWv(0QCpN^s>*|P#Gk4FTN@6vP
z-KJ`i1J)MlAHhE<5PRjbBDfdjeyiO03Me(TjQDprcV9Z2;?=J&(Yl~5TI7AG3s^by
z_n#dAo9UG>Ve>@YcinwqH$vuBhRw7}7`1Mc?l+FxI8Ge2*myw=aXE0Zo?wfT6HCK+
zo-6iVlfIV-mRI&gt<>7OP-yR^{iqpU8&;ET&?>79?mk!lz6FPtz;l5Y+`~PwV4GSr
zaR60&eqH#{cMez(gwTX)Xp{F90_Fvw?6~()esV=roJM_neh)Evl^X}DUu1kK4tfQL
zSH>>-T}oTAe+AseyTf;uKRoAoBXhqxYIpCYeejv>hbC!FrL#ulw(ih+1WgWx?HD__
zOmaiyx6y{6kN5o@vpS(#R1ICgy6?h1RG(G@?++`FFA}~G;fK-+_7=c-x-043U#I<|
z^{>}HZ)dzsdd>2n0{eZiud(T2e%|`CvYsS)*1qa{`k1e;L`Ap_`5xaH(n00o_@1Ks
zeSP0wIkO5TemBXmPv?Ua-In)&YrF?0?VMuxJ8>A=B%vv4q}IftJF3@M^xYy@O|pi?
zbW2o=uYrqHgmZiG%L{y-|0SxVSHr3MYVpY0V*gQVVI8r)(AcVIS@4A}I2yQe5Imwi
z;k(EWT?)F25#!ug>w}gKhWA`w1Vqw)oBBe&goDzSA6@~kg+8d7Q3EILsiD^SyBE+Z
zxfNVzxWRdjD=J4-!3U`=MDS8CyFR|mZ%y028_G?s0IS(Hu$g6t*j;h*yMaU34<neo
zSpfCBq0v?G<0aM4@PRasX<i5l4~9E=u`dd~)b%?fR*!_^d}kyaP)9{^KQ$m{030Ve
z!+xp*n#MK5={sr&{q5Or;Y-@`i1xy|(`vxV+eO#ZZm=3{1OHipA}Chc+1uw(H>N&3
z7ka;4->>xhMfUxs^epk0v`<LB#~%*EWZ%=<@?RA?TXtp5Q#17aR=q7I(z1Ws_bA#g
z()W<((fS^(=P~v@HB5LOzw|&ch(O!;V6V2u;O*hS<pb!R(*qv!J>iw)i!WEV7MIH6
z#(j0){C+4st_(^}DUGl4+Zk>G%KMX`xDer8blb^_L9k!wfB{<u8MfcMPw${b?1%X0
z*!NIsN*RpXr0#<@oFuOv=Z|_h4e)u+7jT&+YkrnB?B_Znes_ZWO6p6m?t@p955{j(
zZ{GFtmzU_7(+lPkEKz<2`Koa8RWViJ66J=G-;9!9CG`~zA{ye|Q6*7oLK$&zTWM>L
zt%X~-I|7B@k$jKN^Zd7c5A&A3hbf-+8U6Yc-{Z=@r?&+v4YY(+ck^tLyP@Cbc0ame
z)8|oE*ME<zh^H|&YPk9>2dBooIXqSQP{+%yEo7SO*}~UFZJ`TTNo4rfpTFsX&R?G0
z!S%xhIGouS*9xlR+2*GB<AHj1&$a!T*c0iDQ}LBVp!e%zY5(v$Z4Wm#b;I-1x#Bsu
z7Y{GvNY2MN5pR$4X&yLF+uN0;4e?-QRXpFL4_NP<-h{o$b#Rz!;*;6+@c5E?aPL>@
zf3L3k7!Nmnf`9#@`hdICukKB5h=cLIIG!4UTYDGLPm=a;f6}^dem4TQ@;veUm>RJ1
zL4ot%N8rb3UmQvd#GS)xV9Vk0#q~XKeQ9m{_E_z|@0|V`yJ*`vyvPwp6TNXfvkuN?
zSHayao$#;Uq(K)P?jBs)7vIgUfIZ>mac*sInkVHA&+eSSsoeUwzN7|jF0X?d9HP=^
zXt_pQU7~WOK+omHwQx!1V!jFosLc7inu2rGhZ%D=N6(q;w?q5hLhGjf^lC;h9>>@M
z308O%S>f!80p;9f+5eAP;{^>$G!4IO_CW;x(L4;+1M|fwRS~96-2_)2l{$5!z*)u+
zrcRM?oU#E9ll9m$eA@n`4T4G&*XyvIz-%Da32Zc2kC(6-zg|#r+&WYs-W|FEBUh*f
z?D?x-(QwWxlpL}ImZR68!r0Z=cw9B@$FANbgP91k9?5ujU>-^jU4k;hm*bs*i%}<R
z6GpE%h}iGXVa1{A*nj0AnJj5X!XsZlS-2i%-O|xMZI>Y|efaDp8qHn>v!0n~7QM|7
zu=49W#H@o^r+EC6{(dgwR^ak|HFTS}^aq%APeGmVuXO=y+eI5_eyRvdZ)r~HAC>(L
z%-Tiaz5cnVIBYR?ol^~X@;8U+dnKYx;&w8q()a!C_doDu_%fKajfDB299o`&Ug_V_
zXGqKMKYfAPQ}gi8-l?!0vY5yx@+1Z;<f_m*^khp6RHhu9$_&Vq;1E?jmcz~d3hA)W
z(l1RWRiZCFRw%Sgo*KjR4QSub%W2A=GcW_CyC&kD7GWsSYymOv@jG?K@Qr?WM<Y&?
z;1L{^dYf;sr6NNLSE-=QZ%74pV>F;CpFYFS`7uxH=aH$Bshd|Hp;SQh-q^?F>3&Lk
z_Uai177P+$U6mBR>u?}q_N%Apb8$6#^=ORUIu2vL8;hu)q79?v*cf*z=!EM}u8Zf~
zVz<Y^dA19gh#+_*c%k)@HsaJvZmg+ctA~*(amDI0tHnHS+s=H4Kt9r$8VJuMFNE#Z
z2doXKi1&!~#D;U~=?)yQdMxlnjf|Q&cw616?YX!IJ~RE`GT#kOv~&BipcQ`kLpoZ=
z1!c^4F&Mad5Jqktg^AxzG89GJI_7sm+k$q6(`$J|MgM#%24*|LBgPYL3ceCysM3Zm
z9R}O!RJhXb`821cp-AS|dvRYhN^W8(IQX}x?My@e<pVHk^C*noJO(FjtA)_u<wMXo
zQC}R7UOF0flkG*2926OXQ<@`vX}i+kG~EgIa~zQLW0E`<IDF+Wf@TH7X|^+b!hNyv
zlp0ENk@mxdA292iS!kBh9FDV`;62|50Sn0h$q3UFLB+E%R21kiHLoZ%>+z2W5Jt;4
zoQjO0*0AX%g{xK_En?05%`6n{bF=PcF@cJV->s?0a2{@pT4}YU0(&tP6&n4U(th1M
zDj<x>m8hLdMMZ8M12uD~n9xvzc8&_wvumIR?Kqk0L^XQO^Q!R;IEX4))o5A`RkEuJ
zLbIyEFD(E)HuTg7tZPQYd7%qJvO*D($u}Sig;%l<x~)@3OmmC=K88$h01n?#57hAp
zAs(?Y=G(Ctw0W=?A*HmqUGZp_-`+6Ng4^}SH;{EG3w<{9ML<#@+~Yjqo#=y>OZ5Tk
z_;nLdX`USx{G^6L51&6o<EX}P4Rb?4LLgit-H^0L9VvJ6=1J69R99?UQ@>M3De`IH
z%@?(R(_Cjb(eLcIw6o#&a{<&VuQxm*Jmtb6NP>z6rFali9&I6`77k?0nMInZf_7wt
zGEzbm4rK1N(BJcQ#{VyA-_(3lXxBpoaG^oCj;A7{mnCfbi6Y~t3Ln1bPm(tj8MfWb
z8(H_YxMI`S9F_W(LuC$Em2iplUL~^{!hclzNe(W0F6kvsvF*6Fvo7eEy?Kr(2rH*n
z!N>WZ=&tKIf9re^lm;dTp+)Y8;<}1ToBPc?5%$dbVYWPngN{dNnfy82BHU3qtqNQg
zxglb={#unSGCst}uhmgacc0!x<D@2Np3}lGDv&)%%C1xlS~Cb^wvEM@Z^q)(J+*%u
zx@H)fW;E3uR2sc<w9uFPA`g6;|Ctz>r!*doRB0ylm9buEoJswzCIFqdVIrz?0H(P<
zYTn*F3|vK@P21Ga&BMhh^GciZ&0JKCtELNBXKk7dyJ-&ait#}p>2lW<^`PRKqif+h
z&kgnw4w(DBdgHO{RBVUNuLAc49#jwq!Y9@b?h8H8Dz7zWZ=Wkh`))e7SzPi(35&Uq
z@0!z1^y^*`KG=Eb2Qi=9lD$jFo7#yW*K2_{vJPkh){A@LG2Ih`R}VIf?c>qAU6Q-N
zdaMogw|=x=c15Gu#=5|i1HYiTA-aHd=IU9n9aRZ#v)$o6$487@RN9(@Yv44=8NLhr
zOzYhkjrRR%`{KTz!_`Xt%E5+5uJ$s2P`-^hkK$nMi?bJOdYRi2lJDsuA5<pIoAN#N
z@*BLl@0a_1<G#Nt_1!HNe}wB#RsS-7dpKO9-LU+$ddZ{p$JW!ouRGeVY-czHp8K@e
z?_)7!-B66%J|3gL8G{QCrP0g0j89<>qP|WWu<kgw1AcS-;j(~l0OSp~Skl7s)`fy2
zw<veG#=D{I^0s&?>;I2G{y?84ec`l#_Un9!r{oaqxT206T7GB+oaeiu{i+UlE*G-=
zJ*KUn2Ae6i@Qd{q!H#ddKfL({R7oN5O7IrJX`i)y5lOyo$;qYohKltoPt?(Te89X)
zR8@E`@`hiWzfSi{_Ai0`3`cm!_zHg{0#?m-H+=aBxXt$vm+(;9))VC0rh18>%{Rs$
zj$uwn(1cq&lCWufGdP7gW8En=VEy6j4{)344v%@BaGB?dux(-T684B!(J-<R-08FU
zPW`&RU)S$5h5P;grSGxsY!M~<9>bYCv}_WGtF&#v#f0xsJkP(Qebx8Wl08o?8PmRp
zpDVtHVc)}k$0yYn!?q5S|0PVfYY(sCi{vk1JJU{tiXP<g$8T4|OCH=XY273Y-#7vs
zR?gZn+fcLI<4c64Hp7Q`AL+J}0m}x$HmnlT4y%_*IeYsoMywi%5#+Cjd_5HLdsST>
zzj+)r<7<miuk1bguI(pk8P+`C*FbwCt_ycBQ2*wSj>|hyU#j$`5H~H%p+39sx_+WR
z=aJTYHeU7-^<em!TW7>s5hFK^!q82_kg_jTcr9*xrbuu^h&Xs+@I4yOW779%{m<L_
zp4VyLSpOQW8YoK7#`8^~Sr2QUKQDm31N$DEp5%M_^Fie@yDUF>&x<6lhO3bkn>>xS
zy7s3WuD)1a3u46TH=p9w)=xBiY{W+rTNFOj&_eKX3x}t~*9spP(M)1<BRt>q0e-!0
z`t*3wsBgV-xB&a(LvS^}3ZAa5iI+RO;m@C?`i;ZO8wWCQYx@|yI4~8@_D;dCkLAnp
zkshvZ8;`r1%P4XC`N3&CJDG|n+k4{v@+x?^vN|5Gu8yZaj={g=nw!JP<172(WU@Ez
zudI#Ri~Vtb*JKffa{HZX&`ayP<L<Zp#B*+c(tD4u9)J@`-nhG>HtsE}f*Y$o#&0jw
zvw&_NNW!HIcRW23CC>p~J-vei87*)=D+o6WLU4O)AO6{*{rShAIJdqZE@TGa)eY4j
z{7E(Qvui)#!M^#pweE9V%?-l!ykI=qtKRhVXYz<=znO_^+s5Gj594ree-!?ZxA&jP
z(;dtE6qj<VNMUM0Ex}c0vC5TviOVvV1T}FnPvruWTNCH0KjY~+n)2gwIW=&W`Z9$x
z3RyL9+L+9@K=VFc7ju^3b#q{z7KF#qw)lgz{Uo~L{UZ}A@Z}&4dCz~pHJ;U=MB_PE
z&6<XzMANyj>Ypb@s=7?w1eYlr;XHW*oQ!asv;hv2)(h+>7RHXKG+~`Ugs0>6*o>2~
z9=BG9)mVv&M1?VHbd)FFAH4?e3|fW}%hj-l1J(w!R^r`(`7j^33h$3viH*lqBb)!j
z37GdzMwy{YQI?jM8McDV@M^^GIEM!>)FXi0_y~q_q)r5^;cH;lIR))gcd7yF^OtBe
zYdOrirJ-5Ww@?DsUw-`^ts>W=M9*}T9J~~66ISE&E%o%%35$1%QL=UBZPEv<(d%e_
z68xvG!L7$?z&bE}E6lnipwyrOSdS!Arn$ar(w2iT>lBNji+_^m(8l}d8LE%Z#yj1U
zMR;n~CktQ1ZlwZ1`YaK!PRhkUd!)c}P%bP7=4g<EQ)U1Mrds6Cw7-HjI3@a}>(GUr
zN&wnNAw@>}SRvUo^lxXt)N+CGx`=*hDBU#y?=+uBx}MM4er{G{a6eK!k6>cVEc#kl
zQE{<On6U2V@Sg03`nmPdhzo2oQ}xMAG4*om8K^6$i@G^=Q75MkDyN5{_lDlOfOYku
z)tIz;63*RKFW+$P-Z`{c{1p}1v=dAXK<+X1$lB`~pMo=D^$2|^xOxnn!<|t%qcZ$y
zUCr~Fi__4!iGX$0Ft|jxVD)Kjz`9NBeEpOB;SukNuw7d7d<6~S8c?C{femLh0qZF;
z>R}$Jky-->HP-}8-<1x}xg6vKQUT$GVVj2;iq|)_J_UX7RbE>|z{+7NA9Z(M;0~WS
zAG9iHr3+E}=J$m&75tuyJkc`0C2enN7|=bZJKAJ_rMnj5>)N<g<3#bR{aX%NJP59{
zT;Ur<1reEZ?Wt3#J5u31)tQP77o_Y_?`V1C>Je0#TLqqBp5pJ*A-e-^KGu(#=f>B5
z4d1o^eqnwhWc4HC??**=A?E)Zm{^}b87|-XzHl67L&dWN71?6sYMNOkGi#FlKUw?S
zXxVrwH2&ZM+i9o`YNgafBQCIo_GSIk_E1lt=wH=-9m7<jwxBj@Wizz|HK}l5YGf%;
zQ9)D}R2Nj^JMCvyLsbJ+QAJQi5Sqb+8sKftH`y26*LK$htRq*C6vc5!dI&<&B%EVi
z5Vl)?4OT7?s>D<&bb4}8ZTX?)aG&Fj<ww-hZ<O|m^!wfA@9;_fr*MsSMa#u4aa*|t
zAbsSxHRIqs&lx#Ka-@0Gj^8+rs^L^PMRO4zM8&u_W^Y#mHW9E!*MU=n6Q*uc16D4g
zK8R}$&j`|8j0ZX{>!@C8gMMER+K$}9+!08{f(|Me6r>RsRETP!LP1BA5!7#pz9W*1
zyq1L;gvr-H1ps3x22AMGfGJ%U2UF|f&!u9+ZM+i|8B}2RqrSbH#evdwN>?Mvv&j<r
zx9Vciko14mMvQPOi;x9@lJ>c<mbD*BI-9RK5XAv&kAfcXjq^o^)g8nQZA7Dg=gAu;
zi@$F*DvCcW_)s@udfKLG@L1?c{dFilD)<Oj9;=rk;!`KxBHS=@r)rMR-Z_VcagE@g
z;4k#=MW%hqcJ&f5d<yYr87(nvqgr%xz}g_b0opHXue(O$>)M136VNERkuG2zv~&<W
zB0S)e;DgT!J~QlBxQ$;k9<K9U;g{ftCfQBIX`o6QyJjq!BsbMvXY_S#(f6?kSy);0
zkxHAib`qTCIE&vM7$1o37q`nxXrFp`HQeU7!DXQf=I@*@&y_|qRbNmYK2g-a#`>XJ
zVm0I)$t(0dc)zIh0U}_{>>>{8`A7L<*JU-(TDET)oTfOzXQ2<gIbhwV30N=eh3jNj
z%-Ev-Tk#0m<_nv{b%v|Zolm$ADo0cn`+KD&ZBK^ZbbrI?wA>~xp9lvkguTP)bLM)B
zQH4rdy?-^FNWZ>ezNU4rU_$>KuzJn#M5TW3!=^X&{oT!<RrtJ2FIo5EZqoK$EGx3_
z;r)W}JyTTQBWa(|^!cWIkEy<2>i6}1KlksUX;rZNq}q3GIkN>#)0*ML-Q)5cVA%3u
zaG2+Sp6h$bbKcy>Zx|2%7=N6+r(TyaX=f7L=D8s#IS9ej|9jK6^X0NH#f>SIHelHR
zvCVnJQy;prqhT2bto@hvhexCb0+Is|oD_^5mo)+F!R2t6?SK)R)k_lb$iWU79mJ@)
zkmL{qCkGqwiI=vaAE+2s4nQl7^{BLq_bwoGK`6Xqyb+ubjNMn&&|%sBW#muX5D*_A
zJkS^UU+4nXVatZWW3C4-Ke{Z>A%C_r9gb6-;Lq3Lq&~@Gp$8^!nJh1r`;WxWU_Z+q
z>rScx>$a2I;6BA2z7f9gSm1$~TUDK3zIPe*BkIF#uG?Go{iby)Fs13@Vq$%~{qZ*A
zNM43LjW}bcqj{=XSu?)LiQf10w*14odl@(nvqkOHT7`U%*7HdE|4;dz>TmQttl^<w
z50(EVq!#yG9A>Pap}UOB?#n--erf~wB>KQJ(Gv@PRL{P6UE_m9pQU|<=9w+@0qfEM
zu$gUxjpx(>1g~q{7gvj{h88(3u>1OM-3VK5+8W{f-SY^X9|%9v=(3}Q@3X*X_wly(
zNzNzmi1NgSGq1nSrP4S6<}*pWBfSmYM;T>W$oCj~pW^r)t?o@}|9_-^@tO45ZsX)|
zRrWn)8kea`k~bV!yT71flc!Nu*Zx>k5l^CQ@M2j_y!!Sth(Oh3a7ujL!ieSu48iH<
zW<}6cVp9{D#u6JF;Q7X;`1Q8B?|t#$5>9O#hkK_r16Ii2-rF0F`zxyA#hOsO+&u*U
z`cto~qT00`vvH2L&6k?NK}!4cm&bT{aTV^bYmSG@g7IY6Xp#SL`}x^joGfUA>v@&&
zWNjThTwWQEb`Hazav#pugT1i6A8zfKD4uis_2pw6U(yy=bAs@AO&vU5T@!a#HNdZr
zRUdHs=wh5n_P~=v>cR4tkFVosR#V(4sD}H?tK!}_J=6^9kKb{6O+TDV^~9}j2IAKj
z_r-i|`~CS%JlGeGtGSi&_^5iY<8_Tk#vaaXg>xApxVpF|uH+MW5|?Ez<<-EYT#1WJ
zj>H9-^GtRPoD)>XIqJ`tvodF>Ut>-)8HG8OQB8u+K+$kggYh!yJ*L-pn)=wwsX=%Y
zRSAE@TH#4##V0?Euuyyt=RN;}fVJ7QdL^39y}&oLdZ*bORP2)@f>q}!8{sr*J;7n>
zdJ(89I2c0Ib+DU2QyJqx)kZ-MQw@Qt9HJ^gs&SagL2CKY5*(;9<wmbYxlyZONtg{>
zN~S^^u>OMjGgsiB1M*R3_)3%;u>u=30c-a6$5EzFD#{F53X5SY@a~``7^}I4>!sTd
zF@4GRXdAH#onzMG@e67690#l)&!^Apn27c%JJm}BJbQ_TvzEcEYYLi1Zq)^>ts~dM
ztVbH&8(2UE-b$RgtqEB3cZkugwdZcs1*~61(R(^3z<0`O+|&fDgEPK?S?2_l9GC~|
z5e4}6lv;=+a=_Xl2Ez-~fc5U<=cq9u8zs6Y!(wnAeUEf>NZN+qWh2J{YpqE+_(%67
zSPaM^vWYAWnXu@uB}1a00*^d3LKmhIh9FhKyibZmZ-rzHNv7##ibNUBJX7yg*4;N1
zrMtxAAI;~YM3Z?a(P+-ocWMkCOo}f<lw#@g$W^NzmTSmp(T<3Uj7hGjmtBucRzuXw
zAydWBbEa-K8LDhDQ%shgkkk<LTGvY#uuk7F9k!Ef(LT4mZUoStYkN>Lxh6c~Jdkr#
z4P4ly^XM2p#fRaeuzN4<6{jS!sqeR>pJ9Y5w=rwRz-hjd_-r;)pDg|a_vGtxv8INu
z917?8&RBg)4OqW9{SEDeX-6DSJK-2N%-x}$k}3k$*apIgYmLm-lUqfwR6VJ>E?`aG
zkqobSo(PDOO#k2wgAL}1N2DIVeq0oz2QJZXA^5lPbH3K;7fD~BU9LKUmCaqx+#YbB
z?=A|A){9%~0@nVE`@?y*vnYB#&;49iD0R#1hF0mV3^y3#qUZFD)7W!<5B6WA&%Q{1
zNB&%T&eKk5ozXN_KZ140;vsOI=_-nf;K*Pczoiy^so$qkALs<9*-l9LNex&JUp|b`
znW6BU<0;GyzyH&?Pm#YnUlbz7ZPbcUaGCBR70k>$GDXE<u8Da?5hg?5$7imOC^Bq%
zScnmP72BI<mab@KPqHsbh#ie>H;b`0JuH9Y0^4b@4QeLUK*PmUVCPU_q0v8UzbO6J
z&Z;e_l|@AbQ8SZ@3Yi+2R8TM(64hxZs8Ee|luXt1s)8!%R8Yups3k}XMdh^0Dyfx)
z-W6E)-B;@a*5NBhz#+^5fk}blK!RJW8yaLc(2d%A@caQ9MmI#QxLUe^=o0<Au}1b^
z+Anmw@8Ui&Qk%8Q*DZ6L>4?fvl`(b0RQz=DC;a@YI?9^c?#sIo6di;Qvp>`YtYcS=
z6+sS%K1$;NwMuvuct=qY5FZH7XiqHsK{Z_>V2!K;r!Xf>{YDK~xqxXA*FtP7ZVTPe
zaY;wRX?|?Vx@UD4Aygn06M|@oLWM(=zl2;s=vYVvMNx%A1RHtT%!e1jd<jD#py*Q3
zK0h|4Ut?JN#nr#^8KUsuBEyNaPen!_OIUTbJZjOXR9%uhhf5-0vg&Hlz^bSDMIPZ)
zsaH9Kga@EuenT|KZJ^UW>nv=S8s>?Bb#V{)F7ic(l^t;Bxf-xe*)T<fJ*?pm^YsDi
zjLkFP9^sDQ)L^mfs%G>WU&oFQmd)6qp61BKXT$i0@Qd>k+kso0o9=)ZUk;#YLQ@Q1
zKU|(81+4XB>!WQ!TSLIg{o$#br*!+4eY8(uUGubSPFFNbZl()Z`TBPr;U4gc^}=U)
zpQ&1=Heu}qaj?lZ))!4Po9e<*)_LRj#=4Qa=Wd@9+Z1n4$~MK%c{*a*2vm)%s$0jD
zbyMIx%Nc%){1CJ#2;W~+N0IYEOYUd+Zx!~v`nTX~fLEPY6<&P#0Qwtiw<GS0BQ{2$
zUuHiH$r~a@adG2-wR3uBIL>esy54n3E%KJ`T}mF;0Y3A6;1%YD%zc^i5;<U<;3~p&
zrQLseA0J154CiUiLjPX#yih%|y6zgA(OaV7KSdv~PF^t?4&xl)J;xh9vwg7bta>f=
z)%#Y%X{-}`=M-~aA?sg!{&aU#>RVnMT(Ie8{-olkr3aGa%?aUq_*(PA_t3T>!d3P?
zq<8i`hQ7ZTzDL{l>-&9u-_QNMZ=x?oeLcz$N?v_*6;n1%G3@90;AH*i`f!eLM$dIU
z#XP0)!6??NqF?q!doJyvd3(`4ue<2yPTo}m*0}9)a1C=6`v49(z2m&`<r1TSwO|0;
z=DWdTkq0_1*95HOVfq*J7YBPe<PVAu(g&;umcwDX1BP!Hjz8%?ZhU~aTTVB)%y&Uh
zVvu+b_vw5PCOAGA-(L7uyp9|Dkm+ltqjPF!#D5nr&y}vHA38r&ghIiw!PtF84Oo}#
zTLS0lq^(8%k_XE9TpzG59R~MV?l^Z}E#z}{Qyn+WMI1cf{+<tt%-*IRz`OJ04w^?d
zhy65tz{;0Pa-ZxjwC_I89kaI1l9$K<>-_p~o9U+S@3olh`;~sbm|AB3itnM%^Ob#%
zb$8Of<a;tSzK265GwW^^<7waUdy&3Jqy2x^_h>!OU-dn_5Auxn#E?z;8~n9PZHM<K
zzK?+`2I|iET7GP~@X@X@t_a_y9vtLr$}4@as4>Xr2wzTobMhNBTGR+1Wf+ZMrR~Ie
zrZv`|QSW8I;k?!-DIS~Q(f@p4c*{BU-V(dd?Z(vAQ^|XGLi~1B^SqA>nI9tU7s+=|
zUN;%L&+iu3T-G-BRaK&@VAb(e@*L?5Aj#wJ7YMH=d;Gi~^AI{O6g~@lOoXQFdHz?v
zr<nTx%f5%|5Dr(nOTMRKXN$v@bxPHiwJ&_n{iuqKo-MSx{5yxMkv4d~q`D?pl}4Zn
z3I(YjXlN!d1gC}2gs7Vu6=q{Yi4Aq}d_yDrdP_Zf<jHmV_l$PO*{qs)dRgr^|NQMa
z?tj}Cj|#l-V%H!wU?tD{?9ORCx^@7MuOAZd<44!_i|P4I!*D*;6IYhCz|Fmhcy{}Q
zA-q)DlT(XvBR2?-b`DnqR_b5RENzV&JSuc`ZQNfHfJeJ0(0k<?mpu2W<(+Y3n|j}o
z-+p<H)5|*GYEB>?uBwd(E2`n{>c;r(sag+S-=BdK@h*6LP(7PX3Rs)rMt&9CT~Zl$
zw{XBJ?OUXPwJ$ED`{PP>2+pnSB(6pKg5INTJfijLmf^Ugx$NKXzrMi3Ylm_F$^ksM
zdJqq;9HhtliG8?zdK>nqx4@b75M0Tvfy*LDCC`#0aZymsz=iDUIIoZ;AqA?{1ZOj=
z64h{q`ZngY5vQoH({eJ6sZxj&GSc$Gui<6d^@w#7C#i3}kP?K4QI+r;X`3|u_=ize
zeM$04-oqiQ=>PwFt-+M~C7R5>BEr=svr(Z>wjo$`oG3G4Jsf20$FCFE$y8#-ahSRm
zw&T{qM$1@Y%vx9r*1$?(^cqy8X$6{A7_}PZHN4M^T#a&qRbsTMV1$I_$d#}du@Ywe
z3&>Qc*CP`F>-1&#XWtx@8L}MZhAqQ}qpARNIAHCSf--{^i;&fF=o0KWs~+|1pSS^L
z&8NZa^92Z*xP*!*sbJ@T^`kKQy!P>Em-M|lf|Uc-=}TbNDG5y@zE%U)-+o8yg==8e
zEgA3j&x7mO<v61m!8$%~JIp%7qSl=Cc=3z$86sfiP_{!Hd?&8d2drsZ=`-R`vR@9Y
zhvws3%?Q@SEeFJPUfU;p!?m4g{C&H}({K4IT8yGK>ynJfuaC-0<$!fU7XHyC0T%tT
z2st?ItH6P&79})Q(1)jj-YEt|fZ8kBh$KBd6N^EDN)OFr9j4wV(<cd~yTsw059Xpo
zW1`W_pUtZEA5MzrBBL}*-=c$s6&b9xwj8c@HHX&(7u3zHD@+zoRme~gwKK_3WoRK|
zC8&uYGV<Nmbk`Y^xm)JKJHi{@(cXyIp?0R+!oLrPUAUdj{P5|74Hh(j&n#~;+GMK2
zg5f{M4}o(75I8Ro&67XS1+_VQ$w1F@rUJno_6zMWddp}-z$pUO<wM{&#}O+|sHfl^
zx_U?$P}c|-*e|e0+5z>NqL=TJd8Pu#E!++3Ppf8X%ZV*;o8g9Pan*3}h8nP@>_`#e
zBAb4%C@*}O`=vPI%#BBZ49gz|hcONaoEeCqnL+TI?g#Iw-Uyi;BG%Wnpo?MT9S5vE
zvU`YN$ZMe&TIXs4RuXr=ynb+);UJ2hmRT)zg;LL~o~RpH*AN2m&U419>98MR5C5tD
z2%HuGzsbJvoZx}rX+dzC?21p5KNZ&+QyLfET#R_n_eM~-egtdE_7pgdcNB$q%8zQm
zdhF^^1WpNr{S<pqP;-G}HO>n5W9(38R&5N+9fk{c)Elv^KfE69licAw+glXP#bUOJ
zd2fPDm(Lt3GKSdl(Q6T|R%laZajEiVe1UsqM`LE))nXhOvETW?g5yAI)QGPpMsL*3
zDnk1@{j1uqnNEd-4k{!R(x{lwK}AI>6%zs~Bn(g?k)pz*fK=4cKs=gA3m4AaR(90|
ztb>;hLWLO>;I+sL0dfBLH2+h4e_0J_xaIE7h2vyLREs4|YYrOZ?9PVgL=X7Q@I%n-
zAOy?|fcJDS@i=&1Fnr0dJB2&JX1X<k<_4ivQY$Roztj*K@PUPolRiSDq(=G?tSiUC
zW~vRMeo#*fdiL`(e3tkr>}T7FkyJiZSZhb?oxE`pwIXW4VU7c)Y*9xp-gtNe&10I2
zQAAuccU)`~ux4}@1+Y{^kl}ybC<}%Q1{pT!I+Q{|i=k*RLN@%qb4i1yFs0Qu@wWP>
z&*AT22v<q_R$VNQzh9?ReUdyE7$RWeaMh-p#dUG|XpeIAZ|hImr{bE6Y9sA?#Cl-b
zcj`58`BE=mrMH1ggfrSNZ>I}bC$FC@M!~a&o98yy1+3FIP8a`Pfk^?h>;v5h)>)fp
z!Ev6W{&Pql?Q`10KHOd$jN`C#v*t!Yr*EA`z`OvA+Mr&Sjsw<)u?^8Ur7?XkDS%;3
zOkXn%&f}dBI6DBrb4b^-{NX*r3zg@Fz=Qg&mRX<a1J;7ULSLRyp7=E9Q(eG1e)V{9
zu*)af2TjtN=)%$QtHvWVyfV(q*LdX?wIzy*J{S1U@JG-r`fQqt{lKgc+SmD@VSEF9
zz`AA%oMt$QzatmK+b?KFupV3um#Hprn(Ku5->aeb%||y8I;%45X4;8ubl<goVm|-&
z5xFB!vTsS08CDvf#D5~L|H(}Rtf`&hFvUUWde=qG2-dyJU_Hv3zK0{+XS*Y7uVw`6
z`MvNM?}5%)opt-$kp&}Besp;e09#M8LZ|FbhR@<QG<zt5rv~W*)@74ve?j|?Szhp-
z>8-n2<*I$F;55cb1g|EwZUWv8z4$ujeaediYgXOOU%daZ`4E!)Ykf~W(!1XG)G_G)
zb-w3q`hKDN><@7Hp;T=0{(V0cdP-ZoXR!#Hc~pL@C9QM^t4A&!375&v2$~m!5bB2m
z=J<=hOGsFV=%=d0Q}Lw<SUJRTo#QGF{&Lvq6+`|c-zZ?s?+@3xE^v=>L;EG|)qs^p
zu+lOf0m~sjhqv00fBF99aGK_Xw)yHAINVZprNCjPgXqiI5AoDxfeXIO`vMPNO8o%$
z9rfnagZVIXlp0kMGrv|xhw|ytmFHF#2MPFq*pFA#>k=;AzXY}uZQ(}!2Zy-qfpnJ$
zC>Rc>sZL^4u+k1)IfRfo!El`A0M~i+KKiZNAeAq16fz@31h;EXtd-|VBUs%gx``3h
zZnNDm>uY_$T5n!Gxbn4ujr#sV{k;|wT74~l)%TDl9EaF|`gXqNDy-UD<e5p~s=@cz
zbuBZ_wx{JE?0cLBk?%>6eNR!^FVgqaEVlNmrb@m?@;+MM6RPt)l~aoLJ$xX52Qg?{
zx16rx0IWxZI~E^S@3zjD7UN5pSk1A*=*^?$xw7Yo`4n!GToFY30roY%Gw5$eh<(8v
z+81P#zt+?-ye(KyvqI8d_3~JJz^>NpTJV_cA^P;dS%L7G?gM}J_|v`7GOeY-lkg3<
z>d&o@($xQ&k2S}ft!l`B?#?;dACZq+;4OX!d!)eGf#Q191$!48`q$rn{|z6<e~j3j
z>NSf`Tswi#DWSsG2Tlt_z|;VEP4a@@6h8#d2!<ckPQuri@;(~RQ!L-3)w&kh^Zc#8
zhqeD#d=Gse*RhVU>0VaSeiw`5@<C+|SB3AnH{Yt^lL)J;zr|F<<49{fUs6p9Ryj!B
z++5G54~S+On&PFx#wJGaXjG;VUT$C-8qq+eK3=ZZu&y?quWO(SSf5gjc`m&&9ux%O
z&W5)5{iQl$^X2UWxK&Uck2bf$AFt$EnD+7Kw#>lZXkQ#jsez*@wQwY<8V)Cf;z(+3
zoXM<-+l#B<c8(9uC41sTW&@mF)d!C*s|T=tesT@xGHc-8HXa$P?9+e8#mysdDb*eK
zmjvTZz8_wkQMWNZt^ZJZV_aF&QJy2d3a)IMf(t3`xK|K@ySYAiu(g{Ahn042>vSBC
zw!`BC`Vp+hGMeIgPAG2Yhv3fU?zAqcrudWgM<-YI!MRj_+{_KZ`6M?SiSxz5^yWCd
zX(C=}g4UY{b8vo>dda9?o<G13sjaYWo)3PAu0~YF&V?b^LF|gDiGvAM=yzAe#q4SZ
zE@Y{k&#XqvWinLGW>giNNtZayP;IAhO6DZ>cM2y`ipOyi^NPZ-Zt7#trv%}CWF`Dc
z+I|#K;pL8@WtG8n?0eYz^Pr;tV!+yHM$Hn9W?V9BJO}SIo`Lc`GsLO?B1|2>PGAUB
z$E`&r4Yp&MHLy__qawo8(W_BWVU&ajQ%9~c@V-pB5fWubtQ1%dS6BfHEyE<thb@O$
zpL`50P|X<!to5cX#Xovyq12!yC_AJ88;+`X(9iz<7)tj{Lg@i{C_Qj7-XF3U2QI54
z*do^MLAhSZRG2Nt@&oG81`)8%rO*2+7VQ$h(*>*zrWe4hLp+)+*n}r9)qu6tg4HnV
zk|@GnmoZCqmk1C6Yr7cKoV89Du(sh)w%sE5OjvFdux=5fRNw2H1*;)>`hfN811Qlx
z3V!1YaPO&l#P8UZduS218g3)=(K}-Y9=%XcOX7gF=J-s!(>WIAebR|E4XH5it)Lxo
zT8!Y7{<aco$XSNzkzj&&iS9)a_XbS7M_DJYzh?qUby|dfd@vg&8Zk3py;EhtXi|Jx
zLKGQgdzGzV)!BR%7vR=i%;7-=d7bpysK?<F87YRJGquxe$<#DZE3F1<rd3A`nZN{p
zbYIm?AFzHs7d{c*2u=(_oy6KWs<{c$Ju=51q<w%dbH5-XqTWeAe}6t2B{oD5nfl7H
zA^0r&Q%wAN0zzWQWYIk31|i(|H2Lux$Du)Lee_!06XzeOMJ;P;*s`IpnP!coJ?f1Q
z_{cDys#-6x4hF3os9q<Mnh01I)}_MQ1?x{41+3FtQEgFGqkuITo-;k*A4TRO(g#(d
zE9-*EeV6v4RqB@r3=cp6nU)6e^)YnS5VTBhiApnV(QQdrUBKEsvpZa8xxjM)6<FC{
z>I2rCzHpdo5BD%Pw9NQSS19$%?hEHBPWb-3S_E-8)jqWy0_XaZ0r5ed$l4gNq#xR(
zwT9gkTYQ%CnJ!=*oI4oKlborj@Ip{npgv&TmJG+S_Ef+)B4MX`^!@RR#~7M71P!Aa
zqDfq1j94`sZPMF_fZS?yMe0jju;H*e5_s+YwQw8j3hx=7@SR0Pv%<{3h;|(^eq^?M
zs8DwrY)eIkC8&@<#r9>El(aQ-CE2sdlCHhiz0^orF2Yr(fmWy<SA`1fdZc?QE;RaA
zwXf=5(Y~txYN(M~4b=rz1=W}ori!3yN+_xbDkC(R2@zCIVuA%B0xF<sd*N+HM*<Tl
z2vUd-q{7(~U6*&!1+1G-Y{LBS!VteF4r@=X!F`QE<96cuanzYx8*Y5#vT!$~Xzmcs
zr`io$J`|w~E5kqB7uCs>^j_8r-3z+GoeJ&_i`!wu`r)XTP=|_hXIM|Jh~D|V@QZxM
za4rN|ENYHMaSipM)XH(FIH3aiF6%A!DN5UZ_B+}hK11W=Mp(2v#t_tUJ9+&CYR#`n
zMY}zwY*t6h-FSE%&7(dL-=715j(Hu_K7<3-v~F<akxR7A6@rQdE&Ad?9$_IySs1|v
z-UMm^LHbkRK*$&qS{0bmb#XAYF8UnSzuOom*zyPt?%O+>pDkCvWD{BYTxghCceJQ$
z)7|`n7}?#u9D?Thp*{zzM%u5%S|{CiUD+AyPpbh0j}%JWnTQsd&C$A`wLV~7HwnHA
zy@i%P$Zlo`R=7>uFcmITMEWQA(z2%dfOXSMIL@)hG|i<Txb3?516t>Pi6)tiv2b^U
z;Q$u5oL$+ln{0zIo752$9I$>6+YBD0)t#5r>vf&Hc>*1?J0O^^0~g_kdhvBIVC4X`
z$!-k?`rOZ{sMcO~W$@xbLSLQ{9{4ot6C*8;hw}_ReclUAk{gTb<tc5->dCO3XpL3J
zR?2gv{YtOAo(Ne$MelrH)QYKre#`rzLv9D5-$scIXdSAr;dMApb)bEx4+5wd)&;Bw
zR*9g^X_f=#eyg5+!TYs|t0thqqWbtSr3DUMSFg_>_e~u9XZWJtqPn^O>gCTb(K)#@
z>?YZZ(f&KmtD_Y8`hIN^TccTAQ*od(eYbiba_{*)<kP%G7<T5)8F{W0cz4h0hPn&u
zpjFzJ*nLSY;I7}lhH8_kZ=6+4AFwW+1pAS8@S5%k?`dA*PVq_;0qaQmJIwGdp7v>5
z^q%4lI}TU7TfnND#jA>+mSNvxNpPWIX4%EEqE$D`H9WG<x{C$8#yLyAhl3?W`-HyV
zm->G0_l<oI_xpwVe$nqseZRin=W8PRVEM6S@-HNxqKwj^qIO8Z5OJ1>9~F<)lB(h-
zO~82M`Vq9vZj0dPAOuDSpk7j4jM+FEpJjat*9Fd~o<PN%E?|v=>r58}Eb>Rtq5ybB
zdf<y3{h2TQ^ZLVOwlmx!T+zOu9W9geF9O!QesG)Z3cn~{1V#lI1+2^9F~c1}5rKvv
zpBo4E3%`rNM`<6TX=)Snr6PXl+9Bw?xRc>?S*Lw+`oNb8-mmh$BG0CdIOTvfWL7Xd
z=X<~}!dKkbRB5cOuTtBfMM`r7(Kh^P+Q(u9yV5vd<?U|bdi8pn+){r?LGy%W;vmMX
ztuu9j|Dw%{U^mK69PH+s0x50ViEZRv$fwNqg4;}2%-XEEM8Mt4s5hrBT&KFo{r-Qs
z?>Ds`g8O}6@?DO?_fWr1zQ>w;PboVyXOca8e&KtpyOtSk)7|n9KCs|4&|306n!ca4
zZ_4**wQsEd*ZCer`^EJ=g}jf(_jp9RVbJ<P^1p=Cx@C8T`+PnS=8g|in&P@9Y~lL|
zgho~t-r~+PbubZM=eSvXQ_;5uEesIvo49E_YRA@s(_9C!FVJr%{a`!A8a<YFH*Bx$
zGm>^Bp-xmS;VVKG2BB5v7Z|>JIDEpqg@0FG%Lf(uWcP;8Ja2R;=zvR))KUE$u=-Ko
z+?rm`XJYVviMPoL6W&LU-0p@^xxbOW`e0!*bkFH#STB3NMcWpk#)9fXd%^RA@OkRz
z7`bYM@clmXyo%|2G~TDUzUP0Tea6(f=yUw&^V#=^k*nOdcPewbTy2Bzk;B#Z>pxpq
z@zSr+96(v)`Qj>4uquL7ZJ62=uQn<)5$HnH4ezyxZ~y@R^hrcPR0`TKwE<qP*P?`|
z_4KT(D^o{eZB0C1TNl6HRK1D_SkprAY*h{1UmS=>ht!&j+x<QBaV;wVKi||`R)G5c
zE9<)BT7E6u$ghr@E1Kcn_oHxYLkHZ*3&E3}!|`OtP~2HwAJ;OyaVEhPw|-P_4*T-q
z6&$5~&aH1~`_kNF;l-U3xW1tW?yPEoCwph%PtA=$@0|Gt`=fnuIj=5$d7$olUOl{s
zn_CBq_uSvy3BTM@_hYY~+`<9syU)Zq<MDodz<MODF|K5V;AU<RZg1))wlQuTu%1}n
z1837h@$iR<xV^C}E@f50sW?|0O$^1OOR8_Vx;GR1)0*S=pVc#nZXI8Z<JlkK1ocHH
zsjoU$@Hwu0GZv?Fn&EUxATDH9#d!_qGBl)D#o6>K2F@^PRd8A%RpOM42t29ZWBBt<
zB<ne@kfd^~7>L)(?=@cMv1Iy=iGjEmSqZ;HS>efo3eR^AuP}ln&%THIe&vR?|HW{%
z;j~&M8cw@pCIToaT;<dL9mcPP{kXNT8@m>j#;!r7F%q^iQi!@5Hlro1WvoPqx{9W&
zP;ulcRFEk@f?0|875MahnX<!Ih!E9sn1mFdE{DZXBZe%KSt_RHG&Sp$i=m6vut@~0
zQws18`W>YP6rk*&d~7(P30SuuMd|JdDBUj?Wd`Pnz%pl-YHoh{?GGHhd>>aHybuMj
zawz~2u+CWqv(_<a7r#v(uufeJvv#p)GJm5{z`9CY2H>B)v*0pni9TS>*#@((B2jb3
zYJI@U?`abapK(iZ^RZMca~qtpS-Qzp?+jQC%E7lM)E#Kz=Kc6*$0+=xYXV|6s|5wO
zXRm(6g*&og)cl_NPhOzbxOBYJVG+!Gr4k&R%He5GQzXH>ha8^vNHmEdIHkX@F7)iC
zB~DM**uNKLy*=VlszWs1X*LTb8WIhr|7uos@OV;uIYNZ1b{#CNY`R*mwCzDVqR!^<
z9P5nQsWqje)@fv@7<#TyE0xTZOwE*Pf*LZ_$xKzJ4LpE~f^I9j=#0snO|#)eW;vA1
zly|fzhO8N+3xd|4Tu)}i3pxAM3%7H-_4Fo=+&+wBcaGt~%lqP{I(6e}!#T_Wqc^HY
zr?~Nv>MM_~7;c88Oj%RImkvdR$?v20@?N5VQJV4|UN0LMel0g~`d4^eDy*I9yQw1`
zwjAFAS1M|&Mup<wb<HILwkN@3ni~}ZeDfwh5kL)FIaK#q95^4leGG?h9yVOue&YH`
zC_ky3G=fz&{J+rm=$_sUuG5|28Rjm`n)VU_{j&PPVKNm1b6oLR>ZgX&Jh}DH?g#5}
zR^n7w?J3)Q1f5UyKXl^|F3C68TDUa=6~~sxXUU)7;S2Qu%i!!maGu~uMTIAV<_6%{
zO?A|_2v|qi!)1yS1~1VYTpkg?r>BlxK3d!*{L#xt*n4>|zCQIe4qZDWPRUZ*;Iu(-
z8bJl~bT7jDZ^M@haE8p54;AT-18rd4l}F}TqGFpeD@r<>@!b;*;i`4#GNY}#TmH&L
zhGTy#R9_S-4lJ<tU#I_?DO6mT(0=t~Dkd~krJW&DC5Z|O(!N6FL@Fp0sBj38Q3{CQ
z_`(G72qa@-W#q!S>r#Ed`ntxakhNIw0h}j03C()WcgKgx&BYBrl*al!bMFie-8_Ud
z_s@s}A1e>9gxypd%-kxS!hM#OZ@aLK3h(W>r3s(DKeZj+lfCdkVl&)Uu3JeyY25O$
zu%BEBl_P?&QxoKHdq6r=ZeGU+8k8nRu+FOqhiP`0vPl!LKDbWBMpL-XaE8k)Cv?bG
z?*uFY*3_<Id-bP+L10`oD9q(h#sp;64X}BaDO@<P=456Tfuc<rQ~LdP(5;_7&vm3D
z71(9P^~bC`n4c+Ar(|<k`=ZFO>SR&hs*Cw$4xspTK~yA(gKAV%8*88S&iel0vTFXd
zEow(3KFj3rQN2Ftq%{-Z9Zr2nd;pqdHm3et4OpkHp8}^j4)BZhM$?QYx`1`&h8b{}
zSqam=QAa8(2AhMQYfn@!!|l%F+h`H_0cp|}<2Q|!=Sl%<^F=g&hAnz6QSX?~jSps>
zxN{tbZ&82vNa_z4d>aniY1a5W^D}+Gnl}(`GhE;i?v78=KgR8+nt*l1I5<spfLFK&
z8Yec?1+3FnPeFxo<<TaiHSRxG4{UHhc<Rncu}vwVQp#@XSEt*fVSIgkz`AM@969uy
z?=23@Z9lIDtgH5~g3AOaq5B^B-NlG;rEz%0eep#4H^|?cFVB@e`}oac;ySW_(7sQ3
zj~Kz4)DaF7XumSu6-hs+2O_!gWkgQjI)x8onv1|rY21hSPxOQR_(~XBFj(BsQEB`g
zF5bVW`&)7wpEDL#11g|ySRHYR52Z~im;}4wmEbwm171@+vF)^aO600NtKc}?UIedi
z(!L*UkDe3VVAtz?5w24I|Em0_WyX-?+4qQWm3<E%R2JJtXA9wb>ZH~(_#UBuO~22G
zem_;}_tn0i`h2<XFRI@+?)yXKe&0LB14Gsh(j7?RcJb~7)Sh1x-U~dXFe%av16K{u
zo%YP5MUM;p9>(Rz(jbV*8z;hUmMyBsR>euum(t?4#lnS8sgLqQV6;Cx7r5bbqcdOn
z=k$Zi3@0%vw0&MX@)T;o$_I2gp!HqIA-^BK*M$7b_AV8pgk5G!8Z`d5zC-(iOAjxJ
zYftVvzYFyv>*<1czRc4R@<Z&6*n25@<g;BuW(2`|t_M8kxgzbSR54#^>{m|RK8X+F
znxR>I6J5YMV)1a;PpE{DupnJX&+YcpTewPoPwa@~cJ%TQRG(apJdYDRX1ZbRQO$Mw
zk8gw97#DFM*ln5%EL~+(TMg4J?(XjHPATs06nA$h#R(KBQrz9$DOyS)!QH(;3GQye
z`SQHy`<0WNoZRFlcQU&>Gi&Fj%Vpe0*>qkf;<1(6_-cOiOaSH^K@>a<GytECv9sxo
zPDI#D7nsLE1BmQCMh3mRix%~jU9c!WH@~4h7nIz&EC0vm<oqci5e>wxc115-G;MC#
zrkmo+1fe`{9{C4#WE5i@TT$>U^WwBlfn}l!PNF?K$gT<s?i4(yAaRYyxO+0eRxakQ
z{1uHhJgGgWc=Zm`kf8XkR~mAr#A$oU^?)yEdPKTX`EqRo43cR>NTiADqO|<eYnjdN
zJLAKC>R*NjFm}ohAXD3)uJzWqf+|1NS}q?^VG9pZZOn@`J$?@$MEV5<8RW!}mwV5v
z?ni3>!#r%iNuQ8U;Qkj=VAQNbAy4@hD8{n;<>PI>iNeR8c4tGS=lt<J9!!1r$rh(e
z>b~PKE-iv9?ml@`{XynMJEyG9;vcHkaI})9jWe3^m|DwM$hwi?Ivii3J2T*Pt(|uE
za*SAOYquVcS0C;okAD<y2!Cr~k@9OU5h>ur8a%U&ziQb>j0AOeM6szz^i8UDUmjf4
zfF76Kxh~iGbso-owO+1NuRr^Spbn?=b9Hq=!)i<39+r`qE^qEGF2~QrI)C0?Ymf-z
z?}e^`(TfR2?`rF2LuTz??r%xOpnG~iuP@}#J$##fc~}j0@S8(RTMsfjZ4V;#AhF+d
z&**MULeoPV5oR4}#}Nw8x0%SoX>-V#d|@7RpFRi)edTeX3p#$kDmV3HEk_Loe5DL|
zc|mS;JL?~3Te}?ZwuV}Ul@o4}FuBOS|GUZaaBkcff4Sf0H2WtOQ+Po!OvQCE3qB*t
zGh4!8+UfQbr^7#(V-Ow?%VqV9q%2gbkDDJV)2+CWrq>@*%ElYgr1Hyq5|6O{L5eHw
zam!U?8r8ZnCY+%P7TBQjr4u$`aOJ9cxVcZx2-3`Uw;KVxzgz4&_5UDmDB#0`S<p>8
z$>2=XPKR5Zt+iw;g|8MY&C>gs(L~Ck<vF0Nt4R#R-9y3D0#mia?(wHFut%{n_f~)Z
zjjU#i$fv@9$iXtv1Di(DL2UQ0h1>2&z-^XsxFdpJr7^4W{doA^HxpK$#XkGTa~<YI
z2115F`(jm)N!L6doIpiGkKE*)*6(h=J3c$Yps2#V%hWY{ugu=lamBC7y76dH8S#~~
z5C^<?to;+Nw|_ocPFZc{-$QN{qo65c9gonRhn0ju8YeN5`PoktdQpl2)6j_5Pd+GV
z&MjZavVjrebg&oqiV=%F?7R@C;?(Xl?u`@dAGrB=o7~*#=#P&6KUOgdKnc+VpQ^Hw
zVm@FR)Fvtu(3y|lDl(?re$`0Rg4M}(Gm1e~V^AiGPCsm}dia{a6JNbdIv@WASd-t*
zXXH~{mhE?J+^Am7gjOjiS~eYD*&skQCKi*nV;f9}Rzg*}Nj|CzuK|kyd|Q?cul}g6
zF17%CGgP5kl_6UZGl8!oz=IEr?V7b_pz_8Iv77DtH9@o=rKTsDNA*G&VEu|B(6K9M
zyF(8@1yR@lnrP)^I|cRL&-kZTuXq#Ck!|}99EB0PX_$#iUANn;Ctnz`%l{-qk9g%b
z=9LGI{HrxP(Q`CTbdy@byj%T(RUjtW{ph{L{|^V8_bgw4_Tpj3l*c4ea@;p2?4_}2
zaF1o^Q7A2kOwjj+7UX!0&}itE)#-!kCZ_#M%r)@p2JI{KbffN!7aydYL*t3=rVddK
zSQ4Ph{+OlgdT7cRSr*@ibjFn)+X_0PiePBs%4$-cl*cZue+`;EJ4qxPWN}k^&F|~h
z%xP~G_cfqZ^-Yy%EPjLpbJ+9#GG{BH$MCH~R<3!j+1IAOAjSex-GE#`@?A{<)%-N%
zWxMI&zT-(~zCCK1lGeqR*d(f>2hdf^oaL<wP>BO;{5-lY*p`Y27jUWa6Z~E)Xx9lH
zL$>T8=W=F%ZbA`;fdpCttg><IRr%6#5hZ})5LQ<7r$*Kz5b~M6S{-|p^e1snMrpi`
zBuyLy1Om)BU0HbQj%Zri=!>2@+hiPFMdXJeitk7SQ~xr3Qs3t)*1YD(3o%LB-6*9i
zziVn8eRzM=-kP{nEKeXg^SsRw>09rRb1|Zpera-EoIi_O!_tN4M{`D9<N5r+zh~Vw
zlP50XUye`ud(x+u359BFMDOkiti0y)V!V5*i`7mJ@*x+n*N^&VV?425w}Egs8q4HB
zIg37}L*Z!bEm@g|d5v3rr(AyK5LR03ps8S(M6%qMSu<0@K~7v67OEhRW|y=Phl7Nn
z+Mj8_U2Yi40svv+og|45lX3QwTg*qq#GR8jWPH?V4<03KzL!h3{5RE{pk{xACfYX|
z8I$}iTb$N_071af><l`v(`U-pSF2)g$abxfbC2y~Vxc-x$1CV`iy;;}o?d2}bg28&
zJ6spfXDQK=BD}K1-~EF#2xE<(D7|9M;`p;#(%T_oJEe|-3G3NvxbtE1Duy~9#Q^j1
zsJTW;=7+{${~v@rlh6PboC2?Z+)jhYCf$vMovTByTS+fcKMOQ*%x!|*xNp}Z_porD
zzT_Uz%8#?ylX~PfJMoe;>V?^7k>$|y&*hJaIa9pKi>Lcn@ICF`6C$)$4^attKEkhP
z{FE#0K<o?)-p_$53-pytz`1DK-TDh~N4beEk@E&XyXq+B;LLMlS}v`%iABB{`Z}D~
z{9DlTW9>n-2}siyyTSMi(G$CI2Xxu&{0O6PpbAD`$Lq;-NU@xsS6Of&?R0Xx3g`;x
zk$(uE>8VbfEujssQL)+<sL#XW4x5K0(ifaYam-a!i?(aWUWmC?EC?OeVNQ=yK3tWE
ztnQu2<XQ-Qf5X%fHE#@IZ512(U8J1|k?XNp986JYXujadYtm6a2xQ+B&jDy)EU@eb
z)({;(n;!(01)HBg$3FpNvTP2Y;l69sq-yH;27LNe9+=tVm;wh|0+0h;Q0=f`s%w}C
zg|@?aYlgO8fvl(N&bO&$+Ojl1%BGRN2YyV>v;Ykt&50@w*Efr2W-7aSY)}Wp!<p<0
z|7iKp`b3rW>BH1K`4-+(>1I&VMNLhwchu4>D4ne9z`w^k67T8YZt(Hb@n4zM_M=0_
zYXVGSP=E_fi0|b#%<fy!#_sJ@>L26+LgeYc=a*SKkyuu_a{+g2(^MfZKPqtIXW1*7
z&NoN1!e*^N`+}1sZT(I^;BdMCWJ325VDi5)jC^FhmftDvCZQVO{V<M7V1_x&=|>12
zlxOs(%IuD+Bd>|-oAps%i62kap&eY^{(AI<_DT!Q$W`mZHG>kvw*xya-p8!6ucT~q
z6ZT78I$43ksCuPrME7E?Vv4Jox9&4QXlu<0JOW{+ak>I%NX`~0+>15b<ny@HzcK2I
z@&4)07WI@&D-;&)Me=}{>v81|*DII_L6eQu)^Xg0qb=6YMS<awTX&j{F&Mxy05pJf
zi~@O><^HnhRjEFj)WF-rHW{haxA0&5CJBs31*z58)9AzBD)qm<!BmfqcVF0kQGz3f
z;f2r*E2uh(TqW`!aX9t?A1XatC33dHI?;}yMqKaCQ1aFL{-gZM+(S5xIiIGW#3snB
zA7%K(Yybs^e8BQ`;k{T_@EdvN*8OfEd&I%7bA$b_hDSxbkmv2V{6AiGC*nq$SFnla
zfgL@l(_dt+ZYr=Y`J$>%s;PKp6s;)cHD%yRfMcrxq{q14Wk;kr4b}C<gl6@htE!u8
z7|j}LX#AR*p{~=a2=KWBC&Ukeug-+9Ion+0*IpuWZu`8w;Tr&c-G1WCQ$ZWNtGB+o
zv3~8fFNekxy9@t;O5Yeec8*Z=yjJg#?vj@=>j%!WjD!hJ68?ZO%K^YN(2Mfh>C!02
z!a<Ec`Y(Nri><>No(IoRBF;+vq53>c6UD3Hy~g3~J-B)CO$7hnc)4~vQ63?AN~nE{
z_*kMM*mPWb(*a@OqwyX*0@%xQub$T7z>1H+R-^<Ss_WwfkxPX&Gc8b1p6Kqqf3Ps+
zL6o)9q6fe|5;;t*jmekG!u<;xx#@1WS9Q9lpxky`<oqa2n2u7!$7)Fc7==-4Tlfxu
zIvn>SQ@DoVTwtV8Ys0<^Sh_nooiYvl(?i%u%eJlMH<$^=Xd_lhIp{hF!Eac~H>j0;
zWg(LNuxNog=B<`4U;Cv<#3>yHQ^!?a*&xw`<tHf(jr8Ic8+sa5yEJ?atu969x}>4q
z$QOf{*-F+<Y(4mDRPrKanwn6U*!U5mwA0+!q*1n6wk_w|7}Hp{*;+@Y+_;qPIjv4}
z%!z0FQn?k8+c?uiv)HAgtzGi8W75Pq0IybsJE2<3Wn#l9GG%Ibbu36>bqOx3<u-7E
zBsa2|f~d%P*XXtkau;oeu>6MN*Qf*ArNAW*>A*N7X(7$0&6rORp}g=``gZfv<f|e5
z<OO9LE+ri9;EVRH=@?{MHaFr{%)wO5(X^OO=gMqY&Vx85qM>On@PSVh>Dqpv&q)$d
zM7ELWCQ!anc5{Y4hbmlKOvm!?CjzQzV}?d&gyVP>nQC=y&9P<g`WX&H(~{3L0h63%
zF00`@j${^K%XWiID~iSqe`JXG?1Ms-V%kxLB0f&R99UTzLtU>-tF-(NvxD^1l#wcY
zxoYL%GW4WXn5i(IludK~WrV%p&lxKHtX1;1n`x)_bjXR;Q#q`a+%(ZnMzpzqNvtF%
zZ{@w9RO`sh{=K(k>PIzAOblyP0kf8xBx39&f$O>|!Lcr}pnAOaiS@!Ujurn-R(a`_
z=V{a>8ia71_(BnjU&SeohfTryc20}<j|+dNjSnr~87la<*<soS%#Bb4&HJz@{!0h3
zr?EAU-Kawl_H3NbwHb1mbgxjDPmNdC3`Z%N70B>Ag9HJ!)4X(0Ytcs|_Lm-RCq?+W
z*eLB}7o@_+0^|ZR>H_<qLiq}Dq|^*`*-P1{sT(qj+mvMDbRpQ+xo1?bU4b<?3cfYV
zuP~F-6rl+yXPX}fF{Ex@XW4!s$?qj%-x$jSP`P+{f-N^_e_90{1oU~w;EBh%Bvi98
z(E$QUGfp`rkAID3b-M5x$pyo_kBVPrZAAvmdUJPK5X;YXM%rS@<^OH_j&ob=y<lLV
z_PxBz#b(N5Ay<ctQpdFFr;kEBf*wzuMf3wET}xEy+o{N9-Z5gKVL{1=1Njp6PG+18
zD!{I{VNemA5qYFiS!}9H2Cr#(Dn5#^*k5CzcusxwmTcHRYhg#>r}~wlUs_Hq``#>D
z%;7I`+z5HXbe{wcok&oHe+=YvHer}&>@fAoAJyH9k^UFG8!dMy*C6r@*!c`Kx#J~W
z{8JOvd3;qvQIf)mH{=Ak(=CxzLwvXm6K=Ai16>0mw13Yw6}UF-U5vl`i#6m{G_O=6
z;91)_TguA3lsI_}o`YiG2}m;N>OL92xTrOHp32C{+e8chyfiu+e+tQmdOxuT<${u^
zWhEoz$O#Bw=Ro8Iq|h8>DOTDCBVWeorJmAcWKKp{S`zbB$}TOg226PlCN)k*gIrQX
zTZ|t4CRa^cCuDMkzdw@JB_@zyborm7QtePS<bP{62sDaB9$?A!30*O-bQAvt+gonr
z{65TH58p5+q126D`cbEpLlKrWsWk#lXNq3O4h^mbX!=`W=M9VWM70-^qSablZif;p
zfkOq>ZG!1|U);7^Oe?fOe2t8Z9EHp=@pTt`Jc1$UXXc{G*ZBdz!}2SAsV!2t)+;`h
z`kU~@m7FF2ig<Gb;D~S-kfTF`e-lK|jy}z{Pmaqc6*x~<DXrE1F%k9Cn$?6~s5~qR
z3uS@cJ1#!!!QVhXX<|k_TK+y1TQU=fVpjR!!X=E=Mt5c$Gj3(z{Zmw{;q#~+y}y9T
znS<7Hd+H+sPhYi)A^gN;hCGL(G=tpxYB0!1nmK^$<OfRakoC)T(*SXtbw<3@_=AQf
zTW2S6+w@I`gnQE=+=IeHOyBPSX#(iXA07IPlDFV8V#8yK{RF6eLpK&}uxJl%Am}{A
zcp&J*fgxsAryfObz~cr(E3$i}xM6qFZ$488*Zmq22ht_tDX8V)Q{o$7bXQ2jErw@Y
zK`CIG@*As{^k)AS{YgM4UXGj~V|~2Bv2S$=*S@&_(Abd!(Hf?d&db)vc?^Nl8p{>!
zV;%oL#Q>>(fA1}^)TeFk^VnJ|k6uYf635?;9c8v)ZZ2Iz?2`FMq%F0rQG0=jo3ImI
zrUk6pa2|xxq!-tel?vWp_7?YJhKJ-}l-^XhL1&qM8E)o~5At&d2@@2Y!G**4j)jK`
z2s{^bk1f9&-N@!iDN{`bgSei8Y53rHXhVc~+bgZFupVh8T?K!koXW3m%dApyu3#sG
zQ4!Jw$ncA!J;Mi=cJm0w2BXzGI}BMY<e8b)CEi^?LjZSvB4+&w5WKE3pWY~l`0<E`
zEj&e4C<jml<+nFZSRUf8k!)BSrivafnBKBs*ewpPbj>Pmq%c3d?Q)D-EjabF+*vM9
zBc8XuZ)$S-$x|cR+!H;g;~e$R*vQkZatZf3^SX|g-KhVd;L$c)Vk{w8m!A{g5qPpc
z`;+J?U+%UC%}%F2%LOsNJ60#t`~Mr!!_@Z&S^U!yugbGoh5Wp41ArEw68Vcp)xpFg
zp!v1fD$xA)W+Bse@+5Ay%QWde+YT+aFZTYdq!60n@*c6_QFun%&VqS2@0*lK4N7en
zBjEe2CbQPjh~2XsL|>1@g)Rvm1kg{XNZ=OAh0s1Jh+mTRAcgdIe;<nCB5|7Wd-eBL
zl-VWg6V+s@sMuxso)9%UzP>e#lsLNlb^KWRnP?QN&2S;+iDDFTDYz*znEcg@XeT31
z?zr8C{WZD0$+fx<jlU3#PI-HA{_!7$>AVQtRW5w-{Ks0m(xruCD}Lq>`y~LlRs1r4
zo8u)PY~t>x>MNHTEuZzvjq^HWL<aLLk&z&YlIgj4Y~2EVs`89eVU?3~s+vnY>N)7w
z=+tHQVZ;;)1y9JC=<fLhjo1OLm8<X~m+2N?A6i2HC{c5;onOps$64xH40x#X^k<cr
zDAa=l6dlq3T`ISLblq%un7e`&y7RjE@yDCnyE?e>Yz_SVDv-pivKL|yDuw}h4XS@k
znX+@E54;zfYukT}%b&^s8Tj%pKNhUA1e_6_1=7E=t?J*tx33DF1x7FXQ_A0qoxVQC
zh4Qe;tC&Sq;eA$#^TRY4LBb6hlxj=F6EAaBUZslTfG+GsF^`6dIon)ujVz~D4M#Sz
z)m}ZtaodNirF(^gWH%Olc^xeUA5Rn~eWc&dt&FKbl#*+q!>U9NYB%z~7C0AvO%ZjP
zs1CTqFkbMW$J+^E14yVo+!P#zo*$Ve-@4KgUW^T&>hWn=D+^p-?=FAeS18gj;<|D-
zunrbLpQMs*Q>Cxx)33{XzJ99)X!!?W=gF_dim!$=V69h(^t;Dkbu#%5hTUy#x7A%#
zVI-GmG)m-mz4)yXuFT^PL$Et%7B&HjYwnk#6Ypb?pKqp-&_u;{GRQ08@c1IjUxOv!
zrI=8E-N`?!TE8D~RY+S)ei?XSg+lxhP|sKRLK_CZM^cR@R^yV#x0;B4T`O<bkCFnY
z+WI^K=v^j;|9a5u<h(_h3OE{Ln8s^%HkJV%M<-Xpe=J3(>P};Cs(bx9%19}>Y9kd?
zq&@jShz%~}v>AnF5|{^qaYGSxogGQL5quvDH~TUiw{IWFqB3^I3fS}B0t7MlzYZ05
zuy*7TMmvv-_m*?$c=-GBHc**F)<Q$`_j5hSCr%Pf(ZW1}lDQfx9=Fbgf-pX_Xud{F
z%TGAO_O~{6KIw=wP#A>G8~0!7Tpz5c0S{fYu^a4Xea9QZPO@o)@h;-6gG?7N@D9D^
zJmSR<<`T1ofx)OgOhMoCZ$v$KX|VPAWIQ?YE5?C6zvFj2zup;;n+XylS=Vk`86h{=
z!tZ=>qcd3%#T;IW8=TcEZIUP!?_Q=l$nfs@TkqwWycD?C!<z?A4=p{Zu(Y>QaVdR*
zc%XMj_Rq?OkQV`WG}RUIHgF?V0>5}Vf^qX6#c`1I)qCzcG!A`{wq>QUr@kcR;Ja+5
zO^goo<rRr*NWoXrzM!)X%nJXYGqPg9B*NRfL)`UN-eP<0whr=OGC|d+nrgfZ8b16I
zlt{7H{NX*^qwT6A3HPotk7wsY&4!JEk9t_W@V^iS7x}Tcq@R>cu%9O`391z5W5_Eo
zjT5eUFR;>?g}#!EVHid>qlRbpru^ha)fh)ND&bA46vfpejW@FU7Wwwb>(Ba{Ws*(K
zBf#YMz3Q(%54UsMx9FZga^m|@Nk{1K<0OrGKNo<5*wUWN{ErTyJaGO?gxT$z`c-Q}
z1oK}v80FTA<u=UWKlwWrOLjC9;)MzmgA$(xi&Up|Us{|?ZVfpOVr(y<LPg$g?JKum
z^Z``e1qXQVhuCV38pXDb%yNZ}OM=RE!*zS)X%2rh<M06*T~R=?N$a=2q2Y7%X{QZ!
zvHKx{WEYnwf0$w}%wjTUFSwmQlGznbl`T(Z%16(=G<WY#KROTs2>Iab)EJ9)^(|L?
zRK=P>dp#s+P6BugpX60aRsS%LSXK)PFGiHRlV!;le^vOQ9TEMKTjYIp@HIhR>B%>+
za#lC3N&<u7SUuR1aLx;zrJ!H0dgRdg^H68_9xkSSHFD@Pci=)?BP;4@&JUXgcwLjE
z>>A2xO)05CZ-D|_y`2#Q6zOOST^eb}(neLXu5Xk`^3O5JG6_1YC|!1cXrkk^u(K<u
zk59v@Z*DM|WP~RPeNtWE$xq=^c&_Pgc6sMvICaRY9K7%t2ff2miB0<>Y9tCdM@xB-
zDOrw17bzQ3tGMY(#|PW*4zC~b+}G(7V{l=dH!Orzn+XtLiMZ79&Njt+4dZ+~iEYt*
zdAHB!^DKpyP}}L)`rOh4y6pXueiZiw)xfdFS3J_O_Bqy3yx95cXq_NbD*4<RIRbC|
zSg-xXyUir!xHJGq-khlv77{~*Zq`RPLmhqIX?Uy{ze2?T4Ma$4y2w8rYx##r1^Ze1
zeEj5a%$|~Awx_pjeY)cI*U)P}Kz_8w#U)X7Pv^!E{F!ZaagZ~>s{Zinic?#dJ}!j`
zz!kU>Uj#ZsR_M?PJ?5RjNk=s7cdHT*Wz^)E9LjqeN|#UKq0)u<3^(3y+e#NS(uLeF
zi#U`3tR&zf)1*wGt0K<cl|uOOea%myiF3I)!GmHO{tryM2j%&PsN{5uPb;WX;S`%9
zD=6x46c+QpXjw7JrprO05LsT;R!WMBeaEdmx!&=kPl4(l;WF+|pS)YCOXcK-GIecM
zGInXh)iRiQS-pP}JIw#R_T~IZ5uhiT9!<TlrSmSZYG0GOkMTsr+^OHH5z&@>FJo0*
zMct8wY(`JRKkW;1P>opaaJfj=;KhVjEyYO+JJ3dq0;FTNzFm)sixoTSnj>aInX9)*
zOP@*F@%w}`)za{Cpw&xW5n4FzH{p@o{;Megs<U8~#u-lbsp3z0du9C7S9m*VnFiNA
z<R1sOKIm+6ByeBG;M}1`yQ8rNM+8HDzn1u`98i-!^OMchx6btaqd0QTL89_botCAa
zq44YzMWnuTHt?eOem$q7;$uDM-WvT1Rtt@3U|)VrjB-~)F@eLUX2LbGlYEK9Scq~f
zG$+nNEbAAN{e!mF=J@iH-sZs<Da|Sm>Ta~OJya`k#{yJX3Y(YoVa8Zk4kHX_@A?U$
zf=W66!fTP8gKK+XtOoj4cVzu?=LS-@Q;S8QYL%M8%}u-Mk$`U8!|X*(e=jT1V)HrL
z-79KYASTa0dy#%`QrC;`<NQdo@7JN!oI$1sGwtG&1y4brSbhHCknd@%eIS@Bvp+Dr
z_sDWld1?(kaM6dCoAZ%e`xa7`XkaIi{8Wxo#>HwPw%=)SOy~`Nau>Bc<0l1YkjR0h
zF;{p%KexJ~T;gtfhWK6O2~tv$v)sG-i_BRDKuxgTmG=a|424!AsFTf{qQk%YT;upo
z73O?P-m;(PJ}jNMtVRy4{l^^6y4)?gZ+y1+jOUu0RS!+hPX?P&>b#Ca{7BAP3=YP`
zLm{U3)>T{;Z|TpHzh-a$_B*~Sti>MS>q9-we_IY)hW`>j1uS2+V$LqBTn5KVWVT%h
zuO_sz-`#aJUS>(JojR=ADa-=no&ts~Zy_XS)VJf$Fbc=1{}kqYR3obTxs6%7OdXz+
zp8&a1w*bfY-P&1kD(a@n<=+^UuZVXSKH)Bhfq!Q1-89xd`y1SGB`SwIK9|Cp9VWKJ
zZ0O%G*!Tg|!yQ4QE7?!M0UM39r$}pa;5;)n=Zt5kHJYWWm0zN)_bgbImYA0X)Ew62
zhwlA_z2grp-NU2ft*iEjE&d^U>d$&>4SNHJVwn2%;_UU^_gTAvB1*vF&TxcvM+rSX
zsgpqdRU!ar^@8jvm}l|!RT)IZboWfNe!&Ki@F$=B@5a&e>=`h4^I?_KWR&Tz1|ybi
zr|r7EFkMnt{2as!H2n&axVs4&rKRLKQ}5idNc2ACjuc&bP?rAHMe$Q&+x6$1f%A$s
z_(J5b)&ucTPb2?bwv0%wA}N)e2xE7%4}H8>Nd2q?SFY-K2Z-^tWhvh=x260Q<zy!L
zC26Lx&eQB%`IXOIqoLK+Kh6^`csSt&Gm!7RwA=Aj9Z!+0)qU&iTiYRT!V8M4eOIB?
zzqQ%mp}?F!QjoY4`s>tEHWZ9zpuc%<X4vL(6H+rJtv~g$r#dvn4}h@qaWP#q4g;Xh
z&=K!}8{k9D@tHPcTQI|nEsz3%sn~t=Vg-ZYU-JHdv%{JP1BfmonbQ?<4jlP}y@AC1
z+W1Yt$*G`3Klnw^q0R01BY-Ra;)wN;a%UV?_tb?)@=lCk6arr&_)K~J?D&Z}<Gwm;
z`H3?8&GroK747U@45)yjg7!>l?l)Z;0#RC6PPIRH+wh8HySq8=wK~7?H^yCqIZ1Dw
zBHecF^~HSsq|qKeFT9#jg}4a_9cMn?sp9e>9fql3f{puyF!u-P@yiCG!ATdT_~pLj
zTEV<Qpx+2(bR)qea3G?!kA~45?=&=zaV2>_f55o|>{|@X7nlae3%G0KK(ggux4#;x
zKcm<mEBsSPT|yB@)^sF3O5dOpjU!L`0-A<nJ*@)!l1nvK0>Q5Ekk{5iVpVSx$osDG
z_XA7(e71t9t%E-B2y-LPguYk;%v|erN77RKtkdV&*05@SqcjLhBVRCQNaSu{S@_t}
z*;pRCev1uVN>?w$B;Qf*ZtDg0z+BE~>n+GxbR4s<);s>ni6g2yN77pjK!U05&l*)#
zOCYS6-oK!y${~%S^&>rwyrQ9wvq^fJ;mS%*K-8SGrH-^<_LfAgkXNO43&r!(Jki0<
zKM$v5wkZa`7_DL~BK>scs+d3i>7Fd3cuZC%p6p`;OoYF8lmock4kEXeYq-=ouX~b-
z&B<dhdtg>0G1)zaXPJFXR8eqY4i|ML^5Q&)X|7G5>0X->+ZzElNB-Z*rWg@7jpUgd
zW&_S$wBVM^&Bc1R^4eD<8gVga1v`C<se)0x`nMt|g$w(n9GDxt43wiC<!$p+Zp-)F
zRy5Ym3XnryWY=~zZcIFd$M6nP!acLiy!5bR&~8`h&`f{Y7vKSii1L(?2g+N=ZvU|E
zNPj6ZxX0soP8L=UP63BlB{SVe{;?!FoA-%)v>G<y3etEUE<F52Uik*)+uYrpvK~20
zz81xwe3B(z3hu4fMh{#|T?5y?GMyG2MAF5=$~gqYC?O9iF&2o+^j|$ti!EGG=oA4j
zs}N0zI~BKovRLtF<uvA3O4X$<0fYsK?Mu2n?SU9(oORJiH*BKsc0W7zYk0HNQS{$q
z>#x#kpj1rsbIBW&mI<L`P~eS5Un1+VsJ2mZMpS=>ZuO<*Q!VM6*<<E1h=gR*KwI2d
zhNvobGuj3tm(032MWoD<*)XI}UePre+9)_hPGJi`)Q_xyW&s-%KYpj94fLpTCkIwa
zv_nq~#(HFJ1cpCQ%|n9{^Ir}nRLj7bpaP#voE!d`6NE_r>l>lo6MOWV-2<xvL>{gt
zWL(Y8TJ*$}@*{~=F6p%@HO04k;+!cXnBg~;pJ(~ejC>iEi)OFYD*1iamiI?r)6NIB
zsyx3bUj|Xg_p%_hATD6HwF*9*YT~1*VTWp;#eT~~i367!+E+4nL2QYY7Yb!N8C{pN
zFW2jwB!Gc=#Uq>ZJ9Q!kHh+C8D6|5he&N5R@-9`#nNA}J-gm;)S)Z{H<mzMzR*Pz9
zA}4h#)PJDR$S_dr49dxQ@XOf6h*-(n7Z6((jC^3ZZ0jDl>$cfFc-s<X4fDCQw83^@
zm5-Ve4Q0mH4LX=TsdBK`8Gz{_ay*XD6}F(r`D8%MAVG;jFAwL*bAow6a&DvR@bA{d
zd7tE8v=D2-T_PB>Fxv*c>Ki0yU%n%@&m8|lmkB5QSDK`1f7E8f?GJjqiZ);2SBFU}
zuA`}iaFn^Xt3=4?Fhrje?PDGUP*cqki3mQL)U{~c5o??j_S~#T936aE1F%mr-5e=J
zbS(QB4UPL7A)CF4@Hg&xJJ7TYN)-X7QMG$ypBgUxkGiz)?bPW51r6s$7VimPT}5&v
z@Z{vDV~{bhBwfW35?ama5^gnC8yjYUX76<XrFZuQV9)or*g0TWGX{4_7Bzq`=3LFe
z9Gj62sVo?k6v}Z9R{c?pUgy1*M5t^ot^Qp*I2AAVJsr3zc13P3t8{W&eM<J8Tnium
zN;I)1f`syEdxo`|p=Po^F2{0lMyQb}VO^7ptS9ruf#mH6ax{7b?1@>ZHy0(*QumWV
zc=Ek>*4#T;JIqq2Qk+0d(P9&fPQbF&ZNS;n?z9)F1)F0bs!Od8;V_5Odkc)xh9>lU
z>vTry1&&*9-)gbSzZ^nX2ip#xV@m<NKE-vf#B)H&CGiup!@}oR+NWT-=b;?^nZpf0
z17C$xL)&;JtV8=x9us@bS&_syjDvva<YMU?`6sS2fVBe^&6D*UM<TnG=`nOWLqK{v
zOcT}SSugiH_*<*{3YMyG>OI_g<@j0zj4hC7Xmy#kRsE!Z_U=xUARzM>%mxzla>U$M
zbv6rq<K!)IFYI~kM01Sq*OI%Lv(DcTPy~Q#ffrob@2xI*h;lcb2e%@7-D3eZ9Wy>;
z=g4bQ+8s{wQ`?Rai7J>hqioBRd|oa(?P1W}8yj5EzJ}B-q)k|t_n}}+1p42G_FDTI
z%zR|N3}Jg(zI%oCy&cVKLsDPGsrW0Zaj6LwA$Y--W&OWzFVxn)xqV7XhVCcJH)C=%
z^XHWKJmX*%EA<@nhEOJ^lOre}oImr?F%N<!0-~e4Cu^nnDHzd?vC2hSyi;A~J|~#S
zs`nI3DOY=FQZ(CrZE_e=QY+~KSLdB$UIjh~HeEY#ros!7)Nnx}?I!9|EJgg<sjtaz
zhA-c^+~8hv8W>Oo96m;iCI1WY0J{rUxvY)8{O*OYBjcCqMO^Sy1IjP-TdCMv8;}1R
z`vO39?|q&2it}>E=KaPGlpBO;!RBYrO8tnhe9fR`C$r!QqrIfG*Z50LX^_$6c(iM1
z21%(y{ykj{Qb4Lc?JM(IILqYt^kWZ<vne_+4Hw-LU;~lZ6*N7qwDUr`w@C+za=*4;
z!BpIlgA#>%lBYK#{!XExvU8Gp@pzu4W~FXto`7y2)9V8kU=$YnN^6s_l~(D0e)>Sl
zt-yxqD$N@+gTb9fTGnl|EP?_%ge`m9v>M#1h6X02DtW0IWG#WZy7I^>)GyyywJ;hp
zRJu&e^e(MPq~;Hx3E<7Fe(k#3ELS!^2COS2w`Z*|b!D!oCGa6Awqxt#sU5k-B)(aB
zV;ySqYy5k|+x|Yb>m%qxcX8AvDp-B-aTWpUHxCtB1Mw5sm&`h5J`4ibnL3U+gsRhy
z!H7}iG#x3Y@y5AG&YU=x@CsgQTe@*key`<ek|wwprOR{A4Y;BNm!i@WrFYlPAL(s5
z%i(u;C$0UmuODzzSv`}B4~UN1P>E6)rqIIB^Gdx7l#qLlghTRTDji|PG|+MBoJfM}
zJVa=anRZ}3MVGLK;opQQiN2*?g@)m^s%~}o<qz=Sk(Y~KGT((v;6y%2MfA({g#O||
zDvkM;Nz$D$Tc7v>Ia1_WM@j9|n|nyTP)MUtOnIj=^J?2S0O5Kw6$sV}Aut@rMcGEd
zvlvhS$v^kgvtsT^dXuPS7Q^<2Iz7^mS8)zLhi8_M)4(oDP2h$`2<Mw)YVUn$Yn6T<
z40zfb-&MM`{bKut{>cV!EbTC#0ji>t<&sCy<kO5f8Z8?yQ@YhuT%6BW2qR6ctIUn_
z%hOfGjn&Yf)Q!T=A}mn}!Wk&0Pi%K>!!B(ukG*_<S-a?f+!CCN`!l$$m%Fl%`ILSg
zAAPXTePmu_kuSGyMf6W|M6zwI-v2GQg3m5neb2l4K{uOe2EO8q5ZSNwa;>CG|Cjg^
z<^@0;i{V&}UU98$7{rZsI<{5wktPN`Gt#cyMI>#q>8uZ-<KsHwT4{i)?ZPgsH4X`T
z2`Rz+BB7El0X$mG06dB`g3V6{Ypmk1uw+y;X_h)@Ft1A$yiF1Qf|WEJ2@9M}8UBjo
z<Fq}TEi5N%EAd1c(Yl>5G|XG$N|Ca6Y#EO%hY$YVx_;Co`7dp0>7d28)<^}UTpEm$
zhgY)A6Iuc|)8d|=j;!#xEMaQtI4-U5gFNab9)e+L&KM>RC)|#4szn?n1XaR*Y^rtr
zxf2-&#6&CJ&}e=*l6rMptt+os7wvAk(GBbdBk$Hj=lR}iAs~Gu0CHVLzR!hvdfX)E
z2u^$ZXrkTbJ`>W^=3W+}vnqs-U3T(o0Vs)&Wul8+=gUF*@1%7)Ye8H_<R$m+LM9^m
zMmDfcg7sfhw!7-x<{*IQ*d%bC2-v<d!7#tYJ(DrfN)GLN2&^t2zj?3PZ+w1^W2txM
zDgK|v3Z>NBZ(J@$Cxn%E)i~_=9@X5CytzuhhEoap9)aMuSBtq<L-C*TYad<?f5lj&
z%jlI~y!%2|#)DR%uLp**@!YfMYO=+XYO@dzib+ELur=Lb=_jr_K;*4!U5Mcg<DI)U
z1pVmFeXa`z575PediNaCcEQ!~77zV&@1QckkYWq0&T23o<5E8Ww8o7zdk{Nr)hZP7
z_7+wCdqfkUA(W}TM8QsY(+-t<!Jf;U+JI#Mpyd1byJ;kRd~p9N*KVNS_j~gzvDIMn
z(hvbfT33)OxN#Bq84_anjP95$@a*db$Jpu?vwc+f_3hmV?5@1#-nS5-_$->Ee<zkv
z^$_7-VMxOFDMbwO3}plDgs(0lMlUo$8q=tKkm%W(rY~TPw*$3Rq5GGJr#EPRI(9+I
zklK;?5^xTJ7E=l+`FW3GeU|&*7xpeO7jo4)owTHO_+Bq6VO<BHdwq9Z)#on1TDH6m
z4!=0ErwhU|_g$=L8{E2XQ&~)I<BF)g*}(cu^?B=bJmPc5r)g9TKG>@kC|IWS>lQR@
zbL-(%#Zc?TlGo&*>(r9^{jQ4%C7PIH^#k(bPiK7JX3?R(`tH|du&pKDTkI5U+Z!&L
z{yfla^5f4()#%LxX&+=a`|5QoUIsV2FF#4+a>;+<E@ywm)V?#Zozs<N&e@H~%|+BX
zW8Y&00Rv+C|GIk8j$!Bv8!!kvaKxyv42CN#k}76Y5INNB1*H^tDTNAW5;LD?a49AU
z)AiG^d9j*JD`Dyg<XKpiA9?2R4ii>;_|>Q)w7yH=?znGq--T2Nmu*o$!cio@Q%2rt
zn+F9HBe_kt48<a|t>@{z{jCtca0X1jZ#REPl~G=x^!+LOPl?t<z@3OG{xcNSMzp0O
zdU5w`H>d{Kr9PINN}`OzAi$!L+`P>>=(33FCCMxRRVkGrS|f`|;d9+2n3_M#R5Rjm
zi*UuV(bFl9!n9%4zO9<l5R`ZFu*i>CIxd&dD#})K8VS#^hfNI)yyp%Os4+#X^nEq4
zDWbQ$--Er4Sq2+wtu?F%e^YWiv3z`_@4ESmp5{dLh)7tX`w0P4UTx;Hr4)^FJ4T3@
zIl<sd-;HXwIeb0ZrP=sLzse0iApHl&zzMjPBsYNKRS<nCx(X-=e7)zgW>|4O!f?_~
z=s}^2vPc^qF<L_?v#(s?#80pY%d4-dOD+9lOiR}Uo2E56O7@AyU^8|z!ln-1reZ{x
zgnDN{k#Q_`A{9qhl9>8t;4lt9oALd30jn;*19YezNbHe&{EaJByx(gQLm|>0E8-tB
z+bDB3H$U$AW&S<s$Ot}B_!SE$sh15duOh1(ZmMoqynnpm+zxB6P~P0;U>sj4%Z>F!
z)-tzI;(<e^mF0^#O#SqK2&QPi;>*SrMmKcKcSGNTYKKW5xG}4^<rFwxpc^F7?&wZq
zMkYF(iRxl~#`cuiMn%DVVm=payDHUukMYE%{5<sZp6Fbtb;m`Wk2W&H=PvkAW~`H=
zPaRK4l=>vt7szTp)sJcTXKs(9)#H=@9=v=RMubX;_}ygn!xLBgJqcdtdx-3_nRWFF
zF;v-LUOj?s&(O*Xb|!h6UZwY!>2Lx=JB8kXvEkb}183uXnZdpodqrXD??z{AfRI_J
zVD2KEnzbNy0qFT3D%3$05fN`<TY~*C^MW<Y7TvE8g5p_V<c3rVvo#1v>s`+A-F*(k
zQV+t>dF>8s0NZaA0V-CWmYv_*o`lN1b%>qKVv{4)9RCsTK#&KX4xe?v7lH#Y?GztP
z+P>+18V}sdO+Qjg5sEY6Se`ruoM2|K)Lb;lv{jV^X(TmV*q^C9F+qhHP}DN3eO<nN
zErXP_zEhn%t2q_YoaM}Q!8*1IXD!_4a+mvaRNQKizQ5PslNeDsgJrJ7$hng*sxN>0
zmkdE&FN?=)vEsXdlq^6dn}$N-rYF0zS^%g7paWE>gd!i}D^d9?sOlY>YByZg4*t&4
z?d%_Zk9Gt$cy62r$wNfW_(J5~hXRD;OU-qRgd*<65dBPJE{<e?mH82uVxQ|LLz>Z_
z>^V}pXiT~#=4+16{t{q{nQLl&uhp1)y}CJm(oX73k<mr?C~K;v0~b|2aDB|1L+wqX
zBWLBvY=%2_JD8#gjZGn$M%69g%<!AoRS_M->g^Z(f%F>};zfVX^OvTB&5P+1v2QcI
zn|;lCO1}<H(Y2x;#`1iahZ>Clvc7<cQgTNgZdG5YihxNpq$fT;+!liH@;1&!KH(B&
zjnmMPh94a(Z^F#^1NR_y)5Pk-6oX=(z_w~v!Mv);2X&T#r=2n!rYyNP;Rb9v&xz>L
zSzHBv@`P))6dClphzTicLc+;VE34z~FvSpZYIV*{k45?KwUB+?jz6A~zbWY--?v5<
zMf!uFxD+xG*T1-GZMh*xND$c|89_6?AgTAg8g~zo6DL~J`$JTXip4BQvL}?a6hlYl
zPM}1CGC5YeyKQ&Grc{@UQKj6zB90d|{jiuis`}r&=G=$EDXw`AxpKBt_SCXUm6AyK
zv{RQDKf1EyVunwzp9X;038>ndM*KX?e|zy~!+h7|imfsof<y(7cIE|XzdZWL)<00r
zw+NP=#j$sI7r?b(4Hd&j)t=F6HdB~;Ek(EUgXzh$oF0^Ex`;h2lv{Zi>yTAB=DRcu
z-Txr?LFWH5Yx%M(FVMIylRr+dS9zIhi@H0MjBq<U+-sb)XE+9ZUwdL><wew$UW||`
z>B*ST<0hCl(c}xQ!d2R5O^HD(xt8YDZ?$AY@a6`$em9gHQns%e;U>vu;X$<)&o1T0
zxZxjRR2GR>lP6~3RcH}#Ku_DMY7XPpu=&F8r|vEP?@<7|Js8tUXo&iYE4+B#GJ1pc
zX)L#}&1cnO{Fd(!a6}VJ07V6Q>Niy!x~Nh!)FFAL-W6^~5*2y*p;QtbRaN2=T9Wc%
z>$DbB0+dF%;QT8QVnJidehSOwh!}K1BZ{$-ZKi$4GC$)mwG3qadQkJJ+hXr^y7wn9
zX!=oN(O+?^g-Gb$8eI?PHfUzD_}NI@9aro0@-SP&ecRKrllfAJ<r&`KB9P^k%@U`#
zRQ55=67GGt_2OeMiGaPX9JtIZ+CYqo#W*Fo>m$ld#<W!C2qrQG4*VbS&mLq)@Kl_r
zt*e=L?lZw!P~h-Kus$Qwf3JYne2ia>UC#LA4hv&33PkRjBh`#mcmhT{+a7_<ZOY5k
zqb<GL-xlk%b0IJFYndNe8Z?%saK&$hs;5fRt>W4=9G(C=|6S*<(Dc=BM&xHiOA<#W
z=g-}C9ns_R>`x-7O}SRw){p$U`J}Lkqf>)(z?l%O)eyAT+=VOiLB)4D?JAJIU;O<$
zCUmn_C(nQHNIu6FeU&TWEp|q{G50xmIn?K;tNCY>^RTD;VS=2rBe@iPfQEUCuOldl
z<B`&<1HDd`ROnu;8A{@&ky4bNBktUH167^gC!dy&%p3}nTg_j9=1biuukRGA?;7{7
zje8-*uOQ?1p&W*o`oIX<+v!zbs&n{2s9he5H8=Y&_Gw_5M_as{`^kL<XeH^Q>EiQN
z8?drt6>HAv-Th9C^xu2_Dzqg)+U-nJ{|25HFLio<mjheR1bg0@f4>)lt`tYr{|ia0
zzIN05{~C0v6$8qpj(5kQG$Y$NV%Ra*>1StHzpiW1m{d&|v_h(7EJe}HR1U3?we2#Y
zy$WNgiaUTljEN&Undv7jI+f}-u#31;JQ1E}v2NcS?wQz;TmFS96$N+Qj+fr8TxC7&
zcQRr0iE7P&Kz1z)uCiYZ?l%=BRw7$Y`Z?W5s=~yZ-iY-?&&OwnyjM<4CZQ;64OKYu
z#OuBYc%wJcv~LUe_B#v%UXM-RL7{w}tU<@1Py-Z9Z31=96l@x&I4X5)(Zw(9M%&DI
z40ICWv|hp~SBsv}Pu()2=~Ptgj7U|D{C4kQpvddsCbLi~bq<gI`rk`_z;6l-pM#n!
z>?5GNNe3Ywlh5Xu`p)qftXj^u1-RafMY8og%=30QtmtNusL+|eNf-nPzbFq{7czhP
zc4+=VCBS7i@i13oJ}3)f8pnHU5T{H4Q={shZT4F>L003V?4F|rrlxIxP0iN>M?|&%
z=$6|xvu=Tpiri=edC|2lipCGlQBq;y^#1uNR21gFN|>ttt1M<E)_L$z1!LBsjGL!L
zqUN%Rv3<Hdk0Nm!;DUXW5-@bmo_-(4E78pD`jOl;I;0&l>Ms+Y<^7gTmO!Co9Me#5
z9fH`K4e5rffIcR(0F5IV0s}TfYp9(whb3<3-nD4zgv{vYp&4I4=QPN*$PwSsC!h+b
zMV10npQ*2Izbe;G>g-SQHU^#WIta=)_G@{s+I3Bge-+b~7IH`v!55Jd5s@=;(0jEd
z#Ssw97vsEDu~U1=k$H2wZknjF!AGVxZR_~U(ri_i5VM45Uu$O9S|KN)X0!OFXX66n
zxHTwoN#XX!eO(I}w@Q0_r-U{!8<m2Z9+f?aZ8)G{fK0{9DxNx8G{c+fpw@-?cbAw7
zVM(en(0BwnTRcW}e;9wqEPRNcgj#3dPz^VmPzRashIHf>UyjC$zl0cFXh>;jfma$5
z{6t~Xy#6@EmR~(WU1~eObUhtYnD&Fe)?n3a=}p4meW`x@Yw7kg3=yqK68zL{hP>-x
zs|K;7`5Y7hmJdN$s}Q2C<hqc0D8PlNoRQr&&Wl?%du--<CQYdx74TFCBFsUY?=%|y
zjSX)2y~$j$qI#EpUbrLt0m>G}@G~6#p2s$xtK)Mt-(ZA3|IxQ?I_p2i(#iZrc?N<h
zg#;#)fu(hZ3%+!W!ORoc`lK~{?(D1s@PzeO-2LfYIJnrES9tW^xE0zA2G!s)v#eGE
z&F6qeKnZS>S!hj%1}&;yp^-(O-^&1$fZdM~s4U0*6j7@^j>L|ZVQ7v88P3pLk&x6?
zd$ZDzR49i8y#E78ID?}>>yX?zahdm}5EZaSPB6tg@ZNm>fKUE{2zmr?c?iQwI~$vN
ze7l>g|ITZLZD-0ZMkWHY25`8h-k&z{yv5BLCKF~ikX9EO4hLib-`qo6Y=PFVsrP!X
zWR4;2j%V+CK=Z?YuV?=i-rZp=-E1@0pfGvJd&Yfsh(5HS{>L^VA~b0147HYCm2h7L
zFG9MooUd;M&)DCq9vrioADchaL4C{6bh&FWtiNPU7brPLH}X(Js=yi95y$`ll80Js
z-#MU%?^1t8KLV$nlR!Tolml8Hdb^K@82@(&z6$<E>XR<!H^3PPnp0g^`9SH}zM5J7
zD-)B$G@jm__;&!H!h0k>`}1>Qr1920Ih&~ZRXXhA-as=nXyM9<MJ@AM7gINr_e)ae
zca-#Mc0WUG+9qLmE{CVEis_s1E7g5RGwuTJ-!y*gH_S}%SkV0r+@FxKY|ibK*2mF@
zOc@j>Enq!!l`=a9%Mi9JCgK-9nAmI6H{j?Kq`-MbD4`D6!XQ<>b)+$SYVAvhjrm9T
z{qTZid9YC*e6RqE5}jt9f2ZKf^ZfP#u7+|lvIG5SJ~<rcocSU4>r(HNkJZ>aT*5S)
z*y$CsP|L%a^CmGKgQqUd9FYRQB2CSNG^QFrmo~^lQ(m+Js6jpbNivb7pi=bnipHD4
zIPg*aQk3p~3L^LsG!tkm?D9_`FYhAK*h|=?Z7AOG^K$0>&r{VD{cB1FlUJ_xW4dmY
z1yZk8*|RHVEoc0()`S%Knrr06Hw5PK&>BPmT~qWMAbHKcO0g4_t*#TL^8FM;8p|x3
zLWzC5Y6kyVGD|9r+MoFa$xhi{{3IV07bB{#6?N5;o(eLie#pXZoD2+%>+JE&@=Qe=
z{J@-`#T!s;UB=~@RS)N#&hpU;flHQ~_p!7D#&E0UBKZAM6W(wYD@4ZYQb+`s`m?^|
zIn?{J7u-0j@o2~gZ^TfZWIdaQf%-*XZu%XWwF1%2-3b_Ku>M%?&!4kti(c5sCR^U8
z|COjS&aJ${apUAQdHzfN6(~_7ryZ&`C{Muqxfl(9!~%zA3-}!?%r>lw&H}c-3whK4
zWki?d5Ix<c2HvKuwMwC!LB>`Re*w2o^#|=LGOw1%h$K${9RuGF8aTe$2y~1c_6qSB
zPhQ)AR%S$p^)<=D8^SDp1vx3iQTkHzM5XyM>fAEvpUEtY5$Ll&x21<_46*{ac={0B
z!YMSXcb@wk41cw~luD!B_?JDzG~W-7EXLGNell)r^Bb&;T=lJ>wT>jJ@$Ar5Jv+I(
zU}+ESTNQ%NJlZs%*F?qb`_ig?SxMiwb`R)ffgtznULG<}$`#W`$|M%=N!#D3eJJ2w
z4Ml}zE9K`nl>FRniAKQC!1JK}$KIwuxs@P>L^CJHror{sf08L(Tg@K`j13=*0Jfge
zCW1R`Dt<aV3}Je#HERDAud@Is^@G-F05WGVlrT9#dve~ZOcbdb07f0Kn#0|Dh{AK6
zV}5Q)QUkQG`p3t}-#A#dPw*dv7T=USI79i~|4`tGT%+%IV|{T?yPK_No5{bqdd2G?
z7Wz?$u0Y^&joM%KK}dA?*w$OhTkPp`d|Tro6byTxUp}ou=kxLB(CLC5*j!jLg{S--
zRPt(d0&X2Lk5Y;UVd|{ft2&tVmhHE_Xh0EZ?l+5ScV^MF51EYyu#)@;3@cdA0mYr-
zM{@11?ZC3++WPTZdX3vyWPJ=E(@GJb{>|`N8Qkaq9U8<g1t&i(JAjhjVh<s)3m}v;
zkRB95-`|bF?%EedZ_`jny9$0{_chv|si&<Qo%R5mUGc>>g1vZd7)HtZ7M<r^;M}L0
zM6OIw^i#X9ZmvmTSrqpq^-y%OYrYGrLRWA}Ng<nYU=ntv`AdmTWA(L&rZcI!VN)Jp
z|CRES6`jDu7agJHh4U<|fH(vQg;xyxyOmrYMefP}`eRMi=z|-MkPd^eZg=u_;tB6^
zie3Y*ehNJ&6YIkkZt7-K>;M#FZj82HJk<OD8X%bG%{Gq^RYJv(+WY(x%RS=+ahW7u
ztV8@vv75531v^@}!zDrR!*t~=UTKtk3WPP}`;PExB#$2@_Ahl&HM?U6Lp{Wv<5v`3
zcXL<BJ_kV?JCcCwQEsC3JlA;pvNN`MHZ$Y(w)ISU|8q!s4g@6nrR`o3j4Pn<HjoL=
ztmOr-{3}NGcc@CaMH|?P#PMqlad{1VP4^A_*nb<L@3*<r!*xGuo>imh2HKGHTC&c@
z%lscx-yN6a`@LW8v>dsz;i_D@N4ark!yE~&9Hp75r74aaNUkg`M{ZNm+_<w;9GI(|
zps87jTf_-&R0Muc@6Y#--yfo&ulu<lUY>KVb6pqb25Xq&e>kQorp+doyQm_SWzsA=
z#~y3wr5S=b?*%*pPMZmw9R_E4a-WnLapE)!mQmz1D=d<ZEn#`;^g!tOtOuLgp)XIE
z8#|}|`==N5H^=zy+-lZ~I-9NRr+$=XdcnS$<DQ$kDNHVV_DfoN@JrGF>TL67YBJ$M
zW}!YMtl?cCipP0)d*acm&by1Xw89>+?>D`tE#H&8=r8C-Ep=ITH@-BK{r>Bc%$9He
zu?v-WMh3fM3{kc#m<wl-!Ae4ndyEvHcQgF$&B_mUiu@KV%s@vGJ8v;7e$LwdXt?wy
zYvbmVxO|4rSI>&NEj?bpAM?K<WOH!Ob-8Z;>6fLlFA7-_Gt$+nX<0_b*Rv!R3Nf8V
z$@*ud5`Ux=2$4)T!LQFGyu%zMB`cYJWm8#@owfA$`F=Z5LiVR&joQuYAgA3XZf)m?
z!6c<;N!>h7c`}Is!|uvm??vmkHGePH7D#swcfOQ5EzNEs6x*m5ocKiNSZMc>1MB_d
zk%%q`z<b-$tZA2b?5-TLGYS3y#=ac>Y~@{{iN#t3UK+Uk5Xp+%?mhEM$HQqvm$z~m
zKqr-SJsI(6TAH}QFQ5@YeDOA*ytAgDRrogQmjJwAaHVSBSgc?~H}<Zon%b&?wD=dm
zcuwj`YWT|c6D@s<;!_I$Ip{pD`{+LTo%Dv6@HOVn2VQhwR^zXh+Z!tORjZ1{q#Fez
z?Vr83E?s;y^HqFJxM8Eb_W&2R6Dm(yiF?N`CwE-+;KBOBNa)4tkoW#)d(>iY$L+^Y
zkvXPP@&bUS6I+-R4V;uW&<v=a29#Y~^!}ND5W_*6V`FXCym=`SRfcYt+8A9B2S$33
z2Laq7HgpW3rsUn*r^XTaZvjl1u4@qt9o9edi=4u8Z|liMJ0K69^Fj#kq_RIJOkc01
zA}fc{dl>>YGc{I6(0^T*Z&mPGO{H9=y<PWPl|bNM1^*nDSP35?*Ds}o19OEMN6~-(
zov~p!L)Y98oC}Sn0rJ2u{pN;B$rtR?FZ3tW6sNf2(AQ2rr&kWY{w4e<@&dHS!$UZd
zM8EsjoqffrBNaUpeUrkz+vdocMDhTr^IuhR@G2nDnSKZhwxf5F!OvW$`%2y)UY-lp
zY)gFQQ3B)gn#qS7lkGRG0OFt0N#@u{`Slezrvg6umq2scAm8(H{?%SEGx2n$iDcvN
zQv@p~NuFspqgO)RJd3FC3et^oU`y`oK+a7)Jl{sYx<SWM!v852pZA5_sK=L{qN9G1
zzo^bUo2w%05F|6Wnv}XcNu!6>O=<(|i7BmH1D{t9f<4rZTZ@pdEwcL0GK(DqD|L)U
zK78AwA8BJ6&h50sJRdU%owrNqwwk{kC@SpE%qHBYJ$U+C)al3)vQS8vLYGL;sN2tD
zUz4RkB*<I3=wMF5_p;r*rmx&>yyvIxG^V!$Tj<F6?yGs<Z#%q6Q#a4Cvh6;Ytu%PY
zg*n#|vAXh9WOEsk=c(al3RcRW$Sv})%z3k&{$>oCV<+{G8Dr-;Ya(##;`RAi28D}1
zU%Wu)G2UFi(V-io7<u%)P1UU%8a}vVI`8oii|gF<VjueG^@a1WJ~IWH>zkrVeTG)6
zHm!JhwV}=J?uXV7<YTVR@!^QPtDf)Fd;iOe>UUsu-05L|;UEJ}E4ib^uGU1plJf?T
zPhbTNi?rYx_k=r%&%`-M0TUnIlAD!;lvmC=W~qwvlL9PniGA2|a+kaPvL=Or73o*@
zH+e3(Z0n^BcWjWBRQLSUK70IQmn(lg-hOX+o+ZU=bSLa<?Kz{eFP5{GpXev;RkV-B
z__W2xnW{S3cZ$=4&o5;!akwtEzWx()cwD16(5=lYh1kMhJYI<En}4PM*51|f)8FB{
zPjuzd-rwUB3LAoa#L5+m7p5`uU;V|FxA0zOj#hT@=90|2L4F=>b7e5gQ%0_$Gr5*$
z_%BGGd0cW_R>nP;`iQqUW-wK~IF{#0+~8Ri2%tTRFw5uj8|fEBm=t)<@sxMo@=(l_
zR2Fr;r+2fA`)0{^D4)=~dF5@;yI-On7UqTUGhMy;tqBDsj~K14M8)@s#?mjghATT(
zQ`arZrzqm;pFN%*h8}VamZr?3dVzzYlPj#{h9)0;t$W#5n6a*j=A!oz0qRuk7T{sv
z@Nh1qi+?o-5>Va0C%=GZ>)tB8<|z;x?lNa@4FDt90X$_DLe)|#2xU$IoF#Wi_NL1~
zO9&8G?*(I|hiHzQM~5xLt`rP^S#K@iYUS5eo7v2xhE4+{eDb5izEG#@RkEC$d)6M5
z{PvH94h~k2sz$;s|4~&1@XH&5rKB6c<>)S+Gts~n+I!K6FZ7vZ%Dt66Qg<`}o>r&M
zSpne9fMO~(<fZg0*z%m$KFPoi1QYc2loI@1xuG!NP+RG^Wc8u-{^MH{**<Q0MSD78
z(6(ZWl{3ItACGqRf4bnkBjG9_^<DT<GY&kXV-JP@cUQr35_{D>sncIGhjpxOk?g-5
zg<mT1rv!=CAi5+b!qa-mFPi#U1!Un>!(%S&(ll7-Z0Ixl>>!t!%bnw#i=ic%`#L4N
z&d)Xki|Gb`Zxql!eE~*X(m(9eok!aL86t{<<Rtuo_OMl;>U(@=syAK!C3RN^$D*+s
z#&t+h1CD(RcXoj8ed~=wH$H)=?>^Rb&iKim$P0|aJzFLK*#F&R?mj{SpSFH`ESja)
zQK5Z`rxKU~7o5<oGVc+1BJc6-Hx_E6B3x?Py_-L%{%~B%oFaq?Ssu>fU3xHQ{ki*I
z)`i>QO?k`lUgxVNZaE}Jfn)Cao)vU~`R6!a5sMr<rvo_Wm`mNvjI)*=7YTD}r>%Un
zFc@i^vyIM3D7<;m&LXpGPA2y8J4SE}<Bkq9r3<`26sq(06<CyExN|*g2ccj2@d&T8
z`$v+XzJovUEu*zbyRh@HvN~O)@2?FD9~BrYgM{S{A-QM;MpYwHmN2P1UmZ>ipyL5J
z6eK?wO6X`6y!Tew$m0{({B=z(lBxVo<{f|c&x_m;-jYB_Qq-6{yI<yC4P(R45=P_E
z<(GssOgFw2TJpcV;+b<X-_u|$@SkO*(~4JY)#hT(`H?3DJlVD2=xpOhGRv}&))xb5
zmwLrkyrS;&w%)ttDbqXFF;{xZ{=CW#D0)d{5lb_ve=B9_+N2utbv1v0E)q&OxpdRF
z9WL_wH+nws-cSBq%#_|!>0_&>1vaA$E4hmqEGNm+S`8}=(j^m2Y`4EL8JubZUdZJ9
zerX>x^XIVo$&;BhYdq1PkV`n!ZosdR|BPtW+$^kO6@I!tn_v24{E|JY)=Ac=+oj8c
z26?~p)h-HOIH6_HbXHKVzOCs^qoANlT`rsT<j~oZccZ1>hCR*>ddg;$FaFxx$G2eW
zoTj*`Qb_*!>l#@%iQT*>@8~M$a$2!0eAHRAqWq9HN>b()yW_sOERkV(f+s2L+bct@
z@XvZJk#P}hx>>zfrBL}MQT%Xa599n-yy>7XJVyj>XV(E=m*lM|bb>#n47ta+FOLv^
zM=*Zf616Zpec3Cq%-%7y$oBEYYXU;N_gx}3n$6>%Pf|CMDASlLqf|XQ^u^3nT7gtL
z#Wflm(<Jf>zUYf)L#SA)(qnGq{)AH(MkmOz(J2RYz#5kLu~BhKQrud@?JT_K3@oH%
zl~bWTp5~lh@#98W&sSU9Ng_utEcgr?`42qE=EF^S;sqLEIXsURO1w;G#F0KgLEFwR
zN2RAE4_rqPE(KEu1NJMbC`Xmg^LS)#qsA>M1V-m_^K+}vmxz?LL~FcfI*xY{twdfU
zV!0FCH)s5vcbtPjDfHkb1**awqF8ijmYy&n>V*ccF;wJ$Yf91|0qxmuIQLWpf%fj#
z*;6Kin^EqF?c1F%`*jxE2X(%(LWHmSVJQKrq2a%=Lb`Q513C?qmGy;Y(vc6U<`6MN
zjU>>vj7|}R8BjS~odi+8AOv@Uza9BP?ijrsceynkzZxM<{^G4-D@DTRt<fE{Hpk1y
zgW%dV--Dqy-|viMMdj>ekk%_({3Rot%I+s43)7H-Exj&#pEh#T1ih~%_pCBs&cVw6
z{&fgWLo%fy2V)6mf^^j<<RET!$o?@hAF299un9kM@T2>g6pM11cu1A0o0Ep)i}Pva
zhPfGLcXz}E%S$u08^`4CBkWwZcU@d+?Q-(o^;y4qGG7;iN-5V)V_ppd-Hg!mNm`6R
zoh#Jlhl<Rl6}bo-<^Qx&9>D6j&}2{VDlyOR=x9{jPOm@=Rs=ZZI8ggnKxLX1!RAmn
z>$(H=Na4W%dMjhHKTu~xnzH1a^PJOBlmmh?Ok*E+c9dGV=eDY#;2&~l*@Na#gj9wI
zAdz6IPys&@q+?USK8~=+Lb8vG@PbQ_274w<g5{ASz?+d){^M-v-N(rxrwjSZK@Y*n
zA*%dk=S?hw+1bY~m#dFk#;ou#r4_vDA~3FhsOK(Y8hY*cfq}CylCOZjC|23t(&N>g
zdmUnfyEu)P_O$#&ld>AGHBzFWnMh6lI7oZud2h$=Ef&XTMDfB0ja6Qp6}A>|ut>;J
z&gkyly53Bs;Xla+=}ixTK&}5_%2WBIf!(MndqgH*aeQ7pk}ri5e4D3;5145G2>D0o
zy3)|_sq-?o&hVe?cYT(^W^rCzJ^0Ou;uKEH_u{H{IZr=mTv0315EhM$PY_(>V2&ve
zH9FCG<>#@|y=(JaLfms#-NO-CW26PtR?F@TOvD_9i4cEw6>dcu6PdChK15!!Lp}O7
zjpvOf!I&1&xDHF$3w-b2%l%Wv-<4dFmE>2}Rn40eh-D6>(TP_C^npq*tc$KaCGr~A
zczgplLFMvy9!@9nc0yP}a=3c8MDxj}x5%d!bqcgD2~3)Ebgd~q_Cw@jr3EhS2EG;9
z4;mOR#EUOv=e?g|IfeHiW@xD&36Ir(CBE6#TEuv71xC?6B<;{Rztp~l!v6v;j%UP4
zT0NziuF>o>NIhyrjKJ|>uP9N^$!F*>qZ&=-dKo(>gA-n1R4y&+(oZS2a^7t~Im6oC
zgKBPrYF|9<fx^(1=yr=dfpbjntB_pf+F8OcD=q*Kx2jhsD(BMD6R7h?iX7RbmZFc6
z{77NI!lvL;u#-7tsISO@$hxjrj=UTB)Ur+ij%%Tv*z%qjaPHZSldmTpu_cE-C6?lN
zwfcv2)M9O_F4VdozMRt%;ShzIZ*-)Y{1Ud@ipU84E}47j9WF(}bV<^nMPwGPG$k^R
zQs|uze*)|u@JBIi=MA@U#&49y%mpOmCrW}!2X#(eCWA%5w8p&mI`45i-^z3uowJ-^
zKTM!rIXB82bPC7quq|MeQJZb-z}WNL06|n`+tcX!{Z1Z?V5FL0Q&>3d1wo~wG|t?b
zGe}q0r)ekoapuk(sw;<!iG*1Ae6;=u6B-$0!)=%wl+n^!|Ez4MVZN%~VOo6@zo+v0
zmJ@GlNb|t8ZV$tp3}%Jg{?ma@+CBJ~;;38#KbGe%3t%Y9vs>TZo!6I_<nqhAuZ@x#
z;??9})kyTxZus^je{sZg5IcDJr1r&chC7N}n0q^~=4q&^d8{>orXfKd;#``x%R-q9
zCTa%7&dMt#E)7h%2>$}5Q-aI=p9kdSj4Zb*wS7N)=~T7TKbGx|)osA)8U$yPgNG(D
z3QxaMea-_p;m73SXlXl5(jDLfwD9fd-&4hRidPjN<wx-x+K&s4c6M@w2eEI`B6ofs
z?>b~4xCv~Sz{4%}9>3BbiErHGLE3j0OiO>%bqle}+-G)5MjmvO+b7GYXUB~dn~@7M
ziZndy`jU6!4&#4b?2rY^zR<|Y@=^8^eki|Gt6}^w@FnNfCov02Spq7bp_~5k9x=Wa
zd7G5KBG@kKQNy%XrPcm>P>TuU`ff``^H*U#yv$TzQ~c?WN3n(#OC!0KRkn{+-x~J?
zj<UohsoBcQTv0Llc2-ceZo|K>R$$Y`K$6<~MF@FL!J^NiI5Lgx{yV|4T?;j9LoTb3
z{Ie(fyU5G+0-ubYDs#`h-Rd0MIxoI>!2RgEL}>3wzKQK5JC8g|oFbo5*|+FO4uj~-
z+FoOQ?jQJ5N45;4owypMLofTsyFB_8Kg)&eP}MU|pB*+Ta5LGvHK3-|q`#Mu(}j%%
zj@4b!?qK=nAS+pAWt7ih4XIy`Cb%9x>|zk)oRmn(11g|-^uCD31KA=9Qy@Z00|@)T
z>%%`Rd$HHh-^YBFBz-GwAHUJaWiQHRl&L2E!Bs(|NOH<YmwsQfyYcxL{`sM1>mAwJ
zdB5ol{C!ShV(&cd1%kpbL|vzGGzI|mdjJL{3OW%sbj5J;B|xM!*glgc@-DlcYQ@T-
zG2ao^cT3m0kDXz+4&!0yKTu~pIz3cI@E0pycn-Y*cOnXg5(&XG`=DN`ERBN809G|T
zn6bl2#?7}c1zt}=u=K7e<|kg=)NMS_Olb!`KbN?^mNcn$x#HLUOiNg$VxBN~-_Lxi
zAT4%6*y-zEL})bm@JaYSsPNw=9|=wQC{ImLC#D38rW%j2v*_I!g09%{|Lyc?-sL+O
z7z64O%WfUhHZ;CQWp6T*w-g6eC*=9{>qr-9y9sB7dQ%-|(lbh}XZrA~v8AQpa+zU{
z@pv|Qu!;Jbynn%ch(N_>@FilU2E6G(W%Wg381i6I8&a94WxCy=Ax}bVd=BYRB<L9M
zBT4dB#jAGmKDioW!B$(}g$%FM<Px`6J>+Y0G`oZClz#`W@Cn)hbr6z{ybI21R(~%G
zF&AD>FOPR<RSqbSu@KDseHCf>8q=liaDr>7XE~-E!w6L*W4&W~=l#<Wq3+oSaaKwq
zPr9xd^yK`JcxrrYF5GMj<$fRaS9D-JacNu=3-o`TpIwhEh;!&t#subbz7Eho^6l+e
zfmP`+Dm_P-b;vh_-Y;hzN}UfYC14$2+8`f%QU-roeNk}74LSP*T;f;I?<OM!cKfeL
zTO{`{8zZetkm6~9p8`R5OcX4I<nN>O_+R47tv@Av8L(=TGIlF>eD?R%ecriinjDW<
zmL7J>o16lhv9BA9x_T<Int8BFTpOmJYOQh4uHO?bEE@f}ksD4oZPcgih+l4l?#;$&
zxQK11u{oHHVv)JeOTTD-arJ3gS$TN1i=S17I^rP*KI1A8KWsFdp#9ut+Ty0Xl+lZy
z=akL#AH^vdq_G*E-spaKF!GeYjAi8*!Xy?c0^@wir+HxM%44=`0#^f!@6p0fIwKj(
zZyIH?oeUY9U}WMGk-|OB$2VrZ`O33I*g^~QG-Si&1%ym?ljGO3yJRNzW-7woZBG40
z+1EQC>Z`@3*HmAyyBZXFn!m$Qm)Q(ww?c~z1bw700{`VUz6iZ=cZQ?fQ|rxV{GC`2
zs|$mH%G;ybJL&Q;T$tp=;|w40=@wsLrC!|57WgyHnoh5Bhnd?y9>$sb$8Y>mu+#dy
zZ5?vtKlKP=w#uah<R4;uj~c2y7q7e9ZcB9E6lwN3<eF-vVtc4&+GN8Sp~)Rl)tat{
zEl(qHax5#@M{u3@pz3t9364fDuIiT!q=`^sRcp`yq^`G2qsXN?%))Ld@4WkD`3i1f
zh-!z!W`?HHjj=k}<bo;e65ON-tB2+J9dv2AmD6wPyPx#w=6H$!Z}&S2Mnnw<d|q;z
z^HWqTE(lRq?>t`cH5Srl&V}wt5J0(`*7xfWafopk9^QbOc>x;4A%<X+@F}V(E!Gdg
zoyU5>)h3xV`sh^xYXqz@0;AGEU>jPg{Vks@8pP3ad~te091RQ-)W|<Z=IwoUxJq_I
zg^+IVm1jsy;Ep<Q=Lugu)G(~24eDzO)6;h5ZmTif4RJh}W{%7`3?LNDVFVduz!Q}h
zm%_sH2HYdfnGrc!gNK>w?wLCy8iu)CSmD($(U<TZ3->)gK^gGOgPSp{+=Qw6*Xks0
zcTV4Fam<V01^<i*^9!=U8)F@qibxwi1*@#))N_liw`7GDTSZ@n*9}0s`=WB(nXyuN
zPK(=Poe>`-`ORft1c#vqT;og##lerADt3AuGGb3{`5czc7HEVE8x5N6=t*=>-uXtK
z0$t0bJSqM;sEW$SdgRA-c}Z*D`&A7tCw<9G=?07MkFj}Ic*5?)-1fm2mX+ODsAq15
z1Oyatq{KfX*bkjC#CvK9RH!ykjjjG*+FPpDFTnk}5oU>ugqK<nw}RD;I{_;+tNB({
zkQgT5a7!buK9>j*w=O!I^XpOWurnjOW~nf{t4}40nFTe|UuoQXfgBj=mX7;ZYuTzS
zbUyThfyYS2pki;BdYzstx_<B0lf3T^?rU9{8kk?P%Jp(jG#-e!sHkwLIB<G%l$2`R
za<_lUnUftO-EmP7wJ_427u7w{GI`q!NIB4=NiAS}l6N1B%=f)?V0@}2phhF#Q+P^f
zTv%K{2*e-%PFl_-Sx(^G{CohT^-m$OPClhD&-wwr7&a>-O<T3%EUC;{<<zZCNFkd|
zWSzX>8>RE&7PpNu#aR+PxgXtGFp6Qbd?!?PR@}(r*w`>y^1EP(k*(j`(!;2`74I*3
z8@=kgz;k;0>RyYj;*S_Tru51;!=DVrN*))~*n~L`focL)O`7B1{WX-)-Dn9V@kRrx
zx(_R>obsxPHTs&M5V$(Q^Mlrn$93JbYh)d|9Pss={G9$i#yEkvMsp8v=3YcEfgEoA
zrg2~mQO<AZ-&Sh%2>$}}*#u8#h1neX6}mLtd0cC&@JIs)l{haw+0W$irdk`i(-45A
zD0uNg`gB|N8fSTPlz>=3thGity&{M}H6^kRQT_CDTPV7~Rbf#0Ir1K=otqqWtN>Kt
zP0iE8!QTV5*%q76XcX(A)A&}sypJD!_5bVm&_>(-aL=jb8hOeuEwEbHqV5&@Z_TVw
zAgM~0=4`C!tKrc^I0j`xo(Tj!CAyP0P>3lmeEX(WC4lbpC`JiHUZ5PGsOe$=VwIr3
zoOe0eDz^`Ql$Q-p$LIvag2R52T6E~L?`{Ak`DEH<FU~6a4ZLuOMX+@`uoTvf$hD@M
zNzqaz8$sJS{<k~uZV1YxNufGol`4ZFO$}FBN|81k+O}@Mtgz<Q=mqK@wcRlfNVQ)%
zGO)}^(ZMydem^WjfeDOk?pd|yEA2)Z=9<5OzSb1s(AAv8NAVk8At{K=R|>Q?4&tZk
zS?*42Kx=mzW~)>jrnO<UJFmqZk(?h|{o*+Ik)OeipE8h)SFyS4+m*9f#`5O8AqCB^
zo(AM`YwOP7>w@JIJ<qwV=A<r)y=Qg*sQoGv?+33QJpEnX%+X$(m>Yp|56Nyh8T3}e
z{D-_UsmRYNBF;RQe(!d}seMASbK=2YBKPpb@xfU14)Vp3&fLD$0;_iO;+y`dRI)00
z2QwacagyFt_lz)ubJ*XT(Q?zGeqTY;O@YD-25z_L=nmMfXw?m=m;PT@++U`=XM2+$
z`6H*iAKbyk1}PD~_aaM1eU%SVB$H4i4!LIK_O@TvuUW)wxEc&8NpMJ7QiK!<UpF^Q
zD~mmAogBhe7&jXAHcP-B70m6L@$q{8*cS~&=XK@Okvk^yuS`w9uVYQwJGui;z?@=^
zvrE+<Yy?JL#s&7H4^8IwYw}iq?QW1xEv&c{#<0Av^5iPZmKONq{7cwjMV0pQm5PhY
z{b*U9>h2!x$f(rg`aUBrs}DCbPI<KI6<_XxM6rS6M$U_yp5f7tOVYnX%eu8=6Je{z
zt*p0&;LB^Z;14>ipEoBW7<&-Ps#}PQ`3EF%sWZpznQW%7X092%+@fLV5=OQoTQTP-
z*P}u*W|sPVzCG96rQ1C{3}7>QA^paA>Ew~RSia&dF1|4l2>~In{3ZLt82iUywu6L{
z2SYRn>#vLV(b)p?bzKy7LnB*Ba$~VEGex8yhHqb@DTbdo*#sKfpZ1#p*dqkh2I!?*
zI9sr^HR9TD;^<5aVVGV^tZ2XB4ZYRqL*{O;NC-sep(jsZ4We)umLv5?+{7F7&zQF&
zBUri2r>vv8X&JlK#B>Ydfbq?CozSaZT*zYuM-dmAAV+;jqiz2ZTJOl)fswfxORMk_
z1(8qTbqr~j$pQ3YO7x~+ffgd3V)Ot*T~|B;MbbfxLQ|3%yX^!HKdlSP3(<2EUxurL
z&L;?o=1P!(l|zu*UTx@#Rx%KI`uxzf9&zp5(CjXP@FXlXbk|F-*<5PElBfhQ0tDP;
zS~QV23nz(9rbPRJ7I26@n8EQRA<$$=7#}22M2RM9GX$q|^pc+CC-SmjbYe@O*b_;i
ztK@RcqWxK!tk8Lr-L&cFH!jEGQXUb>IjltYL7jQ?WnGHMci?KjVKl9N9XL1VB#~F2
z#sLo?ub6jjRH9<Jh0|AYHBs6ejN6+3?!kDF8bTDKv#w83=DisQ{q}w>P#UyvlrQ}X
za{r~SaIZXY8gx~fV|))>lxKdL_jFpN<H~l7%X?XHtU4mMLf!q%PWdcv#}9WdUtMwQ
z(}B8tVYN87z0Vz(&}g89>!jQn*T+n{H?;;Fi4yL0Tqs4ghOdee)aFwo{?+evPJbus
z)-T=om>zj70w)t}wz)2z;V#guE%(whVjzX%J|<<y3d0-u<1LT~P6_9J^b^in=)8)Q
zz3<+5OZf2<ly<%^eNZ)|BN&l+S2?2JTx1@7E+rM0646rnh<JAA0#tIAQ;EECz>ewj
z@D@DGZyN!%M;!cJUW57j;evzjysr-ltlH`Ry((Ek{IfRMADTy*3?{7Z$KFWa*c|vc
z5U7EXo;<X{{G!|o3OP=V8&BiR&5*eZu`BXCe$x-WxnVJWcic6jlw;hLO$H1pml*)d
zgPA{DK#Er_?F&M#6ta(B{_htd>M8Qzmc%PfrjQt<QCj(Dqpxw`8l$26B_VhZy|?TG
zW=v8bu3G(K_q=uUWxNyvUut)_Ca<Al2NoS1sVi`tqq*t@ai&|(6fB$w-?-HnbkG+y
z#nPW!G0BEA{ys9*P(9V|a$U}7l@sZA9<KgPNEhAr$J*5Ba(7Q<tPCTk^)`>EoWon@
z7^avCrD!(Wz}lYz0%v)u**L*x?QOZmZz+8*{K=#sqwc_S@zbti@nu1QXtrB{ne)cc
z32esKosvG+b(&i86i6yqNS$JcK`0(~mdKkA|2UhE^|*|tm59U}e;0E}7K^mr(B~J~
zpM3stA!ZB0&|H|TrS7>e2WleDA{#x(_n$o$S+W1vgr#v1bm(0`<gEeR)qtZ=I;Ay}
z?O))_RR)j^kGR_0lNx(Y1YcsAGkQu-wtBRA7}v_larBa5H#nes0&#4Y%d6E|V-@tG
zIDfTbm1L7MaqX9!bSgQpn)7#Ckn4tiTBAh=ILM;-Ab0$2Pe8p)dNd&m*GP2-!u#K4
zuaWDAsJi50dOtOcKnufR7eU(%=R|9|M01`($)~y?i~hFjiN$&dE0Zv)|I*{G5ysw7
zlk`#wMAzc*y;F-c8Q|rxzst4qU8+BZ%H*>2>vX!Wz=v@PIam;xE%F%K0YlIME-oG*
z0Xp&8e&#oU*56x6&pY-T;iW{9&Hvre!OLan-#0bwD<<B=asqCrEe^!KFr;EbuFwQK
zh>()#b;+<|FCl0m5xv{~hPZ|@xprTN9zY5pM=inhA2cgaO)x4zBXFXXGv>u7DwHdt
zm6P$n_P<3DfzMO0s^p1FI6_5us7=mj1^h<%ch0KNmZ|*y@kaMwnhK`XzS9qWu2;6d
zVuy6}7YKXVaQgnryU~4UP<M0l5Y_#VP!DC%LY#Hy3e@EZYjvrWg@EjJe;-<;BcpQ2
z8E5>g5%}$CfJzT~tHPo|vM3KZ((8Lrdd7d6uhn-|j}QQax_5c=m+{~j+n=kgvM+CM
z&bwp?Hd#0t73H`KmgKnenJe7VFqbYfO^aD=73f=t{IS%mt@#7b)6-S&__zRhXN=YT
zYA)-OW*m0#7IelR<PdhJJInyb%K!*as)od~<OzM8v|lCW5}Tc^i#Ou2-vbGWY@Eze
zuR|T^b?koddQBh2ejJf#nxF+_G~elL%QbDy20CM@u-&0fL90`B!%kL(zwEb(@IWg7
z76<kR9;52V(N>FQ<5h6+gDn7AgMMmE{yB=(yylSLSZ%xHciK0-evb<?rr!1E=;^$F
zhljjLE>gYc&(STHa+kODdpz-@7tM0kmHm=m1r~drGe*u@$lMo#lnEOcBW0|(B%1UB
z?v7QxiOLj`U^TNbRnd5e>`8sNKarJ_OO@cydYcK$Iwf|F<c?5$XSEC`z+;(U-i#Y-
zMI@UrbGMnp6sv|&g`Cfh;cKa|jad4cwaPR1M`0n!`dT*Rs!Youi*cK;tZx8rn(B7z
zysj}**==#ft?JV~7Ca@|-{Ze^zq_jv9q7)zE2VZh3SyxAGIjRKnO(NMQ{q>6es~QR
z{#;F7iO}RLq47ZvU9+u2RI}$q-I$Oex8n|SSwNpIZua_dh;=4Juqk;M>D3-WE?gE!
zWs;Mv7iTbaI&QTclNqM-pMdA?0;iOm(oy?Ddsx@Y&GF_hW5qOZ6r>YK0R0izr#z^3
z=~aKwN(A%Y4W;FSOcfWIK!m{AKe!C7lzgE4f}F{J=%z$3nmeHD=r+buqBp#hc-l$B
zv^8A<!?v8l-`_yZG|h&~2nfZ#HGaL>O#FtdL6W7MW&LY-U*bLKuu!#eqH}P(Y$j)=
z--q^c2*=tpV7)aWM;H{IKpb_^9L0%zr@o_k5%1Df0P;>@3i|^-IpHFn;|*khMF&hR
z<+(OF9>i<1pFy<hP<=?+rl)bO)}{C%pyqaaGzfIHXL3x~0<U^eOYfk<FL47+Y$u}e
z@b5T7qWca=kgRebvJ9MBNJN!hnUd@#X{Az_v_4$xZOrkIBr}H)d3KH_Vd#-Hlg=Pb
z7TMfTv~&22p$JID%K5jKZlWZK@7Q{eODNg&Y|0-$bF(awLy?~_6r)-pCHjRXE18js
zUDA!nk&~DwPn7_I9q^X)!Xn$Pw{|xDxY8<I?mcJ=J?t|ehX4e-_tD+f!#{7;8e7$X
zxn$w@zwQwG?qQC0Vl~&w!8$%~9@f_HI{=v8>kZUF7v!F_lQlb9&wPzV1Hq;%k<R6(
zYk$4>&|))UmRirES@BkdRg-jTTE{hi2eTsYgZL#AyaUd-@y5zNcOt#H*CpU~e{gW!
zz}-keb2AMEsXXUYzq|*xiap~OvzX;DqdSfO9o`qSiYpq(DcZ@Lwd}ZD?<kyy-%gtE
z$dcz8e3p&_b>Yz~9z?ei6i!7gvqg<~7JBzOQI;X-&9SFq-y-~cBcpf9Rrl-%l1;dh
z7xby8FXB7Vxpi~|y{fRiE&dR-SEEk|+)_IWZv9E#?JdgO`FW+$q0I+Oe*oXv*uIoT
z2|@i$a3yptxH(f+;QfKLs~bdU!{5*k^?Qk!fCgHfXszj2c8I){kUZEe3z>#Au>?}l
z_~ldo8u0x45Yc~yzWm>x{G$u^EGkTOqT|5e63>`b{V%-ZR~_?LuOh9BgumG`dzO6~
zlUEn2!VNOlu#J!0>1iEizvEn9E?DsA+?qS-;$|D@=;HO&wXt^Aw-i_!wVe(HQcyWA
z*|CAD)EMCP+n4oUaQpf<R#lKIGMyv^&IM3_YCA&BDG)#1$GjiS;-1N7DQunTcf0A`
z?aP9^p89iQ4E#z5-Ax0|az^>*Wh42Loh-V49@~i;@KL1=Q~ArT&}~Q~{beym6>JtP
z;(9#ZNyxi97dUv5uFR7nB5p?uz9p0Xs<xkad;~H+`-sV3ucVP;$HQ|{;xwOs=d0-n
z)+0@2v2f1!E*%a*4@FSD)zdYrxw<p!dxnp+<&@b_z02)BhqM4zYxF(*eX1C&*tyFi
zqJ!u)p?8kF^7oV<y!Upe&mss_L-A>;p<v@r?IWfpj<J(eQF{D}?npY3wN1|Nib&GO
z6N?%QZ8coG0gnxiPiMpLFLXy^7r#CnJrR^_c`ZM9W(w78LwcRfc#UqQARzwLg=kJg
zeizcUY%;SYQV8KgFd8o)7mNI*E~pWn18urU6Y0=dmi&jJ2xJ0Qjl2~)-|K<Xe%XEd
zfxXFLdfp5`Tb)n7q33KOF-HEFU;3K8v~MH3?V8U@^6HjaL2GiTCy-;MYq<J#K+6hk
z`%B?00P`o(Nfmp9%Xo@eBgTW?2ZKg&h#uH7{1s)FY^Fjkq}NlWm=+~pwKX_4*3EE5
zq7zJyTQMF*mz8?GG-_<nQ}78V5chW|(HG$Df(|3*pHG+I6oA9k!udahz8l2CKT~o-
z{mIGneH^xy{Ei5-C9BcvfsTUw_8qYh<=n*9H?RBXrMYP7^T=s|!(@ftdnZDlw|Kj@
zi!i}1WpRTT70AOO``_*)hsrE*OuffJDQ~GC^MstCqZdX!a|sdvKfPQD@~M41g_8He
z3ay6~*g`R)8TG6hh?;YYVG;-ahoS^tm#hcKewV$<2u!RyXKK$X#l6gB&p#u`%&KR#
zyy`<^nXOKb9AqZ{e!$y-io5qQ*W#H0S_6>B<ox2t1%YBO$b<!oJy!0iZ(gnfH(b}S
zcvU;2l*t_P+&3@N@Jg=a6Up2k%>R%+Ui|JjkPC(^EXp+t{{%m59-xl?#FgFwLTp;6
z$2h$(MgO*pcZ#WBT|DNQ@l#vc4IV|Yp^Xz@@Y%)$n_>y72HMhZplS2?#+7B*^MjqW
z{F*Ej%%yN=vpa+kb6X8_Vbm*^)x>6IH)HBr18+Z+Sb#zVRy8bO#!C!&-Lz<%-#_Pu
z6H_-fUEM3%Buj#j!l4b39FPvB0e%N0d-%hR`*?#rDH-rrKz=|1uRJc0QO{wARDmzu
z)&h^qk9U=sj{i#zo-s(95*g0C!nE?ps4`QxCz=mL)JJ{e|1o*5P8hG!n56ELFI#xX
zuswK1<n2Caa3}c+o%<*<BVu)K*>x%U=xBwK0-D(}`%~SXVm3+~_ny2IaJR8pY)RbE
z;ptZj_+EupKGx<d1)_PzWDoi}?xAXqaGgLz+-=rt5dz37;--B)%nDNP9$r;XwurdH
z1(9-ycz88}gZ-vlWxcGFJ$#M9kUvH`*Yr^wchDj?kLNk(-y`~SqRtkIeX)p4Rlx7O
zv+xR}5~+(8A*~tBu!@Dtzc;ZNNV*y%x$)re$&6!&$knhL0zzLy(@75+0XA)WgOhlz
zGqg>`<^JE$+ic{O?7l@B_m{F^oQUj{;A1~$vIxqDQqxj%92Dfj)*b**c9VZ$oq_7k
z!z5i1|5B!2jnjU%-2DL;cDIx^Lmzfyi&tXR{Ky|19<ST%;a`y;gS^c)98ae+%o7V;
zPkQcGwPsawZCy9pQSj{kWG`2nO!*aQPX+<_;2^h#66t~x@gxeOFVH55f?e>*xiI~9
zN|-1@HOZ&rL}DK`XDN&U_UzrU<_KB87jgGJZ)xdkqC%^H_e5CxcKf8NkBWhmIVv{a
z@;e?msAEFT5WaviQ5Shaj3tKBINC>WSm1lCKS%^<D{77tmuR&o5|b%*H79rLlmNy6
z*!|Y>Ni!-9rcQ1x_Tvgh$lH)*LA6il$RNP&EJ2i%BA@oD!7V`BHwd&(i+S8M!<m3*
zu{+FE;!Z^FeNjSWoi?XmdnT=r6u|?^kofx*#!birB00p0C?vYsKMs-H_X!Cx7#i|1
zt?|vvvRG)Xw@CY^h+R3Hf7WQ~2;JA~BV1$AM97IO1Jc;zKYE0PdKL|lTr~@WVx+7!
z_GwzBZrgaU`6kh$3ZoU*Xny<l^x0OFD!#Su3cgkT<@36MiueaPHfG+wPEKR<twyrX
ze4Y6I@$LHYJGih6cY<WD`w~i9=f;Zm)t7z=@ej(bYb6f(1*c~IS=SbSX}dLiI)fFG
zwJLzTCrrNg+>gkQQ|VbG_92ZRFFZmBMK}8{MK{q;&%@c0Z`AvSvUwNID>0UpwWhI~
z8aIzUdqKOl)bb4HaAo)hr+C@RfcAEYLxLgiYA!+YmwJtPMF3HwfIbAG+)R9)Ms@(;
zJZ3zX^Iq!4i$Nq1!}9<}wso%{B?dKU?mx?LP5*fOFl)Y2)dW$l-i0q4<u65D3`P#{
zluD(ur>j4>gpmzwIDb25-S4+}kAZuIp`g@K%SB~#*XsK54yfuAtp}I72hUo(?JpCD
zq?g$zH-jFfl~I%&KFRE#kurOv-ybclvU4&mUSNicf$w9)yZw3_MYquR>}NvYjJv3-
z%WGG@kdgzx5_P^yQ-1m6e!i3t&>whIZq=|cawDih#7yv`Q?)mw#k@zgu8D>WoRN|A
zeGKABn8$3MI>l4%@UuXMsBG_=%F&j1lKC2c_3L9b34^qrE%v%H(Vrbi-60W27MgxX
z#GM$VYJfP{<6<d5#QzXMdK%{|D+xzn_HWg*-IZ6HPtaj>sj~qaiS`L9tS@#Yc3R{z
zE>qQpCz4K*C}2?O>q3^MmW-!@u`Rvo_6L~w(?Nt)@&H+oPA&=4;^}9h6__=dbHtyZ
zM*tl7AJ|I!_9Yae4~_@W?mzUd6;FSJ!}h_4sDXRVPz{l!8wL6a=S6?0MCiU|fYDB$
zn<+iWx^d~jMmHyzc@z!#$Qm}`Tx|_+3HtPe)K4F4VXm}29)Dx}^+jIq5_$<<`)|!&
zdSEu?3;?Q~w~4$*Bn^}QTebb)sw_w685GgxTPmL>&&KWrNMVO@&O6k8`tH+>0@7@L
z9b{t~qB6c$APfeyFl|4P1LrczzZ0o}AN<LuhTzMs2^&6Q%k6}Vb-8_~7E8GnUvmHV
zhH$?kh4O<WF*@53Q7{?6IlDJ)!ann!HO*_kTC>(0foyEU?U<;LqkTd3bftE>KGD5j
zr<wkmvS&9%KEx6QwaKxW<WrL~2DNak#;ev-XSPRK{j>pv{%L;A<r53Q;yX*OtZ#6m
zKlb2s<h}8k6`cpm-ivu_bnX1Dx4z@_U^maIow0-SgpHW@m}V$zaPg`j(ju+w{<w2x
zbMdN)`&Uhoygz_?wiyRGDOll99n!OUA6^GIJt`y{&-JXvGuR<RdOUy1LYPC!?<^O~
z6bK@@q73#TJiN>M-H@yq<qY5wmb5Z(`u2=ZBggQTe8^lDM@W`bLF9;mf{0F8DmcIM
z{*P-qKi<GOma!i{Zz3-0ix`?HI0@~3J$po6Nv}MEF<e-~GqNo1QzfluHV1spbIAmK
z!$4$g8bL?@D(NB+h39}u`W=WL!ye=;E4a+Fcy)w{A8B76!uQ|f6@FwsSSQC8Y5R#C
z((?$6Wao6e0zhs4idb$WSSK^z0OC7*vC5SHqWWFHw#N9s0$b#{egjgFR!&g{7s>1w
zFr<ydjkX1p>A8VV9>FeD9dj_Hz7FN@U$#gME@SY=KFa|c4ga{I?+iV^7FvR6Y-(Ho
z*#5yRV`JB~bn;E|jerV~n}7r5N|gNd^KJp5ds+64J_rS4Zs_@hWreQfFimdeYvIx7
znJNk*;@NvnMYCB3Hr?;=tQD-}yI5(I@A57tM!0sdaLhjcb5t6eRrG~2)o^1brfcVl
zRJ(I;BrEBy1nsl2Gui2hiThZ*jIceq9DDU<gGC7pyG@V{7d+!n6qc*yN{W9saYP)W
zu+3@3$aVq{*91Xb-LD9X?=KGd7kmiY$HNR-(UhNn3u_8+e^HKYfX<dxzVZ*C=svd;
zn~MEck>1f8fUdda3^iOipDrBF;K$sVAe|I-$(WNkYQ}w}Gi+tJ#>E|fdhV;9tg_6L
zQ&S$StV0yP<PmykTlVUHRg-0U1qJ+e#^WohiPO*d5D`oi44)*jVyNL{6)d%rBuk_$
zg)5Rue^bMj!Y4yJ1E+2thkt%_EYHD=VtDj}ueT$CDSU|i-y5wmB@EP6B&t0G+Yd>L
zY7~-Boq%Gk$3txfQ@LaYaHHm$rd+aoUDRh#_`~wlaq2p>-A+Q99Z;r0lcu!E>d9e}
z1jjz<v*<H(WrG9{QC2PXL$!h$yN59Baec{Yg{c|m#XOQt>vT}Y^yL`RVp~S&V%-S}
zxXn?4DB?079(j@DV`vzWk#2~>0!Uzz=I-ab<8<~rHHWJ3f>=6pPhfq<twYo~tk(HF
zuy2F#d&_Iq%QFhpoE}oaZLAIj>|IR@>@h6}g#-QcvhAxMKla<RoFLS`Ej7%?oeMc%
z-MP+MWc`&n3_}gL4>;)Zhxw%s{BUp36yb3%%Hd)b$;tDZ7Od2j!?&8`Wcy9?w;J}|
z|JoBA>Jh*5>w~~QdOUJMuu;7xxAM-o@oj=z$6XFbCx;||CvI&JXhr*m!iu(5&7a^v
z@A{p0vnv`y7^^r*_ZwQ~gPwuH1cQJlDLZBJ$wK!qU6HXRE!yfs_=xg*7^>BUTuP?&
zdrVtos6-3yo~frl@qUXXDb>xxF#FUQ3_Wv8zR}B~LsE#~cTG=08+wxe9g7Q5+?%uG
zo=dplu_VWh1euGwzC8OAC2;CK+3f0im3Sjay&5BDQ#z&@Bn+B;4R|Mdb-omoU5baC
zzs&hA4YpAR&)9fbY1Kfr#8`(W1U6_siK!pwVr#R&UqXV*?2A{Et;<803Ima=#WFy`
zD%&=L$V1u;_*0Pu91sYSSd)Pa%#zV_L*m}Y^@H2=jIVmW{xo)twtipn0$AoXBmV~v
zivpoYoo8mxLWd_#*1=i+V&8|;c46=Z!OoRJpsK=`Q_qN?kdv?U0hg%{Z$_fa*oK`3
z%A15#@FG|HoxM!yvoJD0c}cu8HQrV>=dtf6wmVEZnpF!N*5ZmhaLZ%60s($T<FXGg
z%8m?k2k39}jfRP*zq4DH&%`BlAK&aqH07{2db7QCmnSvTS!&tx=_Q?8%+cjbh&Ni{
zxgzf0I2HeJcSPn*-v=kio&B+VT8ewawE&xTW-Zi|RXO4SH2@{=TgJa@lW``sKuKLO
zB!9_;4TmbK(;+$_)CMg*0NDzZp3CremX%?k3Qpgp8v<79#wo5{&;~#RpCA{|jiEE!
zGy9GvWX;pRNMEExgSLz1aFWA>{^)&bRy+@IjT_W&Fi$DD&pkLa>PV{%hWFec;_I48
zHq*DJ;~RamyGb8fOLOno0k)NisSJP;|3f#xxzqnp7oum3{bn}XnQ#it^xoVsr5s~3
zLge1oFoC1<NcaqW9IF%f!r6zIf%m*GuiW(T1F94#+vTfAY`r=RKuQAA(j<HmHVe`@
zqqWhF*UhG+QG$o4pN&4_u&%@)pwn-JO^md0Mjc)H+ddhoPg{(dySA+%_$4t$*XH^c
z67~fU_LSFM5F$_3&BZ(*7m7jw<Q)DTGY#A4_1O_PG{?(mEDh)cqs-ZUs5JRtsQuJ@
z)C@)kg`qZ6m<Iu7U*)hS^pe0vkiBY>*5Q3s@~OSLVM1T@9yOTAyQ{(nz{P$YN;$6H
zXS{?qQ=KX1PjEf?n20*8VLUH<;X&JKao<<Wf-7JqT~bqbuDo^1K38qP3PTuRaxc!o
zG9hFDIy|i8ZZr6Kax2_EzTSRwx?G-=Gj9;HI(at*^Wg3W%*XEeqMg^XdnqXxuSgrg
ztGPA;61f?I*R>Sno(2K{T5$%C3YPy2&K+F@1h2TvsYPw+moC;RJL*dHeR2?YRgFYb
zpH%IlmoKsh7_BZ$83e@1SV`WvMYP1}ly{)wGk?$G%Jq$9QsnRRVm21eVxFIGRCb{?
z^+a-*UuwIOYT;W}%h9vm4Ldd&bbQn_vUDW{auWBDs&o2?a=8^-ffm@^Q$B9n!M=l+
zG_nyz9!LhcwoBpAYX>Lkx=$nv9q_po8|s0-+noRGn;cg>`{A1Nc_Y!kfB#%@U`4e>
zF%o?jVghs;w&VSf8t`}!66q3fg=C9&fuvO&c|%aH5G@A1^orGTdPv<JbE-)XQWjj5
zi#(Et)L4w)8Hb&#0Pk(w;eYwh%(gd`qVFb?7MYat?fIiPOTg+`&{kC=Yy1YlX3ibY
zdv1o^J0f$xBC8Z4l=%Pdk{!c|nr%@pLc7H#f+~bH!RO2c&+8L>o<Z7e@R=cXCu*qS
z#SV`x6hBQ}@c!na%p|Mh5Pb5QL?pjhXR2^5xGD1F-I!~aAO4xU<7~Tp@-BznlcvuG
zX|EM*Et7u!E8L2<!HJp8LCffTrrId|o9h;H%pbKkVX}OI{>#rJ^?Yi?BG0tyT-Xht
zrhLL)Q$(}A_;~b3ExsN4TRg*K&Y|5$r1S|kE~BDhX365eA}(hWRC6rPU$f_;be6Y3
z_Ugr*{;OC(_6EWX^bIxvp9{WDj-cxT9+JkXiM9+PD}{veQIP!&J465UsiN6@cv5V5
zGTWloq|rTkDuWcSTl4Ke_}lZp*n}w`%{#Kn(d5N|4RXaVu7kisz5=a{*;(V8cF*Yj
zf17o#`IME$^pYzUNhyIceawNn09K&jCXTuA;qp*;gYj29dKcl)IK@g^Kp|*g+v>@4
z-m&`hwzJKws9B17f8)FVUA&f};mFub0qG%Z9)@wvUf&={5W<hL;z0}k#Jm^w0;VlC
z4vqIbKZ<n*J3Y1_N>}`;@QZwTAvqN1m*!;p14L$RLI7&DpZRqlI7NO@wU5at^J;*P
zpSefx!9tpS9-$Hx0U@7mCNvf0umzLFJKS8};9h<{`sGin`MH^>fRFpoQK)%TdMJ`y
z`Lfva$8%0@^aWJu5rseWO=EDqH$qpLoa73S<>$zAI79{IxemDyS4f%RA@UxFUiD|)
z?l`dRN9m1G^oAz|BMhb_$FTQ;+D8U;F0h1^hJ6@rL-;u_<+Ye0%R(Rf@10RFLk0l3
zV4+nvqkr7muD0I=k}p^h?NoVQ%i0_|0BNy>nFv(KVIIVf;#b$^Nnj+p;Z6Mb6GED?
zclpuJu&vVB;LdB-A8{@Lfz7rs1JS#XhzH2)cZ7MgO^a8*_}3l1nx#q0lUHI^uQXbu
z70YCl^E&J*k5fnGtjfV{&nq9~pEs6C3ju#(x3IfI-;XnwVNtX2y|v8juKy-6CT<WS
znT<<|Serbt8|=S0Q4DLN^K6oVL8e!)gp7p6&(f3vFjfnmIfBuXjdZtf0qwtiKX!Bm
z6GJug9g3CalMorOji;sSUM3oDp$WeI2^tSxBv|c7;XM+ZN_^7?EZt==FEl==JHE)a
z3S@#J2j)uI(wpBoe5(5`t+oERblt)w`C-9;7zfi1^G?p^s4SG(AAKlay(8z9C#Rlh
zy0H$v=m#_{`OKxyB1+?KGtzN=@)X4shy6UM%!k|5t@8_fuDPGv&TT;r*EKX5kBIj#
zRjKc$A$nN&vo&h9wroz&5g{$Z`8Ae?G>3IW#vZg7p#?jmMemlLB(jx0W1ZXIjG~WM
z$>_(Q2F5g8f7sYR_cas}25t`$IV>a30t`Wc>w-&xoWO-{sR%Z^<5KkRq&KyAvFQvz
zls4+!=GKp&`*xK_-z$mD?kvw|HlZe?-Vbk*ib4EfF1xB|{x7?=cwOeQn=b!MHLW0^
z|9&%@f0fw!^+np1?pzI5rfbcGtmisTh#E$|XXE>$$Z%WgOH#@y*vaAae1PQKFF?ER
zLd6dVvO=?0IQipG+dquYht!+&+@%KoUJ}K(HTEuF|1^0W*fZ^cu8uby-C1W(_84iV
ztb-l_tauFy6piEBoFSm`?Q`gDgrHC}eH{qZDFQPKMM2=aE*<I*I<(q?jsv#sYovI*
z?i>ZSP10igO)`BrA=*1G+Zz*D{R#_^VB79;;au+l9cy}2yd|&(d4}3P9-3X-R`W_w
zX!{{0yA7F8+E|EcKa^zbW_X}3kNsWWie1%Bo&r9{BKpsT);d9;Eu>QV>G{TiH_6aV
z&=*Sde&}YnNc6!aHwK#7VUX~NeJ$SKYHZu89P8m`6DN*vk*xszMd{{TUK`smhQdWk
z0~_Pu-d3aU1%!?`6TJ6YY@XRPy7!bW!n@|Eqo~-{Mrh)TDFUd)XNanS7Y2HA-C&WQ
z0GbG2t;f<YPBjw3b$~V-(K`UA<+`8H$~(1wo(Yv5;W9*tUI`bVZy@Ribvj`RWH5S+
z<kiN-(>$63d_;=NuYHm>74mBXf{GKig$7mMCl&;Q7I7l8XdmJP?#3~83B3(cB%c5n
zbu6?UA6`qJC!C)}W8oX*{QBZSYH);ZqbP8{G^jv3YcOACdML}fj0kuipT~N0;&=~`
z)iAsZp1BhQiB`XW_cAu9hxiYByoC<WeRZ{`@UW8`_Kx@PtI~3qmJn3)73qRY6@C+|
zeV!9C85NNkf~t4RY+?FoNbJz_z`R^TE$fd{E|A#`>+wKj{}gg}m+tZYLw+uD+KM*L
zIi8<ePPC#_IhG@hz6K#yi}T3f!0^@oN8OvpL;1FU;~|kHN%l}mWKCJJXG@~2gY1#W
zl6^O17fC{*?AgX%S;jK9Y{{O8VeD&WvJS?~{LazmzVGkvxu56v{QY~quGg5CYv$rQ
z&*MCf_whd7$9ds2BOabTxA&}ny+ht3{1jd;zB&2Ffv*W6_Q3cQ!Cz(4Hsk?nOaS47
z3*7r=y!qJ{IXsF_L&*!Gk<#@KZduIBD^>l3@9N+yrpiWBN#21u&v`$TKh-590+gD?
zVc8r`EJlGVFZFe2^O<c!)!$p!G6}zuCK41fn(KnF1F=dEk3j3$t9~AB1U@7dWk2J4
zm58|&hdTU~auDBB`_9T1k;c&Ms2com4iNFTmH25f%c8+Na`?e(lg~baL}B(pZ4S<2
zu*?-2r<;Lxco|pbgH^;CT)ez8dS}Y|5*m3{i9ANv{wPDnNVQ=k+4tj|)M-2y@?dyu
z=&^EwcKwboqi+FShGe9Jd~Oz1O4sW|vI_-|h?8O8<awgMT%sy`v8;^(k0X|C!Z1RK
z)C71OiV7-kYHctM`Z%@{5tGlFqPH@$)uZT4p}s4V2|hLYt!fx8dmR<b=_&sRG>~PM
zqerro(Mg!MxcHX9t0lym?U(3UyeqhqXW_vbk-34FDl>Y{Y?T|{4au0s#sr^Ic2Eke
zmB?4W)1iU)Sv}y_x3Ctz;qU`(>3ycj#km>L=01xEx~N%aDh%SGt3S_z;>K6WC1CF}
z@=2r6w!KWU%*#7jaI!=Ec^X_cau9l&VXOT7_2&K$_~opI{ft2hI}bE5n5Xbij(K^v
z6mth2y&N21eSaylzDbZF)s?@TY3oy-Cj*@4Ltrwt9!Cxu&Kh`Dlt42TS1qyZ(SCV&
zuu_MLXS>f;x$Xx2mLpkDpRDZTD|aP5%v>U1j1-Zseig@B$w0JmP+4yIGi)sDs$$r5
zg#(b-0(qG~D6Un&c_gr;3jILfDSU8j=u*^%w$E$d{IG-SrA0&-w{8hP5nH-nbhzF`
z6fneG{sR_{1|)0y=%eZKi%su-Cr>61s`V1jbNx;nI~e1bU!r18jcVUL{M`$BX*mW4
zUdj#hx%t0+SN@L0Hxuj=s2wk-b2{_9yt1~tf6ynAu=|CkXoB`jIR>4Vn%wEHmz19b
zefPgTPjKJuhlT~FRf%FvkbN&TJ;xkU<y`K-k&iZ&IyUmw<O#lSdN%ys%n%>mrJ2c5
zqsDBYQ!Dl}_@n)0M?4b4waD$gxnIYz+=<#%avgYUshK0YocT(~c#$o5=8@eb7g{kT
zU{X~pqP?xkqWJo!r00mepxFfbkTVDcp24nf%$x2jWZ@f;BdU8AKg$~BuL>8^#&h>w
z7p*}wV4aJ9HElrx(qGfr2a-En8cxxp{2X0ZW~qUEdm4q)@VZq6E&1SB6;s6VbDem)
z548C|_ERpIBniDH^R`q3-xWQML^CbiHSQq%DxSQIl@t3in2mbWY#~Sx7UsvSA{D?F
zJVQ2~L6q{;rBX__un0c?fpH}zce8Og3X5RmI)k^g!R_UQt<pSFSmthX1C4tMW=_5p
z0ddnt0oD!8eEY8W-zzoU_<s5W^Ur}DT9C=T!<xYlzU2XnunWA{ALxhv>~_Hi4bBYM
z$vIn=uwBo*$+mi({b{A#_F3f37N~C8QjkZMw4onCNuppcRp(WScV?F1@?e(EtLp5@
zPnV|A*Hn(0%KX#W7-ongM5U3*<<^_*-FrmFjV@27wGW`RKt>wx-jZMa1id=rk<uB%
zIO!}oH{))1`3$_ld0!di(@HaGpJu5P*9lGZYymCXcB%|PITma_GjaYmgNUiTvX`kE
zuLOr+T_qo9^-R@6ew=QP|J-%5v*=geT6X=EkZUR4a`a|(14Mou4>#-ZR9|jj9xx86
zJ)-QvPK3v@Zrjwxf~)XIhSg8?W>x$u+gb`n{f539e9ywZpqN?`MXYYXvKwNXVz(WA
zDuT2Re}O(vl!z}rx}1e`#@nPc%Smlj70px~XgIB8J+^gP#Z@-&CAbE!>MIM*z_|6t
zDt+9{*t^n`Nc`RhT<FN7q2L0>3<~k+W`QYG*->#i#wgQD#spDG;g1Q_P1D$Y28sT;
zq35rf94K*o@pg0^3Pmf4Drqc6J!o1j_3uA=0*Bq1!$DMG*leW1s3P3ncTvf!dK}2c
zt?}lUWvK$t#UNsv<Va^o^1KTymlL%NMir4UVR#^(0~TEje(213r_4($7+-w;KGOf_
z`7&m|_c`lCx*Vl1kJ3y>gHCrs13@3JueLmgW`bEYuJ5m<Vw9?udM1hbQ1nNI+MKcR
z92u(t1;jzK?VX_1^k-!#4rJNlx@tp*&xN5fg43jT$&^oYZW3FSElxbB@Y&`gISps!
zD~KxFT7+hR<AoG0?In#H91XkZ&n{V^kak#<;hFLamP4jh772z48-ZVT#&gD#8PHX>
z4dRtS%P}I+i12T|YtkRP#_AzHCCng+4$@Fn7IND`)fh9utt7uVI&`$ex-^90c0S)$
z%8MyKjYr_lh@z@oKk@hBztjOG0kWF@&SLhr3D_(oya&38WpqRnIksxgeoI;$9I3hJ
z5z?ztFIJ@e?54JW#idGCcE7I;DS>eNyNlN)v8+>2a{mb<HG->5B~Af}G`L*4grw+&
zK*8S!-RujBefVK~%{yEN{@m6Vkr*WE(`!&W4Cq)G$-RcXPM}Juu3Cvsk<>~k;*hs(
zhUFyfm0wT{&Whc*1Fh{EBh=d`aK-i%xu#-nIb!!_zfOJg<!CZK=w~!L#k6+~<vxt<
z^_6wU-c!In#sp6IpM+lWlC${O5rsI|1J#z8a(ep1B=lpy(2P|ZRpOWtXd)P?IRQn3
z6aHF*7%N{MnFkb84{Cq$)S8UHs^MGN*6?z17|dEwlzSbAlc*0Pu6SyAS#&?#d+2+y
z+nr;D$cw!!d-?YbyaEcTs!Dv<angT+C3}EtsQOXrs*dUQC#rm)M+lrSBK^+$QYw2o
zwtYu|OKL~#C*ck+uPjr2@1rQf-pRvvjEotSQ;W{3A!g*z#+aD?Fto?JoMwek#V2ZN
z_ANd#la(lL=y!19`Nr{ye|_V+YDggY-xFweiCo5b2er!_Los*$fB&|fqo=sXQdK7w
z%FH+fVZTvNV9Re12jg8Yn}}mH6C}OdXeXG~mgrBjB@!7eG91te<NBvPvZ6lU_~nF;
zO=be$d)OfFUpm|*(K)E+twYb1;>HUUfc?Fin-x(nWBc@AxTy7D?M4?hwbaWVN;X=2
zq?aY3R!lM)!Fa$k6!~I_5F?WE5<Ozlz`IK)Sis9$PtIxd<vRqH+R3&xwvUSbki75M
z{pLM_BdC8#?1i$Blq>fa8-w&kPG(N2+RP?*gY{pW=hs&U;^%ZU9S;uapZ;{YTV~R%
zSZ$N>(fe1u_tT%{P8J9sktEZ-NR8e!tDqr|C612eon?;A!Ygp+zU8Ni#Kwc~l39{j
z2k?)pr2|U$w|^Dhw-4HT(OZ}$k@+BK&ZCo`r|{s<eAI~IVbSat2EG>~N=MiGsCc9@
z3A0r3g&`OHh~ZHNN`B3=Kd@vaD4h>`gtf0vOGZ9?I#fu-PRC`{A5QHTW8lKj<qQee
zW+u7Cj9S~mMiIaDjqx|NsNrI(qqlQ?wQFx1cb`nXksc8a-lk6-n=Z20I$W>Tvh<WW
zs2=ljWNF@m^_El^i3Mz=tf^NNJluaXr@o0vwJf*X$?bYhDTesEW3@jQ$4zS)ltT<#
zmOm5;Li;Bi3@DAc5<Iz~%St7FOK^l|7PJO~EIhBHIB7p^FyQyye{EGlN6|tOyICmz
zM2T?4KxX*`zu>Zbx!>;>({G|Jo+usFJ*Y@akT;TZpW{?5vStnz8ilrdEA2r#WUduX
zqE4x+-I^*NW`DPIFX={x&<!_#r|YS9GsD(3^;ej`cU&t(4L^x)e1%Nte$kBw(|r*u
zLZl~cOAz`2C;;i)GC>ny8`P%d+!(PnBwoy@9(QLUBqHG=F>*eXa2dnCpb*|@{~SxV
zlSwj{pkFG;!m3B=YaD{Ph$COuE_j)lT0~Eo-GO^tzmfmuXoz>snSnktx%cJh5}Kbs
zB=7AGvxPs1&5~dE`ZZN`NeuT*z^F+-C2rIv8Mba+oNiikN64s8e^l7$a|$eLUO$Ce
z0Mcgz5rZfRJScWNUlLHfCT28}zh*Y8HOg1P(cxHcxM;(i0wcF7K0GH1VMSP<FS$e7
zl><}~Jp>_HVfnC!rKb5XNU47Dgws;H=x6SrFPI-G10xhv;Tj!0hG12A5kHQn;&pW9
z<fdap!n2>-MG9ZGW)v`I6fhA7$3+wI>n7rk?tRG>cV$)YyioU92v(B<i?hZsc0)0=
z(f&2|<nge*#i=c(l@rrgCcqMXV}nZoBZ{T_lNmaF^DS-&$-|f~G6?11?0+DV!|S*$
z33Y2_sag!B8M%JG$*?cSr0Lh=?dHJVFz=~PKQ14SlTIv;^kYMt?bm6xh^<suquHo1
z7>whW>V49U9amC{4DnaIiqoOBf`SlZ)_g;6-x8S0r~m|RLT?6hY=G?Qk4}`qQejW3
z(#s6*V~iy4L2PSb5EvLd&SV(O#M^&n$kM>oKd8GXs^U}@8&10z%~_7C>f4P=|C8aS
zHr7FHq83UPcY8Kgc{cV$Yiww1Y!&(22UyUh@p{Oe-$RM~9GnN<oPTZ@h~K;YPst2i
z#IVmOP&DyB-{xk`|6sZNrH+sgtB~V`jqfIkyn9XH1i>iqlt1{~=^1$np!&zg0*BV!
z&4N~pj~9B=T*&J<!Yo<m95?Q9JO8QFOZ}9Vj;B{+!T)?@&-t*j+~Tcip`lp3xSz9g
ztujBK6n)y^e8nHe6Gev15u_mk_5wFi&tFTwpfwtlaDw`H9IEvtaf~M(X+d0SVHJjp
zQ?Mt+jw~g!$EOctM_+54h!BO8*^Gvqyp7Ix9AIZq%)ROMBl~{%0~qT1(MJ>g)n{~L
z`0;|MU-A2AWOAJtZ&)9wu+SLMkq%=zYGXP&<CD}z+&1oIH{F8T*d+vO#66T$&cQMC
zKF#h%3j`Kbd(gTxeKU$E(w|-B9_^7ZJSCkA520;$%hE;rvJexuU(N<62l5K@V&kjO
zzZbX-)m$2{L}}H6m@Rm}UDvw!9x#<ActdNH=Nq)>&(Ci}?qOf?6mNR(&YiJuf9>9I
z%b^yg2fMQjixPn3c|t}=l{Rq4WhSHdAXZgtDX?sljDwkWZI2yaMgCf<_*hJdmox|q
z_^6+!PX{eu7?NE1emv9SDn@Y{BR@{D*YIL%-NHZvQvxz!#baR}7(74l6CRml{Wk|m
zbA7T-=L-Le$eKTaD=S}h^Bcu^iM409HhD<13%mtIqkT4(ZY%TjAEk8M<tvFew^A7e
z_PleB?f!jr&*N4CvfCu+xFE1|mAZD{ZBl;uDTm8my$Ek6#j)3Vo4(O6HD!xGPY>i7
z#`i<Op`P!!IRK$IfbD%aXlYllM-p`h*s%&ft`mx|9T|O{t+sO^`Y_xnxEKNTYmLUc
z3*1vT|9>rKu&&9-wD_eehS()!S>Vlle@$55ndAz?8-eB0d1Wg1-;BbY+*1<o-3?jM
ze4%<AC{gOyYDiY@KX3xWzC!YbDs?=4c(dyrq{(FhXKoFEhSLRkgDcplrDksr-^B_%
z49igw&D{?F_gas%6Aaga^xPMHFItvLxqfKZ!<4+1FMjIPt0_4@!|l{!18%)VN3U{0
zy+%*SO)j#tHHI64%P>W5grQ_Cgh;aV6m5PqwCLGf7V5$+S%mw{yK(aTde_&uxd*Gg
znXEN)avL%I;f$3rQgkLKX-I}iM@KT%myDIv7e3Y058AcNUA3Pn8ZYR^i$rwe!E4HE
zpeZ0Vmi+tXKuiF+odD5^MM|~}A0OV;`9S|TAh7a&1Y#GkLyPkC&F(;QaL1&%X8K8V
zK%;KF03skL$BxQvLp7-Pyj0zXxRu82VF}JV#rJ0BB$&WtuQ@lunuSePBax)Lj(S<%
zZ2jlmQeSZr5h1QkT9rd^7(5jQUT5!(QnjbTOsnoW-`t(1!reFj)7B#XB0gNBs~kd_
zW+ew_XV1l0mLMu_y@?1q6U6JtFy?S@v@uhFqn$Z4jG0Nwno;mEqZuvifvd-<_!lm(
zkeD_#bi=|r!tZ@I{(<)2b?INPvtu<Ofakd->l1stG@Fxb>ww-C2%Eb7JKeGdgKDde
z5<CW2ZZ9CTxB*V8<@IJ~)_YHU7^+nt(@*)&8ujujhJ8Mm5cH*5kNrV^?8!B{_~|&N
z>Z-h_bMLQ$a0kK@Sfqz>qvvFe!A=&DDX{#2a>p8d$vz7PqX#mWp3uB>DSDY=^wZ-x
z{W59WQmh$d&#jk!l2TacvHxuB?bcZ3<AV%1<YUj=bJKct$8!2No$R%}#n(xWm$3~T
zi8#szrN`R8zk<8Gt4Q*?<iI;GvjeZ20m8jDcuMh6b9ToyexgPP;ymq!Sqi{{efW&z
zpd$^^%>EB6-}-}cv%0uU7?Qwhq&4?4!mTQC5<f+B?&kq#jl#{hiRSJoM?Phfg&Fc$
z=X~?(dd@2uBSy67r(7309)r%#R~O`^s(fZ%DmlOEhkyrieQ$us;o-1Pq(BAwZ(u&8
zsrOYFw>_L<xIU@fwA&hL`{up+yF+0a$zNK){d$B9jvrR<(!T$b5umpETBn6qx6Vel
zj#szR=60oxb)^k>vqcSTfRANN8@rv<-{S7h&kRRN#vl`rD1C7x|HL53*>p}Uv#-d5
zEd%I4_h)^)hvIvjT0%-+8*$ti*p;R3v5E8ZcH?XQ05|rpW!?r%0rUA_z%wNIpn*CO
zr|zBAIkDJdYu6g^kV_Q9dymQRT~y9WzT=q=L1BY5bnA0+=8?;N@sn<?Yqx~L@vc~L
zFYT#4iY}>Ac8S&JVmDJ^Z$LfuVJWbLIsNLSjFR+6wT^+{M;Tb$O}OAxIkYQ#L;FN%
z-h5Wl{5@aWI&{}hiGJr6-#?68asOW0Ao862_tIuAayG2|#!_kihFip7?t!DBut)Rf
z{|e8*07&5(7=Q^Ffu;c{ZwtPxLq$$fe3rUd$%$*Sx#Bp{;CpcQFE|8V?ik8ECmF?6
z@I=hb+oThoXs}k&adIMwIF}{GczU5Xa{8y$E9%e0HO35+rxg6Ueh)&<TKG%gKtE+)
zC!Ky-vNtT{f^og?QTACWKkcKDRwf?;O)Bi*Ly2GvFp1dF6>|u$SFs~=$*Ml{`4Y?G
z04(0@e#17RtYGSr=1Uaz^1)2&_;}*q!BD(^|G|tLE@qGaam!Yu@cB}<zsK2fHnwu=
z^QG@9$>MZpzp+-vJb$hp=X6!Pq?KI)wigE$gBs{C0^XVr(64_kV$JwFHZhlSZC7Au
zCYM#v%rj31PzL)AnLT<C&~o9;CxPiC<1AW3+Mz1jQ+NC_KZE`p4>XSf&thi3+5#fZ
ztx;sEaJE!?FNyDmjHdaDx|e*B1ih*T*h5a(@CCZHg<O)_oaFaziP9QP<d=B?^y1)!
z_YCi(JN&fx#rS7|7P$A(Jtbqw5ylh1A6U$qk7nzq_>`=5tQi?#8huNOeUWC;1bbKd
z3sd_Y+2WfZVjz^!wXfnr;JbEnXD&<~XnbK%ChMhnXnDLMz*_jvx~Q|6xMBV9Qe5%F
zK>?Ou)lPsrBum64;>-jO>U01MTOcime+51NI?T3`2KGh0KYbf9V2h}6&leSQB*ysP
zQN5=fj0mp=aSCo#4}xI+gN5LR1|3^`><>9ZH9fLZw1}8JD&~Sm0zLXEE8KL#x{M0L
z&s9dBY%^DzSH3a;iKPP<XS3tX_|N-gam0pKT9D5sAjpd}{X6QJ11xh5qELYJaV4J4
zv*Nf_<L|OQJ}z_58+8$DFhBP`APW_%dRuKW@&D`%QfyncOwzm#MO?hz%sY;0pi>1B
zaeTAE2maTNa4#I>=&&!Oyh!HI;(tn(<Q~B+!=L4S7(gptYCN;5C_b}rhhMTh7@u8L
zb&WI@ON295{<q!%C-$MgH6$I^gBQRigFnKxrWn5~q%W<@xVuQ-<o1hoNRfnh{)vQ7
ziqloAXnG9`0<TxzR^Pcxaqow=^I@P8usyTHdhKFM4%@+T(DK_^Q|^=&GJTj$%8LN3
zb1&w|C~-`N-KjGD;0cK*?S=HDcuo9ZFA&x#79=ZK<By*a-<1{|g@z+_;w!9B_78Vp
zxf@~sUoL~YlA1A71vI368+rd>;oUxf1?PA@lsrPT_&x%)Zz2iu0X)<acq%~W;&NIg
zn(13$7EX;3$q$Pl+T=9lczYf3<~O*i5o&K<!b>ChfxkG02Q7i*0RRf7RT5~sC`czF
zdj0oxJe5)khmck(YUtFLAdHCVWT>nESPC(mofFG-Q3jYlRu^`T&kDArS9<Rmvh!Dv
zONy|`n3&cSc)(ZuknGjHhM(>tPNqxR(=#k30QRdb!%REY-g=h9%t~|htDyrB?_;2E
zNz$j3^weqwXdg{dh}fDs<ZQmtpOXHFvt4g4vYdF?uB<luKVd`IKd=Gd2SyTXFh3w?
z(TjMV|GAHbv8MBDvvzze5~ItDwTPJKTPE!9r+4F}3V>AOOFr)4FvRlnh||N*NgO;V
zr0mt;_kTeI*Y*E$9wdlW@!FGEx1XxFgt0!pT>b*EmEJe}-C?^hNAnYR&hr?iN9E)J
z56S{l!&+O1a;POp0H@L(Kj|0b4;2IO;?s{VQfQs)e^T+Y>V8&10Wm14f&`TN8VsxB
zM!kx^bvQoCckIb55sVvcyEl4W<3zT8wey^a@A{Q4y6Hh#**)cTO=fT4PG94St2T9P
zx8J+z#&l;LC&6O>%7Fi!1PhppyRcVo(LV$^&d7}ymiL>aJen{64X!<1q{s>u&w@O~
z2m5T2z4Ww$gfI#h@u&7IQ1sx@%TjX1r`-#^wejzdJ&LR9|H-3t<Ad;HNPY)2D_X-d
zMB^;nYM2DKgyBledYob}W^Y{2y+v9`d=Fvgrouxh1#>kxK=f4>g1G$5n&Q>^DOt#G
zOUjMP@;Fa1Tu9xo^j<@}AIT?$*TZ0ds|5gwaGV>BKJY1r>6I=S!$1zGSvw7pT4m8}
zufqi0aMPa43r(7D5SWUet+ygRnlC+dfsNPWa@KS8Y`2bVH}!1mj_1}LE!G|2%>rX(
z(4}5#lL%_f$dkftG!M1sy$)>nc{I?qOo_ORPJAd6(|v#$zPe>OsFHFFvVX>i6j;`!
zz8!#FEgaG_-MU@V=To*ifrsH`S_n4VPxyyy0XX{+_#~EVqgf8ym5Us)R73l6fCR%T
z^THjzA5q(!?&55TN=4V{!}Vb2>TdN#JcKRjmbTqUS^evFwRNAS)9V)SN|9RI#Eh=^
zLh4gH@5aYB4ao*iR&eM9S_v8H6;C8C!w^gvC2K-PwWXer_GFk{(zE)K$*=D*SJt|C
z_8zQ{M<tkbeGM)*#K!-qJCruP%J($`K|^QpnlQF8*Vwp3AKl6NeoR&l6~q=KcXee0
z$ejfJC)aj)WSPgFVGvEg2YI!ug>3Y9cKuo`P^G0MWheg)VQ82t`vYfb4z^92(5i(4
z9qsOaQC^*m0~M2=Qf=!~ZYH9amah^Mr4_66i(1xx&an>3NjPva;Vi5a<yGZz#F+Km
zr1}b+x%X-eDB3R0g?0Df#dj-Qd(f=fQT|rGsO4tGfyuuXOUhDDdSsqnMX33mStj8j
zJ?ud87+w5og77sMPR-dUd_-21aC+mXK|QYXts<6H`+tE(x2LnPb1B1e^%b!Cpvkr)
z)>l-Au5~)pA?#DWoX2_a4!qgUIXQ45`NEVEcJYg6N(f3c567=?!wex3|5Qg<1cu}8
z_AiJ70d(Wj4_U$7$MERbwisk3Eue^U4EgGviw}9sbD!9Z@QFXHd}f|_)T9rx<QDN=
z--4@jQ{!KDh6Z#=p&>n_7);<K-h5R1c)@!OKmh6Uu=G$1lCkFA99(VZyj@uAUiIQQ
zh$b<edmmuVt3pP@MA_0o%ke3@M}K9-4ep7GPLP>2SGa(<f3`!w<b4II?_sTfQ)7JR
zkHQB%9F;+oC6-ry{ZS#$Y5VcK8FNK(dVOpDm+izn?@Q*(k0a?#B4~^e&()tlPdS_<
z-VBa9oU30Nu8<K6A=G;kaS5_bVr<FAEyKl@<9F>h%T@)jH;3%X<KBPu-o#+i#yXPb
z>U9a*<f^%Fw2+Cb{K-I_mAKQKv-@x{cwB0>`$5TAbsA12gjln>o!7Q}0y`Ptp7<Fz
zKS$)l*1{`yEbkw_!t&@U>2<ODV~LALM3>li7zX(EE&CDU_oK!$w^Ex3I=0gT3kZf|
z>{AN2>;fClY-RSe;?0+UlGUV=m&8tmBl#Vdq-90s=dx(K62Ro&(EvE-b^(ruW7z&r
z@M>dwOcqzSLjGDvZ#7DMY5i$}2>o%U$e6kOTWMgM`grPJ<MKZQ-lN15!lS=$&$uXT
z0S%ANO`iKq2LeerL|FA*wAK#XGVd^!%We;W3D?N5Or>iDMC@k&Z^ig(A^ibeMs;--
zVY<to!tae-_cAQL*P`+lP=&7~b{fBnI(feE(XSx&GGP<xQirq>5;^7;^t&;XDXQGX
z(yK51Pd;E1j>*#MN_|OLV@d7eZw&xQtceqpd?E1}N7}vPZwGo@LAp6e%)k2eXG+%l
zw$|Jev5+gPi%&F|OTFZf#Z)RR(IsTRXpGKQ%9rYT54W$*M4n<T1?=cWbN?@kb1JkC
zmlZIm*7W)t7L6Q~LV$CiG2vd8kb^#W>Y>lH{?jKJm$s5T7HML*LyWel<QANg_Hi(8
zvIq#xX(*p%DMeFIZq--P8udacoRkyGtQQ{%7r4;4p~e%TJzx#1{#K_vjxE|R8hE1K
z2$_^cRyW;F#ZuK{A0A1Y*8+U<7ANb5_?y|T6L8C*8}NNA)T-4~m>7vuYv%hh_#jB!
z&DjP4BJ;gp#G0#St>4;(GK7ir5z9X4o|V6J?qAL}9fRO1_1_0;_#~WXrkQFh^8}#0
z0z2R1Y%_e&t_&W6CUG-}!~_Cp=X;Hfa5En`xYJ5Qa_cXb5Dc?Hy`!sCT*xqQw^X03
z&M4+$r=pm{Evv;k`IjyKo6tp;oG<ekR`_{!Ef{8f-+}~l5-)IOz2=bqv;7vXHMZn)
z^0`G(J-|7DH8>9J<Hz&3LVbc~p6HqSV4%ugVfcp63~Sl^TrH>xgd<(k*sMmdrB}|d
zQD##elqQ_D&u*tR+BIAmB#S%SD)^^(5OCZV3WVPf_sg;PkxJi^%$-4De=|igp|Org
zvB&J-W0$UVJzo?u8Q`I&U?FQ~&H;Hf<|b!G=ZmU%uEpT1vVGo<L_`mX?K=-yO3Bbv
zyz)G5-U0kIjiN=?l+%F@<&%HH(xQUt4XqZ@-v+y8Yl-CxNGvJ#VbwCx{9Rp2uCCa2
z-E)*Bvx>9*2YatvxIOIksj(EwBrx9jZrNqWe;P0^y5*As%W)gQ*2e>keK{MFWZ-X_
zHzJP+R_(1D=L2wJr3l`9p1PhmgkkV|*{Ef1^}&~I*1rJBM7@;>NLLbYCBe|^0J!38
za6Hr`UY;omheo2zbK!-_-S1jk8c~*LPD&v^BaUNs<mF;8m_z$nHp&tYL<w9c+-F~p
zv3hk4QFr&{T@shamM<6@H=_OSKPi6;IrC8aNs##7=6hORy7u(XqIb$C>wK;W5=^7$
z>Ij~Y&DqT>_+>k0CkF9UG9DEHK^J&zP}Hc+_5@pun*xs4q(kuYXhbt=Qa-r*@W=R!
z@ee+b>Dclx+{*t&$F6=cmG|0;o}HH*J=|$!Vq-S<`JKVGP@0S;BKGDybVaJkTt#kI
z7yh-C1{(imriS(>^clW*-?x5elY6K}<!vanLG(1i40Ek`3tEmmLnU-4vKZ*ktWtyO
zzkuM(vfRizW#M=DZg1t>{Ix-kXzncWYbv7|n0%!@#@ZvJsFL(vWZ}WczRif~GU!&j
z+c<^aLVbB%4*z;cT>naJUMDmwtPoLzIfY%ZE}5+*6vu2VDq$MUId-8)#VDyuN{Az4
z;p4t>F<r&gskdnRTmuVM$5g@4{`37`v^XtUb%b}BOL0i@^0<<(z_<k2ro63MVPaQH
zoi5_f-`WiMhL@8_cxq0Ft-BL3FI&GZzjEt&dauu)gZ{V|KOjr)Y+iWnK)<R(<9d@f
zV_)qjy7s$5J0&mS5k~uEaLgm&>mFVqL3oC4{969TdN7-ptA~h5czLR}>%0Qrgoz20
zqh6UvsZNkY(+S1d#Iy<U7*Sb;3XUasmJ2#{>>F%{g7$DzY+5o$;r2xo;ne2dw-7wp
z$<_FMC7-G3G8YuX;H{&Y`Hw`kUFN3=PcH<Q>?<t>_bt}UQ}rI8ni#GxqkF9o{pPyS
z@H1agL%Hc-e{M1~lR~OwBJsUh*H5KfP$YSkj?)Tl!SO6M1w&ttRfV9};M((l8iHNV
zYaQ(kPfiYFFAe|Vj7**AnxEY9xVEx#xyhR2kMyP#8Divhtwl)8h)29X-HEBxKMx?m
zf)exxdql<YhEvqZ;f=Od)D^lm5%XMn!i;2uK(Lp*9icxA!*O;x4~g+K?!}*zL~V;g
zpxLE)4X&;qE*cjqBGmA`J6X%ncdOTEU-%;q@AbO6E9{pihVaZCJhSKFme5H3=D+ot
z99gJrZ}=^2H<rU(@Xie2d({OXFGS5?=ZXaSm`hA{>kzfVCa3cQp1uranv-L=fZDP2
zI27j`?r{9;$z+YI@%@n96On?sPmlVYOuM>J91>MN*~3$83&Fi#_t(ac?y#xRT+&WF
zZ+LPj8(YQNE?;+dSSeaz-}A}g1$luZaJwdzPp+l@zC>#zVopgf2o10l|6%5Q_lvIj
zl?uslHhE)x&{}8tcttfN*)(Klg4?jN;CI+)Ak7ze-CN2MYJ;Fxg7h?=#6Ya#fiFj;
zb@jI^&{9imsONzeQI~iQ^?6^8s`O{C?=C{rzk%gbeO5-nQ`5GmTugxtmyrW%%MGH)
z4A_eHqc2)!O5`ov9z%(<!jHJO>g&wSStq=oe~_jza-(a>sU>s<x~W(h+ItWcC)A;v
z)_LZiqRlD~d33YaXDW#V)1dzQTYK599r}G8lYx{@gV|0w7|Qk=qM}<KAwfq?dp=5Z
z^^=cie>#uRHpN3<)hI5U`P0nc+iO^2Xy>5Zmu03%{Rg|z81fnC(JI0+_-HBkKoRyh
zWlZh4ll(_p=@`mSf2KuETtmbZ#<sj)uLeJl3bty|uo%pyV)uIl9T!>n6o~J(XEm4T
z_I(R3K52fdyXnj`77Wg=Zv7%QQZjUkKfREK*wr=7A>n<S2XJJvj%YDTU3l`7Y|rkD
zRVpuk!Wiw9fZJhleE63=y_PupPIy*yqt6PNM2hbXuI)BHrhq#t<Cl0Ok|;}dt(9YN
z<PR&~`c*x~i7gY{^HT%wo%W(%c`p!lY5><A64(+3>BB}7#Gvt%^gdZjfw&`UXt)2-
z@TEJg91@TH1AbAjLJPtmDD9yXV1*T*9`OC>q-ClzN9qGA;U7l&o)^O@mLkv@M)KU*
zZzPO$b71@Ww(W4u+Q$}|7Ye*E`{E8krEl*Qz3mBf{ssqymQj5f<K1dNNotPC8B3mL
zde->9II9vvRmQ}DV$N|?0ve5vI3^oc$$rP@${)|(NRdBEUSi^TpZ84M%6#^9!z<6L
zif|Kx!iYi6s^?0a8{P%({D~D6B-gCOaB$E;PO)L6F1NcwvHH}#HO`4fCy86>S8eyw
z4M@m>X|OPjg=ykrRWjNQl{ss>)O&}M+`*HWg}J$pRQAPY4rGY0td)Mt++r|(rB8tC
zY;Ss=Qf6HpZCq*Euq$AaUw)Uh09z6K^_rE8ZWPRD!{_0R3?=PTrFz(cESrFZ`_1B@
zgzM}RJ|fI=j%zmf>b<4<LGHWRmt2kQX>lw+jOT7fLMhkdqxUOlt8G;+SrcBYw+WiS
zwMTjGzUI+N(F~;?qo6ga)`Fm_)xv$ztLW`lO?nfODzxi*3?GRiTKtQO%tc8&mMej`
zLurg~95bK?NSsX~jK*jWZ1dQeD2+F&$Cz24z`Q6$>u?Q5BVE&n5a{SjSz(gjcWoN8
zg4RAC1fx|Ztzb8LLelKc^<fXadBNWKW6G_9tV=M%VcPs&OJ*L8@0*8b6gYPFAjZx@
z3S(T$RAV<p3RYz+o0erzK3Uv%FJl>YnTx|C*Pm>zy}j>;=CM=QunM^zAJurK6rOp?
ziV8s~IWIFn-TWEUF`vXn?tR^FuzAIklPrA<^q&V4=VdB#lwRKn_bFXNYo$VZJ`U_g
zqc-J2mU1$tjFxhgU4>|kW)&?MqKP_3W{X_-;O7+-4b~}Rq3@P=sRkYXeD>Ozgd1)#
zml9=7>Rp#FioQkq2PaBn0$1$b#9Ii6w;ewkf}1dc)S+}NUd()>{2jN#0Z{NN8WqKk
z9=UbYj|!wL3C^0c<ATy#E8GnIgvbb~yIU=-Ke+M1`=xfpD_PmqO9~@#GN^i;8LGkG
zRA(QbI`@j{@biy_#*ivGOuK$HZJmy7-)awAiZ18Z<!JT!w<iU)+jZaM3l1r;nPl?@
zd?b}_bT!k3V7Jv*@?rf^w48O;T*ZK<9=ah#Q0tA@kd_pMp3W@$3s(L`o&d@^XaLd|
zV^n%Waz1$fiHFMe+K-5@701-Hw9bPdIJ1bL-o>6I^SCPy{}jy`@EasX4Eiz;84x$Z
zQdq|#f(tT_j*MMd4~qv6=Tt;xODTSDbVSt_on;HvG&8?`q0~#a=UzA~=U!O*6ns_`
zw)<MWcAeI7x~i+;?Je_s!YLXf<^t<hM-iBv^@wHVJ+Y*nFbL@-MJ2`md<)qP^G%me
zUKTPxc)l3b{rJxM$jN*o`q<v*>gzPkS$~Gvd^EZ1Srx(Z<Cjm#x5?5l2%@6K>_w&T
z`YHj(a&FH%TizaIx`IZ(0#PGb9djzaC^KE!9jfyyK26psgc4Re+aStyZz}eNJ$d4&
zO_<e8{3%wg>bZ13bs>|cyz3D-p{$W<LQcm+R@OJ>NFJV$*GSai)}E&lUD55nJ>su&
zRzcGPU$o-utIt^D9HE5NT3YO`J|vfABp~fuoHLaFjrnUU8HsgdMe6;n!#aI)Gow~m
zLj}e%x3;iQe!j!&a6eAfb#%$MdhqR7#2=(_foVha6cz0mDIbT=#6z?*=I#mc=5>aP
zgBzXR7ngRXC*Tu%-qymfwCqUlyTtXSs~;Bj53!NNXn`qc-eo{-tJ`s#R1Oc^ex!6W
z+F}f&<X0<&x~jl(z@LOYq@dj!$zu1(#87>VlfEz~WCDNuse%GaX6HGb$}^9mY7ZN2
zRy7lQ7cm)mUMs?bo2-c+6xn9I&Y*kYAwkfd#mqD6@PTatyyBz9hr^F`r@ju5DO5gR
z3ihA&iGpWA`N3GbJyhC?<1v4Ng=%oWm^{;Tzjw#<=U7(GZGXO%*2gMJgfJe%&o>iR
zo84;T>UC^^T&BxVt>+U1bAkmsAOTwiAg4nB+4Y$ussV-ek-rxHj#Pp!y3&^dsng}t
z%~^8~@9orDp9=GSxOI{QN`6EfI_WdjSdCTwsYw{=Af?ND`rcX!#|0V6x3H6fx{TR|
zyKJ><nXpZM#E%<@-MpWtt9~7GDDSU!N$oUNGDj!LZ&LdIkqXfK$bjFt$*if2(FrGy
zx2XI!xuAD~*Tgizv{$`t)F$!7H$y{FzKWYX?n{?^Z{)aj*rQ)u&li)bv!3gqRErcO
zXD)k|=7=_==P)dK;O7^5n2JNJs#9KO>6<W6-U#avFd^d1*o%IL?Z&+C*f1^nL~EpI
zHf&s(DLqJQl84T?<XWiAXRvO!THAEg5wZ__J*p%A!TkPy;lGT(C#1YG81XKczI&aV
zxm23lM!4ueDzNq(gTDp!K>YU33iJzb+2rj)X%bkMBg&G7Y-?cXWnGc=cO0t3f2S+V
zU@!U3zi?{tUFZPjFLxjsa=;Ts%tMd(92DDVikU1*&SvmyQ?4&=`EY!)9%Vf*8(F8s
zSA$TPVo+72bn0AJ7l!SUOF8^`#n)tL=Y@r9e~L3){X|F(!TErvR5Tx%7(b&LFkEy}
z5ldXz&};qHaV}3z6vO$|CjGSRVaIeCEGrA_WP$b_%$5n73*R1X{=WYFgT`2Bh`We<
zzdK;4L-fK&<gXDl*CYI9R7j@n(<Shh+FW$A(RBbXQD;5Mb1M&SKA_YXD0Y3DI*jJ0
zwob^~v9{f4HpI3|vTqnro7g#4<1dEQiL5-N*{~F5JlJPI7Q&nTZB`dEeW>aN_Gt`y
z16Ruf&W7F|F#Mxnpy6L0PGf|REZt{6{ay2Cx#724hc3$Du@hfWh}mYAA0IG*SHtS!
zmx7>7k!F==*0unv-7M_Qz^rHZp!M7*p|E=+&i_z-_p);(j3c6z_rZ>{DX^yjGVjYT
zWcySW^y`DF*;!@hN4*~zvm{08W<J|wm4LdrD<~tI<~xol8CP$-I`K#R*{FhSQ&(R=
zz5mgS4%LGgivmL|y@!$vUsb`}Z<Y&&TUWFb)lOz)b?E@D=bIZTcO?V{>*RI;99A$G
z4*oGAWJ2M)_O!OReQkq_Q(nLg*k~M0o;3h0Y$du|XX9w`#V%iT3kq8!MG~&Ig+WeU
zadFQPtBeQluHk<h=2=t98M0fYoj0kh37CcL<!&@$6KS!y<(}qVY#~?K#mC|hEzS>b
zd#at}+VI-Ro!+4X%x8p?0dHXE_%2M7XD8WVCyeiRLxnZq)5K|i?u=x!Lu)gS%)b<!
z@sA&T_(mC2>Sq^(Od>G>{^tu!wpdHiqAt8nB!)l*t|YD~BqOuwzZgsMw1>Ni#nvg@
z>tYYy%?8M9R_)|UIdq3X0&@hpptbr1t+X53p3N4O6FQ-9MfE~I24R^?Q(x2$Y=tTK
zw0>*&vRTgOt5>F!eJ6O`PEeNSqQgFo(Z-Q8%KM`4lkK+jvxFNp7}*y8g08JQvmtp&
zA1+uWrJt39tfD!&#Id!s?6G{`<crMTRIdAev`9tk4?VWysyDhSU!zM<aG0)bs--nb
z$J|UQk=Qr=!(6)65m02ki!tOQ>b1uDJjKx%i6)*6NPL{Pc!6^Y%A<^CodG3)u~c*P
zQ`S#)1KC`~0@z+BmAWkBR>!{GAcZext%4s4JyMo}h<ak?l?BT|{qh!5P>%J~d?S6v
z>Vx`w=68IUb)RxXy%L0+HYqx;pE#aX7$%WY|MHJOz+nPVz)}fFAOcDN%Y0`&VjN?3
z^~_=R)4fv3Csh;u%djWoBs4(dQxZTbrGT1s#;iGn#|VgD`o=xEpK>cbzVBgvq<E}g
z>Cvo8ILyran!~5l#-b^^Qk<!*{)SL<sDd<k9-a|kUOAjQr@KMP<rf-H@{D@j!xSmp
zA6A@PS>mYV%r|W)&_8VJ?y5K}z9C5Hikj?B`Ypdf)V+<dUQ`?%fi`4olmoP?-fovo
zGf^D->ck)gWbl~+UcIC-3_@#YE-{2V!ej(4q82AJE>HK<n0%>w5|A}CbLDE6w3P32
zT$;nkx{9#i%k{9#y$Tk#LvKc}-;}10w?|OAX=`S>+pqW*Wgc0v_BbJ2L{GM{l&0g%
zudwSt=ffbk`jJnwD(vBy>8nAtNbIG?v0lD<Zqst)=rZn+H2#~P;}>6KWD7Al#Qnbc
zNgAWxKn}}R$Aj__b|gbMx&jJa;S;o?nkG8YIyLF$*WzZI`2Cta1<mbpz6vZu2an1J
zS;x~(K}GkILpC1L92zJtj$p+&&+VUgP*K{8%tG@R3RhuQ*iKj)suEL{kG`MW!sRe<
zV+sA9&4eEz@RCte-J5U=sx}lk>(6@JFmZ(Q1K{rH0i8`GDY=Rdv!v6BcdFE=2X3Zl
z$sU47ZlpO{QAv!U5EIZxk_Qs@yDAx5gy&5kapA&%@8@3a=hQf<+nV0~0J6oiVN?eH
zE^5MX<5eTI@VmOZpU9?f{+9g;eC(_nBOdrkz3+Ig!~?mPuhH8dcwp9xFJ1eHM|6_&
zF((kGlGo`1uCw<Me>Y*+Wquxs-E8`%DAf%bSyqHet2p)_4c;{}P~-yn89(jMX8M+n
z$M&cG7dgTI%WTuWJr;m?uaHrI68hbyV-gkAV)<p<XBv9go6RPl_Cr$s;TwQLHr}S%
z6L4>2G!V7<ea3Zz`Ez1aO}V0Ql)U(+W#8PB3zo-DGVUp!xHC-6ta(1jZ|qIgh-OAf
z07!B_?=4K4%I!L==unQbGNpyF2&NX@nyXYFw_pE7>C`W`dtSsiq|4u>&&*@_4R_HF
zSLuzS7wTWQKRH}*Uw5}GzGse~px?Tdb9fLSv41W5q=@Wq*3Fz&v2ojGSufqzZ@_(;
zS4y!{mIMaYKjz)BCG*n`(G~u#-16yZ<{LMC+xZQ2@YRXm^|~5XD>`J0o{$aWC_rK?
z$<RZovfM3-xHxlYjArW^MZXk2pAa(zSgm?00I^P<43k}P7FR))sj0qITPq%{!8OVy
zzz-qr@#ga8EU@45IaxO~mx(pzvtlM2tedkpAsUX6O!T5}ceo~MaCcf^2jxI3@)0-x
zsZQw{;aOlk&#5UVj>B;K!|Kbv9wqA4zD-5y)zBKB?Pi2iU3s(a=}oM(QN9(IsR)c6
zUp)9*Vc;Mln0_$(#;B-CQ{<O-xZTT^evB?ki&lsxS%XnOJ;B|JD!Nr_gF&vikgp<h
z!51TNhvC%n3()ZTQ#<z81}hUn;fE=l9}ui`+s$`5EvRgi6}FW2We1l7d4SwNX299=
z?Vk{jBca*-5fU>T18-jO%RiSx!*}O9&ZkQ4By;H=p3FkJ6TW5CIeQ7iqnq;)&7iw9
z8^*kNu}SyMGva%&Qn7TDB^%9+7Ma(aQA;6uDq>W{A8sDxL}uc+(=k#3)8Y>EHa&Ox
z@$*_j*z+0k$W-dFa9X29DtHNN>0vm9;P&LUVzc!n<>k_0+JM|VtKSxr-GLnFM2#g;
z7mmYUFbR}FK}Ee+M6)$>zb6`m97n{MwB8@d*=-9dlA!X%InS(9P1I+Bz)-ZTi_gxU
z0$BcEK~>syt<ejy5R-x%e~aJIrv>kS4!t*Q{xFgjLjJb+C8-8%Sgl7{G7lt420(9h
z_dzVZD?92aVEfDEvAijgw9==FR4OzmzL!nT9Qw`h)cK;<;?l_8uU#S7q=krrv2J(3
zZ>;PsM2vG*9o)awz3>9Tb|;+W>)|uLz!l0Q%l*OZKNXmJD&Z>Uz<8$FICOWM6sc5y
zr_ulkr}>$!OiR79B5CRjxErCjMb_1<l6y18Duo@9gf{v;x45g=V!|PsKG3b|WAjDL
z!5MX*LB<moKFvH+VE%*-;)gDrpg$ltTBhG6PazO@5U3*@*>!WxxA`vy9NgY8txY?)
zVsGjtud9d%Z#9YjwiOGDs_m{}IUhuy&879LJWg9DTB@AZzx;{?g`@bR%jRROXO!DL
zEhmf9d!W-*(ci9e@0=%QQ=Q-83Q%qrG7+N_Fp1n2%IcsL^2*$VTk)(AW{SPbhVlLz
z%fTi$4s^mBOY5EldUMg8cg<>*F})oZS&a~y<j!0+zxs4VF;FhW5dMwU5lZ%qC!A4Y
z#dFvnw$NlznX7C${P}!0KHH{86@c9gn8OMKO!I3{g;Gq5DmPi4$j9BO;=R|~dz9@9
z-q}2qXC)dleo1}vKDm=QbmaO@lw~66T*YunfzV?75Tj>^-k*DXSA(h^r)nv;*Kv<~
zM-onu4IBh<MfAx#_;Pb>*&cB=-)8P3x{YN9U2GM7f93|a`OIY7(#5F|PO<rmVX=HE
zfftW8P7de>&ydoO9y)pggV45qZJ;Yrhi7GIPztdYD-)i4ljV=}n`jPRNF;oh2<&e3
zSf$?2Cb#F#vxeAr-#lEuHaK%+pj&(|xd<mAReBeFm&CVmxIOyykR;b9Np~!24Ec2R
z(uGRgj!Tu@pAGR_hZ3AdQa%3&0NHkyl@*eh=Ebh?W9m<1jDTo`FBkYQn`#MCmAWdr
z`Td92L6;?SW-kIWG{@SCNql!~$+@aSbM4LV&)DDFyMCcAVx>>JxTyr#-?SLybSc!d
zPzxQMcd*oro+wVu0aX|6FWI*fEPFemEUvh>g6*6Gsvawal`#ag3Lfm}IJuYcSXMB|
znNwzn_bkKC`SgJ86N66)VTNgC$)8gg6-)&L45_t?nrM_C=GPWA&vk@6rZbVP_EaBF
zKOfT2G&P{6JQg`o+y{{GJ}n0zc?0B@KWf~Ue%h7kZsA8+atQ5Sw?X(@nAp7m{JLTu
zmzHuI)t>wcr55#P>ro%a73!`uXUY;}PT@TWClni{=%>eJSQ+Ji`_Yf4CETz~@*Zu?
zuj$?d_v*T<$=g1yYo3{8(@gm*!J^}G5B=*HuD_#QXA(jAkIO-lh}szEQ7X*vo^C%=
z=PLu3+RRso!2;C0A`$;$cE3*JXw0ZWYea{>I*VKZJ?l@XZGK$24ArelzH>{o(zkT$
zx=;C*ifPWkh6Do^?)J|0kqbt5@zMaxPnMsE_1oX4R%8W!&Y2cIlRDrDyeTO|Pym$g
zy{Qn2JVRb>B1JD>9~4wlVa;1gD!vw|YK@amGM|T~R1U-!`e*sN^d>OsR_gz3&3^+o
zm~5ItmVK+O+TN?ukpIm!@zR+0k_1teRqNz&J+37%_wxY$l)6_IwMC`lfMI1q?O+B&
z!1eg82L)6~8z0nkh+`F$IPC+Ljo;4DKWVTPWy;L?T{=t|896eQQs~__5cZCoMjlHs
z-^k(npS5<_UHjkE%t<KXxJK6&DM&^ODQM9j&98ktuYQ`;U6Ltpv}(z5SyDV$YdhKE
zCqIkQk!62APzfC?bwTxfluFR>v|;usvU`vW#C!<WbR;4abA_Mp!ExsS>Q>$(18lFF
zuJWbAywfx$M%`O&%w%mT(TI07Lo7^+U##ugX-~({K+fvIRDR5*U#EeP3zsYSU5eMe
z)Jt_N)F-L*8Q;X7t=##v+RYh~A^BLd-_h%ou(Mk_|CQ+k<k;<Fnf^bW2A?V66__@~
zEv4qu8^IU5{iCL`-gV$LUvP31@JabJe^j%&FU#{!W5aQemvX<osmWz5l=56wu_GL_
zjRIS55m@FF$w)F7?Ne9^vVWR8sIf2B4%&!4FGkylEs=L5uuh<<qtCa=d5$WHqAFu-
z=tz1gfb&>EOp<I-k-i4XwP(-xW)nToS?3qIDUQ_@fI>J{guOsU|8wOCudL2P=3?Wb
znB1^4ENS`wgO9ZGKUTV3r>79q^t59ZH9QRh-9a+!B!G5O7M6uRl{LpbiFY4pf0&YA
zb;^<wuHU0D|Es8nlo<Y%5uXq=WH-#_y`4zI9*BoB&vzom<sYr!M40B{Qb@vC>HAJ5
zBkN)3&&Y8pEB>py38?BxdirBwea~gk-}Cl(B4|#VoILLDQR4*lA1%b9f=383FyR*S
zTt7vWkcvpT1;+=)IL;4WllS=(Nn0+2{zpt}frQG+je^}wf-@ZlX}^fq;}l7A(0u75
zuF3c<kQQ;)0|71&WRqpsN6fpW)(k+~ycJfi4f1U$K7w1VAQ?zX{g<<fLo+)H@Ybgv
z&fx@P#1)l6b~%L1BAaOn&a6Q~%KDjW@C+yG81$x7zmPO{ZgnR}59bBKZDH`x64#d=
z3ACUN4g{RgP9Ssf$o$VtEX@8#quLxeum3rZ#0CG;bM;+cGTMguZLu~<fEc^-h(u73
ziYG?1Dk;zH1Z|UH5deB5<{OUw@)|wyAK~g{nQMxQGIk9N=R60FOvE5syFiT80Kt=F
zD4;{>n@x3#e#&i1LGqMhIzX%y-KMwsy^9rB=*lFhwSQ%tJHziD4`iC%_^8#*1fc=+
zOr_mP;aqwOmeAwA4zh4kkB99^VHHY2PUg~kvet~sWI_hr<e)W8H3i|6a*CM&bu>x#
zkep>`MlbkY_=rUHGnWO$6EZ-~fBIPaUvm+=dt;P)Z-`YH%{h)(f9&0?Sc1DhGSB0~
zf`t+;lZ1>UO*E<1afrkS5FhY_hc+?<(0El6+osNW@$?_OTx>kE1A1VX*pV3bC*cOy
z@H(YAyqaKYGF;FY0phMjiNwdei4meV7Rt7*IE%I7y@2`cskCz}B_XxhJpO~qz}Z>|
zV!e`a5#l5@T3R=B<)7}1Q1r;Sn~&pZfB-92!)g0pktFp3D#iD_eu2SL2MU9>e3JLd
z6#zm6TFCqRZT1f<MYR-iNgCN3#k2N3J*v~s-rd|7DfcONEcgfYO&n;AKC^Y*8F&1h
z!XWto`Rso0N0S*!4Yc$F7r$Cen&ySDi8l|<R#LN-vz;%G`L~9?|3W48v9kW8P?jbu
z1mPj6+LGHLIkLWUs?goh#<Tb1VK)?j?-R$(6^;Bgy4c;DS9f!obs<vN_>PGC;=nE4
zDscCh%Lpz6Nw?Z-+*@KsA2g&Drm%>*bL-52Vc$Y9=RUA^5@jsrhKgQnI3C`c%3$lx
zte-Pi3Oc2)@^?HVWv&ufAuu)m<yl#d$t5k&9u`?F?!+|E=Yao!4b4P`2DR<v1HR*S
zEH=+3`mM|uq%X;>kv?#Kh{T8R>Aa>~hm6*(IP3i1>5wnB#rGO2)B46Bb@pJ4%Z|0{
z8EnL7+Y8DSQvJ7{#W$NwdGtfP<3=lwjhw--=o~O>a^|9#=lYNv0i$?rn>p#RnA^MG
zUl(t308rD7FX*AKfQY$th8BrXlj6jh7g?M`@ADK_k|6^xBu>t9Nk!j`QkXna=&D-F
zC(Z8;Zt0z)3Y>5Tk`{^7ey4_3{im5_%Nr2v*|_4Kc%Y1TVo9z0+n@D6I?|G&fsz}v
zZOpn}LNgr;Vv_4|4*}3jbThrmpIN}VtM`rbaym|Ykkt6IFxxz<$hZ)UAW)G00_cRI
zj@Ie}`_!m<hHOWeBnO`TM=t+AES3|LnWjE15dLXg9H{xfWa|qCuycT0m*VVymdLlB
zK9VG!AJ~=9c{-lHr>Ac~`oWYvv^?K&@A8SZx1^Ni4ygqg{5+Ru$mdoJGmv{mWO&an
z**thfCFNKqu)Q!&Tjd{ri;X!hh@9jrfQ%b7fZ0Y0a<P%RL*B`gzx_wpRQwuf6Wuym
z+|<3Io~Q6V-o4eH|I7!esr|C~JiOw+hc|X6xc#FwcHV|;Sb}fQ83!caIiwK=nCy5W
zfYE{7>lcGG8-QLctC0AwU$(7YK=QBI^M6>nw#k}gFyEehEbo;#9%HbvmF|Bz>@Xz5
zs!|_5J}D15Pm)TJq}0dmS`p<9T6Q>rK6L6~4~t-qR7}=s;oFns{}esUKRjs@hIk4X
zJxcp_T<rdTIQ#N=D%bbxBts;rP!v(h6ctitQVL}riqME8GG-p45+RYuTxJ<7wmF3&
zLkW>FGqty|ZQ8uo{cJj&?{t2j_pfu#ZXebC+|M<vYpr$N<Jg-bT1Wjy76su!3XDOp
zWUAd1s&Y7{J0)=aNqiOz`W{AY_Q<~3p2>bq&0QlJ8}tbvh-BMPS{HkCI@_HcP?#@m
zai2ZY*WaRNu$RX@4nvd=ruU}j3g{f*XE{;MZM`bQL9t`orc7Gw*tdb6nqR#w#YE>b
zg+JW%2n7~e-2h?j5nxVlLu53*yPn6dKTC-SkIUoj4(O<sL(z8&4nhI;w>LK>K23Uu
z-%HHrW_<W|?(_PNeVC|}c1$L|82kj`z(07b@Xl31=7!zvT?9Ywf~*B&0a8#&m(;5Z
z!bqK9>#^p&OVT!^K(6S%j>(X3L9ZR*x`@>-aP7Cg@vy}Q9mmn!Qv3Hmg?VFBO6t83
zp1u5v{=Vly?nMg|)GI1FYnc;qxgcahVxNT2G)01S`Ju3za9$5sE3dpMym@?*h!|iW
zK1`%XCgCT~k`@iRs?dyypQ#Y)6`c}9+Gmgl_HM3zSOBiqs|H3)pAXy|H`xEE?-Djm
ztv0P}ohf+Ed^gE(cpZhmC#L!1g(H`+E$5aixM+eAq*2Kj%yU$_ciQ0O1%Xlto9=a>
zXd(E$cVk6LYb5!Cy~wb0ZL+KhheQjOJ+gK&KtlH^vm8L|M{ih)R%Rpf-YsF-d)?2=
z&ijt?O$cBoS4K4%14;(bZcCq`qnNmTicFLQ5t1)iAh}7#)D|u@%^c?d2hz`W0ry=9
zq68)x*=PrF#wLI>v|qlt_;S;K3AqmPk&NlE^&0rCe7%}FrhNlqK%ir_!QySq4uf`4
z%VfqrTVZ##?tej_D`oX&9t*i;UOQ3MG46SWaML!{@`=<%`>Fof2y95VMTA}Er<)N)
z7C+n8?2O>%5hxBGQwVeiQ-SE?HdameJbz7x2<fWq>p%%pxjy;Axy2?B$GV;BFFhEU
zv}dr|v`Y4d<Da#(7plbfGD69K-6@5ReOSrBXAg#XP*-O!W^G>DmsBaUx0<Z2gzE6o
zU8v9?{msoYVsz178Lk~dVo3gNE!F5z3)-RQ<ezH8DY2p@UJIo_Hn%;)irVzEA*#{t
z8(|!Og;kFK-y!^n8WdfBBGuWFfydcwx*O_9Zxy*&w)EzxgH>yT^xW<JzYKMrA;pz1
z0)gnXeE>M}4NsH!7I5y@W!LWxoZ@Py4AaqTUUuQ?TbD3_bJoFh-2Y7hfid>46{WYj
z4Nv3jeCTv3xaeV@l&=7_j{x-@fdr9t89NkolROi(N=19WsJ$?NJO(AHQ-NAzLPY_!
z(5Ebl-W&a;cdT&_I)hHXXc%_4x%QpN(6oi1yT5j#`8mUiP7BDKYk%vs0<$}+>0$n1
zu!m?N)YauQm)ANVw%53s#7T3J5V4CmH4TTj3)6JX8s39Vy)j(NzTb@Z?5h?g*AbMH
z)@7TPErdvsQ<FoH4XryvKY0KEv#CDIHINV_V?7@u`*PPxEe&r+E6RZQ>g39Vj@$5u
z|M{bof-Hu2sQ}0SUMpInh49yUr{hH)b5+eWc1MZk*Y!Ug3csInT8~(XNER2^s8Ra5
z8R>UMBW)1mO8;I?t6`wYDc0oeb9#|=t<w*w#@d-vO_5mo+}>)UMU=#kf!T~c**93F
zu}r%LlM~-bXw(c_<C|8UGRC>5=FI%iF~1LzS>};!F1Ox&VfqF-7Ou|NuJLPSA_{^p
zA9x<`@f@H(3)&vtYzg9kz`#x^Hsk9?V?T07g9EtesRgL11gb#LLZ?m3oO#3~acRlY
zv~zG~G~F(0BuHrFtLO1`R2iyVDh8@w%S{qf3~(<tTqTwf?`d)Eo$c{Fey>scB#KM9
zBYY=6s=Brvc~#m}&~Ukg`o^YKIlqF2=Sz1oDSE9~9b={M!Usj&2X;>=r{aWjSieZD
zhHpW9_e2+E&G5&*B_gN2v$3fD?2WpG2&7RjcPcU=RlSNcsRP*&is0L0hAi**fPZ7{
z)Gp^}{>50P?hdK_H;WL_+a4dj+F^my#4#(<gS?USy3c%U;bk__1h#SYsZwd;)5OhO
zi*<vgaf2Zns07AiCyr)4>#!<u)tg!xj<5WRiQFM8No%b`B~(u#Ljx(AYwB+Oyk);T
z>{gd^f(26#a9w2e{{do_E8b>i%M4?Y;w$<Vt0mH!AE+r*{_4hN5xy@djB4zPeSuWn
zI%u9Wd_WtS3l;o*gx^9g0lAlkvQC2I5tE3T(7VS3bQqS-zLC`5X?i6${Bud4Qs48c
zpX~ecWgb15d(`kPO<T;rdH;~1PCk-R1440iU07-WzmDbT-k%evnnDMwwY0W?bwO1y
zUd{5>YiDz<A{xPWIAN;0LL5yT#^<7fbpqgVnOwnlvByYXj$aiud3p|bv9JWZj>`sl
zx%!2)neSFk^xLxx`4v!#7f_|LImhNKHj-rSw@<=<p*Z;c44Wr}LYIVlc#%?zHJB6(
zlbK7DlgcejaPADW;VO-8g(VlReIJRe1k$TK-e8Hf$?e|ZhHog-N^kj0>Y!_pZyN$3
z8EVsPihq6oS-10qVKy7e)~{_Kn2OUzB9reZ;rAfKl|8HyQ%$^e@l3)wKC1xD=moBo
zo3kF4+*?H!r3<n5&T%^6iNy_rWrKxTCZuXFfIFXzS+4CEvN?q}Ie+x!5!C5{-g7pp
z&P~C|I2d%j(LBV<{Q6FD8CdL<j>i!aq?Bl@zty;LVioVY0%4{=Q}~9ehjosf49u#c
zOeOplL`(G_c7!RXJYd~x?RV|}fH|dyriIW2F<dO&l`jq;Y6@Z?+S%FbG`*}++AKmm
zU!9nCJ|js*M@aWurgokCIysCdyNW$Qv{s}EOOqf~bIus`g|?VJ(qjLmUdWETfKHMW
z1g=vdrvT>7*-|eneT;-oyKwK!oc^YlwcMCmY$Le?s^QEhfmpH&V9wYEWg66ISIg<%
zol_s)7GG0Er~76ggjV$@b2jb%%Lm15x18zw@^vb@((M+58U2O@wv@t)-`<lTr%xDD
z?&l$Zj5-+KU?tdro*n3kdrI#D`DevrU~FluLHi`<ZLSW>-Nf~sj>d1C>%4a2OZS*v
zh`x>aNbH~hnazh~b3fA*Rm~dqXWB#Vj7Xvms`G#WkJ{$Jyp6Y1UF`fC+=964NuWT1
zNqAK;xgqJ7+P#Bun$wA6opo7WKZkLP9{yQ|@pU34Qy}<L!mLK3(P=LYamG8$U;E-f
z-pDtc>I=zkH<mzm13g>JKuhhh`p}-6@yckFcpP~7P(g!%0iuiE<1k0@T03O0hTkw{
zbGGW0Nj@Dv^5Fc?$i-%u99*|{%n?!x)CM`7SxlsU^O3$HW9<f)p5`8;&%maP@J}7^
zH&R>(Pvh9Pv=A@T=dpa^;$&m^xg;K>qyt*U;ryFZy5U++Y7Qc+l7k@3C=Sl1<qzLj
zLdx&bYP-CxtasCH!_J)c4nHJ)g3(BAbN4}(tuIf;%nx6j5uTXiuw`Z0|4SjVUR#G^
z?2Kh~^(tFG!?!|~(R;|ha}Ezo{U*+{7uN}vMpq9AFTbTfYt|aF^lS39#l~@Io{jkS
zO>ai)9WxqczRMO@Qqk$pf2;krv{xaVPVZOs_Z;V+G-t~4Xlf7G4}Bx18Z=$1BJImR
zTRwS23||^K{iU!~(tlxduXB%>wZZ&I)Mq{t+onJoBg*#g6-L?%nG~-Iex0Xmk4P)E
zkQ3x~Exn7Qeo5s^V7qndRw~QZ6n*d3@+;fnTiJ50<;>sNdVF63YF-Ne|3wXrVX?;7
z_}07DWfz`-I={@iI0aSiCqSd!Fe3vBkrTGv#|>1!(Gq&UpL5FMyxnWG<xSB`f@=ez
zl4+T_Rk^&P{TJe#E*~yQxzqZFqN{?fq-^4)S)IquUmO+wW<ELDd*2zx^nGu)j+Kkq
z4RD(^xPRhBRaJ`lS=yBlF>dS7(k`s$_|UU-im_fZ=}7&0q8hQIG|1tSvDDY8vccS)
zuC_&Z@$RIBtOnBjcy5q&m(1kFZXMalrPFVJ#qM<MOr~M=F3Bo6Fe`OR)U@H2`p0Ug
z1z}gAFCP6)o8G(J8Co*W32Bgy&t1AIFhrYs)y<1^Sd_P0&-g-NaYLQ#VW}{o<uQ})
z4yz#!jwp{{;^Zash`V=+8Gd}Z!yzj;Xw@Uj81YapHSHN|s`Hz6=hTR>z~YJ40}H`p
z_M@}AT|VBDGZd+rE1Wt3w&|z4gu01oqz4_lt%_`xL##0{))Bzi$(#bRs>SZUrdT&v
zYdt@D`}a&SO|<TW3<fzRN$r4_VKFhST2>(Hba+*Vt$z5vYQAQbOQLE)(X9taPdS@E
z;(8y%X^J)7(D7Iitmo?Q&xW~>*L^wgzoF9xO5JVVm+(P+4V0fZzn5`-PTeN?YhbpY
z$x2jBO%*KbsBxUJt+P%+{x7YsPzf5pR{&_X_kIqNvFP#IX{3Cv<#8h#)rws;PYYU*
zx%Fkl{=+6*L3RV%vD>vg#ae#HbS3&P3x;QOZeMm0-+7q#h(?O?`3rY;xOJ4xGbOtY
z$X(Ki9_yLhO2zN?{=B1Ua)2kZXv)h`$6uS6(hh~Iq|%r57Eh+K7yOVP2w}>$S&!-^
zumYQwJ}a1Oy0>dg5HIpetel>{Tg(~<WX6l!9b%2#nO?@GCDi?Gsa~y~`iis)=P55<
z_;e+U;%v;MSdXxpdA}XQt_CKoYhX|2Ipf!GV=-gM_XSU1DMJxs4ofq~iB!cWl_6f%
zJ0GX{ye`;F(DGRD7!<piQwGYg2zPeT_aj|HjMFSF5sS%OSzc4r_kHd1v|JvRnKb+F
zaT%t+#%>(({8IR-01bX7{CA0PO+G@Um`zL$IED)=AMqQR$bY1@WgkCwtKD}38VVjp
z^9|LM!L>T!f#Y<0#NY1tfy-jekbhgm@r9BWG<_Vbx2YRQploozz|Yoo`+9{NiQ;l$
z$*+VBU0QFhNq0s7>Fuz~Eh>S@7(Q<l(QS4@FL|9Pc?!Q?E1T`?a=YNsq0d}rW|$?Z
z3$LM{{L46&_$j#ht>KZA&RM20aq`;>8+_juTkLAQ#IL`f_!Fk`^_F7(I+ig&kBaFt
z5I!Y4cIS?u{wwY<cWT4zOju9(gyL*2UG-S~PNpaJx77EJmR+>Ii_9l-zet1m#CjT)
zzqoYe38G5x2>WP_BWkuLYV$bXr36UZ2^CnLhr;HPKP1&&>)4r5t0@o$C3a+zSiou3
z?ztDEZKfq4hF)bjUBE0l0^$yZ$y4!H@axz+$GjYFn+@IBWf{pLsh5gp?{{}~c<WNq
zaQc-+d59T3-P$mfX1$2`Q(c)XTjqB+-|b$K%&|VXT~b6nB}7uEa_zD1M5WyYhRU(2
zk!rZhj7BEIK_{nfJkTK4Y3CPMB@3sSk3VbKy*#C2+7$lu%Zs#=n|rVIKN$Hou(5RN
zPEA~5c>LBR-pdb4O$!Sv&zlTW_}>wXes}qWELCLH!}NCx>AuIuj(1Nlsg;s)S+*CP
z=nh-@swd^~BES5|Vt1K!Qio(&9WX<EX$>Y)C)A*dQ%$kx$?>%4c^%xk=4-0*ZR0ow
ze9JQnx!H|b6bmCUm4(!1IRTjzwf1aXV%hu+5Xf12#Ig+yDOsruDJy1L=qWS3B<n0Z
zSy}L62N;WPApCqPz|P~`M!bRlSfEYpxbhw#1#eE!4xuHyeVitdnto_&hRMwrgq9|0
zQ{qpWjs4ziKXgMRH7cXB!j*GH3kTPjekl>@FEbxz+}kL2V9txGt8BfI;jtfwPVGz4
z)?7OF#kJv<|FyM{{V^y`TFp-~Y~Q}9uhU<ZPHXkigJqY-eOp-yR7v>s%EZsz*e%sM
z<mP-qz$Uh#F)6<6Wc<>Goot4@BdwGSZg&p@|E{~jR>5PJ7yaJuz#kTjcIRH?kGU)z
z7%9ciJzSo9(CwllltWB0X&!PWou%JxHJd0hur$X707^p}66jOSf$g6sF(7IoIousD
zPbKhizQ)bCg|#boIylDmF&j?F<IQ1bYp2h<{i8-}>vrrJx;e8!tkc8k^cvzoROX<o
zG|hyeRX5Ez<+Wdw=DcIWjJyGh4Ovki7==Rd?AuQjsKtyexin}u4mzI@)}J}wKL67$
zdPdUpUYSYB=$a8J<_!6W*x1xdtQm)BqMN_JGzxY%U{gB3Ebya{0qavQfMKJ%)2JYS
z!eQfYG^{D||Dq=Tm&xc=`u#9<Gj5KhZ*f8WXJpdh#f%H>4#KVVG1Kk_p=k!AxU>j|
zbZ{Dwr@FQ&1-R8-Y=|oz9S1X^YhQeWs*_wvkE&7`#4%B7P~DANCD+d8zGY<{DtWT;
zyxDMNNU1<GgBJd~f(M&uXC|TJS#sG-;jQfaf?vY?YioEmrP+X_D_Ui@)qI%VTBkS4
zal!{WqS*$yqbMJj*q-VVTFZP+f7tg?X?7!LW$AZckJ%a?acvwuJxSxb`<F=1fe?Mg
z;en8e_hNKf@?hKGX;RtvJ#wT(8zT5SaTxYEacO)N>k;D3Jx@8WCHJX9qUnZoADg=W
zH7Io@L(Rs;$}`_u?0R=2(J+fbVw8KFt&v0Oy(@$0J&T@0_UQ%G!+cBf5a{)x%bDBt
z<0$4Y6=B$E6%~2p@WG;9one5`p~>ixdW%06Iu^V`nP;biG1P-T27;$Tr+l(ZN=_PX
zNmJ+ESajC#Qq4h^Qdw2o^LUAKM;pgut#&Uvd08%Y<6bN!OB+z7FPW@;8*@xO{#}Yw
zY^S(-*D)Vrwl;V05Lsq!w_F?kE_!}@&Z`GaY?;W%im#ru2?LydMFEwn`V@h2LAX<i
zcW79~+vw%#TUN52v9^pyvk2NV9O}D5i4ulePdR2uZ`$G13$&-=XbI}uoI4%`X6=Y<
zcCq7(W6dz+mnZt|T7{~xx&_?dhVhP%JD#y-m<_Y@1w=jD>Gqs+;rLM{VSV$!$HHHe
zaK@LIGk(Z;9SR~u!d8PCw@anT%S9%^PjA0mw0>7NLbH9kvu)8N67(BE1C(@joV%o0
z;3rMfY@Y55o~CKBGYf3>{}RU~5@>DIATt^H5HteY3mVjx9lLLMB;$AFnMjY$8@u4M
zT+h{>Cho65Z7BSy`bT9LoatT(>Sv`@9Zx&+iOiWwS>a4!h9MMT&jGh(1>9CE!WDXM
zvfGL(6?JGTt#i3&u~EL@Ob(*I_I<4CWJ_XjDZDYrDXT!X9euS8gI_54)o#oAuGBM3
zfUw&EGsbf>v(0B&&a0#Q2=h)&0aY#*$t}A47y{EaZdlgzlpcd#c9|TUzsRkHyBz!K
z`Q6kwd9|I9<Kt^*gvEVE{E?7K_Qa=}M2{WA0^vu@ZsMNPqyw#LtV+e<*Z#DhHjq~8
zx7EJRre)LKAa=e$%cQ*Kl_8s%v`yV^0yf(i=2F>rB8y)_+TGaHS~l52ZhzXb^OW3+
zZ{gnrd&Gh-<j0gg;|{kdm(dcQ7PG!tF1Ch4m3Nk{puCj&SHm1z%GTC3`vq-EsmY{)
zt}SgHSx>=)*m^l)$#-RH?bShS9CYF|ihp;n(somY?TJ`o8%eanQax?-vVi`B&Xc1%
zEUWTG2;LW#I#t>$&UplTsqlyn(d=}gXb9c&gZor9Zy0T>i=WL-Zo|8Yo4urz0ILJr
zg<{k1naf_1N0o2li6Gy00wg~xT=nxM`$c*Qm6&3shQ<p+z%~E*aqpp>Zd{!Vg8HPQ
zDc38TnN=yerkdhDIZgg*N^p8l6X3Q)A4@-j+C!8e5I`Z)9}|^Z`dUlOOudEE`6tI$
z`Wmsv3z>a(TRpAYCSye!QWj>8p6}mlS=t(OJN{^-!<BD9HQ)HX7}462m!~qdN#|(U
zCMgPR&y{HE?9+Oq%*Z=t>(S{19G$D2(%oN=m3D?*eWRT3Hg=yRm7m9wflVO+g};t(
ziesfn0K>e*87|BkEn;|U;<eIBewfivW7lvyV1wG`kq_WD0uV&5QMA`lDr>7IR?p`d
zT>hXeJczW4pALyUz8>}1`G`y(O)M4Wm56+Ao7bXYL<+5T(xDW&<8f=n?kS)T(#S*h
z<7SCzXX@VFmbo4k<NVzGMAK_<{y9lB6_wH~QS{lr6-?7s=QiEm3h{S^x>A#6#ol)&
z?(5PGcEmm3pW!yJ`P@lc+#UrT6WnEAeo3=W-rl!aKIy{8`dbZ!{EjP{;GTz_bjB%u
ziIv_FQ@bZtsPhhmO754$KqDQy6N@?ZJ*A4X97}8mj8pcQHRA94d9})E8d93G&hc4C
z)a>aN+r{$5?1Fs$_Q3Ym@)9Q_%I){R#8u7=7un*dKhsk=G4Qs!wR&1ddA54mNREkl
zt`IFgd?H0wo(7bTY;TC5gD>9gclCG=rYS0<D4Y@wlX{7ZWo_XQt==6<9P~bS9!1<A
z-a3xwL8;<BTkLgb`No^k$LYCppOty$ewon-6l|Q1Cw%$E^7$~7<Fv`Pf?@ZH@AIro
znF4HLQ^J<Sr4(X-n+Fw!$F9n8V<!T>#@3PYDqF7l=A~z*`^Lq*=vuB1(Wy9Q9c{ej
z5a{xB{OoL&%Ne{{u}92e5#IGM!Hr09)+k%)@o6Vy7PG6B2|O3Efz*znr9eAbi~3I-
zsvC<UyknxTa#EJxwgK|m;TX^rZdPE<Xo>1tSoGR%Tc(j+bIJJK&wiJ3r;2G4g%od{
z%Nr$RyPl4Txi(1E9w0trO{>w){2Z6R&=R&FIfGldka9y2!AO51bu>UZg<(jX<rU^J
zql}7W-CoTwPhWm5pzlp@q=D!-i6&a9v<MTiOI5yJT7Ttj&EB)w?m67JbO0r*@1^d3
zZ64KiOYM49jK$5=NT+<n^f-?wQwpfz1FFYXKtGI#w4WR+)VfcpvQKKi4Y)%YhOe^j
z4C>a(FF$AY46{;#q3l<#S~(xSt%X1ImSsUr->;zH(Vk}@(OX%0A^&-Iz1!$F6Dti%
zDQO86+;d@3v++!j48%`W7E|TVY*lx;`QlOS867(96vG6Os#)8%pmV15`o(dy#zH(z
z^t2B?Ii7iBb?lhTdFQrWJ2GiEVc-{Yw&BH)rKu6VV+;-U)Wq%R9&U@zqNsHvur;zY
zcQwh*v1P{&p7pU<gI7<mkQ3scWowLCI??JmAfq)7Uv4e6D7T4aZJva$)3s$%oKqi@
z)FF7}ms_ksEUgHsj%2QmGM$2Do{~sAz5>FtMoqu>$=W<GD@DB=1aIP$<1VeaRZrY`
z_rhEQ55Htqtnf!QidSyQV{*o-Tjp<@Pm58@Ft8O6;$4aHgRXnCH2t!pTd~<Q@U5&#
zoCjp_d#;K~H63|%QyjPj5H`hEhjkZ7ts-hkZ>D6N9o9-(v1araF3H_q%Ai_EU51YC
zm&btZjf0B$%Y>guAR(6EFnUnFD_LkRi6B$%U@W^YrXj?qOQdGO8^hg^jm8?H<T1S0
z*>2}IXJoWEu97z4$Jlw_4?QmXd2NtY2CvW~xv>ZKJ6>9|HqZ@cC>_TFI}lt6!uq~%
zbqDi<N@qWKEcX|2W_R9&cbO{vAYn_z6<_zjwBoCZzdmI>+?}=jYN*s*aZOn2Jmm*h
zc1ePOz9iu0^);7;`Q!V~l>IN=3VG;dpbsLHi3%SV)$;rO!l8Inw(<!1HOzJ?k*+Qi
z6AxgC`#eI+$(Iuqu2-~kYP26L_p#@sev|1Im7Z|Hlq;{MB3m3-xoGYPtc6+DIyBB=
zbd%?j8`vB#>wQ|@uU<FTxL|19AV{R5xjCzISL{+!Y^w6HJN!9~jg-s`Lg7C|s%Nhs
zl)nDyeX616kpDsXA>~7QWi}-XFV(YClB~m2aN4Fn+Z!8n6HV;vYFigJriByI!&RJ5
z7Rr+7h9Qy?-oCju9o-a=OvzB(!#-jIT_xF*9EQIg!8~U-+s^Ob<p1L=LzV;F++`?b
z_w<OF#PTH>Q(lyhE~WlFu!+G4s#Cdw8?32aVsZQVp{Dg@VR-{_)Ns=%+Yv@%%0~NA
zYSHe2pAe0mZ{Dm^K}cK*#MptuC29cZxkG7yMwO~e9ac|TvO|FG^l+T{FO1)l$YB((
zm~vcH;Rr`T!C_?{1;K<VpzAf#&x~LEW@OmZWAni=@Ym@I+eu@W9?ugpru14l&pB!0
zV)=f6(2S*JbIHkEjioJ6M)2n6B{a+&#*qBW*2eR~EbSG`;gt#t`+&;N`wC|qf=y37
z7v@Q8jy@;!>~>|0BN6kDvSv6xwCg|poo$nC>5}ImH*oN5XN)qZ5&$-D%u+*TNQ2AI
zk>y;IlCQ?unrB0WBG`KTXD-`x56MnSLG_FgEr4ZrVZM924I{t)hq>&t#*W5=Q7TGD
zp1oTrtlojcf2($TWq5@pBUe;sC~dUi<N6wT-l?YX!TAliSWeNncutCPkMJ&w219F3
z-r2`a#&Jebj~=#>3=dW}l{v+<mZP%uBdPR<?ZDEB!CqUPk>e6G7Dp}K%xlY$jf3EL
zlXD!7k8bBrNa;TYRBAH)4(b3h{qEsvb9OJ*ViVwR?Rm&+S2^@94Sa<P*&AFILL5o9
zM^s~XnD^UaXvWnlR-UUr=g-V!&>Pp5A)>(y%nsI(>5&kcK~j*ee|(jScbiPg3jmYm
zX%5M;%6W6i(oaW34k}^rM(5%?r4rrOFAd5Sp2XL>z490gBxWR^@;9+hc`ez@u{CAZ
zHRnLl;Un5i^A%iX{YFB#$`C~#z6G7e8TnqiFcq)k{GHIR@rMupde~|@Yk2MELoFyP
zIA%Xx=a`;I>dsdu)ymRsJbM;kiROxeEwK^$o!dKxj@xIpdX^sh#sRQGM+vpUk?1k8
zO$FI;7Q1@*;)<W}&Wptv63<hPHd{{>QorNA&Dv5Lz0KE%5~Ch$ZF8G1E1YBCob706
z^1!%%#R`6>Bnij%XE@z_pu$tJKWxuAzy4!$8#Rt^zQCGc7s!vxdPdMb{<bSM`hy2s
zu?3%5eR2Yy+2wCJm$#lee67or$RJ7(sj!uTE(6FTyI_f@8_W7-)5>o1sF-buVBw<q
zbiwwfEa$S4xti0j8lGAwx31)9r{V1qcGAIwVZ#sCTi3X4(9cez3EJ*{L4fT?kzmNW
zwqhkB#rzE^m-nW7e850`rDAP#sQ?3{E=m-1-#q0rY;ZfO)WNcMY)n%3r+iygmz39?
zMg8^(;a|6Feg)eWMlO?Z##cDx)xjELmV$~zCGk_9cq}3&u?GTh6NRm8jf``|ed>~(
zg8IVU4Yr+n*=vE`C9QE8nF&5D^tzuSoR#hgj*42LX>;JMxu@=~jx-lsHeiIRBX+-0
z+U9{?;C^Z`AwSn%L~_y7P4^bFf3VUh$?m&~UsRrnO0<fsgd*TtIQYQ)tqKJMjp7P_
z!h#>Pw31HYM7E^rdM$+Y8p{e#T%Bv<zYbzkPwV65FpKmYh~F=CC`@Hu;8|18?J+G6
zajPNFNP)?p=&&je3EYlyS=mHW)SEd6>ZeoepV;^{a^|$q+)ck2rs7k2=@@5mfgFWD
zD@#NT&qCCxvqGKzwTaJ`NCGhM+Lrkw&XY=kMeC-`$JE$}*$j~a!e;<)UpiKa?J~5=
zF&ye-`z2(_@!5R9<4mjPIm4|E4C@H$bS@0*m{lf!dD3h_iJ!?kqt(;xvA%&J<udrV
z7jz%U>vgoZWjD&we|WvM^3}Qm&U@CJkCheGQ=iw7WL`RT-L>i7Yw;${fxk^s7ufqR
zx4Q+l(v(QED$CotH?~#$%G-Kqe}=SA9~G;Lv)^UR@C*VI*JAy58I7Eiv$DIFPPsa}
zMxe>IC7u!d3NcsJvh5wM#?PDTB?F9jADS*?&Oan<m-rziqZd-&df0!rO$5Ex+(Ct{
z86bj)+9&va&~4|fH!*SEGw<2oE$Cw#8SKd&Qlrb>_oNL=j(0j9skFrIwb_V^-9I)q
z^kM9FY|f=JlW(&$L))piV_`)CX?hoB)H9tWd0SbR`Y9<veZm{6^b#$xG5VM0&}cMT
z?3;xN(3RLv?VnDF1{N;qwFS}A^6L|3STh=(k{&>;>;3U%GXkPISs$lLV44xIpjgq2
z@D=<GsD&noUR$wHyY7|#mBXYLWiG&nB=5;MEwcIU-m5p3?Pfma5Hyjh=^86y32p-V
zH!3}^@Ke%#kqca|ex}$q5iV^cZr`f*ZfE^zj1+Xq_Ira~G!IMr(RG4r@1X3Su+5*I
z+w3M&c6qRw|9WHGWh#N4R=~}ts6D=pe<ySHu6FN=6O8&Y)9Q(rs4_BN6|hk7E0%`{
zI*c5@VBz4Z)nBS$%V|V8>Z=T^6E+Ylxm}j$k1{m;l75DB>)0nz<F<B|KvBFe4sp7<
z7JmZ8e%I<qn>_a>b1jo?tz(DxFJ?vW{ML9tgsI@sC6(9(X^dO6-lmLpX)MbV&wS=R
z3Jxo@E7pElK==>`79L>mk`k_3!3i&k_cqFAz)H}=cAVbD`@n0~2F5*A%pbb7z|Cy3
z{revt)&F_knWA0yQ8vvm^XG2*mRGf!V+aS_oVQu>@W*ZQCx2!byWdm(%|4h1D8!5I
z%Pu(h;p;F-qSK*<c2p;={flbb!lOGQ4;(9#tDZvDzl+$H*B3;TJZ)fho9v=$U1_IX
z&OJ@#%WZ&Lx5~!~gykdZ<uzM#wX^wou{93AYad1H8ZMKz#`II-9|Jmf;(|UIhbop)
zLy^*73S4)L!I>1@InQP2zGltx^eIJoZL64_>`YIa$F0k>R2o*jY2}DBK-+L`u)9k3
zLSO3?xat=NJmG{J8|PvR@*J*NCW0lp!F)&1>Z98sl)F41C_TqNa`BD6D0x3l!|hcU
zX`q8v^sa?%0YT-H(oIekiQf@V2xy!LMM?g>-Qx(8`v2x|y)?zRK)j5Mg4z*u5OHtw
zUQE4~)7$Y}@NBEF+D0VqGmC0J5_jS1Wc}A4$7IFOltPCSb^i)zP=U~ZXNY5n-i8Pm
zw29HK{u?tWU!N{*3A!bF(5;8^K^|LKDr^I>^Kf{3zF8#_2!($*>I3~=VO<i?XTd+t
zH(Z5#kA0Ho@f7O;<lm}=U;~UAevg|*@WY3hkWnY@>vd<OfJhrJrPR8{4*ufRh_nMt
zK)bjFZK?G{LW;R9oVSF6Q+F30_#gkm)ap3fxep^-4V2<#rGw)_#gXaiH<WAvd<5R1
zeAif!uDSa9Dy1@$W#5MAHe}5{YjAHt@jcE%#ZGous#nvx`<P?rUK>uy2BbDY>|(^3
z?RNVBj`J&-%@-zYh=Vh&8OF<q`rP|S=U`R@%tPpJ?N#M$JQ7{Z1MX~RXl-t2?`ujs
zN|dfFLc3L%(FtRtAUI+9t>?h!O#KQ9H>;HtQ=B40zt0#)I-5s_K~C!KnCnlPt)F9}
zhREX&p7QQu7DudDF71MAL7s`id+#+4Xu?ewx%>uegAp$_J~fY8kek=!3LTm|@|zqi
zSw|YIj-HRm8R90MCPrkm%Js`QkXNxJy#rsFgy{+it7U(Tx4oBqP!n^R7<HT8I@S||
zzi82x4>aT^FMC4%%;HZGlR2kj-+aR})<R_|K9=?czD~DGDlrS7Aps-em?dDD_u`fk
zq)y<@VFajt2`pGa<p95oeye~%8E~xQ@Et5XpFKLXe!<L?NQpglSgWz>(Xw_+Sju52
zB?@UEmix>~(Cyb*Pv%x&`(NmUbo{!o(t=|nNPd{XHJ|yRkj|8luDoBQA5dvKVMZ6S
zj~AxQd#>{6zPsv1D3Qs_axX0yN}~huU>?krA<agr<lF~6D?-8kyz*xX@CTzObNY;4
z#J(m?fx=|mdp9wiRn)z!&y^{Vyh!3cI3UJ(hVda9lo>@WHMKy}``=t!jQF%QY13~z
z>^Vpoz5-R?aq2%BEyI1ix$aCc8_sHNv?(_+XXSW#hD&G5nk-mFT_f`s6qRtlwLVDW
zV5Nl2MS;6K;3`k%A|uW*T;zgpu&?j)@{?&;9Morp_RiFiSb%4nkEA{0N1rbEOqQ;^
z2wq(vj{pL$27WzIeHHPS5PS;$mCCSd3fsYAx#VbNm~tpvod+HJmtB8(Jz+fCLt!5P
zhDgv96N!^zcw41n(ac1VnukI><j8lkKdeg5iJ7+5E@5mIO!pQ;O=gOo1K1LzJF4Vc
zkG0U``;W~=17a2~{(Kp2%<A5NEow2&i|g$)8oIw}E7+<-8YRaJ#19AJ5rh-Pa&GUn
zx=F!_-a7J_9Ba*Q3B+0?fl%-fOtQJ~F*W*;{!W~*>xp_1;1-j2&kRLub}YMjweJa3
z`Bp@keQkqq#l>MHR|JwD82w4)!FhEJ$sll<yqU@r_JG6!)l0G2`-zt9zKKkIGc`R-
zRYH%Ri?!*b@evMKn)_#G$hEjX0UiG!TG2#|?~_L~C+ws<Kux0iTnH^fkxjFKY8UN$
zVE(k50X()m|59bEx`2xi5X2|Pf!v&0UJl@Fpa5#uH2PRFU`YVF*Y|e)%9}qbDcxk%
zGA-`9qB&dv&=R&``4oj4#Mb?N#pNPKC&E3X>aV+19Bufb`pw?{ZPXnBAdPc%8aIw>
z4%obEJn`oKUvjqKc1WZL3=c*hUGcZ~s@Mwmc!i`(N%{E9T!nM8gTuws{qAcXE_}r{
z8WH?px5Gt;?_cMs{8()q!I2ek)acJ7DH169u<baTWE^!-Ei*NPo!xj$YMi&d!}q+|
zsM$jpfn0X?4xw^4@-~27M9F8^T}IaMNI$stmYO0?=_rTdYCv;I*n)$=G5JLlcY7vn
z^p~*C6qu!+0(Llx8ak0zpA9GSYy1@`G}sbH2Q3zEU7t7b5Yq3~KwRf1ZP`ksAC{b>
z;$yRpxsPFC0+PHlgL3oJV|13<Xi)jL3;gn;j%oQzf?Ld!w((ddEv4(vu#9--`$U?^
z(_@(43~a5V519;X&n0I^M4oK?a+Z>XX>0Z&YzYa|^R>rVX!SU_FCT=p3lA4y3lI4W
zha%1lyI;Ke{oBkG8|P2k6QKP2Q@McZ!QUqY+6BTCCzK*s+LS<=rWL`$2`7RrT2>Lc
zP?ESjAq-U%X5~TFW@0kJV4^A$y8ppr<gp-VI)llyS+uw1Au(XkBh&?!jIG9~Xb2UE
zm70hRCeEA!9Rpc2g8X3)!Ek}BXW;uQL7ogxb7DokAq}h+Td^6?M3qQno9KaqE{!{z
zMLeeEQ!vF@8x$ejP(mi^A75qtkk1?&6T|7t#b0akn2hJFGR^Ng6DZL6Kt8{EP`s;|
zAS!U3neDHD41-(f2)Dwmh06;Jx#MWlk1yO^GA>6gu$N3sPq7ZODz`~}q}`x)WG0Ut
zf3L&Tr|99rUW~kHXG7c~vgP!QEgOE=<C-5@enQq>{&PGAXud%0%SV+X6KxOjLxz-{
zE`gkc8mq`b>F{3zGxl=avk6jKz1dDlkASA~_I`h$wt}Tp*(bgm0J8tKrCd=~J^~K7
zV&b){$dfNl{Z-qp!Q(bhvDG;##`?xgPos-d9qPSesWDv?I^qgmSYF5c=jex4JB2(1
z!eT{eN^oD6oA<ED1S_Grj?KZN??+W9)Zswev@FIsn?Ise+qo5s$^zKJLjV^QPmbPO
zrFm1Odt-tsir-p^bt_tl4Yc|pR6?W?o#UqBQaf<Miw`=~u%=a&)h5>A)}Fz`9r}5D
zWLE?dori5u9TMFJY+H1Xp%7Wwk!U##>}^o}^p_4Uuj%!0J@egbHem2PCYN%jUtxo)
z%3y0mlwxRL51l7k(uQeQj!%Qs0;+cTrMpoJyNUa;Uy(;C;;Yk%BVA1RCTrcj3m>B0
zP4jyc!n{`ZMf^Gb{UwOGAr16;!Pvvg3%Cr?$-rQMeRP8Q=HahD!w~rTneQQyI2Vsb
zi>m!W5eP%Rb^<aUFU)+Q)|Nx`hd*jU@(hkafjM2Z(x<FgM|{j8sA}-=ju(jV=~4dS
z!B~;M=eoDdT;AFy?+<~}Z>=UfDE;mTB#F=nD)<T*!*;7D3b1P8w@NM1S1^gNR${ue
zcLX~0H7mM5^d1LT7jNyziv3n_vHW|Im~_2f3{8A7EOs3l0d)_Y1G=2JJS^N~VauDK
zUIR8vF%3SMq$agJw)2Q4rYGhEv8y~PC>&4x77C(0FHjw>x8a<H`i=@Ck*r7$q1NcV
z#Rr<dm4!cV^sQ4Pt#a-we|C){Q1l3B+W%+JC^}DjrXVROZ{+(C){H)^owQ{iYW_Ia
zl|GPH?{OIX>FGf`nXrFln7LBMfkFiuON=ad0hrI<0wU(G{R}uCWAUU(R2SisOP<G1
zr@MSkzkikXY_!ln#%MZS)r}M?$=6~GFPE`^q;f^cht*I6u6#f}{C41W2f_Zvp<*Q0
zSrHz<iXd`xw<1F0^+x+~fPq2YdxCZKb%RJt6-tyrN}&s&oXkH~&~4!!-DK+iF*V}p
zt+O8q9@<#F@f4%JlSKvpUQ;7I5YRW0p}PC9W;_NF?47WNhIdE>cI=IXC*MfqzOQ`H
z5G*{A!QqO57q)?It6|#alD8DFUI^oA@_WOz=RTh{cpfQEIAI;g0}Iu|M!I0EWG|o@
zj;NdJo6?`=jpZ?mgqNBSbel1{+opA4X}GQFe<sOQh7b9(H3-QwW-Zef>HB82XOQR2
zO0`!o(QIUz?)w^B0)a_IkQNB$C;yk4`h;)#FIwc%#Xr<4DK^C>bFV{>eBUtu0|>g4
zrCU3L8Z2flXFf0p6K@EhgQi?<%~wzr+i_XpzkS|eiG2?`mNQG$@0Xh^CPvUAnn8C~
zq?E^;Ds2PtLqGq(QD6leCMd2Lit2=Bo&wwS`rd`xrkm<$11~`ZQxYfFqnUoQn~qbY
z-+yF`BOB~!kNj(qr5sN)GaTq!uB0lVYd<<DzVn>8Rr1}1k5S{1Wk`utcV7cm8U0aN
z516Cj)ZaTxIfniQJ=s&&?H7F;HavO#jV8y5AspjZWu5&xez`Jt@H-|NhMI0IH74Vs
zJ+*VSw@Ee8QHR)4z)jwnhYA?aFS=OG&3C|rsf2le`#QsuEe4#ppj8=~WCLxr<n4v;
z%NtXSzE0n&Je2dECG-DOW5a!YPuj6)N|at6;wepu{dOxJfXf7&>>9Y&LF8C8^t+VC
zk}wl_eUxf2hzd_QS)s0S<=Dx0AN!-g&M1|bU5?pC8tKfb8mW<be}_rbZVyL-fn8D=
zamah-67u&fbh0mMY50b(FU|8<J}d~zR_2`)>iVhYG>ddJ{watf5Ct%-=~(CTefCoZ
znN~61I*idm!m_IxO(i;}_sc0M{|^B??AZJ7o;(qHV_e2Mc1GXtfGQK4N34YKJcu~m
z#kQT^RYmhrTv9(&{~>;JxeC2=tC*BMTsC1mogjl1BxTenRF{d6chArxeKG4`**H#p
zc|Y-4$0KaN83?w2NIi=psFJ7uA@@PEQVlbEa^%+6F(a#lK?>pb$Jjqp8%(A2o7=1%
z`~iB3iV5KBlyn#UXknHSE8d?(kr(7H>zeAkPYAXcu&E=5hb>Sz8jy`s|ICZ>f8kQ<
zDb9-%1T`kNy*n4=fBukPei7SQ5REChe=b%n|B}>Mm!Qe0?{r7-w~Uxu)V^h<CV_Zz
zf-1cNY2>xIDEu20SeiVHDpH?5E!b}Z*9-K+LD8n6Q_;<C=RCg%o1JSWX!l<JuVI`I
zb%gJ2VF?h$s*B0eRa9t;tRz6}3+1pHySQL%xneLB;6P-+foX?OFGJ=$uK={NkI>~s
zJ){j*p)?#t4`dBIf-N`#6OO<>7QXMU#`;(CN6rGpg6ydAzZe&hj#ySj_DYkyIy`zs
z*N<d<=&W>huwg{_RN>qMJ%%TF%Xh!27IpIL0<{+K@9pxd^)}+Ct$?zChLf51s0P;t
z4gJyHd_v2|wqG${y{kx=GYZkTeesGTo!SMo-8g_b%?=u!`(XY+_JiPFhiLd0=s;Fa
ziPeIS$cy*13-~KN2M*@9j40jhYB(*m31<Z*8lcTsuofsVmMt3zSyEvWzk@A7#w46r
zQxj+ndSqFe<tZC<*uOvT1icrk=<q{haE45Hm!$@^4%XQ2X=!LCL%TXa{3BU`fqqfX
z7MzeCc@-PqkBACb#RI)%zjTwiEhE=oMQOkL3FIjF_?*)5P(g7GFbXc(1tTsn1qL=a
zQp}<;MB(QfI_Xjj3Q%RR3!8yW1cJ*2AVt0#6puENwjzkToGJUB13;_SKSyiK1tM(&
zuWm%lrRow5>8Y`x<_4?9FboQGPZo81UFXCt2qQ17)<aXTQ00FBL!ezxDqoRrA~`~Y
zu`o*;1E4?jAn-<g22-HpapD-Os1Qf?%ZW!Z{Q}tbzQ<D%jV?(dMX<=!4e%!0)qzhE
zLnjgOmH}}^D=q=q(_bPo)BlWgVo+-qz7BRs$ZSUVeYHpLt+?g)Q@d7Io}*LFzenEZ
zz4tv-@0b+pXoEgp38zGf+$pdUQ4io(Bwz)7NeCkg;BtTIseX^JtM!sbwM|T%*xs?|
zr)`eYw;vh0UQl4fl7SYcqi#OMICzJ+2_D}-jI?igbR*}SK2nv?{cG8c!pmQup*dsq
z@X@Sav810vE9;GB4BBTM)R=Ao*avs|3Gy{z&UA(R2ba2HW&Pi$DvDaxT-cupnAAot
zfo{+&i{*Evp55fJ+lF%!Ik22>BYpKw+LF#HULp^>OyVJ0doYrB;Gv*EhOmW0mgjJ4
zw6PG0vD;lWQ`ReHV~8Cnd@PxVP!Q|<d-x#&7Nr5)wvO?$QKQCkf=#Ia)+&Ax14oV0
z*L30FmUC+Af=+xQe>}1ZF45+x!Ad-C<l<ha35_HJ4Gaq0IoO5M?ZKBmAI)St69zdM
zpA?PlE;0S+TCWGOSu9Q)d@vza`@M#?=l7fpiwu9VSy6ZHMK{;f9dq@y%*{4>H&gtC
zZs%f^7G_BRfnxePVSt<WmE-@!t@W8%z|JZXxhP?~-a?L=^AEOsI_nDS@dU_!Pj?mA
zOLn1&kvghlQE|?u*P#g6jjUqUNpi@M2T5kg@>+DfPwUV<C0}G0@)wYZ^wO+w!v#{d
zgM1UVjncO4_m}=0Z>l0fHg=aWyDFKXVemSEiv2pEuOPqQMs5KXAAd(nZO;wXBx@QU
zjr)1OSqEm4;EnswrS)MU9fr(|$5aA88+Fm$HTd#UZKn7<KJ$swXMquHbJOnsUQ=WD
z7h}@<=w>)C&P|%m*L5tsEj<1}j}L8jB9uL!h`*mFSHOP`x^#8^UH=S;G<U6BXaKrj
z1~<E$d63XDA}d>Z(8gG)U<b}Bp}6~VM^<#_V)W>vr-T<$DzgE|$zYvb3?DN>_5MdK
zy>W@P+pS`z%usHrRoJXho7_oy{u@HQf)Wl5yMIHSWDrz8{Zh}+?~69afH(2T=lOal
zlve_9b151HP}1oP63pLQD8M$<XIIVN_C)%=wfZ44q-RBqN2Y<OVy6CsfvvMYEh%WR
zz~N1t$A%}(U*j<N?o^*gdOa;GLhO`zR;;2l-=xKP!X`(g2Y`@^#w`@7FEETl>oY~|
z<#KNyt)i5<!uM_r{nGJKK^+ZptTtutr*ado-kkDCtKW3vE;dp5Ur2`gMsjGRc2a{>
z7eOKv?P*g3sj?Zq6$az;K~gAOV0{f5(Rlc;+(L|Lhe35yutOCV((w|_0Bjy`?RTdx
z3?>VWb?_!7aTKhHxa<}B`oG{8&@~vqE~#>buuu23cfJ55!}^TBL9P&aVi>ncH!o#?
z;5NijDv^RHK~#U63zGY6Fb4f|R;aA~o^xqw!zY)|S$f3SvQCe5*2C_{pa^ayC8aM!
zv0xR#|0SBH&r<l8bEzCEsv41$#cz1hZRY}iF`vGN3)_bi@U6lbS*Xd#FHOFH5Dskm
zq%@Sq@7?kDSPF}%X^4LA70Z!S55!xAKtK&UJ4A`}K0`c1@HTUG>`z#jThUjpEc>o?
ziUw~Dz(Xn~06?+RfI{G?^!8_)uf2tx&5?KhDXwZoxW54}C)2lcr(t_BQv9YEeQ`DF
z#x0cPHNP7p{QLrLF#iTD|A+n!Dgp!xH5}YmDs9pw<k-6ZhJ-2r7@tXr57_yRFz?8o
z+;A4w>cON5!Ek1y8LPHAP>|8-`l4w_lESLN(ZfsS7i*~82CJf$=-D~$b>wdfRKlB@
z(BCX`xG;67cd3wLD3acC#lh+SBcy_DRLt_!*X6+yvV%$DXqmNmz<;W50ZYZ;4&GL#
z*9#i>H?-Bei6Ys)m?;!m(%@!)Oc<bw|4lCbqtsQ-&<3tYNm<@Rf{)9_vB{6Z(=GUC
z4ySBRlsPRF7tHjBF}@*>U@;px#9jLrr1?KpzJGj{4F--Jm-dx?^1$bFrXR)4wE`(5
z7%yzOWb!mmCz!4RZFE(p`b`a?#eyiHa;q*0{aY}|lsU6q65IlzUfuxaF)<V>ca3yj
zE>~2U?j};z%)KYAd96rf-B&#$EjH(njQn^0SH0WgG0_P&JN7<(UP}!&q%5Pa<90tk
zoR&q)Cq;=vJ^vA%*wJalz8p42i)JbEp)R7KQ_Ha>Q)}|lj&v7<bv?&xI-D)<x^z+H
zQ_3mTNwpmB{Z&u&Fa7XlelE`RT-+;>n08T||Dv#8jzC?=z5Bjh^&X|Tspy5eD93us
zq95mrr=-gESv$7z%ogPlicRaIycal1?}8_dRND2U;ONr=kKycnOed^*7{)R>WM8^W
zPW`y~uh9<ahgBJ2p!;Cab1k!cV%p`gQ0~0judYAWkd{4>=f%@1I_&b9U99kzhsc=b
zEC0Xb3U=;2R8Ow~jwLSWx*uE?$DPlujNHSLWdH~?6eG%-PY~Ozc-9<GTNj$jrPtte
zw{78$i>~Mory82mc)p)Ew1c2a{}lY0(c*zF1-~&ROE10tO|IH?=}~K0dcoxcL!@Aa
z>qB=k44X<mxwa#ln@eSXW`uLeQyPYaSBo!u+`YXQJPA1qFKIRWe-JH#G;b8)l@|4u
zlKN!HfRNK(cH;Uzw|7vJ{AQ2Lb_7iUc*I*>f~t+!h3&Ie*!UM-5uDn#R;H?jdka1T
z9xxa6{4REy`sK)VyP$xIj#%oIspj@tH-)*Uz!!3A*hbim=EGG(@a#1LT}aU2K=`94
z?p`v$v)ZV=aRXR(jsr@?rYE^0Ab#c3Ihx3SLAgo$GBh+W`5k?Z=p%*O^ke2{Ij|{Y
z#EEU{ar4&xI#<W0uljl0Yq!}vb9N8dd%Jxx^TKl9<L1$uLz3HJ#<Mcs<xk)SMG7-o
zgW~q*^pVW>(Z={D*sI7bsKXP7G~LSgG<9rsyh}18#@%nnlr1XmPg2^}y!&=Xx7Ep~
zt)l__Gd_aMA!%CW+^Pll(IlPEhdpD@F2jQd44J~vBY^(CiZ%NX?OA5dY}zd;oAw%3
zQe~_=Eo$Fft^IXAsmJ||o4@yhvuIKB^fZY&yi`+(B}0ZN@D|#TOE@*&*!1)Tp9T`$
zq^u;27;S~H0Xx{*jml7Tm@czV>nwE}NR$tAZ1=@=Q)1d6U|QP5s^fLz7TOlFT<e?R
z2Z4fB5C+0U{x;j^;puIKvnFk$!{5DqBfdpa-}JD`S+rw0HCQt&C7L5!{mSTbL?S74
z2NKEGXb_ZLa0c0gc|XloXnIoad_4H^dI+z6b*S4_?S`OFw@!{sJis5Fe<&fHX+)u-
z&AO`EX;!-Oueb^M!lRQ%Q%fymZEBLre+tw>a;c-51bnw!=WNXDru#~)tp^JY&>>rY
zkR1zDzd%owA$W{s0|X}M<)PDwOtUEGcBK#yLL7%DCSeBU+}dU}P!*AFCzzor+LW!}
zyyt6{M{V3hT*wF&v1!eUtD}~6_uilmE17~H_egllDaB5vAJPaPT|)pK2uQYU>}0>o
zPVQKBKLtWbXjv*+1s^aW^BvXK*cYG`?Gia#z&X)v6ML^Pi$wTl<I?1!lKkV~{1dka
zlP$a-NnnyiSqxsZ0S%-hh+AUQfj|KC^BS<{Ku$D&y+sXfy&hb|tsSjfJMLcU8~%L8
znPx2XBJ`2)NazyNj^%3C73v@7F+U6#Idd~k+x`HR#U@o=%gc6I^PkM*zI`T9a}>rI
z#nQ{%0i*<*tjhr6Iv$o5@fY@;Mz(Y$v!}5qpzbwFNq!~D4>5bzXzzUhSHALxqo0JM
z(d>XbamSIeHt83V+d5x>-z<k=;q%gs2K>AOzr8i-X!ReW31$U@&Sp%9^5i;})Gt*u
zXKqBl<c$mr^ZeI7ey*|nJ#Hi}#FvUFy=#TxL5ElRaE$o$*Y$H5ENxTiU)(B&+^LsL
zF&j5eqT*?&E%m{au(JjOQe=oC<7MAF_xTWnYHWwg24v!Q1l^1^d(P6{FIzWp!pUOm
z;L^4oLp-qIcF6t8ET92!@ds@0;PnERE9_ZOY^xY5tzK5ZpIR}za)MVdR0>-A#|IOY
z0L!|f@U&*Xj$ayit%yCTd~I_z{-wdIKi&aI0&(i6KkMgRarG0@7Z2c*?i!Avxio!n
z;c#jG&(Qf2kL5CDK3%|LAu}ic#Y$&Nk%D8#sD!JW9vEtBasCFzzt`Zb?!F64yIGmW
zr^6#=Rkk>F!Y#=C<%D#Mc$7m~-52V&+WKG~vEuIAdw+r|qagT-x6T;~f9u;}>&Q6y
zzh!}1^oiy{3W4V?kKQ#sCzz8izj331Ne`Mds6t^rhc9J2jW-u5U2?O0T`iR9g+`K4
zV73*gkz+OnC?ZZKoN5%RnU3OT;EkE>XejrnMWG!E`&ze(g1`e^N*()L@zrx#9jr^T
zEp{d!4xVsyfrrA2L1O4hc57ov;1(x_CBV>W^~Lz>eNs0{wu$BK=a7X~85tNxcrR#7
zcDjjquTOk6eWonO@@52VcKLg1P<yT#_GJbbS?@qgjM`h#3eUC803&RN?J$0tI=S{2
z+0SQx7P5Ti;vSH6tbId9E3uXHr+xKwI6!9PkfeAV{F%WNTj+EX#UC?h%&aJ1>H+1S
zpH+w1KC0w@bP80m7sJ|!gHL5GzY+_E*cgS5R;O@mZzsjSD9e=Z<>RDexlp0A2O^Uy
zSBE+eMelvD-uo&2p3ImFN2zC+{QI<7&*M+zd=K=daZ^54l-02_N!O#p3y`^OT_RLO
z%e07v2X{lKQ^hm-YuPR-Unl0F<431C)cNT@C5K*HS^8!6&Zf!ABx2ZN3zi>@DagTy
zoDc$txVe8#50g7kdf*MuvnvaB*|36Bz~LWm{^-W`v^w-f9QQTJush5^o`2Ou32Ke#
zX=rYrEiKR83r&^@NxasAG@v3>%t<3AVQGqQ(XTeWXXI690=gVL5=BVV7EUVXvu|u~
zdL4x7rY5dLanWto?N4DV!Hjcac$!a^cHMLR<G%d1Ti}2D3vvGsnM2)av`;x%Jxp6J
zmA`H1PK?DUk<>O;clR}}g8Tq@I9ua(F>hI+xMTp+v+<=QHM}tpkuG`b+@SDRkLL?V
z?K6Ou$F+gGg=LhZ6e^l!dU<i5%5@1_J7}=Z7IH=sTT%Bdvkzi3cVC^=c@(p^B%QT&
z<xOzHQ?7QvaC{zGSb;>YqZ;~$-QS@TFE-7!mi>-JtTO}1qkMGx^3yIoo77Lzhv;lQ
zwhl}8*~-?#H=pew&i{^EP#HnR1f4fL>neL6lz`yT)`NSW)_duL*dOiD12ot^P|w;C
z&g<dm1-lG__*_o1W=yerUVNqNyj8h*t7nKPJB&*26Eso_EgeE$Xc-K9+oK}u#LVKh
zg-$(ZquXAxF7B~K3yb@nVUE@bg}|rA?BVDCqJpN#q3{J$B$QPOHixFF0;?ucz_e89
zhka)wv%SmG#Y*>M?RFw*N_QNVOGCsh9%PgU>rhY#Y|aG|Kta6nS`2H~`b6P>p!b>{
zO~%O;E1c9cB=u&talCZ8ljHR5JCx_#jjX%ZL?N*j#HS)Jbp4~wqn~;0fne$p;(Anw
z#)hH4IR%PK<dWwx`tJ!`tk*I#L59oKQ6uIU42;$f+@Qj7&dX*Gn8Hu#x<Rf_*EmD?
z%G!X!4`dP7`bJXCgmD4>VsTJ`8vMeVWqMpS1;#js;Nw6^G{3&xz(JT<<J(oSjfeRE
zo*<Mm6Vuj)J&yoiaXVC*hP-Hc%0t)k@JiP9=BZ1f936wKGc-Gi`Y$-d%NS9G6vv&R
z*^FffxhpF-{hv~UvU<{?T<r$}x*ATSZ^3g-IxA+;y~L=DWZd_L=UKq$LrBg$&J|_^
z(i)(i+wfqiCo^lVYIY5u3Db@25V8<OAFez_YAzWcdO)eW=ki(X6YsT;H=e!Y+{sSE
zFwbf!SYT{j*5hu+OHj*{eO~wIReFtE1s1O{!Y$fyAR<HTLj#JMn^}+!AS+P+x0?!R
zIym;UmK2?8j5GFsu)x5#^BVR92ydWFT}r~zI%*=&qeJk0XrB>06a*PnknSx%2GXNA
z`8h+65Ja(>4je?_iE!vR?_}06NPbn$lcoY48*&jpGY@D{>KF}3d<hpY=*ZlMf+~#>
zIAG91uq{ydUh_G7dNU)A?d<ChDKVUv%HF(Sw6G>HvNYpK#4z{{T<(;6@D}*;--H<S
zzxxFAGGwmv<$nn5C&(cb%FV&Grp0Ps@Le}M-H+AmZD!Z+_%eJ0oJV`JLlW(k9`{%u
zhqn7NG~8P<xiPf9_YVJh%$8r3hnoCCKvv(Npj$~JSh0@ZXT6>dbGAYukJ*v9BVP%n
zEdx}<M_5KYT$HoGpcMMj;=s$x8l6ncz=Uz_+S!@4YdH_>Yh{M8QWZ#anfNVOKhXyu
z)8qDK()?=+v(Wq#7x0eb=(u69H6bIu9M*tCQ3w8O;BRlv6`b1hqeRvYN8SRfJa*KZ
zrF?Emz1MyS#{(-3(zSW6B_pU_Vgyk%P^ZlO&uKvP*X{e-C%4o+zG+z})bjcD31S-O
z%-z@5KaZD^YAt4@2~8QwIu&|pS2Z&d6vA-pQQNUfo>}{6y|n7PFEw+MhgUm-A7+YT
zg!x)l2I`$ML4X-{vaKhoBrCGC0|cduI)wI}l)A4`+uX61C0;>G2%`(gLp}zE*z8(e
zLlllQ<ZIY-Rm(#}hxN9KZZpiy?s4A$DY$eWo;64)v&qD4<ay!SH{9&dgkhl_$GEDy
zggCNTSGn@4bcq}-<eY#ky^9bb*b#)f=07t-MW4qrmv0{}j-)(~*63pM#Ti3fH&_nC
zF8@kI`Y)x`$~z*B-iMnVN^jhr62P}H#q~4Q*z9M8)JUedJ$2ODkx2>aX=^tpUVERh
zw`L?n@r^{<v>mE_NOvA@$ofY3s7Cye+v6(@w|#iAhkkt;R5CDh@}x?m`F+^Xr9pAZ
zBj+VSN)#JgE7sy(WbQ&@XKid+5E0PLS_ksEPh>VP1SB`f?(uGCQqcK!YyA(YCuZL7
zB91Xw=9Qc<e4pltl{@4D2qQ$N4nxUf&5X@b6sgvc@4d!_wAn7wZRRoEhf8nnykNh*
zWp7lPaqR58HmSXx!Fb(inoxLsQg-RYW6$kiFMqTr^XFGLzngz1zIHF}aSut*prH~d
zJ-GZc-*Q7>>@R;p*n*LbzTwN_<l8gu5;r^enkz`u$CPPW+0W&2wfw!+*kEIPscyl?
zCZ8Wwu%<m8l|^c_-RC`*KRH1=O-I~Ua`<?e?5*iV)3P6(s2dyyK<4$n?VY=y1-pb6
z=?tLU{;zpNe8~mMT4+_E@tce3k6FJQkva6RLEN3`hj^}ABF<R!JHYm>+`^|doXo`?
zIWs9k`-=P_hX?Y1Q#`Jnu;)brHc;1SWfW9*>pz#q4^&FN6w%Xn=>&BgGovy}HXhE>
z@ko9=`s&2tgd?33S>LwArdI{#&+BvEhPea0lsV|7OaQ#9_FYS%N#dmg0i$yV*%$<H
z&+0w9OY&PS9~pO2hNY_NryatDr$r}~EG@NIeshdmj_IAfNE)=9v2vN!fhH8yVwe_3
zVQcbfE06JRi_-S&%0;mkpO*cIOY{Jnq4GEeK`FcGbWSZ~GM41utbIM+U9^0O;96g4
z-e<s4S~OofV_>{IJN7^<D|*>MH}RSw$Q-a1NG{_3|Ksc31DWps`0q}mEV(MIlvI+)
zp#zn(4kCw$jX9r^Q;~BcRt^<HDaXsXh#5x2oTr@2axSOkIEQS`i`jO+x4ORH>wEw1
z`}bc~N}t2~b$UJ@uWz)eD%FBPnj?{V5j&3u&(K#2pX_>8Q|<+cEAc$KGoe!Zv4#-r
z`FM-NcL$5VY?^585l+7DS3eqY_Hi2oXoNVm&rzEhgVisXAB{vS-dR$A(;m2tq?Usa
z?j$oHc^#d682<UNb&${=<LA4K@!-fM__Oi|TR%qcxo~d~YyGBkc_zsAhvbphr(RfX
zOvGi_lHxmG0BqkC$lJExq){Hz-71Jurb>ZT`$d{1)v>m`-rw2@r0X1QThn^h%M2R<
ziY5>}w=L=p_x}=vb!;2Q;$dd2o9{=GsXlcNaGqw;p;jAk1;vcGNmY8GTAy{`a}w0X
zV=L&3!49<1;<pb6uad#j%6Jmzo2OQ~%5r%@I#{7LI{#^`?_vx28NGq^nq5M(86gjs
zYtPfn!B>+N{pfL2CvN+`o0xP_Udp}Hm-M~QY3+T=?##H5A44dZ=2Xz!xEJfS_i&?U
z`k6w}=d``FU8HK+O}}=8kV^V&LKld+AgisgE}sh;U_A*js~NiQG;{DettA&T^lINf
z@-+5Qr#H&{bn(r>u%}G?*>$;}s)S|b<A+#L^yf-6_Cx=tH)6n4q+I=P?<AD9o*dBi
zIMPV2rD{Bfb<Rm`^eG`{z7;z#zW(@Iz;P%|{!ZFcNWSL~S(Ui%w1T`){{U1Z%U>DW
zp9l+Bavz|rUpZH>U1-%=qPoZm^ls%aKjkH}KFDI9Lg6CpCL!{t#rf7vXmD}hRor;e
z{*boQ#;5b(fw(CD{n*{UL93p)K#%>K3j5%RJibATDeK%fqJ`aQdrCmTZ-99srJ~EI
z60hmYcK&=50mn4}oo$$8=eHR1G?}}wpB6>Tz`BPTfnSc3$8!uI;HA<*70V!JF1xWa
zY2GJsR;GSGWUao>MQ5`5G+Z=5J!6EuFt_$AU!-U-akGd5+|pV9aXs9^obyv%=n$VO
z;?{g?qXCkX-zV>*D+0&-aD6qlqe}3Mc%OiUKpCro;5Z$4g7+UODQG~bhgqCm-hPKV
z$6c5=Oop+X&y>!~b532vH~+dRt^FTLb|FFb@Dd2){_3^+Nw94Vc>?x;0mX}y6x%ht
zdz<l7kLJ*=S7F$z>I6*i>x;KDHNr-*C>Y_2X|$<3F^1O^^wA=?@sK$QMT^YS{oK3t
zxMYN}8yK6o=18cS#rai#Io?@br?TVeL*i+S6$pdcDw+W00pnJWAz7iMiU;afWe?;8
z2luX8+NBVC7<UExN~E$fYYz8Z7-Mb~jfHU!?OS~`+R?m`7t<(pM(T6J@!p2Y$@;Zf
zMyVm1&k`5SK$YFE>wNYB)_=r!L&QJXyC)FHH~cZdahfz3HN1if^oyJ-XuKlbg~A6O
zyCyoELRFjMZm2Q|;R-PW4ed!k9-2Hr+Kj~T=Z*!czm-CI`2YyB38m>XgL}m9_AlyR
zwHME^Lp3O}8dwy)kjjvVk$3CEplU{(<vhzAj>9i@!rQd$&C_>@C0&w8m#;_rQDS~<
z$bgRCfBR8Gs}=5`b;x<KCfGHdzE=!v)L#*D8bwSmH+Fc}BsyS{OOMqexX4HyrMaU@
z@|nt{>0&IJ!Y=gy`senKS_^KuIqR$%wXc@k)4>S5Iq&ehVh7#t4*^kOM+g`afYMu7
z>kh=#QVplBaYCmT8;O9&o{Kqrc!$!3nYy661fB@E$Rfn`<BGb2i<W3)%O2x*@VIXf
zSCUhv5ExEJF_4XUqmM-!wp}vCUAVEW4gRSwPkNscXzHrmW;b>3KbR4j+pWAl6Ii+S
zKr;dJ(hl*O-9@~a*XBJ<?>Y4M2RBkCOQToaVfLy!%RM!S_n+R#>edKEmSs%yNQrNd
zqQk5uU-h!{FCor$B(~FVD@5`d<vOG#c(qJ^?m}<%oe?Do@WXRJPZkQ}H77s}N^al(
z6SbNs;N#D5bNFa`FF=Uha4))u{gPicqkEE{t!RP2Xggt3mcAl7H+x>vh>TuPUy^sc
zd@MXvGF;Xsd#9;zlRuBKz}qfM3-iRVM&_GWP&c6xtzq=*ngBRj7n1j!vxMnbLmb%5
z3>tL=0*{o;7)L6`V>rTY5RC6aCRgpAT^3q#FS}qpByPb%d82JJR*&RL(NKODqO=IJ
zQZiSbFMqF0zqXz-HD<?pxfT$tNp#%MOwq3bd;7js+6WX@?W7fi$&Z>Mo7uRcrc2fc
zO1?%*(d-^sRIQ-O&lB5e4g_s6Njk}H=-5lBqodj{*e}(c9;tvh30iQR*7Ng3vMA^j
z|86G~Jrl$hbor8$Xs7#YAo+{Jf>=As)8BO%yHrYe=~eUb@zq$c<rYVC-p(ioKR8)T
zmGwPPqo(Tb9lRT5W`j=1!9sAJf9v%^@Az+rdN(5h;u=Hd`q_mSsno~K?Hot%_}`YE
zEZHB%jxZC-<6hPqMXItSPyHPe)mH?u!|5hTxjaLBx1wRZ`V_4)8L3OP?dxezs?1m8
z#i`o-;J<!dA+3la@*urx&#A%>;MhKwb58^u+Z|5Ew%M3#f><Te{K0Qk@Nmx1A@>m|
zzcli6Fu?-+xe`gFqu=l)7HB;or4h=0X-+dqXnm`OWN@32JAsFj;=nQ5$04r8{=x~l
z#k%fIkU1Xq9B4ySJElnKSEvSkt#al~n<PU1qF7tEsr$nZ#w=INVv&BWrS<#ek3}t>
z0)n{_3C3tf>bm`C#r=VNk+ySXt*Lx<gz^RVZzcDdW1h+ckQ)(mece=U)m5friSA@S
zN@|1VIJdTCQnJ%|tX*XB7FXq8wUY#NdocTNgP9DF>__X=*3ANIw89m~Cu8c)rSFRl
zim9X5t@+6YCPWftYmG>>rZ9I8=Z%Jlq6^dd@bS%X*@B$@WM8YzJ;PJ_MV&0xehO+#
zl&P$^=TXd7brC=Az|A_+-Jv@{hf*#w!(tr5H^wxr-QM=kEJx4LK52tVB`yMSG6bwp
z0GU7O&cljk2O~91FXMBO&>nXsyO_@ApRV5J08-)pU`DiT#>Mx^@9xY#-3O-+W>{@f
zT`$+{&F;)_Xn;p{uFZe;UiJSj9zKkw+`GJ~7?VWpDBl(@6+bauY$1I_H^XeLm?8gQ
zI)8!|7Y2=V5E)dO^FAiIJ)sPDG}#=@HE$Rvb~;Y3SzlTDlKN|1f7*yjwr%dxJUq6X
z)eiD3rfuSwIn((*!R%+6r~>n~&36|%OPp`xmm`VMzbUg*v7@qu$E4j@w!i49gHgnb
zI7_gMp*}X3==`<rK|pPV{?O*#iwyUx<4@jEdD{CHYF<2{%Xxn@DQayDt7cg5nXfR_
zt$@rGkyBiUyL>wu)Xbr~*MI|?iPmsmjk`+Xk@lS>(89+9pP60LQdILuSU0+SzuUfC
z{9}#Rjz<qgS}s!)Ow<B~H#?4O)W~Ig@&})kH?}rH&d>PV&tF!fL!`MM1tSzjCSNM8
zx+*Jnz^Sj4!JM|`gJ$2Mk+oy(47tq&uZofE*$P=dC)XlP$s!ezcbPFQXT0j>7&FUp
z=?%{P^y#FAF~`t_v}c>oA80b3+w?=6Xh-67<!J4Y^27d@?@a~u2OOEOd=)VGq@#+m
zwD*7q)Rk0CM2e)pQ7shgn+{IiRAwY6Q->SnlUb|Z^IUADQxmSDhdwV(J8co#P&qd>
z@s&<C77MakNMum)5}V?65LFiaAWOyGgvby|^0N3m6tk0zx~2is;Xys$TP0%W87&oe
zN>u(J_T0WiIxz`dyv7hb`|izU*m26HqwKPhGIpKhLCOk_$Uf2L9Nwa|_c`mY$pF>Q
zjP+SnNu(vIGbJWkHDW@HY*#XrD*3cJV++)HyzbgaY7Tjw;F6|49=vVi;G-#Kxcdp;
zxVFo%zb7HLQ(d_*^1+L$8}GN=M!#H^pk*viC=jbcRF9Z)@9Y<y+cF-A;LL`*)aHVH
zv^~J8_G3D;JCsb`1eX<REM$Kp;3;COjx?yZ$HuqIwn=$@RjQ2fPjg&z#Ju9=@$a}x
z!+1$ktEF#?H;ZiOZ(2*_zLi|~R{K^1`I^FS9ncIVYgoPKn%`k*!7rFYiS9`iAr?as
z*AH*~iz0~-l|m-GmUPzr@U8ajx5Wu!Pru-vE?50cDfMj3roZxvG&6F5i{QT~FQO)4
zic!5SBBIW!n<g%NTTHKgY@S20aIF*fElm6Slwr6=xH)6hfaFSlBR-h!ZZ+=N%P<@L
zwyA-;XLZQp?eRModJ}`?cb<IRcdpWe;dH5_^j^)Vrfyy*%{~8gKHNcZg-Nb^K*LC=
zlX%qjfZ^;_>N}>iUv=eplz!cJgZIlJMKi&xh1slF$Q(4kFDzRMhMo6UV~XGpA)+t#
z<revTjJ>$_!?Tw^civysZQjOmWy*05$Ph}Y%x{CW)J%6moyX$eaO?-_VvABO(F<x!
z%Y@JHW82j>&TSq>;`Tgv2!Ul&GN>1+W%8tC64#2Wj7dA?!Sq#Tz)b(G@L2$F{OHi_
z5k4D>f&1isUnN@i9`c?3)MT$%dZE(%YL!~n?d!sdF}uP}H|)r_*cLxjqiH)?aj-7<
zSfmGRkoYhq<ynQz{FxEem>baxy8)tL%njB3SQ}DU5nR?9=<qVX$FpM6@IWCyJ;t}K
z`^Fd+A@KIV!DpwOT2oPq%GtMYSx1{fhzN~irwwtlHV#kKj;#14txhQ~E3Nt=>ZTgQ
zhKk=>!ydOEVvAl9b+-w6IR<YqBJ(Oz;Jp;r*W(s4iyilvH9=~LgCq-D;8hsw<KW+6
zJ|5NMId>z5mM%=f`qI0zUzu8HksR~-jfS_qgTg0kSB8cCFOpOWj#KuRAnoeD2QX{a
zdX-;Cy`XMam?ky~Vi`IO=A&P=_-}+amQ{cGE?gUosO587d5Ccz!Rr_GANua=B0K;#
z#)H)HXDtHP)#2Lgg=)gB`QNcib649-9m!c7LtBG<TlPkKz`S%EwhiTHdynz_Oh>!D
z_0Tb@;q+hU>%1OEbP%TqRq=)bSc)*z^DF($X#E6a2aHr*bi@AE{Gk=U@xjZJNez^*
zRH!_W-ex59u-3(burYpCoSU0hwSh%lSUgP#8jcL5C(*6-*RB1o4btbLrCn`bmp2ur
z(QBT47WIe}iv%O-h}iq#p=ThHpFY#Cy|wY-5o-Xzv3r&{4Bq0U9zi=v(+YXjzR!I5
zE?LYL=qUE}YA8^ojSB#P37=g8WEfx8b@x!n=9I;;OR`X7(sxX*Zk(pb`jZZwtAk;+
z@67gBz<QiUBKWZ<sm;Tgf|n-`k%SfHCNy^7x$bjIA-N3*$qR>>QujTX=ksH;6FbiR
zP)1o3v`Mlhd(LzW&OO4TCV}wPUOT2AG8cMbD`;1~yA<_tAazy{TjQN6G&*WLD}oAJ
zms&;1`b6;OZYGapZzP_&o?7fR+)h{%i`qYlkupdv9#0+VbL-)eK#Hh-V$rgO3nP=w
zvN1zZ$t5<cytQA_+Y#jF2n9Q6AGyN_-FlyO_^>fy<HzU-b^pkKdxv3^@GQ0NUeKW$
z9r<^`y`WF_Wn9OHQ0bsMbBo>gETB4DRxxqgulN6?z0<eljN(I2!7UZ_^i+GasXOME
zT3mDC4#`8S({oFihTGFNe;ADvNcxp}q9mcle!Cx91a_1`trDuVWly0|keZW3liqZ3
zzjs1I!bNi4#{w9!=qgD5<`HsST}4D&kJ6Ec^z+NHGWs)RFyoUtU16+^3D?@yx^V`v
zXm+(_koAf$I|7gj^&WWe4$sO$;eNk(j4M~`eimknEYLbNcWl}-tK42<h<9s(m;oyr
z!qAb;6stELBfrRMpil;)gD2XEU0`rzim7bm^kdyv&14@gmXq6?Q3p++A;=sSxpjd{
zrd01Axy&vj&r#tcygznGg;yKSM;~cN{4#_>QE?k7jp)9}XXeZ#so)1M^=!2%9j`RE
zF6=>=AzL&)$mntZ{q)r-tj5P+wYmP=GZRYoH&n4tVc&C+$-jzjk6t}Cx6s-AeKfrA
z=HHFiZfD*T6od<TBp#p0Tn*o1yv;9vBP~>>T`bVmfNEEh@uH}^f6`oSvQVYQULTUj
zV`=gBU`Ye6_nn4;pH^!F#y9;1<kd*oyTi2MedJ1g2%KRncKIoN9?CO-dXMXimesE2
z-f1eeIJQjy+l8u4RF8}_Pt&gaQmgZpKH&P^RkU}kvibdN;8=yon3Uv7uvyJX*~8QJ
z+degzsb)xf>{i#Au45*mv<{uUQDdUm!8EGC#g`MD-_a%B^#-WRoSA40eeake;vJA>
z^0fqAY7;lPPx{PKXW+o-Es)23g;T1S?<A4K=RXjGe#j1>@m{Mx#S)x|?m;K<Z~or&
zgBs5lDA>DaJt+G8(C@LYs+;W>ue#Oq4V$}hLDv(7b-K(eGwRdQ<yl!7bLRtBit-+G
zQ6V_o9@6$UKhvyAm;e?(sGO@Us55<FH?>;7DAG<MH5fr0pA9@3gU-w(L1zQMPIgWl
zR-IFers}VC)t#)Hj23&q|7dAb{Z>}tFz$lWNR`hteh5F{+!VG^CZj_=Q?%o9kvRR%
zyy~qY_gf>M8GAn~$J~dCMQQ^n|46or0Jd7me9Vh9ab)HgYqt&S;EXZ@h1!}lvstmM
zaC|$SBChqB{?~b`NxPx^RTjt=t^rh%XLJldwu!DqP+Wz*RO)%)74~^uZbC?%IJpuq
z9&}rC?ZvsdOvK82OBnVJML)yhLI%{e7TWeQeQWgG=6Us?wCalceLtZgZu+YqN@9Z0
z3q~w~KAM4-5=!=cozgzYX;sRpl0DPeeOueSNY$jt(Fx@d=bYrh<(5DpLTK0Z%21)f
z3oVsMA8kaq6jIdQ(zATF14g_d_;7YLRo41w5UXUPx+&ZfVH=k&>)Yip8-3ATz9_ff
z$xm|LA`T)w?<PMv6AkO&^{pOO84pHK6$Qjxkjcryd7k81@OgjH{4d(QDS=h9&v*>Z
z#_}!<yFr(B61;2epNnv#AcHP@k}=;#E4{u9-S?Y~CM!aenBAg=I5+g>gw0^qx%{2I
znp+?3lLt`AD!p>GcYUj~Wy0<!Ec?^v__4N&lF?f;iUYrEv}Sp?z8q~{ArmD&M8bE0
zsfu@}I@M0tazm3nK-hRQu!dDxNQn#ZO{4Kh0S!^^xtmE5(`yTK*Oj`rLadEngRAoH
zR<ml3t4)nXzEbGPt1`DIZz3d(L`ACBANLOjBkE*)-?o`ECSPt@dXA`3>Xk-b_K<wa
zG+R;Vm-$7*@3*#SC0#wT>!@G8VG^j1(P<;S{=*F{fXJCL!#&}{R(cj*58SK)z1!6k
zzcz}lU|xxh*n_8Y8+zt`OSiUcCd*i|&Qcjz9mEYt9D6q5$F!b*tQJ^0I$hGu8J6}R
zv?|GLde#>wh?}rW_LIVI)#1WuwO-3~b_(BRra?%GWbz9p_>)sj4O;A4{SKWXJl1+D
z=k+0Wx9QRhv9x81+NiX;6W_96Sr$JTyT_vR>Wwg|a%Ak*({F+ivTqrYP^JZsZmGFI
zTwbksCY{Ha$7K4{mY^uX?k_!diY4{xgowP1M`C%Te3SwDe*U}sfxs*Ac@}3<i!aTb
zNyu$scnMnX18;r@ly<=hHWK&6!R4(DVx)WQ_>z@D$Fghnw;y3;b1J-6*V-d@EisPz
z-9?rY4${OxWx6k1kbl!>bq}ASW3LqEyae*&(^5jCPmi-?Tm!Y8xqN)!halEZ+1Kxv
zV}qfD{;>O*l9jb&QJp%^;h0~tn>S5y(cyyFr7@wnH_D`T@hjbPd#Szj(3%9l)6-)<
z6?mI1f_(#M`Q~(d{rW-MsUXxXaPBMAnd>wB&N9Uf+#<u|8Rg`v{l_8s$;-~R_iEIp
z18q_?VFC{d6W%7%L`AqGUBLIqoLkWPIpAg|fc5VjGLcU1J{6CpMJsGmrx^B9!>q!C
zS5ur@X>qFi>MPJ+GbYG${Ty3So}cEMP!{b2Dr>Z*>s1uxWpVygP?X1!V_y0@#?jj*
z-3x(w>h%E`gnZL-Me4u+`Eo%oaZA<EqA=Q{LwWW6WxW1EifoKpRwfy>Y_*fL-_Gv{
zuWR#%B)TO_^b`@yj4yfBg{@d_tLD2^tHXoW1TuuTb0s!Dn#Wn?#WI+69^-tiIMj_H
zX3S9elxJKBXgmOJYdF{skm6U9aP`g+y5pmyxmG{2<Cf3L(R8QnkSbZK`nZDi9kh^Q
z_W}wNp$j!`NTsy~);>5%eyAk?2r<ivCB)ok1GTw@mMKkJ+j>sial{-S4wm<9XKnE9
zXXVFm{R)@S^?A8*rQ}&z^p3x(5Hmh=%Mbb9Xjj?jz0UT4%te!xPS%MC@2anYCt!#q
zH&rxm%@JvnUHLY>`fDadN|1cS+sbrzZTK8(d2`B^(1vutNFXOE2uqg^SKA2qD(Q}f
zXUMfIn|p`vTKfhqEzf9e@eY!#q3~lXwdDEoOKK^9Gh(xy**%#&)ekpa3ZQ*aZ*-~-
z0EI)(5ljETf`A|vwT5zlbse<5g^ZHhf_tk%dVd07lT0ApetCw_z}lppR#l60UnRfU
zzK^fXf10=4W>OgQd?;`BkiW^SUSxrAo=mRO<T(TdzRD}98Xy%YuKdY?c}N5;8j0W%
z#7+^|g~-NG&*}Y>l9I@nL%%+0`@O>;a8_sOmU#0rQkP%t!V$hlK%@dF-{r`-Y?qUb
zvku*=c5Ahx6n)n<H3!u2OEDNnz*}@a>x<AH^SHgZ+XRdsF8Z#>E@Z4z>)R`@kQObL
zTD64oN0lZelUna=^n3#3c;{T?-)xJMLi+67rhi5JcJZ~X(6pl4+l;+4Q+FcH-N#?$
zK8nOKmGf=H{PMf*WqOu(-Nm~Sfh6)Y;1ivgJb-iZ5YA$zt#Xz77hr}Hl$PJpyFBJI
z6|B!KZIoJvj?j7fD$Fxi`!j-jm%no1&EtHfOq;hqgYr~Y{0Q60Yx*{)lJ_-NjsAoJ
zCU%U_x_mr)dFih0(sC$WKdj@`n@Sr*<gT$Tv}5<+xMYp8q2k#+L3~=xqMB9*ZWCtr
zj3jZlZl}#fNz`PmEyVJj^AHilHqf*Pl@t41DKy^7dV_OoTFvxNx3)~wSRg@tjRZ*s
z)b)63`d&FAX<c{er{?_o<mIcObdP517w19kLRu@D+Ju*@cjE-RV-r#7#j0+;(xX-T
z_ffZ^3eS+3vgC&fzxvP(D%-B^**N08W6Ku?_i!ZC82_>L;>y{re&t$&V7@)WO8h_;
z8Wy!T`OHuqs<yuc=E<2;D5TWhE<cUg;Ig>M2cXyAF4m#4G+uH$wpLSBlV7KhCU}P;
zF8LNN_MG<Dq{99?M;cP8VyH7T@*BDYw2wZ31n}g8fa2-pxF>)ri2Ygp`4Z);7i!)4
za;E_t7x6I0AX>){wE&UFzihZT?O1QAzbaQ}gkDqYV!fSv8C-_GF&zXB+m5Q{I`5Rg
zmy@+rWt0NRd~VAmKBYZCrMJH_H-1C;-j(&LNYI!^0oA!BuEYI+w4o*77@q(!XX4ow
zqns-fN%?mc+<I^}0!oO$khVr)cQG$e?YitW!37WJ7DMvCfd_wM8Ft})1ma7z97wcN
zS>dn7pvH^plK220CAGwe`_R7Tn|pk#k1<nJugc#lY_QDhaIMX3?`-7$PMYgXf2uJP
z9dk|!dHHd2M8T`b{Yps9IK49%a&yK}<A8;tv|)PTV|N4+oN1FYs8`nXM}GGV3AFJ{
zV$D2|DS1PUNAd<%*0@>HL>m>`h4<7u2wd<WQ}j~#FYzNmWxv$oOn=XzBzXF!_w=6D
z<HTDbQuTCTK4@|0<=WKvj|5nxT&T4j<=%9hwpTf_855+HG}1Z1T12q7q=iT1{s7|3
zel?1@Q9g-Pqw%<nBhK3^#=>Mb7+>d1^7m$HQ~J7(X(?krHAqQ)HP!Jv`_hfzKg|&L
z58>w(PWfC2BE1Xn$bsG4TXl~6xqhW}IchBhUpaa;iS;lWa7)wMq4O1<aZmQ>rVV4x
zAoJ=4OmJ;>;esD6MW}^nJ+zf9ZrDaF@AD(EnVg2cjQG>bt&ED76{`v(fpA=trFuqY
z9oKxzf^z9)O3#b1{fzS6Faa+A<1&1-tSkPIxznA&Ad*fNMpe8--oFMrSZO2Qyya`K
z*$7twWB%1CWT4nSz97C&f>;-i%cVd2JN&6F+-kR1>W}=!snD(oQTh)V`CtFiSzukz
zN_jVm1_g6<ObP)rwO$JCJL^VBuErgO^%)apO_BST8XmjX2ZMpjuH@$Ue7ThXhb;f1
zTm@^&w>?nfNmON|YpHqo3o@4`k8yEsA2V7_qmKJ4L|!J&fG{glI+;OJx4>(M)HcUx
zicg`DI7#Z{tu3{-0$4D`s?^V=rt^8#?U)ii31mB=v?>fdPIoim*THdxjZ=oWJuZjt
z966nyXr6J9c2n5<EMentayLDX__DC-6j6+67^hVs8!7fIWzO>RkUo&$9wYlFC@0gG
zI~n2bC($3K?`|JTP~(2k@l=ib^?0byP?!XAybU4bFQW;`e;5?}=>c(}amTvq*MrQo
zt`%sX_;7G<g^W7nbU+N$IAuAhl*d?J_TsE5e<ewKLZk+)%fxQ~Onm&%E4^u|(?K-v
zSy!XUb>PhDCyseT`#u%0l<L1@C?WZhWj3qIxsnb9MYZ-|`G=PTB$0>m>h#UUVp@+_
z;F7z%$q_veS0v^R_~I!%6A;}_Lgol~81}t+!;+lvhnubh$Q;KyQu#*vW`X>#32qvt
zbDj|)gAk)6VJhVyjgkqu(+9S!oUI*J`(RV!)_ExPWKHSu&GQfWw@B&-CJr(Vq7H9?
zVf*%OWof773)!`Gdo@X0e@RccbliquUSg5mP>LN4p}q<3EjJRN7}WT8DCv&>eNGk`
zo+pcCCaYf0o?R9R%8cR8AP&-!6{utjb_EUQW*G)P-<OwmopxPO9UtGYA6UD9(FFZ_
z$J?z&igz>BC&xJYvCx3pG?`cGEn|(4N&zjdg7dJkLABw=FrWB|2DPV=P@3;i|1Xlr
zFE@G3;3@L@Lw%yYKi99sm)T!E79u!Me5@V5K{wbnr)1r#Vie;JncqZ~?2aveY!>N8
zbnAUyXpwKwxM2Ef#WBqiugfx%eICI79U58jD9)iJcr*e(oS|CO@o3B)GZ2VURv+5w
z9vJPR=Gp$Yr=`{17vzYr=<fdeP~%n7^P2uhm-l~V_NSY^s%X@y<!<r7=k}q~V29g0
zj(bAo)@23z1??_>`K0nzZ_j$rqbhh5-7~=@%Lc*3gq8UipGg&S7Caykv-1oT8Vu|4
ze0&*AsXhn`BfWYu(wO{?(l27^X*Yi>JH~OW*2fJeg^ZdbMx57QzqDoUQbHn%q+*0f
zlaL|@)Sf4p<Ahkm*P2zi>3e@xM*3WP<eMggm3XI-cS80^i<cP6t)Kcd{GBs-QbQhf
zc@(SAF`xNEC8Ic^cOuxVV{s!htj+7XVBQMTsZU?}!)jKt70gRX0Ndn;GQN+*wH?24
zjC2|vyY}GRdg$=NLlybD<$IYcDmH}5G-w|q*efR$##H*uOdy}y(u~@*lD3!Gf23!u
zy;4-C>d^0K7&=)Mxlos-gE&5Hh_EtvK_<+x-xaWn4R5V{V*UJ+Ct$)c!ljqi!Yz32
z9BrD2XYtRe*c{s=+l7;Z4o!O2#$gc3?2uSn<#ocTBc?jXlefxU06V2@i?_X!mUpjU
zSC<4*k8(MQluGrvgMZgk`Rwre!J|`wbI-N}zC4Cn*;^(1J|=BB&xV)0IT7%}53_N>
z5J#U@M)_NUPX2OD+vP6CjUxZPt$iUpadoIMRo==lGZ?np46c<Yxd_ANz~zBPJK!0A
z`g;uMB0t*#Pm!EX>0MaP{if@4ZHroNgmw?Nb`QG#6FNYs7&3Ro2qy#6-0|r!<S2-t
zW{~^`V`@^!0?}<&yFPqzw@t_|JuSeG9ZbM$?%)?=|AmjfM}^E2{iAoDDQCInN?CqY
zT@LnHyanFt^U2QOr7nc_>4~=Yu|>E&!u=H7z{i`3W%|@PlRF4(@Hqj`H-UwcQ44nw
zMk!tQm_<eF{@W`jS(|x953i+*M#6<2@;@@irCpjxqD`1$^xVxia#qPFYfB9UbNOo4
zzh7K+H(Sbi7!?6mR9k)JbLfNNW6+Vqhr|(Y-5Wr)4lV_xTpVpglw9g1jW<Eu+r^pP
zU#pN`C_P>$rL2ePqvhDAhMgJQh{fi~I@`No(bC2t8-hRZ-8c{=iDnK1!|U~$n;u8J
zE$U@tfi&gq6{ey+<kmO^T32|!gz@6!_#Uh~XOia#pJ^}?9sI2<ePq+vqAms-klRO=
z6eA+CA#0K8HTx8-iPA|<$BtbU;5C)nyG%0A68R>&T~H0HDU++9d#gUyQRhif{!xT?
zdX3Xg*f&Y7z0eWM*y>g59a7i1q=l9)t58hsA1WCvW=!1clmq=MNdEgf);59Cl>)B?
z1(uXmYV88oK2MNm>nFY!B;O=ptS>rBc~o4{5ANd=&wJYl+4@o7BQQ(jF6ExDT&cx)
zTB{~%2Ygm4|I%=UVw`<h)AkcShR1kasE+S=v=KoFWWY2FgwV!g_?@$(wcKAnV#Wmf
zLxa*Q_$0Sdw{KM8p>r)^kjYEZ=O$zj^SKoeGYY&{<UEuI^x!`F-%e^vpBrJyiXeSD
zR+dAmM5qT#XI)`fxJ>Kd)V@Z;{A%yIk?F1wmlzi%l|DdWpah&TAKH!?>)<~*RmW1F
zXxPSEEB(4UfiK^VIxg53TAiW(F%UTjW>#k_KAUNEzkqd4XI<`p7hs;fKmD|X>?tQl
zfTK$Lc>G3<OiX3QXxeG~58+kjU;4qm9#q30cv32B^<$oHF@L#hD>#GqZh_~T0dYAw
zw`);W`Pa_fs2s^UZl{g}N6ZuI_Q?nNst$yRqF8GF&F-H5y%gC^Vpax<ZxxTP(BFNk
zi%Ip+pBn&Hr=OUi{g*4;fl%M^@Q#FBnKqwY^rF4BnrFPw`zEVFGrp1d=&#A3m*@Lw
z@N`YJ?L*j)YTG9kW#xvR3N$$!flexdR@-^%d%B>-3H$-#F_*N2g`uL+=OJw8%~=Xi
zEHwGZk?GN@$D3~vTnctgiSroa!-J>JNE$gzjrLz!ZW+1?>oG<zdrVxu=V=e2_B~PC
zuA7(q>mUwkt?auTZ3R2k9RB`}<zL<b7?TOz-cJexuj#Lr&+^tj``Ny(`_@JtWzF2Z
zlk7KIRsEt#bm>KdvS&J%%8q9dxzdvb+rX-7AI7sQy<%p#fovCKN<?a&(oCkYyLcpe
zgTe04r_&8wSNYO6Q3q8Ywc(b#!@y)s<gR^Snw0(O)xwe4BhrR5$KcSP%W&sVPz>Z?
zWK_~OO|vffr2VQJN3A+u%d1>|r7;@-GtYJjzAl8sZKVAYkwDU~gPJnauQ+*-k#}u)
z@s2(c=N9l4HO;S5+9qKLrqx1zA0*@6DydneJeWnFgq%)zlV#J3o_cBYb4hNG5mtM8
z^xnkUhHbV6yTR|HS?X%#I<eQDHiK>y0#Zz1xBK`#Q_`KGX+Q7x_ev55o|C3D6USG6
zx2#=7Vd5jko3JtIZ|PP@s+Kpz8QS_&KEaGPYQZp}msaD^`gh4Sv0R&B94em%nhMo)
zYh+^;Tq)YRwvDEu%DOYYwsEnepD$lA;HOu9V0u5RxZEd6k<lnW_gQDeW8@o5HAfgj
zzxB9s&D=60sNA_dT4c2tYP`Pae(~-|o|>C>4@^x<xgw&ORXc*K>F{~4_G36tHYjoP
zQXH<C7I;@)%Fyy5yR2rXCOPo9p8@1a>%JqtE1%592jYd;9>M&uwNSG+DL5da;joqB
zM&sX&yTdfdb2DEjhL|^6o+eg=)b0_$mN;Fx$}R43s8rcH_Q^=9hr7A!+4((zKFK`B
zdkZbP@bWD+0$L;cW)D@HBjWR%?q>u;^2u%TVfhYY&P2JPkh#h344+>@aY&1g5H4U^
z-)X#??GQzNz84Xsae4S<K|3%m%v1$j-YPBSbkR43{xTRLePZIKid^Y<>0dV%zjDpg
zGAq6nAA=1$E!<S`do2AlDE&d&j^XvQv=3jWqj}eZzKZRW#t1C=UJ~-Zs9ATx-}XzD
zA?j;0Q<>_XM>>7S!(+`mp!hhq^l{MZTC}c}^$fI$0X&dbPw1sv^3LbnhJRulV0C|w
zl5R&d)l{71PF@bYil%(^-KhCti3DwQH)g+A6>0--VN(^Nol~)%&c!HCXs&B%l;`zT
zqa4`HP#C)`R>%q+YK(Z|O{&Vh&=^|;#!ia%`rv|`AZ@2ZxOo+aWRL+Td5p(W@>(si
zl&|T7Zv=eV_Pq&JI+(RyQJqMuuxpi!wfGD=T4^5*<IXTOaXg6QXKAkW7N8H1g&gyg
z=q2tDdbsyk@9-`;vOa^R3ugQ)mOCVlz?}$Uk`1r5|B|Pk{~m`4UD^yt36SdYRx<<}
zSGr}8QB-hI70`Xva!dQzN81?-tV@rDtZeT3lj_8H3UQ0y`LM&@i;q(hV0{lo2ZQ5?
zT_<m+W!e^OPpK9~bE*Gvfdb%@5Zj1fxpLGJH)6dHel1TjJg_BBXyZ9z@sT9MARo;<
zVfMDRdk`pj7ae&$;$4Qw9!Zs62t2A$ZJ$G)1d@EQG_9wIdp^h#es|t3YWGG84z$KF
zw)oi~6?yO0WM=~A1s~S)sf-pZ-19Zm7^GgLozTATddDa8<u9OL1`;se@O>ST8*^Wz
zi&e#UfKi<^XH;jaJF|G5rhGs@tyF*B;~qCfX(3pDt-_)8G#G*c`TTut1oXZ6Y9r!T
z-lo6FoE~4O<GZ#ocr>)lT3h*3gkSDR<;oW=f~4OYp#eYi&wKF1wZP3(mPekXv;SO(
zdnQ#s#ILYYb4w|8<43@BzzTY0p14X*9LCUxs~3iQtslZDhLfG0Df!w;M(?UqDm2oY
zQR7y>kb-FvP-CO43$<>e+@K*7^!y3PR^&JE`W3s=ShKTKU~7bX<Owa6&zz>=SDVV@
zpB@G+|B86=1B3InLq#f>FBbxjyyCdk_X5ihFi89qzTvr0n634~6KY)c?C8Y)%*h}5
zy`ce5BrVH)-MPmgPpXXcWgEV%+b!KyQCM-?{T}z>$G#gsWU8I(ueAP%$HH^7mg9D=
z?{E_0#|{mqb%Pjm6M=%tfkt1WeyH)WJV_Yr7;gw0N#OIe+{^$$F;}9-^Yu`wBB3by
zc|3CtPxc=M^C~NYDzaXen@YQf*|T3q25g4P-4@A~58DF#%J&H^89R}JMTg2x_};~l
zmjd@vEY4-`^IDVg)AY3~$5itsKaolL+)d1;%B?hSl!o))5O&1SB1}(w?T-hAkV<`s
z?*foW<WB@Vg$XWQa1wfHp81dCHL0@b`fzb}plgg9USYV=2NR4?Teq&|{!~q}-8?($
z=BDtVJT|~~bj{J<jP+#0@#Bxa(IJs?T>P(&At*871d%XA4DrKO^5tb|yjMQ1E{LVv
z6sx(P6A5iYp$?TEekmN#5NImdYB}h6!uL#GW67!5F~MG6!hi{Jy_VacmHPuez1w*s
zY;EsW3*5-KEV6YugzKc5jAl_Y-G<G91JH#NjH2_IE2rL6sbG%MD!kOLO&x}ftL}}@
z+kIc{lL>~0m83<$3~4s*8x?%Fq;feVh*}H#`oML5kdW+dM@yMbIUxd1ytZy(3LLc6
zPbZA>c!r4YKBu=aS{m(ts3tEL^!IG;x5h~(2rNmVguG3XQ`+-%<M5h9>eS8yzUiG+
z?+HX+p=z(*FDkW;C#Tc5-supJNVUW$$KtKOjE_m(6FNuh{!!&UcERv33TkP|lxOM6
zxv2ZXHbeSz-(c)zQvh+L{3?&`vSYut>#bcH({}s<nCC_r8#jI$4&xPT>xb3}f35PR
zY?i-vEHon*7!rQ<=r_dnR@PYWHvQz10{*Fqdn~tBZISmKHgQ$Ab~%<yf=QUY4j%$-
zvOpWN%zLEEV=QA>U{1r^Og=SIP%=eLr{=j4Hl|y1<f7uS-t@XaF4wwGG6>ae>M045
znh)C5B$0Y&E63kV5Vgx~hA-5GY<P_YQUtLXTC2rAR}Rgu_MOc(IWP<g38DVAsX&SX
zd03@NH?ZcMPVehPLwV^53VTpi1EkvxfMWd`BXKs{#mpk<;YMB9B_o8WZ|?Oolg`?@
z;XL@e1N2X&Fq1(06+Xr20C4CT_5vh4d*ue(ntu-ccWvx<db|>=oLZl*X6AUeiuAi(
zt&j!0zgI7R+s1Jax1O<a26p0GTidJZUqtRo*ewVXl+-0OLPkTef8ENt{@2#_8sR-E
zrJ*k)=N_6{EUfFuIc27{Z`%%FA%IB1_DPuP@~yhdRrGd4fJWN$Io;FtOSYjyMY=lM
z1xfUyy*h;!`(wan->*0HvgQQKI_iRPdV|IV4lqQOX7o!W;MSK1=`}!m`hC1M%+n&4
zW5R6hWt(gMW5B<^hqC`Gu(1NmrG7W7VTh0869@b~4i4d8;^_il*XO9Fby%6pyE(rL
zI2HWty(?{t5#A&-?uD1KsGq7)QTA;kImfk0$J6ce+V0;<-dl3`i=a`;9o-6@xV_mf
zhhGjd#VX*viNm>hKMVyLvL)XZix^>Yn)opmm^&d-`tKpH-_770>`wp7jGVeCme6-#
z<tdC-Y2SnPMR6>B|1ZNn@PZrcbxV@W3pR{%_M?vpR39=?8=A#@7lDH=>u;vWbr3pg
z3aKpTsGvGjao@KOutOXHvqI%WP4Y)`lbiKz7j7s0fmUFEFBuq+A8d;c=!mWMzXy?O
zfZ_f}i7dJ;UfEt>#D%CIc%4JhX1kR?L9phKS*nGrK|2~Ybnz%zU@22<^cC@RCu3*Z
z;_O7wwn<rl{ou%m0oPq%I;g<I0oEhbxiOz?!C98Z!Hb~Jvm^P<n<;rh96SEO$|B%E
zAqR1oA^#YbH}yC)29Bh?A9X{OZIC54fZOQ)=QeW8nxLBxZuviS01}Y=1IOFb{08>t
z53KK7Um~7Lhf>7Pc9@jXmu^B_g*o<K@U6M(Y%8bH+6x&ZS#D$%7|J5LbT4N+OY&q(
zW`y%f>KQ%O?z+1LeDL9>eo1!qH-4<cauhHzxsa^assf)fH#%!7*HC<dV0Z-Fn<zlD
z07j%gtAjb-eYPu!v(QEtjHcMOX0R({q7WfOx;GSiDWLba)9|+~gCBDYt%oDWiT3^M
zCjX?l=$)$R1P$wnps3<|@pGxV2;qO6o4_^r+t$V*Tsd<|k)+i(d@EEzvMBJPi{os2
zzRLu^Lkd-v{G>M3X`*$lAqx=F0lCMm#g1~9zvm!)^9CXCc|f$)P{Dmcz!=t}O^zKe
zsc*UCaT&OI#sg*8aZ#2-{69)g(!O6ud0W!$@?08)IjN#2RH3iVrY>B;{~bclwbA2T
zeje6ozY+20K)oGU&Gxcw8zzpRC*7mjn{R#tW$MO<#GkX|Deis+Z09*%{6-^P*23@X
z$h$Rbyg7mCNCr%e4#MvZ7l8Mp3XIU)O2h+XC?!DaBk1=$@~Pihw&x$rI6Rmx_u;v8
zRYJrm$?W?tXAPr3$BGZwR0KKe$eY*<87I3CV2oB5bIy6xB`18lxYEaed52M?H$hve
zlye^w%2f)d7L3UA!!?6X*$!L|9sNIy7|zZ6&-Q0vB6ykYq9KqEuo>#bZNN!TrDyJY
zghYKQ-<t{NU2pF}1Xw6K^wtJ;(5u%%OO9|%F|JXkO(kIizw;cpIws<e;qx3p(t4XQ
zj65pV8jSdl!%N(z)kZ+V<TB3g_j-(TyvQdTmi*<0-&~6Ge$>`q(r*byB;=1BZrurP
z8#irnEZBfDl|;`Z@8m2~0qLw*RUP$HiRf!O)FrwUYWy#Izj&95k^CoMe!dAP7k@F$
zm)T627qrkxRa*;94sYXs&DG#f?lB2tJE1+5ENM_LwLkQY|8HX{fN@NOu#rLDo3a%m
zjhC$Nt3BC06ocKaj^{}Q{$B8d>4$XW_CNr>>Q+|e!{7HxS9JF&{XpQH1|qKR1Aw9-
zq8FRdAScXr8)lr*<3?f>0Wtvo{UlpfFZ8NyPwv^JZ^Z#LysuB(A5y?S@7V7p-E308
z@feU9<Bk3&ys_WVyjh$+O{c&2aKN`8{^Lq==Q*m-58j4fZr!_IVJCUkMuY9d(7nLM
z1W4{<%QScLV-J8q>PdrRx)lSx9LYM)?%~$<{UujYe(zngY2=vOC5InP8u&e0x@$4>
zBA9-Ihq4_IzWS4fN-LUveHeGWJr@L7PfrEWO5rNtPKmNnZ?FDMSo&9_idn2v9bK)P
z&v;^_vv$7C{LL9!^B<xNKq>uUW%!-`%J|7JVNOl|-ci6dVJL;sLrIJ)6p4x=-~l9E
z1;?8Z!oN}mDPAfVhOxxl;lS&S3~ZD480Trr{g*1XwH?kCpQmfjcJ;{J2<G|o(t!KW
z1$Z##O=Z1eb5ot!+y{r3Z9Xf$wfaKmJ5;LAYFB*>C;}g|`ePrRLj?bOD=MH102=C_
zHEQ22IqtD%I*!<{w+%7-B(xE&BjwgKji_5{hfVBVsu)r8Ye#9~alD0L4e_!z4!{PD
zYm)}!YdHic4ghk~lNT8(YtzWt53?WZ2?a@n_J21HZrg6GMdrFZJn|((=#9=v!6ESc
zjnXO1&@MB1@%Ytz1;sdUaW2CCL5%$ejgj&nG{(Op4Y)CU9P9cZh%_P)6!G>baM*I_
z7ykpvxR2m?tII)bIaL8z+0U0DG{{UvQ4_lZ19p=fv^G2Ye~BqS4drX>5a$a}xJl+d
z0Ep4p0W?m#SGT_#RNXFXRo1Nc-kO$xiFE-N?0=$*faUKGKsV=~_(90Vybabtv|3rZ
zSymAP-$~~pMwr*$_yb(Gyk^+|Ke&24H$XsW2+h~xpz8thl=Gwms+F!F`=JJwJph*l
zVWan)&0YX-;IK>J^|3wky;8aI*e@Xx!y?0#KWbxw>0o(<A`wId<@<GgZ+$IYo;x#q
zq$@Q_V}XVzrrPlz2Q!Dz_JG5{s7$Y6wUG}0S#<<Xm7sUOx2duA7Qh6im=Q}H{)PU0
zoo9J4gV+&xMIj}GzJs$%LzQN~32a6!oTr+|KNPdOGAcPDS2%KZ{Ld-D_9QF+-aZ0g
zFG6(odJ=Z<?gr~glD2{KzvTlw?rzf8lf@xE@EIQtc|@0Tzt`$&M}R$1hE{jb8hZ|5
z@GqY+$4|_LUKHell`t6gxq`67oC7Sk+j+@1iv4F^_kK>hxb};x8iJ-jh-#fjyR$KQ
z==8JMBK_4x4!vBzQ>pk}#_J$z3%rm7CkOyz^j_kCW^cCG&5jJ8$UR%yTM|qMq;;eF
zB8q=%6GsYF3IEZ0?TGot<u94_{|CMc;K2SE{McNV1%Losz>E9~YsWsTFOfF6*$j5B
z2Som<pvgi$kVA*j_i}(F?vm^@*PhK90jKywzq)<kur3-}1;#-h3JBF4p8gUWx^q3Q
z=DJ4D1xYS|{n*Y%jDSO-C5Hnz%4M;30!1_6@azVo+$O+I-f)WD0oXfWTbJ(EFlWWv
z2+Y2l#cg+!zO^0RYjB|p&@SFwM?LjgtEB#P2pB<;lqw7aEUNxWU}N3(ao|+&KU6l*
zqy$W`Yd)tC!@t+@WUzhRAv}nzZQ#^MGvQ-;7cm{{Dya-%rX2@P*i_MVaX<8)z-wU6
z<M{KIo=EXy*(k6-_#=zGzbOp58CMeTm*unJBY@oos0;DOp#LpO4C454Csun%_`Vlx
z`VL5J0e@)M;eRg4AcNF<z<lXplx=~eyGPW2@Lrmmn(VcJ046xjFrgUZSl`*nCs;oE
zi2X6(lYC%q@8A2AWo0yAeVc<HamRss_<zZh%Dp_&w-i?Kd&X?{Op~ZculGoM%voF#
z10)~Ly5GIo?zOwYKp*-4PdrL$lUoC^^xCTvxgdtZWAE^s((TU7(&^nHEoa_l?n&6-
zz$3p%%%f|GE!MI_`Q}tUz`LEcW3LtlSNq@V|2UOL&b8EyhS{PSiD1{d;nEsP8I%;o
zVY}%%y97p|KL?Q5&>nW~yZX}gpL&E#0PNL{$0Y0I6n0u%n0-}4_ck-NH>~<QicO87
zD%GwOCx0{>BxnaW2-yDNBK?8Hy!t;edj?=%>7U(I2!5Pg`H2jw`SM7-E0oe~&`Qzw
zmtOy5Dx|{tUi71u8$8F#nzw&2RbMF`u9H>K^M8<^%SOALWn;nsn<N_WCp9@&^*04_
zf17nvDiyL>i>w-r%rH&AV8wo2{)q(3pFt#$J^RPCo=%Tu71!$g#>KFS8HWpbI4_qk
zfw6;RM3a6!K0*ujsQpp91r^;=&wiH@e7cp8?*vBK?n37rHbpPYP~ht)uDF~$b+MVv
zJ%o<c{1y6Hw#SFrBJpeaM24JR7>L&fY&_zP*BC*gh<%VbAk||d6xLEZDY%;E6gdy#
zh^6rcm{<ycHJlQ+tdWboPeO$k$5&(OMv%+N5cf$#%sB@?X@<>s{5_>F341nFmnZ|e
zewg^-#jj77TvyCDI$)#Cw=%UemU^E4=3o6;ziE_om&2>v4a*O%@wZ%=95HII><rO+
zPU$;Jqa_)fd()&P&fYVfcwgfuFg+7;?*07*eIwwre?U;**8J&O(15ot;<4IT>CGV2
z8((6-aR5K__8_h!+2=CuUh@S8E1TTSsNU+@HRt<sB0BoLOv#ma*#1IEMH@YTF($R&
zc_0iANHj2<-4zah(MVOdCAR0tH#>8ON_T0Qo%oCwx2J=id8nGxBB{e_$l{J2I~`XZ
zR;qccUQ?i0+U%qSMncOivOAY0R*zg6+22Hu@D(|3;m3KIa*}~+(q-l{T~{i#gbJi~
z8h?;N>{phH`D%GTOTIUeU--}mx7{}r?_*SmRmkPvY4Z56`0J`@x^DZ{`Chua!$OyM
z(T*s80aqg5Vb8a#%Z7E}ga(AO%`ctkfvr1g#5rV}%*~sl>|Kg4K%TC;cY`%?gMMJL
zpt!1o!Db|Uju4r+{V_<|s8WPlw>V<6K4QLJII^94g!`fFX9n1QhoXpfFsROy$B7E)
zu{nvLC(qTyPSb|*q=pA+E);Nrt4GsY8Ulq5X(sq~DIwd<=erDj$QaLM>m$$S4}}Qp
zGv!*|ad;je)B6qPNdA`5#g7|*lUP=0o|R*c3kDUE?~S}RT|FC~zN3i-11)T{ps{o3
z$o?QX@1olN!lp2c4$w5Sm;QPBxqN_}2EVwO=i&i`&^fhIzUfwKEERz3$b$P6`{JxF
z(zpL+cfiXH<0^KrQ91w~0OmHmtI0)cwXEr56BWh7M`l+8#S@~iXSKtmL8dM6_IACb
zP}(W=@g|-08X>s@Jwn{r#200(mNy@dUIDi9#|4s7HV!4YsWUl67ih9)36er3z;PsZ
zr$&Kj1wV7rLW6^tdUd&88#tK~8AbR@oa5j04}(}@$4=z2i~W4Fr>xgf4HQeWhV@-N
zE(1`;S&B)|Sl05mUlOb2!B<EKAbqjewUxgh%=4CBWc>bSW_8;T-_}T;-`UUXPiD{d
zWQtPRUG=E5GgTbm4hM?|AcM11-eD8nhoV3c6p81AXueH9(sm#ekF84V<ND%X9{mq!
z?SAb#9~(Bdn}hv)O&>r{cF{a2M4+k!oLXR_e%%~R-%HA~iTWkuJ1;>5P+NALRYgbr
zV9^w4$VVu(LYqn3dpTMk1D|=28dK>|$|3NOfsh|fce#7e$e%yXV8!4lk{tq!_5$hO
zLEvQ$X@~CuksB~<(>5N3Np6QCa?WxI=Bg&2*a~rxw1XO-_pSaedn=_$01IlcrvQos
zs_Iaqx7xY@cz3Q44#Q4VbgJ+*fdo51UjawAVz4$OWZ;nh=BWT^(K4JHv1TdaALAEh
z=xoZWgt$AF8nNM4$J|-O`{kHFxYm~c?LvauddLve5^N#u?o)=x&`C>+Y2_oElOu1?
z{;b;W0TGwG<xhR<0%<~T20w909V{90^qFsx4L*6b4g1KauR1b#GQIi$cyc6b0C!I$
zdWRJ9R>g6U7=U)yi7SHF!X)q&m+nvB8YS8Gp{E+Tr10kYBV5wfG-;XR(B0q}w653Q
zTXLH)Fc)5HTQ7-rC_y0@jJ_h?WIy*L4Zw1G)b{F8qg)2AH{aC2UUzOO!n@8;5Ekm8
zR#L%U?BQwUQNJ)je+oS4Wy|({1Cadjpu$K{jlS`83o~No%+y*KXki;ep`K~qEr(3(
z(_6F4^N8P#mq*5szX4i~Y`W8El@u~S^-T&F<>~FS)Mk3okRI6bXi>|J4esT1Jv}dR
z)4+CNkOqQ`droa>h#P>*dRW8Wl>P%$z60@_3hK-EySIvc0MROlorXWBd%*aw{O4@q
zWO{5ysV^Jt>jfI3AlLYm3~0TTz*w)i{UA*|yx-@}jQB<PDL?xmK99fzb}I(@`{4pT
z^sf}vnr`>I<`#)L5Sd%!V9QH%c>s5{xevK*LQ(2lHL$qmev^T}2kS-+0Btv^tsbC!
zf3optCvT`bCky5r7+$=!6nI!LuVc<O33%i9(s^{c;oq`dxEdwF(<vAPnk;wmb=P3n
zQk}tR08A@7IA1vEwID{Ncrbd<@7Q$^Km&2wXHB3?bt9P3o}j2LOQnm_P?9BMa-(2n
zk=Ojg{H4*fX0<V4T%bshpR_<;l)J^RBk1VE8wa)+Wn8Fr?xZix9qy-w$3?j#e{HS%
z5Y*k5x-t+c5{Q2pq#t5EzO8KW%kr!AI@3Tb%RXO-bcXt|*ZM?V(_)~AC8Ob~_1!E|
z_mBRy`w_jqe#$t{kPV@!?qFiw_lg?wRrf%LAizql>&WA*?*xq7LU<h9J5PJlp{@CI
zTDiA*6&Yv!h2+@8R0H%vE_@v^*LZH_-j$O`Kx+<XrQKorAQE#dF|;;I%yS;SoAqOZ
z%;C=Q?@ZhJrTO}=(9i(wk1r;JMzG~mprYF_a~9Bvkck;_W?uUXD2Q*}Z7Ja~_J9t3
zKi|O@bKuA6KJGoLSET&GAv7cTVV4oHz^u^vT_^BH8P_X187vVyGp>}9_XmEa>UzxX
zLb?&!9?zyoq{gDvWRQqNm*MyKa7+1d8$JsDDt+R+kp%&-pQK-{Y7RQL;z;m1y$_9M
zpibH>x_YhzmFj2jklJIaYq?6YA-yaR(VbyV_c>Sb-2ms*lFE1^<QR-!ri~87Jg2H7
zt&t)}Wll_og?-Dbx$CpU_(<Ja3pD4{o0cCG7fFdj34pe;LXK8YaQa?k`HMU`z4~@3
z0VeQ#DX1&Iv*?|gNrepQqMXyk4=dJo(x)tjG$8iUQadMo)1+leJkkE&<LJ*_SDktN
zV@uyxeBc0;*<j?~$g_yofcc|V2#;0c>qupY&!ZPrgd6PTO5cp%EUwnCUR!>>tjg!l
zw?HQd%aKGLP)Gad<mNZ}A5#1*b2^<XH%yNT_7!Y^RVB6itnDXSfkU?_%D}qcgN2Xl
zEE=BkkT+?@v)k69tZce7z3xy4<3`Vr>gTk<kF?+<`mPS8E|gGsWLulp)}>^bQ}jUA
z@k{lqmW<s_VnJLB0Y}HErzYKjDxIFU+xx-n?ukpX;h$-Mh6KiOr^=T<2llgq>EY`~
zMuFIz^?mHpnI+kjWfjVtQdbZ0Q9R=n>e=<?BuVi+H2TW_!`YjFL%F~I;~^=EHbg}m
z%37k5EotAZW6545DQgm9L{bz<lCqU-Lzc?ElU)=c8HVg+?8X=~^S_^GsLp5k{=VP;
zb)D-vPMq*8@B6-A_iMSbb^ay&Ao<awep(w{N3J4UN;xiYnz_w4aQ<4eJb6lGU|!%|
z8qy?xKaY^h&$U@XYEF#TdY%M<Bla(OrZ$7*y~ay6N6V>lGC(D5f42a)yL{wA7zRgN
zD4o4D@KWy9L!6zmFPMORBk6rRu(D;d@{qOiRAuj&m3sQzTy>guN6vwHSw#QE^ZuC8
zH_7jN3Td+^)iUYfE}tbZUt3#z5_X^OXlToEjhwNUR1+%na%%q>^Nk=x{&1P{0Xqra
zqO)p+k`)11lG<~eWBEXWa^8(0tCISL@&@&(A1S*r62h5ZS;ZpuUk5Ll^wwXTyhOR_
z1>V_gr)h({eAHImQ<^(Sqa@d*J)lp}oliijm{p9B8F-(zCEm2}r#4S=;r2l0G<F@W
zaFCH4oNmp&MLd~*cBbxYgGZ)?^`yA2OtRNfOzb&}MhT1%ceVky!wmv`RBkSij(59~
zw;z>xjVWgK7VxY3#W2;b(x0ruu&=5Nje35o*iT+Hb>PFbl4NF`>m`TNWZuiG1$??;
z`_Aj9O7-y%^1T@AoZ>GpE+zIInV)(n2<(p&QJ-8cDcxaBT5X{irP)m<R+OmNl>DgG
zN*g{7l$44Rxu$xKvMAe65|YVYA-vz%bGlkmUjcFTefFE-N5`sv?A1(DqI{L6TJvj1
zXXeP0?VaKEJjjWW1V}>IFo!9r<oxN~o-Lbn7LFdzu{A^9oZF8m+iUE{m{}x5H+@Vn
z4KMdG)N6_^e{XEMX&{#35PzVca=rY)XGQgIyc*U)9;2m>Vm$WzPE5%ee``Xe)!@%>
zhsJ<9>MbR_<z`?(*YloO+0^9}C+pYLES?RL4l3P04Gcet@9lcyr4m2^sIr1$*g<eR
z0SEy<q5m;INeJKIVgJss9@*i55BH`9vyy8$YOG1|+M3^aSJU27ZTGP25WbB07v3l(
zcPi>?23+T8@g~ktF7(6(hBP>fMKxnvb=;qFTqSh*$dU=UyoIJGRO=~7Ap}z<q;5i(
zIkM?EK361PPkmbD_PWSb>H$KS>nO>ZuazTgO}qn|&Ki=A`^51BavzHdo)z`KDV5Xu
zP<zC#9#C`eR^NoI3em#5uag(A`zhPjEL;TmIMoZ54d-~0A8vW}Vyvg%wKGv-|6@sG
zOua~bWF+2HWy(44E}Mk{X)2#!F*MpAVotNia*q4-!M@!wh%_kGtMK6!K;@AifkmqS
z*gi;91t67sT(}*-B5<8vA-B>b#aqgUXJdU=l+4-%hRK4p*!y{b&)%c{?V@4hhWvZ<
zK=W~2RNqB+*xNU$H7!u)mIwI^xIAcl1P0Fx-Ku?|<>6KwN4uLcuv|m83{h$GZVfh8
zAXfxQfF;eGH}Q>W#;v@=mnlUQHrG&`xSspvDc+Knwi_&lanceCP;xalzPHd!0&mB-
z>$za3T+!*+9#uF{_2D_uexP7%0J07lu6;~GqMtS<Sab;7AxP@+=CX?6BhGjWY9F^u
zibPywT(WR?High$wl-k7Ms=JxT3TC@+dq!UI(FJR53mSMM8$u#UvP{X_L`|63;tjo
zxt!EzEi>IZM@i<g^2IIiM^uPY9@R7pw>Idf|D3YT3JWdUkujYql++v0Qh2s`B;goh
z9SC6b&a;@K#8Z#KZV=rPs9Q+xGu*fEL6PmIt9z>4R!Ld3_O{*wX)K#o4fK%<{>j@K
z&F$K!!TwKEJ1uhm*w4MDTek%;f8kj6L3PG+U3II;{4|*K(RIuc-rw5(nH<cn{@JTO
zP^jV6+b_qmj!b>&d%8+@`U?&;z3jZa{2S7q%4nF0@jWUvpc$Qec;-{ciEc@Zqx_TA
zT8SJwZdvQsnB;8C%6@W^DO**_oOt1vp+$n}s7#+1d|NzSeWqZ&^5D#Xvjpcw=Rh%a
z%JMA9oX-mveDYfd?lBGHA8z#~aye(IhAf92JBsoi1C%kT2>W^a@iCoe6n?_b9X^z&
zM(No{ctHjpZF{zs$}$EP8yRWQK%<JpnL7CvW=C)F&HGr5?K?DjYK^m{yubgaHy7Pg
zK3rCn+VX5_xx~jYkK}k-M*flFyo0$4yLfi|yyWF$r+AddpMzOad{eI+c!=$;6vI>H
z09I<f_cZ?6>KkFOl9-eO{CzRPV9UTeFN~nuYh&kyK(P>bStgb3_et<QBYVBfOXC#O
z9yB}@Y-!!(mD|2SapxFQ!6~A~Tldhur<g+zb7bsatB{HLTz5b`{Q^WQGKbG&9J42>
zIuns!IBa_6<$~o|ot1y=RHQRlHHc|2ntfmwHK)`-U7atlQb%2$d-iqh&T5EBJ4x%D
zbYDSEnS3^%;k0W7xl;><ZnmpgID@p|hB4!fISCc=Glm4Yk?g{$ksz}14kKr<cs_~v
z4YQK=U8%SH?&h-5vwn8o(lf%!ygy6&Nn6CV0%h&~AZOfZQeUoT|4kWEQ@QywO2<)*
zv1!+ineaWc$JyrPzGPcFj?~N0_|)wP0<TVnK7PC7+Q`Q%Uyo*hgUKqy@Z}<FqU7<C
z`sS^*QeWgT&I@8gtnMib)OuORG6R~kLhBx|cM<sN6;f00^KM$Qd8^n{52B&sL5&ni
z(GTojw$g{d?}gjpWTHpJtr$sI0vdVNOR#4u+TAm{Dwzis-SWn2h0eVJ-$olE1%J&s
zOHr-K?$c3PsiU_g$OFkgzikKZ`vL508vR)XPjarOY#t^{Lg6r(?sK*&hfR-lq+ZH+
zO=i6|J!R6d`8#d8ye7S7H|C*vIzLZxuz@gpiw0^yZC<yV@>L+lL*6lvSfG?F8H@X5
zkoMA1yTdDlz3wIb1>FYch#~7>wd3Xy*33gIsdw`g`CF!4=0>GR+1KYOpt+2wkfc0n
zzySDIWBa+*EXcJ#p_kYks*6o`i4wbl{Unch*Pw<;1G`=oAJO23SW!oNvWVM)%R;={
zG<hoCt&V6{uut*uGm6^<Q6tUEx5c)kfB~`%nBS2@G0I<tR?%-(;Mlb+KcDY>F3!e_
z1J}ZYz2(Q(vT{<Nte<&_j|FPI%ZTG8UE>|*)yHKEB!MDk?#sbZDlYjHzA!<(yyTSB
znNRgX#(LSGxRVvKwSg<zmchH~Vx0O<dcz&rSH|(4KJ_{oJR9z3gL&Y4bqj6J^-TV@
zGx78bH@5)Kzc7EkFS>g4bEzFj3q<QL;`Q&9af4Z6jF+}BlUVPGdBTdDBU4%2eI6(L
zIgZK+3@CjvLMBL7GoB4A`*PgcMFKyKMy(=Q1oh4b@bD5P>~o)Ja<GeryvR2C!4p7o
z{km`19Aw6Q3O(YIw@Xw~1Qoi{#@!6^4t{y#m7Xtho#d|PzlwM1?QN#EZ4KyjyVO1;
zd*bZ~!&nxaIe|lC`y?+AuOiT>>ZV>&Gv)Eo6r&{XKazF|Q{`f0qM%MQ@VENleL7dr
z_|(}f)8;~Xj+@<X=CrYv(p=VOD@+XS23!k^w{hs)RQWstsQAtXcQBXhbE%*OQ^16H
z!ydhNjzU(g#*OlYePK_OHw-%I?;c8Jss9#Ws2=@v6`50Vch%0ly+M2LsFb*JJ&@n9
zlF%W?)9A#D5D_B$!Nq$EEHR$-@a3s(#B-^HneZfEt#ZKB&rFtj<-gcF@;N6c22@m=
zO5N&@+$QqM-49s4cd8J7L`Cj|v3VD1naMfYcrDiqy|Hzn`ay6h*_iGzclx{APs(s1
z|ErTB#_`T+7bNNn^fJI9T2hB^BpI{UJm(DSp0R7q<$DC#(x%hWiep+WN?v}a{%BOv
zZQgS(OG?-JD%g2tXodK-vcB^gt*t-nVUnYT0jmS@Y-PeJC-#=n+Hb9`mCIz(*$q1*
z;88QWS#Q1JdGd1ZcikjCSt<QUzpV)^Bb@emYA*Ns65~yU@Q#?Wb~?EQ8*kb{t1BO#
zTF*Khz!i-39i<Panj~dklD&w#f9^D3c(CbG;A^Vo{C@do^-j{D6Gar|fcrr;bezG{
z??p>vega<zoD4cjopTJ2vnJsaYpS*;5y!zYNYJEtuAjBK6<Fedso?Ky(L{)vz2wSj
z9sH`_-MpX$I1dYHqS|Slg<UgJb!ST!LUrBaYcX0cZ-vo^L;F>;O^?GK0mj`|sGm8*
z&l!-N=GaO?VcX>k;A*FUf0F_LU=39<{$l}_5Om=?*u#HS$nLA|wb5X2KTo`oqzWd9
ziq4(oX4y~WbvjhcJfoP`aOiL+_g=sdqK}Vt?+o-I_@?TKsGC*q(fRswhvBJhbw5jU
zHE#qkM?=ecXyiyN4{zaCH=>PDXTkPVbH|`hZ!-+kw%d|Jv+hM|MdmlYEBl@nHDo6Q
z%t=*jr@ONM7A8AmG8v}f?1t^**7qt|0JToo*0)9<c1ZczE#I1+RKlAW3;46M#`bD^
z`@4QE$EvSUBF~rnu<!TLNq<`_baP$FGn{=EZG==+6&zFF^hWjeSnk+nsZ<xat9NuA
z-84$Hy~~fs<|!u`RYz*oR{WC3WsCyk)8}}YCdNp+LcHtM^wVZ<=x?`V|3FVL&2XOj
z{5U&xdqcU~HqEq`E?Sfnp0+Q}X<u5DrCdM4jISt|blmAsD_HJ;^zG)8oi1^i4)R<G
zf(YA=1GKSzM=X9q>YjpS=fOdDr%!2uD%ipAJ7<-HIoJmkiwjRm@+Y<S8jfAr<}$JE
z>0P{B)Sfyj!5<&9YD(#K|8#4xN6yatD$~h=@DX?D>h-KWMJN}il%rx_UIP`kq&7KV
zD^0GrNRYbleQ#w`0EWi5YzlI<6b}SSQg?z=zHmlGtkvPS8n`n**>yl+lXPfiwfni^
zvdZNSmAeAB+Ri-YN!H$>Bpkr}M6ij~dc?GHv-2*G)DxF<#X@3N<cNjXQbJk9+^HwA
zDYY1*G(VB~_*|;8xGAuF2@m9jx22dimy3^`VPzf3jEx_bZtn28wnjUx(V8o<^<2<3
z-ei_vJ21=~+DjPbn|$G{RxU9K#Odt2^K8k<F~!-errBSems!D91WjDQ-4n+M@qt$P
zecp4AE(yKV$f*lGuVT33&%jQB3HZ-(phenqF7ed)BvXuucg;89)^^sBbaw&TCgLgh
zIq;#nDWR;QfIdRV3uIgk!i&J5g5fkna?DHP-DV2SN0l6Bi`o#H7fq?pg5w&e8Z}K+
z|E=b!LmrJ*L7qYl7n@m=*fl3Ju`+|!CE&|)?v0o1#PpQ5>X@h|#|=W8tD(46-O-Ds
zul;CBuIV>QpZi=?-}^D!u8ceM^gZ$OPUGuYwZK_{TT;@r<RX*5Kd`}>pF43TU9=O#
zH<+X}eovqo;o-0Rp|<lb?tIo$)4tGt-_%VXOrnCN%`JG-9vrJWqpqAFn@}F-=Rokc
zi%P(iA2+|-EiP$pR$~Fb-Q$5YQ`S7$Z0$>T@;)Mp+xd~#UYJ9Hc+%r<9IG>KpSpaP
z36PqeJL2F%db>!hBX!@@6V+?ytPbW>JUC$b*N_L}Sgrex?p$$j4dLb=YjZagJx(P>
zfNF99XvGR+lXebF(v<UkaUd0>0-Wx;uCt&@{QaoIH#e2L>XEhW(Jrsgvx+qoOv?gB
z>bUPSsjIZjw(g-5x{5^r&V8K&{Y5vG73t2T9A)AhZ<y21`}JA{emi+vZV!@{O)B<#
zF}rf5O%0}OIml8SzM=YvLy9xJ2i<c@eF6_<<6m{)CI`Im+CjHUaE8tt7_y^RRQwa<
z1#qqueJnOWHEJ06c>mDV;@92y3u8?6(=C+OU4^ol0aniC{pq9L@3by<PkuXjKla+n
zj!7xdl7e^pzGV*a*I=?)=m$75$Nw3dd%+wiuwx3rd;kLu5JXdMOPoW=wOcWzULks(
z4Q8>-GVxwc_uV~kcXo3x-<X`<C%Ojsi(A(ITBz4e6Bc9^*rR85*KhYE3;1EV6xiRS
zoJS}RvI7FM{_d6GdFH7p-bz&fN5WS94CeHGa1?tDBV%e5-S{>|nLD{_h;D|e0mt;l
z`v<1?@ee%4(l)q0P77E${!0gh@CBFpp-C3yP8MtRh<}y$3@Hvuhpj&~(K7;8W?$=P
zm(=SUAi0dcbCLtu#+_}LEsG&|7NWs6iSq-eqom!8_bn8;am_W!Q|b=?0{JsSRH<oK
z#8~h4mEeA%uzhiXDB@qMZ~HlLxp<Ok1Vv;k?yzzs-W_MM|E{RRF;8}#$<tpRdS%3N
zVk|#j5IB|!7qnYc$y7Gu*0p;=PxZ}D_3rTE<=K*X)&BE6|7+e(1_l7>v;}?JuaTBJ
z@Mz*j6wvwEFW#)s%zm*VFJx`Yn|6h_e)b$K27;$Le-NzRgX*MfCo?=t&*BTcWRI~X
z8t}@WT!Giv2zh!NQ(#Y!s}fD?bn^YEZ=^vq*fd~760@;a*`2knf_xJn3c7;Y&7dk|
zP0FD*f$};cQN&#&*$ZQG?9{Ku=l-h-J&)*}T>j{g+)o9<dQsk%$?$yzgDX0H&C|2D
zCA0c)Om5lEyFs#M0(Y~hCBN)Kf~*zY*LqE`|Mfmc;BYKv`~ZhzBN5d2t?oXl+LK#Z
zpLjt3@y<D5s%yRE(;Z_>_WQPLq>1`AyDgJ=-(z$4R$%EiQlDzlp!Fa~dO_1)iIuAy
zAz8Nm6m^2=Ih6JMh@wANl-EGDcNSS&Xb>&&Y|4fh)VI#$$drk?9lK6nUftn^mo)w8
zJBYBJYta8nnEAF!D&#J1BE;i&Mj)7py-Tg~n!*?2f|?da=XMr{H^|-Z|E8<#qPQTd
zoV>;*uwKW>thFy<WgvF^9?kL2x-iED1G<~M-qcLxeCuqwNzI5CrTe>dCbi&I<*k*O
z=fp~n<97LKV%AIOje=|I;0K-0d^pg%_h(`scD^3&65vZ4y<3(n?MQLt6}}bgYD3Pl
z`8u$^d1G=*<=}!g={07ECwcYgp%9<peko|fq|SN-zKB_NG`vv;9H9vFQi9qReodpP
z!ft-!nOGlC2!|x5ncjH)aAR`Xkr|C%wr7d!Y7AEN&Qzq25)OdJMS|kkxZ}0eMRPd?
zHd|+ik`kD(qJ|P7(W4uaV8izPH9I1YS+8ZHN0oJdw1PKzAi$m0^R7K}B$ZD$?u`NM
zGKWr@K}PkAqwZTw8klUw8u7e)&h_E2<+uHGCx2c3Ab=Qwc7zcE+7WO7q}`0%8wO-o
zINu3aKs5O7$+OhaPMl)4#jt0rT_8*JQ_OvF^4|55dOK4SO@$h?V~g!esfKC7ywwj|
z)xI(%-F{La7814mv-oYd^v?8SKG%L8@;p}TXLR*J`8`9s!6&g^8!wt>Gl6X-&WH7@
zg_XnhquwdzWo!o$%6(Q}l*u-oQOrKZb57<b4{w?&M&*p;M=SN$qROGR6lG`4%5gXQ
zFj43DH!#&TcLq*#sy3Gt1fN_n=ruFT!_Aw9e^QQ5DIFTmOx1o%=|qA5_0B5WPdmfA
zQrZ2}Ypp-Wr2EW4>-Bw4!T%<LzcAu-w|?*?dzF}`bA2(BAW6mL11!<ZtST9qV;a&q
zl6vr{L~+D^;l321$w+~^9wj~_DdBq*4uauEnXwk>J6yjq{rwH`QEuP)GK6p4j-7Q6
zL-w;sR$SO>JZOA+3&-vXIoQO%22+ci>8J$`_;;?8rI+0N@p&~>0?i5^ztfE9k#E_n
z7+r8cX#GWVO1*Z7JjQAq4=T-aIk&Glg+Y-6eLk`-p<V`QN5@w6B3Udk3Ju=@uRKcL
zI-oS67(uZ}e<n&gCiO<Bb3?c@Pk!vA_E<}<Iyg=0^L_!}`+~T3nj-H;cuQpm9K-I_
zYdZyIe*qQlVa2y=u0#XIxW1FOpVs@mqk~J)`2jxUNTFD-4aVVReyH=vmnU2UyLfP<
zleZVvRZ(Pmb8umGRQM*elYK9UqLqhWWpRtv!nUFO2QF1-h;%Qq)rqEI!;24mbpG<;
zI)V(*({v=c-|89AM$T(>Kf|rpOUuo}9DL=d9pS5GKT&ghxL%EibvjLS{zJF@vOz<r
zM9r~@a=Nk+zB)dZxD&=|3U_LLJbrni<ctrFCd>PFa)@?Qc;x5K;MjQn_9$vFCV^=9
zL66#T*39Y*jK!1ZnvazX<NJ%IWhk>AT4^@)0UxuW&Ce6LFQ)O3RfI&}>V1gKKYzqH
zn1JRP@CZ0ryz34vDj0aI)#)XK<3J-j=f9MTvOv1zGaQms8~>|*a0A_)RgC+EO^Il&
zwoIuP_p`)KuNl8E!E^2!zl3AGW*kKIVk~f3rcPk`wja|sQV6#kXb6c=_zojNQg=WH
zt6u{t!CkdM>e}POZuVt9%7@BP-u>t*3f6ceat8ng2rXfF;n?t$x>d9^_Zs#shHuvs
zwZ2&0J;Eg}=cePpn<Rg`QWM{H=}t3$3F}6-<ZMmM4saIzq8oqy%TxcAgy`t<?PrON
z<BzjpEV)UkxSo5%#AlCw+?#a<X?{nL>BHNv^$dqz-Hcxfq>#msu)9JiPSQ7(-+``1
zQgl~HcJ>qSUS7%D#GW%azQ)+_SpB#CYNa7_x2*Db*WtJGwi8*G%YAnOCF#jacQul!
z4e>~u1_QBZ8+D!|pztm69%qs@!QfGW$YRWu1H@dpGb=LjlcNF}x`TLaN)Gq;+I42Z
zy3o=~!JvKXLyqg$B6X|sc&|PQX6tm^Bp%u;sVGzGzq-cFB~RJ?F`NWbin%ZPjZX!8
zE3vsYY-?Qygtx_X#kM&$A~tZq<MEzg(~@ibcPa|TxA{t{oi7>QJn7|dvCvW@EiU42
z9V=_SqE8N;GNN>h4CP3+bwlmFqWsIUHYu%qWm~Yl{Q?4aw)62MTh&qL-ClTw^xr;M
zJ0*!BE3oo^aBht;0ap1-5Hjs0MrR#-EWbNFxXB<H!jjeFgik+90B>0CJdK?vSrb}&
zC0nYZC!evm99%fLYOqmTfTe5mbjF|pCQXZb4SAaWh`lAOJ^*7mK5!k|@AZOCFfrFo
zJ8=f{VJC(KhIBQ5Y3|3`tRvreN&>jRyTX5=n3+3hH%3*Mm+h6v$2C<W=X*GRT}DG`
zy90^I`+Hx4PSd0F6{6EbB?V>xuGc|ESJJQj+V8x;0(o$V4tx+BgYndiX?uaKmCB?<
zg&oCE9rj}q4P&Kc9o*<(qW(gs<OiucP$TG?;>Y1eKC#?7tb~GXNCiGr=Ur&(j0>>S
z!{F@&^%f(rFfm$F_B7d2)+W#0$a|tl%=R!n`!d6IP>^8rst{AP0g{1h@9oLikKtrr
zdnZnGXW*)6dt$h9+sWk*yfVJasbZwo)`9%;Mzq7YjS!*j^m}cGAhnV;&em(MXsiLg
z4W>j?^?8N<sV~tDL0KbHHbNDOjt;Y%9m|qhWb*wvj^n@v=SWC*i_olBxDpNTH!z)A
zz&i3|n!RO8Br?<t2o!c_4w|mwpOxg~zi{~G#cQN?$Xq=(C$QZgd1Qkseje?d{S{F4
zmG|BxULy8tCC+fK8;4GT*27M=8f(?w5`{QGL437Nj}47fPwn~|u!i3u>)Ha#ou>d|
z4Y@7<_+)&0cwn?b!wsk}p<>lkDi3wMfBrJpckOm30uq{gq;mtzB8w?BDU`2}b1{<L
zkge2&kNO%`Ivx1{>OkkbxUZ6JL$)OEH<_E=GHZF0j~y=D5ai|b!nNT=4k(vITiscc
z<i{+3LDz)N6%IM;sf4Wq9;e@$hN#hb9gFIe9MYzsjc<6~>taIGL1xCjJbXrF>O{C;
zPG6Mq!Oq%zRaMJqHvH<h{mvC(QwaH1fdrC_N2Inqh@RmfTK0K7=*crm6Ap0Sezh=^
z>sm|+t+u1hp~~NiUv{9j&fG#!wrJ<rkdp)c)#ckg%WrcHrrHu4tvbp)2E`kwtfYzW
zGPEwwQ_tS&L%yiE_Cs?JH;d_IDfe#Sj#f%>j#b)q>#g7G+9o-Q3rEZN?q&LEHiS*T
z=2|;+?hXpDJc)kjK2o%)yS^Fhku+|_?bhpvz_rxt?9+@$5-l2-1%EMsbf=<4UCu3g
zJgR201$(Ucz|_k<YE)M1ASAmy4LIrjtG0e@-CVKtj*mvc@X3icmtP(To2V^uBIe8l
z8=2tFNbkm+PaiJdqgL>xi3WB?3tC4lL{-&jp~#1&02)*o(1hZSxYJ^!N}aD%2GuGB
zqJbcx7mOp`K0Vu<eQBlvNT(V!KCL8!fz-`v<i7C=$G{sm5Q`GR%~>wr1Dih3B|&$%
zN?TG`FP0Oy@aKRI#<3w~C8zP>xi32m#N&3pxYR81{I=Peeg0RMOG$3qVVI-m^Xu7E
z(?!FzdkyzNf+`S*7IU`6;+P>&*q(ksrD^D7fOt07TB0xShE2e@5+RC639m)ESDr+?
z?SYZEuAc`4+v7{-Sh{}xK;s61D7=-?yn|vba|!K%o<T0$md1i|jgco{@r-70OU>yV
zj&$Na(n;yHXaFK`b^h>JOQ>Fy^$1#&)lW6rM}naAzS~ZAU|O}xck4&1h1VthtJs!v
z>*Cf|OUrtRYhCWzxoq2lo#?5{=X&?hMdU4TZ%?n+e{;o4{PYLbjqyWZx$u&G$_}?%
zV&NWK`i*2D)0b|<0d4Pkq@C#z8{18eUqF(M6D;??a44be+y08yAuQ=7+(-TtW}j<L
zdzM(+k@L%Zu92t23LOKNMYpd1@X%$hnY&5X!Wj4b)zM}P-ca19D3G3>0(>R6fIe|!
zVj*fKnl%H0^L|jRD$iN%#j$WAiiG7LP{>_W<2*RCT5rqy-W=D-a|It4+1nMXFdxOL
z6~VewyOFJf(6$-~-SCgk9{3+0v1@Ykr@ddTza}+lbK_0*yy)AsRf@om^Q6d0NZz_j
z;b{SepUqf+zrRtJhd)^)<Hms=-yZ&e3rKz*+Abpbd1H=6UJEFW212QSDAd~K1JU>O
z*#I8}N!dea-$!VnN-mlbG5NCWjz!B5-DyK37U5bQ99-Rtj|EJ@`PlxoAZ=hQrxY$D
ziK6=Rfq1E20dM=l++5oRL~a%85_N>}75TZ~(pi>WM#~<em3d19%Xh7BW(BRzPUYw$
z$AMA>3Y@0zT%mE`KPY?}QT8P4`n*y7MVvQ-K72I9svF^4?LeeG8{0kM;!jb1SrMBM
z-;I17Ngf~dZ#JsEypU^WJR0e)1F=&_7;#Vu+97j(i}^T!U#YO-0u31<P{8dwWPy`M
zJwIG^KbOGQ8zoD>(W6d%ljYZbn+rWv+woY@4+AEZ^sExaP;BG1ZZ%tU!%DdGL*wk`
z)lz4rP(efpU)uXM`oel-=I8mW^@poE5q0n%VULgDsccn(@bXCJf+g0zwq5ZK^Qy*#
z)Q;<eOe5^X%DgclHGC?kzyGx%8jA=ut!+9cR6BM_?EuuarG!sJCV^^)QC7YH8EzQN
z1J@C$#5z*bOwnEv1xdXr1BHbrX*Hrf*-%P7C%qQ(sDJMfp=YXaX9igXo@5$M*os$+
z#@ByvDLS01cA0u_XYTcIyJKk<7xkBMV3_~)4h3Su`AtiHEK<I$4uBvL;edaza7gmZ
z?>t0HLxm|8{ujtbAJRjWFe3pJr8)>*hxZTRm@I03Ac1vB^8?PeCw^%Q*}R$>)_oXO
zCZNb$M23u@Bgge1)@EZ;B0JLP=4C@~>)7`t<NW=F(a)J@Jv_oR6s4=E{e343@m+;a
zm!bLxVSgkgk^3)!X%&PMzpxW(;0tDn_^{j?V$`2;0pzhE<vkbNq0{iCz~<<b+Rg7V
z&c;d#DU+;n+riZlC@y)4XA=ld<cKVC4V%W2@+h(J3px2Go>XqPyV^ciF3W%z5cLC+
zhYqz9+(OVOSA=){Teba9iiQnM3@g?|x8`sxYDL%}2+fwjNM$c}C&-nC-$nSd2>)?k
zr{x&r!-1BYo0a6OOi~RequL33K?Hm>=>S^O1a0R@n{YerG>a>*R{J%d@Hhg3lO@Th
zI+Vwa$;!H^-lZ}|r~(nRMIBk%LVm%Xh+E$|QE2rZ_XHZ+Agvy)L`%wAsUO!$8j_wZ
z5S74);ZRhKT^pd|ztt-+VDZ2N^eAxIxZMQ2BUy${=oo^g>O$|SEtq}m@p$}0y2Z85
zFZ5cTo%G3b6ruPCYgFIT_Gzb1i{Q7zRZ55qG3SM8$YD^%ZNmT;6-|x4yCg$2UzfIW
zQ_7}|acf~$vBZS_z`?>JkrF2CoU!s^fc&tJHt}H8O>?Ade1~YH!n_=l+2X_j__Jww
zi0#|pq`Z^<c<J{1ONFXI9{nSTaIt4fkYT2PjJ>b_#72)x&K7k%ZK{{aJqa<d2j}pC
zOJ4}dO;}w-9=51n(ke$ob>-kyszem_9iM@`E+UX|r{|O4asx|V-G&Za!l{|YU8_XT
zF@#)*{0N80kIsA?M`WVM5rOaS3(V|IA9vgGy?4>1c;*``Pp~y1!d^~22iMRmJ8kqb
zS~Hpm_aV3p$&P+q1DVv1ZY5pR)=3lvKRZ#aFvzw03GKsiPiF4zFcd}@xVksH;-dt<
zW2>b+uAtZdYN-aHdFz)Q32BSTp~sfua;t?+*KIRIEKC+-UOkbRS5#GWV!8O~DS>z1
zjSrPw-*y%HE?#c=JZu+ByipRK{)Slm^B#qd3<_w_y;Dg!CMt{|V<b?TbD#?q3m_z;
z>(rBxlp_%3IrRwTgO|x6@@u{>rLXyxucB{|)46#1J-C!eAEt{0pmSiT4e<5l@TLR+
zv#Ms|Q3sMLIs__Frp^sM_!#&@R#G|;BknlgimIr1coLgw|8rkSX3lx9Yg)MV|E2&1
zouc<8ZU}zkKuZYH61@42C|A}Z(VlNvSSDSm_b%sdYEJU_vVD$Cf=2bcqAHK&<Y0)1
z;-tx-1IT%f>IM)bIIPATz70YZPZX_=Luj#6mJmOPyoX>sD!dSQ)y^`@_Q!LRy)#eP
z)RaFVA;$FL@}m6sKI+MCyK?O-f4La^r3q?Y)HI%BWfNz<FScU2_-Ezy8%Z~KZ@!pq
z8Ukr1`diz3I6FsGZ0DlI>DI0~X_M5HB{v%himZEM>yd~t1ipFY|C_CHhgiA9&yP%8
zOqv$nyhtzU-0zb^2t;}UMy`4^3GozI!B7^pWveY4<3sq_BJ4!U9)><NFOMSAa{kc!
zuN9}2*$;#WZupfMdo2@yh|?dKp2a2ZeulGJb_R3F-%N{a#*|ZFR+^5LfeqE6n?r&>
zw(QMn8Wbkoq9k90US3q253bp7KP<*|MR>)4Pe5f5mI5)nMzZu{%1s)v*u|1de(?2v
zzsIO}Ckp#x?oGO{?x|wGd&z##4x>?x;Ox+Q7Cljf%}YS5v$v1M2VoNZVu8G3O$?$P
zO<wNgrQ^-X&S`A-W88}(Swrxm9H^j-`BP3R-gf=K!V`WV_bPtfo<(`v|Mh@}c(=>o
zF|(k2wOh*f$pHAwfqIeEA(9ESj0^{lzzNVvZbNwkJ?^uARRIu(YHY--d4|LBLf{3}
z^Crh%6Prc0@?L-Guu)QrPdyruIV?$E5V2y&qF51{++T&@>l%*87q|Io^GfQJc{w$5
zF*~?X?+I?TxS2X{KkZ#4e~CU6T7Ugp)>vhTCQe5iqGPoYi5wa>0y3DzfclWcN8*_M
z5U&m^Ka`e!;yKP9$n5IwaK6B|uK-uqau(b9{wiPEmw~q;YCkIB=^mwpM@d~(8eY2=
zq)wn2O@vF%j9zlok7LnX3=!)3dv^P&n6U#n<Z>xy7urI(@TcvHE#oBU*hOj3c<@;o
z0a%j`<>3;7phI!ERzJ^UIhpwK3{<}ScgXYKkL<+KBaW0%bvTSb7`Lb+EjmF~UU*Q7
z5B%>ZdGHuf47}>!EJ$SA#%!S%=BoANP4*nVv0GW`yTa&~a6b$hfNsHm+0<n?<}{?A
z#<3v6#f@=8PcUdq`c<SsRq{hH6~=u~58%KcUC-v4K&>r;%QsxWG44a-{tE=`WJsXQ
z;68J1u!Cb9=nG1^=p)|&`X*Sgg3w4WPC8pX<kwVdkahd&0-NT2XB&pDqi1>9$0)`2
z>w`4WW3ek2AAIdg@E$A*Mwv>vH4a^_?&8qXzc0Qic@wBXK)JiaJh5E%>s-YN6^cgX
z0;mg@$u%584$(DvVU$XRn=RFB^$X<7pYIF4#n;zCj4h;|S22jINUPGl1uudg4L}}y
zN3U`eta3Zy5}A(LD*UD4V4-8vrt3CCtboP~3Tv_3o4usXi|01<NN_(8VgEW<l2*FJ
zbrqT&1ZU#=dqig2_L4uD*49yz3ZXWF<HbL8xPNIWkYYKBNJ7&QUlR?u!XU8O9(>X2
zfZDaqPg)7*mF#^GB4?n09A$wsI0c(d+!~|gg(m9=3&LsAy0pJu4P_I=fj=9ob5H{Y
zK7Aa`s!?Qn2=u66p<x%qo@4iOAR~ou0YlkGzfJvqvVrW6cAYF&7JA=Ni8uVqxL<o|
zS1^gSKe1q_K2`SkdLA#f1Am$FUYEuD!43o9YTecBy2tpL&Nlwa>@QIvMa}7yP&YBW
zWso}n{9EYHJ2!-M)5<KP?2D&^O{^VE+<u`=2{MvlK}@^o6$7>O(BjFBUe8JS2F6$i
z^a#f2oo^{x213s<Rsb`{!W5j*l^CPrN826^I|6VTekoiIm&&#coC(G%xR>=tEjPIG
zycC_uR*P$e{qY^qj(#e$8H6r=kc_^fuMMR9pMyD9R*kF)R=ZOLis+s>UwI>f8D3(n
zIp3nu4WolwuUr2K3<IElT+(8eN@xnf+3o<VAbnJAYo6!|xMK$r^tf_Syv45l$!CLd
z=(i%Pu3T?nLu#FUU^vwc-KkR4s1tPl)mQu0=mkB&eEs8U@n9G^YjoV1eZ-i3_6VXx
za0^&#azDlGK=l88tMre>6t%9p*x4+6==#rwNU7{GhHDNY6XJ?M6l)HViRVb6k#3)v
zg0cCzUlng$Cv8P!uu%}>yaFMD79cJcQIwEw#$xdq0V)IXA|O01h79T5IeO3(f^s10
zNO<foFZ=7Phly<SBF!2UzW?F7AA^H_H+{%@bKHW=_XBw=Q91f5c=;bwi<z5Gg7#Tv
zQTu$p$&4g{dH54iL;E@yBF`z};BsA5dDphogBQrv1<2MxL<yg0OWBv@k=dHD-!81C
zN;Bh)A8g>xIQ+AnM<%c5NG5HNCdLynz0iVJzyS<l0Eyb5eBKkP2t)7$hd#9aPvf#k
z<o*YIy5ff>5(AVObFj_i!&f7-R*@=zhyL+|VMZhBRZ9G-;V%3;?!?a~?sb$$t1(a2
zZu*glIJkTu*9*DW8}Yu2AN>*~h29$e;W7DeWMoFnPdo*=Bb2uJ)IVLi9qf<M_-^Ft
zVi~qE14`fn<A5Joyj5l7ei)X6hz2y}o1Lp5vvqeJ)h9=J7onq}m=4F#vPD_^AJ2eW
zK@^$7SMyEhH^)V8y#A_b7ZsJ8f~8BX);}#>7UhJ;kaiMTt^zo*bYl|MgM$Oau}Ax6
z2DNS$j=C8Em|^9^23jm_)mce_ueZK;SeqrD(RNJ~Jpx_m4n(4iSO`diYEU#+8v!7;
zGg_ffA-MHPdgmcj04=;Lpem@x?YKBIOzYU^NITH?Hg;gE`OU2Rx9E2RVt%L{5?~X5
zvwqPTz<fj6%C#wwRK4i^B6?&rfJv<O2`kLOP<fF+_Jq|e&)-su%e;E}X&x6#+yO5@
z+v*L=##W)ix?Aa#$_9nJ*@tHvwzilxK70*`gga6937q<X-a)_ltO)Yg0qgxE-qVP*
z`~^NE|3H}Z=Ly}BW!^nJ3+W33f%L=zjZS_bOOpNJyCEf79z0DJiJSXxffYnlEFFCw
zkh(Lv1;Lb90rNoc?zk=w<}O7h#E7R(68ipmGZF50QLYYYW<S(KQ~%Gk13dqBt81m3
z)!0LyTDb7G=`j(beBq+&gi2+7k?WNaw|Qz-&6(y}%X~qv8trQ0MYQ7w__;b3nUSXk
zRz(Th)nc+tSphxLOIRO$WQOUCcGd9>E$c^Dbf$O5a~Vo6gr1eUaUHoy*v_!2nhM(9
z0?&{eRbZTy1ti@k+WKgOL-iB_Ucdmxy@fIUraXYk@iNKUnp0rDtSg=?0xZCmp$0@H
z?t=;}@Db@4cP@RZlCJ5x@WxRjE06wt6X-&0|07t0EDF>;2ErIOuDW9JeIeCJjz`t(
zV!(VXpuBWMOnnBzuKz)g@`|BgpJx8I?+jScM=doI<<V!RJ&!KizdrLv7kL0qEY`n<
z0rf&_Fuj;h6al<0Zb&3U78wRcgU()<|C($qxO-TBu7@2gy5R+QulM*jGBnZ3CzcP8
zT~O?>NnFaAS7+msXC11)$yzZEE+PwVmySI@8^d;q30fw2hqQ1&GLWA2XYq9=14T(n
zz!d41=)O}}`t9n3vh!)U;>GC~K-ptXEA{qmPqM3c$^<jQqCo%AD!n=ndIIm31O1<7
zSV<g2Yj&bR&$p9whv{?<54!2li<qCht^fZ@0|@68Xi>A@g$fw$5%;3A27^QVk6B>R
zFGhgGkrUrl2v5EF^%u8(IE}<d@LYfC)GH~8c?dA6)gny#GOmmWspRD-aN3uRx|?{u
zm(e<)Ccdg_#5O)6vl^+?yn)o2M}p@@^OLJPVsyqPJ8<^@lr67^QwQ~iS)2<1dPBh-
zBvz5pkOEj6&D`v(l`JhwKQNqBcEZ`1>@Pxh{Q#ZOM~b5d<=TWh+i_KJp8`)FK(6^v
z>jSXk``!K@hq0D{YcCFL<=Q=H({yONztyeF!Ch7M%Jk$eCFoB7l!M*~N+^x^LXJ+-
zOzQSM*3r;{MaEo)Bb%>Q&eD)-dFQ{ZAL<V>dM2jM{Sr3U__w&z_gJ$#D#JIK!xOlX
z3cpB20!?~I7j`>ox3fEHodV|&3~OK$1dZzaP*Jw-y6cfn>a#Ensk#5tV(PspW);i`
z5_|tkJvjYx-v$HU>yh8KZ%ZwT@EEp6igl6e<a@Dz$UE(?W^4tsE@kb8*8nW8VcB{#
zB(XkLl!-%o`EE3^`v^E(_9b$uC)_vOOXGM$Q(l2}pZ-*z8czE}kVGRb=-zxq7u$Yy
z-s0wg?I;JUnD8sl<EY``abW+V?q1iNSN~%s5Ius?EN(OmiEh5}&Py<aK5PQxz&}pe
za{_tTAD6L|5w0uL{*Hc9X6j314nxsNhSQ`0JqRhgk0uo^qxK<xIe@`!f?I?K^9Qg8
zf~j~nVhXdk5Lj9nKo|Bm*n=Qx=!IY9Nm>p~as7V8t<u(VVfgjTeh=>JksXp%3IF|^
z*8;uuf0z;AoQGlUICL@RgSp_9m}&Bm>p)(KtU!~t(W-|=x-GdLlWZ6;smeoaUl!K~
z3DOv_0D@@%L3NN49VZQz-5WcU#@l=1Iu;rTN*?87s0oaqB9+%fcDQ{#@^mA)ym)2=
zaIj!S{!_SNu_Pn+;LnV3TpNM|K90B?8Sml48tQ=0+>$HR*u!f-X||EsZ>G57sFPFF
z`HTuEe!p1>h`k-){l81(n8Fmg58nUh6JW0Jkggo&Qqff8K3UWB2pz|SYDN_tmk4tI
zSP{7V^ngbmXb695i>!TAh4cOkCa+g!)=P4VzSI7ksdrpx3GtU*Q!|wW>$Gr(b4QG^
z2YYng9}Q!a1NhwA3hAUz%{v3O5PHO5bqYQSV4(JU5J21z&_45uW-_96VK9k}0ab&C
zoU!|70u!*0mPKP1BHhZ~m?+uz?K|OYeU%iId*_oz(}nZOfF3WpV`yw;*2&z?vDElu
zYEetVb5&j?e$aa|f#{^>M~MnGaODO4FB5mYD4a`!R{j2F2%N;;9`;i?d0x@UtwZ4R
zdk45KlaUiSCVWu;fWiBh7~?-Q`G^Gy0+VUbK!s8TzykCvi$ie*!^}17{h~k{Rac@5
z0v~)&e3#Nqh7D32e~#MD7j~NO#;(wW=WO~@?ZH{#|K0AZYk;31Sn8Vn2n=bh8Rd(2
zM!4UHdaA82M$yJ+`g{X^kyypiX$zdSpTyz}lHUM?1K2!*RDz+kucmB@o)2^@zkB<|
zPaX*x?(w`^aB#u3dPa+uws3Lon4AOsAeV{s%=l!ms0iw(#{2%rlBFXU+^qYTg)%hu
z2x1At7^~O`R`Kd}s(~CHQ(Zz@9DuF-w&lVlQm}WXhlPt=rY9+ZFCESdmuLLdvj16J
z?N?e7zyWZ)0bQ@4Z4BqYD>}o|69MrrlTE~?qxx?%dKe}Kv@ZwlBB&E2Y^n(zsjJcX
z3?6a4KP5$5i)57?HS;Q_@YM{qWL`g>=S=fC*bE{F@oIp&(53O4LkMvHdJ8XN#>s~o
zP^mSUQ6FisI8a{k70GuF8qf4Rs-%1LN`>Nc?dU2b>cLdTdXdr2;{fYde|_dHRA)e>
z8Soj>#UqZY;8?=0T}L&MKFK+jK2#@?y4h*gv9%S=_@;OHa0$o|=bkNEH6q4#D|J_|
zMmEWhxM9MLo)l+z-#r4OLB974n@#WrNmzzqG?eK_b>2O>Tp7MToZKsmG%~8_u-mo<
zuS^-T<|H?J^GYe*#y|WH?y`c2ckKq~#3z40wo7>Z;@%Ny^%o&~)Ls}4{Y87>Ep)oe
z=y<Jh;dK-A7AUU(*r8!v6|7~5Gq8UCy*al0?b3n3pr3L~suY>~z-wwPW71$DS>2KE
zq0{C%k_oJvE$N5+FJ=4#W-|@N@oh|k$?D?VU6`7xxWv`hl_Ra@aXE;lhIx5$V_bf3
zmv+k2_K|-2>!7bNcZI1LQj)a#JIM`CJ9jE4e$fp1jv6@v`mBZ!=Mq84fWWHAI|AJe
ztfE;(cj)7!DaO*XNrI2_C|FBH7k6bqBCe8nBk6bY)}7Ra^{w`)Md#sPng4RCdwa&_
zywUkG{c=UgstwqJl&(UDysko46yX7=&5}Nqt98NXHtjuUjK_<ci(H<+&ThE|WbXNo
zhq^W!J%n=X16D@7j_NWDVw->KfJAWKlnR(_&7QThk|f}kgAc-IeEh^{GQpW_Gb`wI
z{sVTKU(+GPH%W#YF4+q8mvL{@ad9dxGZL5$A2m`#S$k&=exQ%TidFeUJht=pMD>26
z$2*tS^dvKs1lBEvg2T{{pxP(~hybH2960bN!J*K#AaDX4=;th;7C(57J6(Zo?i%hU
zgda+8_Z?7lx@?K!I?Auyi1Ih?Z~4iEa3qj+ybV0>;_d)^_QDP$!Gc)*?prjs1JiBc
z<HeU|wLa#=TG(ll$8>n{YOVpEP!|{1qILuT&Y^^{=3(o#S|cb^Ia}!%2ZGsim|266
z6;#c*Amh@G8p7F(m<wIbZ}<%Ez7|V1MvDtu#7*|xeH#7Fq@Zp%WqM8PrjDIpUJB?M
zN|1&Bs}uGs2Krz)gY0`BF@{y>T2^<!sLH|^RsZd$QtN5Y!G@2IhAXdlbw%(BJZ@kS
z3vN~aT+kw>u{HK6pscd!v6i6C4G@nw(lyTb_90#4fTD|5Xw>;JvRT0^k#`AC{^31@
zH1RmqM1I}mQs!p1Kg}b;hX7>a2;wYzWkL6xzX6dl`)tU$@K&d?ZDBE*DyVNsOVy`0
zPNSFJemlo<l!n487WamQ=WgjnIM*4fZ16J0*%$9H&Az0*WJ=WKSq=?6A;W0Awhb=4
zoih7x%0YftA<ULA>xT@|$ZCYSz~KJyjNJ0#*{_S6^uK$N|J|wI<4Bk=$yNJBxPhId
zXIyB&-%df?n4zPGbzvtMF+4y3ifU()SQ+CTF(ny+5pyNifBK=2{xTwGp<T{$g~639
zZi`_OV}$xxj8tTV0=C01m~ms!F;@kgn2|eo38vcndz1kT9qSL5L+l}Y-dN_XrrEnh
zWl#*|XS|J!mkb0z)vJX;Kv5))>@R>HnWrYdvB4e;Q8k9uAmNw#ttBJa{Y4{Myh<H?
zHyLkA#DuTJ8aHmth2kAYvM-q~UG#)yA(p?*eE$X8sbNRnDp<Fib+{U}(~BUHJ%?C9
zB1gg&1iGApT_QTi{$eIc-I;%WSLE~Isdi!ai?POrpbcN*CMc1n{__@KsZ%P=j=D?t
zol!hP!A`t4P?KdW&HslIV1ZIrwjl4yW`rw<I#}E(ac4riq&#pMB-AUpb!0g<a6;?p
z_Z-*8lk`tE5I8XX%?3hFvc7C}AuwkGup0FRwgN`hnkMY}C#@z8av%H={LR8Yw<Tx1
zT3%Q{*}nL&-kTk_kX-<>8PI~}$O5U<u$A|Ocjoueg&c6e{oBs6!sd|UM1;ST$82T{
z>K)iXANU;Xp+I#8UpDae{qM!V*Rv1SGATzT)yB(8L{?ZT+BHA*q6jdK9{}K`;I*i7
zxuTm(pR}MDPoEp0H1F8#237M9=KvX;il*w&Rm|U?P}JJGplfW|L(e%&FB~rwu~n?w
zZTq+s4<1`=|8)5MgOna~vLhht$G7q%I6uKs6<Go-{tUdiYTg30sZqS6*I0jKkRY7n
zXPUHuYap{b5T%wN4bY=Kr}vk`q-*&0M7DCtd|1)Ss!`j4a0(=wHwT`L9BL%~I!O%2
zeyb`m0YGRX1Ob>CWmN^SuV_98WUSvb-*L^5WiSE&;{Ch*hvJJ236h%I2Ob-dyth*i
z7>$1#)k<}JZ5@Qt>Q2(r2YrJtBzYiv7oR0U56<GRr7!BysBK#OH2l!yw=TFayR)U1
z3|hP>D^PEKToqN!B){N%<;j#V>~*r#4FJ9ne$HY={WGXeC>^AS6om}^3;GZ1n*AZY
zbhXOJ6sq!A_2!rSeeVGJ*YZTTAqejkD~5X9!Hq=My@-9h)@fjia4lP;6(J6H==xy?
zbUyn@_@1JO)_r=)V>b<7GFFSv;)c>F&vD1>k!7Q*oFob_r0xE^R{Ld~DrYRNH&3pJ
z3%&ZzPmo3@wgK-k8RqY%<WUvf9aZ@pXOr%S7Gk8!fk#<u>lvV#azBq(0xZGP0_i@X
zN+X~2L~DaI97f>>Z*Be1N{(rbP<TD&9IE6taQjC(Aj~UruoW!2O76YiqwYS5J*s*5
z|5zKiH@`npeCeg3hWsImQo&5bn3mBa8ru<=T-2a;8g<bUH_$hY(Hyh3y3IBw3Cdqv
zINfY%zlPx}`0q<y#srM;8(}*WK!@e}?S?dZsDj(T?ie?7Sh_F!!!Iq&TRN?n^8`m=
zCve&t>?Q?Sk^K$_QGOdpUlfAbh)r{@#_?i>VOZldv(5&4hGQ^La~3H(HUDElfWj@B
zpnbmaz_!$frlsW>j{r)h<tC4`VP6o&%HKy`R!U4`EFTe3ly(>n-XbW-Loob8C(B?#
zG9gcYJVNn-Ei&Mo$fy8f<6+v3ZwHHBd?OWM4O-rXqF9?heYS#075ha0|6CDLnEaP@
zi}t>M`BJC#Acu!yPERN+sR^JkhA|%UOtys()gC(2CoS`6{g2or-N@1FD*0hAh6c#r
zU9<#VBp)IX3V$12FIC)4r2P}naBU*B(Fx~<rpbioPNP>C*1>S*{btKO{}Zi{#du|U
zhmnnf^b6Dja_W&i;y^2hVsH*o6$hsp#$r|;s3&iigemtQ9MS)GRcJ%$<6-MR$DL+l
z>z&CZ4;0-13Y>kLqhbnq6wfp!Q{-Oyvg18EvoY#2dYc%?J`Bppl8jNPkx`Bv6MChU
zlQK)cGVKz`khJ}Bo|4jU?vG><V^Bl$Za{JPo87bBRBp+x8Msw>24}sM>k8*$kdpBC
zubS^fCyIF#4L%M0!KoxO1hF8CDHaGcL5{FwkgTBjT>8XV*l<_TWbXR~TdbS@xG!HX
zy#wNQkhazBZ!Sa#W%)R4Qoz&s&Ef2^ITU<bZCCWfO%s~uKP^FTBCNrT?Pv?OJcgUD
zzjRzFiLt!<_Z}F7SR;YCFTi6r8d-oP`UU}m7Q8+4g^Lj8T8c-CWfY-4-|{^5Ra{CP
zFbWyx`oDueK9DGaG^w!4g!zH-RpRPQyl<pKm=Kua?a_Kcl2g0<{ZwUZ54tY=#jRvW
zr1(N?C>pHgDL8ANz2i3~0Yt+8u_gfimayQ-J(=~g<aGxZN4@cQYb)~lBMw?6?ks5k
z;nGbbT<R#g=F%Wfw=Fpy#XBQb*0~>|pIzaU`d<S>6FEg3)UoU?KV2Hlu)&dmzis`m
zl>tipFISS*XV5yp7oiv|tV6Y7CQg2Z?QSQC&uOJu+zMml9>6l5GtV~h%tjH!QR`U`
zI=*^?XE|iP9RB5{DQkY`G_nt4o}6!I#pbp`U#co`pdv!aX}s0Vh!bgd&>;Zo>^U$f
z?*VEH@Z90bqua105)gNSF&snin8RcLiQH58e9I5(!HTKSX_w)b18!72s`gLqH%=??
z$ck%5p7wvL3;qU!gg<+RI8_}j@zY>BI~j9VWI3<W%?@Qih2WWY_&pso*HMe4#$+dT
z9i{M%<HReO6qjBk6awK5{tf@=?nDjCkP55>XA)vwhI|}AuUs>4Z`WORP{F>r$yv}6
zJ!?`IX%pvUZ!x^g!Q2VP>+jTLgdY?@AxF4@!{QPO!46s#rN>TFQa`3Ym->6(`0%P5
z8p<O;N7o0E2;%06xWqFUC`)DeH}-&3=>rI4k70h6Sa<u?nhzd)(0@v0e|H<GmlVt@
z`1WDWR&CbEuJInF5XhVyNS}!+tF(bZ1ZDUXP;_Bn{(URlqmiqR0ZUudbQm=WMK<w0
z#H}C6Qh_A>JEN0@Y@3nHNR!zHdEQ9r(K<Yu{2{v%m=cg5+4D~d5WxM6APUj_2<vLy
z1!$2J7IaHY1V`S#?NTa+uoDx;5RE}rDi5`Z&K^0oWwnvS!vmrF<@@>>tKNa2Kl|Um
zK%pXO#ETqIBzxrz40wpCbASA!g^XD`Zot)fFPZ?t+wZ~Ai`cz7I05Da=g^AVY8xHY
zR#%X{D9nt`>@}P{MmHx^Or&ym&0R4QF?=4!0lx1gl9>Iwb<DzQP~z+{##nX(c3^%E
zkaP;T5Hd(3%m`$csP$$?_@xlC4N)H!yEYT$BAY=YuyEOhzEjerH}Yh_)&oD!!m0kd
zGYvk^K>cCE0`2J%>i;_m39vf=hLGwE1l%L9`5Ue34t}z_%w|ibe4t)w^!kCaI~xLT
zdi?yfD!$Bakp%Q_&=5KeFc?`t%37Q9q5^w<y#3+83M@8mAQ^hop5Jp&Gv588=fY@p
zdnoPWg7X(QW@HWZ|2X|Msn8Vt@@S-YHsuv6<OVR->~KdB=<P4Q#L^T1e_^j8OTJ|z
z;<wC!!2i_U@O}ABr1GbyQ+bW}lTF6u4a4J@7g?R^#>ZiXg`ohF>%R&s!o2ltj>!k-
z-&t_RMk)tag`lDH1M^WHUsXwx%D*D*=}GT3WrLT}Cjgib1@}s%`$VzN-xv{+l>kKm
zeco%d<FwvrH{aYc^|_Gu(fll3n2R<$-$$+FM>4?ZO^ut4<y^lth#o}pRn%Wh-YrE~
zgoa>ooURa^evA4edN7k`hu%KXU5nIm1`*V>{KZ~ba?Znt*ub%t6%wh|?94ntCQM=~
zkE6-lGhWK)^6a!q+<hjL>ZvOOC_>I3Idwd8G%0EJwfDQ?y*=I=<Z&gQAkyuB98V__
z(yn(U@+#hG@~?a(SM8u|&9Kd1G9X5Ebd%1!4b<SMsJ8@b84?fS8$KI`I4zX(j6VK%
zh_H-5t}DB;KHOtse&qR@O=jqMCFmVF*1l_i^6pAuYFv)x<m4x}hbN=hT>A%=f})7=
z`(bPgECGAtKB*U^vo_9?UlfO_O!*=xwwt(&B!P|;ZIAKs={6H4sT9`<6Yn)s*Z^dW
z_@C%Q=sSZXkBDJ5JX`T<%vSJ8s~@W2IH;uD)i}k=<?=zbVIryo8H=@7Wt|FH+#n#U
zNYoCQQ6Z4^0uUqNKK>cyhIXC7yt(}JerVu4F<IYRNyCG*5Ai1?SXIl83Em-a*)x(Z
z(yn#HAcnlhy6hmPao(H<d@25r|GSqbsk#bmx&9-wdf~BmG^wnh%(J|&u{Oz=^JORg
zJNw1$+w}JB)#E!HASd!Y^YSZl%ENsFA#M7s;?CQ*v-uPU&qq8c<L<tPD<dA-_B~&g
zJoeS{;l*cfSL*5e0$*~|+T>00rb56+a#gjrBR(oxu+;?yD8AkTGQ=1oN@NXnK*_a!
zq4lv~FO_E0PT|n$0woj|_)tGx-63*DK5Mm(NBWN2E`4WJrmQ!|78Tp!v(k8Yz$=i@
z5#?f)Pm$ux9?WM;aT)kxRyjIZF8g;;yHp<--S4I^o)bfAG;RrR@V`!V>=vGJ+|EHi
zYkMQa?pE_zl@FU|n^L#_7>za!4tEp$751FIjv$11nE@Q&jONN99|KW4igGOP)kU_g
zmeiT1&Cf|iO@jh_7+F%({=}G>DUaC^$9!7Wkj~R_>zP`W;P#h41V==bZY9mXsAPZ(
z4=yF{kV**Yd~Ubpu@cwJ`vLbI{yA_=$DA|gPDaJ1#YD?dn1q4MoJq-~TYaVyKH$qX
zi+uT>?R0s($!+N8-Dwjt2S^ZbUd=BDj0_1vkev4*d<23JuN-uO_T67fkUaCV*6Xoj
zU?nnw{;y}N_j{1}cfAm-cZXwS%(cktm|UncrM1TU!O0?f$VbKK@MpnU4gYo#_tpLo
zDgw-M#z78GCivT~g0>wwc+jzTG0<rdYxs>l4DDja9EJLtnYEe#y>H1_=VYlT7EO;F
z%bpunYoAr#JL2gy!jd%--M#s}sShj~Q5rKO46fE65|^wo*(<MCWUzT-#}7lcWL4K)
z{<?Z;e(FMZOZ@hk4QG;#rdyADpLuhoHHp=E1(O(9-mhybxLX=xHYuI%J@Z4Ddoyau
zvNq*GwrBHP<1Sw(#a(kv`PQAO*GU_|C;7U4Pyj`aH@O(8236(v{4=t*J!`kh#eR=q
zyU)8EY*})N%;8*#b>*yp@OhGsogg*@Iu}iGknrEFCYr5(tWnrC>~Vr7mNoSSx#M%G
z>o`W*c{*^^i8cCZ0*xKyoNeq7wYKw4=y9B+-prj;rMRvfg>>%>zUjzSyp1b+72)rN
zV$$OwjI2p}6`*)XPh!8yj^QU46hrx8;K23M26V(*=|(PJI;16t;(oV1?4nekdf1m-
zQ&7&%n%XC-hdNf19*vvuoP`A5eT1`y1Y3iyhC^U|(2N{yw_Z9Hak&J&pecucBi$2U
zIM`|V6X`r)<vJc&RYl$CNGC~<5Sv0*<>dZb5Nnm|KbhZ~d9`FX*LHh9b!7<H6}9F8
zsL%n$j3A!-^L1*dArLnluL_0yFP2D1BL`#2v4;rq`!sg=O38gIWrRrc-0%Rx8i=Xo
z@IDzKYdII{l=|vDt_E57{p&Uf?XnlQNeG~YK4b{=9@q5ZSu8HDY0&neY93en&1!E_
z!JUz_s`V&`13SA=dr)@dtEm5z=Dmlq>91Sr)ts}2-*Mr2!0nie6ZU^v2%m35GK9Aw
zw_p3V12d1fUc_;q<@d!ZR_W9#pWA4-@ry?bz4EYOTWZ8gZ|<J^qWWnyJ3_##@ii~M
z`?sSYiGVzk@I@vdkO5grxqH^=L7-E>sN?nVEMFUs4CxMn1^A(YY4L!glZk7J)ZUv`
zHWH$ZIYOL=8x9eDwZHt_p_xXDd0miT3S2x=4b_b;;=}l)?ZxTq5Yu#T(oL8AM<;ce
zY}+s;gYUp)N#x5;ytMC-(0kR9EjSx_q*E*z;w3n)8Ke93336(FiYWaCwDor>pX{j@
zzR;ZYmF5ltbu+;)hu&3qOXufT%Gb_y13ST>CKe2z@?@&5h$nMIqzRRV>N}s1d^_JQ
z@X)ax9k`o!a~iydGqwzPa3F46GsiC}^{?!Py#b=WSbTQ#iEax3L;LhVOhK@7oX|n-
zFGs>EODEvx!yZuYa~>CXQfQzT=BsX_8%<e<{GLD@7~wIZwY8p2Sq<oPb)udG$X)(Z
zV+5xQtPyj|hx_eU9jIHt95GHcxMOiJ#<e-{t5jfT))a@TCEdPaa145)&u<qccK|Si
zA^j^-TbHIU2Izq7i~sB>hmQFqGJ#G5@&YQkw&alge8=4SXDw7O$mAMa{^(FtJLL^4
ziLul}dix4JW1nQ@f3<nkZ{)A#E6yDrX<#-M*_2h2(|zXd|3}%EKttWPe<y3!N+?-M
zDG`#oWlu<pZrcp9jy6iNuY<9KP-sC()`YPQlCg}jBqCeZGE3I6&e#WI%=;bn+|Tp8
z=YP)sea~@DnwjMMzSs9!KG)~^T*X?{;P;gkt=*0v2m~o!OAklFhG19k(Sq^6{XYy{
z#=w4cWfu%OwM4o`Nd|3|yJ{(8&4{-HPs%}VN>A?+sx_`RT_8o&yn>+1d=&7nhpIkq
zHQn7jPbuo+xcMIFRAKOpupSbJi>oZZ>u@%fbQNR7m4rxG*9uBn;rdCiyc4t)AC3?#
zw0T?GL1}zWdOU)h<5;blyuDI&lB%X9Q=_$!A{HdF8p7h-R{j;M9`7JPbVhWII9jtf
zZ@{}|23M(b!8T_f(sM4mwI$edSZMuR{n6%S4@AK;sBCUH9xKZ;ZOdL@x$i($ig7Hv
z?!yLd;R9I7jhY4OxsN54=LWaituIY`PHWZ|*Qh70drNrQy}2tdv;GO;>x6wqohwqG
zqVz3ozSckQAg}ObrV7oaM79?i(|R^+SL-^d%A>#|O6X^U?@V+4S6`9wo~GBb_%+)q
zfw7<1#U3oM{wO+$TtisSC~<GK<s70&dS=R}lFaaHb74&Wtc3w+?S9VJMTl?FdukZ|
zq}Xr-0A4RcJLo$a$%EWs*23POuA92Eg}i;{XWZ#OKQ{P{GS@)*(w=%O>U7e3M%kTF
z9g+QkB7KjnVU#7Ga-%0pHWG;U#KS5D=>oUNMj4a-&6&0Wyo!HKb)Eka^=nIaEKEs!
z6`nCK|23Uwg_@1ecL+A2u)m2I?@k{kvB@!7b$)PGX*c6Kju{Y}W!t$1ld-N0u@u^<
z;hZK5SUc#Ee&sfq=;A35IvE(@rLm}W1+7R5oJW^mAAUz7)vBp)9oqZ#LK#fxM_Lqo
z&f>mER~MHWKTucM6j-|P8u3kx65NSPb{yGAE1d+C8#`N&adhCyN59587r}o$u+__C
zuJa+9Cd&NHT-+wpvQu7jF!#7!>-Ea}06_5JDo4)owdB|m@*Obc)Z@L;`bkAgIdHn<
zL>x_R_Ev=&5V720>oE~Kupg31zS!X<u>eLlD8E5c@Edh9JSl6)T>Ww}Uv^_+YM=F^
zEz&|%t9y3M`H!@&HTd{oui6JNZNqJR1SnZ|5fb;Qni*y_zQny5;rEwIJ#CE7<QcHb
z+B+K7&n9b$QWJ3TTWiu&HDFbcxy5a6waa*DR0lihmgDR4I^xnn<ndeXJ?`IrnAg9|
zDdM#PVNkFPXsqoqL%}dT3YN(j#?$Td&$J$lbPveifJ?f{pPj5bC&zn}#HTH{#aL{M
zNe&aXPzi}RC16{Ya?#t5#6Lj15m(0pXERHC0}IZrBk?FVUG)CkG2f(}Yp)XPJV_l>
z=TOn^tu)0mS4WYh8l!4567ux*z-o0qOH1d^w}3nMc_g85g6k$~lOz4uSJJib-H(D2
z0!tR-q^mM~q6i(nw#Vj!ait<Qvduu1cF;5>HnvdYpp!`h(BF#1pxuNIdMJ&&$fQ+j
z4wm<Kbn*L5RVphy0V)LcRqrC1O>%!StH06CM8)q)HnkBU>Y+5h-y+U5`m;dZrEq$3
z&U3Mq^SCf*`n#e@|ElZ5;?KkSz3oQ-xNRok2c#UeWXBPPype!kh=vM46_As`3V)v}
z=`P*11+V@^dr1oxt(LGx6-O&tjy;M>s?@2eYtLNXi)ObX|NM}tc+f5XPK<OkJPFmQ
zt47PSIcBoFmFYVYmROs-TvGz8SZaT9fZdrQ*f<v7ow3!lEg3w#y&ZUqd!Wg6711dt
zXUA)01J&031BV0bl=og|CC|Y4yFCk8DJewTu8HnLq|1r!_4;?lYsI2#4nT@cI$I`1
zU($2N$iFrS9cv!7g=Ofvmz<q6wlr#a8Vz4%w>#C*ClQQQ%2&<gc?;MH29}RY0a)($
ztnmNZc=*rc_!!+3y3~<%eYeM3F%>`#LoZj+f&)8lXQ$B@QG4v~0pym6Z~VWd#mtN)
zOHk;;Zjel880x2<_aC2Bw?C)_Uun;#p0BnB6*=uCKArJ{j_o)Ft0Kkpbc1C89a2DC
zO`=my+a7zu*T>lZTIRK2!rb7!D3)2=9ufyW*++oioyR<22D``Hyg_Y5L%eL9AL{#g
zehB5te&cZg>dFMgRe0b43Mhh+;%8r3K74)Y{8bNdW4y}l<cugNjPGuewVb&16DCx+
zVk|3II6k|wYHc^%Cu@n<;d$Cx+(&5PBt3f~oPVJ3&SIN7Bp-%x`>g6vuU31#?20XI
z{%1x%@$f9r%MI#|6X3Tb31}XhQe`L<FyABT%oeQmj?BcpQJEcdvbnG_cV%ei+(gN+
zZv@TFq~QV?4hp~hW126gN2PRbnTSipNS}Z<%#hp0sA07k^*kVxt`3(RI>z&1xy7fi
zj`)}224O^8^yA(U{qsk!pO`;8Zww{3M_j(+&;Xen4g1y1)_4<gMyLXv;FXfnNEeA>
zOi3E8+4x-BkkpKIp74>_+|hVAl+LIR;;=OyTZR@%eSO2&XxuGw9fE4BVssaOr9Md`
zcHp_oATLCO#*1BSx!#09g>M8zy?8@af2JlkRhnnr=Nk<cB;!hCn9$rpTD}wGExp3W
zZF{A?g7G`OvbVFGtnqHM-`^bnRg+hZBLtKDBT8%FWBKOm#WZg7PL0QuPPXaly4M$h
z)?1ganD5`+^w63S`R=7g9Y2#F7X(bm*|Gb+dw-F)v?g?)PF*ev^Ioa?x$#M*WnAQC
zkdy&i9<GUO))3H;=Xr@FAgC`J^r*o3trM{*@RCU4Gm4i<6)CKEb8yM?!ZJ>4R(Lrk
zNT=#7{-kLqo!ErCEmY|BE!M+!GDvjO`=xi`YWR;#`L6vRczEi<pqs(lmaC5a@QcNJ
z&>A^5O;s%<#=Mk3!-gGQZHZt^AZk^X`#0B$$a)e^;x_Dd*PcXzHFNe_>+yfjN^BXR
zf=47_&t*%m_wxcUoVgpK9t?5r%=Fwk47#mZ|3Ls`@&OyKL$f|J`DbaMfqhr@7M>L$
z(CYFt$AuYzRwtg5>^53o4<gQ>wwABS?R5EemV-h+Aa_=fv4NQdCbSFsd;f-ZcUT~A
z{)W631vC&4tCT0zvk3MEMcRnTR&QH-F{REO#C;;3urW}2%&1cpmiZzvvUZh$i~c&s
z);I`#4V0q-=(s&!yF5ii#8BgA46verU9JW;|6VuA8Wl;(Pia2?vsA~S-2$~=?1OQA
zRstl@%u^f%<gEE1PHy?fd2(76q@%gb>ue8uOzB5(TP$(y5`|o=Sciw7G0v%;m&AOC
z?R6G~vkEKft)$Pp2fA%{E5D4GH&Eozx9AH$+OEd^i#+D_dUVihI$$C=I>GyEUCLhw
zS5cdDvoo%~i8SF_zbl-+CJizzp7u6-quC?B`0=}Iob;`N-5mrHmWmqRF8#EEJe@sI
zMZZDD0gX?6cK_ocUbc!d-*#IcvmxoTZ)8Z?jGq1gw8tu$@n+ywBRkmbGF=_(Mr^J@
z1KeeAY&2IRUArUBm(eM5InBLa(AHl2(Mo<J-F6NTeE%%Y1Z=Q#TaLzGujvwUF6v1b
zOLGs5r*<7zlu0NLY{y!omYU03=ey{C_r=aEI7$T-YutXVK^<AP_qT;^50lk@@4Y^@
zg}u{B9Q1~}kM9K?XGk+nu^kfRaMNGntLmr&bctWwHp`UbY+C!Apm1RlfJ^4iRq6Ro
zw!VXtS$`gU7xg&YR)lzH`_Ma=bst3XK`MUaEv*VRTBZFiOvo0ZKIc;jYZjQf(^V9>
z-&5yiHG+V;6Zza=cdNSR%B&qDv1XdNOdGUGvGG-$;^9Z5PFqaxW@S*H;@;dNczzTd
z#$1nD!fNb4R%)&OoH~J5Bk#NNcviJ*qYT!+of7-iF!%XY?TP2R&hqr=vp5r|Xo2U&
zH49?#dy8v;^31sbO)r;9Zvk78hn5TNm-1skz9mzV1sd2n_hk!B6P;d40LcB?j)L52
z=&@#58Dk}v^I%wAB4MzNva{fm9DKiz4-w>q<GhRi5Xiv;y|goK_zzRiYy@O;pr?8o
z0w&v~ezOOek{HY!>>s}UySy{!|8O!vBizbP{a%wak3n%2Em6sL2bsanjVL(ti+MrF
zKoIVv7yNK?zDF+7wL2_xI2`|t0y*OE@)z$-bD;3pT_oQaa#yI3>ihj@JLXoAy|2iD
z&Nx05K!+~4X=rKjL2~A<eD&RWZl%yRO^f~bwaejlr0<X@g^dF?mrkE}f)4BFwvyHO
zdTf_dt1`INC{vV&Z$aC;{E^+d?D=SG#_Hf~aBT$-lwzkpa_y*g2_=l&uuny`h4pnp
zvzV9XO}8JThqZq6lXKabRf#(qedI9^Z)yxX!^2aKUXa3_!~vN#v%7)ne{ofnNBg*-
znOgQbt?!U^4brAKdAChX2Z<qJAaZOHJAa`0#foMaNa4^t+|lJ=hbX`Tx*Nkn$;5-R
z!IjCE?SnUtRR(*lC*1b*{ny9^n2Tgm+|x4|`<KM$YkR@6k-+z`et|qwNi(Kmem6zj
z1Qpo{)+Ih5B-gw+t8Q<Ewio~1C;NQ#9aTWV-m5o-T=I1KA;79_HK_ng+<%WJNTXg{
z|L4YEwl7O&Z|~+{9QV?Gl#GO;OmzZyL<-m5agmQC=fM(5c{BKeI2t*S66fao>GLV5
z30X&9&i=|W{>{Y<+W_(*<W{wpq;O%IixhbPvFV#t>q(m%SLk!2BFAcQ`7?*3V_R0A
zQ4cX!J|AkKdrfXrZj*rwTn=L#!+aa8HFI-RR|mTfN-HE5_<~9|sxK!|$iGyH$w7Wm
zpSIroIvjnvFJrTV1~jyRXr$<@M72Y;)X)X0fl~8><rM%8_BJw|I#ZHmCi@Tb8+50E
zeKMKfU=_DRB^bZeD@7g}{%goM*alSe@P)`I<}%xWT8(?%(y?C{mHwo!>5!Tomi_+&
zM*ckKflVnlF#4WbiK<fr&)*hXo!xv_V=w9n#@N9`)%8c~)$ffsLCa`I66Zjf(}aF=
zQEd5XOP%@{;lhrlkVGV`pNEfhYKk1k=h`6aBm1>r=s+sj4hLnZ?L+rTS)EomUIvSq
z>oaR*XODNI$|`2DEZLNPF4B=T4vjb;8n-LqD9^lk&XEaWq(`Xx$bzR=MvR=r{i%{c
z`h^;p5UHS=r2tQ~evA;YD)dVCjM}c)R>Q|Vdt4;xqppUY%v2{7$x@GH=(A@F?>nTZ
zz(pJl1D^S4qp!%c|9hCX&0w%+15&teNkd82?0U@*`#zCttq5WUwO0wxZ!~QJ0MceJ
zblw8m_4mrVF$J09one=5DJrD0N6yyhDV(qoBT7%BiS%YA`gZkrl4AR&#K9VLB;d_4
zMF=i2Y39Fqy(3_0X+8Xe7hXrWXfw#chkTP=PCmuE;Q__`lCC;WCj@L=IN#Ea_upLZ
zJ!Pq1dZ&ZQ8v<nslSA}NbIcobFd55r4W*jF@9C7qQFJWm+m{xQf~(BVKWdHr>XwXL
zv`@+dV%?=a+Ql|GItnIakj9Q<;5s+b1SHes(=X@8By3z3Nmn`7o)7D%JSWVMLdF;l
zmBW>EvxaMFEr|u^re^iI%}dpxFK#v<aZHJ)2weCn1VL5mVh7dZ*%2b^eUU<6H2Z8c
z__GBUq<4+sryN0%;oUrx;M1^4)oT!aLy>msJQ=cl6jtXr=TCe?+o9qENPZe^G!`56
z$Zx(NM}_09qof#ffjJ;nSiz(w?u-3V8v0#F11t&D!vD1o{n{(Qt4GGiC_<%)9T(&Q
z-PkIi=}LA$@KXuJxHkb`YZr-g@cxg`=f4-4@9fA1)xrPGX9X1lpvnA;&k7P5@OP$5
z|AWE1Wg=C5`vNA{>#{%DFs6nE1M1GM`2s@65vrn{7kz+EerP_za$SP6p1r`vsnrvT
zPv~FV_H5coYKo;CV@(>6jR$b~*Gk}VyB6eSyc%W{-rsF_AS`U7(35_1O=nbxC!k?I
zRq0E2<ED>2c;f&$(HWhQ^g1E}C{RlD{j#>9`Q)8_9#-L)1(RMkS5w>nt0J-FF?JIC
zU*8j12bQSKMcepzo=z;~=>oRg?y-%Xq9~Gg3nfRVY>|662RFO6iXQE#X?V8Pn}r{i
zoZkq5R+Z?)a(@8}1DKoPZk|>+mv!aEx#Le6pnR=jKWB<sv!Do&G%xCk6m}kZVS_3o
zy}K+O&&5SoAzvTgErrW`k9w4&%rkoh{K7)5bgo7k7jwPbY1!Ad7<6kNJxwwG%{ob6
z<>8|M3zN@u+j%fz4G{4_CJNu;zo$k(iO_U1Q;syD02GQ-F6`E|(@0RSoY==g2<ykK
z0l8;dDh$t$q<`q*<B`5x#ec1ThyPFy|A3@pCrSy5t9}lB)1VF*>IWM(!gI$H48--h
z2i%fnWh^^P3@YUfg>zHkt)8<_b|u2cUAonJpWKcg3i7SP!nXVeB3QNT&jMaEDcE<L
zbQXF~BKQVYL_-~#%|5%hj~YZm60{7)1*<(<)*p%Q%UDXNr4s`z6Bme@QW;1l4LI}-
z2`p3ci2tU3ZoRO-)n$8<6!K+U{1PEYx6b&>qIl48{K-4pgIaHEZ%>HITB;Hc-;t0?
zR}@FMf7h(j?Lc?wO$J1#&f1RKP^2aUuGZD;+ygsm|M$1y^2*liHN;2#|7#*2@-L0Z
zKy}i$klO8A(>DeW0X3)<|9hW<eYLf>GnelfZYcn|4M1YSP#ZAvf5>4Pzpeg1$YK9t
z6$Aaj)W5t|lGM`<F@XLAp1}$LrB*t*-9SOpm5`{)emcOfDaG4)#mv2lnZv7F0y$<<
zY(<sa#&Lw`<{pL=On!6l5~g0Js&`uhQ{Kc@7&q3%2iAl8jvGR?YVFb#FNeqPUJz%g
zUw;&u#O^G0MLJg63X&myJum^I2&<~({F)H)h=*IG@2p#BL<JNq9T|}_6)qgy;4%N`
ztV>xqbJV#_`75?1qN!_uC04?!nE~2Vv%xmq<dpGFh-iRF!5(vxfGQ}EDaB_D#of(n
zTCvxO8~CDx{?7}veU5CE+Ch}w#CfpK338@w5ho(@*y`LJ6#C*7%9~g0a+bymjcU+_
zwut?Ls@%HkMyCT@LW4K48cSg!17%L%?T1enPCSwh7WW5B&Et=NT>+h0mqu-EKFgmO
zztyM@y#HhB8?^SX@}+8gy5z>Mh~*M~e90N+M8}_1Y&+^Q9_dFIgMk%lqZnL6ij1kC
z0ZXgDcA$1%6(LA5fl_Atg2JgfI6K%-EKLtc7nIUByQTB)HBJ551yCEKW~n~z9b`dA
zB*JqEON<@kKi6h`+oFrU6zH$Taj}|mPyAi<D{2`mN86xstsHzKt-aFnY8mWZ=+rDT
z>`z1D#t7Sz<X>iWW(|F}zv36dQgE5Mh|AqgKlM7@GgEabr~K1okNUn}ieUH6l^}A+
zli;EvPffKsUs0EizT4Ei1il;m9t3tO2^TKCKBizfoe4G9GVwRKcSJPRolDjn-boRC
zW$TRido--fV-U5TxG@s0D%TV=&74#Q>VOICa^e%so^`mQwl@X=M!J$w`zGnt4OxRC
zPLv*7wYqHV!Oij&yC>sJy<O!`6<rTHb1x+lIUmEvn=>oDQP^~ko1L^+JKMc#lB1og
z`_B=TZx#D40(@#`ZUYQ+`K3qG&TUtYf5<A4Ad3ZJR)E-_H&e8;5lBLQ`Hx!p4^eqP
zbF>JQ&W*Cr=)b0!npHam^H<aJreH2bsAquV08)W?y7t16N~}%5OKRhif@F|gHDf_N
z?cKsR%1Oh`Keh31icbFjNEM%9R8mj;f<j5#h;$Oz+Pi8uZ0}Me6p;8Ov#7|-pg_E~
zfB0+MK&DkikrioQZj4k$h+$U9w<BgpzAbBTHtywm%=`G;(LHQj$Df4oN|kNX@QxT&
zXA0exH0SB@Lb+&FBb_vQR8Ntfn&=zUsYRQ*sFS#h1<J{t$92H$&1(bbZZ`1Me<a(5
z+$l!=`u1&0$yDXtZ_TE@EoFG(8K>U#Tso_O1)J!5o4oY60&7G$Kc5B+uX)tZ8wt<1
za5KKrA0*z==cZDUJHb^rb8(!%u)6YM4gZgiR{SDMNWN9VEscly;fb8i8B5Ed5GQuR
z_BRW~n^Akdh^F<`|8zA`B*B_n9j^KE?D`^T3BQR|<dpT|*|mBNdj3P!T?95QRG=U$
z0ZFr}CL+~r7CEhZ%CH9Uv(_A^-y%5H;RCm`r~}Vk$iX~Qu!buX%_yG6pgh<uKQs(7
zsA(Bjpm==2p=r%t;xr7F$a&uva!K-gb~Q!I7%f7lokCR$43h66Tqj^f!70k}n_6+K
zkpZvWve6VBRYP?2jGGQxKu9)bng4W4&xq81>M0HH;T1yUaISU;7@pmkzEUk_4hT-+
zTu(B*+v}vDb$P!C)cem}87b=*{T%OJk?tGPi>+&c+G0lnx4T`=6w=c!A<6J4xK78v
zayG$4rc952*A<HH2BZGtNqtJKQoGEFs}te{80xl#2z!ZaMTy>oz#JsdqQnhqZ)i^Z
zVi=2?>Xu&kTYLpBa3lCkAzXus(;V2i^s#!*=qi<Mpq}Reaye5A6$N;)PtDt7osBl>
z34e1Jb_z_7r?WmHiiai=9F_}L%j-RCpXEFCP{%}G^~*u<1;jABPt=(x@9Jdw(NuDM
z46|eX*h}jb?H+mYQgH$Gi3Mu`{1ZveyuZK_ADiYVZeP2%?s`<Jg}tGt;%2$mU7x%k
zQAzXVyoJ@x6l0!M<<RY*wXHG2EEEUFa1T-5<gEn(`XXSfPX{{Va=q{L%VF1HcSYR2
zrm=2-e`9!8;rm#0Zst@-C=1k}<%rDd&7*>x(A^wR4*l;}bb9&(P926uKRt3JD{{1T
zsWS}s$ZC5g(UiJg60ClL@bj+AWZc`xdlHdKi8|nmMJV)^Z1&}TV+WxxX5vRcLlTJE
z03KWjl9e608@wcwcNV;A3|@NOmS=JvVi~ar;p9T{@*)k76z)&Q_|8Q~-HX%KgtdHD
zHTCY2qT1VOXRIet8GGpoclk_bIM1V#gC=ApWe)TeDEIX{>Py~5Z-$X%p?31Fh;lar
z^G(ebP0I;ugjeM*ShvvO2K0E~-IS=)T97<fK9AZ7;xi41^2noGuJ#Qhq8YnGp#=Ny
zq9}-%<i!d8!r}(mKKWfwj6)NRZwrgtDFnBv>B+Dr1t6eSRDqgu>4cv|O2<W*bRWDB
zIlG<ddm*wA&Pg0t@>TL}=j}?+_wrlUSX@s{?)(@<vpU^!Ov`3(3@xrnKaZ8;0_2Q5
z=bp!-S|fW371;^g9XhA_f}s8N*DPG>>t{TO$qb{d+$ptT|5mhXpKY-<8{2L<)ndEE
z8*+0jx{LVm(dxsbkw))&H%S>tU(@5ms~1PUc!)_TJmJDq-fAy?P*7!EMkp_?P2o=h
zS%nGJ6;R$>z@0oD)$~W_Vr+>RH1VRk&w3YX`7td<nzoDH7!g+)@;&RxxIZm7kRM%Q
zm_q@-ojf(!D^l9KO8Y&EeTQ`xLVY?w|Fl5#u$je<YS9=&bIC>mLw`9`_u<Qb!YLNS
zueZBY>VsC3uFUi!$s19)U-dI}LNDm>lE8j<@aWDl-1N$*E_ca2s+8@FOSG=9bh~%n
zPVRT~m*Z&fxMv<zNk^u79`wDFlYy+`(xGY3gZtq19g#jJv9#Y72;Nf~s}PS@J@qmA
zA!jM*64QwsyP|-3Y`A1?esM5Qz-5ZoQ4AGrgvP0O8ttOmQT7zJ)lq^SiYTVD)S@Z_
zUqzQ-U#mRd=_xx)rwuW79$$^st*5B9K<ZpmYzbrne8R|q#+yN=^8Tb8x|{AhhNIfT
zvG5WL9p;$T7Y_|{a<5wLQbmil<wnYdx&_73Jq2gdW~MSYIUsufzA;}QJ2$4GPoPJS
zd4IBAN*pxy{;YyLn@eCM9VyYaBuu=5Xeteagk6oV{dl5$v?fUT?a$-L{W5v`gR^B>
zSY>y!LD-(=^K#{>F>gplTYX5(MWsX*aI1DB`42$$U`-N3ScF(^$+F&-6?}?J-<W+Z
z_$^uTkmpi##MoORLFxW02)=wb8CyYXY1+=c!Ew4PA%a8hL<*SR0K#(w>+j)bZTu5-
z&R;pAP$e+%2p4))^UlIWc6V_Fu_4X}Uqn9~RJF`!O%gt5qvV9XRqv+%8D5|ALJ%z=
zSA-R)(mhnRogLAhK7Az3X1#6S7*lUWZ@R9@TV-b^@E{dzU*{KjL`}C_e{hA$DSSt3
z!NVtgMwlwN>h>(v(WbNDBC{En?TM9VvVQrgd!~a6ncsl|{LmKT9w|15AxL;$4Nv+(
zV*&5B&wtvHj(3@6)-8aVbQVo<q!`_0F0lrjqNg+#@EQ_rG`oNt<h=Q0Y#D+7+oHgy
zo0U~ID_iiuji%?(;j%2ZWy7WJzt4cpM1kPDb13^#@~(kL+sd^&EMM`9&CkZ@Xrjn?
zh5j4n>8R_Q*->iGdUj3V&mO)lYHnhDcT@<v=O9FWd(UV-{{iEDG9S*K0Y2=vXY*rv
zwi6B6$TlIxXPT?H?^pT8E5RX5QSB@@?v43!*hEFisyLyg#$o+H%^el_{*x$*3q0SV
zgD4G2h?MpoD<09pgZPjM(XwA)2o2D~!i88P<u0qkB1Fr&cU~#wICbuhE%nxdMB&DH
z|Ew|WcDvFY+lBaDMEJaHkN?%Kpf5q};~Kr()T4h6qJkWyW`o8f9P+iPCH^GNA#g<S
z%K;ST%)YW3HGAbZpCyX+c)~Yp!_{A0k@1dPvt_VDu4YC?O|qcY7Gq>~FgiJD6^W>H
zYFjq-?K%s`UdpPWEd2)?<|8?33HTZ&&Dgz&p@n1EvB9zK#73r4o@qyrRg{I#TVFq@
zue-<Es?<cb?DJ?~>EW`WQuohgIEnHbK%^BGIiKbmp40@-G|Z%5(A?po{+$atJ?F%(
zLBMuq@A4xhUtRM9ZWa12mw(ZyIbN`_)%lXzkZ~<z=W;~*19C9)vi#i51v0EZr!(_E
zC0$=2m!BawQEgi&5=|0YrdB@pZnTgyXC_Ubtd03dGZ4Z4*uzY`iVv#V_;Z}zeXg<}
zwQCn-;;NnwgwI0nEU)F!$in44s>b;iMc>Pa1KG8!%HT+^i~=#PCZX_1xl8=!PW7fG
zRyq2JE)`$K^V{{N8|hjq(F)F-Nr$Pr-Pfp^J0zmpIDzT9Wj7tmxEkhlvF91v&Je%Z
zlxDs0rRQ&qLeuXh9X3qlwWo?m*j5LQ9NYA79<UerWcI&OnA@PKO?MS8DLQ1ShCVW@
zkYD5Y24mmsF&xFXM@a@471M{Ge7{`kM(iTE;w(yWf05O%+@;<Zx5F3BEzC%at~_;(
z9=Z(8V&&j~h>M3aFN&cU1Q`6G16Pl+>zir6e+ZF28<ycT!?_m<jq9qukuca%P(w{b
zp8O*ED!pPfKf=t2j)=cE@6wwmT8`r0ExQ}|Lg31{fgb}YhDLvAm@F%Jl^wzslmAo{
zsv7}4XyhFN{98ubdOT9+a{5+(MzkZrG97xxucgoaYQJVI4iWHUc67@Ei~9sLVGpA&
z@!bS^6~Avt^sRcSZnqo`a~B(ZK-2ZCj|phK1a1w7+!s|?RpjY&mP$^jTitHWts`w<
zXu$(*%IbXGhFw>9IoAQPPji4z{v5gHNhVDm9b^F%G{4YyC5?^XsGex!qf{c-*mgqL
zeV#O{pQ~o^v>xV|zZh9CscGaNc{62`KQmAO7-worgE<oBNJ5tr-j#<T-%_!2UX?+c
z2-=exy^>T1^+@3^w8;$l<~>R!Zf)eZyfv6VS(py)V`4GCG{(G$6M!Mhj5oh;>67n4
z+RSUT^b<`vVhhqXzmB(I>wZ=S%!4uV_F}rY#!XixlYZ?pdHdh3)Q2FCsb(SDO4$X5
z>{Lp~iy;urZD$x^{W_tuy={Z`G+$Ex0Cdj*Nc5d}BsdqY1CT=pjrWlgkh^!z1>|M_
z3PGPC9A6+OfQNjl^%bWXJbIGuS^gKsB9&d+Bn~Hu@@|Yod<&AzVrf^tli3gxeXm}s
z-mSTQB<3O@4IV^sIfulwgy?^q2+_|NiD79HdVYX4DgJ2eM$7xC<`8+xVI~iB*DuZI
zkH`WFX#qXz!zYRmehsmUsx~`Mf|V(f^RyG>8^05n_q0-`d)Y;K^L|0nuXrr<RD3Lp
zb&Ko4GMAqdrv5F!BeDI~V`t8X{QM52zrly2-@9q=W^~}P6L^7Fi(-axFd7A3_wr0P
zH}i>?6DXOMjw|#lO?0RT2T^*T_&eZ?;&#m5Y{%@`&9pyjAa|Z@OgA%}L-a21Jzz-R
zHJUG}WixOyVYovMPCVir&k#*hnLin%(t+E~E$xkOd@{oU;(;9q)H=Tdx9sj_2)J3m
z@<CkZI$-1t;`)1I2-M$eV7y$H=U$;`lIAjSt}Rkj+Czz(3&~%pl_Megmb#|ae3ndS
zqzr2qiRt0D%>0*O7wTM7ztaq>H}!w8cKw!917xhu-Tr!Ywe~s0fB<bW?kiS#Hhn1Q
z(*K{kS6X9KRoQ;-ZagFx@ao%EA%sx+jSwID=h;o+d^dg%{sAI4LD`C`y8$i+7{!`E
z4=@haxK2v&i~*UVs}|Jz=Znbx*2_N$qfK`Oq+NmQa0e4gKuGBLGY$}vN1h-*OK*oL
zB~HI*rcY;(0gbY}c~5vx%A`cHvh`k3t*x#(QW<}Tdcl51f^j~}ZBkRy^FuOziO_cp
zm^z5PO2C4_lRRj4XfN>gJAoK>k?CSsm`T!30ND8m5~NbV*&N$bZ~^%fr@GXKz^iO}
zk=V_QZU#HM`iZ$QFi87&`b(cy4_@Yjesbp^>JsnGNr~(Gf2Tj)Zu+eavRmLR!cFBk
zPEU>+bc(za!EBVe6M=iBvF!+7f&>vQsY12q9ot@Lyje-bU8o(c9CID4rZD%YfI8Kc
zAr9QfaM4ca1=pJte3t1`fR(S*Y0|NC`TV1a&6?VxKz+FuWYpgX6t<nI!Euc-xAZHw
zfXL-<2R=VtmyRK#|9ST|&d8Gau>A|JFaOjUUC*jvi_3e$e-PxHUc6yp`I2Ydf$s&Q
zV#l8yIB<iWP-c?Y$`zKCFL_bsS)|!m$^P-x%>JObEB%7EpABi1dsccYJD0$nt;`@M
z=kGZP{VNj%Ar)Bcwfdbr=eJV_IL4v#$VhHx61+<%F;pipItT)tUimf^UvoMgtip2J
zG|sPfd``m;@;yLrW6}*&VEd|B<oXiW!OjhSb6(NH*OoxO1=#jEn|)fGg?Uj-mkr!|
zDr=H6)02mT&+%D26)V<Y74G3+O=_!9M3~jqy+@S0Yfq{Eo@yG`bifI~R3$8^$x%KC
zzn*U=ztYor>H1SmVAF;>+Q^bW$}@cz;kSUg-U!oAGu`W#-2dp_WP5{5v{Gzvlj4?+
zN_F93SnyvsSLT$o7B2CPAdm`z1Naw>xik|RII)oBr@cYRzZHH#T%E?W1Z8RB1j?z0
zsi72E;9&sonaXMzce0H3F=cQ~{6{L@BJdo;Vs{JV!*3_^@7Vf}lhG4ork2rv2LKa(
zZe;?U$S!=#<{#vABi)9X^E{6zkHS=YnD<JT7&`MFGJmNFss&*3#&=;mC3FbLftc75
z@-cBIrQM~J7^;*QeFC}vNZ$V9JfsJ{U`#9ccE`uf9(6~CHIjUDJUID0JubMQ3raZ3
z!)I=Ij#Zci=x+g%ILJbQ=eA^pXmFgqq{57&fCvn#01!t*Mq;kSu*gM%2->THI2}-U
zsH_D|VgJL429_v8CGt{&v4iEDe<5-i6{YI`vo}Zmd6HB^({+I@7kQP{&HMF?tT#s2
z@S5#&K=6<0#J&Ew?BC-lz?Eb9wy0I$DdYbnPe!sJd$H=(u2ikTUQnfRW_4sg_~>w+
ziCX--1_LfYZzrcbw^K7c-^T`AdWekZ^|-F}@FOK40I297(+)Zt_N4wOIsG<hYuV`T
zyue{|6QDl?M7IE70T7U#9ENG`AVdJq!$dB2l9`uClf+#*{T=f3lkcX>gYQke&Z<JZ
zM8cEiw~@h;zJ3_p$E?B*d{<r0!}hfqpZCB1>*eO#IF;x)MFjLvF^G{Ke3tfz3FoZh
zs)23gmFQ&^zV$s4g$I8pF8hH})JInHJm&d;yK>Mu;XD7$`3tc8Er)K3K6W)5Y1$AZ
z;D9r@$Yi94r#c3riQa42dD4-h;Mf5D@$H;<>QAaa{PJ8E!MLI@>1FO&bj#k-6N^M6
z#1Ay3F`jlimUKg!%BZ0=yQ|vhGJgv2HK?t>&oSgnptw%^&9L^_%F`vGj5NAk^Mr<O
zr_qnSfx$LgeaVeA%uf2a<}qf){rM|HTVSJn3hMxA9%}SQyxOVUz}OB5w#<M*@kxJE
zcJ)V7I_Ag;vfw?6if24i;D;GfPVA;?!h<B8OLB>xGzE7J#kA6UhsWw%x6nof{`g_e
z)1RmBCr3YyLF%1|L$dKA*<#-Jgk;^nAZC(?{w#Us!&zp|6T@{GYGfI~BJ_NOO~2PI
zWbaRNv9}295inrE>Gd4hg5Z;Tv$649ebQyB7S@^n>Dm8p;5Y)#JnIr!)H?-zdwjf{
z@-W5vT(KLu>peM6$PKX;DUwtd8YP$YjN>%_2d5u8EA#1}c+D*^?l~8{Ctq#Z9^F(3
zYFCAY9&H!5WaMgd6@skPMz>${7-esI;AS+P?$q()FEg-)BDnth?#KdRoNglb!NS*h
zp!VRi;1w<AQnic#%H+<wV%+Mhx1xFU@tIc7?O&c$(^|1#aK5xirAi*4Jbd#if$VG|
zAo$2DiYJ-&((_%HT!7A~v!V?bzN?6E94m{Od{~*vK~{GYQ+U!%ZmN$-bv!Vr8Co&O
zH=1Hmyf-%ylR>;R3;*z%Ruq9ls63`AU%waZW7vRORaB%r!+;A}S;+w9_*~uL_+@VD
zQ;&JlT(I7@9NBrxz-BY>Nj-9%(ojJxK+y)bhgY{Oy9MFQv3I7C7~Nq+jo%Y~D*qae
z0SSevH^n!+wz5<#y;gOvM|T-1r%ol(J^cwT$YU$T0z2aMDp=ujeNZ_yib#7#OR5xh
zWBAgF_vg@_*S_|-A#!H;AT>y^Gsw!IjPo7wV{nF3C;1tu@L7>@aXQ9lR&`JCGi`-8
z=KXVKpfmjox&M%k@wru2t_+us=Q&;69yLnvUoK4W(p`EPt9%a8u!gvi?%lW#dRy3B
z2kaDk-S&@1<>lSUlK;su`tn3&3mZWgWP@^WKu^>GU;X@4Z)aSqJ?iemuVHe)CiKYy
z!&)va*`D@X%6D$+zDPgH!)yK&p2sa@>Az}w`Dh}C-0bY#3uPs+py@^wtN9nKE}Oa5
zm1Es*cSqt(e9!^p-CZFOk*7HUT)+hRz;>NZmiF_^JR5)lpuoJ$Z;{3l`=lqt8^4@f
z!JE><F_8NKd*t%m>*on%^@~y5Ct{i+)KTB7UBBTS1P*@u7{!|&#WP-a5_S2P7I)!z
zZ2<dhvr&+04lbU31ee=lFm5y~K?rK}xRCmf#={A2hP8%)3{3;qrH;sfZr9*_GuFv_
z3YXd*K5@oc^vu)D{xU>ieS1rFM@LU$4;=od<PjK~0{i;x1+#hXxk^}<ZMB2^{8~ST
zIYJ-9$lNVgQWp!C>r@`1U)eg@XqPYYoc1?Ev##KesQ`a+Jb^Z?M%~-(f7v~Kp@Pv;
zPfrLHx*$o$t9}X61ix?pYkDW&jaj0QWFh%`4C<#67x#zY*3UYL3y&c}%wiR|`2P&3
znbE);@}4|pg4!&4U2EeD$VXu~t=F2rYM3^#D9!W8-?4q``!F#*=-jDn*-%gm{a3QS
zllrU!w*hQnFNgwWZ=AAZS;D{vk^FnjqZw$&m1%`o$Dp&pq{daR<`;eV(%odE(~Q}1
z&Ma_ofsDNyy3ClhK-_e~Ek{e@Nxql*E>Ix3)i1FP1giu@77F)ewmmy<X^UTd8)uOO
zjHFL)F63^u*lCTBqXq0|Z1!DMf>qpVec%GaOf_^xE3|JSQu4^^{DP0fK;y+jeK%DV
z^<w#%fxr-!U{`q~aP^0xTB-r(LnBzfxPlEQ?^Nyk*}}b{LV)X%X1|%Lg8ER+yyTRb
zCVGSan;hyry4==?C@779sQvHQOIwl5@-wobSKrgl&0xcyMA1gJeAgBB9JaKjVXlF&
zUHee6Zf$|oJbRrp@T>zVOd8-q;FKjtJ<?66h<^C$Vts6@y?gZzO0<h=Z5-swT6^+E
zBmKfA#g}5_OKl=Es)Mw-sUtN)VDNY$?F>2UOFZo({{(Mc?kPvqy4%L>9)o_TrU%U1
z4A4;KZ3gM=AJ3on+w-3R*ROBLm1`*_uOn?iH6Ok;`1wV1JO<<7FyBEj)c&sUzf@ok
zfL;rT^BFUfVNorCxZ4w{w*`F_(xjl&(;kTW52f&6&6#+QdJn#vz-iZmJ!2y=&sl|d
z3kP7{)Ymmu#f90SkIC<1$hmE-Nwh>KtDxkS0gi!UPrFjdF>m4&mP4TbsWSkB8fVWg
z=fJiK@Fx@kHW~hr1vps>;-zTvFG>x8e|$Sd)nED5i0m2Igt^Nr>|vW3>r0+;4U{g*
zDFyhZ6seo~Wi_s(LUPs}gI;TfO}+0AoJ&BDmo87hfabf0Tq+~2s;bwTLo&EPTYj^S
z2|A6<ZYXUBP^qJL88wm{x7r6IMq_f-V<ZYVf?nm3b#Hm0-Pi^MSVI$oi|XnV7EN1{
zNMC-I^~-musH3WJ23;kz%Y+H{H1y<olC}1<>{Bow(uR1^#WEPW+rP7m#RxX<AC8{8
zNxiKtoUA#v^dsQg*z#NLH8F+aps&*^wu^(lgttrSg$#oKfaj?_{35dB!Chy_MlyC@
z#QGbQL4w+v;t*YizEhNc8PRgs5YJ)AUm4st(-opn9!A^nan@$cDBC|=)E?7sKfmgD
zCH=5i-A}tk&DG;GLf2<Zi5&BFXK9~wD%G~X(VL1$$$|WN+B~}-^~UmUVu;H&#<hcV
zjVo(S6>XJiHF_&ns_R3K-^G5pj@OifQn!UemgQRyadMcqZ@@3J5r5Qo7C3w@w|9NJ
z2ZK!yzU(CRa;9cp22;N)kd)J@g``piu!5axRDp7d%0LT}80`W1WL;kw)wvWD4e7tg
zv>zZ&1+O96y<?4OSWJ4mX8JF=vVMJg!L}f)nM5SnpY+KWuPt)A<Sqm=ca!oh`z?+1
zup&)+$#Iug+Vjp_B&ZcUBUfD74oSr+R$q_oHTLpi#;*S^nxC`%7chFn?aSMjf`}un
zv*D`YZSQBIOHa((EM3N~#)_8AD;23O<y`||4Aj^=or6C<jS2A_$(Xsg)1nhx1|I=c
z-A)tk1&aHYY&h_JdJy@_`1SR-igDV@12g_N-l!+@zhY*!!JT=Nk{Hk1H3F7#^$&<<
zU{9QAAz8xHu{{Jd(l$pU&Y+Mi{g}D>O^-8DKblOihc!!VXqa2kQL>wq4GKxYX~PkY
zGT|SZIWu8*z_>rW0=|ejj;FqcSZtFudPWwz)Fb7n9+G8vxxJQHB%SW&Oinr^uRGwa
zc!4#sdcDo;JZdIM)adp;OGMwQRgX6Oj%QXiF^ufCZ=R(|O>d#$4KDTLsReTfE97jT
zw!>zM$|P2T7xc1(wo}p71<Fa)$+YGOEFYENQID~*(?hutT@7u=H}s7HSy~`&D6R?h
zk|fqo8iqLa@lPlQhE7^#i;4}QMSG!*7iWVR&$9XP7p6!$)Zt+S6Eyd62E<#=2SNmr
z{JK7Cu(b?Bd82RttJ8C=J{L;HyV&BcPGxk&(hVx>epN<(9~C(yBa=^s<g_%A>12^E
z!pAhpw%g?X{g(1wbn)Un?G<dRj4zM0_p+85NJzEhkkb;8aIA215NOa(;IcUe>V*nL
zh8+6oqi?F`(%FsZ+EFwgzeGiuEtjErd7?7*FQdTOoWCU)^iHjkF29>v`xoAYy?`@F
z8D8_(lR4AXR}MxUSNXni$5;CuNkYCpsAZdxdXG_=+U179Aj~E>XoDXwpzOw~(^1up
z9b2`21RX`0<#{`&AByK%p9E0gh&@`lQ&o#YB=NeMWcvB|)Z_tj?}MKUgpVKibep5A
z7;?vCvu-o-u>@wvCH!~C#c3w$)iWd$H@iXK)p#$<E%0Xvo4?Bj#*kTfEp<)^ZWi7Q
z9Cz+=6#opmTEGDR12*0%a5H|VWB=V$&O3W1@9fuoP-yUX&+jKG<EMwz?+%tZ?%?>?
zir{qvi&}qniDE90J-GoC7^v8XCkB+X)?J4WH}wzJT*%I+qt9Dr3KY($RmRf0KK2R7
zWWuknS*=H^pw=)w?s*G#MFwoyvi7C!6&|Qx1?T(1_1Y7!3eOB@&X*)AMe`rTkf?iY
z9c8g4Hu;W>?OKVolKujfscR?H?$ihf&1esEa!OQ3Zt1V24cpdg;a6!(iOw<CFeER)
z6Hv7-EGgwc!a3Em1zY;yoHygs`7|CybsAulRw%k;l;rGRtI``!_R>jp(|ZcV?D~gy
zb&qNreOwb}!A?`<7CR#s_sj+x3Wz-R$S`J|rQaq$+JJv7>C6~rv*hI677du|*uc-*
z_j0qDlN!R30xBYBPS${CXhX1=USCo@w?=MDAISjAj&XyrTNG3a46QkgnovT=KsS4+
zi?xywm^0&DEca=?K7}ocN63SLN0Ai|-yqxnpbZZ(G47oPo?ryPP%gU@!)IYP@)XM!
zdAMID(rYQBzg+BbU97<-4dQS63Rb5a!|7cf6pM7$K<rhoS)TI>J%j9I`K_BRc19MH
z5yLbSnD>@O2F6aJ_&zo_o%3rj+I)jvZ{7ThPjL1G#cDeNz+s?bpzhkL)amT4qXg)L
zJ_>!j7BuWSt3;i*?-ThU^WJV{Tx5<EvN;+m{w{>!x8}ZSR30yyG=%W5e`oE-u#hBS
zh@mTlF|Fs1$+Tfw?{LtnkG%%vLK;s}OD$uT@a$r&qh$ZhbIUcXaxD;VtiU&=b-XH-
ze>D=~VaHdp7JFylDFqz^pL+LcY=%Jbs|=g)16zp;?$hDyHx5Ten<<x=g(0Jn`}F_a
z@@3|Ttg=$anAzzrCFOmpYNV2|+DAVxJWK!$M)QGUp&y!qr#0x3j4YX$Te4#@xoSH!
ziT?ku{1YIZ0N`1o`IdL`4_ALY>pbW&f3od44O1Q!yg8BF8Q;Nd{eDq`sj|vhiCNrF
zxFl%_S|+r_DH3+{AgZrYr#IcCq;JfkSkojip-D(5itGG`rG`=0HmF44YNR@9$svVP
z;S%4K8S8K^?tCggpWXC6KkHO)zfb73yQIW}Gnq|`11iyKkRMpa`bI-TTO+^WwUsRz
z+;=Fvf5NCrB6sROpLw$ObkJL@sBORX?mYKb626?~=imQ*Q&MdIsV`ZSeK%nA*@c?s
z)*`cl{r&V$8a8>MiFOb-n|BU$&o8kJBzEz_{$cwePX2b+RoN3=iOBjOd_#(xWbs$;
z)tC<<q>++=Y)0@w%Lbu<K=hFh<7j@Vf!i}Ydp_9<qz`(ajj?qMjrOm{RbgkgarU1^
zi@bHUs}>SVK7&=pJK!uUqbIYP-NLdOkS^BJN;V&1_Z|(3a)o~&h4SXtuA_>`tFnPy
zl|l2~thJ`mTfTwsCe-HXfli;Oi=g!Jp@18$QcT^}@cXvu535R(jdD)J#`|A<`t7Zq
zgX;Em(2UEOA-DoiYtH{<$fm}{b|2BX4Ie$JLHS~nVnTL{ro}z#CmRciu{WF>0*>hj
ze@97g1}UK}n4)Fr!mzKTZgs77v9&Kg!5i&o^!k%a0eDgm|Hvp<j)OBS9D}6#a7}2|
zf&iKbm4~}-Qar%$$JmBr$mXrEO{tWC!^i6qq-^oI-cDmEv#7t~_DVY1&OJr;ME3u8
zr{hAFtb4RJz>3wTLs^9Ojpd2DShBMy_iVWJWCO#+U6^st57-)f{~aoFN4NyHJ(CrY
zYrWGG|4#^>N$FwYW}wT*jWk4FhBEtopw+b3ESy)nN#m^lS}uiRX{Ukln&8`McbpVf
z>_oWu69<0xIXXgwWKlmYl4W&;s?#5!5BC>@_GA1|-}RxF#ZhyWVOod%<nqX0R;w#D
zJuSau*yD-^Jni$5)?Rt*BL&0;q5;QoDn{CWF)<+d)X~Iknk(5IqiJco{eITHS_OF?
zmPyM)S|DeHn+sgEJxi(Zw#>Yu-LuNQb_d3mN%MvfYENdE35FWNFZ5L73Yt}p$R8rC
zsj_~?ff1a3SR*vC)*wDpw;~AkDNQg<t~`-7atsOC&@h(lm0#Lw6H(aXk48y)vYXSC
zv<$5;>@HYgtln=R-CRf#VW~cab>uYvWg#`zLjS6s{Kyk6*|@V9eW$ZXod2b*CsEul
zBGOl>T|?w<s|*5#6wQ4?Faxm0O1|+gDu*P|H9v;-!z<F%6@D~aUH;3MK<h6k->Ax<
z`G>fMI{3f311yi^SSR&G<eOaE&x)nP%-VYbBPoR!*qiEqiG3hR(>|-tt<YNRHBK=v
zUpby$-td!w*=7t;=X7=Y7qglK?H_EAsDn?PHf|bN6fO~rl=Y&bx|-a-f*jrd)q8U8
zGLF@~s)S$$#WOT%8bgfx`Cw4$QirCPNl*XJt+1t6d<`USyuA>+xmSg3^=bsLz(-Z~
zhJT*~Xze$NfsyVHCRwVEu-UBtivtjM{0TA*#SJ`W)1H_Q4h<t`Z(i7G0trk$-7M<U
z+>T9qdb_e@Xw`V2Ha-h<9ex9`JNP%~doqb-p8>IKrxA2Z0=j1}Xpu4-6qom#>i~f_
z@VOl@SLz@XTCI@k`>3sRV%RC~MYXzc6=OTD>aIXnpfG^H#dhG=YL@GV$}}puP!eMW
z^G^BCh44m+k#ei<-aYBw_6=>4>$<W0d#m%1S$0+X9^^MAlGCnFxn(MB(y#CzA{VUr
zEfx$`(+W+EO-mp-*tc(MJYgV`h}yl7N7a>jg}g5FyxCYC?<OV#!Etg6x#fXUOsiAQ
ze0rvK+Pcgt_=d&I26tgw=BTJNYAN%lXLkaq^2IG#6_2w4GdpN$Vpt)$d|6r@WfjFm
z63P$Fcz+qPn%1aSdB4-z<_LEGn+0+SIv}tCXKT~}2df-+qV))Xc5#oMF=@Fh+m*l6
zYy@W#uVo5r3;g1_zvTa`>g@1Onr<`HYK_`mEA(o20d1x>&C{+D(UF#20O{9<V@Xxr
zO#up)odt@>{PuaoS&3q3K#8A)A->|)?6(*D*ROuhuccQ0a!comgr@oT)wfv`1Q5ul
zZR3xFp=KmlHzpsSz<B;m>w#gwy{%(w)U2U^j@aZ+f%XAP&zj`u)zY&2<aMG;aaUQW
zz{TA^`k1zFo{>bY<~jA+*i#@IuJp{f=@fpO-L~i&4Wpii++HqH4CEX@yvy}V*CO|3
zt$R830y^1h`-POqWB(I(@l49*uFq|E-rsN9s{`spE++Uhol`(L^rq5-DxN(l77o(S
z+kYquOo}3t-UCz~n5M%dV3}k;_|_=<o27Ub5O|}Yqn^~K7kV8hMwOMXSxjDG@)aZ#
zRWRfdLB_shmiB#?$t$0tkOehC?d}&Vv`2`dc`%qapZUzm@b3k^7ML}@mh>v(rd=GR
z!<E{n6E$_lHG8bzLw(nvTMj>L<$Ne@hTRV1V_&Mr`Pkqx19NxRxLne@F<&MiV;9dA
zs7)p98qf(d3Ez*`UHwTa3V)&=V8trToqw)2qs6<D%PpIhrf1DIP@=iT-s9WRT^>EB
zHKq#5W0GqXsMaX{1A%TIu+H1{99|XsC6OQxt6RO{4?=sM8x}*P9~2Lpmbkqo=Jr^|
zKj%|`eW`F4OK^#KzrJ*%pk<M6#LS~#-TPLqlkS|oNT%8=YrLm{hrqbow|27z&xDG1
zb_^Y%yxAM&><i(pSZ{mS#qw5b-bSLhr$`Z}6rIjWuH2q2hDfb<--vfbww59~9KLoD
z5FI?ln0JJCFin9z)cCf4J+<#|A2rRjyFG~2C(6p#E#v_+%v_d2&%{||Y7#tSd1jUH
zn27##&RUXsLRw8wF3H5fHn_cHqpq<P(S?CR2W|5#?l>kFmN8Q4V*cZ`NqJTSsO#s%
z2+oWY*U$q`uRWeH<bEvurHhbGCbxJnP6BWCnB2^!j*^9Ig6ozj(%)C`iN|?ERoXFV
z7G#;3?^Z5Zx2I8l(t7)Yte(AX@zVO}UwEN<%S6n0-<u10`+;wgd2yK=Bz{jo5AI*o
z3|(fE&v+leqR#*<`qkHO`BbcY>#XiugY*}GM3Vwdqi;QtFIb}o))yWFKVrwj{i)Oe
z(SwOe{==qup|#W7li8`{fzgJCBj5gQ6sM`~Mt?C@etpm|2?-aj()O?(2({;@*-kN=
zNKbFqOBJ%TkwPMN%Z>2oc)3DXLZK_(GbghPR7wQc2INu^UsipbHbrT@=|v3%>@inf
zIKPrx?RJYG7wK_6)Osj5qbYsgX}0Fq4O&sU1}xu|r9z-Z(SC9(%}ep>1gumBk)~<f
zlWB!<zy$otp!5O=sG$;Jl_yEa<|`b?*nbrUmCVi|SSMP3bSb9iGm7{M$=ZT(&i1vJ
zYF{cVWa0<IK-3M$aLX1`&<O2c`WZCAL6^Yt@!J+5B~ClxwHwu(j*+I_+dZj8itE>;
zSL*^k4h5|q(TU|35qoW=ff&8MeM?sRgW3l@X;)aqR>09I5qTdAzLJl?@xGvi2UatN
zpChiNF<ZkXIDrs>!I>x_<hHT|$$%i_4t_b^E*2Wx7^ZI_dzH~6ziSSY7R=F_A^Lz~
z5Skb!i$(uhBk~sxXgv$O_E+%A%=ufbk<pS?aRN!d4U(T~yIoK$xFFFeJf*edM$9FJ
zrg{on(JBJ8{a5(exyv=EM;Mygg1GXowfZ^T&H`;#zr}g`_2%%+4{9`j5kHoZEn%wo
zuBaD@SJt+@yzGM(>wV&=h-pn6Lx?i3ot?&Vx(iRa%yU74tKcK0mveB_U+J0fMx33o
zIW>rCO39xIjtZk^h3$umxKvKM2OO2ZfzR##=suUB`<5uuB20+8E&KAnxR9K`iFbf@
zz0)MUB?isrD>!2Kf&1hMhGD{>FuUpMXUp>T@+e+BdS=15`iASHa#YNJ<Kurws>g3Z
zFo&A~+dJ<pGYIc=QGPv{8HwAMeuhX<o1W`_*8cWh@;$6H6I*3qI^IZbXHW#JRqxzn
zg#dQYNtCQ^BF&tITuJkU^~-NANZ^B3y<EdRvn9^`;+rdCxvpv4>y~5JFm6XSV)!a*
z>D6fOv#{NYIWPLjuSdrUbLlH)s_w;e9QTpFG4hcd1ue9Jpk*{Jre1EXb}KT(er4;;
z!Rq^_mue^%7YVFtkTWUFCdrHCg(lIda50;-f-cV08Qza`a&N{%Q@AFy6xC5}O%Vaj
zFW^7YXncj5g)Qf(2Tr7h_InsgC_t!QazA#<RcQzIj-Mfyz~ACPjloys#cZFRVYr+o
z^*5c*tV_t)EXlfja>*KA?=w#qv&1XPpp)sE#xN+;?LCmTTB9t>E1u(YvHM8P9>(TX
zV%$pZcxoKL2F%`5@@W5f*%?8R@}>e34$Yf<%quj}?c0@)UDlmZpv;IG$_=M<n%G-T
z=F~m;uuSZlYwBY4w$E+0$p0w`%lmdb)EZ_P{2pd$x>!lgEup2+?Ke=eC;m@kUmj0o
z{=PqIN`<77q>@r(sU)Go^pPl)EXSICD5R5wBuf+`(t_+IAv;;lvG0Uvv*jF1mWmu(
z969GWzx(|hO*J#0-}f_r&1<Ha*Lj}je&6?XU-xz0?=SN`jqjPE5q`_2iyyfr;jZI4
zsjuC0#|om82o1Y;6p{7x#7aVjFe-i^*vNU0OR=2P$Hb1CxV6Wgu)%m$_^{6O4IIj2
zr?8pYy=S%A1_jF}=X%2&-Xaom=s~8j+&M<TebdosCs9|Jr+_BsFUjl=P0nhZJ)+(p
zHlXSX>IInYg5voB2s39!ZQ_Do8WG#)u21EHh_;^LB70lO(Y2t_P}WRE{?Cb$tv1BP
zskFsuz8Rap6mFP4YG+mn&WbsW#bMAHP-rPvx2AF?4-5H>W%Jn*;yqQZo3GH?DK&l^
z#%4~Y={yvl6Ysb`Yx0%ZrgNlSduoy(B%>pY%iNFS6C^>Z8jgE1=<-ML+c~BKDgX2G
z(bC~U_RGm;Xx8FJfH}_9(AcY2PAjEV@aPYkM>?1itJU3U(iQA>)KK-W44sdl=RY!a
zT|qQ)n6mQ(yRE93ll)NWojv5?|F}zZe$XywL<o`NaHSX8dQYy=kSB2umQ}&<tw;u4
z3Iv9fPb59MNQWzLod;#b@!M`nW%jSqPca`X&fk{RU}XAx?BeE<@EMPli8Iu39(^*N
zI-r~%S0d<s`th!;!XBrPFLe7^g%1q-=QB-WFXy8Wd*V9QPVDjiPzYy?R!TFeq%Zmp
zf%|iA=IPJ@-6f{NS^b~xo7#4Qm`iZ-Y~|uM$3Nl~x!<Mg;Fvbs``LMq`oxte#gMs)
zO!cvCoy_IkQ$R;0bCiz8ElRztaIgG0K*HkAW+iKRyu#*(PKyXVF;(KBCTfoTb?%1j
z1t-$-RwX5xb`>Tcf26iyr)cDykQE4kSxSs$5e*xSXZ=BmVIR?<m$I3uB3lt>6nnqN
z^JRdv+ycbMgriUZm;5BfkV&bPNb|<Dqr#4u_SXw&kQRq2#h0Y){Hqr}&zY)|HwBX7
zwDX<ox<*v{K%_YBh17_LF|Ftd*+1od#drrV_8sO=CXIXX3STKdt$dGN-t6#$s$BL#
zuZm2=f=95L^J0x}u*eRDZ9DiRKrRY8QP4HWwIrm_hC|=JSof%sr~#la*F2g4{=#hP
ziM6ad382@%HiwjQ=&C<VDQDSRHW%;35ZV#eZ-{BZIMT=AmPPA^DT_;e_Zo;e0sMo)
zgSwa9lwcMD!~|T0h7=ZkZyCvGjY7F=?dQ@)xMBo^9`8!JgAkczPAag8BKl>4mbbu+
zq;ZJeq>$ISM$zSBqp*Xh%SITQ{g|7@qai3u3p4zSlCjdVaJ-^HZwb+Ti%X>f!o=HU
z<a?qub4znaDhHFEfbIhGto<Z@!DM!KzasHVD5g95F2mcBFnq;fuF~;sVEd?{Rz79J
zvm(p8pd-)?bvA0-?ZEzD1Vvna5<_|N_y7YH@!M#_0>*A^4J9R|CXw}=lJ#^{=lX1K
zd5wBZ98afBHC&QTG%DjJQ)lr+5Uhi&u4Ca9xg{#l^?FtuU+D}Eoaa<p0?oUix+x~r
zr8%=_R_0l;B}k%SVIH^z+z4akmx|M8=5>TgAcqcz;d3tt$u!Qx=N##6+u5T)aLPH?
zJ$~WdQQU{so*+=Z{01P{)>=)O_b?{0Jn*LYg4dP;fr1mIhe4m1mn=r*)8=SvKeXTK
z#V!9Tv0vX9hT*)$?uTf~z>vio8?pc?f>}J4t<uP&TXh%=jfRRhzuZmMCuE=R=fhM4
z8avNu(FShw?Nbhu`6Gg@@w#*Qitj1_OD?VVLXA>pJZ&L&hd>$En`c==hy6+J@cP)A
zrJsHBNOsHGF~VqAM9Jj-JfB->C36*=6!?Bmj#B_r;L=*O4b7!T`(F3f6c7EVcFz&d
zDc#vP+sjwRm1?q_?kgJW=Q{*qO2kaK8SxyM8%dL)I-ALNZ+7z(`*3zlma-Vca1KiH
z%RVZm*Gd``Y$8Q&SJa=foy`hh>H2@|={<hCD-|Q3YjqEVooi2E!p^*`OK*MdPqoXE
z6tDG3t=A;8IxX;^ftc-g|0E1sJZwN3Tu`zBAU?JV3FVfrf|0ye!0C7~$JbSs%`1Bd
zbMN8<UZ!H?zlNATfk|<o_Opq<|E`?^MVs)%_tP)LE-r1R(h}NYB60M5tThQ4e9B#S
zw31zVJVW(zx>IkH1bJ&2Dpmqx+o)qPvyZ-Rp5=zCWYAFtDc}L>{nzLm7N3=9X)Pc2
zPqiQLOmS$P3J;JHcz$YE25Fx$Ci2$%tyx+V-B$&#+FZW7+s!kj54|*Tn6meKT<Sx~
zG2hzBrYTBH@yyH~IA^~KR#1}==&N3Ht7&A3Yl#xRfelFkRR#szf?66C>Gun)J(q!l
z0<#2Rhx1oY9TIP15|s#WS^#2$fb&l|?CUu<`f-Q*fdeitvv2Z7)nOWY!Ejkx{YxK@
z*17K%hRTm#ywiv{UJA+;$A$4Xa-qQZyDIc-`PL>cULM)v83iei#>@SRSj^Qj2DbOk
zH-%7kr*(|a-JpMaS+@C7>RZOD|CSNEDm{@|1SCZxo|gTdY94Kjs}u8WovM6c_>B@y
zREg(Q;Osy^fcZ)m#AfTM+bWTRp&jIgCP*gc(Dilsx(^-RN+K?pz!;I2I6u^OJ=zL(
z1v9WKtmQftticT0k||JdswE6sEyFW+4_cAhoa%OYx(@dxSBZft8|i!&w8Y3ZqBe((
zMiFWB*HHxxZ26<(oJ^g;A=$*(D1uCq&9QHZ7r>whmfgKm)iQV!F7^d!D`;A!3Xy83
z0#rMgEo3RD-VrTMee3!aje_iSlM|%9?SwnOA>Y9}FH%cW)L0{9Y<fOc{*3x<=Cg{?
zv3Y|N-TA$*;wN9mz$nma#zO@D<d%CN{uL}I#BG>$h-;fKjvxkgSqH3<##i6nrv-hb
z&$g7+;j<uGOhmRb9;slUd2y?FxUL2_(~6+VUWk*|LSwgMu9TtIQEi@dqUv7m?N*oy
z0u<@Of9eDYqq2%&vhQpNpn90K9oH|BtS?di7#(F2@*Hnt)y=>jyd}nYCZ2DXS{Ga3
ztG}z$<(EoSZrBX5BE@~j{YaDO84D89&pIgOEhCgk<kEPJa$Yb3O(~xolw#;E=u^A0
zsvf2*{6vzSSFN_}k6ZheBV1OWMoY)MN1nf>(;g$c7&7I784<A4T+bVVpj7FMM}KJ$
z{Ljbx71I~HN(b+|5V!r525}L)b{W$3|3WZ&{5J7wRqVD#)3pOmmfa^tIT}Yx_lJeL
zo4?K=O;&V{G?#;fA5#Hg6Z6=AOw0iXBR%^cPz+fkOI2LxSrJJ^*#gmm3o6qyMv%j;
zicCw1^pfaX^WR1L8yBy;TfKPQb<o;!>D}0v*5uWyNO!xcCzUDMMaZlm#1+mucpkI4
z5P@eYzCm^O!{igh996zUEUBRzkJyH_4Va3Dy1*Gx?PD#tzHzym(4+W}Shq+HZcfq;
zzX*0ktvzG(TDts))7@(~o~*k5Lk)+Li?46JT=9(L;R~`C;@qQvVYPFu2^(4Wg=9#Z
zE0#$z2hli7VEpU+_2Et2DzJ^{M99Ig3(f{8?O2v8NY7P1nleZ98BM0XvD=nr=!=Ji
z4dT*7cNgmnQ}hSs=^v(@$b8f))^UL6Z($Q3#!@saDf)=4Z!Du5oR@8W;w@e(57|;*
zuFtueHaNedztr17Nddw}K7q!ezW)m)@5?5KQu#CNteZewLD{5?us|F0LM`*5)FHQc
zeXUrdQ&Pvo#`LYnTv#>*xSr~6w;M_1HqG7_sp#=UJCcSx)cjNjTC~8*ftEEV1(x<f
zJMuU8<}ahXyRTL$1R3pJLM*}4zKB1iOqe#NPEulxi=BF^?uW&p!~sfqVRrzfV0Qqa
z@Xr%%h#1j_Vg$>S0M68ECeiK_F<YQ5?m2xIjQWAENjf)uT_njl_@$T1r==3@Axj{g
zU>eZ%ED>0Qkht}kuf3iDRM{rEf+j+y9G;}XUeB0_vc5^8>gk@Rk)vZeX|WOCa@rZ^
z7%l`2GwPEWNT9#LE%lyP9X|J)@~kOn{`RK|&LkKs?s#xeg8u4KZ1zT3N*y<5H$p~n
zqz1N>zd*Vp=s`-#Q}UeeXLoMm6HFWR2D0fNIxK$&ouK_`-h0lSQ%I`y&<<(8fjpEc
zDRe&TwL|-v=JoNG%VAQ4Y#GUWm-8bx#?L&#!n_C~X^Hl7@P@&b(E|$mXGjC-Q5xwf
zO{Oe4mTq54l}m8p!9ftF|7wdI4H-n9BhfvJb)y_cIl=?e?5A$iY8koPdgr~fC@m6a
z$fOT{1q)_?d_~05@oP$%lLa*o>;q3_q;>CSm2LKgN6(n<fsqFT|0fAAO{Xww-T5#<
zv)acX+C&`))i!Xfn^riTb^03NYemP+*1she%~z`qDn?F9A2tybeQ3G^r*S*4P|S1o
z_9mk{^T~D5+(vxJhP8YZ_<%5O8S^h<KKy%IFvf5TmT`dDQ?AhQ2B)vLZHT$|>_n=8
z#rqk_x_Ue~D_)PCY%z7FCwj={T`J#t?+S9mp$Z-16Uv{pI?!}xPEbnHljzVxh;t61
zNmmw@^&4MehFvc(L%HRNqf#q!dcJY%_q3R(V=G(pe1+ad18v;6FAMc~6+`!el1iNZ
zY!~R8B+-je5Q>qdh^&K{aN6QIQM`CbV9kVU8QxfD`-03CC6?>H`F)?h99-gh(nB45
zCF#$0>F>9vwQ2LWXwbG4W(E9e14Noz$TQ%tMb@;_JWy&_y8%F!bb1dCYB5NdmLI`|
zDt(QU9HMkMU$Mu%w!^jpBwa9?o4}DvNAdNO@@9E2khA1py?@r_0S8^UOVyhiP3=fn
z=>ToIey{*_4PO_-`xWJ^9$)jFdiP4q6#~(Zc6xy;qy(KHeWu%bW>*aRQN=AoyqR`}
zMkW1mtU|O5j8CjS?9M?CC_WzO9}E&4lpH2d1zMusuyXA#9uaGj{}UUz|Js0kh<iLL
zpEIj@*u;nv@xX?92Dy&MO}aaoQ@y{V0QpIceB=#laR^joAlZIwRalAxZRDaAXo13Q
z*|fbH8v0^kYd;FsXNb;4=^z5-Sr=a*M;v48=8RuF##P8;{GstkJU8Hy0FK=!T~#E=
zd9Mj$@Ot2LH#z`N?QLhI6{~zaPwjUl9Br1~^${0M5nys1Hi_vzDbY!E^>jWtv73cZ
z;E2>-A`#*?J|wELu0#v#2Uu7R$7P03LO!qTVuW0b>&}(Q%l?&joaKKXUS;RDe6sNI
z#TWfr)3cde(>3AgX`*QYghL;j&YG#=V7mkxY7USnJL1Oel)E=jF+zFe(bhvkxFx^q
zU@zvhmFUCcV9ka%bn&#)+q35R`kIB7c;}k7vEzspFx8CJQ#v>OFo8d7*{Bz<?Sk8=
zc0)q0au}k?1;1LCA78d~*CsLDupxdpFR1TMn1YAd8cmC$>d<A0O4iEjoa5B~V7}~o
z-|JT)ew1S}YUT=bnNM500rkUwVhLMHuq09ffwoARN`TAAU?0u_$l1G~=-8P~Oo~(a
z(pRw;oT?VWZC@UrB9c}KhV+Y=KkJipwVyI^jN?*K_PNhos4<@|3cO%wqI>bt$d@l~
z<F0Fl!rAys+qYu~>&M}&9P<Vf(4*sC$g8DuLnI;P^qx=%A~;UH{u=@u<cSt1ahmq0
z27@`CBC+~zaq^oE_rrovb9&jt2QbtRjuUVoJjC2tU_Xdp6L*cswaM4V;m(oTuOlNd
zyosA6Qvk2LRz&uVa2G;&_hRPbg%$~n{6nb6{9H1j<QhSAkI*;5<r-mKQFunt-DUym
zeLhra1h=4UvKutr5E|d`RKCo$Ck1+HG(*)olaK%T`(Y@<TPXY=G%PEw9ljtaVL(F7
zcBr=TWN*&B%0%|Mbh(L$BX?4yI8Zf#yx|alkrm)sX6g0e^Fy@-Tnn$G_u{bM)R>^8
zwSAYfvoY@2W9(c!-5wPs*m&(Ie@6U9%#RP6dyx6cu|x4i?GLivEEvHnIrWcKJ-uTp
zIy8{E7nmTpuM7pZ$ZBd_^Hq}x#oX@`ub*>=XG<;f#^AvgD}Ula-B<(DJjYNhyN+SD
z%smtlE^EqbFSr<`E{OKxjv&=$RNS!B)pNpjqGH&y0ERs9R55$@Jo=Th@s1U8kdv7x
z@-FT+EuQp8wKkEwy@ZdKcQa$u>t>z9PwQ5;eun-JwCXGd7Mm#nJKxIYBX&4jhYcZI
z+)~xIYJ_3p38_r8x@SQ$+a0k!diT!m%U@c?$drv)XO!2m=Hjev5DyEkZ!m1sFkzJH
zpU!HArJAfvVcS>7;3`rtx=VB6D(jjgZ_Ef{KC5DuPB>;0&XI2g$rK$$@>?FNM<oG&
zj_U<z{A=Bn?J%@{usxVm=9oTv@rBY2>6D|Zbj?rvB0~{s33+&JA4B)B$ygWhfF5dL
zES+8?sHmujlriU`pJ+l}1S|@Qlm8rTRl}yVC`UjwK^!6i@9@A2r4#^+vP~|%uw5cM
zH+j4xaoAXy^}wP{@{B1(rIVxu=HRxBnvI_Xa>FT=!!?9Dr1_b+nw$?WYu&N37&+_Y
z>EO`(VjcBm--cN{!+ituez4n8^3E_m{DDYq<GBFrQw#nv1~|ff1NHt2X{uTa&l}f%
z58DsW{d3jWg^h~8SXcLP{*<uoudMnN-|C^NCEUv=ubRGyv_VstDBI)tyG11qOg&ZI
ztK=`27XQED26)*1a}rn14OnDfYH#Mgl-d{<f}mzu)<tq>rc#d-eId?o+a+t=`i5~N
z(BkuFX+<T~DM;#uLiWQYP@(mNk$`}$v;9_T=9O<FeQ3c9i`tZ;0=`rmgKw?z@z`$v
z)~8)7@fkadG+4(SIuUs6-@gAJayJCD3wG$`m_$cjl3Dpo3_cHL;qq6(mJ6V6eU$S>
z6?<yoipj!KxuQTFh56K+oJppkUy!f-x0`3p|7{u{9gmqd{<7+U@MA^d3N*n_UM=Te
z8>yF+&SNL$ynm3gi*_G#XN2!->daovjqFv(efoFPsV>WO3JV9CLPFmaOVK2=Gvdn$
zcmTv2yFUyovK61rU9dxqj5QPDR&(m_>zFM2)SLLeVGK4%fs1jVC}5guP1ji7MB0Y1
zbrK(>Ih;`xgXms#sd_%f?ji<y4w!@G^B0H8jRVS;-aL?23+du|Do<4-_m}P087;JR
zSNU8))wP$0oi9EZ=M#|tl+iL^jWCuBvbz^V1Z$2`qqPLN6?OPG{--N|CpF(cD0Gm$
z-T~OyPKqAoketQnjSet7!(LcvGyeC1*>*|(LAavZv<tUsJ0S@<im7jS3_A~i^ukKL
zy?R^XHw$gti}_77@jj7bQ6+I%^BM4G{UY2Jt*5@d1Ffd5Xy+{1y=Z@cPgi0!i+x#`
zCc@InxY|+aCB&1#>hLg=&Uy?RW0lW+dS}y=$SGMMef(Eq6j6V`yZ)$Mvz=|%W-@pz
z9L%#j47J<-$TY+Vep6F}i-ayx?5L8N%0c9jf;B0ueqh8e2g3N?O78h^eZvQqB-j*V
zqby9J8op}Tm{HO5Sjd$)aCfREr!rbYlBv!@Fw19Y(!#r~DcN*gDM}I-;M~^Jg`Z>H
zpGK)n`CcF0j8ib@1;4s4td(K>79TAnBR4%S3qbc3?meo|>3O`nGbDSQzL;9-#h&<r
zC?r&SzH<fNn?YaiXTL+{1)Z}h*pWV{)&^SDY>ykj>8(4CG$f{arHtA8YvN9Q!T31n
zh2b;#ryexjq5Gvth9W?HyHbhru@$EfY8>l%VuZC7=R^}469AeoyZ+4~+^(kK-pjL-
z&f&Z7VQx&WXZ{gx9WJ~hW3`01NyHtM8WZtf#9#8N>bmgU+Jts{A$wG{obs@P#iYg(
zS28>|tdEe=H96T@pZC;C#N)MHx9XnwLV#c_C5%6iW+^BBzi01qZJ>Z@%r4zgl9L$T
z1s8_ZT$!ieL_C$oU4Rt%o3(A}g0<}x7r@cu93F3{tg{RMEW$dN+*`<-_PUU@2qmp-
zO}~fXgr8y=kDc>i9Ldl~MjuN!vI$$QDduTq-0-gv#Y$_)KV>J{B^JDkp!&PF?L$zQ
zrK~&&)D5hcVF8SCeyyk{j`L#mBff7W8_@(ae>B6OBr%uXKUOTqSPxw(lohT23cM|z
zEkg8R3g^n`i6M#$->vCEUctfEwy)rsfIM3$!EBl)m)-FLE>-U~e-`JhTIDLiRr0(l
zweI~M@1bVW=Td4UDN$8<LN_02-0MEAdF7gs@yoZYMLR;gQjT{P&C;Y2cA-W*Nh0&n
z<3k$P_Dy*@VB}1-T*^@a-NToq6SxH>MkL@N0_=UThiKK+&FChMyq((oaNK-S^?#^}
zPpr32kY;ff+Ez8$baLw*Rxsjnrb#s|*S7CptedO6?z<5=7?v1$bVRa=kAB`eh|4DC
zbP(`r2MtF(a?vgm%)y;N-Ar8`L#t)xCboZ3w9syCe&U+fTEH@S`|4CTDfnKlL7jBN
zWbnQRc)p~)Wt;9N55rb1U~Z$aMKfKTpH&^51)=Iowv0&N?l8sDGUkV8B8P|MT@SX@
zilDIoO7h>w0$4i@5csi~7=-C{sn7}`X-)q8^Qj$LIM+YjjHe|r$!P&jZ*y#sy~;Jr
zVhg#x$;-<B!Ryo=hLmuADwmC)Ahn=fN9G_}+i(~4c(Zta-{qa!DkiuZcGuQcJ#{R_
z`|8x7XV@N1%e7U{cRrWgAv6=77Nq@GDeK_;e6oM$vp1<*JC<pL+-doR!*LhVpMASH
zo>MFhKipO)$UuJy{8ZSU0RJ5;=V6H)k*@$)*kI_n6t}3Z@lUhnFpImU+U{4*Dp!Hq
z4i<$>r8EYwH2S8vF=N@!?3vF3dj<@W^q>4^np%vkh^AH~*@R7fq}>^rOg3m;PVV^n
z<18_if@n**QUe@of+HiX$tc11groqI7?N?rF|MsU$J=zD&RTyT*ZWrcrhR^))>}E3
zS~Hu^13DKKuMa7#^W=Tkt{7ru%y`{sAfKe{i(|Rw!9fj`9xX(JnFPXV-zSD3VDdT~
z`ba;;3pfrRF`p+^Ipg2Tf>w7HHMH=)qjZa4Mm%+=Z>pIuzihUy&si!Ax$xeNQ+KW%
zOY6$3LP2LSQaaHSa^@N>;*^EEO-0g@X(!@Oheya5b>njlm336zb+@WUXgmKBHw(Qq
zyXbg{-U>L{$mHU2K$WRx8e}6Qv6NHfsqV@9w*)Yz3e;TR6)k^bs?dNnIP^umOKi;6
z{b9Ih$>dby-PljI8_dvVZv58r>Yt~^Ka#Dn_r8EBBep|F_dNP8cL~h;4przQL$v6_
zK~dF-4fmvPPESj-YLc>;#n5KuLJTtEYJ6sN*9C5CjMcPAk^O0F3OHN$`5dlOed{S+
zKQh-4zX%PBD#=Aj=QGmer<6*DVrEY?VXjqp&0r)$i)ns?rHiaDu_AFb`cT^Z8%6KO
zFh`|~26Wr5odEVmA<$!YLCV*ru{q`rXN<Q7^RadL-dx^-X_^8#@CEt+@s2$kGq|2r
z_*Bgc<?DvW?n+4=*@n$;1hjahsq5eHDpB6PH!5-L?oL_laDJXFbsO^o!5*E;h>Bi6
z?vG5M3}IgyR2xlu<L<D4$mgb>)(sBpF~J-Pp8un_6OA~2Na|{6hlzn>3gLnVH@0_#
zIJiB|gf@n+g?ZKG#bNw8oSKs#Zt$si;BGqfgg66wx2wr`zH-6LHQj?J$>y$}6aKuZ
zHB=;!`o;D1kAfnVAdY2UTfNTiVJ!!XVGXp+=C2YG#?N_ovLZ4TRPxDUBjUjJ;k3%A
zRisJs$9pi4`IYMYCrI0-eV1+Ol8X6B@~wLcZWN3PF3ZbV%Z=@QfNc<MTdbB!C?8s%
zbME1wM-ck)M+Sh-6wtcOqh1#fPcBjtgLC~9Yd7#}DorFyH9eS(+2NfcwpgsjG+iP5
zoaue1DOb8i=7w|F6NV>DZ_04>NThT*UYiNK_k2|Fe~9#zA<vozrd8qz`SVX=+-B%%
zh}HLSupd=*EZ7xv9+4<N=F;3p5w`TQ5%_3CY2N@zRW%A5hJJRx!c1qL>Mwg71Tw%N
z(UjDKCTFxA?_!IF@M<{h$0JHUKcC*9Aj50HY;J{Lw|rGCr?39SN9UexDX<e)$D>>`
znr1hvJV7ZD=`ncVveZvU_UB^oGX?OS3c7qkWPj-By6w|$cUs?F8&|;qaeG_rHGF6N
z_)pO-yofkh1HGx?>QL6G3Bf8Mo=@YiTrJ$3Zg${$vh)^$L(G~2!GRczq!fC-f(-6M
zZ`-lG(Z1Ujd_PTQ{xWW<&dV<q<>${_gA$-;!<gq=VMq0#zZr<W1Iu~-0GjFt`T1Sd
z4tSnLenMp^e=N1>+k55y>Y0W@$D)~i??7oR-s?fGGfr}<tKz->3vAk(E2XDEbGmDa
zvq7n)l+^Qf{K4q_*HuVeR6Ds5TXHiGVBgpI!<?t7q_Ymr-B7m-|NQUKlbWBH(-=!`
z1+~7{YEAM2TJqxOw6D4KLUzUERSl;>Y$QFYK=WHW)=hh1>=PCfV2b7*EWQ0--qVzo
z(2FeO7-&lP-$uk;j@TKHLXDQp><O1d39~HOn%e2PlI8~pX=fGQty>~MGBb$gd$}r;
zR#RlBG(o`AWrgKkR?a?u<X)2I+#`&wxa$cC!0Hr2w6T$qcio)F)~SXmrvHx9!zL2r
zR(o>U>xSsKkoM`;Rw8Po2c6j4cyVKlukXXpMgvv=lmK{E*qj$up8Zss5HbG?k}!Y0
zs<+f7{MNnqz8Vc9)G}0>x)_n~H9Xr!uO32&^y#J?nD3c0%B2^F2?ZZIKsRq>T<tFv
z8uhPc7<JQKkNAzenm1y4KrA&MQW)CV#Y~y2&G=`jiYz24<T-tqO*66t$?&RTPT!dU
zpTXT6@XAk;)lg!eoLlUq((2Y?JYHXYXDdf43;+CE$e-AE<r}qn+CtC1O2o=-rc4-n
z*@VOy5^u{j$uA)&vE;n692N+pxj{_iZfis2?u+V>n^i|_jH~z?CyElV>GMxjXxeES
zHnY5F8jDJ{RpXCz?B*G8vbVSA19y<#Vf#_I6rEkM`;3-LGsMDoQvYA$n(g(fNKJK)
zBd&~jX{+fVPvpiZD$C2Q?!o3?fL>PnPl$^cQO2Yx0&jwoL4<;hdtCseEw4|DzM0SD
zEuxx;U~^CbEnZY>LZKOr=Vm_3>=K{R4ex{HlB@DLeUChHpaDv0Z=(=T0*8omeDrOu
zK_TdDqP?g>AZ$^Ej^O`_+Lc`M^*b}x3^*Gozb(L4zc9-q3<UT<nG>RQUSek!Ny!YI
zI36N?WxMZMOC#53$?x69El2h+<T35hPnb&A-oBq}dYV=}{~=TkZkKM_yMA?0N$9~P
zL}R0(vEwLB;Hn;%>AsVV-BfH=C-V4z3DE3UtN5AJ44(Mn`A5m!ZsWHpk9aOJ%R9{j
zRoxb7tZD$dYKsmiUXC4{hhaHHW-S9kvZs9(ueQ2$;$8cq`F2@K=#Q3>^K$@@lC5p~
zN!oaK^5gUfxx^GNf2%#hTUpy|Z=IempuH!*`l@TisL&7;3}raHL3{GPEA=oY<~z1n
z&h>g~H0k*f6>^26j2m|-D~<Ih#nd_NhZAE(=nEZ@pmMKA#X<*#;m*p;t8~(gr;GBG
z#Xpa`LXi6ibzi_xEBU03Oaf<J65}XHmaWhkZ`%@vGw>WI3DP7K84*|D7s1J9>8)6t
z;Mx<sXt;fP`^EM9s(pK?XGH5qB7GCL!&qqrq2~%E_PR?iTO+4|ukb)@!B`dvzYhiA
zCo-(RD=nx9`E=;e*TZmpOZ<+iVLPjSYG;OL_Mc4ca#P!AK=;3u;`^YlK3;W+t9>@I
zJEvM}Oa(`lysR`+lSvtgY975HN6&z!co9X`z|?L}!n)RJKXeMK0al$o&m4)0yAR(2
z&~3^?faC~`>l(XjAC8&MTdE9qZ0=J-M5s#@yNJt}jpEro3BqpNN;}|$!>4^J1;3aV
z{wApN`B+sC`kC;NZJN6AYI^?x-AqQ`_)ZS<JqcU$xPtDexAqehry`hwr*y?{_CHOY
R`wjj&rgG{?#(&Jb{~tp;A>;r6

literal 0
HcmV?d00001


From 413783d35fdc2da875ade876b7da12cc05c02f44 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 1 Sep 2021 16:21:00 -0700
Subject: [PATCH 060/671] Update simplified-sdl.png

---
 .../images/simplified-sdl.png                 | Bin 218369 -> 174076 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/windows/security/threat-protection/images/simplified-sdl.png b/windows/security/threat-protection/images/simplified-sdl.png
index 004814102fc3e8272429bde640e4adc1e752f333..97c7448b8c9b741540731dd89b14a92a744bc2de 100644
GIT binary patch
literal 174076
zcmXtf1yCJL+w8%e;O_43uEE{igS)%C`+?w=;2a>hyA%8n+%35K&HLT@t9Ev(dV1&C
z+In`TccwR1RapiFkpK|@0HDapN~r??Q2z>G1|Ig`nahr|<X?s0BCF>P0N`T$S0Jnl
z=l^5CdB`bA!yO<%;9_y~?ckLE50cjP5cl-3adrb#)=kO&gOEM`K~h%k7H+mK9=6U-
z089jO%6~ZGf4HQxi?5rlwT%a$=F618KNR(UsGF79e^fFLTSqGZ_v06Ye=P|AwP-kh
z^YAuvvjP~oeEvsA`d{a^?iLPa|EO+&*1qQCe=z)iu#TCVldY3AppWn{`X2`O|F8FS
zv#<i(e}<p^A5GHP(b3Au1Mo1F)%y>F{g0+;>)~Jp_<1o;3jmM-<fOzkee(7Lee;O5
zavt2PPA>xew*>PqsHn)v5ztZs(TTCXTEm)AbmHTR!C+~wOMk_)CK5+;g=kfY2r2vt
z&k0{bK?aS1vx+&^<MHG1!vEFjSKi}mY0JN^HZPcda+(}uUsSnoHi;bh&b}77SLG`0
zBYtKmj$R~iazjDF`}?LoT6mRw#<TEPSVlm@Sbdvl@~WqggJg?RFTUH@@2g`34@7nl
z^5ztFRk7qh^J3c}2L!WK<v%!M>qM<C)zTz2DS{q-r%JG-VdyQh<jd<T7EV|@cV>ld
z6TGhC%1x9;({<R9fXppo4Wi$aA6sK;*H$=}9Jkn>k<5`8vf|2B%9~CuJ9eO;peh~Q
zAC@~THzFHsmcbv+yXOw|y?UEf3^8+KLqo?0)6<Tk?t`t4ukMomE8^a?dnXHcqd}&x
zqS>v^Ng_$g_Z4Oe%@z*k4xaY*XQUff%myuYUeo6<z7k4AwYt!`)PT?4>jyE@*Kga1
zeBiKNAvQiAaTS$WB&VmRr{9e)4iC7wS-Q|9nK!{46rT%qfntU1Vrr)P%jun77ee*D
zy}_@cb(uVQoI05EIh`ipq%`RmMlb0cjUNAcpL^?q<i340l}!awJJo&1C9yfvIL!ep
zUxU{_*<5qu;xp-%;8Z5saX}Pv@f2uZL?I|>3X>#ge%`4D`0jhT8vQ@-sR13-O-HFR
zEFuRP8Vt!oH?rpajXk$tF-k!um%eyJL<E&CbLI)YZQ@-POlXjF3BGtSWH3vFn3guZ
zzl=~kzCkBFDExW`O9R=YQeAhOSS_MCzeT6Abz(H_m4UY3+zS~kw~H(bA7-L3>o&XX
z{q1)0s0(33)GHVHxP=2g2(RgdxL)uyr6c7Lr5pl<44sw-^t%Skj7erL-v_;5Ex$pm
ze-s%Y8ITc}JQ|P4XP`G&1?BOfl9?(1Je;;0rqb>Zax%BpLGA`G+neRQfW8cFZc^&K
z8eB%!y}9xGm?k_da{v}w%8<bqIUK3A9t#X*wJsF<kY1XW*HL{n-V0&pL7@oF6KIg9
zYE2k3Tt5}&sFh9&aTW8+HKU-hA`yr8@Hs%$%)x2~C~yvX)9`7zLd0M~9o}OOWrqQ*
zf~Wh|a`+f4OoKfG1IR!qxUvnjqo?2rdSQMFlPG@rh=7>b=RaWmp=)oY(b@d^`}N!1
zmLpc(x!|X8fNE@J(u&^oF<ew|G)gA3tU3`gPYWWTfo%oY3hoH*3e*7QYu$zZ9-V_(
znjiHFAp6C+@&_zXeDTIumKlu6<ibYx6rH7!<+;rLc{A)dThLna8S?{ztW>eEZg@Ao
zW+&PVNNE})-smD3f9OOs?goI|rkK(v|2utyS8bHac7f8;lwlQeo&sBIc>{wNDwpTQ
z6{0C6<rhZf{N)Rh>Yl7uUch?Z1GxSxT!C=wuh*EwCZ}bGT#rvq!I>i68|yO}g=;vk
z<Zw<Hf~M;S6elo4=yTkLKdcZnIST&lTpBSeyYXKrS0;5aDUXtpmsAh|8tm&P%BI4F
z487~>2|7F0lvzIn#^6Tt1tc6TBEOasFgq$8^P+-UH?I#OZ&M?g^YE92rN<jw`NZ<%
z$A38*9B|)SXik4{7R(@;EIJpjiVd5oDWlh!&K-^cY%^NNg5%<qN=3t>eNc^Aky-K-
z*Hnz4sLk!^xVg_fR@A|^`149!JQNwblzC4?c2hWfvXY-L{KkjA9}GbErfTE0<)riR
zzJboe6C@h6C^ZROnc(aJ0Fs?w-dE^CRYZZokh2Vg=+Ur|8CBpo)J9%UPEs9w5LwFy
z5Z<^6p>lbJ(~K*<NrUk~k)7Ouvf;KMV%)IHo!HDxmnq8C)-r`H)g29<Mo*R^sYyLJ
zS`zdd%*pSzBue6X$h&f3_<a#+q4iq8&}VCr(no7Gif>od@PYj>_ZxZ_Hpml%YR)U@
z@JY~>kH7MVf8~%_?!fO@b9ninlxTuFT=B3rzIH}wu?cym{?&hqv$Mim`Mlk73EjH>
zc_B%Zn;>%clbhqPvUlvA#Nd~(tg2$4_Vv|miiJo;oV6*tI4U0-m;`V0qa1X9q^L%F
z$>@BJMrx4Viu$n4))vcCj$eJYm6)ae{`=y31GnoDh!p(zd-BV)+{mK8`}hfEP{F5g
zRI@7;-Jz{%<g@#aQG?J@k(OUR_JoI@qGk%kx-zX_1-^<;ZAV7>o=v(&x5DzW>zoXo
zMg>c8{BT_5=<#1V#ncw%?Rnm@LXq?8%^iEhrCA;@hhcNeqlXQlSDp@7m(>NNGVAf}
zBd^J8<=3womV~#oj@0Jcunt;JC~#fLB_STj&46+EnM==PQc~dhA6n>A>XSkFQBVzN
z3x{M&58e%K2i6tQk9i9XHv`kJzuU&*(a}H7af5rfzSn+^WHsUk*Qr9V!z#JN30qIJ
zb_-FiWg}>O2VJ?KdAEmozxtuehB2ez^J7W<9B#-xfF2Fk=^!EvqCv2}Sc)xMAkKSx
zTL<mX1I&<JohceJfpQUX(tH%(`&^mtfkdRA4@saOb#3Qq3R9P#JKtBnah$L^#hi~Y
zo<Pu<s>-Dzvu@d9to$1Mice<o_ortssU90D*r3c>{d``dY;Zpr7AND&82gEwBC83}
z`izo(WXqtTM!fGx1~a+RoMrZKw=PBkt1HFhwDSd@DUBk~atCkElxg9WO@#gVKtbhm
zUq{=xOZ|1s_p+B-BfDoG#tLb33|W#|x^G#gfuV&drZPqs&@Jmgxo>CKG@R8gOeFoS
zxEU&vnUbc`!L7m5cT(0PKH$x<LtdkaQwkECmS}@!Kn#lqr_7OE+PnBo8Rv$y`!8|f
z+sA>oVS%vu#XRZg*{*f1MZJZL9}xk4Qa`hxVh@NI99lDO5WF*qx=y-@5ik_C(=T|$
z?^c5Q%ja&GqD;0U`}WuC>I&qI3Y^t$QcVnl+}FI<@9Bvpf*h6sfrbbXhzsbv++7<2
zM8pR#>sR|vucFtFh3^O4z3mm&#ub4mlXkSVR)h_-`7(LckUATM|KhrGO|3QXGYds)
z_kP}hJAmyLbp+Pc7H7--qhX;4U6HsX%j1pW(~*KH$tCf{-;=*b34X=HbtjiVz_y&m
z+Ki=C)rt9ntfE|STj?G6a9zLQeLjD2*wUGRT<asT8WO9C&aQxcs2|$Olm^0Zwl_!e
z5fGLqo%B}I;qK|i?<yA~w%)DnBqZ0<!GNvH8?#<9b9)`KsBXQL-859*x3@&Sz`vBv
zn6u;B=JJBx_3h%};%GkAur|Jx|HvUsR<J(3)Lzhb1~tND*@dN^Vkp_<&#ubSA}Y#;
ziy8j1=Jg?Uw8HT3C4jPS46+|zo-p9br57;l1LI&8M*2&T<wXP>aPj0B!tasQQGQL7
zU1ARB*7CEnnJswq`rP0atmbm7XSvU{uj`jn5M25EJD#Y4U(rQbX*bbk)el+ZV{UFO
z*74Z!8$X7EK95+Ne3K{1kTwm;b|@JBgZ7#KE}87}NO?t#j#jW{<a5kNIY}K`hj-n-
zJ>R@D{C*GGmsY}t;0U!cQou#oILPTw5hnF6sM?`Kx2}jeM?ii@$@7x0`KVQ9O7Jih
zuCSYRSvDtKbB3*ej*O2^cz7?;mG#f#>9DO97bSG~AV2ILsYQHWmHf}2%R?!q1@oT-
z)MNb8lP<+X@Q)Wm6R`>huHq6IP_C8Bb<ngd$=K}9GD(7NJ)rZfbN5(GGdMzs6WCn3
zz?(~xH^=9s>WiSaDd(=oRs}&+J7<ekO6JJ{%Py)Ao6iSYY*J@ZKU`W_+c3U!(H8YH
z>uBa_o*z&lwINj*-tY$E^V5=w(jVy&wZQQ7nSxz>#cyW+w3ZpYe0XNS>*dGW_t5%+
z!1s>&&zI9Jt|0={3sr)wj2c9@SVW+Qh{<x3xJJ5IF=)H=G8sZAd2yr#r%tP370$5w
z^ij{u-q*1*u{N1B6>m3LPT7q?FfU$Z+wu}GJR&dFA0r_Ik+UH`DusJ5R)8_+6l!+s
zaf18v&UyCZxV2R{&-A+0qbf1bw>st|0yVOeEwwCNTH8;Q(uZ()!p!gy*8r6K0JFAw
zv;2Pf15_CH!k17>cyy+LAf4@Rtbfre<8xSq=4{mC?m}luM`!hyE&8{4d82E1{>$1C
ziSBD8XYbA1EXn)Ho~sRQbJI(bT<%x)Z}MH9*&zXIvyzjNMm$u~+A;G$h?VX^uV7!n
zh29(=MhnK-=FRj$C6@jD4Fva!=yG1?*Dh+f;I-l#-!u72Rkq<cuoZG?exoBpCGFdz
z`{U<Mvqt^LEx75iMrCNRm3BAhs}r_(oP&&SFH}ork!`*KVzl%o+(+lvKbs%*S%n+7
zoI|sRqS3)E6TV)D%9S(dRvrF*WF+LYE#2~gazQjYSp#m!$XV*pnIq^b-;T<FjW_rA
zy+J?kw>ADf1zb$*o8c}0JBt&=!F!81g0&g=AwVXP46xlgFi_M$sG9jg#J9Mn%DH=X
z=9iD0yBr(pl8#taB(&tlTj|?5S#SVB3a?j}4Q-#&9_i8Tf%t$bm9=cldT6gd^@w|)
zI|CCWld>*`hO4Sjl)2d{<5uVK6Dw3-_T}@P4rk8L5o{C8Uxx`vvnl>UR-*Hp&02(-
zOy5gcn3dM*nqc3nOTn??C06fPM6-QM!#7%Oi{gl??aPVy>mftSoxS6olfNSE)le?i
z@X7)EJJ2+Wiu?O2N%G_u8Asb^V>yU$Oi2d|!pGy>z-RO8i8JjD7lp0Smt9h!gS_t=
zo|OtMRy1sjy3N;ApTLwvj$3{v3Z|MQVl)SPX2H&Pd<qun^~l1F9?M^`Mwn}+t3y;}
z#DUDaaL#|*@#IgaD4{-7;Oxx@grDJ}*R@n3`&F5K(zpzHkm|diyjik%&*{v*9?oiS
zHFubq1<xj9tUl#@=P1Q<{3%8~>}$>7BSrTVgwmvvr@APzXKXGg8H|)qm?RR?RsK_q
zoI}^ob8`Y5holaT!G`Gq2Z2n!`7(>;)3R_97h6`m!@O{tGHn~4{#=Rl`QGLH{;}6;
zGQVcL6<}Q>60{rDfv#wUVzVARJ2$#KOmOAVB)F;$Y~^rk+CNu}Uvl#3^L1}0$#ih`
z6%=%Up{Ef_jRA=w8VU^wIc)wx=o(f#yy_uv-VvC3=uQ-lo?%+l+U4uuBmG0QiT8b?
z_c7{m<L!v?vctpHzv9}-a_NBZRE8~|r#Kbz@LKzthZ=Z$K?&WJ6YiMOs`Z!)4qYDo
zIkCnTJzhT-bnW#3?zn7P?O2(PTDv5U7xHGe1h|R|cJ8Rn6o)%XgMJ$-?)<z7FkROb
zHRk$wez~pRV!!&HOu98UACRs8;|@m`6^l0HRpvFI<e4ZFguW{o$YbDNnPte`KyOaV
zB++xITbZ<z;HJ1ZTQYwIz^VG$h@2`+(hWiX=5?DnuzqKb_jrLov-=HJu9mR;dN(}1
zy%MQYx!1Q@d(yf?H%01b^R9Dp;Uvm=e>b;9#v){(2y#CDWEU?bkDfP)4By77jPDz2
z2&vW4L59{^C5BS@w$i>uV%HntmMrRu91#>rXug;+^?DC35z9>`QF6-8#XeaAemXo3
zI!-0SAp`QT#I=IAVbFjlz-5Uz`@=xs``eq1B>teI001^p>TSPiefJs?5aV~f8lQe)
zo$Tb%E3=JFk6pVgSrulPqdzh9!_Q-L7d>U$dBx}EKyG9;)?KF!hJK4b%ZoMQE!LC)
zXACk+*{dj!!x0N9a<V>ntG2bS%ctDybbK_3b}6O9rlBVWqz#2A?pCp%96tu0Fw7@z
z(c&i}D+R|h{jL}BAK=$I`!o$ig>F&LH-sW+>f?z)m))+X+at83%Gk+)g+7i$ShCb*
zUrijT^byhdS<`b8xb?hrvXWOI>@Y6gN_&=W{deq;ebqsn8kPo6Umjp^ZS?gz^1*Z~
z(zPzkap?J#OaKmYtryGr!0)TYB&E-VIlbs)7fOC3*_xX2F#~F0ZunwGqrU*J=O(Yn
zRp}_p%Lk0GBg(Y*@aZ0{ll@fb@4jN)rKFJONm4V14c+HlZfB!_YEwdF-&;?&=8u?N
zX5XA~f#rBw(GiqA)FY`t<k0l~=F~1vzS?S<(>V5;so7ADSd{dyW=qURTMswGtp&X`
z-M{XYEq`IJ5!}+PU}`QH%%>&2uA23?FQ?zl`?$_`C)=~lO#X}$NkYsKcCJ=fZX6D?
z`g*HvY60y$%&(@*disYf>jn?OoSx*>15`&xlZ!-8qz#11<tiW|E;PLF{_<&Q`ox<}
zvNaDhDqW^`SFpp^Hgx^#(U0*>e5k5{v!PV=%yz48bya<?Xc~UMW+HJanhp(@T!m^>
z!=+hO3@62FB+Se>2zrKz>JAITj`7a$`6F=+ZnO2Ri#xr^xiBD-h#tUqYv0>#sIau5
zDnDY8Zi}sohxeFIGndmy>qaj5=-s!2y7_k&Emc-#o>h;931@7ySC>pGEVBgHE6iOS
z{##nnLuMG=*+zOW)|^2<j+N|0vaFBJgvQfD_q(*iK!Ex2wk7stB<tp5W$QZ}!0;pe
z(S%TCqz7n!2t4+{;(JEa3-X@0z<)k-5`QbXsEUrL&(Z88(ziE9p{@Idr>TNv1=}{G
zs;bTvA<cb08bu4~z3crMo8D1a$jaE`ElvhZ2-oY|1$}E)q>hVpJK5X%$X*L}naUic
zN*3@KSBiDmO#^+yZ1)Org)lf&S#CTz80|;OzN{*3^L|<$;ARksV2z~yBGeKZ`(1+k
zA^na#j3NEksNN@Ae0;43*J3Oup3Ib~F2`ovREB_v5nXN1y`<=Sz1B)sQ>As#;}`S$
zSkCBNWUMtTI-Jnd;HM5AXZt2@g5jKoasm~%<Ak=Th==6Xl8;1*rS#bC+9!(62&+Ev
zq}|$h(dgvrM~cpYREA1jfw`z5taGN5%%<MkkHR|PqbT>o=GKbkA;NT8)RxnqTpV;+
zXJ3mEow2u2{WX020ieXbUw#FglQ19@dAC^`3`;1!xVAsO&wF8=G{43SZrtH-vcgU2
zXc~w4vXooIa~h0U2o4^DE}^`;ymq{2MasCp8x0beGs3QU;N2r)rT3{Ow(gFn&^cJ|
zI-KKy3QG$2fA^9&+fV&M17+XWH`{BW7+~DG@4Y`#9Z0kKqnFVa4$W8c;Av!zR(N{N
zd=Y&b?B976bqP?Ad_n!ivTP!c=3{v8=rdl7C`3uOCo&VU*7Gk<=hWOdOIy4TX1KgH
z_!_I+4{nu`D9M%B5-j!l>2F66_hhwqV@gTB8h=W=n(j)XydEn`3#bFG9)bh6En+PX
z&-`fc>la4>(h!tsiFSuCe|8b^-=1Qk-`$JCc+p*FBvp;tW|xR4aK_526v>pSx^-Zm
zXL+2hM&YkSDR#;|7h-lUq|S$)WnSMZw>C?n_H>_N!%i%J+hgP+WBRo}T}StN{Fw$^
zg|5x?u%yoSs5)q=9mj>!BgcJjzdN9NG!L^dREWI%M3h(6lTn%qN^Wuq(9B)MWhqBd
zSun?Yeu6)qjME2BKvi4sy0WPh?0f8v(n?YGSweq<K#FP_Q??s+YY(_iW@$f~=~;N$
z{ZS`yc<93rBv+SNypHefRY9gS(+`!qTO!L1y(Q!T^Hm<KUAX^<uz}xT<?=(r71HY<
zzyV4f(n&;T*c;hsaK_{wSwN=*1gnb}T>*s@MVOLnSt{M_wyE+j!j5<FUBt*mrm*N@
zV=O1_8s1$C9@d5FSxpG6?<8<&yUM7k7p#3`%I&bFxH-{2R=mGNIki@FOGRK5*44aw
zK9ufkI(dEb#HN*G8EQ7COSwqzz=Ably%n@7JX_%T-g(Hw`^`CdX;h`)*pw~TLY2uo
z>E2p5w!KLg7{JL#i2p!i&L}X*X&$fNm8pj7>6X%J?)OMcC`x)1$c*3|R_SJWLx7XS
z9a1rMBr|$*`9A#P(|+N(H4ns;F27aDW5-A%fDJ@pAI*XMIJ#QSd_B9?-h9TrCW~+<
zA0@#MA;98;faJThf(UbW{M=JMybzT<u*r=x`|yFf8^0lCzz$qeVeRw|c+xo{-crXk
zC|#yK!dXC2rGRxg8r1xdkAC}W#GO}#9~K_S*ExA4*-UM~c$>2iR9Mu@V*SS0V}MP^
z$d)}JsDN&3_t(_726YT=PZo=tiVnrS%4g-6?NjwA(i_X#M)A1nR2HHSRM`8-!Cde`
zv-AVoPC2wPj?)!MGMu~&V26^kDqY0jwPbfjGK@w{Eyoix%XEXBt)z8ZEC!(M=c9DR
zQ`-g><h2qWVhBBLV#x+%%Wn>+O;A8uBX1MsV<YKp)M&=FtJJ=q;<p0&+IjPXjA~e}
zVM-|>ER;t^k~)(b>(}4oVTcai3(LZF&Jq5QvKV5)Z#=8`mv2()^slQMNlywz{+0Kc
zFaqnL?S+j185!FZp-)zmT4j>?^w!$`92hW&&mp+OE{rLv_Y{4{eSd5Ge9`+)`i?Ri
zdbx8D_LeOcM6BjN;2>BkmJ%PBPK9<*Imo?X|Fsea6jQ0SPnWoe>cECTo=6+VYczVV
zOa9Tqx_m>}JRp)|CW}FBdL3xya*Su(w+s#&Q0H&v_}xp3;<--1a`LwBFB0@gn)Eum
zclt6v{Z9;FUebHfn0i+9Gj(3v=xBV#b>*WQXtpC&<T~!Cb=_M-5E^VLc@0W!KATB6
zpt*mszBmbGTY)Li0B^%OSTm@p{^rey;;`ybWBFeFaf$u;KHy)+-%h(>?5$Hn?rRPb
zgxO4k=4`jLfeJnYFYlg<0M`a~HJCTmi!y8+BK^}Ott4}Og*?mKuvpzU7G{yzu#=`T
z!g}VAeP(oZn6PJ_hckQEUM|kITxB(A+P~T+)YIKjg;r1juUq44NwtyIpvKo$O&Mp3
z%mSH);$0z(;sMUSedL&~-doX4AZj2(v6-Uer7ohMa<GeyJpZS6;lCs`ofak9+RW?G
zn521;_td+xglsUhMhwlbIGxPUs@Gc^TWW#-*73lhG=2P2meh=2QJqE|sH9Sr`ZdA*
zLU?YQT|{tdl7HWDm5(+a*;ON)U8`rW!@uC;ckhR#b-A`exQ>zxA^`P$NI08ud<sQh
zQUJ%kKD>m1EFLLX5;3(CTYOh0DViZXqKnkch8qYdG*r*S-N(hEu)nvH;#+OpB?p*J
zc}J}i(ges3;M~Yv@`+x+5yf;4QP(Rv&A!h_4Rj$4=R<c9GoZzAURuEHmwDfslDWW!
zxHn@lQz>Msm*;ifl@o5hS^%DYICq_Q_(;4$UQPhsm3We}US&kz3(WQ%g};`Z7A_=_
zDD;2Sa&N@t#k|o$R96fgXf=1!&Cw$%zpnS->_K~;GuR!DJPTq;NxZMeF6UT6e0C#w
z?_!&1!lh&P8f5uIjIr+!IY20Y@+<4aQ9!QtHL6UtLE8(-pWc_Jn?nYuCU;8A<woXS
zOQF+_(C#8|<GRi1UG?CXv?UJ*M+fS3UMVRZeO-hNYlq?4-IuhRxYj1J!F4`8koyUY
zLvZ=j;Oa2?1+Dk6Mb1?rzV9V(93N-)7NAYyw|vBfI0}%>8;jv(^^5WSu?B5`ldpw=
z|JoPK)u9|eZ{my#KYwgZKELx?=T3L<_W=V$X+I)(qa{$ei)wAi@5MMhbH-ckk>$PG
zV|YQ>4DZW~y<S1;pb#<B+Sk_YE@?JvqQ0dyXa$%weu)(qWUjhiE`B}!Gw&6lkC93f
z!D3#*<Sl%A*#euX%IJADIAB)ogKpotmxtSvR0=D1`Wc78CM@o2n42?=bIw(NiauCi
zp=MOtS*YzLI{+tbP(0W*E#ixETL5<3*#vuGbtC0LCuA0487;gKB|DzROX+j$eES!Z
z+o5e+6aTe&#juT9ZklYuKor&7g%I21;$8yh>ZxB%bL0M_2EI&jU5OJ~h5->F%tSSB
z!pN(xh~{Vf_T-x#H6Ffa$+Q>K!@GsTAZq5!6k@AmygAiehIc!T(XG#8?qp?@t>>h@
z+$IpWzGO$e?iQjvHL>*sg!&7S->)+<zKNx$i(7Vw#bv)Fx0#2MfH?SD3OX_ga|)9Y
z1(u-3tO&1^JemRRTdQ>+wM~2^WLYJ5Dn$vi#=8wc5~3F{b*r%TOvO?k(?9*I>+x)q
z-Q;ulBBfy@w2&WJQuQEqO+<Ip%8P?K^@0Es<kz6C`qc-Ot&3pPnp4OQRl(H_eWD^H
zf$!PJ1(DIwDKKzQer!~0-w9}K^UBfxSSe+(!JNq%l7n+vp=1*&Kh8Bl>bG~OWe?bH
zt|#%Y&DHGvIb$p35LDewX%#D<36n%H_TIqCr*o;3MiG82twfZXE(gDtGlxq5@)Pe1
zZ*Zc5p&sTGn~FAa^+$<-?{!ayH!X^{;uC-DUR-sEJ`LApOHtByNvjS0_s-ecK$~$4
zoHK*KDP~ZD7l`8rg1$-oy984<2u6xh>0+RJxTS?a)CCNyF=JSd-;n9WZD)3dsiC_U
z7GtyzN;f5XQ@NMGg9~~MaQJ1Llm!7<aW`$1UikVtTVu2pEFC<!J5xtWbGl~@+Wa<j
z$Q7oDp^Ws@_Gh-3MaZ-Z#az&U=nJ$nJsD<KbyO`eQ6h6BHB70V;!&F_Wb|NOmhTz<
zCu++zeNvV<s)&`44x7T|``%H(TEIMRa-N0`ZZGFDo@nfStHjw)xSW7x@Wmvz!R7^P
zi+^cy__O97vm7~x^YEY{{BD>{po6IU&Z-I}ziJ7@Wrh0y6Si!kfei@-(D!}EHQ(fF
z@u-kM<XK^qWzsTJuzBREcp}WpW*R@mEYhnCm8!*yxH=*g+#AgAV86q#tW=ku;QNbz
zsq@Q?!FKJWg=<uu2<~fJ81&Tl`v3C+{DrBzgO^!oh;&o_T<x>jfnqiKRCj%PXeHUw
z{81Cj{p}Eku%l1ImTeM4EN^;dF|>#7O7KMu6-dl$&4M}qlxBgjBLFj)XC0SDOYY1*
z^W}#f$8IczjtXBqGm)5|zD$)v5u4uga!2BF<`2VLAh$(2yTZRQ+mE&5og=QiH`TT}
znfsncOp6Qc2)&vH9%jl5ta@AlTLW<ed+<}9L~S~eWpJkHPgOo4ZKh;TS)Xu!|4nAd
zCDRhT`^}XI!%n88@#}deCdNpDkj**+Iuy`~ynwU6V$!!-y~Ae3@#q~Hp!{@Wwlb_S
zft%LNEK9Ozb(y6{#Z)Fm|In=ltL4Wxbm_wC|IV~enVc@B`*U$M!MT0k#@euej~?p+
zLqqc@<d`Tjk+HuS70(`Z_yD2bJ<Rax{L>IB14HJ02GORA!}9p>IoafP_tO8PownUY
z`b<e*zmsZtB}p+DE(SBE6a2zR{+d*~1*a}c)xuFqCm}JzLLeU3R;|^_3uWL6x2i<W
zuVNf<CCsa446NC3{OTMzgxZ=<k96PZ0Zh+Ss<6s?f66xYyZFucLYS-nJqT;k#(Lz)
zlWcVj7KjtG$NFzsNkUw6;{g`x3!5|4t@!Z|OP6ubO{!vQsX5}KY|GOQ8pI0O2i5)_
zs{gejuY-d{I?XAZ2VQ#Sy<blL?U3iJBmV<td`EiXNv8!$EG8yWN6N7sB=34Yy%?3l
z9ma}7U3b6sVQrq@1Nef|+1^wkObktW1xP_YN(V<D^9!iFZ_9=n@~G!nj0Q+56|$q~
z`~k^X|5;&qwPauKYqrl^D0-LDfoxF9U8YTi>qS2I$J7F8?hy6n0dTx0=7P6I=kd`2
zhMeoFjjR<!?JC?gM3iw)55ABR@nhaUxoJUc87C*sAt!!m_B{fZxn3)*^lB14&9RTR
zTCWo8OBw}N`m*>`p-#E+a7!4BzMd&A9UsYl7qL^+9Jk04=~ujuA)uc+oBhc@xRlH#
z*>;RPE~s^Z=kmE(nQc6@l<9Fz^$N%S+7r|fBUK*Zw%Nt*yP012^N$$FsL8VoP;_7t
z<iQ`mWK`%lIkNWpz33;y7)3ClpYw}oBaa#K@XHbb$tDn&)6^{wNY+?|Zm|aUwMN5Z
z)!28pDwfk}pn7J;`Kv@%peqX<yxW9(GDXA<Cj6HelQNg2H~xVH2afMJY<1yB3cgMm
zA69=q-zHfhwt=iHAH3Yf0U}E)p?^z^=>ToRJHbELPx0jLdosR|HiQ((nuR)%*Dq;R
zgmM)a>SD|CM_WUX^JCtmPa^zqamzxkGi_7t2ubwk`Z9wVGG;^*7J#$GEcGXLcM8R0
zH>aLR6IPoeb)6kW@wAhHMl|?c$JoEd+tazk-|6L0SHF{QV=M7*m{ZEIqjgmkCH9j2
z#{r4ubwQX9jKAze-Zp7u=n4+Pnki7T;MNe^pqC9JIcX}S_NQsLk69Y_+1cc{kHY9X
zG*futkQe4Nkyq9r)iBw*9kRT#jGHyYH{-1$!hofw6(^teV9#Jl>);m|kihxWT^EVv
z%O8mFaM^7~YzHGx>>=KW+C{xzJ_?&Y9?5i3^HQdS+&S^K!(~0%u0b4XB8Y2r1qk;T
zzKkb8Hs@|4p&A${#r;~sOI}rg`XcAlUM+{3xLpx^pnP!0K+U62@bpN(q=@fWUPl6m
zW-dj5-CdP+exsIbuvzOF`Gs%&i`pcv|F{9hyn4hPlMmtWYEhG^cOsC+JRn9iykkWH
zldTI%5F^MRdO7Wh>ULR}e4A&ex_ih#Edr1!PE1e9uN$Jqb(yS!#Tsx|;iw@K_-$OB
z`k!+sS7Wj%{x!wM5t>)Ac$EobO+PQw-|rHH?U_TUo3Cbu06K5#=ZV{EI;g$-fw1mR
zvrXcbFlZqmpnqO=eI~6Ob<s^od)GWrgo2Zb#~{vn@=2?FP8#&rgtQtt;H+Wqj{$f?
z-=gK8Zv-H_1d*j@Wo?I(O?#09LZg@L##Lq<!K9$WrutF%t=?O_<dkADJ@#6ntqr0t
zg0Izhb1Uj*0ZE%jXb()CN_(_7I_}*0_#=|YVCX==`*8Z@geYy;HY0u{n1(grgOigx
zxc;BM7|VNopF~sG1cO)0JZGIlt17p5Cq307;UAY2kT96YRMf6iWobB=?dbP&SSeg7
z;;PaOzs$|0A=sIG__MkZcthgkS8cP4t;%7-#TD(Bi(~z)f$U>5OCVr#Ur0~L-puaY
z+kJ)D{yjU@sjNU}GWOtI;_BMl#ChQVHV4;NCA^fCpgkS*-ChAUV>97EW;DW%l)!?c
zBaQR#k}}Ug*~xby1OQKJP9a0h)i~?uq{+)qlvqD;bp|p30aOKwjo=Sc<*XJRkAwB>
z-WFTOEnB9|0C3m$U(IfEULQnUOvk@;OrJtWT6pS=kt2bOqHsRkl1@!kD~jM3-F6Ua
zt`-P;sV%-dq@ubjG9V1KQ56Wb*|`%3tW_d5=W8_Fj39lDE&Lp~H!#lezV3P%!Fkxz
z<?;IV9@hTz@(hxfS#GBRpUdSJNzJN>+6@-7dl9I1+TdAvzu55mpRW7ftteRsIYqf3
zfqK%R-7xnMK72HQ62w=9->`0MHwU9*4KuzUqTa|XpNiheRl_S(jpOMAxYIHfo!IMK
z-CcvPiA|$CV2z8wU%b^HIG}r9+6pqW4>YBNqApXROQaSECL=;+Hy-?dyJ<h+J=x%z
zOyA4{B19VQTWZ@63W2>$SpzDVN|l2IUyMUE4KUlBe9luq`AQ~QNQK1C_V*xg*&qI;
zx||41wLW^}<Pp>Efc3vyLU;<h2ww~ay5FQHR&TVCy{mEiw9QmuD~kV)57OzkzCRZ;
zXV1G^UOX+&V|Eap{Lr_M46bxUr_2A9UkMc?O-_vZ$ey<mgOK7>ct&}E?FLUzkqF*_
z$SFegPIQ}lz~0OAcdp^<zd(SvX}TZi+Mfy<Z5I&@^`MV7pKD`z|5)kKtUmBRmxU1f
z``3VV&+arTD=Et7azOiM72*XE45m9K59(V;j27c{)q!k#?~s<p4F-F=U}SU^Vv)X{
z+C3t?loBr%!-{vp(0)nSl?rUiCsE36w~enUyE6wGtiFpW!nG5h240&}374H%VIGOv
z-P>xWiSY+Kfas=@f2EPH2h3Lw#~gpOHiL!RsuJmtKl$pP<n$49I=LN}oi~z<QIOB0
zC9EmY-#n+XldCC*ttPJG+u0ilal&Bb212V;rizpzQG@4GZ$x#`V_9V8N{RSzALN3`
zs0Rp+nki=Ro>}?Lo^7q)tIvu)QZ)s((HE$(*ye6USA@R+O1ejQP7#;L@lbn7-~Dt(
zwR6`g<f}ckMqBii8#Qo63|K`F=CzPHa7{i9g?$AFQ^9HLoA{u7I*86uQ^n&mZb^gt
zqwg(_CLeP>UkliSi<WGye=!+`M15SOa2`B{hg7<o5U<(H#C6j=lz#s~7)%DL9lq4}
zBO5bVwRyNG>k8{iRNl*AG$(XRa>TzRq=x(mBLIo3;y>9yI6U&*b$t|>-5?o%j%<U)
zNzX3ihE{WR1K-M)sgY98ZQ*!J5*x|Ze}NJY9huW#rnk=(-R8g(Q`iR-$?J%j*^0Jl
zdk4cw0O#?XmA1T32T-}N@9zQx;KGOsZOiuV#^YZW*7jzL$~3i0Wv+_sR^mpyla_BT
zgWeVUK_QQ=o*N7KOAWOZ$&!IIA5{FB311E$v-_9n4femsBwqcU&PVS;Iodn3cW#Ty
zv#?Ik8D54N*u3}=O8>in{&-;-rGBIBm4Tup)OlLCu2$Iq)864PqZbnd$9>3wxxslt
z2$&b0f_tBGaDQT!j8sw30_LGs8Q!bPh18|Ua#T)HQUZAOcOShuyS?<gFgCGAMMPJ(
z>i`xS#Pl;eRXpYxZq2L}>*gKll75d$5*DC=)43g4{w3<LZp3G+#EUN1Tu>uSQ3@B9
z;PM-68(iW*A|e$!A{wns+Q8e4WytM$<`rxkQ088N%B#7Hl(rgb_11HZs{Yy4Ei>c_
zxl>fif{6=gsNOlbBCgkpL-i4LG{q6wKd-d^sA-BNFIarUQufbKiUq(iUiGc5x@P5>
zIg@^!kMvTW$tHMzfO%0H+f<WO?;L)48byR`R~>R!%_^Dnq>jmZ4F37YZ^c1Uic-C-
zx&G%nR~;o*3MN)h*>8OQhFC|p5tx3n9{+?dBCGi8v+M$9=GKV6R`7i4AbTvJzxKSv
z)ipJ>2Dr~M{^i0k@o-t2mX9-<?=mI%gEI@o+kQ2ZvHlfgBJmf&jk7O37c79UuBv~0
zR>aA2KywN&Wkj{uE-x&XfpuApzX8!jO$+`wKj(|HpoytPDx35Vtt!YIio}tXPX{Q$
zkg^W^;fAEN7Ba&Ew;MPSudfDwZ6Rl8eV43N7OuA1f#jO~j^vb!4xV`5UtYX)#u=A1
zZRx^BR*z~>9{sQ|5VrIJPZV?BYQOYFJkfhz|4gp-f(ayyttBL(!T{JHKDm$__Q6lt
zzV}S%ZoIa<TdpmN<8nVX2pr5vN#5+YgyWW)Dbq4-xO|8hN|7S+cTUDrw1jR}4R{5=
zO?07HFx!fU-MLaghNi!pp`Lu1n_&L(C`~t{!^gtob`F(<hUOAxgfB-3*TztW`+V_{
zh@RSN{)@=rU;!%h;V1IpHr7*tD-h;PW}@!!OYg(&N<uixxo*`^ZD-na4mNQ#lXyip
zOqLTsGZ1|;Fs*@_U)gTZ;m9E3mDA5M@^!UNMT%JBR}x~XFX7Kf9bD0=&zk}uMT|GF
z74<s8<RNhuDfv5OGWjMf$O?cL{>vWn@Hg}n#^>XTGr@}x06D<^!qw51Z)TCaNKx1{
zH<bD_hMmPY6|Nh)p<CGkzSlsq(LvJ>6l(6PcEf43lwf<!XJXS3H=#;28|o(qfZojm
z^}#m~@t5?CvwACIH>Tn!(d)AG<v{L6EWfc~ETnho?iN<P9=8xues8P)-|OMjgDkra
zUSBAgHd;rOUg~51q{J<_rWKJfY)n-*+T4cTXzWr9ELpSTuVYZn*$yFFJoxZ23+d;t
zV0_SVZ<OQS^+`|fvyFDbK<q%!(n^V~-i0Mx&yBhF8vjdtoHmk7tZd%)v#m^Qw!`fP
z9WFbAj}1V-?y{3piCEJZ`j&#qDcX&xeNEJHIYA3yx_O|qQsw$EeCX>w2eKr`v*2iP
z`T;+Sj10?b>bCHm9v`5kR?NW+Rw&kLNHO=c>cYMQ>_qffPqB2`U=`Cb%<Jn5<q+2*
zcCo~&n@YS(Nh&;1HD+%<zjXyHZ*tG)y=`!=@6!pfEHV`l%93c3EC>q^yfvsUZSae0
z^!<=$^FkS%(lP#KrGNk8J;HNW_bpaea*uZ@!%yz)?b*hF?~9b-pPaY>?F-Jhgmei?
z(EaTaGck?czy-XxmZps&4BcsnS~EX+^eQro9`$inQbewpgc4cVUX|%t7CF7)Wz(Gm
zFuqm;!p%}bU~Ak&TLP=-CtDUwRrC`BxKB~TEJ<Y$ER5`~|7qcx%Yygx@pR!^eR`(%
z<H3TtI)4@9f}VRc4a%pV{cZMpJY-m@ZN^A3R@}-CXn>w~b&mtt=qAmm4TD`B1|*Q2
zKM9sopAr~4cS+J>z#uk>Z^c5z1bMonTrZcyLLqC&%rS{uF>vS$g!lsN*%j@KfvqeO
zzwv5{>G8r#+2Ti7mGDTxUK&AFkAu@2*L=N<%P9ht?&JM7e=kC8bJeY9l3I~*a(=g?
zM$*SHy2d2+%y{ZrN@$q>#zNVQg=0mc)uDN$7Nf(X23k^-m!s*JlcB|ZMJIwzv^7oW
zZ}tFg%i7c1D8~P^_<8t&J+Mp@U;C<rl>iBd@?b)Vq`&(3rW!Iy!s61Yvbcth7dw-_
zLd@+$h`04XG}4C!YvBSp@|&-w<hgrVX)k+@+j9C-_J|ydwO)>UsrJ~o1uLiJn{Efa
zSBy|V)t%n20;JPA)3~_ua6#v2u#(xoTSUZCp?nEEXhnj?vn;aAC}JR(*RQf8wlhD&
z`_qF!xj46mjde!+wjKYS)%OK2<jR$1>>T%579#L(oa{*MYo|bqDe_328r~r0Hg<>C
z0<TOxYzQ&$9m$r~>}3o$&mFE{cKG~#Ncm*G?tN8KQ}87n-8_`1MToV#bb0(llfIGN
z5<7!{ys?9Vs&)Idc{ijdVwlv854!D1_vcp@&+$E5w#4th=vbG)tFTUt$dtx-yc1S0
zmM@f@J=hK#LHz1~zK`pX$&f{q#Et1|{&>Nns;YP6#0DV2YAyPVMgs$hcwQ*+il(J`
z+>btbGND?7pSmsPC`Zy5A{E1Pz$CM!8<qrY#<t5PGhHH8EN6V#s_1_Hj#CU>Pa9kw
z6qUVx-micP&5h985X55(@8g(iYv`khm}X76P*jghSeO9{Sp5h!3?-?~?r-B_LEsQA
zItM7$0?Eg~U0VP!SZ`0KXf8YV=&^WjJJJ-ng>x9%rJMjW%?=WQdZ$K$!^LI)j!0e`
z;Y1g47d5U>8VtO@$mfYpaz}he0KoFjr8x|oxNpYx?~({{T;UY~I3z-i5fTHpuu?~|
zd9{V_&!ORvr5;;XXmC0CNmtYw+9KohLPxlUmfGGo)zN6Tf}`sB5X_~+k#L;UD=OK3
zR1{y5grzd}hNQLIojoEsH!LyDnG|-XQZFVqvo_?@&mas{TQIh=x7nkc8ER-IY?;t6
zv9}OKj+v1=D^mVDibv3O_R^9}L%T{?Ap5szw7HlE+0SKmQa6%!6W3{m7Io=rvpL6^
z@7WXjw0D_&!-w7lxznJI(+t6SRI}oUH4gFMuyy7;wiXFYV8sC5WIrBJm>Sz>-}H^|
zTCWkosUYjxSZ?N8b3#j%#T*6K<19ogQ%W~gbVRO{M52GNb)8L?X$tD+CF(d>+tWtc
zh~_TC>_m6f4=>44lz=s{J4^<SG`gZv`Qz$Ed#HcZE6e_mmJj2kv_-W6EOH%XF?F$6
zs33#15yj2&J`IERuooZvvAp;0hP%q>8K(30T)(Ke6(SzH+&d&zWtjD_0W6zzq=*oN
zg$?w#{wMx}C+W4Iv_k!>j|zV6kuFN(LZNo|aSX0Ik1)ch->f@5|J($aGV%)Kl~k%A
z53HK7TW`qo{L->q33(;)BY}$P6BkhpK9fg{4_XhR_>Ybtp@uzjWSy_3X|dEO@z-Ah
zgOeXL1ur)IL^UglSOsyv{PlrPAEDxs#;hV4>DISLo|K9_ll|$+Hj<*A=CiWC@Gpu`
z!@t$J^=4cxN?*pmXz{Zl4Ke6oZk#oxl<S8l6Bq-XEOs%7gnrj!Ns9)C!`AN;NOe9J
zEk{%BxZKQEuD5lX3L9}3l35fB%a95}hq&7b!AHyMN426Ruzt*JA`bjf30a|t!v^q+
z?Mbl{RDGtb5%2<P4sOHquBwBOc_K%|VE%5x&+c~!m&hWH;G;RlKyC2EJ(lD_$E$7>
z&UAi#J;c=~Pj&pSAvp|}`;4c}+vQBPztUY3b?A7Mm<`B5_sidD>tRC9dA*2N^2@kE
zha)}aM;v5EmtCCLT6iUcbn-Km*(H#6@_CA4+W2g4rgq4t?7f_2LXRbH`ncm?)Dkko
zB}~V9C6&`t>XE4Xn~0&&oy`)`*^<@B3Lwj6z^6_H3Gjw$eS9)9W?y!P<+?Tdu}_jO
zKI*_!b5<Ka;x9UHa2_7FipKMo6D_a7dBeo2d0$l9psNs5HC+*1m54^$8$)kVFZ+9Y
z+!4gY=Ge?!QI)h(6Dk1^IvcM<K_3%r1e|iOoU`W9K30EJ(y56rb-`iPpHAp8?n3u3
zWX7|ui_}_M{+{!kfcCV|rD)HcCTC%INevjGhZm=WQ-U-Cq@@*>ubKdJ|I&=e(z22+
zr<ff0Yjq%-`p`fXnpzEQD}cI~V!^!Fl=`(c%$HX1ex&JShp}+OZE}CfT{Lfatb*BO
zH!HHPJRSi18fgvKmGf05`ZodIX6Gd?_-#RGsinr1tMW|vSh!(cY`Bq<5c)wPFtgA<
zZ^!qmGs~ggFVaRzq}1<U)fIT}mMXA*m18w~PqJo{xA>QBQbvtChj*o|+$_q?5*zTF
zIyixnz&FvSV`|!+FAniQ_+eLn(VOkR5_nm$`Oo>PISjYdY$0^OWWEOJn>Krh3K-^e
z=s#<wdj6=tVwUd$n|HeJF#k+wgOX=$l^Fevw>%Jzh|ZCY))2=UBS55iN#l$>eA?l3
zQOFucjbmZsN`^tlGA<HFAXQ*o8&0&7Rs&@(lKrDlqJQfL!QO#fSu@rUZdCb4`swzO
zqYKofi4R25xe%<QJW@}?#pGBS=Kwo?KPXjT*(%`^6RU4|Z7IcH`okbpViQATMi<`i
zggly|q*&Zxe1vB?1tO=mp=PJ`y5u1phIGuZAyCPzdFL+b%kpD(X6On}-Y~z+Sr-Wq
zRz{q4H>~_<x4Hc?WL$}Ak*}xc<Es$I9UVukqEzn-_>WR5F8cOkhPTNg5?_}q%#2<G
z;`Cy~mct9myr-vX-+%yXN&g2pIS!M%k?wqXrk&PgGdvNUsWC+}jjzp>+zS^rWx;)B
z28PO^yID%L*i`zR9LS_%zPEqo^C^zIeRDwC?-GQk;u!cP&JMv9=k`7_rrJl4&|$-L
z1l_(8E(fQLziXm~vii*YA+(=#p>A_&`Y6-aZ2BVGL?nkPDT<%Ch4Ub>w1JZ$cLk<2
zM3OLTr-`wCz|sn%(0|ts`55ZACN@F*&O)?NtQB+gc8lmI+T-6R?8ZugUKQExs1)zv
z`MIK{y@`YDQs&htLzd{Z%_j(LuiBwtB2VUy`FtRYl7&J5=4Rkk=kHwG;j1UMAkeEZ
z7Y$*A0Bn~$F77iLA)j6h2oHywso%yI%iwm+Rd+?M&2Bgo5R&cH8-p9iTFO!Y!et#2
zEhFB}hgWxbxvwT4OUr9H74X2$M;<|Qwuk0rx=IBpjQ*OY5ljyZ3zDn%3StW+Aua52
zKZ<81{^LGI{?pz$s`5-i*wR7L-NKY5Uyk-HD`~`svZwJz;dsJ>qLLa-!yJ!MWjklb
z`g#Gy+g!(%ch_z}<;V;&;|}uh$BWB{xV6RL)z`PvB@+mGXfKI>BK95iCaVm^HyC%`
zJ9pn(8A=Gr{6H!q05<e!)19sNXC-aemT^W2+2$Ow6R=@~rkCS!9@c%d^~Xo|<wQSi
zwDU24D}sgn{99zuY7Pb`{2_n5bv3khE8g|6PKYf%9S92mTg`=Rv2Tkf7>tl9k4mEk
zC1l7VJsx2oD4FNING4(2_GNhTWewMrh%6ZRB=a~nEACbo(VjW9g=JHm5v^Mh$R7Xi
zFS_tp9uM7bLbl2qT%H!$t1buIk48D~US)s~lBc28RY7M{jZT>!@ga+ic!A=dRqq4t
zMWUq)49%lDhW%{HW7rd5E;h&o4p3V)Hp(j2h#QQ<IzMD41Qg{Skl{3@l0ZHx7Fb1A
zSxKj<h&N*`h!sgrypp1cU9-j$<t%)I_;u7B4{tU+gKOjldq@)o(Si;i2QS1!QQA=L
z>NQdFNtwXM!UZ|~8AFjd5yT-Q(WJwp(9vB|7+W1v`7o2yj}RG$kdC>_5Iz9d*q0sF
zq~fN&f<O?zmy-{Tcop;cT^!aahBH<DVx>nUFCpErB+)O=x~;wA_0aMe@a27Hq5ks8
z_~VqHRN2huwuRMoQsO8r5`f2~@Fr*l9nXh6C|0^0(xS--OZ&JTyHePfmPE~0wI|DD
zYnae41AG1F?(5JJ-^4cr8s2_9NeKnAx*>6B-F2xsrU42hb}cAV(lyyC1Ug0WemV&)
ztg<`{Zs{iY^zW+J*k`cIJ3s#9gSlHU_nz7D<cO)eW7-I!$CX@m$7oJXU6G_qq2rn8
z63ELd{w3c}7h<cX2p~rI09M8n2f#-L2k{%a6p<@;QU>NXS0w5t=s^wu8!ZdM<Sre7
zG(gNSvD7@n%ym-4se+naFSoBeItUN9_KB>g_apl0rNz0Z8bnxO^-s;4U6Qetnac%x
z)0Cx4m203F{xcj#N*NH!FBeeO+P*)u<NnZ|o3&M$6>VaiTIPZ^`8N=^GQ9#x;o9yX
z;`$g&T^iA?sFLC_^9sYIaTF)T6uR&oD|r(3Wk6=LupZw8U3|`p`MT~^iRJ?EL^>Z7
z#?E|)GWjO7@v)mA!vfz}Ys-t+uyJzea;#qI=mAPgMIgKjzk6%2P#a9|)(spTw2M=*
zC3y55PXkTI;x{u?0{xhcEuP`OPcq87AppRt8nSPdTf+iUhWtu7L<~6|cvg}e8$*Or
zhIvyhZS)P@9L00H0>R#9KOZ}MYxyZT@$&o2w5Evv*N5=?d~9R~pK~UsT$_ta7`_IJ
z0NUMdcCH_}4Hh17urjb}^NuW38GOi2ecP~_73AgAYCG7POvK1y|HRvfIh~%>ahB8N
z9s1*Lx;~_(tES@G6XOZBZU>B0E}enE1Zq@n33+*WQAqJWIqHh($_<f@e4GW5Xe&GX
z*C;hk59CeMjAcG^5owk~_gz|7iYJ&mx>p;9da^&2Jwy1T!psHAmOHXO--q}=0bTVv
zGwS0@q!deol}MpD2_0G_CN8fK8d_|F<$6C?IO>n{hAHye$+}y)E+Eu+pKP<E1ZHbP
zAKv|c0HHu$zckcz3>B-4vQhSS;S*{cNi6{obMm&3&=N2$1BRtTWvX-hOa)azn3){$
zmIjb%!W<nvN43&<wuD_uuhBs7>g0JvqjdMqS6(^MvMga|N*+WM!9j%sn<q9yA%+DF
z^RXne2%B@8plKSGH1^@x&SRi(hF5pL3e(V$qbXQqfk8o1OL*KV8YO6o3I+uws|2o^
zxb?X_lwQ{W03ZNKL_t&^U~aM(f7<*wih2=8G#`epbSIwJ@+7W!@RQKeF$`5k(3R-G
zx*h9~&|)yTiLz;rClEnl3No<_EaE7cC2($m0K^mxDJ>0y3~<iz)nh)7w|1X|k34ia
zo-e$B4PzT{>$5*Vxmd#1k!?t%V$cm8CEd+~L1P-yS`rFVoH?Kf5S;m_0*hOSD{<%K
zL^N-0YDOsCfL^G{TgDJ?Zvr<>R7S@?-rbs<2Jpo_KP<k|vAXFzZshOY`O-_vdzLOm
zrnMQCxa$bfK9YBbBY%=?O?fc{Se5}&IJ(oFXiK$W{kHWOEsWuW`N!jodH;Y$r2(H^
z`+4ZG3OI3;jj}UmDoAT7aMOZrRsaAcqXbho!Qu=SOq3ixD2ySgB@t8O;GCmumSJ!M
z_J^i@?h@>su(Db9=ATr|j^kvft5_9)7~-0Sq?+<J0ujI@*e8-+4(eW##j0cL$5qAF
z<Y20TL{}@g#bJ$2ex>W;Om6VD!nfN$xqI#QueYDyLlbwT>4ka4&SgNV9x$UmE)tsP
z{bve1TLy>}DCuqx6bx^D9Ezf#srMKp`}<%R1byrG5l^H5O9ycs1Oj6kn3@DJ1>mN=
zgGKf{%9NPB!)290+yGM(ATj}N+c->33C^+wGRpv2c72!%rX}roZh@?#?E)xq5U&8-
za`I2WS(OJ_CCA<&yDT*Ua00hVAj_~1Xecp2NkaT~fbSd$ymS2rFHZI=#Qh4<C#hv4
z+flYNwI|Vm9&W|6l)G{K#<t1kD@T3~93V#u0O+Al-ooDbAIR;rz6w*%b}a0HqNyO$
z{UD`KDX-oBPicWj7_e?wQdRJ~jl+2O#ch}_SMc5Qj>Xw;nU9~X+l0^j>NzylrLnZ9
z1@B(ci47yuIBih}CQAmM+&Yfso%J}ZrxDqNidP1w@Z{Dpn4}<Aw(!dr22if(C?bxo
zY#dA5>#$>@fLz7G+ZT4jus9yxIE1mHiJ=0+uU;C&c%h66i=(eGg@vtYygr-<0eIWO
zHcS+C{C49o%DUlszo#y2!NKiWJhyWK<HZW*w`8zoWE$JXi%=B*GZ?<oBWKY^L|p11
z*h}SHj(5(>h89w0@}yw%K#gliH**xN#8S@9JK0<R{T%w^=Qi*9Ug_%252Tbmo3?+F
zTa@frJm1OI$CikLTb4Z`0(gAepYX{)T!lls55*7PeJeWZI<Ppi5Kj+1jmC5%R<<6F
zgPRv)q%e%9_N+s`l7qrj0KoAb$6{`_7cY&zjDlH2ccu%Qr?$f26&&7qD01aIHch<&
z4&ac+gV7jo#Kwt@7%7e7!EFzrP??6QnV4VKkFHcFHcf6uS6wGMGoASDwueECaAMbS
zSkSltJEwNxslm0#={fY)_hLb|AG`9qkvFID?zzW7w{$$R;}KZkc-P$1(HN`8(|guq
zdwx4KRYTb*<B;a1IHF@EN@fXbcRhve`5kCUwc@b$<uEJ*TPC*Pt-U9rJ=KnN1M9G9
zVl!4WFT<&G-;Sna6Bg9Z$BA9XW8>88NNGu&(tk4M)X%|0X#!90T8EM12sA~Nhl4N_
z07NhNxhKUe6IwQdgxLnm8alz4)^Bh9Q2K(=duX`#q~4EPOU7t$!{&=DlhoD)bDW_l
z@YYpM5GQfBE))v&k6ifMFK#}ZI4sMbfPeAwFL1-tH=?z^4gav<-T1_DAIH(%N8!xg
zf5dlQyA@?kK}V_`$Mhb9hIl<*9C-;Zj=cm$QNW2~Y16@2-ntAiC5BhWUc*acFJt4x
zMoi`=v0EPiQyKE5Jm%H+;i%5HU|OHX3nMS0yRHW&H}UHDYiLO}<LI^p7|0D`+A84q
z?qi^vCjPYRPnas_JO@kcTgkB%<HX4}TImHA;ldMlXpt`B_?KG;vN+<64Iq<)n<MYZ
z^cdf5xV+(``FrzIedlFAq*KM({mSd_<rbl#w;lIw`87`HJ{BkR9*=up`!${&eHKT~
zI|A8Q78@sCM^8gH4sJRaZ%n*_XNI1|K}`qYh_=HpQJ%z;d!9m(7to*WM_0NNn<h3P
z8B5|V9Y<okG=V4gti?oS0-P+beik>8t4yIg)s16%k3wCn4lj(nh!@9RMqG_yY13jf
z#vAeK=xgYz@4)ib71%tn8BYwX#e$~!IJ)yF<SThRKJX`0%!=c5#qrkelhI$_kL^?2
zv3Bq&<oFc&vU4%7ejc_@?LdWBaD4x9C>kX^y7N&Gw{UXL2{^jrD8!hCqgsyuo8%ZM
z?7`ytg;>_Q6!r0XY@XPPrv{#eMHY@~I}&g0IT_h_7Kb!0!3iD5V7xGf|Jw8brph^}
zF%_k90rjygPV7Any$y3QS(?N%gU@2e)J|k#DXeH&hQ@dUULJlGbDQU2dHZs_F}exs
z2cChd5EMl|2IUV20&zmTwF#EVQ8vad>OMI=-MhN?b31=h9_V^s)A^Oj(oc51_}VF)
zbJTaXf-FlKfAX;>`(A~Lo%x-3bk}1zW8pvH$c~k`f5(5JOl2%@J_IpE!`kgn;rZd`
zk!jB0n9ifoU*CuAx$RiD=NaTGIdr7kv9jfGjFv_*txw~~&Li>co@emXo~N);*@#h$
zVtLC_ENff}0MNOCzRtPWV-4ZSp|wc!6ml#N;)Hy03cYo`IK1sJG$)&|GrtS#hSoy`
z!;!6rV^Py0FaR$Ozl@j1UPeMo;OO?FaD3-+sEgNOMe{O@8lxD~$MEp>hhZ8fEX{;o
zv5!n2-F74vH!p%=8u;_@OV~KR0ji>*E|$Te?aN_V7B-D<!pU<^Kzq6!&kQ_^O_Q6E
z&=L}F!#Y>yZREmxm2>|b_Q#$Q?JclO4$GSOLf41W(|cYmeVrboSLb{%eQt3qfBTL<
zzp}Dt*}<r5X$0q1NVgDVXW7F!VDNi8k^v*!vMgAp3By^4x@FyWaqqVKaK+Id!@r(<
zHI}t3MH3pawYUw9iAJ2#eG>ZX`>=U(3)T&-M^P_$P7i@VmW5KKjFg(jNu9@Ie#3n1
z$nC(>d)A?#Pb03z(VOYU@|I<2Nwr{CZnqOx1c;E)(m1~R81&W8#bjj)>ju|jPjL?n
z%fS3bTNf|_)(x!38&jK+j@b(y-ux8AK(d#r>*PpmYw6=4w!+0N3yR8+>}UnIOwAh0
z-O&Bvy3)Y+rhn9T)$o(UH?*DKU`_rsQF(DeWzJF{l?8aMovB*R6akh6SOyqb&@0mz
zd-m%{>e~@N`fAi4bQX|37$uz{&L)A>Txcza14;tM*o&a)O<;-&0-)9}h0?GHi~wWu
zWl(-I)VldVq6t>+4JgT0s7=dZ6$W69t%t&Fr;4}%CA%1E!(xD`FsEJz&%Fu-1jMpX
zn+^xJOz`Qgh_xOG#M@wuzW@}sf<Xai3bdvpq0}z`Svrid7hz3r2XP%rW-el_M*vJg
zdH6Y4`K^xg2Oqb9166%@O4f-%lR9J}M`F!kF$KF59q1t|lSTf!qc?SwTdx?p|A0AC
z|Btovj+2`@`~6qaXf$nSXM451?#6(7$Cw^!2nm4%FfD}=N+2W<0wI(T2qgqU4J{N?
zObwXcY~$X0FT3kq+uO@jjiht#ADW$=U7Ngl@4fT+Xh)+XX{GZ!&vTxB0OV)Ce_T2F
z-cWagbDtswWg`b>7QxDScyffY+!x6i<vlW3e{E7og|zA?>G9%ZG-6vS#H5dWe?Ir0
zJBi^%K{o8~WX6yZp8s|`!b~yeXVcIS_;d{+6`ozPo9o_Q&%~;7=3Oy^#*R4CANqo0
z2UYUa`QzE%)Qv4*OjQJcch}YP(|;{z%E%JtTr!1KwJn_R=-2$<*dg3~#*wUR=)kXg
zIHEiZz&{u5<hr-kqIx_$aQ4w$b?h*7RiQ1GB5FDeDDd;(C+qpcyiMc<{ka{`^Rm4v
zX20Xv{p>X|+dqBp!(p!b51&k#b1mS(UnEG9H%Zvm&A^oa2VY3uUiR}~e$%eHYo$~v
z8&!i4f}U_CAw(uDEc4G)iRM=cg@gFK?mO;j-Hk_T+%Wb!emLwLJkkRStZrVzAHKbv
zX0w^wrv8C*hyM^2mG)#iX(vrdpoF^?-a}KWiN|I=!ny++xZ?9G5xV61G1oDvYy#JO
zavj}zlo!r;mK|+7xoF-c{AkEITrlz{tZQ1&go^PrbT+bV&oXYD@oT<6<ohU@T$Hcs
zzUKOGZe(iFB<`I4M|O7X#*q%Ai;n<c-mZ`FXdX@*{5=46weRAZ&#q%@_jaxwe>J}v
z|0_b88ydB@yO!%d`!xwC!J{WUg6&xB?W$#b**H9!hdmv8x$dLuxqjTWj4vM#z`0|8
z#Q3Ul-16D2TsQMNrdLlzIucFOcyRthJig{hBEd+X+?ntG<Vf1NM;(ElAHpvrg631`
zwtorSyKmt>6S%tk@<8!{?Yn-As!&{0<%Z_wEN<63QOVpQN4Uy=FGrKvV?CGV2zI!6
zVIpJwhm42HXA|>Ad4B8j98orsAC5YQN#zqsuQ8c8U;=-haTg;BMj#zYQY3kN%~L$R
z@fofje<fEO^$P-800o7uEnB&8-o;!r<3cVReF4v|evW%q-pgr2Pvy@u?xHeOi4cN@
zSR=*$Vh(ie=iGn)gvnJCxOe8C+0_sCPj-IFtqX4>t)%-XvWK0FbGyHvz;d|gg=}B;
zoR+&3Ur&1<7!Rja^<XRU7DNyNk}b`%eNk%x@Lb(%(N5(&Wp-(vTGqIE`*A{*1j`Fi
zGI^jvm8c$ttB<~tF-1qSv1KDeB14Jz@@Y?X@X4M}IktKx1H%K5QZi@rYuvZ;uYCWg
zGq_;XPubkEg#urM>TopxU)FxbZx;NPbjBkkr68K@=J=}PxO3Va3=R)Q3Q0mFd3eR&
zczN5aTr=xxrj}1(&A~McEf`9Xzlf+A<((bxaZL3Lh8GM2;Ek<wxns$l6a@>pXZl^7
zH1I@(aPwh5-SZhY%)g15!;azBskgADWg8w<V^r}-0AAhn8vow$Z|<0Sd)BLU&xv>P
zuQf06S?w1*ecBV~=x&~(3a@W^lP6a{#qCpXWng#!0Kb}X6_e^G@XqG<xa)g&vbJ$8
z7r%2UgGvT*-wF3JrD}2(k9}SHxbv&K`Eu`9{O0r<m{K*FRSl~dQ8JvOKoN;_f;+#w
zo4H%wBIpaEWQn>Twhl;D!B<j%l#*0a`;BQ&*Ehh22VU;jSNzk!Plc2GX5YFkqX$kn
zicnDmJ7@9FK4qS>w5(v;7K<8|aL(`_Fs^JY5j9Mk)6T?_2>^Vy^K(49hrdj}hZCxg
zca!!N$>+6Sa`VF9Gqh|7f1mX*^_}%7Dh!DX;rfqn;D_VRVdj8ixaO1VIAQP!oIdz8
z08SWo98(5P=9aH+<&tr;8C!ZZSATpRpYH#Z3y-*fn<oB-ieNba2{XaD@BM`1htA^H
z<E}?I4t}qns1@bjrT4M)z%uTf`bP?U?%e#lV{T&HuCYA6`U##t>z^dkNq+L~MWh{*
zduHCrS;No7laUp=%r2f;{Ve}j^*94cs(A3Y`_WaM?X5eQR5=k{(`o2#<mwN9#g>k3
z1ogmo2<ZQTZV#o-@1R*gRS1+9yYJo9{-?5`zAu4Q4bLYwS6mXjDCxw$s9(3GdeFq9
z@P&hJ6i5#L?@^j0WaXt^ew_ORy^2(yFl)!b(Rz6?9*G|E5DJC>XzFgJv9polf+Fsj
zemBQg&q4};RN$lCAM?9~H)CeJzDP)#aYFt)?wa~1PObSKicpY><g2=``R#(6DG!$N
z!b#5(*1~A2hOX%>*tdY+%>NyJUw{W^-Or@biAcxwT0gw(5guIoFc%*^n?Fpwg<@YZ
zQc7A=ZQQx=E<UUKf}j!T%X9mCrg|XguT*`PuF}(=xjgv4k)Lut!U0qje|Z@KjAT>S
zeR)4MzKXtK)|KAWvUJPc1(ywRIzIF`8zXkjIPiL1h3Jq6lKl?#e`uLe!g@{TAp;@-
zFNWWhN6ha1IPq4r%9HUP@mr*?3?U@m!7*Z+9zpE?2;Y%6pbz)~j`V<{ArCGgvFc_D
zkG>GC^jNHpt!RNtG=C9DL1OPaSX=*&M^n&;UxiWgBcv8U0){Y2?EN?C%@5)6mSG(I
zM<hCS*G}}Jv8bAk7H_0$>2L9*>hO=d9dE^n*g^$GBUSe~vE{!dGW`1l$NUbwMMxp>
z4eOw7_5E1;ze3Z48KtSm1tD`pVHY$ha+gBr!8A8#l5AW5o;~~lGU)*hwyLquTftCO
z6!}uozb?Nsf4+L?>Hqg1<@7tNklHNOtKtg>u^oYMgeznVfs@&U5I8+;PG&!ItY@=r
z*K*yn3CFE0rXkU!%tqF#nTjte5?xUU`E+U`27mu(CGW4^O+1z6_PI-#`Nz4O_TWc!
z#7(Z6IgBwSK9VWZ4Y5-t(o7;9fu^bqEebMc{#tH%{aYL<`O(;FMi=OqsT5vKA)rY_
zDv6p2Eg4ea=ka+<x$phu0Gv0jnleLj;;=%lJ8n41q{*-T`3Zk|b0LL(51Oi?Iu_DO
zgCpEnS;y)3o!J*o=2*{u|8oUWI60f>J>PLa2=}`GX>;6brO5d|m_6lXsQh_&gd@dd
z-RH-jA4J$T!gg_Sznx6EWtXUr88m~ZPkoa6XWok{6rNx5A`9vlaQ?_2bN-0)SiXBX
z$2@T?k1YN>lgcM@*1$8FQ9PaVhM!9;5#yE*Zsn;(PZKdBXsQO5#IYPass~+qu*@`$
zZDFWhG*v^S9fa+M&UvL5Ct;yVxBAe8(s8`A`duEG{|K{3UdTB^f55wI-(}h((|L96
ztDG|UWX>LN7Kx-=@o!MxK;|xclSdak2EbXv&cNz6xn}OQG<G#ItZ*1(BV!nsKZcto
z{f73=Hct4*NnG{z)eMf*@ayr{qNg<!1&V{k)Hl{~?VHz9*Ivhvg25bLc^pqJe3JDI
z>jC(D;}_ia{_V`FK9*U7X0mDDW=?tZdz}01k6F5FDFMZgv}Nz+NTe+ezghi{x#wa_
zu!LLg+)<E1W@8G<e-@r1kfV)25MMBeV_O+KbFs~Q_uy^k9&^uiGRIs?r)%x(`4&B!
zW8*lz<3vG05ekOlMe)F<w#|T><Xo&3aLc6MGNNDvzkB~?j(vI-ja`jgGww=e70+b$
z$cxA~^10*VKQZf><9KM{!#I|WSJCk(8cxb4Bm?|*;*C^>DtUk1zqxeI<utT65YXMK
zVIpax2n9{ms0k0^ofYqJ?`MC(7B;61JC))7p`?-tu;rnB>-6h)tGEA!)gKRe$T_{o
zWnX;z-}|t*=3*<rb~0Wm1(7C;ZBZz2vQWh!Bb0~kH{3OdGLwfQ-RnKLLXB!^{PCkZ
zSha68g}wsL9ri<BT=XLUT>31EqHtQxsT3#?9LGjgR0f3x^6a<IaqCBapd;DA$u%c2
ztK?YXNw-LW>6nB)VQ!uBdul>8T>s9mIpNt8X^XdU<HTPx#8*SwO5;&I1Z05QKDeDl
zdl!>u<S~2H1-!QOHU7TfQ2@@YIh_)UxM;+MoIL0x=B#*)X@8r}TN~fzjA5s9X4Pq=
zl1WrWWpI8CuPu9>hrWIYfOCeOjb^Gm@XZ6nP1lP4_%~1R?wa?o%rt-d>TjI(^y!@Y
z(s>;0I>_v!E@XIc7!Q5@Fm-Kp0KB>4P5%1n12}dj%-B}ZER|cP|BfkDlbOF|K0kTp
z0{*%1Sq9_};7`Z@k!qs~+qTd(ov@O}EpPmu&o+HVz#HJ~5ocjII(FJR%$Vqlt+WKf
zmN=HgNo5zKK@BOV2t_UN=jY=wbZpDY(5FkI(&<OP8Cvw9vA$^?4c!e?N2;j_4kBO8
zXMEW>;;A^_)_=<{#{G;F2b{ngtKMY#KW6aurgu4Q$f<m<@)Y99IJ)X#XyFiA+FN<x
z%Lm!hx`&V_gs$p%Y!9!jd4&bL767oOehq(^cN;qo?jYigU}!!P@fagRBe-MQ?NkKI
zd1d*lTsr46{`$=Wn8_sjTI>1!yx(*DGbeK6yqgFcVXhi;B_st8E&LlT(G~#ywd5t9
zT=*2&5cCA`seV$i1eY8!n{!6|fPF3d_~oltaK}e?U?>JRO}mjP#gm97+_2$7e<4lH
z2f6n3>!@w3r8->2NmVD3PNdvE{NK{;|HzN~@?@Fe$-=>L@MfiH+skP}QS$?ld{mEy
zlZ&mB%acVPd~@4e{%g6RzqZrMpL5$BS8f2fcIq{}apoMZ9(x75n|Jfbw~x?fw(+a6
zS98LE<9KP=OH6xoIv;MG$JxWb&xz$H63fuKkPfMIip!3;gfj-8&O2+~VcOrP^V+)C
z`QG4DID5cZL}T4NxAb{_@Zvd~@#2}RX<WncgN|oP;bdl(OlL;LboMsy<&0;~;>WL^
z$2Z%*W=z3R+%f$&bfI(ZbLVpIOFt&)3Gmy=zad}dkxrR?vFYF6mdN(8yD$4;_#N0D
zvVF&Vdsu8GiqmsXiIhs(BNPF!>X`|i>M&=hn(B7~1#WRY$3_tXML6yzGv7{T6Ap^7
zv+X#xt3c(*Z$jAU-XO)3Zy_-C3A~l3(7AsD?HisYkXMRv<ZrRH2s=NzhPr>BhY%LV
zu*<Q+Q}7P_0gmEl&lkUA&%0;SzUdXDP>|>-st4Os%&rB0rD4fK2*<`(b1tU01`3bC
z7&@C&%4F9Uf28({n@K0T@ee&8r}z}icoaqTq8a&gv^KHpvzswH>(GN$i11|6#&C@4
zGf0~zTi^dB+uu2t<_&XDL&FJ;xfx4%S^wt6Y<=fKPz~}%UxP_L!b<hZCU%dUB64`2
z$dOh09kZpYOE@{#^q*@p$K_!*dcJK31PI}zyJCLl|C=JE%=&XRDgPYR7dX9SSOvkd
z0)*rAQI3QoGOp~*CIpV?dybP)pn6_V^qg-yIJT=`*|w8ixK;=Ww!pTWY%aq+@2%j*
zmzOhddk1S8qa26}esS6)Za8BSenUr7RjLCTPRi92te%d|SOu2v+|L8^Hu2cEb?j}4
zfufSHgPnF=uy#iIacuYePuK0?$&WVi<l;J7V<`-eMu85;4R)<fZ!g=%Q=e_-iLZ9?
z?&`hnJ%j^&1X4SzjAWUiV}EyB4%3vjgLHZ~A#xb3<7B)=eU;kmZ%4YDaARE4T}hG$
zQ;2BW8e-8$0SYb+jJB}m8e#v`$|HvnDv98vGfX%~;C37*tKk>;3pjbeNz{aESif&Q
z4=s5Jd<w@_&jj4urV~aVPi0{x0252cb9}{d0Q`I7zj<!svplu=DZZ)w1^~ygGi95>
z7FK4G6WGGav^!b+9AWpt^TUnvxaxzed4KQw%&3{38L)8D(I*iJ6=eSZ1eA>0xVnBd
z|5*7ruWfscu2dJo5j?r{DW2W*EUOw<0T5Jz99uCHP1R^iv@w17G)4~?jYM)(*-=E4
z2$o|JPsMp`(LZ>8!wY;{y9j`MJ<O*&K4EL?RsfdOE#r+%uhST70N{wKQCvRja#Wwn
zx|Vfr5ei$l_}UKAa=u%j@2_Mzu0RC}$<}US2U|&ZSYLJ>kS_t0{4DPn2j?wcVQ6&a
zQN!^^f;eeA!(4JE<Xodhc1&8XVq`lx?Y65p^^94^z1Fr}1<J8(Y^%2<w-f@$wy|xC
zbUKaS;{zaO#u*YC!qFv15lu#^Dy-!A(Z}Q95Hvyz@(-l3!|ktg$Nz}qMjpqy&UJKK
zU0G{V%1SacG=z~wBk7EH^0$S5<E=e&d3?n`vY~lB^arr2ZZ(fCdz6>9yhLMHBZ{Js
zr-Tq``%uBCXM(n*J4yG$g4~JJ5-w&=&N+^Y6_)6Wt^FO?I)|Ci9S7;SVZe!|4&qI1
zq`RHh?0w0%0g5iqI~zs35-KXJsXA&H-hdy+w0bStB4d@#gyOxq{tf=M^+o14%m-j;
z?NXjx`y_Agew(C~bo2kD4=WSb|L=_-@YMRJcxmTLd{gUQGctcfHk{kEOpeGO!Ki|f
zbf!8PSTc~~jyR6AOq1u!V_0w~Nz=_Ed~MC^JhSl`KCAuA#bVzY9$)!5bGFZ+E7gUn
zC{!C&98=-aujWxXW$el11@ZtGTRaxWbos-#yT0Yo6_4@C)>molZX{%cNTd?Hwe4-<
zb^=E@%-uMbWvxru*0z;~L?g4O&*oRhT}_@p4@Ffd@Z|H(*0*VhHUjX)_AhvM$2$ns
zeYZq9#=uZD(+5n$veG>G#e=-R>pdP>@(8<Hb}_JUAfpRL6HmnfcyY;#Jiqce-roEU
z0AVAH$MIwpp2N{CLV^SFgKfl{+es(o-`ieGd=60j^T6doi0AUli%Tkx9E!)Q<D{+Z
zIO<Qgy+#pNkvbSZz~Y7_D2l@9qR|`?9!b78pQW`+X-~EBy&)$9pn4QeKKf+x0<M>0
zT=5uW+8r+kI`?zaM>lcb%KO-x+=K3MJwK{c_`3cpRyMB$V0-g+Uflcw&2|%NrYfkJ
zHkny@3}J7WCA*jMr!Vi|^8;V-^7dC~Of;}^|4O_8FV~%T9p{ff4=E)@zCuVVytCtN
z+EQ&UZ{PMIpX~bt)uZ4@H)J@d1~`78JC{7M@JZ%unZrNVKg*Z9zC=?sj;WY|opf_W
zl4g=e7e2;|8(-w>JzoP*U=)BQ5mrB5+e6cbquc&G`MdaW54IAdEr>R@kZA4}c2eHk
z@?zIomnR2qQ6!HPR+s0Mj~a}ssTrR9KV#b?GdNC9yXeQWd%s;}%FbHuM;46W<UuD9
z(nGwo@@3xM`8ERztC>+T4FFx&Ir->Q2>Js6Oeh|YG+lbI9h<P0$IPl@T;`%GoOIMl
zL_)6Ta9YJQ_BQQdWBW$Vo^UodoOlCO1yul4`6_AdXa-<N$q;^i%;oqM3$EAz03ZNK
zL_t)7K324@U~0u=B1VMvL_1>!jb+NvDOkc{aN%I8jVe;9R3F|fY>DVmoN{m@m+#s#
zv+wlf$358E|A8lG?{PS+-D?yn5vEPFp@~FG)U-``N5|aMzHjcFrHxGNeIV>rZ<WOZ
z4Ou?e<;Aw$&!{c>8o?dgHIirKtv<%}9)r4c!$sA|7}Vk^Sm_kas~#g1UqPsRG8knz
zW+w%u!zddv4MZAmcmSp>Bpp3~M^mUAb3P^2WAMe+p-VICwQFAgDoX7uXmu}>Zry;Y
zsyKm>h{z-WTDH7{z3U~6{c}m|c^?H(iYAdvyR}-av`O3gr%~(YU>;lyfY2i(qMb-P
zg%QYS;KYk4F0H}axspK1(I`eCcCv%w>LV#1JPCw_uV4_Cr;@a3x_Uy+CbIhy+jjam
zYJ}q&pG8Ku$kjoFBQwfX-%aNJ7MabF*g`=~n^dRvljw+c?eA9p_`Qb?CjP&K_9>^_
zIRMrBifS0g71fmBFD}3~t$v|<83%Je_i}D>Sg-rJuR9vZmg}{Jz;>M86~={xjFm-o
zS7K#%YaGH64Bg-_XOHEY<A$?nb1lnu)HABoPq@4g>DZ9#P0e^@01{~j`~m!i53{F2
zon>b&Hy~Z&%H)wGZ2^HGx>qM<3H+LZCLId=Zud5J#6kCgZV=5(_U<I<AhQO>9_gl^
z`&J&NE$5i*e@>rIf7dXFi862xD4L4hoh03ABI41FL~AdXYhTz^aA{z)hJ4){^pB|=
zK7?RF9(F2C|Fw05%rKk`E+1|Bn3q=mi^tD<oM}U+aoN;Mcy`0HnRQEGROu)NMh2pw
zu%>PeI}YxoGExD+f!F~wuZpIt#L}@W&Pt~H9pR8lB|*CT?m^k7f21w49`C*Fd+_*G
z%JNGI=<Xyiv1$Ti%8o`NSzo`7T?cleXHo`Jc8Z`sfY0leaTij6B8dd@vqC41B+ugt
z7nPApW{;VTu6bBrx1PPNdyuw3RWxj2qk0q~!ThY!CmcaQ3*gn=zR(qo!cZaaZhV)p
z8s@@@7joIuOPM|SA|CqsA)Z?LG=6VSx#sVH_`7nX6c^i6TQ~96cG6w;!q^`B=jKwg
zsr0ho3@OAL{-RKI<;WrULVg$99tzC~6X{>2O&+c-v!0feWWxV?uE{Q%<tBdTj1$u`
ziN?Ed6pJFGh!X}J55TsATiyI0)j(*HQ-_^~u6jr&ldP#*!=C2d+){fBw;p#ZCk#J<
zNdqQv{*mW#<-e~aWhPySY==B8goZ|Us+(@Bi*O*1xE*)bO;HrrQ<s4>WhV*wg9MF0
zrg(^pm9!*ydfu%+ohmuxdALxF-u6D^c)0r<?jt!gbV%v_Ry2h~OBeCB4(zD&ZfdP^
zZETB-7hmfCz5*}il|~9HM-E0eyrfMN)9NkGk#<aMt9ShoTiWF3g?p=VSxJ0;ABI<V
z6U3#&$x(uv<4t%B4Uevoa*`Q<-ATypJBLt)Mtr)DGl!pnSJg?x6Rhl9Nq4LZ4L2{+
z5@`xTk?gA_?F0dzAHVLy5|*2wkC&kC-fv3v6ed<q#1Rhb>ef-)yf>R~l(Le9e13eo
z;f5JXP#g&9!K@(f(KHkZ*G;{aD<)sT+P!O8wtE?aLp9`==Yt~&X~C>=;L$v8-b`lP
z3L)^}LsxZ@W{OU;lY&qLOQwmLF3-}XC)*dMND~YNvmi>xRj@PbUL1;VhScM29VFVi
zaJrr6+Lxq$FQpX4m*-s$^6~ugB45Rb8dO!qHhaP;bAxI7(rph-qkwH&EUa6=Pez~5
zu>)r^JT?@7FLr!^CDVj5{XDU1BIC=)<4A{f`_@t0Qj03whimF?rqk}AC{lz+(R$}(
zM-Wi`_%cQjujVD+7k1B)*}+DE*A=o4bnhprB#8tfF7NdO_}lj$=9mG;@X7j5*jl@V
zF{MYl<2}Q7HPszAx~5}zye|LGyr<^41uFnr;>`pDK{QRJ)9eJmPz<CcGwWK}C<^2U
z!){n4uF+1W1sMHs;lHF?$#?T(Tx_Lqh&OkVYVXEQ$otw}PuvGka!KATXv$v-s!J&!
zJ`hDpoV1<8k2x$)&gIv=X%Z5dSqDc-naM2?*?S1vL1=cC25)-*Cc?om5C7m{t~~Zi
zmbNXS!|cFN4FIMNn9Ag;$yu6fXx)cLWXjhIiC5_OH8+fZV&w$JmXAdW!P?rjY;D-W
zg`+Rv?o;okuBnc%w|`BUr<C$gIeyK@$6G(*uFvn{qH(jiaNLFbbnH+0^VfgQ=3o^B
z3OH}{kMVlE>}}dhEEU5xEmRw%lDkGowmfS;ymG*hIpAcQWxsR&1Gc$Mxnfs_A3JHA
zcvCyc&Y0;$xuyNB#EWx(^dt53V>Uh*($yPN`BjMGfhfXum8I{9{g%1UbBLUm`R%w$
zn5ub5r(*2+;OCT#I*sD7KWE_dYe_6zk0V`tJ>DSxL8l`%FY&HcMEib{ty^ebbO(83
zuP3ki7}V-xNHxx<Yw7KXOuoBfwh#{Z@Ol&!+2efh;3zJAlWHf=uj4mVRJ#iRflk_T
zd7BUxUJXLQFe({&TJe%@*}(q!e;_paGV+IfkI0bk(Y0kNX4Ey1>i&H4hMt3>>2$Z%
zW2bkJPNneJ?tkd3E99`z94NDu`;@-zy*(@YVtAO3qPPm7qiU#jngLETG7<0Ec2Hh3
z;r`AK;r~Oi3FVYKD@ZGIRG;tI!oj&pRIgIxKC8^x?|p&XyeZk!3Ax8)_H_Ypgj=FH
zOCUmkZTCsE^(YFY(^Qm%xN!0yV#ySjJoX7KDL7;5DEHoulNF#O(p9W7Lb;l8xAs&i
z0dN;B?Mb4h*J1!@nd&2olUZO?0n@T+Y>xskYjib5d0PnN1vq|GW#%5T*P3vM5|vB*
zeYkk`c@J$rl<6P-fYNVQaaUcBB}up1h<L|Vy7pWuH@v!`=#t<lO_8q~dHyjK!)gdd
zLRd*N2hU!H?nu|O(8Kry4$E4W^61h>dF0GTxN7oM%-=JgT`jwqUNxPCyB6}7ukS_C
z6iS1ov?bfP>4cjAm|ioT;!Q=A1<RP6$vu#cByG9{3M#{ulo-YMLw*M44|LmYkyUJw
zAkrc$#As;fLZ_>{ljc}6g9`@p-r9G0a><kUygtf8Wi-b2bN;0BGu@(qCBf<~IEw=^
zE!;I%0Nb{yZ?6YnXVXrud*fQ7c9ha!38s^#D8C3p^WxYJimmjyRyuCzmnL0-q%crK
zPzjRn%jfCEPxJIQPjUV6*YVpkZsx3!XYsFZU&O)5=C&LH?{~=HD4?n;sqQ$5)^@CJ
zdy&1<zRX-{)|XxuoFN@v_ZNh!D~H$M3;D2;W?zLVmu@qRD?9qKlRESkrsz8X^o>7u
z?<b^d9qkdiN<$?aSvZ=(rGvR-?4?YsoJceo<*ik7u?!2-F|mckJ)hjo(tS%P2ow<U
zMTm(grjq88H!o&v$ylB`|7pfojAu;vXc8&c%b`e>=FTQe$D|^^f{9fVXxej-Q-+*^
zrfArX?S|m>j1#H4p&yp)EtlS7>GX&!Q|{aUIm%V<%jWF&o%jxy!g%O~|HUUWX(wB|
zNw#-lcRL>>w{m5CORS^l693tX!V96I{KE1PgYXzSR?@_l7C|+DPjdyMJUxV0(X%wG
z;0ggf*eEDj3%HV5lgG(evjL_InnJ;*2t~nSrdCY_U{}*l3i1ox{zRp*qY+2C>!tm1
z-tDY8xQ2p20YN=PYr2K2yjKCBN)=)D8b4H2mj-RO-!xUDE7n0%_W?!}59iHQZ}8mm
z=kfb|lm*Laj5Tuc)Y<N}ihFI3unZt<fnsMC2iG(rdW2%Vn6pQnjj#p3e&c#}cI{;5
z5yxiEcdu77G+G=e#w&F9c>s^1bD-k@P0=O>6%69op)=XGYAfRhj$>HKFf7}m_TV18
z6Wl^2np83&KfQ7NIJnkvwJ-LH3P^=ydl!k0E}U-hV%yx*ucee`(WQBpDTpWX%M1PG
z!v~>g3YMAfJ2&*1Zv{CmS-REnu;IWucDL<jeARetaTIOQHkQ>bBPCKa#hR!HRWNtW
zTwYl9JbuGZS*VPLSOc?$&vKtrQCuFD78yfB<^}AGH>aoir;tcfBGbL+NJp}}We)(;
z22W#Z#Z)%8Zz5vkGr4Rs#|$`z%?+Em=;aHUIBX&pOuYa>#``OTi!o5_D@3<7*P9^S
zs*CYtjNL7}7+pG=lSZD%H+5f86|83R0Cz6gyl)G_?#(Mvgn~@>Vx7gs&f#bO8@l}u
zJXulQ{Eb9wC#lXTcDH<>{q4jZybk4;27a%o%6*ZFVoHZrBZb7V?LLZ950bfjHy7J1
zCziP)W)3gT;mNKd)yv^yPL#Jdyv+$CPT;H~&f@0jH*@`m*V7blq9U(?IV)b}rPVJJ
z@cAhZl~dPU$7x5pd2lK!-SIA3Vl9j)8o|43-{tA0PvJ9s6#0wjvbuTkqJLqi26ugQ
z7awf@fVY1BmfI%|M7;UDwB{wAU-UdzPQQZNPQRTWj{G6dEpaPMw?*5y>a{Crh&E6Z
zEGDQ2Xihid(|xX?E8F*d-?I-y{W0s8yMHL0|9fnO;}CD@Ak`5|%c#7){hh?4%vIFW
zkBK}O)YThPkqTsSHHxr6<|=?Wc;(I;Qs%VhJVaLhwQ&>f+=mK?7R1&kF{@|dD;Y;>
z=w-wXF2)boW}JqvZ-v+{G@}6YAbvH8ZYOE}WHzm(GZ=X4qxh<h=YVG*!L(}}3sp}e
z(fA?W@M!dcQ3xP@a1()`yL3U`fGKp>&Bay}f~8Xch_~!Qm`U8VRu!b9V5c3V$aJ2N
zsNM+n{%@$=`T>E#XEE%Ihw%+OiMEx`Q3{xecD8@`Ye?+F<1a$-1n`Ph@aou(=p!!Y
zDpP&+jGXrVB67dqxzH-~{*br^3DvO}=(HdcvFN(};)ZDtb<I%}MUhg<|0hLCIqBX?
zEaoUi;Mhn_G5+ERwwca`*!8|tFY#uDv7Q&rN$%?zO1X+u4krL`?`_!xbXUs`cs*dd
z@uOkC4k+j<;5bC%N%l5(GohxKIlns>k4I&6r5noSQ9#SwGe6)%aU6_{pc?XdU3aP@
z2>V^Hfk#U8%)^9yI@mTokD7S~4J->)3iAD4f`$i=0`D%{!LLs}n&U<fV$t2_p(+Xk
z3tf+hip+SVdK4*n7=-&0@*&=*K7v|KC;qn|#Z{t2G)=nQMkKno(Z1_ax%suV6~73M
zQV_2j0pFOip#um+f>^13f_4^1k*UUJXUl>I^#J+4FrV!Hh%<Md$;rb{=C<Q*<6kRY
z;EdsCFnj83hF1=w+v;Xy(I~Ed=L+80{5C%s^HYu;dMqDaJP$)NC<~Uk{g1}BgWKpx
zc2Hed&6^j`C2gBjgeo%a9<&URhKvx{BKs_c$3V3qkxKB|syR%ooXCx*{)R~-CL^Sv
zB2>=Bb1unFOaVQBNV|%5o-d51XsE&!GJ8B)c}9>qYhLFU(|^It5i@!D7q3v?RnO@1
z(LD0`!>rlAhM+fy@JJK^j@8>YKHZ0Hrm1bN1>on${hR?M189r2GQMU4tLs)Xrt)Y2
zmhV_jA`!<I@*}1Auklqfo+z^;MxwJ5tJ_|h+-?0VzB0YH^rGMlp^Df1k>J3J5d$$o
z239iN*TQ*-$Em*pC9~(z?|AMr_MgzCaNY2J-R+CnlP~7{2|sZY{ec7R2e@b6-E3~#
zL?9U8-F5G9!Nd!B?5B^hqG1J9kt(({ZsDIxpXTNBU!k_MmRKszpyC=1v>#w=!&Xil
zc_IK2UzqI&w(-^WFF9lMnLPTV$M{XhZ>S7a;s|$X18kY~L<YS<H;m76$TQrKF^_cf
z@90sadS9$>hxePTW&iUIhg+^<_1`2lXU<VnSBOn@#9eH=tdA2LQ&%Rp%GTo9;qNQ(
zLa;boR6b%Ly5Ye}rIAvQOeeT%`c+J=c0+Z3IpYd;v~SNoga;MNN@uGS`g9+*l|~9l
zo;MGnIVi&Q(g94XnZ^gRKOo=@QW2_PYr_^k-})(6oZu=)h5kY|Hmv9U4exR8*dO!w
zg-@_%|7r$A2C%ttGq-;HdxBoqbD*Q)q;0&4I}QT6-_7T;C1GC}ujVC|iZN&9s~l4^
zlUvUCJu{A&fvT$Hdm~&r=MsAApZYyMMA~t^P(~i8;8P6RyW42$YNDX5fM+gvhSyiU
z#?Avfs2EYf6PG-JgJ4XROLvCqC6SC#+q#!Y1153XnYVF7<tR2cx;cD>!9osnHuBuU
zXSw_Ad${l1`#FEg`3x-`M#u>9>=*xJeZx9R!lmx}DLRg6<H=Me4H+Rf6i5+B)m^~e
zoxEL-S+b*>L{}6$>b%naN%96MWuoNbz@-YxQ{l3RuWZ-=R87H7Wz$&u(QOZJ?xo>e
ze}*O%_IEe3tbPeY$6t&WFN=08VqbS1A|QBm^{b3IeGIppdJ8i~x&2(=jd1bn7iATs
zpf`ZD$rv^rm+t}^9vstMv&$VveuU+QEQO39C=l`l`E2tiEFHU)>4T>;=b}06YTJdO
z89cM_8JeTb99exN^REAhvQQZTZvfkI@JNmBco+NH_c63^DEFUpKVw#p;iJv-@OgZw
z0Ts)#cyY;#%o=<gmrT2q34<n35G<rBT*cz8i}-ZY#|*3-K-kDb!{aWIkhZgH4*I?B
z^Ge&HkN4tmbo<|YdgxYDkhUPv-c712h7+|PZht%V2Pvf}y)<yMl*+x4iXuvfRUxIo
zF?&O1M8>P1HDG43?Zx>JPgSmWGRvlWA6(du>v{FMxP|pFs+2sr<Z)&Vp2aD{PvQL0
z=ke0g7a4QTBmCiv+n6=_SUet`0;7QQU;1(OUSVGz@l=dCt6pW=fN9)x>P<`;F&U{y
zihRXf`Q|U#)v|*LRpYti>^r#5ypGA0u3~FBHa{GB4p+>&ip6^uF{;EhcCX#Ln$I_X
z#<IOjnKpPjFZ}F9wzX_yWa%hA+3*p6{rW!ggAsD7s~m#U;f3e_%##mytMB~u(5<Q<
zEQdr}7pcye<8(WJYI`sB5I}of<iW64{f!wZM;2FRJW;*TO})6}Y6ky7dCL9mq(La4
z>S%@s)yPMW?<KzRX^i6^Au{e74t}|f?p+@d9(E=pzW)#G_RZ*#8oG9WjoI)GCCC4j
zNc(0Sp`!aEbRO77thJ8POktja;b##pKN?S<1jUHZv|~Q$rZuG0E>c6!CQ@@ep@O+6
zNVNQ+bT{vzZPVM76a+xe!=oz*>3YG*(3lh!YQY!=oO}<(2UdYmfTC)29o#|d<_{<u
zGK>5{GZ}aOQ&{ag@D&ZGWycq^uXqTd<>8h=@5L(DxzGb~-{l?qwdZ1eDEwJPN&$qb
zq1hG#Wji7nORjH{H%@=3>tC7sN&xN7JMa7-M#|wo%B<U~al|XC;Xff#Q;xr+2*=9g
zR>;h1=RzW-KnRz?JDDnPZp>ltanW;3itIH~N;izcUD$@Kt143lw8XEHh(-BkO9Sf~
zyYYHG6#EqF4z}>whI*P4f<)S8=l)ho0v^I%cyIA07H{28b4Qd<*VWRMmJ|n7R_|!w
zi_QD-8(#d1&EhTfEZNnH$K#<api+CFl~32zkrGf~z>=-?EZBCCg1i8#m16#;T2|M0
zVEDWgd0|WKe&%m&WJ_HqYxf=?;?pn`hu6MdO-DS<(KTg!v2GU&H#gw%dfj)FGV`9f
z?<%vuW%eA|+upx#`fs^y*%6nssR|-yVzrrwMCTSdHeV_?zqPXBvfxPD<V_=Fj4K^h
zO{gf(&56q7SIJDcTMx!PxH;0Hz*|T%o?zMDrEKrmhNYz0+qwroew?(!S3ADsiyfa6
z)Pht5D)31^>uT3Af9HI*cWk4sxsH$)L~}GgT=OBZbd+Ib!&$a_DWB~4h?eeV@;rIi
zX^Xi_=dz}LHErE(EZn((ZYxSe%V*8r)hyq)jEFy<R6NPzolDr=xf{Q3u=T)ZcJAMW
zPw`P1tVFX^mhW87H#@!}&lkdD>#W?fg0=hC;PrZmXc4wIY-hpFZ-_bFln2U*c1KyZ
zdl@Smm$RmB4Z74R36v7iBkXD1&AfFV5VPYH8O3bayOwWvE+pZ^DGij8jHg(#V+lLj
zcCfF#9>3y8lNwEJO)T57gqp%3j4B>UEFR~zZ|CsT{3mgAx5&n!_#bA=VFhMqoJ2<#
zcFbO!-f3MPTbbTjdP&|iN60q<k-(tx;REo6eK@9-!BS*H8AT869<uL#yL2nE*T@Vl
z%N)9wxzC&VmI9=Z6nYEk>gr_Y!5!4K)Uml?Gw-i{j|V=xk7WmzlAoWCkdozlml2Ca
z$=CC#2vpF~)xj4VKW9tRCWaRdXITDlO8liP-LZuGKK=_ETGlh5U;v3&f~C8cvbAjs
ztLj#wIUWM4pB;@m_+ZTk96Rb*I^rF?zH$zRZr~FJtM;s9_5M}p9-TsO5&N3znZJDj
z?PjYRN|Zy7eQ@aaj#)32=ugXi+hu<&{}Z<Tw60W#i>(uNK1l46zf5kl4whZu|2~Kp
z0!88C@(}~j{che&54Mi5sSH$+j3?NBU@N<ucC)f}1t~j4M^^{m?){ei$^8`ji&0F4
z<$IQ~p=CV*BS@Z-$A-G~%-=nqX@jRSp=u)Y)_q8QOFemdn8iC5bI&JtQ<tozGF*u;
z1uOTiWPS5mR_$9!GM*&jjZp3{qrIb@FE)P8_SS8bhstT~XyMzP3uuTpQ0y;8vo%)i
zTEUtFtMPdaB3guP`?j&9b}=g&ms8)e51-<rB3Ow`!?NwmSh#CGVShfFt+H(AGBzIE
zfT4Sdcp}sttYz`;MKs15Xl&a@zMhXNRhI2o#@tnJP?lFlNDJ}hx-VF?<6GLJ?JU~)
zEe+lKXlQF7qDN31*w@^^irvfcsyeH8uVzhyyVW(-;l)dlznIzswLJILKY8+-$5H$W
z6`=~6+nQOpZ2^tZ1`30P_@$rKyH~NIb~#eXgqUUxijrhoH;IlYR#g1US*2f>I+%)<
zUYvKClsu7FmLDh|QH|<R-7w2s+RV_ZOP_t|wrB2@Iegm^7SUu3ucNc$z;@=Yd6U}2
zUP8VgoA+;K&%r(T6hD=L3P?+q?Oeu!-R|PeK_$qlJ*!#OumYh9JW{2|Tg1WEgDl)R
zpQgkC$^vCLDVwFcm$12c6NYXO@f1+sRL|nwi>Qy)vV6}n98+MZ20je7)NkgM6)&^5
zeGi335t^g%`r_B9Z?9)h({2{-UPx!UlYK4qM7$AjU{~WVR@N;i--xh&&pMXZEn{=@
zCN|e^a&hq$(b?U>d&}SDFCYDxcBh?4FrT0jVoUvI7Vca~+=^4|D<YjrvvlVYwl!~Y
z!#V~3nQs3Zek`RM;p<2etzD!#W5}rUVB0&XKS(L<q6-7JC@A+uDhkz-VO5}l$Y3j^
zlf_W>!`8*z$?)J@ew^XIqVF?HDf;p#N8rIjSP4_#QqO{&^XYb?w8mQKh<0Em)2NQZ
ztE*mNXVXr1&JI-~O~K-Ai&?aLA$k5h0y4nLJu6v%U>#dqwy@{G9t_2xDp-YLsjS$!
zjBj>)&DQ3v6nTpXd-GYjeFgJ2%p;zR@$HU<9PB>GktIhlqF^|wl*wDm=JM3Sr)U@L
ztlYa2EGY69QEZgZ&|J^QYv-}AyTM&+@^D!6pLhE6<Nv^u<^LL6*K?m}>BQ`cn@(KZ
z*7k1d0f4RtiyjQ>%1w5D8I)9^%1r)KADK_0NRip3TX^D--@V^tjw9T>EJyJXcLH=Z
zZo)dS7{ABCiPn=aC9$p!(uq!@8($!uwsAa#*m?=w?FVVy{yD^J5up*-fuT5BKCQbK
z(zxJ$0_l1RMxBc%zlMf2b4exR*ixlw>*pL?{164+B%0MhN8JicTSMp(k|~Sk?O#&A
z;C_PXJ@|tWk}^Ph;|`Jyi!fvyM=v6lu;{8=g6Q6hl0OO&8j2;n9N6+X4T~NnVAT^p
zu$E*R@D?ESB05?cXxjQIYODcG(=y#Bvz4QzkcY}3!o^T#d0)>s=zHE_G0p4?6g1nW
zMz*7-;@uneTQ^L9sQdXt^r1dh*8f(CI_VFkn9A#l5jrtEs0@E;k!!)p+)K(HaZYAs
zkDe8(C2j{~MZW9=lKs<H@c$0)OFET=R2)1ydLW1d%y=BdO5yPZ@EATMkW88wSa=md
zH0gk*qB%C2-;d(aNylR-Lg3BIbHfG`aiju9C=V1BGad)a#1jaB=D~@_kw}bC2-_Bj
zWDGP7Z!m<EV8)|hyY~-=LIhMnb4xq6X)<y^F(2G<0mI4*IP=a|_;|ws{CT1O@SZu?
z^y#18ecAVfzPm~;wtX#Yil!psCRT@yNJTdgt-oAuoU^9n;{2gF_FLYNcYNv4Dgwo!
zY+i(mpZlzbdN15xsZ<g(kw)`)@CSXa<vg7tl{8U=Lcr%IDU+yam5`Q)<=8~i-2_7c
zJi3QyB8pG=P=!isqLt?^evu!HIfuW@`!kO(e+=ED;}?Dup%ArWXqt+!BtE|nO;<_8
z5+D^qc|lCeB%Mg3d%gGqzHFKHSSp5BcnNAj(w0fojuFla;Ydj;mO|B3f}sEcK_Zqw
z*pgr%fM$3|CK6aF8{O;0A25iSaYV`??9F!<jZSvs4S4Z-y~JWMuptoi<MHYwQ%TZE
z3tjgR2>MA`DQwdwPYYw(X-rb+icUZakW8nDrK1EwL400=z80%KNFMT2Q5DQ+f>c+O
zbljeA?{t3AwZ`0Cet~a_gZieC@2@EzQH>GyVOvfX&n%)6TpOrMusvR4nPD=0tv|Bw
zV`Yb~<hzD45|XKu>nX{ki3n_cRa9I-)9v6M+=JWTFeE^5cXtVHAvnQZgIjP2?(Q?V
zOYq<_xCVE(%XioPUhe<Doz?5e>QlR`s;hTZ(TX{7_#na<QU1sdvN&LRnENjmAd^;2
zHYkKcBUp#;XVvmOoZpy6WB`d+0;)k78y;D&rzfpqqRX^F8b8)0?gioB<ux(tbP>7x
z8O+nI)Q0Mfb>{W$M@aR+_FcSE;c6(oc=dn)dE9o|>Dv^BLrU3=sK_n!0CUnk+n*Qs
zhGwfNqRP>>RoH5#!@1wFqvfe-s-E9+&(Jf2ui1XgKEljKsv1gu-r7qf7{{jK__V5!
zaVinqfBsY(8k$^x{(#=@7p%b-O3X8*f#LtRDA<GLXDw~yhr4V~iUx+Sy=F$QS#3g3
zxXGJx`DMV!y!W&L4#h-`y+>nUz(JubJ#I)6mf-+pMl3a6n2KSz1Sl}end2Ezs4FmC
zDN(NQFJ7`pw*DSBx%-<t2a&`Llgm&6QEVo=g&sW$zY>r=goaG54lkn^8yPV^l9pU~
zqmT?X5YU>3D=&3{3MbAf^F@|rPE1;w5OMW@O+!(1*_i0`igp^soJ1@eOO_dhTz2G>
zswxU%FtR3Aj5KGVs0?O;3`4lSlUN>>;i|kqb~m@3j}RP<vGEeYu+FprIv<|M6zGdf
zdTG6e^w<FRp}@k0-{Jf2xBYl)BeZw3Ma6p2h&vy3u3}Rs{cG^?*Jb%k!FOVQoGj=;
z$NWG`v_~Pc5QouG<nHi3SP(4+Ek6SI)9js3Dx>>8AyGr#koaE`EP>QiMCkb*D+Bwu
z7x3VNjjIQaXG67OSw8FAtw7prnT@m$uK^S_>++zieuW~G3X@NgR2i{(Pp;ES8I&*|
z<*^7kH8jQfei?HF3>{HrM;7Rkz_7~n%H<L>MVRBj!w129GN8){&(~q{^df?S|0%g|
zqTOFSJ@dwHU%E+SAtOu)k}z^f@|om$etL#^+q^P<Wk1l8lW}!1bE69-gHU|)7j|t+
znr7_e@F>U!zO!`WR6y;pk|zeoYXe$;+mNj%S2Fp}ZqIGf`+k1tOXS*rFBVc5B!Lw-
zgk9WCc)tC)9hp&v9+#I9DQ>Ul=n6-9h@&trfPgkx>6atUPUsbuT6{QzYLOTRo<#Yt
zZ`41vy-+;G3M=v6WzNAK!pdT<x1|l|lDR6Qn7{b$kgw9>qTRiw$c`P-W1(+wJ=2cC
zTTatf?ib`uXB|r2G`}f_`@O6yD;;A_Qf-~Sae*V-{IsO;8u$~O^S8iY%wPU+-`a$o
z{j>8{O{L{jBAHj8P!fI^rC*5%202f>jawh}G)w!rQMuV@^T&$2e^Odb2@!)qH;|SK
z^AJ#4N%C+B&ei@USHyv`xgnaS`fL~)ur4o<PR|<5D<;;On44#O4~Lg^jS2fss2!5-
zVrV^}6UajiS(4=47&u1~k+bDeT4}7C^SSe?h{|0Tr^FKD{V=5iJA?E76(2*)Vr!h3
zOb-{buDk>eyJ`4UI@L=1%V$HMS4uZNSpjR)GEZcUV~wPMJS=qhACFWsl3!eyehhlN
zwP=&u3llD_lwu(i=I5hjk`&=4$hp<nxK!ud+*PN3_;K)Nn4nht(uzm-Nt)A#A<Ty9
zA{ozO#Bipsmy12ELHYE|a8&<H-m-=Ni^lp>+obW2E`-xG4g7bW@O(gkg!;;Kry!)3
zi=<3?Mx=ElD}^!h^pAqQ13i+6jC+vNK2Q2*xo?7-Gt@si4?CmcPd}EvQrxZyC^h7_
z6TS(#PPDmnbtpPC+^`%|NA-swYj0XfNYbKieO^f$U|}1cOZ)Z-ahv4aEPCymf*-vT
zOp7X&VPe|*X!BOJc1(D8K=)WTpwC75?z%1eM|t*>v}TsNm1pYdLBfe|?!I6NSiPk4
zMnH4YGrK&0ha3>36h7pT+1vHiiSg9P-n49OP+fUFA|f*E?WM(GyU71a_s=1`Pu%4h
zp?kC~Db+UY4oELy7LuDzP237WE|91S*_c1Pt8>|p@|a|>&+wkQzbG$wRW8!<+j@@B
z=L8wZv$DAxv}{p9duF~rL|%JQQiJLP%@*K6Z?bev-uSp7=hxJZKj@`tX+qQ-W}X8_
zYX%WY1mOH%58O9ajXVj9>5HS+n+*Z>3?V@w=>p&UO-v9e_)T)70ZA-W$wHp1xa7#N
z^O0gnv#aC|wme?OMfm72a`Q&OB6kz>4#d8B$@<7A0@G}n1?hS*S{mfd9vaL@8g=$O
z160>DHX@k%jb7D!y?-CeX!Lg3$sc52c=&}kIx>xToxqX#aoWY@ZTrg0_DQ8cRgW#d
zovrVl+)m8H^_EIZjA@eN$8M8&beE!Z$4UfEJ3G#`C#TUe2kZ@E|J<f@Dm<pC1SUiH
z6J-HaN~CA4$L#O*X!f^;?$)EXE#rn5f5i0#4#0T~Bl)4dHQmES&s_)DIxT>DueGUg
zC<3XGR|4B)MBK->KS^mj*U@3YoFvopRk%thKKSbi+rHSFVX{xWIiH9X%}Ps`3|a0e
zuNAYZCX4}x9_7Ri-Ql)6v#+g3#UGDcSConC@ayp#&ts$3BS!uALYwynF*lWkuK1#3
zV|o}UvUf#;Sp&yfMFdR})y^uvbJF(F1e`+p3q3jdXgD!{{mqKvT|4=_XH@@O0YGM*
zRO|>0@$ZQarvVlX!NCN|EO`s>sdseim|0jP@7YZz$y)xPVZe|_M!wH>SQ{7-lrCPZ
z$(Oj`qwxKSRM4>^vM+<{toeGf1<|kBdusmtHoD!_Tlwl{Ywu%wT3B^1M^4=a^J{>>
z&AIBMXLMTErBCK*P3x-56HW;O^sxgE9yerPlw*J(&ZTYHuiy!rs)eBsT6?m&$F*%)
zNX<3jbshp}AV)$DV1MSN5bb}=9T*@Kf>)(>sH#L9t7F2U4014UXyWbn4VEZ>CGj4)
zI`z8O`ZlI7?;3JL5H$C1WLLRqeQd1#;c~emIZQZn5u}+R=!6z7Q$rz{;b0c6X7YQ8
zn<i?-%PN_b$B;y~1ll7IiknVF*=_E2ub~#Fm`ynP-R+_0k8@1SXpUt&*JkH=ldbzQ
zzZyu0R4Hy)*3))Sc2ycagcvT8b8A*`e=F+pnvtOxUjGtagLaC~2fpWfTh-xxfq2gM
zXM6xlr|;pU)acsL><&x+3c(AuxE>u7*LoC;=|0KCSG2Mg3s4F7`1W~0(BA`{b(qQp
zI^Cs$#%Ds>Tm{nQn>R17e{d?{g}o_J!XXJK`&$#F)nfa_U7~ijunI!Po<O%U4dYk<
zef;^BhXK!wgKV0%!kUpkW&EJ#Z@?yugvy8qFS9=TyiL`gsQqn8jwQE|o{X#pyp}1e
zWFVEwFREBvX{@H@F#qQOuYtt%j_10d4=~0tnTmf~YSQ7PUU`y7l_{Wg2t@~q$ozR<
zY9|pEU%qd>E)%N9*3qtduKbKekYxMn0K1W%QfD2KIALeIzL$s%;C}ezdHVF_t_&3D
zVTSsoP#SdoyO7XWpjmB*$Dxx{na`RF92d8V1X+tv_B*j`e-ri(2q-V@A44c)`i%{*
zJKF+WQ~dSgh#M&(!4lZCEYXM)sL#AUaM($Bk*)mfF<PVProQne{vR!MeCnyeAdRK>
z=56In7WKo5`Zw~A`LUh7z!WO#-I?!*miLy8@|eivXjo6-<{^T2Cp{^L+$-+?3_EJS
zn0r_fk^ooZj$P!t7>gcbvZ9@eF+v~MJ^k|kEnTB`B-eB*KUO-9e)5!aYsqWO{pUw;
zrv#QsTh0(-5djvMmrtH=9NcjoXtvWt(lmek&FIHIEjOD$&v!$guX(dH=Q|bku8h1b
z{XDm<WQXH47|PqM;?{$lt3pc2sBiG0sv^9DpNMPK1$JF{+-EqiOb>WzJ&(N?d8QH-
z862cg>L;oG-SDHsNLbtYGWSvkn@p1!bI5=?y@%Y-n-7MzuhY3|m&><X*?sXSIxk3`
z|MgIq`Z#|KC!!vdLvwB8L^jt;S-iEp8~E*tM_|L8`lB+<)BtkfWo$!Fb)p$;C+^#L
zGd|BuisWH^#IDVz!BS1W`iYy%yVugg0@H-yldA$=u}2M?K9AdZ=z!dSE5m*tx_+k$
zdLFVnSv#8Wnm^Yq`3f2ZT~ZPz>;Uczk^a+1xI(Ktq(t=EY!ZFXVNiO!g(tVK!)|?F
z*N593VDMkTL4h?T(?92F!$ZGknZ*RaI`RQ22Yb4MSrU}ir1Inv?VjlQ5+;;k4%>HB
zp!$AvBB}!4!a$`0ge8?TgXe|$qqLTehtMX%po`9_^t!tAZJwhTx*(3w%u$F}zJ<B7
zfT14wcD0YZLUDHMJli@d_jhbKm10dIryTcP?jG9-vs${vPQ==W?m0#BAs-fOhu5t>
zg=@T$-Fi<7O!%J82{`<PndBB&x8Ekg^7W_Tzug^Ytm?)uSU8B*QDMVSPm=k1X~>AH
z${}q2t-knNSI21IYj9v4C~`7c6wk8Z8iLTr`xla`On)n;`9hMYf2SnZ9S@Jp5gk=3
z%-1U?$|*KXo0Zu+#GRzsJ!GJ9j>pvycgFm-N^2)a^O*OsGPvA|#PM;Db{$M`S?A6p
zzE_+0q8phRpY;TLKxQWIr7OWNW@CY$<<*v_HETm4JoBgz(D8a2)5Kr*&dNxG86P{q
zpmI(DK1COjsh{;A`X@>bY--g>$(8-3n9lk_4E;5naPzKUrHg_q*!pHz>@2w8ZjkK7
zqZs~v^#j1t$?P(K=vPexxIP4Hl)u#tZ{PAqC0Ajljnhkid_NjJvgS?py(=_UO3n%9
z>S-dpC7xctLMh_tc3NZVm9jbryBkdvy6Iqk`^J+39OEgKjGXX%5#Vi=(vZp)Y&9cg
zYG_yn#ZP5?K}^`Lr478YPDNXro*Nk#ESWavqqOQ<@#bM6HN;yFR@-%F4*vaU^Gi+C
zbvdo_Th#pbhF~S>!0%?IN%FC`Uqd{8Cj8)aI%F{FijK5nRUQA3PXp8Jy2H%t13fz@
z%W1LLL`cSky%p9YVHdRax)YGH{3x&SJr|tyTisQeZN{~JEbHik^V!qpE4WPXpf3s@
z_CvSOzE$xT9n?<R+rIRM)K%Vw4WYT!$DJc>m-Xv`Ua~zKcNK>`bqBHe-LA@4na*}!
z>8G`&(f4v?az2H8x`Gya&0jR=%j5GN4y}dxx?eUDLP{=xz4M;$4HX&8Jq1RK5AJrV
z4FqoLk2W@y+G0RVrIFb1ssX#VCgJsAb;~;W8hH2+)x}#}vej@beW~RNR`?r&{GaWX
z7ii<!S4`}aFLw!69F8adt{3Oiarab7Zel9v)fVaDoH08U>!^y>dHNvPmm8tvu=qiv
zBd2jH(RR-(erLYX58zw}jA%R2&xk`{v`N@KX2F7vX^Glpt@5JRg*@fY>)m5L$Lw>j
zNSs0{nWUtdLMG&fx+0c!u0mS)S9ZmLEa0WO#MQ!=`*~t*!~t%IiMW6EIEI5~Z5!c(
z%4OAn);D<v@1lqe8HRYphvET$hfX+vrICtv5#ZI-XS5J<aIf28;a0fd2PJ?|2>;r}
zF)(-5?o`}znTPc}!Bbz{-+sLIILjaBMcjdQ3S@Rn-bRE)Iv|KjqGlx{26;V&+g?@>
zymfef2CVqc9Va(|)+mdMMYyi?F4Ww#1*1%Q?0r8}kEo^`e;m;)xAnM$!9!u@x-{X~
zb);tADk;(ZGRJZvlS}RaR1LV0dlqD0_vz@jPqF**if8@0&r4=?+3!uSj}VEg!K-Px
z_wZ$DD$G_4HVxS#)-m5mx()y1{aWC^-O1;pWaV3CQ_6QxKfHJX&q&H=-$7lAQM9CM
z7ZeK-lv-<=Or8ks8rGW2&}h}%8XT4TgTA~vT}VVlr>iJX^kB~V-A3+m2OoH+Mj=qS
z+9?w+)Yb3z;gdbn!&*EmKWUd#eM+emlJjSH9!!6jF#9*VwY!$K{TyM>kLn)2)|Jm!
zGyGPZAi=|C1UjQe*9Lz6)S`?}%zszuw_Nln4GGPz2s(veR76U}fOMNtzqt4J3$4{c
zPc@<ynZgr`M~Yk<tax?TEsbiAX4GLARaaS6wL!Sbc~4F%4m95yvF3LfmU(#mAs4tp
zpWK)JOmb{)Cr2dUHsNS0B>{B;zaum{-*aQvm$@H>R^dAnqoi8Ixah8Qu|A>>oT9j-
zn-f5#>!9Ih$r}mbkcSCDZnkMZ6Lz^-I^dH~C_V*1A24s-*03zLXiHN$ddK>rf7CR#
z^1G$b4JP?~DnXGZvm`E4+`4~8UmQ;Go|{;~EMUB;FLrRNyM=q|MKq@Yw+uP^d@}*l
zQpwD!&UJ*%HmVYMHm9`e!88ha$)3W1`ZX6{lGCj(qjD8AEK8`I0hd&?S^ZicO2$~M
za*UqnsC{a=^+|Jt><RLZzpxoqtD#$=yWMLQt+P(%_}+7KVaxlD8^NvL?k=&7@0vn2
z$*pd_G~c~EfJ>E|B`NUV^}l@RM8Z2BOX%V@T%&Sk*o+$9I&Qt;p9dCGocz7+SY-Yg
zaF`{hoh);YLiSqFt(f9B^$APtDXMH!6xNzOw-0nu?*r>xacU6sA=&9?H3wGJaSnDm
zoZuJ7m>+{}SFT!_$eCG18ytppKH}SafabT6CE+T~bE%B95FW0AA3!P7o?#{x4td<`
zta=KXFKt7zzv$;n$cRVLhfd<qrk94C4?A@toRh4Gtskg;y2m>HjBj%*BGw2f7uPH$
zSsWz<&D_FhsxaIUD-|ER2US~hNn8lGT50n3qU<8-RXMINoW&YCA0TN7EsWyer_LxR
z<d-~8GB(On;3qFPRG>jOC&vOU@Z13wYhTlsK~y$BT-FHwKJ8PhQaWof*$g%OD{aOt
zoJj|nI%JPseN9rU`bl23x?6l+5Cs)SKV0f*w}G~*ah4bnYM5Y2u~SRe@+`;SV6E_7
zeqmX?#OZuOdn(S+US(T+8oHD?kX7d|;jFi&eFYW&zE!gO)T0MmOrOUnYPZf#x)(3E
z%ytu*?iQ6yz_a#Ji)$9sllhHRajELH%x|INIMC&)pl4BsCCCdYON&%h++h8ct*hNB
zx9&gCPLCX5D924sEOu8e5HOrVt@kF^c(y@u0v+=J!F<Zpv|k2+P4?V#b4%Fq28K{#
zJjCKA?sa82=x4gId2#pW+%>Vk$0GA{M*o2qpQZiyS2fS_^OtuIuL8<L#slYHSh!Hu
zYu8|&l}Z+k)#jN?q)myRiW?@CXqt>69c`yQu;d#u_h-H*%0_m-Q%fM&i|CvcB}gq=
zsUx&@E!G@Po9#vVipf&zDm6whC!&Tpi=1rT<r!T<mWXb|G!r;<U=kALIkA=Yppf}0
zl-e$CLQF4y>unL+j0WzgHMFAmqrpE8>G(NoHU=?ID!u)VmL;_qt#$u-lxOx05n#z)
z_M&`wk!p5j_BwldaKDn*==}Tj(cXx9ufqP4NcL;B4QRiQYiwM%^H1k%-Qc`z7kTIS
zO<4A%jxZRcHrT<ZgQ~rAM&6nC;sjWHn@{J7(f(KU+7JJHV9oV5rk}m#jcdWG_^2n$
zfWNm$y6BV%k<$`5i@oBDGe#3+@Z7lcQ_I%PN)$jN{x-8kb0Q>n@i)Nba;GKb_{WNs
z`GVlV<u4=x(G>Ccwh&C2NMy}eN7JGRFPfFRD(_tf!$<c~BO-|i*vHC*{01XVjN6*x
zkv|QiP_US7MkqS0m1#^8R`@z^kp%wA{&aDX_sA}5MYu)ZZ=V(yClz`>#eRc&Jovrk
zHW`r1urPA)U4@s@Cd~_iMH9jta?eS!^7bpK(IAq2r`1f+970a}k-S+EgQ8uIm}`D?
zDQ-V5>$oGLNx@WYRKZns*>Iv~9G--38YtMS8ogxPTWlZv-kG9Idn?;1xLKgG>O(NC
zau0LksJ2y8OzxbhMk<Bwqw3Y&J%D}EfZLg#OGt~1J*UxnAMZJ%2J=KBpJPe#<$x_C
zrP1lCxYmV*L<@CL_jj*z8bA9ACX{X3yRVKl&2hKW_r?S&dRRwpn}^4D!=0}cUYfVo
zah<-0Kem$YZMf@$^SZ9hP!26|vkTHD2xkGKBdHIuB8M+*w6v!Vrp}m5oOSzTCZi~k
z?$r24`gpU{8ZfMXhfqc+bp+R9%jgberV1_i@N->V)0w3{2Gx*fRmUiw{Dw#2UL;9N
zVvZZXS_QL{*l*D_r=ynC?y_ylY&Q{f?rzcgTGP}Dl6W2$8gZ?A!Q;!gkl48#W)<6(
zYO}8Y^%4e*3AjJIhlIU-=GMPra8n4<6-5M9>(vW|%-9lKRiVfan-)%&n7cBu?mNm|
zc~W#Le(o2Kw&OnGb0qsj+Cmsa3B?g@2(2als4;rz{=q-*WfD+($I9go(kkZh#@#+I
zVGymHq*N5<aDqlFPjQ?L9y1Bb>@CDL$6^rN3MC5vTpT9616p;)-V<}Q3~R*MeOAZ#
zs~-AqI;G`_#pkqnXOQsx>(mwQ>mTW2ymotuhfGxJ-zs+bQ;~j`Hyu+^Id6H%>=@+|
zFoJlDd{6i@Dwo0eAZJ<Y3a$M7cfCu}EBR;lZxW6s-s#S8Kf~o>GJ5(N&QRNKZwpUX
z(h0^YEiFw=#Pzqn-dk61t(^9kN;8AVQ}T2tO<FSp9lLLI<qeOFENjmoA;&A<Otwn4
zd;GJ<X`O>%TquKTHt-1H(3Y6%fhk2}%FaI^-4w!}igJTg7(Kn)$plxeCZ)7?-BwI2
zkWBeQc0jev*-Jekcds}1H<Btna~_9xab<SGfW$BuCkQ#5D64qQkk_`<26KJchwf~b
zM!idiuZmV~L6e>-E@y=krDl)jFyw=j)bpMW@Su%AUun}Iz>X#P<Xs`tXdlRRkPi4(
zkyhV=vGgIovo&Z#uQu7htBxm{<~Va<sZsec4loR<x#3gRE?8jL(w|=Y(^liH>GFdU
zH1`x`N}7c9ZVF;avSv1QVyzu$3`+(NDIk-GHp9y%zCOqbLL!kq1k?fDF6n`kwG#Ns
zo{gp$;9Lh~;n>PzX_Wr8Zp7jarmU>sA$y&i=LZ-+{yHoYYOkoslwx>)FMu4&HNRPz
z(QT~R)`-du=6C?&79&v(NOj1HFr0u2{ES!l>fRaibn)}bPG~F{6Z7->FUrzbiIO#`
zMO3W<&DY@FNk}zfK>B`kmx9OPYC%KO;eD(u0G*hYz}&qOfyGkSc5`E^-Q^g21NJ*x
z*6ryyWXE_V%c0?tci|J<#mUCvZQ}3?{rFeMxf&+fO=4RpHebw#d@V=+W}?@L%b1=n
zKzEkIZ_gKx<Z33x=)6x~VAMcgGXHSsR?hN{8da`U8r<`0MRyYy4dd<ptn+ku+GMHW
zrSqR}P1GLw)wweQuI_W{<nQ0sWKza%KMif-#!pIBZ}t+<FFEUjtOB!{aPb1LC3sB=
zgK1*^F&K3=TxE7S+r11n0aXE!22cM`*fT<aM)JwabVXHdl$Lwr1pB|a+YTU3M9^KI
zWRxF&m8#;Lw^n?d42fzDP_V6}juF!yS+<LR^c}krGORSAuN@~P#zc*>GjT!nSG+JU
zpY!WM4`Ug?PZ=uXADWvk<9Hp9-gd;-1$cd(Tr&giFpDmx)#=?8as@P}ZJ14Wc{l$Q
zK1BBZawHsV7n%6U@5$w4Oly;l)(k|lify=5R86a<6gByk-)(Q<iYsDMC11m4ycUOy
zOhVPG6;O)pXMCW4qJ0HgD9Pscl8QJmE4sKmNaSZwA-SWX!N1BK^$O@4ViN-U%}?*_
z4Vz~64xfw=uhsjOAnWsdSh|01BmC)3cbaVu_}E|q=TfjXi>VJ2Kx`r?viKp7<j^kc
zwc&xlGIo!Rgg-~_`fhi4dLqIA_guPN0L&J*>|by4;p}DyDwgd!;&Mn9)spn2NZ5Ju
zPQd7cxZ%X#F&-Fc6_XDoS;533)tbY{08F@!|43aAMe#JQ!2x~{#tFuS*HlkvmC(B>
zi6y}h>wcXPD5v_@3pwiMW{mx@DOfjti;?TkkKZU?^XKa?Lr-$l&ZY-}0GgsYJNSxC
z?1#%;cE}s~yA3DzXGFQtF36M~#pNGtnqyL{#mLA2wY-`0T#W;Vmbl~UTzA{_rQM6O
zvR<#Zp@wXUM+w8#?PsYa%J-bR`rCZ$;t{oTqJNX_hVgHpVO=Zt=zwF-?Xjbw(QEKj
z83~g*uGE8Kzz^MNCa#F5?7-2De1#0&i3fF&WBVLE{?KTg<cB6#l~bOyBmt#1)Z&cy
z#niFPft#+zFh-dCJ7{MFl*nc{uC5YRIO_EExYf1P!;1D~f+rH0AsSxCJ_O>kzqSGK
zI}oo}|5|~AfTvUV@7O34@flOC#W@1v36nORQre7U-jbeWLrQ^W*|)?<7Xe}&R?_p$
zX%KU)cdh!NqR6LME&y4vuQ9}$YC7?XnUxfrNYJw1QFZdI@%rL9u8Xx&8JvmX`1c;^
z<MSi){a@t|c3w)ZVI}Qx$%Asr#Oqq(*1h6*5+A^9v`RWG*uU<KDOm%EADTYP^d;g<
zPk@^7%==qTlk7%*3%jRm&l~G}q@^G%I?<Bq3cFU2?g(u=copT6Sp0zXd1syNz5JZG
z;ojb}WPw!@yl>?vLq1<qZ;UnIK~45jjWBWaSAtm+&(Kl(r{CWAJUKI6XfG!Xiv)Et
zs)mruqYT^3b<x^!M3*wNg|LqpVAzdtY;G}$ag||k>-USFd;00R<3cvij5|}(BWAC$
z7onWtAgpxO3H3O)2kxk<EMuz$o;;*=%ewJM9f*&6%m>iLEr^GTAJIquy`RGf$$MU<
zBf@3H9v3YDpQBeQpqBWvxxPW2hxkzq!1y)4PG0tWE?IG|tS*#fgHa-Iq$`Xc?r;#I
z+k#SfFC15O<tJFXo9`NI|3ZXdH(N4=*yE;>J&yRA^q|#5Y|;>1OGX~4HAlhX-}0jR
z-UV&`el#TRE_y6BX$TxACK?oc%@ruTv-V#uz|yWRW%^n_Ma`mYYT=Y5-gU%EhEw5H
z$ud37(JJ@Z5M<SZI}sA^Wt=(M$<{eOTStn~4N;Y*wnYrrb9QLPYq#Ac&6<Smu5w6w
zNW7@`uyHkoPae*2+vl><Yh@|<*x4wjVsDU?PEBg{^gb8+jlHCv$SSHY7C9<OU?I+p
zW^8KCp8&?uAHO??kQCjvS4AMQn?Nh>zX!rgr?@4|$jmE?`SLPgf>kl1j}A^kkyvfz
zR0Ky;ibgFoJ{JxKkjIl7psI*eLOz!vFT$p8_{grj_0<RC@8lqKTsD^?NX2ns67j^d
zWp7k({Wr@N;Q|(X{gM?e_KnW3GkA@f3wxxs20u>L>5NRsp0M%1I`bLkm?GL&!dB5Y
z|JVs`ewwM-oSRENh$@Hr9vEnoFblSTeI=Mxvw*9!r;?&GZlsl;CD``e*tt4cHwu5N
zPDQZ)Y!Z3=Kx=+Ai~mb>L~rJb$Uu5;mWpDD_oY>pMq)9V5_(7`pX1Pxp3Z+YNiLX`
zUd<enqC^T6Lam{1eDf{u;8J58vj6%g$fgI3B|KVVu(dM8uxYb7-czdb&O@zjlG6~B
zn2qMEr&@2m-`(SfF}_VV+ee8LQX{!@pLL7=ZX-FA&1wm)4(K}W*sY4ztc%}w7FZ8<
z*mghYg#?=(aW8q@yLB{IA9z+fGUghF%_0ZD6;MKgcPC8zZblX|7XaO3p=PNbK{brZ
znkC=)rC>0<qOQn&GW)vy?t#4miQHM$6zgtIqvPQTor~lMu2~bd!1WIScI=%e96^?V
zrKGzs=~?;IuK7niz}WjzDWW~kPB@Trb%BP1W#E^%jVRWOS)!bD_;U1>uw$iJ6DgQH
z+l#Fz$kxlj({dVItu%Z@FY_aJd_1t-**s$goQE@-a~G&m^wJ`72YqInY?7Z*<K^@d
zOtpogVtQtp#CEx}j3Lp{I0QyVXqgiy)Zm&WpD+B9Qiu%HL097oB_}N##o7y-*$2&M
zG*QLg@JfusWuM@I^wDbJt8>U<S_KYo(Cqmrqo;^H#UsspfOJAW!&g3(azn+Ugm*aE
z|J|{4B%(gc*LE~0J;w{#cl)>Pa#WOEG~>GJL7m7p`5=>eGPs*@2rTUNqV3Jq!9RV`
z(-0trPzD^0id4XS&{~hn6n+aEtGGFcs(^+t8J)#VC)z+OfQt7jS=T9l?3W&fT`X1H
zW-REJ9_aUbYc|SYsGhv+b!?kPAWNzkjY}@UK;z$!2XDrZSB<1<oo@BpAV7-9EIM`*
zZEvd&^fG37*XH%0phP_UNN)Sp+6=7#7~`cvW(5I@(l4=r83`thkF-|%T{SDCYIhaT
zTzfvJPACcktGG_O7jG38UTmx)s}Q=WXly0IGgN`3hjD}sww*`-%N%aE?DK<ycef$7
zE|jSqB#JO$5+>=B`TYvk){K02%Llwd{l$3Zu9q9CfKc#lA>}LP`iC^IdkPyFC6Y;O
zg1W>Xi8eV6`Rb60Lwsf<2Wy)Ft|7LY@R}+GP5SR>G+5-_Sv$N5ov3)1a<xjSgT+|T
z{L8JOn@wnbXIPL+`g!1i&ZQl<suFz-jQ+bBDkT;J?*!IX8@4|;&07JCZx77asp8i7
zK?c>cU~QOhbWGNL<j(jaKBb<B1(n*}diUIW4~9OO&a0&H4so1dn=O6Ft4$9#sbqjH
zqeK<5Dotxu2dz=#W5)ypura?d`BjxQqC$$Hyi_qZ2v3~Jd(k$Z(t6-e_DvE*%;|Tm
zx(PR{4zr}&Lg)38TJcBkznmo)X{TEM9CNJns7qw<&;L+@T7lyt>mpp2A!uq<MHP6&
z!+&)4{#3g**au5REPtkUa+LJDGV)t_jal$7_k>QpheA~g|0T(ns51J-%gyaiJzsS1
zq`b;$@DvS$6`05{RS;ENQZzDV&<d62b7&U`zG87BV=U6N7N5>-d(D*uY!1KTISS-@
zN2qNKg8r5VL&v*%s*HSCubj=Gp_v5jf7;e4a2e^Cptqj8!`Lgtr8l4VjpZ=*PAe>l
zcm_Gp6u}?ZqPQY6tEAP*lQ;IOd2HA#7Q~(P64fg|gFrOp@)A`t!&)wLmoX>87M3l$
z=>;X6{jNnB{*Q}d_^+h_=wG$<uGB-Sn0>c7XqzpcBzSD?9_+hB==~3ij$QYn+;3a|
zb-JI^!0H3)yx~zqLZeHmu$#>Fx$_rT{hDqJ0cjn%mw21W!fF}k?$N9oR7|iVt`CQi
zb`aUL4iR#mC}~2&F-CjAhm?lYI8f*3^tOwtD7)@(672kxujm<5XRQ8Ju4DiOBM!H+
zvx_;si1Hu-kuL;0rk&Go<_wcxJXhiz8a&CK?R<C;mS-u+Ac(eckq$qs$xUtfQBBm}
z0rmP0DCc|9n0G_Ahc;-$1m97@XO;{M=)3MM5?eE#XyR{Mbm;-hkniX89DvZKDOlI-
zKZ1u;$l*Hb=%T75X5-_l{>@KNJsedCfAdEI__+*>9aWIO9Q^Z;oTYC{R%J@AC1+5q
z!e>fej$vPNVz1G#fCwz?7P%iZ%(Hoaim9M1f(R-P1~ePq8Z`JK$`nc7w)#gETgb7g
zUOZmeu6_Q19s0el0&B=Va7-`VG(fa80-3)Y=dR{Y&AOxa5s%?p+2DzEg~Y+*@0Uua
zM(OGzwG+?A2R!5NFe;+c%*V_FRR-NtOSSfLNfksln$s%;ZkPCR=Q6)}elTxm39Od#
z`q?Q$D|o6BopX8=YMIfGGfD?>{u&}6jdu;Q<~-6^+S~DUwW{29#6{>Gv`>-YCzbe=
zA}c{NbHt)lE%Pg;Yjp$=ADIqQ-ix<vM}~l*NeH+B`7V-9Ha|^RiHT~X7-#NQ!yikA
z`xE{yO2i=7(-oAKRqH+KUCF)2*520t9RMSao}J#Vr$U+Jw#ha6%fJZnZWvCL-d}7J
z`j@T^kWMs&9cPNRe*|%-mY{)s9T!W_sNt**!}KeO@%!<0Xi@&oqn6cS=-21zO&t+*
zEkC}!8^)lE5|5C$B>EQv8vcs&3Rt<@?s=4`I#!O?w%ncCm|f7N^-88$gdL{VS*n%d
zL4yyP%TQ`VH@*rLIJ%aN3Oc3MJksTTpBWPe*ZquOmKyMH`LcN0+|CMLgSvL?{YVpx
zKmgPRlcZ;oQ6ud^E88bh5=Ukvo9!C~PPHvn^$4Mz2MfcHJh4TU@Qh7ES6Z)&Eq8t%
zK=(1%py4s+i>pQTSK?JwPNb_=bPK=wQ!f#aWh-y9T~_b1>`atHgU=$I{)ALzg2O`e
zN!=;>ij^JdhEJ|krA%3@*lbcf*+aqYujd$=b(@!U_H5;~<CdA4s+4}{5Ce1Cq6Q31
z{B#{ox>1|8gph)nMai5l0#lJ=S#<J9%J#>#qdk~Qf{JG1#RnRt2q*Vw<(?cTwff!b
zZ^vs?f;)Ux)ompBTuD)*-Bp}(RIsi5voa<o8m3N~zPsv>M*pXnH?6LMA)0v!A(Enn
zX_*txG(i-B7P9!jy=y!Y;v$BMXY*tx%PO2=C0FoWu~ob?yoV@p**v=kJ&-XoupM?T
z><W#otvJG35X~{Na15Z3T@{p=y$T~Do7)NR5*q-$xig;h|JpNV*BagbTiZKTc<((N
zttI6-9gM2!6|^f<Vho$57mduDBlxRT72UH~k&NhgaJ2=4xZx|jl`)3}ZmYO19(i0r
zl2hPm&zLpEMicUp(4Az$?dtR!-n_IV`ciy&2I!aFLvc|JWUXiH`zV(+-s_^byxHpk
z4Ri!J7v0pGl4Fwfo(EN{Scl5sX%KB-+raXDgvzP_MyeS7ZY~R4G~2+%I#)!-3Jx{=
z^>6yQ?(9zQf!n~I-Q5e)GeaT3h<`FK8;Y)*imYEx1-;aiH*)X=04%dP>osfdq0{D`
z3xC8A3?&`Xv-;)?uQ#A+Lm=E;-uGRs;>Z;HC#>}h1<px=4xZM&coKLn*Aunb$2wLZ
zgunBkAMU~~7i$jRTw0Ja?$5g5bJn~tT=$r|O^F9AMX5q6gERqCE>5>94EW;7s@8Rf
zsx5-7Q<0r=U8j?-aCEXsgTnTQoj|yP5UMSbk^u6$o-I^PKOTC?(39|QfcXt_MF&WG
z3tjfd6??Y$zYsN?_c5#cY;n^^V6OqQ{tI{CbW3TpQ7Cu&@v<t|pWSnX`S;3te&-DH
zjOw4A*Z#6Fb&`#*zG<Jq^^Dj}v;GKS{Oo*}Mw|XH-8(HaldKP0c4pfa(TXWOkyKd+
zHk%pr(ui#~`5GUs@PNsx<r{06ph{Ex)Ks8t1ZhrH@CV3Cui#G>esm6gVy+SOH4$;A
zPSH$Z?_mU|qr7}UF<YXRyD>^E+JKCb+A3<N_4?<nurBqtle^W$78@EC)f69&SU69S
z7s^^MVYMeLOFEkcE6~;^*N_6jO7bX_rZRKZZH7$V@A!6X#T9eBwAAmVk}x>l_28&d
z3OPgDbaMYSIvoz+@%xVV3~RjsjhyOhB-Te%@6_a@69kAPT;6DaffEscfmHkakaT*^
zzuebc<nV4-5=K=Xu^zv}?c!*87Y%SI{XKb##0?ue2ua+99N9~_L_U=j$2KJ~P@zru
zYn?Ce7Aks3mF?(UEqRCS1N1+SU`3*AMx4C&g<+RDE7g{Gxd)?x8C8AJYkg-gS^iS!
zqm+VMYg~0+-<gB@Zzcus{gqgzvG@hP4ki5H2}hE3tNeydVa3kX+K00~?Dft?kU8@*
zP3mq<^>gkO8R-C(-R)36P#SgIm)KT4dOxJ4>lPI3OAz$BNPu$BHXJ*r13g>9M8E(Q
zsi7}Lc2*Je85y-OMlXzej6j9HP{T709-1;}f$FjJB)MPgMr4md^anHnSYQ8sjlINO
zSl0{*SI^YuUqWpQc!K$<=41m`&g-frQd#!rW+q?)R-)S@qRv6qZx5H}v*B|mDL)do
zTEz6E=kpI`g!7^B4E>(UZrVqSh~Z+5$jF<1!z9n>KX#QmBEf}>Y_EAm_G;I_2r7}H
zl=vy(3h3Ka@Yn%@8J9BY3xcv|7Y$rf1kqUGBgBY1G*TFJXFWrnfPNT;R7bQy97km;
z*(+X1eZwAQWb@+6?e$t_mI`<#1&Jsg)x#O16<(|YY$G0tY&iP4r7Ph*^M?al?Jr1U
zy4(x?fpC6|nst3B%dUY<N*8(PC_w`bL4vk~rkYltA|E?_zlYmpgeOyCO7re?@n7HU
zb(L&o%e=1iFOKSN>3(E{4Mg06CJlT9i1!OXlx)L%+T5tMf&>Lhm$%q4{cUb4PR(s+
z)XVlBnzU8Ja(c19<<=1Z(_m0dZ`8M-RMni=Nl41aQCiDqUtj(1#R;LLMlBX@<`SJs
zZae8Fv^sS-xoe;nWWazJdj4P6;80}R5Y~2Y(Mk}a7EiU+gfxREIehr7&)!glgZHSv
z%dLGQ4g%$u_|))`zjnt}CBI|JClQmci1K6s%z;f}t~9|_-H&1YG2Is7C(DfHdrCF%
z(h(=|4itQc!w?Ax01NoYdYx)g$Ys`YuM`@fC;{tLz<`NK1}4>=Fbk%KsmvW7D@Ov8
ze*%kl`kG_IeFJgfCj9YBLIhCP3$$f_0Tput2(v$$wrNqrQV5M<_;y^#;cWob#7U;(
ze|{>Y!myV4f0sSqzO9h`|AU{WRTBQko&WpbFH8VKm)DU(3yIe^mg<7=1dQtG_<6}D
z)lV9KJC7z~Kh}xvckTL|sca85P<t%eN%0jnsbJ_Z##A2rAH8~PN2nWhmhIWCYxKcM
zd+mOl?)$BGT*1#kp|iuBI8a{lwa%_pA~0@HT(^OW?DHHzH-q12RNo<DGMnh~q#*dG
z&l9kS#Q6#c*ucyJ{hV@a<m|u2mj4VW^oe+Zuy2mUtbXi80&HHa%O+))Ju8yxx>32V
zJJYre+2oANqTc>Jy9(%uK=Sl>6MIzml71^FYY!07jrF_vt!?MO#<TA0KngfD=rF5b
ze|B(6AG|?1>ccQ1=l%r5Lr0b*vKfKEc!Xi36uerLLe_`;BEr63_Jz-Po6-j0{5aa#
zJ1zorVoOUrFVt(iO5XnL7OMPKh2#T-g~UD!1=!f8k(7Onm3m?i^LgSZ_<Y4m!XTZQ
z1GmxUBvJaRlrl>A;o;Uq%BEWjC?=WGdC?EC?YQ=KXsNO2<6n80i@aXfRr}s72&G9{
zq;Uc2;iK{U)uH?N(~RE21QZm(na;4sm~GDO&9Yg4cr*1qCmgfp+Kd09b$d-bU-FHa
zcE3Q~XN-`4h@nr4BjGfBY|QopJ{)J@IF;Klrxp6Y^Bp1w@AxDkJr*H;-h*W)J;dOx
zy2v~Q{Ln8#8N(*X+z5Qq6?N0eYPX&Mv>$lQ)QHT}XPNEgRRMm=WJ<-~5IQglI{z}L
zp(Q5k9<~=k|9mvZpe}RY{v-`%{88Nw3l|RvVeIIo+2ko^xW_H2i5$=c+yMdv8e8=;
z%E%1)T3YQ~d*x#{$fuXX(d<|HZcu0P?hbw$<kyF_aS(CIqnh3QRCes^_;89TPvm_b
zjU7Vgbx#&>FO!?Ej+K>D-3+^0cM=#J#frNjKe+PhxMI{h?1;z6zT=(wqv#?SDz}P8
zs^&m~2en<s*wB^dioz*)3g%knnCf{kK`=v_Boh6!1HG9NABQCDK}SG2=+X(7VnTmc
zw&EyO^hmZ^4fWW;q}`Cn06le+$BB)`36n9{MT#NGwU_=)o!w?hkv~+Oq@p&w1n=p^
zr;0U~L@Gk%m`ZU-6}yR!3V4hm-WtH3*Gb@Q?&3ENJz|bIm4o2lWlwqIZb+{>4|R`t
z4A$up(ZBMqImb72Y^LZcBwD6WlT>|8CC99(q|r<{7J>dMVC4C@TD|P4qF)RRUmnwm
z)tEnxg&)aC37X<F%S~*Lg&O~i#s^mYNpDRrp%lspP$VP6P*_l9{!Up%2g(g!WKtR#
z$4(utEG?%U+4R^?<S+cC&Jj7gHureAZ8>PK4O`MQ7&_nav(ZgXJUim(7ud!p=ek-5
z6Ch?>h!M@Wwp)yIeo7Vb)K|X<>USgSPml8Bg^`Z4J2XUlDN~KORBPOzr;&yH`15TJ
zp7Lkn$!F}o3oWAeFof)4#-+Ij0X(vCV;+Z;%th5ZElXuO*hF%yY3Qd<8~x#xXvH}>
zFTGEjwMM=V@5(7Xjik56pKmc<UN;Z%4oD?tJrLg~F}F%OAhm*L8U~F6YAm&;>GA?f
z?bnMw#-!lD2^k7Cn49g0rgH^!BSHiwb%MZv1jauWbt=D2UUuLDOpitP*=hv<2X<z;
z1vkhRctANXNK@dqqlm0g=BuMYQGG|eAp!z3L)b;2q!v3RJyC~ZW*LBh?~877;Py|d
ziuIOAWKL4FU)1r8%=RiE@W-KC1P)?*N*mv;`)>Ctx4;;Jf-$ZooxR*-mMZ@PxXuvj
z=`+beXNkg)D!K!ON_>g>L6(YqYfV{gs6dX(40DRPrce)u7H`ogttCRxMgX3o8?97D
zHt+=goCdJrZ+g=#yy$GzQWX#$HYN<bNi)ZMmb3*FMIjPxBoBoPP+oo;CDx8sUcJ7Z
zvjBvbpS<8{k+ZnZrp%WDb{uEP!&{Bpifb0(6xP%h-5Aw916a_2acYTnvftwtlFs3z
zGzQ=QYf+PF+Xn=up$3ByO>(Sc0HfoIMQXx*iT||Glte*OoRm%22wApGobew>@N{3a
zLjg$C)0$2f#Wiz1>0G?1Dn`8XL|HIt+iV1aaF9+E38;>YTt{(-Z620_WSTlGU8PWt
zs;h`gejoo7e#1Ce=&pB~TCGxuqr*{J2v9yfHA-(v001bONv8tAzvP36Bk}QQxojLj
z1n6``EMpy7?sz(kz_PTak_^~DUF0HU7Ew7y%VCwuIRpf<?#f2HP+5>Tqh*l}qXCdJ
z(Ri0}pkGDBSc`*z+HzhRnfXZpkxM)k4xckoO<`=TFgIM+dR3vtGY>CO!#2_+KJqPG
zmy=oRm#!=#^*`YJL8E$(9~&oElA0JJ0#MQzk#QTtdRYd<JAH<t&%R1NrnVqyqc%oK
z7x9I57@HcHvK*(3TGYUdpk|w0geL=I><AxPAKkA|D#FkP@QyrVYHHNu{YpI-T$ykG
z*{$GT;#3yOAbz*v{%g_5pA-~zf|6ISec40ohX59n`c;xRq*LgtPs=HDYYpBx*1~&M
zhh~V~hhTIt@yA3^;?qa)(sh}DtY8pMuFta5VWx7-%e_Xw_Y0uH&&4)lTUA`w@ROZf
zuxTc9$p+@X@rIVJ9r|nJdWo5*SZM3G&|z1#fdONvM>pndyu;H}Uxow92qAyY{WQa)
z6R7O=(azrUU6hIl?e&(OC&R&f!x=+*|03*FsDOcqD@<{3o7s{nTa?uP?>LCRrILR|
zommvl9DK#6joCc=RUPh-AUg_>0N^af#2JC}_)}~oBkRy5?kHOss&TM&0CGeKC{l!`
zMXm%@Se)YVu-MGhMaWVV(^1hbh?d`cdn%38jMc_I)|r;wpj7l>C8_*v5jjR>`-x(u
z)(Vmnm9><)8XeI|CYmMzSIWi^+a|F}j8z_UHP&0;(P~w?l74`Z8IKs#GXu3!aN#vp
zmyyD#^!FEr%Zf5bd_4H6lE4NirpvuL^pcq`rep1Fx}?=DL$32HF(!zWMa;d1b_10w
z8_5}Cs6XS#auNnOwxiXWy0R~;dG)d93?yYmr$6CU5TM-TgHUIv*~c0VoW&>^bBMwP
zg049?8x+zD@we@33Vs?5wW@y4l^}tN^<>IM<$GKYazhE#JVBV|l;;3?+nSIt20M<3
zK~(Y8?Xc+0QUejm_HT9LO<#Tq{f$Cebrgp)%k<7oIi7~g$5E`JUP&nL+-Q6LfcXF>
zb=}tYyFa)42gl-(CkVD$LDVjP1$Eyg{q)gSu-Vnmtp3*SI^(tt&97^UcSw|{x3hz<
z<=6I?bf>w#^tF+(KD6?cGnp5()3bF~t&cPp<*tGvNg(6sbO)ZrSp6WwKzXn1IEY&C
zgRrcP3QtF8t|ucndZPE&I01IyBF%sp5Yc8k8D!{VKBg(RKQqrzR;A2>TNSCpY}0?t
zXlbf8h!hWF<_l|TLr8jrtMNw#JDBbow+B71a-y(GS*B7sNhilRN#IE54{Bw1q$YeR
zmdLkC<wAUJ1T6_Z8riDn1oMHhLPa&XifEiMoJ#5{;qMr+Fw>t+i-;1m_8Pf|`NG7)
zv9No06w`5za0|gg2g&NK%(bf7xw%jso=&mPk>BXyr;XGEZto&QSf8*lE!v7^MY50&
zO-FG*+D|A9Iwv;mU|%fMM(46UkIVVEZ{-3Q0ny<&*d_Gl=l9$-RU+>@4F!Yq5#NL8
znIC(Y1H4~0zu2NNxG6o@!y@U!P+p>-AET4JCXMT%Wk@5tcz^k*$7(uqS=lphN@8X+
z1AE}Nk&?i~o>g+BeQYb(Em%j#y_oWC3{4`#K@{>J-l;f4>60n<_V?1RR6F(TQe5~I
z0D3S!Kqhie37a1bdAwk~+kpDbGlZeOvogsI?o)`o<k?}((<wpkZf=0IH&)7T#fhKr
z02{E71*_yzA*aMqqtMMi1}to%!~1z&`no_`zy|YzGg7%{YP|PNIavi7aYdqQi<zig
z%_`NvGL>@MDX}EdV17X|1NW(;S{;bsW0e47-pxn4B&XFVZ4O<CDDA03{}@XXG@F~y
z8bS7{nfNM|n`Mc&s#azI?~8@Cd<rb1omwQ(N0`dwlEo(Fgn5)0XttJR;}N+y5kzo%
z`P<h!)4Tq~&?zS6LDWILC9?o=(^xFAI`flOY1ChMv^cvFxp=rX3xbvvoYn|xHvW~@
zGff9_^|VGmO{)t^>s_BJO25P0BAngOvOgxk{^J~ZVH|W0`9dSyb4owfu#2}+vw-kN
zF|!J@&W$IY1~wr#>)<Y5un0UYc*KcnS1y<(JJ-4@;k;YjN5}QqT14A6uMt|zG-IwJ
zM^Np5_VN+CqD{WXY{gu)yMfU*3USPDk-&I$uBieUYP-kg8-pi~`m;P?1EiLT6R=C(
z#Y#m!dM>o}kdo`eId?l+2i?=IUR|de%qlwPM7NzHT8MJk_OaQ9X0xTg^T!81Yg0(+
zPyvl>`S&%U+n#uU+ATq3Ie<f{_99IpqSkMPW%5W|<Gcm_6^vp53%vS#p-=@qdJ&l<
zpA3nAcK?3j%EoON3+F#IBFH))k01u<Vlh)|4U+%5Kjzd|{%n`53XuI-x5go@=Z|eW
z3u{?5*qxCLs9mG_+kCA%7oN93KsV1YZ|@zMR>c=8@i5J1|10J)e^kx9f!J3bq=9_W
zYSn&N3C&iNR{fgdhu7e?3a8IZngpNZOAf_=U1}x)CC=Jef#>6;JR`AS!?6|=8Grr)
zxMVU~&NKI=iB8Y<Efyq!NUG&3ohkuZ%aUpc$kxSW-)!6UScl;5FxR}_sIX0^FfSG}
zZA*xl1x5B&ZnwOp)7%vkJC!kJeP{L=Ou<4A15FVdn1TTz%ez|gQqDOGS}=kH?yt^>
zowNN&Hr-&Ea{^;1vrwEJ{f7@=1XnHiKd2jwd_CiGsNSPw6ANc`A_leNkb=w-OfZ7y
z`%2LkMBTddWfe3*lZW4p*ao?-9zni%Dd-iFv-&Uxl%j7Yq;BaeOWoaP1w9H9ln&{%
zP5J0Quh?d@`9#^9vBIH-3y3@lxP}BBBgMCA4$X)?)yZ`vmGH)N{HqdxVSDz)t50if
zKEYR$8ioa!hC9P^C>`t8eg0J-Q`V+&1T%aY5Aa-mq-}gGFg*%0pefwX3E%7fFBjm{
zOEjrTNOJkn+;`mc2zLyO>1780b1ieCn#{Bf1!3v3XvBV^8;i*a+K?$wD~tO^Y?D+c
zgxxrWu437Tw5Uj<5SnbN7Fl^C%T(J)`h`OrIE`vle>z;*u;qb|`!4NYme}bN%z@X%
z*ytVBA)mad#F+INj}nEF<ez+Wc9jmcs`8>?2H=Zy^hXMt5S_#0t@I<mZx>-P+GP?$
zo=%4T6pn!u50AF`%&02(d&Eq9d9PCc4*&r{{=Q`Clz>QxU8nrfDP#6k1*->H(thoe
z{}`Zbo4Q{*vCgm98F<#UAxL&on8TKHb+!`>ML<vil*g$F85Hf~hLYm3;*#4B+bjma
z+OWmOf5oP3+JZ6zpCC!?b~hym{PICoeD9ENADMh>iwdg*DLAzznc>|@4W)#9Eb(o=
zod)LHo;;{;j}6}zV@nJ~0tf}oFuar^RjttdL4ZTx(qjW#OB-l?N}yk_^{FV{CD+X`
zn}z_Apt1xpZKxs@3wH?YW4XM_(F3DgnN_SL0Ap@3st2<<ZVBcB62>IM1b|6FfV2~x
zNf!5WiVxk@MUp)UNwL%UwFuOw0Gm4nCJ~?Wr1RQ+C19*Ux_r07V5!Trd#LNRQ98Rd
zR3S-Y_jo7cpQjJWHE);fr5=|~)~rUbYpMVOB3q`Lg8_RQu8L#gGp#sbX0~!YX+TOY
z72?L@q@p^S5F)~srsR<ckciz40D!=El-d#`ecjIsJK!UfxZsANdBzp8x%cMccIc6Z
zvU#%kxl2UmHvKh>3)7^Y&p_xAn8i-C4vhn-13<Z2T8SX{mP2(y3tmAXk8nz1z!@xx
z(m?Z2Q6JCZ=A_Ae;mqbK>SLMPe0?}`UtBH=K$bj^lxd3;)IAib6<_jn;M1cH+FtFH
z|5|MCGuRgLb^4wL$-|jU88QcbIO}wJ^S65+`UJ&d*V5?iH2^CB;2&--%lYcwa;SC<
z`PSYKz_*$Ehl+2BjU~A(0439#J9%P11#;DocrvIw2Klz|eKTX+pnTgUE`8s<5A^cz
z=q3{gT9HE88%HBd&7*+I5^;M!WN8*?7eDvWLTj=*^+`HN+7yfh>ALa}^@(>#5m+ct
zSpgfYNW~T@0`{|7Tw!(4Q|u|@MW#1sur6(6T<#D-yYA@?^t7(REMU^d>Va|F)20=p
zL>aA2Y4<-U?WU%e9g#6P8G98O)q*9!k=ZUiN;ZwqD~Q<EHMTr)2y1yV9&koY;kfQV
zWOheK;@ZayRuYiLZO?2BVRR;4SJrE*?6wsQZO4irolPT59%Yx0NnK2=R55Fn%4`}D
z*G@b4F`3=nS+Y`!6-SVe=80xxQbqwahB=l2BAV<-)O-ob?(X&zzpb2!z#2$}fb69I
zx(#3ez;@$~ZbSe}AXovSMsbp;spDDd=LIW(3XuPDL4a%n!Lm+g%(%s0IL!|$u<U@N
zj{cQFtjnTHp468xWYVPWvk@@$At)6=bylFlhEAdwQg-y}yKaL7!*msf^a=2IR+Yt^
zO?K0}?r#by_Letl3v?9~VBN#tpXC~`t`{eXv5pd~Wssg=feqF+zJvIS6Ogo%Gq^Kz
zf^!yYlP2fd6_<rfA0Q~zfeMzPqE;$h-X$|#kKAvn-xx!6g}?&a=rW4sv5MqgKjbC7
zNz5_&{Au}%9p6xk18<POC@Wo_>SWp_-%j=`c2PU^v`iF)uYFfG_jxe=BatI2Y(RFF
zAyot`XL4nx?)8oI0SI0g^~d7H&9_~>To)1cmkLDM!-6bk?w<-U&}=2gxB9lwy{mw4
z;if6LXBB}v%iu60Pr6~8?MxfRw`BO%<L&gugh9PF_InX8dlJWvZ;y&tV>yU?FUT5W
z8a08=3ZOy|lcPitShm5zGT6%T9%E}SzE!NCWRRb3aPA^iR$h)c4=8%R`>PmI0BQt~
zLZ#+WZ`ymyGD~p)s@$uU9@*5-buVtpwYu%C#dWV&d?szrcw2_^P6WW0fXHmzb(9nj
z++#;@52?k&hz@$pcGCz6j?Yk1idDqQXa}SZfmVX_IaBevA6;+leiv`NU^N7LZjwF2
ziJ3tvS?Hu(*FCenxYX(GrV%jPpTq3`tv8|I+<8w*pZBECd{V}3&z$$9*;OTLvdno;
z%J?gqGSZtyNY*F#3YDDq6glTTF+<uil>)gt?g?||lUeMf*G3s7Pb+}RZdO5hk9h^9
z%mx}t*F~?5O7enPnRbOf-wS|}-dux4dAAF);^0ovR#G4JyS5H8Rhhw-+5)!Kc3|7s
zPHe61K*=j3-+KvA0fZ=HQ)RXw-jM9z__5u%{=94OrZZj#L6it{W`HBS>eQFx`tz>A
z$>S&BqV3Pb$IrVK=gys@m8MwmG9a6H!LCbj{dph8v$j1Qh}y`yU?k-NEJGk_Ve`mV
zY_ILa_S#O&k8FVlFUg0EcO_6!8z)bkfa@;!Fn<5^mxE*o88tCeoyCYhlCHBmxiBM$
zw)O&H#Ve8UGnR{JueU)iLQ|DZDXh2EcA)H4GL30!qyiB6*i`L-wd!D3Z3nJD?;8B+
znQwqc9^wf)GoV7e;*^)+`tz>AsS~H*8Cx&F$IrVK=g&XcV9kjehHT<_JD-E=&;Kx<
zvv83ftTXMT%hl;iRKn)b?budZNMVhz0haBwwX*A<zF^tJxpPm#$1nJMyx_R!15qc&
zIEPn{NnrfmF1D<<w~u@=d(!SrTkLD>*|c=Oi1<P8Sh@BwW2`ieEwu&I{4v;x<alWk
zTWSj!wP8p15D4L8%jg2;N47ygm_r<rcG{?o1%Nc)7Un6ywvca~`Y0tq0Iqn#tMRd?
ze;6l>?}CcjnX-!OObU<$L?x=R;@#<{;r;%@a#I3E*{fi4Z9BHs7GgOtU7ZKQy7_QI
zZt_C8bu2dWLDa?x<Gb<Er(T0UIPDb>O6m{1UHG;iwnxpkf*^e{ck0s2ynT&oxb=W9
z`H&ZFj7;8GVtC|X^T<|gsV!h@Z2=?xD7x}_w|0^p{N@S2j*p*zEl!_$JlM!X{qZWm
zuO4?fu0Q|7IA`|f!0woxE4N^*HSw(1p<`}j9-eV2O4{H2rOGM576sT2!nbTJ$)2~{
zZH_CiWR{ZlKkCksTGx(yU6RI4Ie^<9!$~uU>z+yDy6zPcb$=%YAR-8l=lFxi&lhH2
z2gQoi_ukJD(7B7E0{};WV7+OCveqZ<>PJX#8ll%N=^Dn?C&~5<B<M{elvZ}kc5`}F
zk86EWiS<d@O%@`=HXJ5vG17Z2*u!#Dn?`7hR&0GD=ebq~i`6#h)l(d4>yti*N<W{$
z@un3NTa0ulm?a`ah@cSZ)OxcG{YTpRq&F`o<95hwH?OdIRLc4U#Y|dXQcAIeWU1_S
z9(F?s<1VPnGKY2PdIRx>6bvQ~)LcWMyz|sIQ+&WDmHdMu!UO(VCfs@>3%vKNH{y;9
zKaaaE`V#hD^kv+3;b(Ei<SBZh8#T41A!-28Dkl6IK6&on;Lp$aBcO9wV<X!pO+Eh7
zJy)5=<qH?%l5J0ik^vB|>axrp_RrdUJ}zIl7+b6Jc+&I}@PdVl@UxST*PDFErcNKO
z0zm^mzv&6Me8<H&ec~h_I0A%qu(gu7gS84#^G5KR(_V=^7k?gmpZitZ{oEVzg{OTC
zbCqdht&rfL4i(m+WXF_YvPUf)9@L>^2qjxk;VP6-0#($63L3^hC?Uf-WYmU~EpTuI
zJ8RqUKaP7YE?&3*QP{*Y7M_l8Ui_~(YtyNa&4ZAEP7l)wW!QiWoADr_h@dLu6RF)P
z29Cr&QCEs2)-T*y0V=|~&b%Up_3h8P0Y5W!8X#LatZUu~{^{KJ;oWEciM9w9VjW?&
zya|^tT#V;$zYtQnSTmp$p0WAKxP0MaY_HDa>`kZR1q&D9>`iBAtfQ9x@*LEGpn;#=
zbUH5IaWS4Sd5X47g{xXQ&R7UIYT=ae<MEwmeiC;)=S#Tzk{hx2lCR>9=X?=wIqM3{
zSLO`91jW+9wG%gq##i?R4(d2#>SVlN*TwjSE$74*Mj6&2gH?@lP=_@6W!Qua8jv#7
z;Xz$nGMq_TJkeCzl|+?jhWyIb7?LZQiRo^?U0|`?2#V@><q5xzJ1+b@UbO4^K-2=F
zI$m?~i*d(=pT`S#KF55Rhz#Zidp3Lj%8nD(rSpYNyz+z>;qGUD3AbJNIh-?nma$Bd
zwmOD&&39oFY_9Djio*stYH4d?PzOg%Gtf{HCIg*L1|UFNeJz$@E5R~q=`f?jD-{?X
z*Crtqbqv-GNXJ4fWg8r<A_|+hXyIx2<>M~VvO;A}T+Jv2?v~CBK$b*F5{`4T2*r0(
z!yKvpaGI1wO`N^y3HZ@7K8>F|>kHU>(U-CB*<Z!2&-^T2{rKO<WNAY4Z&=s;1JLgt
zHGr_G`-R0dY8jjoS*kIs>pzRB;aQDk2o4%LUP*AIF;GzptRn0j-G&$LelDJ~{Q^{|
zq~&eYHu$YVsf35)Nj3`Hys{tM`YBK*F2%PVAO+^aQHno+eDD3=ixA;%zw<Cul4XGT
z$_&2x)PKMo7k(ahKI@CPc*|3P&XUGYg+SOa3bXCw=KZ6V4i8oV8RD6npMn?ccs3qC
zaU#Hx=G|}=2v%^;%vrd6=P%;;v7La_V{zOULd(Yt4jX#hwEP$}pp=4Q3645=`x9S}
zfBS{2HO8`yoC1#?)~B9IvHf)vEjWD3`se}(+U3rpbRuy#+Tzi%;lx8>eTu1vl2u4+
zu|D-mKmbXwh~}G8Z10tFE##-}7<W)~FPK}fet1Mizau~!OYEW@GWBLQFK84e6J-n~
zc58E!CtldZuCJ6*Ce$Q1?2#m}K6<fajGKy;FzcAeQF`=QQu@(`%?#2EX)0jz=$A0&
zdX8tZ481lB3X$F?L;oo!k3Lb6L3+P*)9IY|x7D}B8g-1w<Y5-fkmlY#*C<V}tH_LR
zVsZcmnUz+QR0~QGpb+quCWOCxq=OLvApn$R`Ea|e_LU;FtpguxnVC)aW2pHf_`@Im
z8E$;wD`2mR+m74;Fyr*;voKK_gJg+At^07nmZ#x4Tc3vieBf*Nx%qSO-Q`<x{KQGv
zQk?@cV{h|b99X#xk(tmu*jd8y<HuujWg3UWRouFKGe82X#^sMd_{6?{#liL>K6T*p
zfDEvE(`ndN)!uD)uiSxpsMEG(2WQRxJj$gp+;Ze6SnV7Ji3;LIjXL<16MqfwJnIU4
z>49(JitoQ2o>#$>XP*d<gr3;J!_RL%7bW52uKIo)SltVFRUmBQ<eAekSD6ODxc$go
z*i@dxRCy9VI(!>iQ443zoQ0~W;HJa3qAW@{b?#?yU-KXUV8pB7=EJw)<==b*Zd$qx
zCr%uPKY7CM;lzpE__>)UK!t6PU%@?%`*3glUU*c(S@S;!k39Tv=@vvP0t+Cl0*XZ1
zC!ctqh*ZOuYCJ3*olpLRUqj6w!5`oBE_~tsF92Q@w;Z_xVBqo7XJV=}5o3Mc=JRmr
zwx{Du4}J@0&z+0!to#_e$4|tzk$EsP_O%Y+-j!QptRLtc!trCfvAMDd%V7hz9KIO<
zqaHO4)&ig0|L<4{R`KckzofCAIt|-K<^clsF5iwusM9uO8)wd*jcR!Uw;j0?EA2&)
zsKOB!@X5oL>Kyhr58x%=x&ovkyz^(@gg2l02RLcsc)aMVzmF)W!z+#9Nn4%*BEoGe
zKf$5q{QwvX<HuoFZ952rdm8uR^Y?uXzxS;-;cExK11ST*tKyt3{|zPK<3RHuW-3!S
z*jmK?#sQo;dlo$Mu(y5>PMtpy5l8s`;*TI@1R`haTvOdhFqF?TqN%pPCB=969eX4l
zjtbj6F{)k#HGc#ZuN;Ss*f3Gn?s#4WXV0C3k|-fm|Bt=*j<cjF_y6Bj-F?oS$um0}
zW^-UOu&`vwDuydcQoN#wBA}=QK@m~G6%~wNLe#5V6cj|V<eV0E7g%;-0~=@a%ub#;
zxx1^re^htRIcLty&Jw)-Uaw#ATIO_jbys-msj5#s$z^r_22z<e##B#ZpX$kY%4cc!
zN|RT{3pSk|F{hT#PB|Gz*u<S$&YF5Ei+8^W%4Jg3WSSFW*qqwNq{KL4GRC_8&2*((
zNyO^ew{ZbI`988L&!j{%eQrN*beZ{KdhHBG#~WGSznO`NW;$|R?CftL7OUl;(T89O
zNk_JuwVf-$uH=BG1BpwAH+t5Q$@eoRF_vl7lW5Dd)6%n+iM9JMwR#eHm1kMUYet>O
z&ojPe3X`iRkoR5s^8L8lGvir{BH#oAz^Rb7ku6PykgAWVMUO3Oi_EK(<*O>s`p?>w
z*}|eJ*1+<f)m*Urd(_!g{PMs>{Cxj!F}`9fKUwo@rq@iTHP=Z?{}w<nuYNx&?F3!9
zUYg<!Y)EclT*YW=>`FE#x3N3Zia<~wAI1DyW1i6KCJjxc#k|J-sE{!>C$}-XW;z<p
zlJ-}bTr-skiE(u2dsy4GiZ^=J@#Ur8Wo_?9QeFmBj>&bim{ipa2(~7-vm>=@fX@bY
z3MJPCsoVy;;JO@b0bHq3F)_-@I%A6-3%$V!`Sw34Nr%q#PHxzAE5F$P3Z8CX!qdB7
zWLDz>YMpx4CtH|RJq-k`>{(0B%K!qr46_>Mn?nQ*Z}zR{SL<))`SxWz-S!gr9@Ukj
z*thmzd_RX99AxHw*KA+%N%m=&$JmM{l5UC>ov$IR3KldSgs*&dX4;rjJA<6c^GfII
zSO|`ua6A{!Ih$U$pZAVClBMmh(C;QeSmi-+;dSZrqI*Now(zfjyrWT4PfzTc8ttP1
zDl9g+X^EpGNdFz4li%gEC%Y#oXwRO3(?A*ta2g`taKLHU=i&Q%F?VVa!~pZKW1`MW
ziSfYlk$+(5R0O0X-bUr`K$8XOC`$+Uf)ERcz+VFaU;$JJNOS-m0@NY`(4h;)ZUk;Z
zU=xB06@Z2Sm52cIXagdQ)QRA}2=0pj_z(i906c-v=+GBKP@4eMg+K*}l(tmJO#yf^
z-!NuQUUc956M@%1W1eLiWxi$F6}Fp#a?P*EIff8{bW9nukD_)CfF~VjHxh!q0yGwt
zt5s3FSJ1+@#%473=sqvj1oQ#SY1!GkV)oc=wyO`{+tW`!khrYr+rYBUSHMaDim%T8
zBG>Hub>cFHr#<f8@faT(cMJgUANw9ASN@96y?i<Ud+<-#r+N~Wuvyo?nUB42HfcXg
zUb)P#oyo&T-Nel5DWtqKXDq#h`?lO2ia5!uJfEKOaW0wldD^n=%&MHgUk?8jV=6{r
z3yVdoeofXlC(q~2_;0?y-z79SwcNAgG0uGcD<oAOA%aNcS~Iqy34pGA56in&l1sPo
z!j8wmt|sBsa{VFS=e(I`0I;FIg)^S}D$80IbJ2bmarFV0QsWqhdFQ`$1t(AbARiom
zEc@U00bcK3%Ri3!9sATwVV}E>Vsh1Zp84>dEbn@QiB-+4@7==B-uNBY9eNeFY`6<4
zCC7|A9DwT%yNV6{TbNZljYoDo!-pO`of&o0SbEZfJhJU6PI>fmraz=a#UvWPD3+9z
z_Ezbt9_i~EViJl6#9N~E+Ww6Jtt&x$d~xO%`04(aQ6VevQQW=#QBD|pBml>bK9s*7
z{u@5M>{9-8&^64dnT927Hl?=lvFFbw<!8zId1hBn=b@wi%&h9EWc(~=F1?gHH{U)$
zYd_B?C!fmYbI+q|X%Ca)P2BpP-!QIXG?uWqcJ=S*%y$Fu`Dq{Lig{mURIH8%c0R=!
z&z(=7mqAE76iySydF#ye@O0~osMJnAp4!E8AN(i(J>^7xy6X3A>|Vo7NB@S?CVv=!
z*Sc17+EZsUD&EL#$KJ@4>In!T`Q6&T@_P4LetyVz_~FW5^LqOVetPItTs-d_6tFY3
zi-}du{BqTwxMay9{&LLq?AtJ#W$i0Ce9S@s7QOllzW4IASXKq102K)x1YEALEY;^1
z>1_+?uXnP+eDW^rwL^M`Qq{tHdF5i+34VFtBF>+221+TiD$fy5eS&zRnZF%zBeQCZ
zkmYxq{>G)t7m-osFaiKK!@=VYVL{y-ZrFG$hczzXlnEc;%EWcF^{wNA1y}HmIp?va
zZv*2JV`y+{d9mYFPJa4xRL2{6?)|ru_Ok5Gb~3wmI<E3Kd&y<ovi2sf-1h>`n*MPf
zYki&*#vR4iUcQ>YuKz1HA9Eugnebke)+D_YSHJ#ie)h%<e1E|ue01XbIrI6iam(sI
z^1Z{a;r!WW@|kBZq&Zf@-;VzyQ>#taU%%>q_}Y^1aPXLexb?Ujm{mKS-h3Z9KTjr9
z9S+a?N>iClyON+15@}I%0Ai!JNKf}#zOM3Y`5(3E4j0MRYzHswUJUsjc4j+x`nbPw
z=9H6I*T0G1E&M*O_r1wskDWq=73cZ){)6Q`t9h|=Ip3c9WnSx9&FFX&6B1)s*0quk
zKKW^S^1b|e;Z>Y5<zomTaFxrKmtD!9*5AsX4!xGcn-1iK_Lq52(?JL!xM$m=%&MKn
zyt<im=X-h2gD26H7|rzuU&&otAL6NPk8=7xpWymK7SWtAS~@>@<9B>>*&?J>QO4Q8
zP}hU|ekkx%$hS%WaT(LXE3&1Lf(=$q4e;%M3TcHT?<QH*yB>h8nVoc`Tlwpuzu-gT
zj^U-w<s8^BpSX<iyA8MU<(Dr9G#AhPD&ODlVruLv0M1_eO^zCUFrS%n5^wab!|^?C
zIr>J98*><GKSx)t3ozRuyfptk`}6$f;P2BIuP5i{xNP|~{At7O{PXDFF`;rSuXV5C
z@TLO*`0|qPaLeYq_~YR}roxI-Va0j)eK+&I$IjsC?N4A8svHl?gW>fa4m_fFbkVhM
z3A7Yr`|6U>J_<kyca!q$6uw=B_5T4NHDd6z=X?WQxd$m$Q7R*K8Zy00;HmIZ3$*aD
z5=bk}<RRYL>r@n3%oF*IxI2BRvPc!iS7HE=1OR~07XqQKou`d62(6<SPX2)By#a?4
zK1RjOMdJncR3r-01R8IC=rkg*d(s3>*P|*Jujty>;1X)|3FBm4M@}P@Z{koXZ$PCm
ztTtglUZX|l6UKWoP9u!n6UMiOQB%}`8eOr|2obg+keG!Ug@y5+@U?H^JsGDF0hA(;
z;+fJ3;`;i=EK94P?SblEfcemXA6S1C4mbfwB|K_9U(^d3w<A@OyYAA;@}zN-y_Xv@
zPa6^cT}S+u<i|Jj;(PCA|AqxDns*@p`#t^<4to5fT)+N*IAiJ8Oy2E}a?Il&Bjabe
zXvNhu+&PPnzjOh!YNm1SjL+f+Qi@TrdM;k^1CDz7zj36^kN3Nbc)TH!VweFciOCqX
zb`4j|zliaPF`V-Jmza3>!92MA5h|=W0G+uW4uAMWmUXV=<OwHmz^DTvrv(B5LUP}h
z2icx(<<v<ZV)yB9u;|chm{2_xa=lzM?>x?%c?Mru`dy~o^&ZAljN<A8F5{$Wr*Qot
zSFyTx19R^_hQl8C7%RHhU<-2w5%PwoU0maY1V5N@4s6_)b-kOpd(%BArHDy~Dm%d?
z&t1lC8}9|+^e4Z>d+zx#tGm~6T=Nk$#+x`{!m(IF^5=E8k#|!_AwdT!U^b)o`*KZv
z*gw7fdb{O{ZtETJ4G{MGZHHY?^5dI%`Th5^pm70L&AR|c*c|x8$2j285A(|n|HCJj
zUIf7XJD=pp$4?~XrTNCnYiYQ14j)_mMW$Cx;{1KiLInZh8sqg`w&Ge2fATZ{ezN~J
zNyJCv6{tx`VQ5`rRq@Sv7cwz1j?-WG3ghou$h})1Bq2?F#NK?8_dNVj7I(bDN5&t|
z!ls4b=ZhUj1ZNJGkY)o=F^WyS8+fVxRiuziub#-|2Yj8=CV!aIp8gUC-2WjCXq?9n
z7hb^?`(MoTn#r8A_%g=*ZC`F({|_py3Su&b>wBCu?IbRqcMkV&dz@*1KY+(~J{R<#
zX^W>kEMf7lt&el`zfK|TWjK4*f74tw!AP^h%7y<hI{Cg+tdkF7qm|RXe3uq$G0bF;
z^>Zw2I-IY}_zbUhuVT!<4&ejOoI%`*ar5E7rP{7y`oE6kk`+JX{OM<K>ZFev^&c>Y
zLPB!tgb$+8{LiM_d7^DGqvMSnJNi)Ya?x1pcT+5U-~;@4&5az<w2;rwJd=!{CGWe`
zIMpnA{g)i{;EAOD3_m^Ka%wBblM2-K4jr|CySF~X%I>xN<j^1SkqPhRYcGGFDR&&m
z%bl<D(}mySedCVe=8bm(aLB0rsj8g7M<%|PEy*3M?c2y-j{7~nR!qHpAy+N`ITz1A
zhfhvFjUOKTZD!R@=TlFAh4(-FDJq==a;SwqqGRx*fUY6m`j!}5=mK43a$9Yez$wAo
zq2jxjY++&BRS;|7wVqY1?0u6l@lk9_ZsoyUPqUzIE)x>X95ebb8e(<)dD9)VW{ea*
z>*aX=6Q}c7>vJ5^xIgb}J{CvDxp(_xG~Kz7iFY4CXRe1u`(4baiY79?Q4_px`{R7<
z>2uJ)$&)_7MavekXyq?yh}Ch@<PYO%kC=4ul+XT63%Th%zra;4hy3fm*#Eu{@c7Q>
zk%1;c5go!*cwM5B3B_ueQT{>@RfcapyEsmmP;9a@`ahGbLPl$*BW#d%G;b~ITFIf0
zolIxGo3o~#N^|8z-aGC%t~>DCywS6c+5bA0!yY|_H+t4mZ6%1w7(xravESD?Zp>kP
zd&SS#@Ba7FA8CnX*=N*&+<e5(d98aD&A0E%Kes-}^#@(W5lsu}b^EEX;{0v%-JJ0F
zr*W0bS7v_}t>J{n&R|z&H!c0!*!SKOc(H9MR-rxDkYQ&Bk^lf807*naR6H177t?kS
zU5nn)#n;M!WY3~PB8q66O=enfWfE<@wf_HirIE&a8UctJvD#iy{|=$LS2l&VPs8P5
zWNjKEZ_%d(AU)7(MwvI?QYr#c0$Mf6PV%ib$jEL<2bMsAx4h8#f^h~R0_P0cI9dp`
z(3CJHO9AW&?T!K`6GBD*1VMl#Uu$K&=@mJR2<0_`zy+SKlvK(%V?Y<hd(w)~b|{KN
z6*!hK|9lhg31u8yAe1jmyeAdKd(tM}lL2iCw2GWmMDd<{jfu`1*mMO!jJ0ok6N)h2
zQ}}M^K!f0&&~bz*Py5=mA7g+<XrL4x4Qh<)UihzwXj&k(Fz(Pj;Zg0ms=?A)7NKpe
z{4FBwv$sJYEny~%U#!20vzA=QcUE1;mee*DcP^*euH@!}f6OW4PvDi#*Vvggi)g=>
zWOt^OHT@fT-<Tt~|Cn32V$PQU7!|7{AuEVUhoxOBd2st9ywLhIuXL|sM%5(hoZ9Gw
zJQQ96q}>$H?p^}G&kwkQ%jSNOHGLa#gN^uI+a6)v?xig2S_weCQwwUqh*esZtms<F
z@eiNE4_^Njp6_wx{ugoA@i(zg<G#Fi?0W$C+>DR&zeoOpTBn8s8|U-c8K(pA+qE~d
zw(Vt>w!X-VyIwSl5CM=<8c+GA-US@HymJ-DKX^JnTl#|{z|fu9O`qEjz^+sqo!#rX
zXUoIHWsDOh9K(r|-$!evofle{fp82MRNx8lEk?W5HIb3zu0QO`2<2~iCv@_yKpo~+
z8~(ysOD^PFZ~T;&<ThUHTuy~m!A%EW%O@xP7cY0NU`M7EfTWkAExnVq{hK&u^r75$
z%wM=_?gaoe#A>OO6~twX*LqfQ@AijTvg<jPbgf`o<s|By`p9l2up0y*<7aqo_e%i$
z^nh>io%vs3P2WcHfy&4|+aG0J+e<9#Ftl!PYALdL2xrW~Bk53*5ZoMJIgSrBABC@d
zzCQn4etXyt0NAf#4$HgV0O0!vT*?m@UdE>WEu;b!L`T{jJN8fjZryk{TX(PEu9k;P
z{{>rZOIYNU%dH#lW=Y#}cBFPu6RV;=RvXwz4pb}r=UN&inEc%W4`5QMc9d$f-zA3=
zA#eH7!G(@~+rnaNax<G#+c~&lKmLB$ub7x<rqQWme(gTk(&DB=f5Mk$7zyqn4f6-u
zraVShPUJIFPGU!<ja<H;9ceROP8|PUkQEV+|IfzTY3X={+qXOjz}(syNDVO=V|C9u
zZr^f0ueLtV^ShTZE-{A2cw<z@AHQ)Ur#^Th%e&v;gUv_Lk?rD^O?R`sYZZUrd=CJJ
zk6y@=JD;UJ+sUzG598QzM=-f+0)O9pFO9K!_NkddrIq03qkqX+`+Nd`Pfk6Ned}kj
zs{2iD-*i7Ox4y*lt;?veD~iXMCK^{|ZEk|in`bs<<C4|w5#O%)ZFdS!ZT*k2r77Ya
zJ@`IEKr-c}`R6u6uM@@|$;lH=Anj*(qV;)m=mXrj{bAO&y~xte*8ym*7)?IgPK6cY
zwj+PVZAbl@N;`oiEE;0<K~b7}wmr(yj@QWhc~*9>;qmQ{v9fzLU=H45(wMCH+UJDk
zW2m$f{AvAdyu9NXUhi1RW80rZV3xx{?F#8N#3p;N1DZnG>Or*CfM;nCC4tfvt-|#?
z-Yve}>r}4&4A=vSU>kVrmU~&*`6{dXHW0UBG*>k7k>=w8_|1l!S=at5OWR&#S=&oE
z0UgFwG;vhZLegG_ziz&ZO&zcDz|N-tbKd^m=A(&8hiTQ5_{T9f@PX!IkU}uOZYCN<
zZ@!<uZN8T!?aS%NbyFX!qsFRaOL9A&^2jTXP5oQQxfuq<1}dHJOK3ZYu0`(*!?#3E
zV&YPWqJ31&!kIl<S=;f7tz!No(%v|Y*o$~i!`d?qLMR1!%jPM`S2o_$UbJbLyn~7^
zykU7rQQ`pTZKR^n5Vz^blG!fQwt0&AX`{9ms`e?3RzeG7B{Z<d6+wt39ffH!Vk2#&
zXap*4Xn}F{V1{q70X4ClFq(D(qop_Cd&QJ1lu$?|g+^-;$ghmd+<eFnDx@%qeL-b}
z)<XG03t?PPAT&w|EreFWM}>NL105W=jxoA<p)WbYiiNgGI&6Kg`7>i8(!En*22Fv9
zSQtS{1w9xbPP5uZGOnn|aH3ZwBPhHIR|*{{TWW&(Rl7>mT4+(EN@7`TmRXgS9+m!H
zm`Q~j&%1X%#>*{tfl~#s8a}o3V$PcMF+M%zRDQVMWmq!CojV@^0`(w2!;kj;I+xBo
zo8N4_g(@q-!ut96%8%5!d~F;G$XFfqPAy3<P2Mjs<Stm$EorgnwI8veZv&@HI*|+K
zoXgnC@vQD$7j%;bS%I$tgYrmKGUzj{5mqG|x>xbt7cSwtHGgKwhwtUkQ45$^H<M)G
zo_l@YX14UT@Yt^B=+E`Cf8%}tRM`oP1k(o@k2VY$FAKg)rJZ1aoTmDl`de_l48-e-
zry=1)8v?@ziob8XmkZ{f&E*Te%H)~}{O_B$)7rNcD^RB}DqtEVb+bZ@0oFyIlVZJ{
zE8ZNul@!wYzFkl7!lv87sRXB%GnZY;6RjWPzo(qSqJ1wVZdY>imb*+pqruOzXx>F!
zKKqN@u<=%6(&3<neFJG!Kx^e2XB2i74Ne_NKTTfc%htmdHrKBBDO>tmIC=6%_{!`r
zFurOMuLPSitu<Jsv<_0i%qbA~+NU?)519^THy_2(V-Ka@P4QaC8=N`q6qHu1?paS;
zx|N5vKSgJ*hd;b|3$J&)!O2tqi*x6k#q_#;cwpO;QQ5h`cs?#1@Q6-$3wg@dJ{E#X
zs{$z`zE%T3yD)E1U(W_5^o$3raTQlX2B2DJy0U(3o8#*7`HFXXM`p1#vkSlgJTD1a
zQDYnR)z(}mZT%ZK?wL<<#-xvN{)|s^+YvYL$IZ9V@1;n3DPHP&gIxQ|xLWaY*GiB9
z(C~5`-E?rIO8dq~o+O;OK04ujG}p}{8#pScu;So*jH?(0K+;V{W5$tAK<fmf;tjaU
zBkSjkr%&L`zK!72U<-@9@~E~ev4u1?8+IiCz4<=6yVr3?%fC2h))`zp_iU6_+`IJ=
zDy;+neQrN5b*$u>wq>}=qchjd(c=y!CLJUuctwR3Ckm4Q<$102RxlTM7APs2l~7}V
zoe>43UT^30hyKsh`l7k9@WwzJeeL1p`yt=MVG}>hf%Wrg&vmgmxs|nj8`+lL#n)z^
zO|@OcJ=-6nwR<g<(+n6@%FM^%JePD+9MOC{e?8(lo@ian;<hEss+opS#28qEC4z)i
zfe^w-Erm@y;4feM!P0E<W&_6(Rd%HT@yZ3e(ln|>I$cDZpxr~q8Pr98%H|2`>pP&O
zm@(y7Q({{#+>!@~*?y-h<W?uIo80*S5t14-7Q=0fA{$8mT;+oAMf1J@kQLa%!q*Bf
z;5UFOtI{~2&<bR%XbpFjixkov#3`T3g84A#n>oHc+r{FJ6+F576*N98yVp`7EAX_3
zjfG<;g8AA*qln8Gwy+QaTt6r`B)}lL71Oq;#|P0(mshtexDHM0b%n6qeyeC7#qrPj
zYVC~mc(H><x`%q#QW1dJQ=Z}T4xWPEf<4o)dBW!-RW%%<4tvNqsQ7a25*mbu5^|>g
z)s&bB`1b82yX2}<yUCrx+p)hv00BS=95@6~XahT?2uT$?oG@;}bp$K42)6nI_$sn{
zGVKcDK?U*$K>%b7@K6FB*e0O|Fk0|j1@$U)01;>kMp(xD-w#ZplrS-!A~>joM)*OO
z7dVY5@^#?{-w&Y@Mr|*&`9f%A0F^H47*vVV2#nZ_!1gHuW(7nql{gj9f8dxcNTnc4
zD}k=@JyDNB7TH_)p1s9#>9drs^!MVJER;xnWZbbdS~0Y+NNb-X8yE6;>r*tuM{&fc
z18IoWkqsuz!$%#!`=)%H!y5KSY0Z5*pWvvbg8;ClF&0%?bKIE2IcN4cG{qa4TRVe)
zZhx5GOdE+{B9_9Oj022v>bYRf`7G~V#hu$8=Cny4qAA{h6FAk0N#nviCe4tR$N}<c
zjrKBpcIKxUpBT$4t&163JB{YV81l+xb<cVp-T6GHO!^SJGacNq`5q?L&Y&~f$+FH>
zd|~D%`R2Y~raj$GUA&I%saCcmw{z6kL-^|4v)ItLg_*U}NP8J`8XEL(+=@eBqa}k=
zKS$c2{HU)!Ipbq=q;|2o?N#n+d4w}(o`$Pj{<Zb-;60*Q&X=GayGo_J$h(^v25hvm
zg`jc7<Sk3<4~;#BDk0FqCZ$}C9<`9i+n%N--oVjK2h$L%3+!Rw(1!ha|CEn&_$Z^}
z{;yq6a!|v*hStK!Xnd`BPt!qsan?E1IMpnupTqq-pP)OniwdhEptXp~uXk$s>fA4}
zvgb|yx%DAVpZpP;;tdgP9btpkrY|E}7XnFhCL@JpOuUJYPCNmreSUKAcWH_@aKVx*
zd4B7oJUjV=9NKgMEy-;>u=ze_Htx%=bUWwHK7-ADTezd;0X{S1R7S@eh=(WP%4cc&
z3IIMg^K`m09bB^Sx#pRPN{1sI;#NGOc}zM+4W{6vu2c=tw*?5%oaxQi5df*mm(xAs
zsG1$dmGV1mY$0u)+`X9Yd>@zW^LgIv--tx=`KhO|CB2iS?Mpap-0>Va>R=w(@d*3Z
z&*4*(KFXVYn|Pyl9rJ4U;kou@>`ZRqkkN<oQs-+RBxn!EPH=Xxp}z3dMLfIn88q;n
z{V(MclRv_Tnvca(X8!-ej8CwxXFZqA{UQJl?|c@iC0UhYPTdSHp7RA<<#Kq_fjrT=
znBB?kB!V#$moX3y9m!ohvhx|fH0#q`IOlAhub;=)=ABE@P4VQe#b8x%-`2<Z@|?3c
zVZt%2>RHFiuC*kjO-ph+4e>gj-t{7Fshu1&dLjR8d5BL=KZ#?<9nOXG&ISa>H6KCN
z&lwt)?m9{?2hr9H#wH=v=)!zT>y1|K?epzhN+Gx?1MEY|)5JtGADnOkb#^t^9ds3y
zb_M4yyPVek7SMuQTkhfVdFKOg_qIntxsjyak%mXZ`5QEI>t+G)Li@`s>v)X|=blT(
z%OHdNLI@-hfrxkp1eP{@WC<$*(J|@p<gOR!_fnic`%Kn!uOsW{aiqho8}9@m%i6;X
zk~&5GQ3gDfUYFrp&k`st##<Xx^}ud`ir&u7v@>pp?dgU8cEXl|!QiI=P>Psc#X$|`
zaBy1HB*s>bi^5$+YgBO1r?lpQolkMayf5>ux#!c7>7*fE&yLit=n$(T+r{FJS2?`t
zKrWc|IbIpHkTa(l^=(^NJiF@!GJcl0732QxPmobA^XvBE)y_AlajJ;RSTKL92y_bs
zzVDJ(F4JqK@cEgib9c+X=*jmRn`anAuc2+)i1uxRo(;pdQNU$UY_|#^1sn04(%b*O
zv{zsRMxwemY`(I?cW>18_LL`lz87kHrMHH?QJP<a<pX*`+M=Nf+D2CJ(5VPWty!eq
zY2T{ah2CwWh0?l^E5(3N1!cgC4rb#JRD@tk6C#WNoj~NmI{*<Oa6&Nvo}&1-rW*vI
z^eNa3hnj*RP&1um$`g^7yn^yI#+RKB0mcC$Cm2TKub^3xV+R$qC1_BD7(;;?AOhDK
z#x9HyD3)~^L9oda1fWgmqQy7_Po<+F1Ww^NC<RW1DSD=)t43v%Rn;`<DiPndNap|?
z*p~NIuT%sx=g21a&U`mr`CcxYeJ<9V^YN6+wQv5OlgEF6@6W#&SLL~H=i^+r?vLzD
z@8E__xAK|EC-KVzuH@P`Z)8GZEcd?WMxNZgnD$&3eQpv@d$i>`=*)F<`JD5akQmF;
zyI<n6<yWJ9mwq=%SH6e5@6zw4=*sud?e=lfgcJDb!tdZKk0l+ianZ8x^1<=P)0OWD
zJh}<`f_HO)YvXVc(aHy{S+w9{^n!~)!=~g`zV+(0Z0T#^FUh|#t!g3{%>5i+o^uvi
zKgVaDy^#Ai-Nl*DUCd7ozJk9UcLQ2$PI>Yiezfv8?AtJ#^XGh)CA*jNdiNS?>}r(u
z@w7`<u7{pnFCkrXelEDz57Oojt8d}B<|8<7&Syxu8NU70Mf`pJ-JCh|G?wjN!Aq?#
zBdv--Wb$I5ZKf37v-51W^ZwgjvODuVbme=wWY*{T#_V(Pwa<^={5>BYcN~l6e+^f;
zJh1C&e!S)ewkNmn%k?+&`KhPzn*+bc)oXsu<ivRHI^qVN*u9vxYzMvhemrGp-Iwp@
z(mCfaDbdVx?aR32)kSDOPcooy-gl$lJ^4P~Kkg`ge$bV8%H!p(*ZInlD>!c4k%rb@
z8juCF4uUa9N#H4umgF`@#~Zohm>Up6u(5v&pLqI9{BzUY;8b(X@?X#xtK-}IU&wbC
zTugVams6iSmjfH;^Q*(YkEc9V^{nFy&wqn`>u1rG>%rHG`#0XhHI4JRVE*U1>9}9A
ztbGL<9c>;vvt6{M+au{~d$yCj@8bJr4isfJZAyS|iz?4@CIhVi&pxaDeJ&rn&3+5E
zjeAU1j4jC)PF#F0Hy(I3e?8<E0KCxoGGAZuBRZ4Yj4kB+i}=xgUnl41xqjVE{C@q-
zJhba+{(9Iixa-Ip(7=lwuX0PvJ!XzmE>r5~uz&p=*7R-Q?=APy(YFb-;^xhF@xF0K
z@}Y6Zuq|x_GfHXhIQI8Q1lO#(fd^XdXJ*4ZB!XR;-F$K88BDF3z><#Te09lpP;Q!(
zm!T`yV@}J31;XO0mw$wX<ZJWJ;nMl%v9Z5}^A=ym>dsZ*)UtT@D=cYW&g{DB+|}|B
z=}aeSY4M3C&*P?}f5E*c+yrQz+_{)Pzxj7Ac;VaJeC#i|=8!8`-Mx;NcE7^Js_}t}
zt{5IX71CClb>EK*sdJ);Z-o+@oxJ+@Y_&@_*aZcO!rNNl`Yt;%ZA_|c=H8?Kh(NHi
zXAPfU@(mu{_6S(j;HCJ-)(838oG-97wUftNp9iagl$WL}-$U9n^Km$T`%3Z9wnun!
z>PcKW_Z(jBTE&}v8;!k__UX#^(3$JTS3XMnv}HT!%yoe_wl-b49+Ga7yq`C;S2@;n
zuHw`u&gHj9{E*)t`4iBZZ!G%(%Fmg(6R}695v4!NT@OiH3`kbCsInbrA_0(k^$*(H
z=kjqoZ2w*0+tQ@VT!i4F^tSKPST&K)PCb>bd=LB9&E|-vgJ{j{rYqlL)Z{gE=DKOm
zb>U#Mc;_>G_Qgy2$pM#h+fl#4*FL8`dp_;CuIQa>S6t8hx|y6m>oe>~x3Q$-H5QJV
zj}WlAdlesl=1bgo_%%HB!8<@}{<!`&?reF8-Puk&<p%2An%&t>^2$YMNj}%ZwJUGn
znu9Orw}=0LjeRXVz5U5ZLj#5bPeXv>GWUj}t%(x`zNN=bx@uB<+oEj)e)WCPf@lAG
z4?x}(k9%)Jk~M6b#R&3*-+4E{(;fh!GRkpSew9#6<sAT0LYEAr>EDiD;U&)co?G+7
z4z#brUXM^x1Y#m7RR9#s=K>62fKmjWf`3AUD9Iq6Na|ypEhu5$7X?5gFjESu5Mm?|
zc~%cSNDP!sVBTKNWx0x$3kU&}D3CsdkV-R9PZchP5uywI|7l48m<oc7qCo}j`v&xI
zH8KQOg#;}leJWMm3)4^_YS8@(RUuv&H^#cTONjNSwfsPD1rXmAVybF>tYdcKeaRXt
zP^;W?s<IQrgo7xE(w_0NIMRtu8@uy;Ch(rL0ZBuw4y6^nxo&ElIvi=!o$saIsl`<;
zSwBy$Q%%;-BD5fG#pw4^xcMZ)PEchfh)J7%H-#e|DrAh5mn9}`V$wlqP0GuV$@fqh
zZy;gCNqbpxevV2jLEMUybW@QV){r)~bf~ebOk1=j=jZ9qwqw~<L7X2=Q=%zQF;Mj8
z`pii3veYNW;7A*-HGTO$@?M(iSUm|VPG3Gr%yNj!IDPqkq!3iwRk+F{<)#25rKobM
zaDA7Qm&Wt*)W++GTX9lul63zLE;;O5{QQXT@x^Dp!5?1#ADqBTVAKQwwMnRH_it>u
zX6O0g{h8kwzaUd9o@|>_+2~ok<%!+&y8~jt4ME1w;RrjTb&uPJ@-hXqu19M{Pp+F9
zr<Ry>=*ss}=hOtMAz5ne8ghXePF%)GdMWbxB*LzU%ItSjIKn1j#YlTuY-t-QkT&kl
z)46UcV+|zi3Nl`Xtd}KWCxZS9X&sz9XpJRps_ja1zAZ%XoeZgT2hyoR2+PEM5*AGr
zjV1`A_UOy?Q|(j{vto!~6W5>ZqAFfb!b*^JQ`9)sG$lr}zGnlK(&iUO{)n??oz54Y
zxr9Hj{tFEW<7u$ZO`^4;)~QAy=y#JS<%1~Rh--|myN2B=TiLHZzwsx#Zi{GpS@Xrc
z<DKi;r^E-;n%=3T0Y61WtdUB~xR393llX2wSd}=!j`&4uO;@fn081VfPOVXQMUe8+
zWW8+Qa$4hv7<EoH89ztTO9fMzMk1(-)qtDf@&%Xjjd|yB{?hMo+r~SPc7m=<C-^z$
zj@pmcPJEa*y4Ui-CqIkwJu-ftOuiS(PEZ*bx~IG}uAc)TO$;_+(Ucg4(1MJgC7JCE
z4AccmE2`~EVlqb3OX2x>1QO3nQyp&%)X5;3Pm%L;_<o-1SS<-V5ggKJs_aVo@=1K{
z6^*q)eOe~f^=qoT{2y)p(XMZY_hw(#d{C;^dc19RqW<mh?H-dZsn`%3ZSz}W3&T4C
z5uLduy)?O87uYp`f=nl;&pwOWkNh=PuDp(`mtTXhD@j-h5_X)7mm}+ENmvOgtT<^e
zL&i-Kw=1c(E9rBSIMSv<#_4mDRM`n^VbkySqcu@jjea*tOgdCrmE;1~+SN{VFprv8
zdo_tBBb@~L-6WpxGRTq2Fo2_co-(v8(~UMzzuQk&C)H=y|G4$e@Y&4E$A7bDf^%)h
zq`1)yeK*n&ps*}m0klR2&Ua*BkC5`xIMN{|Z2G+vp7N=2s<4Db(lvadeY5`A!a@VR
z`F;{s-0+f{BIl-X>;$z=H93_h=jW(#YDjx&@?H+*=cub_iX=|G`F?!mQ5&m4An3~*
zd*NEA8jVo{Rm#KHKBMBJ5JE(BMGOaygNwHTprT6w2^Z?y{FT*d{n6Dw+qE@(mc3!-
z2~Ji1A#3tZ3(I@=_%^J_9`l4h_MF!=dv5?#nfybx_dgUsmF5u|sciiAM*OsMX6*b8
zw~VYZL#II&b4shtT6d+j-)kXi6}Sc9Nd%tg!qF-Uq(2PU{1gUr3#CsXricKE3N3~V
zbPA+TMnfl*>L?vafJ`R@V9JleSeb814H{1bz%7&@4FISJEGcbbR26`yuuzjVh!0gD
zaSNnRp(<ZcYM^giSYD_C8GXAb-cvwie+bn*S!TqH7(5ju;R}y38AW_-+_M{jtpNIJ
zt*3swd83t6@1sTz`Fd$ex&5Sc$qr6fWQuH%EE7WpKznp&+A)1>)1U7#eJd=wvmJm0
zA?eDr7nGp^iLfd_Ym)iCfMyP^pC_&R0E=9qN+=R(Rg!koq;vfsY^0DR-IRG>Sdkr5
z0P=DDJe@%-qM#w>giC`ZY!r%)bbItn3L7CL(oWEm?Fzo7k<!7I6(sZhB(*6k=jZ6x
zeOS`LSDFsD9fS<L`w8Pd*-c0HY%4}zt{2=CM@&4H8&AHU{YTB`p{-AH>$*FUgY0h1
z58nnXHTAnfh^vEB5T)ouvBUOsqh}93Egvzhy%JjMQd%22ih$Nys}frG26-es5v?t{
zvOyjMDf$X%4at0eKx-S99BH=?Gc76lRSB)VG-<aVghUF9l$#=z?*m~+jxs`8d%jDT
z*BSA(X^X^iY9cyXGG^jprQ5>{NMX|#jz0|ufo)ZicC(~%{orR=(6k?SpYSKPCwEZg
zR5Pn?I)7aIH~#kK9au6(cdjP_?gHq{nv-=~+JR~qMKlrwlJgi9*rHe^SF%;)R7NTi
z>YY6O48LPll68}0^Pz`diLfd`gR5P-vK@t)jcSc$ll9VM-Q>VK(vJE*uk*BL+5mwN
zHsKWRYv1s_o1!9!U6qh=deXbWNq}%bT1a6LlMYSsMpF4SnOqN8F)S+q8v27VBSIe6
z8q12~t787Of_8);u0P)gS|fxNsgc@NWx&UQ^f=<rcrcfk@rH(UK7|$7O_c*C<*&_I
zo$r8>#X)(Ieg{hKv^-t^cKCKsD&1fgjkTfbJaEHRF5TJAl1vg|*P#6@a~tOK=l9>i
zAx#Ier1LdyT=y4{F$9+3(R{z5BX$9gT1e@T^D^Yz6bK8~%aJCD6gIutUO*v*4MNZv
z%qy03$a*<4dGn4y(izOHmawqwO8RrX^au49gXV&g#ukCb!CkjUU|hntz5wlrN~~hO
zRa&%&te=y<j=y7kI}8{clCDrhTVMOZS{A-&n|M*ddMkvWFWUoX6HY=%uoCoSy9qaN
zNSl6tVBVHi3|Hmo%mi_#grLi7M+h5<g=JOH8_bEOOhdcwU`>^QdVW`QZORo|2jc*w
zbPV_ln=;H8FL%8sP(1ir<4Mq#Zq92N?V|uZM62{fm!<5{*zW?68i}{PD7_ot=|5ch
zG?MlYmq!b<^sy=w*`$~r<L#$GKuSt)tM7MaP(6;e>T{+}D$v~15ZXscSqvUZoJQy{
zE>x((7sgo%fJUf#7sY!rabI+>@C^8?Qv{o{;N=0jnQe6`cnaf8MIslC5(EBeis}(8
zvIYPK>Ul(7B#fKFAWK;2fa+c;cnT#`1NKnn9kW3jQu<UVdD2=0V6ps2DtBK5-w#KN
z(!vvC@|uczVap<&e5pl?o!d*U7l#SA4FCWj07*naRQBMp8iJ>wOT&IN6gR3i(S6|%
zbw*(@QsET5Tl`l9Wg0vx2i_}PAT>xVkTSYqz>|zfUDOmIAvhH)SFRKif|Jbwqf|5G
zEa?<<wMn*cj1f~bNr(0T0$Ucar#AZMQpSivpJ`)E@7tC1<obAI+cVs`@d0jJ{Z~@?
zB#spXH!W#{vIHO}{No!`T@6Wq$~M)Nue5hrp571fHeyMIv<~PwKtnk&!V2kxET*F<
zm`+52d)TN?gGU8@AOh7a^Sto43=PDh0!wLYHp5m#r=q4Hu!`zd@K6u5%|e=SQP4IS
zwj<Jc(pU(vVkji5yVh~d^54*0IR>Q_FSoDYpBwK5B#v~DMSNjw4vOkg1n$gVB|yam
zTC3uiG>XlZORuF!sJG*Bx3uiSzAB<S1$4ql9*5!4!S5J_0Ym|x1^FZrWE^b^?%w(c
zt?Au7+qMMZRDrb3S|DuNGVNUc>a}!cyU|*im_UIP84=K3lyrs;y-t?QD-4j)E~G;^
z#xc%KipPg}DZDSj@lsl5NuLZwTL8}%AjQ;$=L!1&2toJ0)jtIOrg!H%<s_%o_Vv6R
zZ!ZSiKwS#Tr=VFS^(o|mqIO_-Cz>Y<zoj)G>CgA^XzOAgZGC}1Z~O=C={BU50CX@P
zhvGG5cvcM9t6GKQreN;0WWdV-Z7dm!ew%R<8>n+=OB2z_8E9w;Z3nlTGUKCUo-HNA
z9{AReOB8+)-wKbdmMi+D(sA{60xl25x4K|@8uU&X+KTWUF?bCWvM5}oDB*d5Km^(W
z(V|+ygHqT7%X<-RRX|UBP+cuiIL5RY8)21{HvC+;b`-8nh5b|byP(~ov>%3gr|?Jc
z4WYmn0wv@q-*%e{U$64~T{%Z~pq$Z=<sC^Q22UdePQ&CaJI(wbN}bB&9rXE;w0|$!
zt%X9wHR2ue+&36VxwHtYEsgGO&|<1Wdx4uhBgxTVfKnLisL+j0=q=A=50?;gp8(Kk
z5GsnwOZW|~wbsFN<I)0(96AKR%nv0?kwc15+7$qqf?07u`V@+r0&o>Dqt+OkD@g#0
zjEDCDiBt%VBt&kSgSQK%Pomf^%7DMZI8P<3da2r8P}v}_D1W~&>EIh8_@FGzr%^HG
zQtvymVrmg>J%3~5ZuhO6l9g*u>4ZM$@8AWX=y#b(ZRDqdWf~BDV~D(E7oH*NT>7nY
z#g>AdLFI<uD4G0&OH0OC)3uJvp8mSI5vw&Is&sJ=k}ou#rE6_5W-_oE;PqQt)6=eK
z-fp|9{AO<?X^4Ij<?;;CPs1))l<9+E-x+!g45Doro1?PVW%3UGR>{jHw3Wi4C)dYy
zulyVWgKMON6{`-^Wy;X4@S8)F7wY7DQcRfp3E`}{L%RT$CAL_;>Xp78$6J+J3^lF?
z)vxfKA!xgo<Gb8DLdJM%$CEs@<pFT2kTOAdU?GG<N2Ze>zj6%-3+dEEs+q%;Pnogx
zwrnVLnR%#exg~WNqTNb>wrJ{WXdVmf0C@AyJ;`a`9>3#l*}(mq`Bumn+fzHaYS~pL
zqg`!4lpf+^{~>()w%3_q_|}&i&k_@k`JS+z{hrw<SUIc3cKv>-XkstC<PI)>aM>f~
z+r3?vN}mtaw<VWl>$9i%qcmSpoeJ^}_st>d{Fc_4GVRt{<2gv%wx$);@4}58>UaCJ
z;X8BRGT%mJy>rs1Jp!mf-z$@M*l{{S5cRGAsDko`%(Iv67Cyq#6M0Hl9A6N;^ev=8
zKq`}`)2>Lh3e`RejYf$`9ZyHn9-qkb90Y(Q%m-0$S_ob@`Ghhq`i$L^S#_dmBJu<n
zIgJQFQNR{L<54UPLW{u9g8@j9(+FdbM6|Mns(X6iZ4*W+n5ncft}f7~AR|E<pg`cY
zudMVb8odQlr&6MoI*ow0sJ0hA3jmZ7Wk$9VNJqJh&Vw_x@O7>Ac9By_>Fa7GM=;oR
znTsJN&oD4;L1BT-MCo_RT(h^}NuX37^8H{ZkalJH$#bX;)80(xBmHK{J*~CD*o8zd
z`%Pm%MMdM_4MxE`g$J(65w&=+i3C6jKx(x`X4S~;Xi8~Ya9wU;ETV6uMkDvww|m@-
zmK$RTl%EGT33jDX=_;z@$Y@Yl*Ma&B^-j6*Q@)Otkmy)#z=dM)f?xE`p2uL=-%0>B
z<8xD{)dTGSW8?euwy1TxEKkiQKEfSYY1suohunniiT}#n+Y`^K0?A`x27y3Ym0(p8
zO_)(0Wlo~w4TCp9W+A|Lli=sTslp0_ud;^&j}guVdk3CIN?WtCc!C;Xi-`n43P5VM
z$ebDxSqGQ3XTCMpd()=iTLtfELQlCMkVaw~YbbcPWYQUStZDpQA7~GpS}f@dYDc*`
z3k05@gM1R4D(pZFeB^vPxLw1K@sabbZv^EN+H%cxKo`I?DLPjxwaaq#G-4x^HV#vE
zcvx9Ti-BjutTAQoy(0&eBdGJx^(j9mhiwa$c+kO4M@W3-p>w?;Z0vaL+i26s>MDZ&
zDH~*|N-iLMv4#9#DcgwBzf<~D^t~bS4cUhOQ0dd2+EezUWdNh_5JFE#Zk#r%`gr3g
z=B=hd#xgs%kOzN@P&=g#?4h*swUI!%fNMr=;O9XHL6eLG%13K23Z|<-2Z3$TN};t2
zei$$}^r>!yQO5Sl(`IN0h1S|fYacKA&x8fm8YN6nTa+enXKo}(LK~Fkfi{71O?(NX
zHmJ4IT9|)mUn`}w!q>hILJe!BjpK^|C~B=yN^7OGR=%lQ@Gc<+)EEHetATh<g|w4e
zM1mtQKxxDvD)^vKL4?6T{Xq#a0HR8g&;l*BuSWSkVrt<d%dt8IwAwy<=Fy@Fa$w>y
z0=44X=C^O+cqkWq7nFx~GXs-;xpy!_DfG-(T3qq<zys~)nOr@Iix*tV;bRX6FIQ4V
z!3J)q$ui7W=A=^$YFqeQmu*8~+XUeGF20u?h;KC1JK;CWZX|;5MfC|nN~7^4HA)n#
zl7QGMv&xOs8HP(klpPJzK{U|D?y-Qj_#WCDg1)+du4URZs1HgC)PA0sbu+nm!KEx1
zbpYDW71Xt45gc;d6z7flvD`c5PH~4Eui*K4d@mQC1(k1OSl3}_FG5lUb@c@JQjgb(
zY_v;#_IuCz0%_c2k0ceAT~MEavM5vM;d!+5ei3ble5YW{=-{97%)FrdA?A@`z8SPj
zt2`f=`~faL@KR>i&qDidP^U6=E_`_pv>nu@(tJhl6udkF+J?t&zD0vn-V_Rw5_+r5
zXzv~8+i+YD*QPRUEXTLn_Xc=g`9tz;;T%{@4^s~v*d2ai<|n!MfJ+%)InK~;1bnN!
z9CPbu^R<OvXTQezsAx_YracAiF1yZ@_U&8bTVH@D#01}R>%-3-^6RZGTDI8vatv1{
zmE&7V_!cnhtXH(wYA=H>4fI{6F9y-J>|8MDM^WCQ^>Ku}P&94}rJK57oB&#Bl<%RG
zhw@#NGV7@4W*Czg&BX_OolnjAG!|C0whqa+<^GOfE-0j}*4o6~6-+JZCA7sRa=}63
zNHN5o0?S7ADBLg(ku~bdVe$^5Z~5(I`831<;h-}1(57MX4*L8^+8@0zM4qyB9wMLc
z5K@nKJUMEQb>Bl8B$3j0X*Kz~V>W1iho!X(+S5hSClz|f3vGcy>5~ou+zN=ieuv=7
zj9v{!fnEy(!lK}}8p95O(+CtHKq^w*(*#EkzHv~lfg+dXfxVQ{1289aSuTj`>LWrE
zt>D|C7p72EP#Ni4An7U!#2Y46sJd5>%Bk+XZRwL0<SkQRSv5gNd$P$BA~tF6Rl-@b
z$fyY=(#h6zqHeq8>wPHI$saVL2mTDFN}!dGlor1@@G6dOI+(gxEw-@Ok!j<~mDll9
z>+>L_c{OmaiV(;kzLLSOp>vY3PUg7^yza>$UXb#=U?-d5L(Ru=-62<U&(=ryc<U15
zwJX%a)}hWl_`Vl?(+a%qsjxgD2m}3D!WwW-jWLD|CsRMjF9IW3r8G)=Mk1p?Yabyb
zwy^MgmwKm~YmT^*HQnp@)hoZoiPz#O-)tl>wpdo-8Aj<s9o-+?;bEXamDNSY%~Fev
zwnx9zH2S3@VmR6kxv?-ewDPF1EBVbK*Kk0?JQ|!@1cJ?}ZCtV9XDn%d1*B!NtDvui
zG`3G6ixtvWD-aTijOZW(x8W*uE$wCa#N_|thYK&`kL&)<dCy-&XxI#ZGW0dH3_XJy
z8fwDt1d4Wr^wq`%z7P@%W5=Ni#)A-6ut*yh%p!1PptTBUX5spIMkkv1=@D1))Q%Up
z`SqJ{;&pi1Gn*L!76pz@O6gj-sVJd?k{V@+F`lbOQy6er=?z0}$VxXp1zCm!7keXp
zD%gaT{Z^TJDBq(xR>K{~{EoSGGfBEhvVM*lr<%AG=g}QcbKc@_2B*$pyA02Zf@#hK
zU=21*NQ4k5FV8u%KE)@dok(}Cn>RaFVb+`=Um<S|S;vw#4b|>p_@>-9!vl|U&y>&*
z7jcny#uwGW*BdNXC8ef*k9<2EZKG^^Xj7TL!=2_UFU<)PKftvIUWU?|3zmMDms(#y
zI@M+~t9(qXywFRoj2w9=<s0B-N&$?G)D`<*$N`OWS=Rm<J9{=7$zt%1AFL6Uv{BlR
zz!z?cPt7=)?;dzDzkcJ-T=@KDs6vz5f^rA7sg#z3`fhmI4#&4>quQq}#(2tV0yY6$
zt+oE^mE+gh?hrfCz2w`_d-3=8zm)$PcO11&4UTl^%ysdDRlni>?T>`po<QYzfTsYI
zQfM83;Lz4on|acdp$69FAelhPA^i&Is)KJu5(`!ITnBSNSa&H6Ul;PT6*v`%c->8L
z@{E)D_JJ3Yuqvo_sz|wMZr^k-KV9~7##S_O-4WkoUC&1D-|`4KH(j8RBZByp0?+r*
z+Sp5m^L^yxr%eBsU26-+za#JkljmMF*IBb@&43$Vt=FoYjr6S`CeaY-|J3&B|Cc@u
znOA_uCl(X+IbSyeYlePl&uI{l0uVacB51R~#~1(!qIgdQ&KgtzP(r8WrjiDS5Gu=s
zavEKr#1RI-)xkFrM#vPnL5~&<6NooZrwf3ZnIDRPQB-b0Kwc4k$mA=E`D?ykXx9Wf
z{8j{ylpf4nx;*$1S{OhVHd2=dS?04tNRpH=Dv9AJunO`H+5wne56dh4rtpNT>+>FU
zH5sR)nZV=BitGD(r(8LHmlejhD4om;eu|RY1J6qrT|?@H_47HXaX)^);cs;0y7}h3
zFLB>7f8dzMKFO=Qmx7d3#~Tp{<KEQIBc+4(vQ$@?`x!4og^c5ApS;Rb6}XMg_!-cG
z8m9)0CavJHozHUlE7$OR+cKoEsB&sZ`&k4Kw~ae=<)x{N)niMWoR=l%CUKl9YGSoy
z{T#0EQsdO&DwlM&o2rUNY+;e|($VHx`FU!C`t`dhJTFIuQ$<`>l5|s8LQ?5elkv0U
zy&SeyoIL$RzBKQ%T)*OvB<utkH$&X1iUJMieb>0_E?hjz^=(l<5Byb9fKU?(AIG4@
za&^B{H2TKrUGa;97LGm8HO!+m63L;B3)ruIHrKEHGaibs&pC&Oj=PD&9yyuyU8_LY
z)CB5@{cb-><q^V0`*~{OM!=HsvQ#*6T;&CBjB7w^GJY0;q{^v9p~z^(U0WZ<*FKN#
zd=5v(NjTM{+zghGIF>`k%b@%$Rq+NaBpE-8>!yi0RV17$GJXbMDXL>N<orC@TsPGf
zO;~|vN3A@w@lYOhLB0F({dhV{rCo(%IrQg~#AJ*LD^AKy<N0}FN^#cgPjc4m)7jYD
zLWNa9)=iU$)ev`L0e$nh!A4>@P+Uq|B|u3LvjmfY7sAK3r#4wRMZ~m2Y{G^+@Yo}G
z+8dBD=(_lUK;rryceFgfm{={JoPH_?joObpTK>hW?XR#QwaaYKe2<!nQDy_AJkq&t
zgq1)F3*SrQ*p(z~6MVNX-;4Il#xLon0K-RkS>jF&6(Mga7dMbnmFtJMq}DXt1{+4q
zx4td#OZe8#sTRvqNvWuRNBMTRYev=&p~UsPnV(`|qY1Ko=8V&Lsci{bDdJX)xb4uF
zPZGB(h)aj0m%>*bR<KE~jnx4J^z8xLqBq}%Mq?qVj@RQNaaA6n1(jBUgk3>rrVGc4
zQE8iaP&r}okB#?{cGEn({b^7hwpB@$U1`3rJ#v9&!ti`h*ubHmkCe6ovkLoCR7hn_
z29`$8ebr*+4M2HId|R~t(4aN@*3ROf#{IaZ<sR1cZ|1VO|Bt=%j<c&M8~=CaoO`$T
zlHK%#Bm|OBLI(*bhzN*^iUq`i6_nRrPy_)%5ot=X04n~lposFqE4_CJNk}Mxlug?t
zyPIT_t@oZY^ZVnJd+NP+lh|J0^U2BGbIvo*JTuSp%*->-%rl?j4@X?f@eh532iM;R
z7*tm@VF<~PHH>YK;22ASI+qu=vdOy>WJA_4LI|piN=EHba@G)1RyrO(1oagSejA<7
z?Z7ar$x74h|Avr4Qf*c-WDjH6c?=;@_9(R#js8LDqbkQ}ZV+K)TzSy+k8DG_5jvgW
zn8o<&b`EIWhlRZ_am%Z}<pZ<c#{~y`g{;i-o8^CWA`a%ZyAz(!7?7=j(H&%rEVb@&
z4ckYz(@;?lTF{^CcMpmdW8y8i=Y&boG^)3C0BilvO0BR)OtMOX8Sv7U9j<&VhEoyv
ze}wV0I}IoQWf{g!*<~&lUl7(AZi|e9A#*zLU^;@*SE3<>IlNxzZNu6clo-{PGvQD$
za+DVuT!S05+~vBv94=rW6`tL_Pp)Ulc8xMWXoPZ$tObRLdpHK07S4M&BB0;Gy8}Ik
zFvsBX!j{|K9;{%<a{s7b*PwD|F}23s&=NMTd?u82-cyQE<6Y$ijR@dK?EL~biYyV-
zN@!J|w^dzDl_e$+2;FIDwayp?YQ4f0NC_6J<X|lFJ?DClE`R0cys_~~j%+)S1?`70
zwRR#4yC31Rd!55Y`+kK=qk{W4KE`LB`UV>Z*YV+*r}Lu&zC}%@hJ}4EF{NfAzgqD}
zE`I46?mzZcnkpJN_^x-56&W6T`=98~ZRhB}oytDVdvW^oQ=D^ZgygoPujhg8$C*?;
zo~^ll-gVy@96RwCt~>k^CRBH_bnB~}@yLHMWDW7iiMP`|w2{8iZ7k?GgsvUyx#f*N
za`v2$QfJokm#%v_>ya-rYL9ZxzGrd40beF-WVv_k!+iRIvzgy<2)}&u)jYfTMOrFb
znA0?q7kZcQp1V%xgy|>n)1!U}z}fRY#+>GveEIPU`0-Jfuz%}3Olk6i7k<oz&-?(>
ztaSY*k-81ldHmUy8YT6FJ-^mi``TsO1^}d``=rvFrKP7}2%@|d5ge&}P2qh`<r!6@
zT)gZj^le|saUE}BpT^ltsOsc(wV1E(_hrtV`#B6D`0Kj+Is55vuyte$XYc(fF52(Q
zR2UUJ-@BL@^;5Zg>Cd?Fjo<V1iFYuN8|2Wt-^JvbP98b_kG#_VI>+C88i%y*$LZ5g
zVclRiomK7Jc*GC6d+meFYo5)rt;_k?L!aS2Gv33Mhg?8QMHA2UF6N^TeU6%JJ@*`c
zE3fshAg?SAY1@xi`&aPi)&Ij6=Y0xO7~JyupZMw%-$nx8Jm4#QZNIaTLU8-a|KW2F
zeV!Ah9><l3U&!MdpJiIzWTw|o=CST)`M}+0aOOUr;*vwY3BY*=evy5eXY;)muI8sl
zU(R05Gckn0H=p_**DSn_Y^J)rL3ZF-nc6_=DZ$s4mfbR^2c*)qDwr^;vpdP#kU>A@
zfq5Li6q3B1<ECXlhun7BtH-fl^WNO_#vl0GE4M&pBhskkoOx$+-oF1urCCY$;6}c^
z@Q3_<<sI1hA!fJC;f5oAz(KA1qO{`H6?bs)3zxHY`$|8nVQYk0EpzzA(buqV%ifs6
z<a;k(%_T4V2*aoh%|h?aJrv>kE>~}zrJG8NDO1jwlI^;tD+kbMjrI;Jvq#u^;%?X5
zT{I-MJ<ODb8N8+AFz(&(D6N&voI2%1E?#^M-P@M)@p+%)JNtfthc`aOoW@y9sP5pN
z4Ucl>V_#%Azk}}{a4uh&`)L5y4R!OmC%?^oYaalu8L>w>y!}9ad-SzD-?xPKJ@9Fy
z5Il6^Z4Bmz`RX$lamhj7;E?wDWTeT3FJ49Oa3815aN3049qYON=&N{B=OJWehF`w+
zJI;RWTnr%*@f{1PMojekn2h59s4}!^8%zzp&uFz?jH(f#bfr$nd(6DmxChO{waahe
z=~cJ0PvdOfJL&Drte?t*tB3f|>@)e{{Bvo{*7Ib~3w-R!udrokBUc^zecm(acq+|G
z?q2^OKU;n)Hy?gEFZaJreWs2%jk8#?<rO~m<d<3Aw~U60Mt*Sc1)MhRT}UB$zIQQS
zf8kP|Ui$zi&U`;VJ^cGT-LsJP%2xJnoWXOwOZebJXVEvXfsgL>5iUC5t29+KFpwYO
zgnLeB&DP~yd(_pOIQdv|D#yhOuj1+@*Q14S_fiYzKw#kBb&v4<hc008*4MfFgx_#<
z=b_xW>K<&Zu(d)diwh3=8eiS-ECALGY~buizsdb;9^&`M{fzl-`|#+7r#NZqapYB=
z?>uuEKVAF_GMVb~CoJ8+mCz`IMmZuU5-_AN&2DYmeJHa9@?$WdVw{hI{W}^^gomu@
z22>#bv3^fPypyn=9bj01xkoyZ@~*@Kg#>KWdSJ8G-5HHg2;13h<b*9(LgDR^a`q0n
zx7H}fg(Q@_qeE$7Yb}(!Q%Wc;(0O5Ng@w|#vvx`ejTY|7yGr>xn>1P>l+*ev<t(Cg
zH)h#dYpu0%oYu~UDIpZvQ8g{R@Oxew8+X5!*0xq!DVI)f6P3GI&|5<2?R$zEQ9=u6
z-;;Z*$n9Ne?*V_$lMupTf#J9r5@7>*Mezo&(0f~0sxEKqx;o1sw3kLnR?1;JABYa`
zuT@Umvk<x?-zhvR*AkxJG>2oSznA@+=CG{)bsp}1f>UOm#&ri@%q^>K=k&+V;iL)2
zaLN2{^5zN0aP#4p(>uD2GamaKBlakhYC36jH}X%c?qG7w1e{RTlF7B5OsweyG)<WX
z<~Hrg_^J*nWtNVrHcp%VZss-3X5(NthqfQYUyi+r728+y?t9OmrJ|8rkNydhYbMZM
z*}~!D4&w2R&v5se2iT`&FTOnQ(_H+*RcspW;p2OLfIXY{;(asU%hiWp$W5>QmXAF6
zdEPbccrH5pLh3WMbX2!<?8F89^3~t+%;pz4X2Ox2zSn6yy6QfzS@LrL{<z{!zWdx2
zT(jU3jv9YB=RS1_ANt#;Sv#<vj28+$vTi(Br)hk!0UJ44XX@&`Bu&q58U?+=%qgE&
ziF{4MnV4tzRwx9LgIo6HozqWcX5Cbt?OV(<o1f>Cdw+)S@BekKc;)AO^678z!Ko*6
z?ml1Oq$wxzlY=j0#r7^f{OH+K8I_E$8b?FMiEuZ$dV<eSQ<zMu>7=u299nByE1H?x
zv?py9EmRp5bX2wR@mcR@dfj9;4Q}MklaAr{M_<q58=vES_n*mL4Kw-qf-7mSY-K`C
z2Man5;jT6J^Tej-IJA8}pWO2_&VA+*hVsMw*W5FiR6mVR&G|SN9rQIWUvwRxee~;m
zc-DLP+JRrE+N`3Zx}7(VKZ2hu`30|TeS?#y9>+Upp2A(P-_A|1IOpZw{L1gRYRQe<
z_?D|Uc-;P+^T@e;{Qh(38S3$uE2i=_fe%`1Y*V0+(}T&flFdS~!LZzf9$!h|ZB%E=
z;H|gMAaOZVEKMY_k0UH=0+1E;P}xkSd+u1hSqqhoAToSz&ZoHY;PZK6^Yfhcz$fV$
z*}`v+zLw)ByoHYH4(@r|tsLC8FQ0$%TU@&MCwyx5X<YlJ%P?dGmOJ38F{`=ii0^Y`
z$02<E>F;sc{b#XmpxY0f9V=HkWs0_Q!SX>^XUCwoLOZkDwp0@<JM;cY+t%pzVU$=|
zmfnt)x9+tw^`HTi#aqT5Msv22U#_@~zpa0m){1719(O2MBThS5)y9$I4(5k1UB|ki
zZaz5eWR4ks6j`&DQ9H-U_kWCc-~S2PDq6Vq@bA%3*^H$vDrA;tdR}DhU^gdEK8}gi
z9qivSmxJ5(=eeFmd}H6waoohC`0fio;?(;-!K!U5nOrlTxy`c~SJlS14*muwO?fL<
zE%_Pm{-2MqwC`2NE14+c!Fr3AJCV0(d`;8ai~tDftqq%m%|;_%$a`1y*86i_<DMKb
z^<5m*b_i<**Yme^5Ax<I@8CB_T*bZJkMX`oKFtBm^SI%VOZej4&-2L{AK<U+?&EFu
zet>(|KTK1$feF<eytVU4ez)qcT(<Oj4sSnz%jTa;)~Mv_!!G61vrglN*M7rCAO8|_
zn`U#@vA<+;<7^~?j;c1^I{rv*dhJ%8?ODuQ#~;bNryS4hmU-N~;0kgo&q?=ul#5>Y
z5m}k#`lEl$DN|42V-KCf&9DBBA02u=@1Axtc77yQ&Pg?$>^XTpCr>>NfERmTW?Qb`
zS-PzhEtM^dSR=gi?lXAr-_E3?x}BdaxP-=vCR!>RnNl~A+Dr}SK6MH0RjqvM!2hD7
zc087yE6v-G&bqvnx=9&!$dg=^5!*Fl6?P`1Yq3j1VQ-LkCxH3c2H_&GG2M>9CCMof
zSZ|I#jb@M5vJArjtWL?gRQYuPrc{~J%AE?EP?w?a8Vm(m?^(LA#jiv|N@duD9_SHl
zG&P1&Xe|^@z&&SutP_MmyFnw|P<tAb6G%cSKOlob+n{Y>YYQ7oTe=W50*w+1WoyTn
zaV#mPgq|eZIv6-YE8DHVt*-z8AOJ~3K~%AygtNQBU9qbaO50i~TWIYp(^IaI=4yjd
zF3noG`>zVd6BH!bGoFIdAl#br0!Qc+W5#1p$)FJuv=k`m29AgtPZSI&?cQnmB?hms
z1iC)2sI3+%+Zj${tTu9bSb7b+hbIIR>2#u<55&G%?oy`T9r0uCJLdnfEx(<2KKu!`
z4EJ*O%nt)lV^p(G(`;;Qb8P3E_}Gm1VF<}puiVI=Ub>NMU;UMf+wmNFr=&YxNyUgg
z>d(m8?%I1xS?)d=c&&d0bN~DnKKtkw`QY?-QEgT^UWt~un9^i^>pW)GPa~&tyt3_e
zE?amdx2?JhfWLO#%Z&@K<gxB&0NA%>Z$7@~sQ}bvYnjtL8(S;hGT{iCDx4(+e_eGC
zzj*Ene!Kk70L*RLll9wH@z6SFRo3F(WjyivoopL*4*NX3^B^ju!S9#<8AT+bU$9R7
zzr&rX(75MYfHvqHkvV^J^P`Vy8(XaQ!rLbX1c~xCfsaXPq}Jr@JXx9HuA^__j-!6Y
z>Vb8<`=O6xDT~j{Jk33YzLC8fW&&{Hgkv~k`g;JlY}xhP{?bj{u>3bJT8D;FkDuDn
z;=HoRDd*XC*XG;Wa;8>*=Xw@1^AAVxjb|_BV>3U1Aq}Ju9MC)mAp}Qs9K__>@mR{@
z*`7uGc;OY?*>xWPx2?L9n_s+!=Xw?)h2)^NeK=#*d$E*7YgIF|n;g2|I&p!&T<G_2
z+`%uO|1p1Bc_#q#nrE@9=T)BC_`E~UrWbi)<=+@^52ih$^I%5v!~E%uy9#>^qV@0d
zI)S&^S^lLZlY^jQ`}Q8g)*B6P%chSbfw$53!F(gU-K78vfybg@t)uzdHdWaMJ~aJZ
zXf)@)a5;A@`wdqt{TTqqPdu6<I*(v-?F4Rl{dR6zbPbm*x`vmwyvhla-@>@sNzSrZ
zoc%QY?m@ywbR0}Zz#mrp1+*?4K~}8&LdR*1z=a3B5hf<pnOFV*tk5`%E}VX3(rCX`
z=Y3oFGi{;8YBN`c-lpZ5M!Uz~BzY*tTR<y|Otyhf&HNz!xgFfQ{!t#=<g8jdY2q;;
zO@9@_uim(gTNeG8JG$-xV6TQf$PM*y|At37pk*G1j+@V*HAGuw3!PQ%*xE)4$;QFW
z{BGr6064I9U*0kKtpNOS)qgvOS_6lVJCHh~ire1!3puy#&)a!+jP3y7koNg>R5o+#
z>whM1jk*Uk2kR_Qe(&<SW9`*<m|wAa4!uv-Tjl8Oq%g4BByF|PbeGcmeQl98KF*u)
z-(J6W!$IHU@wfdMA>ciaeul1X%lYiA4<is{gvkL-djoJ}`$05i9dX;gc`oxBXYr@i
z|INl>CrH^n>mT8&#aD6B;;UG>V+{wk?!&&V`}598$MMGYReXEl54mmW&$#*ZKhRv!
z#GxGrGw2>_e@E9n-1y=Z{BFe^0L-eNj-~Pp<cFA6JBc@S9K@3wpTSmn-ZS+C)(>rD
zuf`dSujv5b&EpRTcOO%*0zNeJ6ka~<c|NoE8QlEp@3`dI@8d*^6qwRv^WbJ4SobIg
zwC&3w<K{DvAEdpijgIPeXSpwM>GM}}!=j(Er1xdoDqERY+lf|@CBJEWa4(@jA<$V_
zrIF#ijjNXrqE#0va-3^SA4?fd!EDPhB0RVx!yxG@$9RJBji)edEc<fGANyX)U<{OH
zOt8gaw7^-GiI^5Aa%@-P(!SO%dV3~p>y>KT97~&8D75yL?KwlhLN}we6S2<^XYN32
z;l!m-cn9Wso*q%yBjwC<J57<sof2{bK6ss+^W&Udh1Q;LR%u1ytST>!@?!4d7)cVX
z{n3Y$uV**~8`yFV%Y~f?8lfqSmR%tTMcYg8KJ8L|IK~=)kXq>`%cdsO0A#gVJz~ir
zsi+T~xSrOLB)!vxB_iIcNYf1namG_$;>7W9;T;o?;fU4)S<%133GWRY+O{8~)@&Zy
z_!Mgf*3yu5?0}*C5C|ByhTSqa0rL&v9Pl+{4P%&wb3kSyZBCJ&?^(iz{w@#(m4>so
zVs^s}##gnma(fp~Z+e~~YY0P_3|Ye<GE}>8L)I`DRhVv&3R4(9-G{Xwz^FaKgX<pS
zwJm-O0H;GSvSba1E=yTpWU0;608nXULBJ;;_#!<+n>l{!v3zLODO|hcMn3=WH;_^$
z7*p}aJX%tX#+Fo7RLBVgLZBOp)rM7ois4M^KoaUR6#CfxJ1aAc*rS~B#FzNkj8i$h
zb$<?O*`GVtKj?4tUC@3oc{|7dtbd4AJJv9{cA{IiBOqZYKkVn{c^Q>fsQfTWyM|>#
zr{>krGn*H(bzlRS)lS_4`!?^*jM~X8>08Ez!42f?JObhH)7{?$Fq|I&v&ucR6*9u~
zHz6<RIFy{q@wYV(vZQCJv$h`?$Pa;;@#W64Z7?#vp;cv6f|cX6zkP;F4?CB4OnV!j
zm~%Q8J$D7)dE#O+W@VvFW$@N(CY3?+9_MznuDE1lFTiU*8Qe1I!tvdvr6DT={M4be
zW94mPTAlPE{3v4YbaK8)9h_E}!gLO!RyHH{C>Z$ro`&+nRJn(64&(<xWI)-@J~wOB
zHKH5}M(k0}eCWRz7~RhCQ;y;EnWu2|OTXX?k9`YaM06|I(?{uwJc|^5C02_jkq<Gw
z)$SfRLpB&$CIDUDH&dzAW*&B@-X@kYl%@!8HDKk~r+ps#H0?#TS;b55yx-TQw@o;T
z35|O*?Cwc&^rXrUHZWujvq$q@{PoyhVhG8q?W?KF)G}&^BVAS)S^l)@F3z9-B|bmr
z<1|$?@<{j7Jh$-$mTg&1-X7(IDR1Sy(@)~SB{#5TWGmo=kvaE?^ATEe^0edm)mv}i
zk1Ouv^!v^tuPir^OmevklMrR{HUTzCZ<W+o2CaKvFrn$?3)XK1*zeW8-skq4ut^3^
zQc2Cb6p!6D(R2@=KkM0Vvrp4rd~(M7S<rq6&u@B`tlLiQ-#mxeb<=phZwZ@6`nYWA
z4Rj5x<s*BX%5{fb#;Ma!;fB|40btM?0<EbK6)3z3GZRBdhV4;j5=)r=WYMrS>@P=m
z`oAi&Za-OJWO<`!F(>@(G|rp<MJ|~CCB87{lia-gw`|W3P?xFUq^ZYaDT}+-+|Mgp
zUv~pZ6~=l1zklPeeDC=mp%A>h<yFWHFwX5uhV2pdYn{tqPq+m`7_8dfMQx_WY43Gm
zax!P<smwZis+CqwV3eRvMD;e6w;J0J<V_J8M{$wXTtA}=J94;jiDi2pD~rM=ie`cV
zk$5Gwd1-`{VK}A0CZg7n{1d+yfhnilsjw*qTjCWkLQx3AZXUdL%D9@dyEdhzD0L-z
zq@0u2w{JlAf;}p5LWesp9>+JOH7KoZXK9?X4@zq-lr6N*3rkzrT4~$yI@wY=%j#5N
znV`395468@&k2X-M=IA!X(hDMp7%*BcPXFkS#+*f%U!;wTso9vXK9o|;NbQ{mJ?pK
z7c`<g<H=jPS8RD++IuK?lY|h3WqS!B%Y)1Ib~ZnuMCb;b!+>pJ>E=;I)x;^+2!Gl{
zY!#cOrF*39wkoB(Pl3DG5+HBzxpeDtzVO`n4CIHn=HLt1qkcLMZhR7e>zDtA1$Uju
z=b!lwS1r4ddp0}@z;WY`WPJ19e0UGXgJCP>1c0zcXvoy@=5dE{Oy?2QXX>!Dg|}43
zVOe3gB!zHJZC4ggZF&KKd)Gh0k$-t7A9&!iT>a87Sk$|WnoO13*%s28?jXSHB>IN8
z@<Pu`09?EDW)|FbJYRVHJN$Inuh=-~%;q_f0Sgp3gXThqFr#5QlUwI;Sm!}}<B1FT
z!~<Uh;4Kr6#FVDnxa;suVU|<G_~5`e%MC=vwlkr%z0$VViV-y;^cZ<d0&gQ}BoaeN
zp6gr87oPnNQW*U7u<z4e*}~(SpF;}C50>7*g8x2&uRi}hu6+6DJnGJ1zis>iCbZ1u
z!+V?pIEp)Jk1}kJ&{^HiVI7BYOvmAv((pY|9$$nm?0AquI{dXpczW|fz?r>1@-HXy
z(MOzUUaxL@149}PKXrk_&LFSAtBpfFEbe_7LmFJV@W&i=+i`s3>F@FLmv5op^&mPp
zgfH8|jq>Q#(agr_Ol{wn{oCj9*@wTz=O1zQP8~J=FhDp9jsv_6@->aOw$@mJ7OTn#
zEy>l2E-@OHl^AamcwLIOAsT`&Lb{*eok^3gpqvr(ylM~z10!2_dh<d|Y4Y}oN7L3Y
zgERO10056}e1?U+O8_`-!U85V&f=X@-_C(;`|$Xt=ja>gChJbxv{$zBrjCR7>Qmq4
zlMjCxfHzM#0x1n=J}p|V;JZLQ_+@kJD%C>~N*jkO%3G&n!j@!4GvNb14NI>PBPv%?
zZ^z2p5bc^Uf75yE$gRzLr<_Q&S;cQw+|I=df5^GdewV+ke}tBbCf?k61j^ObXxo{$
z^BmcEB;%@D`QD4y@WF@9X3!cUYh(!yb}M9twSBL0`^vj`Q^&!~X`00!R{RwM!LbwG
z#QD!%#z!7J2Y_QIETF<Q<Z3fDym{gRu2^(Er{4Q%EM;-*#06BD)xP&SCcD0OZj8Jg
zgWf73TDBX)Ujlaf?OF+owKAt7JSf4}BE0q5q7?&OeD(PYSu?nSOZWde`?np)z1>cK
zdh4pcaOB-5apsd><=R(&#jN`2+_(NwPP*^Iyw<;hqsJY}xXM;6ZSkh|gP7AcpHrqB
z&y2b$EZO=BOL~{^%C;5EYnsi1aR)QKb$?Eu@g4@PAr|#4@eOLPee_!EoSkQ8>pqy$
z<ehhake@8OnU=~%Op#&TKsR|i&qp3Shhy$Ii7OZXls~Sx6NHHusncsEHV^f%bmKx^
z-n_)|?3<NnS8goZ;+Tm?(ox;ch0k5VhwnX$A!{TiTi%43L?Wb!@hhpXO<Qj1MALNk
zHU`B;*`kXP1C(@$FUR{7S!$LhgAjl#<$ZEtf}W=sjF*p~Ebmij*<LB{lLwRLeF}ar
zRc=A7+-1Q=zNgfYv%o7L0>Va1-IO)WUGhpL2b%zd)T^cLwP4tB^|+2G$NS`k33u1w
z39XeEr~&Q9dR2vA_dwrp)IAM>BXqqzJ5F450uch0R$6;?;KF;2rN#?a?mlX_Bhqdp
z?Lu{Wf)m^G<o)i7H^^)GJZwe)HbJ5jLzeG?_sJ(C_^ioUtvRbAJE7j92FL-7YcU3Q
z2)oP3t9h6u!UX%p(&29+4wE&UnVGhVMi#BVpKrYQeQrMda(;dI6@2RHZ?a$0-duO^
z#awy7c?cmm<MA(X$I3f+|CE#X@E-5sl&L4OW?&skD@<u%<#urWtH0*zL%z#BZ~K3|
z*tZO&6&11q0sib~CJ<^m>v}1W72LMs4i0SHhqLE=luyh)4FkcYi+;jQuilCw3@Y4)
z*9(=Lard-j+(BAKnq2k#)y!|5%MC|e#?^1S2!K=X`4pDBL?9zGptV1c$jA(c49|8y
z%PU)!bNZg|WuMkLSazO$TKC4%Hoe1Jxair-vFtpiJCo<LGmQ`4L*Q8%WVEoS1R<m$
zHcDmp8n&Kji3q+Vz6rtuu;>+NkSdHU8JVH2vYF@B-pBciui%OU&*R2Jf56ulUdo*M
zncRBhHH;p9847sUgP-8m<-g@!laAx_dwq;EW}Hg*P`6W0!enT;m+M~nH5bnR3QwMN
z2QT(51zazl#`ka<!a%zE<P4w%LT0%6m0Q`rc@E#+{|kI|pR+Ke!B?L8E)T4K%!SQ{
zcw@TZ>^(U}!zIsrpSjI@^1I`1VDv3lVQbBCcfKFn9gI1Vo^(OhgaI<cL+c)A?T+<)
ze&0`UXy<`c85PVrVFp@j)(vdnhcEmXfp!f0lDsX{zrgEnbc@isBM2_gYvhP+2`$YS
zj#9jh<w*j+lVL^dvyP`t$=~a(GVV;dGkM``EWdowkC|3Gkslp$K9?T!Ei%&J(nUY!
zzI6{{**VUB{G0sXkZ-g4^o5wh;KkmheCz3pQTahXlAlEItpmQoVdD<K);61md%5`e
zD^a$EX=Dl3ZR`pR+??l>kw>hoakz4L>i~ihI;&J9n22F)M5#W*)}6aeZ$r+l6y7GL
z)hK(EaW#`TeUDSnT65V;H}KLrCrHHlk*yp*;V90W`F<YT<Sc{sbj#y&wNc5#>+faN
zjx}6y*aduI_J^o3ooI{#;p?C&Ot5qOa`_)PZRUFz%nx$c>ia+%d~M&eIOMn+u~eSE
zk*$39*&i~eWj5gKqCRuZ8N6?gcQ9(_7_vq<@0st@Kico$jLB}9yiI@|i{5H<t0D9_
zV5tvf+N+IWsYIP2V|k|NQHZx5AKh0O;nZDIrh%ayU3}sB?{epxZ{jy^x{41x`Z<2R
z;!j+>-&Z(q-Z@Ai`NFg3(^A>Yh5LP(VQUyunq2VW6)f*xi3X%Fc=-6+Xsv8!<&HI6
zvgk^73~lDiPoKxnkGz8W-~Kz4)@;l5bJi2*vUbZW9NBTGLyL66-g~P!lva$Z8pl0v
z|1C;6I`~-kGhDs+2JY^<kKeuZr@Z|BM;Nt6SUcFw(SJDwr4)v95{2K+R-09jslpH$
z_n3@=0a=@^;o<d9vZB9>YZhG0%UjNHBRe`1UEUbLi5TegTa`woA3-pcx6!^f@Z*F-
zQ<HVG_Qz2GhLm0TAz^21)4<4+bp5aNK80SCD%Zb;_bIIjKqxX9U1wWj67X~ymQt69
zo|5fdlP_v`->5j@>S6h{0Yud(<b`LLcxOmC+ol4`<s5}~44Wk5$un}CU$21fAIb}r
z?qJdi+h0HCE%ggV)zfHaJ&=P-pq;~XBTb*3uxt;U{Z7HFn88x=yeHo$QY5_jZpg2w
z;S{;74ANX%+g5k2U1=_P+v;y?KXTv1i#xCB@2vRzK%MCyl@%4llF_>&9m<@>Su|zp
zd1>2gY#Z4M(%|s61E@8td1CYPSjy(Gw*4`MNlxWh*te7&BYo6YwlcqEE_QyHj@k+Q
z?&$0I`SRcLnMc0_(%_)B`P64>d1L!(##OZ<5G?F{iPp+yX4Ow;?cjR)b32&Zv?o2o
zeZ1Dc0ub1C9w`lu>^Q_3RHJ#ZcPYcxFbB5n%V2(pMZHUDt88J<#y!|DxQUhhE1B6i
zgK^buytefXy0@>Tp{kVw+xNwgCZpCU&u)5=x=amwH}A>jp&nk}x}1)hPG&Srb8)OD
zZ;vvqaT?R>rnvjMMrp2Wat0y;-7M=}O2(){xJww5>o|R&q=70VwcFLL>%P-{n)iN>
zFOQ!%I8OX|+r-KPM@<}mZ#ldzN`poUgL#d!sWGcqvh`JVjBdj;vK-cSAQd9Rqnn<g
z!pL%9%RU&wVAvXF;g+QgjclW(x`Tb1_hK|Rz@AOBx#`Fs@%_a=;hWE#k2I?}q-{Pm
zW);i(S2D3?Jfn7wMSV+|P~E|_x=F0u-bGI3ncX;p?xD@B=wF2p63fbwF)KN8+(Eu~
z@A;m^Xl=89>pc2Lckoi*GRD`8XL|h<*6divnjLG{t9dppl}#+`dySqQ>u9Z;z`iYW
zFoeNSeu(Ebzer1EGkZ2pXZ=7otG2CVV*O;M)=gr~z<SnfUrXN3GplJPlj_DZlpn%Y
zil&MN6q>H>Ygpd*8d<YC-rSeLTLjdN2vs?v&Rl!`#$S4`Cw^z*2}4cdx7){O>umzF
zr_tnN;%)rBC<dE0Xb(N>@HcI<NBwj<tJ`^X+Z*%__adZ;l^>)!ThF2G2Ve*%B=)l#
zpGQaoAq-T0kbT?d(_Ynz)`~^F%jg~K#x$##*{}!Ws#<xye<f{IZM0XmpwX-w=;oE)
zWte7FYTcI{T$d^nWlVS^;&8?%Ra#KHL;rl;ce+32eVY1>_9?^7<{jH6R_&KFB3_SB
zzB|d=z^g>VIFdwbn;Ns016t-WWRI}8Z<%{sgQm)?Vt&g!lvebOY++ng8*2s}-I`iA
zm5DXuS+%2!HQT$`qj3gPYbUX8a03~Up|PT#MSaWIqizaK6^*>mvzQ%Q-r!9$Pv)_A
z{)L-f{Viuc@HtGgin+~u`F!mj+|1I=i<sIpgQ<0sShc;2noJE7YB~`>&+ryr-25V@
z%({D|b|Y^~)KwuN)C~(&J)+O(x}f|2d9Np5(D9yuCiB<*ot4!(rLT4JEyY{s#h&%k
zX{&7JmHrj<4)>segInj*l&$Bvz9sbMwzHu9U`%OZE1Tzf7t@q&U}pU^q!0{PLp-(a
z5ssexRvtS358Tmp58qpSHMN-<R&HOzn*J3SnOf}J4#w9_Veh6{2n1^fHt=fSQVgSl
zw(55FY}kWMLp{8{?R7e8#xtXSDr*Ne&^Nl3{afael^JYhv8ZnueM6f;D`vOMVN%U_
zgb;KOZsz5!%UwT#Kr4%mnhs_(Orv{n6D#^xfsoEzx>nR?YS^!BE(5s%Uf8^Z84XjJ
zQa_1x0~^T7EDhN@7WXb=kA|r<W*d01=Ou>n!|c~Khf1T8mwI1jAUBYBzF%1Q<7_a6
zpl*QGmBad|)fadB<EX)(%-G+o%0EysrMHR95GYyNa7yHVxrS2!wv^!n<r_~4aOuWV
zsdDW?xl`d1V9PKri!}oUXn`DVX1Le<O4V6!{HSz_6g;Vh)b}z6<XLe0u>5XLsn%gF
zox?UQf6tR=02M-^<Ayj_2xsGrV|L;CW&Ok0wChzWEYNZQmFt%BJxlIeC#`nBd5)=o
zVJ39AVwLN^i<j1!@AHhBT{`c{HK4ReIhZ#|I(H^NAHbzK#dz}4`<-w`OJi$QYu$C#
z6%~s<xaQo!Cq2-~7j}Me`?!iL`kPIJrCoB%=zNL{!jwG>$^x?*L%4@2=7*e*X0^jd
zZx0j#j4BLiV%s^eMj$`HJNEn#e?9hQZh7NRobmAIKuEAgowP<4>^um8X;wS?k*s0o
zy)Yp^1TuqZR{G@GTA}lUc%p(?<s6!u9{?noOpOzA)fxtwA!AgMw}zd3GF4<`hP<7F
z{D@Dtk*P*&g>v)DW~!V`(AEgZELpPx5aja1pz;(BJaiB36GnKDoi+$doZ<H#H5G<I
z-46XgMZWUgD=%2N17NTBiA?|e@wacARB_U9R=8UcUEYRfs1x!oG6>UJqpe|=57ijb
za5g<#&b}65Ryzl8+9Q5rDl*kb3~V*(@Gw8XN9LW)FBe?FRZD-)7oYr=!#j6vJ2LCk
zmk^j{4VFC$_9z(6IWo9=o=l_CuMk`1T^YltLkfYN8w6>PF>A=%qYiJ33Nl6o`TP)Q
z3t?1Y8X5AIOCNv`WXx*k@MKrEvSuYY%cVtT$-4RHJUQ`$O1Ni<NRtY)D#EuChDeaN
zLQ|^@s)zJ<)_!}#MIPAX3p(~1t;;;nH!<63>%xF9#@ndu6yvQ6D-zS{vgjp}zlh~8
zuq;;>j7rA~>#V78JiC6IAdxQryyN~XYY4mpU5yGdZuGx=03Rxkf6%uy$#``ixXRk|
z6w{Az`D5jZ@-~Po>2F-Ul?HV?`0sIT<KDgS(+e$tDd&i+)iM6BTc=dKZP*n41jz2-
zEiQ`0b|(7hrx9-ZJqSX$XL~vAm{K;{8Umzq0J@z6S%GO*U|A!s&Q@T`iUQwd#%VjW
zLYmbmYXtH`OlsbXFU~uYcT9Ub_1QY!`qxug(z}?9QC;9MfH25ps>xe9A3s_-`UfB+
z8ME45dRv6Y{@-DkM8kL|^tR46s2&#QuKD)5OFgj3-|F0dq}jZ8%fxK!&gpG9b7hY>
z<u)CUjn)cf4LY>CdpB|S8v@QdWjpoe<P2Kz_Ngav_i?}GzV(lA+<(8zZQCm`jVhlQ
z%N_wM=R8Z({T9$$nZY!xoM?D%|0ku1a`#;U0ln2OPu+uhg%Q?OEyybmkJA?i2RcgG
zSouMx|IAdAv)p<xGS0YCE6hx_BZJDq$kbp6NiH|&esd3f_UpY!UmIb8l!E#p-B*$4
z<Tc;v_Qz5E*H3B88s@^PsXf!E*nzeU60by&{15OtB_jU&8BgUHPO&-?8Y9=lXs>x)
z#iv)ET?U54D|KmK*0eTS`TiYRZ?DOVHjQ%%27b^8EwtkS!f6!*&UsIsZ(0YI?P={D
z;p8+8LV593!HEM{@J9J*+zwRZY>z_t2j*&mo+<p5e&q#?aR1(^rF3q@J!JYBPCi_j
zICsVSq#@Nf6Iv)L?YwG{Su#@qzX3oQYvhQsh0=xtT4XQ~drpQmj4EeEqeGLkUOrP(
z02dN6bzu}*W5^6-Oq4X)G}ObLYwqKj%?ojMrWgn}aD&sL6_zNQ!Ytr}7;d38CIT|G
zF|soO*o-g(Fq(`}=?>ljrOAj4A{$tOr?oS9&er+QS($-MaMP(KYg9NLe&8CD_em!`
zJ1+#Fl_m$R6?SeMumj+g+jM@y#S_-cyoQX3?`4bTkwinnH;HhKVeh?i4%{?r3$Rjx
z$ixsB!l@f2Ox6sn=gu|v@nYXHgm9K*3Ll4d3@e;+nlfA9w<f@AZ_j|cY%g0EBVA?+
zyvfK6WHWyKWr9YI(vG(>n+>(X8EHoN8=wX4ybH)l(OK-Y!B`RA+Gs2xCZBSOkhkCN
ztXt0H=*d}ni?rzU`s>7qdr7}3ycJ2XW286uEgrqk`OoxpA(YMyP!rVQK$!%P3Cf&@
zP!rHm?M$LX$1ff|{&P8l>txv2@}JOi8FdwabH@1^B}LmnZ%;e00if#|ott>k#PuSt
z!7QP-W%4#ed$D#V`t0&d2HVa6E<+d&&%89gj;gTEqMb<(uPvp(Tf?lvLQrE?Gq-gv
zYX;VH=?mAeq-QavYYb$}N}w`S-i%SeFTlYas;g4{SP|Yv)9kF?Y9@>GgwPi`A8N>S
zk6Ms<41WLsAOJ~3K~#E+uxUjS=WU`4rW8Pfl$8is>C-3>7-lUY-Uf9_1JVfaNu%r$
zx`#G7eQnP|q}v8N#<DKxt=~3=i3sVfx1=*5D@LX^MQ`0Pf|o}GCgb)MNqQ@VB%3Yt
z+rjqN8Fx6aS+{-nJoXjA@q^oMB<fP4ENH)tw4gF8#1sPKsD{sWZ5z36#wPOSG@aea
zWoao*QwX*wjECnR=zR($*vWFI!X?0_mVXT1r(*RZEHvg6E?8i2!J~EwOo>;jA(ht*
zYI5tf*s!-^s+L+ip=rDkh(n!oIIq_vIeu7O*v;ks)5>2Ci2EEm8rS`!uyoJ;=Hc>|
z1>zZC0HR<xB~_x(;ecp6ZOnL|gcCF(DZ_uro~HyHNy6$Idm415vQ>kjbT%B8RjN(c
zvd>Vu-Itow4kNj962)Lk4J;rg`G!%&vzuS!<hxG|cpd_9#X3FrDrpdof!30Pu*9?_
zI_hZWQY8N<&S-rrG+K%_D`U3<Z+M@SP;2CfMplL4lk+IS+a$O$>Gdvu0A^J2(1yo&
zXwALO47O1b@7U6CG8SV$h1S5|W9DrF+|De?EXiB9Dr^B-FlpJ0hH78{pgPCUpsiP%
zmYQQ3B6Vq>->RnMo$3i41HHj(%=J)8XN#sOUAJR0o>E|UwM;>rq55{aP+N%hQK@`G
z3LL#PMl`ZAh@%7@k;lJ>-WJV&7xdONoaMa7-F~w3QfAyqj)*M&o9V4Gn6$sqQ3(tK
zjAr@=HMMI^OV9EGyzL&n9Xq|=Wf)Z~>RamewHepb6rtfCp|?@q{-c*<maVrMC1sT@
z<m4#0Laf9x5A_G?iA5NrVNj$R3ON2A-luXrOXYf>#^R-lz!xq5E_k0(0JuO$zb_jE
zQ~Jks)iuDjG82Wa#Hf7$Q%2aK<#3l!Jtj78oIMM$HF&}Ga6%Db<DT{89qokHIHC81
za(yNiPB1-N+fH(=wXNN>-tC?B<OB&sYlL<Y`q3!dR?9u>DOjNbXYZ3N(}+rpx~B=9
z_Y{n}mvkk0pT=rL`4RU#g;yeGL}@p@t>fiJfRKR$esLocW|gIyOpTZlgf{bXqhYH}
z(!-N<$1^E3>N@c3HZ=b7P927g{{~=PT;5q8rZh1!_0AyMhfTp1cwh3c$tbPpc=6n4
z5h`Dbw#L%x0&Hp>MG~jhd+=9B=m{iuCK%eZVYUZJGc_xXygi&+7fHMg)n%N97_L~E
z5@2JvoI`hwOkE)mKoV_{{Ks?_P6-(hlsV82r47R+NA3#1mXg<izQlOz{wl|@KRMs%
zt<`~-F5fsLq*!U#CGtq>g@SS&E1NEx-XKgU$`ujVB>jruk467X%r`=7k#c*H=R&k5
z;SQzMB(_DdH1YDse*H8N-bV7(fI^SUTe>BfOlrN-$lD{adWh2T57*m-{1f?31V<^o
z)ffoOY%OM{&hbE{;i3d@6X^)U{X_ItY6MIf0AFwSTe5x7P^>cSBJ!hyFT(F*(d2?<
zD@Lzhu6RA5H6~tP8=SCA(A!A8lstPbR;D6#OGIyzuCd5#ER8PC+t9De+l2bo8gxcT
z2~(ovNvW4(W$+>ohObbMlU$Y%Y_abi4ri9FtSbT=%Rcm?h{s5K-%G)iiz^CSjuGX+
z6>9<tILfReAI=8B)CR+-E14$cN;RY&y+GSS53MoSoWUucQbH(&bK{+m>z&=?*g9If
zA<F%b<;r=s9XFO6pxiT@+&4;TZ7VlqISMR|8}8hDlOD3%HJrSV<q!@PUUnF99SB)&
z211sn!KLJvmRImwYRGaOH=sP@Nky0NdB&4xKqb*3v{H=<UE4P0oI(iniY<fPQj5(}
zIcN%aqb&%b#yoChBuI6vLDezXIIaS$?|e-2K=_TP0~<4-66w%{G%%8Hfu1<6v1&=d
z8LOjcXHu+DCydi8SMosB1J!6lWGo1sxGpWZO4<y^JG&yh4bWdGdrEyJ&>QW9;scFv
zJtcR#g)5P_(cfU*CJoqpIf?K#+7d^3n<lS1L0&`o7nfHLryw%Oj?myOTU3GuWmkkF
z_gQL{VFBKpPLyA1dYdMTX>}W**L#sJ-vQWS11wz_gvFwOCh9~=-9~w<3rjsy+oIs>
z0Bowf>M&fIY(?7w5jCJ<G`sVTrl>}nq44&?HdjhpjQnfrZJ-`vIuIzsnDsU|kPhQa
z)Z0)QqIbOf|7g9{Xly~_5QeX}x8JUnz*r?MJvO~1Kz9<o#bhz14x;^%uZJZJqg1_3
zq@%RFj9G8Xl~+#=qIyddUzk=Az?n#g(rBr%1s%~4=o0ZddDGd#E}&o-h%k;QZV$#A
z%qPNlbOhi^T@lz=_Wp|?oe3VZ7);W44{<rTBIWkWp9B+z4TdZ)x7=fblL{$yZ60DC
z$8xXKrF{TG^luQlUpw3O33!D(VRc2;n|kt00`0_=@`CF*733d?=DaLKxo|b!+kd4g
z2%%2);zWZ+z}T14MT188%k~N+#quk)zp7+@0UT+|_MFBbW#1Dn&6K7?XaRX?sfL`T
z8=B2&Gy@v}Ub%MbVCVNIZjzRco6=rm7kTy{lIV&xK;aj=!|nbbwFIabPVY|zw$u8D
zlwXkFC{?y!D&1_Q;Elf<JH0-xUEo0hM?y!Mm`10=MEMHk^ELr4=9!2-l&Y&JUyG&*
z<8*xdx+*8l$-t5VO=6wMsk~4!lQsYpfxmZ#-r!Y|w`Jhnsr{Fwcw4MT-RZWd{4xb`
z#_KzpCQ>E^woqspnccSNmP&7zN;m$W-u@fwt<Y6kG6`7b!&}yRnae1lwG7c5<?TO8
zZ_ALEU0zBZc>cTS?M}#R$-cG-UZpj8Nn2)|_Qz2UU1E(rA~BQ!(n`izC`Ed{AsWi`
zI3>U)qV``F@e~#No`|><t|G9h<#&h1rRoQEsgB~GHJOZJG;hwxz!T*oE?lV|DFC5!
z8xY(3VN1rfbo>Y@{;9d{IzF`0O4-`R)>=5L^Bj+o>wU5nC|jd#{AGK}*5ED)^v;LU
z1iVi{FAn(LC+}}aUrLv@Y!B_Gb%RD=P;}XzZ>*IOq$1Ji3wWK18BrQiJx`wZ$zfM<
zIzlunl--b5y1G^B@DeZqE5)detOX9tDY(y}k4cSLsN>S*HGn$sM-&I)=b}r15}%9U
z43#fVYa;Fh*rH2-k{b3RIFsu;kS>Z-7rtqsK{9o(^Y`+jJk(WI^`q#Lc6?qSo>zH1
z2-53asWW(Kb&ycTw8Nc~(<IbE;5jrGRxWQ-<TZIPmQq(ma7J}2xlHl8a+|{%3_UeS
zn_=i~Ec&EZ-~fscZ=;!(Ba4A6UA_azO4LKD-lpO#UbjVcHj$n(<+Tji3a2UXHqnSG
zL$?$HCH3U<&MWjgRi@RCqRT(BAb|V-^fsFIpRKo%as^SKYsnZ>g0z{2UN7=$o6v;y
zmLhsP23hp3G51Re&n0;~hPI$&Uz?b=TzQS;Unb6?6P78uC2)4O2%$SvR<#9_De{~1
zd3sQ09A}{vguE}suHC)&NeA*z{Z8`t7)%jdi3CJoi<ZAkBWf3xHpagL$_XznvKpnu
z?D7!Duc96)47~xhy<e(rHMXuF2Jb*#SK<VqZIp<3pR~r0@CRt`(A=OeS-YC%RjzjT
zJjFG8_Xmye&wEPX+AbZ;8_X|o?X>sFqqj(YNr5hW{I*bbL*BM)TJy-}2>w;lQlmnf
z6*1R-S_75zuI!nkB6t%T^V0d2kJE3=)2^|WX^i<t@s{m<Dp4jSG?q}4)nrux<N-1(
zTL$#3O<htcgcp=x7wPr$94oyE@BWhlf+VLYleZ>WY&#SrM%i+s)bt1~I=m$=J4J7R
zW<Sqeptpdd1aG4_i@^MSy-)5RV{G5X?0t&77A`tvYP4Zay{U10#YHdzFuEnXL)6-9
z3|nK#e`me@C-L@QL2s2tnX*D#Dzt1<VRQ@Vky<zVA<)O53sHLg{B~2n^q&&QCp}H^
zw!qh0bcfc2_BM`Way=EQVjViuh8U(WaQ|m|pUUwp?FR2tIk2ha|L1t0lFF~qkWom)
z^zt(bUqwAqqgB>MDYtD$^qU&#M3T_9Rw$)#yic}pgGOlO7)#0tC4o|I;0UE4uOS#T
zLgUX8c>A7$73$hLzW2#9HloIa*C3S>G(t;(a=lNneNTivIXY#}Q!u}z579kOXcB`)
zXp+58!u33P-X|@R>G0tbJ#iHFkvRb;l&a5Kc5P=6%(Cq@(q^<UL*^0|HL8NYIs%v0
zu=~G3oVtJ`S{E*C`5RdSFQeZAzl9CYDcTzA(BkEfH|jcEt|IwI>nd^MFbS}UxLkTD
z7=~_&=B+&={w&$TpDnbc7HbSU(2#2#xXY(ESO<yqP^u0ByecmsNKmfQ<;79gWEqU*
z?>z)zqr8pEc2u^acclCx5m)dz@-kIk-A-F+v;j(s4)KS=36eDxH5(0!%`!^E80k&q
z?M~3^JrteAj@E6G3<T~m@iwU~(h+$rCR<V5iLeE}B&UhgX+m8E<-^-cqqXWVY@^9T
z)pbo*PS|3tVT*A2{_XTO0uy-NWxb_Pt|VH=tOtp>g3smYL0E4!wx&}Ayp0ytCPUF{
zj8PXtAB(kJUb%|(iwSj5ULc<$v<B&+2yY`riQyzrkHzvYC9es38-pbRpVSt(FuvYu
z4O*e0TH9iL5bU1%4gDzDjq<imxn7W{4#euAOwWp6J`sM5efM4#@jUt8lZUTyns)*=
z^?LwCsXb4@GM8f*m4c1YlK>|bNHu{AM9N`c#jm1<RPTT3%~JOF3bq-xR$6Hr8|`!j
z8ZSzp8xTS}8=sW7<PW7qaM_;5JO0UEwijKx7YZ5?FlHQKj(du<d;6Cz7*Af%2yf}0
zhFDFDKwcis*wVV-`)Gay@(V26^Nc4Qk$zi8gF!gAZ#;?ObR-43@M-jnCpVp~-5?cU
zsb*WKnkhkWGbg&FEp|wi(nuvXTJgp_Z6j-GgUrKG*re@WB|3oQPA^DP!m=VFutA)G
z@|WJo8c830j?`6b!*h&|l=^pnJvx#)Do3@b6<DEtQc|&6=7O7fQ}Xuzj`OQ%9YpC3
z;tk<QF)|YANUsB*FTpy9UTHi?7+4lMNDnrUI8FBbd>ovDh}<WpO_0~X9pi04Z?w|b
zh>ni69sXeZwXeN4ptas0Eftr=G<tnH0`-{0+cM}4!uoofT6XX6NZls<dfj!&Nskz<
zL3#oPPbAyYgRmf+4$zY_81wX?h;9|q>j10^>~xv6qgsbN7gC7TG9Mr+1$W_Zom>z6
zFV)+iz9q?4F+E7o+jQA2t_P*`RtwQN-WcELWxes-jlI$q8=YmF#dRS{Z>S!Vc<a-f
zQU?*diM);e2J1EnUrg3Y@HQ%gL~tbWA}RkM-h}d}>TMct6UtqnM;Bn-?^<YSOF1=2
z%BiPnW!tg~%OE*&UyyEZs9BBy6@*O))a=tPB6s9_3?}J&@G2KJA>Y)pyJbiiKF2Pd
zlK;-YCYE2sziU7%gjD17w29+NXB@wZFYN;a_F5sg9)Oh-S_tKzG_MQNSUB%V=y1>o
z_lkO)3dn&nm+qBZwx@CILJ`>Wl#ppT0V+!77rDlK-V-=W_e2~v23Kt9UZh@Q`DqYR
zS$31wx;nH>s4`pGKO(GkLg_-(x1`2AMotta@<;0TAP!v|CW^BNOkv<uqy;NcuHCtm
zz^AEbn&NepTBhiu0)?(OqzpywGnLt`ZPhQ34L*vo*1;I)E#OG$Ovi#V@UA3p6VvV@
zZ;Rj*X)wD(UIUK;cV0^B4#Tc$0{XmfhG316(}=1fvz}%1wluv#nnHMYhkPf{noiGd
zXp4&AEzMi^VQ1tuNpGcY$VfF2c+UTz=vJ26A(3_eu6nyuyiI`pH`m)vv%zcxwtC-`
z)LkN{5EZ+iw>u%<|C<AXglO8;ex?i^aKhW`SY$V8=v9nJs5WrNzX2R&7z8P>F^c>b
zMR4kJzDKVjhDa&66fy8%iw(;hfSs?OWSDUN>EDBw0Bp3T-5RRs$OO*!EB7kuk#ZpN
zt0a9I@&au;lmvoCXk|M=BZSh<SyFCq<ISen3Cs2b_?{=PygMB<Lf{;2ZMw_$$_X67
z*n>tu+=xm$@5%E9g&It^;K8MPCG$(8(F+4#BtPNNt5J57wuPLu*KNWNO3;{V+#!VS
zl7W+v!{vxK>i@TqwK&cKO=)S|Kax7qV3|C;iF6g7wbp2%Yb_BDfv&T<TOxYm`z%PT
zui~5V)9Edw|4$DH68NK(yn1*OaTK1Nh0v<glDWpvC(Q~hM)8(WB+%<!MLnS<=nY=6
z8RxOeOW-+F2j%cKMP8G6OLG22@RrY8y>s%KqPGfFrwNBZ*QVMaHN8G9|Au;-Mr$JO
z1lWIjz13i&IxR&*@RNX5<gt>|m8rLBb&x>+e?mZzMBYZ_6;jI`(%Yo+1pih}gmX))
z$-&@G0ET2$eprGI45xP?C_)meoEPPKUy6MXUMcuuunBO9_zJMahGkCrG1QL-U-Uc0
z>!@h?1sa=dm8e%j{(U@BS`4n1qF12v0&Oa--O;<}Bi4Ao&SeJ;i=bw+o4i3m@6&Dw
z8c{O8$d%@OveR(L`1_slKB-8)Y5B>xVW+G*rFC7)=mwgA%>WB8SUB8v<-|48j{;w!
zlXh{1{wUH(7x0wsd}1FG8{3`mKK-+1v7>m4d@ow2QnV`26#|qITDLuF4sH;-x<?>q
zXySvV-LX;o{{n)PS*8S9)8(P?!7-AJdMz@cy^TW3)l%sZpdtx(N$*n`^8I%S2m<N+
zEx}udrk%?_3FmH`#ZIEN4BgTSsE~$Mgm{~+9A2MOwY?HC%@WSsWbpbwy-mRx!22(u
zw-^n!5S_px@4b|IrJ)!>i(02oD3`bYWWD{ntn?_Ie-x)E3R6DLvFmMsw`jDG<9eD$
z{c#jPKBrfh(ilb=RS281&N50TG4f(}dY^Uywul(~bG=Wy;C<7DUxmiVYUE%zQf|3d
zNspA0{p*C-n%8PnXzd=tE3|T342KjiT)7<?#Cskm&-;`X!~u#Nl&b>a&i$YfMGnjL
zU}4wt3m%jkxTEPkZ%_ya!Veq~rK8vZzajeEU=_aiDJ4HIz=d@05Do-dpz_sr&T6h6
z&Q^wJKy71<%op}s6kUU@wfjQ*KR!(0Id~}Ju5M)Y=^-#HUdsCv#Yv$|yJI73d27rA
z^_4(w+McJxI*rmA=q!ZB*`}z~gr;koYCQaXoqfGBFM9m_Zv^WxN^h{fBJ~iYg~BZ7
z?g$7Htb?5m2ojT5A52pgZv*8I?)eeX@(_ki<QEZn_47`a?U-yuGt;0nhAq_8;A@e~
zZ4fp)Jp8f!Bhj)Y$yXqc!oVrzfa|on_3wC@66HHOJ08hD3K!&Ud>>kI*-GRsDYMv7
z{Yv4jU#_6MrVYlTI3u(Q?Sxadgqk3(Io?0ubM2BXJ;K&K;@??slX$zk^foFl|AKle
zoRC_krR=G}_sU|ewDn*}Z;9w_61{2i?a3kuyiH7_!!$=o5AVS$Q@*{2px%-ouSIkr
zb_dFzx>qkvUZXS;k=H11qc{_34b!ExYCzcGsEng>jke_ul#wzs0L2c<jjBoMgK$Lv
zCYnzaX(?PDtcb&==~GZ!bg94*;c^$fO2O`O`9*q}1R!iIVb3Z}X#6T^NL88ERz$8x
zioOh?pb-M!cnT8b8BW3Tp3;IRK#`?wx?ns7&wEP35k2o|XYvc3_mp5bxg?<>zHHAe
zxFE1>FAzAQB+XG8-F&^^6iN9B9Pd+9p0scbC|e50)oe?su$5g~o6psRW<X7CbdzUL
zQp_+Y(V>Kjl-!ub(<C(J5&R;Uf0C9aHGYx&Q-c8{<sZbGQ2yeBupq2XEq8&QgfgYo
zS(Hc*mrIWmlt7Ocqiz0D5`C&xNU=ub107LP%Uz6LAzl<Y6R21nq{vHZ9Yl*9m4RqI
zCejg+*C@_V8Xce~0w2X$!XS&uYY{yO$zVc$Uiq}prj8uAoXuso3B(%1PUuF0@?ByO
z7UOM_d?eKa>E8=FQi8Xk-!SZ$g8-29w}Z3vAT01l3En1pUXt`m6HXkV&(~Y6(5MOH
zc)i{S`<b@Ta;>x?ZC7GFq|lqh+bGS6^-;QR%hKD>Z&(g@S#SM!IzUg-_W;g+u--aV
zs54r~klq?9yG?4*Ep<R|lj<N!ZxSpieQjF3l{CmAbr8K0(}wFSU0wr;lVmHDj}Gf?
zk{lM3*O>eVVT<8PDrn)+r^g13ZqT+4tpKUbjP5{-HK+`6gC%Yl#A?{jHpMug%<mz@
zrEo=Ii{XmH7B!wAvD~`^yQ}3dQYLpg0#FFOb0N@68d7$ier*hGkmlB`Gf4M5BuU<<
zfN_xKfhqPa7y(ZRfszH!Qz=i*PUja1S)OD-1=Ghvr#r@z5W-(-xHI0T(4Aro2E9+w
zWrv>eq=aKY`FSaUuCkO>UmINlW=ng$fL?#2TBtEk>4ZWJl@8s>oqhl(={U>sJ|#7#
zDFd;1qh37!cxM)w5lc)H#95?VI$;(&tpf<+jdVbvnOqmnjq@_GLgEj|02Hhgd2A7y
zg-M||u@fpX)0swVDc<UoS?n@+o9J~JqrAp=8<dk69c7d$iMI)L8KX6+v(^#0RT_;#
z+e|(0yz_ir&ym|MVXbhpDoJlbJrw2b80)sIS?pcmZ3)?m;!M=pG?^VMZ%frx@ME-o
zi0G|SD5WPLjM`9r8G41tYg>pkdJ|-<T;3+t!M~B-CVHP@bnGN=6Xi5QYq@$W6lgUy
zSWT7aek};^NiKulLO!}UZ&PvV#CjT&-umyxz}sk<Qsi~aeeGD~wH)3CKg4hq;GDiz
zHwqmdM~QQ~a-iS9b`Rw(<$Vgh`1kNWc@g*0ngIt#nck-$+~3XnlwKy!a4Hy3IE4~6
zz)Wrn?}01lDrrb<m`J}g1~!>&slb+DqN3iXU>NbFE7`d4Bvurb?#bk!5guH0uhm!s
zM|cKF+Oj?H8pRZEP}KVr$S>(i^FDcolb6@dc%STm_bIrvF*xmIXOyz)Gn&fKMmk}L
z4HB`{nIR2mNU*W-egpKBx0JxUbsR?^O?cKgMN4Cia2zht`xH!^l7Hd3fU__IopO7$
zM#~#WlRAr?02`w<@)-Aq6=>B;fzXY4a-kE~rP5telZ)X^qBrncbdz$iI!J&k+d~n>
z8Gub*`jU`;5>Ef`6y8REgRlt=aH6~>;fm3bfGj2_kq;UWAfz65OUo_3k=%Vj_b^(o
z6)H$;f_#U{gj@D9H=uiEOZ%>a`c^_`V>nZIJ4V?m<m2Fsd7qMg%V-PAn#B&KN!Hmg
zF7FQTN`cg(4O_PdN`ug{ODZf!Dgww#l<i+eZv$oD-FjPG#uM})fcGD&x6UwTT*Ecf
z>%6b42UhQpn)NbBZ&Vh8s64u(eQl`BQF@8jL6o<;1aA}5mf&qteWlUrr*Uv5F3C*F
zzeu@5!=hsSavH5sTxt0$jW95Up*kX^K?%7MWiqzNdqs=`A12|7)n_@lQg9~1gmI=C
zPCkw@jHe)M(eLbf`BTdTx>)&zMhM+L)Hl!;O;_qFX-Mf)wUV;G8`*F8#z5%2C&K3*
zMU9D4-Wh~|fbkTqfRGobg!ieaHz>jTlyrH<Ol(P>Abj3a5${tu=RJ8Iz0g@%;q3f<
zPeJdK7GTSQ_X!z^fEbtt@p0QiS+&Z_H+0Vbsqh1gRBW|3qEwIY8gwsR!f)zqSnvup
zJb{M#|FierQF0Vl!}qVcd(!S~)@oN9l(U2)pooM(LMDSmGC7-UjL9Zg28;n412#4W
zg9!$aM6^LfMS@U50!g48HfV#ic~W;*y?^w~?9A+JkRLzid%ttu)|sR2?&@1N)UB#p
z_tvdWI=-}LtdLx`1I*}y#MQ8l9dQE8&IX)VIn}-{(dA@}M40J2_M}z5RQl8XQXeGz
znQlcaiKax9q;#WHza;(%wMQrwNQIkjz)Fm@PtW@_`1XVcJu!?)p^X%|CY4voKj?^K
zBFseDroy9R+0NQv;wpBRZ95g$M1)dhn}kpL_Nt`9mNKt}<fH_;5_^Qz1z(BPqk1me
zbi7T+2NK$MY6p<+aZhF2gSOQ{wkl;6yTdmr@=8-Ku`f!ix9R>*MJ$y+bRyd%wkT|r
zN2+kru@q9uJwmGB|8Mn{|3$q`#3P~X|8;t6E0A`c%T)0Rx4KU$P<w@)0y~ulDp_wk
z(wv3|aU4?0C(1Tm`%W#J_&A|#oNhXiZ7L7a!HdC6)!TG<B+_#z?X@c-GO;h{OmEY)
z!_@kvQb;LF#os0*C2G?YJFpx>Dyfzvest$CO5-W&P==H;U6qSnJ@eGW$|QQ8IyIvH
zx4ch1rmLqkK}YXXC$NM9U1bQ(HK1#vI$qso?E^p$?n7@2p#@zCVMSY1=Y~jUSA3!`
zaP~Z@1j-W2sVG$`o~J{p&&lxD4x=-}$>|I_JLf72Lv)Wvm;0R(@#v~PDN@^y^G)<&
zqL(ho>y$uCS`VB;S~-?dnSJ*A$OaAq>|3xeocE``yM?733T5IaX<K9`_bUDS=(8k*
zI@8Rw-zGoobU;lv;B*61bXG>Cx#^@#hgGo7;G~1u8LXrtUDppdGSie>>B)O(bfMLo
zQdS8?flB%2|7B&1-gH5Cr?Txyd+8KbnsQyWSE)c#dAL<E@I&metx<(kEdr6%QAhp@
zdfSus-6`yDboLPHPlcOaM-Cn4q06>&o^~qRF6qX}xT&N^>LlwecD<#vDxt{ze|p<P
zm<iARZ_!(+$$ZVHih*qj1@|gb1%)nr9j8410lxpA=xrxF=mKV^a!q>nKWMN0;{GlG
z03ZNKL_t*ln|hmCm6RYUE73z)B%Bk5WS`lpESFz5lxET8!MjN?ds605%B3mWX){Pz
zpYNin#LISDCI+lK<0?H4otNpPT&LYucl4)&<)lD24CRZ2^nt(^>7l2;x<5w>K$Df|
zO#!r^ft@B>UhL}XyeEN3N*a-V!k?TpA_lX^=S#)l$YdDlj3`C2H>mw%=a(*NM7KDn
z;+TMkg0!Bln7(N#MpVp#k9nS?XwQJCB^qTZw4@_cSYYSaNN<UP%%s=0*n^p9LUq!q
zrw$y69Z>4~gfdB;dRMEQNzanY_BfQFtHCY4(iyYoyP+u^T?zMH4%lh&NO_UKAJL&m
z_w~mwCnjG{^+>s-*(`+Er~M}bb`NnlWZ9-E*R5<jYg<Y8?F059$u<qH?J&~N)a8KP
zg>3)B_Nr`&v}J*^lS4_Qpc<P4iNVjECKmV)dD|%uI)fc6pKx`#;@s2rouIcpq6xaB
zDJ@-Hwz2d)P2bkK;AyHJNQFYVq?G*=i|QdylZL2B<=y|&+pc;0f1Tb+Rj6#46t;=3
zR|&L(i35F?2|+s4*F)JJir#iN)+T+^1rNHAZPz-{!@ejTU7dcD=0$h1?O}U$q6F;n
zKqQ<rkJ6-FEp5?&GDz!D=>W5nG9B>fsX>;eY&x2f%68pU+Trxji0YAtDzX0mkp52S
zO7c2&TCNjVDw+b_3(^(?x}+h^)kBX|OSPsq2O;DKe>ncU+w-2Hh{ruCF-26M;_(0i
zp+&tvUBK+NzJ#kovIvJwC>&h0G!k?Sz3%IZ;hYw~#1K57HDV*B!0*wcFr)24bnShT
zs-1tax&$2?M)!tf^go3(ebSa$d8TO;0Q=%)HTGx{OQ76c4-hGTq-)4ZA(c$(u!Kls
ztEW@S9!$by^b9jiXkFl!9;TFbJ8VP>jFiqf4cx@eTnIrR)C_hQ!;^z8ZB(Qc&6AB+
z_aK!-Dv6#-dk0u4FVoVHo~9%i0+dvJ%AYUy?7Mhh7+}!&s^)Jumse^Cq)LF@X&s&O
zATC!xM|1M3{0~;KBcW!HCb}mFm*$Fh1)a97E?{=L+NnUH;&Ru7Mxw&SXwroqpM2O#
zq7ls-(=8qeZA(eQ!A1bQ-dr@HC*asaniA-WV<|!Cc$E@;lFLOZG|hEDK>rRCiv&<o
z*~t&+$cMC(mCmkiWcy!P#m3Q95yiD@olsFU99bsnwIh3p5W>;J|MDt!z-$9E2ngJs
z99+7QTt#<!E1f6+g(#Wv>lym;UoW=-^1|+>s%)!LkJ9x&(c2DqC*aW;ja`-N%=@IG
z{asR>LhCrp{%?4n4#@+X=4GdS^8Zk8HGF8vdMm6*wdOJ!g%G8k>1|pZx+s&Vw+e+V
zW&1<r=#W$rJJbZa3%5J#ko8s|2$?}J+raSQb!8^>+0JE4o7fm8AUgJ?nY1SU(F2;&
zfA8RAE8FRJH65QP2T<6`MvIS83GmXjfgX-CiBt$@4%bT;Rxh9;_B_<$s&c!{11O^q
z5h89-B*E;;Ad(&F6?)hBrGwdN_nkQQbyh}2U+SF|NGYyx4#kVjRnvUe9sNo{q}h4p
z%1J4wAmWUxxU!>oB_rRx_bCc5);}e*i?pb^6q<JEXG!(QBNg$QRhrh+qKP&aQd8-@
zA1bz-Arj7eN(n~;BDNwTC5EO6L(|Z80ZK#C(J)ZaU#In@?s-ylFrtE{biUOzO=uc=
zB0hrl^PV)~A$Nz8G(svm?0K>jh7j6KCypq*W8PtfhM@_<mI52iKy>SULUc?Tq38)e
zK-dl+Vo5Aw=T1poT9I7C3Ko_pe<pXK2qkCkBY6Oi#TLf~_LRY0D1m83u*@JXVc^zu
z3{6LmDV9nHHxXtR=W0ajw4{k?n-0v>$wf*h8C&Jka3*Epa2uM?Ff;>07+BJF28K8u
z>FI9Y^U#i~QVP>HIe+Z=JTT{B2ITf<O4*S-F!y1`7LFof1__zLb|Xr)(-fnx1O2EJ
z8q)Aeb$+gfa?UO(Xl>Ku$wZdVQnn_=ULn)LONQHl2PyoJ(#9nWT*5%9ln%c`dDQ`K
zjP__)1ecGyg8PqtkbYTZn06$AkaRe9!UIxP7F7xkfGw@K%o8W2N=m|32qVFW3R$7#
z$$L7w5-W+mx228W<>!v0@8XW5?<U)wg>9R(%eD)eVmC3mVr@UM8VR7v#Ov)=d82UG
zU~BbSx`|dyCjmnk7|!l!49!3nI##3&({@5ndX%{<kp~I*CdpQ%w8;c{b=S7yWuven
zRu~mEaMMm~()2|Ffgv3FVt8l>T$+J_mfUZ3E8F&~vwfH$GstlRkLC9#KE@*_JW5%1
z31KUo7N$sPv+X<*D5+3V6>cu9?-hHsWx*B`DfazO^|sSJB&5Phz_$~<?U=|%CGkuk
z96d|;>9MKBA?t1DdXu>4NsvNMS9GP(+oV1@m8Soa-r7=?iM!k98&)JxC6uTaBBed1
z!?!2nQmVXSauCs<W}u{`&|AP=N8QW0BhN+ICM4k8(Kt?qsg%MrLrgE5!u_)zWbS}D
zm{ufiNJ%LPM_SPl(XrpD*O|Pgf!XOCB7vr^WDxz^v`uo{+1z>b-CRELa-^~enjuh8
zBQAkY9oj%D+|;&BH)E|-URx%ox6i)g$Aef}4bn&`pV;D47Ozt4MF-)E{@l(l#>1p?
zDKOK*N-o>8Jx>zsFx~oAlJ+~ra5kJ@2l~39U)rGi5F>6w4EZ^bu;3+a&@vFiZ$pf@
z19U$qlMWg8($b$;rv}mlWjpvL(Vxi2C@d*KlYP1O&@%V+$Rjl*Oxsp1T#ab$4>G~{
zQc=Sx#-teHDdBmsS0PIkX1k5s=L{~saAIkpp$nm;;;Aq9*4+8l=1MYMI;O4SOwojf
z9tC0B3Z+2T1h!P@nm_|Ar^iAmFm%T>jD2rOHF0pS%tuchT{5~j%O?aPXj<~ZSJv<O
zY-4RJUPHsQ6%vI|0z+@dS=wMnxvob^G?hXZ0$l^siuwYDh7gW{h!O}*5jIspkzfDq
zsiTTLE?s+l-QJdFA?>FxnN;%i?uOt)i#F8ZGc=SYFroxnw$q5*nsb=1N(kSBPK>)4
z|5ehXc-a^X0SH}U=eVVvnRJ+(rfKy+EvW3Y19sv)bhsA^B4&VGPd3+%y^`z3UWQw9
zBa!@l)63kk>`u_#2%#eoNF{M;E{C0#iHfcyyL1;qX-H*b+GZTSTXSJclMLO>!^b>8
z&<b(Wr?=pC`9VO$as~!Xh&bFBj+T;0DVaCobncmYE9KdxNF`ak^E2*Qem}b!cHuHS
zSe6x^0GQH5N;^LBOvcAq-L{m?MPtrm_JE^VzV{1`8+a@?O}>smq>c4^zvPCaZsE9r
z$8heVOKA=_qH6{&&4s2ptAnN$L61&ullh&>=hy(5=6&MdP6${bN-G5Rwtp@vr76Q0
zcshL7&14}~XC%_fX+uus_tO_3mE@`=H}m=KPjS1mv89DAEi|D=y<Rq20$oztSkj8Z
zbG!vQf@{ZJ#<;@Ke7yT}cGhi1x&62_r{9WLCMr5PQ&A6O3?D-n=$e6LTiD9ks_D{Q
zXz}%+cA7$FD`$?F&+ld}z?L>we)w~i?)n^$E0c&7=7uA#V(!3W`RUu2(j2Jc@bW1<
zJo|ngSn)8QZT}drC!2^JiSx;&yV|`SN?}T;-Pv}8jEvs=dgh%VG+y7dh}za#bfKdO
z4VUgpFSo8_oA^vgY>V=o-9s~gRseOwo=Ene`|ra_EZ6>#6$vr2a1{SI<}rGC3&?i+
z0YOcmmfx-WGjDBskB}Wg7cQi-v82<!9oe~3<mwpCLTI=&C%tb(Mi2@#O~;ltZq0=d
z8kTKF<sxwDMqDn^mJYuFfreXmVMXfz(4x=6R*15!GX6CCVg9w_BmTbTuXw%rj?UOl
z0?H)40m6|0N0c7P%cnlWR~6rI_2L@|1R9w(U?%@K>8~u`yOQe`-%Q8~J8eia91k)I
zL+I$5v)E&&v{jGpcAnYMXF}lCT?E1{Oevqj!ZThZ!|h|)t`+!<3@qD1MGw-|H9gL&
zw6cxe+Y%{dp(R4SftvVhAu6RQO$=Pg->6RYHC1oBSaweHZF1T4A$uuhqyI%BZJay$
zr~G>AZFqDKnXU`~e)HucJpRq&pt*2quBhIc*viHbE`)F<!*RNB_%4J%%A`p1s8OIN
z<Jlc=Q(vTvS!v65Np~{+o$778oJ896Ey@|~0|Efow=}gqmXTA5EgU3L^foPRY4PqT
zThk0Mz5FQtI_nYqMh1Sj9|1i5-HW`pb20Z#zMUT%w(-G^4`~cGq8V<-t0Qe^{MB3t
zAy7&Yi7y0!uIboTh#93*_|@cJ^2EBo@zIWt(1nhZ4%}w$z~gve#@+PK?u!tDik2$Q
zdG}I&sQ&@C?ja&$W3(3U=TTrv(^*^t49$UOOFQ1znzo6Q61VQ0Ssk$>QI9&9;a2(=
zkL7`5?xnhQKa0L!M0s8re?H++o>}`Gi#9Gqcln)pL9`E!*b!%nrMu`54wNX@u5?T(
zuw{mlcJhKWfD*egwVA@L(ZN%aM$GX`Mi9g9LzJ8eMkZ)pz(%h5Db#!lx(=EfXKo!`
zc#IobHmK-8kZ8~-g_5!0G2uK{rt`PvcIc219An5aHpGx$A_}G<SDz0m;uuNN1SN4C
z4(@iG%@#!ei_k{>2J8qbRE_-RA_(jP&F7R?cC@~P^R=XO@KAsZL*_uVF~0*lh+X|5
z1ok;}+5vFqAx7K=nt`f#3uQJsN)R0j5PFm@>EJ1hD1)T~L%2YOz?FwK;Sp%rirlyW
z+_~-ebdZOQ&|D>Ly#x7~34L;RSC0&-bw5*9=Hp{4G`&HSNUeSOCF;ISN>!eMS<HhI
zvDJWHKKEOf9zJATX}16E@Ae<~>c<0(dHG&XbHuXI5Clw_o$GaHc??Ymp(+jpOd=+D
z3@ty~ZFme#RJTN|!Yq%g&9r5pC2V8pqO>s64N!S7XcDm%x~5^;azt6K@6)TM4)VD*
z?GH<K)YdnK%<=tmGku2PAl?>HIRzPp->qwHVM{eOg-tw~PSBECrc3LS?==8g!ltyO
zBG+SR4IxtogQm*PbZeO|U26!MG8DE|QNGVGEk$D}B75cfwZ^b1uYLX7Dnmz9A850#
zojo-Fw6Uc*)lDI*tRT}RGCX=~*pdxxVTk~LmRrxyaA~zI5jzx#W`F3Z@g!4>t~l?b
zauEWgOGz`wg>WTz075k*M5Rz-uu=&<cP9fx@<1)HWQ3xOLS8-oS&lB7##`I}%||;w
zATP7nF`5h?y)%mmm_Z_Tge<q8#!w@nNDKKHMfhDAgzX45t^09nE;P-cZ&oP)rfpH(
zx*wO&IBvjkTs8I*-rKR5LVppB;a1E@kUm+ZxHN;7NGlD&gLn;J6g`D$2DxV9&v^2<
z-?OuEH@{lCfYR(z?wWcFlS(FX^6O`@uW28BvPx+++XzJ3$n|8CVfbi`v=WH4A%sSG
zcA3+8OPi|ZDo~2%a7&yYFKqZHHElJ#v*mq;6p!WpS@+NyZlyfClxBApnh+caHelN(
zF5N{@W+9esaWL4B+@U87klhZ{3376>M5#h_k(9Pm3aU{w2_br`l+c@0m`M#Sw%Vu^
z2%U>ZoWr1;{s3Gs{4AF3U4d<zWVy4*bY*ZLcz{eJ1E1leA=F6F3SkHhLl~6!o$Wml
zJHr09YBbG5Q@9C*!mE2I&go0UwrPp90?^BsPln5fC9U|Xc5L-CU<NrDsKe{Zq$Hyl
z6jZiUBBMrhd@)NYbYXDGnDZH!>)?I<sIyqHdpWjkF}z?HznOVAK`Th9zYlI{bMxdI
znAPtnUikK9{O&Bm(xNP@Bpw=5-LfBqicT~llxLS=2!o&%#LzVAg9n|#-!k#)UW)uh
z=$b}tYaKRr(&RL0u<lm25)|d$K3*SDLkd6%c47;OrnJ<_tx^)7?&a{pany$n@|$n|
zfCk)o#4mVp_MaG6Fp67O-h(MaD4;B>6rlvQ!Fs}GkQ{Fwepdz!p(Zj6FJ8k#W4M{t
za0@=eM@dF8wz6psw~&`vNOQQE)^H<!cP{z9Tx=<+Y^}njxv*?!@Gj3PMIbPxNnPLo
zKHWopW^q)m0qO&FWa=I+AA2FE4mp91wVTNE70_aauu+s}m4SfzwgUvs0A82RnJg%q
zOvB6Iyn*a*t8sWHEizph49*|O-sXKMrO5T<kmd1H*H%YCW*#ohMSbu9wrycc8(lLf
z&n`nlVA>{iZS{Bz4<-I$6pDZuq_(vdpYCDKpgH7c<nfnpp5~Vy+)P9|VZ7zpr3j!t
zaDYH0fY0TNx81a|b)qnOBkZ_G3P2gM5@-^LUjK>ScHXW!FMG&|e4_VCNqTt;7@Rwh
zFDh2?!ls27n!)PowPbtq$?;^<8VL|E+sN_ckYV^}4!0ncO>stV$5V~74l0$zmNuT~
z#5r~(N5~G-9BNJ<a;xa<rsJ5Ej;>DWj@_s9$vxFuDG^eYi)>Hakh<?ar5=B>-)>>5
z=z?z#$J!J;(v?-xCd<fVRQ@owH}2xzuYQLmEq*w-jjac_^Yf*5u&Ze=K`TsIPG8#0
zAYnU9L1rEiD@<*m9#?enpigEIF3s`c?{BNcmKGr^1VCFP;9#Z{5i7);0mt(0yoDSH
z9^`>9AEC_*a%9OwG7K+D+Jt40lB`l(x<PZeeT)u8TFLVjknPC^6fNOabfM#Od1(qY
z5w;@q@)h9L-82LnQA$#jRZ5!~AYw<z_vW*^aW~h0cr!JvHCR@Jn<ih++(E~(c-zMm
zXO-gfWYHRKb;cG2y)t@{Vfd&I9Kf{Aq~-sv<d8hq0)_I}D%m3ipme!|hygw=jiH=)
zB}z70$X5=TgHaVPL;X_F3<&K9{~*UuiqttCBTo?+ehAlr+3Xl8zUY)Lv>zp-#*&PH
zuPkb4*kHAQQRs9!kp{;o@)bGdA_pPoFtm}sMuln|c%gj|X#sCB=$Veu6WR~D*MYCQ
zQ4MQR;d(^wc+~#IU^YQUf3QOiTz8&h^n~ji<4s1K`ZLOKawRzL<l1YUZ-O<BLFDNT
z-d<qjIN$0%r}<0UF^n?G0S(LshX?LFFtVKb(ZQ7kW~&nxs2Pa9^U(U8gWUOo13PBO
zrPU{ifO5m*$>YCmNC60UXgBT#K>!W(_9dg9WU-TgX{%di4=x^8n(cpX)xMg`URt+@
zkS%fPnwII(QHbNm^~rg1{;2ZuT%SiN#iH+O4&46k_f>mpTg(?OIlTYO!TH%AY^iTN
zab#iM&)(dy=U=NU8=t@Ai2f&!F3MF3UR_st@VZyOt!R!|3L6IX%5>*uxLmsr2156J
zw6!j@ry)#^&oHvx2Daq1Bl~7QF@IEPpB$g7x+!R0`{s95?|-?gY5cI>zQ@iOTQY56
zex_22r@!8PV1HA{y7ky0y?^!oru|R6zOnAXYp0i8IH^4En%6g0zOlZdb;XTG4G@}8
zKi0H`$CqbkT>A3b%B!aJ&u@-cc6qkXb;t1|dIS7y`oMxy4(pTc(uFt}w5($uTUJqB
z(-wK}=QB%&6=iyk`or?QJFA;aTzU#$Qw%7jK&Dythz&NeQ75L%woo#X>5?*|k60pf
zHOtvRkx{1(MvAq)wur9&C$7E-k{X;d*tS1VNTe0wsxg;wblEiiv3Vhvetex1^QwE$
zbPr>DkLC0EZ}VOK7Hnlxn9++Vugqma*)*P=^8|zQ22#^j%MD9z=dI1JvtY&o?woWJ
z01cr=uKf5HG>2PQc;YhvoHTGQU!C_U6JI!*(}&OJ563(}jwhQ9wVSwd@eQo6UXR=G
z5wXJz%p1r9Gw-G)+``%KT*8_iOQSRi?wWQpmyf-eosBzr=$QMsZ^c7A^7#YYdHgNh
zc;q$Q`srQ#ZPk<9arE6Rn0Y4v&EXbq|Lh)~S@TSMf@IkiCl5W5D<)ioW!qdj?gFyh
ze*ErCzPVx<RV~#N`-`}7@ohZ&#b3C1%9T8M;vf0dXA5}jizo28GLrTjb?beK$v#mw
zHVDX7iln3jh9>t)I4Fhc-2q<0_ac6uT#;pm7@9wfqsyl8@7<r!%Ui(dgHGT#*^jWR
z_B$>fdpW<EatAA`Rxvnt0OeVwe7<iv=l=T&nuCoza`XfIe8SHFs0$q6`p<7=(bjiS
zN)fWcOe`A5!jt~a#=1?MwCEfJ@X48Pp`x-ss%$c0JB(BckM8E;e_zeg9iQ^dDbMhe
z0mou1n?HQ>XYO0^AeL=8-US5_GsvjkqnKVkh4;68Kp%e}P9Js>cQ3mir6m74`wenD
zS!8?sth#I|RV~#F$r}W~vnM~vh+ackRkenfPk$Dd<|1N8c<75q`R($D(a^bj#_ilP
z^+tRyAJwh<x$?d137A2Ah8LwIPo457etOthJhl31Zu{sihsQ!o;B%@x6XcruT!KIr
z1tQ@*pf2`GXzWHQ6QMlGFr5FSl$g?Dck^DJ*zgRr*6~fvw|sc&t6VeYVxHf;kRR$c
z^5Dz|`1#l?0r+6|XI%E-<(x2JE`Of&5bNqT(l4u=Qhy)5s{V#^|9v@aW{Ab}-oR^k
z*jTrTnPt<N`PvDD-Pt^M;?qnkokY+I@tZFn=8>--r68jhzni&$OGclELa}!Lx190r
zMLaZf0cQ<A4S?+pJ2~^6i<#YjCU;G_8Gv6+{UzgjkLHXw&*8VTe#0-0ycU3uc7DcH
zAKXAqYb{1}r8%}gCv1hI^tXF8LRN@Sq>X!L+{v{^T*1=a%b8d*fjn<6uWfphE8n}0
zY*z-q|H;FgHEKQ{-Oc*y4V?M<c|36J0?r;i-@)<VPR@JdVn+5J&b_nl0N~2QFJ)Zu
z7*77@d~TV3BR5a~1puFH|BS2NxsK|V{qfcGv<8W-5H|Tz8cFB-=}O-#h20=E*(>gK
zjD6Pwz3os>(zhz<zN2?0;e*unn(kf^_v9_B_=0DaKkjU0(BYPucXRjDTe)||gZy#X
zgWPlc?OZ?cO0HUbBb6=Hd~nvA=$cO03ZrWp-_>nlSL1HZ9DW*+sQ1dPxw!v}N4S64
z1Nhuo>G9~wfa-v=>RJcW@ajL+TZAkQXn|bdK<t&KvjZ?exw`7(4_UUv_9?-4^;>xI
z%ZI@R445(aM1DE(S{CpAj9pE8`FQ@D)CCSuA3DHMrIV>@-Oq&|T+Q;GpYW4mr}D~)
zPm|^LV=J3yHoVBqpZpS2S{>_FlA-xS@aS%~)c?pIzxpEt!aVKwlM(fTUpf9#9z6Qj
zWP7vuu4WTgd~iK$_k6*uA#?ftu@5k|=r9zDJ3jw4{d4<r;h1wd^NkDm=*NHYxA`wH
ztN#q<{PPqVLydfO$>(gU|G^3C^JH=7XA8J#%5^N?^99rTPT{J<F9YEBbAQXvCtX9f
zH=DK9>pA_EvvKJzmR_=$=5PxqzH~YvGnni(PNc1?_M#jI4uTT#`aDgY^_EQdb}Oca
zPy&UdW8#JM>*7v(iAKFtzlGZImZL-2#fVAoBmBdVt4@J%9on={p=~>I)tO)vAjUm`
zD47pRqW1m+_1!HXLukY9LJYnc3?Brmu)n(reaxc}uE$<78FGfB&sc)0TZY_xC)(si
zpm`A)ebJ9yhrRSDM3xIN@mYj_FobK68*fJKdlPh@V~90<4~^eK?s%yE96SZ+$9#zj
zRzjo!Q83l1d-bJIy8_(VXd~}J489tKj%wM4T7NUz;Hx22i(UC1<Q$21#50KOVW>cb
zQ<v2Y(gG>bM%{@v@;1=isQRz4zq$yKI~slJ%czD8U}PY2MxmNEV=p@yQFILYghv6;
z23&y18-xA%@s2?zQp_JEu#tE?!XFA*r6gp^?e6MX);>Tt4(=181teOxXG4jE_fiRL
zo2(qKYsP@QY^C7YRTT%YfE=$2pG%iPOHLbF;9qp{gh3udXlFdPdiz65c2u7;u210~
z=Z`K&*M!>;T9(IUoHDX^UUfq-a<Ij;A3b|)-_ytR$-i{rw|jp1&ZdeBjwtVS^Krv^
zW1}!MZO!h+;O3gvK>z#<@AkWn9rnkor<Ru%X1J|}kagtHf{cY1P3XU;AsCtQhb22|
zS|ZkSKOI*#X+&Y>KQ5S9K4Wk})~)Y+Up?=cul9buy)KyNF$}-QrF(RtAr(Hirun@t
z-DL<(A%)Mai@}9i-l+rgGk4Xrg~Fy(ee*M1!+U3WUS7Me<)M$a)d4JAv#;^2N0;sW
za_7Oo@S-g5=#m`wfYNNw%ptw}U++2?*je3ZqH75uk+yJt(LG?c6xcEi?}c;5m5A=K
zQnY6YluCdE+ixo~H?OFUyx3>^7VHZPAu2>H-V~AsY5^pjL6LCT(k8=`%k1(Q0KD|W
z>tKa&`+DPcWg%?~L+E4}K8`A#%<#M+Y}~(r;rT;&`{b8sj<hiCpU3ij{T7~|`y@w{
zPGf)Ter7B@kx4JlAz%i1dhTQFZP~|lpWO<;r+b!g?xLS^Y`+=&<AlHP&enf()Jw-v
zoY|XakN-1y-aN;JZ`+LTJ%(IQ4&PL*V@=gM-2PtR^73`%Hz=i;)o(f_{yt>6{rC(o
z*oq9pN0!@<NB5w+GHH#pa?DF7a>U<fP#37@kH`IvvfO?|Y{zXbl_KApN57oD1kE5<
z|N92&+YV6KT*WD`oXLWvzs2wNbNt{r;Bqs6#A)b4=cBEkpa~~BwcAtOV}B$DIj59S
zN}`linkXO3)G86;AZZ-NoyMfciYdUhm|Z@D9CtP^Y<`u+dp;w_oz1MW>0q09bq`r?
zKg08faP!h%v7z>RPUt^}x&4p9<I142wTh_=f5P-vPe9j+R>=1N03ZNKL_t(^{y6Km
z6lV0sk`^A_&6kzmu(574N0(2hEUSbgipMjy_h>%c@d?*`bQ4GYb1r{b{~TFvKU)v(
zVENuJdHR&6Ic~r)ob<+7+_&;!?wE2DKOJ>8rWuOzPl2?U(|;COZa*(<c!f`PeNMhF
zpV<SBroOp~Yd^e+y0&_%nydNgqKmn3(M7z!^+N!DwPXQLuX%<7Z$9&1JC8AcIf8F0
z*0SK}yBJwGg3Bgc#BXNZ&9dDqne)Pl{C3$RNNJ-Bjer^C)Zr&{(YW(iTeXe{mp+6Y
z^{k~m!zzYv8vZ8=!j>x2ibRrRYYTl35RAumr?wkFp)fR^d`~W9=JRFsDpppl!mE23
znA4x@C*Hs>$6v$EEAD09zb@vKfpfWi%AI(0H(72!<9i*(jZ5#~@%2wJqjV~_9r+8S
zvdJ*K49OkHG37_Gscs_~hL0Cd{s*Ib4d>WbPv+T;FY)lq1<W1v6YiaM2bYhzkiV?|
zJIB6yD$jqvkbc?ad|kDganDU>{@WKYykIDg9s3|}ZhC_!);tBkU)KGd+djITo2T8v
zEt7xFZJ*!E{6*(;;^4X5cl13d+7sKPoeZhu2Qj_w<1gmw_itc-YYi8VJ)iM?#&X8!
zGr45k1$?k|G2{L^iNCIXhVq<pR#&cJ!e6H{|J8FD-fJj-JpN%m-TDcSef1;&uYLCh
z*SvWRH%z*k+h^Ruogd%B{Fl$+_@Q%o;J5|xJ(@}TLQ;N8C{0S46eW-$U6lyYkTmg%
z>uc9~+o3Jcv5loY6DaZH7{2M?B^eK@{eNIc?jR-&JC<p~=929%!Vr42Z}os|mqD&4
zhi~_9;P}_(bIR*yv%jr|OjjmvZF!g9EWMAJFCNE&6%Uf-_R}0`;q4#ZL)Y9Xc%&c}
z{j<ks0;Q$RDHA)JEB)TT*slxzgOim}s!ZDslq9`Y`W}>sB$bch%puA)PLm@qA)LfQ
zeKLD9W5`KN89JBVxr5Nq=$lnWpN!t<2y#5xj42$+yW2kCk=1{uUv@dyjK2(B_mJz!
z=E{$L&X{K=vgpV6xNgD~Oz(dTf!Lm6+WD-Zu>jpbBEMqK3ToQwIJW;xwp_iDUmSBg
zd7f+nt+kvs^c4Pf{Nud4_20~Vehx*Mh5UK$@0r|pI<KDo0t52~aKXEmbM9N0vi;x=
z^1b<Fx&0Wr6QY&n$#U+6j*gDc<zssJWJdNH#t*ey(0~EC{TY%!h(CY*S6<xkG626@
z{s-p&b3Qv8b}?t*F_dMMaAfI3hV>fCN83K4uC)dubq{9ZSliV;Ed|O}NZTsRu)fbD
z5rj)@Gb4KP?w2IVrmHV@?-;>i%wN$?-i9{&Yv=vuyTHgo8~Q7>kq?5W7`5$T2-YIT
zK8h$k3%TZe<aakA`d^9YcL}23Wrz_APzRPHSI$Ll{hiZ}-BB+OIAL*yA3VJvv>&<t
zdN7+%ZF`VkoD2xGsqcZ+g1ux0s%aD2#J@w%VUG7m;e;S+(Om<&*D<bK*@&DmsH*pn
z+a8C^erN-)02E^Qt%#vFqV~OoT=o;x_9sDiLFPb|uNdVmMw|2xM9v88HP@oH{|({o
z?HEyZ5HaWyw8MUl-1;Z%WhWu>k3b*)u;Yy~{D{19$R8d<R{jf-Hx6y!<*16q$nSp(
zfZX>sa@94UEaHhV68C(?rqr4Qr3P{cSC2hX5u>qA*8|O_)@C3xEoX9{a^6#?Y0*)+
z87?E&=hBr@GGa$JwLr9|lAJKQcec-^>rbqxta*3I_Jbew%?(_3L|Ng?0R`DP*<P1v
zO9k-IXWMEPyz*`3(BXxd^A78i+Z-~jIYSHm*<Ql{m^rAxj}RKV(Dok;So8k&^`2{H
z4$8l3TED^@j~P@ve|$;q>3{ob&k3W8v%M}|^B9`;vq=MTin82BFTcli?W`gBV@q=~
z-ri8v_~?6^>QM-!Wb_3Sya2XRj#p7SS|$@ZyNG4W^PgW+`N4{v&BX(9y_%EsU2Ump
zHP`Gu5CYg*+Zy?DeMRe=0}8ySjVsNbKCr+yx;V?DX@b|*R<vSDiCZ(`hdRZQSfrb0
z2_Z-gcd$G25ZXf8Zridl3tF08y@2}ID_h74BFaKwv~P0mY+{!nRw?m&vz&<<(U^Ck
zA>zwA8cHcNO`|SQ&#`Zu#^$Q8xn=s@^v>wT-sXK=F#HVqW|fiU_EVl+%F2qbx%ja2
za2p;pO(VyXjR3x=_!@w{%@ur8v5Fg}{1Si?e=+Bdn2+C;NlEWw%CgHiuzv$6MPY^$
z=@zm>(E-xI$+RQH!gV6icw0NVsvX<Qp-@=iR#sK6=B$zPaO-Y7x*Lz-rNmzxm%Bj4
z_j<HNT3Na0OM-ToK%|Y&cP_*4&Sb~IU5qV0j4A!6F}>eZKHs^7t@S_R(LEhI^VFMk
zlf*=^#^c!}!j^r-rV%bRYKsZbI<{}C?}y!$!gfB38yeln6&xek=gH;Lk>}DFZsyCX
zZ{pz{Ck~jybL*ap?;lyXWfAXfc$JAo6PVOzB7?FA5NfMqeeHLgGkhLC!;4gsEO!>Y
zeZ7!Uq6v)y!2`Vc<GUPPK8?wJ4rff^Xi)I}j>T-=x0=kHV*Wb!F~WA3t3SGt0&gBa
z88DmrKs_f8p38t}xZzRdQ+aOPb0{UTZJQi#0hf$DkAuMmzOGzNY!Ewn@bSE~?j@G(
zSxL|e6S9JQx@!sHri1Jm>m;&VQ@M_vRX^Z0GP!KRg}AiY6lCNBFur&!=Z!fVOIqCX
z`F*V4{S`}%&nU|qh!BF3tUfF_<}MDj)pOnZH?qH}3coiOh3Y8VbYe&+TdB}&D?^Yx
z+18b;w*}QgkefWYBze*pzci3`T!wwKN;!MTsaVotV()Q`E*K8L%+je;v{VA{!sb_b
zcjL>ftJ%m6<F4e$qVc#jm!lif;=&KE=3n2x%E^cQl&K|0u&ZegXAC`=(Y;3laM|ed
zm|SuMI~#X%&x!|WY^h}V-Y?Julw|hdvauJC=glQx1}M!cp`xvxjkVtcu%YHVHaBkP
zwGs2Mq|Jolv5e?76o47!Q}MgAXpM%0#uL6u8Q)hI%UBp&Ad1~TyY2<vTmJ_0N1n!j
z+<x@SE@yvpwF9@`bj}%lCa-`07MrRz(8piQB@-?r&znn|8K6&A9}b3^*jT+0fGxE@
zu%T`vFOGTvTiJ~7GnS#fh5#_VpMzsdxCKq`n0-*hj1_4klwB^ErzxD(?dl?}CF6jq
z6!OsZHmM!N>+0+~m2%%b+_YhG(f`jFehTx4os3e7*{_}w4}Z3!-oe;jQ-MZP-~h|F
ze8`29f5y=K!7SeKDSul16ro@P7#{ALemelSetH+1syE<`hJdBwct~M;Y3Yph<DI=v
zx#_Xq0+#L9AZbss>7o`>)eA&slD?+9I>9x$u7tA6*}FNZ&qS7-`7Quge|9r#s@DNv
zNgJgUy3pBFzlA5({Dtww<G6FuFDTC{#c*fx`R--hF!3s8lun|5PCo$pWtX>SV2m3Z
z;5K}GSNlCDzc!yM#$U=6<1gmX*$;B&@YA^9ol7`%=m`My@fY#ak@NApGZ|kzmY*GQ
zCA~9y@xaR8vvAGx;Bxl+oIUakrwZxp%QP*so$lx!tNOqJ=Du_?8}@v|l)<y&IBl=l
z#Mb)l0BqR5k#*bG^3LY>IlN>7lgf_Z@X`rLCHdgTkD~2Hbl+amh((~lmIzxGsQ`r}
zcpF7T)k>W@lwJrHX^p1@NXdUkr+E!uL*qIplnzieAHnXY5dE)m?sxtfS@AyP9)?zQ
z0+@}6!egB9Hb9iji-yrzs4c%n)va;7McE@9SDK3PG!`<fzzjhBN>CB7no%_$BZl4t
z?tEz5g;w@cC!9{tK;#^TYFOtOP)SC86qeAT>3h`HClL8Z!myj2a612BMEMzDHX%1H
zfW{wD`#*!c@s25A1<>*)AhL#{surWR{tcB`iZ<jLCp^!Ui&lQ7Lu1xZ#~{>PP%s&4
zmpLfx{}i?LMaR=rKF<k@4A!C!u6J;3-G!?C8oc>*>O&IB3Aj`G;PeI3Up+RY3}GF#
zjJ6t#mVTK2Fp1|qb)T|at7{Hh)lFfuG{@_mG9V{&&G%KU=+Sf{ril?XtRj|D=t9V7
z{)m8S+u^W<7Hw%?>^|6rfp8g)*G3mY4D6NZjaar?w4tiu`>NKUvnyPHOVfVbc_8@n
zZS|G+E#6YU@REt;vxgRCpEjX1Cmc1*@_dFqu#eySU3GJ4<<`2khL9xzBDPdWDbNjp
zWy#oR9W<39V&c*hLg!FI7eX`!OndF#0}(uWG-HIbdDE@wBGapDF*)IN8*gu@3~Z}u
z37>yt-<;-<Y5%ytIsCz<ssP^TQi&otojTyeVgN)9sKkccT`F{;z{<3wo!LusdkT_8
zq$+?WAt>n4Cgtd*3ytPb1N&Ml8CfulBa6nfa_2{cMbu?(h0v6<S$KQnE_O8T0^N%d
zb*bifvKi8A1X~-nvu6J~@;!OHJMT3-y1{of-{I9gM63upI(~O%lmh~U7S9OSJEIT*
ze7x&(nj<X)A^~)vV<TBpy$-1)V|tIG#NUUi#+?wc7@Rv0O=xVa-9%eB07S!rOyanO
ztuXxx2J_aLuV82f>#Nq`HN4Se6bYN56L_Mbk?Ha~8>4{?!$(U?Ew5~RmAj9=gFBD<
zB|evz=hwf4ZChx%Hw~Oa=+qNsB^46Ym%U*xqc8!~tmU@v$Nsy79gP7!gvpq+LX0aK
z&&d3t_zWN4U+@KP-PtI7Z23$E6&^;wa#ktBb{Je*JPAO+3^1Z-Ja3=kcpW#_Z^5m(
zoXy3mop)Z{!#msl&9A54#`P1fB+H$}XM2{hwrVxFy*xhWVa635#xFj-la*UOX6o=c
zfWoD_7@j|bh;6cP(;KX=T7w=-U}A?ETQ-Sd`9ts+9=^Zon|OHDoPo0#ReTt`8~4U#
zWS|o^1YW~gS+k{$Co_jv=ReQD`~j@oy%N7CGd>yAH9eaAz>J69$moV`75(RPXHcBk
zJL(u#hb-G9x!QolXQPq~Da$1qg+(<mLUkcqsic$5D%e0t!3Yj78iyq<b~o*Hx=956
zv&(5S+gSL+TWmS7B|gN*78x>h#}E!hvvui0rzzaR#=1?QyW%?I)x8YKA4Y4Wjel->
zot;g)IlAvr1VbTbu|en%Y31aRXYu-J|KR(&%~ZG6pb4Fb9l@=+@kRGI3Iv*F5KGqH
zFQ=T=NE@$iT0}*2CC+r*Sr};yH4?VNWEehY@)c=M`(EF60L(}{i)O@*IBhlBe|QWJ
zZ>)Qn3p|%`-k7twYv%2obJ$rtwd!deoO?f8>$g(fydPa?MC=GI&4t%+^wzDr@w)x-
zBqV)v%V`a_^4i8XsBEfo=tz^oJymZlWPd*1=H)nNFO52Li<$Aae!GN>PTV@{lDjdY
z{+ov(Lnp>Y!rw1`w~%{R{1%t)qM~6pQ%fcR(Y`f;6G|2PC=%kZev|mau@A8A;0`YT
z*R_NK4Inh`nQ<4#4?d1Zzy1@?uXzT|m5CPBuf#gj8$UfWcDgm7lAir1daFRH3`@$S
zy)+(4V@OaT1pQJ|i1!5F_PWxPS588d6%}7{<;OP>krC?JYB;=jVh8XcJA$SeWEf6z
zkgydYL-X+WpFF_{gO20VT}#RJINl3e+UR<6jxmVosGHThSFn1|7d-mSpLy-{=b2JA
ziKF_>Bw{)JNAJu+1cHxueojqm4en@P8_#qpG_Wl+&8Z_~hQN}z^u+0@!mS(ZJh+P;
z2X{G%#o})i7+xo;glOhf1K!^JE;miPf$Jt+O<qPGpY2$}`l@f8ebk8y2|YEAW0$Rv
zwkonUD`_4TuvAl~!EThR5ZX@(>Igq2LPSM*0I>H3)b_W)4Y;E;n#~EHMm=e<ur#4V
z=3tOv)V^0xZMzYDjt8W(2PvL>Eo$T_30C4BAtzTqhQHlQBLs+OQV>@T<P3$DZK%eL
z5Ug&0r!1TS3dd^{=TFEfqh&<P*-jm?`lW@6<CP|Tx-#2Y6iZlv*3Khe3Bt%kRlI|0
z-Q^^(h}Emp?j=)J^yu1*6ux(Et|$Oap`;krX`wV%j}0l!;Goo7>NUM(h>Vng>ehH_
zzjPr&tr7c)l{@QRJa>H7{XZF6))qG9S3lIY_ASZr=D39Z;g;H#TW1aC#F4#oUK!l0
z;j{^*IVHJ1_dnO}s}HpVEl*UDUAm^>c4^yc+9F%)T0;}db2A?PWNY0Qo9kMqjOd;D
z!~SLyDHReX49N2xGjveq`)jJ2Bf7wdDr!x0$lh4l7~=R5{8-x-zU=ummBOWIhnMDf
zHq|tl7adWacjBnx?0GW=<ZP>Li}cTPyIRAR0+>ClFmv6Mep!?I=lSBaO5s@50(2*v
zpa7iEEg_IniI}X%mgRW+_RsU|t!*)%|9W@x1E(HV2=LfvTMx80wApwJ9XmN|k>hnr
z@ji9tc>+3|s}=jm@=C&4xhkBMl#~F&U4a#8LQs(UN%DR216}BZ%m7b*`*&uS&*V2#
z?%-gskrjKEP@2=9LSF&f8+QVrX-?L!FdAQ0eFMOr=6zhg_<AfQ8JRzXzB&CEkW<e6
zU;dtjn_lCCv)>}un~Spu<nUx<!7$45hwx>^D$W@(kEMH8a{tQTQRFYCJiC<b2e;!j
zoMZ(XYrf}=E$?vl$a(yB*1arPdOv-0`>|l=uZY+tuWVe%z<g)nVMgDnEFCtL8U3aK
zj&U%)&v;6*`tayif8v?df9Kuv7E$DP&RA?$Ns*A#L&VQ5D#_}@)V`Bgv12K(Y<QKc
zkGzr-h91w>`t5wVXBE2UO76_l@;gPW=?30tM;!HDlz1a9KhTo!(H>_xUg;ga>qNFH
z8p?V0(9`f4KA!pRMLyg88B$8l9d$OR4L*t4eP<-K0}yd1vuRsQE}cZKH;0G5d5jNs
ze9R|jz2i(kRdk>OJi3R<x~;tS!`oat;c@^TU-K6tZ4F#L`FbuJa{(J_zUR~3OBm2+
z6g922Y;W96NoH^EUG@M!)@@>1|Cy|>-r!`IlaAN%tdaBZ7#^Nl`z%X$EkP>D1!FJZ
z<e|qid%)2=wdT2~jEb3BK8a=9K8^1$n9ye|Uc<v-#iMz1)7#v<_%>cV<2eT8_NP8@
zfE9bbWOCV&+%WlS9$x+jMi-BwCDe)#f|}M^9$x-?o;dlBJbL0ItgT#6U0WR)t_(U%
zntCi-1w!dSQfObnKC`L5RNL!J9Miy#uDWIz84SrCi1L^6_%RRDH>-??RzJbwt?w{z
z(1{#gG>+#tE#&PV-ehF&vD5`>nOf>hfKMEF9M6|d;)2oV;x)Xito)it^auhWz$J9h
zU3^=!fdip~n9}5yC3jQRypJhmQ~0KOEk~72VOHOxxMsrTys_mi4l5kRxucww#RV&V
zM{}fwS^bW3jBq96e412pIPY$Lo3AU^GO}<4FKm2;Mc=>9sN!*ituW1j20ShwE*-WW
z*v6`g)y(KOor}hv$LBjf<%;o_0I+n=a<C*?)Nqb1z{GUcwk5NM&84ELk}Kc7nm5mT
zog+&pa?aQ@acKtkEqRc}U?VdJ92MVF5%Yk#bvL2bX4X`$WpvRf{<;1YUSIzjqe{kL
z+9nNw27E4GN7*K<;>PsW*Q#X_O-kV4r|nU;o&LL|XWdM&<KOkXpE)EWBN_q+&=hWF
z&w*{AyTJ<6VzvP=v+p!k4xPqPeWw6m+7WX6Mf~OX$LN(&z#msViBO92{DF+`Gl4s%
z-Ne4;3f}tRT?Q16AZ&#>7&sX3H<EGcp+T5vV0O!g|8Rnx_}+<J(RH+>&^}DhK@3@i
z_%Fyd3Ex;kXhFaV@?*nxXQRKe<C!UA2ETI@h?7M(c3`_DP5Nb*GpGM7R#&g%vJbB1
z_s8DP$X?ETGS=o}o*bnVVJpb&0kbI2F5~m<ALEW@XauNeuHq}Tnky$<!m>Rpxo_En
z6le9Jz?X+qiYvxn%*Er*W67?i*h=Eny)*<H0GK;?HkPs(TXa}Eeafj_)3oTqjYcdG
z%Au?MEVCm^CbA^|Gk)B^nYT8*!{vuNeZiwEA0rfQBh#CmzRyg#I+d-hK&f5^$;q7_
ztJ~H3tI`2`k;V~8i`<><jY_V~`7diY6b=ME6V<j0Q8WWF=ohHQb&hAI|K*6Pw^4OV
zP%S?oawnj+{Q-4g6{6rsRP$zpkpVg55rb|(ZG9M#JqoOVlT;$3KlJ$tB7agcBFY9O
z5WX@*-V{{hx6bpxUgX-VKuJX25vcmF9Ro>P;K~D+6ODwo7qmn(3C7aj$H>+^s9-g!
zeifqcS!hG9!QSx<A{r*BlnI&}+597#*^DThiYPi73MN5jKWO<8Wi}!YtU@n3237Gs
za{J#L&y=#k7gaGWHpNLWnBvA7h}_YTI|4#ADdnJjKbrzgB6Rxl`aF%qJ#bxIJ>DbL
zbiQiA-BgPnGSVhFfKJXg!kO56HSMKUdmFBPef_SckYzu6_PBwY?w&Jx@fDMXP99j8
zxpZA+^R4e~+Bd8)!?*dKIinvuX=M4QKh`zg`~DC6Q5srw<Z~<(O^bv~_4C&^R&K9v
z3%`5i<bk!1o;3P}^T+k|d2}th8iX!{c<_V~eYX61&afT#&KYs^;KJ;eSMNLc#y9(#
zmT#^LEco}PniEGA<y1d>(#Wa@P8fd1#FCs{dz(U+zr41pEo90?mrv=p@y^*pP8d_>
zf9>nNjT<VP0`ta|<-GZ`>E$lrSY;wQmDW(PC`D(0w51Tr*~{c}X=26qHNj04jiJ-W
zmuA0q^^{U{DPCH&r=_krY?`)|udm({AXVdHXIu$Q#2bZ8*WRZNhZ76ud@5TLD4{U3
zHQUNb>fA-9w*pNxiiEb*!DX8gFC2>>cj-Rf-|-RWesDRJtyTPE?w{Ct#Rit0{V%4J
z97!-5N~Gaz!W6oPmHWQp#?S9yX8CmXUA>vgt2cA;=<`^*dns%7f6HA{Z)VZFS1^R`
zY&h24{8;lHAMX5=DWylU{QQr2ck91+eDz<s>BwuT|HWRmT)CRVi^ij@2uexkTifL3
zPwwEUwa;?Vm~+{A!)BIV_#xlbZsL@M^Z07-m#o~ok}vkH;^d(x@b0;b;^})cbRXaB
z{fe*mt>&gF*Yoaqi|`sACta)(@qs1Q2Ea+J90)Y<kF_t7<;mjXi~hy*0W<iaVk7Tt
zeh*D(EZ+JNRgD#RG*>cD)BTe8oiezmlvB1svsD&N!6ez*hQ1p?gmkhcLAG&&46Oe{
z-g}41Q5=uopPsPsa?qVl;gll^AOu20nVdw<$wXre*w{E>Y``RAY-7NH4aNkMb2b>T
zNFpPU0OhO;(&fBiX1afW%<S&$-rnhi?XRErdFOfd+1;6*>guYl?yj!tDkn)z(P)mH
za0GED!5v@R%i~KQ<jG|Zard&n18~~Z6Veg+Qj=?n4nZTpqK%9Ax@9Fd?sFB79C<Ga
zH{q=(FK(X@8YqWHzkZUq9jCdkh38lQgW=_qxO#8*K>tpaQ~CUycUgDwm+U)gPrm)k
zw`q@eviRF?&~$kne>mVqG@)ZlhoqgPwz!sKrW{Gkj&bKFck}pX5A)<_kMg(A9|Yj^
z8K+<hoqLx2je<Y{|2*SGcB`Gw{a^f@*1k4=fADWOar&`5wDeJqpMDJQp7$@RqOS66
zpmWRHzvr3d&vE{)=dk*+ulUmux1f1pg9`%%ys-Qw?)&rsCRa@2_9JhhELh?T^W2}u
zne&H!o@Db$NCl2PO#EY9VXDZMYqliNsLvWP((kw~SaB!L)Uru@e(EBYo%I28s%CS=
z;%m9`{p+#Nx%PwK@UPA9aPL94(sIdWUO)b6D#8`m-U2>qM)=_LH~GojOL=?C``q#A
z9T-AK)3o%)5n6x^otrr4mG2QY!Yn&yF-_m!z}0*GoStMaKltb6eBAgMzuE6<)?T=j
zAMJiA4}bjxjXhg=;@AiH&3;#taNN-3K|R3h>)vEd+d9sjeJ1xVyqjwlUBm0^7je(w
zx6|^I2L5^K^HfDEk<ty(Y-l=hE6!!F{)CU~Kjoey|HRrKtl+3AhjYWbH}lBS$03jt
z?%3B?lXje0)iYUi&a14yd=)!a&*a9pZ|0Y;U&Gd(tvq_t-}%kK*O73N9y>COaToTA
zYu~tzH`o4)yN>=7%~x&XpXa>H@PaC&V`a;29=TRhp*gD9N_1xhiqQlc5h}B-olh~y
zk=wz~^W@Z@??0Kc0|ue+^|90fH#Kh<ngK?LfF8y$BfPTaAAC^%2}e&pf@e>9lCbXX
zJ;v=gr_VZ_y++Lg;HrIo&Zh6L<gK$_<qrqlK*$I(vTy{8&in`KF8-2B=6;8GqIbah
zb7|WDJEIti+;;clOP+Byx7=WI>;IMt<=9o?$<k=5Nc;Cz^ty8E+Z4@*ukV~%zC2ZF
z8sy=vAq>KL2we{WMo#-xCMmZ{-F3YKHgs<0-erGhUd>#-ICnAADyDkx<;-<n+ohMw
z>92?XiM5xmVCnfEFurswH!l7iA8h%Mr<Om%U7y~|WxHQY%a6CP{JWpB=cqk+fBjor
z^6KSON2_@E?ALk!oHv<Oy%TqTdM_J0HuIA`FXQebZgZ1fL)LtoR;InPY^i$z&E$m@
zFVWD|zz_HOKDQkC2b@HLhrf7~gp*)vcN4F#eiOq8=I5>NJI&i%-uw8hNo6W0ndP>5
z?X^mQwmGwBnQ__kznfQS_HK%)*P|V{7Hz>2#I)<scKQtnfn0Vea`jChOtk4Yfl-3|
z;$rAsi#Goy^dq*R?fL*1QPj%cqUxVTj5!zm^_1z%001BWNkl<Zpp|H|??T14qSpKo
zj0pN(|3C~s+^bV_`$)V6wdnx}l%Xwn4`IiUpIwNk*c<(@_2`GKM~pfN*ELXq(~B5+
zETZN}7w>TwAR;3@%T$i#M{_Mv^2@7G+ZG`v{}AKQ<!C!yO*(YD9)#|-$S-~lMgjW%
zi_piN?M4{X+`L+9<?W~~&!Ww`7US5h=m)%oh>r7F!?OD{Lb%qcmXA=apCD=uM&IXg
zFZ{bdS$*zuS|NlgkF_kVVThL))V!Q?h5s_;hsmZ>E|Q&lwj(@W%k8<8rE!z48((kI
zsTolctSt?h8bT-q>sxxQt!;f4mQ>TnmWE3rrY@CGA8l?=$e8UAG_=VT(Liz7)K_fn
zPIkvFi4YL8WJP7voKzVN2!UviS<dpU-ANBG0;VozR7ZnB(=}%$ZKXb4+Zsnnm${D3
z&g05M;ehMJzOtz&+18zKh$mI;$dW)!ao7+DHnjBFjoZ4d@`?g;d_~0Uh$Urr+?FFt
z!^XO%UaKu;$=SmTgA&2=#xBdY9Ay}~m{C(?Iw+Pmc3O5Usj4fY#^~~h(G#=P@~`S*
z6Q|aMmR@<t=npou#`nMZ^?HPtqss5Pw<9!8(;ARk_A{Xb$`D%V*I{Gy%YRK?^2wFT
z8)3zwQNhq^{V6G&BS`vuXLGB|H>m<jNs@_9YD&g3s&J&Yu!JpLb#x`WnOr)NK0C(x
zjtwZ~o?o!+B(th!q+JU(b#9@tr;(b18b%h@(A?L807^rptZiRUPrQTDNCjg{YEe?L
zwCPJwuuJtUG~u4bTGh6O-ehk&e~my8vtuX)Gb$#tckSNXddP2idChB_^7NU+dfPzP
z8D28Ra~<lTE8fNM!r?S@H_+JCKy|@zMiq~wrLPq!B^8l!*0ippB3e#qsDyQG8z>4C
zP#LYDzO$az-WCi!!1Q6$Fm!_@^`Fz%*Ur=5evV_N9mV{+_T{539}zJld1;xU^#GG}
z-h0Z8CK?U4$cpfJv2!;*pL!C0V8SjkX1xH;2<$Y&2IZ?#lCTkGa_I!(cAT~C>#>!4
z&?=w@m|W^w@j4Qnlm<)K*4M<g?nbH$Yp9A;(Acw$`mTCL6^){%pqj0{O_-WNQJ|1D
z?dz#2sHP}Tz{=J&bhXv7|MZ2tamw@j<@5Wv@a2ms4wo~fe1dBkL!@_9w{+IArF}hP
z$|o_rpbCMYwXc;;9h*V8d8eXggh}NSiCHn$wyjTFnnHSjN#zsKgvRpb71+{d#<1z=
zLT7E;dYXHinOZT0;!rV--COBObTO%X0^NyjdXha1FQ{Tu#}=Bqwh<0S*{RBXw>R0#
z#`cYjEggdpf>q6{iJB3{mW?H#2Uy;;f?h8n^pJU*HEAmdX~=@mV!N{7^u!sfH>Ms1
z@2R~A%efVlkvdX|QfdB;D;|R>j5Ph)V(qMM{u(_H!O#p6$v#TLrA#iJfF?9zR)VEl
zmvG_E7jWl+zvGXe{h520-cL9XWo`R<I{I3P1`5-zv1{7bd+vXNM6!p86;r4PmjZ%q
zy-n10)swXPs3@pre92gJp}9D;tz|;V7|O%tZ0V|_G*p5nG}g6mpf}k|ZSiQT3x?5~
z?BlC#Us4h-W3tD)xSe2i>l$onXU=UP=u31{Sy07<vT<k#dXl{?-MWl`9zYWsBMNJ%
zh?KLXv!1rTRz{bMrZiN{#*R&xnn`W(C<GcwnPh3>GLm+Z$rY0*kCd^cvyPHbF}l!M
z-Li(#a0w%eM$**VL}OPY2|Gz?xP-}-lhDzK+i_MmuffW~F_*s{lXZa;4Kz^_J-hEa
z>t9I~2|X}wuIjU2K*;K$%56W`gN_-#{>2cjPkG>`#>5eYHMI7%Qs3Q>?(1<YMpd+m
z+Tu}kCwk~kb~C)7n$4YcM9l~l;W89%-YtPhNB?t`Gm&<`-0F=dnML#twrS9JhEA&;
zms=fK5PHX{C^<cT=GR+NkHUW)_d{vfHzS=)PVF7CKJ~9#N%suu*pgbh6FqF~+DyvA
zTNo%{T*(+Z<K1lQYhq&QIO0}<HSOz&ni0mAjHS=&Wp&#+LPm(G<&%lqaa#IX8Btin
zmacj<U}RwpO}))D_H0e3g@~F_CY6mx6K<ZbUaOC#TbE(#0hE&Hn$GO%nd!V!t6SI5
zljtU4C)jD&P80>*y`c^58)@urWPI5;hD9rB?sez?vT!+T+t%Soo5>ZE=u7sozI_8y
z+C<DK6U)ZaYxS|AeIv1Cj0xrADUX!X(%Zu7O<!@?E(>}2tmnD&!@Ifo`AZ0y5qA^F
zN528R0S2Rg*u*Xk-yHwmSwB@=n||8&=ZTj_N|Luy)QZei)cRd1Wm=&^BM^Zy&%I3p
zB+7{)j3ThRQQa#+7>L5DZp6CoRgh?c$Y?}(lso@fUC^_^b8&N{*CBLpV($A&B8ql$
z-|yXo2#-KHap>LPDo9$;gKwa^Rzji$QM!xg8YfVFn;_BZy4Xnvf|ZEy2*Ar(6>Ee@
zEyy^kXC3HKM8P<)dfa!d9te~niYB`-tZr0a9im`7NDI}y*3GF^Jk3=IV~uV*v>>Wy
zJy_jtP>JGc9uBsPryfQ`$3U_J)w>CT6^O_PRH6-H4X$N2T#bl~0GUK}ttHE)FpDJ$
z1A};Hutz!a;P8c;-yev3*{|(@A{DxK(n(g+k-wBJ``ajC_mg&a+r&FNG{7PsAmJz+
zsnV7$QwU7MU419K#JdOx=psFOCLM__A!xWhM5!}cmZPv$YHI>a-HSiz?bgI?=_(fK
z?Q)TIax!6M8WGS0x+YKp61H+DFaf3}2xuCXlvolB0SbYm6sFM7G(o~WTSdTdp(_uz
zP!QDJq`e7S5x10C5;5*Nap&@Vr&dL)3PZ+GcP*}8w6s1(B#;?ccT{;wwNH7Ijl1=h
zop(;^5UGm>#y$7yu%q8Of6Ewm$5T9UtY&sExmDQC#aK?(PFU8JJD6ns6eOHDIKIhH
z4`6CKNvjWpM$ian3?oXBuwv;6MAHIpQcfq~W?$F5oiynXFv4h>j%6otymK32GlHWW
zl2$y8ifN?IU#Tn<rIIA9UT~6}w)5HCeZ=iF_cilb{SsbW{SWS6avumCA#^k$a2y-c
z2w-Xf5>5igw$iRaQaXgpFqV_Vacn|H2uHd}dxJ(0Q#Y|4o46GNJIR^5oy+O7PvO7`
z`*ZvIck#oQFV9IL>tpSZC+a-(7a*f%QdUMTi=Dse&eY@JBei4c<uRnQTUtqGd%SfM
zCtH?lBsGn&=eFm%E?RcXtx)J7Ei}z^6E8Xmq-~*lw2Rwucef~&Oj9}p%&_Y_Z}l;*
zavHzd^T!-C?f`7*aLA*_u(D+(rV%7z_4V5YG>jmoW)inzDCI>%)AY1&e45wE7zjbw
z2z#OB!BLLe-w=e&u-7Nt=tDs>gf4V9GL>{NbQ4VolD3-wQWF}sV-qw&n3{p*SR_14
zs}LF?JxJV+qZC8}VQk0t&Ibr0X2`R={TsYBKo$nq%i)E`$4+1SdFpZauj7u8R`PyO
z<>|$?%NaNPxg94<7KBF7bFWO5w45X|mEaHoPJ$oqaXG)=?>g@M;$FV@;ss!Y(2Y=f
zapcM^1kJE-w_3S<KIOx#8HDtpS4RTJOY$j%LC{F`4T+|iNN*Q2WP}mIJtLvKeiJra
zS+kv_*EIzpBa~ja`2`?pC%n8>`1tR-GbQXej$;u>^&va%%C8whDn-)H7=OZEe~(!)
zH#xT+NC%XO7!fRKle80<x|z;-WZ6mgte|rHMA!)BS@`E!1iNyZu!j{~k~nX}J*nG)
z`^HTWN&9h-yQJjy8=ZN|cW-;j(+<FNbAu(Z?F5>Zp@%n&khGI7?==k#4JmC*J&06}
z*C+g!hmlmI=TN}V-SH($hQ4u|25Hy!6sJMo$ph0A$im<nHKORazEf6znYtaiZ|sRG
zZr_8FMK~Vb+f$0Si?6_uHntrDp{LLBfqTZuvf`i_1T>SR9rNTU;y&}eV>>pslK?a{
zO-DKwX1b3j&~?*2bE-0RCcUxHbwf_cu}IhLpQ8gt2tzYaN)q#p7Xc%Pp&7*OIMQ*@
zG<P1C(stniF)M};8W9h^BOPLvdn7(}wlZeLkXDRwm6N%8|6g*@qyvdrF%G-$C|0+u
zO6Qr};f>1NGGQINH2g$-`nWUIf_Kt`N8;`YM+w7vIxwt5m%?VC5a|87mP}+qpr^_S
z-KCGfRc4fO6V)Qzu;%D)81J-2M)&eOc|j!{kM2TqljJG|ju(AV3%K<O%?&Y*NJqzW
zK}FnWPK<P53K8%U1AF*M%T<~XUL8TNP7kJXyz^2%ykyeLCx!1Fw?DcHn*#6bbvoIu
zQeJyg?efU2gonHG>M`7Uq~+36GraRs?!4x<SNGn@VYQDRy3imVCK1<93V&zq6a5P3
zxrTg33IH=!rx{&wDV!k6w9>sKpY^F9rhrneHP+AsM!yh|t`#QaSyFP7%$mA}nK}&T
z>z$@9FumR>rSLMQr9Ogy?^I%{DnHI)BLhnbaJ&&9U<v|WUFijlre)zRRpw97$jq8T
zy6cOu?!N1~__^&48LBX32s0eeRyFk`fBf{amPN}NVgx-UYDW|(B|Mt?a1uH6febyQ
zf@FbEM5{Zx3FDoJR3|<o!}r#1lG05HJ@6vi_b1Op7Sw{igMOKbEo4Ufy(4f3@@$xj
zpym@+g?o4qci;<XhUb6lUTy-vwAVydz5dEHAqblVC`0k^7Z0(nZ5@}*yM*FkA-d4f
zHItwj$_#pXrVT+Y0D(Y1_#r*$mQ$eXdODy%>M(vJ5G5hpg`n-&-0;?Kx#_K&-GzCM
z5;gQeec(w|IG_mvQe(LPet@F(Bwh8XO}L@$bSg9iK|kM8_k~8#<C_5YJcKLT1pKs8
z%A-+#UWSYi76MZ<hz1JypzdRC`S=c&H!mmbS?a=OH2=ausdQk7e6-Nfi1_=2N88-{
zI(oly5hIkf?_io{`gbbAqEfCqnGwjwFJea0bTTy)GvK}}{BE&1xMu$!oVP%w)MQ!K
zgP`23r05V*mAiFi9{Kq+AZ(@FGY#Ik2Bj1Z@MY6-9{TzT-mm`%Jy?vPndw|-LgmVB
zMo~*GQZkEd_fNoAN9qde;dFmU_aP4_m%kYqG&R$O;ctUqiSqhpKo9s9c^P;pHxC(l
zAdOR6egR#8Y5D>ocwec-SuT#IW?%-4EZ&-W=6pzhS`Vy{cyb#wkXf#Mrf#;`nrskC
z?xIwlz0?1O0yPx4S-b_5#1uw`ek!|cK=&`cRAxLt_uWtJ`{k*~*Dr?Dra^GtUYq>a
zzqP5Ag5f9-s?u?C<Tl{ckrbUsivDu}LENO!MxMD=7dm=+tW$(i-VjQm3(bAziIbrj
znV=v_Wy!74kH^ZJgLAwqd}R#Lf2>4FgmQy1<-QZrLz!_wDbRyy-bQ`nwNma}6!o<W
zAZ&z)17R~vL7;%en?B$V@7~JFrWHg2(SKh#_Wld0(3Bj3*`8iU0f;1<r6#(OdI`Ee
z3ETh*RO-rFJNbHZ)-qYRK_UF;2_L<(5H#Gf>H36=g8zO0ItxWQB)VUk^ho~xhH@=e
zT4DBW-8ZME;ra10-H_-0%SgTBxkBnWYr5Qa<-VT<LwO2Rs;{Qp3w`v>g{o3@yO)E)
z3<>B{{gN&ZbnTELrHY#BXzPrjC!#1La~@|f>(hYYxYG`lnR`P??(4sDquQy#U`Ww_
zHo_&eR3Zxx;aPHgbM^L>oSXqwNs+e$1_D}Jk0sB#{he*Da-|D`h8v0{_gLFt)~7V{
z#lXrFxOu1i_iRI{SaDHeb)<?Jbfg|RhQ2{0rIRMa5GINpo~Q?#D06OSV0?ptZva?A
z2*QB^KC1hKlO8<*PzWQO9SmTAHl^VVapDuW3$eRDzK6do{u2m|P@upIAN>s`>b#SE
z&I^u$gc>ehsST*ZHYEXiR(#cIjvG_2*)qE?ZwGe2#b~O|e*<4XKZ1IQ4ec8_;qen)
z_-2@}k!R2zB5$|bU-RPgpX;xw>pwA3_g`EouvAFKWR_2UJg7GW60##ZXU>k{>)umo
zZ+_i~@W#ePyuRjT&_je%vY~u04+3*Qxg9EBeYXbW?e_Ysul^w`4MTwWA6bNvM{cFU
zvE*>^=`M!ab%_now`O&FU~FxJa70$o?ZN(U%WW>)?c?$PW4V<Il7wYKW(A5tH#Z~f
zP9exd;`Gbc5b*u4D8)Xw+s7k6z49xxLmZ2CsK0uD@}Lnm!mMju&#@024GMHK<eq&V
zXhUlV{YB)KmkMc9Vs1-RL1rBlu<iA6N9zK;#66xN23DT3svUR<y+h@)>KdSIKYa3(
z8vtjOTlU|8l~s0oG#V;>hEO)ck3s08NpwRWGt?@F9Bcw0S&(c;kF_IuQ*jFEr$nVD
zbw`Q*N|YcSK*5c=BD_vHK#&S0`Y8xfc^{dvTuCy?XMI(rPibnN5*4#0eM#wBax^yx
zgA{JqH34W!peccriteOC(ov`Zk`Lp-7EVTqQp#0aq+f|jnLRZSdJ2X{IH(Z~>KRLx
zk9fI3BNT4uaPWdgXk_8+r;#V*>BPNR^mGJ5ccfidAd(eX2kE5AR)pwGw*y7iE@19r
zE&baqmz7kOJY|*229)zRO-@piT2B4Bc%)#e9OQETikz}Sxw}@8P$`j68DS%wSt$D3
zM0T6{DN(sN^n(EkMZ|~@4VMxP7P(O))picD4n%+a^zqZ#SGOa<mLsqWOVXgORZ3{0
zUO6g*FM06I*DgN|@X=r(-sYh}8t?SSEvJ-pcQb<}ghQo-Q=#Ao;;j#+O9$6N(iiWh
zFV;by)t9L-Uw_SM;Gjv6`|%)uf6cTnlf*L{MlS3D`fCo2GN@)~DjaEQQq+=lRrW|t
ztHYy3KY9&@M~VhYWy!2kil81O6f7lVgh}OP8dMfZ^$(vc<gGXL$$gMR19IdRP)gDl
z@1oBibRZYzP{ty1%KQ74|MK%z4Z>T0`2og)esY^z&Xx$9ku>%cr@>vT6hhCI+kE3p
zR{a^;{-@;Dl{b}^+ad9G5V=j$LkS$mp)cOyx@;k~E4Lz-xB1HcujRHsZ%s|gT7OFt
z)q!?&u`Nq(bLpCCw(oxqZ}ZYA2j9WQWOC+Of7!wM%XVpyDeITptlUjG{MzCEn$x$k
z%1MciMnR~Af^bQe>-RuoVZZ(Y1JAW6a1@#?OYE4Ftt9_oW2chZRvazum6rF)mk2g*
zxzuNna{e;eR2;b7x#jZlJ^iXkfBs!q>2moJ$@|MV2}pK=og~ZSDsTI@Ps@y$4S_yh
zUz1XfU39hRXYb2*?U-v{EpfTl+Jf0VjbvqZf(*p~78~J?ngd#%a^CSP1+K%qBI(Gq
z!scgQ$kfqEQ73)7zpJ79HGf)lBx-8<>&sjEvaC45gP{Q1p|mh;>^r+WysW-6xxTS0
ziJ@nDh)DGSf4lQoj#3JvU&se-_fTB-1X*~aa^UB~!w*}4V@To!g)$M&asktVMhm*r
zfTRMyMcO}ZD(@_T9nTse^pvF~?_}Wqh+BOi9fE;^j4{$TV0jhftvC0-0Bq%uOmu^0
z5)QbQ41qu@hj^j~(hER92y`Rlx@Y<7%{u|5$d<4ERNc}c9`7bI00TlNV1_YuGYh`R
zZPQ@iITKV?y?G}f-z7lU3Z$&Tv5SGG)FX+$MU$deXevrh)ZOjUAa9vL@ErtinL4NB
zKO3P3T-Okl=jH9dlFDJhxCK;1DyZ+O=kvy;Zn=CrU0%DkztcIu1fA!de!R`Yw|@NU
z2ZR1sE^nn*mn~}r`{;^yTrQq?V1mCryg^BKxanun9t8G4{d*wZ3fwaZ$+T>Furz~E
zAPV_t-tT`Ng!+vEnIADLhH@-|fha*e$lenVrq}A@le*8maOpX1%2!RlcINP5D7?*u
zI~2K1!|~&huK=zKnB$BfNfEvTpVH7aYcXO%sPJ}q`(Kb-fxvc>SYG1e-13?cCS-&%
z<NkK!Rw+d+=_<lOBScZ4kogl1U_<*xRyMD~$aUZJwd?=8aw|3EWGhk>gcDN4H|j&g
zcf0*N>)rso^~+hlw)x7(l0Dv8=hRJsW`qd(U8?=O9YDUMk_7Ys`%F5N?szw!G%QJ{
z5cs$I>i{$pL+&rxxb|xkdCK`OM<H!lqC48~+($xVHIA_xc|6dDZdnoT`6#<58)t!g
z#z!-A+BS%il?!*fWm32EC>#0k90DwI)_efiy*cN?aL+gi1Bxai3MN3$I#l;M$fwT?
zftDH8ZAV$nLRENkoH2eu&6p_AmFKOjYsXysCaR?I?)=RdT>>QppwbFRHYPdBlh|>$
zJ%GN1Jb%H2va@y{UFtYWb;d0xplPBYWau%=krzL<bla*e?Qu7lgCCxMP}RValof@H
zSH3&Hwm2NnXWa0{`mfft#tG`~xh$ztix5G~lBa)bQsHeU&8~iNX+zi1x4zRLHP?|H
zJWG@G>d76D(iS%X_^fSt+dWXky?n}(PvJ|KBcnLw>%6(Hj8eEkG;BjkD_SU&Uga-t
zIZmsgQLk%aW)}TYuPgWP`t*uvTruxQ)D*fd{XK~uu6plAmTp^$sfUncT*y+@J5G{A
z#~;Feqxa&v#WxeT;}~8PpHz}XzjBp<;fo96LntXN%0gw_c-Sq}bv1DF;y++12PqvY
zBNhDY!0Q=NIGmDD3665u(6*7^zke$m+Bc$mK`c@S!Ic-;$PEdbsb6^u38j>0{Byf|
z+)gmDd;&k&=SP%;ODGAIkZ=-wx%Dgl_}*=_^t57Vy0^G+TbDW$m1=J)d21S~Qt8D=
zs;(go=ILkNw=KbTs<C8A*5i=1S;pzmrHJO^ZNG^+o7_3&hcHp+!B<L&lolsVKan$M
zo<hWo;7FV2SG~-iKl>}fqkk&bi9&*M<I1@6u1weC<}gWc>AZ{h!yz}Jl;Ykc5AbRI
z5=g;-bl>sQSmE+D6@)_J-WTL3VENieo(1;yCjUHTc9^#cgj6W$j9_Uf$Sf~$E7vN+
zcz82$UmZKL2+O)RFuo{A$|S=gm0a<y>!~TMrZ`xPE;QD(t>Y(e{*s<#4~8((hs>pv
zX`^|D#;M^-d5Ly2ds6<f02H=kvH!RQ96I43u6*+v#+HoXwKHF&E!M`2+vn2M+w7g?
z@Q)uN1Iv?J(mc=bH(i&?^aYWR4}&ej29Sdx^EPWiA;DHP7<#e4h$G}?bkV6x5k~&s
z%Wd51W%lr$`OUX}jiKpu#5$2mQW|!nEdKe^dwKG!CkU94G(A&6Y0@%BDmJV_Nt?4~
zpU$Y_QC#=NH7uBNB#)o)An$Hk%%Kk)Ny1BbjIY1=qaJ3)PZwi%+!ov6lh?lgmE5{k
zuMuM7K0!6c4N9PPU1A%{$E{b1!4~{ORR{*)tMA@GV{-00j&um=A%3>tDyCITrX*C1
zK(M)U3pXvkg|%(#GG~EPK@do7V7lY8f3Axs`<OXu2Cts+JllG<G3$=qY3*zE+}l(A
z#Z4g~RcbyI89obl9+XJeIVlgXzmZF3&d(t!#kucEg{D+gVOQrC5lXE_>X{|tH*wpO
zNeI`VP5wOuhq?Khlm#8jkgNXyR;R0QxD%rLEqoT4wDl0uiEQ0Pjc>fqwalnYv$JUJ
z)#1PA$$1)9dP6w{Go_4>QwQ#SArR9pM=RR}%p$if@n+=8TT$EILrgy&eW#xxzy2+1
z=~X#Nb$xiJcM(%<_F2xpsdA}YORCV+NK94Ae_D|Oka~Lqdau9{nQU%;gi<qU3b}z4
z2^d(3N-GFT^u`_4+8MVii^Il|I}I=CiCfOURyK9_ISxtbD5UL9L<;xRu&zN;DwO7O
zSvsIYS2C$?_~)vY(y*zmZ|Sko1SB1WOppEmihv;&t!|F}`JJ_GudUeHCxs($0L$0=
z+`thELlamM9Hrc7f2j_K8~slV(DZ?<Ptr#_k%vA$+1S4IiHuN5A0nDiSOuC&mRAXc
zNQ+M8h<0LIw&Dm+QB1cMr6iUW<I=eo@!NfWO`jFx)%C9d8oN}@V&<^vEUEt(g_a&r
z{lZ!nD&}v8-9gex@auPOL`sK*veJWRN&tdJfVdTRBW-yo1X2gxeV3i=W5ML3IA`{m
zT=Uiq^u{^~1q(?^n}`wSv>7K+7B1z5RWDN#Ea8G(&td-Pc^r8E5p3;lK+_C@dcfOp
zwNOfV6NJdPnFxXM7K6Ib-7M=0Y{#N3QpUIEoQWeHp85JYCYDd&;Jq(nM%8qV`}>K+
ztr%Kbpk4BYbT_)6EuHiLlZx=Cyg|y%%VoF`$ui^{+G5Q6uh}x9Syt9AnPUX%3_aeB
z<9o-qc+R^JOV^$AV8Df1YC_7Htb{wMT27KH_xdT<?Dq@SwXNslx{s(VtY%i#bTpxn
zuoGx#1PzxDmTduopl+g+B<Wb*qF8|v1dSl)%{d26XzX?G{(MyTiK`TQc%&BVK_i6i
zSS0LZR$|J4W)k;8<EIo`w|pL}rSMJI11(tm6I3qk(lGM9yB*$U<Q?J2a_Z_Tn8oH)
zG0o7{qmcvx*}Td8$s1rK3qO^^>+HG(;5ar>Bh2YLokU5fm{->RldeP;9q~?-aupvX
zTsd<2<wiUV=w`a#E9rO&vm2^Ds0Ur%I|&@=q!(dQITQtoxM$%VM9m0S|Lb}-wQu73
zw{D^>)<##n6D1`H8Arp5(IXuU%^+X|-RNb~M&{HPGD0X6aVw4{ba#;}1OeS-z@610
z(yITi`gRuC{!1#bWkic7hXY@vZX1T&qI9h%9Z59@_J3P$1p>>lY3gYvY=${@ikma$
zl{K%?mF#vStSQGG@4PWf1a5vo001BWNkl<ZDoNM~k#Lg8bly03Gi_?+bnZXq9^T&g
zF4w86S<>)1w|;O3pVWU!(oP~##2wom$22#kg{c`Bx`}05SYDsPQ?xWRHv+1+`I2Ae
z{<m_gITDgi1?xJ?8AC&w<|dm!NR-!sbH@7ZZ+tK$xn%&}=Ibv~Ip{*;=*dSgbJ%p=
zSicBc*_=K54E7$qCx<_LENfcVx?`ot$ZEg~T3|airf#AOJ)IU|bH`?Gc>A|B_cqa!
z=tfCNJT15G>LX+Xv1}_Xi?+0Iq!&CxGf3J=49#$@&_0~Ac$?d%yaemtZqbhpLzP>F
zCM6<i*9d+o{2|Z<Y8_I;-3%WDUKY6A@y7<E5Hb2p&_k&D=O8>1G3iHW#WRr~o$7`Y
z#~~eULOGy?+;^2EZOHINKz7S(USlOn3nGN>hA;QOBOTZ3r3Kt*e#%?72=85`T<ei?
zTsOSbnnh^tJ5Jndx^E$w@(A+&Yr_vj4BH3Q`~f7}5w*vo4cimvtz%q85nPLvQf>(I
zv|&cNxOq{7)0?b#^cIE}NFxvJvu@>CpQmsZ3MEuH)+cJiuqi*&GS?0(QiMAiF=8=<
zrGw`LCUSBXeG}`G-?}1j&pZW8{gK5RIv;sydF#xbYYLYB;(&?ou50c+>c-bMAz;$f
z>gbYRA2xnzeMdZ&l(MEcWS)B8$BkDloK}AFt|N=3Qfg^^SNuDVEoo}+wdAfNOF{s}
z0Ym%qxjWa4DUX^TZ)}SlJ*%d$D`ClBzVLO+%kQu2nJ_GDP8?Pk_-JEmVvosH;X6*5
zQ~Alp)_6rhNS{_+82qBHBYxgPpS1LLCY-{;p#F!GcPanY<YD2au7uOr6?4iWLH)c3
zKW<)I-)Uj${gdRTt}NxryR-p<M#uqzSL6$#;b;TUAJ80u9g;FpT+Le)u^*iPYQZ~>
z{?NEO&G8c5smwr}O!jfW*aNs_!3}Ka+{n>SpT<`kKLibmiboO+ghA-cAF&&E9{dLi
z0tIv@y19Pw&Ahke1D-qnQK}1uk#sD+yx=2_e&Qsy^)_+Gp?_rO>X~fp*u>?pU%}^F
zKIHhBr*g%fms1ihVO!5O&VBKFtZZ3HP<JD$Inp6yMmclVsdOc}c<ieu5xSZ7WtK{k
zuw&G9^>Ne#M>4ErG@E|7iZLal32Fv+9(fzPj+n#gPo7O(M;(ux@BqUKhH=5O7qM#F
zau!THfZrT^9hK1vKB@bZ5k)opYwcTH|JF_3?x*Y9Z%c=dw|vZrcO1{2Gxy=Wi{7TT
zw3eiuWZ|?Ux%u#$(1pgf-e#`(=dXEf`9HYk&}%qk@*zCA>?sbLawvB!zJq0rU-HKQ
z#Xvg0qi$hh<wQ`5D_;HuPcMC%NFWtiDNkR>>K~bjS153771SKEqs@#dXqBCbZMtI0
z(04jBum_!}{pIq(QQ$ZZQL}(!rYr>DN3UPO^Y1+l<pD+%k0xqFc;x86QCU#Q2~V7k
zRFa2IdW@u#<cw#|VULmXxMsnXyteiY#+KF6+S^V=w4BKm6H&l}$NrUHym=KRp%Q+w
z*AG!jv9@g;SN!vrd|v-KAtS`)d;frQ=bTN*2=c+^4>|j(^BGq<j$4oT9aDx)VMWtQ
ze*DVMSkbhKs2TPYGS#mw`Dvwc7P>wf<-R*qrPx<iD8K<NDNBt+ayVoZDa%mX3_+VN
zM0GlY`=Bs$@aTshIWRK)MJh?mj?>-M%_+~EO;>9J7%--4IxnC66ph`Dobt@KnOrf6
z`xgG0Wm~`Ef|oAkyj{-Xyj{-X&Gm0FZ{%*2go=4_)yrJ>&P~`>obrN7ezEsYIBe3v
zXhP$Km9H>s_zY@GM&n3_B^SNVb&GCf%CN~ab~R#4o1#DgHy(T)2Tb@D3V34KliafS
zHd?!yxNP4aa`Ma*d2`*r*sFF=3W8Cd{_<IV^VZF1N^!{^7jgb>=TZ=ivV7}uE_mi5
zntPhlyY1PuQv=heUw`-py!HNSjuX`4POZO)RS{^_dSXqwV8Z`GZi7aImCdU-{jrlE
z7-9K$moU0yB&R)lE*<Ul5DXD93;5~YKjze(PQ;crH!r@0zkPByldER%+k>uWTIEzM
zY4O6!mpNk6App!BF^6}*`#yjE_--awOk`c#dS+D5;I4(Y@zu8F7@E%95xcUyc_lx5
z<tH?D)DtqpTz}xz969xHy5rrfZClT%;t^c-;*a^PVTl`IG0m6%q1@(fU^t*zvdn0Y
z4~L8*Wed@02-U3%ic<-P{u3^4L$W>%(zet_gCiX-eCblwHLqal#a}S9YA2>vOk#Dz
zQcjt37FX{3GlF`6C%%4$+djOLJCFDym5~a*`_lLMs^JT+J@8r%n{)_&{p@c{ubRq+
zwg|SgDG8PE+e5Brzp?w$+SkgZFZ~EpGq~mOn|WcyOI-W<uldCRSF&*GkzBv%H@v&y
zJzhBL8JfDAxZs)ZBBhg2ob$G25L%HVvjdHV`Dm6yC!qjaAuKh5&t5KM&b4W)g)sFk
zc1%e<EHtIb{z?+$zn6`v>)PkUP_Zq@4~~cMDD*?VMhx2@5gdj}bR(wz6fx#3P!hHF
zPSl#)p<q1P%o`CUvp{Ibudhd##ZY@1w7iEHwg4q`)aJ)ft8PU(eGnOiKI;Z3-4&FL
zTz?;G-92D+qs_byQMCZI^$o=Eg8_wFcQ117J)notcKQWk^l_j^P|b^xAAJ`JCZO+f
zGZapQt`#_6{2V&hcu@d7i;@@STz>uw<mN@_2R(x}`WQs@0@Btj#{#_oZI8boD&~Td
zKy6)w{QOEN7=yn19jLA~AZ<kD?x^l{IG_CtdN!w{D)*ynKVIa!r3e^kNk^Xuyt5r<
z?O3o006l6q6YOclNEl$cN>nNsL%yI4selpvf<}0e?xYu-0Wv`+Qb8(|f`G135->{&
zbOXRNG(mC5AR5xkqo%&|$dbsncOO&s-Mz<Ej46wn(`$-@Wd){w`@dGVJ@Z9F_fa#4
z7yt3NnUw)ehy$h!iyl0!svsILw3#)9p}i+oMCXnz3%|9tsc+{|rQsWn-l<Xx8QQ3l
zu(|(~s)8BAi-YCSptkd<((na)PbjVL=yQ@1b@JTW;`8Q@E5vd5%jvsTp10??l4W(B
z$z^pN)-kh37Vb8tG*l2W+|!2r&TF}g@pPaIJldoJU1T_!2^itzC{aSX=8IGijg&&>
zXriAIC4BJR-;fMTlF=H#ADa?oYMZ1YAyPXv%5~8JjbkSrfhIKWTJkr(s{fecveA^4
zjzKDi_E;yHFquDMcV1ch8ozu0_ZXVaUk<&MNoC`CV)@hbCj01!cX0pGhY$!}IptaA
zjo6jHe0nd#qt!fg^j|q{#>qT*^xc$%i@D{4+gZBxD@uYzu4Tw;f6`7cqiP0+OgNBd
zSG>r|=2dRk^%Tt%#O);Ik#e3m?P;Dp<uMw&8#(#$Gic~)WZtOVnLA=mI`r!9qjqDT
zF?#_pqh=OQp7JnLDkk&j7mqWcd^~&B&Szr9MEn6Mgi^$;KBiPo=HUw;;m^n3$!GOT
zIPZz`5lS#`)b9NKvxm9m-CG$`GMal&yoX^$)r>70%dVs5aNVKTvhVnPm|QuTznye1
z2TwkTzkl*~UikV&3Ifq=3!L(O()Sdo{s*s>0?n2twv(+$&56a(#Rio&bmqWJ|Mxxc
zwb%d2I;5QX<l?EaVd|PjPok4g8$Sc!w+CFuua3W-;f159Z&?dUvB#+0*?aVSOrc{4
zoxMiSXU|dd(9o!iRx)?Q9In{sC!99pWQG@1@y6OWY3Xf2DanhgUZx|~$+U{e-1*_3
zx$m<FIB@*_+<wF@1cb>|`(Me;hulbgXC3!{_8?6?%}gIQm6y+Yj)@f$`O61)Gkw@J
z9y|FVh8GMYX(tf*+MkbB{&F5|2R(qEC2+a0eSB3p2g+^0a!RGGvVHP{W}DPRgV2;O
zn85(}W__~DWCwZ}n70arAq;AZM-eTpA`~qrWCq!D)I4?{F&8NnQ8UWinmOz;d^So+
z#+1}Dw`LCK?0g0vZuyAX;!*r^-=DKv%^U)n!K26B&!zJ&V)3RAc<QTXN!W2-Tm3qn
z@h-X(-8}roqjV>GIBwd}>@#+6N<$?)cJf1fXSefsW6hf^TDOQR_WLRK9CH@|5umnY
z6mv(;;f&d*@!rP8Oeh=AuMfJ4=~YuXZ0cd$y6_M5S$+Ke?OWK~xrM?&VU~R7<*oY9
z@HWF=AFm{6mJIfj+h|W8#{W)km68~mju|PTG*p&OoLe3$MT82_g~1I6T+6Ta`5Diy
zc%CmBm-3e*Z|C%#&*IL*|H#70hx6F7CwX@H^K>VAcxCl#0MvCh@WdC7P!ufWkckH|
zr)D;VW+A(coXa_L&Y~yLOKYr+<E9_Yxx1W&l}vE$LDz8k-j}hVZ6oh)T+GQcPhij5
z`4k0<kdBj)ng6xiLblvGfaR1)tZWxBLvNObXb>9Pm)kt}_V1JbW<U@htdxuG@PcY~
z9W|ekMI)%|s^^pX&p2x43H<%Ids)%6k|(};hM(_!IX~FrViI<Oy=v#P%kbHhL@GFc
z*K-(CQcHKdo1>;2$=+l3Bx*!>=!E+?X~qfM_v!s4og~kk_BgdAqnS~?6NgSZnDT-u
zj+lHHb4SkM&`Ad~x_Bh}k6%DvvX^)=Hb|dU1JY{nKt4Oj+cd8P!j=ff8HsIW#Q>K{
zeVb#^EL6_9p6vyfNY|YzlX6fpAX1B{+z0e9s^vXY&jz&VSD@{5Ei}FctskQ8{71yN
z^U-Gi4l(jLWc>@sO^>-2slv&KvN<s3bY%StAat}D*P;zS6wEU8y`M*nJQh{=9I9g}
z`m7t!W?tvwQ#b)pHU}|cA!^%Oh|-<WW?l>7QD|e&M%(F1=&eJoybWSo5hXjJ@B1ti
zj6tor2TEq5@9`iaG_3!bD1h)VM9Bz5)EoYKHfQ)E6Ns|eVE3ZFx*65-DcYn95EIWw
zp(85hqK!Khl#PltqK!NZed4*U6)l|+S@=GA`cBs6mXml!Ey=|E%*wuY*dk@C?q<y1
z7W8-xRyZ-Bm1!u}r<B5!H)0<dB}B{G3jn2oRKk{E*|xN$P^aGial`v7w#Ay_wu4d(
zj|TOQq?A2z%b8hI6sioHMt9tj0YeuOh2<cnQe5`b=gmvjHzy99QXQ==i<%V`1!iy3
z%@UWel}hFMeRIXu-b?RzZ`)Z%?o@LBS-VwFA6^s~JGv~maMp<Ex~8t=F?YP%gzcz(
zCRKz+mP8Dx6mEbFoxCn~A`gwy%pHRDNg?uDv<8K(KuJgh70JkO1X%-s63!-ctrJZS
zOLao2Bq1Y0ZIK(PwZ6N7K&X^gPkNfE<&)^M`nZ4DBV4iQS3J1v5$27UOFY@j+O~B}
ztC&JnbQr(;;8uP#?^3q)Hu38>uH@|9zRNDvvv_&UtE|}iB^$?V=FkZTvS7?Ug!B*r
zJ-~*Jjl8t_A2f6|X7biZg>o#8o_r*l(0K5Rhh3K^M3z8E<>tp2T|5#gC8gm~j+k;d
zA8h`R?nF<zT_{CQvWM<OH&Qw*-02v~BjsHE#&ult)GzsBpJhC8>cd#lO8L5zVob^%
zu(o70NhisK^6?xp`CvZT@)>u3cn>pbW?<P#HneSIUhVEoC?8L+chLH|WzX`1=Psit
zSj+|U&PNDAb8j=xEPI9xts64Q6m$E)c6X({$<$V(1jlNMXQW$fg{2!~H}u<$QT=}8
zfk{rCc_y9#|EKU3=$gS*Z(UEqPIC6_Gq`5oD>!HN8T{zApYiINf6|@oq1fs}DTP#$
z?qs){)K-yBvbwHq9j82T7VF#A(H`sM;@vM~SV1K>z5RO{TQ{<;dmAH)YKWK->bmL~
zS2m6X6TiiIbI)OI>pD((>`a<l>(RquezD+ZOstr|6U&}rdBfM#b=I-xnEA}Cp24dt
zUroEK3`nay^7-#tDDt{$rC>V}%~54i$zfR!q-wzs_1I#Uw5w0Q_tgM(dawt=H_tmU
zE5^8zF?@8+A|#53zI>b;-@BPUD@L#7_HXI9u`p7R6jRA=@A>S0u6+Kd6o-oW?%ea4
zST>QuKoQ>>w;#`~c#&^Ec@`*1BwT`&iVJr;56iZ=`t_@sT0H}$pgq>kK4bRcpos_Y
z+M3t7@W~4hfgp26?84F07BaSK0$qu20PgzeZmxg+8fprwIdje#OskxlPOPm7jTKF+
zc<$>LXzgkB0?`aC2meXyQ@=9O8&@1P%I_wm_Nb4GwYC2<xgD&mvg1sz*@bg=K8w1p
z20pD{LQk?6Lo+yf>OxAxr2w?W+IVyQzgX6=l(FUG`SD(tvAlT&x4&^a$M10p0C78k
zquf68Y5fwu_soSHHvK4GKI=KAR8C>cu<@L@)3G%5G;_|A7tq+giMb<pWq$2Eq_hW>
zoBz4o+7iuHWm1wYx0>FJCK}Mi)ckTgFuwl{-lp9Em77Fa*K}Sx;{^=OpsBZsV;()3
z=H3=ApZ^0iq4QDwr)=rmLc&gRz_<n6`O#lEdBzFM8?h@}yS7qQFpQhu{R5vjxB-AV
zVjUbX{#zU}=^#GZ@-bi5FJ(f-ME0zmPgOw`?`~Yon3B=V9zK(bXaxy7!St$W%&(n?
zQi?a${0m#!1nD2}Vjx<5BbUsaas%>KkUHBqf_Nfp9TiK&w}rx@4q;Y7a$v<NFYKJM
zP9GvV2K}IAZjgzV_mLl-0pS|N_=_OXf@=R1LRIdvZ{$&6ct<U*4phU-sLrp@X7B9o
zxv#thx#W68$Cv1PJ`Th7M(80#@igRy`;j025Q=KhD)vCDJq5Y^CO0SqAXoezwdP(#
z>1;&Reu%<}kj`5sQEi{2)<1|g`C>%DSk$H`QSDzL`WjqoQt@<Xd;`4oobqH>pMM{z
z^Ime*U8pTDA*Oxbg{y~AO&_4NkbC4KSng7(Y-dE%doG-g6*wPWf~eXDt$IHw*$K=-
zPif0haRy+2F5Q(<peqn+{Pvmm4HT(Rk&tmsQ{b&B{q+wu-&1a~UH_F*o^m0nRH9zI
zkmU*#!ZZwR*{1fs=a$s>(wlVlm{t{e?!x(_3PXn0lXRS*sf&aym8PeRTuQhB^}x0z
zUA>kH1q|J?9h5RKvfG33aNpJ)m*|?%J<M#SD31iRps9<to}`1cK|?h4B%Io^0>f*c
zz(Hho76u3!F;wLVyxj^<iRxE22Yw1(It;pU-xmm!&`r(E0wQ!%A#9b=)ZH^omYtw2
z)&{_|@+mx)c!Vq7yplsF9?FmBeV_7h83sBx?Ds3qo^=K-y)BrAyAajTC=QjNdp@)x
zP{i=48|PyF$lckkW)2A_$%>X$yu9W$mNYKq>ivGfi>Exrs+KjJ`t-M1+V}-QBTUjx
zP*pgBQ)isWhjkzG(Uy-1q?L}$4pYbo($d??5f2_sOIrhrzV{Xv&OML!H@@#K&Vhs#
z$95c-6u1kk(vUm(Z|!OX1KRppy*Bi>5QWV!pErELUU%$E&<L^OCtq>p0l(nGO&@W=
zyz^K%eId=>*@C2Fxkf?H0Q}sS&(qLaPlI01xsRX6?-t(79moBN?nE~iKXnNYfBF!S
zKs3`Xd=p*n<)2K_J97QyS_sd4>Emto`?>JG$wZw8LGM;T3)0ZGk&B=G4tIWZC*Rri
z0xq3*5!dg36(4T?2&p6rH;9A~TG|KSe=S=7HlJ<z5HyqGU~$@Kz90}`T;)U_Iq5+r
zl#Qdcua)9ZG4-7dl!wcR2BNHPUQ0);6D<_NiN`1kx^v(D6TZcQ@%s|D;;h)Vf>hv<
zyzTm?i|f2J+s@)Tw|=GEe2lr_i%LU|=t#(PIN3q)_21iJ-YU0jKo8In@8DN&U(dFl
zZEWh;LQo4}XgZE`kaoi7vyL0N%=_8e+X^N)()9?JN-```0l?;tO&}$KU?F|6E~<(~
zVh96U*o1?Hn3{<~f`pQg8%w3Js}VE}<v29;G`sEcIX|@Zwn7kWufDJu=D`miVD|8t
zoUzMkym7&+ytiR7XFmFE>N@K(Q9b$3EW%)ja+}(45PHARRGOwsf&Yxu|E=8iv#_Kd
zN{6ygDTby~7B1zs!+sA!u(D+}UpKAbH}Cw8JCD4T-yL!zaXZ0<&tJ@^^{z!)7diyV
zku$e~*1lHo&c=Xy2B$bsMA!_|+}lFT>H|%%t$S<s`zjl~tRMfEa+^yhS8g>SwCn*b
zD3qpYG8^~7c{?PR%zpm|?gQCvNH0V%G#yLY-1zRz95?MKstc-!m|+51z#BIem(RZx
zp=oUH+{~7aExfh<ZI(B!WdHFCFmyMV#7iq*NgqE~N>Sm-`jpBk+<n5`I7+gjX(cT^
zt-QBkF?;N@JEzS)nf6#4?{0XP11288p_30`Q~M@9um8dgW}`%QBmRfH^&EY4?Cf<^
zNkpgwy4<eyDZ94(mlj0D>QQU&M4S90FiQ}ciP8(bGfW}0nKywD(7hVERv|Y&gtp6V
zXw!cM(|(Eb`42#PIfMHe+#^+vmqtS9h(NjbtkLyRv-(iUE`(V`mL(_I0Y=abgaM$L
z$Q8Fi;drzWN1-41FVv=|(u$X;-XFbsf$N^wxx%Y2wG<VI)Va!4e@3-_3W-+Kws+j~
zP{Lb6+X)zXB*xzNyNZ$HwL@AN+9ulF-&qNFMSuQfT?1`S`5p^F-i1h>YlmI??2htE
z%_=U(3EJsio6mJGb@|=)6s{F2ci<DaZfYr4wX`B2yxd75qd26>`f9TsiKe^5)meLu
zEgn`BGLFCJ!}^17d$-QArP4JaRKLI&?qz5~XkIEQ1t=jzD%84CN+>V1x~>TjZdm|R
z*ID1(<FxlC<iz1cfl<SX%vrT%ftfWWfrRZS<sgu{tFfhB>-=rQ4eHP@?-cH6ps8%v
zJ-<7kpB92l{;Sk~g)f&>D$kY5lno|?5wf;wA+6g_3sY*N44Wbxl^#@d+z_~rEq?|}
zT6}NL`Fv~Kfh_v!HC|o!2H-A?rc_Sl>{(~<!s=HTd)rk0vG#ShnO@a~W>6L?qa;+s
z(x$Hfcyr_1jK6g{Q}5V?@4R>k4V?|Vx9NQ*|8W`*FMEv16%*NO)E+oi9EEF{ICSDc
zj47?<-p?MOH{OXMbW*#5ndZBT;etQ`<;B(M-BH`IvAjWGLiu<mR*Yv<$ta|BupOJV
zt?K}oJ8D+~;Sh&RIxyWn-#p{#Dhfk0C<+uYwzQUr876MW*>lW%7EWKt?eG4HX*W(|
zS>rMS-o)a+gsxFrHiphvC%gWBE*C#_35CHzj+=EXj&$6pNGTVfRDa36QWK!hl|i^+
z*y~c(C;;*G38pDUZB`B&KTLnye01#R2Bvb}$-*nogsn1g1aSD&g$ygLW%;J1{Bzx#
z02spXf)QAR^bq6A#xc2kBIV&SkM5Z~M^Z{OJ&37gpJhqd2@acjI8!PnamfppvB#bJ
z&>m|i8i=yKbpx9_>X=bIoqfmdjR0nj+L<jK?lGh1zkY!+*N<oREpxc|x$pDArVlfT
zfisHfz!P@*dyqwTo(Vf^ahmVjzqnDLG=b2JPD6y7{Gb9cy<AuNaN(rNs)6~W@bxE^
zjq`SS>;5r>L9f-v6JI~glb=1r$D7_mN{KCPhD9qGSu&bwl~V!tJfr{01p9Embs_k=
zX*mD~PdteK$KIF6+fh{cf2(@$ySydI%kr`V0og$|LDm6eRYrjkl|@is1OZXRWl+)4
zk>8A?;s)Z51H+=SBeF*VBtRgL4MO(3<Rvf3Tkq0a)$fn)dvAB&>U;aXybxxF{(O>m
zyX(}cQ_DG3r_QNUv&QcULpJdKX@`Rn3W>^S*W1vcwFk->0i_hnwk!wZ42MrU40)py
z`%c~;hfg~cE4IFk4gKqaXnsL?ycS6e9N2y0?)d3*KgZrT?Spx1=HY|0j>6s(_lD!x
zwe}J9ZPMa3(!MpgI=-#rwHV)mLQ&KWkwfcij?rXKs_|`np}mv&Hf*Jcz;OUn!OHEc
z(O(+Ch&_T6e}6ireSap-zxQH1u<SuF?%@Ns9*c|rd>Kr|z<K+hQ(gFsH^)I%v|3=I
z5PE;ZjaK_iA`&(YZ9-pRD`s{~$DDDyV~_EB;m8?B1OW{a+ICm*Z8&p{Z~HaLjPR}O
zspDji)c7_|Z@h2Q$nJPw$NQ{qoK*ht2uvk{?OkvD30FM$1&lW*;MZr}f{bEf(dIWm
zKyb|?U&5sCcH_+3KZbvM_TRB;^P6~h`6HM!ehxl)z{jz4^D?}&;ic;41SJ$pxA=?c
zrCXL_zaPCHv%bFvK6l@h_|qHrV*c6}VX6ks-Txdc?p=Zhmp+U(EsvA-I0>)!zJay<
zYy60g32uvZu6qd8EB@5+1h4gNyy=AFh5Ozy5&@N!jmVFStfPiXq>B?wsk@INQf{QQ
z`t-^_A_Hy-e8o?|7Jn0H+Xv*}n}O0MptKQS7QA^Mg?IlncrRW6Z{0lrRp34IA$Tu*
z5}*p`^z&*8OxH1hqJT_3!!L61O|XF_e%iRheMM>f5g_?Jz_-5!l((W5NJ0u|4&*73
zL2|o;ExHlzBZq;HtOA*FHn{6I2U~w1-23)``^XVsFJBA3^(8>cqPBhwl<ZAUg1>zS
zSnphL$pj~%;6JhfI_I+hp>Q8P8s00{2aOdvCs(nIRCOL+&%2SQW>*mMIec3KTnZ3r
zRU=H5r)7(jsb)KijyZw3st3ww9Tj2g6Gzl-kH?fPDvDkQfFm0I8y-=DgCjXj4#G46
zN-#0!O@&h5uaUgCdRzIjqi5reiw~c?exT@@nk;2i*`okyGZd;w5~Um@r%RHmNRTNA
z2qA5TLOV=VqD^7HX8-^o07*naR3K0TEmT(|qEO!wmenK*?h#G$)7nghZr?WI-um3C
zp?^7TpU!39I(2IAV9E7I3E{pwc}&5qbXroxJ;ba}NkJokgrF20^_TD>YAIwgs8Xh~
zVfS=R4E)@JN1@6zMu@>#5VkL1cug_!=-ZFsi;sU5Up?wec=D4EV$+!$kvDu3@`~*%
zv1PayFKt|i56?Lb^FR9>CYb&%hau}2E^fusYv$sk@B1*`x^fZD`tN_jPZ!*ZD-XL2
zM^8TzE_3nps=0Xhtw-^@kKTsO!<#TEHyMjJFU8!o&w<K17-Ntn4HqAL0eVMz@zC;z
zp~!k<vBH@j$w`+Dj5j;+(m&6Gt{BLw8QlHGpYY(ahcG@f9;eRv5FWblJ}ln61R2Ey
zmknrC#be7J#lk~h#U+P+8mGVSG!(4@Jmx_na+UcxI3!7eDycZQ`yjmem1XEOJD^G`
z{@+voj=NsF8=pA%Jbdn`f5vgUAB)-JW&;3ZD*3mo1JGm*++k?b+wkX4{|Ou%rfOoS
zJcPR!-VK>Zz7?$5;wLTu2mmU%il(d$e{Kg<o5{2MQ12lWp^3FNjsy!U;k!Us@i?vu
zN(Rfbaov$$zyXu?L&+{+QhqW9ts(sI`JZ6(&_>+1>_O~%>^^wzGf!gq);B>3MPAE;
za#9Tfkkzu_)kP9Vo8AVA`hD^GrZ-S>O8Ae{zK_cf|12iwCd2Y<Y#QptHy`^ZZvEIV
z@c3sQLGSQpEZedS7u|IU4xfHFE<W@koVu5P2>z)RPvM!jpM|05b#2~ok`AYd1bCyJ
z&PX|2(AU9lN<dY4o1Qf`g;8sij`KWpGgmNaBSgE1-n4xi<fowM(A&Vk(V@1ZPtQQ5
z3N{XJ#GjYlk5BD?9^U-?>sUMB55Jt|pFJ{y^N6~v0Sw3}{(GC2$1CgR<EFVk!1c#`
z5lgRm4F$W1yWhAMSKWU#o?7`dK6&8B@%mLS<2z6P8z>>@%1pqkJ&W*-zkM6uKKUD1
z{gt<nQB0JaGQRP*Z((?-AMJ*3vC@LW#+ksn>oFIn?0E{lfBN^(JJgHm9n<mj+fQT3
zrp3@?P0R<0Z4`xT-nR{K5&)89E4m)x+w1_*8KE;dV^Owzhxj(cz#t%K*V|w!roYgp
z3N{S&;OkF(6Ssc&r+DGB&!E4s4Mn$vs~-L$et6n{pk2>Hl{FOYBJNytH+lxw;pLu%
z_`vkTvEa%Vao6kj001&drfPx8X*q!LAd(``VYH)fWD9P2;THV+8UGJ+KlcpQ4{U%Y
z8(@qDidTYyfp-Vr5>?)+Xy)cH>a3)Wvl*FE<=Z&jB6@{oqrSgluZ{aQ^veAOWSf?U
zOl5TECgYi9kKu>U-;C=%_yzpz%pc<B=YNjFx(~%2=l%gVo&2vb6cb;1^eb4f;yFD0
z=A*dom}_AwCLUYyI7%Z!&?fte)P(E=yu9HReCNsU;f8<s8kSzW2nD-<p1}<`@wQX2
zVyo{l&~CKj)t*IIux<eu7&KYMi)-hjY!#5z+oJVK;;*FkihSc@9HMqgYHwMBtf}j>
zdOos_g077xD(m71ZNU1aiRnwCkw}2r4uAn_7x>$^flv7e$mG*N_P7FU@i##a`wgVy
z9tSV?0pMT@uL9lYUqH-h;Gh7r!Pndl<o5;u(5W8=opLImPXyog3i$fJ0QLab%3p!*
z_8HKBTn}jD!HXNg7XKSyj{r*0?!narPy$az&Om0L4{47}!L4l|ndx9_?*UtWGhj>x
z-Th+F?$dnGO;5t>{W}oM1pojgIHIq%gDW~9SB~s+KO!IiPzij?bHJ2;fPC`f;MVq_
z?Twm(r}|dXiWRGhx7Lu&+d2kII05q{Fe0sN1YLPrR-}~Dgvr#+Wx(VSNWsmmtYSF{
zfRbGI65aNQuVjU9Fb*&NRf?s(L-tj7zqV=3_JRwE5Kxe}HV?a>zw6cBO+%K;I0tk}
zfA_-b;lZ-iv-^ac^2*w6*5sTadyHZ8V9C4cu7!P+QqntAVqbq?$+ig@Ro*aA^2#pw
zHFv+ZRhK2wKWy=*-s~%1dFLxz7OdH3ZyG3iSKj$@-<w;89heGz^3C4zm3O|}w{+96
z4Oyn&yno5yb8l_6resuV5s+_xWZ(7<Q=|O_n<0q6o*Z$H`;`y3N9D{@+`yOQ7FcQj
zun-|JoV5f16jZe(T`g{2HyzcTlpAmZQEf8aCV&^{QKXv7U(EjG#h>7@RZrrS-A;lk
zsc=0P>xX*q@QS~}am%>q{>yN}tYa})9>n^g9_%%K4(9i~1c}JF=CLp1$yHCoPz<c=
zUxzRJ^~-o=<3fxN6s~7h{~cS4+i?Bgz7ADVVYxOQUGW%JZd(aMF;TFFaop@<@xd8K
z;Xmj77@LQCYnFqcEmW$aztoRw9=aCodK(PI0OuT=N4DTEi|>c!mhtPCeuv(nUUav0
zWBKM~$m=<@>22sQ^`n1e8$NNz`FMZ#!2tL0zDfJwU;g217$^_G^K8hn23^vycKcd<
z=I%>jDh3SMsNPle@Y09jcn;3{!zXa~jKi^Ua3hATVay&k3v0Hm#&72T7V}om!-BO7
zpz8)U5B1_3k9-3Yvg6?~4==BK8S_@ngQ=LcE^D*^ilqB}Ms>}iy16b4qHh}LWQ<I9
zLU++5PSg#{XfjcAK_aj0FH?MX?oHUgYhO@GVS5f<?pcU=YyJ*Z*75Iu|4%I6@+P{n
z6YzTP8<?D(3`%^s`Rf<piU+R7^1kKJs2{eTF@~=^`gOD$?HDc%W8Svs@sGEkgT1@n
zhqwCPf+p+eFxpYHhjHh^JFtFW0}h>b2o$Q|&AvCWad0Cp|I-zC=Iv+E7EI7jzx@mp
zDuYyoX}ldqF;OSMBrRw}Fr0%(5~!{ZI3(X222m}w%VrqQyjpaqREw}AI%2OCTq;#D
zQ0m9!4_^fiU|Y$*4@M#q9M{Gd|N2!tyZSlgwH#jVS%^I+%)z$8HfU7AUzXmFHT`R_
zV8ct$v<!Z?@Q+xq{$;$dZa!p5$JhRL172MBB4&5a1_i-$Yo7<<1lK?MH9WuedFZl%
z7uU|mXa00KhOJ?6?%}&neHX89T7<nO><N!E%v(JV^VcnaW@d25!aK2O<Lh`~?F-N}
z1Gl~SD?GFES-iCVCCF64*B<#7C{)IXUBG>>--o_JA9Ps*Pt(6~x4njK8oV^+TLP+S
zmSkiid~0k~I&F_kws#TVRvt<yY}dvY9=#qJ#YBIpA1YNq3Bhk)`5o2|Y{34L_Ju@c
ztlqvFuk^f%?>&1HrsO8WV;)}Hv<T0vnhOaW7u|CSj+=d~AC0kRAwGBCRd}=SEv(wM
z8duzR6*dlSgr?|NwDC1uao<%~+rJiuY~Z%}zrh>5OVDLbfXh8xcib1T-{gI<y|_IZ
z#SOcdZ)0PHND?I7=;s|~gl{FAbW03vjPd4t+iZLZUhC;^E@vbn!SNj2@Z^mcZ;r?6
z?W>^b2L65S53qXs8pu?_vMtN;;oCoo)8?E4MN%<h4dd|@Pe3zGyuRrTTzJnV$f_AU
zwelILs)=>|>v6?>S7FOY9~kp+<Ky4PlFdsnEk6~MQoOct5nRtjUtudQyZ4_lK05)A
zE`JnTM*48+J(pvAW;~vL`x$78xpU7vrD?11I|Ha9K{E87ZTlS(_3WYYG|li71`m;-
z5sk`@Q%5!bUZs~V1GoivMF0fs)vG}!o(%4efNy*heC~%qIu8Me3|`y-zU?Kj<v#++
z%m6q88(ae3^APA^xA<hQxCJQp0R&(@j{sI5Kvmyjw0SOwITc_oSnm_S;8H-%gTHkP
z*v7wt_rC#918nIJK#VEiLvQ&?SZNDDD7f7Zw*G#=?gyLyd7$^%s?x=KpA8f--+IJ3
z0bBATz`Pf%e=$IfTKy#xe8VH~3LAZ8Z|H6C;wBJn9Qf8(K-%{NA6W-p=z%x?TA;MW
zcYz#O4sZUo;Khx8e^)JNN$nkK_ZUwRBEfNGMyb4_QO+uc#K|M!nRMreuj^lV%oX<L
z_YH&C;j#l|sGi0;OG`CROo6IcPdI8WY6$RpjAO)RkR<|B@omo@14e8QGN;I>J`#@u
z#WIJ>IaHaz_5AHLQ==%_44{CiN+>xDE(0>E1WJGr%Ri)%RV8?gqhxbv5`|2Gg3X}F
z1iCE2VGIR_LzV~(nf~CsgF1_r$5yTHw?FcMnc0sVFg5dy`(NMwoqHDzLXk<mMufl)
zT?zLdBr}2ai39+3iYNSm61HqrwVpZ+tn%0Y;YviEvO1GL=;?3wef)|4s6g%c#95u&
zHm&|cd2svbUcstGj*E?tvSWb<hsynalAvojP%5G16v3UMKY*zWxE3Te3tiG-d1bi4
zA#hb|10@vY(f}$84WgL7Z?-jz$}XRzX8ik?xC`dFxc!{p<J|o|hC_dG6kgfzihqtM
zB>V^nJno@X9tuTl@!LSxa*(ME#yu1(>9XSA;LbT9$vAA<Vff-P*Wi)mfA#OL`Or7u
zF%PHSb~+YsS`1w=KtSL!7o}2Y6N&?%Kvv6vQi_6Afakcu^$rB^I1Jr{<yc^@2TjwU
z$r>2*Fj6X1cdaCuBBNz$IKw}hEXD}ufCMPrU0c<CcRQo!q{ru1(xyLh^pQgw`|h%b
z2dBag9a>4+ovr(pydY0IVG~YJutxybLUnN|YcSOeXwar*YuFF@Dr<h&Qx2F$8ywGu
zV-)~NMOMwCa+zbn8U#EB!|*SM9kGT1*99aQ;2yv@Og#@uB^0a?a3_cuBuU6=Ilmvv
zwVUH*MT4Ojf`v>28QE;YPHfi(Z69wt#z3<wq?z4Mbe?tCKfXEsH`T#6=}(7WQQXpZ
zvokV6tD<5joS`59Jno@f9)!<Nc}PS;<zi{ubKqD*e%Z1PxMhIK$ZBmUIz=$M1W7ev
zC<aEX0^pQ`ci-AvEDs0woB&kOVX7u<$A%pk%_YTv=ac|Kkkx#}cf=YBc6|UUt1wj)
z1Ox?Z1k7<DYr1a{w?+WRg{t{|Yun{&y>!j+@4jj<#%u3Q7Gq5m6485wZ{_ZZTQUdk
ze(KueA6r;S>wf5i#}<0~?zDymClfb3Ufwyrt$pSwl?DOsLD$<Mg^msstP#MiotrS!
z3`$n5KOrf|s96v~P_j#YKY~C~ba++?P*muWigI}*;LSX2*M?;k07-%(skq_9e}N(E
zSh(&LoVw2`IRE|U<Hvvh39fta%TOh?dU<P<_ICr{YEWi(KiYlD2R^oN$}dZmv`P0I
zc73t0@B7Y3p}KK1rV3O9gg2c(!sYw(qYF*TLy;6Xo&&2q1Q4I^UC)7Q7pvKPINwFv
zA0vRQn$Q&;uIr#&9tJ2yR?mZTjzVSr<p7ZtWVI|9XDE~g0S0KA2}M#cQXT|6K-G-;
zjgA(T<CYYthA{p^JP%S=8?-qyzOwP07jFuu6@Go-*E4P9e`WIKbaF*#F(LjO<^)mI
zl{RoH`S&xq!5T}>`M)b?ma5-I;NK+$e;oz_df08Cvo8c&a5>nrTYVFXoC`vPbAU6z
z4e_jO`oS##|Gp~E_LU;4`ZO`ezetxm)iCA&2`<-F{PLZlT0d3s@xU>S`*@jC!&?<L
z1n^3J-DI;?Cg;AT$}9VdrlbS*pkGI&&Bx^o`wE*9ivN))29lI44w<U3%K0LIef5jq
zSe=BS^0Z`;ItN4{_9v#IZ1@fD&#q#7rRaVmz;7hRN$q$R@!iy_N>k`>*e#G!g1jC&
zjO!6d0NNDUhYeYMOf95fC<vS=fvi!vHITqiq6d4k8ugVM?qATWgbuD{^`Hz2NR*;Y
z_ABCgeEYD)t~g;%PND=OWrzRs?JsS;<!{SJKxzFpSv(ZFN2BMRYOrGEDQ<a6g7p&w
zhyhSfQngaSFj&OZfWRKdJvJGxA4;~a?BLO5Eq1Y5@QX9(l3q2*62On>!U4`bs8oS!
zbVhKQMn~NsR*cTrq~>3gs>&vQG5?qN`TSe4Y|HY%8Wo-V{YzCTGFp3mYXriAg7_{1
zm2!O#5?HQ<ts{MyoSTfBPWv7>fEU-!#|?k|CKmN9@?A~>w=$VX$eC?IVa~blrdPom
zN`S1IAeG}ifg57psF=yaP1?dDEQFs(GN__%&Sdm~FdQpm8gbn=f6>WN$7{kenoQI!
zPCgvmx3no{-K56BArUFsZ%VBVRH{NX)S#L*q#3QP)&`s-t7ZYwJ$yk(?kdgzk3=M7
zjkfx*xZ%I?Ct;!nD*GOd@+9=D;9Hyr36-I$TF=Ds=T{eFH{b>W7qbZClrV9BiQm&M
z!fNz#_?AU82*~2|H4lDrC`5vychqoHA~RK7`+|FZIOD!+pHh1#Ajs(X=y+iqiljg_
zLSsS-A0`H}T0Yvg+`p*RA7`kRpHngse$=FBL`I&}FD+T0M%lLk-^!}mE9=@|7*2M{
zG~#%95<0Wmyo|Bs+bWF!G8NaV7)(aVhT7Lp$Y}XGoSbt%BB`v`+Q6*!X*TF<&i%eu
zjCNmvb4u7Uycu6T;d)$f$fsbr7QXWES8?;)pF*m0gMPR1tpr6@drqJ7%W~!0F?d>{
z9-m1#YdF^mX%M81#`;uy56`uJdbsa6^RGLQjZRbqfh1|rjA-<{id%ig=&03+`Qh^`
z{R-}Tw?yV&_+j=5N6mE){&Fd&)!zN%1_@7!Iwj{xH`n?!g+59IgvupZQG4s)2;B{o
zfs?>Xpbl3W3l;Y*H)==d69<Tf$l6qnyRiX~!@S3RrKGqHd}z6^WNBuwP9rsbA++Yg
z2Sn+Xvms4^N0k)F01bK2RB4xhfcD67f{>q6RN3Lt{E|^q<N!bkwSyEYFNop?z*nHO
zV2zm|2I{R(2~b1<Bhn_P?Dgx-!CO<L)^3ANxiQ_fG63^p?qoo~DL~u`Q;naG+Ty-q
zeTqLdff!Azu6Dv_u(%*}I;rYS;KWxl{6H7Hj;@-6tbmS+rKmy3a#<qZeQ@dEcOO{l
zPk@{eST2Vq6HrpaUs0eKf`}He;7mk-yV4dlp_EKVBmt-?QNhDF0;VCLo+N2be?}pj
zqB*5;)Z^Wi(8bmA!++~v#EUS5=njfTj8E!dNw_<rc?c*x=HZ!D&j6gm4BxeslqbO1
zRB0f7`I@9+^YCVT=(ba<JA|I+!et(EY8I&$*ikELv`%r@SouO6G5ESkH<X7nKvHBV
zn!YisDv<@5Lg{qEkl`NlhmEjZlIzuQqK@OL>ubTJCd`w(P!KLw8kL)7yo&lO>1o!t
zN&ObaE9%om<29Uz1Cp#lQT26maeS3QU*Z!KiSZenc@>h<_w8u-HjXNd8&rIJi|A;^
zw=K5qnD%WLuCA<fd?4)G3Mk`{R0WEzt<RcmL*X=u)9C=u`1k0EcCG6OilpxnzHK1q
zN5i)SfT<Yx&4S<JHw%7Sg(*8_XtD~G%8gwz-)X*$)nAe|D5}2hJE0W4_hF4NGAqKj
z^;NGgJSbZ{Hq+57+#C?l-O{`i!z(T~{LY0q>&9y<N^xbpG#XoDHeP*~O-0iOG)>=#
z_(P;UKm$*gD&HpYuc#)?VACjKm4^aS25i}nfMq}Q^M)0aYJLIEL;{<`)|xp1R!DE!
zHfp8*q)B=ue+;K2gA;kxhVfRRO`Ie0w4_L}O?$U-H!}gY&QbB{Ab`+yFRqAGl!Y+G
z;mV2bk^&DD1|In&4%Sfl6u8LoIL^2dB?@#AC>xQpS`aHZ0IC<|hMCilgXno)El=3;
z6rmx&9Zm`hns`0q0Va|Zr|?t7QIW!~teVz{mban;z~Pf9;~m_M-OJQSs3SI{MH9B@
zZxt*g)OjpjP<|%t%9k*4`M46w7tt9im!J|G#Qz{uxf<vol~9jO06TP$RV37t$_~aL
zm1Ss}xpBYo`}K#xBrbJ>atg-%q0(yKir|{j-Dr_r*Vhde0ih?lli%cT!os5A&Gzx9
zj^@~S9Yy&f*rwwZfTXCdrkiWS-v*Yh$;gaM<IIaL93uH!?AwMsSb1;Iw{>|_^erEo
zz6C`6(pujVVR;GV$6-e)izHcwZkRpx0kb2PWXkANLb&g)9`^kHKghQfB)I#}e>W8)
zSkpF;i&dI;A>XR1t(%z$-}Y_nZ<9Ps_Rlq<*4Rn?8hjFu&6M=EWL*v5Q^<mb7PV&M
zrP_{hI#Td#3^sARR{!$keiF)&guV^xL@0rx8v}A~Tu&t9&yLG*lXimyGP#9C|JW)}
zF?msG1JP1(43(&+3RH!j$g>j_sD?0=biwjo(f~-S_Bm&n;0EFPrzJ&-Z=5-W*%^~@
z>Q%#)#~%i9(1<!=fdu6VAtfg?n1%N&5%|v0s5M4YoPsApGpVOJOm|(Va`=Oju&9%E
z1*b^&5h_opcij`wQA;Gk1d)<ivEnfTsxfM0%R@6~^+in5#CE4Mm&sA#*WyIoNSIgO
z8wkF%cv}(XDREZ1F6{g7PbN(!>Ixhh?C_;1zo9TsgOf8*S%HzwZv6es8?8#phnHWR
zh3!sZt{2NMSlpn6zD=0aT55wh%#OA}0?e2mQf@Z3Qt&`SrC5X$46?3S*|yI0VGw8I
z`fld2aoh_>{%WuY6XF(U5iWp`W)YTN7PQQ_!toJ@Z!l}N+P5NpX;l_A%v0lA&CG9F
zj2o+y_KB}tn&-AVIU3b1xxN1P^DTh{n!G-HH}WmvkTuORa-AC@Fx&gPndjww4}k<k
ziF0k}rCHzZgn6lT*(FHFPE?*!mOpw~<hu|1ij+CfJ!@uU9W|15XHbef;MFK>D3V%K
zo*Lk4SRNq=4sB!CTc1X$5T%7}*hUc6sV)oE03xrg159{Yvq*X7G;U=~aOy=AlZw%Z
zhpbPPgzzpY57N?DpLhVAWPKtb%M(w+S%FWmK84R}RgF6_JQdemAsrm`?LeaLfEC<H
zmaWRp506DOOmy8#us%iTt2T6<7AI>K*EPOr)|9uZr$ui72=UxmoH?}7ge?@v%>-bD
z6w$6=oZK+Z@OvC*@SBA3#&M*fGssi#4v<2qhhRzMJ)usb1w%rfM4_HEsSp5^K&Gmz
zYuSjUab!E`<gPoFxvm&VrEinyZM0yDwO2ikcpjdjodS9)b!%8|<(=2#L~Ohw1S|X=
zr#CcNH>0_M>sB~VWCtcqJ8)mP5m|<!>RU}Szcq}SI(#a3LJP7uV>RmAq{$|M7lezJ
zW{V+F9noStG-%tXb)muRnZP$K@ohsMM3iq^!AS{ZsyMnD4Qp>PcN}-!Zsz<C<6DvS
zsjl40`~O0|<+TJV%TP7F&uDLt@GY^~bnZCq@K}h@`m%*Csww8h@P~RF2^EdwXk}g!
z;Z1OhOFh?yaf-%k!#q2CymCm23QaXO9@TwvA%ag*W&&1QHP}PquuY>NrB$L*Di8ot
zD^X*iKmh`pMxhusg(WFqD(Ur0@c0Kx6nM4-F3W40V5>eYDN-_wsmwA=c+v={SAWk@
z(wV2oT~e|1N`Qw5e9R&R60{W|RoA3A-a4Fur%uTs3HLFf{ywJgLql$R6`YA)cLM7Z
z2mFh2Lywd+auY01Kx6AuyrDfx;8CjSF4uK${SOJMR*MOIg+f4PddvxgMXgKf7f=Gh
zTL)8lj|skp695+r=4OJgVIDE9Bo5n5m`2`X6Lq8VQ@S+)u|-(JJOWx72bCx^O&^jq
z5>ce6gHF!b6y~~h6G^mhd5W^b-xB&ZO&=t*TWc0Lad|t<LQzL^LVq<HuW`I7#tY{h
zilRVMjZKO~BCcN&FqJu0JM+BAnZbq|9x2DSPkRzf>_;P6kfv`_w(U-J0cte18sLra
zZL6|?b5Kcws+xlml_H9iWGkIu-W1Puf(@fknUONy<J)&D-%5%CO*1xXniS<*LZ>m$
z%`q?PMlYOeoAy(b1~Ko);Zw*0o}gs3A`7@+t_{)J@_20|XOhON;BPC|rz9MTtU=S%
zwKw8;JDiO%X+}0fWzKEXFWQ?e_(!2+G=!<(c?XrJI(h_fi8Q}6^{>kkN#~Fx8AY2G
zC4%*F(4?m|*S@ma?OM7DSK^Q>Zf7B@Q&`|9T8KF6&OKEWf_M#yujzmge^ZDFL!bn(
z4U{J!7Br%PYn_meinXZ1tRaOgUd@VPR;N5wn3C7phKA3Ug)<~X+-s;f)qNJxM|8ts
zhUxT#S>mOQ_hz}nyFJhKjcj4M!#|n{zFp-46rUsnINwoMf~GXKBFsZS>TuM^qf~;b
zXNI#%dqk099wu<xo8Y-_bkBfS|4Y>e>0M>gw}D@W2Jn$@joToaCuQG`h3iY~TWhW_
z$#`qAbvPtdg=Uz&le)%jkL2Wh8Y4{Q9s{jhPB@CO*t8v5U4)_4c1UhpVMImIGZuW?
z>Ud3qQveg;TZuw5%)xA1E;4Cz%kE+>8^>I)#<!!8o$vAOuHjqGIAm3Ure}I5Pn-}r
zvkDhe8DSFl7${BP+Z27UOXj6kWLJz%;WO&-nq2-)mqi><R0F!6Ss#ZaGNuy)@X8)I
zVnM}(&G0|P>J*}(4k-TN-EMViRBsL<DFBr1#8Wpk0E|4T6{(AtADQLW;gdW|W1u{0
zed4jdiLQGrnnwf|4jSPrW+V|75Gzngfi8rubx3gAtNaaHpJ-rx62OY^S3(kpty=^!
z1uBf7YI>`G>S#<+@4C8hq8nvoGfrfHY<+v(bY{Dq@M5>Dr=74{QlNsD6pMhdR5ohx
zDJSa?>`q;TG|ZE}PJ|L@MrL^YxLJ|Db<5@1+;KHhaZzn`!jAXt7))$Hi@Sn}IO6bQ
z*tcV`2#LdtViCd_hpZ?tGHsjhnEr3oo$aRqiMebFm?v12w$`^hv>@G~MN2Z?cm5{}
zDgXc=07*naR2$#!ELlV;g>Gbr#!cQkx&cxu@5UWhB^4L<R^`mD;@cE+$Ef>uG#hmd
zVJh^DJ>P<H$chRxlkfenao?(5*!rnO|6y|5p2l4_)-SF1ZR)u;1<tWhHpW6Z26ojZ
zYzyNR9Ezqpx!kxqiv=NcHn@Yavp$Vpf!Gn)F;Sp|FbS|@QGXy(FClo-HsS!);CV`a
z=6zeoUXdCpjO%c1v&(T+w@!I!$@;_vRv&_@Z%R0-Sfe|tgvF5nf5o8FAZSFA>t6i+
zD^3B9sOw%xF{v9n9R4T_ThHpORB`Lm4k%ClXR&oGOd|&%dy=Yq1KB*?5(aU&+wHnm
zn;(#XM=gutdPUxM^&)I1Ow=LRcT|{Hza>wmjVCD%NmiliW^aDqu1E-FkJ&R^W=o0g
z6rykM#IE32EJT5pC+e{ruRcvJPSgUJM&p%G0*PwS^-N@;{j*oU*Wo$#bhmQJa9W!G
zFD$~wV7&S?waB-v$|4@{tzq_NXLLr+S}^WTce!0Vv-%$2Hh^hd{x0KNqA^v=M9;o)
ztKIdS$)4k&x)4f1@BfT|AV}_4A^sM}>uBa$VY#s%t?+H&j;pA8zhY)0>nPlFP6i;;
zz^nwkX_bOqZGCD0+o(>$^wGeMzW%~2EwqvE1gC*W@){hn&~2W{e^M(_#BJ~3o;uOC
z6c6D$p6Zk+9<)OxQXD5BgeO{`NXQDqg4ojygHgmklOP~O)%q0JvEnTpFrtu-7;Z)g
z2zZ@k$H$*w*$TR_cD~E6ck+Et0tJfupQ|_+@rg^ScLIF~(^#oDARCTkWY}gyk|Hib
zGAG^4@fE4Mg-G4+&}0#iTm4iwiUop7l!r7C>LQ^g#1V&25UPT_@1BFKQ5c~J2rETF
z9!)c0sK&Z|`SImYCQ3MFIGzp8IqJ0jgf{SL9|gVfddB-Up`9W)>*|VheVa7N2K6G5
z_k=o$77VS9*Mvn-!|@u1i{m2%x@s0x#fa>F%8uQ^9H-l{ttihXwsC0D(kkCJXxo+p
zEC^^##kcX#BED@n9(f8L6x1o{N#cW6`WAqynb1^y^>i}3deQRBfDDEit{daqCbA27
zk8gK5-v;lLQfOMHs4IG8SDQM84(7U39Vd2%Cb8cdjBg&x(6pUuPvRJFHeQ0iVx>;d
zwn916L>8qPuZZRuT_B%&TAKyK;G9EIRp@%A*HClY!fD%z#Wqc+GvJkD^rlq|NOPEK
zdJ5&B39MM>ZBf~22or-Hi~3jbkYto;+eio}0Z;)>-%deE^+|t5iWw6;TOG&Bstw8r
zA{R|pxGTYRFRXYG0ECh{<`TiiaYk?p0$o(U#H?N->k|R$?!StheL{?8k?PCqaYta|
zW~{XLJq5JIafs?&txKf-0c?mik3iKtDVJeedESaf5pvjckGKl+JV;a)2-lF{3)52h
z8yDz^e~Z2I1SKOej{s+7$i?%f+3AeIzS|D6HlL`Yzd7g7bQ8LnS$7rLqk8!DE359w
z!t<uPp5<>gPys!01+rnk@y2a{3jMLZZI~xvyu@i5?M`R2@*6EEV!wANAPA53YXA~K
z?Y`1@4QJ(k5D`6_9nrE;MT)9UJNLZFuH%5jC!qNFPO4KQdK2E8_N{2KQimg%*1D$w
zFQmD9PKZMQ+j8HIMi#|iIft&BFwNZhZ-p*e{?ocUvhcj=j%Pu*C=B6#xAARV-;O2U
zrWjlA4!#8_r7$zuf|<*%3xiR|?&8etavj@u!V!+mguYGF2MPVQ%L0P5EQ>;T6YE`}
zM^JuZn~h?;3d-e-L)J8yncSB4{P@T^N;j1WfIW$E3&DC%SZ0iZ6fl*-Qz%a<;hI{X
zg!GI;$!Z7}f*nQug;{o}jW|FgaB2V&U6Brv|D;x=EX$ngluZhRRH*oUPeQjnpw4ZN
zLu?tU!y9`<cT~k8IT{78K%MfG#w{+48)5uh3>Phs2nQ>RTboAdwug|_i*tZ;A{20(
zLQ}bv$$8s8I@_)afNw6jM{(`)6xVf84Pzgwn^5pY-UWgu;r-omkQE3`)`@viOw?#1
z%+umTi^@~v8wWUprkTiP$43_1ecN82<k@y7b69QB8E=D8(!0ZbJDN5~!X1KrN5`uO
zZ?o|VH1FFG4-!gYn)zZ^=ak6Kwli3m;W@U+8H?`mwCV!Xqz(K!w6F+EfO$vndm4-J
z8u^xzZ(EfGoI}-2<Z~SnzTLcO@np}jI+z=}XXrh?O-bXsg>MOrOs>$G?~Yv9TDHp5
zT+7zMqVPb2HmH6}-v)ji8o)=s?LZqO(lhqs^&LHbnSj@~NNLDq+qaxN`|9Y1G^eu^
z#iN|Z?`(`eX)P})m4Xzo(JH1@o&<1-bngV^X{ReraTpE|3PyA=rmjqf*nd(hQeH`$
zVV5)lFhm0|0RG}#kcp6*62*gmtte2!h<ibTNP*%=zV9iVC$(E#7&njNu538ex$aew
zq_IAcL<OoLjp4ck7X;VUn^edMlvqwx&Gk%!Z9W%&t}4R?cWt}v*i&mRLM<*@n!=2Y
zvhi*c>OM^^E-**42x&F}@*rZLY7AvE`ORUlqT_U1met|8P6YS6Z9)3Z1Qtjxe@v8z
zv0RANW^E|43QaS&<~q6~A(SnvJj=GqDrY=W)~FYxqiF*n&2b!}JgxEVSoZC%-}nfA
za1Ke5ple3Iq2(iIEsCx))hd_UJvX?E2Ji8$5awOYw;FWK+|t(372#XQvS&GtEpry#
z@EEI&J)lLeh(sK5_?<D=HlU$ZzD<F1M--?q4=PlHp=Nr|Mbt0LCej|d<bpdc#LCL(
z6o?&#{a<N)8p}2cwGWjv6dkE7DRNJvEb%9mBK0(mk+^r<%tA?_;6W%l)<AgzcI>_<
z0PsSV9Fg)=DVwnbIt2K=gs|fAyQISS<M%y{+WHjvkZgV80{TSdGEZD@AW)t{z>E`6
zLUTE{tV$%Z`{~+phv&G{9jgqA1cAOY7GceBVkhrn$7vYN;zL+&?8jIv!W!XZ463Qa
zG%|g<to4PnNsLT$oN|ZfIH)>=wo31=YJ())A=r0RDXxBNVY~v-dbPSx;v9yNfuR}e
zXN?~hz4(!PGi=YIV7!5gPy^fv^t>Yr(Iot%S%keqd^;A4u*x3-fHMx&Fkl$D&4#W=
zHb7*LOn01eJA03Bo8o+T^R2!<Gih2eltRGRY}+k?a0Wu8G2z>H-G+w{rg8bZYz@&&
zzJ$MV4oV3OJ!5OKwl0<vlqhqk<iNATiqx*OJ~e==qiGZhQCiqh*1s;>m|CAIKce0o
zl41fxURSp0_H4S+0Hjo;mTuWk=bqGUl_mddR6LrVZ+WUw)hK90%~v6v^(oOhB*0P8
z0&1>qzAIp2yoVV63T{AbeM-J{x4r=8SEf>_dIBnCR*h1Ey2R<@m4Ef^ANdiqf0$mv
zq-=(jawd%k07h8{_ne82V@0bc5_}}|J^l`W)Crz=T`PISI9nFx5qc69VTm+zVI3m)
zks!<);SBw$(j%f(R4$MGj<*%!g9KoKtAT0ew`zJeva?OVrg+@ZJ<o$oWC3jn6Hr~h
zq@*|eL)5nk{Z;oQv{&MJkVxJZ$E&ao@jMAQAsVv+9uT%&ecOxrRyQ&*jka}@$f;FD
zY6+Gogp=8hSN5-1ps|dN7J<$Bb`)(ZJ_z3e-x5(fifBsLw~0zai?X0@!Jmc?s_%{Y
zmUHI22xanH&9=!A7a<T#@!)En>p`X=zKzS7c-ij;zKvG$|1RI^Sr~fzx*Ks^Rgt=z
zuh$6Y(`+|%W;G?f@p=mRHZczuwtecp74oK_Z=21FaeS?gS1$ONMiz<2i;&i6-`4Rg
z075A;W?RY3<mwbD5IPIg0l)yR)FnrewV*hqfPY7=PHA8p@p=_U{nEZsdMmi<)59-G
zZNvf91Y=Uqh^1~HpT6{Tiqy(JZBn_UwL4|0dLXuL@m?XcrJxZ6Rb{6N2eI-5h^<dm
zGQxo_NIJK;Dm)J?Y_VB1IpQ9K%2S2L=!b-QgCr_=brJVOiWouFZLbb__%Gn^q%fMv
zx^`z5i3ot<!uA=qT{iq%)*+r)!=D5b*n0<A1#N{`oj4#|;5KWkgvq)J!Z~C`Lq6NF
zb-z824DW1{a;Z4YaqZ}&9WJE7L=7HmgEaICZ~%gZRGJAp-na37Y@z)6vDRd~R=@4Q
zcx^;SjMloo4b@%KvdHB-HiX?s?s)6(6D+GV!Er3Xm`~TYejP%vqiowz_icFNV+Y1o
zOMRPC7Nm-}my*^*zGWPWsw0=_==;F5L#meKZ$16AWO?Nvs#_C!>&nKi=i3;q|5y1|
z*E7hsw?{5)ePQvvlP$Y6uI6eTqoZNj75Za++XB5&JYgIO{VK{Eo@+(rk7B&~^oV(}
zK96{8w;B*6N^AXi5%w*w1QE%V+S@xL>!|*FF3n2{>jJaH<1&J4>=cBZYkg`(fePT8
z)g2JlsV>{jwmu2dIiP01Ev0AXMZdSw5#T?m6e+iqon{yHoa;$0C?}wysC%Oh8UdhU
z>Jce8Rs2b=djalBp3w%4;Gqvmik6>9LO`Lqi0U{B<tbh+W8$C@Bu+;{`!nvRaSkv7
z)$mB(ME|5tDYE<Ny3TB?TvB|W?O>axk>IP4u_LYzNZNr;IZ?Od0+c+NgulHT4zi}6
zsAC^>)r6+!doRWNt09!XzwY5Sr)*8P$|Xd0I-2zDdjUaGEIz8BP1>sZtsZByzUABx
zp=_ubE2rinchQU#My8ala)%o}`_^Q9`}C)!S4^{yLzJgAz9mU8DaO{A^sNw2JkRL)
zpef%5JMWreK-aSy&%r*G%fO(`8ECT>mZw|R|4hD3l*f^8V^pU!II%1ER)Vf(EK|<+
zhSR)qX_{3kb-Io2kP_g0FCfSc$fD8CwSv5yGpLFQ(`eh?)*iJYbHb-`ur9bI@VJY>
z|Ku}IX<!?O2|s-d6{j??&Duvu06>TgzyKt5b$Vj_CzT?_IqkMACFgpw0|ZJ?s|pk+
zL7rfcRSi2L*F7`{8WGCFNuZRaR8BZ*iw+)B#1gGfX+xG1w4^}A%dOCrXnm?`oH68a
zns}{lRWKlv1JMn-L6^Ld2xg9%Ww$^%V*rsNdEz*HQ$CNpH=KkLaYWzKTPSKDn%`lC
z>VgGz<t5ZfRCdB5s2)c$tx4sMN~p)$j1U4{%Q9V!`fR)2K;C2a)UsWSDkKR_U8fkg
zKyT%D-2!<m`!@34KyoMbZPIuR*J(84HHnlkt)X&LDaU~eudJ%j^=!W^XCezS>hUR#
zRUGfyHtIs3$8qwCz>e1;={>n^ca(3d<1o$GLJTI3zfs?|APZ8}Y0UYSgAfWs%Xzx2
zNBEX_r8dvCr<N@N-wMX>yN+*#xGL}e7x<Pz(R3JQcB`&L`IbPPY}utw#}2|{C-NYo
zZ6GRB)V9L$5zm{VU&Hl*pkLFJpVV(?!ncjatEeyHeVcZ?r0Lr@ZWg#~YR3BU=Ir5c
z7OK%n662lRD@IU_m4XmuwN?~_ov1)HgsG(0V1=M#tYkKABOwv~U?7r)vMmD=U6r0F
z|4F4t5l`y2%5nx}vK>nN4k?Hgr^@4n?>!>*fgQqwR;WY(pt0|aq;QLi;g4H*L;)sh
ziQ=?|)~B$LCSun@5sgWfCjcOEIvQA?;>uIyp_IS_F-<0AbZk66uT}-X5-d>|-05Yn
z+&~b=CZD>AH2h64QA4C;AS(DENJkCMWiG%u6iE@6+hn02qIpMM349#Uch7UdID<^(
z`TziRbVSQ<xCjfwhrV;>TP-qXyJcw6`$}BL>F_*fiodf>8&7D$@(^u<gmy}M@u>Jc
zn5bjvE^~dCMJl6q8L42wB%~*~ztWCZA5T0_i{mAfE?i(n-s}5;GX_=Fk;}GiYs;IF
z1sP|UVtaPZacoGCoAYhF%w}~<q<hEvw)(pPFC^it)QNEh&+}sABc4Y*4pPaYW{a@U
zx26khA>RU2qR3|3N*Ob^CJbIKmO4FVPqu6U-^OK^sLWl!x1Q&LaR!M>poB*A>}0-W
zoWW!Mi36ERpb(TV#F31%MpI*&g?#IAsH%pn*}ly%qd`O%ce`EKrt7-?*|%7~wdRtE
z`nHYFOG$Jl)h7fi<lErgZ*v!vP)PC3*U^mE>faW|Ylzm-tV>e&Z3q|V42GG5Y34S}
z&UHjKq&Xwq*^H!k10{e<XsGN|Gc|{K&-&B^wpsfK2@tdoXCSHyiz_y`vNk<|{*ywH
zBBWfnsk>B`q70d&JPCtFB!nwZy6>rizmlh+TU_uloWv1g1di%?EfK8$A^0NFlTt?9
zYkKaf0u;g-7cg~hd!al@bcx;n5IH}^ft<-`TaNeagBz=EBoD24v&$+LCOUSxLcgC~
zG(mu)V2uD??U<aVW}r$6xPXSS66TCEn6d#%DGF8rGL<o6jeru0jG6)GOpGVqv;c~B
z5svM{D+&qn3xsS??og=|5z>SJIYX~a)*)JXpy(NjfuZscBuFv5(MhtY;uON2m=1st
zihQ=i>CASn34bpRZkt{z6|<ffgix-GtWml?RLg5Lq1An_ha-f*V;%~nLOl!zWJN-!
zISvw`D7z(iq4Ac4w^i2{0s_mmP_|v<bOVHtcittl3C+GDr6Hf`92h@gM#QzRY!#<F
zo<$jBkb+B=N9CF-8c#dOx8b@I5ICNLV!2eyLxG%@0i_gWrwq$+kkd0_%UVDW2ggXc
z07a6Z%NisiA!p<;Tpq5L6Cr9eV|KKCE6m#*HzgFgOsA7I+9Od^M~3^SmrKPA^V~?5
z*7%lybB02B7+@S!R*+FM5m_~C4MUSPXtD-ypkNolz>rgO_3}LKZW}6(gTqh_C{%&v
zT5vokYDtTe$$^pb2zZFCO-+R=se*E2FEJVIG7p?FbeJ6=0Lo6eR(|TXLUP}ZhHp88
zrs~LNJNtL*+C9Rz)<|KxWtaVWCe5`i&|7(S#3ggMJOso<Y(_UB6B)d&JPr;Hl`7D*
zEL_ip<%-V)?b@qBcpXej8y*QToO5K%Jo4Fb8%_&dd=CJUL}vpwIEz~u;y4>C22nE7
zDo<$@r&eG`XLS;Sk8xm)rpl9$-p2JN;GmKQE@wu#p}yUm$mr8lk^1GT>vLsGn_MbO
z9wanYpeo8!MR7=S+XLzql*(H?Xha&fxCnk;A8}7;eX1fEh4m>!pZ~cYHeUaVLMIe*
zF~ui>JY0N5=)~KuvPzCBPvC*|kb!1QZs$xI+1V}?wofUQi=B>b2jq$cmB&1koDxpi
z>lDoDm<dWG*q()_Ry>WK!Jb-VsR}uf#c_I}9^VafTnFPa<M6;`52D>@$Em+K6)SpI
z;OIS$24fyxS@%j^*-1jZ<P>p0_klQU=3(F*cxBzocy--En5tPP)IH|GP)vO2kW<m7
zw?S8QaL%x4a1;Le#>1dQ3d;528E0@^4?jHrCphPjkK_E?K8{BhJq$xNqC}0MQ1=gU
zGbpkKQ_l`%^l_1heYRuIER_o?_ZSFB>l0g2na$`-#P5G_JqH~|2hKbAJm|6x%Pqs>
z47#j?fMC&vS8?$NF2U*ho`H*QzYtF>d%V_;b@YsG5n_2Zx^i83|BOTN_cxz`<ys)s
zo%GQwBx9x=b03$c8ZgcLmMiloR_~&@o3Gc)*2s)vd8De)zoX}48Z0iui)=y&igpos
zEsuZtz&|0QWdIIr9^Q<n-g*)vr2?jQPQ!ka_r<d-o`vhVbt14*FWa?n^4=$6>+m)#
zT>BbsI{W*${Fu+-syna1ALri=GjV(*)0$YH27EA9e9Jk5s+us3?6%IfNfExaEPGa|
zR8YCcgZ;<W>1E7=L?wK9-;ZEiW*nCFF2k!muU3^6kGVK=?=!G++bXQuwhA8eaPZWF
z&}Ovb`Bl$DqG2mTec#rSIEr==-#q1;IRCH<aNS?Ng#UW!k1$meM6eKJ%tO&G;gr2k
z#_aL4gL%ZpGjBeH4gDLUvb@Pcn|Xft@GqZwJ+3(6Y8Z-v3x53x+_&&PWHs@4ct`nG
z&uzJ={kXwO+OL<-%a)zuw6az3uNfHw1*%eJLpl?1bIu?UiqrQ#9TRgCefdj(fzkjT
zdgCEjo&}AnLAF}?BUTaT9&|QtKKG}%`<1)!r9XcOiX>Mpkvk<EeQKOhT7j`qj!8f-
zB?OvcdZv-<MeJde&W1M<WENR^c82w76c(kXa3R=c3KTH5O4K`LeG)zdkPQ&3_O;o3
za}re2(^QdiwQSyTXm_D3c|hz=rTDogpx*jaA>3otSO!u0Sq#33^+|-A^MDSX3|mVO
zTc6Sfjc7(=Txm-kG@^o7@HDbukq{1!dMh6TsK(@c7K551MFaq&d~(?-bvlj(n!r4s
z=RuWKeCI>o#??n(36FUgv4+uZcHsOwF2tR$ybV*$pjaOEceW^CY8l9q48|D>Rsr1c
zcWJ2NyMDNq16fmGswPIt!(a}Brm4_m4MPQgmsyf1Je$E%Ev((X7K8dAHV<yXK~oRH
z1D8FBTju@(e}8ozVEEO~8W~8GVz4|6xIo6xpil)I93{JiW9J-?-(7S&#%IO>AQ&hO
z;KJX25`SI%1mFUiMq#K1IOlL&7nAaB_{n)c$He?Z43-9wQBBB_f}cHgGj6>92J{X4
zJ9(-C*bX4cz~;eTtm=Ck1BC%tBY>rq&~EAg=NKsZJ9l|g!HDI61sl$?1mp}21iqza
zxa1)4RDmP|o&yjHw3{jjAs8%J@EFi$${?J<%;b^Lvm0`qxuI~sxs1&$yG5BZ20F_7
zN_Iv-5XW`UX>{VtCti>7nQ`baI{^6B!je<M&*%OWIX#E2To))PoM8`+Is#o+p-CzR
zOCtaSWCd^?Afv00B?Tj;0zB6*L)T^KiU!AXQ7G1SOf`){q7q!!!EZ161LjQJ6MKGb
z7HrQ&Rx_hJ;wcw3V>eMpaT5?^jW!sHwjQB~eb(k>ImfoAmaKxmaBJ!oH};FLFsx{S
z4FDy(jJ>+{!jI1WF;19s0tQM0AOQMCw&M679g6{P5O-aCH%!&U-Z$<IO_AYwF5JpK
zF9mXjf#H!7K78;Qxckz3@uhpO#mkFc#nz!dtm<2d;qnj&A+TK=rBcm;lQmQ*lF$2f
z_1YziuxKLZ45pcbt{EF9bc~PiE$3`z+4Ik=j+Sprb`eL-IuiF^{1*Vgvn%J~)LT!3
z$6ORg3b^#x%W%s%zra8K=3`j8Yzb!Xz8fC;>_d3+t*7wBtB=EMGf^xTtCk8P134|{
z%P8()q+IaRf>GI-=|oqq3t24-&*2!heQUF6=uoHv1nzgLtm0e$cq6Vp;R|5g!%%qy
zotX|?{QC>>`<_1n+ya$>ypciKDWP0ukQE@SWiVJOfV+UA0*(W~1rFQeK-_TVjac0C
zI<C9xS}gBf2G<4#EZ+huDL_ust8@>S?5ZV9R{>MgQL@V@mHlsu0%SFP6nz`wTSAaA
z+F+_i#MRo#l=H6RO!N7cK)4nXjFp|SnFS!|4+Y;k?OQlx+94<eeU?!(_|t3m;;MT-
zkL|_n;Ecm6`%WxG_EDIsiLP9iFS|JdV;)AzMSnaHAZzH5sf?msgl(~^ZjsSdD6#_E
zvr#NLRr*X_hAOKll#6fz{?|29osWfeseY?Z-x)Hw;%c4M^Fta@ql(n6m&%x;?FJM;
zz`!B5s5l9!PN4mNk@ab(o_T5pQ-k9GI4Gdx!HKk*oOZLFlq2bBsz|Z2+3tGs<l&<1
z`pi!P0a~>_`640FIwUx477rSM3f?5kP6Z%LSb(Dz@PX7|MMyyEm8Z(?0gH_!k)vmV
z^{LJ}7E<bxI=QMu@j#rW3>pE{Tc5ZeLtc16a<E0F>RifY$WT^|-quVUHr4g4ylq?l
zJwsK+6jecQxfYI`c?7<A>@`@|zYa&-d=xhIZ@>q4KL$ms;O|~?j;oHn8oQ0#4eR>X
z;n(wjje=Ex$32|B_vtuckK-Xz8PBeqi~eFij^E>WJo)D1cwxnhICK9qap<%|@X+Fi
zuzd4!eEH<-;4&9WH!Z~h-3Q>|#Sh`{Z_kCxTpT?85PbbZUqfEc<JdXJ;a@-TuaGE3
z@8Bl<als!kTpGrw4m}V1OxYKIc;R<gyL~Mbs=#&_PTK2aOlg~fkN)B#P$UI+U3xF}
z?>+!;^}dCRkGcepFL?~}SHA>ZR{W|n4$Cd0Z@3S~-t+;0b3FT%7jVT1SK*=8?nhS3
z;h-4@<LPBj;?P-#<LPBjV$r(SeDl9*;NL#=9jw{98h6jX10V#~o^mDH%?|u-?yqqE
zk!N7<?tNgnHeOsY4-dcgKy?TA)5m-Y2h2DKoO3MMuo$zucEh@@YjD@|{{_pjaLMr(
zV#fHH`0X>l#K!HLkTvqinE8#}9Ww^PeM=diRdz<IyVG?~WfBri<|H(c#1{(!*vPmE
z!HI%K7_x!2+t=cdn+^tJ3=drXAda7NJWl=DDVVqFd8kyve_wJB0ASCFd*XxVeGne^
z@W&Vbfc5=ram@*zhoKsHdF{(MeCFZ!^Q(WtvJG$H%!5wHKkRiPY|q9Yp8qYD_AJM=
zaoza(Y5$D8o<q?t;;sdEVpZQt+<4}9aLk<JFk+41KR<pme)i<eSh4wSXo@1_f$E2(
z$y(G71htv64p#_IH4hKLaDWhG%??l3@@vBIMcd19#-^9bBT*Nsq{V`OuGD=itRs)o
zEy!0nLvg|37vO|BC*W7}Zo_A9zZ7km91fXrDBAUQeCh1#@c!xV$ClwO`0=?v!VjPL
z4;(o4Ae{KVli)HJ%X^pOH}iglllD6iUq9^zXtIWn9{5oVm4@-==H<`DsHFe^AOJ~3
zK~#A7jfb#$>uR_*!<6xpapB1qVM4A8!{s6T?z!J!eg6iilIRX5Q61~~Afg~P>RS;$
z9v>gke&CEDW40q_bZk62dt_LVB80P<C1=EU5sLF|1A4=B5e}TX*QsEfVQv3f95Lf?
zd~nuLczo&OIOni)am}&UfDnR9j`%e8ov=6do3=l?a$VSe%6|CTN4|z%K6fiFJo-ZH
zGih&Fu8kK~KaYnNKUAISFFN8v95nSHaB$rH%H1ef{vy0!7cjYfA}%}nau}+C-@ou%
ztl7F6isZZf9Wm<z_~J>|p=Y26N8WT8)@|L0qvsrn!O|f1ow^r3e%L3lq~{I%<)!;@
z@a#iy+J0x?<uwcNw<V9^(??!_SrcaC+2v2+!088LRo^O{eaN{007X)<_mq9Gc*E<s
z^5o0#zR7#TaxBby`#C(i$fuhCxa61%u>Z6J0RRub_5hxE{Tb{(^L;q~s82(p5*~l!
zuXyZ@$C1&r8gI42x10l@$eQi0rbo}dc~+sFF?VXQG=hj5t4Pj7`Wk}qRQIEPEJS|S
z%j8N}`m*C|k!Rj=2A1_M!?V}S#m5dj8+W{P2mZX^FW7VH9=Q0(OQ6X*=B{`ae_rqx
zxSp?Ad7cZ`b0Jd+*PM72W{;nZwcFO>H}igl;bH+FoO2XDdeGSbI5rOS;Pw}OkIjR9
znAF~dFP-!mOvrV?c5U4L!te0<>LoaF|KoAm{%3$OhX0=bUs$;IwVHKNRKFMxCT;3e
zzcrG{aoHF~!u|Dts%pq(ItDUIKC+HlGttVl6Js{_M*MYKgZO0iVq+&LJE<*7Bn3<u
zPjrtyDZLe3jbRetnzd1idPloCnA4Oz7?D>r%Po4EDpG?5Woo%78?Hqia8e62K@e6R
zqAl!+6aWAaSfA3k#Z_?!6G+5$FUj%*_#-+Yk;Q{Vh$8L*V1mFCb;=V^=TaCYLqJEY
z?ULN~s^t+9VbE|p@EG!Na1IXWDriSe8k(&u8^U1a^2oHZQ}ico2{8f8s{(w)^3PRv
zWxMdv{m#Mziyy*sOXh+Y60&L*zx=0P;A8urjpbXGW6p#*II#NwTz1E0xc2xj;Cp9$
z58Dgd(O2k$E^F9c>c{o}a6KH?!ZWWui?jAS3l|-J5jG8N!ip^`@RgIkiVm{_MY{-7
zHL<d9CBF8dufz3R-1NlvvD^6F0RXec&BWo;4#$4e_QS;dM7*?m0bcKU9X~kxN8p^}
z)@OeK9$Z$cN)-RK;C7t0-|6__xi`aOE*@NTKmPm0|Hgqc4#3w>{{}3(jA!3`9=faq
zb@%rM7-!fvycI*GK@_b5kON%L#RW%RgfkC13!gdWGIZr9;_5$s4kzvVA)ImGNAT5q
zzJ#k!z812i;EBbLq0MZ^4?gh|yxsd27O!7~%TKrxMZ1id6K3Fw6R*Z6e)cgu`0~T}
z)n&iN`5*i=)^1%5k9ioE8HZC3JQHnZJN~}>8EhNciXUHi3)c0m#?SuxBQOsz%{<z&
z6M8;E_NpF!{Y%e+&QiHJv22$j`hDa_eBoF(`9i!{jOXPwIN@Y3TC{V(@f>*EKco%>
z@2&?=_FaGg;L77Z57%?CN7o)WXzGEu<PV?5=TEpAv&Zj-!O|ewj5a*Kavlyl>ImF+
z!LPAq+iG-X#^Ka`Psdq5IRj@Md=}0=_#E^X2k`zG@5ib8o`%c+@LB9LWgjrkU?@6{
z-s4!@@!}uhdJLM3dL9VTE@bX-{Tdw>ui$91U;+Tne94v1j&nOQ9jn8|4UcT^wyaWz
ze}`0xzU4d6w=uZ1cLEXku2(}PUq?7-+QB&UfHU#r@+a`*%THm>tle<L%n!ih9&&mP
zN6b6|2TVN>SDkPTa(WIOW(Tf5;R`Ti1H<JJOz)Tm0N8WVUf6%i{+QA+8Rs4LNi6GG
zf`O3%{N>6Au;0}EvAE|A<n$cozWFRxZdnag<SLfXR&{;bsLkqdh1w^cAQ%Un16i{T
zZJBW!X9CsxN^W2I{P=RY`2X2^?<l#7qjCGWY4YYIZP03!(<&f9CQ2YMN`Og5h-9+K
z*ank~NydR-Yzzj24Z<%5gUFIlCK?ckpok=tQC@}Bh6#6W=<km^GdtnV?h0eS@9&(i
z&zaqs+jXm}tGc?YI#gH2;?XYY%`MZ(Gi{5Iw}2lEJC)@-mh<$d&+y1;f8@l0C$Mnk
z0)|u#p(0cP!0?{K(IkzU;u-*|i>f)S_Au7;Tg_ERUqwWZP+wlpHDj+~>eFX4Yw0YW
zy5K1;9P=Z#?B9%S+w5uGgPAzbWtwqrJn<%eI{s(OUNMt>ZF^HrgM{RqjS_<LP&q#s
zaT;$fdy@}Vd;|)dd-POppL7Samc7Xf@66z^-iLAf<U5%D;nU1qI*W^szLcZ-AHx-6
zucV@&lE>e9l)jaH0q9xOlM@C{pgq>c<zufRs>f)k?9G+OU(3`#pTV4^b9v^n=}bHF
zd^Ydhgaqt5u#-J4`*{6^nfN_HTB9vocHEU*`qTxyy5tpnnwH`4bW3jq$TAd#%FTj6
z$>wx9wZ@ujqVaIZG+iQX=2><5kA<TbSs!3u`(9ci&8hx)$ARtiukOd|KYo)Qg+18Q
z+Qe1IUd2Vqg(>IDuuL?`%U{oXnllbLi#5AeGoWf9!>Sv(<&~SbX56*(uNr_PNi^0B
zXJC&(-173x{O!W&e1GT!zTEOTWuY=YT=zbGO8fELk6&PS%Ps<*0H+;t2IoBSLzaH?
zIX=~wS&6i|bgH-6Jj?FCvSr)J>b?*HP4!V+P=27ipd!PLDhyQAVn&M4W8~hBo=rw~
z9S9fLP921UbjZ5pK)IOUUBGk~mpe@IOCH#+_~Qzb3G3EHr}Djp2t)Z+j+DF9(~_=h
z4eeo%j3p&DZ3_uG@jpqBWlI^K4Ek&d*_KjU_-skSmLx1$%3a-Y!JWi!Cve-glu1Vx
zGms=F>YkkGyx6vcop5$+TXGzy^iNt!(wOZ;C7rfp`AO%=vZPEWN^+bhNydr1C*icD
z^iMinwuDH0GRjLhPm=8XPx8P_{7>>nO5<~OghL@oexD>26-awe>!t5cKHd!8NIY8K
zF+-L>CXycq&Zl@;wrv^r%>Na(uzB?KKk?CZA8_Nun@}W~QyWiV>Zo)0$LG&;+#il-
z=Binocj$RseAFe}cH(WU+p~^Q_m86SH^cb#yx(9X_U=UE&i0GsY^H9+0KvZSJ^*H|
zoXMGgIg<^0))O;g2x0T=$Io)ZjOzh-{JlSO;=L#G*t?GcFtBP6M>HHkWkDr>``2ID
zvUeMrqG8(>vLtbA|FKxMO=Up^eJc90r)>}W+V)Xb(hGpEcdtcF&R8YtuA4d~ffD|C
z<*R)9%cazpH}LA`FZ0QUPl*~1{om}{!X<yZkOiyeVkZuoe!2N`Uj1wanxZkV$3Tu5
zFcyF(-hPbt*L=t&e?6b$?i<U`{&5{1)x(70lR4$kDV%@wMa*3`i=j6S;IP|=@{1R5
z=eZA_L6H^uRSw{oL1Xc0KAw8}adsbQ!J|s}Jt0EA!i+=Bo0>P(Mq+K{aXr={+jP06
z4Is&n(^f?0C!-ya@otB+DH1A?1(WefZ(GjmimaeYYHDFskrZSJ6guV$9)IsKM&8@V
z=6#zvrr)vDm-eQq)!DxM!MgW3=ZUG9mc;{SJ;=7^t(^Gqcy4*+CWclI<=pR`%WGe}
z&S{TMVeD_m^5lDuGpuGf{VMwNgFl_j?v`C_*|&wG?mLW6)_+XM>+PVEWZhDWx|s$^
zcHPqX<zl3C@HvYQ!X2kGXlsN5MeRieB^j~}N7@_O^;VB%T8Xa29p`r~+Z-n<pKOI=
zG<#Jqe_#A8^S+wL=w73F^U61wd+j`?jG4sxT^l&#FF&9y*2Y&mS8??HNAR!pA8`9?
zw{XJmkK>%D&L(O^x#Z|e`0M+B<2Q5e1K{qNcXH$On>uF1ZIho*x|zn>;r#TU*U@<E
zaK_(%EbDfEjbHO*(VA8Nu4J2!X9pu&myZz6S&M)cvI~R783x(j_}1F?XnVP#>)%>$
zWAO;b^&7|F9)o%5%a@q(#SHd^_c3|MWJ-%lx%>6I`1_~N0&wli*D~>eiCi<|Y5-nc
z_6nyxb{b!7`GSl7aS>zxIF=h;xgL+=Vd9X9oIG+07moQ6b5_k^;9Ub5ao=#BU-BG&
z%~>^=G;|7=AALC=Z~T}aO}~Hxkprl*v&!pLye!+coO@>7iDjGoaq6S|>*kNS`P7@x
zJPJ|W2^-xOYXb>%!|^Y}y0h}y5_J~b*Eg->lBX}^H?!{J=P&*YfQ4TzVA5|Vv2fKq
zF8$jD9QT{C-1N^I@M%6KG*09Phn~W;BhP2n(l;1#^8iNPKA2fwyv}`R|CYM4dM<wI
zT+aC86f{}os`1z2S3TIa{Vny@Lnv6(R$f?^86YMS=^Ku;`fS^FA8SRXTwV1xJLTzz
zT>Iplw(EQ`6MM`bpZWv~uX~&N(t2)u^=EwX&F9>8^4$!o8pPEvT*;(IPa+&|=j!9G
zp~znhfNsV(bM)y<J!~4!E&d;l|J`xCwPF@OI`SeKYZ|$0=AE4MhZC6m$CLPa_gYRF
zekx-J9LtGACeYN@#Iz@W$YJ*$%I3YBcxc+gv_)H)@`sbS_8&i{cX<Qn9dSOEB@o!I
zIxFSyAP>*7^XZUlw`2<lVdL`!2m}iDUR-y=z6>!~YJW+@eZtlesf|MEpA3rg$PY4W
zCgs9pq%2rBK4ilRDNlYnO&unxE6O}(Y*)D4^V2`w;8A*A-1w8H-XgIACGx=ukQ5&V
zK4jD_oma{|b-lIERQj|=Bozreqn=5ET<?2=jMb-ZZ;MOEEpmfK<UjY6_>)Iq>D&Jj
zgk+YNhrSf*v~oqlfysB@6OeXl+PxKZy84u;OKSHY9p$ArfK&<j=;+vbSsW6!M`Nob
zU6<PXxqSEHBFl``x5rvKI;3nY0%S?S6ef4hzJphmz08$IUCFdV&f$Sm?x#7@Om$H;
z0B4LiowG;&5TD0~VH=F?dn|>%LS9|=D%<vN!|(O6dFN)##A-t_nw*^;bx(jt(P-D(
zx#z9BS+#C8^>uY<vWg`vG)cv$ItG%aXyAthU(Mx~3AZw3_{r>T-$T@hGH2y%6xoTy
z7LDtibND$tGW9WLFQ3Wy2gh;zpm98U?i19N)=^tr%aTo>@c!C&@g=u*C3zu%Kp=$8
z+Ffh;%iDiu`iIY8n1&PW3i#9f-}Co{FQNvWEhgZc1A2AIOPqV;g-jlC3S|Z5MB`EB
zES*V3K`BpNGM#}v2V*7buE+|b8x93v(aQORBPMb{V)L#Y%vm~<E5Cm|KRE0RJc@_b
zXbW$zoR2DlrfC%T3&UQoC&M5^l6uDUa78R0$qmDvCfii{cV;@XVT4PDOUIS{Ed7vj
z^5F7{ZObuCop1JSp*&QMCaWm2ie;PJ_tw2E{$dGJj+sbVu$+J=$nrZ^;n$qm%koeK
zqkA2~W9R*a0$)L@o%u8`0k1!$qJGUs+|+aS;^!z;9zJvi)9EaBXLu85XafGwPLCF9
zPS3V2yLTko=Cv&oCp>ocT#s8BdF0zko$~bwbXBLsZ?EcM>;A2r^5-c`96FK9kGX<L
z!zMGVdKkw%a3sx<=G2OsSM}mm{QPpt-HaVL4j}{{#e-oQ1ic!b#I*;StY(Z@C4mwe
ztA}IR7VoZk2StOe`?sP<aw0&C$Rw(}vd!X!8%(FGPo3cuHk#%o<S%IVY2Hk|wXB+$
z-d>(hZ@XHdu!W5*$^4-4R3sz@Rt@5u(dS^<7DIXr;i!fqd2`>)6hA$R1{$fpOhyJ7
z%0lHlb<R@^>M<xaIV4Lmqw5lV)S89pu{g3%uxaNvsme|}{9FK@|MWTbwj7{16iUfJ
zkz`C^a@U*p^6D2abLF^en0ENN{Pv9d+26j8t@|DO#j-81J65HWyp$7RwtqkO0bc&#
z4e-K<x)BN73aC(7SjCeUO=m#WfK=bADJr8I4s+;UxqxWY#Ppc#3-6_0Wj}0T^W2p)
z@TeN9qEQ$q#;^HkkG0{1#LOqlTv;T~zWM#Zor)C5*lKOtW}mR$rrD<D^lt|#+pfxn
zJgZMRzcZZ+C!C2u2pHXKG}{hr<MpMl;Zr;e=`jR=$EW=TkD}qz{DizALY^Stw27hB
zjR2fE`Yfg%dJaBsvi~h-;?PN4G43j4*$I<=All5j-D`Pd;qSTr#GkV4p4H6!;tgK=
z@?}Z_CHPc7AOGTWe45i9s|u@7B*4afw_H~|>vY`fy#LC^D<L^;!xz{hNs^I~EqnR~
zR7)1&D3E?6z7q!`m$Gia91L6<Y^N|uJh>)#S1{eh<qnhl(p?_8z;(eRw=UWp)<)Js
zgyV9XEh{@agU*+_bfjcks%sCUU?EWHSP5~XC)=pcci$7_zfa1tvMqy7oTu(a-0SW=
zSDn!(@;Fb>{rjFexid=6!eOVaIAxSY9_I;i?!R(mC6^Qm5%gxp#&3zo3Jk-n4M*Ej
zhhN<~b6ePy21*eAVwQisj4QwTG0NpKmmP5#4P^~%-0R$3Hha}<9$fSQimXx|ETc3~
z%9$h2WI)9L0v;ccNQ{EQ0@TES=+%5+k=kY=5`QE~A{LJlHx1+<sFF<b(6|K7SuPTT
zrv+brvy``1%;uC4r_vg0;r*}Q<?}5|@M~UY5EmlV*?+eAQ}%9e=B4eg(O5H_Uz~gw
zF(by&zdoFuJNHvq>dn|L<yE{Kh#cVJzn;gI?YmL@;MWw?G&Z-#+R%dFQ9J1Lsa_VY
zn$OxDt2uMbRJ^K}cULcBW78(y{Mj6a)--bJ?@wY#%`ont_D6(mvtz$wQw^yZ1~%x1
zpthof#p@RH{#S2v=J%$e8*%0>oz1GPYw@WP9?eTZu&m9a`7`!x%a+|kH)2JxSTtpT
z{9nA;J}1JHjk89cc&y5*L%#$fVW>!wMBIuyE0_h)9Nvd5Y<3>l&NctIl0B_^DK97`
z;0-bT;^+8!_gb!e_Q(8m!cRG8%(>2r05Y1Q;Z?mv;}PP9g}2M_%eeC_?U7qxfi4GX
z7o4_j6ABa&@)hm&C}qu=;C4gAXp=3=LQ@V>ww;upSGF0?M7NAeNeFD)qM@vwT`jwK
z<DHo-TD^dkcdntnte%Qc1<m1RG)2QBYqUpV{QRUJGhx_7u6*ta_O$Kh*-QSB3bvrh
zj^QsOL$srucD<e5ZM#rpg#kSV@a5{26qW}FXnxxC_KpBLxD3PpMI$WZr!AcD*af96
zUd6v7Gf#5#R*$9nxr5Q$xDltJq=B)0#}YGR9M^9w<NF;?+;Zm6&KPk9Z!VeHarch^
z^fdlTG8piyDZiqzx{;F~pUmJMgL&wThY>=s{eaU)4XYlS=%Wlu3JX(x=8Vr@<mBO}
za@o<B^TwC2v#WI%0gn#^SVB-5D1iVhU$dGkS6q#Jt;FSHucU8fKQ`~(0N_OEG@&$D
zmZ)x`eI|zb_E;O95D2@27nZQ_X)?b#^Fapn7{sZ6n85J5QT+Dohp=s%?TNm1XpKX+
zX+l5?(h_OGvMp|T;U|2uZVBauC1{FD%!oNW>dY~Ak%LI+ZGpdNXIW8Imfni`Nb=08
zqWnh!`MAH+Nm~`9&d*-;!jBnQH<D*B{2%^2^>NO8@^p5!?1b8p+&%M77Oh@HX|Mz#
z1Pv7pfaAFDZgHCMtmSX=(ENw+$O<KaQU+HK;io6v#P8=nz#Ct@#`H^`qcm8Crg*sX
z^<VJRdrxx9q}w>}$O}*vg#(cTXiAu?p1q8%`?gbETt#cF6_27JcT6gG&9km1Ji6%=
zXaAOvC<v6|SA*Z=ydi1znr33!F$5l5(|6z)bPbmV+m-Y5f6Z}nCF0=g-L><S%OA<M
zQM@56$+JgSw48{H-ASD~QnOngFOKQH%1A`9G40%yqvW(@#s#yIW0Gf|+i|S*%%Bv4
zjz*hv?nx5466);CQ<5`zR-H2F!v%FZok>_*0tCVZSW434hAfM&?gWhhQp?MBo@wT6
z{-+3+I$DuPbJm=Ha!HXQ3Il3J6rr{QO*MKvTogB)?O!?jgcB)d#u#032#=oeD2ul&
z#;bTaeZ=X+j2Itn{D|e-m$GipIwlOBKyze22#6XnemVP>%w9R0$-^cy_v-m<-Tw{W
zG=IbLZOZ|;>4cv%wC7MJ4V?slCoz~8`icm80(fLKaaKg4$Y12lwj#5$)oJIK9(@@x
zBgWk`@8RhW|H=<Wokn@6f?3OEVi+bKuP3p9Dlv2E>s)g5rTl#2ZS<?`k1WYd8a{=%
z8ONvjxbxI|`FhOPJi72<_O$JB40fQvUr4~?rz}v$uF!4*nh)Eyv2EMAmjx0t-wxk`
z-cagUYn#cu6>o9fNzV3@*<ZeiX*y?t6h-CC!>7`a*yA7a7cl#anOu3|DlQs#IpqZv
z2qE}n{YU(I#zRbh?<vMNo<zVCWY*_zq#O>f=A)#rqP--Pc^6GgZ||jBQQ5X^)YO6d
zE{to5tj<TcpRLJxM`ZoZ0}n`PgIUsX4kdV|$V%dwa6)C{I8s8`6nG0L@D(`s2YCzd
zYXQ892Tg$$TbJ|Fk{38<%z0dL%;kKucN;y5D|z~Zr)byPs4wfy`A40{k^PPWoZ0tq
zRA=k{Zy4SCFrK^OC4TYBEv(tG);S-SQHQP_5~(Xbxbe?z@K2k_5H^H@#S|5m?mEB6
zh}3r6kGF31#pBWHSUdu@K$1JbnT6Y}PMsQI-KkUByXj7`bMI4>n@+rl;|3njnjLGY
zEvuovtezFympj{a<59LB*hXXR2>$1?zhfuDshu=*0&z1=&=Vx+4I%;Cnw{qTvk5m7
zH|<oIY|}KD{=qX$95$IJFLeG_msIn>?BDX<n)e81L|}8PLzZ!s1(PFNH-5PpVcB|+
z_$}cW+g^{4;-ady(t?_7y{*%&D8jNy-E-Pay%jjyw9XiLCJki`yt4Ea&Yu25EYs%D
z`q6xH<ENZH;tYP-;||s}IoG7zGv!`9l9v@bmlHE$&UwP~51_~jimY(fAwQ&{%rTk^
zy#>6rVisSGy@nqhaWSRAGHl!C?X`<iE68(J%x3-Wb=*4X7d&{@@4521D~OwpQxZ2~
z^zU^Dk4}4n#TysnRW*Ka$Qe#hh;{F?egAe^W38Mq`Yc}h`3sDy9}R#{^&xCheS%N(
zrg*C*`nI4a==g+Y3{CZL=HchizpB5J=Ph9N7jJOY`0KdzxGSkFtU{6`<}aViUlu;b
zlb22Bf@3bGZ{<+>RMqjqhkvIvqEqPixX8L|y)6h8Q(REC(<mIAT9JDFz|taJkM__L
zXW#OTwfSV54x4vEAYZ%A(-xDslF=A@6jt&4hc9r($TK-*#HrkH{7-rIqh~m7;PIR{
z=6tG)YN;!&;h&$r;M_e06#5F7x$I4@I_^3q4x7Y*$N?lI_J{Yea@z_3#`HOYLSG>b
z6@6%rwK1x0B=?>ETb6Hi0x1E^T``9>J6Ch_<lDLA*vt8P=SKSXXyBeVeu-h4C>|w~
z51rI0gGUF`CudI*rSV7z$HFQqD7OnjMHv&)4vg6g5$T{U2X_u-oxmI{?Ek;&)Hz%l
z-n=k2lCKC<UsH3l*j3#bsys=#>#n=<W`3}JP2WvBrSq13Ed`@d*+8ZvGM=0~tCU!E
zvSrEHAS!iGE<xfPQ}Vq;?UN3JE#cg)B;~-SYM(05-HA%#NCDbXZi|s{0%as|q-AH8
z+i~ux!+FZ2!#S@cb?QXf0)$AMo62^IBxm)>IsfG3S&8y&q?7}i!Q(WpWb(uLBsbz_
zIBX7_tjfxvjha5RL49gu>F`a--1m1c9k*`#s?#<#tx>V_&l5N+0WhY14E@UcQ5Gy?
z?e4Yw<h7qT_rd7xyz}+j^eJm#K;=NH3#(bUb|H&5eawP2^HF4lx{^97Lgjq0{sUfE
z@&YZf7J}X&VLi<J)$?hOwXtCJe6}@jrFU6xzHVB_+?8_($J_C#K59$qShI6Ai`Fb)
z?XGp`W(2>-k0L3&_T?Ld^%kZcK8=_W<@Q%^AslN<IS{I>u%mf93s%jex~Q7^@&-x+
zWjwO*VSe(DpRn`5Hb&JSLdY9p{>ry#i?urUMW|k?OKMoRdoA-<%%MHjmYT^G2x?2~
zh{mJLUH%q3n|GkdGIgbOg!QoVY~L=TW-C=iReZI5B~QKmXPVpFSi55x<pmY=E^pxN
zl?w>#VU}$Cgt<%SvtaowiUTFomDLmSg?N3*4Ay+J0mE+N++!|c`~Gd*Gvihq=NC#!
zDi|^3*bU=GOnJN-fAY|}GH>(0&R?@**{G)d+mPj~i?lO@>niY6>v4r~>$y5JEFraL
zKLaK)xb-Tor!CgPtmQM=AKs5D%hZ<C5sgQ9Yvo()Y28ilvIcgw?quG|ITZVg*x9m^
zx0cVMJ=O|BFn`rNG+AXx^-%g$Hn6d21J8c=H0yV-qpq|Lzv^Sb%6UZMVcz~~A#1m-
zXMNLZDhn$q36}D~*YB})-}clBPdXp+)k_lTIwM?Rx-*NNK42$dY}=-x*I*h49Wnoi
zs^RmJS??ZLR=c@r^~I~VFYOtQv~@1qPRdX9fCpn(<iY7CTPKviO`$Kuk$sP*wzL{e
z)|j*MEw20L)$DHFg>J@K-}E(Q!7|E&W&CN;A8CoT(7&=D%eH>WH~Y4*ddDi>|N324
z?^undsQ5j8qDDKbcdSMT!8@xLF>mR7R_<6vZAl%qCAA!g9AL($FA&z-I-*r}B?s3w
zo0ZX(Y_suZ8Fop2+qO+vSrx+v9=-ak;b%To049gRzk2`xAOJ~3K~%sh(7xFG!3Aq}
zEF00(ygd~S)ivcQTLzBpa||&v#?y<RVeRg<_%tuAQD<g9X2e*#dku3|y+v`Lh=3Mk
ze{>&jeEtUeqI(H>Luj(bg9{!Y<O$JG*1)2*3!Oe{^QX*NIfwaQ&7~wzN?l1EA#aFR
zzj%d6Jd7eK%w08yg{$XNTT(~J8)W-|ZER@T;5a-&AcWwshB5T7>PK0qoUeDS<;EAU
zXVI#KG)G$4)U=+EuK<tg;jQJfh{hv)@b&vF`{qk}m)Fy-w=-wiESg$(BTEv6z5;rd
z)bPoMk9lwP2dvq-l8R6Ty~^rY^wk2Q@d!&cEN0HK`7B)V7A2ul>dNW~dV|dT;x%6R
z_%(L6Y-LF8F#7fAgJH&*vG@gA!p*31?xpK)GDz23%d+XydniK&95Lt8s>X%MtWS5X
zZP>VT<;APFFRh41+Yhc!&emC1n5-||X{)x4BFhP#X=d)qxomIV!OES>sVnJ4d8nM}
zA3e<{n-(*?b_D$^`yop*|6KAsmSxhTum_)P{Ft{^%;WvFZ_}ruF9WIu(zCdlMPDu8
zmCs&A2%BDI_3Uik&XUcavU%?&-d(+j5p|<ztQ|(&jPvlk`<ed!)BNk}_YuNoNX;<%
zRyDA7|5o1k;uQ?jNNk17FN0+2=#%sCp%eaQ=V$U;plTY81CNLf=sohuQ6>FSc2x7{
zPZpxLUgI~`SKF~&;Cf|2md)9v(SH!I-FBdIMypO?x{J#lCXK#t>qK?KG0N_u-Ql|C
zkt764$v~oNk5B8T-1$Q1(0Os>FJ=0M=Z=48sd)OI3uR9{CdE;@xpgnOa+2+xr_TAL
z_d<EM?xi^nSt(=nD$iEKBz=h@GEt||n2ytp7diJm<=eI=oV<KE()`Pg^2il(a@$@`
zDOq%+oTqdIDG&){u%NI=c+Z~V*)sNU?TmA4&Rv#-eCW$(e>v~VSMUDt>$emBasGyE
z+g2(lMA86OWd*<HM?yk3b@b!~5CSw+A)p0_TXAA>Jw>8NRq-euBJl{e-Qf;eHUvB#
zG+Cof4<iJGypE$}3){J)0#cz+!+I3U0*@+DRoIhLMx4x}=RUzh^X})Cmv1JRxH}|O
z6(P`#7;&>h`Bd520&iMQ`LYBduO~ITDukdt=J+N-uLnhv6Yo0HQxQFeVL{NNpeZUs
zKt$IuEeLv@XS$&ijXU)WdSz5aMK|Ka60DLXux-#3@OwSz@i@Af6fG3`WJ*FkIp?Ue
zxo_G--0{MV-2eJRgnSB?Wig=tC?=k8(W`eKb?sEZ0C@Mn=A!w_UY;@Yi|0?=uybwK
z7ZxAv)-G2ZxvzBVl32+JHey;3@_G|1P|hWvh6SNSn`qa=ST+Q`UZQaw+jig;*^!B9
znnVpFp@NQFgB~w2Lnm%Jy9H$lECB&c#-n+N>M``h)k8s#nvh}F&QnfC7fxhn19j#*
zA_49k2srAnlg$&3pLXMQgU|Y765{E#bB_9G?SdJzm%iAuwY?=btbJFqb%n|L(uMKS
z-HSveNpjl1VWea&0X|j1qdMWGqwy$l({aSSs!ZIpu>~lS)15jx=}+88r>As9k|1tE
zP*YG8l~`QINF1q=N$9JrWXkiuvIQuCE9Y4UoN1a29dtM+9e4iUe|gk37m>J3WS-bs
z^6tAYyz<7E&mXsW*Sc?|w~{0!cxvF)JkDwk0%6;P<6&$Yf?hue2q#uYJgSOM^*Ps7
z*aBGskD{U*CIUwmmhEg^_G^B0Lq|8wRMi8TiY07x!zSo)BHe}KaTFln@pi~Tk`ng~
z=^1R(6z80x1VrLapPD`{_*7?wKcdGl?4+(bXITx)Agr5ciqkjfhEB|Icp=MRTcD{9
z9lD{T8yzAGcu3rJWMU@o%K`!(02e{%zPZ!BAg|uqHj*rH^qA9(@yDL^lWT|m@UbMs
z-`39__pjyiUYfmpMnxprmfCK8FtW`L-@QILpWcS`FsAL?pQXwwx~UV58>q4)mzWVt
z>6QcpJ<dv9SdTlwjx;~I5koiZR8#k=;8DFqbmz`PIc>YPPg97+t&|*88T=k+TXj@7
zuoBN@$tg>g)0`;RapvIo&^@O(^NVGf6cv{-`GiY0jX8AE=@-<DU7CbwdHaDrhI!y$
zrLhG)?e+}_DXF*Jbqrk0$*y3#?L2jYvb!r!-GR+O{w*CRSC~v#x8XM*Y?nMrMKiXM
zBpIpK3AB3pJWzJrEkEz#P1n@v);`OWs$)^9G#(c%C_+lxHJ8hUd`^)qTrSHc*OBQ!
z0$rYcN{r07I8jbfc`nOM0??sQ-3uC#hCG|5JPuUH;#_7c$POBjEG}=*h%_8Yx^rkw
z^ZYZm3PMpxk&A-rF2B#eH<NC;A#8@ROamox*f@jEB#VVWmShTiA!o2oFEat_RXlhU
zPuc(=A%sAaG&HZ49BLAso<xBsh_m<8!IAn7i9C>SW-uiIA#cEWKLHc+1kg>L>f&nN
zymk&ltA{dw)f^t4_aGic>2RWw9i))(X?}dFQ<n2AQ4O`Dvgu5fkSOr^NG{iB1S1fF
zfaXPL4oxC)5n<5d+ypNP2i~K2(EK80<OrM0XQb8L7I;<73BipZ7B{J{XyA=o7E)i{
zn^zY9lcyH^1)tWjJXu^=LBLb6nS>JsU|I2?X<EHo5*MK6$Tds0DPBlfFd6TNypB+I
zd&zr2Yz|%lHUzam8Xp~|WIV&Umn&IZ$m2^%%h^&1s-jYmwly#*Nx$a9uZgtwkZ4)9
zW1M-_4ueG`SIM*MM4q|496ibYo!@YGJ@=BpA#8!y=cBl=GVH~hu^m@YJryw{Ru+!6
zXLe25vQ2y7c9&NUVFxQ)w|Zq)*S7H}T59`MQun1KtN_32!<UkQgjdPz3z9fxWD2}a
z@Q9Rb)sFAZIUJFp#mTnRo$ZOK)u+6&%&xObJ4nZsfkR~cmLx}SgZ`pTq+PUZ?%Gpe
zT6TR~XL_4ees)<x2z;s!Z^BU(!cO!v5+P5>;jM7y*b2SL-_E-sPay5L<eV8ya5Kes
z;RF$J@;c<E3GgW$dQ#+56Yr$;o3?W{vC!wsXrfZ`uMh+@UrO&Y`bHcXCx0hptI7(6
zemNCD*Q0nHM?0<Gk`nxK=uTbHoH`fm^w}N#agvX2{O?q6g~03aQ&d>qt}1~Hy_HS1
zXWWjLMD=#0^!>Pb+Eq$Ny3$)Z%kRJ;<<kL?+!iTP?Zu;LXugEbA`#F6ppizG^Kzjt
zF<B`DUe$|7=_n&LPJ4Z+@i3hL&8N|^&09(#4|(MdTOlb8Te#|^`~7?FEb6LHc6C_O
zw<_CE5G<j<U$QIYE7_Bd!jz<PuScn{TMs0-*j)!IqvY<vcAB5Wk!wcgHl1!dQU8(c
zdoHkf>y<U~c88Y-%_9M-7efjnWcgc#K8G$GshF<RwMT_UTsVOy+)}=v5!ov|d7UT7
z36hXZod%5%*;#p3$6U(I4rq~r?QYNrf$O;^NH|bwR!(|2_-r9(hbqrRl17He<2<?1
zoR%yh6%{ISX-MAPSn5l40H5#J;g9Lznn=7YWz=Mpl`J8nlXhc$dgqxBCMkl<jC7G?
z->cEl$)*h~NEri}SJ7yV9N_ZlKf<GWSi5Tt2f_!O2vj+SWg4#R&NKO|6N4q+VAav|
zMT(EvopR1SPFY)_vKMb17zwYc(sW=K7yj`K6j|k~Z7YfB5j?7M*^!W-w6L7wVCIFb
zO$T=LjOy*B(Rc*1<}Y$&>&mCB2RVa%?)Qv=y0ZZ-56;XpdTI1!I|M1{bl7a(XV2xN
z^B_~FTn*NY^7GT&SsTm2mGh2^p_Xd$0!{N!R#XuQ27;T@i`1j7y>u(;i5qb|vd2}n
zoz>}JWh=QElzHFjhHSHFP3C9nex5d)FwoL_jm+|rPFg24cSpAQcy=(WPkD4JX`mMu
zR#4>6JlELV-r6&wx0OcY5vNb+OtxL<t&|Ou_?_dRrq@kmYmSuFSBhLYk;l2nM{5S&
zbl!KolObW(qr#ao%kE$0G(O~(pVby~+C$d!oH}%&w;nI$#g*aWP|@aebTPfPSHx^r
zO~Xt@cJ08^g={-3JJ0VNy*<eG;;OT0v?gKl>uqMgoujirj%k%O)@Re|8f7+b|CUQ{
zxBFz5dfSP!ZzTn#yBkXzGaM-!skdLVRAEI)9a?qcU1q7dbmfE1o1c9DJ9M171M4=H
zc1gg&*W0bxyTW$GALyb^0!i^=C?OPCUE2+8uBj78>LocAlY6za*=DB3xLAJ44$cXZ
z&=H)$)k;hul3X)vJ2BtTMbL=OR-UqhRirMib>Vu>Wx3yK>mI4F<>}?w*>L%`?WK^U
zmFGrtV#Xsmt(cQUChvqL6$BKDLuylhX;Lcm`7U#NkM_uc%5bF3nIY?H3y^Th=tgHQ
z67;A1N|$%iBl6`MVcB$KcI1X>@Y$x%umyM%TU0W)WTYEmE~&GQ*DarJ7}y7ax3kV%
zmOzh3`E=bE*aCc-Q%8X_Xe+Wp$X{X=`ie3lf5r81pSH+;zhxSU5XxN`Hs7K?U2fa!
z2HtK(BkN{+$&qaWuH#5%!dQ^faOS0_`vyx6-5G{O_Onj-n^lC@8=xpu*4C@MUq&d_
zNW8tFHPW2pFmzkCox&t=btQ*x^abBmw%HlUl@K@ic7{I{=`F)3@0{i?bv6y=Tgx`#
zBp3RMV?lrB9a6D)Tc6hOexGHU&QS3Gs@`@JXL1!JL%Ln*SEuy+FYB!UpC?FBptP;N
zxPN-&FFB@%d$)$0Gs?|7)^?|C*Kw%}Idp?h|Bh@$VtYW=0r#}LY*}~RC;Vr}+Ai>>
zLrD+{6jK-~Y3eUY@r+DG>W|rqWLvIP${C$HE$jbL=jq?7x0DOg6>L}hfo|7d5&~2|
z27#z4>~Fe$!#(A7q}GXeFm8Bz?Qg?M+V442M2=Ml>1TCPfhF>W#mnQUWUMyjccO&U
z$=1TOaz!eTg-c-)-QTvCz?Fj{3x`OSNv5EsL_OS{rz9~69ElfmR-fc#nNr$&?zATZ
zT-X9+<dUF>dsHc7(2mBVJ;L#DWjNY~oQ>@uJN393Pu*<qWJ>r{FRCnKm<GBLN0nuK
ziAx)kV3GueZ4iscQ58Au_VPpxT{=ix*yx6{$KIoAXtGMc<4@u2_PsIL_4wcF)HB`@
zsqeaBBFoNMg@9Mi0kwsoFjPdyU%Xe={7vcT4BP76s<(QLc-#pD&}rz{F6z{kA(rQz
zxT&YwgirH!oCy$un5iRd=e`@C>di13JHsgfrfp{I-*-zA5HocQQ{dB_^BKBfqbivZ
zzcTBURq(+YVrekn)(}fiB?T4uJ%MdK1EFy8+19OFeQ`tY)f#C|s#!OT>`u!6ma@&s
zNU5AaH*{=aJ7LY0#FpM}8+aW*B%FRFZrFHK8L#R|;L3hCmuAbdh{jE1$vJz`5d!@`
zXpD7JwgN#gP((0L*yQ(mGH13ev!P9I^_WIHF%OuBwv1>0LD`DTJl%|??v!%+Z>OKn
zyTvpQP6_9(sA$|s$jIw{*WGt9srBE~TM0@E%kg^yTZ=++B>A`r{JI^lZ%OK{Ygu{9
z&W3U2LDziBQJ%D~5{}O3rj7)7RiAVA^dKBFAp{XUah}-I(I%We+ajtPDSedO0!QQ>
zYtu5jlI?$B;=@5J&@`DsUy1Eiy<2kuw0@G+jt~Z!liMy<N8a-OA9bKy2{?Gi(XH9L
z!gfa&52pS}%>Gi4)vbO_ZaL_e6Ul8^1AwM|1tHT=>i4$_3t6N&C^!y=X-im^l-j~4
z2`S^#L8g@XNlUgZr9RFBDf5#^N$1IurQAz>h2%utOMKFCW^64?M9E7<-Af`)eq87h
zwv^*U$+DD+x(CkIz2wKHL)elnb$l`iPVgiZbuUq#mBkAQBt>#QX%YT1n36`josdT|
z{J8+xE6HU=O3bUNn=^SP_lU)#<?Yc{6cU#Mx_%O068Jidro>}gP*YUH@ajfJ){J0O
z?I?y<HzI6{)^M1k`W(&MKYf?0kGqbzVItCQbq~j49NFh67W`xpH=lGXrfHHq6XkZR
zd-DFDK|Kf4SldXUuL#SwGwDpwnz|jHtWGq$Zpn{ZK6K#ef)B1Zv+$<q$p@RrkH$@U
zmQ+z$REgz2#f5DP3WCKH28;I;_=3AK^X!Ijyj3wx-MM!sFTI&%yTahqJ>$+N7e1xq
z6vC#qq?X2-;WX9^$D?>ta<^@pzU6&stZAfgMc>4^G26A=>^2yU>kO-DWd2PHx&7oj
zv4s<cKK(ssK#z0ju~#tv=7o$KG@hde9Lu8H-r>SyE+!T?J7z}(Y4z%w4{q{um#s+A
zoP)C)NeCz@s=((h*wSArOBrPCa#6sx?1tv{eTnY4bAENFPF>12yS-%NOw$h`1br&{
z&{)$*d9V!AvfOpcjn)LulKhLr;+%EZRObJDA?F-%9?^K*ITw>Hhb-K2!=P7bJu`nc
zn+K=;9vRiS*!5fLZAL$mhvtKkt!)bmLd6vLi}sZJD)waNiiY-ht8AK1aNNB7`VZ-?
z8_uLWWJyZt?Z~>3jI0~UfT{sRjhJ(RZu(ZlJnbdPN8OB5SK5m=e=>`Qru_j~Qn9UM
zACO<RNqYXz>MaSq)k0f_QklB#Y;)7*kZGE|547)dCM~<A3oi0Xqoq^XX5)0JcRDX^
z+s5zl(^%8U;GRSAC|cUM>V`LyPo`;7>@ViUt7h=et6roeSc+*no0xRNpr*Kn*KT-&
zKc4>>imYK-mMhIUV{LbM(b-s=_W5^YD};?l^H5Y!uB)<ta}Izk_m`~}uuVEFjx@)}
zMSdA@Lh76z7ZWuDWqN+M&NOuan?jyd7q`MwG<Q<(jMM=qkTRNmURaUFqps@nEu1I-
z)mI9#XJgUwVB5DsKqo6wdv&TJx>V8@!)f`+fh^~~C%3ng53?Polm@s=V`Z;)rF^U0
z5+phtyCh9{j7|<_^+|}_yzKj)gy?7i*+q8uz9$mzcQ<H+8|__fHALXkB&EDai~ChM
zW64rCVzqHAsu@NMO?I257a9ND8nLi#3@gs<6K>~6M_i0RBreXAc=G+faNDc5QWmP<
z*#2YLuxCRmqEs>h5OL^PRLyaNj;Afwifvnt!6d+^$%%+l9p$&jVoV+}kr%Ig1)t{U
z-Z$^!m#^MUaln^wKw{{I!#yX8lP~p*#Iu0chp=th^*FZeL<|agy-1QXz{lcFiHZav
zpNF^+Cz^-?r7BKjv9NAC2bysrhbc1nJqqENm7pDbnsYkWFbyKQ^S)ODzehti4Whae
z*~k)3)Ig5{0iQ~9*yOOj!}$C4FZ1MrKk?v<$0#e!RZ%-}&rnIId~ZOjPhXKzOe<a;
z(c7_Y0g8+4M8bMVmu>cMAR{7*8%)M;k(dv#v22q&r`*G|G3Nnr!Qam1g->2UlVyh1
z4CSpG7En=G$>*DvaO$5X(Hd<*2#6#?=qWO3Q5PNOt34LSjyZS995;A8aYIMgA`!h!
zCz_C(PX)trE;SxEcsw%}zd+Q8am>JRe7Wfh4AVl_ExejTvSEQHL%`c{ZXptjV^|Iy
zDPH>&Cu(CBFLP!(^Y%dpmr4pNDGU~D1(MprPIi>*@n}^z+L}i%Mb~mlr#;>H==2@;
zz97AG3hO!}dkyEU8|G6Us^Hm=p5fA`FDB^qV%viDSR7Sx^h!6JC|)727g=(`q=#ei
z6zhB*3BwZftL)FX!Q=UK!(yWCHo8Zrz^|dmGErSeH=T%?wy;xrYZ*{fSHw{RkD(}7
zj8FBlKODhGESNh{09E9aEc3T<*8nX4rhIK1ib5rn7FIRYw)APDB$cHahEW~S+nmXP
ze0rPlo9|3--P?!r-?U5$eFgmWN7EV8=ZHi<FVhxl<JYt9;fZ(tj4e!TOAt<UwqDJ-
zudO}mtWt!09%NY|5{nXxK(IQ%(F2a9G+5@q88KpUNADyFLS7BawutC9-bB>Bi0(w-
z40<FKMWrojq#~{6t3!r?onE(e{<!h>Tc*;&N`isHt)y-0Zwl|Oip3)3kytw!T9d9{
zIkLu8ZU+^}Cohh4SV35i@zd|$$epL$i(wg@@z^QMUN)B^pWhijO@U99h+85RVbQcK
zN7llLjM$?{Wy0{u2w`*M^Ec2IHc>SbMTSCOAx955mQ8y$B5a%1c7vc_!l!zOn+6fx
z#-loYa4a5AMO_SdrL<M;Y`(bYLLwd1<>cK+LI^a~Ls@ZE)aUVK*iqucH$n)zhh(-V
zOYdAZ&`oD2`9;e7nJ52XaCHuo2QF`&q%QJ1;IfCRPSba>Qg$#YP=-*oEnIPh*)_0x
z%Iiq!F{O7)yXi6GmW5@@8EaSB0VV*lx2dHk*T{Hzw(U7tS<X!If4W=l=7^+7aG@i6
z)hXF2b@#Gd(#|bq)8@8yFUy%szGG(xx=5DQNzjOlt$QL5&51v0H2ZyuTwbJxD@yzs
zOVSa&t@nZO{xnZNYw*n|I;)sO$CNy)qA4CEN#d7p+|Ha;bNTD}f8+9Fui&#SpE7UN
z0&aTwr+mKUGa}I#gRA>7w5Ab7l3CZZ0n2g*-mu<|Ei8`eH-?@?)oj|kku^J3r@}is
zm+?ycVASdOG(T}O&e?~b!!z$c#qO3}7^cm@p8Xh7GZa};*xj;|55NAH0X>q>WOg?1
z;PcH(uq>MshaFFmzliP4+gP$;3Brb&(kezbj6qctS|SH{|EqVXEUe<tK8K?yDtlX-
z*tmNGCpI3!j^^!{mPzl52AW!SvuyJhoILs@WJzK5wv~LdXB)O{QydI2apZAGlEjKF
zOIf%58wS?)W<bwDtlPDg@`4J=3d-5kw1Jgd*3!RcU#^>cBmH|0q_NjXjv79OueN@c
zShvg+c_>suQDIrrxZ>i}a`gLqwp6r+n|riJT02&wvJK(%@7YFJCj(T@tWox$o@Rim
zikfPM7asW|-u&`aTBACrj699X!YTk%MMDx2;iyS<NjVc6k3y9dcD3x{!>>PboY6!X
zlSh0XMfOlpP=;X{MB))7pe<_9ySyid_Bk8`e6s!{w(Q!2Za4;<B*}cTZZSW9{sul+
z^Dezgdor?qB%7KxP~b15s;CEB_ibV2H!ILojd0Xpbl>6hD(g*4w1v14Bj^qB`Nkzg
z^azUUHl}VEH{DDEfh<cDhsr4qmSzSch&T0aY2Oz#%s3qfyYtA_Mb_Pyt;lU3ByqUV
zoVcKR!qAD7hbo8~Q6>*RnGv;(tk}Ae%EEF^7&3-k2X+uMb^2BGV}E!*OExaXM8d0T
z96xG2evco+H28GmCw#NJiMZ(;MUW(!6Gx51tEw#7_zB@yjQ&0PGoZ&HKHvB$Lf9PM
z_XreOVNY8Vo0~Rr=Zss}zJD7{t<6*ymoldRk*KmpTeOwWHhe<Nh$SX{I_fE<*Eie1
z{%-7S0188;6ciNi?A@E>y>Gm`Z(UVOWPeqAv<tmWqc{Ekccr(PI7G&OzsHY_&ACtf
zkaoSD=dXB)-<<gXi`Re5yI*}sWl<p$hfhL6X2sT}Y-`@i$)hG=T8>P^u_%po!>KFl
z#kT!h`NfQz+1av#wrC4c-Qv(bBWS4TLs$>9XyttBN_#P^u93}qHnL{>I)?XZq^6{n
zFE@WqTeOvlBgbM{7K_(?n3z<N@*3EZ%d_uPZ-t|`MWJ%Lw4f}**lxEXy$?j1{f23z
z1rf<pc4vB<EytX9^7r%EfqasDGA)y`KoMt-J{#SL;njRh8*?6uRxTuNm<*{NLa(yk
ztl9Y$H6^ti2=8a**46ku8dFA2Am9nm8fjt2fo(L0_hVRb`c(E|RQ(}D^f2$Od6(_Y
z+qvtN+t_(vCxfbo&|`2FtG2FS$G%-u6jd;?@eua4?d7AjOK7O9VN}DR2wU*+x__~^
zbw2@5a$9encAJk6Zv6cgNdP`?fRa!}xVp3|qfc&<_xDyzy~sA&Af>n2$!*NYS6J3s
zLKpc5gUcNz`6b_+z1zd=HHm!4U7Wyw*CG3sD^8st1W7@7OR$Bu<=?@S*O9X0YC}uA
z?uo~(h-1m+U48oZoG0gTg6r8nMpm$j?;>bK5>H+nbU0G!j#Iasr(|Z@D4jQG1PSXn
zU(kqjdWG{WAI)xySGJH!3l)N1b$dfmLCV+`LU>F=Z#WR%OUANz3c#fZH<-l77S80`
z@@>oceA$<5n6RFab)ztCld%Ji;ej)M&m#*TCLD?I{1yMCzN{X@Hh5?CB3}ONB>=*)
zb`GsSjQKx%7hBkz_1I}Fx0d5ioUJj8I5owUOdLL$cUCWAL(_UL9eV|1`i$Ylk6z=L
z!ACIt^5>{6t;4ho{<Zc!en00y9>3@*YD(*{Y?Jp^zsuA|Pvf4`@8SB1H)2`_F(bwe
zf4_<kR{x9VuYHk2`y5U*9%W<G27dDQtN7K~_j6d^?-7ef`D)t=9-jRG|G4fI_P6h6
zXY+Q3)-@8*!+fy%U5*-b3?W}3|621dC;$2+ibKUrzxH{?4jqqeTWs9DfwS&Ejbnx#
z#UqzI$(B8v5W=Q+WnZ@M-^ww!eUB-lCvoPH(*QW<m<y>Ws^aViPeE1Wv;|RtqC#<?
z44>xDP<~sqSB3Sq9xah(_e%`(IK`dHzZ-@}$3m==FN8ohb#@-u!4Z9rVsMWkEZe$*
zlZH;<>s@Oo3>2eCGO>7+fj#>1%w^B=y}m~hGn~6^9$WMX_q=`wvaIl{Gk?d`CtQzV
z#o61o7a;_uZ4%ZEM$`@CA6Na8!8Jnx_;}sFIQNfJ(Tx}Yv3P`&hEL%BX@B63mwwKc
zJ)8LZ)ic=9yq#z~Oy8;j>}%W0<lh~QGAxt;03ZNKL_t)~XX{q*!=rw{<Ci`|QJ|Q8
zZF?yU6cLVv8GrZpShH;{evj5EAO78B+ctqfkf67q&7%Y}f{0kU-Ov(k4(Rb1$*{v2
zsk?gX`rExuT}AE!=e$dS*UxE(oX+YUUomUx8{9PMR*oM$p3m2<prLOcUcGiEZLv1C
z?A^q$+Toa%$%Rjy!}IUI%!Lzw#QkSKj4cE~Z;<&b=Q8b)vs2En4E*|szvIw8hjZG)
z6M6mPx%}#y`<XoQWG;R3d@ecu#~jiBXkzgwtGBP>!CAlIq4OW(?Uf5ywq*s6U-}f|
zhKwhyhuPo0mnpv;&$^u(@N1fj5tg49|85e(M$;q;eWiHGJZoXZV?82zdu3br!2gQg
zCJ1!Lnf5VEgOAsL#P<EW*x9m^LVppKZPKH#jQ{!ZKR99NNm#bU#-{b$@Z440cjoUH
zQZtN`?jOf{tKa9b3!mh$K4Z9J#?9P)#&7s&{Rhna{7ue1aw>ng;Ln77K@?f#_p^V?
z=bM)B!nLpQ+L9Sed*p2HIqP?PfA~ahec`9P`pHYYdD8;kS+#&u?w^1vgGA=#%Xtm#
z|AgKOn^3TTptqpSr)n7iVkFCMXpQXi$BkIx_LYN_?ZG-vbbnPQtQ(9Sa5zJ2hVkga
zKXPcp;Y?_pM15HutG90AqGK-QniFo|vrV6JXv5(=GXMAd>h*j1>!p9=ltWG@W<+U?
zwsOt0m(v<;p{BH!M=yMeK|KcpaNc8Qv3A!Q9zOriy!+Kc*6v)x72~hrk+~0Y{oiil
z`bigZ?+<^+12gZVH5}o^pS(i9ssTun#5=1NaQR;@Vt30<=c4qqD*QKPD+Cl5loRj<
zx0e<6$T&kI3#DGNW5pugf^a(@)g5~NSDdHru1>kYc3P(_=cya8|9$5v9k&gh0@`#1
z+2`5x@1V+iMoN|C-YxCIgDGt13{rY-(piwZaH5i2$~yA|4udS&Iro&lzfnqjl4T~B
za+A(awnLIU_tcpa<=kcEggv*c?6Xtp=blI{&nC}2Wt@A$30dxb?upd7rzD-pvP1>~
zXZ1;vU7V=&Gf!zW3%d)NldmV<F`asr7isvt>b6?SQ-{{KNRr=z-uv5|a%ZnxI`ytX
zsV2`ZOg(HG_grunlZH*^?KKOTvvdyLM5tHGwz%Nv3+P+fkNaldOXc-t-2KMgsmpJR
z10~!#`3`)VkE{QFIdhiJ$FF)*1saxM+~D!_DC)^epFGc-U%U#y_lHeH02dv5F%1=c
z_|@xoQh8M=zk2;nt{8t6y({`~=gYTIb!8d%y!s2yKk7&PWYW)hWZpycy1FMDcdzH}
zGk?PklWyR!zTe}2K6r*6SCnwsUoPad!_H((za#nE+fUHr@)E9l=IT@s1<N+L?1^*v
z)0~G0c!LBy0S>=;IG=6!grf(Iqp{auZaw1{j2$|jvmThl_ih<Rzn%m5`RO;M+CppO
z02A&R&-3q3r>3-yvyM80N8WsbdtSU1fcsv)gQ*Wq#iObzJ~=EGXsSj@u-x=%zRl_K
zvQ4=%9@i^d+V_#Mgq%mV8OcSq9kZwT2kcy9OrS_IZP8Zdu6T=}H^}$;9?9V9fefx5
z!r~2!v27b$2t2Bn2c|y2_xc{mRnJ~Z-3>kYaQz4TY~szFFy#9jJ8&FVpKv|zt$Bw&
z*Y{%j`+vowdN3`MkT<}?=l_AeRsA{g&QYBD(Dyl_|Iu7_;$@h2>RK)5j0}!*XCwk(
zMB@=oxqlK*%zuQkf^sH~oI;P{Vjei}PiTt93HKbq)Q3;OwryhZ2tp)x>Ihd}epg8d
zK`2l}QLuDhK=EaqeUoH*w;OGmu19kZ_#dp^CZBa7+brTT``*N>x?yl=@532UcL;BO
z`5G^M`cHIIXTtEwXkIWa1Jg24WrZ7_yNauyy$n@RnR@s%f_{zlyVh~^y@ye9c?nOx
z{TSaLHi2V?9GP;4ceU)|FN^*Jz{vX1)K!%-cJOh`{_;&~OY1mlz_C2@?vwQVaS7Kx
zb0tP%B`an`nR3Wv#tj+IE1$eb%@rkF_~_Y0^#~qW?pT2mSrz&Z$yW%_G!G>O6}r#s
z+nAAQQKiRYl`Y}@o$76lTwP$kz20UMocZ0fOjJeX`V)V`pD%ojhVni<`OcsDV$%}t
zKJy+<7<v*@A3L2xe>sf4mHoJM+?CAw@(lonR1alX?I1?>I)r)4-(vB)kC0`Vm>y$z
z-Ebbe=t(y0UPt}aHT-GrL)<v!HcEq~Y;4*<ZD}0?diJ4rMFRkb^d8NS+F=09`uug`
zhMjOe9XgXEab_L<8+uzzQJ`$EtonAR=P8O>A2!+)U5}DsqjXoc*}v0e>#F-X#JS?I
zZ5vHiICa!%7?#1`KYW_ES1+VEP{J_-#)08XU;+&6F^K0roX&!kbGhx*+c@Qr(|Ksl
zZ|QY?52pU<H1@ae!>f7;dPDsB^}9Ij;Yk3TbL4sWQ;~Ef-uUblgb*Ck`%ubD{7e`z
znXn#a{<63D)5VX`v$%%Qw+!OkM^5Lsp(k?jahEz5{U+*=l5IEm@Li_TqAG&k;8wp>
z7*2mKWT~#uk1FCVIQwza?8ojn2rlQIa$vfXx^q4#RX``JPZ<PAxv+Wb<iO^1r=7rd
zn@9h_BncbYTS#1Z+lA0_1Bo0&%Hv4gAw>;Q+Y+{Al5t8?jzU_Hgk(w&@Q@KWLgYG7
zN#`kh`<|Q?G$QGUqzAMhK}XUNNv%S4a^fuIh;$J&!cGesVWnM~n{=L%4pb(Rbbd&w
zfDbuABcw#o2)P?UBSiOUhJ@3X;FFasS4aq?9%Vj?g4$L|>YobPxw&b5c}x#iwMAMx
z8na7>-t|FN=SR}W{Qi)WxMT92gyUiEc<nZJ?cU?u>4Y=TytDcp;-=0mlWynbt6oO}
z4n&#}2&RlYg~=mMX6Dj2c<!Tr5cH@WeWY#UQx&Ft?|cBFMhs2Sh#4_X7<v*lWu?qt
zHV?xxxb>7@^3t`hW7;OKe)<xoW$=sB?&kTcXCNapy7!>~oI3h+=HK={!|O*;SJsOy
zdp5KCz)mhW_7djYx`-adJ$dbumuQW)aM}2)n0?DaN`fWqX>CGPR90_a#p1Oq*wVBK
zfDcx`!|E+t*s*^*0E23V@xA^>W7!t>oO3__bNwp-46YqU&=&&W?G+1HyJ-twZCe3A
zS*U_|+#swweRVk2PHQ9;YoJ5ii9OquCDn1ClDQ%kiM7}2R>U7m8rx}dOP6c64k?o`
zoYP=(4)H>Vft`j^k|eyEmw7AR;+y?jIA!DyIQy`3&<&kMtLEa<ycm{2ZAlFydyQsy
z%WmFUI+MM7T6pt|*8vz-H-b_1qXC%p<?C$QzMDm>79@(a>0i}{##(3P^T|u6^M~^v
z2ViJzBdV-*)F;Kbj_r{jtbUiTHf&&3g7+bB0fTD?QBzvWlJ$%EVAW#2+_;3*+gIYz
zyqSFX52pXGy*H1O<f!h%zY%%WU0r=2)7{fE(>g{12}v9R2}uanLP!XKk&SGFkZoWw
ztOdeC(hq|%-nG{s4ll;P&yQvC!ma=r%q<%bM(9A21+wmAq|wauO!rLRRb6*g9udDk
z@~F(L%&O{{o}*{#`}xdtRYv5?sCfAz;>COMp22`rB7^?)P&O^aJUiREu8x=00(3)f
zxCn*u*3H)--txoet!I7CIT#17d)4oPQi@zTi$o-jmEtlk-2OW396cSHra}}XJU#m)
z?%VYsb{%>i0Fa9HfD!|R${POe_x=Ho|JTQH^?BC<0D5D6&gOwE$hhzM`;aYX@w(}Y
z@z(RMMJk%cU61_$zj*o=DAtPj!^=K^yFT8KQ2-FAfM4(aH5T&=c*m=M2S2_2m)JTm
zg~i-51ZrD-0^akZ1P%sCR4~vxsz#$Jk0MpmDqCtsMX9N^mU8PNc2wjx_@DW~;07q6
zxZ$Ed#QQG&Af7+;EdHN=z7;Vgj@O@l85n2y)U|(wZ+-B)pj5!=BWK{j7w$t{tKqVp
zZ^T8XT?$E*@a;#wg=~2h0H8As7f!zxiAWOTeUtdft@q#$F1`@}kccGk_`XLmk{QFr
zXIutKC|)@9JWd}w3$H)(G8C%?JihNyD}aL?DA?6z|9gHEVHiL<nL%%AAUhK4_sDHs
zt&f-L1u%m(Tyn#ByI#3P0B`-j-A~v0uIn1M_Ko4%3*L$4;t~`whKe=!T>0|1Ku`z_
zZf-(-_5Ls855DkTJiPlsy!qu<LDlQ{KM(vPRtg3D^0|kxXYnP(BMGb&mhf*+{|ql2
zd=6E$f<z<%MO45zgD8l2a{m)}<fVsj?$-11hMjN38KXP#i)Vg@s#?V>thxDXfAUZG
z>+3%cz?=gFxPKdh-|?de#({y%2olkrxvglp;{pKZWKt4Tz^J1m<-oVp^Rs1LffG6o
z8e!E9Q;a+f@YM@?AK|SV7&L-6*E9R4O&@JQ;D~jBGmuCRn4HY(x^&o~&w&uvzNbrX
z8OWE`hSo|<1EoNa?^vh#p2FPrfW`=DgEP_yNa3ky@z%2y8}hsm_dmbe9$@CZ3L0pM
z+3*&wdrqxjH$l=^wRPmWw~jX3FqoMut6}}~Dp%m7KP{j)K|Pvwt)AbWD=o+CY7G?h
z@LdV4exua<eINS92OvulzJB93@yV+{jcfK?4OKVCotPZOcOU%$F3(?zD_?dcZoBHw
zapuVB_`=<v132)){4Q+i9mjc-=i{95v+>mIGmsTCXHr#D@$xNa<J^h!003XP@qYs#
zpoC()Zvxkz_YQpNU%!I+wL|!=bFRRxSN}O)wf&Vi|Ms1@^fQ;>Z5LdHk6m>;&fc;U
zkL~*n0N{z4$ME2;2f?935+r=*;cw#SPyQ5FzT#@!`nFHvyC3~AF8stfxaboX;+j`p
zjoYvN6u$G(AK><H+zg%RU<QLo0a=tSwwdmBA~nUSs#c)tbr{URFP{1tW|n3FqG2Jo
zg3-)SqhBRJwv<hS>41kO0~&^v1}iv+B1e!(57aZs9-ksr*s)q#cFvF!KQsNj_475L
z&bo2}xdu{2j9|~wOSt>#pW@xGyAkJ1yaErra4%k5coC8yfe?baR!2>*ArVPJ5+pza
z`VxHrfce}UGI8^BGLi&TGuVXvoSIsN!F1Hr8t!`Rhgd1B0EA=D!alry=j%g$BX{}`
z0vd`wW2n`u=FV~?3C;mZC}K+7WsN%e;M`QCdJ=uv^ZF;8o$V*q*3yMaeq^nb1+m7H
z<DU}<P&F0fnGswxZT9zP-tpHk2R;H(5b^d4-id$y^_>=J4v{wcyrxz$m>R;@KX50a
zQWRhK$>;IrbFRQh&!`pI%Y0BoieUHLEPnjx_i+71@4;}-2o9{w;GSph#{T66yy-I+
z;Y~05E!=kPr|_MR{t&m`aT9byM^uX9u|1FCKmFy!xZ>Qm;Fh<20{{5IZ($*O2=_dF
zKN69ax#%|>oSSDYdK3Mn{`j!RZL?A<ZO;~$0M3t(+&10sU4RpAj!Si|hATdM8LofL
z@8hN`Zo$XjavT2Yho3@Kt$;Cxd!D@;dzWSa7%11vxNp~exPRBZxcKx-Fwr-OY$=O-
zpZPgPGh3V|mFwm~{X@AqeEZ>VLe*6$qKtc=xewKP4cETvo%rK7{AcW5cmWUXx*s38
z>NZ?`{<V1i;Inw~;4a7lvFE$szB&dl<+c~Sss5FhC5D`6j8B#p2J*$#(Y10G0tuLF
zf%d!&xMkgP8^GI|#&FSTm!L1v55^4KbL#`nSog-WufQ2&Q>a<)wfmQ6fCwN_5#@Rb
z0u_;tq`_-|7zHAtVr{Azkf;cOQgfbU+_5G}f`pa)8ov3fuj7mF{h#>o6*r?V(T}_S
z<NH`EXTiZyu9xuR-+ULj(i$iwm|fWqMWFB}XFpcp++2F~rUuay>us`FP=RklZP{#E
z&>F3s+g?DO@Wymd&!Z5vs}oYMWjA*kG=j7#chfiq3R5T;h|&WhCRRsZ_0$~j&cmh@
zXpt(Z^}%Y5^ykW4Z#w1fv9{P2rvSG-+jY;cT@tvgPk_e_&Z9(G3QNQCM7+e^ZQ`!*
z-`qQ}*luuc5>B{sml9>`M@_DKP62Vb?h()Py!Fs<+iT;x=XN!;>DcY`x7k)+bb~;*
z?y;>;0TL_5MVgGDCK8{|wvLHHITx#`Rd4Hpb_$$p)(2M|VqKO6bN4@?Byh*CzJ(t>
z{(bz`*>A=N-}FHz?+7IVZhF&)aPIiIc>KU)$d*?ji84egfDnSm5Bvu{{ew?nEVBil
zzy9x$iX@>K1{mkyjNt7TT!(?wAijF<mvQEwP2;qW?Z9n!-V6Y^`W4sWws-s)c5XQf
zPs}`qTqz4#ka5e^x8cmO)9}R1f1p$=f>4T|K6w{(Lq|HA#;!xpVky6frTii;*?Bpx
zI{$5W>cDe2n4JX&@V?9c1aExV<#>AkGdPr+gCr`TRDeiDD3Tc|&{muz(Tpx+D?zKp
z75wz^yC91)I5?i#|17{c_Ac&1sb)sllttO(lVH*i1qtAA%CC9#J8{LUE``Aia2I22
zpY5m;Uq~Xd=HeDLm^QIiTCo;nzC~6i6SiAyc;{{+-tQc;AX|OG@sp?Sf-FktOZ4F<
zPu+#8T0u;XBN<8HVD=z>^2A-}iS^*m-f}zs_^KQ5p*MX5%f)5<^4WXv*uLLDXF9Hb
z?Yr^5x7~o--}*@afFdc_ySNYcKKF0vP4uEtui)wZ&m$^DvFqS7&U+^i!3kI*QW1i6
z=1#HtUa<HVRbqJY&~EHqd<o}oe-&<f`z`p3-}xJyHgX1P_L-!k3=R%~0-1O}B9h{X
z{H0QDu%ebm^Q9~VLOOHX3z1tJhqV~<(B#k!hAUonCC(h(iMyZq30{8t893vXX}tF<
zzXt%g>fCFvB{L4dREW$`)a*-21@t8bFqYYZY&na4OS_SbrT_o}r4WcETb5k>pZmWG
z0^scNm*bbu{u>S~FW`M|yb+h5{U$tl;8`5Z%|R9v2t<G=h~S*#`irl}+h6@oJaga$
z99Wq#fA?{kw>by;dxoIM@ws#=T5uH!s!^ZJl~(}9y>D8ee7V0g*Ewvt^%rpO9=0MX
zh{`cgQ2fo0{{}D4zkrWjc^fX8z69U<&3BvtGfy9Q7K}6OUztHZui{@G{}D3rUYt95
z9v*!0KI~s!ge;nKMqEkYp<NGPc6C37dq!|DJBJq!y#PuCJTv<wo}GOXgixHb^*lT|
z^Ee*dbwA=t3_FHT!*5=C7)$vAL`o6%jvotf&LIduPrM(p6q$9mqOPg~Rkbu&DCIov
z+2)PtjJGZXx@2~&L^Z|&!_bk6MDU)A-U|ZYraL}}Ge5oqJ3l^+Z#{em;z}HEe)(0-
z{HBNzNCL20Ea1nF{Qv?L@VD>!JG|$O@4~0v@kyLHdKNh6h)PiqVs3Iqr6^=k0R@FX
z1t_8dMI^ZIxnCex&f=moE<vuG#cy7E1bY_t<5#=x!%%t{#cBah@85-}9L4jqPeTvf
zSU)!4+(0}UMNCT6Ba-ad{8)JM?id&!XSLOU8@)@iz*lp<;mTXqaX+Aqg$g0{TFQ@a
zdndH6&zjW=$I9vy-T;7zU{VH*Nc(}$9MOvwye+2*Lp9YHUM(3K2waMjjUx;i0kjBN
zZd-Hg%58#10L_C5A;fJoYCI3k47T0%f~`-Dc9?^fug%2%L&A@nZIJcJQ$M6nNaIKM
zq!gM-Dmj@5hkTW$%34vX*DIzAR3{5;_uafvOhK?zSj1dz7B#H~rURe&-mRD#*pBzS
z_D1~Txu0V$JB#_XgUG~sanpag834z@+#GKD#)qJY3g)u2$d}h}$Ae$Tn_qSn&Ye6T
z@4xH=_~Oq#4}%#<M`L)|_&J!%&f<H&`6uj|KL8>CKYsiNxc+tT#(4h(F4%ej-uSXB
z0M0SHx*xZG>!Y~ztjqEF-~S>Q=a^aAi`(wJ89#sO9uN@x<#m6HJOA{1;GE-@Z~Q4V
zUBjPUeLDyt$dz;WqyP7M^e6lA>EHQp0Dx>Mi}(KhbvUrH9|u=waVR?rN=(<pxzz*6
zm9h{BFrPbwxzz*E4IQ8R!57e%8o=*gawFdRhW8^|T*ZCQU4cTifVtHJSSc=p3P7%u
zHEEQykQLyrM}LGX&;Jo#wc|DT(3SrM5AM1bgftTCa&EdBBqNF0Snrs7L8chY*tS|+
zHsdTed5|`JIP%4H6J4{N^Z9wqtn3A69FOjO1W)XL41^H;{F$F2p(L?)=_Smr9snf-
zfBF5-K%f-wy71k2*M)z8U5B2-ZFk;`+0{ABuPxyAJ3oexz2!Fi_v=50d!PRW_AKs3
zwzLY)IBx#G9|0u-ZocYP2voq#(q7#0z}Jv1tzd3-7R722j2W0)oyA%?hjO)qxz$-L
z<rhIIP$--H%a?P=7Av^%OTUZH-tZ;dbk)c4=$=O~v$O}vXc`>Hz$(Q#M3JH|ISh%)
zGwve2mhZ2r)!|%m1%iDZB#;NzmjFH;Id2<(2+RZavMAvE$qR5WH;3;$awm4p?Smi!
z<$4akc;;?w8`^<0Ms{NN;)|GFJpckT1;Si*7TMwocF(_nzxw_s@!{XP8Grq|pT+YB
zpT%5u7NuGl5|uEQokgyc1r>nD_C1P!-~A9SI^z<2|JUD!S_dLx3?IMd&p`-5wzP`(
ze(85Gv%C*;*;yP|nE@dbAGzul5JFL`6>#&{K8SyR;St0XA%qD>51a#iJ;R7c6SLDK
z>EtU};XKN8eOtD;j6m;*V<NZk@YX{c1e|lsW)DD-A`qy6#nl{c`=^iMOE-K4A9?dF
z_>-^w5qe@hxbc$r;oTSAh_&(>Zus)MK&crtVArANkc_18-ADcjOgDp8%w=b>Tv)>X
z<r%!|e_V@yxbc7CA8z~#KnQ;H==T6luy1h>9(ewj*giCk2cN$W&(1!DNB8_1TL-4_
z;Pdxd$>d4!?>k1|;1ERteaS({f->VNW9nc{t&ZeNtBrG9-kZH2+R5#@ELvW=ZoX=U
zf$5=XjP{J-@tH^QlPB-O-lap}9QgJl-^9hIUxHU}zYx0@UNq<D>KZ5^kVOH1|I;r*
zq!K=G`G@eO8@`N}7GA{NPyQ=rR`x*=WH82{>pJ!>y@W&AIn=Zo_OH%hE_(oqDC5QX
zz4+J1euPWUdL!<6`e)cPzZU`sKKzyU;q&kP2i*4dPeY&rUO4zX?!5o&!B)Iu1T$Y_
z20ih<9Hm}Gs;(`iA_Uu5b;Z1JqFJAs8n7Pg6Y&<eWWi>!KKZ~oAV^?J9|)zpkCYr~
z%3uxP{sRxb=U*N#eD!a?v$P5d=2|^B_k`*9NP=DW&`_f6#seYwlh9BmJj8uy6~T@Y
zI4elI*jAtd9@l*4$tm!*nfqzDH1Ce`JpnDktT#v9<JNyoZ4c;=piu29!}e_{>0{T8
zJa^&F<Xg_^dG(B4bk|D{-SPE@zVv%PeE3_4DRJ{z1daY`F>raps1kG17pWNx!8GMF
zXoiM}6hTCcfN>6k>89HnH!T1JX7Gtpt%R5og+wJV&QRCt&d!x2NS0-WgAi)^Su?Ya
zts^tWAPEv=(Hy+Fz1zlgl&V$4BT;8Z&0so8wJKy$gsSOC$KtU0S5vEysAyV*0C3Jw
zs8kS>B}kU#f^&vKwTg%=SU%qzx}ia!rp3cx1`K9E6dHX|S5<HTiHPZr#+aEsUKVA~
zJ$@RRp+lqs6v=d#&<wACUrp6<&86?cJ753)e|+1Sm;9l9{i({_*rU(?`>#ItlTU8l
zyRh4Iq4MyS2k_eb-ZDB{$UUtVVj>kmDTStMFgSxuC2(-4S{<SwL9#3cx}l@4so-Ep
zMp7UER9!`-RzpmY&3@K3B&>5~m3jqHIcgcOHPkc}BBh8bF@QG$8%UxIfe7Y#BC9<H
zGr&26D402F3_}N{)K$iD?$r6%zq}6zR+jOO*Ia`;Zu)23|J*O}+kbmCRJ{sOIC=|k
z`y9a^zx5Nw<>$TihBr)}bBA4a-+`xp``#Dt{>~Tv<x{Ru&wjpeA73nfcot&tR%pjt
z-&oLOEg|M^HMiu~E@zxUq@rn&WgHBqi;u2rpoBmYB<CK38Hg)!=!OneR}qtA&<!0R
z1R@n+7&;2o8crYGj(h*&*VwbT8&~|*Wzh6G6iIeuoHK?(wPMPsV4lk`+aWm(E>tRz
zL<*78W4`vTsXE^IrW<h0#eeia-ZuTZo9ydPtj$b5y8G9^`s`2te9M8wy{4;gJKi28
zxoxJ^_$Ub?2naMoGsh)eMO;Zh78R7L1=MvFsYnul$$wR=gHj647$i{!1w~!2o8J7C
zK%x>j7&Ki&Rn-tz6lV-pwHi1#omlNLwXW5`Idf#&4v&Al!I%L_Qt<w3KA~TF&Xs@g
zhOMu-(=K~p?wQ}e`?<UR@8A8)r%gBdz{PAE-a341p+p5K(k`0*r*aO6RDdMNrVF~E
zyN-%8L@b5b96t#RW`Hrn8lN>7j3E_G03cx8fUfJ#T&Wo<2uw?|J^xEo0t1JkYhav1
zpcIlIneziPAP|bGszDYgB61XfNylJDvnB5sqOR&Ved<iS|LRZfI(O%5uY6^CVxL{M
z^u!O&A+_9Nnb|K=ROY~`96qKTSNFYux-AAj-f`VcszBM`1|USh&;B5C!o+_bx!~IW
z??}i6TBOQVOlAv=Ss~fNtxugOPk`yd7KEnUN$U(*Zt5Y;iii=A?+Gy7_5$H+hvPQa
z^sx0=pTd4O4apg0FybtD!)UgnVXi1iCLv%jt*o8XGvv7Tt#F>mSMtMarL1|j$vsiG
z+YPhpxgG-mb=^!k+Re@Y03ZNKL_t)JN+|^;6cUwC*XpQS2d6nV6F3q8s@6EG8I>Yn
zjG>}cKnO9F2}4KOGJ*<Ju=Hh)a;@YH{<gm~1wmb_p{~`OT~mj)EJN2dsJ!M(L{U)$
z2th;=QK^|h90=e%*WI>=WGXgVtr4UrBAX#tEA>WuHA6$)S}>TCecg2RpaLXO1mny(
zzzbq7=ym%ZLQQ4EM?(@sD;Z_uIezq~N05p4A9P<U<!TeTQZ`YoSG>7sIJ~^ICs+R@
z+-euwQ<uX(f%{*?x>kqjswRMfm|@Lf{(i;`RCLwqdl8B#!Qc$lnt4`&5aJ}rr7#!W
zmAc6<N+_yUAPrOLmP~pUpX~QW*EFcS4uJ@c0!N7%LSEHWGiHmWXsMd1@KQqYr&ryA
z*Piiutd)zH8l1$FGmqh8U;8l1wF;uj(LGbcIfpDM7)TH6$ymyB@U^OGQ`zDY48!n6
zb>pph>#o=Iz_7n<7TCV$RqADM&P+?0wdkQRm1tE{t>m}Nku_81RfmU!S~6wbSE-jF
zPyw8CR15=AQO4K*<QsU)d2a>4@riHVf^xNrgd&+T&T39`B9d1|ZGPKOB-54nSSwLx
zelVavIgH*|pEsvpRh`I|vhixY0zz8LZL?C04VBx#1-XTqS~WLusQ>~3k(zQ@tydsY
z0kR;OW1ThLn&US>Kv7f8aaf=fW=tl-^A1EM37W1tQQ|0}mJ29HU9C075+az%xb1cv
zFF#EeILtGv{i$Is<&)d8R-4R~%#;m{&i2Ze{kbJ?Llvf`4_2SIs%w^;^N=Y!A{AZl
z1Zl_*%nb^AZsOcjs71=nF`2_Ug&?3>uK?f>sR$14(4d5(qE$dGUQ-b0x(?0eKQU!J
zBH8nvHI|3Wea8~^*|)yb;MxVLanBJ6g9+OsyiCDr;Ka8vvymaoJ%qc~r;P&#L<PE>
zfk4DPM@lVdbwG5EsinNmoYQsyT3epD8Th~nN5awU24~l`Mo16g0EAhd8djW!k{6cm
z2|#nGau1<KJHmoSnA<}k$`iNtj<~NKO>HKww)=jk6|}>nxP`jzh2)HK1)eZhg=C;d
zK_nv10b3mnAy+62ma4_k)xxs1*ly;}dfh|>2#v0>>WV~w<DBVgt{s@d{VdTQEID`1
zu(+Q?I3N<S(J)tg+!KI@$DD%_0&1PJaML0npn`p0<7Rtj+i4pipn{L*q;aMRuqJ$0
z9sj`ZFE{B@h^}ivb;2eP#tg)xG7?IUAxM!qcbU%WQ`yo=vRo^fix9sxA!zVhmw&yt
zywxJiTtsoFj~zZ){V!6n5rqkW00IauUb_AgH*Yuxb-gcudH&9m{D7N%Y@fv;oPfG`
z8^k{j4#qhC{$D?fhhO*=1WHk?7V-T@zKw;oEaFF5i2_VFl1yp<iCAhm8c8j=%M4!M
znk}z@F~i(H@eeQSQJez5Hx}9LEE9hE0&$%Mb=9-S0Fxntm;ZwMeW2Dk7g%y@_B9~{
zvUT~VkN*%)?|%%x-u*Bhc>W>86?3sh;pMIKY&VbnGJG7s7(+Z7LsUv?k|=pxgmg`t
z%9WPm)mj-8$5(D!(H4m4v6K)Hmn_1|3*S84co$6iZke{}i5C4vo6W!eu}}!$_wfW{
zKyPXQiCE8)6iF?+%j&i2_LbryIAb8R`90jQfFS5VZkw#j#O!l74SRm1BAhXS`eZv`
zOonG3H>pc5K2djFz_aP%#_?91+~Ayp3P68q2oWVQO9-iX$|3KNPy{!s;GjoIc{(~)
zr_Pn9lSy&%f^Y^z`%%_}vPy;d_II>Kz^F7MGe)*A<W*({W1ztbl>ODVKH08oow@Ci
zmI_oSZg3pLqd+yaE6Dm}FYRp_Ry@YQHWOEygPQ7Ao<fyI|L?Y++lUzGrseOGAh$g?
z4d?mxZz1MQ0vCo-5@dmT!|WQhK~=4ct>hQHJKH$Y#aNp`{V)~-B!qVB_5{-;0oPj6
zJwd^^m9He)QxXBs&NijORJop4O4WjMP~XPkpP}GQb=JKQ3#ikUx9fOc{2RSNZEgp1
zVL)*Ivk&5Dk3VQ$BS10=B&_I>M;nX-13e>%O0k24MsltqLD#j@mJ9QydyV6&X0`oj
zF2;@qZ#$vuEZ!-=IKKJ7x1s7lL<Hgy@8WMWfN_pgya$;??;54vd?ggZwvw8c%e5jz
zvQFNf;&OW;fH&lJE=C%1%Q=?;zI`b_4}%$yTync1%CYrvy&E4vb-eBAkhdW;0Zt#W
z;7^vh763$npg%bRi3)q03MoA;!b{+41@Mi@p*R_>Pn%4EYJh{r20^HDfPt<YDYYg=
zYELPjQdKgN%^M7iqAA~#KV&&Gnw1%+t}owIOY2j>Stg*_h3!a#MmRK@2*9g6`4JE_
zB20O5D|~Kr8Z^SB6JmYx_qQ*=2jd_D#Yjd$LX!8pZ&hpRu*%d_v6=^^)aOpH9>vM^
z<!}e{psqU>6ZIw=%-vuNNXF6_Opg@gNWyE8(%5)eFG1BbBxGL@krPcRZu$HWy6%a;
z>DrO=mIH_>B4SGWW*rSM4h&{Sk%{%q?~KKq1zA3iq@f#QS<6LeLpD6DkH<}JTeLZd
zx5-F=wQ>`IF(4JsU?4r3Pm11rC5EAom$V{OO@}PYt>w0*QhI{OZ3~(w<(O>CZ9H>m
zI+=8$sJ^sNN~x+gwpLyRI+5Fr<n1xu@Mz|18@ihSraP{P!Jbh>l*E32IU$%3SrHmn
z0mv-~9ijCpu>U%>K9S}s?do>IuT85wxxg7{Y!HSJnJ>xX0ihSyhbBd;RL9h6$w-u{
z+-O*LV4K|=Rv1qXBR7JSk&vJfoClY=EjgSwGJZAbKDH!>9@cWbN!<SDt4r-?wpO58
z1-Y=>>{p=dHaEHLx$|#%?r&kia?`Nf5_v$B3c?}E48y%L6j_*YmzL}K9l6pHm|=i&
z0%tYVY7p&oFb}*pVBmE<k9fWZ@HgO|!#;R@5`b}2k?Ktim3lKn&Vp<PP)g<1@oZrk
zj&npvKLsy@I+&=N?)C92Xrd<Y^1$DoCiwW}=dGV+D4op*&Vhl<C{l^Oc|wSDuxC$g
zZhWnr>#0<WpuFJ%7tTxn^$z7WOlIw}^~!A!-A?2-;C<ZeU<~L<^rAOCm_4&+c)`AY
z2#6Lcxh=V_+-_Q!iqsgAvA#n9bo+W<Uz=JhEvL%W5`>2DyXQ|}--h&4Ti&)A6GE*{
zt=_dTnrOk>lZ3C}9HJm%AU%qN9G`I)%|85aMvT;k&CuroVeJ95Tp@Y-X#EzY)^+US
z&g*W7tKnt?=OBp@Fe!fUth3Gv$k@3)G$~SshN;z(9xK!g10pD>OJWSyV%||mi0K>C
z)X8BH_kbqXy)Y#rENDddxu*s(d!h+*HSE;-)cUMexZ-2@pX=@qI~@FalqdTJV)sX5
z3xS|vk<&T)QgI}s(yAhf3+}rOu5Vk)FMt`k<?~M98ALtLZ~EXos=2KJZ4WE=5A0zB
zu>YQ*Nw|rYufoYPs9PWe=<gXuM2;QY3OJ$9lNH`q(aNLC`FZd8D1X1S>8F-EonZ^@
zpoN%S(DwQ5X@&;HIEi@6I739H=!s+yl@wowb+R>AT1plwYvy77BRPQX$2#RU(1P7c
zZv8Y}Z6?0&o)0GxZviXNM0x~@sLZ;R<a(|;P_7k6m-CBOc<ip+ZYD6!5LE=Eqdkxn
z+2gWFDBqebuO!RWLi2g#K>k?&`R6wOL)S4cI&BFV6B;yv+7tXP23ns^O5SqxCi@VN
zB(o7I;aNu^#z(19A7s@fz;mv<Ykk@j;0zFBP-zN8l$zZ(4+Bk#6an2@s_<B)s^vk^
z%7v|=NHtm*-0SUV*rX0WXoR;NP0w?xSRaBC<+|I;5vV-bZ4T1E>~l}<!LU`(2zS%n
z?Y3#TD!Y^?*Jaz4(Jrt~Z!%!GFM))j%x9En)^m?ewyzWytWe#4_b)Vm2^-9t>igT=
zT;8-J79_+S(j)=bPR>PG17<WpU?{x>3XROb^-J^hwLZ13ZCPHk7i9jM1HN=JQ8ymm
zvizvHWIESQZoUF$FoIM(g;b<h6^P<lkV!<CDAfwFVx_S0yzROG9d&RH2m&ya8An8n
zdh(SRq~53M>gY;-p)=mP6_ut3g*?1PdDoTt$iNswI+;N#(pQt2=yA0cC269fmLes~
zjlS)M$9j0X-nllAMjM*0I;SFU4F(Kk#*ma!^Aw&ltDuw&Q-k;O>Iwj%wX(s1&aG1c
zbzAmvfSut;m8X+Yaq@w121I&LW)W~hoY@GP%@!%0PUOl=L{(>q_(N>3)A|%1G{S3z
z;b@WXDM*2GtV%A$gLe=#A_zX~Q>SgVpKG^0jHZ`H3nk3sy4QH9N2juWCvjN=&3_He
zkTHz)$B>Cjhe#yq9HLw0JgG8u%Sv$(%;11v(e{|`y%TRs1<JX%#bS)ZiH+#|&X%qO
z!R@f?kidI<G*4P^5K1uCJBgU2cy>|hDjTZl<=$Lrr4dA=O+U5W>2&k9={<4Lu$7&l
zi8_$i!IN;Ha(s&LmT@2v>%nl(XjvkB#$BeX^{FZ=(@L#^n3ZECRBpp~>naPCTOa?u
z{5TA`_0u{<<<<_}J<>A<S%`S7jjE;%*YrwnuDH^0|Jw9&%R`@gvVn0R70X~KHCmF1
zcR{AB^~s`^N3~vW$gPc#ep;6T6~d>M%5f;KgWng@#7E!rPhuDh80p=DbUZVkPAi@$
zs-R>`Dhh$uatKX@<Mhwbvp#hdsKW#|06C4i&{HQ8d1)g^`V}d$STnXP<*LlX)25&i
zKxof*nmZ{pXao=(anEdsryYUMvUQBmJWI{iry%7isLeoQ5cDX1E#AVgd{2Q^IvOA$
z0I2_W5*jX`93#CkWK#0{Fd44cm)CN+iEMc}lP|AX?q7}i?q{xhFb}BH<R%g{m^b|m
zUf4O4zK4cyk~ql+b-?_IA{8*yy9G)#xzAlz){EP-l@+RLb#tF1jJH7(spq?ow*h=x
z*DiKQJDT3L^-TUJAs7P^(G>d9BV{?!Gvg|v#d=|4CBNX~2M_N{c&|6UuTyUQ<%c7;
zO*BqDxdrEtBpHM0QKX{19=WY)m2KJbGBjNSx^lbez!;E<rO}rjE`xdk5(xQvete~1
zd4#p-r@;JCZglK!+dL+8MA!GeoC+?Poq%y*uy+ipWZ(QSAr*HSCuAE@R{(Cwty2Jm
zuFITqH;%yi)Ir^@@)QOJqNIRGrYtl4h;v8*K1Hg;_x9Fmd}JxF>7ayom5~;1dqA_m
z188!CvqOFdDNlixC%ce1wL;wA5bm}Y(DuWPxaSG55$d)VPQ$#HyUv$2EK5y&V&#`=
zD3vrk5wK041G0$zq==X(d0Y()1CwjTT&h@Ev#b^kKCEjI7Ep(HzIQNDx1rh5M16{Z
zF^1mM0OC@r8k6Flya&|4ww1ynbVKv_<F~X-INw`L)Ck~h;H2Cc%|NSDm$v``2GgTR
zMpBDAqR~dgKF-s%dSz^BZQj~q;mvaA#(H_n0}8uxyP+@`$3S`naXGOPp^-&*88_Ir
z<-#I#L-(AK+6cJ?LKfMFL9;8jK`?*#KzbAjCAo0sK-`hr1<rfbT6Jt`ZNZwc*D==u
z>yX<HWwr&)P?-&*a|(cShKNMa8yiGSjLrGW3Bfj0mp~W;C!M(VdG2mg?yVa%L<iOD
zj2=#5<;eyIK!E5F7>z8HBK2(l22k~^%!?(XudeYe^SQd_WVAFh@itp=7&k3Kb~HR2
zW~yrfN{JK9z+eOhBc}Dou4nzDj5MErA~3BplmLW)b2DdD)AOukkc1NFvj?uW``hep
zuia+9;>S6l8w9#_kDW8BRiwcn8lJY>u8~$6QR`ThnGKJd)+cHZ^E)G^^@+Auq5yyc
zk(h+OC^aOXs{!F;vZ5B^`Eu6G&%#|Qs_Xuy9ps<^*uR6teFf`Xj9Irj?eRS0RG+X-
z7z`Nh-GZc&T9g?)i60qfJC=(J&~+`CuRwd=`pXf(+jfhwu=fSN3ENNe6y_}l2PME*
z-y~!r%@9JI1lsv}J)`OBmigSA$BKN|a_fS3F&4mwAii`gw=KqkQw#<N1~Vgw%gF^v
zkv;iJIAc4O3Wv-MkPVhw(v{nz3J!Bt9_yQcEJ*tRI6*{MN$stvweiK=oSAIAlerdX
z%iAWt0s%BSr`dAj;}qtt!5I?K1Tv96LxeZ-F#yUK*@5Z;z;v{9-ShOJ?+s|#$7Wss
z5FJ*pJw1djTTe+40X#kiMx;Go{pvkx`y1NBW09)Y$zV-mgA4h32|;F(Fzb^)cmfB&
zTe$9pTc3#MWosKWB8W(U^(nZ`7NrpDljojwTA$3p%is3a)~80$2*A`110UHEoFf?(
zF_4yPoMOMbNGJN%8ZV(#tspK(T=z87@P79-l?N2AS8;OH>F$Vi27{RkvQ#Xy*dxZ>
zQG_G|#?*3g9)<x>vBmCGHz3G~2X2lGBfaBL<oG@ShFzpq)WMowHKQ?t2D{5S*Vdyr
zh0xgux$W}S1IB>i-f^VkeG8*exX)TBI@hO`3-e$GK)Q0fxxmdW&f(s1M3mS*xO%5l
zs|;$aHn^Oh2c<&iavM;7Oal3Y(K$uI7!Zpj(U%&ki;^_sF5A2JKN5;SCP`%xW~a5X
z1|3D~Qz!iDDo)Md04EeAJ_JsLy`TBaXEx-`_b5^ooo-tx=t527jWG1BBiJ>RD65eG
znnQov-<r-oIR&=jLcke<Cj(+BP+^vtBMchR)b5taa+_&5bhs70&#7pYx$n0}Hh+ML
z!&IPbFphLw!B}6s7M0jO_Y=#N;`ma2J|I-MyX~$r;;LhP-|&O1O*e$l>cTqwI*#5%
z?{X?d95<5vYqha_DVxccSK&C~`uNr^Ac%*zVL<?z-kad}h4{X=q}c@kbCj4E*w&P<
zMA!7Gd}URvsnv!W)lP0bWoXUYumyKJx%Kd}E4Qt{I53jgg1&g~A^^wQxRkGL$(2?z
zriXxav7Oxd$J?&l9!GEpgkrpZ3UMhq<1R5co5}^9Sv7BKDPL|l)~C?9wFON#oxpp#
zybXhy_&$Y^%vdcdM%?Qt5M9|y^ra-!Jm3xx<H7nAC{LAk3RGKq=qgYx!2u!w$q7&z
z*^u*5fIrv-=hF*oH85Q_&+!-mcLat14$JpMLxV;DUjMg%yi0EDQ#<7;ND*?kqtl=f
zZkqlkhbT{hZ4U|>!2!aFSA!scJL293U?>woQkGVeTyoq<)__!9El(_D=ggM52UA}Y
zz0Gxf301%X8WDC#Ic!qz4(2VvIfpC)1IZD@q{KnEdQ1Q&*UHP8TyYhG?f$jV0YMrK
z322;aqUHg0TP@nV0OJNyu^uGk9zzk7gYGg8WBXEZ9$Huskw!%ijyNZfkC)v8=!XZ!
z85Efy6CXgtx7aT0#<sQ6O3zv;+i=_L%I&6s!5A{hJ|v{H5%I|_n0nfBVIG>UHJoQo
zgn%Gn?@Je65MZEZ1PLXz%DC4Zmy*~Hs^(*;uK}>b+6ONSLy5!7mX-}^TgRr;Rh~Kn
z1LR&*SQMNH2in)~3?4;_aAA5rTL<boAW<}w8Da)naK8niu6r%>J#j~Y3JV%x{s~c@
zxU~nzThMSGM;ecHfmuNuSO?apRym{G&tF&2hz+njg@F)E4kRH;(o5;|MA^Pv&!e}l
zYZC`oXRXOIV8XUZtY<KHt_3gbLfwDD=yVYX#tp<H5oBTmAXM;#>tqI>EY&NCY;gqw
z5jK{$UDvLo4#NP3Gh>KK@thQmdKP2^m|iR_qOR2;2~tZ1rYpB69vEXtMw7_I`WYvJ
zCuIR8!emJ;$8ue{-IOpGFx0yRF*&hJ<k%s18E15Qu`mx+Qz47%klR2R^?z?8vz~jp
zyj?FiOlPd|zA1>J@=`5@vZsP5Y>P{Eiu#%vXrd!aQP=8pqJS_1NQ|JQ(L9evn*xa(
zE?kP#w<+hZoLtP;85p=_#UZY9Pd??vZkf}<0M7a?PjCfoXsTygY}#3$oacwQ?uEJB
zF}Hi7W627pVgB`&H7QR{yPK^~<|%!*^@$t}>yx*A=AX&I1Y(MC0Dxu}F-_}L_1f^#
z+M!Svp$$1h;oik=y4D@k4;PG^KHCF{A%k-6*+t<@AFrb#<jZT21<AVTy?-Nl+ss$j
zmo9JD4V?jlnNeioy{nwS8`VwMx2+cEp=unm6`N+=i|n9l-7^%&1dIdmXc9xo5nbS9
z#$CplI#Fj8TBsDDh_ZFjdw(|>@`($B0mD6`=!x~LDqguIj2n}tMT$ca0+vNM4BmE?
z<6{Q`j1Np9Dn@3f3GoCY;NX){S_9V#fZ)pO7e)xpY-v@uYkfM}FhJr%fRtLHlrFTd
z-x(Z5s=_ZH$(3{c%SF{NL!Y}WM~?pCyF1kS6p%BjX~)G@o`_E|vC(13av<1p#KWGu
zPU{mheA3Wq&<LQRI31%Gp8!)sDa1wZq^<GFwtRI}Dpd<0jyd`$?P5FEx{I)l0%Jft
zlE6sMxE7IP9*a~}t!!P+AA(_U5W##Wy8%Hq4-5tjXSSd>)}I}T5+|&Esl*40)%@UU
zVX3MAkBRlE%hw|Y<3KW+#z<zO5|zABRBLKwaw&fZ27}|a*_GSP13QXpZ+vjMFGidN
z*=mK46sx&`)xx4@InfOWvPr<r{+$@uj+h*q@fQ=OPSDCC491$4xmFFE47?wL>va{U
zV++D`ki;0clv#TCp@-(LyY9LTq3bA8rIN8VTT;`@Mb!WyrqW{gIOqgP@N?ENOL<-Y
z09Vc=8@5+lkk(?uZG9rV$@<jFYUC(TZdxvPz;-ljI?nU$A4oWOfVM{9v&In$fE`uq
zQxG_Z5|hyrrBEc%W3^zEPA?S>LDg!Yw%2x;y8(xH=exxLb<%WCcQ8L1-~jql!$?L`
zIY|<o#r7c}T4UA8*_9bMj=1d(sC&u+cx!zpP4&CH-EeRYK`?Vj#UhD=a9NQ{6kBtZ
zZ0|~85duYPnYFLAlUw3n(7Eb{(e2`hFw#4Yh!Q_In2uy!m*X|9GBLL@1IIb2E4P~n
z9HIaWrAHBq#0~;rc8Q_ulezM0W~HzMi3G@PfK}Nev(1n4%B_b+h(gxIVS{moL^O_+
zl7S*dJ?p3g2l73Xt6Nxc79fIkwXyW`?;kg#t2`Z7a1Kr-@W>zxQJKB&y6af`n>vG|
zND;=il<P)vC0|nkPGGoK%q^4Uy56Kf1;q6+OnLG}+(VEX9>T3gO|E;s`|Qu_a@(_S
za4b)*cJKgKM(S3aj;#^}0E}Ze6GL1;S>UqAWJwIRZMC=vRZ}5Q+E6&%2%5N$<REJo
z8;bFPDae8{E7VCDG4q;OMoL%JiFyCoxAj;k{Jd>an7a$HqXotpqOyRY)CdT?R%D_Y
zW93?*XEnbFk&w=K%i&#&b$NRnVRq`|;5I0dydP+swU}G2^r)&jKA&Bu+;(|;LVz)b
zs3Kw@IRe7Tes>ws`Id6EkjfR7t>8brSw`J|o$J9$l%p8)fVy4YZa55sW3XogQ6XB9
z2=yesuh;Xv5za<=c^+tNU3RTcn+6OJ<4~o3P$KSaU%zuS6e&(8RYQ`BYxN35+E5gl
z`08?PbK2J~-&0uN2p7U!_riikv{jxupwaYPV*MB7w#U(&|B4))pb>`ygJDa50{zLz
zs!ZWIv`#^$m-2^DQyG#GvGc*)uQ++`=?><{0^I80?ZeZE$+4MC21UEfsMRw}*C*$e
z_jz}sTPaTP*6F(c96vD5kyH{GO^-t+-XJ2BlL<z3acOM{A{E+OD9~KqmD}S7yL-p`
zw;@U*o-?Zw5i^V#<8#aV%$cz(x0?zE=SW3T7)gym5=D>P5-LnEK^ImED-Z>t^SRbl
zr|WKe{GeNDM*8Ces}MxbI!X}aKAF$~R+<ALw2cL-L*=QfI2|((&cLMvRAmqxc&Ysz
zox@S2$|{>Wl&b;U0E8gzAi(+*7Bm7lOzV?PCd_ga_S|&@jR<Uehyq2dtsuvh(Xp-_
zdy7*$7z`u53G}5R*-}ZJO{L7sg#z!*SJ#G?3iH7WEB|P~;c-7`${Q1QPOXch2F`%-
zf$fMZ@fo<8MKHBi%SH;-wUEQ)2;RlEZx7;akn2eoM+KY%Q8|Xe^e8CkZg*Ktt4u8w
z4?#B!i2fiVVT<Q>a@*zYv4hp!lY={uh$K9_p9bUG)@rMAv6}D7?IwgRw*#pW2%LKs
zWaWB!+d}>zbe%yKEcY+B+`3)h0Z)0T+ijP(#|#Do2788)NeyK6GM`1#wd9qA?TS_q
zpcc&&D}g-eTAxl>a0ZAm)TIFsfxfVjq-{k?Qgux3UoHUD&0SYQSsR8CpgaK}fhX_K
zY<c1cjJRh$E;wiec<1?^f^tRyAy%`1h<iYQ>)r`uc?tptKq<yDF(e}L!ceBaY8Nqv
ziF{?PcO}1UCVmW4h}^qj{smjtmEgF6F@{(~#z0~ivKXCpmr;)CmC_Pw^(v?<h{(DE
zf;91ZLz~}43os7!CkK&=W=evrxI?j0jcF5eEBl+zytI?spt@b&9&;GnKu;otq?krb
zmOWv13B~ksaS?U3213>$w{8WxE4RlDj064YA@s!i@-mIMtrn7MsFQOm2P}EC7u5ku
z@p>$aUEUrOaLz#~Fw!%QxRP2N?j;p>xk$wwLUkF0so<Wy^se=3bAW?K2ceNfsiw1o
z?dx|A5dezCV%pG+t$P>NnCXT`0sHMZn)#lHWeEy0UKz~HUFBGgTD*m!5%>Hw?1zT9
z?%83>%?rmi;@**fb3hR>-W!9+sV7@Am9eE<Eo2t5a}X&42le1xQQjTEPXHK<W2|ok
z5fak`KmP&l000HcNkl<ZN<4~`NQCL-!UD>*vX#`cS>f%viJZ7#9N0QEji?xzWdh0D
z*YkO#bXDJRU}>*q5C?)5SY6(pxG)T0sAm*$DPH25*VS6&!t`SPAS(4rS8g{UI0vQ%
zrxBsbfi!K%ZLx@yp{rB-7k4)Y5b^WYKi4*0>*830afXOYG1fByfs;M{at>))tjz;P
z6(Ax4*O5&(ZG!dVDFY6YngS7&nP_@&Z6hg*08rz#jHY37W~HKmlZNG{$%W3=Ejn@A
zJIs7f+<kAGd{3b?T<(ILlThnZv*igVy!9yv9FP?eBbg`&g=YZZ8YY-vh)el-2<}}J
z-a>(Dy4J<<g28}+)G*SqOpyriC{iF~$4Y4)Rn<TuVi}jai|kDU4q#$n3W^w=8;J3o
zb9k8}ZE$UJ|I!}c5m56_S8h*y=nNR{8AB#9m`g^z0SN%IW4SPoYMmhw?aJ+D#Kgch
zC~|ZbNjQoWW4y=E^~u@gecsAl-fj|bM5HK&d$xcQp-GWq1k*xo5k#+p+qvIDNo}$<
z<S7D@ngFB9{>d~cY$RO~03<4n7i!hmTCrXO7=b4!AaMna2zog>blq!bee&$O9%;}B
zr>!B@C*#Bo8gV$_9C2C1_Q4bgB_5w`o$<-l@*--gj))|7qdRRfXoi`uWH>!qpa$Fv
zvS_7V8eUwR2WLKy+%9i71sDT%jP67_nwll9#E)Fi#tW5PI#*mVQ<Vg6dUSbvBEv9%
z;mjBYl7nk_7<0JHDT-I?1ygQ$S8g{OILyth>9L(iD2Z7Bx>F`#yr|~mYvrsN(=BYS
z^?mH(!~kPJOpal4U<W|G!GE4uL%N4m2T64aJnWo!S9v;t!A&DeW*SV09{^x%By|x0
zWG+n4Wvf`qRTyd-HxrjoxAJ7YIR={E77ojV&6@{|b^#v@$8FEP8lZq#{}Fd6bu^yG
z-Djula-a3d$$!-pU}AGCP&QN@@!>RjqM|AbvOD(y(e(P%uDPdCtpbLjdk?g7bPuwg
zz~CIv>cBv12uUTqoJ?Z1QO3t|<<<U|=AVbI0wtn#ed;$67&AxG!PF>XlHjp4%2eF3
zkUxlpwS%bE0A19AdD`Xk2?@>tO*8X@#iiH*T-KPh>qS1XT3YGbv(S~>%?QQ-5MVGl
zf|x9L@(c-_OwX^)VsY&tDm6e8eZ1|?wI?*{8Za@CKw8PDQHdXLuMJb2Ptba<hZObz
zMy+x3g99hU8uDZZH$aF8O&$anqx;+6us(<YP}eani4tCO`Va*JF;gOSpk6Z`e)cIO
z^OPB>58x~;H<d#q#D$PIp6iTCw#ynPO#_v4_Q|3NJ8tDk1l_<ZcWwa%7F0^JaqIHx
z>S{tWq-}9IiA#3A4zg$`k>lL~U=x6I27`0Fa@)nw41EtEIc4R1eOxz;fyv%&xb!Rn
z$>uG$XY4LcWEjjqI^KgmWdN$K%|y^}6{**aX-SrF!PIM^8yYC-@^&+Ub5n0Rck(r;
z>)K0j@m6QX7S37kw!UeIXDg6|E^jvz3`0jI*^9K)2hCvnqY#|3nyQ{Ai4tBpbrB3h
z2c-hKbM5AVsvCIKX%~V(SX60kHIArLCe+mlN|3I_rhs7uoJcJwb#bDBa2<&DqsWqs
z5@QA~x!nke0FW(fr(L>p9IxBn7uiti8-oqYK75quoe+pbV{|o_pFOm<n9ZDJ4glFI
zQX;hNH@xn{xZ%S8!n)gGn-7FgD#{}Ah1`pS=y$F!7s}(~gIksV`rBUyCA7=iO$bSn
zXsJ@HE|m)VQaugc=E{ZBUbEv8ocF#9S$7+IbAk{`1(9N{ocGA>e6cV&IkH{;o9q4;
zBZQ*M+sy_7NfK$HTqx&C`F*KWuTxT}6i>VGv^U^_@rzE%HO9#gf=Dz%vui7}i~Gyj
z%oz<u3R-b8KDa|%iG2>{#(h_AHx~#bS%g+8lu=)q0fsh|`u`8_GD;Mn?nO=j0000<
KMNUMnLSTaMT%>XU

literal 218369
zcmY(qcR1Vc|2<w+t5#8a6~(L6s=ZfRs<n!uMyM*K_NtM@E-g}3wS}s!M%9WETPb4C
z#3p7?BZ$cN+4twVe%JN;BUh4V!t)-v&wb8$oIBpcNRR$H*Yzt`uFyZyzyI{g6$+~>
zSI7*hDS<1;mDjd_Co;dMdOBAshj=!DH`iRW4YjXase#d6I8p%bX}tBV{jOYLXa4sf
zbAgWn|AJKb=)Si3Tl<|Him;p56Xd4xp2y=-)A!93`r*_90$uvlGIEX0&5wP8g7AwB
zWIDGRLrb|IJhwG?ymo;Kc3#h!2~y;y_SoBl;vu=JS*bG_!Ej{)*jPkvjDG<_KoMYk
z63~;2v%`hUQ*sEA7!-x&?Dit9gZMCwTW=%qWkb%_ki<)>3nNL=`8HN_{#-^QC1q~0
zeV<=*o=`(Xp`e!scuh#u0+d7#A?!|B_EZ6X&5W_S%pvn9omHXWYGD`Ns}bZ>myb7a
z-h_iqGq?*1o<pQ>AvF+4J)DSxi{`%s{?nYl7ipT1%QLJU$o5hYW`bEd>1GGL3_e|5
z600DhHq{XU&bJXO=U$hW8$Eybu21Z14m<a&PgQ|nEM?oCRqBw7yfGB=;zFn;cMItW
z=8V9lUuHq+{a4O{Vka&^(BQu-m}Vgcy1?Afee{2@CM>!Nxk9+i3B63D{MXzwUTg~r
z8hS|>gXiMZz~?{5&?%Xj=R+y)@Rp>@IVltwioMNmap58h>H+CgminU(C+=f{WOR;^
zy}RYxL7D0o6pNDupvC4;<E5S`_+k$+4O^szPsb@^4pnyc&J;;$+Wd9jh-itU(*r4F
z=OC5w9*DR#htLW7vzwK*@VSw=af0bZ@plaBDK4HA*z9)}%#nKT_=nlEVM0iT4-YqH
z$lo6Q(LKez+bd!;;<(V%Ih*RbH#U@`O2SVPZB(JL@TJKW8!M8R+ti^KbxyBTq$h?X
z;?zWe=U<3{lipG`>|s=VF1IEGb%Hy=2s>nG3&9wv8KY_peOU)WRzf>Rnl1!4CW&76
zl5D)O2aNkW$|1zncg<6+P0wsLj1)UbQmxJF@m1jc(<wdgs3y{0jZYG0iTyzX4w{mD
z5vK+@xxsgNaibMMocLU7R(x4yGVcvNSneh@g7+SdO5Meyy9P*m=oOy-uW{|@!)RZ|
zL8uo`%f;@Rj!y7n957YKx%<6N;n<)hSaHJ@$oUd5?3xjCnZ5Tusa{FPLcu31n7IY;
zQ(d4<A4t&i-PO7*me$~XRi5(;y^U7VV^_qsnQIGH_93^njdt@lR33N~o4^oh6iPve
zlgg`2tn7jqDfXn%omb%ct{(U?{xUxD*RCRe7SgP1aK2ecKDEZ6?$H=#Ukm%I^zwF3
z&9lXoh}){#YEr$h4Z*yc-LDCL#VuEVEii4iY3U8qe=V^3q`G^}V`lUy;Uli@McDQ4
zfzay`$!r_KBeuhDu%g4}`F#v2v2&V^o;cDG)#=Hll=o&2k)IKCjwmvjZ_FY6^<S&P
zg;ByUz3JDXwLA!@%(Zif4D&fy#z30uT(+m}%FD&HE-Q|sHKiz6E032n2j}03Ywh=Y
zOnPodIf9HMmnc(Mi=-b?KXl8uUJ&P{RDjIr;W!qRVb+xGY$w*dz_<jfjrP7wE9nKN
zlks!&%EkJs4Ib3pI~DhDYddnfap-*aF!qA;*4g_n1taAn@4a|@KW-eZQEx>3nFrA|
z3?F`Q96mgB99}uhj}-Xru#xn~vvKGBn~OkhTO@%s%x{lY34feH6CWS{qp#mHOTi<A
zkg_KQJtIbWIS_)HeOiR_*eh)?3?B$@;d@b=NLf5pZQ(q)V+1THK|02fI4|8>2C47P
zKOO+rtL#dKV1>72f_ndbnA0pp<QGNryPq55govyQN@(yV5(D=Aj8-IKaV)ElViaXt
zLKRz^XhUVkZt+6r1h?hWAl|uDV^=S<#wG6WMHUPhGqwPaW&#<-@`32&>m%wP1;D2u
zE;!@G%azuw-e`XD36dk|VCCW|j%8yIZbzuYwcd^06I<7?$q8g{ITZVw?vhPVx-=rD
z)h(>ImJnYzEl|1t@VDR7XvY-KE}YdySiS3Qui1kwMH5uQAcPctW00!7;eTFeNk~BD
ztV=^xJ602N)emXE{4w+!;ni-?8i}-vE(lN*s(x#nPH+!UQQyb`W(UJddI!m=C*Z~*
z?wB;3DoP!UyibZDxMB8$ePJypDFi!B67@Fe#`Mu{;D9=)b1FSl65{s?z1dVuvT;Ru
z(oRVZgzWaDqCC}G8ElYqWG&r631~`t!q|4}1e6M2bJDz`kss2=1oSlV2!wTeSa7T$
zB%N)!L@4L`aFicp|CKK&2!onN3k{K#5i43}iI#4fI>Bf=yfyBO#}73{yHsn#-}zm1
zYH2Hoosm~5NNb(1pzrADWbJI9V0gMR#QF9F!*jYh7ysKl=5^$z!Yk=qu<F=qvvuT5
z|EKho-^Wcx>1mXQ-@}lLQnB>{In(%dG7O}c9aCc{y6~Y;#?x2LVl{oP(MaPX`zrN2
zRUu-s(IX`FCi-UkOXv77**;1{e|p<l$W=9Bh}u0iNC)bYICLi*<k?n*ufnwAiKS&a
zXULO!>`suyiS4g5z5Y5?>9gUq8;Eu0w^d4vYnFB|uic6$H;mj5{`&Qn|972bVd}@f
z=$5)vjG}M(s{6#4a>ffP*hYwPeN{B5)JaIRQq8K=$&NjhE7_t%;5UcCt=ByYC@_%!
zrtxPF@>g8G@>wR~rXRb$aZPZoxE*$JYBiev?5TrO((ow@o7Be}w>iK9zqx%&uAblj
zXh|0BowN@MAiJ=%5BH7ZuUWo&DyR{M|9hD5LqEegdo+%Hx#@`K^K)N@_YxYkb>7IS
zoHK?b@WGYg1OBOE$eXj;CUSO$RRiKnQZc({cI+<PGwQ^Wpmo%1m^WLuZbDpPGg(>r
z()fl(UemK%zj2a_Swmp<mPfwAQ*270N!m!R>E0NF$wHoxoE8^k_EEm9oS?=wU83gp
zRYN+&b%adjtgDFYrFBpYUjiE(Nv)32!ngY0sz<#?5R-lrf9?f^n8I=x4&SoaO<Se!
zALRRdJy_m9aBo{&G5B3m<WnWev-s1=)4Nf8l`g25e*C;qzN4kgQLDAi!Cbe@-h<)5
zGE1AM;EvFV8%tc%EXRvVx!4Wy#E-EFVwPN5&JV%VNLwm5dk>mF8rEdkRt+*yr1I5A
z>_ISI9<}My+NQ3qF47aCT=0C%T(Q9M;Y*H#gST;n#yedgcM&x9ax8E}VYI&ABWSI4
z6FCoFM|v;Vk=D|m+sWjNBCyOk+kyUjkE!}kGD_yE^a3n#|JR!abkG(6O5ZP={YhMB
zdtF5LXLt)zAJM7;wc5G`y%}Qsk-%iRrM>p&*zu_Dk@wD_uJ^$@r_$-crEYv_{9n}i
z^vjjS)K!(<)+aG$ApV#KQ(ts)U~}4Zl{UFhb9^D8;zV_vSl<D*+bwn~z>}QOUax#&
zR0{*74E<ZnH|A3q?hcig%<aW(RsA9fmh>9G+d@u&moyX2GI8RU&E9Zte`MWK>JZV5
zUlrjs4#^@|M3Yt_w-NjyO$t8=jf^{I{_M8rmvpb-pXY3h-Xu7$f0%23-0W8jsV9}w
zDjK!d8`tZEhJlZI6BE%wn6%5Wlm6Wx3&Prg_iif&3P9<4V_Bs){3ot3eke#4fp4Pm
zNLy<DH|Zs~OhPtfr`PzwvHkL5>;A$BF|AMiJs~}Rw+@6be(bwojjNf2jDaK3jCy!?
zI}eIKnrltit|`6CX{Zk>E;>4zbaSf~?RPpx{&;9XC8h~`h0djk3MC)iY}_Q8gJY4z
z?7a*tM)+!~*MYX}GdFA-3PM3D-uoIJc$x`-VW<bHnD52^#8?t7G1$w;cnnIth%n@a
z3~lNixcG5miLgzRkZ8iD5c{%>Jo_caU7E1%4R?;A$Y74eUY7msDe<K~EO==IYqu!F
z2k%v4fcgAVQeToe-#?}OnwF=irjr{sqBqQ*8}{hPYy(DT!cihkof~$XOiSs`u^gE%
z0wVQsz`xH`9(|qLOM4I$wmbaxKdT;t2T8(--&H1={TKakT~1`dI<4N{G&h)oyFcb8
z`~AkQ!WYLXsa0MNTMyH~_o!j}7okUw^xno{xr=#6xpE;gS1%h|*%vRBPmc-XbDFj@
z&to!BUeLkRilaRfN#)bC=ruiL)Px=~!m+tZyHI}o=pOfrah{aKAJT#c_spL<(3^j|
zCy?ngo?WgJ7i%ZSto!Dt0?W$Bw|yc>l{3~JhrN^&vf*3`Zk|geu+4e=y%IuR!Int;
zCC9J-++@@9`TU}L!auGEWc_;66tTFX$6;tC)A~iE!aLmdmf%gjm*iin<?Q>UmNMS7
zKD(J{NhyEIRB(p)d$kkVP4VA5la<tcYe;T;W>v*f2*Z0R4cZB2srHIhlmn(Ot9oNN
zZA#Qj6=Yq4^0XPMEJrL2%!Y<mzKLLU`J&bQxMlxOrSSM=BfSwq=7~Un&tJpw=2%dX
zKGB`y+egYNX?=mjO2_a|VUYq`EOf@#4K+8f4{EgE*e`u_Xe?uOOG2aDB=YC@=vdx_
zOAFoeV(lzcNb@89`ZpgQcZ5Be4@$(<=Hz=K`DXR}pddPojQ@Q;zjz*69bO^IL~b1?
z{gM@fl_$gL<qUE!9XNEqiSytX1#&(mF|G1wr(FA5L}v81>IF56dGlz3sl|<;LK-2q
zPIe~0CMH^2d8vl*4D73pA=)g5KW72ee}9h($hF_ta(N!?>l|T-WntWFt!GupF^rC2
zk3D=uL8%?kyjnkc;+K88*H82(cqNr@#SclSs#x;M@IohWEL$2%9T=!GDWG?lX(Cim
z7ag<@LR6ijFv*h2ewq=GgT;Puc6bS{7t~G@x1a0NBy-=c5|vq@E13{2;lk{Qs@ttT
zS?yQ%3rzeiIgT0+@!TfOdxs2md88>;A3Dv>Y?_b^R7--tr;g3;je<MYk!qftYZ{LD
z{-hxb?5}f#F|YwAYxaV50+2D{cp6b03mSj}8+Xkh(eH@80kBIQ9BsL+(ZmmK5^$HR
zYnf(w2DfGit@Mnd$4)|!asi&g`5MjNHS3GkW5>$(_F8|jKFhYd>LGP3=WFcYJhyt%
z4>rL7P?OVST!LdsT6vlD{ofF<=9CXD;cSQv$cM21o331BKhZKPbmy`hSAIDMto9&p
zP$_Y>weX~XpoSlhc%Ej{QQ=qXfDIl{XP<2U(Md}wDw1h9nR-W@)=Q~&{S;Sj<8U}r
z_Yjv)`=6_gZBx~`SI`14Y3<;PQy#ada($qsKcsZScA~(KR8>Mm6OkPxIv>yhfX0@@
zhABu60fE-VWi`3nT+a=t#;$l&pG^P72q~mDiOTrwlhm5ND6zI;uI?W{J3Sr?-akET
z)o1*cmIv!&KSi?>Z=TEMhRL*bxptYRB%SIzR>zNAq$ED5Gkxunp18!>J0+xaLf}jS
z^JnMJkrH|y=vwj$#i~G}c`R*Mp805nw3~tjpueTMOHrY;-@Kw{{p;jGnkj=*l?i(A
zKy4Lqf1Q%eSxU(H8|jP78Lsec)x`#>Nf6X~G&A(_Q<h%GB8jsex6@Ulsu4jmrx{zh
zEv2*JHvjUwe&VzH3LUo{-KAtZD8`=%z4ZJ37a@M*L7YhTi1&kpSK{vTJ}+2bcB1B~
zKTmVVO(=jb6x)5~=;R0og1?<s6zZKG1H?3GM4#2EFo|C`K|HalB}2@S-lCiS?|qLV
zgWuwRKX8@Z|2S&mY&elRZqo9*@}+ZJkz3OmdmH1y11qxt&f>dIUu`P?XLwhc%AQ)@
zy1YV-F-p-cvM;nXnu%Kqyx{)Gpu_}@d9{;a?v87}6ZC~Qhjxs?DEt|=Strpw?5iC?
zjIy%)G$xKCV%v$%hVJ6(1Fl>2n)OEY+@Q|k0D5FXvPfjn)aT*C;R}|Fuk1fhuaSrA
zJmxiMb9E-u{SZ4T72ydMIYD7d=0qDzoB0)X2)P;?)0?I+35nfa(1TbpE^%c~!~IsC
z#~PJ4E8Z+!?}guD|Hi(muO1<6oBtRsj<f8Tn51)x^oeN;51<g`&=2@F%PQ<(*ApJV
zDLR#wCGG0lF2a$<rF~Qg5ScWt>b{3{w1$pHOUc!@1K92=$*tf^n|tYQ%+}5|CU(*e
zJ;{CRzZu^oz1JqU5&RYIvlcr9ZYGU_RVa%{NjO=OJdVXTY?b4Yf6{czy^*uNk>FiP
z#Ier~9A(;IjCr`*I&FeiCtCf}3}1$Mq48S)O9}ZWiITiYhC$zqSHHO9n@B~3!3@Gg
zG+`9l3C?!V$H(`lZE3F-B8Cs&f~>q9RPL%OGrq#{A`2EeAl5PG8O)TT7pQ@6kIdNl
zGH5<94n{KR#p<^F`PwH|5A&!}nW=AD(AsI90OOF|V6|L?Q)N=3O0J4#c2oC=a#_%<
zo&WaAv}Tsmf<{x~EVw2g7kch<1PBU{jv{5WEU=YBm0MLv+(lzRS5@%4bqg5;w_O->
z9dagvL0a8e@UE%`<9gAP77gFyyjuXK3{K0oPX3BA+mleg$6mz8!zh6Y@)-b_$4|{s
zpbgVronTpfNiRwrPon`e!{0t*gJ*5yS0EJz@ni??g;AhIfNLBBlv}L8mZmVNd~Wji
zd1x;>rJhhmT21f<t@0(w;_ap&8KKl42nM^wXkBQ#8LuCzWSr?Pen9gcvEfc=&oSF<
zE%zUFf+*Z7w#fz3FSp_IL#i3^k<0EU*w<!krF9HlZ~)?E*RWqt-{LXN`GF`tOer{=
z<@MkG@nV6pJBZ?>(GzrYoM@!^Y{6oDMZ5+U(S>V0TEMj)qQ^$|JM8e7QsNLA07xOJ
zsm>iU{t(_hDq4mYIBlfMF1$KmzrTHt_E?tJ3cbp2JT#O}Ikiq^n?Z$=N{kYP_ldAe
za{i!sXkwO-`SKGaL9}8-EO}7D?bjp9JJVT#Cq?r&*y#c~q*MIm<uDKA3?@*H8}$#~
zd4g>7ZK(1?zw;6fZgS9@6AtuTpKxp`F>P@$zY<FA?7cX^GUK8qnB0cM2hIP+3lM*R
z`re1l^5%<MS(KFaSG{yjoG?}q%DHx7FsTRkU$k|H{fvcIp2TQMKA}1dW4Z`*JU^bJ
z>M_5uHD*x(Jx{H;AaAiD1yvRH7DIj>T&J@SVw$bgpmH4FXCAC_xcxFQ{#T~Ft;wBa
zmWba)+)TpOUQZu5C_Mk(CDyfcqQ8vMnnT|-As@F}-QL|c8399{mk^vB=3Ih?c@=}=
z?7i$0-4x6QWlVeH1$t1BfU@Wwo1_;1h+B$QW~m?NKk9Y}&zK8~RUq1^Z$GmSzY?6f
z)qj}Hip}R)Za{ajA6P>eex>=8)VL{Fq9W7sR+no{-Yi+iS%t8LRB4cRDuALO?nB^N
z@JRBN^_Ip&TSZ{Y#R%~YXh@Uw;J7IVQ2{TY9onGqzqH9<)Auw~;NX5KGugMMi}#ZA
z|780IDd?u1KAi$DJ>DVH=D+s@;PQ3L9Fa#QRdrQS1%xo{zDL6z?0&;u)pemK@mj*Y
zx`MrZbmp(BU*sEbg6ygVc{*4Hd7nn5GF9H@sHE1YSzqd>vr@C2A!o}slBCXbFpDbv
z+Z}Qvq?Ey2eU2k`hd*4~UG2%d`qosk%{zaV*;<>bHM{plXxZhBY~2)x{@jt_wYSFe
zFInf(>q!?JCA~eVg!|7g=Xibm``-_likB_C765sH-o<-zA1N_jFk>!}*LQGp0R0v<
z2XN&X-jHO0_b?RBBE4=xiLwv<yS%nK+YZit8C^hNV&Br58pla{pg7V4ysswA$=t2k
z8*SaAIhJL8FLs1<Qeezg5OU@jc)~@+&&xv{Al0yDDc7{7frlG5O5prR6DymQgy^kz
z^Wx$vdWJiYW}VjgRt6RfR<(Bv!Ha1{UcZZD+4Kitkrkn3w49q7hoB6r<`u}z5EQgY
zs}89kr!m6Tv&Tv1$6yp0ANtUqy9r{F2kbDh-*+vc%ekhE*0>o}p3IzWV6RG@dyR*m
zpzH}2c$&@DEo4XqX&zUc=*exHkAv}IE?wka|Btu?k|quU09C1p7d9kG0K_FIHT0#^
z#8zuYXvZ+PUtJeZA8AbxY5Ue91m&v>_I5F!Pj|rEpj)Q9FrCIj8giz6>JmBYe0umf
zKRl^pw(4-~{g9u_@2R;d$FFmgSS!1Rf;qfpL^t^Uajr>ky#62X7}N#VY)yzEAZFpu
z)-BzU{_qKiKXUXzzj}Z*E+eAJ<)l4c+H-E$0$dy<?Q1MLpw0+O%B4vwzLE{UinQk-
zGuB8=lnTnMxF$a_E>d3mP&{95-+xde)ahfs`)w87sq}&W{NZVA2x73QfA1f|@fBP+
zIDxt@*&y91>y>V*1gpzkdW%OYT;+e^)TdoJJ#MPnHuEoA##t_vWEmE>{7;W}PRoPL
zV!yC&k%UR+ZO~y-cRk-lNb!SGv(U=cE8u7FsCDrnEe>~xUG#f>X~C?QpQ`24Ze?4A
z(umOre$+=~vX<VB6P#3j`amlYnJyP6q_9sZB(Xx_4-(|}dpIFC+|tXrg?;{U?tRzn
zN5YHOU&LUKt%QyM-=&nt1`_7;Xb~KY-gRoPPE6y`RL+&FA2%;7<niKyo*3&beyR);
zk<v+x71KS{HNRgR`OH`BRz)cy(u^-Zwv6PP;`?VPihuc!5|zedRD|NwFIFA-MP*&?
z2iE(x{%i&U!t6N_%=#lSF1KFvz1~1v+&lt7SrL+|2f<@C-2L|m-H#MsdMtz#G%z-)
z2Jh)}w1(c2Q^!OQxs_=wy?=l?$){K^e%#-Zmi87naw!x!bq-|}<*_{Y!;!{AXJ>iv
z;am*jxbowm_f%NYwWDn~MvlOtn?}xY<1XGX6V&<fg|33%-Qkr@?FI%4p<7Gt--i`u
z>P;Oqif~!(nMEvz;ET7TKJqtMuJh%6F65xn&`27dmVfzJ;|o2tLjE^`(xlw{i=Azn
zt*<Prl*sFm@5*O47|wLZ5$N}(hd-DrB^w;fk>lB>yH8~)X|2-YL~aBnw|RHFUaMJd
zn3TEsLvrypc|0PV3^0bIw{&hZ`?N}$tAMC<Bqt-win-g{zO^bPbC9i^&=H+~&(80r
zpDj;@zD`>%Xn^>K^<SDw2V!q*_<!T3jjS66&q89CHFiaJHFs;>@iZzuMR;aCyoKHl
z-jD~QdsB~o|G+=r<{iD|rOm$%ir|Gk{2|2@P=3waq)Wfi6^(WxcI6HROV4V155S)!
z03$L8=CbspCIX$4?-Ck}gR;cA;8w2b`hd<sYdX5?Et?SaP9n9x=8n!)n?R$@t1N*G
zQFo{ww#N;UTgvluf3z-vHHn@aCudPUfv3yyh~T&=!6~7-m=7M)w|{34eBn9G3uLhT
z^4Yz9uxgQB(!39kZDH@|2QaS!Isoob98Rj36UA;^1jd|cC}NDqpqnkr8ZYEh(E*^w
zfBuSUIWZO>UQ~FdBYXRrRV#e(t|(q8d7rjU;ONCwIgMGahkF;)MIx}+kvS^Jq=%!P
z6hL|C?dO^=r*m}ojM~w%Z%|sU51Xhk#pq7FHlk`0(hW`o0N1$035RCszVk&!?($9&
z*W${iP6GpX2x)Lvw%#m4vuI9AT?IK7i8RKx4ycFVY0B};W8h9GJC0=lyo7usmT_6U
z3kk>~RQfWO6RiMmY5=;_Dv!UdRX3LCIGo!mtsL)*`Urnlxjpv`u#|~xfqyw_b_-JO
z;r-P{Q=R!Dogp3V;8s#BX@?`D_d`++fSJFJGZr$0ip-)XR3ny)$ux33{kKiM*C7ul
zAvtre+ZTFa#RViDmrK<U<6))#9U-*dTU;`Lp#Y{85GK)1fZm;&fNZv^<4rJW$8ap)
z1PSqQS5!v^e}7qdcumXlOQ?vb6K+Pu+k((e<8}R5R(P36DAj${5hHWOrKh6`s}U&*
zH(^Q0v{z@ExtTKfLxbyOK^?!E;}JVuwTy}NQz6v+PQk0Z*&93+TCj3WRi`*De75*1
zVQ0f$Jb7;WdH~6u>F--amj+wlYC4lIk24EvzKnuNuYEwrq)F;!wXn8P->Wj$5{TfY
z*y5mhl55FwFkypBLRE15NoritR_~{JeQs^{uu9eo{~FZ`AGh0WYc%^8r~4>Lj|~w&
z6v&rVoHVRsN}3BX>OUG1AJR=LEY2VKWOhR*vD$*&S~nrnsa-!VI`g&uG*^oEeUJJd
zvE_Nbf};Jgvvi+-Kg>@`KMr{Tl0l#n@^@=I;Nt#-^B>c&V)0cD{ncsx)$~UR54WCc
z)NfghP5&t>Te_x`bi++{!nNe9&HeB^wHF>Gx#XH;^5znT6T&W>&LtU$X#nUr_wO4>
zEPuB8ePH!A)AUXI>;Ke9a?w&s6uWFW;ka_irN7fNlq-s%(tF)foFP>k&!E32TN!(B
z=hT!Qd-R4zb)9_=AD;-nrnm7(h_C0Yzv1>PUdmb4yOf1t`(@N(etE6%f76}sRDZV}
z8tA)NjppOv?>XNOI3@G#^o}vj$tZT*WHe_E_(jcEIV*eG_}4+WhVt$hZO5Ct87Z{q
z4eeHKFMc|VOLIMT`+ZMzO6_HQU(Bub7rJo|$7up@8dVoaI{elVOs1x@OdXn1pl&r`
zSvHz{*Qy%2cz;=lqrMQe()w6c{>A!-*@ahbvM_<H&|HozIgVJbUB=y~sx=QeJX8-s
zJ85V=m&<LyS+waPOLlS%(!s*StxBeXvzUJA;Nva#kdfU)|8p;H_f5bl-Gq27(c|H2
zKbosvSIqwNjlJOnV*q+=PQ8LOSHmPq{3Xd$cDAVt8W^HYRjE3{<uU7&R8*v>8Cb*4
z{CpLo?U>VKiCxsRdkAiqGC*oET7ME!1A^+|X}&jblI2)RZ6d)W^Gj!R!x_9DP)JkF
zUXu_UM1H+hwQj*5`F;>wMl2&ZVp*zBrov-OB^)*;Tcthm4jjLlrZy#IZEmt})y^)s
z1Y=`6>raB8EYRP>bKpLp3(k!RUI!o^p%wr?S$yd%`28=xbtBz&6){j5z<wHk?~Ar;
ztir=#g|hfUQW+uI9e`If6xUil>lFmgLpx0ZN~w`F<ZFD<M>*`J7xX1G_RS`tWbd!!
zar&9yA>L}bCu)f1OK827AIu+w=|!6Dk}Lz@r`v8wRUEQ^b^)D#(wq`ng0t~s!~@PT
z(%cNA=x0pD5tH%iNOC~ky&0A8j~@;|e$^!%Lx_$B$Qf@>j<&x1{q4=m{ZlSG$N#vU
z{1@h3Ex6sU$y;w~`oC1bRv4;w%#X7SYOeG@GCUl<gLt)G{;+{pWt?b=N5vMBoqwH%
zmA(%_PxuTA^d|ItgcY`ymL(zIAL;t^xR%UjmN6UZrjErsDp*YPh{;<}JT$Wq<SOr)
zc&7jO8-<$c0>!1$B~#m(>Au-kcnbSe&|Q&n(qqpZ+FsTA<88wt{`48Qr8};*i`T}r
zBQ3LC25a(CvH60`zqZt(rAzuk$aH)jMSo{nbXtm=dD%kE<gS#gzjoi~^EHrA>8Jm!
zu=;WuM!%=-k2$@r(a71DjNq6{WjlI4dGsqmb9+QyBhhJz^6x3<;z8ogX?O}O%Zj^%
z$^D6#z|Q-ZlUm&}H&-|fobKiwC{#V^CTx&5-MIVfmgabo+v4>Zb9E}RF5lL>RdN=@
zG*hSJyQef(P64H^6+eo$I3I3yQ`_XmjD8r3occPJ@U*LA%w*KHBKIncqBu|K=^G6n
zuJ;3~^f4b7gM0J4e>n~FY1Yo{=!%xp+uKFYNO`t=32>8k)olpvY&eO~ut8|Auy{;+
z@y@(lVUCf!&|w{Sc39LImvTIpa3QCJycU;3B!IRoPuW$$n|}XY@y?ufEgRkuqm=Gr
zZMUGiS2-Nbm$oq}kPI&!Hh(eqtfN(mIRGmB>U1f+w?};^zb`zgj+ZAYHqA$kV>hv8
zX{Fl~Y9^5{QyD}P#VXK~%d@Dl@9@A-c+yJ8m|5~g8)EvZn_Y)@42zqQA3$x`Wo+%V
zBo&;^o&O`-4ik!N4qtjda^nRD$B!YWHl43SORHB)6WR@!gDV;CXLp7Nu(dm%Ha$;}
zzP(`^5U2i(J><>qH6iaG>fU~+W=vXrxzJA+mR+OTtYA8;x!v)7Ua;eE4{rF}AynwL
zFW!b5_n1VFmulW?RqlDlXl`ttb_uLEG<3V3c?&XKvv>FhVXX94%4f4RAdCmoa0Z+A
zBjq%qh>94!VdC>xV8v}h0{oF%6fQW$SC@XkQhX7qeF^XEqd40uBD8NnPB$}$Uj=b<
zAWGTkW@fq1D>l{Y`W8hVrpSMF?BWJb`De+z<kmpei2Bc9XtuJkDYq?gW5~HOgcQ*d
z_TA@Vrt!B=ZAhNV3;bqkv+>5H?r+r3WS}4{wT+BAWS$7^z(G{pkVl|@B^|$~-w~(_
z7r+iiZnf5(D4JdvcY>`6sH{4;$kYHh>RKo9qn~^R>6lS2Cc<h=Z)b-JJQbik5*(P-
zp#y$KXqI?AwO?R}d4Suzo@o3YuvbCLgc1bG4|dG4i57i=KW=*WF=-m?>kS_cF8g{o
z$BGEhA4joX*r7%54n0QufKK-+0fHiPGD<!Mb;l)NX5qvWh2No_g7{6*qQAk9clGcS
zv&OhA02(!K(x`xVmy@QVa%~3CV@|<@=L2C&kU4Am$0wkv<Dc?)6M%yS0Dd+AU2p2(
zzAz4UKXe6ONv>6n;1tEEW=??^z?^g%_;ese9Sg#TENoceKs@h-aWO$|au%KP48Tf7
zH_iNU00_U4eAxeKVFuisA1c@#XG+926|?=c@HJkL&k-qYa(Pn~KETL$luj;6d6kFz
z3d;B-R&=UFV3M2<szd)H_bNirbd-D3>8qR#JZ#b!u%52y-A&ZC6Ow76GY~}tO#1|>
z?pCpEoXp+%YgHH%V!JyHLkdlbl#S|J^rj}(-sgqtgb1kBgkMVUSe6P-A*fZv|1+F`
z3G-eXH%T?LSaq|}=8kw%c3rww4KaH4b&{rHl#7dM8^7K;SvD^nis4u#B-n$X^KX_&
zJKO|-n&ezI46T04FkFX6i`2q&5}Wh{-kvF!R4=Pt6R7Cx=W@Sz|A5B*N2Nl(h`9UD
z_v>ZX<)2&YnrM6coE=e+9g8niE=NO6{pU960yHh|4jKpBzL|z$KIp8Nyq4EXO1#gj
z82=`Ft~aC7?G?R6w7hu?JM-UYyFx_vqT$5ft{;AjUY%Z>*0EJ>E`8SX=5}E{d35s6
z*fZV=<kAM4r2;RrW0|StEv%hV<t>tfv%l&mH;LxoczT5<6HLc7q(&#fmJ@S6W(G6o
zZmqdh3p!o!ar_Xg&Z4TpQC%bMzYq@U5#4{BVyMvdl3SD~;O2CiREJJlwl^);Vw$oe
zeWTo_iO9VEiZ}<C?eKka+A~ib0mC3o34i$G^tmr5_2q=u5BR92reQfupLqDveq#++
zmGpO3ZZA3gCYKZFea7n*8QLZw75AK-hR&RFkW=3KsrEjALA2Tvv>cV!4({5<_Z<gk
zTiuf3D2v-TJeIMYkR@k(dS=V3?Gg8qOgw^VsHB@()rO^GXgqpYR{qxNlYkQMO0oO=
zrSx_RKV!7B5ZYB;4ER};`?C)jQjqq^u$Q}^)Gg~Ym0jI~Hgcw!p7Xdm$yo<nA{z<U
z@LJe}_d}XF<+zW0cp8jL*4&9@qp^Nf0E!9FUO{NA(mAMi9qEVndFpY9j9muYV{FOg
zp<g%wmO|?fm$&eFp`8wpB1RP(dL3hncVFggv`7JVc?(67!vWS=@$>WZq`{ruET{wt
z8fZQ1<_Qg}guZaus4n0gSAIwM{BU=w$@rHTo+hVUW%Zife1qoRbqqH1-$1fF!&;0x
zE%6WzWOF9f_0oqPo8#>W@W5S5OwiH7R_k-Zm_J-(ToRL32XB@FfCnO+NVvbB;kE&_
zD5*s<9kpi~)wN8O1-`Q}a!&`9NckH7>1kn6RpWA9&7J%QptAs(3b@=xiw@MR@oi+A
zjwqM-O|Wh$FG?a%!v1p`bme<uTRz@NxKp3v02oWrA#)H0>y++;GXsR%VNqED;GD<R
zqEm)uy%1i5>N5B6Z@!_&HtpY0d|%Eu6U6__Hf^|%uk%3Bp+^S=@cYC%gmI%Uycz~m
zu1AyS$cm|u{3{WHE%Pi0RO-G*C;)QR{F=C*IG^|lpw0$-k<~E>zKAQ%0r-@}-OIxP
zz>`MI8qaV08QXmzBrD)cPh|1(O`<#I^g?)(`pueO$5!T-nth=N2|k_+*t<tL*tU3$
zEAK+vt9qN;$J{YXeZ{{;?=xx}$Jl2Zht6#XZEQzEcs%?*9-99N_rGUynBJ@eY4udi
z5yX$&L9Bcl`CVgD151nKF(VK7RY=afN$LANE3Z6JG8?8!t0KcEt8!f>-PWUOnBjH#
zFy(7{Se5>B0SQCN2CYnSxz64!>D(MQ+K;p3i~gE#1FPM)db4I%S++<4hLdlY=od<4
zeD)F$vPs&Q($X7>htlS@foxZ;b$59Rmfs)lY(1NKQ&7&S8*d@vm_U0Y$^7}QJ`lV~
zj8<e7FOPfmEvH1241?|8ecE8=5!(+=Calw84n9tE=OLzUoJ@_>eCf^lsF}47n7zNX
z67ugSl}GnvDVm<0T7JB%Nfi+p?mVuq?%oc)Q=A>S_eqwH{{^6O*go6&Q}*9g@h}Nl
zdcFU2-`1PUKthQ^m_m3Rew8sgv#cAN6a7Meq>0C^j5!9I9j+63QERNFaoeGXNk9G5
zRr>YpSgsVar)3P&pR;D9F1!?xKAn~2HkiHCX*Ly+`snlC{SPe0FU|!G+qA3+f{>AW
z`yVW|Kpk&J1t2TN<BDxkeqEO_Rg}>W860l;r1Yf8jK?{L)KrOsts1N`{PAG;SaecK
zq*@@ZfG;RXMI<nxuj|3pUQ<pp7L9qilW01NyH<9K<Bj3@TUU)rDE>kGL>X4bie?$*
z)W~ePc@R&*XeEOMl#u>Ul~N@eMlpD|cg+3VLhr&Sl0)P7sP$I6A}K1y?gvn7*d;Rg
zmx+DWWTCQP5Y{5p4d$Z|C&M0w<u<!)a`BGqw0LggGMlf5f7yydyj-d5EbAhR2%84B
zXubP5fXTC5oF4krz-lop<&RaSYzzG6fLezy<F>*aUhl<%SK6@8566Hx-U=MciBGZ>
zCTJbmjLQO`#B0F&Xki3ALF$hs0VzIcp{!Dk3EDEtAP_H}TX~(Vctv3Kt-Nb}lg!a`
z44bzOJ?|Gez#itg00Dv^`1adhGd`~mt<|UMV))9R>u!JFxR{Yc>#h2j!@dV!fLaLA
zL%TnRzxS$F%)MCv1{4VlXli7^-0S@R4XBv!z!Or=zasA_v>AAWVuE%dD()mscK~+)
z>4&KbzxI_x)4Z+Skor9j6?-xqY<>9o%OTe)^FKM|W>g?z_pAXjOp8iPivONB?=#i(
zj<;6M7v`D0n`;FgJzM7joQ`}O7$JSmeStmR6KSW@YtTNj`_lxbs>jR1>Vi`}2ZUS>
zVaOLYV&c1`k^F^FL^9ZQ!EL)ED}bxUR0HZQckmUSiA}{3!gx8jMf2_T+}eA1xpuTr
zmCk1@GKvtVmb7)S)(eMy00Xxzk=(TNOC0hD8vg$0|KIHikDzJ<U=)4*WRKsyES>^F
zlUsnfa$~jCX*Vc0bf*pk4_$tXn;GW_`GFpzRJrSMPwj1WM(BpYBvt6_P?V6}6^6h_
z5G*jVm_G=pGreEW7%@qqSExICnD{Kd#i!W)?`CEMQ7fphP~6|pBxvNjl;P;a?TOu>
zhfbQ4f#W`=-m~|G$3?{Q<(|g>%q&e9;u$en`yE?0Ywm$^95iR0F?mpV<7<A1wMSX~
zVhO#)L$fHow9H$HoSJY~3hz9jws_qBVQW1>1LH8L4n0W(mq5RJk`nlu{6gyPyvv{M
zx*3-lLLK=fH|Dx{u$hFugWPip0c!W3vnJf&A7oa2LvCQ%r_4>~FEW1@xjf&Pckewo
z>;^lBa&Bo*uWHPi!lEb!Wm1OyRQ#(9X}S1$eJ@<qgx`d9D~+YIMEp@2f3lVx^LHcW
zx_g<VGVR(m$kl~z7Y@KWj#D(BC=!!5w>Aripm8r7((L{(zPe~j&BzB~5P*9WJ7Sg7
zc}I?Lt>D&E2R2d7PwaiN+e)9aK3%uy<qzi?OVT|$1>Z>~XS2?%ka#swy5RY`fGWpQ
zAxfc~OSeU6&}zCYfRB7C_+s>d8@yL)iB=>)(qWN#yg5AoasDO6#VAtWfkTUn!=cf{
zbtC#A9i4n-<EjV(ui~&kNoT|W8&OaNq`n?Y)83?$2`Tbg6fEMnF{7l)=U62L!6tp5
z)1jIfKXKqRoc{j6u#NEZn@rlc+5$SSN15(fLXnA`Nn%9%`-r9YN*~C!-v~YAVGd=B
zVkM7a^(oSbB-^H=y!(qkph&Xdo)1?iE4k<-9i3INjBSpfn~oB5Y;<nN$AIgi>|KxO
ztVGN2MH=<Uie)D_eb!{9HKlUXDrcq7-`-*y_I#8wH;5fiO`#8bpofw15uUy4>Hp);
zEZZ=|n#J|=_-A5ZD_g9=rY5h@apQzzqc_|nd-$yC@PqdsFc3{+#f0)ydqoj&W8eTy
z<uXFQkN5sU2>OZn-dKo4uO0q1I>F~9j%5@Y1eC)Y5K=dADR`d^HEn>~wE1h!#uLz_
z*$&dRZqiRo)qfXNx2U!7QLrBEg5%@7vA?f|A<iiaHbdo_S5p-upS^M4n*zd1n&o4e
zuZDeIv$(dF(%jDO28#gIFH9v-X+HWME@?;!QTR2;JnDa`IqPa@t12#w@S@S<79JBq
zhpr-S9ah@AbpI>HvyFN$Y$3Naj4J3!Syt}ILR<>r*GVr|0GuUp{%{t?;@%0}Y^?yy
zojN-F=5^t}AOycJv*`4D!jBUwK{EYBUYcPt_Ylj9U5_+{*(uMr7VfwVvj#_kGd+KR
z{S41@CtPXyDqqJwNI7r_1C*zpxcEaJ9VN{U2UqIi?P)KXdl2+Vmp1rzG-Ia+Z5d%%
zi38Wr>9pGadLr1es&*L-wkNEm_YvrpG=o6ve1|;4Q<p__bthv_0e{x(O*x?hFp%fL
z|72Ks)4OJ`@5J^FaBgVXdqB`JPF$9dPvlP+B!_-cXr1u2Z|NTh6T*+*9SO8vF}sU*
z*fsXT<*$5Cio$?9a0%ih%#gau)b7SSHXO`-=~)NDbBPB6b;aE#Q3?EDCiY)ja<F_r
zxNtYE>D>hu8@{9&0+6u|=z43*$sfQn_NpR&KGRL=sYQ=*`We5oNDpNj=kFO{Z*X1_
znt$8aviU}7oZ(gzy_zPPE!Tecy0J#Gp}br5qmchf=v6|=s~QqDBsaF>>VseFO<nvf
z2!*ro)ay2USJ@$CvYj}knwG3Y44-n8tQ37sk`U;%-Iobz%M*WUu{u#&AG<YSw14WR
zM`o8JRwHj-b;E;c=7~jS*|>@PN6S)!%+8g^_hq%s$S18@rmgasMsGkgX6Y`c7q}K(
z^-i6QKeQ}VdSsiGkct(pH_2z-y`pD;)Q%4G`jsVUQd>OSdsp3e$HcMk_52%~z%K$>
z-q(m`R})yVx9;CSEdQdY)8>%0b}sy6b~N~e%HPmfG|>bLkUOxd@Ro*hCxmCTqlU(f
z&&*}mXR1BdtVb^??M-gkZ=cj_*ROtgUZY@!(o*hQmR%J6IB34`ptzmtfUP=qONRkK
zIwcDGPiMt#W3DB+s{^Vu!Z#Sdo!T<ER}3kWJ)n5-v7@3igy;I83Ij#*RsGA1>@fZL
zjNV&&2~Hom^9%Q)Z^m)8u)h%DjW7@j#9ha={ssT#^BN$<rj#ps)_lW7)&Jqrsa-qH
z8*-$xy;(oxIL*A@r_hf4wz+^4+RE*f3i`%Jj=Z2aKKPJJA*D@DC0(tQzXXq4!EV=2
zpc#|Un&MlRey2Xky}x-^eZZ!xr{1gS0{vD7u3_<+*i2gQPp_|uuilLn|EBVE_pXuH
zkisjIl22Xm_P*|n*aW59Y@IjXMW!zLtH(Vola{uXk+#h#^SBXzKf9x^j@q)K#{W|Z
znIj!vrH=99Di@7L1Pk4_Wg0pw{TLRd_FGB4I=7g;)hPRO5@P#9%XMmn1M-OdJ;QE3
zIeT1#6>I|o?6@f|yF&BYm;j>&n;Giol4VrKc)6!&uc0Is-sYob<MbgVl|nz`y^ZpY
zgTsKi(h%bkg3AMS%Iu@Fs*nr8Z@u7-EzO{X{e^b0-v5kOU(m6p1irv11IWY85k>L3
zeWC0)Do(&&a%$tpRHbv#9$N})%?Z=ztu2Q@<#JPo;Tck%WMmIy6?1I-JhRs5^Nzos
z55IK+mjrOZC=TJx|MGW#-;SjdNoyMUxPtf)Iwfc!q3dy@)P?B(QYe@z6p*2wsyhXi
z_7J8RaEyT4Mibf@aJ^i0$cuQ6|DbAIWnQHb_EVj+3)Go|-|GtIqeCXqvV|eFY>&6q
zU7LTlKVIeY8!+Ur7_!P4Z7L2rvdAZdZ7cZh5c1DG_0$=7@I*^>2vfy8i|@em=fKH>
zOXOQzsoNiQpAMi(m4<6BBg*H0N)Fw@{h8&LazlE9PK|+=UaPsRiFs#VLl)%HZRMjg
zq|jCBGCk#IzYy5Dr9%n!DS1Ce`MEBcA6PyeK0hwSx|1wPs~n#r18na6m}ShrU(pzX
zpC>@m5V$kcc^9RGFGq$G9^$6XVNH7fVup1<%n*TgI;}zgy)PrQr-yP?tT$0%>yU~W
zcIAq)AT(vr-_Y&$`q)E(LW;KeqJ6bGVYMb5OW`s@1;hg8{fK{^;*ojC%tnsFY|pB=
z4*rae5I8ro>mE|0sD^pK7fOF3^Fzz2B&n2_=dk>~3;np(?#Ay_hJ;?r*}0E~=Izd3
z>2(avSqn2l9*yec$(c(TWC|MI<mxP-O}xo<o$J;yr)IH2tmdaovTyZ~pnApG^WE9!
zd)JSxcS*HgJGy=onWv~c?JSp=q$jb%OOH%^!tPy@)EFe)4cp`_X;Y%r{-bncOe6gT
z9^;@*y}}dCEY3sY*JB{QRK-ESzHWGwH^)ec6WT2oT0by>eIUxv@M_X-)fkd1vx)t1
zbVK+06dcsD+_LVt;}w-zT9N;r;Rd8jkU{>bwQRuBo&9J3efTWEmi=PTJbvmTh0gfJ
z{G<Pb|5M((_W9O&?iEHdc{AY$F8nSxnQp!^oNzMvm>x`b{nnWaPgGdsFWDrW+)a_D
zWZSNv1tza{AV(pL=3IU^BB}QDD~4aYJ$r?0oXBMxYaIFI#+WJfBs}(myH1BTQ{#|=
z%kYF@9nFPrC71!(MiDTyl&1F7(qu22&i>h!8MR*&B~}LgOUEC+Nr!<*yYeR^==>IF
zg4O&>dUw~D$gF(7=t8&LJ9-V1^1rQH(^({}a}*7jI7gSu8gfhwIW+2&-Q(iyg7<g}
z$Ejk%nLb3k&-*{8StX|3AR^NMzzt^d$-ZlGH}7Y6g~tqcMH)&PjXOl=w0Q$xQ23&g
z<kY6ZhbnoimLwoL$(qzHeKqL;_bGq*)itC0+N+fuuGM)evEOHhU)m?4+>H|s*=K9T
zRos$jBu2cA>c$4sZVw-t1nH@>Y21l6z-N$p4%VIWlD;ps_CRxNhK7~1k~cKW-huh=
za{Q~N!rn2IBc(p@&_-n8Sc*uit%D?4G!P=ORQEXd0#e0Nn1*v8(z}WD2LU@ea9RT1
z$}|K#Q;A)s>EVgP#Jta9AFF?f$$>szF~m-t7PcRqN)Cki9D42&L!vk>TomohX*0hP
zj;AJLpNnSwjjva-9{{Tr0mUL7OXW)vveE0@3#XcosMJ*tlzO+^G704LwtjUv@3P~X
z%?K+$0Y`^l2%UDxjT`HFZbsO}vBVN$Nt3huFUx@?_v=J2f;9499EhLM5IY&YZbjf8
zsLbV1RkBjBp7}mBKK;;e-4Z$-<|yIX7>(r%6oxC=|46zZEo(R~Fh)TI@MC{T&c3jJ
z0Y!EEGzR9o+<G`G<%^<iM7cwq<EB|@>9LmYzHC5r2h{6&y1xKpjW%<(dRrRnR|c>M
z4tHoyPI~CjiVt(sI|tl~jNuqGQA(vDJKs-1Xarm&>rd!7{euy`iLV1n=o)y^M5EL{
zis_ErY^|N$OAjr34&W#~DQA_h|AN)*YyQco+g-fea}#1PW^*J52uOTUnqC=v$L%&0
zL!>7QoO*}7W4N@rHuUSDC)4v9X0JykGa&lS;<2~3F?S1EcMk2(f;rEAv7iy}2^!V$
zaO+=r0Zpjp*HcV(%8TjIe*k`xRPf$4&t5=fCXcc#TJdRO?AF>zWFXf|Sqtydy1dlL
zS(68n^;(&8u9Pq-ISbcFxmRj0<RbO3++uQCTXQ8;u%U?<5W}RCy{>`N+xmi`vhuO=
z7SVCic4oy)OA83U+u-QASlx0%+Liq?e=Xxxww%beLKgw=K2Az`YwH3F6Vo3%cdv;@
z-}t)uo2$}@+AocDQwtBFN9@+<&Uwv<`hdFUPvw&0Bh~D8;Go|QR%7M~u=fBT;V>NU
zes+=U`@y?uLr!w=RoOzv*y4v%j<{D_S6SRjfEra8jaNy?;EIV^>VL{<y7Uvwen#O`
zPi;-!DCj9zd>B$;00>E>j_d=o0Lph<<!8nGQNPAu_kg%Dm#E?=_bsM}Mz>WZMES{3
z$)N)K1-v)p!Zbf`BZJN6MWPm7ozRlX6XRW<x&)#-DG!(PhdSPt1Xq)hB(R(pPuYgq
z<w?v~5KiQD4K^;*<{dHJNi7g{4vP0|rf$NBY-w006W*vZh)gaDCHEThN7`Qt2&<5D
z9`2gC&S;h}#!+VERKjdR{zy=lmG)V&w7EbH9bgI9(;Pp#s+$^aEav8vr(@($ts`i(
z*mbqk|7sL#hsZ>)j4f}~5Ouf11CFIF4uHli%g|ZUF;ynLXnf(&$oyH8xqIKmJk~dE
zuSTDG;Tgr&KvGN(ZJGA2at){}F@gH!I(JIq`$FbdUD+N#tHs8<rzU3YsiI1#3zy%H
z)&!!!kpw6FW9%|00^H2Owg(#ecl>g>DsUnD$w$BsnFzJS9TrYNXP&G9H5NS@0Bc?Y
zKkp!%hLL16X$VsV9Q|QLfE=ODB~AZPat(dI9`LGLqe@x0j9V5o4u&mOcul4=t0R{p
z-<D{Kv$<83GRPY*ADFoz)#l{_lbk&8pgoOzzXR0620Nf028`jOKP0Fy-tHVKrd|iw
zzDvMP4*-<QrTafX;$Hz+Pwgyh{$DW-<_nz00>d8aG<Bv5yfTyv;iaOlsh`T^s?%_*
zUa%Pe$}v3;6{=Jf*L`&5@!6JW(fzlF2eq&|3|MD{{j1+Wl~#jCRqKgM1tEGOm=%8k
zWdf8&A>b7E0|$xFBsq+wFHo_bgiL^4ntD?SkPhI3&n{e!xKdT|^;$Qfjtii`jqggN
zJFHL_Kfk(`8{+pLe*Bf?y~&$Ry<31D*~Ux(5_P|-t<{e11HP&QEa*fG^0)t_jT8D8
zRo>FTg91QVp>J?NEa>E)r~EI%l!_L*XmEiD;RoW2{T7ucA&*l6yhCA%{BO!yZ+zOi
zvQt8VO5tuBd+cBM!qUO=C)Y44PS?+P6hj~Kjq#mG5v~88F$+ck5#>puQPGeJSF88T
zPm1TAkqd||N)E9ujLK_?7%^`dHyVBx!By%8U_wo5cxDN+ThaU2EeaZWGY|TSL&J|f
z*As8p=pOT!g0u$B=S|keBlKLDp68a5BX_C>f5n0WmS%d~wl@}TvHhRHOW%t$MNFM5
zYeb!d2O)PCWnVCU2EF}6>N{PQrTh_ZNk$|1<#}nzjW^z31h`Y7!WGJ5_3xZ8uUHAK
zoN>ekA=rmsUV7?DQa!I}*LLqNo79eTuCW;y$z0q3QNSrg=4p*|X3nzjMUEa;RKMCn
z1LuFfeb(ty9yd{E;Hy>crs#fk@K6lPaZ}(GU(`PYNYd8sG5t?ECk2)sc=PYQB(2<1
zy;}`Bm3Q6=h<<YV@#v(lbYB1i_osf(h@saYHbm_$-rnD8fk5ix_`IYE-4dR*R%2YU
zf_#&?tQ7L=f_=x~kU3Oqqw&g9EvSLPZE81Q`_K1{ZM!8{;#7d+q*H+2JMs9q@9}x=
zZas*0S5yzzaGwwMd}rEwd?i)EKWwZhHp%Rh2wRzIcz*vC^3+?Gw<*QAeMDuf1pXgK
zR~go18-<nb?v!pR>5`C?PC*GlP>==zDd~`uMjE801nKT>5EvaJWT3>r0s9`lKkvB4
z58i9+J<mCJomz0=>dWfV>F-i&P)H%As?@S9m3*vbsl-eS3IOq-y--iQRgE5&R5)o&
zA=UlEuMkX4RTDQL|7;5jgSV)M7|%pSz>+CQrGV*F0Hd;(s)~xLD$)SY1S4@H;)*1K
zg~`L6buOJ6+Y>tYwBa2wWdVlqDexU2m)~A>MSrt@{@tT^qK#X}9i!ueh9<@H7cPba
z+?sIg{=jT^NjVF)7RLmWo5f>X7Ju-N3Tn`*EFRkwA*yZz1>qO>D5;IR9Nj7*xIMgB
zpb?RGYH<dg1c%?$ZC8<MWG*GPXKB@B<qfN?$6IULj`ww2HiiFo)ZIz<l;nHPM|7;8
z(anjkQ8~zI?IpWzSv$nZc=ha!ASK|~_xNq#Mf$hcH7|0^lPHh-PU0i5Oo?NHzv~X4
zExjFVLZ;B!2QGsrXV||#&;t-C#+xw4g;s6PPDnRaq$xEvwlKHiakF9Ga`LIfUBeA>
z_&4R<U>vq%_&R>N@05QfQiLE9Vol2fSeT>eQ*|h9zWcc$5a0G}b!Z@WeVkT-_9x)q
z%_72Su-m_f55PR%@1$CCI{<H8lHr@x0?zm*WU}v6V86fbF`*6w+F;?ier~asQ=^&4
zJ2{t4i7!$dk!$Qm=uoFjfOk<Y%lG#sy|kFU)*$3ZiW^~EtRjqQtQM;E>!o1Zj8w_l
z+5dkWqP1+hA}fAc4&gZOsJM9nld8Tw@XFm~*aJ3!!;X$iTsXbGoL6VCB23T$nBP-<
z<4T(`9sb1(aZIy>&<dSBTa}X*eRLM$DTr%n?D^@t>#3gwz4ymj)S3$VgJ>h%x{MNs
zyD|@V1-Kmbs_3t2$4;Id!MyFl*K$VH!CH@N#GW5-q?>=KUwr+pz}(;+3uq>y-xitc
zykpY&S~hfTizT9K_#S`W9k_Hcl!Y%Ui*oX+P(<_{R#ZPl^p&A`r-qt4SK!o?NJ2DX
za#p_^J=TC-|8Txh{NdYaUVvDZ$hrL>UuJHWcRsbc(Ye9eiQ_i?4)=F1@l$Sq;EI<p
zcdS#}l3wmwYU+;vV{19C>%F^uf!-YdA%?x=IK6bpwj@QLKNQ(>&h)jUGN`4ik8*G(
zj!+QE>it>Se#s|GD27zWR49$*Ynig5=Y(s>m(aJxLbmiFTdIQc(;4h@I($OgoMaSa
z3OHI&vh)w3iHyS$I*KAE25Sc6!WRNN8E#Z=xNchPdQ5|?S|3uPBB&U(dUiv}I3?d=
zdS5Q%fZGpNY3y5Kz>Y%pwo%?0Gf+%DvDF*ew%1o=a<UaSSg}Y$zQ7K6w`j9L*_pS%
zg-5O$oOj8E$AX4I$g@!M8ef1fZ{i)EEPt$Lc3kNSOTr3|<z`gsh%B+297sBF36ps+
zFMj>nKrYH^*pWtFB&?h&hxHG~Z_uMD(xGxtP!+KX4jwW4Q9J5H=sqLztQ0N$3z~x%
z(->9aN@h?aBuztz1L|ACYFI$2uxyefnZ!z^8*uRyPbCgD5Rci6R{b7qIn?v!dX5tn
zsVLqp9!mNST`tRjwn*udvpU<UgaNj~LWJVYj!tQi`QURbNyGeVXJXrq^!K5J=ltYS
zg8MHoGOUQixX{X-$|tHHbm<)ZM1-yiV`6IZUpy|Mboc)_=crrbcn0_#g_GvE^Cs<$
z(4JF94l)Ylt5%DCU<@!R1-7PDcYtr~1rWK*WwJmBb#5A481p^XwVN1gc<2i3!k=Ee
zvm%lbIS-f{`s<l-T>!KDJanmi-V}XSG2Z2lwi<5{o%F>z_E#>E8(=lWMCfXLZTew(
z2jA9qDZ5{mupIv6{PlB*9=>`3Koo`T2C01+FXfLnKx8_9YqHnzKfGeG-SG|9T6#O<
zAF+J00npZ+0P;P+IX5E~ma9FHmTadQ1QC(_RyvM)oCetp7={CAnrEt~H9I*&y5yPt
z+5`dI?%JLsGUq2GTfcyWg|dhP*dKlqWI7$b(&FFycV3#y2mZes%^cPc4xy3zkAtNg
z{sB3=9gx{P7>0Pa%iv~VhM4yEhix{j)5AyU>k$^%e$)QWtllzv8C*>1zTEP^i#A9T
z{cmvv&z`}sX<tqVJL&bG%}*n)hN-iCf6KX_gU{SFzFA9UZjz#Oh3Dss3-bbiCk=Ly
z6TnDms#oQq%{i1_78Z!?R&DWnrHog_r30jKj{z3&$psWFSH{|w$y>W-J5bfOiqYgs
zrG;ulK^u2Vef*>2+EQ}|<rgt(jRa1BS~<G*<DZxxb_;)IM8wk?D@WT}XYOaFRFkZV
zHmSAHe1+vXco(C;(mZ6Zlvme?YH<CxqbJ2NWLy3|ue{W_kX!tT-h6m@8+S@(SzW%m
zrh(Mfp}~TV;n#9}syKYZB?EHf(ws!id9<WiB|dM}ta5b11Vo8L&n>CQCUmuS-;?}N
zCu3z)`b<j$JWv?%rt?g@qn1Cb5<6s_cjnziTY*fYLZTCG{*H=NKICTmCVDumgz9_}
zvlMN)w8muj3EFMcP&of!2Vd6HD96@g#5ZR6>WJE@Hs&sc4Q~KWrIqA*^yCdGf%oKg
zvSA*GPifAYagR4U&9vT%O3w6;(bdcE<0Wt?onVa<ie`EiMNRkrY;w*LqYxZikZ)>v
zXf?z?6tP2o-#KZ9L6Y>D(jGxswFst_MABV!n8Ji*(PjJI#MKV#<gFWVF8h;`DR$y|
znTtszsRU=euQ9t4=o~O)N0W`oA;U5(##C%*$Ch^4O!J8)jm_V~#(O1dpWSsD#tN{7
z0v&|&C;zYFe!hkt2)6uNt<Q%XG|hWWIrf9J9YlulVlI!?xGtz&`)WVNn9vFiy0`@?
zG4|?s*8h|zm!F$PQ{F9X5LdAmVx|^(q@Z)4>ZyFSX;0BZVBI81H;JXTi&pZwOTFJE
zg{Buvvaieqt9L%1JElufm&jWH2Zg{W{BNY37P~mH4nZ%Oe9*|o17d;>@mixl-GjkK
zn2K|K4<fTE&{77`>985zWWNvnz;jG4BD?W?Yz{}~&Fe>fjxk~(LUFYd`14Hjg4v$~
zMGr62r#_gja(Ez=f5|N7U%Yy@Et3yybLB$j5a17_fRlp;-H;Bzks4sEUvEZ4BPSp#
zGe;f$$lLt@b@AkN8k|IZRHhGZL`s@iZKRTQFY#?Vu*||}$Uaugs3M!E^`~zCJS6%d
zPEyY37)k0l`>>U^T&~<&k`noT?pRPQ7dVWXh3h9O+Frx65tCr>z&*)sKKXDDRhS`$
z??ICFd~o!JkimJVVB3Am_iCADaAOC4syGofKJr8|Ohg47#-G%!Z#h1)+SEaF_JrU{
z`miPAuTTcTfe-u!fxmMO{BDG6o#Uf`tggd?yL@|M>R;8DARxBe>Dc<87hhRzT)2yI
zSvNdxY;j)j{|uaw#EdA6xTd6dhU}*hQi&=*`%_B?SlO?3zl@P>)X7>%NVRoy#9_yf
zOz0~9LHw#<c6=cF<*{J5qhVXxFSy3Di<c1#UQ*Qifyw~#ah{Yp@RU>7?hr=uH4nPv
zwk_^5K<}g$0?c4cAkzh#v^fIu7^%1~-~cR915%?QDOR{v4rpBiE>~~7487et=xZ=o
zUQK_jWs%Mgl<iXBpuJiS#QweVeMRiyaU-gSv`0OXv`etoJ^#A~18qHV{epW3`HY?-
zuDrXqpVrLtsX1lRi6t;&py89#bZrYO`G=_39lB~QlFt#(8L56!DY1Xy?Oo0;Ej{e>
z2_mP93d4rwlw!l<3?uBM3Z{<KPgnLL<rpgQs85cw5BMGGW-#mcv)(T;uMMqySZYIg
zC8pRBca*pP>3BozM7*=W?IDMy)iN5%6@#6DH@3%-{<LE}4{z)&ItR7KMOB>JS@t$Z
zhFyPJ*Wl8Oqn3al<f*6@AO2jkkqv3X7-Spc8#LW}T=Y*?KbOc6RUxZj62HdAjH2bc
z(h=oDkFa-b8KzWeVUcAjd3jwkI@vwL8u;_WO58gc$vDmE&Fsu`2HD<NZqM_;gwl(R
zx!L>Y3)w^yD$a0LErN-bPvs;G(k?0=G(nsHbWt;*^?2k@cXtT#bK4-T)B!ia`FjS*
zkrTB(ak<EJx(9#M8U)^N+JxMB%wdbfoApM?43+9k`A~Zt)fYN_R>y~EtzI6f8jDNX
z>RnKUGjjBm(Bi4TBeIjvP-SEjP?BK!S32`t@{1*t`qTVqOz!SYniwqkZ@pxdV=m;W
z>VOCir6I+|GmKy*t9t#S<~3cPOBfmhxa6zr$)fj?Z{-GW;%sh~lPGF&`|*KVu=#^=
zsiel37apOo;g)3?|0k?;_>M?u8LE?U*?%T<_9m%8`(1U-^cs{~n|silvi))9Z8JIU
zJdFz09{93PsE}vR0xy#m`Mg(3An@$ApM9x^c<sq~<syK`<})(lI{+Ts!9m%PWl}R7
zHW0XA;CZ^90;Y6Kco=f+stH*fO(a@NXQ13Oczvtm`Zhz{w!<a&PIF;n^9`l)7et|d
z{@-Ao(ho(lxo;il5^s3s?m#1QBXhGTRlNlXghRYq!6|4Ak`30+b3tLTO9p5D$sEXJ
z865QU3VV9W8yHFVIm1>#;_2j|4b52lATa*QGp0BZ%PvDXQhkdfA&Rl=v5a5jX8jc!
z&B;B@4DOtv470xBpO=ve_w9|>`aOGF42;~bz|-{&`2qe0XxbQWKkUi2GUAYP!t)R*
zg7DBd?yn@j2BipvErw<CS^OW@orKq>`z{Qg@~~<@nUQ4HrJubnEjW{q*<UCtaQZxg
z)XvCt>AY+`>HyhSw`t#RFUP9A0F^vDRt;jY^kLo58!<hYJbe1N#<e5e*UtuK<r(M_
zqTsyxint!@XDCV~Zg8$we^1hxW6-OxG6&8>nlBia?0dOEPEuqL`!DJq<C^4}g-K18
zgSDI2ZuM#*3wTg`19Hk(14m&)$I@tJZinJ>a9lq(q$#gVJp85O?^n#wTbo}lYFKuE
zap);bqFXcg{*X|6?h|G(V$h*WX3NBL;MEQRAE9xWomub01x(cUctH_7D9VHk(k6R3
zojU`v(he>NG52~?QGUA!{DdFJrkrzLJXaGE12hSDXIjBXKP?~mPd42ap)L5YrFMQU
zC9X`Qd!dX-bWdW}{W*|I+fKq*bB`|>r&Aeek*7vq;(P<QTag$z&3x0Jls?SWFOCBQ
zUaZ1#!2mbR{{;^1g1&l|%0zB1=?j6vguD$ht%t10WP=btaBTAnMv3YBC|(fl<bVel
z+f8d@2e7?^?k2*XbRv2wwudIcG-bhp;3>9dw4wd}G(HxBD$(*i;^i?3lW~M+Lg9RL
zVg?DxuTB*%=Uq%+(Q5ITBl)4y8KP(lt=iV|9~CAq^2C>k${G7lgXR*Za+6!oP@jkA
zn|0#XzB>Fcf}mT*BseC-L`{6!ZgKI}Kg2tQh5G_;3+*!Z`<!NyNy(g5->*p7N>mPF
z45}is0)oZhQUk3w7#Lg_;au`)g_25iJ(iwWs44P>%2X^2Jp^tFgah(eEEK_PTvU~M
zuYUz@3P<Xqb7P_C3z*QCj$w%t4WDv+5j4QQ`66gymCn3h&YJmL_3dBF8smhb8jij$
zUu{nB6N0c$VRuB*1y4d_;o*7t-w4p~ITJz9*u=w5C$_fWaNit4dSeXkIBrzkC|#<K
zX=<F6F=|)>0!AtsZ$Y;DkG${0QltLen5&0{Br<T=A2`6gEVkv`*QY@w0c&z|d=kzk
zaDa)|x*W*DJEhMoS}dYA$NVh>eSTh@jNPtc$yz)X#0nlr4ijK~Yj9xp5LH82_^jV1
zq{`;Iz?g&lkcmfN6Qx0>1#x-tf;Fil?C$ebwfohx>F?{|zaD!^?fS<#04b;$gd?lT
z8Tlf9%_nNjH@Nj=1F6w8dF!<)yAS{c+VNb3vpZuM=S><QS5c!-7nb=~#Q>@gAb#{!
zj#I&P$8H^~a>CFUUexZwksD%xK6mfpjpu*UMt@UGbsCIrBz|M0Zno0~V$GX%pkzmY
zTR*?jZi_*LuK6?j!;Szgumr>(g75^mU)iY4JTGjt1z;QX?(tilTfkoff>|(;J}|D%
z8fgO?Fxn$^Cfn6vR_<$c?a?XU1q#mlb;@s9G!%CmbO#L6?T?WwE!vTeNmWw+fI7Yy
zdEkkBbF=8n?{mFeeNRVB1n$XJ+|Kg?(Op{epoiQsgp{qVdaP}+6*T>^2K_)a&jFt;
zzvYD+bV2kn6u96qr!6l6671gCg03RUzwL*#39OS!6zxIfMMSQbK~M?Q6jg*iH^<p-
zSHYKZ<H$nd=VTjajojl}=gzR7kA2)aVtuD-M~F<D$E}q$c;*Di;kj83-4Z<SoC>L-
zStdD-BNDTH%GMJvOhttxR(0|p>aF)|>t7_a7?nnSj4s8G*K%XXeNHsjv-qf9`UNRN
zZfUo7U+ILmcblZNr9lW{P#hjvIKT1O4XSE5Va3|Oed9vKIOu-1G+_Cu@9(ME>n=uZ
z<5b$<5wn2i8@siA)awY_cz+p(*=M+Q4Q7}x%&LO@+Qot<e;3|N&O+%MpRkna9?0eD
z-)Soaup|7?Jy)K`{W$&*e)5u(k+ub+RDDTekd9M$MWSvqgK4a8OXR3D2>M)RPPO5Q
zz8#(5DG?c^ra?-<EP-$|k-nyhqNh4{VP4*+M@Sp{Vg{ihsVK!*1GTCsObJo~1uc1k
z1s(FhEq<EvrN~-LwBZED7^No$Dx`>wkZE6uLW3{jg^5<J8zEW_n<1hOk7)mz&pzu-
zX6HFuuMYgP_fSzL2ZMnBA^AXRc>1gP`<7r^6}8l9ipX9-U`$o1W?0<imZER_(2iy$
z=;27$J({F)NDHsn@=v+yMGI$3n|sqI!9>v;7ng2O@Y7@jA-QwLy|AbxOj2*)`hbIy
ztdhX0^!1#jlH{k&!$(1zBYE7RxIKDUSti0;kI1mQpFTrlOz6WZ$lrRHWx|8TZr!Cm
z0Bm@VB);ed$Z1spbdqWlPY%x@03l$rIYZg|<;1)>IY`|~41;I*G3iM*ifboC+5(Hp
z6h$$O0}YR-xzz>PBav~v^?9(`%!(h$)IVuV^(s0iVrZUtPYKokx^qL;=W$?wE<77x
z>Nx`R3yAm3xyH2};jPthkQp))7(lQO85|B<fo<;uUr*kv#;0#_0IeCw8qyk1iuW0u
zzt|G|u6weZ`yKO0ol`SI1{CGwP@F>bAY|m1^)y-o-rx-Wz~<kH7vpXr(iAgiyAdCs
z4rM)!lru;}#8-)5tZz9g%TH(|4_b@_{#{E!yt_Vu_-CJyR1C(+el4v|5$~9|UFL6Z
zY&mJWG@b=9Lm*Ic-rvpKlaXVA0z{htt%b?Gsubci3WR3xH8Qk2QVm7)%7Y*ljiB|X
z@!h3uSvED_2={XSDoO_wKuDid#SF>3Ytk+au*KSGQ<5$YU{G|5XoZndZ+A=t+Ce|H
zYPrt@d<Owd{;Q3)jO~bj%ZvjzUVz7~9+jzD6}xxR&Vv+!ncI3d!p(h9yXsKgC+Qej
z;K{T`eqJzwW_N+JXUFj41Ks67m*F!51Zuc7>;)<Ie7r7fv%_SSBQ%1-Ss3M|SLWR;
z)ZGJibPKH-&7FlJKR0U^?fy^$;7E!umT?1^#6nkZ?bTtrz`GZJ(0Oit?-PP`Ho#il
zauL-{lQ-I(2nysMiS-m|IGWWeoY812Tm~M4@6CS}(!ciEGMn+Hc7!%yi2_@D@+XO=
zy1jUG@eVq<nXs^;>jm|QXi=fnp(-uycWUjKo`v7_3ghF(VQ(`fr?R#yqwF7LmSSWo
zmj}%}m$7y(RtHWunYeFdrYbsL3q|$mH}DO$JVR6lD+C!Bwx#n14s|EmSqzs9%Sr6Z
z-L^JWx*h*fPmbChp*~!=>N%;nz4NYX`mIvh#s<Gx68kXIPC3PMwh~Lp@7HL^+_w5&
zVh2`B>}N|K=60t2X&tg{RH_>_>P9_)jVgyaI5{hCymEM&IF<sB4}rhmqVnFJ4E?4X
z9iNu%i8rz#yTT>2f+3?k=F!K)cj{ktn&pWmZRghZBsnu^5_?}(SMSX~UCyB7tnNSQ
z0qMfA{GV~7fsv6@GDY9Up4$$`HJuNaG>K3cN3*#2kV!dc7yu7$1oE=>#ahx>K4{Gx
zbgy@q2N;#~P6Kdu0KnkdCqESDCoURh^+bP=6MudhXw*vmPlIfB%$1(#y_0xNXt(1u
zfz>@Eli+zu;N5u4?cFFb^M3xsS>)wh1c;scUBt6eVX3js)X#8@&xLYFH3CG9yGi(X
z%pPw@b@|9qKPz1HQaL@Do67UeMy=OEM?i_)%w7^}|5DI@$&JCnYVH<EI#}8pDPv&v
zFmPZ>v2SBC3r+cn>y(Hg!RrmHQn+S8%D3o0G<d2cqAz6kvqmsoNi>UGnDxuINfZrm
zwDKGcdWMC!A7GTD{=u-q+@i_{r0H;0!VZ<Pi`$dJtpGK0<*7T)(wfdX`9~x*go@-W
z!MXt!Y-qjn=6HrEa(H?HR0UWTczWzq=|t-?-Bjhlf&$o_O1kOGQSm3`ks3CbL6b~x
z8jY1)n(@<Cg2k`=mX75&gn!^&;dA5cs(k!3na8{$-Qv?WI!0++mwK2`QaPy-#-B>7
zi+6)T84_ujazzdy8zZm&{n!*j{wo`Kv|6GTJRj&LbNhcD!B`;Poha0>Y49T)xW@32
z7JWc1>9PI|xeroB4g=D+IyU7r*@teQfNlWQ5r(M>cO71ZY8=RYeJ<V<uMvw_+mZF*
zm+#C#jJbbBo(s3zW-wk6@L}Bbeg>3P!TLWBeyXl9%I1=%3PHSUsL{NS#ZYn?4bZqJ
z&LgfuJeTI>cJxIyQ&yj01`@X-4y_N5>Zc^pFDJj0=1BD(2AYC4qy#~|DZ2>?EP)ly
z^6zwR$?|2loYY^QeG5SpT(&}Gt8Z`U1ROejL1BFXR9CbBdwFr}HS3RJvE45Fz;7@$
z)Gg#QitX3+kxL#(NJcfJ&6o1+wp9I)^@z-_3h?J=2sW$SF5O9DzRgBK*r^!|W^Z!C
z1wxM|?)xcs_$zBTByPgD$9w#9Q+&c%)lGG>GHmlAw+#w?+On$R0Xu^zu6>22C26wu
z`}%_t<MqWi9ob}a$J30NCMzre_X{<TFM#NK=$C!)StDKs2}+OS#bg5-ATA>^&zN3|
z>@ie=T!Z+2voHXuWFQZJiYr1p`oRDR>_DJy26#DivPhn={T7J^rovd@cJyy_=uCoG
zw>Vea3c=q(yo?a{v~Y&++`R}4;$NHGtYQq_A^^d^vZFFr<{7>Mv-&WumDU6~VT+xd
zK3ViSh{a9=*+OcNoRN3;q*>4AK}Kp<W}2PZ*DMF?LdStThmVqe6kv?|D$N9W7oKC-
z<qxf&nu3TBj8B|T;Vo`P7oYCbXR{l<6w%Vg)gs0xpW7>Yo0r3S_(H;PamR+<+pq4i
zv~18QX@kV2@*#G&tAb+@^I!#TdH1&U(4X?AN}Tw}Lc`7OY44`MBJSYP-mKP$?F}b;
zI*5c)-`N{`=^Gb;RM)SnOj{eGIfIP^TMn0oL3R#)4~<g8EsRsHZ%dxBwF;kI1A#68
zSN;-SsCo;#uQuZfiJ750KQYBwYORW>6OMm?aKDzAYbpxg%MJT(CAmVpz}q1FSxntC
z*@`n(KP6+LR!mLCj>xufHtxM&2Pa#}5to(SGVy6m7j0QTd9>y(SwlB%SyoTdcOBt|
zjUB}pl%(f>asO)W=qLg|ABT=2xmB!zme%W+I3Z#N5=+k%FBI*IaAY4TbMX8Yqb=Ji
zpQ~hvVjYrHs8gw-ts`jsfm=tw^1<yC3deK|Yc&1-X-qTnTc?fFlWIzL^FQl9RB|Z3
zVUqcoe$aV%N_+57cjfhqjq;CJienZ^ZK(Fvb2P~>i9dI%vSIWlC{ZT!ZgM<B?~PYT
zUYT>jU1Dtr?mqaGZEwm<Wk{X!1shLaw8w>{yIY{af}|HqK3MQMajIq5v(_zHJR?<f
zJpC_S?NpVQuWMcdQOAgN9`j9-i=N{rprr4%j}Jv5XAa~U&$A5EQT<Xgj26a?hDz4W
zF*{_09nLdMf&R~jRA`)Zgn;vbtRilZaVN?V?i1eAhZ6B(6iw=0V^Bj|%OLkPP^{$9
znchF+?A!`Mk^KlaPSAys-sdn`4BW~M24*8bz}hQ>bIZxTTr&_QX>)skn)DrvGsFJ#
zKvaI%`G>>lz+?T?0tzw=KCUu5b0T!*PpS3NQ*%>)8*-*+IN!Kkw~v|o<MI}{7vklx
z1kL(0iAn@%*H5>0q5uQ%?P9CbU<TqN@G76|cdoh9e+1%fNMPdfWcwtjWP0Nekf7Lp
zpIog1f5#kKRdM&3{mTMSbZ)i@!xxhy>I$QS2p2pmk)7U`qdZ?LZD9u~jXnqR=z*_6
z;NmXG!$Ts?VVkg4V+8UeJnFm^$?Zni3<%em6M%XY-amnSaO}<YRsVlJ!b0<7GH)<;
zw0Y-#_g3ymubCY4uW>nN)B)@xTnEO5X2sJZ0M`k*I7#z0FTPy4PoET?08~tCw%nw@
z|M6nW2`gM@4+`)m4diVSHy5n+tFO{=8Yp;$XRtkndH-PZ#v#lzEvD0FjiY$HSFUBU
z*W5y9VF+u}&ZJ$~4asLKPp&Kfci2}x?pV??tHEM&j+&#LaYkA`ujSvRn!fFJZG2&$
z=kS4~CEQLq|A{93+uta5ng-LV4LTOx3(sZLG!4|~C$JTs=u=~(0KI1cyR@v94yoa@
zCkAC1pvx&&iSix@VWC?xXiuXVY#PlhXP0AOeZ7fkU&>Gu1byPlBZ1+xH7Unx7@ljC
zf^MRVlf%z<F`6C5u$q1yxEY)6k%5wFcc*gO{P}L$2K`3+w*OQ<%~QwrpVh+7d5$NV
zpB>|mJO{sJ3+srg7{fmcH_vmwDa4xNUeOecJ%=XexT1|<?aM+1dNm%quD2C43ZB}~
zE$G>2s&gmLxlyS<AE%Oz<YMnHDcZ6wdtavaJY@Q5b{5Vv>WI@0wN14wz>bhcg~R}v
zcobJcAj;!Jpz++6@EIr(aEssGp>z0R{rlldH@BEg8x>hPP1at_LM76a)WXt4ZYnk7
zZzDYViNqd;+(OdWbp-3EFCv)cr0JE1Fv=}CYxQeT>j;>BnspDZA9Yf%z3m{on|>>C
z^P_tPTFo(LKb~dm)ZeoA?qHt(#Cr11CvWVuK*z@cuQfBI%061V4A;>09lBy->=jus
z;HEnwzH2bS9)&Z>x5bL%J=0PXjB5Dwa72MG<ZTe1#x&;ha;iC(M<Xa&eo5K7<9y61
z-w>9OdQ0(E_JM5*bSw~MDh#e9D&>7p1`q|*-7(x*?NsGdx-pON^p()%E%k~XD3XVB
zrTq2n>CPn{;Eb?}K3&la6?n_M`5FAEo6i#$NiU!JbhjNpko~8TrFbY;rjo#Evt|$$
zpXSJWrPF31T9j^w0>DC#qJE1Y`$W=yRyDLButKZg3(Pa!Mm{5{`$_OGiz+_dKLX9M
z%qhmI<MLdpJ#$@PvNE};Am@;JH^B66RIT@ObNr^ok<8|PGtYUP6bm1G_0PJ8+!K0O
z>o!mn$ZdkleXjl<NWpG&g|{CkVbA+#BX?x8QLmO~&PF~#Kl$l=bP3>G5<4jg%iR5A
zx%U~O|7bItm(6$Y#ny$cEa$wK*p)WlXlCV;X<OOClJY^iMHnf8+=};$`&{i4+2%Xu
zyQB8BeL(hjL8uL>%aK(OLQ)N2s|KUf?fKl@UtgEk->)pR^b!6k%hg^Mf7W1~qs#H}
z6|lmy84!w)VR*M8Q7Pb!KZI+3dv>Q+pi)IK=C`{y&1XSd9psY>9(*Z0_sLX~OI(b-
zvaM?J`M{6a!0tA9>v3J}oeONxg;quPufp8$BF2h)A6_AVPC9Y^!7497TtjXWWP1at
z#c}8COAP<skh`11hqae8L#h!8Nn(`#xNDwMVN?}}bNm9vwZP=Nr04(lRX${UUXC%e
z1`^_#oB5UhsN?Tl+J{^nh}Ur^DcliA$&fIRu;6bz-I`4y3MU2#GzWa&q0<4>?O}gm
zxC`<PY!irT8t1?VpS0|J#qUlid3+zSoq?$DTTIO{Hrinr6KOvSFsk&a`U1iX?usA3
zSPQ7h8zM0|c-YDR7)Q<-FSw*6vwQZ3<HkXT5#98ZAJ<L`Yl#_+bRv~;qNJi@vc32!
z1bch~8%A1EruLC0t0Z#ZqgL@l-&ZVc{9p49x)%gw%4WJouuVsJbg|7)FO*&dz0WG2
zvz3<3vD{5>qcIfKMIW@sDh=Y+r72UX;O=veb77#53yBy)4HnV2-n`2<X^MczymiC8
z7Gw+m(;Gz9l+D}ao{`#ksj_|h_GeodRLGTda`$Ufn|$?>A$EW%47;XHT-w6u{2KlP
z=cmoy8Et3jxpo_M=kx?w*6Cj0LQca~CoOLXvhv4+wUZhOb#09|<CAs5aa7)u&uK3%
zl-&*d@e(z48q+7Zjz7Ik)pCz3>3aJ`OH+iiEWeM8hk@qzxE3ZmW1S8!y^j7|535$<
z6He)aM|R952`CN)TH;vfRG=)ismaQlgMMR2Q2YUqo?A;u44MoJvQxXoXodequ`db`
z=ccX`EcLPf;<+OW8jm;pHuPFLEc5S+JLKMr*>Tq5E@7V#*8T_)_HMPLZ9^uy*AXmX
zoLnwpAy>QwZ;ad7PS+ctayKV5vxfpua^&ZWv88hFlb6~u|MnhKGle~RtxtZ*A?}JP
zFlU2>eZXuKOd6o}TnK|BY~Kb?gQlF-+C*<@GHTi4l?DKMnZs1^&Jz(c?5{1PA8YPI
z&-LChhO^;s`bL?QgbE6%a)rWT_gK}+pJI{lmZpaWMgLMXuthtL3dO+*@@0PHA{Ji0
z3X0Pv#;zB!)kb{s3Lttm8gWC&w?30%VdLsk6&bWOT1PU+42M1lNfgr}pmHPW?ny?`
zEE0QN(}RsBPl}Cu<Tzy=wVOZJ#Jn*r#gY6wmp0mCQbNYrr8qF*%-cG)IQV;A8sD1O
z;x!4Xn?h7abN<$sN3u++-5b>)hIOCbE4&b4bn>cMdmj)#$kC=r9}sja31x%$S0KX?
zJ^w>3@;&}uw}CI<{=aM#ysJU_2$(<YKpeCMV;4Jp&JXGCLhZ+#5|1d8_cIVm(?2Dm
z@6Y9vf9(jPKMWF-vuFLj&<CAd-<WJIGy`@M7IrD+Pnro{t#X)WBaD!<P}x6QcSl)i
z`&ns4y8&3h;Q~UY!KmZlAomeqIZ|Hh&L!i(ARPJa5`e}{NK>GLeGK9FeYfq~mU^ua
z75~>tQ>78H(`3=6|8sfFPXz8UzLvS0Bb)9U{u;JKG9J)f48M9d<y+P3l1t=?3|rOi
z1>+VH|Npf5a|_ShM4RuoAK(^GfIwaBrm?kib{fF3+N1Zh&N<a?PVKY&&>@-rk2~pK
z%5;j6Y|uXg_JPw2jQ=dhI}Hi~wK#*;iMus;Y+YbX=T$4N9=U}rxsQ<`xamx;9hTGy
zq^AndHrDUUCt9%S=E<AJx&P4_-v+r?%@NJoHXbl+12=6a&Nbo1#2dbK{+=;P&4q5m
zA8r12AA)vkDzR>U);yB#^^}oVBFoA7hVj-tjKV3eV@+xO>iK6|BVJ9tW{<G<F~!r5
z*h;StKDFm_)ryD;N0VN>dWx@SH#AT-^HiovZ$&vck0K(o6wf|O-3HarrM~4;X2~T6
zH*;o5e0*O9U0jGtgtbIj?J1E@0u3sh5Sw72ONN<^2FC0ai8_7Cl1PUy$7&q3f^hs@
zfzlY+uIr+YKKX7d9BuOC$OP5NnJ^?b_2UCxK9orciViRTk9TOccNQLndHvNk7Y?Tj
z4kEU^|KeLdGwF}}oN6INHbgFnrsj*@6qhhZ<d4Pl>KLKQz#g>A((CljB^sbszcZ31
zpBpHPwnn`m>g~mTC#u5X8m%Rn{y4g6R7u5Vw*It_3=>CFfQyql7X_W{Z@gUBkXT&O
zqH<0x<|8o{YPVRyVJ_<NuVoU-CwBK8P5-c{9&?p4eYcgSK~!<Z$P)gG2$H$y&wgtf
zET|f0mML$0RHVrFQQ&{2eu3#6<n^&C1X<omWM1)u>aK7iSSq7j(~yJqw^7q=gkv;(
z_^#As^1Y6|j%;Z?SF~omHQf4_ZsZTEz%>bRE22J=u1`hQ7Wg6DT4fWUIWddXT~gjL
z$5WvYc*I1^t@cG+8B_^1st*uWUTnpw&ovRGEtrZ)soXI{VV1l#-K`Sj)KtX@kCcn#
z!(I_%1Oe0q4^Ll8@cA*G@Tr|;-g5V!m7t(#;;~b5oyaXqOTFG?;&K7b+I4l@7=f^S
zHRfP4bXJGRo+;KBln=fcl8`T?Hf~OuZ#T5iB~!h?ioUoZiiVFr3~ROfnk6P){l4xm
z&kM7TlUGH95ow>{w?xqwBLw6W=rpAGFkY`;unxpMMRX+B0@mR4ja~zmB<;fDsG(H=
z>A6OF0MwQMfW-PgAb(IT%%wAH6G*FDPAUNI*w`BX_C7Rz(BBwje+;ULwinOUlk5k4
zINi@ho%&<lY-+>TH<qTkQ0leLz09{#w{=^mIL)xsWv8GPsa4*6V@!WH3*neLmYWAT
zi{LPSSxhSilHt7ofwDZgYJAh!?0j|d6EWcc_$z#52BPZ5qQqO9ssThfKUm*xuHhv+
ziBI}1Yl857)2d(UzK}WQ#|9@mJe6N5Xs?suTflXnR7v(NuTds-_=^=G+~ePPtI}vO
z<d5=7dnK^{+IXWw>F9%LQz8H#0E$|Ihy&|2fXQ{{);PgeXw1K_+dt9QC<Qe>5&apg
zdwGp-rAR?H%qA&iH%Gy7onODm?vf|jcc1dTd@98HV;1pU$)Nutkj`3EUY2BEd)`Gj
z+<d_B;Y~YWR|LQ<7zx4p43G8fWn>SG<z0(29GDH?z%rtnF@LnF$c@PWO=)JU>q79D
z-?sWfo3mW{*FY{_9;{BjAws$DXAvBOUmvvAC5s4u70!{Amvt@>RXX0!%zrGdw((Q^
zX{@gCTbg2ynP8f1l2?UEr4fUBhB}Mrm&Ik-%cnc(tnxu(I-2%9NrhR1DrK(a%wJ0j
z5<e;_;2Ws5eFDFEEm6iEPtf0`*c}o=w_u<dwWm3c3ZgmI)QXGk$*-*B>f#m04F=XY
z7j)WF`Vz<IzIu1)v!q-xOu9-fCZ5zhhAfld$?<XH)YLz^k?!ourq%yD3OP$#_1<``
zxp1H%Ja3McQ9c>uwfr5UdYEfN6MyzynO1(qD^G7t&jBXf92#}aT0Oltf0;P*yRHAq
z<MwmB;Ib{;S4tt{WX?!Hc}8q1Sy)2~BCQz11{no7_k&Tk>4y2Kzv5lL-yz?j?j8P~
z;BX!gl2v%ANTBqXZAk?dLN^o<{GR1`U0pF3)PJ~!l}8aCS)q%rSQ^Dm)t2;!!5Xs-
zKK+3w<R_Dv1ZtzWkmZjac9~mrZ{%&zS0;_chEqmQsC;o~*r{o(gqQHM`0DPgv`)(|
zvyM2%dTxl!(QJ>*S_DbRUxlmi5u(5c9Lv6ftP)JN{NZdIN+<m_HiaXgCg8Q@hH8jK
zs`s4Q=#X<uF}V?9aLR|G<7tuLJy%XxCLP6EkIh$AOsAK4_$xL@<xLuzV#3$Z-_h!n
z-L2f#30nq`cO><~BxzIy1_DaN<R6TJaiqjS<_bNt&T-e%hHNa6Q<V`%LaY38h-lVx
z&MT*iAqC)pF$<ykJ?Zn4slJcs&CA$Y^xj$9AUyrQcLNVNTOW46p?+ES;F$*Av#h_r
zaqxaB#hkKo%s5~LPT1pLLQiGPNB#4!ru?Yt>lBEyR4EU?cm_9m6(cE@g^^{$rlo@j
z%FpNBi|1n)po%=D)2iFP+*Fd^ZdZcJ<h$ppRwI-?0@qu0Q}q=Xh(afjF@T_zfW>$;
zch2I&-wAbty1{>=!n;-hK+o<JKwTUIPyjs~@tTAwI}I!Z0x8olS3m72wf;O8IAPw~
z_4hh82+RnaMnv8NVT-0*Hu2GwFiHQK<Q)FFV}DK!%>@~eN3zr$%QR3n$rJ2sc<82V
z{vSwO1565ze70I$FI8yYx#nuOPv?c<Zt*W(qZO&ON(qqG45XWoV+Amx>LRdx|9^)M
zcwn}z0rHW7*lAbNNAShYp3enbKpP%zNKE2JpO43RB2hUZd`Inm$Lkd%W5$`4*DH38
z#!XO!oG$E7p2cJ5n15;GGFrD@z5ai148bfSy=di{Thn|GZr;}02YyO|^xl*}wu>$u
zRsnwV7r0aa8mqF14}Z0j<I(CI=tmxWBIu?~IQFEy_R{Ol67O(==DD|ZgPg?=uTgSX
z;zeDi?^ap&Au}9wRQnJPbFiYw^dySXZT;D?mrL#y?G8i3C0JSXui72>YwR*Wk)glw
z+5=f6RKM;MNou~4B4^!lr(`(Xv=bT9egC})>5-9D<yvMplLhLYK-V;0=k<&XFLd5v
z!p@0NR5`ZP5RO6G-Xwj#jp3+bt+#(sHY8_@h@nj{MLm)*a4t0C4oXY%s}$&=bo06h
zHZ@huhUalaA|i8^(z1Hl?k0NU%7#gE-eKbCOX9IXgAqi{(q!Y_N^~*d5ttP&dgWcH
zJF>2y-1(bvAewQ(Qhj%vSGuRY9V0Hj{9lSb$*uS7ewRsfac>;P?}oREFaDwHjDxmh
zpRh_XZ<tk*H~wiuyt88Z)PKFPbkiocmX#?L2gnuW%j+Lb=Rs}LJM%loi(4hU0pAxC
zh724<+h%RqytULfjWe`liuxU*8MMW?M6UC~zI<S(?|Z!&iRqM9BrZ6uE{JZQr#Cyd
z^MEWd#!Jc3k0gwB+k;h6o|WIh1QsIQRFu1#|H-B@1v0l!*G%ZP`Gux<PU%gITDYI+
zU!hCk{U3%v;lBA{`ls64Rqi>RaoN}W+lum{udmFno(l0|*Wrw@gETiiwgp>mhtdEg
zVBuYUZb-$MS&sTU61<h=G&igLCL|1w`975Ql~HftLMCd))bXPIL~}~nA*;^}HOI>!
z(US(QU$^Zg=&hZ&{g^x9r=E$G(_~2oy<F2&kskZO`YAGB>?sN^4d(SSh@FX=%}DH+
zdK4<<zpV<!oW7DQU>Z{(pU}cnjN#<#mSSddF{46zZBiBqS3DKedV~7}m<|cZ@igBB
zGmR*)VJ*j5jVNzix+p(j!9#H|L;V>hG(sEtNlqc@-GEWt`a(3``gi#(J~~D`T@q(J
zU5c7?(!c7`)WyF-gS#H|cL^A#1}6h#Hi&8DK?q4czWx(e%jE4!kGMq~biZmS2_vVZ
zI3d~L9RnFGgZ!^oK;Uzr_dv4M+a<+8#@Ek=*LQDu!ajD!S0f&v>|JjwDL&_XvPN2d
z!c7eYXyrl2JTTqT-gPD*CT=;NLoLQ`arW7LI4AS#T_^obs}BIFdNT6AtgRT~bOm^1
z1b`)8T{*ilt}7Y~lQUX`ifH3*E44gL^U`;#_vHZQ^LKT7C+By1Zk<mTz4FI?ZRxx*
zHiUH!fV9RoRu%}yT#Ln06c}*6!&H6`3=2xq*VFsU4>7r|P6HU{<4IH+7(A+4;z{4O
zB21B<Ad2Xo-NA)h6knz-nJ}nV!QUjWZJaCv<?YX9@Pb0`wJXcCT7sx>U9t61*fbX(
zhDCX{ulP2ed3{`Ag6}xq%C9KMtRaTK_+BD4-QvvvLY(HgUJE9uTxk}sQVB)#l}Xf8
z-zlCwf`41_kJaQdtP4_0d<cq!;Y~*!=ea*ae#ZN;1&+5ky94bjnDI1@?ciZ>g1a=Y
z%3D#mg(%zv*!bF$eWU%9KnC_8L_hD$w=fyfYcIE(gYs&<)3kKaSEqCklc-7HlZEF$
z%3X#Y(91Bxq{d}bO+9lT*_9QiQciiPx7c@%-=1Fs+cT`w`WWg7Bzh3w-T|=CliM^f
z_XX0xaFN1K&bECcx3&e~9=pvPfs1fL&SsUD!|Iv~5FSf4^D9rM$KILyxY}_dp&T4v
zxyH4<h{vbvr$p5a=ZeeJ{Yld_^%WemB;VypI;I}dWJx9$m$cUGl@h$_H3$>a=A)}}
z>h@s~$=R+;jIO~bZ%DLvslnOSjUMhr)jfUclB>E0Sz$!?f*XfR^~p}e`||V>swKv(
ze38jAtIVKzDCXtr#Oc?W<nC|BMv#N-^YWgk@N?L9sH7EJ#O%>N!+pRzf!aAX>VLME
zEL}Tx(|J08O8IJ-M$U8CK?JH;T>fL@*oY@@ClvMfp}zg6kCNSMoNt~B<tx7%R^!rf
zV=f6Lm1ZT?%M%ZRQ+sz(IYnd_Y!lYlGK*lka}I@Df%BAPTak68hIL5BjggGO>j6%z
zrYPsz!Y-<pIDg}pPOt*lQBR<BwS?;05?I7%@tYsm6(<sX|NOBTikNIg6|vj(U;ePX
ze(E!rNA}n~Ms*8+R=41tq<t<qB<&^2!qabTPJ~tx4Bm9IHiN<Z)ZV=N-b8ax-)PR|
zXTi}=@Rv|eaQE+gL%iI>r`#x^EDA4EBqM)WZLS8bY^=&-@kKo}LpR%4z2p9h{&izD
zpieoegVrT#N^d5@<RsLSVr_8I4%S3+SGf27QKLnL<XOaXLDIsEvk@B>3j}<bY#%K8
zMOj@7e|_sN|MoST=yX*bt>TOmp2|C-Z*`yLC~A2qxSe_vYVc7}^sHzxUWcgbxcah&
zp2P$Vy`suNBkt3})0EmJ=}kh%)5Vy6Pu+p4NXne{#L6~lk3K7bo+|m5|4XOA;Xfbn
zlu7Vp@Y)z-R#@^KS@vZec^m^*ci468EUZgwQZB<32#;x*+0UGq7W(5O=y$K)_iwOT
z!v6?rQOSnOM+0roqtH$MrQjr{B0AKN<X}Agj;|83U%~z~0;cEyT)tZLG9g-lN5n_O
zIC>N=TM3a<xhF$J-@?m8sN#%RsB%h)``EF$$x?sK5Vob_?sr@*xo3ck@1a3-bDrD$
zxt=;5Z%eI(r`*4eZ`aR0c-x5|P6XDnr!tEE<IoaaYt_l)@WoHgHIB2$kS9eu|3z;A
zm-rJiGNSj)bIl*vaS9RM1XOFn@WSb(k@t}A)^U-4*!hRp+{~b|Ot*ILS%zL=YdzTU
z&)%jP(v@7KWqA9rw$(luxo6q$s{*956A<Xc=(lks-+kirt@!>bT$h7b+~*O*ZM{2i
zQ?}>MZ#)Ij^du_{8sri9?V$DEFzjLe+I`*KM?$%FI;^xAC+uT8p^sE&qnPiJ*Ixmk
zM;2ipmAaPd_)%#&31<p~Hs+uIdQH^8!f;!if05NeI3!%bC_bQi6-RZMS-L82r93$A
z-UUdeJ)o60girg%A`FhUFIk_Sg*fK>sGGg@$YV2O%qC53(Js<OTz6z3>{@aIkktD=
znVz{i0L)Q=-#2V5J8k;#arZ}>AjA<YZscrVW0YRJmOqa>)bX@)6n$~2e*Ob=L%I2L
z{s(>^SM35;bXF~tk4_^<W;LF6!(QZro2|L)bm#GE^<v4mwohs}_B}pr-F$KPSQ;M6
zrd%WU?!&oxybN6FxUQx8tdqIr>9%SDWr_gDv#sq9@Zoo&3uaeWU%pmGu^!1PRM!Fo
zSt2yUS6mW4EV7(4z{SVp<fVxPA+hz=&h3|zLOX;xqo8Wzht)zk<WIIynO>{#`c}d2
z26TKaSo|2h=DNMe&!uIWBT|cjAv``|kf~|BUNgmOK-kL%NRGvTlVIMz7x@GtcGw}+
zta1SikuPA0n#>>8&tDzM@fq^MwvXuCCVe}hCx0i1@}*Zzjwk1@_&WWv*V~^%F*`6u
zCc)yRSOdF;^+dc;nb0ke!&2e7ekkX|?U4QAZ0w_o)0D&h%Y=rtQUsPv$?NY3X~Zm4
zM0$#jhVgAIRGsI%g8N_O<0I)s`D*ee4@RqwR*&_=b`f}Kh6NpJ8jR<DM`cIF9S^|b
zAd~yc{Ml*0AYl7sTE8+S8IW2Arok_FV5jB;_uZy%EAI&;BgYz@cLa43x)Yka@ULsO
z5P#z!iv9H5M6oE5bicX2>*80wC+%FL?xfZAjtjoG8|NCf;pV|+=IOaAJ#7Oy$&<Mr
z_(7MagpT5i4%V^{<qkeyOf~b?(hPPrAYQkEQ9p=BB~*c+&e0%<gNr>LzhHyd^$`vO
zJ88=1!`e<EhzjgDKGYZC5(QzqR2G6gl4ED`W!{WfB|h!V!D@=t7^uQ(Vq2mH$AZyo
z$S+;&4&x<r>?&u%h$9o+jwDO^D~h!BnHh2u?T+q`?zoe^xqG|lCdsrp<0GC&mvayy
z_|*82Y~Vty?9}_Z0ZsEu(~IT=E+>q(RX6Hns=!YcuH{cO#|OBCraiZl6JqtT9rA<-
z1Wabh<OT_V5i~kxTgSSd^Kk{A1UBDdc7(0NgixmaTZKwlT)u^zkdd=E`L#sf{I2v{
zJdIw1Jkh7v_Q68R$3LEGj_jikZbIOM8zs<A`4OmGFf!TZ%4MHnC}dJfU?w!Pkh{L>
z@2nov#c1pMS0$b8n8ZKyUy#neEr|Q&&^@D+qOqX5i~q*7WLfpiI5-+An_@{mkaIf}
z{H@S=ftn(s%cjnfQXA5nS?VFeJ@~f3l&0)5y!?F;Gf;f*x9aAJ>b`oS<-4NhG3@KV
zD8F|(x+!Nr7W#Z1+U+oJYd&f4<~f?XdG`DIfD%5fy4;<kEcEE}(TDjJy(WcaI2ar)
zb;A!(F^I$DjlKzCu&S|Ty*Jh_M{SS0h`8gB3+@=iq&`>t$Z&+or?)J>b17b0^Nr*y
ztCEg)58SnYFVvZ%T%d<nNwCz_zUI3SOK8xhI#W7vcV3ix|95tIJUj&y9EpeG2Ux%8
zaD*REhWpB`N3;%Aes=E;R21-y(?oL#whE4y2x1qg!tVEUn?or1K*Ilm+V4nUt6>io
zVwt*eD@eR19dy<w>h;n`Pl`p;;>1G%(GyfTk#$r#yp{=HY990}kgeI329<;L!pEp=
z#y-}0J>Y!c#?!&W)BYwXP2K5Zn?Hi5O=oe*$o;41Q=iGmpZXt4TSr;_eriWtBGpgG
z4%6u0l4N%tNhMVGt}y1qQrR7HQmcKT$2XTLH>(FCC&5TMi^wH?`ho*WymAojGO=nL
z)rXA|0b>!D_=a7MbIoAo{eLUA>i-#zbxq&cN^vf}ke2N$6My;UoM^O4<)ead7N^p2
z>4@JWFYbb)%BUg`L%|W;r}vo_mK6UaNc;MZ=;r)L`0D%)I>p}1a#czAbkdb1sG8{|
z*cA?iNfoqI{{jBbOr3O?*^P0V9jqFJSfFNmHPNU&#s|~A!;SI%zLu{i+&i+}=0~{C
zRQBw~XHjI<!fxo-){+`;j~Io{`pM}%*c@`=PI$Sdw&{mfxNyB=xo}b%`wNib(?)G}
z<18MX{`Qnq9&ViHQhyS=yOI?1)Z8>8e=+pZfkdhJm0Rum{Y``Ss}m0WAN&*CnZxq_
zcci_)tbKaX>zp?+5pGh=L*x0sNAn~HNFJ~qV!gsaI>o$yJJR+T{tP;NBt(0w319)I
zmg*~Q(u0|!nxES{KMV@^zpAEb_2n*JbtNRRY%I*KoSvpd)a?J&<BXN{t-AEoML5DL
z)=F0V75=<>Hs_C_^;4$U`{|w2iDD4U1TJOQoYOjQMgUsdWZ#yK+b0%jjd`5AIU<|?
zAfUqe8vJg^l`eT>SJ{oKg%@<^z2+ee!Jmv0-)lOQzNQb!UB7+noSN}3mkLia$xQKd
zL3K>j=mg&cmY-EPDq{p6uAou#+`Kv_J^kI7ySd!1op;^wbEA<d(nm9PKKkm#nXEaM
zoNOy<;LRV*sblH|0H{iK&z%Wx+)Wa05Xg%C`AwD>p+Mi}H5u3rM{{^gyB1Lso;b<w
zL1l%{cGLWO;4e|^;NeEB!PP;d-RbbHcK%Yw!bZcyViZ_Q*8UBC)np34o?kRse3y~4
z4D4@Sx!3VdW;csK^A9qv2QQK{jR8s^;x@^6y<7`nX}4?U@Hz|pw{vuLX*eQ--qL}&
z3;kCc$UX1^=DI7}d<+(#dIAA`;pEMZl*rSH!rr-a=!=rvunCoqPj7EEA7Mc$cWWNk
znV#st>4oK(j%4R&F%Vz7V>!h7y+(xhQ)eP1Hp(xP7Tq!^02(ywFMPIg1f0M?RmKPV
zeE;pZjyE60C<pBf7(}E-Whmf@KnW~#Hsyc$aZHAV6W)gEv5B^Dmwh7UEh7a0r_P^d
zRbD6BleKgdJE71YKYC|H-fSKuemp(*wsu+Od@~0%$t>cY<MdR1#SzJVU}Yb-5SBY}
z5tLgM6O{Wnwnh*yXUjc4UL<S~bKBefOJ<3ah?awi>-6s(gHg+J(+y31^hTNz^|QJB
zpmK+za?LqT9?Zy*n8Be!n~C1rL@ei0*<Z%gu#?X=kQJUN%h6V~L>CS&6xi>mPmI(l
z-qtC<45Mx-@0?F|Aj{No2EkvYxVvMI>FkRGI{C8X@eQ#>3=B=q$c{pHXr<B#@oQ}T
zVyiow2PktUhVg3zC~v@?m&Hc*-O|1>B(C$#XO29dy~Wq;k4Ft0AKOG{U^q9LU@&Zd
zd7<CX7mA9(@a4~N%+_O0_U;R!XZV*ujc<KHX2kg<Jjr>^98!E+b27_lvVVOHmwWkF
zN}+L=qr+yr9mG;9n7_mffw2G~Ejh1TysFSplnr$gsV(De^mpU6kB;K#&gW}=IbN3D
zBs(=sjJ~*w^In7GwG;tg6Fjij_8T775pGux%f62fBNVZrRsS7M7|GPiR1piubl)K_
zJyDls{$NV|9{@!`y1qp0;0&Y&szf$Xc_Z~5N&hV-{WdFX;`H5UrOyUrJ*PLZ&PuOD
z!CE~%Ro1}UY49$-=Z)4&;kByM;k9aW;I)`3-)9ON8N{47n@yQ=wR*cfei=Q@(<w6)
z?vouS8(|QWR2{<<1}6+gjP0CA7X)n%hfasO!-Jn6!XNm*-~afXLH8-F|ML5Dxc&48
zICk>{^gB8TDsBviu&q%Lz6}EvBMQP4Lh-rKtvG=&z=?x~U<^#bTR0UlSeb;gC55dZ
zyic%jgxkr%K%@|e#ftFR5D0NQYrywUz87W!+<AHj!q!v<zjYN@^EF^oh#O!?Vqjo$
z03Y8-&s9{w0L8!%MQr4h+Zcq)Ahs-rlOcj8MSiS-glr%J89wWY0Ne)=rZ6-S^3Qk5
zuJ`9)kSdFziQwT0gA;+1X+D8aSS^=+?7qi}(ok%fC-|)ig0Kxy;Ik?KLljQ5DOlk|
zqBKn&@MkuOkWiq)0OYmI2bY2+9QyM%&&3)R+3phyy&YL3P#*Kb&{cA_Clu(N4f1x*
z0(rZ<{ac>4nR^N4>BjueRyT9Gyq(^<oUhy4kgwA_;6K|JCmMW`9fgzN^!QIuvq@4(
zvJEE>22~79?_b9KO3aatsa@fh-+p1|+3&yqhVXNbc>ddSHYvVz_X@1|WHr=JY6?E<
z0?@Y*%XuLEcZIv|mrC@80mlc6vxna{UE2aBmX_t-Gxt^how-j-;XiY~g4KW3eda&9
zkGSPNYoJQdZ-PxA6jb+Dq1(7DO-pi}mh!%IpG~CEbJc$~nGpO5?z8vcvdGZ9khfzN
z$k*c?$kXwy&4rr1nU$F@+@~gM?zUN0k^6Z%WQJ0sia_OUG3dYPKJ$2MG#vUqm5rfv
zilE#4^NS#8eK<tm`_kjS)qna9aOJ;q_o=><4<k>FVcSEudr$8}!iM_bvnIev?YGwb
zbh%Gxe77RqCY;rM!tQ=rwcqMKQF@&plw9l0))}=uj=hI@@63P2eM{{Z?iXL_1tnIM
zg`f@i-Mq0f^S<QDGEhFTB3!-mu{gq%KYxQtE2=>8C0<td$$RO(#d|_=AD3>qFMnQ0
z*gPks`^J*i?+e8z6oq_UaFX2(Yk!9<-(~OkW*{@)l6&6jh`HyP%snA8_n`aft^KO|
zs{iD7@a72E_w503<N$tn@&h#9)dB)Ggjn1s4|*T#&wfcDZxc>T0iV?YPW+d-rxL@O
zeH?R-H`YaJlB>7n7gvJM%JR%vs+%(|%@)s?w<kY8h5ma7!S|2MJoMH5uOT8a8obdf
z=l*NlCoH)~<G$g45c=)QTn)#1P#OL9!*hTrzP2><JN}W_8h%T>x*m!z^+NZ_e<$uM
zIMjZs^Y;3$)_%3#t99S*zpVT698hzQaG%wF)o~Tof4a~77k;bQ-ABBZ;Q2a>=N`If
zB46ise$Ue`b5Ef>-FWV4{FYzt&RIUD^8;T4{&Rdp?upMZ_np;#v+g_A{<LyWIjnho
zj}2nu&Ax}Q4*h{k%00x-zx@o?AAb+~zB>S|liRbr&KjW3GXEyW+E3?6qrJ`Hr|0H*
z*key0D7DO6<GLMZ?hF6juKjA==cskxW$qE~)49q0cf)=1USjdzmU~pld1tj>b^k?c
zzbp4ur2qJyQn)NUBoE6y`Fmil>G;-`?5*E?pP4V*-`nS%EO(}SxC$2JfakM5gr8QI
zg{Oz>0&B2Rv(+j18hV`;YLq&owiBpHiX5r|Pf}~c^B+&*Oc{jFV&2T=&gl8`NAT;z
z&)}!em&1dDb>K-#Jif0cd+*aj)s>~Bnue<I^q?JF4=$e=#HW+EbRrw1;^!2+&xlc$
zD$$M{AgU-(!_?Y5eUfbQI62bb(SAt;JVYMs<=mGfMZi7eZc-(<yN7dUx5<yl54*w{
zw|646+`;eP+7ZUMxt()^*cJxg6I;XJy5PGlp^R@;u<j7wY%=+JV+eeWb%Xc{@4F@x
zzQkH~6SLdX**SsSemwodZ@-_Ay#g~|`Q`GTedB@4tI6B1MNM4xTHGwi6g?HPG+P42
z#_WR<bk*s&{YbKwVq;B;j@@riWK7x=CPowcppb@w#3)Xl5qqI1ZqKo=?y`dK?rr_4
z&)}`@t0DLBJ-k^uJPC5y$T>_;4h3p(zCCaUv|M!xzj%IS>;CcKQ;3<o9p37>0kRL>
zlP=yKxD#UM9fmuPpRsj4{rMMYJTD2}?7kL09K0Jo9Ky*amc$46xSgyBHBhsDv<u#6
zSDl)?JBW~tQvrVNySN_)1GXz{<MiK($R+2Ue$+%2^xZ6=CaP$p_Q7QzTFOQ$(wh*?
z)LsNNQ3X8{Z4FaFk2MOb8E@nGy)d|**IO-y|A?Cknc`=|YcbQm%v5<)dFH%zve6zV
z8c%a~d=m=w{tzmz#0eYyc@IvUBe!C3vVftA!GER+cqLp0;z{1|U^jUB{3#n#S2udi
zfYia@pBM}wTQEo=A)7HoG35OS22D^xa3T?c6Ncc;oQj)pDG1txlL&?qp6EVq4~On!
zkiz?cSd0QBSj3F`NcjyId=M7O)`!84FLsHo1xUKK54`7>2j8`U?8+zuF%j0m!jUZ`
zSy+z~W+(V5upqUbLya+?b$B14`xK%mOtEl9VG2W&0Si(XlI#IWgs9ROo>*|QBLmb*
zYMPo*cq+N9EL7c63nrhL24`-cg~Q(+fq-Qp;IY`toJ3H7l2DMcgeeL_0t`kJh_oyq
z%9_kiKQt*XF{2dZ@0k^YR%Xc4Da&tp+h*=6l&2f>pRVZ0+3~H*c{*o?yq(?#zggb=
zN)4P~IJ!@m{!91yl20VUw<22zoIGd<L)QsoGGX!G>OMo`zVx5GCr3J@bYT+=cW(4c
zj*pHGg|chPGl%W|m&b{J09~CVezy3oqH$hAjh}kE8yl1IUw``*hU^^%9t*tC@ASBj
zSll=LXYMoqh5IylVD9t#4(==Wnfp5bUAXTsfl$c^_tnQ<(tURR%qt6pKFS5TJD}HH
zvq0{4Z*6=x>fN`P`NI7y6|%gOyUkn6^K`-I+rJ5=MizpI%~9-^Yvew;9JZ+noV<0K
zjiddx==4$uSP_g~i^(&&&-_=NH-DDy(=XPf`)1vj{+sUe+K;Xa|5f)ZqWe_m$%SDj
zMv5&0_~G%7P-9JPD7&(pQu{;9+K++NS?zb*eL~|sVX6DN+AloUp}J3vBxkjseD_-G
z3$Z(Dz@+n2;n>aNaOKWbsF+v@JXia$^T1i{*SYVt8XaEc15J}!!h*|-;qwPyz^W^2
zpvZ!fP+~dOQuKS-r4`}`1DyEkB$S;|4m=i?*1IqLH{2%__g&V0@>fCUcN$RbFE*|S
zn`r0l@)qRkl=;hS%`%r`=Bv4<<y#%p+!MSigw=k^J+A6LVbpw4_s!aGbw6NzFpN4e
zP8>OY8-8ds_^t{R&U5_M1;L7ItHmn-?moQ>wbwKN-<5$5?pt#YLd_$}JT7vN4?5E%
zsRi8m=?+`}FTef*eRlQ-uSLGhr>Jf5@a04E0*XsFE<?9Xy`amM?hwDC1|)sHPdo##
z@#1FiU5Gwntu>oM8vpI?yYOFipZSh;z2$*+u=wL;%*WLquZ5D!%YZk2W{EXrp!UuN
zaO3e!wmr{(eGdJ14}_xgOLFJeAsY9c`OnbQelNB5JFENYsr`SF`;>d~vE1_(<mvF%
z@3~sP)k!E%H|Bp%JRfp($Z|DL7s^JMduID^_o;De@m}I2_o(h${I{M9y4+)}`?B^&
zvbt~7eso{@?~@n+eUA)eW1iOS_LJMtVozJ}UgOVeKdbwMS^Lep&!M_s7QLyzy9qq{
z`H@%?K-cX(z++Jvmvx_bQTGY8?z7r&%RQFNPdH?Lk$Yao{Z+Qy<H~=x-6vkae~sH|
zLhG1ExhFT|Y5x}F?Un^{wavUPYjCDFnfb!~r5$p-cW3H{D`8%C_<80B@N|_IJUx^E
z>}phMil(|lZ3TR<Q)=P5?ND=6aIhLYK9~T%{HV`Z_S=(hcER1f@$e)iPHB{iW+^pZ
zE#PYqdaWa}xtRtBBrz|6Y>e7b8>Kdqqik3kr%#e2Ir}9MjK`9FoJadA!9&4=y(agQ
zkUf>)-kxx{mlO_nad~$)=guyZA9jXWxJ^(qb$cjh8|Nl+V=L!-VhiW`mJs-EGv`|Z
zYY_1bfi;NudSfu-E37{+%9qF&xUQQkO2gAxIRNHoho{rCfART<4}F;Vf8mXHcfDI@
z$y8<Bir3<2L8dB`AxpExP;}Hj@ECspijCQCP}E=_6dA3Dnx+hVze=G|dkqQ_Bdrt=
z<d=-t3;B>d!;_%kh$I-a?L4eLb`4e>z6^^}F2ae=Z-~>5Cb7T4&a<Dvl7kmvdFo|Y
ziLYt9BpKf7wi-Sdyo)s{a}M3ZnvvAtq-75LIfrOqQiGBn&oW?#@w{wq64`JaS^IB+
z>a+Jj-^9ZZF=hk2(|IXm8@P=<_x>RM?~>Aze*TcI6vg$t)qgu=>AwTl&mSi~z;(aV
zZ!1Jj-2;6Rk3ig{&G265CGdW~&FpjOeeWQ&9q$do&!ug{?RvfMHU@1Y|2I%&<5V_H
z@jc>o|J!>jyxwOkyp5m#cK>aVx$joSTgW@2flAw8Vr`(lZLkU6?jzX<Z}*mL5Uhu{
zd#SAB^du5FJ&3h}HSl(KiLD{pZIy*AMAwxsPPdi#d8^>{<_qZxR(Oq?tkILtW(po$
zj5)7NHgYt3vt7;(nV;os|2h=t`2hss#F_qWzKAUtqBct~OeuupWLy%kz9Mu;?hKE9
zc`S?s*mZd~4A}k=jM_UE4t#b{Jj!opZk&ZmYoZ`<T?mA1#4v>fZw!Y(oRIiom?)Q6
zflW?=@G-jDm6mj6P0)rgMuiQb;J>Z{_^d6@f_{1Y{6H)+{y0%7hmRBV7_EaI^Ggim
z;JW?samKoetf5N5jn+ZSa`;*bWpu^rpnXGN;I6?CJU0xy7WlCD(`&rf`ZMT0t&e`w
z>$%#SJw~5Pj}i2<7fyIftu6~*Ykb*f&^mkt^fM1Xerz4yY+nM{YfG#u4JB8VVb9S%
z(z?pxYiV5`bfwYC(ioO}*<)-S@;A-`&sE+~e1#_zTV4u0R(P?WS%4BDio#PVoIIBl
zc&)&ogp^oT8j3D1$tbzB42CEQQ}kyz-jIJ@VOV%^u^2&s%Qvrp_snuoc&-POT8!ad
zgem&>z>3ZHgd+GjJy&#YN${BOWerdcA*u}f6E_QUO-iN{_Pzz);4!rX2CesiCegV&
zyzwY|vwzeR%F~V2{%j31m&@7yt*f~@(`()WpP6OY6*FuyVYqMgUv)nmCkK+SO(vn6
zA`L<;pzjjHeVj-j<hmWz{R##+iAH?Um-hQR!LPsbUwqN+_*W-k<*C)M@xmrJ_T@2n
z`iu3K9`p;2j(fYJ13t`m37se8CHX_%l3)Cs;OCR-w(2*zPfK!<wufFvj@8~+A4VmQ
zfi~;ggVzjvewm-)KE00KPwyqqsWC+7Ls?oUel9_i0eTJjPma@Lo@>z4)xvvxz68FP
zJomu!fgYFsTPG31dllS11Drq*Ud#D8z?OtMiBKjJUU)8eE#Y_)asnYH5ey9b9GdhB
z-(9(H_g^|Jd`=Ja9#33v$vLH=;D8*Et37(%IWy#J{rb#I!I}QS%onvkZ`CYs=WO-n
zs@yoy&e`@2@EBGADs8F)k=x?9=Nqd)w|%`J<%<+y4{y#So>>Qt)-;6*E3kgc#t-^S
zu7{)hbf0Q3K@OAm{5*)jI!(1Z2+CvqC8yc@h5td+6j~o*KtI!K$WL;H>L;y}+z;Fk
zf^PW3&|~J6c|Sb<0jjS`U{}(!W+}dwz6a=ie3HrCA%FRIg@nEb_;(5UMz5#Gq~qk4
ztoICBA9^O;r}veU&#B<+<T^^NLKkpJKhwTQ*!O_^rI*+~Y9!Hp@|(U3ywH0(HwgON
z{7Z|%gfo-HUIW~I^aGSz5C}z=mSX1#U3o|Dd!g$kR+M3Xbx?F!DJYK1QY*?@+%LHd
zKVxZWIDX@VSR25GOPe6~<bvR_xHQ9WQ2_MZ-UkM49}E?zg+fuRtDcLf=A+|+5)1IV
zV_r#C^NY+Y0mbn<fW8Y<|4X8m9`n4Q_*_oOd8L{A#pifJ;aSBQ#b@LDgvUC+(}E`1
z<bTo81tC|*w}9Nv)%MLZ*_*uSkbAPXdZS~`cA0-xb5CW=J=VJKtoECA-&yUaD^+W4
ztqVUq{ZSlQfbG|IK)`a$Hs~-pPaap^90TWmI4@oSko@TZC^OR!0@u(v5Y9Z7nSs3G
z=RgR9-cPwn%|8C?gYY#K(d7W<3wh|Xsyx)++!#h57zeG_wZrxMg7<QN=2)YoX6&zz
z=tjS+>$SBnd^jdI6rEENO5r$%uZn^p`-egQodco5oM2YlXq~F-v~A=pof8EA{;*~q
z@|ygl98+>N)qS3u=yeiuo!mWn>lE7_x^29?2@1?Aisz6w%S0uXmw}q=>%z$WqoHMD
z8z?aiJz7$h*M5Zj=kC*A+?3+(FUK6T0=J7@d1|fwEDK@YDS^;0k}30)T8cSlQ7I_0
zs3a6$<jHEirS>cCGc>iI{C8gW3G&qjIV{lm?FxF2r;&T!#XR#S<igyO%bI)GKNXV`
zb5E}JZ(PgW3BMmYW&z)sWm(;SHMvL0JR<kVnlDK!_mst4-s@05VFbS|IldJ7ZW{oj
z_l<=!-<}nZ^4pG2cR}eTe&T!(nIF#!%Gu;5c}TUEJul81a<A^LhB%Kg8?0Tnb%){$
zJT0zM-In#Akl!f=bZ!Xf`-DEP6uzz`n+xD~KqCJRpzjn8cb^`o*HR{;j8Eq#y^p@T
zc>Nc7A0f}_`C^!VC<D>=3-e#peuvy6owvDf$vpP#Lm0USk?!05cW|H216=!$`<8*Z
zhmg6aK!2Wl=)#GdZQh)bDX%s69H9U3)s$?jVBUxD^Ng(UbfqV6e$thyhiVHFoZzZq
zYNv*V>Lw}i@c2Lt_~i%lyZ7n+Z{b?<DERE)82J9eYIy#P*JZl>@%wLZE43%w+Z_&1
z55yTfNsbmx#!9^5NDWNZAk{QG>G^%(@OWPsTe6>%si}$2(Q<!fgw{omiv}mHcV8%i
z?=fC)N4^%{yBA-#H-xhf-^-e!;(7KOg0_R!i`zg;_PO}jUi_S-int6GkMrg!W1j@K
zKPea<?+JoOyDPvWS|)|U!@c30q;Pn^2!s2(D#HDpfpBkU01|}9E)4DxyTag(WM?S+
zNbCrO9|X50N+b2wwh*|rH3V)7ZV+2S;Co_o2wdMB%=m5-=UZZ9FnqJIBID}~oUgDJ
z+4<7O7nqMZK~7L#gJ1^u0yFcirJnH9j1K|ke+ZAJWIb_p)cZx4`AY8jvv0h~TB`m#
zuT>tm;<eZrkSS^sWNESp3Xe>JqGOYx$SBc3rRB)I779zKd5X(IBRB=^;JONo;N%}J
z!29`d$r#4TD;d5A@(knT9=aQH4cH7hdai;GyDo#*+b)1!YmbW44&d>#Um$!`BD~dh
zK77!1DP%*k_goFR2X2Kt_+DzHX6e5jKXVUMn064u=U(_=&`x-(-*(oBq{qD{CPTo~
zgHRTi*#_=_*L!b;tOIvKwvTo(J{YtEGWS>qZ**D)nLDq5tke+2$3FOICwz#{XU8S+
z9=`XVy|&`M?16HVQ=sgGWO#qTc6hVTHnu+EeI#?w4e)xW<&1axY=rmlHPoQ}U=V&D
zTk@++|EK2`*081RD<jtRzr8lYJGeg#{F#=o_uc~k+jBD%9<dvI@wLTA?SX&x*a(?>
z<8}_feL>#uw*}s%#%UkXNW~?iw`ii$ve!lvYNAr(w5J05c^$ls$AULck?s=NNJYA>
zF`<TPx7F}=SEZ5K73s3lAd5=Z6}Uw3IGZd_2jV@rj<>t5gnu@f2d`C`1h2)+fY&Nd
zJf5k-V26_~N3%CNWN-WC&pF!h$wq}`LF{UdN*J1ma12U1!Zt>Ne_{}{+t<+&OhzP)
zf&vqYK*?F9A#_m$T)25rJj1WhsIevi{8j}(Fovf9ED+u}$&A_(3w3ulWFaSVV>Fb-
zpin-s0t8{<sIU$v73)IqvnoIt3=9#QqM**s`cQLwZSY@%lVN-<JzrrRPQDXEARw_K
zdoL{m@x1|wIN4qs1paF=Os&NUG+mJ@o+s#WKb(-z<7HQ1c)`hE@fjsCu$BeimF2;A
z4LyfpjDZvWHRYis2KbN-m7wO1I#6+a7;XawA>5AQ%S(YDzCM0ib*QnUHttImb_E8#
z-Uovs?JG40=<^u(T6$lx<t5p+R@+t+Vm4RB@PnZY-{ZLw!~U|85WGGds^W7|n__WN
zfFTSg4P{s1go1@AAAFrR6kbxCg`_I@nyOoBK&ACjI7!9{_Tmyy8Xqr>p{Wc`Aj&TH
z<FJ1R$r}pIF9v?g10ZfgHHcmp52Y9T;DosZcwvAljTFU+^WyVngZ0997r}peAO@S#
z;6>pIk5iGkI7yye41$)0K+M{Bh*=X4q01|Q=e)8|Vvd&*qHsc_f}x0@a8z=3#!+f6
z9=A!wA$R9@ASX^XvbTTZZjKgj)Dg;4-Dm#OpUvfHm-$N0PH*rg>+~`Zxiy+y(dWv4
za$gdPlLko$P8h6&qbHnTMi`@_4VrWZtq+9?40M@!FWt97o{&dv_jRx|SbJ^h1Np`j
z#0j(y_|7g5^;S28<KLJ8j&5gfoP+Xse*3KUXTJO5B%l-qdh#fGOFY!tQ5RyjR>w&>
zPQX`qF=xqlf+nvtX{GZZc55}Lf#+WwzBUNYJ9@v5cwMO_82)FKgrYM`LYc+*IDVFN
zpVmoE)A?Rwdjf=Qhy;)2p6nc;bAh1s(9Z-rUuYXv<3t3viJC-3mzIRk4G~anYfXsU
zPz5}edO?Y0UQmWj9?)|;!hMO?GBIJ6h{=NiI?usL(IOMpSi*^eBNXsC#^ga_nLsGs
zEABJ@H4eWp=zfWrUXZ_UcGf)2)gd$FX!YjgyiKf=jm+Vh-^<bV%@w(DqMf77>ri4?
zK?uk3h}?>kYV_V~Nm&?~I$D^6S>xx&&}d~7@S5!nVe2CCHBqb<(~{ixL!an=gWZjx
z-tI;af;EfR@K9DmtKgW^bG3KYg9=!u%i$zc`cLNu)l-6M9XUpIJqDeuhu;a+x7C7j
zs{>e_rSFWgxEykHnAkFaA0GVx)mGF5&!uHqZTG{;EB%=}IbL;J4M;$*X<g(9`A3h-
znqMBj!w6p61DK<M_`Oga{j7?Pk-y{}`RIXlm$r}GCHLu1DNEt!koVGma+W5(bWYG`
z(s@#4a~w`?eenCilRYoJ_QTg3-#xf~s`dQ)qXxupt--vf$7o$t?~9@PlTJ?+dkygY
zgYO}5ZZJ-Kar@|MB=o)Lk`hp8QE~8JRROAOjDxD1Ye3Zc7$}Vs<w6UJvtvZ}$@Q{J
z{NU(!$Hm$J)}Pw|g(enb-vMQo_&~||rJ?ZDVo+dw5hyyP1gq!L`x5iLpunsm%=?H{
zQ4pJ04Wd@ZvZieQ8HIV1PPp%hl%D4eW#-{}5pur3v?5Sut~XR!8Ota=#|H{dE2?+e
zUFOi|m4(8?^Fz*dndvH4oM^vsG)Jw>MVa|Z?#bTbjm|mR$=s6-f|gfwJNKkj_gOt(
z8v?t&*e#AMj@85Oq4J6<EQ^ry)PQNRw-r47)%-=+kln+;b52<Zz}J*n?Sr*71Z#2~
z%tZ|#Zc8=hqC5wrxAe<u{$0T{66FCp4-@b_qdG}GQJwRc;|V2ZV@+RL4$7?w1g}-z
z&@!owan&CE6A&FYb!K&oo@X^5YiIGfrJ(rCQs9MSPR&~Roj}_`wVTeT%A2Cu`9ef)
zs>03-={aQ^$}*vNT<Bb^zP%PiP%gs9=v<@MuzHX0@xycc#Ep||d+4_Q;sz)>qXd*)
z$-fWiH69B+q3{gM8`FzHDXhI^mYa3I*piY^WU&W3_OY9)GWRPbMnQ?i=&^90H;=Hs
zBW0HQg7-4qPCO=MmiR)k`6a<)fhR<+tpf4ut3!q5!B7~pO-Z_H+o<;{)Yx=U`&r#5
zl)A6f{tVAOczzbc^OxnG_E^_3_k7sm%><!5xzGI1(I|8IobBGYma`*$Kk(ecu2>bh
zN9R4Eb6@Ab%sp!6ag}>`_R;4as(rl<_7z6(Tf-GiAosZZ=s<C(vMdh1x&MuL2H@h2
zi%@ZC7;}YxkMP_<Ih|^8t?hO2d#*C`ugq#+R)48US!a6#%RHvj)~=X+OR&05(8UVm
zJDpQh|0$2t_gHbvL^A)d?6QXEdHP<UV<nxhv@uFJU)ne~2>L66BFjA3IYk+azU%0F
zBM|2;p7^~(>y}XNFS4`*`wpV-hgh5|lv@=Dg|Xh#yugxqB<|)OLS`Q|^SH`A&fF)`
zaG&|Fari}{x?hrVPoEEY?&(Oi|MiI;37P(foW~n;e`ANt@BKI_>l&Dw4W3PZAD&Q?
zHKiu7t5R8Ww3b-vnxujhYLe1Y-mj*h{#;dn_YdHb5f4w3W8v}sYVgZ#^Sk%{_h;ZF
z?!%`m{ozv_(;v>y6VLG5jS~~$*4AJ!8k^K;+>gs6P2kC~mhd>W0c$WmP6`Fy$Q10w
z$Myul6Z~xU+M~_k3BLBx{up@78lBYetc*nA`lu0$>)cxj9`CLIPjFw@>kl`?b>m~S
z9;4Z*G(C3*z~jAmKeZlyMl*bUV_a7}JlYk&w$pqq|GdZhE8}P5axX&ru{#hyt0vpN
z$0@bp(e5DpEPNkrdr}yK*2Oqb4IZU7WIRl+0rz)>!h>DGxTL0P7~I<t1b4Uk!reVl
za6hF!+)HTyclN}>?ahAh<F-KFOx+%W1T$`L6X3BWZf)V*+!BJ&vLf8vToG;{-*4hv
zX9UA{8!I9~@a+bZZ`O0ZM!s5C!NQmL{Ve%{!1_dd{<2^W_yW0wbN#0?J^+}P4IWJY
z;P9p4Sqn1rWv}xuxbeVMs@*%8B1SKJEo$N)nIgwS=Ee)5;IQ3LWHdEXlc4YjlR^q~
zg=xXzNl?JT9tJfp32Hb>@=Av8HlRi*LCsXwP#t0=$Do~%ZNN6hKf7;)o}12zQ;s)S
zL&t1}H@dEccl&LH5BhI~QAt-}-?dw??~~i?wbkYyhSV>9gximvLBB2MaUJU+cHR+K
zaO^95{0@A5?<w4V{4;#^<73!y`3BTmatyNcq5nwJcF5dkD@4sX3_Gvfgrtve!iMwT
zf!~C^@ISa6<)@^;ri<UhUi_@Bm%fLvX$PRi>eF!e%R3nSe}XUXJc0H2df)N;;GexV
z!<&7#v8L;mOE+N8$G2eT)tgXhMhg6Qw+&Eu<Q`ak_B%+zb?wH_iJN-};^!S^`|#cU
zr|`|aC$Q_v4fYxT=&=#rrmIi;Ze{n2j@$)P4}J#cuHT0n4}XFyHy^^dy;q_B;v=y2
z;&uG2n~-?+8}J&r9sb!Z5wi5!VA6BFjdh$J5_~<;omgwqZH<l9kfp1Hu0R#A#wl-j
z+MA|t87wpD<PJ+Uk2#X13$7daN5eVrT9t`Fzd(2`a@@X5<p+PjoL43r*;teHjr$+A
zejW06&kBKy`DB?IAe;yT3K*g5Ier+#+wSdP`O}*5DHEW~0$&zBd@#Ij{$#6o2H?))
zI}pFTI`}N-Aw7C?Jj}ba5YGQ_0e<-DN5;9^=U~?PIS`&0$tDyu*`?Rg`X-*40%w0X
z$NuE`yGPey>*w2`%l_`L^^5Ir<oly===x!3vAYes3Sr`z$?UPi-yeZF=jMUm3Y?&?
zEXRUK_k+FI<HW{KH$&)}N>FN98JKc*8XUfU1X8~{3^UHof>KLLvkB4CE6X7j*G<p$
zJ2(J3?eEI2JfZFFo6?_6T+6KRg#kwf!NKc?;QHh1aOc@wxOVpwNW8Wls%@$X9!ovh
z1U+F#J=purKDNH3ulGUiEp?&C!QOD<=1KM+6#3@ix3KB6EfBsok_DqFXQ#u3A1|?e
z{_4TkkofUB2wM}$nx_<?N-o9Fw!{m%9q0l3zDb5}9(~LHB=EC)pTU+-w?ger^`OW+
z4=A><Bt)%?h3#MLghSt^!ohD2L4!?=pi@#;IClLw+<bf!uH!M?_tk!=wXP22pIHc+
zZEpd|Umt*PAABoD5a8jnhmiW^VL0&hL1?<E8RVLr52~-L1*<Qwg^RZ@!L28^*_At=
z-1!tXUfm2q3qo;{<bff`i!;j#HG^ISG}$gXt|(5jakA0zP57|Q8+YDo@<xbI-k5A;
ztNYJ#+1q5koTKfVI4OS%%1-fw@Qs!EWWt5}A?tA>A)vskqvAT8NH9Vf)QptKNpS@X
z(gX!+lZp)aO8|0Eg&IYzliI;^wZXc*H{_pQ7`#`MW8M_O$wBy%%5e3z`R^$H^86QQ
zxup$wEb?R%kdn(wL-VATu>H%O@Wq2K;VwG+&BJe)M;-QcW^NfxDLmIlog9Pb%wg`>
zvpdZ5Q@2h-kK|rZcp*-9HpQ}Y@erOr2fs^&wn-hB_cS^1Smp_}(fuu7Y{k#|0?(Zv
z;PQ``VeE<V&_8t$J0DW<{91W+H3Y5-W)tOh`#a(}oyyKfI*(%4SA$8Xr@-YqSJ1H^
z(DBb<>7^A=VPy#0C)PMpClR)Z1T~^O*;UtwI)PA;lLs+@C?&B^AXxJhgFPW85A;h1
zhQs6;ebl)Bs{AiGy9{_tD+T#_WrG|z*~r-`Gkn<U%|YZl-i%)`<cZ1jPPW$nT#=*Q
zn}1|)^*R(Enjb>ehT~+qGWf0zfC;B233GUZwblAIP<oLMYm)BzY7ZQ{ah%oI4tqO8
z*8|<zzqNhq=`FbN<OU>vdjJ}2Zw&r8Sr~t264rREmpEqR%$~23pw6}itZ80uO#s%v
zo^a&GQ8;?z7}n!WtR~L9FdII;`!W28HTJ8AU$eSZds}@rf%IDG4IdpIDz=PY$w}WU
zo{P({2{pOh>rh`f@LdXg`{+AXi$A~rIs3k7u%i)_Sn36(R+M2)t36-uWlocSw7um0
zQQVfBPp}^1w(iFLjN6FoURD;yoE!&d@%xGP@mo9xwtc<>Vm4NVlFM+?%>H8^-t3%e
zpWG3WzS#?3<95?$fBE1m*!|@mXu7incr5W`uL)UK2{wPe#rR%nwW}>O-`xsQaa-s=
zw(|Ys8|*x4vZFcVUr-q8?`X)j^^5yoioFJS_WT(f{^|&%U@h;Q)C~&HD-O+fwPb%<
zee&ihw*5cicfnWq`TM_4hIYF<La})z*_By?Q-`tdfqOsQ6Klgs+=Cmi|MO(n{^<^=
zw7fF(P3{kezTw{$3(hWrGIMc~Ki3P2&M5(9=KH|F10TWuuae=5dtb6Y&;9P<bvSYT
zBuqO#11c^Gg+kMcL9v-7AaGGd*!b}#IQaD;ID|A?-x8W^XwH8A{?QHi{^1Qc_|+k3
znAjK!O)dr{X6U_k2l~Y>opXhT<VE*0L$1!5A$#jL_h+wX{df83maXL*9dI)KFgxX*
z9v?u!63jiDUFROP?mMmhSo5hVI5>5P@z1!>zmeT_M|UW@l>b858?(*$Qxn;9bfaGq
z#4V}@B^Q)tzc?OrbTF%Z^zTbjUH<g`XUvy++Z(d)eac2bn2FY0OGJN<;(2%s`d}96
zlH48h!bO%%dhGAbvJJT?J*&UH5d^Ibh4r6qfD4$r<S*%HJ1^b5%v@S{3CDVwAI!cm
zSG?~qj5{%bH7Du&fX+Y9<z><HPOt;NJ3hJhDLW@_J-LPF>@}EjdOEAU^a}#YMD+b~
z>CR=$Ft^$HOs`r0=|-r&xfT>(T8f=N!;g<-pLOrqeYQPxyMbOLe|Z45<9SAzCv0s5
zY{T!DgWny3gWn#4<~v$J@r9*W<Fx3)5>S0p0xZA00yE@!Jb%7tPJVj#Q`q^%ZfL)!
z6L`$`gc1wz++S3NEytgjgy&c)I}auun+%m#M#K7R8{o_TN8Ve2M{%z2|Dor!ND?Rz
zA?|JjcP~_F3lw*EcXvVv5#sIycPX@#LZQXo-QBHz?*H?=GqW?Z*+A&&Ip_Pk{%`xa
zW_M<Hb~oJf&i&l;&J1m1cVFDYkvm5*bLVVvkXRXYZ8&JA>H7=y`^D({O=<V<z~FlZ
zOTLG;f%_G^nm3ju&)S#H;33~*FMJQ}9|l;WYD|dmJxvY1N7es-$M;B{$JqDqV1rTH
z$I6P3TA!8u!~veFwEyr;3&O$M>L}JDH;$riY6H@*w4bQItT7^~Zs3v8ivEt#_K|ih
z15K8-5cNPH`SLdF+vBOGjv2gm7`zhwXkSuO1e-kYBaOBT-nMuhw@K^V$A<5VK+XKR
zVju+{+~93@@{d!6=Gmw4XY#hl`!a1Uz}rzE?SuHB1#6$Tb-r1n)>n-rU&Xo($*n5R
zE^D#!V`Lo9qVIoPtdsW>Ki%Ae*+0$`2eSh*LR1f=^*mbNW6JwzLsKO<HRXFuXy2fJ
zt@aK2Cq4cTe2>c*8`3@b`9b7+dKr8VH_`X+9dB9jL8Mjwt61xQy^N`V7rB9W`5m8f
z-x^XtS_IoUC{<7bQ)61He5df4%%>9DJ`w@suXlfv)kbyI?ISq5qye68`4CSwHNc~v
zM$1d2c5Qb!uCJ;mhm_6m^O2eO{qAo3`RXSA_3I=2@$3?Qx&Aet?&^!Dn;Xz;KER8u
zjqqZ}SNP>ZHhzD2gkF1Fy!Ou**YVrEeR%RiUp(1R6EF7;66^Z?-X8pV^BX+g(F3ne
zEW{s=PvFm=@8ge`H}LE2@A34<0eHHpF2qPx9)Y^00iJ(D-{sgmdjAjj<M|cw`afUY
z!tW0b<LC2Pc=BBvdQTlGEZtlSuMSVf@AvnJ&-(ew8a(>;EBt&e4Szg6D}C0pi+Fh<
z9}l;DM8AVasWukxf3~|1e!aF1zdt#RKYzJLJfO$t@$&Lo+}-ps9;~m2hwE$O;nyGH
z#mNNxdjAlu?=HRWK7M_898XVW;MT@ZaC>zv+!KLn1KeTON^pp(<<{!@f}5-A<AxE}
zMVML-*H+ZSRfXmCa7E^_2vO@wES0#(Pz}Xg&~Uye3QS<)b%u3`u(dvJXZYb|tTm8o
zgGW(TTYjA8SV1WNf7q0Cw^WIyVOvUk6a}*;VR*lLh9Ok-n6*WR`%D!#!Pf>{XGpkA
zS8+B>Hw&DmNjMteFjc}{ut}hd5Vf1K3Fc$hV(glu@+K#bU=3f3vZI!x;-rnRo4gU<
zpO<cm#qFo_w{h{FI@COD!y%Lzl83KPN!Kwl)n5McJGy1>#(Tq8;N4Mc&^1>*qWs(M
zzoU87W|$3FjE|Fc;a~ENwf;rs@!OL(#AD<3&8eHPpRfx57_kx!7pbQla_gM>9nAXW
zA!yzf`Ypf7bAj(p-=u<04G)xd;^rgxOkIsq!<VDf$QAIKxd}g9P=Bws-F~8u4EXi8
z-_T(0YP>rr7v)B+Py^JFj1r&{BRD+O1gOImOa!RIv}i`58U?B4hDaE~&%sP~5oDq4
zAX8+@Xdf%jHSqhj>l>0y-ysL3IwqpThYJN}jb^l#_0G+3WW%<H#dy1Zmay$r8ZIMk
z#c6YFvKmt%*l2lE16({PR3~%Lf9pWqk>5Gr&V^TkFB$Mqe6;FQGT-OrCBW{BKcY@j
zJu(4R!J{m-rzaY>Ef=?<9({*UDyVBw=d$eV3VDgX@y)2jmBQsVZp#EQnvx4+rTuhu
z52~a{M{#|!{HXv~BrgH(Kf8}+*)8Cm>W^(#zmw-e6t3R!eyF{;9!@_vBhLkXyz-MU
z?n;~f?F@Ltdn4mSR*~1lJooTCzF5&3j!CZQv!%a0m$#dL;rmPa%P1&q>&0(SaB`{q
zOy5?XT!mmVI$T@?WCUXo6*St>jM~N{XF9Ix0{cbIXuYZ}e);_uc?q!Xy!v~!?bz+(
z2#yQIgl{Ivb4<5UYsa8@`iHox31D@N{v02td<wS+PclGM+%R!OtUOg7YguGso|sR+
zRXf!!GkVU@y1Cf)neR=7#`~}zLWOp3^CXhGQed<8h5pO8D^<s?kLB%3{mi)-N412i
zqS#>VYxS?yz5z1u3Jqkq@D(hTruCLmF+tQ_N(F?VzQhs<9<fx1r$lWs=nNb6TD0S2
z?emlaP9DX_givwYXG=f)_NUrsj@>Yxbm&7xZ7td^YoS_xO?V{xVD1lLI$h4+u>fuf
zUI-wQ&mq*~U(|wD+xW&SW51(qDU}Z%RKw!aOXMYmTlT>m*hM?y3o4kkmkZ(3OFa{P
z;F}eI_8U8ig9oM>7qd#c^5BXHXIzrpsc=xQv-#-dBm8ttJ>suznTN9ApG1XvdSxmY
zs5r<Zc&deq23-L`uVqptf)teEK~q2&;L+GzY%^RqC{yDig3Z2|k_HvsYqc-yvylE-
z$ELLW7q#yn69nf`wy+;$0o%T1&X(_9%8B((&7gfVYcmVmUKU&I2hwYLmWKZ<Pcf3U
z2KDU``}6^8?-hL!M1SLMU-!gw&A&7MyZrVqRf|g7e{(-_kLSzJ^ljI*-DsHC7{S?<
zv0$GXG(COw1P5*&l%MI_*@x%w@v=|FsQf9rrpt5Xa4P3>`0@1^NvrXP6N>H+pWQ^~
zb=}~S?2fkUJJ9R?ke86}xVT;1WWu=Zxv>`+N3!H+`o;lc)yx{=V1$2G5N7=}N7u({
z+v8V{(Qng0xF&m|`En|xG-1+?OFOB+SG}6j_~t^jGU{T`mLc*S(=B30B-~@Xv4;xo
zq8i`CW#ERvaEWolsxxckxu#poj4zP3FI|2nU7xdZbX9oJXH-k8i8W`|%1cbQ12+z!
zMaD;Pif~2ajAnSO`K{Z}eXlzxtF$W*ub^>KGk7laQMJsP*P_+ASZ?&3w<)>ccAx4D
z`vI1)?`MHZ-3=r8RP9r%)U(WFyZ(~zaUE%c`uT76J;r^%((h~ge%^k*SlLE|&PvNW
zlrQ$%wU*Qoef{^>)P4Vk6B`i}9U?|krXSBV+*HoEU3qc^9oKY*e`X*WENLX3EA7Xt
zKjGFh)!R?nIt9&hKh&*j;QGO6nA=3$DZQw6_TD+_w<?S9Mrj*PZ$to(g3Ss>P)=nm
zIv87|&JSEa2)~3tF>?CF?=R%Jg&Q9r`*6u8aHH*E{e=zkT+{92oKNvl!6&-w{ZHI7
z86I&y@J{hV|IGt&LvvFu<Hk3HT=-)YeXjucrv$+#(O-BhrCoS%5l3#RmupZO|Lult
z7y-8^PpQ8*?)$a<z82$tU)$FkKWB>S_uoeQ46T>@e(x|Z@;&8+@2S+=JYAMMH-rAI
z+F8`M?`wHa_#X29lJAkUUtHf~O8Z6o9@+cIzK0*b&iAnAVXck)P9HXPUeXoL@$T@<
z^g-)&ZN<SbrL8!!0zT3H2+RsWqh(FSAcmsa?(09HL4G56ru(4Hx_0`2b@dQ<lCSs6
z3dCotzYqgIifT(wE<<Q$HF#(Eqt)6rc=21&nm>L2G->{0c&Gb`dL;Lh>HQ-&_Ej!1
z?(k0Y69*$s+}GbETHA7t<O<Icm>#0{J&NZs_B{-}-r#-y6TXKvu1q!hESB~aiqd}(
z+7BS@`$Y%Bd9)4r9zL*ae!k3CWh$}Wsj=>b|F2WW%<@5`)wjPVTH#sL`*@KT1QDDn
zK`IBX0&P&LMF~x1wsCN34E0xnkM(@ZBRD_R1*}iV^PI`4f~T8mi_xP$UtBCN0si>y
zSDann7dKbb#Ph99@$2~v^7N{2(YD`dTX?vmAD*nMffwI>iQn(5ms~M!w|7m&-Q@vz
zaZs)E{`mb@yt-}rJ-@%ajR)I%;OU0ic*&zow>HPG*IwUm|N8JG9&YQ5C+lnD+4`z@
zby~ft;_u{lUfkF%Khw7-r?PQ-WlcO@R};^E9E3k!sWrE@{r=l8xUlL=+*%fj2b({^
zFSmEfOA5CaH+SLM>K3>~>%FtOzTo!idbqVpW@SCxl)1sIkhs30F0L=Hi)%7hmq}ca
zxxBQFflIV+XD-TIpnA=i^W+T_&gB=)Sq-L^YuCeEkVDwpX}<U+&I-?CD&oTI3SY9`
z|M#ugta>GyFF0rR!2<l_!v(Mzv{;N{b!TSiahtIjt}-suRh*~Ml;A1jG;Nc>ajJ@g
zj*YONB4H;}X|k3LuqDKF(gu_swHl*W=|`|O30nh;5zA11!Ui#db<+v;8m)i)DH*FP
z_nzR&-N%@?>_=D*$-$OWx3KU0P0U=e3*8epqgTone0y9qYI`o;L8Y<FP-5tEbjbP<
zzx^St=i&2LXdJd0W_@$<LEQIv^6FPHU#Z`>9=U{sEeCP!fm$f=k^7dhTSbssFY;Tw
zkb_g6-#-3pnDwUOc=jgTdLrGyQ3(U~oV|fXoA%@M4e0{?O6!-k110+BiqWVEJI~2;
zrMBb56-2H73A<103wgddSKaAL@LvB+l;csX+R>+l0#u^N@YFa!CFB5AB1d8{lPxGa
zNFfWBG9nBem?@L-A3$FBU}9(v%5+P{J1rLQWddN<c&hfgOrqJeH@CIzWxlFXUn;VD
znZtLwI~o);LSr&04VRLcQjkqm!=)0{b8Ddg*Zp<H5}(#JXwzUSfTxL36-s;c>njXh
zK8$vZfvA;NM;Cxzx_=2XHqOHIO*3)nfjUBG&dz!8Nc6&_AEdj8D(%9(3&{E@8{5uo
zljlf{H8o=0NO;70Va++UfaGhNg~V4ua26R)GB)9R7RXDaqOMVD6A{YtNC~BFJ@XAb
zqkK>+w+;?zj*#<baN{88`lIU@xo$K@e?3Ob<HkWm{PzhMv0@~?JF5nm8_#SKL2TFc
z-SOgA$$*Jsp8nr@@*Cvs%@=pWHg4NaZ$tjx#d!Eaz1iKfS5HNt;JC;I!@n6}D4@9D
zN&g`eLzfK0x?}6bJZ?W-`3XKTe)w#0OFVoftw#wG_FUM5j2|+@zk#+5UNsc0a@yeA
z)8FFi1N9WFr}Wu7Pw&LHC%;99j7}&xq=vxfZlA}Ll~XY!e<&iiL}K;9HE0&w93J6b
zs!56=qUEUqKYt^EGNzWvXxB*u#)ZHy(jSgPD#DJ<R!{Q`lDoJTnYP*WEHjRb*mK+7
zWvIxuMeX!DXu<`?YqZ~xid&{W!G$hUpNa{l-V&mKX&|UuK*fZhp2}h>EEd-j@F+it
zI)a)^K2zI3jr>}I>O@F(DEe&fs|#4itmhG|o~W8v166aY)3iGLG6K<cU3cB~nYK3_
z4hx;|)!KHt(L(Evt{2;9*4}JG;e6xiP1MV5K$`7l2(0+#Rg3o(V92ten7m;MRvlT5
z>04&NDbfWkS9~ExLW@T7nz(TiT%z4jBeymc>uO)Xr=xB;xfSWV({b_sMR~5&PTo3+
zdWj9-66c0#JJk@4*Z12WzhUj+wOD>&1?~IPfbahEduW{2l!|6QwRoVSK?fHTR4fFi
zPys>&CCkXgLm{Ym2oi;ZR4j<80zW4+Z<vy~H%!^+i(-IKG;geZtyZ=AEt0p_zEpsO
zz;(O>?D|`<_Agm~QPxA2yrEh3uxMDRcbRjQ`kKSOe>pLNn~Upec{Q<MZ-o38mIK!1
zeW(}<L6;5P3<sH%{q;|m_J}_0_R~A!xwh@UydQb{@^S02>P@&G?X#vIypw$~=cl>y
zT(#{yw-XsZX5z?oedv*WI7fu`lXs|h6u<lIE<Vj_3D*P<jNU$0?GMR(XYS6#uoc6x
z;lw5}kK2z|e-wfI=c`)b$uCdjxl-fL&DoQSJ0^a|j~9PLHtlzAKUE8Q{*10GyTdNl
z3BAAWYq%pkYrH_-PL>^7E}nBcdG{2mrPe^B{KmSwv~xRr?FelX8904g9d*ua!q*eg
zGXG0#KD}A&`;^8bSa+WL0pFe8j=oF!i9mhN^}RTF<scSrS%~4wMqt#6G2(kGZU41{
z2#N{8#I2L?{ka{w{R;p4e0$<stU0s>4PqK1>8E6Q3B*mV0_O+AEz%RI2h-%aQrmZN
zKT@`*V$;#h;#$2*`}WMY@DBGy{p5zY@kD<B{>bGcNc%nwr*G<i>-3E?;5OHTG_BS9
z+v=aU$I9@U<w@EvD-N1jcPZ0Fmb{^vcQ&^nzq3~Op5Es0o9=;ziyIsH9=YFtP2XR*
z-)|`T`zo2$vGKfm<IE#BkD@_FBXNMaB^8A{qMI9ULzAd4by(meeAA!uHpQMP?T0js
zTsd0&EtR(Y()S2Wt4iLaE>7K7|9*<@*_+&WbOWQ-k4Cf1=6I?(0N!`S08~q<i6zIE
z;qdjt)SpZH5dIFwZXCmRXSO3@SCaUfZoi@qh~VJLZ&3g|Q+zOC=Op?pwZP|VAg?^M
z5^1~Bu=D&*Y&y9Keldagd<7N0&u-!ClUp!r<7^C}{mabFvveLW?La!*X}>k?`{~$0
z?|t+_GoqUG$o^;Tk+rBBUmqXkeWE)UH+t<DI7T?*<E5YKwxuU8pJ4g^70B3?fwOnc
z%5$ZC*Pyk7;TG)<pLl<)JENXm#qI8syU5<1gKej_8T=8qEvL7_e_<eeV*?8J{R&FR
z!~Oo>*7qyAe;e(~z9)iw&rmDa4djCd7J0Jdb&ckax9w-~(uO?0>nQd;wMF0mR@x`c
z8}u)0|8>4c@jOgzgYT&;c^)I*!+wW@(vjOn%Ks8li}@iIeK+>Q)ZNo?{Qe1ft~6Mp
zO=eqh`G|nbVC0-sZ_;=B$!*NtJQw5EjK{H?>SfE~_a?$6-W{!0x6vKo8nj9}5LGRw
zh8Qiav=cW^V8WV-nEmx^+;}YYX}s->*)kRmvCe3}t|R%T8~FOf*O*B)&5-3oF=xvh
zTz#l|=!89qaE)_E=k;CihrAt0`->$QymSaAuA79_N7i8Krs;59=#FYxHFO8gj$S*8
zF)PMmHvJwx>wp^%avHpTDAhjFWm^oshdqz%dxEsSNAW)Fb4>akIVdfr?-AN(otx6X
zR_lsRwfZfRVrZXH*2x%rk3IGMJc8Bya{1=vl>^I$c6)xs#?NCaod0D}1w4zj#mkko
z@#?$JiI#Y^jrq(3pQ?QOi3vW|^UX&FUJ5>x;M485euQ7|sQcxY4=>`z_R)B8U=n`4
zv>5;TL-G;aZc$BrBC9SQuBjnLuF^lYnEwZPk81~WapvpscyNBJn8)qqt)Fm*f6sB%
zzy0>}6I}i&5ob1!!Q~&qai3m)dCOqjUJ`^Cd&kl$^?~i<>j!b|Ko%Zd)gQ2ZcI6wf
z?q}<3;g_=+@?5Dsrv2O11KGHDb_@Q{9DI9u^GDoS-3X6Y1>?nW^%6(iI3T@!ay_w@
zevkT_e|~%oS66?AyDO^U*IVj=$Y=M?;pErTadOjmT;7|4TPN1wRKdr%v7{<qU05!^
zimz#V1E;<X!>KLP@bu0pc`k5ge;h95SHbNSb#Y7P=5nT<OkLa{t}m-&;M!7&t4r(B
zv@WhLsf#Pb<$~G<E-jY0D5!&r)Q?>d)E1o2tAz{1Ib(A5oRv`?8!tDYSqHCMz@I~X
z?2XJIyo$BP^XQ7WFtdDnS@QqG)^t{*63xP{nKh5VJ1xScaCO#JxK00>*lfU6#%0<j
zI2++KRmE}YMuEc=J@%6&>^L-?q=y4k!Nm0jY&2L;SdWq;R$<gieZbmi?kbcSwiM;Y
zu7lP1wb*n*Z`v2G-vf_fsqh_>4VTe*uo|@#b>?q^)u42keH8_>j`1+-oQM_?8_3W}
zMfBqrzo5aqbujCbiw+q-k};7sXc4f^TLrV;+4vxKyCGoZR<P>?EPKSjtV1-~#cei(
zvfPH}?}S;;4AhO-stZ`##crbc>F}Sq(Gak5+jjI49Qwz>tZf7u&s`}#S7}k34x&VF
zde4mYR0OF<;n(arO-3S`ep5J^ie!9!^s>A}3Rvq*Ta0)6rlahzB}4(SSkKUWl_7aX
z@Ca05Fr$n@l`#aUQixi1pdQPCnKBs?15A;wr+-@U(Y@Dby@NARrh5|J`7j(MK8!+%
zX0tDvRUf2WhgBTKuGGWAx>E158!8R3gmq7I_)K$0gT;+RxWplAVaQA^mZ*|l4ShDL
z*YV=UhJi;5D2)rQ)3?rG{OXAaT);Q72u8oJ`{QQ-96{s0c?1OqcJ0#Iq1>eMcz<RE
z3|=?HP_+MW=?7F#u7zFKcZuiRF5bI{PZB<b<182WEeJr)fn3AuSyRK;j(}T?2Uefe
z1gvMjL(n2J4C%pCAb2C}C-n}$T#PhKZX}LYZ#b_BSjkj-MtGrSR&CuWNc>shTNa?^
zg4(FJs6Lt`HN`0^nz?a-6ZZ9dn2)i*yOT<yb^>+Gw4>n0zq3htGqhXL!4R-=TYg|U
z+^2b<(lmR7eK+6mTexjJwh_KF{ZVPE9j0!cCeM{x_ky1AjP}Nl*VW)EZD%?xMwG?7
zV@kp|%pYg(NyP;h;;ph<qgloWhJcmZcc;EXz_dVEjk7_w-0pZnJ7J~8?TCl-ELV8U
zrh<BxT2QmOt3I<PJg0aeBrKGQMl}H0eDrI$jCVt+5oM?^vO&OXGW%h{@LL!F|ENHT
zNK?@ABH;IGG4&c#>*ONaZ-E~ihg-w850BupM8)>zorUr>Bbd0zsMOo?Pn%w4;4(rA
zSGmA`llJQ^rXs=!4oyXHnok9Uj=HGL<WVt^SI0ojJSrq)YS2zop?Yr3LR8DGA<TZ&
z96l8+2t7CU7J;MEcr-DGnV~s+Z8-_Q^Z>M8^_A}5JZ(=p92Ynv>sYothYEHos$HhJ
zq2#2}u$fZ{o6oA(4jj5}IL2*NuYtzFX4mX)FrQ?J3bQN1E5aL9;;O?d-Ult0eXa{w
zCv2DqoA65Lv$-GXTHPNcexC%->0Yp(;eZw?ABoXJO5=dFZhSpB$GBqZ_p0WV?apzs
zGaRQoA?o{Rd5N^FLvBa0J(vznsox<26E$cH2c>urkV%g-LMa+d6%V3-V7-y<s2DKG
zYqif5*0iGaH*25KuP-2qz7rK5ZWA0y`&48MDhrz)7Fi_scL|O5%^TVDvAAa2mq##_
zLugd681=&iH23Y=15y0%-fL-Z1SAEa)4DFYQT#j3?L_qjHAFBrVbesNF85vDhq{sV
z;WFD5Bi4>I1dZILZk-N~I4{iJt&UXYmi<!>g60LoWv(0QCpN^s>*|P#Gk4FTN@6vP
z-KJ`i1J)MlAHhE<5PRjbBDfdjeyiO03Me(TjQDprcV9Z2;?=J&(Yl~5TI7AG3s^by
z_n#dAo9UG>Ve>@YcinwqH$vuBhRw7}7`1Mc?l+FxI8Ge2*myw=aXE0Zo?wfT6HCK+
zo-6iVlfIV-mRI&gt<>7OP-yR^{iqpU8&;ET&?>79?mk!lz6FPtz;l5Y+`~PwV4GSr
zaR60&eqH#{cMez(gwTX)Xp{F90_Fvw?6~()esV=roJM_neh)Evl^X}DUu1kK4tfQL
zSH>>-T}oTAe+AseyTf;uKRoAoBXhqxYIpCYeejv>hbC!FrL#ulw(ih+1WgWx?HD__
zOmaiyx6y{6kN5o@vpS(#R1ICgy6?h1RG(G@?++`FFA}~G;fK-+_7=c-x-043U#I<|
z^{>}HZ)dzsdd>2n0{eZiud(T2e%|`CvYsS)*1qa{`k1e;L`Ap_`5xaH(n00o_@1Ks
zeSP0wIkO5TemBXmPv?Ua-In)&YrF?0?VMuxJ8>A=B%vv4q}IftJF3@M^xYy@O|pi?
zbW2o=uYrqHgmZiG%L{y-|0SxVSHr3MYVpY0V*gQVVI8r)(AcVIS@4A}I2yQe5Imwi
z;k(EWT?)F25#!ug>w}gKhWA`w1Vqw)oBBe&goDzSA6@~kg+8d7Q3EILsiD^SyBE+Z
zxfNVzxWRdjD=J4-!3U`=MDS8CyFR|mZ%y028_G?s0IS(Hu$g6t*j;h*yMaU34<neo
zSpfCBq0v?G<0aM4@PRasX<i5l4~9E=u`dd~)b%?fR*!_^d}kyaP)9{^KQ$m{030Ve
z!+xp*n#MK5={sr&{q5Or;Y-@`i1xy|(`vxV+eO#ZZm=3{1OHipA}Chc+1uw(H>N&3
z7ka;4->>xhMfUxs^epk0v`<LB#~%*EWZ%=<@?RA?TXtp5Q#17aR=q7I(z1Ws_bA#g
z()W<((fS^(=P~v@HB5LOzw|&ch(O!;V6V2u;O*hS<pb!R(*qv!J>iw)i!WEV7MIH6
z#(j0){C+4st_(^}DUGl4+Zk>G%KMX`xDer8blb^_L9k!wfB{<u8MfcMPw${b?1%X0
z*!NIsN*RpXr0#<@oFuOv=Z|_h4e)u+7jT&+YkrnB?B_Znes_ZWO6p6m?t@p955{j(
zZ{GFtmzU_7(+lPkEKz<2`Koa8RWViJ66J=G-;9!9CG`~zA{ye|Q6*7oLK$&zTWM>L
zt%X~-I|7B@k$jKN^Zd7c5A&A3hbf-+8U6Yc-{Z=@r?&+v4YY(+ck^tLyP@Cbc0ame
z)8|oE*ME<zh^H|&YPk9>2dBooIXqSQP{+%yEo7SO*}~UFZJ`TTNo4rfpTFsX&R?G0
z!S%xhIGouS*9xlR+2*GB<AHj1&$a!T*c0iDQ}LBVp!e%zY5(v$Z4Wm#b;I-1x#Bsu
z7Y{GvNY2MN5pR$4X&yLF+uN0;4e?-QRXpFL4_NP<-h{o$b#Rz!;*;6+@c5E?aPL>@
zf3L3k7!Nmnf`9#@`hdICukKB5h=cLIIG!4UTYDGLPm=a;f6}^dem4TQ@;veUm>RJ1
zL4ot%N8rb3UmQvd#GS)xV9Vk0#q~XKeQ9m{_E_z|@0|V`yJ*`vyvPwp6TNXfvkuN?
zSHayao$#;Uq(K)P?jBs)7vIgUfIZ>mac*sInkVHA&+eSSsoeUwzN7|jF0X?d9HP=^
zXt_pQU7~WOK+omHwQx!1V!jFosLc7inu2rGhZ%D=N6(q;w?q5hLhGjf^lC;h9>>@M
z308O%S>f!80p;9f+5eAP;{^>$G!4IO_CW;x(L4;+1M|fwRS~96-2_)2l{$5!z*)u+
zrcRM?oU#E9ll9m$eA@n`4T4G&*XyvIz-%Da32Zc2kC(6-zg|#r+&WYs-W|FEBUh*f
z?D?x-(QwWxlpL}ImZR68!r0Z=cw9B@$FANbgP91k9?5ujU>-^jU4k;hm*bs*i%}<R
z6GpE%h}iGXVa1{A*nj0AnJj5X!XsZlS-2i%-O|xMZI>Y|efaDp8qHn>v!0n~7QM|7
zu=49W#H@o^r+EC6{(dgwR^ak|HFTS}^aq%APeGmVuXO=y+eI5_eyRvdZ)r~HAC>(L
z%-Tiaz5cnVIBYR?ol^~X@;8U+dnKYx;&w8q()a!C_doDu_%fKajfDB299o`&Ug_V_
zXGqKMKYfAPQ}gi8-l?!0vY5yx@+1Z;<f_m*^khp6RHhu9$_&Vq;1E?jmcz~d3hA)W
z(l1RWRiZCFRw%Sgo*KjR4QSub%W2A=GcW_CyC&kD7GWsSYymOv@jG?K@Qr?WM<Y&?
z;1L{^dYf;sr6NNLSE-=QZ%74pV>F;CpFYFS`7uxH=aH$Bshd|Hp;SQh-q^?F>3&Lk
z_Uai177P+$U6mBR>u?}q_N%Apb8$6#^=ORUIu2vL8;hu)q79?v*cf*z=!EM}u8Zf~
zVz<Y^dA19gh#+_*c%k)@HsaJvZmg+ctA~*(amDI0tHnHS+s=H4Kt9r$8VJuMFNE#Z
z2doXKi1&!~#D;U~=?)yQdMxlnjf|Q&cw616?YX!IJ~RE`GT#kOv~&BipcQ`kLpoZ=
z1!c^4F&Mad5Jqktg^AxzG89GJI_7sm+k$q6(`$J|MgM#%24*|LBgPYL3ceCysM3Zm
z9R}O!RJhXb`821cp-AS|dvRYhN^W8(IQX}x?My@e<pVHk^C*noJO(FjtA)_u<wMXo
zQC}R7UOF0flkG*2926OXQ<@`vX}i+kG~EgIa~zQLW0E`<IDF+Wf@TH7X|^+b!hNyv
zlp0ENk@mxdA292iS!kBh9FDV`;62|50Sn0h$q3UFLB+E%R21kiHLoZ%>+z2W5Jt;4
zoQjO0*0AX%g{xK_En?05%`6n{bF=PcF@cJV->s?0a2{@pT4}YU0(&tP6&n4U(th1M
zDj<x>m8hLdMMZ8M12uD~n9xvzc8&_wvumIR?Kqk0L^XQO^Q!R;IEX4))o5A`RkEuJ
zLbIyEFD(E)HuTg7tZPQYd7%qJvO*D($u}Sig;%l<x~)@3OmmC=K88$h01n?#57hAp
zAs(?Y=G(Ctw0W=?A*HmqUGZp_-`+6Ng4^}SH;{EG3w<{9ML<#@+~Yjqo#=y>OZ5Tk
z_;nLdX`USx{G^6L51&6o<EX}P4Rb?4LLgit-H^0L9VvJ6=1J69R99?UQ@>M3De`IH
z%@?(R(_Cjb(eLcIw6o#&a{<&VuQxm*Jmtb6NP>z6rFali9&I6`77k?0nMInZf_7wt
zGEzbm4rK1N(BJcQ#{VyA-_(3lXxBpoaG^oCj;A7{mnCfbi6Y~t3Ln1bPm(tj8MfWb
z8(H_YxMI`S9F_W(LuC$Em2iplUL~^{!hclzNe(W0F6kvsvF*6Fvo7eEy?Kr(2rH*n
z!N>WZ=&tKIf9re^lm;dTp+)Y8;<}1ToBPc?5%$dbVYWPngN{dNnfy82BHU3qtqNQg
zxglb={#unSGCst}uhmgacc0!x<D@2Np3}lGDv&)%%C1xlS~Cb^wvEM@Z^q)(J+*%u
zx@H)fW;E3uR2sc<w9uFPA`g6;|Ctz>r!*doRB0ylm9buEoJswzCIFqdVIrz?0H(P<
zYTn*F3|vK@P21Ga&BMhh^GciZ&0JKCtELNBXKk7dyJ-&ait#}p>2lW<^`PRKqif+h
z&kgnw4w(DBdgHO{RBVUNuLAc49#jwq!Y9@b?h8H8Dz7zWZ=Wkh`))e7SzPi(35&Uq
z@0!z1^y^*`KG=Eb2Qi=9lD$jFo7#yW*K2_{vJPkh){A@LG2Ih`R}VIf?c>qAU6Q-N
zdaMogw|=x=c15Gu#=5|i1HYiTA-aHd=IU9n9aRZ#v)$o6$487@RN9(@Yv44=8NLhr
zOzYhkjrRR%`{KTz!_`Xt%E5+5uJ$s2P`-^hkK$nMi?bJOdYRi2lJDsuA5<pIoAN#N
z@*BLl@0a_1<G#Nt_1!HNe}wB#RsS-7dpKO9-LU+$ddZ{p$JW!ouRGeVY-czHp8K@e
z?_)7!-B66%J|3gL8G{QCrP0g0j89<>qP|WWu<kgw1AcS-;j(~l0OSp~Skl7s)`fy2
zw<veG#=D{I^0s&?>;I2G{y?84ec`l#_Un9!r{oaqxT206T7GB+oaeiu{i+UlE*G-=
zJ*KUn2Ae6i@Qd{q!H#ddKfL({R7oN5O7IrJX`i)y5lOyo$;qYohKltoPt?(Te89X)
zR8@E`@`hiWzfSi{_Ai0`3`cm!_zHg{0#?m-H+=aBxXt$vm+(;9))VC0rh18>%{Rs$
zj$uwn(1cq&lCWufGdP7gW8En=VEy6j4{)344v%@BaGB?dux(-T684B!(J-<R-08FU
zPW`&RU)S$5h5P;grSGxsY!M~<9>bYCv}_WGtF&#v#f0xsJkP(Qebx8Wl08o?8PmRp
zpDVtHVc)}k$0yYn!?q5S|0PVfYY(sCi{vk1JJU{tiXP<g$8T4|OCH=XY273Y-#7vs
zR?gZn+fcLI<4c64Hp7Q`AL+J}0m}x$HmnlT4y%_*IeYsoMywi%5#+Cjd_5HLdsST>
zzj+)r<7<miuk1bguI(pk8P+`C*FbwCt_ycBQ2*wSj>|hyU#j$`5H~H%p+39sx_+WR
z=aJTYHeU7-^<em!TW7>s5hFK^!q82_kg_jTcr9*xrbuu^h&Xs+@I4yOW779%{m<L_
zp4VyLSpOQW8YoK7#`8^~Sr2QUKQDm31N$DEp5%M_^Fie@yDUF>&x<6lhO3bkn>>xS
zy7s3WuD)1a3u46TH=p9w)=xBiY{W+rTNFOj&_eKX3x}t~*9spP(M)1<BRt>q0e-!0
z`t*3wsBgV-xB&a(LvS^}3ZAa5iI+RO;m@C?`i;ZO8wWCQYx@|yI4~8@_D;dCkLAnp
zkshvZ8;`r1%P4XC`N3&CJDG|n+k4{v@+x?^vN|5Gu8yZaj={g=nw!JP<172(WU@Ez
zudI#Ri~Vtb*JKffa{HZX&`ayP<L<Zp#B*+c(tD4u9)J@`-nhG>HtsE}f*Y$o#&0jw
zvw&_NNW!HIcRW23CC>p~J-vei87*)=D+o6WLU4O)AO6{*{rShAIJdqZE@TGa)eY4j
z{7E(Qvui)#!M^#pweE9V%?-l!ykI=qtKRhVXYz<=znO_^+s5Gj594ree-!?ZxA&jP
z(;dtE6qj<VNMUM0Ex}c0vC5TviOVvV1T}FnPvruWTNCH0KjY~+n)2gwIW=&W`Z9$x
z3RyL9+L+9@K=VFc7ju^3b#q{z7KF#qw)lgz{Uo~L{UZ}A@Z}&4dCz~pHJ;U=MB_PE
z&6<XzMANyj>Ypb@s=7?w1eYlr;XHW*oQ!asv;hv2)(h+>7RHXKG+~`Ugs0>6*o>2~
z9=BG9)mVv&M1?VHbd)FFAH4?e3|fW}%hj-l1J(w!R^r`(`7j^33h$3viH*lqBb)!j
z37GdzMwy{YQI?jM8McDV@M^^GIEM!>)FXi0_y~q_q)r5^;cH;lIR))gcd7yF^OtBe
zYdOrirJ-5Ww@?DsUw-`^ts>W=M9*}T9J~~66ISE&E%o%%35$1%QL=UBZPEv<(d%e_
z68xvG!L7$?z&bE}E6lnipwyrOSdS!Arn$ar(w2iT>lBNji+_^m(8l}d8LE%Z#yj1U
zMR;n~CktQ1ZlwZ1`YaK!PRhkUd!)c}P%bP7=4g<EQ)U1Mrds6Cw7-HjI3@a}>(GUr
zN&wnNAw@>}SRvUo^lxXt)N+CGx`=*hDBU#y?=+uBx}MM4er{G{a6eK!k6>cVEc#kl
zQE{<On6U2V@Sg03`nmPdhzo2oQ}xMAG4*om8K^6$i@G^=Q75MkDyN5{_lDlOfOYku
z)tIz;63*RKFW+$P-Z`{c{1p}1v=dAXK<+X1$lB`~pMo=D^$2|^xOxnn!<|t%qcZ$y
zUCr~Fi__4!iGX$0Ft|jxVD)Kjz`9NBeEpOB;SukNuw7d7d<6~S8c?C{femLh0qZF;
z>R}$Jky-->HP-}8-<1x}xg6vKQUT$GVVj2;iq|)_J_UX7RbE>|z{+7NA9Z(M;0~WS
zAG9iHr3+E}=J$m&75tuyJkc`0C2enN7|=bZJKAJ_rMnj5>)N<g<3#bR{aX%NJP59{
zT;Ur<1reEZ?Wt3#J5u31)tQP77o_Y_?`V1C>Je0#TLqqBp5pJ*A-e-^KGu(#=f>B5
z4d1o^eqnwhWc4HC??**=A?E)Zm{^}b87|-XzHl67L&dWN71?6sYMNOkGi#FlKUw?S
zXxVrwH2&ZM+i9o`YNgafBQCIo_GSIk_E1lt=wH=-9m7<jwxBj@Wizz|HK}l5YGf%;
zQ9)D}R2Nj^JMCvyLsbJ+QAJQi5Sqb+8sKftH`y26*LK$htRq*C6vc5!dI&<&B%EVi
z5Vl)?4OT7?s>D<&bb4}8ZTX?)aG&Fj<ww-hZ<O|m^!wfA@9;_fr*MsSMa#u4aa*|t
zAbsSxHRIqs&lx#Ka-@0Gj^8+rs^L^PMRO4zM8&u_W^Y#mHW9E!*MU=n6Q*uc16D4g
zK8R}$&j`|8j0ZX{>!@C8gMMER+K$}9+!08{f(|Me6r>RsRETP!LP1BA5!7#pz9W*1
zyq1L;gvr-H1ps3x22AMGfGJ%U2UF|f&!u9+ZM+i|8B}2RqrSbH#evdwN>?Mvv&j<r
zx9Vciko14mMvQPOi;x9@lJ>c<mbD*BI-9RK5XAv&kAfcXjq^o^)g8nQZA7Dg=gAu;
zi@$F*DvCcW_)s@udfKLG@L1?c{dFilD)<Oj9;=rk;!`KxBHS=@r)rMR-Z_VcagE@g
z;4k#=MW%hqcJ&f5d<yYr87(nvqgr%xz}g_b0opHXue(O$>)M136VNERkuG2zv~&<W
zB0S)e;DgT!J~QlBxQ$;k9<K9U;g{ftCfQBIX`o6QyJjq!BsbMvXY_S#(f6?kSy);0
zkxHAib`qTCIE&vM7$1o37q`nxXrFp`HQeU7!DXQf=I@*@&y_|qRbNmYK2g-a#`>XJ
zVm0I)$t(0dc)zIh0U}_{>>>{8`A7L<*JU-(TDET)oTfOzXQ2<gIbhwV30N=eh3jNj
z%-Ev-Tk#0m<_nv{b%v|Zolm$ADo0cn`+KD&ZBK^ZbbrI?wA>~xp9lvkguTP)bLM)B
zQH4rdy?-^FNWZ>ezNU4rU_$>KuzJn#M5TW3!=^X&{oT!<RrtJ2FIo5EZqoK$EGx3_
z;r)W}JyTTQBWa(|^!cWIkEy<2>i6}1KlksUX;rZNq}q3GIkN>#)0*ML-Q)5cVA%3u
zaG2+Sp6h$bbKcy>Zx|2%7=N6+r(TyaX=f7L=D8s#IS9ej|9jK6^X0NH#f>SIHelHR
zvCVnJQy;prqhT2bto@hvhexCb0+Is|oD_^5mo)+F!R2t6?SK)R)k_lb$iWU79mJ@)
zkmL{qCkGqwiI=vaAE+2s4nQl7^{BLq_bwoGK`6Xqyb+ubjNMn&&|%sBW#muX5D*_A
zJkS^UU+4nXVatZWW3C4-Ke{Z>A%C_r9gb6-;Lq3Lq&~@Gp$8^!nJh1r`;WxWU_Z+q
z>rScx>$a2I;6BA2z7f9gSm1$~TUDK3zIPe*BkIF#uG?Go{iby)Fs13@Vq$%~{qZ*A
zNM43LjW}bcqj{=XSu?)LiQf10w*14odl@(nvqkOHT7`U%*7HdE|4;dz>TmQttl^<w
z50(EVq!#yG9A>Pap}UOB?#n--erf~wB>KQJ(Gv@PRL{P6UE_m9pQU|<=9w+@0qfEM
zu$gUxjpx(>1g~q{7gvj{h88(3u>1OM-3VK5+8W{f-SY^X9|%9v=(3}Q@3X*X_wly(
zNzNzmi1NgSGq1nSrP4S6<}*pWBfSmYM;T>W$oCj~pW^r)t?o@}|9_-^@tO45ZsX)|
zRrWn)8kea`k~bV!yT71flc!Nu*Zx>k5l^CQ@M2j_y!!Sth(Oh3a7ujL!ieSu48iH<
zW<}6cVp9{D#u6JF;Q7X;`1Q8B?|t#$5>9O#hkK_r16Ii2-rF0F`zxyA#hOsO+&u*U
z`cto~qT00`vvH2L&6k?NK}!4cm&bT{aTV^bYmSG@g7IY6Xp#SL`}x^joGfUA>v@&&
zWNjThTwWQEb`Hazav#pugT1i6A8zfKD4uis_2pw6U(yy=bAs@AO&vU5T@!a#HNdZr
zRUdHs=wh5n_P~=v>cR4tkFVosR#V(4sD}H?tK!}_J=6^9kKb{6O+TDV^~9}j2IAKj
z_r-i|`~CS%JlGeGtGSi&_^5iY<8_Tk#vaaXg>xApxVpF|uH+MW5|?Ez<<-EYT#1WJ
zj>H9-^GtRPoD)>XIqJ`tvodF>Ut>-)8HG8OQB8u+K+$kggYh!yJ*L-pn)=wwsX=%Y
zRSAE@TH#4##V0?Euuyyt=RN;}fVJ7QdL^39y}&oLdZ*bORP2)@f>q}!8{sr*J;7n>
zdJ(89I2c0Ib+DU2QyJqx)kZ-MQw@Qt9HJ^gs&SagL2CKY5*(;9<wmbYxlyZONtg{>
zN~S^^u>OMjGgsiB1M*R3_)3%;u>u=30c-a6$5EzFD#{F53X5SY@a~``7^}I4>!sTd
zF@4GRXdAH#onzMG@e67690#l)&!^Apn27c%JJm}BJbQ_TvzEcEYYLi1Zq)^>ts~dM
ztVbH&8(2UE-b$RgtqEB3cZkugwdZcs1*~61(R(^3z<0`O+|&fDgEPK?S?2_l9GC~|
z5e4}6lv;=+a=_Xl2Ez-~fc5U<=cq9u8zs6Y!(wnAeUEf>NZN+qWh2J{YpqE+_(%67
zSPaM^vWYAWnXu@uB}1a00*^d3LKmhIh9FhKyibZmZ-rzHNv7##ibNUBJX7yg*4;N1
zrMtxAAI;~YM3Z?a(P+-ocWMkCOo}f<lw#@g$W^NzmTSmp(T<3Uj7hGjmtBucRzuXw
zAydWBbEa-K8LDhDQ%shgkkk<LTGvY#uuk7F9k!Ef(LT4mZUoStYkN>Lxh6c~Jdkr#
z4P4ly^XM2p#fRaeuzN4<6{jS!sqeR>pJ9Y5w=rwRz-hjd_-r;)pDg|a_vGtxv8INu
z917?8&RBg)4OqW9{SEDeX-6DSJK-2N%-x}$k}3k$*apIgYmLm-lUqfwR6VJ>E?`aG
zkqobSo(PDOO#k2wgAL}1N2DIVeq0oz2QJZXA^5lPbH3K;7fD~BU9LKUmCaqx+#YbB
z?=A|A){9%~0@nVE`@?y*vnYB#&;49iD0R#1hF0mV3^y3#qUZFD)7W!<5B6WA&%Q{1
zNB&%T&eKk5ozXN_KZ140;vsOI=_-nf;K*Pczoiy^so$qkALs<9*-l9LNex&JUp|b`
znW6BU<0;GyzyH&?Pm#YnUlbz7ZPbcUaGCBR70k>$GDXE<u8Da?5hg?5$7imOC^Bq%
zScnmP72BI<mab@KPqHsbh#ie>H;b`0JuH9Y0^4b@4QeLUK*PmUVCPU_q0v8UzbO6J
z&Z;e_l|@AbQ8SZ@3Yi+2R8TM(64hxZs8Ee|luXt1s)8!%R8Yups3k}XMdh^0Dyfx)
z-W6E)-B;@a*5NBhz#+^5fk}blK!RJW8yaLc(2d%A@caQ9MmI#QxLUe^=o0<Au}1b^
z+Anmw@8Ui&Qk%8Q*DZ6L>4?fvl`(b0RQz=DC;a@YI?9^c?#sIo6di;Qvp>`YtYcS=
z6+sS%K1$;NwMuvuct=qY5FZH7XiqHsK{Z_>V2!K;r!Xf>{YDK~xqxXA*FtP7ZVTPe
zaY;wRX?|?Vx@UD4Aygn06M|@oLWM(=zl2;s=vYVvMNx%A1RHtT%!e1jd<jD#py*Q3
zK0h|4Ut?JN#nr#^8KUsuBEyNaPen!_OIUTbJZjOXR9%uhhf5-0vg&Hlz^bSDMIPZ)
zsaH9Kga@EuenT|KZJ^UW>nv=S8s>?Bb#V{)F7ic(l^t;Bxf-xe*)T<fJ*?pm^YsDi
zjLkFP9^sDQ)L^mfs%G>WU&oFQmd)6qp61BKXT$i0@Qd>k+kso0o9=)ZUk;#YLQ@Q1
zKU|(81+4XB>!WQ!TSLIg{o$#br*!+4eY8(uUGubSPFFNbZl()Z`TBPr;U4gc^}=U)
zpQ&1=Heu}qaj?lZ))!4Po9e<*)_LRj#=4Qa=Wd@9+Z1n4$~MK%c{*a*2vm)%s$0jD
zbyMIx%Nc%){1CJ#2;W~+N0IYEOYUd+Zx!~v`nTX~fLEPY6<&P#0Qwtiw<GS0BQ{2$
zUuHiH$r~a@adG2-wR3uBIL>esy54n3E%KJ`T}mF;0Y3A6;1%YD%zc^i5;<U<;3~p&
zrQLseA0J154CiUiLjPX#yih%|y6zgA(OaV7KSdv~PF^t?4&xl)J;xh9vwg7bta>f=
z)%#Y%X{-}`=M-~aA?sg!{&aU#>RVnMT(Ie8{-olkr3aGa%?aUq_*(PA_t3T>!d3P?
zq<8i`hQ7ZTzDL{l>-&9u-_QNMZ=x?oeLcz$N?v_*6;n1%G3@90;AH*i`f!eLM$dIU
z#XP0)!6??NqF?q!doJyvd3(`4ue<2yPTo}m*0}9)a1C=6`v49(z2m&`<r1TSwO|0;
z=DWdTkq0_1*95HOVfq*J7YBPe<PVAu(g&;umcwDX1BP!Hjz8%?ZhU~aTTVB)%y&Uh
zVvu+b_vw5PCOAGA-(L7uyp9|Dkm+ltqjPF!#D5nr&y}vHA38r&ghIiw!PtF84Oo}#
zTLS0lq^(8%k_XE9TpzG59R~MV?l^Z}E#z}{Qyn+WMI1cf{+<tt%-*IRz`OJ04w^?d
zhy65tz{;0Pa-ZxjwC_I89kaI1l9$K<>-_p~o9U+S@3olh`;~sbm|AB3itnM%^Ob#%
zb$8Of<a;tSzK265GwW^^<7waUdy&3Jqy2x^_h>!OU-dn_5Auxn#E?z;8~n9PZHM<K
zzK?+`2I|iET7GP~@X@X@t_a_y9vtLr$}4@as4>Xr2wzTobMhNBTGR+1Wf+ZMrR~Ie
zrZv`|QSW8I;k?!-DIS~Q(f@p4c*{BU-V(dd?Z(vAQ^|XGLi~1B^SqA>nI9tU7s+=|
zUN;%L&+iu3T-G-BRaK&@VAb(e@*L?5Aj#wJ7YMH=d;Gi~^AI{O6g~@lOoXQFdHz?v
zr<nTx%f5%|5Dr(nOTMRKXN$v@bxPHiwJ&_n{iuqKo-MSx{5yxMkv4d~q`D?pl}4Zn
z3I(YjXlN!d1gC}2gs7Vu6=q{Yi4Aq}d_yDrdP_Zf<jHmV_l$PO*{qs)dRgr^|NQMa
z?tj}Cj|#l-V%H!wU?tD{?9ORCx^@7MuOAZd<44!_i|P4I!*D*;6IYhCz|Fmhcy{}Q
zA-q)DlT(XvBR2?-b`DnqR_b5RENzV&JSuc`ZQNfHfJeJ0(0k<?mpu2W<(+Y3n|j}o
z-+p<H)5|*GYEB>?uBwd(E2`n{>c;r(sag+S-=BdK@h*6LP(7PX3Rs)rMt&9CT~Zl$
zw{XBJ?OUXPwJ$ED`{PP>2+pnSB(6pKg5INTJfijLmf^Ugx$NKXzrMi3Ylm_F$^ksM
zdJqq;9HhtliG8?zdK>nqx4@b75M0Tvfy*LDCC`#0aZymsz=iDUIIoZ;AqA?{1ZOj=
z64h{q`ZngY5vQoH({eJ6sZxj&GSc$Gui<6d^@w#7C#i3}kP?K4QI+r;X`3|u_=ize
zeM$04-oqiQ=>PwFt-+M~C7R5>BEr=svr(Z>wjo$`oG3G4Jsf20$FCFE$y8#-ahSRm
zw&T{qM$1@Y%vx9r*1$?(^cqy8X$6{A7_}PZHN4M^T#a&qRbsTMV1$I_$d#}du@Ywe
z3&>Qc*CP`F>-1&#XWtx@8L}MZhAqQ}qpARNIAHCSf--{^i;&fF=o0KWs~+|1pSS^L
z&8NZa^92Z*xP*!*sbJ@T^`kKQy!P>Em-M|lf|Uc-=}TbNDG5y@zE%U)-+o8yg==8e
zEgA3j&x7mO<v61m!8$%~JIp%7qSl=Cc=3z$86sfiP_{!Hd?&8d2drsZ=`-R`vR@9Y
zhvws3%?Q@SEeFJPUfU;p!?m4g{C&H}({K4IT8yGK>ynJfuaC-0<$!fU7XHyC0T%tT
z2st?ItH6P&79})Q(1)jj-YEt|fZ8kBh$KBd6N^EDN)OFr9j4wV(<cd~yTsw059Xpo
zW1`W_pUtZEA5MzrBBL}*-=c$s6&b9xwj8c@HHX&(7u3zHD@+zoRme~gwKK_3WoRK|
zC8&uYGV<Nmbk`Y^xm)JKJHi{@(cXyIp?0R+!oLrPUAUdj{P5|74Hh(j&n#~;+GMK2
zg5f{M4}o(75I8Ro&67XS1+_VQ$w1F@rUJno_6zMWddp}-z$pUO<wM{&#}O+|sHfl^
zx_U?$P}c|-*e|e0+5z>NqL=TJd8Pu#E!++3Ppf8X%ZV*;o8g9Pan*3}h8nP@>_`#e
zBAb4%C@*}O`=vPI%#BBZ49gz|hcONaoEeCqnL+TI?g#Iw-Uyi;BG%Wnpo?MT9S5vE
zvU`YN$ZMe&TIXs4RuXr=ynb+);UJ2hmRT)zg;LL~o~RpH*AN2m&U419>98MR5C5tD
z2%HuGzsbJvoZx}rX+dzC?21p5KNZ&+QyLfET#R_n_eM~-egtdE_7pgdcNB$q%8zQm
zdhF^^1WpNr{S<pqP;-G}HO>n5W9(38R&5N+9fk{c)Elv^KfE69licAw+glXP#bUOJ
zd2fPDm(Lt3GKSdl(Q6T|R%laZajEiVe1UsqM`LE))nXhOvETW?g5yAI)QGPpMsL*3
zDnk1@{j1uqnNEd-4k{!R(x{lwK}AI>6%zs~Bn(g?k)pz*fK=4cKs=gA3m4AaR(90|
ztb>;hLWLO>;I+sL0dfBLH2+h4e_0J_xaIE7h2vyLREs4|YYrOZ?9PVgL=X7Q@I%n-
zAOy?|fcJDS@i=&1Fnr0dJB2&JX1X<k<_4ivQY$Roztj*K@PUPolRiSDq(=G?tSiUC
zW~vRMeo#*fdiL`(e3tkr>}T7FkyJiZSZhb?oxE`pwIXW4VU7c)Y*9xp-gtNe&10I2
zQAAuccU)`~ux4}@1+Y{^kl}ybC<}%Q1{pT!I+Q{|i=k*RLN@%qb4i1yFs0Qu@wWP>
z&*AT22v<q_R$VNQzh9?ReUdyE7$RWeaMh-p#dUG|XpeIAZ|hImr{bE6Y9sA?#Cl-b
zcj`58`BE=mrMH1ggfrSNZ>I}bC$FC@M!~a&o98yy1+3FIP8a`Pfk^?h>;v5h)>)fp
z!Ev6W{&Pql?Q`10KHOd$jN`C#v*t!Yr*EA`z`OvA+Mr&Sjsw<)u?^8Ur7?XkDS%;3
zOkXn%&f}dBI6DBrb4b^-{NX*r3zg@Fz=Qg&mRX<a1J;7ULSLRyp7=E9Q(eG1e)V{9
zu*)af2TjtN=)%$QtHvWVyfV(q*LdX?wIzy*J{S1U@JG-r`fQqt{lKgc+SmD@VSEF9
zz`AA%oMt$QzatmK+b?KFupV3um#Hprn(Ku5->aeb%||y8I;%45X4;8ubl<goVm|-&
z5xFB!vTsS08CDvf#D5~L|H(}Rtf`&hFvUUWde=qG2-dyJU_Hv3zK0{+XS*Y7uVw`6
z`MvNM?}5%)opt-$kp&}Besp;e09#M8LZ|FbhR@<QG<zt5rv~W*)@74ve?j|?Szhp-
z>8-n2<*I$F;55cb1g|EwZUWv8z4$ujeaediYgXOOU%daZ`4E!)Ykf~W(!1XG)G_G)
zb-w3q`hKDN><@7Hp;T=0{(V0cdP-ZoXR!#Hc~pL@C9QM^t4A&!375&v2$~m!5bB2m
z=J<=hOGsFV=%=d0Q}Lw<SUJRTo#QGF{&Lvq6+`|c-zZ?s?+@3xE^v=>L;EG|)qs^p
zu+lOf0m~sjhqv00fBF99aGK_Xw)yHAINVZprNCjPgXqiI5AoDxfeXIO`vMPNO8o%$
z9rfnagZVIXlp0kMGrv|xhw|ytmFHF#2MPFq*pFA#>k=;AzXY}uZQ(}!2Zy-qfpnJ$
zC>Rc>sZL^4u+k1)IfRfo!El`A0M~i+KKiZNAeAq16fz@31h;EXtd-|VBUs%gx``3h
zZnNDm>uY_$T5n!Gxbn4ujr#sV{k;|wT74~l)%TDl9EaF|`gXqNDy-UD<e5p~s=@cz
zbuBZ_wx{JE?0cLBk?%>6eNR!^FVgqaEVlNmrb@m?@;+MM6RPt)l~aoLJ$xX52Qg?{
zx16rx0IWxZI~E^S@3zjD7UN5pSk1A*=*^?$xw7Yo`4n!GToFY30roY%Gw5$eh<(8v
z+81P#zt+?-ye(KyvqI8d_3~JJz^>NpTJV_cA^P;dS%L7G?gM}J_|v`7GOeY-lkg3<
z>d&o@($xQ&k2S}ft!l`B?#?;dACZq+;4OX!d!)eGf#Q191$!48`q$rn{|z6<e~j3j
z>NSf`Tswi#DWSsG2Tlt_z|;VEP4a@@6h8#d2!<ckPQuri@;(~RQ!L-3)w&kh^Zc#8
zhqeD#d=Gse*RhVU>0VaSeiw`5@<C+|SB3AnH{Yt^lL)J;zr|F<<49{fUs6p9Ryj!B
z++5G54~S+On&PFx#wJGaXjG;VUT$C-8qq+eK3=ZZu&y?quWO(SSf5gjc`m&&9ux%O
z&W5)5{iQl$^X2UWxK&Uck2bf$AFt$EnD+7Kw#>lZXkQ#jsez*@wQwY<8V)Cf;z(+3
zoXM<-+l#B<c8(9uC41sTW&@mF)d!C*s|T=tesT@xGHc-8HXa$P?9+e8#mysdDb*eK
zmjvTZz8_wkQMWNZt^ZJZV_aF&QJy2d3a)IMf(t3`xK|K@ySYAiu(g{Ahn042>vSBC
zw!`BC`Vp+hGMeIgPAG2Yhv3fU?zAqcrudWgM<-YI!MRj_+{_KZ`6M?SiSxz5^yWCd
zX(C=}g4UY{b8vo>dda9?o<G13sjaYWo)3PAu0~YF&V?b^LF|gDiGvAM=yzAe#q4SZ
zE@Y{k&#XqvWinLGW>giNNtZayP;IAhO6DZ>cM2y`ipOyi^NPZ-Zt7#trv%}CWF`Dc
z+I|#K;pL8@WtG8n?0eYz^Pr;tV!+yHM$Hn9W?V9BJO}SIo`Lc`GsLO?B1|2>PGAUB
z$E`&r4Yp&MHLy__qawo8(W_BWVU&ajQ%9~c@V-pB5fWubtQ1%dS6BfHEyE<thb@O$
zpL`50P|X<!to5cX#Xovyq12!yC_AJ88;+`X(9iz<7)tj{Lg@i{C_Qj7-XF3U2QI54
z*do^MLAhSZRG2Nt@&oG81`)8%rO*2+7VQ$h(*>*zrWe4hLp+)+*n}r9)qu6tg4HnV
zk|@GnmoZCqmk1C6Yr7cKoV89Du(sh)w%sE5OjvFdux=5fRNw2H1*;)>`hfN811Qlx
z3V!1YaPO&l#P8UZduS218g3)=(K}-Y9=%XcOX7gF=J-s!(>WIAebR|E4XH5it)Lxo
zT8!Y7{<aco$XSNzkzj&&iS9)a_XbS7M_DJYzh?qUby|dfd@vg&8Zk3py;EhtXi|Jx
zLKGQgdzGzV)!BR%7vR=i%;7-=d7bpysK?<F87YRJGquxe$<#DZE3F1<rd3A`nZN{p
zbYIm?AFzHs7d{c*2u=(_oy6KWs<{c$Ju=51q<w%dbH5-XqTWeAe}6t2B{oD5nfl7H
zA^0r&Q%wAN0zzWQWYIk31|i(|H2Lux$Du)Lee_!06XzeOMJ;P;*s`IpnP!coJ?f1Q
z_{cDys#-6x4hF3os9q<Mnh01I)}_MQ1?x{41+3FtQEgFGqkuITo-;k*A4TRO(g#(d
zE9-*EeV6v4RqB@r3=cp6nU)6e^)YnS5VTBhiApnV(QQdrUBKEsvpZa8xxjM)6<FC{
z>I2rCzHpdo5BD%Pw9NQSS19$%?hEHBPWb-3S_E-8)jqWy0_XaZ0r5ed$l4gNq#xR(
zwT9gkTYQ%CnJ!=*oI4oKlborj@Ip{npgv&TmJG+S_Ef+)B4MX`^!@RR#~7M71P!Aa
zqDfq1j94`sZPMF_fZS?yMe0jju;H*e5_s+YwQw8j3hx=7@SR0Pv%<{3h;|(^eq^?M
zs8DwrY)eIkC8&@<#r9>El(aQ-CE2sdlCHhiz0^orF2Yr(fmWy<SA`1fdZc?QE;RaA
zwXf=5(Y~txYN(M~4b=rz1=W}ori!3yN+_xbDkC(R2@zCIVuA%B0xF<sd*N+HM*<Tl
z2vUd-q{7(~U6*&!1+1G-Y{LBS!VteF4r@=X!F`QE<96cuanzYx8*Y5#vT!$~Xzmcs
zr`io$J`|w~E5kqB7uCs>^j_8r-3z+GoeJ&_i`!wu`r)XTP=|_hXIM|Jh~D|V@QZxM
za4rN|ENYHMaSipM)XH(FIH3aiF6%A!DN5UZ_B+}hK11W=Mp(2v#t_tUJ9+&CYR#`n
zMY}zwY*t6h-FSE%&7(dL-=715j(Hu_K7<3-v~F<akxR7A6@rQdE&Ad?9$_IySs1|v
z-UMm^LHbkRK*$&qS{0bmb#XAYF8UnSzuOom*zyPt?%O+>pDkCvWD{BYTxghCceJQ$
z)7|`n7}?#u9D?Thp*{zzM%u5%S|{CiUD+AyPpbh0j}%JWnTQsd&C$A`wLV~7HwnHA
zy@i%P$Zlo`R=7>uFcmITMEWQA(z2%dfOXSMIL@)hG|i<Txb3?516t>Pi6)tiv2b^U
z;Q$u5oL$+ln{0zIo752$9I$>6+YBD0)t#5r>vf&Hc>*1?J0O^^0~g_kdhvBIVC4X`
z$!-k?`rOZ{sMcO~W$@xbLSLQ{9{4ot6C*8;hw}_ReclUAk{gTb<tc5->dCO3XpL3J
zR?2gv{YtOAo(Ne$MelrH)QYKre#`rzLv9D5-$scIXdSAr;dMApb)bEx4+5wd)&;Bw
zR*9g^X_f=#eyg5+!TYs|t0thqqWbtSr3DUMSFg_>_e~u9XZWJtqPn^O>gCTb(K)#@
z>?YZZ(f&KmtD_Y8`hIN^TccTAQ*od(eYbiba_{*)<kP%G7<T5)8F{W0cz4h0hPn&u
zpjFzJ*nLSY;I7}lhH8_kZ=6+4AFwW+1pAS8@S5%k?`dA*PVq_;0qaQmJIwGdp7v>5
z^q%4lI}TU7TfnND#jA>+mSNvxNpPWIX4%EEqE$D`H9WG<x{C$8#yLyAhl3?W`-HyV
zm->G0_l<oI_xpwVe$nqseZRin=W8PRVEM6S@-HNxqKwj^qIO8Z5OJ1>9~F<)lB(h-
zO~82M`Vq9vZj0dPAOuDSpk7j4jM+FEpJjat*9Fd~o<PN%E?|v=>r58}Eb>Rtq5ybB
zdf<y3{h2TQ^ZLVOwlmx!T+zOu9W9geF9O!QesG)Z3cn~{1V#lI1+2^9F~c1}5rKvv
zpBo4E3%`rNM`<6TX=)Snr6PXl+9Bw?xRc>?S*Lw+`oNb8-mmh$BG0CdIOTvfWL7Xd
z=X<~}!dKkbRB5cOuTtBfMM`r7(Kh^P+Q(u9yV5vd<?U|bdi8pn+){r?LGy%W;vmMX
ztuu9j|Dw%{U^mK69PH+s0x50ViEZRv$fwNqg4;}2%-XEEM8Mt4s5hrBT&KFo{r-Qs
z?>Ds`g8O}6@?DO?_fWr1zQ>w;PboVyXOca8e&KtpyOtSk)7|n9KCs|4&|306n!ca4
zZ_4**wQsEd*ZCer`^EJ=g}jf(_jp9RVbJ<P^1p=Cx@C8T`+PnS=8g|in&P@9Y~lL|
zgho~t-r~+PbubZM=eSvXQ_;5uEesIvo49E_YRA@s(_9C!FVJr%{a`!A8a<YFH*Bx$
zGm>^Bp-xmS;VVKG2BB5v7Z|>JIDEpqg@0FG%Lf(uWcP;8Ja2R;=zvR))KUE$u=-Ko
z+?rm`XJYVviMPoL6W&LU-0p@^xxbOW`e0!*bkFH#STB3NMcWpk#)9fXd%^RA@OkRz
z7`bYM@clmXyo%|2G~TDUzUP0Tea6(f=yUw&^V#=^k*nOdcPewbTy2Bzk;B#Z>pxpq
z@zSr+96(v)`Qj>4uquL7ZJ62=uQn<)5$HnH4ezyxZ~y@R^hrcPR0`TKwE<qP*P?`|
z_4KT(D^o{eZB0C1TNl6HRK1D_SkprAY*h{1UmS=>ht!&j+x<QBaV;wVKi||`R)G5c
zE9<)BT7E6u$ghr@E1Kcn_oHxYLkHZ*3&E3}!|`OtP~2HwAJ;OyaVEhPw|-P_4*T-q
z6&$5~&aH1~`_kNF;l-U3xW1tW?yPEoCwph%PtA=$@0|Gt`=fnuIj=5$d7$olUOl{s
zn_CBq_uSvy3BTM@_hYY~+`<9syU)Zq<MDodz<MODF|K5V;AU<RZg1))wlQuTu%1}n
z1837h@$iR<xV^C}E@f50sW?|0O$^1OOR8_Vx;GR1)0*S=pVc#nZXI8Z<JlkK1ocHH
zsjoU$@Hwu0GZv?Fn&EUxATDH9#d!_qGBl)D#o6>K2F@^PRd8A%RpOM42t29ZWBBt<
zB<ne@kfd^~7>L)(?=@cMv1Iy=iGjEmSqZ;HS>efo3eR^AuP}ln&%THIe&vR?|HW{%
z;j~&M8cw@pCIToaT;<dL9mcPP{kXNT8@m>j#;!r7F%q^iQi!@5Hlro1WvoPqx{9W&
zP;ulcRFEk@f?0|875MahnX<!Ih!E9sn1mFdE{DZXBZe%KSt_RHG&Sp$i=m6vut@~0
zQws18`W>YP6rk*&d~7(P30SuuMd|JdDBUj?Wd`Pnz%pl-YHoh{?GGHhd>>aHybuMj
zawz~2u+CWqv(_<a7r#v(uufeJvv#p)GJm5{z`9CY2H>B)v*0pni9TS>*#@((B2jb3
zYJI@U?`abapK(iZ^RZMca~qtpS-Qzp?+jQC%E7lM)E#Kz=Kc6*$0+=xYXV|6s|5wO
zXRm(6g*&og)cl_NPhOzbxOBYJVG+!Gr4k&R%He5GQzXH>ha8^vNHmEdIHkX@F7)iC
zB~DM**uNKLy*=VlszWs1X*LTb8WIhr|7uos@OV;uIYNZ1b{#CNY`R*mwCzDVqR!^<
z9P5nQsWqje)@fv@7<#TyE0xTZOwE*Pf*LZ_$xKzJ4LpE~f^I9j=#0snO|#)eW;vA1
zly|fzhO8N+3xd|4Tu)}i3pxAM3%7H-_4Fo=+&+wBcaGt~%lqP{I(6e}!#T_Wqc^HY
zr?~Nv>MM_~7;c88Oj%RImkvdR$?v20@?N5VQJV4|UN0LMel0g~`d4^eDy*I9yQw1`
zwjAFAS1M|&Mup<wb<HILwkN@3ni~}ZeDfwh5kL)FIaK#q95^4leGG?h9yVOue&YH`
zC_ky3G=fz&{J+rm=$_sUuG5|28Rjm`n)VU_{j&PPVKNm1b6oLR>ZgX&Jh}DH?g#5}
zR^n7w?J3)Q1f5UyKXl^|F3C68TDUa=6~~sxXUU)7;S2Qu%i!!maGu~uMTIAV<_6%{
zO?A|_2v|qi!)1yS1~1VYTpkg?r>BlxK3d!*{L#xt*n4>|zCQIe4qZDWPRUZ*;Iu(-
z8bJl~bT7jDZ^M@haE8p54;AT-18rd4l}F}TqGFpeD@r<>@!b;*;i`4#GNY}#TmH&L
zhGTy#R9_S-4lJ<tU#I_?DO6mT(0=t~Dkd~krJW&DC5Z|O(!N6FL@Fp0sBj38Q3{CQ
z_`(G72qa@-W#q!S>r#Ed`ntxakhNIw0h}j03C()WcgKgx&BYBrl*al!bMFie-8_Ud
z_s@s}A1e>9gxypd%-kxS!hM#OZ@aLK3h(W>r3s(DKeZj+lfCdkVl&)Uu3JeyY25O$
zu%BEBl_P?&QxoKHdq6r=ZeGU+8k8nRu+FOqhiP`0vPl!LKDbWBMpL-XaE8k)Cv?bG
z?*uFY*3_<Id-bP+L10`oD9q(h#sp;64X}BaDO@<P=456Tfuc<rQ~LdP(5;_7&vm3D
z71(9P^~bC`n4c+Ar(|<k`=ZFO>SR&hs*Cw$4xspTK~yA(gKAV%8*88S&iel0vTFXd
zEow(3KFj3rQN2Ftq%{-Z9Zr2nd;pqdHm3et4OpkHp8}^j4)BZhM$?QYx`1`&h8b{}
zSqam=QAa8(2AhMQYfn@!!|l%F+h`H_0cp|}<2Q|!=Sl%<^F=g&hAnz6QSX?~jSps>
zxN{tbZ&82vNa_z4d>aniY1a5W^D}+Gnl}(`GhE;i?v78=KgR8+nt*l1I5<spfLFK&
z8Yec?1+3FnPeFxo<<TaiHSRxG4{UHhc<Rncu}vwVQp#@XSEt*fVSIgkz`AM@969uy
z?=23@Z9lIDtgH5~g3AOaq5B^B-NlG;rEz%0eep#4H^|?cFVB@e`}oac;ySW_(7sQ3
zj~Kz4)DaF7XumSu6-hs+2O_!gWkgQjI)x8onv1|rY21hSPxOQR_(~XBFj(BsQEB`g
zF5bVW`&)7wpEDL#11g|ySRHYR52Z~im;}4wmEbwm171@+vF)^aO600NtKc}?UIedi
z(!L*UkDe3VVAtz?5w24I|Em0_WyX-?+4qQWm3<E%R2JJtXA9wb>ZH~(_#UBuO~22G
zem_;}_tn0i`h2<XFRI@+?)yXKe&0LB14Gsh(j7?RcJb~7)Sh1x-U~dXFe%av16K{u
zo%YP5MUM;p9>(Rz(jbV*8z;hUmMyBsR>euum(t?4#lnS8sgLqQV6;Cx7r5bbqcdOn
z=k$Zi3@0%vw0&MX@)T;o$_I2gp!HqIA-^BK*M$7b_AV8pgk5G!8Z`d5zC-(iOAjxJ
zYftVvzYFyv>*<1czRc4R@<Z&6*n25@<g;BuW(2`|t_M8kxgzbSR54#^>{m|RK8X+F
znxR>I6J5YMV)1a;PpE{DupnJX&+YcpTewPoPwa@~cJ%TQRG(apJdYDRX1ZbRQO$Mw
zk8gw97#DFM*ln5%EL~+(TMg4J?(XjHPATs06nA$h#R(KBQrz9$DOyS)!QH(;3GQye
z`SQHy`<0WNoZRFlcQU&>Gi&Fj%Vpe0*>qkf;<1(6_-cOiOaSH^K@>a<GytECv9sxo
zPDI#D7nsLE1BmQCMh3mRix%~jU9c!WH@~4h7nIz&EC0vm<oqci5e>wxc115-G;MC#
zrkmo+1fe`{9{C4#WE5i@TT$>U^WwBlfn}l!PNF?K$gT<s?i4(yAaRYyxO+0eRxakQ
z{1uHhJgGgWc=Zm`kf8XkR~mAr#A$oU^?)yEdPKTX`EqRo43cR>NTiADqO|<eYnjdN
zJLAKC>R*NjFm}ohAXD3)uJzWqf+|1NS}q?^VG9pZZOn@`J$?@$MEV5<8RW!}mwV5v
z?ni3>!#r%iNuQ8U;Qkj=VAQNbAy4@hD8{n;<>PI>iNeR8c4tGS=lt<J9!!1r$rh(e
z>b~PKE-iv9?ml@`{XynMJEyG9;vcHkaI})9jWe3^m|DwM$hwi?Ivii3J2T*Pt(|uE
za*SAOYquVcS0C;okAD<y2!Cr~k@9OU5h>ur8a%U&ziQb>j0AOeM6szz^i8UDUmjf4
zfF76Kxh~iGbso-owO+1NuRr^Spbn?=b9Hq=!)i<39+r`qE^qEGF2~QrI)C0?Ymf-z
z?}e^`(TfR2?`rF2LuTz??r%xOpnG~iuP@}#J$##fc~}j0@S8(RTMsfjZ4V;#AhF+d
z&**MULeoPV5oR4}#}Nw8x0%SoX>-V#d|@7RpFRi)edTeX3p#$kDmV3HEk_Loe5DL|
zc|mS;JL?~3Te}?ZwuV}Ul@o4}FuBOS|GUZaaBkcff4Sf0H2WtOQ+Po!OvQCE3qB*t
zGh4!8+UfQbr^7#(V-Ow?%VqV9q%2gbkDDJV)2+CWrq>@*%ElYgr1Hyq5|6O{L5eHw
zam!U?8r8ZnCY+%P7TBQjr4u$`aOJ9cxVcZx2-3`Uw;KVxzgz4&_5UDmDB#0`S<p>8
z$>2=XPKR5Zt+iw;g|8MY&C>gs(L~Ck<vF0Nt4R#R-9y3D0#mia?(wHFut%{n_f~)Z
zjjU#i$fv@9$iXtv1Di(DL2UQ0h1>2&z-^XsxFdpJr7^4W{doA^HxpK$#XkGTa~<YI
z2115F`(jm)N!L6doIpiGkKE*)*6(h=J3c$Yps2#V%hWY{ugu=lamBC7y76dH8S#~~
z5C^<?to;+Nw|_ocPFZc{-$QN{qo65c9gonRhn0ju8YeN5`PoktdQpl2)6j_5Pd+GV
z&MjZavVjrebg&oqiV=%F?7R@C;?(Xl?u`@dAGrB=o7~*#=#P&6KUOgdKnc+VpQ^Hw
zVm@FR)Fvtu(3y|lDl(?re$`0Rg4M}(Gm1e~V^AiGPCsm}dia{a6JNbdIv@WASd-t*
zXXH~{mhE?J+^Am7gjOjiS~eYD*&skQCKi*nV;f9}Rzg*}Nj|CzuK|kyd|Q?cul}g6
zF17%CGgP5kl_6UZGl8!oz=IEr?V7b_pz_8Iv77DtH9@o=rKTsDNA*G&VEu|B(6K9M
zyF(8@1yR@lnrP)^I|cRL&-kZTuXq#Ck!|}99EB0PX_$#iUANn;Ctnz`%l{-qk9g%b
z=9LGI{HrxP(Q`CTbdy@byj%T(RUjtW{ph{L{|^V8_bgw4_Tpj3l*c4ea@;p2?4_}2
zaF1o^Q7A2kOwjj+7UX!0&}itE)#-!kCZ_#M%r)@p2JI{KbffN!7aydYL*t3=rVddK
zSQ4Ph{+OlgdT7cRSr*@ibjFn)+X_0PiePBs%4$-cl*cZue+`;EJ4qxPWN}k^&F|~h
z%xP~G_cfqZ^-Yy%EPjLpbJ+9#GG{BH$MCH~R<3!j+1IAOAjSex-GE#`@?A{<)%-N%
zWxMI&zT-(~zCCK1lGeqR*d(f>2hdf^oaL<wP>BO;{5-lY*p`Y27jUWa6Z~E)Xx9lH
zL$>T8=W=F%ZbA`;fdpCttg><IRr%6#5hZ})5LQ<7r$*Kz5b~M6S{-|p^e1snMrpi`
zBuyLy1Om)BU0HbQj%Zri=!>2@+hiPFMdXJeitk7SQ~xr3Qs3t)*1YD(3o%LB-6*9i
zziVn8eRzM=-kP{nEKeXg^SsRw>09rRb1|Zpera-EoIi_O!_tN4M{`D9<N5r+zh~Vw
zlP50XUye`ud(x+u359BFMDOkiti0y)V!V5*i`7mJ@*x+n*N^&VV?425w}Egs8q4HB
zIg37}L*Z!bEm@g|d5v3rr(AyK5LR03ps8S(M6%qMSu<0@K~7v67OEhRW|y=Phl7Nn
z+Mj8_U2Yi40svv+og|45lX3QwTg*qq#GR8jWPH?V4<03KzL!h3{5RE{pk{xACfYX|
z8I$}iTb$N_071af><l`v(`U-pSF2)g$abxfbC2y~Vxc-x$1CV`iy;;}o?d2}bg28&
zJ6spfXDQK=BD}K1-~EF#2xE<(D7|9M;`p;#(%T_oJEe|-3G3NvxbtE1Duy~9#Q^j1
zsJTW;=7+{${~v@rlh6PboC2?Z+)jhYCf$vMovTByTS+fcKMOQ*%x!|*xNp}Z_porD
zzT_Uz%8#?ylX~PfJMoe;>V?^7k>$|y&*hJaIa9pKi>Lcn@ICF`6C$)$4^attKEkhP
z{FE#0K<o?)-p_$53-pytz`1DK-TDh~N4beEk@E&XyXq+B;LLMlS}v`%iABB{`Z}D~
z{9DlTW9>n-2}siyyTSMi(G$CI2Xxu&{0O6PpbAD`$Lq;-NU@xsS6Of&?R0Xx3g`;x
zk$(uE>8VbfEujssQL)+<sL#XW4x5K0(ifaYam-a!i?(aWUWmC?EC?OeVNQ=yK3tWE
ztnQu2<XQ-Qf5X%fHE#@IZ512(U8J1|k?XNp986JYXujadYtm6a2xQ+B&jDy)EU@eb
z)({;(n;!(01)HBg$3FpNvTP2Y;l69sq-yH;27LNe9+=tVm;wh|0+0h;Q0=f`s%w}C
zg|@?aYlgO8fvl(N&bO&$+Ojl1%BGRN2YyV>v;Ykt&50@w*Efr2W-7aSY)}Wp!<p<0
z|7iKp`b3rW>BH1K`4-+(>1I&VMNLhwchu4>D4ne9z`w^k67T8YZt(Hb@n4zM_M=0_
zYXVGSP=E_fi0|b#%<fy!#_sJ@>L26+LgeYc=a*SKkyuu_a{+g2(^MfZKPqtIXW1*7
z&NoN1!e*^N`+}1sZT(I^;BdMCWJ325VDi5)jC^FhmftDvCZQVO{V<M7V1_x&=|>12
zlxOs(%IuD+Bd>|-oAps%i62kap&eY^{(AI<_DT!Q$W`mZHG>kvw*xya-p8!6ucT~q
z6ZT78I$43ksCuPrME7E?Vv4Jox9&4QXlu<0JOW{+ak>I%NX`~0+>15b<ny@HzcK2I
z@&4)07WI@&D-;&)Me=}{>v81|*DII_L6eQu)^Xg0qb=6YMS<awTX&j{F&Mxy05pJf
zi~@O><^HnhRjEFj)WF-rHW{haxA0&5CJBs31*z58)9AzBD)qm<!BmfqcVF0kQGz3f
z;f2r*E2uh(TqW`!aX9t?A1XatC33dHI?;}yMqKaCQ1aFL{-gZM+(S5xIiIGW#3snB
zA7%K(Yybs^e8BQ`;k{T_@EdvN*8OfEd&I%7bA$b_hDSxbkmv2V{6AiGC*nq$SFnla
zfgL@l(_dt+ZYr=Y`J$>%s;PKp6s;)cHD%yRfMcrxq{q14Wk;kr4b}C<gl6@htE!u8
z7|j}LX#AR*p{~=a2=KWBC&Ukeug-+9Ion+0*IpuWZu`8w;Tr&c-G1WCQ$ZWNtGB+o
zv3~8fFNekxy9@t;O5Yeec8*Z=yjJg#?vj@=>j%!WjD!hJ68?ZO%K^YN(2Mfh>C!02
z!a<Ec`Y(Nri><>No(IoRBF;+vq53>c6UD3Hy~g3~J-B)CO$7hnc)4~vQ63?AN~nE{
z_*kMM*mPWb(*a@OqwyX*0@%xQub$T7z>1H+R-^<Ss_WwfkxPX&Gc8b1p6Kqqf3Ps+
zL6o)9q6fe|5;;t*jmekG!u<;xx#@1WS9Q9lpxky`<oqa2n2u7!$7)Fc7==-4Tlfxu
zIvn>SQ@DoVTwtV8Ys0<^Sh_nooiYvl(?i%u%eJlMH<$^=Xd_lhIp{hF!Eac~H>j0;
zWg(LNuxNog=B<`4U;Cv<#3>yHQ^!?a*&xw`<tHf(jr8Ic8+sa5yEJ?atu969x}>4q
z$QOf{*-F+<Y(4mDRPrKanwn6U*!U5mwA0+!q*1n6wk_w|7}Hp{*;+@Y+_;qPIjv4}
z%!z0FQn?k8+c?uiv)HAgtzGi8W75Pq0IybsJE2<3Wn#l9GG%Ibbu36>bqOx3<u-7E
zBsa2|f~d%P*XXtkau;oeu>6MN*Qf*ArNAW*>A*N7X(7$0&6rORp}g=``gZfv<f|e5
z<OO9LE+ri9;EVRH=@?{MHaFr{%)wO5(X^OO=gMqY&Vx85qM>On@PSVh>Dqpv&q)$d
zM7ELWCQ!anc5{Y4hbmlKOvm!?CjzQzV}?d&gyVP>nQC=y&9P<g`WX&H(~{3L0h63%
zF00`@j${^K%XWiID~iSqe`JXG?1Ms-V%kxLB0f&R99UTzLtU>-tF-(NvxD^1l#wcY
zxoYL%GW4WXn5i(IludK~WrV%p&lxKHtX1;1n`x)_bjXR;Q#q`a+%(ZnMzpzqNvtF%
zZ{@w9RO`sh{=K(k>PIzAOblyP0kf8xBx39&f$O>|!Lcr}pnAOaiS@!Ujurn-R(a`_
z=V{a>8ia71_(BnjU&SeohfTryc20}<j|+dNjSnr~87la<*<soS%#Bb4&HJz@{!0h3
zr?EAU-Kawl_H3NbwHb1mbgxjDPmNdC3`Z%N70B>Ag9HJ!)4X(0Ytcs|_Lm-RCq?+W
z*eLB}7o@_+0^|ZR>H_<qLiq}Dq|^*`*-P1{sT(qj+mvMDbRpQ+xo1?bU4b<?3cfYV
zuP~F-6rl+yXPX}fF{Ex@XW4!s$?qj%-x$jSP`P+{f-N^_e_90{1oU~w;EBh%Bvi98
z(E$QUGfp`rkAID3b-M5x$pyo_kBVPrZAAvmdUJPK5X;YXM%rS@<^OH_j&ob=y<lLV
z_PxBz#b(N5Ay<ctQpdFFr;kEBf*wzuMf3wET}xEy+o{N9-Z5gKVL{1=1Njp6PG+18
zD!{I{VNemA5qYFiS!}9H2Cr#(Dn5#^*k5CzcusxwmTcHRYhg#>r}~wlUs_Hq``#>D
z%;7I`+z5HXbe{wcok&oHe+=YvHer}&>@fAoAJyH9k^UFG8!dMy*C6r@*!c`Kx#J~W
z{8JOvd3;qvQIf)mH{=Ak(=CxzLwvXm6K=Ai16>0mw13Yw6}UF-U5vl`i#6m{G_O=6
z;91)_TguA3lsI_}o`YiG2}m;N>OL92xTrOHp32C{+e8chyfiu+e+tQmdOxuT<${u^
zWhEoz$O#Bw=Ro8Iq|h8>DOTDCBVWeorJmAcWKKp{S`zbB$}TOg226PlCN)k*gIrQX
zTZ|t4CRa^cCuDMkzdw@JB_@zyborm7QtePS<bP{62sDaB9$?A!30*O-bQAvt+gonr
z{65TH58p5+q126D`cbEpLlKrWsWk#lXNq3O4h^mbX!=`W=M9VWM70-^qSablZif;p
zfkOq>ZG!1|U);7^Oe?fOe2t8Z9EHp=@pTt`Jc1$UXXc{G*ZBdz!}2SAsV!2t)+;`h
z`kU~@m7FF2ig<Gb;D~S-kfTF`e-lK|jy}z{Pmaqc6*x~<DXrE1F%k9Cn$?6~s5~qR
z3uS@cJ1#!!!QVhXX<|k_TK+y1TQU=fVpjR!!X=E=Mt5c$Gj3(z{Zmw{;q#~+y}y9T
znS<7Hd+H+sPhYi)A^gN;hCGL(G=tpxYB0!1nmK^$<OfRakoC)T(*SXtbw<3@_=AQf
zTW2S6+w@I`gnQE=+=IeHOyBPSX#(iXA07IPlDFV8V#8yK{RF6eLpK&}uxJl%Am}{A
zcp&J*fgxsAryfObz~cr(E3$i}xM6qFZ$488*Zmq22ht_tDX8V)Q{o$7bXQ2jErw@Y
zK`CIG@*As{^k)AS{YgM4UXGj~V|~2Bv2S$=*S@&_(Abd!(Hf?d&db)vc?^Nl8p{>!
zV;%oL#Q>>(fA1}^)TeFk^VnJ|k6uYf635?;9c8v)ZZ2Iz?2`FMq%F0rQG0=jo3ImI
zrUk6pa2|xxq!-tel?vWp_7?YJhKJ-}l-^XhL1&qM8E)o~5At&d2@@2Y!G**4j)jK`
z2s{^bk1f9&-N@!iDN{`bgSei8Y53rHXhVc~+bgZFupVh8T?K!koXW3m%dApyu3#sG
zQ4!Jw$ncA!J;Mi=cJm0w2BXzGI}BMY<e8b)CEi^?LjZSvB4+&w5WKE3pWY~l`0<E`
zEj&e4C<jml<+nFZSRUf8k!)BSrivafnBKBs*ewpPbj>Pmq%c3d?Q)D-EjabF+*vM9
zBc8XuZ)$S-$x|cR+!H;g;~e$R*vQkZatZf3^SX|g-KhVd;L$c)Vk{w8m!A{g5qPpc
z`;+J?U+%UC%}%F2%LOsNJ60#t`~Mr!!_@Z&S^U!yugbGoh5Wp41ArEw68Vcp)xpFg
zp!v1fD$xA)W+Bse@+5Ay%QWde+YT+aFZTYdq!60n@*c6_QFun%&VqS2@0*lK4N7en
zBjEe2CbQPjh~2XsL|>1@g)Rvm1kg{XNZ=OAh0s1Jh+mTRAcgdIe;<nCB5|7Wd-eBL
zl-VWg6V+s@sMuxso)9%UzP>e#lsLNlb^KWRnP?QN&2S;+iDDFTDYz*znEcg@XeT31
z?zr8C{WZD0$+fx<jlU3#PI-HA{_!7$>AVQtRW5w-{Ks0m(xruCD}Lq>`y~LlRs1r4
zo8u)PY~t>x>MNHTEuZzvjq^HWL<aLLk&z&YlIgj4Y~2EVs`89eVU?3~s+vnY>N)7w
z=+tHQVZ;;)1y9JC=<fLhjo1OLm8<X~m+2N?A6i2HC{c5;onOps$64xH40x#X^k<cr
zDAa=l6dlq3T`ISLblq%un7e`&y7RjE@yDCnyE?e>Yz_SVDv-pivKL|yDuw}h4XS@k
znX+@E54;zfYukT}%b&^s8Tj%pKNhUA1e_6_1=7E=t?J*tx33DF1x7FXQ_A0qoxVQC
zh4Qe;tC&Sq;eA$#^TRY4LBb6hlxj=F6EAaBUZslTfG+GsF^`6dIon)ujVz~D4M#Sz
z)m}ZtaodNirF(^gWH%Olc^xeUA5Rn~eWc&dt&FKbl#*+q!>U9NYB%z~7C0AvO%ZjP
zs1CTqFkbMW$J+^E14yVo+!P#zo*$Ve-@4KgUW^T&>hWn=D+^p-?=FAeS18gj;<|D-
zunrbLpQMs*Q>Cxx)33{XzJ99)X!!?W=gF_dim!$=V69h(^t;Dkbu#%5hTUy#x7A%#
zVI-GmG)m-mz4)yXuFT^PL$Et%7B&HjYwnk#6Ypb?pKqp-&_u;{GRQ08@c1IjUxOv!
zrI=8E-N`?!TE8D~RY+S)ei?XSg+lxhP|sKRLK_CZM^cR@R^yV#x0;B4T`O<bkCFnY
z+WI^K=v^j;|9a5u<h(_h3OE{Ln8s^%HkJV%M<-Xpe=J3(>P};Cs(bx9%19}>Y9kd?
zq&@jShz%~}v>AnF5|{^qaYGSxogGQL5quvDH~TUiw{IWFqB3^I3fS}B0t7MlzYZ05
zuy*7TMmvv-_m*?$c=-GBHc**F)<Q$`_j5hSCr%Pf(ZW1}lDQfx9=Fbgf-pX_Xud{F
z%TGAO_O~{6KIw=wP#A>G8~0!7Tpz5c0S{fYu^a4Xea9QZPO@o)@h;-6gG?7N@D9D^
zJmSR<<`T1ofx)OgOhMoCZ$v$KX|VPAWIQ?YE5?C6zvFj2zup;;n+XylS=Vk`86h{=
z!tZ=>qcd3%#T;IW8=TcEZIUP!?_Q=l$nfs@TkqwWycD?C!<z?A4=p{Zu(Y>QaVdR*
zc%XMj_Rq?OkQV`WG}RUIHgF?V0>5}Vf^qX6#c`1I)qCzcG!A`{wq>QUr@kcR;Ja+5
zO^goo<rRr*NWoXrzM!)X%nJXYGqPg9B*NRfL)`UN-eP<0whr=OGC|d+nrgfZ8b16I
zlt{7H{NX*^qwT6A3HPotk7wsY&4!JEk9t_W@V^iS7x}Tcq@R>cu%9O`391z5W5_Eo
zjT5eUFR;>?g}#!EVHid>qlRbpru^ha)fh)ND&bA46vfpejW@FU7Wwwb>(Ba{Ws*(K
zBf#YMz3Q(%54UsMx9FZga^m|@Nk{1K<0OrGKNo<5*wUWN{ErTyJaGO?gxT$z`c-Q}
z1oK}v80FTA<u=UWKlwWrOLjC9;)MzmgA$(xi&Up|Us{|?ZVfpOVr(y<LPg$g?JKum
z^Z``e1qXQVhuCV38pXDb%yNZ}OM=RE!*zS)X%2rh<M06*T~R=?N$a=2q2Y7%X{QZ!
zvHKx{WEYnwf0$w}%wjTUFSwmQlGznbl`T(Z%16(=G<WY#KROTs2>Iab)EJ9)^(|L?
zRK=P>dp#s+P6BugpX60aRsS%LSXK)PFGiHRlV!;le^vOQ9TEMKTjYIp@HIhR>B%>+
za#lC3N&<u7SUuR1aLx;zrJ!H0dgRdg^H68_9xkSSHFD@Pci=)?BP;4@&JUXgcwLjE
z>>A2xO)05CZ-D|_y`2#Q6zOOST^eb}(neLXu5Xk`^3O5JG6_1YC|!1cXrkk^u(K<u
zk59v@Z*DM|WP~RPeNtWE$xq=^c&_Pgc6sMvICaRY9K7%t2ff2miB0<>Y9tCdM@xB-
zDOrw17bzQ3tGMY(#|PW*4zC~b+}G(7V{l=dH!Orzn+XtLiMZ79&Njt+4dZ+~iEYt*
zdAHB!^DKpyP}}L)`rOh4y6pXueiZiw)xfdFS3J_O_Bqy3yx95cXq_NbD*4<RIRbC|
zSg-xXyUir!xHJGq-khlv77{~*Zq`RPLmhqIX?Uy{ze2?T4Ma$4y2w8rYx##r1^Ze1
zeEj5a%$|~Awx_pjeY)cI*U)P}Kz_8w#U)X7Pv^!E{F!ZaagZ~>s{Zinic?#dJ}!j`
zz!kU>Uj#ZsR_M?PJ?5RjNk=s7cdHT*Wz^)E9LjqeN|#UKq0)u<3^(3y+e#NS(uLeF
zi#U`3tR&zf)1*wGt0K<cl|uOOea%myiF3I)!GmHO{tryM2j%&PsN{5uPb;WX;S`%9
zD=6x46c+QpXjw7JrprO05LsT;R!WMBeaEdmx!&=kPl4(l;WF+|pS)YCOXcK-GIecM
zGInXh)iRiQS-pP}JIw#R_T~IZ5uhiT9!<TlrSmSZYG0GOkMTsr+^OHH5z&@>FJo0*
zMct8wY(`JRKkW;1P>opaaJfj=;KhVjEyYO+JJ3dq0;FTNzFm)sixoTSnj>aInX9)*
zOP@*F@%w}`)za{Cpw&xW5n4FzH{p@o{;Megs<U8~#u-lbsp3z0du9C7S9m*VnFiNA
z<R1sOKIm+6ByeBG;M}1`yQ8rNM+8HDzn1u`98i-!^OMchx6btaqd0QTL89_botCAa
zq44YzMWnuTHt?eOem$q7;$uDM-WvT1Rtt@3U|)VrjB-~)F@eLUX2LbGlYEK9Scq~f
zG$+nNEbAAN{e!mF=J@iH-sZs<Da|Sm>Ta~OJya`k#{yJX3Y(YoVa8Zk4kHX_@A?U$
zf=W66!fTP8gKK+XtOoj4cVzu?=LS-@Q;S8QYL%M8%}u-Mk$`U8!|X*(e=jT1V)HrL
z-79KYASTa0dy#%`QrC;`<NQdo@7JN!oI$1sGwtG&1y4brSbhHCknd@%eIS@Bvp+Dr
z_sDWld1?(kaM6dCoAZ%e`xa7`XkaIi{8Wxo#>HwPw%=)SOy~`Nau>Bc<0l1YkjR0h
zF;{p%KexJ~T;gtfhWK6O2~tv$v)sG-i_BRDKuxgTmG=a|424!AsFTf{qQk%YT;upo
z73O?P-m;(PJ}jNMtVRy4{l^^6y4)?gZ+y1+jOUu0RS!+hPX?P&>b#Ca{7BAP3=YP`
zLm{U3)>T{;Z|TpHzh-a$_B*~Sti>MS>q9-we_IY)hW`>j1uS2+V$LqBTn5KVWVT%h
zuO_sz-`#aJUS>(JojR=ADa-=no&ts~Zy_XS)VJf$Fbc=1{}kqYR3obTxs6%7OdXz+
zp8&a1w*bfY-P&1kD(a@n<=+^UuZVXSKH)Bhfq!Q1-89xd`y1SGB`SwIK9|Cp9VWKJ
zZ0O%G*!Tg|!yQ4QE7?!M0UM39r$}pa;5;)n=Zt5kHJYWWm0zN)_bgbImYA0X)Ew62
zhwlA_z2grp-NU2ft*iEjE&d^U>d$&>4SNHJVwn2%;_UU^_gTAvB1*vF&TxcvM+rSX
zsgpqdRU!ar^@8jvm}l|!RT)IZboWfNe!&Ki@F$=B@5a&e>=`h4^I?_KWR&Tz1|ybi
zr|r7EFkMnt{2as!H2n&axVs4&rKRLKQ}5idNc2ACjuc&bP?rAHMe$Q&+x6$1f%A$s
z_(J5b)&ucTPb2?bwv0%wA}N)e2xE7%4}H8>Nd2q?SFY-K2Z-^tWhvh=x260Q<zy!L
zC26Lx&eQB%`IXOIqoLK+Kh6^`csSt&Gm!7RwA=Aj9Z!+0)qU&iTiYRT!V8M4eOIB?
zzqQ%mp}?F!QjoY4`s>tEHWZ9zpuc%<X4vL(6H+rJtv~g$r#dvn4}h@qaWP#q4g;Xh
z&=K!}8{k9D@tHPcTQI|nEsz3%sn~t=Vg-ZYU-JHdv%{JP1BfmonbQ?<4jlP}y@AC1
z+W1Yt$*G`3Klnw^q0R01BY-Ra;)wN;a%UV?_tb?)@=lCk6arr&_)K~J?D&Z}<Gwm;
z`H3?8&GroK747U@45)yjg7!>l?l)Z;0#RC6PPIRH+wh8HySq8=wK~7?H^yCqIZ1Dw
zBHecF^~HSsq|qKeFT9#jg}4a_9cMn?sp9e>9fql3f{puyF!u-P@yiCG!ATdT_~pLj
zTEV<Qpx+2(bR)qea3G?!kA~45?=&=zaV2>_f55o|>{|@X7nlae3%G0KK(ggux4#;x
zKcm<mEBsSPT|yB@)^sF3O5dOpjU!L`0-A<nJ*@)!l1nvK0>Q5Ekk{5iVpVSx$osDG
z_XA7(e71t9t%E-B2y-LPguYk;%v|erN77RKtkdV&*05@SqcjLhBVRCQNaSu{S@_t}
z*;pRCev1uVN>?w$B;Qf*ZtDg0z+BE~>n+GxbR4s<);s>ni6g2yN77pjK!U05&l*)#
zOCYS6-oK!y${~%S^&>rwyrQ9wvq^fJ;mS%*K-8SGrH-^<_LfAgkXNO43&r!(Jki0<
zKM$v5wkZa`7_DL~BK>scs+d3i>7Fd3cuZC%p6p`;OoYF8lmock4kEXeYq-=ouX~b-
z&B<dhdtg>0G1)zaXPJFXR8eqY4i|ML^5Q&)X|7G5>0X->+ZzElNB-Z*rWg@7jpUgd
zW&_S$wBVM^&Bc1R^4eD<8gVga1v`C<se)0x`nMt|g$w(n9GDxt43wiC<!$p+Zp-)F
zRy5Ym3XnryWY=~zZcIFd$M6nP!acLiy!5bR&~8`h&`f{Y7vKSii1L(?2g+N=ZvU|E
zNPj6ZxX0soP8L=UP63BlB{SVe{;?!FoA-%)v>G<y3etEUE<F52Uik*)+uYrpvK~20
zz81xwe3B(z3hu4fMh{#|T?5y?GMyG2MAF5=$~gqYC?O9iF&2o+^j|$ti!EGG=oA4j
zs}N0zI~BKovRLtF<uvA3O4X$<0fYsK?Mu2n?SU9(oORJiH*BKsc0W7zYk0HNQS{$q
z>#x#kpj1rsbIBW&mI<L`P~eS5Un1+VsJ2mZMpS=>ZuO<*Q!VM6*<<E1h=gR*KwI2d
zhNvobGuj3tm(032MWoD<*)XI}UePre+9)_hPGJi`)Q_xyW&s-%KYpj94fLpTCkIwa
zv_nq~#(HFJ1cpCQ%|n9{^Ir}nRLj7bpaP#voE!d`6NE_r>l>lo6MOWV-2<xvL>{gt
zWL(Y8TJ*$}@*{~=F6p%@HO04k;+!cXnBg~;pJ(~ejC>iEi)OFYD*1iamiI?r)6NIB
zsyx3bUj|Xg_p%_hATD6HwF*9*YT~1*VTWp;#eT~~i367!+E+4nL2QYY7Yb!N8C{pN
zFW2jwB!Gc=#Uq>ZJ9Q!kHh+C8D6|5he&N5R@-9`#nNA}J-gm;)S)Z{H<mzMzR*Pz9
zA}4h#)PJDR$S_dr49dxQ@XOf6h*-(n7Z6((jC^3ZZ0jDl>$cfFc-s<X4fDCQw83^@
zm5-Ve4Q0mH4LX=TsdBK`8Gz{_ay*XD6}F(r`D8%MAVG;jFAwL*bAow6a&DvR@bA{d
zd7tE8v=D2-T_PB>Fxv*c>Ki0yU%n%@&m8|lmkB5QSDK`1f7E8f?GJjqiZ);2SBFU}
zuA`}iaFn^Xt3=4?Fhrje?PDGUP*cqki3mQL)U{~c5o??j_S~#T936aE1F%mr-5e=J
zbS(QB4UPL7A)CF4@Hg&xJJ7TYN)-X7QMG$ypBgUxkGiz)?bPW51r6s$7VimPT}5&v
z@Z{vDV~{bhBwfW35?ama5^gnC8yjYUX76<XrFZuQV9)or*g0TWGX{4_7Bzq`=3LFe
z9Gj62sVo?k6v}Z9R{c?pUgy1*M5t^ot^Qp*I2AAVJsr3zc13P3t8{W&eM<J8Tnium
zN;I)1f`syEdxo`|p=Po^F2{0lMyQb}VO^7ptS9ruf#mH6ax{7b?1@>ZHy0(*QumWV
zc=Ek>*4#T;JIqq2Qk+0d(P9&fPQbF&ZNS;n?z9)F1)F0bs!Od8;V_5Odkc)xh9>lU
z>vTry1&&*9-)gbSzZ^nX2ip#xV@m<NKE-vf#B)H&CGiup!@}oR+NWT-=b;?^nZpf0
z17C$xL)&;JtV8=x9us@bS&_syjDvva<YMU?`6sS2fVBe^&6D*UM<TnG=`nOWLqK{v
zOcT}SSugiH_*<*{3YMyG>OI_g<@j0zj4hC7Xmy#kRsE!Z_U=xUARzM>%mxzla>U$M
zbv6rq<K!)IFYI~kM01Sq*OI%Lv(DcTPy~Q#ffrob@2xI*h;lcb2e%@7-D3eZ9Wy>;
z=g4bQ+8s{wQ`?Rai7J>hqioBRd|oa(?P1W}8yj5EzJ}B-q)k|t_n}}+1p42G_FDTI
z%zR|N3}Jg(zI%oCy&cVKLsDPGsrW0Zaj6LwA$Y--W&OWzFVxn)xqV7XhVCcJH)C=%
z^XHWKJmX*%EA<@nhEOJ^lOre}oImr?F%N<!0-~e4Cu^nnDHzd?vC2hSyi;A~J|~#S
zs`nI3DOY=FQZ(CrZE_e=QY+~KSLdB$UIjh~HeEY#ros!7)Nnx}?I!9|EJgg<sjtaz
zhA-c^+~8hv8W>Oo96m;iCI1WY0J{rUxvY)8{O*OYBjcCqMO^Sy1IjP-TdCMv8;}1R
z`vO39?|q&2it}>E=KaPGlpBO;!RBYrO8tnhe9fR`C$r!QqrIfG*Z50LX^_$6c(iM1
z21%(y{ykj{Qb4Lc?JM(IILqYt^kWZ<vne_+4Hw-LU;~lZ6*N7qwDUr`w@C+za=*4;
z!BpIlgA#>%lBYK#{!XExvU8Gp@pzu4W~FXto`7y2)9V8kU=$YnN^6s_l~(D0e)>Sl
zt-yxqD$N@+gTb9fTGnl|EP?_%ge`m9v>M#1h6X02DtW0IWG#WZy7I^>)GyyywJ;hp
zRJu&e^e(MPq~;Hx3E<7Fe(k#3ELS!^2COS2w`Z*|b!D!oCGa6Awqxt#sU5k-B)(aB
zV;ySqYy5k|+x|Yb>m%qxcX8AvDp-B-aTWpUHxCtB1Mw5sm&`h5J`4ibnL3U+gsRhy
z!H7}iG#x3Y@y5AG&YU=x@CsgQTe@*key`<ek|wwprOR{A4Y;BNm!i@WrFYlPAL(s5
z%i(u;C$0UmuODzzSv`}B4~UN1P>E6)rqIIB^Gdx7l#qLlghTRTDji|PG|+MBoJfM}
zJVa=anRZ}3MVGLK;opQQiN2*?g@)m^s%~}o<qz=Sk(Y~KGT((v;6y%2MfA({g#O||
zDvkM;Nz$D$Tc7v>Ia1_WM@j9|n|nyTP)MUtOnIj=^J?2S0O5Kw6$sV}Aut@rMcGEd
zvlvhS$v^kgvtsT^dXuPS7Q^<2Iz7^mS8)zLhi8_M)4(oDP2h$`2<Mw)YVUn$Yn6T<
z40zfb-&MM`{bKut{>cV!EbTC#0ji>t<&sCy<kO5f8Z8?yQ@YhuT%6BW2qR6ctIUn_
z%hOfGjn&Yf)Q!T=A}mn}!Wk&0Pi%K>!!B(ukG*_<S-a?f+!CCN`!l$$m%Fl%`ILSg
zAAPXTePmu_kuSGyMf6W|M6zwI-v2GQg3m5neb2l4K{uOe2EO8q5ZSNwa;>CG|Cjg^
z<^@0;i{V&}UU98$7{rZsI<{5wktPN`Gt#cyMI>#q>8uZ-<KsHwT4{i)?ZPgsH4X`T
z2`Rz+BB7El0X$mG06dB`g3V6{Ypmk1uw+y;X_h)@Ft1A$yiF1Qf|WEJ2@9M}8UBjo
z<Fq}TEi5N%EAd1c(Yl>5G|XG$N|Ca6Y#EO%hY$YVx_;Co`7dp0>7d28)<^}UTpEm$
zhgY)A6Iuc|)8d|=j;!#xEMaQtI4-U5gFNab9)e+L&KM>RC)|#4szn?n1XaR*Y^rtr
zxf2-&#6&CJ&}e=*l6rMptt+os7wvAk(GBbdBk$Hj=lR}iAs~Gu0CHVLzR!hvdfX)E
z2u^$ZXrkTbJ`>W^=3W+}vnqs-U3T(o0Vs)&Wul8+=gUF*@1%7)Ye8H_<R$m+LM9^m
zMmDfcg7sfhw!7-x<{*IQ*d%bC2-v<d!7#tYJ(DrfN)GLN2&^t2zj?3PZ+w1^W2txM
zDgK|v3Z>NBZ(J@$Cxn%E)i~_=9@X5CytzuhhEoap9)aMuSBtq<L-C*TYad<?f5lj&
z%jlI~y!%2|#)DR%uLp**@!YfMYO=+XYO@dzib+ELur=Lb=_jr_K;*4!U5Mcg<DI)U
z1pVmFeXa`z575PediNaCcEQ!~77zV&@1QckkYWq0&T23o<5E8Ww8o7zdk{Nr)hZP7
z_7+wCdqfkUA(W}TM8QsY(+-t<!Jf;U+JI#Mpyd1byJ;kRd~p9N*KVNS_j~gzvDIMn
z(hvbfT33)OxN#Bq84_anjP95$@a*db$Jpu?vwc+f_3hmV?5@1#-nS5-_$->Ee<zkv
z^$_7-VMxOFDMbwO3}plDgs(0lMlUo$8q=tKkm%W(rY~TPw*$3Rq5GGJr#EPRI(9+I
zklK;?5^xTJ7E=l+`FW3GeU|&*7xpeO7jo4)owTHO_+Bq6VO<BHdwq9Z)#on1TDH6m
z4!=0ErwhU|_g$=L8{E2XQ&~)I<BF)g*}(cu^?B=bJmPc5r)g9TKG>@kC|IWS>lQR@
zbL-(%#Zc?TlGo&*>(r9^{jQ4%C7PIH^#k(bPiK7JX3?R(`tH|du&pKDTkI5U+Z!&L
z{yfla^5f4()#%LxX&+=a`|5QoUIsV2FF#4+a>;+<E@ywm)V?#Zozs<N&e@H~%|+BX
zW8Y&00Rv+C|GIk8j$!Bv8!!kvaKxyv42CN#k}76Y5INNB1*H^tDTNAW5;LD?a49AU
z)AiG^d9j*JD`Dyg<XKpiA9?2R4ii>;_|>Q)w7yH=?znGq--T2Nmu*o$!cio@Q%2rt
zn+F9HBe_kt48<a|t>@{z{jCtca0X1jZ#REPl~G=x^!+LOPl?t<z@3OG{xcNSMzp0O
zdU5w`H>d{Kr9PINN}`OzAi$!L+`P>>=(33FCCMxRRVkGrS|f`|;d9+2n3_M#R5Rjm
zi*UuV(bFl9!n9%4zO9<l5R`ZFu*i>CIxd&dD#})K8VS#^hfNI)yyp%Os4+#X^nEq4
zDWbQ$--Er4Sq2+wtu?F%e^YWiv3z`_@4ESmp5{dLh)7tX`w0P4UTx;Hr4)^FJ4T3@
zIl<sd-;HXwIeb0ZrP=sLzse0iApHl&zzMjPBsYNKRS<nCx(X-=e7)zgW>|4O!f?_~
z=s}^2vPc^qF<L_?v#(s?#80pY%d4-dOD+9lOiR}Uo2E56O7@AyU^8|z!ln-1reZ{x
zgnDN{k#Q_`A{9qhl9>8t;4lt9oALd30jn;*19YezNbHe&{EaJByx(gQLm|>0E8-tB
z+bDB3H$U$AW&S<s$Ot}B_!SE$sh15duOh1(ZmMoqynnpm+zxB6P~P0;U>sj4%Z>F!
z)-tzI;(<e^mF0^#O#SqK2&QPi;>*SrMmKcKcSGNTYKKW5xG}4^<rFwxpc^F7?&wZq
zMkYF(iRxl~#`cuiMn%DVVm=payDHUukMYE%{5<sZp6Fbtb;m`Wk2W&H=PvkAW~`H=
zPaRK4l=>vt7szTp)sJcTXKs(9)#H=@9=v=RMubX;_}ygn!xLBgJqcdtdx-3_nRWFF
zF;v-LUOj?s&(O*Xb|!h6UZwY!>2Lx=JB8kXvEkb}183uXnZdpodqrXD??z{AfRI_J
zVD2KEnzbNy0qFT3D%3$05fN`<TY~*C^MW<Y7TvE8g5p_V<c3rVvo#1v>s`+A-F*(k
zQV+t>dF>8s0NZaA0V-CWmYv_*o`lN1b%>qKVv{4)9RCsTK#&KX4xe?v7lH#Y?GztP
z+P>+18V}sdO+Qjg5sEY6Se`ruoM2|K)Lb;lv{jV^X(TmV*q^C9F+qhHP}DN3eO<nN
zErXP_zEhn%t2q_YoaM}Q!8*1IXD!_4a+mvaRNQKizQ5PslNeDsgJrJ7$hng*sxN>0
zmkdE&FN?=)vEsXdlq^6dn}$N-rYF0zS^%g7paWE>gd!i}D^d9?sOlY>YByZg4*t&4
z?d%_Zk9Gt$cy62r$wNfW_(J5~hXRD;OU-qRgd*<65dBPJE{<e?mH82uVxQ|LLz>Z_
z>^V}pXiT~#=4+16{t{q{nQLl&uhp1)y}CJm(oX73k<mr?C~K;v0~b|2aDB|1L+wqX
zBWLBvY=%2_JD8#gjZGn$M%69g%<!AoRS_M->g^Z(f%F>};zfVX^OvTB&5P+1v2QcI
zn|;lCO1}<H(Y2x;#`1iahZ>Clvc7<cQgTNgZdG5YihxNpq$fT;+!liH@;1&!KH(B&
zjnmMPh94a(Z^F#^1NR_y)5Pk-6oX=(z_w~v!Mv);2X&T#r=2n!rYyNP;Rb9v&xz>L
zSzHBv@`P))6dClphzTicLc+;VE34z~FvSpZYIV*{k45?KwUB+?jz6A~zbWY--?v5<
zMf!uFxD+xG*T1-GZMh*xND$c|89_6?AgTAg8g~zo6DL~J`$JTXip4BQvL}?a6hlYl
zPM}1CGC5YeyKQ&Grc{@UQKj6zB90d|{jiuis`}r&=G=$EDXw`AxpKBt_SCXUm6AyK
zv{RQDKf1EyVunwzp9X;038>ndM*KX?e|zy~!+h7|imfsof<y(7cIE|XzdZWL)<00r
zw+NP=#j$sI7r?b(4Hd&j)t=F6HdB~;Ek(EUgXzh$oF0^Ex`;h2lv{Zi>yTAB=DRcu
z-Txr?LFWH5Yx%M(FVMIylRr+dS9zIhi@H0MjBq<U+-sb)XE+9ZUwdL><wew$UW||`
z>B*ST<0hCl(c}xQ!d2R5O^HD(xt8YDZ?$AY@a6`$em9gHQns%e;U>vu;X$<)&o1T0
zxZxjRR2GR>lP6~3RcH}#Ku_DMY7XPpu=&F8r|vEP?@<7|Js8tUXo&iYE4+B#GJ1pc
zX)L#}&1cnO{Fd(!a6}VJ07V6Q>Niy!x~Nh!)FFAL-W6^~5*2y*p;QtbRaN2=T9Wc%
z>$DbB0+dF%;QT8QVnJidehSOwh!}K1BZ{$-ZKi$4GC$)mwG3qadQkJJ+hXr^y7wn9
zX!=oN(O+?^g-Gb$8eI?PHfUzD_}NI@9aro0@-SP&ecRKrllfAJ<r&`KB9P^k%@U`#
zRQ55=67GGt_2OeMiGaPX9JtIZ+CYqo#W*Fo>m$ld#<W!C2qrQG4*VbS&mLq)@Kl_r
zt*e=L?lZw!P~h-Kus$Qwf3JYne2ia>UC#LA4hv&33PkRjBh`#mcmhT{+a7_<ZOY5k
zqb<GL-xlk%b0IJFYndNe8Z?%saK&$hs;5fRt>W4=9G(C=|6S*<(Dc=BM&xHiOA<#W
z=g-}C9ns_R>`x-7O}SRw){p$U`J}Lkqf>)(z?l%O)eyAT+=VOiLB)4D?JAJIU;O<$
zCUmn_C(nQHNIu6FeU&TWEp|q{G50xmIn?K;tNCY>^RTD;VS=2rBe@iPfQEUCuOldl
z<B`&<1HDd`ROnu;8A{@&ky4bNBktUH167^gC!dy&%p3}nTg_j9=1biuukRGA?;7{7
zje8-*uOQ?1p&W*o`oIX<+v!zbs&n{2s9he5H8=Y&_Gw_5M_as{`^kL<XeH^Q>EiQN
z8?drt6>HAv-Th9C^xu2_Dzqg)+U-nJ{|25HFLio<mjheR1bg0@f4>)lt`tYr{|ia0
zzIN05{~C0v6$8qpj(5kQG$Y$NV%Ra*>1StHzpiW1m{d&|v_h(7EJe}HR1U3?we2#Y
zy$WNgiaUTljEN&Undv7jI+f}-u#31;JQ1E}v2NcS?wQz;TmFS96$N+Qj+fr8TxC7&
zcQRr0iE7P&Kz1z)uCiYZ?l%=BRw7$Y`Z?W5s=~yZ-iY-?&&OwnyjM<4CZQ;64OKYu
z#OuBYc%wJcv~LUe_B#v%UXM-RL7{w}tU<@1Py-Z9Z31=96l@x&I4X5)(Zw(9M%&DI
z40ICWv|hp~SBsv}Pu()2=~Ptgj7U|D{C4kQpvddsCbLi~bq<gI`rk`_z;6l-pM#n!
z>?5GNNe3Ywlh5Xu`p)qftXj^u1-RafMY8og%=30QtmtNusL+|eNf-nPzbFq{7czhP
zc4+=VCBS7i@i13oJ}3)f8pnHU5T{H4Q={shZT4F>L003V?4F|rrlxIxP0iN>M?|&%
z=$6|xvu=Tpiri=edC|2lipCGlQBq;y^#1uNR21gFN|>ttt1M<E)_L$z1!LBsjGL!L
zqUN%Rv3<Hdk0Nm!;DUXW5-@bmo_-(4E78pD`jOl;I;0&l>Ms+Y<^7gTmO!Co9Me#5
z9fH`K4e5rffIcR(0F5IV0s}TfYp9(whb3<3-nD4zgv{vYp&4I4=QPN*$PwSsC!h+b
zMV10npQ*2Izbe;G>g-SQHU^#WIta=)_G@{s+I3Bge-+b~7IH`v!55Jd5s@=;(0jEd
z#Ssw97vsEDu~U1=k$H2wZknjF!AGVxZR_~U(ri_i5VM45Uu$O9S|KN)X0!OFXX66n
zxHTwoN#XX!eO(I}w@Q0_r-U{!8<m2Z9+f?aZ8)G{fK0{9DxNx8G{c+fpw@-?cbAw7
zVM(en(0BwnTRcW}e;9wqEPRNcgj#3dPz^VmPzRashIHf>UyjC$zl0cFXh>;jfma$5
z{6t~Xy#6@EmR~(WU1~eObUhtYnD&Fe)?n3a=}p4meW`x@Yw7kg3=yqK68zL{hP>-x
zs|K;7`5Y7hmJdN$s}Q2C<hqc0D8PlNoRQr&&Wl?%du--<CQYdx74TFCBFsUY?=%|y
zjSX)2y~$j$qI#EpUbrLt0m>G}@G~6#p2s$xtK)Mt-(ZA3|IxQ?I_p2i(#iZrc?N<h
zg#;#)fu(hZ3%+!W!ORoc`lK~{?(D1s@PzeO-2LfYIJnrES9tW^xE0zA2G!s)v#eGE
z&F6qeKnZS>S!hj%1}&;yp^-(O-^&1$fZdM~s4U0*6j7@^j>L|ZVQ7v88P3pLk&x6?
zd$ZDzR49i8y#E78ID?}>>yX?zahdm}5EZaSPB6tg@ZNm>fKUE{2zmr?c?iQwI~$vN
ze7l>g|ITZLZD-0ZMkWHY25`8h-k&z{yv5BLCKF~ikX9EO4hLib-`qo6Y=PFVsrP!X
zWR4;2j%V+CK=Z?YuV?=i-rZp=-E1@0pfGvJd&Yfsh(5HS{>L^VA~b0147HYCm2h7L
zFG9MooUd;M&)DCq9vrioADchaL4C{6bh&FWtiNPU7brPLH}X(Js=yi95y$`ll80Js
z-#MU%?^1t8KLV$nlR!Tolml8Hdb^K@82@(&z6$<E>XR<!H^3PPnp0g^`9SH}zM5J7
zD-)B$G@jm__;&!H!h0k>`}1>Qr1920Ih&~ZRXXhA-as=nXyM9<MJ@AM7gINr_e)ae
zca-#Mc0WUG+9qLmE{CVEis_s1E7g5RGwuTJ-!y*gH_S}%SkV0r+@FxKY|ibK*2mF@
zOc@j>Enq!!l`=a9%Mi9JCgK-9nAmI6H{j?Kq`-MbD4`D6!XQ<>b)+$SYVAvhjrm9T
z{qTZid9YC*e6RqE5}jt9f2ZKf^ZfP#u7+|lvIG5SJ~<rcocSU4>r(HNkJZ>aT*5S)
z*y$CsP|L%a^CmGKgQqUd9FYRQB2CSNG^QFrmo~^lQ(m+Js6jpbNivb7pi=bnipHD4
zIPg*aQk3p~3L^LsG!tkm?D9_`FYhAK*h|=?Z7AOG^K$0>&r{VD{cB1FlUJ_xW4dmY
z1yZk8*|RHVEoc0()`S%Knrr06Hw5PK&>BPmT~qWMAbHKcO0g4_t*#TL^8FM;8p|x3
zLWzC5Y6kyVGD|9r+MoFa$xhi{{3IV07bB{#6?N5;o(eLie#pXZoD2+%>+JE&@=Qe=
z{J@-`#T!s;UB=~@RS)N#&hpU;flHQ~_p!7D#&E0UBKZAM6W(wYD@4ZYQb+`s`m?^|
zIn?{J7u-0j@o2~gZ^TfZWIdaQf%-*XZu%XWwF1%2-3b_Ku>M%?&!4kti(c5sCR^U8
z|COjS&aJ${apUAQdHzfN6(~_7ryZ&`C{Muqxfl(9!~%zA3-}!?%r>lw&H}c-3whK4
zWki?d5Ix<c2HvKuwMwC!LB>`Re*w2o^#|=LGOw1%h$K${9RuGF8aTe$2y~1c_6qSB
zPhQ)AR%S$p^)<=D8^SDp1vx3iQTkHzM5XyM>fAEvpUEtY5$Ll&x21<_46*{ac={0B
z!YMSXcb@wk41cw~luD!B_?JDzG~W-7EXLGNell)r^Bb&;T=lJ>wT>jJ@$Ar5Jv+I(
zU}+ESTNQ%NJlZs%*F?qb`_ig?SxMiwb`R)ffgtznULG<}$`#W`$|M%=N!#D3eJJ2w
z4Ml}zE9K`nl>FRniAKQC!1JK}$KIwuxs@P>L^CJHror{sf08L(Tg@K`j13=*0Jfge
zCW1R`Dt<aV3}Je#HERDAud@Is^@G-F05WGVlrT9#dve~ZOcbdb07f0Kn#0|Dh{AK6
zV}5Q)QUkQG`p3t}-#A#dPw*dv7T=USI79i~|4`tGT%+%IV|{T?yPK_No5{bqdd2G?
z7Wz?$u0Y^&joM%KK}dA?*w$OhTkPp`d|Tro6byTxUp}ou=kxLB(CLC5*j!jLg{S--
zRPt(d0&X2Lk5Y;UVd|{ft2&tVmhHE_Xh0EZ?l+5ScV^MF51EYyu#)@;3@cdA0mYr-
zM{@11?ZC3++WPTZdX3vyWPJ=E(@GJb{>|`N8Qkaq9U8<g1t&i(JAjhjVh<s)3m}v;
zkRB95-`|bF?%EedZ_`jny9$0{_chv|si&<Qo%R5mUGc>>g1vZd7)HtZ7M<r^;M}L0
zM6OIw^i#X9ZmvmTSrqpq^-y%OYrYGrLRWA}Ng<nYU=ntv`AdmTWA(L&rZcI!VN)Jp
z|CRES6`jDu7agJHh4U<|fH(vQg;xyxyOmrYMefP}`eRMi=z|-MkPd^eZg=u_;tB6^
zie3Y*ehNJ&6YIkkZt7-K>;M#FZj82HJk<OD8X%bG%{Gq^RYJv(+WY(x%RS=+ahW7u
ztV8@vv75531v^@}!zDrR!*t~=UTKtk3WPP}`;PExB#$2@_Ahl&HM?U6Lp{Wv<5v`3
zcXL<BJ_kV?JCcCwQEsC3JlA;pvNN`MHZ$Y(w)ISU|8q!s4g@6nrR`o3j4Pn<HjoL=
ztmOr-{3}NGcc@CaMH|?P#PMqlad{1VP4^A_*nb<L@3*<r!*xGuo>imh2HKGHTC&c@
z%lscx-yN6a`@LW8v>dsz;i_D@N4ark!yE~&9Hp75r74aaNUkg`M{ZNm+_<w;9GI(|
zps87jTf_-&R0Muc@6Y#--yfo&ulu<lUY>KVb6pqb25Xq&e>kQorp+doyQm_SWzsA=
z#~y3wr5S=b?*%*pPMZmw9R_E4a-WnLapE)!mQmz1D=d<ZEn#`;^g!tOtOuLgp)XIE
z8#|}|`==N5H^=zy+-lZ~I-9NRr+$=XdcnS$<DQ$kDNHVV_DfoN@JrGF>TL67YBJ$M
zW}!YMtl?cCipP0)d*acm&by1Xw89>+?>D`tE#H&8=r8C-Ep=ITH@-BK{r>Bc%$9He
zu?v-WMh3fM3{kc#m<wl-!Ae4ndyEvHcQgF$&B_mUiu@KV%s@vGJ8v;7e$LwdXt?wy
zYvbmVxO|4rSI>&NEj?bpAM?K<WOH!Ob-8Z;>6fLlFA7-_Gt$+nX<0_b*Rv!R3Nf8V
z$@*ud5`Ux=2$4)T!LQFGyu%zMB`cYJWm8#@owfA$`F=Z5LiVR&joQuYAgA3XZf)m?
z!6c<;N!>h7c`}Is!|uvm??vmkHGePH7D#swcfOQ5EzNEs6x*m5ocKiNSZMc>1MB_d
zk%%q`z<b-$tZA2b?5-TLGYS3y#=ac>Y~@{{iN#t3UK+Uk5Xp+%?mhEM$HQqvm$z~m
zKqr-SJsI(6TAH}QFQ5@YeDOA*ytAgDRrogQmjJwAaHVSBSgc?~H}<Zon%b&?wD=dm
zcuwj`YWT|c6D@s<;!_I$Ip{pD`{+LTo%Dv6@HOVn2VQhwR^zXh+Z!tORjZ1{q#Fez
z?Vr83E?s;y^HqFJxM8Eb_W&2R6Dm(yiF?N`CwE-+;KBOBNa)4tkoW#)d(>iY$L+^Y
zkvXPP@&bUS6I+-R4V;uW&<v=a29#Y~^!}ND5W_*6V`FXCym=`SRfcYt+8A9B2S$33
z2Laq7HgpW3rsUn*r^XTaZvjl1u4@qt9o9edi=4u8Z|liMJ0K69^Fj#kq_RIJOkc01
zA}fc{dl>>YGc{I6(0^T*Z&mPGO{H9=y<PWPl|bNM1^*nDSP35?*Ds}o19OEMN6~-(
zov~p!L)Y98oC}Sn0rJ2u{pN;B$rtR?FZ3tW6sNf2(AQ2rr&kWY{w4e<@&dHS!$UZd
zM8EsjoqffrBNaUpeUrkz+vdocMDhTr^IuhR@G2nDnSKZhwxf5F!OvW$`%2y)UY-lp
zY)gFQQ3B)gn#qS7lkGRG0OFt0N#@u{`Slezrvg6umq2scAm8(H{?%SEGx2n$iDcvN
zQv@p~NuFspqgO)RJd3FC3et^oU`y`oK+a7)Jl{sYx<SWM!v852pZA5_sK=L{qN9G1
zzo^bUo2w%05F|6Wnv}XcNu!6>O=<(|i7BmH1D{t9f<4rZTZ@pdEwcL0GK(DqD|L)U
zK78AwA8BJ6&h50sJRdU%owrNqwwk{kC@SpE%qHBYJ$U+C)al3)vQS8vLYGL;sN2tD
zUz4RkB*<I3=wMF5_p;r*rmx&>yyvIxG^V!$Tj<F6?yGs<Z#%q6Q#a4Cvh6;Ytu%PY
zg*n#|vAXh9WOEsk=c(al3RcRW$Sv})%z3k&{$>oCV<+{G8Dr-;Ya(##;`RAi28D}1
zU%Wu)G2UFi(V-io7<u%)P1UU%8a}vVI`8oii|gF<VjueG^@a1WJ~IWH>zkrVeTG)6
zHm!JhwV}=J?uXV7<YTVR@!^QPtDf)Fd;iOe>UUsu-05L|;UEJ}E4ib^uGU1plJf?T
zPhbTNi?rYx_k=r%&%`-M0TUnIlAD!;lvmC=W~qwvlL9PniGA2|a+kaPvL=Or73o*@
zH+e3(Z0n^BcWjWBRQLSUK70IQmn(lg-hOX+o+ZU=bSLa<?Kz{eFP5{GpXev;RkV-B
z__W2xnW{S3cZ$=4&o5;!akwtEzWx()cwD16(5=lYh1kMhJYI<En}4PM*51|f)8FB{
zPjuzd-rwUB3LAoa#L5+m7p5`uU;V|FxA0zOj#hT@=90|2L4F=>b7e5gQ%0_$Gr5*$
z_%BGGd0cW_R>nP;`iQqUW-wK~IF{#0+~8Ri2%tTRFw5uj8|fEBm=t)<@sxMo@=(l_
zR2Fr;r+2fA`)0{^D4)=~dF5@;yI-On7UqTUGhMy;tqBDsj~K14M8)@s#?mjghATT(
zQ`arZrzqm;pFN%*h8}VamZr?3dVzzYlPj#{h9)0;t$W#5n6a*j=A!oz0qRuk7T{sv
z@Nh1qi+?o-5>Va0C%=GZ>)tB8<|z;x?lNa@4FDt90X$_DLe)|#2xU$IoF#Wi_NL1~
zO9&8G?*(I|hiHzQM~5xLt`rP^S#K@iYUS5eo7v2xhE4+{eDb5izEG#@RkEC$d)6M5
z{PvH94h~k2sz$;s|4~&1@XH&5rKB6c<>)S+Gts~n+I!K6FZ7vZ%Dt66Qg<`}o>r&M
zSpne9fMO~(<fZg0*z%m$KFPoi1QYc2loI@1xuG!NP+RG^Wc8u-{^MH{**<Q0MSD78
z(6(ZWl{3ItACGqRf4bnkBjG9_^<DT<GY&kXV-JP@cUQr35_{D>sncIGhjpxOk?g-5
zg<mT1rv!=CAi5+b!qa-mFPi#U1!Un>!(%S&(ll7-Z0Ixl>>!t!%bnw#i=ic%`#L4N
z&d)Xki|Gb`Zxql!eE~*X(m(9eok!aL86t{<<Rtuo_OMl;>U(@=syAK!C3RN^$D*+s
z#&t+h1CD(RcXoj8ed~=wH$H)=?>^Rb&iKim$P0|aJzFLK*#F&R?mj{SpSFH`ESja)
zQK5Z`rxKU~7o5<oGVc+1BJc6-Hx_E6B3x?Py_-L%{%~B%oFaq?Ssu>fU3xHQ{ki*I
z)`i>QO?k`lUgxVNZaE}Jfn)Cao)vU~`R6!a5sMr<rvo_Wm`mNvjI)*=7YTD}r>%Un
zFc@i^vyIM3D7<;m&LXpGPA2y8J4SE}<Bkq9r3<`26sq(06<CyExN|*g2ccj2@d&T8
z`$v+XzJovUEu*zbyRh@HvN~O)@2?FD9~BrYgM{S{A-QM;MpYwHmN2P1UmZ>ipyL5J
z6eK?wO6X`6y!Tew$m0{({B=z(lBxVo<{f|c&x_m;-jYB_Qq-6{yI<yC4P(R45=P_E
z<(GssOgFw2TJpcV;+b<X-_u|$@SkO*(~4JY)#hT(`H?3DJlVD2=xpOhGRv}&))xb5
zmwLrkyrS;&w%)ttDbqXFF;{xZ{=CW#D0)d{5lb_ve=B9_+N2utbv1v0E)q&OxpdRF
z9WL_wH+nws-cSBq%#_|!>0_&>1vaA$E4hmqEGNm+S`8}=(j^m2Y`4EL8JubZUdZJ9
zerX>x^XIVo$&;BhYdq1PkV`n!ZosdR|BPtW+$^kO6@I!tn_v24{E|JY)=Ac=+oj8c
z26?~p)h-HOIH6_HbXHKVzOCs^qoANlT`rsT<j~oZccZ1>hCR*>ddg;$FaFxx$G2eW
zoTj*`Qb_*!>l#@%iQT*>@8~M$a$2!0eAHRAqWq9HN>b()yW_sOERkV(f+s2L+bct@
z@XvZJk#P}hx>>zfrBL}MQT%Xa599n-yy>7XJVyj>XV(E=m*lM|bb>#n47ta+FOLv^
zM=*Zf616Zpec3Cq%-%7y$oBEYYXU;N_gx}3n$6>%Pf|CMDASlLqf|XQ^u^3nT7gtL
z#Wflm(<Jf>zUYf)L#SA)(qnGq{)AH(MkmOz(J2RYz#5kLu~BhKQrud@?JT_K3@oH%
zl~bWTp5~lh@#98W&sSU9Ng_utEcgr?`42qE=EF^S;sqLEIXsURO1w;G#F0KgLEFwR
zN2RAE4_rqPE(KEu1NJMbC`Xmg^LS)#qsA>M1V-m_^K+}vmxz?LL~FcfI*xY{twdfU
zV!0FCH)s5vcbtPjDfHkb1**awqF8ijmYy&n>V*ccF;wJ$Yf91|0qxmuIQLWpf%fj#
z*;6Kin^EqF?c1F%`*jxE2X(%(LWHmSVJQKrq2a%=Lb`Q513C?qmGy;Y(vc6U<`6MN
zjU>>vj7|}R8BjS~odi+8AOv@Uza9BP?ijrsceynkzZxM<{^G4-D@DTRt<fE{Hpk1y
zgW%dV--Dqy-|viMMdj>ekk%_({3Rot%I+s43)7H-Exj&#pEh#T1ih~%_pCBs&cVw6
z{&fgWLo%fy2V)6mf^^j<<RET!$o?@hAF299un9kM@T2>g6pM11cu1A0o0Ep)i}Pva
zhPfGLcXz}E%S$u08^`4CBkWwZcU@d+?Q-(o^;y4qGG7;iN-5V)V_ppd-Hg!mNm`6R
zoh#Jlhl<Rl6}bo-<^Qx&9>D6j&}2{VDlyOR=x9{jPOm@=Rs=ZZI8ggnKxLX1!RAmn
z>$(H=Na4W%dMjhHKTu~xnzH1a^PJOBlmmh?Ok*E+c9dGV=eDY#;2&~l*@Na#gj9wI
zAdz6IPys&@q+?USK8~=+Lb8vG@PbQ_274w<g5{ASz?+d){^M-v-N(rxrwjSZK@Y*n
zA*%dk=S?hw+1bY~m#dFk#;ou#r4_vDA~3FhsOK(Y8hY*cfq}CylCOZjC|23t(&N>g
zdmUnfyEu)P_O$#&ld>AGHBzFWnMh6lI7oZud2h$=Ef&XTMDfB0ja6Qp6}A>|ut>;J
z&gkyly53Bs;Xla+=}ixTK&}5_%2WBIf!(MndqgH*aeQ7pk}ri5e4D3;5145G2>D0o
zy3)|_sq-?o&hVe?cYT(^W^rCzJ^0Ou;uKEH_u{H{IZr=mTv0315EhM$PY_(>V2&ve
zH9FCG<>#@|y=(JaLfms#-NO-CW26PtR?F@TOvD_9i4cEw6>dcu6PdChK15!!Lp}O7
zjpvOf!I&1&xDHF$3w-b2%l%Wv-<4dFmE>2}Rn40eh-D6>(TP_C^npq*tc$KaCGr~A
zczgplLFMvy9!@9nc0yP}a=3c8MDxj}x5%d!bqcgD2~3)Ebgd~q_Cw@jr3EhS2EG;9
z4;mOR#EUOv=e?g|IfeHiW@xD&36Ir(CBE6#TEuv71xC?6B<;{Rztp~l!v6v;j%UP4
zT0NziuF>o>NIhyrjKJ|>uP9N^$!F*>qZ&=-dKo(>gA-n1R4y&+(oZS2a^7t~Im6oC
zgKBPrYF|9<fx^(1=yr=dfpbjntB_pf+F8OcD=q*Kx2jhsD(BMD6R7h?iX7RbmZFc6
z{77NI!lvL;u#-7tsISO@$hxjrj=UTB)Ur+ij%%Tv*z%qjaPHZSldmTpu_cE-C6?lN
zwfcv2)M9O_F4VdozMRt%;ShzIZ*-)Y{1Ud@ipU84E}47j9WF(}bV<^nMPwGPG$k^R
zQs|uze*)|u@JBIi=MA@U#&49y%mpOmCrW}!2X#(eCWA%5w8p&mI`45i-^z3uowJ-^
zKTM!rIXB82bPC7quq|MeQJZb-z}WNL06|n`+tcX!{Z1Z?V5FL0Q&>3d1wo~wG|t?b
zGe}q0r)ekoapuk(sw;<!iG*1Ae6;=u6B-$0!)=%wl+n^!|Ez4MVZN%~VOo6@zo+v0
zmJ@GlNb|t8ZV$tp3}%Jg{?ma@+CBJ~;;38#KbGe%3t%Y9vs>TZo!6I_<nqhAuZ@x#
z;??9})kyTxZus^je{sZg5IcDJr1r&chC7N}n0q^~=4q&^d8{>orXfKd;#``x%R-q9
zCTa%7&dMt#E)7h%2>$}5Q-aI=p9kdSj4Zb*wS7N)=~T7TKbGx|)osA)8U$yPgNG(D
z3QxaMea-_p;m73SXlXl5(jDLfwD9fd-&4hRidPjN<wx-x+K&s4c6M@w2eEI`B6ofs
z?>b~4xCv~Sz{4%}9>3BbiErHGLE3j0OiO>%bqle}+-G)5MjmvO+b7GYXUB~dn~@7M
ziZndy`jU6!4&#4b?2rY^zR<|Y@=^8^eki|Gt6}^w@FnNfCov02Spq7bp_~5k9x=Wa
zd7G5KBG@kKQNy%XrPcm>P>TuU`ff``^H*U#yv$TzQ~c?WN3n(#OC!0KRkn{+-x~J?
zj<UohsoBcQTv0Llc2-ceZo|K>R$$Y`K$6<~MF@FL!J^NiI5Lgx{yV|4T?;j9LoTb3
z{Ie(fyU5G+0-ubYDs#`h-Rd0MIxoI>!2RgEL}>3wzKQK5JC8g|oFbo5*|+FO4uj~-
z+FoOQ?jQJ5N45;4owypMLofTsyFB_8Kg)&eP}MU|pB*+Ta5LGvHK3-|q`#Mu(}j%%
zj@4b!?qK=nAS+pAWt7ih4XIy`Cb%9x>|zk)oRmn(11g|-^uCD31KA=9Qy@Z00|@)T
z>%%`Rd$HHh-^YBFBz-GwAHUJaWiQHRl&L2E!Bs(|NOH<YmwsQfyYcxL{`sM1>mAwJ
zdB5ol{C!ShV(&cd1%kpbL|vzGGzI|mdjJL{3OW%sbj5J;B|xM!*glgc@-DlcYQ@T-
zG2ao^cT3m0kDXz+4&!0yKTu~pIz3cI@E0pycn-Y*cOnXg5(&XG`=DN`ERBN809G|T
zn6bl2#?7}c1zt}=u=K7e<|kg=)NMS_Olb!`KbN?^mNcn$x#HLUOiNg$VxBN~-_Lxi
zAT4%6*y-zEL})bm@JaYSsPNw=9|=wQC{ImLC#D38rW%j2v*_I!g09%{|Lyc?-sL+O
z7z64O%WfUhHZ;CQWp6T*w-g6eC*=9{>qr-9y9sB7dQ%-|(lbh}XZrA~v8AQpa+zU{
z@pv|Qu!;Jbynn%ch(N_>@FilU2E6G(W%Wg381i6I8&a94WxCy=Ax}bVd=BYRB<L9M
zBT4dB#jAGmKDioW!B$(}g$%FM<Px`6J>+Y0G`oZClz#`W@Cn)hbr6z{ybI21R(~%G
zF&AD>FOPR<RSqbSu@KDseHCf>8q=liaDr>7XE~-E!w6L*W4&W~=l#<Wq3+oSaaKwq
zPr9xd^yK`JcxrrYF5GMj<$fRaS9D-JacNu=3-o`TpIwhEh;!&t#subbz7Eho^6l+e
zfmP`+Dm_P-b;vh_-Y;hzN}UfYC14$2+8`f%QU-roeNk}74LSP*T;f;I?<OM!cKfeL
zTO{`{8zZetkm6~9p8`R5OcX4I<nN>O_+R47tv@Av8L(=TGIlF>eD?R%ecriinjDW<
zmL7J>o16lhv9BA9x_T<Int8BFTpOmJYOQh4uHO?bEE@f}ksD4oZPcgih+l4l?#;$&
zxQK11u{oHHVv)JeOTTD-arJ3gS$TN1i=S17I^rP*KI1A8KWsFdp#9ut+Ty0Xl+lZy
z=akL#AH^vdq_G*E-spaKF!GeYjAi8*!Xy?c0^@wir+HxM%44=`0#^f!@6p0fIwKj(
zZyIH?oeUY9U}WMGk-|OB$2VrZ`O33I*g^~QG-Si&1%ym?ljGO3yJRNzW-7woZBG40
z+1EQC>Z`@3*HmAyyBZXFn!m$Qm)Q(ww?c~z1bw700{`VUz6iZ=cZQ?fQ|rxV{GC`2
zs|$mH%G;ybJL&Q;T$tp=;|w40=@wsLrC!|57WgyHnoh5Bhnd?y9>$sb$8Y>mu+#dy
zZ5?vtKlKP=w#uah<R4;uj~c2y7q7e9ZcB9E6lwN3<eF-vVtc4&+GN8Sp~)Rl)tat{
zEl(qHax5#@M{u3@pz3t9364fDuIiT!q=`^sRcp`yq^`G2qsXN?%))Ld@4WkD`3i1f
zh-!z!W`?HHjj=k}<bo;e65ON-tB2+J9dv2AmD6wPyPx#w=6H$!Z}&S2Mnnw<d|q;z
z^HWqTE(lRq?>t`cH5Srl&V}wt5J0(`*7xfWafopk9^QbOc>x;4A%<X+@F}V(E!Gdg
zoyU5>)h3xV`sh^xYXqz@0;AGEU>jPg{Vks@8pP3ad~te091RQ-)W|<Z=IwoUxJq_I
zg^+IVm1jsy;Ep<Q=Lugu)G(~24eDzO)6;h5ZmTif4RJh}W{%7`3?LNDVFVduz!Q}h
zm%_sH2HYdfnGrc!gNK>w?wLCy8iu)CSmD($(U<TZ3->)gK^gGOgPSp{+=Qw6*Xks0
zcTV4Fam<V01^<i*^9!=U8)F@qibxwi1*@#))N_liw`7GDTSZ@n*9}0s`=WB(nXyuN
zPK(=Poe>`-`ORft1c#vqT;og##lerADt3AuGGb3{`5czc7HEVE8x5N6=t*=>-uXtK
z0$t0bJSqM;sEW$SdgRA-c}Z*D`&A7tCw<9G=?07MkFj}Ic*5?)-1fm2mX+ODsAq15
z1Oyatq{KfX*bkjC#CvK9RH!ykjjjG*+FPpDFTnk}5oU>ugqK<nw}RD;I{_;+tNB({
zkQgT5a7!buK9>j*w=O!I^XpOWurnjOW~nf{t4}40nFTe|UuoQXfgBj=mX7;ZYuTzS
zbUyThfyYS2pki;BdYzstx_<B0lf3T^?rU9{8kk?P%Jp(jG#-e!sHkwLIB<G%l$2`R
za<_lUnUftO-EmP7wJ_427u7w{GI`q!NIB4=NiAS}l6N1B%=f)?V0@}2phhF#Q+P^f
zTv%K{2*e-%PFl_-Sx(^G{CohT^-m$OPClhD&-wwr7&a>-O<T3%EUC;{<<zZCNFkd|
zWSzX>8>RE&7PpNu#aR+PxgXtGFp6Qbd?!?PR@}(r*w`>y^1EP(k*(j`(!;2`74I*3
z8@=kgz;k;0>RyYj;*S_Tru51;!=DVrN*))~*n~L`focL)O`7B1{WX-)-Dn9V@kRrx
zx(_R>obsxPHTs&M5V$(Q^Mlrn$93JbYh)d|9Pss={G9$i#yEkvMsp8v=3YcEfgEoA
zrg2~mQO<AZ-&Sh%2>$}}*#u8#h1neX6}mLtd0cC&@JIs)l{haw+0W$irdk`i(-45A
zD0uNg`gB|N8fSTPlz>=3thGity&{M}H6^kRQT_CDTPV7~Rbf#0Ir1K=otqqWtN>Kt
zP0iE8!QTV5*%q76XcX(A)A&}sypJD!_5bVm&_>(-aL=jb8hOeuEwEbHqV5&@Z_TVw
zAgM~0=4`C!tKrc^I0j`xo(Tj!CAyP0P>3lmeEX(WC4lbpC`JiHUZ5PGsOe$=VwIr3
zoOe0eDz^`Ql$Q-p$LIvag2R52T6E~L?`{Ak`DEH<FU~6a4ZLuOMX+@`uoTvf$hD@M
zNzqaz8$sJS{<k~uZV1YxNufGol`4ZFO$}FBN|81k+O}@Mtgz<Q=mqK@wcRlfNVQ)%
zGO)}^(ZMydem^WjfeDOk?pd|yEA2)Z=9<5OzSb1s(AAv8NAVk8At{K=R|>Q?4&tZk
zS?*42Kx=mzW~)>jrnO<UJFmqZk(?h|{o*+Ik)OeipE8h)SFyS4+m*9f#`5O8AqCB^
zo(AM`YwOP7>w@JIJ<qwV=A<r)y=Qg*sQoGv?+33QJpEnX%+X$(m>Yp|56Nyh8T3}e
z{D-_UsmRYNBF;RQe(!d}seMASbK=2YBKPpb@xfU14)Vp3&fLD$0;_iO;+y`dRI)00
z2QwacagyFt_lz)ubJ*XT(Q?zGeqTY;O@YD-25z_L=nmMfXw?m=m;PT@++U`=XM2+$
z`6H*iAKbyk1}PD~_aaM1eU%SVB$H4i4!LIK_O@TvuUW)wxEc&8NpMJ7QiK!<UpF^Q
zD~mmAogBhe7&jXAHcP-B70m6L@$q{8*cS~&=XK@Okvk^yuS`w9uVYQwJGui;z?@=^
zvrE+<Yy?JL#s&7H4^8IwYw}iq?QW1xEv&c{#<0Av^5iPZmKONq{7cwjMV0pQm5PhY
z{b*U9>h2!x$f(rg`aUBrs}DCbPI<KI6<_XxM6rS6M$U_yp5f7tOVYnX%eu8=6Je{z
zt*p0&;LB^Z;14>ipEoBW7<&-Ps#}PQ`3EF%sWZpznQW%7X092%+@fLV5=OQoTQTP-
z*P}u*W|sPVzCG96rQ1C{3}7>QA^paA>Ew~RSia&dF1|4l2>~In{3ZLt82iUywu6L{
z2SYRn>#vLV(b)p?bzKy7LnB*Ba$~VEGex8yhHqb@DTbdo*#sKfpZ1#p*dqkh2I!?*
zI9sr^HR9TD;^<5aVVGV^tZ2XB4ZYRqL*{O;NC-sep(jsZ4We)umLv5?+{7F7&zQF&
zBUri2r>vv8X&JlK#B>Ydfbq?CozSaZT*zYuM-dmAAV+;jqiz2ZTJOl)fswfxORMk_
z1(8qTbqr~j$pQ3YO7x~+ffgd3V)Ot*T~|B;MbbfxLQ|3%yX^!HKdlSP3(<2EUxurL
z&L;?o=1P!(l|zu*UTx@#Rx%KI`uxzf9&zp5(CjXP@FXlXbk|F-*<5PElBfhQ0tDP;
zS~QV23nz(9rbPRJ7I26@n8EQRA<$$=7#}22M2RM9GX$q|^pc+CC-SmjbYe@O*b_;i
ztK@RcqWxK!tk8Lr-L&cFH!jEGQXUb>IjltYL7jQ?WnGHMci?KjVKl9N9XL1VB#~F2
z#sLo?ub6jjRH9<Jh0|AYHBs6ejN6+3?!kDF8bTDKv#w83=DisQ{q}w>P#UyvlrQ}X
za{r~SaIZXY8gx~fV|))>lxKdL_jFpN<H~l7%X?XHtU4mMLf!q%PWdcv#}9WdUtMwQ
z(}B8tVYN87z0Vz(&}g89>!jQn*T+n{H?;;Fi4yL0Tqs4ghOdee)aFwo{?+evPJbus
z)-T=om>zj70w)t}wz)2z;V#guE%(whVjzX%J|<<y3d0-u<1LT~P6_9J^b^in=)8)Q
zz3<+5OZf2<ly<%^eNZ)|BN&l+S2?2JTx1@7E+rM0646rnh<JAA0#tIAQ;EECz>ewj
z@D@DGZyN!%M;!cJUW57j;evzjysr-ltlH`Ry((Ek{IfRMADTy*3?{7Z$KFWa*c|vc
z5U7EXo;<X{{G!|o3OP=V8&BiR&5*eZu`BXCe$x-WxnVJWcic6jlw;hLO$H1pml*)d
zgPA{DK#Er_?F&M#6ta(B{_htd>M8Qzmc%PfrjQt<QCj(Dqpxw`8l$26B_VhZy|?TG
zW=v8bu3G(K_q=uUWxNyvUut)_Ca<Al2NoS1sVi`tqq*t@ai&|(6fB$w-?-HnbkG+y
z#nPW!G0BEA{ys9*P(9V|a$U}7l@sZA9<KgPNEhAr$J*5Ba(7Q<tPCTk^)`>EoWon@
z7^avCrD!(Wz}lYz0%v)u**L*x?QOZmZz+8*{K=#sqwc_S@zbti@nu1QXtrB{ne)cc
z32esKosvG+b(&i86i6yqNS$JcK`0(~mdKkA|2UhE^|*|tm59U}e;0E}7K^mr(B~J~
zpM3stA!ZB0&|H|TrS7>e2WleDA{#x(_n$o$S+W1vgr#v1bm(0`<gEeR)qtZ=I;Ay}
z?O))_RR)j^kGR_0lNx(Y1YcsAGkQu-wtBRA7}v_larBa5H#nes0&#4Y%d6E|V-@tG
zIDfTbm1L7MaqX9!bSgQpn)7#Ckn4tiTBAh=ILM;-Ab0$2Pe8p)dNd&m*GP2-!u#K4
zuaWDAsJi50dOtOcKnufR7eU(%=R|9|M01`($)~y?i~hFjiN$&dE0Zv)|I*{G5ysw7
zlk`#wMAzc*y;F-c8Q|rxzst4qU8+BZ%H*>2>vX!Wz=v@PIam;xE%F%K0YlIME-oG*
z0Xp&8e&#oU*56x6&pY-T;iW{9&Hvre!OLan-#0bwD<<B=asqCrEe^!KFr;EbuFwQK
zh>()#b;+<|FCl0m5xv{~hPZ|@xprTN9zY5pM=inhA2cgaO)x4zBXFXXGv>u7DwHdt
zm6P$n_P<3DfzMO0s^p1FI6_5us7=mj1^h<%ch0KNmZ|*y@kaMwnhK`XzS9qWu2;6d
zVuy6}7YKXVaQgnryU~4UP<M0l5Y_#VP!DC%LY#Hy3e@EZYjvrWg@EjJe;-<;BcpQ2
z8E5>g5%}$CfJzT~tHPo|vM3KZ((8Lrdd7d6uhn-|j}QQax_5c=m+{~j+n=kgvM+CM
z&bwp?Hd#0t73H`KmgKnenJe7VFqbYfO^aD=73f=t{IS%mt@#7b)6-S&__zRhXN=YT
zYA)-OW*m0#7IelR<PdhJJInyb%K!*as)od~<OzM8v|lCW5}Tc^i#Ou2-vbGWY@Eze
zuR|T^b?koddQBh2ejJf#nxF+_G~elL%QbDy20CM@u-&0fL90`B!%kL(zwEb(@IWg7
z76<kR9;52V(N>FQ<5h6+gDn7AgMMmE{yB=(yylSLSZ%xHciK0-evb<?rr!1E=;^$F
zhljjLE>gYc&(STHa+kODdpz-@7tM0kmHm=m1r~drGe*u@$lMo#lnEOcBW0|(B%1UB
z?v7QxiOLj`U^TNbRnd5e>`8sNKarJ_OO@cydYcK$Iwf|F<c?5$XSEC`z+;(U-i#Y-
zMI@UrbGMnp6sv|&g`Cfh;cKa|jad4cwaPR1M`0n!`dT*Rs!Youi*cK;tZx8rn(B7z
zysj}**==#ft?JV~7Ca@|-{Ze^zq_jv9q7)zE2VZh3SyxAGIjRKnO(NMQ{q>6es~QR
z{#;F7iO}RLq47ZvU9+u2RI}$q-I$Oex8n|SSwNpIZua_dh;=4Juqk;M>D3-WE?gE!
zWs;Mv7iTbaI&QTclNqM-pMdA?0;iOm(oy?Ddsx@Y&GF_hW5qOZ6r>YK0R0izr#z^3
z=~aKwN(A%Y4W;FSOcfWIK!m{AKe!C7lzgE4f}F{J=%z$3nmeHD=r+buqBp#hc-l$B
zv^8A<!?v8l-`_yZG|h&~2nfZ#HGaL>O#FtdL6W7MW&LY-U*bLKuu!#eqH}P(Y$j)=
z--q^c2*=tpV7)aWM;H{IKpb_^9L0%zr@o_k5%1Df0P;>@3i|^-IpHFn;|*khMF&hR
z<+(OF9>i<1pFy<hP<=?+rl)bO)}{C%pyqaaGzfIHXL3x~0<U^eOYfk<FL47+Y$u}e
z@b5T7qWca=kgRebvJ9MBNJN!hnUd@#X{Az_v_4$xZOrkIBr}H)d3KH_Vd#-Hlg=Pb
z7TMfTv~&22p$JID%K5jKZlWZK@7Q{eODNg&Y|0-$bF(awLy?~_6r)-pCHjRXE18js
zUDA!nk&~DwPn7_I9q^X)!Xn$Pw{|xDxY8<I?mcJ=J?t|ehX4e-_tD+f!#{7;8e7$X
zxn$w@zwQwG?qQC0Vl~&w!8$%~9@f_HI{=v8>kZUF7v!F_lQlb9&wPzV1Hq;%k<R6(
zYk$4>&|))UmRirES@BkdRg-jTTE{hi2eTsYgZL#AyaUd-@y5zNcOt#H*CpU~e{gW!
zz}-keb2AMEsXXUYzq|*xiap~OvzX;DqdSfO9o`qSiYpq(DcZ@Lwd}ZD?<kyy-%gtE
z$dcz8e3p&_b>Yz~9z?ei6i!7gvqg<~7JBzOQI;X-&9SFq-y-~cBcpf9Rrl-%l1;dh
z7xby8FXB7Vxpi~|y{fRiE&dR-SEEk|+)_IWZv9E#?JdgO`FW+$q0I+Oe*oXv*uIoT
z2|@i$a3yptxH(f+;QfKLs~bdU!{5*k^?Qk!fCgHfXszj2c8I){kUZEe3z>#Au>?}l
z_~ldo8u0x45Yc~yzWm>x{G$u^EGkTOqT|5e63>`b{V%-ZR~_?LuOh9BgumG`dzO6~
zlUEn2!VNOlu#J!0>1iEizvEn9E?DsA+?qS-;$|D@=;HO&wXt^Aw-i_!wVe(HQcyWA
z*|CAD)EMCP+n4oUaQpf<R#lKIGMyv^&IM3_YCA&BDG)#1$GjiS;-1N7DQunTcf0A`
z?aP9^p89iQ4E#z5-Ax0|az^>*Wh42Loh-V49@~i;@KL1=Q~ArT&}~Q~{beym6>JtP
z;(9#ZNyxi97dUv5uFR7nB5p?uz9p0Xs<xkad;~H+`-sV3ucVP;$HQ|{;xwOs=d0-n
z)+0@2v2f1!E*%a*4@FSD)zdYrxw<p!dxnp+<&@b_z02)BhqM4zYxF(*eX1C&*tyFi
zqJ!u)p?8kF^7oV<y!Upe&mss_L-A>;p<v@r?IWfpj<J(eQF{D}?npY3wN1|Nib&GO
z6N?%QZ8coG0gnxiPiMpLFLXy^7r#CnJrR^_c`ZM9W(w78LwcRfc#UqQARzwLg=kJg
zeizcUY%;SYQV8KgFd8o)7mNI*E~pWn18urU6Y0=dmi&jJ2xJ0Qjl2~)-|K<Xe%XEd
zfxXFLdfp5`Tb)n7q33KOF-HEFU;3K8v~MH3?V8U@^6HjaL2GiTCy-;MYq<J#K+6hk
z`%B?00P`o(Nfmp9%Xo@eBgTW?2ZKg&h#uH7{1s)FY^Fjkq}NlWm=+~pwKX_4*3EE5
zq7zJyTQMF*mz8?GG-_<nQ}78V5chW|(HG$Df(|3*pHG+I6oA9k!udahz8l2CKT~o-
z{mIGneH^xy{Ei5-C9BcvfsTUw_8qYh<=n*9H?RBXrMYP7^T=s|!(@ftdnZDlw|Kj@
zi!i}1WpRTT70AOO``_*)hsrE*OuffJDQ~GC^MstCqZdX!a|sdvKfPQD@~M41g_8He
z3ay6~*g`R)8TG6hh?;YYVG;-ahoS^tm#hcKewV$<2u!RyXKK$X#l6gB&p#u`%&KR#
zyy`<^nXOKb9AqZ{e!$y-io5qQ*W#H0S_6>B<ox2t1%YBO$b<!oJy!0iZ(gnfH(b}S
zcvU;2l*t_P+&3@N@Jg=a6Up2k%>R%+Ui|JjkPC(^EXp+t{{%m59-xl?#FgFwLTp;6
z$2h$(MgO*pcZ#WBT|DNQ@l#vc4IV|Yp^Xz@@Y%)$n_>y72HMhZplS2?#+7B*^MjqW
z{F*Ej%%yN=vpa+kb6X8_Vbm*^)x>6IH)HBr18+Z+Sb#zVRy8bO#!C!&-Lz<%-#_Pu
z6H_-fUEM3%Buj#j!l4b39FPvB0e%N0d-%hR`*?#rDH-rrKz=|1uRJc0QO{wARDmzu
z)&h^qk9U=sj{i#zo-s(95*g0C!nE?ps4`QxCz=mL)JJ{e|1o*5P8hG!n56ELFI#xX
zuswK1<n2Caa3}c+o%<*<BVu)K*>x%U=xBwK0-D(}`%~SXVm3+~_ny2IaJR8pY)RbE
z;ptZj_+EupKGx<d1)_PzWDoi}?xAXqaGgLz+-=rt5dz37;--B)%nDNP9$r;XwurdH
z1(9-ycz88}gZ-vlWxcGFJ$#M9kUvH`*Yr^wchDj?kLNk(-y`~SqRtkIeX)p4Rlx7O
zv+xR}5~+(8A*~tBu!@Dtzc;ZNNV*y%x$)re$&6!&$knhL0zzLy(@75+0XA)WgOhlz
zGqg>`<^JE$+ic{O?7l@B_m{F^oQUj{;A1~$vIxqDQqxj%92Dfj)*b**c9VZ$oq_7k
z!z5i1|5B!2jnjU%-2DL;cDIx^Lmzfyi&tXR{Ky|19<ST%;a`y;gS^c)98ae+%o7V;
zPkQcGwPsawZCy9pQSj{kWG`2nO!*aQPX+<_;2^h#66t~x@gxeOFVH55f?e>*xiI~9
zN|-1@HOZ&rL}DK`XDN&U_UzrU<_KB87jgGJZ)xdkqC%^H_e5CxcKf8NkBWhmIVv{a
z@;e?msAEFT5WaviQ5Shaj3tKBINC>WSm1lCKS%^<D{77tmuR&o5|b%*H79rLlmNy6
z*!|Y>Ni!-9rcQ1x_Tvgh$lH)*LA6il$RNP&EJ2i%BA@oD!7V`BHwd&(i+S8M!<m3*
zu{+FE;!Z^FeNjSWoi?XmdnT=r6u|?^kofx*#!birB00p0C?vYsKMs-H_X!Cx7#i|1
zt?|vvvRG)Xw@CY^h+R3Hf7WQ~2;JA~BV1$AM97IO1Jc;zKYE0PdKL|lTr~@WVx+7!
z_GwzBZrgaU`6kh$3ZoU*Xny<l^x0OFD!#Su3cgkT<@36MiueaPHfG+wPEKR<twyrX
ze4Y6I@$LHYJGih6cY<WD`w~i9=f;Zm)t7z=@ej(bYb6f(1*c~IS=SbSX}dLiI)fFG
zwJLzTCrrNg+>gkQQ|VbG_92ZRFFZmBMK}8{MK{q;&%@c0Z`AvSvUwNID>0UpwWhI~
z8aIzUdqKOl)bb4HaAo)hr+C@RfcAEYLxLgiYA!+YmwJtPMF3HwfIbAG+)R9)Ms@(;
zJZ3zX^Iq!4i$Nq1!}9<}wso%{B?dKU?mx?LP5*fOFl)Y2)dW$l-i0q4<u65D3`P#{
zluD(ur>j4>gpmzwIDb25-S4+}kAZuIp`g@K%SB~#*XsK54yfuAtp}I72hUo(?JpCD
zq?g$zH-jFfl~I%&KFRE#kurOv-ybclvU4&mUSNicf$w9)yZw3_MYquR>}NvYjJv3-
z%WGG@kdgzx5_P^yQ-1m6e!i3t&>whIZq=|cawDih#7yv`Q?)mw#k@zgu8D>WoRN|A
zeGKABn8$3MI>l4%@UuXMsBG_=%F&j1lKC2c_3L9b34^qrE%v%H(Vrbi-60W27MgxX
z#GM$VYJfP{<6<d5#QzXMdK%{|D+xzn_HWg*-IZ6HPtaj>sj~qaiS`L9tS@#Yc3R{z
zE>qQpCz4K*C}2?O>q3^MmW-!@u`Rvo_6L~w(?Nt)@&H+oPA&=4;^}9h6__=dbHtyZ
zM*tl7AJ|I!_9Yae4~_@W?mzUd6;FSJ!}h_4sDXRVPz{l!8wL6a=S6?0MCiU|fYDB$
zn<+iWx^d~jMmHyzc@z!#$Qm}`Tx|_+3HtPe)K4F4VXm}29)Dx}^+jIq5_$<<`)|!&
zdSEu?3;?Q~w~4$*Bn^}QTebb)sw_w685GgxTPmL>&&KWrNMVO@&O6k8`tH+>0@7@L
z9b{t~qB6c$APfeyFl|4P1LrczzZ0o}AN<LuhTzMs2^&6Q%k6}Vb-8_~7E8GnUvmHV
zhH$?kh4O<WF*@53Q7{?6IlDJ)!ann!HO*_kTC>(0foyEU?U<;LqkTd3bftE>KGD5j
zr<wkmvS&9%KEx6QwaKxW<WrL~2DNak#;ev-XSPRK{j>pv{%L;A<r53Q;yX*OtZ#6m
zKlb2s<h}8k6`cpm-ivu_bnX1Dx4z@_U^maIow0-SgpHW@m}V$zaPg`j(ju+w{<w2x
zbMdN)`&Uhoygz_?wiyRGDOll99n!OUA6^GIJt`y{&-JXvGuR<RdOUy1LYPC!?<^O~
z6bK@@q73#TJiN>M-H@yq<qY5wmb5Z(`u2=ZBggQTe8^lDM@W`bLF9;mf{0F8DmcIM
z{*P-qKi<GOma!i{Zz3-0ix`?HI0@~3J$po6Nv}MEF<e-~GqNo1QzfluHV1spbIAmK
z!$4$g8bL?@D(NB+h39}u`W=WL!ye=;E4a+Fcy)w{A8B76!uQ|f6@FwsSSQC8Y5R#C
z((?$6Wao6e0zhs4idb$WSSK^z0OC7*vC5SHqWWFHw#N9s0$b#{egjgFR!&g{7s>1w
zFr<ydjkX1p>A8VV9>FeD9dj_Hz7FN@U$#gME@SY=KFa|c4ga{I?+iV^7FvR6Y-(Ho
z*#5yRV`JB~bn;E|jerV~n}7r5N|gNd^KJp5ds+64J_rS4Zs_@hWreQfFimdeYvIx7
znJNk*;@NvnMYCB3Hr?;=tQD-}yI5(I@A57tM!0sdaLhjcb5t6eRrG~2)o^1brfcVl
zRJ(I;BrEBy1nsl2Gui2hiThZ*jIceq9DDU<gGC7pyG@V{7d+!n6qc*yN{W9saYP)W
zu+3@3$aVq{*91Xb-LD9X?=KGd7kmiY$HNR-(UhNn3u_8+e^HKYfX<dxzVZ*C=svd;
zn~MEck>1f8fUdda3^iOipDrBF;K$sVAe|I-$(WNkYQ}w}Gi+tJ#>E|fdhV;9tg_6L
zQ&S$StV0yP<PmykTlVUHRg-0U1qJ+e#^WohiPO*d5D`oi44)*jVyNL{6)d%rBuk_$
zg)5Rue^bMj!Y4yJ1E+2thkt%_EYHD=VtDj}ueT$CDSU|i-y5wmB@EP6B&t0G+Yd>L
zY7~-Boq%Gk$3txfQ@LaYaHHm$rd+aoUDRh#_`~wlaq2p>-A+Q99Z;r0lcu!E>d9e}
z1jjz<v*<H(WrG9{QC2PXL$!h$yN59Baec{Yg{c|m#XOQt>vT}Y^yL`RVp~S&V%-S}
zxXn?4DB?079(j@DV`vzWk#2~>0!Uzz=I-ab<8<~rHHWJ3f>=6pPhfq<twYo~tk(HF
zuy2F#d&_Iq%QFhpoE}oaZLAIj>|IR@>@h6}g#-QcvhAxMKla<RoFLS`Ej7%?oeMc%
z-MP+MWc`&n3_}gL4>;)Zhxw%s{BUp36yb3%%Hd)b$;tDZ7Od2j!?&8`Wcy9?w;J}|
z|JoBA>Jh*5>w~~QdOUJMuu;7xxAM-o@oj=z$6XFbCx;||CvI&JXhr*m!iu(5&7a^v
z@A{p0vnv`y7^^r*_ZwQ~gPwuH1cQJlDLZBJ$wK!qU6HXRE!yfs_=xg*7^>BUTuP?&
zdrVtos6-3yo~frl@qUXXDb>xxF#FUQ3_Wv8zR}B~LsE#~cTG=08+wxe9g7Q5+?%uG
zo=dplu_VWh1euGwzC8OAC2;CK+3f0im3Sjay&5BDQ#z&@Bn+B;4R|Mdb-omoU5baC
zzs&hA4YpAR&)9fbY1Kfr#8`(W1U6_siK!pwVr#R&UqXV*?2A{Et;<803Ima=#WFy`
zD%&=L$V1u;_*0Pu91sYSSd)Pa%#zV_L*m}Y^@H2=jIVmW{xo)twtipn0$AoXBmV~v
zivpoYoo8mxLWd_#*1=i+V&8|;c46=Z!OoRJpsK=`Q_qN?kdv?U0hg%{Z$_fa*oK`3
z%A15#@FG|HoxM!yvoJD0c}cu8HQrV>=dtf6wmVEZnpF!N*5ZmhaLZ%60s($T<FXGg
z%8m?k2k39}jfRP*zq4DH&%`BlAK&aqH07{2db7QCmnSvTS!&tx=_Q?8%+cjbh&Ni{
zxgzf0I2HeJcSPn*-v=kio&B+VT8ewawE&xTW-Zi|RXO4SH2@{=TgJa@lW``sKuKLO
zB!9_;4TmbK(;+$_)CMg*0NDzZp3CremX%?k3Qpgp8v<79#wo5{&;~#RpCA{|jiEE!
zGy9GvWX;pRNMEExgSLz1aFWA>{^)&bRy+@IjT_W&Fi$DD&pkLa>PV{%hWFec;_I48
zHq*DJ;~RamyGb8fOLOno0k)NisSJP;|3f#xxzqnp7oum3{bn}XnQ#it^xoVsr5s~3
zLge1oFoC1<NcaqW9IF%f!r6zIf%m*GuiW(T1F94#+vTfAY`r=RKuQAA(j<HmHVe`@
zqqWhF*UhG+QG$o4pN&4_u&%@)pwn-JO^md0Mjc)H+ddhoPg{(dySA+%_$4t$*XH^c
z67~fU_LSFM5F$_3&BZ(*7m7jw<Q)DTGY#A4_1O_PG{?(mEDh)cqs-ZUs5JRtsQuJ@
z)C@)kg`qZ6m<Iu7U*)hS^pe0vkiBY>*5Q3s@~OSLVM1T@9yOTAyQ{(nz{P$YN;$6H
zXS{?qQ=KX1PjEf?n20*8VLUH<;X&JKao<<Wf-7JqT~bqbuDo^1K38qP3PTuRaxc!o
zG9hFDIy|i8ZZr6Kax2_EzTSRwx?G-=Gj9;HI(at*^Wg3W%*XEeqMg^XdnqXxuSgrg
ztGPA;61f?I*R>Sno(2K{T5$%C3YPy2&K+F@1h2TvsYPw+moC;RJL*dHeR2?YRgFYb
zpH%IlmoKsh7_BZ$83e@1SV`WvMYP1}ly{)wGk?$G%Jq$9QsnRRVm21eVxFIGRCb{?
z^+a-*UuwIOYT;W}%h9vm4Ldd&bbQn_vUDW{auWBDs&o2?a=8^-ffm@^Q$B9n!M=l+
zG_nyz9!LhcwoBpAYX>Lkx=$nv9q_po8|s0-+noRGn;cg>`{A1Nc_Y!kfB#%@U`4e>
zF%o?jVghs;w&VSf8t`}!66q3fg=C9&fuvO&c|%aH5G@A1^orGTdPv<JbE-)XQWjj5
zi#(Et)L4w)8Hb&#0Pk(w;eYwh%(gd`qVFb?7MYat?fIiPOTg+`&{kC=Yy1YlX3ibY
zdv1o^J0f$xBC8Z4l=%Pdk{!c|nr%@pLc7H#f+~bH!RO2c&+8L>o<Z7e@R=cXCu*qS
z#SV`x6hBQ}@c!na%p|Mh5Pb5QL?pjhXR2^5xGD1F-I!~aAO4xU<7~Tp@-BznlcvuG
zX|EM*Et7u!E8L2<!HJp8LCffTrrId|o9h;H%pbKkVX}OI{>#rJ^?Yi?BG0tyT-Xht
zrhLL)Q$(}A_;~b3ExsN4TRg*K&Y|5$r1S|kE~BDhX365eA}(hWRC6rPU$f_;be6Y3
z_Ugr*{;OC(_6EWX^bIxvp9{WDj-cxT9+JkXiM9+PD}{veQIP!&J465UsiN6@cv5V5
zGTWloq|rTkDuWcSTl4Ke_}lZp*n}w`%{#Kn(d5N|4RXaVu7kisz5=a{*;(V8cF*Yj
zf17o#`IME$^pYzUNhyIceawNn09K&jCXTuA;qp*;gYj29dKcl)IK@g^Kp|*g+v>@4
z-m&`hwzJKws9B17f8)FVUA&f};mFub0qG%Z9)@wvUf&={5W<hL;z0}k#Jm^w0;VlC
z4vqIbKZ<n*J3Y1_N>}`;@QZwTAvqN1m*!;p14L$RLI7&DpZRqlI7NO@wU5at^J;*P
zpSefx!9tpS9-$Hx0U@7mCNvf0umzLFJKS8};9h<{`sGin`MH^>fRFpoQK)%TdMJ`y
z`Lfva$8%0@^aWJu5rseWO=EDqH$qpLoa73S<>$zAI79{IxemDyS4f%RA@UxFUiD|)
z?l`dRN9m1G^oAz|BMhb_$FTQ;+D8U;F0h1^hJ6@rL-;u_<+Ye0%R(Rf@10RFLk0l3
zV4+nvqkr7muD0I=k}p^h?NoVQ%i0_|0BNy>nFv(KVIIVf;#b$^Nnj+p;Z6Mb6GED?
zclpuJu&vVB;LdB-A8{@Lfz7rs1JS#XhzH2)cZ7MgO^a8*_}3l1nx#q0lUHI^uQXbu
z70YCl^E&J*k5fnGtjfV{&nq9~pEs6C3ju#(x3IfI-;XnwVNtX2y|v8juKy-6CT<WS
znT<<|Serbt8|=S0Q4DLN^K6oVL8e!)gp7p6&(f3vFjfnmIfBuXjdZtf0qwtiKX!Bm
z6GJug9g3CalMorOji;sSUM3oDp$WeI2^tSxBv|c7;XM+ZN_^7?EZt==FEl==JHE)a
z3S@#J2j)uI(wpBoe5(5`t+oERblt)w`C-9;7zfi1^G?p^s4SG(AAKlay(8z9C#Rlh
zy0H$v=m#_{`OKxyB1+?KGtzN=@)X4shy6UM%!k|5t@8_fuDPGv&TT;r*EKX5kBIj#
zRjKc$A$nN&vo&h9wroz&5g{$Z`8Ae?G>3IW#vZg7p#?jmMemlLB(jx0W1ZXIjG~WM
z$>_(Q2F5g8f7sYR_cas}25t`$IV>a30t`Wc>w-&xoWO-{sR%Z^<5KkRq&KyAvFQvz
zls4+!=GKp&`*xK_-z$mD?kvw|HlZe?-Vbk*ib4EfF1xB|{x7?=cwOeQn=b!MHLW0^
z|9&%@f0fw!^+np1?pzI5rfbcGtmisTh#E$|XXE>$$Z%WgOH#@y*vaAae1PQKFF?ER
zLd6dVvO=?0IQipG+dquYht!+&+@%KoUJ}K(HTEuF|1^0W*fZ^cu8uby-C1W(_84iV
ztb-l_tauFy6piEBoFSm`?Q`gDgrHC}eH{qZDFQPKMM2=aE*<I*I<(q?jsv#sYovI*
z?i>ZSP10igO)`BrA=*1G+Zz*D{R#_^VB79;;au+l9cy}2yd|&(d4}3P9-3X-R`W_w
zX!{{0yA7F8+E|EcKa^zbW_X}3kNsWWie1%Bo&r9{BKpsT);d9;Eu>QV>G{TiH_6aV
z&=*Sde&}YnNc6!aHwK#7VUX~NeJ$SKYHZu89P8m`6DN*vk*xszMd{{TUK`smhQdWk
z0~_Pu-d3aU1%!?`6TJ6YY@XRPy7!bW!n@|Eqo~-{Mrh)TDFUd)XNanS7Y2HA-C&WQ
z0GbG2t;f<YPBjw3b$~V-(K`UA<+`8H$~(1wo(Yv5;W9*tUI`bVZy@Ribvj`RWH5S+
z<kiN-(>$63d_;=NuYHm>74mBXf{GKig$7mMCl&;Q7I7l8XdmJP?#3~83B3(cB%c5n
zbu6?UA6`qJC!C)}W8oX*{QBZSYH);ZqbP8{G^jv3YcOACdML}fj0kuipT~N0;&=~`
z)iAsZp1BhQiB`XW_cAu9hxiYByoC<WeRZ{`@UW8`_Kx@PtI~3qmJn3)73qRY6@C+|
zeV!9C85NNkf~t4RY+?FoNbJz_z`R^TE$fd{E|A#`>+wKj{}gg}m+tZYLw+uD+KM*L
zIi8<ePPC#_IhG@hz6K#yi}T3f!0^@oN8OvpL;1FU;~|kHN%l}mWKCJJXG@~2gY1#W
zl6^O17fC{*?AgX%S;jK9Y{{O8VeD&WvJS?~{LazmzVGkvxu56v{QY~quGg5CYv$rQ
z&*MCf_whd7$9ds2BOabTxA&}ny+ht3{1jd;zB&2Ffv*W6_Q3cQ!Cz(4Hsk?nOaS47
z3*7r=y!qJ{IXsF_L&*!Gk<#@KZduIBD^>l3@9N+yrpiWBN#21u&v`$TKh-590+gD?
zVc8r`EJlGVFZFe2^O<c!)!$p!G6}zuCK41fn(KnF1F=dEk3j3$t9~AB1U@7dWk2J4
zm58|&hdTU~auDBB`_9T1k;c&Ms2com4iNFTmH25f%c8+Na`?e(lg~baL}B(pZ4S<2
zu*?-2r<;Lxco|pbgH^;CT)ez8dS}Y|5*m3{i9ANv{wPDnNVQ=k+4tj|)M-2y@?dyu
z=&^EwcKwboqi+FShGe9Jd~Oz1O4sW|vI_-|h?8O8<awgMT%sy`v8;^(k0X|C!Z1RK
z)C71OiV7-kYHctM`Z%@{5tGlFqPH@$)uZT4p}s4V2|hLYt!fx8dmR<b=_&sRG>~PM
zqerro(Mg!MxcHX9t0lym?U(3UyeqhqXW_vbk-34FDl>Y{Y?T|{4au0s#sr^Ic2Eke
zmB?4W)1iU)Sv}y_x3Ctz;qU`(>3ycj#km>L=01xEx~N%aDh%SGt3S_z;>K6WC1CF}
z@=2r6w!KWU%*#7jaI!=Ec^X_cau9l&VXOT7_2&K$_~opI{ft2hI}bE5n5Xbij(K^v
z6mth2y&N21eSaylzDbZF)s?@TY3oy-Cj*@4Ltrwt9!Cxu&Kh`Dlt42TS1qyZ(SCV&
zuu_MLXS>f;x$Xx2mLpkDpRDZTD|aP5%v>U1j1-Zseig@B$w0JmP+4yIGi)sDs$$r5
zg#(b-0(qG~D6Un&c_gr;3jILfDSU8j=u*^%w$E$d{IG-SrA0&-w{8hP5nH-nbhzF`
z6fneG{sR_{1|)0y=%eZKi%su-Cr>61s`V1jbNx;nI~e1bU!r18jcVUL{M`$BX*mW4
zUdj#hx%t0+SN@L0Hxuj=s2wk-b2{_9yt1~tf6ynAu=|CkXoB`jIR>4Vn%wEHmz19b
zefPgTPjKJuhlT~FRf%FvkbN&TJ;xkU<y`K-k&iZ&IyUmw<O#lSdN%ys%n%>mrJ2c5
zqsDBYQ!Dl}_@n)0M?4b4waD$gxnIYz+=<#%avgYUshK0YocT(~c#$o5=8@eb7g{kT
zU{X~pqP?xkqWJo!r00mepxFfbkTVDcp24nf%$x2jWZ@f;BdU8AKg$~BuL>8^#&h>w
z7p*}wV4aJ9HElrx(qGfr2a-En8cxxp{2X0ZW~qUEdm4q)@VZq6E&1SB6;s6VbDem)
z548C|_ERpIBniDH^R`q3-xWQML^CbiHSQq%DxSQIl@t3in2mbWY#~Sx7UsvSA{D?F
zJVQ2~L6q{;rBX__un0c?fpH}zce8Og3X5RmI)k^g!R_UQt<pSFSmthX1C4tMW=_5p
z0ddnt0oD!8eEY8W-zzoU_<s5W^Ur}DT9C=T!<xYlzU2XnunWA{ALxhv>~_Hi4bBYM
z$vIn=uwBo*$+mi({b{A#_F3f37N~C8QjkZMw4onCNuppcRp(WScV?F1@?e(EtLp5@
zPnV|A*Hn(0%KX#W7-ongM5U3*<<^_*-FrmFjV@27wGW`RKt>wx-jZMa1id=rk<uB%
zIO!}oH{))1`3$_ld0!di(@HaGpJu5P*9lGZYymCXcB%|PITma_GjaYmgNUiTvX`kE
zuLOr+T_qo9^-R@6ew=QP|J-%5v*=geT6X=EkZUR4a`a|(14Mou4>#-ZR9|jj9xx86
zJ)-QvPK3v@Zrjwxf~)XIhSg8?W>x$u+gb`n{f539e9ywZpqN?`MXYYXvKwNXVz(WA
zDuT2Re}O(vl!z}rx}1e`#@nPc%Smlj70px~XgIB8J+^gP#Z@-&CAbE!>MIM*z_|6t
zDt+9{*t^n`Nc`RhT<FN7q2L0>3<~k+W`QYG*->#i#wgQD#spDG;g1Q_P1D$Y28sT;
zq35rf94K*o@pg0^3Pmf4Drqc6J!o1j_3uA=0*Bq1!$DMG*leW1s3P3ncTvf!dK}2c
zt?}lUWvK$t#UNsv<Va^o^1KTymlL%NMir4UVR#^(0~TEje(213r_4($7+-w;KGOf_
z`7&m|_c`lCx*Vl1kJ3y>gHCrs13@3JueLmgW`bEYuJ5m<Vw9?udM1hbQ1nNI+MKcR
z92u(t1;jzK?VX_1^k-!#4rJNlx@tp*&xN5fg43jT$&^oYZW3FSElxbB@Y&`gISps!
zD~KxFT7+hR<AoG0?In#H91XkZ&n{V^kak#<;hFLamP4jh772z48-ZVT#&gD#8PHX>
z4dRtS%P}I+i12T|YtkRP#_AzHCCng+4$@Fn7IND`)fh9utt7uVI&`$ex-^90c0S)$
z%8MyKjYr_lh@z@oKk@hBztjOG0kWF@&SLhr3D_(oya&38WpqRnIksxgeoI;$9I3hJ
z5z?ztFIJ@e?54JW#idGCcE7I;DS>eNyNlN)v8+>2a{mb<HG->5B~Af}G`L*4grw+&
zK*8S!-RujBefVK~%{yEN{@m6Vkr*WE(`!&W4Cq)G$-RcXPM}Juu3Cvsk<>~k;*hs(
zhUFyfm0wT{&Whc*1Fh{EBh=d`aK-i%xu#-nIb!!_zfOJg<!CZK=w~!L#k6+~<vxt<
z^_6wU-c!In#sp6IpM+lWlC${O5rsI|1J#z8a(ep1B=lpy(2P|ZRpOWtXd)P?IRQn3
z6aHF*7%N{MnFkb84{Cq$)S8UHs^MGN*6?z17|dEwlzSbAlc*0Pu6SyAS#&?#d+2+y
z+nr;D$cw!!d-?YbyaEcTs!Dv<angT+C3}EtsQOXrs*dUQC#rm)M+lrSBK^+$QYw2o
zwtYu|OKL~#C*ck+uPjr2@1rQf-pRvvjEotSQ;W{3A!g*z#+aD?Fto?JoMwek#V2ZN
z_ANd#la(lL=y!19`Nr{ye|_V+YDggY-xFweiCo5b2er!_Los*$fB&|fqo=sXQdK7w
z%FH+fVZTvNV9Re12jg8Yn}}mH6C}OdXeXG~mgrBjB@!7eG91te<NBvPvZ6lU_~nF;
zO=be$d)OfFUpm|*(K)E+twYb1;>HUUfc?Fin-x(nWBc@AxTy7D?M4?hwbaWVN;X=2
zq?aY3R!lM)!Fa$k6!~I_5F?WE5<Ozlz`IK)Sis9$PtIxd<vRqH+R3&xwvUSbki75M
z{pLM_BdC8#?1i$Blq>fa8-w&kPG(N2+RP?*gY{pW=hs&U;^%ZU9S;uapZ;{YTV~R%
zSZ$N>(fe1u_tT%{P8J9sktEZ-NR8e!tDqr|C612eon?;A!Ygp+zU8Ni#Kwc~l39{j
z2k?)pr2|U$w|^Dhw-4HT(OZ}$k@+BK&ZCo`r|{s<eAI~IVbSat2EG>~N=MiGsCc9@
z3A0r3g&`OHh~ZHNN`B3=Kd@vaD4h>`gtf0vOGZ9?I#fu-PRC`{A5QHTW8lKj<qQee
zW+u7Cj9S~mMiIaDjqx|NsNrI(qqlQ?wQFx1cb`nXksc8a-lk6-n=Z20I$W>Tvh<WW
zs2=ljWNF@m^_El^i3Mz=tf^NNJluaXr@o0vwJf*X$?bYhDTesEW3@jQ$4zS)ltT<#
zmOm5;Li;Bi3@DAc5<Iz~%St7FOK^l|7PJO~EIhBHIB7p^FyQyye{EGlN6|tOyICmz
zM2T?4KxX*`zu>Zbx!>;>({G|Jo+usFJ*Y@akT;TZpW{?5vStnz8ilrdEA2r#WUduX
zqE4x+-I^*NW`DPIFX={x&<!_#r|YS9GsD(3^;ej`cU&t(4L^x)e1%Nte$kBw(|r*u
zLZl~cOAz`2C;;i)GC>ny8`P%d+!(PnBwoy@9(QLUBqHG=F>*eXa2dnCpb*|@{~SxV
zlSwj{pkFG;!m3B=YaD{Ph$COuE_j)lT0~Eo-GO^tzmfmuXoz>snSnktx%cJh5}Kbs
zB=7AGvxPs1&5~dE`ZZN`NeuT*z^F+-C2rIv8Mba+oNiikN64s8e^l7$a|$eLUO$Ce
z0Mcgz5rZfRJScWNUlLHfCT28}zh*Y8HOg1P(cxHcxM;(i0wcF7K0GH1VMSP<FS$e7
zl><}~Jp>_HVfnC!rKb5XNU47Dgws;H=x6SrFPI-G10xhv;Tj!0hG12A5kHQn;&pW9
z<fdap!n2>-MG9ZGW)v`I6fhA7$3+wI>n7rk?tRG>cV$)YyioU92v(B<i?hZsc0)0=
z(f&2|<nge*#i=c(l@rrgCcqMXV}nZoBZ{T_lNmaF^DS-&$-|f~G6?11?0+DV!|S*$
z33Y2_sag!B8M%JG$*?cSr0Lh=?dHJVFz=~PKQ14SlTIv;^kYMt?bm6xh^<suquHo1
z7>whW>V49U9amC{4DnaIiqoOBf`SlZ)_g;6-x8S0r~m|RLT?6hY=G?Qk4}`qQejW3
z(#s6*V~iy4L2PSb5EvLd&SV(O#M^&n$kM>oKd8GXs^U}@8&10z%~_7C>f4P=|C8aS
zHr7FHq83UPcY8Kgc{cV$Yiww1Y!&(22UyUh@p{Oe-$RM~9GnN<oPTZ@h~K;YPst2i
z#IVmOP&DyB-{xk`|6sZNrH+sgtB~V`jqfIkyn9XH1i>iqlt1{~=^1$np!&zg0*BV!
z&4N~pj~9B=T*&J<!Yo<m95?Q9JO8QFOZ}9Vj;B{+!T)?@&-t*j+~Tcip`lp3xSz9g
ztujBK6n)y^e8nHe6Gev15u_mk_5wFi&tFTwpfwtlaDw`H9IEvtaf~M(X+d0SVHJjp
zQ?Mt+jw~g!$EOctM_+54h!BO8*^Gvqyp7Ix9AIZq%)ROMBl~{%0~qT1(MJ>g)n{~L
z`0;|MU-A2AWOAJtZ&)9wu+SLMkq%=zYGXP&<CD}z+&1oIH{F8T*d+vO#66T$&cQMC
zKF#h%3j`Kbd(gTxeKU$E(w|-B9_^7ZJSCkA520;$%hE;rvJexuU(N<62l5K@V&kjO
zzZbX-)m$2{L}}H6m@Rm}UDvw!9x#<ActdNH=Nq)>&(Ci}?qOf?6mNR(&YiJuf9>9I
z%b^yg2fMQjixPn3c|t}=l{Rq4WhSHdAXZgtDX?sljDwkWZI2yaMgCf<_*hJdmox|q
z_^6+!PX{eu7?NE1emv9SDn@Y{BR@{D*YIL%-NHZvQvxz!#baR}7(74l6CRml{Wk|m
zbA7T-=L-Le$eKTaD=S}h^Bcu^iM409HhD<13%mtIqkT4(ZY%TjAEk8M<tvFew^A7e
z_PleB?f!jr&*N4CvfCu+xFE1|mAZD{ZBl;uDTm8my$Ek6#j)3Vo4(O6HD!xGPY>i7
z#`i<Op`P!!IRK$IfbD%aXlYllM-p`h*s%&ft`mx|9T|O{t+sO^`Y_xnxEKNTYmLUc
z3*1vT|9>rKu&&9-wD_eehS()!S>Vlle@$55ndAz?8-eB0d1Wg1-;BbY+*1<o-3?jM
ze4%<AC{gOyYDiY@KX3xWzC!YbDs?=4c(dyrq{(FhXKoFEhSLRkgDcplrDksr-^B_%
z49igw&D{?F_gas%6Aaga^xPMHFItvLxqfKZ!<4+1FMjIPt0_4@!|l{!18%)VN3U{0
zy+%*SO)j#tHHI64%P>W5grQ_Cgh;aV6m5PqwCLGf7V5$+S%mw{yK(aTde_&uxd*Gg
znXEN)avL%I;f$3rQgkLKX-I}iM@KT%myDIv7e3Y058AcNUA3Pn8ZYR^i$rwe!E4HE
zpeZ0Vmi+tXKuiF+odD5^MM|~}A0OV;`9S|TAh7a&1Y#GkLyPkC&F(;QaL1&%X8K8V
zK%;KF03skL$BxQvLp7-Pyj0zXxRu82VF}JV#rJ0BB$&WtuQ@lunuSePBax)Lj(S<%
zZ2jlmQeSZr5h1QkT9rd^7(5jQUT5!(QnjbTOsnoW-`t(1!reFj)7B#XB0gNBs~kd_
zW+ew_XV1l0mLMu_y@?1q6U6JtFy?S@v@uhFqn$Z4jG0Nwno;mEqZuvifvd-<_!lm(
zkeD_#bi=|r!tZ@I{(<)2b?INPvtu<Ofakd->l1stG@Fxb>ww-C2%Eb7JKeGdgKDde
z5<CW2ZZ9CTxB*V8<@IJ~)_YHU7^+nt(@*)&8ujujhJ8Mm5cH*5kNrV^?8!B{_~|&N
z>Z-h_bMLQ$a0kK@Sfqz>qvvFe!A=&DDX{#2a>p8d$vz7PqX#mWp3uB>DSDY=^wZ-x
z{W59WQmh$d&#jk!l2TacvHxuB?bcZ3<AV%1<YUj=bJKct$8!2No$R%}#n(xWm$3~T
zi8#szrN`R8zk<8Gt4Q*?<iI;GvjeZ20m8jDcuMh6b9ToyexgPP;ymq!Sqi{{efW&z
zpd$^^%>EB6-}-}cv%0uU7?Qwhq&4?4!mTQC5<f+B?&kq#jl#{hiRSJoM?Phfg&Fc$
z=X~?(dd@2uBSy67r(7309)r%#R~O`^s(fZ%DmlOEhkyrieQ$us;o-1Pq(BAwZ(u&8
zsrOYFw>_L<xIU@fwA&hL`{up+yF+0a$zNK){d$B9jvrR<(!T$b5umpETBn6qx6Vel
zj#szR=60oxb)^k>vqcSTfRANN8@rv<-{S7h&kRRN#vl`rD1C7x|HL53*>p}Uv#-d5
zEd%I4_h)^)hvIvjT0%-+8*$ti*p;R3v5E8ZcH?XQ05|rpW!?r%0rUA_z%wNIpn*CO
zr|zBAIkDJdYu6g^kV_Q9dymQRT~y9WzT=q=L1BY5bnA0+=8?;N@sn<?Yqx~L@vc~L
zFYT#4iY}>Ac8S&JVmDJ^Z$LfuVJWbLIsNLSjFR+6wT^+{M;Tb$O}OAxIkYQ#L;FN%
z-h5Wl{5@aWI&{}hiGJr6-#?68asOW0Ao862_tIuAayG2|#!_kihFip7?t!DBut)Rf
z{|e8*07&5(7=Q^Ffu;c{ZwtPxLq$$fe3rUd$%$*Sx#Bp{;CpcQFE|8V?ik8ECmF?6
z@I=hb+oThoXs}k&adIMwIF}{GczU5Xa{8y$E9%e0HO35+rxg6Ueh)&<TKG%gKtE+)
zC!Ky-vNtT{f^og?QTACWKkcKDRwf?;O)Bi*Ly2GvFp1dF6>|u$SFs~=$*Ml{`4Y?G
z04(0@e#17RtYGSr=1Uaz^1)2&_;}*q!BD(^|G|tLE@qGaam!Yu@cB}<zsK2fHnwu=
z^QG@9$>MZpzp+-vJb$hp=X6!Pq?KI)wigE$gBs{C0^XVr(64_kV$JwFHZhlSZC7Au
zCYM#v%rj31PzL)AnLT<C&~o9;CxPiC<1AW3+Mz1jQ+NC_KZE`p4>XSf&thi3+5#fZ
ztx;sEaJE!?FNyDmjHdaDx|e*B1ih*T*h5a(@CCZHg<O)_oaFaziP9QP<d=B?^y1)!
z_YCi(JN&fx#rS7|7P$A(Jtbqw5ylh1A6U$qk7nzq_>`=5tQi?#8huNOeUWC;1bbKd
z3sd_Y+2WfZVjz^!wXfnr;JbEnXD&<~XnbK%ChMhnXnDLMz*_jvx~Q|6xMBV9Qe5%F
zK>?Ou)lPsrBum64;>-jO>U01MTOcime+51NI?T3`2KGh0KYbf9V2h}6&leSQB*ysP
zQN5=fj0mp=aSCo#4}xI+gN5LR1|3^`><>9ZH9fLZw1}8JD&~Sm0zLXEE8KL#x{M0L
z&s9dBY%^DzSH3a;iKPP<XS3tX_|N-gam0pKT9D5sAjpd}{X6QJ11xh5qELYJaV4J4
zv*Nf_<L|OQJ}z_58+8$DFhBP`APW_%dRuKW@&D`%QfyncOwzm#MO?hz%sY;0pi>1B
zaeTAE2maTNa4#I>=&&!Oyh!HI;(tn(<Q~B+!=L4S7(gptYCN;5C_b}rhhMTh7@u8L
zb&WI@ON295{<q!%C-$MgH6$I^gBQRigFnKxrWn5~q%W<@xVuQ-<o1hoNRfnh{)vQ7
ziqloAXnG9`0<TxzR^Pcxaqow=^I@P8usyTHdhKFM4%@+T(DK_^Q|^=&GJTj$%8LN3
zb1&w|C~-`N-KjGD;0cK*?S=HDcuo9ZFA&x#79=ZK<By*a-<1{|g@z+_;w!9B_78Vp
zxf@~sUoL~YlA1A71vI368+rd>;oUxf1?PA@lsrPT_&x%)Zz2iu0X)<acq%~W;&NIg
zn(13$7EX;3$q$Pl+T=9lczYf3<~O*i5o&K<!b>ChfxkG02Q7i*0RRf7RT5~sC`czF
zdj0oxJe5)khmck(YUtFLAdHCVWT>nESPC(mofFG-Q3jYlRu^`T&kDArS9<Rmvh!Dv
zONy|`n3&cSc)(ZuknGjHhM(>tPNqxR(=#k30QRdb!%REY-g=h9%t~|htDyrB?_;2E
zNz$j3^weqwXdg{dh}fDs<ZQmtpOXHFvt4g4vYdF?uB<luKVd`IKd=Gd2SyTXFh3w?
z(TjMV|GAHbv8MBDvvzze5~ItDwTPJKTPE!9r+4F}3V>AOOFr)4FvRlnh||N*NgO;V
zr0mt;_kTeI*Y*E$9wdlW@!FGEx1XxFgt0!pT>b*EmEJe}-C?^hNAnYR&hr?iN9E)J
z56S{l!&+O1a;POp0H@L(Kj|0b4;2IO;?s{VQfQs)e^T+Y>V8&10Wm14f&`TN8VsxB
zM!kx^bvQoCckIb55sVvcyEl4W<3zT8wey^a@A{Q4y6Hh#**)cTO=fT4PG94St2T9P
zx8J+z#&l;LC&6O>%7Fi!1PhppyRcVo(LV$^&d7}ymiL>aJen{64X!<1q{s>u&w@O~
z2m5T2z4Ww$gfI#h@u&7IQ1sx@%TjX1r`-#^wejzdJ&LR9|H-3t<Ad;HNPY)2D_X-d
zMB^;nYM2DKgyBledYob}W^Y{2y+v9`d=Fvgrouxh1#>kxK=f4>g1G$5n&Q>^DOt#G
zOUjMP@;Fa1Tu9xo^j<@}AIT?$*TZ0ds|5gwaGV>BKJY1r>6I=S!$1zGSvw7pT4m8}
zufqi0aMPa43r(7D5SWUet+ygRnlC+dfsNPWa@KS8Y`2bVH}!1mj_1}LE!G|2%>rX(
z(4}5#lL%_f$dkftG!M1sy$)>nc{I?qOo_ORPJAd6(|v#$zPe>OsFHFFvVX>i6j;`!
zz8!#FEgaG_-MU@V=To*ifrsH`S_n4VPxyyy0XX{+_#~EVqgf8ym5Us)R73l6fCR%T
z^THjzA5q(!?&55TN=4V{!}Vb2>TdN#JcKRjmbTqUS^evFwRNAS)9V)SN|9RI#Eh=^
zLh4gH@5aYB4ao*iR&eM9S_v8H6;C8C!w^gvC2K-PwWXer_GFk{(zE)K$*=D*SJt|C
z_8zQ{M<tkbeGM)*#K!-qJCruP%J($`K|^QpnlQF8*Vwp3AKl6NeoR&l6~q=KcXee0
z$ejfJC)aj)WSPgFVGvEg2YI!ug>3Y9cKuo`P^G0MWheg)VQ82t`vYfb4z^92(5i(4
z9qsOaQC^*m0~M2=Qf=!~ZYH9amah^Mr4_66i(1xx&an>3NjPva;Vi5a<yGZz#F+Km
zr1}b+x%X-eDB3R0g?0Df#dj-Qd(f=fQT|rGsO4tGfyuuXOUhDDdSsqnMX33mStj8j
zJ?ud87+w5og77sMPR-dUd_-21aC+mXK|QYXts<6H`+tE(x2LnPb1B1e^%b!Cpvkr)
z)>l-Au5~)pA?#DWoX2_a4!qgUIXQ45`NEVEcJYg6N(f3c567=?!wex3|5Qg<1cu}8
z_AiJ70d(Wj4_U$7$MERbwisk3Eue^U4EgGviw}9sbD!9Z@QFXHd}f|_)T9rx<QDN=
z--4@jQ{!KDh6Z#=p&>n_7);<K-h5R1c)@!OKmh6Uu=G$1lCkFA99(VZyj@uAUiIQQ
zh$b<edmmuVt3pP@MA_0o%ke3@M}K9-4ep7GPLP>2SGa(<f3`!w<b4II?_sTfQ)7JR
zkHQB%9F;+oC6-ry{ZS#$Y5VcK8FNK(dVOpDm+izn?@Q*(k0a?#B4~^e&()tlPdS_<
z-VBa9oU30Nu8<K6A=G;kaS5_bVr<FAEyKl@<9F>h%T@)jH;3%X<KBPu-o#+i#yXPb
z>U9a*<f^%Fw2+Cb{K-I_mAKQKv-@x{cwB0>`$5TAbsA12gjln>o!7Q}0y`Ptp7<Fz
zKS$)l*1{`yEbkw_!t&@U>2<ODV~LALM3>li7zX(EE&CDU_oK!$w^Ex3I=0gT3kZf|
z>{AN2>;fClY-RSe;?0+UlGUV=m&8tmBl#Vdq-90s=dx(K62Ro&(EvE-b^(ruW7z&r
z@M>dwOcqzSLjGDvZ#7DMY5i$}2>o%U$e6kOTWMgM`grPJ<MKZQ-lN15!lS=$&$uXT
z0S%ANO`iKq2LeerL|FA*wAK#XGVd^!%We;W3D?N5Or>iDMC@k&Z^ig(A^ibeMs;--
zVY<to!tae-_cAQL*P`+lP=&7~b{fBnI(feE(XSx&GGP<xQirq>5;^7;^t&;XDXQGX
z(yK51Pd;E1j>*#MN_|OLV@d7eZw&xQtceqpd?E1}N7}vPZwGo@LAp6e%)k2eXG+%l
zw$|Jev5+gPi%&F|OTFZf#Z)RR(IsTRXpGKQ%9rYT54W$*M4n<T1?=cWbN?@kb1JkC
zmlZIm*7W)t7L6Q~LV$CiG2vd8kb^#W>Y>lH{?jKJm$s5T7HML*LyWel<QANg_Hi(8
zvIq#xX(*p%DMeFIZq--P8udacoRkyGtQQ{%7r4;4p~e%TJzx#1{#K_vjxE|R8hE1K
z2$_^cRyW;F#ZuK{A0A1Y*8+U<7ANb5_?y|T6L8C*8}NNA)T-4~m>7vuYv%hh_#jB!
z&DjP4BJ;gp#G0#St>4;(GK7ir5z9X4o|V6J?qAL}9fRO1_1_0;_#~WXrkQFh^8}#0
z0z2R1Y%_e&t_&W6CUG-}!~_Cp=X;Hfa5En`xYJ5Qa_cXb5Dc?Hy`!sCT*xqQw^X03
z&M4+$r=pm{Evv;k`IjyKo6tp;oG<ekR`_{!Ef{8f-+}~l5-)IOz2=bqv;7vXHMZn)
z^0`G(J-|7DH8>9J<Hz&3LVbc~p6HqSV4%ugVfcp63~Sl^TrH>xgd<(k*sMmdrB}|d
zQD##elqQ_D&u*tR+BIAmB#S%SD)^^(5OCZV3WVPf_sg;PkxJi^%$-4De=|igp|Org
zvB&J-W0$UVJzo?u8Q`I&U?FQ~&H;Hf<|b!G=ZmU%uEpT1vVGo<L_`mX?K=-yO3Bbv
zyz)G5-U0kIjiN=?l+%F@<&%HH(xQUt4XqZ@-v+y8Yl-CxNGvJ#VbwCx{9Rp2uCCa2
z-E)*Bvx>9*2YatvxIOIksj(EwBrx9jZrNqWe;P0^y5*As%W)gQ*2e>keK{MFWZ-X_
zHzJP+R_(1D=L2wJr3l`9p1PhmgkkV|*{Ef1^}&~I*1rJBM7@;>NLLbYCBe|^0J!38
za6Hr`UY;omheo2zbK!-_-S1jk8c~*LPD&v^BaUNs<mF;8m_z$nHp&tYL<w9c+-F~p
zv3hk4QFr&{T@shamM<6@H=_OSKPi6;IrC8aNs##7=6hORy7u(XqIb$C>wK;W5=^7$
z>Ij~Y&DqT>_+>k0CkF9UG9DEHK^J&zP}Hc+_5@pun*xs4q(kuYXhbt=Qa-r*@W=R!
z@ee+b>Dclx+{*t&$F6=cmG|0;o}HH*J=|$!Vq-S<`JKVGP@0S;BKGDybVaJkTt#kI
z7yh-C1{(imriS(>^clW*-?x5elY6K}<!vanLG(1i40Ek`3tEmmLnU-4vKZ*ktWtyO
zzkuM(vfRizW#M=DZg1t>{Ix-kXzncWYbv7|n0%!@#@ZvJsFL(vWZ}WczRif~GU!&j
z+c<^aLVbB%4*z;cT>naJUMDmwtPoLzIfY%ZE}5+*6vu2VDq$MUId-8)#VDyuN{Az4
z;p4t>F<r&gskdnRTmuVM$5g@4{`37`v^XtUb%b}BOL0i@^0<<(z_<k2ro63MVPaQH
zoi5_f-`WiMhL@8_cxq0Ft-BL3FI&GZzjEt&dauu)gZ{V|KOjr)Y+iWnK)<R(<9d@f
zV_)qjy7s$5J0&mS5k~uEaLgm&>mFVqL3oC4{969TdN7-ptA~h5czLR}>%0Qrgoz20
zqh6UvsZNkY(+S1d#Iy<U7*Sb;3XUasmJ2#{>>F%{g7$DzY+5o$;r2xo;ne2dw-7wp
z$<_FMC7-G3G8YuX;H{&Y`Hw`kUFN3=PcH<Q>?<t>_bt}UQ}rI8ni#GxqkF9o{pPyS
z@H1agL%Hc-e{M1~lR~OwBJsUh*H5KfP$YSkj?)Tl!SO6M1w&ttRfV9};M((l8iHNV
zYaQ(kPfiYFFAe|Vj7**AnxEY9xVEx#xyhR2kMyP#8Divhtwl)8h)29X-HEBxKMx?m
zf)exxdql<YhEvqZ;f=Od)D^lm5%XMn!i;2uK(Lp*9icxA!*O;x4~g+K?!}*zL~V;g
zpxLE)4X&;qE*cjqBGmA`J6X%ncdOTEU-%;q@AbO6E9{pihVaZCJhSKFme5H3=D+ot
z99gJrZ}=^2H<rU(@Xie2d({OXFGS5?=ZXaSm`hA{>kzfVCa3cQp1uranv-L=fZDP2
zI27j`?r{9;$z+YI@%@n96On?sPmlVYOuM>J91>MN*~3$83&Fi#_t(ac?y#xRT+&WF
zZ+LPj8(YQNE?;+dSSeaz-}A}g1$luZaJwdzPp+l@zC>#zVopgf2o10l|6%5Q_lvIj
zl?uslHhE)x&{}8tcttfN*)(Klg4?jN;CI+)Ak7ze-CN2MYJ;Fxg7h?=#6Ya#fiFj;
zb@jI^&{9imsONzeQI~iQ^?6^8s`O{C?=C{rzk%gbeO5-nQ`5GmTugxtmyrW%%MGH)
z4A_eHqc2)!O5`ov9z%(<!jHJO>g&wSStq=oe~_jza-(a>sU>s<x~W(h+ItWcC)A;v
z)_LZiqRlD~d33YaXDW#V)1dzQTYK599r}G8lYx{@gV|0w7|Qk=qM}<KAwfq?dp=5Z
z^^=cie>#uRHpN3<)hI5U`P0nc+iO^2Xy>5Zmu03%{Rg|z81fnC(JI0+_-HBkKoRyh
zWlZh4ll(_p=@`mSf2KuETtmbZ#<sj)uLeJl3bty|uo%pyV)uIl9T!>n6o~J(XEm4T
z_I(R3K52fdyXnj`77Wg=Zv7%QQZjUkKfREK*wr=7A>n<S2XJJvj%YDTU3l`7Y|rkD
zRVpuk!Wiw9fZJhleE63=y_PupPIy*yqt6PNM2hbXuI)BHrhq#t<Cl0Ok|;}dt(9YN
z<PR&~`c*x~i7gY{^HT%wo%W(%c`p!lY5><A64(+3>BB}7#Gvt%^gdZjfw&`UXt)2-
z@TEJg91@TH1AbAjLJPtmDD9yXV1*T*9`OC>q-ClzN9qGA;U7l&o)^O@mLkv@M)KU*
zZzPO$b71@Ww(W4u+Q$}|7Ye*E`{E8krEl*Qz3mBf{ssqymQj5f<K1dNNotPC8B3mL
zde->9II9vvRmQ}DV$N|?0ve5vI3^oc$$rP@${)|(NRdBEUSi^TpZ84M%6#^9!z<6L
zif|Kx!iYi6s^?0a8{P%({D~D6B-gCOaB$E;PO)L6F1NcwvHH}#HO`4fCy86>S8eyw
z4M@m>X|OPjg=ykrRWjNQl{ss>)O&}M+`*HWg}J$pRQAPY4rGY0td)Mt++r|(rB8tC
zY;Ss=Qf6HpZCq*Euq$AaUw)Uh09z6K^_rE8ZWPRD!{_0R3?=PTrFz(cESrFZ`_1B@
zgzM}RJ|fI=j%zmf>b<4<LGHWRmt2kQX>lw+jOT7fLMhkdqxUOlt8G;+SrcBYw+WiS
zwMTjGzUI+N(F~;?qo6ga)`Fm_)xv$ztLW`lO?nfODzxi*3?GRiTKtQO%tc8&mMej`
zLurg~95bK?NSsX~jK*jWZ1dQeD2+F&$Cz24z`Q6$>u?Q5BVE&n5a{SjSz(gjcWoN8
zg4RAC1fx|Ztzb8LLelKc^<fXadBNWKW6G_9tV=M%VcPs&OJ*L8@0*8b6gYPFAjZx@
z3S(T$RAV<p3RYz+o0erzK3Uv%FJl>YnTx|C*Pm>zy}j>;=CM=QunM^zAJurK6rOp?
ziV8s~IWIFn-TWEUF`vXn?tR^FuzAIklPrA<^q&V4=VdB#lwRKn_bFXNYo$VZJ`U_g
zqc-J2mU1$tjFxhgU4>|kW)&?MqKP_3W{X_-;O7+-4b~}Rq3@P=sRkYXeD>Ozgd1)#
zml9=7>Rp#FioQkq2PaBn0$1$b#9Ii6w;ewkf}1dc)S+}NUd()>{2jN#0Z{NN8WqKk
z9=UbYj|!wL3C^0c<ATy#E8GnIgvbb~yIU=-Ke+M1`=xfpD_PmqO9~@#GN^i;8LGkG
zRA(QbI`@j{@biy_#*ivGOuK$HZJmy7-)awAiZ18Z<!JT!w<iU)+jZaM3l1r;nPl?@
zd?b}_bT!k3V7Jv*@?rf^w48O;T*ZK<9=ah#Q0tA@kd_pMp3W@$3s(L`o&d@^XaLd|
zV^n%Waz1$fiHFMe+K-5@701-Hw9bPdIJ1bL-o>6I^SCPy{}jy`@EasX4Eiz;84x$Z
zQdq|#f(tT_j*MMd4~qv6=Tt;xODTSDbVSt_on;HvG&8?`q0~#a=UzA~=U!O*6ns_`
zw)<MWcAeI7x~i+;?Je_s!YLXf<^t<hM-iBv^@wHVJ+Y*nFbL@-MJ2`md<)qP^G%me
zUKTPxc)l3b{rJxM$jN*o`q<v*>gzPkS$~Gvd^EZ1Srx(Z<Cjm#x5?5l2%@6K>_w&T
z`YHj(a&FH%TizaIx`IZ(0#PGb9djzaC^KE!9jfyyK26psgc4Re+aStyZz}eNJ$d4&
zO_<e8{3%wg>bZ13bs>|cyz3D-p{$W<LQcm+R@OJ>NFJV$*GSai)}E&lUD55nJ>su&
zRzcGPU$o-utIt^D9HE5NT3YO`J|vfABp~fuoHLaFjrnUU8HsgdMe6;n!#aI)Gow~m
zLj}e%x3;iQe!j!&a6eAfb#%$MdhqR7#2=(_foVha6cz0mDIbT=#6z?*=I#mc=5>aP
zgBzXR7ngRXC*Tu%-qymfwCqUlyTtXSs~;Bj53!NNXn`qc-eo{-tJ`s#R1Oc^ex!6W
z+F}f&<X0<&x~jl(z@LOYq@dj!$zu1(#87>VlfEz~WCDNuse%GaX6HGb$}^9mY7ZN2
zRy7lQ7cm)mUMs?bo2-c+6xn9I&Y*kYAwkfd#mqD6@PTatyyBz9hr^F`r@ju5DO5gR
z3ihA&iGpWA`N3GbJyhC?<1v4Ng=%oWm^{;Tzjw#<=U7(GZGXO%*2gMJgfJe%&o>iR
zo84;T>UC^^T&BxVt>+U1bAkmsAOTwiAg4nB+4Y$ussV-ek-rxHj#Pp!y3&^dsng}t
z%~^8~@9orDp9=GSxOI{QN`6EfI_WdjSdCTwsYw{=Af?ND`rcX!#|0V6x3H6fx{TR|
zyKJ><nXpZM#E%<@-MpWtt9~7GDDSU!N$oUNGDj!LZ&LdIkqXfK$bjFt$*if2(FrGy
zx2XI!xuAD~*Tgizv{$`t)F$!7H$y{FzKWYX?n{?^Z{)aj*rQ)u&li)bv!3gqRErcO
zXD)k|=7=_==P)dK;O7^5n2JNJs#9KO>6<W6-U#avFd^d1*o%IL?Z&+C*f1^nL~EpI
zHf&s(DLqJQl84T?<XWiAXRvO!THAEg5wZ__J*p%A!TkPy;lGT(C#1YG81XKczI&aV
zxm23lM!4ueDzNq(gTDp!K>YU33iJzb+2rj)X%bkMBg&G7Y-?cXWnGc=cO0t3f2S+V
zU@!U3zi?{tUFZPjFLxjsa=;Ts%tMd(92DDVikU1*&SvmyQ?4&=`EY!)9%Vf*8(F8s
zSA$TPVo+72bn0AJ7l!SUOF8^`#n)tL=Y@r9e~L3){X|F(!TErvR5Tx%7(b&LFkEy}
z5ldXz&};qHaV}3z6vO$|CjGSRVaIeCEGrA_WP$b_%$5n73*R1X{=WYFgT`2Bh`We<
zzdK;4L-fK&<gXDl*CYI9R7j@n(<Shh+FW$A(RBbXQD;5Mb1M&SKA_YXD0Y3DI*jJ0
zwob^~v9{f4HpI3|vTqnro7g#4<1dEQiL5-N*{~F5JlJPI7Q&nTZB`dEeW>aN_Gt`y
z16Ruf&W7F|F#Mxnpy6L0PGf|REZt{6{ay2Cx#724hc3$Du@hfWh}mYAA0IG*SHtS!
zmx7>7k!F==*0unv-7M_Qz^rHZp!M7*p|E=+&i_z-_p);(j3c6z_rZ>{DX^yjGVjYT
zWcySW^y`DF*;!@hN4*~zvm{08W<J|wm4LdrD<~tI<~xol8CP$-I`K#R*{FhSQ&(R=
zz5mgS4%LGgivmL|y@!$vUsb`}Z<Y&&TUWFb)lOz)b?E@D=bIZTcO?V{>*RI;99A$G
z4*oGAWJ2M)_O!OReQkq_Q(nLg*k~M0o;3h0Y$du|XX9w`#V%iT3kq8!MG~&Ig+WeU
zadFQPtBeQluHk<h=2=t98M0fYoj0kh37CcL<!&@$6KS!y<(}qVY#~?K#mC|hEzS>b
zd#at}+VI-Ro!+4X%x8p?0dHXE_%2M7XD8WVCyeiRLxnZq)5K|i?u=x!Lu)gS%)b<!
z@sA&T_(mC2>Sq^(Od>G>{^tu!wpdHiqAt8nB!)l*t|YD~BqOuwzZgsMw1>Ni#nvg@
z>tYYy%?8M9R_)|UIdq3X0&@hpptbr1t+X53p3N4O6FQ-9MfE~I24R^?Q(x2$Y=tTK
zw0>*&vRTgOt5>F!eJ6O`PEeNSqQgFo(Z-Q8%KM`4lkK+jvxFNp7}*y8g08JQvmtp&
zA1+uWrJt39tfD!&#Id!s?6G{`<crMTRIdAev`9tk4?VWysyDhSU!zM<aG0)bs--nb
z$J|UQk=Qr=!(6)65m02ki!tOQ>b1uDJjKx%i6)*6NPL{Pc!6^Y%A<^CodG3)u~c*P
zQ`S#)1KC`~0@z+BmAWkBR>!{GAcZext%4s4JyMo}h<ak?l?BT|{qh!5P>%J~d?S6v
z>Vx`w=68IUb)RxXy%L0+HYqx;pE#aX7$%WY|MHJOz+nPVz)}fFAOcDN%Y0`&VjN?3
z^~_=R)4fv3Csh;u%djWoBs4(dQxZTbrGT1s#;iGn#|VgD`o=xEpK>cbzVBgvq<E}g
z>Cvo8ILyran!~5l#-b^^Qk<!*{)SL<sDd<k9-a|kUOAjQr@KMP<rf-H@{D@j!xSmp
zA6A@PS>mYV%r|W)&_8VJ?y5K}z9C5Hikj?B`Ypdf)V+<dUQ`?%fi`4olmoP?-fovo
zGf^D->ck)gWbl~+UcIC-3_@#YE-{2V!ej(4q82AJE>HK<n0%>w5|A}CbLDE6w3P32
zT$;nkx{9#i%k{9#y$Tk#LvKc}-;}10w?|OAX=`S>+pqW*Wgc0v_BbJ2L{GM{l&0g%
zudwSt=ffbk`jJnwD(vBy>8nAtNbIG?v0lD<Zqst)=rZn+H2#~P;}>6KWD7Al#Qnbc
zNgAWxKn}}R$Aj__b|gbMx&jJa;S;o?nkG8YIyLF$*WzZI`2Cta1<mbpz6vZu2an1J
zS;x~(K}GkILpC1L92zJtj$p+&&+VUgP*K{8%tG@R3RhuQ*iKj)suEL{kG`MW!sRe<
zV+sA9&4eEz@RCte-J5U=sx}lk>(6@JFmZ(Q1K{rH0i8`GDY=Rdv!v6BcdFE=2X3Zl
z$sU47ZlpO{QAv!U5EIZxk_Qs@yDAx5gy&5kapA&%@8@3a=hQf<+nV0~0J6oiVN?eH
zE^5MX<5eTI@VmOZpU9?f{+9g;eC(_nBOdrkz3+Ig!~?mPuhH8dcwp9xFJ1eHM|6_&
zF((kGlGo`1uCw<Me>Y*+Wquxs-E8`%DAf%bSyqHet2p)_4c;{}P~-yn89(jMX8M+n
z$M&cG7dgTI%WTuWJr;m?uaHrI68hbyV-gkAV)<p<XBv9go6RPl_Cr$s;TwQLHr}S%
z6L4>2G!V7<ea3Zz`Ez1aO}V0Ql)U(+W#8PB3zo-DGVUp!xHC-6ta(1jZ|qIgh-OAf
z07!B_?=4K4%I!L==unQbGNpyF2&NX@nyXYFw_pE7>C`W`dtSsiq|4u>&&*@_4R_HF
zSLuzS7wTWQKRH}*Uw5}GzGse~px?Tdb9fLSv41W5q=@Wq*3Fz&v2ojGSufqzZ@_(;
zS4y!{mIMaYKjz)BCG*n`(G~u#-16yZ<{LMC+xZQ2@YRXm^|~5XD>`J0o{$aWC_rK?
z$<RZovfM3-xHxlYjArW^MZXk2pAa(zSgm?00I^P<43k}P7FR))sj0qITPq%{!8OVy
zzz-qr@#ga8EU@45IaxO~mx(pzvtlM2tedkpAsUX6O!T5}ceo~MaCcf^2jxI3@)0-x
zsZQw{;aOlk&#5UVj>B;K!|Kbv9wqA4zD-5y)zBKB?Pi2iU3s(a=}oM(QN9(IsR)c6
zUp)9*Vc;Mln0_$(#;B-CQ{<O-xZTT^evB?ki&lsxS%XnOJ;B|JD!Nr_gF&vikgp<h
z!51TNhvC%n3()ZTQ#<z81}hUn;fE=l9}ui`+s$`5EvRgi6}FW2We1l7d4SwNX299=
z?Vk{jBca*-5fU>T18-jO%RiSx!*}O9&ZkQ4By;H=p3FkJ6TW5CIeQ7iqnq;)&7iw9
z8^*kNu}SyMGva%&Qn7TDB^%9+7Ma(aQA;6uDq>W{A8sDxL}uc+(=k#3)8Y>EHa&Ox
z@$*_j*z+0k$W-dFa9X29DtHNN>0vm9;P&LUVzc!n<>k_0+JM|VtKSxr-GLnFM2#g;
z7mmYUFbR}FK}Ee+M6)$>zb6`m97n{MwB8@d*=-9dlA!X%InS(9P1I+Bz)-ZTi_gxU
z0$BcEK~>syt<ejy5R-x%e~aJIrv>kS4!t*Q{xFgjLjJb+C8-8%Sgl7{G7lt420(9h
z_dzVZD?92aVEfDEvAijgw9==FR4OzmzL!nT9Qw`h)cK;<;?l_8uU#S7q=krrv2J(3
zZ>;PsM2vG*9o)awz3>9Tb|;+W>)|uLz!l0Q%l*OZKNXmJD&Z>Uz<8$FICOWM6sc5y
zr_ulkr}>$!OiR79B5CRjxErCjMb_1<l6y18Duo@9gf{v;x45g=V!|PsKG3b|WAjDL
z!5MX*LB<moKFvH+VE%*-;)gDrpg$ltTBhG6PazO@5U3*@*>!WxxA`vy9NgY8txY?)
zVsGjtud9d%Z#9YjwiOGDs_m{}IUhuy&879LJWg9DTB@AZzx;{?g`@bR%jRROXO!DL
zEhmf9d!W-*(ci9e@0=%QQ=Q-83Q%qrG7+N_Fp1n2%IcsL^2*$VTk)(AW{SPbhVlLz
z%fTi$4s^mBOY5EldUMg8cg<>*F})oZS&a~y<j!0+zxs4VF;FhW5dMwU5lZ%qC!A4Y
z#dFvnw$NlznX7C${P}!0KHH{86@c9gn8OMKO!I3{g;Gq5DmPi4$j9BO;=R|~dz9@9
z-q}2qXC)dleo1}vKDm=QbmaO@lw~66T*YunfzV?75Tj>^-k*DXSA(h^r)nv;*Kv<~
zM-onu4IBh<MfAx#_;Pb>*&cB=-)8P3x{YN9U2GM7f93|a`OIY7(#5F|PO<rmVX=HE
zfftW8P7de>&ydoO9y)pggV45qZJ;Yrhi7GIPztdYD-)i4ljV=}n`jPRNF;oh2<&e3
zSf$?2Cb#F#vxeAr-#lEuHaK%+pj&(|xd<mAReBeFm&CVmxIOyykR;b9Np~!24Ec2R
z(uGRgj!Tu@pAGR_hZ3AdQa%3&0NHkyl@*eh=Ebh?W9m<1jDTo`FBkYQn`#MCmAWdr
z`Td92L6;?SW-kIWG{@SCNql!~$+@aSbM4LV&)DDFyMCcAVx>>JxTyr#-?SLybSc!d
zPzxQMcd*oro+wVu0aX|6FWI*fEPFemEUvh>g6*6Gsvawal`#ag3Lfm}IJuYcSXMB|
znNwzn_bkKC`SgJ86N66)VTNgC$)8gg6-)&L45_t?nrM_C=GPWA&vk@6rZbVP_EaBF
zKOfT2G&P{6JQg`o+y{{GJ}n0zc?0B@KWf~Ue%h7kZsA8+atQ5Sw?X(@nAp7m{JLTu
zmzHuI)t>wcr55#P>ro%a73!`uXUY;}PT@TWClni{=%>eJSQ+Ji`_Yf4CETz~@*Zu?
zuj$?d_v*T<$=g1yYo3{8(@gm*!J^}G5B=*HuD_#QXA(jAkIO-lh}szEQ7X*vo^C%=
z=PLu3+RRso!2;C0A`$;$cE3*JXw0ZWYea{>I*VKZJ?l@XZGK$24ArelzH>{o(zkT$
zx=;C*ifPWkh6Do^?)J|0kqbt5@zMaxPnMsE_1oX4R%8W!&Y2cIlRDrDyeTO|Pym$g
zy{Qn2JVRb>B1JD>9~4wlVa;1gD!vw|YK@amGM|T~R1U-!`e*sN^d>OsR_gz3&3^+o
zm~5ItmVK+O+TN?ukpIm!@zR+0k_1teRqNz&J+37%_wxY$l)6_IwMC`lfMI1q?O+B&
z!1eg82L)6~8z0nkh+`F$IPC+Ljo;4DKWVTPWy;L?T{=t|896eQQs~__5cZCoMjlHs
z-^k(npS5<_UHjkE%t<KXxJK6&DM&^ODQM9j&98ktuYQ`;U6Ltpv}(z5SyDV$YdhKE
zCqIkQk!62APzfC?bwTxfluFR>v|;usvU`vW#C!<WbR;4abA_Mp!ExsS>Q>$(18lFF
zuJWbAywfx$M%`O&%w%mT(TI07Lo7^+U##ugX-~({K+fvIRDR5*U#EeP3zsYSU5eMe
z)Jt_N)F-L*8Q;X7t=##v+RYh~A^BLd-_h%ou(Mk_|CQ+k<k;<Fnf^bW2A?V66__@~
zEv4qu8^IU5{iCL`-gV$LUvP31@JabJe^j%&FU#{!W5aQemvX<osmWz5l=56wu_GL_
zjRIS55m@FF$w)F7?Ne9^vVWR8sIf2B4%&!4FGkylEs=L5uuh<<qtCa=d5$WHqAFu-
z=tz1gfb&>EOp<I-k-i4XwP(-xW)nToS?3qIDUQ_@fI>J{guOsU|8wOCudL2P=3?Wb
znB1^4ENS`wgO9ZGKUTV3r>79q^t59ZH9QRh-9a+!B!G5O7M6uRl{LpbiFY4pf0&YA
zb;^<wuHU0D|Es8nlo<Y%5uXq=WH-#_y`4zI9*BoB&vzom<sYr!M40B{Qb@vC>HAJ5
zBkN)3&&Y8pEB>py38?BxdirBwea~gk-}Cl(B4|#VoILLDQR4*lA1%b9f=383FyR*S
zTt7vWkcvpT1;+=)IL;4WllS=(Nn0+2{zpt}frQG+je^}wf-@ZlX}^fq;}l7A(0u75
zuF3c<kQQ;)0|71&WRqpsN6fpW)(k+~ycJfi4f1U$K7w1VAQ?zX{g<<fLo+)H@Ybgv
z&fx@P#1)l6b~%L1BAaOn&a6Q~%KDjW@C+yG81$x7zmPO{ZgnR}59bBKZDH`x64#d=
z3ACUN4g{RgP9Ssf$o$VtEX@8#quLxeum3rZ#0CG;bM;+cGTMguZLu~<fEc^-h(u73
ziYG?1Dk;zH1Z|UH5deB5<{OUw@)|wyAK~g{nQMxQGIk9N=R60FOvE5syFiT80Kt=F
zD4;{>n@x3#e#&i1LGqMhIzX%y-KMwsy^9rB=*lFhwSQ%tJHziD4`iC%_^8#*1fc=+
zOr_mP;aqwOmeAwA4zh4kkB99^VHHY2PUg~kvet~sWI_hr<e)W8H3i|6a*CM&bu>x#
zkep>`MlbkY_=rUHGnWO$6EZ-~fBIPaUvm+=dt;P)Z-`YH%{h)(f9&0?Sc1DhGSB0~
zf`t+;lZ1>UO*E<1afrkS5FhY_hc+?<(0El6+osNW@$?_OTx>kE1A1VX*pV3bC*cOy
z@H(YAyqaKYGF;FY0phMjiNwdei4meV7Rt7*IE%I7y@2`cskCz}B_XxhJpO~qz}Z>|
zV!e`a5#l5@T3R=B<)7}1Q1r;Sn~&pZfB-92!)g0pktFp3D#iD_eu2SL2MU9>e3JLd
z6#zm6TFCqRZT1f<MYR-iNgCN3#k2N3J*v~s-rd|7DfcONEcgfYO&n;AKC^Y*8F&1h
z!XWto`Rso0N0S*!4Yc$F7r$Cen&ySDi8l|<R#LN-vz;%G`L~9?|3W48v9kW8P?jbu
z1mPj6+LGHLIkLWUs?goh#<Tb1VK)?j?-R$(6^;Bgy4c;DS9f!obs<vN_>PGC;=nE4
zDscCh%Lpz6Nw?Z-+*@KsA2g&Drm%>*bL-52Vc$Y9=RUA^5@jsrhKgQnI3C`c%3$lx
zte-Pi3Oc2)@^?HVWv&ufAuu)m<yl#d$t5k&9u`?F?!+|E=Yao!4b4P`2DR<v1HR*S
zEH=+3`mM|uq%X;>kv?#Kh{T8R>Aa>~hm6*(IP3i1>5wnB#rGO2)B46Bb@pJ4%Z|0{
z8EnL7+Y8DSQvJ7{#W$NwdGtfP<3=lwjhw--=o~O>a^|9#=lYNv0i$?rn>p#RnA^MG
zUl(t308rD7FX*AKfQY$th8BrXlj6jh7g?M`@ADK_k|6^xBu>t9Nk!j`QkXna=&D-F
zC(Z8;Zt0z)3Y>5Tk`{^7ey4_3{im5_%Nr2v*|_4Kc%Y1TVo9z0+n@D6I?|G&fsz}v
zZOpn}LNgr;Vv_4|4*}3jbThrmpIN}VtM`rbaym|Ykkt6IFxxz<$hZ)UAW)G00_cRI
zj@Ie}`_!m<hHOWeBnO`TM=t+AES3|LnWjE15dLXg9H{xfWa|qCuycT0m*VVymdLlB
zK9VG!AJ~=9c{-lHr>Ac~`oWYvv^?K&@A8SZx1^Ni4ygqg{5+Ru$mdoJGmv{mWO&an
z**thfCFNKqu)Q!&Tjd{ri;X!hh@9jrfQ%b7fZ0Y0a<P%RL*B`gzx_wpRQwuf6Wuym
z+|<3Io~Q6V-o4eH|I7!esr|C~JiOw+hc|X6xc#FwcHV|;Sb}fQ83!caIiwK=nCy5W
zfYE{7>lcGG8-QLctC0AwU$(7YK=QBI^M6>nw#k}gFyEehEbo;#9%HbvmF|Bz>@Xz5
zs!|_5J}D15Pm)TJq}0dmS`p<9T6Q>rK6L6~4~t-qR7}=s;oFns{}esUKRjs@hIk4X
zJxcp_T<rdTIQ#N=D%bbxBts;rP!v(h6ctitQVL}riqME8GG-p45+RYuTxJ<7wmF3&
zLkW>FGqty|ZQ8uo{cJj&?{t2j_pfu#ZXebC+|M<vYpr$N<Jg-bT1Wjy76su!3XDOp
zWUAd1s&Y7{J0)=aNqiOz`W{AY_Q<~3p2>bq&0QlJ8}tbvh-BMPS{HkCI@_HcP?#@m
zai2ZY*WaRNu$RX@4nvd=ruU}j3g{f*XE{;MZM`bQL9t`orc7Gw*tdb6nqR#w#YE>b
zg+JW%2n7~e-2h?j5nxVlLu53*yPn6dKTC-SkIUoj4(O<sL(z8&4nhI;w>LK>K23Uu
z-%HHrW_<W|?(_PNeVC|}c1$L|82kj`z(07b@Xl31=7!zvT?9Ywf~*B&0a8#&m(;5Z
z!bqK9>#^p&OVT!^K(6S%j>(X3L9ZR*x`@>-aP7Cg@vy}Q9mmn!Qv3Hmg?VFBO6t83
zp1u5v{=Vly?nMg|)GI1FYnc;qxgcahVxNT2G)01S`Ju3za9$5sE3dpMym@?*h!|iW
zK1`%XCgCT~k`@iRs?dyypQ#Y)6`c}9+Gmgl_HM3zSOBiqs|H3)pAXy|H`xEE?-Djm
ztv0P}ohf+Ed^gE(cpZhmC#L!1g(H`+E$5aixM+eAq*2Kj%yU$_ciQ0O1%Xlto9=a>
zXd(E$cVk6LYb5!Cy~wb0ZL+KhheQjOJ+gK&KtlH^vm8L|M{ih)R%Rpf-YsF-d)?2=
z&ijt?O$cBoS4K4%14;(bZcCq`qnNmTicFLQ5t1)iAh}7#)D|u@%^c?d2hz`W0ry=9
zq68)x*=PrF#wLI>v|qlt_;S;K3AqmPk&NlE^&0rCe7%}FrhNlqK%ir_!QySq4uf`4
z%VfqrTVZ##?tej_D`oX&9t*i;UOQ3MG46SWaML!{@`=<%`>Fof2y95VMTA}Er<)N)
z7C+n8?2O>%5hxBGQwVeiQ-SE?HdameJbz7x2<fWq>p%%pxjy;Axy2?B$GV;BFFhEU
zv}dr|v`Y4d<Da#(7plbfGD69K-6@5ReOSrBXAg#XP*-O!W^G>DmsBaUx0<Z2gzE6o
zU8v9?{msoYVsz178Lk~dVo3gNE!F5z3)-RQ<ezH8DY2p@UJIo_Hn%;)irVzEA*#{t
z8(|!Og;kFK-y!^n8WdfBBGuWFfydcwx*O_9Zxy*&w)EzxgH>yT^xW<JzYKMrA;pz1
z0)gnXeE>M}4NsH!7I5y@W!LWxoZ@Py4AaqTUUuQ?TbD3_bJoFh-2Y7hfid>46{WYj
z4Nv3jeCTv3xaeV@l&=7_j{x-@fdr9t89NkolROi(N=19WsJ$?NJO(AHQ-NAzLPY_!
z(5Ebl-W&a;cdT&_I)hHXXc%_4x%QpN(6oi1yT5j#`8mUiP7BDKYk%vs0<$}+>0$n1
zu!m?N)YauQm)ANVw%53s#7T3J5V4CmH4TTj3)6JX8s39Vy)j(NzTb@Z?5h?g*AbMH
z)@7TPErdvsQ<FoH4XryvKY0KEv#CDIHINV_V?7@u`*PPxEe&r+E6RZQ>g39Vj@$5u
z|M{bof-Hu2sQ}0SUMpInh49yUr{hH)b5+eWc1MZk*Y!Ug3csInT8~(XNER2^s8Ra5
z8R>UMBW)1mO8;I?t6`wYDc0oeb9#|=t<w*w#@d-vO_5mo+}>)UMU=#kf!T~c**93F
zu}r%LlM~-bXw(c_<C|8UGRC>5=FI%iF~1LzS>};!F1Ox&VfqF-7Ou|NuJLPSA_{^p
zA9x<`@f@H(3)&vtYzg9kz`#x^Hsk9?V?T07g9EtesRgL11gb#LLZ?m3oO#3~acRlY
zv~zG~G~F(0BuHrFtLO1`R2iyVDh8@w%S{qf3~(<tTqTwf?`d)Eo$c{Fey>scB#KM9
zBYY=6s=Brvc~#m}&~Ukg`o^YKIlqF2=Sz1oDSE9~9b={M!Usj&2X;>=r{aWjSieZD
zhHpW9_e2+E&G5&*B_gN2v$3fD?2WpG2&7RjcPcU=RlSNcsRP*&is0L0hAi**fPZ7{
z)Gp^}{>50P?hdK_H;WL_+a4dj+F^my#4#(<gS?USy3c%U;bk__1h#SYsZwd;)5OhO
zi*<vgaf2Zns07AiCyr)4>#!<u)tg!xj<5WRiQFM8No%b`B~(u#Ljx(AYwB+Oyk);T
z>{gd^f(26#a9w2e{{do_E8b>i%M4?Y;w$<Vt0mH!AE+r*{_4hN5xy@djB4zPeSuWn
zI%u9Wd_WtS3l;o*gx^9g0lAlkvQC2I5tE3T(7VS3bQqS-zLC`5X?i6${Bud4Qs48c
zpX~ecWgb15d(`kPO<T;rdH;~1PCk-R1440iU07-WzmDbT-k%evnnDMwwY0W?bwO1y
zUd{5>YiDz<A{xPWIAN;0LL5yT#^<7fbpqgVnOwnlvByYXj$aiud3p|bv9JWZj>`sl
zx%!2)neSFk^xLxx`4v!#7f_|LImhNKHj-rSw@<=<p*Z;c44Wr}LYIVlc#%?zHJB6(
zlbK7DlgcejaPADW;VO-8g(VlReIJRe1k$TK-e8Hf$?e|ZhHog-N^kj0>Y!_pZyN$3
z8EVsPihq6oS-10qVKy7e)~{_Kn2OUzB9reZ;rAfKl|8HyQ%$^e@l3)wKC1xD=moBo
zo3kF4+*?H!r3<n5&T%^6iNy_rWrKxTCZuXFfIFXzS+4CEvN?q}Ie+x!5!C5{-g7pp
z&P~C|I2d%j(LBV<{Q6FD8CdL<j>i!aq?Bl@zty;LVioVY0%4{=Q}~9ehjosf49u#c
zOeOplL`(G_c7!RXJYd~x?RV|}fH|dyriIW2F<dO&l`jq;Y6@Z?+S%FbG`*}++AKmm
zU!9nCJ|js*M@aWurgokCIysCdyNW$Qv{s}EOOqf~bIus`g|?VJ(qjLmUdWETfKHMW
z1g=vdrvT>7*-|eneT;-oyKwK!oc^YlwcMCmY$Le?s^QEhfmpH&V9wYEWg66ISIg<%
zol_s)7GG0Er~76ggjV$@b2jb%%Lm15x18zw@^vb@((M+58U2O@wv@t)-`<lTr%xDD
z?&l$Zj5-+KU?tdro*n3kdrI#D`DevrU~FluLHi`<ZLSW>-Nf~sj>d1C>%4a2OZS*v
zh`x>aNbH~hnazh~b3fA*Rm~dqXWB#Vj7Xvms`G#WkJ{$Jyp6Y1UF`fC+=964NuWT1
zNqAK;xgqJ7+P#Bun$wA6opo7WKZkLP9{yQ|@pU34Qy}<L!mLK3(P=LYamG8$U;E-f
z-pDtc>I=zkH<mzm13g>JKuhhh`p}-6@yckFcpP~7P(g!%0iuiE<1k0@T03O0hTkw{
zbGGW0Nj@Dv^5Fc?$i-%u99*|{%n?!x)CM`7SxlsU^O3$HW9<f)p5`8;&%maP@J}7^
zH&R>(Pvh9Pv=A@T=dpa^;$&m^xg;K>qyt*U;ryFZy5U++Y7Qc+l7k@3C=Sl1<qzLj
zLdx&bYP-CxtasCH!_J)c4nHJ)g3(BAbN4}(tuIf;%nx6j5uTXiuw`Z0|4SjVUR#G^
z?2Kh~^(tFG!?!|~(R;|ha}Ezo{U*+{7uN}vMpq9AFTbTfYt|aF^lS39#l~@Io{jkS
zO>ai)9WxqczRMO@Qqk$pf2;krv{xaVPVZOs_Z;V+G-t~4Xlf7G4}Bx18Z=$1BJImR
zTRwS23||^K{iU!~(tlxduXB%>wZZ&I)Mq{t+onJoBg*#g6-L?%nG~-Iex0Xmk4P)E
zkQ3x~Exn7Qeo5s^V7qndRw~QZ6n*d3@+;fnTiJ50<;>sNdVF63YF-Ne|3wXrVX?;7
z_}07DWfz`-I={@iI0aSiCqSd!Fe3vBkrTGv#|>1!(Gq&UpL5FMyxnWG<xSB`f@=ez
zl4+T_Rk^&P{TJe#E*~yQxzqZFqN{?fq-^4)S)IquUmO+wW<ELDd*2zx^nGu)j+Kkq
z4RD(^xPRhBRaJ`lS=yBlF>dS7(k`s$_|UU-im_fZ=}7&0q8hQIG|1tSvDDY8vccS)
zuC_&Z@$RIBtOnBjcy5q&m(1kFZXMalrPFVJ#qM<MOr~M=F3Bo6Fe`OR)U@H2`p0Ug
z1z}gAFCP6)o8G(J8Co*W32Bgy&t1AIFhrYs)y<1^Sd_P0&-g-NaYLQ#VW}{o<uQ})
z4yz#!jwp{{;^Zash`V=+8Gd}Z!yzj;Xw@Uj81YapHSHN|s`Hz6=hTR>z~YJ40}H`p
z_M@}AT|VBDGZd+rE1Wt3w&|z4gu01oqz4_lt%_`xL##0{))Bzi$(#bRs>SZUrdT&v
zYdt@D`}a&SO|<TW3<fzRN$r4_VKFhST2>(Hba+*Vt$z5vYQAQbOQLE)(X9taPdS@E
z;(8y%X^J)7(D7Iitmo?Q&xW~>*L^wgzoF9xO5JVVm+(P+4V0fZzn5`-PTeN?YhbpY
z$x2jBO%*KbsBxUJt+P%+{x7YsPzf5pR{&_X_kIqNvFP#IX{3Cv<#8h#)rws;PYYU*
zx%Fkl{=+6*L3RV%vD>vg#ae#HbS3&P3x;QOZeMm0-+7q#h(?O?`3rY;xOJ4xGbOtY
z$X(Ki9_yLhO2zN?{=B1Ua)2kZXv)h`$6uS6(hh~Iq|%r57Eh+K7yOVP2w}>$S&!-^
zumYQwJ}a1Oy0>dg5HIpetel>{Tg(~<WX6l!9b%2#nO?@GCDi?Gsa~y~`iis)=P55<
z_;e+U;%v;MSdXxpdA}XQt_CKoYhX|2Ipf!GV=-gM_XSU1DMJxs4ofq~iB!cWl_6f%
zJ0GX{ye`;F(DGRD7!<piQwGYg2zPeT_aj|HjMFSF5sS%OSzc4r_kHd1v|JvRnKb+F
zaT%t+#%>(({8IR-01bX7{CA0PO+G@Um`zL$IED)=AMqQR$bY1@WgkCwtKD}38VVjp
z^9|LM!L>T!f#Y<0#NY1tfy-jekbhgm@r9BWG<_Vbx2YRQploozz|Yoo`+9{NiQ;l$
z$*+VBU0QFhNq0s7>Fuz~Eh>S@7(Q<l(QS4@FL|9Pc?!Q?E1T`?a=YNsq0d}rW|$?Z
z3$LM{{L46&_$j#ht>KZA&RM20aq`;>8+_juTkLAQ#IL`f_!Fk`^_F7(I+ig&kBaFt
z5I!Y4cIS?u{wwY<cWT4zOju9(gyL*2UG-S~PNpaJx77EJmR+>Ii_9l-zet1m#CjT)
zzqoYe38G5x2>WP_BWkuLYV$bXr36UZ2^CnLhr;HPKP1&&>)4r5t0@o$C3a+zSiou3
z?ztDEZKfq4hF)bjUBE0l0^$yZ$y4!H@axz+$GjYFn+@IBWf{pLsh5gp?{{}~c<WNq
zaQc-+d59T3-P$mfX1$2`Q(c)XTjqB+-|b$K%&|VXT~b6nB}7uEa_zD1M5WyYhRU(2
zk!rZhj7BEIK_{nfJkTK4Y3CPMB@3sSk3VbKy*#C2+7$lu%Zs#=n|rVIKN$Hou(5RN
zPEA~5c>LBR-pdb4O$!Sv&zlTW_}>wXes}qWELCLH!}NCx>AuIuj(1Nlsg;s)S+*CP
z=nh-@swd^~BES5|Vt1K!Qio(&9WX<EX$>Y)C)A*dQ%$kx$?>%4c^%xk=4-0*ZR0ow
ze9JQnx!H|b6bmCUm4(!1IRTjzwf1aXV%hu+5Xf12#Ig+yDOsruDJy1L=qWS3B<n0Z
zSy}L62N;WPApCqPz|P~`M!bRlSfEYpxbhw#1#eE!4xuHyeVitdnto_&hRMwrgq9|0
zQ{qpWjs4ziKXgMRH7cXB!j*GH3kTPjekl>@FEbxz+}kL2V9txGt8BfI;jtfwPVGz4
z)?7OF#kJv<|FyM{{V^y`TFp-~Y~Q}9uhU<ZPHXkigJqY-eOp-yR7v>s%EZsz*e%sM
z<mP-qz$Uh#F)6<6Wc<>Goot4@BdwGSZg&p@|E{~jR>5PJ7yaJuz#kTjcIRH?kGU)z
z7%9ciJzSo9(CwllltWB0X&!PWou%JxHJd0hur$X707^p}66jOSf$g6sF(7IoIousD
zPbKhizQ)bCg|#boIylDmF&j?F<IQ1bYp2h<{i8-}>vrrJx;e8!tkc8k^cvzoROX<o
zG|hyeRX5Ez<+Wdw=DcIWjJyGh4Ovki7==Rd?AuQjsKtyexin}u4mzI@)}J}wKL67$
zdPdUpUYSYB=$a8J<_!6W*x1xdtQm)BqMN_JGzxY%U{gB3Ebya{0qavQfMKJ%)2JYS
z!eQfYG^{D||Dq=Tm&xc=`u#9<Gj5KhZ*f8WXJpdh#f%H>4#KVVG1Kk_p=k!AxU>j|
zbZ{Dwr@FQ&1-R8-Y=|oz9S1X^YhQeWs*_wvkE&7`#4%B7P~DANCD+d8zGY<{DtWT;
zyxDMNNU1<GgBJd~f(M&uXC|TJS#sG-;jQfaf?vY?YioEmrP+X_D_Ui@)qI%VTBkS4
zal!{WqS*$yqbMJj*q-VVTFZP+f7tg?X?7!LW$AZckJ%a?acvwuJxSxb`<F=1fe?Mg
z;en8e_hNKf@?hKGX;RtvJ#wT(8zT5SaTxYEacO)N>k;D3Jx@8WCHJX9qUnZoADg=W
zH7Io@L(Rs;$}`_u?0R=2(J+fbVw8KFt&v0Oy(@$0J&T@0_UQ%G!+cBf5a{)x%bDBt
z<0$4Y6=B$E6%~2p@WG;9one5`p~>ixdW%06Iu^V`nP;biG1P-T27;$Tr+l(ZN=_PX
zNmJ+ESajC#Qq4h^Qdw2o^LUAKM;pgut#&Uvd08%Y<6bN!OB+z7FPW@;8*@xO{#}Yw
zY^S(-*D)Vrwl;V05Lsq!w_F?kE_!}@&Z`GaY?;W%im#ru2?LydMFEwn`V@h2LAX<i
zcW79~+vw%#TUN52v9^pyvk2NV9O}D5i4ulePdR2uZ`$G13$&-=XbI}uoI4%`X6=Y<
zcCq7(W6dz+mnZt|T7{~xx&_?dhVhP%JD#y-m<_Y@1w=jD>Gqs+;rLM{VSV$!$HHHe
zaK@LIGk(Z;9SR~u!d8PCw@anT%S9%^PjA0mw0>7NLbH9kvu)8N67(BE1C(@joV%o0
z;3rMfY@Y55o~CKBGYf3>{}RU~5@>DIATt^H5HteY3mVjx9lLLMB;$AFnMjY$8@u4M
zT+h{>Cho65Z7BSy`bT9LoatT(>Sv`@9Zx&+iOiWwS>a4!h9MMT&jGh(1>9CE!WDXM
zvfGL(6?JGTt#i3&u~EL@Ob(*I_I<4CWJ_XjDZDYrDXT!X9euS8gI_54)o#oAuGBM3
zfUw&EGsbf>v(0B&&a0#Q2=h)&0aY#*$t}A47y{EaZdlgzlpcd#c9|TUzsRkHyBz!K
z`Q6kwd9|I9<Kt^*gvEVE{E?7K_Qa=}M2{WA0^vu@ZsMNPqyw#LtV+e<*Z#DhHjq~8
zx7EJRre)LKAa=e$%cQ*Kl_8s%v`yV^0yf(i=2F>rB8y)_+TGaHS~l52ZhzXb^OW3+
zZ{gnrd&Gh-<j0gg;|{kdm(dcQ7PG!tF1Ch4m3Nk{puCj&SHm1z%GTC3`vq-EsmY{)
zt}SgHSx>=)*m^l)$#-RH?bShS9CYF|ihp;n(somY?TJ`o8%eanQax?-vVi`B&Xc1%
zEUWTG2;LW#I#t>$&UplTsqlyn(d=}gXb9c&gZor9Zy0T>i=WL-Zo|8Yo4urz0ILJr
zg<{k1naf_1N0o2li6Gy00wg~xT=nxM`$c*Qm6&3shQ<p+z%~E*aqpp>Zd{!Vg8HPQ
zDc38TnN=yerkdhDIZgg*N^p8l6X3Q)A4@-j+C!8e5I`Z)9}|^Z`dUlOOudEE`6tI$
z`Wmsv3z>a(TRpAYCSye!QWj>8p6}mlS=t(OJN{^-!<BD9HQ)HX7}462m!~qdN#|(U
zCMgPR&y{HE?9+Oq%*Z=t>(S{19G$D2(%oN=m3D?*eWRT3Hg=yRm7m9wflVO+g};t(
ziesfn0K>e*87|BkEn;|U;<eIBewfivW7lvyV1wG`kq_WD0uV&5QMA`lDr>7IR?p`d
zT>hXeJczW4pALyUz8>}1`G`y(O)M4Wm56+Ao7bXYL<+5T(xDW&<8f=n?kS)T(#S*h
z<7SCzXX@VFmbo4k<NVzGMAK_<{y9lB6_wH~QS{lr6-?7s=QiEm3h{S^x>A#6#ol)&
z?(5PGcEmm3pW!yJ`P@lc+#UrT6WnEAeo3=W-rl!aKIy{8`dbZ!{EjP{;GTz_bjB%u
ziIv_FQ@bZtsPhhmO754$KqDQy6N@?ZJ*A4X97}8mj8pcQHRA94d9})E8d93G&hc4C
z)a>aN+r{$5?1Fs$_Q3Ym@)9Q_%I){R#8u7=7un*dKhsk=G4Qs!wR&1ddA54mNREkl
zt`IFgd?H0wo(7bTY;TC5gD>9gclCG=rYS0<D4Y@wlX{7ZWo_XQt==6<9P~bS9!1<A
z-a3xwL8;<BTkLgb`No^k$LYCppOty$ewon-6l|Q1Cw%$E^7$~7<Fv`Pf?@ZH@AIro
znF4HLQ^J<Sr4(X-n+Fw!$F9n8V<!T>#@3PYDqF7l=A~z*`^Lq*=vuB1(Wy9Q9c{ej
z5a{xB{OoL&%Ne{{u}92e5#IGM!Hr09)+k%)@o6Vy7PG6B2|O3Efz*znr9eAbi~3I-
zsvC<UyknxTa#EJxwgK|m;TX^rZdPE<Xo>1tSoGR%Tc(j+bIJJK&wiJ3r;2G4g%od{
z%Nr$RyPl4Txi(1E9w0trO{>w){2Z6R&=R&FIfGldka9y2!AO51bu>UZg<(jX<rU^J
zql}7W-CoTwPhWm5pzlp@q=D!-i6&a9v<MTiOI5yJT7Ttj&EB)w?m67JbO0r*@1^d3
zZ64KiOYM49jK$5=NT+<n^f-?wQwpfz1FFYXKtGI#w4WR+)VfcpvQKKi4Y)%YhOe^j
z4C>a(FF$AY46{;#q3l<#S~(xSt%X1ImSsUr->;zH(Vk}@(OX%0A^&-Iz1!$F6Dti%
zDQO86+;d@3v++!j48%`W7E|TVY*lx;`QlOS867(96vG6Os#)8%pmV15`o(dy#zH(z
z^t2B?Ii7iBb?lhTdFQrWJ2GiEVc-{Yw&BH)rKu6VV+;-U)Wq%R9&U@zqNsHvur;zY
zcQwh*v1P{&p7pU<gI7<mkQ3scWowLCI??JmAfq)7Uv4e6D7T4aZJva$)3s$%oKqi@
z)FF7}ms_ksEUgHsj%2QmGM$2Do{~sAz5>FtMoqu>$=W<GD@DB=1aIP$<1VeaRZrY`
z_rhEQ55Htqtnf!QidSyQV{*o-Tjp<@Pm58@Ft8O6;$4aHgRXnCH2t!pTd~<Q@U5&#
zoCjp_d#;K~H63|%QyjPj5H`hEhjkZ7ts-hkZ>D6N9o9-(v1araF3H_q%Ai_EU51YC
zm&btZjf0B$%Y>guAR(6EFnUnFD_LkRi6B$%U@W^YrXj?qOQdGO8^hg^jm8?H<T1S0
z*>2}IXJoWEu97z4$Jlw_4?QmXd2NtY2CvW~xv>ZKJ6>9|HqZ@cC>_TFI}lt6!uq~%
zbqDi<N@qWKEcX|2W_R9&cbO{vAYn_z6<_zjwBoCZzdmI>+?}=jYN*s*aZOn2Jmm*h
zc1ePOz9iu0^);7;`Q!V~l>IN=3VG;dpbsLHi3%SV)$;rO!l8Inw(<!1HOzJ?k*+Qi
z6AxgC`#eI+$(Iuqu2-~kYP26L_p#@sev|1Im7Z|Hlq;{MB3m3-xoGYPtc6+DIyBB=
zbd%?j8`vB#>wQ|@uU<FTxL|19AV{R5xjCzISL{+!Y^w6HJN!9~jg-s`Lg7C|s%Nhs
zl)nDyeX616kpDsXA>~7QWi}-XFV(YClB~m2aN4Fn+Z!8n6HV;vYFigJriByI!&RJ5
z7Rr+7h9Qy?-oCju9o-a=OvzB(!#-jIT_xF*9EQIg!8~U-+s^Ob<p1L=LzV;F++`?b
z_w<OF#PTH>Q(lyhE~WlFu!+G4s#Cdw8?32aVsZQVp{Dg@VR-{_)Ns=%+Yv@%%0~NA
zYSHe2pAe0mZ{Dm^K}cK*#MptuC29cZxkG7yMwO~e9ac|TvO|FG^l+T{FO1)l$YB((
zm~vcH;Rr`T!C_?{1;K<VpzAf#&x~LEW@OmZWAni=@Ym@I+eu@W9?ugpru14l&pB!0
zV)=f6(2S*JbIHkEjioJ6M)2n6B{a+&#*qBW*2eR~EbSG`;gt#t`+&;N`wC|qf=y37
z7v@Q8jy@;!>~>|0BN6kDvSv6xwCg|poo$nC>5}ImH*oN5XN)qZ5&$-D%u+*TNQ2AI
zk>y;IlCQ?unrB0WBG`KTXD-`x56MnSLG_FgEr4ZrVZM924I{t)hq>&t#*W5=Q7TGD
zp1oTrtlojcf2($TWq5@pBUe;sC~dUi<N6wT-l?YX!TAliSWeNncutCPkMJ&w219F3
z-r2`a#&Jebj~=#>3=dW}l{v+<mZP%uBdPR<?ZDEB!CqUPk>e6G7Dp}K%xlY$jf3EL
zlXD!7k8bBrNa;TYRBAH)4(b3h{qEsvb9OJ*ViVwR?Rm&+S2^@94Sa<P*&AFILL5o9
zM^s~XnD^UaXvWnlR-UUr=g-V!&>Pp5A)>(y%nsI(>5&kcK~j*ee|(jScbiPg3jmYm
zX%5M;%6W6i(oaW34k}^rM(5%?r4rrOFAd5Sp2XL>z490gBxWR^@;9+hc`ez@u{CAZ
zHRnLl;Un5i^A%iX{YFB#$`C~#z6G7e8TnqiFcq)k{GHIR@rMupde~|@Yk2MELoFyP
zIA%Xx=a`;I>dsdu)ymRsJbM;kiROxeEwK^$o!dKxj@xIpdX^sh#sRQGM+vpUk?1k8
zO$FI;7Q1@*;)<W}&Wptv63<hPHd{{>QorNA&Dv5Lz0KE%5~Ch$ZF8G1E1YBCob706
z^1!%%#R`6>Bnij%XE@z_pu$tJKWxuAzy4!$8#Rt^zQCGc7s!vxdPdMb{<bSM`hy2s
zu?3%5eR2Yy+2wCJm$#lee67or$RJ7(sj!uTE(6FTyI_f@8_W7-)5>o1sF-buVBw<q
zbiwwfEa$S4xti0j8lGAwx31)9r{V1qcGAIwVZ#sCTi3X4(9cez3EJ*{L4fT?kzmNW
zwqhkB#rzE^m-nW7e850`rDAP#sQ?3{E=m-1-#q0rY;ZfO)WNcMY)n%3r+iygmz39?
zMg8^(;a|6Feg)eWMlO?Z##cDx)xjELmV$~zCGk_9cq}3&u?GTh6NRm8jf``|ed>~(
zg8IVU4Yr+n*=vE`C9QE8nF&5D^tzuSoR#hgj*42LX>;JMxu@=~jx-lsHeiIRBX+-0
z+U9{?;C^Z`AwSn%L~_y7P4^bFf3VUh$?m&~UsRrnO0<fsgd*TtIQYQ)tqKJMjp7P_
z!h#>Pw31HYM7E^rdM$+Y8p{e#T%Bv<zYbzkPwV65FpKmYh~F=CC`@Hu;8|18?J+G6
zajPNFNP)?p=&&je3EYlyS=mHW)SEd6>ZeoepV;^{a^|$q+)ck2rs7k2=@@5mfgFWD
zD@#NT&qCCxvqGKzwTaJ`NCGhM+Lrkw&XY=kMeC-`$JE$}*$j~a!e;<)UpiKa?J~5=
zF&ye-`z2(_@!5R9<4mjPIm4|E4C@H$bS@0*m{lf!dD3h_iJ!?kqt(;xvA%&J<udrV
z7jz%U>vgoZWjD&we|WvM^3}Qm&U@CJkCheGQ=iw7WL`RT-L>i7Yw;${fxk^s7ufqR
zx4Q+l(v(QED$CotH?~#$%G-Kqe}=SA9~G;Lv)^UR@C*VI*JAy58I7Eiv$DIFPPsa}
zMxe>IC7u!d3NcsJvh5wM#?PDTB?F9jADS*?&Oan<m-rziqZd-&df0!rO$5Ex+(Ct{
z86bj)+9&va&~4|fH!*SEGw<2oE$Cw#8SKd&Qlrb>_oNL=j(0j9skFrIwb_V^-9I)q
z^kM9FY|f=JlW(&$L))piV_`)CX?hoB)H9tWd0SbR`Y9<veZm{6^b#$xG5VM0&}cMT
z?3;xN(3RLv?VnDF1{N;qwFS}A^6L|3STh=(k{&>;>;3U%GXkPISs$lLV44xIpjgq2
z@D=<GsD&noUR$wHyY7|#mBXYLWiG&nB=5;MEwcIU-m5p3?Pfma5Hyjh=^86y32p-V
zH!3}^@Ke%#kqca|ex}$q5iV^cZr`f*ZfE^zj1+Xq_Ira~G!IMr(RG4r@1X3Su+5*I
z+w3M&c6qRw|9WHGWh#N4R=~}ts6D=pe<ySHu6FN=6O8&Y)9Q(rs4_BN6|hk7E0%`{
zI*c5@VBz4Z)nBS$%V|V8>Z=T^6E+Ylxm}j$k1{m;l75DB>)0nz<F<B|KvBFe4sp7<
z7JmZ8e%I<qn>_a>b1jo?tz(DxFJ?vW{ML9tgsI@sC6(9(X^dO6-lmLpX)MbV&wS=R
z3Jxo@E7pElK==>`79L>mk`k_3!3i&k_cqFAz)H}=cAVbD`@n0~2F5*A%pbb7z|Cy3
z{revt)&F_knWA0yQ8vvm^XG2*mRGf!V+aS_oVQu>@W*ZQCx2!byWdm(%|4h1D8!5I
z%Pu(h;p;F-qSK*<c2p;={flbb!lOGQ4;(9#tDZvDzl+$H*B3;TJZ)fho9v=$U1_IX
z&OJ@#%WZ&Lx5~!~gykdZ<uzM#wX^wou{93AYad1H8ZMKz#`II-9|Jmf;(|UIhbop)
zLy^*73S4)L!I>1@InQP2zGltx^eIJoZL64_>`YIa$F0k>R2o*jY2}DBK-+L`u)9k3
zLSO3?xat=NJmG{J8|PvR@*J*NCW0lp!F)&1>Z98sl)F41C_TqNa`BD6D0x3l!|hcU
zX`q8v^sa?%0YT-H(oIekiQf@V2xy!LMM?g>-Qx(8`v2x|y)?zRK)j5Mg4z*u5OHtw
zUQE4~)7$Y}@NBEF+D0VqGmC0J5_jS1Wc}A4$7IFOltPCSb^i)zP=U~ZXNY5n-i8Pm
zw29HK{u?tWU!N{*3A!bF(5;8^K^|LKDr^I>^Kf{3zF8#_2!($*>I3~=VO<i?XTd+t
zH(Z5#kA0Ho@f7O;<lm}=U;~UAevg|*@WY3hkWnY@>vd<OfJhrJrPR8{4*ufRh_nMt
zK)bjFZK?G{LW;R9oVSF6Q+F30_#gkm)ap3fxep^-4V2<#rGw)_#gXaiH<WAvd<5R1
zeAif!uDSa9Dy1@$W#5MAHe}5{YjAHt@jcE%#ZGous#nvx`<P?rUK>uy2BbDY>|(^3
z?RNVBj`J&-%@-zYh=Vh&8OF<q`rP|S=U`R@%tPpJ?N#M$JQ7{Z1MX~RXl-t2?`ujs
zN|dfFLc3L%(FtRtAUI+9t>?h!O#KQ9H>;HtQ=B40zt0#)I-5s_K~C!KnCnlPt)F9}
zhREX&p7QQu7DudDF71MAL7s`id+#+4Xu?ewx%>uegAp$_J~fY8kek=!3LTm|@|zqi
zSw|YIj-HRm8R90MCPrkm%Js`QkXNxJy#rsFgy{+it7U(Tx4oBqP!n^R7<HT8I@S||
zzi82x4>aT^FMC4%%;HZGlR2kj-+aR})<R_|K9=?czD~DGDlrS7Aps-em?dDD_u`fk
zq)y<@VFajt2`pGa<p95oeye~%8E~xQ@Et5XpFKLXe!<L?NQpglSgWz>(Xw_+Sju52
zB?@UEmix>~(Cyb*Pv%x&`(NmUbo{!o(t=|nNPd{XHJ|yRkj|8luDoBQA5dvKVMZ6S
zj~AxQd#>{6zPsv1D3Qs_axX0yN}~huU>?krA<agr<lF~6D?-8kyz*xX@CTzObNY;4
z#J(m?fx=|mdp9wiRn)z!&y^{Vyh!3cI3UJ(hVda9lo>@WHMKy}``=t!jQF%QY13~z
z>^Vpoz5-R?aq2%BEyI1ix$aCc8_sHNv?(_+XXSW#hD&G5nk-mFT_f`s6qRtlwLVDW
zV5Nl2MS;6K;3`k%A|uW*T;zgpu&?j)@{?&;9Morp_RiFiSb%4nkEA{0N1rbEOqQ;^
z2wq(vj{pL$27WzIeHHPS5PS;$mCCSd3fsYAx#VbNm~tpvod+HJmtB8(Jz+fCLt!5P
zhDgv96N!^zcw41n(ac1VnukI><j8lkKdeg5iJ7+5E@5mIO!pQ;O=gOo1K1LzJF4Vc
zkG0U``;W~=17a2~{(Kp2%<A5NEow2&i|g$)8oIw}E7+<-8YRaJ#19AJ5rh-Pa&GUn
zx=F!_-a7J_9Ba*Q3B+0?fl%-fOtQJ~F*W*;{!W~*>xp_1;1-j2&kRLub}YMjweJa3
z`Bp@keQkqq#l>MHR|JwD82w4)!FhEJ$sll<yqU@r_JG6!)l0G2`-zt9zKKkIGc`R-
zRYH%Ri?!*b@evMKn)_#G$hEjX0UiG!TG2#|?~_L~C+ws<Kux0iTnH^fkxjFKY8UN$
zVE(k50X()m|59bEx`2xi5X2|Pf!v&0UJl@Fpa5#uH2PRFU`YVF*Y|e)%9}qbDcxk%
zGA-`9qB&dv&=R&``4oj4#Mb?N#pNPKC&E3X>aV+19Bufb`pw?{ZPXnBAdPc%8aIw>
z4%obEJn`oKUvjqKc1WZL3=c*hUGcZ~s@Mwmc!i`(N%{E9T!nM8gTuws{qAcXE_}r{
z8WH?px5Gt;?_cMs{8()q!I2ek)acJ7DH169u<baTWE^!-Ei*NPo!xj$YMi&d!}q+|
zsM$jpfn0X?4xw^4@-~27M9F8^T}IaMNI$stmYO0?=_rTdYCv;I*n)$=G5JLlcY7vn
z^p~*C6qu!+0(Llx8ak0zpA9GSYy1@`G}sbH2Q3zEU7t7b5Yq3~KwRf1ZP`ksAC{b>
z;$yRpxsPFC0+PHlgL3oJV|13<Xi)jL3;gn;j%oQzf?Ld!w((ddEv4(vu#9--`$U?^
z(_@(43~a5V519;X&n0I^M4oK?a+Z>XX>0Z&YzYa|^R>rVX!SU_FCT=p3lA4y3lI4W
zha%1lyI;Ke{oBkG8|P2k6QKP2Q@McZ!QUqY+6BTCCzK*s+LS<=rWL`$2`7RrT2>Lc
zP?ESjAq-U%X5~TFW@0kJV4^A$y8ppr<gp-VI)llyS+uw1Au(XkBh&?!jIG9~Xb2UE
zm70hRCeEA!9Rpc2g8X3)!Ek}BXW;uQL7ogxb7DokAq}h+Td^6?M3qQno9KaqE{!{z
zMLeeEQ!vF@8x$ejP(mi^A75qtkk1?&6T|7t#b0akn2hJFGR^Ng6DZL6Kt8{EP`s;|
zAS!U3neDHD41-(f2)Dwmh06;Jx#MWlk1yO^GA>6gu$N3sPq7ZODz`~}q}`x)WG0Ut
zf3L&Tr|99rUW~kHXG7c~vgP!QEgOE=<C-5@enQq>{&PGAXud%0%SV+X6KxOjLxz-{
zE`gkc8mq`b>F{3zGxl=avk6jKz1dDlkASA~_I`h$wt}Tp*(bgm0J8tKrCd=~J^~K7
zV&b){$dfNl{Z-qp!Q(bhvDG;##`?xgPos-d9qPSesWDv?I^qgmSYF5c=jex4JB2(1
z!eT{eN^oD6oA<ED1S_Grj?KZN??+W9)Zswev@FIsn?Ise+qo5s$^zKJLjV^QPmbPO
zrFm1Odt-tsir-p^bt_tl4Yc|pR6?W?o#UqBQaf<Miw`=~u%=a&)h5>A)}Fz`9r}5D
zWLE?dori5u9TMFJY+H1Xp%7Wwk!U##>}^o}^p_4Uuj%!0J@egbHem2PCYN%jUtxo)
z%3y0mlwxRL51l7k(uQeQj!%Qs0;+cTrMpoJyNUa;Uy(;C;;Yk%BVA1RCTrcj3m>B0
zP4jyc!n{`ZMf^Gb{UwOGAr16;!Pvvg3%Cr?$-rQMeRP8Q=HahD!w~rTneQQyI2Vsb
zi>m!W5eP%Rb^<aUFU)+Q)|Nx`hd*jU@(hkafjM2Z(x<FgM|{j8sA}-=ju(jV=~4dS
z!B~;M=eoDdT;AFy?+<~}Z>=UfDE;mTB#F=nD)<T*!*;7D3b1P8w@NM1S1^gNR${ue
zcLX~0H7mM5^d1LT7jNyziv3n_vHW|Im~_2f3{8A7EOs3l0d)_Y1G=2JJS^N~VauDK
zUIR8vF%3SMq$agJw)2Q4rYGhEv8y~PC>&4x77C(0FHjw>x8a<H`i=@Ck*r7$q1NcV
z#Rr<dm4!cV^sQ4Pt#a-we|C){Q1l3B+W%+JC^}DjrXVROZ{+(C){H)^owQ{iYW_Ia
zl|GPH?{OIX>FGf`nXrFln7LBMfkFiuON=ad0hrI<0wU(G{R}uCWAUU(R2SisOP<G1
zr@MSkzkikXY_!ln#%MZS)r}M?$=6~GFPE`^q;f^cht*I6u6#f}{C41W2f_Zvp<*Q0
zSrHz<iXd`xw<1F0^+x+~fPq2YdxCZKb%RJt6-tyrN}&s&oXkH~&~4!!-DK+iF*V}p
zt+O8q9@<#F@f4%JlSKvpUQ;7I5YRW0p}PC9W;_NF?47WNhIdE>cI=IXC*MfqzOQ`H
z5G*{A!QqO57q)?It6|#alD8DFUI^oA@_WOz=RTh{cpfQEIAI;g0}Iu|M!I0EWG|o@
zj;NdJo6?`=jpZ?mgqNBSbel1{+opA4X}GQFe<sOQh7b9(H3-QwW-Zef>HB82XOQR2
zO0`!o(QIUz?)w^B0)a_IkQNB$C;yk4`h;)#FIwc%#Xr<4DK^C>bFV{>eBUtu0|>g4
zrCU3L8Z2flXFf0p6K@EhgQi?<%~wzr+i_XpzkS|eiG2?`mNQG$@0Xh^CPvUAnn8C~
zq?E^;Ds2PtLqGq(QD6leCMd2Lit2=Bo&wwS`rd`xrkm<$11~`ZQxYfFqnUoQn~qbY
z-+yF`BOB~!kNj(qr5sN)GaTq!uB0lVYd<<DzVn>8Rr1}1k5S{1Wk`utcV7cm8U0aN
z516Cj)ZaTxIfniQJ=s&&?H7F;HavO#jV8y5AspjZWu5&xez`Jt@H-|NhMI0IH74Vs
zJ+*VSw@Ee8QHR)4z)jwnhYA?aFS=OG&3C|rsf2le`#QsuEe4#ppj8=~WCLxr<n4v;
z%NtXSzE0n&Je2dECG-DOW5a!YPuj6)N|at6;wepu{dOxJfXf7&>>9Y&LF8C8^t+VC
zk}wl_eUxf2hzd_QS)s0S<=Dx0AN!-g&M1|bU5?pC8tKfb8mW<be}_rbZVyL-fn8D=
zamah-67u&fbh0mMY50b(FU|8<J}d~zR_2`)>iVhYG>ddJ{watf5Ct%-=~(CTefCoZ
znN~61I*idm!m_IxO(i;}_sc0M{|^B??AZJ7o;(qHV_e2Mc1GXtfGQK4N34YKJcu~m
z#kQT^RYmhrTv9(&{~>;JxeC2=tC*BMTsC1mogjl1BxTenRF{d6chArxeKG4`**H#p
zc|Y-4$0KaN83?w2NIi=psFJ7uA@@PEQVlbEa^%+6F(a#lK?>pb$Jjqp8%(A2o7=1%
z`~iB3iV5KBlyn#UXknHSE8d?(kr(7H>zeAkPYAXcu&E=5hb>Sz8jy`s|ICZ>f8kQ<
zDb9-%1T`kNy*n4=fBukPei7SQ5REChe=b%n|B}>Mm!Qe0?{r7-w~Uxu)V^h<CV_Zz
zf-1cNY2>xIDEu20SeiVHDpH?5E!b}Z*9-K+LD8n6Q_;<C=RCg%o1JSWX!l<JuVI`I
zb%gJ2VF?h$s*B0eRa9t;tRz6}3+1pHySQL%xneLB;6P-+foX?OFGJ=$uK={NkI>~s
zJ){j*p)?#t4`dBIf-N`#6OO<>7QXMU#`;(CN6rGpg6ydAzZe&hj#ySj_DYkyIy`zs
z*N<d<=&W>huwg{_RN>qMJ%%TF%Xh!27IpIL0<{+K@9pxd^)}+Ct$?zChLf51s0P;t
z4gJyHd_v2|wqG${y{kx=GYZkTeesGTo!SMo-8g_b%?=u!`(XY+_JiPFhiLd0=s;Fa
ziPeIS$cy*13-~KN2M*@9j40jhYB(*m31<Z*8lcTsuofsVmMt3zSyEvWzk@A7#w46r
zQxj+ndSqFe<tZC<*uOvT1icrk=<q{haE45Hm!$@^4%XQ2X=!LCL%TXa{3BU`fqqfX
z7MzeCc@-PqkBACb#RI)%zjTwiEhE=oMQOkL3FIjF_?*)5P(g7GFbXc(1tTsn1qL=a
zQp}<;MB(QfI_Xjj3Q%RR3!8yW1cJ*2AVt0#6puENwjzkToGJUB13;_SKSyiK1tM(&
zuWm%lrRow5>8Y`x<_4?9FboQGPZo81UFXCt2qQ17)<aXTQ00FBL!ezxDqoRrA~`~Y
zu`o*;1E4?jAn-<g22-HpapD-Os1Qf?%ZW!Z{Q}tbzQ<D%jV?(dMX<=!4e%!0)qzhE
zLnjgOmH}}^D=q=q(_bPo)BlWgVo+-qz7BRs$ZSUVeYHpLt+?g)Q@d7Io}*LFzenEZ
zz4tv-@0b+pXoEgp38zGf+$pdUQ4io(Bwz)7NeCkg;BtTIseX^JtM!sbwM|T%*xs?|
zr)`eYw;vh0UQl4fl7SYcqi#OMICzJ+2_D}-jI?igbR*}SK2nv?{cG8c!pmQup*dsq
z@X@Sav810vE9;GB4BBTM)R=Ao*avs|3Gy{z&UA(R2ba2HW&Pi$DvDaxT-cupnAAot
zfo{+&i{*Evp55fJ+lF%!Ik22>BYpKw+LF#HULp^>OyVJ0doYrB;Gv*EhOmW0mgjJ4
zw6PG0vD;lWQ`ReHV~8Cnd@PxVP!Q|<d-x#&7Nr5)wvO?$QKQCkf=#Ia)+&Ax14oV0
z*L30FmUC+Af=+xQe>}1ZF45+x!Ad-C<l<ha35_HJ4Gaq0IoO5M?ZKBmAI)St69zdM
zpA?PlE;0S+TCWGOSu9Q)d@vza`@M#?=l7fpiwu9VSy6ZHMK{;f9dq@y%*{4>H&gtC
zZs%f^7G_BRfnxePVSt<WmE-@!t@W8%z|JZXxhP?~-a?L=^AEOsI_nDS@dU_!Pj?mA
zOLn1&kvghlQE|?u*P#g6jjUqUNpi@M2T5kg@>+DfPwUV<C0}G0@)wYZ^wO+w!v#{d
zgM1UVjncO4_m}=0Z>l0fHg=aWyDFKXVemSEiv2pEuOPqQMs5KXAAd(nZO;wXBx@QU
zjr)1OSqEm4;EnswrS)MU9fr(|$5aA88+Fm$HTd#UZKn7<KJ$swXMquHbJOnsUQ=WD
z7h}@<=w>)C&P|%m*L5tsEj<1}j}L8jB9uL!h`*mFSHOP`x^#8^UH=S;G<U6BXaKrj
z1~<E$d63XDA}d>Z(8gG)U<b}Bp}6~VM^<#_V)W>vr-T<$DzgE|$zYvb3?DN>_5MdK
zy>W@P+pS`z%usHrRoJXho7_oy{u@HQf)Wl5yMIHSWDrz8{Zh}+?~69afH(2T=lOal
zlve_9b151HP}1oP63pLQD8M$<XIIVN_C)%=wfZ44q-RBqN2Y<OVy6CsfvvMYEh%WR
zz~N1t$A%}(U*j<N?o^*gdOa;GLhO`zR;;2l-=xKP!X`(g2Y`@^#w`@7FEETl>oY~|
z<#KNyt)i5<!uM_r{nGJKK^+ZptTtutr*ado-kkDCtKW3vE;dp5Ur2`gMsjGRc2a{>
z7eOKv?P*g3sj?Zq6$az;K~gAOV0{f5(Rlc;+(L|Lhe35yutOCV((w|_0Bjy`?RTdx
z3?>VWb?_!7aTKhHxa<}B`oG{8&@~vqE~#>buuu23cfJ55!}^TBL9P&aVi>ncH!o#?
z;5NijDv^RHK~#U63zGY6Fb4f|R;aA~o^xqw!zY)|S$f3SvQCe5*2C_{pa^ayC8aM!
zv0xR#|0SBH&r<l8bEzCEsv41$#cz1hZRY}iF`vGN3)_bi@U6lbS*Xd#FHOFH5Dskm
zq%@Sq@7?kDSPF}%X^4LA70Z!S55!xAKtK&UJ4A`}K0`c1@HTUG>`z#jThUjpEc>o?
ziUw~Dz(Xn~06?+RfI{G?^!8_)uf2tx&5?KhDXwZoxW54}C)2lcr(t_BQv9YEeQ`DF
z#x0cPHNP7p{QLrLF#iTD|A+n!Dgp!xH5}YmDs9pw<k-6ZhJ-2r7@tXr57_yRFz?8o
z+;A4w>cON5!Ek1y8LPHAP>|8-`l4w_lESLN(ZfsS7i*~82CJf$=-D~$b>wdfRKlB@
z(BCX`xG;67cd3wLD3acC#lh+SBcy_DRLt_!*X6+yvV%$DXqmNmz<;W50ZYZ;4&GL#
z*9#i>H?-Bei6Ys)m?;!m(%@!)Oc<bw|4lCbqtsQ-&<3tYNm<@Rf{)9_vB{6Z(=GUC
z4ySBRlsPRF7tHjBF}@*>U@;px#9jLrr1?KpzJGj{4F--Jm-dx?^1$bFrXR)4wE`(5
z7%yzOWb!mmCz!4RZFE(p`b`a?#eyiHa;q*0{aY}|lsU6q65IlzUfuxaF)<V>ca3yj
zE>~2U?j};z%)KYAd96rf-B&#$EjH(njQn^0SH0WgG0_P&JN7<(UP}!&q%5Pa<90tk
zoR&q)Cq;=vJ^vA%*wJalz8p42i)JbEp)R7KQ_Ha>Q)}|lj&v7<bv?&xI-D)<x^z+H
zQ_3mTNwpmB{Z&u&Fa7XlelE`RT-+;>n08T||Dv#8jzC?=z5Bjh^&X|Tspy5eD93us
zq95mrr=-gESv$7z%ogPlicRaIycal1?}8_dRND2U;ONr=kKycnOed^*7{)R>WM8^W
zPW`y~uh9<ahgBJ2p!;Cab1k!cV%p`gQ0~0judYAWkd{4>=f%@1I_&b9U99kzhsc=b
zEC0Xb3U=;2R8Ow~jwLSWx*uE?$DPlujNHSLWdH~?6eG%-PY~Ozc-9<GTNj$jrPtte
zw{78$i>~Mory82mc)p)Ew1c2a{}lY0(c*zF1-~&ROE10tO|IH?=}~K0dcoxcL!@Aa
z>qB=k44X<mxwa#ln@eSXW`uLeQyPYaSBo!u+`YXQJPA1qFKIRWe-JH#G;b8)l@|4u
zlKN!HfRNK(cH;Uzw|7vJ{AQ2Lb_7iUc*I*>f~t+!h3&Ie*!UM-5uDn#R;H?jdka1T
z9xxa6{4REy`sK)VyP$xIj#%oIspj@tH-)*Uz!!3A*hbim=EGG(@a#1LT}aU2K=`94
z?p`v$v)ZV=aRXR(jsr@?rYE^0Ab#c3Ihx3SLAgo$GBh+W`5k?Z=p%*O^ke2{Ij|{Y
z#EEU{ar4&xI#<W0uljl0Yq!}vb9N8dd%Jxx^TKl9<L1$uLz3HJ#<Mcs<xk)SMG7-o
zgW~q*^pVW>(Z={D*sI7bsKXP7G~LSgG<9rsyh}18#@%nnlr1XmPg2^}y!&=Xx7Ep~
zt)l__Gd_aMA!%CW+^Pll(IlPEhdpD@F2jQd44J~vBY^(CiZ%NX?OA5dY}zd;oAw%3
zQe~_=Eo$Fft^IXAsmJ||o4@yhvuIKB^fZY&yi`+(B}0ZN@D|#TOE@*&*!1)Tp9T`$
zq^u;27;S~H0Xx{*jml7Tm@czV>nwE}NR$tAZ1=@=Q)1d6U|QP5s^fLz7TOlFT<e?R
z2Z4fB5C+0U{x;j^;puIKvnFk$!{5DqBfdpa-}JD`S+rw0HCQt&C7L5!{mSTbL?S74
z2NKEGXb_ZLa0c0gc|XloXnIoad_4H^dI+z6b*S4_?S`OFw@!{sJis5Fe<&fHX+)u-
z&AO`EX;!-Oueb^M!lRQ%Q%fymZEBLre+tw>a;c-51bnw!=WNXDru#~)tp^JY&>>rY
zkR1zDzd%owA$W{s0|X}M<)PDwOtUEGcBK#yLL7%DCSeBU+}dU}P!*AFCzzor+LW!}
zyyt6{M{V3hT*wF&v1!eUtD}~6_uilmE17~H_egllDaB5vAJPaPT|)pK2uQYU>}0>o
zPVQKBKLtWbXjv*+1s^aW^BvXK*cYG`?Gia#z&X)v6ML^Pi$wTl<I?1!lKkV~{1dka
zlP$a-NnnyiSqxsZ0S%-hh+AUQfj|KC^BS<{Ku$D&y+sXfy&hb|tsSjfJMLcU8~%L8
znPx2XBJ`2)NazyNj^%3C73v@7F+U6#Idd~k+x`HR#U@o=%gc6I^PkM*zI`T9a}>rI
z#nQ{%0i*<*tjhr6Iv$o5@fY@;Mz(Y$v!}5qpzbwFNq!~D4>5bzXzzUhSHALxqo0JM
z(d>XbamSIeHt83V+d5x>-z<k=;q%gs2K>AOzr8i-X!ReW31$U@&Sp%9^5i;})Gt*u
zXKqBl<c$mr^ZeI7ey*|nJ#Hi}#FvUFy=#TxL5ElRaE$o$*Y$H5ENxTiU)(B&+^LsL
zF&j5eqT*?&E%m{au(JjOQe=oC<7MAF_xTWnYHWwg24v!Q1l^1^d(P6{FIzWp!pUOm
z;L^4oLp-qIcF6t8ET92!@ds@0;PnERE9_ZOY^xY5tzK5ZpIR}za)MVdR0>-A#|IOY
z0L!|f@U&*Xj$ayit%yCTd~I_z{-wdIKi&aI0&(i6KkMgRarG0@7Z2c*?i!Avxio!n
z;c#jG&(Qf2kL5CDK3%|LAu}ic#Y$&Nk%D8#sD!JW9vEtBasCFzzt`Zb?!F64yIGmW
zr^6#=Rkk>F!Y#=C<%D#Mc$7m~-52V&+WKG~vEuIAdw+r|qagT-x6T;~f9u;}>&Q6y
zzh!}1^oiy{3W4V?kKQ#sCzz8izj331Ne`Mds6t^rhc9J2jW-u5U2?O0T`iR9g+`K4
zV73*gkz+OnC?ZZKoN5%RnU3OT;EkE>XejrnMWG!E`&ze(g1`e^N*()L@zrx#9jr^T
zEp{d!4xVsyfrrA2L1O4hc57ov;1(x_CBV>W^~Lz>eNs0{wu$BK=a7X~85tNxcrR#7
zcDjjquTOk6eWonO@@52VcKLg1P<yT#_GJbbS?@qgjM`h#3eUC803&RN?J$0tI=S{2
z+0SQx7P5Ti;vSH6tbId9E3uXHr+xKwI6!9PkfeAV{F%WNTj+EX#UC?h%&aJ1>H+1S
zpH+w1KC0w@bP80m7sJ|!gHL5GzY+_E*cgS5R;O@mZzsjSD9e=Z<>RDexlp0A2O^Uy
zSBE+eMelvD-uo&2p3ImFN2zC+{QI<7&*M+zd=K=daZ^54l-02_N!O#p3y`^OT_RLO
z%e07v2X{lKQ^hm-YuPR-Unl0F<431C)cNT@C5K*HS^8!6&Zf!ABx2ZN3zi>@DagTy
zoDc$txVe8#50g7kdf*MuvnvaB*|36Bz~LWm{^-W`v^w-f9QQTJush5^o`2Ou32Ke#
zX=rYrEiKR83r&^@NxasAG@v3>%t<3AVQGqQ(XTeWXXI690=gVL5=BVV7EUVXvu|u~
zdL4x7rY5dLanWto?N4DV!Hjcac$!a^cHMLR<G%d1Ti}2D3vvGsnM2)av`;x%Jxp6J
zmA`H1PK?DUk<>O;clR}}g8Tq@I9ua(F>hI+xMTp+v+<=QHM}tpkuG`b+@SDRkLL?V
z?K6Ou$F+gGg=LhZ6e^l!dU<i5%5@1_J7}=Z7IH=sTT%Bdvkzi3cVC^=c@(p^B%QT&
z<xOzHQ?7QvaC{zGSb;>YqZ;~$-QS@TFE-7!mi>-JtTO}1qkMGx^3yIoo77Lzhv;lQ
zwhl}8*~-?#H=pew&i{^EP#HnR1f4fL>neL6lz`yT)`NSW)_duL*dOiD12ot^P|w;C
z&g<dm1-lG__*_o1W=yerUVNqNyj8h*t7nKPJB&*26Eso_EgeE$Xc-K9+oK}u#LVKh
zg-$(ZquXAxF7B~K3yb@nVUE@bg}|rA?BVDCqJpN#q3{J$B$QPOHixFF0;?ucz_e89
zhka)wv%SmG#Y*>M?RFw*N_QNVOGCsh9%PgU>rhY#Y|aG|Kta6nS`2H~`b6P>p!b>{
zO~%O;E1c9cB=u&talCZ8ljHR5JCx_#jjX%ZL?N*j#HS)Jbp4~wqn~;0fne$p;(Anw
z#)hH4IR%PK<dWwx`tJ!`tk*I#L59oKQ6uIU42;$f+@Qj7&dX*Gn8Hu#x<Rf_*EmD?
z%G!X!4`dP7`bJXCgmD4>VsTJ`8vMeVWqMpS1;#js;Nw6^G{3&xz(JT<<J(oSjfeRE
zo*<Mm6Vuj)J&yoiaXVC*hP-Hc%0t)k@JiP9=BZ1f936wKGc-Gi`Y$-d%NS9G6vv&R
z*^FffxhpF-{hv~UvU<{?T<r$}x*ATSZ^3g-IxA+;y~L=DWZd_L=UKq$LrBg$&J|_^
z(i)(i+wfqiCo^lVYIY5u3Db@25V8<OAFez_YAzWcdO)eW=ki(X6YsT;H=e!Y+{sSE
zFwbf!SYT{j*5hu+OHj*{eO~wIReFtE1s1O{!Y$fyAR<HTLj#JMn^}+!AS+P+x0?!R
zIym;UmK2?8j5GFsu)x5#^BVR92ydWFT}r~zI%*=&qeJk0XrB>06a*PnknSx%2GXNA
z`8h+65Ja(>4je?_iE!vR?_}06NPbn$lcoY48*&jpGY@D{>KF}3d<hpY=*ZlMf+~#>
zIAG91uq{ydUh_G7dNU)A?d<ChDKVUv%HF(Sw6G>HvNYpK#4z{{T<(;6@D}*;--H<S
zzxxFAGGwmv<$nn5C&(cb%FV&Grp0Ps@Le}M-H+AmZD!Z+_%eJ0oJV`JLlW(k9`{%u
zhqn7NG~8P<xiPf9_YVJh%$8r3hnoCCKvv(Npj$~JSh0@ZXT6>dbGAYukJ*v9BVP%n
zEdx}<M_5KYT$HoGpcMMj;=s$x8l6ncz=Uz_+S!@4YdH_>Yh{M8QWZ#anfNVOKhXyu
z)8qDK()?=+v(Wq#7x0eb=(u69H6bIu9M*tCQ3w8O;BRlv6`b1hqeRvYN8SRfJa*KZ
zrF?Emz1MyS#{(-3(zSW6B_pU_Vgyk%P^ZlO&uKvP*X{e-C%4o+zG+z})bjcD31S-O
z%-z@5KaZD^YAt4@2~8QwIu&|pS2Z&d6vA-pQQNUfo>}{6y|n7PFEw+MhgUm-A7+YT
zg!x)l2I`$ML4X-{vaKhoBrCGC0|cduI)wI}l)A4`+uX61C0;>G2%`(gLp}zE*z8(e
zLlllQ<ZIY-Rm(#}hxN9KZZpiy?s4A$DY$eWo;64)v&qD4<ay!SH{9&dgkhl_$GEDy
zggCNTSGn@4bcq}-<eY#ky^9bb*b#)f=07t-MW4qrmv0{}j-)(~*63pM#Ti3fH&_nC
zF8@kI`Y)x`$~z*B-iMnVN^jhr62P}H#q~4Q*z9M8)JUedJ$2ODkx2>aX=^tpUVERh
zw`L?n@r^{<v>mE_NOvA@$ofY3s7Cye+v6(@w|#iAhkkt;R5CDh@}x?m`F+^Xr9pAZ
zBj+VSN)#JgE7sy(WbQ&@XKid+5E0PLS_ksEPh>VP1SB`f?(uGCQqcK!YyA(YCuZL7
zB91Xw=9Qc<e4pltl{@4D2qQ$N4nxUf&5X@b6sgvc@4d!_wAn7wZRRoEhf8nnykNh*
zWp7lPaqR58HmSXx!Fb(inoxLsQg-RYW6$kiFMqTr^XFGLzngz1zIHF}aSut*prH~d
zJ-GZc-*Q7>>@R;p*n*LbzTwN_<l8gu5;r^enkz`u$CPPW+0W&2wfw!+*kEIPscyl?
zCZ8Wwu%<m8l|^c_-RC`*KRH1=O-I~Ua`<?e?5*iV)3P6(s2dyyK<4$n?VY=y1-pb6
z=?tLU{;zpNe8~mMT4+_E@tce3k6FJQkva6RLEN3`hj^}ABF<R!JHYm>+`^|doXo`?
zIWs9k`-=P_hX?Y1Q#`Jnu;)brHc;1SWfW9*>pz#q4^&FN6w%Xn=>&BgGovy}HXhE>
z@ko9=`s&2tgd?33S>LwArdI{#&+BvEhPea0lsV|7OaQ#9_FYS%N#dmg0i$yV*%$<H
z&+0w9OY&PS9~pO2hNY_NryatDr$r}~EG@NIeshdmj_IAfNE)=9v2vN!fhH8yVwe_3
zVQcbfE06JRi_-S&%0;mkpO*cIOY{Jnq4GEeK`FcGbWSZ~GM41utbIM+U9^0O;96g4
z-e<s4S~OofV_>{IJN7^<D|*>MH}RSw$Q-a1NG{_3|Ksc31DWps`0q}mEV(MIlvI+)
zp#zn(4kCw$jX9r^Q;~BcRt^<HDaXsXh#5x2oTr@2axSOkIEQS`i`jO+x4ORH>wEw1
z`}bc~N}t2~b$UJ@uWz)eD%FBPnj?{V5j&3u&(K#2pX_>8Q|<+cEAc$KGoe!Zv4#-r
z`FM-NcL$5VY?^585l+7DS3eqY_Hi2oXoNVm&rzEhgVisXAB{vS-dR$A(;m2tq?Usa
z?j$oHc^#d682<UNb&${=<LA4K@!-fM__Oi|TR%qcxo~d~YyGBkc_zsAhvbphr(RfX
zOvGi_lHxmG0BqkC$lJExq){Hz-71Jurb>ZT`$d{1)v>m`-rw2@r0X1QThn^h%M2R<
ziY5>}w=L=p_x}=vb!;2Q;$dd2o9{=GsXlcNaGqw;p;jAk1;vcGNmY8GTAy{`a}w0X
zV=L&3!49<1;<pb6uad#j%6Jmzo2OQ~%5r%@I#{7LI{#^`?_vx28NGq^nq5M(86gjs
zYtPfn!B>+N{pfL2CvN+`o0xP_Udp}Hm-M~QY3+T=?##H5A44dZ=2Xz!xEJfS_i&?U
z`k6w}=d``FU8HK+O}}=8kV^V&LKld+AgisgE}sh;U_A*js~NiQG;{DettA&T^lINf
z@-+5Qr#H&{bn(r>u%}G?*>$;}s)S|b<A+#L^yf-6_Cx=tH)6n4q+I=P?<AD9o*dBi
zIMPV2rD{Bfb<Rm`^eG`{z7;z#zW(@Iz;P%|{!ZFcNWSL~S(Ui%w1T`){{U1Z%U>DW
zp9l+Bavz|rUpZH>U1-%=qPoZm^ls%aKjkH}KFDI9Lg6CpCL!{t#rf7vXmD}hRor;e
z{*boQ#;5b(fw(CD{n*{UL93p)K#%>K3j5%RJibATDeK%fqJ`aQdrCmTZ-99srJ~EI
z60hmYcK&=50mn4}oo$$8=eHR1G?}}wpB6>Tz`BPTfnSc3$8!uI;HA<*70V!JF1xWa
zY2GJsR;GSGWUao>MQ5`5G+Z=5J!6EuFt_$AU!-U-akGd5+|pV9aXs9^obyv%=n$VO
z;?{g?qXCkX-zV>*D+0&-aD6qlqe}3Mc%OiUKpCro;5Z$4g7+UODQG~bhgqCm-hPKV
z$6c5=Oop+X&y>!~b532vH~+dRt^FTLb|FFb@Dd2){_3^+Nw94Vc>?x;0mX}y6x%ht
zdz<l7kLJ*=S7F$z>I6*i>x;KDHNr-*C>Y_2X|$<3F^1O^^wA=?@sK$QMT^YS{oK3t
zxMYN}8yK6o=18cS#rai#Io?@br?TVeL*i+S6$pdcDw+W00pnJWAz7iMiU;afWe?;8
z2luX8+NBVC7<UExN~E$fYYz8Z7-Mb~jfHU!?OS~`+R?m`7t<(pM(T6J@!p2Y$@;Zf
zMyVm1&k`5SK$YFE>wNYB)_=r!L&QJXyC)FHH~cZdahfz3HN1if^oyJ-XuKlbg~A6O
zyCyoELRFjMZm2Q|;R-PW4ed!k9-2Hr+Kj~T=Z*!czm-CI`2YyB38m>XgL}m9_AlyR
zwHME^Lp3O}8dwy)kjjvVk$3CEplU{(<vhzAj>9i@!rQd$&C_>@C0&w8m#;_rQDS~<
z$bgRCfBR8Gs}=5`b;x<KCfGHdzE=!v)L#*D8bwSmH+Fc}BsyS{OOMqexX4HyrMaU@
z@|nt{>0&IJ!Y=gy`senKS_^KuIqR$%wXc@k)4>S5Iq&ehVh7#t4*^kOM+g`afYMu7
z>kh=#QVplBaYCmT8;O9&o{Kqrc!$!3nYy661fB@E$Rfn`<BGb2i<W3)%O2x*@VIXf
zSCUhv5ExEJF_4XUqmM-!wp}vCUAVEW4gRSwPkNscXzHrmW;b>3KbR4j+pWAl6Ii+S
zKr;dJ(hl*O-9@~a*XBJ<?>Y4M2RBkCOQToaVfLy!%RM!S_n+R#>edKEmSs%yNQrNd
zqQk5uU-h!{FCor$B(~FVD@5`d<vOG#c(qJ^?m}<%oe?Do@WXRJPZkQ}H77s}N^al(
z6SbNs;N#D5bNFa`FF=Uha4))u{gPicqkEE{t!RP2Xggt3mcAl7H+x>vh>TuPUy^sc
zd@MXvGF;Xsd#9;zlRuBKz}qfM3-iRVM&_GWP&c6xtzq=*ngBRj7n1j!vxMnbLmb%5
z3>tL=0*{o;7)L6`V>rTY5RC6aCRgpAT^3q#FS}qpByPb%d82JJR*&RL(NKODqO=IJ
zQZiSbFMqF0zqXz-HD<?pxfT$tNp#%MOwq3bd;7js+6WX@?W7fi$&Z>Mo7uRcrc2fc
zO1?%*(d-^sRIQ-O&lB5e4g_s6Njk}H=-5lBqodj{*e}(c9;tvh30iQR*7Ng3vMA^j
z|86G~Jrl$hbor8$Xs7#YAo+{Jf>=As)8BO%yHrYe=~eUb@zq$c<rYVC-p(ioKR8)T
zmGwPPqo(Tb9lRT5W`j=1!9sAJf9v%^@Az+rdN(5h;u=Hd`q_mSsno~K?Hot%_}`YE
zEZHB%jxZC-<6hPqMXItSPyHPe)mH?u!|5hTxjaLBx1wRZ`V_4)8L3OP?dxezs?1m8
z#i`o-;J<!dA+3la@*urx&#A%>;MhKwb58^u+Z|5Ew%M3#f><Te{K0Qk@Nmx1A@>m|
zzcli6Fu?-+xe`gFqu=l)7HB;or4h=0X-+dqXnm`OWN@32JAsFj;=nQ5$04r8{=x~l
z#k%fIkU1Xq9B4ySJElnKSEvSkt#al~n<PU1qF7tEsr$nZ#w=INVv&BWrS<#ek3}t>
z0)n{_3C3tf>bm`C#r=VNk+ySXt*Lx<gz^RVZzcDdW1h+ckQ)(mece=U)m5friSA@S
zN@|1VIJdTCQnJ%|tX*XB7FXq8wUY#NdocTNgP9DF>__X=*3ANIw89m~Cu8c)rSFRl
zim9X5t@+6YCPWftYmG>>rZ9I8=Z%Jlq6^dd@bS%X*@B$@WM8YzJ;PJ_MV&0xehO+#
zl&P$^=TXd7brC=Az|A_+-Jv@{hf*#w!(tr5H^wxr-QM=kEJx4LK52tVB`yMSG6bwp
z0GU7O&cljk2O~91FXMBO&>nXsyO_@ApRV5J08-)pU`DiT#>Mx^@9xY#-3O-+W>{@f
zT`$+{&F;)_Xn;p{uFZe;UiJSj9zKkw+`GJ~7?VWpDBl(@6+bauY$1I_H^XeLm?8gQ
zI)8!|7Y2=V5E)dO^FAiIJ)sPDG}#=@HE$Rvb~;Y3SzlTDlKN|1f7*yjwr%dxJUq6X
z)eiD3rfuSwIn((*!R%+6r~>n~&36|%OPp`xmm`VMzbUg*v7@qu$E4j@w!i49gHgnb
zI7_gMp*}X3==`<rK|pPV{?O*#iwyUx<4@jEdD{CHYF<2{%Xxn@DQayDt7cg5nXfR_
zt$@rGkyBiUyL>wu)Xbr~*MI|?iPmsmjk`+Xk@lS>(89+9pP60LQdILuSU0+SzuUfC
z{9}#Rjz<qgS}s!)Ow<B~H#?4O)W~Ig@&})kH?}rH&d>PV&tF!fL!`MM1tSzjCSNM8
zx+*Jnz^Sj4!JM|`gJ$2Mk+oy(47tq&uZofE*$P=dC)XlP$s!ezcbPFQXT0j>7&FUp
z=?%{P^y#FAF~`t_v}c>oA80b3+w?=6Xh-67<!J4Y^27d@?@a~u2OOEOd=)VGq@#+m
zwD*7q)Rk0CM2e)pQ7shgn+{IiRAwY6Q->SnlUb|Z^IUADQxmSDhdwV(J8co#P&qd>
z@s&<C77MakNMum)5}V?65LFiaAWOyGgvby|^0N3m6tk0zx~2is;Xys$TP0%W87&oe
zN>u(J_T0WiIxz`dyv7hb`|izU*m26HqwKPhGIpKhLCOk_$Uf2L9Nwa|_c`mY$pF>Q
zjP+SnNu(vIGbJWkHDW@HY*#XrD*3cJV++)HyzbgaY7Tjw;F6|49=vVi;G-#Kxcdp;
zxVFo%zb7HLQ(d_*^1+L$8}GN=M!#H^pk*viC=jbcRF9Z)@9Y<y+cF-A;LL`*)aHVH
zv^~J8_G3D;JCsb`1eX<REM$Kp;3;COjx?yZ$HuqIwn=$@RjQ2fPjg&z#Ju9=@$a}x
z!+1$ktEF#?H;ZiOZ(2*_zLi|~R{K^1`I^FS9ncIVYgoPKn%`k*!7rFYiS9`iAr?as
z*AH*~iz0~-l|m-GmUPzr@U8ajx5Wu!Pru-vE?50cDfMj3roZxvG&6F5i{QT~FQO)4
zic!5SBBIW!n<g%NTTHKgY@S20aIF*fElm6Slwr6=xH)6hfaFSlBR-h!ZZ+=N%P<@L
zwyA-;XLZQp?eRModJ}`?cb<IRcdpWe;dH5_^j^)Vrfyy*%{~8gKHNcZg-Nb^K*LC=
zlX%qjfZ^;_>N}>iUv=eplz!cJgZIlJMKi&xh1slF$Q(4kFDzRMhMo6UV~XGpA)+t#
z<revTjJ>$_!?Tw^civysZQjOmWy*05$Ph}Y%x{CW)J%6moyX$eaO?-_VvABO(F<x!
z%Y@JHW82j>&TSq>;`Tgv2!Ul&GN>1+W%8tC64#2Wj7dA?!Sq#Tz)b(G@L2$F{OHi_
z5k4D>f&1isUnN@i9`c?3)MT$%dZE(%YL!~n?d!sdF}uP}H|)r_*cLxjqiH)?aj-7<
zSfmGRkoYhq<ynQz{FxEem>baxy8)tL%njB3SQ}DU5nR?9=<qVX$FpM6@IWCyJ;t}K
z`^Fd+A@KIV!DpwOT2oPq%GtMYSx1{fhzN~irwwtlHV#kKj;#14txhQ~E3Nt=>ZTgQ
zhKk=>!ydOEVvAl9b+-w6IR<YqBJ(Oz;Jp;r*W(s4iyilvH9=~LgCq-D;8hsw<KW+6
zJ|5NMId>z5mM%=f`qI0zUzu8HksR~-jfS_qgTg0kSB8cCFOpOWj#KuRAnoeD2QX{a
zdX-;Cy`XMam?ky~Vi`IO=A&P=_-}+amQ{cGE?gUosO587d5Ccz!Rr_GANua=B0K;#
z#)H)HXDtHP)#2Lgg=)gB`QNcib649-9m!c7LtBG<TlPkKz`S%EwhiTHdynz_Oh>!D
z_0Tb@;q+hU>%1OEbP%TqRq=)bSc)*z^DF($X#E6a2aHr*bi@AE{Gk=U@xjZJNez^*
zRH!_W-ex59u-3(burYpCoSU0hwSh%lSUgP#8jcL5C(*6-*RB1o4btbLrCn`bmp2ur
z(QBT47WIe}iv%O-h}iq#p=ThHpFY#Cy|wY-5o-Xzv3r&{4Bq0U9zi=v(+YXjzR!I5
zE?LYL=qUE}YA8^ojSB#P37=g8WEfx8b@x!n=9I;;OR`X7(sxX*Zk(pb`jZZwtAk;+
z@67gBz<QiUBKWZ<sm;Tgf|n-`k%SfHCNy^7x$bjIA-N3*$qR>>QujTX=ksH;6FbiR
zP)1o3v`Mlhd(LzW&OO4TCV}wPUOT2AG8cMbD`;1~yA<_tAazy{TjQN6G&*WLD}oAJ
zms&;1`b6;OZYGapZzP_&o?7fR+)h{%i`qYlkupdv9#0+VbL-)eK#Hh-V$rgO3nP=w
zvN1zZ$t5<cytQA_+Y#jF2n9Q6AGyN_-FlyO_^>fy<HzU-b^pkKdxv3^@GQ0NUeKW$
z9r<^`y`WF_Wn9OHQ0bsMbBo>gETB4DRxxqgulN6?z0<eljN(I2!7UZ_^i+GasXOME
zT3mDC4#`8S({oFihTGFNe;ADvNcxp}q9mcle!Cx91a_1`trDuVWly0|keZW3liqZ3
zzjs1I!bNi4#{w9!=qgD5<`HsST}4D&kJ6Ec^z+NHGWs)RFyoUtU16+^3D?@yx^V`v
zXm+(_koAf$I|7gj^&WWe4$sO$;eNk(j4M~`eimknEYLbNcWl}-tK42<h<9s(m;oyr
z!qAb;6stELBfrRMpil;)gD2XEU0`rzim7bm^kdyv&14@gmXq6?Q3p++A;=sSxpjd{
zrd01Axy&vj&r#tcygznGg;yKSM;~cN{4#_>QE?k7jp)9}XXeZ#so)1M^=!2%9j`RE
zF6=>=AzL&)$mntZ{q)r-tj5P+wYmP=GZRYoH&n4tVc&C+$-jzjk6t}Cx6s-AeKfrA
z=HHFiZfD*T6od<TBp#p0Tn*o1yv;9vBP~>>T`bVmfNEEh@uH}^f6`oSvQVYQULTUj
zV`=gBU`Ye6_nn4;pH^!F#y9;1<kd*oyTi2MedJ1g2%KRncKIoN9?CO-dXMXimesE2
z-f1eeIJQjy+l8u4RF8}_Pt&gaQmgZpKH&P^RkU}kvibdN;8=yon3Uv7uvyJX*~8QJ
z+degzsb)xf>{i#Au45*mv<{uUQDdUm!8EGC#g`MD-_a%B^#-WRoSA40eeake;vJA>
z^0fqAY7;lPPx{PKXW+o-Es)23g;T1S?<A4K=RXjGe#j1>@m{Mx#S)x|?m;K<Z~or&
zgBs5lDA>DaJt+G8(C@LYs+;W>ue#Oq4V$}hLDv(7b-K(eGwRdQ<yl!7bLRtBit-+G
zQ6V_o9@6$UKhvyAm;e?(sGO@Us55<FH?>;7DAG<MH5fr0pA9@3gU-w(L1zQMPIgWl
zR-IFers}VC)t#)Hj23&q|7dAb{Z>}tFz$lWNR`hteh5F{+!VG^CZj_=Q?%o9kvRR%
zyy~qY_gf>M8GAn~$J~dCMQQ^n|46or0Jd7me9Vh9ab)HgYqt&S;EXZ@h1!}lvstmM
zaC|$SBChqB{?~b`NxPx^RTjt=t^rh%XLJldwu!DqP+Wz*RO)%)74~^uZbC?%IJpuq
z9&}rC?ZvsdOvK82OBnVJML)yhLI%{e7TWeQeQWgG=6Us?wCalceLtZgZu+YqN@9Z0
z3q~w~KAM4-5=!=cozgzYX;sRpl0DPeeOueSNY$jt(Fx@d=bYrh<(5DpLTK0Z%21)f
z3oVsMA8kaq6jIdQ(zATF14g_d_;7YLRo41w5UXUPx+&ZfVH=k&>)Yip8-3ATz9_ff
z$xm|LA`T)w?<PMv6AkO&^{pOO84pHK6$Qjxkjcryd7k81@OgjH{4d(QDS=h9&v*>Z
z#_}!<yFr(B61;2epNnv#AcHP@k}=;#E4{u9-S?Y~CM!aenBAg=I5+g>gw0^qx%{2I
znp+?3lLt`AD!p>GcYUj~Wy0<!Ec?^v__4N&lF?f;iUYrEv}Sp?z8q~{ArmD&M8bE0
zsfu@}I@M0tazm3nK-hRQu!dDxNQn#ZO{4Kh0S!^^xtmE5(`yTK*Oj`rLadEngRAoH
zR<ml3t4)nXzEbGPt1`DIZz3d(L`ACBANLOjBkE*)-?o`ECSPt@dXA`3>Xk-b_K<wa
zG+R;Vm-$7*@3*#SC0#wT>!@G8VG^j1(P<;S{=*F{fXJCL!#&}{R(cj*58SK)z1!6k
zzcz}lU|xxh*n_8Y8+zt`OSiUcCd*i|&Qcjz9mEYt9D6q5$F!b*tQJ^0I$hGu8J6}R
zv?|GLde#>wh?}rW_LIVI)#1WuwO-3~b_(BRra?%GWbz9p_>)sj4O;A4{SKWXJl1+D
z=k+0Wx9QRhv9x81+NiX;6W_96Sr$JTyT_vR>Wwg|a%Ak*({F+ivTqrYP^JZsZmGFI
zTwbksCY{Ha$7K4{mY^uX?k_!diY4{xgowP1M`C%Te3SwDe*U}sfxs*Ac@}3<i!aTb
zNyu$scnMnX18;r@ly<=hHWK&6!R4(DVx)WQ_>z@D$Fghnw;y3;b1J-6*V-d@EisPz
z-9?rY4${OxWx6k1kbl!>bq}ASW3LqEyae*&(^5jCPmi-?Tm!Y8xqN)!halEZ+1Kxv
zV}qfD{;>O*l9jb&QJp%^;h0~tn>S5y(cyyFr7@wnH_D`T@hjbPd#Szj(3%9l)6-)<
z6?mI1f_(#M`Q~(d{rW-MsUXxXaPBMAnd>wB&N9Uf+#<u|8Rg`v{l_8s$;-~R_iEIp
z18q_?VFC{d6W%7%L`AqGUBLIqoLkWPIpAg|fc5VjGLcU1J{6CpMJsGmrx^B9!>q!C
zS5ur@X>qFi>MPJ+GbYG${Ty3So}cEMP!{b2Dr>Z*>s1uxWpVygP?X1!V_y0@#?jj*
z-3x(w>h%E`gnZL-Me4u+`Eo%oaZA<EqA=Q{LwWW6WxW1EifoKpRwfy>Y_*fL-_Gv{
zuWR#%B)TO_^b`@yj4yfBg{@d_tLD2^tHXoW1TuuTb0s!Dn#Wn?#WI+69^-tiIMj_H
zX3S9elxJKBXgmOJYdF{skm6U9aP`g+y5pmyxmG{2<Cf3L(R8QnkSbZK`nZDi9kh^Q
z_W}wNp$j!`NTsy~);>5%eyAk?2r<ivCB)ok1GTw@mMKkJ+j>sial{-S4wm<9XKnE9
zXXVFm{R)@S^?A8*rQ}&z^p3x(5Hmh=%Mbb9Xjj?jz0UT4%te!xPS%MC@2anYCt!#q
zH&rxm%@JvnUHLY>`fDadN|1cS+sbrzZTK8(d2`B^(1vutNFXOE2uqg^SKA2qD(Q}f
zXUMfIn|p`vTKfhqEzf9e@eY!#q3~lXwdDEoOKK^9Gh(xy**%#&)ekpa3ZQ*aZ*-~-
z0EI)(5ljETf`A|vwT5zlbse<5g^ZHhf_tk%dVd07lT0ApetCw_z}lppR#l60UnRfU
zzK^fXf10=4W>OgQd?;`BkiW^SUSxrAo=mRO<T(TdzRD}98Xy%YuKdY?c}N5;8j0W%
z#7+^|g~-NG&*}Y>l9I@nL%%+0`@O>;a8_sOmU#0rQkP%t!V$hlK%@dF-{r`-Y?qUb
zvku*=c5Ahx6n)n<H3!u2OEDNnz*}@a>x<AH^SHgZ+XRdsF8Z#>E@Z4z>)R`@kQObL
zTD64oN0lZelUna=^n3#3c;{T?-)xJMLi+67rhi5JcJZ~X(6pl4+l;+4Q+FcH-N#?$
zK8nOKmGf=H{PMf*WqOu(-Nm~Sfh6)Y;1ivgJb-iZ5YA$zt#Xz77hr}Hl$PJpyFBJI
z6|B!KZIoJvj?j7fD$Fxi`!j-jm%no1&EtHfOq;hqgYr~Y{0Q60Yx*{)lJ_-NjsAoJ
zCU%U_x_mr)dFih0(sC$WKdj@`n@Sr*<gT$Tv}5<+xMYp8q2k#+L3~=xqMB9*ZWCtr
zj3jZlZl}#fNz`PmEyVJj^AHilHqf*Pl@t41DKy^7dV_OoTFvxNx3)~wSRg@tjRZ*s
z)b)63`d&FAX<c{er{?_o<mIcObdP517w19kLRu@D+Ju*@cjE-RV-r#7#j0+;(xX-T
z_ffZ^3eS+3vgC&fzxvP(D%-B^**N08W6Ku?_i!ZC82_>L;>y{re&t$&V7@)WO8h_;
z8Wy!T`OHuqs<yuc=E<2;D5TWhE<cUg;Ig>M2cXyAF4m#4G+uH$wpLSBlV7KhCU}P;
zF8LNN_MG<Dq{99?M;cP8VyH7T@*BDYw2wZ31n}g8fa2-pxF>)ri2Ygp`4Z);7i!)4
za;E_t7x6I0AX>){wE&UFzihZT?O1QAzbaQ}gkDqYV!fSv8C-_GF&zXB+m5Q{I`5Rg
zmy@+rWt0NRd~VAmKBYZCrMJH_H-1C;-j(&LNYI!^0oA!BuEYI+w4o*77@q(!XX4ow
zqns-fN%?mc+<I^}0!oO$khVr)cQG$e?YitW!37WJ7DMvCfd_wM8Ft})1ma7z97wcN
zS>dn7pvH^plK220CAGwe`_R7Tn|pk#k1<nJugc#lY_QDhaIMX3?`-7$PMYgXf2uJP
z9dk|!dHHd2M8T`b{Yps9IK49%a&yK}<A8;tv|)PTV|N4+oN1FYs8`nXM}GGV3AFJ{
zV$D2|DS1PUNAd<%*0@>HL>m>`h4<7u2wd<WQ}j~#FYzNmWxv$oOn=XzBzXF!_w=6D
z<HTDbQuTCTK4@|0<=WKvj|5nxT&T4j<=%9hwpTf_855+HG}1Z1T12q7q=iT1{s7|3
zel?1@Q9g-Pqw%<nBhK3^#=>Mb7+>d1^7m$HQ~J7(X(?krHAqQ)HP!Jv`_hfzKg|&L
z58>w(PWfC2BE1Xn$bsG4TXl~6xqhW}IchBhUpaa;iS;lWa7)wMq4O1<aZmQ>rVV4x
zAoJ=4OmJ;>;esD6MW}^nJ+zf9ZrDaF@AD(EnVg2cjQG>bt&ED76{`v(fpA=trFuqY
z9oKxzf^z9)O3#b1{fzS6Faa+A<1&1-tSkPIxznA&Ad*fNMpe8--oFMrSZO2Qyya`K
z*$7twWB%1CWT4nSz97C&f>;-i%cVd2JN&6F+-kR1>W}=!snD(oQTh)V`CtFiSzukz
zN_jVm1_g6<ObP)rwO$JCJL^VBuErgO^%)apO_BST8XmjX2ZMpjuH@$Ue7ThXhb;f1
zTm@^&w>?nfNmON|YpHqo3o@4`k8yEsA2V7_qmKJ4L|!J&fG{glI+;OJx4>(M)HcUx
zicg`DI7#Z{tu3{-0$4D`s?^V=rt^8#?U)ii31mB=v?>fdPIoim*THdxjZ=oWJuZjt
z966nyXr6J9c2n5<EMentayLDX__DC-6j6+67^hVs8!7fIWzO>RkUo&$9wYlFC@0gG
zI~n2bC($3K?`|JTP~(2k@l=ib^?0byP?!XAybU4bFQW;`e;5?}=>c(}amTvq*MrQo
zt`%sX_;7G<g^W7nbU+N$IAuAhl*d?J_TsE5e<ewKLZk+)%fxQ~Onm&%E4^u|(?K-v
zSy!XUb>PhDCyseT`#u%0l<L1@C?WZhWj3qIxsnb9MYZ-|`G=PTB$0>m>h#UUVp@+_
z;F7z%$q_veS0v^R_~I!%6A;}_Lgol~81}t+!;+lvhnubh$Q;KyQu#*vW`X>#32qvt
zbDj|)gAk)6VJhVyjgkqu(+9S!oUI*J`(RV!)_ExPWKHSu&GQfWw@B&-CJr(Vq7H9?
zVf*%OWof773)!`Gdo@X0e@RccbliquUSg5mP>LN4p}q<3EjJRN7}WT8DCv&>eNGk`
zo+pcCCaYf0o?R9R%8cR8AP&-!6{utjb_EUQW*G)P-<OwmopxPO9UtGYA6UD9(FFZ_
z$J?z&igz>BC&xJYvCx3pG?`cGEn|(4N&zjdg7dJkLABw=FrWB|2DPV=P@3;i|1Xlr
zFE@G3;3@L@Lw%yYKi99sm)T!E79u!Me5@V5K{wbnr)1r#Vie;JncqZ~?2aveY!>N8
zbnAUyXpwKwxM2Ef#WBqiugfx%eICI79U58jD9)iJcr*e(oS|CO@o3B)GZ2VURv+5w
z9vJPR=Gp$Yr=`{17vzYr=<fdeP~%n7^P2uhm-l~V_NSY^s%X@y<!<r7=k}q~V29g0
zj(bAo)@23z1??_>`K0nzZ_j$rqbhh5-7~=@%Lc*3gq8UipGg&S7Caykv-1oT8Vu|4
ze0&*AsXhn`BfWYu(wO{?(l27^X*Yi>JH~OW*2fJeg^ZdbMx57QzqDoUQbHn%q+*0f
zlaL|@)Sf4p<Ahkm*P2zi>3e@xM*3WP<eMggm3XI-cS80^i<cP6t)Kcd{GBs-QbQhf
zc@(SAF`xNEC8Ic^cOuxVV{s!htj+7XVBQMTsZU?}!)jKt70gRX0Ndn;GQN+*wH?24
zjC2|vyY}GRdg$=NLlybD<$IYcDmH}5G-w|q*efR$##H*uOdy}y(u~@*lD3!Gf23!u
zy;4-C>d^0K7&=)Mxlos-gE&5Hh_EtvK_<+x-xaWn4R5V{V*UJ+Ct$)c!ljqi!Yz32
z9BrD2XYtRe*c{s=+l7;Z4o!O2#$gc3?2uSn<#ocTBc?jXlefxU06V2@i?_X!mUpjU
zSC<4*k8(MQluGrvgMZgk`Rwre!J|`wbI-N}zC4Cn*;^(1J|=BB&xV)0IT7%}53_N>
z5J#U@M)_NUPX2OD+vP6CjUxZPt$iUpadoIMRo==lGZ?np46c<Yxd_ANz~zBPJK!0A
z`g;uMB0t*#Pm!EX>0MaP{if@4ZHroNgmw?Nb`QG#6FNYs7&3Ro2qy#6-0|r!<S2-t
zW{~^`V`@^!0?}<&yFPqzw@t_|JuSeG9ZbM$?%)?=|AmjfM}^E2{iAoDDQCInN?CqY
zT@LnHyanFt^U2QOr7nc_>4~=Yu|>E&!u=H7z{i`3W%|@PlRF4(@Hqj`H-UwcQ44nw
zMk!tQm_<eF{@W`jS(|x953i+*M#6<2@;@@irCpjxqD`1$^xVxia#qPFYfB9UbNOo4
zzh7K+H(Sbi7!?6mR9k)JbLfNNW6+Vqhr|(Y-5Wr)4lV_xTpVpglw9g1jW<Eu+r^pP
zU#pN`C_P>$rL2ePqvhDAhMgJQh{fi~I@`No(bC2t8-hRZ-8c{=iDnK1!|U~$n;u8J
zE$U@tfi&gq6{ey+<kmO^T32|!gz@6!_#Uh~XOia#pJ^}?9sI2<ePq+vqAms-klRO=
z6eA+CA#0K8HTx8-iPA|<$BtbU;5C)nyG%0A68R>&T~H0HDU++9d#gUyQRhif{!xT?
zdX3Xg*f&Y7z0eWM*y>g59a7i1q=l9)t58hsA1WCvW=!1clmq=MNdEgf);59Cl>)B?
z1(uXmYV88oK2MNm>nFY!B;O=ptS>rBc~o4{5ANd=&wJYl+4@o7BQQ(jF6ExDT&cx)
zTB{~%2Ygm4|I%=UVw`<h)AkcShR1kasE+S=v=KoFWWY2FgwV!g_?@$(wcKAnV#Wmf
zLxa*Q_$0Sdw{KM8p>r)^kjYEZ=O$zj^SKoeGYY&{<UEuI^x!`F-%e^vpBrJyiXeSD
zR+dAmM5qT#XI)`fxJ>Kd)V@Z;{A%yIk?F1wmlzi%l|DdWpah&TAKH!?>)<~*RmW1F
zXxPSEEB(4UfiK^VIxg53TAiW(F%UTjW>#k_KAUNEzkqd4XI<`p7hs;fKmD|X>?tQl
zfTK$Lc>G3<OiX3QXxeG~58+kjU;4qm9#q30cv32B^<$oHF@L#hD>#GqZh_~T0dYAw
zw`);W`Pa_fs2s^UZl{g}N6ZuI_Q?nNst$yRqF8GF&F-H5y%gC^Vpax<ZxxTP(BFNk
zi%Ip+pBn&Hr=OUi{g*4;fl%M^@Q#FBnKqwY^rF4BnrFPw`zEVFGrp1d=&#A3m*@Lw
z@N`YJ?L*j)YTG9kW#xvR3N$$!flexdR@-^%d%B>-3H$-#F_*N2g`uL+=OJw8%~=Xi
zEHwGZk?GN@$D3~vTnctgiSroa!-J>JNE$gzjrLz!ZW+1?>oG<zdrVxu=V=e2_B~PC
zuA7(q>mUwkt?auTZ3R2k9RB`}<zL<b7?TOz-cJexuj#Lr&+^tj``Ny(`_@JtWzF2Z
zlk7KIRsEt#bm>KdvS&J%%8q9dxzdvb+rX-7AI7sQy<%p#fovCKN<?a&(oCkYyLcpe
zgTe04r_&8wSNYO6Q3q8Ywc(b#!@y)s<gR^Snw0(O)xwe4BhrR5$KcSP%W&sVPz>Z?
zWK_~OO|vffr2VQJN3A+u%d1>|r7;@-GtYJjzAl8sZKVAYkwDU~gPJnauQ+*-k#}u)
z@s2(c=N9l4HO;S5+9qKLrqx1zA0*@6DydneJeWnFgq%)zlV#J3o_cBYb4hNG5mtM8
z^xnkUhHbV6yTR|HS?X%#I<eQDHiK>y0#Zz1xBK`#Q_`KGX+Q7x_ev55o|C3D6USG6
zx2#=7Vd5jko3JtIZ|PP@s+Kpz8QS_&KEaGPYQZp}msaD^`gh4Sv0R&B94em%nhMo)
zYh+^;Tq)YRwvDEu%DOYYwsEnepD$lA;HOu9V0u5RxZEd6k<lnW_gQDeW8@o5HAfgj
zzxB9s&D=60sNA_dT4c2tYP`Pae(~-|o|>C>4@^x<xgw&ORXc*K>F{~4_G36tHYjoP
zQXH<C7I;@)%Fyy5yR2rXCOPo9p8@1a>%JqtE1%592jYd;9>M&uwNSG+DL5da;joqB
zM&sX&yTdfdb2DEjhL|^6o+eg=)b0_$mN;Fx$}R43s8rcH_Q^=9hr7A!+4((zKFK`B
zdkZbP@bWD+0$L;cW)D@HBjWR%?q>u;^2u%TVfhYY&P2JPkh#h344+>@aY&1g5H4U^
z-)X#??GQzNz84Xsae4S<K|3%m%v1$j-YPBSbkR43{xTRLePZIKid^Y<>0dV%zjDpg
zGAq6nAA=1$E!<S`do2AlDE&d&j^XvQv=3jWqj}eZzKZRW#t1C=UJ~-Zs9ATx-}XzD
zA?j;0Q<>_XM>>7S!(+`mp!hhq^l{MZTC}c}^$fI$0X&dbPw1sv^3LbnhJRulV0C|w
zl5R&d)l{71PF@bYil%(^-KhCti3DwQH)g+A6>0--VN(^Nol~)%&c!HCXs&B%l;`zT
zqa4`HP#C)`R>%q+YK(Z|O{&Vh&=^|;#!ia%`rv|`AZ@2ZxOo+aWRL+Td5p(W@>(si
zl&|T7Zv=eV_Pq&JI+(RyQJqMuuxpi!wfGD=T4^5*<IXTOaXg6QXKAkW7N8H1g&gyg
z=q2tDdbsyk@9-`;vOa^R3ugQ)mOCVlz?}$Uk`1r5|B|Pk{~m`4UD^yt36SdYRx<<}
zSGr}8QB-hI70`Xva!dQzN81?-tV@rDtZeT3lj_8H3UQ0y`LM&@i;q(hV0{lo2ZQ5?
zT_<m+W!e^OPpK9~bE*Gvfdb%@5Zj1fxpLGJH)6dHel1TjJg_BBXyZ9z@sT9MARo;<
zVfMDRdk`pj7ae&$;$4Qw9!Zs62t2A$ZJ$G)1d@EQG_9wIdp^h#es|t3YWGG84z$KF
zw)oi~6?yO0WM=~A1s~S)sf-pZ-19Zm7^GgLozTATddDa8<u9OL1`;se@O>ST8*^Wz
zi&e#UfKi<^XH;jaJF|G5rhGs@tyF*B;~qCfX(3pDt-_)8G#G*c`TTut1oXZ6Y9r!T
z-lo6FoE~4O<GZ#ocr>)lT3h*3gkSDR<;oW=f~4OYp#eYi&wKF1wZP3(mPekXv;SO(
zdnQ#s#ILYYb4w|8<43@BzzTY0p14X*9LCUxs~3iQtslZDhLfG0Df!w;M(?UqDm2oY
zQR7y>kb-FvP-CO43$<>e+@K*7^!y3PR^&JE`W3s=ShKTKU~7bX<Owa6&zz>=SDVV@
zpB@G+|B86=1B3InLq#f>FBbxjyyCdk_X5ihFi89qzTvr0n634~6KY)c?C8Y)%*h}5
zy`ce5BrVH)-MPmgPpXXcWgEV%+b!KyQCM-?{T}z>$G#gsWU8I(ueAP%$HH^7mg9D=
z?{E_0#|{mqb%Pjm6M=%tfkt1WeyH)WJV_Yr7;gw0N#OIe+{^$$F;}9-^Yu`wBB3by
zc|3CtPxc=M^C~NYDzaXen@YQf*|T3q25g4P-4@A~58DF#%J&H^89R}JMTg2x_};~l
zmjd@vEY4-`^IDVg)AY3~$5itsKaolL+)d1;%B?hSl!o))5O&1SB1}(w?T-hAkV<`s
z?*foW<WB@Vg$XWQa1wfHp81dCHL0@b`fzb}plgg9USYV=2NR4?Teq&|{!~q}-8?($
z=BDtVJT|~~bj{J<jP+#0@#Bxa(IJs?T>P(&At*871d%XA4DrKO^5tb|yjMQ1E{LVv
z6sx(P6A5iYp$?TEekmN#5NImdYB}h6!uL#GW67!5F~MG6!hi{Jy_VacmHPuez1w*s
zY;EsW3*5-KEV6YugzKc5jAl_Y-G<G91JH#NjH2_IE2rL6sbG%MD!kOLO&x}ftL}}@
z+kIc{lL>~0m83<$3~4s*8x?%Fq;feVh*}H#`oML5kdW+dM@yMbIUxd1ytZy(3LLc6
zPbZA>c!r4YKBu=aS{m(ts3tEL^!IG;x5h~(2rNmVguG3XQ`+-%<M5h9>eS8yzUiG+
z?+HX+p=z(*FDkW;C#Tc5-supJNVUW$$KtKOjE_m(6FNuh{!!&UcERv33TkP|lxOM6
zxv2ZXHbeSz-(c)zQvh+L{3?&`vSYut>#bcH({}s<nCC_r8#jI$4&xPT>xb3}f35PR
zY?i-vEHon*7!rQ<=r_dnR@PYWHvQz10{*Fqdn~tBZISmKHgQ$Ab~%<yf=QUY4j%$-
zvOpWN%zLEEV=QA>U{1r^Og=SIP%=eLr{=j4Hl|y1<f7uS-t@XaF4wwGG6>ae>M045
znh)C5B$0Y&E63kV5Vgx~hA-5GY<P_YQUtLXTC2rAR}Rgu_MOc(IWP<g38DVAsX&SX
zd03@NH?ZcMPVehPLwV^53VTpi1EkvxfMWd`BXKs{#mpk<;YMB9B_o8WZ|?Oolg`?@
z;XL@e1N2X&Fq1(06+Xr20C4CT_5vh4d*ue(ntu-ccWvx<db|>=oLZl*X6AUeiuAi(
zt&j!0zgI7R+s1Jax1O<a26p0GTidJZUqtRo*ewVXl+-0OLPkTef8ENt{@2#_8sR-E
zrJ*k)=N_6{EUfFuIc27{Z`%%FA%IB1_DPuP@~yhdRrGd4fJWN$Io;FtOSYjyMY=lM
z1xfUyy*h;!`(wan->*0HvgQQKI_iRPdV|IV4lqQOX7o!W;MSK1=`}!m`hC1M%+n&4
zW5R6hWt(gMW5B<^hqC`Gu(1NmrG7W7VTh0869@b~4i4d8;^_il*XO9Fby%6pyE(rL
zI2HWty(?{t5#A&-?uD1KsGq7)QTA;kImfk0$J6ce+V0;<-dl3`i=a`;9o-6@xV_mf
zhhGjd#VX*viNm>hKMVyLvL)XZix^>Yn)opmm^&d-`tKpH-_770>`wp7jGVeCme6-#
z<tdC-Y2SnPMR6>B|1ZNn@PZrcbxV@W3pR{%_M?vpR39=?8=A#@7lDH=>u;vWbr3pg
z3aKpTsGvGjao@KOutOXHvqI%WP4Y)`lbiKz7j7s0fmUFEFBuq+A8d;c=!mWMzXy?O
zfZ_f}i7dJ;UfEt>#D%CIc%4JhX1kR?L9phKS*nGrK|2~Ybnz%zU@22<^cC@RCu3*Z
z;_O7wwn<rl{ou%m0oPq%I;g<I0oEhbxiOz?!C98Z!Hb~Jvm^P<n<;rh96SEO$|B%E
zAqR1oA^#YbH}yC)29Bh?A9X{OZIC54fZOQ)=QeW8nxLBxZuviS01}Y=1IOFb{08>t
z53KK7Um~7Lhf>7Pc9@jXmu^B_g*o<K@U6M(Y%8bH+6x&ZS#D$%7|J5LbT4N+OY&q(
zW`y%f>KQ%O?z+1LeDL9>eo1!qH-4<cauhHzxsa^assf)fH#%!7*HC<dV0Z-Fn<zlD
z07j%gtAjb-eYPu!v(QEtjHcMOX0R({q7WfOx;GSiDWLba)9|+~gCBDYt%oDWiT3^M
zCjX?l=$)$R1P$wnps3<|@pGxV2;qO6o4_^r+t$V*Tsd<|k)+i(d@EEzvMBJPi{os2
zzRLu^Lkd-v{G>M3X`*$lAqx=F0lCMm#g1~9zvm!)^9CXCc|f$)P{Dmcz!=t}O^zKe
zsc*UCaT&OI#sg*8aZ#2-{69)g(!O6ud0W!$@?08)IjN#2RH3iVrY>B;{~bclwbA2T
zeje6ozY+20K)oGU&Gxcw8zzpRC*7mjn{R#tW$MO<#GkX|Deis+Z09*%{6-^P*23@X
z$h$Rbyg7mCNCr%e4#MvZ7l8Mp3XIU)O2h+XC?!DaBk1=$@~Pihw&x$rI6Rmx_u;v8
zRYJrm$?W?tXAPr3$BGZwR0KKe$eY*<87I3CV2oB5bIy6xB`18lxYEaed52M?H$hve
zlye^w%2f)d7L3UA!!?6X*$!L|9sNIy7|zZ6&-Q0vB6ykYq9KqEuo>#bZNN!TrDyJY
zghYKQ-<t{NU2pF}1Xw6K^wtJ;(5u%%OO9|%F|JXkO(kIizw;cpIws<e;qx3p(t4XQ
zj65pV8jSdl!%N(z)kZ+V<TB3g_j-(TyvQdTmi*<0-&~6Ge$>`q(r*byB;=1BZrurP
z8#irnEZBfDl|;`Z@8m2~0qLw*RUP$HiRf!O)FrwUYWy#Izj&95k^CoMe!dAP7k@F$
zm)T627qrkxRa*;94sYXs&DG#f?lB2tJE1+5ENM_LwLkQY|8HX{fN@NOu#rLDo3a%m
zjhC$Nt3BC06ocKaj^{}Q{$B8d>4$XW_CNr>>Q+|e!{7HxS9JF&{XpQH1|qKR1Aw9-
zq8FRdAScXr8)lr*<3?f>0Wtvo{UlpfFZ8NyPwv^JZ^Z#LysuB(A5y?S@7V7p-E308
z@feU9<Bk3&ys_WVyjh$+O{c&2aKN`8{^Lq==Q*m-58j4fZr!_IVJCUkMuY9d(7nLM
z1W4{<%QScLV-J8q>PdrRx)lSx9LYM)?%~$<{UujYe(zngY2=vOC5InP8u&e0x@$4>
zBA9-Ihq4_IzWS4fN-LUveHeGWJr@L7PfrEWO5rNtPKmNnZ?FDMSo&9_idn2v9bK)P
z&v;^_vv$7C{LL9!^B<xNKq>uUW%!-`%J|7JVNOl|-ci6dVJL;sLrIJ)6p4x=-~l9E
z1;?8Z!oN}mDPAfVhOxxl;lS&S3~ZD480Trr{g*1XwH?kCpQmfjcJ;{J2<G|o(t!KW
z1$Z##O=Z1eb5ot!+y{r3Z9Xf$wfaKmJ5;LAYFB*>C;}g|`ePrRLj?bOD=MH102=C_
zHEQ22IqtD%I*!<{w+%7-B(xE&BjwgKji_5{hfVBVsu)r8Ye#9~alD0L4e_!z4!{PD
zYm)}!YdHic4ghk~lNT8(YtzWt53?WZ2?a@n_J21HZrg6GMdrFZJn|((=#9=v!6ESc
zjnXO1&@MB1@%Ytz1;sdUaW2CCL5%$ejgj&nG{(Op4Y)CU9P9cZh%_P)6!G>baM*I_
z7ykpvxR2m?tII)bIaL8z+0U0DG{{UvQ4_lZ19p=fv^G2Ye~BqS4drX>5a$a}xJl+d
z0Ep4p0W?m#SGT_#RNXFXRo1Nc-kO$xiFE-N?0=$*faUKGKsV=~_(90Vybabtv|3rZ
zSymAP-$~~pMwr*$_yb(Gyk^+|Ke&24H$XsW2+h~xpz8thl=Gwms+F!F`=JJwJph*l
zVWan)&0YX-;IK>J^|3wky;8aI*e@Xx!y?0#KWbxw>0o(<A`wId<@<GgZ+$IYo;x#q
zq$@Q_V}XVzrrPlz2Q!Dz_JG5{s7$Y6wUG}0S#<<Xm7sUOx2duA7Qh6im=Q}H{)PU0
zoo9J4gV+&xMIj}GzJs$%LzQN~32a6!oTr+|KNPdOGAcPDS2%KZ{Ld-D_9QF+-aZ0g
zFG6(odJ=Z<?gr~glD2{KzvTlw?rzf8lf@xE@EIQtc|@0Tzt`$&M}R$1hE{jb8hZ|5
z@GqY+$4|_LUKHell`t6gxq`67oC7Sk+j+@1iv4F^_kK>hxb};x8iJ-jh-#fjyR$KQ
z==8JMBK_4x4!vBzQ>pk}#_J$z3%rm7CkOyz^j_kCW^cCG&5jJ8$UR%yTM|qMq;;eF
zB8q=%6GsYF3IEZ0?TGot<u94_{|CMc;K2SE{McNV1%Losz>E9~YsWsTFOfF6*$j5B
z2Som<pvgi$kVA*j_i}(F?vm^@*PhK90jKywzq)<kur3-}1;#-h3JBF4p8gUWx^q3Q
z=DJ4D1xYS|{n*Y%jDSO-C5Hnz%4M;30!1_6@azVo+$O+I-f)WD0oXfWTbJ(EFlWWv
z2+Y2l#cg+!zO^0RYjB|p&@SFwM?LjgtEB#P2pB<;lqw7aEUNxWU}N3(ao|+&KU6l*
zqy$W`Yd)tC!@t+@WUzhRAv}nzZQ#^MGvQ-;7cm{{Dya-%rX2@P*i_MVaX<8)z-wU6
z<M{KIo=EXy*(k6-_#=zGzbOp58CMeTm*unJBY@oos0;DOp#LpO4C454Csun%_`Vlx
z`VL5J0e@)M;eRg4AcNF<z<lXplx=~eyGPW2@Lrmmn(VcJ046xjFrgUZSl`*nCs;oE
zi2X6(lYC%q@8A2AWo0yAeVc<HamRss_<zZh%Dp_&w-i?Kd&X?{Op~ZculGoM%voF#
z10)~Ly5GIo?zOwYKp*-4PdrL$lUoC^^xCTvxgdtZWAE^s((TU7(&^nHEoa_l?n&6-
zz$3p%%%f|GE!MI_`Q}tUz`LEcW3LtlSNq@V|2UOL&b8EyhS{PSiD1{d;nEsP8I%;o
zVY}%%y97p|KL?Q5&>nW~yZX}gpL&E#0PNL{$0Y0I6n0u%n0-}4_ck-NH>~<QicO87
zD%GwOCx0{>BxnaW2-yDNBK?8Hy!t;edj?=%>7U(I2!5Pg`H2jw`SM7-E0oe~&`Qzw
zmtOy5Dx|{tUi71u8$8F#nzw&2RbMF`u9H>K^M8<^%SOALWn;nsn<N_WCp9@&^*04_
zf17nvDiyL>i>w-r%rH&AV8wo2{)q(3pFt#$J^RPCo=%Tu71!$g#>KFS8HWpbI4_qk
zfw6;RM3a6!K0*ujsQpp91r^;=&wiH@e7cp8?*vBK?n37rHbpPYP~ht)uDF~$b+MVv
zJ%o<c{1y6Hw#SFrBJpeaM24JR7>L&fY&_zP*BC*gh<%VbAk||d6xLEZDY%;E6gdy#
zh^6rcm{<ycHJlQ+tdWboPeO$k$5&(OMv%+N5cf$#%sB@?X@<>s{5_>F341nFmnZ|e
zewg^-#jj77TvyCDI$)#Cw=%UemU^E4=3o6;ziE_om&2>v4a*O%@wZ%=95HII><rO+
zPU$;Jqa_)fd()&P&fYVfcwgfuFg+7;?*07*eIwwre?U;**8J&O(15ot;<4IT>CGV2
z8((6-aR5K__8_h!+2=CuUh@S8E1TTSsNU+@HRt<sB0BoLOv#ma*#1IEMH@YTF($R&
zc_0iANHj2<-4zah(MVOdCAR0tH#>8ON_T0Qo%oCwx2J=id8nGxBB{e_$l{J2I~`XZ
zR;qccUQ?i0+U%qSMncOivOAY0R*zg6+22Hu@D(|3;m3KIa*}~+(q-l{T~{i#gbJi~
z8h?;N>{phH`D%GTOTIUeU--}mx7{}r?_*SmRmkPvY4Z56`0J`@x^DZ{`Chua!$OyM
z(T*s80aqg5Vb8a#%Z7E}ga(AO%`ctkfvr1g#5rV}%*~sl>|Kg4K%TC;cY`%?gMMJL
zpt!1o!Db|Uju4r+{V_<|s8WPlw>V<6K4QLJII^94g!`fFX9n1QhoXpfFsROy$B7E)
zu{nvLC(qTyPSb|*q=pA+E);Nrt4GsY8Ulq5X(sq~DIwd<=erDj$QaLM>m$$S4}}Qp
zGv!*|ad;je)B6qPNdA`5#g7|*lUP=0o|R*c3kDUE?~S}RT|FC~zN3i-11)T{ps{o3
z$o?QX@1olN!lp2c4$w5Sm;QPBxqN_}2EVwO=i&i`&^fhIzUfwKEERz3$b$P6`{JxF
z(zpL+cfiXH<0^KrQ91w~0OmHmtI0)cwXEr56BWh7M`l+8#S@~iXSKtmL8dM6_IACb
zP}(W=@g|-08X>s@Jwn{r#200(mNy@dUIDi9#|4s7HV!4YsWUl67ih9)36er3z;PsZ
zr$&Kj1wV7rLW6^tdUd&88#tK~8AbR@oa5j04}(}@$4=z2i~W4Fr>xgf4HQeWhV@-N
zE(1`;S&B)|Sl05mUlOb2!B<EKAbqjewUxgh%=4CBWc>bSW_8;T-_}T;-`UUXPiD{d
zWQtPRUG=E5GgTbm4hM?|AcM11-eD8nhoV3c6p81AXueH9(sm#ekF84V<ND%X9{mq!
z?SAb#9~(Bdn}hv)O&>r{cF{a2M4+k!oLXR_e%%~R-%HA~iTWkuJ1;>5P+NALRYgbr
zV9^w4$VVu(LYqn3dpTMk1D|=28dK>|$|3NOfsh|fce#7e$e%yXV8!4lk{tq!_5$hO
zLEvQ$X@~CuksB~<(>5N3Np6QCa?WxI=Bg&2*a~rxw1XO-_pSaedn=_$01IlcrvQos
zs_Iaqx7xY@cz3Q44#Q4VbgJ+*fdo51UjawAVz4$OWZ;nh=BWT^(K4JHv1TdaALAEh
z=xoZWgt$AF8nNM4$J|-O`{kHFxYm~c?LvauddLve5^N#u?o)=x&`C>+Y2_oElOu1?
z{;b;W0TGwG<xhR<0%<~T20w909V{90^qFsx4L*6b4g1KauR1b#GQIi$cyc6b0C!I$
zdWRJ9R>g6U7=U)yi7SHF!X)q&m+nvB8YS8Gp{E+Tr10kYBV5wfG-;XR(B0q}w653Q
zTXLH)Fc)5HTQ7-rC_y0@jJ_h?WIy*L4Zw1G)b{F8qg)2AH{aC2UUzOO!n@8;5Ekm8
zR#L%U?BQwUQNJ)je+oS4Wy|({1Cadjpu$K{jlS`83o~No%+y*KXki;ep`K~qEr(3(
z(_6F4^N8P#mq*5szX4i~Y`W8El@u~S^-T&F<>~FS)Mk3okRI6bXi>|J4esT1Jv}dR
z)4+CNkOqQ`droa>h#P>*dRW8Wl>P%$z60@_3hK-EySIvc0MROlorXWBd%*aw{O4@q
zWO{5ysV^Jt>jfI3AlLYm3~0TTz*w)i{UA*|yx-@}jQB<PDL?xmK99fzb}I(@`{4pT
z^sf}vnr`>I<`#)L5Sd%!V9QH%c>s5{xevK*LQ(2lHL$qmev^T}2kS-+0Btv^tsbC!
zf3optCvT`bCky5r7+$=!6nI!LuVc<O33%i9(s^{c;oq`dxEdwF(<vAPnk;wmb=P3n
zQk}tR08A@7IA1vEwID{Ncrbd<@7Q$^Km&2wXHB3?bt9P3o}j2LOQnm_P?9BMa-(2n
zk=Ojg{H4*fX0<V4T%bshpR_<;l)J^RBk1VE8wa)+Wn8Fr?xZix9qy-w$3?j#e{HS%
z5Y*k5x-t+c5{Q2pq#t5EzO8KW%kr!AI@3Tb%RXO-bcXt|*ZM?V(_)~AC8Ob~_1!E|
z_mBRy`w_jqe#$t{kPV@!?qFiw_lg?wRrf%LAizql>&WA*?*xq7LU<h9J5PJlp{@CI
zTDiA*6&Yv!h2+@8R0H%vE_@v^*LZH_-j$O`Kx+<XrQKorAQE#dF|;;I%yS;SoAqOZ
z%;C=Q?@ZhJrTO}=(9i(wk1r;JMzG~mprYF_a~9Bvkck;_W?uUXD2Q*}Z7Ja~_J9t3
zKi|O@bKuA6KJGoLSET&GAv7cTVV4oHz^u^vT_^BH8P_X187vVyGp>}9_XmEa>UzxX
zLb?&!9?zyoq{gDvWRQqNm*MyKa7+1d8$JsDDt+R+kp%&-pQK-{Y7RQL;z;m1y$_9M
zpibH>x_YhzmFj2jklJIaYq?6YA-yaR(VbyV_c>Sb-2ms*lFE1^<QR-!ri~87Jg2H7
zt&t)}Wll_og?-Dbx$CpU_(<Ja3pD4{o0cCG7fFdj34pe;LXK8YaQa?k`HMU`z4~@3
z0VeQ#DX1&Iv*?|gNrepQqMXyk4=dJo(x)tjG$8iUQadMo)1+leJkkE&<LJ*_SDktN
zV@uyxeBc0;*<j?~$g_yofcc|V2#;0c>qupY&!ZPrgd6PTO5cp%EUwnCUR!>>tjg!l
zw?HQd%aKGLP)Gad<mNZ}A5#1*b2^<XH%yNT_7!Y^RVB6itnDXSfkU?_%D}qcgN2Xl
zEE=BkkT+?@v)k69tZce7z3xy4<3`Vr>gTk<kF?+<`mPS8E|gGsWLulp)}>^bQ}jUA
z@k{lqmW<s_VnJLB0Y}HErzYKjDxIFU+xx-n?ukpX;h$-Mh6KiOr^=T<2llgq>EY`~
zMuFIz^?mHpnI+kjWfjVtQdbZ0Q9R=n>e=<?BuVi+H2TW_!`YjFL%F~I;~^=EHbg}m
z%37k5EotAZW6545DQgm9L{bz<lCqU-Lzc?ElU)=c8HVg+?8X=~^S_^GsLp5k{=VP;
zb)D-vPMq*8@B6-A_iMSbb^ay&Ao<awep(w{N3J4UN;xiYnz_w4aQ<4eJb6lGU|!%|
z8qy?xKaY^h&$U@XYEF#TdY%M<Bla(OrZ$7*y~ay6N6V>lGC(D5f42a)yL{wA7zRgN
zD4o4D@KWy9L!6zmFPMORBk6rRu(D;d@{qOiRAuj&m3sQzTy>guN6vwHSw#QE^ZuC8
zH_7jN3Td+^)iUYfE}tbZUt3#z5_X^OXlToEjhwNUR1+%na%%q>^Nk=x{&1P{0Xqra
zqO)p+k`)11lG<~eWBEXWa^8(0tCISL@&@&(A1S*r62h5ZS;ZpuUk5Ll^wwXTyhOR_
z1>V_gr)h({eAHImQ<^(Sqa@d*J)lp}oliijm{p9B8F-(zCEm2}r#4S=;r2l0G<F@W
zaFCH4oNmp&MLd~*cBbxYgGZ)?^`yA2OtRNfOzb&}MhT1%ceVky!wmv`RBkSij(59~
zw;z>xjVWgK7VxY3#W2;b(x0ruu&=5Nje35o*iT+Hb>PFbl4NF`>m`TNWZuiG1$??;
z`_Aj9O7-y%^1T@AoZ>GpE+zIInV)(n2<(p&QJ-8cDcxaBT5X{irP)m<R+OmNl>DgG
zN*g{7l$44Rxu$xKvMAe65|YVYA-vz%bGlkmUjcFTefFE-N5`sv?A1(DqI{L6TJvj1
zXXeP0?VaKEJjjWW1V}>IFo!9r<oxN~o-Lbn7LFdzu{A^9oZF8m+iUE{m{}x5H+@Vn
z4KMdG)N6_^e{XEMX&{#35PzVca=rY)XGQgIyc*U)9;2m>Vm$WzPE5%ee``Xe)!@%>
zhsJ<9>MbR_<z`?(*YloO+0^9}C+pYLES?RL4l3P04Gcet@9lcyr4m2^sIr1$*g<eR
z0SEy<q5m;INeJKIVgJss9@*i55BH`9vyy8$YOG1|+M3^aSJU27ZTGP25WbB07v3l(
zcPi>?23+T8@g~ktF7(6(hBP>fMKxnvb=;qFTqSh*$dU=UyoIJGRO=~7Ap}z<q;5i(
zIkM?EK361PPkmbD_PWSb>H$KS>nO>ZuazTgO}qn|&Ki=A`^51BavzHdo)z`KDV5Xu
zP<zC#9#C`eR^NoI3em#5uag(A`zhPjEL;TmIMoZ54d-~0A8vW}Vyvg%wKGv-|6@sG
zOua~bWF+2HWy(44E}Mk{X)2#!F*MpAVotNia*q4-!M@!wh%_kGtMK6!K;@AifkmqS
z*gi;91t67sT(}*-B5<8vA-B>b#aqgUXJdU=l+4-%hRK4p*!y{b&)%c{?V@4hhWvZ<
zK=W~2RNqB+*xNU$H7!u)mIwI^xIAcl1P0Fx-Ku?|<>6KwN4uLcuv|m83{h$GZVfh8
zAXfxQfF;eGH}Q>W#;v@=mnlUQHrG&`xSspvDc+Knwi_&lanceCP;xalzPHd!0&mB-
z>$za3T+!*+9#uF{_2D_uexP7%0J07lu6;~GqMtS<Sab;7AxP@+=CX?6BhGjWY9F^u
zibPywT(WR?High$wl-k7Ms=JxT3TC@+dq!UI(FJR53mSMM8$u#UvP{X_L`|63;tjo
zxt!EzEi>IZM@i<g^2IIiM^uPY9@R7pw>Idf|D3YT3JWdUkujYql++v0Qh2s`B;goh
z9SC6b&a;@K#8Z#KZV=rPs9Q+xGu*fEL6PmIt9z>4R!Ld3_O{*wX)K#o4fK%<{>j@K
z&F$K!!TwKEJ1uhm*w4MDTek%;f8kj6L3PG+U3II;{4|*K(RIuc-rw5(nH<cn{@JTO
zP^jV6+b_qmj!b>&d%8+@`U?&;z3jZa{2S7q%4nF0@jWUvpc$Qec;-{ciEc@Zqx_TA
zT8SJwZdvQsnB;8C%6@W^DO**_oOt1vp+$n}s7#+1d|NzSeWqZ&^5D#Xvjpcw=Rh%a
z%JMA9oX-mveDYfd?lBGHA8z#~aye(IhAf92JBsoi1C%kT2>W^a@iCoe6n?_b9X^z&
zM(No{ctHjpZF{zs$}$EP8yRWQK%<JpnL7CvW=C)F&HGr5?K?DjYK^m{yubgaHy7Pg
zK3rCn+VX5_xx~jYkK}k-M*flFyo0$4yLfi|yyWF$r+AddpMzOad{eI+c!=$;6vI>H
z09I<f_cZ?6>KkFOl9-eO{CzRPV9UTeFN~nuYh&kyK(P>bStgb3_et<QBYVBfOXC#O
z9yB}@Y-!!(mD|2SapxFQ!6~A~Tldhur<g+zb7bsatB{HLTz5b`{Q^WQGKbG&9J42>
zIuns!IBa_6<$~o|ot1y=RHQRlHHc|2ntfmwHK)`-U7atlQb%2$d-iqh&T5EBJ4x%D
zbYDSEnS3^%;k0W7xl;><ZnmpgID@p|hB4!fISCc=Glm4Yk?g{$ksz}14kKr<cs_~v
z4YQK=U8%SH?&h-5vwn8o(lf%!ygy6&Nn6CV0%h&~AZOfZQeUoT|4kWEQ@QywO2<)*
zv1!+ineaWc$JyrPzGPcFj?~N0_|)wP0<TVnK7PC7+Q`Q%Uyo*hgUKqy@Z}<FqU7<C
z`sS^*QeWgT&I@8gtnMib)OuORG6R~kLhBx|cM<sN6;f00^KM$Qd8^n{52B&sL5&ni
z(GTojw$g{d?}gjpWTHpJtr$sI0vdVNOR#4u+TAm{Dwzis-SWn2h0eVJ-$olE1%J&s
zOHr-K?$c3PsiU_g$OFkgzikKZ`vL508vR)XPjarOY#t^{Lg6r(?sK*&hfR-lq+ZH+
zO=i6|J!R6d`8#d8ye7S7H|C*vIzLZxuz@gpiw0^yZC<yV@>L+lL*6lvSfG?F8H@X5
zkoMA1yTdDlz3wIb1>FYch#~7>wd3Xy*33gIsdw`g`CF!4=0>GR+1KYOpt+2wkfc0n
zzySDIWBa+*EXcJ#p_kYks*6o`i4wbl{Unch*Pw<;1G`=oAJO23SW!oNvWVM)%R;={
zG<hoCt&V6{uut*uGm6^<Q6tUEx5c)kfB~`%nBS2@G0I<tR?%-(;Mlb+KcDY>F3!e_
z1J}ZYz2(Q(vT{<Nte<&_j|FPI%ZTG8UE>|*)yHKEB!MDk?#sbZDlYjHzA!<(yyTSB
znNRgX#(LSGxRVvKwSg<zmchH~Vx0O<dcz&rSH|(4KJ_{oJR9z3gL&Y4bqj6J^-TV@
zGx78bH@5)Kzc7EkFS>g4bEzFj3q<QL;`Q&9af4Z6jF+}BlUVPGdBTdDBU4%2eI6(L
zIgZK+3@CjvLMBL7GoB4A`*PgcMFKyKMy(=Q1oh4b@bD5P>~o)Ja<GeryvR2C!4p7o
z{km`19Aw6Q3O(YIw@Xw~1Qoi{#@!6^4t{y#m7Xtho#d|PzlwM1?QN#EZ4KyjyVO1;
zd*bZ~!&nxaIe|lC`y?+AuOiT>>ZV>&Gv)Eo6r&{XKazF|Q{`f0qM%MQ@VENleL7dr
z_|(}f)8;~Xj+@<X=CrYv(p=VOD@+XS23!k^w{hs)RQWstsQAtXcQBXhbE%*OQ^16H
z!ydhNjzU(g#*OlYePK_OHw-%I?;c8Jss9#Ws2=@v6`50Vch%0ly+M2LsFb*JJ&@n9
zlF%W?)9A#D5D_B$!Nq$EEHR$-@a3s(#B-^HneZfEt#ZKB&rFtj<-gcF@;N6c22@m=
zO5N&@+$QqM-49s4cd8J7L`Cj|v3VD1naMfYcrDiqy|Hzn`ay6h*_iGzclx{APs(s1
z|ErTB#_`T+7bNNn^fJI9T2hB^BpI{UJm(DSp0R7q<$DC#(x%hWiep+WN?v}a{%BOv
zZQgS(OG?-JD%g2tXodK-vcB^gt*t-nVUnYT0jmS@Y-PeJC-#=n+Hb9`mCIz(*$q1*
z;88QWS#Q1JdGd1ZcikjCSt<QUzpV)^Bb@emYA*Ns65~yU@Q#?Wb~?EQ8*kb{t1BO#
zTF*Khz!i-39i<Panj~dklD&w#f9^D3c(CbG;A^Vo{C@do^-j{D6Gar|fcrr;bezG{
z??p>vega<zoD4cjopTJ2vnJsaYpS*;5y!zYNYJEtuAjBK6<Fedso?Ky(L{)vz2wSj
z9sH`_-MpX$I1dYHqS|Slg<UgJb!ST!LUrBaYcX0cZ-vo^L;F>;O^?GK0mj`|sGm8*
z&l!-N=GaO?VcX>k;A*FUf0F_LU=39<{$l}_5Om=?*u#HS$nLA|wb5X2KTo`oqzWd9
ziq4(oX4y~WbvjhcJfoP`aOiL+_g=sdqK}Vt?+o-I_@?TKsGC*q(fRswhvBJhbw5jU
zHE#qkM?=ecXyiyN4{zaCH=>PDXTkPVbH|`hZ!-+kw%d|Jv+hM|MdmlYEBl@nHDo6Q
z%t=*jr@ONM7A8AmG8v}f?1t^**7qt|0JToo*0)9<c1ZczE#I1+RKlAW3;46M#`bD^
z`@4QE$EvSUBF~rnu<!TLNq<`_baP$FGn{=EZG==+6&zFF^hWjeSnk+nsZ<xat9NuA
z-84$Hy~~fs<|!u`RYz*oR{WC3WsCyk)8}}YCdNp+LcHtM^wVZ<=x?`V|3FVL&2XOj
z{5U&xdqcU~HqEq`E?Sfnp0+Q}X<u5DrCdM4jISt|blmAsD_HJ;^zG)8oi1^i4)R<G
zf(YA=1GKSzM=X9q>YjpS=fOdDr%!2uD%ipAJ7<-HIoJmkiwjRm@+Y<S8jfAr<}$JE
z>0P{B)Sfyj!5<&9YD(#K|8#4xN6yatD$~h=@DX?D>h-KWMJN}il%rx_UIP`kq&7KV
zD^0GrNRYbleQ#w`0EWi5YzlI<6b}SSQg?z=zHmlGtkvPS8n`n**>yl+lXPfiwfni^
zvdZNSmAeAB+Ri-YN!H$>Bpkr}M6ij~dc?GHv-2*G)DxF<#X@3N<cNjXQbJk9+^HwA
zDYY1*G(VB~_*|;8xGAuF2@m9jx22dimy3^`VPzf3jEx_bZtn28wnjUx(V8o<^<2<3
z-ei_vJ21=~+DjPbn|$G{RxU9K#Odt2^K8k<F~!-errBSems!D91WjDQ-4n+M@qt$P
zecp4AE(yKV$f*lGuVT33&%jQB3HZ-(phenqF7ed)BvXuucg;89)^^sBbaw&TCgLgh
zIq;#nDWR;QfIdRV3uIgk!i&J5g5fkna?DHP-DV2SN0l6Bi`o#H7fq?pg5w&e8Z}K+
z|E=b!LmrJ*L7qYl7n@m=*fl3Ju`+|!CE&|)?v0o1#PpQ5>X@h|#|=W8tD(46-O-Ds
zul;CBuIV>QpZi=?-}^D!u8ceM^gZ$OPUGuYwZK_{TT;@r<RX*5Kd`}>pF43TU9=O#
zH<+X}eovqo;o-0Rp|<lb?tIo$)4tGt-_%VXOrnCN%`JG-9vrJWqpqAFn@}F-=Rokc
zi%P(iA2+|-EiP$pR$~Fb-Q$5YQ`S7$Z0$>T@;)Mp+xd~#UYJ9Hc+%r<9IG>KpSpaP
z36PqeJL2F%db>!hBX!@@6V+?ytPbW>JUC$b*N_L}Sgrex?p$$j4dLb=YjZagJx(P>
zfNF99XvGR+lXebF(v<UkaUd0>0-Wx;uCt&@{QaoIH#e2L>XEhW(Jrsgvx+qoOv?gB
z>bUPSsjIZjw(g-5x{5^r&V8K&{Y5vG73t2T9A)AhZ<y21`}JA{emi+vZV!@{O)B<#
zF}rf5O%0}OIml8SzM=YvLy9xJ2i<c@eF6_<<6m{)CI`Im+CjHUaE8tt7_y^RRQwa<
z1#qqueJnOWHEJ06c>mDV;@92y3u8?6(=C+OU4^ol0aniC{pq9L@3by<PkuXjKla+n
zj!7xdl7e^pzGV*a*I=?)=m$75$Nw3dd%+wiuwx3rd;kLu5JXdMOPoW=wOcWzULks(
z4Q8>-GVxwc_uV~kcXo3x-<X`<C%Ojsi(A(ITBz4e6Bc9^*rR85*KhYE3;1EV6xiRS
zoJS}RvI7FM{_d6GdFH7p-bz&fN5WS94CeHGa1?tDBV%e5-S{>|nLD{_h;D|e0mt;l
z`v<1?@ee%4(l)q0P77E${!0gh@CBFpp-C3yP8MtRh<}y$3@Hvuhpj&~(K7;8W?$=P
zm(=SUAi0dcbCLtu#+_}LEsG&|7NWs6iSq-eqom!8_bn8;am_W!Q|b=?0{JsSRH<oK
z#8~h4mEeA%uzhiXDB@qMZ~HlLxp<Ok1Vv;k?yzzs-W_MM|E{RRF;8}#$<tpRdS%3N
zVk|#j5IB|!7qnYc$y7Gu*0p;=PxZ}D_3rTE<=K*X)&BE6|7+e(1_l7>v;}?JuaTBJ
z@Mz*j6wvwEFW#)s%zm*VFJx`Yn|6h_e)b$K27;$Le-NzRgX*MfCo?=t&*BTcWRI~X
z8t}@WT!Giv2zh!NQ(#Y!s}fD?bn^YEZ=^vq*fd~760@;a*`2knf_xJn3c7;Y&7dk|
zP0FD*f$};cQN&#&*$ZQG?9{Ku=l-h-J&)*}T>j{g+)o9<dQsk%$?$yzgDX0H&C|2D
zCA0c)Om5lEyFs#M0(Y~hCBN)Kf~*zY*LqE`|Mfmc;BYKv`~ZhzBN5d2t?oXl+LK#Z
zpLjt3@y<D5s%yRE(;Z_>_WQPLq>1`AyDgJ=-(z$4R$%EiQlDzlp!Fa~dO_1)iIuAy
zAz8Nm6m^2=Ih6JMh@wANl-EGDcNSS&Xb>&&Y|4fh)VI#$$drk?9lK6nUftn^mo)w8
zJBYBJYta8nnEAF!D&#J1BE;i&Mj)7py-Tg~n!*?2f|?da=XMr{H^|-Z|E8<#qPQTd
zoV>;*uwKW>thFy<WgvF^9?kL2x-iED1G<~M-qcLxeCuqwNzI5CrTe>dCbi&I<*k*O
z=fp~n<97LKV%AIOje=|I;0K-0d^pg%_h(`scD^3&65vZ4y<3(n?MQLt6}}bgYD3Pl
z`8u$^d1G=*<=}!g={07ECwcYgp%9<peko|fq|SN-zKB_NG`vv;9H9vFQi9qReodpP
z!ft-!nOGlC2!|x5ncjH)aAR`Xkr|C%wr7d!Y7AEN&Qzq25)OdJMS|kkxZ}0eMRPd?
zHd|+ik`kD(qJ|P7(W4uaV8izPH9I1YS+8ZHN0oJdw1PKzAi$m0^R7K}B$ZD$?u`NM
zGKWr@K}PkAqwZTw8klUw8u7e)&h_E2<+uHGCx2c3Ab=Qwc7zcE+7WO7q}`0%8wO-o
zINu3aKs5O7$+OhaPMl)4#jt0rT_8*JQ_OvF^4|55dOK4SO@$h?V~g!esfKC7ywwj|
z)xI(%-F{La7814mv-oYd^v?8SKG%L8@;p}TXLR*J`8`9s!6&g^8!wt>Gl6X-&WH7@
zg_XnhquwdzWo!o$%6(Q}l*u-oQOrKZb57<b4{w?&M&*p;M=SN$qROGR6lG`4%5gXQ
zFj43DH!#&TcLq*#sy3Gt1fN_n=ruFT!_Aw9e^QQ5DIFTmOx1o%=|qA5_0B5WPdmfA
zQrZ2}Ypp-Wr2EW4>-Bw4!T%<LzcAu-w|?*?dzF}`bA2(BAW6mL11!<ZtST9qV;a&q
zl6vr{L~+D^;l321$w+~^9wj~_DdBq*4uauEnXwk>J6yjq{rwH`QEuP)GK6p4j-7Q6
zL-w;sR$SO>JZOA+3&-vXIoQO%22+ci>8J$`_;;?8rI+0N@p&~>0?i5^ztfE9k#E_n
z7+r8cX#GWVO1*Z7JjQAq4=T-aIk&Glg+Y-6eLk`-p<V`QN5@w6B3Udk3Ju=@uRKcL
zI-oS67(uZ}e<n&gCiO<Bb3?c@Pk!vA_E<}<Iyg=0^L_!}`+~T3nj-H;cuQpm9K-I_
zYdZyIe*qQlVa2y=u0#XIxW1FOpVs@mqk~J)`2jxUNTFD-4aVVReyH=vmnU2UyLfP<
zleZVvRZ(Pmb8umGRQM*elYK9UqLqhWWpRtv!nUFO2QF1-h;%Qq)rqEI!;24mbpG<;
zI)V(*({v=c-|89AM$T(>Kf|rpOUuo}9DL=d9pS5GKT&ghxL%EibvjLS{zJF@vOz<r
zM9r~@a=Nk+zB)dZxD&=|3U_LLJbrni<ctrFCd>PFa)@?Qc;x5K;MjQn_9$vFCV^=9
zL66#T*39Y*jK!1ZnvazX<NJ%IWhk>AT4^@)0UxuW&Ce6LFQ)O3RfI&}>V1gKKYzqH
zn1JRP@CZ0ryz34vDj0aI)#)XK<3J-j=f9MTvOv1zGaQms8~>|*a0A_)RgC+EO^Il&
zwoIuP_p`)KuNl8E!E^2!zl3AGW*kKIVk~f3rcPk`wja|sQV6#kXb6c=_zojNQg=WH
zt6u{t!CkdM>e}POZuVt9%7@BP-u>t*3f6ceat8ng2rXfF;n?t$x>d9^_Zs#shHuvs
zwZ2&0J;Eg}=cePpn<Rg`QWM{H=}t3$3F}6-<ZMmM4saIzq8oqy%TxcAgy`t<?PrON
z<BzjpEV)UkxSo5%#AlCw+?#a<X?{nL>BHNv^$dqz-Hcxfq>#msu)9JiPSQ7(-+``1
zQgl~HcJ>qSUS7%D#GW%azQ)+_SpB#CYNa7_x2*Db*WtJGwi8*G%YAnOCF#jacQul!
z4e>~u1_QBZ8+D!|pztm69%qs@!QfGW$YRWu1H@dpGb=LjlcNF}x`TLaN)Gq;+I42Z
zy3o=~!JvKXLyqg$B6X|sc&|PQX6tm^Bp%u;sVGzGzq-cFB~RJ?F`NWbin%ZPjZX!8
zE3vsYY-?Qygtx_X#kM&$A~tZq<MEzg(~@ibcPa|TxA{t{oi7>QJn7|dvCvW@EiU42
z9V=_SqE8N;GNN>h4CP3+bwlmFqWsIUHYu%qWm~Yl{Q?4aw)62MTh&qL-ClTw^xr;M
zJ0*!BE3oo^aBht;0ap1-5Hjs0MrR#-EWbNFxXB<H!jjeFgik+90B>0CJdK?vSrb}&
zC0nYZC!evm99%fLYOqmTfTe5mbjF|pCQXZb4SAaWh`lAOJ^*7mK5!k|@AZOCFfrFo
zJ8=f{VJC(KhIBQ5Y3|3`tRvreN&>jRyTX5=n3+3hH%3*Mm+h6v$2C<W=X*GRT}DG`
zy90^I`+Hx4PSd0F6{6EbB?V>xuGc|ESJJQj+V8x;0(o$V4tx+BgYndiX?uaKmCB?<
zg&oCE9rj}q4P&Kc9o*<(qW(gs<OiucP$TG?;>Y1eKC#?7tb~GXNCiGr=Ur&(j0>>S
z!{F@&^%f(rFfm$F_B7d2)+W#0$a|tl%=R!n`!d6IP>^8rst{AP0g{1h@9oLikKtrr
zdnZnGXW*)6dt$h9+sWk*yfVJasbZwo)`9%;Mzq7YjS!*j^m}cGAhnV;&em(MXsiLg
z4W>j?^?8N<sV~tDL0KbHHbNDOjt;Y%9m|qhWb*wvj^n@v=SWC*i_olBxDpNTH!z)A
zz&i3|n!RO8Br?<t2o!c_4w|mwpOxg~zi{~G#cQN?$Xq=(C$QZgd1Qkseje?d{S{F4
zmG|BxULy8tCC+fK8;4GT*27M=8f(?w5`{QGL437Nj}47fPwn~|u!i3u>)Ha#ou>d|
z4Y@7<_+)&0cwn?b!wsk}p<>lkDi3wMfBrJpckOm30uq{gq;mtzB8w?BDU`2}b1{<L
zkge2&kNO%`Ivx1{>OkkbxUZ6JL$)OEH<_E=GHZF0j~y=D5ai|b!nNT=4k(vITiscc
z<i{+3LDz)N6%IM;sf4Wq9;e@$hN#hb9gFIe9MYzsjc<6~>taIGL1xCjJbXrF>O{C;
zPG6Mq!Oq%zRaMJqHvH<h{mvC(QwaH1fdrC_N2Inqh@RmfTK0K7=*crm6Ap0Sezh=^
z>sm|+t+u1hp~~NiUv{9j&fG#!wrJ<rkdp)c)#ckg%WrcHrrHu4tvbp)2E`kwtfYzW
zGPEwwQ_tS&L%yiE_Cs?JH;d_IDfe#Sj#f%>j#b)q>#g7G+9o-Q3rEZN?q&LEHiS*T
z=2|;+?hXpDJc)kjK2o%)yS^Fhku+|_?bhpvz_rxt?9+@$5-l2-1%EMsbf=<4UCu3g
zJgR201$(Ucz|_k<YE)M1ASAmy4LIrjtG0e@-CVKtj*mvc@X3icmtP(To2V^uBIe8l
z8=2tFNbkm+PaiJdqgL>xi3WB?3tC4lL{-&jp~#1&02)*o(1hZSxYJ^!N}aD%2GuGB
zqJbcx7mOp`K0Vu<eQBlvNT(V!KCL8!fz-`v<i7C=$G{sm5Q`GR%~>wr1Dih3B|&$%
zN?TG`FP0Oy@aKRI#<3w~C8zP>xi32m#N&3pxYR81{I=Peeg0RMOG$3qVVI-m^Xu7E
z(?!FzdkyzNf+`S*7IU`6;+P>&*q(ksrD^D7fOt07TB0xShE2e@5+RC639m)ESDr+?
z?SYZEuAc`4+v7{-Sh{}xK;s61D7=-?yn|vba|!K%o<T0$md1i|jgco{@r-70OU>yV
zj&$Na(n;yHXaFK`b^h>JOQ>Fy^$1#&)lW6rM}naAzS~ZAU|O}xck4&1h1VthtJs!v
z>*Cf|OUrtRYhCWzxoq2lo#?5{=X&?hMdU4TZ%?n+e{;o4{PYLbjqyWZx$u&G$_}?%
zV&NWK`i*2D)0b|<0d4Pkq@C#z8{18eUqF(M6D;??a44be+y08yAuQ=7+(-TtW}j<L
zdzM(+k@L%Zu92t23LOKNMYpd1@X%$hnY&5X!Wj4b)zM}P-ca19D3G3>0(>R6fIe|!
zVj*fKnl%H0^L|jRD$iN%#j$WAiiG7LP{>_W<2*RCT5rqy-W=D-a|It4+1nMXFdxOL
z6~VewyOFJf(6$-~-SCgk9{3+0v1@Ykr@ddTza}+lbK_0*yy)AsRf@om^Q6d0NZz_j
z;b{SepUqf+zrRtJhd)^)<Hms=-yZ&e3rKz*+Abpbd1H=6UJEFW212QSDAd~K1JU>O
z*#I8}N!dea-$!VnN-mlbG5NCWjz!B5-DyK37U5bQ99-Rtj|EJ@`PlxoAZ=hQrxY$D
ziK6=Rfq1E20dM=l++5oRL~a%85_N>}75TZ~(pi>WM#~<em3d19%Xh7BW(BRzPUYw$
z$AMA>3Y@0zT%mE`KPY?}QT8P4`n*y7MVvQ-K72I9svF^4?LeeG8{0kM;!jb1SrMBM
z-;I17Ngf~dZ#JsEypU^WJR0e)1F=&_7;#Vu+97j(i}^T!U#YO-0u31<P{8dwWPy`M
zJwIG^KbOGQ8zoD>(W6d%ljYZbn+rWv+woY@4+AEZ^sExaP;BG1ZZ%tU!%DdGL*wk`
z)lz4rP(efpU)uXM`oel-=I8mW^@poE5q0n%VULgDsccn(@bXCJf+g0zwq5ZK^Qy*#
z)Q;<eOe5^X%DgclHGC?kzyGx%8jA=ut!+9cR6BM_?EuuarG!sJCV^^)QC7YH8EzQN
z1J@C$#5z*bOwnEv1xdXr1BHbrX*Hrf*-%P7C%qQ(sDJMfp=YXaX9igXo@5$M*os$+
z#@ByvDLS01cA0u_XYTcIyJKk<7xkBMV3_~)4h3Su`AtiHEK<I$4uBvL;edaza7gmZ
z?>t0HLxm|8{ujtbAJRjWFe3pJr8)>*hxZTRm@I03Ac1vB^8?PeCw^%Q*}R$>)_oXO
zCZNb$M23u@Bgge1)@EZ;B0JLP=4C@~>)7`t<NW=F(a)J@Jv_oR6s4=E{e343@m+;a
zm!bLxVSgkgk^3)!X%&PMzpxW(;0tDn_^{j?V$`2;0pzhE<vkbNq0{iCz~<<b+Rg7V
z&c;d#DU+;n+riZlC@y)4XA=ld<cKVC4V%W2@+h(J3px2Go>XqPyV^ciF3W%z5cLC+
zhYqz9+(OVOSA=){Teba9iiQnM3@g?|x8`sxYDL%}2+fwjNM$c}C&-nC-$nSd2>)?k
zr{x&r!-1BYo0a6OOi~RequL33K?Hm>=>S^O1a0R@n{YerG>a>*R{J%d@Hhg3lO@Th
zI+Vwa$;!H^-lZ}|r~(nRMIBk%LVm%Xh+E$|QE2rZ_XHZ+Agvy)L`%wAsUO!$8j_wZ
z5S74);ZRhKT^pd|ztt-+VDZ2N^eAxIxZMQ2BUy${=oo^g>O$|SEtq}m@p$}0y2Z85
zFZ5cTo%G3b6ruPCYgFIT_Gzb1i{Q7zRZ55qG3SM8$YD^%ZNmT;6-|x4yCg$2UzfIW
zQ_7}|acf~$vBZS_z`?>JkrF2CoU!s^fc&tJHt}H8O>?Ade1~YH!n_=l+2X_j__Jww
zi0#|pq`Z^<c<J{1ONFXI9{nSTaIt4fkYT2PjJ>b_#72)x&K7k%ZK{{aJqa<d2j}pC
zOJ4}dO;}w-9=51n(ke$ob>-kyszem_9iM@`E+UX|r{|O4asx|V-G&Za!l{|YU8_XT
zF@#)*{0N80kIsA?M`WVM5rOaS3(V|IA9vgGy?4>1c;*``Pp~y1!d^~22iMRmJ8kqb
zS~Hpm_aV3p$&P+q1DVv1ZY5pR)=3lvKRZ#aFvzw03GKsiPiF4zFcd}@xVksH;-dt<
zW2>b+uAtZdYN-aHdFz)Q32BSTp~sfua;t?+*KIRIEKC+-UOkbRS5#GWV!8O~DS>z1
zjSrPw-*y%HE?#c=JZu+ByipRK{)Slm^B#qd3<_w_y;Dg!CMt{|V<b?TbD#?q3m_z;
z>(rBxlp_%3IrRwTgO|x6@@u{>rLXyxucB{|)46#1J-C!eAEt{0pmSiT4e<5l@TLR+
zv#Ms|Q3sMLIs__Frp^sM_!#&@R#G|;BknlgimIr1coLgw|8rkSX3lx9Yg)MV|E2&1
zouc<8ZU}zkKuZYH61@42C|A}Z(VlNvSSDSm_b%sdYEJU_vVD$Cf=2bcqAHK&<Y0)1
z;-tx-1IT%f>IM)bIIPATz70YZPZX_=Luj#6mJmOPyoX>sD!dSQ)y^`@_Q!LRy)#eP
z)RaFVA;$FL@}m6sKI+MCyK?O-f4La^r3q?Y)HI%BWfNz<FScU2_-Ezy8%Z~KZ@!pq
z8Ukr1`diz3I6FsGZ0DlI>DI0~X_M5HB{v%himZEM>yd~t1ipFY|C_CHhgiA9&yP%8
zOqv$nyhtzU-0zb^2t;}UMy`4^3GozI!B7^pWveY4<3sq_BJ4!U9)><NFOMSAa{kc!
zuN9}2*$;#WZupfMdo2@yh|?dKp2a2ZeulGJb_R3F-%N{a#*|ZFR+^5LfeqE6n?r&>
zw(QMn8Wbkoq9k90US3q253bp7KP<*|MR>)4Pe5f5mI5)nMzZu{%1s)v*u|1de(?2v
zzsIO}Ckp#x?oGO{?x|wGd&z##4x>?x;Ox+Q7Cljf%}YS5v$v1M2VoNZVu8G3O$?$P
zO<wNgrQ^-X&S`A-W88}(Swrxm9H^j-`BP3R-gf=K!V`WV_bPtfo<(`v|Mh@}c(=>o
zF|(k2wOh*f$pHAwfqIeEA(9ESj0^{lzzNVvZbNwkJ?^uARRIu(YHY--d4|LBLf{3}
z^Crh%6Prc0@?L-Guu)QrPdyruIV?$E5V2y&qF51{++T&@>l%*87q|Io^GfQJc{w$5
zF*~?X?+I?TxS2X{KkZ#4e~CU6T7Ugp)>vhTCQe5iqGPoYi5wa>0y3DzfclWcN8*_M
z5U&m^Ka`e!;yKP9$n5IwaK6B|uK-uqau(b9{wiPEmw~q;YCkIB=^mwpM@d~(8eY2=
zq)wn2O@vF%j9zlok7LnX3=!)3dv^P&n6U#n<Z>xy7urI(@TcvHE#oBU*hOj3c<@;o
z0a%j`<>3;7phI!ERzJ^UIhpwK3{<}ScgXYKkL<+KBaW0%bvTSb7`Lb+EjmF~UU*Q7
z5B%>ZdGHuf47}>!EJ$SA#%!S%=BoANP4*nVv0GW`yTa&~a6b$hfNsHm+0<n?<}{?A
z#<3v6#f@=8PcUdq`c<SsRq{hH6~=u~58%KcUC-v4K&>r;%QsxWG44a-{tE=`WJsXQ
z;68J1u!Cb9=nG1^=p)|&`X*Sgg3w4WPC8pX<kwVdkahd&0-NT2XB&pDqi1>9$0)`2
z>w`4WW3ek2AAIdg@E$A*Mwv>vH4a^_?&8qXzc0Qic@wBXK)JiaJh5E%>s-YN6^cgX
z0;mg@$u%584$(DvVU$XRn=RFB^$X<7pYIF4#n;zCj4h;|S22jINUPGl1uudg4L}}y
zN3U`eta3Zy5}A(LD*UD4V4-8vrt3CCtboP~3Tv_3o4usXi|01<NN_(8VgEW<l2*FJ
zbrqT&1ZU#=dqig2_L4uD*49yz3ZXWF<HbL8xPNIWkYYKBNJ7&QUlR?u!XU8O9(>X2
zfZDaqPg)7*mF#^GB4?n09A$wsI0c(d+!~|gg(m9=3&LsAy0pJu4P_I=fj=9ob5H{Y
zK7Aa`s!?Qn2=u66p<x%qo@4iOAR~ou0YlkGzfJvqvVrW6cAYF&7JA=Ni8uVqxL<o|
zS1^gSKe1q_K2`SkdLA#f1Am$FUYEuD!43o9YTecBy2tpL&Nlwa>@QIvMa}7yP&YBW
zWso}n{9EYHJ2!-M)5<KP?2D&^O{^VE+<u`=2{MvlK}@^o6$7>O(BjFBUe8JS2F6$i
z^a#f2oo^{x213s<Rsb`{!W5j*l^CPrN826^I|6VTekoiIm&&#coC(G%xR>=tEjPIG
zycC_uR*P$e{qY^qj(#e$8H6r=kc_^fuMMR9pMyD9R*kF)R=ZOLis+s>UwI>f8D3(n
zIp3nu4WolwuUr2K3<IElT+(8eN@xnf+3o<VAbnJAYo6!|xMK$r^tf_Syv45l$!CLd
z=(i%Pu3T?nLu#FUU^vwc-KkR4s1tPl)mQu0=mkB&eEs8U@n9G^YjoV1eZ-i3_6VXx
za0^&#azDlGK=l88tMre>6t%9p*x4+6==#rwNU7{GhHDNY6XJ?M6l)HViRVb6k#3)v
zg0cCzUlng$Cv8P!uu%}>yaFMD79cJcQIwEw#$xdq0V)IXA|O01h79T5IeO3(f^s10
zNO<foFZ=7Phly<SBF!2UzW?F7AA^H_H+{%@bKHW=_XBw=Q91f5c=;bwi<z5Gg7#Tv
zQTu$p$&4g{dH54iL;E@yBF`z};BsA5dDphogBQrv1<2MxL<yg0OWBv@k=dHD-!81C
zN;Bh)A8g>xIQ+AnM<%c5NG5HNCdLynz0iVJzyS<l0Eyb5eBKkP2t)7$hd#9aPvf#k
z<o*YIy5ff>5(AVObFj_i!&f7-R*@=zhyL+|VMZhBRZ9G-;V%3;?!?a~?sb$$t1(a2
zZu*glIJkTu*9*DW8}Yu2AN>*~h29$e;W7DeWMoFnPdo*=Bb2uJ)IVLi9qf<M_-^Ft
zVi~qE14`fn<A5Joyj5l7ei)X6hz2y}o1Lp5vvqeJ)h9=J7onq}m=4F#vPD_^AJ2eW
zK@^$7SMyEhH^)V8y#A_b7ZsJ8f~8BX);}#>7UhJ;kaiMTt^zo*bYl|MgM$Oau}Ax6
z2DNS$j=C8Em|^9^23jm_)mce_ueZK;SeqrD(RNJ~Jpx_m4n(4iSO`diYEU#+8v!7;
zGg_ffA-MHPdgmcj04=;Lpem@x?YKBIOzYU^NITH?Hg;gE`OU2Rx9E2RVt%L{5?~X5
zvwqPTz<fj6%C#wwRK4i^B6?&rfJv<O2`kLOP<fF+_Jq|e&)-su%e;E}X&x6#+yO5@
z+v*L=##W)ix?Aa#$_9nJ*@tHvwzilxK70*`gga6937q<X-a)_ltO)Yg0qgxE-qVP*
z`~^NE|3H}Z=Ly}BW!^nJ3+W33f%L=zjZS_bOOpNJyCEf79z0DJiJSXxffYnlEFFCw
zkh(Lv1;Lb90rNoc?zk=w<}O7h#E7R(68ipmGZF50QLYYYW<S(KQ~%Gk13dqBt81m3
z)!0LyTDb7G=`j(beBq+&gi2+7k?WNaw|Qz-&6(y}%X~qv8trQ0MYQ7w__;b3nUSXk
zRz(Th)nc+tSphxLOIRO$WQOUCcGd9>E$c^Dbf$O5a~Vo6gr1eUaUHoy*v_!2nhM(9
z0?&{eRbZTy1ti@k+WKgOL-iB_Ucdmxy@fIUraXYk@iNKUnp0rDtSg=?0xZCmp$0@H
z?t=;}@Db@4cP@RZlCJ5x@WxRjE06wt6X-&0|07t0EDF>;2ErIOuDW9JeIeCJjz`t(
zV!(VXpuBWMOnnBzuKz)g@`|BgpJx8I?+jScM=doI<<V!RJ&!KizdrLv7kL0qEY`n<
z0rf&_Fuj;h6al<0Zb&3U78wRcgU()<|C($qxO-TBu7@2gy5R+QulM*jGBnZ3CzcP8
zT~O?>NnFaAS7+msXC11)$yzZEE+PwVmySI@8^d;q30fw2hqQ1&GLWA2XYq9=14T(n
zz!d41=)O}}`t9n3vh!)U;>GC~K-ptXEA{qmPqM3c$^<jQqCo%AD!n=ndIIm31O1<7
zSV<g2Yj&bR&$p9whv{?<54!2li<qCht^fZ@0|@68Xi>A@g$fw$5%;3A27^QVk6B>R
zFGhgGkrUrl2v5EF^%u8(IE}<d@LYfC)GH~8c?dA6)gny#GOmmWspRD-aN3uRx|?{u
zm(e<)Ccdg_#5O)6vl^+?yn)o2M}p@@^OLJPVsyqPJ8<^@lr67^QwQ~iS)2<1dPBh-
zBvz5pkOEj6&D`v(l`JhwKQNqBcEZ`1>@Pxh{Q#ZOM~b5d<=TWh+i_KJp8`)FK(6^v
z>jSXk``!K@hq0D{YcCFL<=Q=H({yONztyeF!Ch7M%Jk$eCFoB7l!M*~N+^x^LXJ+-
zOzQSM*3r;{MaEo)Bb%>Q&eD)-dFQ{ZAL<V>dM2jM{Sr3U__w&z_gJ$#D#JIK!xOlX
z3cpB20!?~I7j`>ox3fEHodV|&3~OK$1dZzaP*Jw-y6cfn>a#Ensk#5tV(PspW);i`
z5_|tkJvjYx-v$HU>yh8KZ%ZwT@EEp6igl6e<a@Dz$UE(?W^4tsE@kb8*8nW8VcB{#
zB(XkLl!-%o`EE3^`v^E(_9b$uC)_vOOXGM$Q(l2}pZ-*z8czE}kVGRb=-zxq7u$Yy
z-s0wg?I;JUnD8sl<EY``abW+V?q1iNSN~%s5Ius?EN(OmiEh5}&Py<aK5PQxz&}pe
za{_tTAD6L|5w0uL{*Hc9X6j314nxsNhSQ`0JqRhgk0uo^qxK<xIe@`!f?I?K^9Qg8
zf~j~nVhXdk5Lj9nKo|Bm*n=Qx=!IY9Nm>p~as7V8t<u(VVfgjTeh=>JksXp%3IF|^
z*8;uuf0z;AoQGlUICL@RgSp_9m}&Bm>p)(KtU!~t(W-|=x-GdLlWZ6;smeoaUl!K~
z3DOv_0D@@%L3NN49VZQz-5WcU#@l=1Iu;rTN*?87s0oaqB9+%fcDQ{#@^mA)ym)2=
zaIj!S{!_SNu_Pn+;LnV3TpNM|K90B?8Sml48tQ=0+>$HR*u!f-X||EsZ>G57sFPFF
z`HTuEe!p1>h`k-){l81(n8Fmg58nUh6JW0Jkggo&Qqff8K3UWB2pz|SYDN_tmk4tI
zSP{7V^ngbmXb695i>!TAh4cOkCa+g!)=P4VzSI7ksdrpx3GtU*Q!|wW>$Gr(b4QG^
z2YYng9}Q!a1NhwA3hAUz%{v3O5PHO5bqYQSV4(JU5J21z&_45uW-_96VK9k}0ab&C
zoU!|70u!*0mPKP1BHhZ~m?+uz?K|OYeU%iId*_oz(}nZOfF3WpV`yw;*2&z?vDElu
zYEetVb5&j?e$aa|f#{^>M~MnGaODO4FB5mYD4a`!R{j2F2%N;;9`;i?d0x@UtwZ4R
zdk45KlaUiSCVWu;fWiBh7~?-Q`G^Gy0+VUbK!s8TzykCvi$ie*!^}17{h~k{Rac@5
z0v~)&e3#Nqh7D32e~#MD7j~NO#;(wW=WO~@?ZH{#|K0AZYk;31Sn8Vn2n=bh8Rd(2
zM!4UHdaA82M$yJ+`g{X^kyypiX$zdSpTyz}lHUM?1K2!*RDz+kucmB@o)2^@zkB<|
zPaX*x?(w`^aB#u3dPa+uws3Lon4AOsAeV{s%=l!ms0iw(#{2%rlBFXU+^qYTg)%hu
z2x1At7^~O`R`Kd}s(~CHQ(Zz@9DuF-w&lVlQm}WXhlPt=rY9+ZFCESdmuLLdvj16J
z?N?e7zyWZ)0bQ@4Z4BqYD>}o|69MrrlTE~?qxx?%dKe}Kv@ZwlBB&E2Y^n(zsjJcX
z3?6a4KP5$5i)57?HS;Q_@YM{qWL`g>=S=fC*bE{F@oIp&(53O4LkMvHdJ8XN#>s~o
zP^mSUQ6FisI8a{k70GuF8qf4Rs-%1LN`>Nc?dU2b>cLdTdXdr2;{fYde|_dHRA)e>
z8Soj>#UqZY;8?=0T}L&MKFK+jK2#@?y4h*gv9%S=_@;OHa0$o|=bkNEH6q4#D|J_|
zMmEWhxM9MLo)l+z-#r4OLB974n@#WrNmzzqG?eK_b>2O>Tp7MToZKsmG%~8_u-mo<
zuS^-T<|H?J^GYe*#y|WH?y`c2ckKq~#3z40wo7>Z;@%Ny^%o&~)Ls}4{Y87>Ep)oe
z=y<Jh;dK-A7AUU(*r8!v6|7~5Gq8UCy*al0?b3n3pr3L~suY>~z-wwPW71$DS>2KE
zq0{C%k_oJvE$N5+FJ=4#W-|@N@oh|k$?D?VU6`7xxWv`hl_Ra@aXE;lhIx5$V_bf3
zmv+k2_K|-2>!7bNcZI1LQj)a#JIM`CJ9jE4e$fp1jv6@v`mBZ!=Mq84fWWHAI|AJe
ztfE;(cj)7!DaO*XNrI2_C|FBH7k6bqBCe8nBk6bY)}7Ra^{w`)Md#sPng4RCdwa&_
zywUkG{c=UgstwqJl&(UDysko46yX7=&5}Nqt98NXHtjuUjK_<ci(H<+&ThE|WbXNo
zhq^W!J%n=X16D@7j_NWDVw->KfJAWKlnR(_&7QThk|f}kgAc-IeEh^{GQpW_Gb`wI
z{sVTKU(+GPH%W#YF4+q8mvL{@ad9dxGZL5$A2m`#S$k&=exQ%TidFeUJht=pMD>26
z$2*tS^dvKs1lBEvg2T{{pxP(~hybH2960bN!J*K#AaDX4=;th;7C(57J6(Zo?i%hU
zgda+8_Z?7lx@?K!I?Auyi1Ih?Z~4iEa3qj+ybV0>;_d)^_QDP$!Gc)*?prjs1JiBc
z<HeU|wLa#=TG(ll$8>n{YOVpEP!|{1qILuT&Y^^{=3(o#S|cb^Ia}!%2ZGsim|266
z6;#c*Amh@G8p7F(m<wIbZ}<%Ez7|V1MvDtu#7*|xeH#7Fq@Zp%WqM8PrjDIpUJB?M
zN|1&Bs}uGs2Krz)gY0`BF@{y>T2^<!sLH|^RsZd$QtN5Y!G@2IhAXdlbw%(BJZ@kS
z3vN~aT+kw>u{HK6pscd!v6i6C4G@nw(lyTb_90#4fTD|5Xw>;JvRT0^k#`AC{^31@
zH1RmqM1I}mQs!p1Kg}b;hX7>a2;wYzWkL6xzX6dl`)tU$@K&d?ZDBE*DyVNsOVy`0
zPNSFJemlo<l!n487WamQ=WgjnIM*4fZ16J0*%$9H&Az0*WJ=WKSq=?6A;W0Awhb=4
zoih7x%0YftA<ULA>xT@|$ZCYSz~KJyjNJ0#*{_S6^uK$N|J|wI<4Bk=$yNJBxPhId
zXIyB&-%df?n4zPGbzvtMF+4y3ifU()SQ+CTF(ny+5pyNifBK=2{xTwGp<T{$g~639
zZi`_OV}$xxj8tTV0=C01m~ms!F;@kgn2|eo38vcndz1kT9qSL5L+l}Y-dN_XrrEnh
zWl#*|XS|J!mkb0z)vJX;Kv5))>@R>HnWrYdvB4e;Q8k9uAmNw#ttBJa{Y4{Myh<H?
zHyLkA#DuTJ8aHmth2kAYvM-q~UG#)yA(p?*eE$X8sbNRnDp<Fib+{U}(~BUHJ%?C9
zB1gg&1iGApT_QTi{$eIc-I;%WSLE~Isdi!ai?POrpbcN*CMc1n{__@KsZ%P=j=D?t
zol!hP!A`t4P?KdW&HslIV1ZIrwjl4yW`rw<I#}E(ac4riq&#pMB-AUpb!0g<a6;?p
z_Z-*8lk`tE5I8XX%?3hFvc7C}AuwkGup0FRwgN`hnkMY}C#@z8av%H={LR8Yw<Tx1
zT3%Q{*}nL&-kTk_kX-<>8PI~}$O5U<u$A|Ocjoueg&c6e{oBs6!sd|UM1;ST$82T{
z>K)iXANU;Xp+I#8UpDae{qM!V*Rv1SGATzT)yB(8L{?ZT+BHA*q6jdK9{}K`;I*i7
zxuTm(pR}MDPoEp0H1F8#237M9=KvX;il*w&Rm|U?P}JJGplfW|L(e%&FB~rwu~n?w
zZTq+s4<1`=|8)5MgOna~vLhht$G7q%I6uKs6<Go-{tUdiYTg30sZqS6*I0jKkRY7n
zXPUHuYap{b5T%wN4bY=Kr}vk`q-*&0M7DCtd|1)Ss!`j4a0(=wHwT`L9BL%~I!O%2
zeyb`m0YGRX1Ob>CWmN^SuV_98WUSvb-*L^5WiSE&;{Ch*hvJJ236h%I2Ob-dyth*i
z7>$1#)k<}JZ5@Qt>Q2(r2YrJtBzYiv7oR0U56<GRr7!BysBK#OH2l!yw=TFayR)U1
z3|hP>D^PEKToqN!B){N%<;j#V>~*r#4FJ9ne$HY={WGXeC>^AS6om}^3;GZ1n*AZY
zbhXOJ6sq!A_2!rSeeVGJ*YZTTAqejkD~5X9!Hq=My@-9h)@fjia4lP;6(J6H==xy?
zbUyn@_@1JO)_r=)V>b<7GFFSv;)c>F&vD1>k!7Q*oFob_r0xE^R{Ld~DrYRNH&3pJ
z3%&ZzPmo3@wgK-k8RqY%<WUvf9aZ@pXOr%S7Gk8!fk#<u>lvV#azBq(0xZGP0_i@X
zN+X~2L~DaI97f>>Z*Be1N{(rbP<TD&9IE6taQjC(Aj~UruoW!2O76YiqwYS5J*s*5
z|5zKiH@`npeCeg3hWsImQo&5bn3mBa8ru<=T-2a;8g<bUH_$hY(Hyh3y3IBw3Cdqv
zINfY%zlPx}`0q<y#srM;8(}*WK!@e}?S?dZsDj(T?ie?7Sh_F!!!Iq&TRN?n^8`m=
zCve&t>?Q?Sk^K$_QGOdpUlfAbh)r{@#_?i>VOZldv(5&4hGQ^La~3H(HUDElfWj@B
zpnbmaz_!$frlsW>j{r)h<tC4`VP6o&%HKy`R!U4`EFTe3ly(>n-XbW-Loob8C(B?#
zG9gcYJVNn-Ei&Mo$fy8f<6+v3ZwHHBd?OWM4O-rXqF9?heYS#075ha0|6CDLnEaP@
zi}t>M`BJC#Acu!yPERN+sR^JkhA|%UOtys()gC(2CoS`6{g2or-N@1FD*0hAh6c#r
zU9<#VBp)IX3V$12FIC)4r2P}naBU*B(Fx~<rpbioPNP>C*1>S*{btKO{}Zi{#du|U
zhmnnf^b6Dja_W&i;y^2hVsH*o6$hsp#$r|;s3&iigemtQ9MS)GRcJ%$<6-MR$DL+l
z>z&CZ4;0-13Y>kLqhbnq6wfp!Q{-Oyvg18EvoY#2dYc%?J`Bppl8jNPkx`Bv6MChU
zlQK)cGVKz`khJ}Bo|4jU?vG><V^Bl$Za{JPo87bBRBp+x8Msw>24}sM>k8*$kdpBC
zubS^fCyIF#4L%M0!KoxO1hF8CDHaGcL5{FwkgTBjT>8XV*l<_TWbXR~TdbS@xG!HX
zy#wNQkhazBZ!Sa#W%)R4Qoz&s&Ef2^ITU<bZCCWfO%s~uKP^FTBCNrT?Pv?OJcgUD
zzjRzFiLt!<_Z}F7SR;YCFTi6r8d-oP`UU}m7Q8+4g^Lj8T8c-CWfY-4-|{^5Ra{CP
zFbWyx`oDueK9DGaG^w!4g!zH-RpRPQyl<pKm=Kua?a_Kcl2g0<{ZwUZ54tY=#jRvW
zr1(N?C>pHgDL8ANz2i3~0Yt+8u_gfimayQ-J(=~g<aGxZN4@cQYb)~lBMw?6?ks5k
z;nGbbT<R#g=F%Wfw=Fpy#XBQb*0~>|pIzaU`d<S>6FEg3)UoU?KV2Hlu)&dmzis`m
zl>tipFISS*XV5yp7oiv|tV6Y7CQg2Z?QSQC&uOJu+zMml9>6l5GtV~h%tjH!QR`U`
zI=*^?XE|iP9RB5{DQkY`G_nt4o}6!I#pbp`U#co`pdv!aX}s0Vh!bgd&>;Zo>^U$f
z?*VEH@Z90bqua105)gNSF&snin8RcLiQH58e9I5(!HTKSX_w)b18!72s`gLqH%=??
z$ck%5p7wvL3;qU!gg<+RI8_}j@zY>BI~j9VWI3<W%?@Qih2WWY_&pso*HMe4#$+dT
z9i{M%<HReO6qjBk6awK5{tf@=?nDjCkP55>XA)vwhI|}AuUs>4Z`WORP{F>r$yv}6
zJ!?`IX%pvUZ!x^g!Q2VP>+jTLgdY?@AxF4@!{QPO!46s#rN>TFQa`3Ym->6(`0%P5
z8p<O;N7o0E2;%06xWqFUC`)DeH}-&3=>rI4k70h6Sa<u?nhzd)(0@v0e|H<GmlVt@
z`1WDWR&CbEuJInF5XhVyNS}!+tF(bZ1ZDUXP;_Bn{(URlqmiqR0ZUudbQm=WMK<w0
z#H}C6Qh_A>JEN0@Y@3nHNR!zHdEQ9r(K<Yu{2{v%m=cg5+4D~d5WxM6APUj_2<vLy
z1!$2J7IaHY1V`S#?NTa+uoDx;5RE}rDi5`Z&K^0oWwnvS!vmrF<@@>>tKNa2Kl|Um
zK%pXO#ETqIBzxrz40wpCbASA!g^XD`Zot)fFPZ?t+wZ~Ai`cz7I05Da=g^AVY8xHY
zR#%X{D9nt`>@}P{MmHx^Or&ym&0R4QF?=4!0lx1gl9>Iwb<DzQP~z+{##nX(c3^%E
zkaP;T5Hd(3%m`$csP$$?_@xlC4N)H!yEYT$BAY=YuyEOhzEjerH}Yh_)&oD!!m0kd
zGYvk^K>cCE0`2J%>i;_m39vf=hLGwE1l%L9`5Ue34t}z_%w|ibe4t)w^!kCaI~xLT
zdi?yfD!$Bakp%Q_&=5KeFc?`t%37Q9q5^w<y#3+83M@8mAQ^hop5Jp&Gv588=fY@p
zdnoPWg7X(QW@HWZ|2X|Msn8Vt@@S-YHsuv6<OVR->~KdB=<P4Q#L^T1e_^j8OTJ|z
z;<wC!!2i_U@O}ABr1GbyQ+bW}lTF6u4a4J@7g?R^#>ZiXg`ohF>%R&s!o2ltj>!k-
z-&t_RMk)tag`lDH1M^WHUsXwx%D*D*=}GT3WrLT}Cjgib1@}s%`$VzN-xv{+l>kKm
zeco%d<FwvrH{aYc^|_Gu(fll3n2R<$-$$+FM>4?ZO^ut4<y^lth#o}pRn%Wh-YrE~
zgoa>ooURa^evA4edN7k`hu%KXU5nIm1`*V>{KZ~ba?Znt*ub%t6%wh|?94ntCQM=~
zkE6-lGhWK)^6a!q+<hjL>ZvOOC_>I3Idwd8G%0EJwfDQ?y*=I=<Z&gQAkyuB98V__
z(yn(U@+#hG@~?a(SM8u|&9Kd1G9X5Ebd%1!4b<SMsJ8@b84?fS8$KI`I4zX(j6VK%
zh_H-5t}DB;KHOtse&qR@O=jqMCFmVF*1l_i^6pAuYFv)x<m4x}hbN=hT>A%=f})7=
z`(bPgECGAtKB*U^vo_9?UlfO_O!*=xwwt(&B!P|;ZIAKs={6H4sT9`<6Yn)s*Z^dW
z_@C%Q=sSZXkBDJ5JX`T<%vSJ8s~@W2IH;uD)i}k=<?=zbVIryo8H=@7Wt|FH+#n#U
zNYoCQQ6Z4^0uUqNKK>cyhIXC7yt(}JerVu4F<IYRNyCG*5Ai1?SXIl83Em-a*)x(Z
z(yn#HAcnlhy6hmPao(H<d@25r|GSqbsk#bmx&9-wdf~BmG^wnh%(J|&u{Oz=^JORg
zJNw1$+w}JB)#E!HASd!Y^YSZl%ENsFA#M7s;?CQ*v-uPU&qq8c<L<tPD<dA-_B~&g
zJoeS{;l*cfSL*5e0$*~|+T>00rb56+a#gjrBR(oxu+;?yD8AkTGQ=1oN@NXnK*_a!
zq4lv~FO_E0PT|n$0woj|_)tGx-63*DK5Mm(NBWN2E`4WJrmQ!|78Tp!v(k8Yz$=i@
z5#?f)Pm$ux9?WM;aT)kxRyjIZF8g;;yHp<--S4I^o)bfAG;RrR@V`!V>=vGJ+|EHi
zYkMQa?pE_zl@FU|n^L#_7>za!4tEp$751FIjv$11nE@Q&jONN99|KW4igGOP)kU_g
zmeiT1&Cf|iO@jh_7+F%({=}G>DUaC^$9!7Wkj~R_>zP`W;P#h41V==bZY9mXsAPZ(
z4=yF{kV**Yd~Ubpu@cwJ`vLbI{yA_=$DA|gPDaJ1#YD?dn1q4MoJq-~TYaVyKH$qX
zi+uT>?R0s($!+N8-Dwjt2S^ZbUd=BDj0_1vkev4*d<23JuN-uO_T67fkUaCV*6Xoj
zU?nnw{;y}N_j{1}cfAm-cZXwS%(cktm|UncrM1TU!O0?f$VbKK@MpnU4gYo#_tpLo
zDgw-M#z78GCivT~g0>wwc+jzTG0<rdYxs>l4DDja9EJLtnYEe#y>H1_=VYlT7EO;F
z%bpunYoAr#JL2gy!jd%--M#s}sShj~Q5rKO46fE65|^wo*(<MCWUzT-#}7lcWL4K)
z{<?Z;e(FMZOZ@hk4QG;#rdyADpLuhoHHp=E1(O(9-mhybxLX=xHYuI%J@Z4Ddoyau
zvNq*GwrBHP<1Sw(#a(kv`PQAO*GU_|C;7U4Pyj`aH@O(8236(v{4=t*J!`kh#eR=q
zyU)8EY*})N%;8*#b>*yp@OhGsogg*@Iu}iGknrEFCYr5(tWnrC>~Vr7mNoSSx#M%G
z>o`W*c{*^^i8cCZ0*xKyoNeq7wYKw4=y9B+-prj;rMRvfg>>%>zUjzSyp1b+72)rN
zV$$OwjI2p}6`*)XPh!8yj^QU46hrx8;K23M26V(*=|(PJI;16t;(oV1?4nekdf1m-
zQ&7&%n%XC-hdNf19*vvuoP`A5eT1`y1Y3iyhC^U|(2N{yw_Z9Hak&J&pecucBi$2U
zIM`|V6X`r)<vJc&RYl$CNGC~<5Sv0*<>dZb5Nnm|KbhZ~d9`FX*LHh9b!7<H6}9F8
zsL%n$j3A!-^L1*dArLnluL_0yFP2D1BL`#2v4;rq`!sg=O38gIWrRrc-0%Rx8i=Xo
z@IDzKYdII{l=|vDt_E57{p&Uf?XnlQNeG~YK4b{=9@q5ZSu8HDY0&neY93en&1!E_
z!JUz_s`V&`13SA=dr)@dtEm5z=Dmlq>91Sr)ts}2-*Mr2!0nie6ZU^v2%m35GK9Aw
zw_p3V12d1fUc_;q<@d!ZR_W9#pWA4-@ry?bz4EYOTWZ8gZ|<J^qWWnyJ3_##@ii~M
z`?sSYiGVzk@I@vdkO5grxqH^=L7-E>sN?nVEMFUs4CxMn1^A(YY4L!glZk7J)ZUv`
zHWH$ZIYOL=8x9eDwZHt_p_xXDd0miT3S2x=4b_b;;=}l)?ZxTq5Yu#T(oL8AM<;ce
zY}+s;gYUp)N#x5;ytMC-(0kR9EjSx_q*E*z;w3n)8Ke93336(FiYWaCwDor>pX{j@
zzR;ZYmF5ltbu+;)hu&3qOXufT%Gb_y13ST>CKe2z@?@&5h$nMIqzRRV>N}s1d^_JQ
z@X)ax9k`o!a~iydGqwzPa3F46GsiC}^{?!Py#b=WSbTQ#iEax3L;LhVOhK@7oX|n-
zFGs>EODEvx!yZuYa~>CXQfQzT=BsX_8%<e<{GLD@7~wIZwY8p2Sq<oPb)udG$X)(Z
zV+5xQtPyj|hx_eU9jIHt95GHcxMOiJ#<e-{t5jfT))a@TCEdPaa145)&u<qccK|Si
zA^j^-TbHIU2Izq7i~sB>hmQFqGJ#G5@&YQkw&alge8=4SXDw7O$mAMa{^(FtJLL^4
ziLul}dix4JW1nQ@f3<nkZ{)A#E6yDrX<#-M*_2h2(|zXd|3}%EKttWPe<y3!N+?-M
zDG`#oWlu<pZrcp9jy6iNuY<9KP-sC()`YPQlCg}jBqCeZGE3I6&e#WI%=;bn+|Tp8
z=YP)sea~@DnwjMMzSs9!KG)~^T*X?{;P;gkt=*0v2m~o!OAklFhG19k(Sq^6{XYy{
z#=w4cWfu%OwM4o`Nd|3|yJ{(8&4{-HPs%}VN>A?+sx_`RT_8o&yn>+1d=&7nhpIkq
zHQn7jPbuo+xcMIFRAKOpupSbJi>oZZ>u@%fbQNR7m4rxG*9uBn;rdCiyc4t)AC3?#
zw0T?GL1}zWdOU)h<5;blyuDI&lB%X9Q=_$!A{HdF8p7h-R{j;M9`7JPbVhWII9jtf
zZ@{}|23M(b!8T_f(sM4mwI$edSZMuR{n6%S4@AK;sBCUH9xKZ;ZOdL@x$i($ig7Hv
z?!yLd;R9I7jhY4OxsN54=LWaituIY`PHWZ|*Qh70drNrQy}2tdv;GO;>x6wqohwqG
zqVz3ozSckQAg}ObrV7oaM79?i(|R^+SL-^d%A>#|O6X^U?@V+4S6`9wo~GBb_%+)q
zfw7<1#U3oM{wO+$TtisSC~<GK<s70&dS=R}lFaaHb74&Wtc3w+?S9VJMTl?FdukZ|
zq}Xr-0A4RcJLo$a$%EWs*23POuA92Eg}i;{XWZ#OKQ{P{GS@)*(w=%O>U7e3M%kTF
z9g+QkB7KjnVU#7Ga-%0pHWG;U#KS5D=>oUNMj4a-&6&0Wyo!HKb)Eka^=nIaEKEs!
z6`nCK|23Uwg_@1ecL+A2u)m2I?@k{kvB@!7b$)PGX*c6Kju{Y}W!t$1ld-N0u@u^<
z;hZK5SUc#Ee&sfq=;A35IvE(@rLm}W1+7R5oJW^mAAUz7)vBp)9oqZ#LK#fxM_Lqo
z&f>mER~MHWKTucM6j-|P8u3kx65NSPb{yGAE1d+C8#`N&adhCyN59587r}o$u+__C
zuJa+9Cd&NHT-+wpvQu7jF!#7!>-Ea}06_5JDo4)owdB|m@*Obc)Z@L;`bkAgIdHn<
zL>x_R_Ev=&5V720>oE~Kupg31zS!X<u>eLlD8E5c@Edh9JSl6)T>Ww}Uv^_+YM=F^
zEz&|%t9y3M`H!@&HTd{oui6JNZNqJR1SnZ|5fb;Qni*y_zQny5;rEwIJ#CE7<QcHb
z+B+K7&n9b$QWJ3TTWiu&HDFbcxy5a6waa*DR0lihmgDR4I^xnn<ndeXJ?`IrnAg9|
zDdM#PVNkFPXsqoqL%}dT3YN(j#?$Td&$J$lbPveifJ?f{pPj5bC&zn}#HTH{#aL{M
zNe&aXPzi}RC16{Ya?#t5#6Lj15m(0pXERHC0}IZrBk?FVUG)CkG2f(}Yp)XPJV_l>
z=TOn^tu)0mS4WYh8l!4567ux*z-o0qOH1d^w}3nMc_g85g6k$~lOz4uSJJib-H(D2
z0!tR-q^mM~q6i(nw#Vj!ait<Qvduu1cF;5>HnvdYpp!`h(BF#1pxuNIdMJ&&$fQ+j
z4wm<Kbn*L5RVphy0V)LcRqrC1O>%!StH06CM8)q)HnkBU>Y+5h-y+U5`m;dZrEq$3
z&U3Mq^SCf*`n#e@|ElZ5;?KkSz3oQ-xNRok2c#UeWXBPPype!kh=vM46_As`3V)v}
z=`P*11+V@^dr1oxt(LGx6-O&tjy;M>s?@2eYtLNXi)ObX|NM}tc+f5XPK<OkJPFmQ
zt47PSIcBoFmFYVYmROs-TvGz8SZaT9fZdrQ*f<v7ow3!lEg3w#y&ZUqd!Wg6711dt
zXUA)01J&031BV0bl=og|CC|Y4yFCk8DJewTu8HnLq|1r!_4;?lYsI2#4nT@cI$I`1
zU($2N$iFrS9cv!7g=Ofvmz<q6wlr#a8Vz4%w>#C*ClQQQ%2&<gc?;MH29}RY0a)($
ztnmNZc=*rc_!!+3y3~<%eYeM3F%>`#LoZj+f&)8lXQ$B@QG4v~0pym6Z~VWd#mtN)
zOHk;;Zjel880x2<_aC2Bw?C)_Uun;#p0BnB6*=uCKArJ{j_o)Ft0Kkpbc1C89a2DC
zO`=my+a7zu*T>lZTIRK2!rb7!D3)2=9ufyW*++oioyR<22D``Hyg_Y5L%eL9AL{#g
zehB5te&cZg>dFMgRe0b43Mhh+;%8r3K74)Y{8bNdW4y}l<cugNjPGuewVb&16DCx+
zVk|3II6k|wYHc^%Cu@n<;d$Cx+(&5PBt3f~oPVJ3&SIN7Bp-%x`>g6vuU31#?20XI
z{%1x%@$f9r%MI#|6X3Tb31}XhQe`L<FyABT%oeQmj?BcpQJEcdvbnG_cV%ei+(gN+
zZv@TFq~QV?4hp~hW126gN2PRbnTSipNS}Z<%#hp0sA07k^*kVxt`3(RI>z&1xy7fi
zj`)}224O^8^yA(U{qsk!pO`;8Zww{3M_j(+&;Xen4g1y1)_4<gMyLXv;FXfnNEeA>
zOi3E8+4x-BkkpKIp74>_+|hVAl+LIR;;=OyTZR@%eSO2&XxuGw9fE4BVssaOr9Md`
zcHp_oATLCO#*1BSx!#09g>M8zy?8@af2JlkRhnnr=Nk<cB;!hCn9$rpTD}wGExp3W
zZF{A?g7G`OvbVFGtnqHM-`^bnRg+hZBLtKDBT8%FWBKOm#WZg7PL0QuPPXaly4M$h
z)?1ganD5`+^w63S`R=7g9Y2#F7X(bm*|Gb+dw-F)v?g?)PF*ev^Ioa?x$#M*WnAQC
zkdy&i9<GUO))3H;=Xr@FAgC`J^r*o3trM{*@RCU4Gm4i<6)CKEb8yM?!ZJ>4R(Lrk
zNT=#7{-kLqo!ErCEmY|BE!M+!GDvjO`=xi`YWR;#`L6vRczEi<pqs(lmaC5a@QcNJ
z&>A^5O;s%<#=Mk3!-gGQZHZt^AZk^X`#0B$$a)e^;x_Dd*PcXzHFNe_>+yfjN^BXR
zf=47_&t*%m_wxcUoVgpK9t?5r%=Fwk47#mZ|3Ls`@&OyKL$f|J`DbaMfqhr@7M>L$
z(CYFt$AuYzRwtg5>^53o4<gQ>wwABS?R5EemV-h+Aa_=fv4NQdCbSFsd;f-ZcUT~A
z{)W631vC&4tCT0zvk3MEMcRnTR&QH-F{REO#C;;3urW}2%&1cpmiZzvvUZh$i~c&s
z);I`#4V0q-=(s&!yF5ii#8BgA46verU9JW;|6VuA8Wl;(Pia2?vsA~S-2$~=?1OQA
zRstl@%u^f%<gEE1PHy?fd2(76q@%gb>ue8uOzB5(TP$(y5`|o=Sciw7G0v%;m&AOC
z?R6G~vkEKft)$Pp2fA%{E5D4GH&Eozx9AH$+OEd^i#+D_dUVihI$$C=I>GyEUCLhw
zS5cdDvoo%~i8SF_zbl-+CJizzp7u6-quC?B`0=}Iob;`N-5mrHmWmqRF8#EEJe@sI
zMZZDD0gX?6cK_ocUbc!d-*#IcvmxoTZ)8Z?jGq1gw8tu$@n+ywBRkmbGF=_(Mr^J@
z1KeeAY&2IRUArUBm(eM5InBLa(AHl2(Mo<J-F6NTeE%%Y1Z=Q#TaLzGujvwUF6v1b
zOLGs5r*<7zlu0NLY{y!omYU03=ey{C_r=aEI7$T-YutXVK^<AP_qT;^50lk@@4Y^@
zg}u{B9Q1~}kM9K?XGk+nu^kfRaMNGntLmr&bctWwHp`UbY+C!Apm1RlfJ^4iRq6Ro
zw!VXtS$`gU7xg&YR)lzH`_Ma=bst3XK`MUaEv*VRTBZFiOvo0ZKIc;jYZjQf(^V9>
z-&5yiHG+V;6Zza=cdNSR%B&qDv1XdNOdGUGvGG-$;^9Z5PFqaxW@S*H;@;dNczzTd
z#$1nD!fNb4R%)&OoH~J5Bk#NNcviJ*qYT!+of7-iF!%XY?TP2R&hqr=vp5r|Xo2U&
zH49?#dy8v;^31sbO)r;9Zvk78hn5TNm-1skz9mzV1sd2n_hk!B6P;d40LcB?j)L52
z=&@#58Dk}v^I%wAB4MzNva{fm9DKiz4-w>q<GhRi5Xiv;y|goK_zzRiYy@O;pr?8o
z0w&v~ezOOek{HY!>>s}UySy{!|8O!vBizbP{a%wak3n%2Em6sL2bsanjVL(ti+MrF
zKoIVv7yNK?zDF+7wL2_xI2`|t0y*OE@)z$-bD;3pT_oQaa#yI3>ihj@JLXoAy|2iD
z&Nx05K!+~4X=rKjL2~A<eD&RWZl%yRO^f~bwaejlr0<X@g^dF?mrkE}f)4BFwvyHO
zdTf_dt1`INC{vV&Z$aC;{E^+d?D=SG#_Hf~aBT$-lwzkpa_y*g2_=l&uuny`h4pnp
zvzV9XO}8JThqZq6lXKabRf#(qedI9^Z)yxX!^2aKUXa3_!~vN#v%7)ne{ofnNBg*-
znOgQbt?!U^4brAKdAChX2Z<qJAaZOHJAa`0#foMaNa4^t+|lJ=hbX`Tx*Nkn$;5-R
z!IjCE?SnUtRR(*lC*1b*{ny9^n2Tgm+|x4|`<KM$YkR@6k-+z`et|qwNi(Kmem6zj
z1Qpo{)+Ih5B-gw+t8Q<Ewio~1C;NQ#9aTWV-m5o-T=I1KA;79_HK_ng+<%WJNTXg{
z|L4YEwl7O&Z|~+{9QV?Gl#GO;OmzZyL<-m5agmQC=fM(5c{BKeI2t*S66fao>GLV5
z30X&9&i=|W{>{Y<+W_(*<W{wpq;O%IixhbPvFV#t>q(m%SLk!2BFAcQ`7?*3V_R0A
zQ4cX!J|AkKdrfXrZj*rwTn=L#!+aa8HFI-RR|mTfN-HE5_<~9|sxK!|$iGyH$w7Wm
zpSIroIvjnvFJrTV1~jyRXr$<@M72Y;)X)X0fl~8><rM%8_BJw|I#ZHmCi@Tb8+50E
zeKMKfU=_DRB^bZeD@7g}{%goM*alSe@P)`I<}%xWT8(?%(y?C{mHwo!>5!Tomi_+&
zM*ckKflVnlF#4WbiK<fr&)*hXo!xv_V=w9n#@N9`)%8c~)$ffsLCa`I66Zjf(}aF=
zQEd5XOP%@{;lhrlkVGV`pNEfhYKk1k=h`6aBm1>r=s+sj4hLnZ?L+rTS)EomUIvSq
z>oaR*XODNI$|`2DEZLNPF4B=T4vjb;8n-LqD9^lk&XEaWq(`Xx$bzR=MvR=r{i%{c
z`h^;p5UHS=r2tQ~evA;YD)dVCjM}c)R>Q|Vdt4;xqppUY%v2{7$x@GH=(A@F?>nTZ
zz(pJl1D^S4qp!%c|9hCX&0w%+15&teNkd82?0U@*`#zCttq5WUwO0wxZ!~QJ0MceJ
zblw8m_4mrVF$J09one=5DJrD0N6yyhDV(qoBT7%BiS%YA`gZkrl4AR&#K9VLB;d_4
zMF=i2Y39Fqy(3_0X+8Xe7hXrWXfw#chkTP=PCmuE;Q__`lCC;WCj@L=IN#Ea_upLZ
zJ!Pq1dZ&ZQ8v<nslSA}NbIcobFd55r4W*jF@9C7qQFJWm+m{xQf~(BVKWdHr>XwXL
zv`@+dV%?=a+Ql|GItnIakj9Q<;5s+b1SHes(=X@8By3z3Nmn`7o)7D%JSWVMLdF;l
zmBW>EvxaMFEr|u^re^iI%}dpxFK#v<aZHJ)2weCn1VL5mVh7dZ*%2b^eUU<6H2Z8c
z__GBUq<4+sryN0%;oUrx;M1^4)oT!aLy>msJQ=cl6jtXr=TCe?+o9qENPZe^G!`56
z$Zx(NM}_09qof#ffjJ;nSiz(w?u-3V8v0#F11t&D!vD1o{n{(Qt4GGiC_<%)9T(&Q
z-PkIi=}LA$@KXuJxHkb`YZr-g@cxg`=f4-4@9fA1)xrPGX9X1lpvnA;&k7P5@OP$5
z|AWE1Wg=C5`vNA{>#{%DFs6nE1M1GM`2s@65vrn{7kz+EerP_za$SP6p1r`vsnrvT
zPv~FV_H5coYKo;CV@(>6jR$b~*Gk}VyB6eSyc%W{-rsF_AS`U7(35_1O=nbxC!k?I
zRq0E2<ED>2c;f&$(HWhQ^g1E}C{RlD{j#>9`Q)8_9#-L)1(RMkS5w>nt0J-FF?JIC
zU*8j12bQSKMcepzo=z;~=>oRg?y-%Xq9~Gg3nfRVY>|662RFO6iXQE#X?V8Pn}r{i
zoZkq5R+Z?)a(@8}1DKoPZk|>+mv!aEx#Le6pnR=jKWB<sv!Do&G%xCk6m}kZVS_3o
zy}K+O&&5SoAzvTgErrW`k9w4&%rkoh{K7)5bgo7k7jwPbY1!Ad7<6kNJxwwG%{ob6
z<>8|M3zN@u+j%fz4G{4_CJNu;zo$k(iO_U1Q;syD02GQ-F6`E|(@0RSoY==g2<ykK
z0l8;dDh$t$q<`q*<B`5x#ec1ThyPFy|A3@pCrSy5t9}lB)1VF*>IWM(!gI$H48--h
z2i%fnWh^^P3@YUfg>zHkt)8<_b|u2cUAonJpWKcg3i7SP!nXVeB3QNT&jMaEDcE<L
zbQXF~BKQVYL_-~#%|5%hj~YZm60{7)1*<(<)*p%Q%UDXNr4s`z6Bme@QW;1l4LI}-
z2`p3ci2tU3ZoRO-)n$8<6!K+U{1PEYx6b&>qIl48{K-4pgIaHEZ%>HITB;Hc-;t0?
zR}@FMf7h(j?Lc?wO$J1#&f1RKP^2aUuGZD;+ygsm|M$1y^2*liHN;2#|7#*2@-L0Z
zKy}i$klO8A(>DeW0X3)<|9hW<eYLf>GnelfZYcn|4M1YSP#ZAvf5>4Pzpeg1$YK9t
z6$Aaj)W5t|lGM`<F@XLAp1}$LrB*t*-9SOpm5`{)emcOfDaG4)#mv2lnZv7F0y$<<
zY(<sa#&Lw`<{pL=On!6l5~g0Js&`uhQ{Kc@7&q3%2iAl8jvGR?YVFb#FNeqPUJz%g
zUw;&u#O^G0MLJg63X&myJum^I2&<~({F)H)h=*IG@2p#BL<JNq9T|}_6)qgy;4%N`
ztV>xqbJV#_`75?1qN!_uC04?!nE~2Vv%xmq<dpGFh-iRF!5(vxfGQ}EDaB_D#of(n
zTCvxO8~CDx{?7}veU5CE+Ch}w#CfpK338@w5ho(@*y`LJ6#C*7%9~g0a+bymjcU+_
zwut?Ls@%HkMyCT@LW4K48cSg!17%L%?T1enPCSwh7WW5B&Et=NT>+h0mqu-EKFgmO
zztyM@y#HhB8?^SX@}+8gy5z>Mh~*M~e90N+M8}_1Y&+^Q9_dFIgMk%lqZnL6ij1kC
z0ZXgDcA$1%6(LA5fl_Atg2JgfI6K%-EKLtc7nIUByQTB)HBJ551yCEKW~n~z9b`dA
zB*JqEON<@kKi6h`+oFrU6zH$Taj}|mPyAi<D{2`mN86xstsHzKt-aFnY8mWZ=+rDT
z>`z1D#t7Sz<X>iWW(|F}zv36dQgE5Mh|AqgKlM7@GgEabr~K1okNUn}ieUH6l^}A+
zli;EvPffKsUs0EizT4Ei1il;m9t3tO2^TKCKBizfoe4G9GVwRKcSJPRolDjn-boRC
zW$TRido--fV-U5TxG@s0D%TV=&74#Q>VOICa^e%so^`mQwl@X=M!J$w`zGnt4OxRC
zPLv*7wYqHV!Oij&yC>sJy<O!`6<rTHb1x+lIUmEvn=>oDQP^~ko1L^+JKMc#lB1og
z`_B=TZx#D40(@#`ZUYQ+`K3qG&TUtYf5<A4Ad3ZJR)E-_H&e8;5lBLQ`Hx!p4^eqP
zbF>JQ&W*Cr=)b0!npHam^H<aJreH2bsAquV08)W?y7t16N~}%5OKRhif@F|gHDf_N
z?cKsR%1Oh`Keh31icbFjNEM%9R8mj;f<j5#h;$Oz+Pi8uZ0}Me6p;8Ov#7|-pg_E~
zfB0+MK&DkikrioQZj4k$h+$U9w<BgpzAbBTHtywm%=`G;(LHQj$Df4oN|kNX@QxT&
zXA0exH0SB@Lb+&FBb_vQR8Ntfn&=zUsYRQ*sFS#h1<J{t$92H$&1(bbZZ`1Me<a(5
z+$l!=`u1&0$yDXtZ_TE@EoFG(8K>U#Tso_O1)J!5o4oY60&7G$Kc5B+uX)tZ8wt<1
za5KKrA0*z==cZDUJHb^rb8(!%u)6YM4gZgiR{SDMNWN9VEscly;fb8i8B5Ed5GQuR
z_BRW~n^Akdh^F<`|8zA`B*B_n9j^KE?D`^T3BQR|<dpT|*|mBNdj3P!T?95QRG=U$
z0ZFr}CL+~r7CEhZ%CH9Uv(_A^-y%5H;RCm`r~}Vk$iX~Qu!buX%_yG6pgh<uKQs(7
zsA(Bjpm==2p=r%t;xr7F$a&uva!K-gb~Q!I7%f7lokCR$43h66Tqj^f!70k}n_6+K
zkpZvWve6VBRYP?2jGGQxKu9)bng4W4&xq81>M0HH;T1yUaISU;7@pmkzEUk_4hT-+
zTu(B*+v}vDb$P!C)cem}87b=*{T%OJk?tGPi>+&c+G0lnx4T`=6w=c!A<6J4xK78v
zayG$4rc952*A<HH2BZGtNqtJKQoGEFs}te{80xl#2z!ZaMTy>oz#JsdqQnhqZ)i^Z
zVi=2?>Xu&kTYLpBa3lCkAzXus(;V2i^s#!*=qi<Mpq}Reaye5A6$N;)PtDt7osBl>
z34e1Jb_z_7r?WmHiiai=9F_}L%j-RCpXEFCP{%}G^~*u<1;jABPt=(x@9Jdw(NuDM
z46|eX*h}jb?H+mYQgH$Gi3Mu`{1ZveyuZK_ADiYVZeP2%?s`<Jg}tGt;%2$mU7x%k
zQAzXVyoJ@x6l0!M<<RY*wXHG2EEEUFa1T-5<gEn(`XXSfPX{{Va=q{L%VF1HcSYR2
zrm=2-e`9!8;rm#0Zst@-C=1k}<%rDd&7*>x(A^wR4*l;}bb9&(P926uKRt3JD{{1T
zsWS}s$ZC5g(UiJg60ClL@bj+AWZc`xdlHdKi8|nmMJV)^Z1&}TV+WxxX5vRcLlTJE
z03KWjl9e608@wcwcNV;A3|@NOmS=JvVi~ar;p9T{@*)k76z)&Q_|8Q~-HX%KgtdHD
zHTCY2qT1VOXRIet8GGpoclk_bIM1V#gC=ApWe)TeDEIX{>Py~5Z-$X%p?31Fh;lar
z^G(ebP0I;ugjeM*ShvvO2K0E~-IS=)T97<fK9AZ7;xi41^2noGuJ#Qhq8YnGp#=Ny
zq9}-%<i!d8!r}(mKKWfwj6)NRZwrgtDFnBv>B+Dr1t6eSRDqgu>4cv|O2<W*bRWDB
zIlG<ddm*wA&Pg0t@>TL}=j}?+_wrlUSX@s{?)(@<vpU^!Ov`3(3@xrnKaZ8;0_2Q5
z=bp!-S|fW371;^g9XhA_f}s8N*DPG>>t{TO$qb{d+$ptT|5mhXpKY-<8{2L<)ndEE
z8*+0jx{LVm(dxsbkw))&H%S>tU(@5ms~1PUc!)_TJmJDq-fAy?P*7!EMkp_?P2o=h
zS%nGJ6;R$>z@0oD)$~W_Vr+>RH1VRk&w3YX`7td<nzoDH7!g+)@;&RxxIZm7kRM%Q
zm_q@-ojf(!D^l9KO8Y&EeTQ`xLVY?w|Fl5#u$je<YS9=&bIC>mLw`9`_u<Qb!YLNS
zueZBY>VsC3uFUi!$s19)U-dI}LNDm>lE8j<@aWDl-1N$*E_ca2s+8@FOSG=9bh~%n
zPVRT~m*Z&fxMv<zNk^u79`wDFlYy+`(xGY3gZtq19g#jJv9#Y72;Nf~s}PS@J@qmA
zA!jM*64QwsyP|-3Y`A1?esM5Qz-5ZoQ4AGrgvP0O8ttOmQT7zJ)lq^SiYTVD)S@Z_
zUqzQ-U#mRd=_xx)rwuW79$$^st*5B9K<ZpmYzbrne8R|q#+yN=^8Tb8x|{AhhNIfT
zvG5WL9p;$T7Y_|{a<5wLQbmil<wnYdx&_73Jq2gdW~MSYIUsufzA;}QJ2$4GPoPJS
zd4IBAN*pxy{;YyLn@eCM9VyYaBuu=5Xeteagk6oV{dl5$v?fUT?a$-L{W5v`gR^B>
zSY>y!LD-(=^K#{>F>gplTYX5(MWsX*aI1DB`42$$U`-N3ScF(^$+F&-6?}?J-<W+Z
z_$^uTkmpi##MoORLFxW02)=wb8CyYXY1+=c!Ew4PA%a8hL<*SR0K#(w>+j)bZTu5-
z&R;pAP$e+%2p4))^UlIWc6V_Fu_4X}Uqn9~RJF`!O%gt5qvV9XRqv+%8D5|ALJ%z=
zSA-R)(mhnRogLAhK7Az3X1#6S7*lUWZ@R9@TV-b^@E{dzU*{KjL`}C_e{hA$DSSt3
z!NVtgMwlwN>h>(v(WbNDBC{En?TM9VvVQrgd!~a6ncsl|{LmKT9w|15AxL;$4Nv+(
zV*&5B&wtvHj(3@6)-8aVbQVo<q!`_0F0lrjqNg+#@EQ_rG`oNt<h=Q0Y#D+7+oHgy
zo0U~ID_iiuji%?(;j%2ZWy7WJzt4cpM1kPDb13^#@~(kL+sd^&EMM`9&CkZ@Xrjn?
zh5j4n>8R_Q*->iGdUj3V&mO)lYHnhDcT@<v=O9FWd(UV-{{iEDG9S*K0Y2=vXY*rv
zwi6B6$TlIxXPT?H?^pT8E5RX5QSB@@?v43!*hEFisyLyg#$o+H%^el_{*x$*3q0SV
zgD4G2h?MpoD<09pgZPjM(XwA)2o2D~!i88P<u0qkB1Fr&cU~#wICbuhE%nxdMB&DH
z|Ew|WcDvFY+lBaDMEJaHkN?%Kpf5q};~Kr()T4h6qJkWyW`o8f9P+iPCH^GNA#g<S
z%K;ST%)YW3HGAbZpCyX+c)~Yp!_{A0k@1dPvt_VDu4YC?O|qcY7Gq>~FgiJD6^W>H
zYFjq-?K%s`UdpPWEd2)?<|8?33HTZ&&Dgz&p@n1EvB9zK#73r4o@qyrRg{I#TVFq@
zue-<Es?<cb?DJ?~>EW`WQuohgIEnHbK%^BGIiKbmp40@-G|Z%5(A?po{+$atJ?F%(
zLBMuq@A4xhUtRM9ZWa12mw(ZyIbN`_)%lXzkZ~<z=W;~*19C9)vi#i51v0EZr!(_E
zC0$=2m!BawQEgi&5=|0YrdB@pZnTgyXC_Ubtd03dGZ4Z4*uzY`iVv#V_;Z}zeXg<}
zwQCn-;;NnwgwI0nEU)F!$in44s>b;iMc>Pa1KG8!%HT+^i~=#PCZX_1xl8=!PW7fG
zRyq2JE)`$K^V{{N8|hjq(F)F-Nr$Pr-Pfp^J0zmpIDzT9Wj7tmxEkhlvF91v&Je%Z
zlxDs0rRQ&qLeuXh9X3qlwWo?m*j5LQ9NYA79<UerWcI&OnA@PKO?MS8DLQ1ShCVW@
zkYD5Y24mmsF&xFXM@a@471M{Ge7{`kM(iTE;w(yWf05O%+@;<Zx5F3BEzC%at~_;(
z9=Z(8V&&j~h>M3aFN&cU1Q`6G16Pl+>zir6e+ZF28<ycT!?_m<jq9qukuca%P(w{b
zp8O*ED!pPfKf=t2j)=cE@6wwmT8`r0ExQ}|Lg31{fgb}YhDLvAm@F%Jl^wzslmAo{
zsv7}4XyhFN{98ubdOT9+a{5+(MzkZrG97xxucgoaYQJVI4iWHUc67@Ei~9sLVGpA&
z@!bS^6~Avt^sRcSZnqo`a~B(ZK-2ZCj|phK1a1w7+!s|?RpjY&mP$^jTitHWts`w<
zXu$(*%IbXGhFw>9IoAQPPji4z{v5gHNhVDm9b^F%G{4YyC5?^XsGex!qf{c-*mgqL
zeV#O{pQ~o^v>xV|zZh9CscGaNc{62`KQmAO7-worgE<oBNJ5tr-j#<T-%_!2UX?+c
z2-=exy^>T1^+@3^w8;$l<~>R!Zf)eZyfv6VS(py)V`4GCG{(G$6M!Mhj5oh;>67n4
z+RSUT^b<`vVhhqXzmB(I>wZ=S%!4uV_F}rY#!XixlYZ?pdHdh3)Q2FCsb(SDO4$X5
z>{Lp~iy;urZD$x^{W_tuy={Z`G+$Ex0Cdj*Nc5d}BsdqY1CT=pjrWlgkh^!z1>|M_
z3PGPC9A6+OfQNjl^%bWXJbIGuS^gKsB9&d+Bn~Hu@@|Yod<&AzVrf^tli3gxeXm}s
z-mSTQB<3O@4IV^sIfulwgy?^q2+_|NiD79HdVYX4DgJ2eM$7xC<`8+xVI~iB*DuZI
zkH`WFX#qXz!zYRmehsmUsx~`Mf|V(f^RyG>8^05n_q0-`d)Y;K^L|0nuXrr<RD3Lp
zb&Ko4GMAqdrv5F!BeDI~V`t8X{QM52zrly2-@9q=W^~}P6L^7Fi(-axFd7A3_wr0P
zH}i>?6DXOMjw|#lO?0RT2T^*T_&eZ?;&#m5Y{%@`&9pyjAa|Z@OgA%}L-a21Jzz-R
zHJUG}WixOyVYovMPCVir&k#*hnLin%(t+E~E$xkOd@{oU;(;9q)H=Tdx9sj_2)J3m
z@<CkZI$-1t;`)1I2-M$eV7y$H=U$;`lIAjSt}Rkj+Czz(3&~%pl_Megmb#|ae3ndS
zqzr2qiRt0D%>0*O7wTM7ztaq>H}!w8cKw!917xhu-Tr!Ywe~s0fB<bW?kiS#Hhn1Q
z(*K{kS6X9KRoQ;-ZagFx@ao%EA%sx+jSwID=h;o+d^dg%{sAI4LD`C`y8$i+7{!`E
z4=@haxK2v&i~*UVs}|Jz=Znbx*2_N$qfK`Oq+NmQa0e4gKuGBLGY$}vN1h-*OK*oL
zB~HI*rcY;(0gbY}c~5vx%A`cHvh`k3t*x#(QW<}Tdcl51f^j~}ZBkRy^FuOziO_cp
zm^z5PO2C4_lRRj4XfN>gJAoK>k?CSsm`T!30ND8m5~NbV*&N$bZ~^%fr@GXKz^iO}
zk=V_QZU#HM`iZ$QFi87&`b(cy4_@Yjesbp^>JsnGNr~(Gf2Tj)Zu+eavRmLR!cFBk
zPEU>+bc(za!EBVe6M=iBvF!+7f&>vQsY12q9ot@Lyje-bU8o(c9CID4rZD%YfI8Kc
zAr9QfaM4ca1=pJte3t1`fR(S*Y0|NC`TV1a&6?VxKz+FuWYpgX6t<nI!Euc-xAZHw
zfXL-<2R=VtmyRK#|9ST|&d8Gau>A|JFaOjUUC*jvi_3e$e-PxHUc6yp`I2Ydf$s&Q
zV#l8yIB<iWP-c?Y$`zKCFL_bsS)|!m$^P-x%>JObEB%7EpABi1dsccYJD0$nt;`@M
z=kGZP{VNj%Ar)Bcwfdbr=eJV_IL4v#$VhHx61+<%F;pipItT)tUimf^UvoMgtip2J
zG|sPfd``m;@;yLrW6}*&VEd|B<oXiW!OjhSb6(NH*OoxO1=#jEn|)fGg?Uj-mkr!|
zDr=H6)02mT&+%D26)V<Y74G3+O=_!9M3~jqy+@S0Yfq{Eo@yG`bifI~R3$8^$x%KC
zzn*U=ztYor>H1SmVAF;>+Q^bW$}@cz;kSUg-U!oAGu`W#-2dp_WP5{5v{Gzvlj4?+
zN_F93SnyvsSLT$o7B2CPAdm`z1Naw>xik|RII)oBr@cYRzZHH#T%E?W1Z8RB1j?z0
zsi72E;9&sonaXMzce0H3F=cQ~{6{L@BJdo;Vs{JV!*3_^@7Vf}lhG4ork2rv2LKa(
zZe;?U$S!=#<{#vABi)9X^E{6zkHS=YnD<JT7&`MFGJmNFss&*3#&=;mC3FbLftc75
z@-cBIrQM~J7^;*QeFC}vNZ$V9JfsJ{U`#9ccE`uf9(6~CHIjUDJUID0JubMQ3raZ3
z!)I=Ij#Zci=x+g%ILJbQ=eA^pXmFgqq{57&fCvn#01!t*Mq;kSu*gM%2->THI2}-U
zsH_D|VgJL429_v8CGt{&v4iEDe<5-i6{YI`vo}Zmd6HB^({+I@7kQP{&HMF?tT#s2
z@S5#&K=6<0#J&Ew?BC-lz?Eb9wy0I$DdYbnPe!sJd$H=(u2ikTUQnfRW_4sg_~>w+
ziCX--1_LfYZzrcbw^K7c-^T`AdWekZ^|-F}@FOK40I297(+)Zt_N4wOIsG<hYuV`T
zyue{|6QDl?M7IE70T7U#9ENG`AVdJq!$dB2l9`uClf+#*{T=f3lkcX>gYQke&Z<JZ
zM8cEiw~@h;zJ3_p$E?B*d{<r0!}hfqpZCB1>*eO#IF;x)MFjLvF^G{Ke3tfz3FoZh
zs)23gmFQ&^zV$s4g$I8pF8hH})JInHJm&d;yK>Mu;XD7$`3tc8Er)K3K6W)5Y1$AZ
z;D9r@$Yi94r#c3riQa42dD4-h;Mf5D@$H;<>QAaa{PJ8E!MLI@>1FO&bj#k-6N^M6
z#1Ay3F`jlimUKg!%BZ0=yQ|vhGJgv2HK?t>&oSgnptw%^&9L^_%F`vGj5NAk^Mr<O
zr_qnSfx$LgeaVeA%uf2a<}qf){rM|HTVSJn3hMxA9%}SQyxOVUz}OB5w#<M*@kxJE
zcJ)V7I_Ag;vfw?6if24i;D;GfPVA;?!h<B8OLB>xGzE7J#kA6UhsWw%x6nof{`g_e
z)1RmBCr3YyLF%1|L$dKA*<#-Jgk;^nAZC(?{w#Us!&zp|6T@{GYGfI~BJ_NOO~2PI
zWbaRNv9}295inrE>Gd4hg5Z;Tv$649ebQyB7S@^n>Dm8p;5Y)#JnIr!)H?-zdwjf{
z@-W5vT(KLu>peM6$PKX;DUwtd8YP$YjN>%_2d5u8EA#1}c+D*^?l~8{Ctq#Z9^F(3
zYFCAY9&H!5WaMgd6@skPMz>${7-esI;AS+P?$q()FEg-)BDnth?#KdRoNglb!NS*h
zp!VRi;1w<AQnic#%H+<wV%+Mhx1xFU@tIc7?O&c$(^|1#aK5xirAi*4Jbd#if$VG|
zAo$2DiYJ-&((_%HT!7A~v!V?bzN?6E94m{Od{~*vK~{GYQ+U!%ZmN$-bv!Vr8Co&O
zH=1Hmyf-%ylR>;R3;*z%Ruq9ls63`AU%waZW7vRORaB%r!+;A}S;+w9_*~uL_+@VD
zQ;&JlT(I7@9NBrxz-BY>Nj-9%(ojJxK+y)bhgY{Oy9MFQv3I7C7~Nq+jo%Y~D*qae
z0SSevH^n!+wz5<#y;gOvM|T-1r%ol(J^cwT$YU$T0z2aMDp=ujeNZ_yib#7#OR5xh
zWBAgF_vg@_*S_|-A#!H;AT>y^Gsw!IjPo7wV{nF3C;1tu@L7>@aXQ9lR&`JCGi`-8
z=KXVKpfmjox&M%k@wru2t_+us=Q&;69yLnvUoK4W(p`EPt9%a8u!gvi?%lW#dRy3B
z2kaDk-S&@1<>lSUlK;su`tn3&3mZWgWP@^WKu^>GU;X@4Z)aSqJ?iemuVHe)CiKYy
z!&)va*`D@X%6D$+zDPgH!)yK&p2sa@>Az}w`Dh}C-0bY#3uPs+py@^wtN9nKE}Oa5
zm1Es*cSqt(e9!^p-CZFOk*7HUT)+hRz;>NZmiF_^JR5)lpuoJ$Z;{3l`=lqt8^4@f
z!JE><F_8NKd*t%m>*on%^@~y5Ct{i+)KTB7UBBTS1P*@u7{!|&#WP-a5_S2P7I)!z
zZ2<dhvr&+04lbU31ee=lFm5y~K?rK}xRCmf#={A2hP8%)3{3;qrH;sfZr9*_GuFv_
z3YXd*K5@oc^vu)D{xU>ieS1rFM@LU$4;=od<PjK~0{i;x1+#hXxk^}<ZMB2^{8~ST
zIYJ-9$lNVgQWp!C>r@`1U)eg@XqPYYoc1?Ev##KesQ`a+Jb^Z?M%~-(f7v~Kp@Pv;
zPfrLHx*$o$t9}X61ix?pYkDW&jaj0QWFh%`4C<#67x#zY*3UYL3y&c}%wiR|`2P&3
znbE);@}4|pg4!&4U2EeD$VXu~t=F2rYM3^#D9!W8-?4q``!F#*=-jDn*-%gm{a3QS
zllrU!w*hQnFNgwWZ=AAZS;D{vk^FnjqZw$&m1%`o$Dp&pq{daR<`;eV(%odE(~Q}1
z&Ma_ofsDNyy3ClhK-_e~Ek{e@Nxql*E>Ix3)i1FP1giu@77F)ewmmy<X^UTd8)uOO
zjHFL)F63^u*lCTBqXq0|Z1!DMf>qpVec%GaOf_^xE3|JSQu4^^{DP0fK;y+jeK%DV
z^<w#%fxr-!U{`q~aP^0xTB-r(LnBzfxPlEQ?^Nyk*}}b{LV)X%X1|%Lg8ER+yyTRb
zCVGSan;hyry4==?C@779sQvHQOIwl5@-wobSKrgl&0xcyMA1gJeAgBB9JaKjVXlF&
zUHee6Zf$|oJbRrp@T>zVOd8-q;FKjtJ<?66h<^C$Vts6@y?gZzO0<h=Z5-swT6^+E
zBmKfA#g}5_OKl=Es)Mw-sUtN)VDNY$?F>2UOFZo({{(Mc?kPvqy4%L>9)o_TrU%U1
z4A4;KZ3gM=AJ3on+w-3R*ROBLm1`*_uOn?iH6Ok;`1wV1JO<<7FyBEj)c&sUzf@ok
zfL;rT^BFUfVNorCxZ4w{w*`F_(xjl&(;kTW52f&6&6#+QdJn#vz-iZmJ!2y=&sl|d
z3kP7{)Ymmu#f90SkIC<1$hmE-Nwh>KtDxkS0gi!UPrFjdF>m4&mP4TbsWSkB8fVWg
z=fJiK@Fx@kHW~hr1vps>;-zTvFG>x8e|$Sd)nED5i0m2Igt^Nr>|vW3>r0+;4U{g*
zDFyhZ6seo~Wi_s(LUPs}gI;TfO}+0AoJ&BDmo87hfabf0Tq+~2s;bwTLo&EPTYj^S
z2|A6<ZYXUBP^qJL88wm{x7r6IMq_f-V<ZYVf?nm3b#Hm0-Pi^MSVI$oi|XnV7EN1{
zNMC-I^~-musH3WJ23;kz%Y+H{H1y<olC}1<>{Bow(uR1^#WEPW+rP7m#RxX<AC8{8
zNxiKtoUA#v^dsQg*z#NLH8F+aps&*^wu^(lgttrSg$#oKfaj?_{35dB!Chy_MlyC@
z#QGbQL4w+v;t*YizEhNc8PRgs5YJ)AUm4st(-opn9!A^nan@$cDBC|=)E?7sKfmgD
zCH=5i-A}tk&DG;GLf2<Zi5&BFXK9~wD%G~X(VL1$$$|WN+B~}-^~UmUVu;H&#<hcV
zjVo(S6>XJiHF_&ns_R3K-^G5pj@OifQn!UemgQRyadMcqZ@@3J5r5Qo7C3w@w|9NJ
z2ZK!yzU(CRa;9cp22;N)kd)J@g``piu!5axRDp7d%0LT}80`W1WL;kw)wvWD4e7tg
zv>zZ&1+O96y<?4OSWJ4mX8JF=vVMJg!L}f)nM5SnpY+KWuPt)A<Sqm=ca!oh`z?+1
zup&)+$#Iug+Vjp_B&ZcUBUfD74oSr+R$q_oHTLpi#;*S^nxC`%7chFn?aSMjf`}un
zv*D`YZSQBIOHa((EM3N~#)_8AD;23O<y`||4Aj^=or6C<jS2A_$(Xsg)1nhx1|I=c
z-A)tk1&aHYY&h_JdJy@_`1SR-igDV@12g_N-l!+@zhY*!!JT=Nk{Hk1H3F7#^$&<<
zU{9QAAz8xHu{{Jd(l$pU&Y+Mi{g}D>O^-8DKblOihc!!VXqa2kQL>wq4GKxYX~PkY
zGT|SZIWu8*z_>rW0=|ejj;FqcSZtFudPWwz)Fb7n9+G8vxxJQHB%SW&Oinr^uRGwa
zc!4#sdcDo;JZdIM)adp;OGMwQRgX6Oj%QXiF^ufCZ=R(|O>d#$4KDTLsReTfE97jT
zw!>zM$|P2T7xc1(wo}p71<Fa)$+YGOEFYENQID~*(?hutT@7u=H}s7HSy~`&D6R?h
zk|fqo8iqLa@lPlQhE7^#i;4}QMSG!*7iWVR&$9XP7p6!$)Zt+S6Eyd62E<#=2SNmr
z{JK7Cu(b?Bd82RttJ8C=J{L;HyV&BcPGxk&(hVx>epN<(9~C(yBa=^s<g_%A>12^E
z!pAhpw%g?X{g(1wbn)Un?G<dRj4zM0_p+85NJzEhkkb;8aIA215NOa(;IcUe>V*nL
zh8+6oqi?F`(%FsZ+EFwgzeGiuEtjErd7?7*FQdTOoWCU)^iHjkF29>v`xoAYy?`@F
z8D8_(lR4AXR}MxUSNXni$5;CuNkYCpsAZdxdXG_=+U179Aj~E>XoDXwpzOw~(^1up
z9b2`21RX`0<#{`&AByK%p9E0gh&@`lQ&o#YB=NeMWcvB|)Z_tj?}MKUgpVKibep5A
z7;?vCvu-o-u>@wvCH!~C#c3w$)iWd$H@iXK)p#$<E%0Xvo4?Bj#*kTfEp<)^ZWi7Q
z9Cz+=6#opmTEGDR12*0%a5H|VWB=V$&O3W1@9fuoP-yUX&+jKG<EMwz?+%tZ?%?>?
zir{qvi&}qniDE90J-GoC7^v8XCkB+X)?J4WH}wzJT*%I+qt9Dr3KY($RmRf0KK2R7
zWWuknS*=H^pw=)w?s*G#MFwoyvi7C!6&|Qx1?T(1_1Y7!3eOB@&X*)AMe`rTkf?iY
z9c8g4Hu;W>?OKVolKujfscR?H?$ihf&1esEa!OQ3Zt1V24cpdg;a6!(iOw<CFeER)
z6Hv7-EGgwc!a3Em1zY;yoHygs`7|CybsAulRw%k;l;rGRtI``!_R>jp(|ZcV?D~gy
zb&qNreOwb}!A?`<7CR#s_sj+x3Wz-R$S`J|rQaq$+JJv7>C6~rv*hI677du|*uc-*
z_j0qDlN!R30xBYBPS${CXhX1=USCo@w?=MDAISjAj&XyrTNG3a46QkgnovT=KsS4+
zi?xywm^0&DEca=?K7}ocN63SLN0Ai|-yqxnpbZZ(G47oPo?ryPP%gU@!)IYP@)XM!
zdAMID(rYQBzg+BbU97<-4dQS63Rb5a!|7cf6pM7$K<rhoS)TI>J%j9I`K_BRc19MH
z5yLbSnD>@O2F6aJ_&zo_o%3rj+I)jvZ{7ThPjL1G#cDeNz+s?bpzhkL)amT4qXg)L
zJ_>!j7BuWSt3;i*?-ThU^WJV{Tx5<EvN;+m{w{>!x8}ZSR30yyG=%W5e`oE-u#hBS
zh@mTlF|Fs1$+Tfw?{LtnkG%%vLK;s}OD$uT@a$r&qh$ZhbIUcXaxD;VtiU&=b-XH-
ze>D=~VaHdp7JFylDFqz^pL+LcY=%Jbs|=g)16zp;?$hDyHx5Ten<<x=g(0Jn`}F_a
z@@3|Ttg=$anAzzrCFOmpYNV2|+DAVxJWK!$M)QGUp&y!qr#0x3j4YX$Te4#@xoSH!
ziT?ku{1YIZ0N`1o`IdL`4_ALY>pbW&f3od44O1Q!yg8BF8Q;Nd{eDq`sj|vhiCNrF
zxFl%_S|+r_DH3+{AgZrYr#IcCq;JfkSkojip-D(5itGG`rG`=0HmF44YNR@9$svVP
z;S%4K8S8K^?tCggpWXC6KkHO)zfb73yQIW}Gnq|`11iyKkRMpa`bI-TTO+^WwUsRz
z+;=Fvf5NCrB6sROpLw$ObkJL@sBORX?mYKb626?~=imQ*Q&MdIsV`ZSeK%nA*@c?s
z)*`cl{r&V$8a8>MiFOb-n|BU$&o8kJBzEz_{$cwePX2b+RoN3=iOBjOd_#(xWbs$;
z)tC<<q>++=Y)0@w%Lbu<K=hFh<7j@Vf!i}Ydp_9<qz`(ajj?qMjrOm{RbgkgarU1^
zi@bHUs}>SVK7&=pJK!uUqbIYP-NLdOkS^BJN;V&1_Z|(3a)o~&h4SXtuA_>`tFnPy
zl|l2~thJ`mTfTwsCe-HXfli;Oi=g!Jp@18$QcT^}@cXvu535R(jdD)J#`|A<`t7Zq
zgX;Em(2UEOA-DoiYtH{<$fm}{b|2BX4Ie$JLHS~nVnTL{ro}z#CmRciu{WF>0*>hj
ze@97g1}UK}n4)Fr!mzKTZgs77v9&Kg!5i&o^!k%a0eDgm|Hvp<j)OBS9D}6#a7}2|
zf&iKbm4~}-Qar%$$JmBr$mXrEO{tWC!^i6qq-^oI-cDmEv#7t~_DVY1&OJr;ME3u8
zr{hAFtb4RJz>3wTLs^9Ojpd2DShBMy_iVWJWCO#+U6^st57-)f{~aoFN4NyHJ(CrY
zYrWGG|4#^>N$FwYW}wT*jWk4FhBEtopw+b3ESy)nN#m^lS}uiRX{Ukln&8`McbpVf
z>_oWu69<0xIXXgwWKlmYl4W&;s?#5!5BC>@_GA1|-}RxF#ZhyWVOod%<nqX0R;w#D
zJuSau*yD-^Jni$5)?Rt*BL&0;q5;QoDn{CWF)<+d)X~Iknk(5IqiJco{eITHS_OF?
zmPyM)S|DeHn+sgEJxi(Zw#>Yu-LuNQb_d3mN%MvfYENdE35FWNFZ5L73Yt}p$R8rC
zsj_~?ff1a3SR*vC)*wDpw;~AkDNQg<t~`-7atsOC&@h(lm0#Lw6H(aXk48y)vYXSC
zv<$5;>@HYgtln=R-CRf#VW~cab>uYvWg#`zLjS6s{Kyk6*|@V9eW$ZXod2b*CsEul
zBGOl>T|?w<s|*5#6wQ4?Faxm0O1|+gDu*P|H9v;-!z<F%6@D~aUH;3MK<h6k->Ax<
z`G>fMI{3f311yi^SSR&G<eOaE&x)nP%-VYbBPoR!*qiEqiG3hR(>|-tt<YNRHBK=v
zUpby$-td!w*=7t;=X7=Y7qglK?H_EAsDn?PHf|bN6fO~rl=Y&bx|-a-f*jrd)q8U8
zGLF@~s)S$$#WOT%8bgfx`Cw4$QirCPNl*XJt+1t6d<`USyuA>+xmSg3^=bsLz(-Z~
zhJT*~Xze$NfsyVHCRwVEu-UBtivtjM{0TA*#SJ`W)1H_Q4h<t`Z(i7G0trk$-7M<U
z+>T9qdb_e@Xw`V2Ha-h<9ex9`JNP%~doqb-p8>IKrxA2Z0=j1}Xpu4-6qom#>i~f_
z@VOl@SLz@XTCI@k`>3sRV%RC~MYXzc6=OTD>aIXnpfG^H#dhG=YL@GV$}}puP!eMW
z^G^BCh44m+k#ei<-aYBw_6=>4>$<W0d#m%1S$0+X9^^MAlGCnFxn(MB(y#CzA{VUr
zEfx$`(+W+EO-mp-*tc(MJYgV`h}yl7N7a>jg}g5FyxCYC?<OV#!Etg6x#fXUOsiAQ
ze0rvK+Pcgt_=d&I26tgw=BTJNYAN%lXLkaq^2IG#6_2w4GdpN$Vpt)$d|6r@WfjFm
z63P$Fcz+qPn%1aSdB4-z<_LEGn+0+SIv}tCXKT~}2df-+qV))Xc5#oMF=@Fh+m*l6
zYy@W#uVo5r3;g1_zvTa`>g@1Onr<`HYK_`mEA(o20d1x>&C{+D(UF#20O{9<V@Xxr
zO#up)odt@>{PuaoS&3q3K#8A)A->|)?6(*D*ROuhuccQ0a!comgr@oT)wfv`1Q5ul
zZR3xFp=KmlHzpsSz<B;m>w#gwy{%(w)U2U^j@aZ+f%XAP&zj`u)zY&2<aMG;aaUQW
zz{TA^`k1zFo{>bY<~jA+*i#@IuJp{f=@fpO-L~i&4Wpii++HqH4CEX@yvy}V*CO|3
zt$R830y^1h`-POqWB(I(@l49*uFq|E-rsN9s{`spE++Uhol`(L^rq5-DxN(l77o(S
z+kYquOo}3t-UCz~n5M%dV3}k;_|_=<o27Ub5O|}Yqn^~K7kV8hMwOMXSxjDG@)aZ#
zRWRfdLB_shmiB#?$t$0tkOehC?d}&Vv`2`dc`%qapZUzm@b3k^7ML}@mh>v(rd=GR
z!<E{n6E$_lHG8bzLw(nvTMj>L<$Ne@hTRV1V_&Mr`Pkqx19NxRxLne@F<&MiV;9dA
zs7)p98qf(d3Ez*`UHwTa3V)&=V8trToqw)2qs6<D%PpIhrf1DIP@=iT-s9WRT^>EB
zHKq#5W0GqXsMaX{1A%TIu+H1{99|XsC6OQxt6RO{4?=sM8x}*P9~2Lpmbkqo=Jr^|
zKj%|`eW`F4OK^#KzrJ*%pk<M6#LS~#-TPLqlkS|oNT%8=YrLm{hrqbow|27z&xDG1
zb_^Y%yxAM&><i(pSZ{mS#qw5b-bSLhr$`Z}6rIjWuH2q2hDfb<--vfbww59~9KLoD
z5FI?ln0JJCFin9z)cCf4J+<#|A2rRjyFG~2C(6p#E#v_+%v_d2&%{||Y7#tSd1jUH
zn27##&RUXsLRw8wF3H5fHn_cHqpq<P(S?CR2W|5#?l>kFmN8Q4V*cZ`NqJTSsO#s%
z2+oWY*U$q`uRWeH<bEvurHhbGCbxJnP6BWCnB2^!j*^9Ig6ozj(%)C`iN|?ERoXFV
z7G#;3?^Z5Zx2I8l(t7)Yte(AX@zVO}UwEN<%S6n0-<u10`+;wgd2yK=Bz{jo5AI*o
z3|(fE&v+leqR#*<`qkHO`BbcY>#XiugY*}GM3Vwdqi;QtFIb}o))yWFKVrwj{i)Oe
z(SwOe{==qup|#W7li8`{fzgJCBj5gQ6sM`~Mt?C@etpm|2?-aj()O?(2({;@*-kN=
zNKbFqOBJ%TkwPMN%Z>2oc)3DXLZK_(GbghPR7wQc2INu^UsipbHbrT@=|v3%>@inf
zIKPrx?RJYG7wK_6)Osj5qbYsgX}0Fq4O&sU1}xu|r9z-Z(SC9(%}ep>1gumBk)~<f
zlWB!<zy$otp!5O=sG$;Jl_yEa<|`b?*nbrUmCVi|SSMP3bSb9iGm7{M$=ZT(&i1vJ
zYF{cVWa0<IK-3M$aLX1`&<O2c`WZCAL6^Yt@!J+5B~ClxwHwu(j*+I_+dZj8itE>;
zSL*^k4h5|q(TU|35qoW=ff&8MeM?sRgW3l@X;)aqR>09I5qTdAzLJl?@xGvi2UatN
zpChiNF<ZkXIDrs>!I>x_<hHT|$$%i_4t_b^E*2Wx7^ZI_dzH~6ziSSY7R=F_A^Lz~
z5Skb!i$(uhBk~sxXgv$O_E+%A%=ufbk<pS?aRN!d4U(T~yIoK$xFFFeJf*edM$9FJ
zrg{on(JBJ8{a5(exyv=EM;Mygg1GXowfZ^T&H`;#zr}g`_2%%+4{9`j5kHoZEn%wo
zuBaD@SJt+@yzGM(>wV&=h-pn6Lx?i3ot?&Vx(iRa%yU74tKcK0mveB_U+J0fMx33o
zIW>rCO39xIjtZk^h3$umxKvKM2OO2ZfzR##=suUB`<5uuB20+8E&KAnxR9K`iFbf@
zz0)MUB?isrD>!2Kf&1hMhGD{>FuUpMXUp>T@+e+BdS=15`iASHa#YNJ<Kurws>g3Z
zFo&A~+dJ<pGYIc=QGPv{8HwAMeuhX<o1W`_*8cWh@;$6H6I*3qI^IZbXHW#JRqxzn
zg#dQYNtCQ^BF&tITuJkU^~-NANZ^B3y<EdRvn9^`;+rdCxvpv4>y~5JFm6XSV)!a*
z>D6fOv#{NYIWPLjuSdrUbLlH)s_w;e9QTpFG4hcd1ue9Jpk*{Jre1EXb}KT(er4;;
z!Rq^_mue^%7YVFtkTWUFCdrHCg(lIda50;-f-cV08Qza`a&N{%Q@AFy6xC5}O%Vaj
zFW^7YXncj5g)Qf(2Tr7h_InsgC_t!QazA#<RcQzIj-Mfyz~ACPjloys#cZFRVYr+o
z^*5c*tV_t)EXlfja>*KA?=w#qv&1XPpp)sE#xN+;?LCmTTB9t>E1u(YvHM8P9>(TX
zV%$pZcxoKL2F%`5@@W5f*%?8R@}>e34$Yf<%quj}?c0@)UDlmZpv;IG$_=M<n%G-T
z=F~m;uuSZlYwBY4w$E+0$p0w`%lmdb)EZ_P{2pd$x>!lgEup2+?Ke=eC;m@kUmj0o
z{=PqIN`<77q>@r(sU)Go^pPl)EXSICD5R5wBuf+`(t_+IAv;;lvG0Uvv*jF1mWmu(
z969GWzx(|hO*J#0-}f_r&1<Ha*Lj}je&6?XU-xz0?=SN`jqjPE5q`_2iyyfr;jZI4
zsjuC0#|om82o1Y;6p{7x#7aVjFe-i^*vNU0OR=2P$Hb1CxV6Wgu)%m$_^{6O4IIj2
zr?8pYy=S%A1_jF}=X%2&-Xaom=s~8j+&M<TebdosCs9|Jr+_BsFUjl=P0nhZJ)+(p
zHlXSX>IInYg5voB2s39!ZQ_Do8WG#)u21EHh_;^LB70lO(Y2t_P}WRE{?Cb$tv1BP
zskFsuz8Rap6mFP4YG+mn&WbsW#bMAHP-rPvx2AF?4-5H>W%Jn*;yqQZo3GH?DK&l^
z#%4~Y={yvl6Ysb`Yx0%ZrgNlSduoy(B%>pY%iNFS6C^>Z8jgE1=<-ML+c~BKDgX2G
z(bC~U_RGm;Xx8FJfH}_9(AcY2PAjEV@aPYkM>?1itJU3U(iQA>)KK-W44sdl=RY!a
zT|qQ)n6mQ(yRE93ll)NWojv5?|F}zZe$XywL<o`NaHSX8dQYy=kSB2umQ}&<tw;u4
z3Iv9fPb59MNQWzLod;#b@!M`nW%jSqPca`X&fk{RU}XAx?BeE<@EMPli8Iu39(^*N
zI-r~%S0d<s`th!;!XBrPFLe7^g%1q-=QB-WFXy8Wd*V9QPVDjiPzYy?R!TFeq%Zmp
zf%|iA=IPJ@-6f{NS^b~xo7#4Qm`iZ-Y~|uM$3Nl~x!<Mg;Fvbs``LMq`oxte#gMs)
zO!cvCoy_IkQ$R;0bCiz8ElRztaIgG0K*HkAW+iKRyu#*(PKyXVF;(KBCTfoTb?%1j
z1t-$-RwX5xb`>Tcf26iyr)cDykQE4kSxSs$5e*xSXZ=BmVIR?<m$I3uB3lt>6nnqN
z^JRdv+ycbMgriUZm;5BfkV&bPNb|<Dqr#4u_SXw&kQRq2#h0Y){Hqr}&zY)|HwBX7
zwDX<ox<*v{K%_YBh17_LF|Ftd*+1od#drrV_8sO=CXIXX3STKdt$dGN-t6#$s$BL#
zuZm2=f=95L^J0x}u*eRDZ9DiRKrRY8QP4HWwIrm_hC|=JSof%sr~#la*F2g4{=#hP
ziM6ad382@%HiwjQ=&C<VDQDSRHW%;35ZV#eZ-{BZIMT=AmPPA^DT_;e_Zo;e0sMo)
zgSwa9lwcMD!~|T0h7=ZkZyCvGjY7F=?dQ@)xMBo^9`8!JgAkczPAag8BKl>4mbbu+
zq;ZJeq>$ISM$zSBqp*Xh%SITQ{g|7@qai3u3p4zSlCjdVaJ-^HZwb+Ti%X>f!o=HU
z<a?qub4znaDhHFEfbIhGto<Z@!DM!KzasHVD5g95F2mcBFnq;fuF~;sVEd?{Rz79J
zvm(p8pd-)?bvA0-?ZEzD1Vvna5<_|N_y7YH@!M#_0>*A^4J9R|CXw}=lJ#^{=lX1K
zd5wBZ98afBHC&QTG%DjJQ)lr+5Uhi&u4Ca9xg{#l^?FtuU+D}Eoaa<p0?oUix+x~r
zr8%=_R_0l;B}k%SVIH^z+z4akmx|M8=5>TgAcqcz;d3tt$u!Qx=N##6+u5T)aLPH?
zJ$~WdQQU{so*+=Z{01P{)>=)O_b?{0Jn*LYg4dP;fr1mIhe4m1mn=r*)8=SvKeXTK
z#V!9Tv0vX9hT*)$?uTf~z>vio8?pc?f>}J4t<uP&TXh%=jfRRhzuZmMCuE=R=fhM4
z8avNu(FShw?Nbhu`6Gg@@w#*Qitj1_OD?VVLXA>pJZ&L&hd>$En`c==hy6+J@cP)A
zrJsHBNOsHGF~VqAM9Jj-JfB->C36*=6!?Bmj#B_r;L=*O4b7!T`(F3f6c7EVcFz&d
zDc#vP+sjwRm1?q_?kgJW=Q{*qO2kaK8SxyM8%dL)I-ALNZ+7z(`*3zlma-Vca1KiH
z%RVZm*Gd``Y$8Q&SJa=foy`hh>H2@|={<hCD-|Q3YjqEVooi2E!p^*`OK*MdPqoXE
z6tDG3t=A;8IxX;^ftc-g|0E1sJZwN3Tu`zBAU?JV3FVfrf|0ye!0C7~$JbSs%`1Bd
zbMN8<UZ!H?zlNATfk|<o_Opq<|E`?^MVs)%_tP)LE-r1R(h}NYB60M5tThQ4e9B#S
zw31zVJVW(zx>IkH1bJ&2Dpmqx+o)qPvyZ-Rp5=zCWYAFtDc}L>{nzLm7N3=9X)Pc2
zPqiQLOmS$P3J;JHcz$YE25Fx$Ci2$%tyx+V-B$&#+FZW7+s!kj54|*Tn6meKT<Sx~
zG2hzBrYTBH@yyH~IA^~KR#1}==&N3Ht7&A3Yl#xRfelFkRR#szf?66C>Gun)J(q!l
z0<#2Rhx1oY9TIP15|s#WS^#2$fb&l|?CUu<`f-Q*fdeitvv2Z7)nOWY!Ejkx{YxK@
z*17K%hRTm#ywiv{UJA+;$A$4Xa-qQZyDIc-`PL>cULM)v83iei#>@SRSj^Qj2DbOk
zH-%7kr*(|a-JpMaS+@C7>RZOD|CSNEDm{@|1SCZxo|gTdY94Kjs}u8WovM6c_>B@y
zREg(Q;Osy^fcZ)m#AfTM+bWTRp&jIgCP*gc(Dilsx(^-RN+K?pz!;I2I6u^OJ=zL(
z1v9WKtmQftticT0k||JdswE6sEyFW+4_cAhoa%OYx(@dxSBZft8|i!&w8Y3ZqBe((
zMiFWB*HHxxZ26<(oJ^g;A=$*(D1uCq&9QHZ7r>whmfgKm)iQV!F7^d!D`;A!3Xy83
z0#rMgEo3RD-VrTMee3!aje_iSlM|%9?SwnOA>Y9}FH%cW)L0{9Y<fOc{*3x<=Cg{?
zv3Y|N-TA$*;wN9mz$nma#zO@D<d%CN{uL}I#BG>$h-;fKjvxkgSqH3<##i6nrv-hb
z&$g7+;j<uGOhmRb9;slUd2y?FxUL2_(~6+VUWk*|LSwgMu9TtIQEi@dqUv7m?N*oy
z0u<@Of9eDYqq2%&vhQpNpn90K9oH|BtS?di7#(F2@*Hnt)y=>jyd}nYCZ2DXS{Ga3
ztG}z$<(EoSZrBX5BE@~j{YaDO84D89&pIgOEhCgk<kEPJa$Yb3O(~xolw#;E=u^A0
zsvf2*{6vzSSFN_}k6ZheBV1OWMoY)MN1nf>(;g$c7&7I784<A4T+bVVpj7FMM}KJ$
z{Ljbx71I~HN(b+|5V!r525}L)b{W$3|3WZ&{5J7wRqVD#)3pOmmfa^tIT}Yx_lJeL
zo4?K=O;&V{G?#;fA5#Hg6Z6=AOw0iXBR%^cPz+fkOI2LxSrJJ^*#gmm3o6qyMv%j;
zicCw1^pfaX^WR1L8yBy;TfKPQb<o;!>D}0v*5uWyNO!xcCzUDMMaZlm#1+mucpkI4
z5P@eYzCm^O!{igh996zUEUBRzkJyH_4Va3Dy1*Gx?PD#tzHzym(4+W}Shq+HZcfq;
zzX*0ktvzG(TDts))7@(~o~*k5Lk)+Li?46JT=9(L;R~`C;@qQvVYPFu2^(4Wg=9#Z
zE0#$z2hli7VEpU+_2Et2DzJ^{M99Ig3(f{8?O2v8NY7P1nleZ98BM0XvD=nr=!=Ji
z4dT*7cNgmnQ}hSs=^v(@$b8f))^UL6Z($Q3#!@saDf)=4Z!Du5oR@8W;w@e(57|;*
zuFtueHaNedztr17Nddw}K7q!ezW)m)@5?5KQu#CNteZewLD{5?us|F0LM`*5)FHQc
zeXUrdQ&Pvo#`LYnTv#>*xSr~6w;M_1HqG7_sp#=UJCcSx)cjNjTC~8*ftEEV1(x<f
zJMuU8<}ahXyRTL$1R3pJLM*}4zKB1iOqe#NPEulxi=BF^?uW&p!~sfqVRrzfV0Qqa
z@Xr%%h#1j_Vg$>S0M68ECeiK_F<YQ5?m2xIjQWAENjf)uT_njl_@$T1r==3@Axj{g
zU>eZ%ED>0Qkht}kuf3iDRM{rEf+j+y9G;}XUeB0_vc5^8>gk@Rk)vZeX|WOCa@rZ^
z7%l`2GwPEWNT9#LE%lyP9X|J)@~kOn{`RK|&LkKs?s#xeg8u4KZ1zT3N*y<5H$p~n
zqz1N>zd*Vp=s`-#Q}UeeXLoMm6HFWR2D0fNIxK$&ouK_`-h0lSQ%I`y&<<(8fjpEc
zDRe&TwL|-v=JoNG%VAQ4Y#GUWm-8bx#?L&#!n_C~X^Hl7@P@&b(E|$mXGjC-Q5xwf
zO{Oe4mTq54l}m8p!9ftF|7wdI4H-n9BhfvJb)y_cIl=?e?5A$iY8koPdgr~fC@m6a
z$fOT{1q)_?d_~05@oP$%lLa*o>;q3_q;>CSm2LKgN6(n<fsqFT|0fAAO{Xww-T5#<
zv)acX+C&`))i!Xfn^riTb^03NYemP+*1she%~z`qDn?F9A2tybeQ3G^r*S*4P|S1o
z_9mk{^T~D5+(vxJhP8YZ_<%5O8S^h<KKy%IFvf5TmT`dDQ?AhQ2B)vLZHT$|>_n=8
z#rqk_x_Ue~D_)PCY%z7FCwj={T`J#t?+S9mp$Z-16Uv{pI?!}xPEbnHljzVxh;t61
zNmmw@^&4MehFvc(L%HRNqf#q!dcJY%_q3R(V=G(pe1+ad18v;6FAMc~6+`!el1iNZ
zY!~R8B+-je5Q>qdh^&K{aN6QIQM`CbV9kVU8QxfD`-03CC6?>H`F)?h99-gh(nB45
zCF#$0>F>9vwQ2LWXwbG4W(E9e14Noz$TQ%tMb@;_JWy&_y8%F!bb1dCYB5NdmLI`|
zDt(QU9HMkMU$Mu%w!^jpBwa9?o4}DvNAdNO@@9E2khA1py?@r_0S8^UOVyhiP3=fn
z=>ToIey{*_4PO_-`xWJ^9$)jFdiP4q6#~(Zc6xy;qy(KHeWu%bW>*aRQN=AoyqR`}
zMkW1mtU|O5j8CjS?9M?CC_WzO9}E&4lpH2d1zMusuyXA#9uaGj{}UUz|Js0kh<iLL
zpEIj@*u;nv@xX?92Dy&MO}aaoQ@y{V0QpIceB=#laR^joAlZIwRalAxZRDaAXo13Q
z*|fbH8v0^kYd;FsXNb;4=^z5-Sr=a*M;v48=8RuF##P8;{GstkJU8Hy0FK=!T~#E=
zd9Mj$@Ot2LH#z`N?QLhI6{~zaPwjUl9Br1~^${0M5nys1Hi_vzDbY!E^>jWtv73cZ
z;E2>-A`#*?J|wELu0#v#2Uu7R$7P03LO!qTVuW0b>&}(Q%l?&joaKKXUS;RDe6sNI
z#TWfr)3cde(>3AgX`*QYghL;j&YG#=V7mkxY7USnJL1Oel)E=jF+zFe(bhvkxFx^q
zU@zvhmFUCcV9ka%bn&#)+q35R`kIB7c;}k7vEzspFx8CJQ#v>OFo8d7*{Bz<?Sk8=
zc0)q0au}k?1;1LCA78d~*CsLDupxdpFR1TMn1YAd8cmC$>d<A0O4iEjoa5B~V7}~o
z-|JT)ew1S}YUT=bnNM500rkUwVhLMHuq09ffwoARN`TAAU?0u_$l1G~=-8P~Oo~(a
z(pRw;oT?VWZC@UrB9c}KhV+Y=KkJipwVyI^jN?*K_PNhos4<@|3cO%wqI>bt$d@l~
z<F0Fl!rAys+qYu~>&M}&9P<Vf(4*sC$g8DuLnI;P^qx=%A~;UH{u=@u<cSt1ahmq0
z27@`CBC+~zaq^oE_rrovb9&jt2QbtRjuUVoJjC2tU_Xdp6L*cswaM4V;m(oTuOlNd
zyosA6Qvk2LRz&uVa2G;&_hRPbg%$~n{6nb6{9H1j<QhSAkI*;5<r-mKQFunt-DUym
zeLhra1h=4UvKutr5E|d`RKCo$Ck1+HG(*)olaK%T`(Y@<TPXY=G%PEw9ljtaVL(F7
zcBr=TWN*&B%0%|Mbh(L$BX?4yI8Zf#yx|alkrm)sX6g0e^Fy@-Tnn$G_u{bM)R>^8
zwSAYfvoY@2W9(c!-5wPs*m&(Ie@6U9%#RP6dyx6cu|x4i?GLivEEvHnIrWcKJ-uTp
zIy8{E7nmTpuM7pZ$ZBd_^Hq}x#oX@`ub*>=XG<;f#^AvgD}Ula-B<(DJjYNhyN+SD
z%smtlE^EqbFSr<`E{OKxjv&=$RNS!B)pNpjqGH&y0ERs9R55$@Jo=Th@s1U8kdv7x
z@-FT+EuQp8wKkEwy@ZdKcQa$u>t>z9PwQ5;eun-JwCXGd7Mm#nJKxIYBX&4jhYcZI
z+)~xIYJ_3p38_r8x@SQ$+a0k!diT!m%U@c?$drv)XO!2m=Hjev5DyEkZ!m1sFkzJH
zpU!HArJAfvVcS>7;3`rtx=VB6D(jjgZ_Ef{KC5DuPB>;0&XI2g$rK$$@>?FNM<oG&
zj_U<z{A=Bn?J%@{usxVm=9oTv@rBY2>6D|Zbj?rvB0~{s33+&JA4B)B$ygWhfF5dL
zES+8?sHmujlriU`pJ+l}1S|@Qlm8rTRl}yVC`UjwK^!6i@9@A2r4#^+vP~|%uw5cM
zH+j4xaoAXy^}wP{@{B1(rIVxu=HRxBnvI_Xa>FT=!!?9Dr1_b+nw$?WYu&N37&+_Y
z>EO`(VjcBm--cN{!+ituez4n8^3E_m{DDYq<GBFrQw#nv1~|ff1NHt2X{uTa&l}f%
z58DsW{d3jWg^h~8SXcLP{*<uoudMnN-|C^NCEUv=ubRGyv_VstDBI)tyG11qOg&ZI
ztK=`27XQED26)*1a}rn14OnDfYH#Mgl-d{<f}mzu)<tq>rc#d-eId?o+a+t=`i5~N
z(BkuFX+<T~DM;#uLiWQYP@(mNk$`}$v;9_T=9O<FeQ3c9i`tZ;0=`rmgKw?z@z`$v
z)~8)7@fkadG+4(SIuUs6-@gAJayJCD3wG$`m_$cjl3Dpo3_cHL;qq6(mJ6V6eU$S>
z6?<yoipj!KxuQTFh56K+oJppkUy!f-x0`3p|7{u{9gmqd{<7+U@MA^d3N*n_UM=Te
z8>yF+&SNL$ynm3gi*_G#XN2!->daovjqFv(efoFPsV>WO3JV9CLPFmaOVK2=Gvdn$
zcmTv2yFUyovK61rU9dxqj5QPDR&(m_>zFM2)SLLeVGK4%fs1jVC}5guP1ji7MB0Y1
zbrK(>Ih;`xgXms#sd_%f?ji<y4w!@G^B0H8jRVS;-aL?23+du|Do<4-_m}P087;JR
zSNU8))wP$0oi9EZ=M#|tl+iL^jWCuBvbz^V1Z$2`qqPLN6?OPG{--N|CpF(cD0Gm$
z-T~OyPKqAoketQnjSet7!(LcvGyeC1*>*|(LAavZv<tUsJ0S@<im7jS3_A~i^ukKL
zy?R^XHw$gti}_77@jj7bQ6+I%^BM4G{UY2Jt*5@d1Ffd5Xy+{1y=Z@cPgi0!i+x#`
zCc@InxY|+aCB&1#>hLg=&Uy?RW0lW+dS}y=$SGMMef(Eq6j6V`yZ)$Mvz=|%W-@pz
z9L%#j47J<-$TY+Vep6F}i-ayx?5L8N%0c9jf;B0ueqh8e2g3N?O78h^eZvQqB-j*V
zqby9J8op}Tm{HO5Sjd$)aCfREr!rbYlBv!@Fw19Y(!#r~DcN*gDM}I-;M~^Jg`Z>H
zpGK)n`CcF0j8ib@1;4s4td(K>79TAnBR4%S3qbc3?meo|>3O`nGbDSQzL;9-#h&<r
zC?r&SzH<fNn?YaiXTL+{1)Z}h*pWV{)&^SDY>ykj>8(4CG$f{arHtA8YvN9Q!T31n
zh2b;#ryexjq5Gvth9W?HyHbhru@$EfY8>l%VuZC7=R^}469AeoyZ+4~+^(kK-pjL-
z&f&Z7VQx&WXZ{gx9WJ~hW3`01NyHtM8WZtf#9#8N>bmgU+Jts{A$wG{obs@P#iYg(
zS28>|tdEe=H96T@pZC;C#N)MHx9XnwLV#c_C5%6iW+^BBzi01qZJ>Z@%r4zgl9L$T
z1s8_ZT$!ieL_C$oU4Rt%o3(A}g0<}x7r@cu93F3{tg{RMEW$dN+*`<-_PUU@2qmp-
zO}~fXgr8y=kDc>i9Ldl~MjuN!vI$$QDduTq-0-gv#Y$_)KV>J{B^JDkp!&PF?L$zQ
zrK~&&)D5hcVF8SCeyyk{j`L#mBff7W8_@(ae>B6OBr%uXKUOTqSPxw(lohT23cM|z
zEkg8R3g^n`i6M#$->vCEUctfEwy)rsfIM3$!EBl)m)-FLE>-U~e-`JhTIDLiRr0(l
zweI~M@1bVW=Td4UDN$8<LN_02-0MEAdF7gs@yoZYMLR;gQjT{P&C;Y2cA-W*Nh0&n
z<3k$P_Dy*@VB}1-T*^@a-NToq6SxH>MkL@N0_=UThiKK+&FChMyq((oaNK-S^?#^}
zPpr32kY;ff+Ez8$baLw*Rxsjnrb#s|*S7CptedO6?z<5=7?v1$bVRa=kAB`eh|4DC
zbP(`r2MtF(a?vgm%)y;N-Ar8`L#t)xCboZ3w9syCe&U+fTEH@S`|4CTDfnKlL7jBN
zWbnQRc)p~)Wt;9N55rb1U~Z$aMKfKTpH&^51)=Iowv0&N?l8sDGUkV8B8P|MT@SX@
zilDIoO7h>w0$4i@5csi~7=-C{sn7}`X-)q8^Qj$LIM+YjjHe|r$!P&jZ*y#sy~;Jr
zVhg#x$;-<B!Ryo=hLmuADwmC)Ahn=fN9G_}+i(~4c(Zta-{qa!DkiuZcGuQcJ#{R_
z`|8x7XV@N1%e7U{cRrWgAv6=77Nq@GDeK_;e6oM$vp1<*JC<pL+-doR!*LhVpMASH
zo>MFhKipO)$UuJy{8ZSU0RJ5;=V6H)k*@$)*kI_n6t}3Z@lUhnFpImU+U{4*Dp!Hq
z4i<$>r8EYwH2S8vF=N@!?3vF3dj<@W^q>4^np%vkh^AH~*@R7fq}>^rOg3m;PVV^n
z<18_if@n**QUe@of+HiX$tc11groqI7?N?rF|MsU$J=zD&RTyT*ZWrcrhR^))>}E3
zS~Hu^13DKKuMa7#^W=Tkt{7ru%y`{sAfKe{i(|Rw!9fj`9xX(JnFPXV-zSD3VDdT~
z`ba;;3pfrRF`p+^Ipg2Tf>w7HHMH=)qjZa4Mm%+=Z>pIuzihUy&si!Ax$xeNQ+KW%
zOY6$3LP2LSQaaHSa^@N>;*^EEO-0g@X(!@Oheya5b>njlm336zb+@WUXgmKBHw(Qq
zyXbg{-U>L{$mHU2K$WRx8e}6Qv6NHfsqV@9w*)Yz3e;TR6)k^bs?dNnIP^umOKi;6
z{b9Ih$>dby-PljI8_dvVZv58r>Yt~^Ka#Dn_r8EBBep|F_dNP8cL~h;4przQL$v6_
zK~dF-4fmvPPESj-YLc>;#n5KuLJTtEYJ6sN*9C5CjMcPAk^O0F3OHN$`5dlOed{S+
zKQh-4zX%PBD#=Aj=QGmer<6*DVrEY?VXjqp&0r)$i)ns?rHiaDu_AFb`cT^Z8%6KO
zFh`|~26Wr5odEVmA<$!YLCV*ru{q`rXN<Q7^RadL-dx^-X_^8#@CEt+@s2$kGq|2r
z_*Bgc<?DvW?n+4=*@n$;1hjahsq5eHDpB6PH!5-L?oL_laDJXFbsO^o!5*E;h>Bi6
z?vG5M3}IgyR2xlu<L<D4$mgb>)(sBpF~J-Pp8un_6OA~2Na|{6hlzn>3gLnVH@0_#
zIJiB|gf@n+g?ZKG#bNw8oSKs#Zt$si;BGqfgg66wx2wr`zH-6LHQj?J$>y$}6aKuZ
zHB=;!`o;D1kAfnVAdY2UTfNTiVJ!!XVGXp+=C2YG#?N_ovLZ4TRPxDUBjUjJ;k3%A
zRisJs$9pi4`IYMYCrI0-eV1+Ol8X6B@~wLcZWN3PF3ZbV%Z=@QfNc<MTdbB!C?8s%
zbME1wM-ck)M+Sh-6wtcOqh1#fPcBjtgLC~9Yd7#}DorFyH9eS(+2NfcwpgsjG+iP5
zoaue1DOb8i=7w|F6NV>DZ_04>NThT*UYiNK_k2|Fe~9#zA<vozrd8qz`SVX=+-B%%
zh}HLSupd=*EZ7xv9+4<N=F;3p5w`TQ5%_3CY2N@zRW%A5hJJRx!c1qL>Mwg71Tw%N
z(UjDKCTFxA?_!IF@M<{h$0JHUKcC*9Aj50HY;J{Lw|rGCr?39SN9UexDX<e)$D>>`
znr1hvJV7ZD=`ncVveZvU_UB^oGX?OS3c7qkWPj-By6w|$cUs?F8&|;qaeG_rHGF6N
z_)pO-yofkh1HGx?>QL6G3Bf8Mo=@YiTrJ$3Zg${$vh)^$L(G~2!GRczq!fC-f(-6M
zZ`-lG(Z1Ujd_PTQ{xWW<&dV<q<>${_gA$-;!<gq=VMq0#zZr<W1Iu~-0GjFt`T1Sd
z4tSnLenMp^e=N1>+k55y>Y0W@$D)~i??7oR-s?fGGfr}<tKz->3vAk(E2XDEbGmDa
zvq7n)l+^Qf{K4q_*HuVeR6Ds5TXHiGVBgpI!<?t7q_Ymr-B7m-|NQUKlbWBH(-=!`
z1+~7{YEAM2TJqxOw6D4KLUzUERSl;>Y$QFYK=WHW)=hh1>=PCfV2b7*EWQ0--qVzo
z(2FeO7-&lP-$uk;j@TKHLXDQp><O1d39~HOn%e2PlI8~pX=fGQty>~MGBb$gd$}r;
zR#RlBG(o`AWrgKkR?a?u<X)2I+#`&wxa$cC!0Hr2w6T$qcio)F)~SXmrvHx9!zL2r
zR(o>U>xSsKkoM`;Rw8Po2c6j4cyVKlukXXpMgvv=lmK{E*qj$up8Zss5HbG?k}!Y0
zs<+f7{MNnqz8Vc9)G}0>x)_n~H9Xr!uO32&^y#J?nD3c0%B2^F2?ZZIKsRq>T<tFv
z8uhPc7<JQKkNAzenm1y4KrA&MQW)CV#Y~y2&G=`jiYz24<T-tqO*66t$?&RTPT!dU
zpTXT6@XAk;)lg!eoLlUq((2Y?JYHXYXDdf43;+CE$e-AE<r}qn+CtC1O2o=-rc4-n
z*@VOy5^u{j$uA)&vE;n692N+pxj{_iZfis2?u+V>n^i|_jH~z?CyElV>GMxjXxeES
zHnY5F8jDJ{RpXCz?B*G8vbVSA19y<#Vf#_I6rEkM`;3-LGsMDoQvYA$n(g(fNKJK)
zBd&~jX{+fVPvpiZD$C2Q?!o3?fL>PnPl$^cQO2Yx0&jwoL4<;hdtCseEw4|DzM0SD
zEuxx;U~^CbEnZY>LZKOr=Vm_3>=K{R4ex{HlB@DLeUChHpaDv0Z=(=T0*8omeDrOu
zK_TdDqP?g>AZ$^Ej^O`_+Lc`M^*b}x3^*Gozb(L4zc9-q3<UT<nG>RQUSek!Ny!YI
zI36N?WxMZMOC#53$?x69El2h+<T35hPnb&A-oBq}dYV=}{~=TkZkKM_yMA?0N$9~P
zL}R0(vEwLB;Hn;%>AsVV-BfH=C-V4z3DE3UtN5AJ44(Mn`A5m!ZsWHpk9aOJ%R9{j
zRoxb7tZD$dYKsmiUXC4{hhaHHW-S9kvZs9(ueQ2$;$8cq`F2@K=#Q3>^K$@@lC5p~
zN!oaK^5gUfxx^GNf2%#hTUpy|Z=IempuH!*`l@TisL&7;3}raHL3{GPEA=oY<~z1n
z&h>g~H0k*f6>^26j2m|-D~<Ih#nd_NhZAE(=nEZ@pmMKA#X<*#;m*p;t8~(gr;GBG
z#Xpa`LXi6ibzi_xEBU03Oaf<J65}XHmaWhkZ`%@vGw>WI3DP7K84*|D7s1J9>8)6t
z;Mx<sXt;fP`^EM9s(pK?XGH5qB7GCL!&qqrq2~%E_PR?iTO+4|ukb)@!B`dvzYhiA
zCo-(RD=nx9`E=;e*TZmpOZ<+iVLPjSYG;OL_Mc4ca#P!AK=;3u;`^YlK3;W+t9>@I
zJEvM}Oa(`lysR`+lSvtgY975HN6&z!co9X`z|?L}!n)RJKXeMK0al$o&m4)0yAR(2
z&~3^?faC~`>l(XjAC8&MTdE9qZ0=J-M5s#@yNJt}jpEro3BqpNN;}|$!>4^J1;3aV
z{wApN`B+sC`kC;NZJN6AYI^?x-AqQ`_)ZS<JqcU$xPtDexAqehry`hwr*y?{_CHOY
R`wjj&rgG{?#(&Jb{~tp;A>;r6


From 5b80aaacb10bf8171a2d229ac9ac3c0e1f0784bb Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 1 Sep 2021 16:23:36 -0700
Subject: [PATCH 061/671] adding SDL asset to library

---
 windows/security/TOC.yml                           |  2 ++
 .../msft-security-dev-lifecycle.md                 | 14 ++++++++++++++
 2 files changed, 16 insertions(+)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 51021a5be7..2fb9e585d4 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -8,6 +8,8 @@
       href: threat-protection/fips-140-validation.md
     - name: Common Criteria Certifications
       href: threat-protection/windows-platform-common-criteria.md
+    - name: Microsoft Security Development Lifecycle
+      href: msft-security-dev-lifecycle.md
 - name: Hardware security
   items: 
     - name: Trusted Platform Module
diff --git a/windows/security/threat-protection/msft-security-dev-lifecycle.md b/windows/security/threat-protection/msft-security-dev-lifecycle.md
index 18ce55f174..6c23e09a9e 100644
--- a/windows/security/threat-protection/msft-security-dev-lifecycle.md
+++ b/windows/security/threat-protection/msft-security-dev-lifecycle.md
@@ -15,3 +15,17 @@ ms.technology: other
 
 # Microsoft Security Development Lifecycle
 
+The Security Development Lifecycle (SDL) is a security assurance process that is focused on software development. As a Microsoft-wide initiative and a mandatory policy since 2004, the SDL has played a critical role in embedding security and privacy in software and culture at Microsoft. 
+
+[:::image type="content" source="images/simplified-sdl.png" alt-text="Simplified secure development lifecycle":::](https://www.microsoft.com/en-us/securityengineering/sdl)
+
+Combining a holistic and practical approach, the SDL aims to reduce the number and severity of vulnerabilities in software. The SDL introduces security and privacy throughout all phases of the development process. 
+
+The Microsoft SDL is based on three core concepts:
+- Education
+- Continuous process improvement
+- Accountability
+
+To learn more about the SDL, visit the [Security Engineering site](https://www.microsoft.com/en-us/securityengineering/sdl).
+
+And, download the [Simplified Implementation of the Microsoft SDL whitepaper](http://go.microsoft.com/?linkid=9708425).
\ No newline at end of file

From 94a899aeea133898a0ed2c02bc4799fbb13d1d29 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 1 Sep 2021 16:24:14 -0700
Subject: [PATCH 062/671] Update TOC.yml

---
 windows/security/TOC.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 2fb9e585d4..c0d8371997 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -9,7 +9,7 @@
     - name: Common Criteria Certifications
       href: threat-protection/windows-platform-common-criteria.md
     - name: Microsoft Security Development Lifecycle
-      href: msft-security-dev-lifecycle.md
+      href: /threat-protection/msft-security-dev-lifecycle.md
 - name: Hardware security
   items: 
     - name: Trusted Platform Module

From dd1f7282b404281e943296ff770b59ad3fd48081 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 1 Sep 2021 16:32:41 -0700
Subject: [PATCH 063/671] bug bounty

---
 windows/security/TOC.yml                      |  4 +++-
 .../microsoft-bug-bounty-program.md           | 22 +++++++++++++++++++
 2 files changed, 25 insertions(+), 1 deletion(-)
 create mode 100644 windows/security/threat-protection/microsoft-bug-bounty-program.md

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index c0d8371997..9228a4398d 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -9,7 +9,9 @@
     - name: Common Criteria Certifications
       href: threat-protection/windows-platform-common-criteria.md
     - name: Microsoft Security Development Lifecycle
-      href: /threat-protection/msft-security-dev-lifecycle.md
+      href: threat-protection/msft-security-dev-lifecycle.md
+    - name: Microsoft Bug Bounty Program
+      href: threat-protection/microsoft-bug-bounty-program.md
 - name: Hardware security
   items: 
     - name: Trusted Platform Module
diff --git a/windows/security/threat-protection/microsoft-bug-bounty-program.md b/windows/security/threat-protection/microsoft-bug-bounty-program.md
new file mode 100644
index 0000000000..7dcc6cdd7f
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-bug-bounty-program.md
@@ -0,0 +1,22 @@
+---
+title: About the Microsoft Bug Bounty Program
+description: If you are a security researcher, you can get a reward for reporting a vulnerability in a Microsoft product, service, or device.
+ms.prod: m365-security
+audience: ITPro
+author: dansimp
+ms.author: dansimp
+manager: dansimp
+ms.collection: M365-identity-device-management
+ms.topic: article
+ms.localizationpriority: medium
+ms.reviewer: 
+ms.technology: other
+---
+
+# About the Microsoft Bug Bounty Program
+
+Are you a security researcher? Did you find a vulnerability in a Microsoft product, service, or device? If so, we want to hear from you!
+
+If your vulnerability report affects a product or service that is within scope of one of our bounty programs below, you could receive a bounty award according to the program descriptions.
+
+Visit the [Microsoft Bug Bounty Program site](https://www.microsoft.com/en-us/msrc/bounty?rtc=1) for all the details!
\ No newline at end of file

From 13fdb77a7dd40853652c47be8cea6827d9e49271 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 1 Sep 2021 16:34:39 -0700
Subject: [PATCH 064/671] Update index.yml

---
 windows/security/index.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 7cb9f7653b..0223f04598 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -12,7 +12,7 @@ metadata:
   ms.collection: m365-security-compliance
   author: dansimp #Required; your GitHub user alias, with correct capitalization.
   ms.author: dansimp #Required; microsoft alias of author; optional team alias.
-  ms.date: 09/30/2021 #Required; mm/dd/yyyy format.
+  ms.date: 09/01/2021
   localization_priority: Priority
     
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
@@ -30,9 +30,9 @@ landingContent:
           - text: Common Criteria Certifications
             url: /windows/security/threat-protection/windows-platform-common-criteria.md
           - text: Microsoft Security Development Lifecycle (SDL)
-            url: /previous-versions/windows/desktop/cc307891(v=msdn.10)
+            url: /windows/security/threat-protection/msft-security-dev-lifecycle.md
           - text: Microsoft bounty program
-            url: https://www.microsoft.com/msrc/bounty
+            url: /windows/security/threat-protection/microsoft-bug-bounty-program.md
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)

From df4d59c47eb1e38f7e057bdf3cb893d8ca3599da Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 1 Sep 2021 16:36:59 -0700
Subject: [PATCH 065/671] Update index.yml

---
 windows/security/index.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 0223f04598..75ffc66f93 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -29,9 +29,9 @@ landingContent:
             url: /windows/security/threat-protection/fips-140-validation.md
           - text: Common Criteria Certifications
             url: /windows/security/threat-protection/windows-platform-common-criteria.md
-          - text: Microsoft Security Development Lifecycle (SDL)
+          - text: Microsoft Security Development Lifecycle
             url: /windows/security/threat-protection/msft-security-dev-lifecycle.md
-          - text: Microsoft bounty program
+          - text: Microsoft Bug Bounty
             url: /windows/security/threat-protection/microsoft-bug-bounty-program.md
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb

From 15b3ecd41db69af3267ced632a248586478b2834 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 1 Sep 2021 16:38:28 -0700
Subject: [PATCH 066/671] Update index.yml

---
 windows/security/index.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 75ffc66f93..71a5f7717b 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -23,7 +23,7 @@ landingContent:
   # Card (optional)
   - title: Security foundations
     linkLists:
-      - linkListType: overview
+      - linkListType: concept
         links:
           - text: Federal Information Processing Standard (FIPS) 140 Validation
             url: /windows/security/threat-protection/fips-140-validation.md
@@ -38,7 +38,7 @@ landingContent:
   # Card (optional)
   - title: Hardware security
     linkLists:
-      - linkListType: overview
+      - linkListType: concept
         links:
         - text: Trusted Platform Module
           url: /windows/security/information-protection/tpm/trusted-platform-module-top-node.md
@@ -49,7 +49,7 @@ landingContent:
   # Card (optional)
   - title: Operating system security
     linkLists:
-      - linkListType: overview
+      - linkListType: concept
         links:
         - text: Secure the Windows boot process
           url: /windows/security/information-protection/secure-the-windows-10-boot-process.md

From 25e017370fff019a2d98ff5e8e3df6ce02fd201a Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 1 Sep 2021 16:40:05 -0700
Subject: [PATCH 067/671] Update index.yml

---
 windows/security/index.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 71a5f7717b..f4a69ddf4d 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -44,6 +44,8 @@ landingContent:
           url: /windows/security/information-protection/tpm/trusted-platform-module-top-node.md
         - text: Kernel DMA Protection
           url: /windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
+        - text: Protect domain credentials
+          url: /windows/security/identity-protection/credential-guard/credential-guard.md
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)

From c0f1ac7e36465bdbc3f3e7c306812d2dc32f2e76 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 1 Sep 2021 16:40:43 -0700
Subject: [PATCH 068/671] Update index.yml

---
 windows/security/index.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index f4a69ddf4d..e11b7d5819 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -42,10 +42,10 @@ landingContent:
         links:
         - text: Trusted Platform Module
           url: /windows/security/information-protection/tpm/trusted-platform-module-top-node.md
-        - text: Kernel DMA Protection
-          url: /windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
         - text: Protect domain credentials
           url: /windows/security/identity-protection/credential-guard/credential-guard.md
+        - text: Kernel DMA Protection
+          url: /windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)

From 6f00a1a1bc6bb6ce2a470f784bf4afbf647a2272 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 1 Sep 2021 16:43:26 -0700
Subject: [PATCH 069/671] Update index.yml

---
 windows/security/index.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index e11b7d5819..d4679c7821 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -7,7 +7,6 @@ metadata:
   title: Windows security # Required; page title displayed in search results. Include the brand. < 60 chars.
   description: Learn about Windows security # Required; article description that is displayed in search results. < 160 chars.
   ms.topic: landing-page # Required
-  ms.topic: hub-page # Required
   ms.prod: windows
   ms.collection: m365-security-compliance
   author: dansimp #Required; your GitHub user alias, with correct capitalization.
@@ -51,6 +50,12 @@ landingContent:
   # Card (optional)
   - title: Operating system security
     linkLists:
+      - linkListType: overview
+        links:
+        - text: Secure the Windows boot process
+          url: /windows/security/information-protection/secure-the-windows-10-boot-process.md
+        - text: Configure S/MIME for Windows 10
+          url: /windows/security/identity-protection/configure-s-mime.md
       - linkListType: concept
         links:
         - text: Secure the Windows boot process

From 9dc5919c15d4c393f12fc2ae322fa5cd8c8359a3 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 1 Sep 2021 16:53:55 -0700
Subject: [PATCH 070/671] Update index.yml

---
 windows/security/index.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index d4679c7821..154f648ccc 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -52,13 +52,13 @@ landingContent:
     linkLists:
       - linkListType: overview
         links:
-        - text: Secure the Windows boot process
-          url: /windows/security/information-protection/secure-the-windows-10-boot-process.md
-        - text: Configure S/MIME for Windows 10
-          url: /windows/security/identity-protection/configure-s-mime.md
+        - text: Overview of operating system security
+          url: /windows/security/information-protection/index.md
       - linkListType: concept
         links:
         - text: Secure the Windows boot process
           url: /windows/security/information-protection/secure-the-windows-10-boot-process.md
         - text: Configure S/MIME for Windows 10
-          url: /windows/security/identity-protection/configure-s-mime.md
\ No newline at end of file
+          url: /windows/security/identity-protection/configure-s-mime.md
+        - text: Encrypted hard drive
+          url: /windows/security/information-protection/encrypted-hard-drive.md
\ No newline at end of file

From e5775301938e210dcb2fe11f12a485b484e3f742 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 1 Sep 2021 18:46:44 -0700
Subject: [PATCH 071/671] Update index.yml

---
 windows/security/index.yml | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 154f648ccc..4933ec3a76 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -61,4 +61,13 @@ landingContent:
         - text: Configure S/MIME for Windows 10
           url: /windows/security/identity-protection/configure-s-mime.md
         - text: Encrypted hard drive
-          url: /windows/security/information-protection/encrypted-hard-drive.md
\ No newline at end of file
+          url: /windows/security/information-protection/encrypted-hard-drive.md
+# Cards and links should be based on top customer tasks or top subjects
+# Start card title with a verb
+  # Card (optional)
+  - title: Threat protection
+    linkLists:
+      - linkListType: overview
+        links:
+        - text: Security baselines
+          url: /windows/security/threat-protection/windows-security-baselines.md

From f2c63b041463f8d7025a8c5884a1f04fce842680 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 1 Sep 2021 18:50:49 -0700
Subject: [PATCH 072/671] Update index.yml

---
 windows/security/index.yml | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 4933ec3a76..ebdbef87cd 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -71,3 +71,31 @@ landingContent:
         links:
         - text: Security baselines
           url: /windows/security/threat-protection/windows-security-baselines.md
+# Cards and links should be based on top customer tasks or top subjects
+# Start card title with a verb
+  # Card (optional)
+  - title: Application protection
+    linkLists:
+      - linkListType: overview
+        links:
+        - text: Security baselines
+          url: /windows/security/threat-protection/windows-security-baselines.md
+# Cards and links should be based on top customer tasks or top subjects
+# Start card title with a verb
+  # Card (optional)
+  - title: User protection
+    linkLists:
+      - linkListType: overview
+        links:
+        - text: article (change link later)
+          url: /windows/security/threat-protection/windows-security-baselines.md
+# Cards and links should be based on top customer tasks or top subjects
+# Start card title with a verb
+  # Card (optional)
+  - title: Privacy controls
+    linkLists:
+      - linkListType: overview
+        links:
+        - text: Windows and Privacy Compliance
+          url: /windows/privacy/windows-10-and-privacy-compliance.md
+

From d2a171bcf97a391d5987bb71ceb511b1b26d96d1 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 1 Sep 2021 18:55:05 -0700
Subject: [PATCH 073/671] Update index.yml

---
 windows/security/index.yml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index ebdbef87cd..df688f1247 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -56,12 +56,13 @@ landingContent:
           url: /windows/security/information-protection/index.md
       - linkListType: concept
         links:
-        - text: Secure the Windows boot process
+        - text: System security
           url: /windows/security/information-protection/secure-the-windows-10-boot-process.md
-        - text: Configure S/MIME for Windows 10
-          url: /windows/security/identity-protection/configure-s-mime.md
-        - text: Encrypted hard drive
+        - text: Encryption and data protection
           url: /windows/security/information-protection/encrypted-hard-drive.md
+        - text: Network security
+          url: /windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
+
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)

From c78dfba57f50f6021aeb825c791664a3db05749f Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 1 Sep 2021 18:56:49 -0700
Subject: [PATCH 074/671] Update index.yml

---
 windows/security/index.yml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index df688f1247..1dcca94f77 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -62,7 +62,6 @@ landingContent:
           url: /windows/security/information-protection/encrypted-hard-drive.md
         - text: Network security
           url: /windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
-
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)
@@ -70,7 +69,7 @@ landingContent:
     linkLists:
       - linkListType: overview
         links:
-        - text: Security baselines
+        - text: Security baselines (more to follow)
           url: /windows/security/threat-protection/windows-security-baselines.md
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
@@ -79,7 +78,7 @@ landingContent:
     linkLists:
       - linkListType: overview
         links:
-        - text: Security baselines
+        - text: article (change link later, add more)
           url: /windows/security/threat-protection/windows-security-baselines.md
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb

From 4466a082bca38c76ae91d2796cb2b4f025139fd3 Mon Sep 17 00:00:00 2001
From: Alekhya Jupudi <v-aljupudi@microsoft.com>
Date: Thu, 2 Sep 2021 11:46:05 +0530
Subject: [PATCH 075/671] Task - 5358645: Clean-up work

Clean -up work and minor updates to improve acrolinx score.
---
 .../event-id-explanations.md                              | 2 +-
 .../event-tag-explanations.md                             | 2 +-
 ...ion-control-events-centrally-using-advanced-hunting.md | 2 +-
 ...nder-application-control-with-dynamic-code-security.md | 8 ++++----
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
index f8b093734a..a87cd17fec 100644
--- a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
+++ b/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
@@ -1,5 +1,5 @@
 ---
-title: Understanding Application Control event IDs (Windows 10)
+title: Understanding Application Control event IDs (Windows)
 description: Learn what different Windows Defender Application Control event IDs signify.
 keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
diff --git a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
index 9eb35220b5..f5d7d82e37 100644
--- a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
+++ b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
@@ -1,5 +1,5 @@
 ---
-title: Understanding Application Control event tags (Windows 10)
+title: Understanding Application Control event tags (Windows)
 description: Learn what different Windows Defender Application Control event tags signify.
 keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
diff --git a/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md b/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md
index ed001ad80e..134acc8d1f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md
+++ b/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md
@@ -1,5 +1,5 @@
 ---
-title: Query Application Control events with Advanced Hunting (Windows 10)
+title: Query Application Control events with Advanced Hunting (Windows)
 description: Learn how to query Windows Defender Application Control events across your entire organization by using Advanced Hunting.
 keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md
index 9670e64011..f1f66a910c 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md
@@ -1,5 +1,5 @@
 ---
-title: Windows Defender Application Control and .NET Hardening (Windows 10)
+title: Windows Defender Application Control and .NET Hardening (Windows)
 description: Dynamic Code Security is an application control feature that can verify code loaded by .NET at runtime.
 keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
@@ -21,14 +21,14 @@ ms.technology: mde
 # Windows Defender Application Control and .NET hardening 
 
 Historically, Windows Defender Application Control (WDAC) has restricted the set of applications, libraries, and scripts that are allowed to run to those approved by an organization. 
-Security researchers have found that some .NET applications may be used to circumvent those controls by using .NET’s capabilities to load libraries from external sources or generate new code on the fly. 
-Beginning with Windows 10, version 1803, WDAC features a new capability, called *Dynamic Code Security* to verify code loaded by .NET at runtime. 
+Security researchers have found that some .NET applications may be used to circumvent those controls by using .NET’s capabilities to load libraries from external sources or generate new code on the fly.
+Beginning with Windows 10, version 1803, or Windows 11, WDAC features a new capability, called *Dynamic Code Security* to verify code loaded by .NET at runtime.
 
 When the Dynamic Code Security option is enabled, WDAC policy is applied to libraries that .NET loads from external sources. 
 Additionally, it detects tampering in code generated to disk by .NET and blocks loading code that has been tampered with. 
 
 Dynamic Code Security is not enabled by default because existing policies may not account for externally loaded libraries. 
-Additionally, a small number of .NET loading features, including loading unsigned assemblies built with System.Reflection.Emit, are not currently supported with Dynamic Code Security enabled. 
+Additionally, a few .NET loading features, including loading unsigned assemblies built with System.Reflection.Emit, are not currently supported with Dynamic Code Security enabled. 
 Microsoft recommends testing Dynamic Code Security in audit mode before enforcing it to discover whether any new libraries should be included in the policy. 
 
 To enable Dynamic Code Security, add the following option to the `<Rules>` section of your policy: 

From c60aafb28fc21cd797c56d4c94963e36da77c33b Mon Sep 17 00:00:00 2001
From: jaimeo <jaimeo@microsoft.com>
Date: Thu, 2 Sep 2021 09:29:14 -0700
Subject: [PATCH 076/671] removed section about FullSync

---
 .../update/update-compliance-configuration-manual.md     | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/windows/deployment/update/update-compliance-configuration-manual.md b/windows/deployment/update/update-compliance-configuration-manual.md
index e15c04a0eb..5ecec12475 100644
--- a/windows/deployment/update/update-compliance-configuration-manual.md
+++ b/windows/deployment/update/update-compliance-configuration-manual.md
@@ -80,12 +80,3 @@ To enable data sharing between devices, your network, and Microsoft's Diagnostic
 Many Windows and Microsoft services are required to ensure that not only the device can function, but Update Compliance can see device data. It is recommended that you allow all default services from the out-of-box experience to remain running. The [Update Compliance Configuration Script](update-compliance-configuration-script.md) checks whether the majority of these services are running or are allowed to run automatically.
 
 
-## Run a full Census sync
-
-Census is a service that runs on a regular schedule on Windows devices. A number of key device attributes, like what operating system edition is installed on the device, are included in the Census payload. However, to save network load and system resources, data that tends to be more static (like edition) is sent approximately once per week rather than on every daily run. Because of this behavior, these attributes can take longer to appear in Update Compliance unless you start a full Census sync. The Update Compliance Configuration Script will do a full sync. 
-
-A full Census sync adds a new registry value to Census's path. When this registry value is added, Census's configuration is overridden to force a full sync. For Census to work normally, this registry value should be enabled, Census should be started manually, and then the registry value should be disabled. Follow these steps:
-
-1. For every device you are manually configuring for Update Compliance and do not plan to use the [Update Compliance Configuration Script](update-compliance-configuration-script.md), add or modify the registry key located at **HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Census** to include a new **DWORD value** named **FullSync** and set to **1**. 
-2. Run Devicecensus.exe with administrator privileges on every device. Devicecensus.exe is in the System32 folder. No additional run parameters are required. 
-3. After Devicecensus.exe has run, the **FullSync** registry value can be removed or set to **0**.

From 8988f10714a3ec18b8f2453bbafb79b72f74d3a2 Mon Sep 17 00:00:00 2001
From: jaimeo <jaimeo@microsoft.com>
Date: Thu, 2 Sep 2021 09:33:43 -0700
Subject: [PATCH 077/671] removing stray bookmark

---
 .../deployment/update/update-compliance-configuration-manual.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/update-compliance-configuration-manual.md b/windows/deployment/update/update-compliance-configuration-manual.md
index 5ecec12475..dcb6a6b2fe 100644
--- a/windows/deployment/update/update-compliance-configuration-manual.md
+++ b/windows/deployment/update/update-compliance-configuration-manual.md
@@ -27,7 +27,7 @@ The requirements are separated into different categories:
 1. Ensuring the [**required policies**](#required-policies) for Update Compliance are correctly configured.
 2. Devices in every network topography must send data to the [**required endpoints**](#required-endpoints) for Update Compliance. For example, devices in both main and satellite offices, which might have different network configurations must be able to reach the endpoints.
 3. Ensure [**Required Windows services**](#required-services) are running or are scheduled to run. It is recommended all Microsoft and Windows services are set to their out-of-box defaults to ensure proper functionality.
-4. [**Run a full Census sync**](#run-a-full-census-sync) on new devices to ensure that all necessary data points are collected.
+
 
 ## Required policies
 

From ad7d3b6a0ac37674265933fb4a6f3e7096b5fbbe Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Thu, 2 Sep 2021 11:03:14 -0700
Subject: [PATCH 078/671] add link to server article

---
 windows/deployment/planning/windows-11-removed-features.md | 3 +++
 windows/deployment/wds-boot-support.md                     | 1 +
 2 files changed, 4 insertions(+)

diff --git a/windows/deployment/planning/windows-11-removed-features.md b/windows/deployment/planning/windows-11-removed-features.md
index 447473ea86..12f618fbfe 100644
--- a/windows/deployment/planning/windows-11-removed-features.md
+++ b/windows/deployment/planning/windows-11-removed-features.md
@@ -28,3 +28,6 @@ The following features and functionalities have been removed from the installed
 | ----------- | --------------------- | ------ |
 | Windows Deployment Services (WDS) image deployment | End to end WDS deployment workflows that use **boot.wim** from installation media are affected. For more information, see [Windows Deployment Services (WDS) boot.wim support](../wds-boot-support.md) | Windows 11 |
 
+## Also see
+
+[Features removed or no longer developed starting with Windows Server 2022](/windows-server/get-started/removed-deprecated-features-windows-server-2022#features-were-no-longer-developing)<br>
\ No newline at end of file
diff --git a/windows/deployment/wds-boot-support.md b/windows/deployment/wds-boot-support.md
index 82ad38d20c..b484c3dc45 100644
--- a/windows/deployment/wds-boot-support.md
+++ b/windows/deployment/wds-boot-support.md
@@ -107,6 +107,7 @@ If you currently use WDS with **boot.wim** from installation media for end-to-en
 
 ## Also see
 
+[Features removed or no longer developed starting with Windows Server 2022](/windows-server/get-started/removed-deprecated-features-windows-server-2022#features-were-no-longer-developing)<br>
 [Create a custom Windows PE boot image with Configuration Manager](deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md)<br>
 [Prepare for deployment with MDT](deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md)<br>
 [Features removed or no longer developed starting with Windows Server 2022](/windows-server/get-started/removed-deprecated-features-windows-server-2022)
\ No newline at end of file

From f97bbc28f8e619901d2be7985665fd0041d6ee54 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 2 Sep 2021 12:39:35 -0700
Subject: [PATCH 079/671] adding additional hw links

---
 windows/security/TOC.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 9228a4398d..be0bcbec13 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -33,6 +33,10 @@
           href: information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
         - name: TPM recommendations
           href: information-protection/tpm/tpm-recommendations.md
+    - name: Hardware-based root of trust
+      href: threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md
+    - name: System Guard Secure Launch and SMM protection
+      href: threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md
     - name: Protect derived domain credentials with Windows Defender Credential Guard
       href: identity-protection/credential-guard/credential-guard.md
     - name: Kernel DMA Protection

From 78ed63d27374f5c2b0080aa2bfa5fd0f7a6d7bed Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Thu, 2 Sep 2021 21:44:36 -0400
Subject: [PATCH 080/671] adding articles

---
 windows/configuration/TOC.yml                 |   6 +
 ...min-center-custom-oma-uri-start-layout.png | Bin 0 -> 54535 bytes
 .../start-menu-layout.png                     | Bin 0 -> 112528 bytes
 ...supported-csp-start-menu-layout-windows.md |  67 +++++++
 .../use-json-customize-start-menu-windows.md  | 178 ++++++++++++++++++
 5 files changed, 251 insertions(+)
 create mode 100644 windows/configuration/images/use-json-customize-start-menu-windows/endpoint-manager-admin-center-custom-oma-uri-start-layout.png
 create mode 100644 windows/configuration/images/use-json-customize-start-menu-windows/start-menu-layout.png
 create mode 100644 windows/configuration/supported-csp-start-menu-layout-windows.md
 create mode 100644 windows/configuration/use-json-customize-start-menu-windows.md

diff --git a/windows/configuration/TOC.yml b/windows/configuration/TOC.yml
index f44d4cea07..2ce55a2aa9 100644
--- a/windows/configuration/TOC.yml
+++ b/windows/configuration/TOC.yml
@@ -2,6 +2,12 @@
   href: index.yml
 - name: Customize the appearance
   items:
+    - name: Windows 11
+      items:
+        - name: Start layout
+          href: use-json-customize-start-menu-windows.md
+        - name: Supported Start layout CSPs
+          href: supported-csp-start-menu-layout-windows.md
     - name: Windows 10 Start and taskbar
       items:
         - name: Start layout and taskbar
diff --git a/windows/configuration/images/use-json-customize-start-menu-windows/endpoint-manager-admin-center-custom-oma-uri-start-layout.png b/windows/configuration/images/use-json-customize-start-menu-windows/endpoint-manager-admin-center-custom-oma-uri-start-layout.png
new file mode 100644
index 0000000000000000000000000000000000000000..56c6da08d16aba08aaa3f9f137e29089cf5453e2
GIT binary patch
literal 54535
zcmeFZbyQU0+xIIWNJ|LPT~g8_B}fh3-6=y!H;5o1Js=$_-Q6*S(jhS*E!_-_FbtfH
zzjr<Bob{f+o^#G0&st~Jaw*%rhkM`qj_dk<Ki7^@SCz-Zroevm=n)=BK}Pe@BQ%9a
zk5JX0U;szzpUI>Hf1$W*%1b}09HZI=en7XAQjvP}s3sog*5WbnGuC?r1NTRdNSPo0
zpnx=)jvqam&H~9uY5SNSEMW!^Z_;8MV}^V;*WmoDsqrS6`HN1twj6ma`@k}r{}2%y
z9i9L1a-Mqn=f@$JJd}pyHlzmFBq87FzG#GN*W4pIe6=6~PE(Hy#LOgXT7*-FH;LS?
z7Dc&Dl2K&-eZscS%@`g&-|cA7hzK7(iG3gb^MCogbpH+z+T$wx=Lp6Bqf_j;={|*r
zfA^}$VAE(%YsI5Eh=tzY8A)dN@E5AZn-(tOQ@_rqrT^EOdWN5<nlduztzL(g&t6bW
zU-fJbr(RHvb7MIYEpj%+b{Oqy9=)6UE@C^97H1Z8{rDbvm1~Onue}9fBsdD&<GKAO
z>-`tWgDy~H_}d8lJ@(Jzz^{weDpIxBg)qOHsmJoW+zF|!eu-rJcNudN36_F}hQ{wY
zJK>|Hjxr@0tVQBT|Er^2cE!jJ|6u9(qowypiy|h{|2kukT^4onVt=+Kctt|o=J4;y
z)0vOICyHFmMsoOtZ-m@uI6d~J$wl1SE4N=J8aB_>*{zOci?)VEK71fbpV9Npf{{8G
z>AYvBr;}G7B=2vDF+)QyNYbCNsXr}HN{#FM!iAuJ?X?%yuo4uVA?UE%qKtZV(4Ee2
zcTV!32B%sRC=k#}$f*CJfd$L8UvFjpt<J(+_F2ah<hpzwKTL;D0_8NQ{i?M+=7TtF
z@{B5RnXJi^zxa2##@=kBlM$y$tF{_*mROTXo0s2<O(y?0H^{4%8gIC%_~T?Y4Wc7v
zrM1xSvYt@_b)uCRu5|s@<2lriah^?Tv3MVz!~YE(#flfY<;AF~meLRrDxG3=snq-|
zpk=J8S?WmZ5ye#Y&~l!RFwFwRU83S{N_-kz-B6LI4|kw3&nl>(l)?#mufP|<=v&Fj
zSitP?2C|PhSng0#lM=+?FmA4Hg>PMk=<v5?i+UAzQxQpHu>7vJ5T6geBp;&aR;qla
zT>*X;LnDa2J(i=Q{RiTJ0}5t0kXw4)kXI!+UFk%5VR!{!nRS;Cxfc(JggVWvS2V3m
zUL7PA#%XE^+nibp*e~jLu%7uR*|W#*&nxcFB4o|tLC(aiF?z%G+w%<$@0QE$&)eP1
zh7J;sjjNog%Qhe8$wVFfH~L-I2*$*6l-<b!rB@!u6P|IONx8yjP5o7tQr}z8ji};}
z*}TM*S2#|jugny(k0I=hSRY92jf@HSN`pf{(BJC0^3C_m_SmFTtQDTb=)BbW>14gH
z)B$&pZzOMjkWX4#dfLHrZ<-Kl()@KOH`y%q*t^TpJX+5z@YyHq^p8bcbGn+*vn5vY
z^-fb1D*@}#b#}qA%iO1Wg$2gT-uHJ%?K%ac#*oYD-Kl2E;Q`;%79)Id?yD-}8cEI7
zf@rb|Zc^iNAFROmhcTJ+I4(S&l`u}G79&4TKCW0}ZzSJ0J1Hrt_5Sv3+(@u43C)vy
zguc-bOQ~D#)iI60z)?thI;YFl2>Fxat665(BnMuVbTO=zAVdXs4gANrq*c!ktmYu(
z1i~+in<B(=zP_rWl3k}wm3m_|Q%_BtVfEcqp-O4EigZ3>K1-F+EH`guMRM<x#_O}~
zS*=2I;)Tmp6vh!0<pHD?tJ*HRLrNZ{BA!(U>f`@R0CA2r9FW=zswit51-=(caoM8h
z$)0Dg`N^xh-2@tuh^zH@$-7@#mnO~cQP%t7x(^qcJhA?)t$hSK+G=#(rN(AoXvD1g
zspsB|PCS=ME7KSqGgETl`hIjQrSKjRaeTZ4U(bNYExeygAG(U^LqHQ_+~Q`jvfRPD
zrQ%$qmaDnY8?aDgCE6EDS(edj5T~zK=x89|G>^MGRW!>SuaJ->W^d_nm@$wFH@T4D
zY|@#s9gX>u0UEaeUkbVQpx<81nzf=2WHCpdTz6CzeWelgKPu1hlliz1MJ%~rBENx@
zk(1kFCtmQi`GZCN;p4xjBwq6=pOqYVN{^Yyzo_1{rx^%U@dJZb7zYpU=eT6QShG+P
z-5IjgQ#Vusn8B#SvG31z?Q&PMy_dT=s@lH~h2v4iRmsIk&y*WnWYr{jB9GeS1?9>4
zth;{kL|E)iSLrA~LcPdyZj;m~EKeW>;2*KcEP)?ey>_Vr_h*}UW-1McslBYJGX-7Z
zu!vda@t!rgEcL9(MwfrIPGV7sy)gT}9I@HBw{nleso&i7q8tO0wkt=x?IIZz1!2}v
z=M(i^lZl~#md#emnkAK(cYmB9Yy7g6B<!-ReKqR*d@3b(6Cw8~DMR*Qb@3CL14bn^
zaKGqG_VdhnlLkU)b&jTXEK{1!_V=BEykLrvd@pu3Hgz?rPq{SW{<5@TMvAH2)TP=b
zANyi6cObtH=Q<Wj+08rrOp6WbSaSTix3&`0CpzTS%I;ppC!t5;Q;S;m5=eeEgWm16
zDqJe$vSW$ZYEDhJxNqxk2j3$Z-dUX$EOa=e!tDOe7`f2r5|)n~T)c%8`fgFQmBLC_
zH&e|tuMUAD5~f6-KcQDKILl54{%gFK!GATLJXZClHf_!UX!>S~AQ>k9K|BprcgiM8
zL$UVYRH<1Em%Z1e#&vu-Sln^2*drzM?Ld12cs7o3ixcDoL62jVlEb*&Ey_K<LP9-3
z%9>@2q5ArzMol>srsCW-!$I#F#K&{Qqb0fINR!_f4y@fMH6jx>JmaY(@{g20aB3BD
zV(*SGnM&s8a)F;mldxL`5V-BLKeY1uG`#^T1RZ~P?CLUOHhoSAnCVBMq>S|j*mchj
zl?S9ejiuzQ2TvJHKj)=qqvsE&^6awHH4)C_=V}=9*^a#9<UguT)SeXH`L)XUM8fCE
z{!C!}=PxgI<(1K7WB!6=%B3{Hf9`Jf!*f2CS^!t)=6qfn=7Gj|uLSC;NyT#8iJZ5h
zs}5^yIU?vm?wv`jYNZIGdN*<@O$o+2_wDi3+~7NnE2q#B^eQs501dT=y<?(osMa9c
z#=VV|c@PBzCbSlKJ*+XZLGjvVI61C!CU#S0Xwy{*6Q4>wZ)mQT3g7UR=r1Un1YiAC
zEM<I87^fDhI+%X+c6ltDl2JZR`f$F%v&25X`TA^Yeo2*pMy%@#hu(QIdT#2UgM;!S
zOI8bh|4Y4#<iN=)HnkivzoAxIP5s|Cj4#vWph+my`9hU%?odk&z9;yOE*SQ}s-PLt
z_2)$|oY8sgNkI?s!Z`PWgnVNlBqxjslWCWgDX)_GXD1Tz{;vJv<<#XXzDIARL8A#&
z)kQ+U2Co~K%UMOu%((0HyPAF(XH9Wb&8>r#ocAU4r~0C%l{L+iHJ<@jm>tM;xIL$8
zbKqMB(`O~Qt`4um(pH`o;ucd#0tzEl$?CtSThGymLZ0KHpy>7nqOrq?z+w)kvQ`@S
z4DY(XTA_tOery3@5x=u5Pd{Y3T>($o*t&z}j_m#-1CnX{w9&V2OV^^``<hSiyoDJ{
z#=taS8va7;mZ!|H_P4^6*zmq62v5CGc}C^AO~Mm$r!i&lMWsnc>5Uw+JmMf_%WZ3)
z&*0JsGOi<?T-~k<IoBFW;mT}P``0Bozk3qrl5jyFYz4Q3cK<7Gahu5*AL6?0k=U!5
z0tY=LZqgsL?#Sxr-woR@E{$$-26^npemu9GPYG)%)3bs$La5T(n#CwsjN}a4D8?Jo
zjuu<2VEucpkZyYG9asL{x(2tO*ky_LOg}b8(zVp2I)cgH(@RV)s)vgSCq?(#4%>oh
z>`Hu2)+R=`@=F$X`HNzolE(2Dsg?0z$!yJwF9az~5`ZcbnS)33b2Y)>nSXI`yjsBO
zzyat}KGS0+dp^&dKT_g0r6<Lv9T*Sm4qRocj%xG>*ysPkw!WHXSQ^ABGy(BcnZ~pu
zDB<L4rM&1M$)ai{5I)g`?$$;7oaDLP;g{(k{m$`z5C&huKDmK2=KZ5!s@Lc50+}53
z@#E-%Zcl>2{y#R4S9>QyIiCnO5lq{?<0vXCs~KIM(klG=0*yP(0iXFP=p|p$_^23X
z>-k#<MU^`Bk9=d(i2rOFap8=0tb`B<NkSZrh^43aHwM|oKVT|l(H<`WQTrg~+0~kI
zdOwa?BR1omiTA5+i4(r=+iR6S8~jG{<!r8NZFGBM7Z@#imO7Gi_)bhZsSuZk4U`b3
zC(7x3bKs|+`zzi}d@r^@SLC;E-P+$T<HmQ;EmS5i>y)mgCgn1G?r_$f8!X}MI4t5f
zB=BDPOR3Ib91$D+s9Up33(aI@wkRwRON=Oz6Qq*t`}h5B1WCZ353Ssg1UKKTe>cE|
zg(q(tFUrLHnhsP~LM>X+t5Bj@F#QKLuG)LzcW(qi2?aHOOPpG4M*PQ+-|fD{h5{}a
zP&ibN`rbx=&qS_zZ!Qm$l-u|#YKDzdv^cX;iuP#Vi1n|KasP{+NWxy%gWtT1?Y>&n
zzs56#$*4u^^^m?f)1NFqIhJAM3RIUa%{6)R2q6&i5wFST+kDSRb&+3EuK#}ZEYtma
z)aIhILhoxv6jP{{8IFG_THIwnQ|xM`Q)d?+BgC3FmY&Kr`}VchL2)ZjDF1I~%DKDi
z({%7I)5ziP8u8cW8S-t656iIKFpwY+Q^k#p(1TJECyA&N^5H|S(Kx|F-To7n@!&A3
zlRE_5h=4xu)Y=0|T34!5W`O6-m2bZ?kZATTg)m2=QukS)UvS)?KWJ<k-_bD$$SJlx
z6T)IfX1-ammT8=9Ji3d(qdc~6Yb-u6z>1|5{Bi4hHeEg6fjF0H0MqV^<UTCP1Q&b0
zyX;AVWqJmmvM2<>U;VFWbm?~w=FE6)&)-d#8Oe842~`;N_S>;DFw(*}VdVxmCaoR~
zU=}+ixorMf5>TWdv=a9ZUEo(o1EFhv;q@eQ?Vcw^4^#g9AaOqTM;If&uXAao)N7xY
z`Y`-7W+2Q=2iw{amwFw|lLxwL&<kps;XaRS_1xbjLVSM45!W3WQEc<NXK9Igy)RbJ
zf?Y^eHT_qe9?x{C4kF5|PQFJeyVbKIqYk8SeYwyuF-l~UL&{}jdHWa3wUdY6H+ZSl
zvp?b6Tb-5i=7B$?d^cIlSYon^<p_!N&B4ss7q_1S`dXnEDHmOo4~>*50ewf){F5Vo
zlLL|lHbhYHS3aAeJ@%yD2>jJOov8-*k&QorJE>-ttKVfyNq+_$^I-nv8(K)KS%2wp
z>F61vBM<tM$P(l*6BK=ignr1(H1ZgYM(+UTf#pSpVCkHpu^>l$Qn_BJ8U^sJKn}T{
zP%}ERAzk;3L#Ky;QrKd?e)ssi-0_*Q&BB+n<F4w}-c{PCAJilfxaoX0lkt6HrYl@n
zVwIJJ4m5L+*_s1lX3qbNAqK_RN!g!*0hAA0B;f=<6DaTZzkd=IF#o@k#Q%4`C53zF
zE1Y$HwKsy-Zj4IY2Et<|aegpI%+r4Sk(-xyoN{43CFt)ersMBw6wmz`+3eSz9=nV{
z+SY%*J4HxJ8ou1&&j{?gH-!BIr)X$syzhR|wcnl&x1JOF-fj#gP3+qTb=297?};dH
z@Gi_kea~3>;;4ZPi=b`ac~A@vB-#Z^2R!^OKd<hh{w*hhpi(JF*UO+=A0PoHSzcb&
zuQr!D=Q3(^e4(#ES1T{wSE5yPuB}W&vGGToJNWh_0{a;eOVHi5ok_;&;?h#ZvIDGC
zhZhhZ^j92=H$;GBLmr5I%To+$twG`u>(X!E@|t%&x|oGHDzU4L-28h6;!42so5EvO
zi8}O<!Q~a^S@p-2Zprr~9ip_MXXu&wKE@=VnP%qAmJBw1{4$+Ki0JdO?>4oL5~H9v
z-+hvLf#NeAM$%bCjr@%Fa0=Ip_s@7tjZ-t~otIwAI>d(o`%9P2;lE#%2#jDz7!4Mi
z<{9AvN+UX^o}S(_R7VhAl-P=p7?%6{$THHO#=T5u?e}+x7sa61$t1cEHSh@0UUw)a
zxMKy75dN3Up{DupO_W#|zGqu7X5PW|PuS0TfXG<;YYmg2WQ|~KQla-`mBL3g$NX^6
zz&;cR^GXW`O`rNxG5uO<c4h3AlK)uXh>7LbxX@3t%Rl|?ZNyHdGLCOx2^PdQh^Tp^
z>iPu8_sUoTG`Rzz`Nl(GV%#e5kt(M-lJV1q{F3|*I)^q1huKP<eGAjh^uqwY@ubqj
zhxL--v(k68NjUVrQW{jKobC}7s2OUF|1>4PPd1}(4hM5mTct<CcvWdD@jX2~V<p|?
ztF%mtpz{g&)*r4wf~OnI{6irjGByl<PM4TfRXZ>_e>@dk+BdE}7)wZ#B{!-?GELwc
zAQPNYvBM_|qF<!eHm6}OzPyTnj9UVMhVH_QSD^JVHdaL=n*PAe+!)#Hw&KI;an8hC
zLZGRcj`lN0+<)54!nu{q?Cdqx+my2bsdjW;_fbtnY<&F2Qo_Uw1xGU)-#9V78~VY>
zz*@0|uhvx}dFN_C_(D|?sQAQyY&h|1!;`bAqCDR59@re@tK!4zRkL6J+~H@Dny0e<
zG%{PP!FZASFs9iWd^u4-_~C~a6N#a=B0h~&=29O&Ouv4{sjsfGV1=)pB1kwnqMBnT
zqW%#bv&5hVmw#}geOT;s_H_8bAKWs%DpfayL_=zWLJ>9tA+2bq%pba<soIUJ+7hDI
zxCL{0FNLG)k;(-^6GFfi{1z+O6&CkztQC+(;VZcP;TRpV{u<K!kS(a3<a<ePB?ie8
z@#V|O3|W?0B)p*uQ8YEmC`b>DKTk^BGI2Y0KH{;e%uf7c(FrnFtenR&h?~xc6m*y=
zhJu)-Kp8!t;+F)&Tn#Tzmp8->!^IaI)Wo^tgsMn1iJ9U3#-e?9@(-PzoB>1xB9r-}
zRJQrS>W<%j)Nb{gjwW!Cm#CtCX^{ldfSctf?s)P6Yh@vcbmo=fQL$k!ca?0&M<9ye
z&zuo>sV`qlX<FGJatb&LBGA-ckoOqR=-kkQs;MOcd}@Vpm>x!&BL2fIs&mt`S8mxD
zH95z6AERQ?YFaU&yamTIIi?}Xelwm8x*vREJ9{nSr@~|q&N*!Q6>??0FwQQtwK`Hj
z$}Zv{Ka#gLSj$WzQDQOTG$>TlB(Zf&L3wRlumVvyvJH8-8<|0RP+)>#1Gpf=Fz|Xa
zl^3j*PY@eZYde=HDWqv-Svi{cftb>rSZrAJzR^<Dr>Wl<!8i&X8J!C&?{5e8a{uTu
zp5%0q4G{k;`xiTGzLJw0BSPl$ai8s$B^ntA2ZdG|oicO$rdbDsj?)ns2AAWC*#7&B
z3nQj)ZZ8*HDrV-|oiA_l|Fc}#193SKZoZn@LZee&Rfkn4mV9RLpj$q9PFP;^R_ay&
z5!G5LjCU6M;g;QL$<G8oZm<LfS_cwMnhh>;a(_b;`h8gd$(*iK;1_UzBH&_&6`pdY
z_=a8Mdsv3NK8A$vqS(uiVrHmWzUSf#`y|ZCoNA4UVccgo12=<>$xh~jmq<_-wZJ>|
z_HXGALwpCMKxXsnDheV4^g4-Bb3GNyzvytsJ~5wyi9u;gLSgbY?%$dAKR(D{v8X&L
zNYAkeW@Jxd37%Bel&ko+Zun8uL{T%RwXkR7Dq55PVvwWZzp<nyi1F`fGcd%e96WqW
zWTe1<9YOiGaYQOuy?GcA3=EUc6aN2GfS&sQs9z>!$<H4o6h~_67-GpVhSO!}gLJ;L
zyO}J4hCMqN`XY466SVm75ZE%p@`7o^WPUFHJeF=$ZcTnT&GWtw?I6n!ot(eGn~e#0
z-h_m*Ng0gczyMHGvd(2e2+j42e0*s9cTnBye}^5cSGL|wx&C*b_;-QrnF^yc0egm_
z6!uUxNv8-SVHeBvc!CT8=NLc}RT-Bp0qN^MH*9<tCmT(=21G+ZQ+H0R-njjW)heoK
zfEDfW5EA}88kfBP(enxCS3Sronaz~*<`NWo^Y?mt-LEp4n4CPyfZxt?JC6FfnDvtk
z0ekFxrHJ4=r2M#4$;5-Z5q#%*K*1~{lX4`ttlhK$$^Rf=b>q=6MJW;R{O%6nVgf$g
z8qIt+)!LA8Wlu^@7*dA$5e7IwpLc<)L+`gn-z^r?&y<_S5_~583B;YeUW>0hc778A
zJH9SvH~Zn$N^t)j5;5&CQ)xm;8+^-a>bJ`raB1LQZd!){I4zAi{7yHAJ&$oIFKs?g
zCoi@6lhxUcO22vYfg2=o+A^@sn5%VjzU#?OsIkcOJa$nNE6Lk;7m}}(Lcuggk8w1Y
zS2T%_B~t@?4r&oom63U)txY22e2bDN7b_Erk!y|&r+xV@L3nSbA_5GPklP+JdFeZ(
zO~PfUEXlYjBeU3NChYuYRM>qNVmEwo{GRHykNV@84btmzNx8p^@t6b$xg^XCepw@{
zJM-D<_1xDD+$ybrAS1HAeq@Rroyyq<D+}J4tY7`LbMpHD_9Q5Wc0DG(>O~Tik83lc
zPg&gtP;y#v$hgh#+I`=_S_NCZ_QT0ceWWB$|BCxOEdjp<#^YfvuDqG<Le%2i=RJ7{
z_aMsPoCt@6!#(+3XD}@wf2nCva}38(enPD<Le=Ohs94ZRzj07j@|~+;)FB6iEoE?g
zqsvP8gK2Veu`jwPrg(!5(yH)sTKMY0?(La`xJRtqmtQhZhWQ_xyTG&&Rmbm@a|E!y
zywFugdx=ZVr+?u~w8gUYki|}&>ScsvX8Kf_!HZ~8uSfDzYykawXSyWMFVNtq-Phgq
z_OI)7rH+<(zj6xWzQscR;%#fn8O>`C1@Zgo5-t5!>nOv@O?R88Q6lcPd4{kTU}~H9
zs0&xrnf!KR=6^n*fYZ0OX>joy{q846s#jU@rq{P-zl`sm?`rYpw0XnT_IT@l&jjuz
zvjaIN=z<Xe{_*4@Ae~1*KwFZZ<xB_~glzQ-KJ`0o$GGUIw)`n9mlpVSJH}r$N7Nf%
zN=iz1JayAx1~S-~#CLWD>ZA?rz?2P^1Ugw^@I4cxAj;%u(f3!QiKydzGa;a<&KA@t
z?Zlr~LGM1t_SJ4;Y6P9PW8!H``kY$5<4(2lIGP3_zb+^q#IYH5qq6b(JbE#bQ>dhD
zZ3w7^KnA{q^uKz4`U8uE!;oaI4qB?T?ltZ+_Se;l*YfXs5)NG|Ga$nsOe*?wxY%;C
z`HLP%8-ik1cB096*2=0nrN^>Fc%5(2&v)j~q(VZ{UIw)rnr@AxPqeAIobN8^jq(KB
zji*0&d8PJ7wa`S{kU+#`H>FGaH`Cya0gV^NxPl*ND;AnAvZBsbf;IG8J)%x>mirnH
zMPK@zKNkaRm=~Pq@L4i{FSuN;M4>0=_G-v#Z@9&SJcE!jB3f+q-v69xI`o;>svmG$
zb_a4LCGVR3V0%dD=@7@?N&OtoHreQufi&K{(oM?apJYCFpSEF$<n31Lapwaq%vC^O
zx_PF2P~i_G%)AzBOfWYYFt*Jcqg=qJ2UkmSxbyzbKN4?$ma%JvHn+hgKE2L%H7|b1
zYJS$tY7p}C<S5$41n?E`9+VdqL7NWuj*FC=oP&iXwNb_e<;JBA5V20u*e<`VW!lNz
zy%6f}Y*FuNF_~nce2-T|gG32{krwenr}VqyTy3AKlT^E%1JMm*$59)6n!N0;&t2la
zT^OH6EV4w4#p*Ca@OP_C^nCX~{ACB?>gB=kx8{KB+8`lFJtI+K6JvFm5sxSIw%mST
z=k|L>iW>t1--S|3kht;1wQK$5yWtetnm~k?a;5~exc>#;B`s~wdR}}?==>^pqXkx`
zOAbXy?zgA_Zl&BADc7%ZU-x8g6N=FcL3!5o556mRfv<w^sIs!Mv}ub_A7htZZ&r<5
zsdff{=TmIzy1u=IYFF_Hx0rRv#WD#`CE0GnJFaK|mo#iUhyT!-8F!#_-)tRT59CAp
z1Fwfd?mvW}>6o{<ZGO&}rP+leZuYCnuAG)_-&zNj={5P?16lva%mqyF9FTlz<|>8b
zlE*lSYCBn-`CnXK3ZbgvAI#M)fP>$;EZK;ruxUs)Pz@%r#v6J8eoG>=66uAHqiT*=
z$>n$wi<(@4Vh*@N627$X#69q2RCwjjbV-t*D#F?%|I5%5Mk=Gqrt<h{<2$Q>dxn^o
zZ3{jGf(|fgz_^-j9c;`lMx!PyaBdsp(rNlD76(i~W;!epcV@<M<2FB??9HhC7<K93
z{3$zyctH42mn^NdI+*EbD@B3O_R+tMDBaepG$seed@nrsHe{+u1&xErQ=Ul`!P&o5
z&A~R=f#arg5@r-%3BLIoGv|lTz(AB<XFYSZ#?ozdRcW$k-ttakKRYw)ebW46@{^;Y
zuXHA0%|c}Z5_U})we+pPdt}evU5Eb_Y$faomPnzr?BTp;`N!<VD#Hc}w+$bYR3_6z
z24}GNXisl1ET|IvrPSvFCg0%17vC=IOB?(gQS%$Hw@tFq#oV_%&O0@8I1sSE8$(}k
z3KYN88s?^&`jKBRj~1yq8VY$6H}2=?Yi2UTXWb}=-6Z)gmqbkc@t}97W!$kQT<iRh
zb=*2VQ&){{_)&Hn*!l-9Ie*Vjwxo;^AeG%~i3z1*Tueu!AuKRutvdRV)p59n3yS9e
ztV|?q05K-|Zsl7ZSTEpwN5h0d3+U0|)GG6fUPHQIl#5UfQN1~Xv_Us_C{l=f@0&_e
zD<je4`Fc%cEYtJ!B4*BK6H^bH)OO5@wn!p#pvGF+7qTsiq6f3(F^Lgh*IQLRz4fbW
zZ<yMka>mRY{#^p|aI_D*gYNB}{~~MKLCfC-Ssmh2#YV^04Z^7q&&i$;bWSodGI1NX
z*(VWAE-SiZHD6d(QiREAOjNN=I|D%D)LNS_bks{d>^<N!c+~Sv{Xnj2b-=&QfRMG%
z;6^rYpthc7OrDRXba<+9mYn#(RQbh9d?DlGwXg{B$=eAxTJHS8KS~B>nyez5NF^We
zMC~WSxXSLb95T5eK~(7NDUPNklO%&;kcouxXKdev9~2N8J7C42NMQ2O<_&6(PGt-E
z8BMl&Sz&aOm_~(6Y`p5-NoG$1OPKpNPS(Fws`7fnP$J5(nhZ0z5Uypi01ZV&4m=U)
z>$YER_jSFQwuepc+OKUSW9@1dhfAUAIyR6^maAt3EVO;$+^yXH3{u69qZY*<PC@is
zsOaHRyn0#@WB&f`)>k|tkjU63*QiaGtK6_f`Z3^WXIlQDbAe&^>KgCosMngsIT)M>
zPPiuv@ECX4a)rk~4_S#hUMROG2B-zi3pK{?(>#p{=gqx|3YQ%{(L9}iANl&v;#{46
zle0-oT@)5FQ58RG2}sE_ZZ{k|i|lNuBxycow|Vs$MQ>P-<chaNQ+(*J4IelF;<9EU
z((tC0F{h?*_7;V@`jw!z4^KqN9>oV7cR7#70Ge#PL96RJMo(|meo6BnA~A#_i|=&_
z%gUv5Wo4zGGlI#HgxgpjFQFQI0d7B*w&gUee>sEGh(k^fh}^TKhNQVR!xMRSYJzD}
zHI_dU=6r$_Ax?}712ZtmJHRos@ZlgwJQ*C+YI%8l`xr-iWrMcKQ3JUI1mxzFkQ|v;
zMC@+!oWXafay$0nI%T?j&vlMm?-W@3ACk5;y>=g0?FwBLyvJM>C~M&PWDzA&Snj+2
zxI^9yE2U;g;l$*@P=_|VNd}(;o1r!yEpke2hOt=j-2woF0J;;8i6w(dD|53+&ATzy
z@g$rg#rJMu^^pnP#Ep(iMDP!CmjfTrQ<nYqxkxxnl^;JH?zf(6au%l;Gd9#3K)8<X
zf??JssB4LgGog$kYl>;>Dik&g18fbAZ{6;zPcW^AQ}7;RGX=`%8#LOi*kL8Q8Pks*
z^;SjfYclvz=!fTrWJZf$zGu>8q62BQVc<~|6WZzqoZ*>z1ZhY@ZY3vOL3<DPNyW&T
z=XZ4!db&AW=0GgyFt2T*rXXj6IO)H)xGXo=nW-ovjEpP3c7Rn@Y#qYtSOHg|5dW*q
zG9hEQ)oruu-o_jP4z1c!VJF%HPnSp4SjnyLmuSIWE4)k6(6xC_yC6j|6!iDo-abQW
z@$Y*3ybQA(Z@{G57{02^;c#|atCSs1X|_ktz(17i1y+SJ)D%vK!L^^IbH2ucQfJ%a
zT1W?Lqro%X3gf8JOres_*2#}=75K&G?kfank~W80ZAUYn!8=mTU;=?{UKM^vL(e!~
z!t{f8;hSvNSt}zKg{5B-yCEB|byK;2E@_)&48a#`-s0^$-(^Aneuq-Xl-QK%4!V8U
zjN_7k!?aAA2HVBAN3%nZkD<pFEd&?FGUxR#Bl6n_oW=grn^-O8e~NO0!iiafbjeov
zlV}e&{w8|KXnF&J$wqT(%nH(?SKfSV(HH!SO2h|lLshRRNiGS6!$7>`3GxcRj%mcu
zk+Eo-xk1>Pq4?+U6|>m)!v2?3KzKU~rpryH!$gE)_~y-S=aw0A7(~e8kd+duQ3^St
z1088?-7#U+*K;u{4Ev<HIZ2|4Hdz%c*}y5^aW*EJ#_P_a*xF{b6+^x=U%($8cwIoD
z{pRLGk-z45`+X20Y(=4RX}V6{`<aA|s1SIX&Ch?(Z^-{OjoacAypH4HbTe%q$Ub9B
zON+(n#$c&22JAVXbusqKILOsp&0BfFy>jEE_oI6{Cvji5*C5np_>^&a#>Ue^NuH?=
z#G`2<9CH$O20SH%#!W|}4dR=g8-g1dN?R5yQ9HW~^!5Q2dGX>@Q63s6f~4`G#yZB8
zAg0+GpKF^b)p3ZnH;-xk6Zh>gsfEVFX>uug*dYMn^#W@g%ma|$r#;!MCFp0rCeVtu
zsFxehDg?>c<kRzCYrrQuC|`RVMEYH{dz6%1=VZkKfSL8VLsWJ3uzsyIR-@BW=@{SO
zfEcr4vUXtZqQqaipWZz(GHTIL&K$oa^ILNKyg*ZJG)rxHnKe}<I%SRA1!0EJWrF=q
zBeH#0RKkh%jU5SY&_iZENs7TlY%c+HoWe*tzdUSSeeES3p$2#jIN@i;gRdbTTWJQZ
z#2|)jy>r?0Q%WTQvZsGZeGbU2LW2CbtKY6<FY`s9HuSoW>`)S+ZStXBt7xoLk_))j
z=s`T#NoOLXPIWkTygrc^d>7(zWYz(GR;pd``5K3`6ws6y{4T2r0NzX1iWc}mvFtbI
ze{>+WkpGMR^LY!9C5~2nz7_!!d=g`>X;5N}@WCn}sd%3)_FLrQ$y?w{3dn2Kk^(ai
z)~ULsC?X>VhGr(ZU!A;VV}K*elz<C!Of}t^R*Q$sy-kRO|4WDXpRPr5nIucCure_8
z%+TIP0CQN*+B%;bpgjHjL_|csy<ff3D46eWWpe)4T`D~jl7Nf>n0~9DM$!S9fN)}J
zABgFGx42{S*$(_sSFj`&1>_1AL3vz2v`bDIkWjgFs*QI?e?U`ZlWaZz9iAEJ9Gxg!
z|L>Sp|LE7`kIpNdv9dVZdB`FsUh8AJ+Y<!*Ilmv1?PyjAVAAZg<d_Zzq;&cJd9>K+
zsg(MZP<$z8?gNwLM()+#r$k0*&r0xpg;J9I|0ejb9kzO$F!*`EKdVwp^q#EKw+a+;
z83k#d4c?A_48FU@T=~o0KanRt(JreLaO>)MOZM#3J<VOwHXXp}uz*nP`_6YC@L5=e
z=1=UMUw8aK)IkKGQ`7E+6899{o2$LS7uu&cfKC&eZ8^l58ObJ?6n%VMVH6=sNZ88c
zI|$z|jFtQY?B;urX@Gihcold<vNv<~(Qfm_-{OGB04PEHwv#H{dC8wnt5Dfb6&Uqg
z5aZBuKpqBoK2Vyt9d}<GWrSQTMepF>?pz@!iameWgL3p24xRQcJout#+8vW#_tIl0
z)#vVd+ta@1)@v0t91lSRMP6od^Cmjg`i)XNNJjZ;xu(FBEeQOCP1XnCz18m9_%gDx
zyOSG?4X4msHw<t1@&t3qLbfPjb1<A{*$4U0lqxZSph4=~bsyk1fRmL2oa;P?Cg(Ik
z2O*)`V>Ey-i3YT_RUkVM_nvnX7o&>6r&0cbk^soZ@7)oPzKC)32A{EHNd~K?O0?ZY
z-O3BrF*1BFlD}ES2$bx`KUj(9(5w6k+#fI4qSks4)!W-U>vbS@e;m!*>(k9d_C!I!
z5*T1R#Q{X>SKCp;0RU*>21F%4Bne5R8x8F)dp`&|Mz`Mb7@Ji3I(~?ei3y!d`mIL2
zzN_^}n#TC!XBmJ_5bL%nc08%Xv#a?BpcK2@atripeF!^E+At*V;K9v*7hHTqy`38*
z2`7W?4|X(~{VqxkFa3Z`jmxal`@}Gg3QXgl&$7Rh*sK34SR#eT=repaFyaAI#$OkC
zppLf^pAwTaV*>m6PwbV=-_^?mfIK4Khf989TWRcbBr<g^L#}PncV2a}&to^;`hY$9
zy4#jryb3;|S{}}&<!MhaaEb?z)zyAlwCS_UJCgjZmOw<xyxf*efO>tJpK;o(R!UPq
zI)RYOe59!NQSl+`Fa!#3Ka0!I!;t&k8A$n=j3)$;ql)<~f=qU|t#kAm7rs9}i}mC%
zcU*v_iMwMsFSipS=TFlI8VzcFzWJ@#spj@kimbf6bf_xsAKehy??jTi+m7qzCT7tE
zAY*5BpbN+Qv#Tc)^7hV>YBKiGd5C5b>U{dLnzJ&aCK}Z&v5@Fg8qa|**<B%Mn7>N2
z<deBKD{r`BDFihi<15*XWp#I<piQq&LO~c3ubxwt(+VbD9-*M1yqj%|HB4EwZu!<X
zrd2K+bg)qG9Qz>iP3A|j85PFti87<{<I)^d9A$!X+0*rM821_WnX0(PufGG)fJDlf
z=fN-2(b?l93^3B#x7K)gQ@^&U((OLDFXY3fIeyAG0Ztn(TnY{LdZ0A`d7-`7;jcFi
zl1aX?_TPNw1FNdKSw=saqju4111#Y+j`gp1fD-a<vYy>9a2eBcAEqUxh?>|!UYD6k
z2`G-=GI+_@*9y0ifMk7HGk$>)TEU?g5Sq?kxL%NICb!LP0&`znQj(2t^}4?c9LW{!
ze?qNvvh067QQ@!Vu{*Ewi8Z$%y2cMS^c?L-;cKS21B<Eup`g|BQEB`{i56?kuO|$(
z?PPp*a!Tvoi)BG*g3#M9vlZ&!AQ_F!3-1<YxWMUE&DMHVD*#t=d%c~TChAX0!{qvs
z-k=B`qki^{P??O=@Z*fre95Vme7yPXZ{C5Ojr_*gMVh-S^)DcGzP6KDv$WT~wb-$z
za|8bDfR0rl_f_2ImmgFai2jr&J}@o&!^PW^1v$pD`2`yivbzW*9pAvm{l5X2-Cw_X
z0bKGMX6`W4H&r>}@2^j71Xlpof1<-kul-z8H-=o46iCD5?{2S8`e9{zuCDN9@facL
zk;v6vjdFe02F{iav%f$b@9{J)vN`q>4p}kF2g$>wXn-EwlRrrM#UHfzY9oM=wJ$dJ
zgGFz6$pwYL`wxD!>9N#iaEXow#vhittF-RA8w&d_t5n8ckYa7pA5ZDfPzj)m8g_J0
zs@Lc^G1;Yu_<y(8C9Rrk9OtkGZ}BJv`Ml0KUIs6>KR*MOJr-wL5*;)m$K`rZ_D<9&
zU`bDZz`4fR=>KKWtMSc}nS@Ih7v?biqk7d07~uDREkbikR};I|F1s;b>{tg2wq>X}
zrwD2^Uf!J(dpWLz+m0GNhax-FC!ffjW`zUG^LpMXIH#*i{6Pz$ahYnQ{+!D8Z7a#%
zceyfKR2#~w1R(RW6^0EOMb6?4V%Ho^b%1IbO%|+$_$d7edp+CxwB$k7VufB`8VmJ&
z%OXkIisJJLZSP#%2r8Mhfh;PkfrEkXjQaQ(haMn+N|l`u@J^kD?slgQmQ_}0P4IG~
zQ#1t$&;`MD0FxnT><jNi!t5B~vUitzOJwOW?`44<Jm2RHggVvcjK5?s5$*QQ47Y2$
z!#~e)jzFWu%|@`RH+pQW)Zo*T#X3wt)qVZi^XU6lVyQotCag?PFJ9@FVV$3#7koL^
zeyS+XuF4cF(E@q|;g7X-yF6jE!lbj=qJC>Eba#yAcfJz>5H!jc6{V(m7==Md!JOdL
z$K}Q?(p-7(CM?<1zka0%QJ7yG4gf^9&z|ZS_G{IEKv?Ga<w{`W72Sj1qFZJ72|!T|
z#+}@Deo5g{ZB%&m)ZUKuHNKl}t^xNk*zrU~YI0n2mFu(#)wZWS-tR<k&+H?!L=k1J
z-0BVSW$TaEg=ZksGQP<?@n*5V=<~XnliO|I9|r*oYB9FyWzao*1sd_TyPM7OfEN2%
zkXdTR!0l0iBBjNF4wZz5LTZMBO40$^i1o7fioe>D+DHMTYOY8u?k@jxl))*mB*T@B
z*~wZo&mQDQ;`a8K74?|)!o9ttp8e6g>x@&8cC-9Q!g=oX<)yY}YQm7*_=v9u5wvSu
zne(s76X8gP_{%048GEVEm`o)zshM+~9sV%#Zh}}^!{Kb5%Y!+c4<g=oS@SIe_0#hT
z#5nF}xalj4Glm)8fG~oX%cwy!Fnf)`j{0nqKl`V<4A6@))F2vh8;0Rx&6dw#H**8g
z%_no+2g?mOUtai9be9%$3npGMt#WxEE%IX2vALAX16s^Qvb{Vza8d_iFzAql;rqtr
z5C?a$UX?^#1l8N)5VY3mdA#+e+s)Lv)doGYDdrjL^Cr<gm!k?JEU06cfD+<tJ{Kr<
zS*)2k8m7b6<R@AXn}q6K%FkBamt=r4J8tI7cyAW0gXrsCC@H5Qkcw$Fxq}vt(W#z;
zjJq-SG1;GT6sfQj4C)ML>jxWC0|y7H!t+crb#;a9Q=YrZHzK%Xo-b_2)zBs(6E}m5
z2F~5bnVps*BQ-Ng2owsb7r2_Aiz>PzZ#-eCMRFJM6_vT#wKA@pW{t|(H4xf^A)V5%
z+PjlG%N3Nb>s{gj`P(o%B>4lAQ{5RfRkDwuk&7%<k4PZ$qsQL{u}s@7$dareDB&vU
zY2y8@RXhBBJL0JAeeD#9)Y#0Xhv!egfpcy^8?y=%Sh!+=ukXPmrxC0Siii0vhUv97
zt5-<x(!w2(k71=C6Ut$W2Ya27svYN*h$uqQe)Gft5m#!EeOO^tG}afy)0Q)(FDX>O
z_}xwh7y#sh19Nk8rE-0XnDRG=znAk};?GYKJH>(Rske5s^L^mdvrr6tnX(kF2NA4;
zgt%o(GXOyA1J9qx#QAUs9-Ix$$@tR)^r<BzNu>b{)3_3Lx<MhhZ|IElYD_iLMOsxN
z?V&T9SCT<`g38?7g-MQBi4t%9E;0iz52{LeV#Ud``AT*1ph&N7XGvNS3s%-kw=EBq
ziIuzaUH;;UYwPLPMzyB*^9D`F$M4IMz|ye4i>~Eg-foeZs<YA*q-UM8*LDoPd0s2&
zHMD_V6r&2(mNJ@@WIqkLcnyT>hnfO(gC8&^?TWxKFn~Kv$(~v_&j8h4rTAYbtNJck
zR0c*w>9GWX-Jvg%(98n12Lta+1IBGBb;<~%XlHIbt=<_6D>-P;YnqvyWHpuFZd$#z
zmS5#bQ4Dz^Aj*N|UE27GC(%z7_0zy>-N&*r_M`iKfG>hnn=YWYeu=8&d)k@TGai4B
zQw@&evfilgT53y#FL~>@iz{hny1=idHMd3#wDD$uk}cOYI|KrIu4<r*p#QD(`_nK_
zN%c7bblTtX&=@*~Kou>`kdKdJyWFWG2xx2P?-gFncRD%5*uwbGn;df;W@+$@nZ}a{
zQ3^K08BaUUfYBQ$b>R@}@P`(w*k#L)7;y#fH4FZ<uSq;NPAlT34-obRc<e+88}c_l
zqKM_H$t&lbhr3X>SR9xYQ+^Z-r=CoyN&b97pW-;a0qXx{`7^pC`@0wm+AD>+*jUQo
zNE&*cmVwqee385TDyTVtkFaf;4wcrG3!Ft)IR)4<lBBR}k&1db_G?(lJAoRzf$9*Q
zV2&%z0uR6!o@ao%d|Ki8j^D=xdIg>@Zy{7wHP5dZPas?e*yWFp?nj^V-YN;IO%;xQ
zM_>+u@&Phc=WKY#1F*$3XK8EYGuZShHGu*tvc8zzsXuidQ523+&XfIe;dEqtZdr$7
zn4tv4_T+1br1043i&)J`L|<d#K2e2X3#w8or{+H0EI32JRqRf%C;E^M@8@SS;YL}O
zk+jQ(d3-*o7<^-pSa)=7?eu2fr8q>uivqzyK4WC6*4S~IE$LGEf^1TzMiB-Ezlm_Q
z>XQkUbC@mfn{OzyqE3&G+_C?%f%9{S4%>}T91Hujx7~LNAP9M>akj?$F=+!n0JhN&
zz(y?1Me#I4jWZ5rJ5WrcXxP4zyi*@HY4@qw<6)AV2Q-`Rd(_*+yO#646Y(~0O36Nl
z=?13Hl%g0wW~33e5n;?d%{rXiDdBd~)!;B&njPig^W{R+b5A=adQQ<jdZ{l?XDca#
zgWhfj^%i+@s>HL7fX@QyHc#;zmMZa?-|Pbo!W;7>ThXM7Q|RPuYo#?)J|{mp!D;$f
zZncgEs@>9$HNL(<5v)3Ah42^E*^X(33f+=j&<3@=M**t&`uJ#R1+D+e(+1{y?QC6C
z2Xv;R3zM^Ss4lgZ8lV$uxGC;^vOJ@N8f@Vt8$wXL@>|Xmdm~`*+|5sxo5E&>1OqPL
zvlJknPui#oF-q;H8Y@~0bJB0+6rB)2$r=o$9T&>QI-GCNC{9#vJ?92F`qgbd6;;X@
zp)=K5YcpITMQBaa@~2dQbph&9l_8HBAvRNZSX3%m-Xd8%U5`$=3fgLDA1JGC!n5we
zXi)%mz?A6Dw2BU!fy=~SjQcIYD?tZBmt2z>-`qA!0ggI<e%63n55qX2J7NR<+re-g
zm4x*HKXzG0tGU%m7OTthj_;;)b*)Q%M?zUUYr5K{k)}V(f_v`CYob@1^O~pP37#ai
zl3cfUh&_G?&h!vl*_c80M6C`bELb;#{#3d~CV5_@HC~DAnVz7k7}EwoqylbMb8G8&
zYmoQ)qs}<OgwOMb0O!SEJ>amiIjrrINF9o6PB+V5y7Dz-udd!<mYY+srx&pNVD8pW
zoLVG4g*_QYA<5tE-4iTZh5FXDW;A8RmaBhb0F=98?mw)vU-Yk*UJJH2ZtlDxl9r3R
z#je`+F~P&(w*C`p+J^*ycXf+*TQTXSyFlI0OxXkNKD&^h(&V{Ms+`TIBN&@dm$l@7
zu1@AA$Wvr0&LiH$uI@BnuYsq=J$krtup&?ETfEN-A|^P)|LrEunahJuF6z|s<`A$1
zVzX_rOcZ63#aQBKqwml#fZAHTjaEhC{&@aNEIb`2GD1S;I3TNIdYoU+QfV$NbIxi0
zMlo=MkFaw%@K@74S?N9Z|2hRo{6YZHj7SZ`@^_;rj@zamPNj&+gJe{|^dO#nXI18Y
zBjM2JQI0q=g585Kr1are9TdfDRg}TsEY|ycCgu#rRb*t?qaMV@9jv5@>*axTExZD8
zhb<3fgx_b1<u)0RH!k&S+{ZYilkP->8jAnuFTWmZHYf5hi`y`ee*F(jrGONx`4|I$
z22nZR0W|4zpO<t72^vQMDO~H1@cv<a<81$>=KTjbGD|}|)D;7bte5&f$yXf4e*+H|
zTSDm{)KA>GqQOp;OV_wRpDY2hYUqEH&p@MzVR<iL5;M%M|3#(!{_&50`=86H{m%ox
z7;3A7I%vVOrBT1s`zuqW)W!hDxm<#y<q`?3gg|*Qkd<9#zVO!_Z2aAJ#oEB7NWv4Y
zk}1T%$%)HlB+&m|7U$%6^{qH-f!yh}<6<+Rpu_YVpt}8)+r~@iLOdbbq}HFllBwVG
zds+bLyJLR=y+^81XZaFPMCx)G{Q+>X>G&TWK#B{XA!<t-L57|{EelYlfeEnK91qOb
zgKmLuyZJ~L|NS}<K#*0*0Xe!-aoxF|&nuuL=0l;1GG_nQ!f)O@*jZQ@HWpb*e5Q+&
zVUsSV#p&$wdW!JEtWaCvKIv<3pcWkfba%<8iu!$=LvKv?zVa|INRK9I1J(Dmch^_6
z;$Kcja=WM5waQT=7FVFbk~bHJ(TdMFWT0j(lD?DqJL7cBNT8ay585Ebwx)}&RTva2
zygU#ER9TYU->(1mG^et;rY3zr|1$*3CV=v7Pji<bIDn(*tVB)!@LC$B5%c*PRArq#
zoWf3wq$$;@K&8zs0MNJwD}>htyg~QS@HxL1RaSPL#0>m$YRh>;#Z!qJAWHzLDN2V!
z&k$)<Y*Zu!Ksip{m}yy}DE!yF8Luqb{Q^bulAoW7`NlTq@Ko`L;`)x;UIv|S(oXDX
z<Q)Tk+kT7k2;9WkZ3TEgLfraZi21)~!9;JjpTbqVv5TcPKJ*u;1GS_|)`##f^#iGu
zc8TUdmPj49ijg(6A#g$Hp`8AKkmG)w6MW};FyDYPTV*!Oe3>ocjse6%vs&?40P=LW
z5FGBgQt=iD-+Ap%t#O~fdODif^aemav?Hshhkh50=J3z%%>YD^_4v{EyNqEL<*fXf
zDX%*S^U?*R92u|{c0zL}Ge;mf&8!ZvQv+w=c(idJKVg&iW4r&F^~wIbT*Ww9q!vFe
z;Sdj#W2;*%WS5oR`1Tfa)u5%;&xyWY-0U14kt5#9xTcD3SnpVZstA_|RB!X5wn9k8
zoRH^-b&2~Y0NUg_9aQv%cJYU`pV4Jb3=49NiN1kJJ(r@KxfXyb^V06pvHfb<|G7OC
z=HT{Xqm$@^nsYbR4}{puKMxG*o<4p0wJ>Q4c<(_dkjY!@PBORt==^<$9E9fLQ_oxd
zt+w!y&|>k}UseeWs-@n%;y9HWiZBv6S^{3r@ItpVU!rWN?~22$Ga&w=4JnXlF5srb
zth~Hgp!7i8fl6;TV*b?IPbEyjo`pu>YTQ2`qL3VN(5;e--Wsh2N)6lS*-AuFl!#=k
zBa8q|=s+li-R!m>)LFhoi>z7i`vy5FSZ?*iY4tq(2<U)2EmW)_Y>gC*?5X`xkvXJ9
z;X&7%xI?K`kD3T1x<ujap-9B#&l{t_m#_36GY*ID*UMcRNlAqiYc{+9AR!O-1V(xM
z+n`Nsd|HWeB}>R5O9=n0k;^JD_<t1?hV}x*rq5SdL{qrT;>IQ6P6zQ~6V0x~=U*sV
zcrc0ss|v(?PrrKXPU<#&myM=ZN+E-pxf?_gF;5#fE?k?$212<+x{@w9^u~I@$c^h-
zDqqv3){6&b48WUA0wp(MuBT+;95()LbzGgUFL|%%*tm)D|Mq{%ZPFU{DVo#@VCdxZ
z55J-+4yRODB5@&^0R%nw*n0go|0;A;f*My=0qCpDi4Go^aAmGtc3E?i<$r!q0+uoj
zy0*D!SFl3nhaYyM^{bMwhTSea!NQXIaoDW(VgYf*x>_6z?Hst3wtXhUqLyANA$)x+
zfjr>HrPzoC3a?9n7nDq!BkdjgXWiR#)>gh0Ws6Xmv=M)vVTR5WfKu~6Fq!2ingxEk
zy*{%7inNPqUtdSi313IlxK7z#tiL)K<~h9k#cIQ9?f_SlTottP1&VmI&3qOzGLvnu
z^LQkmoZgXf8|Qlw-DL{zw@`V%JNI$C1fxri$Gi6R>wOtCOHVm{YsFH`2iPmBLH%6g
z)2+?TT}vG#A43V~#KerpFCqn+=82o-sk5M$^A4>7hlxmCAVXb4_I&b;8f=4iM4a}a
z%w6rz{G4YR40x~C8Q^PT>2`Hwa(gpe#isc~1t{15X*#Ot_?d+LBTz@S7DM=Tv+K^D
zUdkN6c=sL|^|S|!7l?dIj;9tj?Wh8t@@@+)j{%weUdkjVw0H8w*5b8$sqQb+cdAZ~
z_sGE;9@BOOWE;7lpTII-oM<k|_3hDeOIZ<{P|E7gFjzEE)JOxVFbR}J42IkbcXs-S
z7zyDD5M4YZ7PP)hK!Cop)FzBgZYE*>(QYA5j2)N-wToz&_{D|Kot<m7e4YU>?)Vii
zAyVnm8TCK`Z&nZE3m5Toh&q#C*E?g$prkftjFpx^`|6WZsYNxv0P&VrqaAqjLyJc`
z-yTzD)^39*pb1b(22thY<V@Ikxd2RveIwUsY5{p&y>WsBsvDh!?NK$)FdjCx=Gj2|
z<hblsgVPKXW&-dEi!y*x%|AO6VjPe~+Ck^M(@u=IRf<OUpBia_-L)L;#b4S_%D^I|
zGAxZCfjR9d0@;H%lS-}AG8x@EWrlcw#IHLF6he*uyuTy+dg<wAIR<g$!TLf5kT8Hp
zu`}5}3_J^CCK<8RJCR!}D!nwL%vY@yhc&Y#rV3EbYkUydBZI<oOvw0l^9gnNovR?H
zX}!Yubz}fEKREHcpjKR!H+S(%p@Z~{6Mzs-G=sDrUS{z{q-Wx4Z|BNrIk<&jn4xRM
zY-yv@mkwu+rPj%@jpN6qOE(+=ufXW8wnk8orSUS>wpr_)Ew?`NH+y>Bq&`<i1k{%K
zcwAu(&sHO|to;?-MM`vd>jG%ELfEXyC!Kn4mp4UD16t<1va7G)YK9z0YscA{iiP5Y
zjVITgITC@`XqdQ>M-H|}mJCpXl#!KT05e+!iaozKH3Y<+n(zf*aW%zXi>E=yFFO~u
zJQHlQPmLIxc;&j13=Ps}Pn-Ie&px#vA~xH%;0r+MTeZg^(ZwCnq&QPSf%Pk*hw2xv
zoub^2>Un;6ZL0&yoj#g*9_KrR#;raYsToYb^aFLGr*fNU+p%WX*?#h8_tx1z&lkNM
zy1BnPmTWH%enrIae+S$ag>+;PweYBXzdBrS&~c!HW?~XxFkUUVFb1Pc!LzawQ*C+v
zL%Rm*Xl=RC(3Hk^o!Sh4C*b@)$a~AEx|(m@GdM|*01=!JEChE579_X?ch}(V8~5N4
zEJ$$o;O_1&L4sRww_BU{ob&H{?&<E+cl4JYy+4pK5=Qn~t7=u%ob!2pv%^EECKBzB
zjrMe{?Hh?7tQwV{E^W46tX7@_P7cLXS118oYL>V{^9vQjdWZexdN-U{JT^5O%wmoC
zs(i|7X9AE&E;MP)q^!jMr5YSqQ-mlQ@frbC0SXeaRm!J%yQ3N|(EGp3-7s<xf9+Mb
zB}Q_jYfh4cW?+R#R<(~xt*uDl;CrrBEmFH%s|?9_7$5SYDUQzPYZY3=x2ha`xrDC`
z?&#h=F%L25XKZF};w?9~*%$~y=cNwt2|(+@rv3x!eqUA=S$h(1CPaxaPFhb9R-b64
zXcZdE1ek_lUTYFuxr?XLQ_^k!Ew-@n=m;#)Eee&~YDQq1KPXMQ%vCEPyk~7w1XQ9)
z*NW-sd?3ro7x$hZ|8Y~1FfEPNL?N9J0&%@aGo7~BDRa@(%$JTv+0b$37rfQKtrDqG
zHsK;Kip|IC&fK`TKk6nb*z6x<EuFi$a2$Id9V>RQK3pRHhkPj+oK$gAwKx|ZZkn!n
zdQF|3CzUAf*V)9I=403H27ho0`=#D%xusRL+jcobdzlWUa2ITpE%0nyyoJE%-BiEC
z#}A?Ha@_Db;$-N$#LtmP_J%SX8t*&5iQ?@`HCbYgEe_qWR+%rQsRn2HlY3AC)<+cV
znC)<u@DaQBw*))t{`k?SKsU|fCLZ+rX?*V+`H$tVKFBNItws@%U0Jg`?7bgKmA(u&
zwuxf;S)M_+c_fqmQ9x)htfknZapLZ{BAYnl<eP~qQ2eDJmQBXQOB?oj-GVcRectv!
zsU2+`E;+|x4BWe~RiGB?ICqMZODnJ#OIw77X0Yr9vRRKLhzcF*U37a-Rv`0U2Ia?{
zjs5*l$B?^`^Zohs_V}djC3E;<nJzS~>(@Pu2D4gtNJ<=<9vXvs<bzM%45a2<PYoq-
zvbhlOTxF*1m=f<&(tM!4&?yhU-O4!5SMb?yEgzt`;hMkah+TV|saQ0(^K;rki=2Xj
z2p1`3oodEXWyJy?Uu-Fe_x@5N^fmkPw|jOYe7DZmF#|?NG?rB?C{K0NDlqY`%+~i#
zb0bM4DI`LDT06{kFMAxVf~`krhQAy1l<Oyqu@!hc&@Jo6h{s1qkXOdV>XWi_^i-pk
z$3k`nQcF&+BC)z=HJv|8c2h7MOhz75Gh0S`z8#MHu|OwNo@p|vCvEodnp`TeFtL3O
zYu-`$`gPw)xgn&N-T1(_Sfg%vq}4}}PjqUsiucF*wWvob5YY%)qF+^OHuJ$LP<>US
zvfbUFS>;^(P?!3B-8D|;X6?$RKX!kVLEmhbwmXUOPM3PVH+JI1a5B?8@`8ED!L<At
zBx*X!oZaXz7bsCV>R%oF1?j${eCxvNPEW6{&HJ=#jhJESo~LhhY9Rv$e2I8JOvh;w
zngz!CO!kzwAO7aWQc>vZb4RJlyj^0$G0V{H6zgK}hzg(y951#NpQPalC&3RAY@P>J
z1?&ea&9dvU&MuJoMrNnWTOl(iGoX08_WV5o#K6ep{<tT>+wGvK;Nz37DghA-o2oDQ
zB<n1|9PE*gD?8?DwA#(rv=C%HXT<T>UxP35uSP^cFvWt4ox*sx(ZH1L3!t0^)31jw
z>y}kaSihfq)TV_Ri4c=kpOE88M6|X-fqbP&(c5rQqHu6VE~vPTHJL2dv#&b)uB84Y
z_Y3i4w${18Sdz%lm;P44(ex?K>9~*=6eR|tXi3tk96pF$UIqIq>Krc$6zZ#vZahZv
zMdicrOA4ZW&e`X9g-vENiF_XnAGVk_ZA$6JZM4tkOgZEeXl7Y4rKSq+rr0A0^Gqlb
z*)084DhyRw<QOa1f;G%Y#yf$XGMJ3RmUb|J)c3m$U0&jwUZZyqhefxOK|%A~%Ucs)
zfjok(sm6fc_Lv|~B2UuPD=K+n?US@0=VNn4t4b)+Z=_>+%0x`zvro`77d>-<yL7=x
zyv8ji8Q$peyc~_iWMV>Y>d!TrxJZ;Ilj)S%nPrh)HySpBn{tSiUN}CMSdr<Yzc<fN
zj3*V3&7wnD2xPk_dSiV9O@F7ddB;v{vFid?%T7hCD%<>ek997!RwBR9LQ|2rWb<<%
zGp$Hmnmm(SW2u@oUu9=Z>n=Q2qhyh;S|YweJv_V=@%xb(bstjR5aV#XBQ-EPPdfzU
zxNVUlv+P?xJO0A^hUm~G%RX0Q{vGj2aqMy>YK~%lXE5g7!*b@G(KKx`gYohwmP_B^
z^7S2wh<#ps;aA4vVrOho+WIN6rSgK(SQuG`N0TvYgVEFMA`VIvwfdS@cX2mkz4HsC
zLhehJcu3e|N*z_P8P*y8J1Cn#2s6>Zui0HSTg`0kPPr?dpDhaOy|C7F8eZl|Pj#n5
zEjsv#c6IspqU#IGrUY@nUwCZyV`PD6@agzZIG`iF092uAu<2KCRbV%PD7wgmR+r?U
z$mMKDxzVsFpYp2f0<V60xeSc2F6Zogfl3*vR~y%#f`z6#i{y{-u|6h|@#X|XSMEK>
zx@y@Gqm!AeLMC*BcTD=EbtD1dxlLoSH`Z6w)Hf3eqBQX+M>J`R7(vb@jFxUo2fh)W
zc2{Et0S`3D!cFb6^KS(P=rqd(QJI>jk+BvReJ08@+}5~z4qAZoXtcrzeX?2PdSd3}
zT+NbVYni*)K5qCR-I{vSxab?cR$p_n(%vm+oPFPSsyA(+&KAn27m>q5Rf<wPyjMjL
z2U7gJ%{5K)$2cP5C7BVQ-l);&+Uy>$$jbN3lTSsQvI9Z2-KQuzS*J^_52M|}b8Dcw
zD2|F_BCYEPdrU${u#=gP8WL!f2bf+v0qX<X!U6{K_3t&!lF_kt?k>LNo+luo6DSG@
zh}lMz<Ve|Xb-!hmQb|_uAQ8um%}fG*>u)95q_(ltCa2|aNaqE+guPx_r;WMtWl<kT
z4e~%KT9E}mwz^}=AyZ$?g@e9qn)EYTKIRy&@O78SILUT58Ir|Vb!&S&iO}F@^)<6w
z3RJv&@}PT|`wuOdzBML_1JuH9-+$n1XWNYv5HIm^SOkUQ8}%FkhuX9}O?E`u#`@ZR
zJu8b>St!r@1C?S|{lDVJ%%VNbe!gx22KD0mG0ab6U{uhs=b358I%E?4fUF$e<L)f(
zy7*#y{>?tmo&2!Qpr+?HarIqVxBv}$_X<*MUdcZ<78IRe^L3?u;2G3?E*j1WT^@IR
zZ(sCql}8R51@4IsNPTi>8bguZppmPKQ8<j;fIkj51w5EhqyDu3i%vj(>WQ~xG$-t1
zkRzw4Y-gR;owYq;+w~$h>kT(+ay!VcupdJ=NiMT^TEqx+Q*#`ua_{aC1Vwrn?4OV|
z&wu{*O3r|P$fUpZhnx^a0WMm<8ow#$n&-RzZz}R0Ph6WXF8->f@;NwnBE->Zg;lD=
zC3SwU=qzc%eTY~KJ0E6<Hk2Aum%O$Xm3u#1A~H_pYIFmf2;^VCMs~8lcZ=YEQx{TX
zNJboGtM;R}SB2xS(S}SSZib>8&!8_xrt-}(cg!yH+&LiMrJP?+1T{D>F@$~YgDU1e
zPPmYfEt>Lk8@bVq8HpSmHX}ri9F#^Zc~yt%(QKz+;9U(u*)y7U4qa?rWeMuGxz?-X
zJ4;Ss?5db#g6g~Xtw=<<tvXYXiz0zakz-3asnQ37ob*qN-{5I*1}|SB-DHya!;|Ep
zT%OFaXdDOP-`t-_4|wddS$3J_zn3H~@$I}jShX%g6_tJmh6RcA1l>!$NI4%tkA#;T
zkF`)ZPuBXN1G55)UQ1-8yl(M$3OM6l{UjB6I!oDyo+zL7!xH!y->Fq8g?RXu<P}uU
zKW8~c7c!|_gdF_d8uBfRJa4g?Jhlua>N^R-whjQ<#*Hl%!&$nXd%llB;<j8IDu&Lw
z5{a2LwGdAlwd#)A5>aHF6;bz$^(V?ggcYQNG43;$J}Hcmt-iXPR#6wVUsr`zJqvtQ
zr)zp_S9enN!r^~}^A=k)45h|1KoYHAC@~MUP~I$rc3sb~PDVl!YfF@-;Lm5R<jq*9
zo<^$A&&fu<J1F=`>;vhrU#9BD8%tF&VaT!%ZfvqGJIlj5=C+(G1nd}ghk-4p<`T*y
zO{@>!jx5u9Za(ARSHGBcR8HLObsX00$H}XVQPrI<btKyxeL}_9;)}l}jveKZVaTWs
z`H9hhCB{S1zma)#cN4w8kolDf9v)sBsJio=E!Ef7!l>mCgUe9kWU<IA^RgDiRT|^g
z$Xn&Ybk;9MZ3y(ggcJ!SplDc#^4G$Dn3u_tzP)9F+O2X@xcVcQt!&G>3Bv>dL<8h4
zCN42S0YxQL%~HINTskH5di9s_EaOmVbbPYstxxQz7O;q6uZE;A=+_8apY~v!vGE*-
z3%G}53W<HJRE<jh<~B=eB}yM+Ib(6vHdUmggiyNP)IW)igdw9!%DI66I2t^B8(6Yo
zDF&=WF=9*TUk%MUmct@$${%W+R}nw{dO%siL5gO?4pYC;hf4mXCHXzHfI*(1z+kq~
z<*cI`)C&#z$^#%AFa4gY5H0sNr3nvfe(316s<R1wb#lAU%fxcGJ(DMwbi<CJ^^i0p
z@&LQtZ4Xso?OCdOo$%^uk@5YM0!dg-hY(z55h+<0blgm|xyGI8@V`snlm6tZhz73B
zO~qysb#A6!gq2CmvI3+}<;S0K2d0R64^7~zupygk+MLBa_WUVygT4AM=j-fua$$bx
z-}GNhPP4y`7#6fRPL>S1Nc>_`_>QE5<JywA>7cY>*rls%c!XGB;wILddfIMhygvLW
z>39^5Po(JZNA03K$yP5*5@}42aqO4|pU~<LPNOi@Sht*}%XAO##0b%7*(*2wdNHTS
zb#ce%!uNNRxiWA7LgaaHc9y!f6w-in1&P|#?`4f#`bg|kYPUZnd53nkJ&p%5w@UL;
z8_^iI`Y#f?Boj%umR$IIn+>*iX?NeoaYvlR%qwYyej!m3`$jHqqaj<{;LX)!(;2*V
zrcr6~U11R7wq~36)r_itSG?E$mx=rXdtFezbMr`pirlL(tUmmxzdSWZGhi>1ZRbBh
zZv}XkQ1o2B(>J0PfJmypih6h4&;DaNflQy`t&w#YK1ZQH6Z7<w*(fF<M!QV6i1Q)i
znJ6OUr;y`1^Z8#g54r1&@s6~NG`yr^k>eQ08Pt^`YVNl(5FHR4Asi*=RVob3F!b~A
zn}n@3(KwrR4J7P@6eZ1mZ?*Erxp~DAsQ?%>1sEmxWF)bJiQK~Wq;aFafr~?&rD$jR
z;dz7B8iaeA#D@6z^S3x)!`5JMzh$pPV}!Q_-tAoC%2n4?o6;B1dDFuqb#2}Iv4@71
z@!3)wD8OU+%4U%GAolu6t?%6e{qRVcUXJobf+&X4pcp@yz1lp9Kx+S&Ih!OM&1`&Z
zF$xcy+5w4Jns$kP>p)-oe)CsasUL}v+HIaR0X>JCA-oHR2myl|dmSFqm<`4d;F;#@
zVV#`F{b?kR$#{7E=LSuDYkR7Q6L@hgd?U3cZV1oU>D909f~^bLVL`$;l&3h_nbTn_
z7jY%Z^huFQqnO{@+A!I;VvUu9W)*WLj=+PNG7=t%mJ2Z+IF9outgY4V(Dq*?&0Wpt
z5B6J2scy8G>`g4Ny1+~^xr}*iDbltIWO7z3ZI(UTiE@KfB_t;U$!yY+uIR^#sj2V{
zgxoG|u7?rq;d;?Ng(WDP+=hGXzWymnyOaWR{af~!#pXA$qPERCU7NCF?5rskZba)9
z_q$zM*o=0@<&bGY-1)hvkiz(p(N}|{q@gADr)2>oWFK&RwVDYlwOem<$wTozzoJuQ
z&W~~J&3!%i<MS1@2Cn^T7b+MpP;Lo7J}1ls)r~PAJ<k9(VqE*(4M~v41RBa*RTfjh
zt1AeRf!S6rWi*8_uq=`8>`WH8pxwa2!cJUc6HCQ)NG}cp6KeX-L~+)lbi!Cx1|T<M
z0{OvE?xS3uFoDNhReo2oXs>A+6m4^PATHqlnPT1v=XDQ1X~e?d{)!dsmT^FqavL^X
zB*)o@Okd{<($g=`0R2D)_`vH(_apAot?3KT`^!Dt69J^yLk1+~19v9MGA6A9Ya6td
znq+`rd@}3nQr$t5+(Rs#dd;D{N5J@TbMuUEK!9+i*(jF@Fj&?3`ho(p-7#<ScTo1l
zVH-6^xDH^RmU~KJl#m0gRzh?H?8aY$S<zh*MJm|74$|wi`I55miHBxx%QiPb4kvqL
z@-uG6C9YA=w(mHgBm$vOyxlS3bs&LLq)|^n7|XO;m?^tl-66u}b@w)bz5M0=&sFpo
zSk*Zm_yb94L81erwH;A6l(an>g&Pr=VmPK{u(-ex&!b1a)>b*ph(mAM^5$+dTT<=U
z*Ll{@H)CIpqYQ_@BvZKa%9gmhPI#bI(*-P&ba=f_=|-W>BNR9^l88oIb48qBXf6ie
zVR1CIOq3VIYYUpj9|VPT51JaGReyU)(e2cC8TYa~BtDQH1pBO#NR-^j(Oyy15ON<0
z^@dBl1|)Q$$^6Mvz-NHcHCnMFwp2)9woevQ3uK%*f%k`8GO_C;vVbZnNeGQ<%?psR
zE4X1)_D1oc^O5asJ$wGzNBPUnJ4p~r&iMkkS%J<i2?<e4XD0&4+6V$+ZsbL>qw<N7
z5404H83O$|_Cff<S`>HV2bdb*D`|B8kC2u3iE<k#H6E*8DS!tehNr(oe#0&dj6fJN
zzuN4NwKpe7Pyk^w#_&I!AV^=|zI#WdCXBS&fu0uFa8dG)+vJ~e`F~(Tpx?yITJ}hU
z`Ts1<<(HidA|y315cz+(TMmOEPw;qt{>w}hOun*}ii9px=E%?xK@$xu3&6ARyZPt|
zXAU7>m&7)~Gf^{L;HeqS+z4C&4`&SX-vtQT(0OJ&Rv7m9*SNFQ9CLO_&~XEw|4krH
zW=_YypeLgh`amO=tCE2TVw6m%6G~PJqyT|>OD5fkp+GGw_|-_-osn{-4H+oo=51zX
z28RT;Ov1GSV2X^19niQJs#M_a&sFh(viazZA3*y20Zw3-VgSfkwuI8H->;L^B5v<j
zFLn6_Mbo<usfQ4-p#fKbKd`vO|4$Z{htq|yo6S^@QkSz2P$f<rX?TpPg;>O=mujJr
zG5xE64%iAN^=N?+`al9V9@N(_6o%`k(;kpvKJV~oqki)$Yop%rg4S?2(a+QK3Cn&U
z*kyDont8=y-lu`P+xiMp=cD?0pCUn0PFCz6H%sOC2aP&rz%#_wsJCwi_fxhKK=h@`
zOa+CA2Za{_VY`;#0;mLheSP2laX6le&z!K4YfBqlEt@UCxaH#Q!XeU9Aonm(?L!Yu
z_}K@%WWS&lyNF*_qq-=^goWq8MKC20p2E!l_7x~Q&!nlx<GvMGhE=G5WCi6K6y;?A
zQIph<6mZxDV!zAE7NU=Vno%$?Qlw?pbGktw(Gv}SR1_Q*-oG^djTs0_YyP{qZ$e8?
zwXZ*nAP@SLnSddKw>gw5(8}+(yt9)p4yH)q)zua8hYue{iF@(G^l{1yW1`Z1nDrss
zWcG+h9lcmJPTT3U2=~v>yFsm7rdrB;lBW?+M)G^-eUQ*6RsoJZZ6Uw_WBH(@Z*YHR
zkiaghcM%Aa73$B+4f=Ac{@Oq(B|Aqm9aRfpSTe4=Crh11-*In}$gVQm_q~JyKm52<
z0_G}B{(ur9yVdfOkKj0|skP|SkfY|{y_~>gbolwf-9%%Z{345*XZG3aPeHA4Uv$oy
zftz?-mNp!^HQ_KB3OdB?A)}(QxWnl!t%x>H_N9D3JQ?mjnheC)xlnSKUUx1ZHw9Ro
z>*Pfs@&Kw2_G^ZdgW?6Y=qvsEe=Ej}{A`L-)$D&gXnlF8Q+e`>^e&_6s*BBqN2Lkn
ze);0=f*}^FM-ouQ0wN%}JE1pJiqw3AYt-$L)a?t5#AKPqpD@Q>Ys{slaym*$_9t}p
z%8}#27!iT3Hv5`(^5j@{e=6?kGWU~gc_t_Dp%<H^^4wqQv4k%iZwwa1TCeqBoc{fd
zceT_XPAQj@y8)#{V()Pyg97Q7lNqden=Hy@poVL26+oJ_p}qq}0pw@T1lRk%D=afb
z8~QwdGaw8pxrT00iLB=S01&Fzw<cQSc#x9v{DYu9E5CfU#IW9<j-Z|M5o9M>2SAqL
zR@!@KDXgtjt-0fVr7|8ddi9xw25@@v_y7b*rdpHx*4#G&m_ZAcxLqOArc;G^*M(wB
zlZv3Wv$TXk($r>J(wMzT@2=)?EsBto)pf7EnmyP9*cR@j<g=**p!$GN46Q!I-X)dM
zF8Uz;0cQ{w+T5izYrXCkqixxVVh!O&i+>e>z>?=SK)g-1TB8aZP6GJ-{v?rqU_=+)
zs?26jV?=>wo!+ArR=z|=;7ns@q4xO>o3ZEbddECm?62v>#N@8$drqsNNhXA~32`U7
zvDC_?RxmE-I|jZ#&=s6;=(T@7V-pS`Fg4RvE8a^g04`F%t<O&+76&4Sin-CayF&pD
zSfB$uV0S)-Z(?nWz2bJeo;AYeu!-4mqULnMAS4U}G2BYDKPrP;2eOmfX=Gim8)n}c
zN-hd6M%*}0zct(5vtYXeZ*>K(m8pz^L>?Z!suZ8VtzOs7WJh}IF@62PYs@;kzyHd{
zZzsE5$)_r8*MDdgcIOn2p$?+%vaFje`cXZSZ$Q;>*!H}R)WK-@K3FMq>3}X|$>XG{
zWqw|byUOUo;!MeG_Bf-=V>VPKqdRxW#98BNKlaSt+IrL$_%c^@(L`<9sGI&_7aVz#
z4&tsEo`ZFyV5lC7DJ9FU2nPw_4q$BAW0k4+-uwv$YKjJifE5ZODJAtLH<dWjkOp_a
zQnWtQwz3;X;ozi9+XpxqJg*&81w-<T4+cX?D$)s1bHv<i|Ez?HKRj*TXufJzzDu~_
zF_+_o?B!XUmNlrgYnW(xu@=dDkUSOI`1(}*^C>gf7>J2QrQCZzaUa(&mFXdcVDk*5
zE!kJVB0O*5FjeG!RgKS~DGUxeh3;A!8cTwjdfXPm3yRI{$DFh*s=%R;o_mC6E-DoZ
zB0)JIhz7=F5onu=uZWGHM&FGY24wP?z*A|mxpmx^QDHYWZ47Yq@obi~F6Vn`bKc=N
z+^W2|ytCV)G-2wNdO(w9{JZWIE}KcNx2SF}V%%IZ(9ui;5JNQ>Ag%fn*iIBVwPz`t
zBbjnQ4}iH9ahhphHpyGmyVP2_1Ul-G2Iq>cd#R0ifPBOtbl31}t6?{=SG)_Q7FCY2
z0rG{7+RYTGZm7(u7gHjU3kOsY{HibB1|aP?-xO6x(rSF<e#M4^(o==lbMB}NJGL$!
zcLdNnZN0ss!)HCV+j4Gfz_DBwNCo(XBnjQ;q)K99N8COrdHZ{NAq#Z`wahxEljR8h
zXawnPJ^=wp*Qfj698%r$3B$urWmIdlVQ}5YKG~N-*1s#ss~rR0%R69IJX3#4!MS$4
zPPM!<X*%k|jgNxXrDoaa=XkO%H*Pr09VbNq-yxLf9}lNctX>O<tiIqLf#j^}0$5S}
zZV|<b1_Mi)WN*CSx(@P4WIvRO>>_|;AY|{KE(pPhq&V?9>wT~CpZYS(L?@;W{$N}A
zOhON-&?Q4eJr-K+l9YEn#4lMN84jKY$#8|GWT?Yvq4os01C1)NV#yt)q;SsEgGh(~
z$=X1EKh_u83Z)Y}iLWO?)OleFG>yP8fp1B&T$49qsL*$oVM&XQAUzm8H=I9D34CAV
ze9(C71Rih5QX6O8+K~%*%9+CvnrBK;SY}m!e?ypa(SX++r;2!66s$GxU_`w~g0Lv)
zbvvvkyXs|DyLQadQA7?mD@{M3G+zGs=3=o7*eS>;&p=6}SnB~RGBVQTnF+GW)At;<
z8^28at;d`iLA#sJ(w)N&wfu=%F|4q%R);VwV#xz~9PB=`PzK!oe3dG<*5V1MO)8A@
z0#&`d3h0?3zdsvWq_+1rJ}7Vu_G?#_^{P<);1*QI)YjH^xKl7yxvtb!yyZ$s^{uRg
z^4J~2zHQfg@XI1V_Oznod5p+G$)?bD2B7!EzpS!MMpCPT>b3I5k&(ZF4>SaaDO<1g
z_Udxk2Oa7F&QGq1h_JgG-rZ4sSuXIMDn%?efd`Uk5=*`!ipU#rzRFm_Y#(j<y7#p6
zTioFYGWpnpFrw_t&A4>_IoWMV^I<zW-URYzOxXbvl1}ofb+HI6#+}8fA~oyf7I!Bn
zH(vmYQfA4CenQ&rF3ui3JrKpg)K=`<>Ud>Ctx*mSA~OE7oykdCQv6;|6egpAFVo&G
z_g4}-i3C6#`5bhz@KLL_Tmg!xadGl@F30YPw)pFH%IMx$L>ym9n|HA&BwA`KHmx?L
z;N5Tb*?`r$Z-!{VGbe`vm(?uOWU3QH%cUL<JPl^Ii2YUzjK<*$YmT+rY2G_)QDj%Y
zf7j{>pWgHJGzq)+n@;5FOu9);eMX$dVARb|x{P{_0!X5**^+pZb{)x_J7?>%s0TRB
zt#Nc(<*KaEIdkl~`0J~jle2S{2)m6PQQR6p<UQ^4ldgBz4&j4C%3qPs676jJ{EgmW
zuV%|ipM1J+Ypjy$_Kq#Xwc0|tRu=&v#{<#LO-x8VnJpLjQ3JSvuTkRW+LT1<bKbf$
zI-$2&NrSgeds9aXj8-oFSo6ahldYM{jw*Ggr()%D-$xHKSw&&L)67PCEY_m~s^K>V
zy{_B~VirTKP<&`PL5NpaQ@psAcv>^+6T4N*lgeaLdV`@T94PzY1l+-(egGIMM`qJ0
z_2ehGARFTk;XqMxZ}!H}3T;^?7RV63i*e?}ZH_K!j1|x*F$SoMo(N(e7wW7Y<g5zA
zVHqFcfkYN8V5!eal)Yd&$2)lAtTp@@93Q+UNV)S8Nh<7QWcT?;^=+v&8<1O(ycs~K
zj(r!t7W}up2|pNz$*9vAMgVxbM+K{2Z4r&BOJ_lrO4I^?YdrV4yLbfvOo`Rw|L)G(
zdW$NZu{&K-kd1$iXat=0zXYx$34wqKXrS_h1VN;Pi6X)Z)$R$URIstb0m%~qW6WL{
z!MsdgW6Wd=A9y#+^gc26^oaAC&HTI;kW695D4PG}S5Q#k4tSI)hBgG*X#)P*?fz#o
z%^uBlZ!dwbW~9JKdh*Rgfjgu?MkXk5YqrZX6LN6Dy)m2`P_;jo20*_HD!?d;K}$<(
z0?%FBQ-cySUTsNa|22?r(TCn<;{7CXJithV_%Oc!!LX5e1R^-!I9Ngd0H1XD$NYe?
zR07lTeJGMkFbIRpBmTipJmwvs7|mq4aC%Y@N+%NEF#kiX*z*B73B{@~w5}i`ehlXW
zEhq^3^fW4w<f*U%V*PGZ&4087dkh!BZ~wpDDC~b5+wlL}Ysvb?xOD^We&*vxYzkJ*
zPiwzD?4Cl|8U2*vLNAMx@%}Y(GR#kfIiA%nLrS<r;%JkhX#g=5K=qoskR9^EF~a}P
zS%7!{3n=v)zWK+Y|I{N+CO?kFR58F(wDmvz!++5{E;b)_3`pd^)GJE*`up!hQLO$;
z-VRMEq!0u>69LPh5Kx%Me>8YT$m5nPu6GTZCCS{ankd&BhSEBJ6ciF%{zru!i2vp_
zJ=(rW4Bs&73KSCi-r#p=L!L!1nG6i2a2Wo3&2)J1>iU8eUp%hM4q8^JHZIfMu{0t7
zm!$VSn$hd@xN4##yuohI9ojl*=4)Mq9=A3Nll<U#j7&5x*E5DePe{J-3kJZEeaj~+
z-vl<=nQBWqp4(FVMfV$XjYJm$TyDZ2jkvADCwfUoM+yeeMqIZe@lW$Z0t5G+^V*`M
zC8(v{<yctRkNJVoqU^vAEB^iT^KO*Z?pUU{9Z}{j!n5VZi$wv@(XD=PZzv$8+iO`n
zhE@(yN-EDoTIK&d_I{7nslJkb0ENuF?6*2Ks7&rjF3NQ$-3DDGG@aL9y`<BG1unmC
zU>HpkmrPGjmv=5^TM}gW-S8LCLjhg~&wh78DCke;7tl@(<UQa)3!E?E-G+cRg3UF9
z2lV;Xv<$Vt#61VV2xq%@c0s*GYSn;Vc)V^8CE7mR9e7xuf5-f<;%5+Lj;>bgv?D_3
z3?7T}VyQgbTvSS3lcv*FI}?-|CYaVYtlsGG?Lc;`uC6X$lfY%bc)tHTpje|`=RB!4
zcXQp3qrylpAzZp)rBepT=7k^JA!Q&!0sR4#8l^bU(NTz4QTpR(<XUNH|4a5GSPxxp
zp~yHOWqc?7cj3KyF1`D+XZ%nW4T3wj>uacD9~{9yhy*?Bx&ykUpDv-e??Fc9qvK!i
zYgAlq5M<;}QRI>8_ZmAt;Ckdprs|x1ghNE@=mInqpilttwEqi^VesJDuJk!3a08v%
z&DmQ}y4PKXrUXOT(>v$vKx!iUsSl`F-z((53?t<B2I+!4#-|_Z9ryVGuh5B2i$?((
zS7oSHhDTD$k+aZ{vIDC73pR@dkyy`{AZX-vb;$UKW~gLO83B%<dK$sYz(UQC2s`&-
zB>Vf0C24C97mZF{U<$BQD+}VcY}o7c$Q3?ecL!i(vX0&Y&azYEX?B6JMh^?_Sip6B
z86j9}vktoSc>y*)a7&)6`9H)ilfv{#T;uL9RimG541OL?;U3Af)(e3KI*E25_udH(
z%M4I??nTe>RE>;)dgC<`tyWX!X4NodLB)=xzGz!i3>Jor89#j`KgH!Ho_~<}j8-(r
z0%!LJh#%<`Z<P6yJ{6AkF?qZO{0N)Iv)7=dUUp)is8$AO%d-k)BMYzh?{atou1SVM
z|7+}zc7e~n5E2q@jaSpnL9X*sNUl!zCdJRV%N?my#x$U(h2Cz|-%}_8UOprvOL2pM
z?EQXa?)48nHqwOl(KFZPfBP;*qal>=a4stVTY;j`XKGDzOf)xlOmMdp0L|pztNK)m
zx+8BbnJpFs&(QmhRMA+Z-P|AU90lh>94I7Dpj<u5+_a7?%2Xg-s5EnBJNXDU*JGQ$
zO}}#*M&i?D2H#yqur>RZqKd|@<fe9SKm$pT0fhPtpS{QQg*se6C=}!`lLB@Q(XI1-
z;xhp{P^0{S1zhrc+FyRA1Zw~*zBL&&I7oRgw|F~aTR)XD96RV4+=nxpt@}Kw4Sn0z
zcluOaz`~9TD$q7@!glO^-zx)CNY=^3Ke_BzPRla^HAAt&I50OWdicTTTrAOfgR#^3
zo5TUND4ESyp=!B}5`ms@BetEzz#*Am$^y=JX29de{Qy{V*8h%^>p%TSqgvH5h{py^
z&^~s;35>dmqt*=RjVAA`i3RHs_+-&;MA*?CZ|I>5zXP4de6ggZrC)u@q@0JMZ;2T4
zfReS&ZvUCb!ywcbuUM??1vq4X1W0Z>D8OA~a~o2tFS%i9g<``T@cBg0sIi{zE=jZG
zRh$lS9%zFS<@@cwVF^rzKTYF?u+P`ypgtUEuZ#kjQ|NXQ_})G$;?$t?C$tV<mwQ>9
z0@^eThx|K_Of3EomHUhNJ(6-+8TT=CblwT~7*8Da0s~Uh8(!D`ADd;PX%O}D31~Oe
z+O?Y}#Y(rOX1~As^42-9gLbLy;FZPQr6I<=;d<QsdNaPb4&bbMQ9Ym26@1cN4uuP0
zLFrUvc+)#@WgQ+w+0*u;WMKW5e)B)s0>P#Jce3f?j|}{ODp!62N;m+mB_;*Ma(ZCd
z>P%k(7PkCd^5Zq*n}Tf&`gz3IyO<;&ef2L-xqD%y@FvrScsw{w@Q4z5bR5mu3Absm
z@8_Q<9=^Na_Qg1$2e4CRKg%sIOzv9=q#NNJY_Bw=Tg+Eh?~dNeE<sHE0QL|gabUhZ
zC7|nO!ZF%!ZsTL7#+ktIpH6xf3_#=7kzV?v>H+Q?1$yV)SxL)NI%MY-slGcLb~37K
zYyQKEf7^$SSeDbj;oE%0>$*6Tnw_i6W-7J4vDm|xW763b5{wCcJZWZqUg<716o$W_
zil%%gr^w#Chhk(zq45bEO8>+5_=s{Vv&rLx3ovv_NYsC|?;{Xk)IwDkq>h~Zn$AB3
zug&Wa?vP*(agr-DRot0*j}rmLsECsw?_NUDhj5FBdpsm6aQqO@^y+pUIcTJU@@c{}
z>2V=%_PM!daQ;E)oxN<xI)cP*fPV_37K6OmYA8!L3Fd5Ek1jV&{8UzgrqL=3?rD2^
zM)_E_x$>X!^{%^5A%!|FTy?1ta~qIl@(Wuho$D2nEpuF$=@((1!~H+aD*TY0cWxZP
z#6W{Sq%0l`SNh5u`J}$-ml+g;?F$S95fpYDh}HYgo2gt<Y8GaK^9Y2Ootn^guEvoR
z5FI4=>i-sCWE%x-EH^|7=lpcmvxHCMK^$V8`g;C$qUIo=HS~w>C=PdYjS+kd>ma=o
z1ilZ#(;jb0DC7}EFz;H~da2=(lKHV>L^%!vd1%8=ryOD!&Ue%1@#pljD2wwl+3xhT
z6VZFmSiLpt)u~Z}p`Bhpw0oSiV)owTmI5igR19^Js5Nnv2p2m=^rMc5xZ<Hb1Lmc2
zwR+|PZ|Pf*1n``5H{(p1QLvh=;KJyHJq_Y9!Uphgyj28ZNy<C93gZ`^O&TQkO|%#>
zDe4;6ei=AtD3K%Of9=$Mk%;7fJtS~Y=aOK5qy2Xdt;a)hFh-wv{>{6I8QexB7Cw$f
zS{mVNZC#qYI9nk?N~)ysnp6Vk;NI1)qCl!Y2b62xJ6Z?ri{JNGx-32mo`yWeLlZeN
zSQ9a;uHp&Y%V&91FRV~<h<3_nYN~}+)2D<lor59pO1^wrg?AW88=)wRC`(ibBgfIQ
zQ^X{VR0~w!Wp`hG7)KA+{UMF5K5yp}w|`wf;i&|H@CK=uZ?fGJ1-7)a$}lwEiwg<{
zJ)-3D!d&mU985XOjfVAZd0*;GOOBU)h?z!aXVn}ETj)w1Su!u4S#4>+SQ(r7%iP5_
za_3BKVJ}P&!C|fGKi=g286nH2i*dgfK=ef4O{@Bh)DPHSI(#U(X1n@}_F2#^EfOF_
z+n}fJyf8Wc%`<M-q)3*ErW<7ip#z*cUg;1uq#C2~3Y?@Q*&2xI2COlME1Sc07~g7j
zTj}8mVy<!}5iI_8D%dBjAD@pr1v_)smuLPWNjw<HYXi@xySe5($Dbd2>sZ-L-Z|?o
zEG&OWcwbS0i%fi(WMXARf{Af)`dj~xdM;vJ*lDZOgQ#(mGah32B*`S$`qH7VuuMKy
ztpk&{nXqonA@}QIgk$DI&(jv?q@>@x-V{>p7xi#L13^BvGBt5<LznL1+Vk{w4wb48
z`a1JTw892Xij4REngRB^?b_<1*<QpTKzIdRpkj8`=x_j>>7$NJ3k>`Lr{~W~l97gW
zcHcD%Ke`{UM{K!;=%!mX+qn-n*^<8$?Y_L+XDw1XwBWrA+xKeyF>uC8n>!1Ze07zu
zA)1?3r4kR%aJEGBJ1h(PGqWm-BsQAijn_7v?)c9WR0#L|X@xygq^pJ}4q&QdzZ3a&
zvmK}76KY?j`yn%K9I4e0dd-n(LgA3mx~OdOUJ6{9ej>$C$zH&a24~u4lAe`0Gvd<q
zxz{|_wg-I8RI*oS#m&!!r5_CUCsHPj*B*_y-Hb{?(TqFg)xmO+7RqIYD5@JA;eLx<
zZg&l3*JgaDDYHo5X|5?%IBM~ILf3m4X)K?k&k>C*RA#;@Pd#fzX3>%kQGVmqr^l+R
zDTmX+-@oDqv-;!brylB4=8XghYcyQD8#sN{z4vJX{TGL8{(T2@!35_qCp=%YrQmIQ
zB0n@S2!Hk~0nW?iFLZ1m_>Xa_KC^!XHo5$J@*Lnl%x^y7V*U6lTn`nxyORz1%m>!s
zcm*O?b(5t3dMxS(Vj3x+%b!w*2QU8MZ~>5OoX3bhM%$t>Y<WZn@?!;oHIOv@*CVPE
zY)_B7Ub=h-Y9l()3e+-x+5xTaLqGqITaR<k7hk6t9qDe>605%<&3PdqS!TdH-^O<O
zDd-RPvZKPA2ngl%9l6+#M{$GwH)Jo%CGZls1!J)3Vxct?hNHm>fV&SObQhxJpk{or
z8Va|KN!aD!p4(5DLrT;`G3@vWf$roaOezSYZNkQY6ZKHom-btK0z#$aiFC!)IS-2P
z;hgo>QsJ|{zSV2RsxJO-2esSW2}Bi*lHB=5;;$qq;3Rf4r{~YP)fhG|a=jh&?q0Y^
zzrn}?IVLcxgFkEE%!I|`sy>68w)gx&E9v^~#c?Rx98K7+C!@h<vy1k`<L@g$EQjb}
z6IuF78xmG?<<IWpPVLMrEZP}U>A7`QQZUeP75Fy4svWfy@wkL11Z=n8ELWgOE+2WP
zbjzkGVspC^Zp<w-*z9(vidh(QSHRgIhJHFpKx(nX&m#ZlD*XN^x4^~R6vE|iI!qaS
zl_4EEI1vscQNW~phjLF<ot9)|`O5^p@XGy%Kqbj=p{sL5&KG1iIH_IOo3<)yftG&4
z_evsfjExkX9~biC+2C!Tx-{!E+4oA-uj(9d0)uwvy16hSXy_LDV}h;wPs-hIDc5Cx
zJ)Ntj_U!ph+|_KCKJhr4WE;7PX|D;h0>!-!dH=!;j}==L%n=r=RS|DxyNB#q1t@W|
z`3|ZCdd^ghw~r$qKJ`))M_=Q}>yNQY`iP16vLGbfW+&Z9d1_$Ri>mtQlQdQq;^RFc
z*0h**VMvsiK9hZ%m?(4^6RMX@>)5w>e@|9q5V&&?-ceUoabNIb&=(Qmx+Gq^%A1X#
z%fa!RC&GSy$E+RvnK$a#c*aqOi-j)|Ibo_Lz8Xfz;_0{#s(fqD+g0LJ)}2b-Q@UE0
zCrtvJpG(A_4kK=H*>QNAbIvHACOk#2aw_S%z00}ko||5kXtD8?FAD182no6+%#E|f
zQ^ebSE#Mt%If~wCq87_nDc!h&r?;+046%1>7%djUIa}<X+VaY)Z$GSdzl^MDhKuYr
zN=rMsIz<n>vDercayo5DhgfYLqB!+Bl*#-wk#l+%yRRQOQ~si&L|!O*2f;olfl1xg
z05&YCYg_-XYxK_pM_-I(>gFZ$hO!MOcy9%wg7~|;LLSR)&X=n<oBoTSNaZL~Yk5tL
zb|zLIs!M4OJ$|Jd@yBBbnm8u=jZDvL$DgjmPrS)09^(I|*>A-+j3s#;_{+?*wf;#7
zox~kC;#6RZ%K@Ts)1^#BKGU}!=_|R~`sVcb;|2+OAKyNljk6Q&dX-@0DxQ6&NZmce
z=YSI^sB5d$N7B2}8<9=aQP{`I@DN=aRWZI7r5N~Vif^}LpKxD`^nw{7c^5}#J@_k+
zxZ}ArUpQsXm(nBbO3jS<wa>X2jESx{!~+gb`~!$*_OK9##R$97>WLvRP7}7D1H*ZT
za&dIUMvfo2(RmNh4t)Z4Oqniry>h+w<LB~xFkn}=osa2J+##lEC*EJy%svjBF1mhi
zJL4D}G2O<ph&i({_+^q&Ef>N^BO&=ZIg!=hD8$f8%F2@C#d;|&x9Nq?feez5E*IwQ
zoy9nc&$RH*g-xaj2ZB3M2eX4o#MRJ)2Aaw}sS2wsD@Tba1H7e^1|uV!C0<K2BT161
z&oW?RpYwgUwB?%Dv0o&!*cmJ&$pHe2-SC497wrD4wOu_Kbi2se?W?nlV7%}%We<%w
zuE3Ay_C>jWD#?WjY6`yn>R+;F+aP#ZxnCtg@GViH*jWBZ^k!0T^nQ|UU3uc=Hv=ur
zCGLEQvazmH1D3m<v)qGvyne>1;Xb(4tIA-Z@7rgPiS;c56UWf*9lYTyUE3H{0&D$p
z7rM^+?xY94W#!e%Z$i!w*xc2}+9fd;p~uZ>&pWmeWbA_{gH@gQrGJnaUtM$K^e5P~
z7#2LZ@|f70u9m4jPnX(#cVcw9WlJBcZC3K9a|bWAdH+QEGfm8eW})lEg~wKT_u9<#
zab0w%^pusgg1p-53H}@7MtAg(efb>a-Q3AEMuTg#j!QE-i?HkbuU{*<seTdSRbKaG
zT-*gZ<IUCLr1G6IVV>O48kyD8Yv{i=q!w-(-?*R{NbPrIU7D@GnRKieN|&p9Yh7#^
zGdy!yZFqB+Z8QYUY?)6NYxKG^(an!S9>b{jlh2+X3VhnYy?h&#Vef}<MS}c&v?&xX
z$u2?VUbSeY_<$-BY54%l|CVOAox6f|T)khOb>pnN%$9N8d+z|-!y6XEY&Mg&u}S3$
zZ-sAl#MFs?A;2wQ+g`)odEuQ8Tl+;Y)tuw0cfmd*Q+=Af8oGABA^fa7KeL4@Q`fE3
zdcz10#fuj<VsU}U@D|FUJ^9~dhRU-ASSp^kw}qYyzp-_@^5-vFUbm>29N**%jb-tq
zYGpUbK^!1Oab-n-Rp9&yk(u9o^XV)$>$C$arhq(A9^%Pz(#$qBMGZTzL@TU3nVpL<
zeZi`PilR}A&O7wi$0pJp`{C;=dHm8jcP0_nj2U}7w#iEz%+ot}C*1id|JF)LHmBKh
zufA<R#j`UAja|2i-mK(EX4Rl0t1YFIJfr4K4?r+%1+D$rfMF~2T8drE6D1Ktdt7}#
zh%P17>6K)xPw+V;Qj$qrX2EswWpf_StA$zrw6y=?yju5hhMS4+`f0+ok>HX^_@~k%
z<*m;g@wR@`o;+5~wfM<YF-j0dZ`zpyH#^7;yWLJ1?vO^Tt}I-4TVx<|9Lv!sFSqQk
zYP6Q?4EIDKCyK-wFON6NxFuefw0$;gwpt&B*&qCLiS%T$U~9vE^jV9X&>OW%0tVq*
zsg~o<Wn2-uYC|Q4Z1)~d(xxTG8T?2lW@fIwy((2<i{50KQ48oE#7P-cZ9TiRfsaSh
zt@(vhP_56udi{OBxSA%8QRwpMcPOe>HNO;zAe&h&y<s#rc!000L+=;Kw{9SJ4bODe
zpRG?KOfedaIQ|MO7|XO{afvOvs@7ik=%L5;(r)n`J~@9ec|3D1qIYA#p>9=-$)o5o
ze@zy`zES1;WNA^Zl$)a~X()=aYxb<h>74Owu+-61Ys_wIS3dXEhQ(~?E4{?Go1F+-
zvp=~$pdE&fqEna_qs!CGY&Uv^ucXI!)&D9oFJIfkZzO1|Dr|FDwQTV`W<YbtlcFcU
zzUiE~45QQPJ#1*w3#TfdtN$DBS19%LYJ!kACtY%+Jg~Nk2D6na=N+lzO?;)Hwdeu-
z^f9E=E+3<ccA%}i!)*oY^3Fl5$6;`~<F9?ZMD?`;TxompwO+>;kC&IaWc~`(1d4uJ
zy^rF;iQZm>zcidb7r1$UXVM%oa@51N=2*9Cx|ZFbTWKsQFme_!J?JE;>!nmqvsEX(
zMvB``j%;>e3pt++C8A*Co1$67ZtlI7s2Q(6W3bzxuX$j6ZoZGI|KhpPn>_Pp9orRP
zBCNbI_z5fhvecySRmjNFnTB{|jum-NAnBF5{h-i$@2LP~R1|PH^&Jj=GOuJ&l}Bu4
zcQrSA;_yS;FD15)ooy}1KG&2&pM~%_j~=JZ&)$7k#nd^hwP4)A4<t5|xMsZds6bcZ
zY1B>LL!=ZK;wNW~9>a7mv=DA|_zdsqwYyPI<~@9B1zXQ&(syRC4XRZ~ceb<^4@=&z
z30!ECF`eYM%ZBj3O+yqzpS6(L8|k?CKMweg0lY71a`M#in+s;NY9+lhp&wnJ&`DnW
zvdKR)HXq75lu=j?Ik-R$E2-)x->QkZ5F}eY@Z0rBd`7)~+LoEHAGx`V%)EyuF7gbu
z;u)6I-xT8{4wUDc^9c`{$gwo2zH(=MR@EQ*!D?{t6<C_UYxf(rkfF-3(FQ>Rfug$g
zf^?+D0*e!=(WW58rSiAuY8T8N*|?kpzIv0&$i-nbs?!B*nc>D)&RvVVCkq9*NGGOB
zdKKopS;*rja?dyO_eWVaS*dSzVXBNQyt`7YKl@vmT^tGLCevd%v%lc$fuEkne9ZwC
z6$fjd01UT%_vYc^uC~hSrr73?I1HG5YR=lN1DR|=c(L@D$2j+^)+j5sA`h0g5X9Rd
z`tHTAgD2jOH##Qa*UHJYW%d*f>=`a4I`1hU-%K3aCQ!YQW3Mg{+J=qrU0iN<UtoFX
zDa>n^T9=x-yA96d35i$<h)e&7_{s5V-#?2<t<}ETT*QWN(M<?@rt!&hww^i~!4~U`
znY@=SKQ=A5QJ0=LC&MAn(RV6WvmSn?8o<+?pYB9{t(5aq3SAFp;|zBaWst)6t@Mu-
z<L_D<L4t=}e#in?P938!2P)klF-(g&mYxRK*7{ek`wTk0!UpMWiWb9Qo`>2W=$KKU
zqihj6@)A^McWp*+ydc4=4!XymaJ6i}l{&*>74gZK<`a8~!<-(9$4}?`Za7CXu*ClN
zzR#lZ7UeW%BCM9P7EA$ys~Ls-?k{|gSfaq#s^>M<i@)~GERF2t8sH(#8Y`2-$U90Q
z2af&jqf2>DaIzs=sa6FAMod%_xEXV6GW`~R8`V8Fx(1au^91I#BiGOBqWTm3a@87e
zraG`wleUf?Usof~=lRl$zO{{9UPVGZ+jCFvn$h5QXj?L~o%POt_iX!ZFAWMD*m$&i
z@T1$YZXE1!Bbf3hEzcIlY`;tI@-obGDS2l%i9Eh~=ih!HWFVp1{3LW0yKx}Tm`DOo
z1t%e7WV{VoZ6jiBN{7-Vt{Js?rK{Zkpw;|0oA8EKnLFa#CQ4_yOqX7l>Ddok6k2mb
zZ68abn%R(FNcsVrZ+PN0x49Hu`)|4FZ%V0f!&L%aHJ-jViWDw`w8Q<36kb3&;rNhY
zsPJ~ch>1VFJqfPAI;I3J`^K*Q8(;gR!vUAcE5evvpV}_hV20qtB77ElNaGQQy!So+
zwNAeJ50ftaU+!$huRLzmC;jxOG9Yj_E0-8=oKTNiM_y+|Z2My9`r{q+yS}c{vSFxN
z5xZrd9SZcLh|?=I<D8!-w`HpJg)}Dz+qDO?=#4NAJ5$FDm!`5QrqUSu9`WQRNe;gp
zd}{F<QmQMVSCgXob2@_p@y4v%ezl_LJ|%?)$1jz`zclH4G?xpRjBZwRS<@Nllj+hW
zX{Y9OPds=gZ}P%BuXBF+`tmon28+&MSc)h}4R++DVeeS_hU3>!bAZFx%HggI0?EnM
zas)=w*7ggoTI`P=ON8RE^()qHCOW$x)Bfr@7S7BNX7_cAz=zU=9&sq@w&xuANs5Vs
zz6eG4gxra@lTiSMs^GEdY-VRn)D3NwA=Y{PQ(NI}izAFT9a-V(M+~wN5Rc93+|p>h
zRk^<Jr1;~_>jpt@$!qx0xtrX*{Zk@WK4~Q|1s|FP7wb%tfdrzv7@-S3xG-U)iwC{G
z@-t8L^HX9>bIFnw#Z4GuAXc8SVU(&zZx8;PMaTlzV1wJrhL-_gnv$pR|16aod;YP}
z(>j|gJmFcr=rXEr2$w_e^^9~v34ih-+QskxMnMfgYODNfeCkX+sPcP+(~2q<<(Qwa
z-`$R*k)CbjvU*5nf9okU5e6QrKl|nt@@xr`?jSt(O#7x>>75~=-Hi)DEJ{%!5;3uh
zgEdrY5gdDs2pk9LMlg@Y184%>51L$ne*U}tV_mBLNuH0`3e?bwND;>;>h`-=Jtp8g
zU0V+FY2UsR`zJ83`|R6NZ3!n&&C?l(SN1eOD_oe5R9}@LW^2VLCaV1%90TZgOvV+m
zfBPklTS^oy{}%0q%<<z}D-X_j-3}cSBeK{v#c&IDU+1vAA}kw5Ev)x2=(GM)W&tFK
z2>%%uerxJwm_Eo9%%m;nZuzhGn41?@B&7V(JPtaCTD7R_T&@`kB-(=)^C3M#KnC+q
z5|J*v;9HY0<saF%x8bfW6~Cw!@~Z-NW6hE4@`y;lbbTBy+-2Aj9AWy#VoH(Pvya{a
zObsEjrYkqGdWSg*Ulh+O^So2WVKH8-nU=ezA;(XlqjHBjhh9;!ZUyAQq?M*{W2V8#
zjWj1{8Xo=MMd53#XSrW3)^}ho(e__9(vorE{X7|2N3Pn}wzUgBs`<L?eW?BI!en5{
zBaxT?VEf7}>8Wy9L_UiQM*u_Q65N@MMZ1aKZ(Wg*V@Zg&n8fq4*;s=w`*N0-UCLL=
zTqwe&;cRo0?=u!%XK}gd?H#f2r_gyZFC5<<Us5wO^Q7Lx?0pCM)&DhKp4oGb=ggxM
z(@6Gv-59&#okB6!_(H;b_KA-pjHVX$3GNAcA%@r4BI=0S(O2$h4C>cxpW9_xd*-y+
zv-=sl?LOV_=2-K@zD<Xn%x~ISvn5C&G14|xP-2hU)28-7QGLxwSUe}(7z@qy7~v=T
zZKT?@6;=p68QEpLvqgVv{Osd2Q(NDwaktpNd#T=pa#Cs9s|+TMLe;(BzL4lMUz`iX
z?>|977bu;jKuP(|^%IvNo9;=tOEL1%Q8x~YfW%YP`{vD+&EGKYho24@x~@IAU$B%C
z$Z^`!^J{ZKk_r7=ODt*ZG+zWKNd_b=x|Yb+@Z{jQ(4bB-fy^P@<NRuTci&+TVG}LB
z*10|WR8y4@o~5Un=8_<5MJESG(_PrnfI9})E&Es!U@L#MaV^E)zr$!rDStqZzJzl0
zX=}h>rr0Eqztp_UIzqFV&7bx7%SnxrrQhf`idL$6)h{SIc-QGyzS=eDT0udT>Iw;R
zQfy}nT(coTNks9nB;#~=<B`PiEc(R!;%M#FO+tZVyRyZ_7@4fsKi5sYusH^ovYWrW
z&9><M7WDc=$&%?Ql_4{XLwJkXc%Se$l*JI1iw_w#3Br(u<G2g&-B-NuDH8~am{o3W
zdW9a}2IJ@ZpRcbq;`IM*)FwlG`PA<q!l2Bb9;4|izR=&HpjakI$P2~xU*`IFH$!av
zvB|i_?Ch_${VmZCx;l2uibelz*2q&)x1hr$m@dO<{D@N4;k!rXH~3|_ib$bh7~8C9
zTC;m2wgz)~<4f$(e{D5f*v~x8_&wD5&U!CNqW0|#XIJXaPw;An-lx}w>z2Mqp#mi<
zLhQK51liLpei@e{PDhP@g3k#;TXgFO1}uz!Pr=QU<M6Q-b>XrV;pn;N*k~H3Vj&}Q
zWQhyH!?G0$=}-2(r|=q(_$T;8GE01!$ll~8kfwNOQ$4%0eezRCoFqZ>X%{6Yi#EB=
zOa<kO+&P&2Z*x4&Px7m&vnT=squxB0yu`-Xa{kWj8gtmc;G#ia#3H^OgIWFbo8W4n
zrkj1F`r~brwZ^1mQo`Fi-^}5V&Z2W<c)V~w%^1Ny&q`n*%kH)uAC=yRI|#&)Y<WxW
z2RZ!r!@y9lKMFNHdvA)l>R3nqr!cU>07kHQE-aqJodTryl?g@4Xf~Cy68E3*mn3BC
zJrm9?D?52ZrCnh`K5SH4jV354`e@_JixNLuiJ#wqadVX(m7I%uFP@EEDQtc8KYIJB
zsJMcz%iwOo-3ihJ3GPk^P6#yKIKkbW#yz+MPY4pAad&q@aCdk2=_KF$vt}M<*3857
z+r6v1`byQQefHjU>X2LV$^-H@FY7=4Kj&o-%)~hFC^zDK#G$|{r%PAlg-X<g=r$O*
z!9L_5j5qHMN~TUDA!p<UtzXtWeEKLfO?<>xqNOzo!QPhtbtwr6Xp1_oVhvutjdD8c
zrjD)%fyx_!E!Rdjl)xLO!NXEZKqqHI`hD|kL&H`zpM~;C)Z<i>VfC2pBVPkbrR`bo
zt>U!Ja^~{S*xYxa9ZxA*7FKptK|sEy_ckA?l(M-M7f{<6;qcw_{6FD#gTT*aC)yE0
z!SBRn=mvI*txP0vsztgjLC6OSblw{9v#pL*iguK;Ddk^<?ey{s{*z4&d`^!UK+%fs
z3mlt`A+vCN(678yqNRxl_^Y6>(NfJ?WhJTHMS78hE|fq#^A-D^LvfI``KLT{UhSye
z{$RH6z43zY(_Apdb=Dp9%KLJ5(|IMTh>+~)Y4~gSy5Gqjp5!{3o-Q~<D;VXCn=;oZ
zSxE53(XbyI{7^DtXOX9Ay$<~sB;W>R7;?s)<P2*&iLuo*i)OpJy(6i&GHmn#4}=tU
zX-HkBW!|>^Yy`Q{#4{p1Xowf>p5nO{=0u-rdRWNDe2Ep`-)l;teST`zdO?|~^U|9p
zFR}fP9{0b`Q?95m>}9U>yHu3!38s$0MWnDefQu6}aP}DA<>mDZH3R&|lG+Xs<;!m0
zOw?CPFg$PdWi<*)`o{@dpg<MAuG>Ng9pUDPIXGYmt-?O2bU^~1j5p%zhuk`k=j7#6
zjJO$o{~U~uQ7%?+2GyO-)JZn?yF?x9`*^?i3;|uu`uXX(cVO(z&+o{7o(~DdBQMuu
z8(P3(Ex_Ob>XXZ39eW=xF)Gk$V*o1>4W)eJ5Mr6KsRa&DF63A^>S!|nX31t|DP8B|
zhEqRTSbX$?lpp4P3$H##;XMjzLBNbS)J5?}`kQ#yjxhDcu5(d8t6hV3)A<PeY=8vo
zLI_fuY@YTplTu<+c(JAMOnD%E#`Vmp;_x#+VFKc=!;hJLyX=wGQ!QRDLDu8$ymW6{
zJ8e=WPMBsB+u)N~a$=rGnv~IyVW5TX71)`~PuJiAj9A{X>$0ndl&*Q%>)edQ-)WX+
z2VC<@LaY<dQqQ!Xw#kCzGl*wb7m#duXpdm#*6xC_zH17^PAzl#VGWBMM)Vp_8%nbY
zM;L6XTCbeGid!4l*k4b`=d{#7==A2Hr4tzDuke<?696?T^EMN4>Dt_k=4-5pH;ANK
zHNPnbX3Tu%w*=jLZaDpbf8xLFQg7gyiW;zZveji#f{JK+dFb~dP%Fd+L*q}em$+?D
zW^Uw;-|IH^K99ChWh9z<a7_Pupbp(3)A8Zj=IUm5B7fh`ky*R?$GzZ~alYgO-}E1m
zl{py+p#&DD6%E^aKwlG@6nv1U8>YKq&Hbx%;XBD(QH$(;6~=x#7?BG5Yx`vSOT;zu
zH|1_^y3BgiW6i2WLd8pxKcN}=iSPZhOC6*3KJ<k`MOTDvaT2xH|Ald>{%^f2S(v<a
zh6U!tTn5;I@AWP(Bc*mj94vOU(CH&mIu17)Zyg#4QQIIkDv<iKdx|RTyvU=Z?Emgq
znc_l&*0|{TGpyv?oFg3kMSGn6eWtL4qu~yUWT$8u_8m}QdSR{=^$1cD&{Q=?%2Svq
zq-eIvznr;CTNB4@cRl&b7_;9TEHj=4`cmam$WS@oSVo;Jpic>zG|5#I1#bHkQmvYR
zvj#NaYhx`#;xqhvjkgUw%VF(fYJ}8yUW|>JTkD!b9grioxW@oxHbVNOk)yk?q|{D>
zM6q7RP0cP(K8Fp|i<ddCp)%t4qu=&QWC08N4Fk>k1f8+>hS%dt7C!<j7YFkVHSKPX
z(Iht|g%iH*`Y9*#K4pT2ZkQ-qG)pqf;kbCWvs<X)*RJ(xLx9QocHjL@;*m*MP9Wl?
z3sgptyn_U6K^;1mG8GT{mp?<Z&x&Kh`C74$gaE#5fS!92;Z<{-+b-Tq_sjHs{^{6-
zFMsi}G)FDJ@X?=+u*)$3UpTx_;VGY*6%*}1wcmuzu|22?hg)~j6@h7M|4UlA&K}<8
zT-Kx^Aoce*#Kj@r0CN$hSh0TIWsADm<6M1(8zp1a&|-_*JHA_ku^<xi5X1YKuJI;m
zd=t?I#2_6F>5G8?4y?c~xHZDlS6i*Afn`(jxw`p-{kT>QxQha%-OEP_D#D?juBeW^
zNTxzjZN7Z=ztoLb@%n0q>S)myV!-JUrQmhvakv~^CU4LOZwFL8cCsO3{?xi;*n=x}
z^o3Afu^MGr(4F|3dR~&SiK;%37!uoN8);aPo>hMOjU{+_@?zoiP!P+>d`L0tBQC#W
zov~%1_HM(#D2!LGMsFols-;{;%I0Q9m?1@~@OCFvFBwOSjOimNumJ-4&bO0vD4Zo4
z-sY<cJ29G#RpZ(olec$%eipkk-2FIp-{o<s53nU)a<Pc*8kszO2kTSAQ-%F{$Ti~j
zqVdd+*PCbgnp>b<IOB6xw|&uXq<ogg@VT$|pb>h#_n%?^j4ojYthhIBFyPzU4Fz5E
zQZ}33bN@r=wiW(w-<Lc~&1!8Zw>H~z;9JD=wT)3yL(904AkF$N+i*OjJnrsSkqY|s
z=D3lvC9<3ZC+i^^HNJ>g6CDSztXzr}-tlnL&ve;$+$QX>9%#naJaRZP=@D;5oeafv
z6}p56m-Jz~SH3zYgdGKE@~#(PT=B)VEh6zOOkv)T{K#71OQkdhV<TCresOD|!Qrez
zy0?4P+-u#f|3XYO{tcx#r6{0RFAC1?PH3k_b~MMq;`qp}j)C5M4GPz3c|BszJnSAZ
zC5ME?#%DiqSgBQRO<j=W*4eT+b8lzYJF>XiWCrw>2ZLNQj)An4-rj&@V~@Ym@7Cb%
zyM8#OUQcC?nb%Cc4_CxUD=ZX5r_#|x*(3QkMh-0NBz*(e8%-}B_=#86A!lz;bIkbl
ztYtTSv|_PVRj01G7gy60t5`=pqQqulqN9KM99Gl5fc8HB_2k7ydkM4E>!k$;Yal62
zkHQ0F-^Xj5_S@`GaVds(AF<rq(nwpUMZ`B%LG=iP+tRQnr=v2LH-`E*LdbgT#J<Vq
z4JRuxTJmp<So|^_iIA#f#*r6%(Q92eaAaX|Ovny3%0TeD{vhxyms=z<KS<~}Vz5Wu
z2e_E|A@?Z^ibcH1TD7gpr~70a%Vq{liPmu=93{;_7A~3}(=ebu=2YHN#0oEXg5$^<
z>Q&l3y))HMSf5JVmpfXGl=!3DE8Slgn`3s|@;`F~>Cx1yp9C#SQ&55C17#Q1hB>`!
zsPJqJE(0``^pfe;>K(sRK{>B*N}tf&tYV*<lM_GkS=aEb#81KXVGm5VB$u;)JvqPr
zdgLD36_0mLJ1@Ir$D4k5cF#9)PZTgim++ZAAg%E}LF|=?gfgb20?-=)+E621-I2V}
z>sC8{L^m4{iF$i|kuQwwRc=-TTSt;TJln3}e!lTs-CC~d@kaD0#^8Z33gl`lOv<7i
z@6t{K!F1%}N{=Z2`<wMB(eK)q2+TV9#P`Y%eqJ|lQ@@i=&>p?AeGEgq9Qe@$TVeq#
zoccSRd_y_Y?9TMxxZe|oO<CY~!xRxjd}?3MF3ydy{~1P(@UkX4o-844ubnSXUqX-x
z8EC}ZQx7j8n05)Xnm_GjDizp{`FOrRw6K#&{$9dgs>tZcXF9_Enm_ZfYD{Ud?NIdd
zB?*J+66@iR)XxgluLIe2=-J3lRNqIs398H+$Gpq*UAd;YVF0NLsu<54?wgO+7Fu`2
z!xB~c%zcF^Q(+I5DRN_Hm&aI0?^Et+y6=dyoH`e6YjdWZo}*kvrpaqOxvQI451#=W
zTi?^dzhzjm-&SKF<kbKy>dhodG$mJHhNN9b!kG)Yd#dca-0CxMr<F+qR9Mx6xKf3q
zp}XrEm@|WXnxdv~viNe=22*g8-+ihG{Z3<C`?A{4s?Y?lg(GZHKi>IlX`#kW)tAtL
zPELv&OP>ay+z|~h<)bN3MJ?FXl$g*8dii0K;3;tPsh!6I&bNi#znz=vL#f4LWMDTV
zIC@<UZuhwoK}8w#jkErg-|MWeMWDz{-dlMAZRtj&ATde`j|xWu*~7mRc$xrnH$_79
zG`vxfEgEAsZJ{uM$nGK4O_J5Lvk{D6dd6)=!E@SxK)O9RenmL8O=lH%Jekj5iA<UH
z_J%v~7zh!CD#0u^$k|P*=_wUf+`rl7ocNV)f*p=z2@N}R2%@qKz`~sl^mAc{mXe{e
ztHz>D1Z>~;9QG-hOBv(OD?Q?2uW>yA@69_9L^a|8hdLvH1Pq2Xm(345hQBVYudCqq
z5`-p~E(E>#=Eprh?Ium4&z*J=(f?+4#YmY4f`0fb@tvf*J7}IP#%`J;zNf4gKQQUo
z2`nH}*To7w#_)Y4y`XCPd}1@apatR<EQI~q*589^D9TcYGQ(2g{kDlR2r!F7Tw*+9
z8rbs=)}^-7$i!x8mI*n7D2O<>wQEUWoB=*%fFq0~Z(>n4)u0Au4~M~e&dlE@EZ4Ow
zp&S#)cKzxC*v|DEyIfUOWfUYjR%_HR@<}6`)KZ5^2d~}3N2(Y+KN~hJDz|XM>WJd|
z^{2m$0lsCdCa6g(0RLW{5w?}BYgjjm5d7+^a8`D9Q0IQ~E5bsmSX$ILWNNUGN+na#
z`)q63DW-&*H|t8%^(D0uX&EH;8%jWgw}p+k`*~RQrF3xN-nQaKW+>BdJVzZZIzCCm
zO!s+whpZN>#nKuSR}|%9>by%R@IY}8z&m^)Ix&%H*Hs_YT&l|3`w`7;fmZQ3S4QA1
z2b@mqvA=DpJ0~(rmd(m<FeGj2HVi?uvA(sL%xV_>%E0P$`#}v?(?Y7mD4#lpD<Uj;
zl(0n19jx}KN9}#Tl5xz@)-_2UIxCOMZ`*$w=J8q?ReV}+n$cXmSc30_t-wL4#YvRm
zxg6#f60(LJcP?KY;&uJVtqm*M{_DFli3aOUCj~Gk6Q}sqHj=w}bPNKvwVy6C5BXfs
zB}eq^)f$!J^Ly&?SLx**=w?mRuyA=fs+Cn$?bHl&=JgBF8eA^0;gk7DX-(_07U&wb
zW&uqNcni@%t~MASTMO2bn5C(1Fo{@Vjc#=6-IfJJ?E<#GoLWeADG4W!j&>Ji+q6R#
zQ&-CjPA5@79GBxlu+ht*D^uIR)ifsfEJenZIb;u498Q|Mx1ye20AY$}FQuR@srqE3
zlTPCqvjV9lnTunxVf}Z`Vq{_18kCtUK0|f=STG3h!PpWM?EGJTt*;5G?s32Aop_|M
z6x@hUC)&l%wB`D03w~$#u6C5TF_+&sVk{49lz>ZPfqG1L&s+)KYLQhNmOI^k6u|Y=
z$#K0hi&Zt?h5Y68GvABUqH8XNSvM`q<QTITj(`a(dO%BK(F=Bston^KT$I~7q~Sf%
z-K!Q@wX_17DK{cwwD(-^fY=UNyAvd@u(&dJbXN6E%ATss_-NO0Ml=;ZDk-0n98cSD
zLyWavm7rH6RmLhLMJl$Dpk37Fb+jGq!R%PEj|e(dcn6=38$UeoD9kz|wk>3#B3M-*
zjZ6glfA7B2>9Nh3+RnsuKGT<Y_}M|YcT*SfbtP*uXMieuILM7dY{pPpj@(zL0B6Vb
zh{Qz11eBMPjte_f^ome}Iu`z4kGJn^j<`f-v5Y>Zfd4EKZLNx0{p>0KSlMNUNK@F@
z)@IJmv3q0q#H+V1#CTPJ@~gJIkRfbHU*{P>MjvYXWckB(3Uue>uuevDfpIb&x53bq
zEXOQ`8Ryp^L9di`LY5aq15yTuiO#p7o5%&1pVd@IXaRvQt49=bHs8g|HK~$O_TwoR
z+T1{Q57sFST`#&^I9OZ)8RN`lWelwOtny(2O|&!$#I%^9i6Kq=<DPQ;35XLnTy|23
zQ&yyLouit~O#@b#Np))jDdPtq2!i7YI2b{TUnVNVx$mKXvL#B?x0fPCq<flQnB7`C
za^61~a56SW-%OE5MY(^qV}~!;Rx-jr{^&{_WvpSOjKWfm`|U>sx=`fc3bU)Pmr`iB
z_oyYFf|2-kPqO&23l*@%qXiQopSj|)0j4!HT*#48j0TK-zB-Wjen7ob-^PF3%u&Bs
z{O%J%<u;-ymqj%ot_{?;xU+~fSAb3?<cHJuK@I0@=fmb$Y}dsBX{c$~s4$8ql|UeO
z<;!XdRiHs#DZ9=s8F3aD;F;fK_ko*Z>f~noeXNHOwm=;FRMmJM1_MhZvt4z&Ju5uZ
zSh#$^``cp2US*xN<_84r=+d>4Xo}0sAk?WGkQcL{A@v8OJ+1l|ZzgQ~K40Am%+}48
zRa??hLg3Q{a{GNeQ(S!!Jd5vq$a(Z9$?Pi1H`*hJ1mC)8J;{_Cm18azRQk&VO*dZu
zz|}BnnU9&bp(vRbcFw294XG3$TbA?*+6G_slO(Qu=*jxn@JoVwGhP<vH8nUcR3fVa
zd0z0!!lE|!&O|s9W$rz(NsNRaXA}V}Sb5?22zNC*3ZIad-QXau)@SJudneA~jVD)~
zY%n#a!?#;<ZptHtp4|&iYf%;#lwe_e1l_6}AOB#aLmq-$sS26O9j+e_uY;usOxC>-
ziV^Qj^v9nK>C<sywe+1Tj+NgNu?Wkf%_A{+pQRp@T7SPfA&;Yo=zy!`;7}=<6K-@y
zI9g}tCN}~j06fn=ZH?CE{9KAaJB%5Pz9RlWOqZ6vv?4{Yh^N^uG+wjh*4mkqmVl~d
zj=-#hu^dT<F8p&pk(R|U?EB3RMiXTD<Q1a(%+^fJYr}^#iXR4FL;Kf&QfnHxA0kNu
zx_<(52}CmEBvYEcZ2kP8J!MN*|G?cCOz7S{`|vpKk1%+$kn>^8-&41O@+2-k0+vn!
znHsAvmCmGvLH1&e`-cE!V4}yFIFEW>j-q+A3@sXV*<zP@dnJ(tA<9J{^CRHo5PWs(
z#U9E)t>5Fcby4K)o=MQTZp7QzN>GPyNuFpS@u_Bvuo6`O<A=ZmT#xrid&{d<>+67>
z9sBbJtJ6VuK})phoDPEm$C-d@T&wshWnh2atMD#96DGBcj<PzOhuHfDeI@O)pA=W-
zfmRhaD6-Y3!5uPa=-C<FrqxLzHsk%Dwfm2O_Qf5rO%+kDD&n=GhU2Xe{BXd^g0jo1
zT-N^4^96n6Nbhz%cIwJt*LCFciStbl=VpbNWR_MSdikqi(YZ})Jb=j#fQ8(fA}RD(
z9>0Gr(xz0IBIZ>(*3Tfs3{8*b@4=srIJYW}CO7(pG2zIRuB#4x@)KH4hU-HSSiLV7
z4NYIVV{ZxWsB>P0V@vc);->YJ%<)=RM2|sTPA=iZJ)N(uBMzjFD${_i3$Lo`^HNYk
z;O=uZX^lr{J{=nty!-~UGJR$&wN2E3Z?X`(i%0`%V-%dQtUKkEGAj2U3Wf;FcGWs^
zRbW%=4S6B<ep~-ZgMn7hdDa=hN%ZyuOB8X*6);l`eduyz_ABxG6B#}R1$3CV8hQKG
zaoNm7<&~Qm(fu>sMh@R(#b`bnNpI;F#8!d4v|;t#Tksx~kv*)Xx&qWT$CTRFZ5S9G
zS9)Sz5mX`%y1&d=iRcA%+C;0_^L|EI9#pTOTBQd}&$KfplY0>zsJ1fU$}W~9-Zk+k
zaeTVf&-LWWBm#x4(qTB~+OSttqS|_#h)0F@?MIV%Klx&y3k}RX?XZxA)4Kq($Ad#=
z%-8P}ga=E41%~(ST!>NMZOlHE1~_eF9*$mBorW54{z$PQ*b%+TkiAk2Rli;rF7EI(
zoN6inx}I2$CjbLijxTksyHE}S?%cJTYW;Gy94N~BT=wP)a$ST~%9s76${RqO4*XY%
zDx}vbzq__C0wh-=ytA-a4kdz#3VhK=B4~#$XZ_~8$L7MceMkuK(txWTL<o=@Qi{7Z
z3yHPrqFGx^kvbETe{Z$xoznd}@TjEdhNoJVsIlq-fLZqIRU4aRYenA7JPnsFCE6$T
zS5K<BAMk!>bx^D&9BuUciU8gFRD_rtj}>h&rmoux4dA@H8E7@0bs}mF?~D1E^!^O^
zSzg4PZB*S(?6p<Sv8SH4Vd-TeZZU7MLvIO;0H5h~6JuBth9r)l?8KY;C*#(xY<rBR
zkc)NB9cFVhw8hKyVzaG6owdx?*Ipt*v2MxIOE-m^&tWr72KUR1d!84ny5?Q8d&j}=
zfcboN>07J_=d~a3B3R0{s>G^@^>C}=Z%@|6gED?}=sF~cw?@^n&EZ*m`DPHL53N(a
zHXv<;HRc~eYmkdtVBHoLdtD{)ZaSoQ&`2ZnqT<^;`~r}ihy01Cjnyas$X*^@_(i21
zmbnmu{UA)bI|F9>n7nV|t4d5Vd??a`A9l4dn;{n<8rtX4Okr-*B6*ORz?%aq%k~#i
z4+0Rl50)k8Et(U7{=B2u55U$nq{S-x{;eg8<)pr`28<9L)Y8SVLDx??0p@Yfzaz}9
z-{zbjY0$++`8jetx<O-CY{Lp;tl?J|juq&f$oZp*l~HpmClaAi2e%*=!Mbm<qCGu$
zB?(^8`u5EA;d)iR11nTA{T<8`rL6ED;0A@@@I#+NYZ_(9EJ>FZjF0?B=6N1jWWFH%
z3ysjP1pc-GNI$1xn~*b0MtFHRJ7~FKRJW0};?oWU$x0qVTe!@lcKrha5lM_>p@)B3
zrN#b>3;!H-s`^X)=PcR(`$_NEM&+Hgz0al<=SQ;9i7!G#w&!5kMXV!FWa_TizhRs<
zqbp*b`{L{|M_h&%-Q#1tU!%@q<#AR-;RQM%$@?Ue!8*HlP^as7OfT!2YKe;~Te$6E
z87X!jle(Mq@0H20Bc<21L^$f8^LVFX&@0o^hUU-tht#`UO!&)0CKSGw=+BS*_g|?P
zKYO8*&w$MOEqj)X45lE-L3++K0hKZJxP4`Ka5WU5Smgf=jA4awp%*LtVdvjaqBXh4
zpVcr;B?vZmGC-|8H#idgwErHo=&QByqn0RPrvkAL4f~wW^_qQZOQno%V;}cy#gD!#
zH0Pv66c+XvcBFF>mETa3O#2ie2D5-0lsg?D?uJ@S=)N&sdPwuproa>)+_6iFlF&2x
z)|G4}xbwLS(W+9^BRBW-e2m^DD+nJ`^4FlRvVxQc%sS&o=K8Uzb*7JZT<_xB7T_OJ
z;D&n|jB&@B#8@_Mn6t9m2)1NM@AU?jY=OmBz`^X7v;v_-gX#^P)`e_WV~kRiD(n}$
zg|OcsTPfWAv4wA6v&s@7P9M-{opprH-|B80%gipCQhnKm7j9YDPjD;JwPJ-C#YDaJ
zL@XB^Ex`x2?+*yjj(nimbP)dwWBNija1(cuHzLC$D_r`h$p8Z(oxLQ7Y~=yD36!)T
zjC(>2^*ljGl-gtSz9Z)Ls=9qhFuD1q?$cozc?dTOu#~qQCnJ))6Y}5&lCFlk4)9cK
zRGiJyK_99Ikj<wA_p5N=Ao`F*unn+VO;NbUNX|C0qko6v@8`F^LNz-qykPf|MzDTK
z4<G5gI06QxX5imW72ntgQBEFUqM=Xj<e%R7A7fD4g;r1x1bn=|1A13SQ+9{V#7Au<
z@kjyY0TgxSpU@jI3!pKZ$2TsvNh7nQR#H$B&f#?92cyOIpy5wjsU~+ZXpMqU&dnsB
zfb7CVP^^7)8ZO9KJW9pabw%v72~&e%j$JG$@bwynwb<)))vSc*a~8>Am&TL>=y>8K
z{4=OpgztQw7mytuj8lB~@iga5TYbi~^-K?iCcketD$RR*Sy&NuNGhIdjizj}y`W3E
z$}D+q^Snj8F*s@XHOucPavSlcUe`u;8{#x-e0RY=Ejd%9>pHBI47Ys(puCuM8Zln*
zBXo1pEBhXztgE+jrl=Y_RISy2p`;lp_{8=`&jWzPc4TSlC45z{?S|r!wmv90wH2Ry
zn4UcRynN80TUIWDeO^5=)y)PR%+Ef6iU^uXaR#}I&z+O?Sucy*5nmg7r*1Knv8z8d
z>Sv}O7T;&uHR&xgZQE!c%gt!&&-9NPzaD+p^X;Wy?_RGgp`p`>p=nUt`(kpf*r4;8
zUbAuD{Y#U=ec8iuSt$0o{nL@1-@`Ix!1I41n+%|7;+3(*>%6`T@IwtdeihB_iES>)
zZt?((G0Xg73sFKs9H(k8Z+-ZL3WPG5?M{Uy7isGU#`(+#751JTpx^QAc#a=_O@DjG
z{*+3Du&nLc_}kx9-gql`1K8Y(UB2_6lP_wGFXQm<*5i|kOuU2#a&+sZh7H)v(MU>;
z!W6QRl4hJ>&S%|St!cGi=&a|?2DEVF;-Ud72SoV6-IqkIYXdNod!Br_>$wzN3GnOe
zf`Y}P)t8i=eFcDYgoYXJ%FGg%exsXii>JUs`vlIMk9XU$0R@+IIg^2GLSB!}i$hn~
z67MPhrj=3eI|)5U=ca=%&!fjZc{)#mnAO&Bf$yRFCs+7Az~Tf{Rblkv;?K6(uo4s&
z8V2wrAn;N&3UoKT+n2+2?*v)@_*H25;KEvatb>u%hH!T*0BSN3I||^$D|_FyUY(Yz
z*G+OyamZ6EEEoLVZ>s|qtK910dt@-G*u%m_4?mxN>|9Spg-@+0T8BQbwKc7yWg?gQ
zXkTpB=|`hF1q&|N@OO8ojrywN-(@>Inu(t@A7jJ|It}(j!|ii#?VLURZpPISz$ONU
z$}y%dwe8oMpPSme>M10U&&2))1{@|K2r|+;FBKh?kZnV4LG5cO__TWl8&=Owu7j_{
zNU}1XI0s3Nc8PJL6E)E)TCL%n*BzEkD#b_^jd6ZPfuj)glE<C^M&ol~E+`Jb96zj|
zbrMwB5O{==4;9=C%65ICp|=?4h<SQ7nwdcxC-K}ZY+xetahLapJF)p`Ph4fO2ZY|N
z?mDRp>R6I(8NH(?lU|$jfZ>Nm#1>7*sArBBmscISSkz#5D4d4^;(j``P-bD$eL+MK
zyu)WLYu`Xz0_++eTUZ(fvA5l5ykoh=l^DgmqV2M>@+zm=h|UfiDvBDb1_h#V;E-@(
zJi;<hfGc|r`;X*L>naQ&V0Nfuq}wS-ST$;U9Gcc%Q2SOn&}#q`0-1Rb<2(25vrMQD
zY3A*_R&HzjF5C0rN_qXRu^Zgq`eB)Zv8DRi1p>d;E<v%x@R6Xtxv4dKb|oxI$rGYp
zCk=kN0%H2XXt*%Y2T<`u`CRg5htPtzD$YD_v8ivzGt@2iwYe4UeQTo1EoRao{vov2
zh4KFDb-HVgZC$0uNf+JxsXl@{wwY2>C}JE2LGKM8%3U39(~L58XZN?7e@7ucH!&V+
z4Qms@K1`sV;GZJW1#!Bu)iOBe^1PWermwYip7#WT*<o<9oPv*01Ky*p#7QYmL8^Y|
zKSwF&xXr*g={4N!I~a1f^T1e?3!_BNaL%{p<$M4I%!GSpUbJ9_qF_9D!?s%~{%Aog
z7?!&tbuKd6;Bc#bT|YQDZ&h?b!NrxndaCtv^xBY~MH6AWINu%BTqL~r;L)v4P|epQ
z{OmcDDI&1>PnY}8TqLvUEI7Ecy&48VNS0@1&t~jhzf=SEnXk@7y2A;pA&{e~Th{%Q
zW)&R;rUlKJ+erdBb7Rr>KZV9Wf5fdVD9Ej7R27<bEW*K9IJe(q79E~s<bN%{U%^y{
zTQfv(M#V&yFa^k|NL(NJikKSgq+8mT>@2LkwJdpP0-2j7BZR%sVKe-E0zpjN8Ikm{
zh`6D_K$cuD9#L5-?l_<0XB4$rzkAoAq8H)qV{C^N?T91zR=pmRp#E%QxNxXK=o>|)
zN0x_ur{i~2*8+)+CjUSrk42#$hNfFP#8DOPTV}-i!zF?7JNaurxd6TksM2OQoZY*>
zgFLyk^%c94afMcTnO(^}0I9z~KDNznb_ucV<>nTbP~0fw`;UT|B`R6+cXPFxP^}{v
z(%htafuaU9`O^jM*iTy~9E|R6@6>vA#e+qVhGzC1j+GFX=PHq(WL$!oRaNvtf1+(w
zkh2ktHRu|IZwqp$L~r!n8i{`?+ho@dHxXB}Ww@@Qk`rk|M>3dfcc>-0J0v@Zsisl$
zBVsY~35v6)I~IxzDyeSo1N7s>ESbV?s~h#@p#V%SaB{n{urPDQo>)m%MmO$QB!fO7
z+Gs1Bq~xv_(H-*l#ALwuE@~&Dt$eL^dz1V)yiq#JVj;2w2lx$&yAAuwMp5<pmDd$N
z(90{TSK>j2`+9g+tVN}a<-FqM9lzQKk#5MR){=7$+$u<+C;fAeE}j0)d0kAtYzqmJ
z@=>sD`<jbx&Wt27weMp>#We5BS7<0OKIR=X2Ab;)*U7-L3>KQ^Sv^QwD-xBCff#>z
zSW8nHk7X`btcHG@^xvwAq+aMO<M06MZ6t9DwG4+SMg!{4zG_Y>Lm}-uh^Z0xb3g1G
ziT;f>XvM_Gx|1>Lku?A3*nEmVL<Vgttf=y<sG6h-?>)OgVFxFmVue`DZn)_9t2ih=
z$No2FL5A<Wt4I)x6@k2Nl%+yRxAn%-Q)>*MX3X?(p=jvk3g`X{U<BW#?nklCn#MGO
z5OuX2OwuT}ro00Xui3L0d(P+5ems@DMp#Iua;!KZ`ICIm{cS!@HiS%-IcKRJ%PKe+
zZ8rbbf~9lYwpWl+omTh@0TmTE?m;?|3z{SBai0@>rh?*Rz8q=j`ux9Xg9-fK*!lN}
z?{9N|Q<T3z`u}uNh{TrLFp`HLlI5rUd4X&;ZtdhZVDZ;KsM+Y{Q`VzD|69Bb4@Hs~
zUGnEIHOB;HKhZT>6)BLG*f${$tzPcOo;Q2VNcy42h0BO32GG}}DE+)=+o~u7`}aZ?
z+gMC}Fak3WH>+Mwhswje=+=F6J0JwTIzl$=GsWz(Ld*H_6C2$(FRa8^$s67{1cb!?
z!SsCfC9hOPw*^Bs#j5lfv(-|O!amQ(j+#A~Z@d>&J~b4^9=bl5I0PALV?FFRIM<OT
z<9_=K;lr*JJ%tj~U6e64a5^RsH;!w7?Lo(c$$P3+9+@O7nAO>DFB%KS#tb4IjY-Me
z?x=5aAJi~VQ_h^Mc8r&xxcm6@>n2jrKZ5H$vPrJu4^g|F1vta#mwDz(!Tln-$M1Kq
zV@z47H{@b#ZBxg1I*XS5$;;`*@l#Nbq^Or*4jw!K!U8~CVe|<I$@QdvvXxo{FR6A$
z@ayXQy-LLo=SGql4M-||R08P8%8LOjY5S*xo0KvGh?_C^TWID+cgL|4`I(`CUnFNg
zR+E&Q6iRI1|Cpa>wqZq$junfe*8ONkf~w3PciBr#w%A52@B1s{Jkw+|+ebH$j#Pot
zSv+0?Ec_76$tbRoNRDyO1rYZ3YZ<$q^hj;VgRMoGo9!5F*>S;WRN945wZKkOD%J5A
z{)<cgmtq_usMGs0)mYbZ$0<81#$;$U0ugT>ReUfWT&|7R;lc7KnYiRBB!=X9AKyHt
zoT*fCww!8_DxcX`;eWSM4a<bD))55uZ%Hm<Nfqb&WIdcs`0B>aw^>#ctr;KA)xTy6
z=TI3NXpflTS>>fP6Ca4hg`JzmRkRm^#aKO#Wl{B#48M}aTEll0E}o?;I4SL&22-Tg
zed-cG7iOf*eqFAf0_q{dX!6xZq@S9Fu*265I#nzl_%vHdcP%i0)-anN%$R>4F7ES}
zoQ<v}#jX61n99c%OYr}jOm7CLj!cQqX$2Htz|}o3L~~atjryB4XNSCCMc~#6-j(01
z7g<;UUzyn12HR1_Z&ad~Nzp#@6PS>&K8Y;30(EA6`PU1X-3K?mlN#vO!hPI0vxZl`
zhpAWq!euSp{5bnnONY)}gII4YDNCsAdDxGAg@*s|xo>9WJ(KvsK6dD@BHuHo6N*DQ
zj?@m{R2#{ws03M*zbW+bO5)V*hIz?1<)!RjhGXU_s_fE>8%O3<ap|wPX1*SXf|cw`
za6Ta&j(;DK_>C*{bEZ8Z4O;n<WqZRTmLEyB?379&^Cb~U(wrBN<l!#f6*KUzf`RkR
zuw>D+@!ccenO$}kK_~*t<H&-2r`cuZLVJwP$EotdzKP|qbMDW-E-E&%<USnmDvPJT
z$_m#u%oj)ywIde6dE++rUottWl+{){H?FqbIbA$la-^bI9x9W=836s9JY)xaH7P@-
zj+Vq%5bKZ<-{;}^CVd5e+d0wb^A~n=Ip&4=5?@%|@&>lUdIe#USqEY7x^n8FfeElg
za_eoq@~vCS6x^EKrQ))%v71i!{e)NZiO<w<_b<ih=H*~<k+<;miy^h*+p+G;Z=5C+
z_Jl;X@cN$!E|cG&siQA&erw!^gauqQ+EciZ6YOgcN6iEs9LKSM4O71EUZ(BLxFjUW
z{eZ>ot&Dd4?7QN+GGOI>yqcLWLaE?PQn9#m>orosE_Ial83G*4+Gt}-iYU*QXroM?
zoroJ4ZE2k-yh&(7yc70eV8RWaV%^2eF;@Ttg;_j4GG(n2ShSD}!bGU7_KuW$z`6~M
zejrm}nYDssQ(Y`91<os`HNU+}X32I-)n7S*!#Ox^y#r?f1bt%6UB(Wydm6NOlI7R`
zQ6pF?L}<R8RBhUD`PmKct}pr~$kHS5Y>1SJQLPS7vSJCr9xza|S`gpPDmKq>Qtkm;
z*2|Hg;andHcD(d$zcaDlVo5?s@)E?z&yzD*a~@m7E&sL-$?azd3B%{*-n~}#vZq}d
zfcsG3#KqlW$QNrV*P7g}d}`>D#{X4&cXh}L9Op}p`ACQMpdra(O;?(n<@O?^ke)T-
zn@r{N#r&Rnx7ic^UaEH=I#{3z`3I*z3OPpY|4_(J|0v|3KMFbhH}v6v?>^;uv&CZ5
z+rp*RJX92ljAO&nT`7;)0ey>vR|j4_LUul%0qL5iMh_=<928Jmu!2ZvC~(i!$;yD8
zrG7aOt<!fU3v!^LD~9I`ktip!Qm{3;sc9rF)^rQoS-I#1fPLmW#^{5Xec+m)b*{5V
zU|U(9f@}kJd?Fq{g}Y}3Jyhl1hgXY^KP(mEUfF53^ZQZy-Vm3BmJ|edD-q<pRhsBR
zcOzd8EAS&yNv*VKm*#my$xe&DJX2(RTP)k8LVqk^*anQ~gws>88wRV@ui$d0lEM&)
zTw#I>^rc-DMTEb^jOl>HnYoyYRyOr7=55~g6w{#L&4oHxXyH9ef0HB_3O$pERL1VE
z$f>%vL{{7Gsd9@FAupVv+Tki$C`Y?-W}6;^Pj}m)GGC!`iaee*6jmLEO<-?6pMEWM
zZlcP5<(l}K$<E^R3P!lrVDoBAgOns9VnRp+O)LBfsRS{}pzjUi7;7IPE}`K8rbgM}
zleA%p_}Y*a2-_>YD<>lI<|5!dDPSkqzAU~4%RQ?GV;Ze=c{C<qRvDmcb?=Q=dGIUz
zVsiGu<O^Kk<ppGxmyy9g5{e_%ma`s3UTjkJmiN+mTp~&iD=W^DN_+?KG_42Tlu<am
znVH;Ymd{%EY$%glv|i#4ei~8IEUBjlJ<Rc+E4iH6q#Rt!lIlS|`VIVQU1#z=-SIs;
zB^2uT87eGWX_YQ8<ML}X!4u_S8`7q;VfiRCYwPmqhnBDFqxj;&f#5Ut<5mGntniq8
zlXgqFJjncEcExK)yfN$Zp}XB5e&hMq(`^itnd6<l0J^q7J`y(U+jPpr4ykvJUX^UT
zEm9|5aL^?2(tnbz^MIvI#$gF<JGJ?Kpk4;FeJTrmdK!}Opl~o4qS~5u8U02$IC3F^
zsH&t!!PA&7R5|ZTH;3QkkZ;A>bfV_-#rZd@qoRD7a}5gVp-1pe|6O~be*H<(LiSk0
zv+)F5&w;n?0FUO=R%_!_p<fFwf=AoZRzoech(3Jta$Em?@{C98!-rxdQc>5t$DY+j
z5!a_ah1}r>3bvW+Wgpdpx2_|{m9Ljvxou2l`UkJ1%RSo<Vg<2acBYyzZz}GuzGPS4
z7aO7sWj}CF7ap;fC`&xwJ~^i7we6S+?1P<#ou(cMm9fuek{=+>*(E*sw(^0cb$Jw;
zeNCMg9+_Td@k5&lFRSMVqb1qik59OoMW^@6!$V0k{N*#YI^PbYuVhl5F|u!9&Rnt%
zi(lJuwoPw-ElX~T^z!n#5`USQ?K-b(dph#+gTMD9yZY-DYTtbSAu{wriXNS!1v_T@
zMrDCG_IJ0~PLFf`o-=JGN(RIwrfrRN*-YU~>#}1mu-8&>GmRxTa`khIiOSpmSQxyu
z$zmWcy}qf674E)^tll(ZUWV3$`-U<?m7Gtdm4vyH)1BC}B^e=Zce|>pVRB|Ej;#pC
zSSJgjRw3_bC?<@`ahqcH<n*%z+;kKVff(w8VxD_OajoM!p1rb?U4ui<7zWNy$M{?r
z>M?6_<0BhwP92FKZ`Cmp^|PboOD^`lROM=TT}Qd(Pc0(e=|=yS#3sP>U>x_HfNk2b
zXIP=Aa*&%<cSE5(GQg;r^gkLhTfe)yf?-|ow!0BTw9IyN(;kI*QU+h97&VW*`+zwW
zMbtj)7c=KCKnk&4)8={tz-73~wZQ9W(&z4orSp}J=tZcu{T82|15c9*i66Q|1)9y#
z3?pCd#y2m7Bv<+Kyp=f|Xh>-mD4#L5vBik<Kt9>@Oi2>5&AKJAg4UnUYqaX&*T_yx
zlMB0SH1N$zQKe%Or}5HAm~t8~gB5_d$?t~G`Cs~RQ;RZT9w@n^zd@^9u4D<g5@R6H
z6o{{nxM4V+kGjm}ruNg~NPif4gU--4+^If%J|YXP?`7)9r(Bn(_@hs`C?{<=;%;(!
z`Jh72Hc;4upz=3K`Je7Fx}PgUBr~*fKm)Bp(W6h8wFx;>fy@98vfW{E{)4p8Cf|yC
zg7Ir)+~8(ndK($~3BHL5hP=TTz|0^H%Ou(2M(=AQy3C+CRZQWdlotLRSbcO*gt9)4
zH<TTmzd8QX0AuPW3Bd0yrabRdyLXot=znr-AS`~CEPR>Jy$M4SYl+rl@{gnMzQm+Q
z{a7jEal$Tyq|KHF6yXlL{u;TaNyl)BMv*O5ufonN@NLaf@2gS1dyXUeS(-e7I)8Me
z_%FKHH4v{hsGb4+MvY3Fe2SNB*a3mS3EAw2J2t>LV9AUeFPp%4)aeh^|H`Ux=aklN
z4MIGt?S)h5W=hqm8-cL*DX6@<e{ta{2E16fNWLWTWZ89n_p2FutS_@pdsc*0pgBYx
zqdO)f+B4Ni{<LFxY8;Xy1MFetsDeK^mJcvq8DeasOA4?iv2w54;nMmx%+JcerSMCf
zTNSn5i*$9}UIyd$$8VazagP@L@EW$1bs1e0*PTkLAzm>bW{N5>f4F(Z?YJxxvK45I
zpLg^Ip(N0V>}BfXYy$Ro4XxHoz%DyuH~!%)EeAdVz00kQDwo2-xr#&ZOc2$<&kHqT
zM`o`$mwHScty6|9L8Z{Z7MIz}HZ4#iMBiI<4_Co=ZX!Oyw<8gB2wdwi3)0gC1tH|g
zmBwV-#KSTq+wxC_;JKFLf54#eT0tt9X}A@kO62z|xAODyZF{)BJTwA=-#yI<ipC25
zO$mkEIqB6nlPWYxyG`A`rdX=@ehMgUcoKCWAGFY-^6Q8>v&lq|<6(kB8Z+pId{LKr
zY<PWlv2pr%FLOc>5lW?S1*ksmEh7>GQ*AZ0N*6DcEQLoeHyPwi^`~piTYT2<WdDNT
zOc_YeDz)}(qWh>Wq>4cA#oY7Ty?;sA*ybmDC4*lSyIW+!8|z-k_B+0MONORfHNaQ$
z&>kejv=Yt_h#rfU%{o~ychRWLJAxZNso>k6p=YJJBVI!H!uQ)k82ce8Athpi&2-=g
zp-}5Vp#p_{@u0NwYwAd|060*qvvlUm<aJTN3<`z)1!Db^6WZZZ;2zaE2}Sg-A67t1
z^pa?sxIR(!g&Os{Y^j9Vj6?921k`&{g?;kI|Hi=ewa4u0m2y^Q03LPNqw-BC=a=?<
z*0B^zl-I)hsTPT3RRsI~B_kELmox|o26MQg>uq<qArs9zvZXg}vrZ@mI8<+E#saz5
z5I96g&Tt-m{M$xdCR@BlYDx+`G@dE6CgJu}eZ5uw=!=`Vac=;D*Gj@9={6Q3Ok5F_
z@$1|{o{XGPF|PpGwa|Sr$-}avf=`KS?zBUpL)0wv7NyEHPnMB`89hFn1yXZQBQl>B
zF|l(s>#K3U$$iK)P1Il}-ZX}4Wb2xN(8;VFvG%;4`^V4nt=G1R&wEr*#U6>+D8Eh*
z*e@2-01@fJIFYqToeeU-OE_6&4#36CUbE~-{#c-m)NniC&MU%iC$WzHxt@?FxCgNy
z3*tJ>*CT;(D*)?b;`oEWwms|Jj)QeH>QPd8Ugt@KzYlmBUnA50(YRgZ1DEcN&b9HH
z<sqP?xi5c362*hc=9U8KIpfJ*0BOLjE~rhTGbg<RmfA2kQc#2ID^X;_qgP+2(MCKY
zPrFuw@BA;`fov3ka?$V(mIq8)a>UXh)(eWP!GZ1`l2VIi6C_*i4*R^9b@VSVp1*9p
zsjvMND0nZ~bvhELg@VMV7ASJv1KMuT$v{<(hCK(=^^e+*Z*h;M7IqjkVi_v@Bi@8x
z>EFZd9*c5yWD;Q|)w7|d-#Iev;u8Y)bbwtxKd-T`Jx{$>jB=uo3%&>orKP38h=#!Z
zO&2L*IOO_06`@OBtW;clb7Ur<jyXlmN*R5G;>9krK<dZ<*LZg2g23|ETLUNuXEz{B
zMTzF$_piJ?BRV&#*Ke{HcfTY*eX0m)ey#YU_<B-);<MOPI0fVO1wUs12;+M@VhcF3
zYXsa|CT^i{MnRw)KUp2O1X)!NLU1+oILU#Xpav@jL`dTu)x0r0``YBxlBEab?9duB
zyOVC`LHAGmz~M9ZX&=$qCrx^Ay9IaqFKgNL%iY#x*)@HSWj5-HuhhdeyW%r55-hc(
zBU8~8cSSs-W8jlG)PTpr<(dhj8{2lwnJ3qqSJS@Zzg~noR2XwH5zyF2uMVc1wUzR&
zNpdcUVwf>nxN@$f(B4L^IeqFT?|iE6I%i_h%)fCnUHYgmnZ!7&3Hy^>h<kEu&^I60
z<y%HJ{jqeBElbi#iop4aMlS%RP~;lJER%gEDSzq0Mc~!L90`}ZFCVsgi|Lg)vsZb8
z23F9C*NC3rD0w;I4jNNSqiN7kdBPHJmE9|kje=CH6HmIShiiET0`+vyolunSnFa`c
zp@>c3(uGfZ3r#_rm5-FVrsl;8BH^xs<Uf88>i9{8*}@>T-axX%!%%`$z-O!rs5V(M
zB%koKdlw-POk1!c%b#K1ja+m7aKxg0DrB&hlar*jV%Gt;wf%Ga3_fQou4s1eNNK5N
zQF(`=i2gJEOs}fZ=nawTZm6AU#D^g0rnwtR6QdIbZ)k%`r;QyxZ~!KGjolbTT~*dn
z**W0rf#JoI628Tt=D{y^JTwNlkv&OIq?_v%q`&h6xW9LAwRm`z%aQB?;|xJNXx1Jl
zAh7XtiI$3UC8GVk_HPp5GOx)QmC?1(1_T|Y{KPN=BG`*#PNFH2A41!YQi?M$gtION
z7h2AFL;jC*9)EcEn-Uz^W#%AyF8r$BzZ~jBr;GzMZfy%Vf1~yhA3*$cF!lS3I%XV5
z<Cb+Ow*W*&7_&Dl4pRLGd!Afq!f;(KZGCiWF0NVSE9PTI4ivc*)3!sBYjf?LCe*8A
z^Las!MjQkM2M~kiYZ(pYJ8ng-Xbb@M-W492>u+Jc$|hKYrk&!j0{;ayO{}UNH&c{j
z?s6QtTg4-@A1~TL-+Yrr30IJSr>f6o17qvxwj^LJPRK25GTV)?Y5Amg?r0mN((Tyj
zMoaj-ZpwYjrcDF`t((4AK5k;6iA1+0X>2Jhkm<3-Oh-8C5O}eNiub(@%xZ?<tW)XZ
z$qqMEuJa#V1bHm<PKtw|Fr`yK1g=egQ!h4g?3<V?1bwTw_0BL)j$=HR7{kRz<OI&}
zy>8E-0kWF;j(hXlSuax;rt_<47+<0bdkp+XbWMA@|HW+t#}yI6{sD7ow2H6(1KeXP
z`W=g7g|`h3Nm*<#bFo3{c=qX@>k;wcKw_6`Gtp3R+ssK2w-Bk961h1>UaO4b@Zy_?
z7{f8cTLub2rB5_H8-fv=PS@)SSBP{SV7>CHjakUI!c3JG)#!JES{vN$R_bPLk%9FK
z?066-JfFY?C}E4(*|s1<W|n{X?z=n>Lb}PGW_eb!Ax%c}>pqeXab>$=N&1YG!u#bf
zWC#x$w98|UX`mrFbTE-iXH}`zg6wy7YRDvJlK{n-=cv{l3QOpoQmWh5nU^-oP<@j7
z&Tm9WinImU!E$NucY_|PO(z0uLdeD?zQr>q850!P^s`_c&PEHyo!kAK9Xn6=YY)K|
zp){#Ku5+g_q;IhsGZYjZYt*~4z=)Q$v|csl>@v6R6?CD0A70UMT5Ep<P^qkN)Nw&J
zXMTsh=d$53M(e#@%3;(#GI(_m{O;R{(z*SZNA$R1Un@YWl8R|33H5|Z&YQBL!&Nf8
zU^XCRkSVUF3X`Qvfl;4D$c|&bZ7OGVT<h=**u!~9c&6g~)mS_}v2Lq8CAUE~_)2zc
zeb#EZWEbI+ovG^k^34-&0s<n4(@vYu>)J3p>z~FhpF>V+kdh7RAoCdR=5++*E>=C>
zJCqi|-i9c?I!z=WvXgcS#KO*g-mEWjUVHBT7JHD-eyliOx#*zA`_U$y599@AU7A`{
z4CW|Co_Xp;o4_H6cM+4JJj($OGG3IR(?7=z=@v(6)!S_ysG>l{2hybsl}KE5TS&OS
z@&D4-3DrtU;9ytzXBbmgcjLAd#9sPTv7o+LsM_(~bq1x6wJ!&&aI86Bb`Z)I`zc>w
z4{QvQ<6*ds#s6~#LA4dF8GbxVD0uV75*`g-Nw~1E<ehF8SY1a4-`@Bj$in_LKNS#S
zKxn~2*t{9zr=jdotsd~-kPcJ5b|vvt{4arMW?@S$|IAXz)FvjLohTnwF;Nd%rGH&Z
z;*rJU1pj60p*H{ue)ESrJ?q=HELA45*b<PS!2G|IL;i<w@}6x@^hJ4mW&^q^=8pRH
zb1WLXk17D_8P=z?t66QzdI_x$v;aSE$_gbxf8^o3bhoXe3$W|KrG9~XhxSRx1@w18
z%^3~6Ty}N?%+AUSoARG0N1-P%Ho;~Vi^a(I`Y#6iE8&ohh(pDoKgKfbnE%`klzREg
g%m4p9iF5h_Gt)#asG4`K_zL=wlU9-{lK=(&HyV&P5dZ)H

literal 0
HcmV?d00001

diff --git a/windows/configuration/images/use-json-customize-start-menu-windows/start-menu-layout.png b/windows/configuration/images/use-json-customize-start-menu-windows/start-menu-layout.png
new file mode 100644
index 0000000000000000000000000000000000000000..b755351c0e9b31a0acbcbd11fda0619146e0dc9d
GIT binary patch
literal 112528
zcmYJa1yozh_clzSNO5;}*Wgy%9f}2aC%98Q6f5qf#l5%}cP&oPLXZ|HkWgIuaqs>8
zzjv*3R@Rv_Gh1ix=j_bHYilZDp_8K{ARu6=D9h_2ARwl^-0Ns4FD=@OozgEque^1Y
zWD)9TDSy2@ympY$kU>CbOu=}xLVkIE<Ed=yjetPR^w0fDMVIjc0pV|%ioA?|fca@5
z>U&0oZ-2wL2!zkgXU9^#XXzo*IP!@SNGQ1ayhoJUuwPKJ{%9?QP+D3PLT&y^F!+7t
zKIYg#NWMLbkJjJt9Sei2Khv{kzp0cu@^>6=go(Pkx+=Q5jyDXpB+Z?-dFbhj=y~W<
zI8(I@u+!%hd9}}jJ}K$!@2PiS8y`~qB~3J`h+svp`zi{pOR6(;LoDh`84H&>*ITa9
z{fR373;&?v=6j8n=qI=yIJQPUhPTwKmGh*{|A1}rP)AGwz^~lmXP4W<s}^HbY=;rY
zR(o4uktI7@O&*|+CF(JYMBHQ{MD6unMpU5(VKo29j`C0>rH|%;wdohG2Qc}_uD3(k
z1^%NBoRHLU6+yB**hHypKI$>qD4R*hU#-oqtOhX@r77zBdj6o#T}K<9k1h68$f7NJ
zwCKrJ`q@7R?xyE7GKpAsjx*8}7TaW=SAFo2>$7wGC7Y>Dc>j*%euxgrt8gCIyuMh{
z$EM&%Uxrhf=aCVA`BF9#0*AgDL6Ot=#f|_1)C%J3<E&Mlnj7d&%<pR`?<55gYvZ?J
ze!bZ>VsUjKiJM6}P7l#DyXyd&j#8GNbbw)A_af(q^+2)>Wxirrw&E|c%0sR?<447U
z)lDj9d%ul@(M6I3>c1M)zqdB%pd7PHfgWS}${j~?SyTyl@irtbZipdgGbHVth3CzM
z@9V_t5|(-Opr328D+sjZD{P!g#5MgkAdgoZ*ScHU-kv>DQ!e{n67i~DdW4-Qu4Bc3
zJ!7{E(D9SZ<m!S!{s1xX7eFBjNbOW0abVJE+(8_laE_mD#Qh9jwGlp8SU;FWuBwbe
z+?Ki%J^mz~et6c2I<sZN?W_Llvu@VhPJ{fiYbJj#W?7?FkGu5w1Dq}eMTs3CA)&4Z
zFVsJ?kf}KjFNn?lTJC5Wt@Q=ZxPp)<Ac_e7VY5wN4JL{_+#0rXR$|KhP~=0FatRvV
zp_{SGP#$7ozB3;mvA-rds-vX&I!v)Egzd(^`l{%%`rf!WgvX9~reb^Be3pY}jCW*b
zY_4tUo~~j9_9pV}pmE=1oG=rNtp&q8xqa?|^Wl9EVjn0ytQ`m(hFSDb=f7b{!WeQH
zJnSAk_~YKGg4;d1I6V^1bqbdy?H&Eo)I*2O9kQ40Im6Svzc-T5vVyaEKo>@lok&8`
zI}gG)B{_O*qfCQ&9uMN{V6bFI*uz!?k3^G`eDh;$q}xr6R*m^BjIo8^n8<Y30}?k!
zFUVB!ZiHXkNQdY7Et9S*)eq=q&nN4D_n2f>&9Ix&fW&*H`xmS4Tm!S)p?bL|9?5eq
zlX~F$_!*G5;;VDE_S6MzuZKgRt^K-v_t(d*(oGO|S5uaPXX;A1jj*f(SArSkkdrz*
zk0ZVS))(TN^S;A2`bw?gFr{55`)h!6SboaH4wwH9gO%@C8ddiv7z1@!JLTB;?LoKq
zTHyxUb4{!QH@iE_u2(P_ib5M6NH1*XWKQw&5Sz8>{UL!FNj4&;nhOf~kc!Y}j2Ntn
zfoyV$RgiGZWmeQ2^<&xhS4xMb)+1nw-S>a})&g0aPxiS$z$$!CNn4qi`&sv7aZ*Bw
zVdYfup^pmmgA7Bj3?>VbFQJJ6cC#rQ4D4lSG*vl2OEn;5pfRQd9}(UjGxsh?E2`>3
zzRw|om&4F*9%R-$t5K!X^InW(XDJ%Fy}nkjjCQDy0B$95_G7UJ2N&mOi058xri`kF
zdr9c^#;1`6ExE8%@d9-JYBvDDs2qP7!Sq9W+Te&Hr{%4<43cHG)gx6Z3uYMKU2?ta
z53ih?nT}R|T*Ji6R?y=>*d<j#u2<wvn9{Jf(O#Xjrbl0&+9Ih3JOV^&mkSoaQjz<F
z<qprGEd<Q^72Q&Jh0yNNO$GxT;zV0cdc_yD*R;&^f}9vR7tt_k_LTeg3iH47R|qf5
z4%1hE9i!@uOTYj`<Hm6kmVBh}1rdZvA?(E^w78D8K6sqqZknuRc^7kA|J9&8*UCdC
zH_ZROe5syXuAZ+ba5PieMqNAAnlo1d%!^?j=8eOU1Nz4%Jbvp4Gcby7;H5U|j$Gjm
zi!FZkEdY<$#>~mNgBN6S=fq8UPNuWirU$}s#2GRZrwEHRu8FP^+UM*zADsAPKWNz!
zC*S=_cbetiSe*WCBy#Peor{eBwI6bEV?%O96Zj`Pl%24;#ho!Nfu(>3@>xC#qp0{x
z1+h-Kb}^>EqgC1PSjI*acn)t#XPc??C4+h04dHn2C|&CuH^mHDC!*PvBE<*L#U%dr
zmz7wJ2Y4{hZ+mdJ1LD-!%(HK#HHQL13h0TG-4@$Q+Ulh~@Kc4{-qs#yw%65ZOja4~
zYra28CuqS<KC`CYK%maD`ukgIQlZi}iRNU`W8uqehZu_Cx(I}Yz+)DRbQaUkOk$6G
zff4FlKQYB=6K-u>ApD@cJ>fg^O!oJuNd8K$sqn7w5h(otoXrbt-{gvt?);P>?3BI}
z{>Lld;nX9ITl4%;d4qKI2MNj8L~c#+8@1?z4mD~&n(w<}-VZDtm)P82r`#fsV1e(w
zO@lBCT#e1^lFT^hJEdeDJ?DlkQhCDoISrb~>hmdS?7>0A+P<S<OOh_(c|r~}AH)uI
z`6OdlS2e<V^AV-urb0jzo>bVk64>mnx)sKWd)9>;QchE_LW=2vBG38l{AayExS3Ts
zO+U>eh|JSOZ_bqx?mdO)P`ARu2+Zd0>?K`T>b4JeB_|oH-<UHoAx+M`Y#s^AXVyHQ
z9%WL8M|ZZVwGEL}g%s56qGh{9u$R%XXQDvn22*2fhe^)a`fhBAQ-s1<$ng+>Z(eUZ
za)pJ+iLGwCfw3x}JdBBrb<Chf7>V#+Y7J{7WgIhc{TOmGp0bba##s+ntAE99xA&Og
zXeC4a&p<rkf;%A~#KtEInZcj^m4CERAFuuw>o*L{!1=PxKrRsERxY|!-@Ka#9A!an
zLpr%k32^#sRWNISx!6FLNI(h_l7y#CS_9Mjd{ar_t%0N@cm1+w`}5kgQhV6ACj(QR
zmu=tF<BQ?Ab}V*|MWMH)2OYFOJ}eDPMG+d36VEYldKCohBcbjZ5xttY`%$e0+@?Q@
zKj%SAYd2#d-JO*BEHT|1KQ%=@GyynO3CYe|F1!V+mE-k6-ci!<e4W!GPm1+Pqaj!E
zvy;v%<*S!;Ppi<dIBI&k$I(u<F<n}Cy&bO`@&*6kwp!#sCxYi4dJI1nR_1N#a6Gz>
zT~lmA7u{eg#ki3K$|kMpuF(ishm)L+UZaGqu$w4(4TmzkIc3yi@Kn`oFf8xfQ7l-~
zW@wo(T)5XV@}gf1mu9g&S97uAsB+S}WWO;7Zft4SOh3qbY{dC`Y3@jM*<=`NZrveE
z*A7NMI|NR1{z5Cup={70)rhwL!De=rd7SU?s-cgp-m*s$t_Bq9P0XvfB~^(U^VOXt
zffy#sL3Ixb^8hjBu6^$hr#E7|?EUZ#?rINw9|751s}HW^&D?D4@ZRjW>K6OqimOMe
z$S?1Mnw^d<?q6eZ0Tq`GkmThQCii;m2i}pB$tw16p}8_pDliJ=JYdg`pp`5cS4oSY
z5SM~}kpevfNFxrt{9t5>`^_{PvhAjOS1_}Nzwpr1*{KH4Q|9B7lI>nmN>>J+4NXW$
zcWDGGx3@T|^ehPM&W-rSp+Tct3+(Uv=7Fpms8ryYh-}+**1zeW9?<@m+pPJ*arM^i
zlkZ8QAIxEp)jL}%)o`$m%l~98K&a&_%qzY|YbZjbNN3l!XDj<&q=WhEzK~)?t|PG6
zHP0QR9%61rxk4Zp_4{!=VF<<_oLI)^71*zFJ1<oH_b`Y-bEpXXMtsllHRG5SRnZBl
z{d0&^1!R8@?_toe$h<mE@X)9DI&eui*dkBzFK!;dSLygPcaG%kZ+^Te=VZJQ^qam+
z{ClpmW)8;(=bf=uUr_hiprh7q7cWo~x{!N`e^eQteGlyw$S$kGu_qg}mn1<Y0bN<C
zP#oFJ9MD<$nRTJ8{_$vi;+ravPE85%IPw6Zgb$X6sDCP#2rwhP$MDn0f!?jf9Ymsy
zedI!0v!he#@KnejbMu-!34MZi$!jC+PhC{#V|GJ%qi52@(wE6O&6BAzq?2ie_F8Om
zAW{or?VY)@PDUgfac^x05MkiPWq@##)Ytc_bi`SX3)2%VTi9j*kwF8b>eN*>VkM)u
zd7GD_*1O||kDDw+9qD5#c#WUQ$yqOijNVzRQX<B;J4B~RqV@P`5L$JLYJ2Iz+ce7F
z2648-nz&c^>M8X@XtGhWOl4?^ChwTAG^w!@iWXsf1g|1S-*ZIbO&PsQou@DON>6$B
zIi>@CIkhC!nsB}5@+vcmJ*feA!Y7cE(pdRj2wpPo$EtC#QZ79a-w;#0MgmCU$Z0y+
z8SFXSJ0$qPVQ2lMsJ$}Q?K#u16W<V`lu?8s+~MlA*L|hE4TGB$sGVe~L9H$`V_#iK
z<*sxwdyx1&jGlnj&`^%{#JwT#%=IPYMW;z2J*Ta4^5cRfMdY)N1fU;ovK$hFm!ol=
zN|yc7Jb82pSP3kDyDQdg2%#sRhYWobvTEZVv11wqRgzpx`M+Je)w%X^Z!kR|U}5)`
zuz*yE-8-IL3pgz#y1S1jq5a_($whSE)YCr<jlE?ztOjg)9QS90e8`e)1jmv{4FwWT
z-~8~Ng?1eVlD0yhGQIYCY{OkqKLUo4N{9Z`4mZEw>uJDJZyv<@9$$KiFGRxb`rB+t
zFr0b@5{B)oRWv*JO;wb57}uPXXrxVmvu&X^boJt{r}txd+G)7*Z)2&i7&T76<WjWl
zCiopSRSmxDz#8{ZS|Vq09wMFmuP>dLA~AL*5><;`Ju&aPy}CM5H6ug!0q%rEQ)SqL
zbMieN(ervzG<rY_MB=$BKv5s(X9l3_1t@;K(<Zs8hy94E4bS&VXEg(|v?Z7{!t`}+
z4^QuuKWXM6)|;ZFw^CqD3ssRqCmDBN8MSZ2VbOlq$XNOqeA_5>y>Tl32<trA8)-f2
zaGi^-qxcF13bBwECR}4psf#<za-{pyTc~(!+J0(nFr72n66K6Nm=MYKD>#^F=m4wL
zr-QS9ub$g*ZLjBq<x82*WvGP$7j|5!j>bS<qgMuSat6*lyc5Q2CZU4nQD>>M^8;eO
z95N7~USs6WN?tdb!9qm$15d48cTbW&&IV(iP_WjzU&T;Wi9bnw_l7p^)rEqed9)4l
z*umHp<sctxR;4arP=~wP?J2!27&HCcV@@>Qdk1-UE#=$=vsE4_O6(U(;gF027d#<f
z9WhnAZ&c?bJ0G;Sm=4Pe*?Y8%4|P8Nn$Ud5Y?l4CU=iHRJk_}glpf$-w^~F2iISis
z2DA+FdF|nmT#_1Va@}Hi9icfqvK2BviqOW};iC$SFQ0X|I^M;4ZdAJosMI=f)iZbn
zY~Fo=?|o82qv#ZS<+S}3I2_ZQ=O=k+DfY*1V-X=+CBCHQ7g&*9fjfu&K-_ByQfNOv
zJTmgMl9$Qa!HHE@vj8u9+WhW!!S@3tuUTOusTW62h95rOO|RGGg@Z~iN-1%6vENT7
zgRvW(s`2Yj<7RpK`Kw)8)SO);mp%2EWGLu68H4KYp#Cn>)-;ry7@POl*euBkXTkDH
zvttc|g`x(ly62kBKQ$^S2klae!_2b^-<1u5wHO#Evx2GlbW``Rv&CJ{Z29g<yMn3J
zHi;S&9w_BV&!vHz7$3F-uNFgvPwBhY95h+#1sRxKK=tZxPnB?|w8@*MN8?>)Mn;~a
zJ3UJ_a9NICDGx*EqEDb^Mp*)0&Oe4Y^t3F*-I`agmxMj|6&w+o@r1#6SlJL1HCMZO
zoSYS_A<&rB0e>Vo!zLE$ctWHY3`!|UeDo^l?o(2vhh&Dn&1If!+;%<myz9?-QZTs#
zgs-GTh({nR&y}hGf}j1CB-uD_-o%oryS(PdLbr?28O3{+dKzM4$JDRd@;G8|%_5e5
z5+Ta|x=R4oqOaG(HDx19I&iy;mG|Vkh{IK5wgjRMl8GyDTDkY+=rhgu;@z-$&kd4B
zFlHuH3Ml1vZY)f9VmRJkZ)opiNVGPtUELPr`kI$_!l=X+f$fqeLk}q-@32rfe=aT!
z{T`}jIWJo%(ZXl>jNPmK=eB#|E~za_ybhP)OVciU8EER2&2h;<sM0_ga!A<jLqN!^
zys>+&C@>p)O2_{q6k(Dp=7B@!$oMV%Mky$fy{UY^=>TaY%(+PM?rb9C{ItxcH@!q$
zL4AmkV%tAa$hr@q{Dg1)r{|ru=p(<krRKZm_WC89hi?T_AS33iKO4MKNjn|*HuR#7
zi?reK{-F3K8<GkFpbW5dr0<eqm66ZNI7|6tuaHA$qGRm`;Lz>~-!JT>>ni<jI4r>B
z*_IskVQ0mdq6kQ0Cm|N*6ND!%RPU#rSLZSp&bLZTyFD_Xz7~1{OO4fhF4&0>Nk`3h
zQ<E&3W7s4ay`snl>6E9>MQ9%9_M{t?hjtnL^z|%S9`H?F9FQR92^okNqx9N{`{jJg
zq}7gf3o~0|#IBd8=%eL+NzV{zl2uD)|IxZB(5TB0=o3uo6b;lX7!IW7HGXX<(dcq*
zM$gD?&NBOTKE(!Yz#+vfgqx1q+z|UB-*2arpLhJee}-SbGjue@4%gGvko-`@y{63U
zz06-)4<Ylh%XZ&AywpTjQqNfa`&g_AYDQOjqliDX4P@ijN_sWrR~?Eh!{GQiDol66
zF#}wGgiLl4OcMF=La~@A!1?E`Uts9X#|=(&;3v9spO{q+B_{Xi%cZUSGISO$ubozR
zEdPbgk|x>;ri7KofPED4>3GMCuzap)Raw-b2izDS7JbeeInt#BB>`Cm>-4`3KtC$0
z(xWSFI$V~W_*GvRVg-_>M3)UqnBs7?8!e(ReB4qMQ+R8v(9}8lCis2%xln?+FI<M6
z8e<vpPS0qcP=Xy3N(cUkwYbtt8cnMxUl5RJhL`NxL&@#e%1qmsvZfL8qr1sPAsG^0
zs>bQf%rW3}p|*C<)XRrC7Utmq66-i+9KxFNwBS6CztxBisLcmEq(AwFJ*QLjgPt4S
z8aE69^SVz$1b6|RaVwa$WxKitwSY)AZK>Iuy@43C@Nfb6_ygBLEPphtx52`l$g+>(
zE+$}jB+lFHu2BijAJ%LE>RBT3>vSKdZ(icek|wzBn6LM<W!qU+60o2CJkiWDCC4A|
zK6XK2^00~jm^4Wqz^jV~6KRpc#akJX^@Kg$EdHpr<LteS-km=9f-51yxWT{pb=Jae
ze!m%w|G+3^SVkZ6r}73@2l6q7^Py3i)GYnUI`xCo`ck4Oz&DP{@p!WeU^h$XJVzG6
zw%A-e+qv%VsWiH)&@&g~m5G8LvP}{~Z1)?`6U0~dFeW{2+8vpYIO3V<BFU2-Y6ru_
zd$)_BAz(7}<AL#-rXJ$qF4ADpbB-I24OXmW@a!P~Wwtye6TREV{fO|(NTT?$fhRy2
zO_l=ZZX8L*N;uF=ud2?2_&_XZKO%>Ak*S?v{24B`@T)1}_LE|MAHl^-W_BT|?x;vN
zyDa>%el5GVmSSQ(WIfSvl|T~q2D;O69hJ?HXcWCGyutgcmQRteKQ3rW`AH!|&1Ru9
zRB!;LZ-zs2u0Fo%r52X|W*q?I@2`(1toe=P8RmioV}9M|JCbs~_qgKrCj}iUQJ<2X
z;6ieqoWiNK&vW2#PXuiTB?UHP>~ws-w~RKESkbQ7-|1+Q)+}ubtP+AlzNaVxPgv$4
znap!rNt4e$>@WE6QZj^UY3hi-$fiIl1681NYX~gePF26fzw;H;*QnwL6~Pwo>$vD@
zP@%|9B|WAV7n){rHlwhUT5IGUoTcCqNWNS;F4=nLwPh=^Yh7cX>ucBd!=&c2gbPqF
zI$N(UvRwuZhbn!~D)gB?yu()S$U{xM;2c9kc0CxxWjRcE_Y;K_PPBSBkp*Y@_UtOU
zJu5=)O!&NxW@}xxpX~8c{@Jmu*?|P95o(sG&?zo`nu|BWnB*ij{`pquj;+3ht==yH
zF2bo>{k8DWLp)t~lg?5VHC&{TmkK;MX+Qsi0Y~Edd+a<zo4?=Rs=Q`6(@WPhC+>){
z#`#F3c=mn*OovShglPF}+Z*=)6QQ@SVWM1Zzq9f~wCjz`O)ba~vlS=%J8)ADd$o+*
zoG~BvH|ELFl%h)<bMEc6%6|J7Xx1X#?$>Gip<6r|7)vxa)xT!rra60SoERJydxF~S
z>WJX!p+@+HVeW#MzefYp7)0KA6k}G}$h`vVghuV$@HRz?t9BA7p<-mubk1s}?TCbd
zAh!FHr`a1>u%V9@^qkx)8pCQpH_1)ZlZhu=KX%21!PYQPC*>}j3~eZvHEa`S>?{Ma
z=y-;WQR#+nVbxy7s&2Rc+(qw>TxnUFr67?_5Ez0-e-Lp#_<##C8~L)&rHYi4fO`ws
z|4^9yB}n-y?ci1^eP$!sOsG4hmAAr9VDMEv$5g3R`0WEKk*a^2j@FLtaqhO9S>Y>-
zfIxkir)iv4;T>TSjUqw{AqPO;vQY<{mE^$Dc3I5i>Q9OM$wMc*O?19LZj$slK%Svo
zUFV#Zyd>j}zM~K4hM(SC9<w6S@sDw(LeB9ZwcPFJ*~@2}dt#h$gTNx%;Mes<&-)Vq
zyKT(lPl8Ee%>LRA6v-^yuAZ8^$7FG_?L%(;CW#{OKnvC^r>pg=rQ8|4PYR2B;m=Vb
zky@{xHI?U%0<^i{=44-DdTeb;Z!Gho`r}wX{_^SkITV;R3J}lQ4Y9kBJoq$o+uyi5
zK*CK<oMga>1RfjWrz`RxeKUR`b@{B8Yt^_U`8<o8ObR+JRNdOzg!!qb%_~b7|E_3;
zQ#BU7$}S=y?39WLDGl7foLt@FVc$!o5V%dH-fKi}ROOVqBe<gQ#pb?dz|Y2-Vx;y(
zv7)dz@}D9H4znyMORAd`U>`BAqb*^aqIy`&BA=wpL^EmKHWqOwCDvP#5p-XL70BYF
z)>=@56Qfq<K-`pnRVbfHT~)If>Mj|Qe3`bpxGB3w-*QPcCQ4gNKZ_uScPJ_pcv~IH
zC6fnhOmw7G3uh3+t@{KB#d-R}^2$V{gs?XfpLiF`f85@=y4%jT#EHa;@Mt_JQd{7{
zh<uj#($_0al|#L+zdY_!je8W$km%`6%xUbE0>ecm-OJExkfnS(p1my+@%a8stT|9}
z-fcTF*!?9}zkc)JdK?+@rQ;cLAVmEzOS6J|1S}m0>+V^zeL?4S6=^H?Omp`l=_`l1
zK&e=oyVbqgMhiGzxZB^v+$LPZM`aA@cSEqm^e^JpILV^xH0~uvG?qc+>j;YrGDe>V
ze*~Gw%AlbswTK%fPo5m3qBcqj&F$<OijXtEBIj}f7SQyc?{%cA+^jb^MUM{ogykor
z)qsAS^P}Ur5VOf+26{6MElaZ_3IFOj`ian?H=f1T_Z#y*#gIy|Fg+f9lh~$~JM+3~
znhN=~y}t)V9B7AO{yXj05%*j}Gx#(w5vu4p@7U9;1Vr2TYwAI~>a-gq&>GcGVF-^9
zV4Bp5@b+QCpjYpednsCR`VCTHx*4S2Lk!43O$L@r_M>VP<yM{z8y(UwCrUY_=Ay6|
zSZc;g<tI-awYhz2fvWkHLABPEJ_&KbEu1xDQ63n`DQVk2CW(`BYmqu|9;B>ZUfj)e
z^;b-y8LGWtMX?~<lMWjE9b^SW5({K*zbNS+u{ny+(6?k@1f^2Wba^-rXk|_fA0#N;
z+tf6r!4UO%W-+s|RBfLJWvnaSbD5^eH&L1#NaFD<;?aRWG0Oe?<E-hNyG6iM)Xcu-
zJKE}-rRISz{8-rDQR7xU$13i}5$|JZ;-WDGi7t@QCl$*7b|(H%%@MytpCSdb&-QDG
z_6w5Gu1V+AkTf;#btMo9e25OR?ZQ<VNb<^@BfDkd&aBvWYIa<IbOJb;bSExZ<>#Ea
zxp<V+a|_rd&X4XXr{1q-$cw~sMv^=~Sm>MIG8XY}l6Gb##N<h!4esK8{nhwzFyVt1
zX%E2nQdC^sk3_u6?<+YKubA`v##y3s_ypxGuP(v209aDw`dJexq!Uknfo!;HnPKpf
zuQKo9MFSZ1I!IH8zNG|o1wkxd{vT6tLG_FzsbV-;oK&JI^Y!0mdnjPf^CtYdCu26V
zR*}Z%RwzGfC4P|jlqu3a_ws4cAC`?W?37b#(aS*NvPlsCAd06b`LQbzUh5erVaM#N
zl}pEvoKqg_nGt6zQis>UBx;XvB(XQL(~!cik<?{3G&)Cx<{b419paP=jZ5%!Wp19g
zs%4WQU^yX6NoY*Cu)1uI1%QW~4iwk7I!F0Nf7k)t?Wtf!Bs&E5aJ~km$J_Ti9n2{v
zMkw8GYaNtsQqCQAvuRfODg9x3a4-oDbRp-QaYtjYpUcIawdhve_ekQa$E-`62+zLT
zOss+g7;<$-aMKWP{L!C?#0yu&3uJ1V-1@qio&tjyjjP@OIDp&2eKZ(oc?<!*zCd=`
zAk1sMd|uj~B3TOEfXC!(F=49OiixPiVZx({rp@b)F2f~hytnnvv>3VjJKrZbGmszn
z0UqMcnd@7=_1|hBa7(aqK=XLt8bd_RIGENCBQPN3%%MGbSQKkKG9-rHW|CQANdXi6
zoJwm;Dg-<uWEH!=859b(M>axEVHq|PV-&vqKN0gaspa{tH{9glQBpEuEf$+`<4+YK
zz$uxC6uAg?4#U*d`2oAB-#k`XXk*ycgt4`a*%ucM&Pv276I9V(_=~lf(4;-4&p)^K
z22oRmjuWoib!)D>#Zf04w%K1ii}8$5iRY6g4S`8{8V2#Kk(QCNW}8?o(^ZEM8~Y2r
zUm4<5x_W;6@)B?58^Y#n*QURjRc0B{vM3ddGG|QwEV#FWy&)BEy}j*KXm&y=GWzlO
zrk#$vdb$#MSA{#}$uGQ+!(y;gBosEb7dM6E<|%9u>feN1hMuV!5psjs+cy!p3ME*f
zD911IV4${$=?>tVMH;0FW-hdcioCar+(HeZFTBNTAyfWHfoI6<*9kD)YZZ5U>IDX{
z)~Q0p0cN3~&jNhDQ(Y>3u<<_F@?*R*fd$5}!FQ3(UQe?Tn%C0i2lQ@ep7q*OJl7bf
zIN}|WO)RQjc%;IV^J1H#2t47Q2}gd_)OYo>7ZdK3sI@1Nr>U-ti8$DeHjzfw1k6+4
zM@GVg;`izxa8NidnmdwjH$^tdyWv2$ODo$#_Q`mjUQXpCyij;tl7i8;)hcfhDB`Wr
zZ3yf@&h^6Yw>6qzw^G4yB3OZe`s$EbCuc9gq9~~hxjycZkj5hLHp%;a?-zQHKH3x6
z2HV?P2Y%7nqzxwGB+o5B#-tEL=;&`LJ%U6u$ZbbR1Vo9Aflcd8!|Dg6WKU2D2!kSf
zIqm=$?*ts{>d|VoodAqZbFU7zc9<l_TS9Gq?MktY?*D=x+7*<qf3jDbmwtvZZa{q=
zcFrm+%<fT-^Tl#w<4}!za2f)}6eK6*RX0N3R4K9YB*Xmg4H$0>C(1!f1v_E|1Ay6!
zzt0ZRVy=JLn9ZHuERfYRme+#}`g1rH+X7@3cqOMuDh#CNJ%zIfxa|FsYe>nl9wDQ0
zD+ARlF{me&xpT3;W+90IV{f9$L6nD2LwbL_{&HUvIqmml5jU2s*wK^S@&9s3#9oCr
z)lX;x0|P_A^QV|EHHOz&Uo_J2oD*5|f;B`eu@+Z5lvXuGcZXZ;qNLd@gc65;JnJTp
zBEM|nh`Y%ohi-Z{q&<A_Ivh?T$!9wc;x#~?!KoRaWv@dw<dF;EUcVI8i7Sm9$s7+F
zj%QHf(Xvci*<-ShvM_s+mmDpWdBySJZM{C|oh2aA%s(u7upqVk8r~UG)jlkQDa5Ji
zl`Eca+yHmJ?d|Y~bZV$%XmM4T0O=Rfz~DYqV2H5V)-yA_+IvQn8`{{z{&?2WVPgyT
z+3<WgpJZvoA~OJxV7z@da>sK5NmYXABIZ+hBrVE(u9$HpYj-&ukiMQ;Vq2$zqO4g6
zbs|SxX5j@3^$aj1&HHS;4a(s!<3E>LceiMpj*Hr@1Cf^wRuB>##Zg5WO8pL7PGz0z
zI_G+b;O8HsZIo||dQ1Zex^hycPwN(S`EgDMrf=fN(bGgsP26MJ5B$Usfm(AbC0=H4
zgzOzu-njNqCo>iATGHTZ!Ww1%0^1H9ynRkAULr;T{7rS1!*}J5>1kE#zm3dC9^T-Y
zOaEKJBln8#24r=Ogapq_`<WbB|EFu^<Fnx>TUCzT%Qxq-RWoe+?95R1<~p@ADaLG+
zBZ2AHrS}62McB~=Yx1m}OLZngho+bA2<d1yQg1xdDG+Y4lR#OvK3j)-=^ct(C{oSk
zzl=m<wba!iB~Te8>x9Mk=d(w->Z|!^LW^J(r^)B#qa)t)#TG0iOA>Pk$#uWr0lI6k
zh&Z>)$qKI%9z!GL@ayb_F6AUo18~IZvhd;;(!Z6_1f}l23BxeOX?`gTSNbJ?BR8&&
zSr4Z+jO(_-pghLf1pbH&kwYNgPJ37|H$beN`7UL!Y!`S;9>c6G{^N0_H78Z+NVr~H
zh#9Qa!t7_I4wdpE8^LNbo{FyhoNkwN;K-|l;U>M{CH9;>FI9_w#Fm<dbe(G|cMS_u
z5o@v0JRST<O)~m1aZTvDFYJWd^du4E+TC?p7n02J_Wg|YYM!eV{f3Wn^7vFpBG#nU
z;L<`D6n*t>#*0#`<;N98CT?~GICz_RGUMCQ%DfE6yLv`x$(ZY{zeXmFer#$3*eWi`
zZVMxA9Vx26A5G0OM;J1yfzErQPQi20J2I=l05qz$qGXXa`VMwL@rXV-Ff{*zQxeJU
z{uoi7x7!wedK-cYQz()UTUIy0QmI|TTd<_>IQN^YseD%j{!D#)xvcddUr}Y+Mob3c
zER*ddQ$DQx{+*pu3MtR^JTJbDLytEkZ#qa7mPRdxJCr@R*R``wKNMYhPQ0%jVg}jE
zZ1x+Em0Jo-nTdfKIWA0u8*eZlH1PdqbjxDmPaGt5QwYx1mWR15E2QGzEZcc-bnb(_
znXq$~DwA9H(bi%Jm^$mq0c!6>3fh@%{Tyq3l01RUj^$x<c-GK!J#msTqekp>MXAQF
zTesjS*6hrg9YPPv+>2M;k|IVQ(S&Sj1Dd(lIW+0wr=Q2E`|VQxF#0uO4(HlN-r{{E
zO5EY*uOEgys`n4m$x*y+ZO!RYJ!}Ah%H8cwx(tAH%uUL!_DDIId(a5M{5ndHgt}k7
z%w*p--DAu)=8^_SnlL=Pgx72o6?TQANEOcD_1_M({)`HT#rvZo#T$()Y21g22CZDd
zHj5@EB`4l($iDRmypkYF=E6CS^4@c1k@9z+h##0bU?;UN{_RCDSRoK0*(lwK1skOv
zh}l~c5wO)20IKAoh&TyWD00zj5_!yy<NySVhE8L|&7gKGQD%IfDMfw+Nebn*HEi%<
z;|rT0x~r>~q@<Ka*bYrfZQQL$r8Dg&$6qpKi>$@Dx{e=|vic4a^}N$d+qMVK)~MMa
zahpeSM|fj_xa7B5?CGIQ1cO3&qqz0W`<?vjl)gv7R7q?R2^4PQW%h^p%48#7lHRTe
zF!o$QJjJaexx=yLDu+=}oz#0C(vja#a7Z~d;T*a&<x28v(EjcGZ9J_TD_K%wz-5N1
zG$NqVR4@~hK2W;sH%jhEP4X8uD>Bd0u)3TdAGOpfXls~<#{wn1dPyWhHrA89_VuyL
zdlz)|3bPf?2IUoe)hW=$MTiQI_@Sd1EP6;ZhHH43uZHe2vGp`{l#nKPA^qp=P=y+Q
znL(97ULKF}6DfzuF<<NWW0J|xFl5=ern~%2xP9=f5c({ToTGbp{XR()60_p!#TQqA
zs!{6{QjF)l)6Fex&W$Co(Affmm%6NG0I-O^j@2_Z!%l^zDC~jBpsWSjJhZ!nU>}mv
zrq^ljoZLF_mA~dTysmF^8@E1w_jPVcJ0aay$<DI>j)hG$0_L&inmk&%s!q=D5)F+o
z%TmXGa7!aM(iK?6o~ROHj*qc#T}wNmfC@+m5eRdy^~vYc{YDyWvrG?1Avm9IH3W4p
zH-xy_G<d+ItTE2!qLIy+mnWlZU$)RZgkc5RgctO&8Kr8Z4d)uEZ#bZcUa;`(30Zqr
zaj7Y)FIi7hrwH9R3~E$ORgC`p(+YH18mv4{vTVUSM;ndkH%}x~V$D}=43LP-hNF9J
zM)>X;4c(TEaQdA04#{l!K5)nDnGl&;Q3{E4ahF60W$JB$)E%cQtOP#$>E`z7Bu@GO
zn%;Sd(x(Y2GAHp(=uh10D1X9U6@igc(j+Ke&e3qQK-cjJ`xrj0kD`0wQzS^Iw$?`G
zycXhE<y}?3E=PIi2jTafA}mvh0hf?x(@CVF4?6){UD|ZrjFaS-wQ`7JV4{1(q`+AM
zq324nqu-AOEaF!e_SP^u@zZI}^sUrrqs5%*4<d3RZ2_%1_M}t-LVhpXFfvkIB=ho1
zApC9eQjLPT50j(#BCniRR5M)CeYFde1x#Q$5{XFd_T@=+OsUhuIIEN#qUJL~q}_9`
zVD@R^N43=P2Q7_)qn*5_N%!Oi9$1V5A2D^@4`t{!^HWq)ZnV#vkFK%eU6MICXtYE-
zhvH`^N#V5%kH)P^H<|B{GY5jwKR<u2H~#wGXEsMfO6FU?dMzzWZ&gCQ6mxv`lG}IP
zDbJQ=KCvD05`6DO(N{A;HV`AgDFRE<*B`%~TQ|*2+C<cv8J%9t?J}%Z=D7vG2MFSC
z;FAx1;Kwem9IfJja#q)5)=$R6;x0``>qjP-uGrK!_GYW+hw~{Gr@Oc%J_LAcWb^xJ
zuoX2f@VbKvJEtk!tN~N(y_Rm{-b3Nc2g8+f-Pqj%O~b9fVN!zDH=q8NC3z@r1qn&t
z$&II}r(fi8{uaW2_dxN@r?~;b-{iW4orkDgZ#^AqLr9WMlNiNskP;^z2obuhSZnf$
z)iPaqj9@u}rYeb6zM-YpgF6$H*`*G7u;<qJHL7q~tHn|{ngj!h)wjGTJV*o;(v)We
zcg1j5r^y@got%BY@R{;*YCJF3Wj5Sva(33nntcL_*pC7GW*A}BYe!<~BfiRAD0&(3
z`2MuaYXz|%S_l5fHYqZ{qgJr#GFe~ua|Wqw!W--SRt7O=;MHZ7W!@lHP=$*MC;6(7
zKzW&?`&Iar8jCu8<No5>;rNYLJn+m_Xp)O>P4-84C)&rWwOZ4M*G;X%MWukSmZI^=
zy)3d*A^fE{A!$X&<+fATX6=W)B#Wg5+*D=5b{c$My1@6NH&xv=8(g>oI8%cj)LE&h
z_S3v#N(^%O5rGyTi$$j2pj$E2TRK}oC-|h8V|?D)=X|z*lQyqX6M-d^v%fWrzulGa
zz?`Evl^5@H-ww)2#k5>${jz^U6JyHzE^@v1hsUW8W^YYvV{do?k}#r*UdCY#dPc3L
zMpDg3{Su98Rre7X=PUUrV8HV5PPyqfFd;OhtHFq0U(OHt(|m#u!A!e2p86ZXJ?o^-
zK9Si>w-U$!vs)ye|6Ey3nTJs`wo}}X51m@=t?OxdWVSc88wLB=svdyjuY5DjLcdC!
z0i1=O1*@`?Mt4Np?5BR;m%sn<%8%{5B(R7rjA*>)7n0Dsz=m0Xcyxhn6lDs@YYtV(
zvlic#g8Sp;TZg?*7Sq>?zd>#+E-U@b(pb*9T`aeyRtW;sHbaSO*1!;EH)z#?4JcnT
zub7dv&)L;BM&;ekjQyidxU8E!{+;_Yv+I}6`moD<NFkOfbY~Qggy#{u7OPSYsJ{as
zA7qJn7samQU%qZ>o_Q~+Im1bv;wVcGiJsvVvtP`yBx6jd$z@928f@$jj-NT%!|b8u
zP7JzSEI>Q=81q2ft)if$?ZKkv0lYKGhiTFdr+f?PAre-%q4F0(Z_kCPgC*4${sMJ2
zZgU>Y$9{&YjxtX58x7Iae?Q?CEd=eY*Yi$*yO2LDM4LQ;UDVAo<88(oNKj6p-qzz3
z;q#8(YA3(%ENg#X+)1MkOXApX&}0|`37f#uKa%NlzaKQQg}ZMZzH29g=-bE>sOckg
z3O9i6P-bZ9p5K#g!X0e#WvxS(OqX`LL?lF@VbsMFH?4O43#pH+oZiPDzZpzhO@YQV
z(r+OE1u}wq7BAUJB?b)!mc*)#D?mc}jO)1hYrxjc%$xAJ`3>da9_2|H$O5Sus4coW
zIyB_$I^Ek{1R^iaE?9ao11@gRLABAt@P53q{Z;w&cKCHtjK|aXk$l~!c|IPA2}!|v
zHZ{ED32P#0DfJ$jEG2Lxf8g@_Ove1j1@*Uh+fOB|`P0qf8fm`Qkjufsrn&3jjw@mA
zq9m1Xfodi?ZDAdfjTJK(Jd|V38|LFwP`B<aa+{mco$jQqn<VAGgTBZ-nxmXzoXSQL
zdyXZyQ6o0-gSzq6GBFCa%G4N2DHn1FCX<sW0m(JW#m7=ELWWWl<!zZs8{2DDTlgKb
zZ_P-@1~uhK!v}Lj3X5G4<E#Jd)u_9NlV5WLqPvDc`$+W2dRQI35Jm^e+}#x`UDuei
z>XYYDy@%|b&@^+puJX>7Fy<=HnY>T!m7rThDR1tU;b<|Lh%pC<3YmC=fVLE!aSe8Q
z1(iL`+!?!k*{7gGAFx);jH-=X8%#ZfE1kcyHNI{`;$ZaPOA9viQ{aU2rR+LJEJq>9
z!f1)Hm1K5Xr&C+f%eDZ4Gact^-%lPcwC0Rc>WG)b)KIN1sq%^%nYYVc@sX<WTl@w!
zq%lju)R`m{6N=u&*N+W%uYVccbr6U+%^}Yj^iF1tUix3NPG%|C@CanNISs#*oXfLS
z{s=1S3^M!;Lsu!Oethdkh(Z`kRGp=&&z9*Xs{py@Es4%Q_qdFFBzL=9aK#V|=I%`|
zX8q7~@FOTXkAWHn4Rraciu<u+F7+a;=(GAV?#)|brmB}7FV}+VQgrdvQcP%|e=3df
ztN1v(wQ3@`(OdR^UKX>~Dary6#oc~eyLcepT$Duf_5dh(;+G7s{vBN0La8Y%3m6@o
zzlV%Il94^d%PQy)D(GYoD?}FuthvOL$R{#T^Wj(huQ#dh;CzSmJNbLU#;{re^Zxo?
z2H-#a3CoZhBl(DvJ((<BPg9lto#UkqMn^Rw7&+fLdTt1Dv%g<d`yWqniCjUriEmc#
z?AC)YFE(5MCyBFB<Im~slW`jBYFwiK_;~$h{^w)7$Za0}1p0r2Rn-RYaiysks8ge6
zaaQ93qQd|YL3;o2prB)dT|rRj=-R-iU))=v^dDn_R;fQ*iZ8)=!zaPE`;DUapZ;Sn
zgP4(x95P*(=nCI&RgwzxD(|cc(*JiJC&_89L_E&BYHGZ6sXKTSKQH!Z80Y`dz-1uj
zQ!pb)4giUCf9kFNkBoxKAR?aqrw(c^S_6sysa|k_+Te*@r&`rqtkgL+#ui)AHD@|G
zHQohkH%;08f7W}QQ9kNm^}a*KT#5RBLX)dBk_M5fqB>1Rlkp8#1^maAjx{ZAey-`^
zkVW6eq1&kc(RE_`{EBbyXZcr95yK$w{D&$hi<EuyvC7GbIt9vWZ@}%JU`B#}mD8p^
z_;N<4Q$164WRx|@w%K^nmOn$a%vIfG@f*}hzwX_{O=xa)EC$^he@fW+;n9C`OcGCD
zTr{8+UtjyFRxAp=b7Dk8WG6(Y&(VHYH@p9PTg9%=b=Z1M(Tcg$RZuO0D)41-{3C`P
z$7_aU+~lpTEp|#_gh|u`#>G~kdtGvVeJlp=J=!js{=aIPe1~3MEiNYJs+^0)%2T+_
zLI$e6hXhP^<xR$8q*4udEVBJ$_9miNc%?TNZj`J%;Inruw!1%pIf>(4Y%av9?9@fb
z;rEM0KX3Z}e#82&Hxm-5G{@`x$JmL`6rsd<Wug>{A1#ZTCBNHuq}obSr1HXUhiKNz
z<Sp(OvVTU=JbuQK{M+&LpMfF3aj@?ia~PUZZngb9I3V$Db-*S<_j#}Q(;i75?uJc@
z<j+m-xw0wlZuP9t=gXps%UN-)$A7sL1g)C+&zo+;vvk7B1S{=pU;sg2PVh&?5h%*f
zlarFCn;nbO1dGSw;VsW0tUc<${Zya5c$N<q|F~+KzWEC~3l7o`#uV#8{qN_xd{17~
z!kY8RZ*cz3OoYPTK*Ak8pn!(4BI&&M!5tR<1BnI<<(ql>E{8MW^}fUK+p)o)7@iQB
z$A=d|D}$N)U`Zaz5?KsI`}aBgTHK2SvM+Q3+bs1#`EG4rYU;b3YfcP#`!Anw`Yax%
zl3vT=o%{OSNQmM6dSs^-MqsCmrlU^2`yMC72!dj5?f7lD{aIh_%?f*j(&&YUOMg3(
zyy7wG`}_RhbbSip$CC0t19m!i%@->)VGhC~F}OeCY1XE=g&*q`rP<-;c0`JuHVoNr
z$zhAi!*yQ-&TtsYG&EOXDGK2)^jT0@=yT=#*?zt0t(7Mo-uov-vyzVbiFmI8vm_r!
z>h?3I_u>zuWIH38JtA7Hg)ZMufrn)AJA{5)zJ|Y)4Bom^o^31ML<^n;X5fuAY=M>U
ze93O6_+R!mAVyrr3im|Jia;@|0&snE2B{PLznz$Ql|jo}C^#fFqy2j?3)4{HuQ}e;
z;*zke8#@#deN8!7lNvto2)m@n6ZW7k41d0B;)cI9|JTY@pDm&s<-+0R!r$V#zx~ne
zw%wxy4deNof4f;2jKNU2U_$;m7yj&x=V9b`nCqZQ^Q+@(#nkDj&_BzL#5~}OdVa~=
zuvEyY4Ndy(3x)iJ8%YZNx9$?SVBC-J&zKmBXiB%<I?1{^70D9rXa(9S($5`h=V3SE
zc)kS442e)an^DXYfyHeEMEu1C-Wx{Y;RB0jIEg6Rzw6E$G$Xh=4rVwzj~hS!_3O(^
zZ8^p7*KofUZST#u^UR2p1fJftQF30|$dCcHiUM8X&tA8?aZ_yruTUx92LEo&{^LJJ
z>5cg`_xCX+QB|`@$}Edxj>kQ(3)VYUT_gY!Dug2<HKKVIi#8r(G9(2Ycf&rYeEs~N
zJ#oS=knloC3*K+}?}YL%3hL0JXh}c$bef$!?EIAqg{K#_s0kI8B#V9E?%c;GdmlkN
zLU_~sYVn7~)3M>Njh*K<u&v#Y$o$Xg7#PKB0J`Z2G$H!sBpBJju&3mi$FMS^`J3oC
zm;N^_1+;o=Xf|ZPZ$~;WP7Tp7U>*9?ATaG^7J9Wz&^zbp=%}p7akCxlaeRDSEd98P
z;}`!bG;az+z=hP!$8vrBH_~SK--jLkkCA`IF&Hxcu>&->Q$r>OS{}jXj4*FBd#68R
zU?XSr!U5PL^u*LF6WI#<z#0Chgl0r<r(+DSB&~ydh+hI$ck^!~%SWfq7zj;P@eHS<
zwsj(mu!&&%W!SSvL{H6!oK(@4Zpltgk6V)0z7rPwh|AjFolbY$a5_Zu+_1Tb6M_0F
z;emBanf1O$138NCC1O&8715N1&9E@OtpnP!^ZeZ9b%vt&(H;WHL+(Sz<^G8m8C;1G
z5wG(2?LNFjFUwLq%O53pi2&Ip!EJ^+Ys;(SWf;euNhTSph4L3^!UToQ6ILx_n`4u3
zE5(0C6Dp`6raFFVnAKxiW-Ixqq6e$|FUJpCX6SsX#a`dL5ihT%(yzPzI9IP}%JJg)
zlkdhcB;CF-;Va<P88??7RMb`U?H}n9=c+44GlngS*$P8_b;Jr+{>%Rma+xuj*e_UY
z1g{P<XYAc7ePPYN`F+jm?+FdOGVJHq3V)Y}NPXS=$9y_%?`Wy{?km+PGf0MYYN9N%
zzxbFBTbr6v9C#fb{2(M`<HV}@Hw|Xg;ekI749J*t`LGcsC{WY@kPf1}UJ?>JHJOA?
zQUZ>;p3Un895upBjQz#{*OKDx%YWrE6~I*_)iLe%t4q=$9|)#}HF+ntu*o-TJqiSl
zT=B1igK2i#Vov82GOlXa|NlIEX&y+S5Yu`{txcT3PfkHt1^ihdYghN5I$ks)7)c9O
zqNJluD6?yEe@br&I$+Q@g1`Upe*g%jymrD=3j!x+C;C+0s`lw~>Ol$t78gsO2{X;4
z?(>gP;wCF})Bnuj#MCvooMG~SR%hymgT>XA;%LdHV>GBWmxJo)D)w&%Csg=iFm+ZI
zkvXSr=Siev7p<&F!Li@?emKJ~Dxd{t`ac7*a!rhP+39m*f{k9ola-F_WvK%Hham86
zYv3lIoVgXu+c<TWecl=nCugXN!YUb({|Rixtmr3lJb)XaCX8bJ7(4nCc_YGK<0bzA
z6<r2Q#Fcn^Z9IDZ%n$okFSz6v_<yhPqk<`ZQv|4gFKL+zn%{n?WJvjMI#qR{d?x8k
zd>B|qS;8tQJ7#Qg<@-m$1pIoP{Qvbh(XP^eITVA(kW76RYMby_OBN_^q#Lj4W38j`
z-}I_A_&V$Nn7FBI=&r1v+F~vB=l}E61-NDO{PqrMAQ`&x3$#IhLs#|RN_?4G(1=!+
zQC38ZmNJGG=l{v~fr*Whj+~(6qZs^u-VU%l4{Rw(awlBCQSUidIviC3K_px*{&Dx0
zt4@KrcIy(Yr$HmS<nb7Ddh~zo9|k^*sT*~l&+o<&>MT^R{4o4?Md_F%AS|xvFfK03
ztoIb7hQ%fS9~8V|tf(Uh`%X&@6JJ&NKOp%AtiVE=zPQ5u|BxRk3uSu!B@zcU-(=;D
z2>XY$el4B-GS+>2dT<E4Vdx#-W1CMVKbt$Bu9QIySvB$HevGkdu#@>2fiPcF5TOA?
zwpx*>jo&o2+Fai1!>UX^0r9@l4Fk`dhW3ZY&y#na5_<tpA5AORJsOTL{e~N)dr5`u
z$|t<aU!-*vvTh{ZXH)NGEr8<wyNL62u_pHoIWjJdI2B*n4NI#d9q?~Si^%?hqxtTy
z=#`bcmFZHalP^LO1&B$Ng*;{$#BwR67CFFHXVdts2aG@KkCa^f;#Ni76ajsz(wG0`
zLs4erd0!?&oXQkvmt&g)U{z?wQwY?o^7@vt|IL?~(m-Qts4O+7F1bJ8+ggBvi}Dy>
z<*KWvnOT;BXi^*oOD~!l44HH`MYn65MDta}k)5k@vIevZz5WzsCG(qh#!<3Qzgq{D
zTjEIR$Yn(c+48);W5=Gu<%Z+W+!SScyO8IWa`iqS)q;)OD=ht~jPmyh0>!Fb^v{^4
z?3u;6ZVKyP-S7*AzQr-yZJe%89v<S{)R&-U5f1llocaabeG1((6iRN;Ed@?iV6JXC
z<Lct-JLPP|PQBA8m&S?yQ|?}rT-cYU=vBZxty7+nL_tc!{TJjvVOS*<v*%DPx7mxi
zFf-Nt^RY5r>J(>j${t&1<>X6Cc7<bU(O{|p;b9l+wEt8X+JY6m5|WthFNrc#!;BfN
zi5l%mH63z>?b^*35AqZL^;YNaTIn?%s|zETA#rTU6zZSwnd^yl#Gu1IW)p#^32BMA
zMbC8P51ulO!%;(F0KbI-q~OnVcsFp^CWDWSvL@^ukSJv?@^2u0F~w>$;1skv9+Nl*
zp(EGRDbtit9k^UBy%k_`zEJ~+XBVevY-Rc#EBkz$Y_^`rLo5vZWqm)jSi_WPgOI#l
zp55y|iI^wZX*M`HT<IzBeM^VVL|T?($~bTIV6|v+!R6dkON#_?T~g!E&{MhY>IMFp
zt~V!Xr_L^Y+$T8!BoeL<>KdlPW8s8$PAOMvjz>(FKj$GBzjnSgS56*{Aeb6<B@OO2
z<rZs}1yY^H*K!7m+~quGV6~D;Qz_4<+&2Sm6O-1^x(@Nal~kx#_{Iq-Iw_7XR||-%
zGlZaX@>DpPYyE#bon=@Y!M11<2#}y5xD6KE-QC@TLvWYDU4lCV_rRdReQ<&YcY?zV
z?(XvD-gEBz-Cxf)Rn=WxyY^nI;-lx;abhfFWeE~fvWDhat4mI2r6PwGH2xqf`?+xb
zt{z1J#kR&P(|?1L4-+o_Z8<z!<mtY~+tc4pi)Txc#%w6<`En(!*KAL4Qrm~_Hij9o
zOf}xRmDWAghasXUaMFl%(z58tX)$8nE@>mJE(j^!e5W_4WWs}&z~~|=$oz~yLyIQJ
z`gwW?a95^Utxh$dT?#I(uzgk*6zA>D$4+owdHBt)v`Pr%J<_&`nBep;x%*5K<%f$J
z|KYmH4tM&_(b&>VHTQv6Q=MYp700ob?|A~WJ5_2VoY1y>JjqN4RlmJTVW<X?t~LLd
z=(3@zG87TbWq6f-3V4aZP8E*^zizx#ZPel(m(Zpc(@sLvcIUk;1iCFt4(=hyj;V`u
zmBokWg#7!iXGLz@GA8Aso&gVVBip|Jd=7GE<BMh!^7@2$P>4>;fU8q1h3=4dfpgVC
zxrra}2kOf8en{YD-kMII?7r9$^~J)EJviTa&;y33dSoBp8FsdXOmzB2A_H0uQXq%9
zC5?MAV#xAU&_^rVd^FbwLQ?t?{o!hZ{kgHdRlyp1=40s7cu}(MZ0M>}=&Firlchm!
zx_#x*^RIw|h4IbJ&ucD6ClrM558024BVa4m<GS{KF1W3GSP&Ftyo_xLTV|JljC?-s
zfKSw=;V&ZVqgV8g;zcgYAV9@{HdZOTnvZ66`_cqrOG84Y7WAbfUl2bh^h~DEhG5Ej
zSkMb_NRqU^*IgI_p5=A$oMbOa!Jg}ffer0xnHrzy@aU49wYnhZP*RH%$mZ=%)a%jq
z$-W4NNpNAT0&Ka$WTao%IpLqUz^tzz>{;}BiL`%S;};6&Nd3L#?XEcGD0c+G@zg0L
zAOCv+?O;GY0%&Lt*+56<5Kmx#)=G6*MT4$vYGdMoe1|<ZWz<8p2^{|IZI=>T>j7NX
z`Z~oguEeR=f*=FH@cII(&!&Fo*|p-<oIw2DX;&j_W+4qk6~^BA+!l$8fn#IIvnW^X
zs%21~@z&;J13IBCyZ~t-dx?cp&aOTnY9)v_b1L+q#z>D{{(blp1+0*{|0m(LhZJ9w
z_>{`Z?m&3CmDld*>zurj#_7(cPlJLdEWz_~!2MfOu{+y-#iYS<ywLylUs#D^CdGw9
z8e_o|X@J41`LcY<&#r=s3K%;837ncMr|wh-d1lW_?Y;XrROA)f-E|{s5l*M{FsK1A
zZ0w+xcIGJW(^{7%WMEv4)yCq_9II9IeLI^%b5j{GAfO}Ky&YPZ#eDM@$$c0dlH@I9
zH2EACu!N_UkA3U-&?6hReieu@t!CVn>*#A<#i)@rD>9|x-%4M_B)z@YYF~kK`pi!|
zuoG8WNO|p*`o-JEH~>XNYfG86hl!XMu=~j_TAq<GCIvahuM4~NPkCaxI3B866sNW8
zIj3i;_~~c)WY3>o9Hus&p&B%Aht^_S9}yS7^>c?Mxl@{s+@scbhf}via1P_~Y52mn
zQnq;fTTe^GtDkUwds!g=l(y(HfN)2wcuwxcP(23_wVe1ZI6o%N*o=t-g@!tlS8*-K
z$sT^t<6N@GkJgqQuU@czOX8&gch*0d=(9e2sM3X^*)3ESxGasya&koWZy0-Gy<9^^
z`>VSjCa<p{JN08X-Ey8vZ>&O>{o>i}KR<M{hPc3ej>)L@=v9LpN&}?kdL~OK6WqV|
zUsy3{Fv{BE;8Dgonxh0n;>7Y(po#>MhUM-^f6yp%Fp8>QGQo_)_aEDlE@NsilBQ}P
zzPnh}w=wdluB?bfyyJRZbZ6NA>1(Tj`wJMo{9a^?q;$~2iQgR2AA++on?py!{SBDX
zTDA-hIeP6Ep`*tu)1#l7`%XmyTxE6}aHQkEsKZ_hIPq^>&$lg!a{%=gGcx0`qWtNJ
z<*)x0nm-~@NfTjRx=1Qv=t`~eR_J~`#quf}z^_uSNQ6LF=#JO<ms^6HG`j|9H&j!N
z*Cf|W&H6h&hEm&VtL<^^;`hq{)5~dm+s=VxJEckW-CtJP&Sxr@;MDflUEVl-#Jgt>
z^rA&Tbpx4^YT>VO&`Wi1HvE0BY{1xJDy2bnQ8gqJ(tsW#fg4!6BgW!xr7?GUHw#Ik
zKbgXsZYu~v77N>zCSjy_Sl#sVOJMOaIWTIw=#NC8j!|57`@3X@a*F*9e9i9I;U2RV
zRfWI0ci+BYtgUU#v)!gPSd?uLFqmyzN|~Uvzq)I<>X9zh-2*wW)h9R^rp*7q58<VT
zMU%aCb*4Y0MZ&$;BDLB5%SX^YqvRyf%Iw&VXl}|I&1jD<d3oLY!U_)PL40@1RBlr|
zXHN9QYP(D9B?@*Hr;Of$IR(jKhOdiO`;jcKVO_xazWO}%zR_)PU6r~pF@)VbIB8_6
zo=l+|{Cqa|av`uEZTuSd4X5=}5?v8;Sos$%q1DoXTyoNIw@^&E%zmgBr|{}WAlGE=
zJD+2#ZczKgE4PsQwAS2T8yBOj4$Um}Fs+<)q4-@@<m&elMuW`(>+TOApug0b#|;tp
z{XYseJdc~DFtxp8JVj>oT(SFe)95@u7fr%$JqVcHe?KCy&Ub3LsJ;_Bjg4PtyA9u2
z?m;v4@i=*ixrN`r$g38C83oHjNPsDBdLW1;jT#u}I}=Os;`0`S`yxYQ=s)$9zs?R>
z>6Vvt;RfG)%z4QQTy3_E>4aH!3AcKkRQBrUS1H39JZ<%7A<$?niz}HuQ_;YRXMr#b
zT6F4x6K}S;ysEdNPii#)Vh7|06upM)VH5Wo0sWK0BO(Sy;JLz1>8&WOe^2X}EiV`U
zne$9x*O2w9FDFKu+DRRys?5N8ZVRj_^6zrS$aU@0;8fjoVFp5pT|h?c)GDDs{2|He
z6y6-pelzdr^n#GEY{dkq=c&_KslSL1li^*0)u3QNm2|uSSnK7eEdLyRC~>(jlE0I<
z$*L`Kxt%WmlnPyqU$KsCd!j~X2dY-=#%7K}i-5QFB_^BQbI`)kxtBPf(s0|VMD@2n
zxA)RtMnVBzX3E9d%<`+Kdb(9I%SUnH{CDxg8ABEfCma|4<oIg?7|uUf{5L4r`a#Md
zW|+d`Ah#f%2I>RwPvi%1_0Co8S!x>SY}pPB^iWxn4vOp8lB36#Crp?}XO70t{zW-{
z5dRq7f-$C;dNAhw(x@b$?Sz}o!T<aEz#o3O8Wf@~{DGDTB@27eKX%IV`~n@gGw?94
zbyU?D?}VJ2o2xEkD5TV;OdP+%O?c|9NsZVTC(#%$auZ_^jepboK4`RLc7bhAB&~p9
zfk-T}v}lppP~iyRANl*G54-s4g7R1gUF~Pq&%)aiOO1fvl8cy@;)l24I|T$EhZUa)
zKkZ$O7D@Cpy7O~<9qn3wFl_&JRPS}en(I9cbzAA>a;Fh2Ieqsmw;0zEB#oC_3J)BI
zyoX?{d-MD6ks!@JA5^^%7B?FZp`|a*DpZ>Sf6B#3F%HswuRDdl;-N#`DOTHEt{ADY
z@QDZQWE5-cma*uZJcJab8a~Fc3+IdA*9C*4iuzDnvCtI=eD0Yvc+p@o7@IirGn@Ea
z*U+k3*WAbT?*1F>Y9gxGKC~N>(OlBq!)AqK)J4cK)(NUXOI#_7e@%ZAJ6}y4Vj-8?
zFqdC&v<IM<wc2e$sYk8gnL;DF#{XQ=Bei~>`*C&@+2F>N5zvrQ9q%lnRs?lC-t66r
z(ZxL?Fz9#5gbHuu)kZM;aX7J@4?ujz_Yga{<oLdYIn^8M6Ku3@4ne4om@>E>2$k}M
zbA5b#ij2d>wkwUh^I!{Ic@?JL`E@_C$1M-c&IBZS<%NV+I`t8aozFnCeAS8rEcr@_
zF{EMD#zSagi9d<PNV{&)^<F0<$~A34wnJ{eJv<kQw3pS(a~IayV;A1M2~s1DV(?f{
zhHyTYMEC^;`3bX<$H;7_`|V&z4^-2>_E*oh5x>oM&zxW|fySmjdsn1u_{>w(Ilq`9
zFECL!z067;<$b}!y=B2f@!~V6$%j^jy+lH97Oox_67CP*EwEj1Ho{<Dk+py`4Y!#k
z?d48u!}AW50BP1S(~(SnEnEi1Yn{`-w6UwB_z0_UCgK=%);jjkAGcv>xg-G))*n;-
zlV5t-btf=1RPfP6DID!tE%02x*lMcGqY8fw0q@4uW~8S%T}BaeiBM1A7|~ZS-CD-t
z7~7iRP4LqwCyIkNLX!YC@=bz#aai%JVHJ5yh~<UP>Cf)?b38|LvDv;kNEC#9K`s_K
zEFqee%?-cItM>8kDgJ^AH{=}tuv+|J-|0o(smMuVNvjVYs&}0-4~=GV-`F`7*3XV0
z4ft9Onjm|3w`4`S3>+dUuc=W9NTjskD7~G2|8y+IB5+uIi5RurR;(Tc2z>sO-98h$
z9clK3h3mn-I@zEJX!<?n9b)%}bV!UaU6fv`NcGLZXhNy=$<Nfr`@E;WlP#nE-;MZ3
z(|%T{WfpHX(i%U<Bi{KK<WLokd{nc^XuHdlYAw&`-IQJ<GMOHxm^s=*PB1>xkvVC7
zKT`5UmkeQ0uaSJP7kln37xXWH`ZZ88jjVT*{(A0vD@1zp5$JS$TXKW36H*6mdW0Vc
zxJg0kPN>zGVx>>Pt}G=Crv~!A0N0Q108doICVjhZjCv+pko&qV|2hAhp<-QTzC4G;
z;HP`aQ4%w5d(hDD3hPooBq1Fm<&{!b&CBoJ^wmeD2W$R~rZ0LUckXrH>FQPKW|m(m
zZmyL|Z|vmfR``-tev#KD=0<GHI4IL{FU2PcE>um&DF@z-L)!SGV^sDc`2Kt}*`Ime
z4_)nH$Ep_EMk1UfDnj~ulm9#rF|aXW9)gPIvf{TtZh!&LOw^H0Kj0v&|2YghI%B(D
zvaZggQK(O>Yr!<w*do}txO|%RM8t`{)9i^t>FfZc#elR=gW)y>ukcOv{n_nK47Gvi
z){mY&=p5i?8o>$L0e8x=?Eo0Y_k|jK7jmvW;g^=O=Sq>cc>F7sJ~F%T?uILUbh_*5
zl;KXyRP*>1hujcooRp`dQG8pe!qFbN-eD|oBG96AD75^*Q1jNX`g?mKN_UnTmV@%D
z?>egsmRsqFvBRP#V2%Rk)q5L7ALSB!Eh8n=IJ_Syq`#@rQ;B(f_;^<&gl!?9``})?
z(<<0nSj;|X!6sMEC}q?2`)_T}n0s=%71SN^wJAqH5;sosI|C4&t><Ktwf#Pm8}$U6
z7E&=u3tM{&OhytVCD!OIYA^hQy@SuODmy~A#cRrZsqrGtM0)KWOt1}G8^NiM;0Z?!
zvAt+N=NnyG?EP4cS5lIj0SvWAa5|<D{p{f{V@cz$l&tfSZ&mN2V%9+QJhCCL>dQ?n
z@+zr_Hj}3SdMR(_#Yll}lVwMjECBkWO}mZm0dbNI{;tg;9V2ZB#fc!LRPixAvifSq
zP@pB&g{2;L3fCd+>b8H}XHSZI@H0i1Y*iY{F$qOYqY>k8Y+lEVbk}x`L0_(jf#=Jh
zq5*!#Ms_;lS+yRD@V+Xe^R)Y<cgz?$$oPz9_12Xis17GA%hI9C^cGn;qpCDRD&r+(
zG1_vjPY!?|7dAHK$<_KPAP%RC{o(wY;s(c)(j#rAQj67Hvk}6YeYvaFpXHA!C=DsQ
z0lg@#uDe%~0owX*g#u)8jz_gVH-wKjX8|k@ftSLAYaS~~(g3z!=f&CK2c3(RrP=ue
z1yV=wK7IqNYmfgvcS7rNuIo0K(}N@YgjL>v+kfi28mJf+rrr!)_-^j9@0c0T=K{HX
z$(@+_?O<^L)VZGt$LD@RrmR;xqAQly^4J<g0+bBqUrb@avk_gnyT5*GKKQk6pIYtf
z#kJOA%cUetJDHkJ6{Y<X6E?L=+H}k2J~Xk<WGLe-k(feZQ^IZ|xqrpoo`;HFvVV<L
zutO9$c#XwC%4)(u!F6{m=>W;Vp-_x<CjnWAZR-0kO7tJ1M%)6NoRaC4lQa1pbnKnm
zU=yAk!K#?nJv%Ov=ZGKy_C@P=9#XnrPzK!n<Qn5&fpg8Ad>RF>BZ~a@yYDZ5Gg|hV
zwC#WoQXG#;e{p8UciG@*^%0Yf60dn1klr-a6sC&h-F8`!Tm0Z2`L<j(lC@XBbC&`A
z6!Rq4;xI*+yEn(-Wbb24X|Nje0TW#0Q_W~+J~6C+&`J6bjW&PP`Swa%e3h%YgJP7z
zAxSCP<*2Xnq7JirP2%yvuYM!-qb#XxjWc0zZIuwbEoSGewPvdVKZ)5Ib1D8A17x`l
z8>MV{(B)e7`6t-lD;?7VI2B~(2DsTF7YMa74&{-{Y_*ZT;kt|vn<LJ>{J+<;EgP)K
zcD#oIWA}$g9fp>;JgoGlF&2M+7Q56yKq|t0kh<IChR<=l7?xuhV(rKEF|oXP{(WR?
z^^q(kUf!2gAHcjWuV$XMrB^CTYBO&K%>w&>Wb#wI(pmmlL?F0qY*!07j-GNx*=arE
zc4Uhv8FDmzHXVWmT`qH5sTcUf^gy#D3VC2egl{t#tU6@=0g-T}6^s!J?bBk|ugqLE
zdEK*r+z#$^+g(rI_jLM~)a7v<uW6(WDJjZlczIWf@u0dHP-o(30N(mE)sxZ+?7jX;
z@TtrtPachBXIf~<=K2)oC&BR)As0~!D@TeY6#pQO>iChE1(vE}HT{59c+p&Zv@Zca
zd$5bRRmN&f0wx@JnY<VVMZx1|$|2~EV6U{E?$Y+aa{(M*c|Zs6J+r*r<)qo=fv)+x
zJ`<2qPFa&CaVp^wwbVtHmSj@Mq79_d?$<awDU*ykZy}ajFQz+5c$*+Dz6mi(th}iq
z&*T1OXp94RdiYz!P9c~VuI$O{&QwJP>84K9;BFt<_&5=$QESPi)$!$q#Yh&z$Q6Ek
z^ipa{Hi{jm12P0M*w#RjG#Pg9R7}~qDoa)=<DMW)E}|ghn<!RlINIv?10332y07eW
zWSwZ@{LsQ3;JQP)e=Bf?xfR*AWPQ&?5X&oETTc&)^Fl#d?+Ugkn{>Z>sDIl<TA1mK
zLA1#AzgyLs2`+l-p;Q@GA$>hBG?q88Gh-lIcH)q?R9to?NZ)WSUHM(9+ngsL;TEaP
zTR7uF)j&e`0e}jew}`Qx{4=z#L33)qSPi^%)SwlJd?HsMhU5r3N{Qnp=_D);3G{D<
z;|S9Bgwrhn`NO|a50@MaWp?gsB-~B;->u0UEmT1(9xyW}f+F3}#J=<wy#M1;6tZv7
z>O$oYbf@vB$x?aoqY{XoUTP#>-OJn!Iilw0(0EhwPY<&%PaH5V4|(y%O<;U?F-ka(
z39B9YHIQqPHc7I|fOYPT4Z)4O{EV=goTkoO`UNr#?NB?1&{uaPgJ_sh``}s3f+t)U
zr^>VRKiaN17fy%aAjJqXquZQO;{G!zU#!s)v(q(qt29u_T~$V61U!M6RY>V(nbHj>
zAa%03kuta;-oi4=OYDBkk`^AV?I+tPmE6@(-P1@+Wmk>-El$4JGBLrChj678Xi#!3
z0?>V0xApMxJI5ohnLNwRtYr7&Vr`_fb|4%5StzLE{lJ6w!{qC8Y^01}=E<e4CBA{`
zmqN_cM8l-mZ=&Mj^k$zoZDENkYjcaxX)Wvfs!`JUc?MeW+nF1rKwybWreQRN`?bHu
zzS4|n^KuAn-cE;AoYwS1{qPFMolEHZfINreL1S{gjDy02*khG9Ut<xWt1*rX+ON_$
z)2d+UcLA~WqMYL9w|955JENo51tZPZyiHs<biB=%N9f2X{2LuVBf|0(wZGHHXQMHj
zAa^2%-OtClrLKEiA!j}1T3jz=FQ}5;!CTRtSnSV<R23YE7|E5cgQM$Ly-mGZ`t9;v
z)?BjO*G+v^ZoK@%`TjWD!F`}3q@6XUuwTRdkZY(uMJ0or8#mxJTEx5b_09H$durOW
zUt^1+x8c2kYB}pK<qc5z5^7cZ8M)p?sX%#$Et=N3?M$o+ouFW5Z_IfV;<uU-5kpUs
z8=zh{t86BP@z*NCUn8Ijx(-)51eMCtOMXWXvY#M)K0=X-gH6X*Qp&`PxZVOb4BBC!
z=~!z|tgCE`v?^)x9S^l(c?Bb!3B%(!ya}(!wg)<+LZo!7j;Vx5(A|gjo3{3LXh&A&
zk1Q)iN3@U)WVz6z0m^DO7)6F!y%#;qth^0Y=RzKq7oA6XQ#PWW#Bn(;b;VfA6EGGB
z#S-&j;l@}l+k}Qtb}%MBkxM*VvhwVACUxBeFhc70ke_{>h#sdnT=ys60we)t!J=*&
zOSHz3a-nQeFH@IX*AK6M-BLx8M;O%!lQ1oCSts;JG&H8^Of^4G>Op^Fk?2Q5byHmZ
zs~-*CI51Iwg*L7w(`IT}aDuXfN9H<i!h^5tC#ADk9m*3?GQvR^K%sng*DpeYJI4i8
zTf7{|lNE)*kU+kPdYUS^)!kYugggQ&^Q58ElAsR4v*Hv#tQA$Tf$G|lQe7De(xZ*n
z(ic6?x4x7>AF8I*)>|vE@%M{;D`z{be7qcRMMZK4<fEbYQt>vLgrLh)gG*32GI`aV
z3#TAtzMs;ldU8)nAV!4}031bXj?MgRzeHBk@MUuW(&AxYs2I;nJs#Dw^|KWL{zT}I
z)hIX}J8pvI2Cx@zSfiUKXXjn1N_-;D%^fXMj9xC{2gw>S?^Q21$DSEv^34+AHKbRl
zKpM)EZu8jjuN;b5W!#Lit=?4YKH+R7LT6ppDMk)Z%t%KFmT@|G`DLgPl>~92;d$C}
z@rp|?X2H8Fs#ztS#!?X!gNKKwpfJHt>Q6Wb^mGsJ!gi2}p|j$sAdlcACycugb94uP
zXC2IlKA(Y5XvKuM9he9Uy+(Vq9Zq@R{tzx+a;Y>4@b?lBdc8z{>?3zr^}1?fT)*fV
zWJoytwKKH4e;2V`Hn#XpEt<&xlsqu7_p6?tI**~Ntiay*fj0@U0vSY&UoP|kpRyi7
z>_s{vB7Snt8%x>>Os+`4J;dbdUD!83tK>q2tQHo-2X)2M#V=S|;`Z5J&bD@bV2@t*
z6J!xB50X-#BC8q0Q)M)Oa~x%3PT(t<$<lIrLR*~aKD%eol14PIeb=2}h^DLP(yob*
zUlKeYq6r|}dc^pH<(&UnUEuEhd+Dd*SEAU-aQ%IA=Nlkn$h-bN76C=2QNCaw)b|Jd
zrl26n?Dbj8ys_}Dovrap_l3h>H$38O2W^<LJPuWqaY{hScwQ5wupimypa%U{PM)v2
z%%hwyucQjcSvRW!;2#Sq7e09=HiCZaDq&JvA9?6+2XCD-a1^5u%w+{yPQ+LCJh(2R
zgDzb#>?4D)F%RMq#y|qSa&8NdlLOB?L8;Mnmh{0b7KMeGh?uJb<r*iq_EAii4cids
z{uC|)gmE~Ynabl1<i#b(X9u2QaTQmq7JbsYynCgMDUe`Hw_ypS>FfKGWvGHdKZ%_x
z^K_mDN26DnZ2O(G=3nR55i%u7-^s&Y1Ac!ReM#4?hKO7sNpEY7T=6x1UWO5et5rmi
zyxQGsWpY(r*<Ui}-}tlYF1@lkAv#%2&-lQ->c_wtKBMzu&nblbKotM8hSDidkt^!D
zv%u5wZ3{A|F?hbe)6y9$CB2ZOm_JcNL@ez&B?+3=F2XWu0z*I&ZkT12+Xyi}6CF1}
zn8-0ab75XAbLL}}aaZU7l#GQ%jo+f*3|J)F_reHRto0%e_hL+rptDPhJ;^Z~CUJdP
zK_kAo3A7VIQB^TCwBN1PnPqWW;k}`nh0xi~Z4^06W>Z|;-o|>8b~jXVEJ*M&J0bkz
z-#?@XrIai}Bf2Q#ET)Osa?#JMwCm+|3`H=`L?A<vp}h#J2;Zi;A$%B^2|TAM0bSgR
zHlp8>Bw(ISiW=<-qkX*3UGW4ZjPnjvmStRG)_ug=>Swc#jJWL~;_B94j}yMJ#(23q
z$9~*6j@QIDi(ZbBG)STz05zmV#E@;*GiX1ItoOxSxLywv=I=I@?svhyQp0u^<vpLy
z^zo)D<%HJ+3<}BUN2F}&lR>`P={Cxq;jdiSwa$`#ry9+x)E5oZPuG*;k^`FIaBef`
zd<M4}Tde&Ng-!9F4&Br_3$ZwXC9a`?n~jsRQ<-l{FIN7^i0dy*z{Sp^qk6yjy#U#Y
zE-%cghs#Nu6TbAws@Iu;&^rnKr2R`ajV;T5Op}4gBWtok_rSK0dOM^tSXC}%EFeAe
zd0Ekb&muz%wdr5_G=WA)45h^NTynz9jD-qN_bRj3LFm*!!OOpq4WX-6F9LHoDX2am
z-sOOChl5W3>f!sKo9$lkC|1wfa>7iuu_pzI_xXAwwE3z?nR{77MTiPd4vBfc5afAM
zffc9T-5Q4{f+Ex3?YEKX)>G|j(Rk_P`O;vM=asmdL1`p@=Cg8iV${gI3-Gi%PUyRp
z+A0aBS6VXj`8J_it<mf<ZxA&U!qiMwFv#}k{+#Z}$v|^oldJqIcX=6H8yB?QZ@=%s
z$5Q<dA2_BVkjuW~aDBjM+)s~e)=%!~3~Z$|h^ZmLz)A>Zeoc}mdbtQjt}@non<Gw}
zkLoAevg$j5pV+wkRY{RQq9z}pJY{uppJrTHbkgl5(s|1>N;iH3V9BL-F35YXplV!u
zTa~G~U!y=iZ}2o2m|Y_7Jl%`2Zm$uRq<L}tv=>|vnD3J6!T(@2IR&R2*gMZ){WY~X
zI^il(`)7roOm9M8u;M^!MiqeOJclY!{qyJ)TYMN^tUn4GfL_!pS}?~NMq!iG{J3P9
zmQ}%EBG6Ty_vktvN}<hWfncUieU$wu7ixAf9G(^9%$&Yezw3v5bZ-D#SWE-N1WkQ#
zAa#;<7otk!MZ_^fg2u925y~@+(TV_jgEKpqx%(hjJ9|T#!MSpc{ml@J!o?gn!Op#F
zjqL+lZ50y?k=MpCW--y%%@g0Lx^|VcM}`|-#q~3tFI)G}ggmld;QVhbw?&b&icyrp
zix8_kc~br(O`j#Ti0K~)E3o|y3vjsZv<_DMafH438k7bl@vSP;xx#fYz)&5)OA}`|
zD*FMM2RFpdeya^D+u9;9Nm=NP1)_2Z?Nlz-M}Ot*w0f;`d!F;RzKegbUzr-ECY3f`
zKSjB2SPPIGQW5@B@+~NZOIQ+{u$xViyjnOfWH3L{xWz9NS7=Tp^(R)?xC}wIZUxpi
zxREWZZZPXb)|b^;E~jraOnF%#Z;s_w4laz8hk(51T;Z@ZH_sW5*(ch*I6h{1hWVh~
z$^C+2jW(N=a(_w6q;0mJP;_uh1b>N>gaZjlN>#kG%s7edDv=%ryXOzJANLK7JzKyV
z!rc6)D6!4{yl28O{8$>swf)#p(%t@|D~2*3Kyhp5uoiu&aqOSTFC#Z-%ZQw;2A|d<
zLHBBD1|FBp8n~I~X3p;*Kx=Czp~wAho9RLt+QbMd`1rjTtyS#aLZD%tBFbWQN$@Yl
zz8&OzeJ^Nuj<gGRe<>pC{IB4WBz-g?p*6RWBVz`*FE_LED;pbb*{gdW-#_$mU=)su
z`0$c+FS_wN50$(9Q%>IRf3ciSHRg>9xV*rkQu_SCZON%7ZZTpD&vt_UB#zT;(5;<o
z;9WsvmNpBqMQyC1ANPA4HKN4DlLa{kufq74J_6zX$pMX%jD7@NPd${y^@a@e*L^K+
z%}F~;fHbKdtW3gl?`~Gx^O3gG^R>KDVK3gJ{AYh0MV2qg64^&7{ADw;h0howLsVx8
zl_}yry9GCmF4N9}Gu9=QLwG-{ls|_u0xlYUSXWkPnzZll|80EC)i`*IKePbqKwNfr
zVV@5wnTZmu(utDM_#E=Pr~-*9=OOP4wON~Sf!%2;mRvETKaoSG!bJf_U2U?O=D}HU
zI)dtCdp}zjQNYu<&~)m*fS=#^*vp2LIor@VaO01~rxFId;65J-xE4<Dp!8W6^;!(i
zqpOIvq{5Fl3&35_u2HA^I&5R6eNMtx+rC1iOtChm=nCppnSkK+jid$;5*zgGX(<Up
zb}>4ZZ4K-CAwV>kkCJl~;rH;-vaQv-AmiS@vISfdAD?fpF<JP^s$U^n!!ZHgsU2r{
zkn_#llGy}dXY7~V2AU}rkvICbb2FAwc+YH_QC7%(CkjgvX+}@myVHsUk?6~ZX$<vd
z{@qt;d~IHWudXI$&*ia0?HI?qDxAn=l@M8-XYgVY(H9N0BX6G_GA7;^yz9OrKs_7L
z?(Y@S(t!#@2iYWcj~}1YcoAV71&S0KRs?q^+skIw7ojU>5!eYCP!cNK3*q5M@HZru
zoeR~(`9zA2j;=8ZmgK_1N%5aVDfHFCeV8L@+8WG;CF)J02+9KZMK(pfJG#v3{MnF3
zUK!_c+kkqsZr+e|J-O`Ayw4)j;dz8Zu_EI60tO!-9HVW`vnk4L2+kUFwcFS1U0tp`
z2p`p<3o+6<9cW<;Sqw;S$+S-1zZpy-8wO7l?9~If#OUVJX3aS3Syxq5gm1~1^e=f!
zNzC8tZqA~#U~b+PC*oEEN(5sxU-wYxgsF8FDMHR~iCHsF8ovk}*LKEYQy(#Y*iHz1
zwQJiA*WY$`@FGJr#oR3^zi9vWc9l!|cans9G3=yaa-G|g>J#(!Mc#&vsEg7dBg3n+
zG0Q~s2kTmsXsCjWN};15Z%B|PH?U|%tAS*-x`;Q3oyh-7!a2^-USI$Zlh;$R+j7gR
ztoG{(U3<}BYKw>%>C2ydn>~#{aV!5LX`dIo>;#==3JP=w-59xSG|yPCPuX4^Rk^aT
z_aThYHcg02vVs+Pi451Q;ZCTT-zzm`buw%k3pYU-HBAQ<an&o->&~o6c4@};^juyO
z8HJNrRM4{Q<Au)FH6wSNSAQg0%+PSUagJQU#YK_`4~&fNzkt@?=~Q0wmt?Y^q#dI?
zp9)I+LI}!m#Te^Z)d10kk5R{eE`)b}7<l0RC>I8F9V}elT<8a_LL*&%jNWh`M2mQ|
zu7h6dNg-_MyI0h-Q^V(k)n_3&^Q>WDS!W1PD|p!}j59k@#(r6ERPzyy)o%GKvmUb!
zVl`1}_ue{^h51Fpo?q_7%Pq!1_vD-L<Ne-SOxNog=`4xoo5IXjw4?ES5#viWX|qsD
zdX_`Oad)_xE1E#urkuBjqQnT^vA<#gdEvPJX?-Inlh_9qZ$sLQ$LX_pVKe~89&JIf
zOs<%}3RZl1DEfz-glK9EgI^7<`r`5z6#69!jV=bXr-R$awrlI3&dveM`ho`BO@-_M
zbiza|0dnsaAC=S}Sb+;p(CIQyl?jb5__I$?ukuG{rN_W-IM75@j4{M#d1pF49aWuL
zqgau@aQ^KXNeacI*q_FI<|TycaC4$I*I_`&Q_bRaqH%E>@OY;hwyeXsJ1fl8eTDve
zY$*>tYe6O<&iU!bsMZ1Yc!pwh7-c1_qBq>^d|#mbFNXTI_OS%#I6kG1ooP0YzqWyP
zdaku3+93RUuRBZD#;n4TNVib**ybV^lFO$BBb`_Q?Z~OAQB~%2%6t|-kY+sl=R@v5
zuw&Nq>rntLuqu`Y!>ehw5o=;AhNKbincO1PeuaQ{;Rv!#5%C6%A@SI%fpC56;1578
ztZ2wy<}aPDY!$d{X7^jY{}`s*wnZc`qL1$UU@ofdU?9N+v+f_AkDtA10#e?WRs4NC
zTD1g@8|0wu`Q1`Nv=0xK4z8qWdwK2GDH0*I4}U%yT)H-L6ca>DjLym!&5Uv>zp7oG
zvwTS2Qw^<<q`}QcIP;$Gq9?|hW8QA<Q0w?)!t>3~FYs&Hip8@N)S%;Qip^mY19GFK
zjhOUTA{jD$l6)znR3g+<ahoDVPF7;ofKvZ5%Jk9*M0v*V;)LeGt#1EloJ!%#I;%ne
zM2zabI)$~GCBfpdhQ1_{vn47ZnN~ptMooIZV8U~;#Enmbvgld4gEn>q-rExk+<FtH
zhj98lWeo?ktQbT8e2xJrm`VTGGT99^=vIW340PIDqdO>B7N`3HLQB=V8dyBYi7nRp
zWhqOBlV`V)wK-6U<SjTt;PPSxd$&bnxo4;T1;bT-`a^4XMbJNZ!#Ci*Qp&zF;}!MF
zPiT3OkTg^~(wlb_$h<gsl#P5U4M>VwMX`U0<BVFi)vYtNcy@8}RGS+U<!G5cm-wP0
z{E)(^eTZpDd4oRKlrbL1zbs=l2v^kx>AAise{yq;8WFLjc-=YdWOon{%o=%r9Z*u}
z$mqoHgZDU>jb2ZV&|jDs({$Q3DA{52!S;ee6ynuBR;*McqmE~6t`-_$gA8v0gGEQ^
zI)49_&m3Vb)~(%~7o=_Z5*TW&;_UQoxzsH@8_PpNL`sc+0P<C->v^4JmmM68E-nsy
z%t0(1xE-)(q^0}y#j|9mOc4i{BY;=&L7b+Tq2uI3l@}+!s|{v+Q=5HBI*IkLTAp=?
zbACDpX83IYi|3g()c-rWThCvb)~#E&{XY0#_}^8@3M(VpeS!49ATHj0shIdzzGuAX
zp&K~;DhzeJl`gr}E}4j0+~5h`v2^7e1mm(^-i-or5uwLn_{RIpp;i=vBK2Z%35yQg
zGLNl(fnW^RiGNss_{C?so31uNDkE%5Iz%eg!nbo2uu3pVX0Ly$D~1l78cVAau4^)a
z(BJu*D%_`PscL?2I2!w)h#Pq}m)v9wUa<{(WFM<@DY_3uo$R@rba5Vgoi)o5T>-n8
z+|s~b_-mgWB?|<$l>FBG<G6(Z-fkE5m1!ysUX}25|GG<LkF?`dRn;y&j+CROCu1gL
z+KLiz0t^_XV0qGwX$5aafY69Jn81Xbj^!~NCREd*y>t<Lq<|z{g*gA=-?wM`{lf(V
zcC1G?vS+Q4&i9L9)3To&x$HApYnUym@gtv*7|XI<l;g46jKhI&><7Jx>kpU-2Zu%0
zA3nz^^YX*Xkhax;tCTYbDCrHtrO5f!ViRTVqrPG$DGRz}gaA%Alz>b_eMUxM*%ipf
ztaUn}LD&_;D@bI3iX75VO6h+Zep_1f7}J}Zwv>QT3&P*`nuD@}@exAQe@C21$Pb(l
zJl25vho`6UN4E8+z0KJo*+y?8(0wdYFFgOt5UZJTCoe5OV>2^7d_Y&Gfa`DA^DO6j
z@^gg?T*afYU@byM99P_No1SM_@x!_5BI@D*qvDs%b{T?$skSiZn0AS!-VgoHzde)+
zXmbnZdg!B)z39Ga<b6>NVy<f!Qb-Tn-MJ12dDPd*|9r~RlTb<5>Diq8rjT<!7^ZOr
zm4M`s63Ft_F~8=J0)R>#S7wiGurpbzb5zdO8{k_T8NJH=^_gW(a)sQk);u*>1Fdl9
ziH*OL!{hZOcv*tRs3JF97_|RFUExB^=8+ejQGeEvlLXXH744PK_G>KLUtWdN$-7$R
zY+2N*bedo+3ute55fCM=C0<orphC*3^44}$N{nAF0;-dD!#2ubNvcaT_~Uf`G4Ql3
z-W~vE==o?yg7g7|ml@$;z>g$N()~~lv!z<uE&2x^=^$fB*6*c>Y={TQq<@rH^-~KI
zZG24}{gN(o?=2qNcs0G{W?%)>;3|3T2Uo&8_MOLtleH#uS6h&GRirvfzNfrVM*jV9
zBmXvnWYXhAmI&BnUVwHusw{Uac07cHgoVYU+6(hnFL&#?>(AkfGh>+?WmQZp;dpVR
z;4?tV<le!S3~7x*_et~0$P>xlcs2u2UTEWSooRIf@&g-<jfgp=|2)RWZ!0D1+NQc-
zHBq*pF!;|D>eGuL8uO#zrRw13RZC^@*^7UW)YlO-?T2TA6x#Mf8~GZ2TV#@fXs?v=
zd&&{3nd|tse__HegYb!Q>|%rhZF_LBbF|^usdVS;?6#>U^O2tGVXFmydtx*#eFe9{
zylj0Wg_2q5U*2mJHXHCM^Gh6w&kg%tiQ~qYh{AGT!3ixJJG3V|<s(OC`lr`_O1DE9
zzjnA^ozF7tE9JlO-QbN}Sc3#Ga%A01c-TK}a!1QXO7D4I$dM5T-iqY^B59eOz|J^~
ziBD#6{+GWMnK%iLfA}>`o^Av>b^fk=t-gA^2M&Y6A=I6f5Vb;+{u0iPWgwSB`s|_O
zTyVDL*I>3DtO{b5_bSc&;S$Gfg~W4q?XAuD!_MCt;b~@@36=nVsx|M)&c^S5;Cvp~
zSWGU!J<MuZY*vetKqgL5tQLL?ZNGnTMn3uE*%S7nf+LtMpC)x0S(ZgcB4$z=FoJl0
z121t64Md&k93ACUm0kiaNs~XMV#?zo>J*ihGabzq5l=s%=P8zwc2*f`s2O$Ke<pQF
z%_M*Rnms8$5&Qe!hvut#Lt5WW{)@<aUh=0(V@Z(fR)Yh2i^%1aZnPn8f>FPAvzEYN
ztmbplm?8fjuF1iO`}K+OYnWpj^!*_zGZ$vq4P^ou0TSVvog&<HWclG;=YwRHuvu1|
zmLdrUh#8W4Sv7KkOPnZD-lv|Pgc$J90z^BvJ;mp{+R2UY67*;4PWj;*zC`g+lYm5;
znI4e3m%r4WF98<%l;CAj1VdwJ3)yfJl7;_rO>wS+J3FZXD=-{d9wlT^&SaT+01e4b
zrZso*yFk@o7m7d8Q0x99?8uKM(m}D(;U9CtTG3Br8jJvc+=PF)Ms{#THQ`4t+tv+|
zYI*vrjU@esK|=)y+8DYs7wn`qtUn?%smrsQJ$lPUK7q3>E;3o~J||-(+u+8-_H}Vh
zzkb1cH{6eJDU~=ll~`A3Z)thzUERS>FAB{ut;>L*_+Z8jI_nnGMzbS#STS!;{O*-U
z=Xr#t8}|#M_dRE6Y1lJ9ii7Qee)b(k$VZgxI~qw|nGfIlvQN&*uudyd>~v2_p<O@W
zXTmO#45Yk;6O#t%0m8k$%73$90$HphLEJceIt=hc+Cw3dlRYf~N@aE}?QdtJd#2q;
zc7jO*+P}1H&42a~YmDh}c1p#@%StOwKBwOnscw}CVr(*@7v%4F@Q<Ikh4<;=CfOe_
zZgnnnJ-fhX698ez8{4ofQo9!or6-V`opu*Sf&)erx*P~Q+CHfK%F@ozkq|tE{&ZXT
zY85XrG`tIo2##nEa!n%4TmFZx+{^f#59Jn;Ah+lb^9uE5jg<NN8!e1RjqN`!gc;k-
zlajprLN{uqCB<kLd)?TMQXOR<i&(HsXemkZu9nI8hvNUBbM;&yL{YS`&0y(%kV>nY
zr0zzvOg3}L18vcNuFoKwU!J7=%`&d(J(304hW&5}mJhq(WCs&MrWI9W?lrdl3%t!l
zdX3e2jcul<=#Yk6U?%J&1rQQ^zTh3SrgT*QKLjlr+XzRCS-pu@QOqPLy3elMKxYyH
zOr$S1xjYI5`PZxE1+7L)lLy{Z7*AK~HrVfnL5~|IOJIEe<1SCPjai-$O|ILQwScD+
z?jprd48KkI>xGsst!G}`>?^NExH6|Q&+O!?2i{{?Rg&9Q7~b*}N*^q5O!E|cE3@R*
z_&=v7o^;e-6#WqGHyakOQ{OM0nc}BMtHC2D5EG0CnDh%&{317gR?&w_0xGa1I`o@i
z0Qqcs_p`-Cw`!$fd)kE1oq=A57n?tf(Jv{@^RZn;N7!Jpp?5~5MM{z3_!A4ROQZ6B
zIWkr$&2foFqXUEghbxD)m7tx5FJ<`L!wC3bbis2`*v~z~T2!#udFrl7i~ThgWvMP`
zN^t?nt@pcx!@>gGBih{>+diw2t`hcK*ilXQdU%TT6k=-(QObklA;E%}p*v?<UGvps
zJZBZCtUi3CkHMxWkN}|qSEC=2bk0#~Br7ag*fBo-Tm*j_y*>ZA#iHXkQX!*m@H_hH
zWEEi>iLc!j-j4^RE3h7dVM2_jMRLjghA@W6(0eBpLK>6p*d|Bli~ph2^dF3tK0p$=
z4@R56hY|MFA|Bo3=t9@3{HI{3eOZ&(kk{+O-e_1{g&pbBzoBDw3qfi<4A=tNd>LjV
zfQ{f*p6_YF>8T?T1>d^a#UM{tlJH&Yq?}>Tz$t-M4*3O^O+z#81m7O<!)qX{<BCZF
znhPJ|1x|k<0la#`Q@(;}{~(OaYa5fKKTOMzI;6*s58xRqhJ=K0bGF4c<pz2%>fW>H
zwH$t;$NN?fVEnn5M9zYhGz4MW*^&}gG!OJt3=q>mq-e?U6wLEjwz-CqzWobFweHw>
zy=_@Z#7zE+IkKI~Rqax{S{%HE{E>_~lbP>vujH2rGl1s3w1a`5^2bR1ZP(+vA$h`d
zfC;Dk-y0gZ>dI9d!dsjNf%DE)EsmM*#s=%M5ifu0$KAPJ#DnW4tRgQxe#MH_&klMH
zc{(sM^gAhLI#vC8{vWr)jFz?`6<Sr_r(AQxkQJ|_UD-5_!yE>y6u!gEQA*uC!lT3P
z*Bh30^Wzh40U2XiSa;TSGXpG=?J09;gGqNj;yuL8r@iweLWd-^z<X1Tj>q+qp)F@k
z2HZA4hFqq=UGOVnukY~M%P^|Z?Ccu`m#Li(HX%=(09U^RJOO+!uW>sgiI<lb?vih>
zwcDPe1YAcfn}x?FI^k}#W;qytq5FpqIzygz7BEizP*+7IAyjRbHOR$w!KuJN6;F+(
zu2PqPlGz*8S-ABPX)#wNZY5|VRUlrjK7eNOriuiWEK5w18<l=UlyYb#|AGBZaM{@Z
z-<Ktebi@7KY^QjP-vaMp(uD6oA~C5y^N~b0f3zkh1kM;oRS7n(^6sW!A_|rVlPsFd
zQyP(nC{1}r2|a_<KBL?E^uLcz-lO`~Fqc7m&A-JeeHoFbrO6^QX`dhqd?`1ajj-%3
zWmHf0@9m#Q_s{FrVYka2bP(r1j9KjuQzoQXfTI<dpKe>am9F+C(=F};baqE<72u!Z
z%X?s&j7gYb^Id`9&rL9+VVh<b2O%XfO7S4f6~NTu2A)2b_E-hVw82~n#m}niWyW!$
zjH34i%H*&}*D3HxzkQCFVLKS}{hYq`-UR<qCEL-V*NRdeh=miYDnd?K=w_~sn}V;G
zot2gBqO8KKiE8tIOdE|dI=jtb(DN!Me+EFOm@cSF)HfmqzL5%FDTH+Ny+J6^A6d?2
zS+_!K&mg<LpAHLND{f!AvEun|@k}a1&Mr)m9GI71V5NBDgP)o78fBML^Ixw^)uq38
zyuw+8)q8?6X%!lWGDuwa&?XSHC$mX5st62nejSrdkfE!k#n(MDX_x+IIC*|FmaXvS
z2icW68*M#{3pT&+hKJYS9ZI4(Y{6=(3ObY89u1<%9#b|m#|*HRnT!>r#$=;A7_;6^
zdnZj`2p=C37w*YO#yM@$HWD_n$*-a)(Q4wjSVui;B7jfmiSxfAlkJF+1muM1lTflt
zL0B=#flA<GawrdirztqO0GPiC`2hD%c&7cN{l)$Haj`qTW@L9PlhVei<3hUKZ4{be
z7N5l6=I5k+TWvs`G1D_oEe#(46CNz-3<SsfOZ=kj)4E?-zvU*<nB-bCpmaxZM|MZa
zwQ{k=$|apZn3I_^Bu*Z5Ev~EnQP-R;C}WJOSOnm&74(j8a{+d|y`15-)cFyvd~s{E
zhO!>+G5Z0DRl}J@j^RgE)|eaEzGso-(oSUmkB*~G)YhD0#r|3O^as8vD&%j}EFMvH
zmEQn^5%~t2?%pa;Z1wTxXh6g$a2hp-gSVvmOf0XA=-1N4+H$aU==Z@Y92W1t3J}b-
z@g*mJSOZd_KiDI5JVAdyKb-1-UB`jFpJ-(DLtnD_TwyR0=I{3?Vjc9WvAmA}1!+6c
zevr2)Vix9)X><)ou}xb51-kZE=jnS`Aq+{0KoU)_L(3X94-|sDj0O~0<XrLeOid_w
zlO~*n_Pd&5?-KrD!X#$kL<IZvhrw5)C;w^?r;IgoyBNS5#VJ?E06;`b(~0Tif5f{^
z3c-pR{B{_CLkp;$O=p!$*57`j&Cg#nx3lf-U;PO`H2G<{A@EnSn~1+2g&8a=-NUNK
zv2fwb{oObxQc|X?ya79IgHBiFyV<7`JVNc#i<kT}kIM(%E*5FBW7P%xX=S5Y!Nr$v
zW)IY7pne3n$NN^-z34LkI-_GjJjq)E{MKAdP@=Fj(Kwhg_C=aD-iIrp^#K_34lSjf
zpSb1%F@sv%!Y%cC<w#J)usMGura=Mtz?rk;AAldVNMc|pCAWPD4(E%84!D;fW?MoC
z>-|&w#QF&qp}WC2d~AT}6RcMEm^6He1fTrRD;SH)+i4~ZnVHa8G0Tt@{A7*JyZNp)
zeK(q+x>f-j=@9jhk2xTRSM<gC1|{I5Vp03^<tSA(W~}lS{^s*Lot8Q_M{@~xcZwB%
zHZ~(6MMzhR9i^&e_3BUiGA1!^a+XNcqCQ#U253;TX-86p<q9G%^C^B?8>{cFJuul}
zVbH!|$<xK#3C+H&`yC1%b7R-^3ERlPI0ctLmp%tA1JBGy*80fH4@8G8X^gt2{^8~X
zD%d#<)>gG>I+x>&|9GxRy*6<{=VozVopSM$XtCxo+u3{egS;x+jMGdo4?b+;ekCTc
z?)l>t$0JG^t_G+10X3}8VIh*cq|f?eC|z}m+8^gPbO_MmKJe`>uzmtIS5s>!z`lU5
zI@)r>NTW#}jO2SIUf-<^YE{5i@RYWZeg5Xvf8PHSJ{9X_Ulj@Q_x!%`^!NxlkW%Dp
z#d1+VfPA*ND8TR^9-I?}##r2U!Ds<+N)tQb>RAX9+<7R|A;Jhs9GCN5*B13<UC%=}
z3XegmnZID=!oOcUW*u$(Nhe(y_%#6TpZ2hhOb~u7GgP1Sa`@ypE+&Y&C$ju=5PE)*
z5NNQRI+!GaB)!1ujvD;)gTq$m-8#dHq%bctxCP^Zvsss@eSGk&k;}awdV{w)UlY(|
zVDOz_d2R3({|>F)SMPtPM8ScCX`#DZH5t~UcY{YQ&SxCbv_MRF!cnin??h#H)ipi-
z?eY4KtyIEztg28qX@>75rB%+Mk)e#{-Thk}^Djp6^|SMrS%8kOIekX);c3|wk`|*M
zXmCs3jP@6?|3~{Y0-Gkq$Sqmg_9=*Fv)smep911kIhl!0z5CbVk1wrGUZtngGoY4y
z2TtB02}~Fz0;@Q9B`VHezW@GT1xL#C_qpkD;ogBUB<Xm4fWRd!DBd)dBuvup#O7#Q
z(>=8OIIB#v8P&N)7V3so@*j%>0h%L8u#RMRls>C7(PX$|pdG>3chImD7ORO@hvr>7
zW&XMTLPlG-bw6~8k+@S3t-7+aTk$`}kEO?hJpbPW4vjO@v@(KD<KZ?(vY{Y3$ofg-
zd0A=Ae`R1*qy!fILh*yCwQ)lc3BE*eI-Ij}^o0Mps)sin+2bQA9i0JFE_#bUO~t~z
zWb4ZvtpBmHN!c(RV>jWyQH6qZZKJ|KVE)Jdh7wst|Hv>eYyse=B$;QR;z^#&AC7Lb
z48O31|HdSQobkL1(tx_ebcjriKZet3uywxxpsE7&U$+NSB#C>h3}7qT1zRGP#GA8F
zjp9EJjFg1|MG2z*Nz%_h@x4Qx`+Wg%(fvqM|6e%wmA&U<owZ_s?qHl?eUSOMb!eft
zRsv2OJ@J2=gtae8ZK{o30A{493Tmu5WW(=%Xd<Zj4X6IU-Byef?2HY;lz~dKU+z=M
z0EqHBzWvv}5$&^OElm;^)UOopwcHk+9!z8O<+Lszf$Bh^_rE`mF&+Jlw|6Iy$HL*v
zn{$|DM3lF;=KtDM6*V8__+chakdQpe7of|Tl}`a{vp3uNm33+De}`j1A{?_yhtsm}
zD`moscpdkC+5g?m6tUN!+`rA4edSB%p#d3b<Z=Y|qx3?{?J~Rm>%>t@S?G(Dz6y%P
zjQt#M+C}7TUZ>MOiCN9@AH7R)aV;obnswnr5kXl0FlCH1CGimgs1@Ts4TlY;a{>r6
zu}MvahWez@J=YqWtz2W_Kc*5UIY#2D@7Lsnvvv9DU&BD&hkDPK|7Y#P<=WB-?50GK
zp#)?`;*D_pqn0)5Df$2Z8%Y{qwv~bJe?7hrO31HO)}F<#bB_HDtL80KjB+<0*!}e%
zu}mX6zNTV>#XlE&@5>j#Vs(d<iAD)FY0cZw%CADWv6Y+(_Bcj#E8|iB?W%9RDi(CP
z6ROmGX-XR0=@3?P(;kJGV`-er-Y>=f!V*(bJ7B8*am?=jK63m;l7jUXI=te7mQ`Mg
zTg`)C9{wLsUm4a$w07IlB1MY3mf-I0?(SOLwYU~{m*DPN+@&}K*WwV|i#y!(ob%oM
z$dBa7%w*4g_Pl$&OBNvhmAZqp8SM4zRZOL-lJ@mq{%65L|LI=`Z^Yl@lOlVC5=yL6
z8=n|p(C>;_{mlCtsss^#ob$4DvdQJ4XOb<}f5%9s^223#X~iWS`^Gb&_(y1A<pC4v
z0f6c)%Wl}2`FvehCRO%<SlZJ6O{XtYw5n?KDpY}WLI8lM8a1#C4=m3IfhX4va2iqf
zyvtda`mI^Ti+|<9NNQvd{BQcF{=U|tk|2i<M6F1cDC1JelPRVHqt4DKs?TQ8h?e_M
z7BBxrU>*F<uMU#6`~O#_M1!PM%tr^V)1gNf|9I|KlzgB%Hf-zKp2WjbqU!C2RyhWL
zi~P&-)KEm(wR+;8k()Bco;bV#25ZT7NmuYFaseAFc|`c|7*mK*LdCZM6RP6f1`oMs
ztE+1|yoO~ubr3WjLlqefGK!h(Zj+7Ce>@7WNG+1}q~S#hN!N4NDky8oZQ01Ban!Wf
zG{Oa2$pBa}MCU(D{TBvY<=(}1H9>4_^^s+*IR&=i*b%B6>#`@g-P7iUwupP%Mml%B
zzG@69<=#VT8O`5`JdeJ1s6k8sua&DMZtkxDF7Df3yr?`PQ&X2_h162b`2Aw{ALlGv
znzdb|{IFN}Tlfts^5uR)K!_7>BPtB|#Zop=gKtR~zJCksO<b54W6V9T(C4!u9m_Cf
zRC?*>td_0fSUS83MYPD1?K8fIa*^id?tAf+z7Nm~9}DCX%3>DG;CpocD14fFnKv(#
zOEz=g6kqb+PioxV4l76bjM3CI=Tw_1A=$l66}jJ&Q09(YlX=HE0GYWQ2?19muVs$t
z`pho8)sdmLrw`+?6f^i8$R(=nvH7v{2(+;Vr)3^Kb@3?S8h=J9YXUu#vwvb(TbWid
zE11lt7qhqQe=JOGrqf^TjFJ8Qmc#A`%0LoojLIDAW{212DtVzP=HU*wxK6Q6sqoVn
z-1!{Q+WAE68%*@Dta#Kd>!&bioFJo|5=mgVo3XlxKl3c0RGeeL@VDly6<RR16E_U~
z)>ct@3F>Orj)T(7<o727007WvyUf!5xSx3hah_x4znK<ov|ga`{L$NJHD~#+&NPYT
z4vpozk~)Ui5c&u>ENLXuBS*6ttoZ|cy&tUcqB+h|tdk1eo-8kHj@b3X9EbA=%~;j=
zx^bl7L_OMSbdE^h?VaR>hGfa<pI`wbF;S2hu@D;-mO5CHpL-N$w5(PgbFCPEb0h`b
zij~A-3SU@iV^s{K($AyehI_j=nX@xQDzS4I{U8=Ru9Lu{IuK)N-?2KzFH6MM@1V6_
zU_m@R+DFgDXQ&LGiJD$9zYMB5Q3F4;;yW+o$BwRSIH$4T0L#wTyVauu!FO(b_jT9#
z%}oa&8?4AxO05rh*KM^!F{Cij9Vo81TKh#)R4Wj{>6=cWfoH*?=h5s*?zP!`cJpM%
zYqjuQh?9Z1q+==A<>2@yOodq+6TdeQvCAhl@*&1dzBN_g*Rh3*#U3;M^(hxc2d%H~
z*bxu>@@LFAMz$}HscOy&LMsW9KJ!>h)WZ1SVj`6-c@`o}(cF5!fgydSj$e5)vksYA
z%Qu0MCFg&M-q_CCsZHFrEn;@^t7fx@#r>MIuat9Wlx5IF#JtiuAc1tAi4iOr-z~#a
z*L_&||K8TBzN;##q=4v?bN_BfQu$%U6NIL;iu!_hp)&ZOVe`Mx;jv1-As65I0%MdY
zpcq^<YV@cJF6)Mg3M*^7Giut8Y48XL8mSSJC>0?Ng-7x(kiE`yG%hO{;v6ba{$Pan
zZ-G`Ld5J<lQhz+MOu`12pd|5nlO~wR_eOceD2#9b+1oTv#NR-r#J`4N#{KJ2s%uI_
zouw&zm))&rW7^`Mw2A(j4Y_v5eQzsg8Gm)Uh)4*lDYTmf*9ELBkkp4d-*RLL-us3O
zp~bGYt3)oQsQT1lC`)F<Ikn5+HZ%SFCB`$U`vl$mRHYM(%j+AxdJ1ooLE^^0$Vy5?
zJ-{DFDWOawNzL$&1VE9LfJrM%S*`C?^N`~8^zO^}`aG9g@+L`?pQlHW8jYa=c-#Go
zq59_7_VXL*1eIxu!4H}ACyJPFM7WHr!e_bj*bNSF(YDnPJ@~N|1ZIh0|Gu2TZgU8+
z8syM-8pLGb_k|#IASn|`$uK(%>nhzA1#o;E{3z1(Rz2zKWgV&hb8VQ_-=Ckz7^sQ9
z?f1_z`TF-rH%eNBbl(&+&Q!N-$PmA5!5#^|UkmQIOzPoSKE_QQe@A*fsCTe)+dlmH
zv(t26()BaTZ?VChx^lV+skLE0%_fmJwMUW2^ufyx?<U;hrZvvB2@s{oN#t;-Ut$mg
zg*|y|m*d;hJklAQ0b{?fQ^@nd&uU<(<=`*L5GK(dSCITt)p_FEU%g_f?3Yw$%2Axs
zNiBj&AjNsamN^`{-f%!pr$l<aSxNUd8O>Ri6)Nxy0(Bmn_z_>VugaiF;%p@5&8~a5
zY?S}44Lt2$#`oPo`B*;Vc~tx4D{4U#ire!p$}{dg3hPy&{>|3~qZ8F3@ISb4%4eT-
zesNKv*7wZj=(g71cTVChf-)zb4dMn<&&;k-Yaowp=)<h<|9VR*@{I$VPU}06CN|$#
zs>eT1sD+MZHaC}UZng=q8$u4h#Ha9_{p2j2gb@I7vZDb6xjcVCILv=O&v);6Uazle
zXiyzni5O~kMKjtGE80*|0w7l246z@~_Q)XEjsNJcYg<3`R^3D=4$`nF0ACI-+w<f=
z7wxS4lC#)KaUWOq3l&JVkAt3kUHB=0E?1T9Ab+XF2yMcJCu_})4mI^~yu_5?L=ema
z^vp+#Xi|qc+}|T?{57rM?RGPl&q~wC!=A#!g6e86_YBzoAwchk=fdd0iXA{Ltyv+#
z2eaF7Vi6d<7W8==j)Wk9g9K7=tvO6z8NOveM5jCSCstT%)C{F;&*Z1Y1IWTG2jPID
z!`!!M1HapgqqK{6#=VYGWv)KL-&`fp$R%Z)m$B~C5U`Z9eJ@q_u#otb%J=+7ZlUvX
zXDZn!#CDal#BsoK7rW;{92Zkmz#_|OsI1&R<dD~&ei~P^x)gMQTV!?;xi8Gqtk$%q
z_Stwjpi4hlQPNrQ=yI5tvE@sz>j}jiM=0}I%#7@dRzSzS&bRjOTkQvWT!EP~$kUiX
z{te&E3aS!k((#6iSmv`21y2TJX5q#pqXo5ce$_^#`zK0rw#J1R!dU$o3?k4{TpWfC
zb<twdcob<t@n~#LEc}WU<M%GpewWUt-&2%nufHG-WXP89@h-`}5>=cna->FrHLDOJ
z*j`4l&09#Akx<QHIX?W2#7&cY6*Ih|d{}q9m}oQhbmEW~t+wIy8;)~nL0lDCAkFQ0
zMDnl|-@XXI*b!|`{LEr~Fga(z9I;fRu1ykaG4=-$2`OTvKfK@*^0=PkZ|Ix$rLNc<
zzbC6zM>bgSE~H0M_|F#CWhaJnC=mT*&2>rNWyABJ{JYgwmS8QQ^AnaCEGMS=A9`t=
zywfb<hu?SUiBaO)kmbScY0|x0^ul}d8SJ99pGw)!F!?B3oM>CPpslVgFNo8+5qf+X
z8ildZlOe;&FTZEVCj!70kP;Q_R9piWBP%~5BT%>6V5(~>_(<%WocN3O=L_t0Fbnb2
zq{c4B?+AcD3tEVd!3Z}XZCku52;mWe8{s-MGK=g8h!j#(T8>&Dzss4UaDI#W4aIqM
zqQ%E>6nA*9Sai4&VwX&ftm>dv^wHkfucbA{UQerNAt;EBNOk~NT_v6$Le`KPDyzI=
zdTq*c{)3GHQYXKsW!~ITQR7W~1XL99TD|TZgc~xiwSkD_FYHeLcw(=d`FBg$UGFQm
z7e0b|mwc@K;ei6Cq7&(N{ycX4SUs<24oBmxQ?@)J;kpceX>t%4JL4h7PsS!EkC3M^
zwefy}BvBpnt!={u$5k(q1RZ97&8A02j<zo9Ot{47KGeCz1$M=0qSE)$fsd`{e#3^u
zEJ4j@tWJ}988Kf93BB@(wLF;r?ll3Y2m4!=Q4H@JwCMEiKBv5QCrV&d@8GB!;FHd!
z6wjY0QTJTPjS;g4y{dwnyA$GEd$KlWeiR@zF`!rb8&0@P3mAmnNiCe)z1TE~ylWo=
ztxk|jY#t9AUHR`^fI5ghGbHhW3Q>+^E6~8mK@uBm8jxW~h(YL_nOQem%<b;)G@6)X
zNNoIZb?kKHHpcp|BH1cIskvwZLzhdud|<&szGTu$=+WP9Kd(WkIG)wjvW9B;U^M?m
zw(RRo5@g&_#O_uff<6}fd)QOwo)eI;vqnHoi(hdL26;)vAUhzA*AHwm-vnYXftMr!
z#Q7An=1@-v1D-&JZ_eZ8X7dY>!X~A?W7y9NyTB1*s%)}&5`us|D~_#?5rrLc_!s(!
zXZuhB7JniJ%dLU_kkH!&^$nKTCm!NnyUC`14&Exzw{{)dgMY1Y3`1fTFIXtukb3R$
zOAFc2iB0p+uSQHQe`qmleDl7azFN{3wTXSfjLEu3j?{?3q5>kV{T>#Y3W_nJU(&q}
zkKRVXVjm5&Os-3)s~(BA`7QDK)_90IHwkMbR;(gbER!ztI~;Dn=qr#r2RUGOsEazR
zl1=Ta)vZu~y(dpzW~#d?Lw0_5mSq0|2Ye;<n1*OZXiLZ*&(Wq0Z^SgRCZBfbtFlsR
z3E#v>A#-AB?I)}xE)t)GT|^^Fk`ynM?(~A#(yHqCQ~pDtOk>;KZhg2BCpoLHIgxLW
z!7>&t<bL_vfAr5k_eJ7aOGwKPV&)6P4(0q*us18qm{RUI_;-x3LyWCYNx*z%Mb40S
z`v4J;_^dD*hZZpTclOS~X9wQ}(h{47NNi#8h=^)*&##<}e7}btGXC~;W&AkhvG$!(
z%r%3zznPFidAROJ+5N7*<&{;3>Sl)<X3I%3VflezbN-}niAs&d%`;mRNYZiw`hG4F
z;4j(#?uz{wva&#%bLf|+*TFBg%!GT+0Cenf-J<GZNfFhojQ$cO@`&zhDbY%zVLFz!
z`iY^7YOA@FP0pxJY%d}H>WDp=y0!=b;yAbQV^Xxy{88=r%usGQp_Ga)X4<h%&L-05
z8$P0vuF=mL{aHy(##~_=Su1XeKQQh)K3BmQC9=CI{9|7+%R3+<E~Kiw1Y^M#L2>)2
zL?Bdk#FRf5hDRyD4}^zIBu;0V^(dVWw-h7R4r`J8Io*vRmn}+)mY}Vo|8^La{_CUf
zB}E{!mCTR7mCPReimdyS*|M9j=k8X=^W_}ow)+#AlABM9Eta!I`xgzm^`;S>E_%!a
z&H7<*+;9@^7lpx~TSi#PEX^y+_tAa+I%(AKuq;QzW5}v%;Hg4%&jL37(1P>b)5HrK
zs9^Jay_5i3J*6~SY<0yLTP&Tsnrp7_MLO{?oN0M=VJPgo$s5Wu#T~yQ&_?X)^YFpR
zTfiUAHQWF5?Hl-WhS$M~)qZtt@zEwvq?bVpYt!vQiE>b$$jRG<Fkb7{Cdbg<7VtyM
zAFA6eC)IGtxg<OTlfgo6)nqR%wu0{@IQWP{T=gQ%b4A79utLczFhrj?TPOuveNlbi
ziBAqET~U3(y#Dz;e5kW?HkztRkO2E>9jrJIY=z4lE1?Tvlq5W92KZW>>EK|%<nv|P
zHdnX#7}D37PQ3)LrxmKq`&K05-#VPJYZ+U0WN`M^_LA4}(QuNuo~D;@`G;bK{e#rE
zY7N;Kb)My&5IhZ#fDYA12<1$mn(?C_iBrpvzm@W+((siA!X@4u!udPv2qz;ax>HJ;
zbPBPQzS<bB8yF>ie~>&;ZC{yfJdjI9-#8frrYmdHT}1_J%Xh}glyF`qyQmcbC(B~^
zz#mI5d@sDO+H?Ljp~V11D$b!{seeDH7Fq^dJ)3y6Hm*HcKddU0+;Lt=y!j<XaDZXG
zROWc8fAsMkKaB~q-7YT8HC_-?7bY^NKjlhwG3wd+j)@7`=}!exF0Y(!ms-^T`|P}A
z2sOAUgdVq(-IJE$<5=zv&8Verl>`h6wlNjw200ODpgHTg^agzy?|YEx7-yFl45by3
z&t#CRUpUnl-!f%DIYpZSIi<9~ano<<rEHhtb_=B{Tgt^M#d!l~%P7Oh3MG@X@GCX1
zA2U{2MIK#v&3yRIgC(6^_CE!gIA;~rSzLyD6ITBm@b!QY#VftmXuTmL_tF=wqL|DK
zMh#US!QlLw)|Z3Q8vonu(4&NHZ<I2(vD+(_|4z$m8Dya0z8#dnz_<PkX{6~G>|JlZ
zzizrhq17sTL6#fE=hKF`nDT>ki<~+E=uQ{iZY?lO|G`i{x`|+o$hR9Mi|tVLjD%ZD
zoz%)Y%m9?z^Kv%}>5pFo4S>PVTG^H^q$-kxNQz;FgMi)<#+(A8mrZZ0tylkorrHPo
zYVHTkMwi^&xq5xZ{Jm#=8QQofLZr?k9=w<F&Am~Zi|t!CI{}Gh8nd``#=^t~{~MMJ
zmvf`}+nT3UZY*p~-CP#sziET44=LmbPwSeFhB~$=GS%{3ju<m=JIL4HVW6Z)W)s+@
zV*_0{`O(deu<wCK$2~uCJ2+&oS+o@{RP%ZBdXSN(mp8kTh`idfQ)}!>{Shbg1Z#4>
zO`*zNGKFOrzxIQfgFO(b>8_#Pro?0|6{cQYPHRLP4_^58S{1`QZurNCDm(@nUHPuU
z-LhBxIA_V{7Ez*@C`pq_=F!b~%QB9>qmD9&k#!h&^{Xz9HJDt2X9`JBaB|;Y4$3Pl
zK|}H3Vx6#Pism~<hS7dT8F=@i;Prs7o!%&nFz!7i$)-oM#fzms(cLo10%!UwakrcS
zf!Kou7SYg#IMdy#^>vP&S7Wq$M{bm8_~M1vI~u`|o*O4tjQy+ma4{yeTBe{~$J0E%
z<zr@T{+q*F5=@PuREXr#^hi6DI)aD3iqLPRkTKb3t1V*M-R+D8!_FkEt}B`A`0=GT
z;ThE?U7^l?3*~3pmO?7cTF0lEYZ`p<oQ`qvwHXTUN#7SXq;2p>C?-P`a}hK)I^$l*
zT>$Qj_#SG-*J_AcCSKmfhDM%6Yb<t$_UHQ9DlC=c*xC8Tocz)y50~W_LYK>){n;kP
z+nE)S(28<IXus4kgVgCK%>ovrx<&0IhXaJIy+#1PjQ5S}tf>Q$YcZuV1F+B~wAg%X
zxDtQ~|KOn&MYARVYrDT>?pS5IiwfWzRhA4+D&&sLry$sN(`lhFNIrn&lXJRTwg90o
zeqE~#&+YBE1ilQ_LzC`7>bka0IRfL^x+Mee8Sjm2qUr<utzT!)Rh9#Xg-&Mhp9qaH
zhmgJu>=acE2!G(&=1L`pCbLKHy)cyZb9=oc^06j|YD=<b+Xk;Ns_&WKt1N9_gJI3r
z`dPY$8T0PCC{*DEw`_2=HS*X6yK+;B-eGa;<RYc^mV@dljB5H(qP}+05dadKu%xBo
zrIOVq5-VoIrBLG_geH?$rpLi}^Bc63R#5e?_R6oNt>bg^8$+%>&Z((plyfo}B1idX
z{;5>P0k~Jf<&GL=0$+Wk#R=DZCcft8Wv`wW0_mydWU<Ffs5kVE$8MB4fW>kgCIcqU
znmU+q2p|D%yI{cQBGfo8oi+E2TyhsuG=^ZZ(5Muz0=bUx;SAi5<$NvQi<n09!-!-c
z1f>cjR3t>i5w#nwds<_RD@nnp1h|o+Up^q+4N~MavUCo+j9cp19rsKE1SymKG1bq+
z1_{bv4u6&V6i;0;@ulsG6`)5-`xkCMw7I&@*GXuCITMoP+IBJ7ZoMU^*H#S`RUJIZ
zZ(k0}9s+Rhf5{zqhRqcj=18$#aEF-ddl&GT&UJ6vY7@r@O3-O$d1QBT*5j_{z(2%5
zdld#fPx)^{fuNMx!k!n<_+$bze%cO%OX1ig$z{--X=kwTOV%#a=5d#+t7+9`(d>PT
zT)D(+Aq@#4n#k<>x$n?JZ^pYyEhIPrp52LBwGQ8G`bwpKRo=BGog|Su!!U#1NEkIe
zxiN~dr~UKJYqxHV8DMSuAglMGk&cdNq72e=pe4D)Xm6W7C=B9-T4Qrn5jqYZw<LX$
zpw^UQg&JiD20W)6q!PNX%{)n!V39mQUS!eb$8r8IJ6Eft(nf#a41Qlj_(W;lcTKf}
zJ!C;XaXiOm?d{$DUwO51!Cbbma{8IigcBnGJXCvrF}~17Uu@2C0X&1b!~N^W5>nJf
zIXM9c97;-1R};&#n3kPw>wD|*W0l(dlmkOP=MOsT`L|4IAd&1`tv9=Cm${_<j<4q|
zkIur&f?C6miI!@}{=B9ZUe>ub%>>`x5Pl7bHiir|z)!IgTv%sKA)eAqC!dp3x^#*=
zO{5B9>*|8&7+4{^cYDSaOZ!a@QX)Y2B8?+9O35`Hk?LtVL<gQvLQtZXQpSIcNPp-P
zADfFk+kNd_UKuuMGD+DJ)-ni2Mg9P30SN^EY(q|Ohs4$F8{zU^jhGF-mY_ySZ<m4V
zxEJK`bybAGL?a3vYMwP*+rj8nakb!s@q9oWpUN@S=WiSM9;4*I@P|JrD8PrdPQ&-7
zCGhageaFUaO}k-YFXIB$ZKrA2=xzud!DEH$=c3N$fK}vZtojej7S48Kcz4H|JsGhA
zPlsAe#xB?`I9r&~3=CEt0Uf%AgC;Tjv$us{SHu{ly~z}{r=xy0kIBvQcVGV^_R@8!
zSBFlGwcp4u+UE{*dXJxH<{rrLM9qacZ+&i2GCU`~u$>jW=iMkzwA9IZ1>92Oe;S&|
z-MZc}IyWV>ThnlD$WnXcB9h<{NgnWPmZOnBYvX_fc$C;RuLs1gJMi-O!N%>IE-5!P
zW|&X@iKY1Q46cKVet~xaktLRngX0+Gso{C3^w09o$Iw=m{iDC8v8Fd?w)4uL<j6lZ
zyIDC*BYRvmesw_4P)F^{8v%C=obdqxFi6vf!^2cgQ-$a;3{~K|FGn18a4@J=lBAHS
z34{QBmmRp5F6@5PFl!Jnh9!e*Bisa#MmqSKc+OdW|HlLwweZ6uk;hi3;lqaYDMx9T
z*VP(_kdX0bG~{uu{P1T&L!JdbI)IVA*7w|}`O@7#S&%%LtCb=M`%cK7{->5)EDzXy
z^d7>4^3cz2u5og7qdc+M%6Dyi$=jTbY|)dg>>ld7G{%bO<P!z7Fc$yz)`(p7U!QaK
z-&u*<l!%J!h+HJ_X2<M){xD<BIvYMSaw<GGxEbAF|HPV|3DpSeHM!|rdLpFBoB6ED
zx|u(3B1ZZ)p;g!r-UQbIdlVf$%(V5Hjtu#aA6oXWF3AqX+S!+MeLA9p+3zSS?;}j=
z+I$*aG$C1yeIljN#H?H6EOv3Tog2@Gg3a`E0S%N%f@{+0W!Zx!_${2;SE|#zSt$5e
zt<{y#I;j<yaji?J_X71<rb}O>Xo=Q?SR5x_WB0dli*u}breH2DAv%n2Mq@t^O3Ij@
z!rT9GP_@@?PnJL~>;qdvflHTL`f(oehzyAekQ^DOO9c_RHi!eRU#<3KBfG(BP?Tb4
z0VO=tN<-MI1{)9Rmwx&Ws}4O~oeW<THAKn4A=?O8bn%8y+&j^%yZ2-IPaO8+DR_)$
zYe77joem7PQ%YVErF<xJ_qiRj$%>G4sSmkV4eyeyetv<ibKRa~@?M*7^S*07kNP$*
zS=%cYYxF%-LAm5r-rtNqsdg!>0BTztY~kYxV!)_}zH#_aNbv9@>EaszeC5ax6OK&<
zec$!Qb^Fz6X4r}R!WR5|t7VHa{vcwO!#tU-QU2K0C1%wzm6|`2tbLe`Hhat~-K&M?
z-Q~NkMO6F?rD|cs2x6U;Sa!glR1q7_gFADIg7glZKY#a>L*lNZc|`aqf&qYAf&$e3
z=0m<hj3_|oLHO%(g#vL*Ac#h$|H{}v6MKUHcF!&UO7Ekv`_(8V2-FLqn!4j!z3fs7
zO2<L!GWoj8HSdeAt9GJrEIv;pqw9>NPKn@hmJCt1EVL-e>t4iQ6De;+Fv1kfOd3Yw
z1HH|QJ(mRTWxac6(W_?96XxqpsbF!#Bu^9%4-fc;$4p<bV^f0hgs(T$x@g~hHaSx<
z5!RTe+vmgHW_MKQ2R{E1IT>Om^|e#bf$Fojd*QhQu{5iLV2JtK1@o1fTd_)NE;-%C
zL-K?jTkV-w1fNrdEl*TyLl;7J4RoBqt<@^a$1IP=p);sD61id)IwD@GzoIhk9*vs{
z*)HSF&>1<tSv*>NC0eUOeBi*vVPrf<E}&PmTl&rCY$nR0*MobNdoufeF+Q)|A4DF+
z$jzkpJoUQhF}mkYfm)r%6_rI3A&>!vV##T4W`wn{vPT>a_Vqh7N}j<HE5wapgJ3yS
zDJiHra3e1-+Kr%61H}dd&v5+;KHzt2T-7X(o*l?ytI18BL$9gl6w(QXz2^hJ#>Xfc
z(6WDB_k`gbb6d&4N7LH|CEqr#s4hy+9NNCW-k0V=Ziw^vmV;gn;z`+s<>V<}>`E)Z
zhhwXFs~m7JqPqN`E&B52`Yda{TztFr<$`tPrh9YZqXcmhizy6@WwW0C6(0#&&DR9y
zDru(5=#z9G4#jN3uK79snC4YCWFC)F`<231LpIu$#H%%m7%^^mS?!Dr?WxPSS^Ff`
zMo?Cl<$e)&GN?%zZ*JZ%@|q10m)K)VO^qvgF`U}h^REBST9~K3Hc-Y08*Gi0ZgnCN
z<T!72GIQ#<@{MgT@6578)lkOUf6sNEzbU3b_abi$sYT`JNpNPw)xT)l#-Sv@#=fY@
zzcokW?M+9=Yk|G-@7SiQr{(lM3&){U%Knx?D<nHANJY@0`_Vkz*{^vk5^-^PS-RG1
zq4FlsieO*vsDL|Z74n!TN()dzgkVXf82Dm&2$Va2S?;wP%opf~L7VzG4a83%mO}0L
zbYX{MzLn4%{{Ie}tID-zop0VX+3}>?a{QHTD-RtAR8FX>{fmq|a(3jfetX}*{?qsT
zKJbjmN4U%IXVbrVve<;3CdggJOSg@yjhM+n9&%3J$p-SglRk+GD@}484IZ`#-qaVa
zDmjBD6cZ<PklhZPl<ibH3*I7NO(6;&pNZifxWAoN^ilPfOd>Ahda4`u2~&pWjl!;l
zirVX@EcL^{QrSzydqLmuWd2)Rmb{I?4Y$r+fa2WT#WNTG%{lTMzeRWM+tcK|lF<=M
zCg@MA<_OiqZ&B7Vpa(zlz;FZfUW{RmaJJ%`O3ZB5&Rx1<ch^Pn%T|x+&1IOsf4u@3
zN2CNc5OHUL&tn}eXKd&q-lT2gf{TOr*bnn8KHXS!iV)V^EsxWk*hX}0=;wxtSnO?3
zlTXb{IyBk2PRRDGWh9)GnaNL#-(`UD`&Qpe5g7~qF?Z9l!b;%&#AfzgCbJ0T&ALpj
z^txQ_NoUm89G#N3Yq#Qa+_{mHJ<Mx?7S^1#X3fD4tG4IfR=^WF0pqn**<&-GBZ3BC
z0!$&H!o&d~3CTrDJTNchM<elcj!Df-zQ+w=cGT5<6^gN5A{$j*X7Uhz_{Uu?RL_K$
zXp7|n!+AQ2rsIU2vgnr7%(W@twH?9Zz5HHwxj^obb$FO=b2(D?FOtlyh#~7!%1!E<
z33)&1d5b!4KViV-A5xSyPLCX}8#QOW3Ccm9HtocG<Tm~)UvgcVGiLXmy5`!=q=%Y%
zc=|m}Knb^CjyA|evWWxEQNuI-D^*P)FlBKrbL^9gC)Z?>%ovptzB2iGW7B~!&=EhG
z-1<aHmHdV(y4`YPZS-cg-+TsiXI;4Sbp_(W!JiEUK|Kg4Pg%jJ_lS8>gP&Lq6UF(A
z5tK?r3On}dCOB57r75$?reJ%wB-cu|Z=_U!^DhQ|2M%I~!Rxi-T$gFGx6=hZS*A(U
zF?r~EulN2+Z#IG?{@cbhVINca;5#t!jPT*d*hVz7KM9Ax{8@JxzMW4X-q|P5t(D&N
zWSH>0<uyjFjh-4yp*`xno-710_GG2ful_Bo`Lx$Dr@%Y<n&dIN)Mcx;%oG%Yc6Pn!
z;B<noG~l{o0;sts5Q-YdR#88;1<eZZPUV{*uV>$_SP8f`XC5h25*Xol@|`u#?LuuO
zt12X5H|><$RzL4tTN<JMr)4~3^Om`k2_L*OMdAN*ze%x)8D6UU{Wc^|=}+gdC+OQZ
zrSH@3U@x^j4j3?FFbE5Vj!0W5wLefxt4ztFIf$=&t3WQJJ{?gvb=N{IpTJIF(p2{<
zcWpnFmWY$`tgGWM1Rv6Q#9;)gJjY^-jV4Gu6f0eKHG=oi$rY@=mhfp-X$dcYYD>l^
zS`sKp>qSCfF1fVKE?Y&rJfa_FsZX<o7p#7a^4_Gdy*_ZNTDZsQSIB+l`yF-9Zs0N_
z?s8NNoUKr=JWbr+l0hs?b@1rN-!<ErGT*IN_Z*b;6N}?(i^ey;k7Cs;Z9~1V22BTa
z(C2-+TZ;|ZA!2hcNjD#?{&@J=$fLXiKVZPO66LZL8BI~!;c3Ci=09C^hl%^6-<Du(
zxt%(9djVhnSzb#S9e?E#R0!h$<4b;@(714-&}_P4K*TBftOvGfhEMaa$a_?*HvX#-
z$)w=>!4lRg3qBdoDu>qfa<FeNN=#z;D0*fEc5Ks>MroJ3#aopiRv>y@+j=+tb`u{;
z96NigRTp*R?$rA?KQmh;YKS_e@oBWQ%wqv5`F(FejqYoMhv|&vph-N#Y|iSPDuZhA
zRij;5<CGJ|nIBHmRGREM>w$`<L#|6+&1p)^r<gD2*&Ptp{t<+wpBZht-4%!urdq0y
zvh=(qz7s~^9RAXopL$(#J*^5l>S5?iJ#W8|=5bu|beSeXI6Mq;E7otedAqR(cyK>V
zPb<+;G3!H`@-EyAV*^w`T9=Kj6qnJhiL0NzCDW7Hr?~5sv)b$LzYii}A2>t@cMzmi
z8nu28hfgQ@znLuYvBzkh2h&kqG7(euap9OV@0ME^{dQs3=o1+-hk<2o>df98Y~(oW
zGI@~-pdC8b_s1|ATbW8NM@zrwH+K}Ji5eF7fAObCsTU?8z3e+)xaXHDM(|e%@xCbi
zeFcZvv0^n_lVr8>(Oao;Se9DQf%5q9IB_Xai0N1@yMQXQk2OU7CTZK|r~;hL7HsIB
z_Q3;ligxuY+6>pNrw5#cEF=ju>I1FX5JmoH+(P7at%8IgNaVD2B4kBdRB2{8>*CcR
zmP(GG7hr5ziUV+h)7S*r(^KD_uDeJJ)O*?1x1Mer??y|h%04GwoRw^(vr=u&P}gQU
z?NvfTQn{(rBoCXnpN|&7CO3``Z1mK%`NDjE#4wMgT&Fq8aT`_LcnC8#Lt;nH2hZZW
z(X2=zG$zzv-?Ep4SlX^LH&R7sFEakj@c+6SjhP=Pq|XdB*>*j>YZ#H&E)8M}Nmr8S
zCm{l^J15Kk%L}85yyBZ9(XpN%*h-TQo{>Enc3{dg@v%48bpqG5Ier!hE_~*<fs?v-
zb|fVH4_kJxZD?YIyRtAHLs&1nW?NC&?@LOOR;`hAV1^^xn>oIXdMn)!L+gq+kubH%
z%Xt(3e|dXT<Q{qCR)s$aq%(St{vel=@(gi44F=1zv>^5<ePRWfMX=khF5|3j^l5c@
zvHweH&7-aDRC&o9PZKv9n;Z@=lv8bJ3k=zg#r-eO(hRg!>;GEW3G2Dt7Xsew#QBY6
zq|JGCs26|pKXxIb{a*on$=UZ)Bl++dDPGbei@s<+svQZUY{)qOqbu5S6F`!O*z8u=
z9+eRvaxoR?C?F92$@0b06#^@X6s%f4n;BJ}nio8M*W34q|I_9L-JS2s_Tj@~>=CJ4
z-`ys#ML7O1nGZv>{}&+4Yy=gmekM8M$ENT7sNz-|aEzkA=V_sK_uf0@AogEIrSaG`
z2omn90MY0rK5#bW?C`by?L)AW@)YnmE-x*z6XAvatD3_V8{W^X&LJ4%8~g)5E~LPg
z`T@tzmIGV{RSy#!!FxF)><7t?jfYvf%-nnlHMnnI8tj3KN4$V!x!&wC`fGzz<Ug6k
zI4io@E*bjs6T1B|;wa+NC3#D9^)Z3gH{lnAAm7yvKHYyq7^eeZi7Z9oJ(`CLa7X68
zBts)$O>-Y)i8feFrT&F<GszEdRw_l2`PINWgyB}nzV+F#;kn_x_EqnYiz~d;qGF%E
z025d?#^6#}>fJ+BI+X?_b}YA?f<q96U_LI6(zezokxPh1AP)oy+*R<oKkUGF`gp(g
z1KHKxeO1X9C#L_XG?&58Y%Yz>3hiG|>&-vTdY|RA;8jB0G&HsziP7G2zzp*IHH03;
zQ?nyU+~p)FzoIn-Va4g4;O9b=dg*tNJv_b&$8eqH(EkbF#BR2c{k0}(|Mq@D9)J}6
z|Ekl)7ALmF_aOmN=_|-}D=~1vW^K9o4LBfjuDc{vwRl__^MJzvVgr>weVYGR*}xK|
zeZ+~NvpB(OB5PF{#(ai|(lFf}56QlnF4h_{f=Eb}x&NuFB72ylWil`_M$iG~t?<r;
zRw$x}OnPf#l6E>@!V%ei;e<T?6I4M~*VPlT;ojb#$*f~2g&d<+Bvm^S&RfRwvx6Nb
zK_=6!29-=~Y-A9-<vD=Syc3R4Tb@9HLBWfX!NeGq_Ef@TTe$3^gI2wtNt?~cw)<*d
z+d|~QpvN#2fPv~$GWwWl!7ahj48``SEZwI`@f^#_Uj$A#>B7sr@vvZ>ggA&0Xm&D=
z{fbxPRW6lzY$K)T1Rc-msEI!V2i-0S@3&_Nf*!%rKQ<IvOSva?M8dFyYWR8QwL*HV
zjhlLSB~UyHE8>?}VRSj{1Af1>l5!mHIaeFaU<!%^rrU<61*)h=6_L~ZrhkuKu{AUi
zlGt-g_bt6uIDV~w|368eX7?2)bw9H2q38`n;iwFrc{C#AObl`<&34NmK;TpfW&1an
z5?^LDK5pXP;$~ywsYLs6D{<!fTuGM$sd^yTSfapn`qZD|31OZCFhTF*k0D$ODICpr
zE<Y3f$HH?H-BvBj!E57AlaCz5IUO8d_F~PX9f|U*`<&@`_mWjjlV_bEsG5{sC3q!k
zXy?OFMQ%;>wtbnRRKeNIz@KCe>e1h@#B>Kx5WZm(T>@qt$#^iBW{Qw=)2AU^+1(IT
z0%N-F4I;ZrtyIx_gcuS?(%i*xZctez<Kd(not>r3d~k`Bc4R-o(_!ngMCtt}v5NVH
z-zB`fgTn{ucB4rg{PezcwCNjC2(y(JD%&!KQMLJx&S{2neu8z1kG1=!2yR=byNQtJ
zPQ}~beq^A68{Gy(?>De&y>M+@1^Hi1If@v1Yov<d<XI+M8sRqTN;xP;I7YU+ZDqMD
zM0RNtGZf^jkoWGUuT^+^lmzH=i#*3%cxxm65O^vMjpjp&eapIALw-a+`9hsg$Y4qw
zs~wlbk40^ZnFE1)Zrt?Wm^=GW#`Ek%)rdSY^SseMY$tS_nBl}Ok^i>1M~k`+DavVe
zhsVeD0-}{U*i#F2X>eRU_HBDuPiGGPw1JHaPJqCPlG@y;r}DFzA0P-aEDXsbjz*%!
zk4Xs^@atb$--Ik<M0(qWh5g|Xnaw|=h6n)P@x8_UZe}E9O?FC7v!WuSy_vG4#KZFE
zgS;D>*WGlfuOaE+uPpSytf!YzML#rRK#?mH^gWOQXhf)ovgP*ir%6QTw6?>zs*f%@
zRp#y?mV_dcH8kFddA%)XFzpXLw(UPgY__9`<SK9I`Iu8tm$A@)=Dofu-Jx&WIe6p$
z13@soA(Co46J2~x-!lm>h<dA(7YjeASrXq|b(M?&x#$&g=ZOU2Zf#du77Ol@n*ce@
zFer&%G2=s{7}~=PAi&Est-&RHdQLB!ilO0V>wQf$G~Q>uiJt51i{#F&0+Ah8@)2}Z
z;_zXN<jV2LBRHqNT=xx6v>|nF9**Q(+ER!Ln^QpIUl#gqH`7n=117J)olr9mWBeGt
zt6nK61}GA1N5o$-8l6in%k^f?wFG0ObuV})`~Q@%ZICVC)*D0gxCuNK)aOEKE#iB0
zVJU@R4L-&pUaaq`$K1VVA5bXJJ-aYhsH<Ru49n#WDF=5vZdtY8DI=RD(M?QN$-;$;
z`rGOpw?*2>2Nq7`?KXA7W(sDu_YA#a=$wq1C(zKu+K6;K&CVh<A^dgEZAXCe)bM;4
zdIm~yWI-d***dR|A-Wd(Q#uo?buud8zbUP=Uf&xLR1f~iLvRr`yH;l+2B%q#S-3;0
z|2>9Zzh_|HW9|e9K@|ISe^=sKYaWB$x`7(+Zi@Iy|C5CT+~p7sx3AC0>2~CjedbaB
z_d}}4+2iP90wmWSro#U|(Hl943}ABbC}e=6ve+Yq6_*Vsp6cFHCh;w!|EFi5aGvUK
z<^21HX^jef(a&fozcBv470Q^_2;+F`X46p8|Ku2vELdJs{}+$Dvu$+jWN#H+T8+PX
zQfB;rYL22K{{PF#wSl5fyBw#Fan*|9lHr5G{NG_^Si#;zzMI&Z{;5j;)xNkotuUdR
z5BS&+P%pad{wF#a@+a}6p{-c|FVU82=i@fq5P|0aTl0T)6$NDFs^Rvr`1kx8q+R#_
z`%SrIZu9?i4iwRo^8YJ)&`XX!v0A}bDgNhd;#TS+i~!czg=kMJu0Fqt#K;TR&&n8s
z|1JI?H_YP=8irr1T4U6r3+G8&rg)CW?!RMO5IuxMM*)i)@PA3jW*GKZD-px*QybnN
zbX1a$HXYn^U9P*5!i+|^Bfdkap(txCW-$kFS1-G|PP9MW|5$3QLB(LoFC)YJ6bM(A
z7cMi23zOz^&0X4mFW}&wJ$JD7<6;dra6Ie4{ldGV9rEgEZ+|+fIJWN`nz3ysQBj1-
zl!p5jj3UyW={5r=3S<v9L0sD37y2ynpHGEkD*<!}l#uV?z7;`J;(Q}X%H!+s7?@-K
z??>KF1<d0HOLLY1<NH6>0RIjIX9Xv&G=+zOf8i}REWnWoAXLys`**bXb0`s1<dNP;
zam<)Oq8~GMc6iKDlK(kP_%<GzepDes<~Jhd#Tjvu{~UZh40tQWIZ&Wb*n#&JTYLQR
zh3(tF6G*umlg`L?l&}9CB7u|R8tM);yEGU2C{2W#M?g_0MNpxt$thD>?csIob!3_>
zg*JqCbjq{{MO3=243?!5k0>IkvuwqB)B;Aa2MqYJt6+h>?Z5U(q3z2x81Ufqsm{Hq
ziKdnAS3*0AR=X5HR13<Tt+q8{0Yqf{Zbk)=sJD{@9V)--l1o>fSzZHvcp@~o8xKo*
zOx>jjB2mU^(eo3%pPQX_)p;$$xOaqDMJ0QyQS6F+O4ns2_WIY7*RlvL^Z^<l8&Mtt
z9s>3o+TmDl)`a=(55idGY#tX`#jjarJLi4oUT)YNKF#a|UHmy_oP-h~`l?r{@gX4a
zDq4uXDx&hFDSAkUQ}PLRP(|sZ>NHEGdeCPtKg;r#qfjdzr2fX#QxTPTV?8F$>H64U
zHg;Zj_z<C`n1&cLfw%~X2^#|9@S)Cdx<T?w8pY?ry)<<i>j%W<M^JzLd8xM!Y4FS3
zbbXm%`R}?6Xv}D@My28I4ctc^-(dBwRs~sQ+Kj--$iRYNVQKX+1IGmsOu~E(GBf&{
z;vzEjS{ijj;0&8lz$5~RoGp6{rYpOF=bOWKq1cbR8KAZsmOOJ~m_X#3#fR{isGukM
zSc4BAf>neaP+rOyfVH%v0stCEmu~vfVM=+)(t4HvZuwcZX8SdP-8*P(Ma(!ayN2~)
zdF3i=o-Zz&3qBJKjnG0rQ~*U_rsoEqS#B#gTt~;xD!<FImAa^-ZqM_=g)a@HU%et0
zqc~EBL$cz-@RC_NwgX`II9VUm%Mazr?4zM@3GtKKH%#wt?~dqn;iD`RbXH9V*MxBG
zKle6`y0jU$krdZ6o@mr21iT3xRjL&kR3E?E3WS`Se}CLLYZc;>$)B}!rNfxUnU=kj
zBHCtC*x#3qvF=-7H>%Sl?MgtbaBYflzE_J|<6j2c%Skxji%}sw`)dC=0FAw6oK9<|
z1Xv0|%P1cU>r1>cW2R=L8pub{h#=621gPtY-MwA9>}TTdrmD}&=&+yEDwM1MkeEf$
z3#75(BnQF_X(>7><PNqs{2RGSIA~TuXl-}6;t?~)c~0M4)YeOnR_c$;zOMp$H2)Yj
z_73PcJ*y}oh$=GX(GW%HC}IQXLDTUWJE@E`bPGvuR_7I)eG@AFMNUSGGUc3FO&%(C
zB3^+8N9qUw%sAyTgrWl+={9hC=5E&JtMqy6fxrZD@+vGc!D<Q!IMxu$BX_rI0;Fs7
zb{s_9qp$XAdg%*dsocZpb27Hpsp-DcX#<Z{s*A;Dmd&R(XKlmNVuAQ38sjl2=8g3g
zPBOU4k7KmdX$A{kKy$H){BG;&GVM7$I=m6gjbM}?*I?A@ILDx(9(6vLMb4BbYNAm<
zU=@_3dUTWM?@V<Vr+mZ3ILWKw)snrq7KKqQHI7UMXchVb8`8zqe63KLgykPtFjuxs
z->sA>D3`3^y}k_%LV~w*BP5GtKT_8(Sy}nU53AqA-cW5Z-kSJroMMA15CSk<WQ+Vb
zk^5$otWjj-?MUcGn;2;-wr03cl(gMlGbk+i1t$Jh<D80_w9N7cI?B1c`x5Kh=tRIq
z*y89qh}2RZCRAW)Yl)H>kB$#=gLS!rO^y}S9!MrsghAf<WUjRga|Tq<n12s9L@NP0
zfEo5CJJaJ&CO*b08+S8|BXNFC23S|q&ZiBz6oyYDyv04WlnBd<Ga~6TRQB5IQHJ=T
z`B2WUp~~DlRSl*)4@Dk2ZpxuMt!=hRjRJMt8L_YVZzFn!kzVjtZHgu2Y9G0o+l8^>
zqDLwXAK`I{aDL&dC$e<D=9g109mBPde4-%jx>EMH+{GFw{31!vIR-Zfcs!V+%C=en
zAElrY=GpU&7vJBHTKO9Ql5P{_7G)MQNOjtR2P;+@<*>ZWDzvbwSqD^4fM1%FJukk2
z_LvvgX&7z;zibzP$Z1ICFiSAyTN;+EGABP(CjY4E_|VI)x}6p&3GFv9XJYBE#H}@^
z=PGxbJPt0GZaep=u2LJpAhB#5i(H`dgQa_|PTYTE(>18?QuepKb*j3yH3iDaVeKAQ
zE{)OKQ0}F&t1ez?^(ryNgq?!C8q^UhDz9f9`7LflY~H-6&=!kp)e^gnrQHNg>sCY}
z04Y~SMJF;Hbu%nSv9c|JSVI;)Z@yO@g8Dfje0+R+@j<(%=mM44)@w?3JC^CT;vma?
zR!7lVjp~rATZbH~f<2AKwV~S#?RG8&f~e|)h(&fBaKT)OS>s~3JfCrvLlrO}Qd_;G
zxCCl;shxcKk=SRmN7l|+q?TAe{@~j5_gBTn7Z)&U?MZ+x@)P@}S0;GIRdcxF5Ghjf
z$}uSMkIIics9&3nDt|8{$hz*19{D+x6L>Gs9v7{8fB~3ssm~|s<wxsJcdPd&`rf3V
zv3wnUd!nel)EO}egip@HT4X1;VD8oeI?&<<rGwwB%Cf(d>38Fx2ZKBoG!r7_?L+gt
zy<*Vv30t&pW{_=(l}L7PQQV^N1aHSjb;pkq*?~kB^PoeP2??Hp5@29%nm8V%N<dI5
zOxcU6wa%c4Hgr5g<+j$4m><5~pjqX&iR!gGK+mjPo!|lTZ66kS!p-g15qZwAt8_*^
zvW4C63CF>Q3ktHf`tSz&kwzqgBfx?Z)p<VJGK4my8B1g=F3q_<Xx5rzCuQ235VW$c
zqjkwh_i28fv(bl}pF@NFFuFG90$f=)JBA~=f>&*})^8ZF*r47T*j477)-(9>YQvO?
zbiw!g2zQW;!Ogg>H9kcprAo$|#AriUuNvQR%mk<6L$jD`SAIpr+T}R*Naz_>={={l
zPSs2*$%3`M^&Cn{#xvX!la0HYpbpI~k@N|!V(58~>RrbTaCTKURmW9D;3dExXz7&*
zW*+{lAej-x9J`2~Ps%cj|4ee!pdl4G%q_+6QaJKuQyE$28{*gcO78WnFsR6%i@)Z#
zOy9nOO0IACJg0OA1bO(s>r1ARyOn-g@>8?4^lUtb;V*Zh6ewRYRuSK2=S<lJ_AHaA
zEQ#pRj)IHvcbVhxQ~BNLrMO!)VUi4}Wor$-my%b=kLv$6ZhMH;n(W*sT5dJ<rcM#p
zSZ@#(@R|R`SN_XDMkgQRo2?7L*foe$=UYc+mtQo`H+}{#Qj`e#80E>@fSUT@2eL+;
z{6R!dZG;mQP1<88TIdL07<M%y<Mm%Oe?S$MG=6mKnCa|YLU{`xz^pkHAlKpBB9kYj
zqZ9c04690*zyj#Z@jkXGJy1l4cEyo;T}H6;6u<c64XndVXId&rMWlJker4)hU(rJd
z^-(!ivF21z{Sae07oCo#i)kRUUAEjHfQX8=LhHUS@qx?TnBPE|#Gq%yM6d;D>n@~T
z5dy6;jo?BqSW<=HIUBV>=ihbwWNYn*5tcgA%K$t2<o_~se4FqohX&o<fVRoi-GX_4
z`1kV#HFox06J!#=V9EuRY%Wk9)=ShX>7Rt5ce^IebCz+fDJ4~IUVYWpOh*$`b}Dz3
z(L<g%m4|K(wbWK@+z`^wvGg@@*i?EK<Dy6RdQ+o-c*jk30{~HBW-i7-J~u({4AMyS
zaqIf~*K~jOs6euf9PO0VXPEp>4m{a|fb55TY9%y{US(7*O$vDL3a0t0VDsx)4=nT4
zK`Xi?BW-jED}wR3w`b6DWQ(hdKYl7txuT-iby-wYsi#w$c%@nuHb`nr$K#^Cj!f|F
zTpZ$NQLAJ~-r>+9vGE!yewBPCVOGA8F?14Uy1tUQ_QRj-UNP0IkdqW78^Pzkm*(>p
zvI+vXGR%3w^45RXQg~VKa+b9cgLw+Q4VDT)$gw5I9YG+#;{6(-K@t%u)W`%@DjuFT
z1OAw+(I8M$=hFFxj0wQ4Nj_y45Z#MJ#Ns=;oTkyxM8yD+d8u4(p|xkyq3TaULM1|%
zp`oy$vt4MH%}3ySDq%5PHv92yx^IBDFqZv!K6`@xv|T$UD!7Ee*&!#~w5(+E?c~z}
z-1;3Y`BZtik&#_5+_a4{QfIYLN=nn^KSgxvx_koU2=jy+Obn~TnA#c_K-06d<iw1~
zr*;gQ{HiXS!mRr`TGQ!G;mA3fz|-xL^ZiI0hcTb)LUFDFzonqox5(=vhrJCIonNF;
z?1D9&cl+Z@^hHe({g2APt&cS>bTvA8i-k)QLN>6~@2^U=AFW$I&i1NN9m`|pJVwsP
zoV5Gs1Iw2dD!k@)WvNevvBUZ4upqRd=yneNgA5yTiG1V08DD*v>R5w$lj>Nkq154J
zX@fVISLu#<Iar+y(~xlj_XHPnS@x1SPx}Nq0=E6)Q0J&;!f1J#9Dj2>i%fFRC)jhu
ziKGfBxKK5+-UX;is81<j>%zyKMe~fC0!CfYHfGGI*rqLJCws1p+TZTu)=9edvUdwk
zeA*to3>TM5%zS-yU?iW+99zj0*M)b>c`F{WTGj2ZfS}Uaqa<3*r6MM!M9F9TUC?uK
z5l>mAI`d9QS=OJc)}=TI#2B@cltJm?t*A|Vu9GIEPHQQJNWe(If}RYClh&U?iEVdr
z-FdC|5zghaS{kfpNlWJ4@oRfX{gOTp@2lbfBU1hMMCVC1LkX2<W=`z#?f0lwji9{{
z6#wL}KTFPACw$XXth&V2Kq>OdPkO#T$MC98nHd5T7=1Aldfu98DE-}HB)XN+y5J~o
zGj5Ioe)6AT!j7CP5+uL95gpCc+ro-97%C#!RJ#g=S7;<}-BGt)-!F~jD!hj!FUB1{
zsxi^dqcv$YzyB3kex80Mqrzs3sb&Wf6L{U{_%lu;Zl_5q#?xB`WOd%XjJF^KIU`f@
zGCGSdz9hUEkI3jV_EP#hla<>%)|TtPSNH>Gc!orG)?>WlDz0sGM$UYDM*M!L@}pNC
zihWWzuC>gH44%6m+wr@E)^1*RPOnkl16;hjN0d?yG&o&+rdzw#)?h3~1|^@Z$D+jC
z4Y<xqUUFey*44I%5L$2Jzg+o8_3Vt<P6kQ(oSfAk7uO~jC^F)CCHm}E^o-;g{51Sq
zJT;m#+|3o$R6V_ITqM$)RkiZV5IvToyexiB(7PvlMO|~i`7-2W_sw-~w&NFrgXi#u
zO7%t+=#0i9r%m`AFE{ZrkF+U}(N!HV=OkZ})PCAtM%BSUH<AEa8a3d(8D+e{PrlG6
z1`#UPp6<qhI^2*=TgbhLEXmOiFNdB19od~8a>(J7{lfBY2Gg|u`szzOq6Zl2#ao4s
zUYZw`T1&@kG->MiXxg(Upwh4KyXxLHgL6xKPxwQ_dmWsZd)}N_dk_4+U%b#Bd*l3Q
z`)U6lO=lSvRrj@V1rek>1cvUC?(XiCkd%@}8l;<H=tjD`hf=zc?rw(e<{f?h@2B~&
z=Q?Ni-fNw;emB~b_Z%TySbxbtk0}`z5ELOjB45QB-Bpvg!3^T97H3v@-Y*R)*fD?v
z9VTQvSA5>N6*gd^zzMr3)l*CY7$!EgANOwFS{oMABGXWt+nNOKB9BoDTD!j{tR{Nu
z9eDXlZbq<#f0U}ZK|_<%ox3m7eo^Ur;i7sL_xY$dSs+*YL^W)7%6;;U9GB^3WyHI8
zE2C?o1`ei{p(ihi?Wst}4M#>aF>o)>xPdm#KI`rq(;@y4*~RT%$7&Z$+tp{L>2ysU
zdVpiQ3Z5@zRcKEi|6#rMjKnoIqPYgZZI#>1(oAJ8VE_tJ7sOPKE<%gIF#RpW!lr1+
zU2k1EgYlkhup_*sTCE696=_ABjL5(9GKLEu9}Ve?4-fDQUOU8x%Wvte*UZ~#T<g^M
z=k<JLXBdN2IKdoacg?};Wcyfm6ER#|uWf?RV{*r4(TGHY?fSaD?VE5NF6-XvFP1v*
zJv|F@VbG1RM0T8q-Lo_N)?)Q}!12p`th7MA^+7;82pd9fdL5w8>aV55zs$R_cx*=C
zFEAl2fb6^-A<^NYAqi-h2e4q0Y}QBzbES>tl>&g^_5rv2{XxQ;gG6oO3`FT4xZjc8
z(GZ_6W_^Y)_V6Swk_;q$UCe3Q;RST}AP<XrxfR$P+@=igllzqR$IQEy!N)TVJ|R{i
z8@(&nH8KzKHfAcl+h5j)RTkot{nmpqS+2Li*~_HDUN;L)H<5nKoxCUd_s0x=RD115
z$xgrJeaZ0J*KJ$wdOJbFL|*>-HzUx>(!5HH`OLcQq>VpIc8O`C3ZEC$dRO7F@o>^7
zR$HTS4k}U!W`T*_r-T+LFEL|8AazW~U8{|v_x5*c>yB8ScIy_1Z=0zpJ&9$8+Szm^
zxm^szD(t_25M|p!h8j51N>YL>d*rW8y<HjU<=BYBfpgF65UpT9suoq+dL;V-uT0v{
zUW{A}6O1jQ(b1rMU0k3GjGPz}#VRM>n(tTKyLHSpr*yzOrU7($9iutWF?)jK*0Lo2
zJIcPGLL9MNn%8}BX;ej(tmuRJ;HK|_b9U`j0)tbxCRVNSH6MWyJ98@|I<I$?%<5GF
z*!$dk>SC8haS+6>G?e?0uTZ%}>eu-#aJjLOzT1~Elw}G_L_64SYIx47cXM`>kFxiI
zY!rEU)by@z$VBtItkxiupvw?isl&v8cq?1~;`^aYT@8&s4qIcp3~|BrJf+P%n~pAr
za1m++&z9bR0Mj#~`EE+#8ETzUFKci8iDr!^7pxeZFW;=|eBnb0=G@!y0eVk<JN<F;
zE~o|NLi;?WII_K$GV6O~8FQ7TmZnBZa;_r*vxL(&!!77#Rm4tchs3FGPdSNnffk1#
z**~AY-BHss*NWhPMb18(hQcSD@i?-e_Iu#fsZpHi>J@U!BOcUvBYBL!DlT5T*X2K~
z*{>n=H{l>lyhsVcrwHMvW23pmjX^~mSol3?yZ1)mAm7<>Dgq0^RfQ}nzsWG(K$%|`
z^(k9<z|QEYnDKEa)cpR{M<&VVUc7d*j0BXpb{BMX77Z+WWL-E;P#zX4^3}TGKla;J
z6@DgJxW&tk6&&;FJbGy&ktz9+UMB<7o+l~p<6QA>`!hlM)?Xh<zOR=o54Iq<;+P!8
zwQBd8@k`Tnq~SLj@8Wy42GQ0N^02rJ@LAzh>OvF;^8I{9a!6|buKAQT6;r(=5i-gH
zG_tSG4pQJtTGe{Xg|eXa3w2zoqf}-~ceP~A3GUT%&-szbW}AklD%rn-s`iU6EsJ|J
z;!xVa_*n7aw=(J;1}0E931k=pD9e9Z{l!4i1i#1W@YHKZ*~S_wTN~77wx$x}SHCJN
z+3_@N@72T5$EJI^Gg71^r)vYMWsW|Xv-?_={iVDFN0lFN*7>>~(YEzN?W3r2sJ#Kn
z(1$tTaELW2AqU!VW&oe*L4a(_Q|j=M<z^X`<xH2Nny1cLd`Fv)x2A4PyNSk&yHO`&
z7)^a`1XVz8cEonb*5gN000mACsEVFm9)<_+iy+X96oKD#vS#CO6{%w@^1H#4qBXO@
z)kN723Eq>YRNLG3EwmlUH9<LghR~g^qGy@5VhgQFQ`HEKbx1EKs<>{O2`DNQiyX^U
zwomg{=yPrVxDoAdJH5uv?-k3=i>|fZ_A$wuOpqOts=K_|Z=4OKM`u^&Y)>2F`Nh|0
z9Z1WgBQxJt&||c-Sc0?Oo+BRcf{M{gfEB$TOs9w^E`+n0k52X*zjItN2v*e{90>yB
zr#SBq=am0I@{^pS9mm10Y5*c^5`&56n%-p4=71psto&!9hL{QGw|npUF!CD83tfGg
zW+4@`R8;N$lI`yv*Wp)Lt`F<`<mZ$maD^Y-r-CrKj4)9r!fgDjuHild_TIR~f4UmD
zwlrTP!OkbC#N8EgHGbA3eQfx0W3!t^rq5uY(-|ScjyJwrFl&D~^$9EH0Ef@O5$}g!
zrmOvDi*+-t1(1Ra+p#<x?DsNF0)QB$GNLHCI^mF77=tH9W)kstwH%{JP5clrb{6$@
zf&PACJFX2CD=Ss^$JdkaT<V3q2dX#>BL**=pMtWKgqlwhch;d=GVfZ-aGbT6VVUyW
zRdx%#>e)&PFV96zY;MnX;=XEZccL;5#V5V5b^1w}Gsm!W&0NhBD?SS`!#ZRY4XAOG
z%v4WOKS6J~%8FCSd6XF^;ZS_QzYR5CMC;b__O(5XGrJ_LI30ZsLT9mFU@UV#QH7*e
z%C~fqzxdQ76c*;IWY0>LvNay!hClY1?X;rC6+PWF)Q;=2fC9(8B9HurBFzt$08H9w
zYgFpO?P4KS2Z>9}%~GW{MfqPdnfdkOoOq~ui|O6r^S=cMTD6xjofuv)#k4OSlRf(E
z@710@DswNL1`5YN3wy^f@?W@*cIjTI46}YF<(4dJlg}?SaZr$4-87fa*JqZ?(MPYs
z9_TWU)aXghw|5tjD(W-O<)WK1)_ic~Q+;0GpD#1Uq6ZXlWTrte3dPMm%_gc7sa(4w
z-<!d>IMJ*^ZJ=R%8X~e;I=~(bl^hBTTc0~3r_0_tDh;tV=sUDuT|T-A@1IPVJ4{Hr
zHMzEOC4Kv>gmTUlQ&HqGF`ty`%u<)CrO!HFLB`Xk!BP6-{0g;`4B#{K5gmxr{_7A<
zlOZIL0V^~5303n<;~G`HH?MEm3xs<!NJpS%40EnC#~~<)+r3&p4GF)JS<xFK$N4l<
z%^%ZEJ!lRKPM4<#_<8K<@%p$jUb~MN7U#(+`_W%?3DP?)PBA#`vSwvmMwLE=HYk<S
z&((f2AX14vEIf|OVnS*)8x3MCsY)b9%+nj(Qa4i)u)s;OgH`HIV6-iJcN}qNLzOv8
zTz_&;ZCN65E^YIT^#f-p#lf}sLDg*j^c=;i4=ACKhDv2)k46)R9oFfrKbxgh;MPG<
z2Pyyi{reIFhoY-*O(IDh=cFFz$%ZuQ!Yyi*d@t#nD_mrPpoqR}@R5uz{YF0aMBL9!
z3`n<SVFhmyiJS$bRH-X1YR#!dVb!M{+cVVce!@PXK)Q`Sed#UJG<NJIyz86twDA6Z
zz=b>S!+sGopHEmb#`^)}bcO|Bki-Fo5}#9gyvQ5UvUn~;?i5rBXl1$gU?~a!JnxJz
za!rjGS^Re7ckZ?fsY6N5&Dviqww5P!euj?=@Q0U$ZsfXwHRN5Rf~NH3V;4kseg=$X
zH3~tz*shk?&F<RRXU5_-F2|EL)=CV{*a_4KH6U{bFGd;GXuq20-XUjtg+%FJ5E8Up
z>Fb{Dt(9idAid;%U%0Pbuj-74!+RE^R?sLEf8S`3Mzd>MM4K-OdtG=w9cZT@h>b54
ziU&w;AgyXIq8AccD69*SlKS?>h3sNG$tF_m<oDME#5f81cM!b=OWn?+-8AYPV?))O
zqpC;+Wmy!K>`Z#u&WI7P7A1vbbWS3cp|tqq7U-iAtny(vOFvPK*a_HP!R~X>M>vqf
zz`B1KBORW3r=(Bq9730VZ(#j;KMTO9tN;B}?@8JjCF6~Jv563JnI7wmtAXcB@qUJE
zV_XGPj$u-<aMahTvBcPZDrre3q*Tw*X7%b?yO-hpCLRQ{c>QE1J=?fKSgYg3G8}b5
zcl&~W+n(hmR{wE!eE85UlXg$|kz(`NwH^7WJsz3FFE$Hrik`^Pv{hBC-HJW|5z{6G
z%FEd0RpJzA-md4jVw=O4cF|nBi*6dae)Vcw_UQY{WIM5yZEBa}C(-D4(`p86$|Ch@
z+exqOjuf)oKxf2`b<Qa;x<o)>EKpOe0(m;;!PRLnT0Q4*r|EsgyQ;!Y$S=|XJ-Arf
z$wJ({$z&NAOR$GFtvpVdG|O#iaw4)lDb1sc+)6zW{yc=)R2f?6?0>FKe;N6yXuFR&
z)Q%|4G6}JVUJ<+4kmWuzEUm6GR)-HO=q#2NzeM1gwAstC{J?kHxE|GKM%z{1va(4q
z)WQ4Y%))={_MN<YqHa~sN%In?zKgc(k4~N3ske6`iRXp5zymcv(yjw@vxd@_?9bD!
zxgJBr#DP`I5j76A-b9b#U{4-*gJ`emV2^3Gc3o8#Bdt}G!w~rEhuRJg{WIO);N6LV
z!|02fz)-VWNmxDqFEIdYKZO}{%`;RKBG~#X=Ek&-_bJJ8XJm@VbiaxxB~Ad^=Q;uI
z$duEFA5O2Mj-O;%#_W*P+?IHm2NJ!<c<g=sjBl83L)?)y1xo)g+|vVWO579Z2qwT^
zoBTZ5t{$@VpC?`uCl^&8b4R2`hXYRuV_i>qx|!=KszTh$<$zfX9TC#?)mxi{cp9+}
zu2|R9fEnoKBN4o{sT*v{kL9LsZuci}?pN5+LmJD#X15`u;PCgvEF7<)uKsNy{^Dyr
zbrHK{xbGC1!|66bbO(y45|n@}Iy?;lPq^RcmSF?6Xy@~JX;QtWInv6&+&evOs%suB
zAbC4IF03HD#IU!{l(TGaez>%O{X-#^?b~5*fB;dTV{Ya3#8tGg)h26+vYNmc9Ac#_
zm767;V{T1d!SJ`zI7c2$G>SK0otRnHC2bITWQt7+xab7Wf7rHB#O8Ehcr0(ZB|gsS
z=eQ;2KvUqFz4w-GhfZI4sG7=IpuYl4Yp<&x2}qa*x>f-Py3Tb1zPG(<#f*u<%f&d}
zY*Y;sR=n<@!ivNX9eEMTM;K<UL(&!HrW&>M(^wTUzMd01PTHDq$f$_5gWx<?<*i&U
zN6v^D?z=%kaOpXlkswQ<>HVmItE`-4J8k}H3W`EK&qiFIz4?-Wu&r{Pv+#BI75vIT
zxFKyID*;hjQdU-j8l%ENuqsPhFj&Krroeu%9{EHqzL-09BHeE0!W;Mw)|Ku?Nxp@H
zY-^A&)v!+P&~25XW0w;^N*GzBaWSVULwy5P+4?DFSk-f9YuqkW5USo3Q1OWg`RFF4
zB{(mOrq@4svd-IW;lyawR#d&ruAceG5GSgc0DR-j67T1|Pv_LFz4qmjaK9$x$I;ro
zs_q*rxVgURhR`op7A0Yx;y}27W9Pz;Ifnh>MpgzU;=ehv_E8c@l;v@<0gUdRc^a{v
zDskc9S!2&`O5fsP2<uEOP<RrG(&4BNkLc5@uwb#yj({G^?{hIy-@i@uSFo*Tvq;Kr
zJbz=yJ74A7YBfAN(Nb3V*}-FZ1k&dFi7A|48X6Fn9(Ujh(m#LX&j){3OJc<ESYXI9
zQBK`lvUXeU6lK1fO31i+hPwKlHBS~lQTGnjN3Ho)wH@es4a=xD4A)m}s=~?VZ#r%z
z5VfI;eb~e}ZQP8XeX}{im&z%uAX2J${EU5nySB{arWCyZl7piTf!)s(vX1X#b%yED
zl`EF?Ml^3v8)!iX_67jdDtb7PO^?+MQil5VWd|$^>l8sO4;BZjpHIr%kr7SV-kr}Q
zo%5tNcH!Bm9i+#49vJGLuF$FiX^?Vta8Z?Ib2=?HYc#TAyS^|EKMbi6b@yW7jmg06
zBn0gjYMtY2X@-gMyst^PBG;=@Om}ywK%o@B^semtF?puu<zP|e<}3aFmQTZ^BJYHE
zj{#FDTF!NpI4!&5==$Vzcxdmrb((uMn<>#0>%fgYdP-cdxi7>M<%fGvY>$9fNyo!E
zijM&BC$AMW&v+IV6wzOr^qLznBKBp|QEj;8j?;h(3wYm$Xu@-jKMm_;O`NnpYMv66
z7Hb<O-I10LiyqCBGei0@Q)J|Gt3%L|4r+l9fFt2qV9S1Vq%riM01<BlRcCfxjegST
zlJd_`t`IA|n_+`$Wrs_&p+vt~6>Q=5{#WK?&f68z?gE_2ykYmLGBXi%eXUi)r|YKS
zB|~uDQB55Jpz&pDl-`7zoPZd~ys1Ot=1=6ehad5)L@vJ_Q%Ee~74l;(k7JAH!^&zc
z^tYd`BX_<Pt<eb^(Kt;}_5n)B3TLT#q)<pjz6^|woK1hHL!boE4@+_bhkBZ+Ehi?E
zWBKnb{XJZC^|2f2>J_+e)Z9ixKA5%c8>XCWC6X6dm1t1sD-U}Ve2w1Cv2fX!J^j^;
ze5EiLJI1o+8#n;)8W<IX(>+ie6!TN_jKHFwos<2xS3988y{V{S?(ownBu|1~Pr60_
z=DO?Pfc54|>@zdG-V5ul3*j&Xeqg#Z-OS;%yS5~?r?gADs#Ai?&>6Js_Cn`$jAsb?
zZe%00dR5`J(DrkgArkPakCjreVZIPY2iq#FB)Kbo$-Ge!+UUGG!NW9ZG>!8&pgP0t
z<=$zGw=*_7%NMK&WW)zSgM)R)1TK+zAtUTN<#pq6RhbU862E^u?I-(zNc>)DoOW-O
z;*GpdHF&r7@WRK?+bWqf>V_K%l!$`S1NFoprG5C)2z>)n4|)bzz{)twDn=a-+5uS3
z?OuJ8nw8U}nw>py+%@n(la&+R@WLO2KZLlfkx>P)?D%e>Uk(10&1xf3rr?8YUQ|F{
z_7yTMZ1i3y+VOr~k61esz#H?^mB`x5+S;R{6D(Bb0WU+p>Z2yxOofA$gS8W|vhVdA
zCq2OQJkXcddX0Gd$1#10`?To~ahZCZLw}L6vW!^Ll2mu7k&wJ9MqA~(+i_9;n{J^U
z`!JCm2k0L0QMc&!u`;d62==Y@ej2lvzxPH&+A<DHtQv-?wZ<<?{kFMJYZob0aTLj`
zT9GG&5~kujo7_uPjKB;B33;zK=Q<flSws2Z{k0L&R$=`g2=+5I&UF$W)>v@paJC(@
zJ*#YW_^2jS=mEoCXhXjqfw&8HI(?nj40Nk4QX!-OSHS_BdcgX?y^?^5EkVx~ml57K
z06OqGy6h`X?8ZD_%l*=6+-D_^?Bz>HmHf9ALEIBKNt@uFHk+3{DmI_jZ(O)e4yWSZ
zgnl?kWDN3G4T=pQLxV}E)W(r2KE?3AxO+@)C?^#WKf8F`IA;}1^$+$%6Yk7Z2^nTx
zF7FLM<7V|eUM{m~>^+D1H7HPr+?dnj>|fhy*X~<cie3akBnDtZI91Yc#D3aIPo#D|
zc7}|~_i5B4dW2;YQYCYzc&V$Txl_IYtdqR+5A%p%jB-p)QC8s%1o>XlB<1{vqE6dM
zj%(Z06Q;K42+@iK>Rey5&Rwe(jcFP8p9Q4tGeWw}TR#vxRc2QNsrP*M>{{;Cl;1~m
z*P68qkSSw&>|Wvyl&w_<3W%=+W~Inj<ulvRc(-gTPhCWkNIKo35NdeaB~aWT?Kr|)
zwXl>qgp&nLChuUune#9t<M&6hO1VR<Ft3K@#yhl5%HZ+6LscPCAC$%Qv_b6ARaVp2
zDq=`hOlB4Do9r@T)yJRXu^aj(rWuj(-VwRE7^bHkA;^W>Df1bdcQdB1^8LCg^0WJx
zv}Sq~A8bsdrD&g^!E=*Dli$R_EZ9y+RjMREy~Gl{nS$*lR)UPZy_pRq3h$QntbG&K
zeP}ox?s|O=K=wWfWV<MNP1rQeB6WJvbb3`Dk8^iPyt?YW+5SGQ&6PtEqgd=dfs^_)
zcU?#*vX}zi3*m(`qd{yBtX+d2OITUE!&x}l=a#dw3=h_xTQ;x6iot3!vYN_g|DN<y
z|1jJnyHCA4vJArlMtbEc{S5yx>;zITPw4u=@F|+6<k<PNc!{-d@v!ztVcL93I1c{Q
zSt4?){zaC@e6DwX&XZil?+-OVmXNmmL(s}oFhyZSY@SG0COmqo){i{`za`jYB~G)?
zzKaT%l9w|q$sB&<bfxY`W#*eT=z}V+3Da{G@x#7?^k2QVeDC}3%L=&k5-m&Z&|v1M
zZP*$e<zBA(qc65d=Ahs7iC^4BaZ&Kho2V$9dOBQn)yic#37Tf{5HtuG#5wjd-N*G-
zRcBc{YE(cB3|_+wO6|I1jwGU8{@uw$XKD1&MGf3(5sDcpjK6cH<t+1dkG;kWXb9c-
z^yMrk>KpbIqEb2JCG+`jN=E$)S{rg7XB}@j&<zGVc0ESpUxpH{5@`yg;mnlRq)N2P
z)F8yMBE6<1(s1`8q@gGk$qh!{Em6-`!)nAv6zY+9vaYY<W^I_V*JU(=AuN6dxts4x
zj#RkLb!L%ZdrXVV5c_E~^ACezAU)AX<x7%_aAx{*rZv8ai|t%1s6ocAD}s}q!=h|$
zuOLsM-rB>twb&ZMSA~uF5Pry#V=ZbYKL25m=@-)rwev96nC1_P{X&ICfpuw;a8x~c
zf=fk-psMS*(1#Bd5WU&s=b;4>tAau?3=fF1R>ieyFA7ZWluh;A>V?drNS&;OhvWX!
z@$N1!YZ!xlF5XnjFRU&uE$+y*8J)=ZG9fh#f95ukIx2dTBVsWPd{5I_C&_Gq<7h7#
zHW%R4oex`k4)yJ_ca^@&n2*y1-bpga)0&Ud;@sQ-T4$S{?^$re#oT4TxwipjJftYU
zy!XWs{%S~7`D5Y^EKeJF46G%kN49Y-3=L<6sxP%69FdW4qpfBV$bSP<Z)t)c@jDl<
zFC28^eC8G9Vo6pg#CU4mQws>y<KZQM-_s9YL{@!wM=#tKRHd%#e|>sKq)Ox#&x8(4
z(ds5k#d0hCwIZiXxO9a2cu)$XA=rF}Bd160B}Fw6bwqfOxLQJ3@byzd7dcLBtz1=@
z4Ha!k^O5RlwlCwga;Ho#nvnA5t9OjV>$6nq({nN<LA(C@p`3ScIP9y%*je?h?{;dj
zD_cIdnTXo=IAmNes+28CF6afyN?*WWDr*=$r|u0$uer-}H6<4F(argu=-l^9$0RTa
zdqnA<*W~T2UMd$lWYBz%G24UHZ%fSyDJs3zi)4%N{E$r{;n>^FcJ?lX%Q*aTfz}K0
z^EgUX@#TbK+$_7thUMT=a0*YrLrQxbJPc+uP!t8l$_gO5c1F*Or&~tBR%$@obs@%f
zD*e8wA}oB_YnNp^W@;>9$yk_A{Me=CIkaf_ThWV#-J^e6$X3DJKK<cXlC&FWsC9If
zCTf`8vT;4qU2>FUysTsZe-1{FzE`k+yV*_1z%$UdgtA>N!ZRNoHB6f%Dcm)yyu&$9
zq3X6k!+>(aU9xXZy4K9m;AO|iYx^LSC20lsMt1z_heTf5t82Tvbph5qo|3yB&!3e*
zZ9GvPazB+0$kbFV`8;ha3#P|)p1}RVu#_3=>Uda@8z+R^;C<D#BX+lJi>%}$!`L$I
z-Y@_&rYde|TCbvQN{+~{_)3+yfC)%<IJ)m($g%rvXTP$=fR%emQv(jFpo}f=iCgR*
zH4NIdSCp#a*UlH9osw=7-7G+A&@!U&byTAl49E5=?5Qe`Cj}b?)M!rfgAF|&yz*<y
zmEY6T^B_&Bsh{h3U)X)Dq6{uO#Wm_J!2-JC0Kbnkr6T)U&Mz|`HS-nh__hP4Q@UzU
z66)_0xH3Lczqj#3QOOB=czf+i570ywBcq3_C?f@^Hm%PHHj{N}n_VfWbuXE-Dg(n`
zz@2^J(jR*oK9ta)$EwfzM1wnv`7qIxbDcIdotXawgf01T*aMYE=y5M!+-(JL{B@L8
z49An-G7SW#qL@vUc;ITyl1Ha!onQk|n@&q0+Z2W8Unj*Feux<;zgmly{%$rTy*AN~
zDu_Z`mR4ue!CbJ~i(o91p2Sj==gf+oC&B7$Q@vU4q<wt|pmG|yOd84wO)#5)F@Vo%
z`%UmO71%)jxS}VUc3J$zQ5vXidWD8O070c4HZtU-#UtUT+!Oq&V_2sQOo;GQs3+Pg
zPOJ|&k&U1isn4A=bxvHZ$#VZ%MReQlH{i-fnWuNEAR$?@LDi9TnsjNg&!!0U!ku*z
z+J634*El4ebZolC?J9`2;z;#DfOB-T8hy|VsI~sgITM*SZcLt7_5w{az+t<{pNkMU
zFJP;I+_1HG$4)0%WwA`~SvuO9dV9Su%%5yk9e#bL=i?sA&!RYg+bVOQIUe_thX(rM
zq|eNIO*2V?T@W<;9fxZ|L{=GIKj@M`fv<+jl$4H$8&+`8(R!&!@tYb1`eoV}e-N5j
zrOCT>#XhZ+%s$3rp!9Gf%f`WBscc~SppfadOYn7IuH!+oUC5M(zfZC-i3`!{UdyIL
zS_TPgB1ntYy<j4LS3OPDSoBhvu52q2_z)OuLd~e6X@$W+QTuY$&S=u4#=i;uK6FTr
zSXBRJ7Q~XIoRWUeWPw{4f<*F;;>2;1$6>OKbD52q5gMr%{M`9y2NG@n!FUbpvC?iQ
zvd}2e_)1{a5Zn3C^w2JG`bo2`=eed_$Vcu($V03!KqaZ8KYj(!p1Dt@#(cj|Tx;i&
zi5!DGNJg@(IK;_xr_Pz0@iAV`XmErfcr%$JGyf+h)t{~S{Q})!)nd0IP!)~_qYyx4
z09DqPur*Q8H|o6A(xYD`YTAHN)8j~Kcsq<3#$yPT97(hKcAiXqf*fRho*T{iJp7<D
z_F0%Zd6}TJ<d?Ri?gzx$4#04TC;4-*2op|5NkK(SR_JZzfn!?v@O9PU3^Za(T~(AE
z1<28+%7<xFWjo1sE<?@mg}|!JW(sKE@zVyy$Wv6?ubqSWHtX@NuFFb`8a-ni{%J2G
zcE0_B5V^FE+U7+p72bM5|JLo#HQkERP>O0NV(e@8eKs}PGEGX=9AV9i0=HadH@_>1
zgV(L+I0+xN#Jd3Qrr_~4`9{B6_9LFsj#F#TTOqc~QN{7^Uh{aCQdQ65xRa@)I5F{a
zS=slE1{PV33xmdZ5;Y&;PE)RtsP6BIUb2H0<V%h2hqQI_6c=5iAC{8UmF{DR+?E}!
z40b|dtnLQao@2cCPT>gXuWWR+XRt!pHbO7b`XLP>Q!*MlzK2^RvxKzBtV`DPaiJNj
z=AjWJG3g{8AG*b3-tg57mxU_+3`S=PEAAmffY<zk^4=dAj#pTpX<1xProw!p)PU&+
zZL{uMB}tR1H8yHC_PtXsixbC>0qXM&A{%&9qWS&gH~BvUa;v8Ecq`lr2e^>~X4#I*
z(1XrohSb@r|0M75Gbi|C;E*;0@`^+K-9Zm3(qBf1QL8*F7PM>nOkAhvOzv|D>~T22
zmkn)e1@}H<X)_nA!j*}EN(6}%ege!@PuKZvPux=%5zdec7U9Tk$FC7YZici*&(4f~
z1_hhS!AQ(+GzGK&g#FPzJF=m+dSLFq#@D-79(_7%j7<uT8R6RkiGhudmll>O=5`T5
zhI4D+)$&qwjU2)HXZ3>mFWR#79oP>;librZ=XXYC7n|C$*L_v8?WNqQgF!N{H{?iK
zL({dyRLjQNAHGkdzv8s&q+Bu1xEB9uJK;K478YlAA6?47C7F}|=ACC7R%rH-Bzi8r
zJWKl2x<5lZ<eohnSEiB2?tSsp=mdM09jz+qlvQRm7-6e=WnN!jnRPlhtfn<(*4+W=
zW6=-0<2P28X|pS(IDUCM6KW0hQ=GB5e>91w6+iKbuXY_x1&5i!7mT{T*iny$Ugd^F
zbp;YO@9LI`bXQ$o7&m^=<6%N$pL;@?2t$&v>j*9~b~iP=&AE^54wnkujUk40QHQ60
zK?Jcp?*K*_q61qMihrp9p^7ftOlo>8Il^h*KYKN32$bF_lVA7H2gI&{W%9+QXLI4v
z&@AgK6LmUl{2N(fL<DeQ4wz8Gg(p~`SWzQoN;fF-{G}bF@0~qRa0~Br-S?p-4=mMp
z7*BsS@vN6bN^A3in_t?m0`WSS=~kKMXUhk6;=V1h`>s*zu)fSYZ>^l}0?Z`w_yK$`
zC97F>X!V%&_-80DzurMRoWYY-!=EP5XOm@B(-To#t>uxN?)BUU)969z1B+KArQZ|x
z!Ts}6!P)SfjQ6fQ<-_VF<<l;E!An72{!J>4ynB~lm|tJ2(<i;lVNL=<+y!(cIULwX
z&g0cU4S`%tNS}3av|3KeJ=dr{jFWuO)^0g87%9AKjAPux>xXLI=0lkI(Qm0~X>=eT
z$(+)id~fatIsLDS0@iIB0@nIybJ|c2)-+r#q^_@S#;j~okNFxM_SA`S+N8wOUB)%n
z`1^8%WgA(Y+TAbyieH7n3I+{HvppmBmwb1le>@MKcx_~9_JrKNfErwc4v?}HxlPi=
zZrLwK(b~Hw1WG7u3h6Op_E#);6ILz7xK=geCptvK`veJ22ogHF$mvSJ<;CR(;UNVn
z8k1sKWj}4%mICx0`gXtRa;wPH$HiP~{izLa^=*G_LL@dZfNS3+?oh#$=43i`*F+m)
zmq4etZu>&iZCuZ$9ATXn0)9Km)~R)rc6}l_<4&w@fWk5<b2j+V>xj><S_Pl2%CxU$
zIqlb2^Cfu&!{i73p{tN0mDu9)0LO6(ss(4a)YT5!YoX``ZS1N}?Y0izhPUSop6ms9
z%2nmL;!KqZGoF+u2cY7n+;cBVf_+dmOROGM(!ktSo-4ZH<f^brQv0kV+g%Nwta&Sj
zpp@kl&Esji{BAl)=DY1A=mI(cH%T2qH8~j{oqIcvGnyQpe^1Tyn#fvTgF`k88%cxJ
zbW0n+L3&w5GfW9`H;thxTR_FR{7UXhSWolnqWX!n(>XI4hROqUW#he&F58*wfk3ni
z!g0r+{_i)5(5R{WXBqemvJod)fz<lg?-utgt3}KuxH4**g0U{v{poXMJv$EVg;X3j
zD*+`bVI~J3;CDLG=LYBZPU0`X(Q1BTl3HzM_NmS1N-ewPD%3R4@EoNrr-A<4TANSU
zgDxtH@x4F-OwI8qx!i9%J@cpa9C>F}GSYD!R&y6~%gc&b<(0V@P}tV!b}pjAns!cc
zB6r974{NwMg#KB5c@|>v*bWReU_+s9_uZ5%DBX~=oLs%v8oPMDBz<8{+jfv6dZZ2~
zmcf)g;xh!bnf+a*Hf^{O?INCW-)W~#*CGLC<!7qrUf&Yz2hO;$Kc=x@uuAbYcX?%e
zwWA<>UnzM!K7xMogLUH7t<4bR3Z@mc`$Ncxr?79E!f{>Q6<l~4B3V5b#R~K8lJHCL
z(~`7Mvf^lV*75h`Ec4b>lC_4c<}K?>dsL(Q9<S{gmWMf8>(9`vs7o%v_Z>yqW^1#r
z`~9!-!KM>O2ht===55w;a44%VHOAdiyimc+otANrN@O%Nh}F;Q;4FAZAI(mbQ3eIx
zO982yLPe6(kMp^3#;f<+tdC0jE<d$mm3=lTZoat{1&7I;20YilRLJT_G>qLa+S@8L
zTDDVkV*|H0`V2m*AJrc8e6VPS6ob!lpAqM(UregjH>##qZ;%$g+J;9d_F*Qxrz(va
zTAYvxxiO;W7iv(}5;Cu8$Otkl7JC=yHT8~A@TZ*b^RasVppbBIv3LPUX(`ipwl@P&
zL@+5j^{~|VgC)KT;RgS#rFuOXEZ-88-!T{KgE#~m1Erz@*b#=p!8C52E;`;gnOTSf
z_?r{z=kq#j$#U#9(mc9`{uxc8xJg;43rhE%p(J-|F-UBjTvV##nV2QN7?dkO7u#tZ
zN<zA$W{~?>)&@t}(zNUb6>Cq7iWtSiXzk7gGyDMwo!AQ@ui|66UgE}hhql51Vb-#P
z!=^M_pRlm2!s~@9zwD<I<>aqqXlTm3+oZgYLF0=ymS7mc(+Y&8`!&52Qoy-!fQEoC
z+i|JZ@42-#7Mt1fnE^ed;_Iucp?0Xmw0tsSVo8ZCKiZjNU=Cb&t?!l;(-Pc4nS!o1
zgYA~PY?~p|DWAXFgzq61iKcL`X;w$@qkI6%prucgx9p)gq!KlxG1=cg@$aBem(j9K
zCQ%kpRUZ@@A^c${+WI)dwLHnt<o)18r<7R0qnngQA}fesz7UBwFo_2=LlWENkbO>_
z{&U@|*<km<>T4CdjaD{Aaz+@(U?D;HgjBS^*dbav@RtTznoT0=3uES0v(85y5kIDH
zBX#$=*UAPk4UaA;kgOuNCfzyCzRJa-np*6O5}vP+H(sgT)ODHMlRkBWQbMI0qMs^y
zB5RT!i=lB1dKIOr9C+xX%eK6+UsUMc|C$d%VgKb`tul@y(15BM(`Sm1&ofQP+D^J8
zzkV$;KOFBU;*fak)JH?Tb4>CY@O1Wd&zua6iRFH-Xee3uh56tVGAh>SQ(m4kQbHn0
zEL;+KfqWh&%H;1Y(Mz%U(|eIehH3oZtNKJ{v>|GnF{v8T@$Sr6X!!@j$W}^ErVn}3
za{DhgNP0cziDjR#fV8*G*Hl0KCf?p~@WlkW<16#g%C4~y=+_1!qaMqg%e)Ze<G_7-
z8>{%U%VERnI7eN}Vdl?M@lNgX9L;&VrmpkM`-W?_YSYfE(|MZSUN}x<wmElQa);O`
zDs#Kb&BbLHHbO6N<<oVLS2SZop85O95+ZhXfzMo{-=^7h3Ryo3BG^2Y2s1vYvAlCy
z#{^}Q7&fwk=xypFv?ua52a`tacs|m#yleV6xy<2Ys4v2#p2lnTic3Yvj7~{KR~$@F
zbgqIzzD^##Gx;=tSufyph=#YsVOS0Yai>{|NFnRf8+#sTvZgWvN2_gMdQAfvsycOj
zeOF1g$24!#*L^>UB5e)r$Zs0~1vF6S8IDg*=*v+p1Jve4B(vP<uZH06w+fPn=Q>|d
zbUVCTdP7s)r?)21f$r!Ea6rYSmY|}t36k6xTu<ce-+^&A^^JvIukCKb>1%hMyhpM9
zvO4KX!-A{|0-F#v$Ev$_q<pvEhzF3*WLXbLzsaHbRA=#3^dDhF9Pv6`>~6|pg7aVX
zgfuCsdu@^RX?wwj3O16^9M&MJw!CTFbkPp6G%7?Z@v`j^c)ijq-NMPOy|&oHgLBve
z$8XGgF<gCog<S|QS=HJB2rT`T!|uj%liKEZN5AQif7mluMK;5xqAednBZN_##8a2%
zRojy`iDR>p{Gue)>UeH|*^Isv*%u#d5U9UNogi!EWEH!gpTVID><97MStJpWp^>y)
z6#a}`RL_Bz4dD9~F5%t%kq>Sb9cY;|&4VD$z~435qtdyaAyNi@v5p;*7Bq12y*UIJ
z?R9?w=6@NX&?7?HDVS_>@G3z*V(jfQDS>}h>+ep`6@cvm#fGM}eR0u|35~?53@yf1
z!B}rMkVTho;9<g`4=kp26^<(zN{En-3YBL-z^9M)7K{zam)Z?o&9iywR%tn0@g5VX
zU{JH^!w{a000fq?3j4fy&+>dTgC4@1%VGC1YpnZxQdmPuR+gbq#=3y6#LJb=>~u#0
z0`oCzs_+wb94ef7ndB{8@N$sRAy}53sU}U*`cMzzm4B}~*L*;FQ$I72{I2jmaJeVI
zeS<Ga>5`FMpRw-Kuyc=Sn&-Ks8}SQc`V=LChfd8!3WGOo<N>}R0<=aN`yTEyN*XvU
z<>4eVlz$F#X9Yd^so*NK*OOfI?73YH4U&I5>G>_R<b4gxl6L2p_~|%dKy0a>V!&QZ
z^!aSdkX8mOCNPj+ro>Ifq%&b`3R0u(dDt7BBz@~jP<K&nE8tA>za;pT-+z4VljX*%
zQ{8de$u#TIJ)$^!BYW894`u#kvePFPsL>+-rjf-&=wJYR9+!Toy$*4w{4ZNxUpIHt
zQAeQuuXLlSLgtVB{}m`|5N{qM=S1|<dVTs(B_@~qCu$S)H|0KvLk4CXkRu;Vp+{&?
zmWL?QDDYn@y?~=Zut{-J0|&LL!8_)Dfw&3~RP#-_11j%kuD%U=4@6s7bib*~W`gpe
zN$N^MlUG+y?&C&aH!ibZ+ZK{8#s&I5GhhUn7K>r54UP9uNaVdQtWp}<1o4XeUb1UF
zHd_I^>dGJ@ZHvRwf6yo$GrTU<=Dc`;N-h-(oHzp6Uz5&a+}gU|jTJUSiDs>8?{Wn8
zE>{VL9=r!gNb;{CMz4!cKR;h`0EgF@3Ivr0pHj+{7SwdInvl2oW8e>siIDU^lZ1Wp
zu3kU4?bRbDWCE5r^y~rDp@*$|mFd`@CY0p*3#hOV`z0teEiZ;oj+%yMr?T}V4g>;8
zt#<B9vcy5P+1H-Zk?1R+at=_bc~SUp7cgy5F+W~Nd0lPE$;KaXv<C0c4g4o46o~V6
z;cIqgZ%X>pdCPX3JTzmpic5HZR>0?z)wnvFpGBE^BX-gr6D)VGA5^el=d18zDlxFE
z5-gW>+qP%!{OWP$-iX;^2k{=x1KWBmE37`Q-VTMJ5L&dew?N7H$N9f9u}_Lg)!v+x
zI!MEk>ReP9TEdCrZ;}I&GVPI+o2tM3hJgxg8=82aT~xHA2U?0cRD9s!LU8VX>yd^R
zzL)8i6`uZ85Tg4}qz_3^)O(Kad@B2;o-9M(y(zFw(!*8YJY3l}!7;&J0oKhs_AAN5
zpU{!m(6y&sZvI_5eeIje3Q=ZMeYY3eNYYNBn;Iaep7A<-=8&UT7FbKBiBW%AJjQ#K
z+@Klt?(#kz7<moe`r$x?*MvGUJg1$~*)U;P^uwmA{d*tln}Kw1;y~v&9)WGA8d;86
z+rZE=zunSgec!HSUbt%13~jqqZ$pZTC-6o85eWGP?fy0M)LZ&5nh2@8{&HLkb?G;&
z)47B9o2Qe-H`U(0ixXDF>0Sc<k??Nm<#}g{XGfROrGRf>V@r>bT#(0E0gI39UqqG*
zBkf;w*Us~)U+0SKMhw&$^4c6MUatRr!F*SEFT;7n6-PiRzaQE<+*>riyFjK$4jHVB
z`M=ceiiYaUEugR=s=(PVDVr{+&XN@j1`bA7Y!MVcCXLH4=-X`BY&z*nBrPrdtp%@b
z9ZoB}IVs|=gqm*DN$(DmNXJH3q!a3x@T>Q5nZQ8Z>qFHmn>e6j1I0cCR8$-`0pp(p
zA9P$h%<KfEA(_!}07F}=ZOin1?{}Owg7Nes$tAcBLzQ-#1(he{q8u0_t&j=s*5QRM
ztu{^Wpv0b5)hc9ER6X}B?-!wCE9H2vla?Y@A1G@0Yt7_wcTL~TiqkODcfdx9f#*R1
zwOLam($^xsoxe1mDAPBFP>)jMG%IATs;NzM)s23<S*RJ8Gyf8bA77m1)^2x!P9VM2
zY?n#dXhM$d10<t6vHPR1!b>{u``KAS&`Fk}j>Q&F(k^9oHzQe+C}McX)6)j^cmBNn
z9pbcq80`nu*&g2=0V+Y}m$we)3n9fkSkcr(nLo^iw{ZPoE-KyH%L?G$uS-b7MFxbn
z#zFx)bBNqZS5U3YLPyXubg^3xzuu4gH4c3^cbp5BgGt0bak^QwVToKiZsr$RKF*0e
zfOdfw7Y&?83=hwsf2)_zh$+AnhcgBPOtvf={S>k;O7)i1LWy?=`;vcgPBe{_Bs4UX
ziG&Q7OhaY&Epr?CaypV-q3=a}_Q1`Oy?y^jydm!<)g~ge<xjiAr}Ojk<vYz-=qQ$=
zyeG|Dwdf#{=Y8o5D5ANrCWBx3V*3&gB7uae2UdbI;2Al33t$6(^>Z0}u?oC(#c#B?
z`BKTZqiF9r6=k}9cnzKW?s)nR{)$b37a8Nu)0{F8Fr+g5(j9yS)&Aa>vZ1xJtBESB
zLMO2@oezNBLu&jGlD=6X+9U2g-ut&xF^*&K=9i5XE_LBkAntsP2Yf>fe2w)ye8Rn3
z7MF{29kcof?cW{X<G8W8G!TmGGjyPJV~$0S-4}wh40wh9!NTol@%)7w*GfbyY!5NH
z9-qGC20jVNxOc_6ME?p8eaLP5sZaDtD3-Fo#5+M|fKu_g5}WcPp9}+3)%3DrS&UKW
zx<r|?8wK;iRlYw5ti|#5z9w<STfl;$|M({=@A?neZT0Mjgc<gjn@E=;zTTZGn;p;l
zVI$_hnnlMcBfSwg3~Xz&y@iJfp>g+s@o$;kXu{rF=YnfaJWJOY+*}@fy-Ulr9dwO5
zeDqfJ0=vr!JY5Cu%P{)4oXlx&a9|ND%g|LUFISL?>;Gh4L8(tGn<l&nGRwVh5aji}
z$;d%UFJmDt@9z`Goiz|YZ9hXJ3My<K{>oHoY9Mr@zjcw_2}V?Udcx29zI;waw|^qq
zA_+mbK*j6&tF7pC_8a~ytA*3!ansk11n(>pk9zX;=C>K_bq4t0Xr-Nb(71X}_tY^D
z$)CmjAH@RCS5t%@{MyOXc0CRPtU(r*mIFx?nGjbOx4l*aZq2NTfUwp4mYA<J4&Q!_
z{%DOMRm^`5q7nFA__h)5;QL~wG`;($_Z|VbI?2iojwl)Syb^%jTjF6DB8EA(Nan9|
z>~UY!At|TlM~DiPA#o`MTO{h;urt`e&+q7QT!i<K7E6k<tZ@P$xPxviKgp$Y#N{b}
zWuhSpPQJCoab_|>Ph$q8rh8|RKmmeIP!Xe)Gbvw+Bf(P-V8g)AR)oZwVS9M6q2uks
z2O?MvDH$4J8F0G4h-j+cm~)otl%+=x9I7}wpFa}Z1;8WhVl}I%8R6$=gnm?G^xVG`
z^F|l9sS={V8-d<vMo;duHzI&-rbA5RoZkZa2w!3Qaa=J&&;;%Wl^abZ)D|JG+tCn<
zRSgd*B#JIFEermvI)5<YmLF@|`{6IT)7tkou;A4iMIO5|Q{+1e;%&G-dl+c1Kp}z4
z9?9a{us3+;UvzLumC0^mslgelFH5O5#OclgtpWL~=uwtdBS_NChUWv3m~BZ#q$<e=
zWu7nw#fFBId0&sy3!oPsGaI-Hnr4LD;Up-sDvF_RXt$S=42>G;=1wG1hXaEy+})bo
z@gYl^hR7c)7OrH81Bw-@i1c;?JQ+Q0;#E)uql@iI-e|b`W|(%sO@b>RvR@oOkOe^>
z=1pu!5^}=jGV#{s7DH^nTc+oOWSEoy<CL}G1|1%C<u%5g<ES10ib{u!@%`!gcbSuM
z`&0|zS3t^5#4u6yIm`{^;}rTN{;w!4#ZuujG1j0S(T0U@g!JFL8u}!ukH~wI8u2F1
z&j9F4p`;>)`|}v|xKv&Iwafpmhfeujtn72&R?aRjgP?y1^AUZgT(mdpvk@FyNr4sV
ze#nOtt;AF4>oraxlU*wNOnUm4y#)4uqEWcVw3}?${!DafFngG*8OH>K77Q?YLq4z7
zvVh;TIS^;R>p_~IpbtL-`W%_g%7u@M>~<ysKY8O3RzCW&Z<>CzYHmj8uSb&BFYoV_
z1m7_N$j}(*KN`%rUdpqNI>uuEeWJ|!cj@eB|7}vu(6FwB4!0<KN?7kD;x#mBh8<<!
z3oMU*{#E16aaKM)>&vqW>$ZC0Z0w$^ao-#E`@4Q&J4Ypfa|thh{;tmZQF}doZ=w8K
z**9;RTx2CgH9CoyyUv*Q1#jlNH!&|9HVnt(!HOIE|J`;6e|&M?y_-z#p!|!#+qs%j
zPX2d37Z0dP6VKcoQGlCCE>rpkppaqPk8Mz`MQ*%+i;H2FraSZk^o*uur^p6Ffb$3|
zHRVJ=i}$@#B+!MFluQZ)2!c)_hW$#e;qX2wZmxf06RTKj-2Gm+`im$Rr|{y|UN9YU
zz$H}Hy)kJZkwJS1D(`C%fN65xg~XCTBXk~q(Q(^84(|Nmp(9$B$Bq+ukZdu3@pnW=
zkm}!nnRnV^#hV(u$O%u(lMSf7jvJu*!M~kak80&jb)&3YhI2HXpj!^Of9))Udw?og
z-{kV#$En`h7m904LSk<I1?`J!P{SwiZ2y&LDx<;<W$#~-Rvd`r62U(d-XbJ4v?3AR
z6zg@*@1-B$^cJ4jB^J61X4f>M`$FUKCd(`0|H|uxi}dscvZ9BtKV6R73w#Q!JpOwl
zf?k^WJZ9^%%#BYy#=ZV+`@K}##@!MWLF7Ssmqok311Nm$Pq#nB@ew&6Hwf;K>H6K|
zF-83~KNLwB$%w{<9*-D<V!ws{HXpA$ImBm*q5eolE*VVmQk&Et5QMwGdcFVe-$5>f
z3-PnWOjtnd2<S{gAba<7l=T>_)Wbfyp9<-%(F+~NQj_^>zc>f7#vavDFVWvI8t3}m
zh2CTIPy|uFGe5C{v{~l=_-8F0C}FZd8prei?d3bFq=2pEri!JU{}oC7#MXot6DZv(
zbH5@Zk4IgZ#g6*-MuV6SJt~O)U{S@kt^`U$O>z|FHW6<DE5(WbmS2>FWS(~NPxMkv
zO-7|M%kmOKWXVLRnQ!sma=+c|&k-bwmk5`zzE&~lBv;cTbsVqVO_6TSeERqNe6O=j
zS}z{zB!sS-%CtWa3_6zB-^Vu=!~Y|nsa;^oYVc@ja`YL?Qhvnt`$D5z-7Ts{u-b50
z=K0?{+|({K@cK%TY-(g))edw$elY6ZTk5uT|5hUy4F7K*5$o%Ulkn}784p8dUQyIK
zd2v4=S<pQ+?v&sgX9)^sv_||)`fq;$C-X4MIsU$>HLD6VvmC6%OiYs5N0G<Bk=1}^
zYW7n6tFr`sD}WryO+W^>a$b1|R-P)#n-k<225%Yk|2C#>{$|am=E$ho2XlHxdHkYH
z*6HkOrSt#oSd_9=64k}z*VUvAD*1pJO$jAgY~?T#Tn>qIfpLBKexZLBsS8QXl`PS1
zvCfg|gpNY5DZU)OsDM&qqk!6{|H`>@K1g!9=2bJRCg>4`THFK^L`ePHHDNw>sjf_G
z@RX+OaX61q1XKRoId9ea16ip_A&0Y5v;8`f`Fa6K{ft@ReF6DfBy|64Jr<-<>#bEq
zj4qPd@_u8?q@4}C<iCNCNzQ{&-303?_L43C85!;>-vQ<RXHVm+W<>PoTL(<YtDRdG
znmEng3cSB2y~Oxili14NdH^!qGTmX*d~(bwddeB7KZzJ<*Y@Aw9vH?+4Vx;i=+P5Z
zTw{o_VF8aCssHuxFY!o<Ad`d!9t-lx7T=d)wlnpA(>%z9RhAymE_LflPc#K@;baQ9
zpXU7AI)vXk{Tj5T?h0prWkc$&YqrWfKfQop;{L9h{KvEM9So+J7CW1-`;AihN@6wp
zC5!)g5Def9-({`8CE)Z{Ej&*H)S*@#8b|)u<Xe~xgozZLCQi>h<LeMtqW>K@V63n{
zO4-jOpFacY;4Ln4Sz}C{F|;micK>7gt%&~=n+TQB=niB%DDx_flbEt#2Uq-ec-;n6
zTGew<TUxoS%tB4IW!&==zrFwUg%~Lj8L1*;p%|v`UhU5Rd=-|B0u~j~sSXMx8PH6W
zFUsTfLZ8$TkWztvn-%1OlB&{!)U^W3Uh+eslcziB{}0XI@?A4=N0Dr@HvwnU6_G%#
z|E&UKoM`qSQ@gZ(Cmpn3-oDGN)7l6NwLIK3wap_ug{pD-AtU7k|2KFizr*`dyI64&
z>KX+ag+=~5rNKYSgIRqn`ve8H7_EJcLrngw={i=>f%+^u$YUcVtwBJI=idxPU+?1*
zqXj1iNB$yr_KEs7(m4eZs~v=DNm?&_Yg+mEeH$b_#0@>vY?-a#J%R+5FqvDS+6r0s
z^3cXT#X}=^GaN?rh%1)(q6=O!pxc;j?V9i7Ak<J5uY>w3jD(=n-J!qtb6e)Wb6|k$
zz2W;xa#mRr*O|@fWf#*Cih<5c)?)b7s#XF50#LueE~~{~*9Ozkvhz4+^4~r*`%K~Q
zP+v8ePtMk$AOUqEog+8$jE&CEr?l`NRR^}LJ7+&;5P6^dj%Hqh8uL*0;;tX`u%6hz
z8FM?x^}=0QN9ez}Khc{Djx;xz<J}||EFWibh61rI<T+aBK`~2!o?bRP!7yj2J!v5y
z*6<VT;lR?o9$>4q2=~0aC!{U(Fab;>vD*Et&uu&ZCk4J6yqL=1W1GBWk^fwm{mhvD
zx7%a==%FVBHW{h<Zv@fQkcM#S@k=%m$8w|2)gGdt@uk%pE`pCA<DfF#y<BJk2R25J
zX$>-2?wjGbx3DC4KSl#(ym}c7$)Iwbt)t>iw@8L(FzKN?f1aPASA*%UwYxs<MVCkS
z&PbLH9jMqk&plM4hYlKH5n8|vy^#!;>$gBLO&e%UVWJLD7Vj{3$2khbuD`Jz>KaP~
zdT&!C^+9EV&6fU;r>hKzs%@gu-Cawkw3Kvr2%<>0bm!92-6?{!bV;Xl2?$7cN=SEq
zcZK)+OYGhI#LStQb7r6`MGn3G2yE&<p6iq7o<N+V)_5~8*v141exlAP+tMF{*u2Er
z9`6r_fNYO&dd&XN_oA~ZUC6u|uj2^)nmYjPJQ%J*?(;RhagIZQpCXIl(0YNNpMSsS
z;+~#a=O17gG#4ct#mEwnrWtzm^;+>Y(D<4eeT{mF&G%Yiw!tCS3y8Yvz}pwng7pi)
zz+Oji7s-;rsy*ce#m$MRy3wq0jL_7UM1y#t5m7110s!Z?_!qnod5;d<+MDCxwG=b@
zAuX4gl@R&6eSsm|R`clu4k{kw3B>a=ZNi9scfwvf3i{RdeL6c5k;Vd*Wvqw7XW1C0
z3Xmhe@l{@ep<ta9M@}lYSQh2g@yxLmXVA{iiA7P-Mdt~nDRKB?r#XvnntZUBewfa>
z^~#lE2KT^-PtJCn&*=4}T4yJu0NzS|ur~O+32a5GQW&##9rLM6L3{i1f>+DkiFr`q
zFPHg;#BYK<orjHoKu+@m-(JlNZ=}7v2j*%l+@;SUKup6Oj-S1HwmC*W&=1PxE!6Dz
z2_nD*C#s3f&PN0KE}T<@z5pyU>uGQ@PfgP&FJ5;0p={6Bqd@<3W0nXEf*Iitw{^L+
z4sRR0?TtmDdPTQ@&;N%pBV%IHQBHjRJ>yjxBjM=;9cUiTnDX*Bx5ZkMEr+m!yZek5
zt?y9)`Ah(%c~ln+vwJ9P7A=;+7n<J34or+8vA~>p0%OuDQk|Od?DU&e==l(rCYv91
zt56xPSTjiVhnV9tX3V~K$9-l_Z@1(hfi~z|*^#U^DZEEGkR`_QL+<Id@*sv*V{tMg
zJMGsv{|T%6%Uu*!w;EH>-5i!B9y5}V0Nja0&(-93x#Vf*`36?hx%1&9rG4fMm_x^E
zRn<)>bNLH(JVT{qIRI{I6Xe>#V?a)U{0HTN3>q6_U-XRMa6k2>cf&GpOch0q8dbd3
zaCqqc`I49y#5o*n6t6UfUy|LOc1MBF);~9zgU{~ZsxSPzY(763W(03)ge)o5qi>+o
z^z>`9Nbs|>QC!Qc9I53K7X|!Un@!ZE06vY&lWQQDpdx;?n(Cry+_Vn!>Yo$L(+=xN
zkQAH@vG{H@w`Lw~w1%}@6YS><&);_YWOc14Qtf}DhL64N`?+PhhP9zhz6zij>+q*9
zfkH>DM9?%PlZunX1iIHcO-plydhSdc5p1B&nChwxLr?KNSq51OvYnXF*lgZ>@G3fg
zzBVbx%XU#8w;D}S@iWjo1EVvvm|p=(P!?3!<;eZf#?SFs%36{0nL0zxGQX9J_2+OI
zdg9YV_q^C=z&ZY2<}Rm)!)4;Vth2V+AsF@<Rl<J$<xH8E?I}+OBQ`Aa<Q)+?!cy1t
zM%R5lhW2^wQEO8@Jr{GrZ$zE*BTEcVz6j4&ocPn56Dlpv#1R1~HU8gHEuw;ARfQ0h
z%%dU^-wtdeP>B_t!o0$befnjXw;^5F1Xgqb`8&~^!?~A*em}$dTp6A*4~G61`)(@_
zH7E;~7$%TV`wagUmMvvb`q!sbByTJ3sX6Dsi!Jgv>pq1(K3Sal_o;#1NE^mt*zI}p
z)l}GL;TnXP?OZfs;QvEFISLR*+t|x60(C%+5T^fkw0j-;zo-_LoI-Ml8WbIu1#sOf
z!uz0*bcT!{(w{y!Z(eMkN((f!c5M#+ix=~sucrQl+@~g2My2+C^#dq2%S;y8n_6xA
z+jG4G9R5iQ07hy+@6C2j8nMGr+*^XW@V=bDt+gZ}L(21nG{9cAb5Jk#JU$#g4l403
zCMwy0M6Nn8Ho9?Ceind;D{W?^$33EL53X+tcv~4y<I13tJ;g!L{%}mh1oGKt*@-v!
za-%CoMW{t+tnt-AiCV0s*lg>zC>b^2GZ5(CEg~~f>qySoDD=SW*n%z_`UY?^j{>cC
zJAgi#BZFQhUS2xFfT=Tk3oKt9q3@@w9yqm90Nv^*BK7q!k-k0cQIMhreQ{tzy}Zh?
z2j9*wvqJLFn?Pc&;_vrS;jNJUx_MhoRPim0!C{}<{S+l3_dDQH|Mc1bex3jcDra#4
zU&+$5r_HeWiFW)|jpB`TT}nrgfb8;-BjY7YvbgC7=-GoFa;HONmAsE@s{U_!Oe(xq
zCOtp6^M1Eo<ZnFgCD{aqIC$YxIi3#l4*mX}=n@2kgK|J7xxT;c_TXi{njB=D)9dSv
z1eQC<xc5(=pfszDr0Ps?YK){+X&^b1O(0rK0j5#(s{kF*dmRx-?fuR!F0`zWVLJh^
zqXd}<Xss)2XK(*YOROEpJ8IrRrVcwozz{H}fmR=|RGT#u$_X#a8^j?sfQa-zi-$h-
z5EPOuEV?%dKp!@NgN9rk_tl`O*6_`^gLqnnpOxj0ccYJqX276<I@BM+8{fzfmjT3L
z{q=>G0|Bd!`NRi;3!?dmyE&I>T^n*=NZuDR*I+1OXU9TY7^7|vlK=k;%;DgPGF^In
zxEvY-NGbpiqRQ5A18ba&jI8!v`o_ry<qj~Z6)Yh;7wd_m3L64bVe63%87D-0_lJ)U
zb^_?pz{hmCGPAW^8NKA4(f9MR@57z92Wm;f&42kS?OxnQ?#~0+?y^!Up$(4l8NeA6
z_mOYnf&Wg0f%|g>Lr<HR??=`e?t6zfA#MFpocd6+6jy?GZ<in2$aok0n!x*D0WPkZ
z**?Ou&?NbulNWu2w`Y0uLKahA;tv%%jpKvdC&UJxCl7+M2z^6IE^Z@~A}Or8mbZ66
zR=p|T`e)tf>7r|2a<bXR9*`p?x%FS)9K^eu!T5`DvXs9s3Kk>ggWtd9{(2J0>3O}G
z!aFWCD;?p{hPpXn!RGs+eMlpb_P1|2>QC;9w;6GLlVj=H2laW8*yAjBmth3*qbt}u
zWLix3T|*`Y9mtGl%&}RVG<pti-Wik5U-dTNe(O|qD2p|5g&<upFz1`@@l@o|c%o3f
z!>#R<?DbZv@n7gupb#iAB7AF&aww^y64P^=;(JYSJyqXE3z=!8B+;GS2?Hr`mFl%>
z0jFMNMo|6Zx34};!!Xl2PEqd;AjzKnoPcw~*3es^Xrb)`j0Z5~NGJ8VT8-L=0}3FA
zN-bGyBETpUk|A;c=bZqhgn3qL4EUKgU{cB432HFDuAjF~jd@%d&Mg>73C{-!Vbo!O
z59;9NWA0xR-nq>fB4~qll$DhSA(P+J>lrIqOHZp}ysh!${cU>Ms4-$$qjw;qbyKGq
zzXGt+Q=q`s9OlI7c&(?-4s36I+K1amZmm2E75Yb~CJ`nP0Z}JVXp1Apg4EX<rEa+l
zXFiDy1{_QO;nDYg+IQA9N70}WGJoU!Mdf2<1@Jy6z^t8_@vf*I0D1nNaf=<Dza}+K
z3;_=O)SWCjuQ`D7MXcxc2~t_U{%V@foOXhO3Na3Gw*PWERIcByCkzx<fS#tO#IMhP
zzh$v5_s%@5695&TL~_N^7pC)n+TX3w|DI&VOTMz;avN$KQoXdiY&Q{YI+Q%%d)Md7
zH9j!??gbUbp3JPchcAFPt6yjQF<i{pjdZQ6S+KJuqRrF(P-CP)q|*{`hRTwX<rXK|
zk=5PdN5kI2t`pxBc<v#=+{qFw72c=h_a0WAt5A?~+dd^c932mj>Ggu#x=}=g-Gl$<
zKL9dpY6P-g5$`OOe~>zKV?`m85Wpxl%M%Y}<v6cUtv5;7wVuD%7MY4Te_VdN|H`sF
z0?D)y2>A`-C9#alL<G#U`9&Nn3+$V?{lS1|T_k@v3US49B%rsZX62muh>G*$Ve=Bp
z;I=a3U@a(F@NdYFQ%Xu`$Xyd)=Bz#5in=$q3<tDyw>29g+b;%Lm3v9o?*Qh??37x>
zLE;zsiLkF?97ejf>qnUR?K&cYw}=>iHXS@vzH!1@-vKMqKHuW1L*$pO11Zscx9M@E
zx<@17`Pon2-Q#Fp<h*g}D%?kCAsV~l9|guFZ}1Bsv2Ezk8X_<Cf;P7ZG#4M5Iy$n)
z|GYMcGs2P*;<SJ2RVRdTvYE{=ikUT&JnIh0*W2Fu48PB;ikcz+OK?HPTX$sq)r^G7
zPf)4^WE(o~kb^%TT0=Qbma*07ZBg-RZg$+Uz0ou=))s2bp+BrI6CmPHf)L*Ep@+iW
z1A@>tS=_V_c?MqgKQgSAbn<x!8f5K|%GaE-ux<2x1+GyRA=yS<mGqqZHGT~%liRk9
z^_*IGjOeU)@C1YiOnY}c%@JlGoxfG2btJb!(^BIc({(SLSzMu6xb`<vGFZNzvdA~g
z)YhB(hlPdx<W0EX`t#OxYY1Qw+$GoOT5T2(5)ln}rOS9Ojr<{$;1W$0wcl^OT>6L^
zO!z*I0R7t8Ks#Oqs07(`J!GeY6=2OXuWg%+6$YI=zg#$mpL!^ymI+FP8v0i1&n(FZ
z?W)ohVg{SeT?3Jx$!&Ob@cO+0yLJYL{ua}vwwg534*XhYY<CY-Sa|DhMWJ?L6S?d=
z(=~P62>l-o^?9|MSiNkc*20A|l<##?Ucq+5v{I}>J9oela0Q}_AE;ZvM7|a8IhYE2
zkE)Z(|7nWGc|O~vTi2cABYK(92XqQD!9c%q2DdRs7K-h)G_(yUR-PX&B(E!l8qC|z
z^4V+_ChHHWlXqZ~yDp5HbtCk?3Cd{MmX7Ppa}x9$|7{*paL#Tt{WEA5`XUsuCh^BU
zZ0F)bXXRfQMu7wOVX1G%dncX>+ldIW<Yn6#sfQfWZMmk1EHeEH)|Ze#rc7_8L$I%M
z7!w1?u_u)Ej3gz@&iod(vz(uwjX#OJW(Yy-yW!Z__{6CJmR|I;ksM;EBXCefpg^4;
zN4JfPCC7{{hZByOuTb7Jtpfv>`?~t|rcWJbxCJS-cvDy&UulkmXqiS(Zg`)#YUhuX
z;t_=&V_(XsRGgSB%z{;uQ}=a}W%Hz$O~S&!Kq%`I{~E?$_d#NJ4b;+~8|)2Q)ac)&
zJ<hk^r+;xAWW*;Zd$Dcw7nVsLh|%VUKfUKv%*BHrGX5n1D(?uwYyoDF*Fs$&rk8Ld
zyWJF4#=$p5eVLJ>jXbtwwTlIrFUv5$(uRxK?{YQ1CEEu_M^spGq}pinz@3}`KDL&_
z_QOS{=Ya)tbCH)c3R)f3Vr)kLA=^(~OtY5)4ffeqwKy{(&b%W$%VR#)l$IY~lALD0
z1sSw|w1WC_$Pv6P%6kTxwl%>w(oeoowBEtr7t5L~!;dKu0`f5D`SvP(?$5Qgr$D+k
za1AlP^~(sVznVuI+^Q@(iL~jGaC+h3u<%ivZG<RNTas)HsV32gj3H#^(hI!9Wmm^<
z+-9xZ__ZvO>LJZ6Gp&azPaqVf3;V`f?R1cn%#)KyiW94VhbVY$|6%H70?FeIMikMW
zjj@uyxY(c=RjtR@NIm{jIj!n_zi+f-HX$gTQ_xy3I4XVW5TNU%D6oI=PZjMYST8!i
z1qV||XxP(leU?E4UxCj&>GN2#e<!@LOw*1*!Iu8i^yw;TH9V0ZCNyw@s&yxTGrM?@
z0<oH=zYbCBJNuQl6?U{a+z$gU#3Ea0U0YlrwX>*|i9{LWWoh`Xxb{s!NtmM2EhqQ8
z#LD6(cJ<Xl;<3KwO7?=`e!VdmVA@#ayoWZNE+1jn8IbnjMFDRF9LsDgcYYYQ#Zf!;
zt_-pka&`jK1qz-N6}x{apEhm6A3Ce~wpK-P{&`m%P{kc*o^4JJY~Sae#6+;+%r>aP
zL`)%T?r5@Fv92Y2d<t~B2YDCi9B^gxwid+Icu7E^<0?Zd=jbRYEI7XW)j{!D)^=CV
zSxUI3vfRp#Ws&*p@k{K<nLCU{iq?sPSFLN>ye|0$y3@y^?cMpZN1rnZF@F6EgksC7
z!enTQ5U^ELLiP2jlQvk30(lj{H%ywI6NlYEYME99Uy$!r<vpk8E^%iZ#?R;Q2{XoF
zF{O~7RjhE0qfMdUy*}Ng-ldbKF(6G2J-nsEPgyUrYWbtuL){69L4i>uSc=64kyAri
z?W+De0-H<Pj}#?#t+EBv`jl$T+Fo8*S>HC~)FVxR0ea)#-2r*95}miJHY76uR7(V=
zDpKOkeF+ZBMFwWj{tR@p5JVJ)p82a{*@=633FYD6PK~D~;t=UHsOOQ+H$3M{b$`<z
z#-5kh#d_L4hD4UNE6}9jVvy4-9<jSHKdgw-$bFH`r<ihSb>2}s9`xq_s`B6Ccy+w9
z!({ZO-*H7pq$n0n{?0<9J}#+Z<L}cO#gP~DAUKon@pcG)S_!=4raf9v`&*Ya{$nG&
z*nvFco|;W8=<%;0f*nQ=HDn`_OLL47W_?yQxoVoHwWxoyoq^xZPAAu(oJ6BVP7kD<
z>5JpK^Uo#)H!0#g-lW8BQd6N26fi#T5M?y)_F<rwk`kP8t`L^)q|ZhC(T;yD|IH^m
z-D#f+wt1U+UHqp2+8ITzTFi#ZQ<m;GW@xWEU+3XE<6e;mm6(wCa<1`Mj@18i%vH!z
zEmdQ%xn>nFR8~eM^DtIJr({~n5i0%^;g0E~`TX~OL`<YYIMKVjR>(3~`gaWBih@mc
zni8TpaGcA?&uIr(oM>fco?#0)k!T~Nu3tcj3JCZ<tp@$e_)+G~%LW<g@fGBiV~hch
zaMsR+tKN`OySTQog6wYWL3b@zr#d;$o#qgA&IX(b3z9XFPi8FS-SbG~de%_`a`T2G
zn5g&8n_TpB&&Q%XpRz8C!9tc9uVR}B;Vllqf!UiJY#;@nn-^%1<A%5c62yraQG=RI
zj0+3z^XSn-jgF;J4x%}_E4BHT@CkIrDr1RJ+DWyPBwr`ZwH)Xbcu%cDS5l=|5<y@7
zl)On<Epq32TV)<xS)d72E&Hf-rla<s&-0~$e!>8%ie`QL;aE5Ikrhy&R}}62R~bg6
zT$EF07Ux?-6MPM25u+}_HI?9xBrV7XBSFCP^zC@m;>^pU+387NO=Ij1S4GLSmQrz6
z9>-jrpg#Qp>*ttWlbo@%R+t65IzfJ?vKT{LBmAe|G0jODcTtdh=ZG=4`57Ve>Y3{3
zOun62$7&f1v;~<b_Q%2)5@p|lqiK46m-;xINHhg)GDEbW&{3?p%hIm!C~s7W|E?H)
zG1B+s-WD<bo9$|NcY7dR1XJ@=uZp#$u`;beFmX&);$1o=#2-J@g4t^;*Z8UO?=Uxo
zwV1<#d2wPc{1nSfI*wrKp37X+;Nw)JzS2poLm%rJLI31rnWr>KEURRYk!Om_$lp&y
zh*C9tO%5^tt(ttgfi+J2)JZBqI8gamzJ02zHK7Q;UA%LO=b#6j*Kg9UDs#<Qc|Khv
zw>Ucs>nk!Q&?y^?+gcnO(myM>^WJfd!>s(gDjO3Rl?1am{m+W#&HD*j6U4O9Xg27V
z^EQ_lx-U})JynG2<HLJuhKN}Mb5qbQ)P2`K5t(5|D@*<>cEs9Jdw(@vqM!kom)Ut0
zTTmn9@^NJl0stbVZfKa)tI!^G_N_&r;H4)CeL4K^NMnvGWtGe!^#e5+dtf(8=7=)u
zMo{D+ryX;gWdk-BCyr-{<J@=zm7OB~skWF$G5~8F;b&bZe4~n+_U5cOvzG6D?(h7k
zJkXBx7kB5JDn?RD8jeZA<!#vizIn=;sS(HYyZyl2TEVIOtjxqaoT>lPV~CQ}uqGdm
z{xp@7sA%Vw%n3Q{KUbfL%4@5}c4u&-qf!DT`21V!pXs$b!tBLknh~)-o4zXvLemqD
zxeU8K(P*7tDl>be`2kfM7C|d8>^@7BLs{bW(<V$C7;)f4(owt}n=uDVez}->HoqBp
zMp!ISX`w&s1$Uh#1anH}8ofrJ7CdF#+{T%T6EDhQ&v@ztkpchTeM1a18sBajVWy|L
z&zia`=QekHx`vmrsj})${$o0b{l9@j)55TTB>UmPboFUlBkYaFka}B6rrhP+>7NR@
zi}2k>Q@iFYF|(fJx`0v1+9Td*cTjq&(~d{ETTHv;)?z)V%ZiKgXn{VR{^@#p6W~Dx
zXG)@T0k4!LKc{>DzY0be#k!}?%oAk1+iBKW^@eTcmTXY~w0QY^wRk_-S|av*Nymxx
z=|24M&t=8J7s&?ZSHRjK%UFR?TV&}!m&J^X+FC=70B`}|a{lCF^yU5I^48Fc0hvj@
z4#cjv)9#o5)(3HimAEVl4MmL-slADeJe5(FAt*0X>A8HD&4^o8TSZA4@cwvPi}-j%
zCMi1p_e&n7fA7!~S~}E}4~GrSi4%9l{cAkcE-3K%|BR&TUFe9h4#1xt#A&tyso-Us
z5X_!lygm-8_ov#}%$F&Bsh(WVc4|=aCz0^+Z<Ws*fO(ln!`MsJBP(Uxp+y3t4`-6)
z^DeqgUuF3;6u-~Qjk{Oq>9QP9A)*wML@>d>EWj{SCg`k9mQjH-xgF{}?tZH0?y%+<
z(Qr?OEAv7B3E^Hk{V-@DCCvP<205Pbp~P63Sz51Zl^3YVf7dwQXfFG&f{lSFc^}t+
zn{I!`v84Jfqy0FuPcY-j6!+Ju{7or6$NFfbI$SFpj2WvbSod70gfYU}vM-Ba`7gK2
z7q@*^J~`$c#qKS~x3sgpv`5&7?J-gGoD;^|uB*fEEp482(M1rW2ok?221OYvzv-hl
z6OZ%g(8E=JT4I#xlkKJbZ7nk0)R<)HklSL^kG*%D{|vY6G!z-o#d>TlG{i)!lO}aA
zrvPK9`%NP8Skw2XwbWSc&T-K;)1BF_b~T($?X%3?`}|aL&-45w8u%s<>W|xM+aIZm
zSVbsS`!x=2zkeXW8AF+2OPj)`G`H#Eg_4@u*mhGnCF#1>O(p7o6bE!f=|B9dGuQ>$
zbhyV@)}JQ5<bWoB=Rc^P_rJ52pC4*Ri_FGjHpfshE{{KZq{dySn7QlM|No+O9t&fD
zuOoD-Pfb0ZhGDNoFJqQG4`Z0&0xTZYefew)$T6caBb6mPgX~L_tKauO$cw=vAWU#X
z6JzOrKF%>>ddl$2YCwGo1?J3SrTHqwG;X$ixVgDeTSc_oL49V1je9qg@8Wk9vig;5
zDHQSISE#^nP#4ZC#+@Z_JzZ^2`%bK_zzt^(ylAyUEb_&PtNwFfS}iO#k2b~X6X4aA
z(&KBwmvPo5=*po<l4Q;!?dGg*kfCZh<tX~LPBv@v?^=wz7_=Ds{G`sT4A!p5JM=tT
zd^-svG|O9t*YYRs*#O_Ne@aD?3GM%_1eX^kFK9!CFK%U1<0ia|db@_&^JKTCSBY`R
zQeA_~t<ocWtaEd)jz(mV|Czhka+(u>Rx#}oWl_WLVHnfsBZQQvCY#RSsgQ|!S>ms_
z>+cr!WEu{jqr%Jcu@)zb(vjtyIJU6j;td8fn^@73CBw66d{`9xpLQH&s;N+XtZ`&F
z>96UkDz2s^Vt+ij_Fk^O8dO@t<@1HJg<2=3#9ox(+%5;&MHX^#QHCYU2r>tR6%wX}
zb_<YmyC%avp$7b4++^~nFJC#l9_cpWzZlcQUfOPY?>iP@Vh+s9hHihN>y6tq*jnO*
zr?s0BcUA$g+7#_Ll*rvXW_sv}g%E2CLmu@>wtJ{!QRCy6$-!N^^KgR&W9}26J+OkB
zvI*7aSXvbL@BaZ^zXOX)XKs%IN(w`F1G@KOJGql%71wkiz$#M_c#b1jJlUVi7i5S+
zh)z`1z~#QztaqW%dq-VJ{wlmDr&j#guyn%ae7-HHO_zR|r<6McI5RXI8p-GJhj29p
z5)8$3&Sf##8Z~bI^Al4eCk9YY?p9Znxe39Pf-1wRQ}uqzW?u`GfwBt7$RH0M_Xf;v
z6(VKW4uezv8#!&zn2QjZ$HgE>aa}it_UnJK4hd$MvS?=y&J<=mA&kZ9IZY*f+1PIA
zw{j>gvg1L}^K-J2u*3oN;)P|Vq9l(btrl^Hm}ryRGln{VDT@SGZR2^CHWRZ-=9B-1
zVGIl^@GDKS7K?r=BJK$5Tyg=Vi2SijDJCih#=1<4<uJ(_exn6y9nt^3?uz&FxqJt#
zacU!GqIp~meL2S#N1}f%U(ROLed`k@$@BCxkhIG69G|Nd*0RbAo=ugRo<m$E49*tf
zllbp*W&$Q=12};zEM=S<^m-LogA#f;Pg50c`L8WcOr6C5PXoF~4-l_SS*#d~x$|54
z^E1yW9-*G+V^E&^#v;<rIhdWEO8YaxDaL36{xiN2N({*3=pA#>ZQh|N4Ap1*t;CR1
zLd>eS_%>pKAmqO*K!pX3Ey|VSFqRh7SQX9wg5ZhL6X;Bi85XBu4L0vZlJRP58nfAl
z&1-G?hRM_YkL?8D`p!;2MGYo3Hs0nk1s`T9Hcp_@i75SoU;>bS_x;~OMcB6FdQKY)
zTldzN0UPmrh;jhyfGIVO1D;w7Wwj2KHH#X>*^;6`{Vx_i$T6sZ!I&uDEi|X%Bty{T
zw6Xvqi^;L;C)@1?RW(!czMP(pijtI)%J3p7El;m16kHWb^dEvna5m5#7IImPt`&rq
z^lN<oALczU*7C^PJulRjTkeG6NW-NGr+P&)6RLs>jVMk3RIrr2{G@TFNFZ4(r82D1
zPVc~oKN+vajIS-Cf=J8~Q+p=x3}Zb*!{dI-W5#BN^~;GQS9wral}OF9voxjzmH_nl
zJkLMW+T{PfZc_{p_ZbrM2<z?(Q@q94Rhz6VaCc^je*FxR;Ci{I_FU33Gn1=|nj)2_
zOx7je(McPpefeVDR*Yaw)@5XlqWZj`^sCMtiUsd*lxeXG{g~fVGxjBne~qlI6U><>
zmR^0jOc{|;1SXcnrA*aSn|aLlYO&!=150z><F6dj-8YS=OWp&$A%81z-8d-a2Ckh)
z_6seqNIX@<7rU$LOH<TrZ1}O16}+u$BP-h8=D5^Hlxnl+?d0zfuVKON&S`vP>Z-m7
zOk)dv3jgL=WB4D8(mr@5mFl<37rd_^$iS=+rjx@B>z+(o!(xd^jUJMyKIo4BkM@-1
zb~_y&co{CDo5I(BmQ65w%CVhc>tzVP0rXx6E^!`8THCuk9?B|_Fcr*V$1^2957o)c
z&N_sT6vXpVG|zN90_^ECdT*GR>vvpDnHImy!Os5Al)1c!Fk{a*(z|cBa(b{vyI{qB
z-3b~t8~mT835^$u83y+u+n{2PQJRU^iizYH+}ZNR<cSg~>xQEgqtN>PJKJ!ofx5V-
zdI5#p8(VL=hJa_Xn*d|7JT@-!loDBrQAgiLzr$N>FkmV{^rZh`q!=J`Aj=X6=))4G
zR5{{5-{gt|MejKOf0=>2q2uri50Ix4hTd3iG6i$GEqIO}<3A3eY9T$(6hNs`%RI|3
zoydQa_aP!bZwg?SFc3eTrId#E@p*bYCG?*ZduWTKGJhNETUusb`rj(Dtepm8Mqkx&
z>v(0_pKa(V{9DXGXM|?5TPaW47?Qov>9ZfTA*O$=UNHfz!3gXEfLph3X#E@x9<0wC
zmL}|WOMA}E^$Nh7I@!!!YJIH>c6Tm6eYO^c=kDzb+WT?uCh(jLFDE^0JSNpmw*VqQ
z)W2sf4tXT`Ph|JIe_&59rr*UMrpt-HG7pwa;nsO`M&<N$cQ1h<#vOd`LSAydXX`g%
zsbg>W-c}s)<Y~$2aNmhS?m}tb*3>RHO5a%|+f$w^mX+>HawSNfFc>>1t})ehwT<Q#
zd2|Pt-r_TD4y6T*poO`mw~FYr>aH0Rs8)&ef}mpepUVZ(0Ain`LczL-?QC)sP;DM%
z8*q95y^}Ey)J_Dl3{He$5A+H~g!Qu*kfy-R_<$O(B_Y{#q^Xbnj5sm8qA{m%z+3p8
z{_35106Y$L6Z8n$>1_sOKsa>(?;WLvN2|g){n}v?^!fOmxYmpRf+rwEmi!sx;tYIq
zm#}xD(sBk+S#Ruwy`RGc1ar~LaL@`YO##Ql*wQJ31GC;iYjm8(Pp_vtK{C+3j^#s7
zr6hPWds&*%8K^y4`y3b_{D`rNBJh{s>coi1VIVn8h2#J7L_4NjM3AI9Gtgt_52!q&
z_579_)~m?3^?b`bw`qtoC<Vz*5l=c*ksMW~|LsBS!3(X*`}8Sx-hGr_f#PsjpV(+8
zMK1rt`WBHdPrC$F9yAsvy;nTaD+W;072e@QJJ^iln&xlIarW3grIKu6sIV}U1**2S
z$d&k}yzpX7@xq7=V)V^eVypDyf0cZG2KpG7p<+Vp3cIFZ#Zs>-cGE)7Ja2DVjFbwF
zcI`bq8wiT*BR!a(9}E2L$S>Wf;}~1iydV}$c82l22*uq<qZ`K~OC>Xtf0QZAaiJLr
zjz%}3Eud3&-@~du>V<}+e4M0ZD9tJtdFm4Y6aNK6R_GqMCz%%}eV%@PIc@6h{-Nc;
zKTKNCf<<ihKM)R`!+|Ps{EA?L{Svk=h9lZr;?vprc@fY+oKHDigIWGR4t5jzWgs^y
zODx*hwiY#35ovd|^_V^Xg=&w<T9g&T^U)c%5oONlsd`^BTS8)ZY{LB3I4sf*aU!|T
z@#_c!{dfS7j?*xHo<_aH-+BBdCrq}0UXZAwSU|`IKRPI0k#23BHa00oHv3I%4>b%G
zZD^lI9pBRn(NSQI?IK3>QWr&gemwVB49t&t`0GI`Tf`f`B&OnVGq@Aqv-6ww-$Bxa
zk)+mpM8iVrNd5io=iR_(++E|H)IPvN2}!B=Q^aOxX9H}U+qviT7pQo$SW_(>S9NSV
zXhIFOFCSM)R(06z@PH9+x7hqI$w~ej)`;$6{-?XG0X0VWyYDYvG-gDlnjm9lz3QKG
z859#EHrT!y87uF<Lt5kkrMJ%<F0>0H`<AA$Wd<LcT*+hNqN#(Vx!?P087;b9mbEpL
z9O3z-G#_E8;TSKD!=6u7?h4ST!#hL0Ktm3@Jl^089cg-*aT1Mp;H=52n=KG7E!8&K
zt`yffTb=<W`RwD<<<HaJCTdp-U)Lx$Xb~?scq~yYYtxB8Pl>2MraQK*|7Hy8+R16f
z#MYhO?mS?*9-o*<pcQ+%%t6O!yn|O)y2TiW*hLlCB26ms?iq#tH3;T^-wC-#xO1QU
z?I3F5YWcvd_UxZ24bO$c3VLZe%}U<Ui<9ufEZLH4+60h92pIx&SuM(3b5Wm%Vz~&(
zrw0V!H4Ac_uS5he5u#wvxs~UNGx!L}_E0C9yeZdAanXNMkLV!C(C%v$%c}VFAO4?!
z&KI#r(knV4QDDg|{nN6ZD*SoRu6^xiSkioSRGj%&XhoTxA1Vx9MkLW+X$I!ic~j$y
z|MG9m{U}m65p8z*l!4kO#tm)5h4gT81=wlmJ?eB%2TJdYeISZIjg5)5pbZ*9F?J``
za?>*$MSwLPi}))>geX02Lk5-#yN}O<Ax#P{E=9oai1L0y1l@)#F)zwpbW8R?nNNGL
zD8>H;Yg9XTpTnD{mzxv1oe)p^<4nM-CQ+6xt0$R36WVm;c0Y>DukCbcNdhA1c#PpE
zb3>0AIYLT!ig?;3KEpZTqWktgYzfv4?fdvsoy#&yv+tYHN!b${EzgrZd%GVtS2OtQ
z@1ZS+b&yzF*mI(p91Ux>0Oj6aBgKe8Eu4z6ch}=nw;F!MAi_t%;fR_Y{0B*vc!qMh
zG9Fq7QhCgk&9pR&yx&}JxouZ^u&?5-u)}DwX&iLd3d<e1V-%z^{_twK&ku`XK@zZn
zH4Us<dQRzA#V84d6nc4c2>890#VX>%x&0b83GUF1@h0US-6|CBGd5*uv5iG4-&K0_
z#lm~yo7}VctL09WSb}>p!-szF#(n<iNCk(4Y<e6JpZv=?%|qz-6=v>^_I&yj6XB`&
zzgNK^YuT!U9?mV!vnZ0~Xt&E@pr<&O5qv8}EE>u6avZfw!yUP&+8yX9)pdeKtn<f^
z7@AXk74g;acK+JfX@vQocZNvEq2Fd*81Z5%gWYRf_{I|ruiwkz+XC>*<iUFPX28md
z{<FA4u>SD;jtGxsbap-#8(iNd@*WdN;@AUz)9z7qyz&5!B|s~$nh}>ZFh7k@CJeb_
zX6=V<`#pN2gpH#mAb|g7YKi<l>EV;!&f#Ige*LoYd)xNTrV;|y4;0?srbHxUGHR~O
zfULo)>b&86Sh_6;@^(8P?Uk$v{JtZJ>xu9VuN>tnrkjYMi4YI1cnGxGsXOtG`>6}U
zJ1CVg$&H5I?cXo5f>a6L`tFMU$}g)?#ZA|B=t(+>d08GS{w7g8yU?Fg)i5lz-vUu#
z*m8J}y|j2TPlsth&+~vagv_Hbu(sHJHdW5a1*?<|pdh~fGL3ihTMptOW$V|<BQTQP
z6)WyDQuguTWzc_meb$Kj>rcOLaqfC^sV)d4ap>P2zZ3OHGQ6Hg7^kml#>1s>W=oG9
z>byaKH`$*%KbdaVW940RR>1!(3lNRezm=!~GixiRO^4^WFRIU>qA*IP#dr4hzL$oS
zX*a*m1b9UQt0Ck}ds8+wA$I<vJq2O?&aF<ZR!(n&ARcoE{$yH${-#cyFFsLS@FRG#
z|2rTx`qrAUG>;qOZWu$u{av(YeYsgrFeiv(KU4XYQeFYo5kSUI;<lPfi;a9oLB}r=
zP2G6Dm2NueeVMvwzwV+|rlOEP{!(aDc-FQ#$#I5KMcpl^Ks6z56>GNAFu=t^<TR~M
zHhZN6t_V)-B8i+dfsT*h^JXUf3rNYRKo@m{7Q{&UXLO}M_tn=eP3q;9wby$<cKEGS
z|Mr=_(a(CK?y>o4`UIS}C+ibF))>8sgLrsu{1W$=p9plXJg<A$Mv_JDR*f3Bimgn%
zoW+slR3|?&*AB=v?%eEcd=t4211Ql7gwmY4Wmd$k)gKo<u4hMmDU&kwlz5ZhNEs8Z
zT39PBpnsSEdY%+O+z=-@11WEcq7|1jVlV&4vgn(Tkv)7xK|t*Lb9G>M(rSa?&z+hS
z(2qNcK3}aT^Gn<L)ci&%Kzl#tdo5hR!-}(>pmrwD1X74EbT3s=lK)UP_?g>k1H$Y4
zYq4jk)MK2l0S_N+;_M~vbCo+`-9po=I`vLxt$YAo)Ag^KM1NhEM5{<CGZ4rKq?WWD
z0wwsXhKrG@%|(|Fpv_W_GEVHYKsR)%idfyuhbyM&qv?HvpQ|e?eu+aukR@V5T3Y^q
zVd`Ni-?QQE_yBH?TP|L-pE&2_;HC_#0KXQZ3m8aDL{6wK_o$b(le^0_<>aang_qA>
zsNdzeUczX9sj8Mz6sB4#<>Bc8>5AbvH7k+;*Cl~{<u2B2CXPM-i_onxD(R0>M%Dq1
zZN2hO9t=FmCBTMR3v5)N6|Nui3oTy`!x2IUgHsQj(d?(uemV_x(0<l%_s+EtGedXQ
z)-JFj&G=dU>!z9!^lr+cS5avi=uyF%^w0)1Os~@EK{GKi!9-O8usV4GD(o^vZ6#BX
zqnHs(Nq`XCYlA-86T4COrZ0eIb4X?B5&!jlSKk0hH24c@qQnj(z2l{~+hDy4zgPiX
zAJ@b?!HbLjA1hhbq+}^5kM?0#Vw5&ewupT*$nIMG6S=>m)4%qn$u+z0;<itOZQ2iw
z;`PO;G$#y8-(C!-cr7TgOt(cV^N^e_`U0j6gRQVxRYc-$6ON*r`Ulrm{q(Ud@o9#;
ziBQFK^Iwd%-=a=hJ-Hu24=cru$uh%25p%<+Xy}^tXXn$)=7+YZcR6Q3!>azH$_2MW
zCO`|3ah8Z&omHWNe`e{Pui?5!p3HVPYPLaE;ZsI>TVpn`ekt_kVjfKJ`eZC7-Z;iR
zr<8OzWvsSjbBm-rfjslZd#5N-JyKb&NIh990)HroK-YTBp|X7$*<LGaB3U*TM1Ma}
zRkU*#R#}u_q@YY(%4V0I^R|UW)9#j&b@<x4OUGHu$LRzp(e`%*G-qz0p|L4*;UmM9
zeAh*x;d{J0-TWqUUj)cl+9>fkmS=VB_;*0|8CLSLy!$`xTs3*wQmw&?MN@lppkrsQ
zUOsp+Rm;iGLKIH-=hK7R+x$B$1WJM)wM~&rp6xA1VJdN}58>*!-f3E|DO5G{a@Oop
z;wZtLBl9Kh>e;V<(Fe5R;bplE0R&Z;B4w2lzKq1GV>!)2=#!iX*7$)Pty5*$lzM_>
zGdS{%d#BYv^aa<k1eM$gFB##e7L={;WT6T52mu#1i|RL_%WaC8N-XJ+y3^gMgG*gW
zd&cYIQ2yo*%%9T<f*`_Kp#XM4LF+ZF2GdS<>%944QJ6J05xD6zJC(i}98Th_;PTlI
zX6%QOQ@}jR%jNbtEx7v^VC*7;1quy)m!JjbE;P<2!(8i`2GyzPn8EEC56$W<mE`@Z
zTqZ~ToB@lSFlr=xHvAou*oI$h3hxhC5DpsCBUL6%q4jgp2sJpglu#N$$So$M`UPSN
zf97hfTu`cEf_z^o)<ZjlCBWE%x`)5w@)6CYxH&AGgr?}T`f_%%i?j=;uv+uPzHij2
zYZhS+XyAKY#caQ0*lMfy?iBX4ih0X8^OYaicJYP77fRH_S;<Uj<^X$y<SwrUTcUbU
zY)niICWb}F;nW`;;4nW5E^v3~lE2Z<twM0&Dt}$_zO4G@0YYpx6I>^nb*Uv<KA!0l
zo?2_zgZ@PN+p5|$?je;Nr)U*<dz}*V)-oJPR)_E{OPW>aU#+RK;cnx`JZP9sST|0p
zbz@^SjZfe0%_W_Fy*h4ia8|=-+fK1$j6)f1f5ZCN^>t$@-7aqXz;h#fh&5&TewEE}
zSm|;=wvl4e0x#w&aJ5?!fC+f~pY5wY#5)!lm8Gj9BE^XO5;PxKAjNeKWkaN(w>RM9
z_=4Dt6h|Nk7FkP_r&Z_+`qPu(l(D%^t!tJ#?IRBT<p*ZWJ~Y<Qi@a%8W;2`^+vbx!
zI9t#f_0KSgdL>r07nGsbseh6ODiHVx91K46mZ3}lej7xT)#jR9vFxBb3-F*f1IX{P
zyiU`X6CwRIsvS26rFH6=uX@;g4A+jS$**OHYO~VEO3dgeCOH@5h)G+^A=SmTar1=G
zUz-b_hxZqjARM>P)ay98Cn+NOO!dpIC9TH{WMPHAT5nR&k~WTDE)oO|+qHdM&h<@)
z&r)Sw<fnkiItv~XE{==3(?f@L58nfO!kM*xQ74J#P?b_-<DbRFVHK%+sAq{P7R?l^
zZvcAd>h(ZFxTzDoQ9iF=9A5j=Ads65Vjq`s&h0_-=-SFlUi6;<4E_dPg7u|1^0F8P
zpdVg&NDd+Fh@HGGt7wjkF4F_s+l7LsX`_kccPj`{&VD!np(sb03SLoW;z6(cDkZfb
z4MIo()laqg7!^ualPXe{z+*Uol6YHpl<I8NUqHz8HksNO$svZ#RbOx>j+*VwY}@AD
z2*-m^Fb^)~uj71=s9At>7sLEUr1@rUa=GE+i_^$!Nc)F=pjQz~Yinzi71__poyrWi
zCC#>n^NOKK4Sf~@J@@S4Jr8D-qlECj-)A0HV3^}jUjGvNK%=wYwYFA20SNNG$o=om
z{`VAD>UKK1-VHY2MoHWDbNnH-B+H$vH?^h#0VgKF47`KN=9Y&ev!S?K5HPApEBJ<~
zx@*w%<gWyJT)oIWA$XNiW~dqtk5NLfI8?LMqc+l(G-;>E0_TuWLzD5c(7i?bZO9KX
zt1sasKf9$<cLoi^aYXo_?8gNGjbQS6w19Flv*tLaB&OO>3R{Xs>+ZV~e}a}DYy6l9
z^td{1oekF+1y$u<^*;dFLRc3>fY5$F-#)MoXfdR92*^(lTTYd)w`D|_R6OS<Oul+w
z#1XV^O99-&Z>jw~O(DU-%);HY-PCt8tXI6Y3+8)bS^&GR5NWCf5ndK1Sg=2$?@o|#
ze7L@bN-4$n#p!9V`*jT@vfxZDYm@el-s^*KwE=EU=a~5?c8zJ6D+gUs<KAl1p$&+H
z!wYDeHM-@>8}(j>dw8M16guy^7=#y9l%B@2w3wyvI+}vdtH>(*W$`xO!Ig$W401}*
zjs?-zFR_Js2{|99(3wV(i~Ky!9&QKML609an;a2z%V~N<gN&+FlG$`w=UMcbyqTn9
z=5|CqEt}sk4*2(=&?21~TxngoWVm|$#^?w_^7=y@j6+Q;#JS@jfB5;!Dvh6PKtq>-
zfuexD3|w~jr5qKDmmLW`Q6SOU>bXQ}+vCHnjW8+(JSC_bPe)PWC#7(2G=*0mnOn_S
z)d-}87Nj>)uSXob@(j@7Ygh}fDyjhoA~Udb12>QeLNp>Qf7v9-l7k}l{j&ZZ9@cYV
z!dEo`0*ayUndi*fyiCwP`#2#&%P?tc`U|)<Y}WB!*Q|W(A!DHr_(PPWrvN#}Q1}9C
z#|U(w9;aXE&c2wr4A_tdaD&H8V_}JEOzuNF(50-5Rb(SpqSTFTdAn+ewRz?o?p$DP
zh1efVND#J%Se^olMpyJk5smBHgvPnaN0!(ZwjRt)pP70=#lP5(KVam)VIK0pBk(+I
zu5e+AQBjuvP*UQqXj1r%YO+f8_}HSONG|Qe_xA@4_qL6DBc7&{izV-})bsT+s%>|3
zU40U3&GCmYV<Kn<$fzfy=<q3ZCOO8SInv~ZPz88~VFLXRQ5W0#K%S*v07a@RXG6j+
zqz@NF=UCl^j#-<j1GINI8Bp<2%REW^_F?An^6}o64pcvHD*zt0(xcYD8Bf`09Q7{$
z3;2$cGCS`fNxV$OfGf}OgiIO;vv)J8!Yd!rHY!;-a0<}AYFV9(e(lG!f(RY<C8dU_
zwInGQE*6|rt^tO;{&goon*lUBJ&*DnL^{lKxCvb6J3s;P9j7@5j5ZdY@SxFtlhm?r
zWB2_i-L^?C^Zu`yc9RSUoL6gUl-3hLpzU@Ek-(<MghO9{I%dPn;VZx_pSk?k)dHYd
ztNUCwFVEhL3Z5!n{|XT{*@5U}YdJV)Fd)WB$9_>vH_C%_8b`<N*Dt?bD6aU8KJlD`
zzH_u`S{;l9Zj>n2hG-p^$#*=9izYeU04*$*>t}cF4kq{2>D2xe6Y+7hRHOv+iea*&
z)Xfcox~MHKlCz#_mx2`Id--Y)=L~C9dXw{BZpYDL0aI%)ar{W;IDh@P9+Z@!^XUZ!
z-bMTGI!?>Aj^jb?NzI2%`gFX}17j*e@*c>a;kD||D6%m79B8DJ2#i_w1ApyTt|!@~
zz?@RRo-P(+YGMXJx?(JN?3KA9TmYT476UgQZV&C~k(X?0fn%7S8hF)wwH9HcgQ(0C
zD(NS{hR7INdI+oskN08grPlWcK%p#!V*ybK+mOkU7-(0Lv0IbCf_laE90zD!v5ngz
z{?y?ZogXwGCg&@p3<Ax|NUo=S?=>3#Ru3t@@ZEf=Zz0Hn&{dZUhi%b}yatghK~xbu
z1vvEgfbxk*o2~8;q7=G23K8Lo+tJdgB3+}haZcCwy+5xbCoBmIhdKQxeVT5&0EQH6
zv|F+?&WMyI005Ob!fP?o3bq`j@cZI9{HcSIzqw>;ddObED?fWK^{gapqXdda&hIVO
z+^vIVMym7^_%gDD(7)Eqf)r55no1S4D&JeTs|DBEM=|R#_=x>ULcZW~WdhMp>b`U<
zaqpfH3hk?^VoW2g7(Aa|VlWg+49k>z{TQ8|kBe(M&=1{s5dQMjG2skl$Fzx&5L7sm
z;(oO3qgRdK+6pD~8kY|jg8<S(*jg`q+oAViLV_~?KpmhX8>u{w-u~Q!<loGK$Q)Ye
z*0N4^(lp(w3=zA2Am($huWkkWTz#@MD$Nq0`%<bAgB1p3HgOPP06xM25X;;85GMD@
zh3|K8O?|40<)hTSteRI|Kr_;2$H(zUqrzGz0wmx1R%w!#H6$VagD)&PFbOPjsYLle
znV;O9-6Apb5kro8gbl#VA>XzuZS%l8`6+|k(>lgw5s<Den^0QnReBo)y|y{$IAtj)
z=X}Nji;!A3*kpD0&n)0=lm)4x(`^Z28hph0ntD@h>Gt>4zk4a3a=N@dJ;t>I272;c
zBsA)d9R13|XApdYrL}bB(~&8uU*(8EL`XW$u0K^yo^U%IGq{VE;5b2csX(f3@@?@l
z(Fad&Vzmaj(gzTHlWkT~qbFqVClA(6SB&44E9BS9<h@BAu+*I@oi{l2?&kj`72Ub8
zJY5kaP|0d7$ZXu1@1Xb@f!?<|>qnQ=OR`Ka>5{c14Lu7Zq{Z()!UUWjGwnN(PO4K{
ze`Xr^0G`dR6Ez3jXlV6d=9gm#t9hi9q!pbco#;!tsW6)#C;RmD$srB5=M}y-ds3G?
zy?XvYvpSiFyFVh@5!)*(S^LyeQRfDle)|r1Frs{c%okXDE_eYbPQm+u5!W;Dc{}4B
zP3-9K-~a~>!ho<TO>6QxG9v;DD%Ju+TOkOhOv@_ob3t_B3)Wc06Ex=%%fPT7Hm{hd
zLPhmK1@i-rzmzf{FG`4oYP_XLWWVnH&v#I>XX*7NM8wKH#)WWbjqnZ}TwFQge+L|Y
zKp_kQav>@h36wlL`|RKOG`vgTucc&P@fnk8&#(b@x=y=8ZFt^%-qz&iA+HX7``z$Y
zuHnzjx^0TCOEwsq)m}koC73KpFYA<RIB%Ljh+K%YI2@Q)uA+_zv_k5x*rE*`QabdY
zvGCwyAM<w*@M}$v`9sd%*&(FXs0Ud<?iX|zM=amY0t_vBx5}kwKP-VHkrpH6i?Ly}
zv7iKYHc%DXiy=eevIJQIW9DOIs_CTYZv`SppD<?XDAD{}sLK^l=6A-sxW)tDIQ!4O
zdx02m<Q#lp=Nz!E06l|HieMn}%LrL4%7JCOK&FHiwCk{jRhII?!kA1JgLNu_7h<MS
z-{?2*k(5&sRz&Y15+nTThdMcLY<A6Ba$CcSB5i<QiK6IEG}`UruHeYfy7>{Qmp;rr
zL1bSgnezQUd|$C9+uq_pE-ww+v|>cFZSmsdik_5do^4s#RZY9*o@&;xBUZgd*0z0L
zn&pejtZm4?Nl&@J(1quLsfzk^$^m5v=_wU>phS;;)cxXg^B28{l<S-+FJmIpg^-n>
z#%b13`GR5o&BP_f=SsEj#^bIAUs9`W)Q|j7ew;yC6$*f(g>TFSt}t~**bNBj344i+
z?#MwVpWXy)cZb0SRCdD9&A>Zf8bz)FeK|G%wb5irgGlB|d$8vtHYv0gXT(>O)$<$<
z8vkesA`S$g^Y=G}kL`wWB!&hgknBlD(A6yp!J!+5ZR+%_Xo*sa>Ms4L^hWF=qrV^u
z$i@)(%MJ$mIapV)btbHs_jFfd4liGixNV34V#ndfaE%u6-rinCOk?jEyA8Mtn7!_c
zA3*izq`#{?E-hjYTJ%0@`fSBT2vH&<+6rdZ5l6xjvG2U+JoNt3_pzQu0=GF@K!F1)
z%zk6J-+=^sIYd<LE$^|_$E1^3o%1mDSm&398v__V?w=E1ddIsHf{L#Vz3-Sl9;v&K
z4yJwc(GPytvdHZkAZT~HzafgpwD<0cnOM^tUtX>=kD-3aCqEK&q^ML=9x*);V&Ju5
z=V4&<t^hMyuJpR%RR8)UMIM)@Sqo@V&5_DKmP1ZyZE!$iPamW`lEHwEC=)99MUp)>
z=Fonq>FCajcXZf}o*cvC&-&}>Amj9^eO95X(}@>DKVnQV$+s@%m734Kpm2oJkE&9N
z&MdjFN6}#)+sE!<kFHNefLTS%y7pm!ET%7d;hq4{C4&z&3hK~fy4l(tH`pw@3N{My
zfd7*R=-58v$2|ANj4_7iD<pdh*OvhiF^WRU!l@BfoHeoZVw<Xu#~jODQo^;}Zw>R_
zBQl*#Q8zc&_DpobW!Jhc^5aciMS?(<s;XErYOHv9_1~xv{`&g09MQ5R8SDF$mg=^?
zmxh<GZsCm^JLYKIJn%GeG*Vo<NmR_Du&a+ad(SlGhy)jt6E+IMhYoG1sSGhxx|sE3
z)2ueB3eGk#3nHY4<B_+J@2Jt9&0s!|v=6p_F&##IMHx*Izc8@gP0*>!pBiikI{A^m
zo(z{7!i5<Ow#{Jov-la(5p(ro0=>JZMjPHI@2d*+VblE&enardo`e-$uh-fq^2o9~
zK(1|lnCI1rlWE|v=&|6sIlXtWTsC2Y0xX;i=$fDSoTtFS`$wv4<YUMqL`N+Iiv$%W
zjf-k1o^qjSmO)E?JJVNMj|`111TH@~{P?i!>x)2CBFydNu&AtC826WU)zbXjk+rGH
z%+7s>`0htS>*d^p7LhkwvYHrN@YYv()}q94&OA5nTQc`7YXG)Z+mFeE2j(9oT$j!4
zW?d}4{{23!?6|Uykxb?`s~mizeg;cR)O!0KDW^D03i0i*Jr0X|H8B--9|FdozhxFb
zf|`Ek8h&M{G0vSgk<y}G+pwosTqi6RyK3MdL+2e0qnRF#+QdS4K%5S0G+piE<QqHb
z#2D&wIbLu?|JhaZN|D;znm~u(U~Q`&Zlc@@YT^Ye>b##z(~;NB4;zdEjymi`ylqRF
zdZDJA<&)(457VwbzEI;*{2$nK>MPLeg<~%PItAFouZd)Z|Aok|TMII}Pvm3Y%b7R6
z>q5PRuC?iU^~ZXKsHUAIvq!Gz&iXJ@r?FxEDum?~N~?uL#Rbz>*&3xv&1I7-1&dQI
zMTs&Sb1H6b_1q^#T4ewTU1s22_9_YgD(Sl5kRR6D6M<jEQezf*6n`kM37176TeB;j
z*0L{Mq-?8Bl4R~7zE*_Pcsv4}x@)m&^N_`jk#ijERYqHGXPNb^EJiZ@vRS7~T|l-k
z^r5F1gv0GQt_3F)oi6ZtW$x2(P<Ew&AzXl8wR>8l{Z$5gfFV&RZB5gviPMBF_=@s|
z9V6JjfptO2__f>k)^v(WUp|V{#=0@M9z6xrDYg_u396gzaoCzdh(qiM)i}($CBBZR
zO8J0pXbY~_-JiI&ac<ZLii#(r2riD9cP<pZWDe7C1PEwU4WKMaC?DRB<dvB!L|P{`
zzXR@My?0g4k-Ot~ud2DjkosN_l@nETs{S6_G;BP093~~1Qlim|BxjMO($EFhGV3&a
zaGeF4ZREE`aG<|4!F?xKG)c`8sHy}%B*9r_slM^B*Q4#7L9?0|I`_HR4hwu1VG69$
z(4^bKORMRM1ed+(IWr8ye4~LS+Uv92=*0Ne92peBIWkI+3yjVlHL~lH4&~RfO6q7Q
z-Mg08IxWf@6ZS(JDZ{s9*JpJm!l^di*ZUTIVRDFKsU+(=OgI{0H5C*2K}X7a&>6`9
zHSA=xV{-J`V-8@wHO+;|cJG;F?B3f}?1dx?>c09P0C+%$zXHB2Z;>aNa6}mNiDr@-
zbds57qIF?64@S3w96%uoRB+hWP*yD0ki^DKSZh_$b@QeL&(k~`ADfi*c&fK&P`u^4
zOVYnsLMci-yn~c_2W0iywK6m`D0}X)n;fwJzV^NAvWmrZYwnk)KlMl%8N$cgYbH)L
zRU94z>oIc&QkhTT&c}h@+2-KlZ|-ulf&IwSJ`HAz)9!Y{2}l@P6w%ENAvxDF^Vzot
zYySx$ggkh-y1CtTpze2#2e>9+8gXFmdO_N->t$wHiz6hXX%OV6#F~i^jhc69W@dhL
zm3BR;U_*f$RKZuT)nvoQ4Kg`3Az>6Y1c?<s%|nPs4V2-fOQf=FM-z|nz+$OOLB->a
zDjxgg#+z=I4eQrRxmb|F{$5$JY^ilszv>k)mtw(_jT^=!s@JVcd&UW12QBrxdFe5m
z`&hX+v&EZBR5{$TbEPvI`SfR77sB)A=;Y6bIr7Wpx6z45xHyhrw(WP}bFGIELdYY7
zd|mGRo$7bg<xV)l#WdnMYo}9KccRxoyAHy#E^D2}U-oV5OhD$1EsvH#nh`ecP(51c
z@K8m;-X(}xQ`Kqfaz^uDpvt@u6ePf>1cOApqPpdh6c((Icxqe*R_rbdmu)A@R_L@Y
zQ=Oiag2r96a71?Bb!X}8Evxv%SUc!Xy+d-sMbmB+<F-SxIR$*K6J@?UkY#bQZmAe^
z%g&ZYJ`8?$X9-d7#xU~kk`O|+J@VJKP1W)FIPQ9qzkZM=nls2G^EJ$-AtF_ySj!{w
zQZ4Uh`P=namZ<QsEDM^SJ_2~a1uc-k_W~&fMHMc%!-*Q=vA9sh;`F%0eM@9wx-QGN
zTOlh~ZZAEUr*VrAi+F)}bxPL}s|dw3n%A>Cqf9zJ6ovf3O4Fs2xA`#Nc(c)IUGDA@
zIPn;&Sa;$vUwO>M1Kl=42qBLwQ1`oQf$NDPvw-Vs_6L93bq&L{(OMq$V%iwz=nR61
z>d|rl`2iPs2N!Y<8Kj_faC&OmzIrk~F)p<_zTQ%mYIR!YdQvKuRSbsGxAVU0Po%C1
z;K^*i;7OrWkW#s956J{UA$@gEp0@0F>udo*50-VJ!~A^Ed~G&5?$c&4pQTL%wh2KB
zLqZ7YZXW3MXPZK^!m^_!OK_c3U815<rD8UnT~F0~XhbYzqS3mmGk;4W00GXr1mr{J
zb(v;4fXu<93cgCEY#&|6_{Vy!F14x(NEMG8Hf)r8?q4nA8`nthPAVQtsd$V7bgQN<
znD~Y=T)ceTx~W^Twl$x1Zi{PRVpH~D(YiUC#RFJ$lXOhGO&nTQWCfnWkq|<<kGbmp
z^zzW1*9Oykb|uAc>ZS(ah&)NnUMtvWee`oL2}c5Otp!r&sWtNw0qz$xeOp47{ASta
z&}sR(Y&I+(GA#SD{75rcvo9@isb7VpAK+bqfs_g=3^6tmHaH}~(iKu17!<!C65vJS
zCA2hp_WGSD>sqx}@nk7CR*MbDZ9|J6xX5$aeA&|F=E>$JyUF;CvY8_bGsljNO*ZJX
z$RnA}%`>ujFn_mh-0^#;jcolmVYn%QxQW@@9#+8h2me`NZ|EM&jLb|lI)6Hy6OYbx
zz9p2UfcQCFx?9SYE<fMp9_aSvF)3#WBD3(HW`@ff2*7-y#8^ADK$cWAmehrSoQg!&
zO@%U{BGJTSQN<%(@uOlB>DahDHHgPN?fcO_ZD7@#vMr_K3LiL|N*43;aW-!=bceHj
zP903QTVv)UnujR+Ne1(G>xRdV%$Ih-ICI*5%@5jUZ_~K*2yR3FH9$tV*2dJ2)<<+<
zLkl4^TQK#&HF0GBSwI%YF*9U#5G!vFgidL73fo*}U$(Urxi}4B4b-15kBrYOi-}(p
zRC|a6nH_8PHx_lVa%80zzYSlu38|AVkp<0<&5Hc+fW4T_Ix*Kg(3pqglKyvy-#K(^
zVC&uTe`4WtnbwwZo$|6%*!;l$ZSD3D;WG8XupAwN9&-K}>)bYYWaL`Q^;(%Z?ZVRV
z=4=<XHQU^zH2|a_8p6_77&Yq#2**x-wY23?{n<KFKLn8TTd+EAA`5Wj(#kVS><66(
zJN=ezM*igY&1N8PTGyIRxjf5q3VsVm8lJtz$F#ZzI%|-n?^fkjXTJ157uKXxSV!{f
z+RAC{N{5}tJZDWhhZ-(p=W99gscy>VqAl45vn|(>X8ZPS%5u1L9t@kEti0P_>!v)I
z)?ls;YoDHlmPIx3xfg3$dq?u;`y<xu5AK#(15K;N9!wtW^tO<eUF(z?TeIbG`#B$*
zo%CBIn~L>t;jY{5*Y7;(H9VVmglzW%XA}FO2g!~TToXLG;@|`jS{@r>2!6CVTFYZj
zEGp*Ur`40v2x|#VX{>Qu!ev;N6Ek)?#lrQ+q@%f6e9TlD*{%W26kQxo5*(NrX8#YI
z2PKiMiCpeG?}Nd^l#dVA=FZ?@EeE-k*$zDd3gH%JZ0E%`y+06UTLq7l<FhHYmi*jW
zc~FZ$^I)aPJ~9s8T*9%HZLP3vVt-U`Ksef;(;r4tC^q~yFZHJ_kD9o(nqdO}nWb|&
z(?~y$hRqg#tD@7sZ366fmVG(W1A>>Z<Lfhi=GyceE5V#}?(A`Zi?>O`&o;u$@?|;S
zFjscnu`tV~XEGzFI#>>!?3m0P%oe{b<;|n9u-nGDEQd~R?)GnrndznLY!Of9Z`+m!
zi4J@Dz-ddcbssmqwyj1uIv&9Bc}VjAkxpZW-QI7_mP02ux9HA{pN8a9&acfGFv0Q=
z+or+xw%fMIZ2Ohwk>*yGUpZ?`JJFc;`{I?Jb${advG`uBViJS$LP`8cD&+-o+gD2(
zo@lgK|3uuYAF*iOO=+E){~?%9%+|CwkIhftO|>tH@R_M)A^90?g*NRTN^#NPLPzFf
zwk_2*jb-vHQQ9USQgmY;&ehF@<;%>>$vd;sSgd{d*_g*p&wHKiV8OPT^H|;N`!Jt{
z+n8&SeDe8t2yfl=_6-5^+?Xxc<}F4ybH1x{`{=MebOD`q*XS_gf$U$)O1F>)xcDOq
z&5uXI?lg|_jKkgO_&>;7+`fv3AVW4U$t<=y>5J^L4Q$!Y4*Bv=W466}q-^8n<^KGb
zYv0^FlaE?lBi)2ZHJ~peD_&yZPAs<jecM(w+hn+^Xkal+@a<+_3YrjHB#7op>t>xn
z>rNwv-GR55{%q07lrDqSTDms%VB$6~rFE)xozCAh{mn-PjcLS4-89HeH))0=PHHY5
z=H<=8p*Wpo@irUFNN1Ryhdn}QY|6~cF=pG`8R6~A&t`LxCFs)5o1^K^-`Q<BElY3C
zw$6gvqE42lJv_a&$t>qJ+Z49F8qvz|gGhcGI@xA`O|-)W7e7{SWd=u?nPe`GGrM!#
zLbEg;BIcDRn~X4%mbzs=hGphyj}RJ1#T}wXotzKL?7`mnEM0dg%_ckAmg2T}KGs}W
z*6Wk~;XlP<Weey}HrZToE(4vyJDH=?yu5Xyu~ClzETbM|Yo$3St;HSbaf5iQYjH+%
zVXF6<!ZGt_=dN{IyL!=_Y&wn;86C%$QhbR*O)QBuK_?tDOG``6+NN8W5zw;XbK%x#
zWF8mR2%nWr$7s^F;g&HuIws`?1}ignQPH^;p(!An0x`Ar)nKwE$OUA9`AH`@o7RYy
zBU@K?&|AsoZLvLkJdm~7iP2zY4!PXyY_qY6Eov+Z;plvMG=d)d=HJ|4+0JqDp_$*E
ziw}Sqd)G)WH)lp9#e~l+*sSJ4uH2?!skJYS=}nm}I)j;kZY`U_#WB~NpqT@Y*M8C}
zZd+!~X(b<TKJi=0mzTN!EVdqt8HPWUySB2|ZlJwhnbkVhE%O1(JP?~F9XC2>otQ2B
zpTK-Jx1C0O{b~4fwn=6a#LgP%gq;u0g|EF#wH~uHtohfO*}^;F)|8=MHw>?RmSgtP
zlWym1f6e`9wJrbal-fgQc^^o(AO)XUE_fxGoV2N?nQ+v2c8;fE&6dZ8X+@!yipQ$X
z@+G!!1M4A%c+>>4MKYScndCML1u=)4YR|k`$<J(ym|xx*XkM^g$mY{X%S`{&llrrH
z*?wuAoYKgSd@MEFn6x4W77agHe0T1p(;7!z%WHF6ZEl+DX<Db{(s->lH=Sd&r_nTb
zWLy8*W3}3B%r&nQ%`{yufP79ke?DwBX3lSxgXWr2OF?-^r<!5r&rQy?W<;A&*35NF
z<qeLyjlz<JVZw!VVAErQntRtNjg~PoZeueLJ%4GK%^a;^&7+o&GZ(G9>9#57PbV7W
zL-PjUy6tFS0a%GEOTcYmx{o#^o0*1owoY`4*J{nYY~tp2rag88E1a1%Xph^T_syL{
zc;52iDOucn`Iwh&nwhcM)0oAqe8S&>w(WF(Msuec%#z9`aOpolW^7M(6zl|;#TxUQ
z(Oaw|Zd>QrW?NQ&Y#s1sCDctjvV6~LQNvBBHEw3IH1L;3Y5QxBr*4`^j%=QJv%mH@
zwnh5mj&y47FPlFLt#O-wZq7{G6rGlt%^nDwNJFy-FBOD%yyoiLG-_TrHeJ;FFg(Md
z%cK>xeRw&J#Z$3ZNqXdx8+AGfMT$e>`$Z`vbzMNG<4Efr9E>c{#zy5g%=y!7ZOm3{
zR7)<bBkcz~?+0#vdpt~~VXk1M)2*wUb+tw=O-mz(3pUHeQ_}RaVwA1hU0l+1vT2Qg
z^C>+D&Tk8+e#C2WH^<U-w446mH)r~%7mxY>rOVAl%XVZQb6aS{$gGw2(9W?o2bV%V
zrM!R3NDrsWnLJtAcHq)=<bP8#zdN`Ma=Gln8}oDX94^QOx1{CB0^1e^>G_d@Sb0m)
z`S{PG<&#L`WMwOhgm{)8`furI<<dAG%uwE8>W4MLJDDrHt>LX;MQ&w{5H<W}6D`b4
zp&b_kZa#mSGxBNVw$OxF7C(!U?tAlZKIG%4e`#_}U!G23&G<9_a`SL(U>4x!w9<?Z
zYwllbIDVS*QlFbvYs`D_thp^)VC@@kJJ6ipl6GT$D=x;CkzetAETs{mKON`T3>;58
zy7@Ua?Lr%eTFtKgFr92QM1br5TIV;(Vp^hb@sA%&J5y{S^|vmZqZ!|Azopag<^C`q
z>1XROzq&4NN;9k(u9n*YbM(grrPjK?AU|#OTf;Pb4%45UwI`td8MsKDadXoWI-BL=
zwHxwaCc3q{N%$^xq;4d!7fM*D$=|QMC5_+~GdGvtDkO97tk#vIGKmxMqq<ZlZk9`L
zfOu4)SS+e|EJ<MEv997#1td1f9YnJ<nbhMZvT!(Uu2~0W&dRpXazKBa%|OF!;ZE~1
zvV>jwZe4D=g$~JBJpD;$A=}ew{2){9U5+~K(lY_s*xqz0fcZ^xf9W)6ov)@p4a>sv
zq+zZIHRCkmna6FzT;`Z1EFbKw6O9#Tv`@FtvZW0=hjw6&ZE|U}S~IU*&Zi-B(RqGz
zRk@YsXr`^!AxfHRHa|z}lrkfrGqyGq5?jEnJBQ03XESiiX1}>O&YQaW+c?kQ<}1uJ
zH1Ez7k(uew%(6X4IaV;w)@_yr+RE~V-}L-Ur<6uw?J3TUrIJNQ-kP_OP6{r-=B7^O
zY0fv04Dw+U)=b1<E6e%t*9>iBMZ+`{X7lrZ&FOT$T9y~~n@y&sVQ|w}YUxHbr<<1k
zI1n%0ko3kBQ_er1KbJ!5UxVC=-L`_v$<20UsA-LDo5fn=Ia=d1ZJxA6ZEoM@SbnON
z{G65;>e<wCDV^tobkjTUYwNsb`N5AnN9_1C=H{@)(m74j-)!0T@Yd<3IbVJ{b=|bO
zx~?=l55hC+FgFDosU^?VXD!$8`B~>bhx%ru=g9jv7q?IO{c29zZo|!+{@9SjOhCqd
zUBaL)7hLqWW-{4vX&j%-h2GIbvQsBPw{$_oFG~`X<kuJ9FMnR$FVnSqC6YU}PAI9N
zuRBhcux3mo1T-W|J2m~WS#VRoTX*(jzq!dA*qW5o#cpl_w?IqO=0sx^@H8eY`^?uN
zsNpu|<w&D73xp-BJLuvzE21=p%~!w6mR3vm*O{Yz+Q<Se9awH1jx0)Q_{sc+dThJr
zU7=@xx(c_ZTxjd6-A1);fm+j<om||xXl_L7x^n@|l;)YHl2$kFueoHqHOOtl%y=%9
znb;O~o|U09=bWEm3E7X4UnDITnLlSuvJKA;YU@0Zh3I@c#u-gtN?P_5b2MhYkQlA`
z;HEko&W-H+faT^P!So!-=37_}U9Mq9V*?DUm-5U=AOnlFESj6ZGS2iTjj9t_S{76N
zZV3x^7pc~YF|#~v^YY7?Y48j`T(t%oW`^J9p9^cw*HF#Gw62=%FCRNyNj}WT^4sME
zz-BcgfZPVo2%oRvS6w@{GYw^?bvs})ahsNIMn0|`#Wq^!w;E8lJ-CxK$Z{2h*VZ<3
zjdRgl${n3~&>@<w-pEqa|FkICnU!s}y4h@-r+M3Pm)fy11vm9)9yR=`YY8;N(!|o~
z)_rnuW-~`K%$CPG-FnRh>NeKttO=^CmYw_m+j|pu%dV<SeBJTASFh$&RpvQ_$Rr)W
z76?gD;y^c({`>EQASx{ih=PdSh=dlEN$m!Iihl(aaQHj41EA6fGCP2Q5Fle!C6%fq
zHNRJHymNowxAr>c-23jU6!0pQD$jTCI&1B<*B;M4d#^LyTOh@ai%2y73gd%Q-kZa<
zT0t<;i6BBgLSrAretIw(v1JyC7wtF?R4a8@@;~ruR;^9g`~T)v`#=BZHk#953<oh?
zWa7EP8AL|zJWg1<@ko2=FYU6{%-Pm$BdXs(gHQlccvhZC_An(#c_mp?5Q`LbA$;dc
z7{YKctLX`XJJ<Pm6!k8vypcKthKBfPJyXK`lYk0Pj$U!(W#yEoD^g%oKSbD!5+kxO
z%2WAilGWg)4Zxa=b0QszO;ki73^5O-Ovi$8QK2Mf+pibn>PVnJvmz-6g>IOlijJZp
zQwj==7Pm?je2<PG>{7uhTL@uXTSg$0+)gQ(SIDct<3{set-O>IqBD!ge5eq{7LAgO
z`GiA`V9orK%i~bYK6MX(@k=@BGQ@b+_)SHUhQi#g0`}KXh6zy?$mb7-EEN$3&SNHY
zIhCw@qow{?3Ab??MloIFlq2Lw8w9ZEB*((D`X^6Wq#`1m#V3WFd~y#uxIfeb{!wMJ
zQ2J=!@Ds5sEYc^}7cGwqmLIet-7sbCNwmU7`3&2{JnH1S69SKeB&y#L@S$^JA1^6#
zaAdJ*hZL=b2%91$Ed?>QR!C}vQ?$n=3-zfZmw*VQ^eiNsXEU{D=-WUZqpd2pl8U*k
zPK3*Oj>DY$K&0^TF@D@ZL&vW`t{=7<kD>)An^b}mh4{d@s%E-qOOaMVA=*bS0OqA}
z%V!wt*pjNYXYc*?%2&SAI+bpoHto-BKP7*!QvJ{Skq5m`@9b)|3!5Gyx;8brY)1|~
zV2`+Rz5Uj!ueSfV<FNH@z4dIurW<CR#lx_rGYN+?WvtF+rSxUxJYN<_-W~Ks)hf$E
zbVBSDucTB7Op7KWt4s~M9`f!ZpBStWsU3?i|4*8f>BJco<z%@bZ7y@t^;8w>L-6^?
zTf$9o;w14_Kc#*@UHWangRj?Y(1Q%}OTu101g~qLC<`e(suotUT@@Z5R^qJ2P_jZ`
zNFSh59pHQvDOxenM}Y6|6yPs}B0c*c>xT@<h~|jmKJG(Sm*yD=4CT*Q495wff{kk8
zUm>$D?&oYn<oY6fjAVrhc{?Iaw7XauM-caQ3ZZfRNC%~VD0&`B>7vWnL~bfip=2QD
zV^q7P0NUk!pLkZ^)e-TdcKnI16oW4_L+*Um1%y$}J!}0gj>K-)su=T?TFq?(NmTs{
z>U=+_f-Vjr;t9xE&;@OgELUfeMDMSls3}4SdK*bFR5DM?*~#~sgYyedrhRTfyAh;i
zZ_u-Dzh^ZB*gMrK=0A|~_F_~A<*Lefj*;)GPyz?{q4s-9TZ|i@Q*IDRf*%(tna^k|
zq5c>XRm_^v8go#JC#6d%T*Mevj^Rj^Gt__Fy3J7ktOoY~gTO7Y9b=l8R)7@jF~p8Z
zGYZv^rl{-a@j3)WrU8_|?1z#R$~#_GGF+{0OsKlVhzDfuY2x_c+KL%~DiCz)Z|JaY
z^BR)_`Gg|@6VA^)#P@i-^f4#!@ixYTyjbY7eZoA!SSEu>@5OtB>f|XS0^>2#2T~YJ
z)-)4%+>eZG8Mv6GTNRmM!l?b2^iek^T`haWDQEVl6r)I5jRzkyk(K&mG||{{Rw{?q
z8Y0TC_dtC+c%Wi;-Z5kU&-Z<w)$3PS8~eJw+=c=78TT>wBlGb6>3TYk8WX-K&~cOl
z399#+R@s2?hQ6(vtJ!y6H*HV2bi$r+*@Rtrj#+d09@tJ<tvZ<s;3V4Dz;g~KR0A*(
z9L;46C{hj1XT9MKVyE<bXbc=Mh^nOO36cc@HMErEjUHGBdAC7yLThvqQ?JNb>kq8a
zXox7s!Y!V{DkCpI#4>9b;3T4h`c+V`s?xAc1HZUSJ8>K+$O_TcL7Te0wpFGktO~LY
zb_!_F>!EG@?Iai>4{sQtB9p8DqE)9rAx<JUc`RjyyxCzx6l{<m4`?TsJv!NBbt$AF
zvLFWv>dxPM3d#T@e2e|-6Hg@ecu$W$z`o@h`&o3v3u*ttbL^qWKK5zogK598c&T!I
zCKC`@pL}2E{p|-&>R-sg1Ia4BE{oCxqz&?AdsDuOWjUOv5=SkeWxug6=ztBZ4!MVP
zJ*1QK1uH+^I4vU=W<;69e2`T2XO0T9-)M(2#Z!Mk@N%OboXkDmIpW#xh(kySPEd~g
zHNLrj5*Rnp#6gNUM4&ln7tW@ta1g82x^+-ihxKf=Ky9l}G(b(H@_LA8d54^Gj&=;y
zhA9Y-qwGEG_9Dm}!@f|(c+T?@<78GCul+#>)XnNKu0KhB3he!fl-7p(Sns3#oLe-%
zzzz}Ze#_dumNiicPG9v}6Ewlcg)lCdC-;FWs3K4rD+NUR302fl5JN^ue!OtL7%~6~
zHaWb%sA3Yek>fNg56IF5ASsa27GhNKoaGn_dphn1jz!-eFi1AqCz*XAp+pbo(Ruu6
zUGlNx<S6!!hl@-=p2eUdhZKeQQ6a)CPO>Y!O(>HWS7Mwg!r4l2Jo)ig#X`ZgBtxoS
zrb+W;o|PZ7*^!$?xWKM1D3e$S6NP@wqEwGQ_ElY^Cb2GwYaYO-+v7!~X&e=t(>SQG
zmSK(S*U_droI#9nbq_BdaW3m&|AX3?CfZmaYuzQQ^_JjA@WK-Of|QdkQo&yPQy&%_
z?Eyzonunmsdx-t)JnVfFvd0P%sHfwKJ`Dpv`!C{&C{#!?SR4_Nr`N-!A<q1UPzWO~
zPtUwO7yW7t+U^&diWUhPQy|ry`zfF6G~W@aT+f$0FUz$7$oeK-V!5r^O<&wA`pjo<
zvp@f{zlT#dWzFU~>vR`!Tw~v9Edwc|#FMUK&%7Ubai`Yd3}HD!r<3GBVxg!vFiAEC
zHh<7;`{tTWtY2r7pvq+3W|x+&+E@ZDBQNB^vy!x<{YNI@bWW|e>2=e#wA8Yt#g_Gs
zEZX6n_gQP9X>Ab8=4YZgVH1rB)h{L<=1DNTjCq_?tJkbntJ>Daq-_B)j!jxvSOCr2
zvDsrbH#>_(u8v8ajgQXqyqXgzXJV3>;>(ntzlSTfgcYI1RRQwWcGZ@U#S;2}d2q|C
znKe4Bs7D?3s5KVstQ}1Z1}vwb%HpC`7Zz>*&fRuw*DkCss7C{tV6f=O@M<_`xqzQd
zu}rUzz@QrqQ%d7<;x0H(I<*<LT*nx8E5^G`E`wx3t_X)XCkYohS<plWf#Mi}a=dee
zI6$(zNP}s#eOmqAY+`?VV&@^lZW(>Pgo$Yi$NW?`;>aVO`#;$i^Kc=3;~+{~Fzs8$
zfakK?QgEKaL_zkE#Z2(^j`Z=vcDPb{<;NsAx@!&We~|PD_m?K@@cm16Z1;U;N1<1)
zbR02uaJ(_0_J4tUX3m?FlNhf!8NryV(20SLe7T7}0Vyo=B+HIEgu!)O!Ks7BO<>Bc
zbHc~AOA+s!$1~fcVOd`gHBfc~<9=efYm>_z+j;Ys?9k1(m`zXF#PmA!xi3Dk2svUr
z^2;{xB-JS_2-&MJ){orVn-eE28fpu8J9Qifm)dh>k^#n^2)5Mn*l$i^o}n$;qI!V0
zCO}Q<ysVA&rZu+D+r~i^ghg?A(b`LkcI2+R?C_mC4X41?*gR$3Hjeua25lF|Hc5Tv
zd5f|Gq}bBD{?1Zds3~Bd)v)iRVnYPyK8__NmWP=W+sZ!5N<=U$+%||T4=Y_#Q(*Oz
z=$kAql>zWhjqj_(X~sMm4W6t#EVw+Z=f>s8H}5SE3x#%aOgGU#c{GG9ItiIQ#atd=
zuY{sqg13ih++G&0T8S|_wuS4+vX-Ml24ab0jEVr)cu)A+K!8h3v7uiPPce=+S7@6y
zoVzrC)i4)T7cgAWD(q+;>soIy7CF~*uI^zCm#>V>rm!|oHZUd^aiX};g3jwVci*jc
z?Ec$qc6OJ|%<Qtku{pD2#}G5)1gDd0AJ@w!*1}c?Cv$L2bFii)udCH@d}6<Hj^x!*
zzXyOykhFfHZETm?$au9>@cAa~r~Y~<*q<q1a*7(S5L7I6R7xZ6EY(TbdAuWR!KEjh
z({xnlY>ZvXIwj&JaZt<!0{htOCM(r9$!R;xlgz$hHsI1k8&Wipl~To=U0G+f$$>2_
z9fi-=fM3(VE~6jF0n2pkXFtYWc3!dX+=qO4_JA{yY6Bb&P;wv#Q<%fBzb5DePa*+`
zx8QWk2Bh-|IG7dQx~Wk{W9c5lhMYtPt_B-kee2_lr_(aK<Mw;ZTCnTDCQUv%+tAoR
zSQ9Yo2buN6hF7L|WuQ6H(8N)lK$%T8j(Om0r`@s+Xnt<qmgca~@qkDRLve9|DHb*c
zJ<jz`P*@%H;T0W*yC}o2BQcJBhMMB6i&R6|^=89ba2C%!`)t$!{RZc;(_gSoZ_(!N
zzFXAq;$Q*!K?G7hIq3jEzGwwFcMSC?KXDlqcAWH*BaSSk4^kY*nuj^&h8z=6)@H>g
zz0x`prPh1Byq+1!Ht#pj&+ExgW>aOG{VIX3B1D{`-G-mIlEzye{j^_X1Wt)9*A?Lu
z_B<qI-0On)0zm;D^#dtPyQK4kNw0v%OJb=UEHokK86(=@M<#R_3+SRM&$JV-*KzPQ
z8YzrJ25q^2&mOzyPMk>aYBVQAj(Iqab>8ko9_oMC@gJNtUZK}91zET8SsG-VwRk*F
zT2Qw-+W@&LJ!+f9BY)+C+Ow{j=vk&}jSt(y7LrrXh&*0;5GN26Vt$DY#~Ru-iE2!u
zUH$H|^+1Pi-)V<I73|+C#y9pd_Oo-J?2$mnvDXcib6Ff2p>=E@!QBgEC#GZnlV@pp
z^@4Uj-hJGn{cJ03Xv><5C(>W8a^F!-=@7&I&iWbsR!3bLtP_rHK6cVW)z;$-ya}hW
ziFvPP9npb(ciTbGVDBDla2`M%crw}RwDo5S70jWSAQClF>(Vxj8zMVi^=19CC;%GR
z#+66y6Sh@gUlxo<<<$1*w;?luHVk+^UJs^mz4}Hnv}l(?WO)WD4FP+UL1G@_h*JHu
z&)vq&$Au+8B&Xi%<8|<I!nx7@WuCI**ku1COQvTQDbDjFb3Pm%jmtI#1_58+Ta>XS
zNk%=Qf7x#-4Uvfjo$QeoBTH)w^OAvVB21C<B#2_7s6lR%_E#b7@h+=3Msz}A40BBN
zG_LBf=bF#?11%C~AHxh|pAOs9W(YWuuk>=_{@|Uy8v4G*eNby*zHVcGEMd$p+u=id
z?Z}~hR@r}>RUWv_2JK~0e|Z7R-y$-HkAZd5uUJ>%8hU;FSVpy2HFg8y*w4Ab$=lCL
zk|3+mX&i`0Jdb;(C73Z8?GsTKyh!>YAI$YWyj-7;oiSm2vtvT~6i#wx$E|ceCUU*U
z(cT?qw;`#D2&>xQo@KHZ2dyY4h%CusNe4uIy&EC-QI`6gAJq`Mfb+B0!_yYH?EVv+
zM<lFZr`ABcU0vnnbMV0goHcYH$uK7lc*25o%(I3GnLN%|+<9cas8(_wDK~h94#dfj
zS0$F`x_1A)hiu^>&Q3aBF&<hPBP2~ao~PH9VYlMIZNh1z16c>B1E+zE!QaIh4T)DC
z=XvJCytwz-JFp?o7Z<V=R{kW~akx5h!WuMiKv8A_C540zsA56oGhVd@>WzhR%f=0;
z2cLuLX+iCR+6NEWfjjQ9-tr=dXLyLGBgKqVkKh~_tPlr^D#p^t9N?p2-!LL^B9kLO
zkT|MH4)Os=K&GJRWG9(*qLAu_1JDlwuczx6PZ{-8I@Z_q3P)VxJP74<A;!xLJ%|vG
zey6kK_0RKin`}RD%Q(e*oQ(8!eO510K^Nhb@%$#evP^m&OsW2gqO5O<M}PP+03rwR
zDl^Bt9?QTu;Vq)s!$)oRt#_I&!5NEjj`VD=7GI8a_N~S|9U7FIxC)k@I#6;DHQ6JL
z#$)IehcacGIE!Lw%7!7;Tw%o}!P|pv(v$i;*`f0YKZp($5B>>+={yd4Z4ge@?!C|U
z-trYJ5G|2XrgB8AgYr#np_%~q;lOxgNXHHRvC@VCj0tkZaeT0^Xq)Vl4duvBoI8Y3
zFq0j0ER(m-BJ6#I{RPf{SKu9s8p517CnkBt9L^)CUh6~Ox5e3mphI@}&fCon?nmCJ
zndZD6(qnOB87hZ7+JrJV$4O=l5=qV~C_8d$WD(KQG2Uf`3o^gaKdyJRC@Y_VC?`dR
zvFZ_=dIfy{E6jArgIr}$4n4}IJ;J`wu`ZrpgyXoPO_964pi5LNCq?R;Hi}c<sGJnX
zv_rCU7YpIUsmr6V5l@Kpgwimcc~PI*9{mw0CXsyvJRSD{NfC-8&y4UzTR>@~CvCJZ
zX~45s=@_SgbHzIs#&GT%O+Tm&$EY^}bySz5ju^9kEL8P~MiVED%?9tZ0IVY8IOiZ<
zjy=XaFA!95Vue*$cO^*Gg+o?bJY+M69supPqX+M|*1-qN=8joq`IyeFdfi!N${U1(
z9-Pbp=MS84@j@2X9+IDM1ycJ_w)X?dXPqdKgSd8RokM$cYh6uuTki)NQKt=aNP2dJ
z%Q|MUm5)se#k-u_B$+_i>y^Ti6Azn^Bdu&BT!<H?x`3;e%HO#o><IA4O9(lUSd<Cb
zH(7ojLRg)KaI)n`e@86~aFr2#<h)|fx^JMf3!V{>FcAE?NAw)V4AwvqA9*72#F{(1
zTF1~M$Hb{Qn$Dy0L^o<OMS41qSWN4DiG+HTJAY(JbnvcyIICgKoK!)4JB627m<Ja=
z8jB-K--y$BY)rs`Bq!A&ql{j+YrS6AW{=L=?97Y}x){_X9Tgx}PBQai*tzE&9A&^R
zWZoVp7ll2q>J(^dqGpq*52}EJ1_vfD%Xiv1c$V#+uiR$c`J*<NpTXkWM_+I<W_#=C
zCM1CDXX`%rD5DfXoE!EdiMv~z^+=Jdmm963bFKp@%D}-G&k<<^(T4GvJ$I(p&8p!H
zppL;Kf2A9dWk;2B_9M$2YdcN`SKk-H<gQ~dg(F^iazzf=#Xi(0WQ8df!_GaKVv`;c
z2fW5D``*W|$FqGLC!iSrP?0wp6^!=^I4031Z+CXA1KNGd?be@bW5&cjB<Wyfc1#GF
znM)30|GTU)iLvO84s-=Mb0&*A9ybc7wt#%12eAok1Gn0ESl<*Mq-6%x(5(h>lk+&i
zt8;ur1Js3MeAnl0vi{<N8Hr;j5$|T85+LN8jvv12#w(L?C4pBWD%B=z$uS>f{f)B0
zeXL??U|*4Rr-N++hpb^tLR7^2ODw#qf(obdN$%9qjN{Td^UC@d_BG6QJc%Z+Os`MQ
zBOl+vzSYUVGS<o^JG$p?QTNzkEQm+YF&GD+te!#0%c+U{xd^k((ROlntRHXgV5Z(D
zE6Cb2+F?YlV;lHQ8!!|aa|Y*dKG#+#Lw3q1QP{FB;wc}*b$Ode#{ko&I;wBIugF=R
z9#K-cY`-t~e$|v6K(HLLR3<@LB6+Uoe&Bv{p7vKZ1~@j7t<1?iUF7Hel)_2QbiPS>
zNEqSSCTA(1QH}~SBr$D<<YJsBp(fY)mt#_qRD#KZ+QbuN<J@}`VX1O`ggrlsMP7_|
z&aWITb}WD%Rv$NT4AwDT8yK(C>o;1b-xdupmIhqcdHlfv2(EKW9NXfcZVT>2n|B<k
z=T2*5ShO&-F!#Y3ojbVO<`3+)spX@#|F$ofEzg*>W^K@+BMEL(pmjKmTbR>uLJBXi
zuPb7lOE?BuXN)^?5bsEGn3HpK>uFR(^Ti!<+IVkzdr=8=3CAYKEIISyIA$EnVJ=Rb
zrhK1ydWJ*@`<`OZbt<E1m-HUY<vc$~Mf(-xZR9uVKa^*YXL{CSR7Ww%S$P0thSKi$
zblAAo>!$wV{He5wr@r!2q3^gGdwLQ(m_NhA2^Ste&a%nr9AOQ@Ab>sR5M5n_4*QT-
z-)bN_kIdI^Su<a9?ig@T9g8SQm&TE9ai(QUGi|%??gy-U6q6Hwe4LYN4;3RJ4=$!^
zusG}NVJ<*)MjK5`?Q}}P={S;jTb$10v6*AK`q=Gs{aGYUa86nvm?7mN&-5&Zjd9M~
zQPeT)c|ebLP?Qb&WCC@V#NtAyp^5&8x6HZ=^LA+OUOR#X29?6N=W`z%2FObtuS}FD
zdNmDfmILOJi`Zz#CcWyD8HEgD-4YkF{DucMW#;E&hI+Dy5AOBygNr<clU{ulwgova
ze}ot0eDWIBXK9b4i+waI^XuHhVku0!2)nF6LH2lTJxqP*`W*B=j-g6C?YqR)H5&VV
z@+8L*P9w(ysom;Yr`@&tZryE*58y;1b$%+vC-4|&%#4|Ucm=>68c=c!hn&WOepp66
zp#$m80P-Gk9$A#PJOqu0h!4{KN3k0JoKGRsd2Hf%uAwh@C2sl9VY`3lT{d^yF6;Bn
zJq{Tj{^}p3QwMq3<i7t=9{ZADJ88><iTz1C>2vOu<jlwWC-QZ>oJYLp={7n+3!7p(
z$;m$DsjHTBjKFIX(^kVitf9RdHcgAV?Ro6ac{t4nt#|kk+I|P*16Xx2XEy0Lu`jhr
z(8MVox9Pn_K1ZrkSvPXklSuW;<iwNgdx^osQ(W|IL_6n(`7(c|q@8ocrLiqADDH83
zY(aH$@_pz$WVZzp_hzdHpyQTy3KY16jQc(hU6d1LcyBqvCfSR7*z<5X_^3{8mPj6P
zu4mtQRIX1O>9RWN%Z-PJ@)UEugXzd*mEuxtk~90neakUIRq8)NEXm{%PJC!ym00Ad
z4?|WIHpwQBqt@phURj)9>R4j}j%1SyJ|j`DG!JkcByS*HP#rW0Ut*#*Y0GdHm-zxI
zP9iXpteSYew_vsIylt%EBy#Ss%^teXW)FhEXTW*Ivf4VR7xLUIr0;-2`J5!yc+Hm@
zBYuqXWmZj7FlX<vZE7FwFmJJK@wk+)u?Z4oh%b*(%FI^{^)N3!Nd^mBi7vZ3^q{da
zS>lB_*SPF@BIKf;L=@{^<cXvzhNZ}4l_*uN=a|;M_W=Qr)6)CEeRS%gPtZT&uB+HH
z?if_pZAK5n)9%xG#G*hakxnE!AM>b)`_H*Mjl3#H+2>q3mC76W`lRR!EuBZ$Vlm|;
zOeeB6*8z2H|DHoObMHZ{wo@2zINRu=vV2j3_2gp33MxM~5*1C0pgW^<)_64_IgiZ-
zoX4&l$ho;Wn?E+E1-sMc^P5cTgTguU9>Y_a8ayhC3nc488`se;`cZWQHJepAkk0w+
zR38UY&lcxqY-#SO-SdT;&1PmXKG8>V9#xD$=2t^FFd}2dYnP_bNP)Cf7?d(n8?tcD
zsn2pM#vz|*H&w2qkeiUxsg-S(juF&_Jj~q=!Ghigd<u`s#c)BNm6v$2eXGgBn6M=B
zA(>Wg7jop~b{<y^=TS3L8q;XM91QgX9Sx6{4Je#O-szF^*zQ@U)3d{O?X|-@_aQAO
zXO`ppASOd{zGYr~PFGjgD3iuIim1bA9LH%Ur?Ql9Y8#vBEhKZ0Cpkn~c)JluyWHEy
zW3CEb6`wnFK=i<e|H(RA(dbSGgcGPVN|g|#aRAb>q{$lfQ@d$Y1mfApD%8o-cv|Jk
zyuc}YKT+rH4L!e-lP%N8KI>EG*f=FQ9C=Qh6SZj@;FzWV*I3uI<`igx$Gq88YssdT
zm+dS6{7<&<!2M_v78*LwD1{Ubq^gm&&QS-7zQW;4dlz%=ajd%s3z1no)ohcbL<B0H
z!hZawU{)Dyl%E1%sjsp1KKD2>pL1nJl@pMcNiZ!sNNLGE9i#o2qGBAUfdc8vO=?f-
z5;En%I*KPsw&Y@-fpnhF7@br(AJQc;k58M#U0n=IfLP=sc}kA75)1K3R*;;6bC>+s
z;b<2a@QowO6oBm3F6SJCuOAB$E{vCyF6&p6Mwt&P$pOQsU!6>j7ac!*xT|?*l8;{{
zY9gIGkC+c2^A|Jts~8<Po!v>^&2&dJcpXk<Z2;<btPWn~9gG1lxcFZmA31P9w0QVd
zQE%y(^_J&s&{{yIyt9EZ#$&b0=gRBGH`w(SyV^kV7Rq;l9e?41zjUE_R`DFCY0P?q
zhQrE+`GI$N=Z!!>`G=giwoF5r`oxE1in%<LPw-+oB8B<M_E*G>%CIf&Q;(yZbf9d!
zj+IGl{}@?fK|dnb?5dx-k++NV?=pStWa#yvG`}$L38X*@`#{U$WM7n1T9BTPNW`<1
ze!9ZQH?J2Lcxk!;a}<gZtIN?TFDF*gD;lJ{P|2u=o;{>zD^zfD(#ILIA^#-}RxLP4
z7j<TSl(BK1+TeP~T0~ObNgovHlqS_P>Y_KV>wI1coeDeNM&}Dci*ROpOG~L7uOmri
zQI;~V8^fV@U9P7cgrsBG<MMoRuC$cGHltKV$dQIRrAuXz#+H|C#^{BiaN<D)edbIQ
zZIbMD&-J4=<Kqi;%EEcSa*XA2;sx1l!4r8K>0mHEl}R3FNpwDF$Nd`P5u_{ZB)&`m
zM@tX(V{+>+ckS5WS>>U8hRTBuX?>igd`Yy?cw~8D8?x6!Ws@skkN5hxU6hgK6YW)5
z`F?P{>mom?l@7A{fhUY{EIaW<kwL#_vxg30iNV5x_VQ|g=SQZE^Q>IwS$z`eiUQiK
zu;N&cVw&7u^#+f2tIn`@XOuc8<)?JXM(xS_SaB)d^GWF-*L2$*Q<L^97Aov>Jr4%r
zB3T{OYyxKq6PUx=d?^mi9(1u#;bejN@C{Ryp&H?n)+FC1VtFHc)EQvfkln_)^a>{~
zVtKC9K4eHd!a1j%*Dp`UI1gjXeJ%mtBx<2b0bjHty_2W+P!Um{Bjlphu<Ut5Vtz8s
z^Uh4gsgD3CWZF|K=%tA~7|LWI%bT2bArmRAG{a%vlIJ=vhq8hmPI4BCO;%pw(eiXs
z!L3WQNjwns19vA;ffZcoC6iO|Ktas1%IuJ;KIp*F>thcicj#4fWTva@y(;E45PXIn
z4!RDA@4#aCBV4r(j*%Y57N>$D(Uzx{U8`HCGGU$Cq;=|3)@`h_Zgbk!opqk=xcDmD
zcG2aw<MPMYy0af?wJn!gZ~gh!t#7w#^BkM5Y_n>2$_8zoa5t?t*~BqQ7q??Q`WTpd
zd!3ebyI6ZsD18JD)7%f>yzW;n^W&311?fKXkqgXeT*oyxq>kdrnA<zoorED9mlY?Q
z$e+Xx4B72`9&($U5azn0_&kpwPnSq@S&D-^&L$71JXJPj`b>!mHkq9AUKy9$)GCj9
z<&CT?_JT+gBNhdAquQ%BV*}#BrbQA7wNR>n&^cE)NH&~!VV{VOBcCOc^SHRIj*`=e
zL8Uj1khd0wlqd6}EDp*XN0tq)x4HQyXsRq1Ysw3=$FO)~P%)k2U>_VhUqo0&9?oQN
zZ$r_>Dc7Ymsta}jpZ~xhrNhbo;~5X1`{|&K%X9qc0)T^(>C%VJtrBO0iG&#G$n*L-
zrFeWG4BIeFInz;eo$8wOY8xXJ$8;%AhLcQ+E20P#;$1G<Q8!dxW|R1cZq!)`+4FGX
zXGL5=m&LEJW4(sS^DXQ*)IHNFy~jn`qU;9>^Yt=vn{)utkxXOJ#{meF7o+Gn@};f;
z9Y+v<1MSHEL(0d0EEj1|7hQ4ISS*nGH&GgwBFQ-LSLoc<>yf7&lF1eJzLH*ilxWNP
zQKkx;C<9!-u7L3!$270_bDcXfbHw@>>vSCDJR%vdSwwzb5Aba4xL)%Njib$(j5-u-
z^Yn?rmUhZ3Y$HC|FrJ^x20ZmkgojABo`#Eyk5{JQzQ*y5_SdVJb5J+_hTYj`?XV`C
z$JrU281Tfk-L=7T%PN?Y>Jxn4P&xX#q>XDbBFp4a?r~z7K9@ZvQKVs?4TUL_g`DC+
z+Aoq*yD1ma$&^UCJf1BHd6+U4WwE44>B#eZ$fZm?A#4fSr?8uH3nCA@q)R1A&dFm|
z$V%@T$`aGoImf2+te+IEjkpI>IPyrg!*Rax5Vk4oAP)-WM@0tcSQqc}qzEe1Esu9q
z=zT+3fm~Mzhbm*(O!RmGhAvZ#TSyQGIB}BW*sWp6!%>8ej$;dUU991K44f{gk9m$4
zayT70c|0A*c6Gv9)hRfRlh$j%d4%KGn^<oPgGoEqZP;RMgS98NTYc-Lw&DCo+x9EI
z$u4-@_13)b3Ty2++ge*UTX)^04fvbNdc2A!Z_ECS9sL2`4V;*8$B|c0(N<JPYc7vl
z{WKvs_lkD|D#+)Mxki&PuhkmJo9(7S5RZG#!NJqq=)}Cz+Cb8AmE<f<N+%w6OjAfF
zqD|;>u5^VmbNiekt{CrfDhK6x-lLT4W4<4vh);Du9<|0}Uv(oN43z^%=TQp-9XfO-
zZPg)(b8%$Cv|z?9F-^v?c*;H}Ei%x@6&aQxClLd1es0k^OKs>Ir~q^z?&P6HBP|pe
zsa!TLmFG?y1_9&HEj-hp1KDchEQBv6Nb7Y`eu;~ex9g%zZ$q+Ex}?u|(y4rgp$73S
zTh@bDLFqhZ500ZA^GA-bgVAO_&dc=LiZjoQyu*{;Da!SDR%zIVA97KaXF)E;D~}|n
zvRp3OhCbP5_K9cq$xeE*ape`l;JG7T;7QKv4Jx)l;UQb9J#Mtl!{t+#_M2>1a<?z;
zTgJJpaG{Ufh8zcx_B#m&QW}REm)P%2LgMqdavn8n;@j@o;e#9p$PX$We17tf`b89F
z<aH7uZ*tvg6_2uWJIdsl92C05vB4KqXj`Vs$|k3tbAYFfJl$#ZviXF(&l3ZjBrVy}
zK{&@~Z=LfmlJgc=RzKyR%2auf$%pDgUD6k9J&&-7x}|VBUKJ0X#bvspoYy1jHAK-T
zsZMCExE5~2`^`I~WegXedK2?-)i!R~Vr|48nw`P=g%e`TNn8*3<K#M-C9$7`JpY^%
zh2z76iL=b2K4jOkJ=q6!bctq^$r<)`=kY0zLS7{4i}|B(T~3hb{lPDJo>yidD4PO2
z$Sp{9a_;Kj&Z4Jer?_Oxu=I(Dh?kr;nJ(;;EY4sa??|$~+z-zAO`9Rvvq^e#eN$Wt
zOG@04>m7N#?{|t32S{X3Pyi_$@eCK`;M_MZ3I)BSEUaMS#kf$V)-XTJGkrNXek{<A
zl%@kGjw?A8aLQ<lEsvER*FSV7eK9(YJPde;S%iSrYUpX#6`6i2RcYuC=p`-q2G&I0
z{H@yw+qn5`JMY3r*d>=e)-HR@H`}%gA7vZPxx$*;F0sLe^HI%nY_PQ1>PwSWTdG*6
zGlBdjkRQ_X=VFi#U(TaT%zAKNLqz`2fYd&yCMPGc^|oa5Gh@_NZ!hNn_LPSc!QT5~
zRL4Ttrr^=1MH{9|X_H-^m-8VfPx|pR6dz@d=(BJ!9y@eJdJ)P`b@Vts6aI}qb7NQ6
znxRO}BONmCR9;eWXR1Icb3KSpd6XwR#mgQ<$1!m^kLWo5Gs6td);n+@s}1ZZK3|47
zBpM;lGs01Rl*QlG<3GtL4y1opAYl}?mi=wvNblU!V$WxJF;4namg^wn6Z$NkX|g&*
zo;=xs^GF9$&Lf-#_8)V=sn^j1`_VRd==`UdR3D^96+C|*oL&YZX|XcQE$z6YQ<$=s
zKPr>COzz})iI|pQaps=lQaH-?CL|r=lxJo`nRXNlI?zfxPC^A;AzVxw>Bi>As6zVS
z9#?2fs(Vnhdn{M_WT&=-ed4K4vostxisJ#~2a(1C9jX`?FySo}UUkxyCrpNXk+sj~
z9uFS&^?<V$3^maz?;vkWv2G%bH`qq`1t&7X&JoUZ&Lt=AajEa51JC*`%66G!Q;R5d
zNSBo<=P@VF@%(MXTBl=2@7bgFHF;$Ma|fMA&lAKvz%^!ACdkJ?(uGVL*{SfPCrA3w
zC3|m|>vEapI1jzrgf!}tj7L5>Wwy!Q|1pL2<jJ5fHeL?rN&blUlpUF!wc1qErnhX?
z?Xvm#d27H<|7xSRmHi}=K<-{H@)WUrf@KurhB&`T4oY#Eel*Rfjv_YdmlUtG2p2#6
zM!bmg8&yK+$&##~%XxYRGa>1dO`-hZxE$)KP^Gvm8G%5SPsSCo3K6L+Zc`d($%ZV&
zXYwe|WFiSE&O?!B((o$<QRE(%>B1&U>|-TE=tpI7kb>k%51#d5sI+l~n_-jUied<4
zY(tOhSQ_sPOOFi?9}?e<;IZVlf9W{V(eo>g;UMBG3I~$<E)?NBy5k5PYTZF<{!5cP
zj+oQr?1ke9AAwgYc~!Dqx25i+Ep*n|U~0Qfz;WDk;iK)GtDa;VE`PjDKH~AV;i5}y
zddImov1tcR@-|{FYFd98E-mt_RU4|uV9@jVi&HBm>KcziwhtRVc2=uR`f-W&J4dx(
z#kttqoX^QhD1uJMb>gZ2LiRZ(DCNO;Qf5yb(--0r4W~`|H2)9VMSL+YFHdEr@F->V
zLA#WGs7^VjU2Xf*ZoF}RZV5dJB|C<RFlp$g7SI{$4>?-FIdLYQZ2eYUqSS}#YxQN)
zW1$I$lFtRUS{>cGURvPufV}buW9&&k;7}NC(+;D~^Yru~Gfoa0$n{Vpr>)&?yYm=&
z<|gi)BAJ|FW|X*hxZ7qnXeYS{U&fQt+9J{|Yt)&<=c4rYLvR>5?B?c=S#MzhM-zWT
z6Y(JBkF2ywnQ$@9bRMCPbJs;!6_Gt;sa!86UDA7nJzU^J&KsqoK2av8bY9l5E@bbk
zmAWXWs4wy;H<MF%C_lyfzRLCk<m}){={*i<i($r6r|>9Gc_^=>PiYy(h=r^mOkC%6
zpgfW;I2=cgcipz;EfYA76-<bnt!9tRSZ`?=3ZAjDJt=dLPtug3M|$!g9h1sCm8*Cs
zADa;eU9yQWt8_v9NKX1xe-bvC9ATY2hA!HQY&Gur%K~U0&)B7IcWmZRe(M^u2kdYx
zrm`UD%cE0*!bOgZA?M}gobh=c-rlg4oXBm6F`V%dlTK;)WjN)jxX9OoY%2xn5a2w<
ztBriQsRL?GHsmO?THCg6wF*vJXAd2<!SW(sMa}b6hN;|?dDa)93mYPM60-J31Xzm6
zR7Ca`J27NKDH(!kF^oXQuqoI{6jXb0^+$n=3U$l&L6$h$o@~H9?6DaXF6ayS$Ucip
zaz;cUoRvd8gLycqQq~bFN<<#=xhtWV2F&Y3*?HvYEX9S*h^@jB$@92qXJ%H2k2o=f
za#{N_$;JHgaOCN6WA~B77&|;}^Y(`ofumVr4l|xy=}$gDJbE$pfpd-Xb&s|r%o6_L
zpy9-jh*f=iJd^MLe<i6DNs;5qxtxm9Fm!Mhk|M_?r!;4C8n$=HAt5;>$0%o(a}FcN
z$!R$>hha8nHq2p;+rI1ld3?XW-)H~bd)&v@bziU3^S++X`0d|Sb3Q|xH@V882`L`W
z+AC%m-E51PpoA?J0|3G$uDwX5@Qf8bW}L^Wg<y@VrHQC6=9ah~c6#1G?rG!v#_e5K
z9ph{02V|wuS!1uVy66EhBN!p0cEwX4;`y3z+f1?)eYY!p*!y)LYjQmP`=d7@xs?{T
z9XoEGLoGOUvYDTJ{$ccPOmCErnC=$H1=#=CGMR5boEE^(3x1StvVwk}_;mfjl}j8h
zOAy}4jo!P$>cBAdpAXnJIVc?V1+Pp(%LFw(_^5p74o}*C4HW8J!spDrI!HcijH#<$
z25!DvJd(+{v3ABbfmG$4^;=p`*v>oHuID@N+<+(&1PglJj2rT@wq1CT3EjJSKP7uT
zB;JJBkr;b=-(=lurjJResJ>%Bq%=u^v!WU0t}oxX)ugymHm+sZ5`O+uF_eSY=QZvL
z_dWB3-j}W<7nCNv`Qw(~S<}lfxbiQZfXf4JA3N{si)M->W)MZmA4ogDRuVeTk1EFJ
z^*9<UN}$?CBtuDulB2N^$#U~tZoeEBvX<4{#vB@SReKZ#yeB%xQy0Gg<@sKZ@Xt1y
zp>LhYoh{@9A|4d?x2(V3Kxy7<%-+v$NQ8jq$&_24+Ejk<oqC)31E<ySAw)r+auwju
zB^)=)7K+{yRa-pfJ(kZYZN&CA&c3D<G-L2Zb>#}KSFx%VI#(!v%F^ZuKYzjl3HhEG
zx*l1ykX_C9{%IZSZX^Aq-pVs;upP%iiA278O+5wE&-O8A?i+V;0+w6h<g3l+Cw}-Q
z%KE14piidf7r1R57{VYkV<!-G<t0x~d@^`z|D^Q;x7Mdep4TAApGxAl?#H-ro%PXp
z?9^|wDC=#nEcEr#vZL;{;jQjHF)bRZ?<;1-yibzyoooI%7r!BI;EgMRKQc_-^}3qg
zgz6`@sdGq4zq9(q7ZEzB{!Z@PH@-j1=|qL=oQI=<;h6@ypl@NMj{r{o)N`xSF--7Z
zKYg`326p1Qxc2kUV#*+u*ueK3^kH7#al4<K4*jR*u68*yQ15TAf&8X;u62HUyZ~y`
z`#KApv3F!e4_+t_y>T?Irt+@4U<v5Q7Lr-$a`dZUrlw7$xQ7=W7z7)Fso7>`e4nR(
z?dQafd)p`a=GR)#O4;2GnxtKOS<NTv&DF8Bwt>lp;QiC-%}3tp4SO$3+$Ud7@oyGV
z<fJSIjU0>SkKef%>$E?U6C5(%?A^1Fu30Jn0fTDqsK59iHz{=?=;La{@YQS?__>PF
zs*<<pJSmJ&JE#w~Fpx`(=xOKoAE=uQm?ib)`lbe^`MpzN3o_*U5GeVZ;>C6$?Twjj
zphLdCM6OJFRHSLAI&r<-_q)$tD3NrIasJfu5@@qWRHN86A;|Wk!gz@;dN5N58&k_)
z={>zr@qGC4{=JWVYURO21`77ijEF<_F~BaJf+7~jw%E$NwA7Nyim2S!;5C!M9v0Kv
zaiw{OR6=PF5)`pj2-!D@*n9+XEcfodY-Cbswd81A^g)78+;(IhlznO67nMp-xbAaR
zPb;0vrb}E$^_};$1lH6s%v5*)L-rQJEqG%&hk`PwZ->NgEF_bDZFyfgr@Wkub>t7o
zdV5o2%-l{?%@wE)DqD~FzL0XL<Rh#+JvhUULAAyY)(?T5i8%}9ix+f#9}7G+n>(L|
zHcI+JxqLFS%i(MR^wBy&H!<LX#@k?Gnt>}*n#n#xOlT_RsnNmqtrTTOuUAL3KuIgr
zC`YzzTv^p`sc^^24HLf;I%EH9EA>N<u0AK{FNeT@sIv{1l{8IwKr&X#F&UIsI!mv3
z6<Vp1RxJ&=c|1PsoHpBG0T_vbeII+@Rhb&sTy+<L0>Wdt0Xs0jOewTdb4AK3%KIhD
zyTV6)Z$}?Knb2<X_6<LCq1X2L;poG)+ZS20YQ`No%c|cWEXL&fAUPdRd<pII*yvWi
z&Ml?$zBd6W9b^4q;4(qXFeOe?>z$tW+4;v;ZwH?H=34$yr1Q=EzB0xq{8Dc9^{d+L
zr%h8nJe_=8aP0Y6>1p43LD*>Y*@NJgf4%|Xg7seu#Uf?`FADCm06p9>f%?|roLwkp
z|7y0FC5~Gq&XYa_7VtS=-d54ReN4c0JWVBH?>h%#s9a)bFw#C+qfT+@ci^^kyv^#&
z$+FovQH|%)^SZei0q`dnZ4os*+vt&wv)-K!7lDPZW?_;6&#Z(;T)F6-)^$!o^n9of
z>bwLNhxL)K=wGyci5qAc8fe_URlDCL?RId~J9Ej#!4xNd&)1}7;S^A2^|AlghcHE8
zYE!ISs8QVt;b(sR$l~e;lSIv=um|Q}byH2e){IpQYv)*dNIHTj5bYIz%H3igZ>#u4
zAhB%U<nYVUE_oJVl`3VDs~LS!Tt7*QGE>;s-=92S|DVmj|8qZB2BiSMbt7g%Krq-t
z6mw5!k!=mEo?NKEGRrIxaBjZIB)8+2*1x;`R=kS7f7GYPJbnPQlve(M5}k)y0-bsw
zp3auW+Y^|l8J!q26e#005oXS}7kX*=X_$P}zSS<eCD$@n^Gqlb^n-<Oz+U^8RbQsT
zDEl{`=eZr%|2=it;4*Zs)Nlh?_|y2#($88;Sua{Z2=h8-toXB-OtdG*KGt(hDq`!?
z7pR~?5^x^4Q{onV5iA<enP9$`pPw(x6DQgV(+ufZEZ0v8xbU9BVlet$Gdfa3f3c#&
zg<ZwDUjhMHC9v6^2?0)O%bO6P$B_5BJWLl-`E9N&K6-*)<ku-;K0W98{~RF4!<i}_
zm-hn2+|-Po4b#wW`s^cxH_>>KAw>v~d%3KcB1QR~0~Iz%Vj8&P`f;%I>~%Ab$E^Dr
zmbY)PlnfpxUCn170*}5K3j070cVIq>k@&yoVh%;dMbG0Ow@w#9e1E)s<}bX@@cHF6
z2OhP^j<dfYq<fI&DXO>`lPKb3%^ab`cT9u+JA?%%%c3K8M*p}z2G_!OzxVqx7iuHz
zV>T|V)-?Pn$vMjq<ukaPq20n<HJI?=_$-t;<Uk84L~#N0`RQT<5$6S-ED_iQtzcgH
zn$d{$v3lTlq@chUSjYvZ7UKpn$H9~;z#bMg;}!kMS#IT2a)YdZrfRWiEviz^=S(B*
zjW1is$?w+Bm<&W*x2i+6a-d?&kw}xuL|-hBHR=cqW_<Y^a`5WU#B=}r?@J>U$95_%
zP|C01ofFP|iGNEn2Y{=b>9kNHOl{(gqTKk7LofcDz*v=hdNqS?I9!xO0a^?&z5DwR
zVq$i+F=EBkZ+$wb;`FW?42H7trgT#03P7FZ^$RWqN3zgbRrsQU?Te^XzR(kS4Igmi
z+CQtl%h<Cmhm9=|#9<vmwYDi2RLrg}C%05&98ydp%F}bVA#dq)W87xudZl|_`t9~Y
zV~w`Y=Cryy>jgD!gW^>h)8;jt^4p|W&U&<wBHvP_rRR+iG^<sMmcfc5{ZWY$8-b@z
zu8%V-oZTCKX4UUMz&$M+?|S`*pLQK`F8@M&b8RyarZITBkVsoaa<yof*ZKDwPE2Nf
z1#&1^J5WUhQpk}?@9`SUH=yYM%yyKf%KvLQPjqPjypj8e9%)>J^FNwu^AbXTSiVQc
zZPgV#>6&!_#{Xr4C&_vQ#`FuN4+~8Fu{_E<f0|u(K8B!4-<AeD#s|-dnifY2uZ|*l
z<yFkT{$>Rvi$0Q(ky*N{IC>EiG`-cK(<>2h@m8@wP0ZaT^WhMZJs`2k3`l(=UE1(n
z<E>dPI4lvq%wD#?R|g`||15PgWpSGF+`((xijgL?XExPlHRAQtB+I(#R{fDTEu$4X
znf6NOEnE2PU&V~qJ#w$}NSkmMIK;WOzepF<frqlq-8hi*3Kkle9bVh22wHa*p1cNH
z)Kgcd&wunAV)~<XmTz0niPfFaz<3Q`2+C7Dfjz`q<Q5@*g+AwUzLCJ<bG`2eB`z<(
z<3(N5E1esTAnZ_}gKbmsPCR4JL^*1;U=;V4el;Gpokwcg8mLoa5`p17TKd<f+NBd%
zAW8z%$whSxe1laUByQBXy<NR>UqpL;M(eC*fS1=Gw#+KE8WOgszFSX}4;t@P2owzP
z-86^Kn?H@Og6|ub!q-@@JBh38PC<52D}j|XCKYBD^MHK@qZQEm$~ePuI6e?{N69+v
zc8TagntZ{C<fxU~mi;AL$ZxM;a@LtfCK-srGRW+Z{C+s_(rY(?5tvySwCuH7db!*<
z44BGo>Z5c9Ha8b;bEcu35}=Bfb7c9@Erg!VxeN7CNxc@rG+m-ccE_#hI>deioBwIR
zzJ&(i$835}i>NGRo&Eo;C(rOUjLXW<cn|eIJGI{n{S|#wwJJ%nVmP^%&PoNzT)bw=
zNCqgYCMyU-mO;&HzQ`)h;29Qg!R+m?k|Ia!eoRKs{4v40DZg|Y2F$qAxZWI6Nh1L0
zCPD5E6V%6{MgZPFIrmI>4@Bg9pu)@H<>Fae8H-VfIZ*%?Kr6`@M0PPY-OIo;phKl`
zQ+S^mSB?E&#uEJ#GaCR8{^DWaBlpIR+O>e{og1;Fm8_wWRK@zj0{f=|)o$bYrF27p
zetoHsQ;IZo0w+n5w%Lo2igeuM)0rwhRj}1<g*{hStX9&>Rr>5PS|6V;sagxKgw(94
zXKa(ImZMXa3i7kvQq2L*&*nNy=uknuj^}KZn>8)$uz5*X@mA)j+FstVMYyMSE$7jq
zte$CZM+;{XGYSs#ND@Kx4&IV_mQQ<U3qB~sg)(Te+<r80zsS){oM@=uYP|YwX8q(u
z(dR>6ZD#5()TTDgi4Sc_>UVt^cEP3Nx1A12&WuiGvyd$75t42LTXwuo{c^l_K9@g7
z@aefo!6scM$;dc)y{4@yo90T%-MTW*ZCfkWNS%OOR$o_ReEl(NH_A8!I2<y))D0Kx
zDewV9Y2pEU+%xBIiq&?#evL~4$f~LVb$l_3_1uJ#z_IwUu=|e_w+dTH=TAgtRi0KL
zE+7vK;;kMw*)N9E=3SrB?k^@VPX4j{RO3E{d|>p56FQ$TV2{L<M23_w#klamW!-_7
zsAkUUQ6<A_w^>bemWo%AS`93d{At22)@-;z7gr%SbbwUv!oHzq&LpE#85A{Y<lQNG
zWkFI;O?>6+#@98*!6tT3)H(+vPSZ%H**O~v#=%`Hg~m%QyG6X?>4<I1&SWVsiCkuU
z%%}x&EmB(G!Ul<g_gfm4yuCRBJGt`k^KWSVb%x_LjP!v#)u=CkMW6y%NTYVM2h0T_
zfHqeIgtFL#1Adk_AG}6waMgVY2@!139l&64y<qASRoHeEQ!z`FGzzC7@;@bV+K#_-
zzHEO>wuejNUBhoSXB@zl0k3%hu7v;fo2F@jfm%kegJC4E1_Q;Ap;5kXwSa7c%QDdu
z19!)tZr=xn#)=EvEB~Fa+;*QNq;1{M`FY~%z~0N}!O!ck1G8E64K&g~vC#9<@uR-`
zstu638V*cbLgsd2CiD*UAk-yY#lMH&^iK6R=NhN};+&#|+%lFsGe9MQAh%x4(b~2^
zS1d2Nu>@1A;}()(D1>`K*2k#?8z~%apo0SphcqPLl_BZQf1Gn?4>Lv@M*uo5q{(#U
z*sr-hSK=0kqJZnogj#uV6xc<4ik1a<rp^o@(NYLzZo_w8C00ZQo>LBN9~nLqUT!eX
zo5AfXSRbcxY38zmN?dR{H5I;`8j%HdurXsnj?u>AQJOJh1DXEgWp&e^Ut)QnPWu<n
zW&`GA?NppGFl-fRA>E@^KA6DH7ee34<~51?@t5x&ic#BjV0XVD1lp|8p2Lx;noT#f
zSNt0JIF(ntMWR%Yck;3Q>9XqzRuj=x-==a@z0ACk&n$QEO*>=j@j^P-#Q9<6r$FUs
zE!x?sFpc5eKg9gbH&Y1cFX{`x`eB<<#<AOFl?3Zm_i6XqG>_H{`<)$JX~>V)Xm@od
zn!M2W>7k1momo3>9B2Uq`Pe{3g?rN-lxtaQ2DxgA>YVJ4tH74}LWEY$_lM3+9KR&g
z{lVx`zaO}RrW5%=v%qVme9G*hhIe*EmV!rpVjG-RRu@%FODX(h%uIO|{w95VvAI4{
zAGd(h(Mf8qMjc*XA09lO0Wc_lPWhH2Z&fB;wisvosv3uJ0Fk@w2?ZC)IFRRr?~ov^
zY#Mv_=K&q8DRI1kk2|>LxBv|gBRL$Ev~v3`MK^^PW#W2F7~J<O)FAJ$C!Cf$Pqca+
zw?HOmXeOl%7W#aGVuc13ZS)(v_IiVgYu619UDsZrPjRQ0DOF6vVq?u*9z~m{4-c8=
z*M2f|uN5EjWiF3v%_bG~+1-|0G}&3rTj;Glx9Amu5Ze2gSrz<c=k?g#<Sa0hx7FrS
zYv5c}oMb@n=Na|9Jf<a>UncS|-;T)AOru=mC9BE#^DCk&!7B0M1FnBvq9XrPsE?H7
z$Bcm&BEO!We5G?KvoqOy4Jfgd$YJX%Cd`~mG4Ur>M~Y|GWo)5?T9$nr!YZGtA?ynw
zApV+Y*1HZ*1|^_ewh+x`EoZMg2d`H){*1w&&G^LhrS4ZDXL6SO?r_cDlJRb|3%Os=
zEVuLoj}&jNT#V|MtDe#;HCz%GR`I)|9(HC!c0Jk%U#^Upuw_)UlMa#l+J_Oos-)j6
zy;zd})c%TWz0bK7UrVe@O(|~Wr@0@x*<Q`Yw-2#0c$n4VuTL`%^E|Bw6|^Tkv#i2`
zK_bO6pkwec7<*(#%u|<rcE!%%wl^{+#7EkHE1NumQLbtvbnj@z-dp5)WZ0*sR!<(~
zeO@6Q$^6~mQ>U48>6tQ-R29GLJ+R_C-fSPa0^jaV_-bL*@lthVJ62TgXf7e{H0`y^
zD1U+nFiJ*M@Rx~lPj<_W4;J=<QGDBHmDfSQ&C>Kc_>+7Fw{mPL_w{Ayj*0hBuf%es
z>+m1#9+7V7Z|s#wXWlZf+q)>@j~N50usj{o=T_k$^zhwrPIaeD6agn!jc=lgG&T)Y
zbmbJ3z_GJF8DDvd$19aG&_<1JYQXp@;nM@6-hFZ)mG9tvyP$X<(ECtd`?S2eLbgot
zMvo1%M*Or>khDi#$RB@QMxs0-7PT#jn6{<98y)XOtnhC46_LE&Q(lYeDeT^7&WxM?
z&W!WQ(cT<-_1xo~4+usM<%wz%aJhS&3qXanFF*Gev*qEVHvZA^Vc6bho|q~B5;a^M
zfN}SFi&+4;Z0*PdK(PbV&dqLfaRkb8?MH+?hl=PpPE;7N*)m?@4mUk`rw%JUs?_9B
zt!w+y&SO&=^s-zwI*v1A<bXptmM^nVPB}Jdd=xrxuW4s$(P|v>o+{!YWL~OR=y<3^
ztt!V(9l10TZaI%fTxalQ=tEwlm-se9MGq#O+#aV@!F;ES!^BH|29^?mkZpn5N$__=
zR6lkUvv<3+$7+P-N8BqO91q||^Jm&kSj^|0x#Wk_?}W9g3r<fA*@-y^-^ylIyAJ=E
z90-`rFrB!}O-;qCxFAB>lR{>2qvLq^qRQcKgrx@njy-kQ?V~h-&Z_&RPMJz~VC(}X
zoxlODezapi1e#LIo1IrzynaCOaoaV()Tzm9;MYPrS^e<FV5!5z^V5D3?kzMw%AX4F
z);WREpxw1U#DIZM_;71>&jbg$SdZ3OA(Qu<hdIAvtE?cJ^b+MbE&eh{g>A_)mS0*(
zCnAw!{@rR?7gwf~a_pDLu!qwHv!{&~nNITV+%k~oFft>=x_(t@yaR7`G1;tF3Cq6*
z;)uJi$hLT4AWxR)8XL!#fxh3Ka<ElvF<>vR9A86_j=#a_7^}<?$EE`FN>A(X?9Q9P
zVWo4{`iHfH0@<51qZRr7rlIe<?lOLH1q}g&YD@6`zl9lDVbmXZjTiCoQ5L^H>ysYw
zd*nmXCVs*>^{C6Xaf7_u14rYiW7N87d)zb;icMdyE%TU=o!FFablZ|&zvy=K&8AXg
zd@pW&kAtEXL>*(M>B_%mZ#tD#{jKr-yzJ>DH9(LC6E#{g8TSc~SYx|*-MW@_+99!0
z_8C>WYz0fY+G;6as{3jaog0gyBw~Zw3p8mAii^Mz(YbGW&lroCKUBcoVcWVSUXT!S
zvB8r+rh%lNr}|DrCAx|ATtNj}Zj~mQ;;_A*Gpk|P+0-8Gx?6&^_*}KN*#xg#+-h`o
zcnBrvPT#%@sgniN`UZ2oy6McG*^XV7xmpSF=~eW@AEBt>vBnk7SzBP&haQQ4oYT#0
z7Lt33hLDd45cFjfZNXe15-A+_(i%bO5g&d#%qKsY@xEEsgh&Yg+epz4t4j@RO!HCp
z&{#FQ6EGPkH=QLBd@JFTtc+aHryQ4VNdaTnP$J1IJ}6_3sa{fZK<@sNFdD6a*jn>%
zvDyh<xidOeZ;v0LA8>_qbbh=<5K((R`3eY?WJy>rta=XR7Zuzoaz|Oam^~zyN>?5r
zl|L;;g#lmKs0yuC51PYxeis?!#-9;}t^B?!cp7z$O^+Pfg#8q5%uD;J(DtSjgDEl&
zG&oFY<g{oc4_F{AsxbZSfv!Ro%b!)_W1zx~>}Jc<QY9Dcq*?OT-qO6J#qP#W{;E4A
zHLo{>2%ykYo7V>A1sNp3eDF&tsva<QP=mJ)?7&+C*M$-`*$G$t$eA8Nu{5j|0t??Q
zLssJhdyPxnzItH{Q<w>6-rods@Oi&ilBtEK;IHWFHOH9HUSWw>Jev>S?1iA6s*3I+
z!CRk4$NC<@=kucqd4$lTv?I)_&Im>Yl1`g5Zf+AbI`QLqM4r~mPfaX~5<G;LldnFV
zR^EOS1vb#MU`DYKuXFDX&iT>PeVx~Al3hm)rB|Ara=6=q^$K?<U*ej*8R4{@HFgrl
z&(;A^x$4d3IFvo@`-MixOm*5W@V9XQO!`EVv(g18Bndam?qosl_k-W-(YPEpSTE6S
zB=F4($!LwE4ml0sb<`AnRm*&W9TSvc^IW-i;FMdrYmIEp`P!OWj&~oy8)=i<$T4nG
zk>_nYjkmO#W(Z9}$V3hd-$_u5znC~1Ks<coE29!i35q=jpigJlisE<m2M5;?$wbbk
z6+^!b=V{knS|4(PhNRyyPCroC+ziG}-(q&d2;rLmCw*qBo`Cp7C|lw768yz^)F<BX
zOo$zDpGV<Q#P$|am43OX<{;=nvlq<<zhmPkhPs7v?B%g}+qBlOI`{O{-uqdm$j)8r
znm@`a?m>-N4O647pE@V0p=?pA=Kh0lYUj*#K~@#}zxql$xFjxfO_}O1l7L-P%_H!t
z8?N@-?}?dZV?@K=;q-2#^vcZ}2*xe~EWvhp_Mt?s;nDH!nvMh2mQhxqc;>**X#_@#
zN_~ij)a@d_n;~-*_C-f!G@=?jm!|k$<8}lX{nM~NLF7$Cwy&J8Y3LdnWsfsB@R#i#
zFWbBrl|bTZnivCpA6{W2yc(7KhEsS};jBgp4jS$)uQ?y-?E1y*_%rf7j}|ghovW<2
zzxE#qNTQNScBSPv$&Xb_HXH+pr09z9TG6lBr*#64TGF^%ziDjhSb#4vgt}6k=Wg?O
zQG@7_f?Xm5LBj@R6V{Ri2^+yjJk(VBO8?M*RYnOI;E-2ehW154^vh2Q%fB(U#m<5?
z0mmG!iNfB(3B2Wx1MZZ*-O@!<wB%t4<Y|<Zo!om9PTS-r;yY;)F-G1DlpRxQcYNV;
zmJddG)Rwklj!VqmyfmIA!_-s6bPJ|jRgoLv%Jb^<{6~S|weaQV&L~)(&W6|!rW6{C
z6i8_>_USyn)s7j4-S@#qMBZ;;>F&U<_MuI@JUHsRDf#ca80&0Q|KzLrx>22IW;3R-
zI8_b4Tj5dV4BkNU1DY(mpfSeNY5JA|B;}!s#iPM%INy_Tf?cnHANoZPODR8X(zc|W
z*=_d9@Gq!X04&RG>UUlLs-2aU2f03ON8qw*12D!b_zR7OZhke2nBA|P%&1n`?6`1u
z@0~@qGoX77G}H;YwMZfIqCC1?`Z9ig%kx`egBy9jKm(duh4;q6#@EoSEk`d)3?DhW
zhytj){RlPEtH1u?OOu-oGd4x5#Eo!g>}4)0<f2!Mm9&L)Y~Rk}k8djLhSr&RG?JAL
znaWVEjeg`OC|ykOf+AUMJ!D<aU+|2Iq=`FF_Dz&%o71K0FID@GudOJ<N*b<kC{I+a
zF1OhEgI1B`0cS?+Qu$&N-cNm(CD#UXm_x27WR}#fuWEY>>XnXGymhhhDwX#yQ&6=h
z+aEGlmVDTW7pz@LpqZ({ey%98X(f+al*sxfaV+?qGZLHs(XVd_v97MM!|#mgK{nS}
zOcsB<o$_%1sK__K_eQuXe#)e#1iWh(L}02k(pJDB<8%U;bBwn+c!W+=JS4X;24(%|
z{-}QV#@&_|*)2f>4I#EJ;Z}u+1j_dD=_U^J;6uq%Dr2R9)yo6mBePklcfOp3u}hf$
zb*fF9|90i91CJu`^^9;q9d&^~QjPgi+3Qj^%S)#<oxM$roA(ZMbZyUrG0AAJxY>2u
z^!oU>RNLa4NQF%Va=rP`UHRmZJfw@#GeJQ-4tC=*-~92s(pXok{)&XQ@BP18s6=C>
zaun4vdAHnuzgLs;fbCWfVmtDvM^vbbtz8R2B@-c2aXWQt@s}_5_sQc7+(V*i?G+wo
zsJ(c}FlBl&c)Eaa%tYd#KNil;N5I4Skhop&CSUqL_Pl;E#yH8wnvMr09>}9ZQL5zK
zLmvd;wi0#vg!ASn_`M8sCP$y)>@mp)S4X;)9x0WLT7F-iI0eD%xY_$)vuJLNR`^~-
zFS%_?$?7uP{`~$j@?o0ixk+EpEw;^fymN6H;HWc9#w4?b-pc6akA}tm7m&nFj$@7!
zT+M(9zb!U|0fCt{Y9^Wg8=eSKaS@5Lx@kZ8bKd@wbA!1G1{5vHsuM3P<SjT_X65XG
zIK(NU6K2*mh8E6y1cad|u^!dghxOT2>-$;jfx1FEp&?A^Fm|U8yPSvq!9NPwVTBjw
zLzW%_Dp8z*Lk7BsyXzR>^3OLc)HLJZ+f`*ksCHL6{aG}{u5sZ-)^dUWm<MU~s%<~B
zxR&F0oe*0=;_OgG<lKP{3s2vbjlPtfVUU=u@B0!5H~Q@Xy`S5ff8aD#Oy#QF7T(99
z<@X!6Y~SWxXYb0W`vvyN-|WrStKBNWHQ%rwWwDKZKY}`V1a!#P&9mKFHbNm};#RFy
z-ca3*Y&X)D8LdY;s9{s8fYN~kb-|@oqLP*`m`UdEJi3+bA{N{8)v_#~{(hTY8H+!~
zj6;vK1Lv7|O$>MaW;foeFOylg$Juj228UJwU+|t{IXyhbDy<hz%m(kDH`lM@Z^lZ;
zuLq!2Np;MYzxc2hQ$Y^zVh#?eY2&>6-L_Qp&_2TysIMgunsG=OP+fnz=P>&jQvRz4
zP{y{(<Go=L_|$x^Bei+^n^@U-C{sM;%nfHnbP6f5<%qjsv%BFVv9@H+@6K?LH9Y9^
zHZJ}UOg%DS=+z~u-mzW8xzZqJjKy3eFWX`RwV3&dOiN?gH#}@4Mh3lBu|NnZPS3)V
zsihNELyQ*!uP9?p<gv;r%SiW%R1kxY`VO$igB!8<E{y9295;qv^8m-U389f38gvNY
zJ7RCrXvdCHEP_DZN@PFCO;j$GZ*pa^X7tC`)iK%(#8UsOxyI!wY$b#kJ_v{t4P+m<
znyC{tE^;rW*IICM<CnKEo*7Rk((y+Nk*HZ+(5eNd5(B4JU7w4hpSjeY=hcxXyd!n^
zx3&F1k~cVd$u#>Q$pN3OeA!nkFhg!mq`YC}#^DxIqv?{R!0m;WlLemGhMjWXlojgu
zK0Em_giSDYGWuHAA89BTbE%Gv-{2_*5~`wZrZEb$YSAMkvQD?r7lSOR`ItVOVNeQ`
z^<!PRK;*8auU$*4Z}@DDYch;G+}_bH-iFc9OJc>-H5;i3IM<Mn7p6HzNOuD@dab>+
zxuD-A^s>>(T|h>~V$%YrtKVQ|3v$#&Ov%uA41Cmu!Npb8Ng6T>R^h(|EAs{N5(aN2
z<WZZg7Ct6^QjHVNH(ibs{o5H8<Yqr^A?Nd^yFJy-ZOq&@0k16_iTo2N=H9R@F_pi7
z*-Vo1YOsgbOG<7cXsb;jejb<<6_)fXG6YR>p<x}a*3J6`uHb;$t8wJ!=eVP8)e<Ob
za~twh&nXiwZi9mI-g1A;UEjO+M>YPWQ1@LrU5A{<IJo>a@cpobSU{)WNVJ&LR<TF-
zaa*sWeZb+`ke7^C*T0GEzn#*j#8odQs<^lN&spQ8Q#K_V<M)5(7!a*)jrjWV{=>-~
zb#?1n$Q1olq;xbB0Tnl5?csG|g1dh~$T#rGpqsxHV{HPWnkvU$ZPW?UoC8lJwRy?d
zbTRi-`+xZ3Pq*!o7*D~*<)N2V$GejCb~}zv)u{jSg5I#{{x77G|LKb7C5YKu`{z0z
z%tdgh@|``W8Y>5mymF8evoO}r(Em>-z3E~r+XNu)1!|9_?Jw}iu>{1vHk$=Yw26M*
z8e86l3aI)EOxesS#;x5`2{>Y+(!`M*>nUc+IYX?du1<QuDK8@@C-E18EwP`JSK<)0
zX5NTCDEKk6H)UjXoBzCWyrQBalLzw%KW=&)8@5A8pD6`14bTh=ZwJoZ*8ay_aQGQ|
zbA^d+7o3_m-bn(ITT6nWSYZwhF(GX_h!Zi>_!r=fASTALo?|sviOTy-^pH(q-pSlw
z>;G%QqT`v(ecUoX!Y^)Z6juG<*O#nhg2<<s74H9n=qAK)6ZQXp^Q0XWaU36hG9dt@
SaPJuNr>AA4S^nTf=>GsQ!~AUk

literal 0
HcmV?d00001

diff --git a/windows/configuration/supported-csp-start-menu-layout-windows.md b/windows/configuration/supported-csp-start-menu-layout-windows.md
new file mode 100644
index 0000000000..6a290c38c7
--- /dev/null
+++ b/windows/configuration/supported-csp-start-menu-layout-windows.md
@@ -0,0 +1,67 @@
+---
+title: Supported CSP policies to customize start menu layout on Windows 11 | Microsoft Docs
+description: See a list of the Policy CSP - Start items that are supported on Windows 11 to customize the Start menu layout.
+ms.assetid: 
+ms.reviewer: 
+manager: dougeby
+ms.author: mandia
+ms.prod: w11
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: mobile
+author: MandiOhlinger
+ms.date: 09/02/2021
+ms.localizationpriority: medium
+---
+
+# Supported configuration service provider (CSP) policies for Windows 11 Start menu layout
+
+**Applies to**:
+
+- Windows 11
+
+The Windows OS exposes CSPs that are used by MDM providers, like Microsoft Endpoint Manager. In an MDM policy, these CSPs are settings that you configure in a policy. When the policy is ready, you deploy the policy to your devices.
+
+This article lists the CSPs that are available to customize the Start menu layout for Windows 11 and later devices. Windows 11 uses the [Policy CSP - Start](../client-management/mdm/policy-csp-start.md).
+
+For more general information, see [Configuration service provider reference](../client-management/mdm/configuration-service-provider-reference.md).
+
+## Existing Windows CSP policies that support Windows 11
+
+- [Start/AllowPinnedFolderDocuments](../client-management/mdm/policy-csp-start.md#start-allowpinnedfolderdocuments)
+- [Start/AllowPinnedFolderDownloads](../client-management/mdm/policy-csp-start.md#start-allowpinnedfolderfileexplorer)
+- [Start/AllowPinnedFolderFileExplorer](../client-management/mdm/policy-csp-start.md#start-allowpinnedfolderhomegroup)
+- [Start/AllowPinnedFolderHomeGroup](../client-management/mdm/policy-csp-start.md#start-allowpinnedfolderhomegroup)
+- [Start/AllowPinnedFolderMusic](../client-management/mdm/policy-csp-start.md#start-allowpinnedfoldermusic)
+- [Start/AllowPinnedFolderNetwork](../client-management/mdm/policy-csp-start.md#start-allowpinnedfoldernetwork)
+- [Start/AllowPinnedFolderPersonalFolder](../client-management/mdm/policy-csp-start.md#start-allowpinnedfolderpersonalfolder)
+- [Start/AllowPinnedFolderPictures](../client-management/mdm/policy-csp-start.md#start-allowpinnedfolderpictures)
+- [Start/AllowPinnedFolderSettings](../client-management/mdm/policy-csp-start.md#start-allowpinnedfoldersettings)
+- [Start/AllowPinnedFolderVideos](../client-management/mdm/policy-csp-start.md#start-allowpinnedfoldervideos)
+- [Start/DisableContextMenus](../client-management/mdm/policy-csp-start.md#start-disablecontextmenus): Doesn't work for Pinned app lists or Recommended app lists. Works for all other apps list.
+- [Start/HideChangeAccountSettings](../client-management/mdm/policy-csp-start.md#start-hidechangeaccountsettings)
+- [Start/HideHibernate](../client-management/mdm/policy-csp-start.md#start-hidehibernate)
+- [Start/HideLock](../client-management/mdm/policy-csp-start.md#start-hidelock)
+- [Start/HidePowerButton](../client-management/mdm/policy-csp-start.md#start-hidepowerbutton)
+- [Start/HideRestart](../client-management/mdm/policy-csp-start.md#start-hiderestart)
+- [Start/HideShutDown](../client-management/mdm/policy-csp-start.md#start-hideshutdown)
+- [Start/HideSignOut](../client-management/mdm/policy-csp-start.md#start-hidesignout)
+- [Start/HideSleep](../client-management/mdm/policy-csp-start.md#start-hidesleep)
+- [Start/HideSwitchAccount](../client-management/mdm/policy-csp-start.md#start-hideswitchaccount)
+- [Start/HideUserTile](../client-management/mdm/policy-csp-start.md#start-hideusertile)
+- [Start/HideRecentJumplists](../client-management/mdm/policy-csp-start.md#start-hiderecentjumplists): Also hides files from the Recommended section.
+
+  Note: Recent JLs never appear in Pinned (because the feature isn’t supported yet)
+
+- [Start/NoPinningToTaskbar](../client-management/mdm/policy-csp-start.md#start-nopinningtotaskbar)
+- Start/ShowOrHideMostUsedApps --> Need CSP link
+
+## Untested policies
+
+- [Start/HideFrequentlyUsedApps]((../client-management/mdm/policy-csp-start.md#start-hidefrequentlyusedapps)): What does this configure on Windows 10? How is it different than ShowOrHideMostUsedApps? 
+
+## Existing CSP policies that don't support Windows 11
+
+- [Start/StartLayout](../client-management/mdm/policy-csp-start.md#start-startlayout)
+- [Start/HideRecentlyAddedApps](../client-management/mdm/policy-csp-start.md#start-hiderecentlyaddedapps)
+- [Start/HideAppList](../client-management/mdm/policy-csp-start.md#start-hideapplist)
diff --git a/windows/configuration/use-json-customize-start-menu-windows.md b/windows/configuration/use-json-customize-start-menu-windows.md
new file mode 100644
index 0000000000..ff779e6965
--- /dev/null
+++ b/windows/configuration/use-json-customize-start-menu-windows.md
@@ -0,0 +1,178 @@
+---
+title: Use JSON to customize start menu layout on Windows 11 | Microsoft Docs
+description: Export start layout to LayoutModification.json that includes pinned apps. Add or remove apps, and use the JSON syntax in an MDM policy to deploy a custom Start menu layout to Windows 11 devices.
+ms.assetid: 
+ms.reviewer: 
+manager: dougeby
+ms.author: mandia
+ms.prod: w11
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: mobile
+author: MandiOhlinger
+ms.date: 09/02/2021
+ms.localizationpriority: medium
+---
+
+# Customize the Start menu layout on Windows 11
+
+**Applies to**:
+
+- Windows 11
+
+> **Looking for consumer information?** [See what's on the Start menu](https://support.microsoft.com/help/17195/windows-10-see-whats-on-the-menu)
+>
+> **Looking for OEM information?** See [Customize the Taskbar](/windows-hardware/customize/desktop/customize-the-windows-11-taskbar) and [Customize the Start layout](/windows-hardware/customize/desktop/customize-the-windows-11-start-menu).
+
+Your organization can deploy a customized Start layout to your Windows 11 devices. Customizing the Start layout is common when you have similar devices used by many users, and on devices that are locked down.
+
+For example, you can create a pinned list that includes a common set of apps, or remove the default pinned apps. As an administrator, you can use this feature to pin Win32 apps, remove default pinned apps, order the app list, and more. 
+
+This article shows you how to export an existing Start menu layout, and use the syntax in a Microsoft Intune MDM policy.
+
+## Before you begin
+
+- Starting with Windows 11, IT administrators use JSON to customize the Start layout.
+
+  In previous Windows versions, IT administrators used an XML file to customize the Start layout. The XML file isn't available on Windows 11 and later. OEMs can use XML and JSON files. If you're an OEM, see [Customize the Start layout](/windows-hardware/customize/desktop/customize-the-windows-11-start-menu).
+
+- It's recommended to use a Mobile Device Management (MDM) provider. MDM providers help manage your devices, and help manage apps on your devices. For Microsoft, that includes using Microsoft Endpoint Manager. Endpoint Manager includes Microsoft Intune, which is a cloud service, and Configuration Manager, which is on-premises.
+
+  In this article, we mention these services. If you're not managing your devices using an MDM provider, the following resources may help you get started:
+
+  - [Microsoft Endpoint Manager overview](/mem/endpoint-manager-overview)
+  - [What is Microsoft Intune](/mem/intune/fundamentals/what-is-intune) and [Microsoft Intune planning guide](/mem/intune/fundamentals/intune-planning-guide)
+  - [What is Configuration Manager?](/mem/configmgr/core/understand/introduction)
+
+## Start menu features and sections
+
+Starting with Windows 11, the Start menu is updated. The apps are shown as a flat list, and users can scroll through multiple pages. There aren't any groups, folders, rows, or columns. It's a more simplified layout:
+
+:::image type="content" source="./images/use-json-customize-start-menu-windows/start-menu-layout.png" alt-text="Sample start menu layout on Windows 11 devices that shows pinned apps, access to all apps, and shows recommended files.":::
+
+The layout has the following areas:
+
+- **Pinned**: This area shows some of the apps that are installed on the devices. You can customize this section using the **ConfigureStartPins** policy, and create a pinned list of apps you want on the devices. You can also remove apps that are pinned by default.
+
+  This article shows you how to use the **ConfigureStartPins** policy.
+
+- **All apps**: Users can select this option to see a list of all the apps on the device. This section can't be customized.
+- **Recommended**: This area shows recent files that have been opened. You can't hide this section, but you can prevent files from showing. The [Start/HideRecentJumplists CSP](../windows/client-management/mdm/policy-csp-start.md#start-hiderecentjumplists) controls this setting, and can be set using an MDM provider, like Microsoft Intune.
+
+  For more information on the Start menu settings you can configure in a Microsoft Intune policy, see [Windows 10 (and newer) device settings to allow or restrict features using Intune](/mem/intune/configuration/device-restrictions-windows-10#start).
+
+### What you need to know
+
+- When you customize the Start layout, you overwrite the entire full layout. Users can't pin, unpin, or uninstall apps from Start. Users can see and open all apps in the **All Apps** view, but they can't pin any apps to Start. A partial Start layout isn't available.
+- On Windows 11 and newer devices, you must create a new JSON file. You can't use a file from a previous OS, such as Windows 10.
+
+## Create the JSON file
+
+On an existing Windows 11 device, use the [Windows PowerShell Export-StartLayout](/powershell/module/startlayout/export-startlayout) cmdlet to export the existing layout to a `LayoutModification.json` file. You can also pin and unpin apps to get the layout you want, and then export the layout.
+
+The JSON file controls the Start menu layout, and lists all the apps that are pinned. You can update the JSON file to:
+
+- Change the order of existing apps. The apps in the JSON file are shown on Start in the same order.
+- Add more apps by entering the app ID.
+
+If you're familiar with creating JSON files, you can create your own `LayoutModification.json` file. But, it's easier and faster to export the layout from an existing device.
+
+### Export an existing Start layout
+
+1. Create a folder to save the `.json` file. For example, create the `C:\Layouts` folder.
+2. On a Windows 11 device, open the Windows PowerShell app.
+3. Run the following cmdlet:
+
+    ```powershell
+    Export-StartLayout -Path "C:\Layouts\LayoutModification.json" 
+    ```
+
+    Be sure to name the file `LayoutModification.json`.
+
+### Get the pinnedList JSON syntax
+
+1. Open the `LayoutModification.json` file in a JSON editor, such as Visual Studio Code. For more information, see [edit JSON with Visual Studio Code](https://code.visualstudio.com/docs/languages/json).
+2. In the file, you see the `pinnedList` section. This section includes all the apps that are pinned. Copy the syntax. You'll use it in the next section.
+
+    In the following example, you see that Microsoft Edge, Microsoft Word, the Microsoft Store app, and Notepad are pinned:
+
+    ```json
+    { 
+      "pinnedList": [ 
+        { "desktopAppId": "MSEdge" }, 
+        { "desktopAppId": "Microsoft.Office.WINWORD.EXE.15" }, 
+        { "packagedAppId": "Microsoft.WindowsStore_8wekyb3d8bbwe!App" }, 
+        { "packagedAppId": "Microsoft.WindowsNotepad_8wekyb3d8bbwe!App" } 
+      ] 
+    } 
+    ```
+
+3. Starting with Windows 11, the **ConfigureStartPins** policy is available. This policy is used by the LayoutModification.json file to add files to the Pinned section. In your JSON syntax, you can add more apps to this section using the following keys:
+
+    ---
+    | Key | Description |
+    | --- | --- |
+    | packagedAppID | Use this option for Universal Windows Platform apps. To pin a UWP app, use the app's AUMID.|
+    | desktopAppID | Use this option for unpackaged Win32 apps. To pin a Win32 app, use the app's AUMID. If the app doesn't have an AUMID, then enter the `desktopAppLink` instead. |
+    | desktopAppLink | Use this option for unpackaged Win32 apps that don't have an associated AUMID. To pin this type of app, use the path to the `.lnk` shortcut that points to the app. |
+
+## Use MDM to create and deploy a pinned list policy
+
+Now that you have the JSON syntax, you're ready to deploy your customized start layout to devices in your organization.
+
+MDM providers can deploy policies to devices managed by the organization, including organization-owned devices, and personal or bring your own device (BYOD).  Using an MDM provider, such as Microsoft Intune, you can deploy a policy that configures the pinned list.
+
+This section shows you how to create a pinned list policy in Microsoft Intune. There isn't a Group Policy to create a pinned list.
+
+### Create a pinned list using a Microsoft Intune policy
+
+To deploy this policy in Microsoft Intune, the devices must be enrolled in Microsoft Intune, and managed by your organization. For more information, see [What is device enrollment in Intune?](/mem/intune/enrollment/device-enrollment).
+
+1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+2. Select **Devices** > **Configuration profiles** > **Create profile**.
+3. Enter the following properties:
+
+    - **Platform**: Select **Windows 10 and later**.
+    - **Profile**: Select **Templates** > **Custom**.
+
+4. Select **Create**.
+5. In **Basics**, enter the following properties:
+
+    - **Name**: Enter a descriptive name for the profile. Name your profiles so you can easily identify them later. For example, a good profile name is **Win11: Custom start layout**.
+    - **Description**: Enter a description for the profile. This setting is optional, and recommended.
+
+6. Select **Next**.
+7. In **Configuration settings** > **OMA-URI**, select **Add**. Add the following properties:
+
+    - **Name**: Enter something like **Configure start pins**.
+    - **Description**: Enter a description for the row. This setting is optional, and recommended.
+    - **OMA-URI**: Enter `./Vendor/MSFT/Policy/Config/Start/ConfigureStartPins`.
+    - **Data type**: Select **String**.
+    - **Value**: Paste the JSON syntax you created or updated in the previous section. For example, enter the following syntax:
+
+      ```json
+      { 
+        "pinnedList": [ 
+          { "desktopAppId": "MSEdge" }, 
+          { "desktopAppId": "Microsoft.Office.WINWORD.EXE.15" }, 
+          { "packagedAppId": "Microsoft.WindowsStore_8wekyb3d8bbwe!App" }, 
+          { "packagedAppId": "Microsoft.WindowsNotepad_8wekyb3d8bbwe!App" } 
+        ] 
+      } 
+      ```
+
+    Your settings look similar to the following settings:
+
+    :::image type="content" source="./images/use-json-customize-start-menu-windows/endpoint-manager-admin-center-custom-oma-uri-start-layout.png" alt-text="Custom OMA-URI settings to customize Start menu layout using pinnedList":::
+
+8. Select **Save** > **Next** to save your changes.
+9. Configure the rest of the policy settings. For more specific information, see [Create a profile with custom settings in Intune](/mem/intune/configuration/custom-settings-configure).
+
+The Windows OS has many CSPs that apply to the Start menu layout. Using an MDM provider, like Intune, you can use these CSPs to customize the layout even more. For a list, see [Supported CSP policies for Windows 11 Start menu layout](supported-csp-start-menu-layout-windows.md).
+
+### Deploy the policy using Microsoft Intune
+
+When the policy is created, you can deploy it now, or deploy it later. Since this policy is a customized Start layout, the policy can be deployed before users sign in the first time. If you use [Windows Autopilot](/mem/autopilot/windows-autopilot) (opens another Microsoft web site), add the pinned list policy to your Windows Autopilot policy.
+
+For more information on assigning policies using Microsoft Intune, see [Assign user and device profiles in Microsoft Intune](/mem/intune/configuration/device-profile-assign).
+

From 3bccda1ffece251c04a97f93ee4ebf5b17783037 Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Thu, 2 Sep 2021 22:11:59 -0400
Subject: [PATCH 081/671] review updates

---
 ...min-center-custom-oma-uri-start-layout.png | Bin 54535 -> 41540 bytes
 .../start-menu-layout.png                     | Bin 112528 -> 102330 bytes
 ...supported-csp-start-menu-layout-windows.md |   2 +-
 .../use-json-customize-start-menu-windows.md  |  10 +++++-----
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/configuration/images/use-json-customize-start-menu-windows/endpoint-manager-admin-center-custom-oma-uri-start-layout.png b/windows/configuration/images/use-json-customize-start-menu-windows/endpoint-manager-admin-center-custom-oma-uri-start-layout.png
index 56c6da08d16aba08aaa3f9f137e29089cf5453e2..cd508b3dea9f0ab49f3bb1a8e03c17d5fb4311a9 100644
GIT binary patch
literal 41540
zcmce;WlUXBm@bSR+_kt%p-3rK++B;il;RYMySqz);!@n*U5dLGr&xjF4u!iqcfRDy
zWPVI;a_>$EY_iWeTh@Bt$JPl~R+K_RCPIdSf<lv#7XJVR1w#S_1?`Op1OC&!N+$z;
zK|6ks5{0UqAo&e;;LJr7M4+H*Vo{!qAz&ZLURv7`3JRa*-w$*;-Va<TsN7{4aS=5)
zgX2ty7w#azpku=5z}i|c95zM2JuB|w%(n9C>ywicgH<F&zqp|0wzjr?2cKJCSI?l$
zDT7_Z^``r&%w@23q~4}C@$rdaBL}l122dbUp$#RxP=mjQvf(8lBA9UTL=22zH*8K=
z1?-9B!$%<hJB(9V4eVi-_~(JW0O{y1F}2dNvi<SQcg9bwli5NqPv&o54-cyr$@_oR
z*49p700-~9gxX;yg@uJx>bE&roX(V)$M*KZ$Q)~S?>fxR&L$=%T3eOUs$}Pc_ed*1
zKFOG|rzR9*U?RfpPi7x2<qCYw-<|ARv;8^uda=r|thhKXUkseXvrDIjT6f>swfC@v
zRluLt*4CWv9N)g8J11U!15}&Afq_43b>`1c?gIk@{RaO|!*0)70>bZ?(=EKj#=#Nf
zD<&$oWYg$2DKwnb@mQ(f_2v5KwSec1%gGGHiRB&jubp8W5_G8q7;ydf#P^IU&>u<h
z2vxMTOUlalY?kbaqLZ_-3^X+8mj6!X78RM>*w~nuY|pn`9?n}E!BQnABoGl3hr|85
zr{+u5#(hOm?_&q~Ja3LK_a|w$s(zJ;LoyQl{1&|gH~RYObZ<{eOG`O9IgO2t6V_hP
z=jP@RRkpskE2~jq|2qLxMMcGT<`Zw;y!jfW`(<w|b!uwr=Ff^;ui>C(xU9RoyR0mG
zrsC;pOI>GYXJ$u-GKJgIfr^+|AdLhQ#reJCeh50@Oo8J*VV5EX68iH&AA`SeTw-E}
z`Rxg`(ADWo!R1VWTtWi&OVq1w?Zbgx6&00`JnVR=z#c?&bb}TXiR|?bUQc&)a;~d`
zY3i1i7Uum{ulo<?tX0Nhp}2T>SZ{?*Oia2uy*+LYo<|lnv1zFj)6#x6DV;w5eJm&_
zkj?w|%(4juz3%SLe-W@6to}6Ia%iDf%DTF|Txqh)PEJmyxjDLHR0)rWDlaZp*3@ij
zXn=UGm1(kujg5~Fj}1{^*DEV4SKDvFRR0VPhK!F#6&DwO8uhvCbXBT-L=(+rqoHv-
z$#}n5sSm-jGGlu(=+J4lH#XWl61sUN$KC!tTU7G;bu}0jtP&CuRGs<xrptC+%=)!=
z_m1RemEYvee0-i;>dei@)9!bMKVou8&o<iX5-H%bu(5K7@*szWhgX7UR8<ul8*BIa
zgTsdp&dv>mA%$64f>?nRh!?(S;o?MGHcQ1S-wWkaVc-+P_`M&T#Krq-J`Sp>sfB&3
z+8@n>5%@c(L>4&zd9gAxxsmH@_h?yNd^}eAI6Ov9gPjVvYWLY6QCCh3gZaaW9j8Lg
z``*4|OWExmr~b^zG}y2bLe;)PLr7Ztv~tOU?hnTg(dh<R1{h@gcZIIU7$+NDcaNw0
z6PXa&l?F$IuYW?x;iJgjg^1>M8^p!+g`$UqhWca15Z_)l9C2p}UM^RE`Q8#Nq5f$%
zzAyCMyLXhS@$of{jp&gB5z*1KSFnxLy?whoJEosL_4rbS(D*q?Nl5fc(l;skZc2h`
z@x(`&I84EaL$9dU>SSqbymkI-5Q$tuRaG@%TlcQEcxQJPn@r~RM8JZB$i{DUrc(^z
zU{B1o^BRFRJUqOlq(qI;`S}S_XFf@3kUN>ii2?^d)<F~hErr#<ZxE``{ZFg&FP~>^
zP0huhKRxCT=Y`Op&O5$l?{5!mfGf7Y8j7Ea!!$SF|NDqhZcryFBNM)q{w;3v^c15P
zDp<SOB0f4gIwoc!M<kHj_9vWWH<tU|CUjU{ZLLE(mo0_2lRT<aIr(Nocd*mJl!&3B
z5HoW{yWS2S7bhnzJ$>JNi?c)EhOiS1oJiaYoROPU49R=9v(5DmPbn#>z@og;QpV-m
zXs;fg00%e-yvQUeZtwCya9Gf+r<+?qx3H2Br}|ZYIEBR1G!>#u)5#i=Av6@z>UXKh
z<b4&WJE~0_;R!CTMli1vv<L~$P<dT{qY_ad`9eTdu}3*RKF*bX-_o-A0kak%OqL86
zZhvNB;pAt9uADm*6Vp))DPJ#q7?m_6qeitzF;2`yLqo>$H4oFK&AD6qiGW8pZC^tX
zO=M+Fd3}9uE_CI@!h~W58mL9S2-T_1&d!_f{H9@PYBnYa#3ABTR8%C2@R_&2XA9AZ
zd4ulws(r~*MuTy>yw0(YS>u~?gs)ONB1)}}Zg-%xY%x(~gfq;))Ep%7ygFDohl-}V
zRmd9Irj>I!UUdf5Axpq>VIG`n!#e@y=p_h?bne|iTYUVqr&5`)TX}i8(f7ti{7M)u
zy`N18^o1=ggdEr`T!NHjBgdOlg^6WMHvIzwy_{y|=7AQ=OFtXkL_rCCLF+!r<a1?V
zXTJc`c(Y1Ag9po|({zLT0-_=#Cnu+*6pB_|6dW8(K@7LMyW4*hnv)~EgkOZW{N*kM
zwf4-Pt={Jm9ibP}4ey3=T43W&`+O~oZgqHwg3nT0UHyiMiO=hfjfdRMCH#5!5_0+p
zMI=T`u2@Yw4@yTz$CiZDn3_`1zsD%QF#i?Uh=_D_wEZc1n4u`;6=gzT`J4`*I#U=3
z{`W{}Rm$YWd-baM;~@H(nq({)S{}RkM8*QFNmtfnII`1Zwty${jhcdjEg0XA7$i1-
zZ;zq~P1#!-8(H4J4zK>%>d|^;r>?FZsZ9^X2~#DDjX7D7mrLpKl9-wbJpqk{Buq!4
z8^rF-<l*7b7lHws6cG_|b#nth9bmg%m(<?AT3RYgMF`EKWm%H<wr8^+Q?*^#L<vJl
zIr8d?LpnPpW&ihYB(m_z%B+}}&z~eDEG=J?P)QX9K3?RSQh`~W4daq^N4C3E^YQ1;
zpW-{<_h2+J_s1Vm_}N=W_Zh`%nwp^@LEVyVE)#zrU#710L(oa-$Y6hX{MEVAr=f9l
za7ai@gnfM6sj;a4#)C0UT{xP;f(&O@05jv{gx4`MG&T|uhG_SNdQ<q+bDbGuwi79?
ziQMPa=H@1pgTwyBpM-6bu-`KUk$DN&2g@Cvw_$^Na9CJapl0Ntfn7RrNVRJ<0-itL
z!O<gfeq~}h-%d_(@ls<2&JHFCNk(GgM{{dAM7)2aJ<xG~A~-bkbh)nR+8U<Xr!NF8
zox^fwEcIR2ykV}*Qng6!Jv8XKvE)K9--X;SOcBoSiWmI2@(T;h%*?nr=59~cq_njO
zM{u!;kpDh>`*u)1_Qo9&oS&cH;d#Ts#l`h5m7isCbaZrj8mqh|Bm{m)-B}$E@q@E^
z!<!@`eEe4L6)x;lJwrnba}r*gZ<Uopr}vmk#N^}zgjmok-v^_h&7;E*5Tq6KnHktH
z>*Gd$xx2X?931#b=NA?R1c^&YOk32CjEt-_eI^z3dX<59CSf*_Hh*DasFA$4f2s*T
zqM?&lR>W=GD?WsI@+Ppy?fL0_e;@*AL}!YhKZ|?(8<SA}{{Bpwm2l~AkeYhe*U5Mn
z6ciNp_VyBrt2Q08WGyTZL;I%Z=dCw#18GX})EMX2*2FY4u9l7Lt1V_s6cj41j}~>c
zwET28j~*R*p4_b$%QckaUTl{gg1OP5{Yy%Ix8I`(hc4ONjHh#(O=dNGe2j6Kn3yek
zc`#qsaymXhmIzMZ_qfAc#lnnw@3<F3`iNs8CNDpBs9v@=k?MGVLCa&AE$FRTt~c)?
zPt^SSbLQ%%$LPqYZFz;ROT!l@HC0t61_r-Z+^(+w@X$_IPj4{F2Jy%ojMhX?Aj0jz
zv>5g?ui$>kU8h$`VIgDM>CqZx3*4r?ALGvMUVvO~c|NG9s2({51#3-qLd*)x(spKM
zg6<=8;A|Ke7|lL?va+;vc5p-(2!zcoub%EQ^p%jH)z&WU2<*#PcJ#Ub#GgIM%E&l3
zJA1TTrx}TILAmM6!NEa9MC8X+PZkMb%&V%x=nSchiBXn3I6j7v-8?y2FS0X)2&+sF
z4Ha8AeU?jk<}w@mb}MNt7T-M|P)AHm_`+u7S5QEEegYR$R#K5WI_w_{IX^|y{0DG#
z!~%ReOmY69?`IOjS0ADP;HEId_-}DI8ZI6{xZ+kh#s3ca0Q=uU_#gY7#i9BD{8t%v
z(P=;@CMA)AkI&7ewApC>LQPHm@qBxL+0hjA4{E6x3rowt7o)7=@&FTou1>FzW_nvw
zfc@*&FUtMYcjlsvm~U8EI(=WBuYS*#m6gSk@)eeq$x+4Mc|D(P^=(CgBHU!R@qE2#
z7~T(+GO8dgjfjRuyXO^T3V>dJC4SBmEiJ8;m6fveQpkmcwRIm?#t}fEC<H8Cc5mPQ
zgX>Bc@0B3sXQ1l)Je?0Nn><|ocDz1RH+j#-whKmY4wJZSjxuV$T<<odlZ1pMEGdvy
z#Sr0}4<<3s_mq^y*&-#{np2ohDCp=}Z$HA*q;uP?OPS{*P(shYW@ZkyW#|JqJlvL)
zG}CgnaO;i1zx%fDn1_vrH{a#!%hn@4H8)qUkj@1S4Q*836MX=xpq?H{%@a~+-}&{m
z?P4YATO?{_L&NN^U+3z~mF(Gds-~_L{1T_P)7lX-;$;i4i(o?orGJ>!_4W1r{rgws
zPfnaN)YN-r&LwGidARpMwr6&mO925eaj8FkNZJojyd{Cj!l{8r?eB9ILCp`6HtBh*
zOdaNLjlhZ!08Va53RGS{vV-5hWni`~!z;?myGyZA3{un61F@>gahXfCR8?Um+pj;e
zur2)f@gpQ8<l*4~;Piy0D%dDK3v4LKb^sI-mRxJ<>*1;nrgFt7@PexSU+J|t1T*~j
zE)^^MDko_3N=sL_4;~5|vfET$4HbWRe(qmZTv;jTenGRdd3;QQi~BVx2@)FU2*0=l
z!0{acdwE4gMQLdO+7Ny%RpnO(SilP}$g*+ps<W805TKX7oFRot6GiWBZk|0{TUYN*
zeFr`NlZTgb@Yk<j(MfrQWdWF43Mm)%ClmBSq<b7rr0<tYQ-Yol(b8H9$DtRFv$3@W
z50Z+Wp4)LxUP);ZJT|ec93~2Vc{-dO=%8xP+mq?(={Wd|S71Z|V1Gw|3_!-JN2wRo
zMX0>6-A_O+($bLG0nePR(B(!$L$j}|udk;-8^Yk>wpW3NhX)YsbPWfLx%^<zpTBK_
z=OH7Ey48lc4c&;>dTBJ$^BUSw{>^V`8dyz=ckeELL=*G59G`)XJM3>Dv~(rt{eb$4
z4JwNBo97VRT$nUQHx~nbd|+v*RhQ3Sv+*>@I($aF^qI=)+8V(dt*O;j5*!>=4Gs9<
z<t|^L3^0L;PQwR_EVR`j5pZd6v?(bm^af4B?m1)C&?)>T{fNq}_EFtmu;`^gDG==4
z7l&~CnlIDr?_=@nG3x*EqqU`_p*>ntMFkpRccDTTl=X^eHys@!i!tQ4py)d}J44+4
z+|G!*P5Zhi$iTob>em%7%gcjdx9m8kHeGLV+&7=h^7fhcz=T3ULE+H@c)P#f6jTHI
z8Spt^YTsbIp+eGx#)c^3+4M<@iNV?kTlVB?H(256;jYFl=!Ai)Q@@9jmzSIS<#KO4
zDhl<CACUdMtu13yQ<`PwlhME*XZKGFvVA5sFfcIP$T)A$SnqIt|Nc!uDGmeU?0oI=
z=jZ+1o$$o#*RMCN{BERgI(n9uTZ)SjZ)AHbq@|_(>bh$vjN-b1UNAR@>ol~nK~4oq
z7JwSUsGDy9Sp^ic+SbSjlZ*^qFp(xQHn*a}*3$BRvj?_$r@LD?Z_M6JOY0Sn>HPdW
zFE4KpUobdjuOR{rpP&w-58>!-g@trWdQ@cmun-93U@<UHO+y1aJIQYay2EoS7tGQr
zvTaIiC`)7%lpaoZI|c$QrFKLA4$zmYd$#N;91%rB>~Cso*_ZtIb*TnIN4i^NWo5&f
z1dR^D8$!d4^*5LOVqttRf<^r={N9MDY-#bR`1o|@<x%B_+5nP5DWFI6wmq7GUk{N4
zeYjglRb9OU0GFY7>iN03oD5|hqG*6d7O1lS6#~yqhu%{POhjS3tLtlHVy~PORzpRA
zI61<XBL7_#8E%p*6!-4a{bdeQHJZWb!SweY1xgo6@LEH-|LhER9#EjM{Le(5|50=K
z@AaYo>o1jIz?J2~+Ubf>rr2S3*V@I}nG~ZMR^DYWJ$%eUia@>~jlW=P;;%@iibUrP
zc+!UR%B`(zAJs~~b%IDh?qkjj&OD}0CUA*BTYb_NRuhe(cgZl4(#(~~>o+<Q?WDf*
zf@VYxkcO}ai^CVaz*fN#zXBERzv^KBt}~tp4-fBXp@PqG&k5A7)Y+mIy-L%;7iLhF
zfXrc3x17Kh;1xa@F8lH0M`2-MclQ>WH`IN<&bLiIzO)kkC@((Cejlr^%7jEcv>~mo
zJ|Bz%=4IOZFTHnfzf0-2INYcIkQ8m>aXQNh3=~UY(YNGCizsCb7f(2TjNH1sPfblV
zTxNs7h!_~GYtn_tDQjrludu+~FH&J%e2*mKtY)O$Qo4Mv;;%UJ1MNtOL}+5yA?#Ig
z7*N@&s;cM%J_M<&s-`E5d}1TIylfedO3OD@^bRy74|uxvORTZlm341@Dje61Ar<;^
zG54D?Fw`sYt*wOx0|Udsd|45gZjU#Aq+-bw3O>+2KAXHk{Q+=U4phRKxxWUgftt5>
zCe4#J7_fj!AP~JqqTZnOqC8a@$)Ydul*wlmTFv`UEDk0pP-&F251d*{N?voY+3$OM
zd$+m#DJ?E$kfEU^y1by~{yg65UDZ-wKD1cH$Re`Xk(kk%X38BP9XLntjt)CU<L?S;
zT4O=d?zftcxu0>Iv*_p%&ZnxBWMs~7F9BNwtw0rU7-@SHMkdA_|MrXPisEtr=1gm}
z*4Ni5DSK$xwPj?G9*iwZN<e>@vXYgPGwiqs&I!mf5f|tAW=WSwh=YSB)njn>90&tD
z&&e@l>R_~KO{6ffv4O!)1K`QQe23RP6*IHGL{#%PY>Lq8sj0Zl&9p-+pfQ*$WsB0q
z;o<fT4I#o|vjbWapOh5rwfSaPMur3(K~YCd?JFiZ2E7Tp_P9J9O~@s-yP2se$J`?5
z3}VErtW2}>^TCf$4tN9vMMXu6pdeyn=jG%;rDP<e!O#a2Lw3i8htDrPlhV>k0rw|R
zG!1@A!9;Wyw3JF1{cG<2Tq(O4-yiWhs&dM8E`R2ALiIP+p_qgOc8)rx6xNjFWa+$q
zVY$ed2%T2b^X6<HUe_DcEm^Ve7vA?5|A^BQ|H*nsn=+s4$?DtZlx%WAH>i{MG=3iL
z&rdDqzkIb@Oxyu8Ju*kJa%o&sB%8OdE}AmE77%D9<;yoQV_XiU@O^88&qOWIVZHeI
zw1v*7u*#stVP^<Sol`wG%Dyk;+SoW(*$xMLdoq)c01FG+#QuI}K$qLD*Poa7r%``2
zYBcW7?&amBVTT7~oQ9j*^|~}k`4T`*401uZitjZwK*L%X91OL<wT}qJAQwe_^|#IS
z#KUvLdZRNiHB}qTkgT;f(~?>*LA$<(Ysme*csvx(*>UQ-^Ye3$2al<k?h|WE>*3*P
zG*mQDfx8Wto9tMNQS@Uv-Dl0>ka=j{@IM_dzw_{Th>21B$;+$!N*a}Y>cQjJwn>$K
z7d$(_!Z;)(s0G1_G+!4MZ)r2IWD%do3nB?b);II{Tx>#Bg$Zv?meDjsyZ6QX!@c5O
zRD(pJ(+A_=*1HMLvI<Ef7+YV;9$!1Vd&?Y~-`BFjc6yzzd!MYeN!3Hc95B!p<;!Ps
z*&a1klvr9qLqB68G4CgBFkxWaCY5Ob)dq&~yc-%8uqo%;b^U`0Vbyk@zeG+@t~MKQ
z-G-(v_a_>BqTrL-sMt$csOyfV19#(9@TTA9rG5e`x&Pq4W3%2th+MCoU#FUr)79R1
z`s4MHki$-Kfn18<t-E5oPiPvy)ztyOJ!4t#xEXmPWD8oG>qALaSJxEeH*P|^CB>R-
zR-3aQuTO=X4>^=chht))ne#qMX`UG|;EptuY38Ip@mOGH5IjeRM<>x>A7S#4ta&<}
zPJiFOGW3O{z&J@OC;$?=21xZtwau~vkJZ#>PbRN(L`+OT;h<R^0Q`W@2|ELDS5;8(
zXKxQaTz3^0s<z-mah=&X7@mVq5R}?(($TT6$2haAtNb@b*_-76I)-A4T8bRXD<}XV
z9;pe2{cFD1vyid9l~VBEG(%!mq{xl${4#6VdVAbemw3+ZurkLfK*$tsAZD{S5)pyE
z8rAVaIrAEfAqAud!Fd$CGZPaE?<Z0J9I;Sz+n+q5YYmN!VElb?a)42&t*spyo~SG-
z36G7eYpOHn;4UjI7Dk(x^ewXf{%8BR^>b3C^&om#a$h42zR0sjPJ&oAQmbsj8L^f1
zQMV;vAT$Amg=YL@1Re*~YlRBLQ+P{Lv$KI|7}wevJKm*brI{p|h@rxuq=`IxuUVmK
zc`4&AK`jai2*7#;XXm6w6FT0{6dWFwCND^RpMJPLZSq_^=?ldOl!H@<4Wsun1#GZL
zDO0DxidLE^av<atum1Y#s%XMC&d`SvTapz_c33nL9aotzZ)+mE`}<#I5HA4<J_rRm
z`uyyyxV&7a#!FjS8S?-?9`#;GLPfD}-tAy`swAk=PsBIXoxSny+$lcxq9FptOIr=9
z*cjMDm-9?1Wu>KI-wqECD|DO4gj}u$A_?4E+{K+kThYhixpI((!NxR%vx19^M}!2W
zPi$WX=J_=*+tkQUqFTJ&YxvgW!b)9w9^sAAz`}<K98<V^IcRq_?spg{C`myZP%#pq
z!A8bTY}rejvTxbe^Yd6O-!V{dm2>|pryv(J%o6|{K)f-IK9JIVPnb^ZCXWv3g^`i*
zjbZ20()q75*NeH5nvcF#-jZi3=p_7z9Zdplu7Q=9=TP<HzP>`)=9Bya0tC!Dt1qGC
zVS$^5$h#=f`V_eA>9n=T1C?cE^KRb@;q2Fw*)c7S4s14nigslP3-ffk-a#KO@hn6+
z9Ji_<h32T^NarQ_Sz+w^SAlrQ?VbxX`EFU3N5h$V9t`L3a0xTd9?+zy7`@fh^8GuX
zBa+JK6f;ci>{uBmQ{n)>U08s>b^k#Os1EHT<_<Z;>aLp{LD1`L^X88(U_lKH4QF-|
z5-tAz(9MWbjsf2yB9QG)JvW<$_hlTGG>vRb95z;nV}j9ByRr?%K2nP_4vj9VX$}q!
zF3!&nh)eZ_hxIf24FLif8XWSaMUOFQ#H>a~*U?_#;_`yxczZjqq+l6%R28));VN2M
z%0Tni(Lo;I!i*+0Dl91Q=3yYJ-9C4ZL*;d6UdQO(KL>6bGBPrSAaLFonXEs3qFugy
zyQ#(S{)!bmjc%T~1+}ILw0og}dAA{`HVMzCP)WSC>_5&bVg@_BzBq=oj8JO*B7yL<
z^t4!Z$Gg8TkdV%&$h^F~gpG0nu!aR;n{Q$i75Q9kVu2VM8{6i2%W}t(;Ei~p^wG?$
z(|M&aAt7NSnI%=w_VD7<sHm7&Qc{wyZX-Vzm)T8uYMExmoU$fDtiPzcdHLu*A(zc7
z_2gEIt$+?s7qLM@1$B-b6;(OwhbzNaQh{32b1Hk)sAz?McSt&lgi}^qf)INwoo^p7
z-0|`81aFhr{jA##?K-mx?T%9K#~UE?=M7E^MX%L(4~`Radt4tUWn^$z?~MT@koxUg
z`;kr<)WG3d+3k((N~K=s>O%?X*V&%j@qc34c-rryqc;1kyxWirZ)r(My4B?6I`hH7
z0d!))_J#|}m!>%Wu^(^#oOBc){js}NK@{Y^_68Hy;s@)m!KQZosOWI_=T-B)^5snz
z{^nCs9Gs)At=zoQ5mR;m*ifRC_4U_!dZ0Z%ux1G@&Mcfv<-*!*bop)!4GqoD<EiZc
z;dE<jYeZHSSfdVq=EBcBF?UY4CiGsgq*~=*eEERpPR#vzsl`!qR4&aIuj%uen#PBd
z#V#Q$*o&l~40$V|g^<dJnA4b}5{eBh->zceB4ob_oIAM1N`u#oj0TNf_xpo>e^r5W
zwJ{<k0U?FJ-J{6JOM`bD1pThjX8mhQwvg?^m2XiVMOeMC5<u;Dj{<o1%CDm6SW={N
zm2n3)4&_{)9*x37VTZ!^v4rEQpat;Y?%Q%dlmHG6^m|ZiUd$w*51e=zkuUZ|R75(d
zi#d>+?tdA+rb4_>IBS6sOn=!zO}x89xsMsTV3PGUpx89dl!_BV849l{tDI$%W8ck;
zCuLw9x(!m6?DjSP0OW#aHX7vLeKi69X_R-n{tpcE|06<#BTKb`1>^5GZuartIbq01
zhS1T23#ZxQ{&&}~!jaB_qth(QAMoUU=Oq{|33S|Fo~;3S0bWvW8yx}`L)93M8h{xx
z<&gG>_>=1MP5*Y1`TEMM2pn(*5mm#5i$|ux4wr|AxNk6n+XHll|7!T3$A(8JN70<o
zb_&u4JQ)j?oB8?<{JOmFWHmfqtzl+*cR4e#L5Lb+I%p^?Au&*bGr0UFnI?*2X45fm
zM%nQ6@_6~X6b8AF4=yIAvYHwVCL+z_GfCX!z=p4o<KEb!>C)<IyTx?xKa~GU<Qc{Q
z;coKISw~*pDKaiUpXT&uOXh$nb`M5LX*pcm8zkv)V2~di6jO?YFurE8wzPaH=tFMS
zQ`FW@tta9P!1Pj7lN}wYH0Theicgg<?CRP`7>Jz66d2ugply4BGi7)0ABq?HdzI*R
z)-APZ&jTnluyzA%-QDk<j~1G2SCW^4DSWZ$=;&CzygFyzL;XQQN0*hAj|(ag|MErU
z@rLyHnDpxE%I6i^W=BsN;>Brbt#Kdx@E!s%N9bv3|2`a5*{(Dm0kaS=HM@;Y+D#N2
z8(SHg1e$5`U^+?cJ1G1}=iLih3=E}DpFZ&r93aQQNj&od>VuAM3kb~c<mC6+U62Pr
zLB6Q4waHmf*U&J_FKTP^R0d|OJ~{>pkPVobnCE8}LQ2y!GH^+7we<DXRSZ5G88Oh)
z(+^9p(gF_`nCWAqle3^%7#CMmfJzHyR&i-5+zXKRlPCA3q$EJ&1Ew%NJuM?61LN!0
z13&tMLg2&<Bc|u_E50Xw`<4T64k_yp8yykJw;?)7)sG*=Y;DoL;@lty!_d-x;-UUp
zT3w7ek(836tMfr8E;~Ct(bmQk6^0O-BqI)Ua`($tyS++Iu)V+X#Zx;!kpg=ATh^+H
zJ5Gj+L54SPrnuR1K5Uc-ZJa4WS`~5V6?~qz-$xGYoV&3ac7Ee@+ym-Z7QZ`;$e9tD
zfESPBUKG-=K?DfAs7Dwws#k|m&(jy7XaSEa29BuNBE=4$zaGDSL<0_Yd%AJk>57pc
zAt~;sdT}^kM)=MrQ@~n7TpW&L6YXeGj5>|a{01nPl+9oILdM2WrGZ29@)(SgNUxB=
z@um0vazA%mn7YOFwzBEA<7lxm`eiqz!FtgTKO!QMVgqq$m8`=9Bufg5ihxo8#v%!?
z8wDTV%Fs|Xh0y6id>@#QU_gPJdw57hM^~uEsGguE88U8W`1DuQP3s#_-LKlMtgRTC
zm=wu`G;~!_-cHH2**}xyL#rSmo^^fsoAyQ>|K~)Dqj_2y5hn*HU?H3w9Kr<@?2PO%
zI{5ilovz&c{A1nS6!d)i$G=qx3G*7`zF`__=tySNmzQ&Ja^i70I5?cFb-+H%<%$jd
zC@h?%SMrMz`8=7$?;iqxqHgB#P!QSm&s7OnZ*wh5U6$YRqnO!VF_;5Rk8n}Q_#PYt
z0`4D+Zl}%lAtx5r)G~4?BQYjswa4`#5XK1!iN&@-kmHX3GL_SD!9Otc;r0}RwDK_R
z5Xh^aMw8J9*@H$QNn66~7F@u8!ew{=^+O@CNdCR=iH(ZNbU-jlMn(pg?K;2pf{jH@
z4%1ZqlFh>OcPTiSo;_w=?$1A0my~@Uu3qzyTmaf$*HE|CVoktNB$vV>n%~@xcmc!*
z3v@E}x!YYivog)so76zNj?HGP5tCZX9#mrEV3!Sx<>ug+nO)@O;&QRvAhY3!$8P1>
zR1zkz9+|U@YqslprYkH2ea~*Ca;<u+j}pH1Qx5*7sjx}$jJL<__0`4UOCQuwZh86G
z*qFTGM)%NAf38A0el8;e!_dSCk&v;d)S@D_RJ7GbE-co|>l`(Wg#{;fcY9@Uyi^p)
z{PaBDGa3p?u*=Tn)3Tqx(9OYencQL}rcC1Bomm*T`;T7f#eOyTXZN7#(yx_N-~>*i
zt}$6?P8}B4)<!Et17Wn)!()mo=OLh2{u|Hq#JYi$)ZokvHW3nH0w5sm?d>#e+}~2u
zMDY-m5N}+7&-PdRplaHJ!(t2cyaaJ}cD!9Y8~n$jY#(;8adKvIxXS`?a1OV+JTS1l
z3~6-$4sKj_N^Bk|>LjF@b870ah6wfTJ(ZQEwRLsW>n|z{xG0V&XQ(>s`%UmvKp!S0
z`B|^#pd3>>^8rOpZri?iUfC1;o1y@)otP{ZanV_*B7`T(bF5QU4ILP~bhj~x0)`j$
zUCPomWwo5HZaR;qrKOC${pLf1^+JWV_sKCKemVplzg`*VBM#MD+?<BkV2Tf0E8+zd
zLgejcyqW8(V`IY;F_>5~RPni_ynK90sqDKT4KV8S$jrw_+>S7X2kPW-yvdFQ2XM`0
za_}DD;l<xUef^rGH5MED#nh2!Gi<2S9S3$GXL$GvkImA;^fawbT3()stv)ll1!&|(
z=8soL1XyIi)KuyhHZRW2^<RPq_@X#8yY|@L4Jc5NJHqUk357rCs1VN;qUi8G&2xt~
znO+QQ-%-$V&~BwOj_;pS5-j=2PI$Z{dWBs-cb{AcXCQql=$*o%i|*USZ1~oELXY;G
zSk^*H90uC(tR#_Yh<uM&9I|?8y;zAx#IL2Oh+f~*H*0;dGfY7vJeehsyXAbi)A;%C
z1EpA~LHixwoW6tv1e0>O2b<!7TH!4dQ{*c(;4jU7P(_PIr6hDCo*Jdb#uSzVDW!l;
zd@PWn+H`0}Mvf526v+>+tTZ?k{F_Hb1%ZhlhfGpabPMtEq0CV+y`vUnnV49IE-ike
z-Ut#^t*vQpaVUNw2(j;3Sh$!u3vxR<+uKn~>#gaV;^HXIj5g2azJ86Uy|5!1v7mE_
zN>EMMIs-E~D9B9|p}xWSgX+Jb*^LwM&SxpUwxLc=My3RhPgoh1fySvtUS3`_AkfOH
zl!=LnimF%F6iFn1fI!k0a`y=I%fS6Fj|&wjU52mt-K1m51afwVrgzbgH(2SVLS=uS
zo>t}OfBW|B6&4w~K=!u-3w2IT3=9l3v~e7IrKx^u^Srz~K<tfEqNCBy#hExcAs#Xy
zxe<wsA{HQaadFXo+3b8tCp~cR_M=GN)88jzBH|^RWFX-9b#+BXM#jf~v6MM4h)e-O
zV7JoGF1yny<314TQ%y(|*#|Bc<w{yw8b}~wkla!4P;?@~xsUEk`M!OH8p@T>@sszb
zrKP2EhX6mnvy=1u{2XZc_lLWq2{SX4eIeSwIxj9RDSPbnA|oN0n^@LXQ3>b4ENyCx
zndp05XEorToEQPOieO$o_iUkp__@kpesK|v{5`Us;{n@1zj%|Q3$zgY6$J|y{)CB*
zO-6hcx;nuH0wHh`?Y~%Jkn#w42R^Q^LqAth_%bsyOB>nR!j7b1lE0kwz*-a~Cokxc
z4FX}4m6hPZy#IjH*%^&7*yHjCr%;!sGPdfwcM1y3?;Pvy?(Pt7J1!kB0aD3b*`Ftr
z@}=~Ri;a1HSe?5C1`7zWgt$mhs=lcx_qaU)<yZPR;5*0+X7l^>n$+oK=s(;XX=-b`
zpPuNS(dhkb1Ev^eIX?%U^smcf!mIdJ=RbSDcXy8-u^+xrVB5QaUi@@)azaLgoe-aD
zY;FAr6g5Z3ODt+h%-GmmcfXIOwx0ythT?#9=k#Y`TzC~1XsxgY2t%{G2<Rk;bWrR_
zC@6_3DXuOqA>X?*1NOKrFLoBh__2aEC;sSCOU5L?Jqw+8x@s!uS9soL0rmaK(Qk1D
zgwS~ZW-ji$Jb5q%6@ws=47OxkSJaD?ia-9yuKm#VX+5Z&ikUouUuI~;sHdUi;O@=u
zi;KNhB0-ko*{oUb1PE9Y8G_DxbHk42N}kRq<wbTBK-GK^e0Eo&{f8O3UGKuM{(a!5
zr)<Gzle*=8X?(^cMtXXwhpRXfxO=|)6c5HfD@{@oB5{*YqIonSibdb^C|(@S&Iv9^
zMG8LXguDP|V!jE>zaH9=;ro0}5b$KXV`@%IOLuX{vjqdpiXocXf~2JHi8$d`F^>PR
zzM)aD6sG0*bZE{0BSw;y(~``*^B<f9CH#$;X43Z&mH&^EoHwzjTQ70YY6CPMCxo0m
zj&Og#)00K@IDx~8i?_qKz5cW)cH>N^dS1c`E+z=Zc<8(z{nwuZMh?JCZ1jg*gM=xB
zB|y|zm?}|vDoyZAw%Y%nh4o*<4R;uTm@sTQ(5@g}6m3OdA;Kk8zY@%z{B=&_Z|6U3
zv)<q+1%iPzPtM)TTT!C9apPuvAv8B=n0;IJVKrQ5thlHN(Bep2T2#_dA~B|_qN6o%
z_BDC(&8x{Br~01Ohet<X(l3IzEyx3aN)1fD;h3sG2HPXs?R-6!(6A?uoD2e%jBEjG
zGfBxGz<}-CL+|sZW<lc$yA-ACuM|Q$_rzMU*SD7oe=-gPhkujb+v*D?7|Y&2-EVT8
zBpVX1{gu5_Ch4pKGCLH@PjJ9T0{AdKUZvnaA`(D0!9==c0=A`qz<7Uuki1WsyuH%j
zr>9MH5TL+*tGsW(?_2r(yI9d|__teWIk`Y&Ap48JZ7l&ZWov88m_!5vhX4@%uBrLx
z^lt!5X|R#72Y>t^diAPakabE;kEGEdQ>2Ln_x*br+<<nu!$kg2XtRWFbCA${?{sEl
zudFQQ-BD4&jD<A+2-INX+*~krLrbN_eQ1pu$pk!h4iAx|rLnJRbCT9>Zzje^3zQjf
z=;i%h(bE?tUk04>0vvy1s|zGoNc7R}D1o_Rw$H=WaOO&r?5Hfr&SB!dYIc|(DIP*J
zG~Ae)QWk>^1SOr{=jrY^b#~I*ivnIJxh@hVnvSRy_%=<Jza)zqZF}PM+wVM$jB)@#
z2bnAcgwWW=RbYNUuHXIxsNaVd7Us0HwTDMX<!-zoK<EU5L$GK-2EX^k4yZJsy?9-n
ziAYNqr?<7OHgRlec6K5mA$2|T!hW{-_!0I=E1MN*bsl6UN*T%ksUsC|*qH{>DH*@p
z`L+a*IT%dY8E|$kvuy7f>=8B@0p_LI(&$QQXy82VaJ@YV-eBeTxjK0EJ`K9#!BA4F
zwoJ%3gsE+HeB}CS-y0O})J%ds{No3FslVy15VT=8%0x%0=wfn;db0TN5U!-=0iV@}
z->108j<@J6s8J7j5-8ul=Y9HAvW2yUf<FdSt{^uH{mJY{lBKS$=4Pz~9eFdey#?m<
z@87@E7!#&~d|DB(nHoaA)2N(claY~;ld~d)t*j>w#%|I3+bUDzrx%nIq$XuHm|d4%
zT{(r71JLlWI5Q4Sgo4cY{iF6gXAV>O;bHBR{b$w0e=Z<pw_<8)`t8Xq0<RKt5*nkq
zj+N}BK}YA0gD3Z#7hDpO)m$+tLPBh(y57Ft?ssv=iSZ>B6?odh&dy5{!^8d>b@tPF
zYi+kAd_E=@JFkPF4_8|*Z%FxEk5^kh|Mei&T~RO7uv=*){c7|SgoKIoTlXRC?c2AF
zE-q8|u+gdPpAIX*tI2s7s&b(44V`M0s9CGnZ0_uxzr5|l=2<&hgl1u3F_Kgy5h5cX
zXma{(2ZAAdPIp5O*GEZ78$ZigVczE#6t%Rq1(JsLf~PO3uRkO37k5)FDJALX_iz0c
zFZZcUN_$@rN<qDqR#Ax`Hqq~L`NPzad~s1ruSC|wWzF10z(e?Wa{^jyFmb2d%QJ}0
z{B5*(Pq}W0q}DQ5KgXiq8jxIXIcqi)M_F6@vNNd8552Fr{bRG;nj@mP*DGt%o$=n?
zeX2pb-EA1ai<~|fO$$roFDFm$4-C68F!Aw`4IqF7Bn4W0#N>Cqd84288TkH%(bNEy
zBIkQ<cKeHn_<#O<Lf*le!!Y%>rm2ZOAP(t??SzbMYR%8b<dzH|5dPIQfjfR5K>tEx
zNOR>NS+Zcb>Y8>@^3i{O>B(qYkD8guOQ}j59YN#u{4h`f5z)C!%0iADX!ZI%g8>T<
z;;ri)j>HeALG);i#E0v#Lg)d1{QRH}erafE5E2uM4Y0gn0MH|7VhYp&fUE$jL!$nm
zt&ODbb9Rk~i~H->b`CK*sWBTNNPyV$EUB^`O|3v)U`d?pk0?JG7<7Wnn--HYmW4J2
zs`7rW;U^mtDqKV$ok~aqkv)`YnzEPF=D~=gPb8$IBcP!vA_r3v5!D-pg*L*%z;?gh
zG#tXbf<0!<2nY-MI(3l41`Cf0Ws8V}9&&>cHp&_m$kG^!;FL-Z<j(!u(!BP7W`pW<
zAXEh$h|&RBA&3|fKeZ0r#Z%9X(9g8`iW9d<tV^G(@$4fG53LTUvFVvvS$*#|x6ZJr
zFD@^sda0A&=$8UBnx)}Q##e?9z#0A);|KL}SZYOmPAH<ByI7T1ihLfAg$0~IP+eIK
z+x=L~WGpT9^#xW5&$>}j(JVOLH}^e1`)m^RvVKt2*Ei6Br}fVe3HrR&j)V*+0PpMj
z(&_!!OB+a=J3QQ@(CPFW_{?x&{>qYwnqNWaw@cqmt2rWq{VQe+L<&<D!Q6j>V~F`_
z8xjlwITNt<rNWo>APg5De=NNV$ZrsKJ8yj;-77!m<mAx7|MQtoBtLzU@aq!7-CSSe
zQx@Aa$(7}A_9gfDQ(e}QiX?L2-p2})8VHN#GkN5<m~)#;NvZ5M)C24Q;4Uk|(ZV&*
zB}zxg%Gx)5Dp89QpiBH@WF(yNHx^nj!gXe0JEY!FK#^%whD-#@tF8!}1be1IPBRWC
zPx#D^&wL+*dw^6Ts_gaH3gWB{{EEzP-q=_aBMegp2>bZ>I4f}0%aD@lFD3UsQwqC*
z#Uz3r*7f=sZDc>IEQ~11@=bYjx)!rYuQUW-0}b=HrKJ<^+FU;zT=zc$D?X*yV+DtR
z@cuoo$av_4s+L7qnKgYiUnmAC43375hRgkogpiQXzRN^>eEh!_aJ4CKv(bq6wR?K{
z_eAE3kurtj&>@H(x_;j9FTc9Jx;<SXCdPq1H;Q4^<H1;)`MlODf{7}CsC6pXF>I0z
zYvltLG*I|*r9(sxa1rhv{f*-K|Gqz%47grxb5&9?HXeQF4Tbv2#RVVeoN)U|{XW7f
zDwNF_Mv}C~Z>Nlvl;pTM*n&)|^lB0&3I0W6ZG8uCY*FFG5~TGMrzqo$hhBiY4vIJM
z5kmw`fR`onMMhqpV>%@^Dyq1o0{RlUCoIg~6(hbmqBWe9*XtmShMvAczfLDc(QYGG
zOxj}T+52(HhAZQ0;g2rBE={$y+xG8u8*SiIp>2WSR^3qJ?BEmx<2NJ5O(5%YH3V8;
zRk!8P=s1YR8d_N~#=m>@X=t^~(Ofy8(RStYS}h@OgR<Kagz;c|#z0pWWyH+J=7YMr
z^W_f(IXNbMfezA@rofr*=wN=4;)kn0D>Wab%n1lE*?`WMGiC2~w1Kj!r=(PMOSat;
z92yj4vsx{pDu<(prsH<e|E2gnCuak<-I~|MU3_MTn1sac1nG)Mwa5*iVJkemAc3x?
zt{&jiJ+H2&R<6?m?53^b?WePzf5C2bO?8ni5oyFzWJPFwoV;QXZ0+3lt}>rAnEL%9
zD}jXwK~-cnrACSb-kQ%vOnK?q>&%$aAxk+Eq0xQug2KX9+cuX96u6bWJ$z=yyn+g}
zEI1236}y~E$RbeI55Ga#6Cff$e$sO!omDGSJs)8q-c3o*%={Y@NJ+Iy8$RS+d^8`P
z>-N3yQSuAA_a)rj@@dFKI!P_!K&Jff!)@RRtrKjU^C>(h$<Oyo=W&~ui;9^!IQl9o
zofhZV2faYb-~<{*>$>tvPZJP2*?E=$;((Y#jw$NBbamUZe?(tiT<BCA<yKab?O=2;
z6_1r^RGrK;9K{C0D`ay00dOo%XlJU?me0a4=xsnJTmP$9?VMLrI0!3PIHc6Ir19~4
z`1q2N2^~|^23^L1NlDisXh*T+eDEz;=OFkXC^)ryjf8>*d6W?EM9A3PjZ873LRutO
z`~t!pNlY4V^lM+u6&t=hZ}vx#yuaAb_Px2f(yMVu3do~6r+5&Mm6LrkxUVqmf{qei
ztX$*g7w8EN=;YtQC{mP{KAtIHq6u7q2@PZpX&f`Dt#8<9QjLT9JQNg;vy~r*$_~dT
z>?D&qJ`QkIXvS8fb+NUds1_j0DMpr`kZziGrzN2ETts?mcSm!(<6_&|h_NteXlVl^
zsMgbf?`Czplnv~%_RoKa&JJ@<F&Yh2<;uJt(E$V7gnMI9n-AhhAn)(!<V1rE^(kZn
zkzWqVCap3Cc(hEoP%aJ69o<u9*6lC+m_E407?Jp_WE>Xui=WpTZI+QqvFtgF39<(f
zy3k5ztKON}H|tG(B-Yinj}dwE2dvF07DuOGrf^d&l!qP&_^J#~_59s$5hauCY*Kg#
z<d6e;O5T&Pzi&IN_`8GR?ux^;zxZSPru{AnSmBClIVX*JN+_GU4O%W|oo!AhsDIxa
z(9SQ+^$!k+O$IDMgeQS4ljv4pX>N@|M$+6JM_(_)1LxOq_D=ePFKV%YW~Bk}0B@NL
zH(sk2`Qy+ppF>M_cr@EC=dAS<{Q9ZROS+K^Ez*g{rk+DS^(~yDIG`{@Qs&E-&x$cf
zJgjtdob&Tj<QZJfhpa-e=>nekZu{5Q&Ql+9H0Ag&KB%ie+Mpz9sHtK3J(cOgf-1qI
zK8Uw*cTer?6ddwna3uuUr`h&)Jqr;IZS9ZL)Ku6%gHPq+bM0)gC_=HQrS2Xc0y>~F
zk5-z<gD-9dSWOY(Z@YWMjHYv}m7Mf@WG7(ECduA9(5N(Gl$4i)NN=Db?{sAkhwJII
z<Laakt3j<3SQrBusXZk~RA74M@*8nWWQ`->;^Xx?H$*i<cNY{_lmtI>YMC~d1<`~4
z_*yB29{xhPSdFcGyWS2OvVG}xbCZBTV=t+|{3ii>x=ptlDu^~%7rGLD)pQz~Tv=QD
zlex9js&VuEPZK2=zYGAaMXtj$wnF?yYi%E0FuQ>Bs;;hqJ&f3W2UKuUUMI|qKoBD}
z(IVP0%c)YLu^9L4B2Wt%iEwp*-6ZgTr=z2VDFULS#hQ5AiA02iSXBWO*iVfMF-F!S
zBcq!Lv^KRsZj{4&V5q(oSiFp67`42vPjjI&!M~%$#6`SUQpGUSlu~r&s}z0Fk$@JY
zXFMAfVU@>r69aX``WJd9r5Yb*IEd=$YU%VgnhvHTOaagO!TI3|By@}N^Tj2_h54U!
z(3DAuh;u0Ye@t1NBEEh)WB&Wb-931BR5OF$-D+qmm%z76xIQs9FQ@Fg*+(>Dc>VTb
z<PA1th{!rM2M2BjRPmEICMxvZQM^h#$W*VjIwO>cBo(+E?zmk2TLlC{gFf3kC9_;y
z+grv7oeR1<2M)|t3&En$PSVC=A_lqOp$*tsd^Rh#wg`J87(O=>8hD}!{MXQrV;Pwe
zr>wa__AGJSGRMReZ@>LC{1H1jF_G{}FU%v5XILsMHWD_wq+nO{dC$xYM6yBP)kthh
zn1QR9u7<#<=G&naxjQo}lU$(5<-OfsN;a<?$*HaoMPuNvZ6^1s3wb`wjgLp4F?Pcu
zVxYiA)6C!qLu=V^AvXL=S?*S=tA|rMX17Ny2&Wz$T7?hN3rDU&MTfSbWx4|9PYb;$
zyU|U-w@<3O|Hr!ugy~kl?lNg~pR$Apj}4Q*?(^(Qsf%<}R^Ifyi4dg={PZy_lmc3r
zpDR?1|KV}0YL*B(dt-@WS|zR~S$EuoJ)GVR6Nyn#JYrAzzSTx|cKu*5ThAo}DLY9U
z&xOzUqsj8<dxMS5@BfTSegS^qR>2R(A@=GIjSWf5D#9Sdg+b>;U!TlAPOR~Pd>1SN
zIt}k9C_RJCqs7g;7f_&PHhcof;h(QBZv%<Z47|9p)^aOEJuHZ8YTouMKm$ykV~ojq
zi%5a?ba=)(H<26xl#`(1m8o=iU6MQA?q3S#$vL1@PFao*Nh7GDh@3HZ^M%L829AuG
z)#VgzP{CI~Tkmdd-CzAqY+qd+8A0}a@tgTDO^*vK4&{#Ak0=QEczD2gD|S5<tYG5D
zBqu-J`hC9@$7lhT?(k;ve_5TKEo<11Pfp(Z^$XS(K@kfdALK&*Cc%33jL_53wYIhR
zjzIOOcN13WcO-)~1%>b4aNzQDwQ=`Z>3lRdmrE(?@}g|5jEHc!L->rcDzl;4xryZN
z;okEav>Yod>z_OklIKv3jg3Hh<!iJHT&L&Zu;=bR=~DspNR!1d;1T{1Wr2{r-fgz$
zg(xaIIv0f)_Z1>U5v)W(K?{^-NdbD}tU<>krV_zcXs74xXCS74b<`%JFwL)9TRrTp
zByq&lhSG@aIn~tFaB*>g$HD&YT|Z$L>}qPl3^v2NE8_LXj_yB!tu-J%4?JoH{xF<X
zf%m+mdQHHi>ZQa)>LQpUJNpwR)(P(!$^|UR$>E8RnSe_*EiJhC?NLey0s<BR3OyBe
zQz2Lp`5AG^l!0;8su>tIOq7(*0?X7EWgF(EE7u6HgZY~9ljl$R!7S&OonR4R1Xz`X
zA@o%3up9BNNC^VpDQIu>0{Z%36rouAH>+F)VkwBb`$2g_rwDMDL7Fm$MA^=!|LSm_
z*oy5OwT4qMMll)<4LB&{i?_R=gt+`!od&B|dLwP1Kd;8+_OSry%PEW<Ofds1KCrUF
zrym7?gC~Ygu89~Lf}Fw?6YwL=#xfuRC#mmz^t(QLYnah}lVjKBXpE4?5KyY-!CWRi
zn0Ea0lM{qPf=IfTMDhaydY|r5uoJQOCsI4yXC(o;0SV#2_po72CwXtxjPm*U!^fa_
zN@*`${$!Ankm!W;DZkFc`E6lcR8&x*)oC-lJuo04G36gvC;Ztiat?VKv6_3$mTjAa
zMXGLo)}1Ga0Up{EUBA_!!xO{>92d${r(84MxssiuMl?$<<tR&-tEj1^aohRmd1V~5
za@heA8`K6KI&zkOLp0hJ5=c#5pR5s&z^_2vvDh<FxK^{x7Ab)BM-yQ6TemDKAv>H`
z4`>V`8e7I&b^Bw%eOr2J=i!LryEGFlKjUz}F<?I#jB1t#Wu3IQIQBTXIQ>B+LqAY`
z7r3>(Et(HE9SnPWyv}L8hkE+BZja2sh%0}!ZZY7{rCAk%PK^Hwm&fje1k(n9jBQ-z
z6x42K|94HM=XnPQ#kW4J2l!Pw9fkUBjR-fVfk!%QzR%uvc46c~#xPg8J$Vz^++Z_b
zf4Wyj9jd;boO966a}4)Iq=J4z`E<1YeGtC7_h?at!L(Shn!rJ;*<w0!e-g;~ND(lK
z*k9D-1chB(Zon|u`Vr8c$@3+n#{zt-1E1pq$CDh5TWrh^F^yY~n(EPLp&W*8g2K+w
zj`#21+eZQ+DIL8b(v1m{cYCobM@=n;5Xyxa^vJ@h#LbC^wh$E)6Y^_rp3@}ndnhXD
zPaU!>A>YqdCMMSA^hjOM?Y#u7Sw)5U#ib=;nP5c@&F4YjP<N+OW})_yx?dgSwzNPv
z?&9J${b7BB(pdzFL^_lC9REs@xIZ%d63A)H=5@yo+U#R|aD`dhf4uETd87Scuqb;d
z9P2!JvL@hh<K*g^A}&LGfO5K4N9++q5oE*V3264L@85>q(St7NI|Zd|-h#3sCOJGb
ze&V}du?eIzzw916bW{xuyN;U*Mw6?ctY3#e&?CN2o%1P2)4$GKbZ*W9YYNWYRiMF_
zJN(mW=~<CpaQx1LS>`-3`k#?={sh{>+?F{jY3m5@<uHIGBM3<w)R{3m73b3boSTCy
zvi>ddBGFxvo}P|Wm6t=|dz4(kq*(#X*??~glc)s)8#kUk+W#6_cc$0%2$-Ft(dk@)
znl#IQmHdFnf9j>8hG_|1cyqQThPS)>&V2m2kekYvO!+G)1e$7JFC`qkkU;L1H7#J5
z6?3AC5OXM!fR*cA8UzL`H<_92db;4=Si<<1fpS$=dsh4=PnRm6kob6)@9X<|>id4g
zo;~h|61y(57heP$&Mmy2-EN7$nMx~y15y&Z*-n>OaQ7J0tgJ7w49HMinkqpF85yg-
zVk%J0nA@<V&DFkvd0xo>^nFo{m|n}?Yb;E0<g@o)WQn(CJ8QcC;cmned?4~<4jlFH
zHO7VmAQd^ubY-J{oZ|9U5K#i0*1I6XrWwotifoB|8gkFtu>bu{BWNJ31QxeQ{~raY
z{_`#V`$dvGxilA~J^RRMjNf27g|Q_ucVb1U5^*_y*IuZ}+@XQYm#g?#gOi}Hu%^5D
zwJNZHp!D!#*ZTi(Ec^fe?F>K4$JV%#yEy`p=QpDMY&&iyq315A*E7}5l>gFOn0OG8
ze3)=~DiQ04Zl)gikpJdtehJYs!jLI-@5;g;UMy1JBB#pJWlyFAVZm7r0KVGV`fyPo
zw?C03;Cr&#;ptjeTMHN9dkysxU_M!Q>Lv$X#O$ZGv$M0>;{6D|2?VHqHfC%ze1cH8
zp8%EvYCf=}C@Sv23T}1v`-e`Brs}Er+3}GvohFw*)6`N+Z<0-K+s@qDiMcDmssicW
zZ1}H8G>m+Fy4cA;uj+CBO*j@IYbGJ#t>F@%-DQdp;6>{1U&U?rbFSY4uwq6g=1;X+
zBwUZ%r(I%;|BJP^4637zqBSEBEI{x8!QF$qyUW1|5Zv88cyM=jch`fvySux)Oy|3E
zr|Qm3)l5yz|E@zf-Tn4{*M8R8646`mKple3VqV$M09?b)d(y>)HA@N&jC&~Hn;IAp
z6W^eE=-Q@JQUcnz5g$K)c?0U2tnNU7c*5gyzL58VBxGb@;8Q2wl>JOGJvGHcBI6bM
zG%~W0N2M_Sp6;@(yz$aoCr%NK1AT>d@#xOW3+|PS2O4@N7aIiEdvrj<X6Nz|a97|d
zn;-|}78Z&D$ea$uqt_l_Xa(euP0y`fehZ7!R+np_#X`JU@#m8VEkJPb;n7esR6Awx
zC>9?Gx&uYMre+(b)A`NGVoc}nR8FV6hble5XaF>XKAbLAdU}Y7Rc5SHU6=s$I}rMU
z@MFR2Z3Qs1vAMZH0oETvS@NgO&rs>l4}eJJAK>@&{OsMVy1c+ASXNQ7-lP{;7B=er
z`g~~r1bkY;akyd2mgeS^0mnIlU(Vg>svFQuMGrBtu#k=o<}1<EaByo$<-CXBD&G$;
zL+}0)Gr;!cqf5sB;d==R4$hr4&d<*mYBMzl5PTg$At7hJKVCNS^om^;8V%Kp{~&mP
zITaYK{mH7Lqy$i%)HBNfhl;xZrX%Al&}?yxgozo1&~^uwN+8h3%GjLC{oprHWM@gB
zkO@S3p{1v%1J2&N%gcWbeW348to-$XJcg8?)$9V;BXkN$>T1Y;*UUOE6wd=scRsNU
z!$~8I4Q*O)=$|e-EwmY(r#4+%t~ZmQLMxa4Iy~I1^LP$-x!#W%+&L;PKAiS~-0z#|
zxtYufq**@|3`t}0a7`%JR4G+$av6>Xa6iD0BM?vtXD_CysVS^f*WOM`$YtL1Hwp++
zsBNg>wSD;JY&201sJru}YBdJOb0?*xDivCF>2QDg^+|v57&1F5F1ys|-Jk5wu!=e2
z52$=#c05U}qDu#>)|nbe*fJ>6TnNX%-KB(t4A-A70}l3*(o%C1lOmvtK3BF3NZpNG
z<$S+hld-V1!3f`fT5qg*JY%O|y}k;MYXZp*>XF)&CewSj*epMjMgici?3mK$rQ}15
z=SIiJ!c72m^lpzOR(?7ArrQVb-8x+m#`u6mcVk%yvXnQX|MMU~(b!ft1oB|@Ffk^<
zhrw@1@on-U|Nb1C16ar>sQKMul@v2`$k?@B4nDM^i@^*6(K4Bn3gkNgZ8p$9e{TS!
zzig@+{{e2~=a0TDFWZ^??%p3{06q|c-d|Yw@$nIGtxU?xmj$lN?V|n2m$B7q?eLs}
zct`+j^NZg2+JRL;gTN&{-5-OE&T*|pI~W5fDXAnu^714v=72*7sN3$J%qCFXZja!Z
z|Fz@vMCZ4*2oFB=_Vj$k<e2H0kOK~JI$zt^l2jlX03!oTC2%s{YFh2?>{(R6M-y;L
zKyvZ|elIHp)Qx3@{oP#(O7cHM=RiBue9=laooj4()PL_@i#N1a7YK3M@9=&_LfVW&
z+s!!4@9br3X#@g7Isqn*WpQaqfVeO!xtSyC15<!Vj(4<oEg&22?eBMHWJl`)nJen7
zR>(=Y>x(f`c|N9{UwEDc-aeqh=E<%D1^?OT&=BA!iSKFWPp6gT!Zd?diU<CQhn;*a
z#-^q|XGk?kFg`*;!KR1(>Dc%KU|6|WUnoQYS&z9=wTWS<^IYJ$0(!%NmNCS=D%bFR
z4TXgV00Ax-fZ&^tcER!cF*pv;D1Ai=@#$m%-W9^{{)0ty=kGtyz+D$2E2!^ToBK0T
z+xl*QdVmEaOJO2S<`~He+ay$0RT1#gMMP!;wo?(5&&|O@5<`xTjzInf$y>AiVX&11
zlF3IU3@l{%T}7qYk<pRNPbimv*kBHPciuAsVar+le<>&kK$Mi2IX|4DUcG;~*#nlV
zuSZ*Zdvom`0ON=OC<yBf7m)HM#)W{Ud~@ki?{FNCMiu}5u$>7wNxfNxV&Xg=F8Jl-
zCW27<VVr`#)dG67Utpl`yS#$>6;PD`uP1PyJ|ZC*k$&v?Ak@|04~1Z5X*tLG^S2!v
zpy`*FmkWJ5xa9VHIT+mTw_XE~OW)rD;0mwzH!_*@Mw@L{V`IQJr~)jQe|w;>_Pxgd
zLpoH0<>Du$Gaw&oa+3aZsm_-YKJ2I|0#Wf$HZ1J%TXO0zaQiC)9>>GU;q?Bv$JtsF
z(Kq)gkSMSyF=3qoKLG5*R)Hu3b4gur)OgsNPq>DlhoHQ?j<j@GUED3umjej5jx?x~
zlT%<bmubi9Jn<U{05CH%`-V(KRT6shm7QZ1=u|8$5K~adYihm*e*6r)Z9wK0aZ)fI
zw5rB(EGh=Spuc<Ost+{)==e^5cKtlc$wvGD$f6Vg(L_s&%WY`C4+s+9aBy&dV4~6y
zDYlBDAaS4x!n=_`u+E-=^$LkLJ~tOWsJpkji;amXoy-Jtge@e{D<dfjSh!gjQE(uc
zQ!gU2;sxRYI1mvUyuAtRqcejAa*K<DfgThw3k$utxVX3BVwszhbvIzl3d{jVzQbis
z2|$t_Jz_i_98`FDa-*@N0DCOJf*ELUYe(d>fhL{C0gpu%^#Q=G(wg3g!tE0v-q3;E
zA0Su?5N|glxW)M*y%-6|VwNK6vP#~}=0E^R!M?Z%(2)rVD#pv@Y5yEb<AcB}^A~!2
zbQJ!py9Zz``pEkgfHd0i-X`T01a!oV#q<?-LX#LZa1kQKh&?=Bd0*HN`QL1SRETZS
zh|YJ<yOYJ(A`n+wD>3J{9nKF4C?f4dZ*TqD&{ueS+V>A|0AHhjsOU(9a3TDSqC@Z6
zMGE)uGd%x4=zjo_E`%#%$WlZT07~GL;<wmlx^yxzgI>m1fBjG31^A)=$IQC_|0~G<
zH%WQ_U;ZjTkj@t^4e?mfZMn1KA8(WF@~?jLLJg)~Z1fGUPWK^x`SP#UCfpIqmc~O#
z&MpOjdoij7YV?HRIEZ$LAgSU}%jz>zLdgP&?4JLu0{7^xxQ>-2#DDMyT7D*tRA8Xt
z-|5CLJBv0`N+YBDo-0P4Lx0r9UljPZLxu14b&$tc&L`r5_`fS0=$8k~Ur!%k{RtOe
z>HkkbfU?1`DWftHQs%EyBKY5c=o)~D7VEMa7$4WJwf-1080!a4dn!Ho>yQHRBOEx*
zcZk%b?4DSATD-t=AlqUCu2CR~t|44D7=U@Wyf)nd%>vNvrY9x<VdJg2nM1r0&C3~D
zP0!QQP7O1n*OZzX^}-n_NCkMbtAQs>CUG}VrOY|0^V?7)F+H?Tt9Q3i8g!bvY63Bg
zS2A#NX);c>_Q8Mu8Y6|Clu`r88wv^vAvv0auYfz545D^hI}7{m<wjJM+uik~Hvbz;
zW7uqzd4!GN@-)vq0y2NQ==anm6oQzzLv`07<>*4$>n0~k98FDas0RQp?qU&>G*&Ha
zN#Ts>2b@P^HzpvjG#+jShU&Tqg<rqiH#$7UJ}d*<&*gfHZ=aU|Z`Q_EDE9sI8n@eT
zjZ|fy*+ltOS=>#A?;EAHN%VEs-rR~VE`vM}k13NX^0DRw(1ajG#U6e7lqPslU$TRe
zrEt4NnH={;9xoY1AREs>UkrdJD}jP2Ejm^AeB%R0r;eR+nL4-5R!<0qmlX{%KAD4q
zgWpI8xQ?0mn;;icO=Tres}%$l9c~H+@>%`8`H&<*<Ge{#kiXY%0lF%x8M%TTM1Xj7
z+q`c2^igKr#~pkDankkFGiN0YP>_v2do`Pk(lcoRwQ4dX!{Uza@qi`;2;9JqgOCXD
z%=5630P-!+yUSz}41@=PR9Kmr;|it$;~#MmFTaS$7k>eh{Szs|s2?~ucD8nFoI>Mm
zp#9etX{Z~gRCY~%Srz0Ed@rh%kpnqR5XuekRHCCd9IAI&>G;n>3W%Q%^(dU{_Yhl<
z)I?d#dxb>^T(HZ31ZZfWjt6+H96}<XI1$cM0DRsJR?AP%=NP!Wp1-u@C!a3oMRk~%
z0q+-(dI6xO8nPKYz=xyT4R6etgPjr+J8D3G7^%Au_IzAA0N)F)^yJ}}1rCk7XoPzM
z`Jjo6sTXnM2Ezd?MAN6cSw9l=WSl_GvPTI#{|zAgqND)oP2yk31eN369X<i@&Hc_`
zzW_ikK%rMrP(UV5_QgHws@j$%1acWD4C9pIDzgf6_04rZ9byCnnL1}~q67or54&31
zfh2ySEaE=USKQe-#>|Vm&U|a^;1v)V5gGaL;a8KIXpzVI_BSB8?H3Br*TxvjsHv`3
z{?>v-jEU?_1EgvI)p}{6^FG>N;9iA>UfhR(0mapMy@d=_7EVvkLK6hCdwHk=-q3{w
zRcmFwjK4R4fyG-!B})OE#TkJAF3yA|mG8ubr)=LXRCj9qe5-iH86)foul)_pn&%g%
zLv>x<_07c}i{DqV6tm2;D&@cKE-p?MYsenxfgRsQPvoFJ8d{vgF)I@b(^{kF>hy38
zpomsV3M)B`CfC_FzZ`<dw7I-2O>{0FUGxC=qHk|6>n(J4-tXp_>r1{AgKE@f;v<cY
zqVuTpzyE1IhqN%QA(aGPYcm!eb5=MrA|as_%8}>Dq%n)YHOR@~!we6wv9k{jww-qZ
z?GPqbRzP4O`!#r-c;E+GCmImNFG{pr<|t=)GGN3g=of9*hWPXmS_BU7mP3_#uE6ml
zu)-1Y_vSCx2I<8aFOUNwfbS{P|6N2z_#2Q4!Nd3j$N!BqMh(dSiHahC@m-!Y6@Eg8
z_%!(&9RSgKN*>vO19GK=ck*&nKCvm_F!YfJueCp(i7L}ZM^VUnHtkCcEVHX2?NmVA
zYzq=U^LzvXDBPnX&9FTbh6HJ?c#&Ql>zbXAY}tR%$_|wX+olZV5LWZCe~%NN#xO73
zX;1U>84tYnaF>A<aWGM;aV}DJT#Xlg24TjL8HHbty*0uNxcvl=7sAvyazAWS)e{c%
z14*utvP7O7)Wn8Ap4f;5D~jOA?qZ*Z)u-IZSdBS<&*swNrOA?>bmplvWzR-@*dov3
zyC~{kwwAx!p2JnUA}ZJR6T<*Rlt*H9Qi~hK19d|LWp!8vhSb!^jj5&l)E?+{47wc9
z^@8rZpGFdTj4JFIpPq?`v5bR-jcZ2<Mg@@qrmj<VQ~po3n(QjV{krv#Kb1XS%6t0Y
zl1sL_K54bz$Wj!>76wFWYs4Zw96gpqCQ|N^Y2w)gWEZI$K(tn;5__%hS7?dGGFM%7
z`{aPCW4d3`p?X>1C=gC9l*n!4ak#@`#pU{H3o9k|p6w<g2T)-lX+97dR7wyGkX0RW
z4K0ez)(=<m)F=NQ_qadh@Ve{jPITAOd(6WDr@6%;<b&CFJDad=xG;6ZUt(zX$9}co
zjhL6ZSsS1B)e!u`Ogc)PumEQ?+3sTIR2}X%ot7XxSNSo#1iYk4qOZZz7}5uimutJT
z=6xIkDwG=g$MhXamJ;Hthc~LQ3}=f^m}j@*-eFe*lGuo=7P?g-Ik>Gu#(UQfpFYZd
zc(-*HDBk)T^cnt;(!*18rx-4~>!!(_G)IQXgU#n<7WjY<%y(_WHoB(m$$X!+dKf>R
z8@Xz+2fwTufo2q@GR0$_5i#rD8u*2??vH!Usl?bv+ww<WbS^5<LPV8>*NTjz#XUX1
z&E28!A$_lG`YT%|+*WB`o!{nocpQt?eH<7?5wU*S_N5ki?6fnzt16FB;p}Vie*Mnm
zc^Pj*i-n%nQeVSTcYiVqE+`?qZF4NE-sr%j^B@t2=6{m_3W6Q8tO@-zO>+ueyNYas
ztWL^7jK}X*^48}%x%f+E=DKCQ#YT2Q5gq!gu4)t^SjpM#MLZ2rojdV{eI(B3uO>Hz
zK+*}_(lHGv9i)<$p-D2|Im8zm5*pfE&T}fs7|w~1IEh;6b@t>Nb=aFK%S|m93C8*N
zK&tx*U<Rm?eV}bf5>%RTwtCeWN`VOn+;+xQR#8=Cb-~0T>n}0n#h(q!dEF17UvStR
zj|SRJn(d1t={8!`OvRW?uO&IMOqX2dqhh9AlUJA9UvjO&6$6=w2JoPO%$#=gkAW!9
zl)2gEL6dSg+s8D=TZZDVQ=sAqoy9SFF8u5y;*!Erp#-AAiMT?Ey}S5QBmPN;u+gx(
z-KdWQ(lmk|kX)1IRbMCZuETOah6cB)(~h?50T{;gGzzQ>1B0T3po|vaTSqy6CD48e
z?s_3j^}u}8`1i_I_)Fv@8#4p>ySi)Hc@ee_o+&H)5oN8qXFRTkfqP{o=wlhYUdx*`
zFb3wBn7vtc%GN}5w8;&>k2k5LEX@4lv)V~?%z%Sft!Q6P-BL+|VxtBTIci)7ef&d|
zxhn1xIXlBhiKge;w9o3oLK-qE48gOw^wMA}O&ri*q~AASjVdq!EVFMbOf(J!qSDMO
z?nU6RA52)tfIJyQB78#+?UzXbBQz<L%cjiK>n}HeQO||u7Nb}Tvz*=VlD(@K^!?J(
zTaG-KAPS$c+PJksuEUG-JD<J61!oUt`(UP$_}?C4<Xzt)W_*)jHE7%O@zwDRuvaD8
z?rX!-!2NLGbglcB)O<ic{j7H50;PJ(N~&%?Bm9n$bc)_0z2GHpK1>zYATFG;RUw3*
zp<IvaD5)#t7F16mE`mSwE*)USV622pc-c>CX6g}-jyztGUVVz|DIf7a7BgIWJlmf0
z&9e3RunxK-q(cCu$JY+JI`9o_R?9>Zi5&lzb*&8}Jli1`b+@TU48gzl?~wmhiyqJp
z`7<r2aAiojMc1h_6R*rF`RQHvh${G4_1pvgdYs^Q!rm?`IO!wSqY<FJM_LID3`4it
zy%_&4>1<p{Y<bp`WD_61gE0KNpJxSGvS8JJCRtj+=t5!>ala}P36bj)x#?xSzo=1l
zF6;j8P)S8N{{HqCfDkUmWlx=>)u0H!J3jvwL1R7IOmEC~9c*_JM{I^{nbKbONLPmM
zOvPAEIB!#Ze%nuCsGzl4d5~jzW)Kq+cI;Vf!&afzuGhUSKd2UIY>S$2pwVs*eORu(
zx9)Y@&P;NF!k`JG+ZFTC{@B32e>u7z<^V}{#<g9C{IcZ?hI8@_GJuQZ{g?jajvZP&
zlQU1m9neyX1w~3O4NqgSp=9Wfs>mwY(mmpC?`ZZbO8>UZ%3m$oCWwGMs8N3YMU<K(
zLmnABq4Ry`E8R=>PUVpyzm15oT6cfJTm`LIfTq%8(V{M5DJdD-#o4XfU|o;aC(FSa
zJEL@{;Q1hm@TMx;X`6PN{wQB4w&lcV;gES)2?Zi@bj|*E2AeH96j6ArLQ2UW_x+o8
zW(*3|?4<#Pu_JRT1s0a$2;BCaycliiykGx2`CrO;S#c#fXX`96Twrplpv(Rr@R&(2
zxsBmzB966k!AK5|?~u?2I47eS>Fpp2tp`=VNKE^^U|lHLX7Ub%Hm`oYt>VKRD94*4
z9>=Zk7@w8onSx3!^cVYz!hAv48rX2`#pGudfAX{E8)_^ZWY}e5?*jiv0BI2ZyMsc;
z4*S=iF%WO$r2#8`Ux9p!7G=C5kVSKN^;|UbIa7XF6_${lsVyzus>997Y=XCZSnFOZ
zvI3X~x0+aaCT18aBDK+FUx!b@zp2glizeyaV;)ie_*$bYBYE56>}Zfu>NmBl$%Y&q
z56hkAIBaa@GT-tO_iu^FC`h<z@$;RdzELRd`s3citd=WoFVuO7R?B_L^6{v)Cd;qL
z67A=4dIhvAZcplk$G<Hy36Fllrr>G4uIhDIqcjyWR$x6hrhxFPFCGULSrrfS62^ak
zt#4i3y)(;d%DCb@Tux=HMkzP%D^fYVHnY4!!!6tdnK>G0Uk#istjM{N5}uy+*4hGr
zzl^S;xGoo4b~LptuF{+JET*SaoVNd+%7TPn@2xt6RB8GBAotmE4MDHqta3P4Q$+<O
ziYr!Vm3kgaSMAQvVsTYO<)dzL$kzOd<wH@1j$+vzo9uPpO2>wIb52ZMb!uUy?!)1m
zlPSDg)3R~HitWdi%iB|w7Q~G9_Y+|onv$O+C8vLo`Y3aw{V<>$@fzK)9aYuE!^fZc
zG569qv96EdtkM?UPDbLMWwm#h3OU#k$%n9=?VXh5rZ87V!=BE}0ao3+%3)7aGYs5~
z%No(ISF<=fn++AGEd<D-gjH(`Y6%ink9k6wKtpT&ON2a~tMhx(xl-dTtCRWI3~uvt
zN7Shq#_@cf(qCQwJOY*Q*59M*;Qfuxwit6*1U#>`g;>`+$En&~4MbedR&!e~67gkJ
zmIUHbRd7T1PMzSY1sSdSGT3*p)S-oyIxR<Jh`aGPb$A@k5s%B&dY@xBIYFab)CZ9$
zw&>myd7sO?@9cA6{p-@}R{HJWE}`h3lvl#qkxnte$%!$wZ?>Fu>Q{0F*_7onWvkJ*
zEfKgYMzc3pHzl9s%|RaKBGZvYA@{f(3|5(kWAGSM>fE1ob9olsNp)wY(gG3A(ivxp
zx$4BKbI|mKee(hl5G#?yd-o$}@mR9V8nwU6o*?A<wc6t`u1Hl=Vm56j)>*KBv@;yz
zI*u72QTV`hx2;FjABOWhy--y`>(@<U1f|7;Q&4Z%@BO)@;r?gd-j(qDaOu!e`+oiK
zi~|$`p5~k6{t4=(`{>IaS-+#vA;N0a`9yn}r13|na^WDaNLjw@$cLU%(*e9s|Gw%U
zwKO|VkF)Ym(}MDvd0<=GSHQpC_vzDSVo_0*W>%kG3lXaX3>#&0LyM*S&SOL)GICi4
zSTF*tA=C|F>+aLrhf4NL4@|#-IID+IWN>*_UHa1LE&KG5gGfaa@;bm*_Uu?xXKLQT
zfeCFz(LSxw$#0RH+#w!#iot8@Ah(-SgR+uxfYIJw$paf&xZ1>pM(%p`FBf`wDXC#r
zH!n`qOVfRth9)X2*Ev|66H$}bk{2GXNf9-+&ptRzPOUB}Xeke<ZuN=wc($~y%fhs>
zpkwW%ldCz0zyQI!KnhFy%2;acMRS)C3?E@(mP~=omF$<{cXGiJrMrVauQR?FAXqb6
zG^L>muV$#=u{UoeG<S4^%Q>P!RGvzLSuSD8V2@{j$8{RRKKQVe@(qoBXaDW#Xb2W|
zs6MUrhly=uaXx<XjN=5K8;&rfi;`f0PMc5!IeTbx$BqOC)$3wRpsbdkU2O7H*EH`n
zlYD`Pm&9Al#few{bl1D!zlsq%le`eCm?=Sd&Lf{}c;Dv1v>1y<_K%oug$VxdOBd2U
z(&nY+Y~JfJkmswgnz++iJdUM=Fx0$^w(W@$qjoG+5J+2YDYJs+eUqZmJm80PjX|GS
zax0g%+%QVpp9B?<1tu$B9>oB(zks8~WLx9Z!1Zu{aD3tqFOF7Xjt5BkGr-dzdpA1s
z0kxP~jT|)yJ}x^`j7(S9PA}R(-C-UwR6RYt-Y}%im^ow@k6%X3%NgovG0;XlB0Lr=
z6rw2l#M#$#IXz?!FZs8U^OJZnxfEfM$#F_@N>@gEJws|ruhpD_WmB&}HdE`~7iot&
zbh2pYQWDgQ$Dyk|*RAF9vSTjm$DOsg40`w0y(1A!B@gLKD%_pr|Eh#PLZDl$m(K-1
zWtqqiQ6_fc&?prMZF`RspdW>Ubd)OjvoNtrl;}}cnjOyP1aJ0dC*{K>@~KQ*!V=w_
z*C{tcYLd{hwb(}+kE<bx#?Ke_Ql9o6Q8LE&f}iFj=4fBCGp|H07t{#oNI0~5t1AKy
zOhB*43sSlh3^hyy)RMEmv}*{t<tFYDKtOf}mo@Yo0uGP<Wa4)X3JzflL0y|VeN{_S
z`&f_$XOxQ}Lp5UvG(pjTtfiu<RSwA#y5MYsvWzRvlGx1!I|-&Z$yOOJta$xv<|eEx
z!dd$gldgc(V}s-0l#Jwl^aO8e$@!^CWa*oC`dTF>pRFKK>#pYPkzeTtmkFuKmabBY
zBsN3~v+^+J54>@t6(qSA@XII-IB!cF2OfPFN(DmXNlx_g&(lOB?J5_-+*ddRaTvGe
zBJ#Re&#M@>=X~)Xh8<EIUXPg0T_d5kuO-NpW+oob_Vty_(40;eN-{Jh#cZToO14GC
zd0LN~w?@M$rpQEs*Us_02sb<Nq$0}3U-1@lYHWJvG+Dzq8!-!uW=L1vQ0IG$5{{Se
z=y&|ixsHc*naKj3wGs5oR9SoZ(iIZFMJHk6C8@8fMmrw97}R|X>325f=B^e5kJr*#
zgvQ0jZORG@ORIjfrIIWGqa8OpNyw-n6%=u8Z7#MXNl+EQE61adKCJ$gETc3wE*695
za5=g}ghO{tDr|L;KQFS%$MZUM=Ch<JVYpw*>-d7D(I7}icA0XA4k7JtMmAnrf4VNR
zp9aaI4nlSy0`=9Dl+Y{5XJ}nhOSP?UeGIoID`CjdRx}B_W`gFZ(Z4U-7`j?Y{F8$5
zT0$m`X_+e_?d8B&?L%5fH7YeeFhC_g&CD<ZYICzTGmn!J)XCOXq-HG0U+qAu?`z&A
zV5M!BLT6%a^+cQKk=!nJJU=thD^hpUe-Bdl(!jvlJ-(kGYU1?SK-`5Vmxmj_yfZtc
zq)N)B!w1cY^X^XWW%x_V>vH5!i0gm+h<XmVOBcJ1YuQ~wQD01-Ta=EKlL#T9z~GRl
zQ3Fa(k5TZmMX*n~3L>HdrF}64ph&E6s#8rXF)^Er{_;*XdCu^}EhLeRSCXS=0y5JS
z6({V>jf$pvROn~qS!_;9Wi}^fN2J4QN0*%Kf2tVSu}gfB(euKz%qMkCkW2hVz0Koc
zj@|TyrO4x)UaxssPW(q!Yg0%~8sVw5FPXf(lysd5>=(*9#BKu?YHUK|LY1G6uP!TM
zpOpsu624t5Y$nW}&L(}0R<DTKc4NcpfQ;6UyA72R_D`6<JKD{Y*@ZJU)eM9`(>KyJ
z*Dt**XO1EOG2e!kmX6NyysG<`8~!#oDJaSM;9{0icWu0%nMK_Uk(`~JR}@tgUo8Aw
zUN5pl468Q3;xaPMyLe0yqdzc|{N;#J0+mwuhK$V0SU)$<Xl}N~*XL_svFTEaEUyMO
zHlrkpFeJ(RSlVdaPNP6|jFHu8@IHHWT8raPWk#E$rB0E6VS-82GLAbN2KmPks;VP<
zFmbvjhLP{o0cYpcYCtoVJMXw%E+J*(6%jx|?JIl6b`%dUx4&lgN0NAOg{{>Uy?^ga
zs3%pGO58P|hVe@8+9y&W!{KgIRnZ^O_^qYI$!~Hpm}S94jP$+_y|5c-_*Tredr(U&
zlA#=VZ$d52-fouBn|n&MT->?>E^`?;>Wt60X?}Ct7>a<tLgZ6nRI7H*O8UZM_defg
zRqVdu!N|nHOhbRtGbX)x^a|y`^x!J|k=z!m8{HCnNm)ZA;E2s!#LDg^4vhIvCr}=s
zY|eLdY<@>(g`8ljr+@$bVU{dv-p0a;;@)$*;QM0J5g14I)(a*nKa*dlwbkzF=JDA!
zygS_LS*c?7`=1Jae!=l2#XwjAq3nYsY;yN2B(f{<|F9;4xPM(NZAd(?e=g;B+W)mb
z@~{2#sO&fLR6G^^q`W=@mr@*@!sfHLl<jIb9D9bGe4Rn9?XW{NPeKh1Zn|^NCC0~j
zxb5{fP?GjKSuOgrtg5ATy?GP7<`%yyQRMv^rqnA{URjl281$O-SPL|5{{21+TNsI`
zqvd@Nt!3Q-8rjB9_B?y(1=TfPZ(OUDH{>tU7@}(j5zUV6O1AT|{9b9;TZ+=h2V_-k
zp$WN0lkq(d&T;xRjFt)?r5n@Za5y|#jX?wYrfe9+1s>6azBpU0H0^J(uS(h@1n<CH
zqHjCP#^uAt3g*0)e_q#bVLo#{O!jsK@aDoWF!UZy7N5l|9~kb>1n(09D$RFb`~Dan
zImbj}(j;&%b63``gKzeI85`>WJF%Xgo<S);WG{FK2->)R+is`#-^;g+vVqTbC?_Wt
zaamgQZSe#@X9t^}7-vCxH0MX}TnFB#fuHaricXA;y2uI94;hfHu`15i(`jcy8XY$H
z`4oOhN&OP>d=9s?=NIf4t?3_2^*~Jo2KxM*SMpXM2Df6ZmG(<Fx0t;jPK2ssi$WPB
z=YqfAJY<K>f1^_9eI*PluiwHXq{?Q+fvIB9&)}`z-+JYXPEPXA;z;W8bkT7uiZ<Ab
zxek=klqp57ud9pAiC(9j5+<lJy)MUH^*DN}p@g(k;BO4obRyFvp+Rx;05TatP(+{g
zTs&_N%Q%mvS4L+qQ##)zt)qaDUZ`(ZO?V@6QgaMWQwq6-*bTFwykY33poaR=mgqUJ
zms0xG(DAf(n&doHkparEUtsqH+rZ5lG6b5&2E+a`Vn@5h@-jCiu0HC-#~Rv#@M}_S
zo|3!H$yxep8D9?d8$9~4Q4zNTKeZT9L{RQe%M%R;)(95YqimSA(Q``;7kYK37#mHK
zfcKn`PT^#b;Yjs<|EPvjaVo`-<id9hEdJ_Q6-FmpnKlQo99K)#*A@=yhuO#H%W_}O
zG@jbi?Hmm){l9DBv3dTy?XFph%K#%GE@9H3k^zG{dingtQ?sw!KyvuDg*K61i~Tm+
z37=k)Uah}NK2Bzi#iFE0EGCLzaLO2!iE^Fw;hAWFm4G_*?}o{d=N`z+Qt&XT#ek8e
z^kl7ba?xyK=#V!!p~fgst6kzzXEKo|?PRHmPJ^ZBsm_V0rM*1de7SF|*`gq7+mqN(
z0|R!EfBx=q`b&8Rdn~Q!G;7V2VivZ#szxGaR5dQ|(7Z;2u|$7;J&tR*8gIpM%yfg9
zFk;_#bLnvtlrL<xCXA+Q0`sQpg)1BrK{o{nC7NH1DI?LoS~O2(zibT)ll=h=upr>E
zj!iGl<sBa^@;0S<rQ-+hM%`$Nh92)5F6VFWxP%O)uS=SJD?sm*^s-@|HoaP@dNp6F
z#o@8D&^BToOjnNFsUxdUpB_Ca0iTM#h5XZbSvx4gz%RwEWih)(=tWx$*hh6?I5)%@
zn8QVdf9Kq`u7^yIYVhzhxxChVT(09!Tq&)xC38|_G1qsGo*uF9)4obk5NS;?MxUo&
zQ=~A~rwlC%FOmElx<;K@q7ctlB{)n>ti;+%7OJ>VT3*0JE)uWC5_$4@68Vy$cKFI9
zC@gn(v-t`Y@!8;}2&p~Gk1@A!LHT-AWrA|4`Gnz8fY!dbs){9wSyMhqWU#yt14`&3
z1axeknzlnil3hgZWitAE#|`qoEmpE;i~saW_UCTin!oHx5;?I-D2SOKWI!<oXzWR)
z_+&<`=9}pr&-cOab9AYt)UtMGygJM69-wC9^tEb&7Kt5u@+J5bo&odePB*2KhVBl(
ztx3JBBiGQrP*%Mvzgsjk`$xxM!v4&nN(BaE)qx`Nk$lq<s(Car;=<;eDkYUz6+d3P
z2AxzXuzSD(()W~@?%(3HndOaQ!#!e5I`j$4a&&{aO;z!uHH<T;P(qQYOyrQl2GM9W
zeyt*3%IibifBaiqNyT8B1A^V(jP^!yN{$?=XxJStB-Ca2MSgXJ6;ueT^GDx*pUS(K
z6VFHt9SRO^9a-qPp~P*uxsBPV9^zn8QuY@miV_AU+u2tjF$S9Xl`Xr}spnEL86@>J
z`px)sQD>bZrr+G4%xCEDp&Ru*p1yOpuE+8pW$S$05dxRo`zpX*+nr@_Cz(&K_bQU?
z`Zw6kXSF@uoz05g%on_8(u$a$i%p_b<}V$YA!_ZQqUZZ_v)@xc?yrRtf<xwixUX|k
zlT@&g9S$ABiTDOAwB7=ZnKo{<d)ZY)8S0^7SC?%GsXoyFHn>Fxp7{#Wc%%x;$aB<x
zmu?7=p(gb`QVA3M#HU?Xnue|X_Eua=r)p&30C1JtT!zopo;ve)G}<+HxlT+<(ow{M
zV?j*~K(K&dgI&SNnr@LyOq|N3a$d|qvagY)ZCu!r8?z5d?rmD_&-=|yqIsW1;!_i|
z`4p8vOYQgNGf95U0-B5i6GF@G;MagqLNZN_21gI-_1lhS81<Rz1t!yZggqMBL%tG@
z`%7w9q&fW9$qCE#)yA`jKC~8E|J#hJrWF5Ra{pF|inlZR2B-3c+6*0T^KKzJIjZQ=
z=<vb|2FiLtCreCB2fO#DG&1bbmiyyHkw@PGJABDYe*VYX2ech0_%Vf0cTq8e_^te_
z#JUz-TJ^S}9qpQ2SlTInG06PHfPe-fCLZ79Wc8C?^VB>bwUAn3DLlp%TbuiEojQmw
z@*M$)ecL|9kKv`o1Nw_sVUZ@Mo{81E26#W-{qXU8BEXU7f8S3CH77#FGcb2vc<`iY
z86elAVXoGF2lZ{6)_)Sn-S|tnzxd<73%ARE<w^cQC@&8LKmvm0|0#ps%daomPqZRt
zP2*AM2)Z%!uTew!s;BBZ6c0J-RY>$Fy41EP`BiG74ShdeZm&BXdBL{xZ8FHvaZe*(
ze6LTyT}DE(xqhe#9cpZGlYxrkuY9=8O6Mj6Q(AD#SA<6Px3=qzEohI;4-GKI89?;z
zdm2`wo8U{`u6Ys`4lMAAcVIAJ9lJ!ED6DnuGm(JX8w@9Bs&WD&QaJ9HhW$k1cb2=G
zeFnlf>85T&2T=LNSGI3OwTq8UtzF=w2sY8I@*^KP8poYv*sST!M(MkLoEw1Ram?Kr
zHKelE(~ClA=Vpb<lk0OEKibD%+aDhgFtWxowY|bJygp9GVPqF8q`xv4YOG;<>nrDv
zzPijza}B2G@RT^tcO~h>QGc6m&JG=hVwJ&Rb?=#&q`FU)qAQPCIno6Kvk$S^O=k|G
zh{(pZuBhwf+$9qml;Lri>>m>4i2~o54jaOr1wmIytxji3nmRo*^1Pu~+@_%q=K?~)
zE-R<v+Zd!O;;@6XlF9TsTOsC-f+tPwykCDv=cY2<zxMX~y#!pPb`M7wwyQ}>C)(s_
zzvBhnfXBEMy5cuy(P$SPnz9JI_WT@d%6J}s=kuyH?(w-kdb#Uh|GOid1~qK%A0xW;
zgUISJtdods*GA2vPL%V5lyGsdqGo4CyxCswh@3{SiJ#}&m&y_0#BhG<{xTZJJ-P}t
z>#yHwZ+Oe8eC#c9Aal2K3rzw$y}v2d^wD>RmvPvK5VZRpjr<Iw<&D5RFv!b~O+npe
za$K9hYa3w>RWV;(ke6ht8&)AQn;#_M;qjJTaL_7y-yVuSnprZeVuMzN(P1wxr=`@#
z%?Tp-7DkF@yD)l^eXy#Mvo7_Mw0oZc(>%S|+n<AziM}A{Zz+vfVHw3u$QbEPFbF$i
zc&<u0e=eU(yT%m*G;TMT52Wl`9GHo(H5<;>2u%{dUvx*t)~cLxIbL*>FA}Zbo~}nK
zbo&{zWH4FxEdgHP^QA`n$db)f8o2wnvwlmGG=Yx|;?sK1n>oOYK3_1B1+zoi6MT(X
z<K0g&YRMPA^AId<L&t_#lq=OG3%3(aatTNM`@V2et9`vaJ4!3O#cJKxa?#DfR@QC9
z6w2VRAAKjh)DmEiZ8{F7$-(bZ^>XCKrskHb@R1Ei>{&$Tdoc^jHt+mE4J_nW9iQIZ
zTACf;T^_u{>7r4Ado@`wHMF*1L%=%poZYIY!CpK-YMoT)ZxF5K?$6~Y&hIE;Yb#<&
zA3~--7au>%tc0<jyQ9o!g+8KYAdhe&Jw8;XC-KyqntzlU3IwgyUU7WU(Or<9UBoOJ
zq$qMBnVlF!hkYPv3QAf$3C>O}9f?jo2~B<R39XGSeaU8Zlu*TXdA6?|vXVr<v9&TX
zHa=RIwA-3Wi_hb^S1`ktfK_0yJvx$%W~>gLW>mNi#wxjrwhM9LvXr-^kNNpmz|+Ge
z>LB%S(P5O(iNC{=azMtH0ab;i*0GCe**?#ZY&STJsipWqxGgQg+gz&Y;8>QYhMqWZ
zae4R-2PBa1fX$u$;`&Y{0JFv?&v<l<kAas$aJB<iO_Y<`;ua5vwLlIW&e4*WPD6!+
z-<Q>LN^Un<I^aQ2-rHkA;0};kW?$SqyT$I|c-N;?5|q?fALy!^FC0^bEkYxdk0OYQ
zn`NrKy(u&Q(Sq>3Zu=nsc6~T$_WTK=8Wu1D_GB=m5emwmaa&lnorg_S=jZP%V-She
z1Ulh+x~aJc(-7v>lWN|bnlrg;;biPpyPhhz;fQ~onE91cm{pKNB~ejSBtkM6S;)lr
z*#cI0tZPX%>-HB5YO{A7b58vw)qMOL@4u=>sP=WUfYuP}&Z8jwEK|BCvUcg~Y0)zW
zM@Z#|li(e=in=fMHN;C&4tK{yDgr%yN$)#7$<l#V5dHye&h|7V(J?sICiCf^=|DrK
z*hvDOG2>P6$M@;*FbM5lI{Q<%EpW$;rNyOX$1H0um{=#<9>*pSVqzezjiJ0@TJ9_O
z%lpL|+s#Q%`CmMAtOU)mv#BZHG4W#JzGEmU&qku6U}i-35^-z@I3`;8z5b~Zp|m<h
z_b;DWo!;v$d5Au_i9HEEda3=J=odP$P@0`Qb+d5c_X8nk?_rM7WlNM5v)u^2d~F-$
z8~WBW`Oosd{l)Jd@5zGm9$mf}=bAN3tk<V{crIvmW^vJ#_EEvH`@JPDj^7tLyLbr^
zeMa(Mkc-vGeD5{!n)A0?7hlg_JZqlPNJddto}6eU!uPtEuO+j)g541DN<etZ(;s9I
ziKcibvo$p=^&AP;Z57Gd8a}6r6PJY()s-k*EuOclZN=s*!7LejHM+wEWiOSBiY^_W
z&`IT$7M?PhM0N&^8a4cIowDm==yn1(JbX*`xlP3MtwS{_gVGkf$EUfwn(~Lc*K$^%
zYOg{yctx9rqN2bwU#jcSYK@mMTXSZ6SNpe{1<9qlM*MZZEme4drlwyQw_jn?$h%Jt
z&AeH>8+Q4^$x4^O<1lp6B>CfZw_^;IoGtw5^l)~rmhx@431W6vqh2bF=e1!}v=1{*
z%Og%P2^)>poYkmr#{@269CI~os0{4-kiA)1cZ@!o#A4RD=_`4ikw&3A;0*s*6jt3l
zzo9J>ddQ*Qv%rGh?CX{Mb1U#HI_L-FOLKrB6!x_foY3TqiV-VwlEWcmWldd^#`>UM
z!2N@PlnO=+OPi=H=9F+arT7>X+=3m0=iA<>osm=$huK>M?jA{0!t_8|Lq#I5%hHSR
zG-pN&3jQ6QP~_oI`kiY<_cQ@1Cq<DS8Ma*@i+_dS@FPQA(I%Gi=?qW(N{)DcRNG86
z;;M|f+9a}^#eASb5@>uE2nHo0rxhW^NwrW7+J*ONMh5?IQ4xjXDUcWK7E8Js^A(0w
z5>G4dAYRLuQCe-W-JID>3&AjF!ep42x!yMOIW#%8U3YVceKx=IgF)G}dh1(pt@<nx
zfBJKWEGCs|(v-X3VamJ-7z=i;O%|j;t6G({182qOx1`yCyVPpi*MqbpbzVdzo509R
zhNZ~vf?o5qtYz{FzKkmVgAeT;+%8CGIu&<ei<zVjjvSHKijT&zGC^oYnKqd)R^kx8
zxy;OkqFV1<OI@HIl(1y|omfOz6=OPIXC~#|T<_wRP~3kVZyq#KMj|iv%TNzXRL`1K
zk0DB;EUko|qRQu|A@M^6+Brm~sFs!n*<w8YZ{{jLrshJO5D9$tU%wKa!fC=>daPJ`
zv}BXm$cP8RTv1W19foo*QAk6z+mF@LWwZ6u#E_~j+ES0Zw3KT~P!xtVN1128mX?)h
z6=1NE1$<HCSoE@o(Lt7W={YGHZMYZ4Xw^KGR9>4=&!a7ljY3Dt+gX$Zg>M}g<DqH%
z0>x?-ug><#p-U*NEr^xkP5a2<|AxV=-r8j`*hNd@Xs)lCpf%5RGB$cIe`?LE56{be
zD1X<VGP|$Z?%%L_W&ok-vPkP_T}*#EeM=@G;D@vV6E|4nRlffv-@S7fzHR@BjVL}k
zu`<><)|of_Qg_V3`sAmtC~@ch6&}P&XL~Wn?Rg&h;nC_JE0GaU%-}9iadXT%osK)K
zc&MBIrc<Cwz5zEVFxAoqDyEjc(hU$Iv}?42;)j9c;)tUxFsXUHH@o(#ZLM)TdxCrW
z<^5IsVyx@_Q`Vm+3cbZo!ef(@<Xdr8zWS)~&;%JMC~@<nC94?e+Z_}T*2;q{-jUf0
zb~h)t$1Ikr4K~+vZ3(jDkz7!yIa7TlY54S<F9x<bby)#~;^JT<HwDF9FK6Pqw6e>B
zA<BY9n?34##sa)rsX*EIJSW=;7qrM1hH4#aI?<ne0SIGNS(`;BCUe|e4g(BVL+DuW
zg9Id7tRz;(v@jF}8X5yZXO#ALW#-Gy@DDC(Mpu`D2`TG1yTbU!BjF>3jx}=eelX<K
z!4kpQyuvOMR)2ph<>R#C@|tv4j}pO;<8gtyqaO_Q)v%%z_&+Kj+h_+678IA`ce|cr
zuC_466|@ysrLvbCb219OH~eFP#<Na-Hivj_^tHXcio$!;BwCuGt_C!Oxmy<$2X*gX
zH~nCFUnRp9aSSiIrz26Ra^b>FSVev1>R25`LiOt<VZZxcW4qgv{8!GqQ~^8g2^$fl
z`b(bD(1uU7s5K-!n-~s;7&%30dSvI)B~wa@RFYiKg7L;E@C17wSD2+n=&>d#>=H5J
zfhjTcG?Rq=VEQ`;Vq_3FLG9PL?~f*Y_fL}j<&TfT%_4pI=!W@*B7J)t)f@LrjEy}V
zACikoLasE=&6pb6iwQ%-&KFwjqVHFQ4Cpj+#vS%(nnUk?KcpklMy+sJ&vURDthoKi
z)88P_`lu$jF497NB*N$7B@2R{QvBL~JHy$oqvC4vIS|hJ2oA-`lJlI!IG3<2u8nZe
zA+>p}d2E?X`sGX%`e<zb+W7}UOFOmQd9c#SU5q*Nj=wu?P7)2K{ReU9NU^U%Fo`?`
zEG2GX=ayOe+}84l#p}I)R#;)y^HHJw-EmuzUW+iR{C=Thd$KkL&6;$!=M6cMHb-;g
z<utWRDS^YH7$9#lNS=`1egCO8Mg+qyH{Zn^(w6$qa>maF4L>Km>TA~9ye^e3JN{sE
z<S2N;InG(lzXt{x88uL^1Gbxdcx(lxFQKP~8c}zy-A8o*A<pYgx}bLu0UK<}JDNe2
zVedM+6t-M%uI98MoPh~GqyX=mlRMe6@PMuMgG%m8YP3c)nhU~5$*5FmR_f$g-j-T-
zsaUMkYqlDgSz}B>Fveywy@X!Zd`)M}E-T6doyym1U6#{5pk7cUZ@Ect<fOHm%tzyC
zmhW-6Zn&Bx0+i}Kj{I6|(6)#M5Yjk$A!qHcO$E6W6>JakRME=TD?;{+#zo?%e}L^_
zc{d$~iGIRMVrZP1DZxW+Nq<!n_R0lG>!J<wgQ#VQ7sK@uM&J3b59-mVlq-ON7_&!h
z`zIo0*wei?+!@})B`oeYmDf-aJIv7fjiDIx;a1D7HoL*SW(^sWM_~KY+_7r?q~L{R
z@W`5mK<EZl*g^|1^oS-K{5n2m`%<1hT=|`~#~1cdAr4A9^~B58s*%maMquLXRA`8s
zCy3;bPIh$V{iF>1h%ovldS|)NYOowH%{d13Rl9an?fh7Ik;1FV@e!u4Aou7U6WGE7
zqa~iyf+2qyGDc(*(^a1k_WOt`M4~Jze2kc#q0T84z_?<QDi7UCff(5{JeUNT*h9KB
zM-J}{OzfCgnU_T(x-I_VNs<7`MHWPhPuv<XF*>^w2*;Nf@{!?Ic8Gr;rS^^_9`k+p
zAktxOoJ~$S-4oFT!R3hJE1o@tcBp@$3WT5aL|EgePme$#iil+o2)tEWtyx{Lk5Xrq
zW<NwB1<v*qbnr0PcVT`-PgRP|lk3oDSoqQYzz3-YD;|rcPxDP8SOS@am05l#?(h8b
zC!T_$D3XfoPm6!Q!6v6*iP@vc*JtB56a|%K=0eQ(n^^9EHrHwk!y*?|$77Tf@=;tN
z=4Z(>DafZt?h^V<&G(|?;!uOAkO@$$)i(av_!C!`9)wR2yFsLW`Jy2&enp7)BTD28
zNK0I8Vg>(kDM~0lCZ=FGXl?XEc1qt46$M2kgdCR$u#Y5WZ}j*<no(Rzeot!TsRtsG
z=8q%oF1Ip$#QjTLkSP?i$!8#^967+nCOj%VYEMF9gV_PnVX0vgm|$ye{q!o$&Kr);
zdotv&+U>yThRUnqkZtplKZy{neZ20iXh<OfILC?JY5>;z9kCM5r#}7S^m4cq_bxah
zp){LjX}bU6cqJJOm->VYjFx@>!cG*yjIHd{Fds!gakE}kkT40Bl+T6yC#(#te@YU_
zk?$Sf6+^|M=X>IX{=dpC|2zEm$Vz~<N0qGpPRD;UtA8BS_=fEKgQejXwSU0rKO~Mw
zz*F2baeO*fdD`Z}t_yc><^optydb_-J??OMQ#oH6x2Zu6IhtXlG=W!kL4JYZV{l~L
z%R{=AnB{O!)H*~1&vBe~?2g;B^2&1Ejj}ELUrCXJoair}$}_Jkrjs{)15Tg*qt`}~
zOWQ;(hcu4rvAzvS-nPXmcMc-Fag&1Y-t!X1ibmEjkT9+H1wJ1~IMb~p>z_kaG-W6f
zTXtPjJvy}R{0TYS)lT%meWd&M{a*jl(xf`Q(mgG4{q7-T>}eYsvpjw}3K4`Bo%bCW
zu;}~mn9x?|vl!)pTW!apj4*+DOqKq|q)7cl#Do{u6XB~il$3%OF2|>-(al8%!h8Se
zhpVA>wV3|*o9mrdr<}ws9-fx=oxw*MM$)&J>j#ScPYfEQjo&JdEl(dUE;|dP-T6Ix
z+8jdif#IW$clp<k*|(+o4<`YcDNtT%OqN$CB#7?iw8?DX!gMmCorJvhwRZEl@oi7F
z`e$3MGUIY2+?u8Pt#WO$&@?8q)tJP&kRv-nLZTM-lv*<*k8v_JhAO3~^KsC<KNOEv
zi}g@q2HB6slV##$t|S+aX*$-=0(57ZoF*%YO=kCbA@lC$kYMu7-2g~X-z$T`a<9?u
zS3<_eEGoK2%;8tIcL_XB9DdN|k&T`uNtWyD{eS3&V8`14(;rkdc38}}JdkikEsV<#
z$C;WB+qf}zxLi#8P-)Z8va^+s3}_~5lxJp+C+pzN`A|5GbOR=s#*t$vR=?;K<x@6m
z<MX*SiyPwUNx1Lh;TFNjjipJ8vO!a+>5E*3o%uO|clNt(c<dO1Xji&txSR>4Rp!Iq
ztH=AG>KsPZY=@rjy;azETsA3<TN7Cxg3_?8XRb2?2|>+n11(FYz2V(%^U|bo`qu2o
zj~f_}eugQD#*~=LEldw<gT!kPFpng?lj87LHOi;#t#-^Lk9~O)$ba`{RRa9;>hO5n
z);9(9mM&N=T9l|{WIBf67aI5D`*Z6=5l?;`_J{{ZwIXLv?Q9r!aA!q|6F2WIJi@Jp
z9rn=f{14>vv(KI>__-6y(Q${48K-Qljbj0;#O#pG0oRCzTIwTWcj0!dR=B>5Aajbo
zh)zH1O!cuYO7UpI>&&pCwgyOaT}V=`lp=M)t>A3FPP_Sn44$1WOrc_u$o|j=5M@7u
zN`|`3SwhfIH92(Vps9#(Xf&t2^+Xbbz*A#Eu)mWz$XQi(cJ_u%Q>JWjm6+n&fC(WE
z=6G<QEu=lJd3bN)QDj3Xi2Oh+if6aJ%|C*QEiQA^2Cu&j77q@Y7PoP<U>+DBd|yO(
z>Fg#W=D%t8FP<1HF~YX<fS1-B=MnU8dNWblnjvh2q05kOmN`7tEiccr*k))fDG1V+
zr4mzwBy&R4n{`qd75E=Lp9cIL7M7VSe{IhU-SPrSV!{}5`)2A8qSC)@yk2WljPtl6
z1-nc(Yyy~Bl|>5j!gU5(o2->xf?Z{+oF*uYYb?7b+8jpvmmw8h+t*aWvbBDncm!qo
z<Q~Jk^CSP#u#~7Jtw*Lskvvh6++wmSE5&yf#i$fWD*I(C5Kn)(#u_^F-yvOFW48d(
zd1Ln1q$q-5Z;XPB9`h!tcYBXTK2^g8Gf>A5(B#M~&Bp#6&Kgh{j1}2i&a(1(QV1_9
zayCJwueKWVanJa#fyJjhgMBlNID1&+LkFKIAu~j}r@IeWvstfc;#3jKSM8E(El#T;
zx1sKpRgk%%38}E>;*AoR+V0t;4W72pdR17oV1_o~{F^H1`pMraEnkN)QM_zfQ7YI3
z@&}k_NKlc^$^77jn|8N)o#JMgF@w<sJ)cZY#<Rguf=^}?#gj_McEuzVRFWZ&Tf#k*
zcHO3>q9^Osj<Z8b7Y#bcGN)ICu^f}g4PgKpyEV_k$8Q^*R~9E0rCJ)D4cir0L^G@>
zx2)c-`6V>lL_juNJhrrDtb&U2WyQ65zzg?ZTZDx?m=aI3{FwVF+e*9jnUdjRac>t}
zkpqEVIeK1R1;)*uo1E$C=@x~3OO|zqX$iqeMeB7rpx=`~=ObcUcXbfPZE(QpoK*^j
zoo;X4f~hdP?^CH!yC*@#nRXL~#%DK*YFOSIhxS&_L+Ol6{0wX|En<qGh-%yO5<Dl*
z*Y*&k&8Uw&PGjrA+k?h;xD%HX!MFD>fJCF&{ze`}=W5a&;%wajn%7chnd`~0z)rw*
zyeXlpA;9MUZ1g^9=ZzFKPHWD6pu(9G5k_u?Ot!VRC^;^Wt<Ag8_@+8<q9?s3<0xan
z`8!czWAGK@Ow|7Y@0T03b|&%SG%P`m{(LKY#MGs4+&fP!JT{BizbU*j|1&up&wn-&
zJE;T6`*^sau34!qh?o_ntK04kAWq=;-vTTb)9Ce^FmZ^x97WdJr7gWCJwCI*#$$9x
zU1iNS&NkXg=1#7*s;u~ggyIIdjvd<RD9bXrvTZw9s;e3}n5!qpW!Uu?>7~z)jZYNl
zyNu{=E2CuOWM`yr+p(h&Eipd6j%qo!pKZvCB(FgO)K#^*^>SmEq{gOZH&V2_^>o!%
zl-09t-_}qV9~0lCY%^?dS6Mlgc5O9_^963*JTw*FjA0{@HMNv#3)pt1+@}%b)iXOK
z1imgMnNOKD%T5=3BVNMmCvAWEO|>jEGPBlW<ga78+E7U{LIIZ}qiSbwCaY}Jqo-4O
zdTe@ev)9;(?e!=c=5_|}tz0SORae#;wQ<&Od1{CJ`{40-f-m~uttgGFF?QCazPr*W
zF4Bd3M@VInuIB3Wbz4u3nz5#nt@<ZqrTN~xS>@vn&Gb-}MEr#a>q1Y>I9GY>@EXlO
zKeVdw`N-8tM^7)-mAr)^U|wE3L22yCp=~rI5y*cOT%-#@{s9y;td{&bx<0S`8ycUK
z5fmrKghVCg=NH5V-QRS?uj`1P)Nrsa^6vme1wp<M5=Gz6t#3cOcc1UHhOBB}tf}zV
z4T2((g^hl9Pi|Pd=IrB?LCf~d=xZsRlgTQZ8f%Fcq;CyLP1jWQ-A5b<@+t7~7xEo}
zYt$piXTZl_2!bHUzY7!<1VIo)YM`hf2!bF|14RWvL<snNflw&m^Wc9F6bg78&PNt7
z<ny>(@w!wMNe|W^d(8cd-$-(sDlTqYH21glr3^{TTZBR=O6zY5pln3p2?XL`#I3#O
z0`eqLpM~34x?{=aoKG*1@=d_K<Z(F!txF|c;4I>kymR4SPjgM?+7nkkTxaY(f_~rU
zms2eXv>+714Husr>d8lPV3fozn0By~2ndBlTBu$`L}S#sEe8WXczscPdg;cpM(O+n
z{}d=H2qGf%>Y+zz6*0HA9}5uKfg-=XUS30ProXd{qkz+JV%eCXBTv_g=Ec&sHq-g^
z_m5J67kO!Yf{NFoSwE@B^71kg8(ES$h5>ec{<2>tzbb37ON=A4`)+=gBMHf{uB{$<
zEj(XE*VtH7Jh{u45b(L>MWt+M2mqg1;eC3?vc>b4%%3-T;vDbTB8aO<i_NN*>M(46
z{o_+RR<2yOY{|mS$8VK2eX}hV^4X=8HDA2qrs|4D_S-v8&`_RueEX)=%a$&hJ%8Kz
zM@=6r(=6aL7v)#N1%tdsJvp~*`ESdYEm^hxa8j9Q$ua?>s;si<gEMm~i%S3B7h^_I
zL6DE5t51G%{zdCvV^hwH<N_Irc*w1~g~u-gT>s)>w)JsQm0sO?SX$UA(wO%z9WHKo
zYn0`bv|KG|FGBMO3nZ+HNX=0S4@(eDISIk~)QD_lM>8F}uA}=n>WJh1HiRkOTLK$w
zR&U+A=fJ^Jr}zKZ)&RT$zg;^*^F`B(NsGGBvv-n}S8Uw5bLVEO!fW>e(*I6ltfXZ(
zdCBT+yY}qazeO(cYDnoPSGQ!>C!D*NF@M#TojZ4pb!HsB5&GXAa*NZnAm0(6nWlw8
zl~va@(o$AX*EP{sr8VRRCsFK8OP<O*^)*o!e^|(G@ZPtVWZ$N&SYgnpj=ZvD-<Vn}
zQ!UY4T8tWhpL<W9`6d@M8JU|lW&}o8k!$0g-i~Q>ZevX5Hb%U-ckjuo#Eb$3U2`oZ
zSunc|`LW)2z5Rk>dCGc5S}G)xOif;__q}_5!I8xc6cbZ@s(|(C&XEVtlFFLus|wgD
zNiY0gM;4b?7gaUb+E|HnjZCF8lJEM~_3rB|PZs1oJ{%(JPD+e$_+fx9U8W-X?u}%f
zaihCd#J@^qs~fA)>r!3@WeF)YvA6C%N-buanH$SdMSfO8Nvij)n*lKyG<EGb|L~5(
ze$b|p1sq1~>nHagKZ{7prK#!bs>volzaPifv(%CYBN=<^N-R&`N>7O-YzVw`lV@zF
z#IN>$bo=3p!0d90wXJU2)AQ8^KlX7olciE=G#Zscj(u|Iwohz+eSKkOwP{;h1sP6y
zr0=~4k3wV9xHL@z9aZr8L?z7N)MmW8n^4!@##pAY_}Tqi&t8UA%P5%{Xj49L3TqSZ
z1eUfL@`DqdCeO|b%Ahz|QPKjlg;qwQnGTBLUOvqwI~uEj%MkPIZi&3LfeNK6EBw|?
z@38o6d3{SAWm#@>#j~iqfn7RL$)wcRH(un(l1pC4HfUSv5WXEV_}+E4mQ`)SYreG`
zDZ~H9gXfu*JTr46ISPqHrqE=m6beO_rjQ%$C*QW071R?Uzbqs2&Ye3UDMd=kase-M
z`%mbpP@nD>Ry}A?4|zG7fLZ91BpBM&o}C~3Do3ZIQI+@Y`(dfY8U`lniZl?)z}vy?
zdUuHQx%=c*coR+2L|3gU`T4_mzOAJe^kAyuZaj(MTU+VD-N*?1J)3W0pe9?K9D4iC
z-LRx$Wj#}^_h!fWMx-)L3wkODBEqmuM=MPQJ$ujgCU53LR5ThoxT9}S64A&S@?suV
zx%KO$M;JFoRaQV`j*L)7z^pjBZjMj7jI+C!A-$xwkzbV=a`D8`3d7!0e(XSHmK|R*
z`&x8;M^{%ZPTH2`3!)1f8}cJ(u02CCap`EQU67s67Yd3(F3ntZl&xv!>SUFAfA5-o
zci94prG0x{y1b=RM;B+awr$%QXezaB@8)bLns-YK*{V|yr858WTCNPQ*2g=)%ZS0f
zw2EWX%VmV@<cLh|o;@{aGGKAyibb91hU}o<&z`sz&vbUN&wIH4(8E~hE^{g)H~hA_
zR^8s!TI1Q_{VBv70DkkmgG&!S&$I2|Wu;WPZ}nRLd<KP?bmeY18?Lvp^!NLBp4<pz
z3uO3}X_ud+Q)Jm!*3XV_()MWIrY0=2UWV#EYI?!F!{?qxRn|#nkkq$uHC3b=+jn$#
zwUQ^XgD$Mud?nPRt-F(<%$1$1Z$=eBnuhGaGp8@t8F!i7-&NR{zis8(_y+w>?hc7p
zwjA}(|FCnf*JGA`)AJW$Nr^#sE`*SKc{)&J*ca~yh+lLGB782MIrX9n3dyX$_c(>3
zCQ}=Gb;YL3D%LJ`noYYG&J8K%Nb(eN^McOry%^WQ!AODEc=EC@L%f4m7;^S*v@8vD
zl$-8<=59K_efzeB{wG(S2oNvoFK8$&&dy8?xN|&*=I&{z0#Rj2kJfDcUDmu~2V<FA
zhtE`qy%#x6S7)u#;}0XUQzEWkc`^9MPU7WnWNHc{4n55<Yv-y_AGT`i$x0$qX4Rcz
z=c|+~J6NmV-nH&#Vzn}b@!-<kDi+-OhL`6b+<bDKA-eVDFD^Y}k!bnhx7Hnhq;KzO
zuU5Eq{rUp&RMY<~C@Ki@DM;q70}BHmrq+vWOr&o>=P5(<-k%PUmwaPWs?peui+=KQ
zbL~5Lf{iY86`3UK-hJ)06y<3J;ZH-=e%!QdhKGm8(5Y*d{%CUdMO;I5VXdr1_ipYU
zeTV(@qbHeNbLmphh*i5M4({pEt?%kR`?d2Pq}6lG99{I}6wKPRcXGCD)7C{-Q`y0#
zqm#Ww%NOq?-L`Iq4OwM1?CKJKzGEi`gD(B8Q=?NkOh#BHtFMRcyUklb)pMLbZlJ42
zpDA<4#>6EHg^X9b_A3rtI&EmrPF)8qSTlpr)B2?A50XuGt)17y!?o|IxhsFMK6}hx
zzhh^)#1|C|VNG$GQty#Q{Lm&AuP7~E=-$^*t~@=9?BeOssdLYHTYu66IX3IFW!GYb
zw7b78U3B7UJVzj-XV<|*QQowTYx@ok<l>;yj|HpNuk6>^t=qs!>wg=0=lDbMdvKwO
zr9)>ceMLGgJLEyL%Y<dq2DrI(pD}Mr;N=%}q6F_i;_($|g6P*Td;??nDq3=6ftsG3
zMp0ZM{9gRr$_fqlhLDU>UUPj8SKrW9rvAvuSN(q5GOU+Z_n}kf^;Zh;lXMr#;~($5
zT`+syYFk}JlXmW==}+QHc<{@{`uJ(}o?@g5cd@=kb-?l|L)|^QEn2aN>US==3~V>Q
zATreF$<rs{8A1iBP$-ZQ);v9Qwdc$gKlSx;>oIcvqOodk+y*5jdTy+r&kO(jW_dY^
zqz<v<WS7kt-^JZ+#ILJ+QIhV&iI&rBXp(6=e)iaYT|D}Y{B5e&y%WzlmYv$s5(+CB
zoSNdN%Dp=o3ksT8oZ|FIp@*%0<HIvg#xMNshwh!a4_i2?gZzv15AW084T=had=k30
z#aO$Bt4~vSjC9}R`aw?mk{xehCcZ3g=iy0z=jn{1otZwdFmQEQk&C;Viex%qlAfJY
zYIeT9ZI`hYB`apkzVINRq>jmBGb`jY-E37PS;*;F=_}_{5idtR3rWe<!znhYpe!$u
z>fYH>j%4K4lamuwTa#Z%((h#Y&a99!GE_4|YvPfYyt<KWeMKX?DJj3stz$dF^^sN3
zQc)Id)a1p|+IXlD)69^_CYJWhyu>E0_MHsMbIR&+lL|aL^*7U}r`0s1#1wb$;VetD
z`ejDfYn$h8I&?WMw_2pYB(jc0yKxIPA6Pvx`}&ScuQNqiy@64Y!?toa(Ue$Rb$u(@
z^0Z>nnlDs6O*3MNubP6?m<LBDj2rjMxN&nfoKX^1*D^)%ZxJ-z*}6*5bIF?D7A{!6
zdCe%DGnXI8C~NoEuMLQ;XpDTE>-5WjfuzXfyy~<l9V=%Fx4F2s;`+8(kl`=m#_#i~
zBJ-L=Z^Wx3_ip>W@5JdYVnwB>Sq|?_2@Fl(GHM?s3x*H07b}3KYda(2*P&?|81k7V
zA`eWq&7cvp<}cd5eUGysbiZ$|Omk&Ut&F3kB&C9ihMedZ5ElC#43qKPw_*9L`Aavg
z9Dn`L*+Q|8q^IqoAYKoROp`NHRgTLStwW=#rD3Hl{uyM*x<;n_s@!^kk%yapQg&&1
zZjzg)TURsv$n@I$q-f=yJ#{%{sTq04*31!K)VQ;L8CBIE4io&lK~X`FPeY=2`*}Fy
z+3x|D_Awm>>xy27ya$P{LaL~!6F)C$fh_Z8wP88Bd|v6>(Wu;}8Y2x2vVzXURl9d@
zUZP*|eCv^$907&e)KuC0HjgG|qo(qQ=lTf7E}b)y6XT<jdU-m4Eu(37P~j9Mr$?w-
zIP1K>pkyluvqvV&k;xT}k~hqvA+q98335tWtkU9^(aKClHCa_pfu`o_VV|6lm6exj
zudnW8YaAI@k}RNiwvdPH90$xjaB$y`_LMEF7Dtpz4kVE&YUZBvX7x>tm8=s(K&7kj
z%8FVR`scD4JVh-v@ftNC%|y{CvdZ0l{_WU_6YzKZ#K|Lv=9;`WV<xjMG^^3k){06d
zk;r5<E0?;G{AMBD^T&>f&jX&`O7!aD<k)oxD=sQIA<E9lf<lILdb773m*jcs#JsWY
zA~jWW8aKJ`{d3ogSVR%29fnS7N(infh~(?pyJ!$z1*fj*&FHVD`f>_MTS-)0k{B|D
zVryfan^z_p!XXeevLw9$zJM=&J;BdRh}Jf<qKONts$r_i%1#$AW5(vxOWt4bd1Xw7
zjjm`C=w=R&P5cbtwbYlvomY~Rv2yiD5#9RycJ}&~PPTy&@$t!mL0;xERGPBp|Ju9r
zpeC*`0N_bB7vTs2LFEb}ghNCSMHDHA2T-&!wH7+92QdlCp_EHeN~?(A=;%m0tp|9N
zp^7k25L*vW@j?&=yhT7X90^I-KtPm8u$vI3idVJyNBMrkWI{5#d2c6q-~0BxeQOq%
znlV(VJ^S`Y&S4I1s}bq1^UjsMAgBQFHl%TL=T8%FKhpW-LeJsBj2G#6alYV}?7e!o
zMJh$x`AstQ9T3$lr+Pd+v**vM1{6hG8*2*-D!sg?Jn0hNdmun)1}s-6A}S@&=)O*r
z%wG!|+eD~Xc(ZhGb-#o2$a%mdO24e0FF>Udd9SGM#{Hp*r*vbMeq(LX!`A6cWs^iC
z>Drr8vU4h|o$TKdQ`ATduR!baoSeosNoPk()v4nTRAVY8)4nq6I{jDqbrCA<cyueb
zxW*%7jsXE@I(f$ZvV-@<?#6Ty)7JicMed+tj4_3XlXu^(z2B>#Sg`Dv{qnB9o(tIr
zO0QjS6^Pp()nB=I-I!^NMHnqT!i_t(QIU{pIn#|+l~;U4D3MCqADk*KVlDEsczGh-
z1UHX+<)`ZfT>}G({$8}B4?ptY(-`xnFi+$jZD<pT+nUbi<>@l*X#|3yi!Zb3@R8on
zJgg{GQ#V9@`s$_e4om|?*I<DYsi2?~?UN4<Jd;V<9}lRqON8n?Z|S!VlH`Qle3^1U
zf@<VC4iV-aKVk3TMOM!l?=Cx8Qvav}?G&8N&lX!RWSLN9f(E`&(uH=mG~6gEzZo>!
z0Y^1+ch@d1I@u~x*6YH_GE|j**}8c)UMQ@qZ<UDKu9g>flUep-l{@7>ym;+)vsBu7
zuky@AiGILTL+r&tk)Y&sr2soJEq8MBtK61&8{lz<X3nz4vlr{d6OHMH<}96amrI`y
zx)@V%G#iguv@_+`x}FXUDhAL_6tB@1Jt!!ssj2DiFg~9j5)y*NQT5wz06_(S*TFiV
zSc9Va`M7v3c3B!V(?r?qVVzCl(3pm@hpK#HIQ6^rD`w{HOki_Y@5(9dmOoc^UWb2p
zy5?@Fn?mp9rExi&<ctDV$i{^(rcco3th9JGhqp6NxMIz68dZBfZ)5O8ep+k<FCsSo
zE+cM36kQAJBV!+?EQN}eUr=D~*6&mIpXe6W{+5~lSd~hU^v2A!?(ONa9Zw(X>XWBU
zw-Ab@j<yy<+Ywatz~J#%dDZ*EURD(znH;=nsY}m~Yr^8U?(Z?1Wo@A<IDJz5PtmPq
z`y$z)F<Y|7_^e#*GXdL%G0sjQdZ-`ZLnGjHOs$>kZxL<W$XH{K?>V2dE0Px)o%Y9!
zwVS*xbsSyHD~|3C5921JWOP|C;eGCe$I<*^IDI84Ym<*kC>D_^DYT}-Xf8Wq{Vvoz
zaQ%|$*#2KEp^<$+Qi$!L^cW61G&$o?i)`d&A~?ME-1zh$i}ua2VXI@4tBKwlIR02N
zfYWhsa3os!PQlt@5}7d`AvJpjnrmY<*7lE13DCQl7|G>DL}ixL^bIOM3qcS(NoO7}
z=^OjjgrqFtGaP}e<>P8pUWH7btUi&2CyWjBnOK&&na7LzTWpoOAs9<wq|H_7i4klz
z_lIBdCNEyMz>$IFcyoALoD`KYVcg`O3uq4RMhs<rOgzG(0?ZGj#c)=w&8?QNPYE~0
z4jKWmX3prm{ChZ$v+Y>Tins(jJ?smHr<<F&GKAYVtO{GVUCVuGxUUsf01Cs{^I3;L
z-`@Z`^txt&&h=D+4V{dAL&yQVO|0%qap9rt$b`cuYX;tRA?JIsv$IP~OeCn%ZtO8B
zDaq3E-S@bIRf@qV0;?2%ycEjWuKzYxSbv#FQjd6R*mFhov28j1emj=AzMMXN`d+(A
zaa~<qR#sM2R1}M)y0`QTV3lG3z{lzNv&!7vE0-@@G5oi2TVc;D*~|Z@7?AhL#AUVJ
z%K|5jwutg3&d$!Msj06<lsAD)1&kt)sere;b1wT}VTF|so4aV*D>p0q^uhg9002Of
zY-fM{W7-bxBG*wEQ8WdP8~^~QAtZ{9HcdI;4?YwG6#xJL8UsNE004l-Ku`gr2t|k7
z-}@fpkN}J-2!as*Gn@jCS6-Ag@>C(r{sN;&YmMm2o?B04a`pcJfDc8aA}+x;cK*x}
zaRq`30001ufzw|A001-wf(ift0F8m50ssI&V<4yi007V!2r2*o05k@I3IG5Aje(#7
l002N^AgBNU0MHN|?jP*ZsyL4dI;sEw002ovPDHLkV1mePzE}VN

literal 54535
zcmeFZbyQU0+xIIWNJ|LPT~g8_B}fh3-6=y!H;5o1Js=$_-Q6*S(jhS*E!_-_FbtfH
zzjr<Bob{f+o^#G0&st~Jaw*%rhkM`qj_dk<Ki7^@SCz-Zroevm=n)=BK}Pe@BQ%9a
zk5JX0U;szzpUI>Hf1$W*%1b}09HZI=en7XAQjvP}s3sog*5WbnGuC?r1NTRdNSPo0
zpnx=)jvqam&H~9uY5SNSEMW!^Z_;8MV}^V;*WmoDsqrS6`HN1twj6ma`@k}r{}2%y
z9i9L1a-Mqn=f@$JJd}pyHlzmFBq87FzG#GN*W4pIe6=6~PE(Hy#LOgXT7*-FH;LS?
z7Dc&Dl2K&-eZscS%@`g&-|cA7hzK7(iG3gb^MCogbpH+z+T$wx=Lp6Bqf_j;={|*r
zfA^}$VAE(%YsI5Eh=tzY8A)dN@E5AZn-(tOQ@_rqrT^EOdWN5<nlduztzL(g&t6bW
zU-fJbr(RHvb7MIYEpj%+b{Oqy9=)6UE@C^97H1Z8{rDbvm1~Onue}9fBsdD&<GKAO
z>-`tWgDy~H_}d8lJ@(Jzz^{weDpIxBg)qOHsmJoW+zF|!eu-rJcNudN36_F}hQ{wY
zJK>|Hjxr@0tVQBT|Er^2cE!jJ|6u9(qowypiy|h{|2kukT^4onVt=+Kctt|o=J4;y
z)0vOICyHFmMsoOtZ-m@uI6d~J$wl1SE4N=J8aB_>*{zOci?)VEK71fbpV9Npf{{8G
z>AYvBr;}G7B=2vDF+)QyNYbCNsXr}HN{#FM!iAuJ?X?%yuo4uVA?UE%qKtZV(4Ee2
zcTV!32B%sRC=k#}$f*CJfd$L8UvFjpt<J(+_F2ah<hpzwKTL;D0_8NQ{i?M+=7TtF
z@{B5RnXJi^zxa2##@=kBlM$y$tF{_*mROTXo0s2<O(y?0H^{4%8gIC%_~T?Y4Wc7v
zrM1xSvYt@_b)uCRu5|s@<2lriah^?Tv3MVz!~YE(#flfY<;AF~meLRrDxG3=snq-|
zpk=J8S?WmZ5ye#Y&~l!RFwFwRU83S{N_-kz-B6LI4|kw3&nl>(l)?#mufP|<=v&Fj
zSitP?2C|PhSng0#lM=+?FmA4Hg>PMk=<v5?i+UAzQxQpHu>7vJ5T6geBp;&aR;qla
zT>*X;LnDa2J(i=Q{RiTJ0}5t0kXw4)kXI!+UFk%5VR!{!nRS;Cxfc(JggVWvS2V3m
zUL7PA#%XE^+nibp*e~jLu%7uR*|W#*&nxcFB4o|tLC(aiF?z%G+w%<$@0QE$&)eP1
zh7J;sjjNog%Qhe8$wVFfH~L-I2*$*6l-<b!rB@!u6P|IONx8yjP5o7tQr}z8ji};}
z*}TM*S2#|jugny(k0I=hSRY92jf@HSN`pf{(BJC0^3C_m_SmFTtQDTb=)BbW>14gH
z)B$&pZzOMjkWX4#dfLHrZ<-Kl()@KOH`y%q*t^TpJX+5z@YyHq^p8bcbGn+*vn5vY
z^-fb1D*@}#b#}qA%iO1Wg$2gT-uHJ%?K%ac#*oYD-Kl2E;Q`;%79)Id?yD-}8cEI7
zf@rb|Zc^iNAFROmhcTJ+I4(S&l`u}G79&4TKCW0}ZzSJ0J1Hrt_5Sv3+(@u43C)vy
zguc-bOQ~D#)iI60z)?thI;YFl2>Fxat665(BnMuVbTO=zAVdXs4gANrq*c!ktmYu(
z1i~+in<B(=zP_rWl3k}wm3m_|Q%_BtVfEcqp-O4EigZ3>K1-F+EH`guMRM<x#_O}~
zS*=2I;)Tmp6vh!0<pHD?tJ*HRLrNZ{BA!(U>f`@R0CA2r9FW=zswit51-=(caoM8h
z$)0Dg`N^xh-2@tuh^zH@$-7@#mnO~cQP%t7x(^qcJhA?)t$hSK+G=#(rN(AoXvD1g
zspsB|PCS=ME7KSqGgETl`hIjQrSKjRaeTZ4U(bNYExeygAG(U^LqHQ_+~Q`jvfRPD
zrQ%$qmaDnY8?aDgCE6EDS(edj5T~zK=x89|G>^MGRW!>SuaJ->W^d_nm@$wFH@T4D
zY|@#s9gX>u0UEaeUkbVQpx<81nzf=2WHCpdTz6CzeWelgKPu1hlliz1MJ%~rBENx@
zk(1kFCtmQi`GZCN;p4xjBwq6=pOqYVN{^Yyzo_1{rx^%U@dJZb7zYpU=eT6QShG+P
z-5IjgQ#Vusn8B#SvG31z?Q&PMy_dT=s@lH~h2v4iRmsIk&y*WnWYr{jB9GeS1?9>4
zth;{kL|E)iSLrA~LcPdyZj;m~EKeW>;2*KcEP)?ey>_Vr_h*}UW-1McslBYJGX-7Z
zu!vda@t!rgEcL9(MwfrIPGV7sy)gT}9I@HBw{nleso&i7q8tO0wkt=x?IIZz1!2}v
z=M(i^lZl~#md#emnkAK(cYmB9Yy7g6B<!-ReKqR*d@3b(6Cw8~DMR*Qb@3CL14bn^
zaKGqG_VdhnlLkU)b&jTXEK{1!_V=BEykLrvd@pu3Hgz?rPq{SW{<5@TMvAH2)TP=b
zANyi6cObtH=Q<Wj+08rrOp6WbSaSTix3&`0CpzTS%I;ppC!t5;Q;S;m5=eeEgWm16
zDqJe$vSW$ZYEDhJxNqxk2j3$Z-dUX$EOa=e!tDOe7`f2r5|)n~T)c%8`fgFQmBLC_
zH&e|tuMUAD5~f6-KcQDKILl54{%gFK!GATLJXZClHf_!UX!>S~AQ>k9K|BprcgiM8
zL$UVYRH<1Em%Z1e#&vu-Sln^2*drzM?Ld12cs7o3ixcDoL62jVlEb*&Ey_K<LP9-3
z%9>@2q5ArzMol>srsCW-!$I#F#K&{Qqb0fINR!_f4y@fMH6jx>JmaY(@{g20aB3BD
zV(*SGnM&s8a)F;mldxL`5V-BLKeY1uG`#^T1RZ~P?CLUOHhoSAnCVBMq>S|j*mchj
zl?S9ejiuzQ2TvJHKj)=qqvsE&^6awHH4)C_=V}=9*^a#9<UguT)SeXH`L)XUM8fCE
z{!C!}=PxgI<(1K7WB!6=%B3{Hf9`Jf!*f2CS^!t)=6qfn=7Gj|uLSC;NyT#8iJZ5h
zs}5^yIU?vm?wv`jYNZIGdN*<@O$o+2_wDi3+~7NnE2q#B^eQs501dT=y<?(osMa9c
z#=VV|c@PBzCbSlKJ*+XZLGjvVI61C!CU#S0Xwy{*6Q4>wZ)mQT3g7UR=r1Un1YiAC
zEM<I87^fDhI+%X+c6ltDl2JZR`f$F%v&25X`TA^Yeo2*pMy%@#hu(QIdT#2UgM;!S
zOI8bh|4Y4#<iN=)HnkivzoAxIP5s|Cj4#vWph+my`9hU%?odk&z9;yOE*SQ}s-PLt
z_2)$|oY8sgNkI?s!Z`PWgnVNlBqxjslWCWgDX)_GXD1Tz{;vJv<<#XXzDIARL8A#&
z)kQ+U2Co~K%UMOu%((0HyPAF(XH9Wb&8>r#ocAU4r~0C%l{L+iHJ<@jm>tM;xIL$8
zbKqMB(`O~Qt`4um(pH`o;ucd#0tzEl$?CtSThGymLZ0KHpy>7nqOrq?z+w)kvQ`@S
z4DY(XTA_tOery3@5x=u5Pd{Y3T>($o*t&z}j_m#-1CnX{w9&V2OV^^``<hSiyoDJ{
z#=taS8va7;mZ!|H_P4^6*zmq62v5CGc}C^AO~Mm$r!i&lMWsnc>5Uw+JmMf_%WZ3)
z&*0JsGOi<?T-~k<IoBFW;mT}P``0Bozk3qrl5jyFYz4Q3cK<7Gahu5*AL6?0k=U!5
z0tY=LZqgsL?#Sxr-woR@E{$$-26^npemu9GPYG)%)3bs$La5T(n#CwsjN}a4D8?Jo
zjuu<2VEucpkZyYG9asL{x(2tO*ky_LOg}b8(zVp2I)cgH(@RV)s)vgSCq?(#4%>oh
z>`Hu2)+R=`@=F$X`HNzolE(2Dsg?0z$!yJwF9az~5`ZcbnS)33b2Y)>nSXI`yjsBO
zzyat}KGS0+dp^&dKT_g0r6<Lv9T*Sm4qRocj%xG>*ysPkw!WHXSQ^ABGy(BcnZ~pu
zDB<L4rM&1M$)ai{5I)g`?$$;7oaDLP;g{(k{m$`z5C&huKDmK2=KZ5!s@Lc50+}53
z@#E-%Zcl>2{y#R4S9>QyIiCnO5lq{?<0vXCs~KIM(klG=0*yP(0iXFP=p|p$_^23X
z>-k#<MU^`Bk9=d(i2rOFap8=0tb`B<NkSZrh^43aHwM|oKVT|l(H<`WQTrg~+0~kI
zdOwa?BR1omiTA5+i4(r=+iR6S8~jG{<!r8NZFGBM7Z@#imO7Gi_)bhZsSuZk4U`b3
zC(7x3bKs|+`zzi}d@r^@SLC;E-P+$T<HmQ;EmS5i>y)mgCgn1G?r_$f8!X}MI4t5f
zB=BDPOR3Ib91$D+s9Up33(aI@wkRwRON=Oz6Qq*t`}h5B1WCZ353Ssg1UKKTe>cE|
zg(q(tFUrLHnhsP~LM>X+t5Bj@F#QKLuG)LzcW(qi2?aHOOPpG4M*PQ+-|fD{h5{}a
zP&ibN`rbx=&qS_zZ!Qm$l-u|#YKDzdv^cX;iuP#Vi1n|KasP{+NWxy%gWtT1?Y>&n
zzs56#$*4u^^^m?f)1NFqIhJAM3RIUa%{6)R2q6&i5wFST+kDSRb&+3EuK#}ZEYtma
z)aIhILhoxv6jP{{8IFG_THIwnQ|xM`Q)d?+BgC3FmY&Kr`}VchL2)ZjDF1I~%DKDi
z({%7I)5ziP8u8cW8S-t656iIKFpwY+Q^k#p(1TJECyA&N^5H|S(Kx|F-To7n@!&A3
zlRE_5h=4xu)Y=0|T34!5W`O6-m2bZ?kZATTg)m2=QukS)UvS)?KWJ<k-_bD$$SJlx
z6T)IfX1-ammT8=9Ji3d(qdc~6Yb-u6z>1|5{Bi4hHeEg6fjF0H0MqV^<UTCP1Q&b0
zyX;AVWqJmmvM2<>U;VFWbm?~w=FE6)&)-d#8Oe842~`;N_S>;DFw(*}VdVxmCaoR~
zU=}+ixorMf5>TWdv=a9ZUEo(o1EFhv;q@eQ?Vcw^4^#g9AaOqTM;If&uXAao)N7xY
z`Y`-7W+2Q=2iw{amwFw|lLxwL&<kps;XaRS_1xbjLVSM45!W3WQEc<NXK9Igy)RbJ
zf?Y^eHT_qe9?x{C4kF5|PQFJeyVbKIqYk8SeYwyuF-l~UL&{}jdHWa3wUdY6H+ZSl
zvp?b6Tb-5i=7B$?d^cIlSYon^<p_!N&B4ss7q_1S`dXnEDHmOo4~>*50ewf){F5Vo
zlLL|lHbhYHS3aAeJ@%yD2>jJOov8-*k&QorJE>-ttKVfyNq+_$^I-nv8(K)KS%2wp
z>F61vBM<tM$P(l*6BK=ignr1(H1ZgYM(+UTf#pSpVCkHpu^>l$Qn_BJ8U^sJKn}T{
zP%}ERAzk;3L#Ky;QrKd?e)ssi-0_*Q&BB+n<F4w}-c{PCAJilfxaoX0lkt6HrYl@n
zVwIJJ4m5L+*_s1lX3qbNAqK_RN!g!*0hAA0B;f=<6DaTZzkd=IF#o@k#Q%4`C53zF
zE1Y$HwKsy-Zj4IY2Et<|aegpI%+r4Sk(-xyoN{43CFt)ersMBw6wmz`+3eSz9=nV{
z+SY%*J4HxJ8ou1&&j{?gH-!BIr)X$syzhR|wcnl&x1JOF-fj#gP3+qTb=297?};dH
z@Gi_kea~3>;;4ZPi=b`ac~A@vB-#Z^2R!^OKd<hh{w*hhpi(JF*UO+=A0PoHSzcb&
zuQr!D=Q3(^e4(#ES1T{wSE5yPuB}W&vGGToJNWh_0{a;eOVHi5ok_;&;?h#ZvIDGC
zhZhhZ^j92=H$;GBLmr5I%To+$twG`u>(X!E@|t%&x|oGHDzU4L-28h6;!42so5EvO
zi8}O<!Q~a^S@p-2Zprr~9ip_MXXu&wKE@=VnP%qAmJBw1{4$+Ki0JdO?>4oL5~H9v
z-+hvLf#NeAM$%bCjr@%Fa0=Ip_s@7tjZ-t~otIwAI>d(o`%9P2;lE#%2#jDz7!4Mi
z<{9AvN+UX^o}S(_R7VhAl-P=p7?%6{$THHO#=T5u?e}+x7sa61$t1cEHSh@0UUw)a
zxMKy75dN3Up{DupO_W#|zGqu7X5PW|PuS0TfXG<;YYmg2WQ|~KQla-`mBL3g$NX^6
zz&;cR^GXW`O`rNxG5uO<c4h3AlK)uXh>7LbxX@3t%Rl|?ZNyHdGLCOx2^PdQh^Tp^
z>iPu8_sUoTG`Rzz`Nl(GV%#e5kt(M-lJV1q{F3|*I)^q1huKP<eGAjh^uqwY@ubqj
zhxL--v(k68NjUVrQW{jKobC}7s2OUF|1>4PPd1}(4hM5mTct<CcvWdD@jX2~V<p|?
ztF%mtpz{g&)*r4wf~OnI{6irjGByl<PM4TfRXZ>_e>@dk+BdE}7)wZ#B{!-?GELwc
zAQPNYvBM_|qF<!eHm6}OzPyTnj9UVMhVH_QSD^JVHdaL=n*PAe+!)#Hw&KI;an8hC
zLZGRcj`lN0+<)54!nu{q?Cdqx+my2bsdjW;_fbtnY<&F2Qo_Uw1xGU)-#9V78~VY>
zz*@0|uhvx}dFN_C_(D|?sQAQyY&h|1!;`bAqCDR59@re@tK!4zRkL6J+~H@Dny0e<
zG%{PP!FZASFs9iWd^u4-_~C~a6N#a=B0h~&=29O&Ouv4{sjsfGV1=)pB1kwnqMBnT
zqW%#bv&5hVmw#}geOT;s_H_8bAKWs%DpfayL_=zWLJ>9tA+2bq%pba<soIUJ+7hDI
zxCL{0FNLG)k;(-^6GFfi{1z+O6&CkztQC+(;VZcP;TRpV{u<K!kS(a3<a<ePB?ie8
z@#V|O3|W?0B)p*uQ8YEmC`b>DKTk^BGI2Y0KH{;e%uf7c(FrnFtenR&h?~xc6m*y=
zhJu)-Kp8!t;+F)&Tn#Tzmp8->!^IaI)Wo^tgsMn1iJ9U3#-e?9@(-PzoB>1xB9r-}
zRJQrS>W<%j)Nb{gjwW!Cm#CtCX^{ldfSctf?s)P6Yh@vcbmo=fQL$k!ca?0&M<9ye
z&zuo>sV`qlX<FGJatb&LBGA-ckoOqR=-kkQs;MOcd}@Vpm>x!&BL2fIs&mt`S8mxD
zH95z6AERQ?YFaU&yamTIIi?}Xelwm8x*vREJ9{nSr@~|q&N*!Q6>??0FwQQtwK`Hj
z$}Zv{Ka#gLSj$WzQDQOTG$>TlB(Zf&L3wRlumVvyvJH8-8<|0RP+)>#1Gpf=Fz|Xa
zl^3j*PY@eZYde=HDWqv-Svi{cftb>rSZrAJzR^<Dr>Wl<!8i&X8J!C&?{5e8a{uTu
zp5%0q4G{k;`xiTGzLJw0BSPl$ai8s$B^ntA2ZdG|oicO$rdbDsj?)ns2AAWC*#7&B
z3nQj)ZZ8*HDrV-|oiA_l|Fc}#193SKZoZn@LZee&Rfkn4mV9RLpj$q9PFP;^R_ay&
z5!G5LjCU6M;g;QL$<G8oZm<LfS_cwMnhh>;a(_b;`h8gd$(*iK;1_UzBH&_&6`pdY
z_=a8Mdsv3NK8A$vqS(uiVrHmWzUSf#`y|ZCoNA4UVccgo12=<>$xh~jmq<_-wZJ>|
z_HXGALwpCMKxXsnDheV4^g4-Bb3GNyzvytsJ~5wyi9u;gLSgbY?%$dAKR(D{v8X&L
zNYAkeW@Jxd37%Bel&ko+Zun8uL{T%RwXkR7Dq55PVvwWZzp<nyi1F`fGcd%e96WqW
zWTe1<9YOiGaYQOuy?GcA3=EUc6aN2GfS&sQs9z>!$<H4o6h~_67-GpVhSO!}gLJ;L
zyO}J4hCMqN`XY466SVm75ZE%p@`7o^WPUFHJeF=$ZcTnT&GWtw?I6n!ot(eGn~e#0
z-h_m*Ng0gczyMHGvd(2e2+j42e0*s9cTnBye}^5cSGL|wx&C*b_;-QrnF^yc0egm_
z6!uUxNv8-SVHeBvc!CT8=NLc}RT-Bp0qN^MH*9<tCmT(=21G+ZQ+H0R-njjW)heoK
zfEDfW5EA}88kfBP(enxCS3Sronaz~*<`NWo^Y?mt-LEp4n4CPyfZxt?JC6FfnDvtk
z0ekFxrHJ4=r2M#4$;5-Z5q#%*K*1~{lX4`ttlhK$$^Rf=b>q=6MJW;R{O%6nVgf$g
z8qIt+)!LA8Wlu^@7*dA$5e7IwpLc<)L+`gn-z^r?&y<_S5_~583B;YeUW>0hc778A
zJH9SvH~Zn$N^t)j5;5&CQ)xm;8+^-a>bJ`raB1LQZd!){I4zAi{7yHAJ&$oIFKs?g
zCoi@6lhxUcO22vYfg2=o+A^@sn5%VjzU#?OsIkcOJa$nNE6Lk;7m}}(Lcuggk8w1Y
zS2T%_B~t@?4r&oom63U)txY22e2bDN7b_Erk!y|&r+xV@L3nSbA_5GPklP+JdFeZ(
zO~PfUEXlYjBeU3NChYuYRM>qNVmEwo{GRHykNV@84btmzNx8p^@t6b$xg^XCepw@{
zJM-D<_1xDD+$ybrAS1HAeq@Rroyyq<D+}J4tY7`LbMpHD_9Q5Wc0DG(>O~Tik83lc
zPg&gtP;y#v$hgh#+I`=_S_NCZ_QT0ceWWB$|BCxOEdjp<#^YfvuDqG<Le%2i=RJ7{
z_aMsPoCt@6!#(+3XD}@wf2nCva}38(enPD<Le=Ohs94ZRzj07j@|~+;)FB6iEoE?g
zqsvP8gK2Veu`jwPrg(!5(yH)sTKMY0?(La`xJRtqmtQhZhWQ_xyTG&&Rmbm@a|E!y
zywFugdx=ZVr+?u~w8gUYki|}&>ScsvX8Kf_!HZ~8uSfDzYykawXSyWMFVNtq-Phgq
z_OI)7rH+<(zj6xWzQscR;%#fn8O>`C1@Zgo5-t5!>nOv@O?R88Q6lcPd4{kTU}~H9
zs0&xrnf!KR=6^n*fYZ0OX>joy{q846s#jU@rq{P-zl`sm?`rYpw0XnT_IT@l&jjuz
zvjaIN=z<Xe{_*4@Ae~1*KwFZZ<xB_~glzQ-KJ`0o$GGUIw)`n9mlpVSJH}r$N7Nf%
zN=iz1JayAx1~S-~#CLWD>ZA?rz?2P^1Ugw^@I4cxAj;%u(f3!QiKydzGa;a<&KA@t
z?Zlr~LGM1t_SJ4;Y6P9PW8!H``kY$5<4(2lIGP3_zb+^q#IYH5qq6b(JbE#bQ>dhD
zZ3w7^KnA{q^uKz4`U8uE!;oaI4qB?T?ltZ+_Se;l*YfXs5)NG|Ga$nsOe*?wxY%;C
z`HLP%8-ik1cB096*2=0nrN^>Fc%5(2&v)j~q(VZ{UIw)rnr@AxPqeAIobN8^jq(KB
zji*0&d8PJ7wa`S{kU+#`H>FGaH`Cya0gV^NxPl*ND;AnAvZBsbf;IG8J)%x>mirnH
zMPK@zKNkaRm=~Pq@L4i{FSuN;M4>0=_G-v#Z@9&SJcE!jB3f+q-v69xI`o;>svmG$
zb_a4LCGVR3V0%dD=@7@?N&OtoHreQufi&K{(oM?apJYCFpSEF$<n31Lapwaq%vC^O
zx_PF2P~i_G%)AzBOfWYYFt*Jcqg=qJ2UkmSxbyzbKN4?$ma%JvHn+hgKE2L%H7|b1
zYJS$tY7p}C<S5$41n?E`9+VdqL7NWuj*FC=oP&iXwNb_e<;JBA5V20u*e<`VW!lNz
zy%6f}Y*FuNF_~nce2-T|gG32{krwenr}VqyTy3AKlT^E%1JMm*$59)6n!N0;&t2la
zT^OH6EV4w4#p*Ca@OP_C^nCX~{ACB?>gB=kx8{KB+8`lFJtI+K6JvFm5sxSIw%mST
z=k|L>iW>t1--S|3kht;1wQK$5yWtetnm~k?a;5~exc>#;B`s~wdR}}?==>^pqXkx`
zOAbXy?zgA_Zl&BADc7%ZU-x8g6N=FcL3!5o556mRfv<w^sIs!Mv}ub_A7htZZ&r<5
zsdff{=TmIzy1u=IYFF_Hx0rRv#WD#`CE0GnJFaK|mo#iUhyT!-8F!#_-)tRT59CAp
z1Fwfd?mvW}>6o{<ZGO&}rP+leZuYCnuAG)_-&zNj={5P?16lva%mqyF9FTlz<|>8b
zlE*lSYCBn-`CnXK3ZbgvAI#M)fP>$;EZK;ruxUs)Pz@%r#v6J8eoG>=66uAHqiT*=
z$>n$wi<(@4Vh*@N627$X#69q2RCwjjbV-t*D#F?%|I5%5Mk=Gqrt<h{<2$Q>dxn^o
zZ3{jGf(|fgz_^-j9c;`lMx!PyaBdsp(rNlD76(i~W;!epcV@<M<2FB??9HhC7<K93
z{3$zyctH42mn^NdI+*EbD@B3O_R+tMDBaepG$seed@nrsHe{+u1&xErQ=Ul`!P&o5
z&A~R=f#arg5@r-%3BLIoGv|lTz(AB<XFYSZ#?ozdRcW$k-ttakKRYw)ebW46@{^;Y
zuXHA0%|c}Z5_U})we+pPdt}evU5Eb_Y$faomPnzr?BTp;`N!<VD#Hc}w+$bYR3_6z
z24}GNXisl1ET|IvrPSvFCg0%17vC=IOB?(gQS%$Hw@tFq#oV_%&O0@8I1sSE8$(}k
z3KYN88s?^&`jKBRj~1yq8VY$6H}2=?Yi2UTXWb}=-6Z)gmqbkc@t}97W!$kQT<iRh
zb=*2VQ&){{_)&Hn*!l-9Ie*Vjwxo;^AeG%~i3z1*Tueu!AuKRutvdRV)p59n3yS9e
ztV|?q05K-|Zsl7ZSTEpwN5h0d3+U0|)GG6fUPHQIl#5UfQN1~Xv_Us_C{l=f@0&_e
zD<je4`Fc%cEYtJ!B4*BK6H^bH)OO5@wn!p#pvGF+7qTsiq6f3(F^Lgh*IQLRz4fbW
zZ<yMka>mRY{#^p|aI_D*gYNB}{~~MKLCfC-Ssmh2#YV^04Z^7q&&i$;bWSodGI1NX
z*(VWAE-SiZHD6d(QiREAOjNN=I|D%D)LNS_bks{d>^<N!c+~Sv{Xnj2b-=&QfRMG%
z;6^rYpthc7OrDRXba<+9mYn#(RQbh9d?DlGwXg{B$=eAxTJHS8KS~B>nyez5NF^We
zMC~WSxXSLb95T5eK~(7NDUPNklO%&;kcouxXKdev9~2N8J7C42NMQ2O<_&6(PGt-E
z8BMl&Sz&aOm_~(6Y`p5-NoG$1OPKpNPS(Fws`7fnP$J5(nhZ0z5Uypi01ZV&4m=U)
z>$YER_jSFQwuepc+OKUSW9@1dhfAUAIyR6^maAt3EVO;$+^yXH3{u69qZY*<PC@is
zsOaHRyn0#@WB&f`)>k|tkjU63*QiaGtK6_f`Z3^WXIlQDbAe&^>KgCosMngsIT)M>
zPPiuv@ECX4a)rk~4_S#hUMROG2B-zi3pK{?(>#p{=gqx|3YQ%{(L9}iANl&v;#{46
zle0-oT@)5FQ58RG2}sE_ZZ{k|i|lNuBxycow|Vs$MQ>P-<chaNQ+(*J4IelF;<9EU
z((tC0F{h?*_7;V@`jw!z4^KqN9>oV7cR7#70Ge#PL96RJMo(|meo6BnA~A#_i|=&_
z%gUv5Wo4zGGlI#HgxgpjFQFQI0d7B*w&gUee>sEGh(k^fh}^TKhNQVR!xMRSYJzD}
zHI_dU=6r$_Ax?}712ZtmJHRos@ZlgwJQ*C+YI%8l`xr-iWrMcKQ3JUI1mxzFkQ|v;
zMC@+!oWXafay$0nI%T?j&vlMm?-W@3ACk5;y>=g0?FwBLyvJM>C~M&PWDzA&Snj+2
zxI^9yE2U;g;l$*@P=_|VNd}(;o1r!yEpke2hOt=j-2woF0J;;8i6w(dD|53+&ATzy
z@g$rg#rJMu^^pnP#Ep(iMDP!CmjfTrQ<nYqxkxxnl^;JH?zf(6au%l;Gd9#3K)8<X
zf??JssB4LgGog$kYl>;>Dik&g18fbAZ{6;zPcW^AQ}7;RGX=`%8#LOi*kL8Q8Pks*
z^;SjfYclvz=!fTrWJZf$zGu>8q62BQVc<~|6WZzqoZ*>z1ZhY@ZY3vOL3<DPNyW&T
z=XZ4!db&AW=0GgyFt2T*rXXj6IO)H)xGXo=nW-ovjEpP3c7Rn@Y#qYtSOHg|5dW*q
zG9hEQ)oruu-o_jP4z1c!VJF%HPnSp4SjnyLmuSIWE4)k6(6xC_yC6j|6!iDo-abQW
z@$Y*3ybQA(Z@{G57{02^;c#|atCSs1X|_ktz(17i1y+SJ)D%vK!L^^IbH2ucQfJ%a
zT1W?Lqro%X3gf8JOres_*2#}=75K&G?kfank~W80ZAUYn!8=mTU;=?{UKM^vL(e!~
z!t{f8;hSvNSt}zKg{5B-yCEB|byK;2E@_)&48a#`-s0^$-(^Aneuq-Xl-QK%4!V8U
zjN_7k!?aAA2HVBAN3%nZkD<pFEd&?FGUxR#Bl6n_oW=grn^-O8e~NO0!iiafbjeov
zlV}e&{w8|KXnF&J$wqT(%nH(?SKfSV(HH!SO2h|lLshRRNiGS6!$7>`3GxcRj%mcu
zk+Eo-xk1>Pq4?+U6|>m)!v2?3KzKU~rpryH!$gE)_~y-S=aw0A7(~e8kd+duQ3^St
z1088?-7#U+*K;u{4Ev<HIZ2|4Hdz%c*}y5^aW*EJ#_P_a*xF{b6+^x=U%($8cwIoD
z{pRLGk-z45`+X20Y(=4RX}V6{`<aA|s1SIX&Ch?(Z^-{OjoacAypH4HbTe%q$Ub9B
zON+(n#$c&22JAVXbusqKILOsp&0BfFy>jEE_oI6{Cvji5*C5np_>^&a#>Ue^NuH?=
z#G`2<9CH$O20SH%#!W|}4dR=g8-g1dN?R5yQ9HW~^!5Q2dGX>@Q63s6f~4`G#yZB8
zAg0+GpKF^b)p3ZnH;-xk6Zh>gsfEVFX>uug*dYMn^#W@g%ma|$r#;!MCFp0rCeVtu
zsFxehDg?>c<kRzCYrrQuC|`RVMEYH{dz6%1=VZkKfSL8VLsWJ3uzsyIR-@BW=@{SO
zfEcr4vUXtZqQqaipWZz(GHTIL&K$oa^ILNKyg*ZJG)rxHnKe}<I%SRA1!0EJWrF=q
zBeH#0RKkh%jU5SY&_iZENs7TlY%c+HoWe*tzdUSSeeES3p$2#jIN@i;gRdbTTWJQZ
z#2|)jy>r?0Q%WTQvZsGZeGbU2LW2CbtKY6<FY`s9HuSoW>`)S+ZStXBt7xoLk_))j
z=s`T#NoOLXPIWkTygrc^d>7(zWYz(GR;pd``5K3`6ws6y{4T2r0NzX1iWc}mvFtbI
ze{>+WkpGMR^LY!9C5~2nz7_!!d=g`>X;5N}@WCn}sd%3)_FLrQ$y?w{3dn2Kk^(ai
z)~ULsC?X>VhGr(ZU!A;VV}K*elz<C!Of}t^R*Q$sy-kRO|4WDXpRPr5nIucCure_8
z%+TIP0CQN*+B%;bpgjHjL_|csy<ff3D46eWWpe)4T`D~jl7Nf>n0~9DM$!S9fN)}J
zABgFGx42{S*$(_sSFj`&1>_1AL3vz2v`bDIkWjgFs*QI?e?U`ZlWaZz9iAEJ9Gxg!
z|L>Sp|LE7`kIpNdv9dVZdB`FsUh8AJ+Y<!*Ilmv1?PyjAVAAZg<d_Zzq;&cJd9>K+
zsg(MZP<$z8?gNwLM()+#r$k0*&r0xpg;J9I|0ejb9kzO$F!*`EKdVwp^q#EKw+a+;
z83k#d4c?A_48FU@T=~o0KanRt(JreLaO>)MOZM#3J<VOwHXXp}uz*nP`_6YC@L5=e
z=1=UMUw8aK)IkKGQ`7E+6899{o2$LS7uu&cfKC&eZ8^l58ObJ?6n%VMVH6=sNZ88c
zI|$z|jFtQY?B;urX@Gihcold<vNv<~(Qfm_-{OGB04PEHwv#H{dC8wnt5Dfb6&Uqg
z5aZBuKpqBoK2Vyt9d}<GWrSQTMepF>?pz@!iameWgL3p24xRQcJout#+8vW#_tIl0
z)#vVd+ta@1)@v0t91lSRMP6od^Cmjg`i)XNNJjZ;xu(FBEeQOCP1XnCz18m9_%gDx
zyOSG?4X4msHw<t1@&t3qLbfPjb1<A{*$4U0lqxZSph4=~bsyk1fRmL2oa;P?Cg(Ik
z2O*)`V>Ey-i3YT_RUkVM_nvnX7o&>6r&0cbk^soZ@7)oPzKC)32A{EHNd~K?O0?ZY
z-O3BrF*1BFlD}ES2$bx`KUj(9(5w6k+#fI4qSks4)!W-U>vbS@e;m!*>(k9d_C!I!
z5*T1R#Q{X>SKCp;0RU*>21F%4Bne5R8x8F)dp`&|Mz`Mb7@Ji3I(~?ei3y!d`mIL2
zzN_^}n#TC!XBmJ_5bL%nc08%Xv#a?BpcK2@atripeF!^E+At*V;K9v*7hHTqy`38*
z2`7W?4|X(~{VqxkFa3Z`jmxal`@}Gg3QXgl&$7Rh*sK34SR#eT=repaFyaAI#$OkC
zppLf^pAwTaV*>m6PwbV=-_^?mfIK4Khf989TWRcbBr<g^L#}PncV2a}&to^;`hY$9
zy4#jryb3;|S{}}&<!MhaaEb?z)zyAlwCS_UJCgjZmOw<xyxf*efO>tJpK;o(R!UPq
zI)RYOe59!NQSl+`Fa!#3Ka0!I!;t&k8A$n=j3)$;ql)<~f=qU|t#kAm7rs9}i}mC%
zcU*v_iMwMsFSipS=TFlI8VzcFzWJ@#spj@kimbf6bf_xsAKehy??jTi+m7qzCT7tE
zAY*5BpbN+Qv#Tc)^7hV>YBKiGd5C5b>U{dLnzJ&aCK}Z&v5@Fg8qa|**<B%Mn7>N2
z<deBKD{r`BDFihi<15*XWp#I<piQq&LO~c3ubxwt(+VbD9-*M1yqj%|HB4EwZu!<X
zrd2K+bg)qG9Qz>iP3A|j85PFti87<{<I)^d9A$!X+0*rM821_WnX0(PufGG)fJDlf
z=fN-2(b?l93^3B#x7K)gQ@^&U((OLDFXY3fIeyAG0Ztn(TnY{LdZ0A`d7-`7;jcFi
zl1aX?_TPNw1FNdKSw=saqju4111#Y+j`gp1fD-a<vYy>9a2eBcAEqUxh?>|!UYD6k
z2`G-=GI+_@*9y0ifMk7HGk$>)TEU?g5Sq?kxL%NICb!LP0&`znQj(2t^}4?c9LW{!
ze?qNvvh067QQ@!Vu{*Ewi8Z$%y2cMS^c?L-;cKS21B<Eup`g|BQEB`{i56?kuO|$(
z?PPp*a!Tvoi)BG*g3#M9vlZ&!AQ_F!3-1<YxWMUE&DMHVD*#t=d%c~TChAX0!{qvs
z-k=B`qki^{P??O=@Z*fre95Vme7yPXZ{C5Ojr_*gMVh-S^)DcGzP6KDv$WT~wb-$z
za|8bDfR0rl_f_2ImmgFai2jr&J}@o&!^PW^1v$pD`2`yivbzW*9pAvm{l5X2-Cw_X
z0bKGMX6`W4H&r>}@2^j71Xlpof1<-kul-z8H-=o46iCD5?{2S8`e9{zuCDN9@facL
zk;v6vjdFe02F{iav%f$b@9{J)vN`q>4p}kF2g$>wXn-EwlRrrM#UHfzY9oM=wJ$dJ
zgGFz6$pwYL`wxD!>9N#iaEXow#vhittF-RA8w&d_t5n8ckYa7pA5ZDfPzj)m8g_J0
zs@Lc^G1;Yu_<y(8C9Rrk9OtkGZ}BJv`Ml0KUIs6>KR*MOJr-wL5*;)m$K`rZ_D<9&
zU`bDZz`4fR=>KKWtMSc}nS@Ih7v?biqk7d07~uDREkbikR};I|F1s;b>{tg2wq>X}
zrwD2^Uf!J(dpWLz+m0GNhax-FC!ffjW`zUG^LpMXIH#*i{6Pz$ahYnQ{+!D8Z7a#%
zceyfKR2#~w1R(RW6^0EOMb6?4V%Ho^b%1IbO%|+$_$d7edp+CxwB$k7VufB`8VmJ&
z%OXkIisJJLZSP#%2r8Mhfh;PkfrEkXjQaQ(haMn+N|l`u@J^kD?slgQmQ_}0P4IG~
zQ#1t$&;`MD0FxnT><jNi!t5B~vUitzOJwOW?`44<Jm2RHggVvcjK5?s5$*QQ47Y2$
z!#~e)jzFWu%|@`RH+pQW)Zo*T#X3wt)qVZi^XU6lVyQotCag?PFJ9@FVV$3#7koL^
zeyS+XuF4cF(E@q|;g7X-yF6jE!lbj=qJC>Eba#yAcfJz>5H!jc6{V(m7==Md!JOdL
z$K}Q?(p-7(CM?<1zka0%QJ7yG4gf^9&z|ZS_G{IEKv?Ga<w{`W72Sj1qFZJ72|!T|
z#+}@Deo5g{ZB%&m)ZUKuHNKl}t^xNk*zrU~YI0n2mFu(#)wZWS-tR<k&+H?!L=k1J
z-0BVSW$TaEg=ZksGQP<?@n*5V=<~XnliO|I9|r*oYB9FyWzao*1sd_TyPM7OfEN2%
zkXdTR!0l0iBBjNF4wZz5LTZMBO40$^i1o7fioe>D+DHMTYOY8u?k@jxl))*mB*T@B
z*~wZo&mQDQ;`a8K74?|)!o9ttp8e6g>x@&8cC-9Q!g=oX<)yY}YQm7*_=v9u5wvSu
zne(s76X8gP_{%048GEVEm`o)zshM+~9sV%#Zh}}^!{Kb5%Y!+c4<g=oS@SIe_0#hT
z#5nF}xalj4Glm)8fG~oX%cwy!Fnf)`j{0nqKl`V<4A6@))F2vh8;0Rx&6dw#H**8g
z%_no+2g?mOUtai9be9%$3npGMt#WxEE%IX2vALAX16s^Qvb{Vza8d_iFzAql;rqtr
z5C?a$UX?^#1l8N)5VY3mdA#+e+s)Lv)doGYDdrjL^Cr<gm!k?JEU06cfD+<tJ{Kr<
zS*)2k8m7b6<R@AXn}q6K%FkBamt=r4J8tI7cyAW0gXrsCC@H5Qkcw$Fxq}vt(W#z;
zjJq-SG1;GT6sfQj4C)ML>jxWC0|y7H!t+crb#;a9Q=YrZHzK%Xo-b_2)zBs(6E}m5
z2F~5bnVps*BQ-Ng2owsb7r2_Aiz>PzZ#-eCMRFJM6_vT#wKA@pW{t|(H4xf^A)V5%
z+PjlG%N3Nb>s{gj`P(o%B>4lAQ{5RfRkDwuk&7%<k4PZ$qsQL{u}s@7$dareDB&vU
zY2y8@RXhBBJL0JAeeD#9)Y#0Xhv!egfpcy^8?y=%Sh!+=ukXPmrxC0Siii0vhUv97
zt5-<x(!w2(k71=C6Ut$W2Ya27svYN*h$uqQe)Gft5m#!EeOO^tG}afy)0Q)(FDX>O
z_}xwh7y#sh19Nk8rE-0XnDRG=znAk};?GYKJH>(Rske5s^L^mdvrr6tnX(kF2NA4;
zgt%o(GXOyA1J9qx#QAUs9-Ix$$@tR)^r<BzNu>b{)3_3Lx<MhhZ|IElYD_iLMOsxN
z?V&T9SCT<`g38?7g-MQBi4t%9E;0iz52{LeV#Ud``AT*1ph&N7XGvNS3s%-kw=EBq
ziIuzaUH;;UYwPLPMzyB*^9D`F$M4IMz|ye4i>~Eg-foeZs<YA*q-UM8*LDoPd0s2&
zHMD_V6r&2(mNJ@@WIqkLcnyT>hnfO(gC8&^?TWxKFn~Kv$(~v_&j8h4rTAYbtNJck
zR0c*w>9GWX-Jvg%(98n12Lta+1IBGBb;<~%XlHIbt=<_6D>-P;YnqvyWHpuFZd$#z
zmS5#bQ4Dz^Aj*N|UE27GC(%z7_0zy>-N&*r_M`iKfG>hnn=YWYeu=8&d)k@TGai4B
zQw@&evfilgT53y#FL~>@iz{hny1=idHMd3#wDD$uk}cOYI|KrIu4<r*p#QD(`_nK_
zN%c7bblTtX&=@*~Kou>`kdKdJyWFWG2xx2P?-gFncRD%5*uwbGn;df;W@+$@nZ}a{
zQ3^K08BaUUfYBQ$b>R@}@P`(w*k#L)7;y#fH4FZ<uSq;NPAlT34-obRc<e+88}c_l
zqKM_H$t&lbhr3X>SR9xYQ+^Z-r=CoyN&b97pW-;a0qXx{`7^pC`@0wm+AD>+*jUQo
zNE&*cmVwqee385TDyTVtkFaf;4wcrG3!Ft)IR)4<lBBR}k&1db_G?(lJAoRzf$9*Q
zV2&%z0uR6!o@ao%d|Ki8j^D=xdIg>@Zy{7wHP5dZPas?e*yWFp?nj^V-YN;IO%;xQ
zM_>+u@&Phc=WKY#1F*$3XK8EYGuZShHGu*tvc8zzsXuidQ523+&XfIe;dEqtZdr$7
zn4tv4_T+1br1043i&)J`L|<d#K2e2X3#w8or{+H0EI32JRqRf%C;E^M@8@SS;YL}O
zk+jQ(d3-*o7<^-pSa)=7?eu2fr8q>uivqzyK4WC6*4S~IE$LGEf^1TzMiB-Ezlm_Q
z>XQkUbC@mfn{OzyqE3&G+_C?%f%9{S4%>}T91Hujx7~LNAP9M>akj?$F=+!n0JhN&
zz(y?1Me#I4jWZ5rJ5WrcXxP4zyi*@HY4@qw<6)AV2Q-`Rd(_*+yO#646Y(~0O36Nl
z=?13Hl%g0wW~33e5n;?d%{rXiDdBd~)!;B&njPig^W{R+b5A=adQQ<jdZ{l?XDca#
zgWhfj^%i+@s>HL7fX@QyHc#;zmMZa?-|Pbo!W;7>ThXM7Q|RPuYo#?)J|{mp!D;$f
zZncgEs@>9$HNL(<5v)3Ah42^E*^X(33f+=j&<3@=M**t&`uJ#R1+D+e(+1{y?QC6C
z2Xv;R3zM^Ss4lgZ8lV$uxGC;^vOJ@N8f@Vt8$wXL@>|Xmdm~`*+|5sxo5E&>1OqPL
zvlJknPui#oF-q;H8Y@~0bJB0+6rB)2$r=o$9T&>QI-GCNC{9#vJ?92F`qgbd6;;X@
zp)=K5YcpITMQBaa@~2dQbph&9l_8HBAvRNZSX3%m-Xd8%U5`$=3fgLDA1JGC!n5we
zXi)%mz?A6Dw2BU!fy=~SjQcIYD?tZBmt2z>-`qA!0ggI<e%63n55qX2J7NR<+re-g
zm4x*HKXzG0tGU%m7OTthj_;;)b*)Q%M?zUUYr5K{k)}V(f_v`CYob@1^O~pP37#ai
zl3cfUh&_G?&h!vl*_c80M6C`bELb;#{#3d~CV5_@HC~DAnVz7k7}EwoqylbMb8G8&
zYmoQ)qs}<OgwOMb0O!SEJ>amiIjrrINF9o6PB+V5y7Dz-udd!<mYY+srx&pNVD8pW
zoLVG4g*_QYA<5tE-4iTZh5FXDW;A8RmaBhb0F=98?mw)vU-Yk*UJJH2ZtlDxl9r3R
z#je`+F~P&(w*C`p+J^*ycXf+*TQTXSyFlI0OxXkNKD&^h(&V{Ms+`TIBN&@dm$l@7
zu1@AA$Wvr0&LiH$uI@BnuYsq=J$krtup&?ETfEN-A|^P)|LrEunahJuF6z|s<`A$1
zVzX_rOcZ63#aQBKqwml#fZAHTjaEhC{&@aNEIb`2GD1S;I3TNIdYoU+QfV$NbIxi0
zMlo=MkFaw%@K@74S?N9Z|2hRo{6YZHj7SZ`@^_;rj@zamPNj&+gJe{|^dO#nXI18Y
zBjM2JQI0q=g585Kr1are9TdfDRg}TsEY|ycCgu#rRb*t?qaMV@9jv5@>*axTExZD8
zhb<3fgx_b1<u)0RH!k&S+{ZYilkP->8jAnuFTWmZHYf5hi`y`ee*F(jrGONx`4|I$
z22nZR0W|4zpO<t72^vQMDO~H1@cv<a<81$>=KTjbGD|}|)D;7bte5&f$yXf4e*+H|
zTSDm{)KA>GqQOp;OV_wRpDY2hYUqEH&p@MzVR<iL5;M%M|3#(!{_&50`=86H{m%ox
z7;3A7I%vVOrBT1s`zuqW)W!hDxm<#y<q`?3gg|*Qkd<9#zVO!_Z2aAJ#oEB7NWv4Y
zk}1T%$%)HlB+&m|7U$%6^{qH-f!yh}<6<+Rpu_YVpt}8)+r~@iLOdbbq}HFllBwVG
zds+bLyJLR=y+^81XZaFPMCx)G{Q+>X>G&TWK#B{XA!<t-L57|{EelYlfeEnK91qOb
zgKmLuyZJ~L|NS}<K#*0*0Xe!-aoxF|&nuuL=0l;1GG_nQ!f)O@*jZQ@HWpb*e5Q+&
zVUsSV#p&$wdW!JEtWaCvKIv<3pcWkfba%<8iu!$=LvKv?zVa|INRK9I1J(Dmch^_6
z;$Kcja=WM5waQT=7FVFbk~bHJ(TdMFWT0j(lD?DqJL7cBNT8ay585Ebwx)}&RTva2
zygU#ER9TYU->(1mG^et;rY3zr|1$*3CV=v7Pji<bIDn(*tVB)!@LC$B5%c*PRArq#
zoWf3wq$$;@K&8zs0MNJwD}>htyg~QS@HxL1RaSPL#0>m$YRh>;#Z!qJAWHzLDN2V!
z&k$)<Y*Zu!Ksip{m}yy}DE!yF8Luqb{Q^bulAoW7`NlTq@Ko`L;`)x;UIv|S(oXDX
z<Q)Tk+kT7k2;9WkZ3TEgLfraZi21)~!9;JjpTbqVv5TcPKJ*u;1GS_|)`##f^#iGu
zc8TUdmPj49ijg(6A#g$Hp`8AKkmG)w6MW};FyDYPTV*!Oe3>ocjse6%vs&?40P=LW
z5FGBgQt=iD-+Ap%t#O~fdODif^aemav?Hshhkh50=J3z%%>YD^_4v{EyNqEL<*fXf
zDX%*S^U?*R92u|{c0zL}Ge;mf&8!ZvQv+w=c(idJKVg&iW4r&F^~wIbT*Ww9q!vFe
z;Sdj#W2;*%WS5oR`1Tfa)u5%;&xyWY-0U14kt5#9xTcD3SnpVZstA_|RB!X5wn9k8
zoRH^-b&2~Y0NUg_9aQv%cJYU`pV4Jb3=49NiN1kJJ(r@KxfXyb^V06pvHfb<|G7OC
z=HT{Xqm$@^nsYbR4}{puKMxG*o<4p0wJ>Q4c<(_dkjY!@PBORt==^<$9E9fLQ_oxd
zt+w!y&|>k}UseeWs-@n%;y9HWiZBv6S^{3r@ItpVU!rWN?~22$Ga&w=4JnXlF5srb
zth~Hgp!7i8fl6;TV*b?IPbEyjo`pu>YTQ2`qL3VN(5;e--Wsh2N)6lS*-AuFl!#=k
zBa8q|=s+li-R!m>)LFhoi>z7i`vy5FSZ?*iY4tq(2<U)2EmW)_Y>gC*?5X`xkvXJ9
z;X&7%xI?K`kD3T1x<ujap-9B#&l{t_m#_36GY*ID*UMcRNlAqiYc{+9AR!O-1V(xM
z+n`Nsd|HWeB}>R5O9=n0k;^JD_<t1?hV}x*rq5SdL{qrT;>IQ6P6zQ~6V0x~=U*sV
zcrc0ss|v(?PrrKXPU<#&myM=ZN+E-pxf?_gF;5#fE?k?$212<+x{@w9^u~I@$c^h-
zDqqv3){6&b48WUA0wp(MuBT+;95()LbzGgUFL|%%*tm)D|Mq{%ZPFU{DVo#@VCdxZ
z55J-+4yRODB5@&^0R%nw*n0go|0;A;f*My=0qCpDi4Go^aAmGtc3E?i<$r!q0+uoj
zy0*D!SFl3nhaYyM^{bMwhTSea!NQXIaoDW(VgYf*x>_6z?Hst3wtXhUqLyANA$)x+
zfjr>HrPzoC3a?9n7nDq!BkdjgXWiR#)>gh0Ws6Xmv=M)vVTR5WfKu~6Fq!2ingxEk
zy*{%7inNPqUtdSi313IlxK7z#tiL)K<~h9k#cIQ9?f_SlTottP1&VmI&3qOzGLvnu
z^LQkmoZgXf8|Qlw-DL{zw@`V%JNI$C1fxri$Gi6R>wOtCOHVm{YsFH`2iPmBLH%6g
z)2+?TT}vG#A43V~#KerpFCqn+=82o-sk5M$^A4>7hlxmCAVXb4_I&b;8f=4iM4a}a
z%w6rz{G4YR40x~C8Q^PT>2`Hwa(gpe#isc~1t{15X*#Ot_?d+LBTz@S7DM=Tv+K^D
zUdkN6c=sL|^|S|!7l?dIj;9tj?Wh8t@@@+)j{%weUdkjVw0H8w*5b8$sqQb+cdAZ~
z_sGE;9@BOOWE;7lpTII-oM<k|_3hDeOIZ<{P|E7gFjzEE)JOxVFbR}J42IkbcXs-S
z7zyDD5M4YZ7PP)hK!Cop)FzBgZYE*>(QYA5j2)N-wToz&_{D|Kot<m7e4YU>?)Vii
zAyVnm8TCK`Z&nZE3m5Toh&q#C*E?g$prkftjFpx^`|6WZsYNxv0P&VrqaAqjLyJc`
z-yTzD)^39*pb1b(22thY<V@Ikxd2RveIwUsY5{p&y>WsBsvDh!?NK$)FdjCx=Gj2|
z<hblsgVPKXW&-dEi!y*x%|AO6VjPe~+Ck^M(@u=IRf<OUpBia_-L)L;#b4S_%D^I|
zGAxZCfjR9d0@;H%lS-}AG8x@EWrlcw#IHLF6he*uyuTy+dg<wAIR<g$!TLf5kT8Hp
zu`}5}3_J^CCK<8RJCR!}D!nwL%vY@yhc&Y#rV3EbYkUydBZI<oOvw0l^9gnNovR?H
zX}!Yubz}fEKREHcpjKR!H+S(%p@Z~{6Mzs-G=sDrUS{z{q-Wx4Z|BNrIk<&jn4xRM
zY-yv@mkwu+rPj%@jpN6qOE(+=ufXW8wnk8orSUS>wpr_)Ew?`NH+y>Bq&`<i1k{%K
zcwAu(&sHO|to;?-MM`vd>jG%ELfEXyC!Kn4mp4UD16t<1va7G)YK9z0YscA{iiP5Y
zjVITgITC@`XqdQ>M-H|}mJCpXl#!KT05e+!iaozKH3Y<+n(zf*aW%zXi>E=yFFO~u
zJQHlQPmLIxc;&j13=Ps}Pn-Ie&px#vA~xH%;0r+MTeZg^(ZwCnq&QPSf%Pk*hw2xv
zoub^2>Un;6ZL0&yoj#g*9_KrR#;raYsToYb^aFLGr*fNU+p%WX*?#h8_tx1z&lkNM
zy1BnPmTWH%enrIae+S$ag>+;PweYBXzdBrS&~c!HW?~XxFkUUVFb1Pc!LzawQ*C+v
zL%Rm*Xl=RC(3Hk^o!Sh4C*b@)$a~AEx|(m@GdM|*01=!JEChE579_X?ch}(V8~5N4
zEJ$$o;O_1&L4sRww_BU{ob&H{?&<E+cl4JYy+4pK5=Qn~t7=u%ob!2pv%^EECKBzB
zjrMe{?Hh?7tQwV{E^W46tX7@_P7cLXS118oYL>V{^9vQjdWZexdN-U{JT^5O%wmoC
zs(i|7X9AE&E;MP)q^!jMr5YSqQ-mlQ@frbC0SXeaRm!J%yQ3N|(EGp3-7s<xf9+Mb
zB}Q_jYfh4cW?+R#R<(~xt*uDl;CrrBEmFH%s|?9_7$5SYDUQzPYZY3=x2ha`xrDC`
z?&#h=F%L25XKZF};w?9~*%$~y=cNwt2|(+@rv3x!eqUA=S$h(1CPaxaPFhb9R-b64
zXcZdE1ek_lUTYFuxr?XLQ_^k!Ew-@n=m;#)Eee&~YDQq1KPXMQ%vCEPyk~7w1XQ9)
z*NW-sd?3ro7x$hZ|8Y~1FfEPNL?N9J0&%@aGo7~BDRa@(%$JTv+0b$37rfQKtrDqG
zHsK;Kip|IC&fK`TKk6nb*z6x<EuFi$a2$Id9V>RQK3pRHhkPj+oK$gAwKx|ZZkn!n
zdQF|3CzUAf*V)9I=403H27ho0`=#D%xusRL+jcobdzlWUa2ITpE%0nyyoJE%-BiEC
z#}A?Ha@_Db;$-N$#LtmP_J%SX8t*&5iQ?@`HCbYgEe_qWR+%rQsRn2HlY3AC)<+cV
znC)<u@DaQBw*))t{`k?SKsU|fCLZ+rX?*V+`H$tVKFBNItws@%U0Jg`?7bgKmA(u&
zwuxf;S)M_+c_fqmQ9x)htfknZapLZ{BAYnl<eP~qQ2eDJmQBXQOB?oj-GVcRectv!
zsU2+`E;+|x4BWe~RiGB?ICqMZODnJ#OIw77X0Yr9vRRKLhzcF*U37a-Rv`0U2Ia?{
zjs5*l$B?^`^Zohs_V}djC3E;<nJzS~>(@Pu2D4gtNJ<=<9vXvs<bzM%45a2<PYoq-
zvbhlOTxF*1m=f<&(tM!4&?yhU-O4!5SMb?yEgzt`;hMkah+TV|saQ0(^K;rki=2Xj
z2p1`3oodEXWyJy?Uu-Fe_x@5N^fmkPw|jOYe7DZmF#|?NG?rB?C{K0NDlqY`%+~i#
zb0bM4DI`LDT06{kFMAxVf~`krhQAy1l<Oyqu@!hc&@Jo6h{s1qkXOdV>XWi_^i-pk
z$3k`nQcF&+BC)z=HJv|8c2h7MOhz75Gh0S`z8#MHu|OwNo@p|vCvEodnp`TeFtL3O
zYu-`$`gPw)xgn&N-T1(_Sfg%vq}4}}PjqUsiucF*wWvob5YY%)qF+^OHuJ$LP<>US
zvfbUFS>;^(P?!3B-8D|;X6?$RKX!kVLEmhbwmXUOPM3PVH+JI1a5B?8@`8ED!L<At
zBx*X!oZaXz7bsCV>R%oF1?j${eCxvNPEW6{&HJ=#jhJESo~LhhY9Rv$e2I8JOvh;w
zngz!CO!kzwAO7aWQc>vZb4RJlyj^0$G0V{H6zgK}hzg(y951#NpQPalC&3RAY@P>J
z1?&ea&9dvU&MuJoMrNnWTOl(iGoX08_WV5o#K6ep{<tT>+wGvK;Nz37DghA-o2oDQ
zB<n1|9PE*gD?8?DwA#(rv=C%HXT<T>UxP35uSP^cFvWt4ox*sx(ZH1L3!t0^)31jw
z>y}kaSihfq)TV_Ri4c=kpOE88M6|X-fqbP&(c5rQqHu6VE~vPTHJL2dv#&b)uB84Y
z_Y3i4w${18Sdz%lm;P44(ex?K>9~*=6eR|tXi3tk96pF$UIqIq>Krc$6zZ#vZahZv
zMdicrOA4ZW&e`X9g-vENiF_XnAGVk_ZA$6JZM4tkOgZEeXl7Y4rKSq+rr0A0^Gqlb
z*)084DhyRw<QOa1f;G%Y#yf$XGMJ3RmUb|J)c3m$U0&jwUZZyqhefxOK|%A~%Ucs)
zfjok(sm6fc_Lv|~B2UuPD=K+n?US@0=VNn4t4b)+Z=_>+%0x`zvro`77d>-<yL7=x
zyv8ji8Q$peyc~_iWMV>Y>d!TrxJZ;Ilj)S%nPrh)HySpBn{tSiUN}CMSdr<Yzc<fN
zj3*V3&7wnD2xPk_dSiV9O@F7ddB;v{vFid?%T7hCD%<>ek997!RwBR9LQ|2rWb<<%
zGp$Hmnmm(SW2u@oUu9=Z>n=Q2qhyh;S|YweJv_V=@%xb(bstjR5aV#XBQ-EPPdfzU
zxNVUlv+P?xJO0A^hUm~G%RX0Q{vGj2aqMy>YK~%lXE5g7!*b@G(KKx`gYohwmP_B^
z^7S2wh<#ps;aA4vVrOho+WIN6rSgK(SQuG`N0TvYgVEFMA`VIvwfdS@cX2mkz4HsC
zLhehJcu3e|N*z_P8P*y8J1Cn#2s6>Zui0HSTg`0kPPr?dpDhaOy|C7F8eZl|Pj#n5
zEjsv#c6IspqU#IGrUY@nUwCZyV`PD6@agzZIG`iF092uAu<2KCRbV%PD7wgmR+r?U
z$mMKDxzVsFpYp2f0<V60xeSc2F6Zogfl3*vR~y%#f`z6#i{y{-u|6h|@#X|XSMEK>
zx@y@Gqm!AeLMC*BcTD=EbtD1dxlLoSH`Z6w)Hf3eqBQX+M>J`R7(vb@jFxUo2fh)W
zc2{Et0S`3D!cFb6^KS(P=rqd(QJI>jk+BvReJ08@+}5~z4qAZoXtcrzeX?2PdSd3}
zT+NbVYni*)K5qCR-I{vSxab?cR$p_n(%vm+oPFPSsyA(+&KAn27m>q5Rf<wPyjMjL
z2U7gJ%{5K)$2cP5C7BVQ-l);&+Uy>$$jbN3lTSsQvI9Z2-KQuzS*J^_52M|}b8Dcw
zD2|F_BCYEPdrU${u#=gP8WL!f2bf+v0qX<X!U6{K_3t&!lF_kt?k>LNo+luo6DSG@
zh}lMz<Ve|Xb-!hmQb|_uAQ8um%}fG*>u)95q_(ltCa2|aNaqE+guPx_r;WMtWl<kT
z4e~%KT9E}mwz^}=AyZ$?g@e9qn)EYTKIRy&@O78SILUT58Ir|Vb!&S&iO}F@^)<6w
z3RJv&@}PT|`wuOdzBML_1JuH9-+$n1XWNYv5HIm^SOkUQ8}%FkhuX9}O?E`u#`@ZR
zJu8b>St!r@1C?S|{lDVJ%%VNbe!gx22KD0mG0ab6U{uhs=b358I%E?4fUF$e<L)f(
zy7*#y{>?tmo&2!Qpr+?HarIqVxBv}$_X<*MUdcZ<78IRe^L3?u;2G3?E*j1WT^@IR
zZ(sCql}8R51@4IsNPTi>8bguZppmPKQ8<j;fIkj51w5EhqyDu3i%vj(>WQ~xG$-t1
zkRzw4Y-gR;owYq;+w~$h>kT(+ay!VcupdJ=NiMT^TEqx+Q*#`ua_{aC1Vwrn?4OV|
z&wu{*O3r|P$fUpZhnx^a0WMm<8ow#$n&-RzZz}R0Ph6WXF8->f@;NwnBE->Zg;lD=
zC3SwU=qzc%eTY~KJ0E6<Hk2Aum%O$Xm3u#1A~H_pYIFmf2;^VCMs~8lcZ=YEQx{TX
zNJboGtM;R}SB2xS(S}SSZib>8&!8_xrt-}(cg!yH+&LiMrJP?+1T{D>F@$~YgDU1e
zPPmYfEt>Lk8@bVq8HpSmHX}ri9F#^Zc~yt%(QKz+;9U(u*)y7U4qa?rWeMuGxz?-X
zJ4;Ss?5db#g6g~Xtw=<<tvXYXiz0zakz-3asnQ37ob*qN-{5I*1}|SB-DHya!;|Ep
zT%OFaXdDOP-`t-_4|wddS$3J_zn3H~@$I}jShX%g6_tJmh6RcA1l>!$NI4%tkA#;T
zkF`)ZPuBXN1G55)UQ1-8yl(M$3OM6l{UjB6I!oDyo+zL7!xH!y->Fq8g?RXu<P}uU
zKW8~c7c!|_gdF_d8uBfRJa4g?Jhlua>N^R-whjQ<#*Hl%!&$nXd%llB;<j8IDu&Lw
z5{a2LwGdAlwd#)A5>aHF6;bz$^(V?ggcYQNG43;$J}Hcmt-iXPR#6wVUsr`zJqvtQ
zr)zp_S9enN!r^~}^A=k)45h|1KoYHAC@~MUP~I$rc3sb~PDVl!YfF@-;Lm5R<jq*9
zo<^$A&&fu<J1F=`>;vhrU#9BD8%tF&VaT!%ZfvqGJIlj5=C+(G1nd}ghk-4p<`T*y
zO{@>!jx5u9Za(ARSHGBcR8HLObsX00$H}XVQPrI<btKyxeL}_9;)}l}jveKZVaTWs
z`H9hhCB{S1zma)#cN4w8kolDf9v)sBsJio=E!Ef7!l>mCgUe9kWU<IA^RgDiRT|^g
z$Xn&Ybk;9MZ3y(ggcJ!SplDc#^4G$Dn3u_tzP)9F+O2X@xcVcQt!&G>3Bv>dL<8h4
zCN42S0YxQL%~HINTskH5di9s_EaOmVbbPYstxxQz7O;q6uZE;A=+_8apY~v!vGE*-
z3%G}53W<HJRE<jh<~B=eB}yM+Ib(6vHdUmggiyNP)IW)igdw9!%DI66I2t^B8(6Yo
zDF&=WF=9*TUk%MUmct@$${%W+R}nw{dO%siL5gO?4pYC;hf4mXCHXzHfI*(1z+kq~
z<*cI`)C&#z$^#%AFa4gY5H0sNr3nvfe(316s<R1wb#lAU%fxcGJ(DMwbi<CJ^^i0p
z@&LQtZ4Xso?OCdOo$%^uk@5YM0!dg-hY(z55h+<0blgm|xyGI8@V`snlm6tZhz73B
zO~qysb#A6!gq2CmvI3+}<;S0K2d0R64^7~zupygk+MLBa_WUVygT4AM=j-fua$$bx
z-}GNhPP4y`7#6fRPL>S1Nc>_`_>QE5<JywA>7cY>*rls%c!XGB;wILddfIMhygvLW
z>39^5Po(JZNA03K$yP5*5@}42aqO4|pU~<LPNOi@Sht*}%XAO##0b%7*(*2wdNHTS
zb#ce%!uNNRxiWA7LgaaHc9y!f6w-in1&P|#?`4f#`bg|kYPUZnd53nkJ&p%5w@UL;
z8_^iI`Y#f?Boj%umR$IIn+>*iX?NeoaYvlR%qwYyej!m3`$jHqqaj<{;LX)!(;2*V
zrcr6~U11R7wq~36)r_itSG?E$mx=rXdtFezbMr`pirlL(tUmmxzdSWZGhi>1ZRbBh
zZv}XkQ1o2B(>J0PfJmypih6h4&;DaNflQy`t&w#YK1ZQH6Z7<w*(fF<M!QV6i1Q)i
znJ6OUr;y`1^Z8#g54r1&@s6~NG`yr^k>eQ08Pt^`YVNl(5FHR4Asi*=RVob3F!b~A
zn}n@3(KwrR4J7P@6eZ1mZ?*Erxp~DAsQ?%>1sEmxWF)bJiQK~Wq;aFafr~?&rD$jR
z;dz7B8iaeA#D@6z^S3x)!`5JMzh$pPV}!Q_-tAoC%2n4?o6;B1dDFuqb#2}Iv4@71
z@!3)wD8OU+%4U%GAolu6t?%6e{qRVcUXJobf+&X4pcp@yz1lp9Kx+S&Ih!OM&1`&Z
zF$xcy+5w4Jns$kP>p)-oe)CsasUL}v+HIaR0X>JCA-oHR2myl|dmSFqm<`4d;F;#@
zVV#`F{b?kR$#{7E=LSuDYkR7Q6L@hgd?U3cZV1oU>D909f~^bLVL`$;l&3h_nbTn_
z7jY%Z^huFQqnO{@+A!I;VvUu9W)*WLj=+PNG7=t%mJ2Z+IF9outgY4V(Dq*?&0Wpt
z5B6J2scy8G>`g4Ny1+~^xr}*iDbltIWO7z3ZI(UTiE@KfB_t;U$!yY+uIR^#sj2V{
zgxoG|u7?rq;d;?Ng(WDP+=hGXzWymnyOaWR{af~!#pXA$qPERCU7NCF?5rskZba)9
z_q$zM*o=0@<&bGY-1)hvkiz(p(N}|{q@gADr)2>oWFK&RwVDYlwOem<$wTozzoJuQ
z&W~~J&3!%i<MS1@2Cn^T7b+MpP;Lo7J}1ls)r~PAJ<k9(VqE*(4M~v41RBa*RTfjh
zt1AeRf!S6rWi*8_uq=`8>`WH8pxwa2!cJUc6HCQ)NG}cp6KeX-L~+)lbi!Cx1|T<M
z0{OvE?xS3uFoDNhReo2oXs>A+6m4^PATHqlnPT1v=XDQ1X~e?d{)!dsmT^FqavL^X
zB*)o@Okd{<($g=`0R2D)_`vH(_apAot?3KT`^!Dt69J^yLk1+~19v9MGA6A9Ya6td
znq+`rd@}3nQr$t5+(Rs#dd;D{N5J@TbMuUEK!9+i*(jF@Fj&?3`ho(p-7#<ScTo1l
zVH-6^xDH^RmU~KJl#m0gRzh?H?8aY$S<zh*MJm|74$|wi`I55miHBxx%QiPb4kvqL
z@-uG6C9YA=w(mHgBm$vOyxlS3bs&LLq)|^n7|XO;m?^tl-66u}b@w)bz5M0=&sFpo
zSk*Zm_yb94L81erwH;A6l(an>g&Pr=VmPK{u(-ex&!b1a)>b*ph(mAM^5$+dTT<=U
z*Ll{@H)CIpqYQ_@BvZKa%9gmhPI#bI(*-P&ba=f_=|-W>BNR9^l88oIb48qBXf6ie
zVR1CIOq3VIYYUpj9|VPT51JaGReyU)(e2cC8TYa~BtDQH1pBO#NR-^j(Oyy15ON<0
z^@dBl1|)Q$$^6Mvz-NHcHCnMFwp2)9woevQ3uK%*f%k`8GO_C;vVbZnNeGQ<%?psR
zE4X1)_D1oc^O5asJ$wGzNBPUnJ4p~r&iMkkS%J<i2?<e4XD0&4+6V$+ZsbL>qw<N7
z5404H83O$|_Cff<S`>HV2bdb*D`|B8kC2u3iE<k#H6E*8DS!tehNr(oe#0&dj6fJN
zzuN4NwKpe7Pyk^w#_&I!AV^=|zI#WdCXBS&fu0uFa8dG)+vJ~e`F~(Tpx?yITJ}hU
z`Ts1<<(HidA|y315cz+(TMmOEPw;qt{>w}hOun*}ii9px=E%?xK@$xu3&6ARyZPt|
zXAU7>m&7)~Gf^{L;HeqS+z4C&4`&SX-vtQT(0OJ&Rv7m9*SNFQ9CLO_&~XEw|4krH
zW=_YypeLgh`amO=tCE2TVw6m%6G~PJqyT|>OD5fkp+GGw_|-_-osn{-4H+oo=51zX
z28RT;Ov1GSV2X^19niQJs#M_a&sFh(viazZA3*y20Zw3-VgSfkwuI8H->;L^B5v<j
zFLn6_Mbo<usfQ4-p#fKbKd`vO|4$Z{htq|yo6S^@QkSz2P$f<rX?TpPg;>O=mujJr
zG5xE64%iAN^=N?+`al9V9@N(_6o%`k(;kpvKJV~oqki)$Yop%rg4S?2(a+QK3Cn&U
z*kyDont8=y-lu`P+xiMp=cD?0pCUn0PFCz6H%sOC2aP&rz%#_wsJCwi_fxhKK=h@`
zOa+CA2Za{_VY`;#0;mLheSP2laX6le&z!K4YfBqlEt@UCxaH#Q!XeU9Aonm(?L!Yu
z_}K@%WWS&lyNF*_qq-=^goWq8MKC20p2E!l_7x~Q&!nlx<GvMGhE=G5WCi6K6y;?A
zQIph<6mZxDV!zAE7NU=Vno%$?Qlw?pbGktw(Gv}SR1_Q*-oG^djTs0_YyP{qZ$e8?
zwXZ*nAP@SLnSddKw>gw5(8}+(yt9)p4yH)q)zua8hYue{iF@(G^l{1yW1`Z1nDrss
zWcG+h9lcmJPTT3U2=~v>yFsm7rdrB;lBW?+M)G^-eUQ*6RsoJZZ6Uw_WBH(@Z*YHR
zkiaghcM%Aa73$B+4f=Ac{@Oq(B|Aqm9aRfpSTe4=Crh11-*In}$gVQm_q~JyKm52<
z0_G}B{(ur9yVdfOkKj0|skP|SkfY|{y_~>gbolwf-9%%Z{345*XZG3aPeHA4Uv$oy
zftz?-mNp!^HQ_KB3OdB?A)}(QxWnl!t%x>H_N9D3JQ?mjnheC)xlnSKUUx1ZHw9Ro
z>*Pfs@&Kw2_G^ZdgW?6Y=qvsEe=Ej}{A`L-)$D&gXnlF8Q+e`>^e&_6s*BBqN2Lkn
ze);0=f*}^FM-ouQ0wN%}JE1pJiqw3AYt-$L)a?t5#AKPqpD@Q>Ys{slaym*$_9t}p
z%8}#27!iT3Hv5`(^5j@{e=6?kGWU~gc_t_Dp%<H^^4wqQv4k%iZwwa1TCeqBoc{fd
zceT_XPAQj@y8)#{V()Pyg97Q7lNqden=Hy@poVL26+oJ_p}qq}0pw@T1lRk%D=afb
z8~QwdGaw8pxrT00iLB=S01&Fzw<cQSc#x9v{DYu9E5CfU#IW9<j-Z|M5o9M>2SAqL
zR@!@KDXgtjt-0fVr7|8ddi9xw25@@v_y7b*rdpHx*4#G&m_ZAcxLqOArc;G^*M(wB
zlZv3Wv$TXk($r>J(wMzT@2=)?EsBto)pf7EnmyP9*cR@j<g=**p!$GN46Q!I-X)dM
zF8Uz;0cQ{w+T5izYrXCkqixxVVh!O&i+>e>z>?=SK)g-1TB8aZP6GJ-{v?rqU_=+)
zs?26jV?=>wo!+ArR=z|=;7ns@q4xO>o3ZEbddECm?62v>#N@8$drqsNNhXA~32`U7
zvDC_?RxmE-I|jZ#&=s6;=(T@7V-pS`Fg4RvE8a^g04`F%t<O&+76&4Sin-CayF&pD
zSfB$uV0S)-Z(?nWz2bJeo;AYeu!-4mqULnMAS4U}G2BYDKPrP;2eOmfX=Gim8)n}c
zN-hd6M%*}0zct(5vtYXeZ*>K(m8pz^L>?Z!suZ8VtzOs7WJh}IF@62PYs@;kzyHd{
zZzsE5$)_r8*MDdgcIOn2p$?+%vaFje`cXZSZ$Q;>*!H}R)WK-@K3FMq>3}X|$>XG{
zWqw|byUOUo;!MeG_Bf-=V>VPKqdRxW#98BNKlaSt+IrL$_%c^@(L`<9sGI&_7aVz#
z4&tsEo`ZFyV5lC7DJ9FU2nPw_4q$BAW0k4+-uwv$YKjJifE5ZODJAtLH<dWjkOp_a
zQnWtQwz3;X;ozi9+XpxqJg*&81w-<T4+cX?D$)s1bHv<i|Ez?HKRj*TXufJzzDu~_
zF_+_o?B!XUmNlrgYnW(xu@=dDkUSOI`1(}*^C>gf7>J2QrQCZzaUa(&mFXdcVDk*5
zE!kJVB0O*5FjeG!RgKS~DGUxeh3;A!8cTwjdfXPm3yRI{$DFh*s=%R;o_mC6E-DoZ
zB0)JIhz7=F5onu=uZWGHM&FGY24wP?z*A|mxpmx^QDHYWZ47Yq@obi~F6Vn`bKc=N
z+^W2|ytCV)G-2wNdO(w9{JZWIE}KcNx2SF}V%%IZ(9ui;5JNQ>Ag%fn*iIBVwPz`t
zBbjnQ4}iH9ahhphHpyGmyVP2_1Ul-G2Iq>cd#R0ifPBOtbl31}t6?{=SG)_Q7FCY2
z0rG{7+RYTGZm7(u7gHjU3kOsY{HibB1|aP?-xO6x(rSF<e#M4^(o==lbMB}NJGL$!
zcLdNnZN0ss!)HCV+j4Gfz_DBwNCo(XBnjQ;q)K99N8COrdHZ{NAq#Z`wahxEljR8h
zXawnPJ^=wp*Qfj698%r$3B$urWmIdlVQ}5YKG~N-*1s#ss~rR0%R69IJX3#4!MS$4
zPPM!<X*%k|jgNxXrDoaa=XkO%H*Pr09VbNq-yxLf9}lNctX>O<tiIqLf#j^}0$5S}
zZV|<b1_Mi)WN*CSx(@P4WIvRO>>_|;AY|{KE(pPhq&V?9>wT~CpZYS(L?@;W{$N}A
zOhON-&?Q4eJr-K+l9YEn#4lMN84jKY$#8|GWT?Yvq4os01C1)NV#yt)q;SsEgGh(~
z$=X1EKh_u83Z)Y}iLWO?)OleFG>yP8fp1B&T$49qsL*$oVM&XQAUzm8H=I9D34CAV
ze9(C71Rih5QX6O8+K~%*%9+CvnrBK;SY}m!e?ypa(SX++r;2!66s$GxU_`w~g0Lv)
zbvvvkyXs|DyLQadQA7?mD@{M3G+zGs=3=o7*eS>;&p=6}SnB~RGBVQTnF+GW)At;<
z8^28at;d`iLA#sJ(w)N&wfu=%F|4q%R);VwV#xz~9PB=`PzK!oe3dG<*5V1MO)8A@
z0#&`d3h0?3zdsvWq_+1rJ}7Vu_G?#_^{P<);1*QI)YjH^xKl7yxvtb!yyZ$s^{uRg
z^4J~2zHQfg@XI1V_Oznod5p+G$)?bD2B7!EzpS!MMpCPT>b3I5k&(ZF4>SaaDO<1g
z_Udxk2Oa7F&QGq1h_JgG-rZ4sSuXIMDn%?efd`Uk5=*`!ipU#rzRFm_Y#(j<y7#p6
zTioFYGWpnpFrw_t&A4>_IoWMV^I<zW-URYzOxXbvl1}ofb+HI6#+}8fA~oyf7I!Bn
zH(vmYQfA4CenQ&rF3ui3JrKpg)K=`<>Ud>Ctx*mSA~OE7oykdCQv6;|6egpAFVo&G
z_g4}-i3C6#`5bhz@KLL_Tmg!xadGl@F30YPw)pFH%IMx$L>ym9n|HA&BwA`KHmx?L
z;N5Tb*?`r$Z-!{VGbe`vm(?uOWU3QH%cUL<JPl^Ii2YUzjK<*$YmT+rY2G_)QDj%Y
zf7j{>pWgHJGzq)+n@;5FOu9);eMX$dVARb|x{P{_0!X5**^+pZb{)x_J7?>%s0TRB
zt#Nc(<*KaEIdkl~`0J~jle2S{2)m6PQQR6p<UQ^4ldgBz4&j4C%3qPs676jJ{EgmW
zuV%|ipM1J+Ypjy$_Kq#Xwc0|tRu=&v#{<#LO-x8VnJpLjQ3JSvuTkRW+LT1<bKbf$
zI-$2&NrSgeds9aXj8-oFSo6ahldYM{jw*Ggr()%D-$xHKSw&&L)67PCEY_m~s^K>V
zy{_B~VirTKP<&`PL5NpaQ@psAcv>^+6T4N*lgeaLdV`@T94PzY1l+-(egGIMM`qJ0
z_2ehGARFTk;XqMxZ}!H}3T;^?7RV63i*e?}ZH_K!j1|x*F$SoMo(N(e7wW7Y<g5zA
zVHqFcfkYN8V5!eal)Yd&$2)lAtTp@@93Q+UNV)S8Nh<7QWcT?;^=+v&8<1O(ycs~K
zj(r!t7W}up2|pNz$*9vAMgVxbM+K{2Z4r&BOJ_lrO4I^?YdrV4yLbfvOo`Rw|L)G(
zdW$NZu{&K-kd1$iXat=0zXYx$34wqKXrS_h1VN;Pi6X)Z)$R$URIstb0m%~qW6WL{
z!MsdgW6Wd=A9y#+^gc26^oaAC&HTI;kW695D4PG}S5Q#k4tSI)hBgG*X#)P*?fz#o
z%^uBlZ!dwbW~9JKdh*Rgfjgu?MkXk5YqrZX6LN6Dy)m2`P_;jo20*_HD!?d;K}$<(
z0?%FBQ-cySUTsNa|22?r(TCn<;{7CXJithV_%Oc!!LX5e1R^-!I9Ngd0H1XD$NYe?
zR07lTeJGMkFbIRpBmTipJmwvs7|mq4aC%Y@N+%NEF#kiX*z*B73B{@~w5}i`ehlXW
zEhq^3^fW4w<f*U%V*PGZ&4087dkh!BZ~wpDDC~b5+wlL}Ysvb?xOD^We&*vxYzkJ*
zPiwzD?4Cl|8U2*vLNAMx@%}Y(GR#kfIiA%nLrS<r;%JkhX#g=5K=qoskR9^EF~a}P
zS%7!{3n=v)zWK+Y|I{N+CO?kFR58F(wDmvz!++5{E;b)_3`pd^)GJE*`up!hQLO$;
z-VRMEq!0u>69LPh5Kx%Me>8YT$m5nPu6GTZCCS{ankd&BhSEBJ6ciF%{zru!i2vp_
zJ=(rW4Bs&73KSCi-r#p=L!L!1nG6i2a2Wo3&2)J1>iU8eUp%hM4q8^JHZIfMu{0t7
zm!$VSn$hd@xN4##yuohI9ojl*=4)Mq9=A3Nll<U#j7&5x*E5DePe{J-3kJZEeaj~+
z-vl<=nQBWqp4(FVMfV$XjYJm$TyDZ2jkvADCwfUoM+yeeMqIZe@lW$Z0t5G+^V*`M
zC8(v{<yctRkNJVoqU^vAEB^iT^KO*Z?pUU{9Z}{j!n5VZi$wv@(XD=PZzv$8+iO`n
zhE@(yN-EDoTIK&d_I{7nslJkb0ENuF?6*2Ks7&rjF3NQ$-3DDGG@aL9y`<BG1unmC
zU>HpkmrPGjmv=5^TM}gW-S8LCLjhg~&wh78DCke;7tl@(<UQa)3!E?E-G+cRg3UF9
z2lV;Xv<$Vt#61VV2xq%@c0s*GYSn;Vc)V^8CE7mR9e7xuf5-f<;%5+Lj;>bgv?D_3
z3?7T}VyQgbTvSS3lcv*FI}?-|CYaVYtlsGG?Lc;`uC6X$lfY%bc)tHTpje|`=RB!4
zcXQp3qrylpAzZp)rBepT=7k^JA!Q&!0sR4#8l^bU(NTz4QTpR(<XUNH|4a5GSPxxp
zp~yHOWqc?7cj3KyF1`D+XZ%nW4T3wj>uacD9~{9yhy*?Bx&ykUpDv-e??Fc9qvK!i
zYgAlq5M<;}QRI>8_ZmAt;Ckdprs|x1ghNE@=mInqpilttwEqi^VesJDuJk!3a08v%
z&DmQ}y4PKXrUXOT(>v$vKx!iUsSl`F-z((53?t<B2I+!4#-|_Z9ryVGuh5B2i$?((
zS7oSHhDTD$k+aZ{vIDC73pR@dkyy`{AZX-vb;$UKW~gLO83B%<dK$sYz(UQC2s`&-
zB>Vf0C24C97mZF{U<$BQD+}VcY}o7c$Q3?ecL!i(vX0&Y&azYEX?B6JMh^?_Sip6B
z86j9}vktoSc>y*)a7&)6`9H)ilfv{#T;uL9RimG541OL?;U3Af)(e3KI*E25_udH(
z%M4I??nTe>RE>;)dgC<`tyWX!X4NodLB)=xzGz!i3>Jor89#j`KgH!Ho_~<}j8-(r
z0%!LJh#%<`Z<P6yJ{6AkF?qZO{0N)Iv)7=dUUp)is8$AO%d-k)BMYzh?{atou1SVM
z|7+}zc7e~n5E2q@jaSpnL9X*sNUl!zCdJRV%N?my#x$U(h2Cz|-%}_8UOprvOL2pM
z?EQXa?)48nHqwOl(KFZPfBP;*qal>=a4stVTY;j`XKGDzOf)xlOmMdp0L|pztNK)m
zx+8BbnJpFs&(QmhRMA+Z-P|AU90lh>94I7Dpj<u5+_a7?%2Xg-s5EnBJNXDU*JGQ$
zO}}#*M&i?D2H#yqur>RZqKd|@<fe9SKm$pT0fhPtpS{QQg*se6C=}!`lLB@Q(XI1-
z;xhp{P^0{S1zhrc+FyRA1Zw~*zBL&&I7oRgw|F~aTR)XD96RV4+=nxpt@}Kw4Sn0z
zcluOaz`~9TD$q7@!glO^-zx)CNY=^3Ke_BzPRla^HAAt&I50OWdicTTTrAOfgR#^3
zo5TUND4ESyp=!B}5`ms@BetEzz#*Am$^y=JX29de{Qy{V*8h%^>p%TSqgvH5h{py^
z&^~s;35>dmqt*=RjVAA`i3RHs_+-&;MA*?CZ|I>5zXP4de6ggZrC)u@q@0JMZ;2T4
zfReS&ZvUCb!ywcbuUM??1vq4X1W0Z>D8OA~a~o2tFS%i9g<``T@cBg0sIi{zE=jZG
zRh$lS9%zFS<@@cwVF^rzKTYF?u+P`ypgtUEuZ#kjQ|NXQ_})G$;?$t?C$tV<mwQ>9
z0@^eThx|K_Of3EomHUhNJ(6-+8TT=CblwT~7*8Da0s~Uh8(!D`ADd;PX%O}D31~Oe
z+O?Y}#Y(rOX1~As^42-9gLbLy;FZPQr6I<=;d<QsdNaPb4&bbMQ9Ym26@1cN4uuP0
zLFrUvc+)#@WgQ+w+0*u;WMKW5e)B)s0>P#Jce3f?j|}{ODp!62N;m+mB_;*Ma(ZCd
z>P%k(7PkCd^5Zq*n}Tf&`gz3IyO<;&ef2L-xqD%y@FvrScsw{w@Q4z5bR5mu3Absm
z@8_Q<9=^Na_Qg1$2e4CRKg%sIOzv9=q#NNJY_Bw=Tg+Eh?~dNeE<sHE0QL|gabUhZ
zC7|nO!ZF%!ZsTL7#+ktIpH6xf3_#=7kzV?v>H+Q?1$yV)SxL)NI%MY-slGcLb~37K
zYyQKEf7^$SSeDbj;oE%0>$*6Tnw_i6W-7J4vDm|xW763b5{wCcJZWZqUg<716o$W_
zil%%gr^w#Chhk(zq45bEO8>+5_=s{Vv&rLx3ovv_NYsC|?;{Xk)IwDkq>h~Zn$AB3
zug&Wa?vP*(agr-DRot0*j}rmLsECsw?_NUDhj5FBdpsm6aQqO@^y+pUIcTJU@@c{}
z>2V=%_PM!daQ;E)oxN<xI)cP*fPV_37K6OmYA8!L3Fd5Ek1jV&{8UzgrqL=3?rD2^
zM)_E_x$>X!^{%^5A%!|FTy?1ta~qIl@(Wuho$D2nEpuF$=@((1!~H+aD*TY0cWxZP
z#6W{Sq%0l`SNh5u`J}$-ml+g;?F$S95fpYDh}HYgo2gt<Y8GaK^9Y2Ootn^guEvoR
z5FI4=>i-sCWE%x-EH^|7=lpcmvxHCMK^$V8`g;C$qUIo=HS~w>C=PdYjS+kd>ma=o
z1ilZ#(;jb0DC7}EFz;H~da2=(lKHV>L^%!vd1%8=ryOD!&Ue%1@#pljD2wwl+3xhT
z6VZFmSiLpt)u~Z}p`Bhpw0oSiV)owTmI5igR19^Js5Nnv2p2m=^rMc5xZ<Hb1Lmc2
zwR+|PZ|Pf*1n``5H{(p1QLvh=;KJyHJq_Y9!Uphgyj28ZNy<C93gZ`^O&TQkO|%#>
zDe4;6ei=AtD3K%Of9=$Mk%;7fJtS~Y=aOK5qy2Xdt;a)hFh-wv{>{6I8QexB7Cw$f
zS{mVNZC#qYI9nk?N~)ysnp6Vk;NI1)qCl!Y2b62xJ6Z?ri{JNGx-32mo`yWeLlZeN
zSQ9a;uHp&Y%V&91FRV~<h<3_nYN~}+)2D<lor59pO1^wrg?AW88=)wRC`(ibBgfIQ
zQ^X{VR0~w!Wp`hG7)KA+{UMF5K5yp}w|`wf;i&|H@CK=uZ?fGJ1-7)a$}lwEiwg<{
zJ)-3D!d&mU985XOjfVAZd0*;GOOBU)h?z!aXVn}ETj)w1Su!u4S#4>+SQ(r7%iP5_
za_3BKVJ}P&!C|fGKi=g286nH2i*dgfK=ef4O{@Bh)DPHSI(#U(X1n@}_F2#^EfOF_
z+n}fJyf8Wc%`<M-q)3*ErW<7ip#z*cUg;1uq#C2~3Y?@Q*&2xI2COlME1Sc07~g7j
zTj}8mVy<!}5iI_8D%dBjAD@pr1v_)smuLPWNjw<HYXi@xySe5($Dbd2>sZ-L-Z|?o
zEG&OWcwbS0i%fi(WMXARf{Af)`dj~xdM;vJ*lDZOgQ#(mGah32B*`S$`qH7VuuMKy
ztpk&{nXqonA@}QIgk$DI&(jv?q@>@x-V{>p7xi#L13^BvGBt5<LznL1+Vk{w4wb48
z`a1JTw892Xij4REngRB^?b_<1*<QpTKzIdRpkj8`=x_j>>7$NJ3k>`Lr{~W~l97gW
zcHcD%Ke`{UM{K!;=%!mX+qn-n*^<8$?Y_L+XDw1XwBWrA+xKeyF>uC8n>!1Ze07zu
zA)1?3r4kR%aJEGBJ1h(PGqWm-BsQAijn_7v?)c9WR0#L|X@xygq^pJ}4q&QdzZ3a&
zvmK}76KY?j`yn%K9I4e0dd-n(LgA3mx~OdOUJ6{9ej>$C$zH&a24~u4lAe`0Gvd<q
zxz{|_wg-I8RI*oS#m&!!r5_CUCsHPj*B*_y-Hb{?(TqFg)xmO+7RqIYD5@JA;eLx<
zZg&l3*JgaDDYHo5X|5?%IBM~ILf3m4X)K?k&k>C*RA#;@Pd#fzX3>%kQGVmqr^l+R
zDTmX+-@oDqv-;!brylB4=8XghYcyQD8#sN{z4vJX{TGL8{(T2@!35_qCp=%YrQmIQ
zB0n@S2!Hk~0nW?iFLZ1m_>Xa_KC^!XHo5$J@*Lnl%x^y7V*U6lTn`nxyORz1%m>!s
zcm*O?b(5t3dMxS(Vj3x+%b!w*2QU8MZ~>5OoX3bhM%$t>Y<WZn@?!;oHIOv@*CVPE
zY)_B7Ub=h-Y9l()3e+-x+5xTaLqGqITaR<k7hk6t9qDe>605%<&3PdqS!TdH-^O<O
zDd-RPvZKPA2ngl%9l6+#M{$GwH)Jo%CGZls1!J)3Vxct?hNHm>fV&SObQhxJpk{or
z8Va|KN!aD!p4(5DLrT;`G3@vWf$roaOezSYZNkQY6ZKHom-btK0z#$aiFC!)IS-2P
z;hgo>QsJ|{zSV2RsxJO-2esSW2}Bi*lHB=5;;$qq;3Rf4r{~YP)fhG|a=jh&?q0Y^
zzrn}?IVLcxgFkEE%!I|`sy>68w)gx&E9v^~#c?Rx98K7+C!@h<vy1k`<L@g$EQjb}
z6IuF78xmG?<<IWpPVLMrEZP}U>A7`QQZUeP75Fy4svWfy@wkL11Z=n8ELWgOE+2WP
zbjzkGVspC^Zp<w-*z9(vidh(QSHRgIhJHFpKx(nX&m#ZlD*XN^x4^~R6vE|iI!qaS
zl_4EEI1vscQNW~phjLF<ot9)|`O5^p@XGy%Kqbj=p{sL5&KG1iIH_IOo3<)yftG&4
z_evsfjExkX9~biC+2C!Tx-{!E+4oA-uj(9d0)uwvy16hSXy_LDV}h;wPs-hIDc5Cx
zJ)Ntj_U!ph+|_KCKJhr4WE;7PX|D;h0>!-!dH=!;j}==L%n=r=RS|DxyNB#q1t@W|
z`3|ZCdd^ghw~r$qKJ`))M_=Q}>yNQY`iP16vLGbfW+&Z9d1_$Ri>mtQlQdQq;^RFc
z*0h**VMvsiK9hZ%m?(4^6RMX@>)5w>e@|9q5V&&?-ceUoabNIb&=(Qmx+Gq^%A1X#
z%fa!RC&GSy$E+RvnK$a#c*aqOi-j)|Ibo_Lz8Xfz;_0{#s(fqD+g0LJ)}2b-Q@UE0
zCrtvJpG(A_4kK=H*>QNAbIvHACOk#2aw_S%z00}ko||5kXtD8?FAD182no6+%#E|f
zQ^ebSE#Mt%If~wCq87_nDc!h&r?;+046%1>7%djUIa}<X+VaY)Z$GSdzl^MDhKuYr
zN=rMsIz<n>vDercayo5DhgfYLqB!+Bl*#-wk#l+%yRRQOQ~si&L|!O*2f;olfl1xg
z05&YCYg_-XYxK_pM_-I(>gFZ$hO!MOcy9%wg7~|;LLSR)&X=n<oBoTSNaZL~Yk5tL
zb|zLIs!M4OJ$|Jd@yBBbnm8u=jZDvL$DgjmPrS)09^(I|*>A-+j3s#;_{+?*wf;#7
zox~kC;#6RZ%K@Ts)1^#BKGU}!=_|R~`sVcb;|2+OAKyNljk6Q&dX-@0DxQ6&NZmce
z=YSI^sB5d$N7B2}8<9=aQP{`I@DN=aRWZI7r5N~Vif^}LpKxD`^nw{7c^5}#J@_k+
zxZ}ArUpQsXm(nBbO3jS<wa>X2jESx{!~+gb`~!$*_OK9##R$97>WLvRP7}7D1H*ZT
za&dIUMvfo2(RmNh4t)Z4Oqniry>h+w<LB~xFkn}=osa2J+##lEC*EJy%svjBF1mhi
zJL4D}G2O<ph&i({_+^q&Ef>N^BO&=ZIg!=hD8$f8%F2@C#d;|&x9Nq?feez5E*IwQ
zoy9nc&$RH*g-xaj2ZB3M2eX4o#MRJ)2Aaw}sS2wsD@Tba1H7e^1|uV!C0<K2BT161
z&oW?RpYwgUwB?%Dv0o&!*cmJ&$pHe2-SC497wrD4wOu_Kbi2se?W?nlV7%}%We<%w
zuE3Ay_C>jWD#?WjY6`yn>R+;F+aP#ZxnCtg@GViH*jWBZ^k!0T^nQ|UU3uc=Hv=ur
zCGLEQvazmH1D3m<v)qGvyne>1;Xb(4tIA-Z@7rgPiS;c56UWf*9lYTyUE3H{0&D$p
z7rM^+?xY94W#!e%Z$i!w*xc2}+9fd;p~uZ>&pWmeWbA_{gH@gQrGJnaUtM$K^e5P~
z7#2LZ@|f70u9m4jPnX(#cVcw9WlJBcZC3K9a|bWAdH+QEGfm8eW})lEg~wKT_u9<#
zab0w%^pusgg1p-53H}@7MtAg(efb>a-Q3AEMuTg#j!QE-i?HkbuU{*<seTdSRbKaG
zT-*gZ<IUCLr1G6IVV>O48kyD8Yv{i=q!w-(-?*R{NbPrIU7D@GnRKieN|&p9Yh7#^
zGdy!yZFqB+Z8QYUY?)6NYxKG^(an!S9>b{jlh2+X3VhnYy?h&#Vef}<MS}c&v?&xX
z$u2?VUbSeY_<$-BY54%l|CVOAox6f|T)khOb>pnN%$9N8d+z|-!y6XEY&Mg&u}S3$
zZ-sAl#MFs?A;2wQ+g`)odEuQ8Tl+;Y)tuw0cfmd*Q+=Af8oGABA^fa7KeL4@Q`fE3
zdcz10#fuj<VsU}U@D|FUJ^9~dhRU-ASSp^kw}qYyzp-_@^5-vFUbm>29N**%jb-tq
zYGpUbK^!1Oab-n-Rp9&yk(u9o^XV)$>$C$arhq(A9^%Pz(#$qBMGZTzL@TU3nVpL<
zeZi`PilR}A&O7wi$0pJp`{C;=dHm8jcP0_nj2U}7w#iEz%+ot}C*1id|JF)LHmBKh
zufA<R#j`UAja|2i-mK(EX4Rl0t1YFIJfr4K4?r+%1+D$rfMF~2T8drE6D1Ktdt7}#
zh%P17>6K)xPw+V;Qj$qrX2EswWpf_StA$zrw6y=?yju5hhMS4+`f0+ok>HX^_@~k%
z<*m;g@wR@`o;+5~wfM<YF-j0dZ`zpyH#^7;yWLJ1?vO^Tt}I-4TVx<|9Lv!sFSqQk
zYP6Q?4EIDKCyK-wFON6NxFuefw0$;gwpt&B*&qCLiS%T$U~9vE^jV9X&>OW%0tVq*
zsg~o<Wn2-uYC|Q4Z1)~d(xxTG8T?2lW@fIwy((2<i{50KQ48oE#7P-cZ9TiRfsaSh
zt@(vhP_56udi{OBxSA%8QRwpMcPOe>HNO;zAe&h&y<s#rc!000L+=;Kw{9SJ4bODe
zpRG?KOfedaIQ|MO7|XO{afvOvs@7ik=%L5;(r)n`J~@9ec|3D1qIYA#p>9=-$)o5o
ze@zy`zES1;WNA^Zl$)a~X()=aYxb<h>74Owu+-61Ys_wIS3dXEhQ(~?E4{?Go1F+-
zvp=~$pdE&fqEna_qs!CGY&Uv^ucXI!)&D9oFJIfkZzO1|Dr|FDwQTV`W<YbtlcFcU
zzUiE~45QQPJ#1*w3#TfdtN$DBS19%LYJ!kACtY%+Jg~Nk2D6na=N+lzO?;)Hwdeu-
z^f9E=E+3<ccA%}i!)*oY^3Fl5$6;`~<F9?ZMD?`;TxompwO+>;kC&IaWc~`(1d4uJ
zy^rF;iQZm>zcidb7r1$UXVM%oa@51N=2*9Cx|ZFbTWKsQFme_!J?JE;>!nmqvsEX(
zMvB``j%;>e3pt++C8A*Co1$67ZtlI7s2Q(6W3bzxuX$j6ZoZGI|KhpPn>_Pp9orRP
zBCNbI_z5fhvecySRmjNFnTB{|jum-NAnBF5{h-i$@2LP~R1|PH^&Jj=GOuJ&l}Bu4
zcQrSA;_yS;FD15)ooy}1KG&2&pM~%_j~=JZ&)$7k#nd^hwP4)A4<t5|xMsZds6bcZ
zY1B>LL!=ZK;wNW~9>a7mv=DA|_zdsqwYyPI<~@9B1zXQ&(syRC4XRZ~ceb<^4@=&z
z30!ECF`eYM%ZBj3O+yqzpS6(L8|k?CKMweg0lY71a`M#in+s;NY9+lhp&wnJ&`DnW
zvdKR)HXq75lu=j?Ik-R$E2-)x->QkZ5F}eY@Z0rBd`7)~+LoEHAGx`V%)EyuF7gbu
z;u)6I-xT8{4wUDc^9c`{$gwo2zH(=MR@EQ*!D?{t6<C_UYxf(rkfF-3(FQ>Rfug$g
zf^?+D0*e!=(WW58rSiAuY8T8N*|?kpzIv0&$i-nbs?!B*nc>D)&RvVVCkq9*NGGOB
zdKKopS;*rja?dyO_eWVaS*dSzVXBNQyt`7YKl@vmT^tGLCevd%v%lc$fuEkne9ZwC
z6$fjd01UT%_vYc^uC~hSrr73?I1HG5YR=lN1DR|=c(L@D$2j+^)+j5sA`h0g5X9Rd
z`tHTAgD2jOH##Qa*UHJYW%d*f>=`a4I`1hU-%K3aCQ!YQW3Mg{+J=qrU0iN<UtoFX
zDa>n^T9=x-yA96d35i$<h)e&7_{s5V-#?2<t<}ETT*QWN(M<?@rt!&hww^i~!4~U`
znY@=SKQ=A5QJ0=LC&MAn(RV6WvmSn?8o<+?pYB9{t(5aq3SAFp;|zBaWst)6t@Mu-
z<L_D<L4t=}e#in?P938!2P)klF-(g&mYxRK*7{ek`wTk0!UpMWiWb9Qo`>2W=$KKU
zqihj6@)A^McWp*+ydc4=4!XymaJ6i}l{&*>74gZK<`a8~!<-(9$4}?`Za7CXu*ClN
zzR#lZ7UeW%BCM9P7EA$ys~Ls-?k{|gSfaq#s^>M<i@)~GERF2t8sH(#8Y`2-$U90Q
z2af&jqf2>DaIzs=sa6FAMod%_xEXV6GW`~R8`V8Fx(1au^91I#BiGOBqWTm3a@87e
zraG`wleUf?Usof~=lRl$zO{{9UPVGZ+jCFvn$h5QXj?L~o%POt_iX!ZFAWMD*m$&i
z@T1$YZXE1!Bbf3hEzcIlY`;tI@-obGDS2l%i9Eh~=ih!HWFVp1{3LW0yKx}Tm`DOo
z1t%e7WV{VoZ6jiBN{7-Vt{Js?rK{Zkpw;|0oA8EKnLFa#CQ4_yOqX7l>Ddok6k2mb
zZ68abn%R(FNcsVrZ+PN0x49Hu`)|4FZ%V0f!&L%aHJ-jViWDw`w8Q<36kb3&;rNhY
zsPJ~ch>1VFJqfPAI;I3J`^K*Q8(;gR!vUAcE5evvpV}_hV20qtB77ElNaGQQy!So+
zwNAeJ50ftaU+!$huRLzmC;jxOG9Yj_E0-8=oKTNiM_y+|Z2My9`r{q+yS}c{vSFxN
z5xZrd9SZcLh|?=I<D8!-w`HpJg)}Dz+qDO?=#4NAJ5$FDm!`5QrqUSu9`WQRNe;gp
zd}{F<QmQMVSCgXob2@_p@y4v%ezl_LJ|%?)$1jz`zclH4G?xpRjBZwRS<@Nllj+hW
zX{Y9OPds=gZ}P%BuXBF+`tmon28+&MSc)h}4R++DVeeS_hU3>!bAZFx%HggI0?EnM
zas)=w*7ggoTI`P=ON8RE^()qHCOW$x)Bfr@7S7BNX7_cAz=zU=9&sq@w&xuANs5Vs
zz6eG4gxra@lTiSMs^GEdY-VRn)D3NwA=Y{PQ(NI}izAFT9a-V(M+~wN5Rc93+|p>h
zRk^<Jr1;~_>jpt@$!qx0xtrX*{Zk@WK4~Q|1s|FP7wb%tfdrzv7@-S3xG-U)iwC{G
z@-t8L^HX9>bIFnw#Z4GuAXc8SVU(&zZx8;PMaTlzV1wJrhL-_gnv$pR|16aod;YP}
z(>j|gJmFcr=rXEr2$w_e^^9~v34ih-+QskxMnMfgYODNfeCkX+sPcP+(~2q<<(Qwa
z-`$R*k)CbjvU*5nf9okU5e6QrKl|nt@@xr`?jSt(O#7x>>75~=-Hi)DEJ{%!5;3uh
zgEdrY5gdDs2pk9LMlg@Y184%>51L$ne*U}tV_mBLNuH0`3e?bwND;>;>h`-=Jtp8g
zU0V+FY2UsR`zJ83`|R6NZ3!n&&C?l(SN1eOD_oe5R9}@LW^2VLCaV1%90TZgOvV+m
zfBPklTS^oy{}%0q%<<z}D-X_j-3}cSBeK{v#c&IDU+1vAA}kw5Ev)x2=(GM)W&tFK
z2>%%uerxJwm_Eo9%%m;nZuzhGn41?@B&7V(JPtaCTD7R_T&@`kB-(=)^C3M#KnC+q
z5|J*v;9HY0<saF%x8bfW6~Cw!@~Z-NW6hE4@`y;lbbTBy+-2Aj9AWy#VoH(Pvya{a
zObsEjrYkqGdWSg*Ulh+O^So2WVKH8-nU=ezA;(XlqjHBjhh9;!ZUyAQq?M*{W2V8#
zjWj1{8Xo=MMd53#XSrW3)^}ho(e__9(vorE{X7|2N3Pn}wzUgBs`<L?eW?BI!en5{
zBaxT?VEf7}>8Wy9L_UiQM*u_Q65N@MMZ1aKZ(Wg*V@Zg&n8fq4*;s=w`*N0-UCLL=
zTqwe&;cRo0?=u!%XK}gd?H#f2r_gyZFC5<<Us5wO^Q7Lx?0pCM)&DhKp4oGb=ggxM
z(@6Gv-59&#okB6!_(H;b_KA-pjHVX$3GNAcA%@r4BI=0S(O2$h4C>cxpW9_xd*-y+
zv-=sl?LOV_=2-K@zD<Xn%x~ISvn5C&G14|xP-2hU)28-7QGLxwSUe}(7z@qy7~v=T
zZKT?@6;=p68QEpLvqgVv{Osd2Q(NDwaktpNd#T=pa#Cs9s|+TMLe;(BzL4lMUz`iX
z?>|977bu;jKuP(|^%IvNo9;=tOEL1%Q8x~YfW%YP`{vD+&EGKYho24@x~@IAU$B%C
z$Z^`!^J{ZKk_r7=ODt*ZG+zWKNd_b=x|Yb+@Z{jQ(4bB-fy^P@<NRuTci&+TVG}LB
z*10|WR8y4@o~5Un=8_<5MJESG(_PrnfI9})E&Es!U@L#MaV^E)zr$!rDStqZzJzl0
zX=}h>rr0Eqztp_UIzqFV&7bx7%SnxrrQhf`idL$6)h{SIc-QGyzS=eDT0udT>Iw;R
zQfy}nT(coTNks9nB;#~=<B`PiEc(R!;%M#FO+tZVyRyZ_7@4fsKi5sYusH^ovYWrW
z&9><M7WDc=$&%?Ql_4{XLwJkXc%Se$l*JI1iw_w#3Br(u<G2g&-B-NuDH8~am{o3W
zdW9a}2IJ@ZpRcbq;`IM*)FwlG`PA<q!l2Bb9;4|izR=&HpjakI$P2~xU*`IFH$!av
zvB|i_?Ch_${VmZCx;l2uibelz*2q&)x1hr$m@dO<{D@N4;k!rXH~3|_ib$bh7~8C9
zTC;m2wgz)~<4f$(e{D5f*v~x8_&wD5&U!CNqW0|#XIJXaPw;An-lx}w>z2Mqp#mi<
zLhQK51liLpei@e{PDhP@g3k#;TXgFO1}uz!Pr=QU<M6Q-b>XrV;pn;N*k~H3Vj&}Q
zWQhyH!?G0$=}-2(r|=q(_$T;8GE01!$ll~8kfwNOQ$4%0eezRCoFqZ>X%{6Yi#EB=
zOa<kO+&P&2Z*x4&Px7m&vnT=squxB0yu`-Xa{kWj8gtmc;G#ia#3H^OgIWFbo8W4n
zrkj1F`r~brwZ^1mQo`Fi-^}5V&Z2W<c)V~w%^1Ny&q`n*%kH)uAC=yRI|#&)Y<WxW
z2RZ!r!@y9lKMFNHdvA)l>R3nqr!cU>07kHQE-aqJodTryl?g@4Xf~Cy68E3*mn3BC
zJrm9?D?52ZrCnh`K5SH4jV354`e@_JixNLuiJ#wqadVX(m7I%uFP@EEDQtc8KYIJB
zsJMcz%iwOo-3ihJ3GPk^P6#yKIKkbW#yz+MPY4pAad&q@aCdk2=_KF$vt}M<*3857
z+r6v1`byQQefHjU>X2LV$^-H@FY7=4Kj&o-%)~hFC^zDK#G$|{r%PAlg-X<g=r$O*
z!9L_5j5qHMN~TUDA!p<UtzXtWeEKLfO?<>xqNOzo!QPhtbtwr6Xp1_oVhvutjdD8c
zrjD)%fyx_!E!Rdjl)xLO!NXEZKqqHI`hD|kL&H`zpM~;C)Z<i>VfC2pBVPkbrR`bo
zt>U!Ja^~{S*xYxa9ZxA*7FKptK|sEy_ckA?l(M-M7f{<6;qcw_{6FD#gTT*aC)yE0
z!SBRn=mvI*txP0vsztgjLC6OSblw{9v#pL*iguK;Ddk^<?ey{s{*z4&d`^!UK+%fs
z3mlt`A+vCN(678yqNRxl_^Y6>(NfJ?WhJTHMS78hE|fq#^A-D^LvfI``KLT{UhSye
z{$RH6z43zY(_Apdb=Dp9%KLJ5(|IMTh>+~)Y4~gSy5Gqjp5!{3o-Q~<D;VXCn=;oZ
zSxE53(XbyI{7^DtXOX9Ay$<~sB;W>R7;?s)<P2*&iLuo*i)OpJy(6i&GHmn#4}=tU
zX-HkBW!|>^Yy`Q{#4{p1Xowf>p5nO{=0u-rdRWNDe2Ep`-)l;teST`zdO?|~^U|9p
zFR}fP9{0b`Q?95m>}9U>yHu3!38s$0MWnDefQu6}aP}DA<>mDZH3R&|lG+Xs<;!m0
zOw?CPFg$PdWi<*)`o{@dpg<MAuG>Ng9pUDPIXGYmt-?O2bU^~1j5p%zhuk`k=j7#6
zjJO$o{~U~uQ7%?+2GyO-)JZn?yF?x9`*^?i3;|uu`uXX(cVO(z&+o{7o(~DdBQMuu
z8(P3(Ex_Ob>XXZ39eW=xF)Gk$V*o1>4W)eJ5Mr6KsRa&DF63A^>S!|nX31t|DP8B|
zhEqRTSbX$?lpp4P3$H##;XMjzLBNbS)J5?}`kQ#yjxhDcu5(d8t6hV3)A<PeY=8vo
zLI_fuY@YTplTu<+c(JAMOnD%E#`Vmp;_x#+VFKc=!;hJLyX=wGQ!QRDLDu8$ymW6{
zJ8e=WPMBsB+u)N~a$=rGnv~IyVW5TX71)`~PuJiAj9A{X>$0ndl&*Q%>)edQ-)WX+
z2VC<@LaY<dQqQ!Xw#kCzGl*wb7m#duXpdm#*6xC_zH17^PAzl#VGWBMM)Vp_8%nbY
zM;L6XTCbeGid!4l*k4b`=d{#7==A2Hr4tzDuke<?696?T^EMN4>Dt_k=4-5pH;ANK
zHNPnbX3Tu%w*=jLZaDpbf8xLFQg7gyiW;zZveji#f{JK+dFb~dP%Fd+L*q}em$+?D
zW^Uw;-|IH^K99ChWh9z<a7_Pupbp(3)A8Zj=IUm5B7fh`ky*R?$GzZ~alYgO-}E1m
zl{py+p#&DD6%E^aKwlG@6nv1U8>YKq&Hbx%;XBD(QH$(;6~=x#7?BG5Yx`vSOT;zu
zH|1_^y3BgiW6i2WLd8pxKcN}=iSPZhOC6*3KJ<k`MOTDvaT2xH|Ald>{%^f2S(v<a
zh6U!tTn5;I@AWP(Bc*mj94vOU(CH&mIu17)Zyg#4QQIIkDv<iKdx|RTyvU=Z?Emgq
znc_l&*0|{TGpyv?oFg3kMSGn6eWtL4qu~yUWT$8u_8m}QdSR{=^$1cD&{Q=?%2Svq
zq-eIvznr;CTNB4@cRl&b7_;9TEHj=4`cmam$WS@oSVo;Jpic>zG|5#I1#bHkQmvYR
zvj#NaYhx`#;xqhvjkgUw%VF(fYJ}8yUW|>JTkD!b9grioxW@oxHbVNOk)yk?q|{D>
zM6q7RP0cP(K8Fp|i<ddCp)%t4qu=&QWC08N4Fk>k1f8+>hS%dt7C!<j7YFkVHSKPX
z(Iht|g%iH*`Y9*#K4pT2ZkQ-qG)pqf;kbCWvs<X)*RJ(xLx9QocHjL@;*m*MP9Wl?
z3sgptyn_U6K^;1mG8GT{mp?<Z&x&Kh`C74$gaE#5fS!92;Z<{-+b-Tq_sjHs{^{6-
zFMsi}G)FDJ@X?=+u*)$3UpTx_;VGY*6%*}1wcmuzu|22?hg)~j6@h7M|4UlA&K}<8
zT-Kx^Aoce*#Kj@r0CN$hSh0TIWsADm<6M1(8zp1a&|-_*JHA_ku^<xi5X1YKuJI;m
zd=t?I#2_6F>5G8?4y?c~xHZDlS6i*Afn`(jxw`p-{kT>QxQha%-OEP_D#D?juBeW^
zNTxzjZN7Z=ztoLb@%n0q>S)myV!-JUrQmhvakv~^CU4LOZwFL8cCsO3{?xi;*n=x}
z^o3Afu^MGr(4F|3dR~&SiK;%37!uoN8);aPo>hMOjU{+_@?zoiP!P+>d`L0tBQC#W
zov~%1_HM(#D2!LGMsFols-;{;%I0Q9m?1@~@OCFvFBwOSjOimNumJ-4&bO0vD4Zo4
z-sY<cJ29G#RpZ(olec$%eipkk-2FIp-{o<s53nU)a<Pc*8kszO2kTSAQ-%F{$Ti~j
zqVdd+*PCbgnp>b<IOB6xw|&uXq<ogg@VT$|pb>h#_n%?^j4ojYthhIBFyPzU4Fz5E
zQZ}33bN@r=wiW(w-<Lc~&1!8Zw>H~z;9JD=wT)3yL(904AkF$N+i*OjJnrsSkqY|s
z=D3lvC9<3ZC+i^^HNJ>g6CDSztXzr}-tlnL&ve;$+$QX>9%#naJaRZP=@D;5oeafv
z6}p56m-Jz~SH3zYgdGKE@~#(PT=B)VEh6zOOkv)T{K#71OQkdhV<TCresOD|!Qrez
zy0?4P+-u#f|3XYO{tcx#r6{0RFAC1?PH3k_b~MMq;`qp}j)C5M4GPz3c|BszJnSAZ
zC5ME?#%DiqSgBQRO<j=W*4eT+b8lzYJF>XiWCrw>2ZLNQj)An4-rj&@V~@Ym@7Cb%
zyM8#OUQcC?nb%Cc4_CxUD=ZX5r_#|x*(3QkMh-0NBz*(e8%-}B_=#86A!lz;bIkbl
ztYtTSv|_PVRj01G7gy60t5`=pqQqulqN9KM99Gl5fc8HB_2k7ydkM4E>!k$;Yal62
zkHQ0F-^Xj5_S@`GaVds(AF<rq(nwpUMZ`B%LG=iP+tRQnr=v2LH-`E*LdbgT#J<Vq
z4JRuxTJmp<So|^_iIA#f#*r6%(Q92eaAaX|Ovny3%0TeD{vhxyms=z<KS<~}Vz5Wu
z2e_E|A@?Z^ibcH1TD7gpr~70a%Vq{liPmu=93{;_7A~3}(=ebu=2YHN#0oEXg5$^<
z>Q&l3y))HMSf5JVmpfXGl=!3DE8Slgn`3s|@;`F~>Cx1yp9C#SQ&55C17#Q1hB>`!
zsPJqJE(0``^pfe;>K(sRK{>B*N}tf&tYV*<lM_GkS=aEb#81KXVGm5VB$u;)JvqPr
zdgLD36_0mLJ1@Ir$D4k5cF#9)PZTgim++ZAAg%E}LF|=?gfgb20?-=)+E621-I2V}
z>sC8{L^m4{iF$i|kuQwwRc=-TTSt;TJln3}e!lTs-CC~d@kaD0#^8Z33gl`lOv<7i
z@6t{K!F1%}N{=Z2`<wMB(eK)q2+TV9#P`Y%eqJ|lQ@@i=&>p?AeGEgq9Qe@$TVeq#
zoccSRd_y_Y?9TMxxZe|oO<CY~!xRxjd}?3MF3ydy{~1P(@UkX4o-844ubnSXUqX-x
z8EC}ZQx7j8n05)Xnm_GjDizp{`FOrRw6K#&{$9dgs>tZcXF9_Enm_ZfYD{Ud?NIdd
zB?*J+66@iR)XxgluLIe2=-J3lRNqIs398H+$Gpq*UAd;YVF0NLsu<54?wgO+7Fu`2
z!xB~c%zcF^Q(+I5DRN_Hm&aI0?^Et+y6=dyoH`e6YjdWZo}*kvrpaqOxvQI451#=W
zTi?^dzhzjm-&SKF<kbKy>dhodG$mJHhNN9b!kG)Yd#dca-0CxMr<F+qR9Mx6xKf3q
zp}XrEm@|WXnxdv~viNe=22*g8-+ihG{Z3<C`?A{4s?Y?lg(GZHKi>IlX`#kW)tAtL
zPELv&OP>ay+z|~h<)bN3MJ?FXl$g*8dii0K;3;tPsh!6I&bNi#znz=vL#f4LWMDTV
zIC@<UZuhwoK}8w#jkErg-|MWeMWDz{-dlMAZRtj&ATde`j|xWu*~7mRc$xrnH$_79
zG`vxfEgEAsZJ{uM$nGK4O_J5Lvk{D6dd6)=!E@SxK)O9RenmL8O=lH%Jekj5iA<UH
z_J%v~7zh!CD#0u^$k|P*=_wUf+`rl7ocNV)f*p=z2@N}R2%@qKz`~sl^mAc{mXe{e
ztHz>D1Z>~;9QG-hOBv(OD?Q?2uW>yA@69_9L^a|8hdLvH1Pq2Xm(345hQBVYudCqq
z5`-p~E(E>#=Eprh?Ium4&z*J=(f?+4#YmY4f`0fb@tvf*J7}IP#%`J;zNf4gKQQUo
z2`nH}*To7w#_)Y4y`XCPd}1@apatR<EQI~q*589^D9TcYGQ(2g{kDlR2r!F7Tw*+9
z8rbs=)}^-7$i!x8mI*n7D2O<>wQEUWoB=*%fFq0~Z(>n4)u0Au4~M~e&dlE@EZ4Ow
zp&S#)cKzxC*v|DEyIfUOWfUYjR%_HR@<}6`)KZ5^2d~}3N2(Y+KN~hJDz|XM>WJd|
z^{2m$0lsCdCa6g(0RLW{5w?}BYgjjm5d7+^a8`D9Q0IQ~E5bsmSX$ILWNNUGN+na#
z`)q63DW-&*H|t8%^(D0uX&EH;8%jWgw}p+k`*~RQrF3xN-nQaKW+>BdJVzZZIzCCm
zO!s+whpZN>#nKuSR}|%9>by%R@IY}8z&m^)Ix&%H*Hs_YT&l|3`w`7;fmZQ3S4QA1
z2b@mqvA=DpJ0~(rmd(m<FeGj2HVi?uvA(sL%xV_>%E0P$`#}v?(?Y7mD4#lpD<Uj;
zl(0n19jx}KN9}#Tl5xz@)-_2UIxCOMZ`*$w=J8q?ReV}+n$cXmSc30_t-wL4#YvRm
zxg6#f60(LJcP?KY;&uJVtqm*M{_DFli3aOUCj~Gk6Q}sqHj=w}bPNKvwVy6C5BXfs
zB}eq^)f$!J^Ly&?SLx**=w?mRuyA=fs+Cn$?bHl&=JgBF8eA^0;gk7DX-(_07U&wb
zW&uqNcni@%t~MASTMO2bn5C(1Fo{@Vjc#=6-IfJJ?E<#GoLWeADG4W!j&>Ji+q6R#
zQ&-CjPA5@79GBxlu+ht*D^uIR)ifsfEJenZIb;u498Q|Mx1ye20AY$}FQuR@srqE3
zlTPCqvjV9lnTunxVf}Z`Vq{_18kCtUK0|f=STG3h!PpWM?EGJTt*;5G?s32Aop_|M
z6x@hUC)&l%wB`D03w~$#u6C5TF_+&sVk{49lz>ZPfqG1L&s+)KYLQhNmOI^k6u|Y=
z$#K0hi&Zt?h5Y68GvABUqH8XNSvM`q<QTITj(`a(dO%BK(F=Bston^KT$I~7q~Sf%
z-K!Q@wX_17DK{cwwD(-^fY=UNyAvd@u(&dJbXN6E%ATss_-NO0Ml=;ZDk-0n98cSD
zLyWavm7rH6RmLhLMJl$Dpk37Fb+jGq!R%PEj|e(dcn6=38$UeoD9kz|wk>3#B3M-*
zjZ6glfA7B2>9Nh3+RnsuKGT<Y_}M|YcT*SfbtP*uXMieuILM7dY{pPpj@(zL0B6Vb
zh{Qz11eBMPjte_f^ome}Iu`z4kGJn^j<`f-v5Y>Zfd4EKZLNx0{p>0KSlMNUNK@F@
z)@IJmv3q0q#H+V1#CTPJ@~gJIkRfbHU*{P>MjvYXWckB(3Uue>uuevDfpIb&x53bq
zEXOQ`8Ryp^L9di`LY5aq15yTuiO#p7o5%&1pVd@IXaRvQt49=bHs8g|HK~$O_TwoR
z+T1{Q57sFST`#&^I9OZ)8RN`lWelwOtny(2O|&!$#I%^9i6Kq=<DPQ;35XLnTy|23
zQ&yyLouit~O#@b#Np))jDdPtq2!i7YI2b{TUnVNVx$mKXvL#B?x0fPCq<flQnB7`C
za^61~a56SW-%OE5MY(^qV}~!;Rx-jr{^&{_WvpSOjKWfm`|U>sx=`fc3bU)Pmr`iB
z_oyYFf|2-kPqO&23l*@%qXiQopSj|)0j4!HT*#48j0TK-zB-Wjen7ob-^PF3%u&Bs
z{O%J%<u;-ymqj%ot_{?;xU+~fSAb3?<cHJuK@I0@=fmb$Y}dsBX{c$~s4$8ql|UeO
z<;!XdRiHs#DZ9=s8F3aD;F;fK_ko*Z>f~noeXNHOwm=;FRMmJM1_MhZvt4z&Ju5uZ
zSh#$^``cp2US*xN<_84r=+d>4Xo}0sAk?WGkQcL{A@v8OJ+1l|ZzgQ~K40Am%+}48
zRa??hLg3Q{a{GNeQ(S!!Jd5vq$a(Z9$?Pi1H`*hJ1mC)8J;{_Cm18azRQk&VO*dZu
zz|}BnnU9&bp(vRbcFw294XG3$TbA?*+6G_slO(Qu=*jxn@JoVwGhP<vH8nUcR3fVa
zd0z0!!lE|!&O|s9W$rz(NsNRaXA}V}Sb5?22zNC*3ZIad-QXau)@SJudneA~jVD)~
zY%n#a!?#;<ZptHtp4|&iYf%;#lwe_e1l_6}AOB#aLmq-$sS26O9j+e_uY;usOxC>-
ziV^Qj^v9nK>C<sywe+1Tj+NgNu?Wkf%_A{+pQRp@T7SPfA&;Yo=zy!`;7}=<6K-@y
zI9g}tCN}~j06fn=ZH?CE{9KAaJB%5Pz9RlWOqZ6vv?4{Yh^N^uG+wjh*4mkqmVl~d
zj=-#hu^dT<F8p&pk(R|U?EB3RMiXTD<Q1a(%+^fJYr}^#iXR4FL;Kf&QfnHxA0kNu
zx_<(52}CmEBvYEcZ2kP8J!MN*|G?cCOz7S{`|vpKk1%+$kn>^8-&41O@+2-k0+vn!
znHsAvmCmGvLH1&e`-cE!V4}yFIFEW>j-q+A3@sXV*<zP@dnJ(tA<9J{^CRHo5PWs(
z#U9E)t>5Fcby4K)o=MQTZp7QzN>GPyNuFpS@u_Bvuo6`O<A=ZmT#xrid&{d<>+67>
z9sBbJtJ6VuK})phoDPEm$C-d@T&wshWnh2atMD#96DGBcj<PzOhuHfDeI@O)pA=W-
zfmRhaD6-Y3!5uPa=-C<FrqxLzHsk%Dwfm2O_Qf5rO%+kDD&n=GhU2Xe{BXd^g0jo1
zT-N^4^96n6Nbhz%cIwJt*LCFciStbl=VpbNWR_MSdikqi(YZ})Jb=j#fQ8(fA}RD(
z9>0Gr(xz0IBIZ>(*3Tfs3{8*b@4=srIJYW}CO7(pG2zIRuB#4x@)KH4hU-HSSiLV7
z4NYIVV{ZxWsB>P0V@vc);->YJ%<)=RM2|sTPA=iZJ)N(uBMzjFD${_i3$Lo`^HNYk
z;O=uZX^lr{J{=nty!-~UGJR$&wN2E3Z?X`(i%0`%V-%dQtUKkEGAj2U3Wf;FcGWs^
zRbW%=4S6B<ep~-ZgMn7hdDa=hN%ZyuOB8X*6);l`eduyz_ABxG6B#}R1$3CV8hQKG
zaoNm7<&~Qm(fu>sMh@R(#b`bnNpI;F#8!d4v|;t#Tksx~kv*)Xx&qWT$CTRFZ5S9G
zS9)Sz5mX`%y1&d=iRcA%+C;0_^L|EI9#pTOTBQd}&$KfplY0>zsJ1fU$}W~9-Zk+k
zaeTVf&-LWWBm#x4(qTB~+OSttqS|_#h)0F@?MIV%Klx&y3k}RX?XZxA)4Kq($Ad#=
z%-8P}ga=E41%~(ST!>NMZOlHE1~_eF9*$mBorW54{z$PQ*b%+TkiAk2Rli;rF7EI(
zoN6inx}I2$CjbLijxTksyHE}S?%cJTYW;Gy94N~BT=wP)a$ST~%9s76${RqO4*XY%
zDx}vbzq__C0wh-=ytA-a4kdz#3VhK=B4~#$XZ_~8$L7MceMkuK(txWTL<o=@Qi{7Z
z3yHPrqFGx^kvbETe{Z$xoznd}@TjEdhNoJVsIlq-fLZqIRU4aRYenA7JPnsFCE6$T
zS5K<BAMk!>bx^D&9BuUciU8gFRD_rtj}>h&rmoux4dA@H8E7@0bs}mF?~D1E^!^O^
zSzg4PZB*S(?6p<Sv8SH4Vd-TeZZU7MLvIO;0H5h~6JuBth9r)l?8KY;C*#(xY<rBR
zkc)NB9cFVhw8hKyVzaG6owdx?*Ipt*v2MxIOE-m^&tWr72KUR1d!84ny5?Q8d&j}=
zfcboN>07J_=d~a3B3R0{s>G^@^>C}=Z%@|6gED?}=sF~cw?@^n&EZ*m`DPHL53N(a
zHXv<;HRc~eYmkdtVBHoLdtD{)ZaSoQ&`2ZnqT<^;`~r}ihy01Cjnyas$X*^@_(i21
zmbnmu{UA)bI|F9>n7nV|t4d5Vd??a`A9l4dn;{n<8rtX4Okr-*B6*ORz?%aq%k~#i
z4+0Rl50)k8Et(U7{=B2u55U$nq{S-x{;eg8<)pr`28<9L)Y8SVLDx??0p@Yfzaz}9
z-{zbjY0$++`8jetx<O-CY{Lp;tl?J|juq&f$oZp*l~HpmClaAi2e%*=!Mbm<qCGu$
zB?(^8`u5EA;d)iR11nTA{T<8`rL6ED;0A@@@I#+NYZ_(9EJ>FZjF0?B=6N1jWWFH%
z3ysjP1pc-GNI$1xn~*b0MtFHRJ7~FKRJW0};?oWU$x0qVTe!@lcKrha5lM_>p@)B3
zrN#b>3;!H-s`^X)=PcR(`$_NEM&+Hgz0al<=SQ;9i7!G#w&!5kMXV!FWa_TizhRs<
zqbp*b`{L{|M_h&%-Q#1tU!%@q<#AR-;RQM%$@?Ue!8*HlP^as7OfT!2YKe;~Te$6E
z87X!jle(Mq@0H20Bc<21L^$f8^LVFX&@0o^hUU-tht#`UO!&)0CKSGw=+BS*_g|?P
zKYO8*&w$MOEqj)X45lE-L3++K0hKZJxP4`Ka5WU5Smgf=jA4awp%*LtVdvjaqBXh4
zpVcr;B?vZmGC-|8H#idgwErHo=&QByqn0RPrvkAL4f~wW^_qQZOQno%V;}cy#gD!#
zH0Pv66c+XvcBFF>mETa3O#2ie2D5-0lsg?D?uJ@S=)N&sdPwuproa>)+_6iFlF&2x
z)|G4}xbwLS(W+9^BRBW-e2m^DD+nJ`^4FlRvVxQc%sS&o=K8Uzb*7JZT<_xB7T_OJ
z;D&n|jB&@B#8@_Mn6t9m2)1NM@AU?jY=OmBz`^X7v;v_-gX#^P)`e_WV~kRiD(n}$
zg|OcsTPfWAv4wA6v&s@7P9M-{opprH-|B80%gipCQhnKm7j9YDPjD;JwPJ-C#YDaJ
zL@XB^Ex`x2?+*yjj(nimbP)dwWBNija1(cuHzLC$D_r`h$p8Z(oxLQ7Y~=yD36!)T
zjC(>2^*ljGl-gtSz9Z)Ls=9qhFuD1q?$cozc?dTOu#~qQCnJ))6Y}5&lCFlk4)9cK
zRGiJyK_99Ikj<wA_p5N=Ao`F*unn+VO;NbUNX|C0qko6v@8`F^LNz-qykPf|MzDTK
z4<G5gI06QxX5imW72ntgQBEFUqM=Xj<e%R7A7fD4g;r1x1bn=|1A13SQ+9{V#7Au<
z@kjyY0TgxSpU@jI3!pKZ$2TsvNh7nQR#H$B&f#?92cyOIpy5wjsU~+ZXpMqU&dnsB
zfb7CVP^^7)8ZO9KJW9pabw%v72~&e%j$JG$@bwynwb<)))vSc*a~8>Am&TL>=y>8K
z{4=OpgztQw7mytuj8lB~@iga5TYbi~^-K?iCcketD$RR*Sy&NuNGhIdjizj}y`W3E
z$}D+q^Snj8F*s@XHOucPavSlcUe`u;8{#x-e0RY=Ejd%9>pHBI47Ys(puCuM8Zln*
zBXo1pEBhXztgE+jrl=Y_RISy2p`;lp_{8=`&jWzPc4TSlC45z{?S|r!wmv90wH2Ry
zn4UcRynN80TUIWDeO^5=)y)PR%+Ef6iU^uXaR#}I&z+O?Sucy*5nmg7r*1Knv8z8d
z>Sv}O7T;&uHR&xgZQE!c%gt!&&-9NPzaD+p^X;Wy?_RGgp`p`>p=nUt`(kpf*r4;8
zUbAuD{Y#U=ec8iuSt$0o{nL@1-@`Ix!1I41n+%|7;+3(*>%6`T@IwtdeihB_iES>)
zZt?((G0Xg73sFKs9H(k8Z+-ZL3WPG5?M{Uy7isGU#`(+#751JTpx^QAc#a=_O@DjG
z{*+3Du&nLc_}kx9-gql`1K8Y(UB2_6lP_wGFXQm<*5i|kOuU2#a&+sZh7H)v(MU>;
z!W6QRl4hJ>&S%|St!cGi=&a|?2DEVF;-Ud72SoV6-IqkIYXdNod!Br_>$wzN3GnOe
zf`Y}P)t8i=eFcDYgoYXJ%FGg%exsXii>JUs`vlIMk9XU$0R@+IIg^2GLSB!}i$hn~
z67MPhrj=3eI|)5U=ca=%&!fjZc{)#mnAO&Bf$yRFCs+7Az~Tf{Rblkv;?K6(uo4s&
z8V2wrAn;N&3UoKT+n2+2?*v)@_*H25;KEvatb>u%hH!T*0BSN3I||^$D|_FyUY(Yz
z*G+OyamZ6EEEoLVZ>s|qtK910dt@-G*u%m_4?mxN>|9Spg-@+0T8BQbwKc7yWg?gQ
zXkTpB=|`hF1q&|N@OO8ojrywN-(@>Inu(t@A7jJ|It}(j!|ii#?VLURZpPISz$ONU
z$}y%dwe8oMpPSme>M10U&&2))1{@|K2r|+;FBKh?kZnV4LG5cO__TWl8&=Owu7j_{
zNU}1XI0s3Nc8PJL6E)E)TCL%n*BzEkD#b_^jd6ZPfuj)glE<C^M&ol~E+`Jb96zj|
zbrMwB5O{==4;9=C%65ICp|=?4h<SQ7nwdcxC-K}ZY+xetahLapJF)p`Ph4fO2ZY|N
z?mDRp>R6I(8NH(?lU|$jfZ>Nm#1>7*sArBBmscISSkz#5D4d4^;(j``P-bD$eL+MK
zyu)WLYu`Xz0_++eTUZ(fvA5l5ykoh=l^DgmqV2M>@+zm=h|UfiDvBDb1_h#V;E-@(
zJi;<hfGc|r`;X*L>naQ&V0Nfuq}wS-ST$;U9Gcc%Q2SOn&}#q`0-1Rb<2(25vrMQD
zY3A*_R&HzjF5C0rN_qXRu^Zgq`eB)Zv8DRi1p>d;E<v%x@R6Xtxv4dKb|oxI$rGYp
zCk=kN0%H2XXt*%Y2T<`u`CRg5htPtzD$YD_v8ivzGt@2iwYe4UeQTo1EoRao{vov2
zh4KFDb-HVgZC$0uNf+JxsXl@{wwY2>C}JE2LGKM8%3U39(~L58XZN?7e@7ucH!&V+
z4Qms@K1`sV;GZJW1#!Bu)iOBe^1PWermwYip7#WT*<o<9oPv*01Ky*p#7QYmL8^Y|
zKSwF&xXr*g={4N!I~a1f^T1e?3!_BNaL%{p<$M4I%!GSpUbJ9_qF_9D!?s%~{%Aog
z7?!&tbuKd6;Bc#bT|YQDZ&h?b!NrxndaCtv^xBY~MH6AWINu%BTqL~r;L)v4P|epQ
z{OmcDDI&1>PnY}8TqLvUEI7Ecy&48VNS0@1&t~jhzf=SEnXk@7y2A;pA&{e~Th{%Q
zW)&R;rUlKJ+erdBb7Rr>KZV9Wf5fdVD9Ej7R27<bEW*K9IJe(q79E~s<bN%{U%^y{
zTQfv(M#V&yFa^k|NL(NJikKSgq+8mT>@2LkwJdpP0-2j7BZR%sVKe-E0zpjN8Ikm{
zh`6D_K$cuD9#L5-?l_<0XB4$rzkAoAq8H)qV{C^N?T91zR=pmRp#E%QxNxXK=o>|)
zN0x_ur{i~2*8+)+CjUSrk42#$hNfFP#8DOPTV}-i!zF?7JNaurxd6TksM2OQoZY*>
zgFLyk^%c94afMcTnO(^}0I9z~KDNznb_ucV<>nTbP~0fw`;UT|B`R6+cXPFxP^}{v
z(%htafuaU9`O^jM*iTy~9E|R6@6>vA#e+qVhGzC1j+GFX=PHq(WL$!oRaNvtf1+(w
zkh2ktHRu|IZwqp$L~r!n8i{`?+ho@dHxXB}Ww@@Qk`rk|M>3dfcc>-0J0v@Zsisl$
zBVsY~35v6)I~IxzDyeSo1N7s>ESbV?s~h#@p#V%SaB{n{urPDQo>)m%MmO$QB!fO7
z+Gs1Bq~xv_(H-*l#ALwuE@~&Dt$eL^dz1V)yiq#JVj;2w2lx$&yAAuwMp5<pmDd$N
z(90{TSK>j2`+9g+tVN}a<-FqM9lzQKk#5MR){=7$+$u<+C;fAeE}j0)d0kAtYzqmJ
z@=>sD`<jbx&Wt27weMp>#We5BS7<0OKIR=X2Ab;)*U7-L3>KQ^Sv^QwD-xBCff#>z
zSW8nHk7X`btcHG@^xvwAq+aMO<M06MZ6t9DwG4+SMg!{4zG_Y>Lm}-uh^Z0xb3g1G
ziT;f>XvM_Gx|1>Lku?A3*nEmVL<Vgttf=y<sG6h-?>)OgVFxFmVue`DZn)_9t2ih=
z$No2FL5A<Wt4I)x6@k2Nl%+yRxAn%-Q)>*MX3X?(p=jvk3g`X{U<BW#?nklCn#MGO
z5OuX2OwuT}ro00Xui3L0d(P+5ems@DMp#Iua;!KZ`ICIm{cS!@HiS%-IcKRJ%PKe+
zZ8rbbf~9lYwpWl+omTh@0TmTE?m;?|3z{SBai0@>rh?*Rz8q=j`ux9Xg9-fK*!lN}
z?{9N|Q<T3z`u}uNh{TrLFp`HLlI5rUd4X&;ZtdhZVDZ;KsM+Y{Q`VzD|69Bb4@Hs~
zUGnEIHOB;HKhZT>6)BLG*f${$tzPcOo;Q2VNcy42h0BO32GG}}DE+)=+o~u7`}aZ?
z+gMC}Fak3WH>+Mwhswje=+=F6J0JwTIzl$=GsWz(Ld*H_6C2$(FRa8^$s67{1cb!?
z!SsCfC9hOPw*^Bs#j5lfv(-|O!amQ(j+#A~Z@d>&J~b4^9=bl5I0PALV?FFRIM<OT
z<9_=K;lr*JJ%tj~U6e64a5^RsH;!w7?Lo(c$$P3+9+@O7nAO>DFB%KS#tb4IjY-Me
z?x=5aAJi~VQ_h^Mc8r&xxcm6@>n2jrKZ5H$vPrJu4^g|F1vta#mwDz(!Tln-$M1Kq
zV@z47H{@b#ZBxg1I*XS5$;;`*@l#Nbq^Or*4jw!K!U8~CVe|<I$@QdvvXxo{FR6A$
z@ayXQy-LLo=SGql4M-||R08P8%8LOjY5S*xo0KvGh?_C^TWID+cgL|4`I(`CUnFNg
zR+E&Q6iRI1|Cpa>wqZq$junfe*8ONkf~w3PciBr#w%A52@B1s{Jkw+|+ebH$j#Pot
zSv+0?Ec_76$tbRoNRDyO1rYZ3YZ<$q^hj;VgRMoGo9!5F*>S;WRN945wZKkOD%J5A
z{)<cgmtq_usMGs0)mYbZ$0<81#$;$U0ugT>ReUfWT&|7R;lc7KnYiRBB!=X9AKyHt
zoT*fCww!8_DxcX`;eWSM4a<bD))55uZ%Hm<Nfqb&WIdcs`0B>aw^>#ctr;KA)xTy6
z=TI3NXpflTS>>fP6Ca4hg`JzmRkRm^#aKO#Wl{B#48M}aTEll0E}o?;I4SL&22-Tg
zed-cG7iOf*eqFAf0_q{dX!6xZq@S9Fu*265I#nzl_%vHdcP%i0)-anN%$R>4F7ES}
zoQ<v}#jX61n99c%OYr}jOm7CLj!cQqX$2Htz|}o3L~~atjryB4XNSCCMc~#6-j(01
z7g<;UUzyn12HR1_Z&ad~Nzp#@6PS>&K8Y;30(EA6`PU1X-3K?mlN#vO!hPI0vxZl`
zhpAWq!euSp{5bnnONY)}gII4YDNCsAdDxGAg@*s|xo>9WJ(KvsK6dD@BHuHo6N*DQ
zj?@m{R2#{ws03M*zbW+bO5)V*hIz?1<)!RjhGXU_s_fE>8%O3<ap|wPX1*SXf|cw`
za6Ta&j(;DK_>C*{bEZ8Z4O;n<WqZRTmLEyB?379&^Cb~U(wrBN<l!#f6*KUzf`RkR
zuw>D+@!ccenO$}kK_~*t<H&-2r`cuZLVJwP$EotdzKP|qbMDW-E-E&%<USnmDvPJT
z$_m#u%oj)ywIde6dE++rUottWl+{){H?FqbIbA$la-^bI9x9W=836s9JY)xaH7P@-
zj+Vq%5bKZ<-{;}^CVd5e+d0wb^A~n=Ip&4=5?@%|@&>lUdIe#USqEY7x^n8FfeElg
za_eoq@~vCS6x^EKrQ))%v71i!{e)NZiO<w<_b<ih=H*~<k+<;miy^h*+p+G;Z=5C+
z_Jl;X@cN$!E|cG&siQA&erw!^gauqQ+EciZ6YOgcN6iEs9LKSM4O71EUZ(BLxFjUW
z{eZ>ot&Dd4?7QN+GGOI>yqcLWLaE?PQn9#m>orosE_Ial83G*4+Gt}-iYU*QXroM?
zoroJ4ZE2k-yh&(7yc70eV8RWaV%^2eF;@Ttg;_j4GG(n2ShSD}!bGU7_KuW$z`6~M
zejrm}nYDssQ(Y`91<os`HNU+}X32I-)n7S*!#Ox^y#r?f1bt%6UB(Wydm6NOlI7R`
zQ6pF?L}<R8RBhUD`PmKct}pr~$kHS5Y>1SJQLPS7vSJCr9xza|S`gpPDmKq>Qtkm;
z*2|Hg;andHcD(d$zcaDlVo5?s@)E?z&yzD*a~@m7E&sL-$?azd3B%{*-n~}#vZq}d
zfcsG3#KqlW$QNrV*P7g}d}`>D#{X4&cXh}L9Op}p`ACQMpdra(O;?(n<@O?^ke)T-
zn@r{N#r&Rnx7ic^UaEH=I#{3z`3I*z3OPpY|4_(J|0v|3KMFbhH}v6v?>^;uv&CZ5
z+rp*RJX92ljAO&nT`7;)0ey>vR|j4_LUul%0qL5iMh_=<928Jmu!2ZvC~(i!$;yD8
zrG7aOt<!fU3v!^LD~9I`ktip!Qm{3;sc9rF)^rQoS-I#1fPLmW#^{5Xec+m)b*{5V
zU|U(9f@}kJd?Fq{g}Y}3Jyhl1hgXY^KP(mEUfF53^ZQZy-Vm3BmJ|edD-q<pRhsBR
zcOzd8EAS&yNv*VKm*#my$xe&DJX2(RTP)k8LVqk^*anQ~gws>88wRV@ui$d0lEM&)
zTw#I>^rc-DMTEb^jOl>HnYoyYRyOr7=55~g6w{#L&4oHxXyH9ef0HB_3O$pERL1VE
z$f>%vL{{7Gsd9@FAupVv+Tki$C`Y?-W}6;^Pj}m)GGC!`iaee*6jmLEO<-?6pMEWM
zZlcP5<(l}K$<E^R3P!lrVDoBAgOns9VnRp+O)LBfsRS{}pzjUi7;7IPE}`K8rbgM}
zleA%p_}Y*a2-_>YD<>lI<|5!dDPSkqzAU~4%RQ?GV;Ze=c{C<qRvDmcb?=Q=dGIUz
zVsiGu<O^Kk<ppGxmyy9g5{e_%ma`s3UTjkJmiN+mTp~&iD=W^DN_+?KG_42Tlu<am
znVH;Ymd{%EY$%glv|i#4ei~8IEUBjlJ<Rc+E4iH6q#Rt!lIlS|`VIVQU1#z=-SIs;
zB^2uT87eGWX_YQ8<ML}X!4u_S8`7q;VfiRCYwPmqhnBDFqxj;&f#5Ut<5mGntniq8
zlXgqFJjncEcExK)yfN$Zp}XB5e&hMq(`^itnd6<l0J^q7J`y(U+jPpr4ykvJUX^UT
zEm9|5aL^?2(tnbz^MIvI#$gF<JGJ?Kpk4;FeJTrmdK!}Opl~o4qS~5u8U02$IC3F^
zsH&t!!PA&7R5|ZTH;3QkkZ;A>bfV_-#rZd@qoRD7a}5gVp-1pe|6O~be*H<(LiSk0
zv+)F5&w;n?0FUO=R%_!_p<fFwf=AoZRzoech(3Jta$Em?@{C98!-rxdQc>5t$DY+j
z5!a_ah1}r>3bvW+Wgpdpx2_|{m9Ljvxou2l`UkJ1%RSo<Vg<2acBYyzZz}GuzGPS4
z7aO7sWj}CF7ap;fC`&xwJ~^i7we6S+?1P<#ou(cMm9fuek{=+>*(E*sw(^0cb$Jw;
zeNCMg9+_Td@k5&lFRSMVqb1qik59OoMW^@6!$V0k{N*#YI^PbYuVhl5F|u!9&Rnt%
zi(lJuwoPw-ElX~T^z!n#5`USQ?K-b(dph#+gTMD9yZY-DYTtbSAu{wriXNS!1v_T@
zMrDCG_IJ0~PLFf`o-=JGN(RIwrfrRN*-YU~>#}1mu-8&>GmRxTa`khIiOSpmSQxyu
z$zmWcy}qf674E)^tll(ZUWV3$`-U<?m7Gtdm4vyH)1BC}B^e=Zce|>pVRB|Ej;#pC
zSSJgjRw3_bC?<@`ahqcH<n*%z+;kKVff(w8VxD_OajoM!p1rb?U4ui<7zWNy$M{?r
z>M?6_<0BhwP92FKZ`Cmp^|PboOD^`lROM=TT}Qd(Pc0(e=|=yS#3sP>U>x_HfNk2b
zXIP=Aa*&%<cSE5(GQg;r^gkLhTfe)yf?-|ow!0BTw9IyN(;kI*QU+h97&VW*`+zwW
zMbtj)7c=KCKnk&4)8={tz-73~wZQ9W(&z4orSp}J=tZcu{T82|15c9*i66Q|1)9y#
z3?pCd#y2m7Bv<+Kyp=f|Xh>-mD4#L5vBik<Kt9>@Oi2>5&AKJAg4UnUYqaX&*T_yx
zlMB0SH1N$zQKe%Or}5HAm~t8~gB5_d$?t~G`Cs~RQ;RZT9w@n^zd@^9u4D<g5@R6H
z6o{{nxM4V+kGjm}ruNg~NPif4gU--4+^If%J|YXP?`7)9r(Bn(_@hs`C?{<=;%;(!
z`Jh72Hc;4upz=3K`Je7Fx}PgUBr~*fKm)Bp(W6h8wFx;>fy@98vfW{E{)4p8Cf|yC
zg7Ir)+~8(ndK($~3BHL5hP=TTz|0^H%Ou(2M(=AQy3C+CRZQWdlotLRSbcO*gt9)4
zH<TTmzd8QX0AuPW3Bd0yrabRdyLXot=znr-AS`~CEPR>Jy$M4SYl+rl@{gnMzQm+Q
z{a7jEal$Tyq|KHF6yXlL{u;TaNyl)BMv*O5ufonN@NLaf@2gS1dyXUeS(-e7I)8Me
z_%FKHH4v{hsGb4+MvY3Fe2SNB*a3mS3EAw2J2t>LV9AUeFPp%4)aeh^|H`Ux=aklN
z4MIGt?S)h5W=hqm8-cL*DX6@<e{ta{2E16fNWLWTWZ89n_p2FutS_@pdsc*0pgBYx
zqdO)f+B4Ni{<LFxY8;Xy1MFetsDeK^mJcvq8DeasOA4?iv2w54;nMmx%+JcerSMCf
zTNSn5i*$9}UIyd$$8VazagP@L@EW$1bs1e0*PTkLAzm>bW{N5>f4F(Z?YJxxvK45I
zpLg^Ip(N0V>}BfXYy$Ro4XxHoz%DyuH~!%)EeAdVz00kQDwo2-xr#&ZOc2$<&kHqT
zM`o`$mwHScty6|9L8Z{Z7MIz}HZ4#iMBiI<4_Co=ZX!Oyw<8gB2wdwi3)0gC1tH|g
zmBwV-#KSTq+wxC_;JKFLf54#eT0tt9X}A@kO62z|xAODyZF{)BJTwA=-#yI<ipC25
zO$mkEIqB6nlPWYxyG`A`rdX=@ehMgUcoKCWAGFY-^6Q8>v&lq|<6(kB8Z+pId{LKr
zY<PWlv2pr%FLOc>5lW?S1*ksmEh7>GQ*AZ0N*6DcEQLoeHyPwi^`~piTYT2<WdDNT
zOc_YeDz)}(qWh>Wq>4cA#oY7Ty?;sA*ybmDC4*lSyIW+!8|z-k_B+0MONORfHNaQ$
z&>kejv=Yt_h#rfU%{o~ychRWLJAxZNso>k6p=YJJBVI!H!uQ)k82ce8Athpi&2-=g
zp-}5Vp#p_{@u0NwYwAd|060*qvvlUm<aJTN3<`z)1!Db^6WZZZ;2zaE2}Sg-A67t1
z^pa?sxIR(!g&Os{Y^j9Vj6?921k`&{g?;kI|Hi=ewa4u0m2y^Q03LPNqw-BC=a=?<
z*0B^zl-I)hsTPT3RRsI~B_kELmox|o26MQg>uq<qArs9zvZXg}vrZ@mI8<+E#saz5
z5I96g&Tt-m{M$xdCR@BlYDx+`G@dE6CgJu}eZ5uw=!=`Vac=;D*Gj@9={6Q3Ok5F_
z@$1|{o{XGPF|PpGwa|Sr$-}avf=`KS?zBUpL)0wv7NyEHPnMB`89hFn1yXZQBQl>B
zF|l(s>#K3U$$iK)P1Il}-ZX}4Wb2xN(8;VFvG%;4`^V4nt=G1R&wEr*#U6>+D8Eh*
z*e@2-01@fJIFYqToeeU-OE_6&4#36CUbE~-{#c-m)NniC&MU%iC$WzHxt@?FxCgNy
z3*tJ>*CT;(D*)?b;`oEWwms|Jj)QeH>QPd8Ugt@KzYlmBUnA50(YRgZ1DEcN&b9HH
z<sqP?xi5c362*hc=9U8KIpfJ*0BOLjE~rhTGbg<RmfA2kQc#2ID^X;_qgP+2(MCKY
zPrFuw@BA;`fov3ka?$V(mIq8)a>UXh)(eWP!GZ1`l2VIi6C_*i4*R^9b@VSVp1*9p
zsjvMND0nZ~bvhELg@VMV7ASJv1KMuT$v{<(hCK(=^^e+*Z*h;M7IqjkVi_v@Bi@8x
z>EFZd9*c5yWD;Q|)w7|d-#Iev;u8Y)bbwtxKd-T`Jx{$>jB=uo3%&>orKP38h=#!Z
zO&2L*IOO_06`@OBtW;clb7Ur<jyXlmN*R5G;>9krK<dZ<*LZg2g23|ETLUNuXEz{B
zMTzF$_piJ?BRV&#*Ke{HcfTY*eX0m)ey#YU_<B-);<MOPI0fVO1wUs12;+M@VhcF3
zYXsa|CT^i{MnRw)KUp2O1X)!NLU1+oILU#Xpav@jL`dTu)x0r0``YBxlBEab?9duB
zyOVC`LHAGmz~M9ZX&=$qCrx^Ay9IaqFKgNL%iY#x*)@HSWj5-HuhhdeyW%r55-hc(
zBU8~8cSSs-W8jlG)PTpr<(dhj8{2lwnJ3qqSJS@Zzg~noR2XwH5zyF2uMVc1wUzR&
zNpdcUVwf>nxN@$f(B4L^IeqFT?|iE6I%i_h%)fCnUHYgmnZ!7&3Hy^>h<kEu&^I60
z<y%HJ{jqeBElbi#iop4aMlS%RP~;lJER%gEDSzq0Mc~!L90`}ZFCVsgi|Lg)vsZb8
z23F9C*NC3rD0w;I4jNNSqiN7kdBPHJmE9|kje=CH6HmIShiiET0`+vyolunSnFa`c
zp@>c3(uGfZ3r#_rm5-FVrsl;8BH^xs<Uf88>i9{8*}@>T-axX%!%%`$z-O!rs5V(M
zB%koKdlw-POk1!c%b#K1ja+m7aKxg0DrB&hlar*jV%Gt;wf%Ga3_fQou4s1eNNK5N
zQF(`=i2gJEOs}fZ=nawTZm6AU#D^g0rnwtR6QdIbZ)k%`r;QyxZ~!KGjolbTT~*dn
z**W0rf#JoI628Tt=D{y^JTwNlkv&OIq?_v%q`&h6xW9LAwRm`z%aQB?;|xJNXx1Jl
zAh7XtiI$3UC8GVk_HPp5GOx)QmC?1(1_T|Y{KPN=BG`*#PNFH2A41!YQi?M$gtION
z7h2AFL;jC*9)EcEn-Uz^W#%AyF8r$BzZ~jBr;GzMZfy%Vf1~yhA3*$cF!lS3I%XV5
z<Cb+Ow*W*&7_&Dl4pRLGd!Afq!f;(KZGCiWF0NVSE9PTI4ivc*)3!sBYjf?LCe*8A
z^Las!MjQkM2M~kiYZ(pYJ8ng-Xbb@M-W492>u+Jc$|hKYrk&!j0{;ayO{}UNH&c{j
z?s6QtTg4-@A1~TL-+Yrr30IJSr>f6o17qvxwj^LJPRK25GTV)?Y5Amg?r0mN((Tyj
zMoaj-ZpwYjrcDF`t((4AK5k;6iA1+0X>2Jhkm<3-Oh-8C5O}eNiub(@%xZ?<tW)XZ
z$qqMEuJa#V1bHm<PKtw|Fr`yK1g=egQ!h4g?3<V?1bwTw_0BL)j$=HR7{kRz<OI&}
zy>8E-0kWF;j(hXlSuax;rt_<47+<0bdkp+XbWMA@|HW+t#}yI6{sD7ow2H6(1KeXP
z`W=g7g|`h3Nm*<#bFo3{c=qX@>k;wcKw_6`Gtp3R+ssK2w-Bk961h1>UaO4b@Zy_?
z7{f8cTLub2rB5_H8-fv=PS@)SSBP{SV7>CHjakUI!c3JG)#!JES{vN$R_bPLk%9FK
z?066-JfFY?C}E4(*|s1<W|n{X?z=n>Lb}PGW_eb!Ax%c}>pqeXab>$=N&1YG!u#bf
zWC#x$w98|UX`mrFbTE-iXH}`zg6wy7YRDvJlK{n-=cv{l3QOpoQmWh5nU^-oP<@j7
z&Tm9WinImU!E$NucY_|PO(z0uLdeD?zQr>q850!P^s`_c&PEHyo!kAK9Xn6=YY)K|
zp){#Ku5+g_q;IhsGZYjZYt*~4z=)Q$v|csl>@v6R6?CD0A70UMT5Ep<P^qkN)Nw&J
zXMTsh=d$53M(e#@%3;(#GI(_m{O;R{(z*SZNA$R1Un@YWl8R|33H5|Z&YQBL!&Nf8
zU^XCRkSVUF3X`Qvfl;4D$c|&bZ7OGVT<h=**u!~9c&6g~)mS_}v2Lq8CAUE~_)2zc
zeb#EZWEbI+ovG^k^34-&0s<n4(@vYu>)J3p>z~FhpF>V+kdh7RAoCdR=5++*E>=C>
zJCqi|-i9c?I!z=WvXgcS#KO*g-mEWjUVHBT7JHD-eyliOx#*zA`_U$y599@AU7A`{
z4CW|Co_Xp;o4_H6cM+4JJj($OGG3IR(?7=z=@v(6)!S_ysG>l{2hybsl}KE5TS&OS
z@&D4-3DrtU;9ytzXBbmgcjLAd#9sPTv7o+LsM_(~bq1x6wJ!&&aI86Bb`Z)I`zc>w
z4{QvQ<6*ds#s6~#LA4dF8GbxVD0uV75*`g-Nw~1E<ehF8SY1a4-`@Bj$in_LKNS#S
zKxn~2*t{9zr=jdotsd~-kPcJ5b|vvt{4arMW?@S$|IAXz)FvjLohTnwF;Nd%rGH&Z
z;*rJU1pj60p*H{ue)ESrJ?q=HELA45*b<PS!2G|IL;i<w@}6x@^hJ4mW&^q^=8pRH
zb1WLXk17D_8P=z?t66QzdI_x$v;aSE$_gbxf8^o3bhoXe3$W|KrG9~XhxSRx1@w18
z%^3~6Ty}N?%+AUSoARG0N1-P%Ho;~Vi^a(I`Y#6iE8&ohh(pDoKgKfbnE%`klzREg
g%m4p9iF5h_Gt)#asG4`K_zL=wlU9-{lK=(&HyV&P5dZ)H

diff --git a/windows/configuration/images/use-json-customize-start-menu-windows/start-menu-layout.png b/windows/configuration/images/use-json-customize-start-menu-windows/start-menu-layout.png
index b755351c0e9b31a0acbcbd11fda0619146e0dc9d..4df0fcc96281366e19c7113a0ed45605aa5ec1cf 100644
GIT binary patch
literal 102330
zcmX_m1yCGY*Ddbu?ry;~xcdz5?(PZhJ~#}ngS!O}L4vym3+@sK79hyu-uwM;SDl*b
z?&{uq)?VkVHFG)^peB!wLV^MX1%<AtAfo{V1(WnX){tP{&uleu*u8&1duqr_LDf%_
zoxC5w*-ENPLP0epp+1|#zaJyJDd>AbK@rgXGoW+vhw-4G-pUkZB(*-9oChL?7|X8S
zpR_y8l<P_{Q5XN&e8h&+icp7_#FD`(i(P@oBPED~7sEP$g~ykHE(?!|LyD0InWg^f
zvi0?#^|A0zzL4!DI0DeT>d&Lj&~n+MIW4qM;CqzrxV8}NNCf7LwC9Y#&xJuz;Ldw0
zw@0B4r&A7<P*NU)<)YGukBCX<#TqP^JK>Vo8{kG?z@g#a8%05{$jhI-E#AYNNaTC6
zfMCf6ozuGaQlA~FjPS>a%KcT^0`*80HaSU};^~2}N@ioE_X*vd`eajz<{?=aaNoJ|
zVgV}Dnp7l=%1yJ4l+;csm;i#bv=X+|$1as(tN9ub-IX?CXo6EHxo~BkU}D`$JKMyE
zhDQD>k%QL37toS!;=p0Algmb2M&xuo(sYZ_jF*LY+zTg1ZqrP?Qxvuu`!Ib35Y%kx
zgLT~46xz~fzKV!t14vfaD-bQr1f`N-%y%jgs}_vDjH5`thEE=_5_^XsD37b8<CVfx
z(Jjs9g?R3`Qte7a$U>&q{r(6owB@l~BN#Q&p;*ru#yp{P7$^(VwxKx)nl~q%>2k#F
zGSLwZR`9EZ$`wa#`xV)g<b-J)jtCXSo_y%XN|e=yHAfYpbz@sE5Oln@X{qpg>|lxm
zJ0INm3J_+{wsfzbvJRD*v^s8sAqBFix?dkscL-HRutjADC0%cpGPqS}OR@Y4WJ(w%
zAFiCUL+<7goq&W0q2|^k6{<OH7yJut**XGk_2>FJT8Up*yp0i~aZ75}4K^L`@xpt1
zdz)7MzBvw^9+_Mi_8NE*$^vAXo0*C(v*{P4E_Z%K4~*IN?@B9|2{-M-sbDKe=BH|^
zK+wGOc|4?qp>M6K1zMc+2viBN4OnB?XGZzEEp2!O1W45gv>j~E*gquQ0`ZDB2RI|n
z^_!g6XIF@@ZRFbU&?#_6)#0lc3;kP^6m8|irc<nauaisFFKVO|TU9t`Gv5>rW$5<Q
ztw}Vr;1omQuoQG)$W<MVKUh;i_fAT|AZns#O0LCG!EuNHQ~PvN9JcQ!@G2FUBdJO5
zJKHs_Q^gf@q(Vwzxl_X_f>6*b)KsKNJS!92ElJ$?OFkn|MZ1%eX8E#%a-gazOPd+T
zvzrWU4BEX6`8`J_o4N0F$~kzOvDe6DEplX%igw~dLBxpxR(p!!>Jrmt$Cb@e3i3x|
zWoc}j;b{g4iv5b|>ak_G0l!MiV(8+mQSMQ>0YI1+Ak5LOM`@5MevL*m6gpf66dFvZ
zn%K#HoB0TkIdNj&G6z{1s2AaC$WGZWn2`}5H<C;rrA-K(xhPzyP?l$b4pPzc#G7^{
z8m$W8bR+*>xCrZ{G8?8WE5O;`vvb(eKDo4KAS;B#g=l!pBbWD^O$$9W-K~lGI^M#R
z=z&Xze(_j~adDG(rD`lCi36-pprwkvXj=Kh?G8v1cYuOkHJ`CZT$nzZ$fo7ByH~4N
zev=u?tWVYjeIVszB`g>7h}J^t=Ye;-QrAiDv&M!|XHsJ&7`nIb=l{%|RTMGI<6Nta
zM;)5ixV?>ATm~Pio~ND*?;9$}^!F5Jlrj3*!>1grmU=`NF;pF&q#9@=sL{N4lL^cq
znTD@m0U%VVb--nG45-(jHt{-M?OajfW3*xEd!8O@9-Rwz3!FL-ts8-!EreL`rN5CO
z>cs-Xi%u&=vVc|=_>tylI*C%)@aK$DlQ01$1C29BgQ^JPDV_YOQDA&TA-4e9KEDwE
z_*`O<py$$)G!NC*=K&y3qFZAsR>`d6-F-&f!7Lh0H(S@bZtDjVrY_;W7#Fh~;41RV
z%09v6r+`N-ShO6A<d7WP?@?>gO;Aq=<oW%r(f2b}jIC-v9a<Dy%9r?-9^0G+NB0Ni
z-z32tTP%3Hi6wmwn8ZDe8!g)jn*s!#k<F~*K)^5wBM!a86BdNAS+Y;BT|>Ll69TI_
zVn)ZPIDz_I#}0`<ZhIk|0S80JAj&l>6gRe+d?!K+ueqBz#d$iRFvHOf+a;gVd2*uD
z2t!wwC8KZZ_^Sd!HJH^OPqwpi%Ys@qx}1;WFB`xTNIJ*dpP3L76`nMh5+#C9Hn5mp
zy2GyunK#?jl+)RTK`bqGREX2IPldymRHMpQ$wOjtX)M5i?tGI7$7MpNSC|PdDrjLf
zH>*{mjoilyznho8P-G+(aF12tQ`djM%1SRw8=)U9Ko&2FokUah@)$(WCLQ3BO|;Kt
zWFM4r#Vv8_XuIgdUM@*-<edUB{#q3DJ^HQr3CnvyX<CnV!Ooggdi~x$HGW`r#EM+w
z50c#!*@E2x^!jDT)<A_K1tiMKH{m0yxe0(#{VpU&iU4E&i*hJy^7VL*N&s<gIb(EX
zP+`&#kb88b%u^G2+v<aL1ze(red(UrE|W+e8A!`uUjiS0um~&Nf8wBklSvM!h_uy~
zlT?-?kDOXT4U{gLqEfO*|G^28t|e=69LTYBKkZ9~iMAUBh6DVFo)to}Lm1~`RLroQ
zg#8x+Ana_wE3SM??<CZu7NOeTb9^#QSkcxjZL_55<Bc9p_0oK^SBSBl0#~6-Fzl>*
z0N4%W%9E-R>ohmDQL8lf8So?>BdR{e-$jJx)edK?iGDCA*T*7kj<WsTKAJ|~XA@UY
z_aFujHrn89E$rONK{FFR?a*>ov$-U$xn&~50K+u+5xNU24;x;ewILEiDM)HbLk;qf
zS5`!})Y{_!x4?wMQZIG#_hw$ODyFQ5X#JWA7P4}bQ+l3PzV)XGoYyf{%HF;;UoRlT
z0CH}@iiix`S~tY-oz!TcD=1&hs}#1t&Aum)sFPW$?2f4DUrmqBJeFDVvXh;sYgEC-
zrOa2$uniDa9BpFfgby`HMmy&=PeaCKu(IG*n5f71Er|9-&eLOwFpd<oVGNV{J5biY
zD|?(~x7q=KB9HPhBZW3lL;D#}Qf))?NqP`wFhiAX-C}Fl+}%ZGE&ztey3%Zfh{xyL
zhNnVptJGX0JY{H+i7nbM@yHC>A(Lj|GGRSV$Cet+f6!*;#Nf%`GR*pSwF{(uzxdaA
zrO|mAF+Rb^WrFP=p~)4cYM>wJ8?_%X8#RWSkzEFChCfb{2uLL$<HamV5XVEEN*~t=
zVnx-kHYdm_D|=38Elg#bY)%|vN8UwT{>7SIYT|IWJLEDp=_!%0vl`qv9%qa?1X~p5
zsvvJv3C6+YC4tE4Ft7Bt&tJw69yUm+r8V+(tW}<6KBP589YL2>m<8jF1ASQ!v<4BY
zkp?P2_CQ$3GKC6<gInlTS{l&r*JFlO!m12&XSIFl7+Zj!2Gw-AQ2xi9wG0SzcAW!*
z)3dZKrYh=J;Sk6Y3&#GwYPaHNT+s6^m{~+EyJ;lL-EdK03d=>zW;67TEd2#alcM~0
z2*Jkn#(s!44=CMtweB`Rh#Tx*n^)HPb>F^bnU3B{jXC@Z`#kfJ#G1p08+9ztx@hL6
zRG5G@?Yl-1kNRCzY7z~(C!8_7F)B;p5tk6HB(n7P4<XeMsPIlKSy@<Rb2LNR#;L=k
zQQ;#Vh^B=1LRH_KpVDc@nJbNtl6r+&aWTh~;Hdkf0@X`@VnYQD*Ek~Ah?!OMGdbH#
zN?NXr%mG)LfvxlAtY)dR;N)(Z#++2Exebq86BXGy(=B+eP{!_$524B=%Rty2NcxIs
zUw8l;zfe+rN&ZFqi|9PyA}tE1;s*YYO*TC>tiwlU0G?m26N^`1x~eFqWr!{j0D*IE
zHoCv%_?c4yZDJ<LamA)PJBWx7(&x-MaUh7s2H-;?-3Wb5YV(QB?vpnPh-m|x!A91H
zR7W7?PHX0)*&lz*kQ<Lp%j`>3%lJz<hA&1~t)U^1;fJ4&Tv{L(e;zi=V^{-s?n#aB
zTQxJAEjcJQUE?HE=FY<i`e|h(-&7Z*f?@mx4+Y@u`YGiUGoGNtp>|^>v^ut~e+nz6
zy3AZP-rZW8b<jY_MbJBRze9GB8F&)Fpol)8cV~|O;A1?|I>nHXy~1SF_Gr}VthZ(L
z7kgQ^iSm1(@gkIE%YE|?f;)CSy9jvUno1`FGg_kN))8gmg9wGAWWgNblP+}J7hDqa
zmSX#L{%0&ta9ZT#M8nFc0Pkd$n0HH60xrYKojXE}=AuuC3$xLJ_eV%w_pH9#xR)4k
zvt@GNwCu(d1<W>Kfq>5Wf^Rv9$?3l<(Uc^F$BL3nqn3p3VuV+{C_kg?DUWh0Mf6eT
zy^*+@vgT$T2$O+ql>?k!((A}HtR;rT#UHM>9g|4uZFyUHLHYA5oV{#DgHxUL%H6vP
zcot3Y?~6m`NT^~$&9DW06V|@{73V%X5T(SJYV=-1wOqJmF&VRw%KBcrnXYNy{$#<r
zW==^o8C6lK^0=ug$~rsMC^(Zr9#JWbyWj0ei$Pq}E;4Gofrw3sRucn%9^~dFi{C$v
z6Lo6+2XcA<lD6vP0L!0z8hfsN4Wr~-8c5Ne5|gzM8{`I6u0;(p?UtM~3{vm}jko2x
zbh;Yf=tOlZGUcF15@=o6a3<htN0)g3XsXNa1lm8SGDwr<i+@r^8OMc;$)KE)P^Zjf
zj43fEt9z#J<CU3bqU3#*qO}&rqRjWG>Pa_dprE-$?2K5<q`z_qpRfErb{;{`r<WH+
zWY?9ul2c`%&^A0yfe;~jgE<yEFsJB#QduigHJ#gcR&CzI@RCD?sx?#&n1Dt2@g+>r
zaD{*QrijVF2l|+Tc!j6th^+N*LA2BI1*x@BC2gGKSnHmXae40?Gk!vmQ)}J#GQY3n
zzpu-Tb<iOA@t<>mT)uM01TtootU^x6X0k-p$tRnl>zlln(lbp^=~_RbtfiBMqvwk@
zPgoSxf$32Jv%IQU3^wvA_Ias3xa5=imGgZAbW58(2m5=8Tafkk?viE!F%G;si@9GV
zf0rA@od|XDzqhK>T^eR`wPbU)oyf7@`2hH*ST=qI*mc1;h~)SvNN!`)hFyCcZ<Io%
z_!Vn;BnS9#S4JouNPMGF_!@%(AbGa!G^Mqk--G+SO<KOSn7U=vJ!Medj)G>Ujt4V$
z6yICmVVdMRhmku%rz%R8r@Az%i$Pr;hh%>l$_iuN++q(L%q%qWj@;AO_Pn607;tCn
zOQ-MXEa$Q;pUhek9F8|H>`JkWdbdvH?4Xm94_!~=k-r385BBcwhg^FN3^r}xWC46c
zbLDj~!kj5IlvFT-O)|Z3R+;VPisefo<bw6Yk6D9mK{8H@adLsf`E4hq_B@PEZHf~s
zPSbp<UCb(<G>+3x^XoZU>ab{kR2MY1|F9pA(QXho40`m2)YPc0SdEo{IrYM*!pPNS
zM=(UU`*kOhE0j`IpdR?Ar`Q(KC>ZJ)5+W%QB0XW<%6y>9vgDW&yoqM1QIN>A@>3`a
zot>tZ1w>Y#`l?38VT)8+mlV^{R-4&K643NvZn5^&u=6RCWLyZvq)!-~mp(MARE$yt
zR9+>~Czk9ejtOQNvE>UrY8=9Gla|rp54qLLNT<ATk5ot=Y-`(Cg<3H;7Fwy7lv1Uo
zCCkm3;&hNUGN?{^2A0`KkXU@csOCmwJbYDG!+^810x+b7Tc`pCwNYZ@?82|F`vllY
zF{+NCnc7W0->KFa4s<>uyQSz88hDRO@y8F8lF|TUg5fw4;=@94mFpu>!AD8o@<LPs
zm5Rgg6P18t51233`VLRw``B8@N=4jdwE1kNa=$z2l`=prXn26KBHVhFrQb#UrhFg9
zv*n+(6tjMO=3!0@WHTRZB+K|aYE*;`jrh9z-s*)lt!BP~hY2x*_{oL1L&kOj&Ze)T
zZV0`vN|nP6A+;w+I*A7zKEnvgs3I}p$&;E}F@EKjZFfP@&bXa&&^5k#&{i4gEqANK
zHXp7MG{%nY!V?bgx)SK)g=+<EWr(j@dDXePZ-f)eHL4XEgsX+CmByCgES#>I$o4)q
zq~J?g7N{rLVl^W`6@=3nPK@t=th8Ngm*qV-_gw;G3l~dA(%KP1I{XJV#wb7f2sC<A
zbLd&h7Ml?~P5$~-*-a`(|I{0)VLqkMrXvRA%iUm#Ca~pY?w7xq_lhn73X+GyKdWcV
z1BF*nVkJDPtI~IVXDe4&=ogOTD+N8pztSr`YXkRbldVGI3M3?hJt5h->bd;32-#M3
zs?I+z0uPAljX>KfJ6U=**oF(c>6ga4see~<2-vi+wJ7zB6-`Y(<agri3pGZqA)&(+
z&Zrf{DM{|p)Za9tv*R+VIpxov9-PGT3^Mx?t9)!@iu+{&)%NQGtv?05y!)Z^$WMoz
zr>hGHC7O(HA%vE4A6<sktyeMUspr)QhX?oOPI61;RzT?6K|+RV!$i)-lw-14An3hu
zn46T#?{dD_^oWKnR7p~b(O(Y{J(A5g?@#JR?KN#w5!h<?a~}zQwQOsUnA*2oXL;~~
zq4;Uu&)kSCJ2E^jQGgkM)96y<FAv?3jU#bs&cB0u?>tr&I#@wsW#5H><w)rERS*l!
znN6N-q_|?IM6Si$sNUM6yngKZx_EutmjWYHc@H^z+URHDp~rq0!n-cT#K5aX&BVQ4
z5fx*7p&{4m(y|GC)mV_!c@tFNx)zuJZAKMJj;@_pmGz><=GY0yE|S^?v7lEdSghKP
z(8x2>SL|@sq)Mgt)k_WHlqr?CS=i@<4nXNovnxs0xK*Xx$vu^lb(!S!>usA^Q<D)<
z*l`%_&?V{{zCtYN<DnL&^?fi}IQ+EF7KQ2-4xg4InuYqO_&Ymo*24PPWM?Kz8VL6q
zW58uSUIiJp17+1z?dd4H4e89GUA!K4Msa&~!a)4pHx^o}M_p$9eeve02h7J<u@qd&
zgXYx00z>`eu~G>eN^L&l^d2(qDj_8kc$r?koaPfr)`<brW)7HdL{GBcW*v#FCnfg*
zFpt%4>m)bW)t)B+=4ULz90LluGG%pZbhZ4cb+;E=z)osSwb#brwZ5LA`!OPCww<ht
zNET8Pl0Zr7&(y-E6S{TCNEsI^1hoWp8$}c|4Ws#cXj1HYNdNr0@u7>wJf13xzNwMB
z1Ky1VBCr*I+*ZL;m^q_>%+JaSn{|T95znyZmKV(m&lu+M7Okt+PuiJf*Nq?-P~;%o
zcI=qV?b5=|fCo#96)Moi0TRuUlC=9<?5v+?-(Tvn%?X7T>PxWDMM_#95^LQdV{?T)
zB$jHv7G;**7z$A32Mc07xT{{5nE^I;;I7HTog{@z*plHpw=zceY28bT%{)>G{IFvp
z1jd=50|-Xj8}Ir1XO2tHJ$v|k#vkl+XC@P>2!%wNe`;8PVQTQQ%=f=@0;WJkjwytW
zzfY69nEz;<wzbBM=*cf>xE}nL5+z}z3iO3xOIC3xNBMj`pc!o`1k<Ba=;&bYoHM%!
zpo|(oo1|IByVGC4v4aM(!GDcR-H9enVXi;byE~kavn6y6*^}Y?+ZY<d72^Z1j+(0$
zZ_-vo?$g|6S-ae~#k68E593|Do@HYtYa=6q#AVFv*Jb&oEiqrL$^H7FYq{%*?36&6
z*GrtOeT;L6$u3%(d^j@oTi4f?%?TS>``^KDmbESdVK`;6GDMkD<<eHAqR8=GtocdA
zYqPUbd^l>^8Q&oY)8Jo_nrgUU5o|D65{(`zA;G&o!4s=K=?OAX%As}^MWlsZ)8%Vq
zxd+$of~Mj;IA)L-tvNK;WW+g$qm%EY9Ij}vS<2XUDDMOX+9YCy8id&J9en-J)x_Mf
z4uGT~Ou^~Pm4#{PJj~Jo7ssnKn-={$*SDFnK6ju3<x>-_#xX)kG9XL{N~e71e^BEF
z(o?VLXi#}8QftZJg%~Nr^Kgz8xT|TDPt%m+FLb4pGN9@c_~xVc-cI(!<{P}U<O9^s
znIz<oU;wUU=?5(GgNS#Edthffiit`MA$uz{9!D7=pa8SDPdvCv#L7^h{aQ0ZV0s+H
zl}9!&Q$jWbkNrr4VWw))HEh2v189?N=Sh=fAtz5fL>HTC4P4SIcf1hi@jb0A<w+qv
z*r!!aCWk`SD>{FXRO?&Se8GY~pp*0oAYrTAYlfsz6~YONKJTc}(Z=R>2F1enp?W1v
zB9&AU$wf-3GlCSl7?Gs4#Dt61Wcj-7or6&At9tRiG)kb?J|M_dE=+PKG?|C?KDSBW
z36jm~vxYLuqIiwT91wsB?T`=ERV3&KZ(4HI0=5wU)VuPb=q->oUFZcF4Op$N<h77P
z^f>+eK^py6%EPIVfn^kv$i%G8_5#Lh%RQz_GrUDMpEZVpCyBDSPx_uG`3LY+S+%Zz
z7pll-=gcpZf;^Z-v)k=d=G_w9Lj{9txwGmXH>n+ANDr|sxTO2-;vx0y_c@*`KoKuI
zbDi|_Di`(4;}d?rE=Yk3(Z1KCAloS;M{WwHT%*~i6yI2DD28BOu0%ygK7;5h;@?e8
z1;|U?DrAzGRC`xRGZAo)>IGT1OC-s6AHh`PN`Od!@ck-Kq0CmO&99SL$Z}U1-L^bv
z$ow=B&pEEnXT#w>(eN?xQbdxgbou<`&i^UEz$~)E$H5O4#)0+vqEY1{)rHMXc9tSF
zU>sxsory+K(sGck*M^i29Z=0Y-&efkMsdAZnX@Fcx_bCKZDfW>+$MnHo;5CEgDG={
zk9U@zPvumjX>myhL0i7OeLK721-^l_OpT8KRqzKEIlo7T?i_TCk-HW^P_1whVDPcH
zaF(0^%BSwavbQh0<n$xZr;16ym6ty;TgZEyA(wA5qACa0kXF~~c8#9^-DJ4@s4w#l
zNxW^ndu~qIyWq?9L8b^rFj<9pW~E7O2MA;P8utfuB`>tM{pRwp5CBkspuFEg1<}(Q
z*DBIHXm5!~D=Ur_1HrgoNDdQ;RJota=q>48hE$*IaGRKC0g0DldXDdBlL78_YcJ&-
zN@m5NtbI!9gsSiE)6m?nX`^qrWzV$UWID+wb1NR=ay|+LTeId*H*VY**q_G%KZ%Y%
z=zxdK=@$}_C(b9VkV`eXv<{89!PQZ`w~Vp7zom{CzSuuOV-yuD*^d4!Z~*0xkLqTQ
zeka%$6piDR_CUjvT1M$e&>2%o^5RZ>;~_7Bt{T*I4S^xgY>T!--;dc?8Eg48Eig0r
z#pyI!hxk6q&{o(x3m!t1xI3-jHE$K!CC^zZPe8A}@KsG%{CZS(0Sgn5DwxWV8~}#S
z$rM88AYdFU;Eg~^m!r4JPDy95zJClsi;L7KPo7fEDK%ySv6Mu-UmK>>Z&w+#TH|`(
zc@edhXT{OSJ2)T(BMe*i2|P^AVxk^2V$~X1FE7n`{+3I@2y>U();P)1<8g9F&0xY*
zDbr+ahJgXEcrymsJ%##%emdy9Y)s`INAN9+PvU^xd(HnkRS)Ep{+8_}i*4-bnZ3<I
zvj8^Ah6)SuF{Uy}-ct@<8U64);eebwmudsaRN3o#w5o(FuhZr3`F`<e=mQn1mBVPV
zDrKG(@060GZ40LrpAh_9pzfQ;?wxpB?riwk5Dz?J(nj#zFvz~zWd&N-)Y~1VM=8^M
zZ#om?Ff1+I7eAE<(VFwFzS&u$3w@iY(b&TdlT~I-K#v;FoVHF=z?x8|=d-7|qRfta
zt=tbEc+ND`^ZR&!%I4=ZQ$`J|P*`-$5*lLdN-ml`V<8@uDJu_78ju5jG!Z|JC>soZ
z)@;5mV^Wu8kPPxgFHN(zqIt*&Q=)5779Jmizbg#GNznrG!KAYdFC7TQd3;x}xl6&F
z{Q;y=8%wz|+s8*k1*J}+ENaowz@(Je@!Jl|=p7j79nDKifiKKs6_o?8(t!h|k>3S%
ze+(W^7bW&Be1E@le`qwk+VTpRO0*0BglTT)3Bezkwds_Vj?u9w0gf|$iJ5`fpg`Fb
zI(p##L$Z=u7)zgROxIK{5QBP}162~4W?IC3^K~ZJ<n4U~-kQ$*^jI)882)m9cPHci
zN#@MI8uL_C=ErD+qs)biFX~UE(t%a014uIC^Y1-_w@XBki?26&^L8LAGAv#`rnOL)
z&ziO>`Ks$PTwf)mXI`n0T@Ay6I=XM{imenT#O^3>c@mSqvc+!Cm&(1UTA8^ee_F7=
znDF0;Nqr-#e$$2;PE|=W3(139IhwpWk@Lh`r!rbEo{rs-6QOJ@I7!4%=Wru7w`n{)
zf)@>K03V`+xW-ukrCEdLuYJ%&*t}WPpuU*9%V{&d^x-91V;Uu6s3f36KMIwULOizA
zazI@P4m_{YCi77lPjF-nyjo#H6qnkv4B%*>!kMWT(=VOoEet5@!%ZkwTplZHwu$|+
z_pQ%Q&nF7kpN|v6lZ|v!RpI}}Q<tV(*KRZ3Tf7O;5&sQ5J>^X@q#Gqk(;iv123`kL
z;_+!hSxGRq@wFbmrKdVO(kkIp)e;$6`H*5bb6xY(AqR|vP$2R@0?kO$37m66jCNO|
zR-yN@5!>v;;sWf|S`rjx$1hAMCLW}<`w_L3AA{(AYz7~C;koq2k(;D17q(JXE3jw|
z-7zY%#J!?V=Irl^<5x(t7+J9>i<kQ==s2Yo9{UD|F_>%gLGJrLl9=OE*p6+peYhDF
zrxe+F_%QtX-J%u5Z^VrJT8uSLo&T<=tbWwlPE3kL&f5!<g1);ejISNRmZIXL)m+UI
z>W3M5bi}Ls4-+r~WES=#`4B4R>0*R(aWX0i8VZONcU&?aV?TZ6H%FKuchfzKr}$`}
zQMYQrfZ!BZzu@W-Qzh0JgR8*+FI13RfCfsw=*8h!2w7T(pH@;2mG=-@skA}a_ChJ_
z??xR<QvzYC8Wr@>R<iQCL9K=+Xo&=BL(tne|G^k5ux!pzHrN9JK8=g!$as^voE8ug
zz|4t29(rlToXyGEB`%YyN<kj`c9+Rq#&<vlLmWx*@#?!qDWstUt*x$1qE{H6`C3b|
zMCzb;?m!!hS<k|Q-ugfrx8vj33vc5}<90JLo*Y76)CT?02_htwC=R7mOHX5=PG(WX
z`lK03f4s5s;~h$Jj#3&S+Lb<|w23+UkP^VAi?g?*7?9CLPzl!@RYjmBIeW9Wfq!t_
z)M!@PR$@XAGBW-dm%++zd!8sl*;5i&g>=@ju28KLk$}9_YWs#=!}w%@&2HDkvip}z
z=cn<Hi>5znYt@^aQ0~8Lr7j|Zrd6jg0#jphhM~|A9b`Osu`1guDIk5nKc)++$w_Jd
zW|ZYFyFEh$%RVwE##^F|NobVpGlD})lg9`4D<cv=q%?0gkSw{;Nl1Fan-WQu56X`F
zhPWb7#S4=V_WkBA6PCRflo}e-yVg!fR)>bKH+e3@O=srg$I|Nl6YeLwi}^#aRw*Z2
z(ju6v`DQ*?AM2z@=}1e1p4`(}0hJ6SiH%g9b`Xx9Q1?CL23#qKALHesC{Lc+N{J`?
z_E-Y2)3C>5oKUPOe!~o%h(Oe)!59FbGY;EVxkp?6hCaqrH!LmB;FGQ1rvuX9ScUFu
zCf|(HU15#U%$oAOI5YQ4W|)@Sn3kvh$lF&yF~se_o0dA_WctE_C8e=phBoUNLgJ|4
zP_>P!gc%05uq*)KV`tLr{fee|T^Z?B{7|bY{D_om<%n}Ur#?P}Dc4LuAIbRsr(F3d
zI(lp5?L1gJKY1;u3zn-5q$#Reo`Qpzo=hMcyi};AVV;5On-1B<WfwW12SDRj#HCYf
zREnc`VdZ#?ay=vo`-@S?Ye=2;7?JolXD!kf*@wMq2`-O|KV-^Gtk8Y?NJYuvUQ11H
zt<lUTXSpcxMI+b{9d&6Eg-sDXmRsrxZfST!v$6&7P`94nmFT6|e?E`F-=}!{=P^iY
z7?xYGkN&7kEg>FY`$$lfo)OH-J$BH<f(VU<cakbmqO<^Lrp{TMqdvCUQIOFikP;#~
zB})y>jL@!yF)m$nYtm2~TBMg(QX(ePVjna^A4*n&Uk+=<5}T%~RLHZ=i32iYhL3Yd
z;-?|}E(}26<NUUaR4@0HZ|Mi6$84xPS#LwvVJQjjY~nW-L|}k-`3^|PX$zSpbT}&1
zp`x^N{=O_qBTQ;u6_GBLeOyWdN8q*Z^$lEkY^V4%9#Ct|m{d?85iGNd;AkbUWt`}#
zFl)wG38z%}M0d4P@5Vx37_nFxJ_g6qGF~^#{X>sCOb;AOlrCX8NOQ6{PoK=*#ZWO@
z7yyv2rlO}v4h`Xuo@*88=4bRwgT(TCH-qqucv%;+UM>H?3LnhFqD9NB7xwH%j5b9o
zCx#7%tLama27exP!>3D)Q!=J!xf|?!)s*677fvWapo>idW_{oP$cj=-+r&wv5I0|z
zEJcD_?TL0wgQmkkJm0sLKQN1`qYEcM^wNokP_Bpq09=PuAxO^hiPB(v(PzUKT^HNE
zdSNQ7mCZJ`IWR=UDJ?t7R3Xh2vu#1BT3V4vRvj{PHybJ1<gkr3CugK?&`?Xc757l0
z=c0Op0(5C5Nt{OQSD}@<SJ^-@bw`kS^D_8O&ievONf!1Qe^g6Eu&YxBy-_OB+oETK
z`W`!O7qvmorC@ls^kKXHzF|PI68-)cUZPLorP_ZN=#?T%FG~~mw11?sgt6_i=bc;b
z<3(RFYlYYu58e1)RgFpmTUq2hu!JbK&aDQZ6S+8f(H^ie6gU!+gccRiG^*KN>TynM
zSLu`CW=>K`h_XOmuE#Y-Vf)X-XG0cb)Nm>{t>Do)v>q=psvB=B=kLM?nossmN+p?V
zv?PM7QFKFjVTYh@1B@nJkql`z&DW<`G?>&2vSk~5n`!h*sQo`$Hv8q6S`JF`E5mp2
zG>s(JjoGI&Kqq))d{m@Egn9$U60wwg1IVTNhMbLr;NYMsP>WOw-<k>F;UjJ@sC3bN
z6fzuxGb+{674$`BV|5GZZk{y8&Y)s;YpmsBp+<INidwj9|FqVqQeeNk^CVM!mb4>D
z*ZmvnHdA;7Xu*sb!s5|rU|n)XLQ+P<n#Wc)UxyxkT~%zFVw{+>vtfvD42;o$3ZT;%
zqpeD1>93$=wZnSS9CyOgspe&QoapSV{O*okt)%i(q+eum`12X;0(@!J%9vWLvK2sY
zwni*!#cFt^6oV<V8tW;o2S4Oi0}61#|FsO#v?H;k?!3Cy;kIZOYh(5o&4oQ1qA^3V
zjE*n_Fa=1$!y$H}jP4?K2DxWpBVSzY#gVIeDsms-G>R>0{E|HWz#plkTvo0ot5^va
zyFhe6#2Jn$C5v0ng--2!L3anGHCzp+XwQ-*bsFvYG9f)&1Y%)`&FBx+1s_L!x`ZL3
z8Y{c&w%VRuQT%C0r6}3S5{;i<3{qCw1*DQ~I|97FBd=VluLX0TJYE^s>|<$+ZI|HO
zDqmu#L{}d}BYrkiQ2ToAMT{Rx*Y?Ilm!hDar>|ov4be)``Pwg=lr^Vm({na}OJcj-
z{+(A2xpGgVB7@pxf868?0syV7B!!wsQIuM{lp~Z)!2J{npX0HHfvzKT+kG@q8s9RB
zj8R`?ey1Q$*Y6dUN?V$iC5exhU+8FO+SFQsfAur}9FcPof^x1)qh{JSl}9iDT`W(T
zs#`<WR^OHpQ4;5zQeeKUB<#Ea*837IT-gK_!Gwhhe;)xvg<tKaNRoj`blAwPQ&y$0
zhDl;gHY8hBl2NkN#G=RrcM{54QAd6E;zN$2z{zRB?qU|NEBp(*k8mOsIHcX2sN$6T
z1%Kg4U4iG;;F#E7a33Ny)&7DGOt?c^GG2(PlaW=fE*MV?V;S;CX7TJ(q#MzxhjIOe
zTlL(U$56WGsW7Lwb3Um2Q<!>eDA~F~&2rHU-MJYfA>AkX({aZUeg35}74r_e^6r_6
z?cJxHR92$RGQu{sALXeSOvPJu#P%N_+2#%u>%7KknaC6Fd9N>|?o&h6rbEI3*x&dC
zI4{-*3_ehQ{VvG?PmYBzo0Lb7eUfo2GEsaqaFWK&6=<9-CI{=8r|Ia#iMGB|M64$6
zG|yMkT%#ZW)!b;F9|u;5{Di6f#L2jj1RbpmdqUr+$%7_jPl@Sv;vT{~+b~aL4Y(*F
zsrr_YZV_W>+V@@)<OY&ZucYgKIR7=8$Y8A~l+SIWM|orqHM6Qd+>0peQ~`P3F1x~_
zvVLmpd$@71xt58wS&=eH2q%-nXL+jFo3i5elVxm0KmLio>Pceggr3Z>Gua=Y%UkJb
zwqj@}V%W8WS!fBGo}uj%<`BHh?-4EBK3{Ct&n8JqvN)-_yjWh1^;mL>=u#mkjB4BU
z5E9L5kv9I^g!GCR$zSu^)rB}jf2K|Ok?8&HdPg(Wrw@pwS3|oH7~}EzM-p`CUDEB<
z`2szTb_G5aer*%YH@k>l;%G3^iSDQ4?#@$bEfVdp_8;BzE?4(W6y3kqMOm|h$UVMV
zr+xxbl8~IC$gZ3fR!3vZ-}x!@CZV7Sos%SXaWLNK*e~yW<lQAYG$>ZeYp%BD#&t4I
z9Dm<vKR(*0eR7r((Pyy-3HQjer};#;$A1DlP5~n8q_YR<Qdl15(UXC|o{8^LyDS<G
zTJWhpq^sbxk!nGUweZb+Ts~`U%<7^YDor$Z8F5D+$M}npz8qsnjY2oavAWR1=QDEH
zX~2@C2TH8nP!JaiN{T6#Bv7Uop4Q*^gR14Ngip(-!)5Fj=1$hC#M?xm5Ze!Q*OX+)
z0?iNbXN6ls+c_e0v@O1cD1!zUQ7MyUKkq?{S^QqcUq8(Nzzml`vxhEHFNd>1ZHW_w
zu{YdlwZQnG3Qjc3Z)6AuD}VNg<l1^&zXGYrj~qW;(r+@aVouSEc%5$2Zw4ZhTtaW|
zZI%~vxp9!5%E2y<U5VlrQ2Pp7+=Edj<Y4;0=@3N%@xC8;0Pckhq%EDz_8!QEwZDsm
zo`0|MKO)is>~0>M*xT9J^(c?7D)@e6PjMx-K^x#lf0}Zmz1^!Mi>A+(k^VO<t%{HJ
z=e%hQZ-sN{vl^v6+|A^ym5Tohu6c#eIo~5{9?u|XJmtFeC(6uC_QwJpy#EG29G&LG
zdK8{Ts5prj(bFD;<li7gJAEWx`)f1JAh01XH>HRC-)R!s*q~~LLNZT&*PuTlxV^7}
zaZ&%oaFisyHm*L8Ii{<j<9o^P;Y6f2Id68f$k-pJ>Q`SozqEYx`@fXc2n<9yXeZw@
z2O8D0hw$qDSLU^XLeA$LSA!N`XM?(}qs#oEsF<;6CmTP){4$R^%Kh?5jnv^MN%t{F
zrTN+SsHEUk6EkoQ+7o|_Ym4TBJhl(<{g*(F>~=j=<wt6xVu)*h+iNIy74Eu$p2^n0
z%$U&`@_gI!{nk@Ry&-x+0=i%OHM!ZMT55u3l9~bu^{%}ytbe6*-PYE>DP~syW(7K0
z?C6e9QV)Q2;lsbnYi;#9$6ZUaD=S6vFY5zL4fVtJlsX@sv%)sJqnw=wk4*1~(40;F
z1HlPvwzoY*d25^Iunp_*L)P4&_4q#>{RbW@Ea@Ab?eQjG(G8xR|Dj8Y!0@x?aAW`x
ztIfs{{hvqx!j6FIRvIlAVl95)5erIN$&4?z64ui>yZtW(Qbf@iiiC7f*3$Rdf05)e
zNapsk>QX!INI{J*`oHJQ!C>7`DU=QUY0<pOT_LOZALs*6@PpOhzdJOvRD;-D>wCe1
z+Y3xmL^|b1Q#{(ecd#!UZ%^U>L3Jj03Sqhq6i0%=uc!W8aMV@ryw1|21G;a3IJtX}
zjexB?Q&1^e(S!Bc646;}R=fO)&vc|MEeE?mPrbcj$@*f2pUC8^9FWY32vFdY$v6O2
z%OIebV%xOvRC|EMF%w~D3ZXys`tnonmv>6ZCBW+NRdzKsH8E6?^m*@`O4xU3lvNvy
zin=`{o127JQ`@yI|3ibohh9@%-3pj5s799P=Qo4ZiR|hw;Uhi>V#_ozVR1kH<q9xl
zaQSzEi#F_!81GmVEq0oTG%>OZf>CET2{~7~&ksA%Z_h{KH6j0ySq>e#w!G8<p&n)e
z0}77aI%|z@Vwtfp;MxWm<KtDIV|}OG>9@xz*8<OJAq^AC<PmM?|9aJqJlleOKowGL
z54+J^6dGyV(ss9O==x$f%)jpBc~X|S8E`WN2-+jv>Uh4Mu!i}!!REie<ErPm4IpQP
z4J**xTXg<Kr%ay7Ut%+CZ*4uF?0DFX$L_i8{kwhn?d?^b%pGpz-^MeYx6Fu{{$2Z_
zWu^rqrz<ZXjk3sV(QAxe4Gv5HI=Zg+%TR!ye?a|H^?TupNVbK6ZHr`|w?l7^W{x5d
z!YH4&5kK@?Ng;_`v}zs%{-S(2mY<bKGO~Yq|9TACE_C^d($Wwx6s%vGDu3r*qKMoL
z8iMp$ZOil;(V^aK3!(pY@0Wci=0!F`2vBkiQ~dd=^Qa(xyD?Yj?O{Y*?0E<CZI|%d
z@#(4X&EzZQz{fuuo|@$<j~A}NBF<~A@5tHCmB<3ZsvEjaS@cd7k_Ns#AAFET<`{`{
zz5Mz|Zddev1(vuI>Ypi4-G9-(6?EP-LgBp#%o<5|sOwYdxM*9S&f<c-sV-Hw<HV&w
zqMy7aH2Dmz)ESQ<ny!$v1eG2m1(WTxGZ3k@(PciJCzRzafG`05RCNH^9+*znCO?R6
zd5q>x!_2;$(8k0%k{5rP(^MD5S49o_>3fu~Edww1a-weem7#rv^)GtYoP9-p6x(Rx
zb{szIHbkVreVCYA^p=T|?KN8b+5GADMAyh29)}i{+XMQaxx55DnY<00G#(-Uw4o~S
zv$WN5DCqCSpZA_|=rux>=Hfgz1iv^oGN)G*1__tzR0Zs($lJ^mpdWbuF#hwUArO6m
z4dZv@hXCjt%6B-kK3X?>f0vV5p|Zi^7d0g~kX*vzrm>8F%K1_^_h@4Me4-u<^Nr<#
z1WMUJ5thq+SBAMyB^q;J6GTnPh8X|$av3Zid_ebaVbR^cx=?kzm6cID8mp>K-pi<o
z)8l!1dJ_A)Iy2za`Fof&W1Q1$vIq`ogfck5;rYD#vX_Z$fTR1o`KQmi`Si!*qVS-r
zaLT^z0#5TV6$lrSj>m{Fz6GnaBz{AaPDt?%L}VO41n&H#u6?u1BSZJbkoP?^UsO#)
zFG(qC4Q!Tx>n7#v6(W8ULP)H-&_Oz8@WY_^+vCi)+p-VL7s7iXuow?hu0gP{$X0Lf
zbA#!kYbTP><l)z+Z~g}vx)#pGT3?XH7H~8YH<<1%rk2kl4i9aJ&IEpXEfl^z+peq%
zYz5rB-+=V86HWQL;W;B2h11*X`Ytm-+2nvus{XCF*FPecJ)RfsY5xBH=3%biUhdy{
z7W_D2n!e1*DLM|)HTK3=arn0@`_$XwH<LV^{>cc$=E1?wdz6{};Io*7h-zqa+wJg*
z7ZAR!#R-*Tn~AQG&#JW^T3G5klafsQFTQx(Jhv{Wh4&|v(WECNB>cOq$>HzZue*x>
z>e$oj<1AM%3>rXY)bh9jOlI>OjnXE;8B)G;JlCl?cAjL|XWbbQBP#Uu7?Ly|?H20X
zwu<nKa_~;hPeb^+A$CnvEAN$;k|)_~G8hu}X{-@dl0d14Hy%(3Vr4t%ZnTb=j*Dkz
ze>5!*;=1u<*?J0n)gHM+G;Sv$Atl}PSp4+qQxds|4*W8#nfhS#2~9XoV?}>M#-BEM
zs2be{@a0)OJR~4Buj8+G$`UKFa9d29Jx@>6H|z3$r32^<C2#}TUhS)oPRSRZTK<Pz
zBqR`c&hiuLD^A9(*0#MaL6_#;|GRXFV#}#T)&EW-?t%4fDI|Jr9yk1y6PTzpc+cqa
zGom}<ZpD`Wt^1n6c(N>j?mj+0iWfmI?ZNA7u=QgTeHh4+pVu#8)oIzC?7xJ37>(Ya
zKDDDPa=0a!@!?k*%zm&DraE@w$ege`?q-tHiyIHjsr$zjIFM~O78DeeDQAL}=*z0v
zx4YcDBc+NFRt#LiyKP|EoLE^<znMjq<pJki-IhqaemdAWIq8i6F_psaRyQ~62lyhu
zU~qXk!wTdd&AV3g7{?CgQO@VAip09|Okw68XnCjN7li-Ny{!y3Bsy5)dx3q!iuCD1
zbRBBd#sWV}=~CPM5c!|jL*UJclxj#Kj9EUM9R~#7jc1}L7yNMg&kb=In1O}STNZBC
z$0G&SGkbK5UaRN2H{t?O$vBQ*>hV&F65RjQ9Q1?~IqB9lm*6VPRn4#Qhr~aX6Dm~-
z1z@#${*khOoY`=-^^8x05z%cecUXxegSVO70Vf*kYEB{d!aveDJG&ym<imD@`qRvA
z^tSoS?N5dE|LZ1#2^%-f^h)^=EuM(^xm=WU?sCT^shr*Hk@kW>hsRgcX>jK<?(JWM
zGt4fR_us7iqrisWZJZ8_V^Q{$c+dTwL8+4r_)d<2TL%C6)LSZ)LBaCwc`Cbgf(L1g
zbmxS>9J!0{o(lUPPxUV5Ci{$($a4ITTyDNw!n|a5t<L`k$oqRatBX>7qX@?%3uX@C
zb&?ygxUuRYhyM|egcd}Fw96Ex%|7L5?u-AY?lFiTIj7=3L&#4SG55w}QRK9aRL1sc
zKyv>7U*I)Uyt!~N?@HO}>mOxMHXL^NpF8_J%g}*btwY@jPhs<0-f-!^ED%^`?eGd*
z+FYa!ia+G9fsTT+ZGPc3w*5lsUSB19t@llR>~D84N%+6L)cxiFvaNmly7bbYG*$0X
zHun$GpD#JNU55`Vf+u4F?-KcV+VSV}ohER+E^`9Rv(BkNSP!1;B$wzOoyURE-~BI&
z!~RXHjU=G)rw*EDJhb|8)osFSBuGAcQKo<{OQ+s(=jlrwbk>g@E=rX8hhmifJRwL4
zw69x{Q%**>0u3hs<Gujy2=JeXLrW26aK>R8d5V77Hq9vg&jF?cbWZY4%@%)Zr&16V
zcWMhY^YLPN*ZzNl<|nc`Tv2M>L5t1&|9mTmw{JGJ^e2;VY<v^7^M584JwZvKS}l+n
zDz)wen}^_ix^c2OnXjdoM-E(DPH-pW;dZxCJFzDI>`3RMo#7&%kU>MIqqd+f(SvKc
zvINGdVz0V@%<=J$5gn##vDbBoa)F>yBKs8U@8H<5)g3(oG6aSMsgw8T^6M}~VYFOh
z^Hhb_z9&!UkCEPr3kMN*(|9Q!pWVM4`Nbug)=qdKct_6urrk9!9TIGIn&4vp(aJqA
zKCDwvuna==G4l~dS3{DzY;oQZ6f*p-(>VefX8<-If7-U?P=@eh<u(<4GFKdy!bphc
zBNuXU&`3@DFgd;jEQ!pCwK}GTi5E3k>IWK_=jff9*Ae;7g7Y=3BK0=16<E>I6Y!}5
zgpu%TL7WK=(YV4gD<8ipgjzYCw~w}!C-#4;eLQ3OiYopA@`I9pdxled<M1uW`&P+y
zh5T<KwgmuA4XU3{YQ2r|KuP3aIPYVzJt$L?nBU_0U^Ve56OU>#KQ;KRja@_kCMHZ{
zxXoxiQToaJK@5AVr~1zI=bU@OazBp_0S}nedZU>U5$6r2j+j*M*#H}vNbYOYv9Fu&
zAb!c~$C}Gz#jgdc`&s(H^SHR05*6um=XAsYym)<sMA@7`uJw6PJ@6+}Zm9EGqV+<Q
zG8<d?U!*l%_A9y;1^_fM1g;7;)^LCyS9jElu;-Ui)(ku^A9cbw3pL}XRD?>tO<d41
zsS%G@ET1UIzQC+f(Q+dEn|sq8rU~w!cG<uzU5Ljqmiju4!fFo7FmuW__(sQ9Y4~-Z
zL&$KM9`{TxirzVL!PVgTkASW;IBgO-m-p@bAzRbnhRk#V$pX^E!6_Wi8t59}*gJ7A
z_Oan+N~+_FrBTa5M^rC8IHgGivxSCKet%(#uAbpDF|8$%Ywk3COQuS&?|7JP4&#VR
z=Q_K9U}xn_MV;&V4v97&Yx{z4K}G?nhWojCy|-=ROusVBQGU>CPgC`EEFlHu2LX-w
zqJQ8}pWZK#g<S5kl@A#KsA+X{^AUBcx^i669e2php8#7@rpd(SDz>Mm%93{SVDhxp
zY5OOCbSmZDWR}*hMz51*##a&7)n@Bl*WO3TzZX@lu<l#Z!NI?W2-`P2Ci2^IMSPrU
z=Ieu<u-d>4`r(=T;0LTWekqGHc++j8Gi=()<(W_MA9@@Jo&_6WIlaizLaK1MD@mlr
zm#?l(+AZOtG_Pwv-}oKXO!+%$`S_@FJ#QMv2i+fY6PFsGII+2KYpL(H!j=a;zATV>
zynH*+@xQ8bDqnQJ5Z5uf?Hj+J{`G|aw)Q)kFy4di`C)A0m8wTB<+sf89=ie>$y&_*
z&xx34L7d3@jt1xUhQh<o*_B40pAB_8R~ZD>1IEVw7J6)Jg$EgK%Bxz)l?i1$l7ukX
z=X%|?k27qD63!9n-&Q_(fBRy&%dwbQkf)vN<Q!38@3Ym}^=qEdAJv8mO@yCpr1USn
zl__l~jT6{fx2QbRpz~Wvp7r-~WDkZ<{c356&U`eqAdrL)-l{W`W~yYE<pKb|sG{Oe
zu{;I5x^#H~^>;D<^X4gj!-*BVqSMElBk3Yx9?)uwEoI{jMK;=M{u${zj2#kujI~p3
z^|EcROE7<j@l&kq>{X;s414ka_FhcznmImz4Snp%HOmv++uJ#$w>DhdCkpL<2FZV7
zRnyyhxcH`<A3Q?(mA)EXAE;&9lanI(z^=b1GBW*CC|a%&Wgx?mX}Dps`D>nVE%S?^
zP5YPU$G~qdkDUD56fdu;*@x~?ssh!qWhal^C626#lUV^Bl^gKw>$+;*Y!ze(Z(aL2
zAj87nr@I>Kr{V!7->LKRlvio#K28OBuPt}?{3>#-rG=ge!m%Gx?!Kz~nIp}SsjqRh
z6`Z8EVVJW>G$1$Zq1NWU)>>O+xNhf+MC3{xh`Hvbl2$0sOHS*dx^`X~WIb==cRT((
zGP5a;BT4rFA-;Wo(N&+}Iqnynmg)zCMzbAQ%r{!36%qvoVzcZ0F%hShrIjYjV*O^T
zG0zXZDB`MENTg{R($a&7NuRem+|zBoTF@ca_@-(0>0r(FFdIr&60v)oC1@-X1>HvZ
z4tfmnVg!?t7xnh#;Bg~S=0o*5vUGX;>=omA+S>eEfMTbrJNWrFWBR4{ZR6xyFuYa*
zDq`P)-n?008i#vnZ#PliWAF{;!!qRUbCvO79haB)r!Q8!_o<D|1Bv0B^)1TOHh@rl
z9;RH3K;tb83s%r1lDBM97-@;q5WNVCkoj2HiKQh!LNG1L;5dx9yd=QoCk{#5z=1m_
zRz{k+l(z=o>;gq!Ri9z;3NS)5G)LNWePB6Y(NbtH$7sE6)>uUZM+Yk_C`))SDM2Eu
z*j^TlkIaM8_d{o2kQ!uv>L~S@>RhlHG8!96ntNw>?yPsL=5T0XdIxs6;03j{@o!c9
zESH25czY~B4D#Naa{D9p&@MpuAzEX4rfO?>>Ce0)s+Q!Ju-T%>4{)5kPV$ONc<1eP
zv4wWby2@>QwWnvgYi$5y==;`IZ0e9uGd=03kaR2nErpFK<7Bq=%o(iuV9&HwoKQP1
zLi^FZak7wmmw+nRNLg=Q=V4luHRvXNEh@~k^KMEJPkmwyR^!0kU*&l>C0CW)kdf~T
zv?-Agt;6$faHMI>M5O!9_zT9*)3(lg?1q)3P0@x05_yrOk3oyZ@?Hgkbc4bu)I>oI
zOn+P+Q^HBg+kDthv)<Of8K^D$cosW*ZMczPa!(J@H#VHM1kWF20pqt`{qc3Yn@RgJ
zUrK+4iwu5vJ89Coq@#_u+U!o{j=28&XF!V6^D>-UiDk#s{j{EPv;9<{X|fTdXjLJ?
zmb*C@Z}%sc1B+sk+Qp#D=s=&L^T6B_VtZ6qKQ#3DhGA}wlwiOtr?N%H3VCIjU#Q~o
zl~x9C1Uqh@zTjL^3xzNqhE*7Y&=g&-%WJjpH9&n0ad}_)|M7Ir;c-RV!wwp?vCYP|
z8mm!bPRu5m7>%vQc4M0p+qT`<w!Z1_-uunJGtYVU*=Nt$>#Vij_Zaitsl1ht2o(+h
zPoCukt@{NZ;T1i$)@EivmGWiJPd1RHmB4EeQNqC)%LJLny(K6mEQx_=>tj?AYzw2!
z_!o4cFI79`oI$b|dbO+3Sp?$qO%9XMvzD>nPh_ARS=TP!o9#NoKi>2B_3~>iVG7gj
zBX|hzR>(0ytqix`FReb@dY4Pqoga&IwHZn%A|}bk>@1PEE+7g6!RbP(P2)bFUZg(y
z#gC)k;gy~{!TiTTiL6AkE~h<o8@w8r3UEf3gaFp@D0k22U(BO|zCXxc5T<TM$a!c-
zJIG9((w$=ANJCR;-0f>z-|j|e=$VYwyv{j&GzN>!mh>EVdl{JU$Po>ZRW?bLK}Zn{
zqfy(dKY)3y;=AIwA;#Z!ihmaXej($uSG`ZH4-ihXfadEDL0_NaP%Bvs0KLWgt*pbC
zlEx|ss8>D)B&BJ@oNm`&7yH#J>FG+`<&3>Q6}tzL6~X)-G3fu{I=)TMd?)1PD+{xe
z#3$>8*a@i6F)7m^XCWLTtt?r1`EdxJ4muqxJ`F$Lgz4N-RYTEP7nm$x+wLi1YQBg(
z_qR<NrwLnQ<8>!w&0T%1?+8cDA>^1^t%?4P>zxLB=XOMrwR-j1dhs;blXIsPIh3+c
zS{cRE8!es?E#96w+=?XG!Fs}B9?^!eY-7+=u*5j{gVsSN2Z_W%iwE3^SBPaQSJ&+@
zxbj3>xM;cJTzF(8eHxW+=nC4tO_wMxH?#!KDb(?p$JFbzlhH^orZ&PO<2#`^A;SC0
zQTSEH!KUkZ=bW47dZsF$drNB(=aw4IxJT&MQl;W+an(8Gqt_sGv&q3tu(eBre4cMB
z<*#8GLVr77X}BPo&(AMo!)NM|RU1#as2&Wm)R#aAem0!@mFO()<t1SG9prs1t4@5Z
zk(-m__oZ0NH($BCen3~Qb#pF!YjNVoBUV*Yqcb`lzvNU$ef!Sdlf6ckUF~(M>tQ!H
zSK+LdO6`sba?nsD{<vT~G542sPl8>b3mz54<eB4|9*vLYhe~3-WsR%z<`H+>b2N<g
z+BQO}K^Ko7vvr<`%oym>)Gh|r*X&^#!~42q-CVBtd~w4eRVQn+d67uul+TWwj=+$&
zc5TT)960S{mE8fg67%;$_40L?V67O#o#8t!8X~zYPjzmWa(y~pD$Rh`Rbb7nz!#zQ
z5t$-DsoW8o<O9RE^E#j83KV_(L7B=!_9<D&m_MJOUR8hizq)$H!Mvw)dtrB%N)C)U
zhl2#p!{o-eOwgubsJx+W(Vq1(&r)iP`}8tA9%KAN+3inx?Wdz;LpJn73bMpVCc_!u
z?POHuoYn^^*z31cQF10i;#7U#WDvjor5RADe1>_gr|u#V@_r3Oz(`9=V=;!#E}fW|
z04E4KYKnbuP&*FX^dHwsVivh29jMzZ7R(KZf?(guIsLD%rMH$Kv*!VKI~&NW2xmr8
zSN*LdfcH(D(LEg<ZZaF-=`VTtJ%^5+Wz#=Cfc=NN#eh+6iSj0();f0k?LtV~k%vAD
zjV=9~GG&D};r+UgAfHd_>Z(<x-g&w9Cmd%cWPa?_KeqTpwp}6NElFKLf5NxZb!}yE
zoXMJaPIbP*{QPV4l_GMwb?my8*y}zrkEunMsL+zk)6SOA%?y|`4sB$(GW_Yn-$iV;
z%Y;_Qtve5XCseP!yU*gwRP)(@T_p~H=?c@nIeXEL9FQP!_+pPc%;1#$nHwU{1JNky
z6ASrP!Wci3GOhJbUQN<ok?8CQ|1P!}($cYJ+T?soVWPY=vMkK}q@qM3Tiy70y}wg_
zV4&8B`7^uVv!(*=gp_87X3!9uthyJ|siT+>2Fx<gn0O6N8faQ<dCIx?X2|H#Cvm4A
zM?X%U84_y4FoX!SWE7s1gxv}iKhSVm+shR~SgpX6tRfvmlRR40!H15>cO8SMi!f``
z4uAhOeen(CJekW}@^}|~*P{Al)p}Q<aduBhk0W%KkvN`iGvM@Xwx(vTV4S)X9x-t!
zR1DfoMUi8~E0SMsBEpdYgQ6f5Ceq5qO^??2*Dm{d=Iq{z#43Y%J5-<<zlY&E*75iG
z-)A3df4r`aaNeH|S@{*3|CXchAp?a8{uuxKaFrcm4RCupm9=d<yDC^Eu9tetfm>&7
zY}p)`_^lJt?7rwRg~yQo!1hFUWZBMhA<?YyR}ElxqIa2WyKgc=r30Fq=FF)vl`!`J
z75EV&;}qOiDyxhJPJkR7-@f*q28Fvv;wb#gpO9)a*v*;wTve#`tH+!;aMGE)x+M{c
zR2n~l!FXFN;0Fxl=&_-~P@({m#a7Xg{>PbHd8LtS&gzcS*;6*Hs0er36Iu;wUSLW(
z4<T|m|02h?+3KAov@4$J#+zIFtd(+(oD$Rdk#l`P{fE~$EEwhxXJTwmO+>Ap$?&8y
zLBo_B<LOq$;Q-T8@+Xuw$hV)u22Qy;_dagD@*P#ra#Zol_Jc&a$%2U2Yhi~Vw}QnL
zmfdn`q=CU-BNsf3A(;Wo`}ZCn3yX_`?b33@Li>TyM6Dg0EyU8R?qgJ0`z}G-au*M&
znnkgOUBNDA+l}FWE7kslzrV!ATA}N;Z!h54EL4B%bs7Fe>e@4mz-?=WKMu@GwL128
zcbfy$NBEm2Fiu+oypj%0DauH5g~dCJ??1O_5xBrwAG4@^8EtsAcFFK~l@2*;kp|~^
zOH_M)cH;^!YS1nqr3A%(8C@04u{*x{xbO|1bVe4)=U5AtcNVc`&Sg97jSV!}VE3vk
z8r0@1;`Pp3tFty%(K1o8R$t;Sn|EV9P2=3?Ef0HDO8CPLGL_Iw6PRZ5C=+c}&{n6B
zY$=7M`y`Jd)GmRPL^*>bOHMQ3O~!DSw)cYv4b!M|5<Wa>6D#p$i=mSMAx183i&l-F
zynZM9xGY!%1kuILw7-PQ{$11NcFj!g*>5w={zQUfqK<%}_qV8b=$N*4Wv98){%y$E
zo6oxU0EO;DrFI9yXF^mrhK%n`HHp8!4bsGLLOTB0w-faJCfBKNs@dLhwjlI|7q8$B
za6eybuC6fr=6U1SF}X4SwAJ%Bcj9s$%PYEV=A|TE!*e@&)KJ@`Zu#M?lYd5*L2LTn
zr}Ify1ILRXPu=$&x-Ks1uB}q7lFRz!jrg;k=W78e7h`RyE?3ENDQrGi%<&nX+p6|`
zlgfEq&vP=o?4Uw>y#=sfFO#Gdtai3!I!HHfzG|qz?=sxrp}X2RE;#s`$?Cm<PubaM
z(8HsEl)Ofz{`gk<Or_|@_@0C2j1i07+muN)wn2<R8gefSy#L0=#-@`yO1kmvh0z*!
zV+%t11%Ktn8*`4L7)%UzQDp5Q4FS;yufeQ3_u*%%vv-3=yoWTUO|g(4b`H9R&39dJ
z>itTR;;Dlu))vE6+IVJ-K0o~k_S;Bt9`J62HuCwh(sXCtD+`xh){Y)fS|pG*BSyBi
zD6b0G<ikq(F@#>8Y|DiGv%Ee$sR1Obx8$_0`1lDB!mc|HCvSCwCj`qhtJc3xy@jsm
zGDs4;7Z^dS?LV)=sP%`cj=xZI%C8&qb0<62@(xySKlU>yU4+6)VTPNPnCt^%LlB4n
zlHw$P?G3_Pbv3-5;&h<1dzw!2*Mk%D)eQ$|&QxWS7-00gy|$0%k9!BUEN*juV^G^P
z%&S+IGPhJ6<Va8+&T=DHm&W&W1NN(UyuakTJ(5JXUtXU~4WVz@Hav}i?HpsvMzaVQ
z1G9!3DiQhC>ufjdwIa<G-I^wv1ckckAZG>J<!E5<#FUqKuc(T0`s^FUJ*|OwnR*6m
z$wkgbDwrWpSJ?C(%Mxtqe?VUAxu98<Og453=V4=&5zh*J?m>kf=C&Y-K8099zoy}Y
znB~g49`G?+Hft1kTB$W11y`92XaWMd`{?>nv(F6_0`d)G1ByOs>UY-85m3|>of#o|
z{h#G60cCC|T=7KiHng^3a)(Cm5sV@LX2Va@PPFMn_&*4Pa@R2WMV7fFPMf_q!dNzu
zGx#kk3qIyU6G~Y_WJ)DNAg5SO{AIf0)Rkcj>?mqDs!UxTX=Kt?=8+5KEp2qLG@D8)
zD=CvtT%YFWqlGX)706=_i+^F5*PJ(<m=CZ<ZBUzQewUOYdlDL^v9@W>0m#kqGYwG{
zZi<wCGUXMKR6{9x{sBI!I+Z~R0B`@IG=A(&4`xBB<xSJGx?P)S&QDfF7%Hcm&N9y0
zkUUF%>>$^CY~7qqG98Q55;gt_&`d~r23NaQ#G=2sk0W&+1gLU0`K1;umz$(!Y3S^<
z>9qd@EYMb)giw?gF7)Mx#|H5F6~R#Gfqt%LYIJz^0Tcb~PuFVn6ioU|IoeI1CFkU6
zyT_qUgLs#t#YiyFhh$8Pu>v!1zWi!s?p)!p-Dr!7iZZG>d=cbHw=9K%H|i3O*1UWk
zNu+1i)BV6;&68cC3ldM1!?S`M!^UU2y}Q6HFR)d1vuU0{1@G8FFdek$fZ32Bx#&#(
zI<eVqBgx11oXb%zuNavc&dvAz^er_MEsBz6XyM?xpQnhhW}1|05I4-5Y>E=nnMt)W
zN_W{wg}iVdJ=Ko=VfV>;Wq@TZ5{VoH{?#<aTauQiUwSpWeicV~Zf3+lBK#ii^`&C&
zoebJ<@g~$z<^dJfMpo~%KRTp)Z`_<kx#|NIP}(pI^b`nJGn^v;ndi_7qwnB$7wP%i
z&(WCTc5j>5{uP7KB+Tr{Q04H>DRh!Ovp<bj!s8txHyV*^#Dmo2zm7*`%UQlgYgEB!
zy*!|K*pw)17?joU?sDxQv!4$P*@*)%eKQRWlSOYy$`g8h)jJzPVQhL2!udZg+Q7g%
zjtm6>EJrY$8u1NB1lc7=Q(IZt$*<8j#{hYKPKN+04OKR;pC!*^a^V|`Y(y&o{z%eU
zC8)7@;_6>B9x+fVQ|{wUsRgI7XL?aHja#S%*0{ED=oMOg5)aZPO%fs>A3c&3Iy|qa
z&vk=)n)J42yLNc7*<R)mhR17-^Y3c{Wt9936P=FyM}NZ!X;z}EvR8Zdk4!}MxQ`MZ
zG!xzISGhjg`=|l7@N2A=qpW9=l_JjP%Sbv7GO;HcJ`30kGgloW>*)~*bZ~f9%wE9%
z^{<|4m!m(>#EW+UG8}W>?#7<-gq4?7W8_rK63myN_y+i4>E3dXKVz)}w)M!|($rmF
zQ$x=EnN_&BxEwmV6+=plSQIdnj0a*soWHSv^69(3%N%Z<lH9ny%jL=RAon~5`J~${
zfI{4C+$O<hr!G&wwHmZUSM#c$eG={#gA7u)Rt+L`#SIDv5Ty=sH<SBR2TU2yjpllm
zwzhDrqmlM=&?y8Cwze0qd)AwWmhHW1yS)qL5VeD`4l-&DTl+=r)=M*O)%}<jv;4ZS
zUWDIV`pbe@y^kL?0x?!94O=Sr+KgJq)8$>qtJ&i!f>KEOjj1EuD02bH#rhlh+d*tp
z0Q554Z)xzf)3x?;S$Ar*8=r?X-44=azK6vjl;T6_26JHvGw6DaCOLh3FuEU4<Q4j?
zqtcYLw-Rh^c+0^tmtOGqjC<4M-mfCydgOdVbk4%;Ijqp=1b%&Vf}g97(~A?O;QHHy
zloE7Ip#yd)Y;BH88DG%uRtMWUd3Qztli`(A>Q@C>KX+t40x?qpDCd-8nAsa){j<PD
z(&F|xCaU3E>SkTWq;_fcg0qTqJhR2~^TZoDrP@fn>RQSc*UZQrR4Qk}N1CtjVmE>N
zj;hBi5W3_VSQ?nST(d9g7T}^Y^}nL@`MHf97lc)7Ma5ZB*}83*R(NE@$Y}P8yla~7
z-6o)WW+N0lm4>uTcWd>HcgL|${P$x7v3ug`R2(+z+#km;C-1dV6Fm;dqj;O0Z@w*i
zaOUrAQm_dy=)J(#gWf>~!P2Wrf$LjHZ}+HpDl{XjG(bs!`bECKjlVR83biwC5^H>E
z6WNw5F=9!=GAnJbYaHAEO|b~jHz88gJ}f!i=K)$^H2HUisefMY(C0%Ofv%mLP;0SW
z#Jn}o@$}2N_kN8JY`={rJP2!0Ns$Tr%evQknaAr!E}nnAsI0h~ejwFbdC0fVABI&c
z?s34A90*82Qo|EZxt!7MXH<~Mp-j)f?My;m$bjF(#E(Qr(mBIYY|-<;hZkH%@ujf^
zPD2F^QSJFYu{D=d&8~>%SNYj{xzVQ^pQPeBgv>Lo>HP<-T$H?iw!`1zXjqY<S+T#L
zBbo>wr%%_^(@pp7uC*bUVpG!)0F`E#V}rS@<_sIB3JUEto=*-DVV%qtLRB0)_I0Mh
zQrj=jiK_Bd2@8Ecc=%$h#myAa3pTWj1Gsw)Y{HRX8!6Zc@Bxu^NlCrD^4R|55u%-K
zXFR{`Z7ojB(3&`q0xBA_bQ*ag8g1;$6Dp>e-KYug7`lD-cFPL4N+EdE?$Ip{zvBtd
z?N%C7Rel4GgauGD3&FqFt9_u<9jk4=&Z%wkY@6%zzZdBXAfF%Te>5G<L>n4Q{*bp6
z#vYX_w)rGlbN9ymVI#`=bKFdPgN>nEl?d0H6uiy%quWoQ?hqWWIn+2l#bqy1^wb(-
z0FuKBIx0KPLBu4%E{Ey%fqTY+!qI_BQI*Qefae#5hFh}w4&b54dl-mm(Ei7Ym8W|+
zUx6he$;_o!{3Ib4!Emr(eiF9Y+ZI(45>hFwd7Tb8CW)7t^ivt7efFE|Hp<$@K^pB2
zV%D5*b#=}f>3Tey`Iu74V12U*K)V`U$Q{Ewx<}Z*Sbl2OPjUS%qq~=VLLMBfuOxwm
zAM?fXxafV2xpVFIt)u4S#99fr_KvX`uWUV`qCkbV6z6tNaW?wT(ybizjdD7tfbHZ7
z)R%ZhU6#JKD7$OiljRNvn!`JX)$wnwD_JXtg6jkWT!px!H;z+sHVy9pRLWJPSvc|H
z&&~Ks(xsW;wx%fo<;(%X5s@@CGN-K9$c@>~P3M8=Rv|~c*C>S#)MqvQPP6%b?s~72
z#k1sBSerXA`P&n>YnB?$Ju_Sy%z&aapH2C_@zC{=wW^&TemIV6Cq>Y*P@4$)H{r5;
z+c1O%-F?T^^QdfcJK7+O91rX~BT|{DZ3#5C3+rvU+`v_B<(VdSx<)C^@F~QrWl3u^
ziDTb;t8Hh0;q3HUqU%m1cQt6$*{s*kQCm5)&>Q_`2aVNwyUk}%x^*lS7UNZ4;Z?&_
zmc{$^G2njnWH#$DluvHn|3a}Y{=z0!nB;qRmNqVNK=t@16oF(sctt^r9${}B*gMFZ
zt7_YgDmIpmy1i|{zJq43e|7VXvDrWjf`OWO<m;8O&{bjyPFcPhvYF{$<4U|CnfN&@
zi`|>@sW!~r_h-+k=F$&oS(=yTRPPq8=1@In3Xy^`y)CGqy)XPAozdZp%hkkm-Pg5{
zkLoqn?gc8dSz}u*wiCFUsMpzC7AE5rr?xTHPCbs3)|=?(*|?>i>&=l*PsUaHJU4JR
z$eoT7)Avx%U(<9LWWV~SwP+O+f6q<)E=2m7vQRZK7s`xhjFI|@f^~@8O&goC$Sg58
z%`n`dro=+p-Yuiip9Ts5=v(+{Ob(pl8W)VKXr>pQFj?ba!udi}bBF;ufWL%aW>D?i
z?4|ZgF_cZ6DqJncoCh?n6<Tc(kU;bfJ)^+l-a6N0Z~SZ1t1&N{?{rKhDvJlC1rogc
zTW0Ix;^JRj^}fpmXS*Ku4pD$rz+Ew#eXO71!&B@&U#h0?`YUq`#<ysa_buOXlIJJ}
z`aYA_5d$3Lz@B-48xu-FKNTkOx#g6n7|QeM221!krz9@1t|(av3<GcL?HPxdY|2mR
z{y6pf>L0%JyHE?%zrdJJ@H|%A^8<CcjZa$SkuBC=0Ch}l-scS=4aAk`YC<Mr>?CE_
z$z=P$0wtZypL|I;IO7+eSq9NbP`C==c%4&9B`^c=78?xKE-g)-cc1%r*k-Bs141+P
z>dQ|HF$S0{%Ck6g`Wr-g$wPbbFw&Evtk;}$!j&+Gl*h!?9aYu?<sF=z^>p&}H&j(<
zKXPn_zy5Jjrd9h=Y>e7GW2+<TE6K*>6#;|~F0ixUvS<A?yr!&3TZ)&hL><O1vSl<;
z!@6zYEb15obZ+L$^Kfoj`R*NqNrV(^+}zmswwIixRe#tJLu|i?BZb6Y%SJ@$Bl2>5
zK6P;uK>B&NLY6aJ8u9$w{B&ws8h-T0P>9G<F~T|g-$|5LiZF82d(NVZ`_`KW0bnaa
zs|~Bo1>+!L&Ft<f^S9$<974Zh7DU_kopm;WEw>FkY9HX=K7`UKZHPlW>s5t$6GP+&
zSe&%xW4JL^#}h}U3e$p}<sevD9qz)O4zjhkxxed^onkQPgaQ^9j^@N(N2hfit$R;d
zf9z+}?*PT2+I}2q^N+X&nvQA(`1=+=B-64988bGU9h9=_i`)o2U02jYO0)wF6YK@5
zIV%NGuaMwCm4eo5A4F4xeS4ZI1}B@RLZ<W5DmEKFxmJb@;K+mkC1vWq<fwDmoLtUU
zRe_ek8PCXhm<A??It+w1<MP7@>Pqpe-+^^pY1zmW*;j>8X>}#eQa^YLmS9SQ{A6JU
zwh?rQlodJ&PKtf0CP(kX+}0(I;ap})kTZ;VuRHSa^#IRb)0_*QSQ4kZ+xnm!qm!j-
zvC$KnL>zE15xA$<i8>{l|5k_lDQ=b}C(T`jYUiwR(Wds!@BI9nz}rVkN(xTX?SYY6
z$KxK-=W%7b^J4(6>ZRx9*B^c&8O?d2)^qOBBt|hKlaP;`UgRM&xNi^IXIljG^^jwr
zf`nlt(-Zt|a~JD;Jy{|MVoU~2<mo86*sbwI0d|F_GtP%Gjcv}YC@Fp2wo)mWQbJX%
zxQNtfQ>>cc1P(}9q^{X72-0bppz9u-R+;v0;oyOcSrS$798X0X{jIg9%prM^SZ$D1
zCrmMm*t1r>eVxY}WF8C>CA<s#fyTL=OgM>rn9RmndMFmhBtS@Jfk&yu;gg52l#A7)
zu&;9OmT9_CiJ#y3C-K~PGzWB!16ga{nN<X-rivuIuGe=O#<zXJM;#!~dy9E==#J&4
zBGm;Eo-3-qcv96?4ID0$T*DYVG~G)%AC&l_{$Of7x}OD<FQXl%6)B*taj$;bPwy5?
z@`8Xc{P?@rxZ%7hc6N4l4Hp8@{Ni<z_5K==rPJzkq@0*g(~G=X=5Gn38F6Ks#csGG
zbOu{yeTC_;u0ip*?`Mo}NF<UAn`kWFr}xKjnF9!Wf0Rq&y|bt=@wzKdt$)9``f(RL
z!)D`i+i+9$zIqz(?KWWg;IsR;TirF$Uo(|HP<R&p=9U!6k3RC9+Tv#qni49rN8T^2
zh||x(>QT13WxcA5KdYxERYMG{hWkuE$+72FX(zN@AD8Pg87m`oFW4Xei4q7kYB|ek
zR?(6|yo0Arb21VtN{Ef0oxVajU|#zvm!4-imO&V(KPBLiX3h0WG@StPjNfD3DCsN!
z1;v&_UY6v_k6{(|-Qu;Esrdy8{?~2~7>gtlc!Lo=qBT`WK*qlv@KzMV3uT{qN1Yyj
z34E1SxhSdhu7d?9DkZrDJev(~=IWTcg5Osth1zaMtU7%9KlCmmFJ3Q;I$ckPi_j9G
zXwAn`$YhHtS=7p;MW5rU<;(7@LJQu-QPh;G*vf$y<TQ)Sl3Nr<(M$|P*FLh-Fio<v
zdr;?Li)*0%!ky`npjN35l&QG#PsBoU$G>4qY+D}#T5ULg%ak|(-->=XYhBLW#R?~n
z;@^ej@yJ0*m&ek*4!+JTrHwD}a&#z5;ta4$ab4S&VySDTAnjv!9@(!iIrkldo5aU5
z>UL6|58Owbqf&p3VJQfpjit2fTFtVzi%c}sMK!!$4f>a)pK*2UB^rryVT~7Yn6K8r
z!0m^KVYPc|=V7g=ccJ`2>Ot)<?xz}j!|XW4jVrpE4D)1X2x>1oGH;4ow@nduDP+3;
zVx}5b$HF7Xwk}6y?B?7v(WKd7$9uVV{_OamLvf?dEayJMBJ_SKd$`K?^Jhz!Q(SjJ
zErs7ZY5_(wJysx3ZZmb*-{9u~owvu~Sr7~3Vr>S?_4&&*cKw=)m&838ZP{sws_x^}
zq|f~FG6EzKL`+Y0w}>F$45dE7?<_yOVg0+GE7t^LlXD%fDOl?7bBQcf20GFjR!ffV
z_ctD#c{in?0wKvIJ~ab-I=ttztud5yO#)S<ucOb9nEa|@#C}P3Q+7-UpUL^c#9zWh
zS7)Hg&t$#;z~vM_Wb|}1gC&X0!}Bk7fOEy<;fV_-fYO`_w(JXo<EZX+bBl(%%u_L8
z;@i3CT=lxm4t0bNFS;KdjHLL*rXr=}HxQjm&yzXcE>FUb9Q{({Y>fO)dju^(eaSVQ
z#bd6B8~nlE5Xa-eG#e(B#oakE;^Ye3Si#~nbn5$htmN5sXDx5FfCY=WToaTO6F{#L
zCz9Pv4;7yD@b>{7VDEGvp;mB~eb3az;fXHNYTAWuK&nF<POm!5yE2!iP5}R8mm-!y
ze^}x*KedAZH~e>&p(^njP0zPG?&1V|C|1k{2EwzD8>jBLFcRMt!*g3=p8b3xd<#(#
zU;M=`2SHq+(XNPR7x<SZ=*H)3`_>ZSy8zd~j9uf>U{$d&aj{Q%9KLe#maZT}`4VQG
z=HjZUvqeO}3n;|OF+h+SnQ*ozF{y^5JG6#zwT5t!gNPn#kq5L#22AJjde6r-x--&5
z{yFsbciOYAL7-{xLlDW7Ip#}kkURC^$MP#(Magpnbm_j0FzHR2pBBtw6xse)Qknhq
zsOxhI4&`h*BLn{*Bn%;&sv2LSza)xIm0Zd(%uYp5VKH3)4n3;7;dszKq=_~3_wUtw
zG&~KtEC_!ag0J!ZeN+Lim`>eY%T6-uJz8SkCIn<JHu}RqrN))a#C=>2Q{;;_2)|$M
zwHRpf`RqkXlxAx~GOoDZQ7sy^vD$o*<0GVBO<rlgk2uXD;k|!tPq&}0)$jcRC=49O
zfI;J`a$8(!XJr$7=_c}aefFl)!RV40jhgT*7k{O$5zTv-L4r}O6v0QQn4VWZ)=@(Y
zSTV4|!GK;`i4;rbYKT-0>=0FtKASS{Mq159$@GoX;jxRwlK~B|)E#jXK(r*1i_<Kp
zb?EP<E0F<)ctnC1M~<cQ8xMW*&_gcR*w+_+oEbl<u}LqLppZslX8)E`P5NsA@r|)W
z8!8R@VNFR=jq^2z3#3b*OH!1lkhEOiN&XeEni6~zZsKC1nZpvW1W&##MGABfL4`9o
zSqc-LkHuTA)VlZZa976wym;FhJh6T*@{^L1aaULgQqBouF%OsDyKodv5)d(3h@d5T
z>dMjo_A;x_cW@go_$=ZUuH8?0`OS7E-(E-V%vVs40o+$py)A&_gyY^S+`q_SV7U45
zdsrUtxeKp>D|j}4`MqyEwAxs%uJ%Nh8zR!}A{vM2E^)_2ZCktByIIhJd^RGyjJhL8
zR!TG|Sj7(MuE=m50;!h<rx&#61=7D`-gcGbJ=yPQ`Y0^GVouc74otrBoTc-Nkyk>^
z<>vSts}?FwhWrxIWPmGSm>eNzuwpt(lWH~$@*KR<rM_*O8kMwRvUBXXDTqE*zL$yp
z<H;Ck3zS7`(2(FcNYN#5u%T2ydG@85`OfQwj^v9-Eej!C1laUd?WulW8;p)|Q0uL$
zSi&^-0)B`NmeuSGy3p2#`DtB73U1Oo=bnalMN^Q}MbnaxMi9xi46zPhX|vRib@>w_
z6s_rM-}RI!$lGY8ItIxK!S`?_^J#}2AB(@Guo%7`2s-<}wp%XaZC$jzEfi%sy(04i
zH)m!L8|T&QCco`9QK0aP7sjUWI_|@m|KT#9P_NBMgRJ3PkIs{5UxP9SxyX5pX&|y8
zDoS}i;QJ?@Y26|v+O`{hwOuKC91uGbdinK>wlC2^KG4*5KK;j_a{0^elAP|nc+%R+
zo013XyTs_TT!#gwDKK1HDdMb+Q9aD(U<lu0zuR}K5@dp3aKc;4n#NF^r<h{PM*A0R
z>NDE~00F7hEqSOeKYw;ljPRHxom1GYkD}8O?3LiRJ?@9?bX=WOLcI-8&ci(9CZv<e
zGKE0s9~U5ICi&0hL#XM01TfpMTBUu~U~l4&k={)Swo1EBv|RRS!lvPqPI=Y9e-%lA
zKGgzuefO|%Sf_&=5ua17zUF!SP0+l@Pt{LUF3{}o>=z>TxE?ObTD53x9`yeC=)7uc
z+x~V{lnJBI`H|huweD01?zoKjYAFBb<}T&z2p2hTB%kD&onf(Fy91c=8U@+FfdNWA
z()ElTY22t5S<?QyaNyx{m6d6p{IV`6pkra^On~`EwDE|CcM?CIRj|?Hgci=GRM`sX
zS>44%g@oSWF|-QjAhWy7VyO9eWCIFQ52R0KjH}zLj%!8b^14{UjKXUbpVxs+?16E}
zwCtHlB+__)zd-qR@2R2hMoRLqx_~-EI{MaFye;cngtF!+r8$p56{S&12ggmhw36GY
zisZEF`<2}CRqR`PW&cOqMx4L9q!5F9_sZX@WJ!=QAWFV5P5gU%;r^04hw)bgtC5A|
zDKVsaoOAeaH|?6c6z1V&aWKOU{8MHP=IJ!~<<N}d>gAW_Z-LMO2i+sXsPXxK&ty0!
z+g|nEzvp&*w*I^t#Terw9vw`fjGja%_G1md0m?fqLNkeYpK3@Q+v$Z^sXEyrgx$i$
z70WA>xKM_aWF&s<jE76^gvS3*Bn;|x3^Xd`O-)se9!p#xr^Tu)h2hL#n00by0$C<i
zqtaUA!jvnZD-7#imNa(=o+A7YUTm-GFcXLZcOA`>f0_nI@|I#?YDfo?qh1CqU%Zvk
z$N(Bsf++FMNL@1PI4$8!6lUR^jTTv#Qg;mq04!xS-gy@hVM9e13Ee@b)X2J%929o-
z;k5Xp{3{vRwm0Ij`b^0^s3%fmtF@!PCCx$>rIlpx{1{q#pRBqag3j>lqRjb-v3)hq
za|-sL6ve~>5V7&mQ|wp?;!GI=IlBy73ab9tB^V;a>kUa0S}XXUqm4#wIPJ94|Ftx-
zYB83#$d@(K{fBEv0!@u(BN1@~m+&V7!Dct6<?qrtseu3MwKs+)<zkqvC0e}F;on)w
zG;VU)P3s7n7ZSKi<9PyCXa3uhZ~O@juh0+!(Au}4K7f|l53Kl$Cl&$x9}E(ZJ`QdQ
zL7l2aM1#xGr@`S17bxpqsK1a`X#ZLI50?bv9@(Uz2@?ar?9F>D3g|vux8KI-gp8`8
z#NvMg=|YC?W$rKNsGib2wtD#T$Ge7_=0WRCbsVK+BwCDqoTittag7aJ>B7>qZ92>i
zzkYg+_IWkN@=oVDF3uzNx>dp|*3Iy`U#8A<CI6&4$6r}S2epF9SO#TFqNXGZux-Bs
zb8baY;GE6=c&`#mhpOvN*MLj=1@FwV8HFEFu)#_38V+X5NITJ9$B!ux1OTNz-?;D;
z>0XYf<!*`>4Zma!j6rqYRoF`Jxr=&uyc8tswYXmWy_w*@h~(bDb-C`5E-XgM?NQs(
zhGk?!B`lS@ijDT%ecXxG@S}rM_w%@D=WaCb2&N8d1nzxdZnIm|UA&;a`nU`cB6J*M
z4HAW9OX^qFLYQ(}!A{A`(VAr;{L>{zsX*+~Uyak`l1+Br{-B3dOlA-|tcG7|%2)vg
z10a+u%fqzOtQTOSrpf%dI&DpBthAaeYYtC10&P>!KH`|yL4_y`S0MzC$*$alUC9;!
zkU#4d^?h_l*v%)t?Ioz>w`E@b4QK8lVK+m3H62Y_2Q!1^#1U}Bt`O|V5X#^`{a_UT
zx$E7$Mj6D8$L7mMVS44&O_|4e^FdAsaVgY1qFl*84l(Ixtw`r(5HmQ3(6<73S~8Aa
zH%qtvcl0?G1x_w589ZmEAQ{h7W0IHW#m=bUuCOQY7eQu>y>?E2<7An-pFVD~KKdB0
zTo&=7!64?%q)-)915|lq^<@iqicK5-fuwXs@HTB%1DTn`v>NIX<6~SWp_E@T&o%GT
z^fjeB(Nqu8Dp`VTZ&0f7Z_}S{V_~1odSQK*pLgRG-us!obD+MZdtS$9C9tIc@Rx;K
zU<Zwm-0@%xV5n6JYf7Hz8=D|YL`eL}C^--1G$~0JyWvP8Xi{O>2GSFneL115gqt1u
z5V8qN`tZQ$XRaNo7QB%?1I_00jK>=!PIxM&GkHMq=f|UOQSpNa8hWH0*I}jjO&egg
zbss!~T~4H&ag{T$LHf-u3E!=t$LXw~=lvHFv}VjIP9YS8-s)A68Ql~Yb*nTz=ywS7
zVQ~_Xk%qZZ?dC6Iad0{8VuUve{9%I>wSxU3juK@k5R`Bg|Dm{~!YJ~l?g$CN4x|SC
z5ug~cS_fQYM(miHOM9Ed`KY=$1W95R#wfw(!^%n~yo5XG{Gvcv0uHHesXYiqa%?rf
zjzG;%_7b&?h!qFZ(Hk3j^=2w67$&M;ARslke^T{f<>XASDI%AC{sfut7u`X<iqmoG
zktiV&!x?Za^Mc?G!=d&GcMQm0Rz-JpfPCZ;;<=e7)Si!S^AiYe6hIMt%r4ho76E4-
ze?=X^rNPNETA&!#aCzJVX{Kk)Gu`$bCj~;<1_>SI@Lxvt-_g&IDA5hNkqI4!$iDl4
zIYl6tlXSq^oSwFSyIV9Kk;E4lLCDi`A)=jCq9<*|B$XZb3>`11?0qDw-vgwX^}H+7
zU-$WV%jwHyQ`2+XOJp}2^F=>EC}``NhR7HL6Pm71d&#4u3@kd~36OJ3GX=8tE4UWL
zGzAsj-=22k!H8zvnoLO_HUM}9MkBY}m8gG86`1;x3Ag_g?DIc(2Xn?U0(7Wa21wb|
zLuLXy5$wS(zJ{_tS}PGNh05C#RWh7rq>rY)Gv<JcUO%TGgOLgQ^gOTnajg_bpp;~j
zbzM?9iWJFkNpb5mu?)AmZUZ3%;<`iR3aFd@hS9UsvmO|kkkN#g@F9jUs+-9vpv*@(
z`bL=W(Btu6ch&o*nuFVE*qVM$lSgFhza48dap3VgMfJesI^<hKeHqlbdOoQd%?ytE
z>M@$_UisNzJ}4Z<%0JP5Tbb91Dq$UZ9BD7RG)C)d48)&LUMRJMUWa~%Aye5j@EIe%
z!y%PXr-#%IUWyXca)z;2aze}y#`v(DJ~vZ@*BzYwrJJlvioUFj)R=QTg|H>%pAHG*
z%YhR0ff?4n*6gL40pvwn9M}cm|E_Uu_XO_&;jYAmNRbFmEJwsC7&(6KMG-=DBO+@}
zIF(Ke35Z69gWRKtWYEuqHf4_h-=5W&aEpHY3H$W0>C-tE4NK@WC8F89GiJIsL?3r}
zbkrS(UD(yIs8^=S2`P6agAXMau9@%i7b8n?`_r#=XB>RA@es*AV7kqW(Y?5oC?JnL
zyTybE`3wS#j?Gr`Luty=%L-??=(<TL`z&agcPBT4FOA$FZYhiB-V9ztplp(xJ^bA7
zw!zyZ9`G5k9^@ANaapm5TcWE;GNM;dU@GiRFyJ44ra<8BivD)}J;QRPymkQf^z<~4
z<&;q3h|bq0_&711pf*p56tVQc64DhvJYryAp#6SD_MEA0C-w66W>P9LN4wfT7J#F9
zG86_yI%E<;;>`n#AH{Dm^R=XesxOD^Fd0U8=9YdDvG{kz(=gkV(=~w(0lwx+fJ)7Z
zfAn-&Jr=G@oP-Lk1rm5AzT1PdD#rbcjWQebh<td>OBZKni6Xy8I1ba|jv#r1r4SVT
za1k^sjY<MdOJ=BCAWF{%2yFW-H7u;4z(_Xz{`j1rtX~P3`E7i=Z|r0&8WM?-_5LkV
zXc)%n3|`gVqm?hjM)DOIMpLOpnlI8u+HJ?BWd<TWf%w{4wqJN+c7bvyCmm0!ZtkVl
zxMIl^Cj_+~Td#|Qhu$bBZh??t5<zR=UGIqev^@=h{)DXkEHVhK@Y!Ov(9nzJnjZ8E
z;b}+6$rfJ{^jgE^f*P6$*Ve$fMSFz=f%vVNfyjjm66`(@uCE6M<S_b4SmA#u>>iOl
zFEHNClao^pl~`PMnw8&cN9DMm*U*nl#5W}ly@hOSfS?Y*(<es0`I2;xYS5AA={AWn
z*uI};MMDeV;z>HyJJM~OhAxj+)D6Ivz6Q;L>EM~UIVbQO&|1qwj0bM`&!?Nf)Q1D5
z;7J|&-oXU;PT-sGatNJhr+-9WBD)0T!W`s+@^z@;lKKy_NgZS)ox-*mOe=hzCP|Y|
z$)wo#=h@ml5O@pNgsMEgU?(LVfze0;?d7cDV^TjdpMcg7O<&qRjX}3RjB;@Xy`6-^
ztc{|8W6w0QPIi3}<kD1=3%petLNbF^Zhly)CjV3<YnmcvOb16`fKdk@c*p($)+gk=
zVCNC{jo+pV)e|9$Y11-#cjAjYH;^p=4N8-`0-=1CmOpi+1ls$W4ISKE!bLufXr{1b
zdzM#C$Czi>!*XcGzi)oLk;JWo<q%+xLiJqs35xC-8P4r@mIU=Zbpl_dz+PSZeynOi
zG|%^^gS~7h#dp(WUD!R1&S$lZ2-UwP+S=N?g2%eQ)`RNeo|T}g*_d|0*t?n`tQj1Q
z{lv?8D>I$Ag%u1q)OeegB6+Kc_CjRzx9UTLDrocIb8AX|nWnBu=<_E!>U?OwQ2W6Y
zzygHRlpUrBHUu=IA5C?cc7SyiGU*0OemCLzuTc09ZzRw~wMk4(TTl_%GOHR;T!(AT
zjw0Xa#@PQ^DZ-6nzi{4{>A!sjTeh}aFad7vc`j+hE>ZsPVkFO~>Pm`6X5iV*^nSK@
z^6biX-|vy+PhteXvTI~=rR}e7zH=q?P6UECBq|2m@?la9b(q9jvuv7MLSB(Sp4Y?5
zPg7zj!%?4Zq-&+I{2to(j5qrhjzOI7tC3j+RiUGUlc6;fy<@jbMg2$a{omi49$?{G
zwm_>ktsVM8v;P9%6i5nU`Tzo(CXt{`e(=*Dr<|bD4EqaJT_cRX7j?#bw!<@D7$;r%
zN$Fsl+s$t2C3w~(NMy1q{vpa!u2m4d_%S_L;7AK>ZIJQ83b3~F&WLzuSsn_ea-+&f
z{Ir6zd5MxX4{;7Qc8mzLr_SGF`~5?)4+lq?I}w8i<XRW?Jczt*r>$Civ`tCF(`eEt
z3vFFpcFZ3)ocqLyX1tqH&$LQ5hID+Eid}mC4`MFGp^(;$RQX|ak~*B$w8Hiz&qV)*
zhw_xhnYwUo&;H-|9}O07wvAxoo^y5nb`wgMT?EA~TJ}FIudxZ4wdGUDk#-yx(8}l#
ztnoQ7l<NDRF^9PAPCg0<l%CH|j14OtUflnO;{T(^{m18kSH@d%%i@c#uo@q*P0}P(
z@|#Eh(c?_vN~>zm&kPEMP7Nf{?kYH4+3L<7NUKr(Z#Xan3nQSyi(J$IM`0UZ3<VY8
z{|*M)|5r1@*Gr}*&ylgXZxsxdH2)*LYsk7@HfE+Z#`3MLwX-d9&AkJ{-@8=s!1V9G
zk0dTo^NX88nx_hj;V5?#Pt-$iQ0SN@2I#-zg?u~3&MvpShFM;qN}U4&G`<m5{?~Q$
zw>aC9tvt1w@i7VSX3|t<btU5IK;U*!=|4y2`V^X-TDm<OZA{mr9_@ECsr}$HE%(3i
z`Yvl}FU^3=Rtoj+LLXJ~YG`*a0JBLv2mh7?_=9T^Gd+el9%UK;Jn?q_LBbR7^Pj_V
zNMaVkh-rHh1$~<3k|z*63%sG%tyw`Vdb6|suPX_NimDLL9-1#Qzsq0&NI#n0x-9s&
zQ2!m)zS?m7YXy9IByeeg)H3(jJ8q#frR4w4sK!rN!M835Y$qCCYs1)>oc+{}^q+IB
z@yjkwlU{*R;8*tLDmdQlx5E3+vmbbvG^LeI7S@2Vg)Q@RIoo`QF~tto|0$See61^r
z`B<wM*{Uiuaeth`_oCNOo_=pK?ftAu{Qs}%srev_PVW$|<U(yN=#S&tHv!XqK!-)z
z?YZ+Z8`SD0z8d!bej8}&5w(N<ZE$oc3fch~DbGZUoF%W85$eerbCfW?p=jjW|L}c;
z^raO?ok3`T$Jm0)&lFR77qRVNKdoF<y}aa9#bk>;hX4KYb2aCBS>fhjgfUv6()5Ez
zcmdNFE|94tEYNCp%+;7J6`_z<()51|RK&M}ag<B$`TjSmA#PIFf~k>JZ>aoY7`RRI
zfB=a){Cld@e=qS@!?cc2S+rQE9L-atR|mp=SOG1nK(ze`prcpeFzC!-ZeB&FgzbME
zJgHnAVYmY>c7Q{TD#Ir~6i}hH9lssoY(w4M50D<b(r12SpOTUPQueI=G|8>dohU$}
z!45LfS=3iI%*C*b=av=(H(NQ>Pr6`hLnS4-jYjH!){G>sktW=V4B^NAjj#qkDG2#F
zw-{5(-~@irEHx>>N6R+iz^z9AkiMMb)uxv|{VA=*;opo$TJ}JEmKjdL1yrl}(5GZz
z%)#ffgywaHcF*?YZf^Hne=Rgv4`kM^*#zjACh!H};A!<brtxpK{n!K84#}s&bT;jB
z;;kuOzC0%h2u(7-L}Cm^X7R2&9jgX{?*;s#gyB9f%mP}j*4~c;%AM_iM@25J)T4#R
z=H_7!lg1Ukx>T)MY!SgMjhSbW97RQCYrhRG88;lCY3VMNuoCG>dpZ#x6#S{=1&u*`
z>7Ee<f$nNxcn9xsjIDNc#SwjebJ8SC&^gOF*IHaGJL4+oujfOLeu?J^Ql4K$vcOYc
zyZ+lu9F9IiV9wAUih$YcJBfhs*kj6c8`8&Tu!wA6Rk(4}(R$l&)ty9_(mm0V2b|0j
zTxfa$m&WIpPm<@kFgXBK1n5R)VS67eR8RUss+g%WbYVu6)UrZP(1?nijkwZ1mP@-B
zh22?j+`sE`Vy&=e?|(%6wNb3swFM+$K__Xff@_COCws}6o$neq-Zv-8C92r=v{AC6
zyJ`Ig6H)1DNOguutb2-%e>)^+&2kM3k9JijA|Y@w`i<<t_&4||Y-{uVz7b3(S7|ql
zfX=RV25no<KyXA(Q|~Vq;H+-kxS1L(5)!D$_O#_=q=Vn1uchN-neO_4+vo8xSm3a3
zumJ{az3~l<yVAIWDEz8U9XJkl3(G&Vnx|z9QOlScX}n3kL6VA~K)<yQen($O(V`Bh
z0GI8SibnU!xRD;jKzPlOOvQY=+!aI~r^hfFL%<Uhf|!b|j$J_2>-n#s`7%+o5YfjP
zn($(VPw+1hlR-NJWhOlih>gQzQ8kVHvuQ8V(B0Z_uFwC%iMuKvuStOiCue8cGhttl
z(4`+rhU?$otG1m2nmQKTP-~5J&*vxL_W*Oaz-un=k6j;djr*9)KC20Azm2|R0>g>*
ziChK+liF~s_d0y8C2I;T!dE8soZoi3>FHiw>|(eNLW~tkSSbK?cL1{O*#r$rLkyT5
zlxWr-2;#yy@xENlw1S~)hHb52D}*K%E|z%q)!viIJ7O@CY_+y;u1u-Oi7H!%W87`T
zcNe0qCrDrGSB)mG&*kV?w$Y{oUi!FhAY`xzh(++Dm&B$0%AG-6oWvR9=MH=zqfwIs
zVb*0ywKH%f09`Yx^#kRUNT|ZU;S0l}dZi9RrZ?C~blwI|ikvs)6%|SKcjH=G3xMrD
z$Y3EBxIteO)^d_g`^&vggwLCR;R#JxMD=YAUh2&O2gT#{C^J|Eu#f7S+!D~qc=gfR
z@)|E-`2pvEjiupZbhj5C$%W<pl4AU$#b(AFaJKRkm}_>@kZa^G-#^zzWhpZ))J~d4
z3}Op14U4K>-(GbF6+40{$5wEIe70R5dP=og<pU}>XuxQE^+y$vI~DJsH8QfIU~^=Y
zg6B7WaWR>(^(M7IU1(%(S2Y9p;2MI?-S?NxJFXKell4A(Wo1@|mq3x@N?k7Zm{ITx
zKD&0Bj-i4iUp$<jnCDNWj1`f<4F*5oz)qY3BU1oiHBm#)4IH_f)-9|2;Dxz&($)Qg
zuO1N<h5RYDOj*m=)lloGsw&~!`?)_;*F^-?gu$yEnCq}P`3t{J-s=)9e7cF1BIZ5F
zaC|@Td6ycH$v?7c@Kz78{-`^x{UtV!PI|g2$Jc4ba0<S|c7wQC-5B<N^SIJRk;-vZ
zRLD1YEZT%p?=-vt?K$h5`%h)eC`2M7O=48@i*Y&0p)AmT_2(`h>Q0+ulmD^=?V6r3
zO$V-gip_)g4SpH*!uSt3fg5uvL$a>YsL;~w)*Zp)PsnoM>@E9eBq^Td`$emeicxy?
zw)glfrjES@noBI{I<-HK#aLji3BSGa&Hbtk|GnQDeqrXo#XW7w{v|l)<^|4wfH4-5
zcW_eiIyM?H%?jLq%PB6O`AsVb4{TWK0IRmZsxv*iZ@6CjW2tnxR8xSk_gByD9EpO?
z_H$-y<}@W<OAqIw_>Jh|ga8Re#4v$qVnN6Ewj#ls)Jb72ef{XqIW)mC1HOn;-$Y3u
zD`QvTlrVkD&t{57zo<U0Z*PsQWkvF<s4F!Xp8?;#R9&&G#$T_;`jl=WZ9|L-EDn!G
zUF#5fbLy-DRT_Z0B7Nv`OVaUW16AL}4YB&JDUrYU`HsS@qcBwg6o+g9iwy^T1`Pt0
z6Igdld(@h0lM9jTLQJ*@L(c{vWJWYCo5O)5xYA&JRe4%Vqpp0{of#6wkGBdJ%$uFd
z+mt_ID68OiFo{7d%dOjfK>Ikqy<EKBhzNab0(TyZe<Ge(V$o|<zRnd1f^R5qC*Xu8
z-^c4s=lfmNi(tD$ywO6rmRJdX;XRleL<~T0{vmKTH-dD7-=*-b#d8-mu_-WLSDuH-
ze!8UKrtw+vd}S@hxeu(`@>wzrk<Z{k>yXQ!Do)6w@#iJ}<mbtk4{N9PAaH@D291)C
z)md?%Pp3GmDPb1hBLZ4Y8EeF1P*dr0j-@afNJMs$D^C)+pc9D!<r``{1*F+5l9M2o
zvqX&qO#xBZoJAVv8?MiTmOYX=1Zzv*3ky`<>shkSyu9S<>zQw%tJ9F)<3cLT6gj6F
z;tj2PqIa>YS7Jokhnx{eIXMF+JT7`m%i{94&GGRE&N^P!CVk$gUd}f^_S1_9J->VZ
z6<2J$jBMg*E0eyxzxTH?6c{zA(fs%5AH}<$0ydq+hm08bI`5CCKXjvbUxIg#<oqZT
zg>P4Vd&&BG>|a0WTsI=q-`m$*TBB*+eutK)XwpPbWUlUAirC#z@V<^0dKy*`d}y8=
z)}$#AO!QL)tFx|Y)FRcokIPyw)cih~>C?K~I6wJuzioD?ww(uUSnYQ+uXAjEjQU^x
zR=XN$T>A5DctG-;i|@Mf#E42@#94<P!#dVm5s_epEw{*#{xxu%f#Nr;le`@du2E=A
zl+j*K%76}`WR5<3WE5##zU=E0=gT<^@8X3OcENe=RZ)NQ3r>Ri!|iR*UKhN`?Y_I)
zS5NWoFIe3u?SnH#t03}xBs*1X0i7h_m1Rz7`mm)^syM3E6*j=WP5UBa=jNM6XNK1V
zZzKSiGsBuYgRd(OmH%?#^8tWC@6r)`Ijvh=32vsi9AlsSw@oPs+$DTw@0$H5jq``O
zNKI|%X3hKklauU}4W1whRuSs3djT$LQrfL25MgI9I=Qxwlov^~3sohg#7t-1vC6hY
z0GGvSQsZOY<?>Is%j;V$%7^KEst>?z+t@l;aQZ2)XsfE@@hb5^pzU?%7vuWD0v0&p
zdd`1wugbug00foBEUVO~2Bo``DEqCzFy!xz$v~8D{VYma*5+cXtIW5A5S&Fq$j>qF
z8?hgL7!@hOef09)4Z)?&(0~^TbAPMm)YMvRee~Ote{i1A!Q;C7?TNXX8Oopc%<s|I
zVmd6I#~^Mn5K9!WRZ94cV@m92xX8+a=K<Fz`G*@P10H3?R7)sOEYLSz0d$A0|0>$6
z4&Zg}^#nx#Pp&U3?-gk<y+2+yQP%q;;ZoSme;DtuOtMd=aaw`%C}JM)#m~V6Hn@Br
z>a_QNj=sAmsdEO(eBZE+*hw9KBg{A^YrE|E0@nMHz#c);8uyieTfaPo9#ytkv1sth
z6k0k@7I4DDS1i1>=>3U1Z>voI2zgjOvHof}^O3!}{s>irjyOthB@q)S5kAW$s;fee
z6ky=?IxMH^UR_~v9lqk9`E6X<{lS91=b(!G>Y&N+?5)pxEut{@CA9vP=KL;iemy8;
z1Cc~?BgK9#DPkGtAhcrVr{@9-+udaSB0)+4G=>bDOc`;LU5g8-Vi@lh*Xg?|QCg)_
z45eWi11BUvd)|Q{!=lx#QCDpZbt>=w@$}VUQAJzdC`zYDmq>S)NQrcJcXxxdG?LN{
z(%mrR&?QJW0}Ne5NH=`Pd++-J^WQMfJo}up*Iw&aXdjL?^p5ii3bugzsU1bl2<iuH
zA{`f>6$O!0k(F+Nhxfw1c~v76$H)$_Ba|O7iCJO0?Z!i2x8~EsKMk4j=i7d7p|<91
z2TBO0)~M3CDgcZ(0mKEc9(<l&SSV?Pw{Azs;dt=jV|_x2w4F{c9Esi9<snz~{5!jA
z+H51}1xrz!2!uL4;>n*v3jM>K(~Dm@=BB3LL#n+U2A%^BAI5PsM47|!iR~vIC@*t{
z5khQ<WZzv7x!=4JD0tn3P;C0#H{s82o;XGlRm(Kur(AY~Ur;%-d(T+Yz7@mCnhpi|
z>bWkM)Z9v_v0NuVf>c%rJoZplJz1?=UGMs@>w^!!DB}(O#1U6mx|FYJp4HNsngZu*
z9d1tO6`|(Ygoes)bH`#!N{~eI{T!D$Ana^x0PMq>;CUUjV`E-^*#tA$+47Mk{8B8#
z+^{~d!3=nSK$jtiFKf$<)-(S1Gr6(Eyb7V=Mu4X#Fri;cV-JSL>I23z1#v><uhnD0
zmUDp`qSG#%S!P`??Q}>P=B|4h_d<bauYv0EZ(sc9V<`kojdxrK8S`M(?HKnXTySPX
zW%p-S6Pu_qL9JQNIsra^(`rsX-xX8RJnyy43zILMHv}KDE^*%!Wgm`1-uln*UR$-8
zbnQaPgig-l<h-~0a99L>9i%O_;$6+U5g?Gh+<duFpBVn|w`SUxdX7aeIyI6MQjlI%
z<}>&H7K3BP{SZzG3!L-*E`NnMc~q3%+hS*=f?WUd;>GRr8b#-AV%N)4)Bf1?oH0Ol
zY)swUSv`YCg`H?mn}nEDs)N2VE$Mu(TCG>-;SdDRa26G(WTkSOR@TN48QCt|Z7fvY
zJ((zRcllI-dS>S8&}3S9uzUal3GcC;_l=G?8Y+{y$YNjXa-ZMLYDwXnJKyJa=+j9w
zA*b3RTU%S3$Qtj8lUUho0L&j4tbYOwXv6Er4PWjxsnz+3T*g6(PVVvauO)AtdKm`H
zu)lk<6Hmr~{Ad^;ZOzR$mckE9mcRkzA1e9zn6~BR`C)G?lXeC!0c30H3)V8IrV4Aa
zwte1mt;*JkX})*M6wF%_^!4s*_9VU;mK=QX4Io%y=skXEIqk5jOR&M;f0Zqf6<cc0
zWSL>TFs_;r@(R;u!}~{-HM!pM{6`+}q{E2Cs2}56$64oE#YtRhO}+i7zrWXkPnYhU
z#c9?ZV=nS?E<LNyQ(TROqajBbILRH2SWX{f>_bGKi`lhBcFz3$d8GE;UI{mDgTh)9
z2TinM!QoByevij2&KO^OgpoRqF>$Y^9clWZAd9i(pU8Mscr2DWZjxv_h)Y&80O7X_
zS61+MJm14)WSss2P$Yne9ZaKNZ|(t=v&MIaaW6OE`3AV6NwxY5f`Cb`$D%PJp<JEQ
z#usXJ;p?TwwP-QMSUH!=ddhg_wpWjIIs55bg5F=qC@LMdan9e-8;kw3`StPkrZY7$
zSom&?-a&|NWZQjS1(aC9mj}BWZOmr!yFJjVqjp<gP3qX)*m<^tj#qbXTU>j|Ud0Ow
zP>_A=REy)livm^%XeaawWE_A&J+aVgfTOvybyI>35r3Z^0X-uY=S93nv6`r(dMq#i
z%&{mh&UQ+m(jBTxM$R4#?R_|Qea?RI$ntP(gJ~D5TcN$ILj0x_$#Y*U{H=YSg#~e5
z+PqElcm^{l7C+(PS$#svA7&*s@57ZX<`MM#o3&<dX~xM?*JS>Q<^@ecy^q5Rg$6>z
zDMupX6YtU6GkIS3SEf{s`_;zWfJ3$uY<SoMF#eB$tP>OCv630}f0yb!i*W=-Aj2P8
z?o@N{XaAYsvY{CZ834|zfbFRPR;hd#&{h2d6VJCi=~Gzr%L@;OHe83k7s_KNkk9Oe
zu$3@O$Mlj8dEZ8@1FpfqWc^vw#g$r7HV+JbnwDiPVnQn<S2I<Q{POu$uwssOwHYYN
z?oYQ}t2Zok9V;3~A_);|Y^UgtMf$5RfTcPts)E(ucM8#=Bz&~<hWsq7?XBsF0RKy%
z_Q#nCHGS?osXZ(+c~fjZ1r=k&(F5@pr97J<Hbw7vQRXUJo`z7vXdg&UCiH10;5{B*
zzDfb1mW5s|>Bjc?Nv8eo*v-P~?PX&-)XJK*rS3Q^WiOM=B3I-VTntGW(>1xn8ytl+
z&NgSv5NENc%MCh{rtNW`^&8L?;)s%jr#Z8o{d)Zy6vmuPH2+g|rkv-e68EF`H7>EW
zS}*80ilxm8a6RT|G5ekHa+muO_&b77)23VS-+}tyE4a1D0vJ080N%E?mCc2VJ`H%g
z)@cjdGb!(#xu=@obmPwG-VY^|hkv9#`uBd;u1AiYoy$I<c1?GrgFzVF*QmJ%|8)8>
z^aq7h#q{5je=;yL)1lRK)vB2&1LmP1L&4_D+OBRCMSdU3H)!2L6y1{?i&h!6po-^M
zTjBS{iS$)^GVA?I{qugu?%94C^cjnGNyO3JjhjLco-E&Sb{(*}0ZhiUaz>ZTHYwCx
zg6AE9kRammLg--9e$!H`SNNaHn{<BjO8%-I`!kLlSZn{h7#_+TB4-k2Ag6k8?T;$u
z(EhP$P#7F}Bk96C<i2+-xC%!yr0OG&cejv6g7FdHSWTPlmXOrm-ahdOR+-0}XKZE&
zXe2)zCG{%uZG-^em^2}Qu+ZI8eMYyjt1h*1LqQX>G7EwN)`{S_xh;Q=kYC%jh4e(3
z67p<`oE~u)_vBCCsZRroP!j$V%LjR%OUf;>dy$zY#Nm=Z+msepsiy+FH<EJRhqu2y
z$=P>d0(+hrL6>QMMxix)n>qWfJr8R!yApK|ZxzZo$4ct3%)U<)>u6{@d)gcEp=RC;
zp!Y@U(GL5V(wfDtv1HlQFjQ)h-GV<lzDFr49m*0i-;EyQxjMX{uyDkYXpW$))v!vf
z>M#^8Zn0xLTduSy=xkLtvu|JG;+!oQJ|j>^tT0HMuEjWL*uP}Nvt#H6VI+E1zLH+#
zwqQm^w9B?c6;M<=wgG7@e!SxV{61ctf*Kn|SdwM%^_+UZH*1+HF4U0&o2>q4QKx>V
zK1L32lzU$xlKk{Y8{>uQp)>`8dC4gOLx1}i_C8h7_xAHfJIu@T2=z;qo7*U8CMUoQ
zEVw+rg$K>nC~~2^@Xc<c@9w(%SJ*NcXCh`nOzXiq@{Mol#y&IKOo;IZ4Rn8)ql|^q
zMpI;^^$K?K%#sJrC<B)5!n^6wjfXh^wHT---R_u2UMgrtZzkMR9Ns%TuO80KNzI(E
zM_$z7lc3=ENXsY(i3s9j2vg1_CHC^%_;Zhskx6#USJ0YQrf$Ym@tcd|@{QG(Mee^p
zu`M)BY+WuR2qE*2sOg8I4KkwUWyt*wEHoE7?>zL6<|`s%$N<o|<$bY2b{kLz3l2mF
zQ}tYa1CtEm+NfwEl-k>W9TtG6;|AG7a-T0tW}s|*fPHqM67iz#g$5_eLE`-fJMZM)
zU*IFQ#XNQUV0iNT$?$(bYrYjUm&blNi{EuHnvgP>-eN3+dIn%vJ8oS%mR=S#6MXKh
zf2_dwVY%~M*n3{~IDgV7ZzuMjSPEeDKNSvz7;>&1{X||(kCBJ2nojG7$8~M^jlT+x
zS{^AYGmOwi)$98v|CROJ(diZcj2%}cQ333Y+`QQp!``xjP$J+WyJ9vohPh@vZ=9K_
z3XW~*@Sg71u9_)MCzRC^HJg-u67tI&!8gvv;pIk<wa~3O;%IW8Z>bvMRrtMoPN13=
zdYk&0;d;4(L|H4cfa4|FwX~CPoETvw%_4&a%V%LRTZ$HucD;Ma&XVy-A`W1RNp|x1
z4O4{6rGI%y{AVC<^a;~eT{FME{UJY!CBYCM3J{pOFR_$*tJ|y38aU@7T2(VM>S?ff
znC!5pDA#>wymOs_OZ7XN6|nIxZDg!&*(?!$IslkU{}={=d8&Q)X{NFN3~S6cGnSB{
zs}L1w`dv>Z=y4pQLW|Gb&GV}JR+QikGm}tT<6c?v-}V!)hGWf%Cd0pR1L12^Kyw$G
zE96*7;{%x9HACK{x4-l8xipm|hPRSjWP2tkD>-B%SFEdC_Krg}@~-BpK)+9FhP4>M
z=-!7NAJs3V_3?5x=U`2w&9Yf<Hs-J$GF%U6V41EXQ+}9739)WzO)cS_@PQUTSF7q&
zb$V-UF6oWC3y#tt6yzgcB4s9(<Fhxo%Q@QT2^dX%M9y5&5i&%`b=0YVZj}@EEAY^O
zXv)Ll(My1>t+BDOyF&u;7Fa}#u7-w-AXFAOoQnM>6Tk`|;NzJnDq<px(3fPre&Ni$
zljC{NIE82sV?Z40SCE^nIA#2GgjYa69Al|>x&KLu96?JKKn=ZtKp;J1fGzqQU{u}=
z_`m~J`B#@SimBEvt;=5QF1h#ihlrhXL_7MHCVu|y^C>UsoYzt93N1(9>lR+Resl?u
zJl~R^3h%lK@REJ%v;P|zwG0V3-;R8GQR{dV9(01Pkz39?CRUX_(A&P!DoUsd%xHJd
z&Y!NenDj&qu@^Alflf~I*`ClK9`jsvYY&{Q^?r_^t46hoN9)9MSQ<^zp^;$ReN$sM
zZ^Z+O=7iZ<W|=S0N2ZKgFeEO#K7XO>0en}z1mJ^Is^AwvVaDhng;JesyuXe1Gn-!*
zmlpFad%-QBoby`F-oVk`baeEYTg^yrxSuc}bwI#$FdFc(C%V2&?Ysn-hThTxRq#2$
zP0Lu*@$PdYuo{8+0IADLsWY+y_o!|_>-YR)5@G45W&dd1-!oi_PJaQelUA+KtLOs&
zi+2Q$+-*B4y8gg;FdK*waCdj-kRP)PhWBFhlzL)e=&rS#jr03k%HAcMf1=xNCfu6r
zb9;G2mYAhK*mJWcO!>0Z8l!n4d@!{|`*bP_lwZu(UB~5nGB;g$9GdHW=sw0gDuFTZ
zQC}~=o?lTT+U{o%f5nwT&ipM9X%D%ochAG+ci&aeohNU!HV(S6$tH%xzXA<zF1`!I
zAtZcAt{Uv{xSh4yBOHq{9puo>)F2(sa3God@O3G&L{j-UFz*zYZp)#<g}Bq&HQ|gy
z#g%hWN@TgJhC|rpV?A(&$7w{(%aM^FeUWcMva{K}Dp&)|&JnMbu!+LzfK8GdpjXCj
zJp%l~uK_B{?t?(P3<8cQzCtf$ihkwi8-Fu;avErLE=Ram+XiKFK|MniB|X%LvV@BO
z<MW?Ie?Ad~+M#OeAP<>BjWE{@50p0&yto!%0~A@g&VvY`J^p>ly)HQuh%m#?t*II(
zR7q)MP(sCt9j0o3&aG^NvZ<cvz-wxsa#erjJ|-WtWoh3wcB0GUkQm_YVqwk`8TAn-
z8SLz^$8(pu2Wr!mUv-#HD@&IfcNSIQ*()xJsjMm-M<6lp+f28-?<zq>L#f7n(tJhl
zoc|Kr^rp0J(4&`E*ekBCeJsO$S_l&GkT&Sde>QB|;}@57>eupZ!VqvUsC}q@fV{Yz
zjtE1+m$B`5E6<i)o_{e_in<#s3W<VXZNL~DWBCbaHAwDF^&F8a@d5$!9ALl~%nce&
zO#1{fwz18zv%PyK{yt`+R548&13@bH4KWcBjbaXyIUPQ$0h2idWV^*^L2uE96IUUu
z^mdJ=GFt~W4xuLFyp^A7fW_Hd@(fN;tPtKEl*AZwU8^d}8+VHbS~zF_B8PBr64tsW
zQhbIuEc!(iQ|`HqlXiWC2Z3T1wZQ|03vn4+j;n{e`MZ_cxntXULk$NdaiWU}m9{l)
z42~pHYZT<JM{pto>PiA>EfdAM*>yLC@Xd{S0?*LQURM8!mrYL;!<ItW1%6ZZ!<D&Z
zz|Po&KHCfDo}l}^_RHtvKfTlD3=phg&lDR>;Mo(6N|m9mjZ&%NRH7Bd`UNR86sZs-
zY3oCaawNTD{fvHbpApcN<HA{Y>14sh7V!LtqrkTTFin&+HSsT-+-5!vw8oIHtdLf`
zJ|${z%M9o^Gr}!(HwvS!mibn!-yaa=n<<<g#J#$haZ9qG`}#9{AJKTe;cPU?#Gm<A
zcl5CtOFQsP|K<jB9ErW~H@PRA_PC1@`P>;k=Z+;b&Xq4JXp-L1Avt<|v($vT&hw@D
z)j&9jf^@WKPt!;00~soi`^XHIiDQi8sT%iWhiF|tFC2o123mU_ZXp(Lbl#eBJKsTJ
z;=lM09Hr2OS8RAU0Ctwwm7{ICXj(y^f|M=icLqS3)t&oGw*L21uB_mL*sjjUu=>nb
zm*~G#p2s~qFMynk%gf8hv$%kedYYx>i<OGZaR=Pf9@9+Kn0dy*?5~Q~4sTkR84TZF
zXOmv$yu19I;!C=N)@7NhGDNX6zV&zl74H-LuBj^`ThO$l&|(dQS`Tr$xGP|#$6KWd
zRk`PaY02yLPbOD+AZ{ZeO55UtoH`Lz2Le`?+0GeNUbK1+;iDf_1JsOwycm9f1#ZFi
z;X~=iHKGJtl|kj8^z0|fKU3$f7710H9y9q}<kWxzx{K<*V9aJh`~$P@pS+5fr`)5P
zY7idNbwMr3TmSd(3x4rl`h4sXKx?B6C}I8ts~2+^(vEdrE>ab~q;D-QQ?Jx(JqJLv
zm(^4MX1gUKUIHp5OkIc89d>}idVf$d>R3L@=8dvLs?ZVL8T;<eVw+f53e#pfwQuV_
ztGVx}4Dqz}%0qX&bYiCS-<TD2^_w;~`t9TykbBbo3egUzd`-(<1}seX{fDEFKRt#R
zhMwQcYa9iAy!~T@r*+(=x<qPol;}Dxme(ewA`oMlO@1oKq3YlNdgWKo#8ohSS@2p<
z4e1d4X~q>DVD&G!3d;0qB$_dPM@f27tAj;VNhZ{ukLgn57F9>RWLWq|RjBv?PBQ@@
zuYq7mr-ZABcuU(4NI|%a8vR}EGk$-`X`DTjN{wJSi%{zee-K_QKDT1@kRs>JV|PfO
zkO6d&>WUi;dh@S?0k};Y#hDH|O*YBX7;ol(u=W27B~i%!bY;J^ITuAK9B?dK!-{jx
zNzV>eo%-nt=&M~*?JY?=_IPG!rW~9I!qUV7P3q{Fj}Xayv1~JbC(`=l+<2tS&4r5(
z%;nlX+@WqV<9YR&Jp75yjk}xGDk<(XEMD>+liCkYSAPdui8CR?D?ZRF#u?b*V@a>G
zHg0UK-e~zn18KCnV2I?)HM3)=2`a~N6f`nh^7b$n$EMP?+<l%c$gPPwSZ;ksVtJI%
z1&&LslmzV15hhncJ3HrUx|G|tI*(3InUe3lduIO3=cz7x%v47cKWy>RpE{K;dY?Y_
zTgN08b8|Ht^(H4bu)`G;1IA1Ms(821_57B&4h$x({OqvO0u*!aT%dlN#tCwy{~1&z
z?tbJ=3D|3E&rQ3zuXZgy1&#fI_sndVtL&NJ)Xdjoxw*cUIUnC~!J&~8i79I#3Oz+k
zy;*tA%t4HTb@-1C?UuzzW=-98F8i3vHeBh%pa0DGO0}^`zMqkM3EDqq!9I8VoQQ2b
ziL>56F1MeR?b<8$fxa+h(R+9yd|RA%yp@MTfAj)g)KS0P;tj~)a^Yo2dY+Q!y{_!{
z2B10Bobbu>U9CZ#5L(#6mqov0chwm>t&dr>$UVAb29iAMmzbp5G<ey#xz=2nm@4nh
zp{t%rWT!>sk%p8+a(nQttKBnOYwh8)61ZHtUEFE@VPe929IUb~G%PgwFA6sq=L-nB
z6^2gxT_l})oDHk2!^PF#&6`<XU;@6prmJ<vOFAFX`f|p{uNR=-^|S3A>~gr+bu~}h
z4)Ho=0EWw%hf+k;%f8P^{4^u0gd@ut#QW<$foQgV^AAC1S;yX-rK;--kn3uOcdk9w
zzi%+#55kp7lnS&otM4o_S$_jwD}e#R@54ydG<VmURLHu*{#S=Ls_*Q;M|tpSkKTP&
zM*m5gh(QlFM$%<JV`C3_b%^34v!pSNW~fNu3?h@8gA+8Q5yp&VOo56|Srq+;yyo-P
zNd~3pHNqKM&=VT<sUodea$%)XkyI3k);IS)l53T@hxwl)9j}-ScM_ccOD{Tom;YLZ
z`c=6!DTP-!kyPmql1**oY!w{oGCR72)t|kRuQX~5o&b*GHGnOK|5Aem8CM6h%m=B<
zw?iLKQoc&%&ip6o1E2}+-R=p$w7Tq!yhX(mQ7ZR*t&{Y<_rc!wKojMERHjq3fsao~
zK1F}8r@9y&TH|3Mv5i$l6ZHQj0dcMIV*q3kfFCje1YH3KS4t`|+Rw~+Qbbwk!rPhi
zSZam;;k*IFoZiJc(|-@R|2jPR_kUl?KdhQ7=Pn0~mA_9A*s1@287fM~+QdPBtgt+&
z&E(Kc*E+m_-n8j4NR$EUGRmAtTXXE1K#b}CN9k1z%IEw20!dPF;cpEm;J08{8?0LO
zRm>a5jxz)VQVH_y>uZl$hM-ad!uF|r7n=lsb8&0C?OG!h%=&WMuv$_6dYGw+Ab_>8
z(@Q=5L%>aA`6c`@>5@Iyy!IUZV7eSV60g;eY-qAS0ucBb@TWUMOx)dRt*MRgQgy_P
zukRNBK5PIuH@5&I{Bn`2tz(VZ4<Fj8a?&|14P1Ux16g8$k3iA;#b|;C$X{}@%G&~y
z5gBN+?cuEE>#@p?gp*YhznY8Bp|NompsH^&kHII$I&c1<b&x}Ce}*g^raRHPtz%Ua
zmLmv40n#-9|8cf;`g$Aah<5|M&D`Q5pVVL}-#<}~3uR9lyD896MxwH`z;V!|{zG|y
zRwy}oxfJf=EqDhI9VO}Sbi+gM8`_h>JHV7NxwrNoalLuTf*7~dr6V|!D1_LtqYfa5
zi~wUyGVc!|z{J=9r6~l+L6ekr3>|q^<>xMvVl21#&iDoY^#|EkM1)OvK-L_*R4X8B
zdb);S+GfN!(uR5VQhy2e$0zjwovJ^nT4;5d;syX2W5Yk*xiVUnH8kMJIPvH_*&03&
zg~$-vV+xO9Fych<S$hZlW|RKCzKmX04&U+y=T&qe(7FKXn@6(|#?{r;Qgl5Iv@$n*
zjNgU&Z^^@2W`||OaMg<|Spdj6|6NALKECplIvi5V$3|`)l7%Q+5;tpWN72elY`F*I
zpVv71JB_bJ@gfwoiUe&IBZJgKWV`1!T;|twe<Ji9uLom>y%Rm46hQcJiPUTHWk<<k
z?Lbs%L_Hkn&B+_aCc)u($2l5r86@Z9vSRsKgXC0+P3`5i9-J!Pcz?hfDc$&&8`k4K
zp#`r5a;H|4<K6-aG!$qC5SgXwNOT*mu<1xH2B=f@UgxQ3{Ajtu6ueYo`c@Yk{E8h=
zwy-S$s0WrWaEsL5R@Gqyy8i*F(_z;6E?z!k+zY+{_B2SH3kayl9~Osx^&I^$o38$H
z^zR%HnQ%>=U)}Y5FH>K`vfenw%LZ?<*yo!h!v)AXx?=H$uKuxm|LH!8{IReY{oE)n
zoB!p<aiqMIPUP7JxRJe&z*R}UE;VLE(HdI&7*1@1Ad`+QQqu<)LN>A$CrmcjJo~cC
z+Xbw}91?#egDo<_@<~0z`ivRZid#}X&){-KZEPR&z)AaQZ0wtjV~a|Y;hF-Gh?S<N
z-c^ave|1@o)iJNfyZgN_tg6|hC#nfDTc$cC4ty{F^m-n+;Ih_M!eY2x)gqHE5e39F
zN;ZNID}e4Ujk1tGbVL*v3_uP)*%^U{5!wbESm(`IZD(I!1}AHqnr;D173whoF5ncE
z%YyIQ!o|<sL9IlqwSEeO!KFndm%j$s*~Lt?-afOFk+0{$&6T8D)RY1Q82Z?_5x*i!
zzpO9Uc?42d^+tOxoiwq}hYbi2I2<T>BW^V=|LV-B1_Ghg(T9ziOc(S${my^WG9Dm`
zw2x;CXuh3~2DCbWdt^48E$<H^Vg`UAKL`|W_eD9aB8EB0n>2&ilyZb(%|<4>R8h{O
zHu$5^yGvQa`)SI!&#x(^tr-E%?5{$b6Xny+{Q1|Hec@!@`+zo)a@e4(9B-P4tdabg
z1p)>Zw|xkx{vMN}h-KY_a26Jfat>;YZPm!VgEHhZ)RiQyIB&^0QJIF_wX4Vhu^WN1
z3$g0`KAxtbU(>d~oJvxu#@{XSmv1xjyy8t+?(^CUdam+qUjJlMDjKBkq&AlTt%WLe
zf-yT6a1#!fYMJ$;J*OzT$Lg%-t8ilPVxWm4CCB7w^k#ghcnkZiMkDu|S~lgEzu9bU
z=`<O)o%k!*nl7ALEU*XC3Z4BhWEZ;3!=zW|7CQ+aeL^sjKW1S(WLAd%_n_QtgtdJM
z`nSiP^LI9LD^y?|T00>(;b0UB?<y0A`1PUlk^oe5Nir`pp<JkK4H!@hgn@~<-V>l{
zE$0HVnqeT3W2+aH_3L$+YRMN@;FA2#QHJm4ic|;y^jTtqL8Piw)tUyYfN+kk;^beZ
z9-vP_9|Hy>sIG|I$UATG^}e?vXdCewp}+C}f}2;$050gVTdD{2TR02qUf|@IXJAqU
zXb-M9&Xj=hD7EX}I2cfkim<Wy{d@*w0t{BV;+WwK$I5*g?`vbhZ|^xLKI0@cq~O10
zzyJ9TsAqF%dIP{7pILuZdz^Dko^Byu8dC?NsT_5J$Dzc_mU)&6JEDLIDO8}tf79vx
zbK;8sWE|!pvLuyYt>e|M!(AgBy&dNROf@TMr36j|SN^2BVRUL51L3OQ<EbirxA0`j
zL)HziO1X-SjTgfHC5|b(fB*e$l)3qzW|ja&w$p-{@YAN@)nwPd7(w>)f1+0m!OO{i
zQmIgYLeF5dd($rYgT8*O;-#f3VS)Hkq2*s~mQXkP>e-tKB5;|=@a)||lzat#^*@Go
z9(z&+@)MLp73F_iY4kU$NPQ=qBv3b$V(dht{$j!lKNwqu%KzoX@*&-^rTdCUncw!t
zAUu8#=c)fMcVB{HU)SQCawGmgCi#EofzqJ=#2o@8aUe%7Y`nI)WKQARj=+3I>;L`*
z7XjL=k?_BFN5FqQ%772(%P8}L(}mBd{oi|tXZ>tPKZ*vps{Mx_Z3_P-p`N(a2~VKD
zN_2+7;D4lPwO)+uXDFc9{?8AAJ)C+U`5*|y^ndZR(H}2y8dexF(P^>nPyVMVpbPS+
z(fjX*Hi|iV|1Y!51I>Tr&j$4Azn?U@_&q`n{|zav@V4<%p!`imdV~0Dh5z#2^Vp}6
z&=E28NQUZg7vq6wtOC#fY9zQM@C%W%m#4q~|IpjFt-qO<mJ{gsB|g{@{*UEe_e%Nq
zjEI?+(IG)+bc#qw!vBt2Jai%>)73O|+5fkSf!kJCpju8UdiU2)oO=H~vk~JZl!*EN
zK;5^r^@IH{)Gk<Tnlt2kjOEolHxx`W%m?>6Nag<)MEZLU<!G?0{(_t9-_UFd8;!I7
zo&5^nrtMNRn$Qv?24CfE3?u#DUGN&Ksn8NGi&U2^qz9PJ-#7eUATvt;7|pT&jK0li
zy*;rSscyP4pbRl~d@sTnwHP6WjVM79|HpBgxR;9k-N)#HVI)(5SZN$&My{1%CzC!P
zke5fU@SOyjB|)8aKi;P_6b-?zX)WJ#E=%1eYjK>AG6Id?hM@~LRt~dME<|(wjTz?o
zGJ_OK*l&TAE^2kxi92Xvri@D&Op1!yWFcORlL@%>kh%X=;q^A6!Jx&oOvFi3HsM4Y
z>*nq22Cn%#nf~4H)=MeJ-I5U~-C3`H4M`yqu;0HghhIf64zd0Oif2bheARy;%5C#z
zg>sT2VW{9M({_lMAcBgSR+y=)XV3OWxgj<RMoVgpdSiiJXH&$^7_~6mJg2V|4d%<-
zv-S}s_Cx~f2T2X!ZxQxY5~+g{uWcNoc8w#9u;mH~unopV46%(hl8C=j*ouQ-EgEUq
zf+@<;a!_mwq49ij;{=Qty7$-<wfnMZBer=jTJ9j1D-i#rXrD|tsWqBQthQyQJ6?U7
zmn;fZ-(0(e{$S;3hP%7N;K=e0{xUOVqqr4{98X$36)&d2$GCEvZB8=^eoc@51}<$A
zkC@P4Y2JD%#YCq~x>owMgdb~lIl*EYPED^yc=ef3pIY9VTANY?GNoY_DRU}ii(h}V
z(LY@2-vGfZWOjZvv^NukgtD=qG!PKKZ9&38zYG1TXGk|J?riw}syEa*m-XZ5l}qdR
z37K&8XI51&&E{o_1HzvZfqkANm0C=kKEnkO#dFnI7<R8d%&a_zGn<31!dH^C|3=9g
zB#OqwBZOhT7?W>>e<LoSbGyLCtJ~>j@nojoO?mGki#nCiS=+Q`Q`JyB_b>w+L01mO
zX%8fI(-lk$G)8Ytff*f-l1k%g%`G0LBqW5vEArb+=Y4|5IlC+%k+WEHT<5~7-4CZs
zY=j&ic(j)gZS9foawPZUgN9Yak&_52ij-q7-#B;H{xl)rj<t^uB-QFg4<(*jL!Du<
zL0FKw;5r6Nb!zmZ2NT6cJ3_9ug2-=nj(pd~!?Cec6iKdd>terM4``m=!@BTT^s$Xa
z9~1&*a(JwJ;}K7ruJAG$)YV0KXqJ=q5KIWZ6(4u|9x<lm<O;tmc};lUTm}`OX$`-t
zM;taTrol~*3;ThsOQ2LoH{{F@YdaO#UT3x#JGT?~p4Yhs*iy`KnPc9vRie`}j@jOV
zN>43qGd-T9Chfq=-x0r)$Ph?!efmb#uiz)?c)6chBnhRv{z}-AV414V$gw#Yky($u
zf~a#`pkwb7q)XR`41fJzYA7_GdUOX{eKqaLhX|FPp*7eNmEZEGko&eWvr2>`;@_1o
zL25z0WA&u>9*bDs7jf?Cm8Nn!rJu(!E*Et33FW)_%Ww)C;MM!S6#Lkup!=U39l)*b
z9_cNyufOM|q<<(ymR06P{`j%@hGfB|qZ>`eVjqcEwx156EVPzFV&|$$@bVg0$aBNI
z>tQsQ;n85-RFc$XfOovCX0*)7{a5}B+-LsD#X37I4@t`#a>p)kMYGW-mM0#nloogq
z({RqeR=wYhp&WX;-va3X3-*Oo{_3KgZ5*MsmC0Iz)4YE=I>pt*XEyb|+OSgs^vide
zyXyfiucKSO)99$lg2Wr#kHy^Wh`zFg)@mj5CO(7fPj2FBSl$@)+!);x#1gmdOfutU
z`A&@y0EW#H;3-W<x7@Cw!tBusO1b)9A0fCYqoLDI3F4Zp7BBuWsQ}yI&gFHGVypvY
zt+)st$Hlvcq!d~b5U*fMi`KU@s)<;!a5A*-%#rFC)TJRzUTz}U#MLp?+Brli6kO{4
z#Rq9&Gn!600iDNJpk7!-l$+o_mhS<N0HQw=w;5JER)_?_td~JH%)WD|W$eZ(h7vpc
zu`&e7*mabs!oX<CdA5Y*7S@%cvT=ifcvQDVx?m7Voq!VO?^GhKROb^i0NzP@`g>^W
zZ~QH1!`peiuS{q#-70aQ|4#_VFNEY7Q}#OSb_u*{yCh%b`psdyGfmdpAj5sm1<NL2
zC1cV%d5>AybtQ{Yg==9|d^L+YCxNE+V%FTc3sh`y3{u}E-|oNd>nR+{V=5?NZMUj(
zUOj!8XEP5^7G0_tmCx2OG^C}m=>3tt-js8D<uG;3#dP%JQ&6q5jD-m#lJh#fRz7iR
za=|*CM_Y@lbl;%(^Vchr>r=`cmay+lpLZscbxH+LkHmE3CgB7F%%>C_<&GpSVoZ_w
zzV_yX2nG(s(xn)DrZ=TzFDCCRY*Kj3kYNQ6pGf8FF4Q97C3xHSC1M~u;_w{3rW4Qq
zw7x5KKtZB);x8%)o6llB3`DG5jpaZh;1<P<pg6<%bs8U=W+{z_!?c8@5!O31Auze(
zT&8MyokC<J&!^`#7iGA5p32#EMv1G%xH9OB-r(^?{RVtj39XZ}UWm-~zvxgT^9ezT
z_W!$YL?_D4EU3Pl)VH5u8vvNG9TB6(-8$`UJG=NX-qJU^@c-=@{#^AzYC?d`+SEy+
zZmH2_YW}5DAa~++r+1<2F|<^zln~^wwk>jdZothaz#*tR+cR7(55kN4Y@_D`@BZFp
zW%x1tQ?$xEzA}`0N^WF$oQCOI;TJ-fQh9&*8$<M}g>9?6JuffXnc^xrxw^Nbz8mVN
zCl8-ux;gzES3<_KJ?+<AQWEP@c_V!Xhl%~^&!eJ_onN#FUJgQw^tVd92~C%#$7{$}
zI^t$Frce=SnEl?OxezSP#Vj=&@hQdR6?cz4rR2Pql3cep3O`gP@V|Xo^1&35jbwP~
zx<F@D#Q5{m6-!h(;SILN*M24%EX_YAM*8~j#aDY!{fi7N>e62k-{}ajs2HSvX7zPb
z(SRQv4liGFT+1I;Q^P30{dXPS?iCdk<-jitQqt}SWsCj-ZE`XSEhDDpo77wIpcoaW
zweFXuj6C==?3`fp4T?<d4-$$wNUyLCw{8;=H3*SsqV+uDo^HvJu${j(eELJ_pyFyO
z*P%hMRITaUVN-UJN-Rnd6HIk|@Wm4?-l74>0B%-=N*~iXu`Rw^_@UoE=Y7WOp<S;D
zJ{dbB(qQij;OFGOjXCYwseTyi?Y|{OT?Ro)_O5}*=7VL}ju_*qy;}_rjK%^g=-GMw
zNS+aTfGJ-Rggjgq9B9(&Pe3btcaU!ExVUe>@)W4r7NwrGvP?i}{6^AHq&sP#Ihw7`
zs4f4rr0`lvjW`lEAoK0^bmAZbx+Fa7vuycHY2OX<#|R%QT%L!J28PX4+4z6R>TFL=
zqPLr$;7}0G%st26&x-ES?O#x?g%Za0BNLO<<n!qWd}Nm<DhZ)J6NYkzPM|s2MNq~G
zZ{NS`m;9Q!jGW0Dy&0scb!GH7GuO~|s2aa|)%o{eT$kUPvFttmpz-v~6qsJCLCC<6
z{&Gn_D)_R+93JZ1r*V;3i>IUS`f1`8f)n>f-<~<UOjacc8k~Lhi^9!5^IGs|ue)e(
zwUshPEs8bxhh5;HQaHIM9z0{?CzJt?36`Za{mFJ|>iYZ;s@RKuz1Lr2#c^<U3o0wE
zBe{r#;>g^P2Ib9~@J2KoA8uY?H9I|lCND;lyo(xTOcCV}?dy5?7;!N%{p1{wj$!K*
zRGUzTOG%qgDP34An^WoFh;)U4o&`mBMjl>t`S0o^qeQ00mHt_%z;gDE|JeBfJ2-ue
z^hU_+3l1mK92b3&pr_tcz1@P*xJrY!$w`MNjX~V@RG$<aq5{d*dc^NmXFVB}g~7+I
zuhsZd$XUs4R1@*O$NdVuTo_w?Xj`=ok_uSKm3;P8$^8zC)hl)*&1@HEk!dnJ;udU`
z_Ls3Zlbc74RZtI(Fhu>#ek!q;O+V?JKUJG_c_I8ND$ZzC@lq~sh!_`Y8TXn7aupVE
zD{lhJF{QAgmHPTVNU>d0elisw4Vuq=Dzs$t2!H1oE-v`;yjuiAB%{LzG7^RM+8(lV
zB&ujDn>?F9o(Qal4q#tc3)|(s*!X76+KkIySl9wy$K=7&nu92K^-CU4q?=`+J*h=7
z!Z=HdMo$y5vQFHsH9NNMv<t60Th%0Q-Ju^0f5Mvo+r!=H%E(CJRhwiOgR$O^O}e5}
z4aC?TvFu|cza))>2SqDaQ+yWZ-o+nQi59%_sJBML>tZ6YZ~uIVMSU2QHYq8xT0LL5
z*EWP&X=4@}r-j9&1fkwUHlH?ai5^!~6{+ZoWbf$wupC%AKr$1u*E%tsOV)%w#GyK3
zdbdq?2VW4CEl7dxS61{f7yFpM{owWcv~{4gb|uZy8}sv!1hV!8wcX`3nTG3W<3LS9
z&0i%_M9#3XxsU4U_ry3_UoCdnP1l9+eIL>TnLt;($PY?y7<^l}?{qO$9+s-ymWi5=
zNtbL_lhyA{or32(#V1J>;`)QB^u5U6ja7Rmk2WOEj}h7wQc@)cb$=VpJ<8o(9(~w^
z@~IqN)?WB@Svl(zqqe7p<~w%^IaZ^agaa1jk3kRjr@p3pTTn9%MM;TqH<#48QtmM%
zJ8gLW#5_&C6?aLORqj<-yX{Wv2BN}JlR>~D2-J1ExuzaGC)&LDH*3<<M!Fy+3^H-i
zoC_oEZ1G9mVGht+c#e8V9NIeP8DAgraP!nM^0MCS)eB&WOaD!wX{%x}dg4Y58K;NV
z^IT%>`J|jej8~Cu<99YhbRd~5bOJBnxQB6lRM9BlCg|zO72bZ?6n*K>CT&jgzh4MA
z*7Gpxt&x<jV4qz!ZHmptivOIK4(32#KivMQkO`;%*3+t6q&D08Dj`?M`^u5m4cEC-
zB^-(MbK&y_X4h|eh(=#z7z4Z**iFdPSRqVoE$H}tVtyiC_M(ig00gz{s>JirX5DaZ
zJ~m|*<sGBe<F0snr>ADtyKe72`EfO#n)xl+rdsnL!Nggjg76_sp>vAZf=FoXHrM9u
zC8z&<?U97ds>g~??S3&CNk~TH@;(<DtC0S-ZMJjPvOA<)H-4@QiYt7wZzH*s`!JzM
zH7DvVbjEM0QWJ7|Ey0zh5KAhFX4~St7Rw>~i&QqQ=d)ND!Z=8Gp@7fAy00|2{n|8_
z3sy`?X`vIeE%Etoi0zk$(b|<B=D7RHgX6J$SlI4;ktSJ-{=2LDf#dO))oxQUX~Wfw
znW-fW27FRzlOTzH92!WkwR$V#*`AElCZLDJr^Mwbd|qUKmHkb7#-*?TZrXtp=RQfe
z12=gm*V8!m0RA7(1D_csSb`$H?xy#<9)^fE--qqhk<*pb!VH&U4K&+j+o$!D(11>%
z=kDwIn$zeJAFv!5(cWrbd*Jme=IAA3)lsQ3n*B&L-?oHYeW$Miz5+;yoAXAdKAVm0
z3X(nkkP_%mrpD9u^*|`O&u?nS`#wX3mdBdY+ZkNPr!95I&dcQmLzmUeXP2il%~jt&
z=AIo#L8FFG7e1ZNs@rpz{9DXXp4!U>$E*_W_{3gxwKB0g&Ru_0cxdO=%k<vmQv5xl
z3^ov=`U)S3XC>qUZd9tC?IQ?R{mK$Xb77i!=|&^?3z__)Ml8-^&|fDiyC;&g2&9=`
zGP!?j>DAisN^5S?nyxW1>GuRX%#v^t-TMQDG?}ioNe;_zO2++nG&Jn*VChJjnJnKf
z-YJ6IMk2@aD7%kOt1&ORK3BN+JkDo(GA5x6Af6B%u1*TJI6JlT&r`Jbp9(NNUhCSP
z3b%OQ&L?{r7frAFKqA+0GY_*BT!uf^2mg|9_IT(>_hsZHv3dJckjtjXbOD1D*>-u!
z-F+`2PVt6q=3FU*iP{E|*1W77g#*^%+tuL(dX4fr=mqf%df$98w3nU0IK2z-X+;Df
zeEvQuJuSLVw}$=xb@4)R$3+VVW!~=;)?qVNVzJ4F<H_boc0IueL;>*aU(cg?9S?G$
zhwG?LuawMd+^QZ>qk+O<QOo??VXE#?b&8v@tjfwPq|MUl^1-0>e%gopu2)!wc^*`=
zw(KFxhkm}5XJY)F_AuRE%Q1{L-o_XYg(uFA=nGf3`Om%~FE#`c40hJYQDf7Gi;3lj
zfUd^AW<}l0rwQigt_ha=HOtiJ^@~ye$D$qK=goTZ0ORn6t~Q95A$05U#jnTl#q&nC
zt8r#0clpe44}ol)$dnhu{&1XL*gJ>Y#q?9V`|$(&+x=s@v<^YW{MO7mSyzk4<iEU~
zsKI3N<uk!(9O36`(#MHx0_oW;bJ|ojMWS3;9JPN=Q~aJg1DYTwUxuD;Xf>1u50ILz
zxb9wku`M$GjI8US;(rt$gP%1wGhc5sp1*%Z+xmnKyTRwys3ffqejDDg$bTuGf8nuD
z6`z^q>3&B}OblZXb6gYrbQZcp<?(!6Lk&@6K;PR;)kN`7`PFPI9KKLM6Ryt^A*JK>
z{=?rgzo?QU+{wuP`-7(`#S`+Qs&+6s;+|7%GE<gn>s6Zg{tR8L@rP-&ucToC-noC)
zmwV4VFJJuhVOeGoj<>}c-2UtRc&(145M??1FnUBR^5}Ma+E+qw5~2;2w~rR5{R3rP
zI~tYy%QGjPPvyF8M?6D6)^0B-BS$~gcn#DXx4e>EXfh_<SdYrTlifp?5Sv#@!;sLJ
zZJQxqTR-_JA>83Pc6Y=4GWz40Qn0z}>6BfN+tAQ|JAZuQ`1FE!aBR?$X3GGXSH*8H
z*`RFf+KR8JmKu>~ijR2Ig7wElDdR?vHD#O=#>Gt)W78m}|0NC-#5PoYaKh5qEO2=>
zlw@F&+E3P}!9A!PveEBI>`7ENBV`Bu0Z;Pfaru72_g>W)ygPaIukdxe6M6}y{SsR>
z+(G(wGx*1_G*QD0sMv=Txfr)%yQQjn0R?)dLxNvD7tbq5NoL$U;IXb_pPE%!B;``|
zUNMSl?z3y=v?WsM2_H9EZ11qgv>RO&zc@q@b~TPs*&xVUb&c0iXf@Qd1EIQ-Na&9@
z<@Q~m|F)yQ3m9BC&B$wF-leG4C$x+r_l2p;Y;}g=v=`mKF;vUZHp2{_F)e?);BO^w
zGDlCg`FN6@MQot`II{NKgSu*N4<s0;Cha+;^nb=wYzyl{`FKRDv2iq1MZEB44ndIX
zbphnDUeuLVz68(~*h!x4o=2B4E2utlu`DY8j@7X-&THDQlnt_(L$w8|lWRRlO>@*9
znLdzQFL(m+3%sX31Bln3ALLPmAA8#cG}QxqB=-b&a5Yy|p=!+T3rFL>u+*PgPKw#>
z1IdtbOYu0<R?1mem#pI^o{eu5^^ux~Ed9Io_E>b?Zh!bX@Fr+m8xu=#^Vol#5&`oB
zOa*=Exk1SxZE?jPyO0r;wbTu8cPdpb6Tg}t=UGhJxjt7iEydPku9%vdN)cH)c%Ojw
zvreBc_(!C4@K>FbujS6KIb~}?F4SZfyzi<JvrD9<etj62=H~U@CXTH^%j}n@=clN8
zM`^pu=C9A65(bw(|B(USdX;4{(0rDNwnhn-uQ>5qJ(W2)q5$>dLiIzeYHg+d-he{U
z^2VYP>}L*Nq`<KbK`}LBNENbc9obl+LB`KY>}u1u)lWmonJg<mLw>`7!_pkcaG|xT
zXOEOo_~iD6*CY1<2}`TpgdbyB+HfUPqYijSeiEF7#fYKy%8!Em?^iz*%==<t<UY$+
zScip)yN1f?PZgt;^BI2mJ5y>kU`}gO#T%580A|6k!R0OgWDT}&2l;i~wjIX`^t<eF
zIUL*THPxH{&I&zU-IIsj-5kF4Tyx(%xQ@(IA$jjzuArGmpzgbfPESK=)x^J-E*}ks
z%aMrbk#wl4?1VCUG6@}mQ8E2W`s0jvP(guv))nJ6Pn%DMF0;yj6rwbh+<$xHq4RRU
zpPujUWU%4QE^o(Km818lK&<foWbm(fL=u;E;<$hr$l6&7j^Z~MMR+HZ^sO_Y77`bg
z<y?2X_UledanWG4-;p*AYE{l^RF87Er~XrC3sIkHT3Rk5q3#A=(tA*rgO0-+Qq3n|
z>wq>tA1BPqPE<&;>sv}E#E!Bawr#NL^BM>NV14$*1mo_C+dx)kO_u8@bXU*k0PBD^
zw`&aU&rebTmjg&|Q0s{duwT)7P<q>o1O5b6WdfjZ>(+t_Xsik=h`e=yHOY6OC{=g1
z56Q&+qA#ZZTm=Gc<!-c@3xkEv{hF%||FOD5Yw#Y|;@XxO?U9X>1R<WZczi0HMZd|x
zNSs$tR{|V?c{2L;Z9tqCbGw_dG6u8RSGe3CrUPWOdfaA`{<dZU%4%_2Z0t}OYYU=S
zMhBVLH%sS5Vdqktw#d$sf+(A{MNJM5)m!1!3x*)z0M~IOC^_)pXuEoU+qHJN<Rg4L
zhE6W9HDW642%Vk*!FaN1Pqx~cRH9Y4JL%-W-Lfkg=HZveI?F-)>FM0jJ~f|67BAQ1
zgulIbD(ZPnE!6RyQr85YHhI{)9}RijuPb`ocOQ&GZwY01ZQnu$eIu>8k$kn_`GV0O
zyBqWb0{OfGiIW~pw4&A#3AFgqdK>p~kNB7o#nIknEcLal<1<4BBDR008x)$1<lIdX
z3c^oO2*g)ME*!N8+1lGS#^+qIrplvHG9%iF&`Q@4&|n9!3pD9U6#fzQW&R@FS3DVQ
zWTr1Umle+aIlP83M9DU7VSKQOJG@iSPOOSl#TK?9kT)N=)hfL?+uPEm(SDcr3B0_F
z@oV0rsd)oI35M5>O+B9V;X2=DqqW1G%X-_Ahd|VL)6IVWVYri2VBD6{X9<PbvRmd*
zBe<>9Nc+P2S)}4(>2>Zf8NbH1_Q9d30Lrg<hxZGni+fyaR`V(7wZif~(J@EGJlu1H
z7@X3@^UAWeV<;p;jz4vD=c@VEHlPM79!Kqp4-U0u(5RVCsufRt-5Yv*<4-5v__J*W
zkt(#u6{cy%d|vJlWM_Xd8+p(b*YVGiKqz~_MO-qvpg+EE^DIWdLt-cQOE+&ap1q+?
z+r<jL`6(VL-Vrs8g#?FpZe+~+H)IwjLmnu6whe-aiBUUvB&F{3K{`HZe!hs7&c?kq
z_Q_BAnUfQPk}-5hT2%+kn0#<`flHirCXk7f^q#-{N4kMJCB{Hk#%;Jb$U@>AqSP=H
zsG{J;giQ4mt(~*<^C<z5g7b1LpRSQ8S!H_urUf!J-2{~d8Frn;az$!X5`5mXRMdOA
zIiwVPo_nc$I>#qQd;quZs910Hu`W4xYU+J^3Qoz?Abx7{+uJa5J{a1{9Zh|aC$ih(
zNA7y0a?gSq_`u4&WAdl?RB*nYqigVc@2B+!oK!B#5ECdjZL?PNa{b*(GqC7p6~m#=
z=aQGZaTcH3>6v(iQKB^8?TWZ8U{f?r1FiV<W5>(5PS09f$rf6Tox1uQPUb$t?V!7#
zY8z@~#dch6uSZ<1xAn$<p9)@@yYWk^|Lw%p3erVm96x`h2^M<p^&j75k8e}AD)s{Y
zkd^68($q)DL!Fxb!!OMfI@VP}&M7eT8|*k&@F<WxiwPMS?`YoM&<M{GlcOZTsqe$N
zbD`0v;!bBa>TqMqVpUy{`Q&7y+1bMw3P=ME8aFQiifu};>K>9LgJ2-%aa;j2q6&I0
zB<D*Bag0QSDP?+*jr^w=4-3zXDGO6MPOmfv1Sy#o;V1VmL*mAhQr4U}2a$FnmKPMr
zyyNOy!!~NRt7oK|!Uj+^?b>c{7z9%`fB4)suI3bcNIu6IKxlX|abLdns!NMl@1_62
z0BoD;IA=3{g<0&NXMd@Fla1;Xtkb@9YB6s2Yd#ImWQei{w0c+_{xoE$QB#TWt66JU
z(8_COOX(xqW&~YbIRV?%rAukk=>Q+0%zkWT-#o)R^LA0T)?(JXMGDEelF@bRb#Hi5
zB^bwS+ZTN6M~OOfI<%bqI`U}Q>ny%>i1w8Zu@dYT+jbLeln%->oQ1Aj)0vS@jGYRs
z)FEE2U3#6$xFAfFie`W*usFtfH|Ce?23hV?9}Br)iC-#wf`t2+IW(^P=_)1;0%{l?
z3TQoQdcnS~;*}0X9!Z}{GY<XD9jGIzWIN3B@xUvM3%P)8S76#MM68OqaQ=!SE&Ipb
zmnuf|QujW*CI|0o6TA;LF%lATL>dK+0k@r3Ot<r6NVPNUEq4~2uyeLC6?AA}|Ic)S
z_pf<!Ep*sH`JZ2m6G)Mpesq>CF4yW0VT9jnuFZMg#1Ka@!?z!)3m&Eo5HAP<dEv~W
zziezFOg_rSj3s+@m|f<uY*15}FN_>hcP_6b;KOnr^=g^k7VXu3btS#8g_z;ntLb4`
zG2SvqlE&(z^p_1(&F4Ibcj@NxrK)b>eBVq-DO<)kMkG#)!?beC^~Q5vkEn*L_b7_+
zm(c9VM)Kj0X@i0ihSe!>4E8oM_@+*v&3;iOM!awx9fZiD7(Ug8kL@cwiyGw~Z<=~d
zF|`DaFP(ntT4?TlN=^`dPrVvrk2=qjeXRrrS2b}eL?NR~@gY(d$7ge)yiJ7~atnlE
zDeFHdJyauRgwiCGt_8fH``zfZpNuq|KFvc8yuW1#UCzW&Ofx6#fw%dPye3<R3&UbM
zxBRbSCNAf&Rpn=D@&A1Ph>19y4p5B-0B<3WCBPNu@0XDFUAJt2aD#8?J9Wy^dFz?_
zcoHtm&*%a1e;Ug4zZgYjc^<e+ectSddUmS9ZI?d!S|_H;hs!Pd_hVeA>ap5U3r2kG
zvFL5#yo((dIYq;Ul_<_+v|PC)y_>5@g7W=XxAkqKqXb)>J;yXs|GSL$B_6g?P;I-w
zUNrYrSHH6#l2M^1FXKL3LYMKu2De`<7f7G%@o}#grveT-*J#%oPRXL$DwJ<))M3wV
zql1S^n=Mt6N1eVk)Z!|(pU`*F$DD4JOJ)bme)9a9cTLEt#|OjGRt;ATR@oz%G;I9~
zXkH``cZS<YP~E^Q^ou9WCsvg*yKjU9pI=vGbasiaPWV{%D~+5hQ0_k?@nd8Xxy*bm
zuX<DB>Ab!mGk`MNrnD?o!do~mX1^mNsf6j+K84cp^!zZp7CP4wJlj@l>jNo?txs{o
zc)nD89*F@Sy`;9cyRQ{|NR(mSlubG8h|7uaO&AY6(YQxezaBPn{f^=rgj;tfgl*hv
zM5B-I+3K;qCSE#QLH?n-HjdCMIBB%9!Saz2A2Vl-`0Q6E{n<{NKM={!>orN-x9e)W
zu8?VSCKncNsy(xBGqwyamKXjXO;;HZRnvt*rBg(@q>*kUL_r!UmF|XR>F$sgkdSVX
zUYe!5ySuwly5YME@8?hVa_`KUGbd-BhwP$us^Q#&oR7wFZm6c_x_s`|&eCqMjv3gd
zLOhtm)4>L=#D}?l=Hky?LZ-8dx;*r%7xT~5^(Lg+Rv1^xd+GyBhuK-D6li13o26w{
zG<F}V%_swXf8-9S_P_af%oJT5Hkp3q-&{3HkYl^y+BXlGBjMfE7P7v22k_vISe^*r
zGeOUVr};N4?G_!5k5w8S2j3(8`KVHD)?KqgUMb^6TI`uVMY=0sA7R?$Ay}}?f69XG
z+J$Ll9bh1LZb~wuS~@?@{IDJ6HsxRBU#|UL;Te!YBk<eUw=o;ODIdjFe=uDdc8Pmv
ztD<zZh~Q3)313HH5cf$j=)}Vi<MjH>Jn%YWcjMP)$f$>Rg<d5t<3_8(I|8O(H><A9
zELE=e-Z~*6;6(?o>SotV7L!0By!(G~c1<@BsFi#6UeiOL*N6;+@vr*B+!D<lNQPMo
zJJ3c3K1X1rSz*-lA2Xrrz9J77D7VN(SF?r8U&V51Z4CeK<>Ft~ce@QAyPma=^A`EC
zDhZuVrzD$0KN_I9k>r%4--#P0Mk)LuFc@CuLKh|R=AyNjvw3N<Mv~BENIJ64^88mw
z{I|7EDWZ~m5Z?aITlEA!j6MjhWwiRxThj|YmG{A4sh9*3Z-aee(TrU-TTsEqI+)Q^
z%(kc>6FWWEE4fr54b{IZi5#7lZny43J?rn!8F_)@l<Y!ShTLz%d>VI!?-wtUmbff0
zB`P_#2lh^#REHh54_BTwDas@1k$t=z$*b>3z+hlZ85sWVtr#_}z5Dtv)8X~`30b4;
zqJCh}k8L7NqAukhHGZCfGB3Ky%sr%TgZt`kpzo-?9psb(g#)R>xi$FH7MvAO#*jEo
z6Vn?@Qve`YQ0c5vZVamEpV&s%hDG|Sn)?q5s0Tb3&Ect^mptd1t(sKG=T%dLiyOD@
z{W_}e{W#s4E`Cq{WoBXh06~*_Zch3~nM+lQ7{hb^Wsa*s72lc}-ad69uj?d_YwFK$
z?|!bkUL;N)obSw^Sd%1x9&XoskRIM8WvO?1aF*p9VZFi2bKLP{&f^Xj95t$S`^@^g
zJ^r_V6wBRy&8s#V9wA%Y6ZT%t%Y7m)j2s_1>$eW^Q*0Hb780oo78*lur%UkW61V2`
z{0Ac?74>oUP2Ce(rdx3P*7O3fkjr-0o!<;J&u?cd@8^)o89-buu$VMvk3%jFV;l<^
z-Z57$b|wa<RiBqRn0SEhY96W%Z^^;86Bj(mH;~U&n(z3gNmX3)5&CAVijQ9+U9eh;
z^3I()vyy^X!rv~oqX*_7#gQe7mJ23-=Q0m#sdezGy?nU)eY{)F3lU?ys-jrgmf&QL
zTTDeJo-cEqhel}L{sT`=-VNJKhiu#7?YuA__=4vOayN7z(Oqli@_x%v2DK#_KHZtt
zUY`AP&n2l|+q<#r_vgGjX=+m)#B35x{8gH!@2bnHwYZV}z8@6*;QIMi_%B5BE~VmO
z5-PIpI#Ijum$d%32EFq|A=D$HQFd81Oq^6mE{@Wev_@BD>b>*Dl=cOXx9BPxwx9Jj
zEb-l+50QIr#YHr(p-BkYY^aql=64DY<i-21=Dr-Qt1a2HX?IBte1pAKzXUD)FyuB|
zW797mtPy^o0Y#d~Hh3Ft{x%?cN6nWQGfNM_7h`W0{O|P({!;)tY6h8j(liy>PL5^H
z#rxX(;_MZ^&h_OLzA)m&UMShknSaFHZtLr<JI9WiCM}!$4g_?{XbW0>T>cX^;cd@1
z=;E$v*;tiO;$R^HvAg@h=XCC;-DPv?vV9*lk284$_DOc3yoLJ(XM7($v;|d3_Ji^J
zu^tY-{h`82Xlk2}Re~@dRvrAr<hb96SL4W}AaaMw3x5r;!I?CdS!g8PQv2)bb2nGz
zI3VBJ{+X()^+mMt=kwpaqCyi@I`d9{D!*`5Lsb`Ivbb_ez+sm7bBW!jrt3i*kz?p&
zEZ*)##r@%Y>?hBW%u{ezyUk9QoNB(A7L&T#mRT2VI0|_FQI)<^nqY9OJ92f>1=lp?
zjH|z8F*jorPX!p-?(X{>twVgAF3jny#UO3sDYYJnj_sUAGAzM#XXaefel;LRjfnwW
z*+?AT?bls=ENp=#>T@U$)o7T)x!j$)$)ETVWUTK&EA0ed@F}k_Y3fD-N73ob(ES-+
z)R}iV$iDadju>dV&GZdK&pr46p(Z3DDj0U5AS9s15bxz;o|8*jt0)Jpu?Y}|BBX*$
z3f0k+T#h#m^ZRR&1#EWxp(+=<hv~!`8ELrNTeSHHK9vK|4lzB=5Rk*QSO|R1aMelb
zeSvn<^7a&qpzee2BFS|Kx5rkz70>ZUPMJ+LE`(R`gNJv`R$$Q0MFT2tL-}3pnn02B
z=PjwaU(c4#B{L41kKagzgT*{;RR;JCjIO@x%zLIyjF78~mM%$N9&nCtt#6Mo9a^)b
zI=+ZTN?gsBVYU5M{<bwRZ%st~pt;hwJCyN{PerAoX;lL~^WqsRXn<4;scDXXn^|<u
z>YK*mh^nC&T9lzDj=ldMsCnu97Ve~koDNM9ts5A>{$v6oaqw3e(TeY{uksXD`iL1$
z6#|ckJjdUlnNGaLw$ue>?vGO^+sEigrEAgjAppD$xu*S!7`~R|gUS7Ve|Y#g?40gO
zC~N)pYADO~3YI6_t7ILPPvKY!{NVu+iE8Z%f}gN_1YVnIuZ#Udi!{OyuO@qA?vPk(
zCRq@wC4_${l8`EsI+n&|M&inph)XNQ9X_08kz?yUd4gny7F;1;{#!PmHbsgyl=jo&
zgT_U7#RCS*$Hb5S`qShe+TaDkc1|m~XRP%c&eTM|@v2{<xCP>~pg=}3a)cHamKGK#
zN*_!d>A4Cs%zrD9(nDWZJ7T~4n4G1pU(@&t@n=PMxIvdAPBOfV)kack&HgE|t1$h$
zTGrV9s$JGa<B^QMg|=7?yXOU;8YHo5`C_g7CqE1IycT-STlm9LH363-XWLasZ<IJ2
zk~+5=nOjcPHVdVi3yzj{eh}z8RXUrFURvgGLtvnW3lRO{i|*#jiXQ*L+yzhW>m?1l
z9@}O6Mp~-V(uNN&>run>i8|haG3n7p)`#LGr?y1y>P~a6Lh%J@%^%oP7tBlL^}ZXg
zzbq9Y%DK>Mddw0+ymZn!nJ30u)^Qsw;~?+vrBBT{+QNcty!;q*Dh%nG3_KqixQ@b&
zWU^cl?+~ZDefocg(B({LR$;x<{@3wv?^Tl6#^&B7u!t!T!WuAEMLP8UCK<Rk>x22B
zRuWZX_TAnVa05AMYNb+tv^3MSJ6O&&7-^32bLPYS>ee&Yk!3sQY1vIH>tFb!%b)y^
z75c`;t0W;AgXI&@Y*r-$IUj;50n55Q$7(gWMvOGDY3Ls!Q6HoiYzxl~gRHS7n{nU&
zCQvg|Zw<mj!+Jojv)QGE;@2^ML_x&VI*E8Ckm>Z|qxz^wCAg^Ed9MbnWrSqMExXfQ
zX;7H)JX||Zo<^zE-e3Q8)0oNhrB=h{R73S)K39XqTELfwMzgf?8?1+cWr2H5mpL7C
zt0uwQs-><QEsGRuu~R=U+NweatzvJK+|=O+n@VS>JpR9F#bRn(_-BLDb8SC(OFDxS
zNvfkhYYgFK(eS-(ZAWdZ(DOIzQf9^4v`E7vE&ek+IueDx__gLR<qXM-U{XbO=jTN2
zFK!bxhmpyV<Aa3*$I@8KK(T^~;WGZw8)ZIxZTkr+a+W1eFN2a|-l9qC>%gOn)&sLo
zgQM>lOgQn*Pg?S`Uy3^|A-`%tBD!DCL+A&ZRUTOHCtHD&e12tPNp{#TTgAIAKyTq5
zhBBn(QEY^4M1v~$DhP-7Buh~<jCG!I5?Q_&h%im<tK#dXV1uuXGsR<IIB?Ka5BDB1
zqguw5|9I_WvYSh=n6W9%<Oj_NohR_csB~0Eqrtb~OYldQV92Y~D)&w8-pOHHar7IX
zbsU{8*OmM&e7O~#$8>6DSHnrZOBh&mGFEKtVmb5IIzV0TH8f^*qVlqrZgp=`jkn0@
z?;){keWMLUVYSrqEW#9X7F4AR&aSY`<Z3*L%R2ypxI>!GrV3otmOb);DkT;!Ey~|U
zJ)$s?RGqXh9C_0+4Ogp}reszl`D!k%K74f-gy!{NXuBryJ4yKG{hjEa0^!xWqpbB+
z-mWHRu>Cdric`3$`+?Dj{QX$X_NqrT9|IR6KV&gi=|U;j!6ohBsuR@;O#8~Y5#@7p
zwQqyJ(p{FnJo%@HF5Lhj+E<AYsx>==-#m8_2-(UhurJ>O1q(^Y&ecnjAk{DzI$w71
z<^k=i7R_gguldZjxua^eA`afzj7PsO%$o_i*on|rIc}u><bC43zqtt)DP$ANnap?+
z0ZKx0yIZyz8QPRJP?)0g*Cu?O`FTQr9N|}R?~%e%zPOi+o1m#v?5svTQ2WG(h%g+U
zj!}mF+Hd|%K~7E;(at=*+210gMc0$EHHsBHsv>E6UCMl|gm;IoK=pZjLW98M^ng3=
zkY+}E*DY@=yD{_!ZhD~MIsyfsFy;=UPPd2(yJ-Nsu6#T;dqXzqxUBeB%Yk&P<nfbL
z5#0lK=h~C-O2}<VhqStTU8O};#Vj*eu5|snQR^SXHw_m}sx&4>+NLJHB4!k-G``9c
za_Zo4s<|ux0sCv!uAQ^imsV%>{kGd797?UTGy#tANS9R2=PyRJ=AZ~#9mB0=7zD_V
zmBgtA9!9?i!+wP$j6jCF8^$I*s!nz4OW~kN^6t56Ndr%Tq<lmUMxU8|b9@kyP1J&9
zqPD~U=QEF};SD{0(2-!jI093^H`NysnnPM4-%uJ3(1Sy?8t@O^&ZG*^p71oEU@iVe
zkI*w1LCGxBBMG!o3Ynb}niu*P=HP$W`0r20AFD-&?Ur8`w=DVSl`PZ7)(@<QA}X~h
z6`PZJaJSK-_x<x6T)*BkPOrI}lL@1W4)3Y$bgY<iFX%<SLu8SS{@K`ObYovU-~?us
z+8)4gf0^RZD|3Oa<hr9qGJ9HPkfSejIw;3$v#s}@?)w_6!w8iAm6t5(Oc6<`Oduom
z3A6hg8p#lA_T=*QUS_A5;>E0TQ{{H0($GIOj<95U>E&SwYrix5bjxo<lL`culE2T)
zW=XRa{M!$`8NH6$cP;0j)n=g}JtbcRnxv$R+kM_R&+U^XHngNa6^31-nWWgcR_^ZG
zM|Cu|C+-h2Y0gu`I!1WLh#cm8KR@bFY+U?HJMSpI?2nWn{YH;VAve6YxY!uV+IU$#
zMKU!rLnx+4BDUc7E0m>SKQXDktAH5QQptL>#&Isxkvx-8z35^|=i2>4+)Zkm9%tSK
zWNUwgHjFx*HRZ&9O-;GL$RS^SNID>p`Ex}ke^8WK95;LbPIkL8xp<|+eIV-sShwW^
zjg8-V^>kC7@Zq%G$|S3mn&Y(lG=C(izaw?R!0Y+VwxV}@8q)_=!zv_nxY;KjjWGky
z`nxbYq9~3QIIoNFPyK~SKSisXC=Do({OQag{a7C;;&!INPf8Muk|prtU^u8^{kOb!
zB1ai1zj>E*U7n?;u&avy7s>kF58Nz}9}5)<3#z#m>z~#~as(+2F+PlqxyJBhcIy6l
zufSkm)%uOniT)V1?%?Y**u?89%Cux<jzN=ZFFZkpgs!V`E86R(3u1gVvsQ9<QL|2`
z<Fr8N@cC;vA<;vd8=iT}@_y|2b)P-_yn}{@2CwD(Cy69*ob(3WBt)ZHSFck24JW6R
zz^48A>6w_HwoGYAXWJPDqGQd9z-d^~!~Lk)J(JR2Y>ivC<@U7w3JV5Wtd6Y!)EuOd
zZ7#$}NCw?BB5CXE+;V#U?v|`5>mu@)N~d9>81Gg(W2HTVnAvqK+23k+H7mi#tgH;#
zXsh??-3gOHTqyDO$BNHf#0~z&V-D780}V1qs(Aj~InB32LgH%l410o*^ie@Zdx&+)
zhJ6z>+SBG0Pu)WL6sqmZuc%if$@+<oj8)vB>C#HW6-4F6KTfcO87^(!$eQaZZS~;o
zp+qw{^w<O;rM#*+r4}4iA#vptkNSk-QND0C>|uKmoJOB8gO2&_{c(rY-R^}-{Dz4i
zZ`1C^(#>j@I^8ABy%`$$>&q=0X3^wM#PL}vri&AuTMlKtrZKQZ*GiYM(stEaHT%mI
zrua@Aoy-ggVG@DNVx?)Hwd?RehW<)QWsrqms*6W>yljhkN|g%ESf3u#oKwnqg^}Wo
z@5TYCMuGZ}vU5)FNXr`%YMiz}G#Lz%!bWO_iVAA^ao)v=x}&00C`3b}%JOK-?cO~t
z%7)Cj`_onR2L`&dRugi8yG#)xuzHXsk)?na2bF;Tt1oG5rmLwNrUpOCWyZRlM1~gJ
ze9i(zQBTKaVu>~49WOhR*wx>q8K&x&r6m0|<kB~kA0}#)SkCr|LsV3X7~{``bBT%K
z{4(~*bH|19=d@Hvx#X^Xt+w109h>|Yj-A4p^vTwg3*p;9#v*`*PDoB#cKi!c>}gpC
znzq9wyxW1uRKE#Xg#-qND>Ay*+!@;9l2!eggz)vzYDZ`!V)!_J_DyBhB+9)$>S%Mc
zN|-)+%QV#B`Z{iJ_VAicx#<C5Q?!1#%M^#02@JiDhD<6N(ir6k<_MaY$@D4J33l0S
z<*5(JNeU29!O>E*B?x{m6P|WYO}lo-;y!L`23<yyi@|$*@xZ-m;V~X4q$G?DUD+|>
zGxQx#JMPJ3LK`<xlTI|a4Cj_2diE!Gzw_g|zn?aD$$ay%zUP#vcG)|u-nbluY&}Ay
zcjugIGo?aZ=WAJ!)b1(Gw>Cs$we`q&E+M^$aa-9eS|`8zJg=aJRJ|4k&P+2u)w}#>
zb*n;o#`-V_eovOvU+FP=ekJLmvR&nCwU*w|jF3CK6zXyp?k&}`6$VUkp6|ERa->4@
z;*t`hL*))A*u%<m8ydhT*YBEGw!=8xyYHRdM{BCLjviEl+x7e(iENzILU9Klj=r${
zs(C5uNT=c(OK1HJD)IUK&TQV0Rz18RI}?qU0_7o#haY&;Udqe=oN-*Aeu;Ml&RQ)A
zl03}-uSv@I4Tlkb<gO5nXeu9casbdm{ib=xl+#t6q+EOADBf|{vbkj2lRYD*M`2GW
z+xX#7620@$IZ<)MzDH)jFpw}7-;7jw#0*`&50^vZi!pgcae0G`9dei_GI)I$lt{@~
zG^f}WOl*mB<+!R*8rahv@|>8*aGy3ql;IUJUqG;^PWERT<eJmtz!%}!d0Sr#=<w+n
zL`&aH931rd*}AR1z(uhZq13IJQ8DIsH;hk+z>HYA>kS<E_xAcXd<6CBb6$H=9EP12
zv4wQfW>N30(u@4M6^glQ>c@s7&Gb*OjBMli6$ZhoiPWs`UiAn(!_1@DM;^tO%GgRC
z=xGf6EM}q+A1*l-Mis3_g!G#><HBED@W-W$Wegsp3#L&b|8v5mV<nMLbdbwWZJhGr
zevZU!^7k^L=;ZIYo>@<Zu!SKLVDs@i3*DjPH`ICuO7R$OJ7-)4lU=75Yxeo2z8Lyi
z{=%ss4$92Wwml2k94HWHKI8jS)$ncSh+hN)B&LWfmS7vw;h#F?GsNYvQ~UaEOhE64
zI%7yCeF(<}ZU~xS@fcJMf<Zl<Kl%87;Pg2IsZT?5BVHt3W+W|nkB|1+zi|N9(h1+L
z4dRY7t~@>%CfUjttotQeD5Wz4LFcaqV=I~4{?S<4{Wuf7#*g!)XW;;?9*_<HHC~y?
z)=bs2VsVppk7h^HXttZ37z-p&A{8^kE!7P?O)@wwHz-$!l!5>PvC)MEaBLc{fE(xX
zbn_8w{YlE-n89}k6=ML7gs@ZzO|oq-1NPf;wg3ro5BmUfg3f@QM09k5a!bKuPti`{
zhpQo+cXml>RCl^~Q18vnA<Ir7cWAO28xIuw6#W{t`~^R1^uI4r>p5K(yBZvYVc^e7
zDYU0I9}P9ermT}Bqqfc$wxfpt`=R(sDV{2vFH<S6P`xt0pg@LyE6mD$E!FLi0hESI
z64-P#V0AuYk`_$6T?v|kajtQqafUp{<bxA>J}d?x^Xt5<UXPOLuRZF%IRL=Ft8Xk%
zo=bC9UCAc_!*cB;d#^EgVq&q(bpcRr-Q4~4if9DDBkHsPe$2$zLxkmdRy$iSXX<%;
zNrka2K-Rl?Ip^o+;X+$5W>NN3>&3uwVN)!9>t{jboG&OuYF3b`a6%=$D<$h)WI)F3
zCWFbmzzDZVzMsfoD(I`C8}h~UZF4b6vu0e?@aO<EX$pA&FWLkQvyKLlA}pS?>F&Tv
zY?r#TFts%O6&oV8J8<W_N1=u9BLVylFV{&qdZIgU%{{{Wy*r^`4Fhe#a-Vb3W_p;;
zWh;KWqzD}QZ*eiZlaB7#_J1}pQg2-7(qCNS1b<k>a(NcR)bO3)G#=N#`<CESy<wVq
zA{Mzd0B6DD^zy^+V^I`Q<S>z~A4J3iS}r<0N8E=m>A*-Fw{Rh?$T5a4ffNSXx{G07
zp6v$T!$>cn3yvC0luSOQZZ(AVDTQK9dN1J<V&F!%^z^<eYK&HWm~2fu3?#d=c;9sC
zuYD0)v(@IY_t$+(VCj0YO8g)d20siS=H|cz*aSo54DxvfW0XVI1h8}e8D+MVxE+P+
z{CEM7zzN|{p;4M35v;->Lv$&Vj5Yxv4H!9KhdtlzzqU91eElUsn|~|D<f0Jof?cF*
z3u;tuZf+uv0b&NBaKcjI_xDE;Ne-Mq@%F{AlI#EhGqMhV$ZJYbOgG$L%w`H)=uexU
zcb9!t!ltXCYXhLn)&cjWsY6eH$?A=z0e7a)5<x{iXFu#-lHfl|7mIHhuAPFt6~^)i
zKuZ%EcFA6sr`^ehrvoq}3}3o$R$do7cL134)b0S7V~@H8K56*D`{QmZ0*7sYM6v#5
z4#JpTKB>c{rpMXDfY$eTr}{P0tBmonF+cGPJMl1#ei?la%Bi}=GnSZlhcByaH>B+c
zfxaRGUAXBz@#4P#7~w<|x<?Wt;b=P1G$m@J8Cbgduyzl)<E>CW++OXb<{hNZ+823D
z{%}N2>!>gOx{}6&k<g?wL*nm>zu=bd-E9d3-m$;y{dwuU$TNb&c;ph0O;jZS_h%5J
zTTKq!zvsY*VXR0#0N^37BuGb>+p)V4!-bLy56b#jlv;m?4}P%eotc<8189od+ik0K
zUw87i+VbCK;x{0VA=O$Q%vN$Vj?iH<lMo||CJes6vFPpL!siBkC=d`37%`{kT1RR_
zjEqmTQKCfQ!5X{;xcPh`&{<T{@Ez_ZCEoIDRJyz?X9D1#z*}+n6z>i@fY7yj6*lo`
zIesan-tFF=8~BdaOy7n}02kzwzW4ewzLAzqg+QT;`B#C|P>_-=!W!B8zX0uUVx6RM
z{H;RkY(Y`2w9=-o#rlHpb5ueYHiXTMaxV=1t39SmjU%duJ&22b9k3DU_Obr#0R!;K
z^71S1Fb3shO{v!ojo`OPMgx(pdbDZ=a1lBWG}O2`F@@L*10m)pg2JgNUKe#s805B$
zq0a_OY)d3;*p~Tl{R71OgJ1gss2fd03^0o0TYy}posb1{<dy`yNokVK$LZfd85qdM
z$7d=+NN~vat?SKEkG!W+5i1O9k*}u3g67!oL|F<YF*NaW{h>o~o20i$Q*ui%sjF_E
z)k)|G!@5(8iM>u3>Fa^zpECel!u?It1F=MOJJ-;{Z%pzXBzC-|b7<Aw?Ut~FQ%}Ak
zlUD8c_w2-A%rq1Kfr|s#m7k)Rgl>*yR}F%W+8qpuC}C=KG|!DGjoUN2nrzyHMJe9P
zaNlnEt3R(H3wOcOBf%j+wPn*KS)YouCh^?lOnV3DbtD|an`u4<Q9){wa!xMdnq#|)
z8Kl{GC$w-R@4=nDJ-0RDrOTQj56nPvJg<|arFj77JyQryRJbW_^2h1P{xYy%5X7JL
z6LH~<ZBI3xR|3CJ6@pd)%m&Vk>`f}6ABd;atpvsfIavwaxr%QhT~10J0e0UuRbMG)
z_Tj$(Benv+-h5v<-{((Djh7v)huhm9q+ba{6LPoRZc7OF7Ng5^@#wPu1(bK~{D7W~
zVMSKbnAuR`4XekFjL~bJ?>ORMn`4&)kWT0(%(IR1U&f2@HpPvs*B?v%Ah1u@<h%qR
zAep8rY-!(`pLj497$as4ynIMxS!gznYxZi)<ql7a@YpxFIur!>6|C91Uqf#Bak5|U
zt4z-zugznuA=Y3Ad}NrUUe}x)R6e$R2Vms@KppVOiRtnsm%;Mx&n8C!hDM(Rk?T)<
zfS0v)1>tcFi}8*AWb~>w5P!bXQsOcI(gv6=L9#J`%dIHvZ8`lu_%WK@I58>W-F8;A
zoQR43OO7VjGxKOYT2Aw?6xlUbe9Z3w<&I@iqYQ@UhesNOVY5ie{-%YZoU&n70sC#&
zh}Dg-cCdZWI?;rHOS;GyCMGE=L{u)QRhRGce*l;*KR|69i5_f&z8S3q02J~BrhZxm
z>~BnW4-!TV05Sja=VVJ0z_$sL7V0=52p)$DaUgJ&@&*Q6b41ni-6qs^wDFfArymz?
zWPnhL47dB7@a-(uXCX8W0Jo0-Z}aTI(kc4jodJi}yoO@T4qQKJe+Fo>kiD<BybI8P
z8vtnYt%~Kwj1dO{XizR~@O2_rlGoeuGMwwiN=a^<Qf&kF7(pNu8p0-+w*|lQu>vR>
zO5CWm6=RN8=$cRFCTjdYtF*R_|Kfr@#Ny%M0kC1*^lcm~Yk>Vb#^eM(uf7%|j2p*s
z36P^37(B<U3pm(84o=SUDfza)f4{I8bx<Q({2dmmar*Y)78V`Iuk_7l4Kq|E6}d;d
zH3}MK)5Cs)8#Uu7{1OT=za&wpRK^tp=JHHf4bh*>g+>$n6amTs9A<Ck_DzpmPCTCe
z=f31?c{Jk+?Y~>+liW=DUc25UiF>}<dXTJQDrVtuUi`SB1~FAqqt#~+VKfIC>_Zyi
zE;OtUr{2LzF*(wf-?rjfu4b!eVNv7IdjLaNK4L?s{qN!7qMz3RF(R*iW3%vaL)Okk
ze(B}FzEfNzx*4`Oo|HGicN#<#g+%HPC|;?rSuehcQx&uIEgI2cMm`3hLzvi#@OoD}
z!pOU7CMgc1QgjDBO>^fkY@3S(r@$kR76knDCO7!wB`va>u^Slfjag1gK>V1zFeyqA
z!C&5zUo+p`Z9+Y$CRV>fUW+NFl2T;)GI;_4z}0bFllzK4{-*H0NBc{O?m88$<t42_
zuL2EEC&E>sL;1g=P`yZ2?RtQt60~on%UF(DYqdZ<v6=thED4V_3XJvi6UPWzOel6G
zNF8wZ_W}BOQULe{+lu~_=@P@j$Zi<H+7a)n#-acgI1AD>Ka1^~swvzQ{*2+Z|Cfbo
z!_mOgl^oGYLZS=CH4!cU{t7VsA8w=X5uqIAdNS($AkW4h_-6+&i4Wn~juCw@^|~HQ
zb98iU<$Dk8(EAIo2NlmC3jmn!YIdqI;Kk2Hpuc2SI3skPa{-`LNxSs!Pij~R0c;gj
z>wq*8Fm@^gu`P>y+GeZ|GgJ&9Nu$MvtvRf=ulZeBT;7<tVvgvXDd29nAW)MidGyf4
z#TyxIvL*OVG;UYs{h}_(m&(bQi3QI<rzek}Yi5lR#)twrg<?!k068-Gfhy!%Dj;NB
zBmSSu5i9{YJUtZ{OL8~@gjbu2zres_TR}ib{DIYvQC?bls(A-%FgRoKC)jnhKi8pX
z?Cmr#$q<fjACj*GCJi;_EHuWn_Nm?EojL#eMQm8hTnRKi8GP`ed@NF>^;_2C$3oud
zg$wf9&IcTP`%*_nr)XXmZX%XH_V_YpNvbYPEmqrx+O-L#y2$KEBR8s4jxWHFag9)I
zqPpdxxa8LOFn)76hA6YqF)$O|-AuZCc$|_{r<}fLAye?12|e=}ngX^QkDelP4cPtz
z@}H71E~#C;#7{o2s|3Jv{c4T!rFL#}UNal2DIa>S{um=?`G?=j=(N|Qimr=UJ`RN{
zKAAUyCADfv*RU(Yz=4Ue(rTjAdMjK^V4~3XapQz=Xb}YYPMcLqYaO6DsY2Ie)a#%a
zzbE-n_ebHqLIpYUBIzH#MM#yvG#OWnP^{*R&1>YiNURT)c@7aW*C8bnRS~e$%^UId
z@r(YrRZCunlQ;cZwGtU%JzN1r3x7o%iP-!~K+c)6_?zISrm03PFW_{^>&)-t{2{CK
zU!P2dnP_6HL3K5OxHeT;D?zpcw_HGS_iyqlC|F|@{;u)q?@@v$qNxASGx(Rvo0GOw
z1gNV7fI+X#9+OP<^g%@?ZGx`#C~Du|P6>H(PjYLPbYNnU)pzY=3NBx&!utw+TtHNm
zH&fKpm*_q9a+KE?MYs5z8Dptpyd~dC9)HfK=pz#6mf^W=*F=dJD0YRLc>0F^wu+Dl
zqnRqhE%M-|SQ+G7&g0|i*mPNwW~7whoUF<9QS0Qt8g&^U5tu+SWoZpHL^Jj*G`e{F
zMd^9-D#3HMW9pBq%|Oi!b!d|&qMk6+76nq^GwJHbzd*83o%p#G4>6y#I7+!?Hb&01
zc$~`Ds3`ThO;<iCZegR?g{n!qw#Sd}N^M_p)Viev@JLm%7fX2g^_5e;ws;f?jzt+n
z@0*EAYe(1(2Fp_TXUQiuqn29b`V-ivG`c?@c8eINKJm16AM!KC7_?9#=#v9h#R1@<
zN0rU@mdjyCnEDKbeRa=1iaLhnGqIegKI})a1lf6N+w_4`RcF7Zfp79_M9BvvmvrhW
z0hyDy$g?*O?$}$2;xVz7R*%Bq5c{ekY#}m)p;hP6!ckS!(Yh(KDmBJxys1<F^f7bE
zZEbEwd&#(#jc+SvToxKR{ajU$w7qDeN9~L2iOd*Gd58vsTzZ-C1c>3wAY%D6r2i;~
zzW+CzZfF2IY3~<f+|7%`uuH@^m_X^jNG47~DpHSc`jkAmQExJyx6M++1c7U0E=5F@
z#gA41hQOX1LqIOCrp?3bfu2*!TdMa_8ULe__u6}0t!%iFok%4iAMnC$d&1*eqmeX5
zZ_^V5EooVJ{&IZre{_6#bdfnNJB(8U;TE7@=8q!6?A9{xF0ZHRC|lOQlv^Lsi8YPw
zJ_mA~B2o?*`y}8v77F9V(#=e>)tosj8?TJB(th2g17@j!%{)b_vJ_Iz8?nhR1bX2X
zA#{HEx_m3u%@fG(0S?T2U1iv~dn^34(aCbm^jm1wsReI|HLviC7lwZ||A3*YiuL0+
zU5YVjdtPne6hF=q@480T)rHWEM_|$-w^B_wv~X7u9UZ+{r_sHJ$rFfJr=6BOHaLy}
zut&y7WLQ*azfiw(d<<aBd0wsrQX%e~fVyp^2!l8D1#l=>dt(d%ti)96=*n)IIgw}7
z(W52i8@<1x(D9l+wKf4nPt-V}0QBKJ%uB+RZK)u*y1CKdq<;v;?PNyMh%rz939A9%
z<N;%o1xe<-8N#-}G4s^Bl&nlOYHFDn8+&f#Z|?z6lL4`<^H|d2cgdi6EU!yZ)j1d|
zJB~Zxo5ZOrP7Z+R2SADo=!QZ4!O|s~4ZvrgRn>1W2e|;*P^k6E=Ov)Narpg}+$G?M
zZ!gy(sI0uagrk@>p!;@dH=0H5x@Wr+!a&Y^F>Qclaq35Yy9^+Mx)|1+&w@(d6pAgp
z2lDX7-EYNFeP?Nx?R3ZWP74lGqkm-n$Yw=e!q76CZZ}wAM17QGbH8GAGi^&c0KU;R
z0ELui*7oM0N=6^1bn0zQ>my9l`=e?g4bgw;l@IrSA24@n0hGTtZb9G88-a?I@MgRL
zET=6LAu7BB@av|5W0?(qJ+LBKT}MJol$9C}z*Yi4eERY^c?jCVhA+xCFAlla?NLxy
z9^5*4j{=1<M59V>6fQV0h7yJ~ty$LGiw}X}d`6P4hH&Miy1w203EBl<%bAiaSzaln
zsO$jY2__viup}mLr%~Thgx&3%2!oVhhG&eBYRJBhzfv+s&(a`r-1W4tuRal_-;lx?
zfN;cSlF6OA+DeNcKqheSX48>b{P+o1<Pw1Ldk!CI_fe^}_LrD7fNJ-fq<r|3ipmra
z88EMih2lx+;zA&he<zhLt^_lDT0eV904}B=wQ}RI!rmUcFo@D%^~SvG9t2tTD-BF&
ziO=$&mpvSKX6I5RfnX5Zjipvw*>@pS|Hg|&w>QQ?K46U3Lq0;NZMa8Q-%KeOREo8k
zLzjWH#}5OHmr7HjrMuhGY{|3NN%1Yp?O%FTmC7^Sd0PNgkFJo2gd~RR(E}$e{=nW5
zlr>*q8r42Gye$04LJO;-{oUXH-r@m3Qvx@+y}a{W0ccd90Ai+!P)B$lD15t8Ku{<q
zZF&o1w17o{3@dHU0L#jfOox!0ZXLZck55=Cu!#nU1X1$@<pdPKS;9bUG!TN)3j-gt
zaXkXEAQ2*eZz-4&k~O&`a*o!`S&gt;a&>g~V>AJ{h|_M@>53c9)q^Ih8qb(j=dgER
zY7JAg_10rRrLO^SK2-Q^{_36VB<%a?uJ?$Hw_U>brGlmbI6MZI?}Zf71vvsfr%MkT
zl<PlJa6vu?2(jKJ^L8@?u>l#G7f^8eP!f3zgJ;akNqrj(_>~y5u#p|jl9?(Tf$0k@
z+of44qJMfCbA!pBRY+SCvS0rBGuKvJ<f)4H=z};CNC?e$W<w!cdIjpws16@vmJp6#
z@e(a|bNqEUn82AE@DSw^^|wc}D{b0{D8~<O{hjt-T(m1`!B{yKgJD{OF84+W1YF&i
z_3jwaX?pSsN)&m<NGZ@Sp(J8u>d!~aP}YUhVdjFq*HDCifH!}po)%5Rz02$e)ijR6
z;|Dm{DF<k|seA{ZmA&OpPE{$1j8SH$=atDRr>64$wC4h~;>@GTX7Dfe6Aca1jW%wR
zUmJ;QflWv(fn!_AStPD?qd>E>BYfNb-UtMXCV?M-Q=9=fZTYlmVfzG)|Bs=(Nunu5
zqc?Uqg8Q3V{yYwitC?WvxPuwb!tJ~I)}{m5)4-J8px~MG2$`e)!CR<Oc6l6tnUCV`
z$d78AqOwOX^hH|47ULaHc7?&aq76ith+3Xpi*IA|uTd<w5<`O)sKt;iN2R4Wf(Fcw
zWxojY@(cYHe^1|fZqY^FXoayPBPv(;I1Jq7VVTyRkH2=J_!_V}Do>tj=b5taq;|7n
z<M@3xaG9$t+`w|fD|oe!=?bn<?N1R1c&P089P_Mp=vq~o`jFy(S)GV}BpBQRb(Dc>
zINtK8SnS<mJeJ}!Ww}c-^)&D;kf07T%5zT+leEYL!RIwDL}Z4gqUH}~@t;1>xBuSb
z_gDRWUL|S82S|#3pvK{`#ujElrIpyfF|IH{)P9cp)_4RXoGYNBeKRbImEcdeHg7j1
zwDyCuzm@YjaYyz*t1K;ft&1*aJ-}wf`34X>NIab5i_O+_i)JwwuW5pcd793CypBbh
zifP(bd#uS6m=6HY51$W+=A!OHN01=eEHs8{GRNc@0kssj9T^>Syi~lVn}xr!rU9IM
ze3ui&o)b*;A;-5Z32T>jx2yFcdxEjMR|t;bM$vL}&;ctcse^<E-<SyZbt+hG7RGT4
zu!~^8m$YFD#5?q!BD$FazM2h9J{0CoXt~<dO7%NFB9R*6;flE|>Q?nLS1{8%FacX8
z-{bH&cCf=g_DZ{StTMKqA)RixaNPU@gqgSO;5cWgGTJcd{pC^?=*tM5Tx18`AAo5G
zFx&1uGTM}(Si-l~mFjl@n5pe%f(fk93Y7NTuwN7?Ljanra%{V`FkWb7C9_uTR~$69
z-ZkL-Y*mv7z=S=Rz_|rnp@wA51BJ8R4Gvjy<TjXl9}&aP_^=MPvI>0p5UO+g%nU#)
z6(#|^KFrZwG+s0SSilbezUVZ7#2nd-3sxfsIDmk(SSQAht-s}LZwjaxPXZ9D1B52Y
zKBx40@P5x8_L}bZ07{=o&0HliJnZs5mb!FTWLV8GMZk%rl^%OSoOHMopnxO$*0Ai0
z2J?Qu-&Cq&?9i|_;{gn4*RZ;#9`y~tH|#L3C;^_YJ_58sY)nA}@ZIL&ww(*u&*TM<
zUMNw{&%3#_jd0TAHH5wR?fRVNVd&u&%T=n({m?E=v`ZV9!t|G1PW@rj9c>GJ7_9v5
zAdZ66WiAi2ZY^9uAC7{x_L&;YBkXwnfVcO@4VB~yE5}hi0|bRpkhRGdde_O@=p(ix
zPThRi+_MCjdzn*eIcu7-npgb%{LridJuduEF)nzmuw7F3e=P<Yf%j@q3qo;Z{ugQ`
z5Wx=}?A`wFW8kUUaKJj%)^GCffZ*cY5`#fO!&R^KjJ%#jIugJglBK^bI^&0&uAEEE
zFM;~9B;qH6*0^Tdzz+;`KNyUubTh?_Rny(ER_vDfViUcNE1UpkSMk2D4V45b?N>^w
zFI}-el9}hvdJ9+bdWXl>yaubY#~ah<OG_&46z7uvXq$y=?3dg*c1cHdhelDn$=g&(
zmeM`9IT_$>I)hl<Ej`@ne7Cu669#%6FtQw3!yF(41Ynz6^TZY2{wg_Nx<6R*1cELY
ztTM9b7n@=I37~*is@E0(t0@MxN4fwd4(V6`s~M@hABeMz`a$%sXsB9X6)k}3NeTx!
zki<4<93IvKP@s|(iqr9|$r4`q{>t;bJWVeo=7l_p#RX8X6X$HPtUCxG`04=QpVQ-2
zdhC~Wv31Budmm(K7>ed%nft>Tr)~7bQ3*-setioRwwB%<T&91(y;;R?nr5;?P;lXb
zr%87M!Xlesk_loBaOLY-6-%Y`gOjZx37Q(XXDP`}tk>l1^0nn~lOYd4J^uy#K3X!p
z?vWU)Yvidg&-ZJ|(rNuhG}~d4n1^4*?g$!PhaY-}fMHJ8<O*NHXq>Zo8&F(qP#q2`
zr=&M%;_O?EYl&`F7v27f!EG$J9|0{x303o;=IO};z%mSwa<E{3wWqbss5)sE5)xXv
z-Q<<$-^l{{X;`6a%5EpWUZ!46e{keNLP}8^Y{rwAu->2k>3m7huk_8H7Eu-iVr*^A
z6brpS5q|h$yMaXEJ(=mg|7pDe@cNx$pH_ZjMjJ!j*DZRARAO@4>;KGE4e4m_s_w^b
zby&KsLjPE6hZ_9R!wtwB{&&}%1~JF@4IlU_+%bqz&eNuP^<P_Q$cbftcYMl85ARkt
zRmAruz@)8Q;(p{m9TqjhX_5V2(oZTG&_)dJT_anx@gBgPrw8akZXbZUyQr%a1qo1v
zisyaV%;Zf7ztNoklZX<B^NeTC!f(t`?q>Wa4va@hFFaZeE2&d6z&zP?H!s&j`<wTH
z{vHQ$YmpcvOCxJVHI!!&NIsGs-L1_jQ-1md{64n5fNzxbUpwyv%;zbrDFa_YN+*iE
zo^E%1D8>jiGzmjUiZ$2W^sk`s#?TwvMv6HBLZ2g`r@8jMt(ygIdJSkvF)F}YkZu4d
z={!|vC_iz|tJZr3^f<M`n6QauSA)LS>WWCLKgSX*`P&F^m`}n_j}5<@4oXQ$p?ynS
zLGXQa-KL-+p_hUpU2MqO;=^+38=%(&(mo-&9N;Dq;3+X1$Kd|7VH5HLE??+;5-t(z
zIX>N(aYE$Da|<H><$0rd$vo8)z0v;Ih-BuOvykH$Z*`|2^|(#itjUACDdQSQ_&4i9
zz5tOS<;X=rKK#MRH9Ji<r=;QNH-Sao28*}@@v5|GELPPk0RX`KP<wcW3m)0jxMh)Q
zDje-N5VR=~$i{b5BXS1iwMTeTmxD2l-LpP@RyeWQQr4Tt0O&!07E4L8Y*5duh=Z_s
z*R~%s7Abxi8E;;hx2_xVl$Y}i?P*`|fB9tWD-VR|aVSEB11Tj5MFDajY$-zOIDW1J
zhJ8y(@0d+vnje`=R%!eMh&OlfP~8VN8L2E*rcJdc>Mz(^KX3OC2=Guu=MtL-@z*aS
zuzFwWz3icG_?Pn69qDx^rdV21ZcgiTo8ie10b8i`6k~5}v@>b&65h>5J7Z@fIlrY)
zWxma-^9DyhDAIgnf2(J1fUV<$&w3fpi?uvC$N1%<+TFL2l(-z`WbkvAb<EiW40z%w
z*@D4CK0A&8N_=x+WS$F<YJUG19D__X74n)9k6E4iBwdwFMbif1RxuqVegyj`qXSMb
zSdYxBPh*ji?sDLp7>67Ox>6=)Zm??A?^*=H4b1s!Vj_Hdgtx31O~BToKB{hj$M808
zZuE)hFvg~GK$N_Vag04(ss6ERh)Z*%(V9z}o(y9WQr@s=EEwS|>Cr97Sjp`H`T&S+
zFOTHi=rf5FLgO0tjY{;5{{Aq^G?)LHU<|dkpdfQ2WT$`FEhx@TmiM>mLc~P1AmS0)
z^?t$kq9h2z2J^Yx&M+P_R5PO|k|=yu!T@ICleVNJ2B)<m*lNR7-u8Z>I1_kP%zV^a
zs`Eog*fxcK&`%1YA*7y?$L-FV8Nc-$#`nmM1`CvKfKHh3h#~LGE;2WZ8qLlbt}=ss
z!2Cq_hoJW}!T1be-AZcjm&0>&AZ5ele*s1=*5?XXKV-h^QNOtZa=Zs1lO!3VUj@p>
zPOMtBxS?x_u6#>f)V@qk^EQFW?7HE6fYZoQ><*3J%%_~04n~|4`>a5&W^stuKd4Xh
zV`2DH`U*hWa|>9`=hWIju1B4k%d7iNZw%llPG{O&cR=Jw2wzZ(NA=>}yiw2Hf>9Wk
z9*Nk|iKcZP#tg9KqvWorqB);vVQ9^i=(PcMHjK@c_(0^uXkv^wgdTn;5>46>pahDa
zj+Fg+Fz_`yftiqan(He$<o(6GU015J5W}l53=8`fUxX+)p?6S2^l~fDlO#T_ep|$S
zH(dXQAH7>QreD`#Ix4u+O<1=Vxw#s;72KK)2N#hl_37hRR-S^_Mxj#mgWYCk)BfuE
zDyz=)lq$iLZe3W5SIf**8dCZg+?qp-)n-%{J54t2eqCceqe`x(<+X`qp()(3P(%RW
zs$e5b*kE{u_s<XOJ>R)mx*28#yzxeEXjN}{-w$G9>^}0a`n?yOVP9i%de^&$(d0={
zA@s7p5pVQX#Y%~3i@xkL;cYspDGt0HJ26tkttkR=FbvVKVE}YFdkk^r1n>a6C5qt?
z(+~-d<$SKvT{4GVS3qXJCXr&pVvzY+g}Pn-H{tv`<#m3=^@^%0R`rUYsDDmX>657!
z?lm~?{oMgm-2k-Jfk=<9Tu=-~MgWuyb{VygLK5iRlDx!aT>|>IOEc&><6OTM`|Cj>
z$ITrpcl|LUCip9`?iT~@&+e*poXRJrwm!Z8v9E7-)CtO2cpg@M{8-}T_!3V-sD9q~
zT57+ul(8``z&ZuY-q2C__3eOGMR#5Ya*pMja0Z|P24r~DV?nz%<KFC~pKRVqOIMoP
z<QDT?eiv0~3S9(TVH9+dItV-`7u9a4^qBbJNJSTM*+<X*d}Ya$T@W(T=0B^IM0TCD
zR%^LT-7%;?ryR<J>=3p6#Ta;b2nWpvNc3><o}Xn!X?$V6W%X6?&3#Ga_^cgiAeY<G
zEeqr4H`B*s39x4~WjQR34A>9NoUZ3*d+Ep;JllRxO}ZYI5EY~V0Pae<U7mtYhx4Pi
zJd9>vNg8m9V8j2?Jh^hGB~&$2aL@j)`L$?-rpbiztYwoC)(op~18YcTuR;eTAY$=m
zyVmWn6iov|%OR$R7yL8u=y5ivE=6f5OIx{iJcSKjW3MjMY$AT0PEY>)rM%znI6Jq>
zB^8>wQG3|xk9Hs;lRxy>sq6jvuX$nW)WW&B^coBrmJ8gk(96Nzn0|j9*WlNnh(ovX
z!L;ja&Z@ql);#w(Vk*J?X?A!U$1SnM{2xteM3p&^Q=p^Ma^M^u(_iia*3r`uJ8I<}
zp^(*+qa4o1gunNwm%EEt^0y_UkBe3h7-W)5MhEW!Dp=0WAa-OvEZZF9PJm58Ea6jB
z)>K&lQ$dSzW&4cs?!P%jb24;Lmjh*=UGHENjf`Q#Q#Dm8@jQFyCwKzFrJq8ZC*BM{
z!R8=(Jy}Vea;)PITilo}hF~xaHh6T0%inn}bB1~%J(3R!#`kbdQY$StJ%-6Ugd>4E
z_OlX3i}3*7$*gTMUwFpkv86RK&&=#K3+Ll_aHjKl_y^>^&q=LPhfwBnXU!Uo`qmUb
zrry2lBFD)xmF>$*K5}jKmei-!YPwwr5=*b17Sn%v%o_710UX9%qsyy=-=k|Ng9&@5
zA}v09UJ{9*A}H69AV3kfr9M_;3irPXg{b^@6U?7!vuqWF(~~voNY})gj{|-E@1m+b
zQr9Fih2Ko|2NRZznMm1ZDN<<dQ~kjLXl&5i;X#wdSKH6vJcXc)XIXe-(JN6;%`d4A
zx#^x)#(<bfv{2$$HQMOb_%*&hDos>ITwEy?M4TcTqy#E-Boc>yx&7}D-S|%iuB=%y
zJPX%bVt&$WvQPZRyX=o8<PeUlpFByS%ajxQ0+yzSN;!IOWEaFmtazgdo@V&!L?I!!
zlFt<d)vGemQkhd<Tf*iO!+&E<w4ddp=U%D`kV+}w&Vc^ctI5;6Modue`(+(eF_vEC
zzva6id8+l_zB8l*lMqf?i^r1&dM?d|gqW!YQT~6=bo~3hylRnaA3yrV*m64{FA%OD
zB$p3c-rn`LPA(y}Sl~AOUkwSe25J)cS|T#McYaSQBwI9wgO@gun92lt5!6iQ9{E_Y
zQKU`LgsA1ul*rl55lO;%lKp;q6~{4$^X4`KXE$e|d5r_a{HgdN5iQBv!!t8kBUr9G
z=2UE?2wUHnp6@j3$%+=gCspH`ND&m2q@UiA#mO{=gKcr`0YV8;-<yLyifgpnJ<e~Z
zuZ<;B`QpR90QuAIVj12ru5?s#k#~NB`#UkHUh>aVkpxr8v=JSXTnRjOU^d4tpMdhy
z{BqbL`cdXFQvQuvDFQ)22Y@QHvC{txCx}UB;Hi6#Bbm`rZyY)3VW6><h_OEKUm1qq
zmQZlY;v9V6Sg8qzk8{5x`~O$byfPcHs5Scx|0%2)3jX%=7E0BuKm>t09I`I<^_il%
zlKegPtN%`6iUp~M$`R)USVV)FdGp1xzU4pddkQVGMmQFw&rk<bmnaG^T+RPVP{`XA
zsuQOkd$;=4F0_JDI4(?@Y-%uh06n7iES`YMNb?}>Jnk$alutPbJ&)_vYpAagUadE?
z30ljVRAr_-IA%4LMto8?Qbp6-lV8>x#hi0Qj2-w<;=2EDr)_3eBJ=E2nDX3*eT}w(
zOf^4_YggAlc5dP`v~q)>67!2|3ZeV|TZV+4S$G4+Gqfj(U{E^XMuGJhgQKG{8`R96
z37=zQMUjXy)_GiHsZO957Q}U>uW|ClSZ|CMa<;|sG-+&qyvV^jph+m9_n(=`TUTk)
z(>QS|?tpd@Ree0SzlU1?U#J$f1eUVqc2Xq1U<*)ToHxb0|Ky<5c!<%GZ88wR8esAl
z1&KD}Q4C-FYtRP)`RwjX^JUGVHGKa_&}jIiO13L~%fl8&oGp&}9_&xeLHz0XSn~7k
ztV9dYRCuXUKL`bG@X1rI>kII-@DC`3m4Iv7ns(oO&m&f+o_kV1j?OHe!3~x0GBEfn
ze|e4&<MF6M>wlUlp4yYeqjUgN;HJkc+rpTF929MzY-!#<qknp60(E5JUe9ot%a|pz
zp7vQ!5aWvNQlh0+T{r@GaGlVXWhjvW_BM{!hUZ)w)AsDiqyQH;DJXvY_-4{ZRz4Wk
zMhM~Pq5ea0_Np&J?|oaABWahT(01k8zX;2g{J~-$iEG)X2_jgoUzJ*kiPd_6=Q6wh
z^+2JbRac|{l--l9vDX*2biU0cZ0PQP;eFNU@Drti>8bU6^-~Z0Vm2JS^!>6<^OLEI
z`<vt}_5T-0kvZ?9DSW;Pg!_r1#Q)Vu`g*;o_^6!xICS1F7!s%le1Jv6woqe6h44RF
z0yJDAxmIk8TFg`(6qU!F-TM+8>rF6uT&CzLAWaheTncA~8}&(4JJfP;{;{BCcjkE;
zt*MhsVoe2WXUlDVWkY}MDC+-w!MaGS!#OwTg|2E}=5sf7rEbQ4?4<3w{>PWU^+xSO
zuvVRTiPWFDp-dx|n2j<%w*p#wS|$F>;o;SI*5JA##!%a(S{D4a|60$eJ}jcC@U1vM
z32wWTqn!Ww<W|yGJuOpcx1FWl7%9kQl?g-Nj-5m)g=_mIXXR6e`>nTRC;%)`k6b`}
zOmb6-Fl9YTU3#Tb^Q5Zo?IpDS#{FN6LpL4tzp0a#WhQC?)#+CL=>Oc$r$*z0+M*z?
z{yhpzrK)8<qb{(+&PPs{lU(rL#p784BWdriqFG|)E28;(@We9^vEqh?l*4ax(AQm#
z`+IY(k2_1+n}tq}A~D6wBlK28W^{B^L<xfk_m6x6Or3gTDDa!5QpK{a7P;Ih>FFHN
zge^A%lH;|VACDdNQd22me1d}BOI5y(-M)Yb4S_%)J4m<cH1dCIvaa-*60BCVcO99A
z_eGt)T59T6iKJbbX!JAa|Gwtq>WeFny>aGdtk6>kNFo)^it&iJm6>s(>dC_6er)Ym
zVirzG;G>?-T7rnN9#h7TpLT%evM&<<bE;n{V#~ctmL(c%nB+#p`pg{uGnM&4;94AD
zp<V{)fhB01<>G6_B4q#C>N-L3AY2t^3{T+*s;+RTPzoQyxfHZVKI+AuQq``D_Ar^M
zXAD0^wA7Pb`rg02pEN0=y6%+K&VHv%`+~R?<75`)S^QL##N!h^?Gf9c$z$sT(qHM5
z9Y3vf+n{n|xIWVn88cuo__Xl9hPB-4i%27FlUQ7w<Es^GSAmckg4FCrQm1|lP5Gs#
zvs_=`5=N+szbCO})wWy|XG{i}GrKyf{db7#*(yZ<SB~XJZ4+89)F9MQ8<Hu5ItBVH
ze|vf|b+(*^|Ht4ySF(8a=dY%$^+rC=`vTo|Gd=}SDI~I$b;Qo(NuN0s^i0{Y2Y7fP
z44+h5wdyRXyy=%N^bC_^pMIyL?sun|58@)8!3|$iB}0>-R119l|Jl9}u~`2fPgfaM
z)%SFf?(UTC?gr^jk?!tpknZm8?!176ba$6@mq;i`_#S@xe?MQi&prFho>_Zlt+loE
zqxN_bFMaZ)W<n6CNU1qV{}v83nic^A=qc>{lB|;KK<#LhN{zom2U<~ae0ZcaNgng<
zn<!JA5hvZ~3&{^g+i?(5f2U9>v|#IqgH?)~;HLa;2$&dU_JU<nlR3~Y#5joOEd{~@
z|IKyOz+$XM*%57iFJs$)SbVqfgBT6Exc+5$T|;>SKX<(iW-Wa*p}P$yv6W~6^3_-{
znfw3oSDe2QgmL<=E^Exm22n7U+%ekLgc<2YpLp~1|0}$d4?QH<f)TERLW2a$Tm?_d
ziHChvVF2ym+kZ7%g$gf%!%r`o1PbRCU&!xA7E?g83{quW(WsSj%)#HX!B%L|{rJc>
zXZz4l;T2d4Ja+%04TYj$S@?g95s6IG16uY6X9%7CYofN@@ulw^B`d*d?N$GP8<c*c
zy_$ug3Wv{X%rpr%1p42tV5;h<M(uN15#V@+ojZ#_Iujeh6xmt0A$?*-OO^aL<-oS!
z1;v87;%l^sMEee8^@97ta#8+Gp7ViRBcOa?ODa_&o;3(Fvei2~Cgu+!WPj7TJXw9M
z216K>3#EV~`gYtdz~hi6hw=@{4fB%K{ksdG;TgGW59wDP_ac6UAl%#%|BECjZmZ~h
zRoj88IJ<oRt>D}aDtpXqD~f;13FWB)DTUK(LXtJr)(A0gPd<l;Xakq=zc5oiakj<j
z$IL>i3^N~?JD;3yh*;|QKrXxV7oI^@I9htysy<Ogu{uCen{0r_YRpY@|30hC6y4IL
z>J;6$gMHs{9Nrg+ORkel0PDhXmH&O>CO8E9sphjDy<fRm7Sy7~Sf>^oQUc1u?rvFJ
zC!zlk8(Sj@H#jT^X{wHAOytDA>ZzNP-iKed7z{zD#}lbLP5N(GCtGJos!-HJq<=~a
zwbxY2k*}2^OZ>Y4R8EB9Mw-=2&{amCOXs-NNzRn$QllQB)9p4ANl0@UWQqTMMa5B{
z7AJjenLX#-xf5w+OBuufsCC0}SN$)vtHQ;-t6B=e!a}erT)K(UsNK~3gs*Lc6Zbvv
zgO3&LwhaEA+lA^%7Rh<=Ul6~>@LNP_c2&Hv0vp*Dce8=*%75}~%Mixl6uWhpj=OaG
zi(+(cwm;jR+}ht?3eL>)<4d7}$Gxql&bL_;B)g`8K#sWD5}^;ZMmpp<n0#MmU@5Zy
zuCAn4wTI3eh9aZ9?y_0-7S@$kqE|ZJD8%1yLTZ(&9ai2`XV?G{{yt>nuM0PlR>~AD
z&*tPu`HM9wDUiIi+9CJ8=-v(|HP&hs!^sxDm4)$?1PTrH=6*U~%_W(n_Bxv_fpv!Y
z|M375*q(Y|j=e%#c1C&@9BZ`Abs(B*{^j$t2%BJ|Vo~8QP>Dw*vn2*i?g#@8Qg~Q@
z2fIl>f_v`;R@{=`S9)RY^C;TJKO)s_{tbjAxNj`(1F+N0Cti*KdeOL$82DBDKPF+L
zpXS2dJ>&12v|QuFfq|J2Iktj-gWw>XGQ|NWu{LEVcq4rAv~B4iNw&RA$A4V34@r^<
zVNmTXZq*5=tH>BI#&#R^2H{IL)x=CsGKIx|YMM;{k`CurcOM*dI9*1xUxE7XUAcC?
zB3kH2PnN5QJ`?qC<}1tdnsfDAIsg2N>%ux?Z+U|WiZBLKdf%?xKW3u&fZ;jD{rtK%
zn$YGKNxa?GrM-yqN%g<{H~3STT5VG#Nn%}2c^GmMdm7}EUxL2$LGj`}L~{SJpj4<x
zq&daE;P<ydf2g0AZh-xq<KXxgGg2l9NNM1PrLqKW!xBV@dJg^tL=u^@McSB>?}tfX
z$s?T(I@ppUVr`j`rh@*)hjbDJ!^9E)l8Euiz4_e}@!Gwkl0W2s<M5Qq-sYI89C|kJ
zhFU%DqWs5EC>`*>aRX-pwb4k%R<lqM0rmTC3G{cc{_chW{;~{d&NdS7_>!in;=eed
z*dGznr3LN!Bz}rfg-g)h=&c_6R5$eZjot*xDByHuJ0^K2QN$h25%eb(t^NCC%<kwp
zu62+{1D{GCv%GH5yU<JMe;Ev&Vf)($O-KTx8TiwuWsRiOHIEvTjr4&39!c#3Kr(<7
zZ<eVg@)zVW9ztQ~|NA&&gEIIxe3&O3;P2y19(*YUWGE70L4W@Tyai7?C%Od;&V%7K
zi1XCdT<3o;40?UDW&zyzp@(y{biHZwf|uiO8o+>cx+Ulj3<10xj6BIh_vbIIYg`Fm
zjF{d&&IBJ!!p<#2*zqOcZ>|mIE8(+JFW8dUR;>1>{O=*kz${%dz7)-(nvpLdWz0eS
zhQ<+mKaK4UAPc?pH!k`c;}O-I+jV!o0d>WXr_(+;SI^#V=q&8xAx^@&yKdWF(*LSd
zAPa)xe1P$UpsltpfF9`hH7H&EyqRUY6L|>#ZK^_;@uqs+W^00+WySjLR!b-+!dXgZ
z`l{3a_3u`lzA4~eOEk-rKWed;w{l)wT(sy2o^ZHsIwNRWu>Fm&NRjel8s}9hTt#9u
z58Dm<Q%4<b?HZb<&8W+#NTGkgCr|($+0cj}7h8?s9NxakQlI);H|TPaxaIEhFPy{@
zDKz@XjUU^R)lZpP!k2*jQ_@riM|-{{A<a;qI<jj~{x24z#*f)6Z09mXS>DITKoYm2
zbn9Pa{GE2}b=$dK17>aK&!_gUp!FjT;132n`OStQ44|T4m000Z*(=9QT)J15ideni
zTfF@lrkQG>qRz*8+X$el?&io2Ai$jTxN*wM^;~|jmy&|X1TgJ?NK%C=lP{TzPD8V`
zIEw@c`bPo@3h$j+9R-~3Gc_Yo+$S1MnSuWYXo{V?0Z_T-iO5M&cE7YVP#7*2oldSe
zGglaG^*en9|HkWBD1fmvY|Ce??uN#Oz4s#}?;E`jS<B}v6O4$cp}0eB&TpQv{TTiQ
z#>|#7Y-e<9t5wVL<!6C2Ev@f<70Z6{`x0BqQ=1h`-f5p=ju>brivI3j87s$7VNZ)i
z7b&+F#wDb-GQqZWKa{oDk&_-yJz~Hd*^Ov~7DlnM<R70#t=I5-aBy&S(K;Qy?)l*P
ze94BaPfdgD_D)n$1@Xd+#X9KnsplWf7*54cPnRg7cvM#HH=YgjkDti-+W{zFF~|ID
zaMzqRe};Q#@cgBQCXdWtA{WJTwAyYolW8tC;_w#AStEUOM?e~J($;-kI{#TMeB%7y
z-cX^62X**-VVH-FW}fx4Vc<uC;c_D{OfM~g@}v5<2K-N2HehbpePJq>;%VWif@auZ
z*Jw=b|HC2&H}b$ivrY~r07el!-#?6AzPlxBnGC_03GeT@3thZwm;9p4R4&`1e^;!R
zbZJTXpM)0w{d^CRj|OC7+4+tY{)RvJxwZzuI~2W|gwB<}+YVzCGz{bW1vgL7p6dMX
z*U3L@wGe3K34EjiaX3D&&J>?$H80vx{Jv-Wx7kCmohzY_inul8;9)^Rmj9ir)S$$*
z6NXlQ?&gd}-)MH=*8S^@eW)94JWOo%6Yq=lFJRzq`U~7lrSqV$t(;?$!=QXeYi-^q
z{nsiTS2yD5lu0C-L4Fy9-&<9x>2=4bHe9iIRx<}(j<-T?D4y<il+0PGCsR1<Z8)v2
z?J<lf>hU|}t~MIe$Ies8@69^Zyua29C(a;|(CEoqc*`pYo*?SU8^n>w8jhbAJd`+;
z?kU=dc0;qJi(!zZ7yAP;q}t6pvh7yjoKrypK0PEnaoH4`^NWf*==|n5!|u3+k9p@<
zgxn2|<4KxExRiG`W_NU%F-D2gW^Z{m6M3@C3a=?N8FgRN2h~w}hOMvcGdf4IQQ5#{
zf#jFE^G7HG>)a^+;w4mDgdn1!1L;~jRhx|;j3d!9wfht@?EE=}MUYIv!^14*u|SO9
zY#N$xu-;y_C$a<lNpf&lyW4!fyAwQlYt3~lOX@^D>pv@>p{Z6TA-P!3*$Q$;Rc)x9
z;GxpwcHUUN`|*PMl^XP^+O6=P9PH@ZKp@-Jr6e;QMmHjhs~lcN#?Zi5(NlU2n-m%`
z<LAIW8Q_JdSiqMp9C^84<nTuyZ~UCbN#MKv3TbGh8r}A2D(uP^YN*qg&9PaMm-glL
zzB03Jd36C3Rf&ms&<WfFn3`_+j}YaZ`{a>OTLocYouNp3p7Cg4E)`d(zy|5LZ~f?n
zK#st7i{S6p%9XdpqzF<_?o;P@WV0VEHUpyR@RW?*T4*ZhsDUL>`}RPX@5f|Ow~fQ=
zWc~48a2?FX#xqQ1D=a8^Ik&_JhyTyLmAA6*Q4o>2KW+++&c-^I-C4(BnhuHg30j=A
zT&ZfehJ!fiYP*#Q;fS65Y6Nf<@+`OGw`?w8hzdjEJo@h2H@`ZYP9|Ee5CY2hr_{Sh
z$#`JRn+^|LD&==gmOR{*KsC#oA`9}M+PNb;MNVr4gMC>7NBhQG5MKRqL&@nE?zRPM
zj-m<XufF@k_M==EHs~7^{&&0KD|I>$zj}jzEe&WlYBFJI10pi_omUt}t)`YaOIJ7d
z`=38SAP}L;<XqmdXP(@&+oPMq2@?dgDwnhQEf_GU$b`&F_0(<6yLVUdSwVPIv)6V3
z195I|OIS1<UFU8={vh`@H&?T_szm(w+2z$CX%QY?BI)~L5VV2M)Ka>>_t^c4fya#A
zFT|fHUX>1<Ns^^EvoF71eg+{x!@v~N)GZAZC~vKPyL}SY)n-UFQju~Z96|%%j2w3Q
zEUO6wvKMmZz3Nm$0dA_(s7kY4xmLDJtya4Q!p|@y0_N_E_`|eij@IA;T<YcG__~L0
zLpWl!^uZ9ReSL*}Q4TQr_$9FvH5x_Ue*43*e*mcuPMA|S8uXB}j*iryo!NSSKmVK(
zmZ|}o;Yi|pG7qZGQ-1Hf+Ao5_ai{<h5n+Ftx0r0CtnWZz95ugEd4bKM|2aC-HypUG
zr!H<_>j;ZIi$Z37V*@^P-eLNWUDm1*?o!nf62Y>b*O0-h_mBax=gDi~nethQj9r0X
zEwp}VXU{qvjG~o_)JP8Ky>^@X5VQaNEe}$)*b7aKE}ff)$DgaD?U~aHM<SdT@s)nK
zv-VQ~E~=`W#ZJ6tG80=0<QPH>;N*T|OP-9<tG@rGZlC8Gjby}>mQ=tR{sV=txUB30
zx^QwMBNrSy_3F(RrX=gU?9=fFTjg_(+GTw1O-B<OIRbZY%;8pTM#S@YftwvM6ye#3
zGyOg}-Rkax%hvlKl<u3+{H`ZK9N#kt9RI73<oK=nTGUkd(=#{v&+bP`RjKdj6~+%$
zb$omb{_JqBZ11!a^U)=r>DG1JW+iwUrm;((Hx-(znp)jFm{SO{Oqj4p#PrqJlQEla
zwoV<uQOU09F49o+;MKi`+ygih4}l6}l0bP|H=uC&8covoR-N2v5P~8PsySA-rBtbS
zhzhYaY*E=~cMw#T!k!cNGfs*`&*{$#iUu9$$`83x=T8>LU#ORV-n*rPJ1ELc<T!U!
zYi<>`-s=2$YE|31zuGtWah873^NV=H-s1tm!11{dhVk6;a=T@B7v}0|$?GcvR<L$0
zK4hrZ?U8}YrJM5k&t(lnSUiIH>`k9ysrXsK>F_!6eJg|!yzxm^6%*W6cLX_mMXI%I
zgf(=@($Di$z$uMGjQtY^ON@BA;LHFA88#O-ARZgv1}KUEH>zkh0w*CaI&;ntG#Eph
zOcgrByJqIdJ~oZK@r5`{`CPIX4N_v|p5R{6!QuPMukDTPZ9S$3Wt&d4pTdo=NH9dp
zYuYt!d`o6_PJMKISMGX5%-`Ir&4?IX*0t9shTN2DUYF{pYgepOWz7s5*gUqL0U{(w
z)uut6zb;ti0}i!mF<{9nUbiDBGTIyyg+o!c29v!8uW^`B0bIQfB~NQIE}C^@%8Nlc
z?FVFDYKbzmOeIJa8+r1c?*lXU4~bI5Ywb=Z78cZt_|ZuWQDmltLFR0kb_$}%xW}_D
zW_Ol&dNfLE{DFaj`vf+2XIFY({UH#IPpq<rUtYRBw%ta=Py}YTH&!-Q+N>JBelD=+
z%Sn^qx4WcJ)U8ZSTFn*SwziV%T85f%|K@W{1YNzW+^UU-Z@YNTp}{b6`)u6`?c=vl
zrcm}&q9#>^rcPK4-=ihT*OM0vHjE*u>f)_MdD_UOG*-MA@X#es`%e0&c|xNy&CVUh
zSOQovb|f0Jmr9fP^10g}IqM!8?Rz}3z?7Je;MfB!;<sp#rV*lG?<x0o<=ALzd6C$R
z8QI9dD8ih9KD>O4yc7rhTsGs$aRv)uYp2uc&Ulpb#u^0(bd)o_R7e(0`p<hfCaIIs
z=<LOT(jp0S;v7lD6eb;gkY^=uk*=~qv9zfnK9dTonNq)~G|oSO5d~@&cLzg27<CJ^
z6;C+ZR=62_Hhaxk_D;}uIpl29{}WG5>`$TJeH54N@Un5w{q1)4OI^^X`cSb{Z8ysZ
zKx8&&(-VIa#j>zZW0VP9MlzJ>ZE*(s&Lo$Nr9?cKHKRfLF>4W_I_SL!Q{>o^qA#gZ
zFgm38jb<q$JnpRWxw(-f+aS3^b4dJ0n>Dg@+4l^I(!mlcW@|a7qTr(}!19dU%u_J?
z)__Y>L6IQ>!=yu*K0>mCTSW5)K=<;4J^yhMAlJSEk{xe=%%3EJKJfK!UaoLC|IhRB
zZKS277<Z{w`KfH1)1tck9@)}?iDKz{i;OveAA`T0<>)JGQjwAGx9?^MNOXSCh(~^B
zPtIaIgGFAmiBCQM^yl<Shie(S#=F(x1tVU_b=$A{>g(^_&yxO5TREz8a>2dP{SCk+
zp_&Y$9`Aiajh&XNKGHzJOM*;39E)gqpckoL-#P_1e;9lp!`f#5jjzVq$|`X%A|y{#
z9E~<oVk-ehh>Q}cNzAMfmQ@H)oV=L_yuQAg#PJ>hG~85OkrZ4wRANFxhE!SLrg&Jf
z{=^?u)pdM;z~Oi*J6r-Y&ZI!Ka?@#q=*^HonFl$5JYE1jQ5An4ViA(|a1!EOBpQW2
z9f~rzuc>&<qAs{4Gx%r(Fmp~}guD%#BxTDtbnd)pnji+qg>p<CCAv%#A#kSNZ}hLr
zc>lX%;MY6>CKaM3m~6p?*gN@)SwvbJniLyZOu-9Sj%-a9BO5BqLXAD@_K|zAc7*u&
zfJB0T*yj$dWil~*OU*{b=V{{S`hLJ6f6sA(3Cgw~NwxmDB`uQy=w$Wf*Pqcusjo(V
zim|6?u?v=az8VccYwopLBU!N5o#P;seyr9IyD@T<MC-OBB#+K@WgWAtTW0p%MNs0|
z4S_<yj>r)GiOsD4JnhkQ`)0|3u57Is-v?s=ojDi}U)=i~1?<^Sx*33rEe6o9{GTqV
z;V6*yKGo@Zty`6M?_t%i+O>V#dKl);1IWrepG0<vh=`;iu)?*;0~pBwr}psqgdYJA
z$h|Tm{>bkVpbFqRw2u?PC=XU35{M2yPW7z|6ax*fG{Z6!$s^QB#*F%&o7DPVkR;*-
zs)~(FJeWC!CRH>xBj5d^+E>6kK=wIi7<XAxYqha=HY7SMIdtk%|5zpidxm6p-r${!
zjuGagsAGTRce>UVb(_|{ab-fT=SA%v&mTp+F8b}qS5MssLkQ`N;lCg38+Y0m^xHkh
z_CgsC)5t+<o$7QxLx$7O9hEi<_5QQcAHvsAB|=a|LF^I`XY5zqMl4|kxyoy?1l(kk
zV+=VjqOYBuor#ULwMZstNs+Ap9efwyAi5;FJ2)^ee}LL0M>LbjQpn~aH9xOyljNoO
z89^Sm3W#Y+O-=jW>o*!hAzIqv9~ZU(T>wQcCpvGyjf9l^4AD=*_+b@(u(P!lORFJ*
zJwVUn+daVb=Y$_I3h<=xdHyj{xUkAc2aOdT|DgeEbz3@qJ^_~&E!Y##_Y4+S(Y#CK
z`6EH#WJ$`<P3lMjoJnHhC(-vz!24=~9*+Tj^T1%!pVuc3H@8Fg34kFV?uB@Zs9`kz
z;eg)YQFc;0!=$4G4=IMQc(%*3U)d%R58X8?T=<rH$-Da<FKH_>`3&>j-OsBpPglS`
zZBUKGFU&6^DmC^i*p4hN(Z*YEKm9SHQLp_txV}VS-RiAbFKOgC2x1O!yTU10zMZc*
zC)BXZfxkXQo@hN)xXXTo!R71k^16)^etlq{=7AuGGhBMJ+$oM1@_uyAAz1~KQ{MrC
z_8}lzK#cyg{pZ&o(OSR($r;eR`vG!wUO>7AS~Jhif4wW8{W?9ZSn(ZD9y~VzOh%&b
zo+GtwTT#yM!@v9g>a6cL!l%U^z=!v~U;1S7&<_gZM4|l#sHEOB75?Ws+d&1!5hjFh
z4jAGG8(Tj?Z>lQXy&+??<9E2f-qhtn&$}q(M}^_Ud_PxBRQh+rNsu9k#*Sw44Jy_B
zpZ7_~iNj&mn*f^rhoiY}9xRbV6uy&!HxU$Id9bbgI)r2Jyf)*H?e#{>X3_y6wiaCh
zEhMifL-PU1AT1~t9CNM=j0SkajRTJ+)<?s<!I<z4=`zt(iHuf&=f*^9L}hZ28Jy{b
z)Mu1S6)tjR&UZ(j?us^a`&^(*18M=?-~H5La_>2Y>M=m%y7TxYAx7|<t4^!a+0fBa
zaRq#ab~?ZF;nj!O_ard<yOzgype^HeUv;0_6IiV8FFsZb({u{MK4u*E(i{KyQv4jP
z+o6jQ5rSwkK&C$Xf#wIWRKHG&<M$BXc+0^d-#d=;aP<Kg^hR1wAvp5^)E9z)aRzSU
ztocEI2dOEF_M0mQ;VyNa=iZ{4(hDH#K)QT0{D>-2hE1AV0}qb<U<p_O0i0pz7^}ev
z?KQq>FpYZsZpYpJH;rPw_fqwn(lkfJ7vRmOTQIz%gFqk%9SwAPxnBVeVTI?*wFB*c
z-sJsBjo%Dj0lnn!rTT(H=Z|2tiD02QKtB4l4ahIt08!kYvgk7uj_x%eN4<st)_**e
zUPTErdK}muwxo|Gft7IV=m0ueK#e~|=8Khx9F(UwWHdJP?|ld>a=F5bmFA3gB@VN*
zbH#@nttul}Zw4EsxfDY`e@}y*Zr@si(dl%hJL2-K7XiL#ITh(8Tcci&mxl+ol^C}|
z1N!{e_LCu|q*&>AYP>LE`)g1g@2_u8)YYxgTgHuXe%r;(ya-}25W}OK9`B({5mma(
z#`JcT{BM$h%Sxy~&Vb&f8!-5?wXqrK?WZLTLCx|Qr!9X580}9A+}}bND##@de70_h
zR~Oz24nXIRKNAZ!xC6|70D5yT-2<RxfCUFTWp!_43{hFk;dNorJoM)5U3Q|2LSh7b
z9LV79gmwZT+_(KaRyRAZzEp1>^(6+xfWaxlB0~%kdL1Mx+wjVTZjnQmBUhl$lOMk6
zO)=vxxVJp_0o@A(yLY;tyC{a?OR;Io51>e(PI_eQyBtpsEq9bPo5<5fvB`{fv1-(!
zp#l>ZxCMdyO3ou4X-;zqCKKp^q9i#^sRoym%S@If&2lUKTr7~Ag%rQ=1y&&~4}sWI
z8k5e}@>ZhubXi{Dz2FOhH$94AkC0RJ#znh}jfDkcm76>0s%2prhS=M1Bq{XQ)>kft
ze&Y^PuTWXR&DC%G>a|5QC*+cnHgfdPa4CGd-0@M;Y9p+Vumc5wDEs$-<|pu-A0Q3>
zu#3!h^1cKu^#$-|y8}#%4r&3d?3+Y4z3YH7LH>juQ)N7{S$ehU-rMix_dUy0;bBC$
zN}O>cT!{m5t29dL3lQuvNq}()aD+|poXX+^fRnJ%R9jmckdz5aNm(_FbX-NQrzH^;
z5tKis#NcAmM1zBnNq($CHo25xLcK{<EEfTFu=@mK+a{2iSDEO7*`ZCPz(d}FYYtKY
z&67Oz3`dp;BU#>uonYqfJJnU*40qIct12&VQMQ2I=f~Un_C5Fv$|OIk;AO)t(?qU(
z%pLk&$#N@=L$IMqOFllCT5|7N7_BcvfVDf(T~qhZb)RfIkj;6<!n_c7OAySbx(yD^
z=I0Nl<@XiK3vEVISy)K?U6+ARuMg>;MNn~=^jj{G`5864T3WlwX)sk7!XQnt`{BIA
zERr<UEX-bpszO*HX+z^7i<VjVfEJM^?(CbJ3+qk-v<U*`j=baPd?~I@Lj&MzrXM5c
z<sB_MhDk)lBaY?`w@(1>3nXSS99Bt})?uo*k`}fWi{A5=2((*enY!|QZ^quTe4~n~
zC>v%RWD=TAdKWA?|ACew+W}ZFS&5$KQnmj5Tde>NHlnG@_)P^G4L43VPAhsIKtrS-
z)u7Qhw1RWei9&>w2HtD8xP`C=XoYyGvV@NcMAF&-us5UC5UW?CugcdxaSWb4zJk*h
zOI{SP9Lr8&NjAzo8e6mE;`bkCAWbxviqDwxZ3Ka|zd&C0>WjPVFGf8Ayxnx$`=oT@
zhNV5q4F-KShib2hV^_?}hej-v531=522HL{c5Ulk>5Hucq5PMh?+CV^r$2u_Y^>+s
zF$=eA{)Vit?5f)&#VWvppT=kqruGhxo};XxsB%L5(Q+ZJb&6|4dJ?c0gN^|e$MM1E
zqNrdZ^Ixza4u&G&_yal8puzCn0mhd&BbfJrrK)h*xcK<mJ-&}`67x5oyM_rsljW|t
zTLGcECm?b~W`e=yn|OFL!91cp`cvrX!Uaexy^g{F(rSb+CLHSLlQKJ?b(Q8(9VaEl
z7J$^phicGc*sH-_5(0`YvcPpOclW8n8<dRa*@MMBl#aQLahc{l2BdUfQ9Xf@C&a=M
zkPMd+nN>_$ffY3b+EFWi%eSl<L4zYPAz(+zGrmXc29M*P8X``ilF_NK#lZ&+iIb}%
z{{Z5lU{l>*#Bg&rr!Mi&2N!i1-b66{Y4bW?bD(t_XPs8krESfbRBZE~s&5g7(lE=(
z)8vlHHFAb|h@zQ<zNhDkHdyZjuGqJle#hx)D6e<WU(szJg)dtCeAmeT^owse>H|IU
zDQVM%2Y(XoKD0@B;_xp2*3UE^Hk^<`*$4LE=s@vzcw%gM6s3sFG7yzv%f^%M7>=w=
zYbnxjN#j#IWvC8pRHS<}d?Q6UmGP#n^+TzQWWvCbNRbk<<TP)hP$=`b9f*;kbI1gM
z%{qGoi24<o%8#YTB2qxvt5hYjKtCKK5YA!|k%|>8t@q9A?eptxKJcdMjdpv@d+8<>
zGwd3$n-|`y6(Hn31=K9od45OpLVp~8qjtO}S>WuZ8D#9)5zf8fw4g;);s3e02ZNHo
zMup~1e&DF)(S}gG>T-I>ETaqC<y_gmlIPRCJLSOpYB%Dr-cVW1sHv;?1Or2?)m_HM
zkr1*(iWp6~ks2+ry2q2*Clu~?(lM)!&#JPxYPX_?&5(iO)$dur8c0g6V@eV+YLtpd
zE~?r`tuT>i9s(M(#BdWwR2|n2kme9|mN5=Ni)7FgFTq4Wjc3_=2QE#%6o8Td_O?3X
zW6cLbpQ7}o;2UTT%=$UL-Y@I40Rk>gn`J;|_H_-A(gW)5bl@0IrIW%UoAz6-u?e8e
zq?C&bxfxQ4;@-}`rN>Fuk@wet%A-rQQl!D?*3}i5qfIcrp|~Ev!;KJ-d7xedeBC1R
zvS9l2{qwXaP65H{h`gc@HXDIrO6a5%m$(H_oXz(y6VohZMEr1odF||83GM@tot@7`
z_pc-(_Y8iAwQS*=eEuuY`A-BL_YJe`ZiA-p%NvZRmW{yuAqFoM1S^HJ%Djl!CkfvN
zOha}=8H)8hHn4=YnOXe83XMu4MU{)*mB?MyJC@3KS!U}pN_h{8r0z}>QAmP~u@JhP
zN_amsX{f43cEKCHGfD|&>`%v)NpOHQ>WBzo(ddI&g^WtY9SenoodBWgw^}cK0uDuh
zijV{lmv(n|lRWgo0L|tbK5`^k5vCMG13Cuj%&B*8=h1h`aK4itU=8!MnoQxq0TImw
zfO-NR4*&-;0E-3#_66Z@Vv>9Bmp4xU05#+}cf>F>8-fB^l1Hdo;R?8IN3J}ds3y1S
zf-4CZyvW`9jSJ7W>ZdR0cP;h0iGi!vf&oD<&7jSBZMtar@k}=N=dH~}km?8>Hek;9
zV;zQ`p19`I@3Yj`cCHllaAMt#vL?@buL%#$HFnH_6NLh?MT1uDTJ7q~F2Dlb>qk#q
z?w7j|ycd<PHx)rjdO3{7gAtJ6u*9`y6wvPy<pWHWd2q{c6VcP|U`0I8;7}n9j45JL
z0-`z0jyk~l1NejJhpiIyqmsHJ61}5P8nBlVK7yl@Gq>Q83G(ppIBW^riB+n9kY$kd
zUNd&#*=~8S!;SE^^@30PLz=uIkDAIlJ(IwGu$Z&p^x2At<n4<-Uu4+vVRr=y&0_0^
zDDIO~nYVp)BbRBVw<gk7)TD9U`t?V0Gd0I)mihBdr~3CVw^to5#|~|mpw%IY9+iuS
zxO09ZLaseYpF$H$yRWUU{yqbKR_d)qXTwYJn#{fn&vqW&Pd})+?p-~8*}@mYGF|_`
zA@myDedp&vPg<O<V57o?m`KQ=3N;*qTZ3*ef51^s6e=$34S6%@B{F(zZzO=LW8TB4
zg(==aIv{e@I*|x*gAO?sks-jwY^^Q}L_uVN7kR#*>DeeX>YQy25!4jF0=p7%UZE=k
zPts!MpE+VS__fjLt+;-Gx#(-@&n3v|A_~zkV<<g8(UrzDd{w7TXA1t?xi!<hHg_H9
zy60)v>RY$re9r()$1@0@>Jq1HaM`Xe&dv4QD)L{n9$(2}GlvjubvwNzG7EQA7h_5w
zRS5mUbC6E3x5NKvGWKZ>gr~KMm}D-e8W&2JI!6d?@`>}Q7_|?&ArHd8@}Yf<OKoiG
ztrp`&%i~Y=1dK`5K*>wNnqVdHj+bN*%@R(;)mr->bLxTIYC=BKC*Or<$ung_F^<%g
zysU4{5p&^p`*o+DDPu~JakY3na*r^~oa?q1v|HL#xXp73w{(@boEL2V272PZe%jJK
z==<1sofd`ie{X-`2V76Ko1eU4_E=&tZnd=opAx~*$G-9S!;I4b9dBhy4E$gUV(t~q
z8|Pu5Rgxo6#+$$lpAu(sqY$k<AXP6bP-^qRm?HfFh$*E=U*p8y3NL7kXlYL0kVXxb
z>P(ercI+gJo5N*Jg~}Uu%+<_ckU2Mjt<7%@EGxFJB#XbgjT<A{t-G-$?_x4+`12;1
zDO}Vx+AcrrOlf7Q!)&Bo@p#N7Nyw#Bsi@a~6d1|lZnGJ=Y_p@qx!?#>oO9VEli;b{
zwNv?QE^sQcTPTrn$hbpGIV@EA?TeYTai2KrBN@0ea`Y`h2elxAk_nbXrs6fE6^jZv
z@KPp+q@Qa7@1pTjdEv#H3xykM=Nvmg^q~8ijMz#}xEJlV{j8N0(kAWdzJAHxMm>_x
zsCLxYtv`>M6s&_~CV~pJf#%7)*#wA=biUP(ro|@wzRHf0sm4jDdcTiNK-bboDY`se
z&-pN8^~dV-dSeWovZ4ua2#9O?1p}94&Y<L046K?CG8IW?!~x$nL&%Y`^F^W}Iec8c
zyyQSO)vlH!We&cGLLpa^tK)!l$)$Gd^0#k-JRGY97I5eH-bj()Uw773CP1Aq{`fay
z`*9XNcTXfx`AmPjmEGthEzgK)-EkQN1-YXVe>~0~ebbcu^nGkq-kRN?O+5)%3GKYI
zXD+|7nnT3NI^@N*Y1b^X4fpp`(o)vTuD`y((VB=aA{w@%ElOL1k)gWg7&p#tZC!ck
z!*<k()!TG;``Iiz;9hKKZkhjj|GqU0?XpQiKS2Ab=Q&JDjRY}VyeUiE*7(<*Cmqor
z^?Ak7lMh)~S!or*Z$zz3^x<4zQ*AZ`cBCY|ERV+pp4Xt(OeY!8TGw>Xy&PQNW=aXS
zYo_z0aH5|*p6+CFC$*XSZztdq0xU%Cbns0yQ=N&X0UR&Vfxu%N-+I`Utz9PFv$j_L
zyhCqfM4Ozo0%7AG*hwOCzk%7L5Xof`)tGaxnY8jv1|8Mj5UWYWnH`CniUk^m7+FqA
zTN(Cz6iZ=&PU+7=I*MM)Xfk=y8PpMZTeBjhoM=;Q;}VQUBQqf`0sS4?2stXw9Id*t
ztIi;Smm@WyrOPA7^B*#7VxJ>+B}D^nUoLMD1i?wZT!=PQH!kVLh9!k8u6qdNUs;jk
zd}}()rWmE<Sh03R>M$Ac(3w8@kk5vJ74YD@gl#MC&2($oesDz#I?+1B^O#`}ecD}<
zcyh^FV3;Q#IN%JmKxaGKNq$B~5#<n*w}$WSN@I31(n^|#@f|mMrLoD&g?OCjaeOx{
zNGWMX*xF7RlkVwRK327xw}Z-^vU~q9az*V!Aec0Zu&AK=h}k6CC(&%2$x^!4YwmS}
zIYU*kpvfKOL>?G<(1Vw3UL>#9%TYD%^2MVxS3!Yj=~^W^8|psC{tA!$@-se@$-#W{
zu#5UdizyqvY_r?&Xaj?)JT_zW!gwqS30MO5Jc$q#TDk!oNe=}RsFgMfg2BKmW(|=U
zR%<wil{OD;rX*+AT6v*aRu!|2E?8_{-l}mdG>^;%KcDs`OX}w|w^|%9t(m8eb^}@B
zw(?}{(#bQ+cS|nkd7F!;j);Su22FLw2>cPZ*Uf@wiBaIq>GtZx=s+C1=h*Zd-3SXq
zX|>ox+_!fQnnD<`$|h;V?Q{H5JUa4>*<QZt0Bv>Yn4OP3L-8G(U3Wx<F;jy{%(@eg
zoA@Sm8%{&0dQ^T(ApiI}#XjhUbt<DkgMsp3!71Sqo|oz*juVEBpWqLfUP_q2Gq)eA
zIje!WeB}bR6$Q76csE?su4MC!70;F{;?(<`wVI-Q>SBEYck@fN{nLX?=ccQ%r<2N?
z8qn|4k4BI)ull31CF6p>o;;&F4dwgc&Y{P0WU0!xsf?{Rg#0{z`}E$u$6>+i=B-ob
zW(68gkZ!@s$r=Rl#W4ceU=peUb~b14z)KTH%;FeVQ<B+tX`fTrs**4QvRqtTD)JrU
zV9nfD%db7nNTW<fwqt5?XLmnqvpEZ^Zf6jW4~v21?J3CDx#!Jn*Ld)<%PJ!ndrPL<
zgqF<&nw|LBn6db4+%YZJXBUi3_44@?GPA4rj1tutmipCB+bq_F)j}&<)IV!?#FV?_
z#I3qah00P?&o)D(b2C+lHD@2i)RJ;eNxN-%Q8Do4!VvO%-g|Gz5c2O5fK<)~hx&7{
zgkcH!-57q)i9i12oIes`C-iM1UZ4D3c9WOGNGJ7SN(POcjhgvTMPWanegdrtT}YkZ
zKrp9{7lqP>u7~#F;(D^gY@!f5*7oC3Y_QB~jz0s&%9Bi#9kfigF*TEO7o8oI8^(Uw
zc=Xr`Sy?61RQ9{<Z}Vv%_i3+9#XeNgDNC3csi#IJswh?F4IJ9DDzQEuu+oNSoSviU
z303{c7iG+n^EQuN3);*HDU*ft92n3cSt~kDXk5z4Q4nsPCi<F$4yVw#zyX@)am%SI
zbtv=HI5`4)se&O~3Syu(ZNT^qMLz=~@*ksmNuf$gtmF;a^)`XZEkx;bl5c=3FjZGz
zI>38RK#Z3Z#R<j6eRINLl$?-GVLNIpJ$`F*5HU$K)WE1{Z@M)lI)y!wN#&dzv^G7e
z5!m<<7i}TOzlH#3nj!Q+aTNTK_ejl<=RR4(5V5IIg{hp^-1F06qa%i>TLS41SF0`A
zW*@c&v$GE}a#CdcR|$z7%^&wB!M53?wDMT9ZKgx$C0Tq??S{<=vPKo)%f8B6Ot>a8
zH~CPt?xLG+*)g$s=qPT{V|3IE?#eZ;L0eK%?+H;;oVMHF+U$m?Bz6#lu5G!XaDK;Y
zH)^7BO$+ovw<bz@zH$35U&Y%SoLLt#;H2IBHJRd)q=r<2F!T<~mVD{L^Sfyst-xeN
zXcyf+S!k9r$kKS&Xpb|jtV%hVP4alcd=?E@lu=7MV-kd6PMolv>m-J2XX4F^nqesC
zui3E1o?<#jd1iUQ;b9^)k+FEF(VhXrcB+K)Q&$%HT*QIOS{H_7z@Ul7AsS)9W>?El
zOhxHf_E4;5_|T82GM;2bNpR*Q8^zdbar-+BNhUch4ASb+bRiQI67pduP$8O%!hsEU
zav9v3C<dRbXqZT{SeM~^%$Dvg8b=&~AF3VnX)U8iwwbFS8+TMA>kLwM<p*{ur0<dD
z+@vN-RD*a;f|C9{@9o<OnlYQ!RAOTBLQ^b)1mq<L;r1^X*S)#MkUMKM2JF>?roOOd
z<~I_&mY`rb+O9MQ%Z3IGkA1VL0%tS_wK};{G-|J?O~{;d&qfp+*Jbfp1NU512o#NF
zBq+PsjF86LY3G*XNU=UAwpq)u;PK)#xdf1RgqbgMD2#o|8o$ZdPklJ%ILTp<-_PJH
zv3gd%d&rn)<EAqMsq7D1Ohz3s49h&V|J;+To8HtMjwO^x%Z)Qs%x@C|f85iQ9L&}}
zI!xU6JiW3_1lMxhETXkgqa`GVbAeHU=78~BV~88fA&Ln;9Z=C?>&$=RnUE!5-AKNM
zrRHEnMhTmmRo7b6#okFsU_MqPGo$aKKu~Y>)%qP()GW{<FdS>VxK3q(pGP`ZjAySf
zePVB^IJ?PPmKHIlM?Byd<onfjT48k5ZAxpHXZ<^DOo`QbQV?15Z#a`1`H+-bOuR<M
zD~dJ7;+#lsnXqq`CE)uXgVE(w9uAr)7#wFZ(5P6^i`4PTpb67E36YOG;NnV@6xX_<
zxFr2@fAzQujl>ty20BsMhh#^nj17M&AB5B@XveO+7xbtfy*M=@VMhu07GvtVIlIxA
zJQ!DGto>zIw8GQ$ktlB8$Li#L&LD+y&9#X&?Ypx|U!?C%woV*Vxk8&yTE4g1A(krc
zg%_Z%Q73q+ri&CxF|tuJ8wFl<3;R!8!#53U)gs_joEn^uN@o=n=29xU5Y4QtY+T1Q
zhwX?Cp~9mi=ANaIhFR%S^*+uNQhCfMwzQkL)+t(4?Wkw6bWzb06DgEeW@5{D=q7v3
z(xPb;#yrKn6AD)E;_1Q9okx^8&CK$|ZnB9+#Z+HuKAE34?yHbbv9T8CAcpN`P)#<{
zG&TWv-rO{f$`tCkOHWHZkCHwYGI8M=ztUFY5Y9?*xKufYwx7jXB`w<p$)ZFtxELyu
zfJzR+;%p5w_%p^B3Hp)$#DLPbSRSVQMb4ElI@7&y1lAt|qfv}h%--yEv_#(Q@k#H0
zwIB{K&_zqU*GUV^_^3^&(OW+EjWAzyKke4V=`KB0f}R&d>lP+MeqX42fzs)V6s}-=
z6Mk#Xs^vCBu=RpDdCp)X?+Xe-Ui)DwJC_qEhbOrlJAAM+U>!5D!o_d3$kM{<ed-}!
zKNa%ZJ9gvBH$+4F!%eeLp+!G0y3f0LBkD?w@cY7W2VXF2qK%&KJb`k+*;Qt6V^3(x
zCrPMDwX~Nie^Xj=_(xhL)I5I~8Qvz7^$l)2EUgrL$~6l)`<ym=h$lf8;)#aHa-7lJ
zB%560MM<C5xOsYQ@(`hZ3PfKGo6V^h7i%5HFvAhr)EsY_Wf`x)<n_<cxrt(22bZMM
zu}oyEvj8VNqWsi!KXcR27@<X8;Sq}%8mGa2%ZkaGEOKj_OLT5<naMwEbdRP6$Rb+f
zC^rm2FNs-GiuhD<#=`_ygi4{w$*}9<N7uscx?IP^BvpjeiTb0?Xaf7@Q1juD)FoIL
z?F{iEl;$L59}aHH995bc%j{W<7LW)@|6~@Q-SEk#I8b>!GaEA61uJ=>dC$8T0Nodp
zsIjOtcxiF9mX<yqwPD<q77bke)Q+k77NL!+<Szm|^2D57LG!T@s7;}BKLXC#zVs_3
zF3Q}@JVial%39HdqdVs~4Orb~lr=crB!;i0v$!#i97um&(8gdz1TltF`z7tqn(GP?
zv!$ns^=-m=8OkM`9ddH)&J9F>k|PYM6>&RuKd!t^nC>yLz6=X-Ab35D$`)?s9b&3-
zKis;V|LG`fUG^jcX{=irE+m`7xuIwsmQgHxIxtmoiY(LAPf4Z95PJlB!r<0NN2=#0
zRYMn&m(CKf9($l-3;vXqD+=Yv?Wox_haXjLF8khNzz!>G0FqgaY1}djor02gx|i5b
zSs~BV*(m(aZq}`;KFGG-3W0E}dYDv>g=vi|3}FU4Ydn{Szm~l=-L*J}bYpO|HD!Wg
zl!bseywNJV!1fO1M&0Z5ddST2W4lx~**oUUxZ?s}mM#}cx_mSmaGRSfr)W!~5{x1C
z(?L>p6h`)~u(88976P!NQ8Y<Y!!UY?rUctabTy|%jcMs>1rr{!YUwm>T}3t1yd>Q`
z6>!x$L)ipui`eP?(;f1rRs|-xKC{E<oYdbG+lU|5;1ldT#V3!5UQ3gucrMDyYI|cv
zKw|`B7|Ie^xN#27gu--nYj_nfS-*E=M(3UCrdXUQv1amfKK>+V%cL_lcZ=dU7Ex%m
z3G*OMHxi<Wb0!PcI>^Dauga^zKZk6VJ{{YaxbaG*)yOewk5Y&ulagq}u)I&^eRfIP
zy^M9#;@(|gNVHj>w_Hg9<6WIuDIy`-XlBHjc0&02^<WDaKM2WEAd&p6q_;iJxQA_m
zH6bn9_Ho|>0WO#~<e&0Dc8xEMNzD{8=T_RyIRPy>T!EL;$uu}#nB!IALQ4_GyrcQ(
zR<9$ylpJDcmKY%Lli+BK_##*>tAf?tJzl|hn%~C;IK`^UNP`I<bCcpF_D}kQQYM5P
zs8Gx}9PHU+6saVx!@_<g_r9yyg$l!%U<-Q0ol@ON))^u}=X{qE%*LIHB*}Cb6Jf8P
zVX0F*!8(C~iBj<cPZt-35bnC)k$KdfWQ&YZ2JBC9byB)qK02|=;qD2Q<lTegdRY?2
z@2w)deqA-lvE!~)Dqj7Ree6G)qpyhMZN@)`uC=YmrGN_zp-RjDm`{TB{)y;^qATct
zX@X>pwSbpXd`uTQTs)FTOD+F}GEiQ79mTpqBB6#wW2W|-74H-`#cp58IaZdPPp${C
z)2Q7PALV+AOo(PMmnuf>ZV({`v)3&dK29vn#`bE89O{UF=s=2r>=r4uQ-U4wG1$e<
zePL}pG178kAUhLmAys-MCzCDfTS(}tIvYJANeUqzjVZDc`(OoTBxRG40_Dw@GScMG
zCQM%PG|%4I{205N>=iXUau<t()0;G;?=S-yRfz0lm3Uvu#BM%n9^mr1$}`;0p40}g
zs;HtHu}SX}MzkExdz3Cb{D`$d;lDsQhoJ-IW^61;PrmypQ@dgm{2Zma;Y79(rY%)!
zT<f!s!GE>*d*ILNF(m>QC2$8FmbNc_jct=%$`vU&TQSLD!=8N+x-#@@F-M>ap?7k*
z2(1||=O=u%(6#R=WMu}+ippqp(Ss^|cRpIWsEkQU+57WNP4f9g9~P;6sThXVwuZge
zTX^b1r@k&EYWCRp*yB@Uzl>rNQkG+C1$vDkhG&yUu)+-o?wJuiE`ID1F)iH1eK)ZP
zruYp~%B8rZE@HIv9e>6bN*(fRJ_=FpGG{M}Xj9bjt58HK^rk^QJ5WaXsL#eT%I5>e
z+_37zCE27*{Ua9RhLM;S5pGKoL&12k!O^&alAKg<Ei)dXpspYR;_0TiK5e?xPl?Qw
z@!^Bq_4kuRWK6-<q9%AF7~THwqZVkK1%9i1lznenc^graZaF|Wn&|o7Z9m}ocqC{{
zE?>8ZCr8BaY0*#jV|$I;+FT4xz&>npfGa5x6vdWP${>%AM?=5UZUrh`3|F6-p<IfN
zEG~>1xo?&z6#`!IO(s^7?DLP^5U)-bPx*|7g!DkmDz?L2%ttA9@^rQ^lggIepZ&!j
z2QKmDKvKi~^zxL>@{zo{UFzOsC0r+)N2~&fLpR7K%9D;&HIq)ab7zeN5~}M7&%R9*
zg~Iki3jI9b36WAH(kG(_A)3)9?`%wkB8e)XQYf91BB0+3#>+!3tnLrCkkW-Z&$87Y
zK{3n+MdHtO6Q*INV9eI@p_C`oP;oGsb1vkVn|iO&%*Qc?(Z@}3;|w}NULve3B*pW`
ziS?h%OESpKWE`mW;OOW#8FjzxKy*9syn4=T6ed!|Y6mYARnJwACRMf~wU&Joy+td@
zg4~Gg;%V40E@z}gX|ES3G26C7c(VVrYL$q!NbHi6bdK5ap70h`aK3{g)^5G;!nQ3<
z+_BEVOXwr=rHmseegTGItnMH;upzq$v(f{<%!ynA%8{>EsY;Cl>pMFk#pp2$Rw~xu
zVG#|c^h9BNSqU;_@j;#0LMZeNngYMDd=ZWPYH5%fou(0D`mhtaNs*X@vJ#!RY$=#S
zvDQGWQvSnC5ijQ_T@9yR-+2-95%R1euhcc=G{lVe?n*KC?9(DcSyZfA)?0+7<pv1k
z&9j(nx=3fokUlH2jv>x5o{J_ld1>-7aM$Iwk^Gx?kr!P8DJwa`mM&Bxalas6ZfSPW
zY0}Q74(G=pAW;}gg>G{eo1ON=g;iwFB6ej=l2G93;u(7dnk(^R-_fP{+DBVPuEBq2
z)mK`3gp92sPc=qOa5gPDNDS>wPc$^S*lAf9O1S%gU!<X0Pkj&lVy#13a5;;7OjZK4
z@5QV+yJ*>2z`)fR6~*GHc?Zo+223g9r+Z`M=2>LOQ{rl4toa=Q%j(&d<tBWM3rZos
zZ^3cod<qT)!%l(?YJ_oj<c;?4%7;(P4+_q%xj8yW1K`b@vMln^MTm)w&1Z3&K6Zh5
z#?L?OUJ+fb3zWX+<@w=AC}k!$=$N5e)U-Oc`N=%k(m#z#PBwo{*e_$|2+52;dMBbw
z4|7^Dh$~@XalC8u2nDWK8va`NBZ?0yJH>Zd3_<t{e*ApJoOwjEy$avvUMY{X_^?La
zQ3XuDgAoFtNAHDjkPJ%N2`Dx}ZY3W*CQ6lLwFP1K+(*9P4BW^%nvyY|NmF*X8qQ;B
zcJ68;<+MtE<gQ!i0AronDM_;vz92c%!Y_MBhCu0_&?%^OnwTXxki)Obfo#%PfH8KY
zOIZ7@{tmy!e2#E70HTZ5SJqukqdET<L}KV;LW$D2G_9r5>}x^1ZLDume+&KYaWXGa
zb4%2`Biyw@-~b+N+#ep;CdlPlkD8#TCxu^n*V)2aqO`E%M(R##%%3dxZ;R}Ry0H<E
zZRO|LF3KYyH{1k;?}J?(gE_x0Ft(&c*P3;n+<&x*GjMy(k}u8ZY|wk<@=#@J1*Paz
zEqS-9#&^<Z6YHyyz~hT$%vo+@27TybHtZB&^6YHsuY1JKIq%3oIer*oA~}Ai-brfQ
z@U{MPLH$hOcA?~DX=n;sC>FfLxRO<=e9_s4o4hnguzXitu=-5R!o+np-e%5Y?fSU=
zb#@a<G%3UieLXdbU0v(fb@5BQfU#HJv5&6=_){=QT<ALlzMigC+~NCr0{0ww4b#Md
zXmvYvMInkbx*QlDCs5eH1GfvBo>SpFX@vtw-$53(26@T$7T`kWS$0v>QT!W9!@~T_
zDvNZoYD}3DTe;uDayd_3*q^&-Z%#7yb-`gMWPV0|6(I2|s(-*eV6*&OsL>UJJ07gA
zc=j7>q+U5DnQE!Otaa&CYDH5JtA@I=ktjxnE{HwDHYNGFKvTSuXUf!!`YZOTBjypj
zGX;ML5pf`t*3`!m%%D@12XqLMjUy8@YBVv&p8bb9wF-$L?T71254)}x#p+UZOWI`A
zxo5E+(^3?=d=y6aCU9kZx<u=N5#ps#A`(RNt-^IOoX<C&6T=EwEeZQ(h_3~j1(2>n
zV&TT!JBttus)3jKJ2ND<O1VE5?HB1{txKN@!?^?>97FWJX+_~1;Y(_yBov!BRV3HR
zDct@($~8JOB)e9D-7FB1t4JGEcI3$!Atyiz+SDz{O9T@dLJIe4zt+Bk<<7;qm1c^X
zCly<cUDQ=H<Pz5XfSrOO8z@XmYEvjPj#Ypn<O;9ls*ys=6FmiP0vbKA!K)*9$yRTn
zuwj#ADl*P!wdPnd!y7dbE-dDcE^7SnO$4!=gOz;GDsg=x@lhCGcBELRF_)B2=wzKT
zmfV%;CzdxU2!pRrx;Dvx=69fum8Y1Swv`ry&DEuWkAcB9d3Sew$qR(W=dWh>NpdHU
zsO+{oUiU2Wd$2mjo|w{hU1T8nffRYSrflhF%buw?r}bv@Ki8}hjT-Z^$vVr#zYi95
zSq}G1yP^cPa!jY1rFoO0$gKzzqAy}~>BBk72ZWz!0@E^W2dHQwZ&LQ;a(G7yp~gth
zOKo>j)H*M)7YeQ8FMsEqQ^Tp_27}Sg5pXP;ZS6$vrB)kJiq*1`^SaXn<)+nqFvfC3
zR%zLt?R3S9l`q6}hc;IkkqA&?^sEXcr*+lKD3{3zaXSxuB56KrFp{um!CR;k&9#bV
zOEm)S9@$S}2uQ*KFW=#NXDtKcQLKVOaNif$ch-wqhAuCStI8qhgl0*d8}CFhf=aV!
zat<#J^+kS6iv1p~J9Wy%k`T(jTUD#eu`oBxJ&2VPb2v2+i+(2w_NV)(337SkBJZ9h
z*c?j|Q}KL7Tj_RlT?sC{G)3*9S0EAfF$A1oU*IGhVg8|6d=4w0mxI|U?>md#tKzL4
zEb~+`5Kl_55-e|0(P921+MRsNg2ff98fJRjNA#nRJ6fTkISoWY(hW{}dCst8*$83F
z25H6}xm?r9`S_$H*k+|;sh%05>JuItz*MpkhNMuAh$mx?mgj4dXc*i7)pU;0l{LZM
zPcoTU6Wg|JpV+o-PcpG>+jb_lZB1<3e9v?5eS4h``@>#m?XK0`)m7E~`{Q|);zxs;
z6k4|-=q^cwTOj0~??>fcNUMa?KM;o~Ir7?~M5=&h*p&qwDBCJ1YaLNO-AE*lG@;D7
z5;KeOO*}`&s0KyjE$x-H+<t{}Y<@GY9~k5<XmY;t?$6SS>WcEoXp4Q0olKd=ji=yA
z@gplhDjB7bEb5$5Rfw{?-+d(y9vr0Vc+w;#z!Zw#^@W9W@UtJ!X}Vu%RSRJ?8Yv7O
ziL^des@rIE5$is-#v+*RQzGCvqOK#zIK*bpG@_`gKB20nd7q-9n3PehK_nw2YFzOH
z=5Q^nPH&{Xl1%&}Q&OA?DFx{Yktp&xm9hNj6Ba0+fP_mnIWa7%fiT8nV*T+{Sp~}^
zz#A5RX=$Lu6PiSta8c{76X^!7<rhorS1aW0h=QLP-&TGJ0jKFbB$x^bZc*Bxhe%Sa
zk6d318-p~$T0qqv|71TdLp%w(C!Hr$VLoFzQBInVWz$?N;<#d9d}KkQQmOT=tfFIC
z`Ubya{6aN_90{PpQtMxnqw4eU(o_5U1;v##4qIyxd(t4<#8Y<f2!4Rntarp8v7dFW
zHYm}I>N}?XxGVY)(9d|^=C-1w;{3=zEPu||4HUez6$-46b>dKkwCk&}g>uDHML-6E
zPijSk$aj!L=1WEtC&FnB4a63d5hv)(OYZ$D4i6jwz4K6Pi6paPg~&}*`a8=lDyU;h
zqY3{0a9gqD;<@;w`>(Wg(&AXuvJXKCcKWUwmBKKMSm#A03~RS&nbMyeOG%z$NE1}X
z-~lD(a9yy;?Ql3B{!>jdlQdbven1gX!L0@)Pk!*HKV;t%ShrND;qJO3W`AD`{$Lvp
zbHV!@ZO*#KtaKyS<WEIENE|w2vrsls+kHj<WEUcojLUX@2;+^Vtt0Mw>yb3?!m{Pn
zI>*l+KsLXW&Oo|Zl<J1iyk=5v2sTIZdnCJ@1KJ(qx3s-;611dVcqtYZ=vH46aVDB4
z-OtwX21VdKc?P;<4=ISz<D>_w_=`eb&QoeV6Nw>ZW_nZ@iN`VKd20F$5t0RSUvfQu
z84!mus;#R14P23D*>Zl=P>@f6)P?SP^g#!DINK$v1u=PWk-hRv;WNL5DhZ2L>ojYp
z1?IvRSuh9k5LziFZG!Ls1tY2CI9CX<B_n3;I(d4T+#Lg3${PtGlLPeh>PZd4ksS8(
z&zTUd`)FW}V4SV;s*}QYahH-VRTLqUumQg~!BT=Ggu<}fn%4;JaIZ@yrYSU(gYJ$R
zoRs19gm&=OKpY!Ydc~J>626G$anYdLBZ#C?!G@@r-e8oXCQ;>$9r&~Jy7^;0z<sLd
z!V$t9`f|dyB*HLeN!-#K17<d$!cl`;9cNMF4^El&^M>Mb4-<vrN2ap0WkQ1TtlHr5
zqswx*F_K|XQTB+K;<Hnf%$y6ZVp_!j6RJ7CQ?7A?n4701YPxMqpf|6QB`y_~te^MS
zWdB8`>)nhs6krB4qBtsScU)R~a{Ys4VuGqX)<Tn*s-tQ@UYJFqh4%4)jDMcAH@-6`
zV53?y!;BzXJQU-Jr$UsCxhsHZ@CUS&4x+cf%@3*I`Cs8^tc!wh1HJXa|029oYq+>X
za5l$>x1!}A>~vNd4Q+h}P?iOIbk9cs2DpzzJ?Fct<;7Gn7y`vCQg50tiYg)J^82$Y
z8T>niDH_7cr;ECFMswJ9!E2YeWK0$iKP@mxXlC%6MALMV5^$?`>CCK8S+vPO0W#2}
zSrmTz@QN$DD2H+K=Tlk;lH$<EF}zf2d&N)WENn9}QwJwJ8c88fQp>D&w&zRMC#*2$
zA`S@IQhj#yV56*UsEMfLYV8`)$~Q^V{hE!ZRpA}MvEJP0&psMbX_^)R_!l+(wjLI2
zZj_nfF88rlfrPNv4p?1Bxl8K|9tQ*Qpcg}m;B=SgK!wap*}~O;#Q3Zk3smx4*s+NH
z-5?MMywZI5IW1<&C>pd4BmWxDcRQ(N*HwoQtJqCveb&`Pgr{}Az4tUK1@m_GKoHr&
zPWNANIb;OiF6BV{ypK(=alM!xhgrNgwu2I?CI$E<Q-yg>+I01pyC`(SC+VTWcnL`L
z5b~=<GnVfZwD`}PZPX(&aLSB+5@hLkGrHO&-&@W(hcv$McuMctLNJ%AdIlQP?ftmp
z+rX~leye7_-0r1oNVh`tkmj2?o@;psY;=KV31yVW*b58Jt@i`b8_y?$><|`oH*{k-
zYp2!I3zj2gY_l(_$!ZR12N$BS5W2`zYoTgb*0I^gGz;Y!5svK)l@MCa3tBfu%W^MD
z{}F8|c{=P4P`8jvaL(4zI5wYvc#<D}^uH8wPQB2m0V}u`3J1==WOE!C{aPo=P%Lnr
z$WcZ4nKNqq%odCjIf))GQ`FR~SMKR@r-Q8IbS^!;f9fpujA5U&z?3Ts;(5^Q*{C4W
z3);4=D|tH8n)vi>lJE_Keia^i$B*Qb`cXui{-Yc^jirh}afU|S0XO04=MWPE9@E9+
zM)z1)gkBVUp-i;vx}7yLPV=?{F+CtIHbIy*@1}DhiiUe?L!6@TmD>d$2)_kH-kCQX
zN8aU9;5<$B+;XZn#!hjh#zEdmCbDZM3Gn~1SgSJcJ2H*<m5Y;mxQ7WnQJ+dt*i4?|
z{W0etilOj4M}Z)U7+Q$e)YK9R_z{!yneWUMB_r?69e!Ag+b8zOYE{IU|2Ufs7?3-6
zo3BfF>kW~BToKT!c&zHUX0KefUV5KLYS>KGDqf`Su-kMzXCzZ>%KD|8ylOKfm#n@0
zkOdzrZ~`$+v%BzhwC-GJ;BHWQKWeDByPVHzLL3?xn?V6zs)L#`EG?j*_^K5%rVdC7
zYMbCP3M#DFlRsn0;(L~r>DHG4Yy2UbZkFDW8_KW}ZtOX->ro2z)aFlX_6<x<Mm&H>
zMF5B#H-c)Ije0m&AzciEg3{ekbj=6p2RKVDS(KUDqa=b$bFO>m>UT7gx4fGF)|(BX
zD9Ud-fnkjJ+9Vdn6tCAYpcO(RNL@qHpZe?wSL`NWihg!|GS(I{7Vy}*<Ruh_hvTqZ
zWMcYd#K*p3MJ{sJkexQ!V6)hRG!M62fHYzXOku*q+vzk{yx*d!36wWaq!xH=E8|;{
zViBlpe)n`Sfc`D2n65sRaX;zioBy#XyC56rC#m4g92kMUWz4LfGrZ#`Li#J~*F9=7
zCljVDqy8cWDU6jj(=asaA8-{FTt-P)VHOt-zWIUdnJ)8+)6Z|Mj<c-a9q&%>ZX(<!
z-|o4pz-zWo8mjNLx}|cu8KyU_Xw-_Z=ggKBlE$Jf(X=BPd4%>Y3`0csbJ&NJL8!X!
zs#kGTF9&Z$MHe<U+Ba+JDn=-%ALW^t(e!!z0A+$lh2&gPbL&AOQ%11{d8gkv?};k9
z2M>O;R^o;<>t8p+>oG+5eP(q<sGFG^ZE&40dmFZ4ZBq;B#Uk;>B4FTzV5Wdvl~D+^
z3f&(g`UsdgK$1|qMsI$$QTF-?frr!Q{*o(B0^#y+5ZdHJla8?{ffBUM0p1sngWH$H
zAQ>xW?(xC}+^tE3LaAnHH}c!0g`$nbh!;sW{1e_MpPt1jp8cP-?rt2yi`cN*#&f+_
z9(mtmkFnxEI<kcK(E5~5TJ^9&c$WatNhhFH!V$Potm4$fO|}(bsA43Sq*tvnY{&%8
z!hKjBstpQLK7*0se^C0)FbCt6(3FEEEn8*WZA!;-$69b$B2*^~b&5<%RfAr_dK?*t
z#}w5JTC5Io<*?es1T@8OcL-cnogoWnm!Oy`B1y|*$(8q8rT(!kc~h!lPzBbu)lC(<
zXeJ|sPKI&Dkmhh1Kh`Pq?_no)zl>}81;RG?1!sfH<Q{@3TeihFVKbFw$QOGO2YPJ8
z4x7C?D&b+CZu2+%<~g{zy3`2%J+(<hO-d9<>s{5I&3VK{FTr4)>P!9eNn(FiazXpg
zI|(Ah{AdaCx(WB*Y;XYbs?M3lrs5cGYcVlIv&A+K8dQ9`qU@zg^Iy8*v}TG_WXuUy
zaTUV=Kmj=CO9RVdx=0i=71Gkx$wPnHdFO*-ZRHH0ZXR5_w6&GO+&FfuOX^dOsiP_3
zy2^7s<M0=Q!>U#ck(pl4sQpau+LYC5l{gQ_Got<4C3v!v0)Pa=zq!$h+J<VKs5GCE
z4--`y)bQMhXjfit&#IZ5U2BLGzeU*b=nIL;=Ojsq_8A>MO+)clb}_dk7EH?q6*?b3
znMn9VY|+ke^O-{zchl)t^YjfAgY4)sGiO5hV85Kzueyo)slgcGUBPTyq+A^iWP=tt
z<7KBo(g;}|yigXrC<+-|hQt(r_f4wyLEf(}<*~=f0C{{<8-fT{vw-PnP7{~~r(hh}
zl(bTtYLbzf!bY!JG)SaNnY~ZU{4-*VwQ4ooklWsUZOCPN5l~z_EaD?`h%Np^fh)Bu
zLrSQ`Q_V6O4kM`OfY<}$dcRYAZ0Wko%W4<Fr_!kQCX~=(^*Dz8iq8%tw~gCK2fI0F
z5sD~}!kF~**x&w#jin8db51E)Lh>M2I<l(fYQq^Gs6-J0B?Sy#I)KyHuj1I#ZY~_G
zNlPk(*3O%b1;2?zVfFZ#^c06xo@BGGc?;f$3H_*RkNHRAFP9*c=6oB=l9psN#l(9*
zS%u7a)&iyiGd1H-qUU8&J_!TS`^6Hr`t0G*uHsBN7?rru&%r@j3>+&~Zk(sQaNQK%
zD47J!fyvw^S(pF|^+F-sMH^-*?Br=mWAT>4hN+9YUsNGFD~mdN3(IZsX|0uf>O?~l
zI!QgPi%F=TNaO;^Hs(hOhok;QUM;bMiN*8N`H~Kdvn;Zm4GJV>sgUI)v3~bsm<;sX
zIdyFM-Mhw`sho!8NXf8kni5!~bON@o0L&sf256>75id*DR%;Al+a1H8R(@=b3QOk=
z=#e%W&m(m2*(iRrTG?c~vr`-jXkRmHFNzV~T86dOmT8#;e6}^QQ{$4bgArUaO|-Uv
zYQ^<7m7|;}MSrS)phg!e+#xHg>B3^;rTmIQg6|a68)hj8L+&x2rRQib#4HX?ldh6R
zOdCE}Wzss)%v2^)C1<ic7qr{5CS<y`Y}Wg-h~P09FH=9HO8<gm85K(FU7?^4*rz&1
z6K03MMv|85RZ3%*+Ne>j<r9(=vjS)*tHnhdsG}%0i`=Tiwy%F8nZ$DTCkrW6s_lE}
zN*OQV(p5|b#3QT1%y7$eq*RGip;MbFMExR=vcqH(iclh(pdp|_GIUB$V4Wi-Njle5
z3LRn`8Ps7lLHE8Z;=9mv73Ux!+%Jn5mH7q9nj@4E;TW8qw;0J&2U{hhPURAaw1av3
z8YQ1a9&O=bKx!?nN3Oc|-Y%DHMyXiN8i7RW&L7YuRp_N*uDISjMLQdn;HK8w$vUfC
zA&fKSKZO)Z$LdnlBhW{bbK{nC5IhR0AYH=h3g~5n%%J0cbtuogHIyC%k5s9WsWsgz
z%t;{4E-qLbqHh~a48$fR7{!rjV<+g{h^V|(%GbDqZ3Q{1!Y#HO)t`I=m1apEb19W&
zZgwA~jYoD=RY9wCEHsI$sRtMpsBB8sTRu}+7EafsDVa{3%Cn|JF69b+kcmLhEtJ{f
zS<om!u}HU54HhXM6-WFqy%LK22p3|G6lP15nZYYtsIE5GN-;rY3p2YA9~(z4|3S#t
zD?u_WOY}<Embth^bXprz(&TM@m#zY-?nR_#pVgeM3WZDbgd7yq!wjqZH=P@J)~y_4
z{JPBn{{R#reqT%usl9lXAykNr+C^;Ws>V|qy@u25>rNF`9dFxpb?z%G*>Pr`Qey`V
z!?okSt1O|#K~XPiLTo-BWjHUv@47#xfVvEO(J!0f9t6R48ZWD7%5lPM;x4m?TO=b3
z;{v}1bx1-EH=VeFl+V<Jndxve-xSp~a5KvyWAku|VrsP|vJ^aB&w{m4fro0LF`~$%
z?P@YJiHci7mNA2Lo9}6}b9>}E`7r6pv6#Wutg)Dco6`n#-H#W$xTq%X=#T~bh>7EI
zY`GZ%hC<#riYVBzSw@YJj4)3lCA@#E&|61V+YbwO{AILEpYlv+SiI7tn3!dgQggq7
zG=w&yTJ2zmSZ*|f1I_~wM{Za>R~9oacRVF)i`7{yt{g+9%#N+ffIUkMO%7Pk6>CFd
z+paq{TI`2bMRJj?APdvwZCr#l%^;1(Q{);WUnPV6!H*K9xwuMER50v@lxjn2ioq=9
zi@n69esDu9YL$TN&}sZ5@aiYu4xWOm0-TZpo80Fr-o{$2&YdZ7tU%Oo&;Z9aM#BhJ
z+0Mg7)Vz=t)3mJ^bAk7%WlQEdC_+%0V%zO8UvX4jB4<B1BPVa#BKF4-d}!IES%$im
z&@S<iQHhFei=svox5*dEdLiB~$mYt@LD_`U__Iqv$lIe-_=ZEj`y35IWxSdwgv`Hn
zCm7-(61cd})s(iZx>+#Ag4W0oJAf4gB=OTERwc|xMN%O=l`-*EOd^%J{J3GI_>_ej
zMK|dP)Xi0{!L~pMlm(OMFlwsw#-ec4vOvlN{RN^yePyzY!+6rij3P`7>J2H;qByeZ
zBqMe}L4@5|$O)^PMS*hhVxBMp<xlt2MX}#U<feNJjgf07Z6bE8?SRS2VoX@l>2;&H
z?}{t~_#?9TnN-cvk2d*4jNkY*AS6m`M`u~pmXNA{JCznHgM_%~RRotD%guS|V#R|q
zw*OJnK^@gx=z47gEHUtY1T{uZsBvK6FK7M3a7|v20(3(TE|~;w4+X%!1PbvphD$@>
zF0}>?IZj%8*R(looGBEPdv~FW;JyYYJW#`Cxp>&y_lpXdfRB+V$P>Gw$U7#gw3_Ce
z85fApv(U5*L<>c?>7r7}_BdrA4N_!wH{`jMgH@?|T>XAQXS%?yV=E=)U!hBcCPZGl
zH6)@1pe+<4IM5Fe)Ox&p{(N@bi&3>U><TVU<XtsKA6ZBEI4m4XP;5z};>Di*HGqgN
zJ8woaNUR-$!?X~a;2&(kBa==Wpve*$k8BD@usjyJCb$BQz_#@W(Ar(yA*?0xG#7L-
zSxTQ}qAWOYTU?gwm%wXSHj{ck5khZfNu_KH)Eex231j6?kcu4SR(94c=U%uc<(6iQ
zAl)q#KNUU_H(tiu_bZDctwt$&kxX#R6XrY5AO-DQAp7FvH<5-J#5at|qqLbq*#v0a
z_S#+i%(n56B<ett-=Z#;3}i+};FO}<C=ymApvGpcz-rdV+pmp4mAg4ufsoeQwM3tm
zK=gDgGOX6y-i%GBiVNMPlzA=5Rw_|htdaJrbaRZO%_vHam}VZVDL(u%viwK&>k?`m
zuN<LR(1|+rSc((0UZ54>2$9!pDt*Bz;VXW(X>R8SRjZo(YmXz>N`bo*s|8nj(GaeB
zhGe*honkP0Kc!d5{tq$aBKvgR2FZ2^t%kCrI4c)xPH5%{3*^=@Tu{X&A_m5LB*Rv@
z^?bWMs`5R;>4Nel(IpAgLTnyB)p!A1xHt0zW-*pIu(c<~e}M9~8aFJ@VaoEILSF7Z
zF6YrGui~^dCrC7ui(w1aWGZ_n8r9jLxLg1yjYmz}j#3>0B4hVE^<m<w&OawxI{zNK
zgN=yAF#n#LQk+&lL_~Dl(vx<w5t^wp9-Fa-!WhoGHVORig4c<dOWme+&hM}$_wsW(
zsdFEpu8WmTMp`mUDp~1|_yp~{4X|mE#r}7Br@Dzv4!3+D+$2L)E#v~8R35!a6F*kO
zopn4>n0p>;N}fz|AP+BRJi}@+D#^A+^*B7=cEyN?R($4i?IAeNQ?pxzPJEkz@4D;P
zwFPDigr<@AA?vXobDWZjBvJY#N}J)>VsiECc;ep8jig4kXK+K}=$&rp47i!HZiAy)
z5H`5CGgkEKkN#yq5-X0kIJN@M{kUQwRxuKle_V~(@6pv=vx?aZZ!{R_OdC9hFR@<$
z<|b<jUmLu8=-?{C6q4WBOc})oE%Z6Kc60e*ZOV!xxRaD_l4Cz{o>R02!?26RtW4Sg
z0Rbu*GD+dt<z7bev(Dy^lZC@z+DElYQJMoqOxR6_iDVoJ)R0+omgdjVI8Uh2oI4(q
zjuLUfY&XaVusk)F9`if^s22Pkox$sxxJDoBJW8`r;$UWn+&gZ+r>I6?B%>^CR#b4v
zNS(dJEGysa0ERQ&mN17Z-NFv43|~Se02j(`E6x+C;p~uMWG#!{q5v^_0Ty0S06&}0
zu6kZyQC_8!$Q&%2pwpyaU@-TGglBwl9qlCF#ZP7Gudz^Z;IVPM5*9AjEzQssmk(ek
zIy%~LdY@+g1&+N|(~-5exiGlwCsU&asx<u}1ELXYirn96%9d3Vw_z+MA!S)Xbqz;5
ze<a{Ntx5gM_P$)wa`S((cwq=nd&8U&W=>du1$?0oQFU`P86%_6d8+7wc9^4l*6_Ph
zb^v;L8)-&cWIP|Ef^?~Hy6L1-I=!_F?MGP2uy-X6`M&5uVT+SOIvlShQeD!3W6*+N
z8Me!WYBO?U+bT+b2pMvPnL>`+{H!B#7Il$TRYG5@)RHOWxjk*Gwh$k6Y^biKsgUK@
zuf|lozb9#lztyuf_|FEn4kcU|baXPhW)aQEICrtb&(VEq1uMjFEy%C2{S7=?c6-AM
zN1rEnjULI#-h(0TFQ!Ui-NOBgY8L6mb2Kkpc_dR}NYe*fnc2mm@urQK<XsQTt!7vn
zWYB56%o$w|ox{dVNtHf-ntPj6X&qmaz37sdfquE=@FZm~trIy`M502L>jt=_|LBj2
z4AzflVi_)3gFA0F^XZ({_cMI!T|(@d!)}+RXBrhp!vqw3%!Q`~0dGK}uW8XW2oY&M
z9zdI+KpU%Nkf!4WVmCWv2V;5QWS!d7Za|GJNonEXM30PQa|+L$L?;DAd2Z2Wq>D0F
zv`5vRkdsa1oz6owSK2g|+eC>4C=Q|!uvw{~G0BHnS+<d-K1`y`MH^k<3bIHsR}_?q
zY~jtZm6}|{B?My)C8!SmDy^Vel~T;kq4v!EcbI+Co0@CgN_ZOIx7)e}LYBctlf&#T
zxVuXMZ@lwmO!N`P5P0FjHr_^KH$M$01F??3aVAc9=wL4$gkZrRi;J85@h6q!vblfv
zk24D|D16-XU?M!aTJJENzf??xKef?uO2mWQo(idCLdpWsQU$;zQ2<MiNs3-^&LCWI
zKrx1ljXqywhAss*jYV<yqs@7f66=&e3Wu#5QoPaHvp^&x2FT$YjI-D1CJ)bd{*hL?
z=kKQUPqPL@l%*hhoGxFR^)DS(gH*Ab9aY;{LRxPRdzpC(ZR+3>Wdt;yqH;zWv#ya=
zNX1$RV?|a}zy{q+1s4Sj`7!ff$%b&VYPRrn-DuP(9I`@6NjuSsnzh3PxpCw6#x(7J
zwU&Nd+@8t+1YdmqS;OOZE{`!f2}a7`B?Eymdoqs^=&13IgZ_gLcAh7rSq^^jfT`DM
zbG^)oUo@pw<0~zw^-=Wb#}5zmIXwoi1&1TF8jc$UOEa0i2e;0#-gfhidDs}<rKPAT
zpLHkffsA(~-I{HvkcUe3I4h7lbsuu^P15asn!+(W4;u2^B+&pt0b^Fs(w1p<vv#C1
z`swV%`K^A^-&ZyPcPi6rHh_|a?O8gP?;B?Urn=v00&%jQsmM7eq;G`?>%#F~0&xq)
z;B88Cj<dbYLqd|<&#y^XYL~_&`?wTeggJ1dDU1R{+@#uMVuIs1EHFP8<ZeNLFyXXr
zvW(~^(V=i`)c6LXyS7X{;zpn0?l6;3Z^WwV>p(h)KaHBT@DDtkMMX5c7Kcv$mn*$a
zO=neDM#%evD#mKC-v{6d@1o(clnL@1n8iY<^_9-r@n3R`E!HzplM#M1CcbBNk~=3B
zE12A_UQ*~|8C30tNz(-;imq2lV2W`SsiBi#b*@mWupe!pzKU=aCDwZ}F;Okzm2&xE
zB@STun%F<aHcD)j@=t_k;4&)MOmZqluUO;wtW`FVG#eX9v%vhgq8LdzQD4|J{nLH6
zp$l4>c$Eln6INCYwwTEn%ZNWG3JU-{raedv`N87Rrka>0K`KmC4SkT&<B3tkW3>8_
z=GJ2SNX%H)1--DkrH9;&N7FT-(e-n4Ye32;Ut=~U9v*>X-3wFt)G%(1ifVjbd)g3K
zAi1d(gyAyWVk4DO!FuZkHT8U}qHfVI?71gO!v$i+GxAi){VMLcWto)8L?zf|S``_j
zLPv#0(R9N0ih^{Lz?O>3NnWSF(-vx3OeS7mrR|ckp{%cD{v*iGt*zzfq{p<>;lsq1
z8x=K{5JqZliQl71LmDvQnnf3kdd3T22@u-nl~IqOT?(AR@fCm(sI|Xq4Is}(j1{vi
z9z2C-l*wd&llp!vL1#6ARLIRc;To^$T9F>sH&rU8;i(-#-lw=SX!0H3utlx_W#cl8
z+gEUxx~x=9hhXfNvql-n{$PosG#3e;hWptjvpcOecw$DI#_h7s9$CkY<>NU7m;(~#
z7-<Ue?2t-Uq5T^J>EoZVn`GwAOMZmpTiT?azD4SN#K-SyErxmbfSF%rn;;Q!1^ESU
zQ{ETE0jt7SEPzX$<~t>Rn_JZ!l7YfbNcwFP>3CX(#7RoAvi=NDf-D=lM(PjThSSwi
z%1;B+_c;IR)H2FZfPQ=vBS#0trwLXDvFfZygK*!&`F=w`>XfmA#XokAz4Z)!3j})>
zNySNeB`HHQCQEA*UrA(d()4yUGv2$h__fz6Uq({^mtkZk;4JLO&TH6>vcwYv_Bcfi
zz|60yBJTu9jmG9uV9sd^gidE+7oVb2q9QzGOr87XVh^jq85%|=tpg(r{tj5f9)a^+
zIxRdcG!W{xOS$eD0FRdi^Xj)Cy3{Qb?j;#sq|9lM&#Tn_hiK_Z&n0(vWMU@H6r_Zm
zsQVR#Dl&ipm0xX<p)HktB<b4ZOKI7XhQY=h``<zR1k##AlZam~6C&u@aYYg_)S^d%
z()5Pr_Dc(t4`SLUest~r3sPIYv7Wz}>D|@Gg^-pri}QFZf4g<5RjWg$MPl9VCP!F_
zD}{;KipR&QnePqv$s}d;Q^F%FV^lC-Mv4_%vZKx2-HULnj^AL*zl9T9rW0=^5M#Uk
zpga>5la3qIu_}<vz$6uOkp%3Dqb61$_2?`_bAe+0Dm+T^s4>MaC>!D|t6^7`vP<O@
zNzp`WcJX31At84wQ4XxZNhF2|4kuI|--hlrqAxk2?D0=A#~52XAt=LkZvW7So^Aw{
z|FfFb?>xg%dmOi-GIn{#3a;&Ji^pYn5>jOKwa86md%wE)`?M<YntR9a+`5o>+ZNp+
z|CCLsC&goF6tSy7`2rx#=Zrxx_xB|1ReFV1)6;u9fo)Sd_5p*gmX;Hj?lGb(W_w8c
z>eo0Gj~zf*v72FL%XE-M56w*xEm-_MFNgdfF;+C$^v=MW`-J`e+C?NiTM@!B56>8m
z`to7!g4X<Bi*0)<?f*6e+14eir84yYZK0&J+5!{1nd(zA;*%2FbhJ5#JNNbCY>XUh
zo`LRKb><O6L|_xkGfu5nTNGrUZ85<^jW{1(ifFH2_@irD`Ap=O`%(Y@E%ZeHAyHz+
z+fw+uRbqk%7Dw2~K*Ty0XzjIi@cfggq2LP8iE;E$c3N$189~etgIT3=a7!6^90#FU
z8+Ibt-~c8~4P2EQ^`9Zt$;rBd$tlUz@U*JhxOX1w<|dKf!o3yPG@DYzcW?@9ep*fR
z?@M_@3&G*EHe73aJ@mjoZ311UMUN!ElL0+{G2f}_81gkY2(A`*pGIHYkTJ3oT?l7{
zMn?~Y`0rJJth01YRd+Bpt(F##48rUCG!Su5a~-?5Oo>@?mcRW@Eki^<CzgR$n$dc>
z8@KvmSWdbQrEV=p1Vcdi5~1uyQ0`tilI|e)j<hv&gz9f-4hEVAJ#A-n8R2`s;oQUI
zT=dJ`nD(2GdN-4qr5_^mcyxKI1QRy$+gqchrLN9nxj>VeRQC@yYl1}{wyOKE;S}J9
z08}U8PLI#S!Mhb_LKR!2fzo3Co&doUh7P(dYv$C}mL7^HgnwY23Uzu|@Q_S>cM3mi
z#-HDH&E?Bhp4F_fiFv1J1N<CU_X&+h55%;<pnZehbU*BSL;LGD+;>+Jc;2UKvsFq9
z9Rf7)BP@(zTE6spzVC@@lR42C;OB$BQFsr1-3t0O-c~5yjz9l#eske(SMQC&s-=y8
ztK{CO?f;ZW`JRF8kaa|H+_B+f=JkG-_kFw1{j`}_rb{d6==dF@QNNd@EYJ7(z>;%S
zx-sYU+11J)PbyE2CF%7q;k;Un1`13z8`Q4-wB$ePk``(~B5JVsvz1Dg+qxye=ZS=2
zI#xoqfIaWiP#IFXM@Zg#*&dUxCt+76R>;}3fbIPiW^8Cbw-?4+er^a|588{P5)_S{
z%2UB2o?O@Ny&1tDz3qmz9D#{@7(j8H+JV6S__yyk`noM)3ST%oo_9I6cfD4P9s3;L
zT*ro|vi&}MSK`Q2{~nd$+Im4W)#_VUEP9Z;(13}4avRv|l5(K>hk<vkN;M4By8ykW
zK}2TQ50i5sfb9P5ytXz*jjtDD*I3$iC<5);>-qP8GVl9uta+uSkV;ev`Ewhq=`eVh
z1O&Az)D<%z82a8!CVF{NQ6A<=mg)W3bA~g8K!NSp{7JaNztvB}?irGh$UQ0=uWx(d
zD*}nNWjIyE1fHxfK53MI##p`TQ?`8YAxaqG5qMpW3uuXsfw>(1QuCPmy}JMmb@WN8
zqvw+Q#|GtMbjd$Q7SK<j)ibNpfrb-&@1*-;6orbwY^X(gYw%Fh|L<uwBIH^-)<Tzq
zTZWr>&mZyKjeivdi3mygWNgL{oIX4A!6mKXX-wKAB<NuRZ*#hYM>$tHKnxD<?~Qut
z6xz*B&jpg$s(%ew=NC;Hv^p+xL$yAe=eguxCs$WT;GK{XM~XjnS){Ag&d<)2Cg2=^
zj5r~^Kd*-sGGHm2KzJF2;zXysH=l-gYrPxcMz`tvZ~Bk{AW{y+c-=SZv&ZL;@jUg^
zIsex{@D>|+H>3ia$pN@f+sHMKUNj3t+1rmy>DXv7N_3k`GP+~~Yx4K%#aO;CoTJu%
zmCqi{O2t|=DzWsb%SqDaXmUCSRic3&K#@FOy5q?#s!M%OS;$gerQx~n%HxZ~sMzjQ
z4At1~*=}Gipy&UaCt~~kWBZoW^3b@UHXO#>cmHBux?4M2bm?K&C<cZWvFnskc|&wE
zt-7}R?F>k@gIDpn8)ImFJ3|Bl>sCpjmaDa&IdWego-Y6G+zfMczY=RE;Jf&_GksGp
z8WDp<ABn5>F7J4>PeWnoc@Q0ByKj}x;cD?a3}cxK>OU0cTD!>GcrO7QUQXqGt@hqy
z{e3gC)j6OKUnM4WJ#;S6UDBoh=H*M-^(pR^R);7<>%E91+KOY^wGwy~Jt!RHv7-LF
z)9M7hYVKX8%k^4_^r3y(Ty#&oa#~f6@wU&rwm+w5`?a;^(?@*`&Ttq_fSV6R>C9}{
z@qSBrmC<3$x?kV;^eWc7_b+s}Zr^u`3AmhF4m322;V9QV>VHhLfYUmG5r_bQl5>uy
z7xu9-LQ82)1b^=POsr|)>$?XdUg_*TC;pS}hV}Ji`DM7;ezksn)%C1?==A!A!{6+5
z7*D>t14`Ct4@McGqh8DcUAA)W_3drex)T6P=-eXi-&UZS?Rk_wo3e2S+k71k|NV}*
zbJLjnIXU=DfcUkoxj%&(seyv=Fs)hl;b}g_V^fY1%L9Ogclwxx_NilAsac<9E$T<=
z=X9I=OL`7>yY^UYAMI!Bh&LOt-^#_0{8PsywOzTYx^LMr;LvIBwdR^fw|`csjt;72
zn!edAxqm^5M*e<UOG8t`0=<wGE?Y8n{%(PeFJ-=bWm)}Wp`>=}nH04P$#I4kJr(9_
zvnLP%+(;A|cahm?{XYMB(?@=%F1xo<Ui;5x=8TCZI=V8@P5h7fazB^Ru#cFvPz_B7
zUtI}aUpg2nvtDZr&V7{FvIu<6gPQGQu<F=SN(rm+c-*pF<^dd=E{R)*DW0x(8{F*d
zZbOImIM~=aU2kRbzDM>^kA$ED`P+i$lbJMrMSlzZ#EIr!e4_7N{9+2XfNPbs^d+q(
z?J3uB7JS>ovVO$7Ufox$d=M{E%hQU!_8dJWJjU7T8odRT73VETId&YmBDKh0y2}&)
zy2m4{o9@T0nhXK<&fgXT!$-YgC`q0}<kGKK106JxG{F(M<n{UwT?P77%k2@(!gb9W
ztK6liQ*^;Yc~25sKS!qd@|oBFIcewPoYhw8j@-Zaac0_4|ARczdzD^PW&R5{??Kjc
zPF1yC!3%#-Rpp|`^JX!+<%$>){QSd@!p^fX#mtcD=f!n3UCGZI=D-d5D9Zc+Fa)_m
zC>V<7@^b9PHz9Dfl)N)SD1P8ddaN%=^HT;)tsaO)G_@FfdyEzMxEUDcR^A!k*^6Z8
zJ}HQ#@4OMNI|6F3_qbiIzq5R(frv#vL$lkilR7tm*1A8f&svH|hZSH7{R)RDk62_;
zMU&*~{Zu@~cE-lZdh;r6o3rFUQu*6DB`fEgiNbHGwq)X1m6LBCY1u3jhCe%?_PjJt
z5qg%nQnTsy{iaoY@<bo=hR*5ZBR5l!Xa2{!7e|*TgSVBYW(5`$VaX~XhQgB1Re@@_
zY)+=~Usm+CgFU`&jOd><56&<y3ogUT0@q8}A+-R%TW~BAzfzi5`-epI5Oq3*&LH=r
zrPAYFNTkl9@VH}UQ%wySXyArrL3nx`?)SdUn+#wHNo!H44+wWA83h8Cfw~K#bXZUQ
zN;AHFusW&F(!QUSKJ*-=;s5M=@D3?wX%t9`grjf#RXW6hyi>Abcv65NOAtD9cs>uB
z<+O?_AsSiQ=;SP}d#4t<R{4t4UdgT{3b&?af!v~@e<>#cNO$wtzo(s+GljI2w+|(G
zowP%A>Nvf69Q41;BUH~zq5WlBlrN5ZYRVF;8IR=g3l>F7IYpK6%NT4aLw}N5>)XDk
z+|xnv!Ct+j3^0ZM5*ou%Eidd?HWLc^>n3kVM1_>X2UDc{HxT}(n~QA;>?%`&WPmuB
z+^l>GYElF!M=p!re(bx}{g?%dn6ByXU}3}8yTddr_vdT&l60`(3$$ziH&tc-v^fA<
zRTn0cs3|Bb|2c>o^SW!73NHs+=tprKp_2XR?;XDsK+beoyX{y3ZX5!!00?iBr-MnS
znB9|fy*5bS8_{)xsGI^!;zFvM?@QExzVq9C&O&pYuS8**sL4p{bY(;<R_IjST2zMN
z{2rNHnLV6@F&3&>IUie66sSV;mCj$Tghhy78@G4>TSENn(8<7m2g+ui^kg>5DZxWY
zbvCw4bWj|L$zyB%eMMH3Qj@|%<FkTtOUQ7l&QClZy#Z)<bpuattLu8yT6GRY*etA^
z7JDqg)1$&2A?_5Q$^u1R!WE|S=2SKzv&czlikysqxw{ekFIi{cgdDgTcpebS<ZwQz
zQOyx|g+e~O%ZSiOYPtW(aoJE5(oZ;X`=hs4lI}JFYPL<lB(5tZbkp0b{k8FU^3Ub1
z?n<Z4+IDW6cQOw8JSMC@g`K1Yd9_*P8k}}@YcNqHF>aB!uE(E!Z7sN4m7r)TMVsU5
zYt|}zd3%rf*G0AGVcRWpL(g|K^{&fHg3b>-b^Y6EL@vcZe(2OiC>2Igbo2#3Q|m}e
zP}I2UQh0NTPQ=MP#s3B~qZ9xVQaY7B*c(WfW?P4zuK#VYfFhq~3yXg73Aw!x>f*p~
z0UNo#B!Ndrp{b&7I{aVPiJn#BBF@}=Ug)%IJ-GT)CiGigZIA8VB2)Qqj~RqkZ&Q6M
z$kO)Az)kG$o1m2?8nw5_7c`W;ss{xK3#^uSt4c+Xa^aXquzQi+E@x)={^$WA0EJGO
zmbn;JS!fc|l4oi^>?ftq?KU0~n&MEg$6hX48FpvdVRFvfsJ^=(vCHX}<5Mc0!l$*j
z%W$nt8PXk~!3yWV9Y6pg{W-_XmjCM&hMI0>%+Y#0<xaI3sC<t%#%&p{-@XXkK5u-V
zHXQ$4XJbsi-3~Qge-*CXyk1%#Z-2M{MAT`&$>+dpxuT22_c`Ai`S!jY{!6#%Jv2{u
z&FTH#kz%O``Ew$bA=LXIUV^n9l3b?2*w|S6uia2pyTu-2gE`1#byhzMxtaxPd7G{d
z94j}K>VI=0i?5tJR4qRa<{6)DXbK9YTx)q&ff0(9Jp;+~L_=?4j|Wth0$O7Mm4jr_
zicO*UNsK2r-+@3sl+*`<c85K)@dIp)8_zYX0<p!-N)B#Z1}KA=6ZIHhZER@W)76qf
zJZBUw3p!i9H3gAZX*3TGDqe_!3nA=@E#+6=P?z>!cqRkO@b<PdrjNsUO4A|VY5EMU
zzwWw$;f{NcD3AXbd|Ao=_cE;KU;D){-Hql;`4p_(D(kmbi029))AM>Xlrw)@{WS^>
zl9`WpAiAr<O@w+UnA82y6c8_Jzc?Qrj#6?TNZ_qcG1fTEJCSAvlac`1Xp3MxURPSr
z0<#J1mxW?TI*VVK)B3U&cIr0npO>o>5`pO2S1jQ>bpd$+uh{!~ebVc%2yWoWfiTrS
zJk3f@E~SWb8L75^?Z@QBoA@U!xCF_G06YTmnU8dMp|%(NXtjvx9B^mPflw*0Lb;)i
zr@4Z8ayOfB=D~>+vM-0KiZk$Uq=naax%`;!ZGX$djZx_VTO-okWU3b-j2q2`)D*C(
zN1w^sSHy2bhai9G>O*}A0@=6MgZMx8VzM`NHUd??f$(sv<>|SGCrEESp^eZg6WQe!
zTR=dT11b)n$Z>*>L-ODF`*gDOs{FNFD9N<%#%j)WdpnJ!5D@I%HW+ylAMWjr5<hof
zG@U}#5~dJ2=7kqrY42>ST=Yf$@T^?R_+bOl;Eu!+6G#asqJY=~Z5D<kcvzjHg(Mc4
z%{d(&O*hE>4x)fCsgOrWc41Hzan(`t-iz{CjjqW;|JH+rqq%~6@iex~R_DrkC0?)Z
z7IDv4_vjd%Sm@uxxc4rr|EGTF-|jk}@>|kqM<FlWrj%L}z3!IxkN$??^FY?OkJ6gA
z4fyMh(-8OXfyZm%_}-%0cG>^iS`9VTQK%;NuvCNu#ZKFD6IiMw2g)t^ea*LP&|a<9
z?*ru&u<_Zg%W<`c%7DA{KXq$1)0rIKm-fD)MYu?eFjAo)E|PJmBjPS>ZfBzf5n6Y`
zD(P5Fy;=D@<y!f!#pmB7*jo+e4(uDHrzNfFptym^NC`z+)_e~pr#v`_-@|W*`rCCd
zpfLRc0^JvtvDJ$=GqDUkKKH+HDi6I|lMZAoS^CF9-@Qv@^2CY_H}5-F=?rW?mpV9Z
zG&X^{H+1^<Z)6m-&c}F1)8{}o_3iItbn4?2{jaYpdH!uKI(l+PvWVXWMNk<d-jq61
zc|RUd3xg`0bC&fLMF>0|J0QLfHlajnJrOTDwwy1op7s8IcKLoDB<Geiy6CV-)%<8T
zseift@lMYY$zI}-x)%QTVi>NGp(14Caf{?g-(K$rm~Z-6`GE>NliTB#`frxs_ZGgs
z-$3O4xRB@M@98Wq4U=5gWzE;`5nLRc_pRsd-}e~y5PTlp?w8Fg*-qnB87_pJ&l}Fg
zks<iKNvS$cV->2Ei)H+NawAs$Sr5{US65fB_s5x|U;A0k)BYdh>fP&_Vx@N(D<9$1
z5deg^_0DGN72#YgFZ|zZ9Gz-_p1+o_(Vw+{NHsU3bWycgY0SYCyIOydTW9l~3)pcU
zEvq)V_Z3)t#isYv9<^+*=zmXb?i>}3`uLN%I<CAKJfl-kl5m&q<$MPeuju_TyY9Vd
zy^eX`s_{6UHaXTY|H3u@v&N7b5OF;WWnvKn)4soVCbAyfmFbi(3zlmIXuOlvNAXpt
zeSKQDgbOT{ZP>?ko6z?!k{xtR(RpXDUHzF8Lf_^g{n2NyUs?`a%6tEBgAZJ<$YOb6
z<zZEixlx0@o~yIm@p3ytSc0gtRp3oOL@G6x@zX%H11o@p?0KMAgYZaFMYBO)m)GMN
z8jV_Sx97c?{@3rLJ+a9Dq<oa+_*C!kDD{BYS!!r1L9wv@Ez3#QDX_z@_iOdfyq$~2
znUIgWRD1u$2tS=rr!g|`Gi{s_bbuvI#P;Wvd)*|QiM6I)?26X)>P!1Id~WrO8Aiqt
zzc+>8QW715LqTTFdpRt^H`^0zO4?0TcEeUu>-Q=zrrt~Q7knTU0tnf~-cCz@%t&(e
zSXlXe!Z9aD=k8ux7eHTr?}e}0Dh+ibe|>aMY~t&3q=)C-QyOQ;X{WvWxTv$7p;t}C
z(3<g8#ina-zV?9Ema~<A@w@bTMa5t@wRY{cdnPSxANMQ#?+e-20{fvQh;hRck1hA#
zx>byeY==loL#v9ApZsZFqS&U$sv=w(Cq-7YO7_6qQKCFQmKUlRkgneW)G}bVS@pyA
zzn|v0PSLjK(@=qTKm|7;${*N(5=&ex6GX<`6h%N*2u7di*b2~552lk&fIt4&EIjr-
zu7~Z8ym<-U*7lvVg~Fll_PKA%-EPc&kG_!Ow8F)^9<JcF5WO08uy!%$oy~<q@CfAj
z%-8L^u>*HE8LSPxu@RlNm<TLz4+K?SkE-*w+fAOK!{9^c-a?j-XcVd&&j49}-k0b~
ztm)o=^!=Xb`Fgtk{#@y}`u?2dxL$kp?SAT=SO0U?44h~7xn<(e%L_FlD=BmOEaL;a
zMOKQXVDzF2Kw|3CQm#TKtI!ta&&>7_^-c1rej};X=Kq4ps_I;zQ<M{0%DbCGtjhU)
zDW2ZTrF{ulifcwB7;1Rx{Zm~{q4+59wJ%Vk(}v8AzTm#)d5j{@3(9<Qdg}knde*0t
z-}GqKmCj7V1#%Qk(6z`-91W58#_xcibJn;1afsn=j?1SVW?1g^h{M4aKB44!tL_7b
zA(S^x4R|#GGnoi3mW}@ROM@?g&o8T}k@p2FJQ%+#8h;^wU!|-e?Pb7S+rGek2FVqb
zCwa5mFgu-t8Kyn?_1E9N+S)_)p7Dj?YDACfxj~w<o`qg7f~hE_ZvN`OI#HSXn}6&p
zGbX8HbZ#01JoeivQ|M0bc}GUhaAlL{&Vw8tRf4+ST#x1{BpXM5_P67(#TDU!-}zpE
zdgNe$gQ6DoONf^@KRwL=41qJVuLc-71VcY`LaK`R$4+jkJV`Az@F~E-!yl?_E-kt4
zM{`iC{s3;5B<9&xbnfe8eJ(zM2}&TWy#nY&K-&E)L7y}TKZ%KC=Ru>XWsU;D>F)o-
z6EEX^^0-~BwmFwd8LZUkK5tZiXVN@|;=2y#Y_Rm!AOIbOe@9Bsw6HuAAq=f;VfRm{
z(~C7Iz)F8>0|*iAROHLReh3c7ue!SBA=3$-S;(q(=`Hgwhb>KsyOpJrU-VE~_bI}P
z^hHc?n{O6KE#u+p_RH2ntVr<7Fe0TnE~}w>?ne=1urPLej-^AZt{Gx|&1{};RLjfE
zahLzr6$FR%$~!b@y@u$6<bK}x5csJ3dXh%F&;75{1R7;M&B(Uv%=sU)-4?9sNVxL%
zjiOKP4nxJW*wPDYjphJw2tBMU=YC$8_W;S&f}pDZA;1MrixL;VqCnXStR8|lw;=CG
zUqp;l2!3BMP5n`Dcsnh%eudE>R4k{a=0OuPrzXAG2}G=5{^4Mo&05cni(lPy`|RuA
z%!Ua58i9SN3`%0IV5jE28`RTfa>x*&hx}%E_CQv8eQ4|Q9=W-6!Y6?H*4J)Ev-@wV
zb53^1-?j|Z3wuaUNB%QmKh>(x81|Uf;z__^jf}x(B)8kcjZ-dSIG53hJ3cMAA{X2D
z>-68(C&&5Rp*Lt(?RPS?i$;UQJnr!YMz+U(=*#vR9c@VnFyvq_F*q;e|67f9=YP|s
z#Ab4z!DetyRfhfM-}nfWXz>C{hkTkVvN?Rc9&ZB`a>(cVyaj9AvHgL#?<Wd@*YI#$
zI33T!<hR;#Ma39i?q)nCM<50KW1{CHGW<dS#u(A7I-WAD-^<~8wc+cizn3X1Xi<(V
z7Hn2NtIN=nVfz;0%qd{#b^}9Lz#)nwQQyu=@Au5APv*IX;qU6X{$4eEZ}SU}KkE*G
z1vp7rw^QalJEJRIA3x3U`FbcMX?B)4%SQeTPuhCrpk{-~U*UJ(R4~LYj&{FKEc9Mn
z&2xNT1;Qd~=PANQQW^YTuDgOKwEIp_wRKIQ`NSKN6P44i+T15=#!V=66xB{uz{zem
z-#x8kIg!z)1>y>*5S2`$KAp}oGDt_u9K~kj@U;Eqb+J|L$R{Ih$p;8+*RFm&bP*zZ
z9mLUZ8UDAmz(M0Q9}v0|6izeY$lSQ`M$Vj)gRcF9@FLddw5H?FCz1>9nSljmYt-d|
zjqKe4+MWU-XjO&4%d$X&iY=4u|CK2IXw~c6*cvkVw017wwRK;={=p{lh>5ibqL~EG
zqSoK=a7e@`ylHcQjTAw9qGExCjWnlw!Sl)(w!|jW;lY5ZxxS^)&WMOsYBsfu6d?d+
z5NK(0nk8SYAt-hQJPwK5H5_;+Jv-5+-htqzC1hGtZQOZa1a4?}dl8J|fuFKqM|ggr
zhC8%&E}c}=*1|psEci(NPa;&qjCAHDGg+Z<<PlgHTL4jD115=I>DRbr_JA;YD&@o?
zJ_vD;-x3>p3L)8KbnCq~s<kV!2kFAqYAhMSLw%uN8D0zu!!30$wZI}9x-BZq&$`E(
z8wX4|kG9(d@Wp`kj4ARnHged=QY@)?+Z;8z4h*~074%Tr3x-x&@*k19j3+FDtAwXY
z<%>&8rhDk<kOZ%(i&*3+%|hm+-+-pzq5L2JTg1}ybB9MXcbU8-UDz_@`nMMsU}_Ef
mUyBsMd;0zVA8}&tzd?^G*Pqi_2z)?*4Im~bS|e-_@c#h9|K)f9

literal 112528
zcmYJa1yozh_clzSNO5;}*Wgy%9f}2aC%98Q6f5qf#l5%}cP&oPLXZ|HkWgIuaqs>8
zzjv*3R@Rv_Gh1ix=j_bHYilZDp_8K{ARu6=D9h_2ARwl^-0Ns4FD=@OozgEque^1Y
zWD)9TDSy2@ympY$kU>CbOu=}xLVkIE<Ed=yjetPR^w0fDMVIjc0pV|%ioA?|fca@5
z>U&0oZ-2wL2!zkgXU9^#XXzo*IP!@SNGQ1ayhoJUuwPKJ{%9?QP+D3PLT&y^F!+7t
zKIYg#NWMLbkJjJt9Sei2Khv{kzp0cu@^>6=go(Pkx+=Q5jyDXpB+Z?-dFbhj=y~W<
zI8(I@u+!%hd9}}jJ}K$!@2PiS8y`~qB~3J`h+svp`zi{pOR6(;LoDh`84H&>*ITa9
z{fR373;&?v=6j8n=qI=yIJQPUhPTwKmGh*{|A1}rP)AGwz^~lmXP4W<s}^HbY=;rY
zR(o4uktI7@O&*|+CF(JYMBHQ{MD6unMpU5(VKo29j`C0>rH|%;wdohG2Qc}_uD3(k
z1^%NBoRHLU6+yB**hHypKI$>qD4R*hU#-oqtOhX@r77zBdj6o#T}K<9k1h68$f7NJ
zwCKrJ`q@7R?xyE7GKpAsjx*8}7TaW=SAFo2>$7wGC7Y>Dc>j*%euxgrt8gCIyuMh{
z$EM&%Uxrhf=aCVA`BF9#0*AgDL6Ot=#f|_1)C%J3<E&Mlnj7d&%<pR`?<55gYvZ?J
ze!bZ>VsUjKiJM6}P7l#DyXyd&j#8GNbbw)A_af(q^+2)>Wxirrw&E|c%0sR?<447U
z)lDj9d%ul@(M6I3>c1M)zqdB%pd7PHfgWS}${j~?SyTyl@irtbZipdgGbHVth3CzM
z@9V_t5|(-Opr328D+sjZD{P!g#5MgkAdgoZ*ScHU-kv>DQ!e{n67i~DdW4-Qu4Bc3
zJ!7{E(D9SZ<m!S!{s1xX7eFBjNbOW0abVJE+(8_laE_mD#Qh9jwGlp8SU;FWuBwbe
z+?Ki%J^mz~et6c2I<sZN?W_Llvu@VhPJ{fiYbJj#W?7?FkGu5w1Dq}eMTs3CA)&4Z
zFVsJ?kf}KjFNn?lTJC5Wt@Q=ZxPp)<Ac_e7VY5wN4JL{_+#0rXR$|KhP~=0FatRvV
zp_{SGP#$7ozB3;mvA-rds-vX&I!v)Egzd(^`l{%%`rf!WgvX9~reb^Be3pY}jCW*b
zY_4tUo~~j9_9pV}pmE=1oG=rNtp&q8xqa?|^Wl9EVjn0ytQ`m(hFSDb=f7b{!WeQH
zJnSAk_~YKGg4;d1I6V^1bqbdy?H&Eo)I*2O9kQ40Im6Svzc-T5vVyaEKo>@lok&8`
zI}gG)B{_O*qfCQ&9uMN{V6bFI*uz!?k3^G`eDh;$q}xr6R*m^BjIo8^n8<Y30}?k!
zFUVB!ZiHXkNQdY7Et9S*)eq=q&nN4D_n2f>&9Ix&fW&*H`xmS4Tm!S)p?bL|9?5eq
zlX~F$_!*G5;;VDE_S6MzuZKgRt^K-v_t(d*(oGO|S5uaPXX;A1jj*f(SArSkkdrz*
zk0ZVS))(TN^S;A2`bw?gFr{55`)h!6SboaH4wwH9gO%@C8ddiv7z1@!JLTB;?LoKq
zTHyxUb4{!QH@iE_u2(P_ib5M6NH1*XWKQw&5Sz8>{UL!FNj4&;nhOf~kc!Y}j2Ntn
zfoyV$RgiGZWmeQ2^<&xhS4xMb)+1nw-S>a})&g0aPxiS$z$$!CNn4qi`&sv7aZ*Bw
zVdYfup^pmmgA7Bj3?>VbFQJJ6cC#rQ4D4lSG*vl2OEn;5pfRQd9}(UjGxsh?E2`>3
zzRw|om&4F*9%R-$t5K!X^InW(XDJ%Fy}nkjjCQDy0B$95_G7UJ2N&mOi058xri`kF
zdr9c^#;1`6ExE8%@d9-JYBvDDs2qP7!Sq9W+Te&Hr{%4<43cHG)gx6Z3uYMKU2?ta
z53ih?nT}R|T*Ji6R?y=>*d<j#u2<wvn9{Jf(O#Xjrbl0&+9Ih3JOV^&mkSoaQjz<F
z<qprGEd<Q^72Q&Jh0yNNO$GxT;zV0cdc_yD*R;&^f}9vR7tt_k_LTeg3iH47R|qf5
z4%1hE9i!@uOTYj`<Hm6kmVBh}1rdZvA?(E^w78D8K6sqqZknuRc^7kA|J9&8*UCdC
zH_ZROe5syXuAZ+ba5PieMqNAAnlo1d%!^?j=8eOU1Nz4%Jbvp4Gcby7;H5U|j$Gjm
zi!FZkEdY<$#>~mNgBN6S=fq8UPNuWirU$}s#2GRZrwEHRu8FP^+UM*zADsAPKWNz!
zC*S=_cbetiSe*WCBy#Peor{eBwI6bEV?%O96Zj`Pl%24;#ho!Nfu(>3@>xC#qp0{x
z1+h-Kb}^>EqgC1PSjI*acn)t#XPc??C4+h04dHn2C|&CuH^mHDC!*PvBE<*L#U%dr
zmz7wJ2Y4{hZ+mdJ1LD-!%(HK#HHQL13h0TG-4@$Q+Ulh~@Kc4{-qs#yw%65ZOja4~
zYra28CuqS<KC`CYK%maD`ukgIQlZi}iRNU`W8uqehZu_Cx(I}Yz+)DRbQaUkOk$6G
zff4FlKQYB=6K-u>ApD@cJ>fg^O!oJuNd8K$sqn7w5h(otoXrbt-{gvt?);P>?3BI}
z{>Lld;nX9ITl4%;d4qKI2MNj8L~c#+8@1?z4mD~&n(w<}-VZDtm)P82r`#fsV1e(w
zO@lBCT#e1^lFT^hJEdeDJ?DlkQhCDoISrb~>hmdS?7>0A+P<S<OOh_(c|r~}AH)uI
z`6OdlS2e<V^AV-urb0jzo>bVk64>mnx)sKWd)9>;QchE_LW=2vBG38l{AayExS3Ts
zO+U>eh|JSOZ_bqx?mdO)P`ARu2+Zd0>?K`T>b4JeB_|oH-<UHoAx+M`Y#s^AXVyHQ
z9%WL8M|ZZVwGEL}g%s56qGh{9u$R%XXQDvn22*2fhe^)a`fhBAQ-s1<$ng+>Z(eUZ
za)pJ+iLGwCfw3x}JdBBrb<Chf7>V#+Y7J{7WgIhc{TOmGp0bba##s+ntAE99xA&Og
zXeC4a&p<rkf;%A~#KtEInZcj^m4CERAFuuw>o*L{!1=PxKrRsERxY|!-@Ka#9A!an
zLpr%k32^#sRWNISx!6FLNI(h_l7y#CS_9Mjd{ar_t%0N@cm1+w`}5kgQhV6ACj(QR
zmu=tF<BQ?Ab}V*|MWMH)2OYFOJ}eDPMG+d36VEYldKCohBcbjZ5xttY`%$e0+@?Q@
zKj%SAYd2#d-JO*BEHT|1KQ%=@GyynO3CYe|F1!V+mE-k6-ci!<e4W!GPm1+Pqaj!E
zvy;v%<*S!;Ppi<dIBI&k$I(u<F<n}Cy&bO`@&*6kwp!#sCxYi4dJI1nR_1N#a6Gz>
zT~lmA7u{eg#ki3K$|kMpuF(ishm)L+UZaGqu$w4(4TmzkIc3yi@Kn`oFf8xfQ7l-~
zW@wo(T)5XV@}gf1mu9g&S97uAsB+S}WWO;7Zft4SOh3qbY{dC`Y3@jM*<=`NZrveE
z*A7NMI|NR1{z5Cup={70)rhwL!De=rd7SU?s-cgp-m*s$t_Bq9P0XvfB~^(U^VOXt
zffy#sL3Ixb^8hjBu6^$hr#E7|?EUZ#?rINw9|751s}HW^&D?D4@ZRjW>K6OqimOMe
z$S?1Mnw^d<?q6eZ0Tq`GkmThQCii;m2i}pB$tw16p}8_pDliJ=JYdg`pp`5cS4oSY
z5SM~}kpevfNFxrt{9t5>`^_{PvhAjOS1_}Nzwpr1*{KH4Q|9B7lI>nmN>>J+4NXW$
zcWDGGx3@T|^ehPM&W-rSp+Tct3+(Uv=7Fpms8ryYh-}+**1zeW9?<@m+pPJ*arM^i
zlkZ8QAIxEp)jL}%)o`$m%l~98K&a&_%qzY|YbZjbNN3l!XDj<&q=WhEzK~)?t|PG6
zHP0QR9%61rxk4Zp_4{!=VF<<_oLI)^71*zFJ1<oH_b`Y-bEpXXMtsllHRG5SRnZBl
z{d0&^1!R8@?_toe$h<mE@X)9DI&eui*dkBzFK!;dSLygPcaG%kZ+^Te=VZJQ^qam+
z{ClpmW)8;(=bf=uUr_hiprh7q7cWo~x{!N`e^eQteGlyw$S$kGu_qg}mn1<Y0bN<C
zP#oFJ9MD<$nRTJ8{_$vi;+ravPE85%IPw6Zgb$X6sDCP#2rwhP$MDn0f!?jf9Ymsy
zedI!0v!he#@KnejbMu-!34MZi$!jC+PhC{#V|GJ%qi52@(wE6O&6BAzq?2ie_F8Om
zAW{or?VY)@PDUgfac^x05MkiPWq@##)Ytc_bi`SX3)2%VTi9j*kwF8b>eN*>VkM)u
zd7GD_*1O||kDDw+9qD5#c#WUQ$yqOijNVzRQX<B;J4B~RqV@P`5L$JLYJ2Iz+ce7F
z2648-nz&c^>M8X@XtGhWOl4?^ChwTAG^w!@iWXsf1g|1S-*ZIbO&PsQou@DON>6$B
zIi>@CIkhC!nsB}5@+vcmJ*feA!Y7cE(pdRj2wpPo$EtC#QZ79a-w;#0MgmCU$Z0y+
z8SFXSJ0$qPVQ2lMsJ$}Q?K#u16W<V`lu?8s+~MlA*L|hE4TGB$sGVe~L9H$`V_#iK
z<*sxwdyx1&jGlnj&`^%{#JwT#%=IPYMW;z2J*Ta4^5cRfMdY)N1fU;ovK$hFm!ol=
zN|yc7Jb82pSP3kDyDQdg2%#sRhYWobvTEZVv11wqRgzpx`M+Je)w%X^Z!kR|U}5)`
zuz*yE-8-IL3pgz#y1S1jq5a_($whSE)YCr<jlE?ztOjg)9QS90e8`e)1jmv{4FwWT
z-~8~Ng?1eVlD0yhGQIYCY{OkqKLUo4N{9Z`4mZEw>uJDJZyv<@9$$KiFGRxb`rB+t
zFr0b@5{B)oRWv*JO;wb57}uPXXrxVmvu&X^boJt{r}txd+G)7*Z)2&i7&T76<WjWl
zCiopSRSmxDz#8{ZS|Vq09wMFmuP>dLA~AL*5><;`Ju&aPy}CM5H6ug!0q%rEQ)SqL
zbMieN(ervzG<rY_MB=$BKv5s(X9l3_1t@;K(<Zs8hy94E4bS&VXEg(|v?Z7{!t`}+
z4^QuuKWXM6)|;ZFw^CqD3ssRqCmDBN8MSZ2VbOlq$XNOqeA_5>y>Tl32<trA8)-f2
zaGi^-qxcF13bBwECR}4psf#<za-{pyTc~(!+J0(nFr72n66K6Nm=MYKD>#^F=m4wL
zr-QS9ub$g*ZLjBq<x82*WvGP$7j|5!j>bS<qgMuSat6*lyc5Q2CZU4nQD>>M^8;eO
z95N7~USs6WN?tdb!9qm$15d48cTbW&&IV(iP_WjzU&T;Wi9bnw_l7p^)rEqed9)4l
z*umHp<sctxR;4arP=~wP?J2!27&HCcV@@>Qdk1-UE#=$=vsE4_O6(U(;gF027d#<f
z9WhnAZ&c?bJ0G;Sm=4Pe*?Y8%4|P8Nn$Ud5Y?l4CU=iHRJk_}glpf$-w^~F2iISis
z2DA+FdF|nmT#_1Va@}Hi9icfqvK2BviqOW};iC$SFQ0X|I^M;4ZdAJosMI=f)iZbn
zY~Fo=?|o82qv#ZS<+S}3I2_ZQ=O=k+DfY*1V-X=+CBCHQ7g&*9fjfu&K-_ByQfNOv
zJTmgMl9$Qa!HHE@vj8u9+WhW!!S@3tuUTOusTW62h95rOO|RGGg@Z~iN-1%6vENT7
zgRvW(s`2Yj<7RpK`Kw)8)SO);mp%2EWGLu68H4KYp#Cn>)-;ry7@POl*euBkXTkDH
zvttc|g`x(ly62kBKQ$^S2klae!_2b^-<1u5wHO#Evx2GlbW``Rv&CJ{Z29g<yMn3J
zHi;S&9w_BV&!vHz7$3F-uNFgvPwBhY95h+#1sRxKK=tZxPnB?|w8@*MN8?>)Mn;~a
zJ3UJ_a9NICDGx*EqEDb^Mp*)0&Oe4Y^t3F*-I`agmxMj|6&w+o@r1#6SlJL1HCMZO
zoSYS_A<&rB0e>Vo!zLE$ctWHY3`!|UeDo^l?o(2vhh&Dn&1If!+;%<myz9?-QZTs#
zgs-GTh({nR&y}hGf}j1CB-uD_-o%oryS(PdLbr?28O3{+dKzM4$JDRd@;G8|%_5e5
z5+Ta|x=R4oqOaG(HDx19I&iy;mG|Vkh{IK5wgjRMl8GyDTDkY+=rhgu;@z-$&kd4B
zFlHuH3Ml1vZY)f9VmRJkZ)opiNVGPtUELPr`kI$_!l=X+f$fqeLk}q-@32rfe=aT!
z{T`}jIWJo%(ZXl>jNPmK=eB#|E~za_ybhP)OVciU8EER2&2h;<sM0_ga!A<jLqN!^
zys>+&C@>p)O2_{q6k(Dp=7B@!$oMV%Mky$fy{UY^=>TaY%(+PM?rb9C{ItxcH@!q$
zL4AmkV%tAa$hr@q{Dg1)r{|ru=p(<krRKZm_WC89hi?T_AS33iKO4MKNjn|*HuR#7
zi?reK{-F3K8<GkFpbW5dr0<eqm66ZNI7|6tuaHA$qGRm`;Lz>~-!JT>>ni<jI4r>B
z*_IskVQ0mdq6kQ0Cm|N*6ND!%RPU#rSLZSp&bLZTyFD_Xz7~1{OO4fhF4&0>Nk`3h
zQ<E&3W7s4ay`snl>6E9>MQ9%9_M{t?hjtnL^z|%S9`H?F9FQR92^okNqx9N{`{jJg
zq}7gf3o~0|#IBd8=%eL+NzV{zl2uD)|IxZB(5TB0=o3uo6b;lX7!IW7HGXX<(dcq*
zM$gD?&NBOTKE(!Yz#+vfgqx1q+z|UB-*2arpLhJee}-SbGjue@4%gGvko-`@y{63U
zz06-)4<Ylh%XZ&AywpTjQqNfa`&g_AYDQOjqliDX4P@ijN_sWrR~?Eh!{GQiDol66
zF#}wGgiLl4OcMF=La~@A!1?E`Uts9X#|=(&;3v9spO{q+B_{Xi%cZUSGISO$ubozR
zEdPbgk|x>;ri7KofPED4>3GMCuzap)Raw-b2izDS7JbeeInt#BB>`Cm>-4`3KtC$0
z(xWSFI$V~W_*GvRVg-_>M3)UqnBs7?8!e(ReB4qMQ+R8v(9}8lCis2%xln?+FI<M6
z8e<vpPS0qcP=Xy3N(cUkwYbtt8cnMxUl5RJhL`NxL&@#e%1qmsvZfL8qr1sPAsG^0
zs>bQf%rW3}p|*C<)XRrC7Utmq66-i+9KxFNwBS6CztxBisLcmEq(AwFJ*QLjgPt4S
z8aE69^SVz$1b6|RaVwa$WxKitwSY)AZK>Iuy@43C@Nfb6_ygBLEPphtx52`l$g+>(
zE+$}jB+lFHu2BijAJ%LE>RBT3>vSKdZ(icek|wzBn6LM<W!qU+60o2CJkiWDCC4A|
zK6XK2^00~jm^4Wqz^jV~6KRpc#akJX^@Kg$EdHpr<LteS-km=9f-51yxWT{pb=Jae
ze!m%w|G+3^SVkZ6r}73@2l6q7^Py3i)GYnUI`xCo`ck4Oz&DP{@p!WeU^h$XJVzG6
zw%A-e+qv%VsWiH)&@&g~m5G8LvP}{~Z1)?`6U0~dFeW{2+8vpYIO3V<BFU2-Y6ru_
zd$)_BAz(7}<AL#-rXJ$qF4ADpbB-I24OXmW@a!P~Wwtye6TREV{fO|(NTT?$fhRy2
zO_l=ZZX8L*N;uF=ud2?2_&_XZKO%>Ak*S?v{24B`@T)1}_LE|MAHl^-W_BT|?x;vN
zyDa>%el5GVmSSQ(WIfSvl|T~q2D;O69hJ?HXcWCGyutgcmQRteKQ3rW`AH!|&1Ru9
zRB!;LZ-zs2u0Fo%r52X|W*q?I@2`(1toe=P8RmioV}9M|JCbs~_qgKrCj}iUQJ<2X
z;6ieqoWiNK&vW2#PXuiTB?UHP>~ws-w~RKESkbQ7-|1+Q)+}ubtP+AlzNaVxPgv$4
znap!rNt4e$>@WE6QZj^UY3hi-$fiIl1681NYX~gePF26fzw;H;*QnwL6~Pwo>$vD@
zP@%|9B|WAV7n){rHlwhUT5IGUoTcCqNWNS;F4=nLwPh=^Yh7cX>ucBd!=&c2gbPqF
zI$N(UvRwuZhbn!~D)gB?yu()S$U{xM;2c9kc0CxxWjRcE_Y;K_PPBSBkp*Y@_UtOU
zJu5=)O!&NxW@}xxpX~8c{@Jmu*?|P95o(sG&?zo`nu|BWnB*ij{`pquj;+3ht==yH
zF2bo>{k8DWLp)t~lg?5VHC&{TmkK;MX+Qsi0Y~Edd+a<zo4?=Rs=Q`6(@WPhC+>){
z#`#F3c=mn*OovShglPF}+Z*=)6QQ@SVWM1Zzq9f~wCjz`O)ba~vlS=%J8)ADd$o+*
zoG~BvH|ELFl%h)<bMEc6%6|J7Xx1X#?$>Gip<6r|7)vxa)xT!rra60SoERJydxF~S
z>WJX!p+@+HVeW#MzefYp7)0KA6k}G}$h`vVghuV$@HRz?t9BA7p<-mubk1s}?TCbd
zAh!FHr`a1>u%V9@^qkx)8pCQpH_1)ZlZhu=KX%21!PYQPC*>}j3~eZvHEa`S>?{Ma
z=y-;WQR#+nVbxy7s&2Rc+(qw>TxnUFr67?_5Ez0-e-Lp#_<##C8~L)&rHYi4fO`ws
z|4^9yB}n-y?ci1^eP$!sOsG4hmAAr9VDMEv$5g3R`0WEKk*a^2j@FLtaqhO9S>Y>-
zfIxkir)iv4;T>TSjUqw{AqPO;vQY<{mE^$Dc3I5i>Q9OM$wMc*O?19LZj$slK%Svo
zUFV#Zyd>j}zM~K4hM(SC9<w6S@sDw(LeB9ZwcPFJ*~@2}dt#h$gTNx%;Mes<&-)Vq
zyKT(lPl8Ee%>LRA6v-^yuAZ8^$7FG_?L%(;CW#{OKnvC^r>pg=rQ8|4PYR2B;m=Vb
zky@{xHI?U%0<^i{=44-DdTeb;Z!Gho`r}wX{_^SkITV;R3J}lQ4Y9kBJoq$o+uyi5
zK*CK<oMga>1RfjWrz`RxeKUR`b@{B8Yt^_U`8<o8ObR+JRNdOzg!!qb%_~b7|E_3;
zQ#BU7$}S=y?39WLDGl7foLt@FVc$!o5V%dH-fKi}ROOVqBe<gQ#pb?dz|Y2-Vx;y(
zv7)dz@}D9H4znyMORAd`U>`BAqb*^aqIy`&BA=wpL^EmKHWqOwCDvP#5p-XL70BYF
z)>=@56Qfq<K-`pnRVbfHT~)If>Mj|Qe3`bpxGB3w-*QPcCQ4gNKZ_uScPJ_pcv~IH
zC6fnhOmw7G3uh3+t@{KB#d-R}^2$V{gs?XfpLiF`f85@=y4%jT#EHa;@Mt_JQd{7{
zh<uj#($_0al|#L+zdY_!je8W$km%`6%xUbE0>ecm-OJExkfnS(p1my+@%a8stT|9}
z-fcTF*!?9}zkc)JdK?+@rQ;cLAVmEzOS6J|1S}m0>+V^zeL?4S6=^H?Omp`l=_`l1
zK&e=oyVbqgMhiGzxZB^v+$LPZM`aA@cSEqm^e^JpILV^xH0~uvG?qc+>j;YrGDe>V
ze*~Gw%AlbswTK%fPo5m3qBcqj&F$<OijXtEBIj}f7SQyc?{%cA+^jb^MUM{ogykor
z)qsAS^P}Ur5VOf+26{6MElaZ_3IFOj`ian?H=f1T_Z#y*#gIy|Fg+f9lh~$~JM+3~
znhN=~y}t)V9B7AO{yXj05%*j}Gx#(w5vu4p@7U9;1Vr2TYwAI~>a-gq&>GcGVF-^9
zV4Bp5@b+QCpjYpednsCR`VCTHx*4S2Lk!43O$L@r_M>VP<yM{z8y(UwCrUY_=Ay6|
zSZc;g<tI-awYhz2fvWkHLABPEJ_&KbEu1xDQ63n`DQVk2CW(`BYmqu|9;B>ZUfj)e
z^;b-y8LGWtMX?~<lMWjE9b^SW5({K*zbNS+u{ny+(6?k@1f^2Wba^-rXk|_fA0#N;
z+tf6r!4UO%W-+s|RBfLJWvnaSbD5^eH&L1#NaFD<;?aRWG0Oe?<E-hNyG6iM)Xcu-
zJKE}-rRISz{8-rDQR7xU$13i}5$|JZ;-WDGi7t@QCl$*7b|(H%%@MytpCSdb&-QDG
z_6w5Gu1V+AkTf;#btMo9e25OR?ZQ<VNb<^@BfDkd&aBvWYIa<IbOJb;bSExZ<>#Ea
zxp<V+a|_rd&X4XXr{1q-$cw~sMv^=~Sm>MIG8XY}l6Gb##N<h!4esK8{nhwzFyVt1
zX%E2nQdC^sk3_u6?<+YKubA`v##y3s_ypxGuP(v209aDw`dJexq!Uknfo!;HnPKpf
zuQKo9MFSZ1I!IH8zNG|o1wkxd{vT6tLG_FzsbV-;oK&JI^Y!0mdnjPf^CtYdCu26V
zR*}Z%RwzGfC4P|jlqu3a_ws4cAC`?W?37b#(aS*NvPlsCAd06b`LQbzUh5erVaM#N
zl}pEvoKqg_nGt6zQis>UBx;XvB(XQL(~!cik<?{3G&)Cx<{b419paP=jZ5%!Wp19g
zs%4WQU^yX6NoY*Cu)1uI1%QW~4iwk7I!F0Nf7k)t?Wtf!Bs&E5aJ~km$J_Ti9n2{v
zMkw8GYaNtsQqCQAvuRfODg9x3a4-oDbRp-QaYtjYpUcIawdhve_ekQa$E-`62+zLT
zOss+g7;<$-aMKWP{L!C?#0yu&3uJ1V-1@qio&tjyjjP@OIDp&2eKZ(oc?<!*zCd=`
zAk1sMd|uj~B3TOEfXC!(F=49OiixPiVZx({rp@b)F2f~hytnnvv>3VjJKrZbGmszn
z0UqMcnd@7=_1|hBa7(aqK=XLt8bd_RIGENCBQPN3%%MGbSQKkKG9-rHW|CQANdXi6
zoJwm;Dg-<uWEH!=859b(M>axEVHq|PV-&vqKN0gaspa{tH{9glQBpEuEf$+`<4+YK
zz$uxC6uAg?4#U*d`2oAB-#k`XXk*ycgt4`a*%ucM&Pv276I9V(_=~lf(4;-4&p)^K
z22oRmjuWoib!)D>#Zf04w%K1ii}8$5iRY6g4S`8{8V2#Kk(QCNW}8?o(^ZEM8~Y2r
zUm4<5x_W;6@)B?58^Y#n*QURjRc0B{vM3ddGG|QwEV#FWy&)BEy}j*KXm&y=GWzlO
zrk#$vdb$#MSA{#}$uGQ+!(y;gBosEb7dM6E<|%9u>feN1hMuV!5psjs+cy!p3ME*f
zD911IV4${$=?>tVMH;0FW-hdcioCar+(HeZFTBNTAyfWHfoI6<*9kD)YZZ5U>IDX{
z)~Q0p0cN3~&jNhDQ(Y>3u<<_F@?*R*fd$5}!FQ3(UQe?Tn%C0i2lQ@ep7q*OJl7bf
zIN}|WO)RQjc%;IV^J1H#2t47Q2}gd_)OYo>7ZdK3sI@1Nr>U-ti8$DeHjzfw1k6+4
zM@GVg;`izxa8NidnmdwjH$^tdyWv2$ODo$#_Q`mjUQXpCyij;tl7i8;)hcfhDB`Wr
zZ3yf@&h^6Yw>6qzw^G4yB3OZe`s$EbCuc9gq9~~hxjycZkj5hLHp%;a?-zQHKH3x6
z2HV?P2Y%7nqzxwGB+o5B#-tEL=;&`LJ%U6u$ZbbR1Vo9Aflcd8!|Dg6WKU2D2!kSf
zIqm=$?*ts{>d|VoodAqZbFU7zc9<l_TS9Gq?MktY?*D=x+7*<qf3jDbmwtvZZa{q=
zcFrm+%<fT-^Tl#w<4}!za2f)}6eK6*RX0N3R4K9YB*Xmg4H$0>C(1!f1v_E|1Ay6!
zzt0ZRVy=JLn9ZHuERfYRme+#}`g1rH+X7@3cqOMuDh#CNJ%zIfxa|FsYe>nl9wDQ0
zD+ARlF{me&xpT3;W+90IV{f9$L6nD2LwbL_{&HUvIqmml5jU2s*wK^S@&9s3#9oCr
z)lX;x0|P_A^QV|EHHOz&Uo_J2oD*5|f;B`eu@+Z5lvXuGcZXZ;qNLd@gc65;JnJTp
zBEM|nh`Y%ohi-Z{q&<A_Ivh?T$!9wc;x#~?!KoRaWv@dw<dF;EUcVI8i7Sm9$s7+F
zj%QHf(Xvci*<-ShvM_s+mmDpWdBySJZM{C|oh2aA%s(u7upqVk8r~UG)jlkQDa5Ji
zl`Eca+yHmJ?d|Y~bZV$%XmM4T0O=Rfz~DYqV2H5V)-yA_+IvQn8`{{z{&?2WVPgyT
z+3<WgpJZvoA~OJxV7z@da>sK5NmYXABIZ+hBrVE(u9$HpYj-&ukiMQ;Vq2$zqO4g6
zbs|SxX5j@3^$aj1&HHS;4a(s!<3E>LceiMpj*Hr@1Cf^wRuB>##Zg5WO8pL7PGz0z
zI_G+b;O8HsZIo||dQ1Zex^hycPwN(S`EgDMrf=fN(bGgsP26MJ5B$Usfm(AbC0=H4
zgzOzu-njNqCo>iATGHTZ!Ww1%0^1H9ynRkAULr;T{7rS1!*}J5>1kE#zm3dC9^T-Y
zOaEKJBln8#24r=Ogapq_`<WbB|EFu^<Fnx>TUCzT%Qxq-RWoe+?95R1<~p@ADaLG+
zBZ2AHrS}62McB~=Yx1m}OLZngho+bA2<d1yQg1xdDG+Y4lR#OvK3j)-=^ct(C{oSk
zzl=m<wba!iB~Te8>x9Mk=d(w->Z|!^LW^J(r^)B#qa)t)#TG0iOA>Pk$#uWr0lI6k
zh&Z>)$qKI%9z!GL@ayb_F6AUo18~IZvhd;;(!Z6_1f}l23BxeOX?`gTSNbJ?BR8&&
zSr4Z+jO(_-pghLf1pbH&kwYNgPJ37|H$beN`7UL!Y!`S;9>c6G{^N0_H78Z+NVr~H
zh#9Qa!t7_I4wdpE8^LNbo{FyhoNkwN;K-|l;U>M{CH9;>FI9_w#Fm<dbe(G|cMS_u
z5o@v0JRST<O)~m1aZTvDFYJWd^du4E+TC?p7n02J_Wg|YYM!eV{f3Wn^7vFpBG#nU
z;L<`D6n*t>#*0#`<;N98CT?~GICz_RGUMCQ%DfE6yLv`x$(ZY{zeXmFer#$3*eWi`
zZVMxA9Vx26A5G0OM;J1yfzErQPQi20J2I=l05qz$qGXXa`VMwL@rXV-Ff{*zQxeJU
z{uoi7x7!wedK-cYQz()UTUIy0QmI|TTd<_>IQN^YseD%j{!D#)xvcddUr}Y+Mob3c
zER*ddQ$DQx{+*pu3MtR^JTJbDLytEkZ#qa7mPRdxJCr@R*R``wKNMYhPQ0%jVg}jE
zZ1x+Em0Jo-nTdfKIWA0u8*eZlH1PdqbjxDmPaGt5QwYx1mWR15E2QGzEZcc-bnb(_
znXq$~DwA9H(bi%Jm^$mq0c!6>3fh@%{Tyq3l01RUj^$x<c-GK!J#msTqekp>MXAQF
zTesjS*6hrg9YPPv+>2M;k|IVQ(S&Sj1Dd(lIW+0wr=Q2E`|VQxF#0uO4(HlN-r{{E
zO5EY*uOEgys`n4m$x*y+ZO!RYJ!}Ah%H8cwx(tAH%uUL!_DDIId(a5M{5ndHgt}k7
z%w*p--DAu)=8^_SnlL=Pgx72o6?TQANEOcD_1_M({)`HT#rvZo#T$()Y21g22CZDd
zHj5@EB`4l($iDRmypkYF=E6CS^4@c1k@9z+h##0bU?;UN{_RCDSRoK0*(lwK1skOv
zh}l~c5wO)20IKAoh&TyWD00zj5_!yy<NySVhE8L|&7gKGQD%IfDMfw+Nebn*HEi%<
z;|rT0x~r>~q@<Ka*bYrfZQQL$r8Dg&$6qpKi>$@Dx{e=|vic4a^}N$d+qMVK)~MMa
zahpeSM|fj_xa7B5?CGIQ1cO3&qqz0W`<?vjl)gv7R7q?R2^4PQW%h^p%48#7lHRTe
zF!o$QJjJaexx=yLDu+=}oz#0C(vja#a7Z~d;T*a&<x28v(EjcGZ9J_TD_K%wz-5N1
zG$NqVR4@~hK2W;sH%jhEP4X8uD>Bd0u)3TdAGOpfXls~<#{wn1dPyWhHrA89_VuyL
zdlz)|3bPf?2IUoe)hW=$MTiQI_@Sd1EP6;ZhHH43uZHe2vGp`{l#nKPA^qp=P=y+Q
znL(97ULKF}6DfzuF<<NWW0J|xFl5=ern~%2xP9=f5c({ToTGbp{XR()60_p!#TQqA
zs!{6{QjF)l)6Fex&W$Co(Affmm%6NG0I-O^j@2_Z!%l^zDC~jBpsWSjJhZ!nU>}mv
zrq^ljoZLF_mA~dTysmF^8@E1w_jPVcJ0aay$<DI>j)hG$0_L&inmk&%s!q=D5)F+o
z%TmXGa7!aM(iK?6o~ROHj*qc#T}wNmfC@+m5eRdy^~vYc{YDyWvrG?1Avm9IH3W4p
zH-xy_G<d+ItTE2!qLIy+mnWlZU$)RZgkc5RgctO&8Kr8Z4d)uEZ#bZcUa;`(30Zqr
zaj7Y)FIi7hrwH9R3~E$ORgC`p(+YH18mv4{vTVUSM;ndkH%}x~V$D}=43LP-hNF9J
zM)>X;4c(TEaQdA04#{l!K5)nDnGl&;Q3{E4ahF60W$JB$)E%cQtOP#$>E`z7Bu@GO
zn%;Sd(x(Y2GAHp(=uh10D1X9U6@igc(j+Ke&e3qQK-cjJ`xrj0kD`0wQzS^Iw$?`G
zycXhE<y}?3E=PIi2jTafA}mvh0hf?x(@CVF4?6){UD|ZrjFaS-wQ`7JV4{1(q`+AM
zq324nqu-AOEaF!e_SP^u@zZI}^sUrrqs5%*4<d3RZ2_%1_M}t-LVhpXFfvkIB=ho1
zApC9eQjLPT50j(#BCniRR5M)CeYFde1x#Q$5{XFd_T@=+OsUhuIIEN#qUJL~q}_9`
zVD@R^N43=P2Q7_)qn*5_N%!Oi9$1V5A2D^@4`t{!^HWq)ZnV#vkFK%eU6MICXtYE-
zhvH`^N#V5%kH)P^H<|B{GY5jwKR<u2H~#wGXEsMfO6FU?dMzzWZ&gCQ6mxv`lG}IP
zDbJQ=KCvD05`6DO(N{A;HV`AgDFRE<*B`%~TQ|*2+C<cv8J%9t?J}%Z=D7vG2MFSC
z;FAx1;Kwem9IfJja#q)5)=$R6;x0``>qjP-uGrK!_GYW+hw~{Gr@Oc%J_LAcWb^xJ
zuoX2f@VbKvJEtk!tN~N(y_Rm{-b3Nc2g8+f-Pqj%O~b9fVN!zDH=q8NC3z@r1qn&t
z$&II}r(fi8{uaW2_dxN@r?~;b-{iW4orkDgZ#^AqLr9WMlNiNskP;^z2obuhSZnf$
z)iPaqj9@u}rYeb6zM-YpgF6$H*`*G7u;<qJHL7q~tHn|{ngj!h)wjGTJV*o;(v)We
zcg1j5r^y@got%BY@R{;*YCJF3Wj5Sva(33nntcL_*pC7GW*A}BYe!<~BfiRAD0&(3
z`2MuaYXz|%S_l5fHYqZ{qgJr#GFe~ua|Wqw!W--SRt7O=;MHZ7W!@lHP=$*MC;6(7
zKzW&?`&Iar8jCu8<No5>;rNYLJn+m_Xp)O>P4-84C)&rWwOZ4M*G;X%MWukSmZI^=
zy)3d*A^fE{A!$X&<+fATX6=W)B#Wg5+*D=5b{c$My1@6NH&xv=8(g>oI8%cj)LE&h
z_S3v#N(^%O5rGyTi$$j2pj$E2TRK}oC-|h8V|?D)=X|z*lQyqX6M-d^v%fWrzulGa
zz?`Evl^5@H-ww)2#k5>${jz^U6JyHzE^@v1hsUW8W^YYvV{do?k}#r*UdCY#dPc3L
zMpDg3{Su98Rre7X=PUUrV8HV5PPyqfFd;OhtHFq0U(OHt(|m#u!A!e2p86ZXJ?o^-
zK9Si>w-U$!vs)ye|6Ey3nTJs`wo}}X51m@=t?OxdWVSc88wLB=svdyjuY5DjLcdC!
z0i1=O1*@`?Mt4Np?5BR;m%sn<%8%{5B(R7rjA*>)7n0Dsz=m0Xcyxhn6lDs@YYtV(
zvlic#g8Sp;TZg?*7Sq>?zd>#+E-U@b(pb*9T`aeyRtW;sHbaSO*1!;EH)z#?4JcnT
zub7dv&)L;BM&;ekjQyidxU8E!{+;_Yv+I}6`moD<NFkOfbY~Qggy#{u7OPSYsJ{as
zA7qJn7samQU%qZ>o_Q~+Im1bv;wVcGiJsvVvtP`yBx6jd$z@928f@$jj-NT%!|b8u
zP7JzSEI>Q=81q2ft)if$?ZKkv0lYKGhiTFdr+f?PAre-%q4F0(Z_kCPgC*4${sMJ2
zZgU>Y$9{&YjxtX58x7Iae?Q?CEd=eY*Yi$*yO2LDM4LQ;UDVAo<88(oNKj6p-qzz3
z;q#8(YA3(%ENg#X+)1MkOXApX&}0|`37f#uKa%NlzaKQQg}ZMZzH29g=-bE>sOckg
z3O9i6P-bZ9p5K#g!X0e#WvxS(OqX`LL?lF@VbsMFH?4O43#pH+oZiPDzZpzhO@YQV
z(r+OE1u}wq7BAUJB?b)!mc*)#D?mc}jO)1hYrxjc%$xAJ`3>da9_2|H$O5Sus4coW
zIyB_$I^Ek{1R^iaE?9ao11@gRLABAt@P53q{Z;w&cKCHtjK|aXk$l~!c|IPA2}!|v
zHZ{ED32P#0DfJ$jEG2Lxf8g@_Ove1j1@*Uh+fOB|`P0qf8fm`Qkjufsrn&3jjw@mA
zq9m1Xfodi?ZDAdfjTJK(Jd|V38|LFwP`B<aa+{mco$jQqn<VAGgTBZ-nxmXzoXSQL
zdyXZyQ6o0-gSzq6GBFCa%G4N2DHn1FCX<sW0m(JW#m7=ELWWWl<!zZs8{2DDTlgKb
zZ_P-@1~uhK!v}Lj3X5G4<E#Jd)u_9NlV5WLqPvDc`$+W2dRQI35Jm^e+}#x`UDuei
z>XYYDy@%|b&@^+puJX>7Fy<=HnY>T!m7rThDR1tU;b<|Lh%pC<3YmC=fVLE!aSe8Q
z1(iL`+!?!k*{7gGAFx);jH-=X8%#ZfE1kcyHNI{`;$ZaPOA9viQ{aU2rR+LJEJq>9
z!f1)Hm1K5Xr&C+f%eDZ4Gact^-%lPcwC0Rc>WG)b)KIN1sq%^%nYYVc@sX<WTl@w!
zq%lju)R`m{6N=u&*N+W%uYVccbr6U+%^}Yj^iF1tUix3NPG%|C@CanNISs#*oXfLS
z{s=1S3^M!;Lsu!Oethdkh(Z`kRGp=&&z9*Xs{py@Es4%Q_qdFFBzL=9aK#V|=I%`|
zX8q7~@FOTXkAWHn4Rraciu<u+F7+a;=(GAV?#)|brmB}7FV}+VQgrdvQcP%|e=3df
ztN1v(wQ3@`(OdR^UKX>~Dary6#oc~eyLcepT$Duf_5dh(;+G7s{vBN0La8Y%3m6@o
zzlV%Il94^d%PQy)D(GYoD?}FuthvOL$R{#T^Wj(huQ#dh;CzSmJNbLU#;{re^Zxo?
z2H-#a3CoZhBl(DvJ((<BPg9lto#UkqMn^Rw7&+fLdTt1Dv%g<d`yWqniCjUriEmc#
z?AC)YFE(5MCyBFB<Im~slW`jBYFwiK_;~$h{^w)7$Za0}1p0r2Rn-RYaiysks8ge6
zaaQ93qQd|YL3;o2prB)dT|rRj=-R-iU))=v^dDn_R;fQ*iZ8)=!zaPE`;DUapZ;Sn
zgP4(x95P*(=nCI&RgwzxD(|cc(*JiJC&_89L_E&BYHGZ6sXKTSKQH!Z80Y`dz-1uj
zQ!pb)4giUCf9kFNkBoxKAR?aqrw(c^S_6sysa|k_+Te*@r&`rqtkgL+#ui)AHD@|G
zHQohkH%;08f7W}QQ9kNm^}a*KT#5RBLX)dBk_M5fqB>1Rlkp8#1^maAjx{ZAey-`^
zkVW6eq1&kc(RE_`{EBbyXZcr95yK$w{D&$hi<EuyvC7GbIt9vWZ@}%JU`B#}mD8p^
z_;N<4Q$164WRx|@w%K^nmOn$a%vIfG@f*}hzwX_{O=xa)EC$^he@fW+;n9C`OcGCD
zTr{8+UtjyFRxAp=b7Dk8WG6(Y&(VHYH@p9PTg9%=b=Z1M(Tcg$RZuO0D)41-{3C`P
z$7_aU+~lpTEp|#_gh|u`#>G~kdtGvVeJlp=J=!js{=aIPe1~3MEiNYJs+^0)%2T+_
zLI$e6hXhP^<xR$8q*4udEVBJ$_9miNc%?TNZj`J%;Inruw!1%pIf>(4Y%av9?9@fb
z;rEM0KX3Z}e#82&Hxm-5G{@`x$JmL`6rsd<Wug>{A1#ZTCBNHuq}obSr1HXUhiKNz
z<Sp(OvVTU=JbuQK{M+&LpMfF3aj@?ia~PUZZngb9I3V$Db-*S<_j#}Q(;i75?uJc@
z<j+m-xw0wlZuP9t=gXps%UN-)$A7sL1g)C+&zo+;vvk7B1S{=pU;sg2PVh&?5h%*f
zlarFCn;nbO1dGSw;VsW0tUc<${Zya5c$N<q|F~+KzWEC~3l7o`#uV#8{qN_xd{17~
z!kY8RZ*cz3OoYPTK*Ak8pn!(4BI&&M!5tR<1BnI<<(ql>E{8MW^}fUK+p)o)7@iQB
z$A=d|D}$N)U`Zaz5?KsI`}aBgTHK2SvM+Q3+bs1#`EG4rYU;b3YfcP#`!Anw`Yax%
zl3vT=o%{OSNQmM6dSs^-MqsCmrlU^2`yMC72!dj5?f7lD{aIh_%?f*j(&&YUOMg3(
zyy7wG`}_RhbbSip$CC0t19m!i%@->)VGhC~F}OeCY1XE=g&*q`rP<-;c0`JuHVoNr
z$zhAi!*yQ-&TtsYG&EOXDGK2)^jT0@=yT=#*?zt0t(7Mo-uov-vyzVbiFmI8vm_r!
z>h?3I_u>zuWIH38JtA7Hg)ZMufrn)AJA{5)zJ|Y)4Bom^o^31ML<^n;X5fuAY=M>U
ze93O6_+R!mAVyrr3im|Jia;@|0&snE2B{PLznz$Ql|jo}C^#fFqy2j?3)4{HuQ}e;
z;*zke8#@#deN8!7lNvto2)m@n6ZW7k41d0B;)cI9|JTY@pDm&s<-+0R!r$V#zx~ne
zw%wxy4deNof4f;2jKNU2U_$;m7yj&x=V9b`nCqZQ^Q+@(#nkDj&_BzL#5~}OdVa~=
zuvEyY4Ndy(3x)iJ8%YZNx9$?SVBC-J&zKmBXiB%<I?1{^70D9rXa(9S($5`h=V3SE
zc)kS442e)an^DXYfyHeEMEu1C-Wx{Y;RB0jIEg6Rzw6E$G$Xh=4rVwzj~hS!_3O(^
zZ8^p7*KofUZST#u^UR2p1fJftQF30|$dCcHiUM8X&tA8?aZ_yruTUx92LEo&{^LJJ
z>5cg`_xCX+QB|`@$}Edxj>kQ(3)VYUT_gY!Dug2<HKKVIi#8r(G9(2Ycf&rYeEs~N
zJ#oS=knloC3*K+}?}YL%3hL0JXh}c$bef$!?EIAqg{K#_s0kI8B#V9E?%c;GdmlkN
zLU_~sYVn7~)3M>Njh*K<u&v#Y$o$Xg7#PKB0J`Z2G$H!sBpBJju&3mi$FMS^`J3oC
zm;N^_1+;o=Xf|ZPZ$~;WP7Tp7U>*9?ATaG^7J9Wz&^zbp=%}p7akCxlaeRDSEd98P
z;}`!bG;az+z=hP!$8vrBH_~SK--jLkkCA`IF&Hxcu>&->Q$r>OS{}jXj4*FBd#68R
zU?XSr!U5PL^u*LF6WI#<z#0Chgl0r<r(+DSB&~ydh+hI$ck^!~%SWfq7zj;P@eHS<
zwsj(mu!&&%W!SSvL{H6!oK(@4Zpltgk6V)0z7rPwh|AjFolbY$a5_Zu+_1Tb6M_0F
z;emBanf1O$138NCC1O&8715N1&9E@OtpnP!^ZeZ9b%vt&(H;WHL+(Sz<^G8m8C;1G
z5wG(2?LNFjFUwLq%O53pi2&Ip!EJ^+Ys;(SWf;euNhTSph4L3^!UToQ6ILx_n`4u3
zE5(0C6Dp`6raFFVnAKxiW-Ixqq6e$|FUJpCX6SsX#a`dL5ihT%(yzPzI9IP}%JJg)
zlkdhcB;CF-;Va<P88??7RMb`U?H}n9=c+44GlngS*$P8_b;Jr+{>%Rma+xuj*e_UY
z1g{P<XYAc7ePPYN`F+jm?+FdOGVJHq3V)Y}NPXS=$9y_%?`Wy{?km+PGf0MYYN9N%
zzxbFBTbr6v9C#fb{2(M`<HV}@Hw|Xg;ekI749J*t`LGcsC{WY@kPf1}UJ?>JHJOA?
zQUZ>;p3Un895upBjQz#{*OKDx%YWrE6~I*_)iLe%t4q=$9|)#}HF+ntu*o-TJqiSl
zT=B1igK2i#Vov82GOlXa|NlIEX&y+S5Yu`{txcT3PfkHt1^ihdYghN5I$ks)7)c9O
zqNJluD6?yEe@br&I$+Q@g1`Upe*g%jymrD=3j!x+C;C+0s`lw~>Ol$t78gsO2{X;4
z?(>gP;wCF})Bnuj#MCvooMG~SR%hymgT>XA;%LdHV>GBWmxJo)D)w&%Csg=iFm+ZI
zkvXSr=Siev7p<&F!Li@?emKJ~Dxd{t`ac7*a!rhP+39m*f{k9ola-F_WvK%Hham86
zYv3lIoVgXu+c<TWecl=nCugXN!YUb({|Rixtmr3lJb)XaCX8bJ7(4nCc_YGK<0bzA
z6<r2Q#Fcn^Z9IDZ%n$okFSz6v_<yhPqk<`ZQv|4gFKL+zn%{n?WJvjMI#qR{d?x8k
zd>B|qS;8tQJ7#Qg<@-m$1pIoP{Qvbh(XP^eITVA(kW76RYMby_OBN_^q#Lj4W38j`
z-}I_A_&V$Nn7FBI=&r1v+F~vB=l}E61-NDO{PqrMAQ`&x3$#IhLs#|RN_?4G(1=!+
zQC38ZmNJGG=l{v~fr*Whj+~(6qZs^u-VU%l4{Rw(awlBCQSUidIviC3K_px*{&Dx0
zt4@KrcIy(Yr$HmS<nb7Ddh~zo9|k^*sT*~l&+o<&>MT^R{4o4?Md_F%AS|xvFfK03
ztoIb7hQ%fS9~8V|tf(Uh`%X&@6JJ&NKOp%AtiVE=zPQ5u|BxRk3uSu!B@zcU-(=;D
z2>XY$el4B-GS+>2dT<E4Vdx#-W1CMVKbt$Bu9QIySvB$HevGkdu#@>2fiPcF5TOA?
zwpx*>jo&o2+Fai1!>UX^0r9@l4Fk`dhW3ZY&y#na5_<tpA5AORJsOTL{e~N)dr5`u
z$|t<aU!-*vvTh{ZXH)NGEr8<wyNL62u_pHoIWjJdI2B*n4NI#d9q?~Si^%?hqxtTy
z=#`bcmFZHalP^LO1&B$Ng*;{$#BwR67CFFHXVdts2aG@KkCa^f;#Ni76ajsz(wG0`
zLs4erd0!?&oXQkvmt&g)U{z?wQwY?o^7@vt|IL?~(m-Qts4O+7F1bJ8+ggBvi}Dy>
z<*KWvnOT;BXi^*oOD~!l44HH`MYn65MDta}k)5k@vIevZz5WzsCG(qh#!<3Qzgq{D
zTjEIR$Yn(c+48);W5=Gu<%Z+W+!SScyO8IWa`iqS)q;)OD=ht~jPmyh0>!Fb^v{^4
z?3u;6ZVKyP-S7*AzQr-yZJe%89v<S{)R&-U5f1llocaabeG1((6iRN;Ed@?iV6JXC
z<Lct-JLPP|PQBA8m&S?yQ|?}rT-cYU=vBZxty7+nL_tc!{TJjvVOS*<v*%DPx7mxi
zFf-Nt^RY5r>J(>j${t&1<>X6Cc7<bU(O{|p;b9l+wEt8X+JY6m5|WthFNrc#!;BfN
zi5l%mH63z>?b^*35AqZL^;YNaTIn?%s|zETA#rTU6zZSwnd^yl#Gu1IW)p#^32BMA
zMbC8P51ulO!%;(F0KbI-q~OnVcsFp^CWDWSvL@^ukSJv?@^2u0F~w>$;1skv9+Nl*
zp(EGRDbtit9k^UBy%k_`zEJ~+XBVevY-Rc#EBkz$Y_^`rLo5vZWqm)jSi_WPgOI#l
zp55y|iI^wZX*M`HT<IzBeM^VVL|T?($~bTIV6|v+!R6dkON#_?T~g!E&{MhY>IMFp
zt~V!Xr_L^Y+$T8!BoeL<>KdlPW8s8$PAOMvjz>(FKj$GBzjnSgS56*{Aeb6<B@OO2
z<rZs}1yY^H*K!7m+~quGV6~D;Qz_4<+&2Sm6O-1^x(@Nal~kx#_{Iq-Iw_7XR||-%
zGlZaX@>DpPYyE#bon=@Y!M11<2#}y5xD6KE-QC@TLvWYDU4lCV_rRdReQ<&YcY?zV
z?(XvD-gEBz-Cxf)Rn=WxyY^nI;-lx;abhfFWeE~fvWDhat4mI2r6PwGH2xqf`?+xb
zt{z1J#kR&P(|?1L4-+o_Z8<z!<mtY~+tc4pi)Txc#%w6<`En(!*KAL4Qrm~_Hij9o
zOf}xRmDWAghasXUaMFl%(z58tX)$8nE@>mJE(j^!e5W_4WWs}&z~~|=$oz~yLyIQJ
z`gwW?a95^Utxh$dT?#I(uzgk*6zA>D$4+owdHBt)v`Pr%J<_&`nBep;x%*5K<%f$J
z|KYmH4tM&_(b&>VHTQv6Q=MYp700ob?|A~WJ5_2VoY1y>JjqN4RlmJTVW<X?t~LLd
z=(3@zG87TbWq6f-3V4aZP8E*^zizx#ZPel(m(Zpc(@sLvcIUk;1iCFt4(=hyj;V`u
zmBokWg#7!iXGLz@GA8Aso&gVVBip|Jd=7GE<BMh!^7@2$P>4>;fU8q1h3=4dfpgVC
zxrra}2kOf8en{YD-kMII?7r9$^~J)EJviTa&;y33dSoBp8FsdXOmzB2A_H0uQXq%9
zC5?MAV#xAU&_^rVd^FbwLQ?t?{o!hZ{kgHdRlyp1=40s7cu}(MZ0M>}=&Firlchm!
zx_#x*^RIw|h4IbJ&ucD6ClrM558024BVa4m<GS{KF1W3GSP&Ftyo_xLTV|JljC?-s
zfKSw=;V&ZVqgV8g;zcgYAV9@{HdZOTnvZ66`_cqrOG84Y7WAbfUl2bh^h~DEhG5Ej
zSkMb_NRqU^*IgI_p5=A$oMbOa!Jg}ffer0xnHrzy@aU49wYnhZP*RH%$mZ=%)a%jq
z$-W4NNpNAT0&Ka$WTao%IpLqUz^tzz>{;}BiL`%S;};6&Nd3L#?XEcGD0c+G@zg0L
zAOCv+?O;GY0%&Lt*+56<5Kmx#)=G6*MT4$vYGdMoe1|<ZWz<8p2^{|IZI=>T>j7NX
z`Z~oguEeR=f*=FH@cII(&!&Fo*|p-<oIw2DX;&j_W+4qk6~^BA+!l$8fn#IIvnW^X
zs%21~@z&;J13IBCyZ~t-dx?cp&aOTnY9)v_b1L+q#z>D{{(blp1+0*{|0m(LhZJ9w
z_>{`Z?m&3CmDld*>zurj#_7(cPlJLdEWz_~!2MfOu{+y-#iYS<ywLylUs#D^CdGw9
z8e_o|X@J41`LcY<&#r=s3K%;837ncMr|wh-d1lW_?Y;XrROA)f-E|{s5l*M{FsK1A
zZ0w+xcIGJW(^{7%WMEv4)yCq_9II9IeLI^%b5j{GAfO}Ky&YPZ#eDM@$$c0dlH@I9
zH2EACu!N_UkA3U-&?6hReieu@t!CVn>*#A<#i)@rD>9|x-%4M_B)z@YYF~kK`pi!|
zuoG8WNO|p*`o-JEH~>XNYfG86hl!XMu=~j_TAq<GCIvahuM4~NPkCaxI3B866sNW8
zIj3i;_~~c)WY3>o9Hus&p&B%Aht^_S9}yS7^>c?Mxl@{s+@scbhf}via1P_~Y52mn
zQnq;fTTe^GtDkUwds!g=l(y(HfN)2wcuwxcP(23_wVe1ZI6o%N*o=t-g@!tlS8*-K
z$sT^t<6N@GkJgqQuU@czOX8&gch*0d=(9e2sM3X^*)3ESxGasya&koWZy0-Gy<9^^
z`>VSjCa<p{JN08X-Ey8vZ>&O>{o>i}KR<M{hPc3ej>)L@=v9LpN&}?kdL~OK6WqV|
zUsy3{Fv{BE;8Dgonxh0n;>7Y(po#>MhUM-^f6yp%Fp8>QGQo_)_aEDlE@NsilBQ}P
zzPnh}w=wdluB?bfyyJRZbZ6NA>1(Tj`wJMo{9a^?q;$~2iQgR2AA++on?py!{SBDX
zTDA-hIeP6Ep`*tu)1#l7`%XmyTxE6}aHQkEsKZ_hIPq^>&$lg!a{%=gGcx0`qWtNJ
z<*)x0nm-~@NfTjRx=1Qv=t`~eR_J~`#quf}z^_uSNQ6LF=#JO<ms^6HG`j|9H&j!N
z*Cf|W&H6h&hEm&VtL<^^;`hq{)5~dm+s=VxJEckW-CtJP&Sxr@;MDflUEVl-#Jgt>
z^rA&Tbpx4^YT>VO&`Wi1HvE0BY{1xJDy2bnQ8gqJ(tsW#fg4!6BgW!xr7?GUHw#Ik
zKbgXsZYu~v77N>zCSjy_Sl#sVOJMOaIWTIw=#NC8j!|57`@3X@a*F*9e9i9I;U2RV
zRfWI0ci+BYtgUU#v)!gPSd?uLFqmyzN|~Uvzq)I<>X9zh-2*wW)h9R^rp*7q58<VT
zMU%aCb*4Y0MZ&$;BDLB5%SX^YqvRyf%Iw&VXl}|I&1jD<d3oLY!U_)PL40@1RBlr|
zXHN9QYP(D9B?@*Hr;Of$IR(jKhOdiO`;jcKVO_xazWO}%zR_)PU6r~pF@)VbIB8_6
zo=l+|{Cqa|av`uEZTuSd4X5=}5?v8;Sos$%q1DoXTyoNIw@^&E%zmgBr|{}WAlGE=
zJD+2#ZczKgE4PsQwAS2T8yBOj4$Um}Fs+<)q4-@@<m&elMuW`(>+TOApug0b#|;tp
z{XYseJdc~DFtxp8JVj>oT(SFe)95@u7fr%$JqVcHe?KCy&Ub3LsJ;_Bjg4PtyA9u2
z?m;v4@i=*ixrN`r$g38C83oHjNPsDBdLW1;jT#u}I}=Os;`0`S`yxYQ=s)$9zs?R>
z>6Vvt;RfG)%z4QQTy3_E>4aH!3AcKkRQBrUS1H39JZ<%7A<$?niz}HuQ_;YRXMr#b
zT6F4x6K}S;ysEdNPii#)Vh7|06upM)VH5Wo0sWK0BO(Sy;JLz1>8&WOe^2X}EiV`U
zne$9x*O2w9FDFKu+DRRys?5N8ZVRj_^6zrS$aU@0;8fjoVFp5pT|h?c)GDDs{2|He
z6y6-pelzdr^n#GEY{dkq=c&_KslSL1li^*0)u3QNm2|uSSnK7eEdLyRC~>(jlE0I<
z$*L`Kxt%WmlnPyqU$KsCd!j~X2dY-=#%7K}i-5QFB_^BQbI`)kxtBPf(s0|VMD@2n
zxA)RtMnVBzX3E9d%<`+Kdb(9I%SUnH{CDxg8ABEfCma|4<oIg?7|uUf{5L4r`a#Md
zW|+d`Ah#f%2I>RwPvi%1_0Co8S!x>SY}pPB^iWxn4vOp8lB36#Crp?}XO70t{zW-{
z5dRq7f-$C;dNAhw(x@b$?Sz}o!T<aEz#o3O8Wf@~{DGDTB@27eKX%IV`~n@gGw?94
zbyU?D?}VJ2o2xEkD5TV;OdP+%O?c|9NsZVTC(#%$auZ_^jepboK4`RLc7bhAB&~p9
zfk-T}v}lppP~iyRANl*G54-s4g7R1gUF~Pq&%)aiOO1fvl8cy@;)l24I|T$EhZUa)
zKkZ$O7D@Cpy7O~<9qn3wFl_&JRPS}en(I9cbzAA>a;Fh2Ieqsmw;0zEB#oC_3J)BI
zyoX?{d-MD6ks!@JA5^^%7B?FZp`|a*DpZ>Sf6B#3F%HswuRDdl;-N#`DOTHEt{ADY
z@QDZQWE5-cma*uZJcJab8a~Fc3+IdA*9C*4iuzDnvCtI=eD0Yvc+p@o7@IirGn@Ea
z*U+k3*WAbT?*1F>Y9gxGKC~N>(OlBq!)AqK)J4cK)(NUXOI#_7e@%ZAJ6}y4Vj-8?
zFqdC&v<IM<wc2e$sYk8gnL;DF#{XQ=Bei~>`*C&@+2F>N5zvrQ9q%lnRs?lC-t66r
z(ZxL?Fz9#5gbHuu)kZM;aX7J@4?ujz_Yga{<oLdYIn^8M6Ku3@4ne4om@>E>2$k}M
zbA5b#ij2d>wkwUh^I!{Ic@?JL`E@_C$1M-c&IBZS<%NV+I`t8aozFnCeAS8rEcr@_
zF{EMD#zSagi9d<PNV{&)^<F0<$~A34wnJ{eJv<kQw3pS(a~IayV;A1M2~s1DV(?f{
zhHyTYMEC^;`3bX<$H;7_`|V&z4^-2>_E*oh5x>oM&zxW|fySmjdsn1u_{>w(Ilq`9
zFECL!z067;<$b}!y=B2f@!~V6$%j^jy+lH97Oox_67CP*EwEj1Ho{<Dk+py`4Y!#k
z?d48u!}AW50BP1S(~(SnEnEi1Yn{`-w6UwB_z0_UCgK=%);jjkAGcv>xg-G))*n;-
zlV5t-btf=1RPfP6DID!tE%02x*lMcGqY8fw0q@4uW~8S%T}BaeiBM1A7|~ZS-CD-t
z7~7iRP4LqwCyIkNLX!YC@=bz#aai%JVHJ5yh~<UP>Cf)?b38|LvDv;kNEC#9K`s_K
zEFqee%?-cItM>8kDgJ^AH{=}tuv+|J-|0o(smMuVNvjVYs&}0-4~=GV-`F`7*3XV0
z4ft9Onjm|3w`4`S3>+dUuc=W9NTjskD7~G2|8y+IB5+uIi5RurR;(Tc2z>sO-98h$
z9clK3h3mn-I@zEJX!<?n9b)%}bV!UaU6fv`NcGLZXhNy=$<Nfr`@E;WlP#nE-;MZ3
z(|%T{WfpHX(i%U<Bi{KK<WLokd{nc^XuHdlYAw&`-IQJ<GMOHxm^s=*PB1>xkvVC7
zKT`5UmkeQ0uaSJP7kln37xXWH`ZZ88jjVT*{(A0vD@1zp5$JS$TXKW36H*6mdW0Vc
zxJg0kPN>zGVx>>Pt}G=Crv~!A0N0Q108doICVjhZjCv+pko&qV|2hAhp<-QTzC4G;
z;HP`aQ4%w5d(hDD3hPooBq1Fm<&{!b&CBoJ^wmeD2W$R~rZ0LUckXrH>FQPKW|m(m
zZmyL|Z|vmfR``-tev#KD=0<GHI4IL{FU2PcE>um&DF@z-L)!SGV^sDc`2Kt}*`Ime
z4_)nH$Ep_EMk1UfDnj~ulm9#rF|aXW9)gPIvf{TtZh!&LOw^H0Kj0v&|2YghI%B(D
zvaZggQK(O>Yr!<w*do}txO|%RM8t`{)9i^t>FfZc#elR=gW)y>ukcOv{n_nK47Gvi
z){mY&=p5i?8o>$L0e8x=?Eo0Y_k|jK7jmvW;g^=O=Sq>cc>F7sJ~F%T?uILUbh_*5
zl;KXyRP*>1hujcooRp`dQG8pe!qFbN-eD|oBG96AD75^*Q1jNX`g?mKN_UnTmV@%D
z?>egsmRsqFvBRP#V2%Rk)q5L7ALSB!Eh8n=IJ_Syq`#@rQ;B(f_;^<&gl!?9``})?
z(<<0nSj;|X!6sMEC}q?2`)_T}n0s=%71SN^wJAqH5;sosI|C4&t><Ktwf#Pm8}$U6
z7E&=u3tM{&OhytVCD!OIYA^hQy@SuODmy~A#cRrZsqrGtM0)KWOt1}G8^NiM;0Z?!
zvAt+N=NnyG?EP4cS5lIj0SvWAa5|<D{p{f{V@cz$l&tfSZ&mN2V%9+QJhCCL>dQ?n
z@+zr_Hj}3SdMR(_#Yll}lVwMjECBkWO}mZm0dbNI{;tg;9V2ZB#fc!LRPixAvifSq
zP@pB&g{2;L3fCd+>b8H}XHSZI@H0i1Y*iY{F$qOYqY>k8Y+lEVbk}x`L0_(jf#=Jh
zq5*!#Ms_;lS+yRD@V+Xe^R)Y<cgz?$$oPz9_12Xis17GA%hI9C^cGn;qpCDRD&r+(
zG1_vjPY!?|7dAHK$<_KPAP%RC{o(wY;s(c)(j#rAQj67Hvk}6YeYvaFpXHA!C=DsQ
z0lg@#uDe%~0owX*g#u)8jz_gVH-wKjX8|k@ftSLAYaS~~(g3z!=f&CK2c3(RrP=ue
z1yV=wK7IqNYmfgvcS7rNuIo0K(}N@YgjL>v+kfi28mJf+rrr!)_-^j9@0c0T=K{HX
z$(@+_?O<^L)VZGt$LD@RrmR;xqAQly^4J<g0+bBqUrb@avk_gnyT5*GKKQk6pIYtf
z#kJOA%cUetJDHkJ6{Y<X6E?L=+H}k2J~Xk<WGLe-k(feZQ^IZ|xqrpoo`;HFvVV<L
zutO9$c#XwC%4)(u!F6{m=>W;Vp-_x<CjnWAZR-0kO7tJ1M%)6NoRaC4lQa1pbnKnm
zU=yAk!K#?nJv%Ov=ZGKy_C@P=9#XnrPzK!n<Qn5&fpg8Ad>RF>BZ~a@yYDZ5Gg|hV
zwC#WoQXG#;e{p8UciG@*^%0Yf60dn1klr-a6sC&h-F8`!Tm0Z2`L<j(lC@XBbC&`A
z6!Rq4;xI*+yEn(-Wbb24X|Nje0TW#0Q_W~+J~6C+&`J6bjW&PP`Swa%e3h%YgJP7z
zAxSCP<*2Xnq7JirP2%yvuYM!-qb#XxjWc0zZIuwbEoSGewPvdVKZ)5Ib1D8A17x`l
z8>MV{(B)e7`6t-lD;?7VI2B~(2DsTF7YMa74&{-{Y_*ZT;kt|vn<LJ>{J+<;EgP)K
zcD#oIWA}$g9fp>;JgoGlF&2M+7Q56yKq|t0kh<IChR<=l7?xuhV(rKEF|oXP{(WR?
z^^q(kUf!2gAHcjWuV$XMrB^CTYBO&K%>w&>Wb#wI(pmmlL?F0qY*!07j-GNx*=arE
zc4Uhv8FDmzHXVWmT`qH5sTcUf^gy#D3VC2egl{t#tU6@=0g-T}6^s!J?bBk|ugqLE
zdEK*r+z#$^+g(rI_jLM~)a7v<uW6(WDJjZlczIWf@u0dHP-o(30N(mE)sxZ+?7jX;
z@TtrtPachBXIf~<=K2)oC&BR)As0~!D@TeY6#pQO>iChE1(vE}HT{59c+p&Zv@Zca
zd$5bRRmN&f0wx@JnY<VVMZx1|$|2~EV6U{E?$Y+aa{(M*c|Zs6J+r*r<)qo=fv)+x
zJ`<2qPFa&CaVp^wwbVtHmSj@Mq79_d?$<awDU*ykZy}ajFQz+5c$*+Dz6mi(th}iq
z&*T1OXp94RdiYz!P9c~VuI$O{&QwJP>84K9;BFt<_&5=$QESPi)$!$q#Yh&z$Q6Ek
z^ipa{Hi{jm12P0M*w#RjG#Pg9R7}~qDoa)=<DMW)E}|ghn<!RlINIv?10332y07eW
zWSwZ@{LsQ3;JQP)e=Bf?xfR*AWPQ&?5X&oETTc&)^Fl#d?+Ugkn{>Z>sDIl<TA1mK
zLA1#AzgyLs2`+l-p;Q@GA$>hBG?q88Gh-lIcH)q?R9to?NZ)WSUHM(9+ngsL;TEaP
zTR7uF)j&e`0e}jew}`Qx{4=z#L33)qSPi^%)SwlJd?HsMhU5r3N{Qnp=_D);3G{D<
z;|S9Bgwrhn`NO|a50@MaWp?gsB-~B;->u0UEmT1(9xyW}f+F3}#J=<wy#M1;6tZv7
z>O$oYbf@vB$x?aoqY{XoUTP#>-OJn!Iilw0(0EhwPY<&%PaH5V4|(y%O<;U?F-ka(
z39B9YHIQqPHc7I|fOYPT4Z)4O{EV=goTkoO`UNr#?NB?1&{uaPgJ_sh``}s3f+t)U
zr^>VRKiaN17fy%aAjJqXquZQO;{G!zU#!s)v(q(qt29u_T~$V61U!M6RY>V(nbHj>
zAa%03kuta;-oi4=OYDBkk`^AV?I+tPmE6@(-P1@+Wmk>-El$4JGBLrChj678Xi#!3
z0?>V0xApMxJI5ohnLNwRtYr7&Vr`_fb|4%5StzLE{lJ6w!{qC8Y^01}=E<e4CBA{`
zmqN_cM8l-mZ=&Mj^k$zoZDENkYjcaxX)Wvfs!`JUc?MeW+nF1rKwybWreQRN`?bHu
zzS4|n^KuAn-cE;AoYwS1{qPFMolEHZfINreL1S{gjDy02*khG9Ut<xWt1*rX+ON_$
z)2d+UcLA~WqMYL9w|955JENo51tZPZyiHs<biB=%N9f2X{2LuVBf|0(wZGHHXQMHj
zAa^2%-OtClrLKEiA!j}1T3jz=FQ}5;!CTRtSnSV<R23YE7|E5cgQM$Ly-mGZ`t9;v
z)?BjO*G+v^ZoK@%`TjWD!F`}3q@6XUuwTRdkZY(uMJ0or8#mxJTEx5b_09H$durOW
zUt^1+x8c2kYB}pK<qc5z5^7cZ8M)p?sX%#$Et=N3?M$o+ouFW5Z_IfV;<uU-5kpUs
z8=zh{t86BP@z*NCUn8Ijx(-)51eMCtOMXWXvY#M)K0=X-gH6X*Qp&`PxZVOb4BBC!
z=~!z|tgCE`v?^)x9S^l(c?Bb!3B%(!ya}(!wg)<+LZo!7j;Vx5(A|gjo3{3LXh&A&
zk1Q)iN3@U)WVz6z0m^DO7)6F!y%#;qth^0Y=RzKq7oA6XQ#PWW#Bn(;b;VfA6EGGB
z#S-&j;l@}l+k}Qtb}%MBkxM*VvhwVACUxBeFhc70ke_{>h#sdnT=ys60we)t!J=*&
zOSHz3a-nQeFH@IX*AK6M-BLx8M;O%!lQ1oCSts;JG&H8^Of^4G>Op^Fk?2Q5byHmZ
zs~-*CI51Iwg*L7w(`IT}aDuXfN9H<i!h^5tC#ADk9m*3?GQvR^K%sng*DpeYJI4i8
zTf7{|lNE)*kU+kPdYUS^)!kYugggQ&^Q58ElAsR4v*Hv#tQA$Tf$G|lQe7De(xZ*n
z(ic6?x4x7>AF8I*)>|vE@%M{;D`z{be7qcRMMZK4<fEbYQt>vLgrLh)gG*32GI`aV
z3#TAtzMs;ldU8)nAV!4}031bXj?MgRzeHBk@MUuW(&AxYs2I;nJs#Dw^|KWL{zT}I
z)hIX}J8pvI2Cx@zSfiUKXXjn1N_-;D%^fXMj9xC{2gw>S?^Q21$DSEv^34+AHKbRl
zKpM)EZu8jjuN;b5W!#Lit=?4YKH+R7LT6ppDMk)Z%t%KFmT@|G`DLgPl>~92;d$C}
z@rp|?X2H8Fs#ztS#!?X!gNKKwpfJHt>Q6Wb^mGsJ!gi2}p|j$sAdlcACycugb94uP
zXC2IlKA(Y5XvKuM9he9Uy+(Vq9Zq@R{tzx+a;Y>4@b?lBdc8z{>?3zr^}1?fT)*fV
zWJoytwKKH4e;2V`Hn#XpEt<&xlsqu7_p6?tI**~Ntiay*fj0@U0vSY&UoP|kpRyi7
z>_s{vB7Snt8%x>>Os+`4J;dbdUD!83tK>q2tQHo-2X)2M#V=S|;`Z5J&bD@bV2@t*
z6J!xB50X-#BC8q0Q)M)Oa~x%3PT(t<$<lIrLR*~aKD%eol14PIeb=2}h^DLP(yob*
zUlKeYq6r|}dc^pH<(&UnUEuEhd+Dd*SEAU-aQ%IA=Nlkn$h-bN76C=2QNCaw)b|Jd
zrl26n?Dbj8ys_}Dovrap_l3h>H$38O2W^<LJPuWqaY{hScwQ5wupimypa%U{PM)v2
z%%hwyucQjcSvRW!;2#Sq7e09=HiCZaDq&JvA9?6+2XCD-a1^5u%w+{yPQ+LCJh(2R
zgDzb#>?4D)F%RMq#y|qSa&8NdlLOB?L8;Mnmh{0b7KMeGh?uJb<r*iq_EAii4cids
z{uC|)gmE~Ynabl1<i#b(X9u2QaTQmq7JbsYynCgMDUe`Hw_ypS>FfKGWvGHdKZ%_x
z^K_mDN26DnZ2O(G=3nR55i%u7-^s&Y1Ac!ReM#4?hKO7sNpEY7T=6x1UWO5et5rmi
zyxQGsWpY(r*<Ui}-}tlYF1@lkAv#%2&-lQ->c_wtKBMzu&nblbKotM8hSDidkt^!D
zv%u5wZ3{A|F?hbe)6y9$CB2ZOm_JcNL@ez&B?+3=F2XWu0z*I&ZkT12+Xyi}6CF1}
zn8-0ab75XAbLL}}aaZU7l#GQ%jo+f*3|J)F_reHRto0%e_hL+rptDPhJ;^Z~CUJdP
zK_kAo3A7VIQB^TCwBN1PnPqWW;k}`nh0xi~Z4^06W>Z|;-o|>8b~jXVEJ*M&J0bkz
z-#?@XrIai}Bf2Q#ET)Osa?#JMwCm+|3`H=`L?A<vp}h#J2;Zi;A$%B^2|TAM0bSgR
zHlp8>Bw(ISiW=<-qkX*3UGW4ZjPnjvmStRG)_ug=>Swc#jJWL~;_B94j}yMJ#(23q
z$9~*6j@QIDi(ZbBG)STz05zmV#E@;*GiX1ItoOxSxLywv=I=I@?svhyQp0u^<vpLy
z^zo)D<%HJ+3<}BUN2F}&lR>`P={Cxq;jdiSwa$`#ry9+x)E5oZPuG*;k^`FIaBef`
zd<M4}Tde&Ng-!9F4&Br_3$ZwXC9a`?n~jsRQ<-l{FIN7^i0dy*z{Sp^qk6yjy#U#Y
zE-%cghs#Nu6TbAws@Iu;&^rnKr2R`ajV;T5Op}4gBWtok_rSK0dOM^tSXC}%EFeAe
zd0Ekb&muz%wdr5_G=WA)45h^NTynz9jD-qN_bRj3LFm*!!OOpq4WX-6F9LHoDX2am
z-sOOChl5W3>f!sKo9$lkC|1wfa>7iuu_pzI_xXAwwE3z?nR{77MTiPd4vBfc5afAM
zffc9T-5Q4{f+Ex3?YEKX)>G|j(Rk_P`O;vM=asmdL1`p@=Cg8iV${gI3-Gi%PUyRp
z+A0aBS6VXj`8J_it<mf<ZxA&U!qiMwFv#}k{+#Z}$v|^oldJqIcX=6H8yB?QZ@=%s
z$5Q<dA2_BVkjuW~aDBjM+)s~e)=%!~3~Z$|h^ZmLz)A>Zeoc}mdbtQjt}@non<Gw}
zkLoAevg$j5pV+wkRY{RQq9z}pJY{uppJrTHbkgl5(s|1>N;iH3V9BL-F35YXplV!u
zTa~G~U!y=iZ}2o2m|Y_7Jl%`2Zm$uRq<L}tv=>|vnD3J6!T(@2IR&R2*gMZ){WY~X
zI^il(`)7roOm9M8u;M^!MiqeOJclY!{qyJ)TYMN^tUn4GfL_!pS}?~NMq!iG{J3P9
zmQ}%EBG6Ty_vktvN}<hWfncUieU$wu7ixAf9G(^9%$&Yezw3v5bZ-D#SWE-N1WkQ#
zAa#;<7otk!MZ_^fg2u925y~@+(TV_jgEKpqx%(hjJ9|T#!MSpc{ml@J!o?gn!Op#F
zjqL+lZ50y?k=MpCW--y%%@g0Lx^|VcM}`|-#q~3tFI)G}ggmld;QVhbw?&b&icyrp
zix8_kc~br(O`j#Ti0K~)E3o|y3vjsZv<_DMafH438k7bl@vSP;xx#fYz)&5)OA}`|
zD*FMM2RFpdeya^D+u9;9Nm=NP1)_2Z?Nlz-M}Ot*w0f;`d!F;RzKegbUzr-ECY3f`
zKSjB2SPPIGQW5@B@+~NZOIQ+{u$xViyjnOfWH3L{xWz9NS7=Tp^(R)?xC}wIZUxpi
zxREWZZZPXb)|b^;E~jraOnF%#Z;s_w4laz8hk(51T;Z@ZH_sW5*(ch*I6h{1hWVh~
z$^C+2jW(N=a(_w6q;0mJP;_uh1b>N>gaZjlN>#kG%s7edDv=%ryXOzJANLK7JzKyV
z!rc6)D6!4{yl28O{8$>swf)#p(%t@|D~2*3Kyhp5uoiu&aqOSTFC#Z-%ZQw;2A|d<
zLHBBD1|FBp8n~I~X3p;*Kx=Czp~wAho9RLt+QbMd`1rjTtyS#aLZD%tBFbWQN$@Yl
zz8&OzeJ^Nuj<gGRe<>pC{IB4WBz-g?p*6RWBVz`*FE_LED;pbb*{gdW-#_$mU=)su
z`0$c+FS_wN50$(9Q%>IRf3ciSHRg>9xV*rkQu_SCZON%7ZZTpD&vt_UB#zT;(5;<o
z;9WsvmNpBqMQyC1ANPA4HKN4DlLa{kufq74J_6zX$pMX%jD7@NPd${y^@a@e*L^K+
z%}F~;fHbKdtW3gl?`~Gx^O3gG^R>KDVK3gJ{AYh0MV2qg64^&7{ADw;h0howLsVx8
zl_}yry9GCmF4N9}Gu9=QLwG-{ls|_u0xlYUSXWkPnzZll|80EC)i`*IKePbqKwNfr
zVV@5wnTZmu(utDM_#E=Pr~-*9=OOP4wON~Sf!%2;mRvETKaoSG!bJf_U2U?O=D}HU
zI)dtCdp}zjQNYu<&~)m*fS=#^*vp2LIor@VaO01~rxFId;65J-xE4<Dp!8W6^;!(i
zqpOIvq{5Fl3&35_u2HA^I&5R6eNMtx+rC1iOtChm=nCppnSkK+jid$;5*zgGX(<Up
zb}>4ZZ4K-CAwV>kkCJl~;rH;-vaQv-AmiS@vISfdAD?fpF<JP^s$U^n!!ZHgsU2r{
zkn_#llGy}dXY7~V2AU}rkvICbb2FAwc+YH_QC7%(CkjgvX+}@myVHsUk?6~ZX$<vd
z{@qt;d~IHWudXI$&*ia0?HI?qDxAn=l@M8-XYgVY(H9N0BX6G_GA7;^yz9OrKs_7L
z?(Y@S(t!#@2iYWcj~}1YcoAV71&S0KRs?q^+skIw7ojU>5!eYCP!cNK3*q5M@HZru
zoeR~(`9zA2j;=8ZmgK_1N%5aVDfHFCeV8L@+8WG;CF)J02+9KZMK(pfJG#v3{MnF3
zUK!_c+kkqsZr+e|J-O`Ayw4)j;dz8Zu_EI60tO!-9HVW`vnk4L2+kUFwcFS1U0tp`
z2p`p<3o+6<9cW<;Sqw;S$+S-1zZpy-8wO7l?9~If#OUVJX3aS3Syxq5gm1~1^e=f!
zNzC8tZqA~#U~b+PC*oEEN(5sxU-wYxgsF8FDMHR~iCHsF8ovk}*LKEYQy(#Y*iHz1
zwQJiA*WY$`@FGJr#oR3^zi9vWc9l!|cans9G3=yaa-G|g>J#(!Mc#&vsEg7dBg3n+
zG0Q~s2kTmsXsCjWN};15Z%B|PH?U|%tAS*-x`;Q3oyh-7!a2^-USI$Zlh;$R+j7gR
ztoG{(U3<}BYKw>%>C2ydn>~#{aV!5LX`dIo>;#==3JP=w-59xSG|yPCPuX4^Rk^aT
z_aThYHcg02vVs+Pi451Q;ZCTT-zzm`buw%k3pYU-HBAQ<an&o->&~o6c4@};^juyO
z8HJNrRM4{Q<Au)FH6wSNSAQg0%+PSUagJQU#YK_`4~&fNzkt@?=~Q0wmt?Y^q#dI?
zp9)I+LI}!m#Te^Z)d10kk5R{eE`)b}7<l0RC>I8F9V}elT<8a_LL*&%jNWh`M2mQ|
zu7h6dNg-_MyI0h-Q^V(k)n_3&^Q>WDS!W1PD|p!}j59k@#(r6ERPzyy)o%GKvmUb!
zVl`1}_ue{^h51Fpo?q_7%Pq!1_vD-L<Ne-SOxNog=`4xoo5IXjw4?ES5#viWX|qsD
zdX_`Oad)_xE1E#urkuBjqQnT^vA<#gdEvPJX?-Inlh_9qZ$sLQ$LX_pVKe~89&JIf
zOs<%}3RZl1DEfz-glK9EgI^7<`r`5z6#69!jV=bXr-R$awrlI3&dveM`ho`BO@-_M
zbiza|0dnsaAC=S}Sb+;p(CIQyl?jb5__I$?ukuG{rN_W-IM75@j4{M#d1pF49aWuL
zqgau@aQ^KXNeacI*q_FI<|TycaC4$I*I_`&Q_bRaqH%E>@OY;hwyeXsJ1fl8eTDve
zY$*>tYe6O<&iU!bsMZ1Yc!pwh7-c1_qBq>^d|#mbFNXTI_OS%#I6kG1ooP0YzqWyP
zdaku3+93RUuRBZD#;n4TNVib**ybV^lFO$BBb`_Q?Z~OAQB~%2%6t|-kY+sl=R@v5
zuw&Nq>rntLuqu`Y!>ehw5o=;AhNKbincO1PeuaQ{;Rv!#5%C6%A@SI%fpC56;1578
ztZ2wy<}aPDY!$d{X7^jY{}`s*wnZc`qL1$UU@ofdU?9N+v+f_AkDtA10#e?WRs4NC
zTD1g@8|0wu`Q1`Nv=0xK4z8qWdwK2GDH0*I4}U%yT)H-L6ca>DjLym!&5Uv>zp7oG
zvwTS2Qw^<<q`}QcIP;$Gq9?|hW8QA<Q0w?)!t>3~FYs&Hip8@N)S%;Qip^mY19GFK
zjhOUTA{jD$l6)znR3g+<ahoDVPF7;ofKvZ5%Jk9*M0v*V;)LeGt#1EloJ!%#I;%ne
zM2zabI)$~GCBfpdhQ1_{vn47ZnN~ptMooIZV8U~;#Enmbvgld4gEn>q-rExk+<FtH
zhj98lWeo?ktQbT8e2xJrm`VTGGT99^=vIW340PIDqdO>B7N`3HLQB=V8dyBYi7nRp
zWhqOBlV`V)wK-6U<SjTt;PPSxd$&bnxo4;T1;bT-`a^4XMbJNZ!#Ci*Qp&zF;}!MF
zPiT3OkTg^~(wlb_$h<gsl#P5U4M>VwMX`U0<BVFi)vYtNcy@8}RGS+U<!G5cm-wP0
z{E)(^eTZpDd4oRKlrbL1zbs=l2v^kx>AAise{yq;8WFLjc-=YdWOon{%o=%r9Z*u}
z$mqoHgZDU>jb2ZV&|jDs({$Q3DA{52!S;ee6ynuBR;*McqmE~6t`-_$gA8v0gGEQ^
zI)49_&m3Vb)~(%~7o=_Z5*TW&;_UQoxzsH@8_PpNL`sc+0P<C->v^4JmmM68E-nsy
z%t0(1xE-)(q^0}y#j|9mOc4i{BY;=&L7b+Tq2uI3l@}+!s|{v+Q=5HBI*IkLTAp=?
zbACDpX83IYi|3g()c-rWThCvb)~#E&{XY0#_}^8@3M(VpeS!49ATHj0shIdzzGuAX
zp&K~;DhzeJl`gr}E}4j0+~5h`v2^7e1mm(^-i-or5uwLn_{RIpp;i=vBK2Z%35yQg
zGLNl(fnW^RiGNss_{C?so31uNDkE%5Iz%eg!nbo2uu3pVX0Ly$D~1l78cVAau4^)a
z(BJu*D%_`PscL?2I2!w)h#Pq}m)v9wUa<{(WFM<@DY_3uo$R@rba5Vgoi)o5T>-n8
z+|s~b_-mgWB?|<$l>FBG<G6(Z-fkE5m1!ysUX}25|GG<LkF?`dRn;y&j+CROCu1gL
z+KLiz0t^_XV0qGwX$5aafY69Jn81Xbj^!~NCREd*y>t<Lq<|z{g*gA=-?wM`{lf(V
zcC1G?vS+Q4&i9L9)3To&x$HApYnUym@gtv*7|XI<l;g46jKhI&><7Jx>kpU-2Zu%0
zA3nz^^YX*Xkhax;tCTYbDCrHtrO5f!ViRTVqrPG$DGRz}gaA%Alz>b_eMUxM*%ipf
ztaUn}LD&_;D@bI3iX75VO6h+Zep_1f7}J}Zwv>QT3&P*`nuD@}@exAQe@C21$Pb(l
zJl25vho`6UN4E8+z0KJo*+y?8(0wdYFFgOt5UZJTCoe5OV>2^7d_Y&Gfa`DA^DO6j
z@^gg?T*afYU@byM99P_No1SM_@x!_5BI@D*qvDs%b{T?$skSiZn0AS!-VgoHzde)+
zXmbnZdg!B)z39Ga<b6>NVy<f!Qb-Tn-MJ12dDPd*|9r~RlTb<5>Diq8rjT<!7^ZOr
zm4M`s63Ft_F~8=J0)R>#S7wiGurpbzb5zdO8{k_T8NJH=^_gW(a)sQk);u*>1Fdl9
ziH*OL!{hZOcv*tRs3JF97_|RFUExB^=8+ejQGeEvlLXXH744PK_G>KLUtWdN$-7$R
zY+2N*bedo+3ute55fCM=C0<orphC*3^44}$N{nAF0;-dD!#2ubNvcaT_~Uf`G4Ql3
z-W~vE==o?yg7g7|ml@$;z>g$N()~~lv!z<uE&2x^=^$fB*6*c>Y={TQq<@rH^-~KI
zZG24}{gN(o?=2qNcs0G{W?%)>;3|3T2Uo&8_MOLtleH#uS6h&GRirvfzNfrVM*jV9
zBmXvnWYXhAmI&BnUVwHusw{Uac07cHgoVYU+6(hnFL&#?>(AkfGh>+?WmQZp;dpVR
z;4?tV<le!S3~7x*_et~0$P>xlcs2u2UTEWSooRIf@&g-<jfgp=|2)RWZ!0D1+NQc-
zHBq*pF!;|D>eGuL8uO#zrRw13RZC^@*^7UW)YlO-?T2TA6x#Mf8~GZ2TV#@fXs?v=
zd&&{3nd|tse__HegYb!Q>|%rhZF_LBbF|^usdVS;?6#>U^O2tGVXFmydtx*#eFe9{
zylj0Wg_2q5U*2mJHXHCM^Gh6w&kg%tiQ~qYh{AGT!3ixJJG3V|<s(OC`lr`_O1DE9
zzjnA^ozF7tE9JlO-QbN}Sc3#Ga%A01c-TK}a!1QXO7D4I$dM5T-iqY^B59eOz|J^~
ziBD#6{+GWMnK%iLfA}>`o^Av>b^fk=t-gA^2M&Y6A=I6f5Vb;+{u0iPWgwSB`s|_O
zTyVDL*I>3DtO{b5_bSc&;S$Gfg~W4q?XAuD!_MCt;b~@@36=nVsx|M)&c^S5;Cvp~
zSWGU!J<MuZY*vetKqgL5tQLL?ZNGnTMn3uE*%S7nf+LtMpC)x0S(ZgcB4$z=FoJl0
z121t64Md&k93ACUm0kiaNs~XMV#?zo>J*ihGabzq5l=s%=P8zwc2*f`s2O$Ke<pQF
z%_M*Rnms8$5&Qe!hvut#Lt5WW{)@<aUh=0(V@Z(fR)Yh2i^%1aZnPn8f>FPAvzEYN
ztmbplm?8fjuF1iO`}K+OYnWpj^!*_zGZ$vq4P^ou0TSVvog&<HWclG;=YwRHuvu1|
zmLdrUh#8W4Sv7KkOPnZD-lv|Pgc$J90z^BvJ;mp{+R2UY67*;4PWj;*zC`g+lYm5;
znI4e3m%r4WF98<%l;CAj1VdwJ3)yfJl7;_rO>wS+J3FZXD=-{d9wlT^&SaT+01e4b
zrZso*yFk@o7m7d8Q0x99?8uKM(m}D(;U9CtTG3Br8jJvc+=PF)Ms{#THQ`4t+tv+|
zYI*vrjU@esK|=)y+8DYs7wn`qtUn?%smrsQJ$lPUK7q3>E;3o~J||-(+u+8-_H}Vh
zzkb1cH{6eJDU~=ll~`A3Z)thzUERS>FAB{ut;>L*_+Z8jI_nnGMzbS#STS!;{O*-U
z=Xr#t8}|#M_dRE6Y1lJ9ii7Qee)b(k$VZgxI~qw|nGfIlvQN&*uudyd>~v2_p<O@W
zXTmO#45Yk;6O#t%0m8k$%73$90$HphLEJceIt=hc+Cw3dlRYf~N@aE}?QdtJd#2q;
zc7jO*+P}1H&42a~YmDh}c1p#@%StOwKBwOnscw}CVr(*@7v%4F@Q<Ikh4<;=CfOe_
zZgnnnJ-fhX698ez8{4ofQo9!or6-V`opu*Sf&)erx*P~Q+CHfK%F@ozkq|tE{&ZXT
zY85XrG`tIo2##nEa!n%4TmFZx+{^f#59Jn;Ah+lb^9uE5jg<NN8!e1RjqN`!gc;k-
zlajprLN{uqCB<kLd)?TMQXOR<i&(HsXemkZu9nI8hvNUBbM;&yL{YS`&0y(%kV>nY
zr0zzvOg3}L18vcNuFoKwU!J7=%`&d(J(304hW&5}mJhq(WCs&MrWI9W?lrdl3%t!l
zdX3e2jcul<=#Yk6U?%J&1rQQ^zTh3SrgT*QKLjlr+XzRCS-pu@QOqPLy3elMKxYyH
zOr$S1xjYI5`PZxE1+7L)lLy{Z7*AK~HrVfnL5~|IOJIEe<1SCPjai-$O|ILQwScD+
z?jprd48KkI>xGsst!G}`>?^NExH6|Q&+O!?2i{{?Rg&9Q7~b*}N*^q5O!E|cE3@R*
z_&=v7o^;e-6#WqGHyakOQ{OM0nc}BMtHC2D5EG0CnDh%&{317gR?&w_0xGa1I`o@i
z0Qqcs_p`-Cw`!$fd)kE1oq=A57n?tf(Jv{@^RZn;N7!Jpp?5~5MM{z3_!A4ROQZ6B
zIWkr$&2foFqXUEghbxD)m7tx5FJ<`L!wC3bbis2`*v~z~T2!#udFrl7i~ThgWvMP`
zN^t?nt@pcx!@>gGBih{>+diw2t`hcK*ilXQdU%TT6k=-(QObklA;E%}p*v?<UGvps
zJZBZCtUi3CkHMxWkN}|qSEC=2bk0#~Br7ag*fBo-Tm*j_y*>ZA#iHXkQX!*m@H_hH
zWEEi>iLc!j-j4^RE3h7dVM2_jMRLjghA@W6(0eBpLK>6p*d|Bli~ph2^dF3tK0p$=
z4@R56hY|MFA|Bo3=t9@3{HI{3eOZ&(kk{+O-e_1{g&pbBzoBDw3qfi<4A=tNd>LjV
zfQ{f*p6_YF>8T?T1>d^a#UM{tlJH&Yq?}>Tz$t-M4*3O^O+z#81m7O<!)qX{<BCZF
znhPJ|1x|k<0la#`Q@(;}{~(OaYa5fKKTOMzI;6*s58xRqhJ=K0bGF4c<pz2%>fW>H
zwH$t;$NN?fVEnn5M9zYhGz4MW*^&}gG!OJt3=q>mq-e?U6wLEjwz-CqzWobFweHw>
zy=_@Z#7zE+IkKI~Rqax{S{%HE{E>_~lbP>vujH2rGl1s3w1a`5^2bR1ZP(+vA$h`d
zfC;Dk-y0gZ>dI9d!dsjNf%DE)EsmM*#s=%M5ifu0$KAPJ#DnW4tRgQxe#MH_&klMH
zc{(sM^gAhLI#vC8{vWr)jFz?`6<Sr_r(AQxkQJ|_UD-5_!yE>y6u!gEQA*uC!lT3P
z*Bh30^Wzh40U2XiSa;TSGXpG=?J09;gGqNj;yuL8r@iweLWd-^z<X1Tj>q+qp)F@k
z2HZA4hFqq=UGOVnukY~M%P^|Z?Ccu`m#Li(HX%=(09U^RJOO+!uW>sgiI<lb?vih>
zwcDPe1YAcfn}x?FI^k}#W;qytq5FpqIzygz7BEizP*+7IAyjRbHOR$w!KuJN6;F+(
zu2PqPlGz*8S-ABPX)#wNZY5|VRUlrjK7eNOriuiWEK5w18<l=UlyYb#|AGBZaM{@Z
z-<Ktebi@7KY^QjP-vaMp(uD6oA~C5y^N~b0f3zkh1kM;oRS7n(^6sW!A_|rVlPsFd
zQyP(nC{1}r2|a_<KBL?E^uLcz-lO`~Fqc7m&A-JeeHoFbrO6^QX`dhqd?`1ajj-%3
zWmHf0@9m#Q_s{FrVYka2bP(r1j9KjuQzoQXfTI<dpKe>am9F+C(=F};baqE<72u!Z
z%X?s&j7gYb^Id`9&rL9+VVh<b2O%XfO7S4f6~NTu2A)2b_E-hVw82~n#m}niWyW!$
zjH34i%H*&}*D3HxzkQCFVLKS}{hYq`-UR<qCEL-V*NRdeh=miYDnd?K=w_~sn}V;G
zot2gBqO8KKiE8tIOdE|dI=jtb(DN!Me+EFOm@cSF)HfmqzL5%FDTH+Ny+J6^A6d?2
zS+_!K&mg<LpAHLND{f!AvEun|@k}a1&Mr)m9GI71V5NBDgP)o78fBML^Ixw^)uq38
zyuw+8)q8?6X%!lWGDuwa&?XSHC$mX5st62nejSrdkfE!k#n(MDX_x+IIC*|FmaXvS
z2icW68*M#{3pT&+hKJYS9ZI4(Y{6=(3ObY89u1<%9#b|m#|*HRnT!>r#$=;A7_;6^
zdnZj`2p=C37w*YO#yM@$HWD_n$*-a)(Q4wjSVui;B7jfmiSxfAlkJF+1muM1lTflt
zL0B=#flA<GawrdirztqO0GPiC`2hD%c&7cN{l)$Haj`qTW@L9PlhVei<3hUKZ4{be
z7N5l6=I5k+TWvs`G1D_oEe#(46CNz-3<SsfOZ=kj)4E?-zvU*<nB-bCpmaxZM|MZa
zwQ{k=$|apZn3I_^Bu*Z5Ev~EnQP-R;C}WJOSOnm&74(j8a{+d|y`15-)cFyvd~s{E
zhO!>+G5Z0DRl}J@j^RgE)|eaEzGso-(oSUmkB*~G)YhD0#r|3O^as8vD&%j}EFMvH
zmEQn^5%~t2?%pa;Z1wTxXh6g$a2hp-gSVvmOf0XA=-1N4+H$aU==Z@Y92W1t3J}b-
z@g*mJSOZd_KiDI5JVAdyKb-1-UB`jFpJ-(DLtnD_TwyR0=I{3?Vjc9WvAmA}1!+6c
zevr2)Vix9)X><)ou}xb51-kZE=jnS`Aq+{0KoU)_L(3X94-|sDj0O~0<XrLeOid_w
zlO~*n_Pd&5?-KrD!X#$kL<IZvhrw5)C;w^?r;IgoyBNS5#VJ?E06;`b(~0Tif5f{^
z3c-pR{B{_CLkp;$O=p!$*57`j&Cg#nx3lf-U;PO`H2G<{A@EnSn~1+2g&8a=-NUNK
zv2fwb{oObxQc|X?ya79IgHBiFyV<7`JVNc#i<kT}kIM(%E*5FBW7P%xX=S5Y!Nr$v
zW)IY7pne3n$NN^-z34LkI-_GjJjq)E{MKAdP@=Fj(Kwhg_C=aD-iIrp^#K_34lSjf
zpSb1%F@sv%!Y%cC<w#J)usMGura=Mtz?rk;AAldVNMc|pCAWPD4(E%84!D;fW?MoC
z>-|&w#QF&qp}WC2d~AT}6RcMEm^6He1fTrRD;SH)+i4~ZnVHa8G0Tt@{A7*JyZNp)
zeK(q+x>f-j=@9jhk2xTRSM<gC1|{I5Vp03^<tSA(W~}lS{^s*Lot8Q_M{@~xcZwB%
zHZ~(6MMzhR9i^&e_3BUiGA1!^a+XNcqCQ#U253;TX-86p<q9G%^C^B?8>{cFJuul}
zVbH!|$<xK#3C+H&`yC1%b7R-^3ERlPI0ctLmp%tA1JBGy*80fH4@8G8X^gt2{^8~X
zD%d#<)>gG>I+x>&|9GxRy*6<{=VozVopSM$XtCxo+u3{egS;x+jMGdo4?b+;ekCTc
z?)l>t$0JG^t_G+10X3}8VIh*cq|f?eC|z}m+8^gPbO_MmKJe`>uzmtIS5s>!z`lU5
zI@)r>NTW#}jO2SIUf-<^YE{5i@RYWZeg5Xvf8PHSJ{9X_Ulj@Q_x!%`^!NxlkW%Dp
z#d1+VfPA*ND8TR^9-I?}##r2U!Ds<+N)tQb>RAX9+<7R|A;Jhs9GCN5*B13<UC%=}
z3XegmnZID=!oOcUW*u$(Nhe(y_%#6TpZ2hhOb~u7GgP1Sa`@ypE+&Y&C$ju=5PE)*
z5NNQRI+!GaB)!1ujvD;)gTq$m-8#dHq%bctxCP^Zvsss@eSGk&k;}awdV{w)UlY(|
zVDOz_d2R3({|>F)SMPtPM8ScCX`#DZH5t~UcY{YQ&SxCbv_MRF!cnin??h#H)ipi-
z?eY4KtyIEztg28qX@>75rB%+Mk)e#{-Thk}^Djp6^|SMrS%8kOIekX);c3|wk`|*M
zXmCs3jP@6?|3~{Y0-Gkq$Sqmg_9=*Fv)smep911kIhl!0z5CbVk1wrGUZtngGoY4y
z2TtB02}~Fz0;@Q9B`VHezW@GT1xL#C_qpkD;ogBUB<Xm4fWRd!DBd)dBuvup#O7#Q
z(>=8OIIB#v8P&N)7V3so@*j%>0h%L8u#RMRls>C7(PX$|pdG>3chImD7ORO@hvr>7
zW&XMTLPlG-bw6~8k+@S3t-7+aTk$`}kEO?hJpbPW4vjO@v@(KD<KZ?(vY{Y3$ofg-
zd0A=Ae`R1*qy!fILh*yCwQ)lc3BE*eI-Ij}^o0Mps)sin+2bQA9i0JFE_#bUO~t~z
zWb4ZvtpBmHN!c(RV>jWyQH6qZZKJ|KVE)Jdh7wst|Hv>eYyse=B$;QR;z^#&AC7Lb
z48O31|HdSQobkL1(tx_ebcjriKZet3uywxxpsE7&U$+NSB#C>h3}7qT1zRGP#GA8F
zjp9EJjFg1|MG2z*Nz%_h@x4Qx`+Wg%(fvqM|6e%wmA&U<owZ_s?qHl?eUSOMb!eft
zRsv2OJ@J2=gtae8ZK{o30A{493Tmu5WW(=%Xd<Zj4X6IU-Byef?2HY;lz~dKU+z=M
z0EqHBzWvv}5$&^OElm;^)UOopwcHk+9!z8O<+Lszf$Bh^_rE`mF&+Jlw|6Iy$HL*v
zn{$|DM3lF;=KtDM6*V8__+chakdQpe7of|Tl}`a{vp3uNm33+De}`j1A{?_yhtsm}
zD`moscpdkC+5g?m6tUN!+`rA4edSB%p#d3b<Z=Y|qx3?{?J~Rm>%>t@S?G(Dz6y%P
zjQt#M+C}7TUZ>MOiCN9@AH7R)aV;obnswnr5kXl0FlCH1CGimgs1@Ts4TlY;a{>r6
zu}MvahWez@J=YqWtz2W_Kc*5UIY#2D@7Lsnvvv9DU&BD&hkDPK|7Y#P<=WB-?50GK
zp#)?`;*D_pqn0)5Df$2Z8%Y{qwv~bJe?7hrO31HO)}F<#bB_HDtL80KjB+<0*!}e%
zu}mX6zNTV>#XlE&@5>j#Vs(d<iAD)FY0cZw%CADWv6Y+(_Bcj#E8|iB?W%9RDi(CP
z6ROmGX-XR0=@3?P(;kJGV`-er-Y>=f!V*(bJ7B8*am?=jK63m;l7jUXI=te7mQ`Mg
zTg`)C9{wLsUm4a$w07IlB1MY3mf-I0?(SOLwYU~{m*DPN+@&}K*WwV|i#y!(ob%oM
z$dBa7%w*4g_Pl$&OBNvhmAZqp8SM4zRZOL-lJ@mq{%65L|LI=`Z^Yl@lOlVC5=yL6
z8=n|p(C>;_{mlCtsss^#ob$4DvdQJ4XOb<}f5%9s^223#X~iWS`^Gb&_(y1A<pC4v
z0f6c)%Wl}2`FvehCRO%<SlZJ6O{XtYw5n?KDpY}WLI8lM8a1#C4=m3IfhX4va2iqf
zyvtda`mI^Ti+|<9NNQvd{BQcF{=U|tk|2i<M6F1cDC1JelPRVHqt4DKs?TQ8h?e_M
z7BBxrU>*F<uMU#6`~O#_M1!PM%tr^V)1gNf|9I|KlzgB%Hf-zKp2WjbqU!C2RyhWL
zi~P&-)KEm(wR+;8k()Bco;bV#25ZT7NmuYFaseAFc|`c|7*mK*LdCZM6RP6f1`oMs
ztE+1|yoO~ubr3WjLlqefGK!h(Zj+7Ce>@7WNG+1}q~S#hN!N4NDky8oZQ01Ban!Wf
zG{Oa2$pBa}MCU(D{TBvY<=(}1H9>4_^^s+*IR&=i*b%B6>#`@g-P7iUwupP%Mml%B
zzG@69<=#VT8O`5`JdeJ1s6k8sua&DMZtkxDF7Df3yr?`PQ&X2_h162b`2Aw{ALlGv
znzdb|{IFN}Tlfts^5uR)K!_7>BPtB|#Zop=gKtR~zJCksO<b54W6V9T(C4!u9m_Cf
zRC?*>td_0fSUS83MYPD1?K8fIa*^id?tAf+z7Nm~9}DCX%3>DG;CpocD14fFnKv(#
zOEz=g6kqb+PioxV4l76bjM3CI=Tw_1A=$l66}jJ&Q09(YlX=HE0GYWQ2?19muVs$t
z`pho8)sdmLrw`+?6f^i8$R(=nvH7v{2(+;Vr)3^Kb@3?S8h=J9YXUu#vwvb(TbWid
zE11lt7qhqQe=JOGrqf^TjFJ8Qmc#A`%0LoojLIDAW{212DtVzP=HU*wxK6Q6sqoVn
z-1!{Q+WAE68%*@Dta#Kd>!&bioFJo|5=mgVo3XlxKl3c0RGeeL@VDly6<RR16E_U~
z)>ct@3F>Orj)T(7<o727007WvyUf!5xSx3hah_x4znK<ov|ga`{L$NJHD~#+&NPYT
z4vpozk~)Ui5c&u>ENLXuBS*6ttoZ|cy&tUcqB+h|tdk1eo-8kHj@b3X9EbA=%~;j=
zx^bl7L_OMSbdE^h?VaR>hGfa<pI`wbF;S2hu@D;-mO5CHpL-N$w5(PgbFCPEb0h`b
zij~A-3SU@iV^s{K($AyehI_j=nX@xQDzS4I{U8=Ru9Lu{IuK)N-?2KzFH6MM@1V6_
zU_m@R+DFgDXQ&LGiJD$9zYMB5Q3F4;;yW+o$BwRSIH$4T0L#wTyVauu!FO(b_jT9#
z%}oa&8?4AxO05rh*KM^!F{Cij9Vo81TKh#)R4Wj{>6=cWfoH*?=h5s*?zP!`cJpM%
zYqjuQh?9Z1q+==A<>2@yOodq+6TdeQvCAhl@*&1dzBN_g*Rh3*#U3;M^(hxc2d%H~
z*bxu>@@LFAMz$}HscOy&LMsW9KJ!>h)WZ1SVj`6-c@`o}(cF5!fgydSj$e5)vksYA
z%Qu0MCFg&M-q_CCsZHFrEn;@^t7fx@#r>MIuat9Wlx5IF#JtiuAc1tAi4iOr-z~#a
z*L_&||K8TBzN;##q=4v?bN_BfQu$%U6NIL;iu!_hp)&ZOVe`Mx;jv1-As65I0%MdY
zpcq^<YV@cJF6)Mg3M*^7Giut8Y48XL8mSSJC>0?Ng-7x(kiE`yG%hO{;v6ba{$Pan
zZ-G`Ld5J<lQhz+MOu`12pd|5nlO~wR_eOceD2#9b+1oTv#NR-r#J`4N#{KJ2s%uI_
zouw&zm))&rW7^`Mw2A(j4Y_v5eQzsg8Gm)Uh)4*lDYTmf*9ELBkkp4d-*RLL-us3O
zp~bGYt3)oQsQT1lC`)F<Ikn5+HZ%SFCB`$U`vl$mRHYM(%j+AxdJ1ooLE^^0$Vy5?
zJ-{DFDWOawNzL$&1VE9LfJrM%S*`C?^N`~8^zO^}`aG9g@+L`?pQlHW8jYa=c-#Go
zq59_7_VXL*1eIxu!4H}ACyJPFM7WHr!e_bj*bNSF(YDnPJ@~N|1ZIh0|Gu2TZgU8+
z8syM-8pLGb_k|#IASn|`$uK(%>nhzA1#o;E{3z1(Rz2zKWgV&hb8VQ_-=Ckz7^sQ9
z?f1_z`TF-rH%eNBbl(&+&Q!N-$PmA5!5#^|UkmQIOzPoSKE_QQe@A*fsCTe)+dlmH
zv(t26()BaTZ?VChx^lV+skLE0%_fmJwMUW2^ufyx?<U;hrZvvB2@s{oN#t;-Ut$mg
zg*|y|m*d;hJklAQ0b{?fQ^@nd&uU<(<=`*L5GK(dSCITt)p_FEU%g_f?3Yw$%2Axs
zNiBj&AjNsamN^`{-f%!pr$l<aSxNUd8O>Ri6)Nxy0(Bmn_z_>VugaiF;%p@5&8~a5
zY?S}44Lt2$#`oPo`B*;Vc~tx4D{4U#ire!p$}{dg3hPy&{>|3~qZ8F3@ISb4%4eT-
zesNKv*7wZj=(g71cTVChf-)zb4dMn<&&;k-Yaowp=)<h<|9VR*@{I$VPU}06CN|$#
zs>eT1sD+MZHaC}UZng=q8$u4h#Ha9_{p2j2gb@I7vZDb6xjcVCILv=O&v);6Uazle
zXiyzni5O~kMKjtGE80*|0w7l246z@~_Q)XEjsNJcYg<3`R^3D=4$`nF0ACI-+w<f=
z7wxS4lC#)KaUWOq3l&JVkAt3kUHB=0E?1T9Ab+XF2yMcJCu_})4mI^~yu_5?L=ema
z^vp+#Xi|qc+}|T?{57rM?RGPl&q~wC!=A#!g6e86_YBzoAwchk=fdd0iXA{Ltyv+#
z2eaF7Vi6d<7W8==j)Wk9g9K7=tvO6z8NOveM5jCSCstT%)C{F;&*Z1Y1IWTG2jPID
z!`!!M1HapgqqK{6#=VYGWv)KL-&`fp$R%Z)m$B~C5U`Z9eJ@q_u#otb%J=+7ZlUvX
zXDZn!#CDal#BsoK7rW;{92Zkmz#_|OsI1&R<dD~&ei~P^x)gMQTV!?;xi8Gqtk$%q
z_Stwjpi4hlQPNrQ=yI5tvE@sz>j}jiM=0}I%#7@dRzSzS&bRjOTkQvWT!EP~$kUiX
z{te&E3aS!k((#6iSmv`21y2TJX5q#pqXo5ce$_^#`zK0rw#J1R!dU$o3?k4{TpWfC
zb<twdcob<t@n~#LEc}WU<M%GpewWUt-&2%nufHG-WXP89@h-`}5>=cna->FrHLDOJ
z*j`4l&09#Akx<QHIX?W2#7&cY6*Ih|d{}q9m}oQhbmEW~t+wIy8;)~nL0lDCAkFQ0
zMDnl|-@XXI*b!|`{LEr~Fga(z9I;fRu1ykaG4=-$2`OTvKfK@*^0=PkZ|Ix$rLNc<
zzbC6zM>bgSE~H0M_|F#CWhaJnC=mT*&2>rNWyABJ{JYgwmS8QQ^AnaCEGMS=A9`t=
zywfb<hu?SUiBaO)kmbScY0|x0^ul}d8SJ99pGw)!F!?B3oM>CPpslVgFNo8+5qf+X
z8ildZlOe;&FTZEVCj!70kP;Q_R9piWBP%~5BT%>6V5(~>_(<%WocN3O=L_t0Fbnb2
zq{c4B?+AcD3tEVd!3Z}XZCku52;mWe8{s-MGK=g8h!j#(T8>&Dzss4UaDI#W4aIqM
zqQ%E>6nA*9Sai4&VwX&ftm>dv^wHkfucbA{UQerNAt;EBNOk~NT_v6$Le`KPDyzI=
zdTq*c{)3GHQYXKsW!~ITQR7W~1XL99TD|TZgc~xiwSkD_FYHeLcw(=d`FBg$UGFQm
z7e0b|mwc@K;ei6Cq7&(N{ycX4SUs<24oBmxQ?@)J;kpceX>t%4JL4h7PsS!EkC3M^
zwefy}BvBpnt!={u$5k(q1RZ97&8A02j<zo9Ot{47KGeCz1$M=0qSE)$fsd`{e#3^u
zEJ4j@tWJ}988Kf93BB@(wLF;r?ll3Y2m4!=Q4H@JwCMEiKBv5QCrV&d@8GB!;FHd!
z6wjY0QTJTPjS;g4y{dwnyA$GEd$KlWeiR@zF`!rb8&0@P3mAmnNiCe)z1TE~ylWo=
ztxk|jY#t9AUHR`^fI5ghGbHhW3Q>+^E6~8mK@uBm8jxW~h(YL_nOQem%<b;)G@6)X
zNNoIZb?kKHHpcp|BH1cIskvwZLzhdud|<&szGTu$=+WP9Kd(WkIG)wjvW9B;U^M?m
zw(RRo5@g&_#O_uff<6}fd)QOwo)eI;vqnHoi(hdL26;)vAUhzA*AHwm-vnYXftMr!
z#Q7An=1@-v1D-&JZ_eZ8X7dY>!X~A?W7y9NyTB1*s%)}&5`us|D~_#?5rrLc_!s(!
zXZuhB7JniJ%dLU_kkH!&^$nKTCm!NnyUC`14&Exzw{{)dgMY1Y3`1fTFIXtukb3R$
zOAFc2iB0p+uSQHQe`qmleDl7azFN{3wTXSfjLEu3j?{?3q5>kV{T>#Y3W_nJU(&q}
zkKRVXVjm5&Os-3)s~(BA`7QDK)_90IHwkMbR;(gbER!ztI~;Dn=qr#r2RUGOsEazR
zl1=Ta)vZu~y(dpzW~#d?Lw0_5mSq0|2Ye;<n1*OZXiLZ*&(Wq0Z^SgRCZBfbtFlsR
z3E#v>A#-AB?I)}xE)t)GT|^^Fk`ynM?(~A#(yHqCQ~pDtOk>;KZhg2BCpoLHIgxLW
z!7>&t<bL_vfAr5k_eJ7aOGwKPV&)6P4(0q*us18qm{RUI_;-x3LyWCYNx*z%Mb40S
z`v4J;_^dD*hZZpTclOS~X9wQ}(h{47NNi#8h=^)*&##<}e7}btGXC~;W&AkhvG$!(
z%r%3zznPFidAROJ+5N7*<&{;3>Sl)<X3I%3VflezbN-}niAs&d%`;mRNYZiw`hG4F
z;4j(#?uz{wva&#%bLf|+*TFBg%!GT+0Cenf-J<GZNfFhojQ$cO@`&zhDbY%zVLFz!
z`iY^7YOA@FP0pxJY%d}H>WDp=y0!=b;yAbQV^Xxy{88=r%usGQp_Ga)X4<h%&L-05
z8$P0vuF=mL{aHy(##~_=Su1XeKQQh)K3BmQC9=CI{9|7+%R3+<E~Kiw1Y^M#L2>)2
zL?Bdk#FRf5hDRyD4}^zIBu;0V^(dVWw-h7R4r`J8Io*vRmn}+)mY}Vo|8^La{_CUf
zB}E{!mCTR7mCPReimdyS*|M9j=k8X=^W_}ow)+#AlABM9Eta!I`xgzm^`;S>E_%!a
z&H7<*+;9@^7lpx~TSi#PEX^y+_tAa+I%(AKuq;QzW5}v%;Hg4%&jL37(1P>b)5HrK
zs9^Jay_5i3J*6~SY<0yLTP&Tsnrp7_MLO{?oN0M=VJPgo$s5Wu#T~yQ&_?X)^YFpR
zTfiUAHQWF5?Hl-WhS$M~)qZtt@zEwvq?bVpYt!vQiE>b$$jRG<Fkb7{Cdbg<7VtyM
zAFA6eC)IGtxg<OTlfgo6)nqR%wu0{@IQWP{T=gQ%b4A79utLczFhrj?TPOuveNlbi
ziBAqET~U3(y#Dz;e5kW?HkztRkO2E>9jrJIY=z4lE1?Tvlq5W92KZW>>EK|%<nv|P
zHdnX#7}D37PQ3)LrxmKq`&K05-#VPJYZ+U0WN`M^_LA4}(QuNuo~D;@`G;bK{e#rE
zY7N;Kb)My&5IhZ#fDYA12<1$mn(?C_iBrpvzm@W+((siA!X@4u!udPv2qz;ax>HJ;
zbPBPQzS<bB8yF>ie~>&;ZC{yfJdjI9-#8frrYmdHT}1_J%Xh}glyF`qyQmcbC(B~^
zz#mI5d@sDO+H?Ljp~V11D$b!{seeDH7Fq^dJ)3y6Hm*HcKddU0+;Lt=y!j<XaDZXG
zROWc8fAsMkKaB~q-7YT8HC_-?7bY^NKjlhwG3wd+j)@7`=}!exF0Y(!ms-^T`|P}A
z2sOAUgdVq(-IJE$<5=zv&8Verl>`h6wlNjw200ODpgHTg^agzy?|YEx7-yFl45by3
z&t#CRUpUnl-!f%DIYpZSIi<9~ano<<rEHhtb_=B{Tgt^M#d!l~%P7Oh3MG@X@GCX1
zA2U{2MIK#v&3yRIgC(6^_CE!gIA;~rSzLyD6ITBm@b!QY#VftmXuTmL_tF=wqL|DK
zMh#US!QlLw)|Z3Q8vonu(4&NHZ<I2(vD+(_|4z$m8Dya0z8#dnz_<PkX{6~G>|JlZ
zzizrhq17sTL6#fE=hKF`nDT>ki<~+E=uQ{iZY?lO|G`i{x`|+o$hR9Mi|tVLjD%ZD
zoz%)Y%m9?z^Kv%}>5pFo4S>PVTG^H^q$-kxNQz;FgMi)<#+(A8mrZZ0tylkorrHPo
zYVHTkMwi^&xq5xZ{Jm#=8QQofLZr?k9=w<F&Am~Zi|t!CI{}Gh8nd``#=^t~{~MMJ
zmvf`}+nT3UZY*p~-CP#sziET44=LmbPwSeFhB~$=GS%{3ju<m=JIL4HVW6Z)W)s+@
zV*_0{`O(deu<wCK$2~uCJ2+&oS+o@{RP%ZBdXSN(mp8kTh`idfQ)}!>{Shbg1Z#4>
zO`*zNGKFOrzxIQfgFO(b>8_#Pro?0|6{cQYPHRLP4_^58S{1`QZurNCDm(@nUHPuU
z-LhBxIA_V{7Ez*@C`pq_=F!b~%QB9>qmD9&k#!h&^{Xz9HJDt2X9`JBaB|;Y4$3Pl
zK|}H3Vx6#Pism~<hS7dT8F=@i;Prs7o!%&nFz!7i$)-oM#fzms(cLo10%!UwakrcS
zf!Kou7SYg#IMdy#^>vP&S7Wq$M{bm8_~M1vI~u`|o*O4tjQy+ma4{yeTBe{~$J0E%
z<zr@T{+q*F5=@PuREXr#^hi6DI)aD3iqLPRkTKb3t1V*M-R+D8!_FkEt}B`A`0=GT
z;ThE?U7^l?3*~3pmO?7cTF0lEYZ`p<oQ`qvwHXTUN#7SXq;2p>C?-P`a}hK)I^$l*
zT>$Qj_#SG-*J_AcCSKmfhDM%6Yb<t$_UHQ9DlC=c*xC8Tocz)y50~W_LYK>){n;kP
z+nE)S(28<IXus4kgVgCK%>ovrx<&0IhXaJIy+#1PjQ5S}tf>Q$YcZuV1F+B~wAg%X
zxDtQ~|KOn&MYARVYrDT>?pS5IiwfWzRhA4+D&&sLry$sN(`lhFNIrn&lXJRTwg90o
zeqE~#&+YBE1ilQ_LzC`7>bka0IRfL^x+Mee8Sjm2qUr<utzT!)Rh9#Xg-&Mhp9qaH
zhmgJu>=acE2!G(&=1L`pCbLKHy)cyZb9=oc^06j|YD=<b+Xk;Ns_&WKt1N9_gJI3r
z`dPY$8T0PCC{*DEw`_2=HS*X6yK+;B-eGa;<RYc^mV@dljB5H(qP}+05dadKu%xBo
zrIOVq5-VoIrBLG_geH?$rpLi}^Bc63R#5e?_R6oNt>bg^8$+%>&Z((plyfo}B1idX
z{;5>P0k~Jf<&GL=0$+Wk#R=DZCcft8Wv`wW0_mydWU<Ffs5kVE$8MB4fW>kgCIcqU
znmU+q2p|D%yI{cQBGfo8oi+E2TyhsuG=^ZZ(5Muz0=bUx;SAi5<$NvQi<n09!-!-c
z1f>cjR3t>i5w#nwds<_RD@nnp1h|o+Up^q+4N~MavUCo+j9cp19rsKE1SymKG1bq+
z1_{bv4u6&V6i;0;@ulsG6`)5-`xkCMw7I&@*GXuCITMoP+IBJ7ZoMU^*H#S`RUJIZ
zZ(k0}9s+Rhf5{zqhRqcj=18$#aEF-ddl&GT&UJ6vY7@r@O3-O$d1QBT*5j_{z(2%5
zdld#fPx)^{fuNMx!k!n<_+$bze%cO%OX1ig$z{--X=kwTOV%#a=5d#+t7+9`(d>PT
zT)D(+Aq@#4n#k<>x$n?JZ^pYyEhIPrp52LBwGQ8G`bwpKRo=BGog|Su!!U#1NEkIe
zxiN~dr~UKJYqxHV8DMSuAglMGk&cdNq72e=pe4D)Xm6W7C=B9-T4Qrn5jqYZw<LX$
zpw^UQg&JiD20W)6q!PNX%{)n!V39mQUS!eb$8r8IJ6Eft(nf#a41Qlj_(W;lcTKf}
zJ!C;XaXiOm?d{$DUwO51!Cbbma{8IigcBnGJXCvrF}~17Uu@2C0X&1b!~N^W5>nJf
zIXM9c97;-1R};&#n3kPw>wD|*W0l(dlmkOP=MOsT`L|4IAd&1`tv9=Cm${_<j<4q|
zkIur&f?C6miI!@}{=B9ZUe>ub%>>`x5Pl7bHiir|z)!IgTv%sKA)eAqC!dp3x^#*=
zO{5B9>*|8&7+4{^cYDSaOZ!a@QX)Y2B8?+9O35`Hk?LtVL<gQvLQtZXQpSIcNPp-P
zADfFk+kNd_UKuuMGD+DJ)-ni2Mg9P30SN^EY(q|Ohs4$F8{zU^jhGF-mY_ySZ<m4V
zxEJK`bybAGL?a3vYMwP*+rj8nakb!s@q9oWpUN@S=WiSM9;4*I@P|JrD8PrdPQ&-7
zCGhageaFUaO}k-YFXIB$ZKrA2=xzud!DEH$=c3N$fK}vZtojej7S48Kcz4H|JsGhA
zPlsAe#xB?`I9r&~3=CEt0Uf%AgC;Tjv$us{SHu{ly~z}{r=xy0kIBvQcVGV^_R@8!
zSBFlGwcp4u+UE{*dXJxH<{rrLM9qacZ+&i2GCU`~u$>jW=iMkzwA9IZ1>92Oe;S&|
z-MZc}IyWV>ThnlD$WnXcB9h<{NgnWPmZOnBYvX_fc$C;RuLs1gJMi-O!N%>IE-5!P
zW|&X@iKY1Q46cKVet~xaktLRngX0+Gso{C3^w09o$Iw=m{iDC8v8Fd?w)4uL<j6lZ
zyIDC*BYRvmesw_4P)F^{8v%C=obdqxFi6vf!^2cgQ-$a;3{~K|FGn18a4@J=lBAHS
z34{QBmmRp5F6@5PFl!Jnh9!e*Bisa#MmqSKc+OdW|HlLwweZ6uk;hi3;lqaYDMx9T
z*VP(_kdX0bG~{uu{P1T&L!JdbI)IVA*7w|}`O@7#S&%%LtCb=M`%cK7{->5)EDzXy
z^d7>4^3cz2u5og7qdc+M%6Dyi$=jTbY|)dg>>ld7G{%bO<P!z7Fc$yz)`(p7U!QaK
z-&u*<l!%J!h+HJ_X2<M){xD<BIvYMSaw<GGxEbAF|HPV|3DpSeHM!|rdLpFBoB6ED
zx|u(3B1ZZ)p;g!r-UQbIdlVf$%(V5Hjtu#aA6oXWF3AqX+S!+MeLA9p+3zSS?;}j=
z+I$*aG$C1yeIljN#H?H6EOv3Tog2@Gg3a`E0S%N%f@{+0W!Zx!_${2;SE|#zSt$5e
zt<{y#I;j<yaji?J_X71<rb}O>Xo=Q?SR5x_WB0dli*u}breH2DAv%n2Mq@t^O3Ij@
z!rT9GP_@@?PnJL~>;qdvflHTL`f(oehzyAekQ^DOO9c_RHi!eRU#<3KBfG(BP?Tb4
z0VO=tN<-MI1{)9Rmwx&Ws}4O~oeW<THAKn4A=?O8bn%8y+&j^%yZ2-IPaO8+DR_)$
zYe77joem7PQ%YVErF<xJ_qiRj$%>G4sSmkV4eyeyetv<ibKRa~@?M*7^S*07kNP$*
zS=%cYYxF%-LAm5r-rtNqsdg!>0BTztY~kYxV!)_}zH#_aNbv9@>EaszeC5ax6OK&<
zec$!Qb^Fz6X4r}R!WR5|t7VHa{vcwO!#tU-QU2K0C1%wzm6|`2tbLe`Hhat~-K&M?
z-Q~NkMO6F?rD|cs2x6U;Sa!glR1q7_gFADIg7glZKY#a>L*lNZc|`aqf&qYAf&$e3
z=0m<hj3_|oLHO%(g#vL*Ac#h$|H{}v6MKUHcF!&UO7Ekv`_(8V2-FLqn!4j!z3fs7
zO2<L!GWoj8HSdeAt9GJrEIv;pqw9>NPKn@hmJCt1EVL-e>t4iQ6De;+Fv1kfOd3Yw
z1HH|QJ(mRTWxac6(W_?96XxqpsbF!#Bu^9%4-fc;$4p<bV^f0hgs(T$x@g~hHaSx<
z5!RTe+vmgHW_MKQ2R{E1IT>Om^|e#bf$Fojd*QhQu{5iLV2JtK1@o1fTd_)NE;-%C
zL-K?jTkV-w1fNrdEl*TyLl;7J4RoBqt<@^a$1IP=p);sD61id)IwD@GzoIhk9*vs{
z*)HSF&>1<tSv*>NC0eUOeBi*vVPrf<E}&PmTl&rCY$nR0*MobNdoufeF+Q)|A4DF+
z$jzkpJoUQhF}mkYfm)r%6_rI3A&>!vV##T4W`wn{vPT>a_Vqh7N}j<HE5wapgJ3yS
zDJiHra3e1-+Kr%61H}dd&v5+;KHzt2T-7X(o*l?ytI18BL$9gl6w(QXz2^hJ#>Xfc
z(6WDB_k`gbb6d&4N7LH|CEqr#s4hy+9NNCW-k0V=Ziw^vmV;gn;z`+s<>V<}>`E)Z
zhhwXFs~m7JqPqN`E&B52`Yda{TztFr<$`tPrh9YZqXcmhizy6@WwW0C6(0#&&DR9y
zDru(5=#z9G4#jN3uK79snC4YCWFC)F`<231LpIu$#H%%m7%^^mS?!Dr?WxPSS^Ff`
zMo?Cl<$e)&GN?%zZ*JZ%@|q10m)K)VO^qvgF`U}h^REBST9~K3Hc-Y08*Gi0ZgnCN
z<T!72GIQ#<@{MgT@6578)lkOUf6sNEzbU3b_abi$sYT`JNpNPw)xT)l#-Sv@#=fY@
zzcokW?M+9=Yk|G-@7SiQr{(lM3&){U%Knx?D<nHANJY@0`_Vkz*{^vk5^-^PS-RG1
zq4FlsieO*vsDL|Z74n!TN()dzgkVXf82Dm&2$Va2S?;wP%opf~L7VzG4a83%mO}0L
zbYX{MzLn4%{{Ie}tID-zop0VX+3}>?a{QHTD-RtAR8FX>{fmq|a(3jfetX}*{?qsT
zKJbjmN4U%IXVbrVve<;3CdggJOSg@yjhM+n9&%3J$p-SglRk+GD@}484IZ`#-qaVa
zDmjBD6cZ<PklhZPl<ibH3*I7NO(6;&pNZifxWAoN^ilPfOd>Ahda4`u2~&pWjl!;l
zirVX@EcL^{QrSzydqLmuWd2)Rmb{I?4Y$r+fa2WT#WNTG%{lTMzeRWM+tcK|lF<=M
zCg@MA<_OiqZ&B7Vpa(zlz;FZfUW{RmaJJ%`O3ZB5&Rx1<ch^Pn%T|x+&1IOsf4u@3
zN2CNc5OHUL&tn}eXKd&q-lT2gf{TOr*bnn8KHXS!iV)V^EsxWk*hX}0=;wxtSnO?3
zlTXb{IyBk2PRRDGWh9)GnaNL#-(`UD`&Qpe5g7~qF?Z9l!b;%&#AfzgCbJ0T&ALpj
z^txQ_NoUm89G#N3Yq#Qa+_{mHJ<Mx?7S^1#X3fD4tG4IfR=^WF0pqn**<&-GBZ3BC
z0!$&H!o&d~3CTrDJTNchM<elcj!Df-zQ+w=cGT5<6^gN5A{$j*X7Uhz_{Uu?RL_K$
zXp7|n!+AQ2rsIU2vgnr7%(W@twH?9Zz5HHwxj^obb$FO=b2(D?FOtlyh#~7!%1!E<
z33)&1d5b!4KViV-A5xSyPLCX}8#QOW3Ccm9HtocG<Tm~)UvgcVGiLXmy5`!=q=%Y%
zc=|m}Knb^CjyA|evWWxEQNuI-D^*P)FlBKrbL^9gC)Z?>%ovptzB2iGW7B~!&=EhG
z-1<aHmHdV(y4`YPZS-cg-+TsiXI;4Sbp_(W!JiEUK|Kg4Pg%jJ_lS8>gP&Lq6UF(A
z5tK?r3On}dCOB57r75$?reJ%wB-cu|Z=_U!^DhQ|2M%I~!Rxi-T$gFGx6=hZS*A(U
zF?r~EulN2+Z#IG?{@cbhVINca;5#t!jPT*d*hVz7KM9Ax{8@JxzMW4X-q|P5t(D&N
zWSH>0<uyjFjh-4yp*`xno-710_GG2ful_Bo`Lx$Dr@%Y<n&dIN)Mcx;%oG%Yc6Pn!
z;B<noG~l{o0;sts5Q-YdR#88;1<eZZPUV{*uV>$_SP8f`XC5h25*Xol@|`u#?LuuO
zt12X5H|><$RzL4tTN<JMr)4~3^Om`k2_L*OMdAN*ze%x)8D6UU{Wc^|=}+gdC+OQZ
zrSH@3U@x^j4j3?FFbE5Vj!0W5wLefxt4ztFIf$=&t3WQJJ{?gvb=N{IpTJIF(p2{<
zcWpnFmWY$`tgGWM1Rv6Q#9;)gJjY^-jV4Gu6f0eKHG=oi$rY@=mhfp-X$dcYYD>l^
zS`sKp>qSCfF1fVKE?Y&rJfa_FsZX<o7p#7a^4_Gdy*_ZNTDZsQSIB+l`yF-9Zs0N_
z?s8NNoUKr=JWbr+l0hs?b@1rN-!<ErGT*IN_Z*b;6N}?(i^ey;k7Cs;Z9~1V22BTa
z(C2-+TZ;|ZA!2hcNjD#?{&@J=$fLXiKVZPO66LZL8BI~!;c3Ci=09C^hl%^6-<Du(
zxt%(9djVhnSzb#S9e?E#R0!h$<4b;@(714-&}_P4K*TBftOvGfhEMaa$a_?*HvX#-
z$)w=>!4lRg3qBdoDu>qfa<FeNN=#z;D0*fEc5Ks>MroJ3#aopiRv>y@+j=+tb`u{;
z96NigRTp*R?$rA?KQmh;YKS_e@oBWQ%wqv5`F(FejqYoMhv|&vph-N#Y|iSPDuZhA
zRij;5<CGJ|nIBHmRGREM>w$`<L#|6+&1p)^r<gD2*&Ptp{t<+wpBZht-4%!urdq0y
zvh=(qz7s~^9RAXopL$(#J*^5l>S5?iJ#W8|=5bu|beSeXI6Mq;E7otedAqR(cyK>V
zPb<+;G3!H`@-EyAV*^w`T9=Kj6qnJhiL0NzCDW7Hr?~5sv)b$LzYii}A2>t@cMzmi
z8nu28hfgQ@znLuYvBzkh2h&kqG7(euap9OV@0ME^{dQs3=o1+-hk<2o>df98Y~(oW
zGI@~-pdC8b_s1|ATbW8NM@zrwH+K}Ji5eF7fAObCsTU?8z3e+)xaXHDM(|e%@xCbi
zeFcZvv0^n_lVr8>(Oao;Se9DQf%5q9IB_Xai0N1@yMQXQk2OU7CTZK|r~;hL7HsIB
z_Q3;ligxuY+6>pNrw5#cEF=ju>I1FX5JmoH+(P7at%8IgNaVD2B4kBdRB2{8>*CcR
zmP(GG7hr5ziUV+h)7S*r(^KD_uDeJJ)O*?1x1Mer??y|h%04GwoRw^(vr=u&P}gQU
z?NvfTQn{(rBoCXnpN|&7CO3``Z1mK%`NDjE#4wMgT&Fq8aT`_LcnC8#Lt;nH2hZZW
z(X2=zG$zzv-?Ep4SlX^LH&R7sFEakj@c+6SjhP=Pq|XdB*>*j>YZ#H&E)8M}Nmr8S
zCm{l^J15Kk%L}85yyBZ9(XpN%*h-TQo{>Enc3{dg@v%48bpqG5Ier!hE_~*<fs?v-
zb|fVH4_kJxZD?YIyRtAHLs&1nW?NC&?@LOOR;`hAV1^^xn>oIXdMn)!L+gq+kubH%
z%Xt(3e|dXT<Q{qCR)s$aq%(St{vel=@(gi44F=1zv>^5<ePRWfMX=khF5|3j^l5c@
zvHweH&7-aDRC&o9PZKv9n;Z@=lv8bJ3k=zg#r-eO(hRg!>;GEW3G2Dt7Xsew#QBY6
zq|JGCs26|pKXxIb{a*on$=UZ)Bl++dDPGbei@s<+svQZUY{)qOqbu5S6F`!O*z8u=
z9+eRvaxoR?C?F92$@0b06#^@X6s%f4n;BJ}nio8M*W34q|I_9L-JS2s_Tj@~>=CJ4
z-`ys#ML7O1nGZv>{}&+4Yy=gmekM8M$ENT7sNz-|aEzkA=V_sK_uf0@AogEIrSaG`
z2omn90MY0rK5#bW?C`by?L)AW@)YnmE-x*z6XAvatD3_V8{W^X&LJ4%8~g)5E~LPg
z`T@tzmIGV{RSy#!!FxF)><7t?jfYvf%-nnlHMnnI8tj3KN4$V!x!&wC`fGzz<Ug6k
zI4io@E*bjs6T1B|;wa+NC3#D9^)Z3gH{lnAAm7yvKHYyq7^eeZi7Z9oJ(`CLa7X68
zBts)$O>-Y)i8feFrT&F<GszEdRw_l2`PINWgyB}nzV+F#;kn_x_EqnYiz~d;qGF%E
z025d?#^6#}>fJ+BI+X?_b}YA?f<q96U_LI6(zezokxPh1AP)oy+*R<oKkUGF`gp(g
z1KHKxeO1X9C#L_XG?&58Y%Yz>3hiG|>&-vTdY|RA;8jB0G&HsziP7G2zzp*IHH03;
zQ?nyU+~p)FzoIn-Va4g4;O9b=dg*tNJv_b&$8eqH(EkbF#BR2c{k0}(|Mq@D9)J}6
z|Ekl)7ALmF_aOmN=_|-}D=~1vW^K9o4LBfjuDc{vwRl__^MJzvVgr>weVYGR*}xK|
zeZ+~NvpB(OB5PF{#(ai|(lFf}56QlnF4h_{f=Eb}x&NuFB72ylWil`_M$iG~t?<r;
zRw$x}OnPf#l6E>@!V%ei;e<T?6I4M~*VPlT;ojb#$*f~2g&d<+Bvm^S&RfRwvx6Nb
zK_=6!29-=~Y-A9-<vD=Syc3R4Tb@9HLBWfX!NeGq_Ef@TTe$3^gI2wtNt?~cw)<*d
z+d|~QpvN#2fPv~$GWwWl!7ahj48``SEZwI`@f^#_Uj$A#>B7sr@vvZ>ggA&0Xm&D=
z{fbxPRW6lzY$K)T1Rc-msEI!V2i-0S@3&_Nf*!%rKQ<IvOSva?M8dFyYWR8QwL*HV
zjhlLSB~UyHE8>?}VRSj{1Af1>l5!mHIaeFaU<!%^rrU<61*)h=6_L~ZrhkuKu{AUi
zlGt-g_bt6uIDV~w|368eX7?2)bw9H2q38`n;iwFrc{C#AObl`<&34NmK;TpfW&1an
z5?^LDK5pXP;$~ywsYLs6D{<!fTuGM$sd^yTSfapn`qZD|31OZCFhTF*k0D$ODICpr
zE<Y3f$HH?H-BvBj!E57AlaCz5IUO8d_F~PX9f|U*`<&@`_mWjjlV_bEsG5{sC3q!k
zXy?OFMQ%;>wtbnRRKeNIz@KCe>e1h@#B>Kx5WZm(T>@qt$#^iBW{Qw=)2AU^+1(IT
z0%N-F4I;ZrtyIx_gcuS?(%i*xZctez<Kd(not>r3d~k`Bc4R-o(_!ngMCtt}v5NVH
z-zB`fgTn{ucB4rg{PezcwCNjC2(y(JD%&!KQMLJx&S{2neu8z1kG1=!2yR=byNQtJ
zPQ}~beq^A68{Gy(?>De&y>M+@1^Hi1If@v1Yov<d<XI+M8sRqTN;xP;I7YU+ZDqMD
zM0RNtGZf^jkoWGUuT^+^lmzH=i#*3%cxxm65O^vMjpjp&eapIALw-a+`9hsg$Y4qw
zs~wlbk40^ZnFE1)Zrt?Wm^=GW#`Ek%)rdSY^SseMY$tS_nBl}Ok^i>1M~k`+DavVe
zhsVeD0-}{U*i#F2X>eRU_HBDuPiGGPw1JHaPJqCPlG@y;r}DFzA0P-aEDXsbjz*%!
zk4Xs^@atb$--Ik<M0(qWh5g|Xnaw|=h6n)P@x8_UZe}E9O?FC7v!WuSy_vG4#KZFE
zgS;D>*WGlfuOaE+uPpSytf!YzML#rRK#?mH^gWOQXhf)ovgP*ir%6QTw6?>zs*f%@
zRp#y?mV_dcH8kFddA%)XFzpXLw(UPgY__9`<SK9I`Iu8tm$A@)=Dofu-Jx&WIe6p$
z13@soA(Co46J2~x-!lm>h<dA(7YjeASrXq|b(M?&x#$&g=ZOU2Zf#du77Ol@n*ce@
zFer&%G2=s{7}~=PAi&Est-&RHdQLB!ilO0V>wQf$G~Q>uiJt51i{#F&0+Ah8@)2}Z
z;_zXN<jV2LBRHqNT=xx6v>|nF9**Q(+ER!Ln^QpIUl#gqH`7n=117J)olr9mWBeGt
zt6nK61}GA1N5o$-8l6in%k^f?wFG0ObuV})`~Q@%ZICVC)*D0gxCuNK)aOEKE#iB0
zVJU@R4L-&pUaaq`$K1VVA5bXJJ-aYhsH<Ru49n#WDF=5vZdtY8DI=RD(M?QN$-;$;
z`rGOpw?*2>2Nq7`?KXA7W(sDu_YA#a=$wq1C(zKu+K6;K&CVh<A^dgEZAXCe)bM;4
zdIm~yWI-d***dR|A-Wd(Q#uo?buud8zbUP=Uf&xLR1f~iLvRr`yH;l+2B%q#S-3;0
z|2>9Zzh_|HW9|e9K@|ISe^=sKYaWB$x`7(+Zi@Iy|C5CT+~p7sx3AC0>2~CjedbaB
z_d}}4+2iP90wmWSro#U|(Hl943}ABbC}e=6ve+Yq6_*Vsp6cFHCh;w!|EFi5aGvUK
z<^21HX^jef(a&fozcBv470Q^_2;+F`X46p8|Ku2vELdJs{}+$Dvu$+jWN#H+T8+PX
zQfB;rYL22K{{PF#wSl5fyBw#Fan*|9lHr5G{NG_^Si#;zzMI&Z{;5j;)xNkotuUdR
z5BS&+P%pad{wF#a@+a}6p{-c|FVU82=i@fq5P|0aTl0T)6$NDFs^Rvr`1kx8q+R#_
z`%SrIZu9?i4iwRo^8YJ)&`XX!v0A}bDgNhd;#TS+i~!czg=kMJu0Fqt#K;TR&&n8s
z|1JI?H_YP=8irr1T4U6r3+G8&rg)CW?!RMO5IuxMM*)i)@PA3jW*GKZD-px*QybnN
zbX1a$HXYn^U9P*5!i+|^Bfdkap(txCW-$kFS1-G|PP9MW|5$3QLB(LoFC)YJ6bM(A
z7cMi23zOz^&0X4mFW}&wJ$JD7<6;dra6Ie4{ldGV9rEgEZ+|+fIJWN`nz3ysQBj1-
zl!p5jj3UyW={5r=3S<v9L0sD37y2ynpHGEkD*<!}l#uV?z7;`J;(Q}X%H!+s7?@-K
z??>KF1<d0HOLLY1<NH6>0RIjIX9Xv&G=+zOf8i}REWnWoAXLys`**bXb0`s1<dNP;
zam<)Oq8~GMc6iKDlK(kP_%<GzepDes<~Jhd#Tjvu{~UZh40tQWIZ&Wb*n#&JTYLQR
zh3(tF6G*umlg`L?l&}9CB7u|R8tM);yEGU2C{2W#M?g_0MNpxt$thD>?csIob!3_>
zg*JqCbjq{{MO3=243?!5k0>IkvuwqB)B;Aa2MqYJt6+h>?Z5U(q3z2x81Ufqsm{Hq
ziKdnAS3*0AR=X5HR13<Tt+q8{0Yqf{Zbk)=sJD{@9V)--l1o>fSzZHvcp@~o8xKo*
zOx>jjB2mU^(eo3%pPQX_)p;$$xOaqDMJ0QyQS6F+O4ns2_WIY7*RlvL^Z^<l8&Mtt
z9s>3o+TmDl)`a=(55idGY#tX`#jjarJLi4oUT)YNKF#a|UHmy_oP-h~`l?r{@gX4a
zDq4uXDx&hFDSAkUQ}PLRP(|sZ>NHEGdeCPtKg;r#qfjdzr2fX#QxTPTV?8F$>H64U
zHg;Zj_z<C`n1&cLfw%~X2^#|9@S)Cdx<T?w8pY?ry)<<i>j%W<M^JzLd8xM!Y4FS3
zbbXm%`R}?6Xv}D@My28I4ctc^-(dBwRs~sQ+Kj--$iRYNVQKX+1IGmsOu~E(GBf&{
z;vzEjS{ijj;0&8lz$5~RoGp6{rYpOF=bOWKq1cbR8KAZsmOOJ~m_X#3#fR{isGukM
zSc4BAf>neaP+rOyfVH%v0stCEmu~vfVM=+)(t4HvZuwcZX8SdP-8*P(Ma(!ayN2~)
zdF3i=o-Zz&3qBJKjnG0rQ~*U_rsoEqS#B#gTt~;xD!<FImAa^-ZqM_=g)a@HU%et0
zqc~EBL$cz-@RC_NwgX`II9VUm%Mazr?4zM@3GtKKH%#wt?~dqn;iD`RbXH9V*MxBG
zKle6`y0jU$krdZ6o@mr21iT3xRjL&kR3E?E3WS`Se}CLLYZc;>$)B}!rNfxUnU=kj
zBHCtC*x#3qvF=-7H>%Sl?MgtbaBYflzE_J|<6j2c%Skxji%}sw`)dC=0FAw6oK9<|
z1Xv0|%P1cU>r1>cW2R=L8pub{h#=621gPtY-MwA9>}TTdrmD}&=&+yEDwM1MkeEf$
z3#75(BnQF_X(>7><PNqs{2RGSIA~TuXl-}6;t?~)c~0M4)YeOnR_c$;zOMp$H2)Yj
z_73PcJ*y}oh$=GX(GW%HC}IQXLDTUWJE@E`bPGvuR_7I)eG@AFMNUSGGUc3FO&%(C
zB3^+8N9qUw%sAyTgrWl+={9hC=5E&JtMqy6fxrZD@+vGc!D<Q!IMxu$BX_rI0;Fs7
zb{s_9qp$XAdg%*dsocZpb27Hpsp-DcX#<Z{s*A;Dmd&R(XKlmNVuAQ38sjl2=8g3g
zPBOU4k7KmdX$A{kKy$H){BG;&GVM7$I=m6gjbM}?*I?A@ILDx(9(6vLMb4BbYNAm<
zU=@_3dUTWM?@V<Vr+mZ3ILWKw)snrq7KKqQHI7UMXchVb8`8zqe63KLgykPtFjuxs
z->sA>D3`3^y}k_%LV~w*BP5GtKT_8(Sy}nU53AqA-cW5Z-kSJroMMA15CSk<WQ+Vb
zk^5$otWjj-?MUcGn;2;-wr03cl(gMlGbk+i1t$Jh<D80_w9N7cI?B1c`x5Kh=tRIq
z*y89qh}2RZCRAW)Yl)H>kB$#=gLS!rO^y}S9!MrsghAf<WUjRga|Tq<n12s9L@NP0
zfEo5CJJaJ&CO*b08+S8|BXNFC23S|q&ZiBz6oyYDyv04WlnBd<Ga~6TRQB5IQHJ=T
z`B2WUp~~DlRSl*)4@Dk2ZpxuMt!=hRjRJMt8L_YVZzFn!kzVjtZHgu2Y9G0o+l8^>
zqDLwXAK`I{aDL&dC$e<D=9g109mBPde4-%jx>EMH+{GFw{31!vIR-Zfcs!V+%C=en
zAElrY=GpU&7vJBHTKO9Ql5P{_7G)MQNOjtR2P;+@<*>ZWDzvbwSqD^4fM1%FJukk2
z_LvvgX&7z;zibzP$Z1ICFiSAyTN;+EGABP(CjY4E_|VI)x}6p&3GFv9XJYBE#H}@^
z=PGxbJPt0GZaep=u2LJpAhB#5i(H`dgQa_|PTYTE(>18?QuepKb*j3yH3iDaVeKAQ
zE{)OKQ0}F&t1ez?^(ryNgq?!C8q^UhDz9f9`7LflY~H-6&=!kp)e^gnrQHNg>sCY}
z04Y~SMJF;Hbu%nSv9c|JSVI;)Z@yO@g8Dfje0+R+@j<(%=mM44)@w?3JC^CT;vma?
zR!7lVjp~rATZbH~f<2AKwV~S#?RG8&f~e|)h(&fBaKT)OS>s~3JfCrvLlrO}Qd_;G
zxCCl;shxcKk=SRmN7l|+q?TAe{@~j5_gBTn7Z)&U?MZ+x@)P@}S0;GIRdcxF5Ghjf
z$}uSMkIIics9&3nDt|8{$hz*19{D+x6L>Gs9v7{8fB~3ssm~|s<wxsJcdPd&`rf3V
zv3wnUd!nel)EO}egip@HT4X1;VD8oeI?&<<rGwwB%Cf(d>38Fx2ZKBoG!r7_?L+gt
zy<*Vv30t&pW{_=(l}L7PQQV^N1aHSjb;pkq*?~kB^PoeP2??Hp5@29%nm8V%N<dI5
zOxcU6wa%c4Hgr5g<+j$4m><5~pjqX&iR!gGK+mjPo!|lTZ66kS!p-g15qZwAt8_*^
zvW4C63CF>Q3ktHf`tSz&kwzqgBfx?Z)p<VJGK4my8B1g=F3q_<Xx5rzCuQ235VW$c
zqjkwh_i28fv(bl}pF@NFFuFG90$f=)JBA~=f>&*})^8ZF*r47T*j477)-(9>YQvO?
zbiw!g2zQW;!Ogg>H9kcprAo$|#AriUuNvQR%mk<6L$jD`SAIpr+T}R*Naz_>={={l
zPSs2*$%3`M^&Cn{#xvX!la0HYpbpI~k@N|!V(58~>RrbTaCTKURmW9D;3dExXz7&*
zW*+{lAej-x9J`2~Ps%cj|4ee!pdl4G%q_+6QaJKuQyE$28{*gcO78WnFsR6%i@)Z#
zOy9nOO0IACJg0OA1bO(s>r1ARyOn-g@>8?4^lUtb;V*Zh6ewRYRuSK2=S<lJ_AHaA
zEQ#pRj)IHvcbVhxQ~BNLrMO!)VUi4}Wor$-my%b=kLv$6ZhMH;n(W*sT5dJ<rcM#p
zSZ@#(@R|R`SN_XDMkgQRo2?7L*foe$=UYc+mtQo`H+}{#Qj`e#80E>@fSUT@2eL+;
z{6R!dZG;mQP1<88TIdL07<M%y<Mm%Oe?S$MG=6mKnCa|YLU{`xz^pkHAlKpBB9kYj
zqZ9c04690*zyj#Z@jkXGJy1l4cEyo;T}H6;6u<c64XndVXId&rMWlJker4)hU(rJd
z^-(!ivF21z{Sae07oCo#i)kRUUAEjHfQX8=LhHUS@qx?TnBPE|#Gq%yM6d;D>n@~T
z5dy6;jo?BqSW<=HIUBV>=ihbwWNYn*5tcgA%K$t2<o_~se4FqohX&o<fVRoi-GX_4
z`1kV#HFox06J!#=V9EuRY%Wk9)=ShX>7Rt5ce^IebCz+fDJ4~IUVYWpOh*$`b}Dz3
z(L<g%m4|K(wbWK@+z`^wvGg@@*i?EK<Dy6RdQ+o-c*jk30{~HBW-i7-J~u({4AMyS
zaqIf~*K~jOs6euf9PO0VXPEp>4m{a|fb55TY9%y{US(7*O$vDL3a0t0VDsx)4=nT4
zK`Xi?BW-jED}wR3w`b6DWQ(hdKYl7txuT-iby-wYsi#w$c%@nuHb`nr$K#^Cj!f|F
zTpZ$NQLAJ~-r>+9vGE!yewBPCVOGA8F?14Uy1tUQ_QRj-UNP0IkdqW78^Pzkm*(>p
zvI+vXGR%3w^45RXQg~VKa+b9cgLw+Q4VDT)$gw5I9YG+#;{6(-K@t%u)W`%@DjuFT
z1OAw+(I8M$=hFFxj0wQ4Nj_y45Z#MJ#Ns=;oTkyxM8yD+d8u4(p|xkyq3TaULM1|%
zp`oy$vt4MH%}3ySDq%5PHv92yx^IBDFqZv!K6`@xv|T$UD!7Ee*&!#~w5(+E?c~z}
z-1;3Y`BZtik&#_5+_a4{QfIYLN=nn^KSgxvx_koU2=jy+Obn~TnA#c_K-06d<iw1~
zr*;gQ{HiXS!mRr`TGQ!G;mA3fz|-xL^ZiI0hcTb)LUFDFzonqox5(=vhrJCIonNF;
z?1D9&cl+Z@^hHe({g2APt&cS>bTvA8i-k)QLN>6~@2^U=AFW$I&i1NN9m`|pJVwsP
zoV5Gs1Iw2dD!k@)WvNevvBUZ4upqRd=yneNgA5yTiG1V08DD*v>R5w$lj>Nkq154J
zX@fVISLu#<Iar+y(~xlj_XHPnS@x1SPx}Nq0=E6)Q0J&;!f1J#9Dj2>i%fFRC)jhu
ziKGfBxKK5+-UX;is81<j>%zyKMe~fC0!CfYHfGGI*rqLJCws1p+TZTu)=9edvUdwk
zeA*to3>TM5%zS-yU?iW+99zj0*M)b>c`F{WTGj2ZfS}Uaqa<3*r6MM!M9F9TUC?uK
z5l>mAI`d9QS=OJc)}=TI#2B@cltJm?t*A|Vu9GIEPHQQJNWe(If}RYClh&U?iEVdr
z-FdC|5zghaS{kfpNlWJ4@oRfX{gOTp@2lbfBU1hMMCVC1LkX2<W=`z#?f0lwji9{{
z6#wL}KTFPACw$XXth&V2Kq>OdPkO#T$MC98nHd5T7=1Aldfu98DE-}HB)XN+y5J~o
zGj5Ioe)6AT!j7CP5+uL95gpCc+ro-97%C#!RJ#g=S7;<}-BGt)-!F~jD!hj!FUB1{
zsxi^dqcv$YzyB3kex80Mqrzs3sb&Wf6L{U{_%lu;Zl_5q#?xB`WOd%XjJF^KIU`f@
zGCGSdz9hUEkI3jV_EP#hla<>%)|TtPSNH>Gc!orG)?>WlDz0sGM$UYDM*M!L@}pNC
zihWWzuC>gH44%6m+wr@E)^1*RPOnkl16;hjN0d?yG&o&+rdzw#)?h3~1|^@Z$D+jC
z4Y<xqUUFey*44I%5L$2Jzg+o8_3Vt<P6kQ(oSfAk7uO~jC^F)CCHm}E^o-;g{51Sq
zJT;m#+|3o$R6V_ITqM$)RkiZV5IvToyexiB(7PvlMO|~i`7-2W_sw-~w&NFrgXi#u
zO7%t+=#0i9r%m`AFE{ZrkF+U}(N!HV=OkZ})PCAtM%BSUH<AEa8a3d(8D+e{PrlG6
z1`#UPp6<qhI^2*=TgbhLEXmOiFNdB19od~8a>(J7{lfBY2Gg|u`szzOq6Zl2#ao4s
zUYZw`T1&@kG->MiXxg(Upwh4KyXxLHgL6xKPxwQ_dmWsZd)}N_dk_4+U%b#Bd*l3Q
z`)U6lO=lSvRrj@V1rek>1cvUC?(XiCkd%@}8l;<H=tjD`hf=zc?rw(e<{f?h@2B~&
z=Q?Ni-fNw;emB~b_Z%TySbxbtk0}`z5ELOjB45QB-Bpvg!3^T97H3v@-Y*R)*fD?v
z9VTQvSA5>N6*gd^zzMr3)l*CY7$!EgANOwFS{oMABGXWt+nNOKB9BoDTD!j{tR{Nu
z9eDXlZbq<#f0U}ZK|_<%ox3m7eo^Ur;i7sL_xY$dSs+*YL^W)7%6;;U9GB^3WyHI8
zE2C?o1`ei{p(ihi?Wst}4M#>aF>o)>xPdm#KI`rq(;@y4*~RT%$7&Z$+tp{L>2ysU
zdVpiQ3Z5@zRcKEi|6#rMjKnoIqPYgZZI#>1(oAJ8VE_tJ7sOPKE<%gIF#RpW!lr1+
zU2k1EgYlkhup_*sTCE696=_ABjL5(9GKLEu9}Ve?4-fDQUOU8x%Wvte*UZ~#T<g^M
z=k<JLXBdN2IKdoacg?};Wcyfm6ER#|uWf?RV{*r4(TGHY?fSaD?VE5NF6-XvFP1v*
zJv|F@VbG1RM0T8q-Lo_N)?)Q}!12p`th7MA^+7;82pd9fdL5w8>aV55zs$R_cx*=C
zFEAl2fb6^-A<^NYAqi-h2e4q0Y}QBzbES>tl>&g^_5rv2{XxQ;gG6oO3`FT4xZjc8
z(GZ_6W_^Y)_V6Swk_;q$UCe3Q;RST}AP<XrxfR$P+@=igllzqR$IQEy!N)TVJ|R{i
z8@(&nH8KzKHfAcl+h5j)RTkot{nmpqS+2Li*~_HDUN;L)H<5nKoxCUd_s0x=RD115
z$xgrJeaZ0J*KJ$wdOJbFL|*>-HzUx>(!5HH`OLcQq>VpIc8O`C3ZEC$dRO7F@o>^7
zR$HTS4k}U!W`T*_r-T+LFEL|8AazW~U8{|v_x5*c>yB8ScIy_1Z=0zpJ&9$8+Szm^
zxm^szD(t_25M|p!h8j51N>YL>d*rW8y<HjU<=BYBfpgF65UpT9suoq+dL;V-uT0v{
zUW{A}6O1jQ(b1rMU0k3GjGPz}#VRM>n(tTKyLHSpr*yzOrU7($9iutWF?)jK*0Lo2
zJIcPGLL9MNn%8}BX;ej(tmuRJ;HK|_b9U`j0)tbxCRVNSH6MWyJ98@|I<I$?%<5GF
z*!$dk>SC8haS+6>G?e?0uTZ%}>eu-#aJjLOzT1~Elw}G_L_64SYIx47cXM`>kFxiI
zY!rEU)by@z$VBtItkxiupvw?isl&v8cq?1~;`^aYT@8&s4qIcp3~|BrJf+P%n~pAr
za1m++&z9bR0Mj#~`EE+#8ETzUFKci8iDr!^7pxeZFW;=|eBnb0=G@!y0eVk<JN<F;
zE~o|NLi;?WII_K$GV6O~8FQ7TmZnBZa;_r*vxL(&!!77#Rm4tchs3FGPdSNnffk1#
z**~AY-BHss*NWhPMb18(hQcSD@i?-e_Iu#fsZpHi>J@U!BOcUvBYBL!DlT5T*X2K~
z*{>n=H{l>lyhsVcrwHMvW23pmjX^~mSol3?yZ1)mAm7<>Dgq0^RfQ}nzsWG(K$%|`
z^(k9<z|QEYnDKEa)cpR{M<&VVUc7d*j0BXpb{BMX77Z+WWL-E;P#zX4^3}TGKla;J
z6@DgJxW&tk6&&;FJbGy&ktz9+UMB<7o+l~p<6QA>`!hlM)?Xh<zOR=o54Iq<;+P!8
zwQBd8@k`Tnq~SLj@8Wy42GQ0N^02rJ@LAzh>OvF;^8I{9a!6|buKAQT6;r(=5i-gH
zG_tSG4pQJtTGe{Xg|eXa3w2zoqf}-~ceP~A3GUT%&-szbW}AklD%rn-s`iU6EsJ|J
z;!xVa_*n7aw=(J;1}0E931k=pD9e9Z{l!4i1i#1W@YHKZ*~S_wTN~77wx$x}SHCJN
z+3_@N@72T5$EJI^Gg71^r)vYMWsW|Xv-?_={iVDFN0lFN*7>>~(YEzN?W3r2sJ#Kn
z(1$tTaELW2AqU!VW&oe*L4a(_Q|j=M<z^X`<xH2Nny1cLd`Fv)x2A4PyNSk&yHO`&
z7)^a`1XVz8cEonb*5gN000mACsEVFm9)<_+iy+X96oKD#vS#CO6{%w@^1H#4qBXO@
z)kN723Eq>YRNLG3EwmlUH9<LghR~g^qGy@5VhgQFQ`HEKbx1EKs<>{O2`DNQiyX^U
zwomg{=yPrVxDoAdJH5uv?-k3=i>|fZ_A$wuOpqOts=K_|Z=4OKM`u^&Y)>2F`Nh|0
z9Z1WgBQxJt&||c-Sc0?Oo+BRcf{M{gfEB$TOs9w^E`+n0k52X*zjItN2v*e{90>yB
zr#SBq=am0I@{^pS9mm10Y5*c^5`&56n%-p4=71psto&!9hL{QGw|npUF!CD83tfGg
zW+4@`R8;N$lI`yv*Wp)Lt`F<`<mZ$maD^Y-r-CrKj4)9r!fgDjuHild_TIR~f4UmD
zwlrTP!OkbC#N8EgHGbA3eQfx0W3!t^rq5uY(-|ScjyJwrFl&D~^$9EH0Ef@O5$}g!
zrmOvDi*+-t1(1Ra+p#<x?DsNF0)QB$GNLHCI^mF77=tH9W)kstwH%{JP5clrb{6$@
zf&PACJFX2CD=Ss^$JdkaT<V3q2dX#>BL**=pMtWKgqlwhch;d=GVfZ-aGbT6VVUyW
zRdx%#>e)&PFV96zY;MnX;=XEZccL;5#V5V5b^1w}Gsm!W&0NhBD?SS`!#ZRY4XAOG
z%v4WOKS6J~%8FCSd6XF^;ZS_QzYR5CMC;b__O(5XGrJ_LI30ZsLT9mFU@UV#QH7*e
z%C~fqzxdQ76c*;IWY0>LvNay!hClY1?X;rC6+PWF)Q;=2fC9(8B9HurBFzt$08H9w
zYgFpO?P4KS2Z>9}%~GW{MfqPdnfdkOoOq~ui|O6r^S=cMTD6xjofuv)#k4OSlRf(E
z@710@DswNL1`5YN3wy^f@?W@*cIjTI46}YF<(4dJlg}?SaZr$4-87fa*JqZ?(MPYs
z9_TWU)aXghw|5tjD(W-O<)WK1)_ic~Q+;0GpD#1Uq6ZXlWTrte3dPMm%_gc7sa(4w
z-<!d>IMJ*^ZJ=R%8X~e;I=~(bl^hBTTc0~3r_0_tDh;tV=sUDuT|T-A@1IPVJ4{Hr
zHMzEOC4Kv>gmTUlQ&HqGF`ty`%u<)CrO!HFLB`Xk!BP6-{0g;`4B#{K5gmxr{_7A<
zlOZIL0V^~5303n<;~G`HH?MEm3xs<!NJpS%40EnC#~~<)+r3&p4GF)JS<xFK$N4l<
z%^%ZEJ!lRKPM4<#_<8K<@%p$jUb~MN7U#(+`_W%?3DP?)PBA#`vSwvmMwLE=HYk<S
z&((f2AX14vEIf|OVnS*)8x3MCsY)b9%+nj(Qa4i)u)s;OgH`HIV6-iJcN}qNLzOv8
zTz_&;ZCN65E^YIT^#f-p#lf}sLDg*j^c=;i4=ACKhDv2)k46)R9oFfrKbxgh;MPG<
z2Pyyi{reIFhoY-*O(IDh=cFFz$%ZuQ!Yyi*d@t#nD_mrPpoqR}@R5uz{YF0aMBL9!
z3`n<SVFhmyiJS$bRH-X1YR#!dVb!M{+cVVce!@PXK)Q`Sed#UJG<NJIyz86twDA6Z
zz=b>S!+sGopHEmb#`^)}bcO|Bki-Fo5}#9gyvQ5UvUn~;?i5rBXl1$gU?~a!JnxJz
za!rjGS^Re7ckZ?fsY6N5&Dviqww5P!euj?=@Q0U$ZsfXwHRN5Rf~NH3V;4kseg=$X
zH3~tz*shk?&F<RRXU5_-F2|EL)=CV{*a_4KH6U{bFGd;GXuq20-XUjtg+%FJ5E8Up
z>Fb{Dt(9idAid;%U%0Pbuj-74!+RE^R?sLEf8S`3Mzd>MM4K-OdtG=w9cZT@h>b54
ziU&w;AgyXIq8AccD69*SlKS?>h3sNG$tF_m<oDME#5f81cM!b=OWn?+-8AYPV?))O
zqpC;+Wmy!K>`Z#u&WI7P7A1vbbWS3cp|tqq7U-iAtny(vOFvPK*a_HP!R~X>M>vqf
zz`B1KBORW3r=(Bq9730VZ(#j;KMTO9tN;B}?@8JjCF6~Jv563JnI7wmtAXcB@qUJE
zV_XGPj$u-<aMahTvBcPZDrre3q*Tw*X7%b?yO-hpCLRQ{c>QE1J=?fKSgYg3G8}b5
zcl&~W+n(hmR{wE!eE85UlXg$|kz(`NwH^7WJsz3FFE$Hrik`^Pv{hBC-HJW|5z{6G
z%FEd0RpJzA-md4jVw=O4cF|nBi*6dae)Vcw_UQY{WIM5yZEBa}C(-D4(`p86$|Ch@
z+exqOjuf)oKxf2`b<Qa;x<o)>EKpOe0(m;;!PRLnT0Q4*r|EsgyQ;!Y$S=|XJ-Arf
z$wJ({$z&NAOR$GFtvpVdG|O#iaw4)lDb1sc+)6zW{yc=)R2f?6?0>FKe;N6yXuFR&
z)Q%|4G6}JVUJ<+4kmWuzEUm6GR)-HO=q#2NzeM1gwAstC{J?kHxE|GKM%z{1va(4q
z)WQ4Y%))={_MN<YqHa~sN%In?zKgc(k4~N3ske6`iRXp5zymcv(yjw@vxd@_?9bD!
zxgJBr#DP`I5j76A-b9b#U{4-*gJ`emV2^3Gc3o8#Bdt}G!w~rEhuRJg{WIO);N6LV
z!|02fz)-VWNmxDqFEIdYKZO}{%`;RKBG~#X=Ek&-_bJJ8XJm@VbiaxxB~Ad^=Q;uI
z$duEFA5O2Mj-O;%#_W*P+?IHm2NJ!<c<g=sjBl83L)?)y1xo)g+|vVWO579Z2qwT^
zoBTZ5t{$@VpC?`uCl^&8b4R2`hXYRuV_i>qx|!=KszTh$<$zfX9TC#?)mxi{cp9+}
zu2|R9fEnoKBN4o{sT*v{kL9LsZuci}?pN5+LmJD#X15`u;PCgvEF7<)uKsNy{^Dyr
zbrHK{xbGC1!|66bbO(y45|n@}Iy?;lPq^RcmSF?6Xy@~JX;QtWInv6&+&evOs%suB
zAbC4IF03HD#IU!{l(TGaez>%O{X-#^?b~5*fB;dTV{Ya3#8tGg)h26+vYNmc9Ac#_
zm767;V{T1d!SJ`zI7c2$G>SK0otRnHC2bITWQt7+xab7Wf7rHB#O8Ehcr0(ZB|gsS
z=eQ;2KvUqFz4w-GhfZI4sG7=IpuYl4Yp<&x2}qa*x>f-Py3Tb1zPG(<#f*u<%f&d}
zY*Y;sR=n<@!ivNX9eEMTM;K<UL(&!HrW&>M(^wTUzMd01PTHDq$f$_5gWx<?<*i&U
zN6v^D?z=%kaOpXlkswQ<>HVmItE`-4J8k}H3W`EK&qiFIz4?-Wu&r{Pv+#BI75vIT
zxFKyID*;hjQdU-j8l%ENuqsPhFj&Krroeu%9{EHqzL-09BHeE0!W;Mw)|Ku?Nxp@H
zY-^A&)v!+P&~25XW0w;^N*GzBaWSVULwy5P+4?DFSk-f9YuqkW5USo3Q1OWg`RFF4
zB{(mOrq@4svd-IW;lyawR#d&ruAceG5GSgc0DR-j67T1|Pv_LFz4qmjaK9$x$I;ro
zs_q*rxVgURhR`op7A0Yx;y}27W9Pz;Ifnh>MpgzU;=ehv_E8c@l;v@<0gUdRc^a{v
zDskc9S!2&`O5fsP2<uEOP<RrG(&4BNkLc5@uwb#yj({G^?{hIy-@i@uSFo*Tvq;Kr
zJbz=yJ74A7YBfAN(Nb3V*}-FZ1k&dFi7A|48X6Fn9(Ujh(m#LX&j){3OJc<ESYXI9
zQBK`lvUXeU6lK1fO31i+hPwKlHBS~lQTGnjN3Ho)wH@es4a=xD4A)m}s=~?VZ#r%z
z5VfI;eb~e}ZQP8XeX}{im&z%uAX2J${EU5nySB{arWCyZl7piTf!)s(vX1X#b%yED
zl`EF?Ml^3v8)!iX_67jdDtb7PO^?+MQil5VWd|$^>l8sO4;BZjpHIr%kr7SV-kr}Q
zo%5tNcH!Bm9i+#49vJGLuF$FiX^?Vta8Z?Ib2=?HYc#TAyS^|EKMbi6b@yW7jmg06
zBn0gjYMtY2X@-gMyst^PBG;=@Om}ywK%o@B^semtF?puu<zP|e<}3aFmQTZ^BJYHE
zj{#FDTF!NpI4!&5==$Vzcxdmrb((uMn<>#0>%fgYdP-cdxi7>M<%fGvY>$9fNyo!E
zijM&BC$AMW&v+IV6wzOr^qLznBKBp|QEj;8j?;h(3wYm$Xu@-jKMm_;O`NnpYMv66
z7Hb<O-I10LiyqCBGei0@Q)J|Gt3%L|4r+l9fFt2qV9S1Vq%riM01<BlRcCfxjegST
zlJd_`t`IA|n_+`$Wrs_&p+vt~6>Q=5{#WK?&f68z?gE_2ykYmLGBXi%eXUi)r|YKS
zB|~uDQB55Jpz&pDl-`7zoPZd~ys1Ot=1=6ehad5)L@vJ_Q%Ee~74l;(k7JAH!^&zc
z^tYd`BX_<Pt<eb^(Kt;}_5n)B3TLT#q)<pjz6^|woK1hHL!boE4@+_bhkBZ+Ehi?E
zWBKnb{XJZC^|2f2>J_+e)Z9ixKA5%c8>XCWC6X6dm1t1sD-U}Ve2w1Cv2fX!J^j^;
ze5EiLJI1o+8#n;)8W<IX(>+ie6!TN_jKHFwos<2xS3988y{V{S?(ownBu|1~Pr60_
z=DO?Pfc54|>@zdG-V5ul3*j&Xeqg#Z-OS;%yS5~?r?gADs#Ai?&>6Js_Cn`$jAsb?
zZe%00dR5`J(DrkgArkPakCjreVZIPY2iq#FB)Kbo$-Ge!+UUGG!NW9ZG>!8&pgP0t
z<=$zGw=*_7%NMK&WW)zSgM)R)1TK+zAtUTN<#pq6RhbU862E^u?I-(zNc>)DoOW-O
z;*GpdHF&r7@WRK?+bWqf>V_K%l!$`S1NFoprG5C)2z>)n4|)bzz{)twDn=a-+5uS3
z?OuJ8nw8U}nw>py+%@n(la&+R@WLO2KZLlfkx>P)?D%e>Uk(10&1xf3rr?8YUQ|F{
z_7yTMZ1i3y+VOr~k61esz#H?^mB`x5+S;R{6D(Bb0WU+p>Z2yxOofA$gS8W|vhVdA
zCq2OQJkXcddX0Gd$1#10`?To~ahZCZLw}L6vW!^Ll2mu7k&wJ9MqA~(+i_9;n{J^U
z`!JCm2k0L0QMc&!u`;d62==Y@ej2lvzxPH&+A<DHtQv-?wZ<<?{kFMJYZob0aTLj`
zT9GG&5~kujo7_uPjKB;B33;zK=Q<flSws2Z{k0L&R$=`g2=+5I&UF$W)>v@paJC(@
zJ*#YW_^2jS=mEoCXhXjqfw&8HI(?nj40Nk4QX!-OSHS_BdcgX?y^?^5EkVx~ml57K
z06OqGy6h`X?8ZD_%l*=6+-D_^?Bz>HmHf9ALEIBKNt@uFHk+3{DmI_jZ(O)e4yWSZ
zgnl?kWDN3G4T=pQLxV}E)W(r2KE?3AxO+@)C?^#WKf8F`IA;}1^$+$%6Yk7Z2^nTx
zF7FLM<7V|eUM{m~>^+D1H7HPr+?dnj>|fhy*X~<cie3akBnDtZI91Yc#D3aIPo#D|
zc7}|~_i5B4dW2;YQYCYzc&V$Txl_IYtdqR+5A%p%jB-p)QC8s%1o>XlB<1{vqE6dM
zj%(Z06Q;K42+@iK>Rey5&Rwe(jcFP8p9Q4tGeWw}TR#vxRc2QNsrP*M>{{;Cl;1~m
z*P68qkSSw&>|Wvyl&w_<3W%=+W~Inj<ulvRc(-gTPhCWkNIKo35NdeaB~aWT?Kr|)
zwXl>qgp&nLChuUune#9t<M&6hO1VR<Ft3K@#yhl5%HZ+6LscPCAC$%Qv_b6ARaVp2
zDq=`hOlB4Do9r@T)yJRXu^aj(rWuj(-VwRE7^bHkA;^W>Df1bdcQdB1^8LCg^0WJx
zv}Sq~A8bsdrD&g^!E=*Dli$R_EZ9y+RjMREy~Gl{nS$*lR)UPZy_pRq3h$QntbG&K
zeP}ox?s|O=K=wWfWV<MNP1rQeB6WJvbb3`Dk8^iPyt?YW+5SGQ&6PtEqgd=dfs^_)
zcU?#*vX}zi3*m(`qd{yBtX+d2OITUE!&x}l=a#dw3=h_xTQ;x6iot3!vYN_g|DN<y
z|1jJnyHCA4vJArlMtbEc{S5yx>;zITPw4u=@F|+6<k<PNc!{-d@v!ztVcL93I1c{Q
zSt4?){zaC@e6DwX&XZil?+-OVmXNmmL(s}oFhyZSY@SG0COmqo){i{`za`jYB~G)?
zzKaT%l9w|q$sB&<bfxY`W#*eT=z}V+3Da{G@x#7?^k2QVeDC}3%L=&k5-m&Z&|v1M
zZP*$e<zBA(qc65d=Ahs7iC^4BaZ&Kho2V$9dOBQn)yic#37Tf{5HtuG#5wjd-N*G-
zRcBc{YE(cB3|_+wO6|I1jwGU8{@uw$XKD1&MGf3(5sDcpjK6cH<t+1dkG;kWXb9c-
z^yMrk>KpbIqEb2JCG+`jN=E$)S{rg7XB}@j&<zGVc0ESpUxpH{5@`yg;mnlRq)N2P
z)F8yMBE6<1(s1`8q@gGk$qh!{Em6-`!)nAv6zY+9vaYY<W^I_V*JU(=AuN6dxts4x
zj#RkLb!L%ZdrXVV5c_E~^ACezAU)AX<x7%_aAx{*rZv8ai|t%1s6ocAD}s}q!=h|$
zuOLsM-rB>twb&ZMSA~uF5Pry#V=ZbYKL25m=@-)rwev96nC1_P{X&ICfpuw;a8x~c
zf=fk-psMS*(1#Bd5WU&s=b;4>tAau?3=fF1R>ieyFA7ZWluh;A>V?drNS&;OhvWX!
z@$N1!YZ!xlF5XnjFRU&uE$+y*8J)=ZG9fh#f95ukIx2dTBVsWPd{5I_C&_Gq<7h7#
zHW%R4oex`k4)yJ_ca^@&n2*y1-bpga)0&Ud;@sQ-T4$S{?^$re#oT4TxwipjJftYU
zy!XWs{%S~7`D5Y^EKeJF46G%kN49Y-3=L<6sxP%69FdW4qpfBV$bSP<Z)t)c@jDl<
zFC28^eC8G9Vo6pg#CU4mQws>y<KZQM-_s9YL{@!wM=#tKRHd%#e|>sKq)Ox#&x8(4
z(ds5k#d0hCwIZiXxO9a2cu)$XA=rF}Bd160B}Fw6bwqfOxLQJ3@byzd7dcLBtz1=@
z4Ha!k^O5RlwlCwga;Ho#nvnA5t9OjV>$6nq({nN<LA(C@p`3ScIP9y%*je?h?{;dj
zD_cIdnTXo=IAmNes+28CF6afyN?*WWDr*=$r|u0$uer-}H6<4F(argu=-l^9$0RTa
zdqnA<*W~T2UMd$lWYBz%G24UHZ%fSyDJs3zi)4%N{E$r{;n>^FcJ?lX%Q*aTfz}K0
z^EgUX@#TbK+$_7thUMT=a0*YrLrQxbJPc+uP!t8l$_gO5c1F*Or&~tBR%$@obs@%f
zD*e8wA}oB_YnNp^W@;>9$yk_A{Me=CIkaf_ThWV#-J^e6$X3DJKK<cXlC&FWsC9If
zCTf`8vT;4qU2>FUysTsZe-1{FzE`k+yV*_1z%$UdgtA>N!ZRNoHB6f%Dcm)yyu&$9
zq3X6k!+>(aU9xXZy4K9m;AO|iYx^LSC20lsMt1z_heTf5t82Tvbph5qo|3yB&!3e*
zZ9GvPazB+0$kbFV`8;ha3#P|)p1}RVu#_3=>Uda@8z+R^;C<D#BX+lJi>%}$!`L$I
z-Y@_&rYde|TCbvQN{+~{_)3+yfC)%<IJ)m($g%rvXTP$=fR%emQv(jFpo}f=iCgR*
zH4NIdSCp#a*UlH9osw=7-7G+A&@!U&byTAl49E5=?5Qe`Cj}b?)M!rfgAF|&yz*<y
zmEY6T^B_&Bsh{h3U)X)Dq6{uO#Wm_J!2-JC0Kbnkr6T)U&Mz|`HS-nh__hP4Q@UzU
z66)_0xH3Lczqj#3QOOB=czf+i570ywBcq3_C?f@^Hm%PHHj{N}n_VfWbuXE-Dg(n`
zz@2^J(jR*oK9ta)$EwfzM1wnv`7qIxbDcIdotXawgf01T*aMYE=y5M!+-(JL{B@L8
z49An-G7SW#qL@vUc;ITyl1Ha!onQk|n@&q0+Z2W8Unj*Feux<;zgmly{%$rTy*AN~
zDu_Z`mR4ue!CbJ~i(o91p2Sj==gf+oC&B7$Q@vU4q<wt|pmG|yOd84wO)#5)F@Vo%
z`%UmO71%)jxS}VUc3J$zQ5vXidWD8O070c4HZtU-#UtUT+!Oq&V_2sQOo;GQs3+Pg
zPOJ|&k&U1isn4A=bxvHZ$#VZ%MReQlH{i-fnWuNEAR$?@LDi9TnsjNg&!!0U!ku*z
z+J634*El4ebZolC?J9`2;z;#DfOB-T8hy|VsI~sgITM*SZcLt7_5w{az+t<{pNkMU
zFJP;I+_1HG$4)0%WwA`~SvuO9dV9Su%%5yk9e#bL=i?sA&!RYg+bVOQIUe_thX(rM
zq|eNIO*2V?T@W<;9fxZ|L{=GIKj@M`fv<+jl$4H$8&+`8(R!&!@tYb1`eoV}e-N5j
zrOCT>#XhZ+%s$3rp!9Gf%f`WBscc~SppfadOYn7IuH!+oUC5M(zfZC-i3`!{UdyIL
zS_TPgB1ntYy<j4LS3OPDSoBhvu52q2_z)OuLd~e6X@$W+QTuY$&S=u4#=i;uK6FTr
zSXBRJ7Q~XIoRWUeWPw{4f<*F;;>2;1$6>OKbD52q5gMr%{M`9y2NG@n!FUbpvC?iQ
zvd}2e_)1{a5Zn3C^w2JG`bo2`=eed_$Vcu($V03!KqaZ8KYj(!p1Dt@#(cj|Tx;i&
zi5!DGNJg@(IK;_xr_Pz0@iAV`XmErfcr%$JGyf+h)t{~S{Q})!)nd0IP!)~_qYyx4
z09DqPur*Q8H|o6A(xYD`YTAHN)8j~Kcsq<3#$yPT97(hKcAiXqf*fRho*T{iJp7<D
z_F0%Zd6}TJ<d?Ri?gzx$4#04TC;4-*2op|5NkK(SR_JZzfn!?v@O9PU3^Za(T~(AE
z1<28+%7<xFWjo1sE<?@mg}|!JW(sKE@zVyy$Wv6?ubqSWHtX@NuFFb`8a-ni{%J2G
zcE0_B5V^FE+U7+p72bM5|JLo#HQkERP>O0NV(e@8eKs}PGEGX=9AV9i0=HadH@_>1
zgV(L+I0+xN#Jd3Qrr_~4`9{B6_9LFsj#F#TTOqc~QN{7^Uh{aCQdQ65xRa@)I5F{a
zS=slE1{PV33xmdZ5;Y&;PE)RtsP6BIUb2H0<V%h2hqQI_6c=5iAC{8UmF{DR+?E}!
z40b|dtnLQao@2cCPT>gXuWWR+XRt!pHbO7b`XLP>Q!*MlzK2^RvxKzBtV`DPaiJNj
z=AjWJG3g{8AG*b3-tg57mxU_+3`S=PEAAmffY<zk^4=dAj#pTpX<1xProw!p)PU&+
zZL{uMB}tR1H8yHC_PtXsixbC>0qXM&A{%&9qWS&gH~BvUa;v8Ecq`lr2e^>~X4#I*
z(1XrohSb@r|0M75Gbi|C;E*;0@`^+K-9Zm3(qBf1QL8*F7PM>nOkAhvOzv|D>~T22
zmkn)e1@}H<X)_nA!j*}EN(6}%ege!@PuKZvPux=%5zdec7U9Tk$FC7YZici*&(4f~
z1_hhS!AQ(+GzGK&g#FPzJF=m+dSLFq#@D-79(_7%j7<uT8R6RkiGhudmll>O=5`T5
zhI4D+)$&qwjU2)HXZ3>mFWR#79oP>;librZ=XXYC7n|C$*L_v8?WNqQgF!N{H{?iK
zL({dyRLjQNAHGkdzv8s&q+Bu1xEB9uJK;K478YlAA6?47C7F}|=ACC7R%rH-Bzi8r
zJWKl2x<5lZ<eohnSEiB2?tSsp=mdM09jz+qlvQRm7-6e=WnN!jnRPlhtfn<(*4+W=
zW6=-0<2P28X|pS(IDUCM6KW0hQ=GB5e>91w6+iKbuXY_x1&5i!7mT{T*iny$Ugd^F
zbp;YO@9LI`bXQ$o7&m^=<6%N$pL;@?2t$&v>j*9~b~iP=&AE^54wnkujUk40QHQ60
zK?Jcp?*K*_q61qMihrp9p^7ftOlo>8Il^h*KYKN32$bF_lVA7H2gI&{W%9+QXLI4v
z&@AgK6LmUl{2N(fL<DeQ4wz8Gg(p~`SWzQoN;fF-{G}bF@0~qRa0~Br-S?p-4=mMp
z7*BsS@vN6bN^A3in_t?m0`WSS=~kKMXUhk6;=V1h`>s*zu)fSYZ>^l}0?Z`w_yK$`
zC97F>X!V%&_-80DzurMRoWYY-!=EP5XOm@B(-To#t>uxN?)BUU)969z1B+KArQZ|x
z!Ts}6!P)SfjQ6fQ<-_VF<<l;E!An72{!J>4ynB~lm|tJ2(<i;lVNL=<+y!(cIULwX
z&g0cU4S`%tNS}3av|3KeJ=dr{jFWuO)^0g87%9AKjAPux>xXLI=0lkI(Qm0~X>=eT
z$(+)id~fatIsLDS0@iIB0@nIybJ|c2)-+r#q^_@S#;j~okNFxM_SA`S+N8wOUB)%n
z`1^8%WgA(Y+TAbyieH7n3I+{HvppmBmwb1le>@MKcx_~9_JrKNfErwc4v?}HxlPi=
zZrLwK(b~Hw1WG7u3h6Op_E#);6ILz7xK=geCptvK`veJ22ogHF$mvSJ<;CR(;UNVn
z8k1sKWj}4%mICx0`gXtRa;wPH$HiP~{izLa^=*G_LL@dZfNS3+?oh#$=43i`*F+m)
zmq4etZu>&iZCuZ$9ATXn0)9Km)~R)rc6}l_<4&w@fWk5<b2j+V>xj><S_Pl2%CxU$
zIqlb2^Cfu&!{i73p{tN0mDu9)0LO6(ss(4a)YT5!YoX``ZS1N}?Y0izhPUSop6ms9
z%2nmL;!KqZGoF+u2cY7n+;cBVf_+dmOROGM(!ktSo-4ZH<f^brQv0kV+g%Nwta&Sj
zpp@kl&Esji{BAl)=DY1A=mI(cH%T2qH8~j{oqIcvGnyQpe^1Tyn#fvTgF`k88%cxJ
zbW0n+L3&w5GfW9`H;thxTR_FR{7UXhSWolnqWX!n(>XI4hROqUW#he&F58*wfk3ni
z!g0r+{_i)5(5R{WXBqemvJod)fz<lg?-utgt3}KuxH4**g0U{v{poXMJv$EVg;X3j
zD*+`bVI~J3;CDLG=LYBZPU0`X(Q1BTl3HzM_NmS1N-ewPD%3R4@EoNrr-A<4TANSU
zgDxtH@x4F-OwI8qx!i9%J@cpa9C>F}GSYD!R&y6~%gc&b<(0V@P}tV!b}pjAns!cc
zB6r974{NwMg#KB5c@|>v*bWReU_+s9_uZ5%DBX~=oLs%v8oPMDBz<8{+jfv6dZZ2~
zmcf)g;xh!bnf+a*Hf^{O?INCW-)W~#*CGLC<!7qrUf&Yz2hO;$Kc=x@uuAbYcX?%e
zwWA<>UnzM!K7xMogLUH7t<4bR3Z@mc`$Ncxr?79E!f{>Q6<l~4B3V5b#R~K8lJHCL
z(~`7Mvf^lV*75h`Ec4b>lC_4c<}K?>dsL(Q9<S{gmWMf8>(9`vs7o%v_Z>yqW^1#r
z`~9!-!KM>O2ht===55w;a44%VHOAdiyimc+otANrN@O%Nh}F;Q;4FAZAI(mbQ3eIx
zO982yLPe6(kMp^3#;f<+tdC0jE<d$mm3=lTZoat{1&7I;20YilRLJT_G>qLa+S@8L
zTDDVkV*|H0`V2m*AJrc8e6VPS6ob!lpAqM(UregjH>##qZ;%$g+J;9d_F*Qxrz(va
zTAYvxxiO;W7iv(}5;Cu8$Otkl7JC=yHT8~A@TZ*b^RasVppbBIv3LPUX(`ipwl@P&
zL@+5j^{~|VgC)KT;RgS#rFuOXEZ-88-!T{KgE#~m1Erz@*b#=p!8C52E;`;gnOTSf
z_?r{z=kq#j$#U#9(mc9`{uxc8xJg;43rhE%p(J-|F-UBjTvV##nV2QN7?dkO7u#tZ
zN<zA$W{~?>)&@t}(zNUb6>Cq7iWtSiXzk7gGyDMwo!AQ@ui|66UgE}hhql51Vb-#P
z!=^M_pRlm2!s~@9zwD<I<>aqqXlTm3+oZgYLF0=ymS7mc(+Y&8`!&52Qoy-!fQEoC
z+i|JZ@42-#7Mt1fnE^ed;_Iucp?0Xmw0tsSVo8ZCKiZjNU=Cb&t?!l;(-Pc4nS!o1
zgYA~PY?~p|DWAXFgzq61iKcL`X;w$@qkI6%prucgx9p)gq!KlxG1=cg@$aBem(j9K
zCQ%kpRUZ@@A^c${+WI)dwLHnt<o)18r<7R0qnngQA}fesz7UBwFo_2=LlWENkbO>_
z{&U@|*<km<>T4CdjaD{Aaz+@(U?D;HgjBS^*dbav@RtTznoT0=3uES0v(85y5kIDH
zBX#$=*UAPk4UaA;kgOuNCfzyCzRJa-np*6O5}vP+H(sgT)ODHMlRkBWQbMI0qMs^y
zB5RT!i=lB1dKIOr9C+xX%eK6+UsUMc|C$d%VgKb`tul@y(15BM(`Sm1&ofQP+D^J8
zzkV$;KOFBU;*fak)JH?Tb4>CY@O1Wd&zua6iRFH-Xee3uh56tVGAh>SQ(m4kQbHn0
zEL;+KfqWh&%H;1Y(Mz%U(|eIehH3oZtNKJ{v>|GnF{v8T@$Sr6X!!@j$W}^ErVn}3
za{DhgNP0cziDjR#fV8*G*Hl0KCf?p~@WlkW<16#g%C4~y=+_1!qaMqg%e)Ze<G_7-
z8>{%U%VERnI7eN}Vdl?M@lNgX9L;&VrmpkM`-W?_YSYfE(|MZSUN}x<wmElQa);O`
zDs#Kb&BbLHHbO6N<<oVLS2SZop85O95+ZhXfzMo{-=^7h3Ryo3BG^2Y2s1vYvAlCy
z#{^}Q7&fwk=xypFv?ua52a`tacs|m#yleV6xy<2Ys4v2#p2lnTic3Yvj7~{KR~$@F
zbgqIzzD^##Gx;=tSufyph=#YsVOS0Yai>{|NFnRf8+#sTvZgWvN2_gMdQAfvsycOj
zeOF1g$24!#*L^>UB5e)r$Zs0~1vF6S8IDg*=*v+p1Jve4B(vP<uZH06w+fPn=Q>|d
zbUVCTdP7s)r?)21f$r!Ea6rYSmY|}t36k6xTu<ce-+^&A^^JvIukCKb>1%hMyhpM9
zvO4KX!-A{|0-F#v$Ev$_q<pvEhzF3*WLXbLzsaHbRA=#3^dDhF9Pv6`>~6|pg7aVX
zgfuCsdu@^RX?wwj3O16^9M&MJw!CTFbkPp6G%7?Z@v`j^c)ijq-NMPOy|&oHgLBve
z$8XGgF<gCog<S|QS=HJB2rT`T!|uj%liKEZN5AQif7mluMK;5xqAednBZN_##8a2%
zRojy`iDR>p{Gue)>UeH|*^Isv*%u#d5U9UNogi!EWEH!gpTVID><97MStJpWp^>y)
z6#a}`RL_Bz4dD9~F5%t%kq>Sb9cY;|&4VD$z~435qtdyaAyNi@v5p;*7Bq12y*UIJ
z?R9?w=6@NX&?7?HDVS_>@G3z*V(jfQDS>}h>+ep`6@cvm#fGM}eR0u|35~?53@yf1
z!B}rMkVTho;9<g`4=kp26^<(zN{En-3YBL-z^9M)7K{zam)Z?o&9iywR%tn0@g5VX
zU{JH^!w{a000fq?3j4fy&+>dTgC4@1%VGC1YpnZxQdmPuR+gbq#=3y6#LJb=>~u#0
z0`oCzs_+wb94ef7ndB{8@N$sRAy}53sU}U*`cMzzm4B}~*L*;FQ$I72{I2jmaJeVI
zeS<Ga>5`FMpRw-Kuyc=Sn&-Ks8}SQc`V=LChfd8!3WGOo<N>}R0<=aN`yTEyN*XvU
z<>4eVlz$F#X9Yd^so*NK*OOfI?73YH4U&I5>G>_R<b4gxl6L2p_~|%dKy0a>V!&QZ
z^!aSdkX8mOCNPj+ro>Ifq%&b`3R0u(dDt7BBz@~jP<K&nE8tA>za;pT-+z4VljX*%
zQ{8de$u#TIJ)$^!BYW894`u#kvePFPsL>+-rjf-&=wJYR9+!Toy$*4w{4ZNxUpIHt
zQAeQuuXLlSLgtVB{}m`|5N{qM=S1|<dVTs(B_@~qCu$S)H|0KvLk4CXkRu;Vp+{&?
zmWL?QDDYn@y?~=Zut{-J0|&LL!8_)Dfw&3~RP#-_11j%kuD%U=4@6s7bib*~W`gpe
zN$N^MlUG+y?&C&aH!ibZ+ZK{8#s&I5GhhUn7K>r54UP9uNaVdQtWp}<1o4XeUb1UF
zHd_I^>dGJ@ZHvRwf6yo$GrTU<=Dc`;N-h-(oHzp6Uz5&a+}gU|jTJUSiDs>8?{Wn8
zE>{VL9=r!gNb;{CMz4!cKR;h`0EgF@3Ivr0pHj+{7SwdInvl2oW8e>siIDU^lZ1Wp
zu3kU4?bRbDWCE5r^y~rDp@*$|mFd`@CY0p*3#hOV`z0teEiZ;oj+%yMr?T}V4g>;8
zt#<B9vcy5P+1H-Zk?1R+at=_bc~SUp7cgy5F+W~Nd0lPE$;KaXv<C0c4g4o46o~V6
z;cIqgZ%X>pdCPX3JTzmpic5HZR>0?z)wnvFpGBE^BX-gr6D)VGA5^el=d18zDlxFE
z5-gW>+qP%!{OWP$-iX;^2k{=x1KWBmE37`Q-VTMJ5L&dew?N7H$N9f9u}_Lg)!v+x
zI!MEk>ReP9TEdCrZ;}I&GVPI+o2tM3hJgxg8=82aT~xHA2U?0cRD9s!LU8VX>yd^R
zzL)8i6`uZ85Tg4}qz_3^)O(Kad@B2;o-9M(y(zFw(!*8YJY3l}!7;&J0oKhs_AAN5
zpU{!m(6y&sZvI_5eeIje3Q=ZMeYY3eNYYNBn;Iaep7A<-=8&UT7FbKBiBW%AJjQ#K
z+@Klt?(#kz7<moe`r$x?*MvGUJg1$~*)U;P^uwmA{d*tln}Kw1;y~v&9)WGA8d;86
z+rZE=zunSgec!HSUbt%13~jqqZ$pZTC-6o85eWGP?fy0M)LZ&5nh2@8{&HLkb?G;&
z)47B9o2Qe-H`U(0ixXDF>0Sc<k??Nm<#}g{XGfROrGRf>V@r>bT#(0E0gI39UqqG*
zBkf;w*Us~)U+0SKMhw&$^4c6MUatRr!F*SEFT;7n6-PiRzaQE<+*>riyFjK$4jHVB
z`M=ceiiYaUEugR=s=(PVDVr{+&XN@j1`bA7Y!MVcCXLH4=-X`BY&z*nBrPrdtp%@b
z9ZoB}IVs|=gqm*DN$(DmNXJH3q!a3x@T>Q5nZQ8Z>qFHmn>e6j1I0cCR8$-`0pp(p
zA9P$h%<KfEA(_!}07F}=ZOin1?{}Owg7Nes$tAcBLzQ-#1(he{q8u0_t&j=s*5QRM
ztu{^Wpv0b5)hc9ER6X}B?-!wCE9H2vla?Y@A1G@0Yt7_wcTL~TiqkODcfdx9f#*R1
zwOLam($^xsoxe1mDAPBFP>)jMG%IATs;NzM)s23<S*RJ8Gyf8bA77m1)^2x!P9VM2
zY?n#dXhM$d10<t6vHPR1!b>{u``KAS&`Fk}j>Q&F(k^9oHzQe+C}McX)6)j^cmBNn
z9pbcq80`nu*&g2=0V+Y}m$we)3n9fkSkcr(nLo^iw{ZPoE-KyH%L?G$uS-b7MFxbn
z#zFx)bBNqZS5U3YLPyXubg^3xzuu4gH4c3^cbp5BgGt0bak^QwVToKiZsr$RKF*0e
zfOdfw7Y&?83=hwsf2)_zh$+AnhcgBPOtvf={S>k;O7)i1LWy?=`;vcgPBe{_Bs4UX
ziG&Q7OhaY&Epr?CaypV-q3=a}_Q1`Oy?y^jydm!<)g~ge<xjiAr}Ojk<vYz-=qQ$=
zyeG|Dwdf#{=Y8o5D5ANrCWBx3V*3&gB7uae2UdbI;2Al33t$6(^>Z0}u?oC(#c#B?
z`BKTZqiF9r6=k}9cnzKW?s)nR{)$b37a8Nu)0{F8Fr+g5(j9yS)&Aa>vZ1xJtBESB
zLMO2@oezNBLu&jGlD=6X+9U2g-ut&xF^*&K=9i5XE_LBkAntsP2Yf>fe2w)ye8Rn3
z7MF{29kcof?cW{X<G8W8G!TmGGjyPJV~$0S-4}wh40wh9!NTol@%)7w*GfbyY!5NH
z9-qGC20jVNxOc_6ME?p8eaLP5sZaDtD3-Fo#5+M|fKu_g5}WcPp9}+3)%3DrS&UKW
zx<r|?8wK;iRlYw5ti|#5z9w<STfl;$|M({=@A?neZT0Mjgc<gjn@E=;zTTZGn;p;l
zVI$_hnnlMcBfSwg3~Xz&y@iJfp>g+s@o$;kXu{rF=YnfaJWJOY+*}@fy-Ulr9dwO5
zeDqfJ0=vr!JY5Cu%P{)4oXlx&a9|ND%g|LUFISL?>;Gh4L8(tGn<l&nGRwVh5aji}
z$;d%UFJmDt@9z`Goiz|YZ9hXJ3My<K{>oHoY9Mr@zjcw_2}V?Udcx29zI;waw|^qq
zA_+mbK*j6&tF7pC_8a~ytA*3!ansk11n(>pk9zX;=C>K_bq4t0Xr-Nb(71X}_tY^D
z$)CmjAH@RCS5t%@{MyOXc0CRPtU(r*mIFx?nGjbOx4l*aZq2NTfUwp4mYA<J4&Q!_
z{%DOMRm^`5q7nFA__h)5;QL~wG`;($_Z|VbI?2iojwl)Syb^%jTjF6DB8EA(Nan9|
z>~UY!At|TlM~DiPA#o`MTO{h;urt`e&+q7QT!i<K7E6k<tZ@P$xPxviKgp$Y#N{b}
zWuhSpPQJCoab_|>Ph$q8rh8|RKmmeIP!Xe)Gbvw+Bf(P-V8g)AR)oZwVS9M6q2uks
z2O?MvDH$4J8F0G4h-j+cm~)otl%+=x9I7}wpFa}Z1;8WhVl}I%8R6$=gnm?G^xVG`
z^F|l9sS={V8-d<vMo;duHzI&-rbA5RoZkZa2w!3Qaa=J&&;;%Wl^abZ)D|JG+tCn<
zRSgd*B#JIFEermvI)5<YmLF@|`{6IT)7tkou;A4iMIO5|Q{+1e;%&G-dl+c1Kp}z4
z9?9a{us3+;UvzLumC0^mslgelFH5O5#OclgtpWL~=uwtdBS_NChUWv3m~BZ#q$<e=
zWu7nw#fFBId0&sy3!oPsGaI-Hnr4LD;Up-sDvF_RXt$S=42>G;=1wG1hXaEy+})bo
z@gYl^hR7c)7OrH81Bw-@i1c;?JQ+Q0;#E)uql@iI-e|b`W|(%sO@b>RvR@oOkOe^>
z=1pu!5^}=jGV#{s7DH^nTc+oOWSEoy<CL}G1|1%C<u%5g<ES10ib{u!@%`!gcbSuM
z`&0|zS3t^5#4u6yIm`{^;}rTN{;w!4#ZuujG1j0S(T0U@g!JFL8u}!ukH~wI8u2F1
z&j9F4p`;>)`|}v|xKv&Iwafpmhfeujtn72&R?aRjgP?y1^AUZgT(mdpvk@FyNr4sV
ze#nOtt;AF4>oraxlU*wNOnUm4y#)4uqEWcVw3}?${!DafFngG*8OH>K77Q?YLq4z7
zvVh;TIS^;R>p_~IpbtL-`W%_g%7u@M>~<ysKY8O3RzCW&Z<>CzYHmj8uSb&BFYoV_
z1m7_N$j}(*KN`%rUdpqNI>uuEeWJ|!cj@eB|7}vu(6FwB4!0<KN?7kD;x#mBh8<<!
z3oMU*{#E16aaKM)>&vqW>$ZC0Z0w$^ao-#E`@4Q&J4Ypfa|thh{;tmZQF}doZ=w8K
z**9;RTx2CgH9CoyyUv*Q1#jlNH!&|9HVnt(!HOIE|J`;6e|&M?y_-z#p!|!#+qs%j
zPX2d37Z0dP6VKcoQGlCCE>rpkppaqPk8Mz`MQ*%+i;H2FraSZk^o*uur^p6Ffb$3|
zHRVJ=i}$@#B+!MFluQZ)2!c)_hW$#e;qX2wZmxf06RTKj-2Gm+`im$Rr|{y|UN9YU
zz$H}Hy)kJZkwJS1D(`C%fN65xg~XCTBXk~q(Q(^84(|Nmp(9$B$Bq+ukZdu3@pnW=
zkm}!nnRnV^#hV(u$O%u(lMSf7jvJu*!M~kak80&jb)&3YhI2HXpj!^Of9))Udw?og
z-{kV#$En`h7m904LSk<I1?`J!P{SwiZ2y&LDx<;<W$#~-Rvd`r62U(d-XbJ4v?3AR
z6zg@*@1-B$^cJ4jB^J61X4f>M`$FUKCd(`0|H|uxi}dscvZ9BtKV6R73w#Q!JpOwl
zf?k^WJZ9^%%#BYy#=ZV+`@K}##@!MWLF7Ssmqok311Nm$Pq#nB@ew&6Hwf;K>H6K|
zF-83~KNLwB$%w{<9*-D<V!ws{HXpA$ImBm*q5eolE*VVmQk&Et5QMwGdcFVe-$5>f
z3-PnWOjtnd2<S{gAba<7l=T>_)Wbfyp9<-%(F+~NQj_^>zc>f7#vavDFVWvI8t3}m
zh2CTIPy|uFGe5C{v{~l=_-8F0C}FZd8prei?d3bFq=2pEri!JU{}oC7#MXot6DZv(
zbH5@Zk4IgZ#g6*-MuV6SJt~O)U{S@kt^`U$O>z|FHW6<DE5(WbmS2>FWS(~NPxMkv
zO-7|M%kmOKWXVLRnQ!sma=+c|&k-bwmk5`zzE&~lBv;cTbsVqVO_6TSeERqNe6O=j
zS}z{zB!sS-%CtWa3_6zB-^Vu=!~Y|nsa;^oYVc@ja`YL?Qhvnt`$D5z-7Ts{u-b50
z=K0?{+|({K@cK%TY-(g))edw$elY6ZTk5uT|5hUy4F7K*5$o%Ulkn}784p8dUQyIK
zd2v4=S<pQ+?v&sgX9)^sv_||)`fq;$C-X4MIsU$>HLD6VvmC6%OiYs5N0G<Bk=1}^
zYW7n6tFr`sD}WryO+W^>a$b1|R-P)#n-k<225%Yk|2C#>{$|am=E$ho2XlHxdHkYH
z*6HkOrSt#oSd_9=64k}z*VUvAD*1pJO$jAgY~?T#Tn>qIfpLBKexZLBsS8QXl`PS1
zvCfg|gpNY5DZU)OsDM&qqk!6{|H`>@K1g!9=2bJRCg>4`THFK^L`ePHHDNw>sjf_G
z@RX+OaX61q1XKRoId9ea16ip_A&0Y5v;8`f`Fa6K{ft@ReF6DfBy|64Jr<-<>#bEq
zj4qPd@_u8?q@4}C<iCNCNzQ{&-303?_L43C85!;>-vQ<RXHVm+W<>PoTL(<YtDRdG
znmEng3cSB2y~Oxili14NdH^!qGTmX*d~(bwddeB7KZzJ<*Y@Aw9vH?+4Vx;i=+P5Z
zTw{o_VF8aCssHuxFY!o<Ad`d!9t-lx7T=d)wlnpA(>%z9RhAymE_LflPc#K@;baQ9
zpXU7AI)vXk{Tj5T?h0prWkc$&YqrWfKfQop;{L9h{KvEM9So+J7CW1-`;AihN@6wp
zC5!)g5Def9-({`8CE)Z{Ej&*H)S*@#8b|)u<Xe~xgozZLCQi>h<LeMtqW>K@V63n{
zO4-jOpFacY;4Ln4Sz}C{F|;micK>7gt%&~=n+TQB=niB%DDx_flbEt#2Uq-ec-;n6
zTGew<TUxoS%tB4IW!&==zrFwUg%~Lj8L1*;p%|v`UhU5Rd=-|B0u~j~sSXMx8PH6W
zFUsTfLZ8$TkWztvn-%1OlB&{!)U^W3Uh+eslcziB{}0XI@?A4=N0Dr@HvwnU6_G%#
z|E&UKoM`qSQ@gZ(Cmpn3-oDGN)7l6NwLIK3wap_ug{pD-AtU7k|2KFizr*`dyI64&
z>KX+ag+=~5rNKYSgIRqn`ve8H7_EJcLrngw={i=>f%+^u$YUcVtwBJI=idxPU+?1*
zqXj1iNB$yr_KEs7(m4eZs~v=DNm?&_Yg+mEeH$b_#0@>vY?-a#J%R+5FqvDS+6r0s
z^3cXT#X}=^GaN?rh%1)(q6=O!pxc;j?V9i7Ak<J5uY>w3jD(=n-J!qtb6e)Wb6|k$
zz2W;xa#mRr*O|@fWf#*Cih<5c)?)b7s#XF50#LueE~~{~*9Ozkvhz4+^4~r*`%K~Q
zP+v8ePtMk$AOUqEog+8$jE&CEr?l`NRR^}LJ7+&;5P6^dj%Hqh8uL*0;;tX`u%6hz
z8FM?x^}=0QN9ez}Khc{Djx;xz<J}||EFWibh61rI<T+aBK`~2!o?bRP!7yj2J!v5y
z*6<VT;lR?o9$>4q2=~0aC!{U(Fab;>vD*Et&uu&ZCk4J6yqL=1W1GBWk^fwm{mhvD
zx7%a==%FVBHW{h<Zv@fQkcM#S@k=%m$8w|2)gGdt@uk%pE`pCA<DfF#y<BJk2R25J
zX$>-2?wjGbx3DC4KSl#(ym}c7$)Iwbt)t>iw@8L(FzKN?f1aPASA*%UwYxs<MVCkS
z&PbLH9jMqk&plM4hYlKH5n8|vy^#!;>$gBLO&e%UVWJLD7Vj{3$2khbuD`Jz>KaP~
zdT&!C^+9EV&6fU;r>hKzs%@gu-Cawkw3Kvr2%<>0bm!92-6?{!bV;Xl2?$7cN=SEq
zcZK)+OYGhI#LStQb7r6`MGn3G2yE&<p6iq7o<N+V)_5~8*v141exlAP+tMF{*u2Er
z9`6r_fNYO&dd&XN_oA~ZUC6u|uj2^)nmYjPJQ%J*?(;RhagIZQpCXIl(0YNNpMSsS
z;+~#a=O17gG#4ct#mEwnrWtzm^;+>Y(D<4eeT{mF&G%Yiw!tCS3y8Yvz}pwng7pi)
zz+Oji7s-;rsy*ce#m$MRy3wq0jL_7UM1y#t5m7110s!Z?_!qnod5;d<+MDCxwG=b@
zAuX4gl@R&6eSsm|R`clu4k{kw3B>a=ZNi9scfwvf3i{RdeL6c5k;Vd*Wvqw7XW1C0
z3Xmhe@l{@ep<ta9M@}lYSQh2g@yxLmXVA{iiA7P-Mdt~nDRKB?r#XvnntZUBewfa>
z^~#lE2KT^-PtJCn&*=4}T4yJu0NzS|ur~O+32a5GQW&##9rLM6L3{i1f>+DkiFr`q
zFPHg;#BYK<orjHoKu+@m-(JlNZ=}7v2j*%l+@;SUKup6Oj-S1HwmC*W&=1PxE!6Dz
z2_nD*C#s3f&PN0KE}T<@z5pyU>uGQ@PfgP&FJ5;0p={6Bqd@<3W0nXEf*Iitw{^L+
z4sRR0?TtmDdPTQ@&;N%pBV%IHQBHjRJ>yjxBjM=;9cUiTnDX*Bx5ZkMEr+m!yZek5
zt?y9)`Ah(%c~ln+vwJ9P7A=;+7n<J34or+8vA~>p0%OuDQk|Od?DU&e==l(rCYv91
zt56xPSTjiVhnV9tX3V~K$9-l_Z@1(hfi~z|*^#U^DZEEGkR`_QL+<Id@*sv*V{tMg
zJMGsv{|T%6%Uu*!w;EH>-5i!B9y5}V0Nja0&(-93x#Vf*`36?hx%1&9rG4fMm_x^E
zRn<)>bNLH(JVT{qIRI{I6Xe>#V?a)U{0HTN3>q6_U-XRMa6k2>cf&GpOch0q8dbd3
zaCqqc`I49y#5o*n6t6UfUy|LOc1MBF);~9zgU{~ZsxSPzY(763W(03)ge)o5qi>+o
z^z>`9Nbs|>QC!Qc9I53K7X|!Un@!ZE06vY&lWQQDpdx;?n(Cry+_Vn!>Yo$L(+=xN
zkQAH@vG{H@w`Lw~w1%}@6YS><&);_YWOc14Qtf}DhL64N`?+PhhP9zhz6zij>+q*9
zfkH>DM9?%PlZunX1iIHcO-plydhSdc5p1B&nChwxLr?KNSq51OvYnXF*lgZ>@G3fg
zzBVbx%XU#8w;D}S@iWjo1EVvvm|p=(P!?3!<;eZf#?SFs%36{0nL0zxGQX9J_2+OI
zdg9YV_q^C=z&ZY2<}Rm)!)4;Vth2V+AsF@<Rl<J$<xH8E?I}+OBQ`Aa<Q)+?!cy1t
zM%R5lhW2^wQEO8@Jr{GrZ$zE*BTEcVz6j4&ocPn56Dlpv#1R1~HU8gHEuw;ARfQ0h
z%%dU^-wtdeP>B_t!o0$befnjXw;^5F1Xgqb`8&~^!?~A*em}$dTp6A*4~G61`)(@_
zH7E;~7$%TV`wagUmMvvb`q!sbByTJ3sX6Dsi!Jgv>pq1(K3Sal_o;#1NE^mt*zI}p
z)l}GL;TnXP?OZfs;QvEFISLR*+t|x60(C%+5T^fkw0j-;zo-_LoI-Ml8WbIu1#sOf
z!uz0*bcT!{(w{y!Z(eMkN((f!c5M#+ix=~sucrQl+@~g2My2+C^#dq2%S;y8n_6xA
z+jG4G9R5iQ07hy+@6C2j8nMGr+*^XW@V=bDt+gZ}L(21nG{9cAb5Jk#JU$#g4l403
zCMwy0M6Nn8Ho9?Ceind;D{W?^$33EL53X+tcv~4y<I13tJ;g!L{%}mh1oGKt*@-v!
za-%CoMW{t+tnt-AiCV0s*lg>zC>b^2GZ5(CEg~~f>qySoDD=SW*n%z_`UY?^j{>cC
zJAgi#BZFQhUS2xFfT=Tk3oKt9q3@@w9yqm90Nv^*BK7q!k-k0cQIMhreQ{tzy}Zh?
z2j9*wvqJLFn?Pc&;_vrS;jNJUx_MhoRPim0!C{}<{S+l3_dDQH|Mc1bex3jcDra#4
zU&+$5r_HeWiFW)|jpB`TT}nrgfb8;-BjY7YvbgC7=-GoFa;HONmAsE@s{U_!Oe(xq
zCOtp6^M1Eo<ZnFgCD{aqIC$YxIi3#l4*mX}=n@2kgK|J7xxT;c_TXi{njB=D)9dSv
z1eQC<xc5(=pfszDr0Ps?YK){+X&^b1O(0rK0j5#(s{kF*dmRx-?fuR!F0`zWVLJh^
zqXd}<Xss)2XK(*YOROEpJ8IrRrVcwozz{H}fmR=|RGT#u$_X#a8^j?sfQa-zi-$h-
z5EPOuEV?%dKp!@NgN9rk_tl`O*6_`^gLqnnpOxj0ccYJqX276<I@BM+8{fzfmjT3L
z{q=>G0|Bd!`NRi;3!?dmyE&I>T^n*=NZuDR*I+1OXU9TY7^7|vlK=k;%;DgPGF^In
zxEvY-NGbpiqRQ5A18ba&jI8!v`o_ry<qj~Z6)Yh;7wd_m3L64bVe63%87D-0_lJ)U
zb^_?pz{hmCGPAW^8NKA4(f9MR@57z92Wm;f&42kS?OxnQ?#~0+?y^!Up$(4l8NeA6
z_mOYnf&Wg0f%|g>Lr<HR??=`e?t6zfA#MFpocd6+6jy?GZ<in2$aok0n!x*D0WPkZ
z**?Ou&?NbulNWu2w`Y0uLKahA;tv%%jpKvdC&UJxCl7+M2z^6IE^Z@~A}Or8mbZ66
zR=p|T`e)tf>7r|2a<bXR9*`p?x%FS)9K^eu!T5`DvXs9s3Kk>ggWtd9{(2J0>3O}G
z!aFWCD;?p{hPpXn!RGs+eMlpb_P1|2>QC;9w;6GLlVj=H2laW8*yAjBmth3*qbt}u
zWLix3T|*`Y9mtGl%&}RVG<pti-Wik5U-dTNe(O|qD2p|5g&<upFz1`@@l@o|c%o3f
z!>#R<?DbZv@n7gupb#iAB7AF&aww^y64P^=;(JYSJyqXE3z=!8B+;GS2?Hr`mFl%>
z0jFMNMo|6Zx34};!!Xl2PEqd;AjzKnoPcw~*3es^Xrb)`j0Z5~NGJ8VT8-L=0}3FA
zN-bGyBETpUk|A;c=bZqhgn3qL4EUKgU{cB432HFDuAjF~jd@%d&Mg>73C{-!Vbo!O
z59;9NWA0xR-nq>fB4~qll$DhSA(P+J>lrIqOHZp}ysh!${cU>Ms4-$$qjw;qbyKGq
zzXGt+Q=q`s9OlI7c&(?-4s36I+K1amZmm2E75Yb~CJ`nP0Z}JVXp1Apg4EX<rEa+l
zXFiDy1{_QO;nDYg+IQA9N70}WGJoU!Mdf2<1@Jy6z^t8_@vf*I0D1nNaf=<Dza}+K
z3;_=O)SWCjuQ`D7MXcxc2~t_U{%V@foOXhO3Na3Gw*PWERIcByCkzx<fS#tO#IMhP
zzh$v5_s%@5695&TL~_N^7pC)n+TX3w|DI&VOTMz;avN$KQoXdiY&Q{YI+Q%%d)Md7
zH9j!??gbUbp3JPchcAFPt6yjQF<i{pjdZQ6S+KJuqRrF(P-CP)q|*{`hRTwX<rXK|
zk=5PdN5kI2t`pxBc<v#=+{qFw72c=h_a0WAt5A?~+dd^c932mj>Ggu#x=}=g-Gl$<
zKL9dpY6P-g5$`OOe~>zKV?`m85Wpxl%M%Y}<v6cUtv5;7wVuD%7MY4Te_VdN|H`sF
z0?D)y2>A`-C9#alL<G#U`9&Nn3+$V?{lS1|T_k@v3US49B%rsZX62muh>G*$Ve=Bp
z;I=a3U@a(F@NdYFQ%Xu`$Xyd)=Bz#5in=$q3<tDyw>29g+b;%Lm3v9o?*Qh??37x>
zLE;zsiLkF?97ejf>qnUR?K&cYw}=>iHXS@vzH!1@-vKMqKHuW1L*$pO11Zscx9M@E
zx<@17`Pon2-Q#Fp<h*g}D%?kCAsV~l9|guFZ}1Bsv2Ezk8X_<Cf;P7ZG#4M5Iy$n)
z|GYMcGs2P*;<SJ2RVRdTvYE{=ikUT&JnIh0*W2Fu48PB;ikcz+OK?HPTX$sq)r^G7
zPf)4^WE(o~kb^%TT0=Qbma*07ZBg-RZg$+Uz0ou=))s2bp+BrI6CmPHf)L*Ep@+iW
z1A@>tS=_V_c?MqgKQgSAbn<x!8f5K|%GaE-ux<2x1+GyRA=yS<mGqqZHGT~%liRk9
z^_*IGjOeU)@C1YiOnY}c%@JlGoxfG2btJb!(^BIc({(SLSzMu6xb`<vGFZNzvdA~g
z)YhB(hlPdx<W0EX`t#OxYY1Qw+$GoOT5T2(5)ln}rOS9Ojr<{$;1W$0wcl^OT>6L^
zO!z*I0R7t8Ks#Oqs07(`J!GeY6=2OXuWg%+6$YI=zg#$mpL!^ymI+FP8v0i1&n(FZ
z?W)ohVg{SeT?3Jx$!&Ob@cO+0yLJYL{ua}vwwg534*XhYY<CY-Sa|DhMWJ?L6S?d=
z(=~P62>l-o^?9|MSiNkc*20A|l<##?Ucq+5v{I}>J9oela0Q}_AE;ZvM7|a8IhYE2
zkE)Z(|7nWGc|O~vTi2cABYK(92XqQD!9c%q2DdRs7K-h)G_(yUR-PX&B(E!l8qC|z
z^4V+_ChHHWlXqZ~yDp5HbtCk?3Cd{MmX7Ppa}x9$|7{*paL#Tt{WEA5`XUsuCh^BU
zZ0F)bXXRfQMu7wOVX1G%dncX>+ldIW<Yn6#sfQfWZMmk1EHeEH)|Ze#rc7_8L$I%M
z7!w1?u_u)Ej3gz@&iod(vz(uwjX#OJW(Yy-yW!Z__{6CJmR|I;ksM;EBXCefpg^4;
zN4JfPCC7{{hZByOuTb7Jtpfv>`?~t|rcWJbxCJS-cvDy&UulkmXqiS(Zg`)#YUhuX
z;t_=&V_(XsRGgSB%z{;uQ}=a}W%Hz$O~S&!Kq%`I{~E?$_d#NJ4b;+~8|)2Q)ac)&
zJ<hk^r+;xAWW*;Zd$Dcw7nVsLh|%VUKfUKv%*BHrGX5n1D(?uwYyoDF*Fs$&rk8Ld
zyWJF4#=$p5eVLJ>jXbtwwTlIrFUv5$(uRxK?{YQ1CEEu_M^spGq}pinz@3}`KDL&_
z_QOS{=Ya)tbCH)c3R)f3Vr)kLA=^(~OtY5)4ffeqwKy{(&b%W$%VR#)l$IY~lALD0
z1sSw|w1WC_$Pv6P%6kTxwl%>w(oeoowBEtr7t5L~!;dKu0`f5D`SvP(?$5Qgr$D+k
za1AlP^~(sVznVuI+^Q@(iL~jGaC+h3u<%ivZG<RNTas)HsV32gj3H#^(hI!9Wmm^<
z+-9xZ__ZvO>LJZ6Gp&azPaqVf3;V`f?R1cn%#)KyiW94VhbVY$|6%H70?FeIMikMW
zjj@uyxY(c=RjtR@NIm{jIj!n_zi+f-HX$gTQ_xy3I4XVW5TNU%D6oI=PZjMYST8!i
z1qV||XxP(leU?E4UxCj&>GN2#e<!@LOw*1*!Iu8i^yw;TH9V0ZCNyw@s&yxTGrM?@
z0<oH=zYbCBJNuQl6?U{a+z$gU#3Ea0U0YlrwX>*|i9{LWWoh`Xxb{s!NtmM2EhqQ8
z#LD6(cJ<Xl;<3KwO7?=`e!VdmVA@#ayoWZNE+1jn8IbnjMFDRF9LsDgcYYYQ#Zf!;
zt_-pka&`jK1qz-N6}x{apEhm6A3Ce~wpK-P{&`m%P{kc*o^4JJY~Sae#6+;+%r>aP
zL`)%T?r5@Fv92Y2d<t~B2YDCi9B^gxwid+Icu7E^<0?Zd=jbRYEI7XW)j{!D)^=CV
zSxUI3vfRp#Ws&*p@k{K<nLCU{iq?sPSFLN>ye|0$y3@y^?cMpZN1rnZF@F6EgksC7
z!enTQ5U^ELLiP2jlQvk30(lj{H%ywI6NlYEYME99Uy$!r<vpk8E^%iZ#?R;Q2{XoF
zF{O~7RjhE0qfMdUy*}Ng-ldbKF(6G2J-nsEPgyUrYWbtuL){69L4i>uSc=64kyAri
z?W+De0-H<Pj}#?#t+EBv`jl$T+Fo8*S>HC~)FVxR0ea)#-2r*95}miJHY76uR7(V=
zDpKOkeF+ZBMFwWj{tR@p5JVJ)p82a{*@=633FYD6PK~D~;t=UHsOOQ+H$3M{b$`<z
z#-5kh#d_L4hD4UNE6}9jVvy4-9<jSHKdgw-$bFH`r<ihSb>2}s9`xq_s`B6Ccy+w9
z!({ZO-*H7pq$n0n{?0<9J}#+Z<L}cO#gP~DAUKon@pcG)S_!=4raf9v`&*Ya{$nG&
z*nvFco|;W8=<%;0f*nQ=HDn`_OLL47W_?yQxoVoHwWxoyoq^xZPAAu(oJ6BVP7kD<
z>5JpK^Uo#)H!0#g-lW8BQd6N26fi#T5M?y)_F<rwk`kP8t`L^)q|ZhC(T;yD|IH^m
z-D#f+wt1U+UHqp2+8ITzTFi#ZQ<m;GW@xWEU+3XE<6e;mm6(wCa<1`Mj@18i%vH!z
zEmdQ%xn>nFR8~eM^DtIJr({~n5i0%^;g0E~`TX~OL`<YYIMKVjR>(3~`gaWBih@mc
zni8TpaGcA?&uIr(oM>fco?#0)k!T~Nu3tcj3JCZ<tp@$e_)+G~%LW<g@fGBiV~hch
zaMsR+tKN`OySTQog6wYWL3b@zr#d;$o#qgA&IX(b3z9XFPi8FS-SbG~de%_`a`T2G
zn5g&8n_TpB&&Q%XpRz8C!9tc9uVR}B;Vllqf!UiJY#;@nn-^%1<A%5c62yraQG=RI
zj0+3z^XSn-jgF;J4x%}_E4BHT@CkIrDr1RJ+DWyPBwr`ZwH)Xbcu%cDS5l=|5<y@7
zl)On<Epq32TV)<xS)d72E&Hf-rla<s&-0~$e!>8%ie`QL;aE5Ikrhy&R}}62R~bg6
zT$EF07Ux?-6MPM25u+}_HI?9xBrV7XBSFCP^zC@m;>^pU+387NO=Ij1S4GLSmQrz6
z9>-jrpg#Qp>*ttWlbo@%R+t65IzfJ?vKT{LBmAe|G0jODcTtdh=ZG=4`57Ve>Y3{3
zOun62$7&f1v;~<b_Q%2)5@p|lqiK46m-;xINHhg)GDEbW&{3?p%hIm!C~s7W|E?H)
zG1B+s-WD<bo9$|NcY7dR1XJ@=uZp#$u`;beFmX&);$1o=#2-J@g4t^;*Z8UO?=Uxo
zwV1<#d2wPc{1nSfI*wrKp37X+;Nw)JzS2poLm%rJLI31rnWr>KEURRYk!Om_$lp&y
zh*C9tO%5^tt(ttgfi+J2)JZBqI8gamzJ02zHK7Q;UA%LO=b#6j*Kg9UDs#<Qc|Khv
zw>Ucs>nk!Q&?y^?+gcnO(myM>^WJfd!>s(gDjO3Rl?1am{m+W#&HD*j6U4O9Xg27V
z^EQ_lx-U})JynG2<HLJuhKN}Mb5qbQ)P2`K5t(5|D@*<>cEs9Jdw(@vqM!kom)Ut0
zTTmn9@^NJl0stbVZfKa)tI!^G_N_&r;H4)CeL4K^NMnvGWtGe!^#e5+dtf(8=7=)u
zMo{D+ryX;gWdk-BCyr-{<J@=zm7OB~skWF$G5~8F;b&bZe4~n+_U5cOvzG6D?(h7k
zJkXBx7kB5JDn?RD8jeZA<!#vizIn=;sS(HYyZyl2TEVIOtjxqaoT>lPV~CQ}uqGdm
z{xp@7sA%Vw%n3Q{KUbfL%4@5}c4u&-qf!DT`21V!pXs$b!tBLknh~)-o4zXvLemqD
zxeU8K(P*7tDl>be`2kfM7C|d8>^@7BLs{bW(<V$C7;)f4(owt}n=uDVez}->HoqBp
zMp!ISX`w&s1$Uh#1anH}8ofrJ7CdF#+{T%T6EDhQ&v@ztkpchTeM1a18sBajVWy|L
z&zia`=QekHx`vmrsj})${$o0b{l9@j)55TTB>UmPboFUlBkYaFka}B6rrhP+>7NR@
zi}2k>Q@iFYF|(fJx`0v1+9Td*cTjq&(~d{ETTHv;)?z)V%ZiKgXn{VR{^@#p6W~Dx
zXG)@T0k4!LKc{>DzY0be#k!}?%oAk1+iBKW^@eTcmTXY~w0QY^wRk_-S|av*Nymxx
z=|24M&t=8J7s&?ZSHRjK%UFR?TV&}!m&J^X+FC=70B`}|a{lCF^yU5I^48Fc0hvj@
z4#cjv)9#o5)(3HimAEVl4MmL-slADeJe5(FAt*0X>A8HD&4^o8TSZA4@cwvPi}-j%
zCMi1p_e&n7fA7!~S~}E}4~GrSi4%9l{cAkcE-3K%|BR&TUFe9h4#1xt#A&tyso-Us
z5X_!lygm-8_ov#}%$F&Bsh(WVc4|=aCz0^+Z<Ws*fO(ln!`MsJBP(Uxp+y3t4`-6)
z^DeqgUuF3;6u-~Qjk{Oq>9QP9A)*wML@>d>EWj{SCg`k9mQjH-xgF{}?tZH0?y%+<
z(Qr?OEAv7B3E^Hk{V-@DCCvP<205Pbp~P63Sz51Zl^3YVf7dwQXfFG&f{lSFc^}t+
zn{I!`v84Jfqy0FuPcY-j6!+Ju{7or6$NFfbI$SFpj2WvbSod70gfYU}vM-Ba`7gK2
z7q@*^J~`$c#qKS~x3sgpv`5&7?J-gGoD;^|uB*fEEp482(M1rW2ok?221OYvzv-hl
z6OZ%g(8E=JT4I#xlkKJbZ7nk0)R<)HklSL^kG*%D{|vY6G!z-o#d>TlG{i)!lO}aA
zrvPK9`%NP8Skw2XwbWSc&T-K;)1BF_b~T($?X%3?`}|aL&-45w8u%s<>W|xM+aIZm
zSVbsS`!x=2zkeXW8AF+2OPj)`G`H#Eg_4@u*mhGnCF#1>O(p7o6bE!f=|B9dGuQ>$
zbhyV@)}JQ5<bWoB=Rc^P_rJ52pC4*Ri_FGjHpfshE{{KZq{dySn7QlM|No+O9t&fD
zuOoD-Pfb0ZhGDNoFJqQG4`Z0&0xTZYefew)$T6caBb6mPgX~L_tKauO$cw=vAWU#X
z6JzOrKF%>>ddl$2YCwGo1?J3SrTHqwG;X$ixVgDeTSc_oL49V1je9qg@8Wk9vig;5
zDHQSISE#^nP#4ZC#+@Z_JzZ^2`%bK_zzt^(ylAyUEb_&PtNwFfS}iO#k2b~X6X4aA
z(&KBwmvPo5=*po<l4Q;!?dGg*kfCZh<tX~LPBv@v?^=wz7_=Ds{G`sT4A!p5JM=tT
zd^-svG|O9t*YYRs*#O_Ne@aD?3GM%_1eX^kFK9!CFK%U1<0ia|db@_&^JKTCSBY`R
zQeA_~t<ocWtaEd)jz(mV|Czhka+(u>Rx#}oWl_WLVHnfsBZQQvCY#RSsgQ|!S>ms_
z>+cr!WEu{jqr%Jcu@)zb(vjtyIJU6j;td8fn^@73CBw66d{`9xpLQH&s;N+XtZ`&F
z>96UkDz2s^Vt+ij_Fk^O8dO@t<@1HJg<2=3#9ox(+%5;&MHX^#QHCYU2r>tR6%wX}
zb_<YmyC%avp$7b4++^~nFJC#l9_cpWzZlcQUfOPY?>iP@Vh+s9hHihN>y6tq*jnO*
zr?s0BcUA$g+7#_Ll*rvXW_sv}g%E2CLmu@>wtJ{!QRCy6$-!N^^KgR&W9}26J+OkB
zvI*7aSXvbL@BaZ^zXOX)XKs%IN(w`F1G@KOJGql%71wkiz$#M_c#b1jJlUVi7i5S+
zh)z`1z~#QztaqW%dq-VJ{wlmDr&j#guyn%ae7-HHO_zR|r<6McI5RXI8p-GJhj29p
z5)8$3&Sf##8Z~bI^Al4eCk9YY?p9Znxe39Pf-1wRQ}uqzW?u`GfwBt7$RH0M_Xf;v
z6(VKW4uezv8#!&zn2QjZ$HgE>aa}it_UnJK4hd$MvS?=y&J<=mA&kZ9IZY*f+1PIA
zw{j>gvg1L}^K-J2u*3oN;)P|Vq9l(btrl^Hm}ryRGln{VDT@SGZR2^CHWRZ-=9B-1
zVGIl^@GDKS7K?r=BJK$5Tyg=Vi2SijDJCih#=1<4<uJ(_exn6y9nt^3?uz&FxqJt#
zacU!GqIp~meL2S#N1}f%U(ROLed`k@$@BCxkhIG69G|Nd*0RbAo=ugRo<m$E49*tf
zllbp*W&$Q=12};zEM=S<^m-LogA#f;Pg50c`L8WcOr6C5PXoF~4-l_SS*#d~x$|54
z^E1yW9-*G+V^E&^#v;<rIhdWEO8YaxDaL36{xiN2N({*3=pA#>ZQh|N4Ap1*t;CR1
zLd>eS_%>pKAmqO*K!pX3Ey|VSFqRh7SQX9wg5ZhL6X;Bi85XBu4L0vZlJRP58nfAl
z&1-G?hRM_YkL?8D`p!;2MGYo3Hs0nk1s`T9Hcp_@i75SoU;>bS_x;~OMcB6FdQKY)
zTldzN0UPmrh;jhyfGIVO1D;w7Wwj2KHH#X>*^;6`{Vx_i$T6sZ!I&uDEi|X%Bty{T
zw6Xvqi^;L;C)@1?RW(!czMP(pijtI)%J3p7El;m16kHWb^dEvna5m5#7IImPt`&rq
z^lN<oALczU*7C^PJulRjTkeG6NW-NGr+P&)6RLs>jVMk3RIrr2{G@TFNFZ4(r82D1
zPVc~oKN+vajIS-Cf=J8~Q+p=x3}Zb*!{dI-W5#BN^~;GQS9wral}OF9voxjzmH_nl
zJkLMW+T{PfZc_{p_ZbrM2<z?(Q@q94Rhz6VaCc^je*FxR;Ci{I_FU33Gn1=|nj)2_
zOx7je(McPpefeVDR*Yaw)@5XlqWZj`^sCMtiUsd*lxeXG{g~fVGxjBne~qlI6U><>
zmR^0jOc{|;1SXcnrA*aSn|aLlYO&!=150z><F6dj-8YS=OWp&$A%81z-8d-a2Ckh)
z_6seqNIX@<7rU$LOH<TrZ1}O16}+u$BP-h8=D5^Hlxnl+?d0zfuVKON&S`vP>Z-m7
zOk)dv3jgL=WB4D8(mr@5mFl<37rd_^$iS=+rjx@B>z+(o!(xd^jUJMyKIo4BkM@-1
zb~_y&co{CDo5I(BmQ65w%CVhc>tzVP0rXx6E^!`8THCuk9?B|_Fcr*V$1^2957o)c
z&N_sT6vXpVG|zN90_^ECdT*GR>vvpDnHImy!Os5Al)1c!Fk{a*(z|cBa(b{vyI{qB
z-3b~t8~mT835^$u83y+u+n{2PQJRU^iizYH+}ZNR<cSg~>xQEgqtN>PJKJ!ofx5V-
zdI5#p8(VL=hJa_Xn*d|7JT@-!loDBrQAgiLzr$N>FkmV{^rZh`q!=J`Aj=X6=))4G
zR5{{5-{gt|MejKOf0=>2q2uri50Ix4hTd3iG6i$GEqIO}<3A3eY9T$(6hNs`%RI|3
zoydQa_aP!bZwg?SFc3eTrId#E@p*bYCG?*ZduWTKGJhNETUusb`rj(Dtepm8Mqkx&
z>v(0_pKa(V{9DXGXM|?5TPaW47?Qov>9ZfTA*O$=UNHfz!3gXEfLph3X#E@x9<0wC
zmL}|WOMA}E^$Nh7I@!!!YJIH>c6Tm6eYO^c=kDzb+WT?uCh(jLFDE^0JSNpmw*VqQ
z)W2sf4tXT`Ph|JIe_&59rr*UMrpt-HG7pwa;nsO`M&<N$cQ1h<#vOd`LSAydXX`g%
zsbg>W-c}s)<Y~$2aNmhS?m}tb*3>RHO5a%|+f$w^mX+>HawSNfFc>>1t})ehwT<Q#
zd2|Pt-r_TD4y6T*poO`mw~FYr>aH0Rs8)&ef}mpepUVZ(0Ain`LczL-?QC)sP;DM%
z8*q95y^}Ey)J_Dl3{He$5A+H~g!Qu*kfy-R_<$O(B_Y{#q^Xbnj5sm8qA{m%z+3p8
z{_35106Y$L6Z8n$>1_sOKsa>(?;WLvN2|g){n}v?^!fOmxYmpRf+rwEmi!sx;tYIq
zm#}xD(sBk+S#Ruwy`RGc1ar~LaL@`YO##Ql*wQJ31GC;iYjm8(Pp_vtK{C+3j^#s7
zr6hPWds&*%8K^y4`y3b_{D`rNBJh{s>coi1VIVn8h2#J7L_4NjM3AI9Gtgt_52!q&
z_579_)~m?3^?b`bw`qtoC<Vz*5l=c*ksMW~|LsBS!3(X*`}8Sx-hGr_f#PsjpV(+8
zMK1rt`WBHdPrC$F9yAsvy;nTaD+W;072e@QJJ^iln&xlIarW3grIKu6sIV}U1**2S
z$d&k}yzpX7@xq7=V)V^eVypDyf0cZG2KpG7p<+Vp3cIFZ#Zs>-cGE)7Ja2DVjFbwF
zcI`bq8wiT*BR!a(9}E2L$S>Wf;}~1iydV}$c82l22*uq<qZ`K~OC>Xtf0QZAaiJLr
zjz%}3Eud3&-@~du>V<}+e4M0ZD9tJtdFm4Y6aNK6R_GqMCz%%}eV%@PIc@6h{-Nc;
zKTKNCf<<ihKM)R`!+|Ps{EA?L{Svk=h9lZr;?vprc@fY+oKHDigIWGR4t5jzWgs^y
zODx*hwiY#35ovd|^_V^Xg=&w<T9g&T^U)c%5oONlsd`^BTS8)ZY{LB3I4sf*aU!|T
z@#_c!{dfS7j?*xHo<_aH-+BBdCrq}0UXZAwSU|`IKRPI0k#23BHa00oHv3I%4>b%G
zZD^lI9pBRn(NSQI?IK3>QWr&gemwVB49t&t`0GI`Tf`f`B&OnVGq@Aqv-6ww-$Bxa
zk)+mpM8iVrNd5io=iR_(++E|H)IPvN2}!B=Q^aOxX9H}U+qviT7pQo$SW_(>S9NSV
zXhIFOFCSM)R(06z@PH9+x7hqI$w~ej)`;$6{-?XG0X0VWyYDYvG-gDlnjm9lz3QKG
z859#EHrT!y87uF<Lt5kkrMJ%<F0>0H`<AA$Wd<LcT*+hNqN#(Vx!?P087;b9mbEpL
z9O3z-G#_E8;TSKD!=6u7?h4ST!#hL0Ktm3@Jl^089cg-*aT1Mp;H=52n=KG7E!8&K
zt`yffTb=<W`RwD<<<HaJCTdp-U)Lx$Xb~?scq~yYYtxB8Pl>2MraQK*|7Hy8+R16f
z#MYhO?mS?*9-o*<pcQ+%%t6O!yn|O)y2TiW*hLlCB26ms?iq#tH3;T^-wC-#xO1QU
z?I3F5YWcvd_UxZ24bO$c3VLZe%}U<Ui<9ufEZLH4+60h92pIx&SuM(3b5Wm%Vz~&(
zrw0V!H4Ac_uS5he5u#wvxs~UNGx!L}_E0C9yeZdAanXNMkLV!C(C%v$%c}VFAO4?!
z&KI#r(knV4QDDg|{nN6ZD*SoRu6^xiSkioSRGj%&XhoTxA1Vx9MkLW+X$I!ic~j$y
z|MG9m{U}m65p8z*l!4kO#tm)5h4gT81=wlmJ?eB%2TJdYeISZIjg5)5pbZ*9F?J``
za?>*$MSwLPi}))>geX02Lk5-#yN}O<Ax#P{E=9oai1L0y1l@)#F)zwpbW8R?nNNGL
zD8>H;Yg9XTpTnD{mzxv1oe)p^<4nM-CQ+6xt0$R36WVm;c0Y>DukCbcNdhA1c#PpE
zb3>0AIYLT!ig?;3KEpZTqWktgYzfv4?fdvsoy#&yv+tYHN!b${EzgrZd%GVtS2OtQ
z@1ZS+b&yzF*mI(p91Ux>0Oj6aBgKe8Eu4z6ch}=nw;F!MAi_t%;fR_Y{0B*vc!qMh
zG9Fq7QhCgk&9pR&yx&}JxouZ^u&?5-u)}DwX&iLd3d<e1V-%z^{_twK&ku`XK@zZn
zH4Us<dQRzA#V84d6nc4c2>890#VX>%x&0b83GUF1@h0US-6|CBGd5*uv5iG4-&K0_
z#lm~yo7}VctL09WSb}>p!-szF#(n<iNCk(4Y<e6JpZv=?%|qz-6=v>^_I&yj6XB`&
zzgNK^YuT!U9?mV!vnZ0~Xt&E@pr<&O5qv8}EE>u6avZfw!yUP&+8yX9)pdeKtn<f^
z7@AXk74g;acK+JfX@vQocZNvEq2Fd*81Z5%gWYRf_{I|ruiwkz+XC>*<iUFPX28md
z{<FA4u>SD;jtGxsbap-#8(iNd@*WdN;@AUz)9z7qyz&5!B|s~$nh}>ZFh7k@CJeb_
zX6=V<`#pN2gpH#mAb|g7YKi<l>EV;!&f#Ige*LoYd)xNTrV;|y4;0?srbHxUGHR~O
zfULo)>b&86Sh_6;@^(8P?Uk$v{JtZJ>xu9VuN>tnrkjYMi4YI1cnGxGsXOtG`>6}U
zJ1CVg$&H5I?cXo5f>a6L`tFMU$}g)?#ZA|B=t(+>d08GS{w7g8yU?Fg)i5lz-vUu#
z*m8J}y|j2TPlsth&+~vagv_Hbu(sHJHdW5a1*?<|pdh~fGL3ihTMptOW$V|<BQTQP
z6)WyDQuguTWzc_meb$Kj>rcOLaqfC^sV)d4ap>P2zZ3OHGQ6Hg7^kml#>1s>W=oG9
z>byaKH`$*%KbdaVW940RR>1!(3lNRezm=!~GixiRO^4^WFRIU>qA*IP#dr4hzL$oS
zX*a*m1b9UQt0Ck}ds8+wA$I<vJq2O?&aF<ZR!(n&ARcoE{$yH${-#cyFFsLS@FRG#
z|2rTx`qrAUG>;qOZWu$u{av(YeYsgrFeiv(KU4XYQeFYo5kSUI;<lPfi;a9oLB}r=
zP2G6Dm2NueeVMvwzwV+|rlOEP{!(aDc-FQ#$#I5KMcpl^Ks6z56>GNAFu=t^<TR~M
zHhZN6t_V)-B8i+dfsT*h^JXUf3rNYRKo@m{7Q{&UXLO}M_tn=eP3q;9wby$<cKEGS
z|Mr=_(a(CK?y>o4`UIS}C+ibF))>8sgLrsu{1W$=p9plXJg<A$Mv_JDR*f3Bimgn%
zoW+slR3|?&*AB=v?%eEcd=t4211Ql7gwmY4Wmd$k)gKo<u4hMmDU&kwlz5ZhNEs8Z
zT39PBpnsSEdY%+O+z=-@11WEcq7|1jVlV&4vgn(Tkv)7xK|t*Lb9G>M(rSa?&z+hS
z(2qNcK3}aT^Gn<L)ci&%Kzl#tdo5hR!-}(>pmrwD1X74EbT3s=lK)UP_?g>k1H$Y4
zYq4jk)MK2l0S_N+;_M~vbCo+`-9po=I`vLxt$YAo)Ag^KM1NhEM5{<CGZ4rKq?WWD
z0wwsXhKrG@%|(|Fpv_W_GEVHYKsR)%idfyuhbyM&qv?HvpQ|e?eu+aukR@V5T3Y^q
zVd`Ni-?QQE_yBH?TP|L-pE&2_;HC_#0KXQZ3m8aDL{6wK_o$b(le^0_<>aang_qA>
zsNdzeUczX9sj8Mz6sB4#<>Bc8>5AbvH7k+;*Cl~{<u2B2CXPM-i_onxD(R0>M%Dq1
zZN2hO9t=FmCBTMR3v5)N6|Nui3oTy`!x2IUgHsQj(d?(uemV_x(0<l%_s+EtGedXQ
z)-JFj&G=dU>!z9!^lr+cS5avi=uyF%^w0)1Os~@EK{GKi!9-O8usV4GD(o^vZ6#BX
zqnHs(Nq`XCYlA-86T4COrZ0eIb4X?B5&!jlSKk0hH24c@qQnj(z2l{~+hDy4zgPiX
zAJ@b?!HbLjA1hhbq+}^5kM?0#Vw5&ewupT*$nIMG6S=>m)4%qn$u+z0;<itOZQ2iw
z;`PO;G$#y8-(C!-cr7TgOt(cV^N^e_`U0j6gRQVxRYc-$6ON*r`Ulrm{q(Ud@o9#;
ziBQFK^Iwd%-=a=hJ-Hu24=cru$uh%25p%<+Xy}^tXXn$)=7+YZcR6Q3!>azH$_2MW
zCO`|3ah8Z&omHWNe`e{Pui?5!p3HVPYPLaE;ZsI>TVpn`ekt_kVjfKJ`eZC7-Z;iR
zr<8OzWvsSjbBm-rfjslZd#5N-JyKb&NIh990)HroK-YTBp|X7$*<LGaB3U*TM1Ma}
zRkU*#R#}u_q@YY(%4V0I^R|UW)9#j&b@<x4OUGHu$LRzp(e`%*G-qz0p|L4*;UmM9
zeAh*x;d{J0-TWqUUj)cl+9>fkmS=VB_;*0|8CLSLy!$`xTs3*wQmw&?MN@lppkrsQ
zUOsp+Rm;iGLKIH-=hK7R+x$B$1WJM)wM~&rp6xA1VJdN}58>*!-f3E|DO5G{a@Oop
z;wZtLBl9Kh>e;V<(Fe5R;bplE0R&Z;B4w2lzKq1GV>!)2=#!iX*7$)Pty5*$lzM_>
zGdS{%d#BYv^aa<k1eM$gFB##e7L={;WT6T52mu#1i|RL_%WaC8N-XJ+y3^gMgG*gW
zd&cYIQ2yo*%%9T<f*`_Kp#XM4LF+ZF2GdS<>%944QJ6J05xD6zJC(i}98Th_;PTlI
zX6%QOQ@}jR%jNbtEx7v^VC*7;1quy)m!JjbE;P<2!(8i`2GyzPn8EEC56$W<mE`@Z
zTqZ~ToB@lSFlr=xHvAou*oI$h3hxhC5DpsCBUL6%q4jgp2sJpglu#N$$So$M`UPSN
zf97hfTu`cEf_z^o)<ZjlCBWE%x`)5w@)6CYxH&AGgr?}T`f_%%i?j=;uv+uPzHij2
zYZhS+XyAKY#caQ0*lMfy?iBX4ih0X8^OYaicJYP77fRH_S;<Uj<^X$y<SwrUTcUbU
zY)niICWb}F;nW`;;4nW5E^v3~lE2Z<twM0&Dt}$_zO4G@0YYpx6I>^nb*Uv<KA!0l
zo?2_zgZ@PN+p5|$?je;Nr)U*<dz}*V)-oJPR)_E{OPW>aU#+RK;cnx`JZP9sST|0p
zbz@^SjZfe0%_W_Fy*h4ia8|=-+fK1$j6)f1f5ZCN^>t$@-7aqXz;h#fh&5&TewEE}
zSm|;=wvl4e0x#w&aJ5?!fC+f~pY5wY#5)!lm8Gj9BE^XO5;PxKAjNeKWkaN(w>RM9
z_=4Dt6h|Nk7FkP_r&Z_+`qPu(l(D%^t!tJ#?IRBT<p*ZWJ~Y<Qi@a%8W;2`^+vbx!
zI9t#f_0KSgdL>r07nGsbseh6ODiHVx91K46mZ3}lej7xT)#jR9vFxBb3-F*f1IX{P
zyiU`X6CwRIsvS26rFH6=uX@;g4A+jS$**OHYO~VEO3dgeCOH@5h)G+^A=SmTar1=G
zUz-b_hxZqjARM>P)ay98Cn+NOO!dpIC9TH{WMPHAT5nR&k~WTDE)oO|+qHdM&h<@)
z&r)Sw<fnkiItv~XE{==3(?f@L58nfO!kM*xQ74J#P?b_-<DbRFVHK%+sAq{P7R?l^
zZvcAd>h(ZFxTzDoQ9iF=9A5j=Ads65Vjq`s&h0_-=-SFlUi6;<4E_dPg7u|1^0F8P
zpdVg&NDd+Fh@HGGt7wjkF4F_s+l7LsX`_kccPj`{&VD!np(sb03SLoW;z6(cDkZfb
z4MIo()laqg7!^ualPXe{z+*Uol6YHpl<I8NUqHz8HksNO$svZ#RbOx>j+*VwY}@AD
z2*-m^Fb^)~uj71=s9At>7sLEUr1@rUa=GE+i_^$!Nc)F=pjQz~Yinzi71__poyrWi
zCC#>n^NOKK4Sf~@J@@S4Jr8D-qlECj-)A0HV3^}jUjGvNK%=wYwYFA20SNNG$o=om
z{`VAD>UKK1-VHY2MoHWDbNnH-B+H$vH?^h#0VgKF47`KN=9Y&ev!S?K5HPApEBJ<~
zx@*w%<gWyJT)oIWA$XNiW~dqtk5NLfI8?LMqc+l(G-;>E0_TuWLzD5c(7i?bZO9KX
zt1sasKf9$<cLoi^aYXo_?8gNGjbQS6w19Flv*tLaB&OO>3R{Xs>+ZV~e}a}DYy6l9
z^td{1oekF+1y$u<^*;dFLRc3>fY5$F-#)MoXfdR92*^(lTTYd)w`D|_R6OS<Oul+w
z#1XV^O99-&Z>jw~O(DU-%);HY-PCt8tXI6Y3+8)bS^&GR5NWCf5ndK1Sg=2$?@o|#
ze7L@bN-4$n#p!9V`*jT@vfxZDYm@el-s^*KwE=EU=a~5?c8zJ6D+gUs<KAl1p$&+H
z!wYDeHM-@>8}(j>dw8M16guy^7=#y9l%B@2w3wyvI+}vdtH>(*W$`xO!Ig$W401}*
zjs?-zFR_Js2{|99(3wV(i~Ky!9&QKML609an;a2z%V~N<gN&+FlG$`w=UMcbyqTn9
z=5|CqEt}sk4*2(=&?21~TxngoWVm|$#^?w_^7=y@j6+Q;#JS@jfB5;!Dvh6PKtq>-
zfuexD3|w~jr5qKDmmLW`Q6SOU>bXQ}+vCHnjW8+(JSC_bPe)PWC#7(2G=*0mnOn_S
z)d-}87Nj>)uSXob@(j@7Ygh}fDyjhoA~Udb12>QeLNp>Qf7v9-l7k}l{j&ZZ9@cYV
z!dEo`0*ayUndi*fyiCwP`#2#&%P?tc`U|)<Y}WB!*Q|W(A!DHr_(PPWrvN#}Q1}9C
z#|U(w9;aXE&c2wr4A_tdaD&H8V_}JEOzuNF(50-5Rb(SpqSTFTdAn+ewRz?o?p$DP
zh1efVND#J%Se^olMpyJk5smBHgvPnaN0!(ZwjRt)pP70=#lP5(KVam)VIK0pBk(+I
zu5e+AQBjuvP*UQqXj1r%YO+f8_}HSONG|Qe_xA@4_qL6DBc7&{izV-})bsT+s%>|3
zU40U3&GCmYV<Kn<$fzfy=<q3ZCOO8SInv~ZPz88~VFLXRQ5W0#K%S*v07a@RXG6j+
zqz@NF=UCl^j#-<j1GINI8Bp<2%REW^_F?An^6}o64pcvHD*zt0(xcYD8Bf`09Q7{$
z3;2$cGCS`fNxV$OfGf}OgiIO;vv)J8!Yd!rHY!;-a0<}AYFV9(e(lG!f(RY<C8dU_
zwInGQE*6|rt^tO;{&goon*lUBJ&*DnL^{lKxCvb6J3s;P9j7@5j5ZdY@SxFtlhm?r
zWB2_i-L^?C^Zu`yc9RSUoL6gUl-3hLpzU@Ek-(<MghO9{I%dPn;VZx_pSk?k)dHYd
ztNUCwFVEhL3Z5!n{|XT{*@5U}YdJV)Fd)WB$9_>vH_C%_8b`<N*Dt?bD6aU8KJlD`
zzH_u`S{;l9Zj>n2hG-p^$#*=9izYeU04*$*>t}cF4kq{2>D2xe6Y+7hRHOv+iea*&
z)Xfcox~MHKlCz#_mx2`Id--Y)=L~C9dXw{BZpYDL0aI%)ar{W;IDh@P9+Z@!^XUZ!
z-bMTGI!?>Aj^jb?NzI2%`gFX}17j*e@*c>a;kD||D6%m79B8DJ2#i_w1ApyTt|!@~
zz?@RRo-P(+YGMXJx?(JN?3KA9TmYT476UgQZV&C~k(X?0fn%7S8hF)wwH9HcgQ(0C
zD(NS{hR7INdI+oskN08grPlWcK%p#!V*ybK+mOkU7-(0Lv0IbCf_laE90zD!v5ngz
z{?y?ZogXwGCg&@p3<Ax|NUo=S?=>3#Ru3t@@ZEf=Zz0Hn&{dZUhi%b}yatghK~xbu
z1vvEgfbxk*o2~8;q7=G23K8Lo+tJdgB3+}haZcCwy+5xbCoBmIhdKQxeVT5&0EQH6
zv|F+?&WMyI005Ob!fP?o3bq`j@cZI9{HcSIzqw>;ddObED?fWK^{gapqXdda&hIVO
z+^vIVMym7^_%gDD(7)Eqf)r55no1S4D&JeTs|DBEM=|R#_=x>ULcZW~WdhMp>b`U<
zaqpfH3hk?^VoW2g7(Aa|VlWg+49k>z{TQ8|kBe(M&=1{s5dQMjG2skl$Fzx&5L7sm
z;(oO3qgRdK+6pD~8kY|jg8<S(*jg`q+oAViLV_~?KpmhX8>u{w-u~Q!<loGK$Q)Ye
z*0N4^(lp(w3=zA2Am($huWkkWTz#@MD$Nq0`%<bAgB1p3HgOPP06xM25X;;85GMD@
zh3|K8O?|40<)hTSteRI|Kr_;2$H(zUqrzGz0wmx1R%w!#H6$VagD)&PFbOPjsYLle
znV;O9-6Apb5kro8gbl#VA>XzuZS%l8`6+|k(>lgw5s<Den^0QnReBo)y|y{$IAtj)
z=X}Nji;!A3*kpD0&n)0=lm)4x(`^Z28hph0ntD@h>Gt>4zk4a3a=N@dJ;t>I272;c
zBsA)d9R13|XApdYrL}bB(~&8uU*(8EL`XW$u0K^yo^U%IGq{VE;5b2csX(f3@@?@l
z(Fad&Vzmaj(gzTHlWkT~qbFqVClA(6SB&44E9BS9<h@BAu+*I@oi{l2?&kj`72Ub8
zJY5kaP|0d7$ZXu1@1Xb@f!?<|>qnQ=OR`Ka>5{c14Lu7Zq{Z()!UUWjGwnN(PO4K{
ze`Xr^0G`dR6Ez3jXlV6d=9gm#t9hi9q!pbco#;!tsW6)#C;RmD$srB5=M}y-ds3G?
zy?XvYvpSiFyFVh@5!)*(S^LyeQRfDle)|r1Frs{c%okXDE_eYbPQm+u5!W;Dc{}4B
zP3-9K-~a~>!ho<TO>6QxG9v;DD%Ju+TOkOhOv@_ob3t_B3)Wc06Ex=%%fPT7Hm{hd
zLPhmK1@i-rzmzf{FG`4oYP_XLWWVnH&v#I>XX*7NM8wKH#)WWbjqnZ}TwFQge+L|Y
zKp_kQav>@h36wlL`|RKOG`vgTucc&P@fnk8&#(b@x=y=8ZFt^%-qz&iA+HX7``z$Y
zuHnzjx^0TCOEwsq)m}koC73KpFYA<RIB%Ljh+K%YI2@Q)uA+_zv_k5x*rE*`QabdY
zvGCwyAM<w*@M}$v`9sd%*&(FXs0Ud<?iX|zM=amY0t_vBx5}kwKP-VHkrpH6i?Ly}
zv7iKYHc%DXiy=eevIJQIW9DOIs_CTYZv`SppD<?XDAD{}sLK^l=6A-sxW)tDIQ!4O
zdx02m<Q#lp=Nz!E06l|HieMn}%LrL4%7JCOK&FHiwCk{jRhII?!kA1JgLNu_7h<MS
z-{?2*k(5&sRz&Y15+nTThdMcLY<A6Ba$CcSB5i<QiK6IEG}`UruHeYfy7>{Qmp;rr
zL1bSgnezQUd|$C9+uq_pE-ww+v|>cFZSmsdik_5do^4s#RZY9*o@&;xBUZgd*0z0L
zn&pejtZm4?Nl&@J(1quLsfzk^$^m5v=_wU>phS;;)cxXg^B28{l<S-+FJmIpg^-n>
z#%b13`GR5o&BP_f=SsEj#^bIAUs9`W)Q|j7ew;yC6$*f(g>TFSt}t~**bNBj344i+
z?#MwVpWXy)cZb0SRCdD9&A>Zf8bz)FeK|G%wb5irgGlB|d$8vtHYv0gXT(>O)$<$<
z8vkesA`S$g^Y=G}kL`wWB!&hgknBlD(A6yp!J!+5ZR+%_Xo*sa>Ms4L^hWF=qrV^u
z$i@)(%MJ$mIapV)btbHs_jFfd4liGixNV34V#ndfaE%u6-rinCOk?jEyA8Mtn7!_c
zA3*izq`#{?E-hjYTJ%0@`fSBT2vH&<+6rdZ5l6xjvG2U+JoNt3_pzQu0=GF@K!F1)
z%zk6J-+=^sIYd<LE$^|_$E1^3o%1mDSm&398v__V?w=E1ddIsHf{L#Vz3-Sl9;v&K
z4yJwc(GPytvdHZkAZT~HzafgpwD<0cnOM^tUtX>=kD-3aCqEK&q^ML=9x*);V&Ju5
z=V4&<t^hMyuJpR%RR8)UMIM)@Sqo@V&5_DKmP1ZyZE!$iPamW`lEHwEC=)99MUp)>
z=Fonq>FCajcXZf}o*cvC&-&}>Amj9^eO95X(}@>DKVnQV$+s@%m734Kpm2oJkE&9N
z&MdjFN6}#)+sE!<kFHNefLTS%y7pm!ET%7d;hq4{C4&z&3hK~fy4l(tH`pw@3N{My
zfd7*R=-58v$2|ANj4_7iD<pdh*OvhiF^WRU!l@BfoHeoZVw<Xu#~jODQo^;}Zw>R_
zBQl*#Q8zc&_DpobW!Jhc^5aciMS?(<s;XErYOHv9_1~xv{`&g09MQ5R8SDF$mg=^?
zmxh<GZsCm^JLYKIJn%GeG*Vo<NmR_Du&a+ad(SlGhy)jt6E+IMhYoG1sSGhxx|sE3
z)2ueB3eGk#3nHY4<B_+J@2Jt9&0s!|v=6p_F&##IMHx*Izc8@gP0*>!pBiikI{A^m
zo(z{7!i5<Ow#{Jov-la(5p(ro0=>JZMjPHI@2d*+VblE&enardo`e-$uh-fq^2o9~
zK(1|lnCI1rlWE|v=&|6sIlXtWTsC2Y0xX;i=$fDSoTtFS`$wv4<YUMqL`N+Iiv$%W
zjf-k1o^qjSmO)E?JJVNMj|`111TH@~{P?i!>x)2CBFydNu&AtC826WU)zbXjk+rGH
z%+7s>`0htS>*d^p7LhkwvYHrN@YYv()}q94&OA5nTQc`7YXG)Z+mFeE2j(9oT$j!4
zW?d}4{{23!?6|Uykxb?`s~mizeg;cR)O!0KDW^D03i0i*Jr0X|H8B--9|FdozhxFb
zf|`Ek8h&M{G0vSgk<y}G+pwosTqi6RyK3MdL+2e0qnRF#+QdS4K%5S0G+piE<QqHb
z#2D&wIbLu?|JhaZN|D;znm~u(U~Q`&Zlc@@YT^Ye>b##z(~;NB4;zdEjymi`ylqRF
zdZDJA<&)(457VwbzEI;*{2$nK>MPLeg<~%PItAFouZd)Z|Aok|TMII}Pvm3Y%b7R6
z>q5PRuC?iU^~ZXKsHUAIvq!Gz&iXJ@r?FxEDum?~N~?uL#Rbz>*&3xv&1I7-1&dQI
zMTs&Sb1H6b_1q^#T4ewTU1s22_9_YgD(Sl5kRR6D6M<jEQezf*6n`kM37176TeB;j
z*0L{Mq-?8Bl4R~7zE*_Pcsv4}x@)m&^N_`jk#ijERYqHGXPNb^EJiZ@vRS7~T|l-k
z^r5F1gv0GQt_3F)oi6ZtW$x2(P<Ew&AzXl8wR>8l{Z$5gfFV&RZB5gviPMBF_=@s|
z9V6JjfptO2__f>k)^v(WUp|V{#=0@M9z6xrDYg_u396gzaoCzdh(qiM)i}($CBBZR
zO8J0pXbY~_-JiI&ac<ZLii#(r2riD9cP<pZWDe7C1PEwU4WKMaC?DRB<dvB!L|P{`
zzXR@My?0g4k-Ot~ud2DjkosN_l@nETs{S6_G;BP093~~1Qlim|BxjMO($EFhGV3&a
zaGeF4ZREE`aG<|4!F?xKG)c`8sHy}%B*9r_slM^B*Q4#7L9?0|I`_HR4hwu1VG69$
z(4^bKORMRM1ed+(IWr8ye4~LS+Uv92=*0Ne92peBIWkI+3yjVlHL~lH4&~RfO6q7Q
z-Mg08IxWf@6ZS(JDZ{s9*JpJm!l^di*ZUTIVRDFKsU+(=OgI{0H5C*2K}X7a&>6`9
zHSA=xV{-J`V-8@wHO+;|cJG;F?B3f}?1dx?>c09P0C+%$zXHB2Z;>aNa6}mNiDr@-
zbds57qIF?64@S3w96%uoRB+hWP*yD0ki^DKSZh_$b@QeL&(k~`ADfi*c&fK&P`u^4
zOVYnsLMci-yn~c_2W0iywK6m`D0}X)n;fwJzV^NAvWmrZYwnk)KlMl%8N$cgYbH)L
zRU94z>oIc&QkhTT&c}h@+2-KlZ|-ulf&IwSJ`HAz)9!Y{2}l@P6w%ENAvxDF^Vzot
zYySx$ggkh-y1CtTpze2#2e>9+8gXFmdO_N->t$wHiz6hXX%OV6#F~i^jhc69W@dhL
zm3BR;U_*f$RKZuT)nvoQ4Kg`3Az>6Y1c?<s%|nPs4V2-fOQf=FM-z|nz+$OOLB->a
zDjxgg#+z=I4eQrRxmb|F{$5$JY^ilszv>k)mtw(_jT^=!s@JVcd&UW12QBrxdFe5m
z`&hX+v&EZBR5{$TbEPvI`SfR77sB)A=;Y6bIr7Wpx6z45xHyhrw(WP}bFGIELdYY7
zd|mGRo$7bg<xV)l#WdnMYo}9KccRxoyAHy#E^D2}U-oV5OhD$1EsvH#nh`ecP(51c
z@K8m;-X(}xQ`Kqfaz^uDpvt@u6ePf>1cOApqPpdh6c((Icxqe*R_rbdmu)A@R_L@Y
zQ=Oiag2r96a71?Bb!X}8Evxv%SUc!Xy+d-sMbmB+<F-SxIR$*K6J@?UkY#bQZmAe^
z%g&ZYJ`8?$X9-d7#xU~kk`O|+J@VJKP1W)FIPQ9qzkZM=nls2G^EJ$-AtF_ySj!{w
zQZ4Uh`P=namZ<QsEDM^SJ_2~a1uc-k_W~&fMHMc%!-*Q=vA9sh;`F%0eM@9wx-QGN
zTOlh~ZZAEUr*VrAi+F)}bxPL}s|dw3n%A>Cqf9zJ6ovf3O4Fs2xA`#Nc(c)IUGDA@
zIPn;&Sa;$vUwO>M1Kl=42qBLwQ1`oQf$NDPvw-Vs_6L93bq&L{(OMq$V%iwz=nR61
z>d|rl`2iPs2N!Y<8Kj_faC&OmzIrk~F)p<_zTQ%mYIR!YdQvKuRSbsGxAVU0Po%C1
z;K^*i;7OrWkW#s956J{UA$@gEp0@0F>udo*50-VJ!~A^Ed~G&5?$c&4pQTL%wh2KB
zLqZ7YZXW3MXPZK^!m^_!OK_c3U815<rD8UnT~F0~XhbYzqS3mmGk;4W00GXr1mr{J
zb(v;4fXu<93cgCEY#&|6_{Vy!F14x(NEMG8Hf)r8?q4nA8`nthPAVQtsd$V7bgQN<
znD~Y=T)ceTx~W^Twl$x1Zi{PRVpH~D(YiUC#RFJ$lXOhGO&nTQWCfnWkq|<<kGbmp
z^zzW1*9Oykb|uAc>ZS(ah&)NnUMtvWee`oL2}c5Otp!r&sWtNw0qz$xeOp47{ASta
z&}sR(Y&I+(GA#SD{75rcvo9@isb7VpAK+bqfs_g=3^6tmHaH}~(iKu17!<!C65vJS
zCA2hp_WGSD>sqx}@nk7CR*MbDZ9|J6xX5$aeA&|F=E>$JyUF;CvY8_bGsljNO*ZJX
z$RnA}%`>ujFn_mh-0^#;jcolmVYn%QxQW@@9#+8h2me`NZ|EM&jLb|lI)6Hy6OYbx
zz9p2UfcQCFx?9SYE<fMp9_aSvF)3#WBD3(HW`@ff2*7-y#8^ADK$cWAmehrSoQg!&
zO@%U{BGJTSQN<%(@uOlB>DahDHHgPN?fcO_ZD7@#vMr_K3LiL|N*43;aW-!=bceHj
zP903QTVv)UnujR+Ne1(G>xRdV%$Ih-ICI*5%@5jUZ_~K*2yR3FH9$tV*2dJ2)<<+<
zLkl4^TQK#&HF0GBSwI%YF*9U#5G!vFgidL73fo*}U$(Urxi}4B4b-15kBrYOi-}(p
zRC|a6nH_8PHx_lVa%80zzYSlu38|AVkp<0<&5Hc+fW4T_Ix*Kg(3pqglKyvy-#K(^
zVC&uTe`4WtnbwwZo$|6%*!;l$ZSD3D;WG8XupAwN9&-K}>)bYYWaL`Q^;(%Z?ZVRV
z=4=<XHQU^zH2|a_8p6_77&Yq#2**x-wY23?{n<KFKLn8TTd+EAA`5Wj(#kVS><66(
zJN=ezM*igY&1N8PTGyIRxjf5q3VsVm8lJtz$F#ZzI%|-n?^fkjXTJ157uKXxSV!{f
z+RAC{N{5}tJZDWhhZ-(p=W99gscy>VqAl45vn|(>X8ZPS%5u1L9t@kEti0P_>!v)I
z)?ls;YoDHlmPIx3xfg3$dq?u;`y<xu5AK#(15K;N9!wtW^tO<eUF(z?TeIbG`#B$*
zo%CBIn~L>t;jY{5*Y7;(H9VVmglzW%XA}FO2g!~TToXLG;@|`jS{@r>2!6CVTFYZj
zEGp*Ur`40v2x|#VX{>Qu!ev;N6Ek)?#lrQ+q@%f6e9TlD*{%W26kQxo5*(NrX8#YI
z2PKiMiCpeG?}Nd^l#dVA=FZ?@EeE-k*$zDd3gH%JZ0E%`y+06UTLq7l<FhHYmi*jW
zc~FZ$^I)aPJ~9s8T*9%HZLP3vVt-U`Ksef;(;r4tC^q~yFZHJ_kD9o(nqdO}nWb|&
z(?~y$hRqg#tD@7sZ366fmVG(W1A>>Z<Lfhi=GyceE5V#}?(A`Zi?>O`&o;u$@?|;S
zFjscnu`tV~XEGzFI#>>!?3m0P%oe{b<;|n9u-nGDEQd~R?)GnrndznLY!Of9Z`+m!
zi4J@Dz-ddcbssmqwyj1uIv&9Bc}VjAkxpZW-QI7_mP02ux9HA{pN8a9&acfGFv0Q=
z+or+xw%fMIZ2Ohwk>*yGUpZ?`JJFc;`{I?Jb${advG`uBViJS$LP`8cD&+-o+gD2(
zo@lgK|3uuYAF*iOO=+E){~?%9%+|CwkIhftO|>tH@R_M)A^90?g*NRTN^#NPLPzFf
zwk_2*jb-vHQQ9USQgmY;&ehF@<;%>>$vd;sSgd{d*_g*p&wHKiV8OPT^H|;N`!Jt{
z+n8&SeDe8t2yfl=_6-5^+?Xxc<}F4ybH1x{`{=MebOD`q*XS_gf$U$)O1F>)xcDOq
z&5uXI?lg|_jKkgO_&>;7+`fv3AVW4U$t<=y>5J^L4Q$!Y4*Bv=W466}q-^8n<^KGb
zYv0^FlaE?lBi)2ZHJ~peD_&yZPAs<jecM(w+hn+^Xkal+@a<+_3YrjHB#7op>t>xn
z>rNwv-GR55{%q07lrDqSTDms%VB$6~rFE)xozCAh{mn-PjcLS4-89HeH))0=PHHY5
z=H<=8p*Wpo@irUFNN1Ryhdn}QY|6~cF=pG`8R6~A&t`LxCFs)5o1^K^-`Q<BElY3C
zw$6gvqE42lJv_a&$t>qJ+Z49F8qvz|gGhcGI@xA`O|-)W7e7{SWd=u?nPe`GGrM!#
zLbEg;BIcDRn~X4%mbzs=hGphyj}RJ1#T}wXotzKL?7`mnEM0dg%_ckAmg2T}KGs}W
z*6Wk~;XlP<Weey}HrZToE(4vyJDH=?yu5Xyu~ClzETbM|Yo$3St;HSbaf5iQYjH+%
zVXF6<!ZGt_=dN{IyL!=_Y&wn;86C%$QhbR*O)QBuK_?tDOG``6+NN8W5zw;XbK%x#
zWF8mR2%nWr$7s^F;g&HuIws`?1}ignQPH^;p(!An0x`Ar)nKwE$OUA9`AH`@o7RYy
zBU@K?&|AsoZLvLkJdm~7iP2zY4!PXyY_qY6Eov+Z;plvMG=d)d=HJ|4+0JqDp_$*E
ziw}Sqd)G)WH)lp9#e~l+*sSJ4uH2?!skJYS=}nm}I)j;kZY`U_#WB~NpqT@Y*M8C}
zZd+!~X(b<TKJi=0mzTN!EVdqt8HPWUySB2|ZlJwhnbkVhE%O1(JP?~F9XC2>otQ2B
zpTK-Jx1C0O{b~4fwn=6a#LgP%gq;u0g|EF#wH~uHtohfO*}^;F)|8=MHw>?RmSgtP
zlWym1f6e`9wJrbal-fgQc^^o(AO)XUE_fxGoV2N?nQ+v2c8;fE&6dZ8X+@!yipQ$X
z@+G!!1M4A%c+>>4MKYScndCML1u=)4YR|k`$<J(ym|xx*XkM^g$mY{X%S`{&llrrH
z*?wuAoYKgSd@MEFn6x4W77agHe0T1p(;7!z%WHF6ZEl+DX<Db{(s->lH=Sd&r_nTb
zWLy8*W3}3B%r&nQ%`{yufP79ke?DwBX3lSxgXWr2OF?-^r<!5r&rQy?W<;A&*35NF
z<qeLyjlz<JVZw!VVAErQntRtNjg~PoZeueLJ%4GK%^a;^&7+o&GZ(G9>9#57PbV7W
zL-PjUy6tFS0a%GEOTcYmx{o#^o0*1owoY`4*J{nYY~tp2rag88E1a1%Xph^T_syL{
zc;52iDOucn`Iwh&nwhcM)0oAqe8S&>w(WF(Msuec%#z9`aOpolW^7M(6zl|;#TxUQ
z(Oaw|Zd>QrW?NQ&Y#s1sCDctjvV6~LQNvBBHEw3IH1L;3Y5QxBr*4`^j%=QJv%mH@
zwnh5mj&y47FPlFLt#O-wZq7{G6rGlt%^nDwNJFy-FBOD%yyoiLG-_TrHeJ;FFg(Md
z%cK>xeRw&J#Z$3ZNqXdx8+AGfMT$e>`$Z`vbzMNG<4Efr9E>c{#zy5g%=y!7ZOm3{
zR7)<bBkcz~?+0#vdpt~~VXk1M)2*wUb+tw=O-mz(3pUHeQ_}RaVwA1hU0l+1vT2Qg
z^C>+D&Tk8+e#C2WH^<U-w446mH)r~%7mxY>rOVAl%XVZQb6aS{$gGw2(9W?o2bV%V
zrM!R3NDrsWnLJtAcHq)=<bP8#zdN`Ma=Gln8}oDX94^QOx1{CB0^1e^>G_d@Sb0m)
z`S{PG<&#L`WMwOhgm{)8`furI<<dAG%uwE8>W4MLJDDrHt>LX;MQ&w{5H<W}6D`b4
zp&b_kZa#mSGxBNVw$OxF7C(!U?tAlZKIG%4e`#_}U!G23&G<9_a`SL(U>4x!w9<?Z
zYwllbIDVS*QlFbvYs`D_thp^)VC@@kJJ6ipl6GT$D=x;CkzetAETs{mKON`T3>;58
zy7@Ua?Lr%eTFtKgFr92QM1br5TIV;(Vp^hb@sA%&J5y{S^|vmZqZ!|Azopag<^C`q
z>1XROzq&4NN;9k(u9n*YbM(grrPjK?AU|#OTf;Pb4%45UwI`td8MsKDadXoWI-BL=
zwHxwaCc3q{N%$^xq;4d!7fM*D$=|QMC5_+~GdGvtDkO97tk#vIGKmxMqq<ZlZk9`L
zfOu4)SS+e|EJ<MEv997#1td1f9YnJ<nbhMZvT!(Uu2~0W&dRpXazKBa%|OF!;ZE~1
zvV>jwZe4D=g$~JBJpD;$A=}ew{2){9U5+~K(lY_s*xqz0fcZ^xf9W)6ov)@p4a>sv
zq+zZIHRCkmna6FzT;`Z1EFbKw6O9#Tv`@FtvZW0=hjw6&ZE|U}S~IU*&Zi-B(RqGz
zRk@YsXr`^!AxfHRHa|z}lrkfrGqyGq5?jEnJBQ03XESiiX1}>O&YQaW+c?kQ<}1uJ
zH1Ez7k(uew%(6X4IaV;w)@_yr+RE~V-}L-Ur<6uw?J3TUrIJNQ-kP_OP6{r-=B7^O
zY0fv04Dw+U)=b1<E6e%t*9>iBMZ+`{X7lrZ&FOT$T9y~~n@y&sVQ|w}YUxHbr<<1k
zI1n%0ko3kBQ_er1KbJ!5UxVC=-L`_v$<20UsA-LDo5fn=Ia=d1ZJxA6ZEoM@SbnON
z{G65;>e<wCDV^tobkjTUYwNsb`N5AnN9_1C=H{@)(m74j-)!0T@Yd<3IbVJ{b=|bO
zx~?=l55hC+FgFDosU^?VXD!$8`B~>bhx%ru=g9jv7q?IO{c29zZo|!+{@9SjOhCqd
zUBaL)7hLqWW-{4vX&j%-h2GIbvQsBPw{$_oFG~`X<kuJ9FMnR$FVnSqC6YU}PAI9N
zuRBhcux3mo1T-W|J2m~WS#VRoTX*(jzq!dA*qW5o#cpl_w?IqO=0sx^@H8eY`^?uN
zsNpu|<w&D73xp-BJLuvzE21=p%~!w6mR3vm*O{Yz+Q<Se9awH1jx0)Q_{sc+dThJr
zU7=@xx(c_ZTxjd6-A1);fm+j<om||xXl_L7x^n@|l;)YHl2$kFueoHqHOOtl%y=%9
znb;O~o|U09=bWEm3E7X4UnDITnLlSuvJKA;YU@0Zh3I@c#u-gtN?P_5b2MhYkQlA`
z;HEko&W-H+faT^P!So!-=37_}U9Mq9V*?DUm-5U=AOnlFESj6ZGS2iTjj9t_S{76N
zZV3x^7pc~YF|#~v^YY7?Y48j`T(t%oW`^J9p9^cw*HF#Gw62=%FCRNyNj}WT^4sME
zz-BcgfZPVo2%oRvS6w@{GYw^?bvs})ahsNIMn0|`#Wq^!w;E8lJ-CxK$Z{2h*VZ<3
zjdRgl${n3~&>@<w-pEqa|FkICnU!s}y4h@-r+M3Pm)fy11vm9)9yR=`YY8;N(!|o~
z)_rnuW-~`K%$CPG-FnRh>NeKttO=^CmYw_m+j|pu%dV<SeBJTASFh$&RpvQ_$Rr)W
z76?gD;y^c({`>EQASx{ih=PdSh=dlEN$m!Iihl(aaQHj41EA6fGCP2Q5Fle!C6%fq
zHNRJHymNowxAr>c-23jU6!0pQD$jTCI&1B<*B;M4d#^LyTOh@ai%2y73gd%Q-kZa<
zT0t<;i6BBgLSrAretIw(v1JyC7wtF?R4a8@@;~ruR;^9g`~T)v`#=BZHk#953<oh?
zWa7EP8AL|zJWg1<@ko2=FYU6{%-Pm$BdXs(gHQlccvhZC_An(#c_mp?5Q`LbA$;dc
z7{YKctLX`XJJ<Pm6!k8vypcKthKBfPJyXK`lYk0Pj$U!(W#yEoD^g%oKSbD!5+kxO
z%2WAilGWg)4Zxa=b0QszO;ki73^5O-Ovi$8QK2Mf+pibn>PVnJvmz-6g>IOlijJZp
zQwj==7Pm?je2<PG>{7uhTL@uXTSg$0+)gQ(SIDct<3{set-O>IqBD!ge5eq{7LAgO
z`GiA`V9orK%i~bYK6MX(@k=@BGQ@b+_)SHUhQi#g0`}KXh6zy?$mb7-EEN$3&SNHY
zIhCw@qow{?3Ab??MloIFlq2Lw8w9ZEB*((D`X^6Wq#`1m#V3WFd~y#uxIfeb{!wMJ
zQ2J=!@Ds5sEYc^}7cGwqmLIet-7sbCNwmU7`3&2{JnH1S69SKeB&y#L@S$^JA1^6#
zaAdJ*hZL=b2%91$Ed?>QR!C}vQ?$n=3-zfZmw*VQ^eiNsXEU{D=-WUZqpd2pl8U*k
zPK3*Oj>DY$K&0^TF@D@ZL&vW`t{=7<kD>)An^b}mh4{d@s%E-qOOaMVA=*bS0OqA}
z%V!wt*pjNYXYc*?%2&SAI+bpoHto-BKP7*!QvJ{Skq5m`@9b)|3!5Gyx;8brY)1|~
zV2`+Rz5Uj!ueSfV<FNH@z4dIurW<CR#lx_rGYN+?WvtF+rSxUxJYN<_-W~Ks)hf$E
zbVBSDucTB7Op7KWt4s~M9`f!ZpBStWsU3?i|4*8f>BJco<z%@bZ7y@t^;8w>L-6^?
zTf$9o;w14_Kc#*@UHWangRj?Y(1Q%}OTu101g~qLC<`e(suotUT@@Z5R^qJ2P_jZ`
zNFSh59pHQvDOxenM}Y6|6yPs}B0c*c>xT@<h~|jmKJG(Sm*yD=4CT*Q495wff{kk8
zUm>$D?&oYn<oY6fjAVrhc{?Iaw7XauM-caQ3ZZfRNC%~VD0&`B>7vWnL~bfip=2QD
zV^q7P0NUk!pLkZ^)e-TdcKnI16oW4_L+*Um1%y$}J!}0gj>K-)su=T?TFq?(NmTs{
z>U=+_f-Vjr;t9xE&;@OgELUfeMDMSls3}4SdK*bFR5DM?*~#~sgYyedrhRTfyAh;i
zZ_u-Dzh^ZB*gMrK=0A|~_F_~A<*Lefj*;)GPyz?{q4s-9TZ|i@Q*IDRf*%(tna^k|
zq5c>XRm_^v8go#JC#6d%T*Mevj^Rj^Gt__Fy3J7ktOoY~gTO7Y9b=l8R)7@jF~p8Z
zGYZv^rl{-a@j3)WrU8_|?1z#R$~#_GGF+{0OsKlVhzDfuY2x_c+KL%~DiCz)Z|JaY
z^BR)_`Gg|@6VA^)#P@i-^f4#!@ixYTyjbY7eZoA!SSEu>@5OtB>f|XS0^>2#2T~YJ
z)-)4%+>eZG8Mv6GTNRmM!l?b2^iek^T`haWDQEVl6r)I5jRzkyk(K&mG||{{Rw{?q
z8Y0TC_dtC+c%Wi;-Z5kU&-Z<w)$3PS8~eJw+=c=78TT>wBlGb6>3TYk8WX-K&~cOl
z399#+R@s2?hQ6(vtJ!y6H*HV2bi$r+*@Rtrj#+d09@tJ<tvZ<s;3V4Dz;g~KR0A*(
z9L;46C{hj1XT9MKVyE<bXbc=Mh^nOO36cc@HMErEjUHGBdAC7yLThvqQ?JNb>kq8a
zXox7s!Y!V{DkCpI#4>9b;3T4h`c+V`s?xAc1HZUSJ8>K+$O_TcL7Te0wpFGktO~LY
zb_!_F>!EG@?Iai>4{sQtB9p8DqE)9rAx<JUc`RjyyxCzx6l{<m4`?TsJv!NBbt$AF
zvLFWv>dxPM3d#T@e2e|-6Hg@ecu$W$z`o@h`&o3v3u*ttbL^qWKK5zogK598c&T!I
zCKC`@pL}2E{p|-&>R-sg1Ia4BE{oCxqz&?AdsDuOWjUOv5=SkeWxug6=ztBZ4!MVP
zJ*1QK1uH+^I4vU=W<;69e2`T2XO0T9-)M(2#Z!Mk@N%OboXkDmIpW#xh(kySPEd~g
zHNLrj5*Rnp#6gNUM4&ln7tW@ta1g82x^+-ihxKf=Ky9l}G(b(H@_LA8d54^Gj&=;y
zhA9Y-qwGEG_9Dm}!@f|(c+T?@<78GCul+#>)XnNKu0KhB3he!fl-7p(Sns3#oLe-%
zzzz}Ze#_dumNiicPG9v}6Ewlcg)lCdC-;FWs3K4rD+NUR302fl5JN^ue!OtL7%~6~
zHaWb%sA3Yek>fNg56IF5ASsa27GhNKoaGn_dphn1jz!-eFi1AqCz*XAp+pbo(Ruu6
zUGlNx<S6!!hl@-=p2eUdhZKeQQ6a)CPO>Y!O(>HWS7Mwg!r4l2Jo)ig#X`ZgBtxoS
zrb+W;o|PZ7*^!$?xWKM1D3e$S6NP@wqEwGQ_ElY^Cb2GwYaYO-+v7!~X&e=t(>SQG
zmSK(S*U_droI#9nbq_BdaW3m&|AX3?CfZmaYuzQQ^_JjA@WK-Of|QdkQo&yPQy&%_
z?Eyzonunmsdx-t)JnVfFvd0P%sHfwKJ`Dpv`!C{&C{#!?SR4_Nr`N-!A<q1UPzWO~
zPtUwO7yW7t+U^&diWUhPQy|ry`zfF6G~W@aT+f$0FUz$7$oeK-V!5r^O<&wA`pjo<
zvp@f{zlT#dWzFU~>vR`!Tw~v9Edwc|#FMUK&%7Ubai`Yd3}HD!r<3GBVxg!vFiAEC
zHh<7;`{tTWtY2r7pvq+3W|x+&+E@ZDBQNB^vy!x<{YNI@bWW|e>2=e#wA8Yt#g_Gs
zEZX6n_gQP9X>Ab8=4YZgVH1rB)h{L<=1DNTjCq_?tJkbntJ>Daq-_B)j!jxvSOCr2
zvDsrbH#>_(u8v8ajgQXqyqXgzXJV3>;>(ntzlSTfgcYI1RRQwWcGZ@U#S;2}d2q|C
znKe4Bs7D?3s5KVstQ}1Z1}vwb%HpC`7Zz>*&fRuw*DkCss7C{tV6f=O@M<_`xqzQd
zu}rUzz@QrqQ%d7<;x0H(I<*<LT*nx8E5^G`E`wx3t_X)XCkYohS<plWf#Mi}a=dee
zI6$(zNP}s#eOmqAY+`?VV&@^lZW(>Pgo$Yi$NW?`;>aVO`#;$i^Kc=3;~+{~Fzs8$
zfakK?QgEKaL_zkE#Z2(^j`Z=vcDPb{<;NsAx@!&We~|PD_m?K@@cm16Z1;U;N1<1)
zbR02uaJ(_0_J4tUX3m?FlNhf!8NryV(20SLe7T7}0Vyo=B+HIEgu!)O!Ks7BO<>Bc
zbHc~AOA+s!$1~fcVOd`gHBfc~<9=efYm>_z+j;Ys?9k1(m`zXF#PmA!xi3Dk2svUr
z^2;{xB-JS_2-&MJ){orVn-eE28fpu8J9Qifm)dh>k^#n^2)5Mn*l$i^o}n$;qI!V0
zCO}Q<ysVA&rZu+D+r~i^ghg?A(b`LkcI2+R?C_mC4X41?*gR$3Hjeua25lF|Hc5Tv
zd5f|Gq}bBD{?1Zds3~Bd)v)iRVnYPyK8__NmWP=W+sZ!5N<=U$+%||T4=Y_#Q(*Oz
z=$kAql>zWhjqj_(X~sMm4W6t#EVw+Z=f>s8H}5SE3x#%aOgGU#c{GG9ItiIQ#atd=
zuY{sqg13ih++G&0T8S|_wuS4+vX-Ml24ab0jEVr)cu)A+K!8h3v7uiPPce=+S7@6y
zoVzrC)i4)T7cgAWD(q+;>soIy7CF~*uI^zCm#>V>rm!|oHZUd^aiX};g3jwVci*jc
z?Ec$qc6OJ|%<Qtku{pD2#}G5)1gDd0AJ@w!*1}c?Cv$L2bFii)udCH@d}6<Hj^x!*
zzXyOykhFfHZETm?$au9>@cAa~r~Y~<*q<q1a*7(S5L7I6R7xZ6EY(TbdAuWR!KEjh
z({xnlY>ZvXIwj&JaZt<!0{htOCM(r9$!R;xlgz$hHsI1k8&Wipl~To=U0G+f$$>2_
z9fi-=fM3(VE~6jF0n2pkXFtYWc3!dX+=qO4_JA{yY6Bb&P;wv#Q<%fBzb5DePa*+`
zx8QWk2Bh-|IG7dQx~Wk{W9c5lhMYtPt_B-kee2_lr_(aK<Mw;ZTCnTDCQUv%+tAoR
zSQ9Yo2buN6hF7L|WuQ6H(8N)lK$%T8j(Om0r`@s+Xnt<qmgca~@qkDRLve9|DHb*c
zJ<jz`P*@%H;T0W*yC}o2BQcJBhMMB6i&R6|^=89ba2C%!`)t$!{RZc;(_gSoZ_(!N
zzFXAq;$Q*!K?G7hIq3jEzGwwFcMSC?KXDlqcAWH*BaSSk4^kY*nuj^&h8z=6)@H>g
zz0x`prPh1Byq+1!Ht#pj&+ExgW>aOG{VIX3B1D{`-G-mIlEzye{j^_X1Wt)9*A?Lu
z_B<qI-0On)0zm;D^#dtPyQK4kNw0v%OJb=UEHokK86(=@M<#R_3+SRM&$JV-*KzPQ
z8YzrJ25q^2&mOzyPMk>aYBVQAj(Iqab>8ko9_oMC@gJNtUZK}91zET8SsG-VwRk*F
zT2Qw-+W@&LJ!+f9BY)+C+Ow{j=vk&}jSt(y7LrrXh&*0;5GN26Vt$DY#~Ru-iE2!u
zUH$H|^+1Pi-)V<I73|+C#y9pd_Oo-J?2$mnvDXcib6Ff2p>=E@!QBgEC#GZnlV@pp
z^@4Uj-hJGn{cJ03Xv><5C(>W8a^F!-=@7&I&iWbsR!3bLtP_rHK6cVW)z;$-ya}hW
ziFvPP9npb(ciTbGVDBDla2`M%crw}RwDo5S70jWSAQClF>(Vxj8zMVi^=19CC;%GR
z#+66y6Sh@gUlxo<<<$1*w;?luHVk+^UJs^mz4}Hnv}l(?WO)WD4FP+UL1G@_h*JHu
z&)vq&$Au+8B&Xi%<8|<I!nx7@WuCI**ku1COQvTQDbDjFb3Pm%jmtI#1_58+Ta>XS
zNk%=Qf7x#-4Uvfjo$QeoBTH)w^OAvVB21C<B#2_7s6lR%_E#b7@h+=3Msz}A40BBN
zG_LBf=bF#?11%C~AHxh|pAOs9W(YWuuk>=_{@|Uy8v4G*eNby*zHVcGEMd$p+u=id
z?Z}~hR@r}>RUWv_2JK~0e|Z7R-y$-HkAZd5uUJ>%8hU;FSVpy2HFg8y*w4Ab$=lCL
zk|3+mX&i`0Jdb;(C73Z8?GsTKyh!>YAI$YWyj-7;oiSm2vtvT~6i#wx$E|ceCUU*U
z(cT?qw;`#D2&>xQo@KHZ2dyY4h%CusNe4uIy&EC-QI`6gAJq`Mfb+B0!_yYH?EVv+
zM<lFZr`ABcU0vnnbMV0goHcYH$uK7lc*25o%(I3GnLN%|+<9cas8(_wDK~h94#dfj
zS0$F`x_1A)hiu^>&Q3aBF&<hPBP2~ao~PH9VYlMIZNh1z16c>B1E+zE!QaIh4T)DC
z=XvJCytwz-JFp?o7Z<V=R{kW~akx5h!WuMiKv8A_C540zsA56oGhVd@>WzhR%f=0;
z2cLuLX+iCR+6NEWfjjQ9-tr=dXLyLGBgKqVkKh~_tPlr^D#p^t9N?p2-!LL^B9kLO
zkT|MH4)Os=K&GJRWG9(*qLAu_1JDlwuczx6PZ{-8I@Z_q3P)VxJP74<A;!xLJ%|vG
zey6kK_0RKin`}RD%Q(e*oQ(8!eO510K^Nhb@%$#evP^m&OsW2gqO5O<M}PP+03rwR
zDl^Bt9?QTu;Vq)s!$)oRt#_I&!5NEjj`VD=7GI8a_N~S|9U7FIxC)k@I#6;DHQ6JL
z#$)IehcacGIE!Lw%7!7;Tw%o}!P|pv(v$i;*`f0YKZp($5B>>+={yd4Z4ge@?!C|U
z-trYJ5G|2XrgB8AgYr#np_%~q;lOxgNXHHRvC@VCj0tkZaeT0^Xq)Vl4duvBoI8Y3
zFq0j0ER(m-BJ6#I{RPf{SKu9s8p517CnkBt9L^)CUh6~Ox5e3mphI@}&fCon?nmCJ
zndZD6(qnOB87hZ7+JrJV$4O=l5=qV~C_8d$WD(KQG2Uf`3o^gaKdyJRC@Y_VC?`dR
zvFZ_=dIfy{E6jArgIr}$4n4}IJ;J`wu`ZrpgyXoPO_964pi5LNCq?R;Hi}c<sGJnX
zv_rCU7YpIUsmr6V5l@Kpgwimcc~PI*9{mw0CXsyvJRSD{NfC-8&y4UzTR>@~CvCJZ
zX~45s=@_SgbHzIs#&GT%O+Tm&$EY^}bySz5ju^9kEL8P~MiVED%?9tZ0IVY8IOiZ<
zjy=XaFA!95Vue*$cO^*Gg+o?bJY+M69supPqX+M|*1-qN=8joq`IyeFdfi!N${U1(
z9-Pbp=MS84@j@2X9+IDM1ycJ_w)X?dXPqdKgSd8RokM$cYh6uuTki)NQKt=aNP2dJ
z%Q|MUm5)se#k-u_B$+_i>y^Ti6Azn^Bdu&BT!<H?x`3;e%HO#o><IA4O9(lUSd<Cb
zH(7ojLRg)KaI)n`e@86~aFr2#<h)|fx^JMf3!V{>FcAE?NAw)V4AwvqA9*72#F{(1
zTF1~M$Hb{Qn$Dy0L^o<OMS41qSWN4DiG+HTJAY(JbnvcyIICgKoK!)4JB627m<Ja=
z8jB-K--y$BY)rs`Bq!A&ql{j+YrS6AW{=L=?97Y}x){_X9Tgx}PBQai*tzE&9A&^R
zWZoVp7ll2q>J(^dqGpq*52}EJ1_vfD%Xiv1c$V#+uiR$c`J*<NpTXkWM_+I<W_#=C
zCM1CDXX`%rD5DfXoE!EdiMv~z^+=Jdmm963bFKp@%D}-G&k<<^(T4GvJ$I(p&8p!H
zppL;Kf2A9dWk;2B_9M$2YdcN`SKk-H<gQ~dg(F^iazzf=#Xi(0WQ8df!_GaKVv`;c
z2fW5D``*W|$FqGLC!iSrP?0wp6^!=^I4031Z+CXA1KNGd?be@bW5&cjB<Wyfc1#GF
znM)30|GTU)iLvO84s-=Mb0&*A9ybc7wt#%12eAok1Gn0ESl<*Mq-6%x(5(h>lk+&i
zt8;ur1Js3MeAnl0vi{<N8Hr;j5$|T85+LN8jvv12#w(L?C4pBWD%B=z$uS>f{f)B0
zeXL??U|*4Rr-N++hpb^tLR7^2ODw#qf(obdN$%9qjN{Td^UC@d_BG6QJc%Z+Os`MQ
zBOl+vzSYUVGS<o^JG$p?QTNzkEQm+YF&GD+te!#0%c+U{xd^k((ROlntRHXgV5Z(D
zE6Cb2+F?YlV;lHQ8!!|aa|Y*dKG#+#Lw3q1QP{FB;wc}*b$Ode#{ko&I;wBIugF=R
z9#K-cY`-t~e$|v6K(HLLR3<@LB6+Uoe&Bv{p7vKZ1~@j7t<1?iUF7Hel)_2QbiPS>
zNEqSSCTA(1QH}~SBr$D<<YJsBp(fY)mt#_qRD#KZ+QbuN<J@}`VX1O`ggrlsMP7_|
z&aWITb}WD%Rv$NT4AwDT8yK(C>o;1b-xdupmIhqcdHlfv2(EKW9NXfcZVT>2n|B<k
z=T2*5ShO&-F!#Y3ojbVO<`3+)spX@#|F$ofEzg*>W^K@+BMEL(pmjKmTbR>uLJBXi
zuPb7lOE?BuXN)^?5bsEGn3HpK>uFR(^Ti!<+IVkzdr=8=3CAYKEIISyIA$EnVJ=Rb
zrhK1ydWJ*@`<`OZbt<E1m-HUY<vc$~Mf(-xZR9uVKa^*YXL{CSR7Ww%S$P0thSKi$
zblAAo>!$wV{He5wr@r!2q3^gGdwLQ(m_NhA2^Ste&a%nr9AOQ@Ab>sR5M5n_4*QT-
z-)bN_kIdI^Su<a9?ig@T9g8SQm&TE9ai(QUGi|%??gy-U6q6Hwe4LYN4;3RJ4=$!^
zusG}NVJ<*)MjK5`?Q}}P={S;jTb$10v6*AK`q=Gs{aGYUa86nvm?7mN&-5&Zjd9M~
zQPeT)c|ebLP?Qb&WCC@V#NtAyp^5&8x6HZ=^LA+OUOR#X29?6N=W`z%2FObtuS}FD
zdNmDfmILOJi`Zz#CcWyD8HEgD-4YkF{DucMW#;E&hI+Dy5AOBygNr<clU{ulwgova
ze}ot0eDWIBXK9b4i+waI^XuHhVku0!2)nF6LH2lTJxqP*`W*B=j-g6C?YqR)H5&VV
z@+8L*P9w(ysom;Yr`@&tZryE*58y;1b$%+vC-4|&%#4|Ucm=>68c=c!hn&WOepp66
zp#$m80P-Gk9$A#PJOqu0h!4{KN3k0JoKGRsd2Hf%uAwh@C2sl9VY`3lT{d^yF6;Bn
zJq{Tj{^}p3QwMq3<i7t=9{ZADJ88><iTz1C>2vOu<jlwWC-QZ>oJYLp={7n+3!7p(
z$;m$DsjHTBjKFIX(^kVitf9RdHcgAV?Ro6ac{t4nt#|kk+I|P*16Xx2XEy0Lu`jhr
z(8MVox9Pn_K1ZrkSvPXklSuW;<iwNgdx^osQ(W|IL_6n(`7(c|q@8ocrLiqADDH83
zY(aH$@_pz$WVZzp_hzdHpyQTy3KY16jQc(hU6d1LcyBqvCfSR7*z<5X_^3{8mPj6P
zu4mtQRIX1O>9RWN%Z-PJ@)UEugXzd*mEuxtk~90neakUIRq8)NEXm{%PJC!ym00Ad
z4?|WIHpwQBqt@phURj)9>R4j}j%1SyJ|j`DG!JkcByS*HP#rW0Ut*#*Y0GdHm-zxI
zP9iXpteSYew_vsIylt%EBy#Ss%^teXW)FhEXTW*Ivf4VR7xLUIr0;-2`J5!yc+Hm@
zBYuqXWmZj7FlX<vZE7FwFmJJK@wk+)u?Z4oh%b*(%FI^{^)N3!Nd^mBi7vZ3^q{da
zS>lB_*SPF@BIKf;L=@{^<cXvzhNZ}4l_*uN=a|;M_W=Qr)6)CEeRS%gPtZT&uB+HH
z?if_pZAK5n)9%xG#G*hakxnE!AM>b)`_H*Mjl3#H+2>q3mC76W`lRR!EuBZ$Vlm|;
zOeeB6*8z2H|DHoObMHZ{wo@2zINRu=vV2j3_2gp33MxM~5*1C0pgW^<)_64_IgiZ-
zoX4&l$ho;Wn?E+E1-sMc^P5cTgTguU9>Y_a8ayhC3nc488`se;`cZWQHJepAkk0w+
zR38UY&lcxqY-#SO-SdT;&1PmXKG8>V9#xD$=2t^FFd}2dYnP_bNP)Cf7?d(n8?tcD
zsn2pM#vz|*H&w2qkeiUxsg-S(juF&_Jj~q=!Ghigd<u`s#c)BNm6v$2eXGgBn6M=B
zA(>Wg7jop~b{<y^=TS3L8q;XM91QgX9Sx6{4Je#O-szF^*zQ@U)3d{O?X|-@_aQAO
zXO`ppASOd{zGYr~PFGjgD3iuIim1bA9LH%Ur?Ql9Y8#vBEhKZ0Cpkn~c)JluyWHEy
zW3CEb6`wnFK=i<e|H(RA(dbSGgcGPVN|g|#aRAb>q{$lfQ@d$Y1mfApD%8o-cv|Jk
zyuc}YKT+rH4L!e-lP%N8KI>EG*f=FQ9C=Qh6SZj@;FzWV*I3uI<`igx$Gq88YssdT
zm+dS6{7<&<!2M_v78*LwD1{Ubq^gm&&QS-7zQW;4dlz%=ajd%s3z1no)ohcbL<B0H
z!hZawU{)Dyl%E1%sjsp1KKD2>pL1nJl@pMcNiZ!sNNLGE9i#o2qGBAUfdc8vO=?f-
z5;En%I*KPsw&Y@-fpnhF7@br(AJQc;k58M#U0n=IfLP=sc}kA75)1K3R*;;6bC>+s
z;b<2a@QowO6oBm3F6SJCuOAB$E{vCyF6&p6Mwt&P$pOQsU!6>j7ac!*xT|?*l8;{{
zY9gIGkC+c2^A|Jts~8<Po!v>^&2&dJcpXk<Z2;<btPWn~9gG1lxcFZmA31P9w0QVd
zQE%y(^_J&s&{{yIyt9EZ#$&b0=gRBGH`w(SyV^kV7Rq;l9e?41zjUE_R`DFCY0P?q
zhQrE+`GI$N=Z!!>`G=giwoF5r`oxE1in%<LPw-+oB8B<M_E*G>%CIf&Q;(yZbf9d!
zj+IGl{}@?fK|dnb?5dx-k++NV?=pStWa#yvG`}$L38X*@`#{U$WM7n1T9BTPNW`<1
ze!9ZQH?J2Lcxk!;a}<gZtIN?TFDF*gD;lJ{P|2u=o;{>zD^zfD(#ILIA^#-}RxLP4
z7j<TSl(BK1+TeP~T0~ObNgovHlqS_P>Y_KV>wI1coeDeNM&}Dci*ROpOG~L7uOmri
zQI;~V8^fV@U9P7cgrsBG<MMoRuC$cGHltKV$dQIRrAuXz#+H|C#^{BiaN<D)edbIQ
zZIbMD&-J4=<Kqi;%EEcSa*XA2;sx1l!4r8K>0mHEl}R3FNpwDF$Nd`P5u_{ZB)&`m
zM@tX(V{+>+ckS5WS>>U8hRTBuX?>igd`Yy?cw~8D8?x6!Ws@skkN5hxU6hgK6YW)5
z`F?P{>mom?l@7A{fhUY{EIaW<kwL#_vxg30iNV5x_VQ|g=SQZE^Q>IwS$z`eiUQiK
zu;N&cVw&7u^#+f2tIn`@XOuc8<)?JXM(xS_SaB)d^GWF-*L2$*Q<L^97Aov>Jr4%r
zB3T{OYyxKq6PUx=d?^mi9(1u#;bejN@C{Ryp&H?n)+FC1VtFHc)EQvfkln_)^a>{~
zVtKC9K4eHd!a1j%*Dp`UI1gjXeJ%mtBx<2b0bjHty_2W+P!Um{Bjlphu<Ut5Vtz8s
z^Uh4gsgD3CWZF|K=%tA~7|LWI%bT2bArmRAG{a%vlIJ=vhq8hmPI4BCO;%pw(eiXs
z!L3WQNjwns19vA;ffZcoC6iO|Ktas1%IuJ;KIp*F>thcicj#4fWTva@y(;E45PXIn
z4!RDA@4#aCBV4r(j*%Y57N>$D(Uzx{U8`HCGGU$Cq;=|3)@`h_Zgbk!opqk=xcDmD
zcG2aw<MPMYy0af?wJn!gZ~gh!t#7w#^BkM5Y_n>2$_8zoa5t?t*~BqQ7q??Q`WTpd
zd!3ebyI6ZsD18JD)7%f>yzW;n^W&311?fKXkqgXeT*oyxq>kdrnA<zoorED9mlY?Q
z$e+Xx4B72`9&($U5azn0_&kpwPnSq@S&D-^&L$71JXJPj`b>!mHkq9AUKy9$)GCj9
z<&CT?_JT+gBNhdAquQ%BV*}#BrbQA7wNR>n&^cE)NH&~!VV{VOBcCOc^SHRIj*`=e
zL8Uj1khd0wlqd6}EDp*XN0tq)x4HQyXsRq1Ysw3=$FO)~P%)k2U>_VhUqo0&9?oQN
zZ$r_>Dc7Ymsta}jpZ~xhrNhbo;~5X1`{|&K%X9qc0)T^(>C%VJtrBO0iG&#G$n*L-
zrFeWG4BIeFInz;eo$8wOY8xXJ$8;%AhLcQ+E20P#;$1G<Q8!dxW|R1cZq!)`+4FGX
zXGL5=m&LEJW4(sS^DXQ*)IHNFy~jn`qU;9>^Yt=vn{)utkxXOJ#{meF7o+Gn@};f;
z9Y+v<1MSHEL(0d0EEj1|7hQ4ISS*nGH&GgwBFQ-LSLoc<>yf7&lF1eJzLH*ilxWNP
zQKkx;C<9!-u7L3!$270_bDcXfbHw@>>vSCDJR%vdSwwzb5Aba4xL)%Njib$(j5-u-
z^Yn?rmUhZ3Y$HC|FrJ^x20ZmkgojABo`#Eyk5{JQzQ*y5_SdVJb5J+_hTYj`?XV`C
z$JrU281Tfk-L=7T%PN?Y>Jxn4P&xX#q>XDbBFp4a?r~z7K9@ZvQKVs?4TUL_g`DC+
z+Aoq*yD1ma$&^UCJf1BHd6+U4WwE44>B#eZ$fZm?A#4fSr?8uH3nCA@q)R1A&dFm|
z$V%@T$`aGoImf2+te+IEjkpI>IPyrg!*Rax5Vk4oAP)-WM@0tcSQqc}qzEe1Esu9q
z=zT+3fm~Mzhbm*(O!RmGhAvZ#TSyQGIB}BW*sWp6!%>8ej$;dUU991K44f{gk9m$4
zayT70c|0A*c6Gv9)hRfRlh$j%d4%KGn^<oPgGoEqZP;RMgS98NTYc-Lw&DCo+x9EI
z$u4-@_13)b3Ty2++ge*UTX)^04fvbNdc2A!Z_ECS9sL2`4V;*8$B|c0(N<JPYc7vl
z{WKvs_lkD|D#+)Mxki&PuhkmJo9(7S5RZG#!NJqq=)}Cz+Cb8AmE<f<N+%w6OjAfF
zqD|;>u5^VmbNiekt{CrfDhK6x-lLT4W4<4vh);Du9<|0}Uv(oN43z^%=TQp-9XfO-
zZPg)(b8%$Cv|z?9F-^v?c*;H}Ei%x@6&aQxClLd1es0k^OKs>Ir~q^z?&P6HBP|pe
zsa!TLmFG?y1_9&HEj-hp1KDchEQBv6Nb7Y`eu;~ex9g%zZ$q+Ex}?u|(y4rgp$73S
zTh@bDLFqhZ500ZA^GA-bgVAO_&dc=LiZjoQyu*{;Da!SDR%zIVA97KaXF)E;D~}|n
zvRp3OhCbP5_K9cq$xeE*ape`l;JG7T;7QKv4Jx)l;UQb9J#Mtl!{t+#_M2>1a<?z;
zTgJJpaG{Ufh8zcx_B#m&QW}REm)P%2LgMqdavn8n;@j@o;e#9p$PX$We17tf`b89F
z<aH7uZ*tvg6_2uWJIdsl92C05vB4KqXj`Vs$|k3tbAYFfJl$#ZviXF(&l3ZjBrVy}
zK{&@~Z=LfmlJgc=RzKyR%2auf$%pDgUD6k9J&&-7x}|VBUKJ0X#bvspoYy1jHAK-T
zsZMCExE5~2`^`I~WegXedK2?-)i!R~Vr|48nw`P=g%e`TNn8*3<K#M-C9$7`JpY^%
zh2z76iL=b2K4jOkJ=q6!bctq^$r<)`=kY0zLS7{4i}|B(T~3hb{lPDJo>yidD4PO2
z$Sp{9a_;Kj&Z4Jer?_Oxu=I(Dh?kr;nJ(;;EY4sa??|$~+z-zAO`9Rvvq^e#eN$Wt
zOG@04>m7N#?{|t32S{X3Pyi_$@eCK`;M_MZ3I)BSEUaMS#kf$V)-XTJGkrNXek{<A
zl%@kGjw?A8aLQ<lEsvER*FSV7eK9(YJPde;S%iSrYUpX#6`6i2RcYuC=p`-q2G&I0
z{H@yw+qn5`JMY3r*d>=e)-HR@H`}%gA7vZPxx$*;F0sLe^HI%nY_PQ1>PwSWTdG*6
zGlBdjkRQ_X=VFi#U(TaT%zAKNLqz`2fYd&yCMPGc^|oa5Gh@_NZ!hNn_LPSc!QT5~
zRL4Ttrr^=1MH{9|X_H-^m-8VfPx|pR6dz@d=(BJ!9y@eJdJ)P`b@Vts6aI}qb7NQ6
znxRO}BONmCR9;eWXR1Icb3KSpd6XwR#mgQ<$1!m^kLWo5Gs6td);n+@s}1ZZK3|47
zBpM;lGs01Rl*QlG<3GtL4y1opAYl}?mi=wvNblU!V$WxJF;4namg^wn6Z$NkX|g&*
zo;=xs^GF9$&Lf-#_8)V=sn^j1`_VRd==`UdR3D^96+C|*oL&YZX|XcQE$z6YQ<$=s
zKPr>COzz})iI|pQaps=lQaH-?CL|r=lxJo`nRXNlI?zfxPC^A;AzVxw>Bi>As6zVS
z9#?2fs(Vnhdn{M_WT&=-ed4K4vostxisJ#~2a(1C9jX`?FySo}UUkxyCrpNXk+sj~
z9uFS&^?<V$3^maz?;vkWv2G%bH`qq`1t&7X&JoUZ&Lt=AajEa51JC*`%66G!Q;R5d
zNSBo<=P@VF@%(MXTBl=2@7bgFHF;$Ma|fMA&lAKvz%^!ACdkJ?(uGVL*{SfPCrA3w
zC3|m|>vEapI1jzrgf!}tj7L5>Wwy!Q|1pL2<jJ5fHeL?rN&blUlpUF!wc1qErnhX?
z?Xvm#d27H<|7xSRmHi}=K<-{H@)WUrf@KurhB&`T4oY#Eel*Rfjv_YdmlUtG2p2#6
zM!bmg8&yK+$&##~%XxYRGa>1dO`-hZxE$)KP^Gvm8G%5SPsSCo3K6L+Zc`d($%ZV&
zXYwe|WFiSE&O?!B((o$<QRE(%>B1&U>|-TE=tpI7kb>k%51#d5sI+l~n_-jUied<4
zY(tOhSQ_sPOOFi?9}?e<;IZVlf9W{V(eo>g;UMBG3I~$<E)?NBy5k5PYTZF<{!5cP
zj+oQr?1ke9AAwgYc~!Dqx25i+Ep*n|U~0Qfz;WDk;iK)GtDa;VE`PjDKH~AV;i5}y
zddImov1tcR@-|{FYFd98E-mt_RU4|uV9@jVi&HBm>KcziwhtRVc2=uR`f-W&J4dx(
z#kttqoX^QhD1uJMb>gZ2LiRZ(DCNO;Qf5yb(--0r4W~`|H2)9VMSL+YFHdEr@F->V
zLA#WGs7^VjU2Xf*ZoF}RZV5dJB|C<RFlp$g7SI{$4>?-FIdLYQZ2eYUqSS}#YxQN)
zW1$I$lFtRUS{>cGURvPufV}buW9&&k;7}NC(+;D~^Yru~Gfoa0$n{Vpr>)&?yYm=&
z<|gi)BAJ|FW|X*hxZ7qnXeYS{U&fQt+9J{|Yt)&<=c4rYLvR>5?B?c=S#MzhM-zWT
z6Y(JBkF2ywnQ$@9bRMCPbJs;!6_Gt;sa!86UDA7nJzU^J&KsqoK2av8bY9l5E@bbk
zmAWXWs4wy;H<MF%C_lyfzRLCk<m}){={*i<i($r6r|>9Gc_^=>PiYy(h=r^mOkC%6
zpgfW;I2=cgcipz;EfYA76-<bnt!9tRSZ`?=3ZAjDJt=dLPtug3M|$!g9h1sCm8*Cs
zADa;eU9yQWt8_v9NKX1xe-bvC9ATY2hA!HQY&Gur%K~U0&)B7IcWmZRe(M^u2kdYx
zrm`UD%cE0*!bOgZA?M}gobh=c-rlg4oXBm6F`V%dlTK;)WjN)jxX9OoY%2xn5a2w<
ztBriQsRL?GHsmO?THCg6wF*vJXAd2<!SW(sMa}b6hN;|?dDa)93mYPM60-J31Xzm6
zR7Ca`J27NKDH(!kF^oXQuqoI{6jXb0^+$n=3U$l&L6$h$o@~H9?6DaXF6ayS$Ucip
zaz;cUoRvd8gLycqQq~bFN<<#=xhtWV2F&Y3*?HvYEX9S*h^@jB$@92qXJ%H2k2o=f
za#{N_$;JHgaOCN6WA~B77&|;}^Y(`ofumVr4l|xy=}$gDJbE$pfpd-Xb&s|r%o6_L
zpy9-jh*f=iJd^MLe<i6DNs;5qxtxm9Fm!Mhk|M_?r!;4C8n$=HAt5;>$0%o(a}FcN
z$!R$>hha8nHq2p;+rI1ld3?XW-)H~bd)&v@bziU3^S++X`0d|Sb3Q|xH@V882`L`W
z+AC%m-E51PpoA?J0|3G$uDwX5@Qf8bW}L^Wg<y@VrHQC6=9ah~c6#1G?rG!v#_e5K
z9ph{02V|wuS!1uVy66EhBN!p0cEwX4;`y3z+f1?)eYY!p*!y)LYjQmP`=d7@xs?{T
z9XoEGLoGOUvYDTJ{$ccPOmCErnC=$H1=#=CGMR5boEE^(3x1StvVwk}_;mfjl}j8h
zOAy}4jo!P$>cBAdpAXnJIVc?V1+Pp(%LFw(_^5p74o}*C4HW8J!spDrI!HcijH#<$
z25!DvJd(+{v3ABbfmG$4^;=p`*v>oHuID@N+<+(&1PglJj2rT@wq1CT3EjJSKP7uT
zB;JJBkr;b=-(=lurjJResJ>%Bq%=u^v!WU0t}oxX)ugymHm+sZ5`O+uF_eSY=QZvL
z_dWB3-j}W<7nCNv`Qw(~S<}lfxbiQZfXf4JA3N{si)M->W)MZmA4ogDRuVeTk1EFJ
z^*9<UN}$?CBtuDulB2N^$#U~tZoeEBvX<4{#vB@SReKZ#yeB%xQy0Gg<@sKZ@Xt1y
zp>LhYoh{@9A|4d?x2(V3Kxy7<%-+v$NQ8jq$&_24+Ejk<oqC)31E<ySAw)r+auwju
zB^)=)7K+{yRa-pfJ(kZYZN&CA&c3D<G-L2Zb>#}KSFx%VI#(!v%F^ZuKYzjl3HhEG
zx*l1ykX_C9{%IZSZX^Aq-pVs;upP%iiA278O+5wE&-O8A?i+V;0+w6h<g3l+Cw}-Q
z%KE14piidf7r1R57{VYkV<!-G<t0x~d@^`z|D^Q;x7Mdep4TAApGxAl?#H-ro%PXp
z?9^|wDC=#nEcEr#vZL;{;jQjHF)bRZ?<;1-yibzyoooI%7r!BI;EgMRKQc_-^}3qg
zgz6`@sdGq4zq9(q7ZEzB{!Z@PH@-j1=|qL=oQI=<;h6@ypl@NMj{r{o)N`xSF--7Z
zKYg`326p1Qxc2kUV#*+u*ueK3^kH7#al4<K4*jR*u68*yQ15TAf&8X;u62HUyZ~y`
z`#KApv3F!e4_+t_y>T?Irt+@4U<v5Q7Lr-$a`dZUrlw7$xQ7=W7z7)Fso7>`e4nR(
z?dQafd)p`a=GR)#O4;2GnxtKOS<NTv&DF8Bwt>lp;QiC-%}3tp4SO$3+$Ud7@oyGV
z<fJSIjU0>SkKef%>$E?U6C5(%?A^1Fu30Jn0fTDqsK59iHz{=?=;La{@YQS?__>PF
zs*<<pJSmJ&JE#w~Fpx`(=xOKoAE=uQm?ib)`lbe^`MpzN3o_*U5GeVZ;>C6$?Twjj
zphLdCM6OJFRHSLAI&r<-_q)$tD3NrIasJfu5@@qWRHN86A;|Wk!gz@;dN5N58&k_)
z={>zr@qGC4{=JWVYURO21`77ijEF<_F~BaJf+7~jw%E$NwA7Nyim2S!;5C!M9v0Kv
zaiw{OR6=PF5)`pj2-!D@*n9+XEcfodY-Cbswd81A^g)78+;(IhlznO67nMp-xbAaR
zPb;0vrb}E$^_};$1lH6s%v5*)L-rQJEqG%&hk`PwZ->NgEF_bDZFyfgr@Wkub>t7o
zdV5o2%-l{?%@wE)DqD~FzL0XL<Rh#+JvhUULAAyY)(?T5i8%}9ix+f#9}7G+n>(L|
zHcI+JxqLFS%i(MR^wBy&H!<LX#@k?Gnt>}*n#n#xOlT_RsnNmqtrTTOuUAL3KuIgr
zC`YzzTv^p`sc^^24HLf;I%EH9EA>N<u0AK{FNeT@sIv{1l{8IwKr&X#F&UIsI!mv3
z6<Vp1RxJ&=c|1PsoHpBG0T_vbeII+@Rhb&sTy+<L0>Wdt0Xs0jOewTdb4AK3%KIhD
zyTV6)Z$}?Knb2<X_6<LCq1X2L;poG)+ZS20YQ`No%c|cWEXL&fAUPdRd<pII*yvWi
z&Ml?$zBd6W9b^4q;4(qXFeOe?>z$tW+4;v;ZwH?H=34$yr1Q=EzB0xq{8Dc9^{d+L
zr%h8nJe_=8aP0Y6>1p43LD*>Y*@NJgf4%|Xg7seu#Uf?`FADCm06p9>f%?|roLwkp
z|7y0FC5~Gq&XYa_7VtS=-d54ReN4c0JWVBH?>h%#s9a)bFw#C+qfT+@ci^^kyv^#&
z$+FovQH|%)^SZei0q`dnZ4os*+vt&wv)-K!7lDPZW?_;6&#Z(;T)F6-)^$!o^n9of
z>bwLNhxL)K=wGyci5qAc8fe_URlDCL?RId~J9Ej#!4xNd&)1}7;S^A2^|AlghcHE8
zYE!ISs8QVt;b(sR$l~e;lSIv=um|Q}byH2e){IpQYv)*dNIHTj5bYIz%H3igZ>#u4
zAhB%U<nYVUE_oJVl`3VDs~LS!Tt7*QGE>;s-=92S|DVmj|8qZB2BiSMbt7g%Krq-t
z6mw5!k!=mEo?NKEGRrIxaBjZIB)8+2*1x;`R=kS7f7GYPJbnPQlve(M5}k)y0-bsw
zp3auW+Y^|l8J!q26e#005oXS}7kX*=X_$P}zSS<eCD$@n^Gqlb^n-<Oz+U^8RbQsT
zDEl{`=eZr%|2=it;4*Zs)Nlh?_|y2#($88;Sua{Z2=h8-toXB-OtdG*KGt(hDq`!?
z7pR~?5^x^4Q{onV5iA<enP9$`pPw(x6DQgV(+ufZEZ0v8xbU9BVlet$Gdfa3f3c#&
zg<ZwDUjhMHC9v6^2?0)O%bO6P$B_5BJWLl-`E9N&K6-*)<ku-;K0W98{~RF4!<i}_
zm-hn2+|-Po4b#wW`s^cxH_>>KAw>v~d%3KcB1QR~0~Iz%Vj8&P`f;%I>~%Ab$E^Dr
zmbY)PlnfpxUCn170*}5K3j070cVIq>k@&yoVh%;dMbG0Ow@w#9e1E)s<}bX@@cHF6
z2OhP^j<dfYq<fI&DXO>`lPKb3%^ab`cT9u+JA?%%%c3K8M*p}z2G_!OzxVqx7iuHz
zV>T|V)-?Pn$vMjq<ukaPq20n<HJI?=_$-t;<Uk84L~#N0`RQT<5$6S-ED_iQtzcgH
zn$d{$v3lTlq@chUSjYvZ7UKpn$H9~;z#bMg;}!kMS#IT2a)YdZrfRWiEviz^=S(B*
zjW1is$?w+Bm<&W*x2i+6a-d?&kw}xuL|-hBHR=cqW_<Y^a`5WU#B=}r?@J>U$95_%
zP|C01ofFP|iGNEn2Y{=b>9kNHOl{(gqTKk7LofcDz*v=hdNqS?I9!xO0a^?&z5DwR
zVq$i+F=EBkZ+$wb;`FW?42H7trgT#03P7FZ^$RWqN3zgbRrsQU?Te^XzR(kS4Igmi
z+CQtl%h<Cmhm9=|#9<vmwYDi2RLrg}C%05&98ydp%F}bVA#dq)W87xudZl|_`t9~Y
zV~w`Y=Cryy>jgD!gW^>h)8;jt^4p|W&U&<wBHvP_rRR+iG^<sMmcfc5{ZWY$8-b@z
zu8%V-oZTCKX4UUMz&$M+?|S`*pLQK`F8@M&b8RyarZITBkVsoaa<yof*ZKDwPE2Nf
z1#&1^J5WUhQpk}?@9`SUH=yYM%yyKf%KvLQPjqPjypj8e9%)>J^FNwu^AbXTSiVQc
zZPgV#>6&!_#{Xr4C&_vQ#`FuN4+~8Fu{_E<f0|u(K8B!4-<AeD#s|-dnifY2uZ|*l
z<yFkT{$>Rvi$0Q(ky*N{IC>EiG`-cK(<>2h@m8@wP0ZaT^WhMZJs`2k3`l(=UE1(n
z<E>dPI4lvq%wD#?R|g`||15PgWpSGF+`((xijgL?XExPlHRAQtB+I(#R{fDTEu$4X
znf6NOEnE2PU&V~qJ#w$}NSkmMIK;WOzepF<frqlq-8hi*3Kkle9bVh22wHa*p1cNH
z)Kgcd&wunAV)~<XmTz0niPfFaz<3Q`2+C7Dfjz`q<Q5@*g+AwUzLCJ<bG`2eB`z<(
z<3(N5E1esTAnZ_}gKbmsPCR4JL^*1;U=;V4el;Gpokwcg8mLoa5`p17TKd<f+NBd%
zAW8z%$whSxe1laUByQBXy<NR>UqpL;M(eC*fS1=Gw#+KE8WOgszFSX}4;t@P2owzP
z-86^Kn?H@Og6|ub!q-@@JBh38PC<52D}j|XCKYBD^MHK@qZQEm$~ePuI6e?{N69+v
zc8TagntZ{C<fxU~mi;AL$ZxM;a@LtfCK-srGRW+Z{C+s_(rY(?5tvySwCuH7db!*<
z44BGo>Z5c9Ha8b;bEcu35}=Bfb7c9@Erg!VxeN7CNxc@rG+m-ccE_#hI>deioBwIR
zzJ&(i$835}i>NGRo&Eo;C(rOUjLXW<cn|eIJGI{n{S|#wwJJ%nVmP^%&PoNzT)bw=
zNCqgYCMyU-mO;&HzQ`)h;29Qg!R+m?k|Ia!eoRKs{4v40DZg|Y2F$qAxZWI6Nh1L0
zCPD5E6V%6{MgZPFIrmI>4@Bg9pu)@H<>Fae8H-VfIZ*%?Kr6`@M0PPY-OIo;phKl`
zQ+S^mSB?E&#uEJ#GaCR8{^DWaBlpIR+O>e{og1;Fm8_wWRK@zj0{f=|)o$bYrF27p
zetoHsQ;IZo0w+n5w%Lo2igeuM)0rwhRj}1<g*{hStX9&>Rr>5PS|6V;sagxKgw(94
zXKa(ImZMXa3i7kvQq2L*&*nNy=uknuj^}KZn>8)$uz5*X@mA)j+FstVMYyMSE$7jq
zte$CZM+;{XGYSs#ND@Kx4&IV_mQQ<U3qB~sg)(Te+<r80zsS){oM@=uYP|YwX8q(u
z(dR>6ZD#5()TTDgi4Sc_>UVt^cEP3Nx1A12&WuiGvyd$75t42LTXwuo{c^l_K9@g7
z@aefo!6scM$;dc)y{4@yo90T%-MTW*ZCfkWNS%OOR$o_ReEl(NH_A8!I2<y))D0Kx
zDewV9Y2pEU+%xBIiq&?#evL~4$f~LVb$l_3_1uJ#z_IwUu=|e_w+dTH=TAgtRi0KL
zE+7vK;;kMw*)N9E=3SrB?k^@VPX4j{RO3E{d|>p56FQ$TV2{L<M23_w#klamW!-_7
zsAkUUQ6<A_w^>bemWo%AS`93d{At22)@-;z7gr%SbbwUv!oHzq&LpE#85A{Y<lQNG
zWkFI;O?>6+#@98*!6tT3)H(+vPSZ%H**O~v#=%`Hg~m%QyG6X?>4<I1&SWVsiCkuU
z%%}x&EmB(G!Ul<g_gfm4yuCRBJGt`k^KWSVb%x_LjP!v#)u=CkMW6y%NTYVM2h0T_
zfHqeIgtFL#1Adk_AG}6waMgVY2@!139l&64y<qASRoHeEQ!z`FGzzC7@;@bV+K#_-
zzHEO>wuejNUBhoSXB@zl0k3%hu7v;fo2F@jfm%kegJC4E1_Q;Ap;5kXwSa7c%QDdu
z19!)tZr=xn#)=EvEB~Fa+;*QNq;1{M`FY~%z~0N}!O!ck1G8E64K&g~vC#9<@uR-`
zstu638V*cbLgsd2CiD*UAk-yY#lMH&^iK6R=NhN};+&#|+%lFsGe9MQAh%x4(b~2^
zS1d2Nu>@1A;}()(D1>`K*2k#?8z~%apo0SphcqPLl_BZQf1Gn?4>Lv@M*uo5q{(#U
z*sr-hSK=0kqJZnogj#uV6xc<4ik1a<rp^o@(NYLzZo_w8C00ZQo>LBN9~nLqUT!eX
zo5AfXSRbcxY38zmN?dR{H5I;`8j%HdurXsnj?u>AQJOJh1DXEgWp&e^Ut)QnPWu<n
zW&`GA?NppGFl-fRA>E@^KA6DH7ee34<~51?@t5x&ic#BjV0XVD1lp|8p2Lx;noT#f
zSNt0JIF(ntMWR%Yck;3Q>9XqzRuj=x-==a@z0ACk&n$QEO*>=j@j^P-#Q9<6r$FUs
zE!x?sFpc5eKg9gbH&Y1cFX{`x`eB<<#<AOFl?3Zm_i6XqG>_H{`<)$JX~>V)Xm@od
zn!M2W>7k1momo3>9B2Uq`Pe{3g?rN-lxtaQ2DxgA>YVJ4tH74}LWEY$_lM3+9KR&g
z{lVx`zaO}RrW5%=v%qVme9G*hhIe*EmV!rpVjG-RRu@%FODX(h%uIO|{w95VvAI4{
zAGd(h(Mf8qMjc*XA09lO0Wc_lPWhH2Z&fB;wisvosv3uJ0Fk@w2?ZC)IFRRr?~ov^
zY#Mv_=K&q8DRI1kk2|>LxBv|gBRL$Ev~v3`MK^^PW#W2F7~J<O)FAJ$C!Cf$Pqca+
zw?HOmXeOl%7W#aGVuc13ZS)(v_IiVgYu619UDsZrPjRQ0DOF6vVq?u*9z~m{4-c8=
z*M2f|uN5EjWiF3v%_bG~+1-|0G}&3rTj;Glx9Amu5Ze2gSrz<c=k?g#<Sa0hx7FrS
zYv5c}oMb@n=Na|9Jf<a>UncS|-;T)AOru=mC9BE#^DCk&!7B0M1FnBvq9XrPsE?H7
z$Bcm&BEO!We5G?KvoqOy4Jfgd$YJX%Cd`~mG4Ur>M~Y|GWo)5?T9$nr!YZGtA?ynw
zApV+Y*1HZ*1|^_ewh+x`EoZMg2d`H){*1w&&G^LhrS4ZDXL6SO?r_cDlJRb|3%Os=
zEVuLoj}&jNT#V|MtDe#;HCz%GR`I)|9(HC!c0Jk%U#^Upuw_)UlMa#l+J_Oos-)j6
zy;zd})c%TWz0bK7UrVe@O(|~Wr@0@x*<Q`Yw-2#0c$n4VuTL`%^E|Bw6|^Tkv#i2`
zK_bO6pkwec7<*(#%u|<rcE!%%wl^{+#7EkHE1NumQLbtvbnj@z-dp5)WZ0*sR!<(~
zeO@6Q$^6~mQ>U48>6tQ-R29GLJ+R_C-fSPa0^jaV_-bL*@lthVJ62TgXf7e{H0`y^
zD1U+nFiJ*M@Rx~lPj<_W4;J=<QGDBHmDfSQ&C>Kc_>+7Fw{mPL_w{Ayj*0hBuf%es
z>+m1#9+7V7Z|s#wXWlZf+q)>@j~N50usj{o=T_k$^zhwrPIaeD6agn!jc=lgG&T)Y
zbmbJ3z_GJF8DDvd$19aG&_<1JYQXp@;nM@6-hFZ)mG9tvyP$X<(ECtd`?S2eLbgot
zMvo1%M*Or>khDi#$RB@QMxs0-7PT#jn6{<98y)XOtnhC46_LE&Q(lYeDeT^7&WxM?
z&W!WQ(cT<-_1xo~4+usM<%wz%aJhS&3qXanFF*Gev*qEVHvZA^Vc6bho|q~B5;a^M
zfN}SFi&+4;Z0*PdK(PbV&dqLfaRkb8?MH+?hl=PpPE;7N*)m?@4mUk`rw%JUs?_9B
zt!w+y&SO&=^s-zwI*v1A<bXptmM^nVPB}Jdd=xrxuW4s$(P|v>o+{!YWL~OR=y<3^
ztt!V(9l10TZaI%fTxalQ=tEwlm-se9MGq#O+#aV@!F;ES!^BH|29^?mkZpn5N$__=
zR6lkUvv<3+$7+P-N8BqO91q||^Jm&kSj^|0x#Wk_?}W9g3r<fA*@-y^-^ylIyAJ=E
z90-`rFrB!}O-;qCxFAB>lR{>2qvLq^qRQcKgrx@njy-kQ?V~h-&Z_&RPMJz~VC(}X
zoxlODezapi1e#LIo1IrzynaCOaoaV()Tzm9;MYPrS^e<FV5!5z^V5D3?kzMw%AX4F
z);WREpxw1U#DIZM_;71>&jbg$SdZ3OA(Qu<hdIAvtE?cJ^b+MbE&eh{g>A_)mS0*(
zCnAw!{@rR?7gwf~a_pDLu!qwHv!{&~nNITV+%k~oFft>=x_(t@yaR7`G1;tF3Cq6*
z;)uJi$hLT4AWxR)8XL!#fxh3Ka<ElvF<>vR9A86_j=#a_7^}<?$EE`FN>A(X?9Q9P
zVWo4{`iHfH0@<51qZRr7rlIe<?lOLH1q}g&YD@6`zl9lDVbmXZjTiCoQ5L^H>ysYw
zd*nmXCVs*>^{C6Xaf7_u14rYiW7N87d)zb;icMdyE%TU=o!FFablZ|&zvy=K&8AXg
zd@pW&kAtEXL>*(M>B_%mZ#tD#{jKr-yzJ>DH9(LC6E#{g8TSc~SYx|*-MW@_+99!0
z_8C>WYz0fY+G;6as{3jaog0gyBw~Zw3p8mAii^Mz(YbGW&lroCKUBcoVcWVSUXT!S
zvB8r+rh%lNr}|DrCAx|ATtNj}Zj~mQ;;_A*Gpk|P+0-8Gx?6&^_*}KN*#xg#+-h`o
zcnBrvPT#%@sgniN`UZ2oy6McG*^XV7xmpSF=~eW@AEBt>vBnk7SzBP&haQQ4oYT#0
z7Lt33hLDd45cFjfZNXe15-A+_(i%bO5g&d#%qKsY@xEEsgh&Yg+epz4t4j@RO!HCp
z&{#FQ6EGPkH=QLBd@JFTtc+aHryQ4VNdaTnP$J1IJ}6_3sa{fZK<@sNFdD6a*jn>%
zvDyh<xidOeZ;v0LA8>_qbbh=<5K((R`3eY?WJy>rta=XR7Zuzoaz|Oam^~zyN>?5r
zl|L;;g#lmKs0yuC51PYxeis?!#-9;}t^B?!cp7z$O^+Pfg#8q5%uD;J(DtSjgDEl&
zG&oFY<g{oc4_F{AsxbZSfv!Ro%b!)_W1zx~>}Jc<QY9Dcq*?OT-qO6J#qP#W{;E4A
zHLo{>2%ykYo7V>A1sNp3eDF&tsva<QP=mJ)?7&+C*M$-`*$G$t$eA8Nu{5j|0t??Q
zLssJhdyPxnzItH{Q<w>6-rods@Oi&ilBtEK;IHWFHOH9HUSWw>Jev>S?1iA6s*3I+
z!CRk4$NC<@=kucqd4$lTv?I)_&Im>Yl1`g5Zf+AbI`QLqM4r~mPfaX~5<G;LldnFV
zR^EOS1vb#MU`DYKuXFDX&iT>PeVx~Al3hm)rB|Ara=6=q^$K?<U*ej*8R4{@HFgrl
z&(;A^x$4d3IFvo@`-MixOm*5W@V9XQO!`EVv(g18Bndam?qosl_k-W-(YPEpSTE6S
zB=F4($!LwE4ml0sb<`AnRm*&W9TSvc^IW-i;FMdrYmIEp`P!OWj&~oy8)=i<$T4nG
zk>_nYjkmO#W(Z9}$V3hd-$_u5znC~1Ks<coE29!i35q=jpigJlisE<m2M5;?$wbbk
z6+^!b=V{knS|4(PhNRyyPCroC+ziG}-(q&d2;rLmCw*qBo`Cp7C|lw768yz^)F<BX
zOo$zDpGV<Q#P$|am43OX<{;=nvlq<<zhmPkhPs7v?B%g}+qBlOI`{O{-uqdm$j)8r
znm@`a?m>-N4O647pE@V0p=?pA=Kh0lYUj*#K~@#}zxql$xFjxfO_}O1l7L-P%_H!t
z8?N@-?}?dZV?@K=;q-2#^vcZ}2*xe~EWvhp_Mt?s;nDH!nvMh2mQhxqc;>**X#_@#
zN_~ij)a@d_n;~-*_C-f!G@=?jm!|k$<8}lX{nM~NLF7$Cwy&J8Y3LdnWsfsB@R#i#
zFWbBrl|bTZnivCpA6{W2yc(7KhEsS};jBgp4jS$)uQ?y-?E1y*_%rf7j}|ghovW<2
zzxE#qNTQNScBSPv$&Xb_HXH+pr09z9TG6lBr*#64TGF^%ziDjhSb#4vgt}6k=Wg?O
zQG@7_f?Xm5LBj@R6V{Ri2^+yjJk(VBO8?M*RYnOI;E-2ehW154^vh2Q%fB(U#m<5?
z0mmG!iNfB(3B2Wx1MZZ*-O@!<wB%t4<Y|<Zo!om9PTS-r;yY;)F-G1DlpRxQcYNV;
zmJddG)Rwklj!VqmyfmIA!_-s6bPJ|jRgoLv%Jb^<{6~S|weaQV&L~)(&W6|!rW6{C
z6i8_>_USyn)s7j4-S@#qMBZ;;>F&U<_MuI@JUHsRDf#ca80&0Q|KzLrx>22IW;3R-
zI8_b4Tj5dV4BkNU1DY(mpfSeNY5JA|B;}!s#iPM%INy_Tf?cnHANoZPODR8X(zc|W
z*=_d9@Gq!X04&RG>UUlLs-2aU2f03ON8qw*12D!b_zR7OZhke2nBA|P%&1n`?6`1u
z@0~@qGoX77G}H;YwMZfIqCC1?`Z9ig%kx`egBy9jKm(duh4;q6#@EoSEk`d)3?DhW
zhytj){RlPEtH1u?OOu-oGd4x5#Eo!g>}4)0<f2!Mm9&L)Y~Rk}k8djLhSr&RG?JAL
znaWVEjeg`OC|ykOf+AUMJ!D<aU+|2Iq=`FF_Dz&%o71K0FID@GudOJ<N*b<kC{I+a
zF1OhEgI1B`0cS?+Qu$&N-cNm(CD#UXm_x27WR}#fuWEY>>XnXGymhhhDwX#yQ&6=h
z+aEGlmVDTW7pz@LpqZ({ey%98X(f+al*sxfaV+?qGZLHs(XVd_v97MM!|#mgK{nS}
zOcsB<o$_%1sK__K_eQuXe#)e#1iWh(L}02k(pJDB<8%U;bBwn+c!W+=JS4X;24(%|
z{-}QV#@&_|*)2f>4I#EJ;Z}u+1j_dD=_U^J;6uq%Dr2R9)yo6mBePklcfOp3u}hf$
zb*fF9|90i91CJu`^^9;q9d&^~QjPgi+3Qj^%S)#<oxM$roA(ZMbZyUrG0AAJxY>2u
z^!oU>RNLa4NQF%Va=rP`UHRmZJfw@#GeJQ-4tC=*-~92s(pXok{)&XQ@BP18s6=C>
zaun4vdAHnuzgLs;fbCWfVmtDvM^vbbtz8R2B@-c2aXWQt@s}_5_sQc7+(V*i?G+wo
zsJ(c}FlBl&c)Eaa%tYd#KNil;N5I4Skhop&CSUqL_Pl;E#yH8wnvMr09>}9ZQL5zK
zLmvd;wi0#vg!ASn_`M8sCP$y)>@mp)S4X;)9x0WLT7F-iI0eD%xY_$)vuJLNR`^~-
zFS%_?$?7uP{`~$j@?o0ixk+EpEw;^fymN6H;HWc9#w4?b-pc6akA}tm7m&nFj$@7!
zT+M(9zb!U|0fCt{Y9^Wg8=eSKaS@5Lx@kZ8bKd@wbA!1G1{5vHsuM3P<SjT_X65XG
zIK(NU6K2*mh8E6y1cad|u^!dghxOT2>-$;jfx1FEp&?A^Fm|U8yPSvq!9NPwVTBjw
zLzW%_Dp8z*Lk7BsyXzR>^3OLc)HLJZ+f`*ksCHL6{aG}{u5sZ-)^dUWm<MU~s%<~B
zxR&F0oe*0=;_OgG<lKP{3s2vbjlPtfVUU=u@B0!5H~Q@Xy`S5ff8aD#Oy#QF7T(99
z<@X!6Y~SWxXYb0W`vvyN-|WrStKBNWHQ%rwWwDKZKY}`V1a!#P&9mKFHbNm};#RFy
z-ca3*Y&X)D8LdY;s9{s8fYN~kb-|@oqLP*`m`UdEJi3+bA{N{8)v_#~{(hTY8H+!~
zj6;vK1Lv7|O$>MaW;foeFOylg$Juj228UJwU+|t{IXyhbDy<hz%m(kDH`lM@Z^lZ;
zuLq!2Np;MYzxc2hQ$Y^zVh#?eY2&>6-L_Qp&_2TysIMgunsG=OP+fnz=P>&jQvRz4
zP{y{(<Go=L_|$x^Bei+^n^@U-C{sM;%nfHnbP6f5<%qjsv%BFVv9@H+@6K?LH9Y9^
zHZJ}UOg%DS=+z~u-mzW8xzZqJjKy3eFWX`RwV3&dOiN?gH#}@4Mh3lBu|NnZPS3)V
zsihNELyQ*!uP9?p<gv;r%SiW%R1kxY`VO$igB!8<E{y9295;qv^8m-U389f38gvNY
zJ7RCrXvdCHEP_DZN@PFCO;j$GZ*pa^X7tC`)iK%(#8UsOxyI!wY$b#kJ_v{t4P+m<
znyC{tE^;rW*IICM<CnKEo*7Rk((y+Nk*HZ+(5eNd5(B4JU7w4hpSjeY=hcxXyd!n^
zx3&F1k~cVd$u#>Q$pN3OeA!nkFhg!mq`YC}#^DxIqv?{R!0m;WlLemGhMjWXlojgu
zK0Em_giSDYGWuHAA89BTbE%Gv-{2_*5~`wZrZEb$YSAMkvQD?r7lSOR`ItVOVNeQ`
z^<!PRK;*8auU$*4Z}@DDYch;G+}_bH-iFc9OJc>-H5;i3IM<Mn7p6HzNOuD@dab>+
zxuD-A^s>>(T|h>~V$%YrtKVQ|3v$#&Ov%uA41Cmu!Npb8Ng6T>R^h(|EAs{N5(aN2
z<WZZg7Ct6^QjHVNH(ibs{o5H8<Yqr^A?Nd^yFJy-ZOq&@0k16_iTo2N=H9R@F_pi7
z*-Vo1YOsgbOG<7cXsb;jejb<<6_)fXG6YR>p<x}a*3J6`uHb;$t8wJ!=eVP8)e<Ob
za~twh&nXiwZi9mI-g1A;UEjO+M>YPWQ1@LrU5A{<IJo>a@cpobSU{)WNVJ&LR<TF-
zaa*sWeZb+`ke7^C*T0GEzn#*j#8odQs<^lN&spQ8Q#K_V<M)5(7!a*)jrjWV{=>-~
zb#?1n$Q1olq;xbB0Tnl5?csG|g1dh~$T#rGpqsxHV{HPWnkvU$ZPW?UoC8lJwRy?d
zbTRi-`+xZ3Pq*!o7*D~*<)N2V$GejCb~}zv)u{jSg5I#{{x77G|LKb7C5YKu`{z0z
z%tdgh@|``W8Y>5mymF8evoO}r(Em>-z3E~r+XNu)1!|9_?Jw}iu>{1vHk$=Yw26M*
z8e86l3aI)EOxesS#;x5`2{>Y+(!`M*>nUc+IYX?du1<QuDK8@@C-E18EwP`JSK<)0
zX5NTCDEKk6H)UjXoBzCWyrQBalLzw%KW=&)8@5A8pD6`14bTh=ZwJoZ*8ay_aQGQ|
zbA^d+7o3_m-bn(ITT6nWSYZwhF(GX_h!Zi>_!r=fASTALo?|sviOTy-^pH(q-pSlw
z>;G%QqT`v(ecUoX!Y^)Z6juG<*O#nhg2<<s74H9n=qAK)6ZQXp^Q0XWaU36hG9dt@
SaPJuNr>AA4S^nTf=>GsQ!~AUk

diff --git a/windows/configuration/supported-csp-start-menu-layout-windows.md b/windows/configuration/supported-csp-start-menu-layout-windows.md
index 6a290c38c7..d241981f97 100644
--- a/windows/configuration/supported-csp-start-menu-layout-windows.md
+++ b/windows/configuration/supported-csp-start-menu-layout-windows.md
@@ -20,7 +20,7 @@ ms.localizationpriority: medium
 
 - Windows 11
 
-The Windows OS exposes CSPs that are used by MDM providers, like Microsoft Endpoint Manager. In an MDM policy, these CSPs are settings that you configure in a policy. When the policy is ready, you deploy the policy to your devices.
+The Windows OS exposes CSPs that are used by MDM providers, like [Microsoft Endpoint Manager](/mem/endpoint-manager-overview). In an MDM policy, these CSPs are settings that you configure in a policy. When the policy is ready, you deploy the policy to your devices.
 
 This article lists the CSPs that are available to customize the Start menu layout for Windows 11 and later devices. Windows 11 uses the [Policy CSP - Start](../client-management/mdm/policy-csp-start.md).
 
diff --git a/windows/configuration/use-json-customize-start-menu-windows.md b/windows/configuration/use-json-customize-start-menu-windows.md
index ff779e6965..a39aa6a2cc 100644
--- a/windows/configuration/use-json-customize-start-menu-windows.md
+++ b/windows/configuration/use-json-customize-start-menu-windows.md
@@ -26,7 +26,7 @@ ms.localizationpriority: medium
 
 Your organization can deploy a customized Start layout to your Windows 11 devices. Customizing the Start layout is common when you have similar devices used by many users, and on devices that are locked down.
 
-For example, you can create a pinned list that includes a common set of apps, or remove the default pinned apps. As an administrator, you can use this feature to pin Win32 apps, remove default pinned apps, order the app list, and more. 
+For example, you can create a pinned list that includes a common set of apps. As an administrator, you can use this feature to pin Win32 apps, remove default pinned apps, order the app list, and more. 
 
 This article shows you how to export an existing Start menu layout, and use the syntax in a Microsoft Intune MDM policy.
 
@@ -52,19 +52,19 @@ Starting with Windows 11, the Start menu is updated. The apps are shown as a fla
 
 The layout has the following areas:
 
-- **Pinned**: This area shows some of the apps that are installed on the devices. You can customize this section using the **ConfigureStartPins** policy, and create a pinned list of apps you want on the devices. You can also remove apps that are pinned by default.
+- **Pinned**: This area shows some of the apps that are installed on the device. You can customize this section using the **ConfigureStartPins** policy, and create a pinned list of apps you want on the devices. You can also remove apps that are pinned by default.
 
   This article shows you how to use the **ConfigureStartPins** policy.
 
 - **All apps**: Users can select this option to see a list of all the apps on the device. This section can't be customized.
-- **Recommended**: This area shows recent files that have been opened. You can't hide this section, but you can prevent files from showing. The [Start/HideRecentJumplists CSP](../windows/client-management/mdm/policy-csp-start.md#start-hiderecentjumplists) controls this setting, and can be set using an MDM provider, like Microsoft Intune.
+- **Recommended**: This area shows recent files that have been opened. You can't hide this section, but you can prevent files from showing. The [Start/HideRecentJumplists CSP](../client-management/mdm/policy-csp-start.md#start-hiderecentjumplists) controls this setting, and can be set using an MDM provider, like Microsoft Intune.
 
-  For more information on the Start menu settings you can configure in a Microsoft Intune policy, see [Windows 10 (and newer) device settings to allow or restrict features using Intune](/mem/intune/configuration/device-restrictions-windows-10#start).
+  For more information on the Start menu settings you can configure in a Microsoft Intune policy, see [Windows 10 (and later) device settings to allow or restrict features using Intune](/mem/intune/configuration/device-restrictions-windows-10#start).
 
 ### What you need to know
 
 - When you customize the Start layout, you overwrite the entire full layout. Users can't pin, unpin, or uninstall apps from Start. Users can see and open all apps in the **All Apps** view, but they can't pin any apps to Start. A partial Start layout isn't available.
-- On Windows 11 and newer devices, you must create a new JSON file. You can't use a file from a previous OS, such as Windows 10.
+- On Windows 11 and later devices, you must create a new JSON file. You can't use a file from a previous OS, such as Windows 10.
 
 ## Create the JSON file
 

From 5fd6e5c58e492303bb084fa104b9b26cb4d7f0e0 Mon Sep 17 00:00:00 2001
From: Asha Iyengar <v-aiyengar@microsoft.com>
Date: Fri, 3 Sep 2021 14:27:13 +0530
Subject: [PATCH 082/671] Updated-Files1to20

---
 .../auditing/advanced-security-audit-policy-settings.md        | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md
index b1b0dbf35b..85e0d38f53 100644
--- a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md
+++ b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md
@@ -21,7 +21,8 @@ ms.technology: mde
 # Advanced security audit policy settings
 
 **Applies to**
--   Windows 10
+- Windows 10
+- Windows 11
 
 This reference for IT professionals provides information about the advanced audit policy settings that are available in Windows and the audit events that they generate.
 

From 035ff0a4b331e2c1877428ed4d2596704b6387ee Mon Sep 17 00:00:00 2001
From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com>
Date: Fri, 3 Sep 2021 15:44:49 +0530
Subject: [PATCH 083/671] removed word

as per user feedback #9934 , so i removed the word **Infrastructure**
---
 windows/security/threat-protection/auditing/event-4768.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/auditing/event-4768.md b/windows/security/threat-protection/auditing/event-4768.md
index fb7930f6d2..e73c3e0daa 100644
--- a/windows/security/threat-protection/auditing/event-4768.md
+++ b/windows/security/threat-protection/auditing/event-4768.md
@@ -322,7 +322,7 @@ For 4768(S, F): A Kerberos authentication ticket (TGT) was requested.
 
 | **Field**                   | **Issue to discover**                                                                                                                                                                                                                                                                                                                                   |
 |-----------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| **Certificate Issuer Name** | Certification authority name is not from your PKI infrastructure.                                                                                                                                                                                                                                                                                       |
+| **Certificate Issuer Name** | Certification authority name is not from your PKI.                                                                                                                                                                                                                                                                                       |
 | **Certificate Issuer Name** | Certification authority name is not authorized to issue smart card authentication certificates.                                                                                                                                                                                                                                                         |
 | **Pre-Authentication Type** | Value is **0**, which means that pre-authentication was not used. All accounts should use Pre-Authentication, except accounts configured with “Do not require Kerberos preauthentication,” which is a security risk. For more information, see [Table 5. Kerberos Pre-Authentication types](#kerberos-preauthentication-types).                         |
 | **Pre-Authentication Type** | Value is **not 15** when account must use a smart card for authentication. For more information, see [Table 5. Kerberos Pre-Authentication types](#kerberos-preauthentication-types).                                                                                                                                                                   |

From e8c02c2bf71fa560ab840f8a6859607e8a8d09d0 Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Fri, 3 Sep 2021 09:11:30 -0700
Subject: [PATCH 084/671] update instructions

---
 windows/whats-new/windows-11-prepare.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/whats-new/windows-11-prepare.md b/windows/whats-new/windows-11-prepare.md
index f2dedd5144..677e65d57f 100644
--- a/windows/whats-new/windows-11-prepare.md
+++ b/windows/whats-new/windows-11-prepare.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 author: greg-lindsay
 ms.author: greglin
-ms.date: 06/24/2021
+ms.date: 09/03/2021
 ms.reviewer: 
 manager: laurawi
 ms.localizationpriority: high
@@ -45,7 +45,7 @@ The tools that you use for core workloads during Windows 10 deployments can stil
 
 #### Cloud-based solutions
 
-- If you use Windows Update for Business Group Policy or Configuration Service Provider (CSP) policies, you will need to use the **Target Version** capability rather than feature update deferrals to upgrade from Windows 10 to Windows 11. Feature update deferrals are great to move to newer versions of your current product (for example, Windows 10, version 20H2 to 21H1), but do not enable you to move between products (Windows 10 to Windows 11). 
+-	If you use Windows Update for Business policies, you will need to use the **Target Version** capability rather than feature update deferrals to upgrade from Windows 10 to Windows 11. Feature update deferrals are great to move to newer versions of your current product (for example, Windows 10, version 20H2 to 21H1), but do not enable you to move between products (Windows 10 to Windows 11). In Group Policy, the **Select target Feature Update version** has two entry fields after taking the September 1st optional update or later ([KB5005101](https://support.microsoft.com/topic/september-1-2021-kb5005101-os-builds-19041-1202-19042-1202-and-19043-1202-preview-82a50f27-a56f-4212-96ce-1554e8058dc1)): **product version** and **target version**. The product field must specify Windows 11 in order for devices to upgrade to Windows 11. If only target version is configured the device will be offered matching versions of the same product. For example, if a device is running Windows 10, version 2004 and only the target version is configured to 21H1, this device will be offered version 21H1, even if multiple products have that same version.
 - Quality update deferrals will continue to work the same across both Windows 10 and Windows 11. This is true regardless of which management tool you use to configure Windows Update for Business policies.
 - If you use Microsoft Intune and have a Microsoft 365 E3 license, you will be able to use feature update deployments to easily update devices from one release of Windows 10 to another, or to upgrade Windows 10 devices to Windows 11. You can also continue using the same update experience controls to manage Windows 10 and Windows 11. 
 

From ca479ecb16a7ee5efa4ece4dccc06dca951c51fa Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Fri, 3 Sep 2021 09:18:23 -0700
Subject: [PATCH 085/671] tweaks

---
 windows/whats-new/windows-11-prepare.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/whats-new/windows-11-prepare.md b/windows/whats-new/windows-11-prepare.md
index 677e65d57f..1e02cc6857 100644
--- a/windows/whats-new/windows-11-prepare.md
+++ b/windows/whats-new/windows-11-prepare.md
@@ -45,7 +45,7 @@ The tools that you use for core workloads during Windows 10 deployments can stil
 
 #### Cloud-based solutions
 
--	If you use Windows Update for Business policies, you will need to use the **Target Version** capability rather than feature update deferrals to upgrade from Windows 10 to Windows 11. Feature update deferrals are great to move to newer versions of your current product (for example, Windows 10, version 20H2 to 21H1), but do not enable you to move between products (Windows 10 to Windows 11). In Group Policy, the **Select target Feature Update version** has two entry fields after taking the September 1st optional update or later ([KB5005101](https://support.microsoft.com/topic/september-1-2021-kb5005101-os-builds-19041-1202-19042-1202-and-19043-1202-preview-82a50f27-a56f-4212-96ce-1554e8058dc1)): **product version** and **target version**. The product field must specify Windows 11 in order for devices to upgrade to Windows 11. If only target version is configured the device will be offered matching versions of the same product. For example, if a device is running Windows 10, version 2004 and only the target version is configured to 21H1, this device will be offered version 21H1, even if multiple products have that same version.
+-	If you use Windows Update for Business policies, you will need to use the **Target Version** capability rather than feature update deferrals to upgrade from Windows 10 to Windows 11. Feature update deferrals are great to move to newer versions of your current product (for example, Windows 10, version 20H2 to 21H1), but do not enable you to move between products (Windows 10 to Windows 11). In Group Policy, the **Select target Feature Update version** has two entry fields after taking the 9/1/2021 optional update ([KB5005101](https://support.microsoft.com/topic/september-1-2021-kb5005101-os-builds-19041-1202-19042-1202-and-19043-1202-preview-82a50f27-a56f-4212-96ce-1554e8058dc1)) or a later update: **product version** and **target version**. The product field must specify Windows 11 in order for devices to upgrade to Windows 11. If only target version is configured, the device will be offered matching versions of the same product. For example, if a device is running Windows 10, version 2004 and only the target version is configured to 21H1, this device will be offered version 21H1, even if multiple products have that same version.
 - Quality update deferrals will continue to work the same across both Windows 10 and Windows 11. This is true regardless of which management tool you use to configure Windows Update for Business policies.
 - If you use Microsoft Intune and have a Microsoft 365 E3 license, you will be able to use feature update deployments to easily update devices from one release of Windows 10 to another, or to upgrade Windows 10 devices to Windows 11. You can also continue using the same update experience controls to manage Windows 10 and Windows 11. 
 
@@ -56,7 +56,7 @@ If you aren’t already taking advantage of cloud-based management capabilities,
 The following are some common use cases and the corresponding Microsoft Endpoint Manager capabilities that support them: 
 
 - **Provision and pre-configure new Windows 11 devices**: [Windows Autopilot](/mem/autopilot/windows-autopilot) enables you to deploy new Windows 11 devices in a “business-ready” state that includes your desired applications, settings, and policies. It can also be used to change the edition of Windows. For example, you can upgrade from Pro to Enterprise edition and gain the use of advanced features. The [Windows Autopilot diagnostics page](/mem/autopilot/windows-autopilot-whats-new#preview-windows-autopilot-diagnostics-page) is new feature that is available when you use in Windows Autopilot to deploy Windows 11.
-- **Configure rules and control settings for users, apps, and devices**: When you enroll devices in [Microsoft Intune](/mem/intune/fundamentals/what-is-intune), administrators have full control over apps, settings, features, and security for both Windows 11 and Windows 10. You can also use app protection policies to require multi-factor authentication (MFA) for specific apps. 
+- **Configure rules and control settings for users, apps, and devices**: When you enroll devices in [Microsoft Intune](/mem/intune/fundamentals/what-is-intune), administrators have full control over apps, settings, features, and security for both Windows 11 and Windows 10. You can also use app protection policies to require multifactor authentication (MFA) for specific apps. 
 - **Streamline device management for frontline, remote, and onsite workers**: Introduced with Windows 10, [cloud configuration](/mem/intune/fundamentals/cloud-configuration) is a standard, easy-to-manage, device configuration that is cloud-optimized for users with specific workflow needs. It can be deployed to devices running the Pro, Enterprise, and Education editions of Windows 11 by using Microsoft Endpoint Manager. 
 
 If you are exclusively using an on-premises device management solution (for example, Configuration Manager), you can still use the [cloud management gateway](/mem/configmgr/core/clients/manage/cmg/overview), enable [tenant attach](/mem/configmgr/tenant-attach/device-sync-actions), or enable [co-management](/mem/configmgr/comanage/overview) with Microsoft Intune. These solutions can make it easier to keep devices secure and up-to-date. 

From c745c9b36fba66ff65121e3c1bd4036e8d2d9f71 Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Fri, 3 Sep 2021 09:22:33 -0700
Subject: [PATCH 086/671] tweaks

---
 windows/whats-new/windows-11-prepare.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/whats-new/windows-11-prepare.md b/windows/whats-new/windows-11-prepare.md
index 1e02cc6857..48240c5e85 100644
--- a/windows/whats-new/windows-11-prepare.md
+++ b/windows/whats-new/windows-11-prepare.md
@@ -45,7 +45,7 @@ The tools that you use for core workloads during Windows 10 deployments can stil
 
 #### Cloud-based solutions
 
--	If you use Windows Update for Business policies, you will need to use the **Target Version** capability rather than feature update deferrals to upgrade from Windows 10 to Windows 11. Feature update deferrals are great to move to newer versions of your current product (for example, Windows 10, version 20H2 to 21H1), but do not enable you to move between products (Windows 10 to Windows 11). In Group Policy, the **Select target Feature Update version** has two entry fields after taking the 9/1/2021 optional update ([KB5005101](https://support.microsoft.com/topic/september-1-2021-kb5005101-os-builds-19041-1202-19042-1202-and-19043-1202-preview-82a50f27-a56f-4212-96ce-1554e8058dc1)) or a later update: **product version** and **target version**. The product field must specify Windows 11 in order for devices to upgrade to Windows 11. If only target version is configured, the device will be offered matching versions of the same product. For example, if a device is running Windows 10, version 2004 and only the target version is configured to 21H1, this device will be offered version 21H1, even if multiple products have that same version.
+-	If you use Windows Update for Business policies, you will need to use the **Target Version** capability rather than feature update deferrals to upgrade from Windows 10 to Windows 11. Feature update deferrals are great to move to newer versions of your current product (for example, Windows 10, version 20H2 to 21H1), but do not enable you to move between products (Windows 10 to Windows 11). In Group Policy, the **Select target Feature Update version** has two entry fields after taking the 9/1/2021 optional update ([KB5005101](https://support.microsoft.com/topic/september-1-2021-kb5005101-os-builds-19041-1202-19042-1202-and-19043-1202-preview-82a50f27-a56f-4212-96ce-1554e8058dc1)) or a later update: **Product Version** and **Target Version**. The product field must specify Windows 11 in order for devices to upgrade to Windows 11. If only target version is configured, the device will be offered matching versions of the same product. For example, if a device is running Windows 10, version 2004 and only the target version is configured to 21H1, this device will be offered version 21H1, even if multiple products have that same version.
 - Quality update deferrals will continue to work the same across both Windows 10 and Windows 11. This is true regardless of which management tool you use to configure Windows Update for Business policies.
 - If you use Microsoft Intune and have a Microsoft 365 E3 license, you will be able to use feature update deployments to easily update devices from one release of Windows 10 to another, or to upgrade Windows 10 devices to Windows 11. You can also continue using the same update experience controls to manage Windows 10 and Windows 11. 
 

From 5d93c27bc8d4247869053429c0888b44044d571a Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Fri, 3 Sep 2021 09:25:54 -0700
Subject: [PATCH 087/671] more tweaks

---
 windows/whats-new/windows-11-prepare.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/whats-new/windows-11-prepare.md b/windows/whats-new/windows-11-prepare.md
index 48240c5e85..09f40237a9 100644
--- a/windows/whats-new/windows-11-prepare.md
+++ b/windows/whats-new/windows-11-prepare.md
@@ -45,7 +45,7 @@ The tools that you use for core workloads during Windows 10 deployments can stil
 
 #### Cloud-based solutions
 
--	If you use Windows Update for Business policies, you will need to use the **Target Version** capability rather than feature update deferrals to upgrade from Windows 10 to Windows 11. Feature update deferrals are great to move to newer versions of your current product (for example, Windows 10, version 20H2 to 21H1), but do not enable you to move between products (Windows 10 to Windows 11). In Group Policy, the **Select target Feature Update version** has two entry fields after taking the 9/1/2021 optional update ([KB5005101](https://support.microsoft.com/topic/september-1-2021-kb5005101-os-builds-19041-1202-19042-1202-and-19043-1202-preview-82a50f27-a56f-4212-96ce-1554e8058dc1)) or a later update: **Product Version** and **Target Version**. The product field must specify Windows 11 in order for devices to upgrade to Windows 11. If only target version is configured, the device will be offered matching versions of the same product. For example, if a device is running Windows 10, version 2004 and only the target version is configured to 21H1, this device will be offered version 21H1, even if multiple products have that same version.
+-	If you use Windows Update for Business policies, you will need to use the **Target Version** capability rather than feature update deferrals to upgrade from Windows 10 to Windows 11. Feature update deferrals are great to move to newer versions of your current product (for example, Windows 10, version 20H2 to 21H1), but do not enable you to move between products (Windows 10 to Windows 11). In Group Policy, the **Select target Feature Update version** has two entry fields after taking the 9/1/2021 optional update ([KB5005101](https://support.microsoft.com/topic/september-1-2021-kb5005101-os-builds-19041-1202-19042-1202-and-19043-1202-preview-82a50f27-a56f-4212-96ce-1554e8058dc1)) or a later update: **Product Version** and **Target Version**. The product field must specify Windows 11 in order for devices to upgrade to Windows 11. If only the target version field is configured, the device will be offered matching versions of the same product. For example, if a device is running <i>Windows 10, version 2004</i> and only the target version is configured to 21H1, this device will be offered version <i>Windows 10, version 21H1</i>, even if multiple products have a 21H1 version.
 - Quality update deferrals will continue to work the same across both Windows 10 and Windows 11. This is true regardless of which management tool you use to configure Windows Update for Business policies.
 - If you use Microsoft Intune and have a Microsoft 365 E3 license, you will be able to use feature update deployments to easily update devices from one release of Windows 10 to another, or to upgrade Windows 10 devices to Windows 11. You can also continue using the same update experience controls to manage Windows 10 and Windows 11. 
 

From f8afbc2df3012830227ab2421d91cec18aac6477 Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Fri, 3 Sep 2021 09:32:45 -0700
Subject: [PATCH 088/671] more tweaks

---
 windows/whats-new/windows-11-prepare.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/windows/whats-new/windows-11-prepare.md b/windows/whats-new/windows-11-prepare.md
index 09f40237a9..b301ed3de2 100644
--- a/windows/whats-new/windows-11-prepare.md
+++ b/windows/whats-new/windows-11-prepare.md
@@ -45,7 +45,10 @@ The tools that you use for core workloads during Windows 10 deployments can stil
 
 #### Cloud-based solutions
 
--	If you use Windows Update for Business policies, you will need to use the **Target Version** capability rather than feature update deferrals to upgrade from Windows 10 to Windows 11. Feature update deferrals are great to move to newer versions of your current product (for example, Windows 10, version 20H2 to 21H1), but do not enable you to move between products (Windows 10 to Windows 11). In Group Policy, the **Select target Feature Update version** has two entry fields after taking the 9/1/2021 optional update ([KB5005101](https://support.microsoft.com/topic/september-1-2021-kb5005101-os-builds-19041-1202-19042-1202-and-19043-1202-preview-82a50f27-a56f-4212-96ce-1554e8058dc1)) or a later update: **Product Version** and **Target Version**. The product field must specify Windows 11 in order for devices to upgrade to Windows 11. If only the target version field is configured, the device will be offered matching versions of the same product. For example, if a device is running <i>Windows 10, version 2004</i> and only the target version is configured to 21H1, this device will be offered version <i>Windows 10, version 21H1</i>, even if multiple products have a 21H1 version.
+-	If you use Windows Update for Business policies, you will need to use the **Target Version** capability rather than feature update deferrals to upgrade from Windows 10 to Windows 11. Feature update deferrals are great to move to newer versions of your current product (for example, Windows 10, version 20H2 to 21H1, but do not enable you to move between products (Windows 10 to Windows 11). 
+    - In Group Policy, **Select target Feature Update version** has two entry fields after taking the 9/1/2021 optional update ([KB5005101](https://support.microsoft.com/topic/september-1-2021-kb5005101-os-builds-19041-1202-19042-1202-and-19043-1202-preview-82a50f27-a56f-4212-96ce-1554e8058dc1)) or a later update: **Product Version** and **Target Version**. 
+    - The product field must specify Windows 11 in order for devices to upgrade to Windows 11. If only the target version field is configured, the device will be offered matching versions of the same product. 
+    - For example, if a device is running <i>Windows 10, version 2004</i> and only the target version is configured to 21H1, this device will be offered version <i>Windows 10, version 21H1</i>, even if multiple products have a 21H1 version.
 - Quality update deferrals will continue to work the same across both Windows 10 and Windows 11. This is true regardless of which management tool you use to configure Windows Update for Business policies.
 - If you use Microsoft Intune and have a Microsoft 365 E3 license, you will be able to use feature update deployments to easily update devices from one release of Windows 10 to another, or to upgrade Windows 10 devices to Windows 11. You can also continue using the same update experience controls to manage Windows 10 and Windows 11. 
 

From 99738c3f09bd6e166b4dbfbaf3283e37fec73201 Mon Sep 17 00:00:00 2001
From: jaimeo <jaimeo@microsoft.com>
Date: Fri, 3 Sep 2021 09:50:39 -0700
Subject: [PATCH 089/671] fixing typo

---
 .../deployment/update/update-compliance-configuration-manual.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/update-compliance-configuration-manual.md b/windows/deployment/update/update-compliance-configuration-manual.md
index dcb6a6b2fe..339e8ed571 100644
--- a/windows/deployment/update/update-compliance-configuration-manual.md
+++ b/windows/deployment/update/update-compliance-configuration-manual.md
@@ -67,7 +67,7 @@ To enable data sharing between devices, your network, and Microsoft's Diagnostic
 
 | **Endpoint**  | **Function**  |
 |---------------------------------------------------------|-----------|
-| `https://v10c.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1803 and later. Census.exe must run on a regular cadence and contact this endpoint in order to receive the majority of [WaaSUpdateStatus](update-compliance-schema-waasupdatestatus.md) information for Update Compliance. |
+| `https://v10c.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1803 and later. DeviceCensus.exe must run on a regular cadence and contact this endpoint in order to receive the majority of [WaaSUpdateStatus](update-compliance-schema-waasupdatestatus.md) information for Update Compliance. |
 | `https://v10.vortex-win.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1709 or earlier. |
 | `https://settings-win.data.microsoft.com` | Required for Windows Update functionality. |
 | `http://adl.windows.com` | Required for Windows Update functionality. |

From 049062c09173d7050ceeed3c663f386f6805157f Mon Sep 17 00:00:00 2001
From: gkomatsu <gkomatsu@microsoft.com>
Date: Fri, 3 Sep 2021 11:04:41 -0700
Subject: [PATCH 090/671] Removing Windows Mobile and adding Windows 11

---
 .../provisioning-packages.md                  | 86 +++++++++++--------
 1 file changed, 49 insertions(+), 37 deletions(-)

diff --git a/windows/configuration/provisioning-packages/provisioning-packages.md b/windows/configuration/provisioning-packages/provisioning-packages.md
index a3b4e25f84..47f42ccdec 100644
--- a/windows/configuration/provisioning-packages/provisioning-packages.md
+++ b/windows/configuration/provisioning-packages/provisioning-packages.md
@@ -1,10 +1,10 @@
 ---
-title: Provisioning packages (Windows 10)
-description: With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
+title: Provisioning packages (Windows)
+description: With Windows 10 and 11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
 ms.assetid: 287706E5-063F-4AB5-902C-A0DF6D0730BC
 ms.reviewer: 
 manager: dansimp
-ms.prod: w10
+ms.prod: w10,w11
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: greg-lindsay
@@ -14,34 +14,35 @@ ms.localizationpriority: medium
 ms.date: 07/27/2017
 ---
 
-# Provisioning packages for Windows 10
+# Provisioning packages for Windows
 
 
 **Applies to**
 
 - Windows 10
-- Windows 10 Mobile
+- Windows 11
 
 Windows provisioning makes it easy for IT administrators to configure end-user devices without imaging. Using Windows provisioning, an IT administrator can easily specify desired configuration and settings required to enroll the devices into management and then apply that configuration to target devices in a matter of minutes. It is best suited for small- to medium-sized businesses with deployments that range from tens to a few hundred computers. 
 
-A provisioning package (.ppkg) is a container for a collection of configuration settings. With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
+A provisioning package (.ppkg) is a container for a collection of configuration settings. With Windows 10 and 11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
 
 Provisioning packages are simple enough that with a short set of written instructions, a student or non-technical employee can use them to configure their device. This can result in a significant reduction in the time required to configure multiple devices in your organization.
 
-The [Windows Assessment and Deployment Kit (ADK) for Windows 10](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) includes the Windows Configuration Designer, a tool for configuring provisioning packages. Windows Configuration Designer is also available as an [app in the Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22). 
+<!-- The [Windows Assessment and Deployment Kit (ADK) for Windows 10](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) includes the Windows Configuration Designer, a tool for configuring provisioning packages.--> 
+Windows Configuration Designer is available as an [app in the Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22). 
 
 
 
 
-## New in Windows 10, version 1703
+<!--## New in Windows 10, version 1703-->
 
-- The tool for creating provisioning packages is renamed Windows Configuration Designer, replacing the Windows Imaging and Configuration Designer (ICD) tool. The components for creating images have been removed from Windows Configuration Designer, which now provides access to runtime settings only.
-- Windows Configuration Designer can still be installed from the Windows ADK. You can also install it from the Microsoft Store.
-- Windows Configuration Designer adds more wizards to make it easier to create provisioning packages for specific scenarios. See [What you can configure](#configuration-designer-wizards) for wizard descriptions.
-- The  Provision desktop devices wizard (previously called Simple provisioning) now enables joining Azure Active Directory (Azure AD) domains and also allows you to remove non-Microsoft software from Windows desktop devices during provisioning.
-- When provisioning packages are applied to a device, a status screen indicates successful or failed provisioning. 
-- Windows 10 includes PowerShell cmdlets that simplify scripted provisioning. Using these cmdlets, you can add provisioning packages, remove provisioning packages and generate log files to investigate provisioning errors.
-- The Provision school devices wizard is removed from Windows Configuration Designer. Instead, use the [Setup School PCs app](https://www.microsoft.com/store/p/set-up-school-pcs/9nblggh4ls40) from the Microsoft Store.
+<!-- - The tool for creating provisioning packages is renamed Windows Configuration Designer, replacing the Windows Configuration Designer (WCD) tool. The components for creating images have been removed from Windows Configuration Designer, which now provides access to runtime settings only. -->
+<!-- - Windows Configuration Designer can still be installed from the Windows ADK. You can also install it from the Microsoft Store. -->
+<!-- - Windows Configuration Designer adds more wizards to make it easier to create provisioning packages for specific scenarios. See [What you can configure](#configuration-designer-wizards) for wizard descriptions. -->
+<!-- - The  Provision desktop devices wizard (previously called Simple provisioning) now enables joining Azure Active Directory (Azure AD) domains and also allows you to remove non-Microsoft software from Windows desktop devices during provisioning. -->
+<!-- - When provisioning packages are applied to a device, a status screen indicates successful or failed provisioning. -->
+<!-- - Windows 10 includes PowerShell cmdlets that simplify scripted provisioning. Using these cmdlets, you can add provisioning packages, remove provisioning packages and generate log files to investigate provisioning errors.-->
+<!-- - The Provision school devices wizard is removed from Windows Configuration Designer. Instead, use the [Setup School PCs app](https://www.microsoft.com/store/p/set-up-school-pcs/9nblggh4ls40) from the Microsoft Store. -->
 <!-- Provisioning packages can be made available [using NFC and barcodes](provisioning-nfc.md).--> 
 
 
@@ -75,16 +76,27 @@ Provisioning packages can be:
 The following table describes settings that you can configure using the wizards in Windows Configuration Designer to create provisioning packages.
 
 
-<table><tr><td align="left"><strong>Step</strong></td><td align="left"><strong>Description</strong></td><td><strong>Desktop wizard</strong></td><td align="center"><strong>Mobile wizard</strong></td><td><strong>Kiosk wizard</strong></td><td><strong>HoloLens wizard</strong></td></tr>
-<tr><td valign="top">Set up device</td><td valign="top">Assign device name,</br>enter product key to upgrade Windows,</br>configure shared used,</br>remove pre-installed software</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></br>(Only device name and upgrade key)</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr>
-<tr><td valign="top">Set up network</td><td valign="top">Connect to a Wi-Fi network</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr>
-<tr><td valign="top">Account management</td><td valign="top">Enroll device in Active Directory,</br>enroll device in Azure Active Directory,</br>or create a local administrator account</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr>
-<tr><td valign="top">Bulk Enrollment in Azure AD</td><td valign="top">Enroll device in Azure Active Directory</br></br>Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, <a href="/azure/active-directory/active-directory-azureadjoin-setup" data-raw-source="[set up Azure AD join in your organization](/azure/active-directory/active-directory-azureadjoin-setup)">set up Azure AD join in your organization</a>.</td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td></tr>
-<tr><td valign="top">Add applications</td><td valign="top">Install applications using the provisioning package.</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td></tr>
-<tr><td valign="top">Add certificates</td><td valign="top">Include a certificate file in the provisioning package.</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr>
-<tr><td valign="top">Configure kiosk account and app</td><td valign="top">Create local account to run the kiosk mode app,</br>specify the app to run in kiosk mode</td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td></tr>
-<tr><td valign="top">Configure kiosk common settings</td><td valign="top">Set tablet mode,</br>configure welcome and shutdown screens,</br>turn off timeout settings</td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td></tr>
-<tr><td valign="top">Developer Setup</td><td valign="top">Enable Developer Mode.</td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr></table>
+<table><tr><td align="left"><strong>Step</strong></td><td align="left"><strong>Description</strong></td><td><strong>Desktop wizard</strong></td><td><strong>Kiosk wizard</strong></td><td><strong>HoloLens wizard</strong></td></tr>
+<tr><td valign="top">Set up device</td><td valign="top">Assign device name,</br>enter product key to upgrade Windows,</br>configure shared used,</br>remove pre-installed software</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr>
+<tr><td valign="top">Set up network</td><td valign="top">Connect to a Wi-Fi network</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr>
+<tr><td valign="top">Account management</td><td valign="top">Enroll device in Active Directory,</br>enroll device in Azure Active Directory,</br>or create a local administrator account</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr>
+<tr><td valign="top">Bulk Enrollment in Azure AD</td><td valign="top">Enroll device in Azure Active Directory</br></br>Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, <a href="/azure/active-directory/active-directory-azureadjoin-setup" data-raw-source="[set up Azure AD join in your organization](/azure/active-directory/active-directory-azureadjoin-setup)">set up Azure AD join in your organization</a>.</td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td></tr>
+<tr><td valign="top">Add applications</td><td valign="top">Install applications using the provisioning package.</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td></tr>
+<tr><td valign="top">Add certificates</td><td valign="top">Include a certificate file in the provisioning package.</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr>
+<tr><td valign="top">Configure kiosk account and app</td><td valign="top">Create local account to run the kiosk mode app,</br>specify the app to run in kiosk mode</td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td></tr>
+<tr><td valign="top">Configure kiosk common settings</td><td valign="top">Set tablet mode,</br>configure welcome and shutdown screens,</br>turn off timeout settings</td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td></tr>
+<tr><td valign="top">Developer Setup</td><td valign="top">Enable Developer Mode.</td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr></table>
+
+<!-- <table><tr><td align="left"><strong>Step</strong></td><td align="left"><strong>Description</strong></td><td><strong>Desktop wizard</strong></td><td align="center"><strong>Mobile wizard</strong></td><td><strong>Kiosk wizard</strong></td><td><strong>HoloLens wizard</strong></td></tr> -->
+<!-- <tr><td valign="top">Set up device</td><td valign="top">Assign device name,</br>enter product key to upgrade Windows,</br>configure shared used,</br>remove pre-installed software</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></br>(Only device name and upgrade key)</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr> -->
+<!-- <tr><td valign="top">Set up network</td><td valign="top">Connect to a Wi-Fi network</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr> -->
+<!-- <tr><td valign="top">Account management</td><td valign="top">Enroll device in Active Directory,</br>enroll device in Azure Active Directory,</br>or create a local administrator account</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr> -->
+<!-- <tr><td valign="top">Bulk Enrollment in Azure AD</td><td valign="top">Enroll device in Azure Active Directory</br></br>Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, <a href="/azure/active-directory/active-directory-azureadjoin-setup" data-raw-source="[set up Azure AD join in your organization](/azure/active-directory/active-directory-azureadjoin-setup)">set up Azure AD join in your organization</a>.</td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td></tr> -->
+<!-- <tr><td valign="top">Add applications</td><td valign="top">Install applications using the provisioning package.</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td></tr> -->
+<!-- <tr><td valign="top">Add certificates</td><td valign="top">Include a certificate file in the provisioning package.</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr> -->
+<!-- <tr><td valign="top">Configure kiosk account and app</td><td valign="top">Create local account to run the kiosk mode app,</br>specify the app to run in kiosk mode</td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td></tr> -->
+<!-- <tr><td valign="top">Configure kiosk common settings</td><td valign="top">Set tablet mode,</br>configure welcome and shutdown screens,</br>turn off timeout settings</td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td></tr> -->
+<!-- <tr><td valign="top">Developer Setup</td><td valign="top">Enable Developer Mode.</td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr></table> -->
 
 - [Instructions for the desktop wizard](provision-pcs-for-initial-deployment.md)
 - [Instructions for the mobile wizard](../mobile-devices/provisioning-configure-mobile.md)
@@ -117,32 +129,32 @@ The following table provides some examples of settings that you can configure us
 
 For details about the settings you can customize in provisioning packages, see [Windows Provisioning settings reference]( https://go.microsoft.com/fwlink/p/?LinkId=619012).
 
-## Changes to provisioning in Windows 10, version 1607
+<!-- ## Changes to provisioning in Windows 10, version 1607 -->
 
-> [!NOTE]
-> This section is retained for customers using Windows 10, version 1607, on the Current Branch for Business. Some of this information is not applicable in Windows 10, version 1703.
+<!-- > [!NOTE] -->
+<!-- > This section is retained for customers using Windows 10, version 1607, on the Current Branch for Business. Some of this information is not applicable in Windows 10, version 1703. -->
 
-Windows ICD for Windows 10, version 1607, simplified common provisioning scenarios. 
+WCD, simplified common provisioning scenarios. 
 
 ![Configuration Designer options.](../images/icd.png)
 
-Windows ICD in Windows 10, version 1607, supported the following scenarios for IT administrators:
+WCD supports the following scenarios for IT administrators:
 
-* **Simple provisioning** – Enables IT administrators to define a desired configuration in Windows ICD and then apply that configuration on target devices. The simple provisioning wizard makes the entire process quick and easy by guiding an IT administrator through common configuration settings in a step-by-step manner. 
+* **Simple provisioning** – Enables IT administrators to define a desired configuration in WCD and then apply that configuration on target devices. The simple provisioning wizard makes the entire process quick and easy by guiding an IT administrator through common configuration settings in a step-by-step manner. 
 
-[Learn how to use simple provisioning to configure Windows 10 computers.](provision-pcs-for-initial-deployment.md)
+[Learn how to use simple provisioning to configure Windows computers.](provision-pcs-for-initial-deployment.md)
 
-* **Advanced provisioning (deployment of classic (Win32) and Universal Windows Platform (UWP) apps, and certificates)** – Allows an IT administrator to use Windows ICD to open provisioning packages in the advanced settings editor and include apps for deployment on end-user devices. 
+* **Advanced provisioning (deployment of classic (Win32) and Universal Windows Platform (UWP) apps, and certificates)** – Allows an IT administrator to use WCD to open provisioning packages in the advanced settings editor and include apps for deployment on end-user devices. 
 
-* **Mobile device enrollment into management** - Enables IT administrators to purchase off-the-shelf retail Windows 10 Mobile devices and enroll them into mobile device management (MDM) before handing them to end-users in the organization. IT administrators can use Windows ICD to specify the management end-point and apply the configuration on target devices by connecting them to a Windows PC (tethered deployment) or through an SD card. Supported management end-points include: 
+* **Mobile device enrollment into management** - Enables IT administrators to purchase off-the-shelf retail Windows devices and enroll them into mobile device management (MDM) before handing them to end-users in the organization. IT administrators can use WCD to specify the management end-point and apply the configuration on target devices by connecting them to a Windows PC (tethered deployment) or through an SD card. Supported management end-points include: 
 
     * Microsoft Intune (certificate-based enrollment) 
     * AirWatch (password-string based enrollment) 
     * Mobile Iron (password-string based enrollment) 
     * Other MDMs (cert-based enrollment) 
 
-> [!NOTE]
-> Windows ICD in Windows 10, version 1607, also provided a wizard to create provisioning packages for school PCs. To learn more, see [Set up students' PCs to join domain](/education/windows/).
+<!--  > [!NOTE] -->
+<!--  > Windows ICD in Windows 10, version 1607, also provided a wizard to create provisioning packages for school PCs. To learn more, see [Set up students' PCs to join domain](/education/windows/). -->
 
 ## Learn more
 
@@ -164,4 +176,4 @@ For more information about provisioning, watch the following videos:
 - [PowerShell cmdlets for provisioning Windows 10 (reference)](provisioning-powershell.md)
 - [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
 - [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
-- [Use Windows Configuration Designer to configure Windows 10 Mobile devices](../mobile-devices/provisioning-configure-mobile.md)
\ No newline at end of file
+- [Use Windows Configuration Designer to configure Windows 10 Mobile devices](../mobile-devices/provisioning-configure-mobile.md)

From 47ab294a2e5c691fed43ad4061837172c50010d7 Mon Sep 17 00:00:00 2001
From: gkomatsu <gkomatsu@microsoft.com>
Date: Fri, 3 Sep 2021 11:16:10 -0700
Subject: [PATCH 091/671] Update for Windows 11

Added Windows 11
Removed Windows Mobile
Revised ICD -> WCD
---
 .../provisioning-how-it-works.md              | 22 +++++++++----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/windows/configuration/provisioning-packages/provisioning-how-it-works.md b/windows/configuration/provisioning-packages/provisioning-how-it-works.md
index 5942a86179..b0bacdf90b 100644
--- a/windows/configuration/provisioning-packages/provisioning-how-it-works.md
+++ b/windows/configuration/provisioning-packages/provisioning-how-it-works.md
@@ -1,7 +1,7 @@
 ---
-title: How provisioning works in Windows 10 (Windows 10)
+title: How provisioning works in Windows 
 description: A provisioning package (.ppkg) is a container for a collection of configuration settings. 
-ms.prod: w10
+ms.prod: w10,w11
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: greg-lindsay
@@ -13,15 +13,15 @@ ms.reviewer:
 manager: dansimp
 ---
 
-# How provisioning works in Windows 10
+# How provisioning works in Windows
 
 
 **Applies to**
 
 -   Windows 10
--   Windows 10 Mobile
+-   Windows 11
 
-Provisioning packages in Windows 10 provide IT administrators with a simplified way to apply configuration settings to Windows 10 devices. Windows Configuration Designer is a tool that makes it easy to create a provisioning package. Windows Configuration Designer can be installed from the [Windows Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) or through the Microsoft Store.
+Provisioning packages in Windows 10 provide IT administrators with a simplified way to apply configuration settings to Windows 10 and 11 devices. Windows Configuration Designer is a tool that makes it easy to create a provisioning package. Windows Configuration Designer can be installed from <!-- the [Windows Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) or through the --> Microsoft Store.
 
 ## Provisioning packages
 
@@ -69,7 +69,7 @@ When the provisioning engine selects a configuration, the Windows provisioning X
 
 ## Provisioning engine
 
-The provisioning engine is the core component for managing provisioning and configuration at runtime in a device running Windows 10. 
+The provisioning engine is the core component for managing provisioning and configuration at runtime in a device running Windows 10 or 11. 
 
 The provisioning engine provides the following functionality:
 
@@ -82,7 +82,7 @@ The provisioning engine provides the following functionality:
 
 ## Configuration manager
 
-The configuration manager provides the unified way of managing Windows 10 devices. Configuration is mainly done through the Open Mobile Alliance (OMA) Device Management (DM) and Client Provisioning (CP) protocols. The configuration manager handles and parses these protocol requests from different channels and passes them down to [Configuration Service Providers (CSPs)](/windows/client-management/mdm/configuration-service-provider-reference) to perform the specific management requests and settings. 
+The configuration manager provides the unified way of managing Windows 10 and 11 devices. Configuration is mainly done through the Open Mobile Alliance (OMA) Device Management (DM) and Client Provisioning (CP) protocols. The configuration manager handles and parses these protocol requests from different channels and passes them down to [Configuration Service Providers (CSPs)](/windows/client-management/mdm/configuration-service-provider-reference) to perform the specific management requests and settings. 
 
 The provisioning engine relies on configuration manager for all of the actual processing and application of a chosen configuration. The provisioning engine determines the stage of provisioning and, based on a set of keys, determines the set of configuration to send to the configuration manager. The configuration manager in turn parses and calls into the CSPs for the setting to be applied. 
 
@@ -130,7 +130,7 @@ The following table shows how device provisioning can be initiated when a user f
 | Package delivery | Initiation method | Supported device |
 | --- | --- | --- |
 | Removable media - USB drive or SD card</br> (Packages must be placed at media root) | 5 fast taps on the Windows key to launch the provisioning UI |All Windows devices |
-| From an administrator device through machine-to-machine NFC or NFC tag</br>(The administrator device must run an app that can transfer the package over NFC) | 5 fast taps on the Windows key to launch the provisioning UI | Windows 10 Mobile devices and IoT Core devices |
+| From an administrator device through machine-to-machine NFC or NFC tag</br>(The administrator device must run an app that can transfer the package over NFC) | 5 fast taps on the Windows key to launch the provisioning UI | Windows <!-- 10 Mobile devices and -->IoT Core devices |
  
 The provisioning engine always copies the acquired provisioning packages to the `%ProgramData%\Microsoft\Provisioning` folder before processing them during OOBE. The provisioning engine always applies provisioning packages embedded in the installed Windows image during Windows Setup OOBE pass regardless of whether the package is signed and trusted. When the provisioning engine applies an encrypted provisioning package on an end-user device during OOBE, users must first provide a valid password to decrypt the package. The provisioning engine also checks whether a provisioning package is signed and trusted; if it's not, the user must provide consent before the package is applied to the device. 
 
@@ -144,7 +144,7 @@ At device runtime, stand-alone provisioning packages can be applied by user init
 | --- | --- | --- |
 | Removable media - USB drive or SD card</br>(Packages must be placed at media root) | **Settings** > **Accounts** > **Access work or school** > **Add or remove a provisioning package** | All Windows devices |
 | Downloaded from a network connection and copied to a local folder | Double-click the package file | Windows 10 for desktop editions devices |
-| From an administrator device connected to the target device through USB tethering | Drag and drop the package file onto the target device | Windows 10 Mobile devices and IoT Core devices |
+| From an administrator device connected to the target device through USB tethering | Drag and drop the package file onto the target device | Windows <!--10 Mobile devices and -->IoT Core devices |
 
 When applying provisioning packages from a removable media attached to the device, the Settings UI allows viewing contents of a package before selecting the package for provisioning. To minimize the risk of the device being spammed by applying provisioning packages from unknown sources, a provisioning package can be signed and encrypted. Partners can also set policies to limit the application of provisioning packages at device runtime. Applying provisioning packages at device runtime requires administrator privilege. If the package is not signed or trusted, a user must provide consent before the package is applied to the device. If the package is encrypted, a valid password is needed to decrypt the package before it can be applied to the device.
 
@@ -157,7 +157,7 @@ After a stand-alone provisioning package is applied to the device, the package i
 
 -   Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
 
--   Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922)
+<!-- -   Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922) -->
 
 
 ## Related topics
@@ -178,4 +178,4 @@ After a stand-alone provisioning package is applied to the device, the package i
 
  
 
- 
\ No newline at end of file
+ 

From 07394c37a641872f6822760b783d7e292dfca23a Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Fri, 3 Sep 2021 14:20:08 -0700
Subject: [PATCH 092/671] remove article

---
 .../planning/windows-11-removed-features.md   | 33 -------------------
 1 file changed, 33 deletions(-)
 delete mode 100644 windows/deployment/planning/windows-11-removed-features.md

diff --git a/windows/deployment/planning/windows-11-removed-features.md b/windows/deployment/planning/windows-11-removed-features.md
deleted file mode 100644
index 12f618fbfe..0000000000
--- a/windows/deployment/planning/windows-11-removed-features.md
+++ /dev/null
@@ -1,33 +0,0 @@
----
-title: Windows 11 - Features that have been removed
-description: In this article, learn about the features and functionality that has been removed or replaced in Windows 11.
-ms.prod: w11
-ms.mktglfcycl: plan
-ms.localizationpriority: medium
-ms.sitesec: library
-audience: itpro
-author: greg-lindsay
-ms.author: greglin
-manager: laurawi
-ms.topic: article
-ms.custom: seo-marvel-apr2020
----
-
-# Features and functionality removed in Windows 11
-
-> Applies to: Windows 11
-
-Windows 11 adds new features and functionality; however some features are removed. Below is a summary of features and functionalities that are present in earlier versions of Windows 10 or Windows 11, but are removed in the specified version of Windows 11. **The list below is subject to change and might not include every affected feature or functionality.** 
-
-> [!NOTE]
-> Join the [Windows Insider program](https://insider.windows.com) to get early access to new Windows 11 builds and test these changes yourself.
-
-The following features and functionalities have been removed from the installed product image for Windows 11. Applications or code that depend on these features won't function in the release when it was removed, or in later releases.
-
-|Feature    |  Details and mitigation  | Removed in version |
-| ----------- | --------------------- | ------ |
-| Windows Deployment Services (WDS) image deployment | End to end WDS deployment workflows that use **boot.wim** from installation media are affected. For more information, see [Windows Deployment Services (WDS) boot.wim support](../wds-boot-support.md) | Windows 11 |
-
-## Also see
-
-[Features removed or no longer developed starting with Windows Server 2022](/windows-server/get-started/removed-deprecated-features-windows-server-2022#features-were-no-longer-developing)<br>
\ No newline at end of file

From 1e47b7dceee7a56b758ddc1a93e178918834b316 Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Fri, 3 Sep 2021 14:23:21 -0700
Subject: [PATCH 093/671] remove dupe link

---
 windows/deployment/wds-boot-support.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/windows/deployment/wds-boot-support.md b/windows/deployment/wds-boot-support.md
index b484c3dc45..f141ef1446 100644
--- a/windows/deployment/wds-boot-support.md
+++ b/windows/deployment/wds-boot-support.md
@@ -109,5 +109,4 @@ If you currently use WDS with **boot.wim** from installation media for end-to-en
 
 [Features removed or no longer developed starting with Windows Server 2022](/windows-server/get-started/removed-deprecated-features-windows-server-2022#features-were-no-longer-developing)<br>
 [Create a custom Windows PE boot image with Configuration Manager](deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md)<br>
-[Prepare for deployment with MDT](deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md)<br>
-[Features removed or no longer developed starting with Windows Server 2022](/windows-server/get-started/removed-deprecated-features-windows-server-2022)
\ No newline at end of file
+[Prepare for deployment with MDT](deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md)<br>
\ No newline at end of file

From ecbd27bfe59fec6ec3043a1370f5bd91ac7f00f2 Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Fri, 3 Sep 2021 14:28:53 -0700
Subject: [PATCH 094/671] rm feature file

---
 windows/deployment/TOC.yml                        | 4 +---
 windows/deployment/planning/features-lifecycle.md | 3 +--
 2 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml
index 6602391574..8daccb955a 100644
--- a/windows/deployment/TOC.yml
+++ b/windows/deployment/TOC.yml
@@ -71,9 +71,7 @@
             - name: Features we removed
               items:
                 - name: Windows 10 features removed
-                  href: planning/windows-10-removed-features.md
-                - name: Windows 11 features removed
-                  href: planning/windows-11-removed-features.md         
+                  href: planning/windows-10-removed-features.md       
 
     - name: Prepare
       items: 
diff --git a/windows/deployment/planning/features-lifecycle.md b/windows/deployment/planning/features-lifecycle.md
index af22f20db2..6aa1667383 100644
--- a/windows/deployment/planning/features-lifecycle.md
+++ b/windows/deployment/planning/features-lifecycle.md
@@ -30,8 +30,7 @@ The following topic lists features that are no longer being developed. These fea
 
 The following topics have details about features that have been removed from Windows 10 or Windows 11. This includes features that are present in Windows 10, but are removed in Windows 11.
 
-[Windows 10 features we removed](windows-10-removed-features.md)<br>
-[Windows 11 features we removed](windows-11-removed-features.md)
+[Windows 10 features we removed](windows-10-removed-features.md)
 
 ## Terminology
 

From 163f72577ee9815237b05cf42dde843a01deb2bd Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Fri, 3 Sep 2021 14:35:24 -0700
Subject: [PATCH 095/671] fix warning

---
 .../provisioning-packages/provisioning-how-it-works.md        | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/configuration/provisioning-packages/provisioning-how-it-works.md b/windows/configuration/provisioning-packages/provisioning-how-it-works.md
index b0bacdf90b..71b38c30f7 100644
--- a/windows/configuration/provisioning-packages/provisioning-how-it-works.md
+++ b/windows/configuration/provisioning-packages/provisioning-how-it-works.md
@@ -1,14 +1,14 @@
 ---
 title: How provisioning works in Windows 
 description: A provisioning package (.ppkg) is a container for a collection of configuration settings. 
-ms.prod: w10,w11
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: greg-lindsay
 ms.author: greglin
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 07/27/2017
+ms.date: 09/03/2021
 ms.reviewer: 
 manager: dansimp
 ---

From 9545dc05845bb583d26b759d16da3822d10907cb Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Fri, 3 Sep 2021 17:23:16 -0700
Subject: [PATCH 096/671] Changed word wrap around image via updated image wrap

The layout in my browser looked bad.
---
 windows/security/threat-protection/auditing/event-4768.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/auditing/event-4768.md b/windows/security/threat-protection/auditing/event-4768.md
index e73c3e0daa..f06e21d952 100644
--- a/windows/security/threat-protection/auditing/event-4768.md
+++ b/windows/security/threat-protection/auditing/event-4768.md
@@ -21,7 +21,7 @@ ms.technology: mde
 -   Windows Server 2016
 
 
-<img src="images/event-4768.png" alt="Event 4768 illustration" width="554" height="659" hspace="10" align="left" />
+:::image type="content" alt-text="Event 4768 illustration." source="images/event-4768.png":::
 
 ***Subcategory:***&nbsp;[Audit Kerberos Authentication Service](audit-kerberos-authentication-service.md)
 

From eba388115f2a0cbb600ef3112c9ea7c43db74d7c Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Fri, 3 Sep 2021 17:28:31 -0700
Subject: [PATCH 097/671] Corrected notes style

---
 .../threat-protection/auditing/event-4768.md  | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/auditing/event-4768.md b/windows/security/threat-protection/auditing/event-4768.md
index f06e21d952..55854d8774 100644
--- a/windows/security/threat-protection/auditing/event-4768.md
+++ b/windows/security/threat-protection/auditing/event-4768.md
@@ -35,7 +35,8 @@ If TGT issue fails then you will see Failure event with **Result Code** field no
 
 This event doesn't generate for **Result Codes**: 0x10, 0x17 and 0x18. Event “[4771](event-4771.md): Kerberos pre-authentication failed.” generates instead.
 
-> **Note**&nbsp;&nbsp;For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event.
+> [!NOTE]
+> For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event.
 
 <br clear="all">
 
@@ -101,7 +102,8 @@ This event doesn't generate for **Result Codes**: 0x10, 0x17 and 0x18. Event “
 
     -   Uppercase full domain name: CONTOSO.LOCAL
 
-> **Note**&nbsp;&nbsp;A **Kerberos Realm** is a set of managed nodes that share the same Kerberos database. The Kerberos database resides on the Kerberos master computer system, which should be kept in a physically secure room. Active Directory domain is the example of Kerberos Realm in the Microsoft Windows Active Directory world.
+    > [!NOTE]
+    > A **Kerberos Realm** is a set of managed nodes that share the same Kerberos database. The Kerberos database resides on the Kerberos master computer system, which should be kept in a physically secure room. Active Directory domain is the example of Kerberos Realm in the Microsoft Windows Active Directory world.
 
 -   **User ID** \[Type = SID\]**:** SID of account for which (TGT) ticket was requested. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
@@ -109,7 +111,8 @@ This event doesn't generate for **Result Codes**: 0x10, 0x17 and 0x18. Event “
 
     -   **NULL SID** – this value shows in [4768](event-4768.md) Failure events.
 
-> **Note**&nbsp;&nbsp;A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers).
+    > [!NOTE]
+    > A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers).
 
 **Service Information:**
 
@@ -149,7 +152,10 @@ This event doesn't generate for **Result Codes**: 0x10, 0x17 and 0x18. Event “
 
     -   Using **MSB 0** bit numbering we have bit 1, 8, 15 and 27 set = Forwardable, Renewable, Canonicalize, Renewable-ok.
 
-> **Note**&nbsp;&nbsp;In the table below **“MSB 0”** bit numbering is used, because RFC documents use this style. In “MSB 0” style bit numbering begins from left.<br><img src="images/msb.png" alt="MSB illustration" width="224" height="57" />
+> [!NOTE]
+> In the table below **“MSB 0”** bit numbering is used, because RFC documents use this style. In “MSB 0” style bit numbering begins from left.
+> 
+> :::image type="content" alt-text="MSB illustration." source="images/msb.png":::
 
 The most common values:
 
@@ -186,8 +192,9 @@ The most common values:
 | 31    | Validate                 | This option is used only by the ticket-granting service. The VALIDATE option indicates that the request is to validate a postdated ticket. Should not be in use, because postdated tickets are not supported by KILE.                                                                                                                                                                                                                                                                                                                                                                                                                                        |
 
 > Table 2. Kerberos ticket flags.
-> 
-> **Note**&nbsp;&nbsp;[KILE](/openspecs/windows_protocols/ms-kile/2a32282e-dd48-4ad9-a542-609804b02cc9) **(Microsoft Kerberos Protocol Extension)** – Kerberos protocol extensions used in Microsoft operating systems. These extensions provide additional capability for authorization information including group memberships, interactive logon information, and integrity levels.
+
+> [!NOTE]
+> [KILE](/openspecs/windows_protocols/ms-kile/2a32282e-dd48-4ad9-a542-609804b02cc9) **(Microsoft Kerberos Protocol Extension)** – Kerberos protocol extensions used in Microsoft operating systems. These extensions provide additional capability for authorization information including group memberships, interactive logon information, and integrity levels.
 
 -   **Result Code** \[Type = HexInt32\]**:** hexadecimal result code of TGT issue operation. The “Table 3. TGT/TGS issue error codes.” contains the list of the most common error codes for this event.
 

From cb0080914f28ec187aeccdc186467b08b6de47d4 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Fri, 3 Sep 2021 17:29:40 -0700
Subject: [PATCH 098/671] Labeled code block

---
 windows/security/threat-protection/auditing/event-4768.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/auditing/event-4768.md b/windows/security/threat-protection/auditing/event-4768.md
index 55854d8774..59ba63d70c 100644
--- a/windows/security/threat-protection/auditing/event-4768.md
+++ b/windows/security/threat-protection/auditing/event-4768.md
@@ -41,7 +41,7 @@ This event doesn't generate for **Result Codes**: 0x10, 0x17 and 0x18. Event “
 <br clear="all">
 
 ***Event XML:***
-```
+```xml
 - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
 - <System>
  <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" /> 

From f1704dc9a9a4e6e9f8cbdb5f08990aee12a47c78 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Fri, 3 Sep 2021 17:35:39 -0700
Subject: [PATCH 099/671] Fixed broken headings

Headings don't work and are not rendered correctly when HTML is next to them, such as the SPAN tags in this article.
---
 .../security/threat-protection/auditing/event-4768.md  | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/auditing/event-4768.md b/windows/security/threat-protection/auditing/event-4768.md
index 59ba63d70c..81482d1771 100644
--- a/windows/security/threat-protection/auditing/event-4768.md
+++ b/windows/security/threat-protection/auditing/event-4768.md
@@ -191,7 +191,7 @@ The most common values:
 | 30    | Renew                    | The RENEW option indicates that the present request is for a renewal. The ticket provided is encrypted in the secret key for the server on which it is valid. This option will only be honored if the ticket to be renewed has its RENEWABLE flag set and if the time in it’s renew-till field has not passed. The ticket to be renewed is passed in the padata field as part of the authentication header.                                                                                                                                                                                                                                                  |
 | 31    | Validate                 | This option is used only by the ticket-granting service. The VALIDATE option indicates that the request is to validate a postdated ticket. Should not be in use, because postdated tickets are not supported by KILE.                                                                                                                                                                                                                                                                                                                                                                                                                                        |
 
-> Table 2. Kerberos ticket flags.
+## Table 2. Kerberos ticket flags
 
 > [!NOTE]
 > [KILE](/openspecs/windows_protocols/ms-kile/2a32282e-dd48-4ad9-a542-609804b02cc9) **(Microsoft Kerberos Protocol Extension)** – Kerberos protocol extensions used in Microsoft operating systems. These extensions provide additional capability for authorization information including group memberships, interactive logon information, and integrity levels.
@@ -259,12 +259,15 @@ The most common values:
 | 0x43                                                       | KRB\_AP\_ERR\_NO\_TGT                  | No TGT was presented or available                                           | In user-to-user authentication if the service does not possess a ticket granting ticket, it should return the error KRB\_AP\_ERR\_NO\_TGT.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |
 | 0x44                                                       | KDC\_ERR\_WRONG\_REALM                 | Incorrect domain or principal                                               | Although this error rarely occurs, it occurs when a client presents a cross-realm TGT to a realm other than the one specified in the TGT. Typically, this results from incorrectly configured DNS.                                                                                                                                                                                                                                                                                                                                                                                                                           |
 
-> <span id="_Ref432868145" class="anchor"></span>Table 3. TGT/TGS issue error codes.
+<span id="_Ref432868145" class="anchor"></span>
+
+## Table 3. TGT/TGS issue error codes
 
 -   **Ticket Encryption Type** \[Type = HexInt32\]: the cryptographic suite that was used for issued TGT.
 
 
 <span id="kerberos-encryption-types" />
+
 ## Table 4. Kerberos encryption types
 
 | Type | Type Name               | Description                                                                       |
@@ -281,7 +284,8 @@ The most common values:
 -   **Pre-Authentication Type** \[Type = UnicodeString\]: the code number of [pre-Authentication](/previous-versions/windows/it-pro/windows-server-2003/cc772815(v=ws.10)) type which was used in TGT request.
 
 <span id="kerberos-preauthentication-types" />
-## Table 5. Kerberos Pre-Authentication types.
+
+## Table 5. Kerberos Pre-Authentication types
 
 | Type | Type Name              | Description                                                                                                                                                                                                                                                                                                                                                                                                      |
 |------------------------------------------------------------------------|------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|

From e0a2435af96be4e6cebd4b89a1f8ac1c1739466c Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Fri, 3 Sep 2021 17:41:08 -0700
Subject: [PATCH 100/671] Corrected font weight of table headings

Table headings are bold by default, and the font weight is heavier without formatting for bold (**).
---
 windows/security/threat-protection/auditing/event-4768.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/auditing/event-4768.md b/windows/security/threat-protection/auditing/event-4768.md
index 81482d1771..340264fa1e 100644
--- a/windows/security/threat-protection/auditing/event-4768.md
+++ b/windows/security/threat-protection/auditing/event-4768.md
@@ -312,7 +312,7 @@ The most common values:
 
 For 4768(S, F): A Kerberos authentication ticket (TGT) was requested.
 
-| **Type of monitoring required**                                                                                                                                                                                                                                                                                   | **Recommendation**                                                                                                                                             |
+| Type of monitoring required | Recommendation |
 |-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | **High-value accounts**: You might have high-value domain or local accounts for which you need to monitor each action.<br>Examples of high-value accounts are database administrators, built-in local administrator account, domain administrators, service accounts, domain controller accounts and so on. | Monitor this event with the **“User ID”** that corresponds to the high-value account or accounts.                                                              |
 | **Anomalies or malicious actions**: You might have specific requirements for detecting anomalies or monitoring potential malicious actions. For example, you might need to monitor for use of an account outside of working hours.                                                                                | When you monitor for anomalies or malicious actions, use the **“User ID”** (with other information) to monitor how or when a particular account is being used. |
@@ -331,7 +331,7 @@ For 4768(S, F): A Kerberos authentication ticket (TGT) was requested.
 
 -   Also consider monitoring the fields shown in the following table, to discover the issues listed:
 
-| **Field**                   | **Issue to discover**                                                                                                                                                                                                                                                                                                                                   |
+| Field | Issue to discover |
 |-----------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | **Certificate Issuer Name** | Certification authority name is not from your PKI.                                                                                                                                                                                                                                                                                       |
 | **Certificate Issuer Name** | Certification authority name is not authorized to issue smart card authentication certificates.                                                                                                                                                                                                                                                         |

From be7ae41db9b05b8f7e9bbc87c6307de7099b15cb Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Fri, 3 Sep 2021 18:16:28 -0700
Subject: [PATCH 101/671] Restored HTML image reference, though curiously...

...I've had little success with docs.microsoft.com respecting sizing of images. I don't understand why it apparently works in this instance.
---
 windows/security/threat-protection/auditing/event-4768.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/auditing/event-4768.md b/windows/security/threat-protection/auditing/event-4768.md
index 340264fa1e..9406edbf43 100644
--- a/windows/security/threat-protection/auditing/event-4768.md
+++ b/windows/security/threat-protection/auditing/event-4768.md
@@ -155,7 +155,7 @@ This event doesn't generate for **Result Codes**: 0x10, 0x17 and 0x18. Event “
 > [!NOTE]
 > In the table below **“MSB 0”** bit numbering is used, because RFC documents use this style. In “MSB 0” style bit numbering begins from left.
 > 
-> :::image type="content" alt-text="MSB illustration." source="images/msb.png":::
+> <img src="images/msb.png" alt="MSB illustration" width="224" height="57" />
 
 The most common values:
 

From b9a96725e62af48b3ecedad954f4d801f48e7f62 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Sun, 5 Sep 2021 10:31:07 -0700
Subject: [PATCH 102/671] Added "address" after "IP"

---
 windows/security/threat-protection/auditing/event-4768.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/auditing/event-4768.md b/windows/security/threat-protection/auditing/event-4768.md
index 9406edbf43..64156ecd85 100644
--- a/windows/security/threat-protection/auditing/event-4768.md
+++ b/windows/security/threat-protection/auditing/event-4768.md
@@ -321,7 +321,7 @@ For 4768(S, F): A Kerberos authentication ticket (TGT) was requested.
 | **External accounts**: You might be monitoring accounts from another domain, or “external” accounts that are not allowed to perform certain actions (represented by certain specific events).                                                                                                                     | Monitor this event for the **“Supplied Realm Name”** corresponding to another domain or “external” location.                                                   |
 | **Account naming conventions**: Your organization might have specific naming conventions for account names.                                                                                                                                                                                                       | Monitor “**User ID”** for names that don’t comply with naming conventions.                                                                                     |
 
--   You can track all [4768](event-4768.md) events where the **Client Address** is not from your internal IP range or not from private IP ranges.
+-   You can track all [4768](event-4768.md) events where the **Client Address** is not from your internal IP address range or not from private IP address ranges.
 
 -   If you know that **Account Name** should be used only from known list of IP addresses, track all **Client Address** values for this **Account Name** in [4768](event-4768.md) events. If **Client Address** is not from the allowlist, generate the alert.
 

From 5df53ceb023d8e4c9f3bab62fe84928c8ce5edd5 Mon Sep 17 00:00:00 2001
From: Carmen Forsmann <cmforsmann@live.com>
Date: Sun, 5 Sep 2021 16:23:50 -0600
Subject: [PATCH 103/671] Add new Delivery Optimization workflow documentation

---
 windows/deployment/TOC.yml                    |  2 +
 .../update/delivery-optimization-workflow.md  | 39 +++++++++++++++++++
 2 files changed, 41 insertions(+)
 create mode 100644 windows/deployment/update/delivery-optimization-workflow.md

diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml
index fdc36528a1..216bdb78e9 100644
--- a/windows/deployment/TOC.yml
+++ b/windows/deployment/TOC.yml
@@ -48,6 +48,8 @@
           items:
             - name: Using a proxy with Delivery Optimization
               href: update/delivery-optimization-proxy.md
+            - name: Delivery Optimization Client-Service Communication Explained
+              href: update/delivery-optimization-workflow.md
         - name: Best practices for feature updates on mission-critical devices
           href: update/feature-update-mission-critical.md
         - name: Windows 10 deployment considerations
diff --git a/windows/deployment/update/delivery-optimization-workflow.md b/windows/deployment/update/delivery-optimization-workflow.md
new file mode 100644
index 0000000000..d560a58ca2
--- /dev/null
+++ b/windows/deployment/update/delivery-optimization-workflow.md
@@ -0,0 +1,39 @@
+---
+title: Understand the Delivery Optimization Client-Service Communication Explained
+manager: laurawi
+description: Settings to use with various proxy configurations to allow Delivery Optimization to work
+keywords: updates, downloads, network, bandwidth
+ms.prod: w10
+ms.mktglfcycl: deploy
+audience: itpro
+author: carmenf
+ms.localizationpriority: medium
+ms.author: carmenf
+ms.collection: M365-modern-desktop
+ms.topic: article
+---
+
+# Delivery Optimization Client-Service Communication Explained
+
+**Applies to**: Windows 10
+
+## Download Request Workflow
+
+The DO workflow described below allows Delivery Optimization to securely and efficiently deliver requested content to the calling device.
+
+* When a download starts, the DO client will attempt to get its content metadata, from the DO service, which is a hash file containing the SHA-256 hash of each piece in the file, typically piece = 1 MB. Separate metadata that is obtained, through an SSL channel, provides DO a way to verify the authenticity of the hash file itself once it is downloaded.
+* When DO pulls a certain piece of the hash from another peer, it is verified against the known hash in the hash file.
+* If a peer provides an invalid piece, that piece is discarded. A peer that sends multiple bad pieces is banned and will no longer be used as a source by the client performing the download.
+* If DO is unable to obtain the hash file, or the verification of the hash file itself fails, the download will fall back to “Simple Mode” (pulling content only from an HTTP source) and peer to peer will not be allowed.
+* Once DO is done downloading and puts together the file from all the pieces it got, the caller using DO (ConfigMgr for example) performs yet another check for the entire file as well as verify the signature of it prior to proceeding with installation.
+
+## Delivery Optimization Service Endpoint And Data Information
+
+|Endpoint hostname|Name|Description|Data sent from the computer to the Endpoint (Field/Description)
+|----|-----|---------------|-----------------------|
+|<ul><li>geover-prod.do.dsp.mp.microsoft.com</li><li>geo-prod.do.dsp.mp.microsoft.com</li><li>geo.prod.do.dsp.mp.microsoft.com</li><li>geover.prod.do.dsp.mp.microsoft.com</li></ul> | Geo | Service used to identify the geo location of the device in order to direct it to the nearest data center. | <ul><li>**Profile**: The device type (ex: PC vs Xbox)</li><li>**doClientVersion**: The version of the DoSvc Client</li><li>**groupID**: Group the device belongs to (set via DownloadMode = '2' (Group download mode) + groupID group policy / MDM policies)</li></ul> |
+| <ul><li>kv*-prod.do.dsp.mp.microsoft.com</li><li>kv*.prod.do.dsp.mp.microsoft.com</li>|KeyValue|Bootstrap service, provides endpoints for all other services as well as device configs| <ul><li>**countryCode**: The country the client is connected from</li><li>**doClientVersion**: The version of the DoSvc Client</li><li>**Profile**: The device type (ex: PC vs Xbox)</li><li>**eId**: Client grouping Id</li><li>**CacheHost**: Cache host id<</li></ul> |
+| <ul><li>cp*-prod.do.dsp.mp.microsoft.com</li><li>cp*.prod.do.dsp.mp.microsoft.com</li></ul> | Content Policy | Provides content specific policies as well as content metadata URLs | <ul><li>**Profile**: The device type (ex: PC vs Xbox)</li><li>**ContentId**: The content identifier</li><li>**doClientVersion**: The version of the dosvc client</li><li>**countryCode**: The country the client is connected from</li><li>**altCatalogId**: If ContentId isn't available, use the download URL instead</li><li>**eId**: Client grouping Id</li><li>**CacheHost**: Cache host id </li></ul> |
+| <ul><li>disc*-prod.do.dsp.mp.microsoft.com</li><li>disc*.prod.do.dsp.mp.microsoft.com</li></ul> | Discovery | Provides the client with the geo-located Array to connect to. (There are two endpoints providing this functionality: /content and /v2/content) | <ul><li>**Profile**: The device type (ex: PC vs Xbox)</li><li>**ContentId**: The content identifier</li><li>**doClientVersion**: The version of the dosvc client</li><li>**partitionId**: Client partitioning hint</li><li>**altCatalogId**: If ContentId isn't available, use the download URL instead</li><li>**eId**: Client grouping Id</li></ul> |
+| <ul><li>cn*-prod.do.dsp.mp.microsoft.com</li><li>cn*.prod.do.dsp.mp.microsoft.com</li></ul> | Arrays | Provides the client with list of peers that have the same content and belong to the same peer group. | <ul><li>**Profile**: The device type (ex: PC vs Xbox)</li><li>**ContentId**: The content identifier</li><li>**doClientVersion**: The version of the dosvc client</li><li>**altCatalogId**: If ContentId isn't available, use the download URL instead</li><li>**PeerId**:  Identified of the device running DO client</li><li>**ReportedIp**: The internal / private IP Address</li><li>**IsBackground**: Is the download interactive or background</li><li>**Uploaded**: Total bytes uploaded to peers</li><li>**Downloaded**: Total bytes downloaded from peers</li><li>**DownloadedCdn**: Total bytes downloaded from CDN</li><li>**Left**: Bytes left to download</li><li>**Peers Wanted**: Total number of peers wanted</li><li>**Group Id**: Group the device belongs to (set via DownloadMode 2 + Group ID GP / MDM policies)</li><li>**Scope**: The Download mode</li><li>**UploadedBPS**: The upload speed in Bytes per Second</li><li>**DownloadBPS**: The download speed in Bytes per second</li><li>**eId**: Client grouping Id</li></ul> |
+| <ul><li>dl.delivery.mp.microsoft.com</li><li>emdl.ws.microsoft.com</li></ul> |  | Metadata download can come from different hostnames, however it is required for P2P |  

From 7df5a3510dc5b607e4538f56db7fe1737c4e269f Mon Sep 17 00:00:00 2001
From: Ashok Lobo <v-ashoklobo@microsoft.com>
Date: Mon, 6 Sep 2021 13:39:34 +0530
Subject: [PATCH 104/671] Updated for 5358843-files-1to25

---
 .../auditing/advanced-security-audit-policy-settings.md    | 6 +-----
 .../auditing/advanced-security-auditing-faq.yml            | 5 ++---
 .../auditing/advanced-security-auditing.md                 | 5 +----
 ...ity-monitoring-recommendations-for-many-audit-events.md | 6 +-----
 .../apply-a-basic-audit-policy-on-a-file-or-folder.md      | 5 +----
 .../threat-protection/auditing/audit-account-lockout.md    | 7 +------
 .../auditing/audit-application-generated.md                | 6 +-----
 .../auditing/audit-application-group-management.md         | 6 +-----
 .../auditing/audit-audit-policy-change.md                  | 6 +-----
 .../auditing/audit-authentication-policy-change.md         | 7 +------
 .../auditing/audit-authorization-policy-change.md          | 7 +------
 .../auditing/audit-central-access-policy-staging.md        | 7 +------
 .../auditing/audit-certification-services.md               | 6 +-----
 .../auditing/audit-computer-account-management.md          | 6 +-----
 .../auditing/audit-credential-validation.md                | 6 +-----
 .../audit-detailed-directory-service-replication.md        | 6 +-----
 .../auditing/audit-detailed-file-share.md                  | 6 +-----
 .../auditing/audit-directory-service-access.md             | 6 +-----
 .../auditing/audit-directory-service-changes.md            | 6 +-----
 .../auditing/audit-directory-service-replication.md        | 6 +-----
 .../auditing/audit-distribution-group-management.md        | 5 +----
 .../threat-protection/auditing/audit-dpapi-activity.md     | 6 +-----
 .../threat-protection/auditing/audit-file-share.md         | 6 +-----
 .../threat-protection/auditing/audit-file-system.md        | 5 +----
 .../auditing/audit-filtering-platform-connection.md        | 6 +-----
 .../auditing/audit-filtering-platform-packet-drop.md       | 6 +-----
 26 files changed, 27 insertions(+), 128 deletions(-)

diff --git a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md
index 85e0d38f53..f45d596295 100644
--- a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md
+++ b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md
@@ -14,16 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Advanced security audit policy settings
 
-**Applies to**
-- Windows 10
-- Windows 11
-
 This reference for IT professionals provides information about the advanced audit policy settings that are available in Windows and the audit events that they generate.
 
 The security audit policy settings under **Security Settings\\Advanced Audit Policy Configuration** can help your organization audit compliance with important business-related and security-related rules by tracking precisely defined activities, such as:
diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml
index 61dfe3d07c..3e90a4fd67 100644
--- a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml
+++ b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml
@@ -15,13 +15,12 @@ metadata:
   audience: ITPro
   ms.collection: M365-security-compliance
   ms.topic: conceptual
-  ms.date: 04/19/2017
+  ms.date: 09/06/2021
   ms.technology: mde
     
 title: Advanced security auditing FAQ
 summary: |
-  **Applies to**
-  -   Windows 10
+  
   
   This topic for the IT professional lists questions and answers about understanding, deploying, and managing security audit policies.
   
diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing.md b/windows/security/threat-protection/auditing/advanced-security-auditing.md
index 691956d81c..2e9d3a84f1 100644
--- a/windows/security/threat-protection/auditing/advanced-security-auditing.md
+++ b/windows/security/threat-protection/auditing/advanced-security-auditing.md
@@ -14,15 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/6/2021
 ms.technology: mde
 ---
 
 # Advanced security audit policies
 
-**Applies to**
--   Windows 10
-
 Advanced security audit policy settings are found in **Security Settings\\Advanced Audit Policy Configuration\\System Audit Policies** and appear to overlap with basic security audit policies, but they are recorded and applied differently.
 When you apply basic audit policy settings to the local computer by using the Local Security Policy snap-in, you are editing the effective audit policy, so changes made to basic audit policy settings will appear exactly as configured in Auditpol.exe. In Windows 7 and later, advanced security audit policies can be controlled by using Group Policy.
 
diff --git a/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md b/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md
index c892db7b11..d092d91f72 100644
--- a/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md
+++ b/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # Appendix A: Security monitoring recommendations for many audit events
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This document, the [Advanced security audit policy settings](advanced-security-audit-policy-settings.md) reference, provides information about individual audit events, and lists them within audit categories and subcategories. However, there are many events for which the following overall recommendations apply. There are links throughout this document from the “Recommendations” sections of the relevant events to this appendix.
 
diff --git a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md
index 2d63b25eb8..331e40c490 100644
--- a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md
+++ b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md
@@ -14,15 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 07/25/2018
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Apply a basic audit policy on a file or folder
 
-**Applies to**
--   Windows 10
-
 You can apply audit policies to individual files and folders on your computer by setting the permission type to record successful access attempts or failed access attempts in the security log.
 
 To complete this procedure, you must be signed in as a member of the built-in Administrators group or have **Manage auditing and security log** rights.
diff --git a/windows/security/threat-protection/auditing/audit-account-lockout.md b/windows/security/threat-protection/auditing/audit-account-lockout.md
index 77f8126a98..4837398076 100644
--- a/windows/security/threat-protection/auditing/audit-account-lockout.md
+++ b/windows/security/threat-protection/auditing/audit-account-lockout.md
@@ -11,17 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 07/16/2018
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Account Lockout
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
-
 Audit Account Lockout enables you to audit security events that are generated by a failed attempt to log on to an account that is locked out.
 
 If you configure this policy setting, an audit event is generated when an account cannot log on to a computer because the account is locked out. 
diff --git a/windows/security/threat-protection/auditing/audit-application-generated.md b/windows/security/threat-protection/auditing/audit-application-generated.md
index 7e8adee87d..c2f603a680 100644
--- a/windows/security/threat-protection/auditing/audit-application-generated.md
+++ b/windows/security/threat-protection/auditing/audit-application-generated.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Application Generated
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 Audit Application Generated generates events for actions related to Authorization Manager [applications](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc770563(v=ws.11)).
 
 Audit Application Generated subcategory is out of scope of this document, because [Authorization Manager](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc726036(v=ws.11)) is very rarely in use and it is deprecated starting from Windows Server 2012.
diff --git a/windows/security/threat-protection/auditing/audit-application-group-management.md b/windows/security/threat-protection/auditing/audit-application-group-management.md
index 647f8e28b6..7fefa5c73c 100644
--- a/windows/security/threat-protection/auditing/audit-application-group-management.md
+++ b/windows/security/threat-protection/auditing/audit-application-group-management.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Application Group Management
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 Audit Application Group Management generates events for actions related to [application groups](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc771579(v=ws.11)), such as group creation, modification, addition or removal of group member and some other actions.
 
 [Application groups](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc771579(v=ws.11)) are used by [Authorization Manager](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc726036(v=ws.11)).
diff --git a/windows/security/threat-protection/auditing/audit-audit-policy-change.md b/windows/security/threat-protection/auditing/audit-audit-policy-change.md
index 1ac2a40f94..3828ec83b4 100644
--- a/windows/security/threat-protection/auditing/audit-audit-policy-change.md
+++ b/windows/security/threat-protection/auditing/audit-audit-policy-change.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Audit Policy Change
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Audit Policy Change determines whether the operating system generates audit events when changes are made to audit policy.
 
diff --git a/windows/security/threat-protection/auditing/audit-authentication-policy-change.md b/windows/security/threat-protection/auditing/audit-authentication-policy-change.md
index 8bf74ed78f..07e3af496b 100644
--- a/windows/security/threat-protection/auditing/audit-authentication-policy-change.md
+++ b/windows/security/threat-protection/auditing/audit-authentication-policy-change.md
@@ -11,17 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Authentication Policy Change
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
-
 Audit Authentication Policy Change determines whether the operating system generates audit events when changes are made to authentication policy.
 
 Changes made to authentication policy include:
diff --git a/windows/security/threat-protection/auditing/audit-authorization-policy-change.md b/windows/security/threat-protection/auditing/audit-authorization-policy-change.md
index c00445582a..20750fbbe9 100644
--- a/windows/security/threat-protection/auditing/audit-authorization-policy-change.md
+++ b/windows/security/threat-protection/auditing/audit-authorization-policy-change.md
@@ -11,17 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Authorization Policy Change
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
-
 Audit Authorization Policy Change allows you to audit assignment and removal of user rights in user right policies, changes in security token object permission, resource attributes changes and Central Access Policy changes for file system objects.
 
 | Computer Type     | General Success | General Failure | Stronger Success | Stronger Failure | Comments                                                                                                                                                                                                                                                                                                                                                                                                                                            |
diff --git a/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md b/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md
index d63d07634a..ed8737a5d1 100644
--- a/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md
+++ b/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md
@@ -11,17 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Central Access Policy Staging
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
-
 Audit Central Access Policy Staging allows you to audit access requests where a permission granted or denied by a proposed policy differs from the current central access policy on an object.
 
 If you configure this policy setting, an audit event is generated each time a user accesses an object and the permission granted by the current central access policy on the object differs from that granted by the proposed policy. The resulting audit event is generated as follows:
diff --git a/windows/security/threat-protection/auditing/audit-certification-services.md b/windows/security/threat-protection/auditing/audit-certification-services.md
index 82fe1eac16..655f1fbbbc 100644
--- a/windows/security/threat-protection/auditing/audit-certification-services.md
+++ b/windows/security/threat-protection/auditing/audit-certification-services.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Certification Services
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 Audit Certification Services determines whether the operating system generates events when Active Directory Certificate Services (AD CS) operations are performed.
 
 Examples of AD CS operations include:
diff --git a/windows/security/threat-protection/auditing/audit-computer-account-management.md b/windows/security/threat-protection/auditing/audit-computer-account-management.md
index 677244f857..1a3c91c1a9 100644
--- a/windows/security/threat-protection/auditing/audit-computer-account-management.md
+++ b/windows/security/threat-protection/auditing/audit-computer-account-management.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Computer Account Management
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Computer Account Management determines whether the operating system generates audit events when a computer account is created, changed, or deleted.
 
diff --git a/windows/security/threat-protection/auditing/audit-credential-validation.md b/windows/security/threat-protection/auditing/audit-credential-validation.md
index 4fdf9060db..4bde8f1ddb 100644
--- a/windows/security/threat-protection/auditing/audit-credential-validation.md
+++ b/windows/security/threat-protection/auditing/audit-credential-validation.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Credential Validation
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Credential Validation determines whether the operating system generates audit events on credentials that are submitted for a user account logon request.
 
diff --git a/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md b/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md
index a6f472d018..593eb8718d 100644
--- a/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md
+++ b/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Detailed Directory Service Replication
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Detailed Directory Service Replication determines whether the operating system generates audit events that contain detailed tracking information about data that is replicated between domain controllers.
 
diff --git a/windows/security/threat-protection/auditing/audit-detailed-file-share.md b/windows/security/threat-protection/auditing/audit-detailed-file-share.md
index 4428aad464..92b53125a2 100644
--- a/windows/security/threat-protection/auditing/audit-detailed-file-share.md
+++ b/windows/security/threat-protection/auditing/audit-detailed-file-share.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Detailed File Share
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Detailed File Share allows you to audit attempts to access files and folders on a shared folder.
 
diff --git a/windows/security/threat-protection/auditing/audit-directory-service-access.md b/windows/security/threat-protection/auditing/audit-directory-service-access.md
index 608ddbfc4f..bceb0bc1d1 100644
--- a/windows/security/threat-protection/auditing/audit-directory-service-access.md
+++ b/windows/security/threat-protection/auditing/audit-directory-service-access.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Directory Service Access
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Directory Service Access determines whether the operating system generates audit events when an Active Directory Domain Services (AD DS) object is accessed.
 
diff --git a/windows/security/threat-protection/auditing/audit-directory-service-changes.md b/windows/security/threat-protection/auditing/audit-directory-service-changes.md
index 2141bbae5e..a2290c487c 100644
--- a/windows/security/threat-protection/auditing/audit-directory-service-changes.md
+++ b/windows/security/threat-protection/auditing/audit-directory-service-changes.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Directory Service Changes
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Directory Service Changes determines whether the operating system generates audit events when changes are made to objects in Active Directory Domain Services (AD DS).
 
diff --git a/windows/security/threat-protection/auditing/audit-directory-service-replication.md b/windows/security/threat-protection/auditing/audit-directory-service-replication.md
index df8ddc7f12..8bbcc73020 100644
--- a/windows/security/threat-protection/auditing/audit-directory-service-replication.md
+++ b/windows/security/threat-protection/auditing/audit-directory-service-replication.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Directory Service Replication
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Directory Service Replication determines whether the operating system generates audit events when replication between two domain controllers begins and ends.
 
diff --git a/windows/security/threat-protection/auditing/audit-distribution-group-management.md b/windows/security/threat-protection/auditing/audit-distribution-group-management.md
index 352eea4cfe..18f52d6dea 100644
--- a/windows/security/threat-protection/auditing/audit-distribution-group-management.md
+++ b/windows/security/threat-protection/auditing/audit-distribution-group-management.md
@@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Distribution Group Management
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
 
 Audit Distribution Group Management determines whether the operating system generates audit events for specific distribution-group management tasks.
 
diff --git a/windows/security/threat-protection/auditing/audit-dpapi-activity.md b/windows/security/threat-protection/auditing/audit-dpapi-activity.md
index 9661ffe602..ce489d62ac 100644
--- a/windows/security/threat-protection/auditing/audit-dpapi-activity.md
+++ b/windows/security/threat-protection/auditing/audit-dpapi-activity.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit DPAPI Activity
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit [DPAPI](/previous-versions/ms995355(v=msdn.10)) Activity determines whether the operating system generates audit events when encryption or decryption calls are made into the data protection application interface ([DPAPI](/previous-versions/ms995355(v=msdn.10))).
 
diff --git a/windows/security/threat-protection/auditing/audit-file-share.md b/windows/security/threat-protection/auditing/audit-file-share.md
index 88b51b6a3f..97c2332179 100644
--- a/windows/security/threat-protection/auditing/audit-file-share.md
+++ b/windows/security/threat-protection/auditing/audit-file-share.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit File Share
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit File Share allows you to audit events related to file shares: creation, deletion, modification, and access attempts. Also, it shows failed SMB SPN checks.
 
diff --git a/windows/security/threat-protection/auditing/audit-file-system.md b/windows/security/threat-protection/auditing/audit-file-system.md
index 98f61fc786..17787cf470 100644
--- a/windows/security/threat-protection/auditing/audit-file-system.md
+++ b/windows/security/threat-protection/auditing/audit-file-system.md
@@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit File System
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
 
 > [!NOTE]
 > For more details about applicability on older operating system versions, read the article [Audit File System](/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn319068(v=ws.11)).
diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md b/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md
index e4829f1e56..7e0478f79f 100644
--- a/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md
+++ b/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Filtering Platform Connection
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Filtering Platform Connection determines whether the operating system generates audit events when connections are allowed or blocked by the [Windows Filtering Platform](/windows/win32/fwp/windows-filtering-platform-start-page).
 
diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md b/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md
index d6131681ec..dae76cc66f 100644
--- a/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md
+++ b/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Filtering Platform Packet Drop
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Filtering Platform Packet Drop determines whether the operating system generates audit events when packets are dropped by the [Windows Filtering Platform](/windows/win32/fwp/windows-filtering-platform-start-page).
 

From 7ab0e861984d7218efb9ad27f7d6d47bd82e95ef Mon Sep 17 00:00:00 2001
From: Asha Iyengar <v-aiyengar@microsoft.com>
Date: Mon, 6 Sep 2021 13:56:05 +0530
Subject: [PATCH 105/671] Corrected blocking issue

---
 .../auditing/advanced-security-auditing-faq.yml                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml
index 3e90a4fd67..c3c1ecbe92 100644
--- a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml
+++ b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml
@@ -22,7 +22,7 @@ title: Advanced security auditing FAQ
 summary: |
   
   
-  This topic for the IT professional lists questions and answers about understanding, deploying, and managing security audit policies.
+This topic for the IT professional lists questions and answers about understanding, deploying, and managing security audit policies.
   
   -   [What is Windows security auditing and why might I want to use it?](#what-is-windows-security-auditing-and-why-might-i-want-to-use-it-)
   -   [What is the difference between audit policies located in Local Policies\\Audit Policy and audit policies located in Advanced Audit Policy Configuration?](#what-is-the-difference-between-audit-policies-located-in-local-policies--audit-policy-and-audit-policies-located-in-advanced-audit-policy-configuration-)

From 2e8cd0e8200063e241528629c88d7d843fddbe48 Mon Sep 17 00:00:00 2001
From: Ashok Lobo <v-ashoklobo@microsoft.com>
Date: Mon, 6 Sep 2021 14:10:38 +0530
Subject: [PATCH 106/671] Updated

---
 .../auditing/advanced-security-auditing-faq.yml             | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml
index 3e90a4fd67..7341b721a6 100644
--- a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml
+++ b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml
@@ -19,10 +19,8 @@ metadata:
   ms.technology: mde
     
 title: Advanced security auditing FAQ
-summary: |
-  
-  
-  This topic for the IT professional lists questions and answers about understanding, deploying, and managing security audit policies.
+
+This topic for the IT professional lists questions and answers about understanding, deploying, and managing security audit policies.
   
   -   [What is Windows security auditing and why might I want to use it?](#what-is-windows-security-auditing-and-why-might-i-want-to-use-it-)
   -   [What is the difference between audit policies located in Local Policies\\Audit Policy and audit policies located in Advanced Audit Policy Configuration?](#what-is-the-difference-between-audit-policies-located-in-local-policies--audit-policy-and-audit-policies-located-in-advanced-audit-policy-configuration-)

From aa0b279205831619b050cba6339e4ed923fc6f8a Mon Sep 17 00:00:00 2001
From: Ashok Lobo <v-ashoklobo@microsoft.com>
Date: Mon, 6 Sep 2021 14:16:59 +0530
Subject: [PATCH 107/671] Updated

---
 .../auditing/advanced-security-auditing-faq.yml                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml
index 3f9281aea4..92cfb0b820 100644
--- a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml
+++ b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml
@@ -22,7 +22,7 @@ title: Advanced security auditing FAQ
 
 
 
-This topic for the IT professional lists questions and answers about understanding, deploying, and managing security audit policies.
+  This topic for the IT professional lists questions and answers about understanding, deploying, and managing security audit policies.
   
   -   [What is Windows security auditing and why might I want to use it?](#what-is-windows-security-auditing-and-why-might-i-want-to-use-it-)
   -   [What is the difference between audit policies located in Local Policies\\Audit Policy and audit policies located in Advanced Audit Policy Configuration?](#what-is-the-difference-between-audit-policies-located-in-local-policies--audit-policy-and-audit-policies-located-in-advanced-audit-policy-configuration-)

From 51c4c48cee9aa74697e6e4ee0837a2bda6696a11 Mon Sep 17 00:00:00 2001
From: Ashok Lobo <v-ashoklobo@microsoft.com>
Date: Mon, 6 Sep 2021 17:10:01 +0530
Subject: [PATCH 108/671] Updated for 5358843-files-26to50

---
 .../auditing/audit-filtering-platform-packet-drop.md      | 6 +-----
 .../auditing/audit-filtering-platform-policy-change.md    | 5 +----
 .../threat-protection/auditing/audit-group-membership.md  | 5 +----
 .../auditing/audit-handle-manipulation.md                 | 5 +----
 .../threat-protection/auditing/audit-ipsec-driver.md      | 5 +----
 .../auditing/audit-ipsec-extended-mode.md                 | 6 +-----
 .../threat-protection/auditing/audit-ipsec-main-mode.md   | 5 +----
 .../threat-protection/auditing/audit-ipsec-quick-mode.md  | 5 +----
 .../auditing/audit-kerberos-authentication-service.md     | 6 +-----
 .../auditing/audit-kerberos-service-ticket-operations.md  | 6 +-----
 .../threat-protection/auditing/audit-kernel-object.md     | 6 +-----
 .../security/threat-protection/auditing/audit-logoff.md   | 6 +-----
 .../security/threat-protection/auditing/audit-logon.md    | 6 +-----
 .../auditing/audit-mpssvc-rule-level-policy-change.md     | 6 +-----
 .../auditing/audit-network-policy-server.md               | 5 +----
 .../auditing/audit-non-sensitive-privilege-use.md         | 6 +-----
 .../auditing/audit-other-account-logon-events.md          | 6 +-----
 .../auditing/audit-other-account-management-events.md     | 6 +-----
 .../auditing/audit-other-logonlogoff-events.md            | 6 +-----
 .../auditing/audit-other-object-access-events.md          | 6 +-----
 .../auditing/audit-other-policy-change-events.md          | 6 +-----
 .../auditing/audit-other-privilege-use-events.md          | 5 +----
 .../auditing/audit-other-system-events.md                 | 8 ++------
 .../threat-protection/auditing/audit-pnp-activity.md      | 6 +-----
 .../threat-protection/auditing/audit-process-creation.md  | 6 +-----
 25 files changed, 26 insertions(+), 118 deletions(-)

diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md b/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md
index d6131681ec..dae76cc66f 100644
--- a/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md
+++ b/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Filtering Platform Packet Drop
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Filtering Platform Packet Drop determines whether the operating system generates audit events when packets are dropped by the [Windows Filtering Platform](/windows/win32/fwp/windows-filtering-platform-start-page).
 
diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md b/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md
index b3a9837cd5..8a77aee208 100644
--- a/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md
+++ b/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md
@@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Filtering Platform Policy Change
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
 
 Audit Filtering Platform Policy Change allows you to audit events generated by changes to the [Windows Filtering Platform](/windows/win32/fwp/windows-filtering-platform-start-page) (WFP), such as the following:
 
diff --git a/windows/security/threat-protection/auditing/audit-group-membership.md b/windows/security/threat-protection/auditing/audit-group-membership.md
index 37a86a6424..904bc669cb 100644
--- a/windows/security/threat-protection/auditing/audit-group-membership.md
+++ b/windows/security/threat-protection/auditing/audit-group-membership.md
@@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Group Membership
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
 
 By using Audit Group Membership, you can audit group memberships when they're enumerated on the client computer.
 
diff --git a/windows/security/threat-protection/auditing/audit-handle-manipulation.md b/windows/security/threat-protection/auditing/audit-handle-manipulation.md
index e82188ac78..1003455f12 100644
--- a/windows/security/threat-protection/auditing/audit-handle-manipulation.md
+++ b/windows/security/threat-protection/auditing/audit-handle-manipulation.md
@@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Handle Manipulation
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
 
 Audit Handle Manipulation enables generation of “4658: The handle to an object was closed” in [Audit File System](audit-file-system.md), [Audit Kernel Object](audit-kernel-object.md), [Audit Registry](audit-registry.md), [Audit Removable Storage](audit-removable-storage.md) and [Audit SAM](audit-sam.md) subcategories, and shows object’s handle duplication and close actions.
 
diff --git a/windows/security/threat-protection/auditing/audit-ipsec-driver.md b/windows/security/threat-protection/auditing/audit-ipsec-driver.md
index 606acf77a3..108d9f2155 100644
--- a/windows/security/threat-protection/auditing/audit-ipsec-driver.md
+++ b/windows/security/threat-protection/auditing/audit-ipsec-driver.md
@@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 10/02/2018
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit IPsec Driver
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
 
 Audit IPsec Driver allows you to audit events generated by IPSec driver such as the following:
 
diff --git a/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md
index 179c4e5e22..502f29b57d 100644
--- a/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md
+++ b/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 10/02/2018
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit IPsec Extended Mode
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit IPsec Extended Mode allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Extended Mode negotiations.
 
diff --git a/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md
index 092717cc70..c3f71a182d 100644
--- a/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md
+++ b/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md
@@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 10/02/2018
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit IPsec Main Mode
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
 
 Audit IPsec Main Mode allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Main Mode negotiations.
 
diff --git a/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md
index fefab72132..0424935c98 100644
--- a/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md
+++ b/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md
@@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 10/02/2018
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit IPsec Quick Mode
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
 
 Audit IPsec Quick Mode allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Quick Mode negotiations.
 
diff --git a/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md b/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md
index 14495b2794..ac184cba5f 100644
--- a/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md
+++ b/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Kerberos Authentication Service
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Kerberos Authentication Service determines whether to generate audit events for Kerberos authentication ticket-granting ticket (TGT) requests.
 
diff --git a/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md b/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md
index 3bbaa165ef..788a0eccd6 100644
--- a/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md
+++ b/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Kerberos Service Ticket Operations
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Kerberos Service Ticket Operations determines whether the operating system generates security audit events for Kerberos service ticket requests.
 
diff --git a/windows/security/threat-protection/auditing/audit-kernel-object.md b/windows/security/threat-protection/auditing/audit-kernel-object.md
index f93ad96e33..f0329f57a4 100644
--- a/windows/security/threat-protection/auditing/audit-kernel-object.md
+++ b/windows/security/threat-protection/auditing/audit-kernel-object.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Kernel Object
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Kernel Object determines whether the operating system generates audit events when users attempt to access the system kernel, which includes mutexes and semaphores.
 
diff --git a/windows/security/threat-protection/auditing/audit-logoff.md b/windows/security/threat-protection/auditing/audit-logoff.md
index a07a10fd9a..eadeed6ed8 100644
--- a/windows/security/threat-protection/auditing/audit-logoff.md
+++ b/windows/security/threat-protection/auditing/audit-logoff.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 07/16/2018
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Logoff
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Logoff determines whether the operating system generates audit events when logon sessions are terminated.
 
diff --git a/windows/security/threat-protection/auditing/audit-logon.md b/windows/security/threat-protection/auditing/audit-logon.md
index e87dd6ad1d..b6b71c23f6 100644
--- a/windows/security/threat-protection/auditing/audit-logon.md
+++ b/windows/security/threat-protection/auditing/audit-logon.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Logon
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Logon determines whether the operating system generates audit events when a user attempts to log on to a computer.
 
diff --git a/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md b/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md
index 5107277a3d..ff61afa77f 100644
--- a/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md
+++ b/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit MPSSVC Rule-Level Policy Change
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit MPSSVC Rule-Level Policy Change determines whether the operating system generates audit events when changes are made to policy rules for the Microsoft Protection Service (MPSSVC.exe).
 
diff --git a/windows/security/threat-protection/auditing/audit-network-policy-server.md b/windows/security/threat-protection/auditing/audit-network-policy-server.md
index d6ac9d53e5..016e6d53d7 100644
--- a/windows/security/threat-protection/auditing/audit-network-policy-server.md
+++ b/windows/security/threat-protection/auditing/audit-network-policy-server.md
@@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Network Policy Server
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
 
 Audit Network Policy Server allows you to audit events generated by RADIUS (IAS) and Network Access Protection (NAP) activity related to user access requests. These requests can be Grant, Deny, Discard, Quarantine, Lock, and Unlock.
 
diff --git a/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md b/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md
index 8cf59016dd..7ef4be2fc3 100644
--- a/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md
+++ b/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Non-Sensitive Privilege Use
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Non-Sensitive Privilege Use contains events that show usage of non-sensitive privileges. This is the list of non-sensitive privileges:
 
diff --git a/windows/security/threat-protection/auditing/audit-other-account-logon-events.md b/windows/security/threat-protection/auditing/audit-other-account-logon-events.md
index 39fa1e83de..fc85d54a1a 100644
--- a/windows/security/threat-protection/auditing/audit-other-account-logon-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-account-logon-events.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Other Account Logon Events
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 **General Subcategory Information:**
 
diff --git a/windows/security/threat-protection/auditing/audit-other-account-management-events.md b/windows/security/threat-protection/auditing/audit-other-account-management-events.md
index bb5d7120a3..bab6689283 100644
--- a/windows/security/threat-protection/auditing/audit-other-account-management-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-account-management-events.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Other Account Management Events
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Other Account Management Events determines whether the operating system generates user account management audit events.
 
diff --git a/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md b/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md
index c123e22ef8..032d65589e 100644
--- a/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Other Logon/Logoff Events
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Other Logon/Logoff Events determines whether Windows generates audit events for other logon or logoff events.
 
diff --git a/windows/security/threat-protection/auditing/audit-other-object-access-events.md b/windows/security/threat-protection/auditing/audit-other-object-access-events.md
index a485aa2d07..1a82bd54e1 100644
--- a/windows/security/threat-protection/auditing/audit-other-object-access-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-object-access-events.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 05/29/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Other Object Access Events
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Other Object Access Events allows you to monitor operations with scheduled tasks, COM+ objects and indirect object access requests.
 
diff --git a/windows/security/threat-protection/auditing/audit-other-policy-change-events.md b/windows/security/threat-protection/auditing/audit-other-policy-change-events.md
index 5f55e34285..61ed449132 100644
--- a/windows/security/threat-protection/auditing/audit-other-policy-change-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-policy-change-events.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Other Policy Change Events
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Other Policy Change Events contains events about EFS Data Recovery Agent policy changes, changes in Windows Filtering Platform filter, status on Security policy settings updates for local Group Policy settings, Central Access Policy changes, and detailed troubleshooting events for Cryptographic Next Generation (CNG) operations.
 
diff --git a/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md b/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md
index 7e8dea77c3..ed0e6fde50 100644
--- a/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md
@@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Other Privilege Use Events
 
-**Applies to**
-- Windows 10
-- Windows Server 2016
 
 This auditing subcategory should not have any events in it, but for some reason Success auditing will enable the generation of event [4985(S): The state of a transaction has changed](/windows/security/threat-protection/auditing/event-4985).
 
diff --git a/windows/security/threat-protection/auditing/audit-other-system-events.md b/windows/security/threat-protection/auditing/audit-other-system-events.md
index 7554066d42..8762fb22fc 100644
--- a/windows/security/threat-protection/auditing/audit-other-system-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-system-events.md
@@ -11,17 +11,13 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Other System Events
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
-
+ 
 Audit Other System Events contains Windows Firewall Service and Windows Firewall driver start and stop events, failure events for these services and Windows Firewall Service policy processing failures.
 
 Audit Other System Events determines whether the operating system audits various system events.
diff --git a/windows/security/threat-protection/auditing/audit-pnp-activity.md b/windows/security/threat-protection/auditing/audit-pnp-activity.md
index 16b696e3a2..23779f6a95 100644
--- a/windows/security/threat-protection/auditing/audit-pnp-activity.md
+++ b/windows/security/threat-protection/auditing/audit-pnp-activity.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit PNP Activity
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit PNP Activity determines when Plug and Play detects an external device.
 
diff --git a/windows/security/threat-protection/auditing/audit-process-creation.md b/windows/security/threat-protection/auditing/audit-process-creation.md
index 456c7082b1..1e0c857ede 100644
--- a/windows/security/threat-protection/auditing/audit-process-creation.md
+++ b/windows/security/threat-protection/auditing/audit-process-creation.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Process Creation
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Process Creation determines whether the operating system generates audit events when a process is created (starts).
 

From 5d77e99308e196b7a564ab46beb29238c3178600 Mon Sep 17 00:00:00 2001
From: Ashok Lobo <v-ashoklobo@microsoft.com>
Date: Mon, 6 Sep 2021 17:37:22 +0530
Subject: [PATCH 109/671] Updated

---
 .../auditing/audit-other-account-logon-events.md            | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/auditing/audit-other-account-logon-events.md b/windows/security/threat-protection/auditing/audit-other-account-logon-events.md
index fc85d54a1a..4550778fca 100644
--- a/windows/security/threat-protection/auditing/audit-other-account-logon-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-account-logon-events.md
@@ -24,7 +24,7 @@ This auditing subcategory does not contain any events. It is intended for future
 
 | Computer Type     | General Success | General Failure | Stronger Success | Stronger Failure | Comments                                                                                                                   |
 |-------------------|-----------------|-----------------|------------------|------------------|----------------------------------------------------------------------------------------------------------------------------|
-| Domain Controller | No              | No              | No               | No               | This auditing subcategory does not contain any events. It is intended for future use, and there is no reason to enable it. |
-| Member Server     | No              | No              | No               | No               | This auditing subcategory does not contain any events. It is intended for future use, and there is no reason to enable it. |
-| Workstation       | No              | No              | No               | No               | This auditing subcategory does not contain any events. It is intended for future use, and there is no reason to enable it. |
+| Domain Controller | No              | No              | No               | No               | This auditing subcategory does not contain any events. Intended for future use, and there is no reason to enable it. |
+| Member Server     | No              | No              | No               | No               | This auditing subcategory does not contain any events. Intended for future use, and there is no reason to enable it. |
+| Workstation       | No              | No              | No               | No               | This auditing subcategory does not contain any events. Intended for future use, and there is no reason to enable it. |
 

From 1bef30317bfa50a4de0d2c41b7befed8610e9ac3 Mon Sep 17 00:00:00 2001
From: Meghana Athavale <v-mathavale@microsoft.com>
Date: Mon, 6 Sep 2021 17:50:53 +0530
Subject: [PATCH 110/671] Updated for W11

---
 ...ackup-tpm-recovery-information-to-ad-ds.md | 11 ++++---
 .../tpm/change-the-tpm-owner-password.md      | 18 +++++------
 .../tpm/how-windows-uses-the-tpm.md           | 30 +++++++++---------
 ...lize-and-configure-ownership-of-the-tpm.md | 31 ++++++++++---------
 .../tpm/manage-tpm-commands.md                |  7 +++--
 .../tpm/manage-tpm-lockout.md                 | 13 ++++----
 .../switch-pcr-banks-on-tpm-2-0-devices.md    | 13 ++++----
 .../tpm/tpm-fundamentals.md                   | 11 ++++---
 .../tpm/tpm-recommendations.md                | 21 +++++++------
 .../tpm/trusted-platform-module-overview.md   | 12 +++----
 ...m-module-services-group-policy-settings.md | 11 ++++---
 .../tpm/trusted-platform-module-top-node.md   | 11 ++++---
 12 files changed, 99 insertions(+), 90 deletions(-)

diff --git a/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md b/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md
index 496b94e463..9e8fb338ce 100644
--- a/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md
+++ b/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md
@@ -1,5 +1,5 @@
 ---
-title: Back up the TPM recovery information to AD DS (Windows 10)
+title: Back up the TPM recovery information to AD DS (Windows)
 description: This topic for the IT professional describes backup of Trusted Platform Module (TPM) information.
 ms.assetid: 62bcec80-96a1-464e-8b3f-d177a7565ac5
 ms.reviewer: 
@@ -13,20 +13,21 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/03/2021
 ---
 
 # Back up the TPM recovery information to AD DS
 
 **Applies to**
--   Windows 10, version 1511
--   Windows 10, version 1507
+-   Windows 10
+-   Windows 11
+-   Windows Server 2016 and above
 
 **Does not apply to**
 
 -   Windows 10, version 1607 or later
 
-With Windows 10, versions 1511 and 1507, you can back up a computer’s Trusted Platform Module (TPM) information to Active Directory Domain Services (AD DS). By doing this, you can use AD DS to administer the TPM from a remote computer. The procedure is the same as it was for Windows 8.1. For more information, see [Backup the TPM Recovery Information to AD DS](/previous-versions/windows/it-pro/windows-8.1-and-8/dn466534(v=ws.11)).
+With Windows 10, versions 1511 and 1507, or Windows 11, you can back up a computer’s Trusted Platform Module (TPM) information to Active Directory Domain Services (AD DS). By doing this, you can use AD DS to administer the TPM from a remote computer. The procedure is the same as it was for Windows 8.1. For more information, see [Backup the TPM Recovery Information to AD DS](/previous-versions/windows/it-pro/windows-8.1-and-8/dn466534(v=ws.11)).
 
 ## Related topics
 
diff --git a/windows/security/information-protection/tpm/change-the-tpm-owner-password.md b/windows/security/information-protection/tpm/change-the-tpm-owner-password.md
index 2a57c4f6c9..c139f7a4df 100644
--- a/windows/security/information-protection/tpm/change-the-tpm-owner-password.md
+++ b/windows/security/information-protection/tpm/change-the-tpm-owner-password.md
@@ -1,5 +1,5 @@
 ---
-title: Change the TPM owner password (Windows 10)
+title: Change the TPM owner password (Windows)
 description: This topic for the IT professional describes how to change the password or PIN for the owner of the Trusted Platform Module (TPM) that is installed on your system.
 ms.assetid: e43dcff3-acb4-4a92-8816-d6b64b7f2f45
 ms.reviewer: 
@@ -13,24 +13,24 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/03/2021
 ---
 
 # Change the TPM owner password
 
 **Applies to**
--   Windows 10, version 1511
--   Windows 10, version 1507
--   TPM 1.2
+-   Windows 10
+-   Windows 11
+-   Windows Server 2016 and above
 
 This topic for the IT professional describes how to change the password or PIN for the owner of the Trusted Platform Module (TPM) that is installed on your system.
 
 ## About the TPM owner password
 
-Starting with Windows 10, version 1607, Windows will not retain the TPM owner password when provisioning the TPM. The password will be set to a random high entropy value and then discarded.
+Starting with Windows 10, version 1607, or Windows 11, Windows will not retain the TPM owner password when provisioning the TPM. The password will be set to a random high entropy value and then discarded.
 
 > [!IMPORTANT]
-> Although the TPM owner password is not retained starting with Windows 10, version 1607, you can change a default registry key to retain it. However, we strongly recommend that you do not make this change. To retain the TPM owner password, set the registry key 'HKLM\\Software\\Policies\\Microsoft\\TPM' \[REG\_DWORD\] 'OSManagedAuthLevel' to 4. The default value for this key is 2, and unless it is changed to 4 before the TPM is provisioned, the owner password will not be saved.
+> Although the TPM owner password is not retained starting with Windows 10, version 1607, or Windows 11, you can change a default registry key to retain it. However, we strongly recommend that you do not make this change. To retain the TPM owner password, set the registry key 'HKLM\\Software\\Policies\\Microsoft\\TPM' \[REG\_DWORD\] 'OSManagedAuthLevel' to 4. The default value for this key is 2, and unless it is changed to 4 before the TPM is provisioned, the owner password will not be saved.
 
 Only one owner password exists for each TPM. The TPM owner password allows the ability to enable, disable, or clear the TPM without having physical access to the computer, for example, by using the command-line tools remotely. The TPM owner password also allows manipulation of the TPM dictionary attack logic. Taking ownership of the TPM is performed by Windows as part of the provisioning process on each boot. Ownership can change when you share the password or clear your ownership of the TPM so someone else can initialize it.
 
@@ -42,11 +42,11 @@ Instead of changing your owner password, you can also use the following options
 
 -   **Clear the TPM**   If you want to invalidate all of the existing keys that have been created since you took ownership of the TPM, you can clear it. For important precautions for this process, and instructions for completing it, see [Clear all the keys from the TPM](initialize-and-configure-ownership-of-the-tpm.md#clear-all-the-keys-from-the-tpm).
 
--   **Turn off the TPM**   With TPM 1.2 and Windows 10, versions 1507 and 1511, you can turn off the TPM. Do this if you want to keep all existing keys and data intact and disable the services that are provided by the TPM. For more info, see [Turn off the TPM](initialize-and-configure-ownership-of-the-tpm.md#turn-off-the-tpm).
+-   **Turn off the TPM**   With TPM 1.2 and Windows 10, versions 1507 and 1511, or Windows 11, you can turn off the TPM. Do this if you want to keep all existing keys and data intact and disable the services that are provided by the TPM. For more info, see [Turn off the TPM](initialize-and-configure-ownership-of-the-tpm.md#turn-off-the-tpm).
 
 ## Change the TPM owner password
 
-With Windows 10, version 1507 or 1511, if you have opted specifically to preserve the TPM owner password, you can use the saved password to change to a new password.
+With Windows 10, version 1507 or 1511, or Windows 11, if you have opted specifically to preserve the TPM owner password, you can use the saved password to change to a new password.
 
 To change to a new TPM owner password, in TPM.msc, click **Change Owner Password**, and follow the instructions. You will be prompted to provide the owner password file or to type the password. Then you can create a new password, either automatically or manually, and save the password in a file or as a printout.
 
diff --git a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md b/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md
index dd9e12558e..532dc2607c 100644
--- a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md
+++ b/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md
@@ -14,12 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 10/27/2017
+ms.date: 09/03/2021
 ---
 
-# How Windows 10 uses the Trusted Platform Module
+# How Windows uses the Trusted Platform Module
 
-The Windows 10 operating system improves most existing security features in the operating system and adds groundbreaking new security features such as Device Guard and Windows Hello for Business. It places hardware-based security deeper inside the operating system than previous Windows versions had done, maximizing platform security while increasing usability. To achieve many of these security enhancements, Windows 10 makes extensive use of the Trusted Platform Module (TPM). This article offers a brief overview of the TPM, describes how it works, and discusses the benefits that TPM brings to Windows 10—as well as the cumulative security impact of running Windows 10 on a PC that contains a TPM.
+The Windows operating system improves most existing security features in the operating system and adds groundbreaking new security features such as Device Guard and Windows Hello for Business. It places hardware-based security deeper inside the operating system than previous Windows versions had done, maximizing platform security while increasing usability. To achieve many of these security enhancements, Windows makes extensive use of the Trusted Platform Module (TPM). This article offers a brief overview of the TPM, describes how it works, and discusses the benefits that TPM brings to Windows as well as the cumulative security impact of running Windows on a PC that contains a TPM.
 
 
 **See also:**
@@ -36,7 +36,7 @@ The TPM is a cryptographic module that enhances computer security and privacy. P
 
 Historically, TPMs have been discrete chips soldered to a computer’s motherboard. Such implementations allow the computer’s original equipment manufacturer (OEM) to evaluate and certify the TPM separate from the rest of the system. Although discrete TPM implementations are still common, they can be problematic for integrated devices that are small or have low power consumption. Some newer TPM implementations integrate TPM functionality into the same chipset as other platform components while still providing logical separation similar to discrete TPM chips.
 
-TPMs are passive: they receive commands and return responses. To realize the full benefit of a TPM, the OEM must carefully integrate system hardware and firmware with the TPM to send it commands and react to its responses. TPMs were originally designed to provide security and privacy benefits to a platform’s owner and users, but newer versions can provide security and privacy benefits to the system hardware itself. Before it can be used for advanced scenarios, a TPM must be provisioned. Windows 10 automatically provisions a TPM, but if the user reinstalls the operating system, he or she may need to tell the operating system to explicitly provision the TPM again before it can use all the TPM’s features.
+TPMs are passive: they receive commands and return responses. To realize the full benefit of a TPM, the OEM must carefully integrate system hardware and firmware with the TPM to send it commands and react to its responses. TPMs were originally designed to provide security and privacy benefits to a platform’s owner and users, but newer versions can provide security and privacy benefits to the system hardware itself. Before it can be used for advanced scenarios, a TPM must be provisioned. Windows automatically provisions a TPM, but if the user reinstalls the operating system, he or she may need to tell the operating system to explicitly provision the TPM again before it can use all the TPM’s features.
 
 The Trusted Computing Group (TCG) is the nonprofit organization that publishes and maintains the TPM specification. The TCG exists to develop, define, and promote vendor-neutral, global industry standards that support a hardware-based root of trust for interoperable trusted computing platforms. The TCG also publishes the TPM specification as the international standard ISO/IEC 11889, using the Publicly Available Specification Submission Process that the Joint Technical Committee 1 defines between the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
 
@@ -46,9 +46,9 @@ The TCG designed the TPM as a low-cost, mass-market security solution that addre
 
 Certification programs for TPMs—and technology in general—continue to evolve as the speed of innovation increases. Although having a TPM is clearly better than not having a TPM, Microsoft’s best advice is to determine your organization’s security needs and research any regulatory requirements associated with procurement for your industry. The result is a balance between scenarios used, assurance level, cost, convenience, and availability.
 
-## TPM in Windows 10
+## TPM in Windows 
 
-The security features of Windows 10 combined with the benefits of a TPM offer practical security and privacy benefits. The following sections start with major TPM-related security features in Windows 10 and go on to describe how key technologies use the TPM to enable or increase security.
+The security features of Windows combined with the benefits of a TPM offer practical security and privacy benefits. The following sections start with major TPM-related security features in Windows and go on to describe how key technologies use the TPM to enable or increase security.
 
 ## Platform Crypto Provider
 
@@ -62,7 +62,7 @@ The Platform Crypto Provider, introduced in the Windows 8 operating system, expo
 
 •	**Dictionary attack protection**. Keys that a TPM protects can require an authorization value such as a PIN. With dictionary attack protection, the TPM can prevent attacks that attempt a large number of guesses to determine the PIN. After too many guesses, the TPM simply returns an error saying no more guesses are allowed for a period of time. Software solutions might provide similar features, but they cannot provide the same level of protection, especially if the system restarts, the system clock changes, or files on the hard disk that count failed guesses are rolled back. In addition, with dictionary attack protection, authorization values such as PINs can be shorter and easier to remember while still providing the same level of protection as more complex values when using software solutions.
 
-These TPM features give Platform Crypto Provider distinct advantages over software-based solutions. A practical way to see these benefits in action is when using certificates on a Windows 10 device. On platforms that include a TPM, Windows can use the Platform Crypto Provider to provide certificate storage. Certificate templates can specify that a TPM use the Platform Crypto Provider to protect the key associated with a certificate. In mixed environments, where some computers might not have a TPM, the certificate template could simply prefer the Platform Crypto Provider over the standard Windows software provider. If a certificate is configured as not able to be exported, the private key for the certificate is restricted and cannot be exported from the TPM. If the certificate requires a PIN, the PIN gains the TPM’s dictionary attack protection automatically.
+These TPM features give Platform Crypto Provider distinct advantages over software-based solutions. A practical way to see these benefits in action is when using certificates on a Windows device. On platforms that include a TPM, Windows can use the Platform Crypto Provider to provide certificate storage. Certificate templates can specify that a TPM use the Platform Crypto Provider to protect the key associated with a certificate. In mixed environments, where some computers might not have a TPM, the certificate template could simply prefer the Platform Crypto Provider over the standard Windows software provider. If a certificate is configured as not able to be exported, the private key for the certificate is restricted and cannot be exported from the TPM. If the certificate requires a PIN, the PIN gains the TPM’s dictionary attack protection automatically.
 
 ## Virtual Smart Card
 
@@ -102,11 +102,11 @@ In the most common configuration, BitLocker encrypts the operating system volume
 
 Device hardware characteristics are important to BitLocker and its ability to protect data. One consideration is whether the device provides attack vectors when the system is at the logon screen. For example, if the Windows device has a port that allows direct memory access so that someone can plug in hardware and read memory, an attacker can read the operating system volume’s decryption key from memory while at the Windows logon screen. To mitigate this risk, organizations can configure BitLocker so that the TPM key requires both the correct software measurements and an authorization value. The system startup process stops at Windows Boot Manager, and the user is prompted to enter the authorization value for the TPM key or insert a USB device with the value. This process stops BitLocker from automatically loading the key into memory where it might be vulnerable, but has a less desirable user experience.
 
-Newer hardware and Windows 10 work better together to disable direct memory access through ports and reduce attack vectors. The result is that organizations can deploy more systems without requiring users to enter additional authorization information during the startup process. The right hardware allows BitLocker to be used with the “TPM-only” configuration giving users a single sign-on experience without having to enter a PIN or USB key during boot.
+Newer hardware and Windows work better together to disable direct memory access through ports and reduce attack vectors. The result is that organizations can deploy more systems without requiring users to enter additional authorization information during the startup process. The right hardware allows BitLocker to be used with the “TPM-only” configuration giving users a single sign-on experience without having to enter a PIN or USB key during boot.
 
 ## Device Encryption
 
-Device Encryption is the consumer version of BitLocker, and it uses the same underlying technology. How it works is if a customer logs on with a Microsoft account and the system meets Modern Standby hardware requirements, BitLocker Drive Encryption is enabled automatically in Windows 10. The recovery key is backed up in the Microsoft cloud and is accessible to the consumer through his or her Microsoft account. The Modern Standby hardware requirements inform Windows 10 that the hardware is appropriate for deploying Device Encryption and allows use of the “TPM-only” configuration for a simple consumer experience. In addition, Modern Standby hardware is designed to reduce the likelihood that measurement values change and prompt the customer for the recovery key.
+Device Encryption is the consumer version of BitLocker, and it uses the same underlying technology. How it works is if a customer logs on with a Microsoft account and the system meets Modern Standby hardware requirements, BitLocker Drive Encryption is enabled automatically in Windows. The recovery key is backed up in the Microsoft cloud and is accessible to the consumer through his or her Microsoft account. The Modern Standby hardware requirements inform Windows that the hardware is appropriate for deploying Device Encryption and allows use of the “TPM-only” configuration for a simple consumer experience. In addition, Modern Standby hardware is designed to reduce the likelihood that measurement values change and prompt the customer for the recovery key.
 
 For software measurements, Device Encryption relies on measurements of the authority providing software components (based on code signing from manufacturers such as OEMs or Microsoft) instead of the precise hashes of the software components themselves. This permits servicing of components without changing the resulting measurement values. For configuration measurements, the values used are based on the boot security policy instead of the numerous other configuration settings recorded during startup. These values also change less frequently. The result is that Device Encryption is enabled on appropriate hardware in a user-friendly way while also protecting data.
 
@@ -122,7 +122,7 @@ TPM measurements are designed to avoid recording any privacy-sensitive informati
 
 The TPM provides the following way for scenarios to use the measurements recorded in the TPM during boot:
 
-•	**Remote Attestation**.  Using an attestation identity key, the TPM can generate and cryptographically sign a statement (or*quote*) of the current measurements in the TPM. Windows 10 can create unique attestation identity keys for various scenarios to prevent separate evaluators from collaborating to track the same device. Additional information in the quote is cryptographically scrambled to limit information sharing and better protect privacy. By sending the quote to a remote entity, a device can attest which software and configuration settings were used to boot the device and initialize the operating system. An attestation identity key certificate can provide further assurance that the quote is coming from a real TPM. Remote attestation is the process of recording measurements in the TPM, generating a quote, and sending the quote information to another system that evaluates the measurements to establish trust in a device. Figure 2 illustrates this process.
+•	**Remote Attestation**.  Using an attestation identity key, the TPM can generate and cryptographically sign a statement (or*quote*) of the current measurements in the TPM. Windows can create unique attestation identity keys for various scenarios to prevent separate evaluators from collaborating to track the same device. Additional information in the quote is cryptographically scrambled to limit information sharing and better protect privacy. By sending the quote to a remote entity, a device can attest which software and configuration settings were used to boot the device and initialize the operating system. An attestation identity key certificate can provide further assurance that the quote is coming from a real TPM. Remote attestation is the process of recording measurements in the TPM, generating a quote, and sending the quote information to another system that evaluates the measurements to establish trust in a device. Figure 2 illustrates this process.
 
 When new security features are added to Windows, Measured Boot adds security-relevant configuration information to the measurements recorded in the TPM. Measured Boot enables remote attestation scenarios that reflect the system firmware and the Windows initialization state.
 
@@ -133,21 +133,21 @@ When new security features are added to Windows, Measured Boot adds security-rel
 
 ## Health Attestation
 
-Some Windows 10 improvements help security solutions implement remote attestation scenarios. Microsoft provides a Health Attestation service, which can create attestation identity key certificates for TPMs from different manufacturers as well as parse measured boot information to extract simple security assertions, such as whether BitLocker is on or off. The simple security assertions can be used to evaluate device health.
+Some Windows improvements help security solutions implement remote attestation scenarios. Microsoft provides a Health Attestation service, which can create attestation identity key certificates for TPMs from different manufacturers as well as parse measured boot information to extract simple security assertions, such as whether BitLocker is on or off. The simple security assertions can be used to evaluate device health.
 
 Mobile device management (MDM) solutions can receive simple security assertions from the Microsoft Health Attestation service for a client without having to deal with the complexity of the quote or the detailed TPM measurements. MDM solutions can act on the security information by quarantining unhealthy devices or blocking access to cloud services such as Microsoft Office 365.
 
 ## Credential Guard
 
-Credential Guard is a new feature in Windows 10 that helps protect Windows credentials in organizations that have deployed AD DS. Historically, a user’s credentials (e.g., logon password) were hashed to generate an authorization token. The user employed the token to access resources that he or she was permitted to use. One weakness of the token model is that malware that had access to the operating system kernel could look through the computer’s memory and harvest all the access tokens currently in use. The attacker could then use harvested tokens to log on to other machines and collect more credentials. This kind of attack is called a “pass the hash” attack, a malware technique that infects one machine to infect many machines across an organization.
+Credential Guard is a new feature in Windows that helps protect Windows credentials in organizations that have deployed AD DS. Historically, a user’s credentials (e.g., logon password) were hashed to generate an authorization token. The user employed the token to access resources that he or she was permitted to use. One weakness of the token model is that malware that had access to the operating system kernel could look through the computer’s memory and harvest all the access tokens currently in use. The attacker could then use harvested tokens to log on to other machines and collect more credentials. This kind of attack is called a “pass the hash” attack, a malware technique that infects one machine to infect many machines across an organization.
 
 Similar to the way Microsoft Hyper-V keeps virtual machines (VMs) separate from one another, Credential Guard uses virtualization to isolate the process that hashes credentials in a memory area that the operating system kernel cannot access. This isolated memory area is initialized and protected during the boot process so that components in the larger operating system environment cannot tamper with it. Credential Guard uses the TPM to protect its keys with TPM measurements, so they are accessible only during the boot process step when the separate region is initialized; they are not available for the normal operating system kernel. The local security authority code in the Windows kernel interacts with the isolated memory area by passing in credentials and receiving single-use authorization tokens in return.
 
-The resulting solution provides defense in depth, because even if malware runs in the operating system kernel, it cannot access the secrets inside the isolated memory area that actually generates authorization tokens. The solution does not solve the problem of key loggers because the passwords such loggers capture actually pass through the normal Windows kernel, but when combined with other solutions, such as smart cards for authentication, Credential Guard greatly enhances the protection of credentials in Windows 10.
+The resulting solution provides defense in depth, because even if malware runs in the operating system kernel, it cannot access the secrets inside the isolated memory area that actually generates authorization tokens. The solution does not solve the problem of key loggers because the passwords such loggers capture actually pass through the normal Windows kernel, but when combined with other solutions, such as smart cards for authentication, Credential Guard greatly enhances the protection of credentials in Windows.
 
 ## Conclusion
 
-The TPM adds hardware-based security benefits to Windows 10. When installed on hardware that includes a TPM, Window 10 delivers remarkably improved security benefits. The following table summarizes the key benefits of the TPM’s major features.
+The TPM adds hardware-based security benefits to Windows. When installed on hardware that includes a TPM, Window delivers remarkably improved security benefits. The following table summarizes the key benefits of the TPM’s major features.
 
 
 |Feature | Benefits when used on a system with a TPM|
@@ -163,4 +163,4 @@ The TPM adds hardware-based security benefits to Windows 10. When installed on h
 
 <br />
 
-Although some of the aforementioned features have additional hardware requirements (e.g., virtualization support), the TPM is a cornerstone of Windows 10 security. Microsoft and other industry stakeholders continue to improve the global standards associated with TPM and find more and more applications that use it to provide tangible benefits to customers. Microsoft has included support for most TPM features in its version of Windows for the Internet of Things (IoT) called [Windows 10 IoT Core](https://developer.microsoft.com/windows/iot/iotcore).  IoT devices that might be deployed in insecure physical locations and connected to cloud services like [Azure IoT Hub](https://azure.microsoft.com/documentation/services/iot-hub/) for management can use the TPM in innovative ways to address their emerging security requirements.
+Although some of the aforementioned features have additional hardware requirements (e.g., virtualization support), the TPM is a cornerstone of Windows security. Microsoft and other industry stakeholders continue to improve the global standards associated with TPM and find more and more applications that use it to provide tangible benefits to customers. Microsoft has included support for most TPM features in its version of Windows for the Internet of Things (IoT) called [Windows IoT Core](https://developer.microsoft.com/windows/iot/iotcore).  IoT devices that might be deployed in insecure physical locations and connected to cloud services like [Azure IoT Hub](https://azure.microsoft.com/documentation/services/iot-hub/) for management can use the TPM in innovative ways to address their emerging security requirements.
diff --git a/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md b/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
index e2bdcc7c8a..e4b8bade20 100644
--- a/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
+++ b/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
@@ -1,5 +1,5 @@
 ---
-title: Troubleshoot the TPM (Windows 10)
+title: Troubleshoot the TPM (Windows)
 description: This topic for the IT professional describes how to view status for, clear, or troubleshoot the Trusted Platform Module (TPM).
 ms.assetid: 1166efaf-7aa3-4420-9279-435d9c6ac6f8
 ms.reviewer: 
@@ -13,14 +13,15 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 09/11/2018
+ms.date: 09/06/2021
 ---
 
 # Troubleshoot the TPM
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 This topic provides information for the IT professional to troubleshoot the Trusted Platform Module (TPM):
 
@@ -28,7 +29,7 @@ This topic provides information for the IT professional to troubleshoot the Trus
 
 -   [Clear all the keys from the TPM](#clear-all-the-keys-from-the-tpm)
 
-With TPM 1.2 and Windows 10, version 1507 or 1511, you can also take the following actions:
+With TPM 1.2 and Windows 10, version 1507 or 1511, or Windows 11, you can also take the following actions:
 
 -   [Turn on or turn off the TPM](#turn-on-or-turn-off)
 
@@ -36,7 +37,7 @@ For information about the TPM cmdlets, see [TPM Cmdlets in Windows PowerShell](/
 
 ## About TPM initialization and ownership
 
-Starting with Windows 10, the operating system automatically initializes and takes ownership of the TPM. This is a change from previous operating systems, where you would initialize the TPM and create an owner password.
+Starting with Windows 10 and Windows 11, the operating system automatically initializes and takes ownership of the TPM. This is a change from previous operating systems, where you would initialize the TPM and create an owner password.
 
 ## Troubleshoot TPM initialization
 
@@ -46,13 +47,13 @@ If you find that Windows is not able to initialize the TPM automatically, review
 
 -   If the TPM is a TPM 2.0 and is not detected by Windows, verify that your computer hardware contains a Unified Extensible Firmware Interface (UEFI) that is Trusted Computing Group-compliant. Also, ensure that in the UEFI settings, the TPM has not been disabled or hidden from the operating system.
 
--   If you have TPM 1.2 with Windows 10, version 1507 or 1511, the TPM might be turned off, and need to be turned back on, as described in [Turn on the TPM](#turn-on-the-tpm). When it is turned back on, Windows will re-initialize it.
+-   If you have TPM 1.2 with Windows 10, version 1507 or 1511, or Windows 11, the TPM might be turned off, and need to be turned back on, as described in [Turn on the TPM](#turn-on-the-tpm). When it is turned back on, Windows will re-initialize it.
 
 -   If you are attempting to set up BitLocker with the TPM, check which TPM driver is installed on the computer. We recommend always using one of the TPM drivers that is provided by Microsoft and is protected with BitLocker. If a non-Microsoft TPM driver is installed, it may prevent the default TPM driver from loading and cause BitLocker to report that a TPM is not present on the computer. If you have a non-Microsoft driver installed, remove it and then allow the operating system to initialize the TPM.
 
-### Troubleshoot network connection issues for Windows 10, versions 1507 and 1511
+### Troubleshoot network connection issues for Windows 10, versions 1507 and 1511, or Windows 11
 
-If you have Windows 10, version 1507 or 1511, the initialization of the TPM cannot complete when your computer has network connection issues and both of the following conditions exist:
+If you have Windows 10, version 1507 or 1511, or Windows 11, the initialization of the TPM cannot complete when your computer has network connection issues and both of the following conditions exist:
 
 -   An administrator has configured your computer to require that TPM recovery information be saved in Active Directory Domain Services (AD DS). This requirement can be configured through Group Policy.
 
@@ -62,7 +63,7 @@ If these issues occur, an error message appears, and you cannot complete the ini
 
 ### Troubleshoot systems with multiple TPMs
 
-Some systems may have multiple TPMs and the active TPM may be toggled in UEFI. Windows 10 does not support this behavior. If you switch TPMs, Windows might not properly detect or interact with the new TPM. If you plan to switch TPMs you should toggle to the new TPM, clear it, and reinstall Windows. For more information, see [Clear all the keys from the TPM](#clear-all-the-keys-from-the-tpm), later in this topic.
+Some systems may have multiple TPMs and the active TPM may be toggled in UEFI. Windows does not support this behavior. If you switch TPMs, Windows might not properly detect or interact with the new TPM. If you plan to switch TPMs you should toggle to the new TPM, clear it, and reinstall Windows. For more information, see [Clear all the keys from the TPM](#clear-all-the-keys-from-the-tpm), later in this topic.
 
 For example, toggling TPMs will cause BitLocker to enter recovery mode. We strongly recommend that, on systems with two TPMs, one TPM is selected to be used and the selection is not changed.
 
@@ -70,7 +71,7 @@ For example, toggling TPMs will cause BitLocker to enter recovery mode. We stron
 
 You can use the Windows Defender Security Center app to clear the TPM as a troubleshooting step, or as a final preparation before a clean installation of a new operating system. Preparing for a clean installation in this way helps ensure that the new operating system can fully deploy any TPM-based functionality that it includes, such as attestation. However, even if the TPM is not cleared before a new operating system is installed, most TPM functionality will probably work correctly.
 
-Clearing the TPM resets it to an unowned state. After you clear the TPM, the Windows 10 operating system will automatically re-initialize it and take ownership again.
+Clearing the TPM resets it to an unowned state. After you clear the TPM, the Windows operating system will automatically re-initialize it and take ownership again.
 
 > [!WARNING]
 > Clearing the TPM can result in data loss. For more information, see the next section, “Precautions to take before clearing the TPM.”
@@ -83,7 +84,7 @@ Clearing the TPM can result in data loss. To protect against such loss, review t
 
 -   Do not clear the TPM on a device you do not own, such as a work or school PC, without being instructed to do so by your IT administrator.
 
--   If you want to temporarily suspend TPM operations and you have TPM 1.2 with Windows 10, version 1507 or 1511, you can turn off the TPM. For more information, see [Turn off the TPM](#turn-off-the-tpm), later in this topic.
+-   If you want to temporarily suspend TPM operations and you have TPM 1.2 with Windows 10, version 1507 or 1511, or Windows 11, you can turn off the TPM. For more information, see [Turn off the TPM](#turn-off-the-tpm), later in this topic.
 
 -   Always use functionality in the operating system (such as TPM.msc) to the clear the TPM. Do not clear the TPM directly from UEFI.
 
@@ -105,9 +106,9 @@ Membership in the local Administrators group, or equivalent, is the minimum requ
 
 6.  You will be prompted to restart the computer. During the restart, you might be prompted by the UEFI to press a button to confirm that you wish to clear the TPM.
 
-7.  After the PC restarts, your TPM will be automatically prepared for use by Windows 10.
+7.  After the PC restarts, your TPM will be automatically prepared for use by Windows.
 
-## <a href="" id="turn-on-or-turn-off"></a>Turn on or turn off the TPM (available only with TPM 1.2 with Windows 10, version 1507 or 1511)
+## <a href="" id="turn-on-or-turn-off"></a>Turn on or turn off the TPM (available only with TPM 1.2 with Windows 10, version 1507 or 1511, or Windows 11)
 
 Normally, the TPM is turned on as part of the TPM initialization process. You do not normally need to turn the TPM on or off. However, if necessary you can do so by using the TPM MMC.
 
@@ -115,7 +116,7 @@ Normally, the TPM is turned on as part of the TPM initialization process. You do
 
 If you want to use the TPM after you have turned it off, you can use the following procedure to turn on the TPM.
 
-**To turn on the TPM (TPM 1.2 with Windows 10, version 1507 or 1511 only)**
+**To turn on the TPM (TPM 1.2 with Windows 10, version 1507 or 1511, or Windows 11 only)**
 
 1.  Open the TPM MMC (tpm.msc).
 
@@ -129,7 +130,7 @@ If you want to use the TPM after you have turned it off, you can use the followi
 
 If you want to stop using the services that are provided by the TPM, you can use the TPM MMC to turn off the TPM.
 
-**To turn off the TPM (TPM 1.2 with Windows 10, version 1507 or 1511 only)**
+**To turn off the TPM (TPM 1.2 with Windows 10, version 1507 or 1511, or Windows 11 only)**
 
 1. Open the TPM MMC (tpm.msc).
 
diff --git a/windows/security/information-protection/tpm/manage-tpm-commands.md b/windows/security/information-protection/tpm/manage-tpm-commands.md
index af241069fd..8e9896104d 100644
--- a/windows/security/information-protection/tpm/manage-tpm-commands.md
+++ b/windows/security/information-protection/tpm/manage-tpm-commands.md
@@ -1,5 +1,5 @@
 ---
-title: Manage TPM commands (Windows 10)
+title: Manage TPM commands (Windows)
 description: This topic for the IT professional describes how to manage which Trusted Platform Module (TPM) commands are available to domain users and to local users.
 ms.assetid: a78e751a-2806-43ae-9c20-2e7ca466b765
 ms.reviewer: 
@@ -13,14 +13,15 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 11/30/2017
+ms.date: 09/06/2021
 ---
 
 # Manage TPM commands
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 This topic for the IT professional describes how to manage which Trusted Platform Module (TPM) commands are available to domain users and to local users.
 
diff --git a/windows/security/information-protection/tpm/manage-tpm-lockout.md b/windows/security/information-protection/tpm/manage-tpm-lockout.md
index 8991e9b48b..49e541aba5 100644
--- a/windows/security/information-protection/tpm/manage-tpm-lockout.md
+++ b/windows/security/information-protection/tpm/manage-tpm-lockout.md
@@ -1,5 +1,5 @@
 ---
-title: Manage TPM lockout (Windows 10)
+title: Manage TPM lockout (Windows)
 description: This topic for the IT professional describes how to manage the lockout feature for the Trusted Platform Module (TPM) in Windows.
 ms.assetid: bf27adbe-404c-4691-a644-29ec722a3f7b
 ms.reviewer: 
@@ -13,13 +13,14 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 05/02/2017
+ms.date: 09/06/2021
 ---
 # Manage TPM lockout
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 This topic for the IT professional describes how to manage the lockout feature for the Trusted Platform Module (TPM) in Windows.
 
@@ -37,14 +38,14 @@ The industry standards from the Trusted Computing Group (TCG) specify that TPM m
 
 **TPM 2.0**
 
-TPM 2.0 devices have standardized lockout behavior which is configured by Windows. TPM 2.0 devices have a maximum count threshold and a healing time. Windows 10 configures the maximum count to be 32 and the healing time to be 10 minutes. This means that every continuous ten minutes of powered on operation without an event which increases the counter will cause the counter to decrease by 1.
+TPM 2.0 devices have standardized lockout behavior which is configured by Windows. TPM 2.0 devices have a maximum count threshold and a healing time. Windows configures the maximum count to be 32 and the healing time to be 10 minutes. This means that every continuous ten minutes of powered on operation without an event which increases the counter will cause the counter to decrease by 1.
 
-If your TPM has entered lockout mode or is responding slowly to commands, you can reset the lockout value by using the following procedures. Resetting the TPM lockout requires the TPM owner’s authorization. This value is no longer retained by default starting with Windows 10 version 1607.
+If your TPM has entered lockout mode or is responding slowly to commands, you can reset the lockout value by using the following procedures. Resetting the TPM lockout requires the TPM owner’s authorization. This value is no longer retained by default starting with Windows 10 version 1607 or Windows 11.
 
 ## Reset the TPM lockout by using the TPM MMC
 
 > [!NOTE]
-> This procedure is only available if you have configured Windows to retain the TPM Owner Password. By default, this password is not available in Windows 10 starting with version 1607.
+> This procedure is only available if you have configured Windows to retain the TPM Owner Password. By default, this password is not available in Windows 10 starting with version 1607 or Windows 11.
 
 The following procedure explains the steps to reset the TPM lockout by using the TPM MMC.
 
diff --git a/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md b/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
index fed9817bba..f2c79979ef 100644
--- a/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
+++ b/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
@@ -1,5 +1,5 @@
 ---
-title: Understanding PCR banks on TPM 2.0 devices (Windows 10)
+title: Understanding PCR banks on TPM 2.0 devices (Windows)
 description: This topic for the IT professional provides background about what happens when you switch PCR banks on TPM 2.0 devices.
 ms.assetid: 743FCCCB-99A9-4636-8F48-9ECB3A3D10DE
 ms.reviewer: 
@@ -13,14 +13,15 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ---
 
 # Understanding PCR banks on TPM 2.0 devices
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 For steps on how to switch PCR banks on TPM 2.0 devices on your PC, you should contact your OEM or UEFI vendor. This topic provides background about what happens when you switch PCR banks on TPM 2.0 devices.
 
@@ -35,9 +36,9 @@ The [TCG PC Client Platform TPM Profile Specification](http://www.trustedcomputi
 
 Some TPM PCRs are used as checksums of log events. The log events are extended in the TPM as the events occur. Later, an auditor can validate the logs by computing the expected PCR values from the log and comparing them to the PCR values of the TPM. Since the first 16 TPM PCRs cannot be modified arbitrarily, a match between an expected PCR value in that range and the actual TPM PCR value provides assurance of an unmodified log.
 
-## How does Windows 10 use PCRs?
+## How does Windows use PCRs?
 
-To bind the use of a TPM based key to a certain state of the PC, the key can be sealed to an expected set of PCR values. For instance, PCRs 0 through 7 have a well-defined value after the boot process – when the OS is loaded. When the hardware, firmware, or boot loader of the machine changes, the change can be detected in the PCR values. Windows 10 uses this capability to make certain cryptographic keys only available at certain times during the boot process. For instance, the BitLocker key can be used at a certain point in the boot, but not before or after.
+To bind the use of a TPM based key to a certain state of the PC, the key can be sealed to an expected set of PCR values. For instance, PCRs 0 through 7 have a well-defined value after the boot process – when the OS is loaded. When the hardware, firmware, or boot loader of the machine changes, the change can be detected in the PCR values. Windows uses this capability to make certain cryptographic keys only available at certain times during the boot process. For instance, the BitLocker key can be used at a certain point in the boot, but not before or after.
 
 It is important to note that this binding to PCR values also includes the hashing algorithm used for the PCR. For instance, a key can be bound to a specific value of the SHA-1 PCR\[12\], if using SHA-256 PCR banks, even with the same system configuration. Otherwise, the PCR values will not match.
 
@@ -45,7 +46,7 @@ It is important to note that this binding to PCR values also includes the hashin
 
 When the PCR banks are switched, the algorithm used to compute the hashed values stored in the PCRs during extend operations is changed. Each hash algorithm will return a different cryptographic signature for the same inputs.
 
-As a result, if the currently used PCR bank is switched all keys that have been bound to the previous PCR values will no longer work. For example, if you had a key bound to the SHA-1 value of PCR\[12\] and subsequently changed the PCR banks to SHA-256, the banks wouldn’t match, and you would be unable to use that key. The BitLocker key is secured using the PCR banks and Windows 10 will not be able to unseal it if the PCR banks are switched while BitLocker is enabled.
+As a result, if the currently used PCR bank is switched all keys that have been bound to the previous PCR values will no longer work. For example, if you had a key bound to the SHA-1 value of PCR\[12\] and subsequently changed the PCR banks to SHA-256, the banks wouldn’t match, and you would be unable to use that key. The BitLocker key is secured using the PCR banks and Windows will not be able to unseal it if the PCR banks are switched while BitLocker is enabled.
 
 ## What can I do to switch PCRs when BitLocker is already active?
 
diff --git a/windows/security/information-protection/tpm/tpm-fundamentals.md b/windows/security/information-protection/tpm/tpm-fundamentals.md
index cffb2255cf..d33693d90e 100644
--- a/windows/security/information-protection/tpm/tpm-fundamentals.md
+++ b/windows/security/information-protection/tpm/tpm-fundamentals.md
@@ -1,5 +1,5 @@
 ---
-title: TPM fundamentals (Windows 10)
+title: TPM fundamentals (Windows)
 description: Inform yourself about the components of the Trusted Platform Module (TPM 1.2 and TPM 2.0) and how they are used to mitigate dictionary attacks.
 ms.assetid: ac90f5f9-9a15-4e87-b00d-4adcf2ec3000
 ms.reviewer: 
@@ -13,14 +13,15 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/16/2017
+ms.date: 09/06/2021
 ---
 
 # TPM fundamentals
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 This topic for the IT professional provides a description of the components of the Trusted Platform Module (TPM 1.2 and TPM 2.0) and explains how they are used to mitigate dictionary attacks.
 
@@ -82,7 +83,7 @@ For TPM 1.2, the TCG specifications for TPMs require physical presence (typicall
 
 ## TPM 1.2 states and initialization
 
-For TPM 1.2, there are multiple possible states. Windows 10 automatically initializes the TPM, which brings it to an enabled, activated, and owned state.
+For TPM 1.2, there are multiple possible states. Windows automatically initializes the TPM, which brings it to an enabled, activated, and owned state.
 
 ## Endorsement keys
 
@@ -134,7 +135,7 @@ Increasing the PIN length requires a greater number of guesses for an attacker.
 In that case, the lockout duration between each guess can be shortened to allow legitimate users to retry a failed attempt sooner, while maintaining a similar level of protection.
 
 Beginning with Windows 10, version 1703, the minimum length for the BitLocker PIN was increased to 6 characters to better align with other Windows features that leverage TPM 2.0, including Windows Hello.
-To help organizations with the transition, beginning with Windows 10, version 1709 and Windows 10, version 1703 with the October 2017 [cumulative update](https://support.microsoft.com/help/4018124) installed, the BitLocker PIN length is 6 characters by default, but it can be reduced to 4 characters.
+To help organizations with the transition, beginning with Windows 10, version 1709 and Windows 10, version 1703, or Windows 11, with the October 2017 [cumulative update](https://support.microsoft.com/help/4018124) installed, the BitLocker PIN length is 6 characters by default, but it can be reduced to 4 characters.
 If the minimum PIN length is reduced from the default of six characters, then the TPM 2.0 lockout period will be extended.
 
 ### TPM-based smart cards
diff --git a/windows/security/information-protection/tpm/tpm-recommendations.md b/windows/security/information-protection/tpm/tpm-recommendations.md
index 658a7d98d5..a0a68a10b5 100644
--- a/windows/security/information-protection/tpm/tpm-recommendations.md
+++ b/windows/security/information-protection/tpm/tpm-recommendations.md
@@ -1,6 +1,6 @@
 ---
-title: TPM recommendations (Windows 10)
-description: This topic provides recommendations for Trusted Platform Module (TPM) technology for Windows 10.
+title: TPM recommendations (Windows)
+description: This topic provides recommendations for Trusted Platform Module (TPM) technology for Windows.
 ms.assetid: E85F11F5-4E6A-43E7-8205-672F77706561
 ms.reviewer: 
 ms.prod: w10
@@ -14,17 +14,18 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 11/29/2018
+ms.date: 09/06/2021
 ---
 
 # TPM recommendations
 
 **Applies to**
 
-- Windows 10
-- Windows Server 2016
+-   Windows 10
+-   Windows 11
+-   Windows Server 2016 and above
 
-This topic provides recommendations for Trusted Platform Module (TPM) technology for Windows 10.
+This topic provides recommendations for Trusted Platform Module (TPM) technology for Windows.
 
 For a basic feature description of TPM, see the [Trusted Platform Module Technology Overview](trusted-platform-module-overview.md).
 
@@ -32,7 +33,7 @@ For a basic feature description of TPM, see the [Trusted Platform Module Technol
 
 Traditionally, TPMs have been discrete chips soldered to a computer’s motherboard. Such implementations allow the computer’s original equipment manufacturer (OEM) to evaluate and certify the TPM separate from the rest of the system. Although discrete TPM implementations are still common, they can be problematic for integrated devices that are small or have low power consumption. Some newer TPM implementations integrate TPM functionality into the same chipset as other platform components while still providing logical separation similar to discrete TPM chips.
 
-TPMs are passive: they receive commands and return responses. To realize the full benefit of a TPM, the OEM must carefully integrate system hardware and firmware with the TPM to send it commands and react to its responses. TPMs were originally designed to provide security and privacy benefits to a platform’s owner and users, but newer versions can provide security and privacy benefits to the system hardware itself. Before it can be used for advanced scenarios, however, a TPM must be provisioned. Windows 10 automatically provisions a TPM, but if the user is planning to reinstall the operating system, he or she may need to clear the TPM before reinstalling so that Windows can take full advantage of the TPM.
+TPMs are passive: they receive commands and return responses. To realize the full benefit of a TPM, the OEM must carefully integrate system hardware and firmware with the TPM to send it commands and react to its responses. TPMs were originally designed to provide security and privacy benefits to a platform’s owner and users, but newer versions can provide security and privacy benefits to the system hardware itself. Before it can be used for advanced scenarios, however, a TPM must be provisioned. Windows automatically provisions a TPM, but if the user is planning to reinstall the operating system, he or she may need to clear the TPM before reinstalling so that Windows can take full advantage of the TPM.
 
 The Trusted Computing Group (TCG) is the nonprofit organization that publishes and maintains the TPM specification. The TCG exists to develop, define, and promote vendor-neutral, global industry standards that support a hardware-based root of trust for interoperable trusted computing platforms. The TCG also publishes the TPM specification as the international standard ISO/IEC 11889, using the Publicly Available Specification Submission Process that the Joint Technical Committee 1 defines between the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
 
@@ -89,11 +90,11 @@ Windows uses any compatible TPM in the same way. Microsoft does not take a posit
 
 ## Is there any importance for TPM for consumers?
 
-For end consumers, TPM is behind the scenes but is still very relevant. TPM is used for Windows Hello, Windows Hello for Business and in the future, will be a component of many other key security features in Windows. TPM secures the PIN, helps encrypt passwords, and builds on our overall Windows 10 experience story for security as a critical pillar. Using Windows on a system with a TPM enables a deeper and broader level of security coverage.
+For end consumers, TPM is behind the scenes but is still very relevant. TPM is used for Windows Hello, Windows Hello for Business and in the future, will be a component of many other key security features in Windows. TPM secures the PIN, helps encrypt passwords, and builds on our overall Windows experience story for security as a critical pillar. Using Windows on a system with a TPM enables a deeper and broader level of security coverage.
 
-## TPM 2.0 Compliance for Windows 10
+## TPM 2.0 Compliance for Windows
 
-### Windows 10 for desktop editions (Home, Pro, Enterprise, and Education)
+### Windows for desktop editions (Home, Pro, Enterprise, and Education)
 
 - Since July 28, 2016, all new device models, lines or series (or if you are updating the hardware configuration of an existing model, line or series with a major update, such as CPU, graphic cards) must implement and enable by default TPM 2.0 (details in section 3.7 of the [Minimum hardware requirements](/windows-hardware/design/minimum/minimum-hardware-requirements-overview) page). The requirement to enable TPM 2.0 only applies to the manufacturing of new devices. For TPM recommendations for specific Windows features, see [TPM and Windows Features](#tpm-and-windows-features).
 
diff --git a/windows/security/information-protection/tpm/trusted-platform-module-overview.md b/windows/security/information-protection/tpm/trusted-platform-module-overview.md
index 5bbb8174ec..97ceecd48d 100644
--- a/windows/security/information-protection/tpm/trusted-platform-module-overview.md
+++ b/windows/security/information-protection/tpm/trusted-platform-module-overview.md
@@ -1,5 +1,5 @@
 ---
-title: Trusted Platform Module Technology Overview (Windows 10)
+title: Trusted Platform Module Technology Overview (Windows)
 description: This topic for the IT professional describes the Trusted Platform Module (TPM) and how Windows uses it for access control and authentication.
 ms.assetid: face8932-b034-4319-86ac-db1163d46538
 ms.reviewer: 
@@ -42,9 +42,9 @@ TPM-based keys can be configured in a variety of ways. One option is to make a T
 
 Different versions of the TPM are defined in specifications by the Trusted Computing Group (TCG). For more information, consult the [TCG Web site](http://www.trustedcomputinggroup.org/work-groups/trusted-platform-module/).
 
-### Automatic initialization of the TPM with Windows 10
+### Automatic initialization of the TPM with Windows
 
-Starting with Windows 10, the operating system automatically initializes and takes ownership of the TPM. This means that in most cases, we recommend that you avoid configuring the TPM through the TPM management console, **TPM.msc**. There are a few exceptions, mostly related to resetting or performing a clean installation on a PC. For more information, see [Clear all the keys from the TPM](initialize-and-configure-ownership-of-the-tpm.md#clear-all-the-keys-from-the-tpm). We're [no longer actively developing the TPM management console](/windows-server/get-started-19/removed-features-19#features-were-no-longer-developing) beginning with Windows Server 2019 and Windows 10, version 1809.
+Starting with Windows 10 and Windows 11, the operating system automatically initializes and takes ownership of the TPM. This means that in most cases, we recommend that you avoid configuring the TPM through the TPM management console, **TPM.msc**. There are a few exceptions, mostly related to resetting or performing a clean installation on a PC. For more information, see [Clear all the keys from the TPM](initialize-and-configure-ownership-of-the-tpm.md#clear-all-the-keys-from-the-tpm). We're [no longer actively developing the TPM management console](/windows-server/get-started-19/removed-features-19#features-were-no-longer-developing) beginning with Windows Server 2019 and Windows 10, version 1809.
 
 In certain specific enterprise scenarios limited to Windows 10, versions 1507 and 1511, Group Policy might be used to back up the TPM owner authorization value in Active Directory. Because the TPM state persists across operating system installations, this TPM information is stored in a location in Active Directory that is separate from computer objects.
 
@@ -54,13 +54,13 @@ Certificates can be installed or created on computers that are using the TPM. Af
 
 Automated provisioning in the TPM reduces the cost of TPM deployment in an enterprise. New APIs for TPM management can determine if TPM provisioning actions require physical presence of a service technician to approve TPM state change requests during the boot process.
 
-Antimalware software can use the boot measurements of the operating system start state to prove the integrity of a computer running Windows 10 and later editions or Windows Server 2016. These measurements include the launch of Hyper-V to test that datacenters using virtualization are not running untrusted hypervisors. With BitLocker Network Unlock, IT administrators can push an update without concerns that a computer is waiting for PIN entry.
+Antimalware software can use the boot measurements of the operating system start state to prove the integrity of a computer running Windows 10 and Windows 11, or Windows Server 2016. These measurements include the launch of Hyper-V to test that datacenters using virtualization are not running untrusted hypervisors. With BitLocker Network Unlock, IT administrators can push an update without concerns that a computer is waiting for PIN entry.
 
 The TPM has several Group Policy settings that might be useful in certain enterprise scenarios. For more info, see [TPM Group Policy Settings](trusted-platform-module-services-group-policy-settings.md).
 
 ## New and changed functionality
 
-For more info on new and changed functionality for Trusted Platform Module in Windows 10, see [What's new in Trusted Platform Module?](/windows/whats-new/whats-new-windows-10-version-1507-and-1511#trusted-platform-module)
+For more info on new and changed functionality for Trusted Platform Module in Windows, see [What's new in Trusted Platform Module?](/windows/whats-new/whats-new-windows-10-version-1507-and-1511#trusted-platform-module)
 
 ## Device health attestation
 
@@ -95,5 +95,5 @@ Some things that you can check on the device are:
 - [Prepare your organization for BitLocker: Planning and Policies - TPM configurations](../bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md)
 - [Azure device provisioning: Identity attestation with TPM](https://azure.microsoft.com/blog/device-provisioning-identity-attestation-with-tpm/)
 - [Azure device provisioning: A manufacturing timeline for TPM devices](https://azure.microsoft.com/blog/device-provisioning-a-manufacturing-timeline-for-tpm-devices/)
-- [Windows 10: Enabling vTPM (Virtual TPM)](https://social.technet.microsoft.com/wiki/contents/articles/34431.windows-10-enabling-vtpm-virtual-tpm.aspx)
+- [Windows 10 and Windows 11: Enabling vTPM (Virtual TPM)](https://social.technet.microsoft.com/wiki/contents/articles/34431.windows-10-enabling-vtpm-virtual-tpm.aspx)
 - [How to Multiboot with Bitlocker, TPM, and a Non-Windows OS](https://social.technet.microsoft.com/wiki/contents/articles/9528.how-to-multiboot-with-bitlocker-tpm-and-a-non-windows-os.aspx)
diff --git a/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md b/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
index 0961556a4b..980a789233 100644
--- a/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
+++ b/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
@@ -1,5 +1,5 @@
 ---
-title: TPM Group Policy settings (Windows 10)
+title: TPM Group Policy settings (Windows)
 description: This topic describes the Trusted Platform Module (TPM) Services that can be controlled centrally by using Group Policy settings.
 ms.assetid: 54ff1c1e-a210-4074-a44e-58fee26e4dbd
 ms.reviewer: 
@@ -13,14 +13,15 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 10/02/2018
+ms.date: 09/06/2021
 ---
 
 # TPM Group Policy settings
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 and later
+-   Windows 11
+-   Windows Server 2016 and above
 
 This topic describes the Trusted Platform Module (TPM) Services that can be controlled centrally by using Group Policy settings.
 
@@ -28,7 +29,7 @@ The Group Policy settings for TPM services are located at:
 
 **Computer Configuration\\Administrative Templates\\System\\Trusted Platform Module Services\\**
 
-The following Group Policy settings were introduced in Windows 10.
+The following Group Policy settings were introduced in Windows.
 
 ## Configure the level of TPM owner authorization information available to the operating system
 
@@ -119,7 +120,7 @@ If you do not configure this policy setting, a default value of 9 is used. A val
 
 ## Configure the system to use legacy Dictionary Attack Prevention Parameters setting for TPM 2.0
 
-Introduced in Windows 10, version 1703, this policy setting configures the TPM to use the Dictionary Attack Prevention Parameters (lockout threshold and recovery time) to the values that were used for Windows 10 Version 1607 and below. 
+Introduced in Windows 10, version 1703, or Windows 11, this policy setting configures the TPM to use the Dictionary Attack Prevention Parameters (lockout threshold and recovery time) to the values that were used for Windows 10 Version 1607 and below. 
 
 > [!IMPORTANT]
 > Setting this policy will take effect only if:  
diff --git a/windows/security/information-protection/tpm/trusted-platform-module-top-node.md b/windows/security/information-protection/tpm/trusted-platform-module-top-node.md
index 124caf74f2..1e071cfbdc 100644
--- a/windows/security/information-protection/tpm/trusted-platform-module-top-node.md
+++ b/windows/security/information-protection/tpm/trusted-platform-module-top-node.md
@@ -1,5 +1,5 @@
 ---
-title: Trusted Platform Module (Windows 10)
+title: Trusted Platform Module (Windows)
 description: This topic for the IT professional provides links to information about the Trusted Platform Module (TPM) and how Windows uses it for access control and authentication.
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -12,7 +12,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 09/11/2018
+ms.date: 09/06/2021
 ms.reviewer: 
 ---
 
@@ -20,7 +20,8 @@ ms.reviewer:
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 Trusted Platform Module (TPM) technology is designed to provide hardware-based, security-related functions. A TPM chip is a secure crypto-processor that helps you with actions such as generating, storing, and limiting the use of cryptographic keys. The following topics provide details.
 
@@ -32,6 +33,6 @@ Trusted Platform Module (TPM) technology is designed to provide hardware-based,
 | [TPM fundamentals](tpm-fundamentals.md) | Provides background about how a TPM can work with cryptographic keys. Also describes technologies that work with the TPM, such as TPM-based virtual smart cards. |
 | [TPM Group Policy settings](trusted-platform-module-services-group-policy-settings.md) | Describes TPM services that can be controlled centrally by using Group Policy settings. |
 | [Back up the TPM recovery information to AD DS](backup-tpm-recovery-information-to-ad-ds.md) | For Windows 10, version 1511 and Windows 10, version 1507 only, describes how to back up a computer’s TPM information to Active Directory Domain Services. |
-| [Troubleshoot the TPM](initialize-and-configure-ownership-of-the-tpm.md) | Describes actions you can take through the TPM snap-in, TPM.msc: view TPM status, troubleshoot TPM initialization, and clear keys from the TPM. Also, for TPM 1.2 and Windows 10, version 1507 or 1511, describes how to turn the TPM on or off. |
+| [Troubleshoot the TPM](initialize-and-configure-ownership-of-the-tpm.md) | Describes actions you can take through the TPM snap-in, TPM.msc: view TPM status, troubleshoot TPM initialization, and clear keys from the TPM. Also, for TPM 1.2 and Windows 10, version 1507 or 1511, or Windows 11, describes how to turn the TPM on or off. |
 | [Understanding PCR banks on TPM 2.0 devices](switch-pcr-banks-on-tpm-2-0-devices.md) | Provides background about what happens when you switch PCR banks on TPM 2.0 devices. |
-| [TPM recommendations](tpm-recommendations.md) | Discusses aspects of TPMs such as the difference between TPM 1.2 and 2.0, and the Windows 10 features for which a TPM is required or recommended. |
+| [TPM recommendations](tpm-recommendations.md) | Discusses aspects of TPMs such as the difference between TPM 1.2 and 2.0, and the Windows features for which a TPM is required or recommended. |

From 7f01a2e943de4ccb499b3f18916eb3d2fb8fad9a Mon Sep 17 00:00:00 2001
From: Meghana Athavale <89906726+v-mathavale@users.noreply.github.com>
Date: Mon, 6 Sep 2021 17:58:05 +0530
Subject: [PATCH 111/671] Updated suggestions

---
 .../tpm/initialize-and-configure-ownership-of-the-tpm.md    | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md b/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
index e4b8bade20..d8af529bde 100644
--- a/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
+++ b/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
@@ -33,7 +33,7 @@ With TPM 1.2 and Windows 10, version 1507 or 1511, or Windows 11, you can also t
 
 -   [Turn on or turn off the TPM](#turn-on-or-turn-off)
 
-For information about the TPM cmdlets, see [TPM Cmdlets in Windows PowerShell](/powershell/module/trustedplatformmodule/?view=win10-ps).
+For information about the TPM cmdlets, see [TPM Cmdlets in Windows PowerShell](/powershell/module/trustedplatformmodule/?view=win10-ps &preserve-view=true).
 
 ## About TPM initialization and ownership
 
@@ -146,8 +146,8 @@ If you want to stop using the services that are provided by the TPM, you can use
   
 ## Use the TPM cmdlets
 
-You can manage the TPM using Windows PowerShell. For details, see [TPM Cmdlets in Windows PowerShell](/powershell/module/trustedplatformmodule/?view=win10-ps).
+You can manage the TPM using Windows PowerShell. For details, see [TPM Cmdlets in Windows PowerShell](/powershell/module/trustedplatformmodule/?view=win10-ps &preserve-view=true).
 
 ## Related topics
 
-- [Trusted Platform Module](trusted-platform-module-top-node.md) (list of topics)
\ No newline at end of file
+- [Trusted Platform Module](trusted-platform-module-top-node.md) (list of topics)

From 57472c73a80c199c973a5ea7298aa375bdd996d5 Mon Sep 17 00:00:00 2001
From: Meghana Athavale <v-mathavale@microsoft.com>
Date: Mon, 6 Sep 2021 18:02:44 +0530
Subject: [PATCH 112/671] Updated suggestions

---
 .../security/information-protection/tpm/manage-tpm-commands.md  | 2 +-
 .../trusted-platform-module-services-group-policy-settings.md   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/information-protection/tpm/manage-tpm-commands.md b/windows/security/information-protection/tpm/manage-tpm-commands.md
index 8e9896104d..ddc7cd93d0 100644
--- a/windows/security/information-protection/tpm/manage-tpm-commands.md
+++ b/windows/security/information-protection/tpm/manage-tpm-commands.md
@@ -79,7 +79,7 @@ The following procedures describe how to manage the TPM command lists. You must
 
 ## Use the TPM cmdlets
 
-You can manage the TPM using Windows PowerShell. For details, see [TrustedPlatformModule PowerShell cmdlets](/powershell/module/trustedplatformmodule/?view=win10-ps).
+You can manage the TPM using Windows PowerShell. For details, see [TrustedPlatformModule PowerShell cmdlets](/powershell/module/trustedplatformmodule/?view=win10-ps &preserve-view=true).
 
 ## Related topics
 
diff --git a/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md b/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
index 980a789233..3ad73295ac 100644
--- a/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
+++ b/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
@@ -147,5 +147,5 @@ If you don't want users to see the recommendation to update TPM firmware, you ca
 ## Related topics
 
 - [Trusted Platform Module](trusted-platform-module-top-node.md) 
-- [TPM Cmdlets in Windows PowerShell](/powershell/module/trustedplatformmodule/?view=win10-ps)
+- [TPM Cmdlets in Windows PowerShell](/powershell/module/trustedplatformmodule/?view=win10-ps &preserve-view=true)
 - [Prepare your organization for BitLocker: Planning and Policies - TPM configurations](../bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md)
\ No newline at end of file

From 214338b66a8914f4918f9d97c23e3f7b7748aea0 Mon Sep 17 00:00:00 2001
From: Ashok Lobo <v-ashoklobo@microsoft.com>
Date: Mon, 6 Sep 2021 18:10:30 +0530
Subject: [PATCH 113/671] Updated

---
 .../auditing/audit-other-account-logon-events.md         | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/auditing/audit-other-account-logon-events.md b/windows/security/threat-protection/auditing/audit-other-account-logon-events.md
index 4550778fca..00d03953b8 100644
--- a/windows/security/threat-protection/auditing/audit-other-account-logon-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-account-logon-events.md
@@ -1,6 +1,6 @@
 ---
 title: Audit Other Account Logon Events (Windows 10)
-description: The policy setting, Audit Other Account Logon Events, allows you to audit events generated by responses to credential requests for certain kinds of user logons.
+description: The policy setting, Audit Other Account Logon Events allows you to audit events generated by responses to credential requests for certain kinds of user logons.
 ms.assetid: c8c6bfe0-33d2-4600-bb1a-6afa840d75b3
 ms.reviewer: 
 manager: dansimp
@@ -17,14 +17,13 @@ ms.technology: mde
 
 # Audit Other Account Logon Events
 
-
 **General Subcategory Information:**
 
 This auditing subcategory does not contain any events. It is intended for future use.
 
 | Computer Type     | General Success | General Failure | Stronger Success | Stronger Failure | Comments                                                                                                                   |
 |-------------------|-----------------|-----------------|------------------|------------------|----------------------------------------------------------------------------------------------------------------------------|
-| Domain Controller | No              | No              | No               | No               | This auditing subcategory does not contain any events. Intended for future use, and there is no reason to enable it. |
-| Member Server     | No              | No              | No               | No               | This auditing subcategory does not contain any events. Intended for future use, and there is no reason to enable it. |
-| Workstation       | No              | No              | No               | No               | This auditing subcategory does not contain any events. Intended for future use, and there is no reason to enable it. |
+| Domain Controller | No              | No              | No               | No               | This auditing subcategory does not contain any events. Intended for future use, no reason to enable it. |
+| Member Server     | No              | No              | No               | No               | This auditing subcategory does not contain any events. Intended for future use, no reason to enable it. |
+| Workstation       | No              | No              | No               | No               | This auditing subcategory does not contain any events. Intended for future use, no reason to enable it. |
 

From d0251d2483a8edb27af50218aa44375f62fa2320 Mon Sep 17 00:00:00 2001
From: Ashok Lobo <v-ashoklobo@microsoft.com>
Date: Mon, 6 Sep 2021 18:26:23 +0530
Subject: [PATCH 114/671] Updated

---
 .../auditing/audit-other-account-logon-events.md                | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/auditing/audit-other-account-logon-events.md b/windows/security/threat-protection/auditing/audit-other-account-logon-events.md
index 00d03953b8..774bedd202 100644
--- a/windows/security/threat-protection/auditing/audit-other-account-logon-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-account-logon-events.md
@@ -1,6 +1,6 @@
 ---
 title: Audit Other Account Logon Events (Windows 10)
-description: The policy setting, Audit Other Account Logon Events allows you to audit events generated by responses to credential requests for certain kinds of user logons.
+description: The policy setting, Audit Other Account Logon Events allows you to audit events when generated by responses to credential requests for certain kinds of user logons.
 ms.assetid: c8c6bfe0-33d2-4600-bb1a-6afa840d75b3
 ms.reviewer: 
 manager: dansimp

From 18b54cffab1ac808eac4e71b905ce7091b3593fe Mon Sep 17 00:00:00 2001
From: Ashok Lobo <v-ashoklobo@microsoft.com>
Date: Mon, 6 Sep 2021 19:48:42 +0530
Subject: [PATCH 115/671] Updated for Ashok-Lobo-5358843. files-51to75

---
 .../auditing/audit-process-termination.md            |  6 +-----
 .../threat-protection/auditing/audit-registry.md     |  6 +-----
 .../auditing/audit-removable-storage.md              |  6 +-----
 .../threat-protection/auditing/audit-rpc-events.md   |  6 +-----
 .../security/threat-protection/auditing/audit-sam.md |  6 +-----
 .../auditing/audit-security-group-management.md      |  5 +----
 .../auditing/audit-security-state-change.md          |  6 +-----
 .../auditing/audit-security-system-extension.md      | 12 ++++--------
 .../auditing/audit-sensitive-privilege-use.md        |  6 +-----
 .../auditing/audit-special-logon.md                  |  6 +-----
 .../auditing/audit-system-integrity.md               |  6 +-----
 .../auditing/audit-token-right-adjusted.md           |  4 ----
 .../auditing/audit-user-account-management.md        |  6 +-----
 .../auditing/audit-user-device-claims.md             |  6 +-----
 .../auditing/basic-audit-account-logon-events.md     |  4 +---
 .../auditing/basic-audit-account-management.md       |  4 +---
 .../auditing/basic-audit-directory-service-access.md |  4 +---
 .../auditing/basic-audit-logon-events.md             |  4 +---
 .../auditing/basic-audit-object-access.md            |  4 +---
 .../auditing/basic-audit-policy-change.md            |  4 +---
 .../auditing/basic-audit-privilege-use.md            |  4 +---
 .../auditing/basic-audit-process-tracking.md         |  4 +---
 .../auditing/basic-audit-system-events.md            |  4 +---
 .../auditing/basic-security-audit-policies.md        |  4 +---
 .../auditing/basic-security-audit-policy-settings.md |  4 +---
 25 files changed, 27 insertions(+), 104 deletions(-)

diff --git a/windows/security/threat-protection/auditing/audit-process-termination.md b/windows/security/threat-protection/auditing/audit-process-termination.md
index 97b0a91741..7206647a67 100644
--- a/windows/security/threat-protection/auditing/audit-process-termination.md
+++ b/windows/security/threat-protection/auditing/audit-process-termination.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Process Termination
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Process Termination determines whether the operating system generates audit events when process has exited.
 
diff --git a/windows/security/threat-protection/auditing/audit-registry.md b/windows/security/threat-protection/auditing/audit-registry.md
index 70a672e969..b942488455 100644
--- a/windows/security/threat-protection/auditing/audit-registry.md
+++ b/windows/security/threat-protection/auditing/audit-registry.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Registry
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Registry allows you to audit attempts to access registry objects. A security audit event is generated only for objects that have system access control lists ([SACL](/windows/win32/secauthz/access-control-lists)s) specified, and only if the type of access requested, such as Read, Write, or Modify, and the account making the request match the settings in the SACL.
 
diff --git a/windows/security/threat-protection/auditing/audit-removable-storage.md b/windows/security/threat-protection/auditing/audit-removable-storage.md
index b0ec0466fe..9a0d27b1c2 100644
--- a/windows/security/threat-protection/auditing/audit-removable-storage.md
+++ b/windows/security/threat-protection/auditing/audit-removable-storage.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Removable Storage
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Removable Storage allows you to audit user attempts to access file system objects on a removable storage device. A security audit event is generated for all objects and all types of access requested, with no dependency on object’s [SACL](/windows/win32/secauthz/access-control-lists).
 
diff --git a/windows/security/threat-protection/auditing/audit-rpc-events.md b/windows/security/threat-protection/auditing/audit-rpc-events.md
index 59202d82fa..6be5c9a222 100644
--- a/windows/security/threat-protection/auditing/audit-rpc-events.md
+++ b/windows/security/threat-protection/auditing/audit-rpc-events.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit RPC Events
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit RPC Events determines whether the operating system generates audit events when inbound remote procedure call (RPC) connections are made.
 
diff --git a/windows/security/threat-protection/auditing/audit-sam.md b/windows/security/threat-protection/auditing/audit-sam.md
index 022b451082..020c87b6c0 100644
--- a/windows/security/threat-protection/auditing/audit-sam.md
+++ b/windows/security/threat-protection/auditing/audit-sam.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit SAM
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit SAM, which enables you to audit events that are generated by attempts to access Security Account Manager ([SAM](/previous-versions/windows/it-pro/windows-server-2003/cc756748(v=ws.10))) objects.
 
diff --git a/windows/security/threat-protection/auditing/audit-security-group-management.md b/windows/security/threat-protection/auditing/audit-security-group-management.md
index c80fe834a9..045ce6d2cd 100644
--- a/windows/security/threat-protection/auditing/audit-security-group-management.md
+++ b/windows/security/threat-protection/auditing/audit-security-group-management.md
@@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 02/28/2019
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Security Group Management
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
 
 Audit Security Group Management determines whether the operating system generates audit events when specific security group management tasks are performed.
 
diff --git a/windows/security/threat-protection/auditing/audit-security-state-change.md b/windows/security/threat-protection/auditing/audit-security-state-change.md
index 19614087bb..81d52226a4 100644
--- a/windows/security/threat-protection/auditing/audit-security-state-change.md
+++ b/windows/security/threat-protection/auditing/audit-security-state-change.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Security State Change
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Security State Change contains Windows startup, recovery, and shutdown events, and information about changes in system time.
 
diff --git a/windows/security/threat-protection/auditing/audit-security-system-extension.md b/windows/security/threat-protection/auditing/audit-security-system-extension.md
index b787507ef4..06a62bc211 100644
--- a/windows/security/threat-protection/auditing/audit-security-system-extension.md
+++ b/windows/security/threat-protection/auditing/audit-security-system-extension.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Security System Extension
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Security System Extension contains information about the loading of an authentication package, notification package, or security package, plus information about trusted logon process registration events.
 
@@ -36,9 +32,9 @@ Attempts to install or load security system extensions or services are critical
 
 | Computer Type     | General Success | General Failure | Stronger Success | Stronger Failure | Comments                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |
 |-------------------|-----------------|-----------------|------------------|------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Domain Controller | Yes             | No              | Yes              | No               | The main reason why we recommend Success auditing for this subcategory is “[4697](event-4697.md)(S): A service was installed in the system.” <br>For other events we strongly recommend monitoring an allow list of allowed security extensions (authenticated packages, logon processes, notification packages, and security packages). Otherwise it's hard to pull useful information from these events, except event 4611 which typically should have “SYSTEM” as value for **“Subject”** field.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
-| Member Server     | Yes             | No              | Yes              | No               | The main reason why we recommend Success auditing for this subcategory is “[4697](event-4697.md)(S): A service was installed in the system.” <br>For other events we strongly recommend monitoring an allow list of allowed security extensions (authenticated packages, logon processes, notification packages, and security packages). Otherwise it's hard to pull useful information from these events, except event 4611 which typically should display “SYSTEM” for the **“Subject”** field.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory.   |
-| Workstation       | Yes             | No              | Yes              | No               | The main reason why we recommend Success auditing for this subcategory is “[4697](event-4697.md)(S): A service was installed in the system.” <br>For other events we strongly recommend monitoring an allow list of allowed security extensions (authenticated packages, logon processes, notification packages, and security packages). Otherwise it's hard to pull useful information from these events, except event 4611 which typically should display “SYSTEM” for the **“Subject”** field.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory.   |
+| Domain Controller | Yes             | No              | Yes              | No               | The main reason why we recommend Success auditing for this subcategory is “[4697](event-4697.md)(S): A service was installed in the system.” <br>For other events, we strongly recommend monitoring an allowlist of allowed security extensions (authenticated packages, logon processes, notification packages, and security packages). Otherwise it's hard to pull useful information from these events, except event 4611 which typically should have “SYSTEM” as value for **“Subject”** field.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
+| Member Server     | Yes             | No              | Yes              | No               | The main reason why we recommend Success auditing for this subcategory is “[4697](event-4697.md)(S): A service was installed in the system.” <br>For other events, we strongly recommend monitoring an allowlist of allowed security extensions (authenticated packages, logon processes, notification packages, and security packages). Otherwise it's hard to pull useful information from these events, except event 4611 which typically should display “SYSTEM” for the **“Subject”** field.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory.   |
+| Workstation       | Yes             | No              | Yes              | No               | The main reason why we recommend Success auditing for this subcategory is “[4697](event-4697.md)(S): A service was installed in the system.” <br>For other events, we strongly recommend monitoring an allowlist of allowed security extensions (authenticated packages, logon processes, notification packages, and security packages). Otherwise it's hard to pull useful information from these events, except event 4611 which typically should display “SYSTEM” for the **“Subject”** field.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory.   |
 
 **Events List:**
 
diff --git a/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md b/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md
index fe6ad3206b..d2929dbc8b 100644
--- a/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md
+++ b/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Sensitive Privilege Use
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Sensitive Privilege Use contains events that show the usage of sensitive privileges. This is the list of sensitive privileges:
 
diff --git a/windows/security/threat-protection/auditing/audit-special-logon.md b/windows/security/threat-protection/auditing/audit-special-logon.md
index c852e45990..a2c7e6fe4c 100644
--- a/windows/security/threat-protection/auditing/audit-special-logon.md
+++ b/windows/security/threat-protection/auditing/audit-special-logon.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Special Logon
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Special Logon determines whether the operating system generates audit events under special sign on (or log on) circumstances.
 
diff --git a/windows/security/threat-protection/auditing/audit-system-integrity.md b/windows/security/threat-protection/auditing/audit-system-integrity.md
index f9be77c1eb..d88432587a 100644
--- a/windows/security/threat-protection/auditing/audit-system-integrity.md
+++ b/windows/security/threat-protection/auditing/audit-system-integrity.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit System Integrity
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit System Integrity determines whether the operating system audits events that violate the integrity of the security subsystem.
 
diff --git a/windows/security/threat-protection/auditing/audit-token-right-adjusted.md b/windows/security/threat-protection/auditing/audit-token-right-adjusted.md
index c53c887d1f..51362e65a8 100644
--- a/windows/security/threat-protection/auditing/audit-token-right-adjusted.md
+++ b/windows/security/threat-protection/auditing/audit-token-right-adjusted.md
@@ -11,10 +11,6 @@ ms.technology: mde
 
 # Audit Token Right Adjusted
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Token Right Adjusted allows you to audit events generated by adjusting the privileges of a token. 
 
diff --git a/windows/security/threat-protection/auditing/audit-user-account-management.md b/windows/security/threat-protection/auditing/audit-user-account-management.md
index 145e04e477..97b551d31a 100644
--- a/windows/security/threat-protection/auditing/audit-user-account-management.md
+++ b/windows/security/threat-protection/auditing/audit-user-account-management.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit User Account Management
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit User Account Management determines whether the operating system generates audit events when specific user account management tasks are performed.
 
diff --git a/windows/security/threat-protection/auditing/audit-user-device-claims.md b/windows/security/threat-protection/auditing/audit-user-device-claims.md
index 6051e50d2f..f5b3b71fa8 100644
--- a/windows/security/threat-protection/auditing/audit-user-device-claims.md
+++ b/windows/security/threat-protection/auditing/audit-user-device-claims.md
@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit User/Device Claims
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit User/Device Claims allows you to audit user and device claims information in the account’s logon token. Events in this subcategory are generated on the computer on which a logon session is created. For an interactive logon, the security audit event is generated on the computer that the user logged on to.
 
diff --git a/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md b/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md
index 7e9d098f5d..9e83b22f8e 100644
--- a/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md
+++ b/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit account logon events
 
-**Applies to**
--   Windows 10
 
 Determines whether to audit each instance of a user logging on to or logging off from another device in which this device is used to validate the account.
 
diff --git a/windows/security/threat-protection/auditing/basic-audit-account-management.md b/windows/security/threat-protection/auditing/basic-audit-account-management.md
index 5541fc0f63..e438366e30 100644
--- a/windows/security/threat-protection/auditing/basic-audit-account-management.md
+++ b/windows/security/threat-protection/auditing/basic-audit-account-management.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit account management
 
-**Applies to**
--   Windows 10
 
 Determines whether to audit each event of account management on a device.
 
diff --git a/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md b/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md
index e52e2e7382..fb18731a64 100644
--- a/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md
+++ b/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit directory service access
 
-**Applies to**
--   Windows 10
 
 Determines whether to audit the event of a user accessing an Active Directory object that has its own system access control list (SACL) specified.
 
diff --git a/windows/security/threat-protection/auditing/basic-audit-logon-events.md b/windows/security/threat-protection/auditing/basic-audit-logon-events.md
index c730790cfa..569a8335dd 100644
--- a/windows/security/threat-protection/auditing/basic-audit-logon-events.md
+++ b/windows/security/threat-protection/auditing/basic-audit-logon-events.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit logon events
 
-**Applies to**
--   Windows 10
 
 Determines whether to audit each instance of a user logging on to or logging off from a device.
 
diff --git a/windows/security/threat-protection/auditing/basic-audit-object-access.md b/windows/security/threat-protection/auditing/basic-audit-object-access.md
index 7bb1357af3..3cc432b64b 100644
--- a/windows/security/threat-protection/auditing/basic-audit-object-access.md
+++ b/windows/security/threat-protection/auditing/basic-audit-object-access.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit object access
 
-**Applies to**
--   Windows 10
 
 Determines whether to audit the event of a user accessing an object--for example, a file, folder, registry key, printer, and so forth--that has its own system access control list (SACL) specified.
 
diff --git a/windows/security/threat-protection/auditing/basic-audit-policy-change.md b/windows/security/threat-protection/auditing/basic-audit-policy-change.md
index a04167e8c2..3e7cc6a8ea 100644
--- a/windows/security/threat-protection/auditing/basic-audit-policy-change.md
+++ b/windows/security/threat-protection/auditing/basic-audit-policy-change.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit policy change
 
-**Applies to**
--   Windows 10
 
 Determines whether to audit every incident of a change to user rights assignment policies, audit policies, or trust policies.
 
diff --git a/windows/security/threat-protection/auditing/basic-audit-privilege-use.md b/windows/security/threat-protection/auditing/basic-audit-privilege-use.md
index 4b6a28a415..ff6e5dff98 100644
--- a/windows/security/threat-protection/auditing/basic-audit-privilege-use.md
+++ b/windows/security/threat-protection/auditing/basic-audit-privilege-use.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit privilege use
 
-**Applies to**
--   Windows 10
 
 Determines whether to audit each instance of a user exercising a user right.
 
diff --git a/windows/security/threat-protection/auditing/basic-audit-process-tracking.md b/windows/security/threat-protection/auditing/basic-audit-process-tracking.md
index c2e1ff94ca..a7f08b9c20 100644
--- a/windows/security/threat-protection/auditing/basic-audit-process-tracking.md
+++ b/windows/security/threat-protection/auditing/basic-audit-process-tracking.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit process tracking
 
-**Applies to**
--   Windows 10
 
 Determines whether to audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access.
 
diff --git a/windows/security/threat-protection/auditing/basic-audit-system-events.md b/windows/security/threat-protection/auditing/basic-audit-system-events.md
index 8c5e33028e..4201c2447f 100644
--- a/windows/security/threat-protection/auditing/basic-audit-system-events.md
+++ b/windows/security/threat-protection/auditing/basic-audit-system-events.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit system events
 
-**Applies to**
--   Windows 10
 
 Determines whether to audit when a user restarts or shuts down the computer or when an event occurs that affects either the system security or the security log.
 
diff --git a/windows/security/threat-protection/auditing/basic-security-audit-policies.md b/windows/security/threat-protection/auditing/basic-security-audit-policies.md
index fd291c792a..012b98550f 100644
--- a/windows/security/threat-protection/auditing/basic-security-audit-policies.md
+++ b/windows/security/threat-protection/auditing/basic-security-audit-policies.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Basic security audit policies
 
-**Applies to**
--   Windows 10
 
 Before you implement auditing, you must decide on an auditing policy. A basic audit policy specifies categories of security-related events that you want to audit. When this version of Windows is first installed, all auditing categories are disabled. By enabling various auditing event categories, you can implement an auditing policy that suits the security needs of your organization.
 
diff --git a/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md
index 0ddb0a6152..0b56e07522 100644
--- a/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md
+++ b/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Basic security audit policy settings
 
-**Applies to**
--   Windows 10
 
 Basic security audit policy settings are found under Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Audit Policy.
 

From 297c11359e7a91e36a29bb17c4d6f1a6cf4f65a9 Mon Sep 17 00:00:00 2001
From: Alekhya Jupudi <v-aljupudi@microsoft.com>
Date: Tue, 7 Sep 2021 09:54:03 +0530
Subject: [PATCH 116/671] 5358700- Batch 01- Windows 11 Update

WINDOWS: Hello for Business update for W11
---
 .../feature-multifactor-unlock.md             | 17 +++++++++--------
 .../hello-aad-join-cloud-only-deploy.md       |  4 ++--
 .../hello-adequate-domain-controllers.md      |  4 ++--
 .../hello-and-password-changes.md             |  6 ++++--
 .../hello-biometrics-in-enterprise.md         |  6 ++++--
 .../hello-cert-trust-adfs.md                  |  1 +
 .../hello-cert-trust-policy-settings.md       | 15 ++++++++-------
 .../hello-cert-trust-validate-ad-prereq.md    |  8 ++++----
 .../hello-cert-trust-validate-deploy-mfa.md   |  7 ++++---
 .../hello-cert-trust-validate-pki.md          |  9 +++++----
 .../hello-deployment-cert-trust.md            |  1 +
 .../hello-deployment-guide.md                 |  3 ++-
 .../hello-deployment-issues.md                |  7 ++++---
 .../hello-deployment-key-trust.md             |  1 +
 .../hello-deployment-rdp-certs.md             |  1 +
 .../hello-errors-during-pin-creation.md       |  6 ++++--
 .../hello-for-business/hello-event-300.md     | 10 ++++++----
 .../hello-feature-dual-enrollment.md          | 10 +++++-----
 .../hello-feature-dynamic-lock.md             |  8 ++++----
 .../hello-feature-pin-reset.md                |  6 ++++--
 .../hello-feature-remote-desktop.md           |  7 ++++---
 .../hello-how-it-works-authentication.md      |  4 +++-
 .../hello-how-it-works-provisioning.md        |  7 ++++---
 .../hello-how-it-works-technology.md          | 19 ++++++++++---------
 .../retired/hello-how-it-works.md             | 16 +++++++++-------
 25 files changed, 105 insertions(+), 78 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
index f80ffec25c..2fe1b87295 100644
--- a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
+++ b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
@@ -1,6 +1,6 @@
 ---
 title: Multi-factor Unlock
-description: Learn how Windows 10 offers multifactor device unlock by extending Windows Hello with trusted signals. 
+description: Learn how Windows 10 and Windows 11 offer multi-factor device unlock by extending Windows Hello with trusted signals. 
 keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, cert-trust, device, registration, unlock, multi, factor, multifactor, multi-factor
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -19,17 +19,19 @@ ms.reviewer:
 # Multi-factor Unlock
 
 **Applies to:**
--   Windows 10
+
+- Windows 10
+- Windows 11
 
 **Requirements:**
 * Windows Hello for Business deployment (Hybrid or On-premises)
 * Azure AD, Hybrid Azure AD, or Domain Joined (Cloud, Hybrid, or On-Premises deployments)
-* Windows 10, version 1709 or newer
+* Windows 10, version 1709 or newer, or Windows 11
 * Bluetooth, Bluetooth capable phone - optional
 
 Windows, today, natively only supports the use of a single credential (password, PIN, fingerprint, face, etc.) for unlocking a device. Therefore, if any of those credentials are compromised (shoulder surfed), an attacker could gain access to the system.
 
-Windows 10 offers Multi-factor device unlock by extending Windows Hello with trusted signals. Administrators can configure Windows 10 to request a combination of factors and trusted signals to unlock their devices. 
+Windows 10 and Windows 11 offer multi-factor device unlock by extending Windows Hello with trusted signals. Administrators can configure their Windows to request a combination of factors and trusted signals to unlock their devices.
 
 Which organizations can take advantage of Multi-factor unlock? Those who:
 * Have expressed that PINs alone do not meet their security needs.
@@ -92,7 +94,7 @@ You represent signal rules in XML.  Each signal rule has an starting and ending
 ```
 
 ### Signal element
-Each rule element has a **signal** element.  All signal elements have a **type** element and value.  Windows 10, version 1709 supports the **ipConfig** and **bluetooth** type values.
+Each rule element has a **signal** element.  All signal elements have a **type** element and value. Windows 10, version 1709 supports the **ipConfig** and **bluetooth** type values.
 
 
 |Attribute|Value|
@@ -133,7 +135,7 @@ The **classofDevice** attribute defaults to Phone and uses the values from the f
 |Health|2304|
 |Uncategorized|7936|
 
-The **rssiMin** attribute value signal indicates the strength needed for the device to be considered "in-range".  The default value of **-10** enables a user to move about an average size office or cubicle without triggering Windows to lock the device.  The **rssiMaxDelta** has a default value of **-10**, which instruct Windows 10 to lock the device once the signal strength weakens by more than measurement of 10.  
+The **rssiMin** attribute value signal indicates the strength needed for the device to be considered "in-range".  The default value of **-10** enables a user to move about an average size office or cubicle without triggering Windows to lock the device.  The **rssiMaxDelta** has a default value of **-10**, which instruct Windows to lock the device once the signal strength weakens by more than measurement of 10.  
 
 RSSI measurements are relative and lower as the bluetooth signals between the two paired devices reduces. Therefore a measurement of 0 is stronger than -10, which is stronger than -60, which is an indicator the devices are moving further apart from each other.
 
@@ -343,11 +345,10 @@ This example configures Wi-Fi as a trusted signal (Windows 10, version 1803)
 
 ### How to configure Multifactor Unlock policy settings
 
-You need a Windows 10, version 1709 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business  Group Policy settings, which includes multi-factor unlock. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows 10. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520). Install the Remote Server Administration Tools for Windows 10 on a computer running Windows 10, version 1709.
+You need at least a Windows 10, version 1709 or later workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business  Group Policy settings, which includes multi-factor unlock. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520). Install the Remote Server Administration Tools for Windows on a computer running Windows 10, version 1709 or later.
 
 Alternatively, you can create copy the .ADMX and .ADML files from a Windows 10, version 1703 to their respective language folder on a Windows Server or you can create a Group Policy Central Store and copy them their respective language folder. See [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administrative-templates-in-windows) for more information.
 
-
 ### Create the Multifactor Unlock Group Policy object
 
 The Group Policy object contains the policy settings needed to trigger Windows Hello for Business provisioning and to ensure Windows Hello for Business authentication certificates are automatically renewed.
diff --git a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md
index 850b4b5214..aa4d0faa2f 100644
--- a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md
+++ b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md
@@ -1,6 +1,6 @@
 ---
 title: Azure Active Directory join cloud only deployment
-description: Use this deployment guide to successfully use Azure Active Directory to join a Windows 10 device. 
+description: Use this deployment guide to successfully use Azure Active Directory to join a Windows 10 or Windows 11 device. 
 keywords: identity, Hello, Active Directory, cloud, 
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -20,7 +20,7 @@ ms.reviewer:
 
 ## Introduction
 
-When you Azure Active Directory (Azure AD) join a Windows 10 device, the system prompts you to enroll in Windows Hello for Business by default. If you want to use Windows Hello for Business in your cloud only environment, then there's no additional configuration needed.
+When you Azure Active Directory (Azure AD) join a Windows 10 or Windows 11 device, the system prompts you to enroll in Windows Hello for Business by default. If you want to use Windows Hello for Business in your cloud only environment, then there's no additional configuration needed.
 
 You may wish to disable the automatic Windows Hello for Business enrollment prompts if you aren't ready to use it in your environment. Instructions on how to disable Windows Hello for Business enrollment in a cloud only environment are included below.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md b/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md
index 25d27e28d3..b317356b81 100644
--- a/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md
+++ b/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md
@@ -20,7 +20,7 @@ ms.reviewer:
 
 **Applies to**
 
-- Windows 10, version 1703 or later
+- Windows 10, version 1703 or later, or Windows 11
 - Windows Server, versions 2016 or later
 - Hybrid or On-Premises deployment
 - Key trust
@@ -32,7 +32,7 @@ ms.reviewer:
 
 How can you find out how many domain controllers are needed? You can use performance monitoring on your domain controllers to determine existing authentication traffic.  Windows Server 2016 and above includes the KDC AS Requests performance counter. You can use this counter to determine how much of a domain controller's load is due to initial Kerberos authentication. It's important to remember that authentication for a Windows Hello for Business key trust deployment does not affect Kerberos authentication - it remains unchanged.
 
-Windows 10 accomplishes Windows Hello for Business key trust authentication by mapping an Active Directory user account to one or more public keys. This mapping occurs on the domain controller, which is why the deployment needs Windows Server 2016 or later domain controllers. Public key mapping is only supported by Windows Server 2016 domain controllers and above. Therefore, users in a key trust deployment must authenticate to a Windows Server 2016 and above domain controller.
+Windows 10 or Windows 11 accomplishes Windows Hello for Business key trust authentication by mapping an Active Directory user account to one or more public keys. This mapping occurs on the domain controller, which is why the deployment needs Windows Server 2016 or later domain controllers. Public key mapping is only supported by Windows Server 2016 domain controllers and above. Therefore, users in a key trust deployment must authenticate to a Windows Server 2016 and above domain controller.
   
 Determining an adequate number of Windows Server domain controllers is important to ensure you have enough domain controllers to satisfy all authentication requests, including users mapped with public key trust. What many administrators do not realize is that adding a domain controller that supports public key mapping (in this case Windows Server 2016 or later) to a deployment of existing domain controllers which do not support public key mapping (Windows Server 2008R2, Windows Server 2012R2) instantly makes that single domain controller susceptible to carrying the most load, or what is commonly referred to as "piling on". To illustrate the "piling on" concept, consider the following scenario:
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md b/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md
index 2eb9365b7b..1933fad122 100644
--- a/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md
+++ b/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md
@@ -1,5 +1,5 @@
 ---
-title: Windows Hello and password changes (Windows 10)
+title: Windows Hello and password changes (Windows)
 description: When you change your password on a device, you may need to sign in with a password on other devices to reset Hello.
 ms.assetid: 83005FE4-8899-47A6-BEA9-C17CCA0B6B55
 ms.reviewer: 
@@ -19,7 +19,9 @@ ms.date: 07/27/2017
 # Windows Hello and password changes
 
 **Applies to**
--   Windows 10
+
+- Windows 10
+- Windows 11
 
 When you set up Windows Hello, the PIN or biometric gesture that you use is specific to that device. You can set up Hello for the same account on multiple devices. If the PIN or biometric is configured as part of Windows Hello for Business, changing the account password will not impact sign-in or unlock with these gestures since it uses a key or certificate. However, if Windows Hello for Business is not deployed and the password for that account changes, you must provide the new password on each device to continue to use Hello.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md
index d0857ccd72..7dc20cb316 100644
--- a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md
+++ b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md
@@ -1,5 +1,5 @@
 ---
-title: Windows Hello biometrics in the enterprise (Windows 10)
+title: Windows Hello biometrics in the enterprise (Windows)
 description: Windows Hello uses biometrics to authenticate users and guard against potential spoofing, through fingerprint matching and facial recognition.
 ms.assetid: d3f27d94-2226-4547-86c0-65c84d6df8Bc
 ms.reviewer: 
@@ -21,7 +21,9 @@ ms.date: 01/12/2021
 # Windows Hello biometrics in the enterprise
 
 **Applies to:**
--   Windows 10
+
+- Windows 10
+- Windows 11
 
 Windows Hello is the biometric authentication feature that helps strengthen authentication and helps to guard against potential spoofing through fingerprint matching and facial recognition.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
index f354ae19d4..4f4f37b876 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
@@ -21,6 +21,7 @@ ms.reviewer:
 **Applies to**
 
 - Windows 10, version 1703 or later
+- Windows 11
 - On-premises deployment
 - Certificate trust
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md
index 7f7f59156a..3ce38ae8f6 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md
@@ -19,12 +19,13 @@ ms.reviewer:
 # Configure Windows Hello for Business Policy settings
 
 **Applies to**
--   Windows 10, version 1703 or later
--   On-premises deployment
--   Certificate trust
+- Windows 10, version 1703 or later
+- Windows 11
+- On-premises deployment
+- Certificate trust
 
-You need a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings.  To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows 10. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520).
-Install the Remote Server Administration Tools for Windows 10 on a computer running Windows 10, version 1703.
+You need at least a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings.  To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520).
+Install the Remote Server Administration Tools for Windows on a computer running Windows 10, version 1703 or later.
 
 On-premises certificate-based deployments of Windows Hello for Business needs three Group Policy settings:
 * Enable Windows Hello for Business
@@ -116,9 +117,9 @@ The default Windows Hello for Business enables users to enroll and use biometric
 
 ### PIN Complexity
 
-PIN complexity is not specific to Windows Hello for Business. Windows 10 enables users to use PINs outside of Windows Hello for Business. PIN Complexity Group Policy settings apply to all uses of PINs, even when Windows Hello for Business is not deployed. 
+PIN complexity is not specific to Windows Hello for Business. Windows enables users to use PINs outside of Windows Hello for Business. PIN Complexity Group Policy settings apply to all uses of PINs, even when Windows Hello for Business is not deployed. 
 
-Windows 10 provides eight PIN Complexity Group Policy settings that give you granular control over PIN creation and management. You can deploy these policy settings to computers, where they affect all users creating PINs on that computer; or, you can deploy these settings to users, where they affect those users creating PINs regardless of the computer they use.  If you deploy both computer and user PIN complexity Group Policy settings, the user policy settings have precedence over computer policy settings. Also, this conflict resolution is based on the last applied policy. Windows does not merge the policy settings automatically; however, you can deploy Group Policy to provide to accomplish a variety of configurations.  The policy settings included are:
+Windows provides eight PIN Complexity Group Policy settings that give you granular control over PIN creation and management. You can deploy these policy settings to computers, where they affect all users creating PINs on that computer; or, you can deploy these settings to users, where they affect those users creating PINs regardless of the computer they use.  If you deploy both computer and user PIN complexity Group Policy settings, the user policy settings have precedence over computer policy settings. Also, this conflict resolution is based on the last applied policy. Windows does not merge the policy settings automatically; however, you can deploy Group Policy to provide to accomplish a variety of configurations.  The policy settings included are:
 * Require digits
 * Require lowercase letters
 * Maximum PIN length
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md
index 57f12a0692..d62bda3427 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md
@@ -19,10 +19,10 @@ ms.reviewer:
 # Validate Active Directory prerequisites
 
 **Applies to**
--   Windows 10, version 1703 or later
--   On-premises deployment
--   Certificate trust
-
+- Windows 10, version 1703 or later
+- Windows 11
+- On-premises deployment
+- Certificate trust
 
 The key registration process for the On-premises deployment of Windows Hello for Business needs the Windows Server 2016 Active Directory or later schema.  The key-trust model receives the schema extension when the first Windows Server 2016 or later domain controller is added to the forest.  The certificate trust model requires manually updating the current schema to the Windows Server 2016 or later schema. If you already have a Windows Server 2016 or later domain controller in your forest, you can skip the **Updating the Schema** and **Create the KeyCredential Admins Security Global Group** steps.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md
index 373a03c97c..6a840d43c6 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md
@@ -16,19 +16,20 @@ localizationpriority: medium
 ms.date: 08/19/2018
 ms.reviewer: 
 ---
-# Validate and Deploy Multi-factor Authentication (MFA)
+# Validate and Deploy Multifactor Authentication (MFA)
 
 **Applies to**
 
 - Windows 10, version 1703 or later
+- Windows 11
 - On-premises deployment
 - Certificate trust
 
-Windows Hello for Business requires all users perform multi-factor authentication prior to creating and registering a Windows Hello for Business credential.  On-premises deployments can use certificates, third-party authentication providers for AD FS, or a custom authentication provider for AD FS as an on-premises MFA option.
+Windows Hello for Business requires all users perform multifactor authentication prior to creating and registering a Windows Hello for Business credential. On-premises deployments can use certificates, third-party authentication providers for AD FS, or a custom authentication provider for AD FS as an on-premises MFA option.
 
 For information on available third-party authentication methods see [Configure Additional Authentication Methods for AD FS](/windows-server/identity/ad-fs/operations/configure-additional-authentication-methods-for-ad-fs). For creating a custom authentication method see [Build a Custom Authentication Method for AD FS in Windows Server](/windows-server/identity/ad-fs/development/ad-fs-build-custom-auth-method)
 
-Follow the integration and deployment guide for the authentication provider you select to integrate and deploy it to AD FS. Make sure that the authentication provider is selected as a multi-factor authentication option in the AD FS authentication policy. For information on configuring AD FS authentication policies see [Configure Authentication Policies](/windows-server/identity/ad-fs/operations/configure-authentication-policies).
+Follow the integration and deployment guide for the authentication provider you select to integrate and deploy it to AD FS. Make sure that the authentication provider is selected as a multifactor authentication option in the AD FS authentication policy. For information on configuring AD FS authentication policies see [Configure Authentication Policies](/windows-server/identity/ad-fs/operations/configure-authentication-policies).
 
 ## Follow the Windows Hello for Business on premises certificate trust deployment guide
 1. [Validate Active Directory prerequisites](hello-cert-trust-validate-ad-prereq.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md
index e4950a9581..d84ad9c32f 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md
@@ -19,9 +19,10 @@ ms.reviewer:
 # Validate and Configure Public Key Infrastructure
 
 **Applies to**
--   Windows 10, version 1703 or later
--   On-premises deployment
--   Certificate trust
+- Windows 10, version 1703 or later
+- Windows 11
+- On-premises deployment
+- Certificate trust
 
 
 Windows Hello for Business must have a public key infrastructure regardless of the deployment or trust model.  All trust models depend on the domain controllers having a certificate.  The certificate serves as a root of trust for clients to ensure they are not communicating with a rogue domain controller.  The certificate trust model extends certificate issuance to client computers.  During Windows Hello for Business provisioning, the user receives a sign-in certificate.
@@ -94,7 +95,7 @@ The certificate template is configured to supersede all the certificate template
 
 ### Configure an Internal Web Server Certificate template
 
-Windows 10 clients use the https protocol when communicating with Active Directory Federation Services.  To meet this need, you must issue a server authentication certificate to all the nodes in the Active Directory Federation Services farm.  On-premises deployments can use a server authentication certificate issued by their enterprise PKI.  You must configure a server authentication certificate template so the host running the Active Directory Federation Service can request the certificate. 
+Windows 10 or Windows 11 clients use the https protocol when communicating with Active Directory Federation Services.  To meet this need, you must issue a server authentication certificate to all the nodes in the Active Directory Federation Services farm.  On-premises deployments can use a server authentication certificate issued by their enterprise PKI.  You must configure a server authentication certificate template so the host running the Active Directory Federation Service can request the certificate.
 
 Sign-in to a certificate authority or management workstations with _Domain Admin_ equivalent credentials.
 1. Open the **Certificate Authority** management console.
diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md
index c8f3f83f76..db310a19e8 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md
@@ -20,6 +20,7 @@ ms.reviewer:
 
 **Applies to**
 -   Windows 10, version 1703 or later
+-   Windows 11
 -   On-premises deployment
 -   Certificate trust
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md
index 1a07013ef3..80a1ca91b3 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md
@@ -21,6 +21,7 @@ ms.reviewer:
 **Applies to**
 
 - Windows 10, version 1703 or later
+- Windows 11
 
 Windows Hello for Business is the springboard to a world without passwords. It replaces username and password sign-in to Windows with strong user authentication based on an asymmetric key pair.
 
@@ -41,7 +42,7 @@ This guide assumes that baseline infrastructure exists which meets the requireme
 - Proper name resolution, both internal and external names
 - Active Directory and an adequate number of domain controllers per site to support authentication
 - Active Directory Certificate Services 2012 or later
-- One or more workstation computers running Windows 10, version 1703
+- One or more workstation computers running Windows 10, version 1703 or later
 
 If you are installing a server role for the first time, ensure the appropriate server operating system is installed, updated with the latest patches, and joined to the domain. This document provides guidance to install and configure the specific roles on that server.  
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md
index a95d9212e0..30dbcc8929 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md
@@ -27,16 +27,17 @@ Applies to:
 
 - Azure AD joined deployments
 - Windows 10, version 1803 and later
+- Windows 11
 
 PIN reset on Azure AD joined devices uses a flow called web sign-in to authenticate the user above lock. Web sign in only allows navigation to specific domains. If it attempts to navigate to a domain that is not allowed it will shows a page with the error message "We can't open that page right now".
 
 ### Identifying Azure AD joined PIN Reset Allowed Domains Issue
 
-The user can launch the PIN reset flow from above lock using the "I forgot my PIN" link in the PIN credential provider. Selecting this link will launch a full screen UI for the PIN experience on Azure AD Join devices. Typically, this UI will display an Azure authentication server page where the user will authenticate using Azure AD credentials and complete multi-factor authentication.
+The user can launch the PIN reset flow from above lock using the "I forgot my PIN" link in the PIN credential provider. Selecting this link will launch a full screen UI for the PIN experience on Azure AD Join devices. Typically, this UI will display an Azure authentication server page where the user will authenticate using Azure AD credentials and complete multifactor authentication.
 
-In federated environments authentication may be configured to route to AD FS or a third party identity provider. If the PIN reset flow is launched and attempts to navigate to a federated identity provider server page, it will fail and display the "We can't open that page right now" error if the domain for the server page is not included in an allow list.
+In federated environments authentication may be configured to route to AD FS or a third-party identity provider. If the PIN reset flow is launched and attempts to navigate to a federated identity provider server page, it will fail and display the "We can't open that page right now" error if the domain for the server page is not included in an allow list.
 
-If you are a customer of Azure US Government cloud, PIN reset will also attempt to navigate to a domain that is not included in the default allow list. This results in "We can't open that page right now".
+If you are a customer of Azure US Government cloud, PIN reset will also attempt to navigate to a domain that is not included in the default allowlist. This results in "We can't open that page right now".
 
 ### Resolving Azure AD joined PIN Reset Allowed Domains Issue
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md
index e748408fb5..5a5f0334f7 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md
@@ -20,6 +20,7 @@ ms.reviewer:
 
 **Applies to**
 -   Windows 10, version 1703 or later
+-   Windows 11
 -   On-premises deployment
 -   Key trust 
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md
index 0bbce98b00..260463cdb8 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md
@@ -22,6 +22,7 @@ ms.reviewer:
 **Applies To**
 
 - Windows 10, version 1703 or later
+- Windows 11
 - Hybrid deployment
 - Key trust
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
index 48a0d130df..f6d78686a8 100644
--- a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
+++ b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
@@ -1,5 +1,5 @@
 ---
-title: Windows Hello errors during PIN creation (Windows 10)
+title: Windows Hello errors during PIN creation (Windows)
 description: When you set up Windows Hello in Windows 10, you may get an error during the Create a work PIN step.
 ms.assetid: DFEFE22C-4FEF-4FD9-BFC4-9B419C339502
 ms.reviewer: 
@@ -21,7 +21,9 @@ ms.date: 05/05/2018
 # Windows Hello errors during PIN creation
 
 **Applies to**
--   Windows 10
+
+- Windows 10
+- Windows 11
 
 When you set up Windows Hello in Windows 10, you may get an error during the **Create a PIN** step. This topic lists some of the error codes with recommendations for mitigating the problem. If you get an error code that is not listed here, contact Microsoft Support.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-event-300.md b/windows/security/identity-protection/hello-for-business/hello-event-300.md
index fd2d0dbe71..a41f3c8418 100644
--- a/windows/security/identity-protection/hello-for-business/hello-event-300.md
+++ b/windows/security/identity-protection/hello-for-business/hello-event-300.md
@@ -1,5 +1,5 @@
 ---
-title: Event ID 300 - Windows Hello successfully created (Windows 10)
+title: Event ID 300 - Windows Hello successfully created (Windows)
 description: This event is created when a Windows Hello for Business is successfully created and registered with Azure Active Directory (Azure AD).
 ms.assetid: 0DD59E75-1C5F-4CC6-BB0E-71C83884FF04
 ms.reviewer: 
@@ -21,19 +21,21 @@ ms.date: 07/27/2017
 # Event ID 300 - Windows Hello successfully created
 
 **Applies to**
--   Windows 10
+
+- Windows 10
+- Windows 11
 
 
 This event is created when Windows Hello for Business is successfully created and registered with Azure Active Directory (Azure AD). Applications or services can trigger actions on this event. For example, a certificate provisioning service can listen to this event and trigger a certificate request.
 
 ## Event details
 
-| **Product:** |                                                                                                                                            Windows 10 operating system                                                                                                                                            |
+| **Product:** |                                                                                                                                            Windows 10 or Windows 11 operating system                                                                                                                                            |
 |--------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | **Log:**     | Event Viewer > Applications and Service Logs\Microsoft\Windows\User Device Registration\Admin |
 |   **ID:**    |                                                                                                                                                        300                                                                                                                                                        |
 | **Source:**  |                                                                                                                                    Microsoft Azure Device Registration Service                                                                                                                                    |
-| **Version:** |                                                                                                                                                        10                                                                                                                                                         |
+| **Version:** |                                                                                                                                                        10    or 11                                                                                                                                                     |
 | **Message:** | The NGC key was successfully registered. Key ID: {4476694e-8e3b-4ef8-8487-be21f95e6f07}. UPN:test@contoso.com. Attestation: ATT\_SOFT. Client request ID: . Server request ID: db2da6bd-3d70-4b9b-b26b-444f669902da.</br>Server response: {"kid":"4476694e-8e3b-4ef8-8487-be21f95e6f07","upn":"test@contoso.com"} |
  
 ## Resolve
diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md b/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md
index f62a626f0a..82cb73cd43 100644
--- a/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md
+++ b/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md
@@ -23,7 +23,7 @@ ms.reviewer:
 
 * Hybrid and On-premises Windows Hello for Business deployments
 * Enterprise joined or Hybrid Azure joined devices
-* Windows 10, version 1709
+* Windows 10, version 1709 or later
 * Certificate trust
 
 > [!NOTE]
@@ -34,12 +34,12 @@ ms.reviewer:
 
 Dual enrollment enables administrators to perform elevated, administrative functions by enrolling both their non-privileged and privileged credentials on their device.
 
-By design, Windows 10 does not enumerate all Windows Hello for Business users from within a user's session.  Using the computer Group Policy setting, **Allow enumeration of emulated smart card for all users**, you can configure a device to enumerate all enrolled Windows Hello for Business credentials on selected devices.
+By design, Windows does not enumerate all Windows Hello for Business users from within a user's session.  Using the computer Group Policy setting, **Allow enumeration of emulated smart card for all users**, you can configure a device to enumerate all enrolled Windows Hello for Business credentials on selected devices.
 
-With this setting, administrative users can sign in to Windows 10, version 1709 using their non-privileged Windows Hello for Business credentials for normal work flow such as email, but can launch Microsoft Management Consoles (MMCs), Remote Desktop Services clients, and other applications by selecting **Run as different user** or **Run as administrator**, selecting the privileged user account, and providing their PIN.  Administrators can also take advantage of this feature with command-line applications by using **runas.exe** combined with the **/smartcard** argument.  This enables administrators to perform their day-to-day operations without needing to sign in and out, or use fast user switching when alternating between privileged and non-privileged workloads.
+With this setting, administrative users can sign in to Windows 10, version 1709 or later using their non-privileged Windows Hello for Business credentials for normal work flow such as email, but can launch Microsoft Management Consoles (MMCs), Remote Desktop Services clients, and other applications by selecting **Run as different user** or **Run as administrator**, selecting the privileged user account, and providing their PIN.  Administrators can also take advantage of this feature with command-line applications by using **runas.exe** combined with the **/smartcard** argument.  This enables administrators to perform their day-to-day operations without needing to sign in and out, or use fast user switching when alternating between privileged and non-privileged workloads.
 
 > [!IMPORTANT]
-> You must configure a Windows 10 computer for Windows Hello for Business dual enrollment before either user (privileged or non-privileged) provisions Windows Hello for Business.  Dual enrollment is a special setting that is configured on the Windows Hello container during creation.
+> You must configure a Windows computer for Windows Hello for Business dual enrollment before either user (privileged or non-privileged) provisions Windows Hello for Business.  Dual enrollment is a special setting that is configured on the Windows Hello container during creation.
 
 ## Configure Windows Hello for Business Dual Enrollment
 
@@ -69,7 +69,7 @@ where **DC=domain,DC=com** is the LDAP path of your Active Directory domain and
 
 ### Configuring Dual Enrollment using Group Policy
 
-You configure Windows 10 to support dual enrollment using the computer configuration portion of a Group Policy object.
+You configure Windows 10 or Windows 11 to support dual enrollment using the computer configuration portion of a Group Policy object.
 
 1. Using the Group Policy Management Console (GPMC), create a new domain-based Group Policy object and link it to an organizational Unit that contains Active Directory computer objects used by privileged users.
 2. Edit the Group Policy object from step 1.
diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md
index 53985965fb..6a880c9a9c 100644
--- a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md
+++ b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md
@@ -1,6 +1,6 @@
 ---
 title: Dynamic lock
-description: Learn how to set Dynamic lock on Windows 10 devices, by configuring group policies. This feature locks a device when a Bluetooth signal falls below a set value.
+description: Learn how to set Dynamic lock on Windows 10 and Windows 11 devices, by configuring group policies. This feature locks a device when a Bluetooth signal falls below a set value.
 keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, cert-trust, device, registration, unlock, conditional access
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -21,9 +21,9 @@ ms.reviewer:
 
 **Requirements:**
 
-* Windows 10, version 1703
+* Windows 10, version 1703 or later
 
-Dynamic lock enables you to configure Windows 10 devices to automatically lock when Bluetooth paired device signal falls below the maximum Received Signal Strength Indicator (RSSI) value. This makes it more difficult for someone to gain access to your device if you step away from your PC and forget to lock it.
+Dynamic lock enables you to configure Windows devices to automatically lock when Bluetooth paired device signal falls below the maximum Received Signal Strength Indicator (RSSI) value. This makes it more difficult for someone to gain access to your device if you step away from your PC and forget to lock it.
 
 You configure the dynamic lock policy using Group Policy.  You can locate the policy setting at **Computer Configuration\Administrative Templates\Windows Components\Windows Hello for Business**.  The name of the policy is **Configure dynamic lock factors**.
 
@@ -54,7 +54,7 @@ For this policy setting, the **type** and **scenario** attribute values are stat
 |Health|2304|
 |Uncategorized|7936|
 
-The **rssiMin** attribute value signal indicates the strength needed for the device to be considered "in-range".  The default value of **-10** enables a user to move about an average size office or cubicle without triggering Windows to lock the device.  The **rssiMaxDelta** has a default value of **-10**, which instruct Windows 10 to lock the device once the signal strength weakens by more than measurement of 10.  
+The **rssiMin** attribute value signal indicates the strength needed for the device to be considered "in-range".  The default value of **-10** enables a user to move about an average size office or cubicle without triggering Windows to lock the device.  The **rssiMaxDelta** has a default value of **-10**, which instruct Windows to lock the device once the signal strength weakens by more than measurement of 10.  
 
 RSSI measurements are relative and lower as the bluetooth signals between the two paired devices reduces. Therefore a measurement of 0 is stronger than -10, which is stronger than -60, which is an indicator the devices are moving further apart from each other.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md
index 2fbed0b012..25b4269de7 100644
--- a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md
+++ b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md
@@ -22,6 +22,7 @@ ms.reviewer:
 **Applies to:**
 
 - Windows 10, version 1709 or later
+- Windows 11
 
 Windows Hello for Business provides the capability for users to reset forgotten PINs using the "I forgot my PIN link" from the Sign-in options page in Settings or from above the lock screen. User's are required to authenticate and complete multifactor authentication to reset their PIN.
 
@@ -81,7 +82,7 @@ Visit the [Windows Hello for Business Videos](./hello-videos.md) page and watch
 
 When non-destructive PIN reset is enabled on a client, a 256-bit AES key is generated locally and added to a user's Windows Hello for Business container and keys as the PIN reset protector. This PIN reset protector is encrypted using a public key retrieved from the Microsoft PIN reset service and then stored on the client for later use during PIN reset. After a user initiates a PIN reset, completes authentication to Azure, and completes multifactor authentication, the encrypted PIN reset protector is sent to the Microsoft PIN reset service, decrypted, and returned to the client. The decrypted PIN reset protector is used to change the PIN used to authorize Windows Hello for Business keys and it is then cleared from memory.
 
-Using Group Policy, Microsoft Intune or a compatible MDM, you can configure Windows 10 devices to securely use the Microsoft PIN reset service that enables users to reset their forgotten PIN through settings or above the lock screen without requiring re-enrollment.
+Using Group Policy, Microsoft Intune or a compatible MDM, you can configure Windows devices to securely use the Microsoft PIN reset service that enables users to reset their forgotten PIN through settings or above the lock screen without requiring re-enrollment.
 
 >[!IMPORTANT]
 > The Microsoft PIN Reset service only works with **Enterprise Edition** for Windows 10, version 1709 to 1809.  The feature works with **Enterprise Edition** and **Pro** edition with Windows 10, version 1903 and newer.
@@ -114,7 +115,7 @@ Before you can remotely reset PINs, you must on-board the Microsoft PIN reset se
 
 ### Configure Windows devices to use PIN reset using Group Policy
 
-You configure Windows 10 to use the Microsoft PIN Reset service using the computer configuration portion of a Group Policy object.
+You can configure Windows to use the Microsoft PIN Reset service using the computer configuration portion of a Group Policy object.
 
 1. Using the Group Policy Management Console (GPMC), scope a domain-based Group Policy to computer accounts in Active Directory.
 1. Edit the Group Policy object from Step 1.
@@ -188,6 +189,7 @@ The PIN reset configuration for a user can be viewed by running [**dsregcmd /sta
 **Applies to:**
 
 - Windows 10, version 1803 or later
+- Windows 11
 - Azure AD joined
 
 The [ConfigureWebSignInAllowedUrls](/windows/client-management/mdm/policy-csp-authentication#authentication-configurewebsigninallowedurls) policy allows you to specify a list of domains that are allowed to be navigated to during PIN reset flows on Azure AD joined devices. If you have a federated environment and authentication is handled using AD FS or a third-party identity provider, this policy should be set to ensure that authentication pages from that identity provider can be used during Azure AD joined PIN reset.
diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
index 550cddc3cc..8ed00949b2 100644
--- a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
+++ b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
@@ -22,6 +22,7 @@ ms.reviewer:
 **Requirements**
 
 - Windows 10
+- Windows 11
 - Cloud only, Hybrid, and On-premises only  Windows Hello for Business deployments
 - Azure AD joined, Hybrid Azure AD joined, and Enterprise joined devices
 
@@ -36,9 +37,9 @@ Microsoft continues to investigate supporting using keys trust for supplied cred
 - Cloud only, Hybrid, and On-premises only Windows Hello for Business deployments
 - Azure AD joined, Hybrid Azure AD joined, and Enterprise joined devices
 - Biometric enrollments
-- Windows 10, version 1809
+- Windows 10, version 1809 or later
 
-Users using earlier versions of Windows 10 could authenticate to a remote desktop using Windows Hello for Business but were limited to using their PIN as their authentication gesture.  Windows 10, version 1809 introduces the ability for users to authenticate to a remote desktop session using their Windows Hello for Business biometric gesture.  The feature is on by default, so your users can take advantage of it as soon as they upgrade to Windows 10, version 1809.
+Users using earlier versions of Windows 10 could authenticate to a remote desktop using Windows Hello for Business but were limited to using their PIN as their authentication gesture.  Windows 10, version 1809 or later introduces the ability for users to authenticate to a remote desktop session using their Windows Hello for Business biometric gesture.  The feature is on by default, so your users can take advantage of it as soon as they upgrade to Windows 10, version 1809.
 
 ### How does it work
 
@@ -48,7 +49,7 @@ A certificate on a smart card starts with creating an asymmetric key pair using
 
 This same concept applies to Windows Hello for Business. Except, the keys are created using the Microsoft Passport KSP and the user's private key remains protected by the device's security module (TPM) and the user's gesture (PIN/biometric).  The certificate APIs hide this complexity.  When an application uses a certificate, the certificate APIs locate the keys using the saved key storage provider.  The key storage providers directs the certificate APIs on which provider they use to find the private key associated with the certificate.  This is how Windows knows you have a smart card certificate without the smart card inserted (and prompts you to insert the smart card).
 
-Windows Hello for Business emulates a smart card for application compatibility.  Versions of Windows 10 prior to version 1809, would redirect private key access for Windows Hello for Business certificate to use its emulated smart card using the Microsoft Smart Card KSP, which would enable the user to provide their PIN.  Windows 10, version 1809 no longer redirects private key access for Windows Hello for Business certificates to the Microsoft Smart Card KSP-- it continues using the Microsoft Passport KSP. The Microsoft Passport KSP enabled Windows 10 to prompt the user for their biometric gesture or PIN.
+Windows Hello for Business emulates a smart card for application compatibility.  Versions of Windows 10 prior to version 1809, would redirect private key access for Windows Hello for Business certificate to use its emulated smart card using the Microsoft Smart Card KSP, which would enable the user to provide their PIN.  Windows 10, version 1809 or later no longer redirects private key access for Windows Hello for Business certificates to the Microsoft Smart Card KSP-- it continues using the Microsoft Passport KSP. The Microsoft Passport KSP enabled Windows to prompt the user for their biometric gesture or PIN.
 
 ### Compatibility
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md
index 1efcc90b24..d6cff27980 100644
--- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md
+++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md
@@ -18,7 +18,9 @@ ms.reviewer:
 # Windows Hello for Business and Authentication
 
 **Applies to:**
--   Windows 10
+
+- Windows 10
+- Windows 11
 
 Windows Hello for Business authentication is passwordless, two-factor authentication.  Authenticating with Windows Hello for Business provides a convenient sign-in experience that authenticates the user to both Azure Active Directory and Active Directory resources.<br>
 Azure Active Directory joined devices authenticate to Azure during sign-in and can optional authenticate to Active Directory.  Hybrid Azure Active Directory joined devices authenticate to Active Directory during sign-in, and authenticate to Azure Active Directory in the background.<br>
diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md
index 20008e7565..90f0880e9b 100644
--- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md
+++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md
@@ -16,9 +16,10 @@ ms.date: 08/19/2018
 ms.reviewer: 
 ---
 # Windows Hello for Business Provisioning
-<span id="windows-hello-for-business-provisioning" />
-<b>Applies to:</b>
--   Windows 10
+
+**Applies to:**
+- Windows 10
+- Windows 11
 
 Windows Hello for Business provisioning enables a user to enroll a new, strong, two-factor credential that they can use for passwordless authentication.  Provisioning experience vary based on:
 - How the device is joined to Azure Active Directory
diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md
index af9083a431..cae576ab66 100644
--- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md
+++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md
@@ -19,6 +19,7 @@ ms.reviewer:
 
 **Applies to:**
 - Windows 10
+- Windows 11
 
 - [Attestation Identity Keys](#attestation-identity-keys)
 - [Azure AD Joined](#azure-ad-joined)
@@ -44,15 +45,15 @@ ms.reviewer:
   <hr>
 
 ## Attestation Identity Keys
-Because the endorsement certificate is unique for each device and does not change, the usage of it may present privacy concerns because it's theoretically possible to track a specific device. To avoid this privacy problem, Windows 10 issues a derived attestation anchor based on the endorsement certificate. This intermediate key, which can be attested to an endorsement key, is the Attestation Identity Key (AIK) and the corresponding certificate is called the AIK certificate. This AIK certificate is issued by a Microsoft cloud service.
+Because the endorsement certificate is unique for each device and does not change, the usage of it may present privacy concerns because it's theoretically possible to track a specific device. To avoid this privacy problem, Windows issues a derived attestation anchor based on the endorsement certificate. This intermediate key, which can be attested to an endorsement key, is the Attestation Identity Key (AIK) and the corresponding certificate is called the AIK certificate. This AIK certificate is issued by a Microsoft cloud service.
 
 > [!NOTE]
-> The AIK certificate must be provisioned in conjunction with a third-party service like the Microsoft Cloud CA service. After it is provisioned, the AIK private key can be used to report platform configuration. Windows 10 creates a signature over the platform log state (and a monotonic counter value) at each boot by using the AIK.
+> The AIK certificate must be provisioned in conjunction with a third-party service like the Microsoft Cloud CA service. After it is provisioned, the AIK private key can be used to report platform configuration. Windows creates a signature over the platform log state (and a monotonic counter value) at each boot by using the AIK.
 > The AIK is an asymmetric (public/private) key pair that is used as a substitute for the EK as an identity for the TPM for privacy purposes. The private portion of an AIK is never revealed or used outside the TPM and can only be used inside the TPM for a limited set of operations. Furthermore, it can only be used for signing, and only for limited, TPM-defined operations.
 
-Windows 10 creates AIKs protected by the TPM, if available, that are 2048-bit RSA signing keys. Microsoft hosts a cloud service called Microsoft Cloud CA to establish cryptographically that it is communicating with a real TPM and that the TPM possesses the presented AIK. After the Microsoft Cloud CA service has established these facts, it will issue an AIK certificate to the Windows 10 device.
+Windows creates AIKs protected by the TPM, if available, that are 2048-bit RSA signing keys. Microsoft hosts a cloud service called Microsoft Cloud CA to establish cryptographically that it is communicating with a real TPM and that the TPM possesses the presented AIK. After the Microsoft Cloud CA service has established these facts, it will issue an AIK certificate to the Windows device.
 
-Many existing devices that will upgrade to Windows 10 will not have a TPM, or the TPM will not contain an endorsement certificate. **To accommodate those devices, Windows 10 allows the issuance of AIK certificates without the presence of an endorsement certificate.** Such AIK certificates are not issued by Microsoft Cloud CA. Note that this is not as trustworthy as an endorsement certificate that is burned into the device during manufacturing, but it will provide compatibility for advanced scenarios like Windows Hello for Business without TPM.
+Many existing devices that will upgrade to Windows 10 will not have a TPM, or the TPM will not contain an endorsement certificate. **To accommodate those devices, Windows 10 or Windows 11 allows the issuance of AIK certificates without the presence of an endorsement certificate.** Such AIK certificates are not issued by Microsoft Cloud CA. Note that this is not as trustworthy as an endorsement certificate that is burned into the device during manufacturing, but it will provide compatibility for advanced scenarios like Windows Hello for Business without TPM.
 
 In the issued AIK certificate, a special OID is added to attest that endorsement certificate was used during the attestation process. This information can be leveraged by a relying party to decide whether to reject devices that are attested using AIK certificates without an endorsement certificate or accept them. Another scenario can be to not allow access to high-value assets from devices that are attested by an AIK certificate that is not backed by an endorsement certificate.
 
@@ -102,7 +103,7 @@ The Windows Hello for Business Cloud deployment is exclusively for organizations
 
 [Return to Top](hello-how-it-works-technology.md)
 ## Cloud Experience Host
-In Windows 10, Cloud Experience Host is an application used while joining the workplace environment or Azure AD for rendering the experience when collecting your company-provided credentials. Once you enroll your device to your workplace environment or Azure AD, your organization will be able to manage your PC and collect information about you (including your location). It might add or remove apps or content, change settings, disable features, prevent you from removing your company account, or reset your PC. 
+In Windows 10 and Windows 11, Cloud Experience Host is an application used while joining the workplace environment or Azure AD for rendering the experience when collecting your company-provided credentials. Once you enroll your device to your workplace environment or Azure AD, your organization will be able to manage your PC and collect information about you (including your location). It might add or remove apps or content, change settings, disable features, prevent you from removing your company account, or reset your PC. 
 
 ### Related topics
 [Windows Hello for Business](./hello-identity-verification.md), [Managed Windows Hello in Organization](./hello-manage-in-organization.md)
@@ -138,7 +139,7 @@ The endorsement key is often accompanied by one or two digital certificates:
 -   One certificate is produced by the TPM manufacturer and is called the **endorsement certificate**. The endorsement certificate is used to prove the authenticity of the TPM (for example, that it's a real TPM manufactured by a specific chip maker) to local processes, applications, or cloud services. The endorsement certificate is created during manufacturing or the first time the TPM is initialized by communicating with an online service.
 -   The other certificate is produced by the platform builder and is called the **platform certificate** to indicate that a specific TPM is integrated with a certain device.
 
-For certain devices that use firmware-based TPM produced by Intel or Qualcomm, the endorsement certificate is created when the TPM is initialized during the OOBE of Windows 10.
+For certain devices that use firmware-based TPM produced by Intel or Qualcomm, the endorsement certificate is created when the TPM is initialized during the OOBE of Windows 10 and Windows 11.
 
 ### Related topics
 [Attestation Identity Keys](#attestation-identity-keys), [Storage Root Key](#storage-root-key), [Trusted Platform Module](#trusted-platform-module)
@@ -279,15 +280,15 @@ The trust type determines how a user authenticates to the Active Directory to ac
 
 A Trusted Platform Module (TPM) is a hardware component that provides unique security features.<br>
 
-Windows 10 leverages security characteristics of a TPM for measuring boot integrity sequence (and based on that, unlocking automatically BitLocker protected drives), for protecting credentials or for health attestation.
+Windows leverages security characteristics of a TPM for measuring boot integrity sequence (and based on that, unlocking automatically BitLocker protected drives), for protecting credentials or for health attestation.
 
 A TPM implements controls that meet the specification described by the Trusted Computing Group (TCG). At the time of this writing, there are two versions of TPM specification produced by TCG that are not compatible with each other:
 - The first TPM specification, version 1.2, was published in February 2005 by the TCG and standardized under ISO / IEC 11889 standard.
 - The latest TPM specification, referred to as TPM 2.0, was released in April 2014 and has been approved by the ISO/IEC Joint Technical Committee (JTC) as ISO/IEC 11889:2015.
 
-Windows 10 uses the TPM for cryptographic calculations as part of health attestation and to protect the keys for BitLocker, Windows Hello, virtual smart cards, and other public key certificates. For more information, see [TPM requirements in Windows 10](../../information-protection/tpm/tpm-recommendations.md).
+Windows 10 and Windows 11 use the TPM for cryptographic calculations as part of health attestation and to protect the keys for BitLocker, Windows Hello, virtual smart cards, and other public key certificates. For more information, see [TPM requirements in Windows](../../information-protection/tpm/tpm-recommendations.md).
 
-Windows 10 recognizes versions 1.2 and 2.0 TPM specifications produced by the TCG. For the most recent and modern security features, Windows 10 supports only TPM 2.0. 
+Windows recognizes versions 1.2 and 2.0 TPM specifications produced by the TCG. For the most recent and modern security features, Windows 10 and Windows 11 support only TPM 2.0.
 
 TPM 2.0 provides a major revision to the capabilities over TPM 1.2:
 
diff --git a/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md
index 2ad3bb1f3b..2b44b1c81f 100644
--- a/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md
+++ b/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md
@@ -1,5 +1,5 @@
 ---
-title: How Windows Hello for Business works (Windows 10)
+title: How Windows Hello for Business works (Windows)
 description: Learn about registration, authentication, key material, and infrastructure for Windows Hello for Business.
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -16,8 +16,10 @@ ms.topic: article
 # How Windows Hello for Business works
 
 **Applies to**
--   Windows 10
--   Windows 10 Mobile
+
+- Windows 10
+- Windows 11
+- Windows 10 Mobile
 
 Windows Hello for Business requires a registered device. When the device is set up, its user can use the device to authenticate to services. This topic explains how device registration works, what happens when a user requests authentication, how key material is stored and processed, and which servers and infrastructure components are involved in different parts of this process.
 
@@ -30,15 +32,15 @@ A goal of device registration is to allow a user to open a brand-new device, sec
 
  The registration process works like this: 
  
-1. The user configures an account on the device. This account can be a local account on the device, a domain account stored in the on-premises Active Directory domain, a Microsoft account, or an Azure AD account. For a new device, this step may be as simple as signing in with a Microsoft account. Signing in with a Microsoft account on a Windows 10 device automatically sets up Windows Hello on the device; users don’t have to do anything extra to enable it. 
+1. The user configures an account on the device. This account can be a local account on the device, a domain account stored in the on-premises Active Directory domain, a Microsoft account, or an Azure AD account. For a new device, this step may be as simple as signing in with a Microsoft account. Signing in with a Microsoft account on a Windows 10 or Windows 11 device automatically sets up Windows Hello on the device; users don’t have to do anything extra to enable it. 
 2. To sign in using that account, the user has to enter the existing credentials for it. The identity provider (IDP) that “owns” the account receives the credentials and authenticates the user. This IDP authentication may include the use of an existing second authentication factor, or proof. For example, a user who registers a new device by using an Azure AD account will have to provide an SMS-based proof that Azure AD sends. 
 3. When the user has provided the proof to the IDP, the user enables PIN authentication. The PIN will be associated with this particular credential. When the user sets the PIN, it becomes usable immediately 
 
 The PIN chosen is associated with the combination of the active account and that specific device. The PIN must comply with whatever length and complexity policy the account administrator has configured; this policy is enforced on the device side. Other registration scenarios that Windows Hello supports are:
 
 - A user who upgrades from the Windows 8.1 operating system will sign in by using the existing enterprise password. That triggers a second authentication factor from the IDP side (if required); after receiving and returning a proof, such as a text message or voice code, the IDP authenticates the user to the upgraded Windows 10 device, and the user can set his or her PIN.
-- A user who typically uses a smart card to sign in will be prompted to set up a PIN the first time he or she signs in to a Windows 10 device the user has not previously signed in to.
-- A user who typically uses a virtual smart card to sign in will be prompted to set up a PIN the first time he or she signs in to a Windows 10 device the user has not previously signed in to.
+- A user who typically uses a smart card to sign in will be prompted to set up a PIN the first time he or she signs in to a Windows 10 or Windows 11 device the user has not previously signed in to.
+- A user who typically uses a virtual smart card to sign in will be prompted to set up a PIN the first time he or she signs in to a Windows 10 and Windows 11 device the user has not previously signed in to.
 
 When the user has completed this process, Windows Hello generates a new public–private key pair on the device. The TPM generates and protects this private key; if the device doesn’t have a TPM, the private key is encrypted and stored in software. This initial key is referred to as the protector key. It’s associated only with a single gesture; in other words, if a user registers a PIN, a fingerprint, and a face on the same device, each of those gestures will have a unique protector key. Each unique gesture generates a unique protector key. The protector key securely wraps the authentication key. The container has only one authentication key, but there can be multiple copies of that key wrapped with different unique protector keys. Windows Hello also generates an administrative key that the user or administrator can use to reset credentials, when necessary. In addition to the protector key, TPM-enabled devices generate a block of data that contains attestations from the TPM.
 
@@ -46,7 +48,7 @@ At this point, the user has a PIN gesture defined on the device and an associate
 
 ## What’s a container?
 
-You’ll often hear the term *container* used in reference to mobile device management (MDM) solutions. Windows Hello uses the term, too, but in a slightly different way. Container in this context is shorthand for a logical grouping of key material or data. Windows 10 Hello uses a single container that holds user key material for personal accounts, including key material associated with the user’s Microsoft account or with other consumer identity providers, and credentials associated with a workplace or school account.
+You’ll often hear the term *container* used in reference to mobile device management (MDM) solutions. Windows Hello uses the term, too, but in a slightly different way. Container in this context is shorthand for a logical grouping of key material or data. Windows 10 or Windows 11 Hello uses a single container that holds user key material for personal accounts, including key material associated with the user’s Microsoft account or with other consumer identity providers, and credentials associated with a workplace or school account.
 
 The container holds enterprise credentials only on devices that have been registered with an organization; it contains key material for the enterprise IDP, such as on-premises Active Directory or Azure AD. 
 

From 01d023b5c878c29bef457d647332ea005dfb2644 Mon Sep 17 00:00:00 2001
From: Meghana Athavale <v-mathavale@microsoft.com>
Date: Tue, 7 Sep 2021 10:21:15 +0530
Subject: [PATCH 117/671] Updated

---
 .../tpm/initialize-and-configure-ownership-of-the-tpm.md    | 6 +++---
 .../security/information-protection/tpm/tpm-fundamentals.md | 2 +-
 .../tpm/trusted-platform-module-overview.md                 | 4 ++--
 ...rusted-platform-module-services-group-policy-settings.md | 5 ++---
 4 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md b/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
index d8af529bde..b309abe563 100644
--- a/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
+++ b/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
@@ -108,7 +108,7 @@ Membership in the local Administrators group, or equivalent, is the minimum requ
 
 7.  After the PC restarts, your TPM will be automatically prepared for use by Windows.
 
-## <a href="" id="turn-on-or-turn-off"></a>Turn on or turn off the TPM (available only with TPM 1.2 with Windows 10, version 1507 or 1511, or Windows 11)
+## <a href="" id="turn-on-or-turn-off"></a>Turn on or turn off the TPM (available only with TPM 1.2 with Windows 10, version 1507 or 1511)
 
 Normally, the TPM is turned on as part of the TPM initialization process. You do not normally need to turn the TPM on or off. However, if necessary you can do so by using the TPM MMC.
 
@@ -116,7 +116,7 @@ Normally, the TPM is turned on as part of the TPM initialization process. You do
 
 If you want to use the TPM after you have turned it off, you can use the following procedure to turn on the TPM.
 
-**To turn on the TPM (TPM 1.2 with Windows 10, version 1507 or 1511, or Windows 11 only)**
+**To turn on the TPM (TPM 1.2 with Windows 10, version 1507 or 1511 only)**
 
 1.  Open the TPM MMC (tpm.msc).
 
@@ -130,7 +130,7 @@ If you want to use the TPM after you have turned it off, you can use the followi
 
 If you want to stop using the services that are provided by the TPM, you can use the TPM MMC to turn off the TPM.
 
-**To turn off the TPM (TPM 1.2 with Windows 10, version 1507 or 1511, or Windows 11 only)**
+**To turn off the TPM (TPM 1.2 with Windows 10, version 1507 or 1511 only)**
 
 1. Open the TPM MMC (tpm.msc).
 
diff --git a/windows/security/information-protection/tpm/tpm-fundamentals.md b/windows/security/information-protection/tpm/tpm-fundamentals.md
index d33693d90e..faf6827fc3 100644
--- a/windows/security/information-protection/tpm/tpm-fundamentals.md
+++ b/windows/security/information-protection/tpm/tpm-fundamentals.md
@@ -135,7 +135,7 @@ Increasing the PIN length requires a greater number of guesses for an attacker.
 In that case, the lockout duration between each guess can be shortened to allow legitimate users to retry a failed attempt sooner, while maintaining a similar level of protection.
 
 Beginning with Windows 10, version 1703, the minimum length for the BitLocker PIN was increased to 6 characters to better align with other Windows features that leverage TPM 2.0, including Windows Hello.
-To help organizations with the transition, beginning with Windows 10, version 1709 and Windows 10, version 1703, or Windows 11, with the October 2017 [cumulative update](https://support.microsoft.com/help/4018124) installed, the BitLocker PIN length is 6 characters by default, but it can be reduced to 4 characters.
+To help organizations with the transition, beginning with Windows 10, version 1709 and Windows 10, version 1703 with the October 2017 [cumulative update](https://support.microsoft.com/help/4018124) installed, and Windows 11, the BitLocker PIN length is 6 characters by default, but it can be reduced to 4 characters.
 If the minimum PIN length is reduced from the default of six characters, then the TPM 2.0 lockout period will be extended.
 
 ### TPM-based smart cards
diff --git a/windows/security/information-protection/tpm/trusted-platform-module-overview.md b/windows/security/information-protection/tpm/trusted-platform-module-overview.md
index 97ceecd48d..e401d19506 100644
--- a/windows/security/information-protection/tpm/trusted-platform-module-overview.md
+++ b/windows/security/information-protection/tpm/trusted-platform-module-overview.md
@@ -54,7 +54,7 @@ Certificates can be installed or created on computers that are using the TPM. Af
 
 Automated provisioning in the TPM reduces the cost of TPM deployment in an enterprise. New APIs for TPM management can determine if TPM provisioning actions require physical presence of a service technician to approve TPM state change requests during the boot process.
 
-Antimalware software can use the boot measurements of the operating system start state to prove the integrity of a computer running Windows 10 and Windows 11, or Windows Server 2016. These measurements include the launch of Hyper-V to test that datacenters using virtualization are not running untrusted hypervisors. With BitLocker Network Unlock, IT administrators can push an update without concerns that a computer is waiting for PIN entry.
+Antimalware software can use the boot measurements of the operating system start state to prove the integrity of a computer running Windows 10 or Windows 11 or Windows Server 2016. These measurements include the launch of Hyper-V to test that datacenters using virtualization are not running untrusted hypervisors. With BitLocker Network Unlock, IT administrators can push an update without concerns that a computer is waiting for PIN entry.
 
 The TPM has several Group Policy settings that might be useful in certain enterprise scenarios. For more info, see [TPM Group Policy Settings](trusted-platform-module-services-group-policy-settings.md).
 
@@ -95,5 +95,5 @@ Some things that you can check on the device are:
 - [Prepare your organization for BitLocker: Planning and Policies - TPM configurations](../bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md)
 - [Azure device provisioning: Identity attestation with TPM](https://azure.microsoft.com/blog/device-provisioning-identity-attestation-with-tpm/)
 - [Azure device provisioning: A manufacturing timeline for TPM devices](https://azure.microsoft.com/blog/device-provisioning-a-manufacturing-timeline-for-tpm-devices/)
-- [Windows 10 and Windows 11: Enabling vTPM (Virtual TPM)](https://social.technet.microsoft.com/wiki/contents/articles/34431.windows-10-enabling-vtpm-virtual-tpm.aspx)
+- [Windows 10: Enabling vTPM (Virtual TPM)](https://social.technet.microsoft.com/wiki/contents/articles/34431.windows-10-enabling-vtpm-virtual-tpm.aspx)
 - [How to Multiboot with Bitlocker, TPM, and a Non-Windows OS](https://social.technet.microsoft.com/wiki/contents/articles/9528.how-to-multiboot-with-bitlocker-tpm-and-a-non-windows-os.aspx)
diff --git a/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md b/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
index 3ad73295ac..13b87d24b2 100644
--- a/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
+++ b/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
@@ -72,8 +72,7 @@ The following table shows the TPM owner authorization values in the registry.
 
 If you enable this policy setting, the Windows operating system will store the TPM owner authorization in the registry of the local computer according to the TPM authentication setting you choose.
 
-On Windows 10 prior to version 1607, if you disable or do not configure this policy setting, and the **Turn on TPM backup to Active Directory Domain Services** policy setting is also disabled or not configured, the default setting is to store the full TPM authorization value in the local registry. If this policy is disabled or not
-configured, and the **Turn on TPM backup to Active Directory Domain Services** policy setting is enabled, only the administrative delegation and the user delegation blobs are stored in the local registry.
+On Windows 10 prior to version 1607, if you disable or do not configure this policy setting, and the **Turn on TPM backup to Active Directory Domain Services** policy setting is also disabled or not configured, the default setting is to store the full TPM authorization value in the local registry. If this policy is disabled or not configured, and the **Turn on TPM backup to Active Directory Domain Services** policy setting is enabled, only the administrative delegation and the user delegation blobs are stored in the local registry.
 
 ## Standard User Lockout Duration
 
@@ -120,7 +119,7 @@ If you do not configure this policy setting, a default value of 9 is used. A val
 
 ## Configure the system to use legacy Dictionary Attack Prevention Parameters setting for TPM 2.0
 
-Introduced in Windows 10, version 1703, or Windows 11, this policy setting configures the TPM to use the Dictionary Attack Prevention Parameters (lockout threshold and recovery time) to the values that were used for Windows 10 Version 1607 and below. 
+Introduced in Windows 10, version 1703, this policy setting configures the TPM to use the Dictionary Attack Prevention Parameters (lockout threshold and recovery time) to the values that were used for Windows 10 Version 1607 and below. 
 
 > [!IMPORTANT]
 > Setting this policy will take effect only if:  

From 855ef33cb46f46d005cee0d2dce72be5eb0182b6 Mon Sep 17 00:00:00 2001
From: Alekhya Jupudi <v-aljupudi@microsoft.com>
Date: Tue, 7 Sep 2021 10:40:47 +0530
Subject: [PATCH 118/671] 5358700- Batch 02- Windows 11 Update

WINDOWS: Hello for Business update for W11- Batch02
---
 .../hello-for-business/hello-how-it-works.md      |  3 ++-
 .../hello-hybrid-aadj-sso-base.md                 |  9 +++++----
 .../hello-hybrid-aadj-sso-cert.md                 |  4 +++-
 .../hello-for-business/hello-hybrid-aadj-sso.md   |  1 +
 .../hello-hybrid-cert-new-install.md              |  3 ++-
 .../hello-hybrid-cert-trust-devreg.md             |  5 +++--
 .../hello-hybrid-cert-trust-prereqs.md            |  3 ++-
 .../hello-for-business/hello-hybrid-cert-trust.md |  1 +
 .../hello-hybrid-cert-whfb-provision.md           |  1 +
 .../hello-hybrid-cert-whfb-settings-ad.md         |  1 +
 .../hello-hybrid-cert-whfb-settings-adfs.md       |  1 +
 .../hello-hybrid-cert-whfb-settings-dir-sync.md   |  1 +
 .../hello-hybrid-cert-whfb-settings-pki.md        |  3 ++-
 .../hello-hybrid-cert-whfb-settings-policy.md     |  9 +++++----
 .../hello-hybrid-cert-whfb-settings.md            |  1 +
 .../hello-hybrid-key-new-install.md               |  1 +
 .../hello-hybrid-key-trust-devreg.md              |  1 +
 .../hello-hybrid-key-trust-dirsync.md             |  1 +
 .../hello-hybrid-key-trust-prereqs.md             |  5 +++--
 .../hello-for-business/hello-hybrid-key-trust.md  |  1 +
 .../hello-hybrid-key-whfb-provision.md            |  1 +
 .../hello-hybrid-key-whfb-settings-ad.md          |  1 +
 .../hello-hybrid-key-whfb-settings-dir-sync.md    |  1 +
 .../hello-hybrid-key-whfb-settings-pki.md         |  1 +
 .../hello-hybrid-key-whfb-settings-policy.md      | 15 ++++++++-------
 25 files changed, 50 insertions(+), 24 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md
index 609a2a0954..bb2aa67448 100644
--- a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md
+++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md
@@ -20,6 +20,7 @@ ms.reviewer:
 **Applies to**
 
 - Windows 10
+- Windows 11
 
 Windows Hello for Business is a modern, two-factor credential that is the more secure alternative to passwords. Whether you are cloud or on-premises, Windows Hello for Business has a deployment option for you. For cloud deployments, you can use Windows Hello for Business with Azure Active Directory joined, Hybrid Azure Active Directory joined, or Azure Active Directory registered devices. Windows Hello for Business also works for domain joined devices.
 
@@ -48,7 +49,7 @@ For more information read [how provisioning works](hello-how-it-works-provisioni
 
 ### Authentication
 
-With the device registered and provisioning complete, users can sign-in to Windows 10 using biometrics or a PIN. PIN is the most common gesture and is available on all computers unless restricted by policy requiring a TPM. Regardless of the gesture used, authentication occurs using the private portion of the Windows Hello for Business credential. Neither the PIN nor the private portion of the credential are ever sent to the identity provider, and the PIN is not stored on the device. It is user provided entropy when performing operations that use the private portion of the credential.
+With the device registered and provisioning complete, users can sign-in to Windows using biometrics or a PIN. PIN is the most common gesture and is available on all computers unless restricted by policy requiring a TPM. Regardless of the gesture used, authentication occurs using the private portion of the Windows Hello for Business credential. Neither the PIN nor the private portion of the credential are ever sent to the identity provider, and the PIN is not stored on the device. It is user provided entropy when performing operations that use the private portion of the credential.
 
 Watch Matthew Palko and Ravi Vennapusa explain how Windows Hello for Business authentication works.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
index 13246cec6f..f8b221e861 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
@@ -21,6 +21,7 @@ ms.reviewer:
 **Applies to**
 
 - Windows 10
+- Windows 11
 - Azure Active Directory joined
 - Hybrid Deployment
 - Key trust model
@@ -50,7 +51,7 @@ You can use the **dsregcmd.exe** command to determine if your device is register
 
 ### CRL Distribution Point (CDP)
 
-Certificates issued by a certificate authority can be revoked.  When a certificate authority revokes as certificate, it writes information about the certificate into a revocation list.  During certificate validation, Windows 10 consults the CRL distribution point within the certificate to get a list of revoked certificates.  Validation compares the current certificate with information in the certificate revocation list to determine if the certificate remains valid.  
+Certificates issued by a certificate authority can be revoked.  When a certificate authority revokes as certificate, it writes information about the certificate into a revocation list.  During certificate validation, Windows consults the CRL distribution point within the certificate to get a list of revoked certificates.  Validation compares the current certificate with information in the certificate revocation list to determine if the certificate remains valid.  
 
 ![Domain Controller Certificate with LDAP CDP.](images/aadj/Certificate-CDP.png)
 
@@ -75,7 +76,7 @@ Certificate authorities write CRL distribution points in certificates as they ar
 
 #### Why does Windows need to validate the domain controller certificate?
 
-Windows Hello for Business enforces the strict KDC validation security feature when authenticating from an Azure AD joined device to a domain. This enforcement imposes more restrictive criteria that must be met by the Key Distribution Center (KDC). When authenticating using Windows Hello for Business on an Azure AD joined device, the Windows 10 client validates the reply from the domain controller by ensuring all of the following are met:
+Windows Hello for Business enforces the strict KDC validation security feature when authenticating from an Azure AD joined device to a domain. This enforcement imposes more restrictive criteria that must be met by the Key Distribution Center (KDC). When authenticating using Windows Hello for Business on an Azure AD joined device, the Windows client validates the reply from the domain controller by ensuring all of the following are met:
 
 - The domain controller has the private key for the certificate provided.
 - The root CA that issued the domain controller's certificate is in the device's **Trusted Root Certificate Authorities**.
@@ -315,7 +316,7 @@ Sign-in a workstation with access equivalent to a _domain user_.
 7. Select **Required** next to **Use a Trusted Platform Module (TPM)**. By default, Windows Hello for Business prefers TPM 2.0 or falls backs to software. Choosing **Required** forces Windows Hello for Business to only use TPM 2.0 or TPM 1.2 and does not allow fall back to software-based keys.
 8. Enter the desired **Minimum PIN length** and **Maximum PIN length**.
     > [!IMPORTANT]
-    > The default minimum PIN length for Windows Hello for Business on Windows 10 is six.  Microsoft Intune defaults the minimum PIN length to four, which reduces the security of the user's PIN.  If you do not have a desired PIN length, set the minimum PIN length to six.
+    > The default minimum PIN length for Windows Hello for Business on Windows 10 and Windows 11 is six.  Microsoft Intune defaults the minimum PIN length to four, which reduces the security of the user's PIN.  If you do not have a desired PIN length, set the minimum PIN length to six.
 
 9. Select the appropriate configuration for the following settings:
     * **Lowercase letters in PIN**
@@ -325,7 +326,7 @@ Sign-in a workstation with access equivalent to a _domain user_.
     * **Remember PIN history**
     
     > [!NOTE]
-    > The Windows Hello for Business PIN is not a symmetric key (a password).  A copy of the current PIN is not stored locally or on a server like in the case of passwords.  Making the PIN as complex and changed frequently as a password increases the likelihood of forgotten PINs.  Additionally, enabling PIN history is the only scenario that requires Windows 10 to store older PIN combinations (protected to the current PIN). Windows Hello for Business combined with a TPM provides anti-hammering functionality that prevents brute force attacks of the user's PIN.  If you are concerned with user-to-user shoulder surfacing, rather that forcing complex PIN that change frequently, consider using the [Multifactor Unlock](feature-multifactor-unlock.md) feature.
+    > The Windows Hello for Business PIN is not a symmetric key (a password).  A copy of the current PIN is not stored locally or on a server like in the case of passwords.  Making the PIN as complex and changed frequently as a password increases the likelihood of forgotten PINs.  Additionally, enabling PIN history is the only scenario that requires Windows to store older PIN combinations (protected to the current PIN). Windows Hello for Business combined with a TPM provides anti-hammering functionality that prevents brute force attacks of the user's PIN.  If you are concerned with user-to-user shoulder surfacing, rather that forcing complex PIN that change frequently, consider using the [Multifactor Unlock](feature-multifactor-unlock.md) feature.
 
 10. Select **Yes** next to **Allow biometric authentication** if you want to allow users to use biometrics (fingerprint and/or facial recognition) to unlock the device. To further secure the use of biometrics, select **Yes** to **Use enhanced anti-spoofing, when available**.
 11. Select **No** to **Allow phone sign-in**. This feature has been deprecated.
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
index e4ada9da90..3015f1321f 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
@@ -20,7 +20,9 @@ ms.reviewer:
 # Using Certificates for AADJ On-premises Single-sign On
 
 **Applies to:**
+
 - Windows 10
+- Windows 11
 - Azure Active Directory joined
 - Hybrid Deployment
 - Certificate trust
@@ -205,7 +207,7 @@ Sign-in to the issuing certificate authority or management workstations with _Do
 10. Click on the **Apply** to save changes and close the console.
 
 ### Create an Azure AD joined Windows Hello for Business authentication certificate template
-During Windows Hello for Business provisioning,  Windows 10 requests an authentication certificate from Microsoft Intune, which requests the authentication certificate on behalf of the user.  This task configures the Windows Hello for Business authentication certificate template.  You use the name of the certificate template when configuring the NDES Server.
+During Windows Hello for Business provisioning,  Windows requests an authentication certificate from Microsoft Intune, which requests the authentication certificate on behalf of the user.  This task configures the Windows Hello for Business authentication certificate template.  You use the name of the certificate template when configuring the NDES Server.
 
 Sign in a certificate authority or management workstations with _Domain Admin equivalent_ credentials.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md
index 4eed2e7435..cb23b1e6a7 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md
@@ -20,6 +20,7 @@ ms.reviewer:
 
 **Applies to**
 -   Windows 10
+-   Windows 11
 -   Azure Active Directory joined
 -   Hybrid deployment
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md
index 00aa120b98..c9afa19802 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md
@@ -1,6 +1,6 @@
 ---
 title: Hybrid Azure AD joined Windows Hello for Business Trust New Installation (Windows Hello for Business)
-description: Learn about new installations for Windows Hello for Business certificate trust and the various technologies hybrid certificate trust depoyments rely on.
+description: Learn about new installations for Windows Hello for Business certificate trust and the various technologies hybrid certificate trust deployments rely on.
 keywords: identity, PIN, biometric, Hello, passport, WHFB
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -20,6 +20,7 @@ ms.reviewer:
 
 **Applies to**
 -   Windows 10, version 1703 or later
+-   Windows 11
 -   Hybrid deployment
 -   Certificate trust
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
index 9e100bc146..f4b0f9a22f 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
@@ -20,6 +20,7 @@ ms.reviewer:
 
 **Applies to**
 -  Windows 10, version 1703 or later
+-  Windows 11
 -  Hybrid deployment
 -  Certificate trust
 
@@ -147,7 +148,7 @@ The above PSH creates the following objects:
 ![Device Registration.](images/hybridct/device5.png) 
 
 ### Create Service Connection Point (SCP) in Active Directory  
-If you plan to use Windows 10 domain join (with automatic registration to Azure AD) as described here, execute the following commands to create a service connection point in AD DS  
+If you plan to use Windows domain join (with automatic registration to Azure AD) as described here, execute the following commands to create a service connection point in AD DS  
 1.  Open Windows PowerShell and execute the following:
 
     `PS C:>Import-Module -Name "C:\Program Files\Microsoft Azure Active Directory Connect\AdPrep\AdSyncPrep.psm1"` 
@@ -169,7 +170,7 @@ If you plan to use Windows 10 domain join (with automatic registration to Azure
 
 Where the [AD connector account name] is the name of the account you configured in Azure AD Connect when adding your on-premises AD DS directory.
 
-The above commands enable Windows 10 clients to find the correct Azure AD domain to join by creating the serviceConnectionpoint object in AD DS.  
+The above commands enable Windows clients to find the correct Azure AD domain to join by creating the serviceConnectionpoint object in AD DS.  
 
 ### Prepare AD for Device Write Back   
 To ensure AD DS objects and containers are in the correct state for write back of devices from Azure AD, do the following.
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
index 28ff8d49c6..228747d35b 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
@@ -20,6 +20,7 @@ ms.reviewer:
 
 **Applies to**
 -   Windows 10, version 1703 or later
+-   Windows 11
 -   Hybrid deployment
 -   Certificate trust
 
@@ -56,7 +57,7 @@ Review these requirements and those from the Windows Hello for Business planning
 <br>
 
 ## Public Key Infrastructure ##
-The Windows Hello for Business deployment depends on an enterprise public key infrastructure as trust anchor for authentication. Domain controllers for hybrid deployments need a certificate in order for Windows 10 devices to trust the domain controller.
+The Windows Hello for Business deployment depends on an enterprise public key infrastructure as trust anchor for authentication. Domain controllers for hybrid deployments need a certificate in order for Windows devices to trust the domain controller.
  
 Certificate trust deployments need an enterprise public key infrastructure and a certificate registration authority to issue authentication certificates to users.  When using Group Policy, hybrid certificate trust deployment uses the Windows Server 2016 Active Directory Federation Server (AD FS) as a certificate registration authority.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md
index 4de8c1ff50..9cd1d4350b 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md
@@ -20,6 +20,7 @@ ms.reviewer:
 
 **Applies to**
 -   Windows 10, version 1703 or later
+-   Windows 11
 -   Hybrid deployment
 -   Certificate trust
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md
index 35bd16ed3e..f1dc22e50f 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md
@@ -20,6 +20,7 @@ ms.reviewer:
 
 **Applies to**
 -   Windows 10, version 1703 or later
+-   Windows 11
 -   Hybrid deployment
 -   Certificate trust
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md
index eeb5ed60a9..2a261013b9 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md
@@ -20,6 +20,7 @@ ms.reviewer:
 
 **Applies to**
 -   Windows 10, version 1703 or later
+-   Windows 11
 -   Hybrid deployment
 -   Certificate trust
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md
index 880a1fa1cc..398d31c3d6 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md
@@ -21,6 +21,7 @@ ms.reviewer:
 **Applies to**
 
 - Windows 10, version 1703 or later
+- Windows 11
 - Hybrid deployment
 - Certificate trust
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md
index b835c4fad1..0c1a2514f6 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md
@@ -21,6 +21,7 @@ ms.reviewer:
 
 **Applies to**
 - Windows 10, version 1703 or later
+- Windows 11
 - Hybrid deployment
 - Certificate Trust
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
index 98cb3003ec..b9a791e77a 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
@@ -22,6 +22,7 @@ ms.reviewer:
 **Applies to**
 
 - Windows 10, version 1703 or later
+- Windows 11
 - Hybrid Deployment
 - Certificate Trust
 
@@ -164,7 +165,7 @@ Sign-in to a certificate authority or management workstation with *Domain Admin*
 
 ### Creating Windows Hello for Business authentication certificate template
 
-During Windows Hello for Business provisioning, a Windows 10 client requests an authentication certificate from the Active Directory Federation Service, which requests an authentication certificate on behalf of the user. This task configures the Windows Hello for Business authentication certificate template. You set the name of the certificate template when configuring it.
+During Windows Hello for Business provisioning, a Windows client requests an authentication certificate from the Active Directory Federation Service, which requests an authentication certificate on behalf of the user. This task configures the Windows Hello for Business authentication certificate template. You set the name of the certificate template when configuring it.
 
 Sign-in to a certificate authority or management workstation with _Domain Admin equivalent_ credentials.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md
index 9ddd57ccd7..ba312d832b 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md
@@ -20,14 +20,15 @@ ms.reviewer:
 
 **Applies to**
 -   Windows 10, version 1703 or later
+-   Windows 11
 -   Hybrid deployment
 -   Certificate trust
 
 
 ## Policy Configuration
 
-You need a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings.  To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows 10. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520).
-Install the Remote Server Administration Tools for Windows 10 on a computer running Windows 10, version 1703.
+You need at least a  Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings.  To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520).
+Install the Remote Server Administration Tools for Windows on a computer running Windows 10, version 1703 or later.
 
 Alternatively, you can create copy the .ADMX and .ADML files from a Windows 10 Creators Edition (1703) to their respective language folder on a Windows Server or you can create a Group Policy Central Store and copy them their respective language folder. See [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administrative-templates-in-windows) for more information.
 
@@ -161,9 +162,9 @@ The default Windows Hello for Business enables users to enroll and use biometric
 
 ### PIN Complexity
 
-PIN complexity is not specific to Windows Hello for Business. Windows 10 enables users to use PINs outside of Windows Hello for Business. PIN Complexity Group Policy settings apply to all uses of PINs, even when Windows Hello for Business is not deployed. 
+PIN complexity is not specific to Windows Hello for Business. Windows enables users to use PINs outside of Windows Hello for Business. PIN Complexity Group Policy settings apply to all uses of PINs, even when Windows Hello for Business is not deployed. 
 
-Windows 10 provides eight PIN Complexity Group Policy settings that give you granular control over PIN creation and management. You can deploy these policy settings to computers, where they affect all users creating PINs on that computer; or, you can deploy these settings to users, where they affect those users creating PINs regardless of the computer they use.  If you deploy both computer and user PIN complexity Group Policy settings, the user policy settings have precedence over computer policy settings. Also, this conflict resolution is based on the last applied policy. Windows does not merge the policy settings automatically; however, you can deploy Group Policy to provide to accomplish a variety of configurations.  The policy settings included are:
+Windows provides eight PIN Complexity Group Policy settings that give you granular control over PIN creation and management. You can deploy these policy settings to computers, where they affect all users creating PINs on that computer; or, you can deploy these settings to users, where they affect those users creating PINs regardless of the computer they use.  If you deploy both computer and user PIN complexity Group Policy settings, the user policy settings have precedence over computer policy settings. Also, this conflict resolution is based on the last applied policy. Windows does not merge the policy settings automatically; however, you can deploy Group Policy to provide to accomplish a variety of configurations.  The policy settings included are:
 * Require digits
 * Require lowercase letters
 * Maximum PIN length
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md
index 73d00fcc58..a56e989ba6 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md
@@ -20,6 +20,7 @@ ms.reviewer:
 
 **Applies to**
 -   Windows 10, version 1703 or later
+-   Windows 11
 -   Hybrid deployment
 -   Certificate trust
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md
index a72c7e9f5e..bb3de61241 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md
@@ -20,6 +20,7 @@ ms.reviewer:
 
 **Applies to**
 -   Windows 10, version 1703 or later
+-   Windows 11
 -   Hybrid deployment
 -   Key trust
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md
index 741d1cd8fc..713fcd89a5 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md
@@ -20,6 +20,7 @@ ms.reviewer:
 
 **Applies to**
 -  Windows 10, version 1703 or later
+-  Windows 11
 -  Hybrid deployment
 -  Key trust
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md
index a74ecbe0cb..5acfb06f68 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md
@@ -20,6 +20,7 @@ ms.reviewer:
 
 **Applies to**
 -  Windows 10, version 1703 or later
+-  Windows 11
 -  Hybrid deployment
 -  Key trust
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
index b245d6282d..95442ae6dd 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
@@ -20,6 +20,7 @@ ms.reviewer:
 
 **Applies to**
 -   Windows 10, version 1703 or later
+-   Windows 11
 -   Hybrid deployment
 -   Key trust
 
@@ -31,7 +32,7 @@ The distributed systems on which these technologies were built involved several
 * [Public Key Infrastructure](#public-key-infrastructure)
 * [Directory Synchronization](#directory-synchronization)
 * [Federation](#federation-with-azure)
-* [MultiFactor Authentication](#multifactor-authentication)
+* [Multifactor authentication](#multifactor-authentication)
 * [Device Registration](#device-registration)
   
 ## Directories
@@ -61,7 +62,7 @@ Review these requirements and those from the Windows Hello for Business planning
 <br>
 
 ## Public Key Infrastructure
-The Windows Hello for Business deployment depends on an enterprise public key infrastructure as trust anchor for authentication. Domain controllers for hybrid deployments need a certificate in order for Windows 10 devices to trust the domain controller.
+The Windows Hello for Business deployment depends on an enterprise public key infrastructure as trust anchor for authentication. Domain controllers for hybrid deployments need a certificate in order for Windows devices to trust the domain controller.
 
 Key trust deployments do not need client issued certificates for on-premises authentication.  Active Directory user accounts are automatically configured for public key mapping by Azure AD Connect synchronizing the public key of the registered Windows Hello for Business credential to an attribute on the user's Active Directory object.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md
index d8a1b0a961..93903312e5 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md
@@ -21,6 +21,7 @@ ms.reviewer:
 **Applies to**
 
 - Windows 10, version 1703 or later
+- Windows 11
 - Hybrid deployment
 - Key trust
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
index e60e0b15f0..8d412b86f0 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
@@ -20,6 +20,7 @@ ms.reviewer:
 
 **Applies to**
 -   Windows 10, version 1703 or later
+-   Windows 11
 -   Hybrid deployment
 -   Key trust
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md
index c34af8b4ca..0f8a916c18 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md
@@ -20,6 +20,7 @@ ms.reviewer:
 
 **Applies to**
 -   Windows 10, version 1703 or later
+-   Windows 11
 -   Hybrid deployment
 -   Key trust
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md
index b5a7d75097..28f3658a43 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md
@@ -20,6 +20,7 @@ ms.reviewer:
 
 **Applies to**
 -   Windows 10, version 1703 or later
+-   Windows 11
 -   Hybrid deployment
 -   Key trust
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md
index 11ea807b5c..bc2ae4f46c 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md
@@ -22,6 +22,7 @@ ms.reviewer:
 **Applies to**
 
 - Windows 10, version 1703 or later
+- Windows 11
 - Hybrid Deployment
 - Key trust
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md
index 4e90347c72..3cdd96f898 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md
@@ -20,20 +20,21 @@ ms.reviewer:
 
 **Applies to**
 -   Windows 10, version 1703 or later
+-   Windows 11
 -   Hybrid deployment
 -   Key trust
 
 
 ## Policy Configuration
 
-You need a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings.  To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows 10. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520).
-Install the Remote Server Administration Tools for Windows 10 on a computer running Windows 10, version 1703.
+You need at least a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings.  To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520).
+Install the Remote Server Administration Tools for Windows on a computer running Windows 10, version 1703 or later.
 
 Alternatively, you can create copy the .ADMX and .ADML files from a Windows 10 Creators Edition (1703) to their respective language folder on a Windows Server or you can create a Group Policy Central Store and copy them their respective language folder. See [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administrative-templates-in-windows) for more information.
 
 Domain controllers of Windows Hello for Business deployments need one Group Policy setting, which enables automatic certificate enrollment for the newly create domain controller authentication certificate. This policy setting ensures domain controllers (new and existing) automatically request and renew the correct domain controller certificate.  
 
-Hybrid Azure AD joined devices needs one Group Policy settings:
+Hybrid Azure AD joined devices needs one Group Policy setting:
 * Enable Windows Hello for Business
 
 ### Configure Domain Controllers for Automatic Certificate Enrollment
@@ -75,7 +76,7 @@ Sign-in a domain controller or management workstations with _Domain Admin_ equiv
 The Windows Hello for Business Group Policy object delivers the correct Group Policy settings to the user, which enables them to enroll and use Windows Hello for Business to authenticate to Azure and Active Directory
 
 > [!NOTE]
-> If you deployed Windows Hello for Business configuration using both Group Policy and Microsoft Intune, Group Policy settings will take precedence and Intune settings will be ignored. For more details about deploying Windows Hello for Business configuration using Microsoft Intune, see [Windows 10 device settings to enable Windows Hello for Business in Intune](/mem/intune/protect/identity-protection-windows-settings) and [PassportForWork CSP](/windows/client-management/mdm/passportforwork-csp). For more details about policy conflicts, see [Policy conflicts from multiple policy sources](./hello-manage-in-organization.md#policy-conflicts-from-multiple-policy-sources)
+> If you deployed Windows Hello for Business configuration using both Group Policy and Microsoft Intune, Group Policy settings will take precedence and Intune settings will be ignored. For more details about deploying Windows Hello for Business configuration using Microsoft Intune, see [Windows device settings to enable Windows Hello for Business in Intune](/mem/intune/protect/identity-protection-windows-settings) and [PassportForWork CSP](/windows/client-management/mdm/passportforwork-csp). For more details about policy conflicts, see [Policy conflicts from multiple policy sources](./hello-manage-in-organization.md#policy-conflicts-from-multiple-policy-sources)
 
 #### Enable Windows Hello for Business
 
@@ -139,12 +140,12 @@ The default Windows Hello for Business enables users to enroll and use biometric
 
 ### PIN Complexity
 
-PIN complexity is not specific to Windows Hello for Business. Windows 10 enables users to use PINs outside of Windows Hello for Business. PIN Complexity Group Policy settings apply to all uses of PINs, even when Windows Hello for Business is not deployed.
+PIN complexity is not specific to Windows Hello for Business. Windows enables users to use PINs outside of Windows Hello for Business. PIN Complexity Group Policy settings apply to all uses of PINs, even when Windows Hello for Business is not deployed.
 
 >[!IMPORTANT]
-> Windows 10, version 1703, the PIN complexity Group Policy settings have moved to remove misunderstanding that PIN complexity policy settings were exclusive to Windows Hello for Business. The new location of these Group Policy settings is under **Computer Configuration\Administrative Templates\System\PIN Complexity**  of the Group Policy editor.
+> Starting from Windows 10, version 1703, the PIN complexity Group Policy settings have moved to remove misunderstanding that PIN complexity policy settings were exclusive to Windows Hello for Business. The new location of these Group Policy settings is under **Computer Configuration\Administrative Templates\System\PIN Complexity**  of the Group Policy editor.
 
-Windows 10 provides eight PIN Complexity Group Policy settings that give you granular control over PIN creation and management. You can deploy these policy settings to computers, where they affect all users creating PINs on that computer; or, you can deploy these settings to users, where they affect those users creating PINs regardless of the computer they use.  If you deploy both computer and user PIN complexity Group Policy settings, the user policy settings have precedence over computer policy settings. Also, this conflict resolution is based on the last applied policy. Windows does not merge the policy settings automatically; however, you can deploy Group Policy to provide to accomplish a variety of configurations.  The policy settings included are:
+Windows provides eight PIN Complexity Group Policy settings that give you granular control over PIN creation and management. You can deploy these policy settings to computers, where they affect all users creating PINs on that computer; or, you can deploy these settings to users, where they affect those users creating PINs regardless of the computer they use.  If you deploy both computer and user PIN complexity Group Policy settings, the user policy settings have precedence over computer policy settings. Also, this conflict resolution is based on the last applied policy. Windows does not merge the policy settings automatically; however, you can deploy Group Policy to provide to accomplish a variety of configurations.  The policy settings included are:
 * Require digits
 * Require lowercase letters
 * Maximum PIN length

From 59f9c804e7f86766ef7a44d0c1777476f7af1e16 Mon Sep 17 00:00:00 2001
From: Alekhya Jupudi <v-aljupudi@microsoft.com>
Date: Tue, 7 Sep 2021 11:43:47 +0530
Subject: [PATCH 119/671] 5358700- Batch 03- Windows 11 Update

WINDOWS: Hello for Business update for W11- Batch03
---
 .../hello-for-business/WebAuthnAPIs.md         | 18 +++++++++---------
 .../hello-hybrid-key-whfb-settings.md          |  1 +
 .../hello-identity-verification.md             |  4 ++--
 .../hello-for-business/hello-key-trust-adfs.md |  1 +
 .../hello-key-trust-policy-settings.md         | 11 ++++++-----
 .../hello-key-trust-validate-ad-prereq.md      |  1 +
 .../hello-key-trust-validate-deploy-mfa.md     |  5 +++--
 .../hello-key-trust-validate-pki.md            |  3 ++-
 .../hello-manage-in-organization.md            |  3 ++-
 .../hello-for-business/hello-overview.md       |  7 ++++---
 .../hello-for-business/hello-planning-guide.md |  9 +++++----
 .../hello-prepare-people-to-use.md             |  3 ++-
 .../hello-for-business/hello-videos.md         |  3 ++-
 .../hello-why-pin-is-better-than-password.md   |  3 ++-
 .../microsoft-compatible-security-key.md       |  2 +-
 .../passwordless-strategy.md                   |  8 ++++----
 .../hello-for-business/reset-security-key.md   |  6 +++---
 17 files changed, 50 insertions(+), 38 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md b/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md
index 9d0f10190e..46ae044e8f 100644
--- a/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md
+++ b/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md
@@ -15,31 +15,31 @@ localizationpriority: medium
 ms.date: 02/15/2019
 ms.reviewer: 
 ---
-# WebAuthn APIs for password-less authentication on Windows 10 
+# WebAuthn APIs for password-less authentication on Windows 
 
 
-### Passwords leave your customers vulnerable. With the new WebAuthn APIs, your sites and apps can leverage password-less authentication.
+### Passwords leave your customers vulnerable. With the new WebAuthn APIs, your sites and apps can use password-less authentication.
 
 Microsoft has long been a proponent to do away with passwords.
 While working towards that goal, we'd like to introduce you to the latest Windows 10 (version 1903) W3C/FIDO2 Win32 WebAuthn platform APIs!
-These APIs allow Microsoft developer partners and the developer community to leverage Windows Hello and FIDO2 security keys
-as a password-less authentication mechanism for their applications on Windows 10 devices. 
+These APIs allow Microsoft developer partners and the developer community to use Windows Hello and FIDO2 security keys
+as a password-less authentication mechanism for their applications on Windows devices. 
 
 #### What does this mean?
-This opens opportunities for developers or relying parties (RPs) to enable password-less authentication.
-They can now leverage [Windows Hello](./index.yml) or [FIDO2 Security Keys](./microsoft-compatible-security-key.md)
+This opens opportunities for developers or relying parties (RPs') to enable password-less authentication.
+They can now use [Windows Hello](./index.yml) or [FIDO2 Security Keys](./microsoft-compatible-security-key.md)
 as a password-less multi-factor credential for authentication.  
 <br>
 Users of these sites can use any browser that supports WebAuthn Windows 10 APIs for password-less authentication
- and will have a familiar and consistent experience on Windows 10, no matter which browser they use to get to the RPs site!
+ and will have a familiar and consistent experience on Windows 10, no matter which browser they use to get to the RPs' site!
 <br> <br>
 The native Windows 10 WebAuthn APIs are currently supported by Microsoft Edge on Windows 10 1809 or later
  and latest versions of other browsers.
 <br> <br>
 Developers of FIDO2 authentication keys should use the new Windows 10 APIs, to enable these scenarios in a consistent way for users.
- Moreover, this enables the use of all the transports available per FIDO2 specifications - USB, NFC and BLE
+ Moreover, this enables the use of all the transports available per FIDO2 specifications - USB, NFC, and BLE
  without having to deal with the interaction and management overhead. 
-This also implies browsers or apps on Windows 10 will no longer have direct access to above transports for FIDO related messaging. 
+This also implies browsers or apps on Windows 10 will no longer have direct access to above transports for FIDO-related messaging. 
 
 #### Where can developers learn more?
 The new Windows 10 APIs are documented on [GitHub](https://github.com/Microsoft/webauthn)
\ No newline at end of file
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md
index 72ae9b3df4..b4a6ed10da 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md
@@ -20,6 +20,7 @@ ms.reviewer:
 
 **Applies to**
 -   Windows 10, version 1703 or later
+-   Windows 11
 -   Hybrid deployment
 -   Key trust
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
index ddb05b73ac..3660d85201 100644
--- a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
+++ b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
@@ -24,10 +24,10 @@ This article lists the infrastructure requirements for the different deployment
 
 ## Cloud Only Deployment
 
-* Windows 10, version 1511 or later
+* Windows 10, version 1511 or later, or Windows 11
 * Microsoft Azure Account
 * Azure Active Directory
-* Azure AD Multi-Factor Authentication
+* Azure AD Multifactor Authentication
 * Modern Management (Intune or supported third-party MDM), *optional*
 * Azure AD Premium subscription - *optional*, needed for automatic MDM enrollment when the device joins Azure Active Directory
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
index 4e83f31ec3..2a99ae368d 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
@@ -20,6 +20,7 @@ ms.reviewer:
 
 **Applies to**
 -   Windows 10, version 1703 or later
+-   Windows 11
 -   On-premises deployment
 -   Key trust
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md
index 8042bad1d8..2999718adb 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md
@@ -20,12 +20,13 @@ ms.reviewer:
 
 **Applies to**
 -   Windows 10, version 1703 or later
+-   Windows 11
 -   On-premises deployment
 -   Key trust
 
 
-You need a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings.  To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows 10. You can download these tools from [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520).
-Install the Remote Server Administration Tools for Windows 10 on a computer running Windows 10, version 1703.
+You need at least a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings.  To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows. You can download these tools from [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520).
+Install the Remote Server Administration Tools for Windows on a computer running Windows 10, version 1703 or later.
 
 Alternatively, you can create a copy of the .ADMX and .ADML files from a Windows 10, version 1703 installation setup template folder to their respective language folder on a Windows Server, or you can create a Group Policy Central Store and copy them their respective language folder. See [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administrative-templates-in-windows) for more information.
 
@@ -35,7 +36,7 @@ On-premises certificate-based deployments of Windows Hello for Business needs on
 
 The Group Policy setting determines whether users are allowed, and prompted, to enroll for Windows Hello for Business. It can be configured for computers or users. 
 
-If you configure the Group Policy for computers, all users that sign-in to those computers will be allowed and prompted to enroll for Windows Hello for Business. If you configure the Group Policy for users, only those users will be allowed and prompted to enroll for Windows Hello for Business. For these settings to be configured using GPO, you need to download and install the latest Administrative Templates (.admx) for Windows 10. 
+If you configure the Group Policy for computers, all users that sign-in to those computers will be allowed and prompted to enroll for Windows Hello for Business. If you configure the Group Policy for users, only those users will be allowed and prompted to enroll for Windows Hello for Business. For these settings to be configured using GPO, you need to download and install the latest Administrative Templates (.admx) for Windows.
 
 
 ## Create the Windows Hello for Business Group Policy object
@@ -92,9 +93,9 @@ The default Windows Hello for Business enables users to enroll and use biometric
 
 ### PIN Complexity
 
-PIN complexity is not specific to Windows Hello for Business. Windows 10 enables users to use PINs outside of Windows Hello for Business. PIN Complexity Group Policy settings apply to all uses of PINs, even when Windows Hello for Business is not deployed. 
+PIN complexity is not specific to Windows Hello for Business. Windows enables users to use PINs outside of Windows Hello for Business. PIN Complexity Group Policy settings apply to all uses of PINs, even when Windows Hello for Business is not deployed. 
 
-Windows 10 provides eight PIN Complexity Group Policy settings that give you granular control over PIN creation and management. You can deploy these policy settings to computers, where they affect all users creating PINs on that computer; or, you can deploy these settings to users, where they affect those users creating PINs regardless of the computer they use.  If you deploy both computer and user PIN complexity Group Policy settings, the user policy settings have precedence over computer policy settings. Also, this conflict resolution is based on the last applied policy. Windows does not merge the policy settings automatically; however, you can deploy Group Policy to provide to accomplish a variety of configurations.  The policy settings included are:
+Windows provides eight PIN Complexity Group Policy settings that give you granular control over PIN creation and management. You can deploy these policy settings to computers, where they affect all users creating PINs on that computer; or, you can deploy these settings to users, where they affect those users creating PINs regardless of the computer they use.  If you deploy both computer and user PIN complexity Group Policy settings, the user policy settings have precedence over computer policy settings. Also, this conflict resolution is based on the last applied policy. Windows does not merge the policy settings automatically; however, you can deploy Group Policy to provide to accomplish a variety of configurations.  The policy settings included are:
 * Require digits
 * Require lowercase letters
 * Maximum PIN length
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md
index c2c52074f8..8c65b3943f 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md
@@ -20,6 +20,7 @@ ms.reviewer:
 
 **Applies to**
 -   Windows 10, version 1703 or later
+-   Windows 11
 -   On-premises deployment
 -   Key trust
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md
index 90a492218c..349b328807 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md
@@ -16,14 +16,15 @@ localizationpriority: medium
 ms.date: 08/19/2018
 ms.reviewer: 
 ---
-# Validate and Deploy Multi-factor Authentication (MFA)
+# Validate and Deploy Multifactor Authentication (MFA)
 
 > [!IMPORTANT]
-> As of July 1, 2019, Microsoft will no longer offer MFA Server for new deployments. New customers who would like to require multi-factor authentication from their users should use cloud-based Azure AD Multi-Factor Authentication. Existing customers who have activated MFA Server prior to July 1 will be able to download the latest version, future updates and generate activation credentials as usual.
+> As of July 1, 2019, Microsoft will no longer offer MFA Server for new deployments. New customers who would like to require multifactor authentication from their users should use cloud-based Azure AD Multi-Factor Authentication. Existing customers who have activated MFA Server prior to July 1 will be able to download the latest version, future updates and generate activation credentials as usual.
 
 **Applies to**
 
 - Windows 10, version 1703 or later
+- Windows 11
 - On-premises deployment
 - Key trust
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md
index 08e787ef60..5b864cd36b 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md
@@ -21,6 +21,7 @@ ms.reviewer:
 
 **Applies to**
 -   Windows 10, version 1703 or later
+-   Windows 11
 -   On-premises deployment
 -   Key trust
 
@@ -114,7 +115,7 @@ The certificate template is configured to supersede all the certificate template
 
 ### Configure an Internal Web Server Certificate template
 
-Windows 10 clients use the https protocol when communicating with Active Directory Federation Services.  To meet this need, you must issue a server authentication certificate to all the nodes in the Active Directory Federation Services farm.  On-premises deployments can use a server authentication certificate issued by their enterprise PKI.  You must configure a server authentication certificate template so the host running the Active Directory Federation Service can request the certificate. 
+Windows clients use the https protocol when communicating with Active Directory Federation Services.  To meet this need, you must issue a server authentication certificate to all the nodes in the Active Directory Federation Services farm.  On-premises deployments can use a server authentication certificate issued by their enterprise PKI.  You must configure a server authentication certificate template so the host running the Active Directory Federation Service can request the certificate. 
 
 Sign-in to a certificate authority or management workstations with _Domain Admin_ equivalent credentials.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md
index ab8e875aaa..5c7129efd6 100644
--- a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md
+++ b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md
@@ -1,5 +1,5 @@
 ---
-title: Manage Windows Hello in your organization (Windows 10)
+title: Manage Windows Hello in your organization (Windows)
 description: You can create a Group Policy or mobile device management (MDM) policy that will implement Windows Hello for Business on devices running Windows 10.
 ms.assetid: 47B55221-24BE-482D-BD31-C78B22AC06D8
 ms.reviewer: 
@@ -22,6 +22,7 @@ ms.date: 1/20/2021
 
 **Applies to**
 - Windows 10
+- Windows 11
 
 You can create a Group Policy or mobile device management (MDM) policy that will implement Windows Hello on devices running Windows 10.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md
index 1a2b17c308..cd38c11105 100644
--- a/windows/security/identity-protection/hello-for-business/hello-overview.md
+++ b/windows/security/identity-protection/hello-for-business/hello-overview.md
@@ -1,7 +1,7 @@
 ---
-title: Windows Hello for Business Overview (Windows 10)
+title: Windows Hello for Business Overview (Windows)
 ms.reviewer: An overview of Windows Hello for Business
-description: Learn how Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices in Windows 10.
+description: Learn how Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices in Windows 10 and Windows 11.
 keywords: identity, PIN, biometric, Hello, passport
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -20,6 +20,7 @@ localizationpriority: medium
 
 **Applies to**
 - Windows 10
+- Windows 11
 
 In Windows 10, Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to a device and uses a biometric or PIN.
 
@@ -47,7 +48,7 @@ As an administrator in an enterprise or educational organization, you can create
  Windows Hello provides reliable, fully integrated biometric authentication based on facial recognition or fingerprint matching. Windows Hello uses a combination of special infrared (IR) cameras and software to increase accuracy and guard against spoofing. Major hardware vendors are shipping devices that have integrated Windows Hello-compatible cameras. Fingerprint reader hardware can be used or added to devices that don't currently have it. On devices that support Windows Hello, an easy biometric gesture unlocks users' credentials.
  
 - **Facial recognition**. This type of biometric recognition uses special cameras that see in IR light, which allows them to reliably tell the difference between a photograph or scan and a living person. Several vendors are shipping external cameras that incorporate this technology, and major laptop manufacturers are incorporating it into their devices, as well. 
-- **Fingerprint recognition**. This type of biometric recognition uses a capacitive fingerprint sensor to scan your fingerprint. Fingerprint readers have been available for Windows computers for years, but the current generation of sensors is significantly more reliable and less error-prone. Most existing fingerprint readers (whether external or integrated into laptops or USB keyboards) work with Windows 10. 
+- **Fingerprint recognition**. This type of biometric recognition uses a capacitive fingerprint sensor to scan your fingerprint. Fingerprint readers have been available for Windows computers for years, but the current generation of sensors is significantly more reliable and less error-prone. Most existing fingerprint readers (whether external or integrated into laptops or USB keyboards) work with Windows 10 and Windows 11. 
 
 Windows stores biometric data that is used to implement Windows Hello securely on the local device only. The biometric data doesn't roam and is never sent to external devices or servers. Because Windows Hello only stores biometric identification data on the device, there's no single collection point an attacker can compromise to steal biometric data. For more information about biometric authentication with Windows Hello for Business, see [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md).
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
index 9bec345719..617be85699 100644
--- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
@@ -21,6 +21,7 @@ ms.reviewer:
 **Applies to**
 
 - Windows 10
+- Windows 11
 
 Congratulations! You are taking the first step forward in helping move your organizations away from password to a two-factor, convenience authentication for Windows — Windows Hello for Business. This planning guide helps you understand the different topologies, architectures, and components that encompass a Windows Hello for Business infrastructure.
 
@@ -145,9 +146,9 @@ Modern management is an emerging device management paradigm that leverages the c
 
 ### Client
 
-Windows Hello for Business is an exclusive Windows 10 feature.  As part of the Windows as a Service strategy, Microsoft has improved the deployment, management, and user experience with each new release of Windows 10 and introduced support for new scenarios.
+Windows Hello for Business is an exclusive Windows 10 and Windows 11 feature. As part of the Windows as a Service strategy, Microsoft has improved the deployment, management, and user experience with each new release of Windows and introduced support for new scenarios.
 
-Most deployment scenarios require a minimum of Windows 10, version 1511, also known as the November Update.  The client requirement may change based on different components in your existing infrastructure, or other infrastructure choices made later in planning your deployment.  Those components and choices may require a minimum client running Windows 10, version 1703, also known as the Creators Update.
+Most deployment scenarios require a minimum of Windows 10, version 1511, also known as the November Update.  The client requirement may change based on different components in your existing infrastructure, or other infrastructure choices made later in planning your deployment. Those components and choices may require a minimum client running Windows 10, version 1703, also known as the Creators Update.
 
 
 ### Active Directory
@@ -156,7 +157,7 @@ Hybrid and on-premises deployments include Active Directory as part of their inf
 
 ### Public Key Infrastructure
 
-The Windows Hello for Business deployment depends on an enterprise public key infrastructure as a trust anchor for authentication. Domain controllers for hybrid and on-premises deployments need a certificate in order for Windows 10 devices to trust the domain controller as legitimate. Deployments using the certificate trust type need an enterprise public key infrastructure and a certificate registration authority to issue authentication certificates to users.  Hybrid deployments may need to issue VPN certificates to users to enable connectivity on-premises resources.
+The Windows Hello for Business deployment depends on an enterprise public key infrastructure as a trust anchor for authentication. Domain controllers for hybrid and on-premises deployments need a certificate in order for Windows devices to trust the domain controller as legitimate. Deployments using the certificate trust type need an enterprise public key infrastructure and a certificate registration authority to issue authentication certificates to users.  Hybrid deployments may need to issue VPN certificates to users to enable connectivity on-premises resources.
 
 ### Cloud
 
@@ -267,7 +268,7 @@ If you use modern management for both domain and non-domain joined devices, writ
 
 ### Client
 
-Windows Hello for Business is a feature exclusive to Windows 10.   Some deployments and features are available using earlier versions of Windows 10.  Others need the latest versions.
+Windows Hello for Business is a feature exclusive to Windows 10 and Windows 11. Some deployments and features are available using earlier versions of Windows 10. Others need the latest versions.
 
 If box **1a** on your planning worksheet reads **cloud only**, write **N/A** in box **3a** on your planning worksheet.  Optionally, you may write **1511 or later** in box **3b** on your planning worksheet if you plan to manage non-domain joined devices.
 > [!NOTE]
diff --git a/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md b/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md
index e7d6a0cea8..bf0a6af0ea 100644
--- a/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md
+++ b/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md
@@ -1,5 +1,5 @@
 ---
-title: Prepare people to use Windows Hello (Windows 10)
+title: Prepare people to use Windows Hello (Windows)
 description: When you set a policy to require Windows Hello for Business in the workplace, you will want to prepare people in your organization.
 ms.assetid: 5270B416-CE31-4DD9-862D-6C22A2AE508B
 ms.reviewer: 
@@ -22,6 +22,7 @@ ms.date: 08/19/2018
 
 **Applies to**
 -   Windows 10
+-   Windows 11
 
 When you set a policy to require Windows Hello for Business in the workplace, you will want to prepare people in your organization by explaining how to use Hello.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-videos.md b/windows/security/identity-protection/hello-for-business/hello-videos.md
index c53586ff18..0f47042799 100644
--- a/windows/security/identity-protection/hello-for-business/hello-videos.md
+++ b/windows/security/identity-protection/hello-for-business/hello-videos.md
@@ -1,6 +1,6 @@
 ---
 title: Windows Hello for Business Videos
-description: View several informative videos describing features and experiences in Windows Hello for Business in Windows 10.
+description: View several informative videos describing features and experiences in Windows Hello for Business in Windows 10 and Windows 11.
 keywords: identity, PIN, biometric, Hello, passport, video, watch, passwordless
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -20,6 +20,7 @@ ms.reviewer:
 
 **Applies to**
 -   Windows 10
+-   Windows 11
 
 ## Overview of Windows Hello for Business and Features
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md
index d74bd61baa..738db8c9bd 100644
--- a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md
+++ b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md
@@ -1,5 +1,5 @@
 ---
-title: Why a PIN is better than a password (Windows 10)
+title: Why a PIN is better than a password (Windows)
 description: Windows Hello in Windows 10 enables users to sign in to their device using a PIN. How is a PIN different from (and better than) a password .
 ms.assetid: A6FC0520-01E6-4E90-B53D-6C4C4E780212
 ms.reviewer: 
@@ -23,6 +23,7 @@ ms.date: 10/23/2017
 **Applies to**
 
 -   Windows 10
+-   Windows 11
 
 Windows Hello in Windows 10 enables users to sign in to their device using a PIN. How is a PIN different from (and better than) a password?
 On the surface, a PIN looks much like a password. A PIN can be a set of numbers, but enterprise policy might allow complex PINs that include special characters and letters, both upper-case and lower-case. Something like **t758A!** could be an account password or a complex Hello PIN. It isn't the structure of a PIN (length, complexity) that makes it better than a password, it's how it works.
diff --git a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md
index a17d30b55f..73aab32a55 100644
--- a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md
+++ b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md
@@ -1,6 +1,6 @@
 ---
 title: Microsoft-compatible security key 
-description: Learn how a Microsoft-compatible security key for Windows 10 is different (and better) than any other FIDO2 security key.
+description: Learn how a Microsoft-compatible security key for Windows is different (and better) than any other FIDO2 security key.
 keywords: FIDO2, security key, CTAP, Hello, WHFB
 ms.prod: w10
 ms.mktglfcycl: deploy
diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md
index 2b1c101fc0..f7bb6e7722 100644
--- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md
+++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md
@@ -1,6 +1,6 @@
 ---
 title: Passwordless Strategy
-description: Learn about the password-less strategy and how Windows Hello for Business implements this strategy in Windows 10.
+description: Learn about the password-less strategy and how Windows Hello for Business implements this strategy in Windows 10 and Windows 11.
 keywords: identity, PIN, biometric, Hello, passport, video, watch, passwordless
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -25,7 +25,7 @@ Over the past few years, Microsoft has continued their commitment to enabling a
 
 
 ### 1. Develop a password replacement offering
-Before you move away from passwords, you need something to replace them. With Windows 10, Microsoft introduced Windows Hello for Business, a strong, hardware protected two-factor credential that enables single sign-on to Azure Active Directory and Active Directory.
+Before you move away from passwords, you need something to replace them. With Windows 10 and Windows 11, Microsoft introduced Windows Hello for Business, a strong, hardware protected two-factor credential that enables single sign-on to Azure Active Directory and Active Directory.
 
 Deploying Windows Hello for Business is the first step towards a passwordless environment. Windows Hello for Business coexists nicely with existing password-based security. Users are likely to use Windows Hello for Business because of its convenience, especially when combined with biometrics. However, some workflows and applications may still need passwords. This early stage is about implementing an alternative and getting users used to it.
 
@@ -38,7 +38,7 @@ Once the user-visible password surface has been eliminated, your organization ca
 - the users never change their password
 - the users do not know their password
 
-In this world, the user signs in to Windows 10 using Windows Hello for Business and enjoys single sign-on to Azure and Active Directory resources. If the user is forced to authenticate, their authentication uses Windows Hello for Business.
+In this world, the user signs in to Windows using Windows Hello for Business and enjoys single sign-on to Azure and Active Directory resources. If the user is forced to authenticate, their authentication uses Windows Hello for Business.
 
 ### 4. Eliminate passwords from the identity directory
 The final step of the passwordless story is where passwords simply do not exist. At this step, identity directories no longer persist any form of the password. This is where Microsoft achieves the long-term security promise of a truly passwordless environment.
@@ -139,7 +139,7 @@ The journey to password freedom is to take each work persona through each step o
 After successfully moving a work persona to password freedom, you can prioritize the remaining work personas and repeat the process.
 
 ### Passwordless replacement offering (Step 1)
-The first step to password freedom is providing an alternative to passwords. Windows 10 provides an affordable and easy in-box alternative to passwords, Windows Hello for Business, a strong, two-factor authentication to Azure Active Directory and Active Directory.
+The first step to password freedom is providing an alternative to passwords. Windows 10 and Windows 11 provide an affordable and easy in-box alternative to passwords, Windows Hello for Business, a strong, two-factor authentication to Azure Active Directory and Active Directory.
 
 #### Identify test users that represent the targeted work persona
 A successful transition relies on user acceptance testing. It is impossible for you to know how every work persona goes about their day-to-day activities, or how to accurately validate them. You need to enlist the help of users who fit the targeted work persona. You only need a few users from the targeted work persona. As you cycle through step 2, you may want to change a few of the users (or add a few) as part of your validation process.
diff --git a/windows/security/identity-protection/hello-for-business/reset-security-key.md b/windows/security/identity-protection/hello-for-business/reset-security-key.md
index 732dff8677..92a7af375c 100644
--- a/windows/security/identity-protection/hello-for-business/reset-security-key.md
+++ b/windows/security/identity-protection/hello-for-business/reset-security-key.md
@@ -1,6 +1,6 @@
 ---
 title: Reset-security-key 
-description: Windows�10 enables users to sign in to their device using a security key. How to reset a security key
+description: Windows 10 and Windows 11 enables users to sign in to their device using a security key. How to reset a security key
 keywords: FIDO2, security key, CTAP, Microsoft-compatible security key
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -24,14 +24,14 @@ ms.reviewer:
 >This operation will wipe everything from your security key and reset it to factory defaults.</br> **All data and credentials will be cleared.** 
 
 
-A [Microsoft-compatible security key](./microsoft-compatible-security-key.md) can be reset via Settings app ( Settings > Accounts > Sign-in options > Security key  ).
+A [Microsoft-compatible security key](./microsoft-compatible-security-key.md) can be reset via Settings app (Settings > Accounts > Sign-in options > Security key).
 </br>
 Follow the instructions in the Settings app and look for specific instructions based on your security key manufacturer below:
 
 
 |Security key manufacturer</br> | Reset instructions </br> |
 | --- | --- | 
-|Yubico | **USB:** Remove and re-insert the security key. When the LED on the security key begins flashing, touch the metal contact  <br> **NFC:** Tap the security key on the reader <br>|
+|Yubico | **USB:** Remove and reinsert the security key. When the LED on the security key begins flashing, touch the metal contact  <br> **NFC:** Tap the security key on the reader <br>|
 |Feitian | Touch the blinking fingerprint sensor twice to reset the key|
 |HID | Tap the card on the reader twice to reset it |
 

From a012698fe7d5d6f5a0766eecdffaca4521dd71c9 Mon Sep 17 00:00:00 2001
From: Ashok Lobo <v-ashoklobo@microsoft.com>
Date: Tue, 7 Sep 2021 11:56:23 +0530
Subject: [PATCH 120/671] Updated for 5358843-files76to100

---
 ...a-basic-audit-policy-settings-for-an-event-category.md | 4 +---
 windows/security/threat-protection/auditing/event-1100.md | 6 +-----
 windows/security/threat-protection/auditing/event-1102.md | 6 +-----
 windows/security/threat-protection/auditing/event-1104.md | 6 +-----
 windows/security/threat-protection/auditing/event-1105.md | 6 +-----
 windows/security/threat-protection/auditing/event-1108.md | 6 +-----
 windows/security/threat-protection/auditing/event-4608.md | 6 +-----
 windows/security/threat-protection/auditing/event-4610.md | 6 +-----
 windows/security/threat-protection/auditing/event-4611.md | 6 +-----
 windows/security/threat-protection/auditing/event-4612.md | 6 +-----
 windows/security/threat-protection/auditing/event-4614.md | 6 +-----
 windows/security/threat-protection/auditing/event-4615.md | 6 +-----
 windows/security/threat-protection/auditing/event-4616.md | 6 +-----
 windows/security/threat-protection/auditing/event-4618.md | 6 +-----
 windows/security/threat-protection/auditing/event-4621.md | 5 +----
 windows/security/threat-protection/auditing/event-4622.md | 8 ++------
 windows/security/threat-protection/auditing/event-4624.md | 6 +-----
 windows/security/threat-protection/auditing/event-4625.md | 6 +-----
 windows/security/threat-protection/auditing/event-4626.md | 6 +-----
 windows/security/threat-protection/auditing/event-4627.md | 6 +-----
 windows/security/threat-protection/auditing/event-4634.md | 6 +-----
 windows/security/threat-protection/auditing/event-4647.md | 6 +-----
 windows/security/threat-protection/auditing/event-4648.md | 6 +-----
 windows/security/threat-protection/auditing/event-4649.md | 6 +-----
 windows/security/threat-protection/auditing/event-4656.md | 6 +-----
 25 files changed, 26 insertions(+), 123 deletions(-)

diff --git a/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md b/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md
index 526946d4b5..054ff9b595 100644
--- a/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md
+++ b/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
 # Create a basic audit policy for an event category
 
-**Applies to**
--   Windows 10
 
 By defining auditing settings for specific event categories, you can create an auditing policy that suits the security needs of your organization. On devices that are joined to a domain, auditing settings for the event categories are undefined by default. On domain controllers, auditing is turned on by default.
 
diff --git a/windows/security/threat-protection/auditing/event-1100.md b/windows/security/threat-protection/auditing/event-1100.md
index f3fbd46308..c8ac91b393 100644
--- a/windows/security/threat-protection/auditing/event-1100.md
+++ b/windows/security/threat-protection/auditing/event-1100.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 1100(S): The event logging service has shut down.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-1100.png" alt="Event 1100 illustration" width="449" height="317" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-1102.md b/windows/security/threat-protection/auditing/event-1102.md
index fecf1badde..02ac9384e5 100644
--- a/windows/security/threat-protection/auditing/event-1102.md
+++ b/windows/security/threat-protection/auditing/event-1102.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 1102(S): The audit log was cleared.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-1102.png" alt="Event 1102 illustration" width="449" height="336" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-1104.md b/windows/security/threat-protection/auditing/event-1104.md
index 8d6a8dfd16..0c5e2917af 100644
--- a/windows/security/threat-protection/auditing/event-1104.md
+++ b/windows/security/threat-protection/auditing/event-1104.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 1104(S): The security log is now full.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-1104.png" alt="Event 1104 illustration" width="449" height="317" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-1105.md b/windows/security/threat-protection/auditing/event-1105.md
index ca327249e4..1aeaa58c8e 100644
--- a/windows/security/threat-protection/auditing/event-1105.md
+++ b/windows/security/threat-protection/auditing/event-1105.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 1105(S): Event log automatic backup
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-1105.png" alt="Event 1105 illustration" width="572" height="317" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-1108.md b/windows/security/threat-protection/auditing/event-1108.md
index 440e411f38..1a7f0cbd1e 100644
--- a/windows/security/threat-protection/auditing/event-1108.md
+++ b/windows/security/threat-protection/auditing/event-1108.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 1108(S): The event logging service encountered an error while processing an incoming event published from %1.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-1108.png" alt="Event 1108 illustration" width="613" height="429" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4608.md b/windows/security/threat-protection/auditing/event-4608.md
index 6372e6acc2..255036037d 100644
--- a/windows/security/threat-protection/auditing/event-4608.md
+++ b/windows/security/threat-protection/auditing/event-4608.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4608(S): Windows is starting up.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4608.png" alt="Event 4608 illustration" width="449" height="317" hspace="10" align="top" />
 
diff --git a/windows/security/threat-protection/auditing/event-4610.md b/windows/security/threat-protection/auditing/event-4610.md
index aba324fd61..2249612819 100644
--- a/windows/security/threat-protection/auditing/event-4610.md
+++ b/windows/security/threat-protection/auditing/event-4610.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4610(S): An authentication package has been loaded by the Local Security Authority.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4610.png" alt="Event 4610 illustration" width="656" height="317" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4611.md b/windows/security/threat-protection/auditing/event-4611.md
index 50583e6f70..b4ce0a9d8d 100644
--- a/windows/security/threat-protection/auditing/event-4611.md
+++ b/windows/security/threat-protection/auditing/event-4611.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4611(S): A trusted logon process has been registered with the Local Security Authority.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4611.png" alt="Event 4611 illustration" width="449" height="393" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4612.md b/windows/security/threat-protection/auditing/event-4612.md
index c4561550d5..aa8b9ecc61 100644
--- a/windows/security/threat-protection/auditing/event-4612.md
+++ b/windows/security/threat-protection/auditing/event-4612.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4612(S): Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event is generated when audit queues are filled and events must be discarded. This most commonly occurs when security events are being generated faster than they are being written to disk.
 
diff --git a/windows/security/threat-protection/auditing/event-4614.md b/windows/security/threat-protection/auditing/event-4614.md
index ca4c161420..959ef959e9 100644
--- a/windows/security/threat-protection/auditing/event-4614.md
+++ b/windows/security/threat-protection/auditing/event-4614.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4614(S): A notification package has been loaded by the Security Account Manager.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4614.png" alt="Event 4614 illustration" width="449" height="317" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4615.md b/windows/security/threat-protection/auditing/event-4615.md
index 6c8f9cd7ac..82dbd7d648 100644
--- a/windows/security/threat-protection/auditing/event-4615.md
+++ b/windows/security/threat-protection/auditing/event-4615.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4615(S): Invalid use of LPC port.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 It appears that this event never occurs.
 
diff --git a/windows/security/threat-protection/auditing/event-4616.md b/windows/security/threat-protection/auditing/event-4616.md
index 690bde945f..2fc4b43b2c 100644
--- a/windows/security/threat-protection/auditing/event-4616.md
+++ b/windows/security/threat-protection/auditing/event-4616.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4616(S): The system time was changed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4616.png" alt="Event 4616 illustration" width="522" height="518" hspace="10" align="top" />
 
diff --git a/windows/security/threat-protection/auditing/event-4618.md b/windows/security/threat-protection/auditing/event-4618.md
index c1bc41f942..baa0727774 100644
--- a/windows/security/threat-protection/auditing/event-4618.md
+++ b/windows/security/threat-protection/auditing/event-4618.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4618(S): A monitored security event pattern has occurred.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 ***Subcategory:***&nbsp;[Audit System Integrity](audit-system-integrity.md)
 
diff --git a/windows/security/threat-protection/auditing/event-4621.md b/windows/security/threat-protection/auditing/event-4621.md
index 9ffb0fee15..d3475dbb08 100644
--- a/windows/security/threat-protection/auditing/event-4621.md
+++ b/windows/security/threat-protection/auditing/event-4621.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,9 +16,6 @@ ms.technology: mde
 
 # 4621(S): Administrator recovered system from CrashOnAuditFail.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
 
 
 This event is logged after a system reboots following [CrashOnAuditFail](/previous-versions/windows/it-pro/windows-2000-server/cc963220(v=technet.10)?f=255&MSPPError=-2147217396). It generates when CrashOnAuditFail = 2.
diff --git a/windows/security/threat-protection/auditing/event-4622.md b/windows/security/threat-protection/auditing/event-4622.md
index 46f54afcca..5404c4491b 100644
--- a/windows/security/threat-protection/auditing/event-4622.md
+++ b/windows/security/threat-protection/auditing/event-4622.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4622(S): A security package has been loaded by the Local Security Authority.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4622.png" alt="Event 4622 illustration" width="449" height="317" hspace="10" align="left" />
 
@@ -101,4 +97,4 @@ These are some Security Package DLLs loaded by default in Windows 10:
 
 For 4622(S): A security package has been loaded by the Local Security Authority.
 
--   Typically this event has an informational purpose. If you defined the list of allowed Security Packages in the system, then you can check is “**Security Package Name”** field value in the allow list or not.
\ No newline at end of file
+-   Typically this event has an informational purpose. If you defined the list of allowed Security Packages in the system, then you can check is “**Security Package Name”** field value in the allowlist or not.
\ No newline at end of file
diff --git a/windows/security/threat-protection/auditing/event-4624.md b/windows/security/threat-protection/auditing/event-4624.md
index a61449dada..6a36fda6d7 100644
--- a/windows/security/threat-protection/auditing/event-4624.md
+++ b/windows/security/threat-protection/auditing/event-4624.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4624(S): An account was successfully logged on.
 
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
 
 <img src="images/event-4624.png" alt="Event 4624 illustration" width="438" height="668" hspace="10" />
 
diff --git a/windows/security/threat-protection/auditing/event-4625.md b/windows/security/threat-protection/auditing/event-4625.md
index d613787ba3..ec92960ecc 100644
--- a/windows/security/threat-protection/auditing/event-4625.md
+++ b/windows/security/threat-protection/auditing/event-4625.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4625(F): An account failed to log on.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4625.png" alt="Event 4625 illustration" width="449" height="780" hspace="10" align="top" />
 
diff --git a/windows/security/threat-protection/auditing/event-4626.md b/windows/security/threat-protection/auditing/event-4626.md
index 667de4c561..1aba2f1f3b 100644
--- a/windows/security/threat-protection/auditing/event-4626.md
+++ b/windows/security/threat-protection/auditing/event-4626.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4626(S): User/Device claims information.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4626.png" alt="Event 4626 illustration" width="549" height="771" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4627.md b/windows/security/threat-protection/auditing/event-4627.md
index 4a4fce1919..8ad79efcb2 100644
--- a/windows/security/threat-protection/auditing/event-4627.md
+++ b/windows/security/threat-protection/auditing/event-4627.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4627(S): Group membership information.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4627.png" alt="Event 4627 illustration" width="554" height="896" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4634.md b/windows/security/threat-protection/auditing/event-4634.md
index b0541e2dbb..16bf3e049d 100644
--- a/windows/security/threat-protection/auditing/event-4634.md
+++ b/windows/security/threat-protection/auditing/event-4634.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 11/20/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4634(S): An account was logged off.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4634.png" alt="Event 4634 illustration" width="449" height="431" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4647.md b/windows/security/threat-protection/auditing/event-4647.md
index 14dc2a7083..01428dba45 100644
--- a/windows/security/threat-protection/auditing/event-4647.md
+++ b/windows/security/threat-protection/auditing/event-4647.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4647(S): User initiated logoff.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4647.png" alt="Event 4647 illustration" width="449" height="392" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4648.md b/windows/security/threat-protection/auditing/event-4648.md
index 44eb565de4..8d81d41573 100644
--- a/windows/security/threat-protection/auditing/event-4648.md
+++ b/windows/security/threat-protection/auditing/event-4648.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4648(S): A logon was attempted using explicit credentials.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4648.png" alt="Event 4648 illustration" width="486" height="663" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4649.md b/windows/security/threat-protection/auditing/event-4649.md
index 06ae9ca1aa..75f1bf3c96 100644
--- a/windows/security/threat-protection/auditing/event-4649.md
+++ b/windows/security/threat-protection/auditing/event-4649.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4649(S): A replay attack was detected.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event generates on domain controllers when **KRB\_AP\_ERR\_REPEAT** Kerberos response was sent to the client.
 
diff --git a/windows/security/threat-protection/auditing/event-4656.md b/windows/security/threat-protection/auditing/event-4656.md
index 7332ad06b8..7aee847e93 100644
--- a/windows/security/threat-protection/auditing/event-4656.md
+++ b/windows/security/threat-protection/auditing/event-4656.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4656(S, F): A handle to an object was requested.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4656.png" alt="Event 4656 illustration" width="764" height="895"/>
 

From ed795e9571ab0fc6d36c9bac2d2f4dc8c6d6724b Mon Sep 17 00:00:00 2001
From: Alekhya Jupudi <v-aljupudi@microsoft.com>
Date: Tue, 7 Sep 2021 12:19:36 +0530
Subject: [PATCH 121/671] 5358695-Windows 11 Update- Cred Gaurd

WINDOWS: Credential Guard update for W11
---
 .../additional-mitigations.md                 |  2 +-
 .../credential-guard-considerations.md        | 12 +++--
 .../credential-guard-how-it-works.md          | 16 +++---
 .../credential-guard-known-issues.md          | 53 ++++++++++---------
 .../credential-guard-manage.md                |  9 ++--
 ...redential-guard-not-protected-scenarios.md | 10 ++--
 .../credential-guard-protection-limits.md     | 10 ++--
 .../credential-guard-requirements.md          | 10 ++--
 .../credential-guard-scripts.md               |  4 +-
 .../credential-guard/credential-guard.md      |  8 +--
 .../credential-guard/dg-readiness-tool.md     |  5 +-
 11 files changed, 78 insertions(+), 61 deletions(-)

diff --git a/windows/security/identity-protection/credential-guard/additional-mitigations.md b/windows/security/identity-protection/credential-guard/additional-mitigations.md
index ca6a1c8da0..74a0f7dd85 100644
--- a/windows/security/identity-protection/credential-guard/additional-mitigations.md
+++ b/windows/security/identity-protection/credential-guard/additional-mitigations.md
@@ -43,7 +43,7 @@ Domain-joined device certificate authentication has the following requirements:
 -   All domain controllers in those domains have KDC certificates which satisfy strict KDC validation certificate requirements:
     -   KDC EKU present
     -   DNS domain name matches the DNSName field of the SubjectAltName (SAN) extension
--   Windows 10 devices have the CA issuing the domain controller certificates in the enterprise store.
+-   Windows devices have the CA issuing the domain controller certificates in the enterprise store.
 -   A process is established to ensure the identity and trustworthiness of the device in a similar manner as you would establish the identity and trustworthiness of a user before issuing them a smartcard.
 
 #### Deploying domain-joined device certificates
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-considerations.md b/windows/security/identity-protection/credential-guard/credential-guard-considerations.md
index d04097f751..871578d4d0 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-considerations.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-considerations.md
@@ -1,6 +1,6 @@
 ---
-title: Advice while using Windows Defender Credential Guard (Windows 10)
-description: Considerations and recommendations for certain scenarios when using Windows Defender Credential Guard in Windows 10.
+title: Advice while using Windows Defender Credential Guard (Windows)
+description: Considerations and recommendations for certain scenarios when using Windows Defender Credential Guard in Windows.
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
@@ -19,8 +19,10 @@ ms.reviewer:
 # Considerations when using Windows Defender Credential Guard
 
 **Applies to**
--   Windows 10
--   Windows Server 2016
+- Windows 10
+- Windows 11
+- Windows Server 2016
+- Windows Server 2019
 
 Passwords are still weak. We recommend that in addition to deploying Windows Defender Credential Guard, organizations move away from passwords to other authentication methods, such as physical smart cards, virtual smart cards, or Windows Hello for Business.
 
@@ -79,7 +81,7 @@ If you must clear the TPM on a domain-joined device without connectivity to doma
 
 Domain user sign-in on a domain-joined device after clearing a TPM for as long as there is no connectivity to a domain controller:
 
-|Credential Type | Windows 10 version | Behavior
+|Credential Type | Windows version | Behavior
 |---|---|---|
 | Certificate (smart card or Windows Hello for Business) | All | All data protected with user DPAPI is unusable and user DPAPI does not work at all. |
 | Password | Windows 10 v1709 or later | If the user signed-in with a certificate or password prior to clearing the TPM, then they can sign-in with password and user DPAPI is unaffected.
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md b/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md
index b122158529..4919aa21ec 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md
@@ -19,19 +19,21 @@ ms.reviewer:
 # How Windows Defender Credential Guard works
 
 **Applies to**  
-- Windows 10  
-- Windows Server 2016  
+- Windows 10
+- Windows 11
+- Windows Server 2016
+- Windows Server 2019
 
 
-Kerberos, NTLM, and Credential manager isolate secrets by using virtualization-based security. Previous versions of Windows stored secrets in the Local Security Authority (LSA). Prior to Windows 10, the LSA stored secrets used by the operating system in its process memory. With Windows Defender Credential Guard enabled, the LSA process in the operating system talks to a new component called the isolated LSA process that stores and protects those secrets. Data stored by the isolated LSA process is protected using virtualization-based security and is not accessible to the rest of the operating system. LSA uses remote procedure calls to communicate with the isolated LSA process.
+Kerberos, NTLM, and Credential manager isolate secrets by using Virtualization-based security. Previous versions of Windows stored secrets in the Local Security Authority (LSA). Prior to Windows 10, the LSA stored secrets used by the operating system in its process memory. With Windows Defender Credential Guard enabled, the LSA process in the operating system talks to a new component called the isolated LSA process that stores and protects those secrets. Data stored by the isolated LSA process is protected using Virtualization-based security and is not accessible to the rest of the operating system. LSA uses remote procedure calls to communicate with the isolated LSA process.
 
-For security reasons, the isolated LSA process doesn't host any device drivers. Instead, it only hosts a small subset of operating system binaries that are needed for security and nothing else. All of these binaries are signed with a certificate that is trusted by virtualization-based security and these signatures are validated before launching the file in the protected environment.
+For security reasons, the isolated LSA process doesn't host any device drivers. Instead, it only hosts a small subset of operating system binaries that are needed for security and nothing else. All of these binaries are signed with a certificate that is trusted by Virtualization-based security and these signatures are validated before launching the file in the protected environment.
 
-When Windows Defender Credential Guard is enabled, NTLMv1, MS-CHAPv2, Digest, and CredSSP cannot use the signed-in credentials. Thus, single sign-on does not work with these protocols. However, applications can prompt for credentials or use credentials stored in the Windows Vault which are not protected by Windows Defender Credential Guard with any of these protocols. It is strongly recommended that valuable credentials, such as the sign-in credentials, not be used with any of these protocols. If these protocols must be used by domain or Azure AD users, secondary credentials should be provisioned for these use cases.
+When Windows Defender Credential Guard is enabled, NTLMv1, MS-CHAPv2, Digest, and CredSSP cannot use the signed-in credentials. Thus, single sign-on does not work with these protocols. However, applications can prompt for credentials or use credentials stored in the Windows Vault, which are not protected by Windows Defender Credential Guard with any of these protocols. It is recommended that valuable credentials, such as the sign-in credentials, not be used with any of these protocols. If these protocols must be used by domain or Azure AD users, secondary credentials should be provisioned for these use cases.
 
 When Windows Defender Credential Guard is enabled, Kerberos does not allow unconstrained Kerberos delegation or DES encryption, not only for signed-in credentials, but also prompted or saved credentials.
 
-Here's a high-level overview on how the LSA is isolated by using virtualization-based security:
+Here's a high-level overview on how the LSA is isolated by using Virtualization-based security:
 
 ![Windows Defender Credential Guard overview.](images/credguard.png)  
 
@@ -39,4 +41,4 @@ Here's a high-level overview on how the LSA is isolated by using virtualization-
 
 **Related videos**
 
-[What is virtualization-based security?](https://www.linkedin.com/learning/microsoft-cybersecurity-stack-advanced-identity-and-endpoint-protection/what-is-virtualization-based-security)
+[What is Virtualization-based security?](https://www.linkedin.com/learning/microsoft-cybersecurity-stack-advanced-identity-and-endpoint-protection/what-is-virtualization-based-security)
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
index 5d76d6be7c..22da9b6b43 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
@@ -1,6 +1,6 @@
 ---
-title: Windows Defender Credential Guard - Known issues (Windows 10)
-description: Windows Defender Credential Guard - Known issues in Windows 10 Enterprise
+title: Windows Defender Credential Guard - Known issues (Windows)
+description: Windows Defender Credential Guard - Known issues in Windows Enterprise
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
@@ -19,9 +19,10 @@ ms.reviewer:
 # Windows Defender Credential Guard: Known issues 
 
 **Applies to**
--   Windows 10
--   Windows Server 2016
--   Windows Server 2019
+- Windows 10
+- Windows 11
+- Windows Server 2016
+- Windows Server 2019
  
 Windows Defender Credential Guard has certain application requirements. Windows Defender Credential Guard blocks specific authentication capabilities. Therefore applications that require such capabilities will not function when it is enabled. For further information, see [Application requirements](/windows/access-protection/credential-guard/credential-guard-requirements#application-requirements). 
 
@@ -51,12 +52,12 @@ The following known issue has been fixed in the [Cumulative Security Update for
 
 The following known issues have been fixed by servicing releases made available in the Cumulative Security Updates for April 2017:
 
-- [KB4015217 Windows Defender Credential Guard generates double bad password count on Active Directory domain-joined Windows 10 machines](https://support.microsoft.com/help/4015217/windows-10-update-kb4015217)
+- [KB4015217 Windows Defender Credential Guard generates double bad password count on Active Directory domain-joined Windows machines](https://support.microsoft.com/help/4015217/windows-10-update-kb4015217)
 
      This issue can potentially lead to unexpected account lockouts. See also Microsoft® Knowledge Base articles [KB4015219](https://support.microsoft.com/help/4015219/windows-10-update-kb4015219) and [KB4015221](https://support.microsoft.com/help/4015221/windows-10-update-kb4015221)
 
 
-- [KB4033236 Two incorrect logon attempts sent to Active Directory after Windows Defender Credential Guard installed on Windows 10](https://support.microsoft.com/help/4033236/two-incorrect-logon-attempts-sent-to-active-directory-after-credential?preview)
+- [KB4033236 Two incorrect logon attempts sent to Active Directory after Windows Defender Credential Guard installed on Windows](https://support.microsoft.com/help/4033236/two-incorrect-logon-attempts-sent-to-active-directory-after-credential?preview)
 
     This issue can potentially lead to unexpected account lockouts. The issue was fixed in servicing updates for each of the following operating systems:
 
@@ -69,30 +70,30 @@ The following known issues have been fixed by servicing releases made available
 
 The following issue affects the Java GSS API. See the following Oracle bug database article: 
 
-- [JDK-8161921: Windows 10 Windows Defender Credential Guard does not allow sharing of TGT with Java](http://bugs.java.com/bugdatabase/view_bug.do?bug_id=8161921)
+- [JDK-8161921: Windows 10 or Windows 11 Windows Defender Credential Guard does not allow sharing of TGT with Java](http://bugs.java.com/bugdatabase/view_bug.do?bug_id=8161921)
 
-When Windows Defender Credential Guard is enabled on Windows 10, the Java GSS API will not authenticate. This is expected behavior because Windows Defender Credential Guard blocks specific application authentication capabilities and will not provide the TGT session key to applications regardless of registry key settings. For further information see [Application requirements](/windows/access-protection/credential-guard/credential-guard-requirements#application-requirements).
+When Windows Defender Credential Guard is enabled on Windows, the Java GSS API will not authenticate. This is expected behavior because Windows Defender Credential Guard blocks specific application authentication capabilities and will not provide the TGT session key to applications regardless of registry key settings. For further information see [Application requirements](/windows/access-protection/credential-guard/credential-guard-requirements#application-requirements).
 
 The following issue affects Cisco AnyConnect Secure Mobility Client:
 
-- [Blue screen on Windows 10 computers running Hypervisor-Protected Code Integrity and Windows Defender Credential Guard with Cisco Anyconnect 4.3.04027](https://quickview.cloudapps.cisco.com/quickview/bug/CSCvc66692) \*
+- [Blue screen on Windows 10 and Windows 11 computers running Hypervisor-Protected Code Integrity and Windows Defender Credential Guard with Cisco Anyconnect 4.3.04027](https://quickview.cloudapps.cisco.com/quickview/bug/CSCvc66692) \*
 
 *Registration required to access this article. 
 
 The following issue affects McAfee Application and Change Control (MACC):
-- [KB88869 Windows 10 machines exhibit high CPU usage with McAfee Application and Change Control (MACC) installed when Windows Defender Credential Guard is enabled](https://kc.mcafee.com/corporate/index?page=content&id=KB88869) <sup>[1]</sup>
+- [KB88869 Windows 10 and Windows 11 machines exhibit high CPU usage with McAfee Application and Change Control (MACC) installed when Windows Defender Credential Guard is enabled](https://kc.mcafee.com/corporate/index?page=content&id=KB88869) <sup>[1]</sup>
    
 
 The following issue affects AppSense Environment Manager.
   For further information, see the following Knowledge Base article:
-- [Installing AppSense Environment Manager on Windows 10 machines causes LSAISO.exe to exhibit high CPU usage when Windows Defender Credential Guard is enabled](http://www.appsense.com/kb/160525073917945) <sup>[1]</sup> \**
+- [Installing AppSense Environment Manager on Windows 10 and Windows 11 machines causes LSAISO.exe to exhibit high CPU usage when Windows Defender Credential Guard is enabled](http://www.appsense.com/kb/160525073917945) <sup>[1]</sup> \**
 
 The following issue affects Citrix applications:
-- Windows 10 machines exhibit high CPU usage with Citrix applications installed when Windows Defender Credential Guard is enabled. <sup>[1]</sup>
+- Windows 10 and Windows 11 machines exhibit high CPU usage with Citrix applications installed when Windows Defender Credential Guard is enabled. <sup>[1]</sup>
 
-<sup>[1]</sup> Products that connect to Virtualization Based Security (VBS) protected processes can cause Windows Defender Credential Guard-enabled Windows 10 or Windows Server 2016 machines to exhibit high CPU usage. For technical and troubleshooting information, see the following Microsoft Knowledge Base article:
+<sup>[1]</sup> Products that connect to Virtualization Based Security (VBS) protected processes can cause Windows Defender Credential Guard-enabled Windows 10, Windows 11, Windows Server 2016 or Windows Server 2019 machines to exhibit high CPU usage. For technical and troubleshooting information, see the following Microsoft Knowledge Base article:
 
-- [KB4032786 High CPU usage in the LSAISO process on Windows 10 or Windows Server 2016](https://support.microsoft.com/help/4032786)
+- [KB4032786 High CPU usage in the LSAISO process on Windows](https://support.microsoft.com/help/4032786)
     
 For further technical information on LSAISO.exe, see the MSDN article: [Isolated User Mode (IUM) Processes](/windows/win32/procthread/isolated-user-mode--ium--processes)
     
@@ -107,21 +108,21 @@ See the following article on Citrix support for Secure Boot:
 
 Windows Defender Credential Guard is not supported by either these products, products versions, computer systems, or Windows 10 versions:
 
-- For Windows Defender Credential Guard on Windows 10 with McAfee Encryption products, see:
-  [Support for Hypervisor-Protected Code Integrity and Windows Defender Credential Guard on Windows 10 with McAfee encryption products](https://kc.mcafee.com/corporate/index?page=content&id=KB86009)
+- For Windows Defender Credential Guard on Windows with McAfee Encryption products, see:
+  [Support for Hypervisor-Protected Code Integrity and Windows Defender Credential Guard on Windows with McAfee encryption products](https://kc.mcafee.com/corporate/index?page=content&id=KB86009)
 
-- For Windows Defender Credential Guard on Windows 10 with Check Point Endpoint Security Client, see:
-  [Check Point Endpoint Security Client support for Microsoft Windows 10 Windows Defender Credential Guard and Hypervisor-Protected Code Integrity features](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk113912)
+- For Windows Defender Credential Guard on Windows with Check Point Endpoint Security Client, see:
+  [Check Point Endpoint Security Client support for Microsoft Windows Defender Credential Guard and Hypervisor-Protected Code Integrity features](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk113912)
 
-- For Windows Defender Credential Guard on Windows 10 with VMWare Workstation
-  [Windows 10 host fails when running VMWare Workstation when Windows Defender Credential Guard is enabled](https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2146361)
+- For Windows Defender Credential Guard on Windows with VMWare Workstation
+  [Windows host fails when running VMWare Workstation when Windows Defender Credential Guard is enabled](https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2146361)
 
-- For Windows Defender Credential Guard on Windows 10 with specific versions of the Lenovo ThinkPad
-  [ThinkPad support for Hypervisor-Protected Code Integrity and Windows Defender Credential Guard in Microsoft Windows 10 – ThinkPad](https://support.lenovo.com/in/en/solutions/ht503039)
+- For Windows Defender Credential Guard on Windows with specific versions of the Lenovo ThinkPad
+  [ThinkPad support for Hypervisor-Protected Code Integrity and Windows Defender Credential Guard in Microsoft Windows – ThinkPad](https://support.lenovo.com/in/en/solutions/ht503039)
 
-- For Windows Defender Credential Guard on Windows 10 with Symantec Endpoint Protection
-  [Windows 10 with Windows Defender Credential Guard and Symantec Endpoint Protection 12.1](https://www.symantec.com/connect/forums/windows-10-device-guard-credentials-guard-and-sep-121)
+- For Windows Defender Credential Guard on Windows with Symantec Endpoint Protection
+  [Windows 10 and Windows 11 with Windows Defender Credential Guard and Symantec Endpoint Protection 12.1](https://www.symantec.com/connect/forums/windows-10-device-guard-credentials-guard-and-sep-121)
 
-  This is not a comprehensive list. Check whether your product vendor, product version, or computer system, supports Windows Defender Credential Guard on systems that run Windows 10 or specific versions of Windows 10. Specific computer system models may be incompatible with Windows Defender Credential Guard. 
+  This is not a comprehensive list. Check whether your product vendor, product version, or computer system, supports Windows Defender Credential Guard on systems that run Windows or specific versions of Windows. Specific computer system models may be incompatible with Windows Defender Credential Guard. 
 
   Microsoft encourages third-party vendors to contribute to this page by providing relevant product support information and by adding links to their own product support statements.
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
index 936172770d..17ee0a5394 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
@@ -1,5 +1,5 @@
 ---
-title: Manage Windows Defender Credential Guard (Windows 10)
+title: Manage Windows Defender Credential Guard (Windows)
 description: Learn how to deploy and manage Windows Defender Credential Guard using Group Policy, the registry, or hardware readiness tools.
 ms.prod: w10
 ms.mktglfcycl: explore
@@ -21,9 +21,10 @@ ms.custom:
 # Manage Windows Defender Credential Guard
 
 **Applies to**
--   Windows 10 Enterprise or Education SKUs
--   Windows Server 2016
--   Windows Server 2019
+- Windows 10
+- Windows 11
+- Windows Server 2016
+- Windows Server 2019
 
 
 ## Enable Windows Defender Credential Guard
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md b/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md
index e6bce8b91b..323cb6d686 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md
@@ -1,6 +1,6 @@
 ---
-title: Windows Defender Credential Guard protection limits & mitigations (Windows 10)
-description: Scenarios not protected by Windows Defender Credential Guard in Windows 10, and additional mitigations you can use.
+title: Windows Defender Credential Guard protection limits & mitigations (Windows
+description: Scenarios not protected by Windows Defender Credential Guard in Windows, and additional mitigations you can use.
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
@@ -19,8 +19,10 @@ ms.reviewer:
 # Windows Defender Credential Guard protection limits and mitigations
 
 **Applies to**
--   Windows 10
--   Windows Server 2016
+- Windows 10
+- Windows 11
+- Windows Server 2016
+- Windows Server 2019
 
 Prefer video? See [Credentials protected by Windows Defender Credential Guard](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=pdc37LJyC_1204300474)
 in the Deep Dive into Windows Defender Credential Guard video series.
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md
index 845101f5a0..e348a5ba65 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md
@@ -1,6 +1,6 @@
 ---
-title: Windows Defender Credential Guard protection limits (Windows 10)
-description: Some ways to store credentials are not protected by Windows Defender Credential Guard in Windows 10. Learn more with this guide.
+title: Windows Defender Credential Guard protection limits (Windows)
+description: Some ways to store credentials are not protected by Windows Defender Credential Guard in Windows. Learn more with this guide.
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
@@ -19,8 +19,10 @@ ms.reviewer:
 # Windows Defender Credential Guard protection limits
 
 **Applies to**
--   Windows 10
--   Windows Server 2016
+- Windows 10
+- Windows 11
+- Windows Server 2016
+- Windows Server 2019
 
 Some ways to store credentials are not protected by Windows Defender Credential Guard, including:
 
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
index ebe6d25f53..a23f5dbebd 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
@@ -1,5 +1,5 @@
 ---
-title: Windows Defender Credential Guard Requirements (Windows 10)
+title: Windows Defender Credential Guard Requirements (Windows)
 description: Windows Defender Credential Guard baseline hardware, firmware, and software requirements, and additional protections for improved security.
 ms.prod: w10
 ms.mktglfcycl: explore
@@ -20,8 +20,10 @@ ms.reviewer:
 
 ## Applies to
 
-- Windows 10 Enterprise
-- Windows Server 2016
+- Windows 10
+- Windows 11
+- Windows Server 2016
+- Windows Server 2019
 
 For Windows Defender Credential Guard to provide protection, the computers you are protecting must meet certain baseline hardware, firmware, and software requirements, which we will refer to as [Hardware and software requirements](#hardware-and-software-requirements). Additionally, Windows Defender Credential Guard blocks specific authentication capabilities, so applications that require such capabilities will break. We will refer to these requirements as [Application requirements](#application-requirements). Beyond these requirements, computers can meet additional hardware and firmware qualifications, and receive additional protections. Those computers will be more hardened against certain threats. For detailed information on baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, 2016, and 2017, refer to the tables in [Security Considerations](#security-considerations).
 
@@ -102,7 +104,7 @@ The following tables describe baseline protections, plus protections for improve
 |Hardware: **Trusted Platform Module (TPM)**|**Requirement**: </br> - TPM 1.2 or TPM 2.0, either discrete or firmware. [TPM recommendations](../../information-protection/tpm/tpm-recommendations.md)|A TPM provides protection for VBS encryption keys that are stored in the firmware. TPM helps protect against attacks involving a physically present user with BIOS access.|
 |Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot**|**Requirements**: </br> - See the following Windows Hardware Compatibility Program requirement: System.Fundamentals.Firmware.UEFISecureBoot|UEFI Secure Boot helps ensure that the device boots only authorized code, and can prevent boot kits and root kits from installing and persisting across reboots.|
 |Firmware: **Secure firmware update process**|**Requirements**: </br> - UEFI firmware must support secure firmware update found under the following Windows Hardware Compatibility Program requirement: System.Fundamentals.Firmware.UEFISecureBoot.|UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed.|
-|Software: Qualified **Windows operating system**|**Requirement**: </br> - Windows 10 or Windows Server 2016.|Support for VBS and for management features that simplify configuration of Windows Defender Credential Guard.|
+|Software: Qualified **Windows operating system**|**Requirement**: </br> - At least Windows 10 or Windows Server 2016.|Support for VBS and for management features that simplify configuration of Windows Defender Credential Guard.|
 
 > [!IMPORTANT]
 > Windows Server 2016 running as a domain controller does not support Windows Defender Credential Guard.
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-scripts.md b/windows/security/identity-protection/credential-guard/credential-guard-scripts.md
index b62a1d9818..f4e9fb404e 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-scripts.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-scripts.md
@@ -1,6 +1,6 @@
 ---
-title: Scripts for Certificate Issuance Policies in Windows Defender Credential Guard (Windows 10)
-description:  Obtain issuance policies from the certificate authority for Windows Defender Credential Guard on Windows 10.
+title: Scripts for Certificate Issuance Policies in Windows Defender Credential Guard (Windows)
+description:  Obtain issuance policies from the certificate authority for Windows Defender Credential Guard on Windows.
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
diff --git a/windows/security/identity-protection/credential-guard/credential-guard.md b/windows/security/identity-protection/credential-guard/credential-guard.md
index ea92be3d39..20d2d330d4 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard.md
@@ -1,5 +1,5 @@
 ---
-title: Protect derived domain credentials with Windows Defender Credential Guard (Windows 10)
+title: Protect derived domain credentials with Windows Defender Credential Guard (Windows)
 description: Windows Defender Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them.
 ms.assetid: 4F1FE390-A166-4A24-8530-EA3369FEB4B1
 ms.reviewer: 
@@ -20,8 +20,10 @@ ms.date: 08/17/2017
 # Protect derived domain credentials with Windows Defender Credential Guard
 
 **Applies to**
--   Windows 10
--   Windows Server 2016
+- Windows 10
+- Windows 11
+- Windows Server 2016
+- Windows Server 2019
 
 Introduced in Windows 10 Enterprise and Windows Server 2016, Windows Defender Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket. Windows Defender Credential Guard prevents these attacks by protecting NTLM password hashes, Kerberos Ticket Granting Tickets, and credentials stored by applications as domain credentials.
 
diff --git a/windows/security/identity-protection/credential-guard/dg-readiness-tool.md b/windows/security/identity-protection/credential-guard/dg-readiness-tool.md
index 803d27b000..8d3185afd9 100644
--- a/windows/security/identity-protection/credential-guard/dg-readiness-tool.md
+++ b/windows/security/identity-protection/credential-guard/dg-readiness-tool.md
@@ -18,7 +18,10 @@ ms.reviewer:
 # Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool
 
 **Applies to:**
-- Windows 10 Enterprise Edition
+- Windows 10
+- Windows 11
+- Windows Server 2016
+- Windows Server 2019
 
 ```powershell
 # Script to find out if a machine is Device Guard compliant.

From 95b3b9efd2916c8c4e087a7ce5d123d5c58ffafe Mon Sep 17 00:00:00 2001
From: Ashok Lobo <v-ashoklobo@microsoft.com>
Date: Tue, 7 Sep 2021 12:55:23 +0530
Subject: [PATCH 122/671] Updated for 5358843-files101to125

---
 windows/security/threat-protection/auditing/event-4657.md | 6 +-----
 windows/security/threat-protection/auditing/event-4658.md | 6 +-----
 windows/security/threat-protection/auditing/event-4660.md | 6 +-----
 windows/security/threat-protection/auditing/event-4661.md | 6 +-----
 windows/security/threat-protection/auditing/event-4662.md | 6 +-----
 windows/security/threat-protection/auditing/event-4663.md | 6 +-----
 windows/security/threat-protection/auditing/event-4664.md | 6 +-----
 windows/security/threat-protection/auditing/event-4670.md | 6 +-----
 windows/security/threat-protection/auditing/event-4671.md | 8 ++------
 windows/security/threat-protection/auditing/event-4672.md | 6 +-----
 windows/security/threat-protection/auditing/event-4673.md | 6 +-----
 windows/security/threat-protection/auditing/event-4674.md | 6 +-----
 windows/security/threat-protection/auditing/event-4675.md | 6 +-----
 windows/security/threat-protection/auditing/event-4688.md | 6 +-----
 windows/security/threat-protection/auditing/event-4689.md | 6 +-----
 windows/security/threat-protection/auditing/event-4690.md | 6 +-----
 windows/security/threat-protection/auditing/event-4691.md | 6 +-----
 windows/security/threat-protection/auditing/event-4692.md | 6 +-----
 windows/security/threat-protection/auditing/event-4693.md | 6 +-----
 windows/security/threat-protection/auditing/event-4694.md | 6 +-----
 windows/security/threat-protection/auditing/event-4695.md | 6 +-----
 windows/security/threat-protection/auditing/event-4696.md | 6 +-----
 windows/security/threat-protection/auditing/event-4697.md | 6 +-----
 windows/security/threat-protection/auditing/event-4698.md | 6 +-----
 windows/security/threat-protection/auditing/event-4699.md | 6 +-----
 25 files changed, 26 insertions(+), 126 deletions(-)

diff --git a/windows/security/threat-protection/auditing/event-4657.md b/windows/security/threat-protection/auditing/event-4657.md
index e0d0985203..39cb4e6052 100644
--- a/windows/security/threat-protection/auditing/event-4657.md
+++ b/windows/security/threat-protection/auditing/event-4657.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4657(S): A registry value was modified.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4657.png" alt="Event 4657 illustration" width="449" height="570" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4658.md b/windows/security/threat-protection/auditing/event-4658.md
index 85b56fb6d0..0acb8a0b2f 100644
--- a/windows/security/threat-protection/auditing/event-4658.md
+++ b/windows/security/threat-protection/auditing/event-4658.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4658(S): The handle to an object was closed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4658.png" alt="Event 4658 illustration" width="449" height="463" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4660.md b/windows/security/threat-protection/auditing/event-4660.md
index 7a921090fd..871435d568 100644
--- a/windows/security/threat-protection/auditing/event-4660.md
+++ b/windows/security/threat-protection/auditing/event-4660.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4660(S): An object was deleted.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4660.png" alt="Event 4660 illustration" width="449" height="477" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4661.md b/windows/security/threat-protection/auditing/event-4661.md
index 27afd56d00..77da9a1780 100644
--- a/windows/security/threat-protection/auditing/event-4661.md
+++ b/windows/security/threat-protection/auditing/event-4661.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4661(S, F): A handle to an object was requested.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4661.png" alt="Event 4661 illustration" width="449" height="661" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4662.md b/windows/security/threat-protection/auditing/event-4662.md
index b9d488c090..7950f49912 100644
--- a/windows/security/threat-protection/auditing/event-4662.md
+++ b/windows/security/threat-protection/auditing/event-4662.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4662(S, F): An operation was performed on an object.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4662.png" alt="Event 4662 illustration" width="496" height="614" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4663.md b/windows/security/threat-protection/auditing/event-4663.md
index efa297ac08..d85a14bddf 100644
--- a/windows/security/threat-protection/auditing/event-4663.md
+++ b/windows/security/threat-protection/auditing/event-4663.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4663(S): An attempt was made to access an object.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4663.png" alt="Event 4663 illustration" width="530" height="589" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4664.md b/windows/security/threat-protection/auditing/event-4664.md
index 9c99e5f2bc..36c3d8aa08 100644
--- a/windows/security/threat-protection/auditing/event-4664.md
+++ b/windows/security/threat-protection/auditing/event-4664.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4664(S): An attempt was made to create a hard link.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4664.png" alt="Event 4664 illustration" width="449" height="419" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4670.md b/windows/security/threat-protection/auditing/event-4670.md
index ea7d4dcf1e..0f070cd8f8 100644
--- a/windows/security/threat-protection/auditing/event-4670.md
+++ b/windows/security/threat-protection/auditing/event-4670.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4670(S): Permissions on an object were changed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4670.png" alt="Event 4670 illustration" width="449" height="605" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4671.md b/windows/security/threat-protection/auditing/event-4671.md
index fb46f1fb5a..cc53508b8f 100644
--- a/windows/security/threat-protection/auditing/event-4671.md
+++ b/windows/security/threat-protection/auditing/event-4671.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,11 +16,7 @@ ms.technology: mde
 
 # 4671(-): An application attempted to access a blocked ordinal through the TBS.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
-
+*
 Currently this event doesn’t generate. It is a defined event, but it is never invoked by the operating system.
 
 ***Subcategory:***&nbsp;[Audit Other Object Access Events](audit-other-object-access-events.md)
diff --git a/windows/security/threat-protection/auditing/event-4672.md b/windows/security/threat-protection/auditing/event-4672.md
index 479e31207b..3e563025ba 100644
--- a/windows/security/threat-protection/auditing/event-4672.md
+++ b/windows/security/threat-protection/auditing/event-4672.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 12/20/2018
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4672(S): Special privileges assigned to new logon.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4672.png" alt="Event 4672 illustration" width="449" height="503" hspace="10" align="left" />
 </br>
diff --git a/windows/security/threat-protection/auditing/event-4673.md b/windows/security/threat-protection/auditing/event-4673.md
index cf5ef8d500..82e7ac1332 100644
--- a/windows/security/threat-protection/auditing/event-4673.md
+++ b/windows/security/threat-protection/auditing/event-4673.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4673(S, F): A privileged service was called.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4673.png" alt="Event 4673 illustration" width="449" height="503" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4674.md b/windows/security/threat-protection/auditing/event-4674.md
index 734ce174c2..7a4b1a3654 100644
--- a/windows/security/threat-protection/auditing/event-4674.md
+++ b/windows/security/threat-protection/auditing/event-4674.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4674(S, F): An operation was attempted on a privileged object.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4674.png" alt="Event 4674 illustration" width="449" height="543" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4675.md b/windows/security/threat-protection/auditing/event-4675.md
index 0af7742f2c..f2a5d0c97e 100644
--- a/windows/security/threat-protection/auditing/event-4675.md
+++ b/windows/security/threat-protection/auditing/event-4675.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4675(S): SIDs were filtered.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event generates when SIDs were filtered for specific Active Directory trust.
 
diff --git a/windows/security/threat-protection/auditing/event-4688.md b/windows/security/threat-protection/auditing/event-4688.md
index fbb93d7b9b..12b9206a7f 100644
--- a/windows/security/threat-protection/auditing/event-4688.md
+++ b/windows/security/threat-protection/auditing/event-4688.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4688(S): A new process has been created.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4688.png" alt="Event 4688 illustration" width="417" height="479" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4689.md b/windows/security/threat-protection/auditing/event-4689.md
index 99bee451d9..49ec3f5924 100644
--- a/windows/security/threat-protection/auditing/event-4689.md
+++ b/windows/security/threat-protection/auditing/event-4689.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4689(S): A process has exited.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4689.png" alt="Event 4689 illustration" width="449" height="421" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4690.md b/windows/security/threat-protection/auditing/event-4690.md
index d7a23d1da4..14d2dcb02d 100644
--- a/windows/security/threat-protection/auditing/event-4690.md
+++ b/windows/security/threat-protection/auditing/event-4690.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4690(S): An attempt was made to duplicate a handle to an object.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4690.png" alt="Event 4690 illustration" width="449" height="463" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4691.md b/windows/security/threat-protection/auditing/event-4691.md
index c7ea74bdd7..30a869d7fc 100644
--- a/windows/security/threat-protection/auditing/event-4691.md
+++ b/windows/security/threat-protection/auditing/event-4691.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4691(S): Indirect access to an object was requested.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4691.png" alt="Event 4691 illustration" width="485" height="515" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4692.md b/windows/security/threat-protection/auditing/event-4692.md
index 064c922cb4..7e1e0b5ab9 100644
--- a/windows/security/threat-protection/auditing/event-4692.md
+++ b/windows/security/threat-protection/auditing/event-4692.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4692(S, F): Backup of data protection master key was attempted.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4692.png" alt="Event 4692 illustration" width="448" height="396" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4693.md b/windows/security/threat-protection/auditing/event-4693.md
index 1359ef1968..1bf4eef838 100644
--- a/windows/security/threat-protection/auditing/event-4693.md
+++ b/windows/security/threat-protection/auditing/event-4693.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4693(S, F): Recovery of data protection master key was attempted.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4693.png" alt="Event 4693 illustration" width="449" height="477" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4694.md b/windows/security/threat-protection/auditing/event-4694.md
index 0b35bda1ba..c6e3ca0a8c 100644
--- a/windows/security/threat-protection/auditing/event-4694.md
+++ b/windows/security/threat-protection/auditing/event-4694.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4694(S, F): Protection of auditable protected data was attempted.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event generates if [DPAPI](/previous-versions/ms995355(v=msdn.10))&thinsp; [**CryptProtectData**](/windows/win32/api/dpapi/nf-dpapi-cryptprotectdata)() function was used with **CRYPTPROTECT\_AUDIT** flag (dwFlags) enabled.
 
diff --git a/windows/security/threat-protection/auditing/event-4695.md b/windows/security/threat-protection/auditing/event-4695.md
index 9acd287be1..55d37910f6 100644
--- a/windows/security/threat-protection/auditing/event-4695.md
+++ b/windows/security/threat-protection/auditing/event-4695.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4695(S, F): Unprotection of auditable protected data was attempted.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event generates if [DPAPI](/previous-versions/ms995355(v=msdn.10)) [CryptUnprotectData](/windows/win32/api/dpapi/nf-dpapi-cryptunprotectdata)() function was used to unprotect “auditable” data that was encrypted using [**CryptProtectData**](/windows/win32/api/dpapi/nf-dpapi-cryptprotectdata)() function with **CRYPTPROTECT\_AUDIT** flag (dwFlags) enabled.
 
diff --git a/windows/security/threat-protection/auditing/event-4696.md b/windows/security/threat-protection/auditing/event-4696.md
index f156dc723b..c426f2bd9e 100644
--- a/windows/security/threat-protection/auditing/event-4696.md
+++ b/windows/security/threat-protection/auditing/event-4696.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4696(S): A primary token was assigned to process.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4696.png" alt="Event 4696 illustration" width="442" height="454" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4697.md b/windows/security/threat-protection/auditing/event-4697.md
index 870352146b..4c6103a175 100644
--- a/windows/security/threat-protection/auditing/event-4697.md
+++ b/windows/security/threat-protection/auditing/event-4697.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4697(S): A service was installed in the system.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4697.png" alt="Event 4697 illustration" width="438" height="380" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4698.md b/windows/security/threat-protection/auditing/event-4698.md
index 9ca662fa59..e3f0385c69 100644
--- a/windows/security/threat-protection/auditing/event-4698.md
+++ b/windows/security/threat-protection/auditing/event-4698.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4698(S): A scheduled task was created.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4698.png" alt="Event 4698 illustration" width="361" height="555" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4699.md b/windows/security/threat-protection/auditing/event-4699.md
index dd814dd942..b48820c643 100644
--- a/windows/security/threat-protection/auditing/event-4699.md
+++ b/windows/security/threat-protection/auditing/event-4699.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4699(S): A scheduled task was deleted.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4699.png" alt="Event 4699 illustration" width="363" height="551" hspace="10" align="left" />
 

From 75c3b4675b176c1571d7469aebeba27b4c893b52 Mon Sep 17 00:00:00 2001
From: Alekhya Jupudi <v-aljupudi@microsoft.com>
Date: Tue, 7 Sep 2021 14:15:17 +0530
Subject: [PATCH 123/671] Fixing Suggestions

Suggestions such as alt text, duplicated h1s and h2s, duplicated descriptions etc
---
 .../hello-for-business/hello-cert-trust-adfs.md           | 8 ++++----
 .../hello-cert-trust-policy-settings.md                   | 3 ++-
 .../hello-cert-trust-validate-ad-prereq.md                | 3 ++-
 .../hello-for-business/hello-cert-trust-validate-pki.md   | 3 ++-
 .../hello-for-business/hello-how-it-works-provisioning.md | 2 +-
 .../hello-for-business/retired/hello-how-it-works.md      | 2 +-
 6 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
index 4f4f37b876..d26226c8e4 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
@@ -1,6 +1,6 @@
 ---
-title: Prepare & Deploy Windows AD FS certificate trust (Windows Hello for Business)
-description: How to Prepare and Deploy Windows Server 2016 Active Directory Federation Services (AD FS) for Windows Hello for Business, using certificate trust.
+title: Prepare and Deploy Windows AD FS certificate trust (Windows Hello for Business)
+description: Learn how to Prepare and Deploy Windows Server 2016 Active Directory Federation Services (AD FS) for Windows Hello for Business, using certificate trust.
 keywords: identity, PIN, biometric, Hello, passport
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -124,7 +124,7 @@ Sign-in the federation server with _Enterprise Admin_ equivalent credentials.
 8. Click **Next** on the **Active Directory Federation Service** page.
 9. Click **Install** to start the role installation.
 
-## Review
+## Review & validate
 
 Before you continue with the deployment, validate your deployment progress by reviewing the following items:
 
@@ -266,7 +266,7 @@ Sign-in the federation server with _Enterprise Admin_ equivalent credentials. Th
 3. In the details pane, click **Configure Device Registration**.
 4. In the **Configure Device Registration** dialog, click **OK**.
 
-## Review
+## Review to validate
 
 Before you continue with the deployment, validate your deployment progress by reviewing the following items:
 * Confirm you followed the correct procedures based on the domain controllers used in your deployment. 
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md
index 3ce38ae8f6..4f529da2a1 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md
@@ -16,9 +16,10 @@ localizationpriority: medium
 ms.date: 08/20/2018
 ms.reviewer: 
 ---
-# Configure Windows Hello for Business Policy settings
+# Configure Windows Hello for Business Policy settings - Certificate Trust
 
 **Applies to**
+
 - Windows 10, version 1703 or later
 - Windows 11
 - On-premises deployment
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md
index d62bda3427..f468cbe23f 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md
@@ -16,9 +16,10 @@ localizationpriority: medium
 ms.date: 08/19/2018
 ms.reviewer: 
 ---
-# Validate Active Directory prerequisites
+# Validate Active Directory prerequisites for cert-trust deployment
 
 **Applies to**
+
 - Windows 10, version 1703 or later
 - Windows 11
 - On-premises deployment
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md
index d84ad9c32f..2f2d3bcf5b 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md
@@ -16,9 +16,10 @@ localizationpriority: medium
 ms.date: 08/19/2018
 ms.reviewer: 
 ---
-# Validate and Configure Public Key Infrastructure
+# Validate and Configure Public Key Infrastructure - Certificate Trust Model
 
 **Applies to**
+
 - Windows 10, version 1703 or later
 - Windows 11
 - On-premises deployment
diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md
index 90f0880e9b..9e1ddf66b7 100644
--- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md
+++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md
@@ -49,7 +49,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong,
 
 [Return to top](#windows-hello-for-business-provisioning)
 ## Azure AD joined provisioning in a Federated environment
-![Azure AD joined provisioning in a Managed environment.](images/howitworks/prov-aadj-federated.png)
+![Azure AD joined provisioning in Managed environment.](images/howitworks/prov-aadj-federated.png)
 
 | Phase  | Description  |
 | :----: | :----------- |
diff --git a/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md
index 2b44b1c81f..d90093aab8 100644
--- a/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md
+++ b/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md
@@ -13,7 +13,7 @@ ms.reviewer:
 manager: dansimp
 ms.topic: article
 ---
-# How Windows Hello for Business works
+# How Windows Hello for Business works in Windows devices
 
 **Applies to**
 

From 93b77fca971d73b76d5df146ada3835a09ffbc77 Mon Sep 17 00:00:00 2001
From: Alekhya Jupudi <v-aljupudi@microsoft.com>
Date: Tue, 7 Sep 2021 14:19:32 +0530
Subject: [PATCH 124/671] Fixing suggestion

---
 .../hello-for-business/hello-cert-trust-adfs.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
index d26226c8e4..958d349b3e 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
@@ -16,7 +16,7 @@ localizationpriority: medium
 ms.date: 01/14/2021
 ms.reviewer: 
 ---
-# Prepare and Deploy Windows Server 2016 Active Directory Federation Services
+# Prepare and Deploy Windows Server 2016 Active Directory Federation Services - Certificate Trust
 
 **Applies to**
 

From df3287c25480e2724463619a06f7f8007d8d12eb Mon Sep 17 00:00:00 2001
From: Meghana Athavale <v-mathavale@microsoft.com>
Date: Tue, 7 Sep 2021 14:57:38 +0530
Subject: [PATCH 125/671] Updated1to20

---
 ...duction-devices-to-the-membership-group-for-a-zone.md | 7 ++++---
 ...dd-test-devices-to-the-membership-group-for-a-zone.md | 7 ++++---
 ...gpo-template-files-for-settings-used-in-this-guide.md | 7 ++++---
 .../assign-security-group-filters-to-the-gpo.md          | 7 ++++---
 .../windows-firewall/basic-firewall-policy-design.md     | 9 +++++----
 .../windows-firewall/best-practices-configuring.md       | 5 +++--
 .../windows-firewall/boundary-zone-gpos.md               | 7 ++++---
 .../threat-protection/windows-firewall/boundary-zone.md  | 7 ++++---
 .../certificate-based-isolation-policy-design-example.md | 7 ++++---
 .../certificate-based-isolation-policy-design.md         | 7 ++++---
 .../change-rules-from-request-to-require-mode.md         | 7 ++++---
 .../checklist-configuring-basic-firewall-settings.md     | 7 ++++---
 ...list-configuring-rules-for-an-isolated-server-zone.md | 7 ++++---
 ...s-for-servers-in-a-standalone-isolated-server-zone.md | 7 ++++---
 .../checklist-configuring-rules-for-the-boundary-zone.md | 7 ++++---
 ...hecklist-configuring-rules-for-the-encryption-zone.md | 7 ++++---
 ...hecklist-configuring-rules-for-the-isolated-domain.md | 7 ++++---
 .../checklist-creating-group-policy-objects.md           | 9 +++++----
 .../checklist-creating-inbound-firewall-rules.md         | 7 ++++---
 .../checklist-creating-outbound-firewall-rules.md        | 7 ++++---
 20 files changed, 81 insertions(+), 61 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md b/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md
index 9995f497a4..22c00f87cc 100644
--- a/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md
+++ b/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md
@@ -1,5 +1,5 @@
 ---
-title: Add Production Devices to the Membership Group for a Zone (Windows 10)
+title: Add Production Devices to the Membership Group for a Zone (Windows)
 description: Learn how to add production devices to the membership group for a zone and refresh the group policy on the devices in the membership group.
 ms.assetid: 7141de15-5840-4beb-aabe-21c1dd89eb23
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 
 After you test the GPOs for your design on a small set of devices, you can deploy them to the production devices.
diff --git a/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md b/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md
index 30d809e60c..14eaf54184 100644
--- a/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md
+++ b/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md
@@ -1,5 +1,5 @@
 ---
-title: Add Test Devices to the Membership Group for a Zone (Windows 10)
+title: Add Test Devices to the Membership Group for a Zone (Windows)
 description: Learn how to add devices to the group for a zone to test whether your Windows Defender Firewall with Advanced Security implementation works as expected.
 ms.assetid: 47057d90-b053-48a3-b881-4f2458d3e431
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 Before you deploy your rules to large numbers of devices, you must thoroughly test the rules to make sure that communications are working as expected. A misplaced WMI filter or an incorrectly typed IP address in a filter list can easily block communications between devices. Although we recommend that you set your rules to request mode until testing and deployment is complete, we also recommend that you initially deploy the rules to a small number of devices only to be sure that the correct GPOs are being processed by each device.
 
diff --git a/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md b/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md
index 0345da06fe..7a8c114351 100644
--- a/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md
+++ b/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md
@@ -1,5 +1,5 @@
 ---
-title: Appendix A Sample GPO Template Files for Settings Used in this Guide (Windows 10)
+title: Appendix A Sample GPO Template Files for Settings Used in this Guide (Windows)
 description: Use sample template files import an XML file containing customized registry preferences into a Group Policy Object (GPO).
 ms.assetid: 75930afd-ab1b-4e53-915b-a28787814b38
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 You can import an XML file containing customized registry preferences into a Group Policy Object (GPO) by using the Preferences feature of the Group Policy Management Console (GPMC).
 
diff --git a/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md b/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md
index 08a9798526..2fe271c315 100644
--- a/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md
+++ b/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md
@@ -1,5 +1,5 @@
 ---
-title: Assign Security Group Filters to the GPO (Windows 10)
+title: Assign Security Group Filters to the GPO (Windows)
 description: Learn how to use Group Policy Management MMC to assign security group filters to a GPO to make sure that the GPO is applied to the correct computers.
 ms.assetid: bcbe3299-8d87-4ec1-9e86-8e4a680fd7c8
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/02/2019
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 To make sure that your GPO is applied to the correct computers, use the Group Policy Management MMC snap-in to assign security group filters to the GPO.
 
diff --git a/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md b/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md
index 76378c3a0f..0eda99ff36 100644
--- a/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md
@@ -1,5 +1,5 @@
 ---
-title: Basic Firewall Policy Design (Windows 10)
+title: Basic Firewall Policy Design (Windows)
 description: Protect the devices in your organization from unwanted network traffic that gets through the perimeter defenses by using basic firewall policy design.
 ms.assetid: 6f7af99e-6850-4522-b7f5-db98e6941418
 ms.reviewer: 
@@ -20,8 +20,9 @@ ms.technology: mde
 # Basic Firewall Policy Design
 
 **Applies to**
-- Windows 10
-- Windows Server 2016
+-   Windows 10
+-   Windows 11
+-   Windows Server 2016 and above
 
 Many organizations have a network perimeter firewall that is designed to prevent the entry of malicious traffic in to the organization's network, but do not have a host-based firewall enabled on each device in the organization.
 
@@ -37,7 +38,7 @@ Many network administrators do not want to tackle the difficult task of determin
 
   For example, when you install a server role, the appropriate firewall rules are created and enabled automatically.
 
-- For other standard network behavior, the predefined rules that are built into Windows 10, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, and Windows 7 can easily be configured in a GPO and deployed to the devices in your organization.
+- For other standard network behavior, the predefined rules that are built into Windows 11, Windows 10, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, and Windows 7 can easily be configured in a GPO and deployed to the devices in your organization.
 
   For example, by using the predefined groups for Core Networking and File and Printer Sharing you can easily configure GPOs with rules for those frequently used networking protocols.
 
diff --git a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md
index 5819f886fd..fde3e3850b 100644
--- a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md
+++ b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md
@@ -20,9 +20,10 @@ ms.technology: mde
 
 **Applies to**
 
--   Windows operating systems including Windows 10
+-   Windows 10
+-   Windows 11
+-   Windows Server 2016 and above
 
--   Windows Server Operating Systems
 
 Windows Defender Firewall with Advanced Security provides host-based, two-way
 network traffic filtering and blocks unauthorized network traffic flowing into
diff --git a/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md b/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md
index 50e2f66e16..d17a0d6cac 100644
--- a/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md
+++ b/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md
@@ -1,5 +1,5 @@
 ---
-title: Boundary Zone GPOs (Windows 10)
+title: Boundary Zone GPOs (Windows)
 description: Learn about GPOs to create that must align with the group you create for the boundary zone in Windows Defender Firewall with Advanced Security.
 ms.assetid: 1ae66088-02c3-47e4-b7e8-74d0b8f8646e
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 All the devices in the boundary zone are added to the group CG\_DOMISO\_Boundary. You must create multiple GPOs to align with this group, one for each operating system that you have in your boundary zone. This group is granted Read and Apply permissions in Group Policy on the GPOs described in this section.
 
diff --git a/windows/security/threat-protection/windows-firewall/boundary-zone.md b/windows/security/threat-protection/windows-firewall/boundary-zone.md
index 37d7edb647..95c9a26f95 100644
--- a/windows/security/threat-protection/windows-firewall/boundary-zone.md
+++ b/windows/security/threat-protection/windows-firewall/boundary-zone.md
@@ -1,5 +1,5 @@
 ---
-title: Boundary Zone (Windows 10)
+title: Boundary Zone (Windows)
 description: Learn how a boundary zone supports devices that must receive traffic from beyond an isolated domain in Windows Defender Firewall with Advanced Security.
 ms.assetid: ed98b680-fd24-44bd-a7dd-26c522e45a20
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above 
 
 In most organizations, some devices must be able to receive network traffic from devices that are not part of the isolated domain, and therefore cannot authenticate. To accept communications from untrusted devices, create a boundary zone within your isolated domain.
 
diff --git a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md
index 1b369d6c5e..be336a726b 100644
--- a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md
+++ b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md
@@ -1,5 +1,5 @@
 ---
-title: Certificate-based Isolation Policy Design Example (Windows 10)
+title: Certificate-based Isolation Policy Design Example (Windows)
 description: This example uses a fictitious company to illustrate certificate-based isolation policy design in Windows Defender Firewall with Advanced Security.
 ms.assetid: 509b513e-dd49-4234-99f9-636fd2f749e3
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 This design example continues to use the fictitious company Woodgrove Bank, as described in the sections [Firewall Policy Design Example](firewall-policy-design-example.md), [Domain Isolation Policy Design Example](domain-isolation-policy-design-example.md), and [Server Isolation Policy Design Example](server-isolation-policy-design-example.md).
 
diff --git a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md
index 7c427d50e7..a59ba99025 100644
--- a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md
@@ -1,5 +1,5 @@
 ---
-title: Certificate-based Isolation Policy Design (Windows 10)
+title: Certificate-based Isolation Policy Design (Windows)
 description: Explore the methodology behind Certificate-based Isolation Policy Design and how it defers from Domain Isolation and Server Isolation Policy Design.
 ms.assetid: 63e01a60-9daa-4701-9472-096c85e0f862
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 In the certificate-based isolation policy design, you provide the same types of protections to your network traffic as described in the [Domain Isolation Policy Design](domain-isolation-policy-design.md) and [Server Isolation Policy Design](server-isolation-policy-design.md) sections. The only difference is the method used to share identification credentials during the authentication of your network traffic.
 
diff --git a/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md b/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md
index cbea6cabc0..eb09b78b9f 100644
--- a/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md
+++ b/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md
@@ -1,5 +1,5 @@
 ---
-title: Change Rules from Request to Require Mode (Windows 10)
+title: Change Rules from Request to Require Mode (Windows)
 description: Learn how to convert a rule from request to require mode and apply the modified GPOs to the client devices.
 ms.assetid: ad969eda-c681-48cb-a2c4-0b6cae5f4cff
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 After you confirm that network traffic is being correctly protected by using IPsec, you can change the rules for the domain isolation and encryption zones to require, instead of request, authentication. Do not change the rules for the boundary zone; they must stay in request mode so that devices in the boundary zone can continue to accept connections from devices that are not part of the isolated domain.
 
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md
index a3164b6f45..ec2429b56d 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md
@@ -1,5 +1,5 @@
 ---
-title: Checklist Configuring Basic Firewall Settings (Windows 10)
+title: Checklist Configuring Basic Firewall Settings (Windows)
 description: Configure Windows Firewall to set inbound and outbound behavior, display notifications, record log files and more of the necessary function for Firewall.
 ms.assetid: 0d10cdae-da3d-4a33-b8a4-6b6656b6d1f9
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 This checklist includes tasks for configuring a GPO with firewall defaults and settings that are separate from the rules.
 
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md
index 2ecb358ade..5e8cd7d149 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md
@@ -1,5 +1,5 @@
 ---
-title: Checklist Configuring Rules for an Isolated Server Zone (Windows 10)
+title: Checklist Configuring Rules for an Isolated Server Zone (Windows)
 description: Use these tasks to configure connection security rules and IPsec settings in GPOs for servers in an isolated server zone that are part of an isolated domain.
 ms.assetid: 67c50a91-e71e-4f1e-a534-dad2582e311c
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 The following checklists include tasks for configuring connection security rules and IPsec settings in your GPOs for servers in an isolated server zone that are part of an isolated domain. For information about creating a standalone isolated server zone that is not part of an isolated domain, see [Checklist: Implementing a Standalone Server Isolation Policy Design](checklist-implementing-a-standalone-server-isolation-policy-design.md).
 
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md
index c07a12c977..c464183424 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md
@@ -1,5 +1,5 @@
 ---
-title: Checklist Configuring Rules for Servers in a Standalone Isolated Server Zone (Windows 10)
+title: Checklist Configuring Rules for Servers in a Standalone Isolated Server Zone (Windows)
 description: Checklist Configuring Rules for Servers in a Standalone Isolated Server Zone
 ms.assetid: ccc09d06-ef75-43b0-9c77-db06f2940955
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 This checklist includes tasks for configuring connection security rules and IPsec settings in your GPOs for servers in a standalone isolated server zone that is not part of an isolated domain. In addition to requiring authentication and optionally encryption, servers in a server isolation zone are accessible only by users or devices that are authenticated as members of a network access group (NAG). The GPOs described here apply only to the isolated servers, not to the client devices that connect to them. For the GPOs for the client devices, see [Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md).
 
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md
index e10ef7fc18..2a908f4267 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md
@@ -1,5 +1,5 @@
 ---
-title: Checklist Configuring Rules for the Boundary Zone (Windows 10)
+title: Checklist Configuring Rules for the Boundary Zone (Windows)
 description: Use these tasks to configure connection security rules and IPsec settings in your GPOs to implement the boundary zone in an isolated domain.
 ms.assetid: 25fe0197-de5a-4b4c-bc44-c6f0620ea94b
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 The following checklists include tasks for configuring connection security rules and IPsec settings in your GPOs to implement the boundary zone in an isolated domain.
 
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md
index 180c4f2168..fc6329d478 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md
@@ -1,5 +1,5 @@
 ---
-title: Checklist Configuring Rules for the Encryption Zone (Windows 10)
+title: Checklist Configuring Rules for the Encryption Zone (Windows)
 description: Use these tasks to configure connection security rules and IPsec settings in your GPOs to implement the encryption zone in an isolated domain.
 ms.assetid: 87b1787b-0c70-47a4-ae52-700bff505ea4
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 This checklist includes tasks for configuring connection security rules and IPsec settings in your GPOs to implement the encryption zone in an isolated domain.
 
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md
index 2bccefd09c..2a0fe73601 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md
@@ -1,5 +1,5 @@
 ---
-title: Checklist Configuring Rules for the Isolated Domain (Windows 10)
+title: Checklist Configuring Rules for the Isolated Domain (Windows)
 description: Use these tasks to configure connection security rules and IPsec settings in your GPOs to implement the main zone in the isolated domain.
 ms.assetid: bfd2d29e-4011-40ec-a52e-a67d4af9748e
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 The following checklists include tasks for configuring connection security rules and IPsec settings in your GPOs to implement the main zone in the isolated domain.
 
diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md b/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md
index d2ba4b5a27..b5113224e7 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md
@@ -1,5 +1,5 @@
 ---
-title: Checklist Creating Group Policy Objects (Windows 10)
+title: Checklist Creating Group Policy Objects (Windows)
 description: Learn to deploy firewall settings, IPsec settings, firewall rules, or connection security rules, by using Group Policy in AD DS.
 ms.assetid: e99bd6a4-34a7-47b5-9791-ae819977a559
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 To deploy firewall or IPsec settings or firewall or connection security rules, we recommend that you use Group Policy in AD DS. This section describes a tested, efficient method that requires some up-front work, but serves an administrator well in the long run by making GPO assignments as easy as dropping a device into a membership group.
 
@@ -30,7 +31,7 @@ The checklists for firewall, domain isolation, and server isolation include a li
 
 ## About membership groups
 
-For most GPO deployment tasks, you must determine which devices must receive and apply which GPOs. Because different versions of Windows can support different settings and rules to achieve similar behavior, you might need multiple GPOs: one for each operating system that has settings different from the others to achieve the same result. For example, Windows 10, Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 use rules and settings that are incompatible with Windows 2000, Windows XP, and Windows Server 2003. Therefore, if your network included those older operating systems you would need to create a GPO for each set of operating systems that can share common settings. To deploy typical domain isolation settings and rules, you might have five different GPOs for the versions of Windows discussed in this guide. By following the procedures in this guide, you only need one membership group to manage all five GPOs. The membership group is identified in the security group filter for all five GPOs. To apply the settings to a device, you make that device's account a member of the membership group. WMI filters are used to ensure that the correct GPO is applied.
+For most GPO deployment tasks, you must determine which devices must receive and apply which GPOs. Because different versions of Windows can support different settings and rules to achieve similar behavior, you might need multiple GPOs: one for each operating system that has settings different from the others to achieve the same result. For example, Windows 11, Windows 10, Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 use rules and settings that are incompatible with Windows 2000, Windows XP, and Windows Server 2003. Therefore, if your network included those older operating systems you would need to create a GPO for each set of operating systems that can share common settings. To deploy typical domain isolation settings and rules, you might have five different GPOs for the versions of Windows discussed in this guide. By following the procedures in this guide, you only need one membership group to manage all five GPOs. The membership group is identified in the security group filter for all five GPOs. To apply the settings to a device, you make that device's account a member of the membership group. WMI filters are used to ensure that the correct GPO is applied.
 
 ## About exclusion groups
 
diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md b/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md
index 834016bd7b..53822035a9 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md
@@ -1,5 +1,5 @@
 ---
-title: Checklist Creating Inbound Firewall Rules (Windows 10)
+title: Checklist Creating Inbound Firewall Rules (Windows)
 description: Use these tasks for creating inbound firewall rules in your GPOs for Windows Defender Firewall with Advanced Security.
 ms.assetid: 0520e14e-5c82-48da-8fbf-87cef36ce02f
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 This checklist includes tasks for creating firewall rules in your GPOs.
 
diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md b/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md
index b20cb735f9..445f1e1eda 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md
@@ -1,5 +1,5 @@
 ---
-title: Checklist Creating Outbound Firewall Rules (Windows 10)
+title: Checklist Creating Outbound Firewall Rules (Windows)
 description: Use these tasks for creating outbound firewall rules in your GPOs for Windows Defender Firewall with Advanced Security.
 ms.assetid: 611bb98f-4e97-411f-82bf-7a844a4130de
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 This checklist includes tasks for creating outbound firewall rules in your GPOs.
 

From 32e0eca6386a01c736c791da4025534cab578c37 Mon Sep 17 00:00:00 2001
From: Ashok Lobo <v-ashoklobo@microsoft.com>
Date: Tue, 7 Sep 2021 15:01:54 +0530
Subject: [PATCH 126/671] Updated for 5358843-files126to150

---
 windows/security/threat-protection/auditing/event-4700.md | 6 +-----
 windows/security/threat-protection/auditing/event-4701.md | 6 +-----
 windows/security/threat-protection/auditing/event-4702.md | 6 +-----
 windows/security/threat-protection/auditing/event-4703.md | 6 +-----
 windows/security/threat-protection/auditing/event-4704.md | 6 +-----
 windows/security/threat-protection/auditing/event-4705.md | 6 +-----
 windows/security/threat-protection/auditing/event-4706.md | 6 +-----
 windows/security/threat-protection/auditing/event-4707.md | 6 +-----
 windows/security/threat-protection/auditing/event-4713.md | 6 +-----
 windows/security/threat-protection/auditing/event-4714.md | 6 +-----
 windows/security/threat-protection/auditing/event-4715.md | 6 +-----
 windows/security/threat-protection/auditing/event-4716.md | 6 +-----
 windows/security/threat-protection/auditing/event-4717.md | 6 +-----
 windows/security/threat-protection/auditing/event-4718.md | 6 +-----
 windows/security/threat-protection/auditing/event-4719.md | 6 +-----
 windows/security/threat-protection/auditing/event-4720.md | 6 +-----
 windows/security/threat-protection/auditing/event-4722.md | 6 +-----
 windows/security/threat-protection/auditing/event-4723.md | 6 +-----
 windows/security/threat-protection/auditing/event-4724.md | 6 +-----
 windows/security/threat-protection/auditing/event-4725.md | 6 +-----
 windows/security/threat-protection/auditing/event-4726.md | 6 +-----
 windows/security/threat-protection/auditing/event-4731.md | 6 +-----
 windows/security/threat-protection/auditing/event-4732.md | 6 +-----
 windows/security/threat-protection/auditing/event-4733.md | 6 +-----
 windows/security/threat-protection/auditing/event-4734.md | 6 +-----
 25 files changed, 25 insertions(+), 125 deletions(-)

diff --git a/windows/security/threat-protection/auditing/event-4700.md b/windows/security/threat-protection/auditing/event-4700.md
index e72f7d19f0..6c44dbfa8d 100644
--- a/windows/security/threat-protection/auditing/event-4700.md
+++ b/windows/security/threat-protection/auditing/event-4700.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4700(S): A scheduled task was enabled.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4700.png" alt="Event 4700 illustration" width="363" height="553" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4701.md b/windows/security/threat-protection/auditing/event-4701.md
index e407e2bbbb..0fa78f8923 100644
--- a/windows/security/threat-protection/auditing/event-4701.md
+++ b/windows/security/threat-protection/auditing/event-4701.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4701(S): A scheduled task was disabled.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4701.png" alt="Event 4701 illustration" width="363" height="559" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4702.md b/windows/security/threat-protection/auditing/event-4702.md
index 15d128ceef..2ae3e2b5e3 100644
--- a/windows/security/threat-protection/auditing/event-4702.md
+++ b/windows/security/threat-protection/auditing/event-4702.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4702(S): A scheduled task was updated.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4702.png" alt="Event 4702 illustration" width="363" height="555" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4703.md b/windows/security/threat-protection/auditing/event-4703.md
index e8b7ecded9..a2d0ea1520 100644
--- a/windows/security/threat-protection/auditing/event-4703.md
+++ b/windows/security/threat-protection/auditing/event-4703.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4703(S): A user right was adjusted.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4703.png" alt="Event 4703 illustration" width="414" height="419" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4704.md b/windows/security/threat-protection/auditing/event-4704.md
index cb6b95669b..04357bb664 100644
--- a/windows/security/threat-protection/auditing/event-4704.md
+++ b/windows/security/threat-protection/auditing/event-4704.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4704(S): A user right was assigned.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4704.png" alt="Event 4704 illustration" width="449" height="446" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4705.md b/windows/security/threat-protection/auditing/event-4705.md
index 5588e33560..0da39782ac 100644
--- a/windows/security/threat-protection/auditing/event-4705.md
+++ b/windows/security/threat-protection/auditing/event-4705.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4705(S): A user right was removed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4705.png" alt="Event 4705 illustration" width="449" height="435" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4706.md b/windows/security/threat-protection/auditing/event-4706.md
index e0abbded89..5bceee43f2 100644
--- a/windows/security/threat-protection/auditing/event-4706.md
+++ b/windows/security/threat-protection/auditing/event-4706.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4706(S): A new trust was created to a domain.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4706.png" alt="Event 4706 illustration" width="449" height="489" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4707.md b/windows/security/threat-protection/auditing/event-4707.md
index f16f66bdcd..66c5a3a235 100644
--- a/windows/security/threat-protection/auditing/event-4707.md
+++ b/windows/security/threat-protection/auditing/event-4707.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4707(S): A trust to a domain was removed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4707.png" alt="Event 4707 illustration" width="449" height="409" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4713.md b/windows/security/threat-protection/auditing/event-4713.md
index 032446b19b..1fc0eda8ae 100644
--- a/windows/security/threat-protection/auditing/event-4713.md
+++ b/windows/security/threat-protection/auditing/event-4713.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4713(S): Kerberos policy was changed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4713.png" alt="Event 4713 illustration" width="485" height="422" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4714.md b/windows/security/threat-protection/auditing/event-4714.md
index d7c176a754..c95647f342 100644
--- a/windows/security/threat-protection/auditing/event-4714.md
+++ b/windows/security/threat-protection/auditing/event-4714.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4714(S): Encrypted data recovery policy was changed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4714.png" alt="Event 4714 illustration" width="449" height="317" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4715.md b/windows/security/threat-protection/auditing/event-4715.md
index d4e9d14839..54836c643a 100644
--- a/windows/security/threat-protection/auditing/event-4715.md
+++ b/windows/security/threat-protection/auditing/event-4715.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4715(S): The audit policy (SACL) on an object was changed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4715.png" alt="Event 4715 illustration" width="643" height="407" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4716.md b/windows/security/threat-protection/auditing/event-4716.md
index 1cd47c82c4..3b035321b0 100644
--- a/windows/security/threat-protection/auditing/event-4716.md
+++ b/windows/security/threat-protection/auditing/event-4716.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/04/2019
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4716(S): Trusted domain information was modified.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4716.png" alt="Event 4716 illustration" width="449" height="489" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4717.md b/windows/security/threat-protection/auditing/event-4717.md
index bd3378f122..0d79674053 100644
--- a/windows/security/threat-protection/auditing/event-4717.md
+++ b/windows/security/threat-protection/auditing/event-4717.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4717(S): System security access was granted to an account.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4717.png" alt="Event 4717 illustration" width="449" height="435" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4718.md b/windows/security/threat-protection/auditing/event-4718.md
index 4c8c676ce4..22f9f3a64a 100644
--- a/windows/security/threat-protection/auditing/event-4718.md
+++ b/windows/security/threat-protection/auditing/event-4718.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4718(S): System security access was removed from an account.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4718.png" alt="Event 4718 illustration" width="449" height="435" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4719.md b/windows/security/threat-protection/auditing/event-4719.md
index 98469b6945..dc67d391cf 100644
--- a/windows/security/threat-protection/auditing/event-4719.md
+++ b/windows/security/threat-protection/auditing/event-4719.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4719(S): System audit policy was changed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4719.png" alt="Event 4719 illustration" width="469" height="433" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4720.md b/windows/security/threat-protection/auditing/event-4720.md
index 1569aebb53..1500cd23c9 100644
--- a/windows/security/threat-protection/auditing/event-4720.md
+++ b/windows/security/threat-protection/auditing/event-4720.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4720(S): A user account was created.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4720.png" alt="Event 4720 illustration" width="449" height="783" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4722.md b/windows/security/threat-protection/auditing/event-4722.md
index e156a9bedf..6b10efb7c8 100644
--- a/windows/security/threat-protection/auditing/event-4722.md
+++ b/windows/security/threat-protection/auditing/event-4722.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4722(S): A user account was enabled.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4722.png" alt="Event 4722 illustration" width="449" height="420" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4723.md b/windows/security/threat-protection/auditing/event-4723.md
index 8a2eb1aa9b..2208f2ae0e 100644
--- a/windows/security/threat-protection/auditing/event-4723.md
+++ b/windows/security/threat-protection/auditing/event-4723.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4723(S, F): An attempt was made to change an account's password.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4723.png" alt="Event 4723 illustration" width="449" height="461" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4724.md b/windows/security/threat-protection/auditing/event-4724.md
index f360a13828..104704dc32 100644
--- a/windows/security/threat-protection/auditing/event-4724.md
+++ b/windows/security/threat-protection/auditing/event-4724.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4724(S, F): An attempt was made to reset an account's password.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4724.png" alt="Event 4724 illustration" width="449" height="417" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4725.md b/windows/security/threat-protection/auditing/event-4725.md
index 5be795b261..0b6ed0593a 100644
--- a/windows/security/threat-protection/auditing/event-4725.md
+++ b/windows/security/threat-protection/auditing/event-4725.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4725(S): A user account was disabled.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4725.png" alt="Event 4725 illustration" width="449" height="420" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4726.md b/windows/security/threat-protection/auditing/event-4726.md
index f8f7ffba8c..03f7cab6c8 100644
--- a/windows/security/threat-protection/auditing/event-4726.md
+++ b/windows/security/threat-protection/auditing/event-4726.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4726(S): A user account was deleted.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4726.png" alt="Event 4726 illustration" width="449" height="461" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4731.md b/windows/security/threat-protection/auditing/event-4731.md
index 78d8e0e0c8..ecbe498b31 100644
--- a/windows/security/threat-protection/auditing/event-4731.md
+++ b/windows/security/threat-protection/auditing/event-4731.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4731(S): A security-enabled local group was created.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4731.png" alt="Event 4731 illustration" width="449" height="515" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4732.md b/windows/security/threat-protection/auditing/event-4732.md
index 2619367fa3..b837e2da3a 100644
--- a/windows/security/threat-protection/auditing/event-4732.md
+++ b/windows/security/threat-protection/auditing/event-4732.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4732(S): A member was added to a security-enabled local group.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4732.png" alt="Event 4732 illustration" width="470" height="519" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4733.md b/windows/security/threat-protection/auditing/event-4733.md
index 219ebdc036..1ff01f46dd 100644
--- a/windows/security/threat-protection/auditing/event-4733.md
+++ b/windows/security/threat-protection/auditing/event-4733.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4733(S): A member was removed from a security-enabled local group.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4733.png" alt="Event 4733 illustration" width="473" height="534" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4734.md b/windows/security/threat-protection/auditing/event-4734.md
index df33b3726f..7fc762a800 100644
--- a/windows/security/threat-protection/auditing/event-4734.md
+++ b/windows/security/threat-protection/auditing/event-4734.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4734(S): A security-enabled local group was deleted.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4734.png" alt="Event 4734 illustration" width="449" height="463" hspace="10" align="left" />
 

From 4806cb632265c3ce55fce426d295181690ff9bfa Mon Sep 17 00:00:00 2001
From: Alekhya Jupudi <v-aljupudi@microsoft.com>
Date: Tue, 7 Sep 2021 15:31:02 +0530
Subject: [PATCH 127/671] Fixing Suggestions

Suggestions such as alt text, duplicated h1s and h2s, duplicated descriptions etc
---
 .../hello-hybrid-aadj-sso-cert.md             | 18 +++++-----
 .../hello-hybrid-cert-trust-devreg.md         | 34 ++++++++++++-------
 ...ello-hybrid-cert-whfb-settings-dir-sync.md |  2 +-
 .../hello-hybrid-cert-whfb-settings-pki.md    |  2 +-
 .../hello-hybrid-cert-whfb-settings-policy.md |  2 +-
 5 files changed, 34 insertions(+), 24 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
index 3015f1321f..6cca936be0 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
@@ -47,7 +47,7 @@ You need to install and configure additional infrastructure to provide Azure AD
 - An existing Windows Server 2012 R2 or later Enterprise Certificate Authority
 - A Windows Server 2012 R2 domain joined server that hosts the Network Device Enrollment Services role
 
-### High Availaibilty
+### High Availability
 The Network Device Enrollment Services (NDES) server role acts as a certificate registration authority.  Certificate registration servers enroll certificates on behalf of the user.  Users request certificates from the NDES service rather than directly from the issuing certificate authority.
 
 The architecture of the NDES server prevents it from being clustered or load balanced for high availability.  To provide high availability, you need to install more than one identically configured NDES servers and use Microsoft Intune to load balance then (in round-robin fashion).
@@ -416,11 +416,11 @@ Sign-in a workstation with access equivalent to a _domain user_.
 
 6. Start **AADApplicationProxyConnectorInstaller.exe**.
 7. Read the license terms and then select **I agree to the license terms and conditions**.  Click **Install**.
-   ![Azure Application Proxy Connector.](images/aadjcert/azureappproxyconnectorinstall-01.png)
+   ![Azure Application Proxy Connector: license terms](images/aadjcert/azureappproxyconnectorinstall-01.png)
 8. Sign-in to Microsoft Azure with access equivalent to **Global Administrator**.
-   ![Azure Application Proxy Connector.](images/aadjcert/azureappproxyconnectorinstall-02.png)
+   ![Azure Application Proxy Connector: sign-in](images/aadjcert/azureappproxyconnectorinstall-02.png)
 9. When the installation completes. Read the information regarding outbound proxy servers.  Click **Close**.
-   ![Azure Application Proxy Connector.](images/aadjcert/azureappproxyconnectorinstall-03.png)
+   ![Azure Application Proxy Connector: read](images/aadjcert/azureappproxyconnectorinstall-03.png)
 10. Repeat steps 5 - 10 for each device that will run the Azure AD Application Proxy connector for Windows Hello for Business certificate deployments.
 
 #### Create a Connector Group
@@ -480,12 +480,12 @@ Sign-in the NDES server with access equivalent to _local administrator_.
 
 1. Start **Internet Information Services (IIS) Manager** from **Administrative Tools**.
 2. Expand the node that has the name of the NDES server.  Expand **Sites** and select **Default Web Site**.
-   ![NDES IIS Console.](images/aadjcert/ndes-iis-console.png)
+   ![NDES IIS Console](images/aadjcert/ndes-iis-console.png)
 3. Click **Bindings...*** under **Actions**.  Click **Add**.
-   ![NDES IIS Console.](images/aadjcert/ndes-iis-bindings.png)
+   ![NDES IIS Console: Add](images/aadjcert/ndes-iis-bindings.png)
 4. Select **https** from **Type**. Confirm the value for **Port** is **443**.
 5. Select the certificate you previously enrolled from the **SSL certificate** list.  Select **OK**.
-   ![NDES IIS Console.](images/aadjcert/ndes-iis-bindings-add-443.png)
+   ![NDES IIS Console: Certificate List](images/aadjcert/ndes-iis-bindings-add-443.png)
 6. Select **http** from the **Site Bindings** list.  Click **Remove**.
 7. Click **Close** on the **Site Bindings** dialog box.
 8. Close **Internet Information Services (IIS) Manager**.
@@ -511,10 +511,10 @@ Sign-in the NDES server with access equivalent to _local administrator_.
 
 A web page similar to the following should appear in your web browser.  If you do not see a similar page, or you get a **503 Service unavailable** message, ensure the NDES Service account has the proper user rights.  You can also review the application event log for events with the **NetworkDeviceEnrollmentSerice** source.
 
-![NDES IIS Console.](images/aadjcert/ndes-https-website-test-01.png)
+![NDES IIS Console: Source](images/aadjcert/ndes-https-website-test-01.png)
 
 Confirm the web site uses the server authentication certificate.
-![NDES IIS Console.](images/aadjcert/ndes-https-website-test-01-show-cert.png)
+![NDES IIS Console: Confirm](images/aadjcert/ndes-https-website-test-01-show-cert.png)
 
 
 ## Configure Network Device Enrollment Services to work with Microsoft Intune
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
index f4b0f9a22f..387a5f1ded 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
@@ -115,14 +115,14 @@ When you are ready to install, follow the **Configuring federation with AD FS**
 ### Create AD objects for AD FS Device Authentication  
 If your AD FS farm is not already configured for Device Authentication (you can see this in the AD FS Management console under Service -> Device Registration), use the following steps to create the correct AD DS objects and configuration.  
 
-![Device Registration.](images/hybridct/device1.png)
+![Device Registration: AD FS](images/hybridct/device1.png)
 
 > [!NOTE]
 > The below commands require Active Directory administration tools, so if your federation server is not also a domain controller, first install the tools using step 1 below.  Otherwise you can skip step 1.  
 
 1.  Run the **Add Roles & Features** wizard and select feature **Remote Server Administration Tools** -> **Role Administration Tools** -> **AD DS and AD LDS Tools** -> Choose both the **Active Directory module for Windows PowerShell** and the **AD DS Tools**.
 
-![Device Registration.](images/hybridct/device2.png)
+![Device Registration: Overview](images/hybridct/device2.png)
 
 2. On your AD FS primary server, ensure you are logged in as AD DS user with enterprise administrator privileges and open an elevated Windows PowerShell prompt.  Then, run the following commands:  
 
@@ -133,7 +133,7 @@ If your AD FS farm is not already configured for Device Authentication (you can
 > [!NOTE]
 > If your AD FS service is configured to use a GMSA account, enter the account name in the format "domain\accountname$"
 
-![Device Registration.](images/hybridct/device3.png)  
+![Device Registration: Domain](images/hybridct/device3.png)  
 
 The above PSH creates the following objects:  
 
@@ -141,11 +141,11 @@ The above PSH creates the following objects:
 - Device Registration Service container and object under Configuration --> Services --> Device Registration Configuration  
 - Device Registration Service DKM container and object under Configuration --> Services --> Device Registration Configuration  
 
-![Device Registration.](images/hybridct/device4.png)  
+![Device Registration: Tests](images/hybridct/device4.png)  
 
 4. Once this is done, you will see a successful completion message.
 
-![Device Registration.](images/hybridct/device5.png) 
+![Device Registration: Completion](images/hybridct/device5.png) 
 
 ### Create Service Connection Point (SCP) in Active Directory  
 If you plan to use Windows domain join (with automatic registration to Azure AD) as described here, execute the following commands to create a service connection point in AD DS  
@@ -156,13 +156,13 @@ If you plan to use Windows domain join (with automatic registration to Azure AD)
 > [!NOTE]
 > If necessary, copy the AdSyncPrep.psm1 file from your Azure AD Connect server.  This file is located in Program Files\Microsoft Azure Active Directory Connect\AdPrep
 
-![Device Registration.](images/hybridct/device6.png)   
+![Device Registration AdPrep](images/hybridct/device6.png)   
 
 2. Provide your Azure AD global administrator credentials  
 
     `PS C:>$aadAdminCred = Get-Credential`
 
-![Device Registration.](images/hybridct/device7.png) 
+![Device Registration: Credential](images/hybridct/device7.png) 
 
 3. Run the following PowerShell command 
 
@@ -239,6 +239,7 @@ The definition helps you to verify whether the values are present or if you need
 
 **`http://schemas.microsoft.com/ws/2012/01/accounttype`** - This claim must contain a value of **DJ**, which identifies the device as a domain-joined computer. In AD FS, you can add an issuance transform rule that looks like this:
 
+```
     @RuleName = "Issue account type for domain-joined computers"
     c:[
         Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", 
@@ -249,11 +250,13 @@ The definition helps you to verify whether the values are present or if you need
         Type = "http://schemas.microsoft.com/ws/2012/01/accounttype", 
         Value = "DJ"
     );
+```
 
 #### Issue objectGUID of the computer account on-premises
 
 **`http://schemas.microsoft.com/identity/claims/onpremobjectguid`** - This claim must contain the **objectGUID** value of the on-premises computer account. In AD FS, you can add an issuance transform rule that looks like this:
 
+```
     @RuleName = "Issue object GUID for domain-joined computers"
     c1:[
         Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", 
@@ -271,11 +274,13 @@ The definition helps you to verify whether the values are present or if you need
         query = ";objectguid;{0}", 
         param = c2.Value
     );
+```
 
 #### Issue objectSID of the computer account on-premises
 
 **`http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid`** - This claim must contain the **objectSid** value of the on-premises computer account. In AD FS, you can add an issuance transform rule that looks like this:
 
+```
     @RuleName = "Issue objectSID for domain-joined computers"
     c1:[
         Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", 
@@ -288,11 +293,13 @@ The definition helps you to verify whether the values are present or if you need
         Issuer =~ "^(AD AUTHORITY|SELF AUTHORITY|LOCAL AUTHORITY)$"
     ]
     => issue(claim = c2);
+```
 
 #### Issue issuerID for computer when multiple verified domain names in Azure AD
 
 **`http://schemas.microsoft.com/ws/2008/06/identity/claims/issuerid`** - This claim must contain the Uniform Resource Identifier (URI) of any of the verified domain names that connect with the on-premises federation service (AD FS or 3rd party) issuing the token. In AD FS, you can add issuance transform rules that look like the ones below in that specific order after the ones above. Please note that one rule to explicitly issue the rule for users is necessary. In the rules below, a first rule identifying user vs. computer authentication is added.
 
+```
     @RuleName = "Issue account type with the value User when it is not a computer"
 
     NOT EXISTS(
@@ -334,7 +341,7 @@ The definition helps you to verify whether the values are present or if you need
         Type = "http://schemas.microsoft.com/ws/2008/06/identity/claims/issuerid", 
         Value = "http://<verified-domain-name>/adfs/services/trust/"
     );
-
+```
 
 In the claim above,
 
@@ -342,12 +349,13 @@ In the claim above,
 - `<verified-domain-name>` is a placeholder you need to replace with one of your verified domain names in Azure AD
 
 For more details about verified domain names, see [Add a custom domain name to Azure Active Directory](/azure/active-directory/active-directory-add-domain).  
-To get a list of your verified company domains, you can use the [Get-MsolDomain](/powershell/module/msonline/get-msoldomain?view=azureadps-1.0) cmdlet. 
+To get a list of your verified company domains, you can use the [Get-MsolDomain](/powershell/module/msonline/get-msoldomain?view=azureadps-1.0&preserve-view=true) cmdlet.
 
 #### Issue ImmutableID for computer when one for users exist (e.g. alternate login ID is set)
 
 **`http://schemas.microsoft.com/LiveID/Federation/2008/05/ImmutableID`** - This claim must contain a valid value for computers. In AD FS, you can create an issuance transform rule as follows:
 
+```
     @RuleName = "Issue ImmutableID for computers"
     c1:[
         Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", 
@@ -365,11 +373,13 @@ To get a list of your verified company domains, you can use the [Get-MsolDomain]
         query = ";objectguid;{0}", 
         param = c2.Value
     );
+```
 
 #### Helper script to create the AD FS issuance transform rules
 
 The following script helps you with the creation of the issuance transform rules described above.
 
+```
     $multipleVerifiedDomainNames = $false
     $immutableIDAlreadyIssuedforUsers = $false
     $oneOfVerifiedDomainNames = 'example.com'   # Replace example.com with one of your verified domains
@@ -488,9 +498,9 @@ The following script helps you with the creation of the issuance transform rules
     $crSet = New-ADFSClaimRuleSet -ClaimRule $updatedRules 
 
     Set-AdfsRelyingPartyTrust -TargetIdentifier urn:federation:MicrosoftOnline -IssuanceTransformRules $crSet.ClaimRulesString 
+```
 
-
-#### Remarks 
+#### Remarks
 
 - This script appends the rules to the existing rules. Do not run the script twice because the set of rules would be added twice. Make sure that no corresponding rules exist for these claims (under the corresponding conditions) before running the script again.
 
@@ -518,7 +528,7 @@ For your reference, below is a comprehensive list of the AD DS devices, containe
 - Container CN=Device Registration Configuration,CN=Services,CN=Configuration,DC=&lt;domain&gt;
 - Container Device Registration Service DKM under the above container
 
-![Device Registration.](images/hybridct/device8.png) 
+![Device Registration: Container](images/hybridct/device8.png) 
 
 - object of type serviceConnectionpoint at CN=&lt;guid&gt;, CN=Device Registration Configuration,CN=Services,CN=Configuration,DC=&lt;domain&gt;  
   - read/write access to the specified AD connector account name on the new object 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md
index 0c1a2514f6..c48e5ae621 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md
@@ -17,7 +17,7 @@ ms.date: 4/30/2021
 ms.reviewer: 
 ---
 
-# Configure Hybrid Azure AD joined Windows Hello for Business: Directory Synchronization
+# Configure Hybrid Azure AD joined Windows Hello for Business- Directory Synchronization
 
 **Applies to**
 - Windows 10, version 1703 or later
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
index b9a791e77a..1cc5c20c10 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
@@ -17,7 +17,7 @@ ms.date: 4/30/2021
 ms.reviewer: 
 ---
 
-# Configure Hybrid Azure AD joined Windows Hello for Business: Public Key Infrastructure
+# Configure Hybrid Azure AD joined Windows Hello for Busines - Public Key Infrastructure
 
 **Applies to**
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md
index ba312d832b..519afac582 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md
@@ -16,7 +16,7 @@ localizationpriority: medium
 ms.date: 4/30/2021
 ms.reviewer: 
 ---
-# Configure Hybrid Azure AD joined Windows Hello for Business: Group Policy
+# Configure Hybrid Azure AD joined Windows Hello for Business - Group Policy
 
 **Applies to**
 -   Windows 10, version 1703 or later

From 7b1c74167ad58537ee7fa60b34eea710de6e4223 Mon Sep 17 00:00:00 2001
From: Alekhya Jupudi <v-aljupudi@microsoft.com>
Date: Tue, 7 Sep 2021 15:40:15 +0530
Subject: [PATCH 128/671] Fixing suggestion

---
 .../hello-for-business/hello-how-it-works.md                | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md
index bb2aa67448..657611e55f 100644
--- a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md
+++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md
@@ -15,7 +15,7 @@ localizationpriority: medium
 ms.date: 05/05/2018
 ms.reviewer: 
 ---
-# How Windows Hello for Business works
+# How Windows Hello for Business works in Windows Devices
 
 **Applies to**
 
@@ -35,7 +35,7 @@ Windows Hello for Business is a distributed system that uses several components
 
 Registration is a fundamental prerequisite for Windows Hello for Business.  Without registration, Windows Hello for Business provisioning cannot start. Registration is where the device **registers** its identity with the identity provider. For cloud and hybrid deployments, the identity provider is Azure Active Directory and the device registers with the Azure Device Registration Service (ADRS). For on-premises deployments, the identity provider is Active Directory Federation Services (AD FS), and the device registers with the enterprise device registration service hosted on the federation servers (AD FS).
 
-For more information read [how device registration works](/azure/active-directory/devices/device-registration-how-it-works).
+For more information, read [how device registration works](/azure/active-directory/devices/device-registration-how-it-works).
 
 ### Provisioning
 
@@ -45,7 +45,7 @@ Watch Matthew Palko and Ravi Vennapusa explain how Windows Hello for Business pr
 
 > [!VIDEO https://www.youtube.com/embed/RImGsIjSJ1s]
 
-For more information read [how provisioning works](hello-how-it-works-provisioning.md).
+For more information, read [how provisioning works](hello-how-it-works-provisioning.md).
 
 ### Authentication
 

From c4129b9364a4c42a79bd0c53ff971c919cd91220 Mon Sep 17 00:00:00 2001
From: Alekhya Jupudi <v-aljupudi@microsoft.com>
Date: Tue, 7 Sep 2021 15:45:41 +0530
Subject: [PATCH 129/671] Fixing Suggestion

---
 .../hello-for-business/hello-key-trust-adfs.md                | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
index 2a99ae368d..bd85292e3b 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
@@ -102,7 +102,7 @@ Sign-in the federation server with _Enterprise Admin_ equivalent credentials.
 8. Click **Next** on the **Active Directory Federation Service** page.
 9. Click **Install** to start the role installation.
 
-## Review
+## Review to validate
 
 Before you continue with the deployment, validate your deployment progress by reviewing the following items:
 * Confirm the AD FS farm uses the correct database configuration.
@@ -214,7 +214,7 @@ Sign-in the federation server with _Enterprise Admin_ equivalent credentials. Th
 3. In the details pane, click **Configure Device Registration**.
 4. In the **Configure Device Registration** dialog, click **OK**.
 
-## Review
+## Review and validate
 
 Before you continue with the deployment, validate your deployment progress by reviewing the following items:
 * Confirm you followed the correct procedures based on the domain controllers used in your deployment   

From 409d8ca8217c126862636ba5d72ae8f3b3e40663 Mon Sep 17 00:00:00 2001
From: Alekhya Jupudi <v-aljupudi@microsoft.com>
Date: Tue, 7 Sep 2021 15:54:33 +0530
Subject: [PATCH 130/671] Fixing suggestions

---
 .../hello-for-business/hello-key-trust-adfs.md                  | 2 +-
 .../hello-for-business/hello-key-trust-policy-settings.md       | 2 +-
 .../hello-for-business/hello-key-trust-validate-ad-prereq.md    | 2 +-
 .../hello-for-business/hello-key-trust-validate-pki.md          | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
index bd85292e3b..7423caec53 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
@@ -16,7 +16,7 @@ localizationpriority: medium
 ms.date: 08/19/2018
 ms.reviewer: 
 ---
-# Prepare and Deploy Windows Server 2016 Active Directory Federation Services
+# Prepare and Deploy Windows Server 2016 Active Directory Federation Services with Key Trust
 
 **Applies to**
 -   Windows 10, version 1703 or later
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md
index 2999718adb..116c9ba6ab 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md
@@ -16,7 +16,7 @@ localizationpriority: medium
 ms.date: 08/19/2018
 ms.reviewer: 
 ---
-# Configure Windows Hello for Business Policy settings
+# Configure Windows Hello for Business Policy settings - Key Trust
 
 **Applies to**
 -   Windows 10, version 1703 or later
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md
index 8c65b3943f..943e611e93 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md
@@ -16,7 +16,7 @@ localizationpriority: medium
 ms.date: 08/19/2018
 ms.reviewer: 
 ---
-# Validate Active Directory prerequisites
+# Validate Active Directory prerequisites - Key Trust
 
 **Applies to**
 -   Windows 10, version 1703 or later
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md
index 5b864cd36b..d4e87e620e 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md
@@ -17,7 +17,7 @@ ms.date: 08/19/2018
 ms.reviewer: 
 ---
 
-# Validate and Configure Public Key Infrastructure
+# Validate and Configure Public Key Infrastructure - Key Trust
 
 **Applies to**
 -   Windows 10, version 1703 or later

From e083dd5e3b756f7fa23d0577927ccbd64b12348f Mon Sep 17 00:00:00 2001
From: Meghana Athavale <v-mathavale@microsoft.com>
Date: Tue, 7 Sep 2021 16:13:18 +0530
Subject: [PATCH 131/671] Updated boundary-zone.md

---
 .../windows-firewall/boundary-zone.md              | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/boundary-zone.md b/windows/security/threat-protection/windows-firewall/boundary-zone.md
index 95c9a26f95..a78415035a 100644
--- a/windows/security/threat-protection/windows-firewall/boundary-zone.md
+++ b/windows/security/threat-protection/windows-firewall/boundary-zone.md
@@ -25,13 +25,13 @@ ms.technology: mde
 -   Windows 11
 -   Windows Server 2016 and above 
 
-In most organizations, some devices must be able to receive network traffic from devices that are not part of the isolated domain, and therefore cannot authenticate. To accept communications from untrusted devices, create a boundary zone within your isolated domain.
+In most organizations, some devices can receive network traffic from devices that aren't part of the isolated domain, and therefore can't authenticate. To accept communications from untrusted devices, create a boundary zone within your isolated domain.
 
 Devices in the boundary zone are trusted devices that can accept communication requests both from other isolated domain member devices and from untrusted devices. Boundary zone devices try to authenticate any incoming request by using IPsec, initiating an IKE negotiation with the originating device.
 
-The GPOs you build for the boundary zone include IPsec or connection security rules that request authentication for both inbound and outbound network connections, but do not require it.
+The GPOs you build for the boundary zone include IPsec or connection security rules that request authentication for both inbound and outbound network connections, but don't require it.
 
-Because these boundary zone devices can receive unsolicited inbound communications from untrusted devices that use plaintext, they must be carefully managed and secured in other ways. Mitigating this additional risk is an important part of deciding whether to add a device to the boundary zone. For example, completing a formal business justification process before adding each device to the boundary zone can help ensure that the additional risk is minimized. The following illustration shows a sample process that can help make such a decision.
+These boundary zone devices receive unsolicited inbound communications from untrusted devices that use plaintext. Therefore, they must be carefully managed and secured in other ways. Mitigating this extra risk is an important part of deciding whether to add a device to the boundary zone. For example, completing a formal business justification process before adding each device to the boundary zone minimizes the additional risk. The following illustration shows a sample process that can help make such a decision.
 
 ![design flowchart.](images/wfas-designflowchart1.gif)
 
@@ -39,7 +39,7 @@ The goal of this process is to determine whether the risk of adding a device to
 
 You must create a group in Active Directory to contain the members of the boundary zones. The settings and rules for the boundary zone are typically very similar to those for the isolated domain, and you can save time and effort by copying those GPOs to serve as a starting point. The primary difference is that the authentication connection security rule must be set to request authentication for both inbound and outbound traffic, instead of requiring inbound authentication and requesting outbound authentication as used by the isolated domain.
 
-Creation of the group and how to link it to the GPOs that apply the rules to members of the group are discussed in the [Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md) section.
+ [Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md) section discusses creation of the group and how to link it to the GPOs that apply the rules to members of the group.
 
 ## GPO settings for boundary zone servers running at least Windows Server 2008
 
@@ -50,13 +50,13 @@ The boundary zone GPO for devices running at least Windows Server 2008 should i
 
     1.  Exempt all ICMP traffic from IPsec.
 
-    2.  Key exchange (main mode) security methods and algorithm. We recommend that you use at least DH4, AES and SHA2 in your settings. Use the strongest algorithm combinations that are common to all your supported operating systems.
+    2.  Key exchange (main mode) security methods and algorithm. We recommend that you use at least DH4, AES, and SHA2 in your settings. Use the strongest algorithm combinations that are common to all your supported operating systems.
 
-    3.  Data protection (quick mode) algorithm combinations. We recommend that you do not include DES or MD5 in any setting. They are included only for compatibility with previous versions of Windows. Use the strongest algorithm combinations that are common to all your supported operating systems..
+    3.  Data protection (quick mode) algorithm combinations. We recommend that you don't include DES or MD5 in any setting. They're included only for compatibility with previous versions of Windows. Use the strongest algorithm combinations that are common to all your supported operating systems.
 
         If any NAT devices are present on your networks, use ESP encapsulation. If isolated domain members must communicate with hosts in the encryption zone, ensure that you include algorithms that are compatible with the requirements of the encryption mode policies.
 
-    4.  Authentication methods. Include at least device-based Kerberos V5 authentication. If you want to use user-based access to isolated servers then you must also include user-based Kerberos V5 authentication as an optional authentication method. Likewise, if any of your domain isolation members cannot use Kerberos V5, you must include certificate-based authentication as an optional authentication method.
+    4.  Authentication methods. Include at least device-based Kerberos V5 authentication. If you want to use user-based access to isolated servers, then you must also include user-based Kerberos V5 authentication as an optional authentication method. Likewise, if any of your domain isolation members can't use Kerberos V5, you must include certificate-based authentication as an optional authentication method.
 
 -   The following connection security rules:
 

From 250259127afc84bbb08c8b1e2aeed5febf0c0c37 Mon Sep 17 00:00:00 2001
From: Ashok Lobo <v-ashoklobo@microsoft.com>
Date: Tue, 7 Sep 2021 17:32:20 +0530
Subject: [PATCH 132/671] Updated for 5358843-files151to175

---
 windows/security/threat-protection/auditing/event-4735.md | 6 +-----
 windows/security/threat-protection/auditing/event-4738.md | 6 +-----
 windows/security/threat-protection/auditing/event-4739.md | 6 +-----
 windows/security/threat-protection/auditing/event-4740.md | 6 +-----
 windows/security/threat-protection/auditing/event-4741.md | 6 +-----
 windows/security/threat-protection/auditing/event-4742.md | 6 +-----
 windows/security/threat-protection/auditing/event-4743.md | 6 +-----
 windows/security/threat-protection/auditing/event-4749.md | 6 +-----
 windows/security/threat-protection/auditing/event-4750.md | 6 +-----
 windows/security/threat-protection/auditing/event-4751.md | 6 +-----
 windows/security/threat-protection/auditing/event-4752.md | 6 +-----
 windows/security/threat-protection/auditing/event-4753.md | 6 +-----
 windows/security/threat-protection/auditing/event-4764.md | 5 +----
 windows/security/threat-protection/auditing/event-4765.md | 6 +-----
 windows/security/threat-protection/auditing/event-4766.md | 6 +-----
 windows/security/threat-protection/auditing/event-4767.md | 6 +-----
 windows/security/threat-protection/auditing/event-4768.md | 6 +-----
 windows/security/threat-protection/auditing/event-4769.md | 6 +-----
 windows/security/threat-protection/auditing/event-4770.md | 6 +-----
 windows/security/threat-protection/auditing/event-4771.md | 6 +-----
 windows/security/threat-protection/auditing/event-4772.md | 6 +-----
 windows/security/threat-protection/auditing/event-4773.md | 6 +-----
 windows/security/threat-protection/auditing/event-4774.md | 5 +----
 windows/security/threat-protection/auditing/event-4775.md | 6 +-----
 windows/security/threat-protection/auditing/event-4776.md | 6 +-----
 25 files changed, 25 insertions(+), 123 deletions(-)

diff --git a/windows/security/threat-protection/auditing/event-4735.md b/windows/security/threat-protection/auditing/event-4735.md
index 14d1e6df28..ebd05f8b62 100644
--- a/windows/security/threat-protection/auditing/event-4735.md
+++ b/windows/security/threat-protection/auditing/event-4735.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4735(S): A security-enabled local group was changed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4735.png" alt="Event 4735 illustration" width="449" height="519" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4738.md b/windows/security/threat-protection/auditing/event-4738.md
index f62d7e4ba8..1beea8a564 100644
--- a/windows/security/threat-protection/auditing/event-4738.md
+++ b/windows/security/threat-protection/auditing/event-4738.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4738(S): A user account was changed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4738.png" alt="Event 4738 illustration" width="449" height="771" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4739.md b/windows/security/threat-protection/auditing/event-4739.md
index e3268f4c69..d8417cef87 100644
--- a/windows/security/threat-protection/auditing/event-4739.md
+++ b/windows/security/threat-protection/auditing/event-4739.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4739(S): Domain Policy was changed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4739.png" alt="Event 4739 illustration" width="449" height="685" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4740.md b/windows/security/threat-protection/auditing/event-4740.md
index db7139e935..095b90641e 100644
--- a/windows/security/threat-protection/auditing/event-4740.md
+++ b/windows/security/threat-protection/auditing/event-4740.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4740(S): A user account was locked out.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4740.png" alt="Event 4740 illustration" width="449" height="447" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4741.md b/windows/security/threat-protection/auditing/event-4741.md
index 6c83f23d1e..c09ba86137 100644
--- a/windows/security/threat-protection/auditing/event-4741.md
+++ b/windows/security/threat-protection/auditing/event-4741.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4741(S): A computer account was created.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4741.png" alt="Event 4741 illustration" width="449" height="837" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4742.md b/windows/security/threat-protection/auditing/event-4742.md
index 5d0cda5110..b838e77a00 100644
--- a/windows/security/threat-protection/auditing/event-4742.md
+++ b/windows/security/threat-protection/auditing/event-4742.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4742(S): A computer account was changed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4742.png" alt="Event 4742 illustration" width="449" height="781" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4743.md b/windows/security/threat-protection/auditing/event-4743.md
index 3402a5e1d7..064855d936 100644
--- a/windows/security/threat-protection/auditing/event-4743.md
+++ b/windows/security/threat-protection/auditing/event-4743.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4743(S): A computer account was deleted.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4743.png" alt="Event 4743 illustration" width="509" height="461" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4749.md b/windows/security/threat-protection/auditing/event-4749.md
index 478ae9e021..e1990c4f1e 100644
--- a/windows/security/threat-protection/auditing/event-4749.md
+++ b/windows/security/threat-protection/auditing/event-4749.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4749(S): A security-disabled global group was created.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4749.png" alt="Event 4749 illustration" width="449" height="518" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4750.md b/windows/security/threat-protection/auditing/event-4750.md
index 1a8a03f92a..9ebd361c00 100644
--- a/windows/security/threat-protection/auditing/event-4750.md
+++ b/windows/security/threat-protection/auditing/event-4750.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4750(S): A security-disabled global group was changed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4750.png" alt="Event 4750 illustration" width="449" height="517" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4751.md b/windows/security/threat-protection/auditing/event-4751.md
index cc06f2ae5d..c187c0da6a 100644
--- a/windows/security/threat-protection/auditing/event-4751.md
+++ b/windows/security/threat-protection/auditing/event-4751.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4751(S): A member was added to a security-disabled global group.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4751.png" alt="Event 4751 illustration" width="449" height="530" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4752.md b/windows/security/threat-protection/auditing/event-4752.md
index ef79c01bca..642eb6b948 100644
--- a/windows/security/threat-protection/auditing/event-4752.md
+++ b/windows/security/threat-protection/auditing/event-4752.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4752(S): A member was removed from a security-disabled global group.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4752.png" alt="Event 4752 illustration" width="449" height="530" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4753.md b/windows/security/threat-protection/auditing/event-4753.md
index 45b9de0d33..cf4ada677c 100644
--- a/windows/security/threat-protection/auditing/event-4753.md
+++ b/windows/security/threat-protection/auditing/event-4753.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4753(S): A security-disabled global group was deleted.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4753.png" alt="Event 4753 illustration" width="449" height="461" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4764.md b/windows/security/threat-protection/auditing/event-4764.md
index 3b50ba9bf1..073049f2bf 100644
--- a/windows/security/threat-protection/auditing/event-4764.md
+++ b/windows/security/threat-protection/auditing/event-4764.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,9 +16,6 @@ ms.technology: mde
 
 # 4764(S): A group’s type was changed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
 
 <img src="images/event-4764.png" alt="Event 4764 illustration" width="603" height="489" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4765.md b/windows/security/threat-protection/auditing/event-4765.md
index ff685d9081..472f9a92d0 100644
--- a/windows/security/threat-protection/auditing/event-4765.md
+++ b/windows/security/threat-protection/auditing/event-4765.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4765(S): SID History was added to an account.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event generates when [SID History](/windows/win32/adschema/a-sidhistory) was added to an account.
 
diff --git a/windows/security/threat-protection/auditing/event-4766.md b/windows/security/threat-protection/auditing/event-4766.md
index 7593423b22..bf5820689e 100644
--- a/windows/security/threat-protection/auditing/event-4766.md
+++ b/windows/security/threat-protection/auditing/event-4766.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4766(F): An attempt to add SID History to an account failed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event generates when an attempt to add [SID History](/windows/win32/adschema/a-sidhistory) to an account failed.
 
diff --git a/windows/security/threat-protection/auditing/event-4767.md b/windows/security/threat-protection/auditing/event-4767.md
index cf7b13e4f0..4b580f7dc0 100644
--- a/windows/security/threat-protection/auditing/event-4767.md
+++ b/windows/security/threat-protection/auditing/event-4767.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4767(S): A user account was unlocked.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4767.png" alt="Event 4767 illustration" width="449" height="421" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4768.md b/windows/security/threat-protection/auditing/event-4768.md
index 64156ecd85..9509c1486b 100644
--- a/windows/security/threat-protection/auditing/event-4768.md
+++ b/windows/security/threat-protection/auditing/event-4768.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4768(S, F): A Kerberos authentication ticket (TGT) was requested.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 :::image type="content" alt-text="Event 4768 illustration." source="images/event-4768.png":::
 
diff --git a/windows/security/threat-protection/auditing/event-4769.md b/windows/security/threat-protection/auditing/event-4769.md
index 5c460724b8..1790274e2c 100644
--- a/windows/security/threat-protection/auditing/event-4769.md
+++ b/windows/security/threat-protection/auditing/event-4769.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4769(S, F): A Kerberos service ticket was requested.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4769.png" alt="Event 4769 illustration" width="512" height="678" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4770.md b/windows/security/threat-protection/auditing/event-4770.md
index ac38dc82f9..6a1627d7df 100644
--- a/windows/security/threat-protection/auditing/event-4770.md
+++ b/windows/security/threat-protection/auditing/event-4770.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4770(S): A Kerberos service ticket was renewed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4770.png" alt="Event 4770 illustration" width="449" height="524" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4771.md b/windows/security/threat-protection/auditing/event-4771.md
index c5aea23ecb..9891a617a0 100644
--- a/windows/security/threat-protection/auditing/event-4771.md
+++ b/windows/security/threat-protection/auditing/event-4771.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 07/23/2020
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4771(F): Kerberos pre-authentication failed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4771.png" alt="Event 4771 illustration" width="496" height="657" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4772.md b/windows/security/threat-protection/auditing/event-4772.md
index 2124b16bb1..c93994b2ed 100644
--- a/windows/security/threat-protection/auditing/event-4772.md
+++ b/windows/security/threat-protection/auditing/event-4772.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4772(F): A Kerberos authentication ticket request failed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Currently this event doesn’t generate. It is a defined event, but it is never invoked by the operating system. [4768](event-4768.md) failure event is generated instead.
 
diff --git a/windows/security/threat-protection/auditing/event-4773.md b/windows/security/threat-protection/auditing/event-4773.md
index ba672478d8..3d4e1fe09b 100644
--- a/windows/security/threat-protection/auditing/event-4773.md
+++ b/windows/security/threat-protection/auditing/event-4773.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4773(F): A Kerberos service ticket request failed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Currently this event doesn’t generate. It is a defined event, but it is never invoked by the operating system. [4769](event-4769.md) failure event is generated instead.
 
diff --git a/windows/security/threat-protection/auditing/event-4774.md b/windows/security/threat-protection/auditing/event-4774.md
index 08eb0fe72f..4c01962461 100644
--- a/windows/security/threat-protection/auditing/event-4774.md
+++ b/windows/security/threat-protection/auditing/event-4774.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,9 +16,6 @@ ms.technology: mde
 
 # 4774(S, F): An account was mapped for logon.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
 
 Success events do not appear to occur. Failure event [has been reported](http://forum.ultimatewindowssecurity.com/Topic7313-282-1.aspx). 
 
diff --git a/windows/security/threat-protection/auditing/event-4775.md b/windows/security/threat-protection/auditing/event-4775.md
index cf27ccdf2a..c9e4a319e8 100644
--- a/windows/security/threat-protection/auditing/event-4775.md
+++ b/windows/security/threat-protection/auditing/event-4775.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4775(F): An account could not be mapped for logon.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 It appears that this event never occurs.
 
diff --git a/windows/security/threat-protection/auditing/event-4776.md b/windows/security/threat-protection/auditing/event-4776.md
index 75dc6a4a69..7da08c0312 100644
--- a/windows/security/threat-protection/auditing/event-4776.md
+++ b/windows/security/threat-protection/auditing/event-4776.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4776(S, F): The computer attempted to validate the credentials for an account.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4776.png" alt="Event 4776 illustration" width="459" height="336" hspace="10" align="left" />
 

From ff1c9264915abab0b1cdca2d80b3d41693813d15 Mon Sep 17 00:00:00 2001
From: Meghana Athavale <v-mathavale@microsoft.com>
Date: Tue, 7 Sep 2021 17:56:45 +0530
Subject: [PATCH 133/671] Updated 21to40 files

---
 ...s-for-clients-of-a-standalone-isolated-server-zone.md | 7 ++++---
 ...cklist-implementing-a-basic-firewall-policy-design.md | 9 +++++----
 ...enting-a-certificate-based-isolation-policy-design.md | 7 ++++---
 ...list-implementing-a-domain-isolation-policy-design.md | 7 ++++---
 ...enting-a-standalone-server-isolation-policy-design.md | 7 ++++---
 .../windows-firewall/configure-authentication-methods.md | 7 ++++---
 .../configure-data-protection-quick-mode-settings.md     | 7 ++++---
 ...group-policy-to-autoenroll-and-deploy-certificates.md | 7 ++++---
 .../configure-key-exchange-main-mode-settings.md         | 7 ++++---
 .../configure-the-rules-to-require-encryption.md         | 4 ++--
 .../configure-the-windows-firewall-log.md                | 7 ++++---
 ...he-workstation-authentication-certificate-template.md | 7 ++++---
 ...o-suppress-notifications-when-a-program-is-blocked.md | 7 ++++---
 .../confirm-that-certificates-are-deployed-correctly.md  | 7 ++++---
 .../windows-firewall/copy-a-gpo-to-create-a-new-gpo.md   | 9 +++++----
 .../create-a-group-account-in-active-directory.md        | 7 ++++---
 .../windows-firewall/create-a-group-policy-object.md     | 7 ++++---
 .../create-an-authentication-exemption-list-rule.md      | 7 ++++---
 .../create-an-authentication-request-rule.md             | 7 ++++---
 .../windows-firewall/create-an-inbound-icmp-rule.md      | 7 ++++---
 20 files changed, 80 insertions(+), 61 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md b/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
index 4a4c525867..d57f7d5a5d 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
@@ -1,5 +1,5 @@
 ---
-title: Create Rules for Standalone Isolated Server Zone Clients (Windows 10)
+title: Create Rules for Standalone Isolated Server Zone Clients (Windows)
 description: Checklist for when creating rules for clients of a Standalone Isolated Server Zone
 ms.assetid: 6a5e6478-add3-47e3-8221-972549e013f6
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 This checklist includes tasks for configuring connection security rules and IPsec settings in the GPOs for client devices that must connect to servers in an isolated server zone.
 
diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md
index 1aa6060a8c..1d50c40f3d 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md
@@ -1,5 +1,5 @@
 ---
-title: Checklist Implementing a Basic Firewall Policy Design (Windows 10)
+title: Checklist Implementing a Basic Firewall Policy Design (Windows)
 description: Follow this parent checklist for implementing a basic firewall policy design to ensure successful implementation.
 ms.assetid: 6caf0c1e-ac72-4f9d-a986-978b77fbbaa3
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 This parent checklist includes cross-reference links to important concepts about the basic firewall policy design. It also contains links to subordinate checklists that will help you complete the tasks that are required to implement this design.
 
@@ -35,7 +36,7 @@ The procedures in this section use the Group Policy MMC snap-in interfaces to co
 | Task | Reference |
 | - | - |
 | Review important concepts and examples for the basic firewall policy design to determine if this design meets the needs of your organization. | [Identifying Your Windows Defender Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)<br/>[Basic Firewall Policy Design](basic-firewall-policy-design.md)<br/>[Firewall Policy Design Example](firewall-policy-design-example.md)<br/>[Planning Settings for a Basic Firewall Policy](planning-settings-for-a-basic-firewall-policy.md)| 
-| Create the membership group and a GPO for each set of devices that require different firewall rules. Where GPOs will be similar, such as for Windows 10 and Windows Server 2016, create one GPO, configure it by using the tasks in this checklist, and then make a copy of the GPO for the other version of Windows. For example, create and configure the GPO for Windows 10, make a copy of it for Windows Server 2016, and then follow the steps in this checklist to make the few required changes to the copy. | [Checklist: Creating Group Policy Objects](checklist-creating-group-policy-objects.md)<br/>[Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)| 
+| Create the membership group and a GPO for each set of devices that require different firewall rules. Where GPOs will be similar, such as for Windows 11, Windows 10, and Windows Server 2016, create one GPO, configure it by using the tasks in this checklist, and then make a copy of the GPO for the other version of Windows. For example, create and configure the GPO for Windows 10 or Windows 11, make a copy of it for Windows Server 2016, and then follow the steps in this checklist to make the few required changes to the copy. | [Checklist: Creating Group Policy Objects](checklist-creating-group-policy-objects.md)<br/>[Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)| 
 | If you are working on a GPO that was copied from another, modify the group membership and WMI filters so that they are correct for the devices for which this GPO is intended.| [Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)| 
 | Configure the GPO with firewall default settings appropriate for your design.| [Checklist: Configuring Basic Firewall Settings](checklist-configuring-basic-firewall-settings.md)| 
 | Create one or more inbound firewall rules to allow unsolicited inbound network traffic.| [Checklist: Creating Inbound Firewall Rules](checklist-creating-inbound-firewall-rules.md)| 
diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md
index 52c11e99ed..1166334bca 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md
@@ -1,5 +1,5 @@
 ---
-title: Checklist Implementing a Certificate-based Isolation Policy Design (Windows 10)
+title: Checklist Implementing a Certificate-based Isolation Policy Design (Windows)
 description: Use these references to learn about using certificates as an authentication option and configure a certificate-based isolation policy design.
 ms.assetid: 1e34b5ea-2e77-4598-a765-550418d33894
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 This parent checklist includes cross-reference links to important concepts about using certificates as an authentication option in either a domain isolation or server isolation design.
 
diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md
index 1261adcbb9..cf988d2a7d 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md
@@ -1,5 +1,5 @@
 ---
-title: Checklist Implementing a Domain Isolation Policy Design (Windows 10)
+title: Checklist Implementing a Domain Isolation Policy Design (Windows)
 description: Use these references to learn about the domain isolation policy design and links to other checklists to complete tasks require to implement this design.
 ms.assetid: 76586eb3-c13c-4d71-812f-76bff200fc20
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 This parent checklist includes cross-reference links to important concepts about the domain isolation policy design. It also contains links to subordinate checklists that will help you complete the tasks that are required to implement this design.
 
diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md
index 1d53748cc1..b571f7dce4 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md
@@ -1,5 +1,5 @@
 ---
-title: Checklist Implementing a Standalone Server Isolation Policy Design (Windows 10)
+title: Checklist Implementing a Standalone Server Isolation Policy Design (Windows)
 description: Use these tasks to create a server isolation policy design that is not part of an isolated domain. See references to concepts and links to other checklists.
 ms.assetid: 50a997d8-f079-408c-8ac6-ecd02078ade3
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 This checklist contains procedures for creating a server isolation policy design that is not part of an isolated domain. For the steps required to create an isolated server zone within an isolated domain, see [Checklist: Configuring Rules for an Isolated Server Zone](checklist-configuring-rules-for-an-isolated-server-zone.md).
 
diff --git a/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md b/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md
index e6fd6b4090..1841e7d9f5 100644
--- a/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md
+++ b/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md
@@ -1,5 +1,5 @@
 ---
-title: Configure Authentication Methods (Windows 10)
+title: Configure Authentication Methods (Windows)
 description: Learn how to configure authentication methods for devices in an isolated domain or standalone server zone in Windows Defender Firewall with Advanced Security.
 ms.assetid: 5fcdc523-617f-4233-9213-15fe19f4cd02
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 This procedure shows you how to configure the authentication methods that can be used by computers in an isolated domain or standalone isolated server zone.
 
diff --git a/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md b/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md
index 41b2b78f6c..2ef49bcb9e 100644
--- a/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md
+++ b/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md
@@ -1,5 +1,5 @@
 ---
-title: Configure Data Protection (Quick Mode) Settings (Windows 10)
+title: Configure Data Protection (Quick Mode) Settings (Windows)
 description: Learn how to configure the data protection settings for connection security rules in an isolated domain or a standalone isolated server zone.
 ms.assetid: fdcb1b36-e267-4be7-b842-5df9a067c9e0
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 This procedure shows you how to configure the data protection (quick mode) settings for connection security rules in an isolated domain or a standalone isolated server zone.
 
diff --git a/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md b/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md
index cfc3364fe7..064de062cf 100644
--- a/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md
+++ b/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md
@@ -1,5 +1,5 @@
 ---
-title: Configure Group Policy to Autoenroll and Deploy Certificates (Windows 10)
+title: Configure Group Policy to Autoenroll and Deploy Certificates (Windows)
 description: Learn how to configure Group Policy to automatically enroll client computer certificates and deploy them to the workstations on your network.
 ms.assetid: faeb62b5-2cc3-42f7-bee5-53ba45d05c09
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 You can use this procedure to configure Group Policy to automatically enroll client computer certificates and deploy them to the workstations on your network. Follow this procedure for each GPO that contains IPsec connection security rules that require this certificate.
 
diff --git a/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md b/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md
index f1b75a3291..3164f07dea 100644
--- a/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md
+++ b/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md
@@ -1,5 +1,5 @@
 ---
-title: Configure Key Exchange (Main Mode) Settings (Windows 10)
+title: Configure Key Exchange (Main Mode) Settings (Windows)
 description: Learn how to configure the main mode key exchange settings used to secure the IPsec authentication traffic in Windows Defender Firewall with Advanced Security.
 ms.assetid: 5c593b6b-2cd9-43de-9b4e-95943fe82f52
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 This procedure shows you how to configure the main mode key exchange settings used to secure the IPsec authentication traffic.
 
diff --git a/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md b/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md
index 561ea0f380..e3d4f8f8b6 100644
--- a/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md
+++ b/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md
@@ -1,5 +1,5 @@
 ---
-title: Configure the Rules to Require Encryption (Windows 10)
+title: Configure the Rules to Require Encryption (Windows)
 description: Learn how to configure rules to add encryption algorithms and delete the algorithm combinations that do not use encryption for zones that require encryption.
 ms.assetid: 07b7760f-3225-4b4b-b418-51787b0972a0
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
diff --git a/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md b/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md
index 4c82249ccd..a4a7b01573 100644
--- a/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md
+++ b/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md
@@ -1,5 +1,5 @@
 ---
-title: Configure the Windows Defender Firewall Log (Windows 10)
+title: Configure the Windows Defender Firewall Log (Windows)
 description: Learn how to configure Windows Defender Firewall with Advanced Security to log dropped packets or successful connections by using Group Policy Management MMC.
 ms.assetid: f037113d-506b-44d3-b9c0-0b79d03e7d18
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 To configure Windows Defender Firewall with Advanced Security to log dropped packets or successful connections, use the Windows Defender Firewall with Advanced Security node in the Group Policy Management MMC snap-in.
 
diff --git a/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md b/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md
index 7ff2117797..58fdd2dd8a 100644
--- a/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md
+++ b/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md
@@ -1,5 +1,5 @@
 ---
-title: Configure the Workstation Authentication Template (Windows 10)
+title: Configure the Workstation Authentication Template (Windows)
 description: Learn how to configure a workstation authentication certificate template, which is used for device certificates that are enrolled and deployed to workstations.
 ms.assetid: c3ac9960-6efc-47c1-bd69-d9d4bf84f7a6
 ms.reviewer: 
@@ -11,7 +11,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 author: dansimp
-ms.date: 07/30/2018
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -19,7 +19,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 This procedure describes how to configure a certificate template that Active Directory Certification Services (AD CS) uses as the starting point for device certificates that are automatically enrolled and deployed to workstations in the domain. It shows how to create a copy of a template, and then configure the template according to your design requirements.
 
diff --git a/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md b/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md
index 200675b11a..ee29ef81e8 100644
--- a/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md
+++ b/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md
@@ -1,5 +1,5 @@
 ---
-title: Configure Windows Defender Firewall with Advanced Security to Suppress Notifications When a Program is Blocked (Windows 10)
+title: Configure Windows Defender Firewall with Advanced Security to Suppress Notifications When a Program is Blocked (Windows)
 description: Configure Windows Defender Firewall with Advanced Security to suppress notifications when a program is Bbocked
 ms.assetid: b7665d1d-f4d2-4b5a-befc-8b6bd940f69b
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 To configure Windows Defender Firewall with Advanced Security to suppress the display of a notification when it blocks a program that tries to listen for network traffic and to prohibit locally defined rules, use the Windows Defender Firewall with Advanced Security node in the Group Policy Management console.
 
diff --git a/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md b/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md
index 8af8ad2d89..6e1c2f5c0b 100644
--- a/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md
+++ b/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md
@@ -1,5 +1,5 @@
 ---
-title: Confirm That Certificates Are Deployed Correctly (Windows 10)
+title: Confirm That Certificates Are Deployed Correctly (Windows)
 description: Learn how to confirm that a Group Policy is being applied as expected and that the certificates are being properly installed on the workstations.
 ms.assetid: de0c8dfe-16b0-4d3b-8e8f-9282f6a65eee
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 After configuring your certificates and autoenrollment in Group Policy, you can confirm that the policy is being applied as expected, and that the certificates are being properly installed on the workstation devices.
 
diff --git a/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md b/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md
index 4020fab006..ac157cc912 100644
--- a/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md
+++ b/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md
@@ -1,5 +1,5 @@
 ---
-title: Copy a GPO to Create a New GPO (Windows 10)
+title: Copy a GPO to Create a New GPO (Windows)
 description: Learn how to make a copy of a GPO by using the Active Directory Users and devices MMC snap-in to create a GPO for boundary zone devices.
 ms.assetid: 7f6a23e5-4b3f-40d6-bf6d-7895558b1406
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 To create the GPO for the boundary zone devices, make a copy of the main domain isolation GPO, and then change the settings to request, instead of require, authentication. To make a copy of a GPO, use the Active Directory Users and devices MMC snap-in.
 
@@ -56,4 +57,4 @@ To complete this procedure, you must be a member of the Domain Administrators gr
 
 12. Type the name of the group that contains members of the boundary zone, for example **CG\_DOMISO\_Boundary**, and then click **OK**.
 
-13. If required, change the WMI filter to one appropriate for the new GPO. For example, if the original GPO is for client devices running Windows 10, and the new boundary zone GPO is for devices running Windows Server 2016, then select a WMI filter that allows only those devices to read and apply the GPO.
+13. If required, change the WMI filter to one appropriate for the new GPO. For example, if the original GPO is for client devices running Windows 10 or Windows 11, and the new boundary zone GPO is for devices running Windows Server 2016, then select a WMI filter that allows only those devices to read and apply the GPO.
diff --git a/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md b/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md
index 3511ad7f7f..844bf1db69 100644
--- a/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md
+++ b/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md
@@ -1,5 +1,5 @@
 ---
-title: Create a Group Account in Active Directory (Windows 10)
+title: Create a Group Account in Active Directory (Windows)
 description: Learn how to create a security group for the computers that are to receive Group Policy settings by using the Active Directory Users and Computers console.
 ms.assetid: c3700413-e02d-4d56-96b8-7991f97ae432
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 To create a security group to contain the computer accounts for the computers that are to receive a set of Group Policy settings, use the Active Directory Users and Computers console.
 
diff --git a/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md b/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md
index e6e1e18867..b7b3944df5 100644
--- a/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md
+++ b/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md
@@ -1,5 +1,5 @@
 ---
-title: Create a Group Policy Object (Windows 10)
+title: Create a Group Policy Object (Windows)
 description: Learn how to use the Active Directory Users and Computers MMC snap-in to create a GPO. You must be a member of the Domain Administrators group.
 ms.assetid: 72a50dd7-5033-4d97-a5eb-0aff8a35cced
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 To create a new GPO, use the Active Directory Users and Computers MMC snap-in.
 
diff --git a/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md b/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md
index 35cb8d066a..c28612d61c 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md
@@ -1,5 +1,5 @@
 ---
-title: Create an Authentication Exemption List Rule (Windows 10)
+title: Create an Authentication Exemption List Rule (Windows)
 description: Learn how to create rules that exempt devices that cannot communicate by using IPSec from the authentication requirements of your isolation policies.
 ms.assetid: 8f6493f3-8527-462a-82c0-fd91a6cb5dd8
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 In almost any isolated server or isolated domain scenario, there are some devices or devices that cannot communicate by using IPsec. This procedure shows you how to create rules that exempt those devices from the authentication requirements of your isolation policies.
 
diff --git a/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md b/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md
index 43156e1bc5..b3a12b2ba9 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md
@@ -1,5 +1,5 @@
 ---
-title: Create an Authentication Request Rule (Windows 10)
+title: Create an Authentication Request Rule (Windows)
 description: Create a new rule for Windows Defender Firewall with Advanced Security so devices on the network use IPsec protocols and methods before they can communicate.
 ms.assetid: 1296e048-039f-4d1a-aaf2-8472ad05e359
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to:**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 After you have configured IPsec algorithms and authentication methods, you can create the rule that requires the devices on the network to use those protocols and methods before they can communicate.
 
diff --git a/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md b/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md
index c56953f28c..53f49581bd 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md
@@ -1,5 +1,5 @@
 ---
-title: Create an Inbound ICMP Rule (Windows 10)
+title: Create an Inbound ICMP Rule (Windows)
 description: Learn how to allow inbound ICMP traffic by using the Group Policy Management MMC snap-in to create rules in Windows Defender Firewall with Advanced Security.
 ms.assetid: 267b940a-79d9-4322-b53b-81901e357344
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 To allow inbound Internet Control Message Protocol (ICMP) network traffic, use the Windows Defender Firewall with Advanced Security node in the Group Policy Management MMC snap-in to create firewall rules. This type of rule allows ICMP requests and responses to be sent and received by computers on the network.
 

From c3fbd0d66deef9113652c390cfad359e6e46eec2 Mon Sep 17 00:00:00 2001
From: Ashok Lobo <v-ashoklobo@microsoft.com>
Date: Tue, 7 Sep 2021 18:02:06 +0530
Subject: [PATCH 134/671] Updated for 5358843-files176to200

---
 windows/security/threat-protection/auditing/event-4777.md | 6 +-----
 windows/security/threat-protection/auditing/event-4778.md | 6 +-----
 windows/security/threat-protection/auditing/event-4779.md | 6 +-----
 windows/security/threat-protection/auditing/event-4780.md | 6 +-----
 windows/security/threat-protection/auditing/event-4781.md | 6 +-----
 windows/security/threat-protection/auditing/event-4782.md | 6 +-----
 windows/security/threat-protection/auditing/event-4793.md | 6 +-----
 windows/security/threat-protection/auditing/event-4794.md | 6 +-----
 windows/security/threat-protection/auditing/event-4798.md | 6 +-----
 windows/security/threat-protection/auditing/event-4799.md | 6 +-----
 windows/security/threat-protection/auditing/event-4800.md | 6 +-----
 windows/security/threat-protection/auditing/event-4801.md | 6 +-----
 windows/security/threat-protection/auditing/event-4802.md | 6 +-----
 windows/security/threat-protection/auditing/event-4803.md | 6 +-----
 windows/security/threat-protection/auditing/event-4816.md | 6 +-----
 windows/security/threat-protection/auditing/event-4817.md | 6 +-----
 windows/security/threat-protection/auditing/event-4818.md | 6 +-----
 windows/security/threat-protection/auditing/event-4819.md | 6 +-----
 windows/security/threat-protection/auditing/event-4826.md | 6 +-----
 windows/security/threat-protection/auditing/event-4864.md | 6 +-----
 windows/security/threat-protection/auditing/event-4865.md | 6 +-----
 windows/security/threat-protection/auditing/event-4866.md | 6 +-----
 windows/security/threat-protection/auditing/event-4867.md | 6 +-----
 windows/security/threat-protection/auditing/event-4902.md | 6 +-----
 windows/security/threat-protection/auditing/event-4904.md | 6 +-----
 25 files changed, 25 insertions(+), 125 deletions(-)

diff --git a/windows/security/threat-protection/auditing/event-4777.md b/windows/security/threat-protection/auditing/event-4777.md
index 28a4b42d08..f5b01ce6aa 100644
--- a/windows/security/threat-protection/auditing/event-4777.md
+++ b/windows/security/threat-protection/auditing/event-4777.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4777(F): The domain controller failed to validate the credentials for an account.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Currently this event doesn’t generate. It is a defined event, but it is never invoked by the operating system. [4776](event-4776.md) failure event is generated instead.
 
diff --git a/windows/security/threat-protection/auditing/event-4778.md b/windows/security/threat-protection/auditing/event-4778.md
index 8293e41487..f7278c0017 100644
--- a/windows/security/threat-protection/auditing/event-4778.md
+++ b/windows/security/threat-protection/auditing/event-4778.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4778(S): A session was reconnected to a Window Station.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4778.png" alt="Event 4778 illustration" width="449" height="491" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4779.md b/windows/security/threat-protection/auditing/event-4779.md
index 29836498cc..3f34f106e4 100644
--- a/windows/security/threat-protection/auditing/event-4779.md
+++ b/windows/security/threat-protection/auditing/event-4779.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4779(S): A session was disconnected from a Window Station.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4779.png" alt="Event 4779 illustration" width="449" height="504" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4780.md b/windows/security/threat-protection/auditing/event-4780.md
index 00faedae10..94b8733eab 100644
--- a/windows/security/threat-protection/auditing/event-4780.md
+++ b/windows/security/threat-protection/auditing/event-4780.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4780(S): The ACL was set on accounts which are members of administrators groups.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Every hour, the domain controller that holds the primary domain controller (PDC) Flexible Single Master Operation (FSMO) role compares the ACL on all security principal accounts (users, groups, and machine accounts) present for its domain in Active Directory and that are in administrative or security-sensitive groups and which have AdminCount attribute = 1 against the ACL on the [AdminSDHolder](/previous-versions/technet-magazine/ee361593(v=msdn.10)) object. If the ACL on the principal account differs from the ACL on the AdminSDHolder object, then the ACL on the principal account is reset to match the ACL on the AdminSDHolder object and this event is generated.
 
diff --git a/windows/security/threat-protection/auditing/event-4781.md b/windows/security/threat-protection/auditing/event-4781.md
index 2adb3bcac5..0e7051d0c0 100644
--- a/windows/security/threat-protection/auditing/event-4781.md
+++ b/windows/security/threat-protection/auditing/event-4781.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4781(S): The name of an account was changed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4781.png" alt="Event 4781 illustration" width="449" height="474" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4782.md b/windows/security/threat-protection/auditing/event-4782.md
index e0ecc19336..0d7d285e29 100644
--- a/windows/security/threat-protection/auditing/event-4782.md
+++ b/windows/security/threat-protection/auditing/event-4782.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4782(S): The password hash of an account was accessed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4782.png" alt="Event 4782 illustration" width="449" height="407" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4793.md b/windows/security/threat-protection/auditing/event-4793.md
index 4b75a802d5..d471201647 100644
--- a/windows/security/threat-protection/auditing/event-4793.md
+++ b/windows/security/threat-protection/auditing/event-4793.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4793(S): The Password Policy Checking API was called.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4793.png" alt="Event 4793 illustration" width="449" height="419" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4794.md b/windows/security/threat-protection/auditing/event-4794.md
index 6e585048c1..6901d09cbe 100644
--- a/windows/security/threat-protection/auditing/event-4794.md
+++ b/windows/security/threat-protection/auditing/event-4794.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4794(S, F): An attempt was made to set the Directory Services Restore Mode administrator password.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4794.png" alt="Event 4794 illustration" width="449" height="418" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4798.md b/windows/security/threat-protection/auditing/event-4798.md
index 3fddfd9b65..15a1328384 100644
--- a/windows/security/threat-protection/auditing/event-4798.md
+++ b/windows/security/threat-protection/auditing/event-4798.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4798(S): A user's local group membership was enumerated.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4798.png" alt="Event 4798 illustration" width="438" height="402" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4799.md b/windows/security/threat-protection/auditing/event-4799.md
index 18b337fcdc..92441ae64b 100644
--- a/windows/security/threat-protection/auditing/event-4799.md
+++ b/windows/security/threat-protection/auditing/event-4799.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4799(S): A security-enabled local group membership was enumerated.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4799.png" alt="Event 4799 illustration" width="438" height="402" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4800.md b/windows/security/threat-protection/auditing/event-4800.md
index 92c543f8b0..2e468c9d92 100644
--- a/windows/security/threat-protection/auditing/event-4800.md
+++ b/windows/security/threat-protection/auditing/event-4800.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4800(S): The workstation was locked.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4800.png" alt="Event 4800 illustration" width="449" height="364" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4801.md b/windows/security/threat-protection/auditing/event-4801.md
index ed7c8ec85c..7da15cbbe7 100644
--- a/windows/security/threat-protection/auditing/event-4801.md
+++ b/windows/security/threat-protection/auditing/event-4801.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4801(S): The workstation was unlocked.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4801.png" alt="Event 4801 illustration" width="449" height="364" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4802.md b/windows/security/threat-protection/auditing/event-4802.md
index 9f5fa2b8e3..7ea6add001 100644
--- a/windows/security/threat-protection/auditing/event-4802.md
+++ b/windows/security/threat-protection/auditing/event-4802.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4802(S): The screen saver was invoked.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4802.png" alt="Event 4802 illustration" width="449" height="363" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4803.md b/windows/security/threat-protection/auditing/event-4803.md
index 20304e4527..4971789fd3 100644
--- a/windows/security/threat-protection/auditing/event-4803.md
+++ b/windows/security/threat-protection/auditing/event-4803.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4803(S): The screen saver was dismissed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4803.png" alt="Event 4803 illustration" width="449" height="363" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4816.md b/windows/security/threat-protection/auditing/event-4816.md
index 9e36c52bb1..a2c127435d 100644
--- a/windows/security/threat-protection/auditing/event-4816.md
+++ b/windows/security/threat-protection/auditing/event-4816.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4816(S): RPC detected an integrity violation while decrypting an incoming message.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This message generates if RPC detected an integrity violation while decrypting an incoming message.
 
diff --git a/windows/security/threat-protection/auditing/event-4817.md b/windows/security/threat-protection/auditing/event-4817.md
index 0b0fc16bf7..3744b68704 100644
--- a/windows/security/threat-protection/auditing/event-4817.md
+++ b/windows/security/threat-protection/auditing/event-4817.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4817(S): Auditing settings on object were changed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4817.png" alt="Event 4817 illustration" width="616" height="480" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4818.md b/windows/security/threat-protection/auditing/event-4818.md
index 05266e39e5..c71a145e05 100644
--- a/windows/security/threat-protection/auditing/event-4818.md
+++ b/windows/security/threat-protection/auditing/event-4818.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4818(S): Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4818.png" alt="Event 4818 illustration" width="727" height="725" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4819.md b/windows/security/threat-protection/auditing/event-4819.md
index 3751b39e45..f3acc685b2 100644
--- a/windows/security/threat-protection/auditing/event-4819.md
+++ b/windows/security/threat-protection/auditing/event-4819.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4819(S): Central Access Policies on the machine have been changed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4819.png" alt="Event 4819 illustration" width="449" height="540" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4826.md b/windows/security/threat-protection/auditing/event-4826.md
index 2e78b4c653..27f8cbeb41 100644
--- a/windows/security/threat-protection/auditing/event-4826.md
+++ b/windows/security/threat-protection/auditing/event-4826.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4826(S): Boot Configuration Data loaded.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4826.png" alt="Event 4826 illustration" width="438" height="494" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4864.md b/windows/security/threat-protection/auditing/event-4864.md
index ca1995291e..aec977eddd 100644
--- a/windows/security/threat-protection/auditing/event-4864.md
+++ b/windows/security/threat-protection/auditing/event-4864.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4864(S): A namespace collision was detected.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event is generated when a namespace collision was detected.
 
diff --git a/windows/security/threat-protection/auditing/event-4865.md b/windows/security/threat-protection/auditing/event-4865.md
index 063eb88afc..994d2407a3 100644
--- a/windows/security/threat-protection/auditing/event-4865.md
+++ b/windows/security/threat-protection/auditing/event-4865.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4865(S): A trusted forest information entry was added.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4865.png" alt="Event 4865 illustration" width="449" height="502" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4866.md b/windows/security/threat-protection/auditing/event-4866.md
index 922d662887..ad75bb1d68 100644
--- a/windows/security/threat-protection/auditing/event-4866.md
+++ b/windows/security/threat-protection/auditing/event-4866.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4866(S): A trusted forest information entry was removed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4866.png" alt="Event 4866 illustration" width="449" height="502" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4867.md b/windows/security/threat-protection/auditing/event-4867.md
index a8fdb4a693..e82918ba71 100644
--- a/windows/security/threat-protection/auditing/event-4867.md
+++ b/windows/security/threat-protection/auditing/event-4867.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4867(S): A trusted forest information entry was modified.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4867.png" alt="Event 4867 illustration" width="449" height="502" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4902.md b/windows/security/threat-protection/auditing/event-4902.md
index d5a7640b84..67d2817434 100644
--- a/windows/security/threat-protection/auditing/event-4902.md
+++ b/windows/security/threat-protection/auditing/event-4902.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4902(S): The Per-user audit policy table was created.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4902.png" alt="Event 4902 illustration" width="449" height="317" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4904.md b/windows/security/threat-protection/auditing/event-4904.md
index 268606eab6..0a72ca6e45 100644
--- a/windows/security/threat-protection/auditing/event-4904.md
+++ b/windows/security/threat-protection/auditing/event-4904.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4904(S): An attempt was made to register a security event source.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4904.png" alt="Event 4904 illustration" width="449" height="462" hspace="10" align="left" />
 

From ef1fafcb474c4678568af238c4d7fbd980521114 Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Tue, 7 Sep 2021 10:06:34 -0400
Subject: [PATCH 135/671] updating branch; fixed link

---
 .../configuration/supported-csp-start-menu-layout-windows.md | 5 +++--
 .../configuration/use-json-customize-start-menu-windows.md   | 5 +++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/windows/configuration/supported-csp-start-menu-layout-windows.md b/windows/configuration/supported-csp-start-menu-layout-windows.md
index d241981f97..6fad4fcfa8 100644
--- a/windows/configuration/supported-csp-start-menu-layout-windows.md
+++ b/windows/configuration/supported-csp-start-menu-layout-windows.md
@@ -5,12 +5,13 @@ ms.assetid:
 ms.reviewer: 
 manager: dougeby
 ms.author: mandia
+ms.reviewer: ericpapa
 ms.prod: w11
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mobile
 author: MandiOhlinger
-ms.date: 09/02/2021
+ms.date: 09/07/2021
 ms.localizationpriority: medium
 ---
 
@@ -58,7 +59,7 @@ For more general information, see [Configuration service provider reference](../
 
 ## Untested policies
 
-- [Start/HideFrequentlyUsedApps]((../client-management/mdm/policy-csp-start.md#start-hidefrequentlyusedapps)): What does this configure on Windows 10? How is it different than ShowOrHideMostUsedApps? 
+- [Start/HideFrequentlyUsedApps](../client-management/mdm/policy-csp-start.md#start-hidefrequentlyusedapps): What does this configure on Windows 10? How is it different than ShowOrHideMostUsedApps? 
 
 ## Existing CSP policies that don't support Windows 11
 
diff --git a/windows/configuration/use-json-customize-start-menu-windows.md b/windows/configuration/use-json-customize-start-menu-windows.md
index a39aa6a2cc..c9eae45f65 100644
--- a/windows/configuration/use-json-customize-start-menu-windows.md
+++ b/windows/configuration/use-json-customize-start-menu-windows.md
@@ -5,12 +5,13 @@ ms.assetid:
 ms.reviewer: 
 manager: dougeby
 ms.author: mandia
+ms.reviewer: ericpapa
 ms.prod: w11
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mobile
 author: MandiOhlinger
-ms.date: 09/02/2021
+ms.date: 09/07/2021
 ms.localizationpriority: medium
 ---
 
@@ -91,7 +92,7 @@ If you're familiar with creating JSON files, you can create your own `LayoutModi
 
 ### Get the pinnedList JSON syntax
 
-1. Open the `LayoutModification.json` file in a JSON editor, such as Visual Studio Code. For more information, see [edit JSON with Visual Studio Code](https://code.visualstudio.com/docs/languages/json).
+1. Open the `LayoutModification.json` file in a JSON editor, such as Visual Studio Code or the Notepad app. For more information, see [edit JSON with Visual Studio Code](https://code.visualstudio.com/docs/languages/json).
 2. In the file, you see the `pinnedList` section. This section includes all the apps that are pinned. Copy the syntax. You'll use it in the next section.
 
     In the following example, you see that Microsoft Edge, Microsoft Word, the Microsoft Store app, and Notepad are pinned:

From f3ae7d10856bed5bca7bd46238c0388b038dec25 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Tue, 7 Sep 2021 20:57:11 +0530
Subject: [PATCH 136/671] Updated

---
 .../mdm/policy-csp-abovelock.md               | 10 ---
 .../mdm/policy-csp-admx-addremoveprograms.md  | 67 +++++++++----------
 2 files changed, 33 insertions(+), 44 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md
index ce57cf318f..36f429b833 100644
--- a/windows/client-management/mdm/policy-csp-abovelock.md
+++ b/windows/client-management/mdm/policy-csp-abovelock.md
@@ -152,16 +152,6 @@ The following list shows the supported values:
 <!--/Policy-->
 <hr/>
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
index 478ce5c0d7..6e80fa4b4b 100644
--- a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
+++ b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
@@ -92,8 +92,8 @@ manager: dansimp
      <td>Yes</td>
 <tr>
     <td>Education</td>
-     <td>No</td>
-     <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -111,7 +111,7 @@ manager: dansimp
 <!--/Scope-->
 <!--Description-->
 
-Available in the latest Windows 10 Insider Preview Build. The policy setting specifies the category of programs that appears when users open the "Add New Programs" page. If you enable this setting, only the programs in the category you specify are displayed when the "Add New Programs" page opens. You can use the Category box on the "Add New Programs" page to display programs in other categories. 
+The policy setting specifies the category of programs that appears when users open the "Add New Programs" page. If you enable this setting, only the programs in the category you specify are displayed when the "Add New Programs" page opens. You can use the Category box on the "Add New Programs" page to display programs in other categories. 
 
 To use this setting, type the name of a category in the Category box for this setting. You must enter a category that is already defined in Add or Remove Programs. To define a category, use Software Installation.
 
@@ -181,8 +181,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -200,7 +200,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting removes the "Add a program from CD-ROM or floppy disk" section from the Add New Programs page. This prevents users from using Add or Remove Programs to install programs from removable media.
+This policy setting removes the "Add a program from CD-ROM or floppy disk" section from the Add New Programs page. This prevents users from using Add or Remove Programs to install programs from removable media.
 
 If you disable this setting or do not configure it, the "Add a program from CD-ROM or floppy disk" option is available to all users. This setting does not prevent users from using other tools and methods to add or remove program components.
 
@@ -268,8 +268,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -287,7 +287,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting removes the "Add programs from Microsoft" section from the Add New Programs page. This setting prevents users from using Add or Remove Programs to connect to Windows Update.
+This policy setting removes the "Add programs from Microsoft" section from the Add New Programs page. This setting prevents users from using Add or Remove Programs to connect to Windows Update.
 
 If you disable this setting or do not configure it, "Add programs from Microsoft" is available to all users. This setting does not prevent users from using other tools and methods to connect to Windows Update.
 
@@ -355,8 +355,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -374,7 +374,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from viewing or installing published programs. This setting removes the "Add programs from your network" section from the Add New Programs page. The "Add programs from your network" section lists published programs and provides an easy way to install them. Published programs are those programs that the system administrator has explicitly made available to the user with a tool such as Windows Installer. Typically, system administrators publish programs to notify users that the programs are available, to recommend their use, or to enable users to install them without having to search for installation files. 
+This policy setting prevents users from viewing or installing published programs. This setting removes the "Add programs from your network" section from the Add New Programs page. The "Add programs from your network" section lists published programs and provides an easy way to install them. Published programs are those programs that the system administrator has explicitly made available to the user with a tool such as Windows Installer. Typically, system administrators publish programs to notify users that the programs are available, to recommend their use, or to enable users to install them without having to search for installation files. 
 
 If you enable this setting, users cannot tell which programs have been published by the system administrator, and they cannot use Add or Remove Programs to install published programs. However, they can still install programs by using other methods, and they can view and install assigned (partially installed) programs that are offered on the desktop or on the Start menu. 
 
@@ -443,8 +443,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -462,7 +462,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting removes the Add New Programs button from the Add or Remove Programs bar. As a result, users cannot view or change the attached page. The Add New Programs button lets users install programs published or assigned by a system administrator.
+This policy setting removes the Add New Programs button from the Add or Remove Programs bar. As a result, users cannot view or change the attached page. The Add New Programs button lets users install programs published or assigned by a system administrator.
 
 If you disable this setting or do not configure it, the Add New Programs button is available to all users. This setting does not prevent users from using other tools and methods to install programs.
 
@@ -527,8 +527,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -546,7 +546,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from using Add or Remove Programs. This setting removes Add or Remove Programs from Control Panel and removes the Add or Remove Programs item from menus. Add or Remove Programs lets users install, uninstall, repair, add, and remove features and components of Windows 2000 Professional and a wide variety of Windows programs. Programs published or assigned to the user appear in Add or Remove Programs. 
+This policy setting prevents users from using Add or Remove Programs. This setting removes Add or Remove Programs from Control Panel and removes the Add or Remove Programs item from menus. Add or Remove Programs lets users install, uninstall, repair, add, and remove features and components of Windows 2000 Professional and a wide variety of Windows programs. Programs published or assigned to the user appear in Add or Remove Programs. 
 
 If you disable this setting or do not configure it, Add or Remove Programs is available to all users. When enabled, this setting takes precedence over the other settings in this folder. This setting does not prevent users from using other tools and methods to install or uninstall programs.
 
@@ -611,8 +611,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -630,7 +630,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting removes the Set Program Access and Defaults button from the Add or Remove Programs bar. As a result, users cannot view or change the associated page. The Set Program Access and Defaults button lets administrators specify default programs for certain activities, such as Web browsing or sending e-mail, as well as which programs are accessible from the Start menu, desktop, and other locations. 
+This policy setting removes the Set Program Access and Defaults button from the Add or Remove Programs bar. As a result, users cannot view or change the associated page. The Set Program Access and Defaults button lets administrators specify default programs for certain activities, such as Web browsing or sending e-mail, as well as which programs are accessible from the Start menu, desktop, and other locations. 
 
 If you disable this setting or do not configure it, the Set Program Access and Defaults button is available to all users. This setting does not prevent users from using other tools and methods to change program access or defaults. This setting does not prevent the Set Program Access and Defaults icon from appearing on the Start menu. See the "Remove Set Program Access and Defaults from Start menu" setting.
 
@@ -696,9 +696,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
-</tr>
+    <td>Yes</td>
+    <td>Yes</td>
 </table>
 
 <!--/SupportedSKUs-->
@@ -715,7 +714,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting removes the Change or Remove Programs button from the Add or Remove Programs bar. As a result, users cannot view or change the attached page. The Change or Remove Programs button lets users uninstall, repair, add, or remove features of installed programs.
+This policy setting removes the Change or Remove Programs button from the Add or Remove Programs bar. As a result, users cannot view or change the attached page. The Change or Remove Programs button lets users uninstall, repair, add, or remove features of installed programs.
 
 If you disable this setting or do not configure it, the Change or Remove Programs page is available to all users. This setting does not prevent users from using other tools and methods to delete or uninstall programs.
 
@@ -780,8 +779,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -799,7 +798,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from using Add or Remove Programs to configure installed services. This setting removes the "Set up services" section of the Add/Remove Windows Components page. The "Set up services" section lists system services that have not been configured and offers users easy access to the configuration tools.
+This policy setting prevents users from using Add or Remove Programs to configure installed services. This setting removes the "Set up services" section of the Add/Remove Windows Components page. The "Set up services" section lists system services that have not been configured and offers users easy access to the configuration tools.
 
 If you disable this setting or do not configure it, "Set up services" appears only when there are unconfigured system services. If you enable this setting, "Set up services" never appears. This setting does not prevent users from using other methods to configure services.
 
@@ -867,8 +866,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -886,7 +885,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting removes links to the Support Info dialog box from programs on the Change or Remove Programs page. Programs listed on the Change or Remove Programs page can include a "Click here for support information" hyperlink. When clicked, the hyperlink opens a dialog box that displays troubleshooting information, including a link to the installation files and data that users need to obtain product support, such as the Product ID and version number of the program. The dialog box also includes a hyperlink to support information on the Internet, such as the Microsoft Product Support Services Web page.
+This policy setting removes links to the Support Info dialog box from programs on the Change or Remove Programs page. Programs listed on the Change or Remove Programs page can include a "Click here for support information" hyperlink. When clicked, the hyperlink opens a dialog box that displays troubleshooting information, including a link to the installation files and data that users need to obtain product support, such as the Product ID and version number of the program. The dialog box also includes a hyperlink to support information on the Internet, such as the Microsoft Product Support Services Web page.
 
 If you disable this setting or do not configure it, the Support Info hyperlink appears.
 
@@ -954,8 +953,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -973,7 +972,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting removes the Add/Remove Windows Components button from the Add or Remove Programs bar. As a result, users cannot view or change the associated page. The Add/Remove Windows Components button lets users configure installed services and use the Windows Component Wizard to add, remove, and configure components of Windows from the installation files.
+This policy setting removes the Add/Remove Windows Components button from the Add or Remove Programs bar. As a result, users cannot view or change the associated page. The Add/Remove Windows Components button lets users configure installed services and use the Windows Component Wizard to add, remove, and configure components of Windows from the installation files.
 
 If you disable this setting or do not configure it, the Add/Remove Windows Components button is available to all users. This setting does not prevent users from using other tools and methods to configure services or add or remove program components. However, this setting blocks user access to the Windows Component Wizard.
 

From 7249c9c21dfbeb36659694d5ba096d4d1c0c9dc1 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Tue, 7 Sep 2021 21:48:34 +0530
Subject: [PATCH 137/671] Updated

---
 .../mdm/policy-csp-accounts.md                | 57 +++++++++----------
 .../mdm/policy-csp-activexcontrols.md         | 10 ----
 .../policy-csp-admx-activexinstallservice.md  |  2 +-
 .../mdm/policy-csp-admx-appcompat.md          | 54 +++++++++---------
 4 files changed, 54 insertions(+), 69 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md
index 2d31514b75..2416669864 100644
--- a/windows/client-management/mdm/policy-csp-accounts.md
+++ b/windows/client-management/mdm/policy-csp-accounts.md
@@ -56,19 +56,19 @@ manager: dansimp
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
 </tr>
 <tr>
     <td>Mobile</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
 </tr>
 <tr>
     <td>Mobile Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
 </tr>
 </table>
 
@@ -110,36 +110,38 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
 </tr>
 <tr>
     <td>Mobile</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
 </tr>
 <tr>
     <td>Mobile Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
 </tr>
 </table>
 
@@ -178,36 +180,38 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
 </tr>
 <tr>
     <td>Mobile</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
 </tr>
 <tr>
     <td>Mobile Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
 </tr>
 </table>
 
@@ -243,15 +247,6 @@ The following list shows the supported values:
 <!--/Policy-->
 <hr/>
 
-Footnotes:
 
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 <!--/Policies-->
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md
index 218006e1a3..05a023f63f 100644
--- a/windows/client-management/mdm/policy-csp-activexcontrols.md
+++ b/windows/client-management/mdm/policy-csp-activexcontrols.md
@@ -97,16 +97,6 @@ ADMX Info:
 <!--/Policy-->
 <hr/>
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
index b4cea8e9e5..6194474bad 100644
--- a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
+++ b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
@@ -69,7 +69,7 @@ manager: dansimp
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the installation of ActiveX controls for sites in Trusted zone.
+This policy setting controls the installation of ActiveX controls for sites in Trusted zone.
 
 If you enable this policy setting, ActiveX controls are installed according to the settings defined by this policy setting.
 
diff --git a/windows/client-management/mdm/policy-csp-admx-appcompat.md b/windows/client-management/mdm/policy-csp-admx-appcompat.md
index 901a7a04b6..d3ca0e63c5 100644
--- a/windows/client-management/mdm/policy-csp-admx-appcompat.md
+++ b/windows/client-management/mdm/policy-csp-admx-appcompat.md
@@ -96,8 +96,8 @@ manager: dansimp
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -114,7 +114,7 @@ manager: dansimp
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to prevent the MS-DOS subsystem (**ntvdm.exe**) from running on this computer. This setting affects the launching of 16-bit applications in the operating system.
+This policy setting specifies whether to prevent the MS-DOS subsystem (**ntvdm.exe**) from running on this computer. This setting affects the launching of 16-bit applications in the operating system.
 
 You can use this setting to turn off the MS-DOS subsystem, which will reduce resource usage and prevent users from running 16-bit applications. To run any 16-bit application or any application with 16-bit components, **ntvdm.exe** must be allowed to run. The MS-DOS subsystem starts when the first 16-bit application is launched. While the MS-DOS subsystem is running, any subsequent 16-bit applications launch faster, but overall resource usage on the system is increased.
 
@@ -179,8 +179,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -197,7 +197,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the visibility of the Program Compatibility property page shell extension. This shell extension is visible on the property context-menu of any program shortcut or executable file.
+This policy setting controls the visibility of the Program Compatibility property page shell extension. This shell extension is visible on the property context-menu of any program shortcut or executable file.
 
 The compatibility property page displays a list of options that can be selected and applied to the application to resolve the most common issues affecting legacy applications.
 
@@ -256,8 +256,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -274,7 +274,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. The policy setting controls the state of the Application Telemetry engine in the system.
+The policy setting controls the state of the Application Telemetry engine in the system.
 
 Application Telemetry is a mechanism that tracks anonymous usage of specific Windows system components by applications.
 
@@ -337,8 +337,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -355,7 +355,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. The policy setting controls the state of the Switchback compatibility engine in the system.
+The policy setting controls the state of the Switchback compatibility engine in the system.
 
 Switchback is a mechanism that provides generic compatibility mitigations to older applications by providing older behavior to old applications and new behavior to new applications.
 
@@ -419,8 +419,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </table>
 
 <!--/SupportedSKUs-->
@@ -436,7 +436,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the state of the application compatibility engine in the system.
+This policy setting controls the state of the application compatibility engine in the system.
 
 The engine is part of the loader and looks through a compatibility database every time an application is started on the system. If a match for the application is found it provides either run-time solutions or compatibility fixes, or displays an Application Help message if the application has a know problem.
 
@@ -502,8 +502,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -520,7 +520,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility.
+This policy setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility.
 
 <!--/Description-->
 
@@ -575,8 +575,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -593,7 +593,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the state of the Program Compatibility Assistant (PCA). The PCA monitors applications run by the user. When a potential compatibility issue with an application is detected, the PCA will prompt the user with recommended solutions. To configure the diagnostic settings for the PCA, go to System->Troubleshooting and Diagnostics->Application Compatibility Diagnostics.
+This policy setting controls the state of the Program Compatibility Assistant (PCA). The PCA monitors applications run by the user. When a potential compatibility issue with an application is detected, the PCA will prompt the user with recommended solutions. To configure the diagnostic settings for the PCA, go to System->Troubleshooting and Diagnostics->Application Compatibility Diagnostics.
 
 If you enable this policy setting, the PCA will be turned off. The user will not be presented with solutions to known compatibility issues when running applications. Turning off the PCA can be useful for system administrators who require better performance and are already aware of application compatibility issues.
 
@@ -655,8 +655,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -673,7 +673,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the state of Steps Recorder.
+This policy setting controls the state of Steps Recorder.
 
 Steps Recorder keeps a record of steps taken by the user. The data generated by Steps Recorder can be used in feedback systems such as Windows Error Reporting to help developers understand and fix problems. The data includes user actions such as keyboard input and mouse input, user interface data, and screenshots.  Steps Recorder includes an option to turn on and off data collection.
 
@@ -734,8 +734,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -752,7 +752,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the state of the Inventory Collector. 
+This policy setting controls the state of the Inventory Collector. 
 
 The Inventory Collector inventories applications, files, devices, and drivers on the system and sends the information to Microsoft. This information is used to help diagnose compatibility problems.
 

From cde2dad00bc1531b3018a8289ba45c32b4ca9c8d Mon Sep 17 00:00:00 2001
From: Greg Lindsay <greg.lindsay@microsoft.com>
Date: Tue, 7 Sep 2021 09:30:43 -0700
Subject: [PATCH 138/671] Update provisioning-packages.md

---
 .../provisioning-packages.md                  | 32 +++++++++----------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/windows/configuration/provisioning-packages/provisioning-packages.md b/windows/configuration/provisioning-packages/provisioning-packages.md
index 47f42ccdec..e788dfc0a5 100644
--- a/windows/configuration/provisioning-packages/provisioning-packages.md
+++ b/windows/configuration/provisioning-packages/provisioning-packages.md
@@ -1,17 +1,17 @@
 ---
 title: Provisioning packages (Windows)
-description: With Windows 10 and 11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
+description: With Windows 10 and Windows 11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
 ms.assetid: 287706E5-063F-4AB5-902C-A0DF6D0730BC
 ms.reviewer: 
 manager: dansimp
-ms.prod: w10,w11
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: greg-lindsay
 ms.author: greglin
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 07/27/2017
+ms.date: 09/07/2021
 ---
 
 # Provisioning packages for Windows
@@ -79,24 +79,24 @@ The following table describes settings that you can configure using the wizards
 <table><tr><td align="left"><strong>Step</strong></td><td align="left"><strong>Description</strong></td><td><strong>Desktop wizard</strong></td><td><strong>Kiosk wizard</strong></td><td><strong>HoloLens wizard</strong></td></tr>
 <tr><td valign="top">Set up device</td><td valign="top">Assign device name,</br>enter product key to upgrade Windows,</br>configure shared used,</br>remove pre-installed software</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr>
 <tr><td valign="top">Set up network</td><td valign="top">Connect to a Wi-Fi network</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr>
-<tr><td valign="top">Account management</td><td valign="top">Enroll device in Active Directory,</br>enroll device in Azure Active Directory,</br>or create a local administrator account</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr>
-<tr><td valign="top">Bulk Enrollment in Azure AD</td><td valign="top">Enroll device in Azure Active Directory</br></br>Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, <a href="/azure/active-directory/active-directory-azureadjoin-setup" data-raw-source="[set up Azure AD join in your organization](/azure/active-directory/active-directory-azureadjoin-setup)">set up Azure AD join in your organization</a>.</td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td></tr>
-<tr><td valign="top">Add applications</td><td valign="top">Install applications using the provisioning package.</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td></tr>
+<tr><td valign="top">Account management</td><td valign="top">Enroll device in Active Directory,</br>enroll device in Azure Active Directory,</br>or create a local administrator account</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="no1"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr>
+<tr><td valign="top">Bulk Enrollment in Azure AD</td><td valign="top">Enroll device in Azure Active Directory</br></br>Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, <a href="/azure/active-directory/active-directory-azureadjoin-setup" data-raw-source="[set up Azure AD join in your organization](/azure/active-directory/active-directory-azureadjoin-setup)">set up Azure AD join in your organization</a>.</td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no5"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no4"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no2"/></td></tr>
+<tr><td valign="top">Add applications</td><td valign="top">Install applications using the provisioning package.</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no3"/></td></tr>
 <tr><td valign="top">Add certificates</td><td valign="top">Include a certificate file in the provisioning package.</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr>
-<tr><td valign="top">Configure kiosk account and app</td><td valign="top">Create local account to run the kiosk mode app,</br>specify the app to run in kiosk mode</td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td></tr>
-<tr><td valign="top">Configure kiosk common settings</td><td valign="top">Set tablet mode,</br>configure welcome and shutdown screens,</br>turn off timeout settings</td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td></tr>
-<tr><td valign="top">Developer Setup</td><td valign="top">Enable Developer Mode.</td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr></table>
+<tr><td valign="top">Configure kiosk account and app</td><td valign="top">Create local account to run the kiosk mode app,</br>specify the app to run in kiosk mode</td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no6"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no7"/></td></tr>
+<tr><td valign="top">Configure kiosk common settings</td><td valign="top">Set tablet mode,</br>configure welcome and shutdown screens,</br>turn off timeout settings</td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no8"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no9"/></td></tr>
+<tr><td valign="top">Developer Setup</td><td valign="top">Enable Developer Mode.</td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no22"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no11"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr></table>
 
 <!-- <table><tr><td align="left"><strong>Step</strong></td><td align="left"><strong>Description</strong></td><td><strong>Desktop wizard</strong></td><td align="center"><strong>Mobile wizard</strong></td><td><strong>Kiosk wizard</strong></td><td><strong>HoloLens wizard</strong></td></tr> -->
 <!-- <tr><td valign="top">Set up device</td><td valign="top">Assign device name,</br>enter product key to upgrade Windows,</br>configure shared used,</br>remove pre-installed software</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></br>(Only device name and upgrade key)</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr> -->
 <!-- <tr><td valign="top">Set up network</td><td valign="top">Connect to a Wi-Fi network</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr> -->
-<!-- <tr><td valign="top">Account management</td><td valign="top">Enroll device in Active Directory,</br>enroll device in Azure Active Directory,</br>or create a local administrator account</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr> -->
-<!-- <tr><td valign="top">Bulk Enrollment in Azure AD</td><td valign="top">Enroll device in Azure Active Directory</br></br>Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, <a href="/azure/active-directory/active-directory-azureadjoin-setup" data-raw-source="[set up Azure AD join in your organization](/azure/active-directory/active-directory-azureadjoin-setup)">set up Azure AD join in your organization</a>.</td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td></tr> -->
-<!-- <tr><td valign="top">Add applications</td><td valign="top">Install applications using the provisioning package.</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td></tr> -->
-<!-- <tr><td valign="top">Add certificates</td><td valign="top">Include a certificate file in the provisioning package.</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr> -->
-<!-- <tr><td valign="top">Configure kiosk account and app</td><td valign="top">Create local account to run the kiosk mode app,</br>specify the app to run in kiosk mode</td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td></tr> -->
-<!-- <tr><td valign="top">Configure kiosk common settings</td><td valign="top">Set tablet mode,</br>configure welcome and shutdown screens,</br>turn off timeout settings</td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td></tr> -->
-<!-- <tr><td valign="top">Developer Setup</td><td valign="top">Enable Developer Mode.</td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr></table> -->
+<!-- <tr><td valign="top">Account management</td><td valign="top">Enroll device in Active Directory,</br>enroll device in Azure Active Directory,</br>or create a local administrator account</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no33"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr> -->
+<!-- <tr><td valign="top">Bulk Enrollment in Azure AD</td><td valign="top">Enroll device in Azure Active Directory</br></br>Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, <a href="/azure/active-directory/active-directory-azureadjoin-setup" data-raw-source="[set up Azure AD join in your organization](/azure/active-directory/active-directory-azureadjoin-setup)">set up Azure AD join in your organization</a>.</td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no44"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no66"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no55"/></td></tr> -->
+<!-- <tr><td valign="top">Add applications</td><td valign="top">Install applications using the provisioning package.</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no77"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no88"/></td></tr> -->
+<!-- <tr><td valign="top">Add certificates</td><td valign="top">Include a certificate file in the provisioning package.</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no99"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr> -->
+<!-- <tr><td valign="top">Configure kiosk account and app</td><td valign="top">Create local account to run the kiosk mode app,</br>specify the app to run in kiosk mode</td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no00"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no111"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no222"/></td></tr> -->
+<!-- <tr><td valign="top">Configure kiosk common settings</td><td valign="top">Set tablet mode,</br>configure welcome and shutdown screens,</br>turn off timeout settings</td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no333"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no555"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no666"/></td></tr> -->
+<!-- <tr><td valign="top">Developer Setup</td><td valign="top">Enable Developer Mode.</td><td align="center" valign="top"><img src="../images/crossmark.png" alt="n777o"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no444"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no888"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr></table> -->
 
 - [Instructions for the desktop wizard](provision-pcs-for-initial-deployment.md)
 - [Instructions for the mobile wizard](../mobile-devices/provisioning-configure-mobile.md)

From 94674fe3f67a16787b8c99beb96b881c82ef32dd Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Tue, 7 Sep 2021 09:36:19 -0700
Subject: [PATCH 139/671] YAML updates

---
 windows/security/TOC.yml   | 20 ++++++++++----------
 windows/security/index.yml | 30 +++++++++++++++---------------
 2 files changed, 25 insertions(+), 25 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index be0bcbec13..dd76035b25 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -2,16 +2,6 @@
 - name: Windows security
   href: index.yml
   expanded: true
-- name: Security foundations
-  items: 
-    - name: FIPS 140-2 Validation
-      href: threat-protection/fips-140-validation.md
-    - name: Common Criteria Certifications
-      href: threat-protection/windows-platform-common-criteria.md
-    - name: Microsoft Security Development Lifecycle
-      href: threat-protection/msft-security-dev-lifecycle.md
-    - name: Microsoft Bug Bounty Program
-      href: threat-protection/microsoft-bug-bounty-program.md
 - name: Hardware security
   items: 
     - name: Trusted Platform Module
@@ -313,6 +303,16 @@
                   href: identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md
             - name: Tpmvscmgr
               href: identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
+- name: Security foundations
+  items: 
+    - name: FIPS 140-2 Validation
+      href: threat-protection/fips-140-validation.md
+    - name: Common Criteria Certifications
+      href: threat-protection/windows-platform-common-criteria.md
+    - name: Microsoft Security Development Lifecycle
+      href: threat-protection/msft-security-dev-lifecycle.md
+    - name: Microsoft Bug Bounty Program
+      href: threat-protection/microsoft-bug-bounty-program.md
 - name: Privacy controls
   items:
   - name: Windows Privacy controls
diff --git a/windows/security/index.yml b/windows/security/index.yml
index 1dcca94f77..e59fa8c210 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -18,21 +18,6 @@ metadata:
 
 landingContent:
 # Cards and links should be based on top customer tasks or top subjects
-# Start card title with a verb
-  # Card (optional)
-  - title: Security foundations
-    linkLists:
-      - linkListType: concept
-        links:
-          - text: Federal Information Processing Standard (FIPS) 140 Validation
-            url: /windows/security/threat-protection/fips-140-validation.md
-          - text: Common Criteria Certifications
-            url: /windows/security/threat-protection/windows-platform-common-criteria.md
-          - text: Microsoft Security Development Lifecycle
-            url: /windows/security/threat-protection/msft-security-dev-lifecycle.md
-          - text: Microsoft Bug Bounty
-            url: /windows/security/threat-protection/microsoft-bug-bounty-program.md
-# Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)
   - title: Hardware security
@@ -90,6 +75,21 @@ landingContent:
         - text: article (change link later)
           url: /windows/security/threat-protection/windows-security-baselines.md
 # Cards and links should be based on top customer tasks or top subjects
+# Start card title with a verb
+  # Card (optional)
+  - title: Security foundations
+    linkLists:
+      - linkListType: concept
+        links:
+          - text: Federal Information Processing Standard (FIPS) 140 Validation
+            url: /windows/security/threat-protection/fips-140-validation.md
+          - text: Common Criteria Certifications
+            url: /windows/security/threat-protection/windows-platform-common-criteria.md
+          - text: Microsoft Security Development Lifecycle
+            url: /windows/security/threat-protection/msft-security-dev-lifecycle.md
+          - text: Microsoft Bug Bounty
+            url: /windows/security/threat-protection/microsoft-bug-bounty-program.md
+# Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)
   - title: Privacy controls

From b00fca0c5e783a3961fb7288666eee455893b685 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Tue, 7 Sep 2021 09:44:47 -0700
Subject: [PATCH 140/671] adding new landing pages

---
 windows/security/apps.md             | 16 ++++++++++++++++
 windows/security/cloud.md            | 17 +++++++++++++++++
 windows/security/hardware.md         | 19 +++++++++++++++++++
 windows/security/identity.md         | 19 +++++++++++++++++++
 windows/security/operating-system.md | 17 +++++++++++++++++
 5 files changed, 88 insertions(+)
 create mode 100644 windows/security/apps.md
 create mode 100644 windows/security/cloud.md
 create mode 100644 windows/security/hardware.md
 create mode 100644 windows/security/identity.md
 create mode 100644 windows/security/operating-system.md

diff --git a/windows/security/apps.md b/windows/security/apps.md
new file mode 100644
index 0000000000..08542e1f22
--- /dev/null
+++ b/windows/security/apps.md
@@ -0,0 +1,16 @@
+---
+title: Windows application security
+description: 
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: dansimp
+---
+
+# Windows application security
+
+Cybercriminals regularly gain access to valuable data by hacking poorly secured applications. Common security failures include “code injection” attacks, in which attackers insert malicious code that can tamper with data, or even destroy it. An application may have its security misconfigured, leaving open doors for hackers. Or vital customer and corporate information may leave sensitive data exposed. Windows 11 protects your valuable data with layers of application security. A rich application platform, isolation, and code integrity enables developers to build-in security from the ground up to protect against breaches and malware.
\ No newline at end of file
diff --git a/windows/security/cloud.md b/windows/security/cloud.md
new file mode 100644
index 0000000000..cbce8d9341
--- /dev/null
+++ b/windows/security/cloud.md
@@ -0,0 +1,17 @@
+---
+title: Windows and cloud security
+description: 
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: dansimp
+---
+
+# Windows and cloud security
+
+Today’s workforce has more freedom and mobility than ever before. With the growth of enterprise cloud adoption, increased personal app usage, and increased 3rd party apps, the risk of data exposure is at its highest. Enabling Zero-Trust protection, Windows 11 works with Microsoft cloud services to help organizations strengthen their multi-cloud security infrastructure, protect hybrid cloud workloads and safeguard sensitive information while controlling access and mitigating threats. 
+
diff --git a/windows/security/hardware.md b/windows/security/hardware.md
new file mode 100644
index 0000000000..34c5329f7f
--- /dev/null
+++ b/windows/security/hardware.md
@@ -0,0 +1,19 @@
+---
+title: Windows hardware security
+description: 
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: dansimp
+---
+
+# Windows hardware security
+
+Modern threats require modern security with a strong alignment between hardware security and software security techniques to keep users, data and devices protected. The operating system alone cannot protect from the wide range of tools and techniques cybercriminals use to compromise a computer deep inside its silicon. Once inside, intruders can be difficult to detect while engaging in multiple nefarious activities from stealing important data to capturing email addresses and other sensitive pieces of information.
+These new threats call for computing hardware that is secure down to the very core, including hardware chips and processors. Microsoft and our partners, including chip and device manufacturers, have worked together to integrate powerful security capabilities across software, firmware, and hardware. 
+With Windows 11, we have raised the hardware security baseline to design the most secure version of Windows ever. We have carefully chosen the hardware requirements and default security features based on threat intelligence and input from leading experts around the globe, including our own Microsoft Cybersecurity team.  
+Though a powerful combination of hardware root-of-trust and silicon-assisted security, Windows 11 delivers built-in hardware protection out-of-the box.  
diff --git a/windows/security/identity.md b/windows/security/identity.md
new file mode 100644
index 0000000000..61afd163d1
--- /dev/null
+++ b/windows/security/identity.md
@@ -0,0 +1,19 @@
+---
+title: Windows identity security
+description: 
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: dansimp
+---
+
+# Windows identity security
+ 
+Malicious actors launch an average of 50 million password attacks every day—579 per second. And Identity is the battleground for attacks of the future. Knowing that the right user is accessing the right device and the right data is critical to keeping your business, family, and self, safe and secure. Windows 11 correctly identifies users while delivering a high-quality user experience, which helps hybrid and remote workers stay productive without sacrificing security.
+
+New Windows 11 devices protect users by removing vulnerable passwords by default, from day one. Weak passwords, password spraying, and phishing are the entry point for many attacks. Windows Hello, Windows Hello for Business, and Credential Guard enable customers to move to passwordless multifactor authentication (MFA). MFA can reduce the risk of compromise in organizations by more than 99.9 percent. As remote and hybrid work becomes the new normal, Windows 11 gives IT teams a variety of MFA options to meet business and consumer needs while complying with ever-evolving regulations.
+
diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
new file mode 100644
index 0000000000..1c7d101129
--- /dev/null
+++ b/windows/security/operating-system.md
@@ -0,0 +1,17 @@
+---
+title: Windows operating system security
+description: 
+ms.reviewer: 
+manager: dansimp
+ms.author: dansimp
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: dansimp
+---
+
+# Windows operating system security
+
+Security and privacy depend on an operating system that guards your system and information from the moment it starts up, providing fundamental chip-to-cloud protection. Windows 11 is the most secure Windows yet with extensive security measures designed to help keep you safe. These measures include built-in advanced encryption and data protection, robust network and system security, and intelligent safeguards against ever-evolving threats. 
+

From 63dde9b95d4f0a8d1bec621788e8b29df1e563b2 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 10:36:04 -0700
Subject: [PATCH 141/671] Update msft-security-dev-lifecycle.md

---
 .../security/threat-protection/msft-security-dev-lifecycle.md   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/msft-security-dev-lifecycle.md b/windows/security/threat-protection/msft-security-dev-lifecycle.md
index 6c23e09a9e..c16994d574 100644
--- a/windows/security/threat-protection/msft-security-dev-lifecycle.md
+++ b/windows/security/threat-protection/msft-security-dev-lifecycle.md
@@ -28,4 +28,4 @@ The Microsoft SDL is based on three core concepts:
 
 To learn more about the SDL, visit the [Security Engineering site](https://www.microsoft.com/en-us/securityengineering/sdl).
 
-And, download the [Simplified Implementation of the Microsoft SDL whitepaper](http://go.microsoft.com/?linkid=9708425).
\ No newline at end of file
+And, download the [Simplified Implementation of the Microsoft SDL whitepaper](https://go.microsoft.com/?linkid=9708425).
\ No newline at end of file

From aaaa6bda21c54d2a28e4543260522631d057a81b Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 10:38:30 -0700
Subject: [PATCH 142/671] Update TOC.yml

---
 windows/security/TOC.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index dd76035b25..2f550f7437 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -116,7 +116,7 @@
                 - name: Decode Measured Boot logs to track PCR changes
                   href: information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md
      - name: Configure S/MIME for Windows 10
-       href: configure-s-mime.md     
+       href: access-protection/configure-s-mime.md     
      - name: Windows Information Protection (WIP)
        href: information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
        items: 

From 5563ecf4194b45bb8fb0586d94bec06491e5c91d Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 10:43:41 -0700
Subject: [PATCH 143/671] Update TOC.yml

---
 windows/security/TOC.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 2f550f7437..d92cd2c7d5 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -116,7 +116,7 @@
                 - name: Decode Measured Boot logs to track PCR changes
                   href: information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md
      - name: Configure S/MIME for Windows 10
-       href: access-protection/configure-s-mime.md     
+       href: identity-protection/configure-s-mime.md     
      - name: Windows Information Protection (WIP)
        href: information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
        items: 

From 4b5e8bec4d74391f3523b1feed3b48cc0c36c56a Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 10:58:37 -0700
Subject: [PATCH 144/671] Update TOC.yml

---
 windows/security/TOC.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index d92cd2c7d5..cef0b7006c 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -34,6 +34,7 @@
 - name: Operating system security
   items: 
    - name: System security
+     href: operating-system.md
      items:
      - name: Secure the Windows 10 boot process
        href: information-protection/secure-the-windows-10-boot-process.md

From b032c4d1b971e9622e263f9f6be99004e1fed4fd Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 11:11:10 -0700
Subject: [PATCH 145/671] Update operating-system.md

---
 windows/security/operating-system.md | 33 +++++++++++++++++++++++++---
 1 file changed, 30 insertions(+), 3 deletions(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 1c7d101129..c380a6bc2b 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -1,17 +1,44 @@
 ---
 title: Windows operating system security
-description: 
+description: Securing the operating system includes system security, encryption, network security, and threat protection.
 ms.reviewer: 
 manager: dansimp
-ms.author: dansimp
+ms.author: deniseb
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-author: dansimp
+author: denisebmsft
 ---
 
 # Windows operating system security
 
 Security and privacy depend on an operating system that guards your system and information from the moment it starts up, providing fundamental chip-to-cloud protection. Windows 11 is the most secure Windows yet with extensive security measures designed to help keep you safe. These measures include built-in advanced encryption and data protection, robust network and system security, and intelligent safeguards against ever-evolving threats. 
 
+The operating system security features in Windows 11 include:
+
+- System security
+    - Trusted Boot (includes Secure Boot and Measured Boot)
+    - Cryptography and certificate management
+    - Windows Security app
+- Encryption and data protection
+    - BitLocker
+    - Encryption
+- Network security
+    - Virtual Private Networks (VPNs)
+    - Windows Defender Firewall
+    - Bluetooth
+    - DSN security
+    - Windows Wi-Fi
+    - Transport Layer Security (TLS)
+- Protection from viruses and threats
+    - Microsoft Defender Antivirus
+    - Attack surface reduction
+    - Tamper protection
+    - Network protection
+    - Controlled folder access
+    - Exploit protection
+    - Microsoft Defender for Endpoint
+
+
+

From 87874b50833102561dbc8d331190d83e3ea1ff43 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 11:21:05 -0700
Subject: [PATCH 146/671] Update operating-system.md

---
 windows/security/operating-system.md | 30 ++++++++--------------------
 1 file changed, 8 insertions(+), 22 deletions(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index c380a6bc2b..ad52554062 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -17,28 +17,14 @@ Security and privacy depend on an operating system that guards your system and i
 
 The operating system security features in Windows 11 include:
 
-- System security
-    - Trusted Boot (includes Secure Boot and Measured Boot)
-    - Cryptography and certificate management
-    - Windows Security app
-- Encryption and data protection
-    - BitLocker
-    - Encryption
-- Network security
-    - Virtual Private Networks (VPNs)
-    - Windows Defender Firewall
-    - Bluetooth
-    - DSN security
-    - Windows Wi-Fi
-    - Transport Layer Security (TLS)
-- Protection from viruses and threats
-    - Microsoft Defender Antivirus
-    - Attack surface reduction
-    - Tamper protection
-    - Network protection
-    - Controlled folder access
-    - Exploit protection
-    - Microsoft Defender for Endpoint
+| Area | Features & Capabilities |
+|:---|:---|
+| System security | Trusted Boot (includes Secure Boot and Measured Boot) <br/>Cryptography and certificate management <br/>Windows Security app |
+| Encryption and data protection | BitLocker<br/>Encryption |
+| Network security | Virtual Private Networks (VPNs)<br/>Windows Defender Firewall<br/>Bluetooth<br/>DSN security<br/>Windows Wi-Fi<br/>Transport Layer Security (TLS) |
+| Protection from viruses and threats | Microsoft Defender Antivirus<br/>Attack surface reduction<br/>Tamper protection<br/>Network protection<br/>Controlled folder access<br/>Exploit protection<br/>Microsoft Defender for Endpoint |
+
+
 
 
 

From 5879c32fea2095b3ff861639a0f103fd21ff44cd Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 11:23:04 -0700
Subject: [PATCH 147/671] Update operating-system.md

---
 windows/security/operating-system.md | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index ad52554062..da4a9933bf 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -15,16 +15,12 @@ author: denisebmsft
 
 Security and privacy depend on an operating system that guards your system and information from the moment it starts up, providing fundamental chip-to-cloud protection. Windows 11 is the most secure Windows yet with extensive security measures designed to help keep you safe. These measures include built-in advanced encryption and data protection, robust network and system security, and intelligent safeguards against ever-evolving threats. 
 
-The operating system security features in Windows 11 include:
+The following table summarizes the operating system security features and capabilities in Windows 11:
 
 | Area | Features & Capabilities |
 |:---|:---|
 | System security | Trusted Boot (includes Secure Boot and Measured Boot) <br/>Cryptography and certificate management <br/>Windows Security app |
 | Encryption and data protection | BitLocker<br/>Encryption |
 | Network security | Virtual Private Networks (VPNs)<br/>Windows Defender Firewall<br/>Bluetooth<br/>DSN security<br/>Windows Wi-Fi<br/>Transport Layer Security (TLS) |
-| Protection from viruses and threats | Microsoft Defender Antivirus<br/>Attack surface reduction<br/>Tamper protection<br/>Network protection<br/>Controlled folder access<br/>Exploit protection<br/>Microsoft Defender for Endpoint |
-
-
-
-
+| Protection from viruses and threats | Microsoft Defender Antivirus<br/>Attack surface reduction<br/>Tamper protection<br/>Network protection<br/>Controlled folder access<br/>Exploit protection<br/>Additional protection with Microsoft Defender for Endpoint |
 

From cc9cccaa6b3e21f1a42f9050db8a80aca9d69075 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 11:23:43 -0700
Subject: [PATCH 148/671] Update TOC.yml

---
 windows/security/TOC.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index cef0b7006c..d13521f976 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -32,9 +32,9 @@
     - name: Kernel DMA Protection
       href: information-protection/kernel-dma-protection-for-thunderbolt.md
 - name: Operating system security
+  href: operating-system.md
   items: 
-   - name: System security
-     href: operating-system.md
+   - name: System security   
      items:
      - name: Secure the Windows 10 boot process
        href: information-protection/secure-the-windows-10-boot-process.md

From 8bc88fb4d5e00c7dfd4dfc674e01e3bcb617bff5 Mon Sep 17 00:00:00 2001
From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com>
Date: Tue, 7 Sep 2021 12:23:18 -0700
Subject: [PATCH 149/671] Update configure-md-app-guard.md

---
 .../configure-md-app-guard.md                                  | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
index d2ee8b1f7a..48f214f758 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
@@ -54,10 +54,11 @@ These settings, located at `Computer Configuration\Administrative Templates\Wind
 |-----------|------------------|-----------|-------|
 |Configure Microsoft Defender Application Guard clipboard settings|Windows 10 Enterprise, 1709 or higher<p>Windows 10 Pro, 1803 or higher|Determines whether Application Guard can use the clipboard functionality.|**Enabled.** Turns On the clipboard functionality and lets you choose whether to additionally:<br/>- Disable the clipboard functionality completely when Virtualization Security is enabled.<br/>- Enable copying of certain content from Application Guard into Microsoft Edge.<br/>- Enable copying of certain content from Microsoft Edge into Application Guard. **Important:** Allowing copied content to go from Microsoft Edge into Application Guard can cause potential security risks and isn't recommended.<p>**Disabled or not configured.** Completely turns Off the clipboard functionality for Application Guard.|
 |Configure Microsoft Defender Application Guard print settings|Windows 10 Enterprise, 1709 or higher<p>Windows 10 Pro, 1803 or higher|Determines whether Application Guard can use the print functionality.|**Enabled.** Turns On the print functionality and lets you choose whether to additionally:<br/>- Enable Application Guard to print into the XPS format.<br/>- Enable Application Guard to print into the PDF format.<br/>- Enable Application Guard to print to locally attached printers.<br/>- Enable Application Guard to print from previously connected network printers. Employees can't search for additional printers.<br/><br/>**Disabled or not configured.** Completely turns Off the print functionality for Application Guard.|
-|Block enterprise websites to load non-enterprise content in IE and Edge|Windows 10 Enterprise, 1709 or higher|Determines whether to allow Internet access for apps not included on the **Allowed Apps** list.|**Enabled.** Prevents network traffic from both Internet Explorer and Microsoft Edge to non-enterprise sites that can't render in the Application Guard container. <p>**NOTE**: This action might also block assets cached by CDNs and references to analytics sites. Add them to the trusted enterprise resources to avoid broken pages.<p>**Disabled or not configured.** Prevents Microsoft Edge to render network traffic to non-enterprise sites that can't render in Application Guard. |
+|Prevent enterprise websites from loading non-enterprise content in Microsoft Edge and Internet Explorer|Windows 10 Enterprise, 1709 or higher|Determines whether to allow Internet access for apps not included on the **Allowed Apps** list.|**Enabled.** Prevents network traffic from both Internet Explorer and Microsoft Edge to non-enterprise sites that can't render in the Application Guard container. <p>**NOTE**: This action might also block assets cached by CDNs and references to analytics sites. Add them to the trusted enterprise resources to avoid broken pages.<p>**Disabled or not configured.** Prevents Microsoft Edge to render network traffic to non-enterprise sites that can't render in Application Guard. |
 |Allow Persistence|Windows 10 Enterprise, 1709 or higher<br><br>Windows 10 Pro, 1803 or higher|Determines whether data persists across different sessions in Microsoft Defender Application Guard.|**Enabled.** Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.<p>**Disabled or not configured.** All user data within Application Guard is reset between sessions.<p>**NOTE**: If you later decide to stop supporting data persistence for your employees, you can use our Windows-provided utility to reset the container and to discard any personal data.<p>**To reset the container:**<br/>1. Open a command-line program and navigate to `Windows/System32`.<br/>2. Type `wdagtool.exe cleanup`. The container environment is reset, retaining only the employee-generated data.<br/>3. Type `wdagtool.exe cleanup RESET_PERSISTENCE_LAYER`. The container environment is reset, including discarding all employee-generated data.|
 |Turn on Microsoft Defender Application Guard in Managed Mode|Windows 10 Enterprise, 1809 or higher|Determines whether to turn on Application Guard for Microsoft Edge and Microsoft Office.|**Enabled.** Turns on Application Guard for Microsoft Edge and/or Microsoft Office, honoring the network isolation settings, rendering non-enterprise domains in the Application Guard container. Be aware that Application Guard won't actually be turned on unless the required prerequisites and network isolation settings are already set on the device. Available options:<br/>- Enable Microsoft Defender Application Guard only for Microsoft Edge<br/>- Enable Microsoft Defender Application Guard only for Microsoft Office<br/>- Enable Microsoft Defender Application Guard for both Microsoft Edge and Microsoft Office<br/><br/>**Disabled.** Turns off Application Guard, allowing all apps to run in Microsoft Edge and Microsoft Office.|
 |Allow files to download to host operating system|Windows 10 Enterprise, 1803 or higher|Determines whether to save downloaded files to the host operating system from the Microsoft Defender Application Guard container.|**Enabled.** Allows users to save downloaded files from the Microsoft Defender Application Guard container to the host operating system. This action creates a share between the host and container that also allows for uploads from the host to the Application Guard container.<p>**Disabled or not configured.** Users are not able to save downloaded files from Application Guard to the host operating system.|
 |Allow hardware-accelerated rendering for Microsoft Defender Application Guard|Windows 10 Enterprise, 1803 or higher<br><br>Windows 10 Pro, 1803 or higher|Determines whether Microsoft Defender Application Guard renders graphics using hardware or software acceleration.|**Enabled.** Microsoft Defender Application Guard uses Hyper-V to access supported, high-security rendering graphics hardware (GPUs). These GPUs improve rendering performance and battery life while using Microsoft Defender Application Guard, particularly for video playback and other graphics-intensive use cases. If this setting is enabled without connecting any high-security rendering graphics hardware, Microsoft Defender Application Guard will automatically revert to software-based (CPU) rendering. **Important:** Be aware that enabling this setting with potentially compromised graphics devices or drivers might pose a risk to the host device.<br><br>**Disabled or not configured.** Microsoft Defender Application Guard uses software-based (CPU) rendering and won’t load any third-party graphics drivers or interact with any connected graphics hardware.|
 |Allow camera and microphone access in Microsoft Defender Application Guard|Windows 10 Enterprise, 1809 or higher<br><br>Windows 10 Pro, 1809 or higher|Determines whether to allow camera and microphone access inside Microsoft Defender Application Guard.|**Enabled.** Applications inside Microsoft Defender Application Guard are able to access the camera and microphone on the user's device. **Important:** Be aware that enabling this policy with a potentially compromised container could bypass camera and microphone permissions and access the camera and microphone without the user's knowledge.<p>**Disabled or not configured.** Applications inside Microsoft Defender Application Guard are unable to access the camera and microphone on the user's device.|
 |Allow Microsoft Defender Application Guard to use Root Certificate Authorities from a user's device|Windows 10 Enterprise, 1809 or higher<br><br>Windows 10 Pro, 1809 or higher|Determines whether Root Certificates are shared with Microsoft Defender Application Guard.|**Enabled.** Certificates matching the specified thumbprint are transferred into the container. Use a comma to separate multiple certificates.<p>**Disabled or not configured.** Certificates are not shared with Microsoft Defender Application Guard.|
+|Allow auditing events in Microsoft Defender Application Guard|Windows 10 Enterprise, 1809 or higher<br><br>Windows 10 Pro, 1809 or higher|This policy setting allows you to decide whether auditing events can be collected from Microsoft Defender Application Guard.|**Enabled.** Application Guard inherits auditing policies from your device and logs system events from the Application Guard container to your host.<p>**Disabled or not configured.** event logs aren't collected from your Application Guard container.|

From 35cdaa49a3bcd33df8311a28151d767b37632b9b Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 13:18:41 -0700
Subject: [PATCH 150/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index da4a9933bf..75e756f7c9 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -15,7 +15,7 @@ author: denisebmsft
 
 Security and privacy depend on an operating system that guards your system and information from the moment it starts up, providing fundamental chip-to-cloud protection. Windows 11 is the most secure Windows yet with extensive security measures designed to help keep you safe. These measures include built-in advanced encryption and data protection, robust network and system security, and intelligent safeguards against ever-evolving threats. 
 
-The following table summarizes the operating system security features and capabilities in Windows 11:
+The following table summarizes the operating system security features and capabilities in Windows 11:<br/><br/>
 
 | Area | Features & Capabilities |
 |:---|:---|

From 5a6830db7d83d950f72d6c6ef8b02faf9861fd62 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 13:19:05 -0700
Subject: [PATCH 151/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 75e756f7c9..107e6ed663 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -17,7 +17,7 @@ Security and privacy depend on an operating system that guards your system and i
 
 The following table summarizes the operating system security features and capabilities in Windows 11:<br/><br/>
 
-| Area | Features & Capabilities |
+| Security Measures | Features & Capabilities |
 |:---|:---|
 | System security | Trusted Boot (includes Secure Boot and Measured Boot) <br/>Cryptography and certificate management <br/>Windows Security app |
 | Encryption and data protection | BitLocker<br/>Encryption |

From f80cbae66310823530cd74481d8b5c0f99e2e31f Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 14:03:40 -0700
Subject: [PATCH 152/671] Update TOC.yml

---
 windows/security/TOC.yml | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index d13521f976..29c0a6f1a6 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -194,10 +194,22 @@
           href: identity-protection/vpn/vpn-office-365-optimization.md
      - name: Windows Defender Firewall
        href: threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
-- name: Threat protection
-  items: 
+   - name: Threat protection
+     items: 
     - name: Microsoft Defender Antivirus
       href: /microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows.md
+    - name: Attack surface reduction
+      href:
+    - name: Tamper protection
+      href:
+    - name: Network protection
+      href:
+    - name: Controlled folder access
+      href: 
+    - name: Exploit protection
+      href: 
+    - name: Microsoft Defender for Endpoint
+      href: 
 - name: Application protection
   items:
 - name: User protection

From a953782f5cc0392510052a5048d6960e5d0f6117 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Tue, 7 Sep 2021 14:18:46 -0700
Subject: [PATCH 153/671] testing table

---
 windows/security/apps.md | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/windows/security/apps.md b/windows/security/apps.md
index 08542e1f22..4b15230a76 100644
--- a/windows/security/apps.md
+++ b/windows/security/apps.md
@@ -13,4 +13,24 @@ author: dansimp
 
 # Windows application security
 
-Cybercriminals regularly gain access to valuable data by hacking poorly secured applications. Common security failures include “code injection” attacks, in which attackers insert malicious code that can tamper with data, or even destroy it. An application may have its security misconfigured, leaving open doors for hackers. Or vital customer and corporate information may leave sensitive data exposed. Windows 11 protects your valuable data with layers of application security. A rich application platform, isolation, and code integrity enables developers to build-in security from the ground up to protect against breaches and malware.
\ No newline at end of file
+Cybercriminals regularly gain access to valuable data by hacking poorly secured applications. Common security failures include “code injection” attacks, in which attackers insert malicious code that can tamper with data, or even destroy it. An application may have its security misconfigured, leaving open doors for hackers. Or vital customer and corporate information may leave sensitive data exposed. Windows 11 protects your valuable data with layers of application security. A rich application platform, isolation, and code integrity enables developers to build-in security from the ground up to protect against breaches and malware.
+
+The following table summarizes the Windows security features and capabilities for apps:<br/><br/>
+
+| Security Measures | Features & Capabilities |
+|:---|:---|
+| Application Security |[Application Control for Windows](/threat-protection/windows-defender-application-control/windows-defender-application-control.md)<br>[Microsoft Defender Application Guard](/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md)<br>[Email security for Windows](/identity-protection/configure-s-mime.md)<br>[Microsoft Defender SmartScreen ](/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md) |
+| Privacy Controls |[Windows privacy and compliance](/windows/privacy/windows-10-and-privacy-compliance)<br>[Windows privacy controls and transparency](/privacy/changes-to-windows-diagnostic-data-collection.md)<br>|
+
+
+
+## TEST
+
+| Security Measures | Features & Capabilities |
+|:---|:---|
+| Windows Defender Application Control | Application control is one of the most effective security controls to prevent unwanted or malicious code from running. It moves away from an application trust model where all code is assumed trustworthy to one where apps must earn trust to run. Learn more: [Application Control for Windows](/threat-protection/windows-defender-application-control/windows-defender-application-control.md) |
+| Microsoft Defender Application Guard | Application Guard leverages chip based hardware isolation to isolate untrusted websites and untrusted Office files, seamlessly running these in an isolated Hyper-V based container, separate from the desktop operating system, and making sure that anything that happens within the container remains isolated from the desktop. Learn more [Microsoft Defender Application Guard overview](/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md). |
+| Email Security |  With Windows S/MIME email security, users can encrypt outgoing messages and attachments, so only intended recipients with digital identification (ID)—also called a certificate—can read them. Users can digitally sign a message, which verifies the identity of the sender and ensures the message has not been tampered with.[Configure S/MIME for Windows 10](/identity-protection/configure-s-mime.md) |
+| Microsoft Defender SmartScreen |  Microsoft Defender SmartScreen protects against phishing or malware websites and applications, and the downloading of potentially malicious files. Learn more: [Microsoft Defender SmartScreen overview](/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md) | 
+| Isolating UWP apps |  TBD |
+| Developer security | TBD |
\ No newline at end of file

From 5dfdfa641ff110549d6dfd46750121c547e79647 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Tue, 7 Sep 2021 15:53:53 -0700
Subject: [PATCH 154/671] simple table

---
 windows/security/operating-system.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 107e6ed663..6c6b8529f3 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -2,6 +2,7 @@
 title: Windows operating system security
 description: Securing the operating system includes system security, encryption, network security, and threat protection.
 ms.reviewer: 
+ms.topic: article
 manager: dansimp
 ms.author: deniseb
 ms.prod: w10

From 7e6cb0a4b5cbb7ae9e442f768582571e76076886 Mon Sep 17 00:00:00 2001
From: Kim Klein <v-kikl@microsoft.com>
Date: Tue, 7 Sep 2021 16:04:12 -0700
Subject: [PATCH 155/671] Corrected GUID and KEY info in this doc

I also edited for grammar and format.
---
 ...ows-defender-application-control-policy.md | 42 +++++++++----------
 1 file changed, 21 insertions(+), 21 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
index 107430388b..179456bab6 100644
--- a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
@@ -35,7 +35,7 @@ The [Microsoft Component Object Model (COM)](/windows/desktop/com/the-component-
 
 ### COM object configurability in WDAC policy
 
-Prior to the Windows 10 1903 update, Windows Defender Application Control (WDAC) enforced a built-in allowlist for COM object registration. While this mechanism works for most common application usage scenarios, customers have provided feedback that there are cases where additional COM objects need to be allowed. The 1903 update to Windows 10 introduces the ability to specify allowed COM objects via their GUID in the WDAC policy.
+Prior to the Windows 10 1903 update, Windows Defender Application Control (WDAC) enforced a built-in allow list for COM object registration. While this mechanism works for most common application usage scenarios, customers have provided feedback that there are cases where additional COM objects need to be allowed. The 1903 update to Windows 10 introduces the ability to specify allowed COM objects via their GUID in the WDAC policy.
 
 **NOTE**: To add this functionality to other versions of Windows 10, you can install the following or later updates:
 
@@ -48,19 +48,19 @@ Prior to the Windows 10 1903 update, Windows Defender Application Control (WDAC)
 ### Get COM object GUID
 
 Get GUID of application to allow in one of the following ways:
-- Finding block event in Event Viewer (Application and Service Logs > Microsoft > Windows > AppLocker > MSI and Script) and extracting GUID
-- Creating audit policy (using New-CIPolicy –Audit), potentially with specific provider, and use info from block events to get GUID
+- Finding a block event in Event Viewer (Application and Service Logs > Microsoft > Windows > AppLocker > MSI and Script), and extracting GUID
+- Creating an audit policy (using New-CIPolicy –Audit), potentially with a specific provider, and use the info from the block events to get the GUID
 
 ### Author policy setting to allow or deny COM object GUID
 
 Three elements:
 - Provider: platform on which code is running (values are  Powershell, WSH, IE, VBA, MSI, or a wildcard “AllHostIds”)
-- Key: GUID for the program you with to run, in the format Key="{33333333-4444-4444-1616-161616161616}"
+- Key: GUID for the program you wish to run, in the format Key="{33333333-4444-4444-1616-161616161616}"
 - ValueName: needs to be set to "EnterpriseDefinedClsId"
 
 One attribute:
-- Value: needs to be “true” for allow and “false” for deny
-  - Note that deny only works in base policies, not supplemental
+- Value: needs to be “true” for allow and “false” for deny<br/>
+  **Note**: Deny only works in base policies, not supplemental policies
 - The setting needs to be placed in the order of ASCII values (first by Provider, then Key, then ValueName)
 
 ### Examples
@@ -98,17 +98,17 @@ Example 3: Allows a specific COM object to register in PowerShell
 
 Given the following example of an error in the Event Viewer (**Application and Service Logs** > **Microsoft** > **Windows** > **AppLocker** > **MSI and Script**):
 
-Log Name:      Microsoft-Windows-AppLocker/MSI and Script
-Source:        Microsoft-Windows-AppLocker
-Date:          11/11/2020 1:18:11 PM
-Event ID:      8036
-Task Category: None
-Level:         Error
-Keywords:
-User:          S-1-5-21-3340858017-3068726007-3466559902-3647
-Computer:      contoso.com
-Description:
-{f8d253d9-89a4-4daa-87b6-1168369f0b21} was prevented from running due to Config CI policy.
+Log Name: Microsoft-Windows-AppLocker/MSI and Script<br/>
+Source: Microsoft-Windows-AppLocker<br/>
+Date: 11/11/2020 1:18:11 PM<br/>
+Event ID: 8036<br/>
+Task Category: None<br/>
+Level: Error<br/>
+
+Keywords<br/>
+User: S-1-5-21-3340858017-3068726007-3466559902-3647<br/>
+Computer: contoso.com<br/>
+Description: "{f8d253d9-89a4-4daa-87b6-1168369f0b21}" was prevented from running due to Config CI policy.<br/>
 
 Event XML:
 
@@ -122,7 +122,7 @@ Event XML:
     <Task>0</Task>
     <Opcode>0</Opcode>
     <Keywords>0x4000000000000000</Keywords>
-    <TimeCreated SystemTime="2020-11-11T19:18:11.4029179Z" />
+    <TimeCreated SystemTime="2020-11-11T13:18:11.4029179Z" />
     <EventRecordID>819347</EventRecordID>
     <Correlation ActivityID="{61e3e871-adb0-0047-c9cc-e761b0add601}" />
     <Execution ProcessID="21060" ThreadID="23324" />
@@ -132,7 +132,7 @@ Event XML:
   </System>
   <EventData>
     <Data Name="IsApproved">false</Data>
-    <Data Name="CLSID">{f8d253d9-89a4-4daa-87b6-1168369f0b21}</Data>
+    <Data Name="CLSID">"{f8d253d9-89a4-4daa-87b6-1168369f0b21}"</Data>
   </EventData>
 </Event>
 ```
@@ -143,14 +143,14 @@ To add this CLSID to the existing policy, use the following steps:
 2. Copy and edit this command, then run it from the admin PowerShell ISE. Consider the policy name to be `WDAC_policy.xml`.
 
 ```PowerShell
-PS C:\WINDOWS\system32> Set-CIPolicySetting -FilePath <path to policy xml>\WDAC_policy.xml -Key 8856f961-340a-11d0-a96b-00c04fd705a2 -Provider WSH -Value True -ValueName EnterpriseDefinedClsId -ValueType Boolean
+PS C:\WINDOWS\system32> Set-CIPolicySetting -FilePath <path to policy xml>\WDAC_policy.xml -Key "{f8d253d9-89a4-4daa-87b6-1168369f0b21}" -Provider WSH -Value true -ValueName EnterpriseDefinedClsId -ValueType Boolean
 ```
 
 Once the command has been run, you will find that the following section is added to the policy XML.
 
 ```XML
   <Settings>
-    <Setting Provider="WSH" Key="8856f961-340a-11d0-a96b-00c04fd705a2" ValueName="EnterpriseDefinedClsId">
+    <Setting Provider="WSH" Key="{f8d253d9-89a4-4daa-87b6-1168369f0b21}" ValueName="EnterpriseDefinedClsId">
       <Value>
         <Boolean>true</Boolean>
       </Value>

From 119222a9e3020880a781ecea97b359c5a48a6c45 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 16:21:39 -0700
Subject: [PATCH 156/671] Update TOC.yml

---
 windows/security/TOC.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 29c0a6f1a6..ac2bff22dc 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -32,8 +32,9 @@
     - name: Kernel DMA Protection
       href: information-protection/kernel-dma-protection-for-thunderbolt.md
 - name: Operating system security
-  href: operating-system.md
   items: 
+   - name: Overview
+     href: operating-system.md
    - name: System security   
      items:
      - name: Secure the Windows 10 boot process

From da995f12cb73b7b2643d96af830e68cd7197be3c Mon Sep 17 00:00:00 2001
From: Kim Klein <v-kikl@microsoft.com>
Date: Tue, 7 Sep 2021 16:28:11 -0700
Subject: [PATCH 157/671] Added colon after Keyword and removed the extra line.

---
 ...istration-in-windows-defender-application-control-policy.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
index 179456bab6..7515385cee 100644
--- a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
@@ -104,8 +104,7 @@ Date: 11/11/2020 1:18:11 PM<br/>
 Event ID: 8036<br/>
 Task Category: None<br/>
 Level: Error<br/>
-
-Keywords<br/>
+Keywords:<br/>
 User: S-1-5-21-3340858017-3068726007-3466559902-3647<br/>
 Computer: contoso.com<br/>
 Description: "{f8d253d9-89a4-4daa-87b6-1168369f0b21}" was prevented from running due to Config CI policy.<br/>

From ae3045451972d9fe90e2f132de4a24c1b72070ed Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 16:32:59 -0700
Subject: [PATCH 158/671] Create trusted-boot.md

---
 windows/security/os-security/trusted-boot.md | 33 ++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 windows/security/os-security/trusted-boot.md

diff --git a/windows/security/os-security/trusted-boot.md b/windows/security/os-security/trusted-boot.md
new file mode 100644
index 0000000000..2ab20d1e02
--- /dev/null
+++ b/windows/security/os-security/trusted-boot.md
@@ -0,0 +1,33 @@
+---
+title: Trusted Boot
+description: Trusted Boot prevents corrupted components from loading during the boot-up process in Windows 11
+search.appverid: MET150 
+author: denisebmsft
+ms.author: deniseb
+manager: dansimp 
+audience: ITPro
+ms.topic: conceptual
+ms.date: 09/07/2021
+ms.prod: w11
+ms.localizationpriority: medium
+ms.collection: 
+ms.custom: 
+ms.reviewer: jsuther
+f1.keywords: NOCSH  
+---
+
+# Trusted Boot
+
+This article describes Trusted Boot, a security measure built into Windows 11 to prevent malware and corrupted components from loading when a Windows 11 device is starting.
+
+## Secure Boot
+
+The first step in protecting the operating system is to ensure that it boots securely after the initial hardware and firmware boot sequences have safely finished their early boot sequences. Secure Boot makes a safe and trusted path from the Unified Extensible Firmware Interface (UEFI) through the Windows kernel's Trusted Boot sequence. Malware attacks on the Windows boot sequence are blocked by the signature-enforcement handshakes throughout the boot sequence between the UEFI, bootloader, kernel, and application environments.
+
+As the PC begins the boot process, it will first verify that the firmware is digitally signed, reducing the risk of firmware rootkits. Secure Boot then checks all code that runs before the operating system and checks the OS bootloader’s digital signature to ensure that it is trusted by the Secure Boot policy and hasn’t been tampered with. 
+
+## Trusted Boot
+
+Trusted Boot takes over where Secure Boot leaves off. The Windows bootloader verifies the digital signature of the Windows kernel before loading it. The Windows kernel, in turn, verifies every other component of the Windows startup process, including boot drivers, startup files, and your antimalware product’s early-launch antimalware (ELAM) driver. If any of these files were tampered, the bootloader detects the problem and refuses to load the corrupted component. Tampering or malware attacks on the Windows boot sequence are blocked by the signature-enforcement handshakes between the UEFI, bootloader, kernel, and application environments.
+
+Often, Windows can automatically repair the corrupted component, restoring the integrity of Windows and allowing the Windows 11 device to start normally.
\ No newline at end of file

From a2fbdfe3bb73182057ee1d80d9c0db15e8449f2b Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 16:35:05 -0700
Subject: [PATCH 159/671] Update trusted-boot.md

---
 windows/security/os-security/trusted-boot.md | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/windows/security/os-security/trusted-boot.md b/windows/security/os-security/trusted-boot.md
index 2ab20d1e02..5770dab09b 100644
--- a/windows/security/os-security/trusted-boot.md
+++ b/windows/security/os-security/trusted-boot.md
@@ -18,7 +18,7 @@ f1.keywords: NOCSH
 
 # Trusted Boot
 
-This article describes Trusted Boot, a security measure built into Windows 11 to prevent malware and corrupted components from loading when a Windows 11 device is starting.
+This article describes Trusted Boot, a security measure built into Windows 11 to prevent malware and corrupted components from loading when a Windows 11 device is starting. Trusted Boot picks up where Secure Boot leaves off, helping to ensure your Windows 11 system boots up safely and securely.
 
 ## Secure Boot
 
@@ -30,4 +30,8 @@ As the PC begins the boot process, it will first verify that the firmware is dig
 
 Trusted Boot takes over where Secure Boot leaves off. The Windows bootloader verifies the digital signature of the Windows kernel before loading it. The Windows kernel, in turn, verifies every other component of the Windows startup process, including boot drivers, startup files, and your antimalware product’s early-launch antimalware (ELAM) driver. If any of these files were tampered, the bootloader detects the problem and refuses to load the corrupted component. Tampering or malware attacks on the Windows boot sequence are blocked by the signature-enforcement handshakes between the UEFI, bootloader, kernel, and application environments.
 
-Often, Windows can automatically repair the corrupted component, restoring the integrity of Windows and allowing the Windows 11 device to start normally.
\ No newline at end of file
+Often, Windows can automatically repair the corrupted component, restoring the integrity of Windows and allowing the Windows 11 device to start normally.
+
+## See also
+
+[Secure the Windows boot process](../information-protection/secure-the-windows-10-boot-process.md)
\ No newline at end of file

From c8967bccca8fe623d7fa09ba332686ca3a66752e Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 16:35:53 -0700
Subject: [PATCH 160/671] Update TOC.yml

---
 windows/security/TOC.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index ac2bff22dc..eaabe3d79f 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -37,6 +37,8 @@
      href: operating-system.md
    - name: System security   
      items:
+     - name: Trusted Boot
+       href: os-security/trusted-boot.md
      - name: Secure the Windows 10 boot process
        href: information-protection/secure-the-windows-10-boot-process.md
    - name: Encryption and data protection

From 2bbebaac8a662c43d1c27119078b73c189a6a44e Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 16:43:46 -0700
Subject: [PATCH 161/671] Create cryptography-certificate-mgmt.md

---
 .../cryptography-certificate-mgmt.md          | 43 +++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 windows/security/os-security/cryptography-certificate-mgmt.md

diff --git a/windows/security/os-security/cryptography-certificate-mgmt.md b/windows/security/os-security/cryptography-certificate-mgmt.md
new file mode 100644
index 0000000000..712d4806dc
--- /dev/null
+++ b/windows/security/os-security/cryptography-certificate-mgmt.md
@@ -0,0 +1,43 @@
+---
+title: Cryptography and Certificate Management
+description: Get an overview of cryptography and certificate management in Windows 11
+search.appverid: MET150  
+author: denisebmsft
+ms.author: deniseb
+manager: dansimp 
+audience: ITPro
+ms.topic: conceptual
+ms.date: 09/07/2021
+ms.prod: w11
+ms.localizationpriority: medium
+ms.collection: 
+ms.custom: 
+ms.reviewer: skhadeer, raverma
+f1.keywords: NOCSH 
+---
+
+# Cryptography and Certificate Management
+
+This article describes cryptography and certificate management in Windows 11.
+
+## Cryptography
+
+Cryptography uses code to convert data so that only a specific recipient can read it by using a key. Cryptography enforces privacy to prevent anyone except the intended recipient from reading data, integrity to ensure data is free of tampering, and authentication that verifies identity to ensure that communication is secure. The cryptography stack in Windows extends from the chip to the cloud enabling Windows, applications, and services protect system and user secrets. 
+
+All cryptography on Windows 11 is Federal Information Processing Standards (FIPS) 140 certified. FIPS 140 certification ensures that US government approved algorithms are being used (RSA for signing, ECDH with NIST curves for key agreement, AES for symmetric encryption, and SHA2 for hashing), tests module integrity to prove that no tampering has occurred and proves the randomness for entropy sources.
+
+Windows cryptographic modules provide low-level primitives such as:
+
+- Random number generators (RNG)
+- Symmetric and asymmetric encryption (support for  AES 128/256 and RSA 512 to 16384, in 64-bit increments and ECDSA over NIST-standard prime curves P-256, P-384, P-521)
+- Hashing (support for SHA-256, SHA-384, and SHA-512)
+- Signing and verification (padding support for OAEP, PSS, PKCS1)
+- Key agreement and key derivation (support for ECDH over NIST-standard prime curves P-256, P-384, P-521 and HKDF)
+
+These are natively exposed on Windows through the Crypto API (CAPI) and the Cryptography Next Generation API (CNG) which is powered by Microsoft's open-source cryptographic library SymCrypt. Application developers can leverage these APIs to perform low-level cryptographic operations (BCrypt), key storage operations (NCrypt), protect static data (DPAPI), and securely share secrets (DPAPI-NG). 
+
+## Certificate management
+
+Windows offers several APIs to operate and manage certificates. Certificates are crucial to public key infrastructure (PKI) as they provide the means for safeguarding and authenticating information. Certificates are electronic documents used to claim ownership of a public key. Public keys are used to prove server and client identity, validate code integrity, and used in secure emails. Windows offers users the ability to auto-enroll and renew certificates in Active Directory with Group Policy to reduce the risk of potential outages due to certificate expiration or misconfiguration. Windows validates certificates through an automatic update mechanism that downloads certificate trust lists (CTL) daily. Trusted root certificates are used by applications as a reference for trustworthy PKI hierarchies and digital certificates. The list of trusted and untrusted certificates are stored in the CTL and can be updated by administrators. In the case of certificate revocation, a certificate is added as an untrusted certificate in the CTL causing it to be revoked globally across user devices immediately. 
+
+Windows also offers enterprise certificate pinning to help reduce man-in-the-middle attacks by enabling users to protect their internal domain names from chaining to unwanted certificates. A web application's server authentication certificate chain is checked to ensure it matches a restricted set of certificates. Any web application triggering a name mismatch will start event logging and prevent user access from Edge or Internet Explorer. 

From 0183e07657c000345c700d8565d55993d6759891 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 16:45:10 -0700
Subject: [PATCH 162/671] Update cryptography-certificate-mgmt.md

---
 windows/security/os-security/cryptography-certificate-mgmt.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/os-security/cryptography-certificate-mgmt.md b/windows/security/os-security/cryptography-certificate-mgmt.md
index 712d4806dc..282fac4632 100644
--- a/windows/security/os-security/cryptography-certificate-mgmt.md
+++ b/windows/security/os-security/cryptography-certificate-mgmt.md
@@ -32,9 +32,9 @@ Windows cryptographic modules provide low-level primitives such as:
 - Symmetric and asymmetric encryption (support for  AES 128/256 and RSA 512 to 16384, in 64-bit increments and ECDSA over NIST-standard prime curves P-256, P-384, P-521)
 - Hashing (support for SHA-256, SHA-384, and SHA-512)
 - Signing and verification (padding support for OAEP, PSS, PKCS1)
-- Key agreement and key derivation (support for ECDH over NIST-standard prime curves P-256, P-384, P-521 and HKDF)
+- Key agreement and key derivation (support for ECDH over NIST-standard prime curves P-256, P-384, P-521, and HKDF)
 
-These are natively exposed on Windows through the Crypto API (CAPI) and the Cryptography Next Generation API (CNG) which is powered by Microsoft's open-source cryptographic library SymCrypt. Application developers can leverage these APIs to perform low-level cryptographic operations (BCrypt), key storage operations (NCrypt), protect static data (DPAPI), and securely share secrets (DPAPI-NG). 
+These modules are natively exposed on Windows through the Crypto API (CAPI) and the Cryptography Next Generation API (CNG) which is powered by Microsoft's open-source cryptographic library SymCrypt. Application developers can use these APIs to perform low-level cryptographic operations (BCrypt), key storage operations (NCrypt), protect static data (DPAPI), and securely share secrets (DPAPI-NG). 
 
 ## Certificate management
 

From 54483578098ba7e62c5519863d304d5e4d347300 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 16:46:46 -0700
Subject: [PATCH 163/671] Update TOC.yml

---
 windows/security/TOC.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index eaabe3d79f..b7e9b9d4b0 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -200,7 +200,7 @@
    - name: Threat protection
      items: 
     - name: Microsoft Defender Antivirus
-      href: /microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows.md
+      href: microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows.md
     - name: Attack surface reduction
       href:
     - name: Tamper protection

From 0dd024ba903616a80cb1451b13d9c16199a91bdf Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 16:48:15 -0700
Subject: [PATCH 164/671] Update TOC.yml

---
 windows/security/TOC.yml | 22 ++++++++--------------
 1 file changed, 8 insertions(+), 14 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index b7e9b9d4b0..2e167de1fd 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -199,20 +199,14 @@
        href: threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
    - name: Threat protection
      items: 
-    - name: Microsoft Defender Antivirus
-      href: microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows.md
-    - name: Attack surface reduction
-      href:
-    - name: Tamper protection
-      href:
-    - name: Network protection
-      href:
-    - name: Controlled folder access
-      href: 
-    - name: Exploit protection
-      href: 
-    - name: Microsoft Defender for Endpoint
-      href: 
+     - name: Microsoft Defender Antivirus
+       href: microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows.md
+     - name: Attack surface reduction
+     - name: Tamper protection
+     - name: Network protection
+     - name: Controlled folder access
+     - name: Exploit protection
+     - name: Microsoft Defender for Endpoint
 - name: Application protection
   items:
 - name: User protection

From 05f28657b0c54c27281c27e804323c4af0052b09 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 16:55:45 -0700
Subject: [PATCH 165/671] Update operating-system.md

---
 windows/security/operating-system.md | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 107e6ed663..584a85b7bd 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -13,14 +13,19 @@ author: denisebmsft
 
 # Windows operating system security
 
+This article provides an overview of security measures built into Windows 11.
+
+## Operating system security
+
 Security and privacy depend on an operating system that guards your system and information from the moment it starts up, providing fundamental chip-to-cloud protection. Windows 11 is the most secure Windows yet with extensive security measures designed to help keep you safe. These measures include built-in advanced encryption and data protection, robust network and system security, and intelligent safeguards against ever-evolving threats. 
 
-The following table summarizes the operating system security features and capabilities in Windows 11:<br/><br/>
+Use the links in the following table to learn more about the operating system security features and capabilities in Windows 11:<br/><br/>
 
 | Security Measures | Features & Capabilities |
 |:---|:---|
-| System security | Trusted Boot (includes Secure Boot and Measured Boot) <br/>Cryptography and certificate management <br/>Windows Security app |
+| System security | [Trusted Boot](os-security/trusted-boot.md) (includes Secure Boot and Measured Boot) <br/>[Cryptography and certificate management](os-security/cryptography-certificate-mgmt.md) <br/>Windows Security app |
 | Encryption and data protection | BitLocker<br/>Encryption |
 | Network security | Virtual Private Networks (VPNs)<br/>Windows Defender Firewall<br/>Bluetooth<br/>DSN security<br/>Windows Wi-Fi<br/>Transport Layer Security (TLS) |
 | Protection from viruses and threats | Microsoft Defender Antivirus<br/>Attack surface reduction<br/>Tamper protection<br/>Network protection<br/>Controlled folder access<br/>Exploit protection<br/>Additional protection with Microsoft Defender for Endpoint |
 
+

From 56fdc9752e95139409d66077f640a71a22ee1286 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 16:59:28 -0700
Subject: [PATCH 166/671] Update TOC.yml

---
 windows/security/TOC.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 2e167de1fd..eb58b0f6cd 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -200,7 +200,6 @@
    - name: Threat protection
      items: 
      - name: Microsoft Defender Antivirus
-       href: microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows.md
      - name: Attack surface reduction
      - name: Tamper protection
      - name: Network protection

From e741bf1cb5bb53dacc48639b2bb656e17b21773c Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 17:05:35 -0700
Subject: [PATCH 167/671] Update trusted-boot.md

---
 windows/security/os-security/trusted-boot.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/os-security/trusted-boot.md b/windows/security/os-security/trusted-boot.md
index 5770dab09b..4a2e241a83 100644
--- a/windows/security/os-security/trusted-boot.md
+++ b/windows/security/os-security/trusted-boot.md
@@ -16,9 +16,9 @@ ms.reviewer: jsuther
 f1.keywords: NOCSH  
 ---
 
-# Trusted Boot
+# Secure Boot and Trusted Boot
 
-This article describes Trusted Boot, a security measure built into Windows 11 to prevent malware and corrupted components from loading when a Windows 11 device is starting. Trusted Boot picks up where Secure Boot leaves off, helping to ensure your Windows 11 system boots up safely and securely.
+This article describes Secure Boot and Trusted Boot, security measures built into Windows 11 to prevent malware and corrupted components from loading when a Windows 11 device is starting. Secure Boot starts with initial boot-up protection, and then Trusted Boot picks up where Secure Boot leaves off. Together, Secure Boot and Trusted Boot help to ensure your Windows 11 system boots up safely and securely.
 
 ## Secure Boot
 

From 5b674360a60e630512905866afdf6f162b2bc760 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 17:14:58 -0700
Subject: [PATCH 168/671] Windows security app

---
 .../images/windows-security-app-w11.png       | Bin 0 -> 54380 bytes
 .../os-security/windows-security-app.md       |  37 ++++++++++++++++++
 2 files changed, 37 insertions(+)
 create mode 100644 windows/security/images/windows-security-app-w11.png
 create mode 100644 windows/security/os-security/windows-security-app.md

diff --git a/windows/security/images/windows-security-app-w11.png b/windows/security/images/windows-security-app-w11.png
new file mode 100644
index 0000000000000000000000000000000000000000..e062b0d292ab01d85235ee266d0c143dc5760b1e
GIT binary patch
literal 54380
zcmZU5c|25o*uGYhDA_8Jk|ZI7Y!i_dd-gR#$i8oxB7{&0A$#`h*|%hwWKS9zOo$=t
z*v2qse)o9Z_w)PX{iDw_&YW}Rd+zVOT-SBq=Ly$TS2;$1nx2M+=GfgkO4>9u`y*&*
z_L1lg!x24PbPxRJh|3*AcN!XI59+^t<2KwraFEvHu9`CK^btB5Mq%$lzu~<@$_5?^
zo*uT&ZZ!GD-FM&+g9jW^vUY#uX6NEz=j=pt@(9lbI8IMJe#_a#*Uj#+tq08~rfz9C
z%D8vb&Dw%`>NyWPM{Anv1g0bK%@OK151eg0ye-_UX-r)x)YFgd-Q3Rok%I-C>PA!j
z<#P-irlTI#w{UZ^b9zkk<;+YN9Hag3dQZ1U)-)TG;Q9YO?Uu8nqqUO<&1QFeGaNfi
zJx#~X!@-&+Z|TP+8k%!7ca;=$d_F9U*}XEIdx|40k1RC}HC8Vb#eJI8=1n%PHY!@G
z`uWyjM6pZMp*24Co95diK?;0FL}EwA4~j*+Zg`1Ouz9B7@Fj4fg?FFqY2&x7cL&{!
z<46BFZJaMi-Z2t<TUp|5-j~Gw^G2Pn;F7WzE0IF;qOHKcPYyR~KW@I8h9e>(aK2oM
zbUZJPD>|eH{=9S!KG5-0UD`F{;#F3m9)6jkq4jRZk7OF0iSzYIW#=?doEp48?$7gL
zn7kxO_cAv)lYd?wwY-5-8gYouq-2l3-uf8&LdF!WM@DUa97n)SEbHsXaKx$aG#F*)
z)CVjVYdU01pJ-|=G#WN4ocQ87hGO&JBAl73TXJl^q@V?>876Y^@)!IIzB)DBn?`7y
zaH&`uU67w62TRIZJkrIxj;Kre$b9JXlA@*F{fgXDW`A%%y!<R~Iaq$#bu<<e(kgT8
z?tHRbCsSA>58m}qM+)aFF6ATsm#|FKE5tM=OP5;xeiE#vMBJC>H}p>VqqF%VRwE-a
zOC-;2x0c6S56pR#I{IS{CoKAzS?;_}JHgYYq8v03YkjFHEh6(ceaOq(S++@DU5_Vi
z(0_foBIfJHZQ^br_$89njEa8s=;Y5=%MIJmB0q3_PO6T>5&6v?Um}Y*=`*v09Oq^w
zRtGeutSsZzefyTK$NHv*Ib!k(?wx;g?sU}QKI~R*LX+Y30rQ3*PSti2$x7!>OyYfx
z!-cRnZM_q|T=CXgC1^YG(+VM4TJIiC^mgbDl-}iTAD@`9skkeC`eJfVrrqzUIyUMC
z(v`KJe?u2)p(zk&E0N3*dg9<MU0rmK#(I8fV9hC~Q01<27tSy%(aStk%O9USay(oK
zp6z{3xFcr1se0tAwdWN5W8~~eiQv+^Ykt&QzFf@lzK8XicwFDZcG+2wYg}}_0l%-h
z!j++(Fkj`EW%t`LSywtbxS)WEMR7N>ZV<n`Zj$);GWAlG9`pHuMXz8UQ&V(!yQQ(H
z_Pi8h^i;Z?k&A3s`HC!)DSG+Fh1z0&jK$-cu*Ov9T+Cwm=g&$Rn(0IK83h9QIuVJ9
zrv&2Y4;(naLLXwR{@JWVOiZkGc$lNiV4=yZV#wZgY4nDUuC=9Qkd>%!UtgtTa%bn=
zi1zb|s<#EQsm|_WWnX#v{{8y~@yfi+E#hh>XzPa$pEWf#(T)?_A1Cp3b#?Jad@VMu
zFBOcON0-E^@?B<&H1=RU6ExXzZ!)DIB1Ju{8XK6*ZXWQ)8~c<U?dgkeXTRaQ${V8i
z+(ZcV`}gS$zZ4T873mb4z`)ds$9?5hRULo+oU1fC)>Y2WLaz|gFRtccigM-rJ}pWE
z7ui&FCObEEc6T$NVz@7{MQRo4!S*sRF-_G8J$Uc{JfM6;Fhi3+&&f;r?7t1^MXzLc
zT(6cu90w=o-&$PitwC`(iuW;@v80C`(m2vpZYzGeMMtJ@O@!gm{kjI9RF#Smr9pAH
z&4BGYr|SFJ+8IOkZ|-GtN%My)@=W5T3JVKW)zl{HgpzXJ+~HlSkFr>{Ek~Luu&yg;
z^qXIH$4@GQMM81DRuzVVU5Z*PIk~xssi`?eMWPZCw}lcOd3nXRw=2u`P5sP&@IL3%
z=r^VF3ZjWtaCofV`$3W34gXC+f5OuAS{g;Rt~iUIe%dY3tG)-GIaec%Y9~1DWDF`_
zN8sb2osEqRKU?GrMIIruhCBH>=M%bMWk-)5?e6Py-`)0<?YofH=RVbOOrDI7!Rm)-
zQ(adk!P@YrePw!e`jnJX)<AmmA3eIT){olx=>wkCn6dJn`{HVF*&{=?$GsnTxMJKF
zhOaS)x3PWj?VAtSC^X+qq9lwf*<mE&t>38fNvi#-D}I#3hus+`e4BP_n{q8SZ|;45
zfVR{zd1S;;PhY<ixAv*H*zMoX%go^igM)(w1qBa2FCDOTnfr0EU`T*n$b{~z)%iE+
zIs#=44XW~Kk6m0|dq_uFaE#Wt1~bWTJv$@m^bjMFtsPDz`Z99K-jPn3AraT!by>q+
zf=xQg1veKlsHiiNB5JV#@)`nhmUedGk?g{6JFPg*oM{z#b+xgU>d(VX;%Z0r_Nkmd
zVOhp8;j)!c_|(O{AjR77MXSZv2@&vC`%3zo=idy!y?(OND9WfPw4eaK0&B3)k8KRY
z_v*Q~c$tsf_K<v1v#ZIftgAcH=r2jLv$+V4CBOCO0DZ{*A^SMk&@zL+e_Db~8vWw*
z3Y7)fAeD$FGGu7d>FQo%2%bX4WX(%+2dwO)W#oKlZ5<LGe&olT_$BoZ=_W$7`y|*R
zEie+`eg=ZKrBnEld$a}OR%BzWL{Gi=rOMa(<qJ(~YwN;TeFB(cduK<BB_u$;Z+%_-
zl1A!ZN#vSj^|~Z=n-v|LLoHsb=W>tWTPH+{^djTpSbr~it>l)JIN#5yGmKZRHR-5w
zWIQXaR6l0p>UxbX$GDPhDr3??C}D~axJ=+Ud$!%v6cR$c_j1mNgQ%?Rs~o#F%WKhG
za^F{0MAp{Ue$IQE`ORH~Mci<oVSp7wq@PgM0ykJE5FQi`%`Pva#MM%fWM9~zFq|)(
zucxOc6-bf_V?1jK9uG@m<dnKujhXIF6#Kj8o9a7riba_xQMLSW9~VRG7ZHYN&KrtS
zoHkBQjDzA}I<V9#krY3wN_{{&Wvx58gDo=`$tKhwGB?M@>zv#*LlXl6$6nVq$E@ic
zQf{wWd|2`r?di%%i}nm&+&N53dnByYc-1nHn+I`s=j0t{{mHT6AQUpt`N>(Nq2wp$
zdiUH%{;8<xu7n#%vMenV7j-Ag>5Zs1HMXy)eTm_5))9z%Xc}h0(XvuOLFE?wn_+GD
zpUc`hClOjz-?OjA`b?r47j~y|Tze@cx`>}XD=X`-+l}q*?W*=<K5BNq)aBL3PI$YK
z`g>`RnvQp*sOd;iR&B}P2c~9Qd2jz@<s^#uxAzTrnyL;mRC$fiM`Rwn)yAy2SKq2i
zWEkZzRcF`t`3<Mf3JZa4l+HgdC}=@b4a3ux<=rfIewl;iEb53vMIfAlplDrvcY+!Q
z$Gy?@E#JpRCHS{BHWThS>uQchIN|obnH-4yNnIcvkHp12gaKakFC#cJlYh2O=+^hW
zb2Q$c8<YEX{v@)#!M^fd#mKu-e(DwY7b~*MEmtDQP0t`jLcm)Z#;+^0P%rTblI>>;
z47^yTR|xg^E??~W#zuyn(Q!6Ybew$n-c4nOpVBHTYk`|<=eLnavQWOPMDJE(+Fd{V
zaZSp}nD<-p+1v86icxRPpPngB)m@{boY~q()COHRX$Qrho3G#RwyA)mtD|eme(rxT
zfD2Xu%%`J!aW9?WeLgfb$;<Y&x_(Fx;$RF5MjfTz^JU88!E~S83`>-&rf!^K#<Svi
z$Staaywqg6R9CdU<R!TG+xUT6j8`Dj=lAVvvXB(uYbnOKdxz8pXXoczs}{qgE&f}g
zoUDuHXU8*YgWqs#9HIN3IbyUG{xgK4tfuBVv9*81LBcldLgRl>C6$4RmF2nTgr;KV
z-qyuVRmoJ0_8nghcA#9^+YBy5b7}RpddGO2mAlP<zj66U#Gc_SA5f7Jd~D0%<==Cn
zmuh!4_kQhoa@|G#@Bgg#p7E0Y^1qq-Y5DyBbCO?PilI~W$w&tCJ!>okBp+_CKP0ED
zCBkq(cdX&uoG(|E<CGL*Do*ZK(JqVfn{+=W5<%T-i0Vvji=*DkT3Rfes0_Wr38~(z
zSb{8*uI`Z#MWrk)9o?sb3LhmuZytVt_T=t*vi<zYmEeLGX4C}*yjzmtw@<oVjj^`3
zk1#6oy5HXKY0A+0(8}tCX}wp5-RUYv=efJie`%|ZvJ1IDEfegrbZ~g}bZ7HK)NSs&
z!`dt%evQ4Iv6oJ9a6EKyU}zP2R&>gbP;yu6-PL3DWPi`ewj-*8e^(};vRyv%k!q}(
z_5->srs(!^!Md@f9EAbb4=P-Y{(X?5giPz&o|H7gYTEa(MxtscEMiP_eN1N5uYSUP
zOZob$S4^2;B()r6sl-rAd9BH9Ef&$l?yD$GmWxs`<A190!(`u)Dz#b@z7+M7^dU}1
zBG06G*NgbpyCaty2>>(zsKl!0I@hWc&yR1`de;dj%Pni^c~bWeKMQ`n9(+?e<u-c5
zI0#6DZPIP=)5pkU{>u?xfBay^k~gcvZ)XJ%yUaU87@({Uh+p+FsWr(NoO|7A7397a
zHh}*1%f&Q7M}Sr5oPS9dx23)=tFo4DHAXyHO<ZltJ#B}R7?4_7dELx^@j4(G^R2J!
zQ1}7rGH~ydOxHQNn2`y9_@ZtHL+lB}eXVlr{cxjIBXISkJU(2*1z><;hNg=!t8z<~
zBNXl&yB}z@3NLf5<9oq`E&z$5i6-8QkfdS&lflvzGmeiqc#XY#4lt@n?*eo9>wDS1
z4z=9NR?HpbfxqtX_IsX1dtQ#aS5thSFZM{UX+b>IrFvJt6sD>THaIG4p*K)<ud|2j
zwF-xZn~{iGlV}KFujTP5oNrBW*W~1R=O!W_00TVU)y!w&kXtP$AU?p6ZmWOqnxLmo
zrfnSr)Cg$`FabE0dTwj>{REEFrxnqjGdNu0hYxM8oQ&M^s<K=vXwSgy!L-%w`I6W^
z9N<`}^KUzOr>3SjLR(f>MF9pw*19Gt$~;;)H)p4wDoaJ7P#I?`(sl(?ad>Ye!Mg$9
zaRwe7>fxy~XAU?WZh#*QIm%w+GO-^(Tx%H9+K>CfW6W$<yDZ(@-hwaDpj@Fw<~BE{
zT~LWW&KNf5Rd1Wr0k|0ag$rODpbs<OY1Z2+Du#xJ6Wbf}pN*~py1dQLGAWiuWVmqQ
z0+<1Sj}M%mhn{DlKP11AukohSs>WlE8SumxS57K4Ix5_-@-2skn)@dQv?RT7OS>Z2
zPxK!P1d8VmPdHQ{0ERnN*E`j0Xq`TNdh!wX4hLeZg=uRW-P{Yn!bMC6q9F=FSwrON
z2wW2vZ;L^a9+5YlDe(YIWtJOSC7bZaJWMYobOB|#@pM}pxr;{jz?0Jem1@}h{X|tm
zLrhW<l}4URTOC^tOnCl$A8b!Dmc$464Z;ZU7=R;86&3qpw|`aV=@rs6Z2U5AAaBo$
zC-?kmP#gT)7Jd?38#ccu?u!0aS2O8;-I$Z+n^A{1>iIg8@GUSyb8~L0M_?&rLNEbE
zafckxMBXT=C@)v!i=Bv)9RI^aSz!V=&c_u)i}RcQ&PugrhUP<n)y~Kr%%@METmYw%
zdzy)or1f0HML@sscN0F!xwO3e>)*e;NIW~T1uD<(?yf;RD?@uTJe^eZE!dDswAoaT
zB=+Or+^Fk&bE>Vm8>2>+o1i2X*dXcLrap)_XAaA}*x|1&zAu{icSzqHZofv}SzfCw
zc^YNDQ)xbh2E$QNhkmii#PV)qGYW7P@EQ}a{&FCp{@uNcss2kh<ab8;m>I(c#G|Um
z{UYyW2U#1oY*b+!Aqkt6Ji<tXF>%j~JWk904^RWR+QLs!Z(%F`9fcsf0t)92+~R?-
z`42a~x$|ORVBk-~t&HPo<n`QZYA4a25E_3+Yuy9zk>-E16U;KT^H;!iuSrSOESb%?
z-Duis7oMyWx^m^pha2vpYq-8O<K_)xh4<oWvEJjpVSrK-n$|Bu{LFbIA$BSdM`vQT
z(LS^NJYI{xl?#V5O@ydhGcz+Y>s1ekGH_ZyFhtIOQ<I-%Yak}DZKzN`F)a;fUm%5m
zL~sa6G6bW|k!LYg#6>LG5x9RvMFnXk3_;EAkW&#q(hgB;ibK&3V?^}SLyp4`w$<I!
z^VxPrA_+^b->gIfCXSjv>`Rqv*xkgK)VS<Z8-#FyDo;&tKYy}7%4=y+U}Iy0{E6L)
z!loMt9!3F9oUK#mXW8$hH%qGZu5yIL!j<}T(-6FM!%r@cbdmW8d<<6#@{sP?+L8jM
zZPFYFffQLhud1qgJhJ^)<v?Oe%Jll&AV;V|zK-IcI1sW#)wg$eA?h!2GEUVwX=ZqG
zhQW;wPgGzQ->T=L$6_Eu!y~H1a2*S+i{VD}wgl6LE1j2$KDpj%Vr)EBR6U-FS^Qxu
z{w!HR;&c=hDN{+&`8N--O-~!vdS$x1yEO}k0KFdzDxo9+Odqc5$$yX=<Qq|I!f1-j
z8(*Rp!!0^l7v*bj?u@$f4^%liU;_WHvFwTz*qyE`cHdgDfUMZvyjx9)AI#MdyLJr-
zjn(paBjlsag^^b9%H?K?JP?kLdWA)W9z^tCN{I!BPN6O^-a+v_cEw@PoK!tzKj2gi
zfR6@hFqH=MrpTcB0yo8|NogQUB^dP|&?f$>Zc@(B{6oa0<qp`2+_(`wUk7<qb+EyD
zwsy!Kva0jSFJos{>bf|kzAP*(Tzx)jer$Ya!>H&sV8C%GdhOlas{I1E;j%{xto_Zo
zWLMIYbqx1NRpZ=bqOJHniDYZS(ilsmvixRQ%$q*k-28m(4Jw3cV_dsw%?12lZ7rIc
z6etz&)18G?8PE)VB8;1vJ_N8`mWj}ygT#%1EfGk#s_N>@;Yu7_TtJC33k0aKwmRJv
zu!F%evU!3pgK`jRu>#iuU+UhNM^jT;Nz=AKhUQDJ`m+ZwAq{?ut1+~uV;0?j|3V1B
zt!BQxxj;>IRQI8ZCC{HfKPOdRe81Aj+Q}&zN`r`~=-2w?rmo+=jWp+s&CF)Nr9jn5
zx3tAbK$!qub^G@1JAAS4?qwS<c?u<DK}7-Bv;xT`7QlghI(GaUA}l22PzMTi>g?I+
zRwjg%r|0$e?!yie!Ma%Ty?Ib|9=<0pR%7`Rx-63TfU$5&d%U!%2)Ez>UY69uS7zWa
zM(;rlvjv9V`pw%zB}61X?CtK=t>23hp%$ZF!~NX!V+(zY5Hq~YBR@ip_1MG`u*ftj
zWCAHlJw+O}m@YI9hr>}NAn;2F#OIKc-23DJMNBM=RDd!da{YQpCO@Zq00&e9$b>+r
z;bMR<ar$Ne8v5-k!Cp2XLpfESdGV>N>>5~*TI|XUUI8}*7EjIp5t%EAeF34CWi`df
zN8+cgJw4;Hvo8YmG%zu-0vtfK@g3f;iDHl80D~Emlb#e%WJ#ydhpw(~YHM!*xKWAb
zoB&^Hk%KG?;k~dR$S!R5am+~!fzT+@qpqd}Sj7Iq0s#<7EPQ<v;WD83!p$VnR2;Pm
z`mOUrVg<npzyp=-g3JbT2o*Pc|4t7NzkqE{o0zcZO+)m}4dx~$CqDv6pvrfPYNMe&
zL^!ZgpX(ug7GP9eG40~2M2|<jwQr!52j`{P4YX4=;HDPM`PRTMJAF(b-we)OJ$5Y6
zxfS%TGSC5$NCZ$<h5{D=L=eIcgc7JY88QUm8X8D+Qs9;mnJ$o$L&L%V*mfldSCp21
znVsc_%Erqap5Eyr#R*jsl%2SH7vCov<m*sj40tgv4M_!&<gFOW`vbI$EB^{h-rmc0
zvio8R+LiYbCk-TD_z@6OlX9-f$@Nq|K@V3xVFyXeR6ptiq{Dwhg+SB5VF7%C{^ZFs
zR^<qL^FA?=hlPH?zH*C9XztT*T4n9%=&-Fc0^P%?hz-}5mOJ85?u>0pPqV7V9P`t#
zPYSg*)F~YL<5xH&K>Zp7P6)a2Mt{hbP{<EXctFIziivUlEp9?B$1w>71(5PVO6;@}
zHRvw1`#ocUzk4Kte4YtYHQ@Pl3@^E3wruZ+<R5W<y_i;FZ8+cb%m3;bZ!dfd4%-TB
z1LNG>Lk+`a3VGT6@3%L`L2r@c<PR-T#xw#EP=)y;%9s2|=+A;jb#;R+#-e!Ee`MeP
zR8(|LR#p|9Mg_5b0z{;efaxm?$Bq@ruu~d#m1W7kTaiwr+Wa$pC4{C;iIq*9h|_dc
zC^bj>ND<Dkq`l0}3#7vf|D+f>OO0&FZ7J8xA5&?>3=++o2mdXNPZ8^XNJY0ohL`gE
z$C9=)ihKY5ea+OGU)ZL9A11AE*x#%X_f(i?0n!xd?<E9)ckO(Z=AHWH`x%-w({&Q{
z-i<s16hG(J<38r5=wo`131+c6%;17AQ|7|yB1(PTSNw_Ni;CSg=GX;}#+dnIKA>CC
z=@}E8nyXoHUe(J))S0tqF9Q1X*CY@KB^cHjCtNB13E{`<T_-dzq>Ps-Q&kFOlIt)1
zp^s8m4Ex0Sd5p*}V4sRR5!uec&HXqaAYhE}@hg?@%8vQ5ix7Ul-${KRG3ixqDqzn{
zM-7OwME{=4<-}qt+kG+o?w~R?8PS#fe<rM;*)V9Y$EwNt+WIQ>oZ}jyQ6tV`-k<pW
z5R@#t;{ys0ChnSXxe6N}m;a8#&f}~95xr%`vl`;f0)zXC%JHX{alQn1q#t+n5ZXn!
z1dI7YbsQfSCoET3vTobU91&etLwl)(d-<<&#OtcU(qwkMM94yCx!dirQQUb<b-%qI
ziOoex1oAs?N(aXNEBcGY^z=@cZ3qQphyVCzMU~+Bu@8_c=l;Z>wc%>BsYk7ochyO#
zO|szFqHm+j+Gzgeo!}Zw-&;x&GaEd!tU$GM%+&Loo88aEx)`0+lS#jnUf%MJDn5|v
zzoszZA~n3(C-Umy{c6+@a)3!I?p}ynttzxf()wuY;~o6$s);v+<L>cC0QwzSZ$+02
zimPP}*gj0+qe^7g&O{vschnJ3mf{>wI!dbjkEa25jcj+?sfofY5>3!Rz91x_v;d!n
zZbJ0b>#pfva_FkXKhiQOjBuO59nX4nojLHM7PFxYP1`~DX7oR^MzdUy&HHe8*_i2R
zYwi4>XO~ai%pJ_o&IgurmzO!O;QPOS0(c+UVfF@ZbgCIhMt~j;A3ppNHAQfrn_oA}
zb;Llhg3J=z>9D;8au1x}Zs}^eh4rC|f0GJhl`)x_H^){Doa#P1GO6JU1?dNDS-Q%p
zQ2@7t^2Kkv<bc`iOQYBx$jamg@*q!IxdkNx5)_!E(F|4P2oN<X2f7Gax^V`Ap_%+G
z<laV{q@*Nt0X}N-YYMUf2m~Yo3KDZTRj&qd5{l5A2XuZs>P-RY{Fmc_g1v0Fd=(uH
z8QiWK^FHUUEEj4`7V1buCP=W)lUqQfhVn3AD=xJRIvrJjzYhB5nrz*e5M*f3m8&rq
z<L;dRT^~IU<veqMztf6YR~On^vvtupUj-V_``_nu0_6pn)vI2u8k0TZ@V3V$_@)PF
zBdUXKo~BTwLA3?}Tsj3r0jQL)NZ2*mzN|5)LHMiP5>O~~H*|I3sX-40TFlRK9-t=f
z@AB0#r|SG6dpI4``{;s#S5Z;07FSdDu5!8%MX*-Z04x?ngDOYRbv0Q+OoYPb>jZ^`
zp&rH*6ewtZNJ^p)6oN-Ap4ToMdZ~22WoMouD|q!PNZHX-A|fJRK-CMi5RsQx7l;Fl
z$f68=6|H=optNjI>VG&$0Oj_mAM^CLF^*S;ha0j#<o{s@Bl}f&e*iBt&*><@T7c34
z3xH8?-MR%UH7e3uF`*>92A8iN>+m$am(3h+eF&jX-kHGGFZQD!P_+bibo%T*9@b3h
zS^Ao#9(xmhmandy>S^*l?UC%k_oz=A9lgJqE;1&9dzB<$lc9Mowo_9mq1J2hG{gpw
z0w}-GH}gqF0Sv#JI|#xiJYT=~F;J8H;lzBsLfCC!kbZtix3gNleWL^J26YTS>fUF;
zaag~^EPKGV)EO%e^{}7-8kL4dMgZTb0#d$?CD2aGvX=z~U`PnMAjb`OIM^A>vO9uo
zk3jQAxl)0qSqYSH(0-s2g2%xggYd69_|ZTR8XTZ1fsr%jr2&ZYy}2VIBNJ)C0jL4w
z%M^9ksyn>Qzy}_3bkv<gW3hc=eX_w89RD!{Xt03~QweakwuO(+`~M&kbjqwK<Xsw|
z>=mCsw=Ip;yK;sBa)I>&!TD@dbngAB&=Wes`g(e$j%NnN0o@zKw?mOH6}%!PiTKON
z!0^YH3$Ro=ESsMNTm_I34e-7YoG;+Jep_)s)JJEQJ?l-O=)>0z68Av_w6J&%Fbm*E
zWMm}xKR8ld@dJUlpq(iM8i{y~_%ZpvvjBis<~*dK2M68*d8tMCV&KZBA$tYZ!8KW^
z?NyG0a~?tFY@nHdnxbIs2iOddAs7yzBrFB+V!wD4=oUcc_vB-U5`fZw9s`~#tE>C|
z_3QqmoI}fxL0Qw}7rA!r1SykRXGTkCe<v!VJwdjBz8#hIQbA;+KVg+hPN@G1o3{(0
z1U^f5Tjk%n^$nypDsaDX<1VBUqoN;+Ug0Pz3%{DTN~7S}UF8U^yP%9GNFQfgTRN00
z&{2gATW}&xekD*bK<NVCgZ>uPkeEeFLp>3z<U73Zydd~|{i>+B2pSu(4N$z`hXC_|
zVA^i^#z(dnq(bP+f}#eD$Ik9DU0#lz8#Dl+<QEiJ8nQv_Na5Ugy|*w>87kd?R3gj8
zv|p=!jIsC<3q5oXpFVwRRWXwO)|%rmq)~-$|K{f}#N7j52J8nk3+|8WO#w<oC9l(~
zSMniD+-kw27{GDK<Und864a2{fvnFMM{q7ks-U2ORY84++*G7@;9PPKa|{YV8kI^h
zhEZE+u-DMZt;Rqcz@~#hcRsntGKnui*!=dOIF;IDYl95r+1duY1Uihs+Jo(q6qKcy
z!=aV|0fK%^I=!rv)E%HcgL5L{;xCHlsboS*>Klk@Z~_%=+gE-E=ndwAOrK*1y<*Th
z;R#zP8ho)pKElKv_iBPm<qj%X>+25vk%O90s9!QE#aQpPm<iw#f#?G)-)Z$0wx}9o
z%C4G_kPvJ?-Sl*)CV(iKAY=-ib7;Z0ffNvGaYq-%1lkVNmULRD;xbMhPMvp~_<E=}
zRjv!@4(iPX6=;$*kXE~Zkp_~cxGSov*cgW71juD-gKcZF&<!loyOMWr+U*ATF{tUY
zb-lB*wj$Wxw881V3U|)1JxY5qp(}%*9wG*w|J>+$Z;L8lEZk5!g%JpbhjhwAgE}CB
zKC<fI=wH(c3g$y&fagGeoTKVG!-e-*34ORzU~8_JK@f7`s+pq85sIRTADf#I90dzr
z^?<I=m4Zl*L?T6W=JoHd5oHSsV9UxJ&vcc8FaC9_O;=o4KCxKmbiAr!#9_q<n&Le+
zr%s)MwlOH+)E54GQMFib8;}ejYeTAprOa$x6%;HjEj@0cB9VM7RA-lme1{k6F#vqX
zXb_!1R6*blCUl7~0G*!mINd5z>L|kzM7WiSaF$5u0`jKG0)3aDKffF#42_MAtNT$R
z3?8PrV@|ZUh5_Ag`L3}$5g!~Rtx=!z_wg81u)quq7JyOd{()dKG^A_u_;GM)5){x0
zD^v6}H8BpoU!G@8sog2iZc3k^g`k{(M^8*l{7JZojG%dD!9f*(<>k2;p5MO%4Ho>l
zrTWag7mDwv1t8^vQC<Fg*(caF*%5UH_8=OB8$uI74$@7~4Z|3Fy5E%7>$igD>!`|5
z49d{J;EU^rhf;pf1oe^S5_E&o0^b}&!Cpf*ACfH~<8URQKP|_{`}>c>pp8>?aDk~5
zXO4lOsEEi-sN7sJS$3x(D4|UZ-E&AWu!-<NJO3bSHV`urKrt{85Zg(uJ}~D2<plbr
zyvz%~D<h#>%FAp4dYFRk%7M8rUv7$gkOtxnF-6mBQ$bxwALLkQ;?h3PH!GpFxWYnz
zO<MY%_~}D*p`DHx&<LOj1FmC<E;faV2<02rt>E&D%9R_Pw)D`Rkfno_#ekKAatv+#
zR~8%!{jb_BSt8rd@jgikg<skjVv;5Xa1Dw>eE|##o$k|7psc_O0dN%z*&qM8`%oVA
z_HK-f*MdRm9bS-Zb)^xna<%jSjKfUJA?T;VM2?FTCxiJibi-j!A#4EK&9gZZEkwCu
zV!Ng}I5<E8hd758Jv8yD3$ZqYRxAM0y0kgS-lCvN1F(d2tC;cS&!2~-{d{SC)XX+_
z7MvKaC@sBNYhq(-OSN*=z&Th0L4nE%juQ~;pZIHvBd4T5AA#6$ZonS~7K#H|*E%5J
zgMlDhK;F((4KCJZO9|+lPf4{LHxp#b0+El}_mJCKA>f`6d8XMDDw|dl?`4DV2uL84
zU!ff(-jgo<3yal|Ph%=@#QOw{6`-N(0iy-cQwQB=z%?L;D}mfcR|zVmt}11`-LmXl
z4Nc3}BM{;W%B$djkp4kOFl+X<h*@1Ds1ANUC%dI9ig-zM7nJKes^_@#TuF-s+7ttx
zDIU^l^<#Ws&V9VGod*kpb#-AZYX3o=>XH&+x&dfZ($$eSwpxVV+<{aJNC>Dsh)4tC
z$NJWwz1iYFnHG!qP%tkI9%^3+<s7_Ohbb&HGzdlPBV6$Tj$-g<vZP9nC4?$5h1551
z0Zci_iUP^`TppM-oq1k(0iVkNjQ9i;1E@?X>X!`ExFg$PstC}HNg6U5N(Z<R721)0
z-p*2x;$#f8ThUKuVqi$0mo769%=5sx-GIK;aneO<d(%ggNnE8&AJnt|bQ!=IKrxY@
zc3F0rmdDx7r{WHAm&+qKh}h<Y!<_{M<3GIG5IOU8^NJaWh6eomMuicktK^9BjEszj
zvp?8D$30|#Y+vp8vS=P$JP+ChWU1pTB!4XC{5K}vz;BC<l8vbKG>pG`<Khd__b1D>
zV{>LZxatvtU(6ULMhw`PZqqoMY;sBku(fozVSlH<{sTcf!#fq_BiD3wk1d%lyYDuI
zoGGz;L_tB_|1syWVz%CtOU6pB#w_Yr_%AmX&(HVP5;pvT9hM0@+uOfVVyR8Tb4v*R
zI-xp?;~Kp0laef<lM2AQ>=DWUbmB2@Y_?t@p!i^A;h5hkRp}$cKE4&H0c11@<rL6s
zqn5mja`qzitTWne$BYbf_qlR{dW+sT$KYV{qJPIPFb|-hiT8&nT<Nt12U!Zn6la63
zP7He*<8R*Q>|KH1kaW7@TY_p#SPWmnaZdE2=k;Itn^U|HvDNMf!XWaK&M_*5rS~@P
zo_szZv>1eY{@944t|cRw7DP2rZb74hF)o!saY&NGfC9j;TOxW<ElkLQg2Qo*QApsf
zAmsEfdhH7exkz5q)omA7gUtl2l*~16W?n*I`b0UmyemD**}LQ+4V3C$_K!M|d2aU#
zba1kQ#gtsrpxo>(1-e_=+1U@Jo=y>VbsJ-nk!mv6Nek<1>|jBU-=At+385I0>^VP4
z%8ax`w0nhj3PKBOenJ+&-=~8c?1{3`O!txcKrMqT<eJ}<W1rQT2#MXeaY|5p1ycZ|
zEaO&K5b<5q?F+Vd7W;VSJ)~Pch$4$Kn~g@&643UQP`V8MPLxbuR}-_<&@R$*HI<w_
zF-ve=#|*bk;UD%I7wH}K@`X^mo%I~j1m~^h46o(yIGc)7-R*0^=?Fq!xgZp(ewKRR
z4e+xj3BU(S5PPj%m@r~JH;cK{`kpFf4^D3?Xw{x#bY$9|qCa^fN>!=d4OxaL;XV#s
z@2W-5LN{)-tTKYPr?*#BMy3l2;+Ru{cD@o+6~GCghyuL?umquaC@SwU;8QbS;PpVv
zSBbKad|-Zbz_x$Z7wQI#AF)4!F*X=(12zwXXz}s!P^>`a2W|=F+17KCNqIXeiI$cY
zCR2b}h$gC*Ug!pT1Y6s<2GmWY#MRF3NZ(pe2oGcx21driI5AKQVeAHQGLW*vPq!h}
z{WtRmuno%5@U;%}L^GiT&`Mj&1pyVpgc(pSz+@v1dYjB_V1ZQa>SGb~e|-8y<Wjjs
zq~1Na%OS8)97gMt%-}2U)cBMoxrYy0HwG391dRr_X%GzF?d}jxhAaJYJSr(7^32*$
zVZ$A$h>KJ=;9MZ)(3Aq8@&*2YeA-nGTRH62!}PJ;@*15B`JXWoI}3>k^48^qt`;Xw
zkcb(6uK`U1NgO&~&|U-53*PtU%?Z#lLEy9iC3;{$%d*U%^Z@N~ab|)(CTGwNWRLf$
zsnijyVfJlMM}hwUt_Pk6bcH%>1!(boN{Th;!_Yg2`8W`%p|MQf-3gYsLe;r^q{o<9
zB!$kEn#MHcDasdE)N;kUyHjwBUzj4`*W26M(;YPciwRhe{|&*WQL)t_-U*lYkSt)w
z0V@K~d+5!Id{PCV=aY?k?jR&N4^yTp)iuJc!$A|KNLmi$nJ+Mu2LndGyvg)tpl=pf
zJ9FP`_EZHxx4i}ifsF@bH9b9@Zd41s(*AzU{&&BZg=+xkiJ$7T5`ED+k?vc8P0fKB
zx1P?df!Vs0M*zZr57V=usRWolB*-El(SJ_@Jhk+BMO*8ge{z<s|HE4HKeUQlDpOl?
zo`GNo_)sbi1`mUq+){C_v;7(8@~kTiBib$d#Y7Ui4z*~bJ)yD%%f;;$EmJ=ftpTbi
z#TGZu-+__eL{;D(!4m|(Mo?8+N+m}Z@};DuBcO2l7#kP>)jC}N30N^qz10<009>$3
zdiCnn!Cex_0MP7*$qSgpG8%+dbD05ySHcJkB|LicsO8@p>?+_9s8>));bNd*!&PU+
zKbjdCf!IL>LyK6_jnwKL9%gEw#;TPGcCE<@8|1?nW%N`(V7s$|e*SB6{1hTp)hn|u
z3<^VB`jI9%Qor&w%^c+Z;4ed%e=rX9a3CBT-$7}j!1Nao+?H`vVDhO!@!+#EeubqF
zNrFN`hi`R}Zy3dgKt*F~TX#yt35V_jcAmHC=<wu`q26)r>uN`PD+qyGC~wY7wq1j^
z;vx*eR2*fz6Nz-dFjl==^LE3ZiP~vhJA<J=0`%ANF`j*^xTpxszSkAyau~#543%|<
z!klXw&u*!`_D_C9*gUv?#)Uv0L%yPXh&q-t!LC-Yt1Q#lx8ZF#H%+UD)Q77pg#K<w
zxQ_d%!<a~Yio<47AjbxGb=h1cWxMgY=Tt9e;KOzAia9xUB;j;((f#F0#|AGd{gyqO
z`ZAr)+gZC|gs{vOC?WBu39}~KcWdx-x`l_caAQxZdws`nwG39~>C>svAD9$^4Fx&n
z3Ys)ry+1WQy~gy;m;X#}X{!0|b;b3+^3<;;@0MO<Z680x$o!TnCiCpgV(sc(BNx~K
zy<q*y%t2M2dAzEivrPVuxx*VYCDq;A>jskpfGUB}P>CbRE#gn8=?7+O2Vst_*}5CT
z3i|flJw1nZw?Q_gCRIj8YWLz{mu$Y!-kjEgEa=q<A~*u}Nj2t!lxq--P>V@ObmSs-
z?I4!i-Q7RP`o87fomBy<%E!kS^z_}{TH1Quu+-60Xxc#bgDxr&M17cM2R(3gp`uS)
zkc|jZ#1+sEKn+vN`JZbt$9H*>*Q#6Bs#Djh$q!f#wTf63N>WYx^6XL*^`!;yX}HPW
z06{^)q%Rk^rF|vjbWj<@)#~S?FYi5|rGH&XdLBQ0jvbY{S3G6{g^SwJfzB|DR@zk>
z1+28tg1QS+s&&OvQoUKy-qatV!_&=q|E~5Ct8#qAaTt0*)TuA(r~tq@n3aWbUYJ;3
zTkR4CCK@&+r66;5@2aw=j`6!(c`=!e82ADCwZy)aUYTX85KEOAq&R0n*v<Yx^HhOb
z`N;na5>hunSqtDaXsR$}L7k!o8NtTUF$!`y^idTHhv?a=sCz~2Z#=JBSv&9$D8H^Q
zn7Cj3s%`RxV^#m{c~jW$`BPu^rY{Aen5hksJ^wh%^8DPn@0u0VKihg;a@)HjGDjW4
zYjlPAc>a4eptIasVegZotl|G1%6pr>H!sN}Q7Obf?j%Ef@dM0bRrg@ie|A#};sPoE
zT|T1x-}c<Vju_wa&fu+aLhfKkAB*pD8kcs>Z!RtYe!o-|0Kw$q0)cqzr@a2MT?j4>
zT4KMCwBzP;p5@)aTjYA=_MJPU@?28<0uhS*ESB*6pl_6dJki#65M~QN%Hl+gd|&%-
zQZQyDM*;72*G!8=M;D}5JoJtK%L?}sgg{|HMV~$JrOJ`mqd~Qs<(WCtShwnKZ?tY-
z@*z2-`Xton*w|QT+P<guwtyi(vlp^YUV&iVURVrwF3I!|FY647gRTb?;4sAmzyT0X
zMg~ybmwU}72(lX5q^wzAuHt#-J#tB%=^^!CNyi|}0{%Tn1KD)H=!C)E5-!y*r`vKI
zPQ_ijaicSgJMg7l61<6l^93|UoiCuy^W7J2RFY2VaOE^?q_&{w$_|X_Yp%=2fO?ZP
z@CQ5&nr2<X&8nbx4A{a5oq>VD9~h6h1`-p%7;!b2=v46}?>YVCi6b-o<M)R&v{)Q4
zph!Vk0o@mH5vXc#I*7wC5wxfD4~VP%{=4T~3z`JEb%!KA7^i^2IUtB&A<$F-Yd}oF
zM27J059&P4)|;iD=c&u%;pzp??OWS>$)xiVf_OJ4C&$3ha39EJK={Ax39*k+j5qr9
zuBvxe)z;Z-FV^r2u$+_*qqmTkKYj7k+g}Kc(@a|~#XX53Lg+%is>L@9g|BjsMKh`R
z<{WRDzeaWWOFjQPXsezJN-!rPkW*I|FUtfW!x`pPA2nYWGa100-(J^)d7#$xw5r2c
z%<*5&{X2(H4@ym9T3&QGtMd{k2gLi1g@vDD=14mzDZqx6Hk~f%{aIrodQFZl|6zT)
zfJ?*inXbNU;@1iB_L@ztwBqBFTvx9<=p{?UABd(k9tvwcAbv<ONl~a+OI7x#Q;nj-
z6Q;_LG)EX!>@jYtP6<nv`{LQ+CMSr>dg8Am!<e977k~>$S^kh8w21$z6r`~nUU8*p
zuxw&MJB-`Re&v#L5uRfDX${-Zk9xd$k)Q86Gf!M;ae6*|XhHft{q(a_-wQe^o52^!
zQ{nVGs}_L-pNPj{mR9ElB9A4fnK<KrwM$dhqS)Bu)yQ*?*I54EvOv}8Nz{I}6iphq
zVe)d6uyz$a_0uG5D85H{`Tp@=e-WFD3&4BvWA3_j(P6m-#%wJ6T;#qceJ$ZuUyVT|
zV!mHET2>^xereo`F(mnNC1-E9XHEHUi~L1V{fZl6SR1#p$SJ=7dt?xDMLRwLWvS$G
z$h6T=VfU<LJCdRu@0?n^iflHYF@K5-N8C%05@oT-M0C5{yTCmpCCV|qb@SlJdz&3&
z+hI}{<?}c1ULE2pYG*4qt*7D=`}vQT^CE(#pcCC^Emhk;L-Bc<i12^Js{9;DzOwr_
zQ`>OV&H+6|@p}?Q@u~ZcAUaSE9BQ{mO=Bsa+X#Kvx6tONCnLk&5}Kbp_i-3+82B4?
zMU9d1HvdPRs(*v`bXnN0NF>Bd^F9)wY$doE>ld?FCf7P@j@s>8F*7w2BO;Kc-8-?K
z-8wJxibdZ3AQnBkERQ_b5?OD_kQ=o@>A6CmM4x3B+zgLtK9c+grJqb%@rym$Wjdbh
zG-bee8$FGnSVbeYzS5kye8uSr3|C%Sjwcqbc{Y*C<jF(M45QkYb*>+}^<e9#!G~dX
zTH<e{(O=3_|0rD81yV1bL0k3r4cR{>y=Y<#qDUlOY-?H$Pb;m?m$`~Jy+$TkMZs_*
zeIHBfLQiPbrd50V$}=1Eqve|~DAQ}ZvIx$x@<&(rNgh@0=)h9N!BrREXO6uuhHab@
zc2euEeYQbQ2aH&`ocoH{8QNd_UY)1-+B*pj)$v`gHio#YTPOG;EX<zrbt;b86iu(R
zs3s$}@$~3l-B)*tbY-O<JYmBUOTXe<=qOXU%km#cWfOFi*@U$K>#Ck+O6hm^`pJc^
z(=l@n?X3dUoaFUO7fnnjxEtQ$V7~`93>>BTZ^{>2jLsy;phD&f?n)HAiMAzezF~<i
zltfODA|L3I!_2?Gp}(&>TwH!6>QS&($99!OzxNn_?ThI1*-H2q{{Mn93!X7+`#Q;X
z=%;qcuDF8Bj+?w}tWBnDaSDa{E^43E)v}_qOcpyEBUw^iqg6pnlTXHtWcZ&6A`QE|
z(>SZT(lNxQuUE&+;!W4J;q$1VeMi!W^qBkpT6^ndmP5sYiKJzOk%iQw6%Dh_F)xL$
zmF1n3?KHL<vK$l5{ued)GV$4u?8vLCQ3!<TbY$O0DWi9~cuds(wpIc51Q`-BjFpk?
zyiaQN#pZ8?5nn^5h1^+Vr-F_3^I0rq{9yggg(|<)P_Y3uw>%sZ#O|A}zx)nqdY21Z
z^SXFt)%I0$<FHj(lbA6=E-ERfiy$;~L`6rw8F82IleVNOq_pp7q}~iS*$vUrhdWV|
z8n!sjaEgrf(4F{~)XC)hc^JVm;hlQ-TKrM`Ke4;yF_|YOCbKRdIpQhg>I@wN>l}ww
zaK}3+Pm_eJM<SBw<3d~QyJljiTn)eQr`l>*YwFOT#(saay)oXid32SjqYCHOU(R_x
z)Xlt5@0c17_s{^Vt#SEOzq;09%?G1dk#TOz1>6N1Tta=oj%9G`ffHo%(Wh3(CMmld
zd;D(KF>RhGVMOxbhoAcXEH}TMN_+bF`Ep7Te*WZLZHqW_u1Gxh_*GY@{8si)EJtpU
zr?5_SRVo4nc+#DBEw9S1Up{g3IkCLGUd*v>vqvDiVQ2F0#?M2_F-1GonF)wVQeL!h
zRdkMkRpx2O!R(<%f_ImzMdhO@{^N06Niw$^r%Hc#_}J;c3s|r@*U<1|`u5P|eU$dX
zzr=bk&z?#1=GqQh={6+ZL3(Qi>3P1hxhtWj{HJxXeTC%XQkgU7IfrV^D)_4%nC%iH
zN>hApR!)^(VxKV&C{ELO)ls#+wcPWWsDd^8_{$al@y<D~Jb%L)($A;AFVl?wVv_S8
z@42VDa@rC@|Aap5=n0d-=}9+s92b(!{%jZ_2cy&~(8^5j^(uPNqMobv{cS;ywdP)J
zOpB`=<8<q~O&~O2?C7^ck*6Z>rZl}!=v+0h8~@<-IwDW$f`D3A>*r~7>*Ae#CbC@0
zyVwmUE@N^dyG9)?V?;z|y2I*~pNmaRrV!CD_b*1@!u+lqd-UtK#Pu$oPgtx=jt_}J
zZ6d)-<&^4N08TN=JJ*=7-Y~f4I9{WPYoDOoS^dFmox4K0QO+s6Wv#CNE_v~Rp!XQv
zv&?510xcw^v^k&Q=*W(q2=UPmO_McTN#}<?E_SbdX+mQUF9$D@Nw~Y?{`eOFab^=P
zA8S3w$w+IwO*GyLQRGp~=&wULT{-}d^!mHem`!c1XY*sTD<ePEV#ptbP9}RlGktov
znNTKQ+~d6!E2(E_JL>EDoj5IoTxn&ki|#@aO+roWjzq{PpZ~;sjfL%uL}hP}Ib-DA
zsM6w<i2&L)F2y#T{4UFOEB+i>M?Hb72~MbsXMb4<1Rb9Y_cW)}!8^D)cJS6GKt6!g
zhv7wBW=5<7lPe4%z(l>4E~_cJ+SGtkb?%kbEt6scl0#F4HA+s7UGd`gH_vyliwd%V
zb(t&JrhZgHYS+q``*ku=66fn**VA#jV$KJOd=zpk>PDbnR%`PX$tiFx@#ocBv6egc
zLd0(m9%k25V+(9D+TGH8r@?UB2d9`)U3`7S;qNfzX^CAO32`Y&@cK#8@8=fVQ<7Lx
zekK26RZEkDlmWwqR4z$emUBs;Bo9}JXQUzN`@?0dB>moON8n~f8c5gh>Jhw`_uqS@
z9}q~G2;CaR$*aH|M^&}{nKz|5EBG=FY~znV&O*P4DUaVWd3?zKC(f=XtW{ZHP}Pey
ziNb&FKN09?j%7<L^U(=?D@|EFs?4kv=S=?ewY#A64W6UEoF_B%9>%S<X>>ZJ%ky4U
zuRfwVjPmbL!pW{>*Gk#2sX7K;dQM@kY{dEH9j~~EyZ|@-SJVQMz$O!5BirF){t_$q
zb~2@t4=bxbHAO-A6V6(r;<&xY#uL*YWN@#X(oY--IymT}r1taP=JzUIlqqcynkz=%
z>?}s6{H>$mud=I8u8x>>%2$0h>-l~mGHYO=|5opDUY_H;H-lym*FAUgU@Y0$h}>QE
z*R4c8EI24~jOP4QVDH?m{j-`S^SVRJ<fX=D^IXjD+0{T|K{vOsy_CrraZViZw@G+_
z?nE;Cg%<}LWye|DT(hpnzo6}P%IdD~Bn<QO4R}PoxYY5;(f`Qstr}LQy1*S~#vqrH
z_xSO!_NS7S^CKT@gjnc#WACykTYvxuZ($V_fRF|{7>tpE@H99F9Se`$&7wn+nIq5s
zcNU=Gth~&^^poWo;%2wd1LMkMf%xQ-1Rv`;-6r|9ore0SsSb}4{2o|eIb)HxQ6awN
zeiNM{<1<ke;l~nc{NX3B&tfBINzuC_p^FDoL=z)!^XP_^e{Z>qa18Gv&HRjPkR_aU
zAMy0?_&s(l+Ec!lDP~thqY4o!7_Kw5+u<0yHTp6JD<3yA&rTm;6BDD}9EA&g8bBO8
zZ5Bo<dvGO5t9^;gIP@J&9E)^ksXU*Zr0686j{JL>1(im-z5J`|#8PH{ieZ!A1i|O&
zoNl~#toX4gMvZqGOk5Wq?wlX8L7YG@j;URxBP1u&vsfGE4A?@0+C@6$&RZ&lX=gWY
zn{c5{OAB^E*9A-!uC!lQce(zitN6?xm5!&R(fh`vjx%;-BD?X*=$F%3_bNKLO}3?*
zx3-0^HG6Vd9b%E0y{_p=b|JD9IbR~~XpojYe2tgCUO6Ejo~RQ=aS`Z=WRKjE74VNy
znT?b_QqRIkuak5b)6RF)F3!p>A}x?;UZF>n(0OuBh9+gB=YGR=%Hd1D)baPzww2|F
zJUNvQMiN->z8%Ic{Uy30nhENu6d!@Egw*ICGY^P!xmnyhl}Q7CE2BzcB?3b>{u%!2
z5_nke*E7%lzNfjxSuHo*H!$M)L&BJ^!dFvQFaIQSpQ!{N*X_b|yL9O<A_f{}lk3}e
zNvY^E-KI9%g$heV<cel}{>=dq1|8k@3738c3CKvvJ-2z872>T~rvLp^E7EJ7cH`+<
zeOi5cV7>MTqU7p3qVwZ&&gHe0tk```SexkwXC4!)ACs@HJ;Ak19d17~n_jrCw4Fb+
z8sNE2cv*9jv~Uv1q{}uRzoeh5_dQ@b`EIY-W&H571PamMMefe1(kOQWuX;(zntMrL
zN`erDCy#zOSfBPtk7$Mut$bKm?N7nxfPdx#+_O1|VRwT0>y@$(1#KE!N5wp|+nk%@
ztjjU&>?-mBBjNk<-UeCBny8xpP20tnh*tWsIWU&)+;o2SH+={jtrkStX)O6MwK%hU
zb{8YXQr0<VQEDuVKeJ4tHTytDDxkldYWPj5G(@pGUi=qT8k>B<lz7!4nunKhZ2lJ8
z3z?Z5ZSK7n%mbUbOVE*-{OjxMA|OCPyID?7u4c>$rruxxxMF0f{(3~tL|$;Sr)&f&
zcU6pnWh*he9Jqix!x7*<VLg7YDQuxM<GVz^fTr-Z5z)?O<b*yk<T2%1T`_)fggvoO
zcr;u8{OG5(WZfpxPVxuC;+1KQOIu8cU!9avluEa|Cu(~K@x6oLe%#4)fngSQ4z;}L
zl^emN^(ph2>gKIvP6wH<GWzPP+pBl~`AwNMD^1+ubnwI{q(%I|{ChaR^ZDWDLWzi|
z^Vo(}=E(fWZ~S=?N0Y4c5{A=;yPTiSn6LGv?Oam2C<zNA+^D$jnP3*~BF0-YcaP<g
z<oIM!96EjA%M9JQxnp^(u9!wr>my`BNgy7vdZ1Aw7|&O?jq?6mb7&$EpYeQB#d_bx
zyD$y%s2W3kApqLV3=9kgo+o9brQwZ>X?P(83<r9d^AmyZU&MBunpPEqbjmstC>TC$
zqxSZ<zCN^9qMG^bk{MsWSus*iE9IzT3s>mLlcd#(<}YHV8s&NhxjNmi1+r`2C*6`<
zD!J^v@7JnY;6xnDgH8d;3hg8*Wm!$3fP0NMam>(?r}5?!tJlJEWb0^xY)D`1pJgth
zF{$SOGQ_CjyIWx5m|yBz{?Wfr>b>!-M<nmP{d0-&FfoeTZYu0H!tx}B@I4^E{9c*i
zOiIz^f(?PbW8`zl-4zW{4lXOfYc0ZZJMOYWc&Q4Rgv&pVnsf?Ryf<&E7rwLA<S}Jm
z;*{*>-lZV)Sh(zsakjANS93WM+Bbtj`?BT{>F0njUXqW(Tx%a++kHCES~EfUs`AA1
zO|5HbM1thl*FFZak+Cs!jzGmS5n>0W&_jA|d0FKxFAQ-E*p5~|KW}oift2OH`?v5k
zVl9dnIsfDgsX~}{Yc!8?Ag%C}r+C(Wwb^5vs}EF~+t|b8BTdW1*iKC(U`e`xYm3<Q
zkx#*&H0|FhO}yAqRTJ~E%lYD+vq}oNz(f8%AQFfoAfK`P(>*<Xe*AS9#dSdg&rTpq
zb%p3MRxjXsqN<5ISfYwxu5d<ygn&_0Xdu#N;Lys5b-=_jLQaq;WA1c)<$0qAS!38v
z>@X#PICvmU`K{Gv_0qI?3h@|u7efhEyb#kjotqJ^y1J{h-|AF3YgDB1by=@dYLfC*
zR}#(_LZTl@*<U|I?-(eF7^WOxSfE_#{%GS{hr2v(fQ&?LZzE<VJ6MLtZtglY@+#C^
za>_?nSa85BXh8w!PSE`N^g|kkXVeClFqPrUxbjX?WtIiYkwAR5Be{3kv2@EMxY>vI
zRUi41f>YaER{O~Vr_`?ohB<r7c9^Gbxzmsq&NO$Iq;9kS{cfk(V&Ogb&rzW%Cit()
zfMQO|vO4R_Ek{x%>VlF}>89yV){Y7K(iFo<L<;3>AbAV%P*%FTnytADi=5_mb6OO?
zBU=8cf5x%J(S2+J0{t4ca3THFX~uT-+!9vZc&SR4AW3QNDQ8vk#ea3Z2;`dis<8Sl
zeWEtK$V;gMTMN~C_V;VtO$ypbx8u?%zu2^z{VHR>tH>uYSan9{U~050wa{{(*w~02
z3uq!Dnj(%6T~#(SA_*aO{`I-oY>0n5JnQuRdf(9UWhcVdTmRzsE7#PS!Q1Bhjz^h|
z-7qK|${VuRW5Wmb@|ktz-y!`iD}3IH*jc_DxD@lY+j(f~s7foRt+%$_*J|O;h6<_u
zM(-1&E(gw3BEQ<ZMrvnuQ#N{?-xkgkFGW0=Wl&N%6%&0fTn6=Ynshsa@K%@nbDSnv
zav;drJmA%VMHMMeJchJwObN}@dn_v7qMzIRy>_FzWhvx#cxg%81xH%^h*Iq<+Qft6
zm4^fU-{bt#CJG;zPpxh<G<&S-4+}184i=DhDw>t6KI}`T6*$Dmw^=SJ;a0+A>XRlM
zy<K`=Gk;EUc-ioF$L+MWYwC|X48}-|6yg}=jzXbpo;8Bf7gFNpHI-6`Yt%Zopyu*<
zqfCY*aByP0Zu;g4GVgKm107E&O9~ebAia>Udtav@iK`OLyLzGC)di%HPMXf34y12&
z_$T?^rg34B<Q;)0op$5_B*kCfyZN+<DUI&cYd->?aVKwy=~u*jeVUbV#$@zUroLzD
z+{T~JV_Q2O8dfixrSQ1-n5Hl4PQet?ObI@XRp!p&JOOd~nzI&x9we0;qkhMgnd`^6
zbzsuQ@ifc)G0uqK$MtD5ArrzYJC&5Ls~v{|199BXG6S7)75gjCr{J{$J^IpY_<wqr
zFq!+LA?k&{#Hb&1vOo1&@UHj<9R*j5Xf63*V&(7u2K#geyIL<HIqUga$Ckwvv!Arp
z#<T|iO9$2wrHPCj5U9<GhFh`4f-}@1Z=<3~7pYI>k}zCVAeEwSMcn+ARByV^UcbLX
ztkuj!C<I;nZmR^h`oU1(+IY@tOyI-!+^3eae|;*gt-otpm~kK?b5fs^p;~<<JIj0$
zg$h(+F>AW-wBCR#kQP>F9qtz2O5<W0Wc`0UeRn+7@Be;jOOa$WP>B;l2$?OF%6f-v
z*?VMfNeD?1LMW0l<7Dq7l~si75JL8z{jOJiKR=K6AKv1e*SYWexv%TG-*!zlyx|fm
zq|o{(#KBdyYh;dcSK`L(z!zK>#4T6fm$D2cGq32F&b_yuOWH1cHuQxUKS>LJJZP~e
z{(4^n%l1AMiCO>UkEcGrxDxX%M%n)SB^8TBI*zreTb?7|BbR!gHv}|_IDM*n>ZTT|
zV6bD3U6O8TWO?rEWhtTNPkOg}T@$aI&-Br&KF;-C;^g{lX<2!X<ZSD&9dBW>+}raa
z*<=8a$EXS<HD%>ThD>S^kJvsfXD$_ttaQxppjmjeYArAAl2Bde<&k-&Gj&pb+nw3F
zN(QD<66-oYoU5Cjs!GUY7YA$H;%7e8yYqZ}|IHe<l-U5<oOg#<H*UJMO_r*iLfFf*
zZ+yGg!WVhl7lu+j+RnahzYSA%?P|U}Iov(8n7YmD;j@09m}hslUHz6gX&)c+>QYuq
z?4f%hGh7X8M|#FxB5p+J7$&|A)^Iqv=TI+sQ+%(&D4X0KHc9(;^{hIgv#qBa3*)7t
zSLg+zP778(t7(0g>>4*v5NCWj|LDRp-<IB70sV7as(=go6`YoC5*$tZ?==VwlS}U3
z$L8e^UW?Y5uo2n5nSvB(tFh@@N9=P!L$3WPM|#ORf7VjfgU?w;7Pg#;VCxjh+fFxr
zXMx%R8*MK7(|rG~I@S>t1*_aQ?F+yB<T6yAO_$V$-i>{B^meOfKhu@o!ID44J+JTU
zrJFv?G$UnS_~}s+Z>}Eep3a)FRP@^_b|qwW=}c~PVq=;f<5oD%a;9>gpu6R<Y@w=7
z54dYk2?5)toyp)|35^dtotDwpTAo0s<%K=V_hPf;s=S*#`Xv&4-L5`5?Cw+aRO$iu
zr@OHg9X1!<t$loc<$Vc@r-nVrv2Q%YdWl2aosFioc=Gbzox_{Y(%`?l)N_x#6D}`N
z-eKK-hgH1&!bL^m$D7YCD#YhM=vxuqtEr)P>EDl>ZMtkPDn<-Yr)QF6Xaf_(-}vTj
z`S&WRR-%a}jD9&DqVWwtenUP&CKL>Rq~8GD58Ee<7JlUZzqfd1#i<}jwJD~~4`6f*
z{xH;gmcqH)-v@+4?i%P7pyh#~6CitEErg`sknmXB?@VsUrl>lwYY_hiHa$rAJev7X
z>nR_afjj`JB48GB^YVtr#*Q7_4cVkRqnQUK8~#4p=H9TSS0a-ULS%?4<ftd5rUn6J
z<u1w6Y_>0?x^jL#xB0w6(_68YlhXe_Wj@);G&mt+6uF$JsOS^u1oTg#^ujr@u(SmD
zLXl2-bKu|A+D`pO<1<OSBd={}rq{7Zk#0*_k9>h<Zp+DT>)LFI)~%U;CB*<)T6CAR
z$kiBa(|E1)rp@Bj$fZA5K)~_Sy_wfxJ#5^$6Yz9Eaad^<zqhh?YCyWD&M2#6%(<l7
z%|m2ipKKE;vZlP*Y*+9_V%e(u3kD`k8Mj8i)N+z{@yhWB3p^zy&s~0r4TIlMwyv=F
zH9j+;7(gjCd0HL3GEJkyX<SstLkcr6*h}j!yJOQdVKH;@mFfQfDIEcIGMcE8s<lwC
zuv4}vALtm*viO!36=3Rtk_HzC*boeEONI}m>M~+NhIY@bqArZJwHG!tI>Z7{QD>wN
zF{3L<?-myqWm$?`60<wT^4zBYAO_c_*T%i)nsvI$`A{|t0f9L=C}Q)&oBE8PtiFdw
zED*wgP4BLb9c~7VP?2sRf~64)m)iW$aA{>X=l)>7xi^KNd4g^ORG!9i0d*qY2VxEc
zBEHKC=zbiDGpyzKI^op=svi1Np=^ra@A#g3o0FqUZUd|s5KsICunvF6jvr+`yk?3;
zW9v0UOL3UM3qsYCH#<ii2G|W8AqIPS_OkSpTfmki(FcKNj@ez>iZO8Y`uaYAgPNO<
zj!DjTd@jzs96Fn|PzvQ5kV=roa_rw%Qs=Aj)Kx`!Ut~=c9z`yBFOEfydewj}w8Xx5
zb>(E=FU;r(=r1+QEL#@^ZiW{ObwD?!F#@0Y877Yj=p(iOC{SgLk^-@_Ds3$J%Qmnk
z|4Q9p=FvIP%;IUvj*bp=0tz$-K~ybo?rFvw5xNloqyRPdrnFQJL;~c9Fu=sGZ|(?J
z^5GN`F-{GP5)G!0TsJbnwygr^0$hNWiQF~|^|QVmW2IJtCd?shGWnW35s{GueHmQX
z=P(&O%}Z1K)Icql!b>KU;90?9fo;MFH-}uJ%B@FkvnlEV$p|LaX3=L`FuwA;YJ8l>
zYxa`YdqO6HAaxcN7JhMvwJm^_lnSdRXE=b|ku}o5fkHpVM&wP$m`OA!11cXn`KU&p
zTanuy8b;mFcG(i&K!E09<t;9jLNS*^?=}s;?KZbLC7^@su9YxUILL|Oncdo%ksR^v
zv|6noOrg3MmB4v_rNpUOVCy?JW{Dv`xJk|>+M_dd$Br1$r)y^>ri`4}#zLKdBPd+9
zBwMV_3moG2F-N$W-Tsw@abu1}4$PT#R98YT{3TD>YvpAKD=UL80(i$^8Cnnmy1TVO
z*b<5f#t{Iim|(KT)E$wb?X~&7UnFJ%AP4URQfmoI?Lza?%uri<yPm!MWBd_TlK)0)
z#8H7v>zNXb)Mlt<Je6>Zz>>o2d=VUbuq$xf32gGdAl__1sv^r)4PD*bzzJ(9?<js*
zD|NunyJ@)Cicb<KW{k2eBzg#W2nz2F8-P9oDdcNgTR@i;2P0JiiE_^MkZco{7an1B
z$)r27*NnEpJwB?<bVltayH4#;@Y1><`TgJufaL#Wwt|_5qXo%=P`1$qqrMMgj*wia
z1ot(lY53<<HA`OidB>tyU^u}G!@m_3)qupjV>87O1-jcYRCIMQQ7I{)ci0ZrGG%BM
z+^I7no3Ve+u7&zwY;0_KGk5(Ol<|P?YqN*|KM>gFP_{i(TfqS<UKuX}a|0R<hYlUG
zx3~Y&+*}2L2COZ94_vhniTNj|{(~UI+?)e2hwvdA0D=GS_1)_JvrU3Pg?waL?`8Q9
zKDJ{_v(P@EXDPPlFwOSK*(UiJLU}|z{R12gs4{?yqXdOci@uSOA3$-0Bmt1%UX$Cr
z%IoWQmz0#?Od-OQ7uXGb@9us{CWiqpo}HCdfyY5?I^XJm0X<MtU<Du|5E2H4Th5>-
z4!$&GV$Nx397vXn#i{z*(qh!bSofN&m-P{g1iah3{;A3D`XP!ukuC$_Hzr+6;Gw4Q
zfc*<A6Js*#jG(B1({|$q15jjd-@fGo@dWJNdlwT4un`V1m_xsQ|9+92>`$1mgoLb@
zmlV8JT4p9tsWPCzsHbORM}SGd=Y&%P(}_?Z2u%3W(((bo9Qcjm*+v4_2{+du^+$X|
zX36~i6DLl9^>=Ijw;Ir%Fac0boXS?T?o_a1CkXSYtCPj)gK$EBUsVtR*bBJuB%VMc
z?tuaGF<uB|BgpKdnPm^E`*lGfgAH}NO-R6rFhPCs6G!}uq@)4n_~4>MC?|}Hf@cJx
z0RY?p-{V6OqC^N?fTj?1eGtsy(|IC;6iC?FUT9wQ;RV>Du3=}>3_0;cEglnVKDufV
zp9X9R9Rb)3&i#OG8|SfzI-{iz!ll3!;gJYMxm8aoLKVPImnQh)X=n-{_<*l8`EDn#
zs!tUnoVfykm8x1=RaSZAzg&p{NS^4~*w7Sp$w3Pbi2kZEM-89WOLYhzY3BMsl><2m
z=_%}`o|99g&o*j+3Ze92=;3ilE#kD}Z$`KI-&tErv5{cT0WNQ9YMOP&-R@0%%>cm_
z0!)t}B+bt|YJ1EnL-Y#JPHZJWDA;7sKj2J|4FKZUFjP4@2h#_Cx1!gEAaYPu{($xa
z9NYXvPeV%!J>l};@WoetlRswH0zK=pHrEQ~5@s3Xl9D<cUL-9zH`|csq-K_00qIar
zkD`*#c`T<j&ASo*{%d^vWl>QKOaKv`33S8E%!$I=D$dSbCJZGp^$_XuW0S!#Buwb~
zYo!foUjq_INM?RJu6W#_N6UtI5-i42y;JFVappXpXD}^5Oz{vlBG*9nj4*5mSWr!^
zf{zL(*91%PGUAl1zJtTQ<fed>l+8ZCy9+|_4Uc@Zh99vI;n~&I6+|qMJOQe7Ug&a)
z0=gY`3P#<V{QQrIB|bF+eZcUv%zl6x5Mn#P%e|HUFlX}1qYU))_~VxIeFKq%Ru&pe
za5L%YCq%`>07eE3>dV)!6>vp3fduXjY$N;%A@7iv$ACBk?Mf&Uz`5_C^qpK;Be;Hu
z4a>`-d-v|ev7doN6o@xqu>+L@gT|7TT5qa?(gQ>ykST#RV+Unb>>&_<uz~sUE<)~y
zIKt530eemEsfc%%)ez)J^`TQ~?J=sc0fz9fVThoYrl*6Aj2r^!Yd^R+xTxWg5m0?L
z;cyT+S^V<1WPCVa5VH#kOoLY&K!vLrAmRzoblbFAnOIn=2W+#jNCf_gkI?`bSr~_W
zV@F4geu#vTmcCqa*n<bVg@lAeAlc}B<~F3WI<15W`v5<Xacfss7Z9ujPi;tYp}@^W
zbbLQqycO&|<`DlgtY@-R-@c?>Sy_REk`c&?@TTC`!AvtUcs3BAFVKjyrK4Zo0@n=~
zMmVJnE$s#~73$pdPyyXcv2j#8v|%W{VhC9QtWbRF{azyJfwl|C<p5x@g24)Z2G@t2
zqoRN6O-@b~@ZB*nG4_s*efFY&StCt_LA7;t4FDd7R|G)}-oV1zdInK)`u$${$u=Os
z;?~wDa)f)_!@9b(4AhJOHiUyfA_rqYB8OO}-{rJz>sDkU*OTRd-^L>Axw*wy2$^fu
zV1*Dn2_J53oV@QXH8r&W<X7PJL9|1S0XH)`IttPc5ix*(RMXUiWAjBUgk)O(6lBei
z-x*?Y{;7HrFwpvXK#-9`B8fIoW2X-Sqz=+agyIXpm4HnWe&p7zulr5na2!F`LyAc#
zb%e<vIfm+vO67g{L&D7P5O_L5fDSSwc)MYH$!s-~ULPydtJ$XmA6!gC3;#<~(|IQ+
zVFWO&nR?sXm0Rb7qIN6}3YQUzWjMol3P(pr<U}~B0+Nys*klkn$e_MrrNOj;H&eg9
z%f_L7>7DORAUTaCXP6La7oGl$_kbX4HdleP2u=!t0qGwcArv>DL5e5DIl_)(gZ_K{
z_*70YG8P0>8;96%Fp?b|k<zA{PN2YR9Zf1DCJr?pK5PwT1As4}X&8+g&|CGo_>gr~
z+<XZ9J^m4u3DEgXZEc_6=%QbK1-}hDa%y^R$sP4aOG^s~Ncg}%W|mZSbdn*`1A;Ri
zCjEE&ni(+iP*p+>iU<vY^sV((7i>RD``P(<5V(myKuTL*FDE1{3@R-Sg+@|5DjX>P
z!5^TG1P>oh&t~$+S!9I3xFg0Pq=S={?^^OtX$-Xp2(3``g&GaYNxTqT9+b_@DGQU5
zh%zus6_hF>fx$z8l!&uK#7~&>qsyurJ<?V5b#=XCV-LYQ4*&jbU~KFUDm2~$Ol~6I
z%F4PG((s{6--r(J8k`7J#qg5|DIobGqJtTMcQ-cXK*Yp)#>43nm{^z&!9>H*6k0O;
zQ5X=ufuGo79)6`t{o;l<*k!Dx)a-ewySj|4%b9;fLFOfIRjf0Dq;Mr(c5G}6=MMNu
zFld2%$2{mFM&SKZ#6keq4zb>HL?pmSkt1buBOX9j0D#Yy)>fD#@f=tHkl0~iAQ8*I
zH61#e3mZmULOPBiB><B!2o;KFSbRW#fzRxpA`UDl{-CR;t864P3Y1qvac&RbraZ@5
zJ%eG!P0LImGC;6^jrKWWmAj;M-6T#gxWZ71!x2!(Yy~bIP5_kkyC_3}cKxRn{PDWH
z#NQHRwc4u|WDHaXFiZ0#)QKBFXGe~U{c~|)!fqjnLJf&b<lkh%!pbVNX28VUydUZA
zB}F=<N>k1U%X&gO#$J|`#Ky%j=jP^aNXw}+nqT#F_uRSQHysZ2t8uUVe-8(%bIi%z
zWiH5`%_V#bGRE4e?M}4#CuP)~`Y*4@qCWWLCqp#|`w~{{<|ZaDF-M0a=)cznTH=<L
zmSB(a=#+xW`y7HdUVl8<Wb~i{b(8NSLYANIo1&ttShk@V*y0rkXTv|B23H@Y>Orn$
zu79Vx|2e!71RVJo(X{x|(-YD({6c{QCH6GMUZjK&Q9$K^&xphcZ6$C|(iD@J6k0|d
z3X6(%Z1q7d3Q3mlZEXZsMK8;wiw+NSzq%jZ7`Ym369EIM8Q}~0nUKMw{IL)UN=bQ@
zVisJQmz#@LJ4_5DN945#b~qSBMNA*m)iSfZ*7?h&3@SpXP8hVEy|IQkDpq+N(Fp=n
zoANrKoM~id*QB1RM4|)XWeXwLwz%erT%rI;6S$-(x=C~i_;|1y5HfPq19)$I`5zV_
z7?Kn{6DW2NVW30wH0SNJ%*+sQy<10fD83=RK|n&J!uF%wAR>x`gW9Pp3u7IZumvzN
z)Xb_;-pJSB;9)){f`J`lMxf_HpIn?dIVq_sdcM7@t7_PupP%2BL%!zFg5pBt0+_L2
zKM`3b{5U|t2%Z)~2k@-p<5mz0iIu}->$LqZ8Z9j?#P-8A{0-tWRNxEi!omL@AI}EA
z6ja`WyPMkE13{4aY696fq(~J;WJMAkXzz${uo<j2NLg9P|M22ad9e_x!2yoCwiSzJ
zZk~GTjUf3G?5d^Ym3F2bG@VA7L5w*(>WqXM`4oaPdR;hK*fB_W^x81WHknvkdzrkX
zwf@;TT3C;^1xl~q9eE*8fQJ_cqZ(B_dzh}3Rehmf)36`{9=rn13iPze{CRB_E$TyV
zi1Em%2nr0W3f&lF0_NuCSPk?89GKPB)lq_}_$jtJfD0{$WW3b@B&alp_b8swcI6Wg
zfNEj_ObLGA(xq+4m<e^5;ESf_=8(%qlLGRE`T3V6<NxWrt7&V$R7nN3EbWCXHte+$
zC1%##HAo)_LVCv-;n)9)3u7OD*oc7n`wR_@hP}PLM`dXL3gg^Ia?*X>=uS=XhuRPg
zO1jK7U6#2i#c_vc+kZF~p>Jr2ED8*d1X4?-<iXv0gD+04thK!DhF1hv3dcZRo*GJC
z*+N8MxXI|Zk5zJ}RzPL)8Ho~NWHO=Xec-@jN$_XLk5R%y%myhezJV>E+Jf*R#I^8G
z*aQ?<EmmfBYcEn#kZGcT#7Dpu-}?D+56TtfWx2UR=Ful;wiB|euvRqV)hqSruT0=E
zO-w$vGd7{Dl$gb4;g#@*y|x8NJCfiW&-?EN>2qqy9f>uLa(a3?3yI}ca@Q{xVQY7S
z2TepDC2Q-<IZu`Y2NJOXuqM3D%EH7YWo51vC%hpZ5P?vE^d8~{zYwr!1AZ*5peN8W
zQNJqTf9^1_Cg3_l!B8Wr1XT=zHmXOgifT|J2M0&glP7N+*>|I17E+CbTY+RS)*`gY
z8x~<6YYAZ!m^JbqbOCX0kjpf-wD|Q*<aIj*T<G)m+R$n8%p_tAMAnvQ4Y=jMmp!Nt
zy|>EK@K(QiH7NY>{(}eE=z}0bYOw2mdwV;MWMX<c3IM$=0fRo@YbUKNEQkbura?*`
zJBHR<WR2m823(?mstI)k6jcyjA?RmnX_-VOH|_tJ^Y-l*<Q513Fcv(epP%2Pvp6gn
z%Yf*53=7uk#m7jfO(N8x|I-~t?Q>uk9oOI66<Ri=;_c0H%ucKzyCjtBV(LEp{+;Hq
zCb{%8tYuDDawj~GWPC`2*ZPdTlM{GuI4O7*E`4)yn+SB`kaMFg*Ef~#(2(A2hFX9S
zu;`gcPE7QHpazal+NmL<i<5+;XJ%%@{xk$0<dY~B5m4!*3#>k?M;H=S2FU+#^Z^%$
z*TlBBI84|UWb9n6U6BK^2mOn`Vu`vCqJs~FLwI!g=cD$;c~U{!8Ab5z{nYl>b~Y!Q
z?uW4;z@`hYzA*h|ZqB=v!h6*5LHF(uJ>3aHgcJg`kitP<bz#|NJaB=x)Ptse1*sz;
zKfhCF@y@A3Cpw=l#4lihe7E(Ci7%k|LI=+m3^{07JTh!k7h8ll4w7!`R^6TPUxKaP
z(pbg)opB&7g{8De?j(;?uJ}~>C!YIt)C`>jguQSxnsIq-kG#jo_57}JHxJUC$;&e<
zYvOCOO)71q{6eA3)YPk;m$vjCy?176<NPyu7D>*ha>-BLxqOVu+2y+ulR#ooy)-tn
zbm65AjpT<lDQl+#Onw#f^Fmd6dv2rOLWrTw=DswA|3EEfJ*4Y-MkwZ3*eCa2Wy-0L
z7I-@seU}=F8Bnk&Z=QpeCerO&H9fr0^Ss7BVY1^D$eH|6t6vi4j3mmhvD@|R%kiSq
zDs_+Y_4Rf0V0^a#m&y})G*(WdYH((0m7`F*&Q`T`+@`Dx@kmTejAcnca$JpdyVK{R
zk&5C_NJMsxk~pkp0AYae%?PszB*cT%5f6ydsHa1m63tO)1*NM%js-f8X+o9=Jgz0E
zABcuU%mqg$Cm3zMX2z&lnlk6URnM~KLkZ}!&bel$rcF2&eHE-Tqc$18$xTOzW>=~h
zp}dY9C@wB;TWM8ytRUKosA-Ax1i3CEBlZs|E|P+9-aDydO|?B_wWscAfWU(b#U!bx
zC#0n0oCRM6dJr(TmIqhtD(@8RsdZO4eQ-DN=K7sRWRG7fkS8PO=bMC|IXN0$sL5k~
zJ3A)_4W#!I3sN-Zr&#C^MSc}pHUGCtLIr>;0$>5?jOs}=d%WkPqGw>h0}f_YGyfBG
z0H^p~vm-93P)+(!yHZ%$`=(GX%7@SHOawxO@1Mc4sMxD;SA`j{yEHcssEnv`AF0Vc
zwE~%E%r8{@kC9_vEJ>g<VN;+9N2=EKU#->EK{8OcK{=1#X*p;;TYS^=t2WvUkA=>p
zs`4CkU(!Vb(LGQ(zJsigT|hn=b&cW%*%?t9+k<reI31-*@F_AC>XrzH>x@v6V5Gul
ztU~+fi(p;5Rsp(*$e-ae;RaBOKQwG>56DG>6+d(=ibVl}Pnk|DX4HGLsB7JW#q3@4
z*G1&e=%YdP2|Y;fm!`xZ>M|Q4a4~ETQaSW;L8M0thdf)Q^)8yFNUcy9gEoi!Nliy5
zZ{#tK09*%_5~;I>ju%*Tqi#g<{8|Yzm~TJtG~{PWC6NnKUChmEQicjJKtLluJ$;v2
zM0!0fPvq$HGApSaWDYwprj$6<P8>HjHU^O&B9=t<-`<{(ld}(19np7ymMe#6ABTc+
zvzc;xPmeqbT1Q8Ew9_!GK-o?hEg}F~Bxq1#_JR=;d?32LL~{qOq~fN+Y(q&<ZIlmo
zKXqULwIIqJOvfOgk(yeQB6Lz%*mz%qa7`aN`Ke4kYAO~;RuRWWGpdpIBS%7<CBo4_
z9X>o<6_Nv@BMKTfLXIl8(UxbZa}bE(a6qvl5@xiAuo0Lfyv@r)cL&xT9K0**zI6Ur
zY0rn}mpBull$x&B2s>5LNQYQvQ**Q7zW;Xnp2N>kE#l*6^UR|`g325I1aXT*mp$_K
zRE#WAWRxywI;kGgMu~_*PUYE?D@n+|j4}5@PZh;-xQw8{6Qdel*`_q+1f-__M8?w2
zrDIi8#7HOC7N<~cV@iW|5{PrCw(%)bTfVoqM=NKOV&xzzpC03Ycf7(p_WQT0VIVqr
z=?ixnhV;$MKBv5f(@LKvmYP`2l78rNe>5UPOZwdNhsw2`+)6r`#1%s*(UFbbY`&>P
zM@&levYs?&$Uj{OiL5g^eX9>T>KhS9=cMD~<MXoTjT#2=VwjmBO>ix-%8~6ri~OsJ
zs_$amgG+cPB~HUS3cLk0>6)6F;9Lj|4kji-<Q3%&f)5gI_w|{0hEb*oKB)V2jG-aQ
zqScBvA=>y{K`fBS(bRlzL_P_v8)y%sETCj_(8}9?5b7<dTn*SsRKh4^FcQEUwESpH
zOB!7u^h{9s<fvn`k9C4F5P8Ie=fnwg+ELk{hrLCMs78_zuaU2!nS!T4mSmo5juKvh
zWZ&Z;zL(iE-lX(%TEWbE$ch@g1-k6WgV4x8Z#kNsYOBwyl)#Kpd<aB@Q>SpB1rj%W
zK9nOs-$vH>a@VLFNVXBNXqJWC4PrUOe$xF5Qc`fb3Gq8VMnFz58p8Qg={hH%dNKsA
z8Z|<?oG^SWDx!nC{gul#l$+&?yQg(;q^qRge-M?_>~JWv^{U9hTz)&$Z`d6{S>(v(
zhae~OVRTMCXQXx^V5$3La+DSi1C9yoJ253i*<BKD2lCLVlF(z!GkfAvqHQ4*qufzz
z!DKvM`wh;Yi($7v5VByzqe%R#CpeKBH?k0hP=>k~sy9T=g3k)sTGN~fO>OOqtqy1l
zHas6KZ0?&1;D~$EuGelML?_(~t0u-RNIs{~S0|*9i1ru~1$YSP&)T8?0yn-`Yb;rb
z284Cl8gZWwAtj4FgbF~_DOZLkyAIcm>mvIgj_KCtE}24+Oknn7_Uj-k^LOBv;bM2C
zjgQJe4P65yq>6M^Df(i_1NRLIncp18a0JQQ$Xwy6ux}k5L9L@8Ny8bNT3cU=FhnY#
z9F~Qtq+?OKdXdqZZb<cca@*<|Vb-(xVUpQDa@E|I5-F`}vMshKwzhPf^r;FdWa=Kh
z(}Cwf0^5A({>4PN21o*2E73N_ae)9AzHxG5kXA&RPXrG0{ZLSc`v!I$EiTla|HOY$
z-%|cW4=MWPp6#2F-Vk&4!`8V!1<V;7kPU`Zqy2;`7maRspBC5SGx_k`2n{N3xj4&!
zPK?f>VTI0Bh*ECfMIG}T^&Cpgm@cDQyFz$qltKtZEz8Hq5`CED;_cB0LO%Xn;bXhV
zx27hao(aOwz<28C#5-j4j#v%d<h%D5N!T!i85UAp?=u_z-Z6$ypqcKONoqN7fDR1m
z9aNUh?G4D4dwQq|35>u5)d^*sl{%v$fwG?~UxHg2x#)v{-{`jyK?~kp5>sQKVbSrD
z<_td)enrjlMBO#Z*Gk#0aZXN7cIY6X9!dJ|(?|hkozSa6zz9bVEAi_YMLMwQks@Q~
z&36ssb70j`l|Y2ty@&eMgt4&g_^wJ!h}As4oRY1y%0t_dXp-95g`rGB&`amxz;VJ1
z05W4}kQ(rt?)nf^bp)#cr7Kh%_(iM$ssXfcV(N^V6N-d-Q6#3_Zn8McgzoR~a8_KH
z(c#}{Vj?8`n}~Fbw1amG*)P=XYCdvWtpG*&S595-n(*!D$5Dx4VbQQzX%7kE%(r~-
zicKa#fut&NxXzT1JmX#2n{U;<;z`Q4+*%%(z$$~@XC<XoYIBN1@2Bkh8KcAyb}j`S
z6Uw@vCU?FkQAh36zZ;R&7_ygi1OyB`rDi7T9KtZWmkGt8C~s!1>`XUij*Ob(_j=jJ
z^R?EQ(QoR@ww-zEHXW;7F+-ngDOyJzQa6R1p2T6o0G&++VF_BVDyg^%&atTLGe4|!
z)O+)dhA5X4PpVDg7-X9=#3lw;YC36}fd}d5qpBP^Wv=~x&b2FAP9UUuReh$=?TJr_
z#)-nG*VvcZTT3q@sT{T^8tkfSQE2iZw_KXfD?`tQXou-nKOklf$QB8$Yb-Y;UtoKL
zoD(5rAn6f}wh=oAhf9C3FlH)vIxf3eC`SW)_iJp7C|e-`CNCe7qdg80c&}Ft&0~(K
zL*2DhoPl~;Gx!9B*4l1$!ZEV&_u1S!PIVm?xuZr~YmNO~Jfa&Yv|7{k`5V$thuM#<
zm0zQOvcNp!LUCgo*-uxsfpsQYSom91Yq3kMk?v3ba8ka<P;uFh+{)fF%F1-oOJDAE
z2=60Bd*90#)kL<A3+p;u^<x+UPsci~F5W_noV#7hLLuE-vB2tRv`4Z)V;4PI&x^!_
z5zSVD&7PMBG&uUjDB{>;j-Zdp6Pe!Ki6e~R143OW+oPHR+$;o*yQKdPhhOQn7e%vD
zr3WG^>GyA8K-MIPcgf*ttmTU;QuRH+Q8+Cgec_q&kh|tH6G!8v3$bdy9mR@@iqI$k
z#0WF4N}!R_Rgl_43Eu_-TjUk#w-vZc_igUgCTdV9x1;BSf^u%bNM-9{IgdePje}Oh
zbVLOG=$|etVWbr;@jX4F*CPzkT9BGtyJj?hnPzkE*;`HC38%HxUn>!@8txs2X?`Ug
zI+$ow!j6SD1BlhR6SyGsi5|JoZ$6tZEqtg-t7!Mhn7Zuz{Cf>UgfQgHQrdo7=8$Uj
zpkvz!j?d`Bjpj~^{+3^g6!9rq>RZLCG*c}yv^=HAzls>|?Yv`?+%>BOUOk<3#h4?Z
z0@T<Tn)AH{Jusd~jC`=JTus1$+3;d?LBI*PYv6CuGudcjX_-^_TC-^5?{?XpD2a?5
z%u<m54r3g99!wAP3@S7UFCWEcw=2J3eA_xyKU7DHGRL~#=H{Z8h{2jp>!o%+DwJRc
z4je$r=zeoV11sT3ut+-7^fFF!LxU<aQ$x(4_JFpr@z6HMMPS%EEs@iqAVNbP9Z|TO
zoR84KL4oJyR@7`H0ENOjqx5VcWRd5dZ_peYN+VHXNDCQVo=9?w9xkB6`yuy$+sFE+
zf8LDm(F{aUkHI4*OK6S2Q32}X@B{fG3U0_}5+asu<m!<|I9vP{h6y-@{~CmQNR)SM
zs$a9@kbkw8l{vaWEDVogZq7wq=OHzjW3+>o?DvBss&5Y<eQaQL><>l-)Es+Wkq%`K
zgn>S06W8v!yLVE4#tjYr=tIIF;eX+-(J_TC9a`!r^N@ESQzxchD046jK${TlEqFfo
zapcc{L%?qnS$shOA#x7`KvQOp6751Ln50@<0Sd{?Jp+rmYh&%%LbbxHSZKMTq}Rqk
zC;_UJlHz%Dtu|*%QC$NAP8LJ$v6Glqq3?(fns%oRVGa{+G*(U}S<q`V49%EC8#&CJ
z6u4(3@eO_(CPLh%hfX>E2T3>98(=^7u)}|Ei9`*6elKu>`OZ^EP~xJm!Y0!PMRa@;
zbnGyBy&U=;*~&&hJpkZ9g^bz|)}<=(2^nCzYaGCSPK_rlw>)MWKJRm3rl(d^{5Inp
z)?GfzqZKMwUmXr%LIhDoQ`1i)Uvx9bJoG_$e-tcO94L==c0O%>UH!YF8_h2Cl_AE6
z9;~S;)TC*swxU_rQg{igz)Hi)NJYDSGchFpJcW#$Uqs|ymlY<uU;j4piCZEu*Es?@
z;+w>;BrFMz4d4WjrNgm79U{#oe3oYXl}0<i@%-0S5hI%8l!<uAOw>u}Pfxj)z?S0N
zr)5%&Gt>-nOG>&pOS{ne5@$x=T-`wz9W5YjFcnLcMr!#|m0R6>i%-R~If1%54xyMj
zvl>$?1Dr@C_85ntp^SbfDoQlVRGvY@5YmnCh1WA%G3-KGjhqLb0&$m>1~sZ)UWfEB
z3m%U2T0MQg5pTP>7#Zd~y;R)%U?R-w@}5|=yB%lkja&pFE_OPjtBqT8LRV_xo&Vlg
zwehDhW3@-(vatyZPqw?`aCAso3C!eNc=it&%IZ!cY=A(oZfCjjKV;@Re_HQ^zdyS(
z`8@5+SIuIQ<Nh80e#<7vflii%K_O7f{ofC$b7OYX)w${fCLk|BJ#N;@QNtg~24Q7j
zM73I_%l{99db@D=%vUPfjc~cBv~hZnYoRtp(*>E@-?rlahpQ65s;ErBI{+9#4h$d~
zGR4160A3R9WtYAH4&-$h>}3u9L)`Xmw7=@D2ebe*hB1hNKFCK@DVP->6nCaUZGFJH
zxPrKZAWU8o+kk#~XMld$gY6etWc!Mx3f~ua33gr{+Kxqj3c_IB+&vU+(u%~*S(x%w
zB6|BsE&3q#qCh5W#nUqmu+g50vg_5Jhi>&d3kJ-ro6rueeLYrR!rH0bs#3DVhtRm+
z&-*XI5PwDBgaAsy^cVRWd^ze-KqnxLR@C(%V>EtM`7clxrqU(5uT#jJ8&{?x>jy>?
z1vtP3NChC$2k!>gfK>gd9LJoimW2`A5@5H^8@guq14aQz2vIgs`r^+R{k+i!#ZZLO
zmq2<!II@y&T>YZr=EM-ch2#%aE?$D}-yh!-SqRyBYn(+^FQ8(rKVpPLf#VL%En>n&
zRzsqKCN#u<zO=OwTFly+J@cE^Nqrxte&x?^JyO4t*uOTU^>pQuKVF7?4|g}qKdz0+
z*)e1_UmF_{ZVsNdy^D~C#5_lR%#kJa->I^RDUl+T<;Ko%nDw^)716@%+!mz|h8LPV
zK}S0N?`U}w2;tN=iz7As$Yhqu|92*TtXyD{zK$pQYH}~<=>PrhBl)L_f&m-;?>O|@
zc2G$FAB4HrR_hrlH(}?$Uu1uzNcVTyXe7T`w$&aX7M_~Fa>JM#*({swaFF4`oelTS
z5HI6=VR$Ru=zjA8cJn1s-$HNQ+dVvA_q}b}^R_pu=7<R$vndM`Nn0ZvVec#rGy9NG
zYO#pck2&8X2cotny_7p2%18A^|3}twwmXh-za6G3_io(%_VmQu;hpa+9TIPKb9^RU
z3BAi*gRQ~|_^GkuomP0}a54XlpYPoR!reF3-ByYJJf%$?e`to*k+aofT~4h(glF8=
zwc!0l#q$x*gbn(mJb4?aoG06=Y<12$)1>`8u$r95znVvOQ3;e)KPSX4+G+2vbdGr+
z)kl@+G{cx{$!4n`Momkntl}Evw=P}{@g1ga8=t#MbGK+DVv{uaz||6MOfqoCj>^iP
zHn$m@)AdE&GuM?%Cfwr3$rJ6zc(b|HA_k<p_x5eBl%?3Tqw)+Rf8>Vq6rav)@AWIU
zk;&H`FBjm`JjWyKd@oES$nrN^u7!El{J_EC-z%rPJY0JsQ=+AQW~k;Gp2$tJd$BAo
zFO@52t-PjEGBL4sqDM!$>H0T^eGV#|m*_cHdw7qzEL+3{QhNH|WxIDUnro)(x|*lR
z&mUn$6rJ6=TYiKO(|WDF<Clsf9l1xLLcW*suKP7@k7Pvu*HgPCJ)!7wqOiKxRhRv`
zvB~RmNzWTcPTF2i-RC2jl+LO2WAU7??RnknL0gJs4E|U|mAMO52qe0+Y^igfmXqpm
z`<=E+&E(b<MxCIOt^2|+oE^ND@UAp~R!Tg)U+RxYML-*We5us?2XY-b5~mNvE<EJo
zr;}E^K(iSYITLPwMKXp8sJb5~Fr_)AWt;1<1NT#0t<F8%w{MHL-SwIQR#u9OJJ=L&
z4#d5d3%ee)Px4R6F>OX(8@G^Hf1&*E2eWQI-dz7a)%}nCgNgY1tcR~>#1^(Z^5*^H
z_VoJ9zWFq}Y~wF7{?+%=UOkol=4?f(7T*2xNlo*T{6q*Jjo@f&1?NkJ>&}DM;;fnL
zZA6t5pWp7`o-SACD05GZl<SIlo3iM&`{gI)eUfDymrJ>4+Bg_Q1T}h(=D933i@A5w
z=9CVs+)p_3&5(7()<!<lXTj2DDlhZJ;?O1;{$o*6E;>7lTz^kYwf*{~d4Q)wfo}6g
znNYOG2wiT3rgVoM+~;-;b&rXl*@vH3*wxG?-(3j!r0SbM5m;_`Vmg7+D(vF}X0ezA
zquQ+!tNEb;`wZ6y!|9|Tm=d<IdFk8uhO;a3*1&iOd3uJ$c!@k2%!~_}8TQg(RlCj?
zy}5Mp@=lhruAs`rrjwpM>WlGKw`P*1?oZ8aGA-@9I$gD`axuM8!=t30GMPQqebhNZ
z%1ub_`4MtKt9LUSU!g+p)rJpI4MK~RE9c)9%<eC5e%GcNeoa<);#$Cv{J?3+>w^o-
zR5P!;JS`$m>R1P=E=oz!Ja01od9_EUPd@I!)DX)(o2D&PvWH?v1Gu86HlM{6%(%0o
zt<ZrBt!zwI313Fsl>qG8XIwtG5wm@+mYYxOPA&5C9y=}aUwOaaO~IY7BA=KYzo&5g
zGu>y(co&gtIv?+<=}4&v^2*b>^eH{)I?%aVT~sej8zWM8q^zJRq>^)*L7qo%@0Rt+
z=k%USMhzOCMjx$yggI@CI`K)|<w$jZOlN18zOk?Nw5WAuuP>#Jn=aGF@Jx^VSpQa$
z4NpFQTdHJvzxbh7Fx_fXe2MVAv%Ef9Q`<N1y&C*KEWqua<0tc!hRk`B?hTB%k38p#
zFW|U6>vup&@$ilC*WZ*^g?1#)4o>A<p@?ta_e}N1BH6g#-O@TVQ=GoSv{Bekv{m?q
z1<AF9fOQi{`#Y>(8XMnD^;bjMoah$U#RzYD8kv{h_)19WO7^>({^311fyoUQl00u+
zRir5=1s;5QeCkredy-(i4Ck*j%@oRmu_q2U8%nwc#k}cXy{e=5m5q;WqvsSmwVX`3
zRYd-uQ$D@tW|w5$oyjo_)q%z0T74}-Ts-7)Ep1D8Ymo*enZYnIck%2NnI@HAGf|5^
zD?azRm7RMnymj)c&Sy5*TT-hGh1#gHT{Px;Md3c{$WrFw&$4Huw1jYo@Qs((qz75F
z>n0nO9!a^q@;z0N$E=gcHmOlWaWI-^X6(6m(ek0y#w|jRL`72{<)z#ywK)IvCLiwW
zbOt~f*XOCGs}L|=CZ-A#!M=qR%s0@!$DDerk8YL9h18Tl(vG(xRKI^`?RC)ZZqR+a
z`M1h&w!i_0Za4mYQN#9!k`)c~zq@zaU1H#*s^aQwu}bXmvhwDWp<wy`^CIn*?so-~
z?8|qII(G*IC<VJKx9qA?{&*qVuY)}+sc!k@$sU^QFHC|0PhZjU3fiB)6|NAb{L}qV
zSml|ljLEs9ru$F%=Iq(oQ8bpXeVyyoC(fhL_)5M)mttL}?Q(*arDMGRXCA%th;u}B
zOVR9#)==SKcE-4oC-N)<v^Y<hw@gk}Qt#cqnYg!lZZ6Ah!3sby;wCS^zEYbD_2wA2
z+_jtI;?xYd`sTS{Pa3&#kHW1sHVU487u`zor~O__7Ec>i`>DKECvMRPWzRpA5$(C0
zCa9DWoX2c^c7rm_!)Ci~nb>CkF7D7wPHu+%)~-A^u78X)JQ#ZWx-g~6E~}usVkRGk
z1#N6HY8m3?C&L*cT&&V2*?kn~&OYWzCrx>8+@>LBaZv4*jX|lq!*1<M#=bUcJa1oC
z3<0?C>lZ6}4kWra>gj0Vq1iNG3-;d0{lVMsywMAO-<tS}Ri{E%Wx($6P&kuntBZsc
z`8}`o+;l}S&sK^d@j&CSQ<8ta(Qd1zbnd(uCmLRPgwlPzg2pmqCRL+>r*-jjx8d)L
zk9tbD&eR+zZm^5mUv(~4GILLec5OCiL1sgR0EeCXjDlaRgyXW#%>I^r;c#?)AKjy<
zEp5LJG?xUV`s#G{8EF)4k@mJdpQIXol4A5o#7yyRilN6`pqac_)k~K7`EoZGZ(aCz
z;p=*N+8fjD4%xN&>47ygu|S3tKjDLbp(AcEL+2H^K0Q9h@7absG4XkFjh!?6bIM7^
zOscNb{QZ1aDPj`o{q&UML}L>vS8JXN^6na1N;>2@-t()k=Yi3pzsGR{>46z)zv0=Z
z0`wf$PnE7FZvHdTZO9k!qK3ai)bh!$p+XV5RLUO7s7liI&Njo!=Rww)CQ3I++5@wC
zzW>P{{w-)@7ZXlxX=CfyT`e^xKaH^SJ*VEcij|K(bGok5)N1_gRI1qO@?ypjEAu>C
zjg<jqcAXK6?onYq;j0LAJb%jV?N#<z^V9WYBn7c<M>h~fG^YJ$SZ^ngkRhYWM%|5J
zfK|Z&nk<m?e@6Noc*4ju+WAiTzPV|^z#|kFH&gxM4CIPeQX34|dwPAe+mKGJN|$yi
zTx;WctJcQ$r(0XLT~jjS{IhDd|LpCCZkDY|>x;vTJqJF|ELv*Q{a88g5+@o~Z5U3o
z+1ujzgU;I!11Fz0YtFp8?^?#oNuQ?E>%+~0=Retr2JB8OFIn5|IUvNlW=X%<r+jbb
z3m4bi`;~0jPhOqPs%Ws7e<Ng4x)}K@O_Xj<lk*Yl?KN6qio^aJlhxSNA{x?<-dLb<
zu+Lz+@gfn*p)jhjPw&xZAg+mcboq_TjL|>kTr9)b9M?X@4L&53KP8&i5}5dOAJ?h|
z7e?wP?ae*#y~}(kAkp;V#h}hIu5ym?*`|4Q#?vGG(@B>!Xrvb>E@dl?a)$f86F9oX
zvzMJ($J1+Pj^F1p=9(-e^f#}PIDgjgAC7r{bX3dP()GJbQlo-WoJhn#O~ZRQ@$v2-
zY(MyHT%Ug~J6LaH@e)P2QNSg~Wk#x~lQI<KHqlJE@Wt-e2Nff|bvni?Ex%STxt?=R
z?>Se%9mXkqJ1Ch!mFkF*&*k%{Bl}A4M2a4Yb$Y*#>(42T`KUUhT#L4ZwUVzUY2P`A
zg!Mw}9aLlnM-N8vHjN43x+T)2&G<y<&2zL{u6^J?|7pv}{YPobYMk?p<I}7=mMOAB
z+q(4oQ$up5S9;Wb{L+l_*n3P}xZt672kFAot);Ujo6piN{+VZgWVraTWMip~7h|3p
zg}~~E-7LP*?`$*V&Tsi+9_O3asNJM?`soAZr6PuilT4e}r;RlVl3O2;C?A_q{%I|x
z^IG#cb|I|Xm^pZIN~8EmlHKz0z!ZME)ae3*TJq3d11|outjds9cHJi7d#zh`lixpU
zxUU|uR1|sr?jgS*m0SjM%J9NFRX4u`Ux*!zc4FI;o{~bZPA|PjE#gM-qwO@jf={lt
zsH$g7nfE-cHlcSZs$|%_ck8En2F&O9yyEY;2R=Srm6x2x-MqZG<RDe)Q?k%6R8le?
zSD#bKO4%v(<IM6+uCkS%6!EUM-v7z=>gT!SwB8+~)p2LNf1c(I<7Q8f8@C^>B_G&u
z_BMz7z+wzTL|da-FE#V_{w9e4uKj9?@TeazysqG|T9}%QjvrxD-$ff=Tv;7b|MRj6
zot0%yUv6>t2D<#5y3dD796jCH8(P;T>Sy$&$H(lZ0}g4oce-knH9x2$O_DV_YhR?U
zE<|2`RzAc`*)&u%`MrMVfB`4}*_c=Uu?`vL-H)Ds=l%~J;h{ClQ<Hrc9yLfEN>sYB
zm~=?eBEs(Q-JOTGQ_!l!#k=|K4f5LM*MIYI1zWbNlFRh_)Pu3#Ylb`iFnF4ea!jgq
zPIP_xrAeQ#VPURqsc9i+vZF`+2f0V<0?m)ey!CIY_eFNCuCE<tlVM%ldUSGv`sGsM
z1W#}7)y|R+-ZwIBwWmIEUQ056Qg>ucw<gA(R)Rht_o46NxhM-|+}l=mi@S2cf95x{
zy^T|5?Dc^Ce{8ucuVvITOi&L?Ji9?ktWho%c${2g-e)Xa$g?QA@z*5dQhJdOoC>JY
zJ}Hx4;*IAfwxo1&gere_2+uiOqb%xrC^p>txmxkGTuSJTpj+R6a_p6soGCfRzE@dt
z<>pS7_Mh)`X%)LKZjh(hEXUz5qP5KORMnHImYpW{8ReIc{n^`8Q<9c4Fa3#ocJw`m
z_41;d^F`6fpbg@M9|9&TNW=l~n(UJP;jTXwOe+#diHm8fSR`^Tzc>9E!V)|=={htJ
z@MuJH?}f9hH-!~Axwv19TDz8ZDg-2tFluwzx=PHnZS`_v4X)&#=Aia#Ycw+C(dv(<
zHePC9XLEAwSWJqMc(N<ioVj?<tB;dEd#OBQ-e+iwJr8nTFA`^8|53rW0U!N(#&P%M
z3VN#tan@8H0{Jh!yz-V&+R<UOQAD(Lo2;0EvT|L<b>+Da8vTQIyVeJN4PW*tug`v^
zU(XYBe=E8xzwU^3s(poj^$}ar)Wks@*Bx}vtZv&f2bvaoY;x}{<((8Ok~&`++OHGx
zhuUanXX~<(1CRHm7Llc(>ICOB+OmaM>Gdgv<r4!ZM*>~z!xq2M>iT>0u3x)*$>Hd&
zX4Zf=$vtxK*{7_l1&Rfg8{=w}4A<9h2KLV!b9~$Joo4;D;<HyaoZ7nV8biiH`T6Nx
zfikz5;{$YhdXM%A+8UHz%U(6&eNms2+-3Qq+Inzcm{xw*5YMp0A*-Whe-w6xSU3tq
zrwQPfmSQHThrUZ`3`RI|jaIrIE3Tib6Qh*Kyl9l|AXgiawO!$%^7_=}Xj|EmXO0oK
z@3CI~HgNEd{UA-2d*EEGQ{&jkk1w@XpIkT^-!|3Z?!4A8BcJ?d-_`SmCnc(;7ERlq
z?$Hu5-Z%McKgT<LMbDv6TRbPkhQxzd3O@M^=PVi&JfEIBZ@Rv?autqny=mJKalT*0
z5&mg*QQONO>^=~m-_#HpFFRTGXY}AiSyfO6`^iGp!I(?gR2R72Es8?Q4;0IVl30&C
zOn(|56Z-n&$5*OU6omq}4EwU~x!V_oL=Jvl9Sf2fA9naMR^S|cCb_13Lh7IqNkzZh
z%k!5D|Mj5>?JIhxuCD%0XXal1F{(M#Y2&B&?f9+M{T%Y~^)n1oYA+qXdYT`(V|I~V
z&p>VK*};tYj-`;iRZ)5Q)$OTY-&IO1Oj#S3*6B?Ap=@)fh_5_f7<yJw`GqolM46(C
zLHb_B`_morJk!GyJkL`mdt=03mA6tG)-wg{-lVgx@Yro-Rxhdf@_ApLvVhyNKYy4!
z5{MGr8g%)1(=#Qr$?~lX8&{StCXmWMyooxoM}YVKzVCGWStre&D_wW)yTGjUz0H#2
zXMXR?M&-(q5=TkTApbIV$@+N7L;W+<d0z$#7oF30JyAO#(xZ|8#CozSS)Z!z#$vkL
z9r5p(gp>2K%5O`rwCr=5*k#-E%*S5FFR114_Ir%4k6&ExXrsxLEBAgK$u!bg_osM?
z0n@L{_~jexeMwUKM<lkg^D(6_rfYY_<bQTH`4X^r)>~eppxoH&&E2%P)QGi4fm=r$
zkLoNd+;y`*dP_MWW%BpsINsGCno<*gY@BXubfkZ;J#ziEDDQ)P&eIp@eKwbsaa;%)
zO4feyrn1~C|5KfDY03LciIWW;qp`I~BL|;wPmzTS3KE+fcQsra(qoifoK)c@yxW@D
z{vx%Xd5+tLr}y)^_^EhDU5ov*+P}HS^Hg1f#jTm3j$%gpOSkKHmG3epQBqJX%G$dH
zTXXr&TvW1PdmO{0?dq2pwrw$CcIZW_%jX<g9f?V0_W$~CzP+Q)`g_>G<L0ge$$&J`
z`B|~W5&wkMd8dfQ5-*K2mZY@dw^P3U?>ak1zsUYk{;W{^nZc7rU+DVK47Kl4L7i3F
z#XWmo9p@~|Zmx-6cYA7G99>~byEMI$Ab5;6@+!Z7a?RrrN)_^Z+p{lKZ)7oUfqO-p
z<-$|pPNl+>Uvo@LvvD+YexIev9vg_N^-FahGBA!DOIS`mr8Y3|npS6Nil2A)fU`|l
zP(vq6i>vqOFU^U|#Lcmi)KbkCEL6@26E`q%(g&gWKbfoiRrXNT)ry;ZH?vfEmgXWq
z52$Egy>t6)aq*=ug9AUO!D#YVOXIe+>E)A(^7M{+cjWTLS9B(G_LEaFUf~j2PDdzR
zUspB{c4g!<Xmct3+VMn$PmBGB;G{pbzst=pF4C6F4jH@euxd_!A4;YCW2h6z5_cRv
zaMNnLBMT4t?o`f7JNJ%73tDXa!6(OOrtJfAba!srxVI|$9gD<)q1Vq3mN^GSHb~J7
zK0nJ5lHrh@So7gg0i}Eh-LIWbeih!nA6Q>hGjP9To|)A^_|5COE1MR_ZQ_jO2Sgsd
zN}#+c5THtx(DFRBU4dvlO*ua*b3Ob?M~cOmO}U>TcWJR?<y_jX;Vs;vsSIanpuzw=
z%r*ACp=^f(6Xs32_3Nq)t$kt)o7ls4B!0aI8I@Fk*FWfGLC|8r)<t=TwGQW~yN|nB
z2Zv&~sMLP9=qleVJNYLY_8jTf_O$D;o_v(U@<r@zn%?Fg6&trbh&Qidtw^^NDk*f?
zM}C|-^ZpUH*2cXdRyJC1Vy>iid|VMKT<n^tUL5?yy+Hll#q~wGm)ohjOV;y~pJF}V
zWzHP5dZ0R~eoS(em%Q5CZK&RLae1vUD?gNJ`;*1lHK@*OxJ;}1B{vMZSiLxt+H||s
z@V#aD!wccpWDZBY7KpS~P*$=EQg>cur>4$uXiOMN9O=BNIls@Ej}c%~uqjx#g98b2
z5we>nbw=p!gNiJk*)ubT2DJEh4{FKONZi`c|E=*><A5Oh*ULr8L0S?ElO_|)cT{?E
zB$Z;Fykomu$J^#^Q>N{VY3sH;I^w<(*eX`|+x=!@(7nntInP5$Lit`_Dl)sq#TqVK
z*y@z|$XhH3#HBqVeV$#(Y?S#`Y<_oatLKsmuUOGov7p+|$!k$r7s9JFeTJ_cQrr+m
zqRGC}*=aQ}xch*Zn?>4=U)mR95A1!e$&;Fra-?S3B?M^SzYtk{p%@5uK>A$dAo_iA
zt|Q06PyjpuW1agKkK%GNW#zWFrhCm>Gnxx?1;z3=;1dHWAIes8^wEUyw3UB0@5S@s
zr^5~!7Ce1_BzkztaZmP^?k4^GJuZnNt8NnGqOE?y4^{^5ve+s6Hf2$s*nRX6^U=l*
zO@7~$cdFTbpIE>23!Ho;n*6+V?37-~Z4TSRJvR^E;2064ExBu^9$V8Ndw(s7KQ==k
zK0Pe;`1adP+_Vl%v-Wq)KZ;pyPO#Ixpvd<3(%4%f2k~fBTQ`NW#WMJn_I<IN*#yul
zNR-4SZ<uvswEPca7aytP$@G^s!WGJ<6{&0D!<u#Y&7eAq--8GB(l$}jxlWqVPTzIu
z+olV74vz91W;ih-NYfmorgAD)JF(kO@zM~5rj4T;*HvwzDa^T{Bi9m&iWry@m%3v%
zB)-1bkFikcO4kHGVC-NpTjc=|k=f1k>wjOGLXmwrC29Gwq(Fe7@SH$8S2Mfazr^D4
z7_chvPH;02rlEjWfEEm?h>B+uZ=u5Z_e<qyWb6+^!Tq0%$QX(}#Blnn$<GK4s|pJt
zGRRVaRSEP~o*w$9z`p+difyhkELedYq=_I#keE#3Rt;K!>45gf@M%Wq!TtM~E<uq+
zaDVVjpxXbv3+nT2k(MN({kt&5)X25y1@<3>xmD?s5s;XmuKvc2a~SLT?K*(A3$9;G
zb@&Zi`1f_=Q4K%cmb1Vs=?d;|%fEFL143wufX4%D(q9y}MNergz!(N<7ZvFwR@1<m
zB)-U$1qt=s5Nbeu47q>MD2Q8Saab`{{)ae&AVY*<*X3`xJdOBLOVZ4J{#|et!?;j3
z&?BpHqtoQ|quHw5Bfi}Kdz#dzPA{}TtZp`&6Zd(eHuk@FOC%S%R3GuT7Nm0EO#s=B
z_^O|)C`#~4Kj8nrKW=3a*6etUTX%p!xS03|lsw4Ebd;8UH6b7&&lR2l9-P;)7I!c?
zB?S#*@aPF*QA6p1YZ6c+Vq#Z;c!7vdd%Nq`1#mV2YsOq1lTEE~{phGD>=|&hzHBlR
z%TAiRL3syD>w@Bo#Kit+=9(fvDdB3s=-Uib?Sk}#%WX_qx#^F_)b&j{gF>O2-r^*F
z5ySk~uaDOn2>?;a80_lRn<@>wC}05pXhm|#Gg^NhV0H(*0xno7Gw_!=@(92mG%ukK
z1E32tGjZ?WZvUP+{cm4gxRjJVIs_{Q?SS!6_0xN;)CblDu90IZ>Z%97ysgwj475Q8
z_mGO4#QnCfm1wH$f-QJ*6u=N1lZd=}J@A!!Ix&#{WN?ILJ1~lwzh<oL9~?aW4y<x`
z7Mvj=i|^%_E8MR$a_d+KuQ9~wpPz6dUmpGP{5)~vi`zsAgG^|~BDp76KSd>#pr3;V
zpf9)|iX%YRX->@*{f9ZS`;b`ASvqOZta#df2=5QZTp1V+3yb^U;|N)GI#>Di;S!oQ
z3wjt*(ti*Xt1+`)mKzK`fP(zA^CT<I8;lS8{2lFnzzwaJT$PofVE`C^V{@~^*-d~a
z0i}XL05Iw!bIUQ)v%DVwuLC4MR?G<q);p{UoZ<B=z(t+~d?3C7FkCye1C%8Xm4><o
z{rKtZ3JwCk0ptfbHzKw_w>L;E9K`#8R+D}shZG3REG&tjBVRcN8v~vOOl$z9;3Ucc
z@RN`TX59_|1hyJ+2WT=vZm2*L_yT~PaeF2!&Gs+t?N>O%_1xWol<}@JI(l$7m|p08
zDk}rd0jgV?3Kt-SmHyPYZvGk=W_g{qJK@Sf=};iiVK0W5_(iQRDk}pijD~jSt?EM{
zyiVc@9a^fbz>5HFwecpo4ec?EssWP(ycfbt&1OKdN8mi+0O7>_<1yi50SIHc3VsA;
z&Wu!B@sV*ri93q9>A`1f60ZV0k)S+YW3SvMIk^$@wNn#)uvYvSS6X9+4v^U2OHKb`
z<OzOKS63a7@Ze(uuGu<z41_0K?c8Mr=;?;k=Fd=>L0cZ(YTdjJXd_U3$xu5>LnHkN
zV0;31i(w7c0D^95Dx)dd_V7I5F%3Kr8-JFZyiHjdA^{wcHL%J+0DIisHH&%xt1}`;
zf%Dij45k&97<|Bc2_Nx<z#D^h3Fu@3DO4_*_)BbcN5@rGnwwzNL!%-k1^iQ6fIETK
ztZhlx0KmF>%n>h<)4B_HK~FhDK8p?4`3l8AIwTSF1>nT~lAHRo@7ElN!W~8+(c=<F
z1Tf6(|52!6tiY&Yc#ploR$%;~?LH+90{7y_OOki63RYHfGxIk%_hH5NY=&BNIdPMV
zwKZ>Em*auIpp*9?%OZF{-2)c#cIwprU_cPCvA`O{{7G%*MC%x?{>PjvZaoM28~#xx
zH5}u6eo4vtOOn%jaCmT_A#`3|e%nzF7!U|Kwda^a#Q^CaaPLOsC3R}=dWZMBPC=pR
zoXA0=nZY`Xj@)2?#rMjKS3s<Ya4oTN`Z?-Y%TD_yS&R0!#2EmLK1p^fZg)>@4oo1y
zY4Sty0HcV7@h;G!B+vyVnEtp^5UNhwa6X6weDdU3d^k}0qaQJB-;B#FjX|OWdaUjV
zE@6FVmebhX{Q%t8@GGW=C(UvKaY%8gv?5(wu4RlBN&D_g?`BZr9~=_PABfOcoRRut
zM|9M2Pvny)PrejxcM)gq{<FS7gilyJ4l^LV#1V+B!NU+ob?pl-AZ7NLRRpdI7XlKp
z4d9g+sI^d)03x9)6qEC&ads9^I2v->eUSMfYXJ?9zw}qomsFu{U|?_;xRqEC&k(Bs
zWrOu^J_{QLcM_y7SUz4v4VPmZH^dRQr^4dEF^2V`*MCGN)X0We%#jLFG2(<qJ_Le*
z<Ax)>k`$Ud3IBp8gpDE1(COb(Y#V*z(w4JlLfIf<V_g5V7xz#D_?2bVC0e>rG67s4
zh%z{yklKMavFOZy1hNgx50nLumHDqGg1EsHHUyC>d=shd8UQs0+zC$~1iBib_Y3+6
zNcwQJpzg!*;TuHgzlbbW+=&}fjr;=c5`@<WReFbU^{&T?BOZ^ChQap2dFhPC+cmRp
zr%*}Vhox$>K%D?D>OAr~8SEqYEC?;Uef)SZ2a$<j!h@@a;06pStl@I#3#RaFZt%QN
zgMf!PM#hHvRoo<Ugnw5z0`dlA4jiS+ujl?q_rPw?Q72?F;Md;R4atFjy4A-Uj7unK
z6pZC|;B}%m5%NdCXaP-)C`WFq1#L2usTjrpz8*kc)KaUHIqORf83I<M^FT8p<pZZ@
zClh1vMbIP(4H0Bn(R)O2*)Y@whV9LQK0-g*smp<3q1%l&Sw4OcR~hZV<HNim)sgg{
zOw3aNiL$u~nliHOx5clp@KF9*{9Y~T_sIZCCQ3VH0Q<);BjG?WyfMS=SE*aq4<d!j
za8e{7kDVS1U9O~MTDWHH0oWc9hIRU2lzoJ<6CT_~1Q2}yKnPMcuCoF<8HpN#cfiF&
z_t``i{C4Sbb0#qLSaP^Xz>&bbfYr2F3_?EZaAeIC>=0<?dsy3=h!eoL;mpGJI$efh
z;nGhcn&3!8U7Lo6)2)$j$D!wP7P2~P%X4WuWpOy-juYK=5NvwL7Jx?q`rO%>5nN?R
zzSKquK)DRxRBU5mgD4d|#Z6?0Ipz#`-L71Oi~dnT@JrzDA6<r~fw!HmjaozjRuX<k
z9AxA6t){0A;IcxfAVDn!V8`8n<9{-M9<|-_tSQ1M(5RP~UG8$kIp3KZZS9|PU78B<
zx&~NbtQ;f}K|%+E%?2wE=oO+D4v1(hp&r-i(5eM$Dj}gl%=}>x6K*{##HEvXb{vYM
zA>wyhM-443uDKEUJw)KZH?6^EMDb^U3S$*l&=IozSj8$mz|y{$2+ltJPy;%<P2c++
z;Koo(E<VdGD1)p6fkwkAtY-0g3ePqJ40yI>hY%(}2=kEl`C(h|MwOc&0|D-~iCX-b
z^Z}eggl!<hZsF0m>38B&bUJoey5kZ1v0jM0^S|4CDtmtr1X-xi0gGKgqp|uwEPxUx
zarK_#m^#em140cD@<>2+bJXGaF+H>@9A*cGk3B2^oGQG~d0a<_SA~B8E_CUOzvO#Z
zL<4xx5F3HN*pu4qn(pNqJ9_^B=WtSi`P1m=zVI8`y~MT8b<w8~WbpnVfdB3+2qS75
zh<;&m+4e@)CwC_<w?e*vR00}~@eTg)(xWZu(Z&rXg4w1`>{tRKO#-n!sOlUWZ7(!2
ze?k}sw=vsd4dD(^B_R(Y!aICz0tuNBl9+o5mm$Gszz@v^D7yT=%Dx1g%Kd9w=adv_
zI5?W<luBhv<}r#wBpJ%sL}q0sLo_JDiIBZR2q9$7+=Rp?vu&G7#%;<NlJ|b<|9$WK
z|IT^O|N5@0tE+5#@8|hFzu#K-y4PCw!ZUP0(K-Wsp03lGi4sLNB}f3kWD^B!m!sVn
zlNzfM)yb$IhD&Y9FsWND|5X8^ByRnYmr*#buW+of+5-jUXjq2WXf_oC%hne;kH(?3
zb}<^K2vGo(JxF?Ow)yBkuP}1yRFc>Rv|_~!%|4uP#B!+dg9HE`6J!RkIqS`viZ4J@
zHlG%VI-(FBLc1s54z<3RfvTy)j+Th+F|W?y2A~5|h4YJoV`jKoTx46WRYZ7Cj7Ab3
z*fXOdj<ezO3$0~nNh~pE9Z*G4Ai!B01`uL8cn>P0G0Dtu(Q~E3%RYPf5=0qrF`#L#
zxA^85XY_t?9sH@Ogre;{+s+iXeY;h50#k{J-R2`|fU(CQ<qoXP2(yfxj*3le2b*Gq
z)bLgqM{7Bb`SvKDMW7MKn`K(fffIy|`OEh9lUtTasjHPvVgCkh6`#cDV+Ys)u7Gl1
zV5uLXpt%&?SWU>3LM#xG<2%5fzSq$2aH8uvkF+UZk^>aIfHq@OQu=2E+16roIF=6@
zVJL$%AGb3;iAlf;8*)Bf@4sF9@ya<NPH3KBdjf>e^6io^cOKXaWwadXD19g75CY1D
zI9cEbI&AZu@1Y$79lx1gOAA)ts_D;kNv#70>@R+jecc|DGr@_KX_B!e20PmsZ>$I?
zpG@CtX5#<qk`QOkw^xd>L^~s4%V8_<jX-5Shp*>awF3R4On8)*AD^-xx=>E^765mm
zp$E1WNCBlH2RT^=bWT@XIEc~Cca-A^`+~YtY!4VHtP&o6&Z9_JC^X?>oNqju)1jaP
z`-KWm25f(n(YI_uPw$oK!Bb*3?Qel+?Y=%rP!oMX_N)r6Li_(Mz<^*>apQTQ$Q954
zP!+%rdvv=?N35F_G^#*~piSVsaAaGtTQ-NXHE{S^9#rh3QT>S~FJxB>mS$<xVz)!6
zMs+Vq?}KwhBooZhZ<KAeE+vJC;(%qKm;j7{>T<M6>FC@&x)Xkw-yXM*WPSMsRK^h!
z1e}~7)<$Eu!TXTyN+W-2sS%xqNa`cthfPdMI;LiT?k})|z_gkAX_%`PiBK)Be$c<h
zWz))!Ar%O!fef~aSwmqbE@eOR<N@WcdwL$vZUxwaBTGn7qD|!H=l9wd;Dd;+lgu*^
zKX?O)A2|0OLvtDgvvP9KBzqBV3$c^^<YyJQ(UcUz!a}?Q1+}OWN61GsI6;61oCNSj
z8yGIwp*M)dQS16c+6~bFn)VUwcN$D@iIAGb0-+`xQxEZ20SOVJqk|IA8m<$V1IGs*
zFYwJrqM#U$ALbq{un1Cs)^gZ_z+ZsKL6{Eb@Uyc3j~YY(g1E=f3sNVGfjr8+mRq0<
z1A=o1!vk-*g9-5V^~dMo7x}7%LBPBkp9AR#$p(n~W<P&^ov*sXYjITHM-2){w)td8
zGon=folSn{EZ4p3wU$sTMiB)rBed$~t8<6hKr1xaw~*%|cQ7&a*`L+XVMk%YHH4n_
z1&{J}X|eTf-+rd?gY{SkStoj&Bf`?PqW3C{ARHA|Xi8@PkmDA=HwwIL4fc5;01*yI
zT+RVdwzxaN5uijnk2+_{Vgt)&@!x06j3H;m!?xBUtOo68006>~h<-jz&4Xmb(WhFY
zO?F4MFm^D2B*Irn|NXXCgV2MlN7((wjjj7kgLiUoSIvxtyC3PcD+m;*zinXkLz6iG
zB4yCdHXO(|d>8xy1}Gp#!m)uY)pZD*c}?8leh%A&Qhz88f*pX@z&3(tQN8(5HYISH
zz;4wsH3L)dL+FU)V9aQxx4%Yc24C2&-tlew{xJW%$D$c!W~R2NzCj%RqwyyWEKhv>
zJ6L~)SLY^V-o!^*%`7}JEb2^mYfIm4w{1>Ml!L^tMBeuYqD3@vq4fp@|2X4|X<EtV
z#uaAzs@bvEcQAb$JSKku;WG$?tgF2hQ$aRAO3-oKrD0_~=my;lT1U_kgKdVk5B~Le
z7CquqLA3UEAu^>sv&B+WTc>%lzu0(uch!Pnuwhjj2wnCaqT7E{pIM98oJR!|6F@HF
zhI2y4ON{s4KaTK|A*UEsYyN!IaAqI~F!CF4x4;m{+k9&PPAbMu=T%wh9tns8w0vco
zzso;P_aoRqEXlxj2dOA!HYMz6O!rhx0Hy}+#g6!sM<sL?`4NQrtlK1BLjAA+_6T17
zjSi=e)tmCq29D|5PO+)%2?crty1*tmePM&rsnm+rdlg$LnuZiakzj?0P`0-sQ2bJ9
zL)aF7y{$Srkhwumj&ik8gWKE-ts`GLp&*)xzzhZm7?DnU{~6F9jdZyaIknQg`oT-8
z=+c;ce;{K6)5<g1W)!EstEiq!^+VWKiKF_yZ&GJtkP-hg?IW3Y)6Y9Qy=bXWOw(<A
z;vk@;_GRWmuGIKFE7{oto0U$92oBBM#@l2CS~U&NrjF?JrwJ5;aZA>Aue?3coM>^q
z<DK#+>DWkzYsn%9KAWCx`M#%GI83$AX0M><iXu7ePyKh3iX!6FiLR}OfKde^>X=Q9
z?+~W7Ep6IuJZhrC;WV34==DPFUyp`E%(bFfqS)nDzvA}=x8bNP{g$Iqb3s!q<>Fhk
zTFIi_4~_wGy_8%r2A9pR^3@(Np#AOC0(p4mw+7mFwb1;9sP3=%j#3neTJ_n_+jP%W
z)Oq#NyM|@OU*Cj^AO%=YaDIlezY-x7P!NbKurI)@z)5;vjyrX!!`L9k*T0XVD@gP~
zjB9=Iyq9aywZ02nL6?N9IyySY_i_U|O(NX6O$JNQuIWx1a$JaWI17Ri00Gyv>F!&l
zvR<vA<jCp*E%QWQ@Rfks_$HWEcs>*qMl{>nSy&7eXWC&jcz}|+{%~4p5hQj6BD$wZ
zY8H_#HNj;ctVjc=`8Yrm=zH-MFLiW(n=@Ea4<{5Hz#OADyi@RZ_oc1D#|9R96k7+@
z=?JH$><51bzXW^&3k<7{Qv>S6S}c`)gGeZa-0q5#p31tPZ7m`kbrpF|mIib`#MggV
z%T35nqCXj0m-)0belA3m)qUWwfo+gYAX5-pfV#pqhj9lZ3olo14tHtJ?jjJOrsjMy
zsgX3GsG|cb2pm*g{LIM{*NvupY*4V<Xy?t<Z=U{)=J*!33d`IOikYaJU)Y&Z_XNlR
z6HEsb{94jJ2Cf-bPb=?VhPa~D7PB~BFf)<>zp&)+i6{0n`ZIgdA3;Fx64YNn!rWLd
zcZaW9X0F2lxCYIViD;?P2h|2L(NG{FQ5&%mdZ?IuUrtVDwZ#8k%f5`0$sa~Y@rsHn
zp+z+}SLcA%d$VjrF1XMvzFjIIx<1VEVRoC8;3AGfmYhuqmIFu&?965{`~s72V(OrM
zL5`aZEc9`nIMG$e5x`*(2?kZm#BU-2Bs5rtvo`USnsb2!(`P<?iVfjELJEXW==_6R
zHfS#6469Y=4k$U`MfejiQh-ldylf)(rxSae1R|h@zKylgE%_G;^pL>wuR-N0%okdz
zJ8k!J1s{@<QUwG@_)J<!0;3R9w~Of)V#vFoAa-uN6P%nq9{#9{<rXq32H{cCba!#G
z*dr<h=Z98SX?QS4DbFsCPID2sf0#hnh%KY-AP@0Ab+6RqQTi8Gk@|W4w8YKt)!DB@
zI0Sl`Fw2Glm5>+%DE!gi{x0iTRc?aTKK1v>RMUz}!f@FceOKs)reFm!_qjC|`{2R>
z4n5@RAeV(0fuMP_C>T!$>I&vPi?6Z1-Upc)4C@B%3?2z_0%`Umx|_22tU^^BF1K0V
z4X?U{vx(>dknf55B)CtoNa#U~)jUprLa>#HbhY;%l$VD)YqIV6InVm2TudcW)7jLV
zS$jwy0H(&(KTWJ_ZD>$LPa)Llz+<2j8DJ1D1s4fY!Cd4$z8B8|z!l6;Azj%E;lvea
zRhNDVv;#17>+x9)Nfe?B3v3R&>3!2kIBC2BMr|v$IW$WM@&%FnSkbr{0$=X$6MhJ(
z#$NQYf&z6(JE=ZkBeW$DKLQ<-dn<=Z5(-l#$O7OvU_!)k2m=ww>d#C<loJ#RlP_d0
zn%ehDZDYl7ACOOJ2Kiw1(rv^LUPIXlgBC6KuR$OcP#$L^ARKuw(H+?Zg0I)!zY#*r
z(a|l%TI#!Aj?W?1fg?jZBL;l~5%U}5nTHU$j@0HH)|2;-AEom^bF3vg=WM5-|IPwK
z4XgE_kC<*LB94Y%ftAHSK&$4abOByt&w@n*%7qL3QC565-?r2LARD=)1S-2=cALDe
zDQrMG0-l$0*wS*7Scxk|EZXPrVKq_6)Di*Jk5Xi~!8CFs8v7B%LXjGo34|1QAn<kQ
zfMWoPF?Q=?KYHpdedYo(9UK9q3(7n1f2gp&a6ys&HWw;+Qc-)LLUu(0HWiTsb~iQ|
zu9Omsjs@T#fKVB(^{|B`jln`EI)YgkKJdv<Ytm2sfGi=PyqA}8sGa3|VX#YxL;&Al
z<#4B96F~^zV_;AazYpL3<W%b><xiP-HIow0%k&GN8u)(vBG4x>Is*Set1GU9^xY5=
zpBw=eaY=}RfQKpBngS8IcY*qUJsXa=2B|8`_A>~1ph6(T3H54AW@T(wMC(i|LB0{(
zFU%8SLvs;?RG_2*%Luh-u$d5jNY+MsbMxD9XnOqUN<_2|13|ec2~755paQs(93`+V
zkPO5V$9c9nZ+^Q6c^BpQQ;oev58f_WRVCd16Z;7fBN1=lD8Q-<mVVv&Q|8phcN-U1
zKPXaUh@l|_*abx~v^-#ABIG5aTs$A_MS%LwRM&Mcnzp@!1}9SImxMEOa-OIdi<&;g
zK1NUrbF0p|^@F>S_zaN$e#q}&>*H2(1AFM@^}SzSm|Y@rc>wO^7tVtxX*bK5kD{#8
zN0Ty^4swRD8b73DGysW_;!rvz;WqiCe+7t)hI_t<M0{U87BdlF)p9731@@1`_5i3p
zga<!OjMB|$#XOFHM<NDq5glEGC0Ha>8pXsChpfY^O>z4oMrTw)0Kca4M6ZRK&@=7w
zCJcbH%*~I}^E<4m;!;we%+c+HJhiA>4oo0JnwqM^jrGrqi)(-`U|D}8Yg^Kj%~mE2
ztxNyW>JN?>1S0l596g~n2+JfVm#)H9-g^}`3$_rSgNPYV6$X!BguBNPm89J|2O*9<
zfgt2h%5Ysq3I!Q&0|WA&5nGWhgi<Cj>lF!f)Z$TN@o}>7T*1nNf5axWIF)U-SPO6g
zvIssKq=7}(2j~jy4{MO2se884%agC{nsAo#&uBf}v{t_-&EYpat<tKZyLAJN&OI7Q
zrw`4-IqeBmA-9znXY6_U2(xcoW%R}U`cY3sj5i_Lo;r0Kiw36VbNa`SodXAfjsmXW
zV-6q19kyZU0tf4+l|F#iB1EqySTxbV66N?<_1Eeb)6p1%YvI{c?_7u&i~JHB7cz9<
zVQ~GRwNA0+*6Fe#>|uWFlwdwvWHhAwsSivcnw`%hd4dfC`xA+*Fw|xjNAuz72qj#!
zq0|kCj)x+_$H`*(QN{1gtBSy_qMkKs`?x+7I3uJ&DmEkIBs~ruLKULAKxTlP76$Gz
zT$ILWiWz(|&N(<|#O$gGaW;E!S@4PgHnh=}(v0NnA&3M^MZs|Z*o&;N0~`ROhIut9
z`>{|~)fjUF0!=^ZDU3E^O4u#LskM(JkMME8djpL0e*uU{YIHNsd2+VEJfBua-bLEt
z1GRl~5gb|lm`O7|P6otEYu<?;>45uzPARWH{0ia%VtEV&@Trj}%*xrl5a;9H2$dlu
zg%gelWdQ2ODk58;WW(Q_IOMr9N5tonaI%Hff`^<<y4aRLTnc|!tR#|m$WW)d?IXv8
z9_JBxlaf5pJ|Y`+Vh`LN>3a%awZ4+&5B1_;Y)W;5`j1!4=Vy`2urH{A)Ixu*wV18>
z?Wm82u7z$MVq|rLLumI4FKiOw0=jCs)@7Fc@rx^51g;M;B&**M`blreTfS0g6Qf>B
zN$ENhds*VL%6e8-<k54h3IHv^k{Zh?J6tu_SU^@t;`at%N?7Z(a(#F?DG`x%5(*oD
zL149E$*~Hg<1UB1tKi4;X`onuMPbbGJyy&u5C;Yu<h%<q!WLa^ums@7kUdce0Zj~R
zZCON!CZ!#?&ZB}2#J?J(k$LnToDig4pv**Ay-UJqDIULjxu@jG=CS*xXRG%)6?HyM
zNpZW$x?O7JVGszQ9L|QLIi5&3CMIG(*2@%TnD9C33Q%g5DS3X7_q_4ydUanzv7GwJ
zxT;GH9A4SfXMJQO&JaTY$-t5WUssVtt&p{m7Zl9c_dq};#MxV{WDYlnyM(_1wS}z(
zblhc-rYm|Q(=CuvTWcA0jie+g7ju%?L0ojo*xNW)pP1KzY&DMDq2uJPH!u%EoJ~?;
zB7rNw$HG$dvs>n6@NonneQCaP<VWvyx{^G}!3fBDw%`DA4mH3gA|Jn+i=;TIAPtNI
zXtS%0<zxG(GsWE6_96L~QA!=0bGrj{c#&PM?u$Fa2c_&BtHjNLr*(9y*Bh33m9+3-
z;=l*U#sfwmpaCpjsqo>RWK7*Lh{8eN8bbL<u_8YSiUa&k951Q{5^VTFs-AH8Ana&w
z6De=^l#A)#&2mdo|7P;gGzPt-HmjoS#&-t_Ljr*1kc%dkal*yf*>b>CjI4K)x2(4L
z2t1=@wqU=(5U-f5g}8svh3vjo+GZ7s(Ny`K^28?;dhQG<>{7&`*!}+YX9rx8GoS?l
zcZJ#$jCKK2tV<W{bd=8!N!LDh6*AyN{JC*{$%{w`)<rif9;FE7G+QG6iO@=ZvYT{L
zT^*G)KD-bdB?RJgWE$vIkByTJ`T0xKO7ut;J8&G~|Bwt=AtJa;+YSxJ-(|ay<pH+>
zql|cjA?;~gRf46XaZvc>Tzw*ac_H&@?(d$db(XjD$&3n(yQm|^jSnmewiu>mmNmH*
zSKUevGkdS=Fy?V_*G;om@8J93aofL^-e(TP-e^?3LCGzg-=5)J7iQ^FdR2X4nO2k?
zE!Mag*c&mrdaK~b-Lv<8dna`1lyq9djl7g5@s`kK@{rY2?c~+6oXM7~W>S<B!fQ5!
zb6$LT?&8H_`Q;mfrF5bEHGgnge_J}v%Y070D`UXet86Mpud}PWW^}B1vD+w`T5J>L
z#70@L$Ua)`u@rZUTj8oinCkA)@o`%AX9XsiCF3hwORmzCA}Fl-jj4-L^WXhiY(|}F
zwq7sxnMuiV1W-%6m-_R#7wPBPS7R<r=~kyvy_Mx%^Bs>RwCm0sT6K}b(s<UThWg3I
zGM|P&F&?1@W4ouHl|b0~p;4Kzxn1!~9YYac*Lv&MH8uD6_uALr>C`b}sZkE2xvo>*
zxv{g%+xw}>a=$}t#NPM7`g)cHmW<|wvX?1)63=^m`*7`u=r-uO=0Z7rXlHh=zIx;d
z<pRTWtE<iQ$>i+4jq)vQ-p)(bCC04_3x!@^Kdug|?n{r*$!HxNoqzP<UhvgCY0jF3
z=XiQhIsqn^^tQcxxspTASyE1}Wp*~N^IKmb;-VzHx;S1fcg&V9`cCDOpXojbp+qd4
zZLO%I+kejjh1MC{QK0gaYMoMVj)2C()3cL<R{B&(Y+|>f_k6X<_md0V%sm1Tl@_`B
z?(>rgP$(Gn?Nf|>jL*iQg*(L@f@7<?N<C9C0;1?osz=Ym=;~XFuQWPIT5A#yyzc7i
zI@Y%rN@sYdPO>&zpmJE<fDRvrjS8XM*Ei*MO&1DVBji{0_4h}=V^Bo$c-gXXgWtL>
ziE4*=Hl31-X+><93IQxg*QnXRtoPYVMm>7;Zc3)a^@}0|UP7QVX~ulA)lw8-*}$=-
zY4f3?gK7yOqid*w0*im>@v>RF?Q|$3{V|)`Mx&iBFw_;<GD<a{qEaJ~inx&3CTN>P
zO|#`%q;Y*IwTM_J(f@hEWO)JOcfwg&SszsQu?3Wmq&Gnzsi*)to{$6?o|w>tXql}g
zWQ?2Vy1g@SIx%jHy8T(2ZuQtBIa%4}FJCe@-MuMO*H}?;8>@`)8zpPd3b+1a91Es4
z*)wH0n`xJ;k2v2ssgSxsn~y_OOw3G;RN^tO1!XJS9;8v<4@_b1`~HaPJRgPB<_7Ep
zd=$hEXJ=<0R9zamc41FwW}nT8-ON+ViQ5{!e=qG6GVKZlf+cvuygY5#ZooVM35@!I
zB&b^EnG?9ca5wj<{y^hm*YhryVNs~Ru{lu9dc)>jptl#R`8;NT(>7**a3d9|`NU{S
z6oBT;Sf{k~@a%B&f$iJ2@p7`Xi_Zd{v#(tRz*sfs32~KVs&#w$d$Y7ETq6QLAPuY@
zQs&x-<Vs4?uv6r}eOzDYG9FFr6evk1G+IEHemE({OAAsvb{b|1uJE=Pp)mR`Ho4qv
z_#u0M(spicD`Hch6YcY?nRbM036}qEzSS$^*|WjvX>F*<LsY-v<HuMmbCJuqb<&!~
zuCc+v<LkL(G!wMy`}-3|wXS-2JcCjj+*en7@7!+4^GxG5mgeicTX1fT%e>N%_kTYn
zgB@k=?%wWYPVT&GHgFBsWF&RMd`_m0qewI%2%e&SG>>25lIqjr%c%pGTL$xJHmHX)
z2!V_`deF@(zu`Gs=90#`%j~MHAFdC?Ey5aEA>~#(s#&H{I!>F^f-`m&5$-d|qCPXa
zX0F-}7v4;FT0+(v%hZ4m0AFJhW1-(2X}KD|+Y){tOcmS_coSsHP-?m`loT^^r}^{e
zC!LQ#8hVmlC{eAp`A)8`Pw{mIRj-R<NM=llTSKW&AZ#<!>C#P|z<?ngL<)xvfq{#K
z`XzZMcp+&m*@FjTPwa_@ztQA<0+~SoH9XN0@8zy&54EgYdE(;YeQwc^`+VP*<!L+u
zyDA{qFNvcxJv(Z^&&T&vlXvjz*S5Sbsk*6oUvr1zQ0ifAA?m=AXeKaGaC<*5*2h5l
zz^1!{Xg|+0BPB=X=j2?Xb?pvSp$S{LxafiMgCr{)nHUc)2tXBN_#jx&ykC#+*znxu
z)05@VXNPX7fkEJp!c(4}9y*O+1ptMb&O$LeU0GSFZ)B7kweiG`M`SW_$Z(XQpSs(V
zchv>wrV{s=_boOu5)#kLFL`$BAv%W^Q<U!dTZ*$aqW6!Z?y-ISv1|dg1tEViX=y9@
z9!87z?{8*^+jX_|Si5_WX{PU$0kZLRVAh9FkCE4cV!x-d^pgo%B+wTyu>5U?$=XO<
zB`z&_if&n#_Usw3m`a$cQie%c9{&g6bK*sp@veRMkGJXCmtUw4Ka6x%)~ZM9!R@ua
z^!}s7pn+K<TI-2(;-*Hw_*`F_k`EqW7-3-8G_G<~L3?>V7$!pmm*<iQmE-nMC5Mm+
z<oCU`YudEe0uyc7zMU{LFb3B3rl*HLBb!$b>89^cx}ydO?%~_U%}twi8*tguTOAps
z*PkgVBa^fH213l7($e(M(BGEui_KUU4Gj$*Pfi~>Ny++8pW<LQ5WJb5Ob6V7f_AqB
z%GZ{^4akd1N+tuUF3puK=f-=Q^;g|vAg#Cqx*E>M0>u{d9>!25!*<m-HqP7iCx#2b
zdM$u*$^r3;)CJavmM2K2q;%R^;nz{C>0jCFzO<0*X@c5~-0`j8LsUV4K>c@bqMx5%
z-eT=@%Hf`Bmgc7HHO51Z`Uvn~EKy~e*E)_Pz$NSc#8oCeJNr<xr6`UO2tVmtTUi*{
z1C>Q(Wz%qf(yt}3%Q3T1|L#%6TZ#(x=GwtrvRO_=CoZ!!&hvnz0?C404n|Mrz46~1
zD}@F4`t=3D1QZwZ)lI>C+IXfT154~-OOY)o#PKqfZ^DVdWWEvBBAAt1ihqobjqTsY
zii56&s;TT(&G)WDfg9T#298$kbm`JjtON-<w4FO@93%H>dC&y5>Z+3!f17=>K8mBp
z{LxvjbIK1O<T$eM7^e~INgEgC2&kGW4lcAq1<w!^23ug+aaE)5LM-CH_6EyaT3gp>
z$VdKZ=l*PLWQ6eD#u*356y$iQEyjttkA~PFYHf2}eCES#o1<T{8iNzBWG1t729%4)
z%V*%2!`AU4^su*YXnAr-wo$!PDtp)2kWpq^OYYjbIvPjNwQJY(p|ZScfkJ;XZ7}C)
zf~N&`BTFerJ=6Mh*~SP5YNZ^RGThU1m}1t*ktH^6XSVMo9|wGE_<$RJQ>&=6WoRfF
z$@OMyG1woFVvkXyP{e{gPo4Gex3aWU1vTQ_c>40P`RNG{N5`hwH5quc>|Ni!74uk_
znkqH;4Md*Zbg3&JE)VE|DD4v!HI1M=q?v_lJgjSl#X@`tFF~oPX$vw+l-|7e;hWK{
z({)D*=+r40EWg3X0!CgrKez(1IF5FB8(mZiT)vn%2w|hVTUUR(dlOz6o8S5%9gDJi
z(;8Xt?}p>uWqKG4#@%Da1GV&aUBeLTlS8nsMH-3CmQ?YLzu6Lr-iQdB%c~ousvMR7
zyj0zRY=I@7Kh;|I<CQbGEn-7OE&?b91qa&<+yPP|HX*S+jF@?--Q1fu*W*R_6#n7G
zguW14(i&>AwyO8?Vz<r5X<(TouU~zxLrQjbZf<lid-Ex-?b~xp+zy2K8<EWlO+Zf;
zWq*Ob2gIsdvB;e&(xRdX2p3QTNi}7`*EGI<?Q63J)LRC)Uzk?v&fz_S53j?FjyPaE
zLR)A|QH#oeRA6v0ZStg9QrY;T`}c1J2&1Eh)sh-#zX(@vfR&i0n=H2nO$!PNS|P~?
zc$%wE;ouhg0|kcENMeK%*4}f9BJR9Ue{YA^OtW5|nrfNTp#o-@GXCqf{^x@O1F53D
zCu8Jv0J#JrKu_yRMTJj)JcRjCr?65dqh&BRgmC|>8Zluc6<D@1nDF?=z{udm%tHqg
zpB;znxeS+HHdUKvQ>IlUg=r2Z4zP@kX{E@)gI`X$Jnlw0s1y)aZ7t!Z;j#dJ5E(x>
zv1gR;3<$PBLP-2U-N4LX{jO_@mhIJ~&=`b7@Fs;SAG23sd)eK7@0S_$Nl8gnUWe4<
zVUrOcF!!x4df98h$#dA9vU3EU5@BRIT|+A4jgw6OGNrqylQDuuaxS%m@X)9Yq_bgu
zO1zfzj~zSa{&gZYD#UxD$7eLHC@;_K%>}8byrmZqVkf}Z+<13tr!5>i0V6w$T;Ks!
zlNwW6>4o0QrO1_&D2d2N;aLDhfvf{!WMg4;0*Jww1KI%+MG59)f0$}}Tic)Gi+KaH
z06E*)0Tof%p@n^`w&R3dd(p6()sW|~)A!_R>19&!3F@=j?yDsn((4+8gUGYHgO`&0
zHBI_uOQ){NEkE>98OjL=8ui$hZyU2WYI)3=@5X{he9(n)kCdQKg326zvb?OQ;k%Ud
z%5NyoM3k45d)}<D!cp8@WXtTc?h}>dakZ>?f3w(mXxroBJ(iEebU7E<RI>*L1$nW(
zq|8LNMo6v^@+PrL^h*E~Zm&vdwwzpAzf?xyO)t=JkO7buU_K}~Rx~WYW>nEU(YAiC
zFTUMYa~qhUqPNd3zwL9>sCJLOd?fa)?T6&4#SrU<holxsB)RtAF~xIs^29@C#v9y5
zmGj2Q1A^I8oORsm85m0JUHo>8Nht1QU>Fqj#or8%nEdhg6?;Y{j{CnbFkIiLg#Sux
zWLv?&&~sFCC4Tao!bS#$b9an#1aCcN!i#%-cQP_ce_6rs;;c*JE$%-)jXB6x$c(-5
zsq}J<@_yvj;X_u^e0#X}Dz^rH8d%BwLh^*{uM7+??-Fkp`dsMLw~H5F_4EJ4$Nl$Z
z?ELY<P&`yqi#6ld;u^*ZdFf7O3d;ZQ1u<wSBwrJ?#albnBdWab{qrX#TWLN~W5#!0
zxp)+J!=SP9FSmL6Ps)D0@+N_H+jPns>5omjh?N=i{XaL2|NLvQeqQCz+qqd&+aIvM
zXTx8w@2_9+V<rFnyQfcSPJ4EHVYSamI97Z8=i3k|GWo^lW#D!eT#l`BQRjE_{A{a%
zLqD$d%Kx}9hP@{@b)La5or^Slcjqrl{Nv*PZtef(g|)^_g~2Ue_$-%zDi@!_FTc}f
zJn#P4D2@vMy+!{0#+pQVvuK-%2Pj!aqkf~^`s>DOJf?78gAX73CgIRxlu7=7y39uk
z_oM2FtDu>tbPC1&YcJvlfAd&A7us0<@y~mrAol<6=fC}o|F}B74SwPL>3RHkH>dG`
zcyfQUtUn(Xu`^Hq^UnOA+vZH^I1FX=oac{I)A950{@Y{!>v8(G@3zK%TaFjRHFwy=
zy#Kl3SYoSLST_A{J9rgEvEuNKE7g94d7wGU{Vx2EOaC92?f?Ip|K~ffUbulh!7wNc
zp11$Hss6QC3PW!y*jxMA#d7d_EP{VyKK^n%p&*!MedK@J&p&J-=gv;CtQX&7{@ElP
z#Q{z54*$nrVn|9?IJkky&|MFu-I_wj`(bH0S4L1=yPOQ+{<Dbs+_LGNunQknr*C7U
z+_?x$ka<QM^&bF909);&Vm^dje(5>ukvYB?@&pAA5a<T`u++=F`~ggj-V!vi5KZ_i
z$DdHba<ROq+j45!(<FKT<OE_`W4rFsW;jZ~11@>5XRR3~2O_F1&YxF6y81LIrflj+
zb0*&R*iY`-Fvh>6BDh5dNHYi`<mZ9B*;yF-7E1vYr^mgQ4N%SEKKc2sOx@}D`oZ#_
zZ%h}F@373}Q9+^?K@0&$5F+BuM3jO73rSCLe?kxCt{u&6wzNRo06|gg39Wzi$_H4I
zooOY(G6gEL2bAYLf4&2uM`|+w4pR^w>976S$Jk`+kXwnw=n?`#Ks2AA7Hn+P0VYs8
z05UlQa=Jj;qQb%r0lkb242Od~XYa&~FM>VV0<=jMw|j7$CnqZ_4uKd*G8=1aWLXh$
z3xyDl>ZRNPUdCTmAdb5A=KRvoN$&<=DNGmv$AlONp9^qjV&U$tzn)v}!T6%H>@Hjv
zV|7>yFRD-hd?<Bw2ck6Sn9L>x^3l#~YAb=HQ3(;!WG&XW_&tI47H@d$?cuB`(pVL!
zd<1+bK+mMiNw5G|F+4YfSNL=DC=T8V=ROWEj0D1K@J#^5_#jXP1PgY6`43_zTrra5
zRb6KGh1&7#vU%rfcy)0{b*B+s+&QN$%QDvbUoJPPN9lCU33)u*4q0ruS5wlV6hRa~
z8VE^mV0wN7R{PxbNIvMHHreL)xpmHoES3s(&vh0>1Axoag$}skTXC87=F<VJwJS9p
z3ZhoS9bNB|mXtgdtBKaUtaVxfpPX1_N%!9z-hqi$PawZ2h~k^}Qx&N~W%yvu*tdH-
zKWF)!_Y}y=Sy>@e%D6BzFMn@N-ZtDK97Euou3W(s^TeY&G2D$_K`;KZmYa3uF9a&&
z*+gt3uv;Z@se_Li<Rl~p-8DgZvi3^VD3lr9@cMS+`XVQzLZ9=x$tC%BmEZS?%RX(c
zrVGzgSQZe?;8`w~1pE@;Iv<nRXFRYT65XqADA2+)I&HnDr}XNr#frS_{=D%?o%@>L
zw3_RSs@}l}nn&a98Ry=Ju}MEq@g+y{xGHA>g+5$9Gjm$Ac=)R0_vpxdK}UCT^RM{U
z^z_rQUH*xw{%2nzp^oDL&Mzux?Aw(BO9pzxMmY!RjHyZ62BWf4+l4*}0b!;}*ZT_c
zUf;CjSH+Ws2Nn8K#wM?JI9{PgJa%pFrhhXQ;(RcG?6Kln#vAxk``GpSWO1$Ci&80r
z$;jC1YL7dPK{8&ofeQ`EqvVAWW0UZ!^`1`ko*m3fo4C>!CEUL#e-PYz<oBU+`i7;{
zZtih1E4%oTmuD#B9~~^OXJ#(k98YO=Y3`QhW>Zf;<V`9waXf3}B1^7+t1;@l*s#n0
z_Zg4U!8!Mh_tF<`_eg~s-^@<!;@0!jnt9{r+azCE&+IavXLRX|-JJSxgiwRv*uv7)
z(ERcJF*Ln(y?PWTd~uV5{5C&F*~s_o8z|j^3!axXM;`f>zEcnWH1p}M)5ca)V@DQ9
z+C|KF?O0h}BqJ;LEY=*Kx8nspwyG~h!BkWE^+MmllJ|^FUWF9#%{#Acbj;{29eK1*
zj(dY(iE_P1<klgQ*I3i~#*!P(k@;@2`A(jl)74iEFKr0Q{2dRj+jMD@#DbE1C-;&g
zA6|K2S7zA1Bih{2;KJa-@N~dNrB+gTt+$DvG0&F(<%M)9qmjZI;}f!TjZ!49WRo^Q
z1ykaa7|-WyDHCDx=`A#JV(U+gNnM(3o337J4%qyfURtBD=0-$GP2HNiQQmX4!8@YM
z4!7zn#s9v`UtBidn;hY^`JUKphJr)|xx&-FXkqugjwfEEu8|}<J<((=!}w&jaiwWj
o!ocy%8%FYI)Cb39#+O$ldqy&T<dMjPm0(a&(m0x~c+U5~05uZ3^8f$<

literal 0
HcmV?d00001

diff --git a/windows/security/os-security/windows-security-app.md b/windows/security/os-security/windows-security-app.md
new file mode 100644
index 0000000000..4a2e241a83
--- /dev/null
+++ b/windows/security/os-security/windows-security-app.md
@@ -0,0 +1,37 @@
+---
+title: Trusted Boot
+description: Trusted Boot prevents corrupted components from loading during the boot-up process in Windows 11
+search.appverid: MET150 
+author: denisebmsft
+ms.author: deniseb
+manager: dansimp 
+audience: ITPro
+ms.topic: conceptual
+ms.date: 09/07/2021
+ms.prod: w11
+ms.localizationpriority: medium
+ms.collection: 
+ms.custom: 
+ms.reviewer: jsuther
+f1.keywords: NOCSH  
+---
+
+# Secure Boot and Trusted Boot
+
+This article describes Secure Boot and Trusted Boot, security measures built into Windows 11 to prevent malware and corrupted components from loading when a Windows 11 device is starting. Secure Boot starts with initial boot-up protection, and then Trusted Boot picks up where Secure Boot leaves off. Together, Secure Boot and Trusted Boot help to ensure your Windows 11 system boots up safely and securely.
+
+## Secure Boot
+
+The first step in protecting the operating system is to ensure that it boots securely after the initial hardware and firmware boot sequences have safely finished their early boot sequences. Secure Boot makes a safe and trusted path from the Unified Extensible Firmware Interface (UEFI) through the Windows kernel's Trusted Boot sequence. Malware attacks on the Windows boot sequence are blocked by the signature-enforcement handshakes throughout the boot sequence between the UEFI, bootloader, kernel, and application environments.
+
+As the PC begins the boot process, it will first verify that the firmware is digitally signed, reducing the risk of firmware rootkits. Secure Boot then checks all code that runs before the operating system and checks the OS bootloader’s digital signature to ensure that it is trusted by the Secure Boot policy and hasn’t been tampered with. 
+
+## Trusted Boot
+
+Trusted Boot takes over where Secure Boot leaves off. The Windows bootloader verifies the digital signature of the Windows kernel before loading it. The Windows kernel, in turn, verifies every other component of the Windows startup process, including boot drivers, startup files, and your antimalware product’s early-launch antimalware (ELAM) driver. If any of these files were tampered, the bootloader detects the problem and refuses to load the corrupted component. Tampering or malware attacks on the Windows boot sequence are blocked by the signature-enforcement handshakes between the UEFI, bootloader, kernel, and application environments.
+
+Often, Windows can automatically repair the corrupted component, restoring the integrity of Windows and allowing the Windows 11 device to start normally.
+
+## See also
+
+[Secure the Windows boot process](../information-protection/secure-the-windows-10-boot-process.md)
\ No newline at end of file

From 4d3bb7809bd6d2b2e65a9c1479f07ecdf7143f12 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 17:16:07 -0700
Subject: [PATCH 169/671] Update windows-security-app.md

---
 .../os-security/windows-security-app.md       | 25 ++++++-------------
 1 file changed, 7 insertions(+), 18 deletions(-)

diff --git a/windows/security/os-security/windows-security-app.md b/windows/security/os-security/windows-security-app.md
index 4a2e241a83..ed9e40c74b 100644
--- a/windows/security/os-security/windows-security-app.md
+++ b/windows/security/os-security/windows-security-app.md
@@ -1,6 +1,6 @@
 ---
-title: Trusted Boot
-description: Trusted Boot prevents corrupted components from loading during the boot-up process in Windows 11
+title: The Windows Security app in Windows 11
+description: Get an overview of the Windows Security app in Windows 11
 search.appverid: MET150 
 author: denisebmsft
 ms.author: deniseb
@@ -12,26 +12,15 @@ ms.prod: w11
 ms.localizationpriority: medium
 ms.collection: 
 ms.custom: 
-ms.reviewer: jsuther
+ms.reviewer: kaeladawson, bmcneil
 f1.keywords: NOCSH  
 ---
 
-# Secure Boot and Trusted Boot
+# The Windows Security app
 
-This article describes Secure Boot and Trusted Boot, security measures built into Windows 11 to prevent malware and corrupted components from loading when a Windows 11 device is starting. Secure Boot starts with initial boot-up protection, and then Trusted Boot picks up where Secure Boot leaves off. Together, Secure Boot and Trusted Boot help to ensure your Windows 11 system boots up safely and securely.
+This article provides an overview of the Windows Security app in Windows 11.
 
-## Secure Boot
+:::image type="content" source="../images/windows-security-app-w11.png" alt-text="Windows Security app in Windows 11":::
 
-The first step in protecting the operating system is to ensure that it boots securely after the initial hardware and firmware boot sequences have safely finished their early boot sequences. Secure Boot makes a safe and trusted path from the Unified Extensible Firmware Interface (UEFI) through the Windows kernel's Trusted Boot sequence. Malware attacks on the Windows boot sequence are blocked by the signature-enforcement handshakes throughout the boot sequence between the UEFI, bootloader, kernel, and application environments.
+Visibility and awareness of device security and health is key to any action taken. The Windows built-in security app provides an at-a-glance view of the security status and health of your device. These insights help you identify issues and take action to make sure you’re protected. You can quickly see the status of your virus and threat protection, firewall and network security, device security controls, and more. 
 
-As the PC begins the boot process, it will first verify that the firmware is digitally signed, reducing the risk of firmware rootkits. Secure Boot then checks all code that runs before the operating system and checks the OS bootloader’s digital signature to ensure that it is trusted by the Secure Boot policy and hasn’t been tampered with. 
-
-## Trusted Boot
-
-Trusted Boot takes over where Secure Boot leaves off. The Windows bootloader verifies the digital signature of the Windows kernel before loading it. The Windows kernel, in turn, verifies every other component of the Windows startup process, including boot drivers, startup files, and your antimalware product’s early-launch antimalware (ELAM) driver. If any of these files were tampered, the bootloader detects the problem and refuses to load the corrupted component. Tampering or malware attacks on the Windows boot sequence are blocked by the signature-enforcement handshakes between the UEFI, bootloader, kernel, and application environments.
-
-Often, Windows can automatically repair the corrupted component, restoring the integrity of Windows and allowing the Windows 11 device to start normally.
-
-## See also
-
-[Secure the Windows boot process](../information-protection/secure-the-windows-10-boot-process.md)
\ No newline at end of file

From d3f655731dc0b0efd4330198ff02b50f43d18e8f Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 17:18:25 -0700
Subject: [PATCH 170/671] Update TOC.yml

---
 windows/security/TOC.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index eb58b0f6cd..b6657d8439 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -39,8 +39,10 @@
      items:
      - name: Trusted Boot
        href: os-security/trusted-boot.md
-     - name: Secure the Windows 10 boot process
-       href: information-protection/secure-the-windows-10-boot-process.md
+     - name: Cryptography and certificate management
+       href: os-security/cryptography-certificate-mgmt.md
+     - name: Windows Security app
+       href: os-security/windows-security-app.md
    - name: Encryption and data protection
      items:
      - name: Encrypted Hard Drive

From eb5a94b43c84b24af498681d00247a197da48df9 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 17:19:28 -0700
Subject: [PATCH 171/671] Update TOC.yml

---
 windows/security/TOC.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index b6657d8439..777720a45b 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -45,6 +45,7 @@
        href: os-security/windows-security-app.md
    - name: Encryption and data protection
      items:
+     - name: Overview 
      - name: Encrypted Hard Drive
        href: information-protection/encrypted-hard-drive.md
      - name: Bitlocker 

From 400771de27f8bb1e85e70dfcdb6b5fe16971ef4b Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 17:21:02 -0700
Subject: [PATCH 172/671] Update TOC.yml

---
 windows/security/TOC.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 777720a45b..337dc58743 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -41,7 +41,7 @@
        href: os-security/trusted-boot.md
      - name: Cryptography and certificate management
        href: os-security/cryptography-certificate-mgmt.md
-     - name: Windows Security app
+     - name: Windows Security app in Windows 11
        href: os-security/windows-security-app.md
    - name: Encryption and data protection
      items:

From c4af22af36fe1d7fee6386989430caddc2667a13 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 17:31:02 -0700
Subject: [PATCH 173/671] operating system articles

---
 windows/security/operating-system.md          |  4 +--
 .../os-security/encryption-data-protection.md | 29 +++++++++++++++++++
 windows/security/os-security/trusted-boot.md  |  4 ++-
 .../os-security/windows-security-app.md       |  2 +-
 4 files changed, 34 insertions(+), 5 deletions(-)
 create mode 100644 windows/security/os-security/encryption-data-protection.md

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 584a85b7bd..e16ff2bd56 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -13,9 +13,7 @@ author: denisebmsft
 
 # Windows operating system security
 
-This article provides an overview of security measures built into Windows 11.
-
-## Operating system security
+This article provides an overview of operating system security in Windows 11.
 
 Security and privacy depend on an operating system that guards your system and information from the moment it starts up, providing fundamental chip-to-cloud protection. Windows 11 is the most secure Windows yet with extensive security measures designed to help keep you safe. These measures include built-in advanced encryption and data protection, robust network and system security, and intelligent safeguards against ever-evolving threats. 
 
diff --git a/windows/security/os-security/encryption-data-protection.md b/windows/security/os-security/encryption-data-protection.md
new file mode 100644
index 0000000000..ea4eab560f
--- /dev/null
+++ b/windows/security/os-security/encryption-data-protection.md
@@ -0,0 +1,29 @@
+---
+title: Encryption and data protection in Windows 11
+description: Get an overview encryption and data protection in Windows 11
+search.appverid: MET150 
+author: denisebmsft
+ms.author: deniseb
+manager: dansimp 
+audience: ITPro
+ms.topic: conceptual
+ms.date: 09/07/2021
+ms.prod: w11
+ms.localizationpriority: medium
+ms.collection: 
+ms.custom: 
+ms.reviewer: deepakm, rafals
+f1.keywords: NOCSH  
+---
+
+# Encryption and data protection in Windows 11
+
+This article provides a brief overview of encryption and data protection built into Windows 11.
+
+When people travel with their computers and devices, their confidential information travels with them. Wherever confidential data is stored, it must be protected against unauthorized access, whether through physical device theft or from malicious applications. Windows has a long history of providing at-rest data-protection solutions that guard against nefarious attackers, starting with the Encrypting File System (EFS) in the Windows 2000 operating system. 
+
+In Windows 11, encryption and data protection features include:
+
+- [Encrypted Hard Drive](../information-protection/encrypted-hard-drive.md)
+- [BitLocker](../information-protection/bitlocker/bitlocker-overview.md)
+
diff --git a/windows/security/os-security/trusted-boot.md b/windows/security/os-security/trusted-boot.md
index 4a2e241a83..7728813615 100644
--- a/windows/security/os-security/trusted-boot.md
+++ b/windows/security/os-security/trusted-boot.md
@@ -18,7 +18,9 @@ f1.keywords: NOCSH
 
 # Secure Boot and Trusted Boot
 
-This article describes Secure Boot and Trusted Boot, security measures built into Windows 11 to prevent malware and corrupted components from loading when a Windows 11 device is starting. Secure Boot starts with initial boot-up protection, and then Trusted Boot picks up where Secure Boot leaves off. Together, Secure Boot and Trusted Boot help to ensure your Windows 11 system boots up safely and securely.
+*This article describes Secure Boot and Trusted Boot, security measures built into Windows 11.*
+
+Secure Boot and Trusted Boot help prevent malware and corrupted components from loading when a Windows 11 device is starting. Secure Boot starts with initial boot-up protection, and then Trusted Boot picks up where Secure Boot leaves off. Together, Secure Boot and Trusted Boot help to ensure your Windows 11 system boots up safely and securely.
 
 ## Secure Boot
 
diff --git a/windows/security/os-security/windows-security-app.md b/windows/security/os-security/windows-security-app.md
index ed9e40c74b..b02306f0dc 100644
--- a/windows/security/os-security/windows-security-app.md
+++ b/windows/security/os-security/windows-security-app.md
@@ -18,7 +18,7 @@ f1.keywords: NOCSH
 
 # The Windows Security app
 
-This article provides an overview of the Windows Security app in Windows 11.
+*This article provides an overview of the Windows Security app in Windows 11.*
 
 :::image type="content" source="../images/windows-security-app-w11.png" alt-text="Windows Security app in Windows 11":::
 

From 7652f00c5d8b8d162f7d392c112b98042cce3da6 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 17:35:08 -0700
Subject: [PATCH 174/671] Update encryption-data-protection.md

---
 .../os-security/encryption-data-protection.md | 30 ++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

diff --git a/windows/security/os-security/encryption-data-protection.md b/windows/security/os-security/encryption-data-protection.md
index ea4eab560f..e0af5c0142 100644
--- a/windows/security/os-security/encryption-data-protection.md
+++ b/windows/security/os-security/encryption-data-protection.md
@@ -18,12 +18,40 @@ f1.keywords: NOCSH
 
 # Encryption and data protection in Windows 11
 
-This article provides a brief overview of encryption and data protection built into Windows 11.
+*This article provides a brief overview of encryption and data protection built into Windows 11.*
 
 When people travel with their computers and devices, their confidential information travels with them. Wherever confidential data is stored, it must be protected against unauthorized access, whether through physical device theft or from malicious applications. Windows has a long history of providing at-rest data-protection solutions that guard against nefarious attackers, starting with the Encrypting File System (EFS) in the Windows 2000 operating system. 
 
 In Windows 11, encryption and data protection features include:
 
+- Encrypted Hard Drive
+- BitLocker
+
+## Encrypted Hard Drive
+
+Encrypted Hard Drive uses the rapid encryption provided by BitLocker Drive Encryption to enhance data security and management.
+By offloading the cryptographic operations to hardware, encrypted hard drives increase BitLocker performance and reduce CPU usage and power consumption. Because encrypted hard drives encrypt data quickly, enterprise devices can expand BitLocker deployment with minimal impact on productivity.
+
+Encrypted hard drives provide:
+
+- Better performance: Encryption hardware, integrated into the drive controller, allows the drive to operate at full data rate with no performance degradation.
+- Strong security based in hardware: Encryption is always "on" and the keys for encryption never leave the hard drive. User authentication is performed by the drive before it will unlock, independently of the operating system.
+- Ease of use: Encryption is transparent to the user, and the user does not need to enable it. Encrypted hard drives are easily erased using on-board encryption key; there is no need to re-encrypt data on the drive.
+- Lower cost of ownership: There is no need for new infrastructure to manage encryption keys, since BitLocker uses your existing infrastructure to store recovery information. Your device operates more efficiently because processor cycles do not need to be used for the encryption process.
+
+Encrypted hard drives are a new class of hard drives that are self-encrypted at a hardware level and allow for full disk hardware encryption. 
+
+## BitLocker
+
+BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. 
+
+BitLocker provides encryption for the operating system, fixed data, and removable data drives, using technologies like hardware security test interface (HSTI), Modern Standby, UEFI Secure Boot, and TPM. 
+
+Windows consistently improves data protection by improving existing options and providing new strategies.
+
+
+## See also
+
 - [Encrypted Hard Drive](../information-protection/encrypted-hard-drive.md)
 - [BitLocker](../information-protection/bitlocker/bitlocker-overview.md)
 

From 8e2bd89a94fdae5ee9a8593bcc969c7b4d46487c Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 17:35:54 -0700
Subject: [PATCH 175/671] Update cryptography-certificate-mgmt.md

---
 windows/security/os-security/cryptography-certificate-mgmt.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/os-security/cryptography-certificate-mgmt.md b/windows/security/os-security/cryptography-certificate-mgmt.md
index 282fac4632..f5d63c9686 100644
--- a/windows/security/os-security/cryptography-certificate-mgmt.md
+++ b/windows/security/os-security/cryptography-certificate-mgmt.md
@@ -18,7 +18,7 @@ f1.keywords: NOCSH
 
 # Cryptography and Certificate Management
 
-This article describes cryptography and certificate management in Windows 11.
+*This article describes cryptography and certificate management in Windows 11.*
 
 ## Cryptography
 

From 1a79447f23963a9932132ddc7a1e028d8eb68b37 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 17:36:29 -0700
Subject: [PATCH 176/671] Update TOC.yml

---
 windows/security/TOC.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 337dc58743..98852424f3 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -46,6 +46,7 @@
    - name: Encryption and data protection
      items:
      - name: Overview 
+       href: encryption-data-protection.md
      - name: Encrypted Hard Drive
        href: information-protection/encrypted-hard-drive.md
      - name: Bitlocker 

From e8c5a8a2212ca57da171d49a516812f17c36853f Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 18:10:41 -0700
Subject: [PATCH 177/671] Update windows-security-app.md

---
 .../security/os-security/windows-security-app.md   | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/windows/security/os-security/windows-security-app.md b/windows/security/os-security/windows-security-app.md
index b02306f0dc..c9d1cbea97 100644
--- a/windows/security/os-security/windows-security-app.md
+++ b/windows/security/os-security/windows-security-app.md
@@ -24,3 +24,17 @@ f1.keywords: NOCSH
 
 Visibility and awareness of device security and health is key to any action taken. The Windows built-in security app provides an at-a-glance view of the security status and health of your device. These insights help you identify issues and take action to make sure you’re protected. You can quickly see the status of your virus and threat protection, firewall and network security, device security controls, and more. 
 
+The Windows Security app in Windows 11 looks a lot like what you see in Windows 10, with the addition of the new **Protection history** button and increased security features and capabilities.
+
+The following table describes the various sections of the Windows Security app.<br/><br/>
+
+| Section | Description |
+|:---|:---|
+| Virus & threat protection | Description goes here |
+| Account protection | Description goes here |
+| Firewall & network protection | Description goes here |
+| App & browser control | Description goes here |
+| Device security | Description goes here |
+| Device performance & health | Description goes here |
+| Family options | Description goes here |
+| Protection history | Description goes here |
\ No newline at end of file

From 214b98612bcbc32918cbb526307a8d7adbb78936 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 18:12:18 -0700
Subject: [PATCH 178/671] Update TOC.yml

---
 windows/security/TOC.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 98852424f3..9165264ba7 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -43,10 +43,10 @@
        href: os-security/cryptography-certificate-mgmt.md
      - name: Windows Security app in Windows 11
        href: os-security/windows-security-app.md
-   - name: Encryption and data protection
+   - name: Encryption and data protection 
+     href: os-security/encryption-data-protection.md
      items:
-     - name: Overview 
-       href: encryption-data-protection.md
+     
      - name: Encrypted Hard Drive
        href: information-protection/encrypted-hard-drive.md
      - name: Bitlocker 

From f352c6ab3e43cb11e1b190a50e880abc99473bb5 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 18:15:07 -0700
Subject: [PATCH 179/671] Update TOC.yml

---
 windows/security/TOC.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 9165264ba7..bb79e0aa9b 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -210,7 +210,11 @@
      - name: Controlled folder access
      - name: Exploit protection
      - name: Microsoft Defender for Endpoint
-- name: Application protection
+- name: Application security
+  items:
+- name: Secured identity
+  items:
+- name: Cloud services
   items:
 - name: User protection
   items:

From 98ee58a1db3e93067737b8caa451109cd8b86e9f Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 18:19:13 -0700
Subject: [PATCH 180/671] Update index.yml

---
 windows/security/index.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index e59fa8c210..873666b38f 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -11,7 +11,7 @@ metadata:
   ms.collection: m365-security-compliance
   author: dansimp #Required; your GitHub user alias, with correct capitalization.
   ms.author: dansimp #Required; microsoft alias of author; optional team alias.
-  ms.date: 09/01/2021
+  ms.date: 09/07/2021
   localization_priority: Priority
     
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
@@ -38,13 +38,13 @@ landingContent:
       - linkListType: overview
         links:
         - text: Overview of operating system security
-          url: /windows/security/information-protection/index.md
+          url: operating-system.md
       - linkListType: concept
         links:
         - text: System security
-          url: /windows/security/information-protection/secure-the-windows-10-boot-process.md
+          url: os-security/trusted-boot.md
         - text: Encryption and data protection
-          url: /windows/security/information-protection/encrypted-hard-drive.md
+          url: os-security/encryption-data-protection.md
         - text: Network security
           url: /windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
 # Cards and links should be based on top customer tasks or top subjects

From 7ad9e9098631945d052681a1e91902c1ce873123 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 18:22:17 -0700
Subject: [PATCH 181/671] Update index.yml

---
 windows/security/index.yml | 32 ++++++++++++++++++++++----------
 1 file changed, 22 insertions(+), 10 deletions(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 873666b38f..320651ac37 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -47,25 +47,37 @@ landingContent:
           url: os-security/encryption-data-protection.md
         - text: Network security
           url: /windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
+        - text: Network security
+        - text: Virus & threat protection
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)
-  - title: Threat protection
-    linkLists:
-      - linkListType: overview
-        links:
-        - text: Security baselines (more to follow)
-          url: /windows/security/threat-protection/windows-security-baselines.md
-# Cards and links should be based on top customer tasks or top subjects
-# Start card title with a verb
-  # Card (optional)
-  - title: Application protection
+  - title: Application security
     linkLists:
       - linkListType: overview
         links:
         - text: article (change link later, add more)
           url: /windows/security/threat-protection/windows-security-baselines.md
 # Cards and links should be based on top customer tasks or top subjects
+# Start card title with a verb
+  # Card (optional)
+  - title: Secured identity
+    linkLists:
+      - linkListType: overview
+        links:
+        - text: article (change link later, add more)
+          url: /windows/security/threat-protection/windows-security-baselines.md
+# Cards and links should be based on top customer tasks or top subjects
+# Start card title with a verb
+  # Card (optional)
+  - title: Cloud services
+    linkLists:
+      - linkListType: overview
+        links:
+        - text: article (change link later, add more)
+          url: /windows/security/threat-protection/windows-security-baselines.md
+
+# Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)
   - title: User protection

From 856adceb6508bef347176b6849d79dc2c4fcc27f Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 7 Sep 2021 18:43:57 -0700
Subject: [PATCH 182/671] cards

---
 windows/security/index.yml           | 2 ++
 windows/security/operating-system.md | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 320651ac37..6e0ba8210f 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -48,7 +48,9 @@ landingContent:
         - text: Network security
           url: /windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
         - text: Network security
+          url: operating-system.md
         - text: Virus & threat protection
+          url: operating-system.md
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)
diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index e16ff2bd56..e3bb60f6e1 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -21,7 +21,7 @@ Use the links in the following table to learn more about the operating system se
 
 | Security Measures | Features & Capabilities |
 |:---|:---|
-| System security | [Trusted Boot](os-security/trusted-boot.md) (includes Secure Boot and Measured Boot) <br/>[Cryptography and certificate management](os-security/cryptography-certificate-mgmt.md) <br/>Windows Security app |
+| System security | [Trusted Boot](os-security/trusted-boot.md) (includes Secure Boot and Measured Boot) <br/>[Cryptography and certificate management](os-security/cryptography-certificate-mgmt.md) <br/>[Windows Security app](os-security/windows-security-app.md) |
 | Encryption and data protection | BitLocker<br/>Encryption |
 | Network security | Virtual Private Networks (VPNs)<br/>Windows Defender Firewall<br/>Bluetooth<br/>DSN security<br/>Windows Wi-Fi<br/>Transport Layer Security (TLS) |
 | Protection from viruses and threats | Microsoft Defender Antivirus<br/>Attack surface reduction<br/>Tamper protection<br/>Network protection<br/>Controlled folder access<br/>Exploit protection<br/>Additional protection with Microsoft Defender for Endpoint |

From 333b6ced9ceafc9b59786999fd2e2b03c2e3db3b Mon Sep 17 00:00:00 2001
From: Alekhya Jupudi <v-aljupudi@microsoft.com>
Date: Wed, 8 Sep 2021 10:52:08 +0530
Subject: [PATCH 183/671] Fixes

---
 .../credential-guard-known-issues.md                 | 12 ++++++------
 .../credential-guard-not-protected-scenarios.md      |  2 +-
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
index 22da9b6b43..208a4b22a1 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
@@ -70,26 +70,26 @@ The following known issues have been fixed by servicing releases made available
 
 The following issue affects the Java GSS API. See the following Oracle bug database article: 
 
-- [JDK-8161921: Windows 10 or Windows 11 Windows Defender Credential Guard does not allow sharing of TGT with Java](http://bugs.java.com/bugdatabase/view_bug.do?bug_id=8161921)
+- [JDK-8161921: Windows Defender Credential Guard does not allow sharing of TGT with Java](http://bugs.java.com/bugdatabase/view_bug.do?bug_id=8161921)
 
 When Windows Defender Credential Guard is enabled on Windows, the Java GSS API will not authenticate. This is expected behavior because Windows Defender Credential Guard blocks specific application authentication capabilities and will not provide the TGT session key to applications regardless of registry key settings. For further information see [Application requirements](/windows/access-protection/credential-guard/credential-guard-requirements#application-requirements).
 
 The following issue affects Cisco AnyConnect Secure Mobility Client:
 
-- [Blue screen on Windows 10 and Windows 11 computers running Hypervisor-Protected Code Integrity and Windows Defender Credential Guard with Cisco Anyconnect 4.3.04027](https://quickview.cloudapps.cisco.com/quickview/bug/CSCvc66692) \*
+- [Blue screen on Windows computers running Hypervisor-Protected Code Integrity and Windows Defender Credential Guard with Cisco Anyconnect 4.3.04027](https://quickview.cloudapps.cisco.com/quickview/bug/CSCvc66692) \*
 
 *Registration required to access this article. 
 
 The following issue affects McAfee Application and Change Control (MACC):
-- [KB88869 Windows 10 and Windows 11 machines exhibit high CPU usage with McAfee Application and Change Control (MACC) installed when Windows Defender Credential Guard is enabled](https://kc.mcafee.com/corporate/index?page=content&id=KB88869) <sup>[1]</sup>
+- [KB88869 Windows machines exhibit high CPU usage with McAfee Application and Change Control (MACC) installed when Windows Defender Credential Guard is enabled](https://kc.mcafee.com/corporate/index?page=content&id=KB88869) <sup>[1]</sup>
    
 
 The following issue affects AppSense Environment Manager.
   For further information, see the following Knowledge Base article:
-- [Installing AppSense Environment Manager on Windows 10 and Windows 11 machines causes LSAISO.exe to exhibit high CPU usage when Windows Defender Credential Guard is enabled](http://www.appsense.com/kb/160525073917945) <sup>[1]</sup> \**
+- [Installing AppSense Environment Manager on Windows machines causes LSAISO.exe to exhibit high CPU usage when Windows Defender Credential Guard is enabled](http://www.appsense.com/kb/160525073917945) <sup>[1]</sup> \**
 
 The following issue affects Citrix applications:
-- Windows 10 and Windows 11 machines exhibit high CPU usage with Citrix applications installed when Windows Defender Credential Guard is enabled. <sup>[1]</sup>
+- Windows machines exhibit high CPU usage with Citrix applications installed when Windows Defender Credential Guard is enabled. <sup>[1]</sup>
 
 <sup>[1]</sup> Products that connect to Virtualization Based Security (VBS) protected processes can cause Windows Defender Credential Guard-enabled Windows 10, Windows 11, Windows Server 2016 or Windows Server 2019 machines to exhibit high CPU usage. For technical and troubleshooting information, see the following Microsoft Knowledge Base article:
 
@@ -121,7 +121,7 @@ Windows Defender Credential Guard is not supported by either these products, pro
   [ThinkPad support for Hypervisor-Protected Code Integrity and Windows Defender Credential Guard in Microsoft Windows – ThinkPad](https://support.lenovo.com/in/en/solutions/ht503039)
 
 - For Windows Defender Credential Guard on Windows with Symantec Endpoint Protection
-  [Windows 10 and Windows 11 with Windows Defender Credential Guard and Symantec Endpoint Protection 12.1](https://www.symantec.com/connect/forums/windows-10-device-guard-credentials-guard-and-sep-121)
+  [Windows devices with Windows Defender Credential Guard and Symantec Endpoint Protection 12.1](https://www.symantec.com/connect/forums/windows-10-device-guard-credentials-guard-and-sep-121)
 
   This is not a comprehensive list. Check whether your product vendor, product version, or computer system, supports Windows Defender Credential Guard on systems that run Windows or specific versions of Windows. Specific computer system models may be incompatible with Windows Defender Credential Guard. 
 
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md b/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md
index 323cb6d686..30f8dbe57c 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md
@@ -1,5 +1,5 @@
 ---
-title: Windows Defender Credential Guard protection limits & mitigations (Windows
+title: Windows Defender Credential Guard protection limits & mitigations (Windows)
 description: Scenarios not protected by Windows Defender Credential Guard in Windows, and additional mitigations you can use.
 ms.prod: w10
 ms.mktglfcycl: explore

From 10c89c2930e50cd9cf288ace3d2d038392a35cc5 Mon Sep 17 00:00:00 2001
From: Meghana Athavale <v-mathavale@microsoft.com>
Date: Wed, 8 Sep 2021 11:38:28 +0530
Subject: [PATCH 184/671] Updated 41 to 60

---
 .../windows-firewall/create-an-inbound-port-rule.md |  7 ++++---
 .../create-an-inbound-program-or-service-rule.md    |  7 ++++---
 .../create-an-outbound-port-rule.md                 |  7 ++++---
 .../create-an-outbound-program-or-service-rule.md   |  7 ++++---
 .../create-inbound-rules-to-support-rpc.md          |  7 ++++---
 .../create-windows-firewall-rules-in-intune.md      |  8 +++++---
 .../create-wmi-filters-for-the-gpo.md               | 13 +++++++------
 ...dows-firewall-with-advanced-security-strategy.md |  7 ++++---
 ...determining-the-trusted-state-of-your-devices.md |  7 ++++---
 .../windows-firewall/documenting-the-zones.md       |  7 ++++---
 .../domain-isolation-policy-design-example.md       |  7 ++++---
 .../domain-isolation-policy-design.md               |  7 ++++---
 .../enable-predefined-inbound-rules.md              |  7 ++++---
 .../enable-predefined-outbound-rules.md             |  7 ++++---
 .../windows-firewall/encryption-zone-gpos.md        |  7 ++++---
 .../windows-firewall/encryption-zone.md             |  7 ++++---
 ...rewall-with-advanced-security-design-examples.md |  7 ++++---
 .../exempt-icmp-from-authentication.md              |  7 ++++---
 .../windows-firewall/exemption-list.md              |  7 ++++---
 .../windows-firewall/firewall-gpos.md               |  7 ++++---
 20 files changed, 84 insertions(+), 63 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md b/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md
index 05df6a67cc..452b942ae5 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md
@@ -1,5 +1,5 @@
 ---
-title: Create an Inbound Port Rule (Windows 10)
+title: Create an Inbound Port Rule (Windows)
 description: Learn to allow traffic on specific ports by using the Group Policy Management MMC snap-in to create rules in Windows Defender Firewall with Advanced Security.
 ms.assetid: a7b6c6ca-32fa-46a9-a5df-a4e43147da9f
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 To allow inbound network traffic on only a specified TCP or UDP port number, use the Windows Defender Firewall 
 with Advanced Security node in the Group Policy Management MMC snap-in to create firewall rules. This type of rule allows any program that listens on a specified TCP or UDP port to receive network traffic sent to that port.
diff --git a/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md b/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md
index bd01350eee..c3db4fccfa 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md
@@ -1,5 +1,5 @@
 ---
-title: Create an Inbound Program or Service Rule (Windows 10)
+title: Create an Inbound Program or Service Rule (Windows)
 description: Learn how to allow inbound traffic to a program or service by using the Group Policy Management MMC snap-in to create firewall rules.
 ms.assetid: 00b7fa60-7c64-4ba5-ba95-c542052834cf
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 To allow inbound network traffic to a specified program or service, use the Windows Defender Firewall with Advanced Securitynode in the Group Policy Management MMC snap-in to create firewall rules. This type of rule allows the program to listen and receive inbound network traffic on any port.
 
diff --git a/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md b/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md
index a463162a4d..ebce547b94 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md
@@ -1,5 +1,5 @@
 ---
-title: Create an Outbound Port Rule (Windows 10)
+title: Create an Outbound Port Rule (Windows)
 description: Learn to block outbound traffic on a port by using the Group Policy Management MMC snap-in to create rules in Windows Defender Firewall with Advanced Security.
 ms.assetid: 59062b91-756b-42ea-8f2a-832f05d77ddf
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 By default, Windows Defender Firewall allows all outbound network traffic unless it matches a rule that prohibits the traffic. To block outbound network traffic on a specified TCP or UDP port number, use the Windows Defender Firewall with Advanced Security node in the Group Policy Management console to create firewall rules. This type of rule blocks any outbound network traffic that matches the specified TCP or UDP port numbers.
 
diff --git a/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md b/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md
index fe0b68eb1d..d3c40f879a 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md
@@ -1,5 +1,5 @@
 ---
-title: Create an Outbound Program or Service Rule (Windows 10)
+title: Create an Outbound Program or Service Rule (Windows)
 description: Use the Windows Defender Firewall with Advanced Security node in the Group Policy Management console to create firewall rules.
 ms.assetid: f71db4fb-0228-4df2-a95d-b9c056aa9311
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 By default, Windows Defender Firewall allows all outbound network traffic unless it matches a rule that prohibits the traffic. To block outbound network traffic for a specified program or service, use the Windows Defender Firewall with Advanced Security node in the Group Policy Management console to create firewall rules. This type of rule prevents the program from sending any outbound network traffic on any port.
 
diff --git a/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md b/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md
index 59cb4d71cb..07e8a14728 100644
--- a/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md
+++ b/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md
@@ -1,5 +1,5 @@
 ---
-title: Create Inbound Rules to Support RPC (Windows 10)
+title: Create Inbound Rules to Support RPC (Windows)
 description: Learn how to allow RPC network traffic by using the Group Policy Management MMC snap-in to create rules in Windows Defender Firewall with Advanced Security.
 ms.assetid: 0b001c2c-12c1-4a30-bb99-0c034d7e6150
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 To allow inbound remote procedure call (RPC) network traffic, use the Windows Defender Firewall with Advanced Security node in the Group Policy Management console to create two firewall rules. The first rule allows incoming network packets on TCP port 135 to the RPC Endpoint Mapper service. The incoming traffic consists of requests to communicate with a specified network service. The RPC Endpoint Mapper replies with a dynamically-assigned port number that the client must use to communicate with the service. The second rule allows the network traffic that is sent to the dynamically-assigned port number. Using the two rules configured as described in this topic helps to protect your device by allowing network traffic only from devices that have received RPC dynamic port redirection and to only those TCP port numbers assigned by the RPC Endpoint Mapper.
 
diff --git a/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md b/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md
index 479b2e67af..587339f4f2 100644
--- a/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md
+++ b/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md
@@ -1,5 +1,5 @@
 ---
-title: Create Windows Firewall rules in Intune (Windows 10)
+title: Create Windows Firewall rules in Intune (Windows)
 description: Learn how to use Intune to create rules in Windows Defender Firewall with Advanced Security. Start by creating a profile in Device Configuration in Intune.
 ms.assetid: 47057d90-b053-48a3-b881-4f2458d3e431
 ms.reviewer: 
@@ -21,12 +21,14 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
+-   Windows 11
+-   Windows Server 2016 and above
 
 >[!IMPORTANT]
 >This information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 To get started, open Device Configuration in Intune, then create a new profile. 
-Choose Windows 10 as the platform, and Endpoint Protection as the profile type. 
+Choose Windows 10 or Windows 11 as the platform, and Endpoint Protection as the profile type. 
 Select Windows Defender Firewall.
 ![Windows Defender Firewall in Intune.](images/windows-firewall-intune.png)
 
@@ -35,7 +37,7 @@ Select Windows Defender Firewall.
 
 ## Firewall rule components
 
-The firewall rule configurations in Intune use the Windows 10 CSP for Firewall. For more information, see [Firewall CSP](/windows/client-management/mdm/firewall-csp).
+The firewall rule configurations in Intune use the Windows CSP for Firewall. For more information, see [Firewall CSP](/windows/client-management/mdm/firewall-csp).
 
 ## Application
 Control connections for an app or program. 
diff --git a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md b/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md
index 78d50e3732..725f75af51 100644
--- a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md
+++ b/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md
@@ -1,5 +1,5 @@
 ---
-title: Create WMI Filters for the GPO (Windows 10)
+title: Create WMI Filters for the GPO (Windows)
 description: Learn how to use WMI filters on a GPO to make sure that each GPO for a group can only be applied to devices running the correct version of Windows.
 ms.assetid: b1a6d93d-a3c8-4e61-a388-4a3323f0e74e
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/16/2021
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 To make sure that each GPO associated with a group can only be applied to devices running the correct version of Windows, use the Group Policy Management MMC snap-in to create and assign WMI filters to the GPO. Although you can create a separate membership group for each GPO, you would then have to manage the memberships of the different groups. Instead, use only a single membership group, and let WMI filters automatically ensure the correct GPO is applied to each device.
 
@@ -58,13 +59,13 @@ First, create the WMI filter and configure it to look for a specified version (o
     select * from Win32_OperatingSystem where Version like "6.%"
     ```
 
-    This query will return **true** for devices running at least Windows Vista and Windows Server 2008. To set a filter for just Windows 8 and Windows Server 2012, use "6.2%". For Windows 10 and Windows Server 2016, use "10.%". To specify multiple versions, combine them with or, as shown in the following:
+    This query will return **true** for devices running at least Windows Vista and Windows Server 2008. To set a filter for just Windows 8 and Windows Server 2012, use "6.2%". For Windows 11, Windows 10, and Windows Server 2016, use "10.%". To specify multiple versions, combine them with or, as shown in the following:
 
     ``` syntax
     ... where Version like "6.1%" or Version like "6.2%"
     ```
 
-    To restrict the query to only clients or only servers, add a clause that includes the ProductType parameter. To filter for client operating systems only, such as Windows 8 or Windows 7, use only ProductType="1". For server operating systems that are not domain controllers and for Windows 10 multi-session, use ProductType="3". For domain controllers only, use ProductType="2". This is a useful distinction, because you often want to prevent your GPOs from being applied to the domain controllers on your network.
+    To restrict the query to only clients or only servers, add a clause that includes the ProductType parameter. To filter for client operating systems only, such as Windows 8 or Windows 7, use only ProductType="1". For server operating systems that are not domain controllers and for Windows 10 and Windows 11 multi-session, use ProductType="3". For domain controllers only, use ProductType="2". This is a useful distinction, because you often want to prevent your GPOs from being applied to the domain controllers on your network.
 
     The following clause returns **true** for all devices that are not domain controllers:
 
@@ -72,7 +73,7 @@ First, create the WMI filter and configure it to look for a specified version (o
     ... where ProductType="1" or ProductType="3"
     ```
 
-    The following complete query returns **true** for all devices running Windows 10, and returns **false** for any server operating system or any other client operating system.
+    The following complete query returns **true** for all devices running Windows 10 and Windows 11, and returns **false** for any server operating system or any other client operating system.
 
     ``` syntax
     select * from Win32_OperatingSystem where Version like "10.%" and ProductType="1"
diff --git a/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md b/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md
index 68a9281a43..52f4ad1566 100644
--- a/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md
+++ b/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md
@@ -1,5 +1,5 @@
 ---
-title: Designing a Windows Defender Firewall Strategy (Windows 10)
+title: Designing a Windows Defender Firewall Strategy (Windows)
 description: Answer the question in this article to design an effective Windows Defender Firewall with Advanced Security Strategy.
 ms.assetid: 6d98b184-33d6-43a5-9418-4f24905cfd71
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 To select the most effective design for helping to protect the network, you must spend time collecting key information about your current computer environment. You must have a good understanding of what tasks the devices on the network perform, and how they use the network to accomplish those tasks. You must understand the network traffic generated by the programs running on the devices.
 
diff --git a/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md b/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md
index 89fca32581..fe567b13bf 100644
--- a/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md
+++ b/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md
@@ -1,5 +1,5 @@
 ---
-title: Determining the Trusted State of Your Devices (Windows 10)
+title: Determining the Trusted State of Your Devices (Windows)
 description: Learn how to define the trusted state of devices in your enterprise to help design your strategy for using Windows Defender Firewall with Advanced Security.
 ms.assetid: 3e77f0d0-43aa-47dd-8518-41ccdab2f2b2
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 After obtaining information about the devices that are currently part of the IT infrastructure, you must determine at what point a device is considered trusted. The term *trusted* can mean different things to different people. Therefore, you must communicate a firm definition for it to all stakeholders in the project. Failure to do this can lead to problems with the security of the trusted environment, because the overall security cannot exceed the level of security set by the least secure client that achieves trusted status.
 
diff --git a/windows/security/threat-protection/windows-firewall/documenting-the-zones.md b/windows/security/threat-protection/windows-firewall/documenting-the-zones.md
index e8f37ee452..990d2c4fec 100644
--- a/windows/security/threat-protection/windows-firewall/documenting-the-zones.md
+++ b/windows/security/threat-protection/windows-firewall/documenting-the-zones.md
@@ -1,5 +1,5 @@
 ---
-title: Documenting the Zones (Windows 10)
+title: Documenting the Zones (Windows)
 description: Learn how to document the zone placement of devices in your design for Windows Defender Firewall with Advanced Security.
 ms.assetid: ebd7a650-4d36-42d4-aac0-428617f5a32d
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 Generally, the task of determining zone membership is not complex, but it can be time-consuming. Use the information generated during the [Designing a Windows Defender Firewall with Advanced Security Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md) section of this guide to determine the zone in which to put each host. You can document this zone placement by adding a Group column to the inventory table shown in the Designing a Windows Defender Firewall with Advanced Security Strategy section. A sample is shown here:
 
diff --git a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md
index 8f27c49ab5..dffc684c37 100644
--- a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md
+++ b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md
@@ -1,5 +1,5 @@
 ---
-title: Domain Isolation Policy Design Example (Windows 10)
+title: Domain Isolation Policy Design Example (Windows)
 description: This example uses a fictitious company to illustrate domain isolation policy design in Windows Defender Firewall with Advanced Security.
 ms.assetid: 704dcf58-286f-41aa-80af-c81720aa7fc5
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 This design example continues to use the fictitious company Woodgrove Bank, and builds on the example described in the [Firewall Policy Design Example](firewall-policy-design-example.md) section. See that example for an explanation of the basic corporate network infrastructure at Woodgrove Bank with diagrams.
 
diff --git a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md
index 659827d1c6..6d6e93c035 100644
--- a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md
@@ -1,5 +1,5 @@
 ---
-title: Domain Isolation Policy Design (Windows 10)
+title: Domain Isolation Policy Design (Windows)
 description: Learn how to design a domain isolation policy, based on which devices accept only connections from authenticated members of the same isolated domain.
 ms.assetid: 7475084e-f231-473a-9357-5e1d39861d66
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 In the domain isolation policy design, you configure the devices on your network to accept only connections coming from devices that are authenticated as members of the same isolated domain.
 
diff --git a/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md b/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md
index 0a1b0212b6..e8cd903c18 100644
--- a/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md
+++ b/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md
@@ -1,5 +1,5 @@
 ---
-title: Enable Predefined Inbound Rules (Windows 10)
+title: Enable Predefined Inbound Rules (Windows)
 description: Learn the rules for Windows Defender Firewall with Advanced Security for common networking roles and functions.
 ms.assetid: a4fff086-ae81-4c09-b828-18c6c9a937a7
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 Windows Defender Firewall with Advanced Security includes many predefined rules for common networking roles and functions. When you install a new server role on a device or enable a network feature on a client device, the installer typically enables the rules required for that role instead of creating new ones. When deploying firewall rules to the devices on the network, you can take advantage of these predefined rules instead of creating new ones. Doing this helps to ensure consistency and accuracy, because the rules have been thoroughly tested and are ready for use.
 
diff --git a/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md b/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md
index 28e4f8649e..8a3aa2796f 100644
--- a/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md
+++ b/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md
@@ -1,5 +1,5 @@
 ---
-title: Enable Predefined Outbound Rules (Windows 10)
+title: Enable Predefined Outbound Rules (Windows)
 description: Learn to deploy predefined firewall rules that block outbound network traffic for common network functions in Windows Defender Firewall with Advanced Security.
 ms.assetid: 71cc4157-a1ed-41d9-91e4-b3140c67c1be
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 By default, Windows Defender Firewall with Advanced Security allows all outbound network traffic unless it matches a rule that prohibits the traffic. Windows Defender Firewall includes many predefined outbound rules that can be used to block network traffic for common networking roles and functions. When you install a new server role on a computer or enable a network feature on a client computer, the installer can install, but typically does not enable, outbound block rules for that role. When deploying firewall rules to the computers on the network, you can take advantage of these predefined rules instead of creating new ones. Doing this helps to ensure consistency and accuracy, because the rules have been thoroughly tested and are ready for use.
 
diff --git a/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md b/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md
index 9dc32a7f67..c57c92edcd 100644
--- a/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md
+++ b/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md
@@ -1,5 +1,5 @@
 ---
-title: Encryption Zone GPOs (Windows 10)
+title: Encryption Zone GPOs (Windows)
 description: Learn how to add a device to an encryption zone by adding the device account to the encryption zone group in Windows Defender Firewall with Advanced Security.
 ms.assetid: eeb973dd-83a5-4381-9af9-65c43c98c29b
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 Handle encryption zones in a similar manner to the boundary zones. A device is added to an encryption zone by adding the device account to the encryption zone group. Woodgrove Bank has a single service that must be protected, and the devices that are running that service are added to the group CG\_DOMISO\_Encryption. This group is granted Read and Apply Group Policy permissions in on the GPO described in this section.
 
diff --git a/windows/security/threat-protection/windows-firewall/encryption-zone.md b/windows/security/threat-protection/windows-firewall/encryption-zone.md
index 3fba99acba..31176e0204 100644
--- a/windows/security/threat-protection/windows-firewall/encryption-zone.md
+++ b/windows/security/threat-protection/windows-firewall/encryption-zone.md
@@ -1,5 +1,5 @@
 ---
-title: Encryption Zone (Windows 10)
+title: Encryption Zone (Windows)
 description: Learn how to create an encryption zone to contain devices that host very sensitive data and require that the sensitive network traffic be encrypted.
 ms.assetid: 55a025ce-357f-4d1b-b2ae-6ee32c9abe13
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 Some servers in the organization host data that's very sensitive, including medical, financial, or other personal data. Government or industry regulations might require that this sensitive information must be encrypted when it is transferred between devices.
 
diff --git a/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md b/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md
index 2f7a20377f..4aea9e2010 100644
--- a/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md
+++ b/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md
@@ -1,5 +1,5 @@
 ---
-title: Evaluating Windows Defender Firewall with Advanced Security Design Examples (Windows 10)
+title: Evaluating Windows Defender Firewall with Advanced Security Design Examples (Windows)
 description: Evaluating Windows Defender Firewall with Advanced Security Design Examples
 ms.assetid: a591389b-18fa-4a39-ba07-b6fb61961cbd
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 The following Windows Defender Firewall with Advanced Security design examples illustrate how you can use Windows Defender Firewall to improve the security of the devices connected to the network. You can use these topics to evaluate how the firewall and connection security rules work across all Windows Defender Firewall designs and to determine which design or combination of designs best suits the goals of your organization.
 
diff --git a/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md b/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md
index 38c6fd67c7..2dfe9fd103 100644
--- a/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md
+++ b/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md
@@ -1,5 +1,5 @@
 ---
-title: Exempt ICMP from Authentication (Windows 10)
+title: Exempt ICMP from Authentication (Windows)
 description: Learn how to add exemptions for any network traffic that uses the ICMP protocol in Windows Defender Firewall with Advanced Security.
 ms.assetid: c086c715-8d0c-4eb5-9ea7-2f7635a55548
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 This procedure shows you how to add exemptions for any network traffic that uses the ICMP protocol.
 
diff --git a/windows/security/threat-protection/windows-firewall/exemption-list.md b/windows/security/threat-protection/windows-firewall/exemption-list.md
index b923df309c..e4569e0cf8 100644
--- a/windows/security/threat-protection/windows-firewall/exemption-list.md
+++ b/windows/security/threat-protection/windows-firewall/exemption-list.md
@@ -1,5 +1,5 @@
 ---
-title: Exemption List (Windows 10)
+title: Exemption List (Windows)
 description: Learn about reasons to add devices to an exemption list in Windows Defender Firewall with Advanced Security and the trade-offs of having too many exemptions.
 ms.assetid: a05e65b4-b48d-44b1-a7f1-3a8ea9c19ed8
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 When you implement a server and domain isolation security model in your organization, you are likely to find some additional challenges. Key infrastructure servers such as DNS servers and DHCP servers typically must be available to all devices on the internal network, yet secured from network attacks. However, if they must remain available to all devices on the network, not just to isolated domain members, then these servers cannot require IPsec for inbound access, nor can they use IPsec transport mode for outbound traffic.
 
diff --git a/windows/security/threat-protection/windows-firewall/firewall-gpos.md b/windows/security/threat-protection/windows-firewall/firewall-gpos.md
index faa8a0d788..8482ee05ce 100644
--- a/windows/security/threat-protection/windows-firewall/firewall-gpos.md
+++ b/windows/security/threat-protection/windows-firewall/firewall-gpos.md
@@ -1,5 +1,5 @@
 ---
-title: Firewall GPOs (Windows 10)
+title: Firewall GPOs (Windows)
 description: In this example, a Group Policy Object is linked to the domain container because the domain controllers are not part of the isolated domain.
 ms.assetid: 720645fb-a01f-491e-8d05-c9c6d5e28033
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 All the devices on Woodgrove Bank's network that run Windows are part of the isolated domain, except domain controllers. To configure firewall rules, the GPO described in this section is linked to the domain container in the Active Directory OU hierarchy, and then filtered by using security group filters and WMI filters.
 

From 886fe03c61ebde904f41f554cdb74d008fce8295 Mon Sep 17 00:00:00 2001
From: Ashok Lobo <v-ashoklobo@microsoft.com>
Date: Wed, 8 Sep 2021 12:37:47 +0530
Subject: [PATCH 185/671] Updated for - 5358843-files201to225

---
 windows/security/threat-protection/auditing/event-4905.md | 6 +-----
 windows/security/threat-protection/auditing/event-4906.md | 6 +-----
 windows/security/threat-protection/auditing/event-4907.md | 6 +-----
 windows/security/threat-protection/auditing/event-4908.md | 6 +-----
 windows/security/threat-protection/auditing/event-4909.md | 6 +-----
 windows/security/threat-protection/auditing/event-4910.md | 6 +-----
 windows/security/threat-protection/auditing/event-4911.md | 6 +-----
 windows/security/threat-protection/auditing/event-4912.md | 6 +-----
 windows/security/threat-protection/auditing/event-4913.md | 6 +-----
 windows/security/threat-protection/auditing/event-4928.md | 6 +-----
 windows/security/threat-protection/auditing/event-4929.md | 6 +-----
 windows/security/threat-protection/auditing/event-4930.md | 6 +-----
 windows/security/threat-protection/auditing/event-4931.md | 6 +-----
 windows/security/threat-protection/auditing/event-4932.md | 6 +-----
 windows/security/threat-protection/auditing/event-4933.md | 6 +-----
 windows/security/threat-protection/auditing/event-4934.md | 6 +-----
 windows/security/threat-protection/auditing/event-4935.md | 6 +-----
 windows/security/threat-protection/auditing/event-4936.md | 6 +-----
 windows/security/threat-protection/auditing/event-4937.md | 6 +-----
 windows/security/threat-protection/auditing/event-4944.md | 6 +-----
 windows/security/threat-protection/auditing/event-4945.md | 6 +-----
 windows/security/threat-protection/auditing/event-4946.md | 6 +-----
 windows/security/threat-protection/auditing/event-4947.md | 6 +-----
 windows/security/threat-protection/auditing/event-4948.md | 6 +-----
 windows/security/threat-protection/auditing/event-4949.md | 6 +-----
 25 files changed, 25 insertions(+), 125 deletions(-)

diff --git a/windows/security/threat-protection/auditing/event-4905.md b/windows/security/threat-protection/auditing/event-4905.md
index 65338f9f64..2bc2194af3 100644
--- a/windows/security/threat-protection/auditing/event-4905.md
+++ b/windows/security/threat-protection/auditing/event-4905.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4905(S): An attempt was made to unregister a security event source.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4905.png" alt="Event 4905 illustration" width="449" height="458" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4906.md b/windows/security/threat-protection/auditing/event-4906.md
index 49269c1eb3..5f8556c594 100644
--- a/windows/security/threat-protection/auditing/event-4906.md
+++ b/windows/security/threat-protection/auditing/event-4906.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4906(S): The CrashOnAuditFail value has changed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4906.png" alt="Event 4906 illustration" width="449" height="317" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4907.md b/windows/security/threat-protection/auditing/event-4907.md
index e8f78c11b1..54960760dd 100644
--- a/windows/security/threat-protection/auditing/event-4907.md
+++ b/windows/security/threat-protection/auditing/event-4907.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4907(S): Auditing settings on object were changed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4907.png" alt="Event 4907 illustration" width="643" height="542" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4908.md b/windows/security/threat-protection/auditing/event-4908.md
index 3a12a949e0..4b00b7dc48 100644
--- a/windows/security/threat-protection/auditing/event-4908.md
+++ b/windows/security/threat-protection/auditing/event-4908.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4908(S): Special Groups Logon table modified.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4908.png" alt="Event 4908 illustration" width="449" height="361" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4909.md b/windows/security/threat-protection/auditing/event-4909.md
index 9c3b067418..77f5ddd123 100644
--- a/windows/security/threat-protection/auditing/event-4909.md
+++ b/windows/security/threat-protection/auditing/event-4909.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4909(-): The local policy settings for the TBS were changed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Currently this event doesn’t generate. It is a defined event, but it is never invoked by the operating system.
 
diff --git a/windows/security/threat-protection/auditing/event-4910.md b/windows/security/threat-protection/auditing/event-4910.md
index 948c3a6dab..0c3e27cbcd 100644
--- a/windows/security/threat-protection/auditing/event-4910.md
+++ b/windows/security/threat-protection/auditing/event-4910.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4910(-): The group policy settings for the TBS were changed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Currently this event doesn’t generate. It is a defined event, but it is never invoked by the operating system.
 
diff --git a/windows/security/threat-protection/auditing/event-4911.md b/windows/security/threat-protection/auditing/event-4911.md
index cf47c889e0..34506e27c7 100644
--- a/windows/security/threat-protection/auditing/event-4911.md
+++ b/windows/security/threat-protection/auditing/event-4911.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4911(S): Resource attributes of the object were changed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4911.png" alt="Event 4911 illustration" width="545" height="541" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4912.md b/windows/security/threat-protection/auditing/event-4912.md
index e4bc6d9d43..cd13c3c6ed 100644
--- a/windows/security/threat-protection/auditing/event-4912.md
+++ b/windows/security/threat-protection/auditing/event-4912.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4912(S): Per User Audit Policy was changed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4912.png" alt="Event 4912 illustration" width="471" height="478" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4913.md b/windows/security/threat-protection/auditing/event-4913.md
index 51ff7291cb..88f5b9912c 100644
--- a/windows/security/threat-protection/auditing/event-4913.md
+++ b/windows/security/threat-protection/auditing/event-4913.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4913(S): Central Access Policy on the object was changed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4913.png" alt="Event 4913 illustration" width="648" height="557" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4928.md b/windows/security/threat-protection/auditing/event-4928.md
index 166bc42cf3..c771de77c7 100644
--- a/windows/security/threat-protection/auditing/event-4928.md
+++ b/windows/security/threat-protection/auditing/event-4928.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4928(S, F): An Active Directory replica source naming context was established.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4928.png" alt="Event 4928 illustration" width="449" height="419" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4929.md b/windows/security/threat-protection/auditing/event-4929.md
index ab04f9ab17..8befaf8042 100644
--- a/windows/security/threat-protection/auditing/event-4929.md
+++ b/windows/security/threat-protection/auditing/event-4929.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4929(S, F): An Active Directory replica source naming context was removed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4929.png" alt="Event 4929 illustration" width="500" height="374" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4930.md b/windows/security/threat-protection/auditing/event-4930.md
index 3897b1bd01..9b7133cbec 100644
--- a/windows/security/threat-protection/auditing/event-4930.md
+++ b/windows/security/threat-protection/auditing/event-4930.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4930(S, F): An Active Directory replica source naming context was modified.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4930.png" alt="Event 4930 illustration" width="448" height="333" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4931.md b/windows/security/threat-protection/auditing/event-4931.md
index dfb00ceb91..9be2c0b308 100644
--- a/windows/security/threat-protection/auditing/event-4931.md
+++ b/windows/security/threat-protection/auditing/event-4931.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4931(S, F): An Active Directory replica destination naming context was modified.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4931.png" alt="Event 4931 illustration" width="500" height="374" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4932.md b/windows/security/threat-protection/auditing/event-4932.md
index 13f42ce386..2fe1488145 100644
--- a/windows/security/threat-protection/auditing/event-4932.md
+++ b/windows/security/threat-protection/auditing/event-4932.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4932(S): Synchronization of a replica of an Active Directory naming context has begun.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4932.png" alt="Event 4932 illustration" width="774" height="363" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4933.md b/windows/security/threat-protection/auditing/event-4933.md
index b4f0784a45..763c17876e 100644
--- a/windows/security/threat-protection/auditing/event-4933.md
+++ b/windows/security/threat-protection/auditing/event-4933.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4933(S, F): Synchronization of a replica of an Active Directory naming context has ended.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4933.png" alt="Event 4933 illustration" width="773" height="377" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4934.md b/windows/security/threat-protection/auditing/event-4934.md
index ffc4b9b4a3..edfe9bb645 100644
--- a/windows/security/threat-protection/auditing/event-4934.md
+++ b/windows/security/threat-protection/auditing/event-4934.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4934(S): Attributes of an Active Directory object were replicated.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event generates when attributes of an Active Directory object were replicated.
 
diff --git a/windows/security/threat-protection/auditing/event-4935.md b/windows/security/threat-protection/auditing/event-4935.md
index f2910784e6..6473cffbe6 100644
--- a/windows/security/threat-protection/auditing/event-4935.md
+++ b/windows/security/threat-protection/auditing/event-4935.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4935(F): Replication failure begins.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4935.png" alt="Event 4935 illustration" width="448" height="312" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4936.md b/windows/security/threat-protection/auditing/event-4936.md
index 3f808bf11d..e87cf4d53e 100644
--- a/windows/security/threat-protection/auditing/event-4936.md
+++ b/windows/security/threat-protection/auditing/event-4936.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4936(S): Replication failure ends.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event generates when Active Directory replication failure ends.
 
diff --git a/windows/security/threat-protection/auditing/event-4937.md b/windows/security/threat-protection/auditing/event-4937.md
index 2775be1c5d..6c1f85f0a7 100644
--- a/windows/security/threat-protection/auditing/event-4937.md
+++ b/windows/security/threat-protection/auditing/event-4937.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4937(S): A lingering object was removed from a replica.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event generates when a [lingering object](https://support.microsoft.com/kb/910205) was removed from a replica.
 
diff --git a/windows/security/threat-protection/auditing/event-4944.md b/windows/security/threat-protection/auditing/event-4944.md
index 3821d18e1b..046a35e163 100644
--- a/windows/security/threat-protection/auditing/event-4944.md
+++ b/windows/security/threat-protection/auditing/event-4944.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4944(S): The following policy was active when the Windows Firewall started.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4944.png" alt="Event 4944 illustration" width="449" height="391" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4945.md b/windows/security/threat-protection/auditing/event-4945.md
index da8105bffc..c76d313b14 100644
--- a/windows/security/threat-protection/auditing/event-4945.md
+++ b/windows/security/threat-protection/auditing/event-4945.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4945(S): A rule was listed when the Windows Firewall started.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4945.png" alt="Event 4945 illustration" width="449" height="354" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4946.md b/windows/security/threat-protection/auditing/event-4946.md
index 30ae25fd28..4279a425ff 100644
--- a/windows/security/threat-protection/auditing/event-4946.md
+++ b/windows/security/threat-protection/auditing/event-4946.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4946(S): A change has been made to Windows Firewall exception list. A rule was added.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4946.png" alt="Event 4946 illustration" width="449" height="350" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4947.md b/windows/security/threat-protection/auditing/event-4947.md
index b38eef6371..48613fd427 100644
--- a/windows/security/threat-protection/auditing/event-4947.md
+++ b/windows/security/threat-protection/auditing/event-4947.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4947(S): A change has been made to Windows Firewall exception list. A rule was modified.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4947.png" alt="Event 4947 illustration" width="449" height="361" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4948.md b/windows/security/threat-protection/auditing/event-4948.md
index 5f92a37c6a..6d0290f772 100644
--- a/windows/security/threat-protection/auditing/event-4948.md
+++ b/windows/security/threat-protection/auditing/event-4948.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4948(S): A change has been made to Windows Firewall exception list. A rule was deleted.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4948.png" alt="Event 4948 illustration" width="449" height="361" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4949.md b/windows/security/threat-protection/auditing/event-4949.md
index e304844bc8..50b400ce2d 100644
--- a/windows/security/threat-protection/auditing/event-4949.md
+++ b/windows/security/threat-protection/auditing/event-4949.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4949(S): Windows Firewall settings were restored to the default values.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4949.png" alt="Event 4949 illustration" width="449" height="317" hspace="10" align="left" />
 

From fd273e19ad6450e3836e2a35599f6a203937273b Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Wed, 8 Sep 2021 13:37:19 +0530
Subject: [PATCH 186/671] Updated

---
 .../mdm/policies-in-policy-csp-admx-backed.md |   2 +
 .../policy-configuration-service-provider.md  |  10 +
 .../mdm/policy-csp-admx-admpwd.md             | 125 +++++++++++
 .../mdm/policy-csp-admx-dcom.md               | 212 ++++++++++++++++++
 windows/client-management/mdm/toc.yml         |   2 +
 5 files changed, 351 insertions(+)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-admpwd.md
 create mode 100644 windows/client-management/mdm/policy-csp-admx-dcom.md

diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 6c81fd4df2..dc030851a1 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -121,6 +121,8 @@ ms.date: 10/08/2020
 - [ADMX_CtrlAltDel/DisableTaskMgr](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disabletaskmgr)
 - [ADMX_CtrlAltDel/NoLogoff](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-nologoff)
 - [ADMX_DataCollection/CommercialIdPolicy](./policy-csp-admx-datacollection.md#admx-datacollection-commercialidpolicy)
+- [ADMX_DCOM/DCOMActivationSecurityCheckAllowLocalList](./policy-csp-admx-dcom-dcomactivationsecuritycheckallowlocallist)
+- [ADMX_DCOM/DCOMActivationSecurityCheckExemptionList](./policy-csp-admx-dcom-dcomactivationsecuritycheckexemptionlist)
 - [ADMX_Desktop/AD_EnableFilter](./policy-csp-admx-desktop.md#admx-desktop-ad-enablefilter)
 - [ADMX_Desktop/AD_HideDirectoryFolder](./policy-csp-admx-desktop.md#admx-desktop-ad-hidedirectoryfolder)
 - [ADMX_Desktop/AD_QueryLimit](./policy-csp-admx-desktop.md#admx-desktop-ad-querylimit)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index a03f3f09f7..c9104ce9b1 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -555,6 +555,16 @@ The following diagram shows the Policy configuration service provider in tree fo
   </dd>
 </dl>
 
+### ADMX_DCOM policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-admx-dcom.md#admx-dcom-dcomactivationsecuritycheckallowlocallist" id="admx-dcom-dcomactivationsecuritycheckallowlocallist">ADMX_DCOM/DCOMActivationSecurityCheckAllowLocalList</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-dcom.md#admx-dcom-dcomactivationsecuritycheckexemptionlist" id="admx-dcom-dcomactivationsecuritycheckexemptionlist">ADMX_DCOM/DCOMActivationSecurityCheckExemptionList</a>
+  </dd>
+</dl>
 ### ADMX_Desktop policies  
 
 <dl>
diff --git a/windows/client-management/mdm/policy-csp-admx-admpwd.md b/windows/client-management/mdm/policy-csp-admx-admpwd.md
new file mode 100644
index 0000000000..e67627501c
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-admpwd.md
@@ -0,0 +1,125 @@
+---
+title: Policy CSP - ADMX_AdmPwd
+description: Policy CSP - ADMX_AdmPwd
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 08/09/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_AdmPwd
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_AdmPwd policies  
+
+<dl>
+  <dd>
+    <a href="#admx-admpwd-pol_admpwd_dontallowpwdexpirationbehindpolicy">ADMX_AdmPwd/POL_AdmPwd_DontAllowPwdExpirationBehindPolicy</a>
+  </dd>
+  <dd>
+    <a href="#admx-admpwd-pol_admpwd_enabled">ADMX_AdmPwd/POL_AdmPwd_Enabled</a>
+  </dd>
+  <dd>
+    <a href="#admx-admpwd-pol_admpwd_adminname">ADMX_AdmPwd/POL_AdmPwd_AdminName</a>
+  </dd>
+    <dd>
+    <a href="#admx-admpwd-pol_admpwd">ADMX_AdmPwd/POL_AdmPwd</a>
+  </dd
+</dl>
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-admpwd-pol_admpwd_dontallowpwdexpirationbehindpolicy"></a>**ADMX_AdmPwd/POL_AdmPwd_DontAllowPwdExpirationBehindPolicy**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting controls the installation of ActiveX controls for sites in Trusted zone.
+
+If you enable this policy setting, ActiveX controls are installed according to the settings defined by this policy setting.
+
+If you disable or do not configure this policy setting, ActiveX controls prompt the user before installation. 
+
+If the trusted site uses the HTTPS protocol, this policy setting can also control how ActiveX Installer Service responds to certificate errors. By default all HTTPS connections must supply a server certificate that passes all validation criteria. If you are aware that a trusted site has a certificate error but you want to trust it anyway you can select the certificate errors that you want to ignore.
+
+> [!NOTE]
+> This policy setting applies to all sites in Trusted zones.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP Friendly name: *Establish ActiveX installation policy for sites in Trusted zones*
+-   GP name: *AxISURLZonePolicies*
+-   GP path: *Windows Components\ActiveX Installer Service*
+-   GP ADMX file name: *ActiveXInstallService.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+> [!NOTE]
+> These policies are currently only available as part of a Windows Insider release.
+
+<!--/Policies-->
+
diff --git a/windows/client-management/mdm/policy-csp-admx-dcom.md b/windows/client-management/mdm/policy-csp-admx-dcom.md
new file mode 100644
index 0000000000..a7729ee3a4
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-dcom.md
@@ -0,0 +1,212 @@
+---
+title: Policy CSP - ADMX_DCOM
+description: Policy CSP - ADMX_DCOM
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/08/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_DCOM
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_DCOM policies  
+
+<dl>
+  <dd>
+    <a href="#admx-dcom-dcomactivationsecuritycheckallowlocallist">ADMX_DCOM/DCOMActivationSecurityCheckAllowLocalList</a>
+  </dd>
+  <dd>
+    <a href="#admx-dcom-dcomactivationsecuritycheckexemptionlist">ADMX_DCOM/DCOMActivationSecurityCheckExemptionList</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-dcom-dcomactivationsecuritycheckallowlocallist"></a>**ADMX_DCOM/DCOMActivationSecurityCheckAllowLocalList**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting allows you to specify that local computer administrators can supplement the "Define Activation Security Check exemptions" list.
+  
+- If you enable this policy setting, and DCOM does not find an explicit entry for a DCOM server application ID (appid) in the "Define Activation Security Check exemptions" policy (if enabled). Then DCOM will look for an entry in the locally configured list.
+
+- If you disable this policy setting, DCOM will not look in the locally configured DCOM activation security check exemption list.  
+If you do not configure this policy setting, DCOM will only look in the locally configured exemption list if the "Define Activation Security Check exemptions" policy is not configured.
+
+> [!NOTE]
+> This policy setting applies to all sites in Trusted zones.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP Friendly name: *Allow local activation security check exemptions*
+-   GP name: *DCOMActivationSecurityCheckAllowLocalList*
+-   GP path: *Windows Components\AppCompat!AllowLocalActivationSecurityCheckExemptionList*
+-   GP ADMX file name: *DCOM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-dcom-dcomactivationsecuritycheckexemptionlist"></a>**ADMX_DCOM/DCOMActivationSecurityCheckExemptionList**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting allows you to view and change a list of DCOM server application IDs (appids), which are exempted from the DCOM Activation security check.  
+DCOM uses two such lists, one configured via Group Policy through this policy setting, and the other via the actions of local computer administrators.  
+DCOM ignores the second list when this policy setting is configured, unless the "Allow local activation security check exemptions" policy is enabled. 
+DCOM server application IDs added to this policy must be listed in curly brace format.
+
+For example, `{b5dcb061-cefb-42e0-a1be-e6a6438133fe}`.
+If you enter a non-existent or improperly formatted application ID DCOM will add it to the list without checking for errors.  
+- If you enable this policy setting, you can view and change the list of DCOM activation security check exemptions defined by Group Policy settings. 
+
+If you add an application ID to this list and set its value to 1, DCOM will not enforce the Activation security check for that DCOM server.   
+If you add an application ID to this list and set its value to 0 DCOM will always enforce the Activation security check for that DCOM server regardless of local 
+settings.  
+- If you disable this policy setting, the application ID exemption list defined by Group Policy is deleted, and the one defined by local computer administrators is used.  
+
+If you do not configure this policy setting, the application ID exemption list defined by local computer administrators is used.  Notes:  The DCOM Activation security check is done after a DCOM server process is started, but before an object activation request is dispatched to the server process.   
+This access check is done against the DCOM server's custom launch permission security descriptor if it exists, or otherwise against the configured defaults.  If the DCOM server's custom launch permission contains explicit DENY entries this may mean that object activations that would have previously succeeded for such specified users, once the DCOM server process was up and running, might now fail instead.  
+
+The proper action in this situation is to reconfigure the DCOM server's custom launch permission settings for correct security settings, but this policy setting may be used in the short-term as an application compatibility deployment aid.  
+DCOM servers added to this exemption list are only exempted if their custom launch permissions do not contain specific LocalLaunch, RemoteLaunch, LocalActivate, or RemoteActivate grant or deny entries for any users or groups.  
+
+> [!NOTE]
+> Exemptions for DCOM Server Application IDs added to this list will apply to both 32-bit and 64-bit versions of the server if present.
+> 
+> [!NOTE]
+> This policy setting applies to all sites in Trusted zones.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP Friendly name: *Allow local activation security check exemptions*
+-   GP name: *DCOMActivationSecurityCheckExemptionList*
+-   GP path: *Windows Components\AppCompat!ListBox_Support_ActivationSecurityCheckExemptionList*
+-   GP ADMX file name: *DCOM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+> [!NOTE]
+> These policies are currently only available as part of a Windows Insider release.
+
+<!--/Policies-->
+
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index 1d385366fb..2059ba23b0 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -439,6 +439,8 @@ items:
               href: policy-csp-admx-ctrlaltdel.md
             - name: ADMX_DataCollection
               href: policy-csp-admx-datacollection.md
+            - name: ADMX_DCOM
+              href: policy-csp-admx-dcom.md
             - name: ADMX_Desktop
               href: policy-csp-admx-desktop.md
             - name: ADMX_DeviceInstallation

From 81e900e93d74da11793a280db26f9bff7043b332 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Wed, 8 Sep 2021 14:41:26 +0530
Subject: [PATCH 187/671] Updated

---
 .../mdm/policies-in-policy-csp-admx-backed.md |   2 +
 .../policy-configuration-service-provider.md  |   5 +-
 .../mdm/policy-csp-admx-devicecompat.md       | 175 ++++++++++++++++++
 3 files changed, 180 insertions(+), 2 deletions(-)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-devicecompat.md

diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index dc030851a1..048284cd5f 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -152,6 +152,8 @@ ms.date: 10/08/2020
 - [ADMX_Desktop/sz_DB_DragDropClose](./policy-csp-admx-desktop.md#admx-desktop-sz-db-dragdropclose)
 - [ADMX_Desktop/sz_DB_Moving](./policy-csp-admx-desktop.md#admx-desktop-sz-db-moving)
 - [ADMX_Desktop/sz_DWP_NoHTMLPaper](./policy-csp-admx-desktop.md#admx-desktop-sz-dwp-nohtmlpaper)
+- [ADMX_DeviceCompat/DeviceFlags](./policy-csp-admx-devicecompat.md#admx-devicecompat-deviceflags)
+- [ADMX_DeviceCompat/DriverShims](./policy-csp-admx-devicecompat.md#admx-devicecompat-drivershims)
 - [ADMX_DeviceInstallation/DeviceInstall_AllowAdminInstall](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-allowadmininstall)
 - [ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_DetailText](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-deniedpolicy-detailtext)
 - [ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_SimpleText](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-deniedpolicy-simpletext)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index c9104ce9b1..bfc4d24d58 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -565,7 +565,8 @@ The following diagram shows the Policy configuration service provider in tree fo
     <a href="./policy-csp-admx-dcom.md#admx-dcom-dcomactivationsecuritycheckexemptionlist" id="admx-dcom-dcomactivationsecuritycheckexemptionlist">ADMX_DCOM/DCOMActivationSecurityCheckExemptionList</a>
   </dd>
 </dl>
-### ADMX_Desktop policies  
+
+### ADMX_Desktop policies
 
 <dl>
   <dd>
@@ -656,7 +657,7 @@ The following diagram shows the Policy configuration service provider in tree fo
     <a href="./policy-csp-admx-desktop.md#admx-desktop-sz-dwp-nohtmlpaper" id="admx-desktop-sz-dwp-nohtmlpaper">ADMX_Desktop/sz_DWP_NoHTMLPaper</a>
   </dd>
 </dl>
-
+                                                                                                              
 ### ADMX_DeviceInstallation policies  
 
 <dl>
diff --git a/windows/client-management/mdm/policy-csp-admx-devicecompat.md b/windows/client-management/mdm/policy-csp-admx-devicecompat.md
new file mode 100644
index 0000000000..f53dd522fc
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-devicecompat.md
@@ -0,0 +1,175 @@
+---
+title: Policy CSP - ADMX_DeviceCompat
+description: Policy CSP - ADMX_DeviceCompat
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 08/09/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_DeviceCompat
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_DeviceCompat policies  
+
+<dl>
+  <dd>
+    <a href="#admx-devicecompat-deviceflags">ADMX_DeviceCompat/DeviceFlags</a>
+  </dd>
+  <dd>
+    <a href="#admx-devicecompat-drivershims">ADMX_DeviceCompat/DriverShims</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-devicecompat-deviceflags"></a>**ADMX_DeviceCompat/DeviceFlags**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Changes behavior of Microsoft bus drivers to work with specific devices.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP Friendly name: *Device compatibility settings*
+-   GP name: *DeviceFlags*
+-   GP path: *Windows Components\Device and Driver Compatibility*
+-   GP ADMX file name: *DeviceCompat.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-devicecompat-drivershims"></a>**ADMX_DeviceCompat/DriverShims**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Changes behavior of third-party drivers to work around incompatibilities introduced between OS versions.		
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP Friendly name: *Driver compatibility settings*
+-   GP name: *DriverShims*
+-   GP path: *Windows Components\Device and Driver Compatibility*
+-   GP ADMX file name: *DeviceCompat.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<!--/Policies-->
\ No newline at end of file

From 871eacc1653bd07c6c8e10cfaeaa99e0ec828a9b Mon Sep 17 00:00:00 2001
From: Meghana Athavale <v-mathavale@microsoft.com>
Date: Wed, 8 Sep 2021 14:43:44 +0530
Subject: [PATCH 188/671] Updating 61 to 80

---
 .../windows-firewall/firewall-policy-design-example.md |  9 +++++----
 ...formation-about-your-active-directory-deployment.md |  7 ++++---
 ...mation-about-your-current-network-infrastructure.md |  7 ++++---
 .../gathering-information-about-your-devices.md        |  7 ++++---
 .../gathering-other-relevant-information.md            |  7 ++++---
 .../gathering-the-information-you-need.md              |  7 ++++---
 .../windows-firewall/gpo-domiso-boundary.md            |  7 ++++---
 .../windows-firewall/gpo-domiso-encryption.md          |  4 ++--
 .../windows-firewall/gpo-domiso-firewall.md            |  7 ++++---
 .../gpo-domiso-isolateddomain-clients.md               |  7 ++++---
 .../gpo-domiso-isolateddomain-servers.md               |  7 ++++---
 ...firewall-with-advanced-security-deployment-goals.md |  9 +++++----
 ...dows-firewall-with-advanced-security-design-plan.md |  7 ++++---
 .../windows-firewall/isolated-domain-gpos.md           |  7 ++++---
 .../windows-firewall/isolated-domain.md                | 10 +++++-----
 .../windows-firewall/isolating-apps-on-your-network.md |  9 +++++----
 .../windows-firewall/link-the-gpo-to-the-domain.md     |  7 ++++---
 ...a-windows-firewall-with-advanced-security-design.md |  7 ++++---
 ...-apply-to-a-different-zone-or-version-of-windows.md |  7 ++++---
 ...olicy-management-console-to-ip-security-policies.md |  7 ++++---
 20 files changed, 82 insertions(+), 64 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md b/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md
index 5a6acfea96..85ce84a2a9 100644
--- a/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md
+++ b/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md
@@ -1,5 +1,5 @@
 ---
-title: Basic Firewall Policy Design Example (Windows 10)
+title: Basic Firewall Policy Design Example (Windows)
 description: This example features a fictitious company and illustrates firewall policy design for Windows Defender Firewall with Advanced Security.
 ms.assetid: 0dc3bcfe-7a4d-4a15-93a9-64b13bd775a7
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 In this example, the fictitious company Woodgrove Bank is a financial services institution.
 
@@ -67,7 +68,7 @@ Other traffic notes:
 
 Woodgrove Bank uses Active Directory groups and Group Policy Objects to deploy the firewall settings and rules to the devices on their network. They know that they must deploy policies to the following collections of devices:
 
--   Client devices that run Windows 10, Windows 8, or Windows 7
+-   Client devices that run Windows 11, Windows 10, Windows 8, or Windows 7
 
 -   WGBank front-end servers that run Windows Server 2016, Windows Server 2012 R2, Windows Server 2012 or Windows Server 2008 R2 (there are none in place yet, but their solution must support adding them)
 
diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md
index 35ed36b193..07fea715ef 100644
--- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md
+++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md
@@ -1,5 +1,5 @@
 ---
-title: Gathering Information about Your Active Directory Deployment (Windows 10)
+title: Gathering Information about Your Active Directory Deployment (Windows)
 description: Learn about gathering Active Directory information, including domain layout, organizational unit architecture, and site topology, for your firewall deployment.
 ms.assetid: b591b85b-12ac-4329-a47e-bc1b03e66eb0
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 Active Directory is another important item about which you must gather information. You must understand the forest structure. This includes domain layout, organizational unit (OU) architecture, and site topology. This information makes it possible to know where devices are currently placed, their configuration, and the impact of changes to Active Directory that result from implementing Windows Defender Firewall with Advanced Security. Review the following list for information needed:
 
diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md
index 97aed509bc..08f2987678 100644
--- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md
+++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md
@@ -1,5 +1,5 @@
 ---
-title: Gathering Info about Your Network Infrastructure (Windows 10)
+title: Gathering Info about Your Network Infrastructure (Windows)
 description: Learn how to gather info about your network infrastructure so that you can effectively plan for Windows Defender Firewall with Advanced Security deployment.
 ms.assetid: f98d2b17-e71d-4ffc-b076-118b4d4782f9
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 Perhaps the most important aspect of planning for Windows Defender Firewall with Advanced Security deployment is the network architecture, because IPsec is layered on the Internet Protocol itself. An incomplete or inaccurate understanding of the network can prevent any Windows Defender Firewall solution from being successful. Understanding subnet layout, IP addressing schemes, and traffic patterns are part of this effort, but accurately documenting the following components are important to completing the planning phase of this project:
 
diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md
index 1e9b7fee54..c5f34e8ce7 100644
--- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md
+++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md
@@ -1,5 +1,5 @@
 ---
-title: Gathering Information about Your Devices (Windows 10)
+title: Gathering Information about Your Devices (Windows)
 description: Learn what information to gather about the devices in your enterprise to plan your Windows Defender Firewall with Advanced Security deployment.
 ms.assetid: 7f7cd3b9-de8e-4fbf-89c6-3d1a47bc2beb
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 One of the most valuable benefits of conducting an asset discovery project is the large amount of data that is obtained about the client and server devices on the network. When you start designing and planning your isolation zones, you must make decisions that require accurate information about the state of all hosts to ensure that they can use IPsec as planned.
 
diff --git a/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md b/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md
index e75e426e2c..a34c386f5c 100644
--- a/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md
+++ b/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md
@@ -1,5 +1,5 @@
 ---
-title: Gathering Other Relevant Information (Windows 10)
+title: Gathering Other Relevant Information (Windows)
 description: Learn about additional information you may need to gather to deploy Windows Defender Firewall with Advanced Security policies in your organization.
 ms.assetid: 87ccca07-4346-496b-876d-cdde57d0ce17
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 This topic discusses several other things that you should examine to see whether they will cause any complications in your ability to deploy Windows Defender Firewall with Advanced Security policies in your organization.
 
diff --git a/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md b/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md
index fbdf23f73f..aad5e33e18 100644
--- a/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md
+++ b/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md
@@ -1,5 +1,5 @@
 ---
-title: Gathering the Information You Need (Windows 10)
+title: Gathering the Information You Need (Windows)
 description: Collect and analyze information about your network, directory services, and devices to prepare for Windows Defender Firewall with Advanced Security deployment.
 ms.assetid: 545fef02-5725-4b1e-b67a-a32d94c27d15
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 Before starting the planning process for a Windows Defender Firewall with Advanced Security deployment, you must collect and analyze up-to-date information about the network, the directory services, and the devices that are already deployed in the organization. This information enables you to create a design that accounts for all possible elements of the existing infrastructure. If the gathered information is not accurate, problems can occur when devices and devices that were not considered during the planning phase are encountered during implementation.
 
diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md
index 4ea713f793..3eb3e0fb2b 100644
--- a/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md
+++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md
@@ -1,5 +1,5 @@
 ---
-title: GPO\_DOMISO\_Boundary (Windows 10)
+title: GPO\_DOMISO\_Boundary (Windows)
 description: This example GPO supports devices that are not part of the isolated domain to access specific servers that must be available to those untrusted devices.
 ms.assetid: ead3a510-c329-4c2a-9ad2-46a3b4975cfd
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 This GPO is authored by using the Windows Defender Firewall with Advanced Security interface in the Group Policy editing tools. Woodgrove Bank began by copying and pasting the GPO for the Windows Server 2008 version of the isolated domain GPO, and then renamed the copy to reflect its new purpose.
 
diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md
index 7c81975bea..bf33747880 100644
--- a/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md
+++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md
@@ -1,5 +1,5 @@
 ---
-title: GPO\_DOMISO\_Encryption\_WS2008 (Windows 10)
+title: GPO\_DOMISO\_Encryption\_WS2008 (Windows)
 description: This example GPO supports the ability for servers that contain sensitive data to require encryption for all connection requests.
 ms.assetid: 84375480-af6a-4c79-aafe-0a37115a7446
 ms.reviewer: 
@@ -14,7 +14,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-ms.date: 08/17/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md
index 7799c8484f..f625255685 100644
--- a/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md
+++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md
@@ -1,5 +1,5 @@
 ---
-title: GPO\_DOMISO\_Firewall (Windows 10)
+title: GPO\_DOMISO\_Firewall (Windows)
 description: Learn about the settings and rules in this example GPO, which is authored by using the Group Policy editing tools.
 ms.assetid: 318467d2-5698-4c5d-8000-7f56f5314c42
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 This GPO is authored by using the Windows Defender Firewall 
 with Advanced Security interface in the Group Policy editing tools. The User Configuration section of the GPO is disabled. It is intended to only apply to devices that are running at least Windows 7 or Windows Server 2008.
diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md
index c5c16902b2..ce42bb0dd3 100644
--- a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md
+++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md
@@ -1,5 +1,5 @@
 ---
-title: GPO\_DOMISO\_IsolatedDomain\_Clients (Windows 10)
+title: GPO\_DOMISO\_IsolatedDomain\_Clients (Windows)
 description: Author this GPO by using the Windows Defender Firewall with Advanced Security interface in the Group Policy editing tools.
 ms.assetid: 73cd9e25-f2f1-4ef6-b0d1-d36209518cd9
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 This GPO is authored by using the Windows Defender Firewall with Advanced Security interface in the Group Policy editing tools. The User Configuration section of the GPO is disabled. It is intended to only apply to client devices that are running Windows 8, Windows 7, or Windows Vista.
 
diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md
index a7e5651251..ca3da60412 100644
--- a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md
+++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md
@@ -1,5 +1,5 @@
 ---
-title: GPO\_DOMISO\_IsolatedDomain\_Servers (Windows 10)
+title: GPO\_DOMISO\_IsolatedDomain\_Servers (Windows)
 description: Author this GPO by using the Windows Defender Firewall with Advanced Security interface in the Group Policy editing tools.
 ms.assetid: 33aed8f3-fdc3-4f96-985c-e9d2720015d3
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 This GPO is authored by using the Windows Defender Firewall interface in the Group Policy editing tools. The User Configuration section of the GPO is disabled. It is intended to only apply to server devices that are running at least Windows Server 2008.
 
diff --git a/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md b/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
index 738e348ccd..a3648e301a 100644
--- a/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
+++ b/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
@@ -1,5 +1,5 @@
 ---
-title: Identify implementation goals for Windows Defender Firewall with Advanced Security Deployment (Windows 10)
+title: Identify implementation goals for Windows Defender Firewall with Advanced Security Deployment (Windows)
 description: Identifying Your Windows Defender Firewall with Advanced Security (WFAS) implementation goals
 ms.assetid: 598cf45e-2e1c-4947-970f-361dfa264bba
 ms.reviewer: 
@@ -14,14 +14,15 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
 # Identifying Windows Defender Firewall with Advanced Security implementation goals 
 **Applies to**
--   Windows 10
--   Windows Server 2016
+-   Windows 10
+-   Windows 11
+-   Windows Server 2016 and above
 
 Correctly identifying your Windows Defender Firewall with Advanced Security implementation goals is essential for the success of your Windows Defender Firewall design project. Form a project team that can clearly articulate deployment issues in a vision statement. When you write your vision statement, identify, clarify, and refine your implementation goals. Prioritize and, if possible, combine your implementation goals so that you can design and deploy Windows Defender Firewall by using an iterative approach. You can take advantage of the predefined Windows Defender Firewall implementation goals presented in this guide that are relevant to your scenarios.
 
diff --git a/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md b/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md
index 265019f489..adb0db7bd9 100644
--- a/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md
+++ b/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md
@@ -1,5 +1,5 @@
 ---
-title: Implementing Your Windows Defender Firewall with Advanced Security Design Plan (Windows 10)
+title: Implementing Your Windows Defender Firewall with Advanced Security Design Plan (Windows)
 description: Implementing Your Windows Defender Firewall with Advanced Security Design Plan
 ms.assetid: 15f609d5-5e4e-4a71-9eff-493a2e3e40f9
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 The following are important factors in the implementation of your Windows Defender Firewall design plan:
 
diff --git a/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md b/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md
index 878839f37f..72632250e3 100644
--- a/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md
+++ b/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md
@@ -1,5 +1,5 @@
 ---
-title: Isolated Domain GPOs (Windows 10)
+title: Isolated Domain GPOs (Windows)
 description: Learn about GPOs for isolated domains in this example configuration of Windows Defender Firewall with Advanced Security.
 ms.assetid: e254ce4a-18c6-4868-8179-4078d9de215f
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 All of the devices in the isolated domain are added to the group CG\_DOMISO\_IsolatedDomain. You must create multiple GPOs to align with this group, one for each Windows operating system that must have different rules or settings to implement the basic isolated domain functionality that you have in your isolated domain. This group is granted Read and Apply Group Policy permissions on all the GPOs described in this section.
 
diff --git a/windows/security/threat-protection/windows-firewall/isolated-domain.md b/windows/security/threat-protection/windows-firewall/isolated-domain.md
index b9656fd06d..037bf1f77b 100644
--- a/windows/security/threat-protection/windows-firewall/isolated-domain.md
+++ b/windows/security/threat-protection/windows-firewall/isolated-domain.md
@@ -1,5 +1,5 @@
 ---
-title: Isolated Domain (Windows 10)
+title: Isolated Domain (Windows)
 description: Learn about the isolated domain, which is the primary zone for trusted devices, which use connection security and firewall rules to control communication.
 ms.assetid: d6fa8d67-0078-49f6-9bcc-db1f24816c5e
 ms.reviewer: 
@@ -14,16 +14,16 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
 # Isolated Domain
 
 **Applies to:**
-- Windows 10
-- Windows Server 2016
-- Windows Server 2019
+-   Windows 10
+-   Windows 11
+-   Windows Server 2016 and above
 
 The isolated domain is the primary zone for trusted devices. The devices in this zone use connection security and firewall rules to control the communications that can be sent between devices in the zone.
 
diff --git a/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md b/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md
index bfd7f19f0a..6e2fcee3e3 100644
--- a/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md
+++ b/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md
@@ -1,5 +1,5 @@
 ---
-title: Isolating Microsoft Store Apps on Your Network (Windows 10)
+title: Isolating Microsoft Store Apps on Your Network (Windows)
 description: Learn how to customize your firewall configuration to isolate the network access of the new Microsoft Store apps that run on devices added to your network.
 ms.prod: m365-security
 ms.mktglfcycl: deploy
@@ -11,7 +11,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 10/13/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 ms.author: dansimp
 ms.technology: mde
@@ -21,7 +21,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 When you add new devices to your network, you may want to customize your Windows Defender Firewall with Advanced Security configuration to isolate the network access of the new Microsoft Store apps that run on them. Developers who build Microsoft Store apps can declare certain app capabilities that enable different classes of network access. A developer can decide what kind of network access the app requires and configure this capability for the app. When the app is installed on a device, appropriate firewall rules are automatically created to enable access. You can then customize the firewall configuration to further fine-tune this access if they desire more control over the network access for the app.
 
@@ -65,7 +66,7 @@ To isolate Microsoft Store apps on your network, you need to use Group Policy to
 
 -   The Remote Server Administration Tools (RSAT) are installed on your client device. When you perform the following steps from your client device, you can select your Microsoft Store app when you create Windows Defender Firewall rules.
 
-    >**Note:**  You can install the RSAT on your device running Windows 10 from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520).
+    >**Note:**  You can install the RSAT on your device running Windows from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520).
 
      
 ## Step 1: Define your network
diff --git a/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md b/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md
index 7759669531..c50865a29b 100644
--- a/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md
+++ b/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md
@@ -1,5 +1,5 @@
 ---
-title: Link the GPO to the Domain (Windows 10)
+title: Link the GPO to the Domain (Windows)
 description: Learn how to link a GPO to the Active Directory container for the target devices, after you configure it in Windows Defender Firewall with Advanced Security.
 ms.assetid: 746d4553-b1a6-4954-9770-a948926b1165
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 After you create the GPO and configure it with security group filters and WMI filters, you must link the GPO to the container in Active Directory that contains all of the target devices.
 
diff --git a/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md b/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
index ee043c54a0..048875eafd 100644
--- a/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
+++ b/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
@@ -1,5 +1,5 @@
 ---
-title: Mapping your implementation goals to a Windows Firewall with Advanced Security design (Windows 10)
+title: Mapping your implementation goals to a Windows Firewall with Advanced Security design (Windows)
 description: Mapping your implementation goals to a Windows Firewall with Advanced Security design
 ms.assetid: 7e68c59e-ba40-49c4-8e47-5de5d6b5eb22
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 After you finish reviewing the existing Windows Firewall with Advanced Security implementation goals and you determine which goals are important to your specific deployment, you can map those goals to a specific Windows Firewall with Advanced Security design.
 > [!IMPORTANT]
diff --git a/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md b/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md
index 2f2ec6ad54..037b3a66d6 100644
--- a/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md
+++ b/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md
@@ -1,5 +1,5 @@
 ---
-title: Modify GPO Filters (Windows 10)
+title: Modify GPO Filters (Windows)
 description: Learn how to modify GPO filters to apply to a different zone or version of windows in Windows Defender Firewall with Advanced Security.
 ms.assetid: 24ede9ca-a501-4025-9020-1129e2cdde80
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 You must reconfigure your copied GPO so that it contains the correct security group and WMI filters for its new role. If you are creating the GPO for the isolated domain, use the [Block members of a group from applying a GPO](#to-block-members-of-a-group-from-applying-a-gpo) procedure to prevent members of the boundary and encryption zones from incorrectly applying the GPOs for the main isolated domain.
 
diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md
index 7046b6230b..43485b62d6 100644
--- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md
+++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md
@@ -1,5 +1,5 @@
 ---
-title: Open the Group Policy Management Console to IP Security Policies (Windows 10)
+title: Open the Group Policy Management Console to IP Security Policies (Windows)
 description: Learn how to open the Group Policy Management Console to IP Security Policies to configure GPOs for earlier versions of the Windows operating system.
 ms.assetid: 235f73e4-37b7-40f4-a35e-3e7238bbef43
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 Procedures in this guide that refer to GPOs for earlier versions of the Windows operating system instruct you to work with the IP Security Policy section in the Group Policy Management Console (GPMC).
 

From cc6b656412dcddfaafb53794b723d320bcb24a42 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Wed, 8 Sep 2021 14:50:36 +0530
Subject: [PATCH 189/671] Updated

---
 .../mdm/policy-configuration-service-provider.md   | 14 +++++++++++++-
 windows/client-management/mdm/toc.yml              |  2 ++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index bfc4d24d58..88d025827c 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -657,7 +657,19 @@ The following diagram shows the Policy configuration service provider in tree fo
     <a href="./policy-csp-admx-desktop.md#admx-desktop-sz-dwp-nohtmlpaper" id="admx-desktop-sz-dwp-nohtmlpaper">ADMX_Desktop/sz_DWP_NoHTMLPaper</a>
   </dd>
 </dl>
-                                                                                                              
+
+### ADMX_DeviceCompat policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-admx-devicecompat.md#admx-devicecompat-deviceflags" id="#admx-devicecompat-deviceflags">ADMX_DeviceCompat/DeviceFlags</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-devicecompat.md#admx-devicecompat-drivershims" id="#admx-devicecompat-drivershims">ADMX_DeviceCompat/DriverShims</a>
+  </dd>
+<dl>
+
+            
 ### ADMX_DeviceInstallation policies  
 
 <dl>
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index 2059ba23b0..f3d73b6112 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -443,6 +443,8 @@ items:
               href: policy-csp-admx-dcom.md
             - name: ADMX_Desktop
               href: policy-csp-admx-desktop.md
+            - name: ADMX_DeviceCompat
+              href: policy-csp-admx-devicecompat.md  
             - name: ADMX_DeviceInstallation
               href: policy-csp-admx-deviceinstallation.md
             - name: ADMX_DeviceSetup

From 5560b9a18f1489911bafe6eee17ab150ce35ea7a Mon Sep 17 00:00:00 2001
From: Ashok Lobo <v-ashoklobo@microsoft.com>
Date: Wed, 8 Sep 2021 14:54:25 +0530
Subject: [PATCH 190/671] Updated as per 5358843-files226to250

---
 windows/security/threat-protection/auditing/event-4950.md | 6 +-----
 windows/security/threat-protection/auditing/event-4951.md | 6 +-----
 windows/security/threat-protection/auditing/event-4952.md | 6 +-----
 windows/security/threat-protection/auditing/event-4953.md | 6 +-----
 windows/security/threat-protection/auditing/event-4954.md | 6 +-----
 windows/security/threat-protection/auditing/event-4956.md | 6 +-----
 windows/security/threat-protection/auditing/event-4957.md | 6 +-----
 windows/security/threat-protection/auditing/event-4958.md | 6 +-----
 windows/security/threat-protection/auditing/event-4964.md | 6 +-----
 windows/security/threat-protection/auditing/event-4985.md | 6 +-----
 windows/security/threat-protection/auditing/event-5024.md | 6 +-----
 windows/security/threat-protection/auditing/event-5025.md | 6 +-----
 windows/security/threat-protection/auditing/event-5027.md | 6 +-----
 windows/security/threat-protection/auditing/event-5028.md | 6 +-----
 windows/security/threat-protection/auditing/event-5029.md | 6 +-----
 windows/security/threat-protection/auditing/event-5030.md | 6 +-----
 windows/security/threat-protection/auditing/event-5031.md | 7 +------
 windows/security/threat-protection/auditing/event-5032.md | 6 +-----
 windows/security/threat-protection/auditing/event-5033.md | 6 +-----
 windows/security/threat-protection/auditing/event-5034.md | 6 +-----
 windows/security/threat-protection/auditing/event-5035.md | 6 +-----
 windows/security/threat-protection/auditing/event-5037.md | 6 +-----
 windows/security/threat-protection/auditing/event-5038.md | 6 +-----
 windows/security/threat-protection/auditing/event-5039.md | 6 +-----
 windows/security/threat-protection/auditing/event-5051.md | 6 +-----
 25 files changed, 25 insertions(+), 126 deletions(-)

diff --git a/windows/security/threat-protection/auditing/event-4950.md b/windows/security/threat-protection/auditing/event-4950.md
index 54ead99c65..90fdd4b72d 100644
--- a/windows/security/threat-protection/auditing/event-4950.md
+++ b/windows/security/threat-protection/auditing/event-4950.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4950(S): A Windows Firewall setting has changed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4950.png" alt="Event 4950 illustration" width="449" height="354" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4951.md b/windows/security/threat-protection/auditing/event-4951.md
index 4a2c32b9e2..65357fc8cf 100644
--- a/windows/security/threat-protection/auditing/event-4951.md
+++ b/windows/security/threat-protection/auditing/event-4951.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4951(F): A rule has been ignored because its major version number was not recognized by Windows Firewall.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4951.png" alt="Event 4951 illustration" width="449" height="364" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4952.md b/windows/security/threat-protection/auditing/event-4952.md
index 150a0ac97d..abd1012a90 100644
--- a/windows/security/threat-protection/auditing/event-4952.md
+++ b/windows/security/threat-protection/auditing/event-4952.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4952(F): Parts of a rule have been ignored because its minor version number was not recognized by Windows Firewall. The other parts of the rule will be enforced.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 When you create or edit a Windows Firewall rule, the settings that you can include depend upon the version of Windows you use when creating the rule. As new settings are added to later versions of Windows or to service packs for existing versions of Windows, the version number of the rules processing engine is updated, and that version number is stamped into rules that are created by using that version of Windows. For example, Windows Vista produces firewall rules that are stamped with version "v2.0". Future versions of Windows might use "v2.1", or "v3.0" to indicate, respectively, minor or major changes and additions.
 
diff --git a/windows/security/threat-protection/auditing/event-4953.md b/windows/security/threat-protection/auditing/event-4953.md
index 38d9aa6a3d..d35205d2e8 100644
--- a/windows/security/threat-protection/auditing/event-4953.md
+++ b/windows/security/threat-protection/auditing/event-4953.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4953(F): Windows Firewall ignored a rule because it could not be parsed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4953.png" alt="Event 4953 illustration" width="449" height="375" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4954.md b/windows/security/threat-protection/auditing/event-4954.md
index 99bb6457e2..f671cef1ef 100644
--- a/windows/security/threat-protection/auditing/event-4954.md
+++ b/windows/security/threat-protection/auditing/event-4954.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4954(S): Windows Firewall Group Policy settings have changed. The new settings have been applied.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4954.png" alt="Event 4954 illustration" width="449" height="317" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4956.md b/windows/security/threat-protection/auditing/event-4956.md
index 34d36fa5d0..c56a466f9f 100644
--- a/windows/security/threat-protection/auditing/event-4956.md
+++ b/windows/security/threat-protection/auditing/event-4956.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4956(S): Windows Firewall has changed the active profile.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4956.png" alt="Event 4956 illustration" width="449" height="317" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4957.md b/windows/security/threat-protection/auditing/event-4957.md
index 8b822ee84c..a34de9e92f 100644
--- a/windows/security/threat-protection/auditing/event-4957.md
+++ b/windows/security/threat-protection/auditing/event-4957.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4957(F): Windows Firewall did not apply the following rule.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4957.png" alt="Event 4957 illustration" width="449" height="365" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4958.md b/windows/security/threat-protection/auditing/event-4958.md
index 05922fd7a7..7bb37f579a 100644
--- a/windows/security/threat-protection/auditing/event-4958.md
+++ b/windows/security/threat-protection/auditing/event-4958.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4958(F): Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Windows Firewall with Advanced Security processed a rule that contains parameters that cannot be resolved on the local computer. The rule is therefore not enforceable on the computer and so is excluded from the runtime state of the firewall. This is not necessarily an error. Examine the rule for applicability on the computers to which it was applied.
 
diff --git a/windows/security/threat-protection/auditing/event-4964.md b/windows/security/threat-protection/auditing/event-4964.md
index 0ee97ac194..b83f63788a 100644
--- a/windows/security/threat-protection/auditing/event-4964.md
+++ b/windows/security/threat-protection/auditing/event-4964.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4964(S): Special groups have been assigned to a new logon.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4964.png" alt="Event 4964 illustration" width="448" height="419" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4985.md b/windows/security/threat-protection/auditing/event-4985.md
index c57db1916e..ee97d237fc 100644
--- a/windows/security/threat-protection/auditing/event-4985.md
+++ b/windows/security/threat-protection/auditing/event-4985.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4985(S): The state of a transaction has changed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4985.png" alt="Event 4985 illustration" width="468" height="473" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5024.md b/windows/security/threat-protection/auditing/event-5024.md
index b24cd95e31..6f42905b26 100644
--- a/windows/security/threat-protection/auditing/event-5024.md
+++ b/windows/security/threat-protection/auditing/event-5024.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5024(S): The Windows Firewall Service has started successfully.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5024.png" alt="Event 5024 illustration" width="449" height="317" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5025.md b/windows/security/threat-protection/auditing/event-5025.md
index a9a3c5e14b..51c4600f15 100644
--- a/windows/security/threat-protection/auditing/event-5025.md
+++ b/windows/security/threat-protection/auditing/event-5025.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5025(S): The Windows Firewall Service has been stopped.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5025.png" alt="Event 5025 illustration" width="449" height="317" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5027.md b/windows/security/threat-protection/auditing/event-5027.md
index 4ea2177c6b..85afaa1f92 100644
--- a/windows/security/threat-protection/auditing/event-5027.md
+++ b/windows/security/threat-protection/auditing/event-5027.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5027(F): The Windows Firewall Service was unable to retrieve the security policy from the local storage. The service will continue enforcing the current policy.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5027.png" alt="Event 5027 illustration" width="449" height="317" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5028.md b/windows/security/threat-protection/auditing/event-5028.md
index 9ab51ca985..8835c0a855 100644
--- a/windows/security/threat-protection/auditing/event-5028.md
+++ b/windows/security/threat-protection/auditing/event-5028.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5028(F): The Windows Firewall Service was unable to parse the new security policy. The service will continue with currently enforced policy.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5028.png" alt="Event 5028 illustration" width="449" height="317" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5029.md b/windows/security/threat-protection/auditing/event-5029.md
index 46d9b7b3e7..6e8bfab573 100644
--- a/windows/security/threat-protection/auditing/event-5029.md
+++ b/windows/security/threat-protection/auditing/event-5029.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5029(F): The Windows Firewall Service failed to initialize the driver. The service will continue to enforce the current policy.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Windows logs an error if either the Windows Firewall service or its driver fails to start, or if they unexpectedly terminate. The error message indicates the cause of the service failure by including an error code in the text of the message.
 
diff --git a/windows/security/threat-protection/auditing/event-5030.md b/windows/security/threat-protection/auditing/event-5030.md
index de68bc30db..175e125235 100644
--- a/windows/security/threat-protection/auditing/event-5030.md
+++ b/windows/security/threat-protection/auditing/event-5030.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5030(F): The Windows Firewall Service failed to start.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Windows logs this event if the Windows Firewall service fails to start, or if it unexpectedly terminates. The error message indicates the cause of the service failure by including an error code in the text of the message.
 
diff --git a/windows/security/threat-protection/auditing/event-5031.md b/windows/security/threat-protection/auditing/event-5031.md
index df9881e050..8a10a69008 100644
--- a/windows/security/threat-protection/auditing/event-5031.md
+++ b/windows/security/threat-protection/auditing/event-5031.md
@@ -10,17 +10,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
 # 5031(F): The Windows Firewall Service blocked an application from accepting incoming connections on the network.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
--   Windows Server 2012 R2
--   Windows Server 2012
-
 
 <img src="images/event-5031.png" alt="Event 5031 illustration" width="449" height="317" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5032.md b/windows/security/threat-protection/auditing/event-5032.md
index a356c6ba72..235d9fd8d3 100644
--- a/windows/security/threat-protection/auditing/event-5032.md
+++ b/windows/security/threat-protection/auditing/event-5032.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5032(F): Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Windows Firewall with Advanced Security can be configured to notify the user when an application is blocked by the firewall, and ask if the application should continue to be blocked in the future.
 
diff --git a/windows/security/threat-protection/auditing/event-5033.md b/windows/security/threat-protection/auditing/event-5033.md
index 05552da629..e664ac846b 100644
--- a/windows/security/threat-protection/auditing/event-5033.md
+++ b/windows/security/threat-protection/auditing/event-5033.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5033(S): The Windows Firewall Driver has started successfully.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5033.png" alt="Event 5033 illustration" width="449" height="317" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5034.md b/windows/security/threat-protection/auditing/event-5034.md
index 7cef4c54e0..e447aeb0e7 100644
--- a/windows/security/threat-protection/auditing/event-5034.md
+++ b/windows/security/threat-protection/auditing/event-5034.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5034(S): The Windows Firewall Driver was stopped.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5034.png" alt="Event 5034 illustration" width="449" height="317" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5035.md b/windows/security/threat-protection/auditing/event-5035.md
index 6b9d8a9488..0bc400131b 100644
--- a/windows/security/threat-protection/auditing/event-5035.md
+++ b/windows/security/threat-protection/auditing/event-5035.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5035(F): The Windows Firewall Driver failed to start.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Windows logs this event if Windows Firewall driver fails to start, or if it unexpectedly terminates. The error message indicates the cause of the failure by including an error code in the text of the message.
 
diff --git a/windows/security/threat-protection/auditing/event-5037.md b/windows/security/threat-protection/auditing/event-5037.md
index a189ce3f21..c36c375902 100644
--- a/windows/security/threat-protection/auditing/event-5037.md
+++ b/windows/security/threat-protection/auditing/event-5037.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5037(F): The Windows Firewall Driver detected critical runtime error. Terminating.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Windows logs this event if Windows Firewall driver fails to start, or if it unexpectedly terminates. The error message indicates the cause of the failure by including an error code in the text of the message.
 
diff --git a/windows/security/threat-protection/auditing/event-5038.md b/windows/security/threat-protection/auditing/event-5038.md
index 2dc28bef2e..996a74d7b5 100644
--- a/windows/security/threat-protection/auditing/event-5038.md
+++ b/windows/security/threat-protection/auditing/event-5038.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5038(F): Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
- 
 
 The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
 
diff --git a/windows/security/threat-protection/auditing/event-5039.md b/windows/security/threat-protection/auditing/event-5039.md
index fda19e5f16..09baf51880 100644
--- a/windows/security/threat-protection/auditing/event-5039.md
+++ b/windows/security/threat-protection/auditing/event-5039.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5039(-): A registry key was virtualized.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event should be generated when registry key was virtualized using [LUAFV](https://blogs.msdn.com/b/alexcarp/archive/2009/06/25/the-deal-with-luafv-sys.aspx).
 
diff --git a/windows/security/threat-protection/auditing/event-5051.md b/windows/security/threat-protection/auditing/event-5051.md
index 3ac07671d2..e9e1bea6c6 100644
--- a/windows/security/threat-protection/auditing/event-5051.md
+++ b/windows/security/threat-protection/auditing/event-5051.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5051(-): A file was virtualized.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event should be generated when file was virtualized using [LUAFV](https://blogs.msdn.com/b/alexcarp/archive/2009/06/25/the-deal-with-luafv-sys.aspx).
 

From aed5d2a66d9283798d9b15acad3c0272d15eb8a1 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Wed, 8 Sep 2021 15:11:45 +0530
Subject: [PATCH 191/671] Updated

---
 .../mdm/policies-in-policy-csp-admx-backed.md |   1 +
 .../policy-configuration-service-provider.md  |   3 +-
 .../mdm/policy-csp-admx-dfs.md                | 117 ++++++++++++++++++
 3 files changed, 119 insertions(+), 2 deletions(-)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-dfs.md

diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 048284cd5f..ce9b2705ba 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -189,6 +189,7 @@ ms.date: 10/08/2020
 - [ADMX_DnsClient/DNS_UpdateTopLevelDomainZones](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-updatetopleveldomainzones)
 - [ADMX_DnsClient/DNS_UseDomainNameDevolution](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-usedomainnamedevolution)
 - [ADMX_DnsClient/Turn_Off_Multicast](./policy-csp-admx-dnsclient.md#admx-dnsclient-turn-off-multicast)
+- [ADMX_DFS/DFSDiscoverDC](./policy-csp-admx-dfs.md#admx-dfs-dfsdiscoverdc)
 - [ADMX_DWM/DwmDefaultColorizationColor_1](./policy-csp-admx-dwm.md#admx-dwm-dwmdefaultcolorizationcolor-1)
 - [ADMX_DWM/DwmDefaultColorizationColor_2](./policy-csp-admx-dwm.md#admx-dwm-dwmdefaultcolorizationcolor-2)
 - [ADMX_DWM/DwmDisallowAnimations_1](./policy-csp-admx-dwm.md#admx-dwm-dwmdisallowanimations-1)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 88d025827c..8e071ca433 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -799,8 +799,7 @@ The following diagram shows the Policy configuration service provider in tree fo
   </dd>
 </dl>
 
-### ADMX_DWM policies
-
+###_ADMX_DWM policies
 <dl>
   <dd>
     <a href="./policy-csp-admx-dwm.md#admx-dwm-dwmdefaultcolorizationcolor-1" id="admx-dwm-dwmdefaultcolorizationcolor-1">ADMX_DWM/DwmDefaultColorizationColor_1</a>
diff --git a/windows/client-management/mdm/policy-csp-admx-dfs.md b/windows/client-management/mdm/policy-csp-admx-dfs.md
new file mode 100644
index 0000000000..c2f21eea30
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-dfs.md
@@ -0,0 +1,117 @@
+---
+title: Policy CSP - ADMX_DFS
+description: Policy CSP - ADMX_DFS
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/08/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_DFS
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_DFS policies 
+
+<dl>
+  <dd>
+    <a href="#admx-dfs-dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-dfs-dfsdiscoverdc"></a>**ADMX_DFS/DFSDiscoverDC**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting allows you to configure how often a Distributed File System (DFS) client attempts to discover domain controllers on a network. 
+By default, a DFS client attempts to discover domain controllers every 15 minutes.  
+
+- If you enable this policy setting, you can configure how often a DFS client attempts to discover domain controllers. 
+This value is specified in minutes.  
+
+- If you disable or do not configure this policy setting, the default value of 15 minutes applies.  
+
+> [!NOTE]
+> The minimum value you can select is 15 minutes. If you try to set this setting to a value less than 15 minutes, the default value of 15 minutes is applied.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP Friendly name: *Configure how often a DFS client discovers domain controllers*
+-   GP name: *DFSDiscoverDC*
+-   GP path: *Windows Components\ActiveX Installer Service*
+-   GP ADMX file name: *DFS.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+> [!NOTE]
+> These policies are currently only available as part of a Windows Insider release.
+
+<!--/Policies-->
+

From 5ea5020592f5016f275b29af33f214324191f73c Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Wed, 8 Sep 2021 15:34:18 +0530
Subject: [PATCH 192/671] Updated

---
 .../mdm/policy-configuration-service-provider.md                | 2 +-
 windows/client-management/mdm/toc.yml                           | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 8e071ca433..0bf7c71cf4 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -799,7 +799,7 @@ The following diagram shows the Policy configuration service provider in tree fo
   </dd>
 </dl>
 
-###_ADMX_DWM policies
+### ADMX_DWM policies
 <dl>
   <dd>
     <a href="./policy-csp-admx-dwm.md#admx-dwm-dwmdefaultcolorizationcolor-1" id="admx-dwm-dwmdefaultcolorizationcolor-1">ADMX_DWM/DwmDefaultColorizationColor_1</a>
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index f3d73b6112..4409c38540 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -449,6 +449,8 @@ items:
               href: policy-csp-admx-deviceinstallation.md
             - name: ADMX_DeviceSetup
               href: policy-csp-admx-devicesetup.md
+            - name: ADMX_DFS
+              href: policy-csp-admx-dfs.md
             - name: ADMX_DigitalLocker
               href: policy-csp-admx-digitallocker.md
             - name: ADMX_DistributedLinkTracking

From 41169cc5f9b454bc238991fe19443b1128930845 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Wed, 8 Sep 2021 15:52:24 +0530
Subject: [PATCH 193/671] Updated

---
 .../mdm/policy-configuration-service-provider.md                 | 1 -
 windows/client-management/mdm/policy-csp-admx-dfs.md             | 1 +
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 0bf7c71cf4..f9a17d97e0 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -711,7 +711,6 @@ The following diagram shows the Policy configuration service provider in tree fo
 </dl>
 
 ### ADMX_DigitalLocker policies
-<dl>
   <dd>
     <a href="./policy-csp-admx-digitallocker.md#admx-digitallocker-digitalx-diableapplication-titletext-1" id="admx-digitallocker-digitalx-diableapplication-titletext-1">ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_1</a>
   </dd>
diff --git a/windows/client-management/mdm/policy-csp-admx-dfs.md b/windows/client-management/mdm/policy-csp-admx-dfs.md
index c2f21eea30..fc3cdf1b1d 100644
--- a/windows/client-management/mdm/policy-csp-admx-dfs.md
+++ b/windows/client-management/mdm/policy-csp-admx-dfs.md
@@ -16,6 +16,7 @@ manager: dansimp
 > [!WARNING]
 > Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
 
+
 <hr/>
 
 <!--Policies-->

From 200e433c34a8345da5c3c53ee322d5c2265ff368 Mon Sep 17 00:00:00 2001
From: Ashok Lobo <v-ashoklobo@microsoft.com>
Date: Wed, 8 Sep 2021 15:53:31 +0530
Subject: [PATCH 194/671] Updated as per 5358843-files251to275

---
 windows/security/threat-protection/auditing/event-5056.md | 6 +-----
 windows/security/threat-protection/auditing/event-5057.md | 6 +-----
 windows/security/threat-protection/auditing/event-5058.md | 6 +-----
 windows/security/threat-protection/auditing/event-5059.md | 6 +-----
 windows/security/threat-protection/auditing/event-5060.md | 6 +-----
 windows/security/threat-protection/auditing/event-5061.md | 6 +-----
 windows/security/threat-protection/auditing/event-5062.md | 6 +-----
 windows/security/threat-protection/auditing/event-5063.md | 6 +-----
 windows/security/threat-protection/auditing/event-5064.md | 6 +-----
 windows/security/threat-protection/auditing/event-5065.md | 6 +-----
 windows/security/threat-protection/auditing/event-5066.md | 6 +-----
 windows/security/threat-protection/auditing/event-5067.md | 6 +-----
 windows/security/threat-protection/auditing/event-5068.md | 6 +-----
 windows/security/threat-protection/auditing/event-5069.md | 6 +-----
 windows/security/threat-protection/auditing/event-5070.md | 6 +-----
 windows/security/threat-protection/auditing/event-5136.md | 6 +-----
 windows/security/threat-protection/auditing/event-5137.md | 6 +-----
 windows/security/threat-protection/auditing/event-5138.md | 6 +-----
 windows/security/threat-protection/auditing/event-5139.md | 6 +-----
 windows/security/threat-protection/auditing/event-5140.md | 6 +-----
 windows/security/threat-protection/auditing/event-5141.md | 6 +-----
 windows/security/threat-protection/auditing/event-5142.md | 6 +-----
 windows/security/threat-protection/auditing/event-5143.md | 6 +-----
 windows/security/threat-protection/auditing/event-5144.md | 6 +-----
 windows/security/threat-protection/auditing/event-5145.md | 6 +-----
 25 files changed, 25 insertions(+), 125 deletions(-)

diff --git a/windows/security/threat-protection/auditing/event-5056.md b/windows/security/threat-protection/auditing/event-5056.md
index a717d05e4a..96af867108 100644
--- a/windows/security/threat-protection/auditing/event-5056.md
+++ b/windows/security/threat-protection/auditing/event-5056.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5056(S): A cryptographic self-test was performed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event generates in CNG Self-Test function. This function is a Cryptographic Next Generation (CNG) function.
 
diff --git a/windows/security/threat-protection/auditing/event-5057.md b/windows/security/threat-protection/auditing/event-5057.md
index c83ca8bd2e..5d686b4510 100644
--- a/windows/security/threat-protection/auditing/event-5057.md
+++ b/windows/security/threat-protection/auditing/event-5057.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5057(F): A cryptographic primitive operation failed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event generates in case of CNG primitive operation failure.
 
diff --git a/windows/security/threat-protection/auditing/event-5058.md b/windows/security/threat-protection/auditing/event-5058.md
index b351ee93e6..319ffe99f0 100644
--- a/windows/security/threat-protection/auditing/event-5058.md
+++ b/windows/security/threat-protection/auditing/event-5058.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5058(S, F): Key file operation.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5058.png" alt="Event 5058 illustration" width="833" height="502" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5059.md b/windows/security/threat-protection/auditing/event-5059.md
index 5881e672d5..ff33eba467 100644
--- a/windows/security/threat-protection/auditing/event-5059.md
+++ b/windows/security/threat-protection/auditing/event-5059.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5059(S, F): Key migration operation.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5059.png" alt="Event 5059 illustration" width="491" height="489" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5060.md b/windows/security/threat-protection/auditing/event-5060.md
index 11b9903d5d..23fa5c78d9 100644
--- a/windows/security/threat-protection/auditing/event-5060.md
+++ b/windows/security/threat-protection/auditing/event-5060.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5060(F): Verification operation failed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event generates when the Cryptographic Next Generation (CNG) verification operation fails.
 
diff --git a/windows/security/threat-protection/auditing/event-5061.md b/windows/security/threat-protection/auditing/event-5061.md
index 7612017713..919d66a79c 100644
--- a/windows/security/threat-protection/auditing/event-5061.md
+++ b/windows/security/threat-protection/auditing/event-5061.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5061(S, F): Cryptographic operation.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5061.png" alt="Event 5061 illustration" width="486" height="489" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5062.md b/windows/security/threat-protection/auditing/event-5062.md
index e397844d41..242721afc4 100644
--- a/windows/security/threat-protection/auditing/event-5062.md
+++ b/windows/security/threat-protection/auditing/event-5062.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5062(S): A kernel-mode cryptographic self-test was performed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event occurs rarely, and in some situations may be difficult to reproduce.
 
diff --git a/windows/security/threat-protection/auditing/event-5063.md b/windows/security/threat-protection/auditing/event-5063.md
index e06e3118a6..020b7ebc4c 100644
--- a/windows/security/threat-protection/auditing/event-5063.md
+++ b/windows/security/threat-protection/auditing/event-5063.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5063(S, F): A cryptographic provider operation was attempted.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event generates in BCryptUnregisterProvider() and BCryptRegisterProvider() functions. These are Cryptographic Next Generation (CNG) functions.
 
diff --git a/windows/security/threat-protection/auditing/event-5064.md b/windows/security/threat-protection/auditing/event-5064.md
index 077fadf9f7..2532a3b70b 100644
--- a/windows/security/threat-protection/auditing/event-5064.md
+++ b/windows/security/threat-protection/auditing/event-5064.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5064(S, F): A cryptographic context operation was attempted.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event generates in [BCryptCreateContext](/windows/win32/api/bcrypt/nf-bcrypt-bcryptcreatecontext)() and [BCryptDeleteContext](/windows/win32/api/bcrypt/nf-bcrypt-bcryptdeletecontext)() functions. These are Cryptographic Next Generation (CNG) functions.
 
diff --git a/windows/security/threat-protection/auditing/event-5065.md b/windows/security/threat-protection/auditing/event-5065.md
index 3a64e39e7f..0bbc9ae5c7 100644
--- a/windows/security/threat-protection/auditing/event-5065.md
+++ b/windows/security/threat-protection/auditing/event-5065.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5065(S, F): A cryptographic context modification was attempted.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event generates in [BCryptConfigureContext](/windows/win32/api/bcrypt/nf-bcrypt-bcryptconfigurecontext)() function. This is a Cryptographic Next Generation (CNG) function.
 
diff --git a/windows/security/threat-protection/auditing/event-5066.md b/windows/security/threat-protection/auditing/event-5066.md
index 52fca7414b..eebc61873d 100644
--- a/windows/security/threat-protection/auditing/event-5066.md
+++ b/windows/security/threat-protection/auditing/event-5066.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5066(S, F): A cryptographic function operation was attempted.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event generates in [BCryptAddContextFunction](/windows/win32/api/bcrypt/nf-bcrypt-bcryptaddcontextfunction)() and [BCryptRemoveContextFunction](/windows/win32/api/bcrypt/nf-bcrypt-bcryptremovecontextfunction)() functions. These are Cryptographic Next Generation (CNG) functions.
 
diff --git a/windows/security/threat-protection/auditing/event-5067.md b/windows/security/threat-protection/auditing/event-5067.md
index 245b241e69..a3ca03be65 100644
--- a/windows/security/threat-protection/auditing/event-5067.md
+++ b/windows/security/threat-protection/auditing/event-5067.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5067(S, F): A cryptographic function modification was attempted.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event generates in [BCryptConfigureContextFunction](/windows/win32/api/bcrypt/nf-bcrypt-bcryptconfigurecontextfunction)() function. This is a Cryptographic Next Generation (CNG) function.
 
diff --git a/windows/security/threat-protection/auditing/event-5068.md b/windows/security/threat-protection/auditing/event-5068.md
index 1cb02be991..645868eeca 100644
--- a/windows/security/threat-protection/auditing/event-5068.md
+++ b/windows/security/threat-protection/auditing/event-5068.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5068(S, F): A cryptographic function provider operation was attempted.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event generates in BCryptAddContextFunctionProvider() and BCryptRemoveContextFunctionProvider() functions. These are Cryptographic Next Generation (CNG) functions.
 
diff --git a/windows/security/threat-protection/auditing/event-5069.md b/windows/security/threat-protection/auditing/event-5069.md
index 742188905d..50d95a9aff 100644
--- a/windows/security/threat-protection/auditing/event-5069.md
+++ b/windows/security/threat-protection/auditing/event-5069.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5069(S, F): A cryptographic function property operation was attempted.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event generates in [BCryptSetContextFunctionProperty](/windows/win32/api/bcrypt/nf-bcrypt-bcryptsetcontextfunctionproperty)() function. This is a Cryptographic Next Generation (CNG) function.
 
diff --git a/windows/security/threat-protection/auditing/event-5070.md b/windows/security/threat-protection/auditing/event-5070.md
index 9893a7116b..e279ab685d 100644
--- a/windows/security/threat-protection/auditing/event-5070.md
+++ b/windows/security/threat-protection/auditing/event-5070.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5070(S, F): A cryptographic function property modification was attempted.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event generates in [BCryptSetContextFunctionProperty](/windows/win32/api/bcrypt/nf-bcrypt-bcryptsetcontextfunctionproperty)() function. This is a Cryptographic Next Generation (CNG) function.
 
diff --git a/windows/security/threat-protection/auditing/event-5136.md b/windows/security/threat-protection/auditing/event-5136.md
index 1b62c11bab..d83424aac5 100644
--- a/windows/security/threat-protection/auditing/event-5136.md
+++ b/windows/security/threat-protection/auditing/event-5136.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5136(S): A directory service object was modified.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5136.png" alt="Event 5136 illustration" width="449" height="611" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5137.md b/windows/security/threat-protection/auditing/event-5137.md
index 0146958e61..65f8370ad0 100644
--- a/windows/security/threat-protection/auditing/event-5137.md
+++ b/windows/security/threat-protection/auditing/event-5137.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5137(S): A directory service object was created.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5137.png" alt="Event 5137 illustration" width="449" height="532" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5138.md b/windows/security/threat-protection/auditing/event-5138.md
index 2553251b75..4fa35c7f07 100644
--- a/windows/security/threat-protection/auditing/event-5138.md
+++ b/windows/security/threat-protection/auditing/event-5138.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5138(S): A directory service object was undeleted.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5138.png" alt="Event 5138 illustration" width="671" height="573" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5139.md b/windows/security/threat-protection/auditing/event-5139.md
index c7f306eab0..43eacd93d9 100644
--- a/windows/security/threat-protection/auditing/event-5139.md
+++ b/windows/security/threat-protection/auditing/event-5139.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5139(S): A directory service object was moved.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5139.png" alt="Event 5139 illustration" width="505" height="547" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5140.md b/windows/security/threat-protection/auditing/event-5140.md
index 199e5a4cd7..eb389fe767 100644
--- a/windows/security/threat-protection/auditing/event-5140.md
+++ b/windows/security/threat-protection/auditing/event-5140.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5140(S, F): A network share object was accessed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5140.png" alt="Event 5140 illustration" width="449" height="557" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5141.md b/windows/security/threat-protection/auditing/event-5141.md
index 7d85f444d4..8da8b7d590 100644
--- a/windows/security/threat-protection/auditing/event-5141.md
+++ b/windows/security/threat-protection/auditing/event-5141.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5141(S): A directory service object was deleted.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5141.png" alt="Event 5141 illustration" width="449" height="549" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5142.md b/windows/security/threat-protection/auditing/event-5142.md
index d29c26ddc4..b72ef6d776 100644
--- a/windows/security/threat-protection/auditing/event-5142.md
+++ b/windows/security/threat-protection/auditing/event-5142.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5142(S): A network share object was added.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5142.png" alt="Event 5142 illustration" width="449" height="406" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5143.md b/windows/security/threat-protection/auditing/event-5143.md
index bc8f827e03..d173059b23 100644
--- a/windows/security/threat-protection/auditing/event-5143.md
+++ b/windows/security/threat-protection/auditing/event-5143.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5143(S): A network share object was modified.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5143.png" alt="Event 5143 illustration" width="740" height="547" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5144.md b/windows/security/threat-protection/auditing/event-5144.md
index 886dc70759..937bc39ce4 100644
--- a/windows/security/threat-protection/auditing/event-5144.md
+++ b/windows/security/threat-protection/auditing/event-5144.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5144(S): A network share object was deleted.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5144.png" alt="Event 5144 illustration" width="449" height="412" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5145.md b/windows/security/threat-protection/auditing/event-5145.md
index 933ab84191..1bf796cf9f 100644
--- a/windows/security/threat-protection/auditing/event-5145.md
+++ b/windows/security/threat-protection/auditing/event-5145.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5145(S, F): A network share object was checked to see whether client can be granted desired access.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5145.png" alt="Event 5145 illustration" width="591" height="671" hspace="10" align="left" />
 

From f7f107fb73761a36a312e2fbac48cc78431ae9b8 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Wed, 8 Sep 2021 16:00:37 +0530
Subject: [PATCH 195/671] Updated

---
 .../mdm/policy-configuration-service-provider.md    | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index f9a17d97e0..36b9ca5353 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -710,8 +710,19 @@ The following diagram shows the Policy configuration service provider in tree fo
   </dd>
 </dl>
 
-### ADMX_DigitalLocker policies
+### ADMX_DFS policies
+
+</dl>
   <dd>
+    <a href="./policy-csp-admx-dfs.md#admx-dfs-dfsdiscoverdc"id="admx-devicesetup-
+dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
+  </dd>
+</dl>
+
+### ADMX_DigitalLocker policies
+
+</dl>  
+<dd>
     <a href="./policy-csp-admx-digitallocker.md#admx-digitallocker-digitalx-diableapplication-titletext-1" id="admx-digitallocker-digitalx-diableapplication-titletext-1">ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_1</a>
   </dd>
   <dd>

From bd2d5f0f974637aa741d43df98bd5aacc2e91cd0 Mon Sep 17 00:00:00 2001
From: Meghana Athavale <v-mathavale@microsoft.com>
Date: Wed, 8 Sep 2021 17:14:56 +0530
Subject: [PATCH 196/671] Updated 81 to 100

---
 ...console-to-windows-firewall-with-advanced-security.md | 7 ++++---
 ...roup-policy-management-console-to-windows-firewall.md | 7 ++++---
 .../open-windows-firewall-with-advanced-security.md      | 7 ++++---
 .../planning-certificate-based-authentication.md         | 7 ++++---
 .../windows-firewall/planning-domain-isolation-zones.md  | 7 ++++---
 .../windows-firewall/planning-gpo-deployment.md          | 7 ++++---
 ...g-group-policy-deployment-for-your-isolation-zones.md | 7 ++++---
 .../planning-isolation-groups-for-the-zones.md           | 7 ++++---
 .../windows-firewall/planning-network-access-groups.md   | 7 ++++---
 .../windows-firewall/planning-server-isolation-zones.md  | 7 ++++---
 .../planning-settings-for-a-basic-firewall-policy.md     | 7 ++++---
 .../windows-firewall/planning-the-gpos.md                | 9 +++++----
 ...-to-deploy-windows-firewall-with-advanced-security.md | 7 ++++---
 ...our-windows-firewall-with-advanced-security-design.md | 7 ++++---
 .../windows-firewall/procedures-used-in-this-guide.md    | 7 ++++---
 .../protect-devices-from-unwanted-network-traffic.md     | 7 ++++---
 .../threat-protection/windows-firewall/quarantine.md     | 2 +-
 ...ryption-when-accessing-sensitive-network-resources.md | 7 ++++---
 ...restrict-access-to-only-specified-users-or-devices.md | 7 ++++---
 .../restrict-access-to-only-trusted-devices.md           | 7 ++++---
 20 files changed, 78 insertions(+), 59 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
index 5c3d340ea4..1239f18bf3 100644
--- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
+++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
@@ -1,5 +1,5 @@
 ---
-title: Group Policy Management of Windows Firewall with Advanced Security (Windows 10)
+title: Group Policy Management of Windows Firewall with Advanced Security (Windows)
 description: Group Policy Management of Windows Firewall with Advanced Security
 ms.assetid: 28afab36-8768-4938-9ff2-9d6dab702e98
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 Most of the procedures in this guide instruct you to use Group Policy settings for Windows Firewall with Advanced Security.
 
diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md
index 2c7d2f500b..a4cba8e7c3 100644
--- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md
+++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md
@@ -1,5 +1,5 @@
 ---
-title: Group Policy Management of Windows Defender Firewall (Windows 10)
+title: Group Policy Management of Windows Defender Firewall (Windows)
 description: Group Policy Management of Windows Defender Firewall with Advanced Security
 ms.assetid: 5090b2c8-e038-4905-b238-19ecf8227760
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/02/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 To open a GPO to Windows Defender Firewall:
 
diff --git a/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md
index 1b99cfae07..8dda8bcf96 100644
--- a/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md
+++ b/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md
@@ -1,5 +1,5 @@
 ---
-title: Open Windows Defender Firewall with Advanced Security (Windows 10)
+title: Open Windows Defender Firewall with Advanced Security (Windows)
 description: Learn how to open the Windows Defender Firewall with Advanced Security console. You must be a member of the Administrators group.
 ms.assetid: 788faff2-0f50-4e43-91f2-3e2595c0b6a1
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 This procedure shows you how to open the Windows Defender Firewall with Advanced Security console.
 
diff --git a/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md b/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md
index 0f8b7c455f..2291806174 100644
--- a/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md
+++ b/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md
@@ -1,5 +1,5 @@
 ---
-title: Planning Certificate-based Authentication (Windows 10)
+title: Planning Certificate-based Authentication (Windows)
 description: Learn how a device unable to join an Active Directory domain can still participate in an isolated domain by using certificate-based authentication.
 ms.assetid: a55344e6-d0df-4ad5-a6f5-67ccb6397dec
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 Sometimes a device cannot join an Active Directory domain, and therefore cannot use Kerberos V5 authentication with domain credentials. However, the device can still participate in the isolated domain by using certificate-based authentication.
 
diff --git a/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md
index af5214261c..0a5d687d62 100644
--- a/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md
+++ b/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md
@@ -1,5 +1,5 @@
 ---
-title: Planning Domain Isolation Zones (Windows 10)
+title: Planning Domain Isolation Zones (Windows)
 description: Learn how to use information you have gathered to make decisions about isolation zones for your environment in Windows Defender Firewall with Advanced Security.
 ms.assetid: 70bc7c52-91f0-4a0d-a64a-69d3ea1c6d05
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 After you have the required information about your network, Active Directory, and client and server devices, you can use that information to make decisions about the isolation zones you want to use in your environment.
 
diff --git a/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md b/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md
index 0f0993409e..fd986acbbd 100644
--- a/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md
+++ b/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md
@@ -1,5 +1,5 @@
 ---
-title: Planning GPO Deployment (Windows 10)
+title: Planning GPO Deployment (Windows)
 description: Learn how to use security group filtering and WMI filtering to provide the most flexible options for applying GPOs to devices in Active Directory.
 ms.assetid: b38adfb1-1371-4227-a887-e6d118809de1
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 You can control which GPOs are applied to devices in Active Directory in a combination of three ways:
 
diff --git a/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md
index 7899c1c091..47d3282978 100644
--- a/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md
+++ b/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md
@@ -1,5 +1,5 @@
 ---
-title: Planning Group Policy Deployment for Your Isolation Zones (Windows 10)
+title: Planning Group Policy Deployment for Your Isolation Zones (Windows)
 description: Learn how to plan a group policy deployment for your isolation zones after you determine the best logical design for your isolation environment.
 ms.assetid: ea7c0acd-af28-4347-9d4a-4801b470557c
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 After you have decided on the best logical design of your isolation environment for the network and device security requirements, you can start the implementation plan.
 
diff --git a/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md b/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md
index c4fff5ce81..6ac5c58afd 100644
--- a/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md
+++ b/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md
@@ -1,5 +1,5 @@
 ---
-title: Planning Isolation Groups for the Zones (Windows 10)
+title: Planning Isolation Groups for the Zones (Windows)
 description: Learn about planning isolation groups for the zones in Microsoft Firewall, including information on universal groups and GPOs.
 ms.assetid: be4b662d-c1ce-441e-b462-b140469a5695
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 Isolation groups in Active Directory are how you implement the various domain and server isolation zones. A device is assigned to a zone by adding its device account to the group which represents that zone.
 
diff --git a/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md b/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md
index 57d452edac..d767a7db71 100644
--- a/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md
+++ b/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md
@@ -1,5 +1,5 @@
 ---
-title: Planning Network Access Groups (Windows 10)
+title: Planning Network Access Groups (Windows)
 description: Learn how to implement a network access group for users and devices that can access an isolated server in Windows Defender Firewall with Advanced Security.
 ms.assetid: 56ea1717-1731-4a5d-b277-5a73eb86feb0
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 A network access group (NAG) is used to identify users and devices that have permission to access an isolated server. The server is configured with firewall rules that allow only network connections that are authenticated as originating from a device, and optionally a user, whose accounts are members of its NAG. A member of the isolated domain can belong to as many NAGs as required.
 
diff --git a/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md
index a89145ab4a..2a5a06d873 100644
--- a/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md
+++ b/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md
@@ -1,5 +1,5 @@
 ---
-title: Planning Server Isolation Zones (Windows 10)
+title: Planning Server Isolation Zones (Windows)
 description: Learn how to restrict access to a server to approved users by using a server isolation zone in Windows Defender Firewall with Advanced Security.
 ms.assetid: 5f63c929-589e-4b64-82ea-515d62765b7b
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 Sometimes a server hosts data that is sensitive. If your servers host data that must not be compromised, you have several options to help protect that data. One was already addressed: adding the server to the encryption zone. Membership in that zone prevents the server from being accessed by any devices that are outside the isolated domain, and encrypts all network connections to server.
 
diff --git a/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md b/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md
index ce989c23c6..e843a202ac 100644
--- a/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md
+++ b/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md
@@ -1,5 +1,5 @@
 ---
-title: Planning Settings for a Basic Firewall Policy (Windows 10)
+title: Planning Settings for a Basic Firewall Policy (Windows)
 description: Learn how to design a basic policy for Windows Defender Firewall with Advanced Security, the settings and rules that enforce your requirements on devices.
 ms.assetid: 4c90df5a-3cbc-4b85-924b-537c2422d735
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 After you have identified your requirements, and have the information about the network layout and devices available, you can begin to design the GPO settings and rules that will enable you to enforce your requirements on the devices.
 
diff --git a/windows/security/threat-protection/windows-firewall/planning-the-gpos.md b/windows/security/threat-protection/windows-firewall/planning-the-gpos.md
index 8bb1208626..67f3121c36 100644
--- a/windows/security/threat-protection/windows-firewall/planning-the-gpos.md
+++ b/windows/security/threat-protection/windows-firewall/planning-the-gpos.md
@@ -1,5 +1,5 @@
 ---
-title: Planning the GPOs (Windows 10)
+title: Planning the GPOs (Windows)
 description: Learn about planning Group Policy Objects for your isolation zones in Windows Defender Firewall with Advanced Security, after you design the zone layout.
 ms.assetid: 11949ca3-a11c-4a16-b297-0862432eb5b4
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 When you plan the GPOs for your different isolation zones, you must complete the layout of the required zones and their mappings to the groups that link the devices to the zones.
 
@@ -42,7 +43,7 @@ A few things to consider as you plan the GPOs:
 
 -   Windows Defender Firewall* in Windows Vista and Windows Server 2008 only support one network location profile at a time. If you add a second network adapter that is connected to a different network, or not connected at all, you could unintentionally change the profile that is currently active on the device. If your GPO specifies different firewall and connection security rules based on the current network location profile, the behavior of how the device handles network traffic will change accordingly. We recommend for stationary devices, such as desktops and servers, that you assign any rule for the device to all profiles. Apply GPOs that change rules per network location to devices that must move between networks, such as your portable devices. Consider creating a separate domain isolation GPO for your servers that uses the same settings as the GPO for the clients, except that the server GPO specifies the same rules for all network location profiles.
 
-*Windows Defender Firewall is now called Windows Defender Firewall with Advanced Security in Windows 10.
+*Windows Defender Firewall is now called Windows Defender Firewall with Advanced Security in Windows 10 and Windows 11.
 
    > [!NOTE]
    > Devices running Windows 7, Windows Server 2008 R2, and later support different network location types, and therefore profiles, for each network adapter at the same time. Each network adapter is assigned the network location appropriate for the network to which it is connected. Windows Defender Firewall then enforces only those rules that apply to that network type’s profile. So certain types of traffic are blocked when coming from a network adapter connected to a public network, but those same types might be permitted when coming from a private or domain network.
diff --git a/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md
index 7dabf87126..8d60afedaf 100644
--- a/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md
+++ b/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md
@@ -1,5 +1,5 @@
 ---
-title: Plan to Deploy Windows Defender Firewall with Advanced Security (Windows 10)
+title: Plan to Deploy Windows Defender Firewall with Advanced Security (Windows)
 description: Use the design information in this article to plan for the deployment of Windows Defender Firewall with Advanced Security in your organization.
 ms.assetid: 891a30c9-dbf5-4a88-a279-00662b9da48e
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 After you collect information about your environment and decide on a design by following the guidance in the [Windows Defender Firewall with Advanced Security Design Guide](windows-firewall-with-advanced-security-design-guide.md), you can begin to plan the deployment of your design. With the completed design and the information in this topic, you can determine which tasks to perform to deploy Windows Defender Firewall with Advanced Security in your organization.
 
diff --git a/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md b/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md
index 437bb3fbeb..8459640ec7 100644
--- a/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md
+++ b/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md
@@ -1,5 +1,5 @@
 ---
-title: Planning Your Windows Defender Firewall with Advanced Security Design (Windows 10)
+title: Planning Your Windows Defender Firewall with Advanced Security Design (Windows)
 description: After you gather the relevant information, select the design or combination of designs for Windows Defender Firewall with Advanced Security in your environment.
 ms.assetid: f3ac3d49-ef4c-4f3c-a16c-e107284e169f
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 After you have gathered the relevant information in the previous sections, and understand the basics of the designs as described earlier in this guide, you can select the design (or combination of designs) that meet your needs.
 
diff --git a/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md b/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md
index e301390ef9..305d69aef6 100644
--- a/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md
+++ b/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md
@@ -1,5 +1,5 @@
 ---
-title: Procedures Used in This Guide (Windows 10)
+title: Procedures Used in This Guide (Windows)
 description: Refer to this summary of procedures for Windows Defender Firewall with Advanced Security from checklists in this guide.
 ms.assetid: 45c0f549-e4d8-45a3-a600-63e2a449e178
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 The procedures in this section appear in the checklists found earlier in this document. They should be used only in the context of the checklists in which they appear. They are presented here in alphabetical order.
 
diff --git a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md
index 233776996f..f0fc035973 100644
--- a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md
+++ b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md
@@ -1,5 +1,5 @@
 ---
-title: Protect devices from unwanted network traffic (Windows 10)
+title: Protect devices from unwanted network traffic (Windows)
 description: Learn how running a host-based firewall on every device in your organization can help protect against attacks as part of a defense-in-depth security strategy.
 ms.assetid: 307d2b38-e8c4-4358-ae16-f2143af965dc
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 Although network perimeter firewalls provide important protection to network resources from external threats, there are network threats that a perimeter firewall cannot protect against. Some attacks might successfully penetrate the perimeter firewall, and at that point what can stop it? Other attacks might originate from inside the network, such as malware that is brought in on portable media and run on a trusted device. Portable device are often taken outside the network and connected directly to the Internet, without adequate protection between the device and security threats.
 
diff --git a/windows/security/threat-protection/windows-firewall/quarantine.md b/windows/security/threat-protection/windows-firewall/quarantine.md
index bd087a2124..17ab51f503 100644
--- a/windows/security/threat-protection/windows-firewall/quarantine.md
+++ b/windows/security/threat-protection/windows-firewall/quarantine.md
@@ -14,7 +14,7 @@ ms.localizationpriority: normal
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 11/17/2020
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
diff --git a/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md b/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md
index 8fbeb35412..a3963db1f2 100644
--- a/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md
+++ b/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md
@@ -1,5 +1,5 @@
 ---
-title: Require Encryption When Accessing Sensitive Network Resources (Windows 10)
+title: Require Encryption When Accessing Sensitive Network Resources (Windows)
 description: Windows Defender Firewall with Advanced Security allows you to require that all network traffic in an isolated domain be encrypted.
 ms.assetid: da980d30-a68b-4e2a-ba63-94726355ce6f
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 The use of authentication in the previously described goal ([Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md)) enables a device in the isolated domain to block traffic from untrusted devices. However, it does not prevent an untrusted device from eavesdropping on the network traffic shared between two trusted devices, because by default network packets are not encrypted.
 
diff --git a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md
index 1a7c288575..e546bbf39d 100644
--- a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md
+++ b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md
@@ -1,5 +1,5 @@
 ---
-title: Restrict Access to Only Specified Users or Devices (Windows 10)
+title: Restrict Access to Only Specified Users or Devices (Windows)
 description: Restrict access to devices and users that are members of domain groups authorized to access that device using Windows Defender Firewall with Advanced Security.
 ms.assetid: a6106a07-f9e5-430f-8dbd-06d3bf7406df
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 Domain isolation (as described in the previous goal [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md)) prevents devices that are members of the isolated domain from accepting network traffic from untrusted devices. However, some devices on the network might host sensitive data that must be additionally restricted to only those users and computers that have a business requirement to access the data.
 
diff --git a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md
index 5285e56ad9..d3d0f94001 100644
--- a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md
+++ b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md
@@ -1,5 +1,5 @@
 ---
-title: Restrict access to only trusted devices (Windows 10)
+title: Restrict access to only trusted devices (Windows)
 description: Windows Defender Firewall with Advanced Security enables you to isolate devices you trust and restrict access of untrusted devices to trusted devices.
 ms.assetid: bc1f49a4-7d54-4857-8af9-b7c79f47273b
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 Your organizational network likely has a connection to the Internet. You also likely have partners, vendors, or contractors who attach devices that are not owned by your organization to your network. Because you do not manage those devices, you cannot trust them to be free of malicious software, maintained with the latest security updates, or in any way in compliance with your organization's security policies. These untrustworthy devices both on and outside of your physical network must not be permitted to access your organization's devices except where it is truly required.
 

From 66db42db3d07a9cd58b9f7fc582a4fd5b90ac42f Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Wed, 8 Sep 2021 17:27:59 +0530
Subject: [PATCH 197/671] Updated

---
 .../mdm/policies-in-policy-csp-admx-backed.md |   1 +
 .../policy-configuration-service-provider.md  |   1 -
 .../mdm/policy-csp-admx-deviceguard.md        | 119 ++++++++++++++++++
 3 files changed, 120 insertions(+), 1 deletion(-)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-deviceguard.md

diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index ce9b2705ba..cb9e4b2fbd 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -162,6 +162,7 @@ ms.date: 10/08/2020
 - [ADMX_DeviceInstallation/DeviceInstall_Removable_Deny](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-removable-deny)
 - [ADMX_DeviceInstallation/DeviceInstall_SystemRestore](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-systemrestore)
 - [ADMX_DeviceInstallation/DriverInstall_Classes_AllowUser](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-classes-allowuser)
+- [ADMX_DeviceGuard/ConfigCIPolicy](./policy-csp-admx-deviceguard.md#admx-deviceguard-configcipolicy)
 - [ADMX_DeviceSetup/DeviceInstall_BalloonTips](./policy-csp-admx-devicesetup.md#admx-devicesetup-deviceinstall-balloontips)
 - [ADMX_DeviceSetup/DriverSearchPlaces_SearchOrderConfiguration](./policy-csp-admx-devicesetup.md#admx-devicesetup-driversearchplaces-searchorderconfiguration)
 - [ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_1](./policy-csp-admx-digitallocker.md#admx-digitallocker-digitalx-diableapplication-titletext-1)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 36b9ca5353..895c4bf6e4 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -669,7 +669,6 @@ The following diagram shows the Policy configuration service provider in tree fo
   </dd>
 <dl>
 
-            
 ### ADMX_DeviceInstallation policies  
 
 <dl>
diff --git a/windows/client-management/mdm/policy-csp-admx-deviceguard.md b/windows/client-management/mdm/policy-csp-admx-deviceguard.md
new file mode 100644
index 0000000000..079455128a
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-deviceguard.md
@@ -0,0 +1,119 @@
+---
+title: Policy CSP - ADMX_DeviceGuard
+description: Policy CSP - ADMX_DeviceGuard
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 09/08/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_DeviceGuard
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_DeviceGuard policies  
+
+<dl>
+  <dd>
+    <a href="#admx-deviceguard-configcipolicy">ADMX_DeviceGuard/ConfigCIPolicy</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-deviceguard-configcipolicy"></a>**ADMX_DeviceGuard/ConfigCIPolicy**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+    
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting lets you deploy a Code Integrity Policy to a machine to control what is allowed to run on that machine.  
+
+If you deploy a Code Integrity Policy, Windows will restrict what can run in both kernel mode and on the Windows Desktop based on the policy. 
+
+To enable this policy the machine must be rebooted.  
+The file path must be either a UNC path (for example, `\\ServerName\ShareName\SIPolicy.p7b`),
+or a locally valid path (for example, `C:\FolderName\SIPolicy.p7b)`. 
+ 
+The local machine account (LOCAL SYSTEM) must have access permission to the policy file.    
+If using a signed and protected policy then disabling this policy setting doesn't remove the feature from the computer. Instead, you must either:  
+1. First update the policy to a non-protected policy and then disable the setting.  
+2. Disable the setting and then remove the policy from each computer, with a physically present user.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP Friendly name: *Deploy Windows Defender Application Control*
+-   GP name: *ConfigCIPolicy*
+-   GP path: *Windows Components/DeviceGuard!DeployConfigCIPolicy*
+-   GP ADMX file name: *DeviceGuard.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+> [!NOTE]
+> These policies are currently only available as part of a Windows Insider release.
+
+<!--/Policies-->
+

From b91e9bdc1b946853d368246f5e0d912bf4924a5f Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Wed, 8 Sep 2021 17:34:16 +0530
Subject: [PATCH 198/671] Updated

---
 .../mdm/policy-configuration-service-provider.md           | 7 +++++++
 windows/client-management/mdm/toc.yml                      | 4 +++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 895c4bf6e4..e3f98b9005 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -669,6 +669,13 @@ The following diagram shows the Policy configuration service provider in tree fo
   </dd>
 <dl>
 
+### ADMX_DeviceGuard policies
+
+ <dd>
+    <a href="./policy-csp-admx-deviceguard.md#admx-deviceguard-configcipolicy" id="admx-deviceguard-configcipolicy">ADMX_DeviceGuard/ConfigCIPolicy</a>
+  </dd>
+<dl>
+
 ### ADMX_DeviceInstallation policies  
 
 <dl>
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index 4409c38540..4395fbc920 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -444,7 +444,9 @@ items:
             - name: ADMX_Desktop
               href: policy-csp-admx-desktop.md
             - name: ADMX_DeviceCompat
-              href: policy-csp-admx-devicecompat.md  
+              href: policy-csp-admx-devicecompat.md
+            - name: ADMX_DeviceGuard
+              href: policy-csp-admx-deviceguard.md   
             - name: ADMX_DeviceInstallation
               href: policy-csp-admx-deviceinstallation.md
             - name: ADMX_DeviceSetup

From 961fa414d108e1e43a906ad646ec82a7c5038e91 Mon Sep 17 00:00:00 2001
From: Ashok Lobo <v-ashoklobo@microsoft.com>
Date: Wed, 8 Sep 2021 17:40:48 +0530
Subject: [PATCH 199/671] Updated as per 5358843-files276to300

---
 windows/security/threat-protection/auditing/event-5148.md | 6 +-----
 windows/security/threat-protection/auditing/event-5149.md | 6 +-----
 windows/security/threat-protection/auditing/event-5150.md | 6 +-----
 windows/security/threat-protection/auditing/event-5151.md | 6 +-----
 windows/security/threat-protection/auditing/event-5152.md | 6 +-----
 windows/security/threat-protection/auditing/event-5153.md | 6 +-----
 windows/security/threat-protection/auditing/event-5154.md | 6 +-----
 windows/security/threat-protection/auditing/event-5155.md | 6 +-----
 windows/security/threat-protection/auditing/event-5156.md | 6 +-----
 windows/security/threat-protection/auditing/event-5157.md | 6 +-----
 windows/security/threat-protection/auditing/event-5158.md | 6 +-----
 windows/security/threat-protection/auditing/event-5159.md | 6 +-----
 windows/security/threat-protection/auditing/event-5168.md | 6 +-----
 windows/security/threat-protection/auditing/event-5376.md | 6 +-----
 windows/security/threat-protection/auditing/event-5377.md | 6 +-----
 windows/security/threat-protection/auditing/event-5378.md | 6 +-----
 windows/security/threat-protection/auditing/event-5447.md | 6 +-----
 windows/security/threat-protection/auditing/event-5632.md | 6 +-----
 windows/security/threat-protection/auditing/event-5633.md | 6 +-----
 windows/security/threat-protection/auditing/event-5712.md | 6 +-----
 windows/security/threat-protection/auditing/event-5888.md | 6 +-----
 windows/security/threat-protection/auditing/event-5889.md | 6 +-----
 windows/security/threat-protection/auditing/event-5890.md | 6 +-----
 windows/security/threat-protection/auditing/event-6144.md | 6 +-----
 windows/security/threat-protection/auditing/event-6145.md | 6 +-----
 25 files changed, 25 insertions(+), 125 deletions(-)

diff --git a/windows/security/threat-protection/auditing/event-5148.md b/windows/security/threat-protection/auditing/event-5148.md
index 23a31eb1a6..1946129b9b 100644
--- a/windows/security/threat-protection/auditing/event-5148.md
+++ b/windows/security/threat-protection/auditing/event-5148.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 05/29/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5148(F): The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 In most circumstances, this event occurs very rarely. It is designed to be generated when an ICMP DoS attack starts or was detected.
 
diff --git a/windows/security/threat-protection/auditing/event-5149.md b/windows/security/threat-protection/auditing/event-5149.md
index 04f6c8747a..467c7145cc 100644
--- a/windows/security/threat-protection/auditing/event-5149.md
+++ b/windows/security/threat-protection/auditing/event-5149.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 05/29/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5149(F): The DoS attack has subsided and normal processing is being resumed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 In most circumstances, this event occurs very rarely. It is designed to be generated when an ICMP DoS attack ended.
 
diff --git a/windows/security/threat-protection/auditing/event-5150.md b/windows/security/threat-protection/auditing/event-5150.md
index 7e8b6a5cc1..9d9c830f21 100644
--- a/windows/security/threat-protection/auditing/event-5150.md
+++ b/windows/security/threat-protection/auditing/event-5150.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5150(-): The Windows Filtering Platform blocked a packet.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event is logged if the Windows Filtering Platform [MAC filter](/windows-hardware/drivers/network/using-layer-2-filtering) blocked a packet.
 
diff --git a/windows/security/threat-protection/auditing/event-5151.md b/windows/security/threat-protection/auditing/event-5151.md
index 611541553e..6601b86883 100644
--- a/windows/security/threat-protection/auditing/event-5151.md
+++ b/windows/security/threat-protection/auditing/event-5151.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5151(-): A more restrictive Windows Filtering Platform filter has blocked a packet.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event is logged if a more restrictive Windows Filtering Platform [MAC filter](/windows-hardware/drivers/network/using-layer-2-filtering) has blocked a packet.
 
diff --git a/windows/security/threat-protection/auditing/event-5152.md b/windows/security/threat-protection/auditing/event-5152.md
index cb8da40be3..d4bcbf8042 100644
--- a/windows/security/threat-protection/auditing/event-5152.md
+++ b/windows/security/threat-protection/auditing/event-5152.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5152(F): The Windows Filtering Platform blocked a packet.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5152.png" alt="Event 5152 illustration" width="497" height="499" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5153.md b/windows/security/threat-protection/auditing/event-5153.md
index ce3f53f60d..eee4621b4d 100644
--- a/windows/security/threat-protection/auditing/event-5153.md
+++ b/windows/security/threat-protection/auditing/event-5153.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5153(S): A more restrictive Windows Filtering Platform filter has blocked a packet.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event is logged if a more restrictive Windows Filtering Platform filter has blocked a packet.
 
diff --git a/windows/security/threat-protection/auditing/event-5154.md b/windows/security/threat-protection/auditing/event-5154.md
index ea9c8ea638..6d0b939b64 100644
--- a/windows/security/threat-protection/auditing/event-5154.md
+++ b/windows/security/threat-protection/auditing/event-5154.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5154(S): The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5154.png" alt="Event 5154 illustration" width="490" height="474" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5155.md b/windows/security/threat-protection/auditing/event-5155.md
index d00134db41..166520ef13 100644
--- a/windows/security/threat-protection/auditing/event-5155.md
+++ b/windows/security/threat-protection/auditing/event-5155.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5155(F): The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 By default Windows firewall won't prevent a port from being listened by an application. In the other word, Windows system will not generate Event 5155 by itself.
 
diff --git a/windows/security/threat-protection/auditing/event-5156.md b/windows/security/threat-protection/auditing/event-5156.md
index b7aa9709b2..d0af703c34 100644
--- a/windows/security/threat-protection/auditing/event-5156.md
+++ b/windows/security/threat-protection/auditing/event-5156.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5156(S): The Windows Filtering Platform has permitted a connection.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5156.png" alt="Event 5156 illustration" width="491" height="506" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5157.md b/windows/security/threat-protection/auditing/event-5157.md
index 73d84e9d53..c20c64f670 100644
--- a/windows/security/threat-protection/auditing/event-5157.md
+++ b/windows/security/threat-protection/auditing/event-5157.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5157(F): The Windows Filtering Platform has blocked a connection.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5157.png" alt="Event 5157 illustration" width="491" height="503" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5158.md b/windows/security/threat-protection/auditing/event-5158.md
index d863b08c36..f35938a490 100644
--- a/windows/security/threat-protection/auditing/event-5158.md
+++ b/windows/security/threat-protection/auditing/event-5158.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5158(S): The Windows Filtering Platform has permitted a bind to a local port.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5158.png" alt="Event 5158 illustration" width="491" height="466" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5159.md b/windows/security/threat-protection/auditing/event-5159.md
index fb896131ac..95ac21b41a 100644
--- a/windows/security/threat-protection/auditing/event-5159.md
+++ b/windows/security/threat-protection/auditing/event-5159.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5159(F): The Windows Filtering Platform has blocked a bind to a local port.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5159.png" alt="Event 5159 illustration" width="491" height="466" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5168.md b/windows/security/threat-protection/auditing/event-5168.md
index bb9371baff..5d1e8bf0d8 100644
--- a/windows/security/threat-protection/auditing/event-5168.md
+++ b/windows/security/threat-protection/auditing/event-5168.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5168(F): SPN check for SMB/SMB2 failed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5168.png" alt="Event 5168 illustration" width="575" height="474" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5376.md b/windows/security/threat-protection/auditing/event-5376.md
index 3cbb58cf29..1b77d59d7e 100644
--- a/windows/security/threat-protection/auditing/event-5376.md
+++ b/windows/security/threat-protection/auditing/event-5376.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5376(S): Credential Manager credentials were backed up.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5376.png" alt="Event 5376 illustration" width="449" height="404" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5377.md b/windows/security/threat-protection/auditing/event-5377.md
index 3be670da7b..82af29b1d7 100644
--- a/windows/security/threat-protection/auditing/event-5377.md
+++ b/windows/security/threat-protection/auditing/event-5377.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5377(S): Credential Manager credentials were restored from a backup.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5377.png" alt="Event 5377 illustration" width="449" height="404" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5378.md b/windows/security/threat-protection/auditing/event-5378.md
index 0025f40837..7880067fb3 100644
--- a/windows/security/threat-protection/auditing/event-5378.md
+++ b/windows/security/threat-protection/auditing/event-5378.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5378(F): The requested credentials delegation was disallowed by policy.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5378.png" alt="Event 5378 illustration" width="449" height="438" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5447.md b/windows/security/threat-protection/auditing/event-5447.md
index 2b5c265e83..c7e89a3513 100644
--- a/windows/security/threat-protection/auditing/event-5447.md
+++ b/windows/security/threat-protection/auditing/event-5447.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5447(S): A Windows Filtering Platform filter has been changed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5447.png" alt="Event 5447 illustration" width="493" height="793" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5632.md b/windows/security/threat-protection/auditing/event-5632.md
index ad0e108238..fd3345a565 100644
--- a/windows/security/threat-protection/auditing/event-5632.md
+++ b/windows/security/threat-protection/auditing/event-5632.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5632(S, F): A request was made to authenticate to a wireless network.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5632.png" alt="Event 5632 illustration" width="419" height="417" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5633.md b/windows/security/threat-protection/auditing/event-5633.md
index ba78854b75..d72afb75da 100644
--- a/windows/security/threat-protection/auditing/event-5633.md
+++ b/windows/security/threat-protection/auditing/event-5633.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5633(S, F): A request was made to authenticate to a wired network.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5633.png" alt="Event 5633 illustration" width="528" height="449" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5712.md b/windows/security/threat-protection/auditing/event-5712.md
index 5bb81e6f09..48363c3beb 100644
--- a/windows/security/threat-protection/auditing/event-5712.md
+++ b/windows/security/threat-protection/auditing/event-5712.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5712(S): A Remote Procedure Call (RPC) was attempted.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 It appears that this event never occurs.
 
diff --git a/windows/security/threat-protection/auditing/event-5888.md b/windows/security/threat-protection/auditing/event-5888.md
index 8d2ea38fcb..4a22ab0013 100644
--- a/windows/security/threat-protection/auditing/event-5888.md
+++ b/windows/security/threat-protection/auditing/event-5888.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5888(S): An object in the COM+ Catalog was modified.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5888.png" alt="Event 5888 illustration" width="457" height="489" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5889.md b/windows/security/threat-protection/auditing/event-5889.md
index e3d65ee453..d0d9842512 100644
--- a/windows/security/threat-protection/auditing/event-5889.md
+++ b/windows/security/threat-protection/auditing/event-5889.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5889(S): An object was deleted from the COM+ Catalog.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5889.png" alt="Event 5889 illustration" width="472" height="653" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5890.md b/windows/security/threat-protection/auditing/event-5890.md
index 9b7a9f515c..f7bf90b524 100644
--- a/windows/security/threat-protection/auditing/event-5890.md
+++ b/windows/security/threat-protection/auditing/event-5890.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5890(S): An object was added to the COM+ Catalog.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5890.png" alt="Event 5890 illustration" width="449" height="462" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-6144.md b/windows/security/threat-protection/auditing/event-6144.md
index 7565e8f794..0ed126dc60 100644
--- a/windows/security/threat-protection/auditing/event-6144.md
+++ b/windows/security/threat-protection/auditing/event-6144.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6144(S): Security policy in the group policy objects has been applied successfully.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-6144.png" alt="Event 6144 illustration" width="449" height="347" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-6145.md b/windows/security/threat-protection/auditing/event-6145.md
index b70a0844a2..ff67ad627d 100644
--- a/windows/security/threat-protection/auditing/event-6145.md
+++ b/windows/security/threat-protection/auditing/event-6145.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6145(F): One or more errors occurred while processing security policy in the group policy objects.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-6145.png" alt="Event 6145 illustration" width="464" height="361" hspace="10" align="left" />
 

From 880447898133e5cde70b76e82c4d07feb134fe1e Mon Sep 17 00:00:00 2001
From: Andrew Rathbun <36825567+rathbuna@users.noreply.github.com>
Date: Wed, 8 Sep 2021 08:26:18 -0400
Subject: [PATCH 200/671] Update event-4776.md

Change lowercase c to uppercase C in line with other error codes.
---
 windows/security/threat-protection/auditing/event-4776.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/auditing/event-4776.md b/windows/security/threat-protection/auditing/event-4776.md
index 75dc6a4a69..3249451c6f 100644
--- a/windows/security/threat-protection/auditing/event-4776.md
+++ b/windows/security/threat-protection/auditing/event-4776.md
@@ -116,7 +116,7 @@ This event does *not* generate when a domain account logs on locally to a domain
 | 0xC0000193 | Account logon with expired account.                                                                                                                                                                                                                                                       |
 | 0xC0000224 | Account logon with "Change Password at Next Logon" flagged.                                                                                                                                                                                                                               |
 | 0xC0000234 | Account logon with account locked.                                                                                                                                                                                                                                                        |
-| 0xc0000371 | The local account store does not contain secret material for the specified account.                                                                                                                                                                                                       |
+| 0xC0000371 | The local account store does not contain secret material for the specified account.                                                                                                                                                                                                       |
 | 0x0        | No errors.                                                                                                                                                                                                                                                                                |
 
 > Table 1. Winlogon Error Codes.
@@ -150,4 +150,4 @@ For 4776(S, F): The computer attempted to validate the credentials for an accoun
 | **User logon from unauthorized workstation**        | Can indicate a compromised account; especially relevant for highly critical accounts.                                                               |
 | **User logon to account disabled by administrator** | For example, N events in last N minutes can be an indicator of an account compromise attempt, especially relevant for highly critical accounts.     |
 | **User logon with expired account**                 | Can indicate an account compromise attempt; especially relevant for highly critical accounts.                                                       |
-| **User logon with account locked**                  | Can indicate a brute-force password attack; especially relevant for highly critical accounts.                                                       |
\ No newline at end of file
+| **User logon with account locked**                  | Can indicate a brute-force password attack; especially relevant for highly critical accounts.                                                       |

From 445cb5de6f4e9afa8cfaaa539c56f6a4b2cb7bb1 Mon Sep 17 00:00:00 2001
From: Meghana Athavale <v-mathavale@microsoft.com>
Date: Wed, 8 Sep 2021 18:02:50 +0530
Subject: [PATCH 201/671] Updated 101 to 112

---
 ...estrict-server-access-to-members-of-a-group-only.md |  7 ++++---
 ...ring-end-to-end-ipsec-connections-by-using-ikev2.md |  7 ++++---
 .../windows-firewall/server-isolation-gpos.md          |  7 ++++---
 .../server-isolation-policy-design-example.md          |  7 ++++---
 .../windows-firewall/server-isolation-policy-design.md |  7 ++++---
 ...-windows-firewall-and-configure-default-behavior.md |  7 ++++---
 ...s-firewall-with-advanced-security-design-process.md |  4 ++--
 .../verify-that-network-traffic-is-authenticated.md    |  7 ++++---
 ...-security-administration-with-windows-powershell.md |  7 ++++---
 ...firewall-with-advanced-security-deployment-guide.md |  7 ++++---
 ...ows-firewall-with-advanced-security-design-guide.md |  9 +++++----
 .../windows-firewall-with-advanced-security.md         | 10 +++++-----
 12 files changed, 48 insertions(+), 38 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md b/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md
index a9a24aa516..c0d7282746 100644
--- a/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md
+++ b/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md
@@ -1,5 +1,5 @@
 ---
-title: Restrict Server Access to Members of a Group Only (Windows 10)
+title: Restrict Server Access to Members of a Group Only (Windows)
 description: Create a firewall rule to access isolated servers running Windows Server 2008 or later and restrict server access to members of a group.
 ms.assetid: ea51c55b-e1ed-44b4-82e3-3c4287a8628b
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 After you have configured the IPsec connection security rules that force client devices to authenticate their connections to the isolated server, you must configure the rules that restrict access to only those devices or users who have been identified through the authentication process as members of the isolated server’s access group.
 
diff --git a/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md b/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md
index 8cb2a35d50..aa6d7c5117 100644
--- a/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md
+++ b/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md
@@ -1,5 +1,5 @@
 ---
-title: Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012 (Windows 10)
+title: Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012 (Windows)
 description: Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012
 ms.prod: m365-security
 ms.mktglfcycl: deploy
@@ -11,7 +11,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 ms.author: dansimp
 ms.technology: mde
@@ -21,7 +21,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 IKEv2 offers the following:
 
diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md b/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md
index bb23429112..74da744d30 100644
--- a/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md
+++ b/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md
@@ -1,5 +1,5 @@
 ---
-title: Server Isolation GPOs (Windows 10)
+title: Server Isolation GPOs (Windows)
 description: Learn about required GPOs for isolation zones and how many server isolation zones you need in Windows Defender Firewall with Advanced Security.
 ms.assetid: c97b1f2f-51d8-4596-b38a-8a3f6f706be4
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 Each set of devices that have different users or devices accessing them require a separate server isolation zone. Each zone requires one GPO for each version of Windows running on devices in the zone. The Woodgrove Bank example has an isolation zone for their devices that run SQL Server. The server isolation zone is logically considered part of the encryption zone. Therefore, server isolation zone GPOs must also include rules for encrypting all isolated server traffic. Woodgrove Bank copied the encryption zone GPOs to serve as a starting point, and renamed them to reflect their new purpose.
 
diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md
index a0070cf114..fd8fad7308 100644
--- a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md
+++ b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md
@@ -1,5 +1,5 @@
 ---
-title: Server Isolation Policy Design Example (Windows 10)
+title: Server Isolation Policy Design Example (Windows)
 description: Learn about server isolation policy design in Windows Defender Firewall with Advanced Security by referring to this example of a fictitious company.
 ms.assetid: 337e5f6b-1ec5-4b83-bee5-d0aea1fa5fc6
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 This design example continues to use the fictitious company Woodgrove Bank, as described in the [Firewall Policy Design Example](firewall-policy-design-example.md) section and the [Domain Isolation Policy Design Example](domain-isolation-policy-design-example.md) section.
 
diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md
index 7d44e7c17c..3d5d5e9694 100644
--- a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md
@@ -1,5 +1,5 @@
 ---
-title: Server Isolation Policy Design (Windows 10)
+title: Server Isolation Policy Design (Windows)
 description: Learn about server isolation policy design, where you assign servers to a zone that allows access only to members of an approved network access group.
 ms.assetid: f93f65cd-b863-461e-ab5d-a620fd962c9a
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 In the server isolation policy design, you assign servers to a zone that allows access only to users and devices that authenticate as members of an approved network access group (NAG).
 
diff --git a/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md b/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md
index b6a468447e..8f2dd62bfc 100644
--- a/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md
+++ b/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md
@@ -1,5 +1,5 @@
 ---
-title: Turn on Windows Defender Firewall with Advanced Security and Configure Default Behavior (Windows 10)
+title: Turn on Windows Defender Firewall with Advanced Security and Configure Default Behavior (Windows)
 description: Turn on Windows Defender Firewall with Advanced Security and Configure Default Behavior
 ms.assetid: 3c3fe832-ea81-4227-98d7-857a3129db74
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 To enable Windows Defender Firewall with Advanced Security and configure its default behavior, use the Windows Defender Firewall with Advanced Security node in the Group Policy Management console.
 
diff --git a/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md b/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md
index 6a77eda3f7..6f83b6d42d 100644
--- a/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md
+++ b/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md
@@ -1,5 +1,5 @@
 ---
-title: Understand WFAS Deployment (Windows 10)
+title: Understand WFAS Deployment (Windows)
 description: Resources for helping you understand the Windows Defender Firewall with Advanced Security (WFAS) Design Process
 ms.prod: m365-security
 ms.mktglfcycl: deploy
@@ -11,7 +11,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 ms.author: dansimp
 ms.technology: mde
diff --git a/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md b/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md
index 113c3c0cc2..633bcb4aed 100644
--- a/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md
+++ b/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md
@@ -1,5 +1,5 @@
 ---
-title: Verify That Network Traffic Is Authenticated (Windows 10)
+title: Verify That Network Traffic Is Authenticated (Windows)
 description: Learn how to confirm that network traffic is being protected by IPsec authentication after you configure your domain isolation rule to require authentication.
 ms.assetid: cc1fb973-aedf-4074-ad4a-7376b24f03d2
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 After you have configured your domain isolation rule to request, rather than require, authentication, you must confirm that the network traffic sent by the devices on the network is being protected by IPsec authentication as expected. If you switch your rules to require authentication before all of the devices have received and applied the correct GPOs, or if there are any errors in your rules, then communications on the network can fail. By first setting the rules to request authentication, any network connections that fail authentication can continue in clear text while you diagnose and troubleshoot.
 
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
index bf70a3a3b7..c4e919e41a 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
+++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
@@ -1,5 +1,5 @@
 ---
-title: Windows Defender Firewall with Advanced Security Administration with Windows PowerShell (Windows 10)
+title: Windows Defender Firewall with Advanced Security Administration with Windows PowerShell (Windows)
 description: Windows Defender Firewall with Advanced Security Administration with Windows PowerShell
 ms.prod: m365-security
 ms.mktglfcycl: deploy
@@ -11,7 +11,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 ms.author: dansimp
 ms.technology: mde
@@ -21,7 +21,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 The Windows Defender Firewall with Advanced Security Administration with Windows PowerShell Guide provides essential scriptlets for automating Windows Defender Firewall management. It is designed for IT pros, system administrators, IT managers, and others who use and need to automate Windows Defender Firewall management in Windows.
 
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
index 9a3954cc03..8e4af001ae 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
+++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
@@ -1,5 +1,5 @@
 ---
-title: Windows Defender Firewall with Advanced Security deployment overview (Windows 10)
+title: Windows Defender Firewall with Advanced Security deployment overview (Windows)
 description: Use this guide to deploy Windows Defender Firewall with Advanced Security for your enterprise to help protect devices and data that they share across a network.
 ms.assetid: 56b51b97-1c38-481e-bbda-540f1216ad56
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/17/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 You can use the Windows Defender Firewall with Advanced Security MMC snap-in with devices running at least Windows Vista or Windows Server 2008 to help protect the devices and the data that they share across a network.
 
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
index e1a438412f..702acc0dcf 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
+++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
@@ -1,5 +1,5 @@
 ---
-title: Windows Defender Firewall with Advanced Security design guide (Windows 10)
+title: Windows Defender Firewall with Advanced Security design guide (Windows)
 description: Learn about common goals for using Windows Defender Firewall with Advanced Security to choose or create a design for deploying the firewall in your enterprise.
 ms.assetid: 5c631389-f232-4b95-9e48-ec02b8677d51
 ms.reviewer: 
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 10/05/2017
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
@@ -22,7 +22,8 @@ ms.technology: mde
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016
+-   Windows 11
+-   Windows Server 2016 and above
 
 Windows Defender Firewall with Advanced Security is a host firewall that helps secure the device in two ways. First, it can filter the network traffic permitted to enter the device from the network, and also control what network traffic the device is allowed to send to the network. Second, Windows Defender Firewall supports IPsec, which enables you to require authentication from any device that is attempting to communicate with your device. When authentication is required, devices that cannot authenticate cannot communicate with your device. By using IPsec, you can also require that specific network traffic be encrypted to prevent it from being read or intercepted while in transit between devices.
 
@@ -87,7 +88,7 @@ The following table identifies and defines terms used throughout this guide.
 | Certificate-based isolation | A way to add devices that cannot use Kerberos V5 authentication to an isolated domain, by using an alternate authentication technique. Every device in the isolated domain and the devices that cannot use Kerberos V5 are provided with a device certificate that can be used to authenticate with each other. Certificate-based isolation requires a way to create and distribute an appropriate certificate (if you choose not to purchase one from a commercial certificate provider).| 
 | Domain isolation | A technique for helping protect the devices in an organization by requiring that the devices authenticate each other's identity before exchanging information, and refusing connection requests from devices that cannot authenticate. Domain isolation takes advantage of Active Directory domain membership and the Kerberos V5 authentication protocol available to all members of the domain. Also see &quot;Isolated domain&quot; in this table.| 
 | Encryption zone | A subset of the devices in an isolated domain that process sensitive data. Devices that are part of the encryption zone have all network traffic encrypted to prevent viewing by non-authorized users. Devices that are part of the encryption zone also typically are subject to the access control restrictions of server isolation.| 
-| Firewall rule | A rule in Windows Defender Firewall that contains a set of conditions used to determine whether a network packet is allowed to pass through the firewall.<br/>By default, the firewall rules in Windows Server 2016. Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 10, Windows 8, Windows 7, and Windows Vista block unsolicited inbound network traffic. Likewise, by default, all outbound network traffic is allowed. The firewall included in previous versions of Windows only filtered inbound network traffic. |
+| Firewall rule | A rule in Windows Defender Firewall that contains a set of conditions used to determine whether a network packet is allowed to pass through the firewall.<br/>By default, the firewall rules in Windows Server 2016. Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 11, Windows 10, Windows 8, Windows 7, and Windows Vista block unsolicited inbound network traffic. Likewise, by default, all outbound network traffic is allowed. The firewall included in previous versions of Windows only filtered inbound network traffic. |
 | Internet Protocol security (IPsec) | A set of industry-standard, cryptography-based protection services and protocols. IPsec protects all protocols in the TCP/IP protocol suite except Address Resolution Protocol (ARP).| 
 | IPsec policy | A collection of connection security rules that provide the required protection to network traffic entering and leaving the device. The protection includes authentication of both the sending and receiving device, integrity protection of the network traffic exchanged between them, and can include encryption.| 
 | Isolated domain | An Active Directory domain (or an Active Directory forest, or set of domains with two-way trust relationships) that has Group Policy settings applied to help protect its member devices by using IPsec connection security rules. Members of the isolated domain require authentication on all unsolicited inbound connections (with exceptions handled by the other zones).<br/>In this guide, the term *isolated domain* refers to the IPsec concept of a group of devices that can share authentication. The term *Active Directory domain* refers to the group of devices that share a security database by using Active Directory.| 
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
index e3becc881c..7a9d7305a5 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
+++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
@@ -1,5 +1,5 @@
 ---
-title: Windows Defender Firewall with Advanced Security (Windows 10)
+title: Windows Defender Firewall with Advanced Security (Windows)
 description: Learn overview information about the Windows Defender Firewall with Advanced Security (WFAS) and Internet Protocol security (IPsec) features.
 ms.prod: m365-security
 ms.mktglfcycl: deploy
@@ -12,7 +12,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 10/21/2020
+ms.date: 09/08/2021
 ms.reviewer: 
 ms.custom: asr
 ms.technology: mde
@@ -21,9 +21,9 @@ ms.technology: mde
 # Windows Defender Firewall with Advanced Security
 
 **Applies to**
-- Windows 10
-- Windows Server 2016
-- Windows Server 2019
+-   Windows 10
+-   Windows 11
+-   Windows Server 2016 and above
 
 This is an overview of the Windows Defender Firewall with Advanced Security (WFAS) and Internet Protocol security (IPsec) features.
 

From 1a091095772ca3aea9b11f0111dbc56fd4a51fe6 Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Wed, 8 Sep 2021 10:37:09 -0400
Subject: [PATCH 202/671] saving changes

---
 .../customize-taskbar-windows-11.md           | 207 ++++++++++++++++++
 .../start-layout-group-policy.png             | Bin 0 -> 173423 bytes
 .../taskbar-windows-11.png                    | Bin 0 -> 10392 bytes
 3 files changed, 207 insertions(+)
 create mode 100644 windows/configuration/customize-taskbar-windows-11.md
 create mode 100644 windows/configuration/images/customize-taskbar-windows-11/start-layout-group-policy.png
 create mode 100644 windows/configuration/images/customize-taskbar-windows-11/taskbar-windows-11.png

diff --git a/windows/configuration/customize-taskbar-windows-11.md b/windows/configuration/customize-taskbar-windows-11.md
new file mode 100644
index 0000000000..07fc7f54ca
--- /dev/null
+++ b/windows/configuration/customize-taskbar-windows-11.md
@@ -0,0 +1,207 @@
+---
+title: Configure and customize Windows 11 taskbar | Microsoft Docs
+description: On Windows 11 devices devices, iin additional apps to the taskbar and remove default pinned apps from the taskbar by adding a section to a layout modification XML file. 
+ms.assetid: 
+manager: dougeby
+ms.author: mandia
+ms.reviewer: 
+ms.prod: w11
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: mobile
+author: MandiOhlinger
+ms.date: 09/07/2021
+ms.localizationpriority: medium
+---
+
+# Pin apps to the Taskbar on Windows 11
+
+**Applies to**:
+
+- Windows 11
+
+> **Looking for OEM information?** See [Customize the Taskbar](/windows-hardware/customize/desktop/customize-the-windows-11-taskbar) and [Customize the Start layout](/windows-hardware/customize/desktop/customize-the-windows-11-start-menu).
+
+On Windows 11 devices, you can pin apps to the taskbar. If your organization uses a common set of apps, or devices only run some apps, you may want to use this feature. You can pin more apps to the taskbar, and also remove the default pinned apps.
+
+To add specific apps you want pinned to the taskbar, you use an XML file. You can use an existing XML file, or create a new file. If you have an XML file that's used on Windows 10 devices, you can also use it on Windows 11 devices. You may have to update the App IDs.
+
+This article shows you how to create the XML file, add apps to the XML, and deploy the XML file.
+
+## Before you begin
+
+- There isn't a limit on the number of apps that you can pin. ??OEM docs say a max of 3 pinned apps?? In the XML file, add apps using the [Application User Model ID (AUMID)](./find-the-application-user-model-id-of-an-installed-app.md) or Desktop Application Link Path (the local path to the app).
+
+- If you add an app that's not provisioned for the user on the device, the pinned icon won't show on the taskbar.??Is this still true??
+
+- The order of apps in the XML file dictates the order of pinned apps on the taskbar, from left to right, and to the right of any existing apps pinned by the user. If the OS is configured to use a right-to-left language, then the taskbar order is reversed.
+
+- It's recommended to use a Mobile Device Management (MDM) provider. MDM providers help manage your devices, and help manage apps on your devices. For Microsoft, that includes using Microsoft Endpoint Manager. Endpoint Manager includes Microsoft Intune, which is a cloud service, and Configuration Manager, which is on-premises.
+
+  In this article, we mention these services. If you're not managing your devices using an MDM provider, the following resources may help you get started:
+
+  - [Microsoft Endpoint Manager overview](/mem/endpoint-manager-overview)
+  - [What is Microsoft Intune](/mem/intune/fundamentals/what-is-intune) and [Microsoft Intune planning guide](/mem/intune/fundamentals/intune-planning-guide)
+  - [What is Configuration Manager?](/mem/configmgr/core/understand/introduction)
+
+## Create the XML file
+
+1. In a text editor, such as Visual Studio Code, create a new XML file. To help you get started, you can copy and paste the following XML sample. The sample pins two apps to the taskbar: Microsoft Edge and File Explorer:
+
+    ```xml
+    <?xml version="1.0" encoding="utf-8"?>
+    <LayoutModificationTemplate
+        xmlns:taskbar="http://schemas.microsoft.com/Start/2014/TaskbarLayout"
+        Version="1">
+      <CustomTaskbarLayoutCollection>
+        <defaultlayout:TaskbarLayout>
+          <taskbar:TaskbarPinList>
+            <taskbar:UWA AppUserModelID="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge" />
+            <taskbar:DesktopApp DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk" />
+          </taskbar:TaskbarPinList>
+        </defaultlayout:TaskbarLayout>
+     </CustomTaskbarLayoutCollection>
+    </LayoutModificationTemplate>
+    ```
+
+2. In the `<taskbar:TaskbarPinList>` node, add (or remove) the apps you want pinned. You can pin Universal Windows Platform (UWP) apps and desktop apps:
+
+    - `<taskbar:UWA>`: Select this option for UWP apps. Add the [AUMID](./find-the-application-user-model-id-of-an-installed-app.md) of the UWP app.
+    - `<taskbar:DesktopApp>`: Select this option for desktop apps. Add the Desktop Application Link Path of the desktop app.
+
+    ??You can pin as many apps as you want. OEM docs say a max of 3 pinned apps??. Just keep adding them to the list. Remember, the app order in the list is the same order the apps are shown on the taskbar.
+
+    For more information, see [Get the AUMID and Desktop app link path](#get-the-aumid-and-desktop-app-link-path) (in this article).
+
+3. In the `<CustomTaskbarLayoutCollection>` node, the apps you add are pinned after the default apps. If you want to remove the default apps, and only show the apps you add in the XML file, then add `PinListPlacement="Replace"`:
+
+    - `<CustomTaskbarLayoutCollection>`: Keeps the default pinned apps. After the default apps, the apps you add are pinned.
+    - `<CustomTaskbarLayoutCollection PinListPlacement="Replace">`: Unpins the default apps. Only the apps you add are pinned.
+
+    If you want to remove some of the default pinned apps, then add `PinListPlacement="Replace"`. When you add your apps to `<taskbar:TaskbarPinList>`, include the default apps you still want pinned.
+
+4. In the `<defaultlayout:TaskbarLayout>` node, use `region=" | "` to use different taskbar configurations based on the device locale and region.
+
+    In the following XML example, two regions are added: `US|UK` and `DE|FR`. The taskbar applies when:
+
+    - If the `<TaskbarPinList>` node has a country or region, then the apps are pinned on devices configured for that country or region.
+    - If the `<TaskbarPinList>` node doesn't have a region tag for the current region, then the first `<TaskbarPinList>` node with no region is applied.
+    - ??What happens if only a region is added, and device is configured with a different region? I assume no apps are pinned (other than the default)??
+
+    ```xml
+    <?xml version="1.0" encoding="utf-8"?>
+    <LayoutModificationTemplate
+        xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification"
+        xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout"
+        xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout"
+        xmlns:taskbar="http://schemas.microsoft.com/Start/2014/TaskbarLayout"
+        Version="1">
+
+      <CustomTaskbarLayoutCollection PinListPlacement="Replace">
+        <defaultlayout:TaskbarLayout region="US|UK">
+          <taskbar:TaskbarPinList >
+            <taskbar:UWA AppUserModelID="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge" />
+            <taskbar:DesktopApp DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk" />
+            <taskbar:UWA AppUserModelID="Microsoft.Office.Word_8wekyb3d8bbwe!microsoft.word" />
+            <taskbar:DesktopApp DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk"/>
+            <taskbar:UWA AppUserModelID="Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader" />
+          </taskbar:TaskbarPinList>
+        </defaultlayout:TaskbarLayout>
+        <defaultlayout:TaskbarLayout region="DE|FR">
+          <taskbar:TaskbarPinList>
+            <taskbar:DesktopApp DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk" />
+            <taskbar:UWA AppUserModelID="Microsoft.Office.Word_8wekyb3d8bbwe!microsoft.word" />
+            <taskbar:UWA AppUserModelID="Microsoft.Office.Excel_8wekyb3d8bbwe!microsoft.excel" />
+            <taskbar:DesktopApp DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk"/>
+            <taskbar:UWA AppUserModelID="Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader" />
+          </taskbar:TaskbarPinList>
+        </defaultlayout:TaskbarLayout>
+        <defaultlayout:TaskbarLayout>
+          <taskbar:TaskbarPinList>
+            <taskbar:DesktopApp DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk" />
+            <taskbar:UWA AppUserModelID="Microsoft.Office.Word_8wekyb3d8bbwe!microsoft.word" />
+            <taskbar:DesktopApp DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk"/>
+            <taskbar:UWA AppUserModelID="Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader" />
+          </taskbar:TaskbarPinList>
+        </defaultlayout:TaskbarLayout>
+      </CustomTaskbarLayoutCollection>
+    </LayoutModificationTemplate>
+    ```
+
+5. Save the file, and name the file so you know what it is. For example, name the file something like `CustomTaskbar.xml`. Once you have the file, it's ready to be deployed to your Windows devices.
+
+## Use Group Policy or MDM to create and deploy a taskbar policy
+
+Now that you have the XML file with your customized task bar, you're ready to deploy it to devices in your organization. You can deploy your taskbar XML file using Group Policy, or using an MDM provider, like Microsoft Intune.
+
+This section shows you how to deploy the XML both ways.
+
+### Use Group Policy to deploy your XML file
+
+Use the following steps to add your XML file to a group policy, and apply the policy:
+
+1. Open your policy editor. For example, open Group Policy Management Console (GPMC) for domain-based group policies, or open `gpedit` for local policies.
+2. Go to one of the following policies:
+
+    - `Computer Configuration\Administrative Templates\Start Menu and Taskbar\Start Layout`
+    - `User Configuration\Administrative Templates\Start Menu and Taskbar\Start Layout`
+
+3. Double-select `Start Layout` > **Enable**. Enter the fully qualified path to your XML file, including the XML file name. You can enter a local path, like `C:\StartLayouts\CustomTaskbar.xml`, or a network path, like `\\Server\Share\CustomTaskbar.xml`. If the file isn't available when the user signs in, then the taskbar isn't changed. Users can't customize the taskbar when this setting is enabled. If using a network share, be sure to give users read access to the XML file.
+
+    You policy looks like the following policy:
+
+    :::image type="content" source="./images/customize-taskbar-windows-11/start-layout-group-policy.png" alt-text="Add your taskbar layout XML file to the Start Layout policy on Windows devices.":::
+
+    The `User Configuration\Administrative Templates\Start Menu and Taskbar` policy includes other settings that control the taskbar. Some policies may not work as expected on Windows 11. Be sure to test your policies before broadly deploying them across your devices.
+
+4. When you apply the policy, the taskbar includes your changes. The next time users sign in, they'll see the changes.
+
+    For more information on using group policies, see [Implement Group Policy Objects](/learn/modules/implement-group-policy-objects/).
+
+### Create a Microsoft Intune policy to deploy your XML file
+
+MDM providers can deploy policies to devices managed by the organization, including organization-owned devices, and personal or bring your own device (BYOD). Using an MDM provider, such as Microsoft Intune, you can deploy a policy that configures the pinned list.
+
+Use the following steps to create an Intune policy that deploys your taskbar XML file:
+
+1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+
+2. Select **Devices** > **Configuration profiles** > **Create profile**.
+
+3. Enter the following properties:
+
+    - **Platform**: Select **Windows 10 and later**.
+    - **Profile type**: Select **Templates** > **Device restrictions** > **Create**.
+
+4. In **Basics**, enter the following properties:
+
+    - **Name**: Enter a descriptive name for the profile. Name your profiles so you can easily identify it later. For example, a good profile name is **Win11: Custom taskbar**.
+    - **Description**: Enter a description for the profile. This setting is optional, and recommended.
+
+5. Select **Next**.
+
+6. In **Configuration settings**, select **Start** > **Start menu layout**. Browse to, and select your taskbar XML file.
+
+7. Select **Next**, and configure the rest of the policy settings. For more specific information, see [Configure device restriction settings in Microsoft Intune](/mem/intune/configuration/device-restrictions-configure).
+
+8. When the policy is created, you can deploy it now, or deploy it later. Since this policy is a customized taskbar, the policy can also be deployed before users sign in the first time. If you use [Windows Autopilot](/mem/autopilot/windows-autopilot) (opens another Microsoft web site), add the taskbar policy to your Windows Autopilot policy.
+
+    For more information and guidance on assigning policies using Microsoft Intune, see [Assign user and device profiles in Microsoft Intune](/mem/intune/configuration/device-profile-assign).
+
+> [!NOTE]
+> For third party partner MDM solutions, you may need to use an OMA-URI setting for Start layout, based on the [Policy configuration service provider (CSP)](/windows/client-management/mdm/policy-configuration-service-provider). The OMA-URI setting is `./User/Vendor/MSFT/Policy/Config/Start/StartLayout`.
+
+## Get the AUMID and Desktop app link path
+
+In the layout modification XML file, you add apps in the XML markup. To pin an app, you enter the AUMID or Desktop Application Link Path. The easiest way to find this app information is to use the [Export-StartLayout](/powershell/module/startlayout/export-startlayout) Windows Powershell cmdlet:
+
+1. On an existing Windows 11 device, pin the app to the Start menu.
+2. Create a folder to save an output file. For example, create the `C:\Layouts` folder.
+3. Open the Windows PowerShell app, and run the following cmdlet:
+
+    ```powershell
+    Export-StartLayout -Path "C:\Layouts\GetIDorPath.xml"
+    ```
+
+4. Open the generated GetIDorPath.xml file, and look for the app you pinned. When you find the app, get the AppID or Path. Add these properties to your XML file.
+
diff --git a/windows/configuration/images/customize-taskbar-windows-11/start-layout-group-policy.png b/windows/configuration/images/customize-taskbar-windows-11/start-layout-group-policy.png
new file mode 100644
index 0000000000000000000000000000000000000000..99252bd13943ad48a576f50789e7fcb2c18d49a2
GIT binary patch
literal 173423
zcmbTe1yCGK*FQ=K5FCOhSkU0^?(Xgy+}+)RE$+_Z4!d}83-0dj7Thn-llOb?|5kl<
ztM2Wpsp*+L)2HQ3_c_1*&4w$;i6g;(g@=HEK$4UYQG$Sgf`Nee*ai#vekVKrPs97^
zgOifD5Jc4&-r@TNl$oHcAOu8h48pS^^!qiOy@aL{1Oyi8KgWj*%zg|Ah_^yX5kVDq
zy_3~X2Dq~?92e6Tb|@a__|+T@+Y6e(5Q`sS3*ZuU(Y0KM%!fJ(X-}(zguc*%{ozQ6
zVg-e6vk7YPmoL}629wE_m!`7LuKnW209n1^=#agacR`BI=VxtR>_0lH&sMpUXD#bd
zx)`i?GB(v29CkB#)g9Z7Mtz2%A={~Uv)tAMtJ~Y#4Gj$=v1lF10H$=$CpR~CNzazY
zjVNSIj26h?x~+{!lvgVIo-zLFEIOlBG;!JrbwV%Oewf<?yXUJ$X<mkkjtfxz@p{DL
z>>LV#lszqPyy|L=Tff6?LL>e2DMl^zpsh0g=<0*L(~%oB3E5E(%2|r72FTt9B1IEB
z^fT|k8RrCLc(d2C^<>FO|567&=M9{T*=7U<wA$^ThCroDUHwY<JHtOnB%hv~2p)=f
zNlkY3nO8VkhS*UsXYN<7F0DhNdT2I9v}tHF#xft8(y(`TS$UZ}WGlk>V@B(e+kV~j
z-ujLw8o((VM=>2I72g<E)3$7@2hjRG?1?139led*A?)O7f){moxlFFfxsSa67$5&)
zzUzl>1|YA3u0~$jhe*~Q`%c{)=vLt!YxZ}1)^7`c(0Gx|%Kj#W^p7RgR8rd7KE=nt
z2(HDWq)EQY$zvbWKXt_$NRl#fYn-xX8{T1(rw^%4LCF{;(8Ga%=&T&QLGZhGxkr*i
z5%i-?bz_lLocaAeMx4m|KS?5+v|wO8$7!4y_mxU~JTJX*B~vTZW}F+Q*~sC@&`2dG
zN4i;dBS^y>xe$b`jL5}-luL|GJJyN8x!pDe(KYdEh_nW+HFOb<Gs|*u0Py7EWO`--
zMH(?Ix)!QxPnrpf4h7<yW=UQJs9L((>adhQ53c>Y4Al=tP}oBAO75q9nkRQaSl7&@
zO_v*rx3;&KtP-Fs7ye7jr%&9egl*~Zy<R_87Xj(Op<G_ZU%V*=I$CB?eWq8T%nOVJ
z2-_S}0}JqhV6I`ju@9XR0Qs10{$950L5DVn%&4&hINAKW$;n9`y6XDULg2@&fuJ$y
z4-gP5TRKQTH`TG#Gf>^YNLdrXPKIG|=Uu^}0MhAKye*D<;nV_YPU67GKSV5Jo0lO+
zQ)OxiAqG=2>7o6%AFd|4&0VTM7Un~riK6O>#XqJoAbqVgCGRpNRx#7QiDPQc9Nu(-
zCiro_XbZG3*TpcYP`>#h6DZ<Fly3h+{Ck}hav2CjcB+9%_h(xR2FBA0MsmI)PNV7R
z+MZuWIbpt%&Q1;FEmSmAI}DA2ld_FP$oh8tbnZ*P8Z@t7TdQQeHPjuPX)r$1c;>Uw
z`H{r;EUTW)Khkn%#Z`PXR40?kH0#SjZWB{(<%Yzm>8gQW`6TB+z{!cC%MzX@1dh!;
z`l-9i>+!u|V4$MJlxe-zCm0xKuB=7tIdc}6pn$ZyZQ=_2friteDkZ)9;20xITCVno
zX<%hbo<8aZ7L@oG|D4cc`A`JUm?eUfc|EVu8{{@*+-&EzW^=k!fhF$NMBX;#e3Aug
zHZFjKuP>h`W@H~z8Vw6eqNXiIe);wF<Z~6J8y#$l0TxU+P>t);xeW!M{jc9!1bnOt
zrc-zO=Z_}|yk<|Zn>Ke<5m!5!QM6(F++FExZoXn1IYqR*N!%zuaC;q`l%6LC`wgSH
z;v|4Yub`!DIi$lP`@790xH>C&y;p3TKM&z>!_Og1$fYW?e#`mHbtcNYO(87c8;lN@
z{Cef&izya<=z+Ah5LQ|WmYytG?OBgeoBh&Qagr4%ysFm9?d8z9XJ1=zhD4w;R^7h)
zY_0^==gkA>{yuAIFYz0qq*A#-sWh~XnV4atGL~Q_7MFSaV<Rs~jS`zNveuXeq*PMF
z@<1}Qd>?UR@k+t3+jJs@pD`FY794X!kQFZ&^XaQw8iKD!FEED}Z~&7#eUxm|8ZM@m
z2Il6~{Hr86{HzqI16?=KUfQj#6%pp_bOW{}R+RVpE?&$2-?%7@s@U(kG5H|OGe+kY
z7b!8|$<W{){WD}tBNvTo(-ma^P050X2QK#Z3cy2gq7M<DCcu+FgqkPpKF%}sz$)(p
z8vWkJqnB^b7D2d+^~ctRhAC-i(mn-3D>sr2sZ{(vPnFxUC#k6huYH91<;><|FURU{
z)+jPrnCD*2)0%FsS6*+=ZhbR3<0x46so)$yG&mJDV${fW?<Q9wa#3Pov1!{Y9`3{o
z|1Q$4JDPh4qjVOW$$2pwmh)<NJjc6^&!Mm&C>9zjrGVM7pWX5PU_!i$!v2>pyVT+x
z_w+(>S*@=Rd#&r)breQMzeHuIAo#h&(d`innyr>Is%!n8me*Uhf()yEcJ;AxKEspa
znMq7wqhkWLN9@kJyM>(ZMTtLKLInp0H=&7>v<#1(aC&ad)PB^rdvyG*DLDl`*btbx
zJ}ntst+$zPuw%1Z0)s-(ibSAY*sYY*R`8Fz>c46Od>!C3xXjj~6bNLUni>G{fghi4
zPnOyXd(n8f`F;+A$?z01+BYMS<)SjJOZo47Cm+Vg=kb)bl!cZ3(vAuZ7B%r2VdI)*
zr=4@_j*cVh=%t6<SW8%crS6;djXQ`V!J6G-Sz8+XMr5C1b7QF<F4+j{+4aT}Cr=(6
ztYRL$X)UK>Pf7CCTv`(F8bNYM;dF!SH$-15I;Uy{2U4QQBftx@w!xYl9#VQ-{dg5G
zq_8_oZu!u_ane;#!toh9iKe~*zoPn~q0SrRbT(!RjNa#F7w9ddXlpnXFn)P$X<^n~
zNfnTXKF-Hz*5Fpl(xql&YheFz_uEby5w@H2ObH;l>Ig11^)gx9t4l}E3cOaxQxd&@
z2pPQ%jD?62iT~l|)~G-c`?K#L<tBSoeEoHQfV;u2TjMsBQh7prtscjd1QnKtmp24*
zApYRazsp=iF<6Dlg_dE&=wRVxjsMnFVNH*~8!NJK))mZ(u}8pZU*>;%fpV>Euef1o
z&f9$VJC~G=jL4aytPMuZ_;|9~3Cf~z9B|dVa%gQi#2u$AHtuyl_N^Ucye9u!j3wvw
zNWWG3qYyCc<Gq!M@~rLReU7!y@9Wsek2T@DPk49IuHDgGLu|U!X&vp?`=`yS;OM^n
z3mO~Rq(WW-%4y;@vg^C$D|J5mG5I0=4nEbX81b<jOcEn~40MIEtyRB=dB2$1GGivJ
zG1#nyFoG2$yh(p_!;^)ZTm6Z14_YZ+&+C%oVN&}@3#VSFHs$SN`{t2T5GN<+0cJhK
z%IYdGKVK&tI2nXrzgur3hRb|Pnh~FjQ5IXn&}xzkY${PR12%czr5;LdbtNyU=}Jgx
z`3K8tJ(f9^Y39||#;pOCEf_~;mSffDWR$>O8cJGVeq6UAE=6+L(ND7OS{mjwYszdA
z%C0)!ZnJl3H&NDQqbAiHYs!EfDXuaX%>)kZXM80-TbU+|w|m#MLYR7SXl!C%zCJ#3
zpJqGx^x@4%$Geu-bu^m#*Km>dGQRTV5qrCz?sY9yA0Y{iQ<jsERz>IqHz3Vjn=jFh
zJsmIBiRg!P*i&%ZSgMwPb!OXtHEbPzj>m*-cOsB9r}BdFgiZcgE%7I%wU%Bg4xUE6
zf?2HOQT2w)(7L9$7$ktpsj*ysC@^aPCyYTLc-tV$np_i0iSP^!v<-tvz!z1_%F0p-
z7daz0GpxwZpUQV4V;f@mD4CNt{Z(>mG7{F<mbZV0i4j4(`Jla>uUQA+i^~z&+-a(q
zwerWMdOdU3jdZvPfRWB*o_G`T&=>vj*EN~jIQ*?W=~Rgf-as1qeL8AUQJdy~s8b4^
z1oE$Uv#R3vxiHW3xn!m$7D;(Ye04uzlfEgn1Kd7VX*#5=ALPOIkFU7+9=}@mMb!@%
zdoW9)&$$r(V_8V=mgRGJ>GL4f=n-iq?iG&TD6P~h5R>kBcO4H)yKXnG|Io?FPnjXb
ziW6DhWIS4i!B5HD(`Q;S#%o_zw=4iZowCMHzjRspVZ(I$F=YHJ9v*nn`nz1FMw=%q
z^QU)5|2;8qR%kPYHERvOJNy48@-MJ(e{-obse%$|lz%TeNw;C)HmKfxo_|sTmJZq9
zoPm;4C=_^9j7!`S>hB#HCU=ua%iOAOPY1T-|B+`%+ZeaK@8Ms2nIVQZLHjERkpQ=*
z>+AZ>bk@dcD)m24cNTQ*UOA-cZ&XAb8jaoX00{mHGvpOkYxKZJ$a|g9Yv%n}J(?{~
z+qoo?46M;YeF|Ze2@9iZamOHOz2XlJ0Xbv>72G)!{-d0~@N~IR-%rAT<pAc><I~eD
zsU(x6u=>}`H!dSc@~+Dml5d?3nSEO|_Hsr>bx!ZG(m!dVI9LcW)5GhO1`8qLlh!g<
zhSriU|LEu`EiJyysczOP?~tBLb(wx4fr1sx(<kSkAef*o8Rf*mA1BH;jG})Ff$+7o
zZgvxR#HU_0m-Y7MNpKZ41r_=k<Q5jzw-hxrH0Ui(YwL;aXJe|&z*AX~$>N`}0SNVv
zXkC?2o4yBl<q{(7<ux{EP}YhVkibO_{s@nVFpT*4xA14@vhs3G2a7A;%T~WnnpOkT
z4nK=5>b0il*7Q_WS68N{=I00cYp13*;-?s>&m^68&h!Wnk{?(3!m#;6Oc;zwqbFUX
z>Ws<JZ5qD-SHIerM$6f0HCU4=6aQ7PeS0}T$b8;!xZ2_}(wc$0RH9n0_U;{+dLmlZ
zd+v{Av3mpY?$CCyGZUJ;)KajbzmtBen43#ZJ~}Gv4}H{A)ql%XD`rPDfAM+(X0!y2
zxXL%D3}k}+Te0ExO=>C&w&@`82JG2P85T#$fxT-66QwR(+kY_c7|8w!Ro{)%w&aFq
zjP3G1<#{l#;nl6xZQbc^RsAP?KWOB}VMQ7h4Ub|MloniGt4ta*<y8Zogm(pFe-|+N
zF2fbC;?TTmz0zrvCfPl;Y^HXz2<93wa(GUqrHJj6fCMdOZlf+*9CgErVt?W2_=w+%
z;F?Kju=gCBX~nzNE%VoQE`UOn-ZOLJw7xTEX7OTAn_C}JtXkU^Y(WtWppJ=jR0=6X
z)X)~ty=!C^UI8Uin8}Z6(~QLhAd@Rar7mxxss9|}g6h}SGD2mPrFzfSXxDzI>yk^!
zFSG;vukK#Ty_Ogwj94NJpv<dw@r)NQ)3-R;ilu)W?~l6yuh@lxkMeCE3r(Q_8VH9h
zciC*sNa%*W^iq%-hJ$^v=v@_U!>))`>1&@WU#NVW`sq`6m!PA8|JRe^$rw3t<-}vI
zu0nM<m@#a2!_Nq3@~&oRu{GRjg8^OVF0~u~Pi;GOid`|N@7i$C6kHPqSti!2CrglE
zc*PRVh-G@wYZw@FVjLEs#M0nEhPmq{C#+VF;jbT*rsXYRtbJaBO*<_?lRrnr82fY?
z7S_jq{k2g8#}*2zdxxzL!7qP?>6I~NXJ=Wn1tls?fkmx_#r0~%^LeqIKiJYnllg-3
z=Qre+dZEI#;lLQ`<l9n(cx+)N4NKAF+=2!#T-`>Dp^r!A8I$H<QgS&LOpe|xR*jVv
zmY-n*4{&LuDaqS}cH@U^#tQ;YwLQ7wmQAhOW!(T-FQ-gO*aQx+Hyi<7#TxiU!vO(6
zeRtL-bE`<hJ3G7D{Zra3sus%>6KHv)Q}-y8Z=7Z<(>`hCLRX5X8I3?`Y)$j8B^u<C
zD_L4nF*}HE>;EYtMhg!N3Q{E9@O=5a6>xNPWQ71{o=$LLac)yiI8!nL6Vzupt$9+J
z?$74JU}L5&IrG>!?FvvB`3$>Yjci-HfJDAzRBr_{YFh3q_45l*Rt)HJG!rQVIl{YQ
zT+>um*Md{OE#A<u+M}%8bD4Z(`v!fiwjQ#^o$;I2qdC8oK#%Ve{@#pAOqa2ESjIsR
zZQtnX>TJa!pm6*7nJ&Wz%qSelIJX6>Uq)34)Vir}?pu9zN*>@;!b5r@R$DrX<BUPF
zn=Q0zjdgs8{s-}axF?vgthZQE@JbwX1-0x7L;m2Py8pcO0V)J)e$L_NFm?n+fKbkF
z!7NFj8ZOKy*hor>SYDg-pTv@pV<H*R;7NvsVk@h8HkR9Y_FLe5i>IuUw4YsdHYsK6
zD&rZd@(P8aTa|Vr*XYM%{>GQGAS9%9(+yNCf`A+LdVmI>QCF7X$nv>yMSXB#t|c3*
zeiO8NZhh%G32k5VSn{@b2G5jQ%!tSLrHWT4GW%hMf2!;YSt85nD?@OR@b!#7SWlPt
zr?2_@t5U<M6JVCh@NLa}``8%<=<DBLocDR_3-hk6EscCL?+6OQ9q`w#8o{!}XRZtv
zf8s|;P^hTII|8%oZl6X%VGz+8?Dgm6m<|d?9T@>8RGfx)sh5<Ihi4_#ZGGKjev9BM
zBNMqfCFlJ4=g&t`AGFdlYVz)S=(PT>Q~txa9&ep7SeQE65&{arabyz+-kK2_-0EVB
zuzBYgT5<kQp{p)2<B`?DuUDg~>~Ej%Q`WtnUp=}WWuE&6YOx86_1rU`Z;Y?E?~LGQ
zRNMfZy%_8;W(GCiAVZ)B=m{~vc;d3x2qejRIF;9-E!|ox3Cbj)%l80^Z^SM;8j>mY
zZmm-~|MU+8L~Pt8MEbKsKBSM|d3^|!?n_%6%v7(^y_gJ=Y&)<0qmt%|kb^;fMx(xl
z5qLq|vJQ9WtRSpam5MFm!IMZn%ol1!@Vci9{PAOuD|eNGJ5!%-ILJ-T@9i5iCnU4M
zVT&S3@|wN6W+aeMQMs1H$UzKhQ~j(2iX`&y3`X5bL16#zIX|$wEu)&2)LgMN@x_#x
z>=q$1Jhk@QkK3=3*F52FsXF8?S8xQRA*wb(Qb}sF?72!ecQ;5!*QSw4<PuS&nowQD
z63H6GD2Rwg5v}<SG18CQ;6{2q1SdN|gb2J)TN3-G>wcJChw3hcg^gbZ3}p;B{+R!?
z-=MD5nrGvWusAeJh`zSOL}|kvN-A7JICU(nH}QjDI86W)P%>FnUK0^7Adv*+0C(c<
zx`gFxbf3}XwTg_iR5q*At<DbH4?RamDHRnK<rQe!0eVlP>TNpRC<`n7nFv=o<hv0&
z&i0p;q>Pyqw(f!LGAjq2{sVru>uwt;x~iR1lCvQDy*B#+5VJW>`=a~CGhnh&NJro1
z-{qw<*d@fhbN3Sf-ac8WloU2UH`n0iXjW!x;kCXsb~HKSAs&@;6b%-M#xQ3sR2gbs
zE)_OoO#}yqRm3YG1?uk7alm0^baZuKV19gjeRNco0*?{!)~6t0KPlS{6hHlvO;~Gy
zZ>bFoy;eZSr%hSvcsYOoH5qs1-C^q_`hY)&AURZepVT)s?Zs4;3?C5FYZ~pG{Ddy&
zjcCkqB2=uUp2PaLADN!+w`0=Wwrgxxx%O5^k!)tlRLlD#K85DF8~k+x=4jKLqKUf3
zh%-qrE`s%hRw8O|Fb4LTgwsqX*_Z`2D%hrTO>@sw3OabWh!?DDQK1G+orHyZgoK2=
zy}eVFY%#}@Uw$|6{G$#60v!<^uBvidA)kH#iT$>`g}XKBMeC!<fITuwj|W>+q_2!v
zkVB37?>=ibq3Lxy1{}qj0OF9jIjrctPlViu;_QEr|Kt0Smszz+O-!y%vzs5{GicLb
zRi@2oT4RJRTZ5zX%_Gp9PR}4)g+y8<p@`#v8K}cupIz?n?}^8lY(LwF|E<glWL5Jv
zs!=VPXOLncfw{Sb-RS|_XSP5QqJXR*P<~(=I#Bo>Bj_dm>>JHaC;v^@4N^ef@84$`
zHg)AC{+0sKWTJD`_8%wLUmG#_f4pT&)c?4{45fnqk?q{U<RJSX^w$T1Ag^A~bQAiY
zp9)}z{?oLCum7)Q{GWo-r7CDpiV6xf?w3Zbt7D}9aUgA7Xt0ha@`O)P^nKIvORB1>
ze*T30ulKK#o}Qk&jrzCx{~wh7FSYVe&0PER-+HUdD<l0^$W-UQ3TM8N{#9n66cqb6
z=P!x$-)><2{~_3qiB>YYw@Jus2wFUuzh=%%p+x>$vb~dmlLt+qk|e5#pkP<NXyl12
zH?tYkOrn0faoExiM_E2RE*DveU&k-*h^Wc?5h%!LSRoSN^VcU#AtL7gbl^pTQLRR6
zgY6e}iP+2Cloi1Y{w~o3(8s`isL&?U=&%4%K3e*Q1?w~7&3^r=<Z$SbDC&s@joE0;
zC+chRZV!AC1}0hyDJ}0PsO?vO{HzKLiwf>U*+=m@pzndp`#3j6eE4n(DI>!Hct=(p
zIq*y$9nI6vPEOwAxDl4r)RnAMIEK93*o}+Lo^2#JA(aZ1Hdt9t&j?KTaH~1@1#4%k
z^3Z(qT8)c8!^4x*%*Hg}K9!Vdr`L(2MidnDQI629*it8gCci`aGwm-?PLjMfAT%E6
zoM?xtwm~_~>R4T?Ntbhv&GTeUX=v&Bit8RIc0mb&ud{4`#Qp~(agO&`DM7-?$w^vz
zI7vHU!&FQWBV|}tUVi`5U1n;x=_`@B;S8N&e5XhdaZ622&BcYi=~o$w`7da>)*QYz
zgjyIVx$_PoP+(|f{Kbb3z_!=TRfp#{DI(-f3B>a9$^@74XLY(uHSG3zCGd^TQhStr
zUj+pD^u0^AhuO&qyRL-)RzO7b@bND~HF4f65n>p{4-f`Qf<%Ji;^Hzgh?Z(hk_JM8
zNKpX+0S=*1+1c5Ae0(x!sR|PD73Jj!@bH1L27!(tP}?@Qu2;X6!qW^EdwO2>$K}H#
z;NcOjI*#O}q(**u3_^YwkJGgjT1?yO4>XDwG|5TS{rm;%^c=TL;1_1Z@83T=gK-#B
zhVyOIW)#@sQ$vg#brR0gUIxM}tyqs0L*DD;D0B(&Nk+z+ErT;++y5(>3>(9wz=W?A
zj-5pAPQor4^Jv}ECy#>BDCF=9c;vfZ2j9u1un1|tJS6b(+Mk_BTw8rGsYcBxE!We{
zwHW!qGE^Htd4`6Du1FCq(4he7<I}diRR9(>X3(xT9jQ=7u|%@W3h6iRE&v_OVB<)Z
zk2)wqvKCi*GF!fB)3kI6f`jFXm91p4O$Ms4fK9p37U1MAUsE#6tijJ31}uj<+@8Y~
z(`h>z&P`vzeFaVxz6&8ClQapU>~&vBl&sZwBR(nEM8oiwF_cw?IP3jg&LB2IzuFBD
zT~p;==9I2*5PVFHN&ZIXggYVi7E#!)Iue{9%Qf7Y^>Dl2&5S3V(a8H2Ctk(2g&H3B
z@Q(GFz7;q3uiNUSeXb*x8yc~{&0qA+KVJ6c?NYYy#=4i&zF)*0d^FadJ9+-|Vl?8P
zejvozaAbFk-N(;7jN3ys_Dfm)LR5L<%I5pnlB47AnVGFIS7GTM`&+V{wps=easxH{
zLV$3|>bmdF&A?qUN~X0Nc|n!hNVDBKIv;Nse>sP5uG3BXqN0pEsqXIBZNzqrTa~Z1
z>kRXkY=Ex<;rZ&r?x4{?LmoVp+KbJ4zIz`HzZrIEPjbRO^mu#i1fgortc4{-2;Ga_
zz$J>_S^+`L9~)wRhsUclD<%T%&tYsQ<V^$bFSW0I6+jpc4i2v=%fRU9>`bkEcKd{*
zK!M`<<t2@jA#cIDVQ5I|fP=-MnG3mA-}k{JBEO}jg_wjSjT5K|yR~z<9slZU7c@C-
z{;lH0bk$$hs{J}_?hC7>mu?D2<A`^W1T$^mhU70=nhuajKHEwWrg562Wd6JD7&+NT
zogZ!&DXUYLUyWnt%zKg6G<&lXm^6ManC&I;5-p99k<Y2O?@x@<u=@~6693R5S|B40
zke7<Ux;cd8CCl%GaI;lEPTP7^_9#nZUiI0YLN_jwkGa^>!d$Sw#Yxod?GJmM(XdhT
zS<S=KR>1g9MI;vCAf_{2ql_b4x6&Oiv>mUkl>ZU}8S~m+lPIz>K~h`lreWqT?IGFj
zjmUhhlE{uZcPmCObJ-|byNu$UzG|De3CCPiTr49Woyx`<OI7c<K$F}N)>>FrHm0=r
zb5swFWYY=C6}PCIs@g=US0~y3JN`+PBZ~Z`gkHV#T2z_?pWzxB7`f>M9)jTuA|m2}
zGnbv69bTB75IJd^o*h#f<j0TID?z_!VLyk9C>>6?IU5M&S!fk14emPPIG6_t5eX_Q
zPtOWNX3T0exK)SA?VB)yPCPS7Ik3263@+i=9yc`@0BL)vr>SdfB}r^0-jm~pN{`mf
zhNqB3@@PiALej^5RDi75EtK!%dbFeh9d{;YT>&4$KNJPoC1LHJ^3MB*(Z&uIejp$g
zy_eyfJquG^Oz~~mX*jep&4p>}9A*B-Ku61EYbhmVEmVNwVt~CoZTF3oPORwUH?27h
z&7sysMl)!d`8+K<mVq0VFm2UJgvVcph;*Z-S?T<DsUYK^<aE4}Qa5J0?XT+<fu*)~
zC8n8ZPi}qGBU;IrSkPg1QGQX2k?P9P({=%sgWY6?U)kpO5jj8C)t<<`6+U)Xt*HDX
z`SpW7+m?j`jbH6mlXDYYX&_RuBX~GO7gZ#gh!ndfJApv6`F-2zv&&!GyEh2W#@<Bl
zQIQNWDw>S*`+@e)xhmG+SBKe0NJ!JMOpho0tCV$+^C?Mr&hkYs;p=&$UE9r^-TQXT
zevap#%UQQ|PHLOoslFJVKfilW_@AHF-(Csd9>J=Q>u9>B(;MI@&93o+kT)_WCBC)D
z4zvIo+fCe0Z_UQ@?bUipzh17oD=MNf7k1C<RIy6r+nc>7pQEB$ZT0Ubj>Q4z<)<en
zq8&yPzeMsjUS|=6<Bh5eXJ&>;qBZ*ZEBN`-;uxt(jCX;4-cMQiTT606)Noj0<dsX>
zMJ49dxo}D@?R}lRVdH?iJ?Mq{;Hr-MGu16kNrX1t)!66Y_+HF$C(+H&l`E>i%x`xb
z|2ho*+Dq=jkjMzwm-higzP^g^q7^b|-{L8HZEeq9*YxsyvlV^Mh=_<je>QyI^)xaj
zM&B}uPe2P4+71%V4+;u={<YdfGc>g>&$)cK-6@2L{u=|WkwL$s6tovsw{tt~k`-*@
z?79@{vb(F|?4v-M<uv{g#f<Nv*EnV^qbug30jV-9+E6GDV&7-H7+|4YVY5iMGsSft
zm1APc7uRfix>YKTCdr2jWN>R>uoe@`5veM-0)9%j)Ff`O7Aq6_jR`WxNQo87%NoFK
zq5bgEgDJtlHf~F{p=S86Q)RD=W2c=qyeHuf$&c{?s%h}~!8I+5%)nuxNr&bl9{y#u
zul@ByK)?s0uGfR_ETrFPSiY@XZewHZkYQfg1Q%9UpVu|g>qoI@NiI)7f8f-|U^7!?
zVi(X^niHJ_W=tj~*}m`5tUifKFBsE5d%lFK>uGkJnGHTe>6^Yr2WmYo^{==^tcKTw
zjN1w5dHz|`lrGNo2{av=)RWY;+@N$uiVkgWF|A5G&LQ}2272JYH3l`CGMfPLgkd>z
zB|^YB6LJF&JlEZ($`~2o_(bCi)nHddWfAl-(Z4?Ty+af`DeT3qTsGSAc=FSo2Q&-R
z2FCCi4(Bvr5q88D1Uf0m+Qng->62Tu2rNQ$%>dL~&(F=>mOZ9ws_&iTC@Uy&tjPW>
zqDZP6&21ZDK26iKhDW))G6j*P#xtmAE=xA3Ga#%`z^wX9%?f_<kX|ua!wEOWJjEPx
z;%4kVNsYX6UmFBTMwtKR)N`Inv2l=>?seBeOc?TDikVsEM)EKbS4m~2Qb<R_^jiNe
zI~u=O>if%I;7(Asvw7tYUH-8DBvc+(j`s4bQlKH~zfm%TKjG-C9X&bh);k?1uZsxI
z0ggC*AdiD18l_GKroK?0Q()1W2G8s&SSss%8&tBlJN>Aks;Zr!u&A+kT`uE6C%*(d
zZLZ+tV6!#z1@A0Lj9B>8dxWpV+Uk(cjg+5$U&d9=)z;RPdf+U9!OC;RhKLE!j>&vu
zH+pDed0Kg13lpX>L;KSI%Sct+Lr+gy4<J^|Z5$)LA2Kd=r|g=g>XwKT$UMy}!qZ&t
zZZm9u8>+`e+M6|C5`*I)q3w2XoSvQSG<$Qi@A${j>CYd8<pm-dz@V^P$~mt*I8jwS
zX=legBZFGffjv3yOA%_wpgGp^(((+0M)vA?(q<9^8KV-B(@J@OVrp!;?Lp)1PBI23
z!pPV#_2kfg@R*#O+{G<c&ET5rijrSNTV)+XV+BL8YO$S)S1i`}uC&n)Z{(c1I?u7B
zMs4}sc^AYQNjC9KTESYF6+=XbRK$KauiB&ri{lvUv0*-^4V89f8%4?Q+!U!j+YxpP
z8-*;PH{jhI+P5?N3@@7g-R8@*FZ|!qyFJHtb4FL&_YaU(>F`CJbDpfVK}&OFh}T$#
znU}uo?xVgf%aNxzrYf_UHosRJ%LlTI96r+HG0f*#SFTKp40vwyjG?%Yy4Z-g9hxoQ
z=8TPvj?<5fpP!IuBo?ROVjJtf>0jn-@!)-GYIDzTZCH+M7Rpl~-!^=opI)epKJ#jr
z>E1m|)t$9}_}Et;*=EiywoDmVGdJHjHwT`X1JBO6-j=d}M+=x^VY(#@f_h?hzM^M@
zK^F~KTV6g?jOLgS;j*8v%zY-g{^@J21`!i9+(!HhvZx_v&GC6+v(l{9TA7JB_<H6j
zNSkjxHOa;DxQb6MG>jvY-WAcR7gHj{C}jKeLJTnSdXu*2i)&)C_syKLRlrt(J!f<|
z{bsQkQ1939aQspA#m3ri{CBShz8Or6-T2TW6?HjK#~6ED@h9}ydI86$1ZZmOk6kU@
zfF{zVW&X~3vG(fU-wkKSdoZ7q^B^1TR<*mE?L<4H?l~wkM&S{EUS%+)s5YDr`()I$
z-+PJ!)>3xd$$vuwbWd;qN!U2dF(x<_e02|3!m7<KmI>uW?^7R++Ehiw+SA~s4KDwK
zcR~;La)S-O=0eFSlR^r9!d8m{PSH{62>n_usA+o1#6ZbUfF(Rm%g07<^6&*WE2G|G
z8ep@YO?O;dHlqF@EtSrK703|1a6d^YR^DEJolzYLlBRmB(Z2qiYL0!VQePb5=68MG
zV^WOEN^%RsmAGnSMm=VV3D%~>PjKg@TOG%qP;-)(cDuYB)%Uvz*<P?&1Rr+howT&P
zMsf-0N7a2*s4W@U+-Bn173W9k`r&vZo|H%N_V&{8*62Q&KU;og_8B8IebV%J@X8Ef
z9CL1dwpyc^iHwtzm^i<wpm$sw?d05)&Ehn1R!*C7DG($vC1$-i{Y&1e!qj+xz~k96
zhDz8xf>Z+3#jxTP`hC-30WI!|z;G#)j}Q>{m><d^zCmQHtQJ3!k*VvxV6K>lI=W?y
zSDGrlQ~_4C+otTLAi09>>sy4T7*(wJxa8U@I&TML9R9gqb4f~o*Pz>57;Q=WNW(=<
z_5(yo5Yy=nKfsK!a9~_Uv)odBBG7PC=vNFiq|6%{A%fQ^rr<dpQY9eNOr5gbmPLG8
z(ClZfta!@EjR15QwC@WA#jLz<crw66ohzDfmFsyJ^zcUyUe#(wo?mp|_iOoxzdUu!
z5AdXB*V6GK_f+v*-!#Qx7=n&uQ%4ebueqN;6;#i;sl45k_HX3K=KL{WT7pNOGp@IU
zm+A%*ub>$X;EAEI5|*=9T3qXuBaeG?Afr3b%L@8|C=$fN93E0pUsMg5UQvBp-Uq?v
zr1YIK)721dr#`f$&gV5hp6z&w1P)`USh*yfmTfx}&w;<gfNpWr0ZQLpL6^KtyBVFE
zWfh}*+4FVu3l95@B3u~}8Y)&=H|}-_Nzdmu(y_DZLD-PBt{GqF;#p$WvTma6yK-gk
zy`gA=jvv{#ba}IP*}!1K1~1w}!}kgMauF>+WeW=jmB(ZVBc!<a13Jrr26-Sj4hz@9
z+H!7&?RuWo{P^q5%ZnJ6iBVn=eWVGFWwJif*d9C-)Ag|7PnmDHw(!6r9`*N_)n53J
zqks30=$J*XZXRl6AABup-$!#ry0CFKU9zT{tw@l5lmEuE-Wuyj9H@rKoHA~k&q%x>
zPbz$M)dYa)kd-5r-rYj=72L30aW8<<&J6J-fO;=d%yvY9?mJe-vBoZ{N{I|{e00To
z=n=>LzD9Ra=pd_;x?VY7Al$+uU8UUG9|%ShfKYsvAKM%jdGdZwqqDyHM!BZ;NgS)r
zb_E1Cj$_En(+`9~dw7WU2TQl{R!>DVrae}gwpsMLX#<rf^wFw}g(ucC$`e^8n`=2Y
zoz5jL(Q3Hi%j=;y^YuHC><@iS7fw?f)M+<og2TifAECGb_?FZmVPOvgqT$Ue)GoO1
zu)x%e9Wf&{tJ+YE7eSyT(BQo2l8tE;t9;Brq&PoopbyI1&27D;WFc|paIHPtw4p}Q
zP8?yu+O*rq++1O9_GXT?L{Vj8zIfn3yQvXDHr+Wnz}7|8A`*_;DH0`q^Nd}5fDZy9
zwcy?nkfASf;jdvnl^+X1QVA0&X<VmuqgAN~oYc06Dw2$9$PfPz9XTiyTSW>oQBg-t
z{85Jn;1S-<O_NC!1j6J2dkux#xHCaAYHiH8PM1C^@SYA8(%fLrwukuF?`%_I=st|L
zSSYo<QrvGU!%aGGO&raQjaTC%CG|i*eCS-NeAlwEz%)dd$g$c=G2k2*SDz7y`GDIB
zd7!;Z#n&ae>pL0t-xzL+J`xFr=E-7q&S%nXNj02odqsQXsG=hsb{0Rsud8V0v&4yc
zM)9eqET>^uxZ;tbOEP@IJf#2*dc5Wqjfp-j8sScoz_zjC$}(Ah8<Le-5(OmX_qTR5
zHmb`+K@DgE^bE0cd;!J*fQU(%gOOCt`Rds(inVG9{R~{t_}s%GSE!<JW5Vx6^A**^
z?Gp)U;zuGfYevHWk45mT%=`xj<)T}+6@L5}8A$_~jb&QY{&D6SDQI*MRnsZ>E-L%g
zDp%|r$lb_J6qSKPR%gD<$Q_Z6zfXcYV2yD*Yk2I&WyJ{C=l}DYg9}*}!~COa5;s5H
zO7qK0ps3rk<K@=({gDK?CScV+h<B6R{FK9i?r~JeGxQzZP2c_f@5EhcpYq7Jd5vqA
z$hUWJY~Pv;v#$8{N-JGE?9E_MKj)>ya$+GIj={Q*SH755Z+rb}-i%cd1+7#@9d*X~
znEP@bJvq^_Yh?cHp!^>E@GR#tG#4h!E9zS{MwCOi)XLh5SU=1l^X*FGGOW@~=2GU)
zVT{XgkP`bxyK7iZBE18xH&MvO5x3m)&7!bs&|((ACe?L(`p_-r%ulE><8f%c_0F!1
z@(w<Q_jw6lZz`@$mQL@9B~AR1uz`=J{7J`+>)1`3HApR6_JBJ3b>_5vUnzL;Z873&
zg3M4)`SZCPI)R?@R;#P0yQvhOn$KBJ|JCx6@;eI3q1fWrVLZ~Vcta$saZ`liwqwF+
zW;kt&Jy6I$tN1M&q+p)`DxO>LyYf8(2#Zt4U>J?RDK6E7t6rYgrplj5A?ke%f-IZF
z59?n@`_MLEGh3YVuD$E}=ZG_OsOr9th6Wh8_{LxD;cRV`6ty&tQZ40W?+}GO4e^b!
z?qJ5Ro%dIBC-@aeX3-T%@2OV?R9_G+UdJCMi0WmlTuiH6aT*i2;Nc`{^b#rH!Ms)!
zw0JAc!^r7fe!EJy8z=&Z?eX9xS}n0vQeL)4+h<rkOy}GlIVU6R=YiHg&t(;ta<}ct
zd*OeM5{RmFKXO$b*AWUbX~)|C{_;BR;1U23{%2zL^cao51aR!YV+95QE1>4B`yCpx
zNOGGYm%g2`WFXG@B2}^5FIpoQ5>6~X-ZY7Y-60uq0cFb@+1x-!l2U_4Cgfz{O^qWi
zQeg2DmeIYz=aqcZ(bO-TtV7bsm+wZm@@*T>;U_U7(!ifme^@yY>qMySgXM}<)tnqM
zs5nN4aKTp|6Kz`yV>!X~C>Hkf)WgfkQe_5NX}d#@EEWz9Z!M*jnNmr<#93h-L(~Ga
z*~-ib$b|K7i8y~@r5%BnE}+jZ0~%7cRsHF-VoO?_Yp)+IxLyJ*3+_LZeTyZB0J3Rp
zycSwY3p2qGWtj%R^v9M~O)E>>irG<(M_olUzA(FD1|QiQ`-pmUWwjqkiy;BZW}~Tb
ziHV7s@myp)3>p!eJy}v3G+(!`PQU^N<So)=!{d!d8eH=bf(1iGR(y^^rH!o*y|UqQ
zQt4m!;!q`$B0oa8suiRZHx&2N(hSmC^mQ+mS}11c`SQ(Wf4$pGG;i-%Q2OIgZV*vD
zF!GI1W-(iNDOOnl3w<Ev)2P7i1FBlPewG>+^;opsyun8#akea*M#^9~<~><?DZoWk
z%F*yRSktF_)i{gW`vkzifA~`vM%4yXR*I0(yr3=y<*}hEPGiIugL`t?e|kzY;hco~
zkudEHfV_*tt^D(|VRm4slP;evaeHG*p|x>&dgZl*Y&&hgxOoaJ8SvH#?DjJSr;m4J
z%)m*5CcCv!r@HjGl3QI#%ho=|#L2^!=PUEvyvqBMK*#y=PPUh)%c#4srkVuT50-vu
z{2o>)_S=Ik(wxG?*V0`JaWP?jev=DDlsvDQ{%yNWR!A>IdjXtVlW2eE?q{1uwj|pP
zhl1)DeN*p|wD<|v`SUcovXW_`oa~?C%F3aLuUYf>ZVyBERS0tHgi#zUlX<ZlzX8?#
z%Ymoo>g??7lu4FZa}ube8Pc0gt7CQA%~<i~1I|gdOzk0^+O318g}JpE`s;(#Ry#BG
z%dILDMKzO+8_-nX;~(vpZbkg}$0_={HP&)C%oFcBQ2vCt7K}$xRqeE=r>ibEWbrs{
z3)B)@mOsjEG{o8c^iC>FI);8ZeJyUN&O80hsrLM0h5bJDlJIxj#r1*xt$37v03>9M
z9Ym3C-XZ$_JlRB-+)~-j0g+n4u~&kg5#GJCKUvG%EGrA(;yM1it;d_=c@w@S3D-S^
z^M|8|4@Xpfmxxr6ExhUs@_bL5BgOgxY4bEA5_e8I>V$&*DI#N@kC$I0>pJIjmm92C
zTsBk$v&7^L5=#dv%GNwos<Gq-1!l!F?De;{zJvyuaW9?L<~cE|7ydc_#cVwH(&2fw
zW<iZznaRd})&80C%BW4T)ytV#&!&Mj=K$d@O26T?xp<zR<GWIS6~B6Ao(00vRQ6C-
z7-Ayn?%I2WV;Y=2mV}As>h!#p@4i&*50D{9B1&lC>8LR%tg1|zwNCVW62#@`AG2og
zXcjl2sh$1l`BgfDtK3l@XV?0nEpnTOBX07`Ch(4VsXQLRYj#qWg4Fo+WZ*2jjCU#H
z?uMPaA&W|xtppZb&?pE~H7O<A_a!W%KKrmkX8d>4cir@cqeHKA?T7N#V)=}_l~WR>
zIa<KwPK`MGHXLHP4WnXVa=~}Mo0CVEazah6`sRX`N|3shTUB}fu>{}#SPuWo1@rMd
z|4r{B2UV(krn(_E0V#B6>?NB~WpKUx>eK2Oy|ffE4iYO(tIa)jMDx1Q2~HFWaZ!j>
zf{^D_KKKjc(#&tcjM3iRg+gLE8yji6>QK$E|E#QW5{T5?tykxMJ_cQXL=mufu6Gm8
zFLHct0jh4ING>}+vEk3!_W`-V6pUhu8v1VPFPqBWUt4Tv|9D~1Xw>YSL67^r?#_9a
ziBDrQ(~1Pqu4zwMlY2!=<#*J6Gx$Q!u(@@{C`M~|K(E~*#AEE993z0%ct8nYn9)#}
z6psa_XJMlcd!SiN1$4}utUb)5`;0vy&><upW4g>&t9AHXw0=D2-&!_)TuqmKNY5vy
zomACV`?Kly`da=8i$*~E*GArYg@;dLQCS~D$+;7<ibwR8$(E|0JB5j28A|`Ikptyr
zqP2x)V?b_HifyTU6sg6e@-#H_$J7z@fEbD7`wPPEaMWY*uyQ0U=WfJzE7%(=xY_de
zNCUa+7RT^B?Y!Z7tDS-lwz@*9L`G8Nnz!pu{azif=H#<)?#B~E^?jR5<C$Dy93EY+
zuNA>@gWSFVU-3w#^ZTA22PPHf909`_Fs7;x(drUkME*o60h*529j{Xm)WOO?6C{o8
z<j4-CJelE`q6P$x$qs!pwP5l42VSR&uIj2uySrIDuFmtDLEI>(s|ldWrlQ=oR_zqs
z3HKvwtJ~%?=8&x7KiqQI&dx434bF&j^;#NDiKDJjW&aRVSIlV;uaG61Y{q<0_%9~j
z;o+8(fH2d-$6=q49w0c+4;qp$V_zzla)~=W>DS3CD+=FZ%`|$)$n)ZsS#s~=Z{p`?
z*~!Teo3HuJRkf{KCEq&rH%gnDT7Rtq6j>-SCV18+Xs%Jzzx6NhwB8I|LJ(hUx))ct
z-|tHoNuoK2v6;M>9mhTYIztE=iSpmZ`=DQTaUB&dA1>d)d+|$Yda1ZigM)MTwxI8h
zf3NHf7{mYUz885%J|3x-8@eu<g#RhAhp{AUf;AW^B@ARw6dw3}#G38!>8ZkdErhmj
z5rDL76d2C3f&|#~R+KRUH}Mxbd1<CJ``n{_;z~3=lc8tq|NQ7F8KN`j-|s&Nn{2;w
z2@xnKok@R#F)aMcXKQ*NX4BD2PZ(Pe)i~3ak+1vsSc`V2<^kXi(d7`;gBi;*Ag1iv
zYA9esK2p%>V33CLQN451@g1^HVXe}~S1MJZLA&zs#=yD0rJ|;i8rvfr9Om@A-8uXd
zB%3w+@uQaZtA~kiX;JQqf<hIqb`iIF={&9s71HEln3o6ieUk^32yqd|`$%nsZW?IV
zyZ_lDOB>6kJ)Y-DN+aku9!_me>0HFCHjhbc^}D=Apyx<-^Yq?r>2t`=%=JgrmXLCi
z4r?!MX#=&au&-!uc}Pl@Z1(jxn<AJ1L)*99qF#&`^G&~viAU3CM!(~=q!JNd=0nKw
zdCk-8iXYa5Iu5C`J!~IVCVnuv4HU^Y;B$JlME_!tLfpcmFf~8G5f@L)rBsweFrsSp
zY^jHl`L-#inb@$!Xx2zlyzg88+8)_by#hfhnK~j?6<&j)o=uF8D`f<HT3@+d;2H7L
zidtZq_dc=?s`7{>_!@^v=w(Jl+LYDlE|eD5y{Zg2G>^bzMV-csC8w4|qNUkJ5N1*%
zb$AiM#FvWb`?`G{dAYN}Za*TlB!?>tqh+_D1#9{nI~c4X0gulILFaN43(@xxm(BXV
zqxNNwy~ATK%}meH^I<n-l3MH4t>X#bGiHjJImi9+kd=`Cp|kzzydxwO_nk4q@S%1w
zHKoH(`zdjC-Na4fE8StqCOR|o9w5xC%vDwGPnl<S3yBz0Us#$;0B}D>d@7)=sCx+A
z=N&aZsK+To@%sS+|C~<n_IQ1@ZSn26f}ULso;vvX>5&TlD9NU(Has*Oc$V%sj=TJJ
zYhd|ne=XjUnbXMBuC~;By2w#kkv_p-2Icm~Spg$Nl1}#tMf3!Fi!dqPyD3n2R`ayX
z+paS2<U(9D8MIm@N)A7>bQv+E!El}@t}+0qS5a|p^3>4XQ$S|cx;cHHhn30X!(Ya~
z+cmw2PkQ}OW_7(O>EskscJP?I=w^}4Gd7z*;;O23ht}D=ZVgz_$yPV=yoTWRwUZ1=
zbIuemfG+3rZYVedG9l(e+LxBca0Fje{~XwMXx6#*)Ev{q<4f^Eh-Q6f;%t0!%OXLJ
zevHRsz4ToE6Be5C*}=q>+cLS9h8(4eytTBp<-oeH*}I@2=AeKlXtjw45Z$kNQ;e*k
zX)E@2cxC$7dTBq_w|hZK^Fe)@$KY_3o`2n$ujAXBwV+|MT=M5kMpnwPVd+ltrxttZ
z?b0zodj50S*0XC{d*ONzxP`ujTFUg)$R)+M!R9S369m04H7o@O@^V*koH^}MI=he^
zaRo(-&hBK{QjQLCAD3({epPko5SOuh%!D2P=Js$<zmJWT<Xjh|ftM{LP^&_wnk6#U
z97;!<(aT9dpp#uz@F)}^Nlre*?jjivi3#`|=E*I7mNTh+L?ot7Ro9Swt*wPXJ*J-L
z3BJKXw68H$H5US_Ka1cvP;ArLm0FqOV<F&sRxK<jRh*fyTJC;{kx|##Q()p&URSlY
zS$K0vNa3OK^)!+|Rh?cQtfa+L=>6p6uEQAFWX|v9$@#d=;RX}3SkHTE!%Ox(0{+Sg
zKdgGg`qRJ}KDV*fHH~xp=e=4v{;JxK%qS;3%kxWX^E2Ym(5;svS(ylw4Y>y8b>_KY
zoO-5t9=WNUi9{66CdOQj9AqR5DLr}M7s&j)n)3GRlf|o$kOwX``4mY(4PorApTZk~
zR=5tZ|2P5<xgADL0_59Q9LCqS`xk{mabdvn`fU_~vAzO_+G(Jj{<mtrmYa(PS-Muh
z{(gNLUY6ng8D6dYuS(@j!O2=dCGRHsfuD}|YeLmcnB~Ge(5E4-Y(Bdb26t7$g_*6`
zPsRQH5(^x|>-_!SEy>G|F4)a6_5E78*EfV6dA5E)B0nBmolG`nzwB9=wbQn;;qNa<
z#I#PoaFB%I#XoFk=e5f&Ys+yY3pMPz?jNEPWPV9R!}l0mVz*hmJ&jum5M%8!y?Q1w
ztBqP}Nmy>cD<8E}(WaOC!eXS87xr`9jrYv(`n8!N<eXMPWVJSUPivfT6>Pz*r7U+E
zAUKXlC>M--9C7-bgO@>#aXA?t5QDRXX#;pl<lb5p>LxWs`CRt8i%bS$9xg9yDU(Zi
zC`66O<v<af0QV`yTMZ6deFc}oolL!WZ`M|f$w@Iukx;FJT_S;<qsw=`^Is_KBi$KD
zQuhh`LZ;=5U~jG?&qr2$AMY>iu9je|!3HW)$NorWx*U4u2u%ks6M4=RPeKt_DlwTy
zNy&_{joZho=B&$Zc1Q8Z3uGW~4sT>jXeJK``{qaB(EI556RzJAsD{2;FIIYz^zRu!
zZuZ@M;Eu%zz^ZZJ6*VWH{#i&FRcGmJI*$?Pq#!}$%7;9nx&aY=WsRpEF-*1_OWrMZ
zC>w0WMx5x8uhw=<pv!FoO4$4GkvZi%hLJ0l*mj8s*wuSxDMW`)n_?3vwgxN1s=z$C
zb#x1GVgPjFo4A3Y=|Qg9y;(uPx(fu5I~u_!Y+!*RB~5Lt$z&`?&Zuj}_0)@#1H8>F
zI@{7g*(Yt2sk^h5w~D)Qvrv97FD5{A)hz}8DsTujy<t%Tgo!RasfM_20pMT{GXZbZ
z)uNCsr8Q-3Op4)?Z-X4*xJtmYViW&-W5=hmQTUWL7@b>>Ua-jF{ESbgr?CfLyna!!
z*~9DIz(C2t#YO7mY|bW@Mu#T_1zitR63Yo=lUY!^&v`tu^HRFw#XqBjCs5oz|45+9
zHrY&|`Y(mhKV$M<2=W40R|e05^icg0!uw)&h(IVGX^{VO_(@V2(w>pqhLO#B@geKM
zKKuTGem-;<T5lxt96=~B961E)?QwOOokHk+@_hd=yq_^XUJ~fQ3ypkeVQoiMZX0pK
zMA7Rw6K{a^k^TFW<wRc3e*W2^1;6^7Av<{BLBatm3JFClBBvGNFTYPmty(exWHIVP
zPh+rhRnA-OgMZU~g&@WQhrE*c&IO};{gZP}t5MVKae_tbcM;GL5w!(o*J~va8p39d
z{LqOr|5Ny%n#5RplOP8WCT0~aVszbw%fre$rYEO!kyxB%+S`5DFVkm!b0$IlfXyun
z7ee66Cn*^Y2uk6hb=ix$zPN`S0I}I_gu#p9r5|X}s3|L>uSmZax?u`+_s(3fr|%;D
z@K1(<l*9X;!TaVfKeO}yBwGHL)~M&&ivM5cB7NYu|56+O)GePfZ2c3{X2e<b=B1|M
z(4`EM2EY}*1DC+bD5qW`H#awaetvQ|846O#x!KwGSqvTf9jJf*e}sQaw-uuxHMg(`
z_$=|AZl=Tlw7883rvUmh6hjZe&YUrdg@pw})CC3o58Ki|W8NQ~`2#sQ#w0WhjNXHx
zQwi(h;-cg<3o{Zqx!XU?LW=*JecCJp+0^#_ng4tG-)Wb>EXN2!{)d=3SYBKT^WPRS
z)BU&Q{~Mq6f9<0GAA%mWoI3wyN>ApCzISrr&`XdmsEf4V)Yfe6-(7lt?RWU>@i8*m
zKIz}aK==<z@9c5zsY2d2xYq@2|4RU6Sgg^gSZ#IdQT-p5?f*e9wO<;XHTh@Ncux$A
z8@jr>tE;P8mC2HSZ$ZeAS7c`5#gkfDSrK|)2)=KiG6ik>Qd`*Bo&R5~y>(Pv&AL7q
zL4qVCxRV5T3$B3#3-0djZjBQlxLdH`(nxS=+@*2%;NG~~>?Gek=iJ}AGwaTp;Xhz?
z@7~q5tKR2*q_($pDgM0d8V(*F9#Q9h^cfwt#d5PJFwWg*_6ug{9aLH^ZGlVN7_RTB
zQwDGx(lCA@#sc(o;=ny1|1$giVo8cpX~9a9VdK1>Kq0@5AT(jIC%6K=cGF6`b0|9A
zclRex{lN<plY3jmUYo(6P_z6<Fp-h;4GcQk+mrrz2YPyXHa503G$h^5cSrs|6>^&0
z509I!4?RndwVU1TC=9G~B3*QHlPOA|ei*?u<oV|lJSN}I>23F3{{9Hogx~Y%Ilc`V
z8z47fzee{Vd1gfERCLG3)k9mm^&(H;bk&~#_i`vK^e21D!35k(r0<mioQvlFOb?FN
z$VkN;FTTS4+RXewP;}XRNP=IvUg9YOmHT#|<OpS?pfFo$f8s0HPWJm^Pkb_FE*lb`
z(3g#xD$*$F=#aPzzlIC>a^=zd>3y_B?#jxFeZ3|fHtQGvl=<++L_v)r3xUV=y_p52
zzDs`ImtD^jk@!mZa+>!>IA#|S27FlGy|t4T8%uQ*2pgW7D}ElJc912T;)q=B?H$m!
z-nD_qI1px1orp&>WaOfcZALb1(LdM4oc<o;79V@_<N(vS08CR{$~ip~tjA90Gk~U+
zkPM@&{>I1<r0Z}UJiuabm-9{^T*0(=R_>pFGBD@QD%`$i@IGs5s4I?0)q(&7TgBy~
znXSj-K&ngpeS=AYvKVuwA6PJ!(ab|o;QTC_5`FGFF=R$QlqiESFfg=O;cQy`wM!UF
zT%;o4;hz{+)|Zr&G&euoU7wPZlbd!?RS8lzH8r_6X_KMbaS|%hGvL6;(w=m?E%f-q
z3MZ-)AD@2_7ki<KPGiE{M>>KXThv^}zBTUcVaLt*7`JvtEgMZtSGL}%%b!tF@rvDQ
zn0HLH3T!m^cz-#yz)IxgRCDyX`MFZhUi0n#xc}!_Hvj7Tb~hKYUby=t=LMA01EKyO
z76KZs+uNnX&3vlz@{ZDzBdy39T!X?aR1<8GbX%6v&Q4O{Y!_aPE_P9Z^Y*$O<&8y)
zpYvb|-O6l}mI;g!+cY%WeC{4^o#d*bhTkyFJ1cB&Zy%kU*t@ux<o$khZ83yP>|)50
zgAWneTB6(9K29`}Y`x8ql9HNsi}%T*n)oLCTL%e{&{<jS?d@dfNapw1uk-Ws5p%b;
zwon3u1O!?@uzJJ*M9x=fan|M>M>M{r9uOc8h9p?0ED8Hcw}K#+JFG^xh?GZwhOZ)@
z=lDP+R@iV<{tU06_g-f7`cRQMWmyav54BwRj%O`*zc+vnMaA1mhpcQv5VW#_Q~N^U
zP@{R<<kYwxjDKla%<0q~=Vs{~N1ZGH3-AQxRTSxXFUNS?#)Vz46f}joY!+$sdoS7F
zX5*#me7cOJ6J@qlUR3>g(_3|$KyiPP&gqifaIns!<fbv4dob|rEDh_MTT+B2k1kgd
z<;>BNgm<#wkmZup)6zd40gPT5Q2eiXo92de;|5w{QyUx6r-KXi4&!5Ed6LQKxVYOJ
z8@aMnfT5zjqXPpSeRDX21RvkLTy>-!Fg{Ce%E`iI9TswHH{Kt(L{4soHJHS9|13>N
zmEXEzm?Cgy&94qp#5uelhLGH+m794FB}+pkm`}@=17bLu?uQE1Jsr%39x!ZL9I`Gb
zNz%F{qVFd`E{RwwO1n&B=Z-!kxEYL?;tPrhp-U1>;-s0q4zjb9Z&XCc$VF~~ZnG=9
zH8Q`2ipxq$jZa<f#@{QW8W^ZT<D#|$@K)NM@;~+BfA<dA)3$hm@ok&V$`;oC7A=}0
z?uaibVUP6!3IVF4H^^w?*b`LaksN<+rmQ?Q^*rTO#$NFO@ixac6FXlP;b+x48B0w`
zgN!N_4xg!a$}c|2*T2T-$3m}95n|}hwF{;e2P>0by{PAy{A)1vIi{U~AO*lVe;11G
zb3K$2(evpuq@kjc1y3$5EqzI#OXhOO+e3efECFb8Rp~Cy&%?vRwQ4M9tIWn_^??i`
z4UPE?WnZCZS~eTyK;yfmx@_GwZO(PY56OJnDJ$yjt$(93*orsYyuXMtJObU)pvv7W
zR65`MumH+)*0rS}r!iu-6}^z<jPjAE=)_a@2FMaPP9w2dI2nb}YkZk2(Q-243ec#*
zuF>E*gR%&`K{11sEYw#P=TxX4&Xfo|YgVOkRB)u7ymucrD)k-xkVk}jbhZzaH4Y}X
z+&90n**$;g#PK>aEH30Kps6#31?i1rbgaUXv068NQFTVSUzd*=Uj-s|i`%h(p};)e
zNT(`wisys{&{Jr5%UIZa^tvE+e8nl`chFOtZk_l&jLz?a9`Efpd!~BCVM<eX$dp5C
zjzfBJ_AgDzgx4A09WO&T(HL&?8lr!%dQWukOjC#`5g^Ey-sRqp#1seSAMm9V6cl7+
zWE>sO=Bh2qY%iHYyCkHgwVT|lM@{#)w}H|IkM)SjqFk$mp0mQ+0G|ClO&xo`U-4aJ
zf_GdQgCYwxX{M{7)B3r~W0li6ZNhbm^CM5jarf|M9!(^wJofX-UrzGMMk=XulKj_R
zn>df$jfaKTAz>gE@5hA|&*4Fp9JI(9RyVN?-ei|u7<yw?)3Xk1$>BPJ&s06i_w=Xt
zT2MS6Lz02Vqc$9z9#<Y=jNiB7BaYA`V{^T|W^?*Ud(EmAm<xcJHQ?)4R}d)l(|Zah
zR7-Y^_tBp|eH!_orJ%qnBKB)&MPx|lLx)DM^&ofxefs(}?VPcb7Wq%j%@kXDqdhvl
zUi2?QhaQ#}6F+?f;Ym5)^S)=72lNt2<YlpI5}{qc@Luo3*0N>4)#D}(;{>N2Ud8@Q
zram$PQ5bfnPZuJ$%&E;<*b^z32$Uz(gzOi2rK=W<!eOO>r(g3$xJ7vB_aj(c+bKsS
zDz04kJ9WJIW*bab*9@<K2XaNOM|8laGJKZ&4P@1{y^on!R!YNg>ui!6GAsD!Zjq24
zZ$2q3@Fky)u_k>5%M~gDtFWD&-EaTI7?xfA!q=~GXMlkn8y=ywb94bdYa8A|Igt9Q
zyP}<e)GViayGvL@vf*Rejo*s35EU*{Qi(dN@l+9FHA3}}UkqcMkl72*+gU=L&w{IS
zCdL8BTpccc{hprB*H+gp*)u4J6457iz49!phYX1t41N7jMeFp~@Wjs!qe7=jYghHL
zKgz~cK4O?nrlh?I$*$g07b_#uwckZG&+f_^S9>ugCs(CK(K8Xi9VwwVWzD`VM=WYQ
zAX|z8dVbF{)gU><CBV?kILvB4)%Yr9<F1f&ivZ*fAynE?07K?AxM{v<II)lfsNsyO
zDvvB^>?KWul~t;1lFa)TR{ah6VFIcggqdNaCrNXzONt5#GcZ*!%G~(6s>$LD%U6*D
z7%W>eKhmd^loR3(W;II6<*<$4{25e&Ve@L5c!_CQK>@hb3+XxwZTv{jWZ(CU;Igu^
z>S{I`8uQe5PlGywgM-`b8td!bpb^5B{F{|j)O9w&hmZ_no1s#OCL{3{6I;-d=f+N0
zSUujWQyhBl(;UFNX3nT$shJ)hf4*w6JFKnw(C$!1=XNhvZT(5-tr4WY+;S@<r@8aj
zC(K-?!fd=<$4L!s9sB9~q4sFX$5gh7XmK;eEgQ{;Q5Wxr%f46}2K5glgG3GoWsh#x
z-RRZjIdAtMkqI_X6#}CBBr#Iua^}5ZnFfg=*OPe2(roiauF9pQfa52#a;iwex#q3M
zCa;_}C6nm{Z85#6hYecqxr&Vd2+VyY-X+LhYlc9ELB08SePjAOe<LIP@i_ZgscQ69
zXY;wmp$Cug<rgsa!bU-VV_2Ag@y2=iq4o|@qy72!<g#X(ht)0!i4#<q;Mg!B2EFmR
zyPZl6igt<1Djr5>zC&Qs{q3AbM<?0tmQJ*KbE$fLhki1M0W=l9iIa+p=Q+P5P}~gV
z`jhc+)bUol0w}700s;a_$?}Tg5uSbcSWDjs!e@qUp~uC?D=8~4c|YE>B!>+Wt7PC}
zhXzzADk;%xH7LHtou!0>=MG#d3S0_&wO@nfWpD9~QoDKiJ@%1nCO=Hm2vpjT-T68-
z8P*2Fc{xFH^#QU-)q!CwDI=4dj?Zjm{#MC+<ENUlw+vV44<wApeXLx57Cz6Zc06Xh
z@}>9eLw2RzMaBCzv;sndV&P}$Z(REZ(IQM#CY6m6)9y+oaK2+kC$JlISH)rK$bh5h
z4&uoJe_o65kEWbH3?aNJgYvy+`(Q7U1JZv|)(IGQ`-4$2?Jd6!ayMSgq9}A22X4<-
zfKu!cp0SKC%5B{4p&1(0$}eT*sJZ0j=X|C`&%HUNREK&+rz0uo?<-9@CG?9}Uc}%c
zWsv@yXVOw~JFpFT%E2{NdJ$LHE+5;zI+ouM0NM_bcG)|y_ENye%gM?4<SPBLB3{Dp
z(^qcjl5<}JDwf-#p>6T-#8+JEZamT(i0?4Dt={P;%~vvHr>%?c^Q68=izlbYu#nR8
zG4RhVivn!K3}GP;{n;03k;<qlK<(eBko|rg7e}<`Yox=1ka6G*JY-;m`l}x1a@ra;
zH|qrbOd40f6-;jkE+Ul&7O+?kd&aKQs|SI<M)=G%ox<XI6Sl+3l6UnDQ)u+_hNj}n
z)BuBLGLT+IayFyxiR~~>oy-xAw<C<!oqf)+K3o4(U0CT~bgR|p=jKomdM=|xvPX?8
z#mQo5QDNRh!{nS5YqZLaW5e1v^JUvL$NY)E1{hlwATEa-%N}bhD{W+2FF(G{@P4>1
z)q?QfY?Ib|tZyHD2&5jUA*SMq3bJx#?9(9;XSdWmt2bJCKMaMCpn`irl@uIc6Xyqq
z=v4RG1iyR|ZXB=Wu^pM^+7SYbUs@tg9h5FcqhAt1CAYJ?x|&YAhvD^V^_8b4qBJnv
zrt6y!qQwow2eG>w*!qv^aRxm8^cr0)NR8p-!NRD^<x~qf;sCngc9i0JBZ$StAlGB9
zWsKBmw5H$Nq%n@97H|lY24#pTqNXcxtV18mF8e|GkM;*uPf+)Gne7j#Kz+e2ky>s>
z5e>VYTEmJI5BtqnEsY@Z8k5U+1HLOO2XdZqpc-OaX*s)z2)j#&$$ePE<4z0xS%O->
zV_L4vV+NO-*Fu&O(o#X;TztOukd8L@V{l=&PQWEE$5cbQcI6n_0k<)P(VjFz8`aDF
zNb@&H*M0W!<^2GEB0!7))hu^f#PAjb0=c}n$oeEBGu+xLI1%SU?-0G`%Fs4ok?@N`
zOG-*>`RbND)9J^^r?P1cy0u;Ya6e+qsUNz+bl8zf=kL7qud65@u*JWsFE4B8F-5+J
zKT{W)*73NcIW8tM;q{66?>-J)_fegMPn$3pkz&z=qd6nTTdL1`O=)SF@02df(n;Ps
zUZ}6=tLoorwgj}~e8E?w*P^1s(4Q&VV8y;a2>w)`6nYJhVj!;^4;JF7-tN`hxEaii
zzYI;xDRt%7;^c@@TQ?`PkO@hycF(MRy&($kJcW(Zbb3KTqLm!IvVCWNcsii7Sju3-
zURCR|b2IE&_S+%)yUQb_qJk5GSf^=iYx^@JBcr87AY#qDx}mHrQf(EX4FhiOUV|f%
zqnZgx#eelF;Czag$eoPXd!tE(yS=mXu?*PLRX{$>5i8H^H0{Ga#ZEQn=5$POHzM$a
z<HK@fO}CB%o7Y7iZQ;?w1}ioCz*T)}Ld>GD9hEVOS}+geyk9=m_b#E0?DnAUw3Sst
zcA900F|yN~=kJ0#Tsoh>n0w72BPOpoKY8n*CWVleH{HLbQ_x5X5p3^*n;x0|)N6c7
zcrHA$)N0EDD~-cKD;;oDzZ`((r_cU0zS)2MCU=Lt<*?!Rojz%miOizn{|#zF)PI?x
zv$X?0q8ZDJmo3>(yw7$-_3O{KPNi9qRMs{(1NGykrltVXXF<1>l@*ZTW7Rq-^i1^9
zfsTnyTEDTwkq#m~JtM<>NxEhkHn{nHFfQC4wPwx78P1HEv;77CrFrcK&hF&nkdi`*
z6bRS}TXAzl>CN{lbnNT^5l8}=+;zcGrmu<En7-)7X+0-F%Sl%__^svFKEq$%i=9J^
z89ZcjvSA%EN*zRq2~ylb1k;}D1?ueIn-~1O(?*tFOVl3^m@L)8x>Purw7u*)<|gL#
zd1q9#asJ$B(py>H*8rXiLDb~s<<*=<PTC=WLz7g$TE7uks`Ma_wPgdEB4%c0*Voqo
zBr!mxara%c=13XLm&p+MGL+03)C1Ywel$I8G}vUQKgCJrLquawh_B|Fe;5+gamxYp
zCcU&gS?#HEzGIdJGq?O^<_S>gi_PQGIvq0R_NaRBp}@#&)7s>UuP31kOTjL32%48y
zqgIx!g;nTs`MqJvEZ0%knzmn&<wo@53bovl-qU3ZI6`qj)z-MGDo-Pv^!eOk7R*D>
zme$n89m{3VZ9SU#v!RUymp57nVH7VWuNUS@6VNfG>q6>!jV=(@X!ia#;xI%71$`tb
z3@B1n=@RxbC7@?7+aJ0Zz1migUW%-7iV_N)|FW+?KR+L0oDyebWPD`;WuPV^BErJL
z0$N^xd8)j;JaIu<w}okSB$d2bzPZf66&E|AQcbfkv+$=(@HAS(;E?1c_9@xF-5!$}
z1APO7|7rL*-ZZEyh5s*$iq&?mu+V~=Cc6SFHZra%Z@Sjo*9~v9CO62hXSuGq>bbZ|
zBv><W@Ue*wC@CcQHP8FH8$$e2$L>;7Q};KYQWLq&r+&8k$U>U2%?RC%%7Ft7BAp6@
zUXI7)$x#O;q&`H%MErv4qRAx@vW>;lb3tvz)AiHC$SXdijVGlzd<pG$u(wYE+23*%
zcQ5_Sq2^auGcdGls3oeMAhECk(?RKJp=Ogi1e3%$T@KeVxOmIoBDHZ+0@`yzFGQrZ
zz4Qopz7B5C=2VnVpJzvK!g&e(=|DeW@(p8K9Z^+zUTPcvi(7=Sh*QU-i*cF}5il()
zbPNxdwY0R<)!~*5Te4%o`POu@=|)?`%7#ei3%9jipKi$!t{ohNYm4?gXRs_4Ba7;T
zuglII5X|%iEo2qKR-(~kg`grSgO^y>WW_gbb$-h+wQPHpGL;n-HUD9{C?qXgplzqs
zHNV}V??EGaxRG>d3CF({RAbk{cb&h1uas9t<RH1)J(Vi(DQ2vwu$O?)XT^~vgXGQK
z7yQVr<8L_*9iX>#w0p8#eNGyc@7rSc_FNyBREl4pUZ-Z7;A^I~V~Y`uYld~~%asb!
zI8t!ZFdlucFeUG*#3q9F&wUFKP^t#CI@B;y&Jnr1TF1wIy~Sa~0JdCCG(FJqXd)Fo
z{9@0Gu^#d8So~!w;9{5@M7mcws6$e)TQ&~SsVHq&eBO+Lu^!B?`IP3jG6h(Y-=J^O
z8*i+y|G@UJI&ejN=fsSQN<}O<=s5w4jEIN;9@*gFkE72bdxR_FB#c0y+nw=zxv*6j
ztl54;B3Y9CCK#^6G^8rp7=<F5OTC%&J?2~%sU@91d?IZp6%dR|9<CfSmcnqB_og4K
z010MVPFnRcyV$%0uY(I0@K!h!!?M2hNJl%5E!f~P`1Y*W!J$X5NiVGI3(sis%aA!O
zNlO~w8YyCMW^_cKq#c}uDww9kSL`A!*?Nkl#MkUvHD>nna0Ib)S{n+E^NFO{&#w|@
zP;QDeJF4JE*omlw{X?6f_b88Cby>JH7}^{G&J1>n)z$3jt~S?aNS}Wsy}{tDbwp))
zu~Pzv@a}iY5Jglu!n>wd)66e+Ryu;pSjm2vHGsk3?Ck84lJG1l_LT6oI$9pTr5`Va
z2kJ^G$;ill%>1%Xd_h4Cq_FCE4wdN`<O}eEW)<+{N`1ES0iL4-?hgf_`|P?;_!;5-
zT02=J8uAlAKR;t=60_%xBOpY?BuM3TJ8AWOzU+CqIGQawFfic64KSlX(`+mzHnv_9
zR-NE&VTT%Fs0c=!2!q`ubgzcoz}Yk<b`FlR{bd1sGEl+Q)$wF~K;tp@OJc+$O&inn
z<dd_Ix(diMRQ8m?wPV?JpSpz9PVVsC-S7c#ka`Kdlk|KcSt0NBWLk^FMSRyck&A>I
z>NX`m4Wz%>c@(cFq8@_FfGC8516X6<xw|bVVVo8jdY>UnJ%&4Jyo4O`clcwU*tiZf
zY4y`zi={mwfKBsyf=`CmP1N0I;W01xZ-!rMPM17QJlsc2OiViUs%`F4bRP`_!pnbM
zCo1EC<|*r+m?xkU9rrIP>i=WP#)5fG6lVCW*}pRW%oI0>yO-V9lQ{(Vres~x#s5jk
zki=hfGIBMMa=XZs3B`vbfB5r^JZU9s?_icRdF`HWywI2P_is-qFfh?wDJbY)9bq#6
zeU<?F1_+@dB#w-%{L5_sWkAj||ERy)#eamR{3ppYgmYA9`2zLtn<nKPsjz!q?I9Y!
zND}|&+UtIZog%liWYZkKq86=Hz(6l&64*PJ>K(R#y1mlvbQ8!7B;j>sqND`C;XKf~
z|C?z9Fe4Jv%SPYczVL4wnVnTrPyo0a(0cD1Or-tgmPa5=g;FM+4gm6IW*?vW&srL@
z{BvX0ESy0Dz}Hk@rvv1$n2x@OEJnz0JhW{q%`d_<H&3WSXzYL>v5;@yzJ-J!qoBl!
zk!dnan|`=BJNt2Vcju8QyS=sLGR$}R?bCb0ARcUM^EED*ZkC{&yQL-FjUvnV@9WeB
z&sx?HOx6buZviAjLP7!%;WArk!dhrxP_DXcJ?qH#&i7B>Sfx-gIy(C4)2Bd`y0*49
z74a`yPVCUnWz#^&(g!xS%o#!Oq==|!P+%YeB2Ng>%aWlH1*I7!I|c|w<xJ9qPbb$q
zafh*cCjJ!hdJ**$ryopUtvJk_B#g}<z3k9TX35!@@o8si902}OZww@#9siWiDTm3j
z?~wFGghWQ`E@)6eeWQLUKl>93!{mEc^{(yrl29-HWxT4-Q0U!P^^%K=3+)O+admb4
z5M<c~AX9qBkxDmeVB^i3Hv<XuDePAGMaq9#ump38dEZcE#eVFS@G2cmwme*lPl;w2
z*6;JXl}ZN8%8uW2o0Z&bvL2=~44UoOi#*Ae!=0LqQTTrUQ5!s&XN2C<C-fae>jI;r
zEi9hmLH;|lbh99vQG(f{b<GdJlC2GKE>Wd}ZEthht#(?JHPu)zHUyD)U3KB;+?|cf
zgocEO#Yp~XW3nN;kFZdw)@v&Iz)A38^FPi;Ge&GcJWg(*l<3UNiOGNXH6U?qMbklS
zWO`Z!DBjW0R}T*8U%!}}pO@Qv?2RS`HV7(dpbJfv`#Uscr30vUxYMNnTYJ%Gw>7?w
zcAXd*$E6-~^$!vNq9q8Y3DFA_i}LdF>gqU2NJu6+%SuZ4Twn{ytR}Kdx-7}E{l9+c
zIys#eD&*79(8#_|9FP(d6T};hp<=SdV&TtGvSBX@Co`KcN0gQOHe|>aQ(9j@HJ7D;
zb^+Ps+{`r6I>n8{A`ORXc8aO@?1q2(-Q^>yB)plHdtFIoHi1@h&jS8C<#qia>0mg3
z#*&khqaypMN(Z`xl@t}}Z-)CAA1t?!bRiJFqNJce=sDip++;3A*Tgn=Q^7R!yd2H)
z-paVU%y_&r3>=U39-342<x1H=2ra$o-TR_lzs%OdY;)ZmA}8f+lzFobaHxYW(6kn+
zwZT}m014wMvEOMjTxT#^852XO6Lyv9b$6_Jwt?K(Hzi9bzB;Ho)?58y$L-ti^AUb)
z7uLTEKZ_xIiQxa~{mSXJGej#_e&^iXc<Dt)r79h^I&J_QfcV+6M#&K@Ki&5+F5m7i
zwmjY++C1DJYB&>?6;0@oNzD}x`WNjVytKF8K1i0~O{gauddZP71fF=EgSA%4MZ8kW
z_tR9$*m#qXg>{+^4MW;$&|(UmPg#*7KyQn7qJgjEBQ5OK&3JRShd32OrCCQo-aQYa
zGNO@jW={A*1;&@h(VIWm2lc?js^RuJ(7ewaD;=BTmRBfuv51X`fL^I>X3H2F4~2WQ
zf@{UZIZ&DE|IUb{?NTnXpR<-!G=j%Z5(je4@Y&8vltl^d-gi{WinXpCkI?paK_N*?
z`lg(a)6hj7V<RKagm|Z4w$@seeQfD68GTcZpRh8M+=l~IrfgjAE^zT66fHu+a@b+R
zSl5)ruI8h2`Kj;Po`dz*#~V(;H-*F~{bIVRPO-r>6?we3?OzDkc_9ydfP#kbtp)8+
z)p)i$T5|kmdPvD_wP(94Ci)L!@69<gT4THm!`gVIN!++xjmsTs@wwsj<)i+<mjtlE
ztItWfIYHJ<-M%4zr&gVrmV?;a*DuJ>gSE?QRp~6*=jZ1EC)lY7ZhC<JbN@Eo+W9Vh
zW@OZ)+3YYvJ1QQ5#}4o2I@e4N3R^{bIR@?1T1sQOFP9y4ymZX;(Fx013x%XqJpsWe
zP431<hQ%Idkv1&~ikkD{rbMS-acj)4!#;b1p2fFzF$rXnIdz@xc!^tENnm{r|Aus?
zo>f^>x1Cn|c(pBI@)7TnzvXW7VE4pW7z9czeOy=scUHzE-CT9?guWSiX=wj<Q)C(i
z?!ZU=x}c;?zOYK2-u#l1oE#nwj_J=W`1z)%6QAv_t+94L50hK%eG_D8%@WN@EI3nO
z7ddzKej2Ecc-c{KVlV^rs%pCC67D}Tl$;J-C9lojJ6Yh!XvK(S!3W{r3B3wB3`2a~
zLj#A-kT_h!Wgn?4`en^<L5rG}STk{_3YM5G!&j*{csBd)y~OyJlWS+<$U?NDmTX+f
zRy*l`cGzRBns6_2YinySFE8L}rXmCI7ppN8*r)(YCl!LN7M!3B+_R_Z(DN6pAz5>C
zbAW8xD=g}l`^a;t{~?e;cL7C)h8-hk(9*68kqY%KJwjDAr*|j%D^3E8e}iHoc&^5~
z)xhe)+Ai0hQV6Ae=J}?1!x*2rL*BIv8%+E&4eB)=2>5t;39HXfPfrO52)GEP&CPd#
zXy6R@-NN2pF-(LbS6)meI?cMHWRvt{4jXM<-5;}-{GK--q{baKp&uQR<(oPDtp#&;
zfA}|&!&q#>I?F>YkT>enaP^!AMIZO+zytGMpEkmf<BWy7mM+B=Dh-`0I3hXp!MXP7
zP*SH$X<_ZzH(1@DUQ5UL{PdwVGrR4#RjhG%K_;nYM74D5<;w*bul`3%f<b({k*JeL
z1;qBERPShs`_(RgESpN4f>1EF>z4!l8&6NZltBt{Ah$Phc<W29e1Om!92^d-xeu6R
zl4;xkKY*O;=;ETHs90511%%Oec6V#r^Y{`~AArEfkfIamS~K&Ip@hw?w@Q3d&U1X7
zT8nPV<8t~h0KohDcs*hZj!MIRLNa88%ot+>G>k!SG^qrby5}}GCFB>vjSK^+dj(7L
zn7{!ClracsaT)x{o;Q-(+QG{Fl#b5!_I~XtWtIa(G@{U0U7^y3%;mXQ4S7Xx21-T_
zO2(F-;Y975Cs^{yxjU)d3#l6Fis`Yj^9!-_!+LBNf#g!h$=_d-c5x;)ap~(foY)~^
zd;#i<#Kc4hgopL_mgtj$D>ZHq+38@#Dedp?Z(hyK$(bZhL|~rE!N#U_s`PB4SXAmI
z!0<mjJglzjSMg`c;=Xxfci42ve>Ng4!+YF$f4Q8Io*seC1Yj*(PVWcake7{3O{06;
zuB`!sSfjX*%R3jH{rR|!igR07vT<zqDsqlcdAl7)t1LZZ&I?arUQ&!Lr&K)NW<J_I
zaB*>jeYh5{=sRp(!qkI;JbmpSUoj-pA9e@A)zs!|Ve~5tweNLBJW??YDn;U;|0l{N
z!n(3NoklFW**k+hE29oomglt?Z7Zfzl$a{~H(+ereh~dTmnCKYGmK7i_+`{B&nl9Y
z3&g>9KzPs-2uj;*md+3TKft4G^1;Eu@175H2n2H5A5Uw<k}UXEmnBk2f$Zb=mk55z
zBDSw0Nuzq<;szx&&e_w2!i1igprjH;3so}r7fi_yJr$J;Yc*EjCH6hWBuw3`9HsN?
zDqnl%UT2y~IM|-bK@&;WqsC$eq@gT1W}@>3BL;;B*Kt~nzG0u!wc|GoAN&jUu23*g
zm!Erv;tm7f>}P9hh8xAefB@!yRi*6NqrH+I0v`M%)eRcz>gML=#>44@IT1kC=E1_n
zxl<tA2PqdPCnrb8s_JSv%r4_fJ3<#D(Gh|wJyX2tb6~Q=VG?M<(4W=?3yRs&`u>rj
zB?)@XMg5u#O3>WGS)_XM0vY)`vqAUS&iLZOf~=+O$$H;&#8)1di!P#(#Pp1e(>spi
z0LK9QNK0?p*S|*lJMy*|S>iX`W$365S}z65zR~iS-;)A4Z9Qw5y-)4vk*w{3=7{n$
zmEUN@2MLZX$GaU2$5>Xs1cvM2Bz$Fl1F*lzk`yjNHaYUt5+5ty{u5aKivm%~`R^4d
z{zF^#{}cLR%=l^guRO%YydfRrf5j{Q?_(kVmzq5e(v-pOMuIk2r{u!h|I!QEvI5Cv
z?6|1V&e!20<3P|j@V{kRGQp=I>LoysB(TJu4W;q4TyLffrf}FSH{bti^9K$tFeL~R
zA+4nPJ1)P}RZD;-?Nqd!uSD+d{(cTsNOJQ>Sux#wAW&jdvc2vNobPVXE<myVFF{s!
zc*jZ<+3eC%>G;mRGejhN2k39_aC-TJZhpq~&+QLCRF;HX?gV+;I(><`Ma)+D=lRMM
z4^{x`aDcp5R8&+|O#&)G`+AY=H<MWZO;{vKhQ4@I<WFG1+e0LYNhJ{(9{xE)!uYq*
z><I^R%AoV?5Sua>tLr&%_RU{%;`}^Qq)sUF=<?E}auzC-ok<S=>?1G%rKAS;XDgE@
z%F9)Y0exR~)Q_9ilrm4dhy{rE0H^RX6<(j+eEC8k@(t*4djRQvjg7LrK0<h*U0Kt6
zKolf^>tro|Oqv6&6JcRte}AH`h(KkN?LwOUBF@CcU^RvX{x_`~L39I>m$4@sxZ!&J
z38`ZVe(siP#z`3;B!}oe@R#m;T5UPDCGVt1JY&qNRzpOtock>PF@#Ic3)lI&34~YL
zKYck>qvwEg+xxlM!?+vJl>WQlf(LxnVljlXF1<kE)%Co9=<s{v#CZT5=T7QdrwEJJ
zYaf5(xW7`G0_lG%X^NhPsC4QxhrE_`Fr2M00-i_V;DCStphceuF~F}ba%zgtM{d5E
ze&p}F*^Z@4jC{Nu%wrsib3CV|&k4w5DppZTP^dGq(1TP953dt)#5G}j#spHVs@1L3
zDeTBfl$Jd<)5deT=(UEP=r3r-Gg8l2)=C=eRWlX-opTFRnhYGAoT?PDnKh97d`fd;
zop;1_{A?zXs}Xz8OpUT+w^~&4M@=<#9)S$WGA#%;{1a%{mmj+nl$2%KP5AJ9K(iTu
zcl(?YxY$(3s#kX=qRpHMhxYrSN{9Ta51Vt-59hE<Qkv2L>D1`!+pSlJAnWG$i;;bQ
z3%^#w)~(a$&!2mGcszUdtb3R7%+qly)#T=~asyV%p)&cOfDk=6X@dEO#22y{AeZ%f
zo`t!2_X{LhqB?Y!fCb?dbS83A^P$DdyqOvHjips-6kms{_vJ$GHudiaTK;HOfQCR}
zW<l%l@L|w5#8lU5kAX6YTwv)92@MsFMvis-3=GA)cTbxNOG-Zb`qCcvUo{_lQPZZY
zzq>%+vmdI(h?~sfAea;x8!bnS7u0avZS$%Q9Wr!+wwjLR2=DyPm9#qB70cG<X@yQE
zr*3GylH#8JL9FgSYFN!2DzB{gA~x)YlIE?L)IVddm=xtR<_uZV1T>yHfO=L@aRQj^
zuYv#tr2m?$gTpDV3KGNft>ea66PY(|(ty17heV_afCx{*ug$a3Syde;MYVNK`tR`=
zWFELI4B)NEl$?T=7Ec_zwH(q4PjQSI-B`e~eV9Q}BE|X!QyCeKL(Ya8&E=~na=w|;
zDoq>b<Sty(Oai29g90X4%0Hfs&>8vu!H}7sKA7lrr-)V}H)tmR{kTa#fRFp58w8>g
zj{(khaAIW!h74em=z%>nd(>5GSi8I4gMDa|D?LdtMj5<E^AuUjGHnA<ZD$n^%$k-k
zEG}{0c4Zm;-q`tW3>ri%YKA88FcPBXuas0#A|DhTad-?7YgmUM)W1EufI=x*SQ8g^
z@?P>*=N5ELu$)8~@C59D!8DMI)U5o4rcG<bF$^>lhBju<VZyi-h0|vxz58?`zBjeY
zEq5zWs3=K4YVEfd_oGwM2IPOiA5$CCyQj<az2}=nmh1#T7lpTV!#+8OR_NVRpz~Zt
zg%f+`xecQCEXn`s(y(~ZInLPJpw|%?lsK4-<>O$Rd>F^I1I_@UvR$!~xH+D;&$9)1
zD1ic|nAcwio+n#Mi7LJcDZI3t`3=(|1qcVEN*BHJX6JZ0-%FIo&giPCne9Dzc<lP4
zl?jsbHB&gi)BiGW=2<jU%3!45<Bb|nySuu9o)fS)9)Vv5D^f*rPWx+3eEi$?1Gd_&
zdf@n%hbC@c!MD+3XYNg1ETt$YAEXFS5g>~U*r7J9QR4DkG89sa_mF-f4IP23F*T77
z-Hd0u^?MfqXiZ-0SIu)nL)y^m#;s5Fu7k_zN##&x{Wl?o=xbYf^q$7*kzTrjE-Oz*
zBR+$8cq}f71Ws;*QEXahNl6W0X?QYTsnuLT)-Xk<>dC-B#l;qPuWw8uej#u4gK0PO
zy7)5u#JeG<f2T^_j^^n>7Zvf*#f5UAqWZyx$aM=GGJ?Ci`v^EPa`=iwS5l#-G$dAC
zXfWhev^^(I0~L}77eA}={pxXi;TYM$l8k@{X#63S^?=<1q%Hk<8u9ZO*Cp?f?PjbD
z@5Oc#-rWnEl-~dlmm)5-{=ISMdxoJEWHR26tin*3tB5%NXz@-#T+g%-_x)~w39)*!
zR~Kfv(TFiyED-l6dYy*i08hw(_D`FLDH8ynzksgG*4Fgg9QRO^PgX%q4Lf!y*6Y_y
zz;6}1^v~0jKAVI)mwe#=6u5>X^bE+%67ZZX(`k0`a>aLZAIN{4^?1AGn(b@K^?#Gd
zM}ZOe2G^Kf!!*R+2?IDLU{SyIN;5S)ve~xH*r74sHD~b=tkZJSZ^O=%-td@gr114?
zG?>G75H9#V_H=trmykSyBKzOb#h79Xg8NUtQ-w%z!n!tPaC1CgCYyW<n%uD#zDM9>
z^ig@J$3mynOLnh%eKueTz0HV*Iv6-L>m~zn*^Q1*uAH=`s-$GJHSg%PfDOBbA2pIg
zSACix2)>djP$`L?r-sCg7R<^S^s1<!UzzxtBprQ&2>Y!b_Qx4ZC?(U+YI?7pi&!h;
zo(kclH&HjU3NGnjR*Z<~Ffmr;a*kWg^ILM<Pk;ODx~uvvcPH*vkrKkeI15|@@no*I
zL}%unW=$3+@9D5Z2R5drrz>YIW5|H59VjDN57GYz60?U%*hWcDMQLe=T}o<ncI=Lj
z3{u$g6*Voo+0t6R7t@=WM4@K0fJXuq*vE+t6MulWvj-tEsY88(j11HilEl$+<D@WD
z<_or>YPYVUh?B;~ghs+}X_s!|#37W7cv${EH`tuMO2YVLg8uV0rF0hC2Q;yr-uX?s
z5R@3a>rdW#%0Xo0GZxMTBtx63sOkSun}jN!MefB1aV7;qhSO$Wr{)?jzOSaHW>uOv
zR29RdvlA!L%RPcy!VYP5Ys~%rpgokE?abjk$gL~M$KPn!Cj;A@EL-IKrSIC+uU|jZ
zOJ2QtWh_BLpne!lq_cuck>0R+%(F$#(x>A8{k))X1(>PJ%Q~8xVN)jTDM)@l%;wm-
zsoedA;N!B!cVwAtAMV@&gjW7dM}F&`Y1(SJ)nCq|OFY;xOrG{1E|q9zT~Z0539*Bh
z&zw0v(nsZ>I+x-~X}*G%FPLalzOoY=a~N!78a8uS{hxB_4tv*niK$g`D3C)yG?!VH
zYHC6K;-&N7v5?X=b$S-zH5EBChF4bq2w{n9b%QlF9tJzkXWcn3C27qtC_ho&LQ`37
zH}@E8vM0)FOq^Wt$(O#MucN=}epup={!<<J^dYgW!gIVpMoJRud1>OHDv^uMwhZJ{
zW7Dgzn~x9N6CHo8fh^WTH}FsqenUcj^Gl#g>FMt7?(F<w>I+~NwE`&6IRE`zaMwd1
zWt#Q!K&3;&k}R4@9rJcDP|nk4Ml+1kKJW=c&VM1oadvhiC5u5Qp=9rd!zX$E>2g#+
zSeeQyOPfK7`JFj6(k@4zAvTRZ(~^B|)#KZfl!2{apvRNY&D38&Vap%1MukW|^HUDo
z`VZ8s`x~-WS1N?mBaJe0f}TwJvu;ybl_T+((1l5EeRH#a!`|E5`)}bKD-N9crVLKw
z1F^I60c%k8J(#idf1n2a2vnTmn#wb$IHVx|!40-b!3hDBT1ek$Pwbz4yLBA{6Z6AR
zgm4fVN%K%tD}41W05}0^1?ak@q@+kuV9-d=VS_**po|8D5<SbyB%k4-W4|{43D$2l
zba*cGtka3@Nz?n%{Q}LegT|+>ybFERWOaT21oSh_)(QC?&TDVkau)0`q6ZtYBrhN}
z0Y(+7E~ggOO2WUZ)~`Ic|Mvi}`jF=Zb)8YGT}yoHU+bedtOulsR~Nr<wI+>!PSGwQ
zKZNuua0ML=FEOCprm#nKeA_#8$Oq{wZV+vqS!u(@|I_fkKx(DpxT=c<s-ra?4QcNq
ztwING#ntqqI};njuf3}|Ltiz%4rM72yWI;UR0a6)sL-8tTgMbU34jB16#&};{X^bS
z#Qx!y@PW5ugGBc%&I!M&B68mndueTxczVYa7QVup*-7hmKJi*j{zZn`{-)r3aesR;
zzg&zoGvy-MS|z{;jjB5?g0!z7MpN=_V{Ekd)(ugu=Z1C^e=<oqNG7O&(FG3b8ec}E
zK?dNyW<G)20^;zVdPs(sSp3~g@paik`Zqnz;sJd*Vy;yTVnAdR#T>dwD3;x@zKqA#
zoXl5Fkp88uQ<K8e!}=ns6-eqYQU3S4;~)o6#0DoncmXCO!MAl&QNQwbZc(kt-RUzG
zu$I$=$Pswfo_5N-6;rQcdP^a)`bUBWq)yNQXQ1gW^sbfC6K(T9u9MKbH-RRXUzK(-
zqrY*Xx~jT}>Ru9_P4do>QEX%kK|7M8UP70gO&Fh69wBK&1)J>_6>QtDBa5vEks0OP
zieDrACC@O;W2G}M4$GL5UxW>Ip(hRoAE#hYm?&o+a-T^#*S4|zN)oBx`bt*M4R5A3
zYez!F0ZmE^M+)%Q_qwf5Q)|ll5IcOpI<`3^`AR(WGzNFq92rbI#OAD@^b!R)0VRP;
zg)!eMse&oLiaMxJHEMBj++u)Y=`KF8UP3pYNmy$#z+P7BA8V7IJ$^?VeWK+~K+zn-
ztXwHe58^-mldeJAcwK1J6G>?fD$ISBA}~9HcQy4Y!@z2fcG_XdQB?NS&up298p&y`
zi}vMmwJ)&=rQ#>T^ow%Tc3!G|g)NC254HR&T5itTUFllnxFYJL*bPR-OSN8JK9Xh!
zHg_)F%-2MO*XZ-}-m~CIe5T9^*ZDvb<(#q>Rv~CjQryP(z=cQ9PH4kN;UEJ?QkIJ$
z=<H?F(K>H3LD^!KouNto4wr+Ijz<{C)$!`K7TXXkRTYQr8Zw^Yy}o3&ryO{i5}7*V
zY}tcDDIw=YqYPud%}r~Oyu=Y1L0H^*^m07913?A|OCCGbVhSsX=>)P>J!%cFx1)S0
zfOZ*p9%OsFbC4pfw1WE`yPprcsmk-C`bgu8D#O0u(3-dpB6OY%27_ff>GV-a{bx7_
zRCx<_|Fo*8fTJ|(l&*uZPSa;<-44=Jp|E%`Hq`xOSdD;|Y0cFprEmoO)(gbYW;2>`
za$0$MD&WRQq)~NVtAk^X5^q|H*WnBU?1m7dJ{6wG^{qqhX3vfWR&NfH*_Lvs{yw)o
z)!xWslVal4#n2;9!eM{<PESqa%}q3dR+?|$l3(8*X4%2QWf>8VbK~W(Ckb!f)j=TC
ziG+~nVacCys7;plDF2c^kUH5LIxG<0KNEjFdDvUqQZnOx7gxH{x>q)ZmkVB+iS?#o
z6nG53ZAqT0&K*lw+$p{i3*^Q`Ykb%~=H4HIT&|ORM%g-?yPUMavT4z(Js)|4Wo#Fw
z!>#|NGIGnif`Kop*5Edpy|PPA;rBA>L(*jgOfFl}9|&cc`Ma7LY9F2R$3DDmD_Pn}
zPL7T-mRVCOLnq|9X}fN_TvAOZ{7EP2r`JD6q(K8%_th@0wT=_6)1@AVu56amP+TLI
zZg26t-bXC4%y`|!Z<)8l4w7pw(4InS2wAOZUf-YVM2dotJg(zdZ+&+=OlYSbjHGj@
zh4*`{HJaNU7QgoxkUeAHTb&O@JV8vchb_yl5bqNo?3Z_p)odfishtgH4E^Ng|9n4_
zGSRr<pj?)WMcOvgFxPf*qLMzp266nnIxMO~F1vxozPa>B!RF$smoUXL<9QeFUDdtB
z%;Yc|T6iAt$Ze<h#osOI1R|wT1wqp*gSnC^7RQ<r5d{h5T`^7S_7maMN&FriNld`Q
zy3jsSNPZgL!g}APqV08l47n>#H6TEn#=}P>S`OEd^7$s<d2aPCI0E#11{Zr92Mb+*
z(Y95WNu3V2yW{6hu%6u|6#19^i26G3$KEP<y%WJ`V?h&=2~=12i=3R!`btkC|FnjR
z0fVivK`rj{x3PR99K7Vx{muId<8=SB0i~Cysbv7<pp`)Lxg%u4unO%JDy~yW;rR86
zubuoB>-4&pUsNZ&-aeHJ#U*?JVW`<edqfd}q(<v1b+HtY`&>Dth$VH3KYSqKh+odd
z$LChHN1mUT#KEvH65*He+6KHw9i&yePh*`}!mK3l5GeW*{K{vLVx>#iTLIBVT{W=x
zdYNjXen~C2TzT%TZdcb_p0zl7zGX}qX8?XkxPB<T)0^!%5%6GgNWjUn?4X)HO|p5@
zALzifWpS2ZVS0o+aqX@8a4KN9VVeAvBsj06;%8Rdr?4;@Ghv<i`bsXV`|Q%Mz}YNa
zTLTT%WPv*bG@&&34WdT)9F;W>%Pk)3J<IY{TG+xmR!$$Sts^?FPpz6njEAIJiw=va
z1on#5tma#{AAFRRguA%58h7W|$Bk}~=O)6pQb3F_Jkfc&{)>vrA$b%OS_H{XqcXL5
zRL`y9w35SmDhO5@{+5NhNP5=?J##RZOS77k{JO4=LEG#pU*I0W(Y$>9)&aEIyI18=
zvFVxt(o@=y@$|{BIYD4Zp3Gru+$J|VTcC``tje<!7;)g!EBg%^i5sS;(SM3;&<dJ0
zg>n}VTUwY_&T3{q=W>!$loPMct3<3ml~pMHGW&yGU<mmnhGqc{H&A_jiwE?5SZVhK
z`rxE|O+-j6X6B}7P%kHOIt*V*cC_C8<w~z-^1ce`>lJi0TThfcmWv}ydo*}qildWL
zr&E-dh1;Ew8=kcD)+z}Njh#O1EWJ+$c%}CJ5+#Fa@!U|k@zA3F`c;+3DdLJ2%R^Yj
zY7udo1FP2yY^$!vbgia4-({jAh42t0=yRp|Tj}Ww=2)Ccyoue9O{do12nM7r<_BJ-
zQ*T4odDP~zcrFJsV4#aZzgLR^=P~}XIu9FtqQr|y^8-1YNtFWk_l)U}2eYqIK7wE*
zi~<)u#cR8J`@El1ss*44+P-PKrMwSQ7L5GI+runCl#cr^Up6$}i$pYOE%%Un%wFH_
zY@5g9WKpl<)|=%LZ&+qehR4Mr#2%j>y5P&ov+Q-Q63N@-b$^%+GF^;i^mZ$-T#p8n
z03ixGO%EwJ{JgW>WL$DNn^%dC9`1|Z^R=}e=fGtT7soBB#q!$hV&odbcP)t-592DI
zffL``W}@#CDPbCy-Wj#1s3sL?HCPWDiQtC^tKhD@VS%&AeDCXd46A9k&*|^!{qgDB
zB<~BlXAD$khXLCx5kM*kJP}S*Qj5`;Rv685-kI8-S3+=k6GWM?B2+6V<zHTso2OMG
z4_4|=ADWtC;9*-0o#FQ@rUvg9TPYSzHkmsqS%enmLFxI$HrIxFn9lO+8}e&QE7WI0
zjf*rOJQfltxk=LKBosY-clU!0N!=BGn@e*HA1=rC6WcbBtgtc6?+Tr;QAFF(-6XAe
zZHfx1EnU`KM%7Fg2B#MpDKayYEiFq#*hC8#57NRXO&|qRUs^=4`#EtES+k1X$rHBd
zi|OvLT_zkXs42_Of=yzqIUCL=BKBW-Jpmtd&LWI|qlnDp+RCtLst14Sl6+J(ZC9+@
zYZ5Ry*qhS2tEL=U3y?}#S(c5_S+pW*kT%#+!NyKJ|Nd>PT^^H@*|PuibCY#N+>BVJ
z;D>|U7SEH!d>mTqQc+`_;Li$IqlZh}nW(NS!x`SEgH!a&UXYElGBVnNkH!x&1Bxl0
zIiuLMD<y+E#-8QJq05UDTz5U*UYc`-qS2BXOG7S?kZ`B10X5*D7GODE;7hzMt6k#L
z20Ifnq~t=lFJpnj(V+w0_b|;ME5k6O%GBAje3x3{(3{x|f$OV*aKIaKIQ+nA5;AO*
zfk%ZJIdBwLmBF=SyW(n~^||LX{*#H80g%={QmD6gSZGmnDfI<)_0(wm@b0{aU|Ah^
zhcL%A3)cehV+cHdVy&eNRw`6{u)VwoP7L#U;&r^=o9w&1*s?Z@nh1GVK2DSXPS?ns
zsNSI#5?>A3s=wD#D=UN6c`A1s*c{#!(0-WfMlxg}4d%6Mv!vT|oif0~b6{mjhsw+Q
zaV)Fik~{EkOMcS>w=-FV-9&;Dh6j4<T&{;7^SpL)lh{IWZjj)-P;knUuXn+#jM|O2
zqmYsBjDudxm}q2qCGskm9(PbJm*$@vi-b`8>NB)IW-To?$2j}xnEYBrl3moeugll_
zp?q@<92t(-X~#ha7GItdOa6iq$$<jNM6j#R!sRx?3V=a4N;OE?g|@w4nz$u~P!<_Z
zFWvZ}Xeo$|>qg#)9@4GVi3#p}SX5uzXpZWFe_&?K?*WGv&8MjZ5uV)>g<H+UG1+-5
z+4YR5wALhiCyZBSXJeD~v8y94?_)I(Zgj=iQc2sq+v#||kC*{EZVsrWd<SSAASMTE
zGITHWHy^8xTCXD?Hfmeyy_ZsFdh6ER21vYC-yAx8-XQYCHrR?Lg2WSFwj70mVu4(S
z*e%`)XD56&^MMs~|A208d+nS1jM{VsMxAPImflcms4u(X;iIm_+8O2Jc~B56?F|6|
z9uW}->68X{H$0yl)Q?A4s^KJXWi4FIJj6m3Hu~^M*a;-yVE%gQBBY)Bv0&yc+N*B4
ztDd|(3dtWoNA$w@M0Ea42stwGn%dgSvok<ApdcWLXnX<Klfpt^fYdN7%y8_<Rk~^&
z(OQLBg2^X&Q%&TU@9d;}Y&#K!Ue>&?2nI2J!t;;%>P5JXj~kOwkjcD6lM1^$zr;Rf
zHnNDwYns7qW|(BO?Z*^-_z!p1bWGkuJ6$dvd8hYE)sxz9ab^Wy!_-b~BG2BqXX^TP
z>199Wz^X<VxwvM_VREy~JY79p*6&z_@BJ2ypjHrP_Mo6Xp*vxH`MhDVlvRRF`a~oy
z!rHgXKd4NQsK@h%llVyuLLz6rv~QrO3LR2;PX}h6U0uy*-}zyz-rqGfUC#uRJ*aVZ
z>z@V?UIf_7iz-c)+b4sPytkpRIbOjmpN31UtfJS9aIg>cENl4Tv#K=a*_KB{yaMb5
zK=?|^Ap6weD~B%^EgU2#Esv9w`XxbV#4F^C8CW#63Wk$AB?PrF#!~a0X$=s8#CP$s
zf+uLOZyM!D3ImzN2E}pLD4U<SYo4<y6tta;2emBTECw$uuvAZVQ1%LM-^5HWXgfJy
z`Vt|crEvjS1LBKKo(qA^_iVLW#0yQH!)>gy*WrWmmsH7x?f^U1BfT-<xHI@2HkTkB
ztrJ&v)}Gkq5z$oLXzSgidw%kPE5m;@;bx&sfEM%7!`H>xP1v-*!t7}Qx8awS2O`mw
zO@Zr$v=#f5YNtn0$S#tZ7?U~vcYKFeR`)f^*sxMM?w?j$OR?8Ri^_W6$|#5JG8!<<
zc1wpA8?CmEWAg{_5f?l@Z`{7Z6}BO%&b<ci=5#R_qkgMDPB{}&mXEo??vm(vKKKfY
zk+Z!A&n0HA0t4i{UgVekj7+m8n^AUhhY?K?;VXgzs#X1b^OD<k=Z?cxLrK<a9UbBx
zwX>+U-E1{cg0(HW!EYD3MP2RnjVt;0(a#qrgV=56UG5B>)sjViVeL|H{h|Z3ZcevI
zC7rRQT-RL}vDN4CTyB&I@OqM-sl_GrBnSNzIUn1IBZ%12?Qcvuwn_=Q6CrM2$Z=NH
z{PV7RFJgL?XtTI>t#mv#%db=fGO+p_Qt9hH(d`ye&u9#|5HqIkB_5rMvZ!>eLLyV`
zQfln&vT8{MxNPtC9uM|XPf`+9;6vQjIQ!J}6WmWD-n%V8>+O~z%u!PxFM~kWg)Th~
zLz~H~hbdU3>#I4rmor-=F1L%vS539FUzMlrE+t<$Z8-$WAaPAOd0ZwOzDggmQRI=4
zoPOi{17Ti<WU1*K;$LrqQdLI@Y1v;_J8cxj4hnW1x*pPUF`aLIPFYzwfIpc7sVz&1
zI=I=l6qv@qMt|?z{UajndUAz0Lgic81hW;4|LA;*C00W->Q`3mV|&l)vzrPKbVTd%
zJpSTzI~M5)(?>vu$&eU2cMm-?RR&j=lnm<HE+`m&z#r9d4*uk~*3lBo*lh=#6t4)L
zY->~Tp2JlK0Xax_H&6aA>fSP{t*#3frKP3CTihwG#ogUqg1dWhCv7PdcXxMp2-4yf
z+zP?ng1epceZTLVamKjv=Z<mjUB8m-WM$c2YtCoS`8>jJgtWG@YYyfSN4Ko?V;N0m
zGZ7auM=xbYf4<rcgJ1v@wL%8?V&8V2ecSh}Q1FDb`>}ebXpl4o44YcIVDTE!cRBd;
zuy1$on0;#oBlhkvnqd$zDdM}d4i~e%7;e>3u@i}t1%X9{M=z=9I#ZfY${zGjfN%|^
zMYKjXVfy?u^b7FWxOL1g*1y*rMAZm$)!lPL#H!~%mR0rlzfvj*3o=-Lc+GEO`+N@s
zKG<prhHq{Xie;=`98bn;0t1eNBuFcsx01MpZ_Bc%LXzZXXOBTjB*4q&mz$XkV}8yr
z9*4ly=P$r)Mn+w^IU6MmXnj^F_cbj@170^?c4czXvU$l0uW~G0Ok5&MR^4p*;vyV0
z|90dJhlwKt1Ev&MMlT7k{^oeG&C*VnKAVeUW`^+dBwcNkXb$83&hp7)a^gO>l~Mtm
zxMGiBc0h>@O%(TbQ@DjoX5H-tGk0>=ZM7C@3Y~bQ;G#;v?L}AnodvuR0qI&L!|*Z?
zB0b@B?N&(~^hpr=<!M0gUD)E6Smm$PEgfz*JJnq}*Ws%#_q)@*j1KE#P6(Hwo>cdF
zMpKsV4^@#bw{>iE&L(NqA<~#d7w?{L6gBmI(jLRRIy#zXi9TS3lrBZj>0uNpgt|sW
za*k4XPiA)dcKN+HpkH5jjw5-BSB@Zmwy-nXk7|B?mbD<}<}jQrK771h5>#aFeCiH+
zqpsYS{PM(6QTwe-;7i_j_kr^zRCgLBx1WVH5C%_+;?R1~%fla%o)fkS9nKY(q|Mkd
z18#)HGMj3xyPrRN<q!?rm5coV4Z_L%8V0eHgG<tY!s*516yL37<V-8oc-OfPAm^N>
zTwb0lCi!P*vZuY>@xU8II&{I9R<AJh`d+Hr-*nC10cu8o*)D<K=}x5fWlrp|t~jgM
zni?M0_TJU*t)LL`Jwmy#3f1yrFP^kT1UHEANZo*dpH<6@yPRK6s%EY7l*7U1=~-u3
zKXWv((Ix1`*G`G$9)&OJ{HN37YV&rbKv&EMME6h494a}r#?PY%ld>**Bf$3NO2u(h
zRP;{|_e-Ake>mM|<*U0`xWBSA;Ral$(wW>xcw_MDHk|b)bv=8ZR9N|2QQqa-7??r(
z$AzQ)h5CRa+_;&Kp=8N^y-ZyL)`3;Kau4`$Uq(dFM69f6!rsB)Nf5{vmb3{33fuO=
zFzY-m%UnW}(f9ChUy$o<7O#l~Ol3RFf}_7ODC>XmHFjNZns%q=GRg=zsds9>mGP=M
zAx3|`U-n$}zt3_bL+4EFH=f>h^f~G2AVv;&TH)pwep(aGc6u1_kv)rgIc8@2z(Mui
z@3!!!+5hnhbYkg$Is1U@<^J;~`+&>D(&7-BnO=GaBSrr6^Tg8P`1Zah5g%H2dWmaz
z_XK}YeA_$r3?_YfZeD%j`>fDk(f2l)lA31Z)`2FRe*&h(l&!^+l9E7zMZzvPp`oRk
z%W85dVkGO1D&#b#aWm3vhFbLK!*;|?>UaGN6u!O9e_6)0dU2d?u2ND@yAO1F;SC?u
zuHUc!{PHkPlP>gh8p=~=v&W^CrgHppqL+T|Gyk~X;naC|`Go#lzYRh^$sSsHTJKV7
zEN$&vSMQK0s}BN4l_aS(CeL!9pH}RKml6A~I25!MX<#QOR57nK6)(3zPY8vdZlA_I
z?Y&=KmQOroUp!=uhmnDPWCprVzemtJPX}($cIHsD?W>xyTJzV0o!aM1w9i(Wz%LK0
zG)r6#cVPQw148aB=c_zcH>|9RvBAeRg_RXx=h=pT=_`Z2fv{k{g$0e>CSpg#wA!5}
z+TXV$cj`MCwft*K8l13`Z;`ZhuSy%(s#>h!dFDmoYrW1B-Bas%eHCwJxXDH6W*|uH
zUtIruw-TU`#`2j%!}b2xy;VScxi;@XK;XwWbs;a~D+a$b-Jf2;0W;eRK!i53@W_lu
zDV)B1?n+i*hlAC$Hbvb29s52eEM!Ir4Hi{I(b$-PUgWha-<OBi1@g-okDV8r?fy{S
z-Av!Hj@>LmqMVo8yG=1oA1x~3fWe+y1Yf-c{y!?bh|w!0hVDB;UBK+#(^F3?PXAB_
z@5=-4<jIky$ESHGkn+)Ofca3*t?N7n1NNdulvi(No8@k*pl_4Ia=q)mvD(n#;$*N!
zs`=HbCdoRGSTfIX35xmid4Z*oe*0*JLY0VWZepc}lK)tTNjicurDE&)>VcNn2H=BH
z{F)bEXJrISXc#=+(B`}|5AATTi|S*CTkB#F7S0~u-8}O`Mn*O>GlRvKpdhI0>JG1S
zaKDjxCmIj;RY^uQ;by}|OtR~PG6Ley1bC&6cT?d=Q0k&jS9FZu6bfT%@lc{<<|bjp
z_8gg1X#j)Ed%01;aM6n{qOISilkRTXN}Yla2<fYxL`F<v{O^L@Z@8-&<$y%Qu2(*8
zoh^0k4LQ0IYJ(QtwxW`}YRlAn6V}1^O^(5B)+k8|xpARhVBr|?uH$j_K$FcqnL=}j
za;ZqJgpM-CTXS4=EBLxtt*;h~<s4{QgP)lPeROd4cIE6Qh>H;<i$`j5r~O8CIMSl3
zGEZs(1XCr4@C(a)Udk6rcFljD#TT`v;*(2Tv5fXmD_wCF*m70S4|ZIw)gJFv3m+Eo
zsuRQ8jlZog_L(rs;LT=~NWUUl1AyhdQyDbmVsiwkAC%wUaLV~6kx9^Z>YO?2c)hdo
z&4Y#8Bef)wYtFEt=!1`Rw)zDjve%vQz}40VAhJ}PVYUvRS^qhwZx(JT{b99f^lDYj
zv*{cMsjtKPhX~T(5&1CxQ(gDhE^+EFAK`uPQt<Xz_ky2$?&DV}`yeWXbVyWS@3<Jl
z{sYXFz(~9C0Bdmj1$kvaqL=07;uSMknmJo=IPO~ol@^B%g@a{Nu(n3uW>ULKT9p39
z1+yOD<@BN`zpLs!4%K7liHqto?#kh>jZhD$;a-ClK2cRg*`<vOUw_Yhq*T2pR4iW;
zqD&{Y!GC<lP7hw_`O}`tKvZdWgV^)fajC<{#}VvWeFh&<P(96lw{Z_sRN1xas!<JW
ztG6YQ?gUdNm6hbP;t2`%2M7;6i(VEcaFfF`IH8kHZf<d7go>qHP_oV&UmlIiQZcV4
zTwu>i-e6{rI0!nFF7&4wfo{0=Wdz{io<UnKys<J3b#-FHMCMb!e*K!6!3yu|yx~U5
zk%bfD^1_Hzn9V0oUMq5;!O?l8BS*QBw#W8nQHFY0wk`J8M@c8W=RYAPA>+7DsYWr+
zx1xTk55e4Or>%FqsjaEF&C2+~mI?j6ybskKBC-;GIu@3Xwbe!A&j;xz0Z$Jn;h}Wi
zoYjo#5y!&m9O-Eu9%DyzMvhC#mqit=dflkC`VV)9=Tl5H+p_VPP`bS&5;TOg-ywL>
zSwdrDFf#D*s+wyL7W*n?PBbe=Tm6TLz+Ns>RqHgMR_74C6+1+5Mlg!wi<`fzpdy!s
zhGtR%7R&dJ<HMC4D!m1sgNcz9tWUF!@i{9y?cAZ!Mu4z$Qp#=Zpa_E50kWIt%49#u
zmHJ&jcxfQBeDcJ8e%l_gA;0hC;~mIJ&|#gz+B|7FhYlIIct5X<eBasLV76SO-s&Ri
zbIxE0y%1!uw9WUKDJhlrOgt?sB#%8<e-mqCV$qXh?eTT09v#`UQc112^n0@Bu`c6k
zD~vqZe@kJhF}uIu`$l^4v-UH%%4Hz+uv2f%L`*86f|5Qwx4OhLNR1v_4y(WWYoyaP
z9i}dr?u#){OK_G0Vc=*3bFP}<Wv+)vmAxlmL#D`}?O~F%UvP|RY+Tu2=jh~EgnVO=
zi^)Kzp<$%?ydX$9D}l|SjkjbKV2zXrX3Lw)_=HyNWLti$KPy4M8RCOrU)HofCqXS*
zmt9)VU*FK)UYBNVe6YKp;Vqb}(hI!04XCx4|LE_#fN_qYhU{fgxX=4KJIgR>Zj5;J
zk)Alh3hoyWcZ!6Coqf9D9S4lLY)9vt$GxEUI0$}i`P0=SQviD~xQ*qrNVIK5rcN@e
zCbRKkkWP=~t*2@=DxXOANQeJZQ&hB8GLsU(wh0aT>Z!s=$nTV~Tw)~(ZD_De4olZ&
zZ*Oa}njlTKa%s(3-AeIDlu`c0^}=bt;FpCkDa7@1@A^tO60vE<KA4OJUW$3;>M#wu
zb2J|dvKrTO5fB3HCzlcA@!YnIFoYXgLO}kYnDv=uFx*d#_=uw?feNIoqMgnbT)p*$
zJ}@NbDUqU7Vs;6>lCQX#(lpmnw=^caP_02NRO8nSJI73Ue&`!Y28<LmL+Yt{X2T@x
z!j3VD)<r!%5O4m7no;MFZ^G?Vi#$4Ii9)&K>Px%Ba)e35IrjsADdT2jh{$nzbxSOV
z6)UN9;4A)WWy(QXoEQ1EEFD2*P7NNDQ$Amg-uO55uB?^m5pB(ccv&~D{H87}*@2w#
z6f*3gGLFwf%3Z$M>~3C8n6t=r!yd=QuXLz(AIGp^2+7^(((PuqO;*`8-0R4m!x;Cl
zb7TgKMlg|yyDI*>O>2iRyX!(uw#3|GC&!WzA76)_b!$otv`AGhemUmg{-&DRd3pb|
z`}^&lU83|)+^*ztD_8?rzolj~tZbS|ml?MC+|i}#r1&{ghviZwbY0(dmMVOgq5vj%
z349C}-L$?|;=27#gI`$4tnLD~C#pnIs8pO7SF1-lH#A2?Y4g>N86qBg3_<JvduWc#
z%p@pP&qv}!O4$je6l4Y{|GN_r#g=%>O=wi24b_$vzcDBHxCl=Sc-(^Yp<Lr41OJ>Y
z=@BL~pRF$o5hkm>T>Sdnb1)Hs5^)s?>D~puSUMBCN_!4ywJZ6{5U`pU$D|{sgNx#}
zE#68l9>@IX{irDDQ+2-?Z3e7FmntM)Af4`4itRV_*H_g<XEIdULS__PPCa0Y80K<q
zu<Ba{J$-_f7Dnb9W=@(dMo5^^wzkjAw>ouwry5dJ8lHrdOR2jp*b71<d)-Vjowkr%
z4T}L<b(LUu6<YEko}6e0-KnSB!4W4E!H(lSJ~Tmpcdv1%fwCXPm!m~ZVht40`SzC?
z?}wWcef}}-{lVOYWJO?nISz)Zqd~hWUTRL7wTYRM<>Jq%)bdD+NN@HYeFaX>+DZ2=
zk8f1E-oaiuSy`=jr$ZeKyc%5}JQ=P!oOB<q)squ$_AZ^eR#eAseYWQ}{S;CfJF;pN
znt}>Zsn71@YbAWeX16mgEBv(3edX9QTRuooFa2H=V!jsbtl4q3n$?uV-Zr(8XZO3%
zt5t*{TyH%wPXy($bQiS`Y+PRT_b+MvRu=YUD$4u5z3*6*^@qt?;G100mXQ2N^2{?*
z*~m1z%W#8}d5prSyZmr`cBj|FI!~d7ZcJ=9J1fgXuBnQIuM^O<KONZ$N@J<z<Kg~k
zKkdz(8=b88E!(Cn_Q>3v%GFG1Pij}s84BF(Nw;Zw=fEuF5zP*miU@bBto{YFie~T+
z+OuJjdzvN>{9)BocZPb^z^+y}D-V%w?x1%(!-rFbpwCx;0zAFzgY}p5iTh3GXnL>j
z!^6X2Vc#1TM!2(fhhm$EsSfYrFQ=yD0wh<K<E5E|=KbzPeph=vv21%IqU#uhOwF>B
z@2$PT0N(^T^XPl)$eK8NTWBU$l)l5EY;q0BhHfq#rV11RagSp(c-l<ns|-ty4nzO&
zH7Si9?eKSSz<9Q}B(fhidVjMs$HX9dVLMHczeIVHO=uvny1CAOgMYk;da66zzyzn_
z>{6aA`mRYP%6o;_n&Y8-GvA$GiUB^XrBd3xkR+L7h1yREP8_ZOaaArO@`GHdl#%d<
z;!F0u7A=$sHd#zL)S@dewF!)8R0!eoIMMO2d5aFqgw0CF!FNtBHQU`cHeR+1$zQwc
z><W+{reD_roZn$fdY3knGZ%9%FUw=^ObC(Ks7fnk$<-ho99vfr`;}xqc*|>K!F>C$
zD*4q9o`RwDew_4Fl<<eo@CdS|&6%AyKWIK^By1ai0(R62&Af6j8$IkZ`ehJ09?*@G
zj390YP(n%o!*E=+L1df81OwwQ5rB*RMcxVe@($<NH=Z_{sb01APQRzr*2?$*MW6ai
z-}`+4<%+Mq!`ggbUZJOP+BcI_zMq$S=a;7|dscr2bu<82g|IZVFduD9R`X^uinb6n
z&*$3D>p^@6^z>Q%q^o|EV33_MGUluujXCl-NmZL?HIWY)$5|a$f4*#$!PBLDJVkY<
z`I7HJeeGxS=cYYlm~|v#2itl?cF7rJJD&>{U@^31BZ|a4ZO+CjaJ<Y=N9t_HO_Ckc
zd)t#ReD<OjAMz@-8T)cLahCVlyucP*yVdi%p8nAkUZ?94*8EOw&m+Yk$i!&=z%Qno
zrq53<2M}f&@G`Jtm|dHFDo;%#qt@x}_AI|>H2Y=SD%;=NV3>g4=?5=T5Y>l_w(D!!
z*2eWi-f%!wgmU#o=puoa!0bv--K9JAVx6>Bc^dRH9x<V>9n!7^N#Ef7QZ4-W`w#sj
z6kU%H;mz(~*3F;euzxIQH4<t(#a}BUc9wQ6!VDbEp95C%P5-H<iAwk1A@k@*M@HZ&
zF+!KzL}i35r)V<Ep}>D9jv4G*L&S+{%Ah%u!vzY9Q<e;m?q${wprx~#{XY7WJ#OUL
z?XlCc!URAqtI{ki1tlwzF1RklkeLmjkqUWjHEb3psJeC@*?yg_-@gD)$)5Wbcj9pc
zOhN9Zi-BBj8;|17I_^RQFx|kNuZ{+YecYH{2=E9u6P2>3*U;i56%|#Lgr~KMYW4o;
z%ERzTD+Y-I5(=7VH|~WFpXU^Oc4`HJu66BuD<j|^aN{46CtIEi5(=v*w{b{^&tnR{
zI*meFhe_AEmFq4lqRJ^UbXjTAgiW^0P!!cT!u}|dHsewt3{>6hsOYm<ibIl=GN1Z3
zN${~kCUSMjkvPhc*X11d*)r&GH(G4W^cvT!v+MMiov~ARno_&W%;!6gGRK3y>VcAc
zX#Mz3wZQNte(UXsC_>si`l*!YE2YG0*Fmn%9fUHe*L{!`k{4>Bz}+RV7Vf<LjuQh>
zhd696gRA_iocQV#(RN+k!ZaW##r6XhUro4bpzl5pLb~F#)j?V-pSE@z=ucgV8!<eE
zr!cdXtGGhu?`UinDjaE7q$69W-~AMg>;*U^TPL=q<?{Kpml2sDloS?U+md9e#H!u>
z6RZ4j>bm`=0KsBE-o=3*g;vMwj!u21`}isKLmYhZHfzuov-=F4r*?(fK{6IELDyX-
zu3!o3k-_f%fz|w-cq?~fRt|Uyvoz<yno}rR|3VrGlUor<ki+`^5>0~@t`Au1Dln`f
zl)J{`9L>#gF2dr+Xdb?<``I-|fidfwvP!LSI4w+nf^<jwV{X&Mf*Lpqg4xBM=4*wg
z?`@uqmJ`-|jAolm@Cf5~wn{0@*sau#UwAM=`|Dix=c=pA4?f^AraF{Vk3g4!F`ytO
z1V!^S0+mz^VuHHH<u$VSB4rfLT<(h2gS}LK?Nr@`C0*?l?beoCG?JhO;b1pTt+)8%
z94@B^&=cD#>FHedNJYrQkLYXx?-Eqve3hIUN&|Ew<}0hg6;qb0QhQg=6QSG=h+Tdm
z{KKS(Sq)EKRAha8WaJJN*5`N3PCzSmf!RTt!PVaqxY5Ob7Osf6p2I`^+a?IzM8)#I
zaEKQ(ty~8$9{uc(aq$1%#+Nd2<^@j(`rSjVoXxY4kjpsO;=ZT09)d_gj8bytnftwn
zJ(AYmPI>iJt{~V}2_^hD0bc4<gy7Gh8xNK$LALX*=KYmVH{=OOyg1>U?nejqW)j_b
zgTYFo&xUhtSOnmSndbSF&}lKEOLy?GKwDXTB>jQk1A<q|VLYA8Oe+XIm1A?nM!aIL
zv3YM&0tr=_8-0Ivx(}e`{+`^xDB02WWU|ZC(||3wWLjazNhu$%Ck9n7`mY6#)Yhk*
z*r+uiq#4Y_$e18Q31bC?1z^hEP9VZ%|KRt8^6>NP>FL3;4{KYFJ22pGd1xhMcY%gL
zK<!TQN#<2<xB%Q5=1+~`A#)e^#_NtkPYFs4SxPkk0HCX@3uB7&aJ-1gheZ#I50Jq^
zjYx4@wHZIC1m6Elo4NLYrGB51!C(>?Kf=IUc}utKOK`XIw=$<3SYpZTX-><(LGC%~
zf&V3c$t2+TH*W)OZw9t?|5HSY5fuN;A&2ARwEl-n5e{ym^q*>BU-+ton)X*c0#@8?
zC;laZhx`9Xm8Yz6L*|RX*<6ijrFNSCHg3&KLq$bJN2fHiL=^z&U;om8d4l-ge&6DS
z_H7&;9ko?{kBf_IZx?9Qulm=7{-=w-2HyYdku98pK=g&Ot2O9H{u(}EF?V>QzEwTq
ze@7ZtzDCEwW*L^_tIaqzG9pd@52JU3G2g>d6Jd<Wpnl)i{~b>uDGBn);bFOHdXcm@
zGQKeM;MeFVN_d~`yw_i&{h#tn8Yy}}Pg{Fp-;INyvb@~R-2BI*IOyo<+kYpGl$ku%
z+S1a}+S=OI_I@QB-CE>-HiTe`o`s9+S>*WDoB#Ik|G}AUtEo{TkENuhh9wEpCCVM!
z!xsFXOn%Rd%uE=?fQ9X1>)$Ti-sVhN3y?%>3^q=mAQUGhCMG5&;Sdp3WG)G8?M+Tj
z!X{=7Q)7v8;-B#O9QMCG6PcwnX2GMTre3u9TZbDpOou^$1Rb{2+-zH0Tb)+gCzbwQ
z$hlzU=5DU3nNZ^Rd-0#*W}8O+DuU<VcmF?LzW=v3nK&*EjvQrNZ*Ol+4NIX~Y36cB
z3$0|#%j3dvyIiaS|40M!<dj)(7i(n5?3fK{mV&+y@J2E=k$WsZy^FOh5cCS}>kECY
zzHVZ`cGFBRn%&7kNnrOpq);>rQnrEHth#)Rf?p*iaSWlRRVnGN@KPFs@9aYX8W6<h
zX8z5)Za^f6gspSOY4z7ZAx3HG8AP78tIvWU54&RlXQ2&8TOnn}B(nJeu2?`KQr`xB
zsb!fO<Dj40-mj;0^sJ<u#dcUNx8@-Q-5Xo%R#`$yO4vDDi>dT^8(SO2yW;|%<(Y77
ztT<8s&@wX!?O$Jm{+Qw`^JBvP**beJ9d^s)P+D$78TP}cemV-dUg>_H`-9&fUWTK*
zK-l#Vkn1svLw5Xa*Y};Y6m;c*sL&A`PyNbA5%l3{HVl8dEvLi_to!eh`3lsqQ+(|l
zTOn|FFG;0qGvyf*9p73Tnw8Y(3)4!b5Rg|>3E~~{OK3oCzKaEX)24+v(_e`QlxL^&
z*{mo2n=HOMr5i7zO-rxTLF6P;xDbizIoW4s_t3yr@njF*kBS8;POucF(;8G&s}<4K
z)TK%UoOxjv5<J?PBh=ODGm0$23y_tSseRfayO1O=mB_WF&<O2gb08EY)AUrO|2*#)
zVQ;WBB2(q4q7hoI`7qDKq<IV~8i*Cs1#3Czi#N(tt&kZ}#t!EiVZe}pN)tpKO#?lz
z&RI9rP^^$ek}M=u_r@{}3F<U|cbL^AvO5iH?yvY$c@osCB+uHt?_#rE>D7UKbrGNA
zhs%s0-f_&a0*VmgR(5;4Zg8dD{20naN~_1|%I@H735&Dm<Mr=w^h8HU&BIBn|AU|Z
zRx?AbP9Y));Uog$|HA9?5k`8GI;JdG=OVJIx)>Q-Y3GZN4M?Ouk^~rnu6DrL-Q7N9
z^1eZ+&-<38ZSxo|?hLYB=S#7?ulzyfTr*5QsbfIzfbE-IWkXqJ)oR!c{i1m#CsTm(
zXyf3peh0vmq*D8Y@aU#K+oMh<me{M$>;3$Y$jW?|CwKghehU)F>&&!OKPx-i$;zr2
z7B<vE+bVE#$Jv@)o%t;rUz1-8xiTTN+{kc@s%7h=J_67AIaDCvqwj8QIDe=O{?^XM
zu|qEg;#nzkgg_vR7g4y<CQd<(efu9n3WV!RWH++3gAkI(SXmc#lXrS}TAg0b5BuOj
ztj@%r4)aw30a=4PZKib`r70_Y81fb5a$%b<JQs0dUc+@)wRIQuX6~$10yw<2);#>`
z7@cb?$6AmQ@{YAN=(B;pKgi?wfYe%cLxu7#cHTk?aPQ$L#X;G-7y}PG%taV6FQ%%A
z6dCA!V$x#IK0QM-y(0O~JfT#(2`Sf}oMtWf8>)%SYH=5i%bSyx6~})55JAC?$SqTY
z%wlr6n2%j7xkq3aJ3aohy&Pv@TY&1m+2Kl`_W3PUxPm0%A3QoWHFk-iYL(ycMD8Ix
zaa?}|h4`2`2r^Ss{|u|Y4way++98~#Ls7%bUo&Ch;aiFmo9#2<gb#5kvq)v7YVv{h
zbUt|uHLogVZbjVqII}_<TOzRSN!dIrgkc&2j)MKn+5&UM(RP`9ZE9f~LjFF&n~&Ra
z#dOG0OpkziZzpj^sO?NXxpS^c=#RHSa^Q+2VJzSA2cOC23+hp#gR6r87l7kOWhPN<
zq4BCBAx<JT@39R@`6PdKprf!}9w%~icMP5z#;a;nQaCt2b8}h^QA1rwWIpKTcrt1?
znCHv&eb75e3`HkWMa0wuf7Vx<LIG;G5imbAD)VF2r}Yu?O&7w*J3v>-qsK~jYM_sm
zL0qR7$&D15cswl@My9A(SU`&;%r43SFettz<_otl&eG6M8o;!+;_NOu)FvP_t{tpu
zV<|D?R=6PCa;kuu&-69=&VO?i41a@-{fLvTI<j4|(JsI+lAxOJs}o1;9;1^6juf|I
zAn9Tp8kXjw$ycF3cnESx2_||Q&DQjZ-zVA&V466<&~LgOY-#!D%tJb<O7P}f&IerU
zMznt|K374?*4C9TdgxyOQ@hHR7RhY~0k69_cQH**YzJJ$_4!Y`{4YBG@C{C-VVw5`
z9kMde1P5QDzJI^BLSwwM3ZmG+<_)59@qXH93{VYaqdvU-F@D2+ZM=hZvEAnX5KU4S
zpjaZ9SwL_7H!-;pa4=-ehCMLB8IVyq_!+F;)e88jox8ScK~JSg>(7Odzle#`N<fB7
z7Is~3=7oZ$JViFRjntagnDsa)XWfvXKy6|xJQrvmC0V6wS}Io7fhyI%9&!+#ae(+1
zN%@ofwimujV{aawLE9w>*V)L>@+rFED&*l}$EdpfgZWu4ElQ{ojVf*9>I>``i$;AV
zowHZd5ZG$7SBJ-_=qmzGM}|r~(b?0ln0DWX(#YJE#qWH|EuIlMczf^UO?H5lSSCh7
z_w&q)9H6OfD&zGXwlVIAmBP{*a{zX@Z`p{YCq0$q6FZq?w#$X|_1R^D#B>dGb&}H0
z(<nb~M5NL-9FR4<3Bo{<L~7NqPtu@Q3!_(+5I_jGImYM236GaME2~sptX%5kMTpJ=
zwO-?M`ixzQMih4!)1Z?q5GDfd$`nvwB4%(xZ)Ff|)_S3Q2O~~NOgh(<a}}x=-3FHj
zC~vgHX=8^qf=a_|QOFBE_2sZg2;fK&!B*Ww!CcxKz9{n%Xuh<;FauBH<?$!%!Px@J
zr(r0&-Ogk0!3gWkdrpy3N50%FWXWQs{w)Db_vKjfc)Dg}v*&KFB|`1=rrQXDaLH1i
z=dG43K5usE66o!87TC^M#w~Dy6S-5z$Hm=CzrTFfruHw<?3!?OC`R2|F|32p=}Qoe
zncPg}cQKRgixT02*=qOif_p#0?EaNR>(|A1ejg-ddvE<(RF*t8HSTf7DjL&qfTnjf
zD!S{bT?A0Dxj&t+%>53gjY`sbYTlP@zKVPJ21Bl%gc{NkT5-|#y{P7J^7Ck4M%1)u
z=%gfi)^?Z~=G3Z&ap3}eTh!JNl$*l|`N^2U3<Za#Y^E=H#V_$$fK`Z&tn+zCQ$qIc
zY1zpwCK04VNU<(;Rxr!y`h7GK83Vc;CFrtqp84Y)V(6Xhz63yI-q^L4stD`vnEF-p
zvekZil4~D@kXW7U$cV4oBGEZJhvnQ_2$ZFFd<27ILb{D7QRN436Ud#bzFQ2@gF#yS
z8!<6z1|C39oVgUS`VudX!<}P2XPEoD!`i0v*4MlBfIvnq&gj=ax^^qJ(;?#T8DlNy
z%uKpIolN3XGZU`>WjOKrSC&D_kYS2&e@n*qwa1p=iK;NRzTAvVnP{ZAe2<frX5X7c
zD>VUE`<8U3m5`9`jrW#Of|H4mnUs(xEj4I?mPY<5mLPp>NROS*^DXF-@Rvd-p0lWX
z1VXx*YMC-|xz-#>`4~|vp6278&Es3mi4Qc{l7czWC>$3xlYt+9!aPUTf;V$GY6bT}
zSP06hU5G)y%_bK+V`0Z_;^w61hN0HT7VKeW1Xi%jpAx1CMB0REArc414)@znYJhA3
zk}EuJHptBQY*28wsY&l&S5#5tf3r^O{)`pMwQA5|CuzwwOb<4`ll~R!Hse%ERzN$m
zNk}*iJz_!%$+Z7Xd04i>FJf{g@j9r;e+ZSV5<`CbyDef^j`*)!cUnA?(l_G0>(&yp
z^ho$}OaT9l7O6}yHf=(C8FUzRX9lYCwzUBR&qpIdElN}FE|Hc9trex4u>bD{p|(XY
zc_4-)nP)Ap&Z!uy7drLZM0IhhToqAA{r!lAX^{3Oicdi#^jaGCwsyaW^Gl!6!e3V~
zP^C>Jk52TMsFdk3AjN6~V}z*;T9yfxB*SjQz0nD4H(1e2e^cqbMEPFnc33Ie_8;4L
zjWk}b&<11ly~lG?Gk4i<nqAnY`8AkB@ikbHyx=n&^Xk7&^#s1jO2T{ki)oU6gQ>B9
ztx=e}v!J2m4n3Ba)ZRRO<==S0_dZf=QfH1D@GVJ!2mzrERuwQyO{sS+CFvWWABT~z
zT^wf6<#48b{5he~<~V;gLW7VVNy4^9yh8P#Iv)qDSE-ECw6Bo%MJc)m{~FP-;wFWM
zf+J3ivA+HviqlL?f&XN_{+~GUEZQi52jzc%EwUT<=WL`cK#6aW?mwT<1fIEgTBv{d
zUmw7q{J#hqOmiV(ozsJb|7{&yrkrBD2-1K3Z$65>|06Ha&BP>Eg1pt0!FFOoR<1D4
z#5C97HQXM=>uu{I@bA&Lh8ZLU<Lt>_r~CU3Rx)*`l@ZsVpWrg_6aJ=vi_pAMM*Qar
z41w`s{r6R--Zb&gFe9r$b2cym+}E-Gncr{k_=PDn*%23`U|dCCc#b95CCEQw)xf^L
z7$TKVrs;Ov`z~jnXT~jl&A#`!rG*FV1N-65eAf**konOx%@U)*;AEx4_i`^c)4D&B
zkUQrq4AYsw;p5{&#%1a?tzFzl&ncw-J@f>M4F|x8Z)7OrEFEBmKdU)}a_i(m8r_Ck
zRBzC{Zed{ox(tF5#oAhNQczPPAZf$eP&qs}NJ~qrU2FOl;o=qOzIlqW#q(qZM$Bi!
zk@mM58ZnEK=c<iT8j<w(Z@z1m17P};O@*>>Zy90h6Obtk6yoB#&bGm@M*m91!uj%_
z0db>Wq<%#pKJoZ3l@1I``t=EBvHUInR|rxGtvNYUa?g5#R;ci0@(dQakPGE+;9Z~t
z22}W?>d67Af;tR-Ap8q+tmTt41;i)Cd?<H$xbDH_B@Yz?ZTZJ(CKRl8Jk^MNs!S!5
z>*{d2FQ_5$m#SPP9FaUT5>S+p8-MxqPTJYblaY|5jxmd3V$6%?MImCAVy%}M8Nbv1
z9fm4tZLkdz%wvV|)Z4tws{VzPzD5VLoQ%%7yHZD!uv_l!V$wwIuL1{uXwI|A3I9Sh
z41fvJ(#7K%f~(Y&>AiVF^#ISR!$j9$bmVS$#$Lz|&WnDg)qp~Y3d859AKT-b<W2=i
z)-b!Kw52SgC(*iiMHHEJZZGF}dU%HorYf|JEbO(J|F-f+jY(SfukUbvWw6Wy*sMGq
z%rYFi{rm^|5kf<P9#a7A?>~=OPsCx;<c-5Xnf;?P_nr=H+R1k%o>TDm%+Wk;4qpTB
z^Er@)(i3i%bbR7FGdLVZV?>zW8I+BCc1b<9vp~L<7(Ok(H(b_jb_Acj>s#EvDeS}Z
z9S964Vd)ZvwLvvatpOPhE*mXXAt@&2%l2?0jE~!FAgaUbObnFs^bd$d`c~3=eU@<k
zG_c5z-%KAS43Hch?X<TxBySbOn;P)-0mS34t|bgacZf79jR9PgvGVbmxBCzT^&Ga{
zd3e@yeQJ*`|Itv^{`KPdp|XL<?8IvV9c$;NB=G~69Bj^u-`Su`NJ)iBz<9PO3N*hQ
z%#@-DGyGyQY}aN=hA9dz{rN*ST>$PP2Nt6d#w91umuoSTpZP;Ry@q>ier!>_y15yd
z#mrHJ;i~rb6)<oKhFy68*kRdZ>5RtPiBzny(j>^4G-zjL7|v;_c#LSp_fh`tQuZ_J
zcHaFv4M)CK6j9k7KHRM0KWbT7sW)v8kEYJsw@Um!TIE--_?;Id*c;~$^qNehNp_!a
zm6U``TUD>L-)&ix&Om}=Nr7}5+F@BBR6SL<fblGLttzUb_K$$%?JXQN#f-~P?^r$M
zg3$drKwDZ4?H0Cjm5~6BGaEG%R2ETdenCx3Zyw8XKr)lhkME!#d>f(V)|CJ8&;e75
zE?KB6U~fFcHFTV9<Tfww@?CX7aMVsh#Vx};3GIWzF`1uN=TmY1tbT+^;&~BTnf$M?
zy6jaUcc}GD5MlEs`<7c%>_>TbG_{rZ6m{urfZpM$S(J1}X9jp3!s~o)nh#zjF;L6&
zHW|QfFzR|m7G*w*VzMb{X0hQ5YqH?R;-a>?T{>Wvh>|M0a1i1U5yBHe4>-{m@Ypd|
zP|)9q_xl)RktaRh`>o+}KevZfKdm*f>i#`#f<i{2EEa>SkM1;$Hl~<~;U))X5yfs<
z)NDye{jMf2Ss;Z4AwfN@_AK=k#rn~#pBbgoOfP+2(CLhM+>VRbw5(3OxS+*w<MPjH
zoDrQlfIZ^wc4g1IXrqwU*pw8SJaV1yr(Eyh-1uO$axfiTLEmeM{KLcmf<eh$m`>;5
zER3<<e4)k!1~?A(QBhFzjE+WtE$y^y;mvmkgG%!iU)xX_<=m@Rl8ZhY%TiJ{T!kOr
zC^1#ykOR$cfos|)O5Ywoo(;dzoK4g`@KRI9D8Xw$2~5&*8K$DmcoRusTu9z2(Tkg3
z`erLb=z98f<|_`w#gpaqH+bZTeIuPdJ6r7Ea^o|x)qjRmR+8ku@kF=(gB2T5+1b23
z5xG%U#*KbL%<q3tI0y@|R+ZLV#wr%(JMWnyRWca;kb66xHDDm%uUfK8xMlxCv>f;I
zGgL)GKli;sFe50@ewn-Eu{)daMdm7-a{{0f`@vO^i*sAjvXE6zI<$|+_x8{v>xIMd
z3K_n-vy8r4P3_8dHHk|2+2gv8Axq`{9>#Wu$ovM{`6?Le`B*$Xxe|h(&McL@-M8FY
z+yGr3k<=ozE%=atWV909>hZ7=KI+H%M@4$97>^&J6~8?yI;vAWjEeeLz@@w;BHQ=H
zt+!M@)wCSid5z^aQk=icp4W<Jx0554%6(m}Uw`K!h1OQbcx*YkzaVXG2Lv)u%c=S7
zk6(2`=;vjHTbyt1q{n-uqQXX{qYs=ML#yLSuF~IZ;A-7)t<-1ZpIuc7uD-YobSjh5
zP!NOrAxF}}pI<f_4fjqzy|WmK|16(u|A#oJw@hMCF(N|1pSKC_5Hh>`BSI39EkBuY
zIrItz*?FelO0y4MG4B$MZQO3-&Eb!lvJ&Ss-MVerUC)5}F9tJLD6tZ8H;i;U-TQ>f
zx0XWR<`@+MWxV2ok6BBrIj<aW9LNM@sL6&#(uWYi)E3)^dsN|`TkqwZG9C|&x6InT
zwMZYjg)Kin9Urh)sl?szure9VQP56&MR0gM;oS(KZ27YOI(Y=fj7tckvCmX$uC1k`
zqZ6%Smhlx)FL$C)jEB>NQ60v|yKeL%l0^SJ(vr=k0LBajA>*Fk`B}tMzTSSy<{rh*
zsor+lyzI-Ch3pC(pQDQxY3$GtuVS-qhKJ0c`&Zn2XV{|7yzjOV({kV-V>~uUGNf(2
zqLx;1S+~M{c=7Mp-hIIMw)K34`Yyoj?oKLnEz&~|?pgD|MdZP0f=lLGC|0`6dMH-G
zXS>|5iL!>r`ZujkxcoO?U%fnBTuy5hVjRcSUA&|lM_5FqJl|X#)gh5&8zpo)?c@2T
zL%UXoMRByOj9$oRhG6l4y$xdK<Jj1Lq;b&Cj~*-(0Er%xgBGl^)g!llhLV!D-Qa``
zG4r2e_nUe0w{k)HjBAiZ{?%TNOOeNLBq1Zl#0&Ynfqj1E+toWZ^Ak14(GzxkzrcAC
zpbDUW`(h-{i3AV2F5o^;*_|9}bj5uL+FBcV&6GXBz$m9ozf}VNn53Ye>G~86=Q(1-
zj~P>=iP*O|EvnjG<Rqh#jYcErxR0ldSzbHoUDn+ZG(CA#4{&9jn-P^9a>lJ%RidXA
zSBllTJy@9vP|8L2*d_y21k^v2KeypTO&7hS#02T9F_fh*v}gI8O&?`h^o=V;A8qj1
zEGc$sSFI>L?p?kJ7`)5&yOg45;;D1{k?A^dZLL^w9&RY8&*>S{xH*Vv(>GX#J$~)!
ziu|~GhjJB6?~cAWgE%*-k>(PI9_>=Q&+p_vWv5v|&bz)+c>HRNBwve&S?v2fEe1h`
z>&SZPsP}}qk~JBfCO-#v!_E7b3wu*TRoS=7x5g(NTGfug<x$P;)3Cf^UgqI4$uzT9
z6TC3<0j<?AAvxKun)Iqtui5bix-2OvxoE?5Gh41TI0`%QZHku=Y+irDEo#0ISd`PC
z{p|0-l_&Q7hCsj*TG1NvZMv8bbGSE-Emn+rEd1eWGJk=vl~(m(V9?sZHAtTv2ZqD&
z9`vBI&Qn817v|@=SN!_M?em0-G43cfR27Lpp6NWEJIQ4!X`HT7A@Iu@Kcgsgy_M52
z@HV!sBFIgs*lJ7S)TtzMjn}N<_}Cd&Jo@W02RthAmlC}kkB{isyOw}=vKET1B84E7
z4DLm69JpZGIvCB&O2N$nH@ovzCPb{zD7;0-k=yCnUYLf0AhO?FH&~G*(D&k0x4S&S
z?p=QPpJ|-W$GaxrqRBmlqIzIRxM=1)<^<mBR5=PvSe*GcF-b0(_T!FxHG^BW1GV<;
zi9RFr3(I<Z4uU1l9OV}h9PWHm-o)8%`T%d6Z&->2llxM^Xe3fTi(p%0L~~-Kw?BWc
zg<zTQV#QrgXe90KdDlP97U%DN;4$$kK_u&{(bsHg{=$cfG_+${Q5uM0076GXti!@8
z5Nz?<cexDW-WX<63P_XzF^~^YyZsgbGWh%ZQ@5tFaObxQnxP&&iHlckTuX0jl%Y{n
zGPe8g#3>mYG3)glv>y@PkSs(SvC&CjmUD>fWm_1HpIa6X316VdPA75Vmg_1O+T35U
z%bM>Fv0M6Tmz!b_AqI5NRHZ^wzMMVQ6J_n>>2hP}3hg3bA?d{P<|Y;-#2fSsprBr{
zbIw>z$xhL~>Pj;r`w$o7YD&<i$5S^n;fw#((&ipHR)+GJ1F5jMm>Z_Z;2}s}GW$&Z
zjirlEcz*()NU8cJxg1cbACz(peuR?>`Y?h!BKeq+PDmoy=Kg>x7pxJwv`@_avg^$5
z)X`SEy=dpGuK4;5T2P%c3ZBq;x+cR6Yop&#_p56OJ?eM~&tsTka&C{9PfG5Ak>4x0
zOacVyx+_wU`DWCUwCANsQB~T*)4H!t+HbzlxlR&*lbwt?gB~{mGI$$V^?QTWe)~~D
z7mhNXirLYlgCxW@H00t)C+XD^^F%rEliZ>DmyuQTj?n;b$B~rWzy@DZq3sifQrb`z
zlOq<Jd%w&COm&**)H?6o{0udn^pp8D=cJvY1H&VF9=62q^8hhD9%5Cn71oL^S^t6B
zaJgYWNgAu;c?2`ABczS<9C`t{KiR=h6o8EKO-UCP3dW-Z`n*XwWztvNCR1-8T{y&V
zf#&*u#$S*VRaF(LFV3c@9V3Lur14GT74qIyav?4%$E52Nja*(j`=?{Fyva*V#|>8p
z0CWmlw>)?-N~oh0w|~sV#r4)TI2+GJ1Z{DAx#m%R@`tfKf7ux&<|gUcorSYbO;0C8
zn?HRwV$SwbO8qLEVI6ywbXgN>vmctUU#3G%88@CIYRSaJarKu^cjYaDGONc4tLdMz
z?G9AT>r9ZAPGuQkF5Q)pkVt;4Em4}pul$5TVLJOFy)VtWWd6ZphHRkf=q!aF{l;!J
zjqWEN>Vl^d`PltTRRK;nq-=iY71c#ob5{6n>8Iko*}^w<6aL;V1H03^lD(ad`gTsm
zI7$O8so{WWR)CfTbb2)ak{|_ba#`A^*d04wZg)3Dw>xIztjNuB{FztUC%CD9|Kr`_
zWR;P(b|l8KkW0J5yptERG?84XN{GeZ*krNi_A4&MRsK?mf<@23p3<n0fsd?<o*aBc
zh<LBdOEV^P)zoAZxbm;jXhx{bkDCP3cOxv5wxRmx+n4S?>**=odywI7zbvj&8rRfF
zQA77}N3w(j9ul-ZYnFI^r-`l6Y;~@#a^S%k@A^W<1^soe_|dakV5BT2Nq`@8w?|su
zcrD@B9y_9Sg|so;TfG_3fe*YqdV2Vn&L#PHHbDAOnwu!39OO-gUg#s=%qbK4o7vA}
z`#E<ueXcaR4mvQ4t7gg`zBLuMRiD1OxpFO`HeC3)Rj;+N+3@=VwwydPd%3+-3C<1x
zaF6xzyT06fX#8Em{tnUK5mH^-Y>M6=zDeFBK_t+&-aFlHYXhd(OR^b%Qnj~q+#C~=
z;|<GxJQ|)9AM`E}zufF6r1Mj~5C_8`ZCN})SAJhTLea$Qq}n{n;*^`FPJ^s-+EBeB
zJ3CSF$<N1(LyQBWn4Nc>RgxD7?#?x}GYm|=*F25-ARUm24GN|>rnuS7$M7V^d8p2D
z`q`7hdmfZ1Yv{6XPnCh{yXGG`ah}I*Gm}n%v$pGQqk2cuQ!M=lG0tIASu}C|O8ARC
zJsPlRi=T`PVCD&?nO|-d%QM4Stc=O5@Exm=u(pRIXwU-@sFMP6`9;Peqb$F?+~}h#
zO=X)Bw~onN`Bs^nds^99`7n~a9W%rEBR6jy8h6WJQKZXvHTofC-!V>3wmh5F07ohe
zT@+<?-rTDK34#juRXmzK9ki^*z24A3VIcHo?^l-H{##V$Sh%m~`A>?ki^zWes_^uP
zI9)#ukFG-wlk?KtkaJH}NqyP6>Igwr?&Wq8RN`s&w3?}J!S%+T4cgc8kS6_8)pXS?
z9t(0Tx}cP6jbqs8YHKB<zh3A|_Z)wDx(Nyip-@ex7!#}ldCMlYb*>T=v>ECorJmj%
zU3a~x5nDV!1=E=YI_~OJKG7;f-yZ|??cItrmN8{>W02%dNTU_oL5HHX+G+;iAtpZ$
zc9-4NpG`Jmw@d5O^Nzy1n!_qCswVD}@tXtL0$u>xi8uLU87?2Y)}Eo#Hzx*ugFvFj
z-R`^achz0=@xz4vd+OvBTS&t^w%9~b2a+Lau3guAfSq&%nv$42^Vf#Y(=$uSN=~a)
zeCfhyCon}p(bSmf>)kV0B*G_W*|EMsOm4P|F!@<#KWto~4sZ5nfO|<cyN)1ELC)TK
zl)=X#Uj1((DhXGY)ywaueq>SH^N@$zKSX_5r#XJ~pUxjO%@X;wnTQL^Wph6FL&`o9
zGOhS|de@ZQ+*@3No0wd@(v_$UiOQnWz&s4-2%Ng9h-h){${3N3GBnJ}_B-}dQ1ke>
ztGQ8MV5%8Xrt0G(^@bpd+3~T%422{bKwIZpcjuQSLOVa^V0clSZy=h#jc4~o<#nt?
zo~4j?0-#%zd|eT;4j(I<#>~xKd2Hh7Fm65|x}F3X00E8_*L6?{cS=dRF?(v<NHItf
ze663Z2Y;q%OHR2h8G+R3mpN?0rajMDs#=`)HN>Q9zm7AH%L=xBrf=Oi&RW7RSKRtB
zQ2R4LAO^x&)0~(Z<x#oQh)43ax_v)mqQ5``vp}dL9-z{@i~K_kWn^r)MvV+xwk%w&
z`7<&5VYB?U!yqr*S6H}rJe);d{;HM7QL5~dDpT?OkGE~gj{yTlva|)7#uywlTj>i9
z(^oGyUA!09)RfSSI{TU~s-Dk}#VwV|>S}6Pg$4S;cd1KS)lvQ1TE%3I_8Oc>?u?jy
zGP6d+#GuXd?GgUwe&|ykbcZRJR)f%S=~Fo#AG#rzg^^r0=9UOzbk*@gDcd6L!?yc3
z_w3ruKKsB;L|HM`sV^U8`ud_B>5gcN<b(O9Znc<?T53#{%66mnJ|hkW%hJ((bXBPB
zzLRGzyqF=g#}SoYb@e#PXm#}%o62rv_n3!PIt!z^n8h62WX9#F+&Gaudf1R^k$P%r
z&A)mjm;_aJbRPe%u~Hr`55z&#-?f*K^$vMMZ>hA!HxxY(M}9KbmHQU%wwJan%W#3K
z9=Q7HMHI$Z`{a9**%FXFHmIZi;2kr&{b{Isyx_7oFLaYSI#ZzGW>DNS#C6_ZxL4;2
zqxhTu%Qi#t$Y!+C0k{2DL+WNf>OQ~e4m7>G)_OJ%`z5{bM!;px_$rS~+_G9oReLsS
z5j)tJ$8;r*weu(w+47o@!(=032o}GaecO|p;SyVL+c)L}Q_$hD+!>`44^{|`t)mHG
zpA!Qu>!IjX|90Hj2Y$|CF@f~=aKFg|M6Go1&rF*}%nDl*$&TmWd>Fq4Ulc`Ta#?K6
z7_cUG3Tkqm>@@I>^7yl#B;6=XUJ&DbYIS3k`v?&pl;AJvq6QSZHw)BnAZu1AWeJ!L
zZfzniv>tZO7L=kb*&IbomL!<P(*!A}vsr94yhT@Vc#Y@8%tjnCi@<BLGZo0#<-E#_
z=eQ8eJOx{rg*7Fxg*jKCq1xHr;_l+rg@|dXm?dDl6DEG`N^^5)O2_C=OzOXH3%Nj|
z6JUW`gFpD?i5RoW8l2;U9w9c*Y56C$CP-|khq5q|KS{zOUd004^K?PfH2j;tgR>h<
z#8qW&IP0%U^GwhoItio;cw%B}$yNH`W!BdFzNfW$voXr31{~wqVUOoVk589C;8-O{
zD;6rIi6bP>EH^HBg~DAFAF<kL9Qn)mO{>e;h2Q{F->RaFf>(;yVbox6s_}GVIqR-s
zT^?f+A;(PW*PWaZBT2&zRpR9~x5nBvNLy-TSQXogpB%F^MKD>QLZMnhhJd}hRG5P@
zS5Y@gPwN+Ci+$^(EyoBfUp&>^6eA7(pQ1T{U22VO;XzN`4db#y#{wVa79~2GxKM8!
zTt~T4zZB7RlivZ~o&%m=35ou$lEQkWs^;M&jRqbc{?xmOm6+`x9)FQDW$PGIMVXv(
zV}J4c7V<p;0>K@JDcz-{d^v%!>PA%-Cpv0b`HOXk!=0MI1{H=db;*CFn5?L*bU4mr
ztcbL?x6kmoA!ZF2>!uU0aEo2-VA-78)_Y4`9$>VcFWs+F67^fq%CFwds|H^4!WKW+
zdSix@vL(FmRbanyYMOUYR0^AGKP^9kR0nMiklRTf9tm4#Ya3h0U5%N>jE%s_dUs<U
z99c-;mY_|PROYmKGT#@XB!+}vNR%q>xsS7EUKlRzq0D-ALbBzUU#whQf2C+3*j*eT
zXctqB8eiySohzTquER*dTy0p7J4(7|7v;baz?Ejcw{J3DG-V@Il=Z69F{yvSM_Q{o
zP--&LUI28Dr&{wlQ;GO<zjjZcPfLqCDq0=;1jRlZ(Q98|t?~D4I{DSPrIDd9xnDV~
zZ(QFs!*Pc%R_Age)qgA+^PY_)Wz$@xDM=M9Uq$@2@kQIja0`2-A`#h#2XAIBI940=
zXoX=SNwj!+p{R&ty$6TMkY{i_twQIOJexZr6zb?WIAfNg{U$1t%|WFm77fIus*7f_
z$>ETJDW#NMZ+tC7$Y<DywJbq7Gp*)zY13foB6cB5r}YUmbAfhRd3TK;>tHEkp=#r1
zpsxPYgrXS8>kxyVDUruw)8^Ajmb*->2-8qP`KqinvP$J;#IZ{C_X#VxR^5N&|3V+f
zVl8NHPNeA1%C)MCCJ$Dx9A(19sQRATZ+4<asM4Wm*PI7-DjvXkyRb8e*t}-=qY9t(
zN4e2W$Z{jYIW#FAJ+@AtX#>-Jug9|h<*EWH&(hwb!$P3B_^?bx_$qyPN=~T*eAr=3
zC7p{zDxKl$^2}wst;Eb8%&iU*k<=X;Z;!vZof>?}WY`8!Oj1{Fctt!IRhO=QK9~1t
z*_M4=brNu5cI_^%yC4~RiJWx!x)c-J6bwtbmS<ft+)Jw)RPNd_h75f4RvxPstt2w-
zL7WE)+M$*`e5lUF?1+p#k9kN*zA1oaaI==PJ34gDvKJP^9!4ZuzH4kDH(c4*v6EQ-
z8568TR7zm40fGw}uG*T(@?{pDc}o8uw7q3mTWh<v+X97_A`^Eg?(SaP-MzTGTPRT6
z-QC??i+gaF;_d_w?94USyT0}AZ+(0J**m{;WMmu}Pe$_G=XG8cDt5MvXKD2#c_$3)
z$C;;@4MuUlG<nfc{DW_FSautFJ&pNR@0VeIx{Lfh)l!a%gIa~er7N|YXqcFo*w|Eg
zD{z>ZnQdu*oYKT-^S^gkQ%K~iyBk{Bvj)Dyr`108?)+Z6@w#|Am9XD+i#q=TVW_8a
z1c~tQI*bP4BTrcGiQs3+LZhPr!_eOrEP%O&fdX4>J4V`G%JK!-^q<`0?!S)+HGjK$
zIX%f1VeUA1y~inc8>o8_(GHV-ww6#`9kCYBVcd|Hl#-H;j7lvLoIukmhR^e6oX!2D
zB~`OG8kS~i8HQQ#tnJlQCo|jQ-zVyOzm}=TOx=`CR(NLZ%}E3KOGbopae9hXAm;B2
zyNWIB4Vh2IS@|XW%%C3cMoFPB#|a~1Opw}#K*@2Ev!yvXrQyT0lMEE~imJ^`-PL*B
z*lJ}|zQOVAfR{4@sw8Ov$`DF4r&2HV;NaqC554AE5;X>zMY>^?J48g?stEm_5wEF9
z>Eg9zMFfOvO*YuUA9d2>bZDshiQ!+>jHw`0Y3Hkp-7H38(MP?l)Ue_ikP{1eP$nIr
zboKWz8ZL|#M*Z<Z0>ZWeS2B3<5X+?GFotTnZ%3@I3q<_lOp*xjgsYG#;#E#w?7m=k
zvpI0fdeLs&;Yh$y^xG};<^l8vpL!D(t*4i7e>L8v+q{gIjB)0_!a0@&Nol1kxo|xd
z1)Rl8b6}J_{UP`N9v4<#-iD8)F@P5Kq|BUFo+wj3n3=CUH6FmZuT@4RcFQQVu%Szp
z#Ho#9=_(1cpLwHvK0^!B7j9))R4ZLpx|l~rUQ`4n4-f*F9XN|=<+<U-SJy?i1%BJr
zzZf5@^kIc#Z4^*huty!_V6Qo7GvRA{DW@VwUeQ7cxxI5WQ@b%%$NCx^S0@nM$HpjE
z<CB#ZKS|B7jgEzWU}m~cjo!5DzjFn{=TEZdMB@Pk`XOwKLsTY)P7z&xnsi-C!wu5s
zC@B?nPA>N)MPxkZfw1{-BE_trG?P;0x0I1zPf|*FoOZJDpQ`j<vT|_l9-%(Cz|4}B
zdJt{8C-e>w98OQ}%=Z?s>as(1hh^W^UPhO_B?QP`iPoF<F2@&ktQCKH1g`dwCdeMM
z|2S*AyqrRCbwzY?jaqf&gahFyUoTu#`om_}x5uhi0zz`5b%j<2a|FNQ66Eqf|E%Gl
z?_u}`!dVl^T=QNV@PEs$u9opel%+bR7b@dHDw~-IYe(XD_LHcSzP!iZmL<#h##%>~
zxSjhup}k5o@Ajdx`-FgGO@2L&k@Ed|?z=?r*U4Y9xA=812I(y#tR~Z`pyB3yZQgOm
zrd`WaO)nmv2Z08gKNC0xAWbjkG)gPS)O?OyZdUw|*SnAgq<76pF0pF;kNm|K3f<E;
ze@TA$ser?3GF7Yshspap0_L3<CVgwb)%}t}{6e39qC{j11{T6xNWVa;%L|e$pw#^r
zTW;&lcS?4Mu=g$rPE7kqb{wQXVJe8uR83T7fuRDRbmeTK5RRqGn+!B41^onj{`~xg
zSMxzoC&R9p4j)Zn;Lq~nhK+31GJ?tQ$P}K<g^h`|B&j8)B}!>9$MgNkuGJ&lW9zaT
zbJ2F4tS_rInxLS8pr7A61OM~#8aJqxv#H)JmkGO0Ryob_Eq#49=3tF=AV73BQv2s`
z!?<?~n@@v<6*V<p?jJw?-tg_rI!mMCtB*#FqBN8ekH&O6Q9=BCcXtJ<Z@4})GAc*H
zhK*8+ze`d@>#5d@bAai<Rjy54buuXH&8<Th(cn~35fMSHuXhs=Ca&Rkr$GJA7M^Eq
zZZ$WV9@I}v8&AbWH{LfeD@8!IzzqxYi5E`^!O}tQ<NIf9$5Qa7??7I%p#uy{+Gm9?
zZ^pHvG)dAFO@@&Wh{Qsabw|;`!NJtD$Ze4qQe-KIWPPnKj{h7J>nMt`^3wARz2yAO
z_^8#PzdaBF5a9Zwgsfgd$NY_L<j&1RazUKUsD<s-Ss)|`#Sj)&ULXs7X*!Vi9vWaC
zP$(lP1J<9h@kLO&N@n<*FMv>s0_PO|k__}x0+8L6H@u7($$&l|zKuyxZO$Y2KS07X
zLyj9rlcb74wx^!=c{YLdK`RH*9odPqc*&dfAK>HX)Ww_~>a-+6i;&=;Z5O^HrJGx6
zw>%oS<e#G)twRp;QJa09N+f5<==AjTj}jGj%|AWQKVfqX`2Ts@|1WWy|63>{IP4S4
z!`|BlWXE2o%ZnY-@>NNR838GnJJ^C;@?YX42ewcARx`#F!Fq!#3O_keKEpt^T;UNA
z5D*a;rmVzeWn}}QFd^^P;tVn!h3MlUEl@(`r>k0*KV>O0Qd2D`PayTWkcX`;>Uz5?
zEiLWWG9C*^f+GjEun8hOBKkY%vG|ih=;fav(hG>0<4d(cj~ztlVryHK2J^uOH@5ig
zbgAa$?zrIJpQ*s{<qw3s`H#o{r`e-vI~K>qG{FZwKs@E#lt)F7*gJz-FJQxyf<vS*
z>z~iKakEM4TQ$w7RCn`k2zg*1Y;f@X1s;#<%4J;IzS9DWl-Ah=(GcTS4lto~X(3+K
z^u5brah2cwaTVvCCP<d*kGd54>gZ59_gBOqSyla1Tz98KEaRad$jhAbI_xE~OV}NT
z&ZA7DR0Wq5z%W)bq;lYYDU@auz3ld7N9#|1bF34s)T^TZ^_o)BY}50~rBI%At^PIQ
zO|Sf??IU=i>dxvM;lrB_1cXWHNAa<VI`@nHHBMcF>b~>YgL7mdJYp}`J*r>f8_^pl
z%dEF_jY5*L^5E(E{x;mTyj;LZr-WZsI;+oeU%^AXk_Vc#HRi_$iu;|o1kRkYi$PSE
zstGD?jR$>zQni+W2m?l^mj@?*&8xAbjF#g~jv(OnwkT!w`0vyEC9Is}V|+M4yxa5i
z^k>{DF)pqxF78)?ukqp5urp22YSL;M=*lHgS)PTZzEPdE)aQ23F*vd?t$vpEhouID
z!tj=E$R6T2H}uaXa~rPTCLZ76hB{wG{1=q-;Q?)RU*wZWZ<qlli_c25X0;ovg@0u}
z8Ti7MY;Ar$GcIh_{xU;=x>6!X>GYvn2H#0%JmmZz1}JxGx5Zx2Cyw;_YUQCPE^brD
z%ePz<IAw!P^wxbtJna=iA>=ufyf6;nr^RhJTM{vsH)yT(K9t|Pq@{GPA($2;s?Z-C
zt4ZmQcbx$3A*sg-@&Tp_8Z?Z)W_Up<Rvb4djzG5RpN%dISW><SUhw%Gug(O*J&20x
zMs)ie9M-_$Dt=jASS_R9KE`ghez5m@wJlk#_w=36)58Rpr#;&qn+w5;o?AigE<w5@
z5nC<K&QZ+9!S^Q%B|vjDiqc{;zpm{eyf{@|wW)0m4Ytp%U#t(J^t!>)9odgfG0MNk
z0r;-Fc2cI3;7oC60TU(@NEO#OR<pi2da__lL}#3Ke%4v!<F%4?iLAZ{dxtcC+1@^x
zoz{~CwevEkAl+x=T8m*&nUYC!Ci0q4s=L`~J9mNvX&U%83~l)CQqZKY+#2E~%DjuF
zULHHJosuMyrzQ3YxjSJqi9ZRie~3dCA|S9urD|<aIOFnC<FN+Ed@a6jGE$sAS;0n_
z>g${7|BXPpm#ltOi16Up-=#k+wmxn-UZX&a0zWp+ZKazhTC57J+Ho5D1X@Ff$H~!|
zLYX&%ZL5vf(Jo)DY|La#oIh?N#Y#?b9;|Pd@Ozp5i(4B<VIi(CU87i_&`cyq^yisg
z)OgZ2+IoK6oS@RXiz)Vw+H5q9_eZtT6bvn1JTZy}u+N63rYc5FzWiqt#GDoy6C<HE
zis>S#yc2zS)@>m+zkreBMD@=_PHm#ONUW%8Cq?jS-$4^7X-ejtlU6(j3%G;gr0`Nn
zR>TIXoXPvBd2Xx>8mf$M8QjUr)nUwJ+O6dlo_I>idAW^m7@tQ`*J%oeuJxw~e#Srr
ze?Mn-1#>r{z4#HJ{#ZU8XO{q$Qp8Buz&90HFImH;o!oBJpa?P|ygN*K@1+191{Ag~
zxiWwYo8ESOheV&nD`0BuAVb%K$3UZV7jseMqaMDUqvnrDvI~jAHx%S=ZpoX4jFfVC
ztYp*U{`vZ4^a83TBx<4m9RQ1y1^kQuT5#PXKz_b9|EVtgh;;m^x8vwX!uO%k4i|pd
zxrYX+KwU|$^9df4u$SatNEr@)7=T3vt;~%49L!B+V<vjxWAS^wI^8(;T9Q2gVsJaM
z!Sm_%VWw5sPqe2wbFhGc=ewM#Ex+23=k;x8t&(6ieNA$nNz!Nwso$%cw5BEy0EWH0
z;5M957)I6Cu(Zls$BIjkkXu2?sMwS*y3aFAi^aQL%2zUYk55c?J}BV^KZA7YS%Vo-
zHTL*7Z_n=x%N2jQ5DDD>sUkrS-&s7OySWq<bGq&?iMccqo}DU}QS~tEue>saJ86W+
z<+HEy@HhZ|66u2+bg9Ap61YS-GDT}o!*`Rcpy<jYGE~FwaK2oPhz1w(3HCmt`^V`<
z;(GkBMt6>2ncr5nKNyyN*-Ic}NqFn6*cgIOE~?th7sQ6eGrlud0<Vhj7?Z3HiG>by
zms>1XAN@zv{re@V_*{q$@O~b|6h+l_T_3gp2p8!~Ir8`VCRzh`y`$G%-pUlK$Drb0
zC9DsAO|ANHke+S;A=k+#+z4YGUhgu`){fd#7-(L&a}%r%b?arW&gu+%cTQ{QzK-s1
zi*!Z8Q?!#BEkjMXz$dtX85&D9&yOVu?oGYN8ST$c-WCl}%EVO%YQ`=uBOV|ZUZ30%
z)kG})E=NQ`i?J5gAxJs3$J66uFj97>i+XAT^>)_3T?_v&)SQwxF+}xYR904!NWOxM
zY`1mE;&#nsAmf83*24up$qQ_`-S9#>-#-84?RsE>TW4=?Q2b0ojFvP&$WLE;%=&Gh
z?*4#BncN2-!*Mrgy<;o1F3`IpEw2WD^(B3}$lxb5w4UQh&28kLH-W`=u7&>3Vs8;T
zezraH);B3#x@l?5-reaSk#7AzhoqE9gnt>8^hboP6D9rpf^$@+&=(d?bjgcuzUnL)
zT2Ot!6n~OZ;wM0Q|M{3`r*fF1&QMiQe$oa1Y2#ro#O=Y6o!t51?P@>A@_F09hda-p
zwhAZV$Nrw}RG$in88jvAVSG8%K`uUbFlqICkQMoUbyHTck2%-hp&XX3uiDpmdRSl-
z1U?8}Qx3DYyG-SMxA)9}xD*gB_sv4g<~mxr($ciqKF1`XT&qoNV#+J}^1SSP<w7@Z
z(Jz37<uNiw0{e1tP=lpV*WB+041MwIYLG8^)%KSu=d}z75R&3cu;c}I?r{X92x#So
zee4bJ8oyaTJje|M7xLWpWuGS6LBDw7nr`s0`K}1fRkLcmF)ap!E77k4UbidwP)4V_
zF3pW!V6<|#@YisaiVyM54CQ;-yy*gjF^mthO{A1_l%axu-G4?nIT-3QRK(_+8~K^x
zbuv;U{0`ukJ-+GaP=9rjaDNN0;luW{6?9kYb<-7k0afIjeh44mS65YqFvAul?11&s
z=a-lLlP}X0s9|Ir9E<Dg>x+x(kj;{`v@}HcWmuEfd~2oQ^7G&j_omroA}Yh7s`39K
z5CwJ~S1R1mSVgh%(2QAbScN!H%*E{Z<0y(Dy#wW!v!5Gw^W_Ny2wZo~e1>Rw)@DK%
zS|5a*PbJ51;|uP^GNZb^ZbuW8>;0n$RkULp&4JmpOLj$_D5@#@C0%2`seYx%6PEIZ
zSnU)lOjMvno<uH}h8j~N@VW^J7xGLf+=!y%q45XsOq__Q9g=UYVmb2RY9$lTvQzT$
zdA{PLs5@iYv%h_z{olCDc)9QV{}W!>4pUhgw5&KX@Ica%?KRNUR9C#nVOq{zrxfyE
z5afxbI|CuFGYbU;!?jd*XdlZ=fwjD__VeBJHa5fLy0nH)Bb#(Yd*VW7N(&MZAAtBk
z+{h?9G`#TJ$CB{U{-vA9Nz0XoDGqtvCJNL~Av1j0De&V71^FcM5DNA7AR(nl*%?n9
z@Jdd009v<Q4$r^!zRzrPqG#TZs%@vEY*AFza@k*}MjD;k3@zT&70bkE0SzEBZ`9w@
zB|2HE#7T{Y_sj|ls9F=3YTt~-r;d=u1WloZJTix^O7{J5)GX>;LH7Z?%(oRNLC}O~
zVC>wAxHz4fuhy71s`JUwoRu{JVB$J-E~SAxlb2Fn-=^_tt$=e(vTw+H2vAFBXezH@
z{S0F*Of_L0t3Lu9OO4K~;88Cinab8Ea)Ol@<6tvWnlBOoOLBR$Z(&P4K*nQ@#1YK}
zRNv$4%|g7!60JLs4d{~_Dyx>`DOj4li0r8=Jh@w{v$+5VeNlK}IG!ZFcxbpnYE>18
z$Y@DezE<y}rKi_8_&jUVp`iPZVVxu|&x0x`lm$C>Tl+?Lb*3>jLmCfh)#ZwoOOK)u
z7RB7$91adnLtWj<ybGF-P@$j;yuBn0>AnssQ}SG(fKOBXR>{K3X}FWV`EkW>EEuhe
zmSCfDlq^jn2hc~(Nn{eu{=hV=zmfjk<%0Fe5BgXYN}DDbzDw70bV-4npQ`-A_;{0d
z;$_4iZD|-z6L$_$759F<kg!7GtKqdw!&MV=wvx1A+IKBS>m#d1S%%HR#P#Q)ZR;{3
z^t8n;G{S62uJ6xh%xZt0fcYwv8Kmsr+uM4vX`K_iQq;)wFZ7v$mRu3Pl&J=jPC8z>
zP>bHQK36<iz^}}Vd~a%mt|uDm$~&&k;5%h?M@2ocDog!IzJq`lETNjY{`@6;--Pt?
z*ty$5s5)e}`>r#@8A(75;l=s*_00xK9M|IU@xHT_l=CLIBeiVNt}-pP=B&a%ecr^z
zf|~p(2Kd@}!k9lkLbNDb%UL=KZ{#lv^g0N*gtk!yDhR(k?Su=yA6pEB0_=XP^Gp(q
z%YzG&A?CZ9)eajk&MclM_!46dz)1>o1mKze=I!9yMRV%i@3|Iammf0R=Unc=Zss3e
zLq^F>m+q_OBY|eDsr9ekF>aS#tmh?@Utv$<>e88;n4IN=h4DjgZq`tG-doA*e_5W2
zrW89G6`m1hFCwjWl~QNuNo2kq9mQ0%@XL`ex1M6%I>iw3gPm6H8P{pP-rR<dx2Y{e
zW@au)7xk@3xBSlRrHPAu<iI9NqyjId5%f6Klh5F^)VpHK>c4?|+%G-r&wxoe?&jar
zki<-9gL?clJ5E1^K?VY2GNJr<llg@dC%$Hdo1LGer4}ln{VG@8cRs<Io7m8MdORN$
zRRB2voF(O4jFg-qz{7}$o7uT>M-DNIHvM&fTl&FZVG?SedROa8Evy<8b}VW;!0K;<
zo?XP%n4uq{K{0*?T>>o3UuD=?SQke<U92wsMMS!FA2w8p3U^f1QX3CrvV5bUMDUkS
z<eGLf7DR>l)dpKQC-t2<WGw6~tM~SF<<Y#_TU*mgNvsaJD{HB4UMC@mAPxQ0q{fHd
zENW}Nbis+(@L#3JqFOwC&=KnN&z>7ZU$ijVIrQ(0^d0B<p&t;jO+wZ%rsn$3&=)X1
zJsl73C#gyL(j8(XomnaXJa~3|vh`wzEsC2-Xgb_)T6(5FFS_EDq=}b4J8*={B1j`^
z%?k_IFqftiRQy>!@D+K{U+=VDVWbe8z(4yrkFapPIUz)Epu5pyHtvsw9gh|`B{e1B
z$?kP<GHDQ`nP(C(oPumWc@fZddj=dqr*0lDY%`1Es7bj!MeAv8uer`Xggpl2(#`Ns
z7nY$_q6s_p-@%uo5>IXwmTpw|g^%o@*_=%l4Hm6P+~-{3zH9^+byYbck_ZXmVE-)S
zJ+WQ1=8oVn&}GX=EGKwt?x)xd+BtqYBD-^l46JdUxu9Ti>l$k>q<Oho4O%1WWM*a}
z)kx0V>UbDQAP><1*o}QF?QbY*lu#z4uPKL77(f@CT=pgRnr@$56RC_n(g=l50D$cV
z>nLl!P%JL8J+-w;V46gKUXU$<by2l#==Np8hRRkP#R}b@yjv(v<8np5V*hUCh8-W}
zuBm``vHys*K#xT6eSlh-$YAw(9C=GFjm7sOQm@Vu72**1j)q_>0>!ttluwvk?v)x!
zt6XC+3Xjh;KPp^O-}w!kWHDfFtQ*x7MTii+x6qJ+jF#m9rdD9B;Fo06^OlI2w?+v8
z8u+HBk;d&Fr>}V+0-+?x3JR6=lMXhj?&n%A$6}KS_-k+bHbS)ah2gU!``O|!ZFz*~
z`bRf5H0O$kSu?ZF(<m@E0)4bjyzxAYX*qpy+as6y@HQt0d~WOfW2I>08R*}wWb#0@
z^g0Jir~E<e_lRFyYiFm3S>(JC5sFRB4xK+qnps|G;;L4>1%|xL+ai~4-$4)2r7yC-
zj{ps79y2bPec!N=&o{T8);~TXqg?IG-PrnVc=H*(Z-$CUlz6ICgMIHDJ^PJHdEP-~
z#@_pe5eoQgEw@+O<A?WAN5xg}^Hz2QhErMeTei|mMAr{NtZ+!8x_ks}<&?Jr2E0Vu
z{3%tMoNYN3aXLUXJixo_`AzNgN5lh|WsaFUOx58MDI1M*{%(lz4LYYSU;aYiEnnBQ
zqk`@H^_i$SB9Jmm!0n><0=gvT4P=UCDK3QP^*s96a{qd_mbUIc{w_e|>vEZmh6ON?
z@9=YZ*++jc{OYI8u`xBqWpi=^0dN`c2_jV$wWARc{C8%JQ#pzGPtL`pZ=RnfDKY$a
zh51KIcN%)Cwg@!XEa$ckfkYck?h1PgzPs&)3h(XPtEX-~@9BW!-ZcE{&aG$y?#9!B
zqLH4ZNY*l(%c`A~r<av%UbV1}Q_;OV#Qyg6HSo)|#M4Or0qVZEe3O|H3&-6OH0Kl{
zm&4=EG4$HuGHY47Z#mQ15WUVdcn=^hZkM28`)GQ8v)LsQ0;&ae5M`wn9Dgf6$-;GI
z2U0i~F%Gwob0?Rg@tG+Fj*wMYU(oOMV+NFOS|j3jJ=}eQILFP!t23F*&Vu#KvrUtU
zzih1w?URk;Y`yzlPq$_9A`|g+Sbty!^|e_)v3H>J@xSX%-~O2#4tr?!<9+ax3vT0<
zyJ%Cq&#M>xT35b6)fJnQbdqwju_%3s0yjlk*N!K(uh%nK?&Y>q<7*ynU9Q#?=fLTv
z!s%-plt;g+gKm+a9P4~(<#d(VrI5X~%tl#Q_!OxpQ{AiWMu6qW^gNO+@}eO6_H2uN
zIrfI9)#TnCacRy6!tSve&V%MfHdyaCXxRC+Jg0G?P7}+~LDTm@;babWp?W@=;qQnc
z)aB09P1J%aK<u(7utxpyAB3CfB3^XkW=4S=>B-73nDh-n+$5EiGxz+$PR<fPJto7c
zsY2m+*BHY7;Yor6^K!l5{1>F7^V|%;u^S;v9FF%{+;pLWpdg1jF=~?YcwFxEsd~wb
zY%+5Y-R1NTGg0V{mGKt3W7EfnhlUW@w5Rj?-5Tje!)iZF7a3l(xWd-Zx!<eBdRvTc
zKJVn9r!pXARK^=PnAM$CRIby8*naNINi6m=o$@3iHiEiZ>mP>`0rk&p{k@UDEZ-~@
zzcOzL+vM&oAOmw`Cg_j}1=fduX+PW}qY@VT6Si^mYF0+al~pU3Dbnc3nqo9o`wNtn
z@rC_<Ld-c(&Gxuawp{Mb4vtK}^=xs5`_mINc7xAv-`qo<Aq6RagptQ4v=Sa+q_fwY
zr$%Qn#OUd4{2op*d*nhY0*6exFuBp5u0sjd9+-6M@VqsD;l`P<V5690vAMxs&j?w%
zG~X`cF(Dxg{H<KdGeSc0QK4G!(AGVdr<5nVKw|Q~!DLR&5DA;Tmb2pO_-k}|r%Vrk
zBJ7OMbI1ny>v<ilT-HL9ynXV4Dpq%7JGwo$%k@%!=ZXz%)Q}tE(Ogf+;AE+0HGYLi
z-XA7x{J4O#1Ywd!Vvbta`?ow|b;p+`ENV;B?Q_-?7pNDn6<qa0)2-HrUchU-6mh!o
z41%q1vM>L5Mx4{@M8m!QhXFMx0DF({H!|Wp<A2!b)fYO|_VHfNf{pnw8CDl;UgLb)
zj>o$}i4o#-nMCU^HOkclkql-EI*pAvA?z9A1*~aPZ^R6+_8nq*|3#x0o{OlFqh)W{
zu77sA=#OAlSoqY=c6w06`!wH8>UFxnNM8rz6gV<JVNXod{MS5e3fKREnJ=mw{Xe1R
zYLok+lJ#Hon1EZ-1_n7&b`%qn7Ir`)CK)yeGafbfHN^8prcQm3CVuSSY4Hbxe`xW4
zmYuvCA`wIY44hZYk)o8!04_I;utiMQk;+<N)SzDK3i@)qsYNShX6Pt;8>A8b#bPR3
zTa(8_<bKTQ85(w{W(BJeSzd{^jR3mjcbIN9>{`AmAADI<1yvxHdKC*0x=F#w^HEin
zvhv8WIz$qJ;k2bM38R2^W~O46Qwa&fv%&QGPix6USPZ&cjt;3f=jYI$n`JJA^lWqV
zLPs&p4R}DQd#gP$73CNauf<HMH<>>A8zC6s;Ws{Ii57(==X;DAlGc~Pq+~momqOdi
zNJ0(CHG)oe)Aj{?7iaqKJv}v+_Crg8Ur(!jmj}zt6*kMK>1^XmrzpkI;mclanH<QV
z-|L+HwweTQYCxNrI$tquTi;I384J`i<gc<C@oy)GVdEBEhdLR9(?s98pN|5cAH-sz
zil@>@5?*(p2s1`0P-wJeO<{tIMMRct_2*;5W~&XRit!#jQIK;wl~t8mpwT{LeIhis
zwA1z$L6Im{zLL{>Eu)A|C<ZP`aWlK#q*7<N3ye|Q`kWT0xx!ciXFXS>{-(-uhnAn#
z!dn+m<4TP$kC%{HrGT0#<@9YZZE2?MvI<15hSmP&*xI;_UTVt!j=$&O{|kT5weg6v
zl(ET`3>M;tlJ&r<E-shm(l<K;A?Q9#cPAs*6y=su<*dvB<22Vw@XOXUSN=iP&uvk;
z5HtCwRQ$G(bC5H+orj}_U3-MZ8t*~1UOExNNZUg{^4fe1Wy1PA@9D;Wo?{)UUA9S7
zP?>FnxR?1PI#m3OQC7vG91@Ie4??_Un`f|-yM3zleS!-lU3rett9KlJE8u-*Qqh<M
zzg=}z4h3~6>w{SCrz0H`%zfG%b{DJS+;a{W{Ww!BcDBtH<Gcmw&!2L}P;I9N7(a=8
zOK<b6<1#f(QcK6*+Lk=}q4eEIYn6-1y8XE&w$3_iTm`xM$!sqbXUnI@Xe+IBATpE2
zP_9B=OhREPRl7k1e{*_WAFV5#f&^b;meb^P{y6KyW`z3Jtztu$iI*6ByO1!g2EfC{
zgs@Z=NivX{Ztv<BIZhZd5#*j7Xy^fp>|{o!AIWI*TuxH4gOP$cqUB{npw^(E{`UL^
zK6Dj84CW-f(n`HDb=jL5$?$Bg{UU;(#!XaVeRgzQf#!O4bc=60smuOhs;WYgU}0`t
zz6m}~zGjb%Qeaj<HzACLVZBvF?fnY{JUP0x3~^dzx`AF)Uj2qop!j5#;AU91CuN&#
zL*<)RZ5FI7yt&@W!(4QNqvyW8I~AImS<h63dM-5&`d~rpqmS(q$ru15BUP1kFEtW)
z7_NxzE3-xj4hCkwq&<!AO`z)Ap0`r)*>e4MUr?TC!N-$T$)Vn=`kZWLquKqs2lgrR
z;`)XmbUo+YG8Z8V4?++!91AlxmvoD!uu-Nh)6Iblppr7Lt}rBMQq=i)>U_rO3#k3h
zbnvPZYK`4hwfo6nKFs(2rMW@z`q%X#u#3*cAbb7#>CO|St_BaiYqGLHv>*wcV~)O6
zrz%!J#GEm0V`;cGP$R-jikze{^7~Rvf5hMds5m2_^5-uV!?T@}2aZhQeoEl8mA1W}
zbU$y1Z5U!<`1UL%-*mJac&y(l@#sEo*R&nb@6ElVC><nBmrxF+#h59{M(h{&`MgVR
zwEl}$hb{1cyCBW9jW@-I+jnET5<bjq*g_hd0?F0p2Z_!kgiT{dMn6AU@Wxt*8={G;
z^Z6zw4^soO&|T@Br&ARhq5<+H(MWql2-!wwo5ln6YUAE`6lc8dHTCU=w)HFz$M%AD
z(xmP>ZRdA!&WHDQn>=+PO>Swpi;4;@T}ru&JK67fbThDWVC89x1(a(p67iQEw-D02
zK(UWO1179ir+f4!XSnqe!yNW}aR={D3UE{U0uEPK2c8LZcdIO&RtYH8u~LQM6srV(
zvRpdVEiqV(C#|kIA!*pOcqX#t$(bSih$<SIKPG1ATnOoBsn@4i-p-hI{7r0-@-&3V
z{oJrF<W~of_(^G8@(A1e%C5}IePZdbta!2!6?S8ivCv+$!Gv_k(a7dHm+wPcrgjO8
zP(%B#`}~XLw{f>da42H8SGt%e^vmd+IoZ^c=O)Qn>qi01;JrSHYm_)FO(6pXL>0tm
zA?AC;%VBM|n;5modPTf~*%Y81|Jb}z=LWOZ(s$%Qz+Y|e*kJOx*|o4Z=T{5#LAH@T
zYy;g)7w)zRv(gNX*iasG=9zwvK4d?qq6j~ox~uIXJO1^mBbRhZ)x?bK1SQ)Zz-`Kg
z_rs5z^;Sa=5JSWlAxI55XMnONdGQtS_#pq9tU2XS>+mf>W~ZPgRPM~yHBC}<0a;<`
zFQT<%g{!P>mnfU`Fi%g*sV?XjAUhr&RbsUmFv-sj)tA|QKVIySUMKh|we%pqRts6a
z`h~&o$HQOYjdynIqjSKjWLpAz<5JQCPWQ^8M2wots#Lxk|BbN`B9STZ+gAnm3Ht<L
zT?Yo0nxUFE;|TNK8t|Wt@egd!fu!l)51X|W5}rd<7|z|BO{dB|o3|&RS!*)_8D1F{
z86Jy1&h7iv-%?hiL6`17Bv`V_D*uq1n|;-@iYA`|JTuAY*0e9d$N|+v>R&>|Zl9;a
z5F=uTT5wj;@%|%d(ZfaP`hWxK^Nrs4vu{^!#|B>>U0n?jo5*U^;y(*BImb{*1<|yX
zD=#eu1Phmu1R1EQYtjg>SWA0&zGdL2HKsN6{&hzO2h^VTyBWaaU7FnJJY3DqR)JCl
z%Au2U5As=J6?4#xsSuJoj?ahWa^_I=Stol9KIHJr)4N|=00W`uW|)8cU^1OaTOLM#
zu96LZ$7fvQY3byx49aarC@{A(x3|76EWeg>!zrOU_aw1AYs=&3Qx!=Jf2xtW{i^7?
zr89GfW80#B|EgdbrXDAUS5*JM0wBjf6nz#dlS%UiuNqsZ{s?G*qu9hx`R43djCB?)
zzhMY=X3KM8Gl8A`K#oOi807gU&FkwTXrEPC*k7cavbhH0N}swkQc8+Vlhm6ox3Mi2
zIubvc0EG<Ro|f)C4Tp}gqF<kHfe>hm+wTc>6w+2<uRx0S)!Eq?6MD2#yWNhz1GU~x
z7ce3L@50e`G&*RDXKl0TRo(lTftaEDDF(3CXm&bt%CJi@L9~*jWo|<qAHCl@0|*E>
zAuM>|owdp+CJTYIzpUNAe49uJ%~`D0ZnCoPi<ss<eP3o8l>&>9D@IAsZ`KzQy-aOy
zExz82&v51o8AP938w-<LvC^!R4<j2yHF@}Yp0BcF5eZVxx?luIbhuS&HJ$kJx^E(+
zHd%n`Kf1E&Wi|93VYg1|H=JG)nWx<nNxVLvLWCu5XUpJDP39jqsThG~m}~%u6{9kO
z#824G_mvIUv=%Aldv<4eauZlw5fR?;dbrv|t6sHwlfQiA=dE$)I4`kN4)Dm9RvJiF
z_={Vtm?1*hypoYFt!Uh+bQm<-8>{t9$5Uo!=wI1yHgjFBg&l0F$jTf8fmN(2IINJu
zf7h)G1D5N`@QA&~ff)q`pH(Ad&-y8+&UQ5k+s=pC@i+wz(rVUU#~T4iiOJDHuP1e?
z6f!yY_Z%2;(wxnZYL0I`QmsBrdiH%wq?vI=CJk>5lrJL*@`OCM!CTeNluV$Nrembu
z5}Dt$eo2pXWvR4(eg3adN%cGXw%JnMId5N3PUG!^TntNuC)CFn$j;l#>(J;e^@%nd
zQV8QNI%FFSo`%-+1THY@un}j)d|I;qCNXqlSS8lss%@Wpl(I!ndcQ@$0(xPf-QY6!
zj-Qs)Zk_S)CeE3P5vb7ZCO|>0K_y{$<<Te{mz6Micnc$JiDx7dc*aGw9{=L8RNh6+
zS7F%Cw*dN9IPdh|VkyQLru-ZCOVx?eEhxVDaqJGy@`OVeoD5mgBUG4IPy5_ulr3VA
zDj!eGfcX;lS@`frA2MC+<g6saB4L`@O<4?d{`ERq5^f0$#l64$&IMvA?&k6HpG1Yy
z#f<rX0b9VG<N{({rJa1Bx2l01b?=%VE)%-Xpn8DAk;&d0*Qp&ilMYADb;ahdv?$&d
zj(MlIGIEB|Hf+xwaWj2KYK@}StK-Rx>y~m6aOS9}ZeSp4C>bjI?Px(GDw0!x{SFdQ
zsH_!rLL>h~)%lZ%X_(uP6<XOV*Zp)1Tzm)YeKX74O!Y!1X8+vp{M_zj7B@twtf&Jg
zw1k8>(rc%jO&-9`^QoElm-!&Wj1JKG{*%X+0ai}u0m(2GqYnUd^28b@2LscY(Xvp6
z)Vov4u-SFC0r^p`MXGLq0O@DUt`s3hQ_QgsC)AcRJX+-V;<7B?FVX(yz}o!dWK0as
z4rq7vCwXAHz{u@63PpO~f-YLTWVet%IF$J={p|+g842u<BY^4)%(R9*QSWD6hedEc
znt7p(Qw8<+?YdI&6s}s4z?K}Y8y}n1aI2A!{nSKFlP3=z4jv0*JCD9b$O)s3LDmk1
zfm4_<R36>3Y2|8=E?3Q;mLyLq7O8fxZ84A2!r!r!{Bfj%gv(K7-@`0CIkO;!kX8<O
zlb%7&sI6U_wk)@E*QApQ5mE;%zRQ$Fdr^J3yt<SJJxiBI!|-Jnij-IxOjHmNf_iP}
zv%bmotQD7%!jG*Ty36;g>z)J+_?*+D57lCHc&izoY${7EaxYY*7iR|%D|S6kS<oEJ
za79Wa)G1x&Vh5BhO>f0+NSUC+IvtGU8^gnA1>`W<rJrO>Xzra^tbRO57sRZe@YuV_
z@*TwHx2^b4Wqi?c@W+-oe1c-kE@*PWaGIUk@DH1hf@~<dLg5@WWMqktda&GJKS%IW
zAz4}T&ghWycD6i=o_@sBQ_G@$^l&S>X_{fd!i^yF@5qh;xYqH#P-ccgAo*8$XC`V|
z$d)<nOF=D6zV&y(OOcFsPV4fBp4~m}(-$7j%-yZUizAw10pp(RYm>=0wZPrCJ9e|=
zo3SjfDBPX5`~@1+e?mPPH5wPXOwKXcNohFUN0TyjeU=w7Q^XeN{fpMM8BfuWK(WV<
zQvsJZRmSTnQ-c<4JZ*ITE&q@4<Z$_!=C)s0W;SuExEG&QXuG*OCTA!90(w4a3%6u<
zT&xjKmA5d(Mf5G>6c}?7Wbhp~=agwt*UWZj=zJiRYw+|POTlWX7R)lTnEez3^vjyO
zP3LVfz`_f7W?=kRf=Njgms{{0Cug6{ed8fr1e+~~Y6KEe^6s+g&(jL5!F$n0g}<f2
zA>6XjQ@?CqAj|Cbll%alZa4N=y6m}KvM**(6lB2y@Xn}o<l@l7G!cp|%za(Er_%~k
zK1xshQMkXaCYrwSPjIS^N*Nr;fB-t;A8=ke@Kj-doleB?C=Rh#7!Fw_V9!%Z^`1M~
zK&uFv<Gi)=1QJonG;;saj#6nWm9{$<ym<N4kN5>!)f%xEvSj1(bK?$J-1NKv+uL4Y
zey>bU(*PY2YUJ~ST|2wY+40mS2bWWz8NgNWFa?7Z&ZfbMMRiXD_YoHH>tsiz-p5Wx
zf)`aSeo5M&lEsP(5G5B%4K4sSiu_xGYY%b&+qX~{$Gfc%rp>&MQwJ^tlbGzGnryft
zifScg==D~j@(9_Y6e!j?GGUL@9Vzzlt{FVmvI=H_I$e^kYI-Od#Bo>4&s(BO3(`#=
z$<V%Fo9LO)@2v5TN;dcxuBdK&`74A{X`WVv%7m|arsnQk>u%162k{F>_x({hKbmz+
z%+R-OWuKk0Qi$;OPD)fr6)2YfDdP8^&nD&f?lIy><ywXCEKcdJ0lI>GG>~;C?#kmz
z(ylZ?${Gt^@NTWvDsgj(#Wd<pTQ2pRPM=(0Ws7jo1Sz46RM)yjZ}ip0npiR2L&e)k
z0)&aFgYm)V`l=y{_6ya{8a29{8~(UH<!8R0F*!6M;Yfwxvp)xiX1}ZH<)^7K^Rgmx
z4$uJX4M*Y}*?PW_RGLM)VS_Vz?Vq@`j^`|%gE8CDc@hR$Zf;K4y??*@cOOW8saTOl
z6oG85Bg_nxSxY)#$w0$K{bpgmg(qM(J&06tLs)Q!2GMVHo<&O0HP<Co8N|jgB(48I
z!h1Tm4$O<Nr=P$Mh!$Du-e^z7WxB(rX!bWYSGchD@p~r^v)&rYL9cWU7|B+`4iEEt
z_~wqs@5_@_Wq)#lA^<wo3iPRx;zIwo%n(38uN_;b86Qtu6Ca6oBBHY|qsd7K87^=&
z0ES!r$Ai9qGXhW65C=QxGf}g{b)OJm(PR={Grmm5!QI_igu)3E)8Dv677yK~u)iA7
zia@kEjW|iHXvS4ejvzQH^KHLT$jpTdxwKovy`tA-;j+T#ZUh^Cfw}cC(mojp*)7+~
z>V%#gzW#p<O&L%g#Fh3dgKS^H?btKc5*8xNIH?1-b!y2X-FjTAHNVxG#K9wXt_^HM
zi)#&DSv;1j%8IAGaTbe<i_Q1)n2X|)+q?4}m!a3rnDRJAMHTHZY+R)w5jsnMzVSly
z$20U3*FIo<rFcxMzq9S?%B(CMAtw-Fa(DRZ&`=7-)h=MdTj=UroRl;v?^aM`^;VY{
zfg3}m52+2ivq~HzEdgpVc^4uQ)M$s>k)WPfQu9q>VNFsN>H42319^L~!h}H|)5n)x
z^IUCxg?(&GP1?JgOqUyR(BNKhj&xdIU^MF;5CI#Xi<F}WjpXzK+P@8c#T4UkJI36z
zu8_!^i<$&K%VlzO#5Ck}2L&qhuK7HcJyQz)M|FZ|waI^0ClsNMGK|zGytr?5xZ8tH
z7MgVQdjJGa8zeo3lMs|%^!08}HCzqLx{IfPqD7nrT{W!eIE8a^E0yUjMa20<t8=a(
z%6+k};lrQZUyb($J%Ei81)}ptST%5Aku+~Ny2V%j@3mG7<q#YH^t9r6r5Pk&#YXkR
zU;OD7T+rv|{O0ze&=C0kw4+8rCs6Bg)!dow{q{Vw*7`<2g<QdB1$w=#PQwq=)_Y<2
z9a1vVR%d&%<mW*z*kajv+T*PTwg7u;L4ByYJp>L94KZld!<1E9LpTGLG#jIQz<Gl}
zq10al1mKwFY6r6R3j6ObR<o$T=g{!_`}>Pu@h|!AD;)WG*+v$<7vdTqWc2i3JzOy=
zRTqL`v0*euQwE+wW?bAlji%q?AEIBLp9d|Je&qOb1m^(u6^N;$dtAB#&^ZcY5F6pr
z=gR6~J`jPSu@E*#Ml0;Me#-zJJ;!HJU@whjA$a|V_jW70+54Ilz{_pT@Km;d?_*6)
z@)Y>uaz0n6A><{EbKzw>P-*0b$Y8DE@RHrS#gxk>hl?ck$<n}lj5S|Ad+qtOxQg>u
z7%LKay22Ol>->=o<iwj|1TuCd&E5*stF+l|MgMwHxnzcgC=}t4>@P2-CU^+yJon4r
ztG2w(vVC@LCh>ZR%<p4BSu?R;ZWHo3?ABAszG`>f^Y-{XUwuYMo0>Q81|PhH3<CMl
zuGhAPFCTro4c}_32U-{n{Bhp_$shh0d`PnS`*fh77Catrh>#7syq<<8@mh@RMK84l
zs#-P#-@8ztChd3HJKWJo-D?OBZfox3OoJy@Tuyq8O8gGQpdw<okTavBy6<)?Hz_W+
zZ%uOY{RCw`TrvLqyM*DVA6)YH;)WHkXBsaX9xYbgYr&ZBB2c|%%I`(}1rDM#8FDWn
z(b2zW(ros8TqT*HbZ+0y=|1)f{<p@0bL?M<q9p9xE+`Ojdqr;UcQVx9-wH30V2L3@
z$14ChAuzVNNh%koQ}@;$qP!~%Q;7ba@SlRcKj3HV3>Zk-2PPfn98NCaUNQ91#~*uq
zwgh~8X%`-(E0m;KMh2#puovyySKT>wp+VU+0*CmR;QS%IHUNgao5kG-`PS#q{GESL
zq_R7UHtiQl9(0C*knHH5mM2qktll9Ye1X>x@1pm+89X$Hos=L1gJ#m?imdCHxPNIC
z6>qCr9}fD@pZH62KGFyj=iV6nhg30zs&VczrLum{u+O&8X=TKAFV}SNl9`A`G>N=y
z)O~knzQga4siIW6V-NayDLhf(pE8cdwAxos-My%J)N>O&_El+`YMMg_^3^iG$g2zg
zC_jAK<A<lQqKH0vY@&XT+y7J}%JSEKdVMTyQlVh%Ob2gPSc4uaRj=xaBsN-gl&Mu1
z!S3uMA7+s;zf@VG(?i+yrF$Bu*!L)tEKYa;A4fSC>9WCXtB^K@?k-pag7UQVF5(>y
ziP!9#Jmu_nIxldaR!$Ty8{qX9Fa!yai02@LerZfCVw0Y-vH7V-wQ&C0(G(Q@&o$AE
z+S%S@w~@Y!9Nsi%J6Bh=DfqjhG!>oyay#Mxz+vJ6p(f2QIE4Qf&3hjCP`sIq5ntXx
z33vt!ulQU@I8b&Q!v659m9!AswIEjU?S5h3ISkr{6`hQHh&)(7Ea{2PRC)1T`Jsb+
zndHr;BC$A$H0P%Phmo}TVm$MF1l3T~lNlP`?r<@dG(s=v!XE3q#ZBp>i&I8T<o8+U
z(|?FiZON->82>bOI13Fod%YK`by|JO9wHIKazdBinqL5J?Lw=5KRwqfi@lY;ZBrvU
zSakPhpZGw;fT}&irS0IM$GLT3w+Q<SS%tBm^)73juX7&X2J{)dJkV{de=`x(jimj2
z^*rcwmMAtZfVZsCblKZ0P#~DYZvAtR_wZK?Eh+o{F0x@oZ3Gr$^7uZaE5*&tZG_G8
zwq|6jtUq{fe;@K4A0hcV>_-JzX&W(kYJPq_y8ItkMM>fYhKABJGS*gC|JIhWvNoha
zHS>^ioLn{W89Qs=cQv341NFNyQi=PPQ?U~q%W0ecr5em;*<Zcr*NE7sv!>O<m)6cs
z!Ea*RvAJ8wfb@FCBih`hzG}4G6Yz`?udLv8`37qJ3zD0aPKi9LyjJHz(59FQU-u%B
zlQqx3$yYcR#Bt>p2oy2L!>yx|Zo7K|iTH_U%J?K}4Pjvv33`yTyRa>h{}5YoR4PHr
ziEejf71+hdI=2|`dXZZ<YtA<rG-$j3zG7~Lyxo5r1yrqi`s*TmV(6GvRBG6rNWkyh
zux!3}C^IZUbwKQ#-{<)zN&@Eu$HZm>*^zqx30QOa#JXd()3DCcolC_J_azvGVgLEK
zK%t__^^tj)bV`4c)2+o2%@N*nFo72<CW{*f4K3x7%s|vI?P!L5`{d7zH5CR1V~#GL
zhir#=B!f)KL|fx7{A!KC&!nSZo<4i?&VkxVdM(v+4l2X@+qIG@f~a<fT{oZL%qb2Q
zqiwZYwKnn{P5Az3z1Y9XqWdX5Ny4MT2=h3QiWWRaTkgg1W5kn9LtQ4nAS)314HcC&
zM7cThgQ#0#FIM&P6mP=MPO%ikG9$w~vVIRv*X}>W5c!Tdso7TRiJYEik7gcv-=DQP
zovV-G3At(kRx9w!!xESYG$uVgPp^LOVj0<yQ5=MoO17h=TNFwK?T;!cp_D*Ade7U@
zapkhMC}xZhTXNTQ-UtfTpWNIp_d%<YibM@h*a<h;1DQO}sz+AFqVq!zT@cjba5VYK
z$xe^o@pU2yj}w*kM)aA3f(=SO@uASM@d)jf&0nJ=S{e@6h$x+{&jk)$Gk+wL&^yPM
zay<xAzscj_TVf=P;KD(}dMNx=VQo_;qkcHRGnT-3*_t?0v^4#LQqPt_)c8uYv$ae`
zeg9YS4&2i*Tj)e(W@W|_X$|{&=fzAAP74F6nDl$wcC%`st{O+%VR+;+2S%h4iaD^t
zN$+2XBvGX`Gc;Sm0^X1UT;cx)EpF}AVp_1_wlT3^(~3rBvlz48^kjLnB|yI71^ASn
zt5|t~hCyO+hxTT**zGrcm4#h!7qVI}bFYTMsy1qdv)Nm2%O;(QeEdXNzX+opKYyv4
z@N~HwURcX6MzvW7MR>MJ#AE~7Y+m^6ulwgv4sXu__{3S+T~&hi?nk%Yct|yuZ1J5?
zWFeKfMWlRxhnP5QsL$ijrN%30exorDDzLg4gb_B{-QHge8QD4N%iAI40I{(4i%L><
zZNjIWx>}*v0PCn)eT}a9GILza%5KOC)^H$VHS~Il=Dys!STQH5m8Px=wB3dkgkrk)
z&4LZ@OW7C8+koF*CVNopMxXtj^aLI!2g^0I_WA6#Px(U>HZz$?Wxf2?vPcLzTd!Pa
zXXe}iug<rj4CMtD)F$wDj`H$$ggG^TVeJ=}%*Fi}p^9N7+Dza0<b1f26Gsg{*8B4q
zJOQur|A5>T&HXN@pdweRL9)|v<+?GXPBt{Q(YrZv^1`_9pr#|Ekj~cCj>}3>31}HW
zr!?*4bG*1XA!>=d`i>a}0o+>tN5IX}X*}A1dnNuTQfGw+fr9b<4Z@c3Y26==0XtY@
z#nbXxj{CL*D>py^qVAlW`{V=JQD#cYXdnSr_%Dv%ELqmvf^P4ac+ty(T#)O8<3)&R
zWS>DD7{l3}6sejzbD@Vj`Sc^1DVAn#391>^3QCX_2P&uicMg)IR$5i<^~c;9yLrQ}
zgX9Bg`Kf)jypo8B45`3_IvVKL&Wo5|mGF9aj9$z&TqoK79Xi<b9ZB<+7jzRDV;`ux
z+T*6BBS&E*?VcLgY?M<qCUKS``iBI8xz&){_16|b4`ZVr;?;EA5S%iOQU<B!HFH(9
z@pG8uAHU%VcBPVNnm%5S;_|zbRLq+^ng_y1<ArWCMkX#&W9!lWISEER-}~E>qU<3M
zs{E3<V(MtxhG5OoARW%aT(%hbkNN!=$Z|_o#UQYw0m$O~f{nvr;nIy!pZ?*DUcTb)
zPo}macabJ$p~{qR@?iB<oD5p@Tpz3=ikb7n*q(u&VN#&}{nyg+B?sNPZInn;>c{kn
z6Z&6Qr2k#LIlS+bgwFHoFL(v_R{Hky{(E^R#KA2(rd;^V7N;Jmo}#|nZM<b{>fJto
zIhot&c?;MuPUGPNP<rkzGCs3ye+SUQY3W|u_;EUmc*k4`0x1qKl2osLC9N#=e0IIb
zX%=9v`fJ5dOzb{xFp%#BfOE_9K9J9pVy9ALqGstvPv6R36ykjp0LCw?Z*QxrFMlMT
z*}cPwWbp49;G?41z4gTSGK{&F#x?cAD*sJmY+!+V>HV`qOJ+0c$CX-Xs_F^PD>c7{
zZW*L*x<5CboqhRtg~HJXp-s5<Mf@u0<TlU2FrYN2+1=#mYqmOEysTjn4omu9HsI>H
zDFKflm|BvDsU0Rb)Q#GgJ5U&7L|l@y{rS<%pj|KWVUxMO3`O-=n*euj*IHv%Tlx>x
zo)xf~pWfGD%Q-*U5gKahvcJN=M$-`(9^yChKMQH$V6EuPRD@I<Al19!dy-UPuSg8X
zFzgS#3iJ=M{t4-+HcLq=o4r?a>MJm}-z+6vr@BfRf%9Db{Qi4k*=lFCl!d!Kjf(rC
z540xr$rNLxzE9&J`Q8~`ua;J!$=wxyhuUz<UUGtAw`}L?fKx<o5`0L34j((1xz}Hy
zYx6v%lar`|7E&RuH8)B5dg+r!^SyjB3p6a2QhH-Je#}sVN3Tn!Jr=)<6m@EqZ(q96
z+1=u;K4J<rmC<zzmJ>M~=%Eq{AWj}5I?p;dSvarBXe-CpSGr?66w_*w?65?%g~e{8
zqd0Ej;le2U!kN=EYA15S=8Y+5^7Hxcg;M4mvC(QE^EeWW3*xZfIUEIs3Amkka+E+x
z5dvna2n;;iVTgQ`7fl*Vp)V`B)w@1l_NFx-th_O<L%n1Hr{zf+d2JYotek4>uU2={
zuM)|(_?XuFJx`)_d>kRNB?Gcoe#6+9z@&{(ZfoEWMaq{V_`-nod1?(#G{F&lTv0R6
zpr30N&Xd<x^D+@;50#}{4;zY05TPDsWB}#X-TA749#i+^hZ;4U52LOR47SJ)_t;%K
z9w<)f^kzRP6cjraJGk91@SVCK0(p-+fx_Zqs~QmyvD}BfzCzzxl?aX4h*$15zX#5S
z;;-R1s?Z7jM32yZJcmSA_PMiquv2*FW}{}amTV#+b*vQa^$`jNK4kNB$^T}RWULWe
zr)$aJ^lQ#ZK#3AJW})w=i22>+=|NvN?|%2gX{zA=V(guxD{KCB-*l%tM#r{ot=P70
zyJM%5PSUY$+qP}nwynGRefK{5H|{;>-kU!%vc|}mqgKtTIjg?UQ=bQDdlD`g&r^rr
zon=3pLTJCYE4n*qkZ{e%rSShRBN4%0|5WQ;Dp#M-3nhy`m5Ba-kT?aQg0tj+DEGIU
znXeQnV!5;7FgRRcm}@w;22|sol%o!JZOb1gO!E#9Y4lukzoT^3Dll*I>VMR<-k+dt
z>4$!cGRI{$r~)6Is{5Rp)^P?K8adGR2R*8rc`|)2VL9zWBnKeRBl%!QYmlJ}#Yi9d
zxqYa-yu3(>>pX;ez@H7$B_r>Qn=nPSW30STzq%)|5$!)Eo30QaO-+|V>xyW%48dqO
znf<htWYvssXsGzu&_*xuD7*8WRvfsyWl<Jw68$_j<f_gm>7Os*85UZ+@E7o-{{Gz@
z7|Pv(?X?}=R1+3k+45N=GJlQDZPAcPl3Eec>njiHQ45vXu~kG!@&1xbTywjJQOiwT
zXU}eSQdZ&gBFQ{s)uOr(jtYiIW3|}DzZ-aO(6~VJHM~3Ke{6SR^bqV}O%h#|2dWUi
ziHSMsVb^J}m-oOTA);XH=v$Jwt*2*zN8?Vm=+oZ?sfoW^i=~@P<}|~|mA*49h`nc$
z#hV}ioPR@>?<nu2pB7FIbdDf|I5<e|NsEL!!&}@Fwt<?i@Q)t|I$eY}Vz&Uv)hSn1
z+Mq9Ym-_Zhlnqi#dSQ4mxu0X&;E`4u4;at$)z7;FG-@40#Z@K4ilo3{zQR2pEQP8l
zTG)?nnYGNFo4h^{j(^DGsY$=l=17*gqN+&0U;<*P4952}UH3BBvVfCRi|dm*Xz@l(
zs=VOXr^kn`54bmnB+__wS8FdPh%UEUN2g{^tSkqQQcGZkld=xd=U=IH)N!8C4JCsq
zVgM$A5ZcrW5gP#DFt_FJ$+uO$;N@=}=yZ6-pQ5sk%~tJ~&k-3P9UWsTTD}nPUIiXJ
zjO$PU!JPkhn^t_i8?qqR#LQY<Lo8^7RQ^_deBFY8SU!eE^0dWCE`S*|Sb|}0aee|H
zYh~qVYh^9?9|u#xd7Cx`Ipv7y!<_^1g4;Tx_*YZRTxK%e)NeQ(Eq<CGq^J2ZYA$F{
z#r8%Ep>{BV5|ziZS#hfEVcg7yYkL^FKueI5<=*;X^Zn*b1zr#_x1lzr_N^_yjY%@?
z?CfBCd9uhBMqmOMjn-YN<YPh3_kWB{%ts7!tTLdck+*Z3kG+SWrW0%SyY}%-*MGvr
zz=jz0UcbAy!+L5e7IHT?cEI(i5#4)dklVYRbhB)RVKeQfUaFpPBE=^~E0UC%kJax9
zW|}*sj0UBwrM};+B`^qroBKrd7QT6rppYOy#Yx-)?xU9B1UuC}1~dG9sIj8FKOXT^
z@WvC^sx_#t6?qv~^8>gQ$6DYo6^d!lOGA-%@x&~l1_m%d{=?BFoz_Kmh{N;)SlfAo
zlrH|9VZaR63YjAIYXEvU8J5FRQj!qW#q^oh{aWXtj+q=EVwSzU!YG(?t00M}GDx|G
zscGF~onLWH?~>%0C>4%v%u6415b3|EG(z$Uy*)e7L9Zv0xp?w;=?I;jy5Rn*tpBk?
z|CC_Uy&b&goCXeb=%AGrD^sCBRZE440J$zF9I!E2M52pl$x>a0sU`d@rT-^;k2+Nz
zVl?I4Jv<qzYUAOR25`0rkVaDinBM^Zdp_yCf511~@a`kCSm9FZ;#vDkqJfilF5}1u
z>kU`J@z2{#xU_c9t*!0xTT=C-`uxDx?8&<Js9r)|@qp^k(#_ROqoJ$e+K!Y3&BPf;
zyD4<2)iIBuHI`G;X6{ypr<GoXbH7H7&`kH}Wm=l^<UC-tCV$^PM3+ohdlVb^3Ai>i
ztD{``>pr@b=_9Ma*#`#q`NB)f$0&|@Xcp7Ty2bU;%+}Wzop<=o#aqzI0IkcCjHC8b
zzim4zEvMV~wa0?ha>8YGZRd7(Rgv)eb%$mk&rXd?I}Vq2R8nvn!NEkCA1~U08S+K`
zngVjet<KsOho)ng9+L!C-wPTJf(uTLPEJ(&*2GIu+sn_PYIR6dl^1|TG)wo%^638q
zPt@vr@`RGgRSZ+D<pl-N{OVaDd@W$A{F^ks-0<8P*|6Kr3f-y7KgJH{D^Oi@zl{AY
z^-!5K_NUuJ??||_<^&x%UWK6opjX9s61T9V!%lg(H$Oro)j;a{M!LH0;Ambsz&IaP
z<X7?SEw#5Rce>4#<;&s6Lcxm^X?;tMkdk(}_EHSISHXEeK7$mDG)(xqD78k7)~lh?
ztBEIXY{5WCNdPh&ZicrR@X)~g6P7{wplte(RU+zR7zqFj26(0-J=p7w@K}YkzcaEy
z&x&x7B0uJ>?odmSh$tnZpk>Vh>`C^YTwqV3Z^G~{XCYz}+fd*9a>@$-Rr0Z?2jyFv
zcvd@zw4TH{eKzmNYm>-+T)FNCG*8;5ab@<1q8gwlT!8kr#ZI2_dNOY`cofBw2s!}4
zeWfaT|7k{`sC@gEx2ae9zj&Kkr)8bW(z@FR?UE3izbFR+e}nJiYIJhn=yN1iiu+mn
zoJ$ltTGB$U6by5l_VId5m{*6$;Kzu~jgdvpNU(p^c}{KW1t*MMQG+FWg~2pe%RsDt
zb%l!I^0aZ2xf!-jRCvZI>Ni|Eu<`P6<Jovz>?f;i_Uy=NyLz54J)9(NU|_Lh_rxe<
zuPjoMQ>Tc%Rm|KFry>_{CW<pqb5;qAhbk`WR{RRIJyqlO9IkqAAZF%Ffb8!VKiYQU
zFZ(3TO`FjS{E-4j<Mix)235^0Cd$5ho=+Nzg&Y_C`fEbOp*eVXcxci;@%3)u8fj5?
z(R_C<GNA?Gs^VErEw07-I7z)zo6@$|ww$Jjbm83{JpWQ1!+y7elxu(gd3bSRka(Y!
zU4Z{B*}oC!NQf)dQKzA!8<*i}W{VJZxwB^#N?71E_8h&QRl8+a;2Q;cUKkvX7e`;Z
zvty%QcgtGuODWJ(hnyk};on{Hn}K2MR7~j&M!u{;S49651)u&zQNKw^$Wo`U+uSS-
z12-gGjzR1|iC8cVtE0A5UvJardF1%!DL3{77K_9BpvhkFB_gT$^}upG>j~XY-%bo9
zoBjZ9k>1ml?mcDIjmCDKF|d45kL~sjD0nB)+w5+irj^B|Z^B@)+Kr7RD+a<OBN7?Q
zzL}H-IIlOJ*g6T~TjUqq&=Po}i2-3}jYb+SqfAsCM{H(2eZ#S$Fv*@=UpQUX8^=lb
zu~@1Pw`U{!(dwQKzRPTmwf;Yum#Z3&EcY0%_hDOT(WPMU(5bA(XG7+Sc$&|!_NL}&
zjo=YB@5^JAel)kLW7za&J->%z!DvFHu5eH-<^x~n)xJ)%WM#Ts-+zv$08Ec-mY6R_
zLp8~Q9#iS{7xsp8O)A)pcwK&W(z3$p+zT^yg?x_Bc;IqaRsld^Fc>}VgAIx|z$I|P
zRSaNqk>-4i#C*4_<9Fwy>D}b_tg(D}m6aRK{}Hll26@A<neET!mK{FgQkqj!EpyA{
z>*lZ~w%2d6(^OvoJTEizO@}D;kF}fOq+Euc%baLqN&%(=dtdxtW#6{tWSX10Wou$$
z+jdXwfmOo$V<cQ$)CG?&(;)V_Yv>L*`aTwbu_rWeT#PcP=t?qF`prJVLuR3+^CW~`
zZcKLCbT8pAj%&F`?X&%>w<oDE@p%Y5MO!=-Glm~@<^d&wEXd1UMdOmn^EFC(_4`*!
zJZ{E70VkLXj@{J!UVogTlh6dMUp+B*ZJ?g>nRD{JKcv%I0>8ObGwV&EQ!6r6P9Z3o
zOrRSNPHkN1*T6X5QMb1|;4Mvt%C8<bK9|S+BtaGZmk;Tst5O_iSgod*m__S6KuirK
z&3JcLWvY10Or$so!kbB}9Y*6s;Yb>4ythAZ`QY~q>NQ?{6v*=UqWRpSj%hgUD#(e}
zX=78CV)HyC;z)!wS-~TMY(+)THv`ljS1@K-aJ-|`2u@eOJwLa-)Bi{)Gd;gJHC}dA
zvZD^R-o4n}HOtdL3FkM2IDoVHVuRY0f(wNnBL2VEi0^M)INW==;jtLq#dIAQBc?om
zD;~e_@bf!^xf5##3hG_bp-Npb86U5@dvK`BUyJ?T*7zd`!#|j9xoM*<1&i(ugS6UJ
zT}$@J($V=D(^r4#`$M$GV!bi7G3CO@Fwus;qrn{+u)efbx!GqPI~IDW+e`$Tp8w3K
zq<s$>*nO(m;zq!!Umad<_3r0)c0OK2O&MNcX>metwRcBX2+NquR$^Yn$jA3-vylLX
zOd0c~t*xg}=49VUD8C^AK$G!3M+dA3Z*IW=CO}`~`;!|drow#m4|@9*G_SO<a7$L(
zyIY~tm6zX7D{{k*UY4U(=1in;4@^^yc8`!%M%$Req424`rC3i3xB9iF7Cm_k|3R&E
zYL^e119UBxHsG7HoJ3tc0dZQ5)3b%M%P$2LxZ8@I87xDKE!{y~<}aud4X7#+4=O4J
ztTr}ZdIu(xU+;(bB$eT;9Y==fDx06oOUf*p+}`2y=cOgAfFpRoNDpyxP(>Z?*?C*8
zePx|_#OZ&8>fpWvCO%7ovn-z*MdPEM9)UfHgrp>NRMdhpw^Bk<(gR?48jzJ~^HUO7
z7lr*_A!dR91fk_Ve{J|5Id?r^Ig1CftCiBH!$;}Kc4E`!)7<%L)po}Dk3v$T&vTj6
zBetwa<>QCr?TJSi!xe-4-r5rD{V8u-Lgp&-M!k3LL9WBc+cOZGKq8rdKksy2=E6rB
zD=j5ehvbAW?RRu!_HP=Ur~6aCTiQtq+q`j3NYbsUP85dB1nN27qP&W_yuwH<xrMtZ
zS{`plQql<2kpaIa{3Aav<|V^G*P!HoD7@pM8@NwF|1h^ep5~MsVjFzg?^ZK?xSb#F
zj(dIH>l`m!d<wx}Q@GbA+kz{I%eOXpn|E6SMt#;hc_~kpI>M<EJsTfvlpphv1k_;x
z5pRj@i|C+u`8Q!jv4;&GE#{}=ZByTOLGJ*}1ILBXf5X?WqPwDwrMyf$z~;fTFxcDL
zTRE9d9s3UAOFtUDPpds{f=AhG-@Mb*MO&Vytk*n`+U{yoeblQB#$`DxA*F)e+aD7N
zHVW`w0xo@KJi-~S<aZ7;f}hSWcU|6iHtBuTRCfyFyf(pI6M=VY!~gM`_KO5*#f~Zk
zx|K$|E%TQtf}g=vB?{!xr6PhthQUfWl*v=wY57V+!ph19(Q51EV4-Bu(dqMT^KZwl
zkqlrwB0${GB%0*D5oV}F&pR3Bw<}tpp6e*WP8bh+{^cqIn92c2EibIh87%0OJVym?
zaLpYH+*My*tVqw1tl;rC48wj!B7ljS)<pNsKS$Pqf9U^>g!}uGrPvz=gd~r5AC<s)
z?*3P#;?-tQ^=x(<#Sq%a#w6LrzyAsHNt0Bs>GOGfx($QA1H_$mffqytH)+8IDe91X
z*sce~*hy0TR%muU;gzK&|C}W0=H;i}OGqGmR-7WYAYOZnHQ!wH?h2afx!ggb`jQfe
zFkDT|2p#$BA8q<kOhrD%`|+XoYxim-Z~o>6o0o!GBv0<bW%$0u;RiSb`}JsG*rwe}
zvKZ%Xr}U85_2{1bs55i&w>LCdq?nmo5~%Y#Ua3AhS8S|T;1P=w%=^NGGUDCs_n=6Q
z`Jv8!b=k{-fenxT;*!P@&78HtN88Qz%wioZ^B|Q3Ba$^4TFY`mS~}_VW^<Fvs*K*C
zPrJ&x9GeSeW8bLl@jf-qw#s*3`0RkqelnG>%;2@hOZ$n>#`T%NGaJBr4F3O`o(FN#
zj0dg%eA_gHRZOxn9Qc=frAhK3mpGyl@v%YiTMI6c&PwYX%?@c{46D`iH9p4Y5LPg`
z>gt;Ab};hO;8gNsbtRGh@}s1ZY;xH%N8tC|D&t2Q+D57B=Oz3`xkbq~;aKSBMQC-q
z$oL<zA=SwrWTNi?+m*=3CxLq-hu^?#uD4w^@y<zAT5V*T?x=;y_7j*XrLcOT;wN5@
z!!L_-*Wh+F;sOE?`l0$1ia+=pP{Ffuik2+2`_-*aJDoH&OY7$wRxHXjN}Zr71;6nt
zJt*-DM{yeu;Szv~35ebJV4VH%)2P4iz~iO4yjWkq^zPhTZ}n()87%U|Ouou0Zg*k5
zQFs<}ot3$v6AJ7R?XNoD!Mpsj0lW46OVEeQ)lWl@MCO0SneQUVwE4n??<tvSBw299
zH*LC`Sp_O`DqhWIlj_LYbJw(|0+(+p>NmeYdB1Vn#OZXZZ`d5acki5cJaca?(%dpL
z%tWz4D~!7y6r@vK&o90sNf7gXg#eshXmcT`med=)o9+(pw8m|jF~5H7Z<V1Y?6tu2
zo9ZZ7$ry&-DcGwSM>9Ofi9<JfT~|-`Br74i`95|a`&C4McL#NHqo_z;K4+hyxVoh6
zrSIQUzHxv17)J}GS1)F<KA-t_rs#l*!E#H2i((ybDUfeDF#@(JDb?bhUe^5<`AaRm
zElWB6wwOO>uKcV}4Z|X5bHTzOuO{}fCV+MCPi!Gli4c{~$<LU{-((zR>vbdQx<5l>
z5W5E^0+#N#Ue<H?1v@JSa<;IBH6AVsp5$dX+;GBVzJz2IgvDvW-)$rckZ&<*SR7ZH
zOAfjWif^dvRQ7BN{-BL8iM(K<=B;w7ua66)poj-149?9-rLw~MyK&M%0b9PcDXglh
zs-O_l(a`|}C^DO&8#!0`*<AEq0kaN{2Sfs&Hn!DF9TfKFyWVUpiL7A|X}21U*CV0Y
zFc6VqW1^KuyNiz%{=^{Vy3$O(RSrx+zJQ&m*-PZx*a$xbZwb&&Pw{C3hK>c7mbFqm
z?<J<rlYWPVVZv>Qse*@}QU8JpEuEewQ{sVvhJXt7ijwd7B`E(clfN@<aYIN4_FH(6
z)Wo=6k0qR(m{{xQ0eqzNXlNJ=1Z=3Z)EK4p_AyrRLcuyD#8{ykR`hpRgu}_rHnha(
zPrvnL4Q1^~bK54DQ<2)5VfOP5qO@id3Nk;WCLs%3n!Y=zf;2oF^dH#w#F0SOt1=mW
ziX@&+`_FA>D+^ql3dwxL>}IgYXcULt7p8`MHN*Ddd;>jvX_$)EY}9=A<<ClAO$?6x
zaw!?X>s`i-gyIeW=Cn(KysGK*`Rz4(Bgezu!Vy-Y0O78pq{Oz7R|%$$JGc@55a3$=
z*B1f?3JP^;M<<+;maySTatYP0HDrD7wdT_5a8H)%_@G9(%34yoX9GStM=JppNNH)b
zOcdwRb+Z90m)VbyK=dP4h56!?sMDF=e%ff|-foOzg{c~NN<-Cyf{i98?i*(T3k}Fj
zF(Bv&sZ`JLxvOerATTK@3ffpg1W&DK?b%EA+u-e1W2rQSS`p)VT0!3FFY3?$JhL`2
z8Z(#cySa;U|12uD?U_h^X-iYhyhBw@x2KlW5<v=!nw^V0rwKLANpw0O4t8(xU?B68
z3ZIpzuqA%jg1iDT8ALPLy>-!A2+r;VcdR>C)sQG9RXf%RxU%rDAAY7&OE0evFjjWe
zW@4<-h>48-LdM@fG(1HRGdUWbc$g!np7>VDk^`GxF1`j;LBfWaa)LAkVgB8gdzOun
z&v~A75Da|1Ej=nqUZHoIeugBAB*=OA3`qz9^vEF(T%82l$?GmQDhnHs-584@LKDL7
zYjqjFf3im_GC!qZXGEbTx<=9F-WoLvN<QNx391{iv$F$)Ndxm29v&92E^q?`V7XcF
zzJmGl!;=aLLz_$_W~Nvmjt!=Y8Ft0}o#i6KR5Fmi*Ut`z4?Ew_KbkO@#_E)bCx5sb
zA8fB@@)Ww#I%3dSjR0C42B#gOg^j~#S-FY0xbAEeaC$sz>S<B4`zRwfs&8QoauQu(
zh;wq!uebAGLz%5j;oRDsm<w=Ms&3V+;L_KXZ<&em8$3!vYe|2-Z{17_esTLV5hVJK
zgsI7?!{vsK?w%W$d&)ShBz#x2i)yN~TI(<wUW6Ed$VA3QLdhH=UG2iK7}(n<zuI{n
zDOG&frIFpV$JLumTes@-{<E#iz8Bk2U(;R6Q-R-G-mMi*UHFf0Dn_)yWLj7*29P(a
zlmKVdGCN`O`r%$MtHmoh{^5_1AVhDZdeL812IemBYA2>-lWt<F)3w|MG><;a^le3X
zpjb(xi8^p~?oa4~M;aTbj8_jD5{piT#7Opc83rz_Ti*zY=nH6_^yb`X(5grVO!gfo
zwW!I<|LFj4HsiBnP09Bg`_qmYy*#C@8;kDny74X$(ys)KBi7ne5m6H=>hk7D4O0V`
z`p891P2K*-*!nV08lApGp~=z9d$tx~to>aHrIdtV?=JqTko<iZujyD7-V{gQ!+9^c
zToZncqFnC8V4p`aRBFt!w4_gc920Pdal}eEkMl+oAMA~Z9kn(yLhXU<em`)IniC$2
zqU?6n-LaOl1nuF&{<AR;YGFeo2^}dV4wA{ykr`iHD$9<C@X83M{vd4AcCQOvU3G`D
zoz1Iprk{_|F<uHX<*uFgeTewj!e|iPl#PleIH7g*)HWTUR?)bHB)T1trvU!F@Y`41
z+`DP*YS?dD)an6|Xvw~B>|1J;t1xMZ<VF_}fi+1_dwy?aH_q7V-^UN3$E>lPs+<~S
zg;{c2m>7F5gRv>dE}Vzf?<lQH;m3rTu$BRJi@k9?A<>69=fZ^@ylG&mbw(iwdBo0!
z)0wYqIPm6<x*UUld=VV$$uc&b-t-@(*mjSIR)NoBGehU84ATMdfDLm(SAaS~JVNgs
zBxswe_|#@}QuCxjkKqhsuYU<dZ2tzKC{0d>a0MvLYGWNQ-r31S!w}YMBTV`CG#v(|
zZ6zqrB^^uVa{(E6y^3t&##7eV2SK{gRNz-4AvHx#Oa$_)n9yO|;ivW!Xf%_g3V@|-
z5D+L3rzE*XNT-Y$8%Ni`W4%@^2LUu`dTlqx=;8fP!KUQwP1(9Mte9uN!SdFI*~PxK
z{mG-j@^VLVYr*AMFI`ux6j~@+tKT-(qs@CJ`)^)C!R*-(CW?0ou($i0qID9WFGFor
z12YTfjs{Lx{=-(5t}4oNE5is-nnWGC75@0o74MvlHOk2Ia-Q~wJN6=qA7T}L3Qj5m
zJ}2e}O$T}+`rO2PnwtCd=Nm|--l&Sx1mPNWRHUzNRI$TmmQ-T0W42{MjLeH_nCpGW
zP)}Ma4mSaGPWN1Ng(&q5$!ir0nww*dX*CZz!a+imxKx&>W5czqx)ulGU)>R)3#7E~
zCC!Yf(x+82UELz{F(uaf+<dl(#4xOZL>6cFA~o7zO0yl84)(`Rby7(mTZ5nZ#r?pS
z5{%-bjg6`Dn?0H3Nea`k+&o~Z-8}zKe6hsLEe~FXB3TJR?wNj8W&ZHo<cH_P7Npx<
z67PcgQtJmgakY%4&dz=S>p`h3$zzg2h+qCK3PWSZ0(+{PPk`|pGjlz|(s{3DA;;xO
z5UL0h8_rn8N$|>JHi5iufh~+9R`r2Ad!?<<M3I#-ebRV;u;!uW38#0o&LraI2A+)0
z$obRUS&Pb0Ti8oY5GVH-7h7gILb8j}vzR{eV8sVtsxMKq_nQYr>m(Uq^`~<a#>C5J
zb4<$HyMwjX!lyi3GM|(&aDWcec5Zm-_+0u1HVeu+9C^B4_&Ad)fJaHQHRe)oOb)MD
zk0)CcgTmOQezA}rTl?zGR{Go@K!<bB#Vbo?;m16=e@zmRS91QQ`Lv5^uP6?`W>{=k
zwKF)RB0r<=#O@agRq_cu#zX%)xI=rC^ZNV_?Laf<R2K#>vdFinWwQM1`GLwO#FM`=
z1P*4b+{(t^s>@1@=e{!-wL-N<$O*GR7QG81f>@Sj{04_lW|OdYKDow{Kymx$Ph787
z^a}8;q2m_ty3fR&g>ucQ+nkCD+FK_%IXQeUIM{C~U-{rko0gxdM}W9B{=d_p&HP8o
zE;jc%tOBjDN`2^q#&-Q;;YM5T4%h60T4`+o<M#Hh{it)9W2O*kDI&x-8pBp?UF)R0
z6g)>J(GL+y!ENWNr1UXXR80&~{HVIJ!IYTlnZ`oboc=UvJazeDVnU^XCz4YYwHPeH
zT*hp|kln9{=A@||Ye#wou#kL&^6hV^M7mtTl60eyt%&PlI<?k?LE!|+e82+sLBs`W
z%6kK{U-z^c*OyTKu5B}HT!{#g==FpbgVIc)elDa->fTbZHiu4B-dPub@B&h>Z|2tf
zv=pU!yx2@b>dCoPz`UK-&LKB~0+_hsWcRqWl()LL;p(5)u%R-}ui?tw+fjDxh@b(8
zb|Z{zf`ovV7gtxQDTMhbGc!()-4pTUV0$+@v-A7>XqTCy+eV*yJ_DSZ{Mj&d#X(XL
z()t>3tMzQX<MWWD)X4g@M%Ru)|BM8%;36%`LBKUzZS{foDeFpDyog)n27U9UJI(W!
zGO737wg@<7vKX=40H+tbX^X~tZO%b<%7B{8wX;ih%?U6|WW5>7>-BqMdwp|5uIVOz
zz-=@>vO$%F8Okp{-&sN`Xyd1E31&yFD}@v+#H6Jnb+<oS4+iq(3Kodr!F#<eJCH$t
z4HRz)L32f+4{-+BgHWW0Bx8Yz>RnT+!9c-@Ze3AE9eAJ)|48T2s9);UkzG@=GARdc
zT&8E{mMAnpc+22K?c|d_9Pv`&+-2-ZG=~fmdA-A&)Xz`zViUC?+$2ri6a+X%#zvGR
zoyraob+rXF)d$|6rmE^{C|Mg@TEy!XJJNWv6AhXpm~%At*nQJFgps+Y=C8jk*GCoG
zxwS78t@hh-gZMLgF0MZ+?soq2Nvs17#;Z+X^-<%JSlV4@t1qA}261HliTH)C6L}?s
zE9$VY^?C5vQVj1MFMXKksYptiB^IKbB=o7Z_Qyiup&mTRwchW=zYE_Z54zD;R?+WZ
zzh@DaDb4FSl4=GkCn=5<jq$X5J)hwwc)Hd6+F0&4pBOHlBIaaYm1y*r|FM=t0ZmqC
zT0pkQ5dSSb9K$@)O+^Qq)IvNL+%E?cBP!prK3WV0wNhewULl@3&6fxgpv1j=3`SIV
zLF8MAo}wA$(V-rY%V1b$1q)ch(N1Gs2@RPUnb8zQn|w?tG1)HZyhI^)s#fp$l8Q>H
z(!xjJKvgOqJ`kICGgK?%=2i+Y&q+7VbdoF4P?8qT{2(V*)~$3o_Gc6p#gUEExf30_
zB$vL?ZJe`RH`Vm!uqS-ux4G}K)khf<_48dv^f|BWYOp_5m7$8{MT^oP2tR^XSk}8q
zQwKP)UFI=0w<WaYH3>Al&V;{HzR2QdQCVH+%Vigx-g&>l1nmYBAH$dk;f&~yA=811
z%)g8FQ$K{>6{3hRCDPp26nRF;js0jFnlLd_Z(6~EGW)LTz0_iM-BP~k?Q(5mBqFX1
zt_d(y>|#=%zri*)s)xA*`Pr68^y2C1TS{dgRN4PS$Fdc@0sIINZq*6?scmmvbXw*g
zviv8#SSZGAnl!}qV}>K8y+Y;p`Vvm+G?Ne|M5u3THn=eERdDD(yY!||q%gQw1|w3U
zUn9vT@t)s^6fEzPaWc!f?do&NC1V(1*sefpItYJHWwJ94kIa{&J!0IlT`aNBM$C-=
z>fWaOBTt*GOlsyqqdWINU0YSqeC_6Jq}BXrFv;M$OlJlT%?g5!{fmFtqk1(cttAo!
zG2-Ntff|NX0S+qom!J>-2*Qz?8sLs%&?|d0@UuL*A_7YfyI(?eY>nL*QC(U6<`H56
zAs;I$9x-v1BX3DHxBX?gIuj1XVErKjrrr5;A%KWXMT#YEAUp#No-Um$lgZ_If#&sr
zhN-CY<#1WlDUG1DzgOvw=3p{q8W|N`SK|kgXD$NkylLPxZ`;|Inbe#ET$;)p!LXF%
zbll3as-paktTIePYZD^_LrBXBiW2whBmU}(zT*WAiR53R-jKA8Z+ln!RjrAYTHH0}
z`)VPMze{~hZ(8;^W=e~MBOXuwXsm&#UM47p60|KiGg!fc1i`L4eU5@C{!JNhRrM`Z
zr_NwH7XG>Cp9bED$C5gBSC2@O`)gZyZk}bu-~!G0=gY=MHPy%sU}ZjhP{QZL#JO&v
z@veh*cd?`B1lPvFhCM|fy;Wb+?kZlF*M6wYlc%CdCZ;m0xFmWyF(e@~S=tr_jXy6%
zuG*qtW3<tGHPbq^jVz2UM*&mQAp><PZy5R8F9xTS-H_6z<hwd@&SvaG_TGi2P0Q;<
zQMs3#=*8TkiHMhl1n<p#Sj|U-t-4vvRF8SOqa9RUiGoveOC%*_Wv6<_ddD)a#`7f_
z<<O+^Q7%Vt+m#%#W8f39MV1*g8h;XiNvw}WRM}Q@IY?}?UrUBk>5@BeaS+(E2D496
zdLUarohwI9xpa}R0x;h*%Z`6@VlA>yE8PsLFsvU_wNeB3@I00h3M}&<{!;;cm|TSN
z?zCqiCQv;)0FOh?EjZ`{^-Ul702ie)PY_0BaoketBNlv^06}>rmMl`0BuUzZaHe+V
zV!hHxot>k&8!NL94T+_&{Jn2lPS#(j$EAVA9zX)lB^Y*;td_$i>W)%Bbgknx9O~;`
zLEDMy?^=Ftu!PHZCw@(@{n!aZPXfGozAoTp#gAN+@5jqtXg3&O(5O<#ww_;9^EF<_
z9Eu-!pG=>SFw=((sxc`u(z(1?JJ&~C0x2B96?(@+3Td_{!tY{4P-DeQDIqv8k{3xi
zT%CTD`I$aKpJFCSp{9bXGBHe9pk1-gu=$k*k`+#X?I}-_2&eJ5G)HmEEBwBe(gh~>
zCG)}=C$KT9QG@xb=%%OsK#ZR3(|Dz=)<4X6yEoJ5U=I<Ya*a!yX5aB6Z5ly`jx-O9
zd>8DY%SUf<OOjU>ZH4fpN1t(pMpDx5+h4*4C<$sv+E_`siUAZcxvkc>$&sb-i^@uj
z7%`|D%$)A^T<iL-IxE-5tqOuEpO}X~7cKK+(+jb}<hxHX-KAV8cskkex1;+2%o^4@
zT0&CJ_g!ho)Y|Mh%|V2N0OyU+I<x05hkiF$$JC_hD)DGPZ)CnG7TC6NnT6Fbc5qSE
zRuyB+OoqmlCid3q7C`X3Sl-+tMITdUTCMERgO&bPV$EoA-SxAlAd4JCW`*|(2xUoX
z>6@)$e^DrjxyJ@)I;+Y=utT?=p`#EEvx}+bLS}7*AV!>DSyP*x>anoBOu%ku<+^bq
z-xS_9D=Q8yWMw+mnnE&MG!IlGF<whDw=rb$6U=l>;#jfZTSgkD2XGV7!CS0{otO^u
zcVAED*SflS3BVJv&lJru{@HF<br<B_n-l2659pk5X7Gf^k4RYlpUEB6C4Y9v?zA2p
zg4{Imb2^?!Wy_3aQ<`%@DtqJYLJ|IQpX%++)9cM|20<75X=O0&>w1;|t7gpwQT`iW
zXZ-B~FbT|T{9w>sM5ct1Hy$ZLB>gJ&u-fw(jJFeh(dUr&0-84xQY6NSZNw1AQPZ!n
zT<xT>&-UX^_~VfQctsV3-v>?Vt&bJ^h1$Bu)q2w@_mYV(V|Us<wAUQWVE#EBuil^}
zY@WSZ_HmJu1Ml7UI7G1D@S`vzE@b)wr@AcWkl{tcRej3ARPB@Nht|cZ>@FEE_ebAV
zUaX;IS$;YmJx}Q^wUlD6PSnrP{eA7<<acUG>)8iF$WAdY1P*3seI5^5Cc3+ouQ>+p
zH65&uL)TB)1v{ax#!g!4(A7);I+q<x%a?X_g?HhwvnVy(gM0}$*94;takyJabjuxR
zpf=fDel4abOQM#mzt44b4{AuK+}!)lp);AcO!n0grK-@V*IG=U)H0ku;0<N84;5aB
zk7YCQTR^LN@6c+0{Y{MN-R9jMJX4EQ=+|eO2>UG`V14cG;WSU-;7NwT530LNzmmgN
zsliy8DC^_>@J15(uCTNw0l_>lGi<0}`1XjU;?v=vs*r7#{d^Uc)r+8o95|D+qET9Z
z$ad7^r3Y3F7tw>B6lv)mLtOXM9@RQt(mshTa^~G}lJF8mQpNV|jcx<o(#uO6ji6HY
zNVtQDq9P%C=z4=-s5k)TzlTk5B5>HW@>y+mq)#3$E-a)ZC5iQRHUAYP=p}TnwfuB`
zh!Oi~BY8(w>t7xe@3MH{h1jK4+{T$t43r2F{wgapWwPx~IM-~$fe|ib<HwJ?r`9S|
zJGG1^FKIDMPb|~eJufL2Xs~l&WRk;cia`^^%?(iPMf!8%?!Jpgt?{}Hl=Fnd5S_(u
z*7pGGUOs2Fxq92|ZN;bHrwtccM*v(pjFfJM7L(X@Z8A9)Wylf>cS9>~FV%A0$LwHA
zE$n^fQENnHq@bW2E9=8@9gcA+aA;UXDQfJsvN<71y8sB{ua#fIC&|o^JR%6?6bOrZ
zm<VG4MLfE;$+FSyd+1<_0v1@wvJFh#!JTA*-3WHf-fi`{>A|c5ZCM}@d^y*cDsT;k
z!>-?kyN2~+icvGf=B8cjG^!6~F-!me1%|5LIc>;-GL~r*Yz$dqvr}oun#LT9&<=zn
z{vkBNAA858yqY`u!8=gOgW-=FEe}4K<@Aeuk~V&2yX^h_D}QqMiDOvqsI3pmKP>zk
z+w~{qn-BwM+rnm|UEK~2pz-|`Nja7u(~nu(oVLv3uVYPHq^D+;0z7+{+=d67HYxx@
zD7)f<UV>VR#MOh=LMfM~{0MSC<X6phj5w{=d~HReTwyuU(2%4<YFbWQ505i#bS|<A
z3-q~$7sfy$71%Rv;A%VCAkW+E*S|8+2vmNl0vHwvu@FKUTJZ#jq2m8g%N3_Zl5!+A
z#mrK^A4o1)Zk|lfqS02IK<kMT;$|xxHhAyCk0db1QbSKdzc;Wpv^A6%fG^?}NVYPv
zHZ?7wfy2SS<*O$*vpM341DhW~jZq9QGt@iVG7uFZdOZXsK)ykM_?;0@1aQs4#);U<
z`5_j^n83%{@S!(BZ5f@h4UyIo0VcdY>(NpE<$H_z`qISu21F!@1-e4}LYXGRBEO<x
zS$#T^GAwVJ>4Rwz(ewD6o8z%e;=a_d$VYFfF)=v$hDT6SOPU6L5TzDQq>uHvfDJqd
zgVy4ENZYUjq~87g{ZuS95mE2xsN~XZy0DbgSZ@&g<K-qD)8Dr(2w1m4^~3q<;n~^Q
z@i7G~CfGBM6<h1|%|kPpB@esLOQAR*#Ea?GJxloF^Cp#j-7@->ENWwkik4rwXBZe0
z+_>&_I>k834+_jAyrLBxZNJ-YGd$4!baTzM+~nA}r23Rw#6duaj*F`^9E3A#qJ?$;
zUZqx6QBiT1gEtk24*+NYwEv!0?P>*ick@(Y9&{VPCMsv+z;oq<Xu+Jl=xe0#c)!K!
z2d)fMe=n=et}WNT^05`tknZRpsLYRfp4oAJw5h&<x7hsG@&Sb3<$Sj3_VDv#doY${
zx3KKWiS)g()l@^=Xs8^i6Auurw%hEMJj>f54+C5)k^qjEeZ1>$Pj!9ZVW45#-CwRI
z=sKQTyZSwL1;F1I>qHJVhkc4p!Tw!Zf*+YInuvbfjM6Qy)4uw=iPSBQq=H3|#4w93
zvE3=@scgcqKe$YJ1<87U{OmRwJJoQ71_AlNh$^yQSjY>R@+I<k^zyk9+7kQ-Sr_$w
zc0SfTD&3&i@Lqgh0og?S+Yy#qES{26{T3#6KgiQ4A$dm>J9XgK*WgTo_~NBpk@BHi
zlBGx!2L}=7u13V@34rRV*OT^HgtIf6Ze2Ph%&+d!t?Hx38P#^fw^(hqr-Z+^d4qTA
z8!RmBjb;iwA3lTYO=>bcUstpcB1TCiR1!S!P&MKYGwNum0={z<L4N^Kzh~dL#&xGo
z+J9^Lf3E=ITKVOlF8JreRy&v!<UfA_fB8OQ{#W0lehCt{wJ~v$r2FFQl1A&!RPO(Z
z2*)`zuM5ab6kM9`cJ;^y1-blYhg(Vk<T-Ltt6~1Vh_B0c_nBgC=yjKTmfE~8birBe
z#f01}<{+{+$!RXmQ@z%n@<|!A2}~^a;_@hklKA0n>0)y+i!XHOZ%&Q#$h<#J1qEbu
zIC3B7iW+@=XE&6h9`Q+psmEi<P+)Q7$V)k_6JL9@3uBIAT1C1+RDA+Gb>L(s#xoPg
zJv9Gm&{ZB)r<d0iwjd-4?B5o3t@=riN<+$$o5ko*Qd~FT)S0*^-ks!c9|(VR%$N?G
z?T_*v8y{vq&r6xVVeygcDe;6$xlYaT%si!PJKXmDntbQcXmkA_qf(*HU>P-i?r4fZ
zm9HUq!NBp44V|koAD2y*YGB@?Vf6D(GC%ZrvkRQ_D{VWZQEzj9z1~V;jbQ$eCIqTR
zLU?O6+q>}Xi8PuY!@%IS1G)_d<_OY|Qxg`p+2pgtq%K&;`^3q^{iBN$D@z=&<I1Bb
z;9UCl_SA2*8`<$PwJQ2=7dL(@rGD=Eh3ALMCQ+$N#lBOAN2k*{KN_6AU>H2p<b%tv
zI_SUEyO{x1nm_8*NRw5l!|8pb7Siw-v9)C;HpZ#X4~{B>NN%5Xy-am-h^Kr>mGj5@
ziW?QC9jV$Spm&$3)g>(=yZU+Ni0ymf{`R#sc<$-I*&7Wz<IO|4$74_AMRM7&5Bz3v
z=P2%XkT6tsNz<8}0Ea6*2X$bFyRKdV%$&wQ=Z2sH7U~+#gYv)VU{Hj=9wI<Jg(YaX
zgR8o8!+h27vJ$`^@t9vcO#pCkEUzptdraJ~Hg}Io!M~5ZJd4i1hLGprAxl{Bx55_y
zStRDUmFgyH3M?Mq;yau*GWtZPf0Q<yzqn3FMKe!KF!8(?^#(2*=3ieTT-Jzw0m=QY
zZ?^M3EwMP!qJe~jWS$hG;O6EgEj?amK1+`t#tiXyX!Op`&&S8b<yBVNT3Jy8pP0!w
zWl=y;?(vgqOGQKmSmK_Qdus|SG%krO6>CL%RAV>1S9*y3<C|5r1dc(1-4tB`hq~O#
z@hws%7R`+TpBli*Kvnv^)Le*wVB0_9^Q2-pq&0Sd!|)vF3+&X<9;zG<=k)>L+8E?X
z_X%)7wKT)`%C6DuMa-j!=)zPASwuCVxY%kz1&7JfPz1!@7hAZRYaE$)Yc9MOb)^z8
zFi>Eq*JG!p&<2o4hc4cXeOkbz^C27zrnh2h$}2~s<KdzurhWR&FKcM3sRS&t%o2>K
zRgKu%hCp^c#94Rr4F38ZJ)yP*K`bzon2+bg?5CKV>b|>hKeP&2Y);}ysII9g9Y^=C
z{#z>}h+-lo$9J?oa&Yk4O&|{%i<J6v$GAvXd}+8yA_5k!#f_7IAU7{CS3ggZk7!jQ
zhW16*R)rO#aNXsMxsh;R$nI;R7>nGXgf#-j4^#wTFro6y7?I_1(RQEhTHZ|+O?VxH
z!m3jOu`t-T1I4oNs`2K-$;?hNS>Cglz1AqQv6mcCC1gMK1O&9zgO_49WX3d_C6@md
zOBqA^n-bQ{%t~bWi1Og<PLn&L2@t5_j>Y_?mWNaot$pr*dGnC72dyc^lI=ghMD^vS
zHnr3D8)eu1Ib7K>>=5^wq&=1N_{5|nBvg>JwS!6`0xSSoe(ld=&TIj5fN!{|q%#g?
zNn(@vG+bUp^DA|ns=F4Bck#EmprC%a8GF<7PQ@qRgdC20OI2ytBBaN2d!35sbn<Uj
zDR*;izWo*|$m7ZCW%*GqYv{qHZ+0wbOqv@XXfI}WgS+LVprxgyu6}%Sva+%9_dO~{
zKDVWK+ux-}f7JbZYAT)CI)kba;h*R7*1lUm#V_AMS}$az#Fwg~wuI1mg>5E#Kmn~v
z%H(WL?qwrB{jzD6y%tsNi@aG^IOo2WKgGkYT@C|!Bm3=2M!JWMP`q7S5=S$Ie73w*
zNPB4WLznn3BMH9Lz1@QRxpfLZ8eb86G4xCwT)VT^)^c~;2vkb5{J_21%=f*>G<u(t
zrIy@NIHPI+UY}0*kkwH|rFdAg*QGZ>zd=a=9J3Un-AQf4#hU${mXSP0Zm9Gm1U!6u
zs!|Yrrd4^UFnRSzu8S3~a=(Q*1cw*N8wHy1j-4gdZSBaay%7p?CLMjFeV&35%)=JC
zF^P!r*?1IoLPB!z7xC}@KOzA^(~-_@J^Agt*v*;>-z{xvq{1MjM}A`f0GLs6EgBbZ
zPFIaaDH7N5x)Z`i2X^(+-}jS~L1Rx@M^X?Sos?cKH-BD<2w>IvKX5Vekl)E5b<Ylm
zbWw4-TrIMvOl!eQ8W+2_{)grZMaH=^wm<_;xGTx7t<A!*%+M%^RFh<QmIgb&h3FRX
z-wH49Xf3W5&&%lb*Fji^I`w&m>*4P=cTBDl_<OZCNVy7{PP{q{(&aR^?3(1Yp)y`R
z?69on!^lKpM*l}m61$SZy8jm=PVxIQh+@tine1atSvY)0vP$qQwrP>1f(U^g_XH`f
zl<0rUplhW6A%oUupFp$%Mrd)@uV<_2#gtet-PF|7+!01sHpElA6oCzUcs}2J5-pf>
z&?}EB8+Hq1(l%@S1RzHRosG1kC(QHFK?NQ7G&`lFyL~YQ-OXTHkwo$ryil%U(Z(LX
z7K?twU2c9iyGs9Q0v;)k;C;z2|9o43nv)nt@yjZi#=1;B08$V;CM4#G3gjxqHCFK}
zdu&F$>R0avU?I=95%O#9PK)d6wzj1-43JEF$>VS^mJq2`y+e{tEux`cetn7N_mx%~
z;;OU51d;aQ@>JG52UcfE`7zSlp-8Rw@p6@oP8aSE6zt~X7mBC5<liMS_7$Ld%)(wg
zlfA+rhpL^M6^Dd#V`-|iDLOc=q~x^?t?fG_0en4A^Qow-!3oIKl!iT-?6gnEfuH+K
zs+ED6>$X}>pMA?+P$rF8r3`0F-3}D6RPgUO2=?!10k_-LXo)QZ0zRJ{7jBb4e_csX
zwOd7|?$C%dyTe^-W+&&?p*|!m?Bn~};3e;cGowoU1}g-y{maU@ZpBY(_{~<&>zK^R
zjWG(_eb`F84o0W-Mjz4VO@PBeiO<sVa+2R_<Bo-g#iToG^ytf$#LjG3kdOC!|0Cl(
zCvpb}e|j79mc(8C?MI?tug~X7sQsmafG}soNt515Q;O&`1~6*EW->IaoZ+Vq!?;p&
zKK;%X8`%okvrdGsmHmZ<($TUZ7T~9!tZv&f`;4=A2`OzW@?7LM+Qu92o_Nm4aFbRH
z{NtZizh)S!=X+T4c&L%Qvb$`H#zyFJvpFJ}ehTX*xVW$!@>(a+5690X6HG?GB;QOO
zUc4CMIDgd41|+#S&icu^;6#WG7uvT3<h&9y^NhHfH0tSA4O!>VepK-%#UrD-Wr7`N
zr6zlRTveyeJ2-#hAb7p^Ja4V~oRM<1cyn?2=U+uAAZAVqx_)?b5S-l@i%lkezIkGc
z-%$x^>i;Add%pCo{V)Zk#d}Ihw0oP)6d3N<{H+6UV8!?BtTZ{g-y)k#ZSCLiAn@<l
zuJXCNKRuk(?yPYkXvl68KWNbD9eO)l_dNZsiF`*6#14H~i_`Vl4e_y;ZvWSTXAAlb
zv(&GbVB3xuOceiz-H4euyN>maXeui}0Vo>&V%%_h7Le6;v~D;1ov(zA7A3~Ce77$G
z&SXsv87y>vqZ#ITO-$Qvb=1H@-uC=P$Ld34d@JB0c^!kA)4Hh|y0*lR_HL`gjv~ag
z(zHG)^b-DMdU|oN*U%5B^Wr1ITASKxaZ_+I&|ZEIS658Fy1H&M=2U5sC5%<h&Z!SO
zclN5+kFoHc8pl3<;Px!rZ|lG1#<{Cwo)e>_bVZ>C`yNDO=ZbRV?YP-f*o`kYaO#{6
z$@SVBGn}N!Yok^Fkt*p@yV42-l^SyNudWA-lu&tMJ005GoujQiEF7#vWLUe>kBDTX
zvT<OVnVCgZ^%l91tM#Z&l618EZm0=+z0TG*H&(W?adJY^g%tUzc@kRgjfiq9rS-Lv
z@Ot81<4tPw7&%YD{%zc<ta-B~oHdY8^M^Qb&@q*_nq>+uO0;5s6z^6*H-g&tyWZUc
zZEkn7&yRPH2HSUo)5qnf=2I{2E$R6it1q*e7lyO^lN1$3&~9fpgOSy=rC#ZdH#N`%
zOil@8ByqW8Wl~s(djJJq#h5=Mb|l7%gZHMDTAX#KhF0oZiIRyn8(x&HI?SRdf{rg{
z^9Jx9+|jF1|Dz`kE1#6ng}23uq<6lTen*raPLN?Tk;X|yPo5i5aa1keX`-4A-(y*I
zc3(mdk;G5tY|%6eDHHFKz4|aCjW3fRHeZ##cW&shV5hyl&454=o|$v7bHIw#Rhd~5
zxx8#IF<?k*Pozx}x#*ND1?OO#eTMkX4F&R~3bNVakUVl5rJ22$|Bu$>n#e~`{Nmnj
zix;iN1xJG8Q3d4?f)T%5*hrVT-Wx+F%R0r`%AS_Jy0CSHidU&suQEb*t2Iz6F~GNX
zZOQ6Wko<GI6i>0Ra_Pu?y7ml9mVvnue>YFnj@cwEzMLPtH8-@^fQ5N3hR2S+KkHSb
zLJic=!Ouccx!h4At4xFiQ}#rh2ie4ViVW{nVn5@3n~m&(`QDQpT9gutlXm%fv{-Uc
zb{rq&>~&|g6rL(D0wdrpVutwBN%DQct6@J8iL3{2PX+#M0V&tgki}#!Q_jKsf2+g|
zcZDa{*a>);xc|ga6rWm7ihf8k-LKcnK{X0JxlwVN5#p4r*^_|?9+*qf)Li9!X&3Tw
z0{|#@kaqELnHyv@9^d0bH(MeVFR_PF4GUZ`=u0kmDNU+%^LWeYQ<|-c6NUHve;WjD
z2|Ke2j`qxFC{S)j8zm!3;_`mZt`AP?a&%Za+xOvlJm^;LNm>*O$S-z3w!mV`5{oaO
zKpxcrAwco@jS;jNmozm0ql*fBXZiN*89=(+z1$!>*`8G-0>-`TPK@Z^U#j3(uS7!S
zwk75Vrwq>+7n9{xG!Qj{sbPd-e5}l?6FLUc)d|{^zxd+cnXa`{%lGeY%?DfnUFr`}
zY?;=&yL~2u&u&CG)48Kjn-MN9N*QMK(9xNnz3W#Umq{#ZV(j@(V-^^&cch#sbar4~
zwezjs)E~31EQpYRkKC{XxDmS%;+m2$c@=ni#Qp)B8YLSxQ!1kOUz-)(^6WUL#T~5=
z=NT38-q#Dg4-?&;o^`6coDZ|v0%fZkvDu3@>n(PBeIdnxGwciyG$8<kI!lfgCeX+?
zM6IKz;q6g<7dqW$cca;nYUE=G)#R-6dQbV)+OeLLgMq{4X#4$*Q0~F4YzoZEP@<A|
z{D3<%tE<BeI`Ckw(?=?T=;&y+$@lm36yXSW3$rFU`WPB|3lnGewwj)tgcrXWi?I6S
z=-_aYGLFKclm1-r{uZP{O-lk1yF7g<NdMg-L(*r@>)viy6^_Ts0dDhXks+`ch#R$E
z5dryvy8IW=@2qdO<Bm>gWvX|KzIQPGy~;)!D1ouJ&qOd0U4IT|7+FY<E_NV|upzEB
zjKDxXaQ=8-&#=}MU}B2@tx17gUHXc#WE;#&wI|xXH}I~qy2+w5w<SQA@9jnNLWlFL
zv~RE<ywSl+dQ8ym{-fZ*v!goNhvJdU-q#6JNh<xf-1xxxnWQbBusB^|!`1M(%VKs$
zYDz9epHyu<Xj444X`^|-&959dWf#&h%x*}eGB`Ec*OH0_<-in|SeC*&FA^z`U8L8l
zX>pntjkuMY@q?U#g(sMf)Ivt{H8?jr11$LWrIqE5<AZ0qZ&wmv+`eCVP0C#(E?q0a
zAx+<s+Iul<KKEZ`@(=tOBGI1HJnBIRO95fBI;4ay^Nl<6!m|A43gZYon0$!^F@g{w
zDvjGKY;U9y^#2dpPt=*1qu{p)0xJ@Z9<Z____2fcjbB++QdM$rr7?3|*h>2#J5=Rr
z5F5iCmxLY}GqPXRWPjeygIDh;4+UAJ?vB>$WVe0@2IP(N$m7f3^1N>&G<JX=<hOX`
zcqvl<{4NBg0VXe+q-E0&_Bi#8A-!sJ7!5Bc8v!w)jx)tzjxbht-lQoAnW^;@&-cD@
zqx$>Jv*(|)C&_<GdV>TgiFuK)R$_qgtk%?JDMJRcx<c`fP93WBGp=<#82NaMbEe7s
zmCvorZCNwmA+&yrB3I{|yX7}$s!fc7of;!wp&X4=EK5ucwe$1!8DUcYZB}LB0C2Ln
zMdpS-##UuMz>`P`YsbfW5&ih!$Kc`eDg%k8#;B|;f`}br&F&mrngdl8iTZP#ax`N$
zgcu@)rhEH9L!1h)Bpg(P&j#Da@6xd9t0a@BC0^n;g^=vjAPi+?E|r1*R2-L34Z`0Y
zIb_QiP)K0R+X5g<Xm@@B-LJz&(;7bw4SNJ<Ua=$)-eJD*<j`#We`;`#VI$EeGd4Qn
z<L(<$NX4Ndmc?Vx%~3fb%=JuY<)hJ{I*U_=Et1#I?Oz}xiF0Pm>fP)S7?$UuG8;(+
zC%;F=FkuEwpa+3gRM@gO{9nACWmFtn!f278f#7bzJ-EBOySux)2MED}yKB(k?(Xgc
zcXyZ9B=^qTnYr`6_uh}!|9a7@sZ~|oU3K=^`z&@Bpvj0BaiJ|`bF(lrZx{y+3lr+>
z@Zt7Yld(29oCg`WtUTS@0ks!{=D!`=v$9NcOO845w!5pF?V*GhdnUgg3_aZ}HtX4w
z7K?kcITd#*)oSDC$vkcbuel5f&rc3Ej=~yOJ4zBe*XL$uRl9LA`X96!&DQHIC*I*;
zJ3R!^>?r0wdoi<WUG*kq^4M|GT`#|KKfC^vrzww18U2Pm=h@_zg^Kw>#Nyt1vBDVo
zddDTh-IYdXeRub86D>C4ZlisUdk5Lf4U{jFE?ycp26MA*^~b|yT2nMM#^e`1NcQxf
z+zsBdl4v3}qTOm!CS|Oyaz+zDGq}vE-5;NG$rLQ}A0;I@D$Qo1nTk<Mxv{3KUpsyv
zAwnh{;FQG6jOkJRB>O3IOLd`LVR+p;_PP;XF*|o!XN3otoc%Lo9v)LQJb7ciaN;r_
zy|Tw;)h2T*$R?4pHZXGRAx&i(J6@a-T#8uJnA#ptXJ2j__PDoii}POUR0zk$afg`r
zdSC)cxCHXA1a08Gh#t&v9}|}tqIv^sXl*P`8et8~ZrX$Sz9L5?2E)$C<wY|0qrt23
zQ{{*bn_2kTtR}&MzQ;w<$e~bn*<}is%j{RK7bV8Bji!6Jnaf`wGY8$DFeC`C{56BJ
z=BDYos;BmB1vTBet$m8OcO{IlpA%3)x6p~r7g`OG8n8NiriKK%yY-!K_2S4FD=!7x
z{WZQlboq4`QPh{*LaG`=q!$Tl(H$x6sI-tB(v;Ige|^n3Z?>uk4_tx397`(IvLIZ5
z?7t$igUmTDT4MCnTq|8YUH$3cn&<9wB5MH#v&BXuZAB(3m`0PZ4%JqmoIDQU&<tB*
zZJVAltD$^@dd(TT&F1*BXFwTzm}xw^0}H$0kkcr+s)8a)^yA_F!m!2<qeoO52!RsT
zWExq1vNui@3U`JGDq<#EYANLyJJZh&-uvN`^9E=Ucz_}aIwmG&Bm<U3A#8{#vseCU
z<yc+G1)VG!H7H&#9@hKffwE5|$;d`dGv}jIJU^S4`DCQJT%${qfN^1iJ0>1BOH)gF
zZ*Z5H1zQ$vS@nOYmsmA>Cfs}L2K6B_!F<=Ym@Q2_%=}I_yEqzBM1pe>t+<YXAcmuu
zQC>G(aHY&|_`X2RI;Jq0mDBLO#*&Z)&uX(>6aoVA4Eo=Ky_Q}aKAvw2Q30G;X!o_g
zyxFl8?<y;<Asmd=LWlU*rkxnc4$@aHtzgLru3=6^1*F8r(JibwXWJc9{ru9S;^L<K
zjWT@BX9!FvVk^GU2!0GfwU#ypKS10M<mU$Q8?UlW0#bstS4}P3L`Jh9{0bf=Iy+uf
zomBTw47+j@G}sS}f}JdbCve4Sb3JHg%&v+qzSQqonFb}@oDB^w(mru_J{#dovItoL
z+KwQ~sNFT#;Y@`QIaOinP{ESF)?It1T4B5i<3Jr=v3Z<o7|Y!}9Kbo)G1@5^m#uet
z!q%gxB2NZ%_ICiR6rgGT?*Uklj}XL=dBnon1?=`=Oz<o_EF0wkmxyeft^Ku1pOwoh
zd-X6P6)6OOnP4LzAc%>HaX26O1|3djssM%d92^{o(>wr6L1pLUbaVpP4B&w*G(MB)
zOxh~7Fk}*h@J3sFUtx5`fBnrDWL%s;z&h>jc|4>Wb8KWNmCW8*6_ASc^}+c465p&$
zu>*6~A0zrci8Cyq5zjb|tLrftZJM+gId`NLfOk0?{r$xXgbu^kbu7D8^Rsn!P0AI|
z;OA>Sb~3WpZUO9+lTcp_;6|d|2jUm00cw~12H-(T&5l0!zL2cZq68MEriEmLe(G<p
z`8^Tm*Y*LeSp1I&=xh>_Rnpyop;*Hm%2fy6(P8h~c8VF!^6l(hKx$j)ON3d#P<~xC
zFY|*9qYQWG4L8S93efLS%CyY94Yg>?^yv!M$&?kgJ+T63YRA>M+2Lq#m>{()Dz2vb
zT8WP>-V)7(`cEo*JIDpvnoW}y2Vrn<+M?NQ1qV25PbE9mS|{&a()_E>rQ2=DSshHD
z9n0ZRKP_MW$SW=Ve#dvvv>X!#l%jo=vKm~TzjC6Y!0)0Vbso@+X?^Q6JJj(@S6Siq
zWF|b`c#$EZ(&qG8tj1vA)^62wtT`{vK+^t^ciZALU%ecA_Sv6gKQ9_Fa*59(-$kq(
zyeqrl^@rKO3C}5$T^@cpUY4)iJtO@(pMu92RyRJr4S(1xqCg2JJbn(v=HALCbuO63
zt!4TyWBjB20gidS4;E-zTguF`q)Fv!I56R3$F@!c1hboGrOR%un}L#>Srkv%#S)^%
z0)F`GExzuQj$F&IiUJ73@l#~Rt7E{x%h-!N@b6#M8^4@$1r@wzVv@VbQ*LSXDelMh
z2dN1o*>-#xgY2u;I@rJP9}$qyy2qVcU!A()scumLZH~X#dkL*iSeO^!-FGx}{&8Uc
zVHaK}$e+qG0Bd8FRQ4x&4(0|fwcgE}tV>dSJz}(QX}^xC>Wj%`X^w>VL)-%8x$Y@L
znme6qC5s27p#cV6IH<tKfuNmQeajN+X;D+DnDfaYD3a4r-uO5354T6=Ry4LT?ira<
zK<bL;21NX~sfXi5Qy3i73{3YT5vFUD<vTa9_qn)GS1#H&LE-ntG=C5-01}c_h)?H<
zm>#ckw5@h)E9mBhBJ};pLYF>4v4>Lv=HQj9CoaCdz0JhLG?g#arR%!`*d$%U#>U3z
z=;*8K>+taKJiabkeTbzI%P*lYM~rH$HkH8O_)wc~h8-bjCxJc^Qk8hJn;|t0Qz~N_
zzz8>aQ8Czi=LPCiLX?}Lf#6M0|4o9CQ5FpjZa$7Yilr<_n1m=lE*4=Rf6+WTz_mw6
z69zIgLTY%>yu%z*PE^!&HA<78n}%iOKP)-!GJ<36WrOvw8HEKI0ucXBeLTZh+cn`v
zcGX-{*FxL<XN<tl&5cKZ{P=39#Hdflfn_N*Rk8p3c^Cdqw{RVY$!5Cd4<Qq3(a0F^
ziRI?}WfE{`L#cl_aQaC-LQb<=#5ypLUxPNpSq~oeNb&jD9QkFa!38MA8uxr!)D{d=
znfWktbGu7L*$`6OiRF80(N_R*Q03w9!?F2z;YIZCK=M%Jv%-eMnIJ-P{|BH$k$_PX
zkIh8S#KG)hhLW$&0Fj>FoYhr;THNkJma;epfh)beEQHnPWv8V+><R5?bhhZ=q2nM9
zb<wP_GYkqEGPHCCA+86@P+=zGi7zPNVgdo`=a8v6g}>H+GAV2Z{{|Fu`br1m1ftcz
zRG(S2%dqprveApBf|Cwx&gNy9N&rXe&&9&R*zh0~OB<230=aA|eYBi-A1Q@&FKn9F
z&mykj`XJ2iO2pr8Gt`KO;>tioLPAVf93P-Cl?P8O=0QwEJ|nnVkBo?sp*$%`WMNjk
zo*4wVS@3x&_ni+*Jy0eo&Z-wT<g+w7I0nWg?&}h<Pr(hB`+RS=Th_~bG1L7OGYfQI
zkJacymQ3g862#=>Pu!G8%1skt3n%%A93fXocqr)bh%wR8GlD8}Sw&gz;I_@uRpU^Z
zeyG8g-}|u@hZ?uhCL+o&jXPG(sM@uF*WnaS3BZ|`ln4Ap*mE`;r}X8|g8badU4(`X
z1J0EQZ_LV<{&gj_;Zlo4UHl))9uF%qe6@*4>O$i-uc0SYL2)q&DaVepDL<-1SXx!q
zVrE4kVlk(C-zdYE5bcxvgXnJ&wSB<}Cp44QY5Uei!v%Q{cndYRlJeAOv+6PSuUX@^
z4~*~kq^<3CYPdLVm%mV~lhHZYD`fNM%p-fCIUKK;H2#l}3Sc+Z(ih_ef&&&Z9A!$>
z=lKxqPpRyV*C{7%TH5<nO7v6z7==w=l+w6oE3Zz9W@_35Pxo?f6v)^y3TSb+yY2m6
z$EtkNUO@-&0CnkbrAU^F&9XKABCDEQ95HkxXO+{TA4eXFxYqEp3HdsmS<*V6(&vGV
zEqeIMuVXk*OcBP6b6xUkMHMI2RZFdH>HCaxW6_;aCLLw*96mUl@gZtVeYiAfAYX}|
zwq5-;gV@GZ6|g5m$qr<BaVsfr^;MNYTgW(Bi74u%s~Bk3EOnP1ggwmkZTnlGYx6^M
z*wT6U0Tt%&!OTaTs3`&_E;F1XqTi35Q#hmK5^1{!6_K<1rr0qj4K`w+FG2^GocbyF
z-+BIU@0q!$PRf_}+)i*nPz(G*K6GTxF9TD#Z)mR}`2^I(cP~r+T*Hx^Owb@yfp+s^
zyJangQqodGOGm;;j${m|RPaV`5%w)#q`)YPNsm?*ysKKiI*b|fd0cw7V=zuMD;7l-
zDIex+ew^Ax9t-?r%ysDrrQf&m67FLt&IK_G?dEKszAh;fP}Z5l;eySDrl#1tr$5Ee
z*(GpFGJ`)%s&S}~fCzP)&&Zt51LKptz*{~R(u9+msAaIly5u`QLgwYDV#yDTCZW8(
zDTGSI^MQ4CSMGw#lPDP3%<}O&g|Y;H|32lqjNC&EkL^@B?srfGLXjj;jF0$~w`%H!
z`q~;w#G~f%07P|kK-T2y*eBE1`SJOO+gMj;=VYiV5{bGCcMGTJW%X_(oKIC2f3920
zu<y%=c>YdHSgb|Rj^&#ZDXYvvn_*Z+le7zC#i5{;$^=#JBYj3v@a|jhwB_**mRXT_
zz}o=q*{2D4bi1<@q~jP*8j<B@&->+>!tts;X2-2}8Lh5WcCj4Ij<eit2(EsoHC(J`
z8%f0~rz?$nhr&Uf3xB~;vIxL(S?iD7AHg!XV`OK@#UTCK3+q3vIJ?fNBZ1<S&oqst
zvQ=#ps!*vj>g&=?LR*CUw810W?(_S;UNgnm+WF}Ch+{p$uG;3^np7hiXOo;focLx0
z=he<YJbJ%u-r~7<xQ*f>Zx~W-0{0zAQXbK-xZv-Vi0%yGX;1{FzNg3z!EGc6JiU)O
zY@}yAo85Lu5Gc=hu>>j4m0odo!Je_}n6_hz%w_-#3H?k*!_Y9;YSvHweqm9a`MI`p
zi$C#l71-o?3|y1@jE-jgu7D>n+N%w!#c{`y_s&~qWc;v0CY>cR(dj&Gh^4qbB?3(Q
zk_XEZkY2@$Kd^waFd{D^k#O<4EzJn7t&Ll4&G5mJZW$x6SHsg3^L+TYKb~8bpT(@i
zWGB}x`E@R~TvF@ycvbGDZZx&w0MFT(Ie+b@w0;ryHO}A!Au8iicFi=kXBsSKyeG;`
zC{6y+nQKgH*xW(;fDM7?OocAQU>Bd$r!5uU`JR3Y3&4n$(fgn|oX<4Hy9Nb(L<BW?
zJk~v3k9zW~zl^W?M0l(`j<{^*M4K=V-K1T#dG44`2jX#COUgjE+-BkgO}J=1O|5IC
zlYnnFE92pscO+b#b^Iv8?cHhc_QnTT-~iBt4#o}-1x?|Q`58ECj^@L+AO96&T}YR$
z7@k6jH+UuQR)yj&i_58AZYsLcJ8<KscVNyd2G`<fF_}%bp_z*N_O73wrQh?sT|upo
zf8De(HW+!HwW_9@CV__(L>$n2_=-21oG&7@rAQ}?eRD1HanIO=){NST6FrER$lM~l
zZX%y|y~hqXgfT`+$J&t=35D-3^4eir1Nc95vVZ{VE^>*C3fGztJgdb$QR0{{?*?6W
zx8HL)P1IahcVxq=xcdlG>OJK^BWr_&@^!33Vrzqa?aY*$_rv!Z@_X=8NxGW|#=<Ey
z%oa5+fZLT+DfUsGrYf?|=<E|8y3lUXvu{J;qxX$k{!@h8{8HwI65?_)w_)-iUGPz-
z0E`&^45^tXS&X<CQEbs!p(U;K2WEuCQ!{C_5)_dX7X(Wk-MtZUxD}ywSm&`W9Y>NC
zRV}@tOmzIUsscSKLuy=J`<f|LI?zw>;GovK_32PK=8NU#feBs#fq>7kMhfWISznTn
z%gB4}zt%Oqk5f{)V?7xCxwk}9e_T3JgQIW2+fR2Z8uqP<>R$xIlg+>Qg%+~Jp_^rb
zEYWk8OZ$2TqNtBS4LOhVWsRSMBm1bADki-Elj|t_GL0<j4vS%96fXm;cdm}Og&pm6
zYUXFOB~mT@gEJyOm6v3G9z|hNOof)N-hl}5qhg%*r`cT(STmsBrA|NH&n(E}BcMp2
znDrwole|ZCo=p&55z84}eVG9X@$UZzkAj}6N#YhNm$^L3?>mQcM44>{ZgWpejZt3!
ztyPLyaL%=RRX42WeLI7i8GaNEY0QWr9aBAO7j{h~(ka)PkCc`k<M5j$@~=5bsgym-
z6Z5#%tZpcYj2bG}e5so^M%h7Tps13u(cx|iCe}%}%ye<KWBuC9Cisg=mE*rrDJEBV
z0{z5Eh%-1b)>uD!N(IO1^GU5VLo)2VBB2@Vb-NHO2BY=QH^Wz3?D^4|Rdj^MbYp`S
z9fGBE7JN`-MNz<NjX+o--MZ&R$Xe7&1B<w<(U}4>0biAXs@Sj+q^IlacVpNN=Q6}y
zA27%KI`<Y;!=pZB%XXi1W$8-&J#XT4cXfzt|H3vT{9oj}59-WtY|g*Q&Fh$vzq7J{
z0QEj7go0$-X-x%q@6NlK_@c#hazAJxK!G+!`=gxt!zMEJL`!Zk9IslqIb%8zwbsPW
z_aF4z5@eZE+KREt@hj|&uB~;|&4I-)tty$*J;ud*BWKAI#ct}x^D`ic8_5YV3=*uF
zc`puDyVUfUfB^x(U3W^*T#p~F&=24-LUfo1QbBw=Ta1j;0pJK_2aQ(JwQ`+;a3va8
zw(EgKDPXZNH*tP42J9rm?St9S$FO@W7t2($f=f(1M1aulTSu9Nt_H2LVb1}f2`BXT
zNahPFWwZ2qao_bV&t1Se+O+fqh5~X7_OIt#_k<Zfg65^%Rhv~c5M|2MPT{gLJ-nuJ
z(+HFJ^#sm%AHXaYwV#jXWrCqAtUY9cw40m`JEM>&^D)1kx+!Tho8<O{xs8&1zVnb_
zk7NBl=dV74gDTB{Q#px!0gH}ZHkm^K#qa04G=ju7{4oQeA&TC8eBSx08L&fv3M2`N
zDI{o+t<s?>6<R-!`(z=4v7^R+@FH%cxmr4FW15<=Qw`ZMIL)PV1&Cdz6lQFcWo`{@
zaI#N4bIvOSzlTgt=~cNX@+z2i&48safw*d1wQ2$z9J#El{I8H2foVC^4>jC<zV5!6
zUME<-9Z~4dVpBfc9?TbmaxQtzRVJs5<OttM6ibr7-(Hli-k2<roI*X6-`3fx<-zS7
zi$jv9iXzt1T?|q_Mg(svb9>0sO=>4WhJByHR?+Mk$t@6C7}#d*!>H}uNN9#ull^6T
zU1nEQ<+Rpp1E%(p30sfaG6u4{bk(k{QMP$+d~>_^)U^9~=(YrfM>{LueNxT~SfNbM
zI_M%=>9SyPPmT;3#nMH>DvePdA;^lJCWAq9ME^Whj3$~8Z;P}3xp2WSzZ}JAudaaJ
z6BHAA^DmNHNk<vk(4nac3ob|UH5a{Hf0u}(s44GHh7_eAZWM3dC<Ks2jp~i+?6a*)
z&PVa_#Kwp8a9WIrlTVf`0blPj_p0a5u7oe;Ouav+=DCR7_brYtf&L!6(E_(PZt4z7
z^SGGHF}n|kK@H{0;gY&|-M3#c+}#H^P|S4!I3=`I6J`?i4umbaQ9Xu}MbP}x!aFr$
ztyd_trbZZS3*nBap)=nFvrKcKL`l%xhcU;lYIKb=?l)zP8|op!OIz7l@QDaA$ff7t
zSfRm?ASsF|k|e=HM-qZ4x&gy7o5aL|1ahS#;Y_g9B{w(Lt$Rv8$KeAz7Tstjv$r8q
z-wy_F=}wv{x#5$ZBGcySNW8~Tdg1YEJ@zE<vb|oXFrebh$Kbw!gKCS_-`mj>RzitP
z60ZCh#JJM=P6^G9jX8MKu+o&ep@ME5e_z0n$6dHTN$Kp!TTcrVxof9mMiQoa5sWip
zPimJ^)s5`p=mpvs69_Y>B#dTkkjm0LX!?<0`(XRbQb?vSZpl!a*yP{cw%8h#IG9y3
z*I4yj&QX(eiJI3Ap014XJxNhJSd=m8bncW@>uruM#pJ7PjE*jyPJEOjUS#DRNW={%
zSg!mg<cw9UZ)c*}c$lTkG@l4an$(X<2}&alsklA11hseXCQP~6;IgP$cC~}7I9|=y
zGBWP&FNI>XZ#7VV{TARd_KiH8Ji^8<pTRl+l$9#)?|(7}ZvZoy{g#uZ*l#Q`>y;ae
zw^wJslB@*48w*dWWBp=E7y5Gj)@1BeP96Sip>yRr+nZGsK_c1}P6MiT2!Hxf_@DH@
zk4dgx?;>X0S_`j+7F8T;Qa*1?EhW(CJPggeLlrqc-*`KaMnr=D$zB8mau+Cr(tk#m
z&o-b2o~AUlTZ|MDht8IGo38<WA%Du`rYWZ+$4ba5bbVNskbn2@I7Qj+-TO|ZzXvDC
zkJ!AQ2)C%H!r9kZ#tiN+V7<NZ%3eo(meIU%k;2By4Y#vkET&W#6?nd38jwicCM7x>
zP8AVbC{wF@G3Wn$0Tl`!wNDwQ+z!i`AG14XL_#6AP20|<bhuT=XsxjGu_cV$Xfo?d
zCZA4O^*UH@@eIt!D38>UW#0$|)p<;Wdm(rw{&u=fv;OU?)5jdyd{3x#Q)*G3(BlCU
z=5n-sleE>NhAQQw^YUyvV&dql<z^Bm;$F__Yi&*=80}P3T6;zs(p}tN#}z(U<|QlN
zzpS{FiH<HR$j{+zZoY18b1%REv3-Xfj%Ty2%M?%bV1*ko!Q_y<%^Xq`(p6lvzp(g8
z{qcS$JT&Y}AwHpVp@Pb6m2H}SX}M5#;X#CxcBOfEU2!e+Lg&c9FmC|w_&8>91Yz{_
zbhVXLfz|TUHnxY?I~bBr`jt(G?~3v%fGPCDN()Ylt`E5x<#0H+|Az6Piw|{oc8rLZ
zn)IQQ@nqLdbPqT$vVQ(W5eQ>fAT;lZi9Y8r7An`0un(FW;(!_e+PhAi&a#jg;YSDp
zIK+tX<RZqb>PAmnN!CbLj7s=8m>e_<dn^jO6L}n3@eC$SSW{m&Mt>G*H5-Q{#Sh9p
z$NUQ|DdWN&@VAZji|Ha#pyrG!%sE}F)*mTg7<P077oQIhb+sbA9B?N2mYZ!6Qm4wX
zm}E-WEx`tu{)}0!x2?+&A12a2gdy>FqF0p6hl)yOPv4}EDFkPj<79UJ%yNz}0z80$
zEnQo5>{6bUK{5C280?e}bedy!{rbXk3WQ!oEuo<yBtmLhPR*BBGAuMM;|f!>>4p}@
zz9JzPQ3loxQo=Z)b3YWQc7es=6a0Az5RQ`1Ji=f-SY&X@*&O|;^}pB*YqZ!WCo$ue
z|2KvelVt=I==lyL%VeD%c(TB??5ivZmfF%nl6j~N`o|(oIJC58{8jvW5Hg2BBGSi|
zuAj(9yx%Tj$y-D^WufNWnhxNV!bru6VfyyjrR^%1vrXYc3;_kV6u08G#WgD%GPY6-
zKi>U_3DUhquX@w?z%uhO=mNiV+UA|@tz}T-`r6Ayx0qeT_JhO2EK)UL;h=<sgde*K
z5s8V3!Eksdt8F^Qzjz3Ye~<q0Qr+0X!ot*)0wyC&X2A0t-#?|IJB6l=anMz;OSrVB
z32}=(5Tk$9kg_IxZ@*eQZ*Ctu$jo}$zFf(~IIiro^n2m9PAJ_-IJIjK03PJzW_=Mj
z<F;CuSJ1i@s#;oF`$9aK<a~~fSDACauEv0xcWJRKk~uuM2TpdXdjyv$JByN&B71Dv
zU`V_No7oK9Rlu$V{tfHwjcw*+vyC$BpqsT=T>9y8HJd0Xv_C>7zEMxW0*@l3T#sYr
z&fd?5r+#`_St>GkEB8GtK4|r>Hkx~xk=@bxr9YpqNfkr`aMP=!`@d<Bdh<9ERP;Jr
z(vymh-Guqx!vCk*gnLA7gT;pX$-xe3jSKh>Cua{d1k=Pyst6L6wbEtv7DDD7_g4A5
z*H(f}LPXTFUm?2j^@y*555!NGyRBUsG|Aq6ZRQWIJpZOP_41{!Hsfgbb^)IPuW9@e
z>tTIupk5@-n&xqik3O}U>PVu41gLZvObFbd9YkiP3>ezGc~bGgmWRDV^1n^{q|6Wy
zz`L#}=Gx$WIg4Hs47!5&`;7qiv6zsI@uDOOjDoWL-BBVEwnR~aLDtH^m%u>pl7ZMj
z@3qq4c*7Ro{`ViK>}?-5&-s%7nh*E(<V^by?)CPh-2?Xbe$EVCkvv>;mMC9&|I$El
zsaEYGnABPJLD+#oBAyK7Lkzd%w8XfOjhVsa-DELKH>5i%09eVQ=nM>=>NUBFxVm6Y
zc)a`dR_z>Mb>~8Q?(WfFrl(1Tlu|$WG49|6%%s*1d99Zzh&h_I`(*f(4O+TS*m&c$
z@{bN@o9r+2)RcD}rKYCv(4^E+mL?Iy?ggYfn$PjOB+2Cn=SpT6@dWSK<^tRJBU~+y
zkW07JJLk<!W8mR7pGDWA$Hmw-3?Fosqz9#FX)CQ#-}Pyn_{6DL3;HJfKDKLVe*aZ3
znrNbDre-1L1OP+(%|Z-(H<sdtq*24R5&SSus6Y_m?Wz9H5K_l9*Bi3J7l7>sVSe6r
zFrJw5nXfjy&A3gjpZunh)l^(n8n;5+f(i7-xZ-h`+`9*l*2G!peFXX^s=mp^**Tt`
zqfYvldN7YUU_MqBKv3=xH77?y@Ek9l+)ga_T<(^uR+!J0L@JlQK0Pu_T;r6Bb)4dq
zPk#ZTf%v^&oBVv!-H-3G49FK(IQ#>0Y<@O6ky7oocZz`!e*owJam0A6X9DA!!uumR
zTPQJYz*`bzdk3!Yo_9+MdNq#ejHZmu`WGxvs5ZAFr@(F2Nd+NMK|sRcnTJB&>gHfZ
z+a{EAR5y0DIFT{JPe_nORW_%uo>uJvBz4!p0XbRmSePg`kHNKtDSdTE+_+*$R?l!i
zPw)R|N07pg9~dBQ$gUK(YS&E<3=GVUj;=VAt&YNK8@rnl6Kg}1mfdgr2>JAE*#O-m
zLW6k<OHj9L60fGVy=@a>p0yEA&!8+4Z2A~YxNQ5Op<}0#;tw*jejZ^JiS?cUj}tl^
zxL5D1!!hn4^|G|Iw5Hu<8gEwbBZ-s(KT;5V@z?u2AAkf1RN?jL%$=d5p<$t~PXMbR
zPeDUd{{4FrvlS*dsJ6n}Dc|qt<U~wNynlFzg@q*%5TsZCA%1lQ8Oi&Ye91E~5)>*R
z_FX4}=;v=4Sf{Tl?WJL<7s@0BS$B3AGDC_wIN@uG|5-r{_jL^`NyM7VaKbF2HSh=F
zKUHRCS%v!$f*IX>Dp~pud}7>`qAvt|l*LB)+ei9?qXZYHjfh35fC4}YK-3Yf_g#&5
z;-NS*7L}9~7gnZ*D9D$<C+NAoP*1<t3C}{hf}QRmCL?!ppzM@+hh`rF{?N_8fD$X-
zUpBz*^YYYEzx9MxGCI51SxM1cmh=Iki1JOE!uU5c2pq4Gh=C15jrw~fAd|S>oA<5%
zZaP|?RV||^D1jt^#7x#{BL@VOUteCnGI{TSUC}8?KvLU8O8cV6H*;_PU$_gd(cnO^
zRuZDyrn#vhzrMN{MwDeyY0!yMXqF$leI|LAzJ*gsct3hBcE_Dn+_@YJ2tR>>Jl^;^
z=9k%m3bQnZ*-?gGIQQf#iRjZ_F4WP7Y!>r(MuT)^{XV08o69?{l9-?az~oPzLazlz
zAOaRe)AL^aw$v4SX~betz<&2dBwLMFXTMxAH74xTs83+j<e>UQToQV7f~h<{m)e@b
zFYldAER>v{fovMk;Zbo?660q4XBe};eX|XT9EiZ2{A4H_WB>4YX%yP_VsuUAz?p4>
z2_aInhn}LM^}4B?_O;K^#EHse3!375o-qoFze|vW>@5$vzZUfc;rW|#wBy99`|l7a
z=)|8P(4zVtSR2jnkrmWEQmUzn=I_7GFLdKSWAysx+|B@#O@0ZoYg-`^kS_{Bt=q1S
zHYQM$&?r6a!x!p-pPEwpC-J&cG%tgj@(Nk}PO$P=iHwG(qO1%6u(fq{5&_!4$k4=>
z)1JQw)$eHs+Mwm!#J&cxap-XsECTkb>c%ACL?~f~zW8eu5_mn`dE8VK<=gr-ig%K!
z5#K}O{$H#g1-a)S8qi?ww|t?1gEM-7Te|1V(&|ZM3SF0^hEQ~(c9NUxZNV6M`g^V3
z_bHYCgS2$S8IZWQZC&(9x@dah=I(6rStz-7O6$tPQ1ORM=ig-tzZ-fxcLTbM9|U_7
zY#STR?JEtegGmhO`sUfNieOz~h9t`ZN}IeWiZEu<q7b}ks<N86|Ha`cX#G)~bF?vm
z!-Mlapr~ty3-0}U2^xL1B@Qzr@DI`Nju)a#YOT3!3#$16`{<F1nx3w_v<T6JNup#}
z?{cD(PT@K7Xwie@d;EKgQn7|tSyNW8<Usdwbz}Ykh-CU=csi$T7_Phny>|f)0BP%J
z*_-iBnyo6JuMo2BHnZ@_P2v57MK?LH;(ND2WL~x*I_p<*;DU;?>8Mj_Z7bWW#7*7r
zbh2udS`u5;;w2CXk+}aYBZ-086p^{>?Z}wh*G-DDg%($L_)Y0EWPQH|+1bXhg@^M=
z1A<bgoc_*MzF?qm1^LaVokd%8mwK|5egzP|o$#Cq*oTZ$b)E>?_QQ|xw2m$ki~EkF
z%?k`L{mlpzg+!<Zk1Q`y<k#4$ltdzL{ECKfI~n0wwx5FgpKjMaXCue)QSE8D3H!)(
zRj%z8hRTsaA3a_1&ip1_G)87WY8y6<?J}*&mn9gRj*0t&Ld*%s6H;q>4+TuDDZC(_
z5zEZbMSEL)=kTaaOHf2Z<iI6+xa?8$f2CShPJ_3wZy$yIFDsAG%>(3q@?KtEN=iz$
zwzL5qnYTb%)(e$^1BTFVS3H?OvcXVJDYCod$HKuP(hy5Om7I6lNpFxOOVW&eURCz0
zD&s$ivDQ^lywt}qIgKPalIcODP$Ju3$XoXn7|+$z(k1<+Ew~R4&7qU}xJq?hk#8~k
z601EiJv}{3PIwQLC^aF$G@RgrH$l;e`Dyp0H+5VHNm3<U($M~X!*O|d{FGFE6n4O~
zV{=w(Y2QNs<ig}?b5@yMQT)HBCBM7?BobY`f6onCuU*`YxT)||119G0>)u?tlYO3;
zy*V4rklta&^Fo{ch$8cKcxz))NvS5y=e>{S6oq&OZhfD8pKecNRH>{vF4s<^6Y5PF
z54c#-RC0o=TUPk}fx-ZnQ^F*vaGYpZZSA1NBR3<_fkYgeC--$8#%l_b@lFI~o|7X<
zfZVEVs@5t@9=dKQe*V^n4E!{uDHD)JR*D{<eM2qS(!2>NfwWSljmPaB%t^BQ!L3L`
z&8T4#=U0x~A2Dj)dVL}WVY?YEYUB9lKY?LRtM%O+W&ghL=$|bz?%?yz^HVX~eP=?W
zdwRmu*UadT4laMmWy)Oqqm)T%uG{nt>UhxPWE6K54c7K6ZX-tqxaABE2M1YkzDF*!
zc#rB^OS54fZwY!5>CyrV<wAgOsnljiLt4$FoIh6_@-M~Aa9z!i$Rw)gmXL*|J@C6;
zUg3%3{_`0*CW63aIP)Q-RG(0{<&RcFOHz(fEYESBm{J-iLepyd7U5M%w<@Z_QUVHC
z0Y53~9s!rdI)NH>)_h~3fbZ+!IX*r<zbiIIcvEN~u0(Jd^Iw#-mNzqO?wB3P^(L4&
zhOW+gx!(MlCE>)l#)T4pToncT15_{}9V>{RuYxcoxgJ%4Yg3b~np0q8&dG9k>$CsT
z%A)4dL=`NN@It@CC5Z?qAX$K@ENssPlfc05keXA_#5b7NU*s%D*L?FZo#LXHYO;uF
z;WVpA!s*Fry$}(164P&}REYf7&|@(5fUB#a(hoR5BCV%bmyV1T+pnvbmnAdmY~wCv
zLDiwn3CjwmCJUY*WQ*3T2hKujDu=+n2>lt&W=Qf=1U|c0wRuHw3$9x1it+4X4-x{k
zRCt<Z-sr<*KZn`${ZgCy$L}8&Ce3<Fz8fGBz5$n;Z~I6FC898hAqOq)U0dnbSoRlY
z)~AO5j^sq;VYA!Fn}WxF6jkSry(`)vGdazBpC1*hg*OrGX+)30_^IjUAqvzdh{=k*
z`820thZSQxVy)UWE(Fi3e!@?j1Q9CsTpDjQsZ9B`q)@F|EY_0?4hUSt;QSpGIB;-|
zooh%#=s%m4BvL2ab?EmSVw&!1FK2SlmeycWyr0FzzwL^bLj>@Cv>kNKy@H@|Lkat5
z%ra{pPYjT<1b;FQe1iXr%2gtvEwqvLSaX-uIz`@(5XLb$hW+Q6mF*n39J#mEYF<&?
z60hol#QEgu=w<{)d^J(M4SZG+e~CJF>o`6&`4J%w1%q;k?xYRuk9-6qtNg;e-9Utn
zv{s|HIrw+oRkT%YFIBp$4&p7BSd#m4jf1+AD(bdWR)m+2b?$3*4d_}}#dMWEs0oqH
zsc|)$`Rx1j)_th7nUunA@}5xkUw0*oD6-RL#$_cQ+B=Y^PK#Ab{3_V^YVwMlyU9ED
z^pq0nieg9>)uQu&za5PK6NP=Xy2$>e{*<r;b)5@F8_op!N_)u3sjImk?rq$!R1s5Y
zUf;HW<b7h6nCG#<(9cw?DNIHr?jI7#Wboczq*1yEP<f=*cG{9OR+6}-&8hOvkB!k2
z;i~ff0rjW;GjrCjLK2$y#f}35!w2W_STcUM4x;U>LMe_34r9VhPPC|1`;`8@(bov}
zbh3Mm)^w52|7bxrD4JE7(A-}bg0@tJPNgzfB8&L_{Jv&t^scF@HT=`i<~vV!1+Nqe
zgh*itYzb+w_YM?{10P0fy-)z7ffVb#l4`73Tnt<d5#NdSEQdushN~{rY2_@4HYw)i
zbHnnN+^oVyD_V_sHH5RPulmGdD9gHl$$m8-g{u^1&U&BcGIbr^#su22KqET$Rb{S!
z*4W%SmR^O{;nuo*@Sd6edqyO_+5NGa?BGj+S~msDe?dh;6i{Fw)+}(~TzU|khI+Jn
z(D`A?Yh2f+>rQrpZg3RRiUfeLp#%@6ms+M|AZ;RVU*}}UOew@|pf}b_opIxXZ{2ET
zw=95v5zk#*Ovp|-{tZDhir{-pl9vvenvMk%ko@?j0SS9ck?SPUW)bxE==}&fP)Amm
zvLnwCxKVW%EWp9NcgIB#HRA_Bx0wP)mOm4X(hzi>u^@y*N?0r!(o0oWVMSTyCmW2$
zM9UevbbK-~M6j5sh5odxnnt=Yf#wC7cogJF)h+Qf<{t5CfSAo4CkK7mvPZ=(db4SH
z<=niy@YFHcrzgnpy_pBpy-z|;tU#&sAtme=mJe-Uf80GorDogEkIsLYp}QjX_-~*H
z<SCEj9pN^NN|h?7$z<qOKLi_`HIF%S(!PZdAAh8A^Vh~kVU6MEPHE}Y@h^X>Ny?2N
zz6%rTtCLmTydgS|*+q|eGEnUYa^&HqY%=dnCxP|`#tw_9hx6V7g}FLBZB&r{MP>12
z@ewtrwKz>}$9=O#xQ%-+Z7sSXe}oCggqH_RWGIN5(jvaWVTVj)Fh1{AnGlv^JE;tE
zc-%xBIV?U%l9LL^fTAc-wbE0T2Q4-28j+S}{>aV~aA)GYh!gurrmsnCbQq}feAY#p
z=Lg}O5fST@oeCn&L3MG>Ng!ARg;H#M(BfIFsDoH*b&;-1=RHs61$Lw2x6k3V<zLF~
z!baO9<>)QSGcRNFj1ni5O6QfIzDKBX-%s0N`UKyIW^lmRhoWM~ux}>kY|l1o7gSnt
zSK7!=E%b}s8C1TN8d23UDkF-P+_ZjuFjR$ey8L(*s(~-_<`%qKa(<6XH6z)k6lHe?
zAPrhzYINgyGR^WxNJ>haTshMA>3_3Dh9-emR92!-f<aA*>?Nbz9IB#!pOUNwv-msC
zw+;IYPMi=lsGpl!k-u_TcvWC>tJQCUPNhmK*NpUD^Iuh^eA7~~o~oFFv7I`N`%&7!
z6JGPgg}rLx<%THj$$ou$GbJ#5Qo_r{2YXyO{=eq>b|^Le88h@I3;+ue_ekD)o!V|5
z7@dOcEfk%)GSIyMrXdRUpJTd8JdyYGw&Cq06mv4IUTm)al6Z9Bm#uf)jAk}*0Xhn{
z%`&Mb$zDo9v$d55l3%UewX3i&t{EQ{152!5!5&A3Y{dvXuoc1DiNoE6SyDDLY=)Gf
z&509to%)8>t{W;U5Lg%zCv)xF2bD<d1UGMd(^xI0;11DZu~#duBe812IzaO$*sXYk
z$1lI2{}m7V|0#iSD`+eF%)^3_x_nx(J^Emk39;r>!hH0I9^>*5O4AnVttplhvS{sK
zCA1uu(fUHI$?COV1QriX#S^9H?=Ldo25Hsv1P@Y1-`i=Byl(LN?M#9^$QsvJQR)1P
za;u$EEN$*NDoJ7Em!S$a{W`OO@Ng(Nv4nl*oXRx|b3wve>We5sVbapU*MhOSG@0C?
z1KS4%{oCu+KW4fA<Q+dhx*52xGHzsbA4_4enY~J){GhF<R;^bP42znT`)@v!P?A2w
zPZRycD5>K3615uB>xD$;N4PC690(E_KnBp`9RX9XWON2Ygg#H-_d{vL+;*q<&@x9G
zVOI4am#GLQg+i9L$LTJQduSdW9lW+o$8I!;)*CuBFQ(%E7DDtoz1x!b!fQa4#!14|
z>(i!pz02W3j6(mv$AijkOnrz!BniSW0lDmda4V(1a;rz2-H-fZ)&nYsnxUPyBU)=U
z#xv1E7Ro$Kwr3T}G2I_B;0lT>_J(J{-tSOpw|U1!juoNfy7kNw8xRi!iA3n4D|JQA
zy^h7HKmL4JSQ$!qEWP?eIMU6%Erh>_W6QSl;M1?+WVTtU^cKHq@LJ7i;j&ext+W{6
z1N>mVD_Z+gD*HlNKW&nK`rr^UhHo(#asZJraluLbAZ;mbt#P{KNM}p5qPOBg>Rdim
z9I;eu*xDECR%JYryhZPF81gO@%;WWG-$4MytvuTU!`wgoF#yXA8SGj1Uy<W{)9WE5
zHCWjOy+u@0jPlxwk$&Cz5^B2n)?OyD)X$6wwX<tx0-<FY68mo5x|w{EZN%y6ACo^-
zf{nUQ4%>iP-xkCI0t|Y1e*%_I(goP{oTHW{S+xL9cHt_ib%=Yla<GqAtNQtaq?$$c
z2rGTM==f~Po}rC_9@D~1k6=u8Ng4Z!+e1N00>|EWGjy3sCWiK$by`++pXRujnfdgX
zL~v3-!mmruE7AyG=L;_)^>XSk3_!nt<w(%8M=fs_`WOZ2EOp1#8`P3g5HWY;)!1d%
zII57(hE<Fh@~$#HeWV#oqt@o!nYLTpnwRWQtzH_SvJuEBI`y&BsMYi?DQN^!ks}YP
zwtg13eM{oa3W})x(Znl==sQei8?jFjoatUynz^#HLMwgtyzCVc7F29A<bn~C7AEv4
zrc#ro`Xie+^lp#&b0K?#f@VoL8KxkCn!wnk@ybCtv+EKT1swKT#{|VD>6l|mX2Eyp
znW4W%11D312l~F`=4UY}<A@M_|8BOlD7{pFKg4$P0Eu4GMlDN=ksnKluH4r-(zBB2
zPl)Jrg~O>_vcTG<DPeHr%0Wt5(;-5_Hz;JDq{><!lCy?>KNxERxB-OB4jeK>!XW?=
zs<y9YkySZ9*)heEfzLo70V5x)0Usm;hyI7S7FM|H$IC9b#*`U#{LU)dwZK~rjI^mq
zI@7!eF%vqX;`&Of#`|Y5Nl|p;P{e`BdsvVNLD_=&CJ$-486g;LKY*pDcL3v}qM&8v
zRkSm2XDn^aZBc8f(`5R!l_Gz47J-6w`rV~+d8%<fY(oQqH<@29^w<~CgUkod79;LF
z6>>t%1jDs0+5yG)G|pHBC>GpldigmFvWid_RAj|VZsFmk?`}PkYD-qtF<nlSk2jbk
zhN~4HG-7Fd8z})Gus_@*A_qO|5p$rvygh|80Z3U#2aaoio}RwBx%o5Ks&#jFH>c;F
zEg;T7|0@lr3r~e=vD)f2Iy#!3o<5nWcUR}~<L6QD(9&*t$^F{Xeg?^Y|LPbr0OZiU
zQ-UH@@o`#qzAY6PqC$DF+VB!?cf)jFYtntmis4Z=YiU~i`sItLxcFj)0R*FF0(c9E
zDwQ%|0VekeI8$+W92~B_n%^wwB9kXF^6L)kSfW8L*bXQlf94NJvm8r%rc@@3!4T5o
zp(Ai7bm?vs45u&{k0UId(*1#yz~CL{xWhSoUQY46Io0UB2cdO#qw3@U?`i||Z@ECE
zZLcNHOCw%gv8maUmxmbgOuR!d)3*y?An5UtvXO|V?F605Cas&-yYQ~WbfsE=>~h>$
z(u!ewbej42A>-+3+kXHZBLf!{i0}_=B@4vZq1WRF0Y~3CcC4d&D-S^k3h=)CD^7eg
zKS+ITy_^c#Z_M5t0QwXD0A-?^`UeGpCw=zG!vUm7+7H1Zh@$&tmlWlM{qZ1yX#PN8
zZyN=4%Je^Rv$IixHQN1=krL~DVxY5#DIuGDCtICPJ&1+}iQP+kKo<zzru-^llj{f@
zJPGP7`FH-$)g+5FZLwzDOGTYQ0`n{yaxsNsQXvNXj3{Hk%_O6Axfd;Pe_x+XK_LTK
z$*%F;Wa3<iAhlcR>BAaac2jBoou4WmqW#4nMjEHtmIiOTnGHq1$G2#L_?>~6uR$Nk
zV*kn42DEZ?eT&-wehdWZ?#|fIPD|;ePQ=^{+fyjIZhk`GZ$az^Z(r^OFxBAgTmZ~%
zG;1JVhXRwDlprR?tqYiyJdM_FVO(zRUsZV+PHgeKCv7=;VrWYy5BC9u1PdE1h=PJk
zUKGLfsj{$6XFY3J6$wQfdo}F&+EZnGPqm7sGD#rLEXb2%U~3<x&Rlv=9y1UR-Yg_M
z4)-Qu;f;P%w~f1PCJt4x;lb6M>W%7c6Z`zMn7S9B!R+~zbz5mP#FND1v+~sA5z#v#
zX!o;Z$Cy3l8L_L>uk7XGz8U+cR+?354$U(Pj=f@Y?<n7S?_C7lxFii|X!=W6K5^4)
z^IUga5Rm&HJ6}cjpK$Ej0!$?JX0zw8&Yi7d%AHCM^LC8zFPyC5v=;1Y+M*8*M`Ge;
z1pylyHpJ~8n2nL!L+JS_=fFz{c>=Dr&p*qB;HJ#h)zk1cVv3HDSqJkuf32F6v-Mcl
z@n>RM8<>djN~_bU_T2<m4AcGT4ac?5XO?}r@(L;;tW6&Ts+E(JRZ#Dr^fE|<u)tR!
ze~8}ghnX`>uL^{e$m&yzwRrL1uG=gwYl*V$Ce_oE9Kx<lq?t2)B;8rfDqbzt-(zB8
zO4HI>b~W45u$qUj#>-1Gd=y*CzYsj|W#yt)Kk6<{j-)U@BpU@0D^;ytEse&Lp35<I
z7g;rNr!y!Jg;!mMMRG6v(7RDJd-CW`xhkAfjrR{f=lKhh>unSGw;XV6?BLLlg}HgY
zR7y~XuNmO02`EhRKUaDCzjm|?PeH>)iU&fQ{}s`k0V0Y{bA~-X#ST*|oYU!Ab;>{e
zS{sZ92abhql0-iX8|>$D@H*)Us(s%9bPi3B3IUVo^4BJoPl1BH1@W<+0}qN!&5YEJ
z3~khh-im7@-x3pJ!%EaYNJ}N~$M*MFxb65b1xaT@UT%(Rg_jl<iH5;N{>2aLJWSq)
zm)o!eZ~y;Z_>=m!Qut4q40gIgUPBPDYF#%8iE$j`WxqPRIqP|cwY=MJwd|N(BANgc
z<PzYQ&F?I~S#B`}cz}|!RzH%l*90L2bO+VYmryH*=V>fxj8W91<PwROIn0S5`J^6w
zO$lp8#u?H~1bK-1YsuCAZ(mRb9dr5eEw_rl*YZ3(N)LQCyVM$)&eMhr$e|_MJN*aN
zOod^EvR@|Qrl9>uL_$nl98y*$pw!3Dgd^Lr;t61${N^|y06T1-jZrdpcM>(dHOky-
zF|F8+iTz>le!>s9Lr&&m@1Rl92_(DWYJG+h&AKmtXJWlk(Y###{y%vkS2}I=RTh2B
zgm@S0R%Sj+v&0pvZxK|(Coaw9#wv4GRzfZ4#&V}n*M(8OS}X_iN@06uNM|GQt?=Tk
zD5wxKVk5!I@3okW#0hEmitBI72&&1sWDO2{V0U36I1zg<GbNhw`N&)%q}i6~%9`Ie
zgcWEh2Up0Q8o_>;C?X*Wu8K-cngb_i68=wfG2x1apHIU~c{+~QY{{><c)t*79a`c}
zM&Uo&gUEj41@YRtwCGp5AivwVu+1B>yzK@F++RZ^yi^snhkDGvpCz&4D4<b}?3ztX
z+-krl9x;rwmc^+(lQFLKrrDQuAV1o%PN0Wrq`Fy+jdHPMi?fOkr!L19j*~I>tn_Gl
ztaVAy6K6_Y*iFeFoFI3g^5(D-g~`ysvEDrYROW&cd5=;pFL1Fi=6xX|oyg;4`E$Yv
zqEa;tPQP5(klAr=j;MFJ)urv5KHUsI1SSa->$RGQ%L%Ldr^>>xiJp9u&%wbfQbhuZ
zGPSck1hJ~y6CAY}Mfx>FpHo{AUt&WE?CNXc?$x%BSu3HF$Iud&Smnv-!98rlDiL$&
zZ;VAhNDK{k`{w%deF<ji+7oHwT%TOQi&&=q?q5@fO49q8#HbSn2M1PET#MS}h5b&0
zUMlZykY<;F-l2Xm-~VEG*l)lI%SZ~Uk)7iC)`rcMFe`k4&m$cJ581sSWNqJ2Xe};{
z<IVzm#I!6puTrt)r<qBemk-yJSy={gU<{6(@nJk@)H!i#Sy^)GQQ}e-l-e+z^JtK{
zZ3yQ-cohQvVaImPZ(=2qqJ)E#q4`mUC!pXRKQ|>09Yu}O?Iz09^x{QORUm!S-t=wo
zlx|GCB%QyYF$?N*gU{6YH{shjhcHNVJ{6CRd#ye^=dttTNo8!Zsi?&aI9g(Hp9@Et
zp~btk6tg(i5xby9A|qsw*-guh4o5|XA`U{rr}Ta+`wi>hWvTMX+J|;ctfGj&;7UQG
z%k<#Dz&x~ylH;^$D9*rwclsHt|FFykl2c7srvjZH%K_{9^_MM&>Z!qAW!sv*Bxn>Y
zB%#?d)1I*9v@p`KZfS#QO!Z7)M<TnOMx`x9g0GUBIG>@Ttl#1y$MM*h<GT+eBKF5G
zO!g)#0kk^&?_?ou;_%f&4p0@K*#8YjHmpLe)6B8K?DpEa2YQ+yU6_4;5ph1|icuU2
zteMSS_90_T<sRYps)q>~{PLzk&SCc-Y;lG}ddRA$XQaW~6BbpzA8qs5uG3(nhE-aC
z@?$xTKj4t0o9iTBwg}hFU%#-!?W#YUYImmC6KAh`hOpyc;x)$6Zfp~sayE{%qrq7^
zpOSlh1o#uoGz^?KVCrKFcACcwLPVZO|2M?Yr2a!~%90w2&+<TW<BlXd@>0hRbYLmM
zD$Sf+r(5YWTT5k4c!%XD>4gT@?6QvNJxuV}+$#DP1sR4uCI|-T!z>~ztGKyZ51G_^
zHA$ghqA^@{y!6KmC<G~Hdip5+riZl=c4p)rQO<{kngIwOB9(JhqqdU7jh2TodFIFk
z<Q7GNxZGVYZq9<TxB)}jL0s?$^<>HCqp@8W+zbsDtAg^7hM|m!NDYmB*$G%9nH#Tl
zE7L}@`X2~`)zrJuDSugMZDLXNY6lIi)p7driL<m2sxf0|GZZX_&qZY+2{dC~hPJ{v
z`T1EVYiv-xk!YR%s%t=^0Vg9_Yi<!dL{;a;wjelZcc+R;_V{lJXoD!VGl@h_3iy0>
zj2a3KdZNa{a<48glf<9Pn5hT)*Z#RYU8K8PNl7UK>DZ#@_asuw(WZy2z=>fgh^mZG
z%MMcu57%88Qiqht*7xRX7sMBdZx{|Lj*`z%(*ag)AAmzG-aTLaq-xx-O(%u$+S7kn
zmsu|@!E~#ISA4DLU(maW>>(g_=4tcMD+_Flh(GVx!`w?AqT--k_1>0=qDhB4d<)n1
z>RtvOWnZ-=cr1mp(4GU*l0R~rm6>HeB1(|iVJTVdu6E+heOb<@=CX~<i|F`@N2rkn
zeZEKMQ&RQA<(W>D!2F*}+c7kZJX4a5_IcjlB9v}eJ`!Hv3pMFiW`s(Z{$8~Ytp?fX
zph$<GQe!`?_Mv;ogK9?hfMoO$6pv4+W+p*vem_gUfv6}mWNy`CU!P9?DM5O6W;|Ny
z;f%hnVlmit8c5g{O6*X0y}9+7EvFLYqGo5KyY!O!8mCRP+(fKuZ{3JJSZ~=?(8QwL
z{i#jO!1$zIUR@*@)7wkH&e@9rncK4In|W9XotxDBCVfAd)y!?3N4N@!xs;j*ZB8`;
zMK=5W^fVMn)ve%{<b3^>Szl@4_@tnbT{o*UW}5ePGhWBlpWJ2?EoAIC;`Ek7q&=kj
zlxu6hnk&U8q$erpl<2lSkkmUJqFyx@78ehB;vgd<i)ILb`sD+S2Yg?3{55Uf2JZhb
z0Ldj)jU{fU$xAR|IF*2fGhCfT1Q>`NvZ1@^iK)M;%;E^iJlnZ!n}4c_9eMwgy5|t>
z%ZaxRwY>p^)>WI^x+46D>83Le(mo5gpok70TqG2`A&8$SV|7}K-F5C!cYQM&qp_4x
zXII~5{ITjjcZj5N;MZCD+NJB6AhDu*J{E`ErQ5#{H(A2(g=<Pb(2=nt+SipbA0em#
zOKpJ|HCxXmwO8>_C51IyZ}utyd_YH*;uej3Z`yc;=AT-HC5@eZaxN#rtKJ<}HdbZF
zdkaAjIhI=uZZSE2fZI_hjxhINf8wxf&5dHfX);ughld%jtlYDstip00r%P0q*E)Yd
zDn~cgO?*ayc)DEPGj^3G%}0UKw>sRL{8+kVYCu*A7A0t(*t!v1lfN&Az@`Lq?=jcD
z23Z2~ux@u*_P@A$%cwfmZCy7BPH=Yu!3hxDA-KD{ySqbhcMI;W!Ciy94BXw_^$s%U
zT5Ikl=j?sk{c+D3f2cNEQKRIms@}ie-{-~Stnqq%;asfu{CWLo{<L)6MtzoV>QeW8
zU+VVfe&#NUQk6f4<Naozaw4EjlFen_KPriBC>Ci@#!wOH)MtxZltC`SZ_p4^RkZm~
ztyGS?a7|nH<!mTVjQNx+UV~=APabAsKSv>y^XQu2lCLVM*72O5UrbJqRH>-Cjp0HP
z%i-mw0!^5oSdDGu2cv_zuD&d#+JuIF$X^tIWYpgJCwrDz<W(f^xjP?olH{u>qH`^n
z0gLm{CF>2p#@q<yQT}4&huzwKTO873eWTf=jpZ`FfJtkspMQyX!6}NE*ij<>wAURD
zCr>9c-IT_aO0QA&q9Sv-w)2RT)@^OckzEZ1x_ksjQkEA1(ftipOU<k$oCypXzfMD#
zpjqP5x{5X+jCa!MJk2a8Kabh$MW~J>SsL*nRwFIQFQFz?)!(h`CVH5`oC}lc27jbS
z(cq?biqyn^L?3up97oPI$PkTDEk5PT4d`bV9xJm+CXYw4g?L`K|E)0=7Fq<zVAl}*
z{%gaAY~T6&-^-GJv8Y>zSr!2etiN;KF0Pg3O4_B<RJgDvj?}8Yryq&?sP+7V&7((9
zDm2|-)j1@q5e$>G)#o1$bU0`wSy>5J-oE7dtIV$d4H)H><wwZ>A&c?_>HlLErQc+w
z5|H~t$VCgc!J~JW>#(ZTcvtqway=StPHPyF_&(?0B}W(SQQ%<;Iwxr;!Bs_`OPI_M
zQd8fEzUGViF?rqvu1Es;&#m)I?q!dsr})igLv*31pGL3OqHVbe6ete3?iGt2z;d+x
zHF(-hc6LqG)yzcCWour~KdRA%nE{_NDt>zd-t0G`qX7CdjXHw(bt|0}Ldp}0^@-te
zM8>lYcmiaRYTyAFvMPL`rP*Iv5Bf^_OQXbK%$EmIa2=kE>)vCx*+uR4UI0NN<?4@l
zqMm1_?L8$CsRN~^`)E>Hg8c|m<8&B&dzcj^2-9)rEL5-#Chru7=7hn>o1`m&nV9&+
z1woSQ<AS~LB6;h>$+B`&P1=o+t~zQ3IU0*``eNVS1K<@Y3T?rTa7>`b@NdAyZ;-xF
zHu^E~C2BM$^gC8dKW*~UBwvM=f(o?(LHvS7=waQ+XGCLOkZ;_}XM+C)_wvL4h<j<Z
zw@{LS`?xPnFk^8#Fm6_Fslj5a+au3sl8WJnCV)F(B~!<1Zv>8aPuwtm9^0MReWKZB
zd)=QOuSY(KSWd^YXm+1nXO!g6I1)Zq{dse+72PeOlP~A1Cc2RPBM<cc#N45Zw>aV0
z!?UQczW&yTotIa$VRTM978W&1nEuEAhBsaiB8~}$T-O@Q#SalKttV@1Uxm@<5*sPi
zT*NAGA|DRLOg)|baiyq7-gekmHF^!)S^5N=_rhbq>a#$;f({F726xvQWSDcq7dbtj
z6YBJDz1V9?(f1M!zs~yY^zJ(*Of83QL7%P<YknT&5fpH#G?RbYXSMnT1L1(~%cH~p
zi2jXi&Me%R#N~c1_n3jRq~+(jfX+epPGs(J4R;J-r7?=`_i#<E_J<0PV%&-%j{2%x
z;lJ@r|6Zj%tbd-b8*uB&T(4C(CMJ!1QZc@oIJxen-Su)&Ua<4TEJ&M~TXO68nHj3~
zM3z)uK=nYbA)uj=L$%|nW7K{bIge`Kf_r?>tLMh8>Dy~*+sg^+i}@yA9DF*iGgv{E
zH-LmK*h>kcXVP_m;gl$CZp`}1%;z#td@pBlMTQarUDupfCy7P=p6dY0J4SXh_D(l@
zr=~W81?#{hO89QHjzrR^fC1^>xc4bPAt9Ft<uTOla8M!O&k+muzZJt#&BO)hVi4lm
zjJK|hOW#zU266Z>+42Bk!XW-Hsuwrd0r&%G7^USYvkgzA@G*RZ#Wkc-com{wQ%?AE
zjq;Y8wFauJZDoBUkA!W-p@ekJN!U8pI1~e)dbs~yUbo_I4xMWn=0h)Ai)5v{;t<s)
zW55fo7#=KHzroX96rm(5HQv{FnEvB7e$wlA*o^*eUd(OsFlIC+sL6Uz9_Ms(l$NhF
zREZCLqx$s<(l90k{)3)Avt7*OROVdRaLpnr#VCCq@Jd!Kj+z}Rz4~_$o9<;RguK2<
zV!qdd|Idh=`+fSl|K~C}3w{6p#N@=U`KtHTS%WWfpSoxF7MzG9CP*{~u+t;(OJ9l7
zeI*%&6P-hJ)EI|N4+pNHsqG&nc6Ia6ho!l>pcG6x>~Qy_ZKk<sb=|nID!Xq(4tlJk
zB--PHbhcI4S@xxp#LxoR65r?=m!j$9ae7i=CGiHtZ7&gPLs>OrFDx~iTscRaLyV+=
z;lXg7Tuef&SSp?Rs83A4mXha#f%6HwYs&!TheYu<>ABmpFht;pajutUtV=V?({gux
zyx11=YE16f2s>Mw#bGwPU8#MlIi%!7dlQ`Q%Vs3C9gY!m;kPh1Vf=SNpEF_q??Ip0
zG>Cyd|61$LMf63m=V<n@eJ)L+j#!Bbs?Hx%w>irm%!V!DG_MTec@UAwpA-KV9jLDk
zDG>q?z^_b|k>0J`B-4~}qO#ShJ8%%5@!Er}S5~oVwa5i@JZVP$Nx)Ev#n{s=ld~&9
zs~>vWw)$-VcJ-^0`A7VWYxasl)-UnKFv+3~!>U^+xu^|JNw*i<o|MmZ{sma9Y*%pE
zsDLp9!8$OQJb~I;MYA!haht~um>Bf`YL!RM&L(7PHOhVsm@IO{qc<E*+1+OJxaoTt
zxid&<x1GdVmuTmo?z!2bPniwn*VtutJ1IqVdnz$jPXZgzFHC1XfiFLmwikWx{pRxb
z;#EGqa5^)Fw%FyS=G^rBK?(%ZjXvU2^%FR|k62iYj3XRMpvz@|onGT8i9Rz*+I*9C
zXKK&kY{kX73TpS~in%8J(j^!nf1gpN?4+$-5X@1)GL#0sT}C;h)q2f};{raWh0*##
zM-AJxj@=2FOB@0!YKDSp#oq4OD+PjDo!9x3r#p3MmHp2|2AEVa;J|tZ6a|eDN4=Aq
zNj9dB2qQ(Rxh7$oSCer-7<V51Q(T%v4U^A5&6LbCFNqx}?W1QuLh@(fRUUBFJLmdP
zuG)UWhYa8Wf%}03BRR=b`SmO9LHB~^hBH!qRuY57G967Z78>|6eXsTxt?v_)xH&yi
z4M-LBy0di#Q?%;k2MsowVzV!&)u=mI#sj|C5mOH7bR+Z1@xnw=*H`8{RC84xq4mB5
ziZ~<aWCU^Kv8hKr5YEBg|151if3M)nLxBtf3me{-6wWvuz|WAvHRUwFtEPC5Q5ZV&
z9)2=1+#jH?^q*Yr0=n0XpU)K~74_WUF|e{VEm&}9m8oW!G~0&UxxaSn1!D!sS1=wb
z4m*rbW0+a&@+-u`Q3@BIg$3op6_3rT?Z~-O5>)w5eW@3bm%zcR@-I8iuFbGoY3L6M
ziZKoQvwkc^bg;+HQl@;l4?~ZernwoBiQj+J&yzkL>aO<flgyy<hxxe&U)Ji<9s>gF
z12!xa2dUHhI&hR|*8r#7tb8KlFh*uPGi|ofj&EcAgM%iWRb%aUrqT4MgUUcB!6^QZ
z%%t=n`%Zbh1o+<H_EZ|gzZZkEevzED2??!56z~-$GTT#G7*=}*fLpoo8Ek!rh8rn}
zBydfycim>7$Nd76XQ9tEKMG2!DFf#FdCmCA*-VHX*}`w`{a=K;ef!D{jdR#?*1BrW
zrOMSd0gVa0bLWndbfWm0hAMbqfSg1`b>098h?*1cusS<w<~qB2=9uH&i&WTh@&6!w
zCgqFnMd1IKI6%V2AG{PbtIZguj&t+?$HS*h9x!uLCtsS~nt-HOo+NnmENq%gfl_?D
zrDDfno~K6s4UY9!1IWVYhm1&fL)qXv+A2FmlBfYw@Puk3aoo>`xjkM!%r4aLON-k+
zot!bh_s3f2X@_!as|*SbcDXxSe|dg1_+4k~_@w-0rp@CqH7$*klM_fVJgeB#RvDqi
zR&UF4_qZ5WEg&!wXx)V@Mv^RlIcPXOQ435^i8#~60p3cQ-a$b@xw*Nx?2gm3vu_fd
zFK8ttC6uju5DdgY5fKTad7#521Nd*Z-Me=I|15cZBbiQ;zfYVZx&O^efA<~6m^hlC
zUh>Ivk6$-@cgH{yg_XS&SSIgihuM#NR|d{S^9F+aMq?b)ge5sqMz9M1pQ)yasY~C#
zdDr8<{d5%XxHUV9i$#3}qchVL?aXuJP?pGqljp)$4X3l8Lclf7PV;XcEzjzH??~$>
zC@idE=lvJncZhG&(wXsbX&J!}wZK5;6{GbZK6dZUxc(?szWv6Vh?If&8v<kBfpL-O
z9|!dN>qk%q;!l#AO+7|8`X;~ETww*pA!%()0#LQO&#qM)*T9wYH`SAwqPN~_Ab^~S
zLN>A5_uG5qAA!wX9Z$A<v_e-<;&+${)>uP=`*ypHx&isI?>f}7{)RtIj*&c8-D`Uj
zjJ7^%_(;$^jGT7A8P;V}K47ENHotL9DRS}g>^n^*7q{EaEP~EgedV67CVa0*Yhj{w
z-S!WR2gIZXOLQDRf*wnt?iY#dOND^1OhN>z+@jd709mK?-*7t0oNtKQTU`92wV4Z8
zt~VCqHRX)lozFh#iyBT;Uma~MP|M(T<n!%UWOyZbA0KYJXxzWkWdBqA`*=1VRulTj
z9bM^s{$w&`IDF@PZ#x0#t?-m|?p(KFHy*j7-akIY`oPo*l%0wN5Ql_NpnRps5G3I+
zHuc)S^&hV3$5*<y2rfH9&~mI!7NY5GhDu3DK}we%Cu(({vQJog>2{hpn2H9&F$s!^
z8uP$;IqU*x^>Vwt4?n#m^wMH=+UWu`%TdfvvOf@PRnuGI{9w0O*vPQ_I#2jmwNLD2
zq55q1jZMxr(A+PqI4s94vOWsUe7V{seM*^{^EpsL%<<KwBA7Dd#cA;hfH|qJ403(R
z7CpfMQB$F`=CFMU-Lidi9r0)R`hQ1MeMR^SH5Gq{^Rgcy&F~nm!PEA}Ifh}a{li~?
ztE&w9yNv9K61uBRHjEXTY;)$6klYSe33Z36R?Kp__DAoG<c)*^mhssJPfaO<;hPtI
zz6n>L@{eB=a#Pj%R9#fZo1s0jEJi5xEqYwKbyTSBnCRx#w~WD9(9L;?b64cJv^BRJ
z|8?gHqV)Of)M%Mz&`gPH@&}yvw?SiHx15FlM5<O?xFQ#28SSqbU#?EUSNJN<J~5#y
zt~vBpsMdanx4D#e1}_oI{AKd7^=cM5tS5mc0ShV5NR?7Ayr9AK*J`uES+)ilRLrCX
z8nShPs>i}sFsMn8E+klsq#&uf09a@Y=qH&2#T&U&7{&?h8p4u+C%Xq1+>y)W?Xvm`
zC*)r@$BXywo)#8m!NI`{;vz-BmZJQ8!-X0X445B3fcM_Ns#|{nOBnMA=$LaRRn{x|
zAYoUGl+8r<mj9NKI+u=KH?9})uMT?#9;75FHSvZ58c;C7!6F0w#r`EFCWSSEsjxsR
zy+Ye6Utrlh$ZfJ~ieZwJpm{--kVYN0H6==g5Uzue=>D9|>>`E+98{o>L_dCf+WuTc
zr+y*a5a|Baa}&gN80ymNECOZ#*;_Ki^>6g6GHeJa7cPzGFSB?vZ`jcuUtG;0`q$9<
zLz(0NHvS35W|9rtjwv{X{0*LO+FU>f-7p?UhlEuw2l$;e+As`|wR(kKp=C(OU~v(u
ztZpdCg`CX8vFR@Y_d%Nml+}L&(Eclw^j8r-<ei1exs3OF0$Or%6$yI>++sF{j&0g1
zT}ySZnZMvw2Zl?AC0cC`UAK<?rfZP6qD#xl0#Ih3E555?vTm1&OY)s>(xoR9wXtEn
zk4?MO_Dc&Z-kMv>OsPjkq7yY`!4hl&t=ThY6!1F*iIBx-hnr7ELbx`bM1i;W>^MP=
z)L_DyW0)0pch_)|P+VGupu+QP8-XHNHmpwVGs$-4j81smjO<eb7&e;Da-t?%{b0t7
z<gvF)jwuhU%9SMi*q;w<1!zG}jDGc5o>x`SfN%5z&le=D2Fi0~X=kyHE~^+LaRigz
z<g~wuv{3Qz-2qGt(fFD`y)jwWQ-ht79`?PdZf5{8-`u=<vir5@`0)?FurMq*yg>-6
z8yeO;zL(NJaJh-;f8uh5S(-`AjAJni@m&T4@_4UmmmpM#aU49ZVxux~*mzP~;FAoZ
zqX98D+xi_M2#->xBIK#1QVQK-v9M|t?_taf5RS6S-c5{nV0dl_lC;)CAWY1|V3K}q
zUtAEz_Vo)Le1pr%EkxQ_n>L|j=Vo&nPBKd;KB!h)V(%e;3^dV-VK*TbL4U4brc4Q&
zI!PI`rIeKfCAAKgw+Ya-6Z)qv3L7aZ2d26_WnLTEA{io&I2L{Te-+vaeCq#E(EVl|
z2>M624wf^BoX_4P6{Pr0lG#9b+3<l-)_dlYI6K(<xybI|UfretB)|lL5bi3Es1oaQ
ze6pW@^^{=@92tU%^zfdk#$3JMEr6(EW0l(2#EVPVH6ry}3MxMGxjfanKUS0!<5O_t
zT^ni6dw`Q0uC*5RxjE{mSF6WskW<Z??iut*Kuh{DtEdoMolI=@g<9>a8Ka^(uPu+K
zq6>ROsn5<O*bY;Kyy%#6^q6P5yUy%Dfn>EIR&;z;w4l!2y2IjVCD{!<HwL^0J+!6Q
z^RrFcGETfuq9?27T7wRpd_tGphxY|shyA0+LcXVQ^z6=IA!lw-k&{4k#2L0yq-`K=
z^yoL;R>H(w+zaD{q1szB1KEk4g|@l3-=^+8RF#i#D|+O~-M+H245sgh8y*^3g66NP
zI;Tm&`sMq>HLC%J_zlYT)X;tkesK*}|Hrk1f9(!9zW$mQsk<SIj}|{``%{&|okX&4
zy2rFMN{*V{sO!6pppsDD>kAcx6;TZ>yYU$PrZ4X)10qLSX%MjDjOd3CgHxuPot5gy
z{<SSk>za&3YiPIrSj?W75C1&w6GfTJj!{bQgxm)?7y2C*V_|SFUQdBR0JoLW$g4YX
z``!v))-^h`B-B6iWpQkwpgC^;&@R)XI+k^Etpe!yFX^x1iUVaxfSmH2zz-J)Y4DK`
zqzrYAEzTETzg`KF3(XqD6hUK+Qbex&e3nNoAtu<mia#qLdmg}V*jIwzrIPq(%5D0=
zMybd*m_wqCN%)t9L4IynIAKc@g9J|KR@Y6(j}yHEAq&guXvo|R12EI@Vv@E7{gxoA
z)bzJ1qR!%~hR)KcI#nz#__(ligOi;z%Uq~{u!GTl$o9nfajJ`qsOEiz1x5THW_(3~
zPA@#vY?*1cp}I6M7GQ9CU&sCn>$WBK->STc<Q36V(h>3ST$zjDbhzeK(L<$?l1z3n
zfAP~e$vN1_692pmMPXbPXcrWG%+5xbB>AL|n(>d8jp^v7|F%t}5&It~;R_cV)o2;l
zM>3oKy*Ech%+^0bP9Ej3nl9DNRT@w*^(KThFOLx-^`+I>j7fg2nW~Z#{O29%p8=<<
z^;Vi~I0&d%ZKoizXZ!R}3TZJlvQ0??yYR1g%IkFp)5k%^uOD~2^~NlI=)H%nidUvV
z!dDzwY8b;8#d9|dmO1qIU42rdz3Dh_r-1;4cx_Y)y<by5<0ETM=nC?6d)aC#hk<Qz
zxL5zScO9A`u@*l)plQvKs-09A+}!rt;4qx@=5GdvC+v6-0la1@3lT2qi3;<-P<eHk
zNd&n4itOW24VflD$FD=PaROp$19R#aI*k$R83S<Ho&Vy?m-eSGUy%`ZN_5=(UEx;J
zNR>yy6HP`Vmcx2rB=%G+?<uD-`T())>A!OeRIj=LpFFP)QlEiPLdxJ0X4}f=S)-Jj
z^>}oOdo80kDt`z}OA9A&@SrUBuK2sx<jdHKM+c+B)BAU%zA(JJkWe~U3EAI2@iC!6
zWD-Iu*Oq4&_SDrW9NsOmvDK)t*VN6F6+*&+$|P0EOJmZ3@dq4z>wg!6ApAlDqEGxi
zJA37JN{V|Y+|8-I+3j?B6V{?aVG$mmtHmbkBic$n%Ql_{FQ^5OraeWw8<EC}iFW?@
z+M>)XMUrrvD&9Z#^l8mh?gJBbhN`Q<YB150(IMAY;v9XuCIWzc!I-rYb!hlNfmnfk
z)lfx%7NRPRs%`;g8lAc+iCEq76WchS*bt%hZDjkk1ri8s{fO9Aa7&Z0%~v(s&!-CF
ztY1!yg}MkwpZ1vVPbRo&^k;-)WjEwk!iSvhx11d{H^wp=a<+|f?jDMU;-7$BpXuy&
zL`SZ_yjH0uWbg$)n@CX}d|mN)>O!<(=DzlBl)VGu(=p0SNk*ZY#Nk~^_^KanmgEvg
zUnwhg2UiulTf+kDJe#|Tj(2}Kb!H#sQp(g5r`ZPC4$vFZ6duacrtBE`QbdTlO;fA2
zZi=jw9ibHvr^{7}Zcw{3<azdty$T4Xa}%yarYUcPG+aGKo=XKd>tcB0m3n3ACu)A8
zV1Q^h*(^Ej(YI&L9i4e9Y%u*?ustO~yMf{9kO?4JlP8j278(=OV!IHsR<oRIC#7a4
z`?7=m9_EdhwgSU)P5yDV!Y(s92$aLcXNt~C3Rhkt?asJV9tYnxRHy3Y(%}ZV_RN_h
zTKE!L-4BQ?=6bd{t-r6CjTh92ByqKTqO%4M=O<h{m)Em{NEtBQC{ZGs-N%bi>?JaG
z@YwzCqIe*`Jb#I<nqtfgbs*(nL$sDMX`3~bz2P^+Iw#_7Hlq?AYcb@ea5k;!rGF}+
z*^6`%Pq``o)7XFoC(B39-;lGpo(CpRj{&fd?)0id+|Jie<z?NhZa0r^_Vb!Je&mae
z+j80>s|K>U1k{)vpscou@ciWYT&%v-x}Kn@X#JeXj`Wn+b4p~HnFR(_+$ZO8P=MM|
zo=g^WLqGDH7H;Qe7ZQmU)(XSI(}>pHe3WoZ9Inx5I@5`wyez%aQ!)-iZ@*o)D+CC%
zKQBLd*2r?pa+*o%LiXdttko}dw?Qk5{MnlGI0UlN;t*&gIH7EXOqfD#X}<g=kWl>H
zMwV|7s~0Srj$L__CXtklPsPQ()br-|N%%PG-(^U2UCK0y2bF7zt)uMluJp$QPV$#3
zr=kJs=NXU`cCysVCRgd3xkYSUi$vPiC}@Fw*@)IGqF~IKB3I1AOf&%Yi!?qkWTCGq
z&7N8QxjE}a$Y>QRmXf9oC~4$w)w1X_OGXp!Qf?X){=yw`gJXhf*n!KVmh0BE(u_z&
z37g^~%2!be!E$L;XU`5d3`jgnBe<&>?0l^!>z`dofu3;`2Xu57ih+i(?ZDBD)@ido
zD1hhK6mz4;=ysh=9+cl3aHGTE$+~s@!EeVILdwZEE><SKY@=QiO7&2dMoY;d*}y{F
z;&j=+XVK?IuWqpovQCDw!J5@63SIk}vC?b6P`ERwT<k-o0(`a}zNltBF<HCAvm>mf
zVh0Rel@bhW4=oWw@C|)}SN#G5CmUUT%yoVwR7VtW@UD$yhUM-b-l&i8>e^5YR_S3D
zkk$WCh`v1CF|cc*dU?|3tZwz~J9L1R?$_s_qEWcErI+i3nY-USlLz5+zcu+up^57&
zmnF-fk6bCQ_gNwL4x*sARK=I2XC{>>4MavUXOaPeGZ}_n&$mPRI`w#1OmEV(u{7q<
z=`cJMZ6t{nPa!@*sXKS-BP9zQeSs;QE$MTVUs>wI1J;JyP5xfGTU;~-bbKzwiyD-E
zKSxOnV~x#n{p#oVqKD1Aec^638CQqb?E94}#%HA$r)udU-yy`{jCO%TWtF`F$v6QG
zi#!pdnJ-Z4m*>41a5zB?u}Z|ZE`3>YC!Izp=`WU3J_2S;9<7(ZwhO~z2AM3!-1rGD
z=(sUtl=N=GS0(eJcD%L<F7;o}&s=A;cO8kUZ(9qh=yQ;u)%<X&=FgQ>Nry8IwQpkZ
zA@NkE4p8rP<YTka;ybG+NM<_bcqMRq^@m0oX%853p!ii_Pz}1BPnwA3$VeUCS)7g+
z_<~hpBJE&XuYo}(-^@%$_?Cy>g%ZBZSbTxhqj$FrX!g}gG9tso3d;2d7=TN14&0%t
zI>E<>9tts0GM*-v(d;4u@cphB(_}v-v*J=rTj8%nsGQ8N17%731GVPFI&OS|3m)G7
ziK{3FnY4a6<F05k2Uj~gGfa)!?tCpv)E|LEpv9dKLp+z4P_?1q#yW%5YdOK8+Pv27
zcw2y%pk3~}0QqNdR>9BfgCXUE6gfX9lYHRtYUoN=gUQ-G#(^p^dM1qAg<m2hgN#X$
zdsjk@+neGfm@?O4*Kt*sL&YV~>6Jw%Go0|MVL=R#8&9_sK9$vcpW-ysJWn|I26zsk
zYe$BUGs+H6@G+iL#$jMl&-cK1h|TQV6RT?v*73QY)cqWm9nK~jOOzr{*(=?Xv+QTy
z@f9qU(bL<nO6dr|;lJ1(42H`UjGd^p>*Ban76b-n#cFuIoUVql8@b<JmcyC>Ghp~<
zbOnZf30BcT<lQeo)8e2OBsqEKOJ3#Lso_S!>6dzp@VaOPxr%;xT=5^Gs|D_vR6MWU
znfl&}od_bPRp&Wf=EfL}US4N&ZBl4RDJ5`L_s-Yp)!S6=h0CxN6hg~Et|!8<xBwpV
zBQW9WBrZvkJHHh8g?Q(pU1|oixko8x0k{=^2>Gdx9c#5M2~@@|KUCx;tej(zQMGnj
z`{m#v823AMA$^0H%fk5E@A02;bu(aq7bnaGG#LuE#PXokd}_AUqjANp%CjOC8$(io
z&vz2Zt+_Cb`D`Ubrwb`48%@zur2=05oDz?V4F75-R>#m>+E~sFJz2FU{-cv6w@Ix{
zY7p^Z<Ghr~@CcdbRc1Vcrw`h8Bb@eE6zISn1^r#6OSh9}3nLV?cxDl9r<*4i!8L$=
zA)CC#(07`8^TaaZpC(0t5my5AXX)tIPLqeB7j$1kl}0lR^TbGE6@I2kFxFNjJ;Q!B
zND6>}>H!_uFX6WTI-Q3Q+;Ed1sQIW}aL$M1h*ltg->kuX8VbMUz*x3h4prIf|N7jA
zdw$IGygo1!`a$A!wZYncHJWg6>-)QcPCO+%jnAd|M$!0eKe~Dc12k9l4N>%WzNRpS
z^<6LNfVeqc6tG}hqa-oW+znM$PPKa)XSf_FyW4;`HYl(j2u|Axnchj%)DyVAS6?=t
zP){iska4m-Rc{tzPD0h@35daR=kBHQN?o0KC{3QT7;%u`^!jvI?4mkfbO#^X`e{5r
z!cIeekcQNNb5Mj@&gO@S#g}_uP{l++OXJZI3VmU8zaUUtMgbRb4JxXZBU)pf{V8xB
zr{0CdgX9#!^~N=&4}XLS&b`$ihUZuVU!Q;#5AUA!O69Po;uc^Rg%1~gv`@*z7Y~or
zlF_4Q_Ko+x13T6%*W1J<jV@P+si@i(t?1I2U<5)mC=6d&%}H|TxS!UpdFzh+n(%ut
z`3U1v_F)0n5~(vYqvb0~E59ni>*&kK$YuIIHa5wHJH+c?Pzo7|Zg!tx_h9AMp<G;Q
z!1~2rQ5i~P#5ioM?j4beGo^GF4uyt>wxmuV7q5faA+X@`MPiQj^f~$yt;7Z-b`}mq
zMuv?PZQLvkufqEGYFiu3Ckcex!-bwRY#$W`r5e%tQBrpMb%hK<Go|#bJHoOXpm>Ao
z(a~RACQ0{};E`xSiaB2#9T|WsGY0p0a)j4El39<+GknPBPp+hMMy=hyiS{aY^lCoB
zWPvtfz4R@rjFV#yt<`waxCZyiL$KGKS?M*=;hMU6;+slTmPmbo2#oOCQsSlcW9#qs
zicF{2kc9eSLZQ;keLug3!quW7uLjRZTmG)xQumt$Dzq~$#b*;D5b_f`=<w2AUcs6&
zM8+4q5V!YnMsim8SoDYeC!1hjK)Bn<V*(iWJdf5py&_R+RE0~RM3Rj2mSdcsbzMb3
z0!Iwx(E{+p2CbqO+x6u#yh{#}T*R4Myhu1U^h2^r`uLNR^$~(<VU*2#M%eETUur&x
zIM8FLh!}aY#B&2o0=(0Uk&;<Dhxr?sF67nA^;ak3(9y9G%kM&$^&m0cke@B*41HrO
zZDtNi3-_pao*#W?s8u%DDYcI$)TEkLYpFnlWI$%DplowAR_>z%Z>zSwz2Co-@J*Qt
zUCF1GA8*jiG;oB>agL2q8gFla@sw1-9C=Uy45}Yxqi8{)El&1yrlQUy&Wfe#EX630
zR%w?4tLjp!S$Az3Lw<I%P$?MuKwE6^%L~ZLgyuAZY`atx5<&&wmp%{sD^}Yb<D41{
zeNb}t!i=`u-8C8aKy?1mi6e})BH)<YjXe|6-ArN)<Yo;yr55R*L6nB(?#&OMrNsa}
zxCeW9DA7yVkQPmESE^$r8TAfb&>nhTEj8=R2c(RU7yY)@^Tg|J&k39ikCoS2-Or01
zGM+w<S5MF4KMhz3I8*6(J=_0O@wi{Ol>ivjzvH=nIhUQflY8aYkGu7%hlb%v+p5w|
zNJ*}<8?Q21W(L4aTOU7--g-3M)2!GWm79<Dx3-veg;md*KtI~v$8_{~UmAU3vBQ4e
zPp|MGjV3m`CFRD>p4<cR=E56F0D}N;Yj@mDI?n)i6=&)S%Z$EawojBX=I3<EUBnXE
zJf-EQ`Cb@xyu;?G9vOkuH0(GN4a*2IA9)Y1DJ<mPwCgo#DoZS(-eQ;~%VWF-osk(&
zi4JPfP+_)JcvJfM>QD=3<-5%Ln2og);lg$l)x4vfb8{;Yh1*dpp8*%d&PyV|@nN&$
zp^3vIv6j_YLH63XbeGG`2PYxZz4E*m53#jG#3Dhs8~OPKJ={BLpo+1B45Q~13E2J0
z0?pjnwW5nt^au`yAr2+NNL%exD}CCwj-SjwPM1svP!t2p0u?$GPdzxHOUf?_P?DPk
zRNufTH#&|yl9)bMJa#D9r!M8QW0oL7I>(fk$7h`KuBtpJ6G8KQwM#e61}d_&2;_OS
z$puGm>NqpteMzEVsg6rcSmF-+imKH~4^4}s0rp{OXccOk$Jr9Veh!;d<IJojni6O_
zaHah5FQpPSv<E~MAbM^_i|@4<eX?wv4Hy^1Ba>qL#9qk0%S;g=UrAW(xJV?rcV~{(
z@oNx*#%S-bDKkBEnWi+dEn>zhK!RF$xJ7RBP+no5EVodd!6dYtX?mtVTJnk$9q@ia
zXfhm)&GPwnoteG4wqtI>pN{}Z6jI(8KUPfR(|Qa;E6f5DF`1#gZcHorKt)9qp?i2_
zo-NXATqt3kd_ECiaMN^vqKADL49-G!i*bNba!!Qvz9NskXJXVR-~ZQum`V&h=8u4%
zWzA`baAKJllPx|oUowm;L@<p^4u$1};F9i*=A=Tgq#escxy~|t4!JUbk}+50UbF5d
zhCZqELLr~-b)sjex`>z^2%Zi5J`+r~Mlf+)nnz^}m~y{g$v;$@MMJ(EAQ2)^1Z+}~
zU^!r0nbH9!0%jiLPzDJ;2zg6plb9j?qVZRfFX%SEtbB<M?5`j>FMy9Rb8viZTucb_
zFIf}USW&AsDQO=9O(h!DknZb<vcNfZZSyAP##WBOLoJBtMrN>gAibkfezu9KPv62-
zxv1w7&haO?KG=C~hJo^zU)pi2fWsfR12HmLWp`=qcAxo#ABv%?rrT}#6qDC{T`pJJ
zrTLBrsQ$Nf_$8ruRt`HwVtf-u{czgn{={UtvS(ox6i@xVV=uX}LFGU$SX!iyl}ZzH
z>o_}4^kCqr;{_~`5P&WNn~s<?EqM97+Iv6tLPTC}**9O##2|r+BfmT|^HI^ON@w}Q
zXP+v250;6JiIv{Ckk}(NoJ0r@2D|LKx>Vc=>y|;_&<DC`W`6z?6J7Wi96UES*X(ra
z`FLFKTmF`(Uv;lrJD#o_Z*6Vu?~|txLCkeVFcMl`4;**8og@eJ9n})ta5H{bAr33F
z;(n#j+*O~hk6ran=;&v^ZyUppeYw4*IaE*g@NxdKzr~cgz;UX5?bi45+$s2Iz+JtP
zQb~8dR!s9!wc>fbo3}IeNID>cfQgwD7gu92gtlj|!L$zs<VNG-;?75EW)koKEk!S3
zRDk;h^fv^|FHFw;IzVt-#nn(tMNN|_JYjLcY1-BO^sdEY4i<2Aa}sFI?n3o5ni*dQ
zKq85Cn@W@CdjCTTDO=CEVhdN%1CkwUvYfO=yT#oItF`yMgAzR8%{IA%-QR=eX<P}r
z{?+qBUtWGMIK$E6{@{__!cr~KrTDhF=l#1C!sFr8_V&4lb}cXXR@?o_c`vW|hkd12
zR5rJY%lg?<uc=`((xcLW5N^k#_R}_QWx7s_`x56s1!h4J`8xne`>Xq!V(o4~UWERA
zWN(YZ@5J(*a{)rw7jvl64a!H)#m38KEx0~A`{x(-mz0X|lc+JL4_53f3Ey%N3|7~i
zhd#yksi`6j(fA)N);^}RLhznCQmwX~7E~nmd+<z~O%Id}1V8K-WZ1H$wLia5J}M;%
zI0Ck#xL=yB7hk&Zxo=}zEDzJ(rxOE@83Sxh#fLdac&^9HZ1eIi#*GYN5Tld=?ooa0
z<-Jvkq$hT>M4@2Ut>@B1*#w}|!fe~oK3Iz!nlIBvx>+b3;Nxh$_XUqvMF3dQ%Tqyd
zteQ7(%lsIs)Ta|w;qmR=@81Bb>%qW<w9i2a1w#0L`JTV~<jcP)Y_;$F&gYvB6cLij
z<jDY0*BmbVH)&^)UH96}_mDUupJFm4N+P`9F3ye5+l2>y&LlzjfQ=5nKh6c-1aEru
zw@=H|AL;oq>CqN#l0946MDJ;w1Qs$suEiI&H2VAt;MF~Y`|$R^-|IC<D_E|79iVDX
z8Md|GIwQ#iKkw<dO4>*SN;AD)uWxI<*c6S`F|Y|Sy=~qZ_s>m}=qeZ<tzIi3PgqSw
zz;Z=w-VI-!&d{v9+>QvgnFr4nR_C<lCCw8&0-a^wwcu$B1OJ>UB0F+W35!vYR@^xY
zj1y{+9ztQUELM2J-#g?)lBm`}zO5AT`=GwpCkvAq8`X9zDEu6pgc3G@{m9Pzkxv4J
z<@XUI1&yRIJ2^N2rl)~K_x^lx^7we5tCEsb1{ZEPIC?a2Ljf}r6VY*TxfK;w=H_2g
zhypioONHlTlW{%R7&w@ih(9-jmuHoi@qDL*!T{XM$Pg$IZdxu6QfGY>mbY*~-Dh@R
z5R1v?<^4D<E?m2hNPu4cYk8o2rwC&|N=CQ=sh;g(?&lEmCOvez?P3aL$$>Q+GWp&?
z5QvU|yHA!kxNHo+l9&MRRZrAeVcawl2~MQ;QnU3-R#PJ)R5%I)Cx;zVLhvl}c!y|$
z!ogM|x0*)BU_`6)i%xSE1^W$ee|!U$h1j`jS9!vb-`;rC*<4)QkzjrRlSGc&w@EWK
zrythP*{qb*Wga`G_<A@jOTZ((k^xF)Wn|VjHYOJqC{nII#Kp%$JezXCfcwIUuVDdO
zBs(w&4vZ-|Zw?DOGdvxhCTmNdo`OIiA_A5zH|loOpWUuE0NhXZtdu2ZJV&)4>|AQi
zFZI7{_uX8bdj=BWpY6BWUmZQKH;W!`FHbdJ^cMSu90QjO9LUJe7u8J7La;H)ERIVD
z2m2z$SS>iHo3Az^y)-4MEzyCRbAZ8f)&A6o+l|IhfB#tf`Lfeu{mIMuICo;k8QAzy
zT~n%_*K>;c(ics|?6HHi)KY9C_|!I>hsXS5?h|eslJbyM0_q-`jPlio?mRPTA9Anb
z`_+QiN2-DdZf&)JRgc>dEhRhWNqgWp{XPrvJ8$X@kaWEGspSbz<)q=Vr>Z}kwAn|v
z5dl8NXhs>b^a$`)O!+PsohX&Y=F0Ri8O`mpXxsh5Y15eXn8uTOQ<Dw1x!gyC!|KAZ
zHCzNg9N!hG>HN!BL6%;n%3^oc8&6dg&AZv_>G<(DqStg%A=eKVR_SHVjl&o7X(;K(
z<!&S{r=x2kcU@bl4UyHm4UVwk%@(Hz#hJ9+3=M#QH2F(|I-}F0S2XQzB>u<dn_b7J
z)=Mt|{Yurt2g}1JJM*_07H7=gcbvAkaRp^~6Q0D?(w)H?3|26I$7WIQ4jfbL;S}|*
zHYr%SijhH~f8Qn)fA(|O_G%fEL}bKpnZ8ILC<}o6<EoaC)MsEwb^+RVyE`gf;dU3a
zQUvOoQ^~@C7XH0khJwY|;e46DwMJ2iXr-0gb3Xy~go%iekt1FIWUKX;6`P1-%2;J4
ztzbI#3_FH28H#Q}1Byw_eM<XTH9<5H6x(Pjr^QlPVea5$4EpMuWbKUZ``ZJlL-~_F
zuy~(X?An-Ar0sf|#HwI0g7u5MZii?d)VMF4_fSQ-WGW>^ZIM5Qd{8*Kt^8`@17tvH
znfK>@PckC&ZD5la!fG|Mz%7Sa*e~fqB89M{S?f%P(l1xJQpCbyGJj6t+2ua{F@={?
z7NK#wvH13s&;<WV1pI^Xk^gU#QT&rr?wC9f@DH$u^oZcTFUaJdC#+e-nfC96nJFY&
zlpeZ9;k>PhR*?mz2e2Ubzk`Yjfciqc%`$1IH#a^)fP0}aXyAT!Keu>$7}9|J&bq?D
zzNQujfaek4ILfeB+_KXBJ-zQI`9`|z6Oo+FkzbyGrg`1txbc_i5-x+KQL---R;EBY
zhh9D7EaNo?=#s)^O_ki!);YcP{P%ZQxPP5Pd2LFR5aWcE2L!DAKEZ5%p5S*%IVuki
zEJ|tfk50cpz+*?&tq+F8CT;P}+-T}Hc5t5@yi|EWLc4Wn|7$X7e!L4xy012z%td_o
zt9@c#>W4W~piCk<I=Tz1FO}N2|CGJDp+!#7Uj0~CcQ;oO-rzJL#|TS)y6c}yH7$+U
zuz(WF_S86^*hO>^pMQ%Y))e0Ve$mjrkH`iuT}9dwY;L*y3=hl&K|nyBlmhbsrePVa
zmnqt|n*3)R?O;4+iFXg>%dV=+o&&SkPen9OKWT|N&wOh$8pll?%hNVn%~jT*Pia0+
z9zSuwHfd>;i6%EVkMQRCjCY`N@lYyJLoQfr&GyS!L@}$0iHQB|kFa;{R<$9Y0Ub?Z
zcDs+DkB8w>l{l|k5IrFl6e876oN*8)1@7p(3g|m|%-_jSyi|PWzsqA7K1f<+Z<;G%
zC+9;;N&w}(uAK)`Or>ht{L%>=!tZ>^35rMzZ_3dQmaUL|NDynn^2KWbNM57je%}bK
zQ9eUF4yb~{)Pxj%Oy>P+=kS);l;-*YnCu+t=t)WtAQv8P@P>R9_n4QOUDVbvzudcH
ze8@4|*)S}UB8~yr_x?TnjVXik?Or2$hC+)#+l*QsWBit9ZEaV_Kqv<ZiX<=##2*6C
zJ69Y7Ft$1@%2HT^MKPH>XAlQD(4+{9uz!ptu}Va~)8u`N0z|nLz=7SDz7hJEn3$TH
zn%O5tZMu4Trz@?%(03KCi3E6F#^D3I=Ud(CfwYu@f&%jx96fgk$_>SgCA^m1auera
zP3-KW&>rB59VI|e{{JFog=w$>zTww2X8snjwu2Scu~4$*NH5!5urM^p17#m)<?ntE
z7bna|&AY4$Cd=37t%1VAab)h}g$ux~)5206^`(5DFgN4dC2M*9BOK8X{908>Tp3bv
z^k}g=dg{rFGd6MkczS2m#?%yq{<!sax1NFjF%X?FV|G|>A7gjRmzz-06H{$Z7m}V+
z3>S@k+7aG1Dfh=F)4+W{S2}-)CKMpt__<6&{q{gvLDla2!>t8KJ7W0#Z~=b%?z<D#
z?+3x#atAx??>Eoe@><#-f%Mz*|0Y&@Tjkw~$?q`f_wxVUoA2@CV2YL8wIB3si@sAg
zltcEYl(ql5AI9{8t<muF+w?@QD{**kXt%TP!C|~V*u}-ee#w`fr~u=4U6Odn(A}TX
z9xUb}TjhVBudj8G{%KU<sP|5?axtHr@HxnIYifb$CcNQXzQw2I`n(C&DyT94zVZ=K
zQP;B{)O$z+B*6|$2^<Z#pF*jr3EQ96aSQt+_boioTmqEh9cZpcTj>TSr3+QDho<B%
zQv%s|j!Y>yo-P+KHBav!Pa77eCnuHNNw0aRgx-y8j8D}yK3cKI{feVzQ$G@dpRx-v
zWAm$8J>}3m*~U+NXfghbiIjN1SKo0fq^VUgL<t@GYwv2RvqhUc6L+B+@74!+SZOUA
z)5s-C&Jrp2FDsklbghs3L!o18f6V^&MwLqn4)?rrebhW}yFJPqN*Kv#pY!Srp=n=s
z`rP~g&{*1_yO1SB`iO179Ulk!!~~uOjJ&Vi*%}>G+CAFr_k|!t=Q-vXjO75gj$Vj&
z18tRPc=nYv_eQN_SNqlNTpk4$m39`E4hu^7ROv4-$x&BW1E8Ls)2D~Np8fiE#N6BK
zE3DU3T3O+E_$Lbwd1EY$JgU>TlpxH#3N<1-j<$RDBq{9Kc5ZO=&&}7N^{*b)(KIO+
zOc>IqpC{)hRwkc(!u47F)OUgo4;f`q63{>14eb~By8Rq9xIMO^5#|9w_(?&3bNWyc
zyjO412aexo^VIfywcWFO{O)%yswY5NadJVE@>0Jm4Quj{PLC)vTfW@lvfdv_$$Bg4
zQK!=fNNu8?_n|@GwYf;=T-9h;{q)Gm7In~DJ!7TeUBc!?@{|8T=$($+@dz@+hFDSP
ztS5&zk%}l(1h0)%2K106mNl`|TzUpd;^H{bBddFApUh7%ee72n?&pqKFEojyEfzPo
z{(E0L5(I;fVK`_;kAPExcFU^?{-OL9Fipu;5ZhMmj@8r$!WQR9Y&4y|DW95Y+l!D$
zB~YphhpP0<bEccA#6QDQa2=tScy3P)Tc^ov4WpO26K<!3+S=OK*r_A<nV0)nCwiG+
zh!<!oD^FDPJTQwe)d#T#8jxU{E6oEdfe?;6E8V=i(Ts(qt!_k-o08cI`^iM=>|DS4
zDhCq#C04IZnf4SIHY_}U4e|Vi#*__t{n!AJ@m^DOicJ8m@V*rh@Ex(zc_1)~1O!8)
zIa;CxBp252kv&u$;6`nNfxPTY&yrm==paIY9hW*b6jLawu&tLJ70|%zUha$l&8rw0
z8A(V;s!T*h4Gatb0Kim%lu%A*2Q<(D&KNjHAtEC3@bJ*v+gl}K+rQWejgeRI@<1i!
zaGud##?+~|_VtH3IE+YU1nFgZ0B-v`rz<CVLdT1t&v1UI=TQ842R}kdyK|5xMfX6F
z6vUqA8>{|p+Qx@nG#bf<XiH3TqUh*|tT+`U&fnF{3|a;t?iXXZl<EhBEmavZRkYo`
z=)DKXYvpkq8$NkV3@c1Ez!UOOs|Pp7%5?c+?;Gnya|$gG$R_yc)P})M{9NzDr^IYE
z%6EOf#f|0|Yt^ctBi73jV0Q@@+2vz3d^wd#&qu3cb8|J-F`(q#%xn1-yQ*cZ&e`{+
zHFL1*bH}ngh-wZS`-`jU<1m1$x1lpaF}pmu#ZT|m@0Y=rB4ah{bx-`phBl>ag})zK
z6jivevA&Sod@Ucd&JCX3l0=>wvSY12DSu#qUtfN%J~JI-jS1GW5eBDgamV;KKDzNW
z#aw<34mWa&b4Aqwy$=KOVz|UAm67EMA%1(I1nV;7Ma1GPc%2PS>rZ?Rb~a2zmk^Qb
z*2QjT93PeEf1;0Zn={KB^l3siA}QriQCDRW0{xi)mol?Ra#NyBkVI5e4qI#2<=(s<
zDEv7}HYZ=#QTXi?Q<s|7;Fb!B;%{Pd$qK3e$cba}<26R)XeSABT$2+rTiLkp`TPBU
zH2gY33TT3(ejEfS<|J`m1Nd+XKO>?FhhWj{c1=`ApTj4ECJR3B>kEmAPM=pNS`rxo
zeYvy|s{+WOoaOuD`y15itHky`AStM6fDs&Rt%kE$)5e;Z>jxdOCYl$J3Z%hO?bR?$
z@_t^Y!9ZihEn{D+&*7sPa;26M&<GTFo*5(3bmaDjQGj;Y4_esI8!(d6YCuc*5iK*)
z&7&qnU{L$z*v2P6&}g)m?p$An=V_wa23F%BMv{nIuiO0H(m}soAN6Y37@6~+g;jZJ
zareG>Zf1$wwVb8M1uPj?H8*Y*ik`5Ijg5eSe`u(fnOTYX<VR^m#oo>HD*V<CV1sK1
z=<kPC&RS0(=uxsywa{2HsO5df=(omG%<nNsvV2LXNm0rL>rK-=m95(^G-8f<3=Fxe
z;r)Z9Ml;*JS|6L^<t(<o_I-yeBR?>9bH9kB;y&WGdz3+qr0fq1atoPsu*J~2JX?w=
zW2Y8OJd2xabRnNe%x=_Y-xX2igy6~guI5U^#C3g=Q-#F^bQA7ToM3XO8+VUEL$+&%
z@*ZV%r*6zj(r`GH?e94>a0g*-KBw4dxd^2X6mEow$Sso`yL;B94vY6-YwL1*9z`7m
z7aq`^B;d(uyA}E<5i=@SyU*IFDxF6<lvd`T1b<95b^SQbW6x1E?fHZ6L)Lc%*VBMp
z4qmQ=+y#GR^gw&=t;mcQ3VX=(k7WQS;ZJbO!Ov=*cbkJbeP7Dg2I47|Ch={)9OKlU
zRdLe_*9MoYEea*iR4+-;YJ^SGKh_<yrOI~)GAb1;wNcWg(k{acYFhDXYTUGyrQ8N;
z(CF1eDQ_b(BcJlfw94qU%cjDD(Qd)zG(n8f7jHjsyLpKj7NTXm>>KMlBI+(cGry!&
zH@7W1<>VsGEU4R4-pI<543Bq8qH`*@Mk1dNZt;U~WwJQo#dDgN6FS4nqCW}Q^g&oo
zcYX)L<QnZvUsqOT=L<_Kqqg!5Z#LZ$M>Sh!_$zH|GIbE7=Tz;o;j9*Fc3n*xWg$pU
zbyTOzo)QM3QA6iJ0zo%Kp%!A7N8O?jyb5YcKatWt>DmiGv>e{-ua@sH0hD%#0yNuX
zimgt8ZkdFVtQTkb;cnSTqRzOufJWAzv(&_f)z{`}FlSGs1AT2T$2WIL^rWUmqK|}|
z1J7D*(A1=E59}#j&KFn%*4=~!Ir~nGTubc^LoYcp(u26_hJyUR@~}l}gGA)094e(5
znp(F!*(%F!DE*)67JfX~oy~A>*d{GS9F&H|C6AhnN+vr~%MWpKM#!O68(e0IO3LZp
zwHJJ@in}go+bz~2rqRpRVg6qCa5d+b+vOu<P_{s%fcSxHV9*<8>~Oze?uE|>@u*fa
zM~Rh4x)_*bl$OGL{HXU+dDwD%EF7B|I5qkv+WiVM4u`y8!OJc+Zz<2k%04$*prT`E
z!qiU8u`!f?1+X`&4UIn}HB!yAVC?;pRahk9_&{~z=|P_|Vk!c^Y@V&x^pb%hnJ7%8
z-TTtmYaX&0;k8MToT6gx_`LaaHN4cc;TOq4$_9EoLRRcsw=yYfV_AJ0r-I*?P(Q##
zFfm|NA$~VB5rbyWf~#5@{?VX-^&-V!L6kzX#7n%w*iz@`eh;}Cy2J#nGLGDckD^Hh
zhT<Tna*s{P%2Zbgf(F-JYaC^ig#V<;!19JE%VTv8F#v3JwAxnl(FjwFsh)5h{kCYd
zeZ^VU$qwEi=9xK~IA-A3Dbmx>tcoaK=4GNdc2zM6Vb6FU%f6vl$%aHm-%P}Z)nuMI
zdSo2lWba75t=+o4F=@b%d3Tj<+ltWykfqOrA96(BI%`_i@;Yzcs-h;DI72u8MNz}U
zMiN(}PQ9Mm^SH6>JxOfpYeeJfa9nPxt>J(?F0?`d@Xo+dbbwDbGTfdRGc*gMhgE&%
zb9K?v)BC9PYe=dwAu3sJap?oG{O#R|Vq|bSc7%LAtm5f~oS|(oDtZA;BX&F^l>ur+
zh1YPQv0-q^Oqs;x$TcpPM8)Q}>iv78Rc89+T2CuU11Dw2b}QlWM1Yc3%(rMVIp6Xn
zFPNU9yn`FV3Mh;Z0E_FDut{*^>*6iGDUy`oc|<6SdzC?{U*y%QswbMSi#9QUt~B(6
zdt3)rowob{O1PC6fSb|d@g{cI@UFiR*D+RJB@B#nh9IFN=0PL8qt^it-u0=pkf%<y
zK5<q`E4R!L51y{x@%dH}wZ_3w?74eTXymxXle3)oHn)V!p(TEdTZyjt5L-=oN%0;k
zBJ(|D^Bs=s#rc?nJ*QM2r%y7L);OTR>2{=7_*S)I2vDMwwJBg>VX<RO_T@_)Zs3DY
zz`Jp85w?f732x11>MVqSC?|ht@DU%%678l61|*ziC2HHBIWcF>A8e|GGAkn1Y;>Sv
zE2cG-upBs(_ZrWKIxrcKg1`64g^%Exlgt(bEb0CzeRWTJ=BMJolOmdI`G8K4!4)Ls
zwe+YV2#KPoAOHq5vzee6*QLOihyD6*8%J^Zo)#iE?sW2&B#3zR05ZkAS<?QZT|p1(
z9*JE@Fd&NeO!)zQhDxEU9KXuioG*}4OgD9`<~)Y_DhZ@1iYbhV)S-fVuPH_|iL%6U
zMpmEvGhl;r1Nvfz|I(3p;wI|XC25JBG9gd-J?k9Q2hG7J9!-U*Le0!UU}O1lGtp9I
z-I7l>HuvcF++opUL~fRDVM7z@HfA{O#Zu);=Xc&L1Q}6dJ7y~<BdmhDJ<qFaY}(oM
z3$>JeMvE4n0}Y<R_&nl}(5b|waM5-7f-mk~X`JEw2+UM}pTDH0cCzW(#yQIEU_31C
z9q8I<rEo5u`IN}o9Iam9#-fVJXG3_v4l!IUTW~O%-afv-kF2WURUG>H{c2o-+7!D1
zpUogB;e==J#p(Y;*;xj(m8k2wh2mDA#VHhbTHGn_?(Xgq+}&M@yK9l+P~2UEySqC#
zZD(fB?6dbh_wql<g0+$?zUO_PPcbE5NN8K}drVlti1nldE2aXFVkFON!HIh<B4U!t
zOpn4Uu7mE=sykLNi$USeyyXMIoM72%$JU|;?X-*Y)1|<?>A!NF`9bo7Hu*&6ZQPh5
z_BzAvXu~%(vw5;XZ^Vlp-@pZ|y!s<Yn)O5^3bB81Yjl&2VCd&s<_PwCoCq`4j*DnC
zHC5+;aIKjoDL5&|0~I5_|E$(Pp~Ba+!>X1`r{LLa?@9BI!Ri{TKtp$FNUA3@ZOWv@
z*$&h}(h)Alvh^}r`LB@XViQQ6Bp+u$`jJpfrO!f?<wnYQ@V1sRKam&*L4-PSco!k~
z^H(;<?+!;>2YVoDMb1s$8g$UApVn|##!nl}VE;Z(>4rA>gqkw=W#GjUjRIiJn%&MF
z_o{vGYq|1MgDKBk@ecvY8{Cmn^ZmmY4}KlWg4Wi6+w>Ol#+_w*q5xjvBHdi>fUvCf
zeZ@GVnuvJ+bn`{xeN##awrWF>)#OO#XZzJJU1`k}4Wk7V!VRE7Zb2oBJAA`<s|4K7
zgd=k9%eH(xquJYnx$9yO_NS1jcI-Tc3oO9eU2BrkR5;tmNQI5h{+QyGhlO24&<)zs
zg&Fa$0rT5p7y1^%{mSz0_f?rHVMCNga5|Rh)yAel<FJFTd>K*51|fT5PfaD_8ADd8
z7dHGK_TXw2HX05R#IsW8&ej%d&5(!<`=2r~1k(%|yvfW)VNr4u!)so{&-Pubo&=#I
zQGz}SPS@XJO`UBk7B0-5Oe{cYMjca)G)h<n4BLK+m534}dUwtap&Un-eIil{4T)M5
z6@*4p&beqbqE%<GM5T6w&W;jBwN>CK^?@US-3pi=-sDKjSjhfx6YW~t{JH`ouxLMJ
zID@nLOw^dyM8|xt8*+|eB}vftkw=Gt=gen-V2X*p&QlT1@#V+rsE?s>A-qGL5?F++
zqsDi_%?z!A$VoB;?#s3PtB)d5_vs44ln{{9!WE*(4i3<MRdV?|<!M<LVVN<EZ>#LO
zW{LwnA5ZO&X8^P9VmsxUoUJE6&P@U)RKUrEog3K%3qfZmOh4xdn$2kpvI~3Pf7I&a
zq6vveU1hvm$ACeR&8{*Iv`dFOnhpgaurn^oklsC2{M2T4QW<PH&5Sv&Q1W?FB02{>
z;WeZM(YksteF#s#g=Z(@5YsiUg+gcF(}QpCwR=_6oI1d1u(#wUmD*}=R|5<4J$!WT
z45zeg6n=wUE`oM_0A{%3AiJ71XcG4gLW1c!b#2D&;5Is}s#WQYKxuL*oKa4^INE3}
z?l~JPd_i#*k4bQg#?;7xI|*-Q(pcqw{_-G``_e+<K?~^t(sjYp8n(zlSd3?cx-rHH
z%5Cc)%YN=wyP5Wl)Q5;6jKfa-H|U;ts8>QShwRwt%7^vG?yl#R<+ZJ^-e^h$7V}Mi
zhrhKQbWkBDVxqnp;~~e2{1I*Jo`T8!ffWVd($*yV98Ea;;NcD%z`IsiA9DC;>LDev
zfax!=B~fL?%;|UpPdIvd{MuWVw564d7QEVN>(NB9QJ+rb{Q^*4jxq(9;S=|h0=z>j
zs6)1>!K3mfGu7EjRNy#x`xp|4G@$jU(5$S1)sV%?ToUy$<rRRQM@T~EgPf8W9IZz#
zM!6+Z?{p@|8n3vjI=@S2uF7jPeX{hN_X*yRCk>0|y>}L6SUnr>7O5CHI?eTH=M>k-
z=qxl(6LoY7JfFt6E~dWSuFvy8@qaq27Zc_2K_#OtdClP%>6-G3KmVBXk_Tuunr1Oy
zPhF2Xd}vivr1sb^DJm-3*IBP<`kqcfO#MKhjiNbTc8X%nn4DJ;X*ZqJ;wi+T{RxPJ
zSkT%`M9mzzil*H&!uq%~nq+`Lg&5eaJEgEi93X^NX<&Bk_4lYC;*&GOhDxWX${aA&
z?fHv*<9^@)^ZbEMd=$opN$AX7xD@NHk~y;bDuBDRy{0=op!+kaTs+mzywsty-R3I}
z#n4S;)}oKC`lZm4y<>U-c4yx-J_g_9X6b!0J>MYIvn$>V<muDp80i}}(dG@Uqm1rX
zCF6)0K5-oZ`)}wZhm^N7Z0!r-06lDY`|3ayeJIu*4%&vv08kE@byQO6VY=xtuH+jV
z-@5|lZfpf;vx63|0WxS-m#kMIv?=|CLrC0CEm539)9-(%LQ?$+aJ-3D;RO{ZlJF$A
zqyWh}nFaIJL$}xKgb#?DbyBAnDFiJ>Ry7@9d)U_F+MG9kBoN;WF~pZm4uVE)v=fS~
z{zz8n(=&XOHW1bTRB+Q0=^xmK6>r@8rB1gPy>?D)tUmw7Wt8${5h)JOXGO#W&!fX!
zlIhEK?&=yw&2>%}OC+5qNY72C0VboI9k4%Sro67yd=`xp9X&SJTFjlbwY^^U$7)o=
z&#LQARF~o%Jp2P!d@^gr5^hIem0dx(VsE2))1H|Ns>{%qrDk(rOvVU_trK6Wg)t)S
z);!cVZoJma<F<7^M<DeVVV^Z9v)N=aP7do`pUnjWck&Vmt(qB0zF`YXuW)1mCYx7^
zVnYG(q3$kjmm8g=qjygvCc9|BXhbVzO2nn)AFLOKv@16GG3|*j%GE(?FT1BC+-(h^
zGvyk42TgQ}UsPL7&RBrzm?9$Fc3IPh>g>I)z^Whbm$d|Q7w(*~?6n?n4dJ1%MAD<*
zai(Cl%1vCCX*IAIZ}}()>8c$qyE>EuE0!1h^qt9brUS?%Y5C0MKWi*>Yn9qKzx(Ez
zo}n~0&<*FKXn;BQpjtd=*!GHSmAwsyWJlo5XzZKCS;wQ9$^C1w*5y^Hqt?Lm!h?N-
zNgK-R@`xJ(X3kXmY#*;kA}U>9$Y!b0D}?5#h+F&77tqkzQycd@=6(;ZMnT5p()$Zu
zq`{yMIQWWI)5XxO6gVddHi9!IA5V{_DY#SXhZ{8TmEW-z+Gh<g7>tC>joqyiU9M&2
z4BpQeMxTM>55Cjb%<lK;NhFXT+2xP{!Ec3ql1euC!GU(M1TyGg-eZh*>E_wtJY@fs
zh^@;zCiXK(Fg7PQmZ#Sm{TQe<TV|Fy@U(yq$ddeqCDnm^s@f=rb3|o45B-&Hx@%~8
znz!YF%K}3@IMaZ^ptvjnwuZB2B#PYed=6j`PF4UgdnA!P;|$a&{r(|5QxZQroD>)(
z&HDz-OrMYv;!R#Y`!Xop<-V*>4a^DBAi#*pJlJQM{sIoS#R~&TYKr+4^DD+xWldEz
z9r4=zqD%OXs4yxE3yE4HxvXYF*N{otuhP3Xi>cJ%eeb}$K^^$IbCoNB%DOb2o5V;1
zmokC&4e}`)EQ&YTjg1MlSC;^6t_-t+$lbdMb>`CVNhQ^3pH=+7jLp>DD1WHoZChI&
zUH}`_?pK@G>a}K>rY0S=#=yzrZtob^O}zvc7slzH0Rs7B!^WjkRv9*O5C#tc)8su&
zGpGoeUI>Mb)I^e&43O`PmWD*+2kJqozEP~;xQ_7aBDlTtmJ~FcJT{$us@eX=WK(@c
zT)l$sgBhnLV^sNYi*$jUKo)6epQH<UR0|*bQ>s5>mGgeb2FS`)S$S!U2$YERfAC5~
z*!tQlpXm&9<+>k1nTv9Epzr&LbS}-_>nDinVf!hUV|$q~;Q&0ezRcGrlXmWZMDWO-
zV^&_#=4FV&%fNzGri!@8r?MeRjg3vGt=4H@_3|vcyfLPoEl6m}RBitm5hT)3=Jn_i
zoO+c>;`KM^`L4Rvy}(Kj+kru|Lg`KeOj$z%*PaLz1UWrFM*(oRBV%K`-W)GkwLLkE
zG5!p2c(CA%94|GcrKWOlavH>LzG7E?Meq;ksGDK+GrKA*ASej(=34-(AlNh#C0t&E
zR<;NU30>!)8w<ZhMWz1^$@deeoigp4TbP*Z0-&3$O3SH7LPp5s9aA|FIagId@b?EL
z)US!%tJA7)C;oW%rW@BQQt4qKu$*U;<<wg4o(01e2Xs<b9ydgwmuyD-gVWJsxA%1<
z{Ge#9I;l%zZ+qCX<`9}aY1?SKo8N66jHCy9^~vEEqz665TsV1S@kA;e6wFmrSGOH#
zF*CZhO18*>0SRM3xt!O3y#7S{Dl}F4mt5iKAg4nw<}uKrH#2Dm{v_!?fBqLNxGah*
z&XyCtLjG_SfH^z_$L=gnlEzi~#-D?!hOEG~;Tu}#$8-9a7z+G-W4$Zbj=_t@j)wu*
z+mPljaGr!`4MX`Ph0Wk%XM!h}n%uv>4V>U?c1;!*pXzW$bq7eAMFi<D{>iHNNczOt
zYKB+b)v(gQpD@fmAEsoCB=oGa7a^Ilg7pu16B}^5d`*{ApZpj%jK}nwiS_xMo;SCi
zwq}F163~uyWMD^Xq{PQvu71`Sn|?at{5H}P19kI3e|#a!^I{NhSwyt);p_5@QM8eh
zg368T$s%Pe6+*beUwkg><lp&R6MD07DCms4MWrVzEK@x!l@&eeO!$H^oupwH{?1LL
zND=8P=nD`po0uQ5+5>(gtSZzFo(bnWLCOo?|3Re4fc6c4vNc9kAO>~IMW<xwy@$bS
zPkjhef9W&v7X4(KTAS0u3N!Xy%pKwQPx7^h>L+uKV&>eXDf(I~GE0>uF**??T6vD_
z0odlxogrzdF=LfMt8qW>Ez2augfK6E)v~1Z#-ob1)W4w1AmOok+35ZfsFl$=$uw6O
zr<Qg-EfiYN)<#0qB1q?*fp_(ApNU5YRPUE^u6LAtx>PdG=?!f9?y*NNDKS=u&fyt~
z^2zSyc|9kxja_TW?7?SdpqgE&d<pwLcdN{pitjfQXHKuoIg*^C)xv9(?L2HXd{h^t
zOha}K#(w`l0(%rym{zZSHV%(I?jVgMeR=nSB`u4PdZg4A_}Dlugi5XQ2ymsAI5=XK
zhuh(hT&~_}g1f=iZxe!&U2>YaFQc?p*cl~C5PpHiH?L@MUjO1o4mg{SB#j~xBX5@>
zJ3f-r0ZM>B6MQrul?oZOFphb`;TqW}oCB*0e@V>nSUunl%@^OFgwuSbIO;r2SJxAE
zYF9_89~<X)>8dn>M(~72^C_oQz!mZCH^vVqMRE9+Z2HxLunm84);N!zfYv65AS*L%
z8c|81n*zk{IHTTa*ttSc0x@5_VhG|HsSX#Z;2CA~HdtO%lV=vJ3ejkc^`<7YI?_~x
z!*Xt9Jt<{3+dWY!yB(jWwn^|JgsZe#Jn~{&?U9Lzo8!yqvo=QVup{ro!Px%=-~^qD
zsg3n&;o{HsmsV~M7T`34LZ*ETCL7Zin_VtUN;XH~oA;{=XaIY|%G)NN1=+?21Lm5Y
z?Lcc`BqYK?z8dr77+Dn+6#(Gsa&K~c_nVC~=yOQh{9tz%w61Dmc9xlmDM2EJ?-}uX
z3laIgxm)dbuGaPA_$WA~^<(|G(^WyX`6awsl-g>F*o_Vv_11*1Uu9&6b1?Q+WrQ^W
z*WdJdEqh4OIksw;XWwy_ckPK2eJm-*ZG@@5v1V8$*5tta5Fe!~3ro5;Ib{=*3)zkv
zg;-JhygeOiAJ*?g-E98xjI)CrssrWjO>(-adslQ2ERla7ZQDm9)c+7*JZTvG5spZI
z!IuwDjO%<jx0P~+2_e;RG#sx0kRI5K=%6>!OLB4tM<}%~lJs!y@~$M{Y9IRoUerY`
z(u(Y<#qb~piaa*vw1_7o&?@<+27#l~C-n#h)TdYbI<U!WWI?1Q2&(RSXyKyPDD996
z`Kt$oi49Td81HW2`DyhTtaqopt*p|cP510$^!%Pszs$!A*Owqj#9*IK??m01$uyIe
z!FrrOw`>M;0F@BuQ+}*K^BDs9z_ds>s1*a{Lwt-&AWQ*%ay2MtX;h8|#nbquZg!4;
zD<H1`GFWu_bBz68>~e2A2o_pEVc1VT<-<pEZ3jlFZsEW%S>-P(OhijO;fZ!@yTHC%
zC<!nLLU)3y9Ae`ATc8+oW<GwBm%taX&|k?^Qr_~euBCwy%MMel=wRV`b4{!DkS1JQ
z7uMe~)_{WSaz2uvYI<e3S(3he`KkZPKS`!KjLMUH+~2Y)Bk%^qf5rgWli%WEdpv%N
z8Fw`-p7mTo?!Q=kxT27wQ^Y~g)SI}Ij!1fOjVmbfF9YpYQ>{XTiZ39fJ=?rN$5I;o
zEJj;cbqa0GJnc18I1<su<&-BJ)M$E+67htJk{GQvJ+wWAt`rjLTPEBxGwFEm@b+8Q
z4N41s{IoXp*$zQ5wb3X}MR2hM+r?2ZRqs`k&tdJR;_G*%`GK&G<g~^0_4V1=9o^k|
zwY3VM_&XUT<;Iy4DE<!G|6;HGJG?CO35ySGBu(zY6R}^YW@QP)__G?0_I#VN5@{07
z?Ncqp6=Y5$zK77SST4GL{^q~b;}nx*y*6<r*j$hUk*e|`B}!d6N@J#&S5^Q3fFV_3
zHP$n$zzxZ#bTriGUmPkuDIE-NL-QbPksVxb5gA1saj%)?K299rC)8bB^F4#lasIH4
z0VL-!nvbS!W6juOp&fgb^dvTxZZ7$dR$m>xE+M}X(&BL8fDANGPGYKokr7(hKz*ot
zJnfAaid0c=kEK*9&*ffMo@X^(%fKarvb4uY!c!cOp4j^aBjOJcIiOlAQcUm$M>MHR
zbh+y4lWs`jCKZ2`{NR&Tg4=`eq)WmrgYN0ac5|ht#!Wq~7YEnJp`@|y@ei+F<;jWg
z^T?yt%I6hG4uuS9efPZdJKQ_rKn{-*k3spq&5yfWV<Kg5;w<!wQ}G`z4F$o)-xjS)
z*fVIn7@goH?Z(?3SyxSWT|G}~`6IU5bz{fN4ZeZTKEaf#sO6^y7ZVNGxuQt)32Ju+
z03W_vF5@}0ge{S1#|tesUlbmS=%KcoMa5Rn&hWqY6Oi?7lEuQBI1$u0n4$09^IIAy
zVzT|J_r-5tlw|_!_=!3`d;k_s#M0D|yVY^;u-i=H4W$qq7UXAnrp)89{}*N^;)V{}
z#&YqWp{V<4OLx-BA26&NV4Z}Cj0_^r(*z_EwNvfqkS1#kRaEx8uj?)~&E58wgbWzn
zs1#~L%d#!@&9m-^s7baRP{GpdZq;r1=$rPJ^P)m$2X7%Q9X1r=vaAv4^>kTczO!*|
z+=MoKQoP=~g*~}qS7N~q3KUx6^AU7Ei9|~#N((ogw6m?v6lFIuGFzJFa~-sQ;<A5>
zD@9R@w;lC`OgnzL=_7e$R3vec!&+DO$0ek@4V9I>NuGeZ#9fF8{%GN@)IRW}Q*up`
zzRJ!AS)24Wk8LsSt${KyKa>J0!8MvKftG=f-m;*C1}K-Itc(%bt?S_HVYyfzJ!}{X
zx_k7}@pAY&W{EoQJm8RX-oMh$B;-*oj?DwF{G_ERU<VgETu#gN4KVIRSjQbpnFTyL
z9QZmm)(q<cC&od0H)bR^q%LX14A;cQdRfrR?KpPzNOUAa7)Pfy)@>Q4!Yd;;X?st-
z?g99N&FPd|R6afwZqw{--(wS{MQoR74Kq8cxmPz!G=_P_wwTOJ0kI_~APDwIf*O~5
z32e=}Q?xl-v9Yu*>5ewqGAiE?yr#b%Wi)i4S<$LrSsc=@PPwp3JFiQw*_WnEd7*+D
zjlEmTgC`!|8H<hdEYCS`rZ|!bCE7|@j4el#T;WgXOYjE8ddoxxTZ7HfUQm?Ui3Vc6
z3fdf9CQk#STus{bC*MO^0jzv7ocB`5w=X*AGp^xCIbRNS;ZQRq+BW59c)CqYidgC%
z-1&T3%~6k}B0ZQE^!rc3&0Fp7Jh0=H2FIuxRB%gk-O&>8K9dyOFV4J*6&dmDU9>V3
zHOxy@p;HLtjo&J$0KEqSVMCMW^$S*XPi6-vfPZnz!cZ;tbufw&C-)~kK>_+2a+kBe
zGqu10$Y46g-GQfGX&TjHORMW-uaDA8iYLQl7G5Fh@ovWR`mwC+1X-<9n$f4xJN$u}
zEtmpJ;rhQ3r-LIy5myqr5>C_eneS4D3wAOMG^Hs<&9Z@+sQvi@CF-+nO)dnkWZ;a&
z2Csyq>=)wq71P}LVy01=sa1gSceuXYpQove<8=&6p-NaRr(IQ@-e(U&wI$j@R250H
zQ8%cmBN%x))Z{j<E;uWWn7vT>Uc;cghiR*q0z6;!#5Sh5lEof2vFkl7<zxVp;Z@0(
z*g#9kV7wy|%6S4yT;3a1BC;R0@N+i@R4;5x*{Zlac8!kYE3Rk_Y}>w91T7w!0$tP^
zEiUibG^b`}3?l+MI(UILg|x=duW-M*JWKxkzo^-R#Rs@}1xIa6MDRMYKvKEcuz|H`
zP1c@7Nd)G<2|zG#yt|8Z#|Nxgcp(ZxdN-P^Z1GuW)EoLbB@_L6QG*n#m1vWFj7`mr
z6Ybb<@b}1K)f3-nmwe#w<%(-o=9l(3xIe;LEcL?F2l_Ml@Of1P_Uc=lkw6E`*v*tx
z^*6lFc!?WV{fYX*nLIDhJ(!4Mus%r9Ii|9@&eyBShzu_pRh&3Q4Amjg8jzX%%PTTV
zxwYdphI6vIXBlNnS6rol1H)scvA=atELmL|Ui5@QEm@yhVcP1j<WgdzIwly*pL|oi
zTGVpfEGw=_J!ptzS{OqSq-<a!@^=t7WP7f;&YVVca~(1}3Az&D+Q;3u2+-M!iPHK%
zc(=0o^!gKvx5}CUx`W^f*$mbm4h~I-z+OwGuiic{V(tTw@W#7oMX@Nb|1ir)(*)g*
zyuK)%Dr&6Wp{-#W_X{cIp6-tJvJxFE^TrZ!>!S|nzaO0iO2sjvRQwR=D?nPG#JlmB
zR>~L(r9_ls{JwN8P#Lb;?myVDn6;1V-BDazh`(k{qzaK-;uGBx0bRgluyzkXjKLz3
zvR2(bDe^5Y(hIW6#53$^4CXg3WfN5(dsi$if-#P-wDRpur<X!&c+uK7;Pg5(l1&M1
zdUIF)ywe=E!^#&%bLhB`;*eVhb|Nea3n?2&#zoNeW;_fOTV^)semUn8-XO|wmPBPU
z1zm6EwRK%~CwM;x5aWSNHPv)Z*N%3j-rxL_*}}*@=<zaSobH<>;Lyr|mscaGi8*wl
z6btpE%dc246siIoMlW2gSt7pR?C~gz2#gMU+L{@<*ix&B%q>SnJ7{UIZ87^(q=XY<
zOVSZunS=SyR97+?Z+r)ws$xhDicyMI9BVPGxJJbNjjn0QFDEt+!6nfqpWC%drxmdN
zL9et*t8)ENa#MDwl2zN}#3U6|swqY~x=w-A-~*=e$=lYE-w7+WK9UD1tKl}4{|VtR
zVSYn6{WeG!Y6<(oxQAR{`TYIJL^Pqffg(JU*YVK|?n~)v?Vt255O8>|^@7Y-f0<ew
zL#4Y*^sFi5Ljugf5=_l=L*BitzS}~prm%fpY8F?-wcDop%l2|bbgZ3}_{I%Iv#h9U
zyJ1x50qt#YcM;j(NO@q=XUvav<ZFxES=1Y|<zF=utQm-E)tPdbiF&m67lHG&i4_Ia
zcRu-#xwi!64>5r4sydVwqS3ZQ{G>aobk1+yq^BBhwFSGIb15)V(&K;TwVjT%DcmzY
zd9`PDqQm>jD((-#FWtx~M|TFcr8e4bOzl-a%v4|q9dp6Bn0#`gt}uX8{a}cuFo~VM
z$={vmOnW}n3DC;m>xg&NO7d&(!c-K@UK?xU|MXRQVQ6u=yEdiCQ~T72hn_)xQ!5J>
z>s@4GT$S#BwshcHYsinaqs}U?R3mb=X^g7~)6(W7yyrIuv9dYxw>#gJ0{qi(!Pc~A
z{qi)0P~DH?K$aBGT!=WULi5W5#3%Bfh7@T)ki0N|sL}M=K9}8dBlUqH(DX*teQf9k
z@wO1#utz_AnbY}H`MB92h3R;?Wh(Rda7E~N`W(^?^;Lec6_e-nP!DAmOrHNY9dvB%
zNl>K|!Gry!(3{}0*%ij1RwT9um9Z~h@Sg0pq{3%b#AEVTet}g-&j9=Yc*P>fV~AL-
z(&>bwS+vH(`<ch?ejf=J9zf1dP~MUkJxlX+x-;naC53GSAVc1k8h1rT+92MolV5vQ
zePGb6C<xxNGnn3i=yBGf|EuyMA@MIHc3t5LteN72x+2&Chkk_1AF?znH`{NhS@_v`
zu~W7h2rNmVPByz>VBMEIPBXjNC8-9ZYP8DOhY-ULQB}S(ct1*mfBw@@a$-jrR(WaS
zo5^l^WC0kKSdv0)4O3No`&kNHfsv}5fW0kw<$|-wK~P7=Iref=%GViJ;<7<5AWOPF
z8cn)&oC4q5khilq#f5f(s05~ncGgvD=7e$4XHA}wfsFcFUFf{4J7=QWGfP{U0?Mfj
z^H7+`C(&nC+bo@CvDF8fjl$Rjs0!~TZf6!cy-K85Wc5dP@hQBg>JxJ(-ESL>H%I;F
zFM{-Jn#Q!Rg@RuEe7yLY8rBrrFOFq<uzoWZK9(yaL|mBu3VmCa)cf<mmk*o@U1=zv
zCgnw71n}Fx4uw6s8Kaf#>zw;n`jNr|Ro@cHHY6=eYpiscSRBQ9a0+uFmz)nFWw<#X
zqQx$}kX*gq`=M|(#F3A^%#HfNhOT>TT8}{D2-t$_ld#!GxMQh5fr*3W8y#=IJ!_XI
zmu85uTeNNu&uPelj<@hW#woI0pRZfzPwE9}Zl|AwCo}MbPmWqvqlQwUB~ELyS_upr
z=s5M2xufpn;Ot6vc^LbuBIJNatBrYkCxLkgAW&92fshyE=^KZGK)^x#i)Agfz%bbO
zBn8`AY!=n4lcWsmFl=>q3;GpQ8&n4tZtW0q>rN}<hN?^!=%?K>vpob8aRZ!fY@!qC
z8!zaClqUHfT#hS$h};v>WV+=jvj0Pc0+II@9lY#EQx7-XJJ?VM7@n*kBjvt_f_PkQ
z6M|KxCVGvBrLKZW@=j4+u@Xo%61AjPk12=Zz(ktC{WiY*e(gT|+C`a|sK;qO8{n}a
zhxq(njUP|BR@v7iloKITPcolEWu!J^?&8DDYo}5)Ab5o?pIg5&GK4FPpu}2xS*XuT
z{RjpdKA%#1=#gv>+8-zR)5aknxuaFRmB`v=^$`<pWKqzwamQ>$M4y<rswEPsf!?ea
z>|`rcsqA4B&pSP@we^tVJ(xd}<7K6Z@GXhcG^tu0@%!KtN2Sbonb_pGKqaN#YiIZT
zRQsrRP>w>pPkCb$2FyrMq9<bJPEX{h&_zPr54*mMV$IEprQG87(DyFB-0vX*a|&M{
z)KOIt;x1Rtbh-l18NKbchc#O_#EE@ZPTaI}lkhwSz>8u?Xf#0%EPMuQf2py7csL)X
z#aTvMdF<mW#rIW9>b(&M<1)O7z!5gzHf`xyhck3D^$!Av={t2~##<AAvxTe`k5r@A
zv&-^1QeSC)r?M9K!#A;nWJFfHwUdvpYs}b*G~=<&TLNrwh#=zrleqP*Y?qj1yK{Of
zNBJS6OSj6D;12&+lIVe;tZKt!Su@DajiRIuB9B(9{`Or3uFs?}w_{UbWjiXn=r2vq
zz$#+yG>OgA02Y`JhCQZuUC(Z}K8-ISNJ}6Qh{!r9xw*II&4*63LUSOdVsW2c>wsly
zX$Ni|MphLJUa6|fRH}YBxsij1$K^b7Qrd5Iaa1-eHKAMHo3~ke`Isl!`mtmc!jW7L
z_D_*U_z6moR!D|=N%h0%(sz9-bqJ&V^W|g-wI>ad)h;28|BLy7qCK9R0nQB7B8*LB
z;m6!EFu{+PAnFahQg1M1RROj@Hq9HbEVFG6px=Z%isz;2aCT-lYEiL!#1;5Nv<EP-
z5OOp~+%)Iz*=obh_U5U2z0M0yY)qr|XfTg{%&m3)_DoYu(ewK3T;yFGgG7Bugl|f9
z9&!>deiT{bwjx(aEA;hu`orgQ<GN@AO>AEbhXGN7Hz?jYUkVmuYoTLkDe*rw8q!!M
z+{+WFNEoF~uE+B%gZ?SWJ+^4q78NcIPHHLfXG5Xc_fb5FMR<b}ys9X)s1I>6|H;B<
zJCpD&izuLDN~Js&z&LGf$|fioI$L(mK;7&Tug4&F4?+B=pMmgg&D9a^pN0nW9B7Ez
zMP_dIDz?hpC%OuJU1bY;B_npdst_V>P+M+hIF&yyEJgc(OroJqX@<YMb}=+N4oXq3
z&0bLUhlfnO1c5Q8M3QMq9-aIVKD6P8oJ0-GL^E9cTjh}G>K2R9oz6@ceLgXEGc2@-
znIx9!B?CGMIfRP*@)DyX%u3s%<Qs{pd#yr$ijjVc#@KII-d?18`>J=h7K_c}3(L}v
zoS(iuUo9iS^QGxBruz}D*4h`a%&UymAb&D|fRM+M>|t|0Y^)NDn`~tCKrOmW57(`|
zGJXR9L$=`P5AXv?I+O`hj1+=pCvmNcEf2V?suB+OLTQlUMaBStREoPkbn*YeG#hhB
zz5m5D-vg9cEtZ3X@z)vq9FEg1^Vx!U+7M>z)&mNCK01)o?kjjCzEV_Dg2L^mqoV^!
z&-s_6q`G=~mRnqJ7OdKE?Il2WQJHv%fz_@zmZYSlQc_YtBG%0lZA_UJk7tGEk%mGm
zQdFomFitkV=29_NhXBBn+v&scC=@wKsW?aderQ{1oz|0ck@F}lj*EHah0^8=?xS<<
z#^BH~#zembORY1gYjP6-O7nz&&vwMW?lIUtx>iwTKL~7dcxYa{DQ&i|C=LdDg^&Dy
zZ4ZjSoRNW!^wi;C{X*G1HDy%2h3n>3Kk=cla8vr2&zZ~J2@K}JZ>@zS{SKB)AUkLZ
z_R5LyH|}YI@FtejYI*X+YeWv@0Q)4G-BI!3_Gt&au9%aV3gET}dUT0j8l%ctZ^YBh
z(hZatNj)`^H5Qva=t->JRVslD@fd`w%3#sFaV?E*;@V0Yh<6)paCJxAk7ssmMZ3>8
zBRN4>`xLa7g5%8mq;({u`vn;u1AF$**AEq470Q^HZ_@cYva}vs*Jmvc8D(C*5`@{E
z1wFamoAIaE4BGU04x7WpJkF7)QMtqz-SU^W9DD^k7y3)5?`AV{Ml6sj-5y>XygC+W
zSL}8q1-r(rp3JWV*&sVmNG-VlXFF1h!BsF;<=<xcU%$d2{@sjI#2;rtfmzv6psYau
z>5u^JBBOw0?F(g%i*kY$Kp=H(8&gAsh>zzbSWho;SXCwfNh+Hmgcd*l?MXmK_`h;T
zuUW}HJ^DR+$%4b3!UOFIOpC|Fgyx|^nr`dn<QT9Y7|dvF8`zM)nvq_!5lQyODQyqG
zq!K#v|KN*6v~}+~&x%FokusK~<KxrQi4t6H+H=?x1Eq=5CT~x96fs*g&U5fQIw!M_
z<7M$UiZ=n!26lq6m9^hEI2qeO_aP+YA#<Uwli6pFnw~~(8-JXAp1)upZm1DBm<P7+
z$YInI79b6WEv<h$;+&lHFD`dCA@&)EwjlT129p^5<<Zj4dX=L>0MD(`Z9E%T?VjlV
zY^JY~!UCV#bKb^Oalf~i_8cCe=6?4hT?!1HMwQ{Eb8C>8@+gAV1cjCnznE~+6Y#Gp
zodK$5j?N`d12Q(Ql`?~77shUw6~=GUN(#+Bf9&^kew9VZDDG{Ja;nP`8GCbhciiy=
z2|RH`Dxla|9l2V;5q~dn&F;o{IA05DehFo;S6L8v526Bi;8w}<UsoH~q3R7L-%coW
z`3+6kc|JV~g(Tc0R91d1QL4~vv(<@g3zrUt3fI^CRIJw^8!!n46*;#6eHi`6ov9OP
zke^0rK9=Evnn(H>1<X7~?WK}y;K<hr8M~tsyqCrZ;OStN*7MD`x~818w6e6chsA~y
z&nqA=c=N5Dp><fuT}?ysR+34isf#5X3f=xX%0_&P(zDet3W&;^sj0D#I(w`6wvg;+
zYqI=#1mSaPFh7r=YkN4Qsj<=2)KpwtTz@hyZeU;l)Ep>~%7_rmF^K(nA>OgEvBkv1
zTwYy;hlhi50n*LB?_tzLt8=6R1A2S%_4Q|eFizDno^mJ}*s9O@56+^X(u)>5zazxu
z5PdwV{1Yd67s}(>o#{Kt^Qyw6eaSX0D(Q<k=qVfFayXnDzTNaGNWI=p&hCwGp1Ds^
zqMi6mvH|L*_{YWFZv7|9CBj;p`%ZGAplCxsl$X>&gBl1kp7n9<8#y^JTpYn78B$S&
z=>$`zDRt<k`)>#<m4OOO5a1#IZ=I(tAaj-AyTXX;DziY#jziAv`jqR3<8qb&zPLEG
z=tP&Z{kuZ5;35-ZjW;m~32aqjQHj>u8Brye4F<#Jn(k*$y<o*ft)kBJ5{2*Rl_WN}
zg5VphiH{`(VUR3ybHW8ET3_{+2?sYiUCYX^m(|4dzKJPHU=tm?JRJfmlW4Ad;Y-*`
z-)CYNi}K)c)_%)Sd3g{M!-jQ=vL&xh3u`JgB}ps6<$B*yJJ%H!X8Hk<0;2fDF(t`)
z4ckEzFn>GTV-Ud)pIsoS^XY39T~(+8s_U7ut#3eC67t3xkdko&O+3X<0j)Qyr1mq@
zx;mQUgsqk<focL7jyHc$BV=eXBy2mjGQ@g5i8iRE#_>`K`XIn{{kS<14$JoBpzLJ7
zG7S^n05dxYVsFPLs<OU`EqO$HT}c<`_x`ywn|0zU9`)OTs>Ukeb%{g*zbkf?m(3pT
zZwu&UQoL~98gZhClyOn!I(FsmrG{6`%=EtN@(b`2;O;Xr-5p~%g?8CnsxFAs3KbhR
z>HrusC}6x;c6o;;iR%&a;S@Jb*G^{D^1-oDhcoOt2kWt5#o$7NWH7fyHA1+M2@EEa
zMsY-GurOOO61NTCI$?Z>lDwPZxVoAu7RIv@4cr5N(K_L3;L=rJw$E*j(FRuIl&gz+
z9nUok_>Fr`_J87Dqs3KFQ$|_fsJ|29KI0fDL2UCMG9L8?ksd}DJ><JLVCe|g)3fa@
zsI8T*{}b(c?Q3k-@G=;qL5_g1=SWyZcaQ{VIGgRT+>*y;9r}##kbxi!f?E+1!ZcKU
zG-e7Pi$L)wKh*Fbn?R%<`mk;1uX_4Mc4;O;t&iJo`5Vn&!1b?bd0eYlj~v%W1Px~#
zXB7U9y6nHA8C`WfQ*%GsY>n%oDV=T(#8d7?vLrY}sNQk~j{Kr>i0RHi6gv0Fm5!Oz
zzE03QBUqGd4PY<7v)!fH6!&#_rW!yeA2`6c{)HU$3+ojY=Kic=Il9-K2#OGw);8=a
z9_HnWf6ekuqiOvA<~I5}4o|_27)3_c77GBDq5veba>)jFC4CmX#w5rBD#O8<&LDEl
z<9w_MVq#Dzg;3%^WnC8j!<(l5Ikmu?y@51LOl0QnZtrCN+we<K>d+e!lPk)`?0FM2
z;U`w713a4saZ4e9qM)e64ucWtFjqWfv!~@r1Kn-1gcfL|!>NUW%EaC9^kmeIPFVx~
zxOAm+HCwK)c0WXiubt^^%^(=8fb7W1k;s>3toub?fRN}LGHkuCfI<n?+2#)l>reO;
zfM1->svmxOeUckDd}wIPED3gyj{c#%eDc#=)E7<QnNP3K%`-)X*4J3)5Y>DlZcqJe
zrIFgstUT&eyPc`$-=(~g?xOu!C=mUOYC1*=t42!-+EBWQ_{xx$!FL{w>r7g%KTD4%
z@P#j<S#|jOF^VwjOiH;dudbuRD#4C1%^U&C67S)@Zehb{B(*S)!ou!vw9%Y*G#syb
zJTp2^LS7!QGgKF-S9GnJFh55l2;9?ZV^hxlZd@+c9nT$z`o<_wgeBMKqj!{2VvFZN
z!jn)==8_UrViGd4&7PnvweAF{=t{*avUtUWSG>tU9Pr}GMj)o*x$jy|(!w^n`tZia
z*9}H<E9y&8d3kwN6&)2-Shw!yCLV5P%f&v!Y5~x<$B$26*u{<OV2(Hpnq=-akF_C&
z=D26SO4ux(S*Z)y(Srb(XKF@zlA2IO7!1O2NoHMT*JKQmJ5%@2mc0Xg4P?`2Ll^-G
zi>gVhZ#M@iKyyVgmt8|t+{vq#T<gZ%-~s4=V`DV{521_citUu9vR0L45)Hv0{mTqy
z`-cdmdtfR9{2C{E$PKmYaVn7~0gzu)#2;=?NU6N3O8ztOS~2Q8GH*yaDf!t@izO4&
z#p>3{+R1QV88V)^Z()_%&n&I_M|&#kGJ{?^Ho+a0)w+`}PX2ENui+9`H%E|ibQD3T
zc!59d@p{0o4Tsu<CvY-L{JYKFgsd@TkyF|8=a%dS|L%PB0&@)pfnIGJaYnK4Ew5E6
zPdu5_tY#7>^J>M74**x)tN?ps7qMdzCAb1B0<qjsp8Ggn$+ziT@eDB31uF!{N`uK=
zh;|mfTPs40Hx?*wA!=itIr<jouU6C)q{-)~uaGG580#)_%>a6-&vV0u^Sw7;t5%*)
zv0y!)2v)0onN=Rk%R{~j(0o6L$aU;93}IvcfVX^+wWN<K*2}u`Xt%evL9$oco=s5)
z%m0hgsp+MfjP2u13}RzrtIb2Hv^*V;kD5#9OOymIR>7&gyA1vK^Zh^~=3%AJw-E0#
zQwg=_>qFyg^Wp7hk;#rR#b^7X?4*9vq9%Z8U_)b7K=5Q;)=ehOob1i*ts;`bMfbQr
z0ML+#CeEZ`bE@cQv}vSyZy0jdd^%Jhjn-?+pf488KeV4Kbx0z1k6*F6eUdKM{47C(
z9EJ}auF>+HSgb}3z3uu>UMTFSCB5QY`5<S-HwmF5fG`HOUS1%DYqfPT8XvZQ--Cu$
zXEhtWg0JNRx{c%Q4V|B#9~zfdRwiRdyn;Y@oe4g<icSr>z`c}8Tgn;sT^PpgHWIz*
zjfqe|L<}p1eNKFaAo4;TC)3x;In{=JZ6dy=H(uRCK_TZBC;{`QkssxQ6u#s&^yM@%
z2Mv|ZbqfzV$Wv!itXxBf6CvGRw0`CkN7oM!dG&pt$NrEn-3giJuI!-B%(@!PFv?)o
z4F>Ub>xU1qwcX^X@MSxtY6h`(lw2?5ISQ%Mf2sXVojCdzZMF|hHY^2*8SNgL*T6%S
zQt#T|ld6xjOTwyGj|@n|4N!Os*JONqY?{vB8;@>?r|O@{Ae4sfqb`z$u{hp7Iu_rU
zLR*S#^&s4ym-8^AZ^;iY@cW{ppdcS*&4N+}W*`gU8<X!Zmr-T?#0G^GEc_#ul!f}@
zW{PKeiif=a<2wi2g}JbN)z|O{78;>!?V_PnDWn<AGub4qA4ILy>usY0)5>#2l!rB2
zjA65jzGb=p;9P(;4P5EbsjF6FQHPgjA(*yJC5KsfiB#>N!N7?S8XQ={Q?;Ae=B9bN
zDnfq^5jc6sWz9GwCS1PjF^a$obQ=ENnI+V!#_`_$>H$DG>j5|ybTHe=l!;e^kTnjA
z-U+xugnS3<9~3V~4&G1A9#)vCMP`{4a`K3mi$t(?zRvMU_brEI)lG*ALkyO8p#l5w
zLO+<8jWW(IC&a!Fzl4UXl2VILFEN7o#NXBcpg{j^3qZW%2(uul9#xQ=D+suCyQxZW
z-671O#bvcs(K{1*?XZ#8l(z<vCD6_urdmRYa<YuqW<Ln)xOWV<&;GB)0ZM2mG^Gur
z*>~yJjq<S3UVGSeAF(!5;C>6&z&^&F)ildb4-SjxoxBbjCF6Kn%7+M@F~4`&2_BTe
zB#yUOT!z8};WDQ32jJ_URklZK$3qGi%jZ}%`pH-`plHW+Kv>NK7#wXIxjfJu2WTCG
zS;TI@0$XOJV=>laaj;q&RIU2&+Aol~UqnlYmR^1vs=J87YzANQ8zX5yiM^FZ+VbM!
zK(zT2D;ROcVvGZH)4XWxNT~`+{q{yUH!jOt8`28XLLsH!>}w%AN;x&8YVkt$b85t1
z$aF>tnqL{LdX4SM+R#A$NERMN{DLacJp&92ju8I!;?7E-Pmn}vlV$(AfnZ#`5sjv6
zY26v^6|PRReeI^kWYvZHsd^kDQcol&6Wz@vQQ#XgJ>jr#o$J)xxNOePW8%7N$5L%v
zu61s!l!O9&3a?dr2Y9Vk)5Q3sr5)~`cx?u86!Gt)@pgC!^2O=t@cS)Qgb2o!Q?XP6
zi%DAcU?aNBChhaw(fI)B+l8HtXi9xP9^VFHP(-7C729mB9PtRpoghuIs}rnTBHa!>
z*)0{++|f7^CzjF!vEMZOeOH1JbtX@=_Zd;Ms+>W%xv-Z^0j31LgB3`Aj=h;;wp#uZ
zwL4w?rBb_3mv=M_IDQ~6?OW^AlGJFh*}nw3A1H+pB01z@vBGN(ngM+h0+R%$F9S$f
zWzGziLpiRjmq;sx>upcq96w=PW(Z>j2k^b1v}^NP(A&A9&srWod$(sm43A0gxzC@u
zC867&X1@J#-<35xBariftby3SPJ#1rBQPVhvb+gVlg;sJ|I8gKL5e<(nn`q(3@~fJ
z&ii}^xMvBUIOW4D*Tjpt)Gth=8!)3L%qG*_7d&3U<M@6O>)*9q+^NQ;*|KBqEGD!f
zL5{5|zRi@#(N~HyqP8{N(=;++nAfvnxqE?yTVECOeXGXHqN#2)Ge4u=rLMNcQ@0Fs
zqI^VWzFfL87zl?9(6s%0r=GS$X~L2RUHk}Ymw(5x0^>_Kw&W|73lzsAMRn^KhB^{$
zp0YzvW;}c<NEyIm3XeCwgbdUZ!5Xk8evR&pa*0KZ#14Hf{1Cyi@MKFv0}n~O;8~;{
zM8vqKhw}sv#9vYWJ<>t@VO@-c6_+r#AaK;YY$Skygc1UiJgMZlt6eDe5yj?+I=uN>
z=Dvy?%wnHqRv_=uR(2*Qb(8LWVA4#_C{5~_Dkj2ZdNVZpZTC$~QlqM>6UgR*Ta2i%
zK({(bz0h`SFe!_a#$}b~+&ZKOFxd>)UM%GWVPAU;bo;4yTO!{hdLvyjHxu4Xs%yn1
zdaE?sJ~L2i&?S|I9GMpv#Zxo8tP0n(4u|1I;smp`tZ0zG^hF<3otS@HNIpn*d7c>m
zN&Dp3l%r-<1^I2dR{ul0%tLLW)^i0@&G~ZdEVXCm<4dJCF~*SEx;l=Xd!?G_s=j;d
zS&v}qckh+a{ahp!h*M-F=m4^&MUSj{gMsv|_X%7UZ|wt%Tgu8CMAr1OY&S|j>GFB~
zN4N-uGc*@0$gE>zB0Gn~eDKJ<WDXyBe=|3nu=dn$g#mfO{#PZ=CB4NTfvXr((AQ1x
z>hR%bMqn1YT(J7`%BGyH`sO4E3Z5jTb8RXyF?Wk=eN9{3P|$-bwo^xeQ@r(U!s#aP
zqmzD=@Rp$qAHW^8ptiPJ?2U!I!sw7*<JuGb8ZxOIyap%9#8f&i1O#<|w9v>>UoJfh
z6(k|$-cZGkXaU>sr!l$iJq(v2YZ|WaltgFg3?=Y_5*}{)=92I0M#~<^!1h?_BLAk3
z_kl#K$=5&NP8~=zPy2N59it`t4$HSa-oOZraUx4aN^T@Qq|YR_48mXPUuaBnB?hT@
zYk7|`<K@H!S?F3#{EzyZm+i2L5<zUOv=dRvXdp!>-MDBI@!5U%Weg-@%5WhSJU2%C
z3c*ri^Gu8oUc1=x`zgeN)3u}Qc^A-rfcHP9CEyFocwbknXu-r;&nIM@XcpYvZuVxJ
zG{4Ol*8cQWoWz%>qHmPNovpZ@;bL`0pxsm5NSM&K>nqEBJ#xtgeMaR0MGj#H%3v{e
zGSMg#(-dbjfReglY0?7)E&LE&p<CfoRI2FOH&vpA7+psS^CZwXU_GIz*pEc=6TM7%
zILG_MK|kGI<AKo7aA+wbF_ifI1t?(1`XZ(7V-~g&xAMQK{M}cW7@2a$6;Q4YLL#{$
z`}C?zQ6djn`D!$)DQ-Jor~$*Qm!nDSkwSayUB1_8flx1;vSX&mAcFfn&W+F_%IfWJ
z2#C5$X8Plv`ZuXMKh^xs@#)hKPk?dqkCEQM#iUw2@0;`Pk{S2&$S<R^TAopLeF!k#
zyeaH1a|}dosLlJaWeYJOT{oC~r0Iyq5q|e#SqcM|9}we~l~B&^<w)MjMtWS2LzyKw
zIhQGWe%*b030iqT0ZTKyPryF0hG5pMqJhd{w0yY5J|a(dJGv}MEBM{Be8?=~zc?2~
zPRb$;f4;p1#;cRo*oiGx?&Cv!6={?KMBk^6TZ~8%{%3zLL~4;Obi(R=oTI79)ib}>
zf9u*26Dv$~b(^74y!V4FKZQ|ku;m#GcxV)iFs(xAhv7XErXi&)#QiU|wyP#W@Q5ze
zJM-JKx{9j>yyx3JFeGMXybPeGCX*f4?e0XUDP#^E^|p(;sAlLP!RORW_VM8a3{)(+
zQA-!6qt$s}bt-PNdnUkeNVWCGZ{KHC;e(<we_LU`cAp|_v34d8rT;Wawa%8Vu^Js7
zu0To?g(<b|&x;5qje~tu6J*;*SgM`+)e-atbp)|k=WZ4kxiXRH-uE;pb+LfIc+kE1
zCn$9ne51#RRZDz>l9Pj4bpgxwe7`41%IFkdm!90{yFz+lj)nAmCna;Wo9c`-;phfV
zn@h;GbiutM!p8-Sly8=D%JDw=x!57hN9Il*Q(d6<9}Mb_<}%HIzS}1MKa1o;8u_7#
z+J~lXvb_T?(UhYL;XsSdlUb#h#*bh2J?rWG4RsJClt@jmF&5YtMBAtY<$aC#NovR4
zUg~VP8XkCForOL|67SNiTyITa8gpq`JUUenmvBEg-4Vfxx{M$hOt%jMCxXO3z7+;F
zC@3=&wBEQbVCvp4roWo}^c|2G>kK5I`}7qh##Gnv#560yPm*Me4Heg@X?~1B!P<1c
z@o#>1+tC@VPtu(465j>q%(1bj7{`3ZGDS@_bgR)xYAI*yp6hYRel4j2^B)?8=hd>p
zUmytopnMZfTag>_B(F2>zTOOg<M<Xx_nH*G4cgyVotc@OwYYUFPvZhpMerVHw6m$6
zDnRKsW!p$atAIau7?&l!iqjp#-_?sQTw{WPsP!e>ld;)n;o#v@a`aj8nZ|>1K0t=#
z#FL)Ewc6SHJUk;Dm@P8Nh-Ia-wp(XEJ&)v0B3lcMrO)mt#Vm*GcZmj1BnU3phUSpQ
zcEZOEWw&vL+KXul@@z_^ex}skBgIy_$1)C*3V0Bh9vIRs4o#)_(yn72_xuJ<DAcC!
zxQPQ&J_HRX0{>T`@ykNYx0-WUWvtU>eh6y2F^|vogG5*?^9x^PZQl5NZ*AE)&x|yb
zoSN~NseHKN**V*|de_~+uDhx7T8<&hfx)D>EI4FSMim3+wa^-gGTU6Tu}CMJ5WWmc
zh=0o!3ku?W_!k1?#r>d^(p3%Ye2KBc4<((MjJ>7|sqprU(+ER5;*9!^Z_S$(shp%Z
z*m&1P7^pSqWcgEfjlXokvqKl3E;q%s-rwNjwS}iJyDVVq65k!8@TNtYZy3*B#Q#`+
zcY-RoRPqSgE?-`b$QEOuukYmS9NdUk8x$T6B9X^+D<15-$)Icf3pWm;5vU6&DJhwr
zo(@vTg?+;<{ih$Fb7$`#q!C}JyRMItvZ#_+ZxTwYsPy3k>g6M3xK;J_V_N7enu;ZN
zW3SSPSyWF@`$M<cX*2S{KOOw8K|+>+bcWey$H8G?;-aGSRR(bOjWi&GcBOJ@L`1})
z5banLJ_!lrBFj%{>M@D~L#~FDal6yq2m_eVePS_axMNXO7nxFic+(`(Jv2C~z$d-L
z&<xe4mH2szHl0~_h!kf0Ge<#^U3eia%ZFF4!Hy8WM!C(g7{oGbN=T2-7v5^q>DUQu
zF;MPnA3m9$#%_B&ERYm9a*kNfPPct{-a?IC9+e9t*DKcw`=r}3l3aSL*Zcf%{NPKB
zx|jgPf~>X4k90`9{G0rpO6vYQpKKk4pd`=wNhsZy$?m_qIEuo;cfNhn9Xi;Y+2nr$
z#iUr%Mpist;#-zOmk@69g}^ajPN_h*IX}ppF4BqL{@rB{j(C-Z;}R+@5bhPrDfM{$
z=aa2VjJ0P~J3$+~2Q5d~)H2^apbqN6M&u9!o!3{*`qo6=!r9Uw4HMp8G>AVQrLl;4
z{BaoT5?(&44E~qv8?XD+-Xdtv{i<*MeAxf0Ma>cZi#?i+x98H&-&QcfSs}e0N<3n1
z3agCm^_#&~JPPyIyvzRO8kJv0rxHL9%p%i0&$(ynlK!Lij_rpVzI9iG^ug|pMin{T
z<9Q$^Yd0e<?=EOM-E)39mFudq_0*<Lq`?VFmyv6hqjP~w?UbCHB2-t$zCwUf#H_<B
zTUv1Xy)h=w8w(Tr2=flg-mC%(yPFjUvS9L*Q(JiW`b7#aXy>wUe~_zGmgwqqmB-mV
z#eAfM;T)$mMEe{YkE@R&=f-S&B0qiQ@j6m4VA6n1tvK|A=qg0;AD;f(sM?Er*DdI8
zc%0%V%X`59#`hndosZxvZXTZ;7cERpOsHC8?=uq!qlP~)(OisMd7lhgj6UVevty5<
zcaH3g?3es*yy}6secr#J_QrlGF+PZrh+d@=dsb=F|5afeqy5P(DYu=SJ?l3NVfY%o
z!t}2)@o1_VMkTZA!(u``J?dCltkY++k+_swjmHmxt%F=Ij8)|)B%08F;nbpBqSd<3
zyF=p(KkRll$M(dT99K<Fj8Pmm1)m!{o{m!+k7FOa<v>nD#)i+X%#fa^tv3^SgIuZH
zD@M=RxDOi-Gb@y59IS48?VAh<FSX9oQai^r*Q|Hw%vV=D-1=1wRWKFN!hOYkA)?Kb
zbIhSR1{fLvX%2@EjG->sAOC$%!M$gu6V>$q^6ICbUCnye0;vD4Hs$E8SM4(xFa!PJ
z22N7KcS1nx465#nf156_A-!{pVb>9l*q^^rr_hl}DvY$J9kj82rAR(>yfvMxHB+k4
zisW+CU*HEzB;Ef%q@86@9E;j+vqOLoG`JJo-95qG-QC@t5Zv9}-QC?~a1XA7yThGi
z?{mKW9l2Gv?mw!Ak)H0Jmi0dCxeE;1A9PJ?GX^-Low5#jb#g|POfYg^yDn`WN*j7R
zV6X}PSa7(jq`e!M1zNsPQ&9ky=Tcb-Z_koSmTv6cg6NCrlligxnRHN3ob)VIV~;=B
zlzn!p`w8{5d&IA7mZZO}R#~-e`c2J@-L-#^@(1bzhpMzp^mvr(j63n)bfw~6_PE0R
zs8N>BozK@`+Ha~%hB5z)bH<I~5`*QGOwnQie9z@-9_{|b=U5P-_~X~-WE~Dbhb?}q
z#5DKs9A*_SFWcG+^jKc(*Q0Mdw@%J=wYBxN_L-b_FO@v%Cf~iQty69ZerG3phfh?p
z^!DhSbBvTMGz{;!X~7D=rr;6@Fd|TPuHJU9s?H;j7A8aU!oX!PO0m4fWBRiD=_`yC
zj?Ym6B;2o$g`(*NiH`M{=jc`j#)1Tikn3ufH%m%X442|M)~>aJ73Qm|>}%;}1w;XI
z;Fe`h*$i4Zgik|kF*)W|psJPk#z0>Tgt^xx7hGD>Qd-FWo5ytB4;09L*JkyvBGaGU
zPBpdLxpGIv;t5iPdKox}e=0$->I)y-77^k&OF@sG(d~J++uMoH=HH`2Mw+&K7}f-f
znVVUbRC<!=&;C5tb`Hx~$zl0yw9Oz)05NryjE@deP!@LV{QYPrQ5ZY8=&M}N^CcFV
zbbv5%UP4@t=p&P3ngtZGm7o@|zjQyhg1Dd{-r=)|ni_D3=9^YevNvCa(M|$$t?Nzy
z9UgR1!6U`4DeLxGsL}77ABNqg*lKzhBJQe)FxHB9?TZbiTn<e}J94}WW%&-hk3mU(
z1mgd6QACC7_Nj6sDD{z|W15Ia!wd8zOdlW2WN%hilVdC~+rT=)QoTH8r_#B@3xjEG
zZS)^X&Q6p_L_oLNJgDjE35haC>gD+gi}H>UnH46IWO93Ms#)j>2{FS%#=j@#B#-|7
znOU(^%3q*#<$f6`ZpUU55`#$iHjsTp99sx*PA<ZS{sX2WOz9LZ@Vjg}o+H7In8a%N
z@i9qR!RO>4zuuNnDO8j`JZ>yynQJ<7=7eB+jLMti+=b`MI56E{kN1*@nY#HiUzi-K
zOgK4@v7PD?HL(bieCuFsuTcIBd@foQfm${Y?1(FbR;Gjegg&*Z)ga~Y^Y`e>%hg~d
zV=gnnQVGRpDP^MA<r}U3FpaIM=?Y4Hys5iQF7*tvZFe8pxS5lSao8GjeT=#Y{?v?!
z;e4dz1f>a@At)^s;n^o1rC3-Mfu=UkKOq*C#m@#e5GSPKK3lBTXWfp4&ahifH4nj6
z-f|!@Ln7jiQ^#?AR#?u30~1eSiVKU$lgH22sDa{Tz5SiwE%-vhL`3!YjYpn8u)s%n
zQv57~+w)mX!;A;1f<IR@W;20k{d>#UvGh}XU8B}$*J1Qvgk}durtEp#%9@6%;vE&Q
zj6+7JGTfS%0b?dcUM8GAWDb)`yYs&5SG0m67Gbeg_V7i}^uTduR8!b$i4jX-N0Xce
zwuK;&+4STqwOCBR^BDAU=~b+>pGHuy_!y0D(a}atrG_PQ3j5$sh55()tP*Sl#ZN6Q
z3u{I?%&??-0L&PoQvMS;2r?R)ilQPLTU%30%XpBL0W`_s>&1-6LGu-o<j)IZ@Ja`f
zD7CW|;C8=!k*)GXLF1uoi)0VqU^Wl``^6V~cR+mig2m&AlKSQ!!a3z2P3r%JHm~mR
zhH!QqwR*COQRtSB3pVP}5*zlw;2b+l<=^RT%b)R3ly2%5muOm`SjrnikCU3x(>JCf
z9HjN`$6%!_Dc;feYqV(%u-epORZiPut|k_RM!OlUH)saNn%!6J0pnJj1p^ohQcZ0}
z^cpO<!;-dktxE7U<<jPe*LkMvGKhI{LjN<6KOxb##)<eVQHqR4%KEDIKfIV7_Pax!
zV%me#_F8B#^)bsp?3f>PVg>6KHxBhjbOCjKAfQ|QEojuxj<ckeLC%b$ke$<X>!}Z^
zT&!3ejut^8>ClLve8NW_f$e(RuWHm3g(77e)-ed(@Wb(vDcFBaLzYW}mV!rN*i;PW
z?an~}RSx!zjd+Wt*CZp5U8tp{itzAY?`*=DV*;9K;TY41W8_iZc-%=3jx#U@-{*%8
z+!_luOpq9k<igw1lR5)`{r$DHFkx*d!i>_`tYQgAwf88zw}$I=Qa=h;v)!)PBVj~-
zdTs>7=fTPjC*qZ9<Agu{AY8iK;D7IW<B!J0({i_Pzjh%Dl;FJFWu3l{a%GPWWVKvH
zikIm*Iw+bL4{moNr%x?6J~AkROEkKPl(-&gcAB(NtD)JSD1PC6Q9MB4QVx|z`L{Ul
z<j`~gQAvya-b!z^f;+9ar3G5<@pYv(4wbAr(?apqNG5OK4k72Il*Vv{F;B=x=*WrE
zIST+hJ0j+r-<+BoCDpSLyYkGEE+QOz557+kF*gf-an**bYAK7TqTlzsk;oXCF3$=r
z@<yCnp8og+>A+>5pr^yEn+ktnm}UQRlDfBczUlFwFq~p%KcnJ=hX!L5T5YzrqD}*!
z@yl^U`#{uiHU-JiWu}08L3}ixgUuCwCdX>GQ9-FlW$cuf$fOhxU6FySa$&7N8)S3Q
zYsW&Yo40Wye`y=R@7{1X1|6w%EcoTH+j%dsGVxxOMJx`#uTZO?M5caZV<hxET$-b^
zq0l45WxIc|xfm<%H3kS_Kg>5>-ue(`?^;}3#c851r&PX$^4Q;;Z`K-DU?=<1v^g<%
zbcoLxP9=6)s9Wk~oz$B>ZT1GT(l~VI^cgE)E2+tbUz`on`lWH<+U<Eng^N9V@7JQ+
z;Z>Pey4ulSyCg2`RZSvI&Rc76f8G#_8JEwBP4_rXT<0IvRK{&V#jxMIuMTR;?Y18$
zGPG(+ya4^Db5axA6ln)Esv)UnaLYKljkZ`K!nf2Gq8*2^W_@F+0Kw;1UfTKb*x=o*
zT<eP)`9#WxqqmRT&U+$@H$iV5>N&YInui!vvJ1WXTkZD;J%#1d>P-+*-I2BHk26Zf
ze6O!JUU-&I#0>f0yN}`~wv^V^-sS-Pao^u6G<h5;h#uwoPVa(r-*Bbk*5-SQ+prSP
zE{89U+xmP#U&2<_8`HLs&>aqMI_#lw?kG%Jf;4MC3~zcSuk8YcC>${|xcy{<?2M-}
z;=Zl{?tc4BW6dei%W(<K58zScsG@!28ybfF>wR^VxwqBeI_I0R07M}Ydw;(tcG;Kf
z0m6RgqtQ}Yloa3fx{J9xy^Q`sW?qVlWf8>8f}EjtZ5)$&C^i(R{{4fc199Qkk5;3w
zPj`L00okXZDk9sp27BqOKz622%P-rRo!*^4r&J_aq*cegHZM)jLqJ18J+vKoDA76B
z4=v0}EnB>+^~l6%-D$7T>~?!1L&e;99}(Xk4+6#WzE{$ub9oREZLPc;7vJy2<;sq{
zS0ZPQC0=pz!a2y!H~if6G`Q}z4~h9RJF`$3Zpy2L99a0t=}U|khf8~7<Iq_T;>Ws<
z(HuOlr9D$Ux;67T+V+qc{%?EzHyzv79it)Q*~-#5u+0vyeS@*!#Pz<+^!~CqCP|-<
zjM-Y_7C!zah-(ryj({vnd!|&lXXk>vVA51FLPV$T4I8eOw@?w}FKi#~-CQK*Nj5>=
z(d?Tv$5IPBtNwjnf2rrmJ*&0T2_`Aash5KzR=o=D-A0xf^JN#YzqwOgxU|3tS8$~~
zM|y6Kuzv+cK^e!ov2}S!MS0e9kG52q#bHZ*#uPJfI;J{DYTyS->Kcm-j}ymy*@aw?
z4!08~?HghAM;ETS#no=3nv{Dn%70X{Z*3uz8&zsCfltjYPV#J6*-&|<?Qgxq@fh6>
zTY*Zf$m6cqxhyTg?2pvGT46hOa)J&F_4y>6rxw9TtP82pC#XBVmdYEgX!9hSe!Ob8
zflM4$+`CLz2zY5b0XyEF1SC=|RlP)Ar}Oq-;5VX^9Pw%!^U6Yh`VuX2^-06e<M9j6
zOSJ)60P~$H)B227q8NUODJN}OVEI^BgeO_C#kU9FIs%SiMjZ$Y_85nc==UOaWZ7Sm
z>{bGhG4*$vb=!Ua@aMyK3OS<uZ;4enw((Oi<=!^GolpMO=rQWrbU8;c?=0qgjW3#i
zSH>qW@jxZoSH-?xD63^a9t`|Sv<y&r{b@FHeK52tmar9T_rGGdpUNYEj?ihCbDLK`
zN7YW#BmDv}glWvFUdg(w+OA7zaaot#H>og1!@thfr0<;=_~f%u!Chy(M@cU#Ha`QF
zD4#dwWgGUL(f#;_64a|d^^pxb|Hn}x-jMzE2>!A(tN)9_DO{eSS39q#+?P&hXZ|b&
z1;svA2mC1+Q;-G>v|&QK0X@?!5`HIWt*G6Nii&O-$AWGc%QQ!hz<wK<^ub`}p8{e!
zvaX)KIW4eRmP$8NPLcE6NFSsp@SF|&lk>W10u^C|S<(!IfL^vx*#8W7I{ateOp5j=
zZ>Dq=p^_3*-Q4(4sNbS@vtI(PTlyZYeASt)w#GE-ZtsrtZ<1FC2;um$?C>LUI1qe>
z!&T?WJ->ENMWs@!Jv>S$r4craQ)sX?+^<F2uTW?3x6>O8v|p&;j!PomzY-Fu@ktK^
z+tX8d&wp#S;3MBxl?QdjyZpLPJ>zYeDv$lJA7KqpcBl@u3sps72X*VR6s~Lm;O7}v
zI9<3d;w8d3#!cQ=w<06UpS>$>7`xt4V^O#-!D8J?Le=t;FA@_=`<%}hgDtiaxvCQq
zV1{LaLkZ1&h*4A5LGfp>RXsucE&lB%l>%_XPGB-XMCujye7bL_H9lq+vM{Sd;d=F%
zv~gr>=66<h5+}2y#t3!`S^dh`+byQS#?j6G>LbUn4#?}MI?CEE%yZj`(^yi@1Dzp$
z2p7jNKJ=Za6$~L*K;PEP0H*|#Z(3<nq>V)qZDg5}2y_BG_xq>H&iP9lYV*z7ZJp{j
zG+Yw!<ibRdfbEw@_NrgnGZ3rVE1*%_)l!R#26R~MGU?hVN<miCf(~4`gU$9pO)cb`
zpYDNeg8CTnRodgsH}WMt1|BDjq9j@pMV_TDY0Q$wHA<CzRUZzqV)dy8or%q-TVO<l
z342ZH<~$P5i>9aLl*8q4b*^;q4o8J&T&7`>%qMqNGx6l(!~VkIHj`K{yl0b}r^qxC
zxUdpbw9L>MvX1P?$BTy@`~MPZO-NrT!un6e@;G3u;L7<elC`KmJCl_NIk9lr1V2G2
z;~y^Fdp-VK(+OQ&G2X_T%tkN$7yqoKt!5DjI@f2I4gRBQK0|X}=B<wGhQ@P~K$;ud
zL5&nsmLp1cze<#aKVm+68R8cT7m?=A9{ToxY?hk5!aG{{&&+IJ;e^??rm<<Q+_v>-
zXR@%Yr{f@LZBfeFIT0yE$Cx@Q9;l6NnWIda^Kh<b7q%}D3T`llDQ;8jJ<WUK1Lg$(
zVlo$OBnaUwl*m}^>}=3ZE%<Av{_vRC=9XCz@wvkWO)1LNZokV-dFyH=(_8;%z^~QV
zEbgj_yn_u|jV|#Dj^Xuj$>gFB<26u-;Y-07<rD>bBqhEX%~|#P-p~D1u`!*uIA<>>
z44O}O>DBSV@HhZd3!KLvoPG-<CRtZ4kO==1XvO`1qTT?iU(`F}C)(U^=<SC1zPH%S
zL`F@|8m<0r$Gr~|mk1e&sj%{OvRfvRk7#RI9n<xM+Zn7^)?m49gSNLv>g_SxbFWzc
zqQBnP5{i4tK7+ZM<Jr#Y_YD*-u=rWC5N;TnjXGTu5~i}2;=3A2?YrAux3l5L=~_{h
zGbE)C%R^2H;d1l-O<`ko=DWWo0>qWVL}64o)w+8!7tYBXhx`q&O%`9@?c!Dz@XuwN
zsY7@)8@5sfBBmy|9f+*8{P+iZ*L)r4`g8>C!{V5Blq2WGPJSdSWtSY%E1~L9)xu=Q
zZ*QfvS&K`6_<Kx1t*PW%LPX`U?%Skh`|pr$uUne@qG}5AZSOe8n=~s{Z|*C%Q*C}>
zbq9Tb6)*SBt$Z^l0yA^-%_)0^fafMn*_SIMG67j=%FeQdc9Xx<wuUu?K`Pq4tNDLb
ziqZ*vk;FD$I_jQyZaT3slLCt!)}f=g+;+wd+A>vZS;pXThmzG+X)iu{54MP*JD4-$
zE~WRc{27+GADL9-FZvw9xWOee8H4S*vl=eJ;oGZ6R}(Yw>{j7WG6Ms~t@!T*-Ssw$
z?r+&rIOhY}tol{X_Pwh&P1>y?uTUt}utAJwnP_%wsaC|~GXEaJC69xq@H~mSX)Dn-
zFZ%X8pI#$I3g}*Vq1{H2M!0{e^Mftd(AJ7cNCi>#&v^gL2CtNr1P-J1AZ83rVEtuw
ztzE+YpUQeWn#1U_g!`4byg{@Ehs=@N6uDHV2M4oTq?V>nSsW%ML-4#AIZ|}>=>p6d
zD1X!Kl0i}lX)0>zxfpbB;AJDBxmF}fzV5~v0}3%(U8VAhMWwHWlOp=g?a0(s;QB3d
z@zNr)2VwTN^jrB5&qR+xyNiY+Bg4jvW0<jt2KuH3!&PuHAN**|#Xz!MHhG3)sfQbI
zpHg75s|0JCHwo94K}dF~u(L;1!XKgKO|FpMKQooS1V`rizu8b|FZaYx_CXnujMPUL
zf~qNGJQ-6ixAX{mX51m+gB7d_SQQpnZPnB{TU*5bSvsgBxfRWA95ipP1nzy`nP0&k
z_{wg-U%llM$Jdh)XNZ(BD&oF-z8tygMM2^XNzl1gD(gnO=8s~4`!^Bq2-82q%hZj*
zaO+psO`lKXv>^Yyb3v(K!Z=?Jk3C3zZ@IMU%4j^1vb)Q1b|s8+o9g7bEuwgy!(o`K
zYCivz^f75H!<QF3xc+kKeA`<4s1Xzvn*qnQvf|;XZEv&K^EjW%4|LQ#=cznK=sl87
z{wl)#xFn2Mrn<FTulJ&x!$0|}1Cb0_5MUH=7FP$FucCodYu1^IUQ}wmlQ1+VCojfO
z2h>i|zB*sk7>avwq%OWy6u$od;`l<a&Hp^LpmtLAN<qNiaCd?4Y;>Zs(e80k;+XkN
zI9WTpkXS%V5zd2fuw8ATYNNC9WbT}S@n)JeXh6t*=T@ZRGS;WK9wA0{+_86O@hLXL
z`yiBf#)8{u;`-v^GKGHMm(gK$8dm$OV+p(0?X6~M>-0qB`MEkmozpPly6PY1k!x<3
z$NY$%-vpg(odxFl*No&mp9|$%u=+)2qS2M$3`gPMikmF23Ck-5o$`9I=0lFmB{$Ms
zYZK4d<cBw$_mQL~(+`Zq!=S>8_k(B~YX2GT%{8%CX1^i!$zyBcL<G|ME0MRlvRy|2
zCaix9yMFGzBD%P^(QLh`Yk5Hwg%0HBhuU9)Ud1WSZcT8bRYz?iI3EpC0F^stTp;{g
zc6%;iRXi+0YG{HI=HaLiD}8oDam~#P2<MeKR%^<2zt1Z;2k@L;A`x${I|Uy=Av}ri
zwcxdTDo$F(`Ka-&oibOu4VrSKt>R>hcD{)#WRV*HpfuUt`bXMYc$1nJFt;sKC+-T{
z<@~FtT&SDOBk|pPUvo)^%R3OboytDIOp>Te;&EPj4F6_dPX5#RuqVq<<PpgN$Fe?8
zTQ%mZjxADInd96wc7e2gJ^I2+Gq&N+3#Sa+8H;cSvJ@uG+zV9H2rqHv@|Ve#ck3@e
zC#Z|o{r@%?@JS8k|C!+b!wF0}Lr450VJfazCIhST*|u$(XoC^&O3VBDyZ$*ckPQ~)
zy{x9@=(5{m3v4E!eg=)#BK)82@CMB3wo;+W5U#Bz#W7<VIHZ^+U&*`vQ;FxJ3ehLg
z162qDL`QstkD848!z9Z|Jh}M)J(xWheO<)nh@Fv@UCP;Q-3^TNZM*qs7a9B!#^;WX
zpd*6KzJ>am9mz6dzjbt{?;#u5%moBQi%<;5{mu+6D%(`wrcbUTiIk&rvc!x+Z)x!n
zP}LoxOrv$r6N%X+5kbu7HzQAGA<t<kph!02cD&VqH?Pn562XNtWMfALM8w~LL=ui#
zXOa2KEPSEri@cEdpVQkE<@fO5m~@ZzRYxH9ucUx2JK8nY)mIdlAFtds{r!#vPD#6l
zD9G$QY$%T<<?M}Rg7hvp@*k4mkjTGDf~m$a(o8l?to6nEKmRHxjTrUiNnw{&Z!N^=
z{hd@Vx+sdRgAF@LPyhEB0S~>vzE~5r7K6MXwyCM_K~oGVOmp)Bf|p$MFcIH#ZIGyN
zEF|j?VobU|iy%kn=~{C~<b6`+b8^O@$`C*-<g!oEx?30|%9@z0g^By3K>iUM9J2v5
z#eRJ_Do1!6{}KE|xTVT()vLq>l0Zw|s~x@;nvjl&P+VPIo_ZM2F%^~R`nSM&7EVz0
z%$B2hn`RwU$p8yL?lj+9;fdvS(@G&BN#d-&if}n!q<!QJu?q+UW)Z3i2?Zo3CKf$?
z4qIGYY;`{K0@b1VR{Yw*u6s9aoX*xxc6N3S56M%B2GLi$?GCEDC$yvAoX_{?B3`7i
zgyaABB!ZMRE`H_tfOTo-$P%KR$*Y0nMU(zUT(yzKUKO|Z{#LzU!b;@nMf_C?8Mt43
zFr>2QMdHnEDK9Ov@-r)(PF-6K&JZUVD7{TiZaSJkJ$cvyY8>m*s|IBuL5*Wy`G0^q
z(7kd&-L;_eUDah^>KuvtQ`6yySEu9#di!uKmxZhZM60;ldT$rG{`lfpc1Ut!W@$iH
zi|CYaCIsm}0@Ro3rXL2t-q8{KX*X^oxEHnWe6fs0a_u@&SpVc_8?lbVi*}t6yhF|E
zD~(}3U;wvSQR>b8JW5K^p2>=Vm`g<Q4D?y|=CLVVw(pf2Y^)3aqigif>*#kOMcEYu
zuAhnCwM8!~Ci1`DpY>Qi!FxZiT2rWP>SuJBfN@4O{_*Ef#L+(^&mWYPd|2n$?s%m&
z#X_22`Ojf+F7}7ND?=WCUHi+z{N(~U1XJqP4dI>3Raf)}f?&SvBE6_Aj7~cp$V-;r
zZL+_<n0GFPzq#%2zuRX1eY~KJ4L@=`Z-za+Ci9a6U8-8s51OUQ*MQ6kk@mK@z}Y_s
z3-m{6cbJ8a^D)cq+RHCoU5P&H+i5Se(yawWkbsoR;p0YsE^gPA?mw)@JUxuDaF$oj
z>j^^pBKyO=ppk$p&ByJ0jSLGu-d;)L9WAX9egw3opWZ9kL<JT-si4i_m>BE#8(>6F
zBmlQKALgDXHq-V)32(hNtRs^&mi%OI0vwqBbSa1R|Mi~M&@_a!#01q<vbR^n+rRPl
zpDN<5%)j!^V{%2Y{Dq7w_XJCT*MRhiAkdOMAwa33sLBRAW2(DXfQf~SdAXtqYbPip
zS0`G2?L-HCjMsaZ=|wGir{(H1-iJ+sRLbElnTOB9VcpSpq&;Z2Mh<lo5w{6@)r;kS
zDtD>7|Bks0RQ@IhPJRE?569BE$Lry7G9I(wD+`oMxt49GOZ<SEK3Mo$_@8~b)==ND
zauZ&GuSOC7<hnkDqO=6MXr;vgOC%37P;?M&TV59w;q?O$m~U9H)vi~2pwL%J3MLW~
z(h?JKeoajcXh%MrDa@VP*aB7dc1`|EZaAvb*OFE=<P#LN3?u$rfv}%O6QVO|Yf7PB
z9={O2yHpE!81T8MD2g)Lw$aKkaT1)Uq@m>#-+ytdg83i3oP3exEM;J)Iqumt4-Up4
zp5qFMhQsx@AQ$DZ-Q&X1XV8MCRhJPB*3Pi|LKQ8Yg<+xtp$RS47^{tI`=u;MnvQAm
zD}}9ijCJ2S+W712AUb5c`MKpcb4L)x<V?ug;#i27#r`w1Y$i&cmM1MgDB7?}ixZSL
z^e=|k`&v8EQLj_0^y+AQDF%+uzX0!+T6#@EHp{o?R1kBdAS#6or|5*t=dzz;I`tJ1
zbzu~9u_45<wCFsCTU3%31zBvTxeDVap@>QnT0$(^tyY1@`hyWa!=!0kMog_M$lWx8
zXOczulr%XVkc`eYO}fOf^M>^P-SrDrN|m}GsZmi|Ez#ED1EIu`Z;kS`358r14WI=Y
z*N9iTO!~?&Czt3o=zMPHNGkFt-d&i?UrUdOOKU-&d?u>xYf+;>%%KhN6VA^|pxbo$
zu)XGg1wS_qD$XQRl;vz^dN@9WUeH5gWGHcEBfBip!a6F@LFzsH;yHAP_6vt+RuT^x
zjlh(S!_ReQmBeWq{6WciyY&#LVNXb1M`c~}1ysTbN(lReOQwD?XX!mf1IC&X*<Ssd
zVpoKfO<_B*J1$Bspg^8_0LsiBc}JKJyV{S`MVt3%Agq)Y!IeI`DxZn-(V>V6@E0ye
zzzP5N)OHJzcdv=sk6YmL4iY|^UY08{7p&*3?>Tg{gokvZ?4-Z@O(>@X8~9WjO5!|^
zy`yxaT;6{S1~2Qvqr*VpB>mp?bdbXaqQ3tMcD8rs*T|~s;txxX9}nKqq_?}22kY#b
zeCz#c{PDksZF4s7{}U}uVaVD4S~@$WWV^Q#{$_o~)0M&j5?2@pen8~==<Y`@AB`_w
z76L<QRjO5rx<A+8WHKjZesaE?tvPRYBGcV2qXF{=3b+EolDoCYM<{%Q^;jPUFg7)+
z^{4xLn_FJ#S6cS%Qbwq94W3rec)@V3ataxKM+LI&@R_zJ7N8*+<2Wb(aVI`F#%ulg
z;lg1(dGmIe`Nc|buIEzy%(K=&*eBb45*bnsusQX0kgq|`?*pX13rAC3Q!d&J7SRoJ
zaCKtE&k19;&K-*%Fp+MswSNAGgFH)*!^xw9>10+)x8tM6w9x2UuTle%kWg~pmcn`0
z*Hbq+xrYKO{PTEtfvL=AI2-hBKS(0K6|7v+c%Cmw%K?_g2I`VPtW9svN1qi_b+x3`
zm=K^rj-n=cSwp%V{R8t{<-MR3Z~M|>QVL>x^jcRjAf(fQg1&ZOVBe5(c^gsa97{~E
za(!sjQ)XGJ;0Pg4E;%+e5~}!gx?^<QMN~~~mRT?%dR$stvYg2&{n#MPK$T`I@wwi3
zbOLVzEv^o#&u|}*DNVf*es#%QaE;DzC8iHz)8BFMIQqY7GZ(s}n20Vl5;%3f9s1;{
z;io9tUpa-Wa@dqG*6e+MFry7!s&UmOt|Z>PekGK}a0!Kq1v{Rd3g82@pf^3J9^w0c
zIV$t6azEPRF06>Nd)R8YEHa03j@8$zn0Kp8^0An(Zo9c@Dd+7owEd8i5>}U5ACvg}
z0^@FEQ^gN6|Lrj<82sf1x|e}SS9%uF4Nfv}cJJv>n@sew`;JHcmKIH@uz)I5t>XD{
z4*swYg|V$JxCEQxlkS4FE6<S;`c=sz3kykZ>HENCTGS4K($!kW(Tw%n=si+Io9UdK
z2`$NzUJglgW3ir+<)nat$eBjFOPiXnLMJaQuY-rOGI1&zPLTPGj?w~rgrVA=yt{o%
zjQ!~auefj=Ax(xs#FYmOfnJL>_R@VPKT4#0*tjVwQgrs16XIOH@(UxO_PsnD?zdK=
zD(0-HJ_J`A$4*bp^YAFu;itRj!dom~@5XQ0#Ra9loEs@v*tyLPi;aBPU6STU8@N71
zbN(bYnxa;eO-M`hb#7rnSxG5_!?C2iJbVT`d9}%wFmW{gmrUmUj$d#ZOLT1EBNIoJ
zk91X8XeKptcPu~etF{_=X?ggHMpBb$M5sR?wfKh1z}9|ZN;%E)2a89%s#2uI+Wc~g
z-7cCoX`}y&6wAkaL|x(Cn@o>EdSx6D!Gue2zBwtp!wsc@G`48Xsnw9<locEOb@lCZ
zQe4-rm{B$9b~GS%)ukG{c6~w9=|D*0fPb5Nkt)}@l1M_TUIIEB^~-UN9$&HxsV_0T
zWQYfBLp;qm)p2A|83$@ictcDa(v{}1mfK5W4U6sBi-N|Rbx<y#q;mQaMb*l(oUMV~
z!ejENT2oXJF=1^LFN^hcrKv|Mnc#-Eb5GyY=(yED7+*X@!Z_1q-MZ&8X<1D0B4;SO
z^es`X+e{JpY`i>lAXSYzqS%!GHfK|%gy|^a=85K3%a>rhyqJ__C7HwG{)PmeosX5F
z*l$7OWq*ao2;Z6rjS2thb4WgLJp832v_(00?HLITsnk$gfD&ma_{BE7cA<|}YE8eI
zO@oG#^x~Y0wJ`q4%Eq7jb}hw`tZVM9HdGLJn4vhS<$6|rxc5yx0(rqUO0L|RY^=;$
zXnrb+wjYi<?D(hAiyKdQL3VMy<Rl|2H;~W%D)!S+gk`$*{?42D7&oeLa%k#jagroV
z^kP=&H~aWd_paAIioBiXa#(muXce6FkzB5V2LxZID6g9Z+PEjzoP?}p<HYQGSJfl`
z$h{^BwU;LE3tWp&DRi1koe;xz!Z&Bul8x$@o=A7H&R!mqURbGa)c*K4p{2Wmk(5$X
z&rPtzca5DGMkiGp3SNXYiG>!=Ktr>Un8E42%2#T2)yvg@p3VlEn#Sbo?Qk)J3mI{(
zIm3Y`uNvNpAN_L21w^FG+@&pQ`ogi!d#h~@FG@x@r6{UO+A%fEi}X7`eVIc%;iv0x
zmE{eUdm1|RB<p1|Um#9<u(iVXyy%Od(P+M8qB%M`9s>BZv@#y;i%5w+eC0`sN`e8M
zc!^|}GkR@O9<?VsP{jA3Z$FKMeQkdX1RoC>bVk<VO%%2Jq+Po<zMKSVsx)Of>oUx&
zbP{Rzpf9a~mHcuTHOvMBAq={#8&)f!6v8ExrQ$~gu;$k#<o)dMy7jOV&Ht*RI7cLy
zZQ22C978cfJIJHJgRY?A#mnBAjLX0q<%8uy84j@$0%Y`dvN=~l;)sDQsec+hQg$;S
z8Q52-b?2tYqvK(Swrt!yxmk+{p_(xnn>-h60zQHIuYTg1@X^&LZ=C*gJ=4vXAwr5<
z@6@zvx=ydp3&;^uN-fKMoj8#=M3;sv*@9-bY`=hJExXg5HVxUjQRkrTi<42W<T}<F
z%z2bjtv1O?j3yYbtM1;cmFy>W6->)emdvGBiD`ff4jR;{GO)xk;MGLKmGMNYP(eO6
zELdH&d;|(^S5r%d<M1g6d)i*d8|<ZxpN-vQ%{Y=Hw}hV69nz|j2$6#9w=NXH5+t9`
zn~xJX=u?8?N~)*OS@j_pyrVosMQLhL$DuA*7#Xr;>zTr!m{@tOBnA0KxSy08sWP{|
zEhz5w&{_<y7GGD43i)~9Hu|oNAerEg#~LwBO#4UyUr>to_=}bU0^p`;kKes)k*o2&
zF<n=FC%zI@yu-Vz?4xWnulJ36F(*^S9qI~~G!%L12~&P++Cm<W)H67Gc;!6ea<G@q
z7zMg19muo1;?@;UFtSiNC?;_An~ZHSk7^u*8`BmN4r1yJQ?`y7stpa?^?)TiwCJ%m
z(D2~uJEFjvbwvd5ebyxLm%K2(1YVwLcGxlR$<<e-&uNUFxnW;MO|&Nf{rt-{ShJ7B
z=wLOQYMMmsJJAV1b#ix92L}g5cZ+x*L6`12AG)`bP>muhd?xjh4$S2hy{}5dR3Gau
zGH4v;nBMb$Noj34Vy;y=dG^UTd<cq4ciy@B)Af7N&^aMkh@yB24ut0i3#@vudcK~;
za@2?mlXtu^!yaUIICUW$S2v{_Qd)*FCpC6kaJ(<kP`Lp2h%Pdwad}Ynw?s*PVx{$L
z9^GoZW3k~7NKgNXXOd%RaC){YhaIayYC_qPIIXkYc(D7`olnuuiMp_vz4FICqven6
z%a*l_{!l{G*b5;3R@UIO?m?=Fb3R5OYfTm2JfunFI6b;0g`{URYM`d3mWHf{E+B_p
z7YGJWzgVf~iUUR8;nhkbO;b6jv|k#ePK)C=LzRwsqO_KBJmj8r9;T=Dm&3AeI!JS9
z$HyZFx0#t{r%Bv75%7LmM9eUN0KZ9bA+~XuHpALRrL<ORwbMz5U)bv!DRUkwj}0V7
zMxhDR%gp57@Lud*xTW%4WyC<;j=P@Yo7=Kf`4YmTKdI^%P}5e#Mc?p9V9K(%?Bo+v
zM$N_D*ScG~S~qN1f<e2vIez=5AK3|QC8Gy^Qg$SFNWE~gQ!;ksoowWK<1y#VmDZ~_
zR{&Y(no_ql2c9x}TCIg3(;|+R02)v*a^CzDjo;7j!?m%G*xamoMw=WcvG5$;mm_81
z_x+S!OdvPf+m0(D=<w{d6_@Cc)ai^P{_JX*H4vc9?Xh!k3Oh=T0hE@a4zWF$1}}$~
z$BScOQP^J>Gu3J$>(ju(ATV7v)A6<R@7-wi_GZ(e*%`86NZ;e2--srk*(+PG;Tf9A
z8!SYVT9_J!(@xczT-AtDv@+c{&^NF$k8q2USCfxdA7D<|vdZs3bpOiFGtU^HKx$`_
z99$cEx6Ln|jMi~luITf)qwA3vgns}|^+I&HU|pyNM9W;eTL!{LiyCfyyAqtwnQ{!I
z<C$80o&;eK0wt=Gh943Hh@&k+uWl^z9g9zcr>v;cDvFQ|Z5@xJxx3}<1YLy|n}Ctn
zdcW-J%IoKpy@8ssgZpVZ(3+W0#ck83yEy1TDHQP~P*wBO^-AO>GO+`s7UANV2NBaI
zl4D|ldWmmEu5^}5abK&hjy&YL3f%#?tu~v0pS-m0!)omo2rr6Apqu$Jl7w&Yv;KuZ
z(_yB&(9gTB83&*{EL@C4j3l|y@$u1vN`S9CL47&P&lVBM)%1eKRkg0$FGv0gy~U;4
zSJf<xSyOeKYN;HY9JA2X0$6}A@CpONO?B5h;=3GP-%cAwtm~Pqn6tVYfELEAEY41z
zWFrDSJ*}*dqu}wTgG7hye$+p&ZJp07KVq3rUF9I<_}&Q=SoJ@|I$I^yyWexfpzp=D
z4YC^MqoA%@7p_Fov!IuG1bCGhLyJ!_GczzVV6eWmQ{$Dum((53>CALU?`(qF;HV?L
zY@+9tl*Mqpy+gV`Q**rs-P_Z-j^>t^VTXj*GR5TUnB>QFGqdtSrvAYq+Pd{kDqQA)
z#@rvyNz2O>TAMpRNELl7`Dl&P5jfOX=~{^QO4w0VvEOt+u6|#8X+W(T^}4&ksZY@S
ztRW}#Z7*D|2EgR_hAEd|*gqG(RgnYSSg2JC@W?#Odg+PE$*r`W#B}HE+?EX#$o{ZP
z%>L};sXppuCE#gRQ!p~nFc_YYo|-YNOCHJG7b9$bm$=t0l7e+vJ5z^RnRFGCis9Qm
zi7%>Vb~FnO`7LL9r`(b~A0<+|g{sWOrBlOkGcJGzTQ5JCQ>7FA+iL|4#JhJJ#Zd#}
z+Q%eAYfmQ`JF5dMxRv4K6Cxptu589Xw6o%yw?4_j;6^44Q&3Pgt+HffE$qI2puid5
z%-h|uiIObEU1M_vx-D(neiTY%w-PE6o@nM5jwD@?`ebVWqzDX7X~Z1TQ4d}UmhHr8
zO<5aL+TU8y?~k;bO1GT!Ft*zB!RwTwRWxc2*VK+rw|Uf~QEu-cB%%bET0yYpzKtOz
zNmeoU=GL!zyuha5W^||(oo$$Qp+6si3=QToY}grdt12^-J?7SlBJLjbi-`@zjy74|
zn|PT*B&&w@O<cH<;}zq<o#?5mbER;$5D``+<xt8Kd8o{nO&U&yYlrPq?Bylh{$=5s
zF$wWYLCEZtVEsDiNMvjk2pF|oxgMrgUJ5P#=99A*7~UtH&skx;yO)bMOSZOXfP6<B
zzr?$9CofH~8i6kZ2TQ6L^`m|1?Ow#_ZT{x-Zg)c|jl4}U0C{QWsYTky3jtylk+*4j
zXE;!A67815Y<BAWAKjWS=2cWkruu0o=Z<LbgNEed^~9VsEI<ddJ3kXE3*Q@Pg6Rum
zz-48~JrH!4x@2!b=GErx)wlVi;;N9n=#Bx~m&Hqqe;EKtU{8TUjlw?vx(>e&Jy06K
zTo<F9R`!_JOvX;x+PvQm+l~;Vrna09KYf*&5^Yz};d*VOu!jJ-M+B$>7dl=YT9@7<
zzzG}GRo+Wmb0>~0UGvzW(cov8TctG+oLZ-OJ6n-mBHU`nKmg@byF$Asy&f9?^Yk^j
zATevJ&fGF_t#Rc~HvxeA@Zi}5qny`nk@*qN%v_Gm+g`qS;xR``*U>T0qpk}er9aBR
zqvngn(pLP@`n{qB&qUAGMdEk#A5(qg9e$6CE7-ZJR|S|wof)_WrGLOQp!849qa!ss
zpLoC3x`~<`T*5+{@RZ{2=5P{?;(4{GrFeL_Rxyl<8$ph1Ke_9vMlMhnZAg+lw4RHN
z3^(v341{bFCLbP%6p4&j-=uHN#N$W?*iwa8eaH#5t`gq90nC?s=pQ|aK3D?5!M=)l
zy#`Q+wjDsOX<}hFI4q@{CmKs>---$lt1li+aySfvV$C^r(tfm=^=ADc;H7Kr#zxzv
zr4%a7S=k$11<m%xRBEkG{l`m`di~disi^8at-m%Rwvrp~`3~l2)mF=sQC;!G09tr=
zT8cSytDyLn<=y^7Z@5g9HiyHO^K<2StI#TMMlP4K@JHYajc<cZIMG9KaPuyr{`R1?
zyUahfC6&}cjC+ZTe3mqBS^rGr=caFPF@|9gZ`a`R9^q0Rk0mt<z3ZVZhTGfaO{2o5
z=L0M%oifawim^%i4KK=5&po~S065;{5YMYocq2}7D`~uhY$mU^;#{YTsk;Q~kJ{Kg
zq&DCBEVoj%y~;S|5yU$(nE>jZ1kF<0KNs1+>?6CDwqu>GRjOU)Lcl5E2O8WZam~i`
z_nPn1nUSD#8USfnEoS{&;H64NDy{(B!a}u@Y-l7$<~wMwsh@tMiIu!$6?g-&A2P69
zXhBDEE-=7W`v()IPsRrO$2c1$3y%5R454Ngj9xzq=`lik5F~Lt3n5+TV277m+>B07
zp_Mu>P9MQp6xx7DNaco1YvUOelKJSV;deK7hM4+MCv%gJ4ImSfMV+Vun7PqG3G=9t
z8y2QY#MQMSusD#EiJKn>V#c%Q8l(HP1!z6TY)PCrQq5Lk|GhFdo~J{2tJ>GXKOeHf
z!_&43T8nI<9uKL-;6}ZY)}G-D+01e+0<vlbo#B>BK{gHea80xO&@+npLYrRUiu3m%
z5;OVpmNC=rnSo_WZ{*2oW&;^&Y%Ze!DMcPEPqO}%w`#XNg>N*8deth7#&6Y5AgB@)
z*^Nb~`7`>#%>jv0-P&84<BvjDdzhtJ<Cr%#tbjk_#aQX=ZBy$n(;aoS=GEE>Fv=2=
zulhu{slrTPH08xR`ze+DC7I^4Deo-4W}~C40%MDrxViP6?~0GsJ>3Hm!BK}dyB=aj
zqBI$}Jlb*FpUMh59J7lbq9xM6p4%-j3@GOMdN^H{N_J7hohyH$29~87mP+QQVwoP9
z$`?Hv8R_rQsJuLu(An=YX1Ss7Af%XA9X`W*D=m+En<t1@X8Ju|LnBdPz8O$|tG7!$
zJ)D}|Qv^9{=uOdL@5h$#EYhy-l}o$DQ21*vZ*Fbqrj-&(&T16j()UdCE}P`sSQ~h(
zo3QG%$x<@c^NPJ1S`;Y!t&H|q%uff#v3fzxJ|oCnhTCV!xPrl|O&!+*dnj-%CNQc1
z-K`zw)P{*vHX(II5q|0i9@7j?_s!!k(1;OqHgfgF5E-wpP605~o<HfmeBL~riyM<O
ze98k`bK_aG>}PuPK62=jd;kw)W}Fpl$tYjny4n0j;ta3(x%oqTnG3B?0nKWmc3I}0
zfq@SDzziBYYA|2nk!o`r*9q|z?wNzT#EsUE;aJk#=nveiC3lEfM@L7|(lvE;b(51a
zt_vsd)u2EXIXS1(an|*n5a?deyY_RJwv&~{r-uiBKffYl*mqJ@I!sZ}W^kTOr=!S$
zGxXZ7laH|M8N{mQ%LQ*90$Oh?6Ry5}J8uZ8hCOTXXU{vYoBoyBj)y2mK4@^9Pm`3j
zUN(;#iPrPd$1k<BjE)yu{dswLmMaaqbnV+Y#vh@e^z`&Hwn4ktyLWUPBFpNjYRdvO
z6{UkmpBQNhcMl&T>WOaOZuV>Yt#u9~U{jfgCAhhJh6KWgl`9&}{3kMuz%II=gH}{#
zR;L{0>+))uZ@22-$5iCT?q&hB-F?1_{Cef@g?;VrZtKEWyw9(b*#`$m-Y1U^qr%#&
zo6^fIOahg6H_`y`e$#=7GnNPXfQPob&Ocho9<Ti~JKrAn`%<EuwQq2I$UpcVZWz2?
zPRzr1yu9{3)EY;gz8M{*;=Ls7<286?H1^xKrR-Zn;{RTl48*yCx!7eT7q2_#l?Kn(
zaUYkArPcM<XRC(5C7Uz-*Tzky^w8(c#@NPo?Wgq>dr|~pciXlo8<!{BZIfMNLTB%m
zm)c4%o@fHi+s#u=JX(71Q?$O9@-IZcmZ(d<hu+iJ!}ee?zpt;U35)eiD`c_Ov?XwJ
z{Svx+$cTM+u-7<Nui{t(&7{PI8^h%Sp-ytov+2r2V|C82&ksu!iXM_z1I47!Yh$t#
z((jj5>79$32~2`O_B4#b0n?}Aqb2HGEC}KJsc6Khsh)25541E?J_7kO7$XDYS@NQO
z-?Rc>34XkO`t{6rT}2RoF88~4xtM>x8b}vm_UmZ;?%f+EffQpZZCp`d*GJ|uGdCs2
zPnKXN?|(fZ42D5g-gTn<iI}Tefm>Ko<&}=Qwn~XeUfLHeIj_F>9Q2T5Tg4qNw|v{)
z&RyY{ySFx?Ft`3e#uwe50pRoOERnx@<0+bg6CV~%N_R=IuqKya`Ym0V@2h==HiM7|
zgfPwTi*5r17D4Y$VvlWW6pv`Ph?wv4*GB=wc&~QlqD2{un8SvaC>T>v&MC{8Z_a6e
zJC)U)16n0N>#)*|Qe&=guNaC=W>(Pk;b!D`U^3me@#f4<4?>U496@_6^#+Tn>%-ba
zt4LZi**yNPi4KhTsD(T=+r<pKD>UCdGoT`xv_fI86&9e*5H8Pp_cr6|Ip(6#;9T(c
zclJG6iezh@{bqddX=1@H<B8P+@SviweuyW8yZ&^Ep5itj?@}O&Bh_P&ratKP_!yWv
zpsOyG9@1>H*%N<7+L^YG&+kakE2%XcPTTqXywfgpGtzq<m-<G@<txPS+;BmqzW4P}
z$tsf_K#Som454lEd##`!?l73Di&F=_IX}x>rbYTQ(%E0!+A<QA6lM-EN&@K+N%R*6
ziTk#Dl{~79f-5U4TMG-7hsMs!kN9xLKa#~I0V>SBE<-gyOX=-z4C-uNXUQ-e#THo~
zIbqy?Al^P3+JJ^_b-gkwR!~z{H#ase%m9^;B_zzx&Pt?n#EbaFfW7<P9W0QOmq!E*
z4Xv)OepB`bjLVOB8@xW@bu&7(OP~TF$jeW{&{|7=cppp>n`i{-E`w4Fj>4J?z~;tE
zk4n-|;LGPkKPuJ=rZ8IA5qLv!<sqTD==Md8$%gd}=*{Y<h9`^|up@(UwR%1i-p0&#
zn^$s>wZ90@6_(NpkrWXxJ)CWzXU4z2N>Hu-o{ofr<9h3%p||C`g<9<&9?T-85bb$1
z=D$6ah-gKOCR*&Eug`6$#u*ZmLnyriT%J0T%O#M`h-|&eDu}hvANfM2twQ`cLHNak
zLR%z1+e~i)n*+y_ySXS?jFn-Ykg`E3MpPYdwZmg;^>A@9)fC>0bJ(o_hN7lEYp)y6
z``MQIRmh6D(pNE6Tdvp=Xp%z}db(3HzXh2XnI>Z$F}0vSG#W{9X{DPlEmwX;hB2@7
zID&mgBcbVa`fgAT)!Jd_Av9!~%nWrVT;h7DWC4Zz(u=8MppTD|bx&ZYc=XPm?Xf_@
z^HW1J+wMU$FKz$N5s)A%S;8=84!j@Tn4i?n`t@Re>Yx;g6}L4xt*3B#2}>S1-}dD)
zcxa}Y)tbj->mZfxMwGi|)w+7pRx$BbliwZkNzIXjZ1h1%7BoQHJv*ahT|lw#b-T)~
z+w__eUebr0cOqFWJIL@sYShSmCJ4BMP6bDqXrvu^&wR<JrbHgPvLxeDDPXaqlP%rl
zbh~cRX9=$d!1i9$E$<EI#&Eqg6STiNkuRjZTWWja?AXBpt6THI`dX=Ry)GZedFDMO
zqgMGzjy#Ycf*G+a8dE`nlF{W@D7W4h-2c1aaDM&L!duh%<fMwz72w{d6!ZfT1ZwSa
ze7r=4ROIyHvCJL(#vEtQ3RW@0>hJKrM0thmbQTFk>tXx8KVwd^q{;D6mLWjyavC(p
zmk1EZi0E)F4f4&_S#p-f^)A}a84+}rj_UT-($&=!6zty_j-5K#zc1i4*dKyK`t>__
z4)e^7{|9()2TJwRi!?mZ+^4Csl+;G~op~Sm^cz_+UERlO=>{*mJv&*_kkok3tIMU)
z_W_BWv9|82V+rF=6t2`zg?D(tBVFne=XI5Dra$NLwrbek%Ss9@kE;!fzj_74Y2gKo
z;8?wq5j+}slBW0{UkF7wPAVu2R7>-&d)5~r{+t+*4&zRZi)gsLsLsijY2ysM^SJp*
zO@qI!uoDh)dhVPq<r>q}%l!1vOjc7t?z~xJ73cXc#1Ipaafssx?|7-j5O6jHPHai=
z2PriL@OUndqin{{wqSZMX7Pyi(he`KA@-2tL$Si%&R(xUk?@0<-RI7oNqBXq)8Hme
znK^QVLg9Wzq%jQ)W=<ZC-?Z=#asqHe1}9|n7D!3k$(URDB&37#7wk})@irHonE~3|
zN;Jn10cO?Y>cj~Wu8kD;M-UziR^E9z8p2K^d#b#G$7BPS9V%jJov0!tz1#@CuW7j5
z>XR?5jE9DK@l30;4T*PtiQBKW3Mg-2yHV2+^Acqg&#r#f<(mz5|IkQW`y&iW(feen
z<|^<?#Ps9e!RD!w<a2;mNWY(gv+4S-Q5z98HBimXS3q{6u(Ci2vsKE8K}bwORtD@?
zb&^_FK+E*Zh>^YPR5n;YNUf+Lq{+Up)<r17Nr?%EK*@F7M}ms10}IQWGC!+MNrYiK
z+HRNx?zLhdA1d(Cnk6TJveWD4Cv1b%X0&FfwgdnXlXFOHX2#uWqObI}q7MW-9eK;q
zICa48vy^G5N+1r%(XYR!i_nQ2ofNd|tQ)Tr<#MA+*L)MQ`7!WA+sWeo&|y1nm(hYu
zAi0S9BJ$2#ELtMf!1L~W4zxqK6XM^(Krzj3$Tx)JLgHklxu+2`%?hp~w={)s?~*!L
zW2rqRK;Za`I?K5$vA$^Sz(>Z?`&|v3mZ#pOwaAU^hOUf&gaE6O5y8!BN9}yo%^cZg
zy%QTE=gt8iiXI;yL78j$LaF-tdfS#Su~@8DJ9f=>ptA!0?`d?=GbDDG3YkKXEE`Y_
zxsP{^1?rF%!ysA@kOi8IFC*%3zm%_+a_*eO->s!s;nwYn*y04P%qy+SB&n{KsT6KK
zdh=s@DtX2yXh$A5*Vk_??p0lUs~k+YQm=&rS3zHD9e=#>P?O}BH&5MI%PiGc1-m6x
zs&BwAW#KBL(s6VsiMR=J3xr;a9H-K^ZMG~gcLiO{hOefjCRVJEl<C(KTmi-98X!0W
z+T5!GA}zXG?w90{xY)0^-|`i!mY18x{ex5YnpE!FlGOnGsP?~@<pJ<7N@y4PKafzG
zBJqF0xlmt&?ChP_Th`t(9MrTC>o`&3wml&4`Yk=QD`9gMlqv<Xc>M4&!Cv2M(|~K+
z8R^qDg$fmsIxI1J@uBMO9UOSmqo-4~NP7wghLkvO>rl*{cG3%ODf|8b<pj$&td0>X
zd1P8SOmbzf3r9QkrV|5S1kqrIGqo|4)(NF5Hp}vx;6Ps6sotZNhZ8niv|&ke&*4mU
zUq=m8?FsW33S}n-6~q}orgzCQlRn2X#kbSam65C&EpI~6D)Bg#!P;pG@eqHbmnebq
zN36v_JC@rg8lYBqOB$~&eYM)HAQSYG!c0bLE3w2{<I**iZL@%a-Nxub+rV=8mFGjP
zHh_o9^mFkZG$%#n+YV<$Gw>@#3{l5dvP5UNMT<B~t@UZ$IbeG6E~vn*9OuPijo+=a
zT$vy2AUX8b$2}xKDzEwG_Dkubtxx9Ns5UZ12)~@u6CiowkwmCLyMOk}44>6-qJ3M!
zSy+Y1q>3arrf8&4X*EP<h2=Gu$=mK~Y(dKbt$%sjtycVsw)tV|U3NMv+lc<pFcpUG
z*)EZGSLt6HGU!ALeCO)NxKSxDZwCBtsOTot2-<{&=#nJ}Htd(E9rc)^`SLNb!fhFi
zzFa|X6Cy1+VXbMMotQ{u%a|}3ncNd-+`Qb+BKFS+<q;*ShVJ>fq+(!97OCm+M6PsO
z?n2cK4V4IOQ{f!st?_<D8^8-T&8u{?Hm^!$PUp*>Hj(0yPlF|=iR~%4XLNOZxTDc-
z#<VY1TbwYf*mW*xoSw(%JdeLwli-LK(+#`uG!)9xdg=YKCk)S({SWGA7pd>tYn&P)
zei_2Xr{Ml~`c`;Eph{PB<MEd6h}+Uk3NUokt0J<*LHr!qtuwsLF(fzFFB0i63mV94
zmVjQm*K+w1D^*Cr;(T#|E<SV5>D=ibe0rwhzW^|dN$XiCbFNkTwe79>jPhuoM7cfa
zDH)~$AE=Q}s&%1#lN>ZD#uu;h>3Ef6d;nYLRTm;wCILokfBdo6Oe`2)9y!7XB{@le
z&na+TlM9b4e*I!I>Ot!sO~5%k#-6&KTuK4^cjy?IDKuv-7cXAa0j*5+>6Sr0p?2kZ
zE_C4kH20MOQFdLsD2T)i-3`(p-4YVg(%sT2DV-u6(n<~8F*MRrLr92}bc1x4)Vaau
zd7m%O`Of)u_Ai*(_r7PZ9c%4%U3)DP-4vo1ABx`-c@J9)rM`wPJ;t+dTEBs(L-TEQ
ze|*@1zpYt%^XvQg(_Ji_q?bP^;~fb=(V<+dDB2PJVwl{##Mw!&dz*;8OF<xzWv(yJ
zzUWWG?eQ@<&-HBgMMzvp12%Zp)9a-!!jS8Va}^2`f>UMY$-Ge9UH@e(Er0Um<J_zy
zTAGAqQhieT@E;@<DO?1`U}4djUwI2o8m!wK4*Dk<V$nD=B~Dj1&waqV%~>UaNrpe;
z8dNuh0KfZ!5(nS($<_)m$!;kvxm>?y1dk9zF1wW3ZB=-m&ImLVXauwBR9?OGG>ed6
zr&wFFz^zj^-CJlrS!0P<n4kH&iSf>r5yF$5*Hc3%zTJ2+;RyRpvjV>Ty;@6XGr1?%
z`)hyvRWI5%@aDYlp35nSrXj&F4X4sv<|1X1cklP*M&XMob)kKnu6wMq_}ez74hY-F
zuGmvdCM3%~doB?~GT+-_a7svRv+*}phx}0_QCg!;0cS3$U&oX=FE+BXoP~7)Iek@r
zPsm~1)W2gVLQ}o}M?uuNi-#T&!Q+wHaeZiVxAn%iMCSu};*#=MBs3{%t8EVXC>M3j
zW+Mk2?EK_dCv6eabQ<2e{cu|+y-E-DibvXs>EX+$UI3u1s=3jO+ou0bJPbjwVaqb*
zl->d)nJTMVTk>YF!J>K-HE^`*RJ+-1vQ@n2{B_Qno!{|F4#S$y<B0ZD@W|NUxOXAG
z?a8DkH;+GA!}ss1Db-wV*^hMX?bqYQ%BC6Z7oM*o7prpi+r2l?$J)|!q|2&!t&yHQ
zWxgsn@=a$-39*<K3^APfWrt*e41RaW#js<;w*gK|3c%Etk`u~ne;CDuOyHn<Jy%l`
z1p>PW=z63J8LHFTuDHe#!eG-nz0zu|Koq{%Hs2THDs2}ht&<w|q4JE_Ijfd6Y4QaP
z3LtmW{u=)6`cm{GF6FefJ{_*cy&Odup;QLLog0&LVpOZrVt8Ex!<)5{BMs%@Ve865
zY-BN)ijTqPvb*Z&em^hY2{SB?wpe`B|8lUgm+`5^w9Md4ZIuH+@FbtX2a}l~Qfv15
z>3nE!JyNw(pjxc#Bys{NefFWu%aWFc)-c3{^kA}YU8#(ig3sr(*tMuy7g%2^(_^+R
z|AIh|XS_wOT*_+EI5;HH0@Vr!x~96X9D@}8g(y;b-|=TYj0Pbbq9PCB`H$=KdOrfo
zgx`}v31`vs;w7S~;EB+zg_0t0Y1;%-g0&@_kW*Gsff2V`Hs!M|e$SLJxg%7atz+5Z
z&=nH9omsu_gW69L$KCdEQlimGEKa)cOGVo1MrJUEux=)w{0O^);7|dWfQL9OW|)~c
z!8|%mU=H}+7H1Rt^?8bDg`YRxNo$Kx_BA@zkLf-%7FU7(N;*WTnggWkh4#P^sWW-e
zH4;JhJmgnq)9f;yXm8|reP-vph&y09g|MPtxVD*30R)c&`JLyy3KU2$&$#zbI{muv
zCr+<HG(cwAsM69%!8*_2_qh#}A}?Os9ES6=HYBqXfJozV^Xe2@4vI2s-<_O-bxiCx
z++2heLNlAGLl(;IZHl~IA`oxv%VBHPTe^)b%AzthB}_CQLvC(x%?)o7g7uh-2Zz@`
z6B4VsK-QhrSa9bf1S*&+&6g%{1LPZ>G_}IZi(-pn`@UT6+g&Q@C(5Q8fO&k1rLsX@
z!$PT1hy*~|*OoHy$AxqJbV@Gbff)G5L9J!=kix7-C%r+zkYz#h3I#3+i8!m5g+6;X
zFL)IUOSvFyZz5T`*}s44_lWV{b$v2CHL2++^&8vM*DePtI*b+Cy3G}L+lrHoj9?e%
z+8vliw3IVx?pASp^i4PTgrzFW)WIbn=3ZAKrKQ`))bk50`|Xo|Nu26ks+igdPrI-a
zk#Zx7Mpe?YrLZyilxs#A0R%^Q8s5%EtK^`Ug%MN*PT3zA6g*g&+{}xz6Ex5zZfa$G
zv2@a{SME7EcW^{DKLoW|bn<x2E;&5ZU#L&Jw{v<*U^RQ){r3G%%fg<_kosQC;82s-
z$|I@#JpJDkLTyEa$*Mlbzm^IIERM*OB3YbgceHQSF%569-en9fQBB#<`+ae{YoB$U
zyc{J_V_I@>*Kjs@EshFp(Wlyl%=_}P$`19v%@b%$uA$ZAkJlONU2&R9^e8x&+^8x3
zA!zi5%9Bj4#NNu3`qhqL8fQD}_kKO8hVJ-SE>nr!D;nQ{*>ekzRFn&8S)2pdM0>z(
zke@eEvV&$KDNhp*-L0{$d1B@Ux^!qjL>~Ece&^3>#E$&_Z^{K&vNlAz3A}VX6Cyxj
zs@4(A<y{G?Wj1#~9omw@(nY5k_s0wYh1{j)qc+Z`dbPf~&<_GH;eTCq*n@@4_|m1Z
zK>@3a<i-Q9f8VV7%!H|y$<RNqx*UW1R-<aMe@yB#3m)4RihVP_STQZBD9$f;(uSsO
zf^wx%4%?aliPt-TQv`%ppf{h$6C7h)Dz>XvmRTTj#9~okV1c1MEHIUr<bZA754tE$
zZMp&`>or!QqFIkP7g#Vn?0=td8g_RhI*E$62fTLP7}Bb7-3_0r*6a%3{KoUVP9h7m
zTi|!GX>E0MxYq8BU#in&+P9N=Y2&BJynQI>#_e&qmeFbPgjK(hMesVYc7|$a0fbIw
zGrC=jXBsjitlQHYt;4I@&^c8-xz9&8LQKx*<$bgVX2OH&R2r?d|8#}+Z2^&rJ1`>G
z?SBG6l#gfY?hr$s>*J9L`?+59sqFwr65EW7;~iJhOP53NnPv0sRAZvOt&a#p+w0ma
zS&`HSd?{MOO|RLUlJQ*P;z+whqg1P6YtGA@r?s)zkQ9-5ptWa9m&m4`Y~<MB=&<QH
zvT^R3O)tG{(@Xf8QMe@hlk4q@+q_=E$vSKhUp7qI70+V?y}3yvHl2HkbvUhcCq7iR
zu0k`&nkA`K?Fn~+5V{!5&)sT&dQ<dP_)WF>U<w&Q%}z<13tp)%;f`bnkZ5VnqEQD2
zQ2Z{Nar#pB*6g#v<F=k}A>WS$8gF%>6L8?n{T50h&wdAiSV_xf%u$~-1FyG%GG9%l
zau<vbB$()~@~>o^H2p;4_t1w)>#`;n9cCUz-?BI&K;>t>6Su}Wg@fAmU8#=^RkiEP
z^ry}w7O)}NnSomI<Sa%>yRR0>vXw(k!1+D$%6R~qm-ByV5=nZq9)!U6Ifdx6_7s1k
zLVBf3Crq7l7Mw7Q+HR=~iex_RQ%iwBDx0pxPWM}dI=_iIs&WKdZt=b8@2Zp+*AFj;
zB>#h3Ma1?iX*~}Pfoe`}H-@@6KeH3ELs4HCupO9vQetR`Yp$>xkJXL#HwM>>HaBNc
zrbo8J&tsI`mQE=yXXqAbxahZ_zh#$iVYI!pXPFlzg%!YA<$Q+bFuv_cg7FWU$Mg@<
z*1GlHxIr(x+jubTre`|Y@{KY<RndP902K$IA=-a+c_%e7mXoSA<$2|G=E<wNKe#bu
z!1p3lX0*})!e^Bhgc+4(W4&4L-d$V~1`}{G;{ega<C$leSlOI2Mm;H6aCf_TOw4GI
zEbwYR$}Wx8eL6Pr92?;0fkeFq_{bGsn3Nu6<AU&{zVkSoy4L4z8#SV!=xR=cQoZo-
zn9(9+ZzM?m-0<a6H&y#W{)pV7lPyza6R|f<n`uECf8DHXe7iqFSSAnKAu#C}&TCIO
z&?n_JI^Xkf;Ba2nl9N|k31qV~G5UV3x$yIgab04ov3$@32hqN{;$*%`<RI+Ivw^=!
zfuL{-gUu4uZX8(xEis$?*5PTt*Utr`kWnSBI6a$z8|dQ`gX)21Rk@gnYEIAIciP0#
zyUaMoTga0a{6ZsO)?VoH&mza->6r@;Fm<UQJu8ebU_#dm>?alC*r^-2$;_n$JP_mE
zFBx`p8?;oQ{Ipus`9u`^p$0UH9FAxQ=T&AgMQYfn`-^5JNxEF~Ev~vGRc|#i&apte
zfzLV?E)5>L`1lAN$s{Eu;Smur?l+1)<Kf|<p)u=;CdKJr%)$fI5!uIjpDR}pk+zr^
z48ZUF6&d&t^0Xmy{d>rEtGpv0>2c!I-6G!@LP{2c=FbTUHFh&R<Ki0-Y-;MzurQD4
zr$8G(S-gy?spqM!2{YB_eKdw^uBY&A^qAB}M(w5$F8Gny<A+KI9ZT~<E&Dl9<i38t
zlw3~2+FX4a*K%0*4(ROkiLxiJ1Q^-)?okS$d_@hhUfGhdV-jq;YO<RVzFU7OIBdIT
z@8`=q(`oyYHwgY;6_I*Q(hs|{Og>>@uPncvZT4a?9?st+3qC+?kAG0PKy%IR-wBw*
z#PSFWzgyv`Ou`R;tq|>d0I1;DibWs5vHt?RIoPLNuBk!kQaM$#uTo$sXh^10Rz!<P
z=rKPIQmkPB0JT_z`@UW9u5i<}iCm4}r4MeY4gU&?ui3xxP@PwNyIy1gO7>Sh(7#~X
z-<Ml1ypIs(uKe)AySG>d&YU5vJDzP8_QsSMa|4(~1;MXq7rC6jJWlp};BTP(B{?`r
z?!USVM=*YmeEDNa(Ao`#zBs;#CVe4%cYQUAAO7?4+D>$KuCvIVK>Wh@12*BKrn}vr
zho|SUhv+je$mgb+_AN_7Ki=;8^=6YA-r*4%j?YhRdqO6{Lo9q3f|zfY>jUfiQ^%aI
zD9tAY1y5Jp45><d?{1O@ekjOHLb^z~(O3M`NPK(F+tQirc72e5zOd3iph_QNA}+f9
zypPv|%Ye}Avfug|E=NC+H($29C7+7n6jvX>8ho12ZqH`wKHj=r%(tW^IEysj{r<5V
z%V5`^3MX+L4&1D6x@>~4=isPP$wBkJUbmTfwypjRgF|K|(B_4!_tDK|Q_%T-#&3^v
zUE(^3$5##3T~V#izAh`oC2qIgEGut-Yk<!(u6eJoP^VP*tK!cF<gO;6-rF0_%IL=&
zEa?kZu=Ras9f7eKVA$PbABNyr;0LdjkM_QNn%pa$3oI~_yW@|lpM0-loX#&4m8}G0
zm$%&wq?}rNU9U3e(8+#tax5SC=_wWXiD-X)D}^UxrnUZoCRWNg`UcbSm)h7l`G-3F
z7YRz`TDf0KLZce@Io&prLpz^FlSK)9>8v|C8-A*o;Or$LqNe2GH7sR_Pc(41`=g;V
z<QZ#5)U<H2tMy&LhyLiKYv6*!QG~<tQ8gV4$*s`Q&S9GYITK4Uc1iucC!H$r!H)b8
z{d@Tr(;sKRwrIh&3cU;dg4L*Dm3*XvF*44=xy^Q@;YGivJ#D&d9vkeUmE)Nb^!ANt
zwXv3BwpK7R#9r3wxlEJK&Cca&oNPcvaq;Fz6H=k@u?3KWlsik6UhUsAv-K}k3CNRs
z>t+tlJnf}SP=dsA*u^{Xmx}j$3X)d;p^mGx(A%yxBExV_lYj|gVEVvBlBQUxDESt_
z6wbP%%|*9kmgvFc+msZ7h3xLsjV*D=mmfr^QOkpp*UdIEnO{uzVW;_7hP_UO<zW8D
z`kQww0%e79tiR649@_=i#&f2ZLOL))*UR@bydN1-Z(W+I82D<u(S5akJ194f?0&h{
zZNG1~=n^WBDkt|Bq4=~>+S4WKbMOHruw3sD9eADsYZs0%?c2y7?q`=ji|Tq1)XPRa
zQ<xBHP~sPNg5Bhn-hb|~o7%YnB@=dXIS*b-iY!Nh3+P-#{?b$6#YJ>U*Rv8z0MZeX
zdm`h1e?}Enc=<KK%6Y<Gn|!q|#)XPOg2^Oa>O)5~g#8JyX7L}85H>6$hQ@r!d`a4s
z^|t!8&W}w~C)O1Vj|zadMx8_PRlo)1zJoo}1OAeudzN-vJHK34>@8k2RbGyahM7{m
zS(+mz;WRM`R~R0KV;qf^`QePD+bH8>n|RLiA&S)GWqf_zT7pI)#6OqfflpWn0fyo4
zNrPagy1n@Fu0upPO8(2Ybq5bYvQ+(4Y(I9MYT1Kd`Tn<<g)Uqn@k#NWONZ0Ne`tf+
z=NriXPy^R%E2ju$Fc-*}AdC2xX5~2sSrPw+Bxq+Vel`v(hxRM*`LKVII|At%bqz&b
z-<ZCA7Sgj;!Q`y4-xAleR>FhBwYodkXgP<j`7<yN7ubA}5FUVVB!FUe4c7f*5c2TZ
zZdUyplMrL(_%}qDV7}U%otiL%8A-R!eeE}|FK+6`>Iy(itp6nmP1x5Bf|+$L<)3wP
zf-a)}{Izhap!?o?b(>Gj$)sF<yZd2g(vJrO@!P7+jYY@KlAXmh%e0z}#`{4``%^0?
z2{SS?I{k4b<y~_FZ*k9k!!hsoef0kgqDx(D0qijZpQWi~Wo4@>Dk^Gg)rX1vgRz-|
zZMQi4{L;Xk{<3+*fPpfob2-$=#%lANgea<maEjmS>6fi{b2$D3*+esu8H-l(u&o(S
zg~O^5T4iu)a#qO%bLys@r4j$o=%=EPc)2w#W+8{Q?TA4A1F?qko6p~AN)|kQlH(tV
z5?Y?ja{l*bWIKinOdbh^z{b4r+js8TQ{86Y*FPn&i=)dz0AkgnAo-kMoXz<k<ek{M
z&l<&n&V0pYU}i2YEc`6!!9m2YF2dV86pK##AIu9!=6}o!6hR|2I5@<fmBTvwg}sdp
zd@QVN2sa#GJFxx;!XxlmX=!Kx`U^PFBYN_bf>Kmo9;A04%^xWLTMh-_z4-6-_5IU-
zlP&%)DjvMIvbWc~8;_EZ5n?C#!_@$m%=-qHO%)lLFwbl`AO*6MQ<bMN-yhZqVDCH`
z{qX~fkZ?+fQCe0uJUo1BXGcvD{VxIuU~d??xVZ3<425CSp`f5pW64-sZ`ImN#$57|
zDAaaT{GsCjT}3rtA4qm}b$$N)IgqY1?Bhqx8{x(6ZDI_JOaqgD^R`YSwxs8}`Qa$#
z`c1)I@T&Rp$uHc>0mIHSYRUgz9RS52A3aL)YS`~~<=3y!&LwXjA0Sint*IuM@?XC?
zsLP1Wz+){jGc%L!*5~Duzs(B+HEA_ApWi11VNWss?*IRjoP*1uQ2a0nD=Vw4tSqMn
zJ#OAVQ{s4i5C`QIH()LLBMOr3H|@6`A0MM4BP$OR!KE1i6Abi9PfyRu>8Q?bhVApl
z1&uIKR5WmHn~nPA*B)SZ0Fh$hQXGC&5_|k-1|>*PwJ$l`nMx}a=l&)J1c@=lSVV^i
zN2dh{LR^9>mR1qM9N#xKIvkMymw4a~pam$%i)Y3U!un4Z)%~YNY7eRv_{(1z{I_iW
zqv`ekQ$>A4LsqP?A3uJGiHol}HF)ye|2RoDh!RUeN5L8AR|@poQ+f^+mAfa9$7ms)
zMu-e{VG>k;T(B1zFpv;V4Fg4UM%dZe|BN{+WM6gKuc1d%(Vs4;3;vVA_#_D~MQ3hg
zB&brW6oRN2-e;<#qf<<WsHCh6#C|D*z$v19?D2AU2eC8$nT77kyRz%MvTq-nK!7i@
z0U?5sW8PrJO6MxkZ)qESj=?lnRmH|a2jX}Dyt>TNQcxHQ2n+_=_rxQhCHqK+gW}`u
z{b$17u8{>H2q17_!W24tu;^ie;^@c(px~mSqWijG5^?eICU4%bC&XknHcpR^<A!t=
zSp>WRGL+j`S^Y8mFV4Miu$q?w3^~yd6+1ik5?EU)B(fhPA>Wc=U|pv}n5hX?X@PhI
zz_wwE0Fur45bW3aTWV6QBmx~S^FbfofA^o6T>s<EWwEID1K_J;DrrKilx9?Am8A5e
z*T4*?7CRLjC($4_^e-(+;r8t7>hCZTVibkEJW)&t#|gr6s}PW&+Wb|Bm8|tuyg!{T
zLB@3WtXt3cjTfCtoHV=e7W^~vKkPDhr(VlC{x=(~ik*Sv$+Z+0J*&^oiN|d+FT@P2
zI)+%GdZCJzk_<VIO%+5thJrGDZ+4eMn@7lS4<bCC6u7aZT@@lMT%JiwkZswsCc@Ar
zZbG~L^o5;7&<V$jEpBxw%PJc9d=1CWf@X41mLo2=riS5EoIEzASng{1mW4}Jl*tJ$
z{|whxY%HF&Y9|&c^Y|C9>4x-My{DXl%<i-?BEz81TU+)O^qZ8z#rk3~wdg)E?O?c2
zsnX-rbL0rD0fEaF#^!HCR=^ArrA`(((R#F2tj(?~I=^pMYy)HXM-%cw4yxI?jMk7>
zjk7$v+n#dB;<;74KoHE55ZYLfV-c^_<o#B8Y02p!MhUGbSGZ*A<D`m33X+zgYHzQe
z*>L`wj2J54TgFH)Cl_f=AnpRGeY*m4<7I5FT_4x9Vu&kFSaIwBLZuCj;K)sH4nEqM
zjU<jTF?e^DRt4+%;7^*KgIT0EVAtrzy(Vd(hBD%_ON^SB7xJ0Ey<JC(A?BOJ7I%9!
z?WcaNyfXJWB7OAE8j!M;e%{5a#@-E&zc%SkI_&HeY?YN1MY8&ZYuAHo3a`L&<tLER
zjb`tCy%}~U#_S(N0!@YqS&jX_^w`h5mN$qW+Xe2_j-yKEz=qB`KEuQ0uQFK`S<c7l
zh>JFIB6oK6;o)D0b&co=3@6GnTMsF8nt*KST9<|H1Y|{cpP|!`%}qkz@Y>HaC(7E`
z*zE4?j2++4YPKpG&9E51Uh>v_Es<)!<qqOx1oaHp0z_vy(?<8!l4KrHxfVFeo@E)*
zTJ4VD1n*8OF05%iIVF+|#_{$(=?-0VEh-_e`oop{X(gF2e(NPN0SLIUOrp1RD<d|7
zHL-W&sK0ZFXk+_KQG&7|r}7R=0^6v!y%XF=HHR5S<q?s6W2gWqOcc?Xt$e+Hov@s`
zF>I*#x-~w<lU1lzA3dr&b@YH<P29}-m4aH9JoM<T=T>)wBe49{1-U+%zLl0_Kv8EA
zKa4n1-J2EkTLS`lrH>V#Jk=AT6Bm3WMdG0RRPuWYnR3aB`Otw0)nOl}tvZkxv8YH!
zQ&Uq>QBlYSuB@y~k7e@vcZ@&}UpsMnT<36OGMDc=g=jo1%S}P_+c@Pip`_Y!%C1$u
z5%>%XPxa#BDU<zeK7|wQ-z3gVtIP*5h`if6D$}j^nouw?V=Un*nY-qG>S*RE*Pm$I
z98V&biJ92*w%?vfE{qu#v8LrbUTP85v+~Zx<#TGPNu_wPcy0^81-#|d2dqlqIL%|4
z&||g4UZVrkB{UgPJJrKAbrGesiD2*qo7LLw@Ql+OE)T)7VL-r8YuMsDJ44czNz|e~
zzS5!mVm-GKG}T5KkxzEL%JjZAW|9i>U6s9|p`o3abP8mV!%eF5j0rNzg^m3QkqPjQ
z{6SW{aZsv=XScI{ThqJ5W@53RDV6XzHy1TCy!o&;cY3kPcU_5`8&x(Rez+zR&@3Hp
z9fyx%#SG#^prwmAGw!~zq1!&h&c5Bv-Bo$il=%bc`FI^K-RF;ocrv}+uM)*_Wti~K
zRhu#WZhg0$R--y56q40oxJQh8I}vSOH2gy6>xU~+v0{;Yj^20UA@#D23yjdx_Ns)A
z54~ToeEFr+o2#N5uZyofp)Ww2G)K$RI92}QF~5oL%N+!dH(FMv7Cp*pV|`Zp?lo9`
zj!moC35AeeNM0uFg%kB#>zKCs?Uj;9$>+i!JFUt|ZRB}Jch7%Q<hp})0u2nmykOaq
z1+0#-Jd*{VF~`nK+Jfz(*A03jwWNd!umJLI{T7V#Q4~eaj-bL1TMCrq<3C4I2rDTY
z2)R9AhhL7_d)GxELJfj1Gi<w9*VU<a1SxFEkEgF39Y4j;#6n4DnWwziS<fCMM1(qx
zij79llrTDwe(2s@9fFF=EhLa5PqC+gFc;3dXRSA@*d(YtI<(6d->#mdN{50=sykX&
z&v9YY<&lfQN;3atdFVVHxpIySH?LGw)BcWdbmgeu$tGqn#@ePFy86j%S>yG)GiPs?
zyq}?Pe>lj&=ux!WN>4cC;Xkq}`!r2s6GgQzBYCQkR^eeLi)De5(aH@}n^zeaP8(>R
z2qt{Vh?2y794ql-!fxH|=mWfdXLP#@SGI1|a0b8QYHwIh59{neA9Jyd^&-U~LDd*i
zh_i3s+<g1AR>qsmeKr_g!HUutMNBV(UQ$gZ^Wa$P=zw=~UMst}p<zZoR8jIhr!Ae~
zgifla!?Uw3E7O8lsb~^@d^ak}oVqVriJcn^ZBw_CD^=D+-}X43zdkwLbT_4rwAe~@
zjU;rgkE5|(DxTa_ZvHKeEWr0=+Wm5irxumZJL@Q$(aQ_9=_M<ZvnsrgPkumFbq|72
zN^5g)cYGgttu3?Uu)i%gOt?BuX-<Xilgvy>>XTnom1W>S)7)babifnwFYQ(F<~u<+
zBtR?D+SVvy_2W}feN&Y%Jw{RDA4R5ESXhfn^m4?S8DXN>YxTx*s?{9DFJc15EzwXy
zP3_`XTCxJ>`teW5u|r=>r!p~CV|^qQ@uXfJI~<)<v6hX{;Y)K(&|`PvrNr(TKCE{z
zS5ekt?jP%ykaQ_qIxuqzSdPn`majj=V&Z&CnwziIq>6<?od(;2U7f3xLo^LAupO6R
zmowZ6Xu>+w%OAsIUJkr1E@K@e&WWJQ>0-tU>88pqvL#L3$+o7H^YK8>);(l=45w;B
zEY}m3Pa@owgKgCy?Y_2WyNR)G@?KT%PLjq_J2Jf^Hzn?;-L8|_X`wP9f=|A^6@LRn
zpCL{bP+=;@&!_s*!aan~F$MYmI3L-(d)damj@86%W2Gz4u7sl^aFna)QN+68n`K6L
zdh18l33c;abdsK#`fkpHG0$}jbMg6wyrvrwNa5?5l7G&o_!@v|_g=2OA_-$PaI@Ko
z7PrV=UM@G_yBtNi!N5Ot0$&I!IE&Y+34G-|tSv0mo-w=<;Mj|0Qg&>@Zyni9R=zWk
zX5ScJ<(U`m7dT&9Mo%hQ0N3x_JR^r-leeT7G&gTdas2q<h@?N6Y0}wnuB3KF0fs78
zq!3${axat7J^8aRAaICz+qOdqo<H*qWO`dO7P?gZwpkNo0O}6ae!`?-f&2820~qz%
z77`a?&}hEE#g#j|d4mRwX6@aK^~nfF$FCQP1o7Q=3L>QGlgvsjpXH;)YI)T)Hs*)Q
zilLTCNK>YbL617M$e~i(t2lB&&-?ATsgzFXCGnCx8nVNun+@<SF=Yts!ab~Lijx<l
zzZYz6mMDkfVELNr_Z|uMt``2T(urH@bd11z?)7dE<+N$3Lz4vsJ!4Hd0m!Sj#aQWC
zbkg1_=4uzeHCg&QnB(mpxTc{MP5)D2TD<zCT5N0&Hp9faEKRLPeXcRy$i(~X>$yct
z5Xx&V0+Rq(*jB_5(=n1|Wm4Jm*iceOafiRhmq0Ll*>>}#lViyj+zd#PvfiMIm1QAA
zZ)DVv^)jBe`}DRkxXF+rfF^t3T8QrRaB6Rx<LTS}z<z7U?;BVS+DOdH`ZI_Y6RtTO
zo%tsoo=GNIXi#@Cw5YW28?%k2J$|1+A9c;=x#=NmOWVRy`j}d@C0*NW2>W0!tX5E0
zNh?ix&{|_BsYgW^RZ22@S=y7uOnVNG;UI>ue3EJHHZd2=@s%iNca3j<)jRu^9AD0~
z4!;F=JIR;Yh>gtxsb!6v`LC#1`um{I8Ei}$`inA)t8(b2Cfg&eGrufLeGtRt;>O*;
z=iy>PsVvSaXL}(oH8kp4^}YS%iyCTB`x3ppRE^qqjWlf?tH{L7pP%WoS7H(W90Ua^
zpFt<DHD8e+F^kS!ILSCT6fQGHHXJ9}HyNLIuU^`x>Ft#^7uE9Gc^Q^`)ik6dEBpA-
z-NZtSUGe9xop}xtq;$XedUgAl&hL$z+02oLGj1L)C*Q^PGb`rV9kva^2>4gEw;}Ur
z8OKfz2SeRUgtmT|)=2nhMJ(Tc|8n-?xLY2gY3IbPJsNu7joDWk4fDl&GW@yepk?&Q
z;hZ7EIV%kw>JdlwsdA|{*$}n&d6Lx!x+$-L{=_ZZJTu;iF6o3Vv6rt;U%i^;JCbx@
zQ@OP#w~E0MxugG{l<nOD!9(HxhSgnd;s*r#P%-<42fcx`ya~Ly&U^`vQ#rXvgbV@0
zIB0Omz#*Kp2uR7%L;YTul0@$6_hAkXmM=F9)$>2VjM(|8km=|+OQV=cW)omdUY?hV
zt~>?WKah&YS2;jL;v58=u%BID{ry#%gHXgNj2$G;_9k4<ut`AD1Y8QWTMNb#&BgM_
z5p*ku?s3s%l9SduKOLo)8X7#@J^A^jh>7Eo`9SImKWBRf?MhQanwoMH{Sy<*ptZ4p
z3X5u2vXnQGvzOCnmb~Ny5e4m~1a@ML5M<+_mDreDn&*^ayP+#e4d3EZo~|wJ@wd;%
z<SJ5`R5aqvCrPezQJ18kn0=P)FX=bsXwXw&Kj-2#(@|+$aF3GgQ{sD^(tpCmS?j>I
zs8&#ELx%EsX(eiKXBP)d%s`n@$x_FohJ)6L%QU|^A?;Yr1`(K$n6#eN%JrtZkVmQD
z8T+BxTnW|Hr?-}h7DG)zmDLR=HhmP)qXpy;5nh1ZnnD@HCnqN(B(fiFrF|!>m%hJ;
zW|TXfI53k~>OMZwWN;CMExG6x{ftPC0$q42?0T5OL}ikI;;sb$M2cJ9n2jJmKmY!S
z4S1Ur6rzKIf&dWHa{>;a9Ro*VeSLk$FKwLCI|`9vW^>oAY|pbt=-#GB2~X(>-NmM$
zX-owya^<WEqY)bt@m^@&awL3NzU^KOIZUp3{UR-rVQ5&mW+w{>>X(<--2<eOQ0iGt
zq5Su5yJN~diM8%rF4x<z!%B9F&yh8B;CFumaQ+r@mj{K{#K{|em!}e_y7K4{?s>JR
z&_nzpKde7TS>Sr<`)4ZBrj5%J7q^K0THWbOE*!Cim(#S=K*~Z5^VO~lktF~4#n&6J
z-7;6yczq)!{`OU6zDIaGWB?5+6Kt53%dpLbOr>LLFW6l6CBA`rSbMu-aKLyf&^>*Y
z_I?#I?F08H*Zj!-d1((8lIa?}%axZYI)^*#nOv<)Xdw8IogfV_HX906%tvcI5&`{B
z+(GUEwGnH~kFJU5MO^8cQ*r&t7I(XWVf-4gF)|Z@tc4TguQ7-q9)f__dv|cQ+}4A7
zdbW%|AK%hK@X-8X_c1*+oTAAu%18flnB=Nhsj9{&CXOqKy)Q0i6c-maO)G{x2@dO7
zK@Jjo*tq@u+6?y&+Y|$07Og1TzvgM4J_REK;YquUD?Nz>8GuVg)Qn1sAh@unj7&`9
z*o!hthwkX;=zl%SpQSd0eeW&G<R?=Sm6Y9T`>OiYh%L|njXJ)M8Y|56v0xA-3?Au^
zjsU#3<7$+T1Rd|uzyE=sO!Wi8!K&s%T{y|-psxE_4U|ap117-hcVBW+mNfy7%%6V<
lYXA0C{-1nt-AaXb@CnF%;}uM4HTMt8yi$-T7c+YQzW|GV$Eg4S

literal 0
HcmV?d00001

diff --git a/windows/configuration/images/customize-taskbar-windows-11/taskbar-windows-11.png b/windows/configuration/images/customize-taskbar-windows-11/taskbar-windows-11.png
new file mode 100644
index 0000000000000000000000000000000000000000..9baebd536feb292e0959e198419fc89002c0a5e9
GIT binary patch
literal 10392
zcmbt)Ra8|`|Lq1291!W2&I8g&9vY-uQd&}^;m~yu1wrZV?vfCY4wY_@E~!Iz9P-ci
z-TxT(?Y`WHz4lxWYwj`TUNPoxu5e9t1)OIuo&f-Wqonxy4FI47KVcC}jHh<2G5O2W
z3&s77f(%eKLbdbM0oh8cNdrJlH1^#)^rt?Si{e{%03c=l&x4}$hUpjpSUHtmOY3->
z9t2>un#jclF5Msa%mv59d=~g5mqbS=3&QZSm7*Y_XUwU6P98>0g{~lnNrxGQ$;kIW
zVeBFeHkRs?*2DU`uR<szLqorDaNDvsr9bWAv~s(w(tUT-b|Q4-e>7dWy9-?kxH&J~
zmDpZ%XABQHV#Ala&h9_?0*U@DAgPRg%=e<O?jYq@C~IVw_;BZI^ZS@2|M76$&VWp_
ztS{=gu<zX+Wf{~nUAN2`Y=mq)?3xK!Vp&WP5Qc<`uW!n@WRP7P+M&(MABul)S28U7
z<SNqtDQvprBQahmjA9*BU5$PJje)lym2sF4#<VzLU0eKB{zq#`!eBuQ+r<}za6($|
zt+enWdIU*|`!sP+!;sG{=*Wn{w7@|F&)TnLXHJ2J{sk4?z!qzFfrnzSaT;@HP4=Q-
zL80dGS4BBFQO9JJmiC&~xO(<z$xq<Tw5Tg;PtVrxc)t%81rZu+A1uYvO7ayme8l8W
zbYx1{C@dr1I5kD5X}j(QTH;)^o<JSv&oQj)?qBab*J4piSY01n$Yl@yNad9{&OwC!
z9?X8Cuj*%ft{TVD7_#gd%bZ`rt|ZGbiLIR}N$M|J>fCxTcwsr8=b%+GGRU3ectLhH
zI9W*Ls{}HRZe#iczO}q;=NOviPP1sw$`fPoAupj%sf#(tY>P+BEMy*S$}Z-Esqa0Q
zC>!{QFNc+VtS|k#ovfYEH%mr>p3%EJFlP>aw?3j3s~dJ7T|>+E9j}k%l;g<zUtw*m
z13Ax}ya*`yXb`TFL>QE?Fwo&f-`O8$MLE2!;oR~jGsMcMeV`A|>RnQ_Sig&)dbRR&
zKgLUyth&#9$82LEEf0}3XHq<@R?l?cmO~^Z_XldeuU9QMM=3(6<fq^5z*h@0q7>|M
z!b0#IBA}#AOvD_IRTX&^sv`9)9~B5d1~LBh*P01?AF)5ma<O;iwX|i{_Q+C+dVkr}
zLOl|a9y>7ptnO(IC6VA@bFuk=eac6lZYr7ZHEOV?e&<@YK93L`)QeKSP$&B=&+0hv
zSVAetZKc<{V;o##@a=R_T)S93(Q;{SQtqc1xa0XGCKv@5z``Ye#sv;wyAKb1cQ}RO
zpL)joljo;cHB9seQQ}VTruui-+qW+0a!moAY&AIe`zSq1-4TX!xVQG^T7wo{rEO*C
zg%^I8>6^e{)%Q3@W!33nwpM>CBQ>n6E7f<%vfgV!kedkig8b_A`rfd*aCs$Oy@M^}
zo1^i>1oLs6^ecY@pS$R0P10RL8Jc;pn_W%#aY0mVEe<%CNEp-QMNGW3>T5kN5o@ZO
z6U7SR7`cOlZaMk_2#eywQdn68bY%pSf=lDHHzsjS`y!6D&Q*SuL8TpPmYAzwg&QZz
z(;XXc`w<iMmqf5E+vc1Itiek$tlN(cc+K=$RMFKiDrxXzf%NWmrRgvwHJ~Y(7q{~|
z>0c+kPxf_~INi4&-5$Uy<1=pC1qLF%<Zu8!9h{K89kA&rABs`hksmU-|L84xx9NkC
zyI>dmCeX)l07HQkq(WDj$CBWqoXBhkEzpHHk|yr*Z^BS)6-~9c<5VovnanANzPVJ<
zsmzB<k!vWP#2Z4ilF+2QyvWAKcx-@L*Y=n~)GG~?dwAsLYKsi2DTYRvl;*z#2horY
z@j>R_Z!N@3LoLSMecw+nt^2Mf-ok6W6>RvqHV+N7nHu#I!E`|3i}C(zKl7rHE%Cv?
z+U4+IgD0!4B26*cZ{Y*aR<TM|AADB06a*_am;LW3^kL>f@29X6pmC{d^zld63QNpe
z^X^ZhsL@l=_2dW<En_UYe&Z?A=GVAQ5&3<fg(x;*WPp=Tmg&B~$ZGIBnU2jHkJO>K
zGSy2Djx_a&_GJ;XVHY2l&JPfU6!CW%AyN$eJ|ZmF04}Nt73i5u%+FSbXvw>LDrO#y
zKW6xVKV+0fp8fgh(8x?Uhjq?U9LH|gHQu9)Iw=7gDNhgCZReLpsksucy|r=TKa_Yl
zj%e5A#a;>#v+(gIQX?Zf@e8yjljYnj&a~a-D)%vuOq%H0#jY5PN{PfzOn@*9T$~1Q
z!82JonW?^!^$bmCuHN-29dGgP<(&x2#k0BIh3kAY6vj7yyz#qb``v()iPDEt;eXG?
zMtu`EZB#K4GWE-M^8?;oh{O7hF@>~iJ6$X5fRnEjTiL{^s^F_R`S~2XPNKF?_IQ`m
z=Czg<hK5tKEjE+@!@nMw<sh@;X&r?$wW*)-J_Yju{v4aI>={3`Fia$gf%t&>>Huv-
zRUtN)RYinV!+|N+n$Bb*tli<b7?UG$gM{A0D9gSjW}2M})bYt*?W|e<w5A3F#o<pr
ztMI#qP)hm()+PySt05IIUwrB7hEMC#y4TpdD6-;xnr-i?$wbXO7a|O*h}e}xu#kn)
zQXU8;f;j@#-|LH?UG+|pw60Md#dTlhF~WXHDNBJZMH4KIQ<#`49ntLC#_Z?-FUOOT
zlwK-zGT%Gt;zUq(o-C@1u`W5L9E2RdKCTPd^lhX(Sa<>cY=_?iR<9js9+THv-Sp{=
z)H!wonowvxQ!2@s>RSt<4PLr+GaYra21lRyfth>GU37etEW^`awC`BtkWH$XggU8g
zMu4xM+|rgdTCTKRLT-3it<`r#d!~r%<#RkYepraK;9tW64ic)nPuaGX&uG={d}<k!
zTu6TxFnsq={icJPBf9N4*eftQva4^d3OEsk9>Ft8%>p%}AQ3r6$RasJleTx^SHz4B
zt6_4I(7b2G&0X`*T(HiD#w&cS`Z#=nQ;PQG?L03*IfJY&6%{o8O3qGXzFY7aheGOl
zXl+3!totj*?}qY``D#Zu&p%TskIa}Eozn0w1+CE9NLCj!(!&9%iPhSK>mG;HDFUD7
zTG(o9%57~n_)m7(%qPb2msi&B?%4QFnR@1g+g|EIUivrjXM9EoXyBZ5p@AMyURikp
zTE?$zCHo|_QKg;r@o=ur2RPo0@WK+<XSUxI1vb^YU;dl=>JjpFpQ>YbwV+juOHL9s
zaTfhDF84VV7q$|91i_a~#$}2-Igw5|A6f!{ux~9<DoBG2#|!r66Ll`G@qWR=NCd!M
zO6CYdcB?E@K&=f);SJc6(Y0cdoVRSyO-=hKnbVEQOJh|MVegl$>vb|WX;?z11R#9C
zg<;c8L_#Z%zqIDFet^#|CBkFD(ufL?7b5HU7k4_ffK8gNmacYd@8LVsF7Lw-6;Ibp
zB<lRuDVpE(+vX{)97^N%&Q0_M=m_S##iFbd0cuCo_$Ib0@kkPL27QL4@%%h>!S8Z<
zGkZ4YkU^aNccckjF_js?12%}_)C?RtUkEnGXlcDa_evoem};YcPA5X^*&hR_9_fM>
z(__=ktzBP>JGl=Zy^aA24aW{Nhr^5C9Fl1hIR+aG#?at5_hh38u6#wfb$)ZS`XlTt
z!q;|vfM9EN;g)rm8cZh|N78Zqe5SC%vSak^U6(DIP0Tn*0W6H4g2K>=`qA!(cvt%k
z({rki@p5=?2;5wau1fRLNb1OwG(Y1IFQNG#7iTV6{IT9XO8`r6acE|h*8EJ}eeuHO
zB&POf#cYYu>8?v+GL=FCV{NLE@>zs(Z-gCN&qTX%mQB?r+2m^N6fWk=#KN}KxDmFs
zP;OBqrZ!h*ZtNOA4la(i^CMkNN3lU!FrR<gIgTys_>}T1ulZD#(Tv}p8NQSM3?xpN
zX1gf+EX*=qp6Y)rdHz>Ws&PD?NQ|x@L&ym7ii{#-Qu<M(Tg@NwX)xRE`G-2)s9>jB
z#u|3!@-WGWi$Sb^#gX-@_+0d)d%OX>wCRya0ht8JAtX)3*oVW{)`LoA(AngTmIG_i
z*d@UtYzG08Dzq6tnT(@D9Hh0P#Hq2wVJ^B|l514IkBzUB?0C`C-^(8v*Rp+$3T=i$
zO_b{#>u&hjP15bg6QDI?Cwu#KPT5bG1Ps4kzb>e*=6;S!FY^hLS33BI!x#J~n397T
zBK04nYW_)@?)4L5;pwKsXLv$H<nQpG2EP7+^^FJfzZ4*Oa?sOg0t-~e|K$lLzzF^?
zP3QlmsgA@X$dl=_KI7;4NajvbQp&~Ep-lQOD0(^s-M6Mus$*BRE~D5VrfHTyN*j0Q
zO)p#bV)DGEKi*DDmXT9YU|_*iw)NE%6XxQ4Y@T29I)4Up+AlD#^bN}ZjK0XZ(yF^F
zGV1ltBXvTd>>))G3`(1C(ENUV0hQJaKUW3Uf%xZN#NlBPnASgr#uq{FyB;Z2pcWY!
z$?tV&482|r+4<gsn{UOpQ_+a?rj(eO(3^rEJpkh{KG)dR4VqcxEymTXytddPiueQZ
zH5mvgHxgO)?_2C!*6e3;e$6pXHc4wJ9RA?G!^K+2;{C9LYk1)g_P8tyiOVkf#`2lW
z!ea_5E>}m&KN0LV<&?1{B%#{F?p);XQKN|$-+A$KT#K2`$+{sMtS0)=)hOYCCnmpY
zDCXRrB`KF&^d9!DmobnumLMEYn;~wUS3)Y@BBVY@1&w;<JA6w>wP-bQOQ0L?CJv?&
z6z4l5^4n&NFAPyo#GkpC;hE<6H4PL@q$e<@$o1x5U;YlODDr(cE^Or;I`sN5R|^F|
zLpkyQH}W6<D~4cIGat4bNf@^Ki@2`r*cVW*{Q^rb+ZAUb_UlHAmOK}R9d-Tq1q84Z
z%#c>l_08JC;NW1Cvg&HD(t#W#rG3VR`9)W%--zi&5*OaHb@XsC53V4g;_|OJd(Ar!
zW>v8dC)7bu3X<(;UUTU2Yn6}7eo_%zM>=!uRM>4^2dd-2kz4{VkmMS;Tlb92S0-Es
zxAroS(Fg7T0d;Px)8O@9?_V#?nV<}Oa4CGXZy;&9SVXbSZZU=_MaFzH8Fj*<?*50*
zJ%Wgz4VN_pYw10>NB<<Y@4X$ClN{}XpLAF^wR@f+^1c-SZr0Zb<{!Owv`{)5Yxu9(
zRf?Mo%kYHns{;<~VUPD$gG$Sbi>fV$&Flw1x3l=||8f|%cyhMgoetJJEkW%lZPt3J
z+@EurG{e#}91K!(sOfTy1rOu9CPG3&rr;}tC3H-f8}6|Cu%gM-pb)RK=tx?Ld3neq
z3`f+9MmBps*{~Q9E=cMNy+LeC`hQY@eS%ht{jw_$fzbNJ>n;9_a0}1)7J@3O>wY5*
zD4t$h1>jS?fojd#C$m5;Tr=5Ap@>Jjy7)f|P=Ul3WF|7<Tb!aQlw@x`+fJHUB7Shi
z!3u+c<3bNM!@2B4C;=!B3F{;P0U%%lA_BY?#%GETAq2h9ZkvkPFVv}smoN%qI><I=
z4KT%~YU1lUi$)c%S(q*7rp4BOZ|-Mz($MzCyhI8AdRFBk7;VKEkm|j=ieu$`@ThvN
z??iMAi_;7A^zYTQ^G6Pv6+Nk@g7G&POrw}=>dSWUw6wSyzdXV4s`i@?h8=-zvsrEf
zY=qB0;0QaP$H#Wfq%Lo_f1`t&zfs~3x)-=)wR>so0iXO9eJ!~(nvH(5Sj(teLvgn{
z(85X>sdYOYCZe`^au*@!yGm9a@x0hT@#L969KOO)HNb&6t1NY%L8B!9{)EdFy1SH!
zQy~Ej6k`((UC(uzH%{ZT)NpJ`cN`RSZ6n4$y%65E_{@)^E&iKq<v_WVsyU1i*3ZuC
zD@d8_t7!`zh?h1-wTPmFt4J%N^(C8GtY3DYK;qE|L1{z>gv3QGK63bvpkbvE(%TP~
zGhr9C(*suy$fl7SHShvq8*;6*Z1&HSXu?~c6KLvV`%+LkF(?ok3cq&XqI~)1`Bu2V
zYPm$?=35Qs<4!cZu~geEHpoS3ah9@ehHEIIx8+ipk54AqEKo%Ja@JBuUtdAr)Q5RE
zTXJRdFGdMjfEC<fqgYMwaB^%+)8%dHoA(d%$`LO3eP#hMlL_7Ps7#MLrmTp%NB{aK
zDUGVG1!(bcQD?YZ(*`WoZ%l7Cy|R-A<D`o4<E7xdu}Z&xkN2Eds?NRyq*0L~AdJSB
z@TFT^jWG%A^FX!2lRGs|exB|N8~M?X=@5-#ky|QtZQGH&_fBwqE4v*t!7b{4(=SDJ
zCHi&1ojWq57O7`9ULCS$FTd>R7bBu*4kfF=(m;S1-<a&&lR(;$=x?zM@Of6_V$g$c
z`Y?a+S0vMo#UXM&hx^p?n<90uQyV+vB?JFCn&vi}?OR09G_+KJ7=nDWJgx<}jk7iq
zBhJ%Ze;kPzKqTX7eP2%$Ngj@&!#3HDVp|RKSnQdpe$}7?=X7RZgRC7@+<g;(=k^0y
z-8*9pnatb$x@Zsz8q5+!$a+*{n<@?JQ3m?7SKYC^Ife1p41Ph<q~+7T<1ac`&d*>B
z)@Q1n-i)s%6U|^XLi6I&#lBi>=WF8r3;-X+GB(43TXnJPn0~8`2eN%8gYOdJ#PMR2
zxzR^vysAj!&0Esh?Y^%&eHzB<D(X$&lBga%3{Oj|$KwjgCf6Xwinl>7Y--se@o1g$
zhYRWrhx!AN$H8kkF`F2&@-FyMmcMJ!zrHj#G0UL&W1LV<GdrtpPwN+|_xSM6@DcHH
z{(8*N_ja^;qWRXe@F97gZ7IJTM60;|OqRY#Xq$1->HMs2&bE|uW~<_5Sa!uMYe&n0
zwyz`DdKqCZvIooe(b?c&o^MHknwZ80o)jk=<NT0w)I-%MQbq-E6Z$3AY>w9zdJ!g)
z+eE*1hDfOrD3uZ%9&dKyO*p4}GQF0S$V>_}wC^q(I}-OEB?PaSx*4Oz7*IfU9h-y6
zlQe$&Yi=*Y(mNiH7OPeiI{-wogP?-G$vvmKUB~9qQ33;w)aw@=auKa;+C^jgb9I@K
zn>)%mg@tmk#O?wW(}Y3kIeR>uUG}h@J&lfZA|L2xE1rt4`*rkSAQyYE+RS6+qz-Pi
zL|ynHa@>7_OZZVS;1h1ZivI`4viNDhd|gTp)!_;eLE{^cU-iu8t~3fVFBZ!43Y~LV
zRQ*Vthj~GVP>u58bN+Y?ja8@3nOHd~ZWxzu((gYz0hv1rJA6|ez0Nvj^miXDzg7A0
zsyT937txEoAg+!N?B0DzFfM404s7Ep4=HL+a;aGmMPKk9%~1A)dwx*z?2G(&<1Hi?
z*Tdg9rflZWt}{?VT$Fu=e}yjUc^Lh#f|e-eltjw4Fb8Rrq`%^uR$k~?(ywf8j|$M>
zp`+NK9TE-Hhz(YwKV0`pK3nnG&Qw4L%-s)!SK(;qd?*Wd$k8Cr`GIa!_=Q@OZHiA;
zKuL(g{LM2#Ov1G4`x3_^#CyDfV=TeM(BUji2~E@DYP_TgBNX<=7v8%kI1^-B$7Iw^
zjMOLX;_o|Tx5xj<+G10C_eIHosl-&SYaYK-gV!s@F6+X#jx>$w;ie|~zIOQ*<ZBcG
zurbCg@mJ`t{CD&jkKFL0e(Z4YfP5YFGp9SL?enKD{V6XztV?1(6dII;yM>cRFztR;
zh>y&Ro;v$fU6sh^Z2R83hewW4+^w1}jW*XRP;-N-+J>PutzQmY5Iu8jRv7%&kJz$u
z)dty}>97bJazw|+|5HCI?qih0A`L*IGZ%Ngm9a)>%Yi=2xe!L6FK%=)HQ>j|Un6HM
zvwB3PBuVhmvsG8EdaubMHFcx6ISvPS%nuw&qU^&&Mjj7x6qkV_MU$}KC<?<N%L6M^
zYZK#oqMrIr0%Ps%CaAy-x+U*&{if}{tA-7$b_~Vi9Avc6>)^Kvim~In?N4q{Q6JiJ
z-cPP3*|)eltG=sKjQ?gS#<0WAu27}ImnYx(W!)ziv416-@pv-|h`I~=nF_4g2<U0^
zF6Nu(tZ1i-Q8&w?nYhhHomVRy$lv~pJH|gUbNF(6{r(#oT+)W#a#|Ayp-QW6^b-R_
z<HZ>8Iz%k>#ePmVpxr5o#(=-D<2iy<dHd2Cdul%mz*QEJJ^}+Va|?nNJtILC0APw;
z-`I$qE#h8uT=V^B!%zyZ?5U`zD^A1dSi5X?u7>d=k6n5NcVrKWoze8)sAwol-=>aT
zU;nxuM6cZ}yE^$6Y_!8>ZHIIF(%ed_W82~ir6M35%^_`%2==d-^!S4&H$m=m5K0AZ
z=WS?)dli!lRpCm;nSznDdhyIPy=dF4a6ouv`n@cv#m{F^Kk{ugozg-8>QSh~M(fdT
zf$W+6j;KQYMEKVii0d|%@s5D^5(1YttXT)~x>AA@qg{Dshy93McE)?`GX9TqeiT|Z
zG4pOKMGbcz_3g*hh8io@0Z~brJ}8``dki<-WbLnQIdAzEa9SK!?^NuJa%|Xx-MUet
zp0C@u@&fQ78l)iR05=*E`2%i(YWUNw@YpM2#w^HWKEhlRr?V8C>@~*ia{UjH+Zgx?
z675bE0M6V>#6UYRk~%0G>vj3-^rMz};_ZZ97L|Xuf?J~58$7(7<OB}D>Y34_nvvL`
zQ|Az=Iu@Q%N=Uao%S)UCp;08b{s(mXj{eMhEGIWP;nX{#q+1bB-g+zg;rBHfY>4l~
z0s1)913NdJ6wV>NZ7Zag#-`l8IMpaHI;5bZTm2*WQ5yF878)gbN)jsK@D?ROOXSbr
zw*V^!ev4H-r)E5z%P9TZ<|}cZ=0|76b}+nGidKwII_O3-gXUK86U}1_xwxz9$E=%_
zWhTG1Yf>c3@gPLKh)g4uDLT07!5_O)q%!eu7Vqa}VfPo6lJ?La0l851A5`vJLj(^4
z?A4gGc*4km@s$<YRy~WBg9i7fEhhVZ+b5J0g15JC3P0MIMutrF*Xmgz_$xg<3Dc_L
zVu(VN7Az0GUnWk7{`{4%V(-C_2+F{sB8CIz@o|+XH)C+eA*2!A?7Z7DmOL0J$izK}
zh0d)d?0w2O6KXRO*dPE>^w$Zov)a$}4FnGhvh~_H1TSxhXhn|-Rw&^C9Fyfjk#+ZZ
zgYWn{QQiew<knSD-R<2&x2R})!q2ok-w<fc{b2-wAWw^e33LDIE5ZDgt!(|32KfDW
z^zHjKNAddGN)!IaFme7X(k-FOvDPDx$&8>q{9EekmDhDue(9dqmw(_59haQBsVlzm
zHpWXV{K%JWdS;HTkM~DpQO=-hgBqEQO7wPPn~>Y%9z3u40htWRjAr+JOaK#O_fA37
z-!U5MBdO8g0m&hlNDRgC?Z`UmQ;&P}t@rwB)m1q0-eH1!>D}~=Iw}At*mQa-+IQ5+
zZc1q;UR~t`$c!M@$<szMI;yd49(IpEukNR=-npwb?L31RMV@H(AvW-=jd-LaZ9{Kn
zqpt=hWi+aHNGWA|`{?eydfAC1FEts2=-5#gDP!8z+%@~HN=kVmCFYEg#g3@OI9#v1
zTiPX?ovl=p7-vT+0j81?CnNK86WrSP{;G@HItG_`l=zy=enEo|DE^|}M{QT6$Zl-z
zgc*fz;10E>=jZoFL1wV9C&!$!!c_%Q&XBxOoOq9Y^ZY=%`J64+f=5$95^A!)r!0%n
zD!MFzk`Hrp<C$)Bh~40uB!^fq!=2HL()Y1)E1&9Vp;^8*Au1>Be#sw??_=3;bcNB!
zovowVJ1?x~cx@*99VYi@sja2IkPNBeQCrW^p9tQZM^>Rq#jr=}3{l%-?0$C_U0#9Q
ze^QYfZCh5~;TM`(3$D_)1I#>ou3ps266WM_DFz>79!~rnojm^qYn0o}Np_mDOFpF<
z9`+C2DombejU}>sI4+(OR9I=-WoTX-z(#~_ZcpOqXHd>25u$cKt|h{$$r-T$Vfs!^
zfDZ3F3QEd1v3Pq502un)eiG^27cb%c2C?Wqn%MZo2^SL}GxM*>KwNjv)>;o5t8WIk
z_n!bSG0<ENZ6#8Nk<qlzBLbWP_OB{8^@&;I7v6a|M%_K-X;_#X(*{_8w$0RF6I!kY
zpRCaX>B}hbDx{g;LEU+nWJS^C;X@pEoWO5BVhx?kg$mTSD95}YSEE~u$@71q#P`0#
zQRj8j?g&UVC;rFh%>mO6&5oO`a3?c?u)sPeuF9SAcnX0_GOMnf2?H@v8dVHwJq7w#
zOws!5cJvh>r`t(;KF?sw#)agEz%BK9R)Iv8-o4VOb+@vZyn}z0_1^>OO?VDa=UaT7
zvFH**MI4Xg;GM5-Ml>?zsC&8dqcnnI=QV_l&YiQ*)aJbpN$O8pH|tOC%9U*%HvOMY
zYBSOvW;#m6bZj68$81rZ>k$}38%y5@1IJls<*!<}z*+dvCqokg@n_M<QZ+*k=x-3>
zwNpEEio-<@n?ju0kv1a1JYTAt{yp<)gZ*$hA6G~O0i*?H8p5%*jAvv`4>IlZXucwf
zjpHzB(@*-itwQhT>+QI7DOAloX-D~9O`R;^LDdNU()4_b4;p}|1sh5RMm%|-c3P8B
zMyR}FBbP_oz}mQi&;+;hr0qxz;d@7B-<7a!P3;J@9&&cH{oaAZbi^T;@1|(bp`%rl
z^{=q*pV$1UMQxW~Ci{DjHX2H(()0q~pyOhsss<k#i-uL%KQgt&t-Sq+KcDm~qBGOo
zGjQ(bm+ix~<K%iVCH=!dcFvUZ21KMhZrQ$&(UI@FFApbV>A&XIGgW{LuhWBR;+6AI
zV_a0083hC*cqoruqRwCfXea&|*kq!Ij@Y(4v70iSd8uKki!B;(DR^jP;xRBVdD5*Z
z^dsmdJ2TPZPmuASkw@j^H~YuKuh_C2FdNPWeGfa@cPc)FrGZcu(K@Br@qh<9{(0|9
zTtZL`o|LVd570SDnrZgpv1V8q1!c7$UOi91ehSOHG@J;d^X0o_6VKQqR65!#oDC-1
z`M}$Qoz}CFd|BMmLnF?|%M!+={p|h={gDd@q*ZLQ$$_}Qgu+2lL-L*sqE9wC+8kzk
zKrs*NnO#AZUwFQdc}FB7a&zUM{q!4>iUWT$LX{mGGdK7Xd-`0`+F>K{U4=RCu0Fu*
z_Y7XCKh`L0ST35k!q<%|lLLHErl<ASD0?tbodkF~%i-4cNfVh%Dj#)KyYG*2Hr!+Y
z{E=7gt(9lDekO9XODC=rqu!*n3pg~b^V2#M6?;QtEB7Utrh8T^o%dG3baQj^;f;Fe
z(o)Nmzn0n_KeC-?YU35nP4)&APlt^D7?*At$+0RsJ+e*nJH=DUXmkYyt3k51D~MkO
z9ao?KMW1O(u=p#a&W(lYCYy3ga$4ub>81BWc9;w7sP=Sa!qbA@@zek%hm;i$NFiB)
zO{%$N1D&t>z3ma=SBtXc`qfDd!4lV9coUV4%Z3*K@FiZsEEn%>(loGYwIhU_k-Vcs
z`~I@?TbW+x#0=MhK~SW^X&=Nvd)SC6!KiYtOhaOt4Fzy~u~zfEvuk}&EtT9fahYKe
zGUTwPcre{dKAIx7A&-G*18bBi1Nh#_A)01KQu!6Yag$X+ar#6XCELunI&uUz!qch1
zU}k~%Xqkz4XD4?yM#3_>nB7l=T&jWFa!$lhX(%-=$MUKy-%4lHtA#&7Lw#a3{N8m{
zOIo91H>YRhQ6S*DyrVeiaS8jpPsJH)>GqfX`R5}EDZdQ=SDArJw1}Sq(@3`>(`JhF
z0p7nvlD^1Zh(q~lgOr*cs`oQRbp$5}(CkIJZ?MtzeMkR;4aBrO6hfm-P%Y8nMovFJ
zZw;qI?CzX^Ky!?lN7uYn$Mim<TC0AW4g)>AR<Cdg51ot?ce6AOI}qAT_MO>~Y&O|J
zmfxWWTk(8~>mO$;=I<weI%WhTQ6`VBDLC4&ry6HX{>?r&q`gClMzFS>Opc1GZMv*q
z>5XHL!ukqn>v1dz;rT+p>RgeL!8LFd5=<~AX3J4hUR|>8QEzCPsf7H^^Qk3C)#5hT
zi=~BICp#~voXlqdH}jTH6HxeVe6WA59QUxxO{m<=*oixBF0ttQI!dvMQ*LWY^8U%W
zj-!HXv3#MdVI<_QWUq9tK57-Zc4{Y2V?6;p@wv-Q*j3?K)IzqtabnQThlh!DtG}ih
z{pH{M$gdg5UzF7O;h;8U^tTPD(==p+>FPdT|Fe_gZmS{^guHLml2g-)PXuts{(^uC
zQlQUMQ-};uHN$~<cs%W#t?7@=dsWz|0Q?BAbF19!{$;@Zo>?*^OyVS5V~QUD5a5=(
z_-%8Y=NMHTyiz9f`vYh|iQX7xlTY)em&Rl$4kcn(XoX5{>~TMuD#6P0H$>4eNZ(WJ
zwLHd8Mwjl$gHMk^CtLO*r|u=>`J{k@wRwPTwK$D^VuYhhW<YZ0x-JfYTHh;v8g9v1
zj;D}fVrx{4O~Rr^I3P5XV|)+GRsB%5PnOl(MI=O5fx2JBvwUEN!(WsK8wM9mtepvz
z<k1p*nb5Yi%l0h~=3GMqj})Fsm}UY%i6yOC4LKO8gZ4ZA!tEy{tHPb{3}hAa@CW3C
zOGb-lO_4D;OIk9lyee;k^+onY7!&YaZAGqbQxxb-LIp~;*{6T<e$$s+@m`N)U<CY+
z{8sYsFBdc>f*faq9`Db=R%6M3g<OuW-QD^JI<WyjILivT63BRyY0)ye7H}@c+t;nN
z!=XI!9(SJUKql=%OCmN_&}dwg(iR-IgXTc7=Ok(3T?nU*kvyv?w$89n?N<7GGC<wo
z{h6Y?5`&KNP8WrWoF>HBZR$DnFy$mjsq#%sB4G1tartnW9*X?@%8J>1`-RP*@D@X{
zirJCV$TH$jTZbBC$WMoB+B^t*N*Q@o;U=I<lYUbR8(A_rZ%J181<BFKZ?k8c8)tEh
zmq?P8^ks%ixlL%bO#Y-@ss4Zh2p<@EjR$D77OAK2QQPZ&7x7W0w(M`YDza}kMC$G*
zJsFMf3u>8e0pqmB5^sSo$MF3&t0YixB^Ds{<0DYDy<VEtaR~ta=Zv(uBpMZ~60Xle
zFQU6NlDAQ?$+!||M@rGvTMyqgU!@9-<Etl%dSnor8mbc_6hwnWef;-Dyk6WpAzh!&
zYuE+uB>J`l`v|R&qV0&{gnHeZ`YY+-sRmzomch6*b><7YUv@Q-k>hreylIUp;sIN)
z+)LVXn<d%p6wf6`M@)iZm|qbWlib&p23TP<nsRT?o^U5e-rfX2+T`8SE|%W9G!w66
zxoJmeZ0n#k@t@Dm6Exq&2Ks(jiUGYfCRB!1%&e$y6)71}jcqIJ|DX;yMEm;wq-wJK
z1psfjG`&F}B?}%<aO+3HlZDTDVR97fe?Ka?ZmmqE<SjT~6FN%Pc}gbRKh=1fjvoS>
z4}Sl123?QP8bd#!0dP9FGwN-KTPwih%r|Z}Qnt*Pry+ikVEoXvo<q+f*u4DbhiP8_
zt3O^F)JspcstdrwR{a<6dvgwAj+^#Sd`upf%!oHXKIpx*`+bwq8Y`enp6Bli*EhUB
zZOardA~3la|5?9>%bB1&eJJF&Ab2rh-MFZ7CH@d$JUK%~1`Ttrt*)c%g#HAt`jf*+
zI+3>i{^=m#sgm;FNKfX@L#BA;Kfxb?g$%?0Bf9(lN&vqQ?>jpDpO19YpKio!g#Irb
d)0YQuu_9XD_=eg0r`v>plAQYMDjD;S{{xb$=>`A*

literal 0
HcmV?d00001


From e60dc2dbb8f47576c316021e4bf071a7a499e655 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 08:29:57 -0700
Subject: [PATCH 203/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index e3bb60f6e1..484406779a 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -13,7 +13,7 @@ author: denisebmsft
 
 # Windows operating system security
 
-This article provides an overview of operating system security in Windows 11.
+*This article provides an overview of operating system security in Windows 11.*
 
 Security and privacy depend on an operating system that guards your system and information from the moment it starts up, providing fundamental chip-to-cloud protection. Windows 11 is the most secure Windows yet with extensive security measures designed to help keep you safe. These measures include built-in advanced encryption and data protection, robust network and system security, and intelligent safeguards against ever-evolving threats. 
 

From 37e9d38bf4d64d855e6f664804939fb402bbd24d Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 09:38:52 -0700
Subject: [PATCH 204/671] Update cloud.md

---
 windows/security/cloud.md | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index cbce8d9341..b3ad85903d 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -13,5 +13,17 @@ author: dansimp
 
 # Windows and cloud security
 
-Today’s workforce has more freedom and mobility than ever before. With the growth of enterprise cloud adoption, increased personal app usage, and increased 3rd party apps, the risk of data exposure is at its highest. Enabling Zero-Trust protection, Windows 11 works with Microsoft cloud services to help organizations strengthen their multi-cloud security infrastructure, protect hybrid cloud workloads and safeguard sensitive information while controlling access and mitigating threats. 
+*This article provides an overview of cloud services built into Windows 11.*
+
+Today’s workforce has more freedom and mobility than ever before. With the growth of enterprise cloud adoption, increased personal app usage, and increased use of third-party apps, the risk of data exposure is at its highest. Enabling Zero-Trust protection, Windows 11 works with Microsoft cloud services to help organizations strengthen their multi-cloud security infrastructure, protect hybrid cloud workloads, and safeguard sensitive information while controlling access and mitigating threats. 
+
+Windows 11 includes the cloud services that are listed in the following table:
+
+| Service type | Description |
+|:---|:---|
+| Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. <br/>Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere. |
+| Modern device management (MDM) and Microsoft Endpoint Manager | Remote wipe <br/> Work or school account<br/>Config Lock<br/>Remote device attestation<br/>(other stuff coming soon):Device Installation<br/>DMA Guard<br/>Endpoint Detection and Response<br/>Microsoft Defender Security Center<br/>Smartscreen<br/>System Guard<br/>Windows Hello for Business |
+| Microsoft account |  |
+| OneDrive |  |
+| Family safety |  |
 

From be096b1448be32c391c57c9027868278505f4401 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 10:20:21 -0700
Subject: [PATCH 205/671] Update operating-system.md

---
 windows/security/operating-system.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 484406779a..d70e3a6e9f 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -21,8 +21,8 @@ Use the links in the following table to learn more about the operating system se
 
 | Security Measures | Features & Capabilities |
 |:---|:---|
-| System security | [Trusted Boot](os-security/trusted-boot.md) (includes Secure Boot and Measured Boot) <br/>[Cryptography and certificate management](os-security/cryptography-certificate-mgmt.md) <br/>[Windows Security app](os-security/windows-security-app.md) |
-| Encryption and data protection | BitLocker<br/>Encryption |
+| System security | [Trusted Boot](os-security/trusted-boot.md) (includes Secure Boot and Measured Boot) <br/><br/>[Cryptography and certificate management](os-security/cryptography-certificate-mgmt.md) <br/><br/>[Windows Security app](os-security/windows-security-app.md) |
+| Encryption and data protection | [Encryption](os-security/encryption-data-protection.md)<br/><br/>[BitLocker](information-protection/bitlocker/bitlocker-overview.md) |
 | Network security | Virtual Private Networks (VPNs)<br/>Windows Defender Firewall<br/>Bluetooth<br/>DSN security<br/>Windows Wi-Fi<br/>Transport Layer Security (TLS) |
 | Protection from viruses and threats | Microsoft Defender Antivirus<br/>Attack surface reduction<br/>Tamper protection<br/>Network protection<br/>Controlled folder access<br/>Exploit protection<br/>Additional protection with Microsoft Defender for Endpoint |
 

From 409d46347cccb12e2c6005dde19dc838eb34a02a Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Wed, 8 Sep 2021 13:33:44 -0400
Subject: [PATCH 206/671] PM review comments

---
 .../start-menu-layout.png                     | Bin 102330 -> 63981 bytes
 ...supported-csp-start-menu-layout-windows.md |  22 ++++-----
 .../use-json-customize-start-menu-windows.md  |  43 ++++++++----------
 3 files changed, 29 insertions(+), 36 deletions(-)

diff --git a/windows/configuration/images/use-json-customize-start-menu-windows/start-menu-layout.png b/windows/configuration/images/use-json-customize-start-menu-windows/start-menu-layout.png
index 4df0fcc96281366e19c7113a0ed45605aa5ec1cf..c80391141f96753682d311d0c70e7f0abd9ae1b2 100644
GIT binary patch
literal 63981
zcmXt81yEc~v&A8}yF+ki(ctdx1h>VV1PugO+}&AR6P%zSxVyVcaCh=H`Tke6x3=!o
zNKg0ap3^-yLQO>$4Vf4j3JMBMUQS8_3JN9)@=zkdKw8W-8yq2j(C!+t5>Vg9Nsk~e
za5mz~;!sevaVRfl@R0X+E^_+rP*C`^e;?>9ynb9LsK>AJQsP>ljZbnA14$c~K(d(`
zYaJbS&u6P7eWuaMd?kw>HRa$WHEaWHqz>8;;wyUE5KM!>cr|Q0BrpO;dTdZSek3Pv
ze@EJ})yV9hSK8C{^+yM#%eB+o+!@>VG1gu(G)Hr#j3dz%8$>YHAs60+gA7<)cu);B
zr;-R#w4)_c_;n-V;kdP-@mm<<fzEK-+&e(d;J9qCV+d~)-oV}C(7QQ948vRngjL2<
zlDNK6JuK&{Pb9~yU3{<;9!C2utIF`PI8SUe2ShGG&LQL&UpX%HF$s5H)E<!PIgl=I
ziA>;8;TXuNkvH<CTyb%Wi{*L)BHJ&dDh9hO5o)Q94mYK&mx=dEt2{n0lCa>3XuzmX
zy3ld+$C6dTi4Pn8IG0aqS}83Ucl{bpw&>8eY}!Yh7Pg8i;785@%6TWTPxIx_!k3?|
zcXz@1PQp*T-z-iW>H}L^Bvhy2Y1N{%n^LkQU1)5pW4Rt0RY<*vw|U0JktXeyY8CUm
zgW;@vdb@*yp%@z`QC&oakehmcnzy?K13j5GojUE5D7PPZ!G%9uH`H8@Wp<B1#9rU)
z>FM2)-y-^J!F#W6?#$_<R1eyWn?y$Ti<WbDn!uili*l|_+)4cl+b>eD;#it$DXfV{
zl8+fe=3g!t{g#y#@D37F!MrYh1pzXJI@C+up9g;=$jwThxD19vOUh_1U3NwK1`PTK
zH#dM-BREp_hj1}8KzXiCTwAm_pmU#cjvL_y<gF+=tbE5V*%izI%*eoHqGbvunq{1$
zna9FqN*Jy5U5hM!yI}CHlAloy7Ro09(>5b?LK|HvL&@(`d&=lNv5if{5gze!@U{ys
zr1&U8KPdM=jP!DX7iexy=_ODG)|)#NW7;R#43syb;TmS|DE1Q3G{IA)sIa@EXDx%-
z?=;0iU0Jx45UDg~vC4sltsf~h24&S85KAdKsJ9#P7PBKXFvla4?--d*Ng~puclJhO
zT|QvDF~_W3?V0_Obru`TS>|`d<cViWIze3S498C>giYS^^m~a4)RUHxPXEfqB7v&|
zu1XtX6wy*}3gohcy>elcmfBUIX1PWZz1E&iqk1tr2m)eIYg@)MTf?5>tdwq=z%i8j
zYvm#-(29~^_PzI_%Yr^l8sRN3a4Scmp&y5NY(RetDTHF;bE77K$-R<9F7sjMnj|VJ
zf&Pj1+lWD&K@We>$gsgkjlp;xx|RoS4hG<_#d^aYKx@9FK6A@DD?Gfg6~#R%VwD{|
ztSTtRU*WxUKDv)>Ijj4ASg1g1S$qXkI-Dy%_no$%w&d7vgD9f+(oF~ahc=Ylf$mPy
zlal$1eh;ak<1o{)!UQB?%jzwbo!WjGPfpTp-*xQO)rv=Md&7{1e<+MibFPC75{JYJ
z(WM7+)LhjYF%#yb1*>M?NR|h<jw@I#MQpW~ksM{6lq8M>pqcE|B?O3o6oXTxqmn9#
z5!N_xEm2z$=gG$h`}QbNw|)ECdT-5&SkSi-fk;VdL+k{@+RKl-jnxuVME(1W3`|u0
zV&+t0eHf?{D8h*$UEyJd=K!~r97Mtd+&E&^^5kEILt2}y@!Sld$u<=^S`)>*g&9%n
zDa#^)hHlh>-!TQsGZf*m1f*M$M^MAf&w=n)<%r<+!x{gL*u{WNa9AyM*}9CC)lyA@
zwzL(<s8^XJYE&z+n5w^gQjr8~|Ddw@q4WHQ@$#h+UlA;gHvYJ71q)eu-HH7nNodj@
zEwc1k$D(IrRLDm*p=8QL;i<tI8&_k20>3cffmF2c`367<(ZFVj03Mx&3|F5JqHwgC
zPtd71sc#CMFnY-K7U{x$dsh#%jioMSROn5*Mhg3GMz?u0xB4=7MgfeQWQJ76x7hHC
zw&}r-#kBNqL8~Qha)pADEj6TJY`jQi8w552Qen0vEOs?|RSk7^lNZw>b2?SM(YRn=
zWFi*Cg;J5INP}6b%emcN4x_VN7HvW6t=(o#tSEmP6F+A!dMiOzjR>YpSEe|*Qd7f#
z1ZoX;&1LvOs*-rdWZE9{AmkCF0vL6(hYUAO^$bm|b0zaO_QVLS0nB1r*UfI{w9*~k
zJ-$fyOte9~y^_t5nD~-mAuUG+;Wn%mT@Pdi^(Lh9-V381mqB`Z7z7yd@l1m>CTKyN
zT6%$4rj*}}LqmVOGOPTwNcfZd$_Sol-7@wTIg!I_z4h=3YoQ#6ZEYQl6Oc3jg2_v8
z5A(5u{zGiojoG{mWK@|hh6UkFZq2fLDM^V-iU6`YCp9+)F;M_)r`r}+vZ|1soAr-a
z!YK25W$+{&@@Nl1IzAaAZ<r$`Nh2H<zKECPQ(Zf-dD%;qzjo#Z{K8w7yin|45bmiY
zA(S;6K;%zECgg`#yv!&nUGT9?XINi%wtRH?n3^d%P-La9Ot}KiPmaFZ!_G}JFtXwt
zJFh!!MQzB=n>Qm{Ldq%|{~%=LDjX0Q856E%XnmWZFK#_j#AM<hiBao*90+i$8>=i+
zz&Q;^PR(c{idZqL=vQSSYn&OZZlbX4N9&0MG{LP#zMq*)?{cNI1MG?0gS|AObY59t
zW?PGUQmr<!A}ZLvPWQ!9h6Dt^G~rU#X*f-3BFTOjAf<O)YOihS1eZ5ewF3t?e*;HN
zv54vUMQlG(V+k_$xPRWPf%@?70};(409O!g4~5FNra`_`K3ASrkio-RRvM)kJt~$1
z2meFi6OFoEh1}jETq|izzEY+{+Y*C9z<H4*GeRG6qRetQZ>hI?Bu{boJgs7J`ngz%
zgd#)3kq?5GQY1iT1(0|F!yjj<ZIH<TaC^|0Do$KQem|aapj5yB$RIi5`YFhOjIw}_
zSB+RoPoGc`B3MYBc|0=LhgE4!Jq&FkTN*YE?2sE}DG$FR!=wOk8R#5cmQB!rZQGy~
z1&ygQN-o2+4#kGJJu-LomB3R35w8RNDeRrvTDTR48G#>D>n-f=XAN*Mu@b(GCo7Gz
zIT8#?eelG#1eb-61R|MJXlb#jsViV1QY*5z<t0mWmZ>9IrfPsrIER(Xdq<hLsuU>e
zc~TfYwv{oF66sXRiE6HBtJLB@3ba*liKSy<QY)*31KzpMzw^y(V$=;Ad7mU<B>IG3
zhWX~^<BWx+;-dkUFOt+aR#E{6-Jod=@W((+?R!W3Vn#J~Bz!gXj`X`C6g-g}S1E@&
zEnDOjkq%IIhfk)?7SnRYQhSu9&C;i)MNq*N!mH6ZlpaA_h?BKt8&d9R#Wb<xVgR6{
zv69djFaQo%XoiTw#s=Ae_dFTtix@<s?`_KS{e_aEV-yd$aquarRipW(PYIev7}Seb
z@2ExsNqK3oSLW@T0}PL>t|O8tM|7lnL0W(v+9jZ`tg({<U4>s`2`vexWv5CAqk<Xo
zAZ`3os{tjBTVZ!;jX^~>lRjNVxC?F<VhU_uyk^O#eJR(*%DhSQDA_0$ntlD(F~?8j
zSVtCsLbFV@LqKy(N@bR2H|TB%B;#1%hL0?*i?1eLOr)Hm&CAUHJA_*>=DbMi_m?sb
zDY2)JMVM2B$0E`U&oVnO+lN>SgX}Cb>5XZ#9z=AakGPE3$YT-<*P2I^8AvmhMQ$5b
z(5U{4leQBC$Yk*nNe|+=b1zMq+v8q(T=8q_PZ~_5A>~!TG%4nyR~!)y%kn9%5r8>X
zLkC@tlgMQ$y%s8?om?0i;{vBSt8JmcSf-|o{jl77&Ol7w28zYb5we9qp${DSMz)d`
zqVh%l;oNxPE?Qz5PSW~TH+uZEkxJ(GZZLLXR$@8tYX2m&eKLMZRw+fKR~kgfnQ|aM
zvP{-Vn^M|H$x`-g0@)JuDKIHKqn+@%NL5wkO%y`Mb+rT~e3dAj&XrAq1GBSO*ZnwJ
z36--k@~SV8*vyv-rKHc7UJ}C155`6bp~t>t=MJaE8dn~Lvs8mWtWOGjNER3}`?B0E
zu!2=vrP)RcD-fZdri{zh27fDkT0b;X`r;6fLOmWp&(?+?njld*BvoE+UjD>Zs}@?z
zFhf0Pg$A?*^vEZqS_9;N9KypbvR|rpp6JZNAY1taq*RC?At%0LBs*$|w=s~k#u}*P
zwbOv#!wSYDX~)17G_DOD+J25Gwj(o8gsVw>A>QjnELO18=vQ}p#!VnmDVd>;<cO8{
znrHxBEh&l650fP6P&*kbHMLe$xOzQJGvHvTMWhO5zQtJ$*|U&l1q7rj6gXy)3KQ)d
z)|bVDkGA2cq-VbfN?~;gY|S#+ZiIN*+(mX0i7S-m>f+{w%bSqXsJusmvfMJ$3`~sz
z$x?=P!tRl&AvgLZ1Wym)1XBriG|Wm6gc)H8cT5xjr~;i>P|XK7y~%qdYzDnx5n`g7
zTft;}{u@ABtD)rcsb$__)Ezd(@hr0ti4-lBw#cZN2F*o63I6p!YuXx%<k*fbkph-M
z0@sSNg49X28H4bhkAoh|-hw{*z&g^J5(7GP1<Rt30Mdd!w|5DTMVQNIkBf|SGT`pg
z4D8>vyNyOHO)%MjY>BU(vi@1=D)<{g%U`#5N)+<H;~46gEptEcD{9r@ZfbR#GcK_&
z3i&+F{~$s`MWKta8b|^k^V_3+=;$%FXkP#JW9glKNbwBI(NYYnOu<xRH8lng^2Yeo
zZDgVp=hPeGXio_^`T@H__dzBb$uoVoY<SXaTZ!^#`k~bOeEZFAqRt3ab-9L(!CeEu
zZNwP$8GpH+cSAAHR{hPOS@3gQcn|(9tll@7OcK_2mBmYPtsGLyJ!UGVpWkU^Q@Y@Y
zBjXJQosxFf^b>qwZHPPcA)Qcpt}$m_tjl%wffk^E&hv{F7jlc&P&tAg*wkZShVg)3
zzh})G$3&)zlyp{pPiz<|tK}@}t?`EyG333>*Lqr2KxqsJzyAFeJ$5ce{d&((m%uN5
zG#K{ilHhGAQ$TS$NT+a)6Pr!d+j{vxrHd@@*TtwHyCs7@yN8+o$W>8h0+ETDkw^L9
z5vKZ7Uk70s9)mVUhiqm=glaXO=T|$>(G)cc*j;Qcv?6Rz-5;}bytlN>v4Fhs)+gEU
zn|PLZsilFJ`X&N6i|cbpicanD@N{I5*H1U5bV4K6UQ@=S;_P@fZbF$zL;k`W)@%U=
zRbub_#}Qt6SajHfV03XmJ^??B@iZ;sC%dV%EhJQe6a!LhZJ9mI*HU7(D>X(co2<B7
z+pI-rK{PufH@$>xhIh5_xa|IU4+_6|fQXyD&6Ra{8xkVQq*k4Z0a(Z>c0VpM1lb*z
zfRY{pa4SW}<qi6mG24}x;(9VbQLFfVb7~B-#s`G0s1BS?=bhEZ+0;XPC~pnvf@N(c
z(h)S+Z1a;Qhn$L-lD?b|(^T*#2O75F^16ce*6xF(TDYKWbFcZDL@npCw|H}8g2BKt
zKv~IypaaEPBI_=G#3H+QrrJq}b5eCV={;3DKlRifuzE3Ctbv94*3@rnLhyCW8`+XW
z5?yXLF1G?=ns(eb(oQmql%IGTL8~F@8417gRrN8WLNC*?;>?cW=Dx;yC}DTtleI-R
z1tXKEB*hX;22FF0WNQ`H<U!vKtY75xqfzj+_i;}f!#sV|!i`x(@akyfkt?0ztP8h#
zp9DTvlSLv+N<%&RO~T7g%sD46NPp$9O}oQful{vhWV*~eoF)}TiY|f8OMzBH#Wg)y
zg+~TXItQ^q-PO|E$Uv+*!OuXpN<lgfUG^hF-&5*f+;yO4k6&ObCa<G_+2TdDLgrdm
zwCk?D123_m5x~kRe=2HO;xw}}qlwzS7|7{SV<*~2u6~^6OW#S}xoDM)c$!~zXTC9~
zkrBhoa#zV(%&NVgLV;WCjBOKxZcsEdwuM6zhuT0wWq?lhJ;conXjf=OOxH_?*n$LC
zp;;)DctTyX#jy-RmD}L@*xG5ovbvQUG>qX1+*B`Z|MJ+ha_gS){+dr<cGQl<kQGIF
zb=(Ob`Xri2LWx@4V+Mv#D=gS?SZF#e{|}FmAX~_X+uBA4J%kzyBo5I~XVrQSA#w@;
zgR!L~$XjR_CmZB)q?78BkBi@l+m<Y`CSOow8!+UlE|1hQsG{yD#u{AlSVm(>YKlaO
zy+=fw*V&Sj_b!5?8pDKFnd+lQFrh-_MBp|Vox`y!1zW=YyJ$SWR^nW_=W50{U%F4q
zSwv-Xgh;>g2PUC;-y3<B9DRBqTsE~YxR+d^S2PeeVY-9afqxnlKfz-XO(79OR?sUM
znFdjKGG^AH!eQbOy~|L}#gg|5cGP41eC1%BKvFA|jf3(&+J%rcF73WPN<lp;(HhCb
zvgo&hGGPp%r0rnfqR4MNzsHWUAvw6iMl9(r9APL9^(?nLSx~Waf*q6FwOkz|8Gbc8
z8Kv}DL?p`m*w3>_Y}Z)a7H_xar6U<Z2h1t-wkcbF5;2^!c!m{+FsWoqUM3V1OR)4b
z;_+F9eXEcQW|OpYQWgas)T1jxEsu96W+?kmt~lk-Z?H?FB8Bs7jLPzSDGH4xuTLc*
z3S7||+`q5vCaQ>A_nah~7kS1CPjQJ^5smmPDald7P(A2RJ0HJ&h$C&3o?GM$W{8t1
zJX%^5S3qXV<h(5x&(0=hA6D0vi4rgAfoUo4E;Rdj@}-yly+8n$F>$dv9W5bm%|unW
zqck<(r-~}U<SLRdIB--XnwqgIpf?uk=8_N)MMgPP$}VogkWYJS_9LO;VHSv-osk#7
z`#cir+<AZ0cJ9~u*^@?Qiz<#d;qA3~(X|)<1HAP{{Qads6_N&U&W%>v|AkdX?`Qkr
zro6Aiw?qK3vIx|a7S+4!A*(^heJP#fm4u=9B16GwDj2zN+3rd5D_EfD3(8-BC3yuE
zV)kTR$3VZ|dcag1d_sBQYFcn(p8?VcXJD^Zy(h7<^HyKlM*HP_*w2r)JTeGqD_$le
zY|W=v@hOBdoMSw-!yA;EP5NCv>j5O!dH1>MI{2FM#4&UxgH4uH0h6+Y%J?hwxx46t
zW0O2Ib%9jn9y}UM%>Ef%U;CQsY`fF)poXhachQlRALl?o_{Z;f1~boPmDQrJx^a9N
zANWX8sN#rRM6QKmn=I-cI)Q9;;Cy&T-r48dy|9?&I)kdRDd5$+abfQ;tP|rcV4a{Z
z3Zp<P0t=auEk2vgkzi~SWdn|x#Oh$YGOcVKb3r%$IGh`osZr)ri8Ht+a`?3Q*^UM8
z`jS}rynw+Nknb}nTYs!sTMc8pU0=}UKBKaHYm|g{8bzuBe%202x?edNr8rZ;ijhfj
zjyFi0%l7n8wEwW+bfha_5UQmq6MBbSZdD@Aj*9(B3>mKkm70akghuSEqIwncOnro-
zx*JoLhr&Ehrtv_ycwZj7ov{u@$;^~a^OE~&!|_9B81KwH-FB_ZG`V3#xJ=;?U+;|E
z4U1fVM3{PK(+;%oJUzKa5Ic+<ZATcBd!mh7iL|;kLUdB$fEq*GXI|+CH$0yU>62(b
z+E6W%(_G}qPw!-PI%H-Pm%LX3bkufAU!*EHkBVj{feYYgwtC#Y?y173%6|(L<y1z`
zc&RKlwR{`%I32aBkFXzi^Q`r^EmZ{e8}f$^CnqI_@>26MgUe8@u9}L0fR047U~2Jr
z1-eX0Q6zuWQO2q3LF9%!Jz7G6_V1DQfXo*wVWt*W74WtrAE@!?tKw*25{~7rK)sI4
z{)+fj-Usg7p(=cPKu6jXtVK|sLW2ZYlA*!xQm4)KeFM(SERHg<a%X`9@JJ4Yo2@cj
zKP{pE_CrffQ(2;oh7~r@HLO{oz^`RD8pEx5vgz0DNubP(eS{26ZI@?t;ChSvy}|Tx
zb2541FCZY(uQYhGu_Y#PS0yKTj?@YdMp;7niX}&4|0ufYJy(NB>C}z2Iru;iEU#)2
zFVxJ~AX7NyfO;%~F_%%-q<OXq41<RtI%*_1UGY4uB<&7)z|(yS2-qMai8rktCmsV`
zq?_zc_25Y4!UhL8z#i%pPT|6FxbQU|<8sR8&~#C+ze`rZ*&}Pp`0Gz}_JTbT6rMQ9
zV}i~~ka^GJxt3VZDuD}Q9(sJofXsE2wV$j3X|c=+_zU2^m<*T<#lk6Ir*KPRRW(%1
zer5i`#z-mcp={_;X=tA(5Ip*EwYdDRI7FD%M*!k6-D$cBs@Erxj(F9g@;>4i$Yy}8
zusmt3RW@~{^}GO_%<51BNE;yY40@S`uJtITb@!(7H_zXmN6=j=_)T2UQAA%1!2fGO
zvK>d}5qfg0JaHs_3PAsFzIU#3`h)cig^g&{keP^;?`dLeiYK~fkpFwd5M$te=h+`m
z7djs&ZV!M=J+l_i#Z2FjY41G`=^s<Fl7IkMnj%6Z$vnfuajqvA{x>kD<d{mEj>=j9
zxjIF^kP)-@;X|By7<lSNBUvh{DIYgeBlP><^<ql02GhrfBTB0qg#Mcz2XnrjBR{C=
z|D|pqn!K`MNRfa5Q6g|p;5P>#(>RhVUp_ac$z*&IO|p;?E_rf~^>6#Sd=?sOHWo+y
z%YvMZMA1O(-FmuL?cfhv`O=x(gU8PA+y9h!Bg8VorOZtnQ}Ix;8#qIe-V6-ab>O6D
z#TB&FS#l<tUAE+?9EkC16$2X@8oG}5_4PG5R?_~{mk;^3V~KiG)&3pVl!hVx&1l4Z
zR?_W0<sMgHtKqoYh^;fS!;?Op-bDOCWF#`{#6MeXiB(YQWxI!IxzA9ap`*Cv{6Mev
zXkk7hz83o4(4Zy#SFMFdm&wV=V(nU%I1+bUW6lRm9`hg&mhxLk@4f#FKwIjcp~>T{
z^o?A1aD^@LCXH4lN;9Y&A&{6w&4^INn)|CxnZiIBrVn08FxpO{Q)8hVN$liahmjFZ
z|AYsSVfF-4qPpQ`vWaphxw|1O{LjjKVo8gWz>P3o?%RIsI`9yulP$@A$Z`^A05|{{
z8ZwVT5=nC0BfLrs4V__saSX_G3XCA>g<${?O=^H!;2qJ?H2EDR|1%<4{Lu*!$Q~{i
zt2^<IpWCtjG%!n~9wz1AKw{+u31l=gFT%&&K@doeWE35(u1H(tKM{@Ok+?G)4l%Ek
ztRV|$?lnnTgR*Um+2#xN+q_PLF+@JUJs#w__7h!T$wV5I{KIVSw6$cE{#n-n_!kUq
z;w?*V`|qXp`*mNwH4jZItGyImWAFR5Pd&1PjB>gH|CBT&yZrN82$2W|stP*+&L@wg
zjo_f_msw5K9M5_EBzo0v6%`W5ejy28Z(^E@oI4+_7dOb%Mmj(6_VN0%T<?!bmj4aw
z5NC!inw*ALS|3s7ZOC3byZrv*ciBfkubc_+I8?)%2*fS2D3APtNAS@F`ouZ#!Ya)u
z73~1)yyJe|<j<2X-aqM~Dc9)`98<4Q^KcDbep|}P-_Q^Xr`>OS`BIwWrIBz)Nv5b>
zM4+atn<huA^$!N{V*P>RhYileRs++DzXWzOZqKv$PoGyRtFk~If<_t|1=J=<0~B9g
zo;Ut<MmCiG_(7<MA^PHix51z5y`Ld`zgq9S(W#im*72|%1<}lg9PQVeM*9WhfX6)?
zdKJIhIbECaYyrqa;@pmv;lDv4?9=d(K<DJNdE;%6CeH8asFX%FmW7=??MOeK;;4Dm
z4dseOuf}x6u{nig;M1DdiX%k+KhZ?o3W|z|8068tS<anA?_ui+P58{ZLsYIU#rGFX
zzW9%2@;o3rxJR)ziM>6awVgwLGQ$<xl^`?{5R7^YJS!{fmp{)N=k3?ytA&R*hIIp>
zy}y6|etUhUxeO&R?uz}pfd^z<uBN;1UtW)Meb2-*b}l}xy2=)f=6q-dgP}>J%$>w-
zA#n|Qa(Nlz9@>^OE`N6ZR981j=5h_`-RT{=Wv<fUWO6@UMw9!K5m(fAMvcjx=gXT!
zfhEIY2|2f~Cq&bxn%8~o(~P_lXx;&-icp4c+BRO%t)C#;36dI|lf)4AShg*t@;}J=
z1iFg2736YW7h({G!?SyuR%EAwe|{VgeZyLg!>bjf74VgsDOLS>(T&3XWAiK8ZUW^5
z=Kv|}kSu5@iGJke!$}Qn!Na%DLIDd#pUSI<T%_dEi27s6qLOd@Q9|yj>c=Iv#SzKi
zOsbUgNzsLG)H0}FH{R}=k+NO7-__;gvwhUl(h9*E;#v53z3M&z4hQo5bt?x_jyy9y
z_seN)d_kFX9b`1ERB}|U>mCeIt^e?~OX9j2gxGmK{(%ei{kr}44oku;GSL7b7;SBB
z%<4FiC#0=EZ}&fC$vknRbwj`jn5K(`$!)@jq%KgiC`y?C+so}fxnGo~qv@P(J9=bH
zS!DR8h`XoGB!e@IEsvK*^f?~W1=3N1Cm0QybkxDCr;zRFr0G7@B3a15(J~;mQ1ilY
zzOCPPhAC4q;Xr#CJE2ut*pH+^0QNVgEfK=_ER{~cQp|I6uXd?+d*Jf|(thSm6?ziG
zJnm;Xf2$0Y6BkUac;GY7a%>8^=!y-w)HO27>7b~ttJ6Rb^J)@EkQ2J-g1w@12~747
zWF^?6=3z;*<a%89Jujad=ijNH5Rr`hINR)OLbNEBtMUs{?F5yFL%}SWeaX+6o)1%w
zi=nad-}u@SCXA*@5@D__-9%cmmp~)?%@=rF@;CBY@4Q26eQ}uXnY5HdG}aJ;Wpw~j
zelaK<NK`1^l(aVfyag}t9)-fJsH-Rm;gAmj29_JkYnMLHuMUFzN-eM@6YVTBdECfF
z+?SV~Huu5IM3W(ibk*}%U2wW6Zj0$cEiC$VQlW71E1uueOlcqh$;qBfWjqc*=@&#g
zX<BiTrSJ#9aILhOG89Vu)!Jh$M}`fY?SwM_(Y{oHNRCtD6-#d9es}s=xtLIXuMH&D
zL7YfWQ}a4&;{`#691`!S=?i|o=Kz$d=Doc=pC34#-Y%Hr@i~*jTwsBGs8HX1`CVRG
z#KS)3G~9}H(lDd47(Ti&Jxx8fgzlh39w^Nf_)>2@mPjy|@UR(-(G40OhnB0UbaSpB
zUOQ^8`q)wji9~d6c_RL~epm7dwKRlLlo*}x_RuZ*e^KhEsI)H$_HUk(=Xq~<Ji`c{
zykYQ|$lZYC=-!}<E*+7hq9mu5J$yp%3#_-)d3XGByBZcNt*?g=<3&w%L4vC9b_D(K
zN)_c+5}k548`Wz`mecZs{kO$Ah!g)gD$VPU)cxq%x7y-P<z}Z3iW!3SSEj`tgo==U
zQ)Fv_vp|u8I3)~=w3ziso#`)_mgWnySDNA(=U=Xl^<%t?NE(8xV!0?FsRu7hSj|!u
z?ec$G#{Vooac$>Ef9f02r3w;{tWDrZ$)C6}uRWFd7H~a8QP!RXDk-6RgqrA2VxC~K
zoq>w@%4Ouem!d!PWh<0m^UEG>{ok_$Icu&`H!UTle6Ymqd+_&%s}ZYj_O0UFxWtKL
zRO8+6xQV|VTtdK6h_Xx6elx8IiNK@7|3(6gK*vq3PTkiURKhNJ5(xrpq%zL9ngTwQ
z9CmG8J|a8O-1zLq?Po7Ff7byR1@1KY7*B^uAm;iI@oj9&FOFZaow?HJc3gfwU_X8O
z_JB~o`gdzn9_&UOBOS*9rTzk+LJwrnMl7P&p_m+je#i^KthRr90Feoue4?LkI#uz-
zz(m}$B#O99S^rkaWP`Wne)UUn^LW%3!cg||pv?ZS-HB>IrG#RFgWo8~NfFof-$KAv
zd~mPFV@9-Xh^b`MO3OP<rB9l5|MmYyZ%-FSyZCXHOa?jwk|jcXtt2auv{@i?5B;cw
zlO~>f{l7WfkR%T+2@Wm1=nVY{2vPylz28-xd_sAZXYT#~9knqf13TX2y^7MjR4rFZ
zcFF``s_E|Nv&iGg?Cbu1ng8!IGdnx`o)^&7jKqp>GGNwm@G)zBx7WP(>FLR8Bz5oY
z>_5STG3D^!P>_wZw2BgWiHiE;ZP=tTO-D&zNjvfkKZdObEY|V8d1mX?*p^pUJ32bf
zQU7JenYl_r<m_y0XDiL$Bb^nzR{qSgAAIvzBjomHoGzLSGE2`6gC^l?kHY;&z=)OE
zaPFR`+Szq|jT3$eCy3p<B^i-P<asZwR{kSDF(ovBkuk!9488~|2T<o&FNxAuO4OSu
z(f>$4!r{8(wC!bh%ELhkmflTO%77n6DqwH=A6J}d47YVCIU~S%x2j6-Pd_9SM+AM|
zoz?np=#=GFw9^h9Nv7$;PG{0rxv<V2*zg7&;6JOkLQ_G)+{}9*R~eCqz^MR7;Y`pu
z@sr@+gbN5*gJo=Z!le-Mm_Zl?PF&7h?2-M?M6HD7qZ*}sEX{sLrCS0)X~<?W{|IB@
zk(*pz{e(~y5}!A4N>$B=#YHdQ@qcT<yK*;6rBD67b5!ATLj-}pcq;r|CDVzLRv5$|
zWfGcNze=sY)~$Tb`VSp4Gkb7XyiROIdgE?M);6K~ivJS}x&si6n;C#-AlLADAYBip
zJhl6O$x0<w{i>y8lF&>FkaL6e|A873=5ZuYIg%YPiCjU(;Re>R`)~8X(L(N=9m;}Z
zpZ8doP^Na8?EKw-w{WepCZiLVND%h`jccVs|ME=D!xNt_eU$wLIC0mmk9FWZXQLzi
z|G0Q7NnKV75i4D*ndAl&{v=7ufMbr|^<!QH@Sf5U==kBc+azR*>;2ylv+GTRYQSh|
zXSnulX@(I^|9Qn3<#l`tYWSzLLEL{r0oEcuV?!=s*I4LI_oJnb5B`@wkr(wT38H~z
z2$7Yql=cDO_y5Zn#UQM`Xo%C;GfPiw-K#Kj<MSISvM0_HI%5PIVvJ0^*-d@9kxZIr
zUmLl{)K_@>;CxzB<9Sej>7>p7)(ias!`i6Nz-`fPus8|hD0z?RApj8>t<X1uEk6py
z`+G2Z=A*R4M`!d+n{!;vNemMR4}*+7LOAr|*s469JpF%&-$NY}AuC_6Zu4?hPyX}e
z8@S#So9<28iHj78O3S+M{~^*t0MO&uE$>~T@1&rP^1n6=Olz4d)PyF~9`n(!Xw^Lb
z%Ui<2MnjUWP;;!UZ}S+9fHyzXS)GMG@rJg(dwmI%N(+XN3J#OXv<v?YSJDMf?e;(j
zpHH>Qpwl{SD~)Q~?!ah!sedGgk;pyL0B}E}gyI83&!`Un8imAq$2UTX8XB6JjjhSi
z@I4+Tp;tpw6N0$f-$>B;q4fvz`aw;lHCsHg<4iHopS>AkF<g$CT&f8?JUn>D38;b4
zLW}4vIc<%%ZrjwAO|1T{8F*U;kFqZ_e}RpRot|D?T+F2L1CkKpc9V)I+Z#srBnb5^
z@czXyE=%l=LxFvRF!D$pvKaWNyB^xn`lc&|qtG`>;^$>Q$%OEIcI3Y(85md*Y6h)@
z(BlT;aJQ0-Dy>G2oKY3^KSqTRw=M{8<jZ)29R2&-QS7N(%0Vy2|3$!kdkJR-st?Q9
z<8->87r+D2MAz}ACyTXw>z{WD<3u8RnZLJVn`Maqb;6u02v5j!8)j^QR!;kM*i6ql
z&g#nEtZ^t&SWsY2|7%XyB<8Tec4qUualtr@)Gb`^+g~5;E0Rw#?JARt+Xaz0m3{xN
zo6rr?rwZfE(#UnUX@T8Bz9>1nx^jD1(m#YGE|@`4Y^`!75SgLf_eZga(4-)Y^bo>Q
z@q;dR1`dpyJC91T;=g)SrHuV){`tz9wKzFRi37n0ok<{A$h<e)CfB=!UJ>$@5xEZ}
zd%Q<Z*r(fR`V~2g%NK>4kA_wog8El+SKZeU^tlW(?%v1M&9Q>N%i7LbD{E^nAw*ic
z9K>lqUnL%lAbc|^DH(>|_j@FjRg!v_NZ@<RKJmli1D@{3AgROq7{2u%2f4n~*CFq4
zY6=zuAqLw;Qx$!^fv|k{hpn)Y${>>=leeoh*PVXxSyh2OT*eH!pqMBIY_r&jTw#(3
zHxTKOoK!$GRD8JfAZ0zP{uR$UG?&lK;om_Wl0`>mz+l%NOE3{Ay!-|R#{8Z3+mLDi
z3{Pmu8HA77iK9dIx=$5GN?qES#%5HZfo2gWeAh)?<@Ps2Y4y3adsswjqPwOcTM2U$
zz3jzNyA*vrQXP!e{(or^F@=B!y%9K5W+E>aJxrd#`4}%ZGpYov1^|b}nyNBU2#r=#
zqb<mT<GLK<+gP=$td9Q-!Q4j(qlvd9<WBqO_D;ie#ndyyk>=<<wQ_TW>o^MoH|{cn
zQYc7o982i!VW&)$$y2z?TnBuIO2{FGU>e&KCg;o=?<J7@{5QpHO;Lhi%Lg4o+JveO
zMEsw`{tS<dnE0OZG@8CPG&E$pj|+s6c`ZV!0cDA(J16xM{rH%H(>5^{gu{#cFl{Gw
zBX=v#aU$+NU+<oGDE=Vzw0`;X#uZmWb7P<6@!^vkuSXEm&8HDa=73HCD_Q=8y*Osk
zA3fA@SM?oIz{q@o0U?HXg_!P-W^mZfe!Ydd6@I;$`HQ&~=bx{2BW#-GBx54aC&Ax?
z)jbZuVV!^8o|!y%(uIBR&I9h-44qowciyFFg-;$U9H!)9`4JaQDly;as;R3(7rrFO
zl6#-E9GI$#J{=Y=82hqL)2rqR+0V0tBp{iXgh7gG-XXJt(nRZi*JCz${$4$4VUQ}+
z6h${B8!PKrN5b7!7)2`c+aCLupd%KXTJcA`3sHzlS(_GNylbdWPLfnb^v9K*Xgj2G
zgFesL^qMyPGN)qZ`kbJ1_<g^h#93%JUXrq>%<$8Oe{(jW==CVKnVw`zf}V~}$-m7D
zZ9|Ci+b@iOd}<IU#NtURf=7^wi|*w(p|H=5Sr}PU5BdjE*IuliFbrLYTR5%qSD{G0
z<a}Cxgvi8*GZ0JW3#kK8UH*+K+k*a2HywA&ip$54dPMtZ6Q}9nB*`w37+9bgjTt*p
zVgL=_#`=%poW#@Z&^%x6b4H{G;*&1H`&Lp&0Ti?}Xk1WUZkuF$AG(J6r&RQ{JX*n&
zPcrxX=br$)b8MaO#%LDu(w#Jrkell_y<zjc3Yi}RjhthAOv2A1;@?5(EsM$36Ru}X
z%G>a3$L0TPp#e(F<}NGOpJ$n3^@}<E$^IQ08|it-TC_cEZ70)xnyY4n({a4}0#w|}
z%=oO4vek*y^#JQcG$Y{8Z1CR@7U8(kd0r{Ewe4+8i>;pU68bALR^}w#jGslRE<YuV
zN`}I&{I3Ma?-)ERED9rW*_4%)OKdCT*3AvPpj^FhMqNTBnh*cc0Y*KRk*^Z$hD|IP
zN)<)jFpvYn-q!Y4LPb$~s73s*uap<0>?wDdn&k%lmCnCl1cJZkHU0kIX|!*Di(Rf&
z(bCfL?VCy;N_b>s<ki)c9!tsg2BXny!(7J1s1bK~SZtC?4J96}U6DkXQu{|GW)BSU
z{|>>{v_qKIAMvFxhk4ibPedH~hVu=)bA-kc>x?pd-JxI#P|#@UKVDVB96=N#vsTsG
zch1Z5r&s^FMf0cHKg2>9`Lpde!>J$E-&Pv9ZW0ktQ1Pwt3=IF3Kc_rMj^_I<6*Ujr
z5EwnuwSlicQvR7{Es}^Mi#v*h^h${rurtS3Zsk#`w>@?+p`CChw((3kwU<8y<c&Ug
z4=@sg5RoLhyz8TEI+|Va&B-W*UDp3n6ku!G<b5zy2{$Q?EOxcyVQ$!8`cio0s3dez
zrMeH`>OYjubD0K>KQF}mqnb$vdZ|{K*#Yoy+e+tHn)R#U%=88SB@nH+6BvFQY2P1k
zv6Ydlwe|lVaG6eF--M%7$%)l$zMbRF{5w}|x|GVtT+FOf4GX8L5QPVB&=N!)n9n~i
zr9<wg93ZtOng$|jG+X@G%L-9W5J)`r_J?`|U#_UC^$Gs2@aWK=w)qdIvfIYj>#~@O
zd}|H?m&Lckl~rP2SXCfPUWI=1E3w|*y%x=wVfh+wmnh~J;$iVgmHK4EB-Dp0yR9@Y
zwe{`O**&^0<3B!y7D5_Jl$vaF<vkbk00>1B_NweX7VZMgPe9wZqTq9Ja<++d-wI_d
za%zt$RKsFld(-KX&-lcd!b+!U6620CBHl8J>N&~8lo%fQ2rnP!M~S=@Nb8LUIWYcZ
z^fN)X5h0if<2+?Xb_e=gyVY=3pZs!Y)ZpvEJL@hP4xh_qX0qZ7SSXr?R~h$7sIuSu
znPU*1u47mPin;V_^>sbx*<FS6(A%=ZWb>zPK1<l?L0eEY=r?fP3N?^-+W|rxP&p8%
z_&=}M`wf=M^*08m&O|+J_Nw+rG!>^dhQ>$nvVOF#bdy&tc67cJpSlZ6)K>{34=+B{
z-TZN3g+9!vAgKpOZR8+Tr94tw$6yg76Fg6q8EXd+P&ND&kg8I6)PYn?`I^GSvVt6s
zEK!lDFV;CKHqz_s0h_>tZ-J>4WgGF4ty^MWa9Untg0ihS1By&fr)Y&*FMZ1FiV#D9
zOk@;FLG4jK`zWscgmVOAi$;5I0qDbrX~n;!cSE8G$Rw3>oTbkUk5<?7x1>$)4pG3*
z%Yct(-Lt_hW&JrSqZoRcA@6LsYB6|{wW=Dqds4*DAt+(M@X|y|J6Z!CipEzrVE8~{
zB}IevM@yz5Swu=)JyWl2>c(6y!AdisT80^72GAs$#P4b?)C?pOx+z#J3Du%}Ibj_(
z3mKbUnSIKz(Bt@oU*w@em=Q>tN=4y2UEn>^1YCpn({AP2+vCF4W_Fdv^qL$3lmvTf
z89b27sYZ;K!l(pR2KUl*CsN`V+K}Fm)T0a`N4Jf=sy@K<Du%adZGJdsQU>{f2nH;9
zNC}3`MIh;GNu^_*c^2o0TqYHF%n#f2=tn(MLaZcLTfK@B`W&Foakx%%!VJ!&ij|l4
z88}|U?3P-EU09-)|EPu&H5iH6T)g-ChYeva(UUb{mp+5M%wB&?U>G@u|Hg%;p3-;j
z<SeX}67d+NNuZB_9i^gUu;1TH1;=<TF|hJkMhPsHm-4&=2)$R25iL~$oS~YD1BXeA
z9(qSLvHhmF0{CIY!K`EeHY1|j%_b6AOJ~IY^+1;~BHqxOEAeau+wf^tJ$(FYBwbSI
z4Q?MTUMnNu1u3c)6FKHGaw`j(vB4^2S1p}|BLOIu=AQ>|3v3i}_#I^WB`WI9ab+Ip
z!@iBk-HS_h%QJiTc@E7k!z_A*>2d#>piJ&lO?e*XmqwA#t^JQ&M?BB5zg{Mh2yegD
zM6@&5%wc_b-hN<ANtx4;s-BGU4$yhEVa7pn_`nfxkuJhjy9s6rYWg+Wg_K`{S9LS?
zzTb9i=A4k@vP)bhW(D|&s<P{lgsa!B;jT2p)#CZOJzIs~oF%e95hgp+dGKHy9mdJ+
z0ed$6g16VZ+&v((YlD%G6LI3OAy<{4(t}R#;MpSu02IcXf5$jrg+8D<knpvl^DZWW
zMs@b%BXfTx?ujMw;#^BpKq)S4Z-~9($vi71S=V#Bm=JxH=sZ~}!Ux?=mQ1n`@-f{)
zHd_JwRCA=T8yD51`@6^T5MGAZ2v+75`uebrDp=xq(so=ZsSWZ$HR~s}-u5!PsHrKp
zMmKf~+Ya~fpZM(^`SQI$WB0f*g+G2T_>#|3(h6ofQO#%KvO_i8iX$a{vw>jJ-@~(x
z%<WHt%)_JM>B)FLbdCDP>7cxQX<MC}VDE_3WE0Xo3@3fd&x}2)eWR59unRRp)-wjX
zKs>Oqo8p=>{RgTLy_4#X41Om~?bAw~&Y#5(*H*CGnt6WDZ|WJYb$P+!#t%y!M`pO%
zeH@MH-AS-JXxQGIHTQ7~8BSR5hN4HtUP)d4c4Sqh*Z9;ECu&%0H&!+#d&cehRl#vW
z@%v9<-?NwM=2eHV+7&JBJMHqU#51)+lhJIHP#7T6F5!24<d}ZleB@Vslr}dJ=c|r*
zZ`x51EJX>nUvSGI72!R{^ug*LOZ4))86`s@$BeVG&%4tiAMSTt8^Ok67Q;USmg|0Y
zb{O>S#k5Y(zw60UB7L|H2BqQY+u2fWXHK~>|2S<-`T65@LuHQ8;`RXNi?8~oK+yTy
zeWWPSYco%QEB^cExP*p$KQ;bNEF_Apl9Vdjz1(Kwl^O@_zD;Q7oKMQ?>hkLCyLEY_
zzQgF8nIiPic5MmKVpIFQtx2)e%D(cxptalS(N8ek#OVoYFBh@$X(?0rgx#e)_&;}k
zc*ae90y!G}hA%eGv_qZ8CFwOq>=#SYo^>Ef=&NUrBWlgDSvNTy^j#A$O1^8s<E}0{
z{?JZooON@e@Mj^fjp>S&gR>4SKXGxznJ^TroMNB{Xm03yn@0t5cT<_2)E>v~^gFPo
zSqBMy5&1;Uga11rda96j!*{}{FhTjl(h?c6|I%nn`KVfoU%wnUK`hMZGqV2#@^xM%
z$8;EW5*02N5_dL^njSBe2bUUfqsTW{XvTwcG0q^OY^_^gjad1$!QnaQlvR2h<{$yX
z{@Z73SIyy4Bp%pDQZ)E{VXlw(++W;x@#&)}DCZf(3}}k?%AYDwjNO7K(SRkkFYK`>
zGctz_0UkTBtJ^YF!{OQzabN?`R_!DT4ExO*lw?<z)e&8)Q?|>TfL9T}9Q}IR9Xfvb
zW&(1*=AX9fFliQ}Ub3mHq8F@!o`hd#pgURuff1SK{v7->fNuiV2HS1RI~#a;ZaG30
z1U_5aUOUHEQ?1L28eZ$(%`%oUcC=v124yGrT#k0QYf#Ahw$XBv+}Hqqx(M}JtW2Fl
zeXu=2%2I8CmY|h+$BWGiGb7$pi3@m4BiG7wIhne#Dp0S%a>;(ihW{ILQ3f%rC!ZPr
zXR$x7D^5mpaj1J%%sT#WeL@d_<YE=MJr-6*5%b}<Iqg@VWESX5{g6EbO?hFt>~YE=
zS5GVO#kTf#kclvmR)EMouw?d7C`n7xN-d>3zb)YFq!g;4GBXL44;lT<nY{9IR}QlV
za%%Gd->LtI&B2>}P`nK;Dp7d!iG&*xl6Q%V`?SCxu>Q00pR*N{`SKJLl(T09zF@hG
zUlu~9?Xz)2tVaPdvr33~oN)s%71D=asFvAKOoc6GW%n$Iq3tl33@{C<T=x_{SOKc<
zKEnyLQ~r{y98}RONz8Ld8bR=Z^8gB1783r<QWw?G(IBstZ2kr=p0#DT(ntvOUA2t_
zRHwfh8`aw<6XS`iozPP|8O>J4`Jy2>EA?k$d-+%D+lP5-s|a6JRXD1QnW%kSXUAsd
z(@!8{jY`&@Z~R<4pK0D~>~F!2Q0x>6Qf6!DR)ZVFqiys=vmKzCa>TfKXtDjiaeuMn
zGGpv(&$yeRcE!>YGsb$2@0H`_MP$h<nYAY>UHK=_q9jWRWdzju34WJIQZ+F<&;dv|
z#!={>CxA-_i)2G2OozjVNJMvUCck3Mg)c8v72-%|o}i;Q-IP-2{q(h9hi^x6t^_5#
z_;&o3o%Q)3jE7o=RZPiVGq5{DOhr%SRO8`?5u%aLAS3|e&rXVvW%dc3xIYe<*}JC$
zBd)bI@5nlUi|E0f+1#E_rHtznkp?=wbY?OcaAm?ZIKpL(SUzTlPvu2v3gqr5DwVt>
z+%8+$0~F68zfk#Nxa!@`V4pcB076ljWIRHb{(%O@ywhuw<CgKlp-7VsO~0zTUPpYD
ze|~XwE$~Vi;4o&~7LR-`ud|?Q3EFt-ZL5`Ixkw7ild!Jp-wXM1o&hafji6W~lCdv)
zqC<{;k^3qeEo~u`>6T>6KK0$_uo2PO_0ZT*zkL9=uX!_TX_Egc`bf#keLfn0>*7cf
z<-%<xGNm#v_X*ht=P@h*UYq0CM)EXi<!dSF7t250b>MrEhcxbkR=^Oe0p?rXr&N60
zyvB<!-?&_{u|P~aVxjU3Xi`NHM9yyfa~^9b6uHjb(O$0%FuBgY;<E$DmP*};S8u<C
z#a38Z-Y%}LI-GLLclCkw@#|fbh4I-x+L=ayTa_+!mnMIVS~r{_pWwB8%`~l<B$n8~
zAPYt;86wtQ_;VeRW+U_hsjPiTcaW1#x80sJV!!eG(S<0EIr#+>;gBoeqUl$O=;b_#
z=%1aNFF&nj>ZfZe1o#ZhzuCe&@(E}PCx4@F7M;TD9#HGG*pH;Uzh`IDH%!{p!40(_
ziIv7E5I9;wnKogw8s*N`=}{#C4WJRkl50xJPfHg!P!tKV>-R<{vg=&3TNjFJup$d3
zg*Mr;er&(%4ijZV^?pM*(YESr)je5zHD^C3TPgm!6l4aE;CEC-8DbKTO1!wy#0tnp
zS2Khu^FD=;vac`GiHXWg6Kf%a1kIi}zad3^bd>PQ{T1_B_P8i8qB2j(v~szY=CG|y
zT2Ns>Qlmxn0F%cEVQ_pQi42S&7NN{4(zMg$lhj4oXzF>so9Mm%>D|KXIR-nMtpY#j
zoTzieZ{gx2oEHC1`U1Wcbat5WTs~CG{`@XQUIx!w9YM*Pvp{3k%RoWf57SEl!r2Tu
zc47`81KuKr2n#mGBkn+4Vp;k3`{D!O$=whkMGCwTbp2|J>*>VSWV}l=n<R-W8GBr0
zR`QwQKz8a<b74$x5vxyw=@XCf8Z_$7t$=Np56C=?8TJTl_c=EQC^_tDZVU}8k^R`y
z)oHmz$O*jDqjHkqV9L|BA!-_yj5Y&?hW5!_@nqJKDi+RekLlkjFfqA@nT{veu79j*
ztzN9d!V?cL8*3d4+SC|X8D(Cv8_JzOn0V-C;KI|kw>L;R7Q_d_fbqmU<cg#TepP%g
z^{Dk|Q!nSc`jYyr8bzaNKc!s&i$tvRtvv6;f~}pESBNW44*Oc@ahsQP!{?E=so!4B
z@7>S(POQgaRuu51iK%t$<vkjQX4EU^xMnyj_gV+@wCCHc<c*$eFeV<)yXkBZdxjY8
zf5#Q0vBE6j5&=gFy8#O^xCwb(Kw!6yHeXKD@x^bAjKtCqAplwD&JFEaA?gR!kIzW3
znI=?87_Bgl;&}>R3WR`!^vL49Q?8SnD!2p|YNR8<ePsN5_<5Wy$(dPPIOVSq)@h8t
z$h!r7Y3?;wogI6HOScm-Cc`;^ctcd~WRMb!Fl-D>flWtGSE-`>)xIV!j5eYASnq69
z`u9Cj8Q!C2GmXSJw>`o>xc;>JKOwE9FE%tbEv{8=*uGEDoGG;YCoPs|Qq4CM{B;}@
zOpn)V7~#B7OL%`kQ$Jhnx&nVkUU8}9_gy@J`mIKE+4K>(DU)W93cYr_>jR{+7A-w`
zSnjEGM_;DRfJC#n^7&v{HI@d7JSSgpF5kpfwKI>jrkQ)~4*Tb`pFDYNckTSlB!sCt
zVSWBF+X1BCs(x<W$&Y#HD4SSSc{wn5_Pbz%U?m6d)tL@+3}H9WU<WR#3y#H_CBA2U
zZg@nXpyLfjgRk%6F$Ks4`>w@Sm%8=dI{*A&U%fW%Fk7{4pH|yA5|fE%Hilep&G=n^
z*e<Phd9TVTRK1zH$_Q(|8gQI;)mmH?kRk5mt=BA6X0o;LT?*M=kDQmXHJb1H_EG;Q
z5hK6ZKf;xrbk0;s3k907zYy18LH*)sqAp*D4tK2MJDRbBu_f+^Zm1*x%<%AB0)@OF
zgWx!%C|ZA%{pJTSvByY}#9+35F+J5i+kkvbsN7=bR$X`m(>d1+S_{sF2k;@)c2URF
zKyUxSdbxgevbU_?B9$QBxT}wqB2|@G$s&s~93;=|qSgR(`gZ88#QBNQsa4Z=iX`wb
zQvPHTxmzb$0~A6K+3SU~CZ`^S64m1Vb2ms<_3WJ}Ip?P(v(-a&!<)*onjehWR&MTU
zR(&C4{iHSby`R++vX5k}AYc1kAF!*DFyVg8jfCr?TgK>MC!~AdPoMI$2YQ6+^+)xz
zvr>oN?g@G4Yr2(Pj_b%*z3X96#>@s=c~!wZo1134e?nGC%r)eKSW=WW!gIPhhBHe$
z`b4)=-(<u2Hh4ZfB|Njb$wj>le!l+3F}KOPLX^Fg_Kn{4o+w+&i>ZKqWIFgmW=@G<
zU%klVOHOm#vehOl0jZOIYD70y87T?c4dO%RmtVK{qHpWNr*|ujpNFAUqcs$-i5JBb
zg!*LnMR5v6gHVU%Y$BFoHr@BJ9);T|iTu_{F80cs(NqzjIyhp;!(4VX9^}M}B?^!#
zpFOe0t8E8iMYFz~1s_E0w%hdZdd#zcz$~!7I#~qHHUx$&TcCxX=cD?H>};hD$@)Yy
zUxZ8as!bS*X2xGJ{*1V4<v<FiAO4T0cMPxV`@X*8q+!$8PGdK=ZQHhOJ8A3_v$3tl
zMq}Fz+Bo;__y2pIyv%iyeYVzGbIdV5>#D8DZk;JdK<83`ne|&Qd!)o;pYncj?j8>^
zz3`Nf!`*$11JLY>UPDK&yn1;vNr)BaSW=nOa}c?9TA@HVN`dL3U~*JkR1OuJ4Z%1(
zzZI7AeL7P^*vi}vcx11TT&ySiLGVeI=YYL&&%8QEOlHusUd8ll%%Ei#+ffP|edS#`
z2lSLwtRXgjtSO`jcKRGrM?7jGv)v=%-JsbKF3*m-Wfq8nl2p-g{&2Pt0WCRa%f5{H
zYp(CmBgoCotwI%^9_oQ`N$+rlbN0@d9?=9XYDnv=?AGxwtX04`)hJCr?NZKk!w4_-
zYGJ%c5BFOwiiI>ST2z~Xl$4SFOQz_1Fqni0*2d{Gl@tqvqWTwYMvRWJJ}J)%%ryHz
zgiX<%CS3hwo;d#wjCdZo(LmeJ&dq5n1sLA<*sdV-Ihep%^H>uzstKD(qUu`(UlOnT
zfG+}BS+B-5jQK5vw6lAJ%%||NSy^jkd4Axz2{E|n;Wt2s4J}I4km>dLaM>l#!P892
z*(!v?!R<WTpe5&N^h_pSH>`&iGe&O92jW&Ht@elC$=pbGR@Ra@0vK+uxxFF@tVqW#
zHyaW)EwrHs(T(t4(UZ)jIIA+I!Xxrq&gb_NvHr<D)NBd5bsPD`l=}O+9<g<ebUOpJ
zKjQ<#jEuT0M>~9YI{YnDp~K%zxwE4pm%cFT>`2sLPV0T=(pTDxA0;zJ{{9kvynxP8
zKx-eJM?YiuD_vDb;%~?I-m|h0>u^LIWx#j_qQwQ1{xphs4v7SL?wxnsVJ{;y5#m<Q
zG3hUvB9p(_@%cGfPhWcecch6m+R7~4{Me}qjkF^DhT)#f{j+Xymz!k1a#F(x!aeTY
ztW=Mmra@-I`dv+?THH*J1|0i+pNoD7`@{m$_7`)uyM@`!!+s*uJUWr&vK*J+4r=6s
zm%j{*hovD{h2>a^Jx~l0z=9Zw_zg_Qe3qL*o2gZ}1_A31R`t@+uotZgT?*T=ICARF
z>^W$}3tSwBM`-Z<;rjK)6o4IAOAd)oIQS0PPMjW>$*}Kau4qo_!&>{UN=8L8fs^eW
z5_@c{?_Foufy)W~w(EU4cIKEtFnR+5Pz11*^z@K=13s*uv#ulU>p&<U?R6j>=0vn-
zx~s#h-wn6lB*RPOL(tO17dV@Fe|m*B!o970ZVm3c!B1%HlVZnbZ8%v%^LSj~7g1Q{
z_TKE*+4Mb8r{(vGz^h=AeB$?&z@D8CcmGV`!rbRL^B|&Z1~faZI?m&BUd@H<+blw&
z-;?-G%BsZQEPnbnWiBtPV-L;hmDi5fBU>WYWs^+Sb%Ca?>FnByjb_igYHi8Gpa>E<
zDV;3s*qst>gLuihhe|o%6r~HHjjNT1qW$fo*CJmTp&D*u{Z+<UX%Gd66LFk_hO33S
z`s&2Zt;8pmc1={~iy0(?vpT}9YK8KYkh+eJQfGR1mKMzznJj8KEFfIXv`gSjw0k;4
z?PzC$HhK3$5=dq^Pumf3+2EG%s=tBDTBMn~XPG}JawsZ@zQIrSd6}timdRu%*^M}@
z8&bEVJ&>#<UiuLE3;RkDl2JAd$88i(qcbF0jnN@JOz|ooh*&yCpEiHV!8xHW;-!nm
z8u290d_39QRIhn^I3Tc1$iuoFG_2EdRs5I|AC|EdK>egV$7BaH`<E@03(->KQN#@7
zqcap?(S|HD82)ql)F0$axD#rA!8oVKkgvfHbe#e7k15M3C$g(H5dUvz228o2L!cx4
z)cXyiwZRC<+6z1wqChxtP1Y$Bo4su8!p7Y<GqSe@UCX@P%hIjboobpFMgpS297zy6
z9`@Gl<5IA;Qkbh?rX-?RYz(Yoily2a{c~MlT(evAOgDD%0;gdLk%)?PS-Py>R#nAR
z?g^$bK0NcZ)R=rY);L`&@7$NK1w4-6lPBP*7|au%7yIg#jnycV3Nl{e^ua}fC+}}@
z6pEG^6VAiPea?!29au04M5SCNRmlpU`(aFGWoa2NZk&kC%qGFnciJvT)r9JjV|sZz
zbN<U0D5gxLv(&Zyv!3!Cpy-9h>A#7rx4sr%mXWHG5YL!OMYy7_Va><liX_C$#%)Zx
z#WqO@#8JGUpIZFDKOl*j^2efZ@4VhGrI1OJG{FsL$qFt1Q#{4wT`)C!{qyI~ku>Pz
zPMvAA-nkS6=hAh)>ueySDr!I~PybL=X|X$e*eTFsdodXE=TRY7Ix1b^@z*>v3f;!r
zsdi@6@Px<Paq?V%0n=_&)@0g{I6Oqf$e!R}H36Lxm-7jmQrcI$ua@iR9fq36G$KM^
zcHu+e-`s5S1A_jQWS-nfG@;kUy}rM>%39J=IGHqK7M@Ql!%;NYd|S9Jr7bS3=FO>R
zZV(`I&M(4_t5FI%4c*8#l_I^xe#wc}0C%^DJ8Sel`%C<!mbyCS@_FQQ)~lH2jB<9E
zHZ30a2MS$C+vTTx?A*CK7VxQwJ^Zp@;!Mq!l}Bg&#UGJBP0YQds;t^DO(+vsirC<Q
z9<^>355EWYU>^~@96Q^EcmoL1yE6k7$_MIY&Tlu|j0HiA>RDgORXJmzYw;@$1#{yY
z`S$C8*x<*@Tuw&^cVvCez4&jT8dQ5LtIXc6tFxc}Gb?H=0hqQygx$ZF;yS|ud21VZ
zO7_v1J<W&cs`kuM>6FQxBU5f^8ms3c(Z{ZS)sc2pkJHUaDK!^=E@=2{I;@7>kL;Ve
zU)2}guF+tHkSRBY2pw2)(C$9vLO!z>^bMaN{82S~r<j88W%zi$xw)ERiN!*0M-luv
z-k`UfUy^em&)!0Rg8rE2R@9>Am`>S4XTkLe(hs>3>hFS<T^e{LSGg@j^BQ+~?U+e1
zi0+_07fFw*I81nAzpzE{ISbjB%5}iruF{d0>OT5gl?v#WH4X!x^Uop}bnYDfx2UE}
zCCiRiI`j6Ws-i_Y4r;a#-t07^IRq6KbS=zEPa;`)>lqjfTs4DbTPgYk-PEnqR@T+m
zr#oQ2ELZ?jceAs*tZ7cFS}~^`a2G(0BXLyEZXd*XE({hdht(7JGwD5%P>C)hDrjPt
z{aQ+d{c<py-1>DyOhJa)L4o1<K62gzxfIXKbUXkhKET~{HC9BXn7zo*N=PWsL`Wj)
zN_i0r-oa3llA+j5lyZD&4s}p6*~nJfoC?hFK{!u?@2~Mmu~hatkGI1Y2=NoHiUb2+
z^TU_?CwX`|RBBDE?y2#xX8nOwm?oetl)->_(5{aa$#CpDL4&aLsTm@-P1Wpl0!+HJ
zE7JZC3=$HO_0*q#*O3K=O$z(zkt(rA<jW^z)dwwfw``b7*9SINf?ralv1uK|%VpnA
zc|ZDt)xJfwov+_tk@57eE<QgYG1o?N(aDx}QwrFciLbHwYL1ty1RY1rIacwTc%gEL
zAmfx)3d+fDP*M^QyG@IGb2kV>qNBcUq~HkkHexxvZTKK))M$sL-TX;@Mpzj9z)~N@
zXcWw@ST$|Z3SVmQjo_ZI+tf339T;@?2vTa9Rj5o+&YpxISCUpO78Q-A(HYkV6O^ck
zh7$@CA{zvYf%!(rYB-hBU-g%$$y(r1<QHLN-u<*ezSr^6*KPm9sDPe5SVs?Cw=a#S
zW$LpC7IGHE9JD>4&v4e(8oVFE8S-;c>GG=7X0pd^eQucaADl_$2)^DXU(Cpokkc6|
z-M;_mK&GcV9RRa1$U8xPKU))@Xz*{6aQl<&qMj%6TVBsg?%;x2hiturBg>2<_3x|<
zENJE?3`x(^BYKrz8#<mAlj)gyY&HT1-!uN0QiTMad+k>|=2Rt;vVHLilI=6K5bfC0
zVmLIC7~z|{Lx$wjlzt*{n0ZeecyC*fm#XPx$zd-Z0Uj(QE(KK<77esj!|T@Ty!rfm
z>_eA5yky3%Tz`wk)Rm9OLSUz{j(b~QEaJR94DjL%>Zg*;^n=51kG3Bp9OqyjmMZ>m
z_p(fFNnz8oAEU&C;XJBl-*=6ndMJit%k_4fP^fj_Jy(#k*oNwT{~93ryjJzz@n`MD
z=Ht4*W1AOB<L(?5k&)s-^9Kdx*!q@^GBzN<+RU77#CV*;+fB>5;*pBc-THa_j*ch2
zgx!6mXtsyn&j{{7_8a(1semhBKanKj)ZwDl=1B6>WnUugs#7k%nq7qt<iX9IXi<#c
zu-~WGf&;Je(t90HtUjTrr`J6*v^mXriv94-3t@<YwO8(T5^(!I7sjKN$9hc^3k4<Q
z&Dj|d9$?xD@*>OCib^_j3<Q&({urBin<$EjgJS%fb#6ne@{>!AM}c8=0OcZO@ItbJ
zK=e|btiFYRRgq^L+g&#QS}s-&y|<9W|5_S7-BQ<5ZcpYGR@IeQzPV5Y-BiUqZ0?tU
z3$FFrRpMmsayYw3qD8^&Ay)&|p_myO;j{5%ccXiNb)2lJm|5qRfW`ebfA-BIZY7wd
z67Y*xlj&s-Klb<fC1W}1)zhujqN|+tiK41<z9_k<uCPFKjZbf`7<><cS#kENhoeDW
zxf?rELl0urq|Jb5(S3wQ;vJ21Z`y8`MLMSfzF}gN4ub)X*JJE9;Y-vSGU?k>LkF9v
zwyf*F;Zsd5b${gAd58q|{a)fLVtI9<1<_<?YdMf=A$?0<_<7Z9C$I=h?kwPg%8lgJ
z^O77wGGp`Whu=q0rZYX59shCc_i4Vn;<rC*enXMFXEwLk%4S9)9=A=Yl{j8gW1T3h
z#%AH!eXAG}Aw_InC)xh<uC~bAH>8w4W>SZ>4j-OUCY1(aT80g%6sZ~s8v$qW7P?%9
z*JKl|n~m4yN=szOc&;}NBYGZJk@*Dce@CV2`J_O@NGA94nrw7)%QqNL#WO31(}H-4
zpg%WkQw!`2E|>vxDXypQ$X|?@YmmMU64TDW0i&14$pLOSL49TTV7+Dq=O)NVY|>hK
zSB!!M8j`!wIYaAP><AU~@Ngn5b?TsIQWvsZMN@OI;35K?wRX=a8nv?7X^G+aY=v!6
z-srnVaQOxV1dRkZG0e3p-`W+j3ixjxQs6;WzS|Pt@tICG`_R!S7SK~lm;FwmXPA<j
zN*HjDs;2hlo8t}Q`|vuX$HHthdpj&cBkXpaKe&Xs;I6c8RZ3NH$G;u=w%z&nI6}Br
zZ^q}KqGIp(^N9rNh2{O^_XGl_g5EXDcd|pR)!6}zHM+n2>nJhH(@mseARH$VI7D%>
zp#IA~nond5`%2zEQT+p<e`m|4j^B=chZ04EWw7gn^nF|SnS#1Mvwm9_Ba!zy0XimN
zH<Tu-GBDc)RY+RR?@)8>KHImH%r^T*y7-?qo*0!dzKG(CmYOE5As!SKeA8raY<71d
zwc)T((;_WOw0n+!jqp}Xl<sm<ockJ)+Qmn~fPhSWEgLoSn%Bh`n;fia{F7w3F`g#d
z3Hx3XQ{#&AM#!&5dNROKR5{zJLrinjCGtlznx7aU#yI#Bg=RFyAtsotb!rh9F@?PY
zRn;mxj=n@q7y_@wX)?-}noH3&gaH(dC5j=p?+|3TaTo39^0yZuKTD5bKOR)={6fsK
zI_<yhIAC4et*F6%ykretzdWUEwh%yg>36pr#rqIxw>USC#zP>W@HysdR&RD!J)t1r
zAQX4N(c<dSED<tCQbTEqOoc^U+KTTfS`wM~Wi6s$w~AD)M0!rfGK=?euC|h1pgHNk
zO|Bo6p=><A!dkJSLLsAb6V@`lCQJ57$1cDB{zBzyvzGC^jdDz<pW}*_$An(K31>Gg
zktE(MJ_9F8uVGrmV#s~Z6mlPgm*uFrsCrJ9C&J-*Jno{N{pLFK=>)k#IB>dt_p6S}
z6-1G!K&lj|vyX~GP<q|ZXmNow3F1tlB#{>Gpox8ST4})uK7cH!5205sJ7`T6MBJn$
zNk_2AjRjgi^$@QKvwh(geeM>uk%LXjt1p$eZ|_^Nj!8<2%)N}o#m&C<x~aD)>sD9M
zLCH;<W_vnoZcgBTcqMxG{X36QrK;X9zaFOqXj}!O_l>P}Ia0Y&g$PsOKmMqHn0|m`
z(4kh_2@=^rx#nZTJd&_>dr}O5u5o+LU-Hg<=!{DsuUpFa2|U({j<^0E_4ekxJY^m7
zuI)J$EzxHFc~7=^XLoyiKhE{ur{&oANH)WAqT<U^R{yT#i9T2WizL;N7hk!CL;Qn=
zJdj4_T<a)BBiH55Gq2Uy-+3z9yaMPlmatFMy{7p}xaU32Y(Z0^tt-#-yY-SX|LtK)
zqEg4q8x0DK#DZ5;@hZbk^jO*3xrl2CoI4$Lqi9#IaYlz|Kt7<Ucg1N=GjAG&v70^s
ziQX$sVD@I)GS1rvy+4zm7^qPz@V}c$+|5nST(|x0r}cj+J9l_nzjkOpPp%3G7|aKp
zn1cz!!qCp~`0Rjs9vDda9Z4=7NPMt>Za;=dE5Y|$oVRnlD<a)dw%_Frskdp6vki1~
zZi^y%t6feAnK7TiTX#uq(nNpJeKNYqh^-94K80Z2!E}vOIcJ`oDdojP@Jd4Mus`um
z;X}OczKWG9qGO{KZw)|D!|b7IagPj*4gJg862MMf#W~OpZrNzzbJKX5Xz|!2PYFHB
z<a^(Em^zn?O|F}{rab!L;YcFO9p}@50~^(!W6%hpq^~|)cps}6=%lwPon!JapKJ?H
zBV|<*#9P?MGF&<iANBZn3+pGU?cX>|9T3ErAY;w?-geEzc-Xu+JELPJZk6N0s*TV2
zN!)>~paWd*@9DfzibS*st2L`rMAu4I4%f%yD$ha3)AVSO{ZFMRF1w){g`i1v4uU#K
zR6j{dx`oE7j8Z<=q0quTX?yXZX30MX4z0z!&?8eGo7=OC<ncT@1g5dVnNWuoA&-$_
zg&!WP?UDA}9q;L^lmu>X8(wCok}^ZBN;pH!mMKtNQtXMfD`_|}Sl3KU-ji)TK}J3`
zsN01&4k6k8<VWb~EMM8^;9~pzwv9p1&Fl~(E+Ks;;SO5rP31%4RRw>;vlwD*xyoO=
zOx%gotkSiORQWMwFdONpLq%yPoPsAUW<qHGav#Xs6tSi*tiesZHuy|IQ`cqKXf*%O
z&Qv#dHQ&<lm+2vk$B!FiuL>UoWD0D@6k(4bq|{qk>QcKXbdfHz*t0;+r-lO29Nyms
z#5-*by;xCoT@tbPZEg8_+8EST;V2fVsw|yU+Pe0s#JU)?r(}MktY*_IQ@oNE7So4+
z5WrYc#7-j@6c~<^S)o%XHjTD;I-`vqdpcd`Vv*Back7*}*1~^M<~+yiA*O~>#n^fh
z2xLl6=`6aft$uTaQDdiDnKOmTgz4^5Mi0@{hTE*N)2e9t^|kvpdh=qzo#ET~evle|
zhLUSZ@$7G9G6LK^W((FEIkG0XtVK8985CaRu$CIjt`!zL<S^uRn-v|z%0OWUEh}c)
z*x8sH){;~!Hs#{=1s6NZ$nx?%X^+N*wJ#M@tGrsva!GAdS7&B%r!e0B;)Okw+d^0c
z@=d&oP7Pwllxn{40(WJ~RCLNNXv387LCNLNUYKUWi8%BH2<AD1EI+X|gjwkH(Zw{r
z$e~fQ1fsXYTg&_jcYHh?hIXA$h$pld${1*%G2N!7^i2vHV5yJ8Pm+%i0`XGJ<uUf?
zQk|h9>pk6aWdg5^JWs(>Oj;!p27C?<n+@$6nlYR-UWX%GuBzn?u`)|Bi~D6>QvL=0
z<wRE8w+Fg=IUeiOd#RMaR`!RVB3?j;LLp8^UZZxnO$EnJ1g+mv9YrF<UX=q5%|`44
z_Ay4XV*Rhj6rimXkj*P7qLe3SoMuuFkjpD`i>6pm2XeX(a;7MYh&_gp9V0lFOV59i
z#}x-5&3haO>_JWB3H?0O(xB#wA|+J`{XQ{lK&e!U0sq|tm%&EtYGLyB(ong$kzbGy
zM=*NkqM9AjvN6Ttlk%Uux^7)nI7NEmO$xi|?gP3UP3fpiO9{K_WYp8OKE|AgVV6~4
z)HgGuD1?dhPBc2G>z5$%-kF)<dc!)-bGogMNC3t!(}IuKP`o5b(^-#an^`{am03kg
zD-ji1BWaM8W<+S$T;>B>M@66zNCqul4Ttr|TJ4A52-20ta9rQ9`y$;b8V-9yv9)P&
zTRzd6e;?mHI~6)!NZRa;$cWpQicqXlFSfSdXG9;jE0+@+>eIT|t8!z+hf!&z1!Gs!
zh$n<o#hNZ7Un_#a);37Q{tRd}%-Mns*mj)3v)$;tWvS7Jr=uGr|9v$t!*+v(Q}Pfr
z6DCsSG_F4*qmnR>k_5GB(%g=+Y2)Jlx>ko1=tY?p@J^p6<<ZFI>FPrBGUfE)z!Aij
zw+A1{$z6tFL4~>J`btPT2;H~3El}|GT~$k_gP!@g{{)Fdj2oG?=rhhr@0mr}o8gOH
zD<*}I8Mp)B!OHQPujjGjC{^&n*~qAAc|1i)5O^){qY??9ia_bUw<wDz(6jt?Bv&yz
z5KhUOr4{@4CG|ocY?J!WfEf_n@`cqn;zRMq%SywUo#Dk2t07)`HanetDPwrtZ*0t|
z)I%)$8R^pnVpiTBQnuOg{Cw=c(R@<&BO0l7=*Hi72w8yNccijGv%wytv2Y`L-huat
z-xi#?6kIuDtPF=HaIIvB+kp)aLocl7Te%`lF}3Rvownb2?Z;{)iKBRSQpS==Xo)`=
zm_g|TQ<D~qsWj&3-DYp6=i-rwn(o4jX1({+`nBJEuY$m~)5VDiN`AHS`rYXFnck1z
zlfVh`SmyJ!U`t8YSDZfc3?p-1q1+w)aiJfvxUVvg{Vr@khB=2Z<fQZDRXgkdc@}MZ
z1F@j}Y(!K~NM&s2!?*3|G-26a+aOuCg*<uc$CwD(9)y+qek=y_ejy*MKAV#vi)mD1
z_81JSn#0eD8qanG0ms9Iws4W?2J2A4mfA6xCUq<LoKzb;d!LIMjqU8sl`Q+(emizH
zh}CkqDw*l_YxWAN_$xl6m;78$$B*~0J8det{@Dlk?vLLASv;-dQJ&cMFyUiz$|qIB
zq}II91+#??#HeQB4&ei5X1b#`ipyoS*_QTJQfuy^3rMv0hHVO1Q@#suuddvV_~sZ+
zJXaCm-UL?^nc2qfDO${Hbaokv+l%0HFSEa_fy^1@$EkPN)^(^(?_)y%jqr@toS5Zz
zfBpKpf>WQ*!WoeEFX4ybyoRWQG}hMka!-ounwGfs*u}itPQC({Jk(^FdxW&?(a&D)
zQqfv<17wMIv;)!Oh^)elyv)MQyAM`O^UeRkOOCR?uuL4I0@fr#B+ntH(+CHbYxPl>
zTP%EGs$yly(pQyJ*)FFc#0)u&9UKlVAZp0&8-r+{0Lu{a`@%;&@eZDdq+2+{ipNyy
zKdbtk-oB6lXR9r(akiKet+mD0vlQbZyl=-k({_K*s1wX-MWPzX97_`6&;W55x;Agc
z7}7c%9p(yMpm1ZLJ{)`)@~N_xc*d9r_1w{a(YsYq&tj!XV2&7~iPmDKV&iN2TDye_
zC7t()q%Kg{RLul60%7>Uih70QFVX@>n?*TTgY%QPLYO8BgUSDqJsPR&jG1Y_)Z1bw
z!XWT%%atF4mTn=yMB)@r>YrzXAyMt2N*xoe=@76(Xuh*Ykk98Cg){vap0Pkk0S6>b
zoP`uolg#PQPydDYp29Wf$_eUEQ++?@%pz<QE1p#M9nfh1OEc+v_gqIwWS~+OW%w`4
zb#ZD(Qg8kV^W8&|5GuHhl*p}Mv-~zLg(uRW`3u3fLr)f={$Hek9aX&#@hbs2UhZ;-
z>D`*DOm3SBVwPBX0fKNa=ZKMK@l2vx{)N?V8;{R=PwU9H*it@n&jeq|&7pNH-Qnys
zRt;q>*s_<?JX~8FC;sm%+A~2;Z#3mwO13V4&040^u?|C$tEC0y>rb{vX4k@1G|Nsz
zi;~V+F1FZBu*pbEe`b>N=J}+G=^Y~m1hlDWXo6LXpoEQx7i8JhCHQ~01fYkX&#hw{
z>Zri81KMYL%smi{^O+OFBDvuRlBF~J7rFv6dU|3#{9a1Z|8jaj<gSu5JDkhqXh)|7
z;80*(6Wq7#zfF(*Vef`ow?*3IF7pyA^v`VccAC|d@rX{6T$ob1wII30C#eSz#ZE5-
zIu75gCzN#Td!CL&!Vy#9;|_~|3MI-?f|{(pLbs=WK|%q~I#-9VD^xU$DUuY8W!Lds
zL;NlH6#`Y+3B2%}(wqwjy(Mt&!C{QK0E~@x;2Yt>BEYwiJ&rf}_CsUYwr;w!_@Obo
zoh<^9ENt$$8##_max|Cz!i#pn-q;i%HEnn1H0S{r?&N$tl0dY53T}^`6A9!AMa1CY
z*qFIkMCxsKY)P}L@rYZg;44~JvC|mex{NM;%gowQn{b)UHTffulQ@&uTD#+b+*7G^
zRclw5@4DRx04zzr?s?g|Sk33);21Gx)|`opi$h%xSE5tRq_dCYz+75d%Eas@LO0gc
zR?d+wIXgc~Y6R8y-|<bf9IDwp(HEazCY?TwW-yx&dY_PBpl&#g5Qs$l_)9UybJ+yA
z^e#(CpAb9dd;n(4?F6I5FEIbteWEJpu+i|DTOei^%&!{Gftv64M@vd73US-*mmW*v
zL_3fG-10i!6$Nk@`;Yqx660q}Rb_J7l<7y%SO&h#e?EYmp(hYB?73Rm`v*7yhy-fI
zihbA!AvFLDLIHDv(B}e#Sq+)i($X^SXs?7W>(H2VGi%OE;!m!PGfA+enfw>7iX-%D
zuUuMMX8DH}UILaFX_EijbB%WM*_O{0*I9XycpR=9a10@PP}S@$5M1*+uW89*bJ}z8
zzr$N3S($ivKw|8=89)hm9HejExCMwLIRXy)HZoNmLDhld(ha~#01y~7J1OxJrEj*_
z-B-wcuLC<+n;f#C;o&fu5C`+G&?7GZ4hG0a@|{4KMyF6AZXG5P@poXfQ^~Zj89GkP
z3)Tys9@1z{e4>?(fj@1um`RH|x5p8SvjwAOnJG0Hw7_{GR&iA1WV;|w#0>$9$K_v!
zUM)HCGW*o`JhuFKEzQVq_##Q#1TJRF|K;)@jRw4!jDn*VO2p#H{R$u~(G9=nc<x1M
zA{c3HFK^N%%IunKJI4_CP_Vl40nd6Sua~om%J<muTkuuA0npeg1o^l~NWuWP<d8Bt
z-PxBk(rB{eX0uJ_t0y2=*r%LK#)^(02qqCRP6n_Saqv;)+2lFC@SsB%f_d!}U5(u#
z7%X>h$dM4szznC>d@aY293%6@HbR8Ao8M?rr1B!jD)o}`an`raFI!22CQ`qSKAaGE
z-u@_+&1?YRDkhRwoYTko0q+3D0rKtk6&e8-57&@(Bs!W&|K)G*M;z$+{&XP%kx;kM
z-L9+La&Auyh`-*{v~G4d&J7T~?!cn(KYpHaZskZxz0CQz+hVe30EiWqsj&m|+%Ff6
zX4tYhoWB7OhDeEo!~2R!LdD|iF%SsE;c=%M5*%i=1x5f)S$xLvf3aJ|3W#!u157n&
z86&?QfTP1g03E3YAb`wN=~pxLorW>cC}jn)mmyu1%+FmXPBP@V4pY+gy`{uC2=MqP
zv<#u+3Hfk&K8di~{4U5BgYWnSKsE$A(SvEu2Z3BDA|zata|l&Q=XH-xmR#@0+cjhN
zy|Qc3qrNQ?o&?zGD2zZSYqHIcb{MfBfAx3_Cg%ZpWBLPLAdkqiS*^?5=|kmy0XZ-l
z-kmJdNmxG6`~JX~0nXB4JPhANoa2O_rR%+{WighCmxAZK=jjwkg&!!2&-o|dbiSma
z6hu0<HV?|VgBU&Nhb8g_&^E$RjmA+$cx;xRk)dECt)l{~2{||6JgDH?qYr9Yw}f#D
zuSn>0h^&dvNR;cSp+p&Q$3T@PZi{GKl%r$=eXNKbd$MbETdYW7rLJC$8F0rOX<}H}
zMp7DTYH{oKoj{lpOOL!m{+AnYbDvZc_}uye!Go?p&NO;i+B4-#6i-nASkGcc&)ajZ
z=e*R9^QFZ_2K}bT-s`T$?Vgu7Z2s3<1O4||5tM;COy>=y;zob{kfR_}?yS#(PKWHV
zKpP)XkNH3Xr?NO0Y_kKt=HDwD+|T(8hcR>Wd|q1w4;m5ebpe<#AeF?^6K2r;2?FsG
z6+_BywN~TooFVF$1fDC-Or+}0LuQkouB+r*Fw+fCr`XJ+eCZP83v<>xCRTsi>d-M0
zE@<bVMcU`+jp2f+q(4Q_{TkLNkUg5oPq@)=9wmt=kYvv50rIuQ8HWu)Q%6^MO@n^`
zQWaH>>hljkj94MMu>R9D{zXJpd&$|73c)}f1^ZJ9BdjVbek4A>v0Dy06nBbCk0Zc6
zDNG2%@mo}q7}J8n&!wYcqrk_NCCj{{6;dh~Ql!&V!leAk(NF*e0BryYPTU;gPbjaa
z5G#;^0KR=_P9C}Oo*sUC<Hnw|YmZ24@Z2{O?_D_I`2FXe1Xsk4M(eXDf9_oUZgV8t
z^M>1o(xao~y}d95tUsqJ;4bYY&CvTjsk9o?d926#2?D`~<PL0TC<e_W7F{LzzY6?|
z{wU;fV}xiS3aD9|cLfZgN(gE%t5tWIcV4!HNSj^O(VghedGv{%J1(h{M*K-erZh}L
zUdsoFab_u9@OIwI9%+r$4vP)DxuRIF>)Y>`X{1?`9fwcNeON+e2HvL>u7^}csn2Q$
zS9!eOlHDSRvvIZf>OPcHdv$sSov)0EtEduRu6qS|Zjz504%Pu{xjoG4T1<Z;+X6G?
z$+Oa0YZ#aKXO0ZU;;=>ODQ7fjk{PgMDFv>WvNB%*M?HzH1GganrIhptAeR!4D`{&(
zg-2qd-M9Vz0@F@Idj)lp<m+3{i{m&KhsUbdvB#E|#o6Mq%GlySSd3!a;-I$imXLo;
zG1!5Y^F{rLvEcKvjsqx0RjP14Jw07yk_pNmxPPkFLSXfw)Q~ZlU$K;2y&9N{Aa*?K
z?^iAIF>uxcy&^~l%At)+^$i%K+#-+(;B{b)Y<YS9)&<df;N<2V(mBr@nhD^S^3Kzp
zSTxE2MUAP^IB~4WQ1mPcU6|fFD1`~}Z1L#4&MENAcQG1;p+IoR9Y(D}|Ho@uj&-BI
z2jbqu<&aGHhgZ9fj*9<mYr0SmsX+kR3~iWJ22!FaqHSXqlq2>t4;fi;Z3?V~MH?TY
zT_U|ZAFNutSvt%)+IX-4x9FRZ$_{XHsZo#0_Zt6*X}}=-=63wmn=_V292@Iy_5P7n
z*F7zJsFdjdh&pGQtElY%!z_8;6aeG_6hdC?@#k)`c)>f)-B2|56{CnL_I1Q)9X-7`
z@Y9sB?@px=C`9o>9=wDRP(?_uyTDxgb{!z#|H=RyOP3`xwE41wLDt1qBD#s{2Skzu
zn8*RZP5Q^{QPmA31dlq2oNFxdRka2=?#FS+=kY!PQ|++P9(IWpZEbkr^eAt8K{7so
zJHyT(`ylYxNLmNE?f@XDPGAv{bO{Xcf*d4h9Ce2bMGK8N2!DKk#^S8F;2(9cB<e-0
zhp>~@5K+-8gL&&W6>KPXTy>lqa@E)b4=!&6e7rSsEQ8-yDiYgb+UU8jno)67ht(kA
zu_IESjBuDYws-zA=`@ce2mXcupX|>a0M6^)2}UTc5ilD^kIhMhtLOT7y<=t(&lPq3
zbFo@pJ__86;h)~zRT{Pa0FUp$et%Kd`?N%Il8-w>mQ$a6T<3E<|FdPNOH6P}gMS@$
z?5-(n*ck~LGgval=|47ChwLPtq;4n~WEMW_1Vgc_6RP)x<y~C5KLyJ_{T8bc)Y<N#
zJ5gbk2@&<c%Sf6?-OgWqa5#}p1l$$uEoq!-d#FBm*p)0ZEfzkH|AN^asMzP&NUx^~
z0m{FxgB@xm4AS+=avFE;_5wLxTzNR&#<c8{El9Y$0vfSRv0+IWv1L$8R;_*#4@!pi
z93Ax+rlqBo$fT13tIDhHzxs%m1QF)LNk~y(=cI@R(cK%R_x~!01wA^nQ84f8w?FF&
zrN@lIwxiTKS?2A7f|D!4-*5Hvz^hFwdgkH66PV`BG`0JbK_x<nVgIIMj&<9{PiT~a
z!;I|*$<@LZYB)xZ%BR5QF8@lyQoKxofSxY!yYiy=EIJ1DO6aH9Wb@xrALgg+v-qMU
zy!$QnTfR>pqAgdu>oYWhx+Ph{_TX&TMp>X~U14$3cvWdn;GraBH0bH-=;)}guUE+D
z2RN6_&CQz7qpzcgi_8Cgd7hJJt*gz_9M%ALDMNNx61l&^1xpS(7_o3d$s|?E;i!R3
zA|a?^*fM~E;h;IsRDg=jWC)ffoVVNB0)T3iOa<lXlIIy(DU-Gf|7FOhJYqApG1;4<
zN6%-;d4>IN{R??$3zd^yAPEHJB^@HPoGQjw<G_k7S`(4}MXkl}^dQA3VXZI+zAIVI
zldHr10=a<5Y-=mp=c)<G=#HBz&{<mDCwSXkS5p4Vly8$Dt|3;C&}vJ6d*gM6vkK;o
z!Af&2l!g9upsrsS{t#>FPJ?G;rBEBAsQ?s=Y*})l=;kF0V5r`1pAaDRKmT=hAiuS4
zf*R=hAv|IGUo6}eX&}6m+CFQG(k&eNlNS8xF_jNVqG`oA3mxSDeSq&X$!~W1K$M2U
zQ;(D|wmH&W_)J}#t&IQSwxGsXi}F)GL&OCzPsmk@M$&Z$Z-iW`!TuwmWaY{H3@>d>
znf2wkk0Pfj_!SKuR;xyEuQ~A_*~=SBIWHB7-hUnb87LO9KBcOg{iE;Pa}JdEtAraR
zfg=rdZ!qORdShqhMO?Yfi~VhE?RC-F9{mqBWltQ7!}}>LjlD_P@`<K?%T`M|H?92t
zK&BmE(%1*u>e8eNcZVEwaKI79q$>Ucx{5C>Ia0YM_4}4LwiW4YO(5NA;mkfm)cjv$
zAH1T$S0idH!-`3T&u+=)A2H(JL(UpVI)N3PNj?vlbPx?iXmgkUM;2|J-2&QWAdLSH
zynxBlxKVAFmi<`+xK`NzmDqExe6q4m5%=eEl>3;+IAQ82x?=_Z9WCoe*cJs$7(2-f
z<w2%s)|avVyP+xL|E{?uz&~#W0o&yibKQ|9np?U^Di~YQ{*V0=h*N5`0v-c(upW-H
z3w{S$ArW0`MQoHbTm0{tS_orWXrkk>9wBYPh{{N_x>2NR+LdUV+irO-kNw|&{{qK`
zz81ZPia=_o#ddxfmV@K&MaNEMoL=eszfXK#na#;eGYT{M4E5uf0yNvx@72_1K*yix
z!Z-0BRZ7kSEbJ(4Og034?XC-*!;>0e!dUFE6ywhCP4a(0DliNE&&9fB!*0nHrZL&_
zF4K}Ade&t3tQ}SHf43PxwZWlthYEKpgLL%1PRUF>-xF!t0X?3j#~=Sci0kVi*OvBZ
z<8?`FpNaS=WIlyT)Y>zJ{DLr<ts2h%E-(r5g@p!HQ$D+J#jL)I%$@R}6%#2nS>f&f
zh)l`@fvTA}Inbq2*BJXfzxIScS}~|*X%zY&|9Hf}a1)~hPr!nyNeN5$<s<3(Yq0TX
zWAkO&u!HPd(fAqxfW3n0^&0+yvsv60H8ifpn%ktpUQp?Mz%&?J1rV2y@OJU~Un&^4
zJ&yc#>2!8~eS@YpuVZ0l57mf|M_&ELZQVI4$q)ctAV^J1s{)b}QTg7ZR(^gW&6j-P
ze#3}GU(FE<pAVZO5zA!ieo(9#>odm$_n1+$SKI5@J-$xhsuflJd=rxXqr>+phwIY}
z>)tRdfePPgTlXty1P{aHw3X`{?$j^PvV(uY!^2m!>*Z&><V0}u;ricvJq9fGu~<ie
znzXJYb4c)fhgdOK-<X!aHW><J3+*&Y&PmN#4w(g^X6?7o`#n7wRCR6kmolItir^mm
zGam=N2>3jLRB2L?LsUN(57d>D^8S4-=o(;>W=DV}u)NR5PO~FSi#Jtg^bV834yXDK
ztU7yc$7uluXg;5hyPRB{RTiL708{oQP~UP`%@+f-n;~Q7=3sHMi=zOxUT=##gt1vA
zDFZPsM(*B=8<QB1vh6imx+Y<)FM74J-;q0g`+2uHkV2Tn^%^D$DZWZvkTQlEubZ?)
zb-liRqj3OY=`sfk=l(n&^&?-t*>p4A49tESa6Ksl$r^bsx9h7lk7GJd)J?=$60!fG
zYniHmDGZZm$;<)D1Yjk?X}8t{knvL22qhl??u`Gu)K@z|>`}B&T|@9}XYcY)3OfpB
z^8E}YgesHYsrC9eCB4k<!&qbeR<ImU`_l$KCs5+Y)_4v}fyRbg`%j0irmG&5Txgni
zw+w6oKL9L?nZaCx;f+S3V_+XhUhTKTQ+AHw{Xtfn_aZh~e}<GF7H$)2g;~qF$z~F}
zK3Uhg!Q%T6R;9LeWr&s<xxLnLwxl5du$xN75JH&l=la7*(AOd)BfxdJ;pF)j&NbSn
z6C9jl6khqZcSmTn+kh6e`4q0@U6<Egp5LF<kJn=X05J=s`0vkuU5BE{XRw%!0}IXP
zKbJ8lr8XFRiEjc02t*AwfeN)-cgovDgx#ju@S?}lxt$c+@jEe;f8!3PCBB_zyHmfe
z<6?T*OzZlLj2Flc_wws#LVjp_xi@S5*n3J)Kam61#`HyuF{6b%2>{!aq~In!4LEk~
z7QS{_IW(A*DU-{82|^Vv(NkCUVmEP@9I;Fw9M<=LmriZvSwW|mzdxOv`O#7NJBE>W
z<Wp=PiZHipj@{!xGUiWL$Hgf5{GM|vwz~Z}8I4NE{vhM>s;Wl2&aSSSbWvl#?U)ao
z=0D76dHD&jPUCwz_`d(!)1DQeZb_iq*cG<Sp*{MVoy9#(Bjo$evH0^Ao?sOx%*E#0
zcbk;;n8<7Zq~c!y0vV95bR7Y8Y^>x<Xd?mqK-dUP?{4uojvDwgwbyKjq@Lch*WmhM
zj_TQ$>?H8ab=@tL4Mqs>iCf~It!CC~Kc?XX;B;}WQuNDb8&E;tj7$+fgSjT9=^NGf
z-V0|JlAU>n<*_{-yI|Hz)f=z7I4$Crx=Jl^%^rcl+hwfV4jcGi!2_4$(O!nU+xuaU
z=Suhedc^OS(g0ocaV(KCiuJ7};Con4SpRXBN?N2|vzqt#;l_Wi1J(tshBfruFial-
zt?D0r3RMvS3IUTYa@aTo21(gTNKS4FK=`uRt+7os0DRFjR5I~$XlNms@c@7Kv!#*>
z4y+E^bCpSjm*zY7=Q$G1&~ehYS-Fm}BM)RkE}x^1Y5o^m^0btcE@0KxBw5h#sev{)
z7-z~86d*k{mCqfc_PWkY&3^R9Uw|RjW*$%dq?61{Mb_=fr1Cn4WUHYIrIoR1uOZqO
z(^JC}&)ZJbLB(=4l6VXolLvtIlnGSOW-aJ;iEJ+`nVo8~L7YPn%u#+h{h@KfSEkGD
zF^4-s#SRGzJ0qMBagR0^>Io-vNQ;R1@w;>>fzSRqXpD0jFp>_R;5f!)!tE>~XK`B9
zc3x+`E-v_NyGt}RjVs{hb_kmRBxZr9F$MF<jNfZEwQqY^y=~8DRdX<lEdAyHQuhb%
z$0GnS?)`Y_JzXg4eSbcOI|hvCV67h<5BnC`gfDGwY9iY4%X6xx96=>4fkVGBN|<Rk
zfHCcGQouKpD;p$&J-XWqI6{tV=@)uvy<i+l&EGm72r#HEmj|d6g-iq%7$&Hs+3P(>
zb>J0$BeI~@{B+wiWr>;_tCA`D(ARx((i<Z~c=7KTmyo6rbJ!KmbJLiSFcjZw<Kn|0
zaD>@D-rFUOY?5-gWT@7m&DQr`W!L<{G?<W*q6$<gCkTui*H0DS3B4_6{a;345d(E2
z;!(+YJfNj)Y-kT~)Ei<8!8ZW)mZ=DfQGdfqPXaFk5Zvb^h~5CzSB6BQ1rXlA%-O<Q
zSrot>H}Ay>IXN{S%}<;=#DYvyJK%$Itk*#-G(2Go@;sM71;+Dt!{tz!eEi-P+jQ_m
z`k?jT8|~Y3XSTk25~9(7oB0x@f!6%(b^FxEW7p|b=2Srb((MUW6c%QQfbM0jT)FT0
z?op{l7D98$Vc>f!rD{=Ac|Y=z63$ibsCffJyUg5jG4J3PPam<1!*7r(JyQ^5mum`i
zM1RI`S(7BqF>puS?$QIxVu^nurQ_Vse-WW!3np>Rg6b$Bgg)wFthV@K-T>k{XEk5{
z^x<pz%IA^5ecjcdRHVuul&@V&E2$6EW`LxnA;!{|(F3rmZESclFFybZoC4p&BEUhD
z9EP4f3V6TEmq~Noq?;`@*Tm84z)6x9Dc&{RPbVhm{@Jr6#<Bs#V9w60anfAjEQ;XD
zuSZ?3?7UW)7Zo8Zbv>qdXi@x~Pp468xsL>FX1toODm~5uKJ*9Uh?WgL{5NagbzFAO
zs}!<2eCK=9E}w6*7W8eq_R%cNk-QDsz0-aYKS`cv1CYc5AHCE}2_aN`vj_dKv?=gQ
z;aE?<j#iOGJ327%Vv#%}`L3R7PwgqiuREGENK$1vvpL$0t2x?f@?}YK_DtKT@C0GP
zc&35~c-(A;eA)MeiVejG(jd7G3>{hf?+WbqN9nq%+}=$%*9R@=4WNbG&H>2O_iX@&
z-GR0kTR&GM;o(jHj}MH;>v_|m;Y|$qFm42m*ie|9La8aVv}YC-4v4)I3h3a()tgT3
z*$ILGtljJH5u)ovWK+-0`3at6(4A`x?n;<F*qq(dFI^9#{f@%*pn@@}HxILYJE9uy
zt5uAb4?OVR(%iY%+GP(#S>Uu6`x#V)OgQW<9PrQ8Mwdy#a4?z3)q|OoO~3amTk!$s
z&DX2WGm0czP0>m$#(mg0q7iE;pWHEFH(v4-Q<s4xu2JyD<hU!D8U~KU#ab_EMh7Qr
z#Wz81PqK8l@1ZoYOyU>^M!K0v%L@?Kx4h5kF~*GchN6H;K!|*Ptg$QcQsCohX8&iL
z%5OwV45lKL3W!W=PTz?ymaO>kGLy~=x~-Nk@JD4H)v;spP)aypfH$=ppezOev}s=8
z^*B*cwf3nv;=S(NKdqQS3%CA)?O=FQHGsOXRp~J2KPVl)U3qbDH{s9n<095hCZNvE
zcYO3DeyPi$vvtFhR@+Ecqzv!<#y>+fT~ht&A-^NWv@Nhcv!2&PyyzmHsfcFYX0!zk
zj_En>=;$b7OaCEc9n-(14%5g>ZxvNAFX?t|{xQZTyv;KHv*9Z$8*vJ0+$C}LM!|-^
zJ|s>!Ok-jmH@qLmJ%J^A=qe&2A+~xDb(7HuSJ|(G@4PA&16~$uWWRmB3j=jC0ci~>
z4v>Iz2D&ZkYHAga+=v9+_khH2vfbmS#yfa>II-<jCU|wfYSPFlWwkRJWe?Aj(*ZTt
zNIX7od+ficHA<xkaI*n~p4T+jG0-%EbQkpVdjrI*koyf@uw4kxsfo_hb{Z(Ut&e_c
zzaJaTA7l}TPdh_F3IzHO$9^yG)~(Sp?myZLN1|gqu3VNv#|18zK0qN6U48>Q9Pw3M
zX8FncEiAN4cMwKv4jm5a`?>j}R2fOn!eQ`Oc$d)4lEbk@p~6`2i$X9>5RaC~T3-J5
zn^`(#%ahtkoFAa(>j16w#l;N(^(|*X=jY>fv6K~L?98JgDO_we`$zi^`!)l8!-@Lw
zYkmO)Z>&=q3j`Xe9FS>gVyXr$Y&6NDJ(M}Zky02Hhi2AaELk=esQ4O*dmO<hSS^%R
zD25jn7XG8y4~EYzKqmtUAwbXD2ZZ~{<^(|88UYA|V-4IrrvG5%8X#WS8ov!ee1dM;
zK6nCvTNgYV*e7g?wEcHraR_`oTwKE$U`PTDxmCvASC%F%<kx-~#%?y3BiT&Y0uk`A
zxu{9^^oqnjTrGX?y_1taYLoBLr{Im;gaVG9+cq9}ug^|ut=F)F+NF(}I(k|A&Fh{*
z!ML-AP^*~V(sV>JwKzSr?V&7Doni2BUq=Iey&k4ga>X^Y40m1$#5H0r6&_nzTL*uf
zB^Mqq#|QG7RM?7sp_teAw)h)22Wd?FqRM7RmA`9*x-W(4{M)iFCJE7smCJtNawE)5
ziM&Y)v}-7vz0uGk4MK`F=W&A`83;pAqZ$Mts{wuBu%=~3Mp*ie{m{UU7KbH3GiDHp
z!&Gdo#SS|LXz+E%nrn5qR=^($_{2sw_U#AFjC$qd<wWqu$Pb{vh-$ipdgBZMe9CR1
z*i^chh;NNS{}8H}U^N-cMF@t`cyxEm?J=_`3m-ZQ_rDZu7<~PflxFDi?@#7)33a)z
z-p%%j^qqG0s}wS|Jsx=IKVAoNe-+$jS6gm_n5wI;`Rlf?zoxx;R!d9J-&(7d7f`dT
zd@<0A4QKYuz>#|(B-3Um+m^udx-Ba0?Y%Vp;ry9aC${SSdpJe6yWNz|L?Po3zznQ@
zw~mvP#ud{QzNs>kfTyjjq(m4c3NMleorjvNN5vrQBfjH8`9p94ZJ<=m5}tq>`C@OD
zfzo7+!Cbx8Q|<O=o$r$~#+N?Ip1o*VX=!Owbnn-N{P+8cvb<Yfl>H3=&Uu(D!_c3h
z!9V~+JAp<uR7IN7STqK$D%D43gB%eYD+1qbNMKkGe&hGa=dJiuRA16(VCoCFpOa8d
z5K_-JEBNu_3Q%$(Ye)s(-M$juCZ!eZyQowt_&Gg9&2Vho_YNV%<gB{AubF1t2*<u>
z6F6A8Jijf`Crs6J{^_Mf@rh>O-F^hMN_M-DwTu+(k+IL{kHN@=J@1J67*A?Sqjb@@
z@2JbDd%+W|#?RK%X>H~-=ebnKL2>k0zgifb#yselHn)dJE_4%D{Bp-uQUW$<(AC9{
z6Q64vLRZ_0VIvDG#nOXe8@>!vw0!Dgdcud*QiRV<vUsEzU{ph3<H{)Y0=D>Y0Ol+f
z_}}lqz78M2BF7|$R;7UBU%L_5JOZ*gjd~rZ^t3E;)v(2PJ1*+I!e-4g<_;F<@dV{v
zL_ja%RG5G^^^1abz82tn0u5{{y`<j33`&Jh%coEzgZKT2Hkwv*TOv!j#ul;kZ~e=|
z5w@6{KcdsiA^)bevTgFY43j7ftWBS}@|=Lr4vetHE;EJFOjzQW)KxZecw(_PaDBF)
z55{$ap~YjH*yQ(c#tW*JT-TqtIz9Hl*3#G0gDxs8FNeF;Rb+1hH=16VC6Nv)Z6ldK
zfVWTMK@OYd{9@Hy@N1zrAOM3U7TA&GGDSr`X}7er6oIkJaWiHd`)&*9TYo;Sw#|2)
zmjZglNk)o#xlej^!G^c&ekGC!uuhnK&?##Vf2teCsE~t!4I!lX(vowK4uWq}G7$y?
zVM@eDBs^aP*h<c3UXZ<BLWLL!_1upA&*bZ4JkEeY*gqg=@gqM1(d%O<XohI@cwDcj
z6R}{TP6*D%=MYtar;%GeBVD-C8=NY{_$R;k2W{X5;x2E^eMetX8bkS+j`KLOJTDX7
z%%s~}RRjt_4~4DR!Z*2e9YTD)^48hkkCZN(dfmTT@$|!yCB|7{dg_=D*q1yGI7|h<
z<ItmL*;@YQOg3}$KB`niRz}rUJZY;d-Y1`FQMVjU)3K+9oU=sNUN2K13RS6C1U9B&
z2TJ{F#N%XHN|JfN5<pb29BGUI^pq8rW4DZB=uHclR!m~}Z%Kh*+VI3@Nzfa;v{%kT
z$~T~ll8$gWDOd)&`{BG~E=Jh1hILE7<^63GrGRPNGau>Ax{cnR>OA1%0Jscl&i85I
zW5OeUZFqV_ZR^x3gu~=xab_M*tNGZ1@1UsNYQbnA<;3n*Eo_HTb$+31*(prip9(nk
z)g`&^rsCow>5ERF6=lrUZT{SRvjS2U8XDB+?K=mna1e}e^ZtqCxtM>&=iDrv??v>B
z7idg`KCg&@XU-`X$3W`nSuElE-t@CDdEV?ueWwKZiv-pJjAsDI3l&X@RfCZ7G6O7X
z(G+-tz;J)!SmY$VmBjh|-PC}A57}hD9`sEJ6D~e2l@`(EbMZJSD{bosSiVt3lv?gN
zz+N%-!0Y7q@+WnU4%q9aebRu5{a!t(CF(n!P)zo_q1zo~<9Wbe{i&zg8ZN)Jv+rdC
zwe2Sl;dlbJe%?K;np0NmWaH28<_SSFzO~Op-(x7<HWt;B`e{^847=C`?vEq4TOh<@
zQ*pXDB-uJ}sp3>m#>dA8e`*jiTgOdR;6Ec{vlu>N-fPFl(!k<`m6l(}a%`=5HO>b?
z!ltFCV*x*Tydkq5klUYL(cg{=+mwK$%6KwEwU+%LO)$c4!NNeE`e}C_-=7r`{^c$J
zXe?5U>IuxGMx-9re8=+}8@`v#zs6g=5(s$Q0WXX=n9hn>`a=&qB@qs5aTo7T$zmg^
z2>#6udIn*I>caIQD!NAi2mEi}rETX4dhE8ztZ(PQHa;OV7Dy*1@m%I31RlU!^fR20
zNUf1kYlHDD{rb0pr1P8GHT(95m+{)(A`dO`$_<(d*0)W*#y<_Gw3Gt%w>w|6ub$b;
zi+uVorp8V7VMmu-a2&7}WhY?*iwmm!<~11ULcx%Zy6&nPpkbjfAeSY{AyP{Wa#zjz
zl8Vl0qzh9+!aeHp8vV&Fvn;#n?naZ}Gso;~K{p3DaCmFKA(c<6k?61Xj!;9^U8y?)
z;i@$S0d78`39dZ-$pc``u(&-KE8hURsHCsq;o%buorq^um=1|R8z|5F|MB#W@o~N1
z_jl0PZS16JY&SL<+cq0pO&Z&_ZL2YxOl;e>?$gircmE&Gd1a6@XRfoawbtJ6<5ECN
z!bbQC_HR%zl~})}eXbp75!@jueJ0cJHheqxAd*HrSx_Pq`rkbWQ_I@^?QUUVZcZ@z
zAKwT-$wc9CoJX)s2-FVqOqp+W__$XuHZjegr@~@3R|pPFot6FQ>UPf7i>e07x#Jh)
zyx`Jv-jeI0P8#|}CLa*2E}=6PJNxQu_uk7#`_+83P;<O{nvdyH)YM;<0?<(oC?{Dv
z3^R_J+?ozS2%$Alf{49qBX*^tF-06nrlsOeIv|<26VKO3eAp3)XmYh?ic&k3pr?hA
zyzn%@$~RIGkDHtK3~WZk#q|_RD;#wa!cx<A0IOmo4hyu)&0ew|pR4UedtO)Azj5cl
z9ys7$Anczd3WzRsmuaK6`P79%;oJknlkfN5XWBLsKkk4eOqbi0A@<*yBAFG7;!Gg*
zR11hT7XaqSKa}{!=^1m5r||axGPUIcYX@6{)8=gc^T$n0mzo?UuSxpjuRfzM&|<C?
zQD^LoeC{Gka)T=C9S<?CvL){);G&)=Nb$Nrol92aeC;xszun%eDj&PvGY#_PzY!xt
z*xC2D63HY@#Q2Pm8@LKsd8%q^a?8|B;crbCWC_$}yWfvF&TYCHb}ogw?pKk&Gm=pB
z7JzPrq~oU$1QE`4ZCO6U$3`I$HOw(Y5!fwOS^k0^1nGJbc;8N8kNg8EP4c}|{8%&p
zcU@r6sP^yJV~4kLIAbBU+stLpe4TQl;_?GO^ZZgir?aZ)YJz<VTmt~W<^rhWA_Z(c
z*tI3tSpm{9*vSd<-uG}Bd~M*)@<#OiQ<_eL*%15}v)K6XqcF*zkfu(mX3(IsHfrrf
z3GYCV;bj<KK}Cf%C`a%m0^YT81HHOmjnw4##QA-CyS2jRLe>IgRJPv{Enz4-FhwEI
zc{csSZoy}V1JC~Yd`0)Ab9yv|=}qUN@MxleLy@5?%WZ3Jzm#EtpWo)pk)h&sa`xLK
z&q0&RYi=>^p`}WRpMVZOaQWIz>v`YJMP_VFn8bqRFMo~V^vBu`m<o7FL_F6LVQ=s%
zPPtGMpDXV#IEVN#DPjPhlN@V6Mz7T*9kl1oWSI}uBT@eGuoJJmYxQ}pt8Ck!z}<aF
zGO&IWFi|~sPT=2nxR(~-)nb3ma+9^ONa6l9tF9#VMDHeoi$ApA5xe<StLCy+M{C84
zb=-KMosuCiEcjN2F&cIw<Y^=cl%8U5Zq48?5!+1`uV>j?dmN9+df8p4u5|n#-9b`5
zjr)1!NxGLnZcq1lWRgC^e%?J4gJ#b1ggBdln&+Py+?MsDFo%-bB404Ir3&Fma7RHB
zYUtMr%Feb;_QU~EU&Q-KJ3^g@^yq48E28OSmiP4t1(Ex1ED%PNVCbN^-RuYx=BQsL
zEd5A2#a=p1i1StkST9XE@qd5V>tJ_mabx%NXap%}=sz6WqLwzck|Jq6`AvEK*!ZyR
zF(sV7=!DZ!14iY89R>0OzstLR8v<r&Gj{?_9!r%RnCPf!slp{LuHSBh&e{pzD9^&@
zR0>d^fV4r&-Mp4B9XCqA5^%eVBv`o@+w(W>oeyw3)R>Cf9g}1I*i*}Xzni4cehd!I
zcDFefG9iMTMT)`e0yMLAAO-+zodN0ib0}0PNR-yWs+;Ad=3)~H64Gse=p`!*Sz-Vo
zjpFsTx?}!kEoo+LA19R~DPxcIBCd>|c<mCh_-JbVYJG-Q(SGVlgcOZx+DXP^#fN{j
z)};5aY~A6k74nD8Y;ejpIScM!L&_DsJTA%-&3Cs<g>K4EZYL`Gwt*C{pZyE+0%3Qb
zQq8iSmL`3Iz$<=e@-wEzeqeP!4gg6vEe(y$i{wS;^d4GR5YK6x&(t+|?e#Ay%eNJx
zmy08{kDZw8b+<XX509O<NxZbf;+#Tugj8f7K)lM=0>Uqu3RxkT1wsL6s&{&26Yoi+
zynjv|UH2x-{yJbVIIW{}d_b-HgY*cXWs4Rp*m?_d`B^S?ZwNS37d>Oz(lL(em_76s
zYYh6z%F0mBov&8~ql5wyZ9cGh;pluit!{JX7+!bO8!Nae2}HVm7CQ_>BYc8es@ee%
z!%po1X?54%WLj4*j;(gOteI18nXDCjPHvked3+@~$Y9lenhPRj6gC&`j^iAngaiy9
zlx@xle<%b(x6NPw)Hgs;Q7JtWtpC;H4G2m=8s*VyY4vF=w!7sb9EwKx={W8WM{f?9
zX(SPg!$EEOS@TMhF!Zf3;l@L}zcMwHWRP+<;6-WKG|uG+27r#xcWs<B02hP4q}?p5
zeVs-GPhZ>kG5a|SI#%_{A1p6V=pV>xV%;q3W0;9Ph7MLjGKhKvOkSfsMy6Q&#OR?j
z>dEjtxoT&+g8lCrvuab{7scG3`2f{UyA6eZPL!n7rvtuJiCJ3pl=n%gD_{QPAB{}{
z>48F?s+Oy!kqX=rYDjVyb}`+5&#%CRrC<=LDh~r>o3yCKoBe{O78f}Im;ero>3Awj
zaa9#^BSgRw;8L9eX<Hzv2;f^fi&_7i29{TSyfmQjX|;?U=I%5T)IQK_MX!6sXwKst
zIdR2GNc05VX=`X`=yNz!OEEjWuRgvCS5|xCy$M$~8DwdAY(`6=&~^-!HwgI}fu5XT
zhpUS4xHEv+zWLoL+><ix;{~qe;HphKO1D*?!>tc1VXC~Yy1t4|oaZ9^_{0^dsr#~I
z4P>w4S<KkDM~o#EHf)|%&N^&3T@0NLOWY*ko>gI4;6*C`h1G|JT<<#R802Jp65u&l
z<?uL2gR!Fd^KbniSTgI)1K*R3_cW$E?*&|`SvgDuYo;?lgsU;~5y1CVA(Ok^HXcMg
z9zZ7F0RDiZu<%>2XiawhULgh~On;b^^@>>F;W}6D)Gh;^!SUbOiU-A;{T8VtPv^hT
zYgrnWgTZNuTH??bmeFa-tmK36yHF*Wc^GXmhlGLehFK|lsxwj*PRR!VowH~7$(-`G
zQ+ya|O=uzcKjtOt$+QgoTj7bDMqm+9W&#5p+E2`xo3{UKaVMCw{YR?NBf4)6w#lWT
zKmX@quLX2qGw@gl#2-m>7>500qWqhy|J8_oY{5Pr90?{=b>#m{bqwYloE;J>*4()N
z-?_ehKf1?C-$QRkH~k+?b;=1#D6pQC?i}5yH=?NZT=)8<;J;_z>L*|WuU5d0)gdsM
z%5vZbiM;4>Qt8+Sz)4mguXap=bSE}GQRj_p0o+3#0O*0X__*x9e0P{1T^2&#S7$N?
zIs`qV+M1gSl#+&RCrWwJwd%y*IwJg-!5e8!)*^{R03VL1I6ssIcD$NSpP0RmXG?)}
zX-&oL(xuCajVnO@97F8<gbw?Ie1)zHkUD{+SOek%drr$zSsjyqnwFMr+Yvd=VFChu
z3s|ZO*~e2G)EsyP{mNPliLksMBs8MHBM{aVR1tXwTm&+QJq~P}9J{(sB!N+AXrk6T
zie{_0T}<U3zbqUT%H(QRIAy*bQ7oNVZfHkZ?kSn;2u^GBE%+@98j0(Fdt6}up4;{h
z@gfmBkMamWQUEoC>-W^>DE@c1)J3V1l9HDFG^?uibKqd^>pn;K)7ej78mv2N{i2+v
zRY3l)D+AJhgqA(eBb9WnYtG4tPNV-N-bF>PGk(g;6a3MvtgK}A+D|phgC=EkJ=eye
zB=dPY(JKe3#cKIFv=`AX`BP)tiIfO|830{z+700UBKEugtYzR`|HXGP8YJTJ%X0((
z0BRy;a^4M5hD5~tMe70K()T?6Ky)@XHWD;0AUXAO!)+%Lb~nhrYs*Y6m@U+~Fcj`i
zXoxHyk3HoY`49$|KZ3-m9oSN6t4e8VYRcn=^y&*)42u}Y-+%GKUS$@=#0{h5F!T8p
zK*zu^i98Di!AY871*C`>qH6ncO{~IcnNlgV<OG_sh;>}P!44zkecrc-JZ{L*f7?X0
zbK=ZETEN^DbmRt3W^72wZ7mlr@ibbX&F|ja#DNIpJmw5nfuFc|cng_E>JJ@e;Shme
z$HZO4N!x|?sUn)1_}Euh9Rz&?dzgM;`$rxQR;M(_kRk+{(&|HNgI|tNWJeHiH}(Cw
z0iu7v{4pqFJfn|rhA!-1t2Lu!vQJdS84f^~!;Z1ha5uoZ6z+sZ!u|aZsl+%;SM$S<
zeg`O+eE{XzA-Fc0=Xw}W1;f7b0tvzi0LfF3GbF-p!T$zGJVT1;2@PLs4}ouV4CC<?
zqCK+hAM!J=v`;!Alye%`!E8tDxKT)_*a4d2@GbK2C>W87#61D5QA+f+wrfQ6XaJI-
zazZg%*^EB~o`#mOV|-GKHd@X+FpYvBR2<*_lV*mrF93!`OWg7jVJ}}*ggD7^^>cch
z#c`e|F!|qksB1M@0{Sba`cWU-X!fx**i`FRd;REtQ=R{W462oPb(cg`g=kv?_63BH
zTC8xhV6>Th-fiO=*nb$QX=to0Erp26;zYWs+QDuS%)wwg03Q-CtCxQF3ZnhZ<|i_^
z6#+o4C&0xYLv!gq1i&p}ZTy_wfRM2y3o-@4d=~!h7RYX0bg&xC#Q)bTa4NU~?oMI?
zq?nIGz>`+~JRN1tRijDYDbSK5l|=iiESLIU2ZTZ+F-lLZQHR4{wuO?GO|7hlUURF=
zYos(SclYnFKj&p{kaI^1CPw2XT>n{r4VT&@;GD@o|Ak`g9pr#wF8=NxJw^S$J7F|c
zoItItk7vMI7S}~C@46&(jq6m(Sr4#s`JV+7Z`pnst^tiE0QHBx0v}tLnk{%$DgyXi
zUEYE=V6(zbbqrmPq@Q%Z?a@sipD`}H(M@_9G&KI4{D)=*);J|m_$X(L6ab!lL?Y=7
zt{pZ=iE)53ACY0=AHDu5X?rkYbgDToIz}mBdZ-9gRj}SoQdNS1==-v=5d_3k4Zq*b
zD*Y>3Py0{*rR_DGhKUDE0jBK)IVm2r0HA7o@2&al1GKB4;IW_5TnwJpZsyeO6OZF!
zd%^Bz-CC1WplHxyujDcsFjr|d!tZ^>a{iGuUm}YDZ|!9RPKgh!d;p9Jlg6J)si>sD
z3wmt=5C=MqL!Y;L?=oFA<n<)M8yfFwul^#L1R@IPCVpt1u@c1^jtiGCFHO?^##syf
zeL&><Jd;f>mxZ|XOOwcXRw3p<w)(sRLHakK<D39wroOOC1(FHCU;`L9KzfpR5AY0<
z8*{+~7DBmz9g5o5h+j`g9IJjiiQ>T%YM5&PqL?1&ODMnx!tIP!@^KO!!0YG>8DK2J
zP~w<>4uehi*AQ6w%K@N<-bQJvH(MN{IUWiCQr8QBQc6f&*aIj>{|e=wZAV1`$Xq40
zwP;TYaR4ApC7k=KoRxAh6cl@16Y(1$KK?Sd+05l@;M@HK`|rOO2N>37!>PWYBlpR9
zqEs_)bTKV0BD|T^UEZJ)Wg68Apsj_%7-{LzC9N6sMGcTCACP2!udWttbYOkdb!#uu
zIlVEM0<@~1(6bQluAB-eaKUiMk!tq;hjH<qo^tGdoR(~lSdllEV5O+nzy=wMmH*2$
z&J_M(^#T}F0CL@f?Tih3o3>h*27Wsf;4Q|Rtvb!f087p&;6{~h1AqMI$HU8?P4WZs
z+f>umi&Z(gBjj7!e@HuX4+x!VaZhQU=kQjCq?I_T3_MI0+ONCPs}ui6RXo{Rb>_h$
zBDo1fXz9AI_!lJu`0~}?>jgx>PEGBvQnP*+6<7WX5dK4rj=B`3+IW!tm*K;ekrP@1
z<<0}22zaA5v}d%#QzQe%d|`J2uJXxeQ>OnN#|mNoZXi6?>|^<VF#2>qaw#0lXIczR
z5d*E6|CbfSi8CTutjW5f+V4WxT%h=`wiprDr+}PcG(n8|t)V`nnf2enBNC8|p|*D5
z{Pq7nZ8R~>ur_Q%*s;{q|7r}>mRXb6;Nw7}{~nsRVdM_kR6ox`|1Z$T3r000{oxSw
zUxmX9_t`Xr^^0p5Tm#hq0)Z%glCeeH0|JyWUpD^l`M6KIwhke%c(`qdx5odSRaRaw
zS$@tDoSlqybqMGANg!dFj>!8C(B1J6MwoaF2DWBtn~Sin6J0Na)eBZ68c?0Zf)zFN
zQhnEY&pqlqAD!<V^I3qlS5~aydJnL)adX+3l{_?y+;bfX_avX<!>T*(Z_S(wbT_Mo
zy!D$4Yvt8IbRb#7V;|gtl{dPn34q$Y)j!+NY*~45*C{2^CnHbEE~W512{eJRuRD(h
zttgw8YPats%{Tu&H}rm~e}6lzDJUk05t~uU^&GhDk>(uyTY*%G7b|v?IraYLwIt!W
zq>98qVWm~G_PjP4^iWV=xZ$<oIiX<1x(3k(D?88fJ*43qK>OUsyY08RJ<n>~nHqCN
zgk{rh)?e0|Jel?kuX9x+jf6J#L^cqJM~WnFL~Nr)8kqNAqZ#gmrF*L$<IpPS5ZH^G
zN}CvyprZppta4_~-HGQPeQH3kWtu5UZ()J2JYoY$S(LyeX8*brg&=8@7IDag2>*>>
z0tR}qf&BqH=kNm~v@^y!R3S8sbcAZT>09r}=K|(0gD!Fl)XSn6<3hm!U(wlw2#ldq
zdFvHd(g^CDDe>T&_U6nzsLbV8(U-05kIJELzpAD6l8Z|gDj7n|LR^t>>%>aO_{A9A
zB6ez$%_nFKkC{h2gLadmD2d^})O8Gy=7cp>f_XAJsIA~rSrfmGZ#%~hQK%6wGmi<$
zTa7VEndXYkgy&}0F@LYm`8z$592$xlXJeBFAvRooJE9PGD6|s#X=(JkJVQ7dKGxCn
z$gxnlS(`!ak9W1)rmy3ogjSvlNlIcXn1NzoPl^WA2l(Ht5JH)g3m4!r$z3RHUZjLu
zP6cE?ncGiH!BQwfS+)`@SuuA}GhkR~0VgmL)My%?(E>|{&b2}dF}2MK^<#fEte%ck
zh*spFBuU`|-q`=t6<mi&Bn98Ohq_%;G_S5q^eKu9+I>8eP`O<cr?ki^cgC>p7sL|A
z9>o(5iCTFGN~<kq;=0nGqvVp#Kqb%Qsr`%smyibQC|c4KI<zM%Fp05|+^Jj5!_j)c
zLZ-qu%rl9hz|AeXR0u=J7B1-f^KgY?hNBz1mkQe|2;gTn>lqnQ*$|^^|FE{2;N_YX
zr1udMs7I`y(~CPp8Gm{LM}UCVYmKSi*(F8Ba&js{3@J24t@Ep}u%4`kEMH`35?a~$
z)gv4)3;rWAsXQ+Jw&PkDDb`rF_D8R}%<8bAU3?OhQ$|qscQOYFIMFcm-;8_t%p~Gv
z(mx5<hfB{Cp(BepATjoxic_GB((so+4(ioMG7_<v`SrxGJV(;|8bww?T^B*Q^3=x~
zNBp<g#qW!C8k<bTREPwWPWo{Y`Fe#u$<IHhy=$L%#E!*L_m6GoW8Druam`tTIL$NR
zZsvfc{tPC6keR8;0g;Tx?V!h0jZF7-KR**9p5-mdxW(vX99IbC!wAw{F#%(k!1$06
z*<gP~$RZ?9nL1>UW$C7&hh=xq4gL}n1~Hh}vBJdnd5A#<FzGNqAutymz8PAd@YU;e
zdB*`^+W!~ko%0fJ_~Iv>EJ2O-n04VPq^Ut`TR2lmLW894rBPnXYQS3TU(}#P=r|g_
ziY9usRZGfme*H$?M{lT#zs9_@Is4Qk<GRny&HH5pf3Qu>n=&i)0LvtacQficlqE@O
zcx6`dWk>B>XYoVbc#Kxi5z7XL*C;8xTx6VQgL3E_x)Il(R-07S;f|Qr+@HVs^2dxb
zkb^QP3o?4TdFa{XV7S4L#}T6gZOzr8>&-KS=qXb+;2xbOI<VH=Tt~v@x}xnDIr>?j
zK)>ElmRy@{#BGY=;6oVp>Ac=5abQDqMZ97*w&du{!}pE(fbj`K)}7x>mROxS3C|os
zR4fPcX+?kO;?vD>6;!$0>A9>dH6v_h%<iRJPYbVIU^H_%aB$F|Sh4e8P{631Hm4?I
zp=mXBJL+uDZbf5{!p~Uir&oUj@mSamAy2z3HitY!-cThTQK?vr)##%$AIo{msY}&8
z0G^+wGGYB*JTkIKf+}|@DjI%<o$>o9B0-%3Ck4IjwLU(L`gkp(s|o6?Pqp&vBMpKy
z$L6h$v~^gJ3@==U)Y6yFkK_0_?{9wZ(kzClQ-37-1T($|;T3J=fBjWu3_l_cm49~x
zb|ierqQV^z0of;mr#o6hIvx>ID>LZo2h||PH<Koj^-!Kpl>VF+=8J{zd+5WV=j>z8
zQ?w1$qvPvKR^GIo-<PeO=k-MO)i74m<!Y%obdfyw<j#C!g#Y<<40@PljmlIb2u%rI
z<}B1IkY3(6Qfz?&@=;zf%pesCi%OQ9$Ljf1|M|dxlrawcCKU@?7ok~8y`M#A<620z
zNw0PbrIeD_O3tzWn&AaQ9M_%ykQLu1^Lf7GLbur+BA7TDb`%FBYSgC9@H3xm4>JI*
z0gFgc)Ipd8Q~u=F>2C*8EO_hQGFCT%86^pERSsB!<bizxgPR!J`P=X4%L5$Lf#lud
zN!iCJ7O*5iXq>tm!6W#<{M$=t<VA;ND@WB?tZM6!AsznnCyV%=R1%$F1{Z%rir*yq
z+hC$o0_%}~n*SD<kiYy~L9yNRW2RU`O*1fu9uGGzGw*^3e;UqyzrMpEDt&YvTL0qW
zcFoWopi;U0G^uy)scuORZKi0OxUk<GPO0~)A2!Y~`SsMv%bK)JH~K!?;kkn0L}mpZ
z=xKnSf!Dc|=d}$^Ny1b^j0DyFpygJLuX?-mwVwBP>LpqnpP}QK16n>$^!6VZ?hcA7
z7~)hTtrptE9D7SE!fN(6J1XN}ZY^x@e^{Tdkg4_RlJR#honK+IXb<wF1+ZyHFY(on
zqYmbxAd$Q<Hc<W{7@XdYNtIIST-^rODMV?(VonciLTe#;IP7dAVf~K7Ir8VsNUg&a
zd%oGa&!0!QAdwNF5bGBq^qv3olnLW?E@<^3<s!ZE<{*LhHaf_JjVgXh1~F(Wr=OHC
zyk#{A5r%LS$)%Ct8di*&5_f?EAB%pF)K1lYl{SjV<GrbH$FkQPRZNIm<2YY+pT+m%
z;pRZcvp&okwY{Ru=_V5dt%U{1E7i)Sc)Lkf6a056!pdYHtvBnzc6Hv9FPkMZz$CyD
ztAgHLC?Jx+II9K+_prx`aHlOsT02DZkY+9>=63YmtmLl^M4MnP3ZLWsEBPX*%V273
zz&z=N7#IQSu^=RGem{@sGZ`>jACo^L{T2>u_8D$8EfijS1l>GagADhyHyan`l#V_7
zXNYjDF*;cGwhw{5wP@j#6ZQM($_R>SU=&vL1KY8cDUto*A;}&|hDDp5K`&zb{weXb
zthYmtrmxs^^<5Z8bzKw#i!5Q3O>3o?kwks^u1CqVHR}o=ocrB(9g=%<<ZN+X!ku46
zLUzJY1{JqR!z^;~sCbxzH;j!(T;TA1epl9lNzy?Wh#}1bUYrz8nSW@S$IS4N2kOp1
z{yZ<MeSg%maN>>$)f{F&B`{RuD~TIC|Jn&WuXBI1?Y{E0vW#%k8}r8&ZVVv1iLV7k
z7{Gr1?SiTfzBGt^EmDhty`J?m27%O+cGSrHe4JA9Uc;?7&@)l4;frlPT7L=f{di{E
zO?;U4>_5SuULQ~Yb*cC;#*J#8Y<bg6o^Ux%DmOVX8?q7ad<PIBz_+xM6-?YCOMQ1m
zg;n-0@m$bvELI`_j3L3|B6!@Ii2ms6kkd1Me`*aZ1O;cZnfZKaSQ3}>p9l~~Fq;tR
zz3}mSmb5QBy4}Vn{UIAQ1RE=1rc0N{s<}+hG6x&`#cIv1ec2-`uT5jP4i)mQor?TG
zb-FUWIp;ng`oyXeS`}Yx6jRS_`H=Tz0fj*(%~U=6zN^A@zGx;Yb+v1hKi79gp>JCS
zW8aU@T4UMGONDcTZT@!@cwk(8_fvGW?aW~45I;%^K}xKjC`8|H#F<%kVTP?4Z(Uf>
zE!*1RCq&!lTfg5nxeBpU=J7kApY+w>pmdi&f*%iQvG_{rq!VF?_hbdCd1U4edSbsT
zqZRFXxjz``%=Z(oh|kG(LXGVm>k4vP8@h5UYFqOP8}q&?OvN3~Y~R}0zcg|tRvvYQ
zDvMI9oVS?h${*tlfHVB43}f}3E$;DslDk--wb{17lVRLQ{chF;UzyGBUL;FZ@o}5D
zotyvF8>W2V<e>gLf^rFQ3<2$$iv-_Y%Wk<Df8xzR0C`uiz+pT3osLLsvT89MI`$!b
z3WlBi3mF$`A2lo9^6S<Tr!!xsvpJ2944HTqXXYqLK76=Hs#F2!bE*WgcWJ1Qu>Nwl
zg~B=svMhd93^crOx-ha7iV%9;z!>hjTchdKv7)M~g68!S&?CacqdQmU-(A~q7g-n@
zG@lnV@21hHr@ME?7IMaxl9;~Vk#re7*?F_H>78fbu?=?6lIzui6XQORtGQiO>t&i=
zJe#7zv-)RkzpdqnLzFt77Dt^4nAfj6Z5JO4iogc4(R>kR3r9-$8(qumxyz3Q^iPsH
zQZ|_<Py-lZ`9{ffwx)9?jO4s6%rtyE^02WsI4*y9Ql^|J{9e1V$fmB*;a_yw;hA3J
zu26Z!jpy5CK3YtW9~e!qHq)%se)2hO_6v(gt=0dm=q4yFIuh4ZSdB6N&14y3k>+Zi
zwNZE4_wDEVLE|r};1oKGZk~N{8-83I?;g;WClVr4FWN?2cS0nueBit=xBEozqL}8i
z3`=pT{QJ#8JCOi^B)Jy<_dP?P8N@&mZVHpC*HFx_SFuTSv}$rqUSSF=@wD#7r-Hp1
z?hqR9+4JD9CV<sm3hoUGqG1dK?6|<0pjg!<8;;8@VU=SJQuP+MJ-Fh5qel4C<H>af
zqy1QpwVJ)Fp^^c2h)8x=gSQYr6TBi(X#LHbRF(j<Yz=g(b4b^Fxx9h(u++$XmW$i!
zpBC2Ul}vesw5qCRjq^)%iL{IE{g*^4?8>;JH~CWtrnrp;QaX#*4{&?!>I!45v@A~A
z95M`?BSwQfP@#Vq=Z*0P`gdf;nvRC}*r7cut=`mIu_9}f{lA@ry-k1aW+k|qQTQkT
zx2n!SZ8myiOo7DS*tj&<-f;dF+>eD+P5<!*V;YWzg2;i`>A>=QP6Ed?X7hp%e<peM
z73TzJcl7I7d_+FH{l=ddf9Nhjs*{ID0;>;hXZwWerns!cYbh6rY{xN_Z4>r2eYKtW
zdG=vK6`pAe+)8?>79Y{s>JTJsWidRY#co-T`qvpQUF9U^*M_YJ-U_cF$04RKnesj>
zQ$SnB#GXc-J*kcay!XmR4#<Ex_3^PFybfN5PlT&{R46*p2FdHwW^jA=qj)Z8kYSR6
zHjwW+Pa}LrTAMcCor7tZj`mP_M)ED`8u4*>%VM%vOHE!z#O&^VAi31!DS$a+1W-)3
zUicDb!7a?DI`%_!EQ8-Cb`Whn?|e4o_}NrxHR81g%G^a&8lsOb!Nt0BD+8u!o+mWr
zxorZs?&-?tukK6XfAH3?GI*P@El2D;=`I(GiEPAAGJ5=`&C$vbTDV^O(p25{GTg&W
z&UbajXWJWI91((-22z`m6Vv+Q^L%*RKj(?EXNuP8D`WfX%CTwh0)Ll)*S>#a-IAI}
z!xS3XCWfBPOnMs8hN8ILqFD>VUgkG`Crt|dpY+ubb=o9$NSe$LXf}I({l9SRHCqP{
zZ;Yy@<LxJFX2|acJ3~Cz*CTS>4x=p9@0a}5*{|d2{BF;cM0^kTK+f0qqE;@-?R4ww
zxw_+|xLEJ^<BRy?CiRgHXm0b+z#|DqDPr9Q)j!q}Sv?D>=k$obulz6#ew#}Qxq34o
znhS9YC{I{>vepxfrrM<KiGdldi9nRcWzpQ^`w@G}>k@}Ewy7sMUikdNuWSjEzTnjC
zP%iXR@`nmP>`_5SfOE<ssdA&Hq|Ceop=&SLlYlH-r#i@2=<6XA4~zQKq7OJGUlT;#
z3)*IJ`RSkPg<sQsL2mEhgZ;5y`jYP9dR#V8=?mI;_Ery7w^BOgy$tT27^BN~5R*MF
zH#Iq20$ACRf0(^!{Dg{M7AsacY`I-l6MjvYiW%`FMtS_QQ13eWmPa=g_xNq+MJz2j
zUEaKnC$rxis!&H0JsMY4NqFZh7>Pk+-SW8#<2lI<IqkVXngmYtvze$@gQy2=gD@wq
z6B<uJa0cCkH6Hw5Bt>%~c!H=?wZ=)5rr@L3C%yfN_aWc(1$v`O=RJe6Ub|<9VrHkZ
zHz(gdBJ<iX=5^ol(N2of`pxy|WS&<^>;e={58r)`MIS4LlrZ+@>C9{1lgDnUE}^V%
zozexloQI4p7PjsmL_r%KOP4G3c=j(0;_FXie=pj+Zn|~5_IQ({+aAIyKkWDBAM_gk
z3adrB?;h8Fw3)UKRWEIgSh;%NCB<!jo=Ujx>N^6fIEVpwaY9)mwM}~2wCIQ1Ol!7U
zj{EL35B&bCKEc(i50{BA_)UfveX6I<00SzxBE{`8EL3Uu?7RCDAq?Hd+n>F5f*P-0
z@G;jl->0e<I->52I-Pr+rW-z*s5ga-bt#FG$ODv<Q%Cl&Z>FdsIhdiEV-Dft2^-CF
zf21c3z4o-Z_dk3+55O5k?Ylox*E-)_+_s>=5isRrN<s$1&<d8Jv{)7Lp}#<}?aOU5
zkdURtpvISkehVYVR+f(?{)>yJU;z!@<Bt(Lu~KcF`oY5DIn)UyGVrj@-9;4SZDwZX
z`qR|xAob$(JOXwF2{L+T2%oTo)*f+am0#7><w8c-!xp7StZC_^35#3RUS*aJDI{mJ
z$;evHVF+>QAD$c!+9iLdwtz;l&S-g2eG(FLg`%H`lgdMMBQI`oU*I=)53;20vUxCf
zP)8o4(UzhTZ?Jd(7F*QU;P!+!CkoZ%D6I~A6Po}M{65EBztZb=%Q^k&gX@nbgtQQ&
zdxrRK^_ShbKw%+7ZXCOK0|t$A4{;(-W$M`H%cXCT&h}C{?gxPZrE&6k!i>6#v#3<n
zNKR6$oJ1)DcpmS&AypjrfMdrrX4;7f8_eZZo^MhNk%hNgLHSwe*K9ErkC(gdl|Kdz
zN|Ng@gaoHm1?0M=bP>&Yg^~!`@`8qrx-zTcGJ3nj%yv~5S%y7J6%&<2_|mdd<+)m=
z<fu%p<Rn){8KwELC%r9JVIMlubUToVvS^7|hLDoEa+IBUlsIDja6?!PYekAdF9wcS
zEL^bN<6mr!&9D}#%ynwWLYlZO2R7mj?J3@Pckz>l?hZPTADVe)=%5XFDM+$8Pugy#
z5z!G6efbMod+ml`?1ZWr4cdNH>~_=A$a1xm@Gu(bK+;bHE>#7Ue!50=iJAl&jAb^+
zCNG(BemUJ8SV~qU_`e*pFH0%Ai12UEF=3M8B0*<;_mQbcE+x!|7+NKM;l_whe}*rA
z%gb5qozP=>wfNWwADEZqlkgY2AR3Hi*|~Sj)5~y!@sE9&9LqhcjZV0;>4)ErsZcgR
z2FeDCPA@j`s$zr;eK~!rBw_g!h>UAXrhnl(()=>{HliT+QLu5t;bpat;<@3bXe`xv
z^IBwc;ob0_IR{gPQpo;u?*#^;i2zmJTo)a=TnSwS-15huN0bY1%jC!3@7Ax<EqomO
za}QWIWnDLKs!kr&Xcq3BDs%9yiP^&H;Ef5N3e>7iA!f4tO#ax$VL0|2)qmO(L{XdE
z1(V3CTt}lRz!MIS@hTSJdg2j&VV$NCt`%U_HcmwdITN1<D<vJ3xi)uC=9l^D=_@l=
zfBi<lHceX9anj=t$3j7DI4;r)iCk{av*P041bHO$O_axivv;d!Fy>6<6Hc_7%ead?
zH^OA%7xBgMYY`CYcvD|dO<EQ^QBPu0w3ZC!W-t207!4M$+KDw5)e@AI0~&m$bI!w`
zkrA~Zt&0qTH=U21?(}H5OjYlN>8y2nnDakjcH@+FAhc`GO7i3)9nA7mt3w19|IM9u
zEgSP)tt=&6);!y|)JWR#aSw{|F9W0sTjT%>;Nf}fTPFQ?WDdi#G^DF!K4<oCT)OVd
ze!;fx4?RO1I!uMeQxt>ukuI4-hJrM-(&x<F1KQ%q9I6r+v3Vv3O?HZRM6_0~rvx;b
z%O=BfnJ~I#ed#r>Aq`3Dw6febmmynyViDNv4*i$8!g9igAQIsTPVfHI;%J_mh}f?|
zNTM0BeZg7Y^Ed|*!8KbBdMa}-L)7@YRz%Yy3j#5J{OfaZ&Obd_glk=2_$Kl_7%$z_
zk7farml5j6-dWmD2a12_d6n%B6o&zi%+J3{4kg;4Ptthbk6bTgQ~B;Jg^5n8(0X(k
zUfp0w>6WNJXNRfnvrGI<!aXD6xsZ1*zmTCI%?Ab1==X^1mdGhAf`mR<>l(GQBc><p
z6lHJ~g4ofyK&aC03Z)==^fr=BGG3By_#hz|{pdb&xq+{kG=65}=IQAffzpJVS>IL>
zf(V;UogvGs5~nR0(HNl+7#Yx!>j+IwK|hk=@LXfP_|Z5L8iI5F3M|jeQS~Vjg>##V
zP&at>lBEyE-HKXd8z<u0?2LpdSLb01=0aBKU@{uohT%nC33O`w6nCprCmUPab;pXP
z<gK&1UW-=EdK*j3C$DVZ&qb;3GFu6!>HH~r-)(Dr$%3^v5ml7of#q%($lGU^5^oqq
zr*|>_!GTn7ako^j(|p(I>3cgtu<>y_!mr=B!(?V?fsyFSz4IL4>$K6c@Y*?4l5Wz`
zDNxWjn&%K`a0){*LyI6-ll$iU`x6AEm-_Pwm&iFq^d<}jyf!jfkcaZRb6xU^qy9TO
z=Jj;XD+UkloiIAHaxS9DBto!_oa{5$+g>d>6ALlV)~1B}g5p@&`yR@JnrngJi*Xyz
zq$JnKGF`Tfqh%lX1TuezlqkTSusF&{Ww57FR$iq-J^f5g6&~E{h(*g9p8*94<Lp?O
zb7kS&($uq48sxx@fpFzV#h+yEaLgkrYca0m?`htrZYtxi;~-Me!5M@kuVW!O_9AAQ
zJ8S&}j}h1LbuMXy6x=pt;+eDD7B*A_$#EOM5{GwN{Ra0N3Vf2Dx-#yaIUjU1bT8^s
zo5V0ZwJaRw?kZE|v4DbbjZxVSRj0c5@!bbUtI}DM!}ohPZLdp>oorLQY&MtYcevA-
z(S#6${S;_dbqEzSYjY*!`mmQ8N!fkwU(=&H-MI6YBR^>WO28%YGJH7hUFCmO;r;r8
zKb`v_(WsLY)ga+|Ck&6EQs2}<Va#NOHq9Ir-L1)peccY1$~EbdQNWsfy>V<2cHEG(
zyi-k+z}hS_xVrR~KUE0!c=9B;zfks!Y{hty1`qeSD1##7cYMW4oliNCzUa{FW<JM`
zTxnXcIc2)bipK25{IK>u?*8fau=-*D=g@{6iLeIwbU#J#X69HzCcsaW7=sIuPRV_b
zh&Ni0FjruaP+GLFroxQhc&=*TxVH>ten=s;jF~mQ)^4fPl`jdN;5P0@?jGvKBJT|=
zM>U9FBN59zG8G}PNr<Wxw56<2OP4`x)`SrQPjDP#2;*9%)8_Gk>uF@%t`rdwA>RAz
z(5&%v=P&K>wyf|daQDewmp3;M%xzUZBsidk4MREIXybAGD!)oHy_ZuZJfu(e{^Y6J
zz}hxRQWC1V;WBmo!M(TEUdMN-LaNi?%kSF=0y&G_l&{wjT4*#93!JYqTdwB^;otr~
zXpyBZ#Ly(4-_Qgbejg;*5a0UzELKmt6Fd|R*Sy)9$>mJB%JXdQ4l!#8GaOP;Uf%dg
z!aay36=!>k7@_M;j7>_U-Nh)_cZ@n(*=@v*S>t+{hHa*(0%%&}7%<>0%zNpFD8@G=
zl23Z=5bU^9VD|SGp4#ycxxFetqDzNxkHUAtt0Q3<x?2Tw9GQ%pseQ#&w!5P<hpI9H
zq!sHihRms|lW`9YjJg&yssmMtWze)_>^z!$#k8?bhD%^WTKb!&hBItR8;=Q&bD`*!
zxw#`{M^BwPC3Yyrf?5KrY9g6BbrvmBQEz$}sS9mV1jZ1g?b+b&yfT~_6~ivsSPGV@
zIXEDjGhyR;Qz^-|lGq%+GVp2)TjnQvd{v)s1#Y27Y_^t?)jJ)^UT+=U->;T;ljJx#
zJk}U1UzRwQ*wSB1(lYUj!30K?p=hn~B6W#Ynp8qE?qy~?LRL|r8amhc^e|Q-f+~I}
zWohkjYVkHNS6j-H7*Ku5ycqW3^!37}8^o#G!;#|Or;m>a80Hx%wzg0mvv`xQCOD*+
z^5FJj)=|t2;6XR+nF}woVy{VPKfeUeCYs{c&^9do{4LZN%=u^j*BsDZ;ki9zlR)m%
zeApb3sH#^2qGKUw?W?voYn21_h2VWkL{F2jqytYi8K!ru&&CDsYmbsvn7k<29?g2q
z$1C7aK*g>heA_UMW@+Nxn($yii*p=Gyb%Z)bLV{3F(xBWp<5yG37y&#+5Rwf4&4fj
zA(yGIYEY+gG7j+Kp~PtGvE!Gs^&DE7S6{l=R6kIrP4gEL58uuVi!@J;(~ovYGKXC$
zbs!;iu>CxADHLNCuwoauFh=n4`WCl7^g^TICR=x(xnQ;KW3q$rq5XDnG1_HIvYze0
z3-MRJ0a%y?I|58pe5@C@VUQ$jpW1}E8{}TwRBBpp4kn);l;qw$@8j!D`Pp3g{7olQ
zA0Edw?4o&@tmaR@Q@YB%zmy(DPiDL?jsvAHkghNr^Zxdp3lF^ow;<VKn|UzbHi5Y?
z1+T;T5U3aHXU$|gm!CiK*e);-ySDER>0?>1SFZMUd5V#2ug;mP%xVnN%btDr=Vk<@
zJt>F_8M{9?Ywl=;Ld1h;ye)zJnFyEH`;t#MSOl4;X5QZLgniI-Qm>b;cv=F9dl4B*
ziRyfDRrm{*OCFb(Pkuez9z@u28XQH-Tg41Awn7%{r<5~jo+lnnD>~BBZAc3RWJROJ
zNF+&@56`SIA;|^nnCgBrL#c!Mcy3$q->Xx*uBI`9)5Ck(Es|e9hrxVB`eiPx(7#vp
zS19t^l-Sp#5UfJQpIxX2rp<b*s*0ak-JKU#UrmQ>czt|v!qwSO=<HTS0wmytKS6?j
zrxzwQ;T&dX)qAC2f&yyhs-;!Mg3LA>E25V70N;0~x0#26rb=;G4oJo#w8wj*NjdB1
z;fREUTRvIwARZ&7o#LM-a}Zy3RKn5vg0h_VkIb^&2bat;?Vm#o7M%u%w+=ELF;`0*
zC%H}{Vnc2~>GP0M6);JfDD<^OZ<ES%O{;1IrG7CxndCYY=c7}zyXoW8>XZe_q>_sA
zb5hIg0I{i>fs{f|tAmBY$^wV(!a+h$<w&`*`1A`Af#2^DjZCS}zhVgBR#X=a_H-YL
zKd#O{bjxfd3Ow$^2wV-#7hz9&!#kAZ?w<+CJTA;qMi#dhwm;HptAr1P-T#!b#`mGr
z1>`1FVrV+=mnrQs)nyA(SNmZ1>wMk%)HLa4TY1o5!<MN0MYA*_G4_f-)9^L$Zd@rc
zQj&eodtooPz>ICtVfTy1xbbhN+uO#=>PUE{EEln7n5S;FZ+>{=GFNt-gzy~D`FFK7
zL!W`k+1us;s^<6O1g8OJik+U~=WfK;=^M%K_etO^@3w@k{8}#>ciosRvUO8Zu;)xP
z`tIW~dN<#LXtTLkrZtpM`xm-b$|N}Y!jf*EmMQ|O-nAA;)L^8zNyu7F2$D3j@c49d
z4Kaw@Ob0%aE-ac61*O#1Bq%9*U3Rl@`4w}C^>l-fGNs*`=<uUkbzO)u^-Oj-uBr1B
zUm@Is^mNx4+6F;CBfGP*AJy2r?Me8G^x?u&9q#)RPG*U`U7FkUy~ge<RY%p^7c+hJ
zUeDC5o6)Ai`nIS8l7)X^b#MKBOupG?UO-GHYqs5()KAV@Swd?f5ed-{G=*-lFlGC6
zjjL@p%!11l^aYkY|6>J{@8amu$f{GlhQzqg*gZy6h>nHXltSwC*foqx_ie*DdzLH(
zt6812H;&w~k-gYLGwGG?tn_#3?30OZq2hOoz0u#Wwz#&SAHRD?>}bFFYsEK>ktW*K
z{;>?UGjiHF9`5Xh?c({O0)+GVPPN{a_UYEggLPl`B6H2X$>KtSbXZL5;^ga!CgR@^
z2-W0}8gO*<jl&zvD3n(C<!m-`I86KyDVi%8xHgCDx;D^yUtW(qPu8`RFRu|@R6m*!
z<H3)+@o!)V8?)a}hA7d0C)=HhEy#M*<TeV8IlX8hK$r+v;c3#;-W%sbHa?GrpEmFj
z#M{k&dZCUYN;oiAg8Gn&9+LUK!-T%<c+7`T$>+M-^@87DnQ&wy-niY#W3>hu&+m0O
zaTmR=$8uK{`S4+~!-By6bJ^CW`ard%z)E!OK^Da`l<r4vs<OE)6w(-FOsIMRdMOP`
zATsplSb56(>-pJ!ldF0?#s$_C_At3NiOuNO1b9A*S!~LeCtvo8#q~;R^#M^H;?D+2
zb-UOmWvHdYGW~75+r>1Is(+nwytV|WoQQGYi-nldp_;!b5+Y!D4iKWZ@l0=?&oG^{
zl3_|qyuX`!Zo^F=6_eSv^1K6bx`*?YxejNX-;&K>M1#=SI7<PIfcw0$2p3Sdl#^%P
ztamOv;!U@V49+#{w7e#7Xk4Xl{d}_=4#Ik`<rrp(d5Eb9NXPh&v;Q(pERw|Ij@2Ux
zIleKsq08A~J6(SgNMP24<et>IO5Ne7SXRA()kzLL9Vl#_!uAl4Q_mNa{=PdjW9IXE
zI37*tzMUVO{b)W|fw~Ydh9U9(Xc|U+bRB6T_elmb47*Sjhk<3{{iwD_0MwY7!}xWo
z<?P#W*$IcQ_LmJ^t0kn|gkY{#@j}i^KVT|To*E}AB9u^%z%Zk9>e}&qY&Z`LTnuEq
z9fNgPo?nfS0*7Lgp8Hj)%KTq%qk1{GhcJyIT670y>uArSqqK-Q?nok$#lp#&fozSS
zHCV`HBL{t<w?oVa?03?G8PWoW(pJ*O;0mifjzeO8D)oUk3|Q<b(y#OSpA=)&Yux7Y
zrTdrc)#jbg<6+ZWBJfNiFzgxNzqwkoM9mZL*f+epfoe0vRC`Geko0o}HuoNcdQuED
z>91)Lck6yF@F)SDtw-ngarVVN+{aa&B3Zwx)N9SJ_M5byPpCyOg;i?%MtaUzywm>)
zGm!9SZAj9?OS7%9yF7*HZ8347Rup*ZS!x>~#Y7gu>MC7boqlxE(MZESN`)%*r^Fp~
zq+H!Ng=>ZY7sa`!9`mT}UaejPbsl{7v2o`72;bQj+_;m%RX@hQ*p{7d(xw9ubv2BT
zvO7I5c)~D=Sxj|?pweH1LBPJVCkI0nK9V-BumtQ_tpM_eF%Bt2U{k+I@Rj>PP4NV?
zSyV*i@g5oENP>h=?$jTt)?qR1Nm*}y-a2}ZBjFRwpC-@=YwM%Apt?<B{(|`9qUd)h
zoP-s_`Rh}kkXK0Wq@C1l)yozPMnh54iYdh9DRq#SCzqq;qrF;MryMNND$8o4f3kxr
zV&J~*u*<mEq`7fLY$`Cq;fIIwvE81)j(9QK{457gBN=uCt|{1^Eomy_E~RVW6wC~K
z`;)ZCMXVVyl<L*)>30@FUxy$Mm6uSBdWB4$_uW%*Q=a!rr<Ng89wsRj1`8HVRgNFI
zb7-$d81Px?sJ6YkRJH}P$;ecM1a+G0J}n=d7do}iPwmjp_KrOZ*-R^VPRLd1XYR))
zoP|}_q^8EIz;-QBF$J=2w4WR!qj62|&fDRtJ(4KFuD;&D$9L_8S@Q+Dv`?{6+ycT&
z6E6WS(h{|5dF`AJOY@=nS>(^sPie_wBg4qj!DgQ`>(wSUMQw-Ml)Ahy#<V-T+!Bm1
z_3@h2qd&~(<kXf36Px}<D&EUMJJ0M%d^YP2hw(m|8OozgN-ru2ryC^fdFd>9T6LVL
zNSa($dlVY<MnA3X*B3V{G$>4cm38psoDUmNZayPEV2cwz^<kDph({W>kJBTgce=C@
zpn^+%;_b6<eMMBhFD|Z*CLLQTD%qHNJw9rJN=8DSMeW_{Ws698yb$(!BKj+@L7c(d
zH?mi2^peRY>2d%grD2IzzCj(mQ)<y`%|NAZSg+5Bi8w%8K1&}8jekFZ!J&n~5fs+G
z>|cnDqU$8G7cFZbB&%L9kzSo}%lr4CQLNyk2iT!5&mp|s6`e-$EL6D-KJ4*#x1QOe
zb827IPhzLKvms*M>;QFTNB!hDa_akI{7g~~*{G%V9hk?#!@^|l;)Sn$K-9g=<=x%k
zn8S7{R!5^{<!RxKbroOK(v<mJS;E7gwyRy`deqI&eY8w}6<N-D;((bUCPlkAaIz1{
zhqqErFVgOUU3&<h20t1pr@8{J;v37}OLT2XAm9i~*y8f$>()}HdeCJ-j=jB9=c>5W
zO!)+ndGtKW^bsLL!sN-Aj`GOek%;z6Stp!L$B8k`QR5Wumpm|$9Le@tc7$O;Ke()|
zCFndZ>h(G_efxKM1aCekcPT$~CU057@TzPaY(0LvIa^5zGh=Tb7^sy^#4yJk#mXM9
zG5f^BsyqEe7kqrr;NOcP8-JGEP~A&D7XN%#2geXATm~gIwrb8JkBKow-!%7fdHHhM
zdUe{_s(Uvyj#Pi$r#@g%(U+T77Cn<MXTH%lc7KL-Hr-c7X}ZE*=gZS%d8?Ai|H7k+
z<DxU%9KIjX>T5>dEk)x8Z?1OQ8@FCwVJ1@)XY;?M>d3X#<fDm#fM+x)iMzQu-9!%T
z&A~u&?A_*TV0tyEEpZm(0W=}hEB$?`$jKr)gJW4QQNh0O+mXX|d1Kq_a{ip=yZE=f
z=#BF!at&Oapcz?mIA5h+8&q(X5ZtN#kpcxGX%T&bzR!cEyV78DOs6C%{`4$J^qEv<
zB0H;z*9<7RWycZ6#3Hfp=^Mkpw@|9Mmx&|3aoVC!Zk3|oMqqIaWUZm5e`rh{AM3B8
z)x`(FEf`6P`?Qy6K1`1w+ZImZHiCc1e7MBRq*lZVr_V5xxo$QOhlh!{k2@F2oDL_n
z=pZAVdPd<O0f_)z(^_+?@Rs`~Gd#8T4*L<5ooZcl-z)z|go7LR{L0jWdKmGRW|WF_
zPPdu6ug5=$lpeNqYSUb$ZMk(jdaBBonwS<V8-{9r-sF5^p`V1)<Sr;w(Zo1fOE_TQ
zaq}Ue(Qt2P?LMpwDrs&hjNjn)IPTH3dfDf#TaLZ3D^Fr-M!4vSzWS)@GZALqo9nx~
znPboI(ja&6h?nSQOUg|(h}_c{ATUTK@?9bOU_Ha_&gw&X5QN|D)w@#cEyoi48se~d
zX*_BUOP*I110N}&m>U~O|3$J8RP-7G4{sxsyT?6ttp1sfOwnjLzQD^y`B+)_(?nw~
zD5w-;*)UQxkKB4ebA*c{@wX87FmqJ8WP$cpn*)}+){(RV%r%ji6e78&OU-XR&E;e1
zqn0BHjV%1B*VnR2@EFA<8U~8LVz{eSodGYIV}>O8WW!^PLY~0S+<b^{Yn$GH2A#bZ
z4b34kh5&Y{$B;ppkTx_?IZZ4DCj19AcaK>+KzdnN(jnFP$$2yLEW<NqJ*xM7yS(vm
zmSIZT`7(cVj?WV<u~74F8I&Y=T%^F>fXmBqBE!_#=_e4T{{;v0-Q(Jn)s-iBQ1c>;
zjbSx&V=_0CmGZT$?JxSa)83c?^pbS{X^`s|D{?Qx1@iXnrN+ly2}7mLe4NI+M(1zh
zP|+>BId)90NDD057F5D^#_`ZHIPPFeZAvgnvVj6&uj+rxA9;2_sTw#?cPc-z9Qyts
zeP+bY*dawNO<WF#4PvI^oh4}F7yL-pQbrz8X}z7*{q_rFWyY!=0mF&QKdiCpMBSIr
zaKULm5wpPjauKEXd%8e)?{!;n1~$xX)o~p`nE_6jVNU^hXgq}R>#8Ip#R$msSL~_B
zwbGziI$J>mUE^R9m#3!%ye)#9%^sVnMI<ougJE!%aJ`V^aL_tAKQaDA`caeT@v)=!
z%g1*0X`IAD0I3R0Z~W@DWFJMj(`HqxQE$sdHpi;oh_BCGaJOY3p|fm!@kBJ=`!3W$
zW+t5E(tY0yQFi03;IBB>FjVk9ye0mM@LeKb=XhYT1>Ji%O}kFKZIneTFcIfEkgf_q
zQ8{hpooHA<jrdMiTk?m5!A0IHMoIW^x(JKPNM?SiuHSJ1)j_IKqAndAPZN4`dwh%9
z+0H(lS03uEBs0MlkCl3gOHnjaakLVp#txhhRkl#Vp(uxPPA(BClVP6YI-@o+&e!!Y
zM#q6HxY6DZJ;2UF2w=HfKDxui0{^buyvO{uo$8B>^ZlXWnZ?+d1P`r*lM{tY><^R8
z{&Mf$KBlb=9NYXSJS(T(H^e%ntjst9gtGLYZ`S*qz4qH|>=_2hDK3&F54pLz-t%gg
z@WCUY`hi%tMC%7kRVSHmec7Fl&*|^aSw@?+;ymt?7t-~19=sH<@3Jb(vz0p^Gghf4
z|6fgK84%U;aA8FxL`p(Be}Hs%ha!!XgrvlRba$6Z3rNEPBGS^`-QC^Yo$oCEUq7zP
zy>sWz&YU?jbDnWwoN*3CggLIG-<LP2L!gq5|7_G<;mVt^Q1+_7Q7T6dN7Z25!5N#A
zd!en^Ns**urn1+8`pKf@$b6=RKX3PPU7J36FFiQMQfjnHKjX&fTTVd)B_`Ko!BTt{
zjqY4OUu>RljD*zCuqd61l%3~9L6o=&1*(Q=q^XLK|5BmmWukZg(|F9BW^c*diUt+J
zv8WauM`s2iO=mSCIl`%E{jA0q#rSOd>bt@2@FTBZwy`GgpIY>f+bn~*UcZatrPc2-
zq>p(wD}wRBK(1m^zw2l{MxT^IE~}CKa%MF+obQbiVQ~wWfe2KekX%7!e2pD7^yqKH
zeNRZ$!_mYAd`4ihZAW2yTe=xZmDtkHh6ZsQFUH#Aa3+^}3~miBlnAfW1!1{cuj2!5
zaZBuLuhivnq@RxH9ef%~VFHc`rO>lyrb?T>VmSK90y*;|M$<*IVSK|sm<<xSg0vpC
zH+&q(x!bEr%XLd%&%7!qo2%SwZ4n?a9xC;OoU|8;e8B8coQqQZep{$XrMO9~@hg%b
zH^~Z%o`$_eq4qz1zWZG9H!6b78jYAN@syF9^c(+W)-jUm(eo<XI7(RQW~=B!WxTIr
zF7vZG$TK0fl?YLK?E7(+81j~CHbsixa;fpBSdqT=vVFwmn_+{amWJYUF!q#Tr4UPU
zxyZ(4(Y{#gi^Dm{OTI{*5V~{6$}<z*?C~p?y<kcXL=`wc)F~FOZFIJ4+ooCX4DWE?
zlXE*IC0=J9ThDq}Ek_w35n2qcxBY1qSU!<~rNHZSl_S^mUNx`OL}N|V_ciy2%@(?G
z0m&EI?>p1?GNj8S1XW_}{OPeIJ+~?Jo*>U)lYb9b?YTcrMCe#SV<6!y{hH&<&Y6GO
zjpI<6hlP#i8Tv#eJ@V6^EVgH3d;)xT_3vfme)flFI4Ll%!MW@=32>-<tZ@HDI7O%H
z-lTtvRr=YU?~wbB{%8Wj^LK@NK!{7AiOtx=G7Wy>f3|OplY2=Ym<?x6KB>a%%l25p
zhu2uMQ9d876<Ljc^U^kL@ENn_JydJR=3)7mL_l%>TU^s><$FlO_E5lGP2?L4MeeNR
z915!J7lN-Jmi&|!uf;hBMNpvqWiG=pbKy+i0;u2uZ;`kdMKrRvvETkul=&`QD&~So
zal(*nc{Zs|MI28<I(SVum=`&f(1kBN5rY-z{p)K()-2M8DD+Qfe-n)@Zdw#Xufwmq
zY!gt-qc{<#UAOC$pNV~^Mogk33=U$0rzw$aS3Vf2nuOSLs0|v52CP)iiW>6beZ#hh
zGBL2CQ7qRr4POyYMw5BY&+R%?nKUCkZw4<4qL^1-u@5%|+heL#9lqoga2T1QLG~p>
z^6f<S(fh!Hw_eQLAAQ1H4HCqQGhqKg@za_qh{u75hP?}GY7lmXNVioj!Z2%P49J^O
zqJt>x1n}2nw&5M4B7q`kNQNi_)B)7sli=AE-muRz(kaA@!<mC_oPLPtDd4zfgV-)t
zv=w|M$X|<P(%vrIHFZ7PUb}e_d4ql5ZFv}K>~PcMU``WrN;F|dY$VQKFNQL;lHZQY
zgk;T&_!19r;`a&<IA1%zUIe7d!m6b}Li_a)Lhb_H22Z}`eHNQ#iQpd%!@dqX<7<B`
zq2`wwKM<a`FN_n!ySIb^#!wVm@4~9d;MHQ`F2Yn7v$<xShhr+-8^Ri7TLhN?O*s4j
z=}Vce!;cwh$G9(cU6m45Ussev$1qR=It#t-zAQ+-0SBZnIlqj<PM7}r^^4CAEZO=H
zN?F~BSs(Nz^H*3c)br;?b6d_{_OjdJHPo&E27_4t6T=~JCU-HO&FEW0J}28%x%pHv
zEJ77=-Rii34HU##b6%)sU|yMPuv8la7=v)_;99Y$AXLJ2tIPH`nYC+7d4{)60UO=;
zNB$3Gs!weJCu4kcwA5S+I-B+q>iU)*-PI3+<8<(a9~dfGG4vS>a4?H-BAqNgti3ie
zG6MNQ66=krTbkb2&1@plPuWm&`F=*+hLA9Ss>JBF-~RJkKABH7=t=9)dfV;Q2{=k>
z&^knZzh3)1-kUA$4$!^|nCRZn9JXYfpmx>D`TPfx;9B~k!hbOd;Qx@ZYF7GL;fOYT
zxgq?ZK`4GmmZ|ZlQ@)-n%fXPr=I555A=^{QMkP?Nt{_=>B8`n#ViBLO6_I*p{g5VV
zHez>Y5Mh~8QyTCQ*}eJx6#f$Ab_p@4(FL+PTQ|95{PMqvH<uBu-$aWLGyWi-WVLIQ
z<ywcom0ukI(S5%y=c@H_JoijpVoF5ExAHr=^O`g0sk|@o8?vULjx<(2^WTj48_qJh
zYQheQvXXY!0`EShQJ1Pr0f<h+6jc>CHeFb?PB2OaS-V?fwx#}<-48N3mt4Ss{lB9z
zDBm<2Jnt~{*L&lUnwXFnUMlA4Q=e~*bm)GZ1;@_o+%Dcp>r*tUiF`d6%0N_$yiE~w
z+vWiwuTQqA4JSZwV6k0UeLV^5kb1j*S+dW1WCNp>sF;q&nW}Td@bvUF>@>5dVGlA*
zQd+r8gzPGzNECDRX8P`GhM6~&PnMusjnlzB2pHVaw%6G*%e^bHUF+@uQAjX~+-juc
zVM$`lx7}6PVOJzk!^@6PLT;C1!`-lHJAiY!Mx&#n8}1l2JYH(WQutH~!Mx>RbDYrn
z&}i+pT$}2Cj4VxDY%`vx0eMjxv|To}cLI*B8k%5=wTBTWR>hF5PJZh(RpU}*Hl?>4
z&XnSwv&RaX+9s~>ymK`~V^ikFjl2b?^>0B=`ovH~1^$^YDNQrJO#}!j(nc&71ZSjq
z&nG|M#V}~rbrT?M{7&`EIf%|JsP0Ce<LyH$<9Eq*>iw=2&K{1!$?6+{z=0)C9)A7x
z`;i~%tzNS~@_jYka;{pwSRzX3A5lL9s9{<#IuVcJM1xh`8Sb)pz76>Y%#5cz?w8iH
zR*-0;{rK8<6&wnH%Qrkc46?U+(N(8><=!kD?ie#`(hSm!q7ZUhjv5iTz(Jeuo;-l#
z-*Fy^Mx;4<A~^ue7-6>h@;}4`9}$&~nyD{A<MSW{UQvs@1%#Q+%QAoRT*D#Asunoi
zo2h_8p+<io2&GSBQ8}~<`{UV7PB(}6vY52-*{-}>nr(fxkpf1@MGl@TqUZtu;U#M4
zyU}KzLQ=}trLH$=Y+d~n+AW5bROSI@+j01cTx?UmgfI9Dv}?-8YR5WwLH@eUPLp2_
za^#s{Fb_{B$el10XeXQDAr>Jd=p!JWJU6VyO&Ho%9Z$1>o?v(y7NX5Qui?Rla9W*Z
z-BzB#mri|PZ)xhH)j_${-UrMzQknO8I%8?mecrjjgikIIZWWD2;j(3IXp%tmRIm#O
z8Cw7`7?7^z^4`+6<JWV;5-8aDxE?Z)!Rk{FQ^i(j)7{O*1IT_z+~ODWL#V*;UNu}G
znF^x&FA$CRThtTPclA*7G}a4PWU)L|`cV5X>Jt_I!jl}MKb;7iWNe6PDCPvjQQErP
zH6Hdtkc`7#_5uG=6Z<-RkV{$5Jh8ibK1I39XLS+)a^JFyz8g+_tooJhbTB`6QTB$b
zMp@7CozASQt$`-5YISMK^Q4N`A=iIysvT-xRXk;CsDEk={6~pwFB*jucYq%thcgh%
zJWH&uB>%7_^84?{EJihFve0<*Cc!5Wyb*gKyZsZ$s;FEm;&a-c1-~Hqu26VmiS;RU
zE?)D70~>jPBZ+AEQL@U44-WGn?>mUpv$BB^g=5iOSM3;+wEd~=D^KhaV;s4Z;XIYi
zM%m-Y50zgOWA*rUFgU<=3-vU1=vcu=BGl)|Za6qN<XNN%101>fgX&$U*ZX<qdFp@D
zO$Ji(*Dcs1J`}Au<Oj^zM1cG=C9CGI*8avO=58P+*mpIpd+blkD~Gm%Lbj-+tE1qM
z2ogcp&3YdY=xREaqe>S$(2rKOQ#+P;45vPLoI$71RT8yL%w_ME`urf**KHk9`10wl
zaGfhSo4<@8A_!N)Ga~7q13#hUM2bo(L}c{btqHvallAF;pR5>F*rsejsBju1T&a|O
z4`W3momkyqg_UkHO@hrzdtVaoh^~|$L-Slf9UC)bmGeE)zI!y*rM@sZ76O{NklQtg
zHiC6!trGEF@<Q9mAnuxy{qGCYg(7{w263U0JQcG4_^*l>z`#5F^clit=aYDELKBca
zh9ohz6=du~Y*Qop0gx!m0HyO9>LTxm`mAhRaEzaxuqX};NZ+XSdTK3@EgM1Xfz$2f
zQE*^qB_eywD|?jR;_}UYy`w%B=&#aqpC|J%=(?=oI6K<Jbc7LqUkJ&65{c=%DsJ?5
z0z_p5-^fdjl)7d!_i7O{3VWmOO{Ek;2d6{Uhnncu3=72i17~Vh_y-m!-JI;+&J4uK
zVMq`@DM2_}2Yj?!2ZI5?I{f&_u8$MHjQSkgqEK>ycV#?=w9!6LQ5<R%?nLf|4*mkI
z>r|_m9q_Ftx%raFf|Ju0u<ha!xSvrZyZlU4NgxXrlmeN}fP6R$AXlHqehmHn+_7!#
zOQ!j@jy5au_+>|ipBhVlRZ{$LnvNw*k39i*`ki#2i*xY17^k|ip_~GyscxU-?DEc%
z7W|hn7{I2F@Tli#bAHa8t*TQgWsW5pWcEKwG`r#C8SCPV#Hx4aiL*(g|0EjRPcDwn
zW`B|*@v|k6u6MtYAuad(E!|pOcI{>My`)2GT0{IOof5AE@p=X>e54xrd5I3Pin08K
z%&okPt0e?C1g7;2!r4I368&h%F+h{}jhRoe<YA`Mbdf}GF0iW|$P8$OK!TqMI}TxD
zM8$98VOnz#Kb3qF;^Xku*m`oXIlzxA7b^1}3Z!K{7lu6Qt*f+P@Foa;;Bq~M5La3+
zHNzOO>24qy(qujM$=R06cP)8s^k1ahmPBIIatZ!OJYwOvcJHwQz)s4vF>weY1!}k&
z#Pwbllz7a?+U%5$<1&nYU%g0A)YxDb@cVSa-CUy+DtOo@&Wz0F4Uimjl_$h=^j$y)
zfNyi{F?2gCQBN5}*JW>$8_%9Lc<PHMiqT4vRbKAsM6K2xw(`9e4v?t2Xj)SCr^|MD
zH<F$;1=784BpPmI@<Givoc1D<`}_?PUUb)#S~iXaFj~N`)i9HTy^KAUaf31Nx;&|x
zB+%i*hoLJl)B`deh_!pUq{|b;5xF3e`0HKn&$j6I^Z`txe_(Yo4S)7h6V3+Ynz)*p
z(uOR8Rw8Dvk3re2A4Kd3_>JVvAgT!Tb+f~@mb?yv62zYVd7r9mN3%cFu!AdZym46<
z^R%FHm|huD{>jd1gTO^HepI*dAoO0c7n#EjG?)NHL&9SL&``aSI}xXK!sSVBGb+Z-
zBM*XYUXOFY&qNHQZSitEHZ0uzF7CFpK9Y@LR$eCV`#+K+|0WO!Z%Pm~i~~oF!wHq3
zBe)!2!Pi^4n?6Vqztx^?eNCAvLhq+xy>CWHkogOMnI5MHeo=Zztfd;~wl%)>|C;hF
z<?o-T0{x#xqzTk!SERf=A=mSuNrI`wSB$_z*(E%+D8yyB7kh+bqYZLk-hxr($4)yS
zoB3(NjtJtQa&CLG%<wkB{@>-jo6PsyQ2ksAyv5il4L1M3q!<%rRa64)+BDs>$0AY+
zek7t;;6f7ptbS_UCrQ!z*bbp*JjKNwkpcqN_$wlgPNZsA^C%a|SsCl_g53nLS|~-F
zwjCY7LiDn_(jru^lmU6_KOOkqs~aiBt!2-Sjy)EQw-u%MI3*d4NO9`UdM2k>Bfv_W
zuopw%g6pv+cavWVTzpKWc2$eMK=SY2AwV5KX$cJE`0@PTgJsqpd#8s5O&PzHOLFVA
z6+F9)hgC%IY;*o_rB<|cGwpzMHN)C;pl6I0+Or(v43#gBZ=#eo1#?YcwK8_kEWi=s
z33;5y35I>iB+{=b*qO8@F^71ez#amls>MdR02MLRQJ|wqiH<`SLhv*3v96K+oBI2M
z3%fcVHGd;?+!J;MvS~c>j+OEN6qmrK7A+x`d`#S?{~83Gf^$(~z)ypeK0!noBXN5D
zEd4g{eIyDKXR(AKr4)~eQ#saGrjNxy7Q<6C8Zb_IMpzvn2CH@WNGt)#N~xu+N_tdC
zo>>6(%;Q7aesw=*P*O^KD=io*pTpe-zj8{!{n-4_n9RxLOn5r&z9A<DDQJdR`}ODx
z-`HO-2GEM%R$3s*p}=ad)MQ#OeN&ma)@qH0D#bc(qX`+BBEAEya;p9JZX{-!19D$N
zOvO>i`yeDjHkd!DOQW}1`0_nGyA_Gc7>Bs*2}>1WkFhK>Wc=bR`Q$+JN=l+K<&fxU
z8E#m@jP!f^m;dU8<WK9MG3|iaAJBv?9_P59C<T_fp{=Fwdsy4_-q*~YRBo_M{7{y7
zeBhyR>jBox5>#fRN~wLSI~~iqf3G#EQU5<TT5=1BRwr}eYA_WXg+;`>$A-CoI9g(&
z(D}Nm?EMbwW7Yb0(jIf}M}zSDK(XKXCUHa0S?Xf$%|l@C=@_Mnh<Y(vjQ+O;WP9bY
zJV_Li3{u%gLO*(C*do~~UD3271|{cVZN5IO!3URu_IIBmg?7<r4>OloQtuz~u)Df=
z|0qvcd!@A3KuhgU-+?!CQw?weoZuY{F<FEB6x#e@isUF=EhA*RdHPb*1a-c!XCwIA
zUo_O-V2dsGGi+)5n;iPpvraE!!){d5@naxmEeRj(WVCWtGg|*WZXly69s;}qJ;$x$
zrXEYSk=8d0WyVo*kwW9$E!kjdH_n-LOWZvf(Q<y+J>i$E@dlgMk3%gl$AYQ4agYjj
z%tm-A$GQxaP|CvwdrK1OX4s~GP74y=3NQ}1#>@3!fVX2{CF<N<B4{K?AL)3<-B#~A
zT&j>ZsBRVzh&Y|}{=XuBVgAs*)3Y6#hn{crUs++zF;ox3_+#IzeBls)z<aTPMK?xr
zIe$^_v<VG5KUioeF1GEAAO|R}3X7V|ObL|ojVoopxGZFx4z`Tw_d?|cszH?Sp1Z#&
zH__}ahv2-0F_84WUOpk8e4Xfhu7@SS!yJ3~*-2s~v1qjKIWeNA`LL%4k@>Y4usa-p
zqPV2jZ3Venm=E<g`zI5i>kmHv8jUR}Z$<T%Ahs0oZZIb;GZ%v+;cS2I1~?BpU_O#2
zD||Br(nHUuEN03%m8J8<jLKd;gYQoIVDM+pikOCSX&N1UnM{JdbY4blPkpST=@sje
zkJ!#L3W<)P7x^*j2L&|?XS5jjp3b241lPS%Fe|w(eQ})bT7@Emo#wu_wsv=Y28%I+
z0iDzt5CZ0_9q3QdhY3U95fTt!FuwXKLW}8ZL>KcSKn$Y?OtZjrNSyjd*MBOwtXN;+
zDIjG902{@l=GR2FycoyB(;wi$Z8aYfk)BSm`@BI-7jGYAw(&f_<zaRVLi`OtRDO*s
zos-|J=Uf}17)bVXkEKFm?EUnu)OI*9w#iHbNo0>K8`u|$LcvU%(`8>OEa%b&S@Hlb
zc@SXcuWtZoCAYBto7~`H*_VlXFcA$Z^8lg3$qwThii)kZFoh48G(dW~gBYuN;4#=t
zf;o2#{YQ#vX3wMVK(8JE1oh8Pwq46@-)ZENoB_l*goyW;^x;zS^JhwI0!jWw?`K8R
zz}8U)glhnUy#qOHfq-=i8B9CyIB)|=Odu*xr1v=r?k7M(y%Yp0eXEDLq1LDexAR04
zk=Pz2DJ{qGVD<}v2)yKMK)fMFf)#W}1a<i(AjB@I*Pjl{@L2=I(#KCW&*5w$09j~L
z1T^V%K}tCjW~!vjV(72;xjOrBY#HPOMfOmao>)dgcH@_;hag=l@DEJqi_O4-w-$h-
z6d~@sd~^v4$OPc+;llTLxd6lB)z5z*u*<LC><=b1c<GNh<{+-hfBYWsW+zBhKdPyT
zVHVb3Zv$%W=R(rEP06A-@}&+UyIw$pPn^(kLtU@jZ`CO?8v}YO>{2;Pw(9n{2bQ%Z
zHZ;WG3~~VVRK=x%_uvGkVEQ|-%sM0p{o*KuNKcZ3HcKvX9M~j;R<$;B)ei4R_bL|d
z0c%SSXDQY5`j0$qqYVaZ67QcOYCR&yy>$uh$Cv;IIC3+qT|dC&l#v+LZ9*1ALM+-<
zb-7RU6u<_l0rWi_Z&uU*9bjs3pqFofn}A^5IuNToIx*4W4NIui>mdPr5aIiyaF7p(
zidPKwfCe#%J&@V5e3uL*c+Ti`*n|k|0*+SR<zUK!>g^m5C5WD0fJ4yXGv3SsBi8D@
z=`i>Uy8wvvULJ&sLu-Pc1q7O+1=Q~p)BqOyvu6b9ZXgg(?{)UN4<gAW;Bc()DF2q<
zn<ymp8~~Qi6F(Bi2d{@4-QDk<faxoc@LZDE0Xxcj)qJ)RQ>K$$^A+E%g4gvA>1_B8
zpDiyi8K)#N@qsqDUmb(UJ+Zc-emqtK_*GJ_I#Sqh4e7AvZ21pcLZe@C)t<TH1s!~8
zXVa^?l`#Hti<xtP2N!*aWzc}rhEb&*K}!}H21X7c61>pup}2Y-iwpUZtK>{MbaoP+
zUhN{5@)pF7{mIR3p}vzP;CsP}7Suw_XWtm68J?SyQ^bFZ)S<Q;+*vfV)PY&;u#-iq
zy>rO}H;qwbb0p(>zRPR9D6;##9say6Jla%oF>d-<TiYvPsY2rt>m{*F6$j4?0)SH&
z8!yytFrQ*`W~+G|YMzD|UlD0`my|-+>^4KV><UFBG@qfoa@+tmOAUbUA(4v})L)xj
zvN!Jg$A7n;W6v96h1$8|FsK)$WoEYOPKk>o`aJMs7lq$hFb)bMuh;107Zi+>3~t+?
z30>-$cef5a_HE~(9b~Oa-^)-LqfwJ1*PE}WCA~NVT#i?Zi`nqTVM&O9NueJlpDN@5
zs6~?;=94T8`brI%jcTp_1(fR`);}mtz4`rIfV(Fr%;#v?R$k2Hp0yS)-{%s4aOU7V
zEWs4Mk=axWA1Txo=AeZ|cP77azMXs=0TEuk+|j6S+nX8O8idQ#s<7mqcU}Rg7IGEP
zstNPVkWSiO>$*SOUF^uO=+wE&C32yX#7*dRMNu7!7cB+tlCOi{IctBxf<YcKwC{c^
z*q2hkYQ7Il_9jJ-OkvS)j${3NdSWV<+u@TAW08AiE(2zRDEz-4%78UFPwCW2P37NJ
zs8vJf+KsAG4tnnOWq?-_G^3oVP1{XRqv9T`P8uc*_x!n(vwz6*9(d6UM+i-&qDGF_
z&3eDi!hckzE^y|Mrq#_+rIf$XVAYTGQP)W5P^@+g&i<I2Q_7EDY9L<kIur9Cd;I<$
z3Em*n>y+rvw0-e9md?K*k2)w4rL-weU^vjY2wEb$(W~}POyT17ktBgIeg1iDN|^eh
zaN4vq7d*=(sQgcm$*C#iS_)RatFJ@{%3Gz^B$@*jZx3uARgz_7R>}3T2H~Iv7l%rs
z&f}j4e<CLp{Sv9B4C(wJ{0mv`pYUFNHJ6HN)2`H)|7KzB94a{kt_UB=U#x=nqVFu2
zN-0qgUxMJD2KO<kE{#EEr0H$sqh$x*5?#e+Y}3pvLrq4D)Rm-XhJA!#5$4V>i_H3;
zhEO!uOU6+?iF@+LqSIs#r2P_*5mg%zGl|w{c>fOeWeLKTcou>DmTfzTk+_|yc&<WG
zcIrRX4fh{jl(|^+9g{`N`*3}+$8R$&dB^vLu&{UgwFP>TJQhj<?a1F+u;nu~ck}Ew
ze6_#Z>sd!aKq??nbXbQcreH1``)hr826hpYwl2JXyoe<WgYjFJwBUGsN(|0?inB7D
zMKf7e!D29{g%$s0kXTS0&N`F=myYxES`pME6s8)1es2s!lL%D|3Haum-5MNC=t_V}
z_EPeaG6c+Pfh5bq^9jb!DQaGWrpreT%MTUz2Ob&@lsEaW{DMFG_fF)Cq(iJ}D5rT<
zRFDJ0-Up~r#=Nlzq$K>`^sJ-VxKi21rD7TF=BFA79^+2IMtPK<Eum{O<X>wbq9^(u
zd!RgR`mh|PxapVvYc2*ge|;!|GCng^>ai6K#bU=e6l@lINp+Akr87|s4wZBRO}&qN
zHHU+${aA-pX_ev|%Q+-!A2vi}=}KAFCe&u_o|neEB_VA7lgE02J?fbpM%cV+gXPY{
z5m=@yOD@Gf3Cl}KLt%<Kn5)f)i||)Djvbun%qs00j@BvV7Z%wrg}1?O^z=f75Bv0G
z9Rr2DrlNPGxD%I9SnV94t{fqu*e^y#y;B(F?Q-R(-6(&R!a{|cIUQd45zd7~Xk~87
zs<y^>kLC!{_4(-deqc&i>pdUr4ZE)(Q7*Ew>zBN1+D^hwY7$7)3heQ>m<iOs#Jmt%
zFPP_ZzvkzpUG*<oLFT3Tt;c}jI!=4=kSCb(IPblr{wp{hVR&X!2o>dVjIPrEGZ<*(
zESpIbZZ{HM`Sa*7k&wxK+b;pTSk!}*X(6uX5*`I1)vi0twOyxH2)Y8R*VdG`*0|v_
zsApY)2<tqUOa7sHsx&iFth|1KA!)I0uhAQ-j)Df<Ddg6vErUe9boezrXq}W@<52^#
z1cp8!W50qf?5bW6re+H(mtQ!q_b2n~H9jG}MD@X1vcG=;YeCV`$wkTVPIX|<88Y+e
zq@Mk*Qdd&+;%rfG-68L3oL9q5%Wq*b@&W5U90E&v^sAb^S8t90QR5D$ZL!I3B2R<e
zcD0jzKwt!YT70nx$U3HI!o^x7jS5Tcl9B^7AX{rdqVin~Go0A>tUw{!{xJ4yLf8u}
zl%|Nm=tZ-}#Z`pRj1EGg9p9ih<ayilRnex&x?x3ZnC4d8(94-pjB8jr;qh26f}Zyl
z=a-4PSZ^5Lb~XrH)<E2+EdUTBFyy20-Cge#rh469Ax%}<tbp=lRO|z)iNi>Z7dg!1
z1pPA5n<`1zv%piIoLGSM1MWrwJ#wtfV~{DrmieHj(HX_f<KpfY>(wl27b)CrX3PC=
zM?NaJxoO!wpI=H)AK;(0e1cz)pC915H3p>M?INPE_lD4Ofod82gnYL+%xpojk-d<)
zB~hYQ3HQ1(Dj=zo`JDoP=jFYO{CfiimRc|XU!HAgl2lb!6O5M&v3Y8h<WCpw*-A8G
z+Uo_v@FE}-n1t29U*|2yo~Z+K=M|`9%wWHjT0WK^9Olz+he6Gq)4jxW*z-2wPB_mh
zx&STpOCU}$pPGX~^WT8J7h=$khU)y)CI{=5)M@n}=D!w5js<R^F?Qo>6^d&N7iV}v
z?w4R4amj~4)E~Io=`EaIS3SDM{Yl8sYLF{^n}(~RswygpiOA|S^dJC~DZsE{vyw-s
z2gC~j)DX~_B>aG47Q-jcPU3zjy2)p588>}+2{j$h*Fwa)0_%)bLTBJzokns_f>`0y
zWrlm#1hosXMS$$$FdhCcc~~`9ZL5=e!JS<VGg#L*Z_o!cb~j#QI-OOO*Wde$Z!-oa
z>Wf_VP~NfV*>9@h?+p8Vjb=Q)=RF<JnRA?|LDe+UolD{~zrOxB!Rhi;tNUaWhn}k=
zk+8$`qrs6|An723b<m6;Ft5*mm~DJ!hr3Sw@)L1^k0*?Q1H_@A+xe-V<}(6xt&=3X
z{-X)4XNW<AU}EV7jO=UP)7NZP^8%Aomr_qiggN@ag5%BkUM^=P5DOWS;X38!@$>N8
zJ3Ah_%9?ZZ{1`H&go{4r;yE@tlY;<D>pO2!@dWmgG^OkMa5#Hv6?F1F+&pjnCS=|G
zn&etu#^I<E$F~JMymKNcao3{LQv71Udb`!v;MQ`Wt9|8icXYx0@pyLBK)$A)xCMo2
z%kBtMm9hNNlG{hx;b8s_#6<gw!W14T8i>gC0s+!sf&IR8MBXoQuI$T4FY#FTd4O*X
zexhYJl>U~_&_o0R9RcE-A;bYM%QHKDjM8MLk6(E<`KbmYE$x(?oQ30|EHiiGLGR!&
z1r3t#B%zdLfkp-7F5zRj)m5XMYK@~`6Qd=3DASF-(cf&00#arxT2#Egx2nMl`Psxm
zUs}GTj-q)$)@a7Q8f&rdFSpRGYfo1w{G@P6!`1SrnE3>j+JN%DTm7M+Sx=0h;X5k&
z8@db-2>CfVVjOrs2U&L0S42R2+b-LoDPw6ZJ2o9_g%-6At#Xx3A9qHafS(!}JirMO
z^RbA71z)|3oecdBfD<4Bk;kq-*1>d%2+X+%NL^LkH0My>oq&~Hdom@cTb0AiTjA_>
z^hvqD;JMy7b6GfB-I?S{w79ODfBs{(&Vkp9?OU?^Z8)l*IBw?>^CZ@-e&nx}DcMZO
z`2JYmAAOYa@#=RcsNFH}p*2CI))!NC(v-1YX@#h#$myKG6!#KD>7*Ndon+mNJgCRw
zet8JiLPH5Sw<kY`kJ-ScEnpd&)Mnn}LYsK_6@<K%B#<XPlvLOgu!xF&+mr$~nhbt=
zYC96FjG#=l)4^%o3%uC`a{GJ664Fm?M_5N@jp3CD_d-y=8U8&##S`a4cJPEg!N|Ol
zj}O=cvVN~XzekDDAW(yn4D(vr^EC!u?P$DdQYU7|>MgoT^Wu|lMyk9WDN7BS_u7sL
zVme(ZC;z83=PPdOsX3*rE*rS>vgf6~WH|DF$ve6GRv#1T)-O<LHDTbD%-Vm2iIO&(
zUzFEHuM2*s5<Vp+IA*VtoVNpdKGxI7nUHX+zdFxos?<l|8O<yH5~E6VM!C-Zi~RG_
zX2EMx42yZud~F+i`aL9^@!Z!JTRaChci_Ba=afXkezeWwC>=_++?%VPm%=Lf2ZP<e
zDU|HwC2q*k@Hgs0q76<b^lfJwg<$(E8vdRDiac?g65k&Pdu|uJ{999&<udIs8Pv+{
zgBlP<sQBNKbk$MXV3N&umrtG$9C}Lw>2<*}Ep>4VJ9>5g7DJq5jm**TsVH;Re#gf<
zqv}1E9Wm6Qdz$}2x(yYH9h(nhIgCauGL4k=0so|R+q8%K@3cjp@fWPGeYPvQ3qtEt
zjQL?^kBY|P>jqx|s-Um*4TaI7a47*rA7g)S?E?wHXlwGyL%H+xacF(jta^u8`Q~W3
z{m6Vi>HTUTPNMRCzv*cKBQZ?%xl@Wn1?VHm)YJY-B6q8JUZVF7u_*T91!K_5#A5Td
zz`zg$nF;lQatjv20Z)`J9D}yl)gl_<)bgAzlzBPFfqxGn_vATl5;B%riMtF?R<56W
zS>j9$`od!yZV!(tVg$H<E@9=s*$w2;MXtnisD4^A`!OH)y8QNVOOD^QR*R^~X)he+
z(3}-|oqepQ8=$+5;i&O4ln^)c3IM|E@*4zyT{`n`x;f-M`fB_}9de)9t8=s^xtdhe
zS*Q6JN#X@Tu7_PF!Ebrg-xAkIJb!y$V(ol1H=AF%!>Oe1^GC)46W`^aeO|D!20%*+
zFX<m!(G#ijOsaghs<k9FDRLsJfh#L<QXSRk{C+A?yM3dD>#4M7r{nd>z9`JozpdV~
z@B^C2UtUi0^=s2yGp){w1IJY0S{wl!K{fDbNSzm-BIS@)2W9{Hqfzf()c|`#tHMh9
zm5Jr4Yr{nrk<u<Cx9VM90V(#^<P$_Qay?tfH?alPTbEdFYL_$Ept;Ux7kKdPp5{AD
zt=!GZFEHE`pYBeTNQRTR7Jmb-RC8vaz93ja0=t*UGoeuZ?r7TS>2WTb9v)cVx_k?&
z?=4yEq|x4V8O$Gn(V!xB3${{kS83w28o`xHLd|z!$cpZfPj;wWTOvfdq_`%%FV~X4
ze$8OisZ~dWOF|+?>IfGl@;CIPLpwGyS%m3cO)`P~M$^AOAx(kjyO}fse+Hi)5)sJq
z-7QWpq`crh$jQ(o4uz)>^ir9Kym{*w*PdTl`X9HQZWNVFtOzH}E=XcG=?A&^C@rq5
zosj_X#ZfMFx#%}&<u98ePz6@=^V^?-h0l6ms$d}A8}-DBp6RENx^6;)xttI6h!K+j
zWD%H-S?3MFSejzjX*KwZCC?+8iZoo1ivO^q`@pvvA&wEuZj5~mmeGQqP)@gg#RBGM
zFe?Qad?Y<R{So1z^21TM*C)WHM#ASZS2uP76N}|98E=EPbS#-kE|kKE+CMWtrMNqc
z*Jk3&l=^vTSv7}X%(UAB)TAXClQBAhp@_tG-lKc}%15yb=D)0x#cCR0LO*weF|KTi
zqvEr{Yhfb#CcNi}-{(sNuFL+|N8JEK-)TURY@Jw20Ip!;<XsEtecBkdNsweJF=CKs
zuDWel9-!<Q=tjhIV<Adh0)667TCUgRyVmn_<@bKYf~TwJ7lxrvgRC$QxG)%F`wRVK
zx2Ac~woP!^2Hj83NEha%6#e9w_a=$`^*y+2<`p-My<=+3t+GLoTyF7P%^47yS?wkQ
zp^WSVJ`HdhLV-0pjjq}lEvfaieINKs%K2G+{UqTXWi+3;{bb2_0JrgO!G1y;W^I*l
zKiysflcPzj&I0o@GR=AdW2C16>tTnpbqdfX!501n56$1y6t#8}U8Q$(j_7gFg}Z&H
zRM%}<yu2bF_PHMQF?KFBHMMQTE+kXVFoACQ$y%3^gB}C0%FmLaPxNJn>lr-GhS=iy
z-i*U{(Nt~W-1e_Jo>xXVkxiF6wa%>e1c2Bhi3p<>@i2J4y1jIn9IbJ(B9eSi>1-(P
zd90O?#a_Q36yU_ICpzl)$QmYW0=m79ncT`s1*tC-bFG<yD+MPtPmiD1FhBRl$hiVP
zfab<JATzVT9)dM6d}(NFhvvhmxcmpTei49nWieR<9plM|%MYlhnC_0Dzax9@kL4P_
zRorh4HdTpbVtRpHQ9R$#TBr2YcNzg=SPC)4^Lk5hIT1KLfbJ@8{LZA4E9@)j*G`zN
z*t<do$k$B(SP&X<wlks33|6pOQ(8Vk=5H#(OkdD%z7-o6I(m!#$t8{yifURi#qHFT
zbg}Kl<Mr9XwKeMQd_mvOb^w2R?CK8rij{K%^k=XsN61Uq3{5wvJdyM|v#Do66Hr=t
zOvT+&?1w|<QEIA2LIkoQ^H(>~@M~$GWAO(AIqZ`4Rllxf_+3#96xJR~hm#1tPXRS}
zjD=L9L$J+TO2coX{Sh1w`XlYe803UDP@|VRg1)ek=D`;m+)8yrwZJEARf;d0z+t-7
z9AJ{-lGPv&>*TQNS-w0Y2qQiH(!mm^Uk!b-qtARb5q^EmIumg|*z;&sFq*dL?305+
zQhGEiuKeh%%3qyO!>}0O{N!}72Ww$u!9<k8f&Fnq$6x5PsMGvA^hm^DW`-}sEv;Kb
z;WO2pE7!X#DUJ|R&eX@94H#A4;?ZRSEx#79Pd<^qoeuw>QF4e1*;<V=uw|2O5>)8i
zf7~uXX6wxb+YZ1RA9GKld0{Jas}37{MN4Ui&D*`|PAwpu*;Ks{1;l@j#`+}!2PA87
z*p=GlpD|D(4!vWtltj8F`sY}{Z6Iu9>8sa^<!%gaZ4BHK!WPlM<plAO0|k06+Sux5
z>t!E(iAeTgaj>xs>Jc!0VEaQF_L+p`;<dIV)j*#)<Vr--;?dqpm&5EmT+Do${1-YF
zXE6PTHuCY=JCOs~GCT+qoJcnCsoCY)<s31zICe~eu7{>E1S?)Y-cw=P;JoX{fX@AR
zkRqf>mUh@xmeo{Hrft1j925!cJy|S@x%(h&q|04cD?dFLNM315)VmPpVTWc8fz|J1
z53kK)RnNk3Y_;&ywJ@iuE%JZsxgoth(@H77P?Pu9#$U)${4>JD&P@*h`5I>$K&mzo
zhyOh`Z(xGQtFRqW8OIQHxLcloA9DKISxVE?RIQnOl!pE~W6)itj{H}fi{UiXre@;L
zlpgQjNq+npVoB%H?}{epF$??KNaf7A5Md0HJ?>Nb*#a8ku7Bl0>h~vF#hUJo!M8wC
zm>J-|Zur+e>`v2Wx29-D>ShUwVY?)dD7ZKKEfl7Elv0eCD{zhfcN@kC6VrF%DQj%(
zc7eM)?W9rv?*7!5FzJt|O!QM!pZ0Hx;ptm$|30U}Fg1=#H)7`Qg|Pkas-0+-Kfd-R
z8hA2u|Gx>S?~Gx@YxizCFmR4x&*ZrjY+Y1z6`q&D>6*86cXPe{0de%nuy%C$hT0SG
OPwK6_M1h!|@BabSe$NyD

literal 102330
zcmX_m1yCGY*Ddbu?ry;~xcdz5?(PZhJ~#}ngS!O}L4vym3+@sK79hyu-uwM;SDl*b
z?&{uq)?VkVHFG)^peB!wLV^MX1%<AtAfo{V1(WnX){tP{&uleu*u8&1duqr_LDf%_
zoxC5w*-ENPLP0epp+1|#zaJyJDd>AbK@rgXGoW+vhw-4G-pUkZB(*-9oChL?7|X8S
zpR_y8l<P_{Q5XN&e8h&+icp7_#FD`(i(P@oBPED~7sEP$g~ykHE(?!|LyD0InWg^f
zvi0?#^|A0zzL4!DI0DeT>d&Lj&~n+MIW4qM;CqzrxV8}NNCf7LwC9Y#&xJuz;Ldw0
zw@0B4r&A7<P*NU)<)YGukBCX<#TqP^JK>Vo8{kG?z@g#a8%05{$jhI-E#AYNNaTC6
zfMCf6ozuGaQlA~FjPS>a%KcT^0`*80HaSU};^~2}N@ioE_X*vd`eajz<{?=aaNoJ|
zVgV}Dnp7l=%1yJ4l+;csm;i#bv=X+|$1as(tN9ub-IX?CXo6EHxo~BkU}D`$JKMyE
zhDQD>k%QL37toS!;=p0Algmb2M&xuo(sYZ_jF*LY+zTg1ZqrP?Qxvuu`!Ib35Y%kx
zgLT~46xz~fzKV!t14vfaD-bQr1f`N-%y%jgs}_vDjH5`thEE=_5_^XsD37b8<CVfx
z(Jjs9g?R3`Qte7a$U>&q{r(6owB@l~BN#Q&p;*ru#yp{P7$^(VwxKx)nl~q%>2k#F
zGSLwZR`9EZ$`wa#`xV)g<b-J)jtCXSo_y%XN|e=yHAfYpbz@sE5Oln@X{qpg>|lxm
zJ0INm3J_+{wsfzbvJRD*v^s8sAqBFix?dkscL-HRutjADC0%cpGPqS}OR@Y4WJ(w%
zAFiCUL+<7goq&W0q2|^k6{<OH7yJut**XGk_2>FJT8Up*yp0i~aZ75}4K^L`@xpt1
zdz)7MzBvw^9+_Mi_8NE*$^vAXo0*C(v*{P4E_Z%K4~*IN?@B9|2{-M-sbDKe=BH|^
zK+wGOc|4?qp>M6K1zMc+2viBN4OnB?XGZzEEp2!O1W45gv>j~E*gquQ0`ZDB2RI|n
z^_!g6XIF@@ZRFbU&?#_6)#0lc3;kP^6m8|irc<nauaisFFKVO|TU9t`Gv5>rW$5<Q
ztw}Vr;1omQuoQG)$W<MVKUh;i_fAT|AZns#O0LCG!EuNHQ~PvN9JcQ!@G2FUBdJO5
zJKHs_Q^gf@q(Vwzxl_X_f>6*b)KsKNJS!92ElJ$?OFkn|MZ1%eX8E#%a-gazOPd+T
zvzrWU4BEX6`8`J_o4N0F$~kzOvDe6DEplX%igw~dLBxpxR(p!!>Jrmt$Cb@e3i3x|
zWoc}j;b{g4iv5b|>ak_G0l!MiV(8+mQSMQ>0YI1+Ak5LOM`@5MevL*m6gpf66dFvZ
zn%K#HoB0TkIdNj&G6z{1s2AaC$WGZWn2`}5H<C;rrA-K(xhPzyP?l$b4pPzc#G7^{
z8m$W8bR+*>xCrZ{G8?8WE5O;`vvb(eKDo4KAS;B#g=l!pBbWD^O$$9W-K~lGI^M#R
z=z&Xze(_j~adDG(rD`lCi36-pprwkvXj=Kh?G8v1cYuOkHJ`CZT$nzZ$fo7ByH~4N
zev=u?tWVYjeIVszB`g>7h}J^t=Ye;-QrAiDv&M!|XHsJ&7`nIb=l{%|RTMGI<6Nta
zM;)5ixV?>ATm~Pio~ND*?;9$}^!F5Jlrj3*!>1grmU=`NF;pF&q#9@=sL{N4lL^cq
znTD@m0U%VVb--nG45-(jHt{-M?OajfW3*xEd!8O@9-Rwz3!FL-ts8-!EreL`rN5CO
z>cs-Xi%u&=vVc|=_>tylI*C%)@aK$DlQ01$1C29BgQ^JPDV_YOQDA&TA-4e9KEDwE
z_*`O<py$$)G!NC*=K&y3qFZAsR>`d6-F-&f!7Lh0H(S@bZtDjVrY_;W7#Fh~;41RV
z%09v6r+`N-ShO6A<d7WP?@?>gO;Aq=<oW%r(f2b}jIC-v9a<Dy%9r?-9^0G+NB0Ni
z-z32tTP%3Hi6wmwn8ZDe8!g)jn*s!#k<F~*K)^5wBM!a86BdNAS+Y;BT|>Ll69TI_
zVn)ZPIDz_I#}0`<ZhIk|0S80JAj&l>6gRe+d?!K+ueqBz#d$iRFvHOf+a;gVd2*uD
z2t!wwC8KZZ_^Sd!HJH^OPqwpi%Ys@qx}1;WFB`xTNIJ*dpP3L76`nMh5+#C9Hn5mp
zy2GyunK#?jl+)RTK`bqGREX2IPldymRHMpQ$wOjtX)M5i?tGI7$7MpNSC|PdDrjLf
zH>*{mjoilyznho8P-G+(aF12tQ`djM%1SRw8=)U9Ko&2FokUah@)$(WCLQ3BO|;Kt
zWFM4r#Vv8_XuIgdUM@*-<edUB{#q3DJ^HQr3CnvyX<CnV!Ooggdi~x$HGW`r#EM+w
z50c#!*@E2x^!jDT)<A_K1tiMKH{m0yxe0(#{VpU&iU4E&i*hJy^7VL*N&s<gIb(EX
zP+`&#kb88b%u^G2+v<aL1ze(red(UrE|W+e8A!`uUjiS0um~&Nf8wBklSvM!h_uy~
zlT?-?kDOXT4U{gLqEfO*|G^28t|e=69LTYBKkZ9~iMAUBh6DVFo)to}Lm1~`RLroQ
zg#8x+Ana_wE3SM??<CZu7NOeTb9^#QSkcxjZL_55<Bc9p_0oK^SBSBl0#~6-Fzl>*
z0N4%W%9E-R>ohmDQL8lf8So?>BdR{e-$jJx)edK?iGDCA*T*7kj<WsTKAJ|~XA@UY
z_aFujHrn89E$rONK{FFR?a*>ov$-U$xn&~50K+u+5xNU24;x;ewILEiDM)HbLk;qf
zS5`!})Y{_!x4?wMQZIG#_hw$ODyFQ5X#JWA7P4}bQ+l3PzV)XGoYyf{%HF;;UoRlT
z0CH}@iiix`S~tY-oz!TcD=1&hs}#1t&Aum)sFPW$?2f4DUrmqBJeFDVvXh;sYgEC-
zrOa2$uniDa9BpFfgby`HMmy&=PeaCKu(IG*n5f71Er|9-&eLOwFpd<oVGNV{J5biY
zD|?(~x7q=KB9HPhBZW3lL;D#}Qf))?NqP`wFhiAX-C}Fl+}%ZGE&ztey3%Zfh{xyL
zhNnVptJGX0JY{H+i7nbM@yHC>A(Lj|GGRSV$Cet+f6!*;#Nf%`GR*pSwF{(uzxdaA
zrO|mAF+Rb^WrFP=p~)4cYM>wJ8?_%X8#RWSkzEFChCfb{2uLL$<HamV5XVEEN*~t=
zVnx-kHYdm_D|=38Elg#bY)%|vN8UwT{>7SIYT|IWJLEDp=_!%0vl`qv9%qa?1X~p5
zsvvJv3C6+YC4tE4Ft7Bt&tJw69yUm+r8V+(tW}<6KBP589YL2>m<8jF1ASQ!v<4BY
zkp?P2_CQ$3GKC6<gInlTS{l&r*JFlO!m12&XSIFl7+Zj!2Gw-AQ2xi9wG0SzcAW!*
z)3dZKrYh=J;Sk6Y3&#GwYPaHNT+s6^m{~+EyJ;lL-EdK03d=>zW;67TEd2#alcM~0
z2*Jkn#(s!44=CMtweB`Rh#Tx*n^)HPb>F^bnU3B{jXC@Z`#kfJ#G1p08+9ztx@hL6
zRG5G@?Yl-1kNRCzY7z~(C!8_7F)B;p5tk6HB(n7P4<XeMsPIlKSy@<Rb2LNR#;L=k
zQQ;#Vh^B=1LRH_KpVDc@nJbNtl6r+&aWTh~;Hdkf0@X`@VnYQD*Ek~Ah?!OMGdbH#
zN?NXr%mG)LfvxlAtY)dR;N)(Z#++2Exebq86BXGy(=B+eP{!_$524B=%Rty2NcxIs
zUw8l;zfe+rN&ZFqi|9PyA}tE1;s*YYO*TC>tiwlU0G?m26N^`1x~eFqWr!{j0D*IE
zHoCv%_?c4yZDJ<LamA)PJBWx7(&x-MaUh7s2H-;?-3Wb5YV(QB?vpnPh-m|x!A91H
zR7W7?PHX0)*&lz*kQ<Lp%j`>3%lJz<hA&1~t)U^1;fJ4&Tv{L(e;zi=V^{-s?n#aB
zTQxJAEjcJQUE?HE=FY<i`e|h(-&7Z*f?@mx4+Y@u`YGiUGoGNtp>|^>v^ut~e+nz6
zy3AZP-rZW8b<jY_MbJBRze9GB8F&)Fpol)8cV~|O;A1?|I>nHXy~1SF_Gr}VthZ(L
z7kgQ^iSm1(@gkIE%YE|?f;)CSy9jvUno1`FGg_kN))8gmg9wGAWWgNblP+}J7hDqa
zmSX#L{%0&ta9ZT#M8nFc0Pkd$n0HH60xrYKojXE}=AuuC3$xLJ_eV%w_pH9#xR)4k
zvt@GNwCu(d1<W>Kfq>5Wf^Rv9$?3l<(Uc^F$BL3nqn3p3VuV+{C_kg?DUWh0Mf6eT
zy^*+@vgT$T2$O+ql>?k!((A}HtR;rT#UHM>9g|4uZFyUHLHYA5oV{#DgHxUL%H6vP
zcot3Y?~6m`NT^~$&9DW06V|@{73V%X5T(SJYV=-1wOqJmF&VRw%KBcrnXYNy{$#<r
zW==^o8C6lK^0=ug$~rsMC^(Zr9#JWbyWj0ei$Pq}E;4Gofrw3sRucn%9^~dFi{C$v
z6Lo6+2XcA<lD6vP0L!0z8hfsN4Wr~-8c5Ne5|gzM8{`I6u0;(p?UtM~3{vm}jko2x
zbh;Yf=tOlZGUcF15@=o6a3<htN0)g3XsXNa1lm8SGDwr<i+@r^8OMc;$)KE)P^Zjf
zj43fEt9z#J<CU3bqU3#*qO}&rqRjWG>Pa_dprE-$?2K5<q`z_qpRfErb{;{`r<WH+
zWY?9ul2c`%&^A0yfe;~jgE<yEFsJB#QduigHJ#gcR&CzI@RCD?sx?#&n1Dt2@g+>r
zaD{*QrijVF2l|+Tc!j6th^+N*LA2BI1*x@BC2gGKSnHmXae40?Gk!vmQ)}J#GQY3n
zzpu-Tb<iOA@t<>mT)uM01TtootU^x6X0k-p$tRnl>zlln(lbp^=~_RbtfiBMqvwk@
zPgoSxf$32Jv%IQU3^wvA_Ias3xa5=imGgZAbW58(2m5=8Tafkk?viE!F%G;si@9GV
zf0rA@od|XDzqhK>T^eR`wPbU)oyf7@`2hH*ST=qI*mc1;h~)SvNN!`)hFyCcZ<Io%
z_!Vn;BnS9#S4JouNPMGF_!@%(AbGa!G^Mqk--G+SO<KOSn7U=vJ!Medj)G>Ujt4V$
z6yICmVVdMRhmku%rz%R8r@Az%i$Pr;hh%>l$_iuN++q(L%q%qWj@;AO_Pn607;tCn
zOQ-MXEa$Q;pUhek9F8|H>`JkWdbdvH?4Xm94_!~=k-r385BBcwhg^FN3^r}xWC46c
zbLDj~!kj5IlvFT-O)|Z3R+;VPisefo<bw6Yk6D9mK{8H@adLsf`E4hq_B@PEZHf~s
zPSbp<UCb(<G>+3x^XoZU>ab{kR2MY1|F9pA(QXho40`m2)YPc0SdEo{IrYM*!pPNS
zM=(UU`*kOhE0j`IpdR?Ar`Q(KC>ZJ)5+W%QB0XW<%6y>9vgDW&yoqM1QIN>A@>3`a
zot>tZ1w>Y#`l?38VT)8+mlV^{R-4&K643NvZn5^&u=6RCWLyZvq)!-~mp(MARE$yt
zR9+>~Czk9ejtOQNvE>UrY8=9Gla|rp54qLLNT<ATk5ot=Y-`(Cg<3H;7Fwy7lv1Uo
zCCkm3;&hNUGN?{^2A0`KkXU@csOCmwJbYDG!+^810x+b7Tc`pCwNYZ@?82|F`vllY
zF{+NCnc7W0->KFa4s<>uyQSz88hDRO@y8F8lF|TUg5fw4;=@94mFpu>!AD8o@<LPs
zm5Rgg6P18t51233`VLRw``B8@N=4jdwE1kNa=$z2l`=prXn26KBHVhFrQb#UrhFg9
zv*n+(6tjMO=3!0@WHTRZB+K|aYE*;`jrh9z-s*)lt!BP~hY2x*_{oL1L&kOj&Ze)T
zZV0`vN|nP6A+;w+I*A7zKEnvgs3I}p$&;E}F@EKjZFfP@&bXa&&^5k#&{i4gEqANK
zHXp7MG{%nY!V?bgx)SK)g=+<EWr(j@dDXePZ-f)eHL4XEgsX+CmByCgES#>I$o4)q
zq~J?g7N{rLVl^W`6@=3nPK@t=th8Ngm*qV-_gw;G3l~dA(%KP1I{XJV#wb7f2sC<A
zbLd&h7Ml?~P5$~-*-a`(|I{0)VLqkMrXvRA%iUm#Ca~pY?w7xq_lhn73X+GyKdWcV
z1BF*nVkJDPtI~IVXDe4&=ogOTD+N8pztSr`YXkRbldVGI3M3?hJt5h->bd;32-#M3
zs?I+z0uPAljX>KfJ6U=**oF(c>6ga4see~<2-vi+wJ7zB6-`Y(<agri3pGZqA)&(+
z&Zrf{DM{|p)Za9tv*R+VIpxov9-PGT3^Mx?t9)!@iu+{&)%NQGtv?05y!)Z^$WMoz
zr>hGHC7O(HA%vE4A6<sktyeMUspr)QhX?oOPI61;RzT?6K|+RV!$i)-lw-14An3hu
zn46T#?{dD_^oWKnR7p~b(O(Y{J(A5g?@#JR?KN#w5!h<?a~}zQwQOsUnA*2oXL;~~
zq4;Uu&)kSCJ2E^jQGgkM)96y<FAv?3jU#bs&cB0u?>tr&I#@wsW#5H><w)rERS*l!
znN6N-q_|?IM6Si$sNUM6yngKZx_EutmjWYHc@H^z+URHDp~rq0!n-cT#K5aX&BVQ4
z5fx*7p&{4m(y|GC)mV_!c@tFNx)zuJZAKMJj;@_pmGz><=GY0yE|S^?v7lEdSghKP
z(8x2>SL|@sq)Mgt)k_WHlqr?CS=i@<4nXNovnxs0xK*Xx$vu^lb(!S!>usA^Q<D)<
z*l`%_&?V{{zCtYN<DnL&^?fi}IQ+EF7KQ2-4xg4InuYqO_&Ymo*24PPWM?Kz8VL6q
zW58uSUIiJp17+1z?dd4H4e89GUA!K4Msa&~!a)4pHx^o}M_p$9eeve02h7J<u@qd&
zgXYx00z>`eu~G>eN^L&l^d2(qDj_8kc$r?koaPfr)`<brW)7HdL{GBcW*v#FCnfg*
zFpt%4>m)bW)t)B+=4ULz90LluGG%pZbhZ4cb+;E=z)osSwb#brwZ5LA`!OPCww<ht
zNET8Pl0Zr7&(y-E6S{TCNEsI^1hoWp8$}c|4Ws#cXj1HYNdNr0@u7>wJf13xzNwMB
z1Ky1VBCr*I+*ZL;m^q_>%+JaSn{|T95znyZmKV(m&lu+M7Okt+PuiJf*Nq?-P~;%o
zcI=qV?b5=|fCo#96)Moi0TRuUlC=9<?5v+?-(Tvn%?X7T>PxWDMM_#95^LQdV{?T)
zB$jHv7G;**7z$A32Mc07xT{{5nE^I;;I7HTog{@z*plHpw=zceY28bT%{)>G{IFvp
z1jd=50|-Xj8}Ir1XO2tHJ$v|k#vkl+XC@P>2!%wNe`;8PVQTQQ%=f=@0;WJkjwytW
zzfY69nEz;<wzbBM=*cf>xE}nL5+z}z3iO3xOIC3xNBMj`pc!o`1k<Ba=;&bYoHM%!
zpo|(oo1|IByVGC4v4aM(!GDcR-H9enVXi;byE~kavn6y6*^}Y?+ZY<d72^Z1j+(0$
zZ_-vo?$g|6S-ae~#k68E593|Do@HYtYa=6q#AVFv*Jb&oEiqrL$^H7FYq{%*?36&6
z*GrtOeT;L6$u3%(d^j@oTi4f?%?TS>``^KDmbESdVK`;6GDMkD<<eHAqR8=GtocdA
zYqPUbd^l>^8Q&oY)8Jo_nrgUU5o|D65{(`zA;G&o!4s=K=?OAX%As}^MWlsZ)8%Vq
zxd+$of~Mj;IA)L-tvNK;WW+g$qm%EY9Ij}vS<2XUDDMOX+9YCy8id&J9en-J)x_Mf
z4uGT~Ou^~Pm4#{PJj~Jo7ssnKn-={$*SDFnK6ju3<x>-_#xX)kG9XL{N~e71e^BEF
z(o?VLXi#}8QftZJg%~Nr^Kgz8xT|TDPt%m+FLb4pGN9@c_~xVc-cI(!<{P}U<O9^s
znIz<oU;wUU=?5(GgNS#Edthffiit`MA$uz{9!D7=pa8SDPdvCv#L7^h{aQ0ZV0s+H
zl}9!&Q$jWbkNrr4VWw))HEh2v189?N=Sh=fAtz5fL>HTC4P4SIcf1hi@jb0A<w+qv
z*r!!aCWk`SD>{FXRO?&Se8GY~pp*0oAYrTAYlfsz6~YONKJTc}(Z=R>2F1enp?W1v
zB9&AU$wf-3GlCSl7?Gs4#Dt61Wcj-7or6&At9tRiG)kb?J|M_dE=+PKG?|C?KDSBW
z36jm~vxYLuqIiwT91wsB?T`=ERV3&KZ(4HI0=5wU)VuPb=q->oUFZcF4Op$N<h77P
z^f>+eK^py6%EPIVfn^kv$i%G8_5#Lh%RQz_GrUDMpEZVpCyBDSPx_uG`3LY+S+%Zz
z7pll-=gcpZf;^Z-v)k=d=G_w9Lj{9txwGmXH>n+ANDr|sxTO2-;vx0y_c@*`KoKuI
zbDi|_Di`(4;}d?rE=Yk3(Z1KCAloS;M{WwHT%*~i6yI2DD28BOu0%ygK7;5h;@?e8
z1;|U?DrAzGRC`xRGZAo)>IGT1OC-s6AHh`PN`Od!@ck-Kq0CmO&99SL$Z}U1-L^bv
z$ow=B&pEEnXT#w>(eN?xQbdxgbou<`&i^UEz$~)E$H5O4#)0+vqEY1{)rHMXc9tSF
zU>sxsory+K(sGck*M^i29Z=0Y-&efkMsdAZnX@Fcx_bCKZDfW>+$MnHo;5CEgDG={
zk9U@zPvumjX>myhL0i7OeLK721-^l_OpT8KRqzKEIlo7T?i_TCk-HW^P_1whVDPcH
zaF(0^%BSwavbQh0<n$xZr;16ym6ty;TgZEyA(wA5qACa0kXF~~c8#9^-DJ4@s4w#l
zNxW^ndu~qIyWq?9L8b^rFj<9pW~E7O2MA;P8utfuB`>tM{pRwp5CBkspuFEg1<}(Q
z*DBIHXm5!~D=Ur_1HrgoNDdQ;RJota=q>48hE$*IaGRKC0g0DldXDdBlL78_YcJ&-
zN@m5NtbI!9gsSiE)6m?nX`^qrWzV$UWID+wb1NR=ay|+LTeId*H*VY**q_G%KZ%Y%
z=zxdK=@$}_C(b9VkV`eXv<{89!PQZ`w~Vp7zom{CzSuuOV-yuD*^d4!Z~*0xkLqTQ
zeka%$6piDR_CUjvT1M$e&>2%o^5RZ>;~_7Bt{T*I4S^xgY>T!--;dc?8Eg48Eig0r
z#pyI!hxk6q&{o(x3m!t1xI3-jHE$K!CC^zZPe8A}@KsG%{CZS(0Sgn5DwxWV8~}#S
z$rM88AYdFU;Eg~^m!r4JPDy95zJClsi;L7KPo7fEDK%ySv6Mu-UmK>>Z&w+#TH|`(
zc@edhXT{OSJ2)T(BMe*i2|P^AVxk^2V$~X1FE7n`{+3I@2y>U();P)1<8g9F&0xY*
zDbr+ahJgXEcrymsJ%##%emdy9Y)s`INAN9+PvU^xd(HnkRS)Ep{+8_}i*4-bnZ3<I
zvj8^Ah6)SuF{Uy}-ct@<8U64);eebwmudsaRN3o#w5o(FuhZr3`F`<e=mQn1mBVPV
zDrKG(@060GZ40LrpAh_9pzfQ;?wxpB?riwk5Dz?J(nj#zFvz~zWd&N-)Y~1VM=8^M
zZ#om?Ff1+I7eAE<(VFwFzS&u$3w@iY(b&TdlT~I-K#v;FoVHF=z?x8|=d-7|qRfta
zt=tbEc+ND`^ZR&!%I4=ZQ$`J|P*`-$5*lLdN-ml`V<8@uDJu_78ju5jG!Z|JC>soZ
z)@;5mV^Wu8kPPxgFHN(zqIt*&Q=)5779Jmizbg#GNznrG!KAYdFC7TQd3;x}xl6&F
z{Q;y=8%wz|+s8*k1*J}+ENaowz@(Je@!Jl|=p7j79nDKifiKKs6_o?8(t!h|k>3S%
ze+(W^7bW&Be1E@le`qwk+VTpRO0*0BglTT)3Bezkwds_Vj?u9w0gf|$iJ5`fpg`Fb
zI(p##L$Z=u7)zgROxIK{5QBP}162~4W?IC3^K~ZJ<n4U~-kQ$*^jI)882)m9cPHci
zN#@MI8uL_C=ErD+qs)biFX~UE(t%a014uIC^Y1-_w@XBki?26&^L8LAGAv#`rnOL)
z&ziO>`Ks$PTwf)mXI`n0T@Ay6I=XM{imenT#O^3>c@mSqvc+!Cm&(1UTA8^ee_F7=
znDF0;Nqr-#e$$2;PE|=W3(139IhwpWk@Lh`r!rbEo{rs-6QOJ@I7!4%=Wru7w`n{)
zf)@>K03V`+xW-ukrCEdLuYJ%&*t}WPpuU*9%V{&d^x-91V;Uu6s3f36KMIwULOizA
zazI@P4m_{YCi77lPjF-nyjo#H6qnkv4B%*>!kMWT(=VOoEet5@!%ZkwTplZHwu$|+
z_pQ%Q&nF7kpN|v6lZ|v!RpI}}Q<tV(*KRZ3Tf7O;5&sQ5J>^X@q#Gqk(;iv123`kL
z;_+!hSxGRq@wFbmrKdVO(kkIp)e;$6`H*5bb6xY(AqR|vP$2R@0?kO$37m66jCNO|
zR-yN@5!>v;;sWf|S`rjx$1hAMCLW}<`w_L3AA{(AYz7~C;koq2k(;D17q(JXE3jw|
z-7zY%#J!?V=Irl^<5x(t7+J9>i<kQ==s2Yo9{UD|F_>%gLGJrLl9=OE*p6+peYhDF
zrxe+F_%QtX-J%u5Z^VrJT8uSLo&T<=tbWwlPE3kL&f5!<g1);ejISNRmZIXL)m+UI
z>W3M5bi}Ls4-+r~WES=#`4B4R>0*R(aWX0i8VZONcU&?aV?TZ6H%FKuchfzKr}$`}
zQMYQrfZ!BZzu@W-Qzh0JgR8*+FI13RfCfsw=*8h!2w7T(pH@;2mG=-@skA}a_ChJ_
z??xR<QvzYC8Wr@>R<iQCL9K=+Xo&=BL(tne|G^k5ux!pzHrN9JK8=g!$as^voE8ug
zz|4t29(rlToXyGEB`%YyN<kj`c9+Rq#&<vlLmWx*@#?!qDWstUt*x$1qE{H6`C3b|
zMCzb;?m!!hS<k|Q-ugfrx8vj33vc5}<90JLo*Y76)CT?02_htwC=R7mOHX5=PG(WX
z`lK03f4s5s;~h$Jj#3&S+Lb<|w23+UkP^VAi?g?*7?9CLPzl!@RYjmBIeW9Wfq!t_
z)M!@PR$@XAGBW-dm%++zd!8sl*;5i&g>=@ju28KLk$}9_YWs#=!}w%@&2HDkvip}z
z=cn<Hi>5znYt@^aQ0~8Lr7j|Zrd6jg0#jphhM~|A9b`Osu`1guDIk5nKc)++$w_Jd
zW|ZYFyFEh$%RVwE##^F|NobVpGlD})lg9`4D<cv=q%?0gkSw{;Nl1Fan-WQu56X`F
zhPWb7#S4=V_WkBA6PCRflo}e-yVg!fR)>bKH+e3@O=srg$I|Nl6YeLwi}^#aRw*Z2
z(ju6v`DQ*?AM2z@=}1e1p4`(}0hJ6SiH%g9b`Xx9Q1?CL23#qKALHesC{Lc+N{J`?
z_E-Y2)3C>5oKUPOe!~o%h(Oe)!59FbGY;EVxkp?6hCaqrH!LmB;FGQ1rvuX9ScUFu
zCf|(HU15#U%$oAOI5YQ4W|)@Sn3kvh$lF&yF~se_o0dA_WctE_C8e=phBoUNLgJ|4
zP_>P!gc%05uq*)KV`tLr{fee|T^Z?B{7|bY{D_om<%n}Ur#?P}Dc4LuAIbRsr(F3d
zI(lp5?L1gJKY1;u3zn-5q$#Reo`Qpzo=hMcyi};AVV;5On-1B<WfwW12SDRj#HCYf
zREnc`VdZ#?ay=vo`-@S?Ye=2;7?JolXD!kf*@wMq2`-O|KV-^Gtk8Y?NJYuvUQ11H
zt<lUTXSpcxMI+b{9d&6Eg-sDXmRsrxZfST!v$6&7P`94nmFT6|e?E`F-=}!{=P^iY
z7?xYGkN&7kEg>FY`$$lfo)OH-J$BH<f(VU<cakbmqO<^Lrp{TMqdvCUQIOFikP;#~
zB})y>jL@!yF)m$nYtm2~TBMg(QX(ePVjna^A4*n&Uk+=<5}T%~RLHZ=i32iYhL3Yd
z;-?|}E(}26<NUUaR4@0HZ|Mi6$84xPS#LwvVJQjjY~nW-L|}k-`3^|PX$zSpbT}&1
zp`x^N{=O_qBTQ;u6_GBLeOyWdN8q*Z^$lEkY^V4%9#Ct|m{d?85iGNd;AkbUWt`}#
zFl)wG38z%}M0d4P@5Vx37_nFxJ_g6qGF~^#{X>sCOb;AOlrCX8NOQ6{PoK=*#ZWO@
z7yyv2rlO}v4h`Xuo@*88=4bRwgT(TCH-qqucv%;+UM>H?3LnhFqD9NB7xwH%j5b9o
zCx#7%tLama27exP!>3D)Q!=J!xf|?!)s*677fvWapo>idW_{oP$cj=-+r&wv5I0|z
zEJcD_?TL0wgQmkkJm0sLKQN1`qYEcM^wNokP_Bpq09=PuAxO^hiPB(v(PzUKT^HNE
zdSNQ7mCZJ`IWR=UDJ?t7R3Xh2vu#1BT3V4vRvj{PHybJ1<gkr3CugK?&`?Xc757l0
z=c0Op0(5C5Nt{OQSD}@<SJ^-@bw`kS^D_8O&ievONf!1Qe^g6Eu&YxBy-_OB+oETK
z`W`!O7qvmorC@ls^kKXHzF|PI68-)cUZPLorP_ZN=#?T%FG~~mw11?sgt6_i=bc;b
z<3(RFYlYYu58e1)RgFpmTUq2hu!JbK&aDQZ6S+8f(H^ie6gU!+gccRiG^*KN>TynM
zSLu`CW=>K`h_XOmuE#Y-Vf)X-XG0cb)Nm>{t>Do)v>q=psvB=B=kLM?nossmN+p?V
zv?PM7QFKFjVTYh@1B@nJkql`z&DW<`G?>&2vSk~5n`!h*sQo`$Hv8q6S`JF`E5mp2
zG>s(JjoGI&Kqq))d{m@Egn9$U60wwg1IVTNhMbLr;NYMsP>WOw-<k>F;UjJ@sC3bN
z6fzuxGb+{674$`BV|5GZZk{y8&Y)s;YpmsBp+<INidwj9|FqVqQeeNk^CVM!mb4>D
z*ZmvnHdA;7Xu*sb!s5|rU|n)XLQ+P<n#Wc)UxyxkT~%zFVw{+>vtfvD42;o$3ZT;%
zqpeD1>93$=wZnSS9CyOgspe&QoapSV{O*okt)%i(q+eum`12X;0(@!J%9vWLvK2sY
zwni*!#cFt^6oV<V8tW;o2S4Oi0}61#|FsO#v?H;k?!3Cy;kIZOYh(5o&4oQ1qA^3V
zjE*n_Fa=1$!y$H}jP4?K2DxWpBVSzY#gVIeDsms-G>R>0{E|HWz#plkTvo0ot5^va
zyFhe6#2Jn$C5v0ng--2!L3anGHCzp+XwQ-*bsFvYG9f)&1Y%)`&FBx+1s_L!x`ZL3
z8Y{c&w%VRuQT%C0r6}3S5{;i<3{qCw1*DQ~I|97FBd=VluLX0TJYE^s>|<$+ZI|HO
zDqmu#L{}d}BYrkiQ2ToAMT{Rx*Y?Ilm!hDar>|ov4be)``Pwg=lr^Vm({na}OJcj-
z{+(A2xpGgVB7@pxf868?0syV7B!!wsQIuM{lp~Z)!2J{npX0HHfvzKT+kG@q8s9RB
zj8R`?ey1Q$*Y6dUN?V$iC5exhU+8FO+SFQsfAur}9FcPof^x1)qh{JSl}9iDT`W(T
zs#`<WR^OHpQ4;5zQeeKUB<#Ea*837IT-gK_!Gwhhe;)xvg<tKaNRoj`blAwPQ&y$0
zhDl;gHY8hBl2NkN#G=RrcM{54QAd6E;zN$2z{zRB?qU|NEBp(*k8mOsIHcX2sN$6T
z1%Kg4U4iG;;F#E7a33Ny)&7DGOt?c^GG2(PlaW=fE*MV?V;S;CX7TJ(q#MzxhjIOe
zTlL(U$56WGsW7Lwb3Um2Q<!>eDA~F~&2rHU-MJYfA>AkX({aZUeg35}74r_e^6r_6
z?cJxHR92$RGQu{sALXeSOvPJu#P%N_+2#%u>%7KknaC6Fd9N>|?o&h6rbEI3*x&dC
zI4{-*3_ehQ{VvG?PmYBzo0Lb7eUfo2GEsaqaFWK&6=<9-CI{=8r|Ia#iMGB|M64$6
zG|yMkT%#ZW)!b;F9|u;5{Di6f#L2jj1RbpmdqUr+$%7_jPl@Sv;vT{~+b~aL4Y(*F
zsrr_YZV_W>+V@@)<OY&ZucYgKIR7=8$Y8A~l+SIWM|orqHM6Qd+>0peQ~`P3F1x~_
zvVLmpd$@71xt58wS&=eH2q%-nXL+jFo3i5elVxm0KmLio>Pceggr3Z>Gua=Y%UkJb
zwqj@}V%W8WS!fBGo}uj%<`BHh?-4EBK3{Ct&n8JqvN)-_yjWh1^;mL>=u#mkjB4BU
z5E9L5kv9I^g!GCR$zSu^)rB}jf2K|Ok?8&HdPg(Wrw@pwS3|oH7~}EzM-p`CUDEB<
z`2szTb_G5aer*%YH@k>l;%G3^iSDQ4?#@$bEfVdp_8;BzE?4(W6y3kqMOm|h$UVMV
zr+xxbl8~IC$gZ3fR!3vZ-}x!@CZV7Sos%SXaWLNK*e~yW<lQAYG$>ZeYp%BD#&t4I
z9Dm<vKR(*0eR7r((Pyy-3HQjer};#;$A1DlP5~n8q_YR<Qdl15(UXC|o{8^LyDS<G
zTJWhpq^sbxk!nGUweZb+Ts~`U%<7^YDor$Z8F5D+$M}npz8qsnjY2oavAWR1=QDEH
zX~2@C2TH8nP!JaiN{T6#Bv7Uop4Q*^gR14Ngip(-!)5Fj=1$hC#M?xm5Ze!Q*OX+)
z0?iNbXN6ls+c_e0v@O1cD1!zUQ7MyUKkq?{S^QqcUq8(Nzzml`vxhEHFNd>1ZHW_w
zu{YdlwZQnG3Qjc3Z)6AuD}VNg<l1^&zXGYrj~qW;(r+@aVouSEc%5$2Zw4ZhTtaW|
zZI%~vxp9!5%E2y<U5VlrQ2Pp7+=Edj<Y4;0=@3N%@xC8;0Pckhq%EDz_8!QEwZDsm
zo`0|MKO)is>~0>M*xT9J^(c?7D)@e6PjMx-K^x#lf0}Zmz1^!Mi>A+(k^VO<t%{HJ
z=e%hQZ-sN{vl^v6+|A^ym5Tohu6c#eIo~5{9?u|XJmtFeC(6uC_QwJpy#EG29G&LG
zdK8{Ts5prj(bFD;<li7gJAEWx`)f1JAh01XH>HRC-)R!s*q~~LLNZT&*PuTlxV^7}
zaZ&%oaFisyHm*L8Ii{<j<9o^P;Y6f2Id68f$k-pJ>Q`SozqEYx`@fXc2n<9yXeZw@
z2O8D0hw$qDSLU^XLeA$LSA!N`XM?(}qs#oEsF<;6CmTP){4$R^%Kh?5jnv^MN%t{F
zrTN+SsHEUk6EkoQ+7o|_Ym4TBJhl(<{g*(F>~=j=<wt6xVu)*h+iNIy74Eu$p2^n0
z%$U&`@_gI!{nk@Ry&-x+0=i%OHM!ZMT55u3l9~bu^{%}ytbe6*-PYE>DP~syW(7K0
z?C6e9QV)Q2;lsbnYi;#9$6ZUaD=S6vFY5zL4fVtJlsX@sv%)sJqnw=wk4*1~(40;F
z1HlPvwzoY*d25^Iunp_*L)P4&_4q#>{RbW@Ea@Ab?eQjG(G8xR|Dj8Y!0@x?aAW`x
ztIfs{{hvqx!j6FIRvIlAVl95)5erIN$&4?z64ui>yZtW(Qbf@iiiC7f*3$Rdf05)e
zNapsk>QX!INI{J*`oHJQ!C>7`DU=QUY0<pOT_LOZALs*6@PpOhzdJOvRD;-D>wCe1
z+Y3xmL^|b1Q#{(ecd#!UZ%^U>L3Jj03Sqhq6i0%=uc!W8aMV@ryw1|21G;a3IJtX}
zjexB?Q&1^e(S!Bc646;}R=fO)&vc|MEeE?mPrbcj$@*f2pUC8^9FWY32vFdY$v6O2
z%OIebV%xOvRC|EMF%w~D3ZXys`tnonmv>6ZCBW+NRdzKsH8E6?^m*@`O4xU3lvNvy
zin=`{o127JQ`@yI|3ibohh9@%-3pj5s799P=Qo4ZiR|hw;Uhi>V#_ozVR1kH<q9xl
zaQSzEi#F_!81GmVEq0oTG%>OZf>CET2{~7~&ksA%Z_h{KH6j0ySq>e#w!G8<p&n)e
z0}77aI%|z@Vwtfp;MxWm<KtDIV|}OG>9@xz*8<OJAq^AC<PmM?|9aJqJlleOKowGL
z54+J^6dGyV(ss9O==x$f%)jpBc~X|S8E`WN2-+jv>Uh4Mu!i}!!REie<ErPm4IpQP
z4J**xTXg<Kr%ay7Ut%+CZ*4uF?0DFX$L_i8{kwhn?d?^b%pGpz-^MeYx6Fu{{$2Z_
zWu^rqrz<ZXjk3sV(QAxe4Gv5HI=Zg+%TR!ye?a|H^?TupNVbK6ZHr`|w?l7^W{x5d
z!YH4&5kK@?Ng;_`v}zs%{-S(2mY<bKGO~Yq|9TACE_C^d($Wwx6s%vGDu3r*qKMoL
z8iMp$ZOil;(V^aK3!(pY@0Wci=0!F`2vBkiQ~dd=^Qa(xyD?Yj?O{Y*?0E<CZI|%d
z@#(4X&EzZQz{fuuo|@$<j~A}NBF<~A@5tHCmB<3ZsvEjaS@cd7k_Ns#AAFET<`{`{
zz5Mz|Zddev1(vuI>Ypi4-G9-(6?EP-LgBp#%o<5|sOwYdxM*9S&f<c-sV-Hw<HV&w
zqMy7aH2Dmz)ESQ<ny!$v1eG2m1(WTxGZ3k@(PciJCzRzafG`05RCNH^9+*znCO?R6
zd5q>x!_2;$(8k0%k{5rP(^MD5S49o_>3fu~Edww1a-weem7#rv^)GtYoP9-p6x(Rx
zb{szIHbkVreVCYA^p=T|?KN8b+5GADMAyh29)}i{+XMQaxx55DnY<00G#(-Uw4o~S
zv$WN5DCqCSpZA_|=rux>=Hfgz1iv^oGN)G*1__tzR0Zs($lJ^mpdWbuF#hwUArO6m
z4dZv@hXCjt%6B-kK3X?>f0vV5p|Zi^7d0g~kX*vzrm>8F%K1_^_h@4Me4-u<^Nr<#
z1WMUJ5thq+SBAMyB^q;J6GTnPh8X|$av3Zid_ebaVbR^cx=?kzm6cID8mp>K-pi<o
z)8l!1dJ_A)Iy2za`Fof&W1Q1$vIq`ogfck5;rYD#vX_Z$fTR1o`KQmi`Si!*qVS-r
zaLT^z0#5TV6$lrSj>m{Fz6GnaBz{AaPDt?%L}VO41n&H#u6?u1BSZJbkoP?^UsO#)
zFG(qC4Q!Tx>n7#v6(W8ULP)H-&_Oz8@WY_^+vCi)+p-VL7s7iXuow?hu0gP{$X0Lf
zbA#!kYbTP><l)z+Z~g}vx)#pGT3?XH7H~8YH<<1%rk2kl4i9aJ&IEpXEfl^z+peq%
zYz5rB-+=V86HWQL;W;B2h11*X`Ytm-+2nvus{XCF*FPecJ)RfsY5xBH=3%biUhdy{
z7W_D2n!e1*DLM|)HTK3=arn0@`_$XwH<LV^{>cc$=E1?wdz6{};Io*7h-zqa+wJg*
z7ZAR!#R-*Tn~AQG&#JW^T3G5klafsQFTQx(Jhv{Wh4&|v(WECNB>cOq$>HzZue*x>
z>e$oj<1AM%3>rXY)bh9jOlI>OjnXE;8B)G;JlCl?cAjL|XWbbQBP#Uu7?Ly|?H20X
zwu<nKa_~;hPeb^+A$CnvEAN$;k|)_~G8hu}X{-@dl0d14Hy%(3Vr4t%ZnTb=j*Dkz
ze>5!*;=1u<*?J0n)gHM+G;Sv$Atl}PSp4+qQxds|4*W8#nfhS#2~9XoV?}>M#-BEM
zs2be{@a0)OJR~4Buj8+G$`UKFa9d29Jx@>6H|z3$r32^<C2#}TUhS)oPRSRZTK<Pz
zBqR`c&hiuLD^A9(*0#MaL6_#;|GRXFV#}#T)&EW-?t%4fDI|Jr9yk1y6PTzpc+cqa
zGom}<ZpD`Wt^1n6c(N>j?mj+0iWfmI?ZNA7u=QgTeHh4+pVu#8)oIzC?7xJ37>(Ya
zKDDDPa=0a!@!?k*%zm&DraE@w$ege`?q-tHiyIHjsr$zjIFM~O78DeeDQAL}=*z0v
zx4YcDBc+NFRt#LiyKP|EoLE^<znMjq<pJki-IhqaemdAWIq8i6F_psaRyQ~62lyhu
zU~qXk!wTdd&AV3g7{?CgQO@VAip09|Okw68XnCjN7li-Ny{!y3Bsy5)dx3q!iuCD1
zbRBBd#sWV}=~CPM5c!|jL*UJclxj#Kj9EUM9R~#7jc1}L7yNMg&kb=In1O}STNZBC
z$0G&SGkbK5UaRN2H{t?O$vBQ*>hV&F65RjQ9Q1?~IqB9lm*6VPRn4#Qhr~aX6Dm~-
z1z@#${*khOoY`=-^^8x05z%cecUXxegSVO70Vf*kYEB{d!aveDJG&ym<imD@`qRvA
z^tSoS?N5dE|LZ1#2^%-f^h)^=EuM(^xm=WU?sCT^shr*Hk@kW>hsRgcX>jK<?(JWM
zGt4fR_us7iqrisWZJZ8_V^Q{$c+dTwL8+4r_)d<2TL%C6)LSZ)LBaCwc`Cbgf(L1g
zbmxS>9J!0{o(lUPPxUV5Ci{$($a4ITTyDNw!n|a5t<L`k$oqRatBX>7qX@?%3uX@C
zb&?ygxUuRYhyM|egcd}Fw96Ex%|7L5?u-AY?lFiTIj7=3L&#4SG55w}QRK9aRL1sc
zKyv>7U*I)Uyt!~N?@HO}>mOxMHXL^NpF8_J%g}*btwY@jPhs<0-f-!^ED%^`?eGd*
z+FYa!ia+G9fsTT+ZGPc3w*5lsUSB19t@llR>~D84N%+6L)cxiFvaNmly7bbYG*$0X
zHun$GpD#JNU55`Vf+u4F?-KcV+VSV}ohER+E^`9Rv(BkNSP!1;B$wzOoyURE-~BI&
z!~RXHjU=G)rw*EDJhb|8)osFSBuGAcQKo<{OQ+s(=jlrwbk>g@E=rX8hhmifJRwL4
zw69x{Q%**>0u3hs<Gujy2=JeXLrW26aK>R8d5V77Hq9vg&jF?cbWZY4%@%)Zr&16V
zcWMhY^YLPN*ZzNl<|nc`Tv2M>L5t1&|9mTmw{JGJ^e2;VY<v^7^M584JwZvKS}l+n
zDz)wen}^_ix^c2OnXjdoM-E(DPH-pW;dZxCJFzDI>`3RMo#7&%kU>MIqqd+f(SvKc
zvINGdVz0V@%<=J$5gn##vDbBoa)F>yBKs8U@8H<5)g3(oG6aSMsgw8T^6M}~VYFOh
z^Hhb_z9&!UkCEPr3kMN*(|9Q!pWVM4`Nbug)=qdKct_6urrk9!9TIGIn&4vp(aJqA
zKCDwvuna==G4l~dS3{DzY;oQZ6f*p-(>VefX8<-If7-U?P=@eh<u(<4GFKdy!bphc
zBNuXU&`3@DFgd;jEQ!pCwK}GTi5E3k>IWK_=jff9*Ae;7g7Y=3BK0=16<E>I6Y!}5
zgpu%TL7WK=(YV4gD<8ipgjzYCw~w}!C-#4;eLQ3OiYopA@`I9pdxled<M1uW`&P+y
zh5T<KwgmuA4XU3{YQ2r|KuP3aIPYVzJt$L?nBU_0U^Ve56OU>#KQ;KRja@_kCMHZ{
zxXoxiQToaJK@5AVr~1zI=bU@OazBp_0S}nedZU>U5$6r2j+j*M*#H}vNbYOYv9Fu&
zAb!c~$C}Gz#jgdc`&s(H^SHR05*6um=XAsYym)<sMA@7`uJw6PJ@6+}Zm9EGqV+<Q
zG8<d?U!*l%_A9y;1^_fM1g;7;)^LCyS9jElu;-Ui)(ku^A9cbw3pL}XRD?>tO<d41
zsS%G@ET1UIzQC+f(Q+dEn|sq8rU~w!cG<uzU5Ljqmiju4!fFo7FmuW__(sQ9Y4~-Z
zL&$KM9`{TxirzVL!PVgTkASW;IBgO-m-p@bAzRbnhRk#V$pX^E!6_Wi8t59}*gJ7A
z_Oan+N~+_FrBTa5M^rC8IHgGivxSCKet%(#uAbpDF|8$%Ywk3COQuS&?|7JP4&#VR
z=Q_K9U}xn_MV;&V4v97&Yx{z4K}G?nhWojCy|-=ROusVBQGU>CPgC`EEFlHu2LX-w
zqJQ8}pWZK#g<S5kl@A#KsA+X{^AUBcx^i669e2php8#7@rpd(SDz>Mm%93{SVDhxp
zY5OOCbSmZDWR}*hMz51*##a&7)n@Bl*WO3TzZX@lu<l#Z!NI?W2-`P2Ci2^IMSPrU
z=Ieu<u-d>4`r(=T;0LTWekqGHc++j8Gi=()<(W_MA9@@Jo&_6WIlaizLaK1MD@mlr
zm#?l(+AZOtG_Pwv-}oKXO!+%$`S_@FJ#QMv2i+fY6PFsGII+2KYpL(H!j=a;zATV>
zynH*+@xQ8bDqnQJ5Z5uf?Hj+J{`G|aw)Q)kFy4di`C)A0m8wTB<+sf89=ie>$y&_*
z&xx34L7d3@jt1xUhQh<o*_B40pAB_8R~ZD>1IEVw7J6)Jg$EgK%Bxz)l?i1$l7ukX
z=X%|?k27qD63!9n-&Q_(fBRy&%dwbQkf)vN<Q!38@3Ym}^=qEdAJv8mO@yCpr1USn
zl__l~jT6{fx2QbRpz~Wvp7r-~WDkZ<{c356&U`eqAdrL)-l{W`W~yYE<pKb|sG{Oe
zu{;I5x^#H~^>;D<^X4gj!-*BVqSMElBk3Yx9?)uwEoI{jMK;=M{u${zj2#kujI~p3
z^|EcROE7<j@l&kq>{X;s414ka_FhcznmImz4Snp%HOmv++uJ#$w>DhdCkpL<2FZV7
zRnyyhxcH`<A3Q?(mA)EXAE;&9lanI(z^=b1GBW*CC|a%&Wgx?mX}Dps`D>nVE%S?^
zP5YPU$G~qdkDUD56fdu;*@x~?ssh!qWhal^C626#lUV^Bl^gKw>$+;*Y!ze(Z(aL2
zAj87nr@I>Kr{V!7->LKRlvio#K28OBuPt}?{3>#-rG=ge!m%Gx?!Kz~nIp}SsjqRh
z6`Z8EVVJW>G$1$Zq1NWU)>>O+xNhf+MC3{xh`Hvbl2$0sOHS*dx^`X~WIb==cRT((
zGP5a;BT4rFA-;Wo(N&+}Iqnynmg)zCMzbAQ%r{!36%qvoVzcZ0F%hShrIjYjV*O^T
zG0zXZDB`MENTg{R($a&7NuRem+|zBoTF@ca_@-(0>0r(FFdIr&60v)oC1@-X1>HvZ
z4tfmnVg!?t7xnh#;Bg~S=0o*5vUGX;>=omA+S>eEfMTbrJNWrFWBR4{ZR6xyFuYa*
zDq`P)-n?008i#vnZ#PliWAF{;!!qRUbCvO79haB)r!Q8!_o<D|1Bv0B^)1TOHh@rl
z9;RH3K;tb83s%r1lDBM97-@;q5WNVCkoj2HiKQh!LNG1L;5dx9yd=QoCk{#5z=1m_
zRz{k+l(z=o>;gq!Ri9z;3NS)5G)LNWePB6Y(NbtH$7sE6)>uUZM+Yk_C`))SDM2Eu
z*j^TlkIaM8_d{o2kQ!uv>L~S@>RhlHG8!96ntNw>?yPsL=5T0XdIxs6;03j{@o!c9
zESH25czY~B4D#Naa{D9p&@MpuAzEX4rfO?>>Ce0)s+Q!Ju-T%>4{)5kPV$ONc<1eP
zv4wWby2@>QwWnvgYi$5y==;`IZ0e9uGd=03kaR2nErpFK<7Bq=%o(iuV9&HwoKQP1
zLi^FZak7wmmw+nRNLg=Q=V4luHRvXNEh@~k^KMEJPkmwyR^!0kU*&l>C0CW)kdf~T
zv?-Agt;6$faHMI>M5O!9_zT9*)3(lg?1q)3P0@x05_yrOk3oyZ@?Hgkbc4bu)I>oI
zOn+P+Q^HBg+kDthv)<Of8K^D$cosW*ZMczPa!(J@H#VHM1kWF20pqt`{qc3Yn@RgJ
zUrK+4iwu5vJ89Coq@#_u+U!o{j=28&XF!V6^D>-UiDk#s{j{EPv;9<{X|fTdXjLJ?
zmb*C@Z}%sc1B+sk+Qp#D=s=&L^T6B_VtZ6qKQ#3DhGA}wlwiOtr?N%H3VCIjU#Q~o
zl~x9C1Uqh@zTjL^3xzNqhE*7Y&=g&-%WJjpH9&n0ad}_)|M7Ir;c-RV!wwp?vCYP|
z8mm!bPRu5m7>%vQc4M0p+qT`<w!Z1_-uunJGtYVU*=Nt$>#Vij_Zaitsl1ht2o(+h
zPoCukt@{NZ;T1i$)@EivmGWiJPd1RHmB4EeQNqC)%LJLny(K6mEQx_=>tj?AYzw2!
z_!o4cFI79`oI$b|dbO+3Sp?$qO%9XMvzD>nPh_ARS=TP!o9#NoKi>2B_3~>iVG7gj
zBX|hzR>(0ytqix`FReb@dY4Pqoga&IwHZn%A|}bk>@1PEE+7g6!RbP(P2)bFUZg(y
z#gC)k;gy~{!TiTTiL6AkE~h<o8@w8r3UEf3gaFp@D0k22U(BO|zCXxc5T<TM$a!c-
zJIG9((w$=ANJCR;-0f>z-|j|e=$VYwyv{j&GzN>!mh>EVdl{JU$Po>ZRW?bLK}Zn{
zqfy(dKY)3y;=AIwA;#Z!ihmaXej($uSG`ZH4-ihXfadEDL0_NaP%Bvs0KLWgt*pbC
zlEx|ss8>D)B&BJ@oNm`&7yH#J>FG+`<&3>Q6}tzL6~X)-G3fu{I=)TMd?)1PD+{xe
z#3$>8*a@i6F)7m^XCWLTtt?r1`EdxJ4muqxJ`F$Lgz4N-RYTEP7nm$x+wLi1YQBg(
z_qR<NrwLnQ<8>!w&0T%1?+8cDA>^1^t%?4P>zxLB=XOMrwR-j1dhs;blXIsPIh3+c
zS{cRE8!es?E#96w+=?XG!Fs}B9?^!eY-7+=u*5j{gVsSN2Z_W%iwE3^SBPaQSJ&+@
zxbj3>xM;cJTzF(8eHxW+=nC4tO_wMxH?#!KDb(?p$JFbzlhH^orZ&PO<2#`^A;SC0
zQTSEH!KUkZ=bW47dZsF$drNB(=aw4IxJT&MQl;W+an(8Gqt_sGv&q3tu(eBre4cMB
z<*#8GLVr77X}BPo&(AMo!)NM|RU1#as2&Wm)R#aAem0!@mFO()<t1SG9prs1t4@5Z
zk(-m__oZ0NH($BCen3~Qb#pF!YjNVoBUV*Yqcb`lzvNU$ef!Sdlf6ckUF~(M>tQ!H
zSK+LdO6`sba?nsD{<vT~G542sPl8>b3mz54<eB4|9*vLYhe~3-WsR%z<`H+>b2N<g
z+BQO}K^Ko7vvr<`%oym>)Gh|r*X&^#!~42q-CVBtd~w4eRVQn+d67uul+TWwj=+$&
zc5TT)960S{mE8fg67%;$_40L?V67O#o#8t!8X~zYPjzmWa(y~pD$Rh`Rbb7nz!#zQ
z5t$-DsoW8o<O9RE^E#j83KV_(L7B=!_9<D&m_MJOUR8hizq)$H!Mvw)dtrB%N)C)U
zhl2#p!{o-eOwgubsJx+W(Vq1(&r)iP`}8tA9%KAN+3inx?Wdz;LpJn73bMpVCc_!u
z?POHuoYn^^*z31cQF10i;#7U#WDvjor5RADe1>_gr|u#V@_r3Oz(`9=V=;!#E}fW|
z04E4KYKnbuP&*FX^dHwsVivh29jMzZ7R(KZf?(guIsLD%rMH$Kv*!VKI~&NW2xmr8
zSN*LdfcH(D(LEg<ZZaF-=`VTtJ%^5+Wz#=Cfc=NN#eh+6iSj0();f0k?LtV~k%vAD
zjV=9~GG&D};r+UgAfHd_>Z(<x-g&w9Cmd%cWPa?_KeqTpwp}6NElFKLf5NxZb!}yE
zoXMJaPIbP*{QPV4l_GMwb?my8*y}zrkEunMsL+zk)6SOA%?y|`4sB$(GW_Yn-$iV;
z%Y;_Qtve5XCseP!yU*gwRP)(@T_p~H=?c@nIeXEL9FQP!_+pPc%;1#$nHwU{1JNky
z6ASrP!Wci3GOhJbUQN<ok?8CQ|1P!}($cYJ+T?soVWPY=vMkK}q@qM3Tiy70y}wg_
zV4&8B`7^uVv!(*=gp_87X3!9uthyJ|siT+>2Fx<gn0O6N8faQ<dCIx?X2|H#Cvm4A
zM?X%U84_y4FoX!SWE7s1gxv}iKhSVm+shR~SgpX6tRfvmlRR40!H15>cO8SMi!f``
z4uAhOeen(CJekW}@^}|~*P{Al)p}Q<aduBhk0W%KkvN`iGvM@Xwx(vTV4S)X9x-t!
zR1DfoMUi8~E0SMsBEpdYgQ6f5Ceq5qO^??2*Dm{d=Iq{z#43Y%J5-<<zlY&E*75iG
z-)A3df4r`aaNeH|S@{*3|CXchAp?a8{uuxKaFrcm4RCupm9=d<yDC^Eu9tetfm>&7
zY}p)`_^lJt?7rwRg~yQo!1hFUWZBMhA<?YyR}ElxqIa2WyKgc=r30Fq=FF)vl`!`J
z75EV&;}qOiDyxhJPJkR7-@f*q28Fvv;wb#gpO9)a*v*;wTve#`tH+!;aMGE)x+M{c
zR2n~l!FXFN;0Fxl=&_-~P@({m#a7Xg{>PbHd8LtS&gzcS*;6*Hs0er36Iu;wUSLW(
z4<T|m|02h?+3KAov@4$J#+zIFtd(+(oD$Rdk#l`P{fE~$EEwhxXJTwmO+>Ap$?&8y
zLBo_B<LOq$;Q-T8@+Xuw$hV)u22Qy;_dagD@*P#ra#Zol_Jc&a$%2U2Yhi~Vw}QnL
zmfdn`q=CU-BNsf3A(;Wo`}ZCn3yX_`?b33@Li>TyM6Dg0EyU8R?qgJ0`z}G-au*M&
znnkgOUBNDA+l}FWE7kslzrV!ATA}N;Z!h54EL4B%bs7Fe>e@4mz-?=WKMu@GwL128
zcbfy$NBEm2Fiu+oypj%0DauH5g~dCJ??1O_5xBrwAG4@^8EtsAcFFK~l@2*;kp|~^
zOH_M)cH;^!YS1nqr3A%(8C@04u{*x{xbO|1bVe4)=U5AtcNVc`&Sg97jSV!}VE3vk
z8r0@1;`Pp3tFty%(K1o8R$t;Sn|EV9P2=3?Ef0HDO8CPLGL_Iw6PRZ5C=+c}&{n6B
zY$=7M`y`Jd)GmRPL^*>bOHMQ3O~!DSw)cYv4b!M|5<Wa>6D#p$i=mSMAx183i&l-F
zynZM9xGY!%1kuILw7-PQ{$11NcFj!g*>5w={zQUfqK<%}_qV8b=$N*4Wv98){%y$E
zo6oxU0EO;DrFI9yXF^mrhK%n`HHp8!4bsGLLOTB0w-faJCfBKNs@dLhwjlI|7q8$B
za6eybuC6fr=6U1SF}X4SwAJ%Bcj9s$%PYEV=A|TE!*e@&)KJ@`Zu#M?lYd5*L2LTn
zr}Ify1ILRXPu=$&x-Ks1uB}q7lFRz!jrg;k=W78e7h`RyE?3ENDQrGi%<&nX+p6|`
zlgfEq&vP=o?4Uw>y#=sfFO#Gdtai3!I!HHfzG|qz?=sxrp}X2RE;#s`$?Cm<PubaM
z(8HsEl)Ofz{`gk<Or_|@_@0C2j1i07+muN)wn2<R8gefSy#L0=#-@`yO1kmvh0z*!
zV+%t11%Ktn8*`4L7)%UzQDp5Q4FS;yufeQ3_u*%%vv-3=yoWTUO|g(4b`H9R&39dJ
z>itTR;;Dlu))vE6+IVJ-K0o~k_S;Bt9`J62HuCwh(sXCtD+`xh){Y)fS|pG*BSyBi
zD6b0G<ikq(F@#>8Y|DiGv%Ee$sR1Obx8$_0`1lDB!mc|HCvSCwCj`qhtJc3xy@jsm
zGDs4;7Z^dS?LV)=sP%`cj=xZI%C8&qb0<62@(xySKlU>yU4+6)VTPNPnCt^%LlB4n
zlHw$P?G3_Pbv3-5;&h<1dzw!2*Mk%D)eQ$|&QxWS7-00gy|$0%k9!BUEN*juV^G^P
z%&S+IGPhJ6<Va8+&T=DHm&W&W1NN(UyuakTJ(5JXUtXU~4WVz@Hav}i?HpsvMzaVQ
z1G9!3DiQhC>ufjdwIa<G-I^wv1ckckAZG>J<!E5<#FUqKuc(T0`s^FUJ*|OwnR*6m
z$wkgbDwrWpSJ?C(%Mxtqe?VUAxu98<Og453=V4=&5zh*J?m>kf=C&Y-K8099zoy}Y
znB~g49`G?+Hft1kTB$W11y`92XaWMd`{?>nv(F6_0`d)G1ByOs>UY-85m3|>of#o|
z{h#G60cCC|T=7KiHng^3a)(Cm5sV@LX2Va@PPFMn_&*4Pa@R2WMV7fFPMf_q!dNzu
zGx#kk3qIyU6G~Y_WJ)DNAg5SO{AIf0)Rkcj>?mqDs!UxTX=Kt?=8+5KEp2qLG@D8)
zD=CvtT%YFWqlGX)706=_i+^F5*PJ(<m=CZ<ZBUzQewUOYdlDL^v9@W>0m#kqGYwG{
zZi<wCGUXMKR6{9x{sBI!I+Z~R0B`@IG=A(&4`xBB<xSJGx?P)S&QDfF7%Hcm&N9y0
zkUUF%>>$^CY~7qqG98Q55;gt_&`d~r23NaQ#G=2sk0W&+1gLU0`K1;umz$(!Y3S^<
z>9qd@EYMb)giw?gF7)Mx#|H5F6~R#Gfqt%LYIJz^0Tcb~PuFVn6ioU|IoeI1CFkU6
zyT_qUgLs#t#YiyFhh$8Pu>v!1zWi!s?p)!p-Dr!7iZZG>d=cbHw=9K%H|i3O*1UWk
zNu+1i)BV6;&68cC3ldM1!?S`M!^UU2y}Q6HFR)d1vuU0{1@G8FFdek$fZ32Bx#&#(
zI<eVqBgx11oXb%zuNavc&dvAz^er_MEsBz6XyM?xpQnhhW}1|05I4-5Y>E=nnMt)W
zN_W{wg}iVdJ=Ko=VfV>;Wq@TZ5{VoH{?#<aTauQiUwSpWeicV~Zf3+lBK#ii^`&C&
zoebJ<@g~$z<^dJfMpo~%KRTp)Z`_<kx#|NIP}(pI^b`nJGn^v;ndi_7qwnB$7wP%i
z&(WCTc5j>5{uP7KB+Tr{Q04H>DRh!Ovp<bj!s8txHyV*^#Dmo2zm7*`%UQlgYgEB!
zy*!|K*pw)17?joU?sDxQv!4$P*@*)%eKQRWlSOYy$`g8h)jJzPVQhL2!udZg+Q7g%
zjtm6>EJrY$8u1NB1lc7=Q(IZt$*<8j#{hYKPKN+04OKR;pC!*^a^V|`Y(y&o{z%eU
zC8)7@;_6>B9x+fVQ|{wUsRgI7XL?aHja#S%*0{ED=oMOg5)aZPO%fs>A3c&3Iy|qa
z&vk=)n)J42yLNc7*<R)mhR17-^Y3c{Wt9936P=FyM}NZ!X;z}EvR8Zdk4!}MxQ`MZ
zG!xzISGhjg`=|l7@N2A=qpW9=l_JjP%Sbv7GO;HcJ`30kGgloW>*)~*bZ~f9%wE9%
z^{<|4m!m(>#EW+UG8}W>?#7<-gq4?7W8_rK63myN_y+i4>E3dXKVz)}w)M!|($rmF
zQ$x=EnN_&BxEwmV6+=plSQIdnj0a*soWHSv^69(3%N%Z<lH9ny%jL=RAon~5`J~${
zfI{4C+$O<hr!G&wwHmZUSM#c$eG={#gA7u)Rt+L`#SIDv5Ty=sH<SBR2TU2yjpllm
zwzhDrqmlM=&?y8Cwze0qd)AwWmhHW1yS)qL5VeD`4l-&DTl+=r)=M*O)%}<jv;4ZS
zUWDIV`pbe@y^kL?0x?!94O=Sr+KgJq)8$>qtJ&i!f>KEOjj1EuD02bH#rhlh+d*tp
z0Q554Z)xzf)3x?;S$Ar*8=r?X-44=azK6vjl;T6_26JHvGw6DaCOLh3FuEU4<Q4j?
zqtcYLw-Rh^c+0^tmtOGqjC<4M-mfCydgOdVbk4%;Ijqp=1b%&Vf}g97(~A?O;QHHy
zloE7Ip#yd)Y;BH88DG%uRtMWUd3Qztli`(A>Q@C>KX+t40x?qpDCd-8nAsa){j<PD
z(&F|xCaU3E>SkTWq;_fcg0qTqJhR2~^TZoDrP@fn>RQSc*UZQrR4Qk}N1CtjVmE>N
zj;hBi5W3_VSQ?nST(d9g7T}^Y^}nL@`MHf97lc)7Ma5ZB*}83*R(NE@$Y}P8yla~7
z-6o)WW+N0lm4>uTcWd>HcgL|${P$x7v3ug`R2(+z+#km;C-1dV6Fm;dqj;O0Z@w*i
zaOUrAQm_dy=)J(#gWf>~!P2Wrf$LjHZ}+HpDl{XjG(bs!`bECKjlVR83biwC5^H>E
z6WNw5F=9!=GAnJbYaHAEO|b~jHz88gJ}f!i=K)$^H2HUisefMY(C0%Ofv%mLP;0SW
z#Jn}o@$}2N_kN8JY`={rJP2!0Ns$Tr%evQknaAr!E}nnAsI0h~ejwFbdC0fVABI&c
z?s34A90*82Qo|EZxt!7MXH<~Mp-j)f?My;m$bjF(#E(Qr(mBIYY|-<;hZkH%@ujf^
zPD2F^QSJFYu{D=d&8~>%SNYj{xzVQ^pQPeBgv>Lo>HP<-T$H?iw!`1zXjqY<S+T#L
zBbo>wr%%_^(@pp7uC*bUVpG!)0F`E#V}rS@<_sIB3JUEto=*-DVV%qtLRB0)_I0Mh
zQrj=jiK_Bd2@8Ecc=%$h#myAa3pTWj1Gsw)Y{HRX8!6Zc@Bxu^NlCrD^4R|55u%-K
zXFR{`Z7ojB(3&`q0xBA_bQ*ag8g1;$6Dp>e-KYug7`lD-cFPL4N+EdE?$Ip{zvBtd
z?N%C7Rel4GgauGD3&FqFt9_u<9jk4=&Z%wkY@6%zzZdBXAfF%Te>5G<L>n4Q{*bp6
z#vYX_w)rGlbN9ymVI#`=bKFdPgN>nEl?d0H6uiy%quWoQ?hqWWIn+2l#bqy1^wb(-
z0FuKBIx0KPLBu4%E{Ey%fqTY+!qI_BQI*Qefae#5hFh}w4&b54dl-mm(Ei7Ym8W|+
zUx6he$;_o!{3Ib4!Emr(eiF9Y+ZI(45>hFwd7Tb8CW)7t^ivt7efFE|Hp<$@K^pB2
zV%D5*b#=}f>3Tey`Iu74V12U*K)V`U$Q{Ewx<}Z*Sbl2OPjUS%qq~=VLLMBfuOxwm
zAM?fXxafV2xpVFIt)u4S#99fr_KvX`uWUV`qCkbV6z6tNaW?wT(ybizjdD7tfbHZ7
z)R%ZhU6#JKD7$OiljRNvn!`JX)$wnwD_JXtg6jkWT!px!H;z+sHVy9pRLWJPSvc|H
z&&~Ks(xsW;wx%fo<;(%X5s@@CGN-K9$c@>~P3M8=Rv|~c*C>S#)MqvQPP6%b?s~72
z#k1sBSerXA`P&n>YnB?$Ju_Sy%z&aapH2C_@zC{=wW^&TemIV6Cq>Y*P@4$)H{r5;
z+c1O%-F?T^^QdfcJK7+O91rX~BT|{DZ3#5C3+rvU+`v_B<(VdSx<)C^@F~QrWl3u^
ziDTb;t8Hh0;q3HUqU%m1cQt6$*{s*kQCm5)&>Q_`2aVNwyUk}%x^*lS7UNZ4;Z?&_
zmc{$^G2njnWH#$DluvHn|3a}Y{=z0!nB;qRmNqVNK=t@16oF(sctt^r9${}B*gMFZ
zt7_YgDmIpmy1i|{zJq43e|7VXvDrWjf`OWO<m;8O&{bjyPFcPhvYF{$<4U|CnfN&@
zi`|>@sW!~r_h-+k=F$&oS(=yTRPPq8=1@In3Xy^`y)CGqy)XPAozdZp%hkkm-Pg5{
zkLoqn?gc8dSz}u*wiCFUsMpzC7AE5rr?xTHPCbs3)|=?(*|?>i>&=l*PsUaHJU4JR
z$eoT7)Avx%U(<9LWWV~SwP+O+f6q<)E=2m7vQRZK7s`xhjFI|@f^~@8O&goC$Sg58
z%`n`dro=+p-Yuiip9Ts5=v(+{Ob(pl8W)VKXr>pQFj?ba!udi}bBF;ufWL%aW>D?i
z?4|ZgF_cZ6DqJncoCh?n6<Tc(kU;bfJ)^+l-a6N0Z~SZ1t1&N{?{rKhDvJlC1rogc
zTW0Ix;^JRj^}fpmXS*Ku4pD$rz+Ew#eXO71!&B@&U#h0?`YUq`#<ysa_buOXlIJJ}
z`aYA_5d$3Lz@B-48xu-FKNTkOx#g6n7|QeM221!krz9@1t|(av3<GcL?HPxdY|2mR
z{y6pf>L0%JyHE?%zrdJJ@H|%A^8<CcjZa$SkuBC=0Ch}l-scS=4aAk`YC<Mr>?CE_
z$z=P$0wtZypL|I;IO7+eSq9NbP`C==c%4&9B`^c=78?xKE-g)-cc1%r*k-Bs141+P
z>dQ|HF$S0{%Ck6g`Wr-g$wPbbFw&Evtk;}$!j&+Gl*h!?9aYu?<sF=z^>p&}H&j(<
zKXPn_zy5Jjrd9h=Y>e7GW2+<TE6K*>6#;|~F0ixUvS<A?yr!&3TZ)&hL><O1vSl<;
z!@6zYEb15obZ+L$^Kfoj`R*NqNrV(^+}zmswwIixRe#tJLu|i?BZb6Y%SJ@$Bl2>5
zK6P;uK>B&NLY6aJ8u9$w{B&ws8h-T0P>9G<F~T|g-$|5LiZF82d(NVZ`_`KW0bnaa
zs|~Bo1>+!L&Ft<f^S9$<974Zh7DU_kopm;WEw>FkY9HX=K7`UKZHPlW>s5t$6GP+&
zSe&%xW4JL^#}h}U3e$p}<sevD9qz)O4zjhkxxed^onkQPgaQ^9j^@N(N2hfit$R;d
zf9z+}?*PT2+I}2q^N+X&nvQA(`1=+=B-64988bGU9h9=_i`)o2U02jYO0)wF6YK@5
zIV%NGuaMwCm4eo5A4F4xeS4ZI1}B@RLZ<W5DmEKFxmJb@;K+mkC1vWq<fwDmoLtUU
zRe_ek8PCXhm<A??It+w1<MP7@>Pqpe-+^^pY1zmW*;j>8X>}#eQa^YLmS9SQ{A6JU
zwh?rQlodJ&PKtf0CP(kX+}0(I;ap})kTZ;VuRHSa^#IRb)0_*QSQ4kZ+xnm!qm!j-
zvC$KnL>zE15xA$<i8>{l|5k_lDQ=b}C(T`jYUiwR(Wds!@BI9nz}rVkN(xTX?SYY6
z$KxK-=W%7b^J4(6>ZRx9*B^c&8O?d2)^qOBBt|hKlaP;`UgRM&xNi^IXIljG^^jwr
zf`nlt(-Zt|a~JD;Jy{|MVoU~2<mo86*sbwI0d|F_GtP%Gjcv}YC@Fp2wo)mWQbJX%
zxQNtfQ>>cc1P(}9q^{X72-0bppz9u-R+;v0;oyOcSrS$798X0X{jIg9%prM^SZ$D1
zCrmMm*t1r>eVxY}WF8C>CA<s#fyTL=OgM>rn9RmndMFmhBtS@Jfk&yu;gg52l#A7)
zu&;9OmT9_CiJ#y3C-K~PGzWB!16ga{nN<X-rivuIuGe=O#<zXJM;#!~dy9E==#J&4
zBGm;Eo-3-qcv96?4ID0$T*DYVG~G)%AC&l_{$Of7x}OD<FQXl%6)B*taj$;bPwy5?
z@`8Xc{P?@rxZ%7hc6N4l4Hp8@{Ni<z_5K==rPJzkq@0*g(~G=X=5Gn38F6Ks#csGG
zbOu{yeTC_;u0ip*?`Mo}NF<UAn`kWFr}xKjnF9!Wf0Rq&y|bt=@wzKdt$)9``f(RL
z!)D`i+i+9$zIqz(?KWWg;IsR;TirF$Uo(|HP<R&p=9U!6k3RC9+Tv#qni49rN8T^2
zh||x(>QT13WxcA5KdYxERYMG{hWkuE$+72FX(zN@AD8Pg87m`oFW4Xei4q7kYB|ek
zR?(6|yo0Arb21VtN{Ef0oxVajU|#zvm!4-imO&V(KPBLiX3h0WG@StPjNfD3DCsN!
z1;v&_UY6v_k6{(|-Qu;Esrdy8{?~2~7>gtlc!Lo=qBT`WK*qlv@KzMV3uT{qN1Yyj
z34E1SxhSdhu7d?9DkZrDJev(~=IWTcg5Osth1zaMtU7%9KlCmmFJ3Q;I$ckPi_j9G
zXwAn`$YhHtS=7p;MW5rU<;(7@LJQu-QPh;G*vf$y<TQ)Sl3Nr<(M$|P*FLh-Fio<v
zdr;?Li)*0%!ky`npjN35l&QG#PsBoU$G>4qY+D}#T5ULg%ak|(-->=XYhBLW#R?~n
z;@^ej@yJ0*m&ek*4!+JTrHwD}a&#z5;ta4$ab4S&VySDTAnjv!9@(!iIrkldo5aU5
z>UL6|58Owbqf&p3VJQfpjit2fTFtVzi%c}sMK!!$4f>a)pK*2UB^rryVT~7Yn6K8r
z!0m^KVYPc|=V7g=ccJ`2>Ot)<?xz}j!|XW4jVrpE4D)1X2x>1oGH;4ow@nduDP+3;
zVx}5b$HF7Xwk}6y?B?7v(WKd7$9uVV{_OamLvf?dEayJMBJ_SKd$`K?^Jhz!Q(SjJ
zErs7ZY5_(wJysx3ZZmb*-{9u~owvu~Sr7~3Vr>S?_4&&*cKw=)m&838ZP{sws_x^}
zq|f~FG6EzKL`+Y0w}>F$45dE7?<_yOVg0+GE7t^LlXD%fDOl?7bBQcf20GFjR!ffV
z_ctD#c{in?0wKvIJ~ab-I=ttztud5yO#)S<ucOb9nEa|@#C}P3Q+7-UpUL^c#9zWh
zS7)Hg&t$#;z~vM_Wb|}1gC&X0!}Bk7fOEy<;fV_-fYO`_w(JXo<EZX+bBl(%%u_L8
z;@i3CT=lxm4t0bNFS;KdjHLL*rXr=}HxQjm&yzXcE>FUb9Q{({Y>fO)dju^(eaSVQ
z#bd6B8~nlE5Xa-eG#e(B#oakE;^Ye3Si#~nbn5$htmN5sXDx5FfCY=WToaTO6F{#L
zCz9Pv4;7yD@b>{7VDEGvp;mB~eb3az;fXHNYTAWuK&nF<POm!5yE2!iP5}R8mm-!y
ze^}x*KedAZH~e>&p(^njP0zPG?&1V|C|1k{2EwzD8>jBLFcRMt!*g3=p8b3xd<#(#
zU;M=`2SHq+(XNPR7x<SZ=*H)3`_>ZSy8zd~j9uf>U{$d&aj{Q%9KLe#maZT}`4VQG
z=HjZUvqeO}3n;|OF+h+SnQ*ozF{y^5JG6#zwT5t!gNPn#kq5L#22AJjde6r-x--&5
z{yFsbciOYAL7-{xLlDW7Ip#}kkURC^$MP#(Magpnbm_j0FzHR2pBBtw6xse)Qknhq
zsOxhI4&`h*BLn{*Bn%;&sv2LSza)xIm0Zd(%uYp5VKH3)4n3;7;dszKq=_~3_wUtw
zG&~KtEC_!ag0J!ZeN+Lim`>eY%T6-uJz8SkCIn<JHu}RqrN))a#C=>2Q{;;_2)|$M
zwHRpf`RqkXlxAx~GOoDZQ7sy^vD$o*<0GVBO<rlgk2uXD;k|!tPq&}0)$jcRC=49O
zfI;J`a$8(!XJr$7=_c}aefFl)!RV40jhgT*7k{O$5zTv-L4r}O6v0QQn4VWZ)=@(Y
zSTV4|!GK;`i4;rbYKT-0>=0FtKASS{Mq159$@GoX;jxRwlK~B|)E#jXK(r*1i_<Kp
zb?EP<E0F<)ctnC1M~<cQ8xMW*&_gcR*w+_+oEbl<u}LqLppZslX8)E`P5NsA@r|)W
z8!8R@VNFR=jq^2z3#3b*OH!1lkhEOiN&XeEni6~zZsKC1nZpvW1W&##MGABfL4`9o
zSqc-LkHuTA)VlZZa976wym;FhJh6T*@{^L1aaULgQqBouF%OsDyKodv5)d(3h@d5T
z>dMjo_A;x_cW@go_$=ZUuH8?0`OS7E-(E-V%vVs40o+$py)A&_gyY^S+`q_SV7U45
zdsrUtxeKp>D|j}4`MqyEwAxs%uJ%Nh8zR!}A{vM2E^)_2ZCktByIIhJd^RGyjJhL8
zR!TG|Sj7(MuE=m50;!h<rx&#61=7D`-gcGbJ=yPQ`Y0^GVouc74otrBoTc-Nkyk>^
z<>vSts}?FwhWrxIWPmGSm>eNzuwpt(lWH~$@*KR<rM_*O8kMwRvUBXXDTqE*zL$yp
z<H;Ck3zS7`(2(FcNYN#5u%T2ydG@85`OfQwj^v9-Eej!C1laUd?WulW8;p)|Q0uL$
zSi&^-0)B`NmeuSGy3p2#`DtB73U1Oo=bnalMN^Q}MbnaxMi9xi46zPhX|vRib@>w_
z6s_rM-}RI!$lGY8ItIxK!S`?_^J#}2AB(@Guo%7`2s-<}wp%XaZC$jzEfi%sy(04i
zH)m!L8|T&QCco`9QK0aP7sjUWI_|@m|KT#9P_NBMgRJ3PkIs{5UxP9SxyX5pX&|y8
zDoS}i;QJ?@Y26|v+O`{hwOuKC91uGbdinK>wlC2^KG4*5KK;j_a{0^elAP|nc+%R+
zo013XyTs_TT!#gwDKK1HDdMb+Q9aD(U<lu0zuR}K5@dp3aKc;4n#NF^r<h{PM*A0R
z>NDE~00F7hEqSOeKYw;ljPRHxom1GYkD}8O?3LiRJ?@9?bX=WOLcI-8&ci(9CZv<e
zGKE0s9~U5ICi&0hL#XM01TfpMTBUu~U~l4&k={)Swo1EBv|RRS!lvPqPI=Y9e-%lA
zKGgzuefO|%Sf_&=5ua17zUF!SP0+l@Pt{LUF3{}o>=z>TxE?ObTD53x9`yeC=)7uc
z+x~V{lnJBI`H|huweD01?zoKjYAFBb<}T&z2p2hTB%kD&onf(Fy91c=8U@+FfdNWA
z()ElTY22t5S<?QyaNyx{m6d6p{IV`6pkra^On~`EwDE|CcM?CIRj|?Hgci=GRM`sX
zS>44%g@oSWF|-QjAhWy7VyO9eWCIFQ52R0KjH}zLj%!8b^14{UjKXUbpVxs+?16E}
zwCtHlB+__)zd-qR@2R2hMoRLqx_~-EI{MaFye;cngtF!+r8$p56{S&12ggmhw36GY
zisZEF`<2}CRqR`PW&cOqMx4L9q!5F9_sZX@WJ!=QAWFV5P5gU%;r^04hw)bgtC5A|
zDKVsaoOAeaH|?6c6z1V&aWKOU{8MHP=IJ!~<<N}d>gAW_Z-LMO2i+sXsPXxK&ty0!
z+g|nEzvp&*w*I^t#Terw9vw`fjGja%_G1md0m?fqLNkeYpK3@Q+v$Z^sXEyrgx$i$
z70WA>xKM_aWF&s<jE76^gvS3*Bn;|x3^Xd`O-)se9!p#xr^Tu)h2hL#n00by0$C<i
zqtaUA!jvnZD-7#imNa(=o+A7YUTm-GFcXLZcOA`>f0_nI@|I#?YDfo?qh1CqU%Zvk
z$N(Bsf++FMNL@1PI4$8!6lUR^jTTv#Qg;mq04!xS-gy@hVM9e13Ee@b)X2J%929o-
z;k5Xp{3{vRwm0Ij`b^0^s3%fmtF@!PCCx$>rIlpx{1{q#pRBqag3j>lqRjb-v3)hq
za|-sL6ve~>5V7&mQ|wp?;!GI=IlBy73ab9tB^V;a>kUa0S}XXUqm4#wIPJ94|Ftx-
zYB83#$d@(K{fBEv0!@u(BN1@~m+&V7!Dct6<?qrtseu3MwKs+)<zkqvC0e}F;on)w
zG;VU)P3s7n7ZSKi<9PyCXa3uhZ~O@juh0+!(Au}4K7f|l53Kl$Cl&$x9}E(ZJ`QdQ
zL7l2aM1#xGr@`S17bxpqsK1a`X#ZLI50?bv9@(Uz2@?ar?9F>D3g|vux8KI-gp8`8
z#NvMg=|YC?W$rKNsGib2wtD#T$Ge7_=0WRCbsVK+BwCDqoTittag7aJ>B7>qZ92>i
zzkYg+_IWkN@=oVDF3uzNx>dp|*3Iy`U#8A<CI6&4$6r}S2epF9SO#TFqNXGZux-Bs
zb8baY;GE6=c&`#mhpOvN*MLj=1@FwV8HFEFu)#_38V+X5NITJ9$B!ux1OTNz-?;D;
z>0XYf<!*`>4Zma!j6rqYRoF`Jxr=&uyc8tswYXmWy_w*@h~(bDb-C`5E-XgM?NQs(
zhGk?!B`lS@ijDT%ecXxG@S}rM_w%@D=WaCb2&N8d1nzxdZnIm|UA&;a`nU`cB6J*M
z4HAW9OX^qFLYQ(}!A{A`(VAr;{L>{zsX*+~Uyak`l1+Br{-B3dOlA-|tcG7|%2)vg
z10a+u%fqzOtQTOSrpf%dI&DpBthAaeYYtC10&P>!KH`|yL4_y`S0MzC$*$alUC9;!
zkU#4d^?h_l*v%)t?Ioz>w`E@b4QK8lVK+m3H62Y_2Q!1^#1U}Bt`O|V5X#^`{a_UT
zx$E7$Mj6D8$L7mMVS44&O_|4e^FdAsaVgY1qFl*84l(Ixtw`r(5HmQ3(6<73S~8Aa
zH%qtvcl0?G1x_w589ZmEAQ{h7W0IHW#m=bUuCOQY7eQu>y>?E2<7An-pFVD~KKdB0
zTo&=7!64?%q)-)915|lq^<@iqicK5-fuwXs@HTB%1DTn`v>NIX<6~SWp_E@T&o%GT
z^fjeB(Nqu8Dp`VTZ&0f7Z_}S{V_~1odSQK*pLgRG-us!obD+MZdtS$9C9tIc@Rx;K
zU<Zwm-0@%xV5n6JYf7Hz8=D|YL`eL}C^--1G$~0JyWvP8Xi{O>2GSFneL115gqt1u
z5V8qN`tZQ$XRaNo7QB%?1I_00jK>=!PIxM&GkHMq=f|UOQSpNa8hWH0*I}jjO&egg
zbss!~T~4H&ag{T$LHf-u3E!=t$LXw~=lvHFv}VjIP9YS8-s)A68Ql~Yb*nTz=ywS7
zVQ~_Xk%qZZ?dC6Iad0{8VuUve{9%I>wSxU3juK@k5R`Bg|Dm{~!YJ~l?g$CN4x|SC
z5ug~cS_fQYM(miHOM9Ed`KY=$1W95R#wfw(!^%n~yo5XG{Gvcv0uHHesXYiqa%?rf
zjzG;%_7b&?h!qFZ(Hk3j^=2w67$&M;ARslke^T{f<>XASDI%AC{sfut7u`X<iqmoG
zktiV&!x?Za^Mc?G!=d&GcMQm0Rz-JpfPCZ;;<=e7)Si!S^AiYe6hIMt%r4ho76E4-
ze?=X^rNPNETA&!#aCzJVX{Kk)Gu`$bCj~;<1_>SI@Lxvt-_g&IDA5hNkqI4!$iDl4
zIYl6tlXSq^oSwFSyIV9Kk;E4lLCDi`A)=jCq9<*|B$XZb3>`11?0qDw-vgwX^}H+7
zU-$WV%jwHyQ`2+XOJp}2^F=>EC}``NhR7HL6Pm71d&#4u3@kd~36OJ3GX=8tE4UWL
zGzAsj-=22k!H8zvnoLO_HUM}9MkBY}m8gG86`1;x3Ag_g?DIc(2Xn?U0(7Wa21wb|
zLuLXy5$wS(zJ{_tS}PGNh05C#RWh7rq>rY)Gv<JcUO%TGgOLgQ^gOTnajg_bpp;~j
zbzM?9iWJFkNpb5mu?)AmZUZ3%;<`iR3aFd@hS9UsvmO|kkkN#g@F9jUs+-9vpv*@(
z`bL=W(Btu6ch&o*nuFVE*qVM$lSgFhza48dap3VgMfJesI^<hKeHqlbdOoQd%?ytE
z>M@$_UisNzJ}4Z<%0JP5Tbb91Dq$UZ9BD7RG)C)d48)&LUMRJMUWa~%Aye5j@EIe%
z!y%PXr-#%IUWyXca)z;2aze}y#`v(DJ~vZ@*BzYwrJJlvioUFj)R=QTg|H>%pAHG*
z%YhR0ff?4n*6gL40pvwn9M}cm|E_Uu_XO_&;jYAmNRbFmEJwsC7&(6KMG-=DBO+@}
zIF(Ke35Z69gWRKtWYEuqHf4_h-=5W&aEpHY3H$W0>C-tE4NK@WC8F89GiJIsL?3r}
zbkrS(UD(yIs8^=S2`P6agAXMau9@%i7b8n?`_r#=XB>RA@es*AV7kqW(Y?5oC?JnL
zyTybE`3wS#j?Gr`Luty=%L-??=(<TL`z&agcPBT4FOA$FZYhiB-V9ztplp(xJ^bA7
zw!zyZ9`G5k9^@ANaapm5TcWE;GNM;dU@GiRFyJ44ra<8BivD)}J;QRPymkQf^z<~4
z<&;q3h|bq0_&711pf*p56tVQc64DhvJYryAp#6SD_MEA0C-w66W>P9LN4wfT7J#F9
zG86_yI%E<;;>`n#AH{Dm^R=XesxOD^Fd0U8=9YdDvG{kz(=gkV(=~w(0lwx+fJ)7Z
zfAn-&Jr=G@oP-Lk1rm5AzT1PdD#rbcjWQebh<td>OBZKni6Xy8I1ba|jv#r1r4SVT
za1k^sjY<MdOJ=BCAWF{%2yFW-H7u;4z(_Xz{`j1rtX~P3`E7i=Z|r0&8WM?-_5LkV
zXc)%n3|`gVqm?hjM)DOIMpLOpnlI8u+HJ?BWd<TWf%w{4wqJN+c7bvyCmm0!ZtkVl
zxMIl^Cj_+~Td#|Qhu$bBZh??t5<zR=UGIqev^@=h{)DXkEHVhK@Y!Ov(9nzJnjZ8E
z;b}+6$rfJ{^jgE^f*P6$*Ve$fMSFz=f%vVNfyjjm66`(@uCE6M<S_b4SmA#u>>iOl
zFEHNClao^pl~`PMnw8&cN9DMm*U*nl#5W}ly@hOSfS?Y*(<es0`I2;xYS5AA={AWn
z*uI};MMDeV;z>HyJJM~OhAxj+)D6Ivz6Q;L>EM~UIVbQO&|1qwj0bM`&!?Nf)Q1D5
z;7J|&-oXU;PT-sGatNJhr+-9WBD)0T!W`s+@^z@;lKKy_NgZS)ox-*mOe=hzCP|Y|
z$)wo#=h@ml5O@pNgsMEgU?(LVfze0;?d7cDV^TjdpMcg7O<&qRjX}3RjB;@Xy`6-^
ztc{|8W6w0QPIi3}<kD1=3%petLNbF^Zhly)CjV3<YnmcvOb16`fKdk@c*p($)+gk=
zVCNC{jo+pV)e|9$Y11-#cjAjYH;^p=4N8-`0-=1CmOpi+1ls$W4ISKE!bLufXr{1b
zdzM#C$Czi>!*XcGzi)oLk;JWo<q%+xLiJqs35xC-8P4r@mIU=Zbpl_dz+PSZeynOi
zG|%^^gS~7h#dp(WUD!R1&S$lZ2-UwP+S=N?g2%eQ)`RNeo|T}g*_d|0*t?n`tQj1Q
z{lv?8D>I$Ag%u1q)OeegB6+Kc_CjRzx9UTLDrocIb8AX|nWnBu=<_E!>U?OwQ2W6Y
zzygHRlpUrBHUu=IA5C?cc7SyiGU*0OemCLzuTc09ZzRw~wMk4(TTl_%GOHR;T!(AT
zjw0Xa#@PQ^DZ-6nzi{4{>A!sjTeh}aFad7vc`j+hE>ZsPVkFO~>Pm`6X5iV*^nSK@
z^6biX-|vy+PhteXvTI~=rR}e7zH=q?P6UECBq|2m@?la9b(q9jvuv7MLSB(Sp4Y?5
zPg7zj!%?4Zq-&+I{2to(j5qrhjzOI7tC3j+RiUGUlc6;fy<@jbMg2$a{omi49$?{G
zwm_>ktsVM8v;P9%6i5nU`Tzo(CXt{`e(=*Dr<|bD4EqaJT_cRX7j?#bw!<@D7$;r%
zN$Fsl+s$t2C3w~(NMy1q{vpa!u2m4d_%S_L;7AK>ZIJQ83b3~F&WLzuSsn_ea-+&f
z{Ir6zd5MxX4{;7Qc8mzLr_SGF`~5?)4+lq?I}w8i<XRW?Jczt*r>$Civ`tCF(`eEt
z3vFFpcFZ3)ocqLyX1tqH&$LQ5hID+Eid}mC4`MFGp^(;$RQX|ak~*B$w8Hiz&qV)*
zhw_xhnYwUo&;H-|9}O07wvAxoo^y5nb`wgMT?EA~TJ}FIudxZ4wdGUDk#-yx(8}l#
ztnoQ7l<NDRF^9PAPCg0<l%CH|j14OtUflnO;{T(^{m18kSH@d%%i@c#uo@q*P0}P(
z@|#Eh(c?_vN~>zm&kPEMP7Nf{?kYH4+3L<7NUKr(Z#Xan3nQSyi(J$IM`0UZ3<VY8
z{|*M)|5r1@*Gr}*&ylgXZxsxdH2)*LYsk7@HfE+Z#`3MLwX-d9&AkJ{-@8=s!1V9G
zk0dTo^NX88nx_hj;V5?#Pt-$iQ0SN@2I#-zg?u~3&MvpShFM;qN}U4&G`<m5{?~Q$
zw>aC9tvt1w@i7VSX3|t<btU5IK;U*!=|4y2`V^X-TDm<OZA{mr9_@ECsr}$HE%(3i
z`Yvl}FU^3=Rtoj+LLXJ~YG`*a0JBLv2mh7?_=9T^Gd+el9%UK;Jn?q_LBbR7^Pj_V
zNMaVkh-rHh1$~<3k|z*63%sG%tyw`Vdb6|suPX_NimDLL9-1#Qzsq0&NI#n0x-9s&
zQ2!m)zS?m7YXy9IByeeg)H3(jJ8q#frR4w4sK!rN!M835Y$qCCYs1)>oc+{}^q+IB
z@yjkwlU{*R;8*tLDmdQlx5E3+vmbbvG^LeI7S@2Vg)Q@RIoo`QF~tto|0$See61^r
z`B<wM*{Uiuaeth`_oCNOo_=pK?ftAu{Qs}%srev_PVW$|<U(yN=#S&tHv!XqK!-)z
z?YZ+Z8`SD0z8d!bej8}&5w(N<ZE$oc3fch~DbGZUoF%W85$eerbCfW?p=jjW|L}c;
z^raO?ok3`T$Jm0)&lFR77qRVNKdoF<y}aa9#bk>;hX4KYb2aCBS>fhjgfUv6()5Ez
zcmdNFE|94tEYNCp%+;7J6`_z<()51|RK&M}ag<B$`TjSmA#PIFf~k>JZ>aoY7`RRI
zfB=a){Cld@e=qS@!?cc2S+rQE9L-atR|mp=SOG1nK(ze`prcpeFzC!-ZeB&FgzbME
zJgHnAVYmY>c7Q{TD#Ir~6i}hH9lssoY(w4M50D<b(r12SpOTUPQueI=G|8>dohU$}
z!45LfS=3iI%*C*b=av=(H(NQ>Pr6`hLnS4-jYjH!){G>sktW=V4B^NAjj#qkDG2#F
zw-{5(-~@irEHx>>N6R+iz^z9AkiMMb)uxv|{VA=*;opo$TJ}JEmKjdL1yrl}(5GZz
z%)#ffgywaHcF*?YZf^Hne=Rgv4`kM^*#zjACh!H};A!<brtxpK{n!K84#}s&bT;jB
z;;kuOzC0%h2u(7-L}Cm^X7R2&9jgX{?*;s#gyB9f%mP}j*4~c;%AM_iM@25J)T4#R
z=H_7!lg1Ukx>T)MY!SgMjhSbW97RQCYrhRG88;lCY3VMNuoCG>dpZ#x6#S{=1&u*`
z>7Ee<f$nNxcn9xsjIDNc#SwjebJ8SC&^gOF*IHaGJL4+oujfOLeu?J^Ql4K$vcOYc
zyZ+lu9F9IiV9wAUih$YcJBfhs*kj6c8`8&Tu!wA6Rk(4}(R$l&)ty9_(mm0V2b|0j
zTxfa$m&WIpPm<@kFgXBK1n5R)VS67eR8RUss+g%WbYVu6)UrZP(1?nijkwZ1mP@-B
zh22?j+`sE`Vy&=e?|(%6wNb3swFM+$K__Xff@_COCws}6o$neq-Zv-8C92r=v{AC6
zyJ`Ig6H)1DNOguutb2-%e>)^+&2kM3k9JijA|Y@w`i<<t_&4||Y-{uVz7b3(S7|ql
zfX=RV25no<KyXA(Q|~Vq;H+-kxS1L(5)!D$_O#_=q=Vn1uchN-neO_4+vo8xSm3a3
zumJ{az3~l<yVAIWDEz8U9XJkl3(G&Vnx|z9QOlScX}n3kL6VA~K)<yQen($O(V`Bh
z0GI8SibnU!xRD;jKzPlOOvQY=+!aI~r^hfFL%<Uhf|!b|j$J_2>-n#s`7%+o5YfjP
zn($(VPw+1hlR-NJWhOlih>gQzQ8kVHvuQ8V(B0Z_uFwC%iMuKvuStOiCue8cGhttl
z(4`+rhU?$otG1m2nmQKTP-~5J&*vxL_W*Oaz-un=k6j;djr*9)KC20Azm2|R0>g>*
ziChK+liF~s_d0y8C2I;T!dE8soZoi3>FHiw>|(eNLW~tkSSbK?cL1{O*#r$rLkyT5
zlxWr-2;#yy@xENlw1S~)hHb52D}*K%E|z%q)!viIJ7O@CY_+y;u1u-Oi7H!%W87`T
zcNe0qCrDrGSB)mG&*kV?w$Y{oUi!FhAY`xzh(++Dm&B$0%AG-6oWvR9=MH=zqfwIs
zVb*0ywKH%f09`Yx^#kRUNT|ZU;S0l}dZi9RrZ?C~blwI|ikvs)6%|SKcjH=G3xMrD
z$Y3EBxIteO)^d_g`^&vggwLCR;R#JxMD=YAUh2&O2gT#{C^J|Eu#f7S+!D~qc=gfR
z@)|E-`2pvEjiupZbhj5C$%W<pl4AU$#b(AFaJKRkm}_>@kZa^G-#^zzWhpZ))J~d4
z3}Op14U4K>-(GbF6+40{$5wEIe70R5dP=og<pU}>XuxQE^+y$vI~DJsH8QfIU~^=Y
zg6B7WaWR>(^(M7IU1(%(S2Y9p;2MI?-S?NxJFXKell4A(Wo1@|mq3x@N?k7Zm{ITx
zKD&0Bj-i4iUp$<jnCDNWj1`f<4F*5oz)qY3BU1oiHBm#)4IH_f)-9|2;Dxz&($)Qg
zuO1N<h5RYDOj*m=)lloGsw&~!`?)_;*F^-?gu$yEnCq}P`3t{J-s=)9e7cF1BIZ5F
zaC|@Td6ycH$v?7c@Kz78{-`^x{UtV!PI|g2$Jc4ba0<S|c7wQC-5B<N^SIJRk;-vZ
zRLD1YEZT%p?=-vt?K$h5`%h)eC`2M7O=48@i*Y&0p)AmT_2(`h>Q0+ulmD^=?V6r3
zO$V-gip_)g4SpH*!uSt3fg5uvL$a>YsL;~w)*Zp)PsnoM>@E9eBq^Td`$emeicxy?
zw)glfrjES@noBI{I<-HK#aLji3BSGa&Hbtk|GnQDeqrXo#XW7w{v|l)<^|4wfH4-5
zcW_eiIyM?H%?jLq%PB6O`AsVb4{TWK0IRmZsxv*iZ@6CjW2tnxR8xSk_gByD9EpO?
z_H$-y<}@W<OAqIw_>Jh|ga8Re#4v$qVnN6Ewj#ls)Jb72ef{XqIW)mC1HOn;-$Y3u
zD`QvTlrVkD&t{57zo<U0Z*PsQWkvF<s4F!Xp8?;#R9&&G#$T_;`jl=WZ9|L-EDn!G
zUF#5fbLy-DRT_Z0B7Nv`OVaUW16AL}4YB&JDUrYU`HsS@qcBwg6o+g9iwy^T1`Pt0
z6Igdld(@h0lM9jTLQJ*@L(c{vWJWYCo5O)5xYA&JRe4%Vqpp0{of#6wkGBdJ%$uFd
z+mt_ID68OiFo{7d%dOjfK>Ikqy<EKBhzNab0(TyZe<Ge(V$o|<zRnd1f^R5qC*Xu8
z-^c4s=lfmNi(tD$ywO6rmRJdX;XRleL<~T0{vmKTH-dD7-=*-b#d8-mu_-WLSDuH-
ze!8UKrtw+vd}S@hxeu(`@>wzrk<Z{k>yXQ!Do)6w@#iJ}<mbtk4{N9PAaH@D291)C
z)md?%Pp3GmDPb1hBLZ4Y8EeF1P*dr0j-@afNJMs$D^C)+pc9D!<r``{1*F+5l9M2o
zvqX&qO#xBZoJAVv8?MiTmOYX=1Zzv*3ky`<>shkSyu9S<>zQw%tJ9F)<3cLT6gj6F
z;tj2PqIa>YS7Jokhnx{eIXMF+JT7`m%i{94&GGRE&N^P!CVk$gUd}f^_S1_9J->VZ
z6<2J$jBMg*E0eyxzxTH?6c{zA(fs%5AH}<$0ydq+hm08bI`5CCKXjvbUxIg#<oqZT
zg>P4Vd&&BG>|a0WTsI=q-`m$*TBB*+eutK)XwpPbWUlUAirC#z@V<^0dKy*`d}y8=
z)}$#AO!QL)tFx|Y)FRcokIPyw)cih~>C?K~I6wJuzioD?ww(uUSnYQ+uXAjEjQU^x
zR=XN$T>A5DctG-;i|@Mf#E42@#94<P!#dVm5s_epEw{*#{xxu%f#Nr;le`@du2E=A
zl+j*K%76}`WR5<3WE5##zU=E0=gT<^@8X3OcENe=RZ)NQ3r>Ri!|iR*UKhN`?Y_I)
zS5NWoFIe3u?SnH#t03}xBs*1X0i7h_m1Rz7`mm)^syM3E6*j=WP5UBa=jNM6XNK1V
zZzKSiGsBuYgRd(OmH%?#^8tWC@6r)`Ijvh=32vsi9AlsSw@oPs+$DTw@0$H5jq``O
zNKI|%X3hKklauU}4W1whRuSs3djT$LQrfL25MgI9I=Qxwlov^~3sohg#7t-1vC6hY
z0GGvSQsZOY<?>Is%j;V$%7^KEst>?z+t@l;aQZ2)XsfE@@hb5^pzU?%7vuWD0v0&p
zdd`1wugbug00foBEUVO~2Bo``DEqCzFy!xz$v~8D{VYma*5+cXtIW5A5S&Fq$j>qF
z8?hgL7!@hOef09)4Z)?&(0~^TbAPMm)YMvRee~Ote{i1A!Q;C7?TNXX8Oopc%<s|I
zVmd6I#~^Mn5K9!WRZ94cV@m92xX8+a=K<Fz`G*@P10H3?R7)sOEYLSz0d$A0|0>$6
z4&Zg}^#nx#Pp&U3?-gk<y+2+yQP%q;;ZoSme;DtuOtMd=aaw`%C}JM)#m~V6Hn@Br
z>a_QNj=sAmsdEO(eBZE+*hw9KBg{A^YrE|E0@nMHz#c);8uyieTfaPo9#ytkv1sth
z6k0k@7I4DDS1i1>=>3U1Z>voI2zgjOvHof}^O3!}{s>irjyOthB@q)S5kAW$s;fee
z6ky=?IxMH^UR_~v9lqk9`E6X<{lS91=b(!G>Y&N+?5)pxEut{@CA9vP=KL;iemy8;
z1Cc~?BgK9#DPkGtAhcrVr{@9-+udaSB0)+4G=>bDOc`;LU5g8-Vi@lh*Xg?|QCg)_
z45eWi11BUvd)|Q{!=lx#QCDpZbt>=w@$}VUQAJzdC`zYDmq>S)NQrcJcXxxdG?LN{
z(%mrR&?QJW0}Ne5NH=`Pd++-J^WQMfJo}up*Iw&aXdjL?^p5ii3bugzsU1bl2<iuH
zA{`f>6$O!0k(F+Nhxfw1c~v76$H)$_Ba|O7iCJO0?Z!i2x8~EsKMk4j=i7d7p|<91
z2TBO0)~M3CDgcZ(0mKEc9(<l&SSV?Pw{Azs;dt=jV|_x2w4F{c9Esi9<snz~{5!jA
z+H51}1xrz!2!uL4;>n*v3jM>K(~Dm@=BB3LL#n+U2A%^BAI5PsM47|!iR~vIC@*t{
z5khQ<WZzv7x!=4JD0tn3P;C0#H{s82o;XGlRm(Kur(AY~Ur;%-d(T+Yz7@mCnhpi|
z>bWkM)Z9v_v0NuVf>c%rJoZplJz1?=UGMs@>w^!!DB}(O#1U6mx|FYJp4HNsngZu*
z9d1tO6`|(Ygoes)bH`#!N{~eI{T!D$Ana^x0PMq>;CUUjV`E-^*#tA$+47Mk{8B8#
z+^{~d!3=nSK$jtiFKf$<)-(S1Gr6(Eyb7V=Mu4X#Fri;cV-JSL>I23z1#v><uhnD0
zmUDp`qSG#%S!P`??Q}>P=B|4h_d<bauYv0EZ(sc9V<`kojdxrK8S`M(?HKnXTySPX
zW%p-S6Pu_qL9JQNIsra^(`rsX-xX8RJnyy43zILMHv}KDE^*%!Wgm`1-uln*UR$-8
zbnQaPgig-l<h-~0a99L>9i%O_;$6+U5g?Gh+<duFpBVn|w`SUxdX7aeIyI6MQjlI%
z<}>&H7K3BP{SZzG3!L-*E`NnMc~q3%+hS*=f?WUd;>GRr8b#-AV%N)4)Bf1?oH0Ol
zY)swUSv`YCg`H?mn}nEDs)N2VE$Mu(TCG>-;SdDRa26G(WTkSOR@TN48QCt|Z7fvY
zJ((zRcllI-dS>S8&}3S9uzUal3GcC;_l=G?8Y+{y$YNjXa-ZMLYDwXnJKyJa=+j9w
zA*b3RTU%S3$Qtj8lUUho0L&j4tbYOwXv6Er4PWjxsnz+3T*g6(PVVvauO)AtdKm`H
zu)lk<6Hmr~{Ad^;ZOzR$mckE9mcRkzA1e9zn6~BR`C)G?lXeC!0c30H3)V8IrV4Aa
zwte1mt;*JkX})*M6wF%_^!4s*_9VU;mK=QX4Io%y=skXEIqk5jOR&M;f0Zqf6<cc0
zWSL>TFs_;r@(R;u!}~{-HM!pM{6`+}q{E2Cs2}56$64oE#YtRhO}+i7zrWXkPnYhU
z#c9?ZV=nS?E<LNyQ(TROqajBbILRH2SWX{f>_bGKi`lhBcFz3$d8GE;UI{mDgTh)9
z2TinM!QoByevij2&KO^OgpoRqF>$Y^9clWZAd9i(pU8Mscr2DWZjxv_h)Y&80O7X_
zS61+MJm14)WSss2P$Yne9ZaKNZ|(t=v&MIaaW6OE`3AV6NwxY5f`Cb`$D%PJp<JEQ
z#usXJ;p?TwwP-QMSUH!=ddhg_wpWjIIs55bg5F=qC@LMdan9e-8;kw3`StPkrZY7$
zSom&?-a&|NWZQjS1(aC9mj}BWZOmr!yFJjVqjp<gP3qX)*m<^tj#qbXTU>j|Ud0Ow
zP>_A=REy)livm^%XeaawWE_A&J+aVgfTOvybyI>35r3Z^0X-uY=S93nv6`r(dMq#i
z%&{mh&UQ+m(jBTxM$R4#?R_|Qea?RI$ntP(gJ~D5TcN$ILj0x_$#Y*U{H=YSg#~e5
z+PqElcm^{l7C+(PS$#svA7&*s@57ZX<`MM#o3&<dX~xM?*JS>Q<^@ecy^q5Rg$6>z
zDMupX6YtU6GkIS3SEf{s`_;zWfJ3$uY<SoMF#eB$tP>OCv630}f0yb!i*W=-Aj2P8
z?o@N{XaAYsvY{CZ834|zfbFRPR;hd#&{h2d6VJCi=~Gzr%L@;OHe83k7s_KNkk9Oe
zu$3@O$Mlj8dEZ8@1FpfqWc^vw#g$r7HV+JbnwDiPVnQn<S2I<Q{POu$uwssOwHYYN
z?oYQ}t2Zok9V;3~A_);|Y^UgtMf$5RfTcPts)E(ucM8#=Bz&~<hWsq7?XBsF0RKy%
z_Q#nCHGS?osXZ(+c~fjZ1r=k&(F5@pr97J<Hbw7vQRXUJo`z7vXdg&UCiH10;5{B*
zzDfb1mW5s|>Bjc?Nv8eo*v-P~?PX&-)XJK*rS3Q^WiOM=B3I-VTntGW(>1xn8ytl+
z&NgSv5NENc%MCh{rtNW`^&8L?;)s%jr#Z8o{d)Zy6vmuPH2+g|rkv-e68EF`H7>EW
zS}*80ilxm8a6RT|G5ekHa+muO_&b77)23VS-+}tyE4a1D0vJ080N%E?mCc2VJ`H%g
z)@cjdGb!(#xu=@obmPwG-VY^|hkv9#`uBd;u1AiYoy$I<c1?GrgFzVF*QmJ%|8)8>
z^aq7h#q{5je=;yL)1lRK)vB2&1LmP1L&4_D+OBRCMSdU3H)!2L6y1{?i&h!6po-^M
zTjBS{iS$)^GVA?I{qugu?%94C^cjnGNyO3JjhjLco-E&Sb{(*}0ZhiUaz>ZTHYwCx
zg6AE9kRammLg--9e$!H`SNNaHn{<BjO8%-I`!kLlSZn{h7#_+TB4-k2Ag6k8?T;$u
z(EhP$P#7F}Bk96C<i2+-xC%!yr0OG&cejv6g7FdHSWTPlmXOrm-ahdOR+-0}XKZE&
zXe2)zCG{%uZG-^em^2}Qu+ZI8eMYyjt1h*1LqQX>G7EwN)`{S_xh;Q=kYC%jh4e(3
z67p<`oE~u)_vBCCsZRroP!j$V%LjR%OUf;>dy$zY#Nm=Z+msepsiy+FH<EJRhqu2y
z$=P>d0(+hrL6>QMMxix)n>qWfJr8R!yApK|ZxzZo$4ct3%)U<)>u6{@d)gcEp=RC;
zp!Y@U(GL5V(wfDtv1HlQFjQ)h-GV<lzDFr49m*0i-;EyQxjMX{uyDkYXpW$))v!vf
z>M#^8Zn0xLTduSy=xkLtvu|JG;+!oQJ|j>^tT0HMuEjWL*uP}Nvt#H6VI+E1zLH+#
zwqQm^w9B?c6;M<=wgG7@e!SxV{61ctf*Kn|SdwM%^_+UZH*1+HF4U0&o2>q4QKx>V
zK1L32lzU$xlKk{Y8{>uQp)>`8dC4gOLx1}i_C8h7_xAHfJIu@T2=z;qo7*U8CMUoQ
zEVw+rg$K>nC~~2^@Xc<c@9w(%SJ*NcXCh`nOzXiq@{Mol#y&IKOo;IZ4Rn8)ql|^q
zMpI;^^$K?K%#sJrC<B)5!n^6wjfXh^wHT---R_u2UMgrtZzkMR9Ns%TuO80KNzI(E
zM_$z7lc3=ENXsY(i3s9j2vg1_CHC^%_;Zhskx6#USJ0YQrf$Ym@tcd|@{QG(Mee^p
zu`M)BY+WuR2qE*2sOg8I4KkwUWyt*wEHoE7?>zL6<|`s%$N<o|<$bY2b{kLz3l2mF
zQ}tYa1CtEm+NfwEl-k>W9TtG6;|AG7a-T0tW}s|*fPHqM67iz#g$5_eLE`-fJMZM)
zU*IFQ#XNQUV0iNT$?$(bYrYjUm&blNi{EuHnvgP>-eN3+dIn%vJ8oS%mR=S#6MXKh
zf2_dwVY%~M*n3{~IDgV7ZzuMjSPEeDKNSvz7;>&1{X||(kCBJ2nojG7$8~M^jlT+x
zS{^AYGmOwi)$98v|CROJ(diZcj2%}cQ333Y+`QQp!``xjP$J+WyJ9vohPh@vZ=9K_
z3XW~*@Sg71u9_)MCzRC^HJg-u67tI&!8gvv;pIk<wa~3O;%IW8Z>bvMRrtMoPN13=
zdYk&0;d;4(L|H4cfa4|FwX~CPoETvw%_4&a%V%LRTZ$HucD;Ma&XVy-A`W1RNp|x1
z4O4{6rGI%y{AVC<^a;~eT{FME{UJY!CBYCM3J{pOFR_$*tJ|y38aU@7T2(VM>S?ff
znC!5pDA#>wymOs_OZ7XN6|nIxZDg!&*(?!$IslkU{}={=d8&Q)X{NFN3~S6cGnSB{
zs}L1w`dv>Z=y4pQLW|Gb&GV}JR+QikGm}tT<6c?v-}V!)hGWf%Cd0pR1L12^Kyw$G
zE96*7;{%x9HACK{x4-l8xipm|hPRSjWP2tkD>-B%SFEdC_Krg}@~-BpK)+9FhP4>M
z=-!7NAJs3V_3?5x=U`2w&9Yf<Hs-J$GF%U6V41EXQ+}9739)WzO)cS_@PQUTSF7q&
zb$V-UF6oWC3y#tt6yzgcB4s9(<Fhxo%Q@QT2^dX%M9y5&5i&%`b=0YVZj}@EEAY^O
zXv)Ll(My1>t+BDOyF&u;7Fa}#u7-w-AXFAOoQnM>6Tk`|;NzJnDq<px(3fPre&Ni$
zljC{NIE82sV?Z40SCE^nIA#2GgjYa69Al|>x&KLu96?JKKn=ZtKp;J1fGzqQU{u}=
z_`m~J`B#@SimBEvt;=5QF1h#ihlrhXL_7MHCVu|y^C>UsoYzt93N1(9>lR+Resl?u
zJl~R^3h%lK@REJ%v;P|zwG0V3-;R8GQR{dV9(01Pkz39?CRUX_(A&P!DoUsd%xHJd
z&Y!NenDj&qu@^Alflf~I*`ClK9`jsvYY&{Q^?r_^t46hoN9)9MSQ<^zp^;$ReN$sM
zZ^Z+O=7iZ<W|=S0N2ZKgFeEO#K7XO>0en}z1mJ^Is^AwvVaDhng;JesyuXe1Gn-!*
zmlpFad%-QBoby`F-oVk`baeEYTg^yrxSuc}bwI#$FdFc(C%V2&?Ysn-hThTxRq#2$
zP0Lu*@$PdYuo{8+0IADLsWY+y_o!|_>-YR)5@G45W&dd1-!oi_PJaQelUA+KtLOs&
zi+2Q$+-*B4y8gg;FdK*waCdj-kRP)PhWBFhlzL)e=&rS#jr03k%HAcMf1=xNCfu6r
zb9;G2mYAhK*mJWcO!>0Z8l!n4d@!{|`*bP_lwZu(UB~5nGB;g$9GdHW=sw0gDuFTZ
zQC}~=o?lTT+U{o%f5nwT&ipM9X%D%ochAG+ci&aeohNU!HV(S6$tH%xzXA<zF1`!I
zAtZcAt{Uv{xSh4yBOHq{9puo>)F2(sa3God@O3G&L{j-UFz*zYZp)#<g}Bq&HQ|gy
z#g%hWN@TgJhC|rpV?A(&$7w{(%aM^FeUWcMva{K}Dp&)|&JnMbu!+LzfK8GdpjXCj
zJp%l~uK_B{?t?(P3<8cQzCtf$ihkwi8-Fu;avErLE=Ram+XiKFK|MniB|X%LvV@BO
z<MW?Ie?Ad~+M#OeAP<>BjWE{@50p0&yto!%0~A@g&VvY`J^p>ly)HQuh%m#?t*II(
zR7q)MP(sCt9j0o3&aG^NvZ<cvz-wxsa#erjJ|-WtWoh3wcB0GUkQm_YVqwk`8TAn-
z8SLz^$8(pu2Wr!mUv-#HD@&IfcNSIQ*()xJsjMm-M<6lp+f28-?<zq>L#f7n(tJhl
zoc|Kr^rp0J(4&`E*ekBCeJsO$S_l&GkT&Sde>QB|;}@57>eupZ!VqvUsC}q@fV{Yz
zjtE1+m$B`5E6<i)o_{e_in<#s3W<VXZNL~DWBCbaHAwDF^&F8a@d5$!9ALl~%nce&
zO#1{fwz18zv%PyK{yt`+R548&13@bH4KWcBjbaXyIUPQ$0h2idWV^*^L2uE96IUUu
z^mdJ=GFt~W4xuLFyp^A7fW_Hd@(fN;tPtKEl*AZwU8^d}8+VHbS~zF_B8PBr64tsW
zQhbIuEc!(iQ|`HqlXiWC2Z3T1wZQ|03vn4+j;n{e`MZ_cxntXULk$NdaiWU}m9{l)
z42~pHYZT<JM{pto>PiA>EfdAM*>yLC@Xd{S0?*LQURM8!mrYL;!<ItW1%6ZZ!<D&Z
zz|Po&KHCfDo}l}^_RHtvKfTlD3=phg&lDR>;Mo(6N|m9mjZ&%NRH7Bd`UNR86sZs-
zY3oCaawNTD{fvHbpApcN<HA{Y>14sh7V!LtqrkTTFin&+HSsT-+-5!vw8oIHtdLf`
zJ|${z%M9o^Gr}!(HwvS!mibn!-yaa=n<<<g#J#$haZ9qG`}#9{AJKTe;cPU?#Gm<A
zcl5CtOFQsP|K<jB9ErW~H@PRA_PC1@`P>;k=Z+;b&Xq4JXp-L1Avt<|v($vT&hw@D
z)j&9jf^@WKPt!;00~soi`^XHIiDQi8sT%iWhiF|tFC2o123mU_ZXp(Lbl#eBJKsTJ
z;=lM09Hr2OS8RAU0Ctwwm7{ICXj(y^f|M=icLqS3)t&oGw*L21uB_mL*sjjUu=>nb
zm*~G#p2s~qFMynk%gf8hv$%kedYYx>i<OGZaR=Pf9@9+Kn0dy*?5~Q~4sTkR84TZF
zXOmv$yu19I;!C=N)@7NhGDNX6zV&zl74H-LuBj^`ThO$l&|(dQS`Tr$xGP|#$6KWd
zRk`PaY02yLPbOD+AZ{ZeO55UtoH`Lz2Le`?+0GeNUbK1+;iDf_1JsOwycm9f1#ZFi
z;X~=iHKGJtl|kj8^z0|fKU3$f7710H9y9q}<kWxzx{K<*V9aJh`~$P@pS+5fr`)5P
zY7idNbwMr3TmSd(3x4rl`h4sXKx?B6C}I8ts~2+^(vEdrE>ab~q;D-QQ?Jx(JqJLv
zm(^4MX1gUKUIHp5OkIc89d>}idVf$d>R3L@=8dvLs?ZVL8T;<eVw+f53e#pfwQuV_
ztGVx}4Dqz}%0qX&bYiCS-<TD2^_w;~`t9TykbBbo3egUzd`-(<1}seX{fDEFKRt#R
zhMwQcYa9iAy!~T@r*+(=x<qPol;}Dxme(ewA`oMlO@1oKq3YlNdgWKo#8ohSS@2p<
z4e1d4X~q>DVD&G!3d;0qB$_dPM@f27tAj;VNhZ{ukLgn57F9>RWLWq|RjBv?PBQ@@
zuYq7mr-ZABcuU(4NI|%a8vR}EGk$-`X`DTjN{wJSi%{zee-K_QKDT1@kRs>JV|PfO
zkO6d&>WUi;dh@S?0k};Y#hDH|O*YBX7;ol(u=W27B~i%!bY;J^ITuAK9B?dK!-{jx
zNzV>eo%-nt=&M~*?JY?=_IPG!rW~9I!qUV7P3q{Fj}Xayv1~JbC(`=l+<2tS&4r5(
z%;nlX+@WqV<9YR&Jp75yjk}xGDk<(XEMD>+liCkYSAPdui8CR?D?ZRF#u?b*V@a>G
zHg0UK-e~zn18KCnV2I?)HM3)=2`a~N6f`nh^7b$n$EMP?+<l%c$gPPwSZ;ksVtJI%
z1&&LslmzV15hhncJ3HrUx|G|tI*(3InUe3lduIO3=cz7x%v47cKWy>RpE{K;dY?Y_
zTgN08b8|Ht^(H4bu)`G;1IA1Ms(821_57B&4h$x({OqvO0u*!aT%dlN#tCwy{~1&z
z?tbJ=3D|3E&rQ3zuXZgy1&#fI_sndVtL&NJ)Xdjoxw*cUIUnC~!J&~8i79I#3Oz+k
zy;*tA%t4HTb@-1C?UuzzW=-98F8i3vHeBh%pa0DGO0}^`zMqkM3EDqq!9I8VoQQ2b
ziL>56F1MeR?b<8$fxa+h(R+9yd|RA%yp@MTfAj)g)KS0P;tj~)a^Yo2dY+Q!y{_!{
z2B10Bobbu>U9CZ#5L(#6mqov0chwm>t&dr>$UVAb29iAMmzbp5G<ey#xz=2nm@4nh
zp{t%rWT!>sk%p8+a(nQttKBnOYwh8)61ZHtUEFE@VPe929IUb~G%PgwFA6sq=L-nB
z6^2gxT_l})oDHk2!^PF#&6`<XU;@6prmJ<vOFAFX`f|p{uNR=-^|S3A>~gr+bu~}h
z4)Ho=0EWw%hf+k;%f8P^{4^u0gd@ut#QW<$foQgV^AAC1S;yX-rK;--kn3uOcdk9w
zzi%+#55kp7lnS&otM4o_S$_jwD}e#R@54ydG<VmURLHu*{#S=Ls_*Q;M|tpSkKTP&
zM*m5gh(QlFM$%<JV`C3_b%^34v!pSNW~fNu3?h@8gA+8Q5yp&VOo56|Srq+;yyo-P
zNd~3pHNqKM&=VT<sUodea$%)XkyI3k);IS)l53T@hxwl)9j}-ScM_ccOD{Tom;YLZ
z`c=6!DTP-!kyPmql1**oY!w{oGCR72)t|kRuQX~5o&b*GHGnOK|5Aem8CM6h%m=B<
zw?iLKQoc&%&ip6o1E2}+-R=p$w7Tq!yhX(mQ7ZR*t&{Y<_rc!wKojMERHjq3fsao~
zK1F}8r@9y&TH|3Mv5i$l6ZHQj0dcMIV*q3kfFCje1YH3KS4t`|+Rw~+Qbbwk!rPhi
zSZam;;k*IFoZiJc(|-@R|2jPR_kUl?KdhQ7=Pn0~mA_9A*s1@287fM~+QdPBtgt+&
z&E(Kc*E+m_-n8j4NR$EUGRmAtTXXE1K#b}CN9k1z%IEw20!dPF;cpEm;J08{8?0LO
zRm>a5jxz)VQVH_y>uZl$hM-ad!uF|r7n=lsb8&0C?OG!h%=&WMuv$_6dYGw+Ab_>8
z(@Q=5L%>aA`6c`@>5@Iyy!IUZV7eSV60g;eY-qAS0ucBb@TWUMOx)dRt*MRgQgy_P
zukRNBK5PIuH@5&I{Bn`2tz(VZ4<Fj8a?&|14P1Ux16g8$k3iA;#b|;C$X{}@%G&~y
z5gBN+?cuEE>#@p?gp*YhznY8Bp|NompsH^&kHII$I&c1<b&x}Ce}*g^raRHPtz%Ua
zmLmv40n#-9|8cf;`g$Aah<5|M&D`Q5pVVL}-#<}~3uR9lyD896MxwH`z;V!|{zG|y
zRwy}oxfJf=EqDhI9VO}Sbi+gM8`_h>JHV7NxwrNoalLuTf*7~dr6V|!D1_LtqYfa5
zi~wUyGVc!|z{J=9r6~l+L6ekr3>|q^<>xMvVl21#&iDoY^#|EkM1)OvK-L_*R4X8B
zdb);S+GfN!(uR5VQhy2e$0zjwovJ^nT4;5d;syX2W5Yk*xiVUnH8kMJIPvH_*&03&
zg~$-vV+xO9Fych<S$hZlW|RKCzKmX04&U+y=T&qe(7FKXn@6(|#?{r;Qgl5Iv@$n*
zjNgU&Z^^@2W`||OaMg<|Spdj6|6NALKECplIvi5V$3|`)l7%Q+5;tpWN72elY`F*I
zpVv71JB_bJ@gfwoiUe&IBZJgKWV`1!T;|twe<Ji9uLom>y%Rm46hQcJiPUTHWk<<k
z?Lbs%L_Hkn&B+_aCc)u($2l5r86@Z9vSRsKgXC0+P3`5i9-J!Pcz?hfDc$&&8`k4K
zp#`r5a;H|4<K6-aG!$qC5SgXwNOT*mu<1xH2B=f@UgxQ3{Ajtu6ueYo`c@Yk{E8h=
zwy-S$s0WrWaEsL5R@Gqyy8i*F(_z;6E?z!k+zY+{_B2SH3kayl9~Osx^&I^$o38$H
z^zR%HnQ%>=U)}Y5FH>K`vfenw%LZ?<*yo!h!v)AXx?=H$uKuxm|LH!8{IReY{oE)n
zoB!p<aiqMIPUP7JxRJe&z*R}UE;VLE(HdI&7*1@1Ad`+QQqu<)LN>A$CrmcjJo~cC
z+Xbw}91?#egDo<_@<~0z`ivRZid#}X&){-KZEPR&z)AaQZ0wtjV~a|Y;hF-Gh?S<N
z-c^ave|1@o)iJNfyZgN_tg6|hC#nfDTc$cC4ty{F^m-n+;Ih_M!eY2x)gqHE5e39F
zN;ZNID}e4Ujk1tGbVL*v3_uP)*%^U{5!wbESm(`IZD(I!1}AHqnr;D173whoF5ncE
z%YyIQ!o|<sL9IlqwSEeO!KFndm%j$s*~Lt?-afOFk+0{$&6T8D)RY1Q82Z?_5x*i!
zzpO9Uc?42d^+tOxoiwq}hYbi2I2<T>BW^V=|LV-B1_Ghg(T9ziOc(S${my^WG9Dm`
zw2x;CXuh3~2DCbWdt^48E$<H^Vg`UAKL`|W_eD9aB8EB0n>2&ilyZb(%|<4>R8h{O
zHu$5^yGvQa`)SI!&#x(^tr-E%?5{$b6Xny+{Q1|Hec@!@`+zo)a@e4(9B-P4tdabg
z1p)>Zw|xkx{vMN}h-KY_a26Jfat>;YZPm!VgEHhZ)RiQyIB&^0QJIF_wX4Vhu^WN1
z3$g0`KAxtbU(>d~oJvxu#@{XSmv1xjyy8t+?(^CUdam+qUjJlMDjKBkq&AlTt%WLe
zf-yT6a1#!fYMJ$;J*OzT$Lg%-t8ilPVxWm4CCB7w^k#ghcnkZiMkDu|S~lgEzu9bU
z=`<O)o%k!*nl7ALEU*XC3Z4BhWEZ;3!=zW|7CQ+aeL^sjKW1S(WLAd%_n_QtgtdJM
z`nSiP^LI9LD^y?|T00>(;b0UB?<y0A`1PUlk^oe5Nir`pp<JkK4H!@hgn@~<-V>l{
zE$0HVnqeT3W2+aH_3L$+YRMN@;FA2#QHJm4ic|;y^jTtqL8Piw)tUyYfN+kk;^beZ
z9-vP_9|Hy>sIG|I$UATG^}e?vXdCewp}+C}f}2;$050gVTdD{2TR02qUf|@IXJAqU
zXb-M9&Xj=hD7EX}I2cfkim<Wy{d@*w0t{BV;+WwK$I5*g?`vbhZ|^xLKI0@cq~O10
zzyJ9TsAqF%dIP{7pILuZdz^Dko^Byu8dC?NsT_5J$Dzc_mU)&6JEDLIDO8}tf79vx
zbK;8sWE|!pvLuyYt>e|M!(AgBy&dNROf@TMr36j|SN^2BVRUL51L3OQ<EbirxA0`j
zL)HziO1X-SjTgfHC5|b(fB*e$l)3qzW|ja&w$p-{@YAN@)nwPd7(w>)f1+0m!OO{i
zQmIgYLeF5dd($rYgT8*O;-#f3VS)Hkq2*s~mQXkP>e-tKB5;|=@a)||lzat#^*@Go
z9(z&+@)MLp73F_iY4kU$NPQ=qBv3b$V(dht{$j!lKNwqu%KzoX@*&-^rTdCUncw!t
zAUu8#=c)fMcVB{HU)SQCawGmgCi#EofzqJ=#2o@8aUe%7Y`nI)WKQARj=+3I>;L`*
z7XjL=k?_BFN5FqQ%772(%P8}L(}mBd{oi|tXZ>tPKZ*vps{Mx_Z3_P-p`N(a2~VKD
zN_2+7;D4lPwO)+uXDFc9{?8AAJ)C+U`5*|y^ndZR(H}2y8dexF(P^>nPyVMVpbPS+
z(fjX*Hi|iV|1Y!51I>Tr&j$4Azn?U@_&q`n{|zav@V4<%p!`imdV~0Dh5z#2^Vp}6
z&=E28NQUZg7vq6wtOC#fY9zQM@C%W%m#4q~|IpjFt-qO<mJ{gsB|g{@{*UEe_e%Nq
zjEI?+(IG)+bc#qw!vBt2Jai%>)73O|+5fkSf!kJCpju8UdiU2)oO=H~vk~JZl!*EN
zK;5^r^@IH{)Gk<Tnlt2kjOEolHxx`W%m?>6Nag<)MEZLU<!G?0{(_t9-_UFd8;!I7
zo&5^nrtMNRn$Qv?24CfE3?u#DUGN&Ksn8NGi&U2^qz9PJ-#7eUATvt;7|pT&jK0li
zy*;rSscyP4pbRl~d@sTnwHP6WjVM79|HpBgxR;9k-N)#HVI)(5SZN$&My{1%CzC!P
zke5fU@SOyjB|)8aKi;P_6b-?zX)WJ#E=%1eYjK>AG6Id?hM@~LRt~dME<|(wjTz?o
zGJ_OK*l&TAE^2kxi92Xvri@D&Op1!yWFcORlL@%>kh%X=;q^A6!Jx&oOvFi3HsM4Y
z>*nq22Cn%#nf~4H)=MeJ-I5U~-C3`H4M`yqu;0HghhIf64zd0Oif2bheARy;%5C#z
zg>sT2VW{9M({_lMAcBgSR+y=)XV3OWxgj<RMoVgpdSiiJXH&$^7_~6mJg2V|4d%<-
zv-S}s_Cx~f2T2X!ZxQxY5~+g{uWcNoc8w#9u;mH~unopV46%(hl8C=j*ouQ-EgEUq
zf+@<;a!_mwq49ij;{=Qty7$-<wfnMZBer=jTJ9j1D-i#rXrD|tsWqBQthQyQJ6?U7
zmn;fZ-(0(e{$S;3hP%7N;K=e0{xUOVqqr4{98X$36)&d2$GCEvZB8=^eoc@51}<$A
zkC@P4Y2JD%#YCq~x>owMgdb~lIl*EYPED^yc=ef3pIY9VTANY?GNoY_DRU}ii(h}V
z(LY@2-vGfZWOjZvv^NukgtD=qG!PKKZ9&38zYG1TXGk|J?riw}syEa*m-XZ5l}qdR
z37K&8XI51&&E{o_1HzvZfqkANm0C=kKEnkO#dFnI7<R8d%&a_zGn<31!dH^C|3=9g
zB#OqwBZOhT7?W>>e<LoSbGyLCtJ~>j@nojoO?mGki#nCiS=+Q`Q`JyB_b>w+L01mO
zX%8fI(-lk$G)8Ytff*f-l1k%g%`G0LBqW5vEArb+=Y4|5IlC+%k+WEHT<5~7-4CZs
zY=j&ic(j)gZS9foawPZUgN9Yak&_52ij-q7-#B;H{xl)rj<t^uB-QFg4<(*jL!Du<
zL0FKw;5r6Nb!zmZ2NT6cJ3_9ug2-=nj(pd~!?Cec6iKdd>terM4``m=!@BTT^s$Xa
z9~1&*a(JwJ;}K7ruJAG$)YV0KXqJ=q5KIWZ6(4u|9x<lm<O;tmc};lUTm}`OX$`-t
zM;taTrol~*3;ThsOQ2LoH{{F@YdaO#UT3x#JGT?~p4Yhs*iy`KnPc9vRie`}j@jOV
zN>43qGd-T9Chfq=-x0r)$Ph?!efmb#uiz)?c)6chBnhRv{z}-AV414V$gw#Yky($u
zf~a#`pkwb7q)XR`41fJzYA7_GdUOX{eKqaLhX|FPp*7eNmEZEGko&eWvr2>`;@_1o
zL25z0WA&u>9*bDs7jf?Cm8Nn!rJu(!E*Et33FW)_%Ww)C;MM!S6#Lkup!=U39l)*b
z9_cNyufOM|q<<(ymR06P{`j%@hGfB|qZ>`eVjqcEwx156EVPzFV&|$$@bVg0$aBNI
z>tQsQ;n85-RFc$XfOovCX0*)7{a5}B+-LsD#X37I4@t`#a>p)kMYGW-mM0#nloogq
z({RqeR=wYhp&WX;-va3X3-*Oo{_3KgZ5*MsmC0Iz)4YE=I>pt*XEyb|+OSgs^vide
zyXyfiucKSO)99$lg2Wr#kHy^Wh`zFg)@mj5CO(7fPj2FBSl$@)+!);x#1gmdOfutU
z`A&@y0EW#H;3-W<x7@Cw!tBusO1b)9A0fCYqoLDI3F4Zp7BBuWsQ}yI&gFHGVypvY
zt+)st$Hlvcq!d~b5U*fMi`KU@s)<;!a5A*-%#rFC)TJRzUTz}U#MLp?+Brli6kO{4
z#Rq9&Gn!600iDNJpk7!-l$+o_mhS<N0HQw=w;5JER)_?_td~JH%)WD|W$eZ(h7vpc
zu`&e7*mabs!oX<CdA5Y*7S@%cvT=ifcvQDVx?m7Voq!VO?^GhKROb^i0NzP@`g>^W
zZ~QH1!`peiuS{q#-70aQ|4#_VFNEY7Q}#OSb_u*{yCh%b`psdyGfmdpAj5sm1<NL2
zC1cV%d5>AybtQ{Yg==9|d^L+YCxNE+V%FTc3sh`y3{u}E-|oNd>nR+{V=5?NZMUj(
zUOj!8XEP5^7G0_tmCx2OG^C}m=>3tt-js8D<uG;3#dP%JQ&6q5jD-m#lJh#fRz7iR
za=|*CM_Y@lbl;%(^Vchr>r=`cmay+lpLZscbxH+LkHmE3CgB7F%%>C_<&GpSVoZ_w
zzV_yX2nG(s(xn)DrZ=TzFDCCRY*Kj3kYNQ6pGf8FF4Q97C3xHSC1M~u;_w{3rW4Qq
zw7x5KKtZB);x8%)o6llB3`DG5jpaZh;1<P<pg6<%bs8U=W+{z_!?c8@5!O31Auze(
zT&8MyokC<J&!^`#7iGA5p32#EMv1G%xH9OB-r(^?{RVtj39XZ}UWm-~zvxgT^9ezT
z_W!$YL?_D4EU3Pl)VH5u8vvNG9TB6(-8$`UJG=NX-qJU^@c-=@{#^AzYC?d`+SEy+
zZmH2_YW}5DAa~++r+1<2F|<^zln~^wwk>jdZothaz#*tR+cR7(55kN4Y@_D`@BZFp
zW%x1tQ?$xEzA}`0N^WF$oQCOI;TJ-fQh9&*8$<M}g>9?6JuffXnc^xrxw^Nbz8mVN
zCl8-ux;gzES3<_KJ?+<AQWEP@c_V!Xhl%~^&!eJ_onN#FUJgQw^tVd92~C%#$7{$}
zI^t$Frce=SnEl?OxezSP#Vj=&@hQdR6?cz4rR2Pql3cep3O`gP@V|Xo^1&35jbwP~
zx<F@D#Q5{m6-!h(;SILN*M24%EX_YAM*8~j#aDY!{fi7N>e62k-{}ajs2HSvX7zPb
z(SRQv4liGFT+1I;Q^P30{dXPS?iCdk<-jitQqt}SWsCj-ZE`XSEhDDpo77wIpcoaW
zweFXuj6C==?3`fp4T?<d4-$$wNUyLCw{8;=H3*SsqV+uDo^HvJu${j(eELJ_pyFyO
z*P%hMRITaUVN-UJN-Rnd6HIk|@Wm4?-l74>0B%-=N*~iXu`Rw^_@UoE=Y7WOp<S;D
zJ{dbB(qQij;OFGOjXCYwseTyi?Y|{OT?Ro)_O5}*=7VL}ju_*qy;}_rjK%^g=-GMw
zNS+aTfGJ-Rggjgq9B9(&Pe3btcaU!ExVUe>@)W4r7NwrGvP?i}{6^AHq&sP#Ihw7`
zs4f4rr0`lvjW`lEAoK0^bmAZbx+Fa7vuycHY2OX<#|R%QT%L!J28PX4+4z6R>TFL=
zqPLr$;7}0G%st26&x-ES?O#x?g%Za0BNLO<<n!qWd}Nm<DhZ)J6NYkzPM|s2MNq~G
zZ{NS`m;9Q!jGW0Dy&0scb!GH7GuO~|s2aa|)%o{eT$kUPvFttmpz-v~6qsJCLCC<6
z{&Gn_D)_R+93JZ1r*V;3i>IUS`f1`8f)n>f-<~<UOjacc8k~Lhi^9!5^IGs|ue)e(
zwUshPEs8bxhh5;HQaHIM9z0{?CzJt?36`Za{mFJ|>iYZ;s@RKuz1Lr2#c^<U3o0wE
zBe{r#;>g^P2Ib9~@J2KoA8uY?H9I|lCND;lyo(xTOcCV}?dy5?7;!N%{p1{wj$!K*
zRGUzTOG%qgDP34An^WoFh;)U4o&`mBMjl>t`S0o^qeQ00mHt_%z;gDE|JeBfJ2-ue
z^hU_+3l1mK92b3&pr_tcz1@P*xJrY!$w`MNjX~V@RG$<aq5{d*dc^NmXFVB}g~7+I
zuhsZd$XUs4R1@*O$NdVuTo_w?Xj`=ok_uSKm3;P8$^8zC)hl)*&1@HEk!dnJ;udU`
z_Ls3Zlbc74RZtI(Fhu>#ek!q;O+V?JKUJG_c_I8ND$ZzC@lq~sh!_`Y8TXn7aupVE
zD{lhJF{QAgmHPTVNU>d0elisw4Vuq=Dzs$t2!H1oE-v`;yjuiAB%{LzG7^RM+8(lV
zB&ujDn>?F9o(Qal4q#tc3)|(s*!X76+KkIySl9wy$K=7&nu92K^-CU4q?=`+J*h=7
z!Z=HdMo$y5vQFHsH9NNMv<t60Th%0Q-Ju^0f5Mvo+r!=H%E(CJRhwiOgR$O^O}e5}
z4aC?TvFu|cza))>2SqDaQ+yWZ-o+nQi59%_sJBML>tZ6YZ~uIVMSU2QHYq8xT0LL5
z*EWP&X=4@}r-j9&1fkwUHlH?ai5^!~6{+ZoWbf$wupC%AKr$1u*E%tsOV)%w#GyK3
zdbdq?2VW4CEl7dxS61{f7yFpM{owWcv~{4gb|uZy8}sv!1hV!8wcX`3nTG3W<3LS9
z&0i%_M9#3XxsU4U_ry3_UoCdnP1l9+eIL>TnLt;($PY?y7<^l}?{qO$9+s-ymWi5=
zNtbL_lhyA{or32(#V1J>;`)QB^u5U6ja7Rmk2WOEj}h7wQc@)cb$=VpJ<8o(9(~w^
z@~IqN)?WB@Svl(zqqe7p<~w%^IaZ^agaa1jk3kRjr@p3pTTn9%MM;TqH<#48QtmM%
zJ8gLW#5_&C6?aLORqj<-yX{Wv2BN}JlR>~D2-J1ExuzaGC)&LDH*3<<M!Fy+3^H-i
zoC_oEZ1G9mVGht+c#e8V9NIeP8DAgraP!nM^0MCS)eB&WOaD!wX{%x}dg4Y58K;NV
z^IT%>`J|jej8~Cu<99YhbRd~5bOJBnxQB6lRM9BlCg|zO72bZ?6n*K>CT&jgzh4MA
z*7Gpxt&x<jV4qz!ZHmptivOIK4(32#KivMQkO`;%*3+t6q&D08Dj`?M`^u5m4cEC-
zB^-(MbK&y_X4h|eh(=#z7z4Z**iFdPSRqVoE$H}tVtyiC_M(ig00gz{s>JirX5DaZ
zJ~m|*<sGBe<F0snr>ADtyKe72`EfO#n)xl+rdsnL!Nggjg76_sp>vAZf=FoXHrM9u
zC8z&<?U97ds>g~??S3&CNk~TH@;(<DtC0S-ZMJjPvOA<)H-4@QiYt7wZzH*s`!JzM
zH7DvVbjEM0QWJ7|Ey0zh5KAhFX4~St7Rw>~i&QqQ=d)ND!Z=8Gp@7fAy00|2{n|8_
z3sy`?X`vIeE%Etoi0zk$(b|<B=D7RHgX6J$SlI4;ktSJ-{=2LDf#dO))oxQUX~Wfw
znW-fW27FRzlOTzH92!WkwR$V#*`AElCZLDJr^Mwbd|qUKmHkb7#-*?TZrXtp=RQfe
z12=gm*V8!m0RA7(1D_csSb`$H?xy#<9)^fE--qqhk<*pb!VH&U4K&+j+o$!D(11>%
z=kDwIn$zeJAFv!5(cWrbd*Jme=IAA3)lsQ3n*B&L-?oHYeW$Miz5+;yoAXAdKAVm0
z3X(nkkP_%mrpD9u^*|`O&u?nS`#wX3mdBdY+ZkNPr!95I&dcQmLzmUeXP2il%~jt&
z=AIo#L8FFG7e1ZNs@rpz{9DXXp4!U>$E*_W_{3gxwKB0g&Ru_0cxdO=%k<vmQv5xl
z3^ov=`U)S3XC>qUZd9tC?IQ?R{mK$Xb77i!=|&^?3z__)Ml8-^&|fDiyC;&g2&9=`
zGP!?j>DAisN^5S?nyxW1>GuRX%#v^t-TMQDG?}ioNe;_zO2++nG&Jn*VChJjnJnKf
z-YJ6IMk2@aD7%kOt1&ORK3BN+JkDo(GA5x6Af6B%u1*TJI6JlT&r`Jbp9(NNUhCSP
z3b%OQ&L?{r7frAFKqA+0GY_*BT!uf^2mg|9_IT(>_hsZHv3dJckjtjXbOD1D*>-u!
z-F+`2PVt6q=3FU*iP{E|*1W77g#*^%+tuL(dX4fr=mqf%df$98w3nU0IK2z-X+;Df
zeEvQuJuSLVw}$=xb@4)R$3+VVW!~=;)?qVNVzJ4F<H_boc0IueL;>*aU(cg?9S?G$
zhwG?LuawMd+^QZ>qk+O<QOo??VXE#?b&8v@tjfwPq|MUl^1-0>e%gopu2)!wc^*`=
zw(KFxhkm}5XJY)F_AuRE%Q1{L-o_XYg(uFA=nGf3`Om%~FE#`c40hJYQDf7Gi;3lj
zfUd^AW<}l0rwQigt_ha=HOtiJ^@~ye$D$qK=goTZ0ORn6t~Q95A$05U#jnTl#q&nC
zt8r#0clpe44}ol)$dnhu{&1XL*gJ>Y#q?9V`|$(&+x=s@v<^YW{MO7mSyzk4<iEU~
zsKI3N<uk!(9O36`(#MHx0_oW;bJ|ojMWS3;9JPN=Q~aJg1DYTwUxuD;Xf>1u50ILz
zxb9wku`M$GjI8US;(rt$gP%1wGhc5sp1*%Z+xmnKyTRwys3ffqejDDg$bTuGf8nuD
z6`z^q>3&B}OblZXb6gYrbQZcp<?(!6Lk&@6K;PR;)kN`7`PFPI9KKLM6Ryt^A*JK>
z{=?rgzo?QU+{wuP`-7(`#S`+Qs&+6s;+|7%GE<gn>s6Zg{tR8L@rP-&ucToC-noC)
zmwV4VFJJuhVOeGoj<>}c-2UtRc&(145M??1FnUBR^5}Ma+E+qw5~2;2w~rR5{R3rP
zI~tYy%QGjPPvyF8M?6D6)^0B-BS$~gcn#DXx4e>EXfh_<SdYrTlifp?5Sv#@!;sLJ
zZJQxqTR-_JA>83Pc6Y=4GWz40Qn0z}>6BfN+tAQ|JAZuQ`1FE!aBR?$X3GGXSH*8H
z*`RFf+KR8JmKu>~ijR2Ig7wElDdR?vHD#O=#>Gt)W78m}|0NC-#5PoYaKh5qEO2=>
zlw@F&+E3P}!9A!PveEBI>`7ENBV`Bu0Z;Pfaru72_g>W)ygPaIukdxe6M6}y{SsR>
z+(G(wGx*1_G*QD0sMv=Txfr)%yQQjn0R?)dLxNvD7tbq5NoL$U;IXb_pPE%!B;``|
zUNMSl?z3y=v?WsM2_H9EZ11qgv>RO&zc@q@b~TPs*&xVUb&c0iXf@Qd1EIQ-Na&9@
z<@Q~m|F)yQ3m9BC&B$wF-leG4C$x+r_l2p;Y;}g=v=`mKF;vUZHp2{_F)e?);BO^w
zGDlCg`FN6@MQot`II{NKgSu*N4<s0;Cha+;^nb=wYzyl{`FKRDv2iq1MZEB44ndIX
zbphnDUeuLVz68(~*h!x4o=2B4E2utlu`DY8j@7X-&THDQlnt_(L$w8|lWRRlO>@*9
znLdzQFL(m+3%sX31Bln3ALLPmAA8#cG}QxqB=-b&a5Yy|p=!+T3rFL>u+*PgPKw#>
z1IdtbOYu0<R?1mem#pI^o{eu5^^ux~Ed9Io_E>b?Zh!bX@Fr+m8xu=#^Vol#5&`oB
zOa*=Exk1SxZE?jPyO0r;wbTu8cPdpb6Tg}t=UGhJxjt7iEydPku9%vdN)cH)c%Ojw
zvreBc_(!C4@K>FbujS6KIb~}?F4SZfyzi<JvrD9<etj62=H~U@CXTH^%j}n@=clN8
zM`^pu=C9A65(bw(|B(USdX;4{(0rDNwnhn-uQ>5qJ(W2)q5$>dLiIzeYHg+d-he{U
z^2VYP>}L*Nq`<KbK`}LBNENbc9obl+LB`KY>}u1u)lWmonJg<mLw>`7!_pkcaG|xT
zXOEOo_~iD6*CY1<2}`TpgdbyB+HfUPqYijSeiEF7#fYKy%8!Em?^iz*%==<t<UY$+
zScip)yN1f?PZgt;^BI2mJ5y>kU`}gO#T%580A|6k!R0OgWDT}&2l;i~wjIX`^t<eF
zIUL*THPxH{&I&zU-IIsj-5kF4Tyx(%xQ@(IA$jjzuArGmpzgbfPESK=)x^J-E*}ks
z%aMrbk#wl4?1VCUG6@}mQ8E2W`s0jvP(guv))nJ6Pn%DMF0;yj6rwbh+<$xHq4RRU
zpPujUWU%4QE^o(Km818lK&<foWbm(fL=u;E;<$hr$l6&7j^Z~MMR+HZ^sO_Y77`bg
z<y?2X_UledanWG4-;p*AYE{l^RF87Er~XrC3sIkHT3Rk5q3#A=(tA*rgO0-+Qq3n|
z>wq>tA1BPqPE<&;>sv}E#E!Bawr#NL^BM>NV14$*1mo_C+dx)kO_u8@bXU*k0PBD^
zw`&aU&rebTmjg&|Q0s{duwT)7P<q>o1O5b6WdfjZ>(+t_Xsik=h`e=yHOY6OC{=g1
z56Q&+qA#ZZTm=Gc<!-c@3xkEv{hF%||FOD5Yw#Y|;@XxO?U9X>1R<WZczi0HMZd|x
zNSs$tR{|V?c{2L;Z9tqCbGw_dG6u8RSGe3CrUPWOdfaA`{<dZU%4%_2Z0t}OYYU=S
zMhBVLH%sS5Vdqktw#d$sf+(A{MNJM5)m!1!3x*)z0M~IOC^_)pXuEoU+qHJN<Rg4L
zhE6W9HDW642%Vk*!FaN1Pqx~cRH9Y4JL%-W-Lfkg=HZveI?F-)>FM0jJ~f|67BAQ1
zgulIbD(ZPnE!6RyQr85YHhI{)9}RijuPb`ocOQ&GZwY01ZQnu$eIu>8k$kn_`GV0O
zyBqWb0{OfGiIW~pw4&A#3AFgqdK>p~kNB7o#nIknEcLal<1<4BBDR008x)$1<lIdX
z3c^oO2*g)ME*!N8+1lGS#^+qIrplvHG9%iF&`Q@4&|n9!3pD9U6#fzQW&R@FS3DVQ
zWTr1Umle+aIlP83M9DU7VSKQOJG@iSPOOSl#TK?9kT)N=)hfL?+uPEm(SDcr3B0_F
z@oV0rsd)oI35M5>O+B9V;X2=DqqW1G%X-_Ahd|VL)6IVWVYri2VBD6{X9<PbvRmd*
zBe<>9Nc+P2S)}4(>2>Zf8NbH1_Q9d30Lrg<hxZGni+fyaR`V(7wZif~(J@EGJlu1H
z7@X3@^UAWeV<;p;jz4vD=c@VEHlPM79!Kqp4-U0u(5RVCsufRt-5Yv*<4-5v__J*W
zkt(#u6{cy%d|vJlWM_Xd8+p(b*YVGiKqz~_MO-qvpg+EE^DIWdLt-cQOE+&ap1q+?
z+r<jL`6(VL-Vrs8g#?FpZe+~+H)IwjLmnu6whe-aiBUUvB&F{3K{`HZe!hs7&c?kq
z_Q_BAnUfQPk}-5hT2%+kn0#<`flHirCXk7f^q#-{N4kMJCB{Hk#%;Jb$U@>AqSP=H
zsG{J;giQ4mt(~*<^C<z5g7b1LpRSQ8S!H_urUf!J-2{~d8Frn;az$!X5`5mXRMdOA
zIiwVPo_nc$I>#qQd;quZs910Hu`W4xYU+J^3Qoz?Abx7{+uJa5J{a1{9Zh|aC$ih(
zNA7y0a?gSq_`u4&WAdl?RB*nYqigVc@2B+!oK!B#5ECdjZL?PNa{b*(GqC7p6~m#=
z=aQGZaTcH3>6v(iQKB^8?TWZ8U{f?r1FiV<W5>(5PS09f$rf6Tox1uQPUb$t?V!7#
zY8z@~#dch6uSZ<1xAn$<p9)@@yYWk^|Lw%p3erVm96x`h2^M<p^&j75k8e}AD)s{Y
zkd^68($q)DL!Fxb!!OMfI@VP}&M7eT8|*k&@F<WxiwPMS?`YoM&<M{GlcOZTsqe$N
zbD`0v;!bBa>TqMqVpUy{`Q&7y+1bMw3P=ME8aFQiifu};>K>9LgJ2-%aa;j2q6&I0
zB<D*Bag0QSDP?+*jr^w=4-3zXDGO6MPOmfv1Sy#o;V1VmL*mAhQr4U}2a$FnmKPMr
zyyNOy!!~NRt7oK|!Uj+^?b>c{7z9%`fB4)suI3bcNIu6IKxlX|abLdns!NMl@1_62
z0BoD;IA=3{g<0&NXMd@Fla1;Xtkb@9YB6s2Yd#ImWQei{w0c+_{xoE$QB#TWt66JU
z(8_COOX(xqW&~YbIRV?%rAukk=>Q+0%zkWT-#o)R^LA0T)?(JXMGDEelF@bRb#Hi5
zB^bwS+ZTN6M~OOfI<%bqI`U}Q>ny%>i1w8Zu@dYT+jbLeln%->oQ1Aj)0vS@jGYRs
z)FEE2U3#6$xFAfFie`W*usFtfH|Ce?23hV?9}Br)iC-#wf`t2+IW(^P=_)1;0%{l?
z3TQoQdcnS~;*}0X9!Z}{GY<XD9jGIzWIN3B@xUvM3%P)8S76#MM68OqaQ=!SE&Ipb
zmnuf|QujW*CI|0o6TA;LF%lATL>dK+0k@r3Ot<r6NVPNUEq4~2uyeLC6?AA}|Ic)S
z_pf<!Ep*sH`JZ2m6G)Mpesq>CF4yW0VT9jnuFZMg#1Ka@!?z!)3m&Eo5HAP<dEv~W
zziezFOg_rSj3s+@m|f<uY*15}FN_>hcP_6b;KOnr^=g^k7VXu3btS#8g_z;ntLb4`
zG2SvqlE&(z^p_1(&F4Ibcj@NxrK)b>eBVq-DO<)kMkG#)!?beC^~Q5vkEn*L_b7_+
zm(c9VM)Kj0X@i0ihSe!>4E8oM_@+*v&3;iOM!awx9fZiD7(Ug8kL@cwiyGw~Z<=~d
zF|`DaFP(ntT4?TlN=^`dPrVvrk2=qjeXRrrS2b}eL?NR~@gY(d$7ge)yiJ7~atnlE
zDeFHdJyauRgwiCGt_8fH``zfZpNuq|KFvc8yuW1#UCzW&Ofx6#fw%dPye3<R3&UbM
zxBRbSCNAf&Rpn=D@&A1Ph>19y4p5B-0B<3WCBPNu@0XDFUAJt2aD#8?J9Wy^dFz?_
zcoHtm&*%a1e;Ug4zZgYjc^<e+ectSddUmS9ZI?d!S|_H;hs!Pd_hVeA>ap5U3r2kG
zvFL5#yo((dIYq;Ul_<_+v|PC)y_>5@g7W=XxAkqKqXb)>J;yXs|GSL$B_6g?P;I-w
zUNrYrSHH6#l2M^1FXKL3LYMKu2De`<7f7G%@o}#grveT-*J#%oPRXL$DwJ<))M3wV
zql1S^n=Mt6N1eVk)Z!|(pU`*F$DD4JOJ)bme)9a9cTLEt#|OjGRt;ATR@oz%G;I9~
zXkH``cZS<YP~E^Q^ou9WCsvg*yKjU9pI=vGbasiaPWV{%D~+5hQ0_k?@nd8Xxy*bm
zuX<DB>Ab!mGk`MNrnD?o!do~mX1^mNsf6j+K84cp^!zZp7CP4wJlj@l>jNo?txs{o
zc)nD89*F@Sy`;9cyRQ{|NR(mSlubG8h|7uaO&AY6(YQxezaBPn{f^=rgj;tfgl*hv
zM5B-I+3K;qCSE#QLH?n-HjdCMIBB%9!Saz2A2Vl-`0Q6E{n<{NKM={!>orN-x9e)W
zu8?VSCKncNsy(xBGqwyamKXjXO;;HZRnvt*rBg(@q>*kUL_r!UmF|XR>F$sgkdSVX
zUYe!5ySuwly5YME@8?hVa_`KUGbd-BhwP$us^Q#&oR7wFZm6c_x_s`|&eCqMjv3gd
zLOhtm)4>L=#D}?l=Hky?LZ-8dx;*r%7xT~5^(Lg+Rv1^xd+GyBhuK-D6li13o26w{
zG<F}V%_swXf8-9S_P_af%oJT5Hkp3q-&{3HkYl^y+BXlGBjMfE7P7v22k_vISe^*r
zGeOUVr};N4?G_!5k5w8S2j3(8`KVHD)?KqgUMb^6TI`uVMY=0sA7R?$Ay}}?f69XG
z+J$Ll9bh1LZb~wuS~@?@{IDJ6HsxRBU#|UL;Te!YBk<eUw=o;ODIdjFe=uDdc8Pmv
ztD<zZh~Q3)313HH5cf$j=)}Vi<MjH>Jn%YWcjMP)$f$>Rg<d5t<3_8(I|8O(H><A9
zELE=e-Z~*6;6(?o>SotV7L!0By!(G~c1<@BsFi#6UeiOL*N6;+@vr*B+!D<lNQPMo
zJJ3c3K1X1rSz*-lA2Xrrz9J77D7VN(SF?r8U&V51Z4CeK<>Ft~ce@QAyPma=^A`EC
zDhZuVrzD$0KN_I9k>r%4--#P0Mk)LuFc@CuLKh|R=AyNjvw3N<Mv~BENIJ64^88mw
z{I|7EDWZ~m5Z?aITlEA!j6MjhWwiRxThj|YmG{A4sh9*3Z-aee(TrU-TTsEqI+)Q^
z%(kc>6FWWEE4fr54b{IZi5#7lZny43J?rn!8F_)@l<Y!ShTLz%d>VI!?-wtUmbff0
zB`P_#2lh^#REHh54_BTwDas@1k$t=z$*b>3z+hlZ85sWVtr#_}z5Dtv)8X~`30b4;
zqJCh}k8L7NqAukhHGZCfGB3Ky%sr%TgZt`kpzo-?9psb(g#)R>xi$FH7MvAO#*jEo
z6Vn?@Qve`YQ0c5vZVamEpV&s%hDG|Sn)?q5s0Tb3&Ect^mptd1t(sKG=T%dLiyOD@
z{W_}e{W#s4E`Cq{WoBXh06~*_Zch3~nM+lQ7{hb^Wsa*s72lc}-ad69uj?d_YwFK$
z?|!bkUL;N)obSw^Sd%1x9&XoskRIM8WvO?1aF*p9VZFi2bKLP{&f^Xj95t$S`^@^g
zJ^r_V6wBRy&8s#V9wA%Y6ZT%t%Y7m)j2s_1>$eW^Q*0Hb780oo78*lur%UkW61V2`
z{0Ac?74>oUP2Ce(rdx3P*7O3fkjr-0o!<;J&u?cd@8^)o89-buu$VMvk3%jFV;l<^
z-Z57$b|wa<RiBqRn0SEhY96W%Z^^;86Bj(mH;~U&n(z3gNmX3)5&CAVijQ9+U9eh;
z^3I()vyy^X!rv~oqX*_7#gQe7mJ23-=Q0m#sdezGy?nU)eY{)F3lU?ys-jrgmf&QL
zTTDeJo-cEqhel}L{sT`=-VNJKhiu#7?YuA__=4vOayN7z(Oqli@_x%v2DK#_KHZtt
zUY`AP&n2l|+q<#r_vgGjX=+m)#B35x{8gH!@2bnHwYZV}z8@6*;QIMi_%B5BE~VmO
z5-PIpI#Ijum$d%32EFq|A=D$HQFd81Oq^6mE{@Wev_@BD>b>*Dl=cOXx9BPxwx9Jj
zEb-l+50QIr#YHr(p-BkYY^aql=64DY<i-21=Dr-Qt1a2HX?IBte1pAKzXUD)FyuB|
zW797mtPy^o0Y#d~Hh3Ft{x%?cN6nWQGfNM_7h`W0{O|P({!;)tY6h8j(liy>PL5^H
z#rxX(;_MZ^&h_OLzA)m&UMShknSaFHZtLr<JI9WiCM}!$4g_?{XbW0>T>cX^;cd@1
z=;E$v*;tiO;$R^HvAg@h=XCC;-DPv?vV9*lk284$_DOc3yoLJ(XM7($v;|d3_Ji^J
zu^tY-{h`82Xlk2}Re~@dRvrAr<hb96SL4W}AaaMw3x5r;!I?CdS!g8PQv2)bb2nGz
zI3VBJ{+X()^+mMt=kwpaqCyi@I`d9{D!*`5Lsb`Ivbb_ez+sm7bBW!jrt3i*kz?p&
zEZ*)##r@%Y>?hBW%u{ezyUk9QoNB(A7L&T#mRT2VI0|_FQI)<^nqY9OJ92f>1=lp?
zjH|z8F*jorPX!p-?(X{>twVgAF3jny#UO3sDYYJnj_sUAGAzM#XXaefel;LRjfnwW
z*+?AT?bls=ENp=#>T@U$)o7T)x!j$)$)ETVWUTK&EA0ed@F}k_Y3fD-N73ob(ES-+
z)R}iV$iDadju>dV&GZdK&pr46p(Z3DDj0U5AS9s15bxz;o|8*jt0)Jpu?Y}|BBX*$
z3f0k+T#h#m^ZRR&1#EWxp(+=<hv~!`8ELrNTeSHHK9vK|4lzB=5Rk*QSO|R1aMelb
zeSvn<^7a&qpzee2BFS|Kx5rkz70>ZUPMJ+LE`(R`gNJv`R$$Q0MFT2tL-}3pnn02B
z=PjwaU(c4#B{L41kKagzgT*{;RR;JCjIO@x%zLIyjF78~mM%$N9&nCtt#6Mo9a^)b
zI=+ZTN?gsBVYU5M{<bwRZ%st~pt;hwJCyN{PerAoX;lL~^WqsRXn<4;scDXXn^|<u
z>YK*mh^nC&T9lzDj=ldMsCnu97Ve~koDNM9ts5A>{$v6oaqw3e(TeY{uksXD`iL1$
z6#|ckJjdUlnNGaLw$ue>?vGO^+sEigrEAgjAppD$xu*S!7`~R|gUS7Ve|Y#g?40gO
zC~N)pYADO~3YI6_t7ILPPvKY!{NVu+iE8Z%f}gN_1YVnIuZ#Udi!{OyuO@qA?vPk(
zCRq@wC4_${l8`EsI+n&|M&inph)XNQ9X_08kz?yUd4gny7F;1;{#!PmHbsgyl=jo&
zgT_U7#RCS*$Hb5S`qShe+TaDkc1|m~XRP%c&eTM|@v2{<xCP>~pg=}3a)cHamKGK#
zN*_!d>A4Cs%zrD9(nDWZJ7T~4n4G1pU(@&t@n=PMxIvdAPBOfV)kack&HgE|t1$h$
zTGrV9s$JGa<B^QMg|=7?yXOU;8YHo5`C_g7CqE1IycT-STlm9LH363-XWLasZ<IJ2
zk~+5=nOjcPHVdVi3yzj{eh}z8RXUrFURvgGLtvnW3lRO{i|*#jiXQ*L+yzhW>m?1l
z9@}O6Mp~-V(uNN&>run>i8|haG3n7p)`#LGr?y1y>P~a6Lh%J@%^%oP7tBlL^}ZXg
zzbq9Y%DK>Mddw0+ymZn!nJ30u)^Qsw;~?+vrBBT{+QNcty!;q*Dh%nG3_KqixQ@b&
zWU^cl?+~ZDefocg(B({LR$;x<{@3wv?^Tl6#^&B7u!t!T!WuAEMLP8UCK<Rk>x22B
zRuWZX_TAnVa05AMYNb+tv^3MSJ6O&&7-^32bLPYS>ee&Yk!3sQY1vIH>tFb!%b)y^
z75c`;t0W;AgXI&@Y*r-$IUj;50n55Q$7(gWMvOGDY3Ls!Q6HoiYzxl~gRHS7n{nU&
zCQvg|Zw<mj!+Jojv)QGE;@2^ML_x&VI*E8Ckm>Z|qxz^wCAg^Ed9MbnWrSqMExXfQ
zX;7H)JX||Zo<^zE-e3Q8)0oNhrB=h{R73S)K39XqTELfwMzgf?8?1+cWr2H5mpL7C
zt0uwQs-><QEsGRuu~R=U+NweatzvJK+|=O+n@VS>JpR9F#bRn(_-BLDb8SC(OFDxS
zNvfkhYYgFK(eS-(ZAWdZ(DOIzQf9^4v`E7vE&ek+IueDx__gLR<qXM-U{XbO=jTN2
zFK!bxhmpyV<Aa3*$I@8KK(T^~;WGZw8)ZIxZTkr+a+W1eFN2a|-l9qC>%gOn)&sLo
zgQM>lOgQn*Pg?S`Uy3^|A-`%tBD!DCL+A&ZRUTOHCtHD&e12tPNp{#TTgAIAKyTq5
zhBBn(QEY^4M1v~$DhP-7Buh~<jCG!I5?Q_&h%im<tK#dXV1uuXGsR<IIB?Ka5BDB1
zqguw5|9I_WvYSh=n6W9%<Oj_NohR_csB~0Eqrtb~OYldQV92Y~D)&w8-pOHHar7IX
zbsU{8*OmM&e7O~#$8>6DSHnrZOBh&mGFEKtVmb5IIzV0TH8f^*qVlqrZgp=`jkn0@
z?;){keWMLUVYSrqEW#9X7F4AR&aSY`<Z3*L%R2ypxI>!GrV3otmOb);DkT;!Ey~|U
zJ)$s?RGqXh9C_0+4Ogp}reszl`D!k%K74f-gy!{NXuBryJ4yKG{hjEa0^!xWqpbB+
z-mWHRu>Cdric`3$`+?Dj{QX$X_NqrT9|IR6KV&gi=|U;j!6ohBsuR@;O#8~Y5#@7p
zwQqyJ(p{FnJo%@HF5Lhj+E<AYsx>==-#m8_2-(UhurJ>O1q(^Y&ecnjAk{DzI$w71
z<^k=i7R_gguldZjxua^eA`afzj7PsO%$o_i*on|rIc}u><bC43zqtt)DP$ANnap?+
z0ZKx0yIZyz8QPRJP?)0g*Cu?O`FTQr9N|}R?~%e%zPOi+o1m#v?5svTQ2WG(h%g+U
zj!}mF+Hd|%K~7E;(at=*+210gMc0$EHHsBHsv>E6UCMl|gm;IoK=pZjLW98M^ng3=
zkY+}E*DY@=yD{_!ZhD~MIsyfsFy;=UPPd2(yJ-Nsu6#T;dqXzqxUBeB%Yk&P<nfbL
z5#0lK=h~C-O2}<VhqStTU8O};#Vj*eu5|snQR^SXHw_m}sx&4>+NLJHB4!k-G``9c
za_Zo4s<|ux0sCv!uAQ^imsV%>{kGd797?UTGy#tANS9R2=PyRJ=AZ~#9mB0=7zD_V
zmBgtA9!9?i!+wP$j6jCF8^$I*s!nz4OW~kN^6t56Ndr%Tq<lmUMxU8|b9@kyP1J&9
zqPD~U=QEF};SD{0(2-!jI093^H`NysnnPM4-%uJ3(1Sy?8t@O^&ZG*^p71oEU@iVe
zkI*w1LCGxBBMG!o3Ynb}niu*P=HP$W`0r20AFD-&?Ur8`w=DVSl`PZ7)(@<QA}X~h
z6`PZJaJSK-_x<x6T)*BkPOrI}lL@1W4)3Y$bgY<iFX%<SLu8SS{@K`ObYovU-~?us
z+8)4gf0^RZD|3Oa<hr9qGJ9HPkfSejIw;3$v#s}@?)w_6!w8iAm6t5(Oc6<`Oduom
z3A6hg8p#lA_T=*QUS_A5;>E0TQ{{H0($GIOj<95U>E&SwYrix5bjxo<lL`culE2T)
zW=XRa{M!$`8NH6$cP;0j)n=g}JtbcRnxv$R+kM_R&+U^XHngNa6^31-nWWgcR_^ZG
zM|Cu|C+-h2Y0gu`I!1WLh#cm8KR@bFY+U?HJMSpI?2nWn{YH;VAve6YxY!uV+IU$#
zMKU!rLnx+4BDUc7E0m>SKQXDktAH5QQptL>#&Isxkvx-8z35^|=i2>4+)Zkm9%tSK
zWNUwgHjFx*HRZ&9O-;GL$RS^SNID>p`Ex}ke^8WK95;LbPIkL8xp<|+eIV-sShwW^
zjg8-V^>kC7@Zq%G$|S3mn&Y(lG=C(izaw?R!0Y+VwxV}@8q)_=!zv_nxY;KjjWGky
z`nxbYq9~3QIIoNFPyK~SKSisXC=Do({OQag{a7C;;&!INPf8Muk|prtU^u8^{kOb!
zB1ai1zj>E*U7n?;u&avy7s>kF58Nz}9}5)<3#z#m>z~#~as(+2F+PlqxyJBhcIy6l
zufSkm)%uOniT)V1?%?Y**u?89%Cux<jzN=ZFFZkpgs!V`E86R(3u1gVvsQ9<QL|2`
z<Fr8N@cC;vA<;vd8=iT}@_y|2b)P-_yn}{@2CwD(Cy69*ob(3WBt)ZHSFck24JW6R
zz^48A>6w_HwoGYAXWJPDqGQd9z-d^~!~Lk)J(JR2Y>ivC<@U7w3JV5Wtd6Y!)EuOd
zZ7#$}NCw?BB5CXE+;V#U?v|`5>mu@)N~d9>81Gg(W2HTVnAvqK+23k+H7mi#tgH;#
zXsh??-3gOHTqyDO$BNHf#0~z&V-D780}V1qs(Aj~InB32LgH%l410o*^ie@Zdx&+)
zhJ6z>+SBG0Pu)WL6sqmZuc%if$@+<oj8)vB>C#HW6-4F6KTfcO87^(!$eQaZZS~;o
zp+qw{^w<O;rM#*+r4}4iA#vptkNSk-QND0C>|uKmoJOB8gO2&_{c(rY-R^}-{Dz4i
zZ`1C^(#>j@I^8ABy%`$$>&q=0X3^wM#PL}vri&AuTMlKtrZKQZ*GiYM(stEaHT%mI
zrua@Aoy-ggVG@DNVx?)Hwd?RehW<)QWsrqms*6W>yljhkN|g%ESf3u#oKwnqg^}Wo
z@5TYCMuGZ}vU5)FNXr`%YMiz}G#Lz%!bWO_iVAA^ao)v=x}&00C`3b}%JOK-?cO~t
z%7)Cj`_onR2L`&dRugi8yG#)xuzHXsk)?na2bF;Tt1oG5rmLwNrUpOCWyZRlM1~gJ
ze9i(zQBTKaVu>~49WOhR*wx>q8K&x&r6m0|<kB~kA0}#)SkCr|LsV3X7~{``bBT%K
z{4(~*bH|19=d@Hvx#X^Xt+w109h>|Yj-A4p^vTwg3*p;9#v*`*PDoB#cKi!c>}gpC
znzq9wyxW1uRKE#Xg#-qND>Ay*+!@;9l2!eggz)vzYDZ`!V)!_J_DyBhB+9)$>S%Mc
zN|-)+%QV#B`Z{iJ_VAicx#<C5Q?!1#%M^#02@JiDhD<6N(ir6k<_MaY$@D4J33l0S
z<*5(JNeU29!O>E*B?x{m6P|WYO}lo-;y!L`23<yyi@|$*@xZ-m;V~X4q$G?DUD+|>
zGxQx#JMPJ3LK`<xlTI|a4Cj_2diE!Gzw_g|zn?aD$$ay%zUP#vcG)|u-nbluY&}Ay
zcjugIGo?aZ=WAJ!)b1(Gw>Cs$we`q&E+M^$aa-9eS|`8zJg=aJRJ|4k&P+2u)w}#>
zb*n;o#`-V_eovOvU+FP=ekJLmvR&nCwU*w|jF3CK6zXyp?k&}`6$VUkp6|ERa->4@
z;*t`hL*))A*u%<m8ydhT*YBEGw!=8xyYHRdM{BCLjviEl+x7e(iENzILU9Klj=r${
zs(C5uNT=c(OK1HJD)IUK&TQV0Rz18RI}?qU0_7o#haY&;Udqe=oN-*Aeu;Ml&RQ)A
zl03}-uSv@I4Tlkb<gO5nXeu9casbdm{ib=xl+#t6q+EOADBf|{vbkj2lRYD*M`2GW
z+xX#7620@$IZ<)MzDH)jFpw}7-;7jw#0*`&50^vZi!pgcae0G`9dei_GI)I$lt{@~
zG^f}WOl*mB<+!R*8rahv@|>8*aGy3ql;IUJUqG;^PWERT<eJmtz!%}!d0Sr#=<w+n
zL`&aH931rd*}AR1z(uhZq13IJQ8DIsH;hk+z>HYA>kS<E_xAcXd<6CBb6$H=9EP12
zv4wQfW>N30(u@4M6^glQ>c@s7&Gb*OjBMli6$ZhoiPWs`UiAn(!_1@DM;^tO%GgRC
z=xGf6EM}q+A1*l-Mis3_g!G#><HBED@W-W$Wegsp3#L&b|8v5mV<nMLbdbwWZJhGr
zevZU!^7k^L=;ZIYo>@<Zu!SKLVDs@i3*DjPH`ICuO7R$OJ7-)4lU=75Yxeo2z8Lyi
z{=%ss4$92Wwml2k94HWHKI8jS)$ncSh+hN)B&LWfmS7vw;h#F?GsNYvQ~UaEOhE64
zI%7yCeF(<}ZU~xS@fcJMf<Zl<Kl%87;Pg2IsZT?5BVHt3W+W|nkB|1+zi|N9(h1+L
z4dRY7t~@>%CfUjttotQeD5Wz4LFcaqV=I~4{?S<4{Wuf7#*g!)XW;;?9*_<HHC~y?
z)=bs2VsVppk7h^HXttZ37z-p&A{8^kE!7P?O)@wwHz-$!l!5>PvC)MEaBLc{fE(xX
zbn_8w{YlE-n89}k6=ML7gs@ZzO|oq-1NPf;wg3ro5BmUfg3f@QM09k5a!bKuPti`{
zhpQo+cXml>RCl^~Q18vnA<Ir7cWAO28xIuw6#W{t`~^R1^uI4r>p5K(yBZvYVc^e7
zDYU0I9}P9ermT}Bqqfc$wxfpt`=R(sDV{2vFH<S6P`xt0pg@LyE6mD$E!FLi0hESI
z64-P#V0AuYk`_$6T?v|kajtQqafUp{<bxA>J}d?x^Xt5<UXPOLuRZF%IRL=Ft8Xk%
zo=bC9UCAc_!*cB;d#^EgVq&q(bpcRr-Q4~4if9DDBkHsPe$2$zLxkmdRy$iSXX<%;
zNrka2K-Rl?Ip^o+;X+$5W>NN3>&3uwVN)!9>t{jboG&OuYF3b`a6%=$D<$h)WI)F3
zCWFbmzzDZVzMsfoD(I`C8}h~UZF4b6vu0e?@aO<EX$pA&FWLkQvyKLlA}pS?>F&Tv
zY?r#TFts%O6&oV8J8<W_N1=u9BLVylFV{&qdZIgU%{{{Wy*r^`4Fhe#a-Vb3W_p;;
zWh;KWqzD}QZ*eiZlaB7#_J1}pQg2-7(qCNS1b<k>a(NcR)bO3)G#=N#`<CESy<wVq
zA{Mzd0B6DD^zy^+V^I`Q<S>z~A4J3iS}r<0N8E=m>A*-Fw{Rh?$T5a4ffNSXx{G07
zp6v$T!$>cn3yvC0luSOQZZ(AVDTQK9dN1J<V&F!%^z^<eYK&HWm~2fu3?#d=c;9sC
zuYD0)v(@IY_t$+(VCj0YO8g)d20siS=H|cz*aSo54DxvfW0XVI1h8}e8D+MVxE+P+
z{CEM7zzN|{p;4M35v;->Lv$&Vj5Yxv4H!9KhdtlzzqU91eElUsn|~|D<f0Jof?cF*
z3u;tuZf+uv0b&NBaKcjI_xDE;Ne-Mq@%F{AlI#EhGqMhV$ZJYbOgG$L%w`H)=uexU
zcb9!t!ltXCYXhLn)&cjWsY6eH$?A=z0e7a)5<x{iXFu#-lHfl|7mIHhuAPFt6~^)i
zKuZ%EcFA6sr`^ehrvoq}3}3o$R$do7cL134)b0S7V~@H8K56*D`{QmZ0*7sYM6v#5
z4#JpTKB>c{rpMXDfY$eTr}{P0tBmonF+cGPJMl1#ei?la%Bi}=GnSZlhcByaH>B+c
zfxaRGUAXBz@#4P#7~w<|x<?Wt;b=P1G$m@J8Cbgduyzl)<E>CW++OXb<{hNZ+823D
z{%}N2>!>gOx{}6&k<g?wL*nm>zu=bd-E9d3-m$;y{dwuU$TNb&c;ph0O;jZS_h%5J
zTTKq!zvsY*VXR0#0N^37BuGb>+p)V4!-bLy56b#jlv;m?4}P%eotc<8189od+ik0K
zUw87i+VbCK;x{0VA=O$Q%vN$Vj?iH<lMo||CJes6vFPpL!siBkC=d`37%`{kT1RR_
zjEqmTQKCfQ!5X{;xcPh`&{<T{@Ez_ZCEoIDRJyz?X9D1#z*}+n6z>i@fY7yj6*lo`
zIesan-tFF=8~BdaOy7n}02kzwzW4ewzLAzqg+QT;`B#C|P>_-=!W!B8zX0uUVx6RM
z{H;RkY(Y`2w9=-o#rlHpb5ueYHiXTMaxV=1t39SmjU%duJ&22b9k3DU_Obr#0R!;K
z^71S1Fb3shO{v!ojo`OPMgx(pdbDZ=a1lBWG}O2`F@@L*10m)pg2JgNUKe#s805B$
zq0a_OY)d3;*p~Tl{R71OgJ1gss2fd03^0o0TYy}posb1{<dy`yNokVK$LZfd85qdM
z$7d=+NN~vat?SKEkG!W+5i1O9k*}u3g67!oL|F<YF*NaW{h>o~o20i$Q*ui%sjF_E
z)k)|G!@5(8iM>u3>Fa^zpECel!u?It1F=MOJJ-;{Z%pzXBzC-|b7<Aw?Ut~FQ%}Ak
zlUD8c_w2-A%rq1Kfr|s#m7k)Rgl>*yR}F%W+8qpuC}C=KG|!DGjoUN2nrzyHMJe9P
zaNlnEt3R(H3wOcOBf%j+wPn*KS)YouCh^?lOnV3DbtD|an`u4<Q9){wa!xMdnq#|)
z8Kl{GC$w-R@4=nDJ-0RDrOTQj56nPvJg<|arFj77JyQryRJbW_^2h1P{xYy%5X7JL
z6LH~<ZBI3xR|3CJ6@pd)%m&Vk>`f}6ABd;atpvsfIavwaxr%QhT~10J0e0UuRbMG)
z_Tj$(Benv+-h5v<-{((Djh7v)huhm9q+ba{6LPoRZc7OF7Ng5^@#wPu1(bK~{D7W~
zVMSKbnAuR`4XekFjL~bJ?>ORMn`4&)kWT0(%(IR1U&f2@HpPvs*B?v%Ah1u@<h%qR
zAep8rY-!(`pLj497$as4ynIMxS!gznYxZi)<ql7a@YpxFIur!>6|C91Uqf#Bak5|U
zt4z-zugznuA=Y3Ad}NrUUe}x)R6e$R2Vms@KppVOiRtnsm%;Mx&n8C!hDM(Rk?T)<
zfS0v)1>tcFi}8*AWb~>w5P!bXQsOcI(gv6=L9#J`%dIHvZ8`lu_%WK@I58>W-F8;A
zoQR43OO7VjGxKOYT2Aw?6xlUbe9Z3w<&I@iqYQ@UhesNOVY5ie{-%YZoU&n70sC#&
zh}Dg-cCdZWI?;rHOS;GyCMGE=L{u)QRhRGce*l;*KR|69i5_f&z8S3q02J~BrhZxm
z>~BnW4-!TV05Sja=VVJ0z_$sL7V0=52p)$DaUgJ&@&*Q6b41ni-6qs^wDFfArymz?
zWPnhL47dB7@a-(uXCX8W0Jo0-Z}aTI(kc4jodJi}yoO@T4qQKJe+Fo>kiD<BybI8P
z8vtnYt%~Kwj1dO{XizR~@O2_rlGoeuGMwwiN=a^<Qf&kF7(pNu8p0-+w*|lQu>vR>
zO5CWm6=RN8=$cRFCTjdYtF*R_|Kfr@#Ny%M0kC1*^lcm~Yk>Vb#^eM(uf7%|j2p*s
z36P^37(B<U3pm(84o=SUDfza)f4{I8bx<Q({2dmmar*Y)78V`Iuk_7l4Kq|E6}d;d
zH3}MK)5Cs)8#Uu7{1OT=za&wpRK^tp=JHHf4bh*>g+>$n6amTs9A<Ck_DzpmPCTCe
z=f31?c{Jk+?Y~>+liW=DUc25UiF>}<dXTJQDrVtuUi`SB1~FAqqt#~+VKfIC>_Zyi
zE;OtUr{2LzF*(wf-?rjfu4b!eVNv7IdjLaNK4L?s{qN!7qMz3RF(R*iW3%vaL)Okk
ze(B}FzEfNzx*4`Oo|HGicN#<#g+%HPC|;?rSuehcQx&uIEgI2cMm`3hLzvi#@OoD}
z!pOU7CMgc1QgjDBO>^fkY@3S(r@$kR76knDCO7!wB`va>u^Slfjag1gK>V1zFeyqA
z!C&5zUo+p`Z9+Y$CRV>fUW+NFl2T;)GI;_4z}0bFllzK4{-*H0NBc{O?m88$<t42_
zuL2EEC&E>sL;1g=P`yZ2?RtQt60~on%UF(DYqdZ<v6=thED4V_3XJvi6UPWzOel6G
zNF8wZ_W}BOQULe{+lu~_=@P@j$Zi<H+7a)n#-acgI1AD>Ka1^~swvzQ{*2+Z|Cfbo
z!_mOgl^oGYLZS=CH4!cU{t7VsA8w=X5uqIAdNS($AkW4h_-6+&i4Wn~juCw@^|~HQ
zb98iU<$Dk8(EAIo2NlmC3jmn!YIdqI;Kk2Hpuc2SI3skPa{-`LNxSs!Pij~R0c;gj
z>wq*8Fm@^gu`P>y+GeZ|GgJ&9Nu$MvtvRf=ulZeBT;7<tVvgvXDd29nAW)MidGyf4
z#TyxIvL*OVG;UYs{h}_(m&(bQi3QI<rzek}Yi5lR#)twrg<?!k068-Gfhy!%Dj;NB
zBmSSu5i9{YJUtZ{OL8~@gjbu2zres_TR}ib{DIYvQC?bls(A-%FgRoKC)jnhKi8pX
z?Cmr#$q<fjACj*GCJi;_EHuWn_Nm?EojL#eMQm8hTnRKi8GP`ed@NF>^;_2C$3oud
zg$wf9&IcTP`%*_nr)XXmZX%XH_V_YpNvbYPEmqrx+O-L#y2$KEBR8s4jxWHFag9)I
zqPpdxxa8LOFn)76hA6YqF)$O|-AuZCc$|_{r<}fLAye?12|e=}ngX^QkDelP4cPtz
z@}H71E~#C;#7{o2s|3Jv{c4T!rFL#}UNal2DIa>S{um=?`G?=j=(N|Qimr=UJ`RN{
zKAAUyCADfv*RU(Yz=4Ue(rTjAdMjK^V4~3XapQz=Xb}YYPMcLqYaO6DsY2Ie)a#%a
zzbE-n_ebHqLIpYUBIzH#MM#yvG#OWnP^{*R&1>YiNURT)c@7aW*C8bnRS~e$%^UId
z@r(YrRZCunlQ;cZwGtU%JzN1r3x7o%iP-!~K+c)6_?zISrm03PFW_{^>&)-t{2{CK
zU!P2dnP_6HL3K5OxHeT;D?zpcw_HGS_iyqlC|F|@{;u)q?@@v$qNxASGx(Rvo0GOw
z1gNV7fI+X#9+OP<^g%@?ZGx`#C~Du|P6>H(PjYLPbYNnU)pzY=3NBx&!utw+TtHNm
zH&fKpm*_q9a+KE?MYs5z8Dptpyd~dC9)HfK=pz#6mf^W=*F=dJD0YRLc>0F^wu+Dl
zqnRqhE%M-|SQ+G7&g0|i*mPNwW~7whoUF<9QS0Qt8g&^U5tu+SWoZpHL^Jj*G`e{F
zMd^9-D#3HMW9pBq%|Oi!b!d|&qMk6+76nq^GwJHbzd*83o%p#G4>6y#I7+!?Hb&01
zc$~`Ds3`ThO;<iCZegR?g{n!qw#Sd}N^M_p)Viev@JLm%7fX2g^_5e;ws;f?jzt+n
z@0*EAYe(1(2Fp_TXUQiuqn29b`V-ivG`c?@c8eINKJm16AM!KC7_?9#=#v9h#R1@<
zN0rU@mdjyCnEDKbeRa=1iaLhnGqIegKI})a1lf6N+w_4`RcF7Zfp79_M9BvvmvrhW
z0hyDy$g?*O?$}$2;xVz7R*%Bq5c{ekY#}m)p;hP6!ckS!(Yh(KDmBJxys1<F^f7bE
zZEbEwd&#(#jc+SvToxKR{ajU$w7qDeN9~L2iOd*Gd58vsTzZ-C1c>3wAY%D6r2i;~
zzW+CzZfF2IY3~<f+|7%`uuH@^m_X^jNG47~DpHSc`jkAmQExJyx6M++1c7U0E=5F@
z#gA41hQOX1LqIOCrp?3bfu2*!TdMa_8ULe__u6}0t!%iFok%4iAMnC$d&1*eqmeX5
zZ_^V5EooVJ{&IZre{_6#bdfnNJB(8U;TE7@=8q!6?A9{xF0ZHRC|lOQlv^Lsi8YPw
zJ_mA~B2o?*`y}8v77F9V(#=e>)tosj8?TJB(th2g17@j!%{)b_vJ_Iz8?nhR1bX2X
zA#{HEx_m3u%@fG(0S?T2U1iv~dn^34(aCbm^jm1wsReI|HLviC7lwZ||A3*YiuL0+
zU5YVjdtPne6hF=q@480T)rHWEM_|$-w^B_wv~X7u9UZ+{r_sHJ$rFfJr=6BOHaLy}
zut&y7WLQ*azfiw(d<<aBd0wsrQX%e~fVyp^2!l8D1#l=>dt(d%ti)96=*n)IIgw}7
z(W52i8@<1x(D9l+wKf4nPt-V}0QBKJ%uB+RZK)u*y1CKdq<;v;?PNyMh%rz939A9%
z<N;%o1xe<-8N#-}G4s^Bl&nlOYHFDn8+&f#Z|?z6lL4`<^H|d2cgdi6EU!yZ)j1d|
zJB~Zxo5ZOrP7Z+R2SADo=!QZ4!O|s~4ZvrgRn>1W2e|;*P^k6E=Ov)Narpg}+$G?M
zZ!gy(sI0uagrk@>p!;@dH=0H5x@Wr+!a&Y^F>Qclaq35Yy9^+Mx)|1+&w@(d6pAgp
z2lDX7-EYNFeP?Nx?R3ZWP74lGqkm-n$Yw=e!q76CZZ}wAM17QGbH8GAGi^&c0KU;R
z0ELui*7oM0N=6^1bn0zQ>my9l`=e?g4bgw;l@IrSA24@n0hGTtZb9G88-a?I@MgRL
zET=6LAu7BB@av|5W0?(qJ+LBKT}MJol$9C}z*Yi4eERY^c?jCVhA+xCFAlla?NLxy
z9^5*4j{=1<M59V>6fQV0h7yJ~ty$LGiw}X}d`6P4hH&Miy1w203EBl<%bAiaSzaln
zsO$jY2__viup}mLr%~Thgx&3%2!oVhhG&eBYRJBhzfv+s&(a`r-1W4tuRal_-;lx?
zfN;cSlF6OA+DeNcKqheSX48>b{P+o1<Pw1Ldk!CI_fe^}_LrD7fNJ-fq<r|3ipmra
z88EMih2lx+;zA&he<zhLt^_lDT0eV904}B=wQ}RI!rmUcFo@D%^~SvG9t2tTD-BF&
ziO=$&mpvSKX6I5RfnX5Zjipvw*>@pS|Hg|&w>QQ?K46U3Lq0;NZMa8Q-%KeOREo8k
zLzjWH#}5OHmr7HjrMuhGY{|3NN%1Yp?O%FTmC7^Sd0PNgkFJo2gd~RR(E}$e{=nW5
zlr>*q8r42Gye$04LJO;-{oUXH-r@m3Qvx@+y}a{W0ccd90Ai+!P)B$lD15t8Ku{<q
zZF&o1w17o{3@dHU0L#jfOox!0ZXLZck55=Cu!#nU1X1$@<pdPKS;9bUG!TN)3j-gt
zaXkXEAQ2*eZz-4&k~O&`a*o!`S&gt;a&>g~V>AJ{h|_M@>53c9)q^Ih8qb(j=dgER
zY7JAg_10rRrLO^SK2-Q^{_36VB<%a?uJ?$Hw_U>brGlmbI6MZI?}Zf71vvsfr%MkT
zl<PlJa6vu?2(jKJ^L8@?u>l#G7f^8eP!f3zgJ;akNqrj(_>~y5u#p|jl9?(Tf$0k@
z+of44qJMfCbA!pBRY+SCvS0rBGuKvJ<f)4H=z};CNC?e$W<w!cdIjpws16@vmJp6#
z@e(a|bNqEUn82AE@DSw^^|wc}D{b0{D8~<O{hjt-T(m1`!B{yKgJD{OF84+W1YF&i
z_3jwaX?pSsN)&m<NGZ@Sp(J8u>d!~aP}YUhVdjFq*HDCifH!}po)%5Rz02$e)ijR6
z;|Dm{DF<k|seA{ZmA&OpPE{$1j8SH$=atDRr>64$wC4h~;>@GTX7Dfe6Aca1jW%wR
zUmJ;QflWv(fn!_AStPD?qd>E>BYfNb-UtMXCV?M-Q=9=fZTYlmVfzG)|Bs=(Nunu5
zqc?Uqg8Q3V{yYwitC?WvxPuwb!tJ~I)}{m5)4-J8px~MG2$`e)!CR<Oc6l6tnUCV`
z$d78AqOwOX^hH|47ULaHc7?&aq76ith+3Xpi*IA|uTd<w5<`O)sKt;iN2R4Wf(Fcw
zWxojY@(cYHe^1|fZqY^FXoayPBPv(;I1Jq7VVTyRkH2=J_!_V}Do>tj=b5taq;|7n
z<M@3xaG9$t+`w|fD|oe!=?bn<?N1R1c&P089P_Mp=vq~o`jFy(S)GV}BpBQRb(Dc>
zINtK8SnS<mJeJ}!Ww}c-^)&D;kf07T%5zT+leEYL!RIwDL}Z4gqUH}~@t;1>xBuSb
z_gDRWUL|S82S|#3pvK{`#ujElrIpyfF|IH{)P9cp)_4RXoGYNBeKRbImEcdeHg7j1
zwDyCuzm@YjaYyz*t1K;ft&1*aJ-}wf`34X>NIab5i_O+_i)JwwuW5pcd793CypBbh
zifP(bd#uS6m=6HY51$W+=A!OHN01=eEHs8{GRNc@0kssj9T^>Syi~lVn}xr!rU9IM
ze3ui&o)b*;A;-5Z32T>jx2yFcdxEjMR|t;bM$vL}&;ctcse^<E-<SyZbt+hG7RGT4
zu!~^8m$YFD#5?q!BD$FazM2h9J{0CoXt~<dO7%NFB9R*6;flE|>Q?nLS1{8%FacX8
z-{bH&cCf=g_DZ{StTMKqA)RixaNPU@gqgSO;5cWgGTJcd{pC^?=*tM5Tx18`AAo5G
zFx&1uGTM}(Si-l~mFjl@n5pe%f(fk93Y7NTuwN7?Ljanra%{V`FkWb7C9_uTR~$69
z-ZkL-Y*mv7z=S=Rz_|rnp@wA51BJ8R4Gvjy<TjXl9}&aP_^=MPvI>0p5UO+g%nU#)
z6(#|^KFrZwG+s0SSilbezUVZ7#2nd-3sxfsIDmk(SSQAht-s}LZwjaxPXZ9D1B52Y
zKBx40@P5x8_L}bZ07{=o&0HliJnZs5mb!FTWLV8GMZk%rl^%OSoOHMopnxO$*0Ai0
z2J?Qu-&Cq&?9i|_;{gn4*RZ;#9`y~tH|#L3C;^_YJ_58sY)nA}@ZIL&ww(*u&*TM<
zUMNw{&%3#_jd0TAHH5wR?fRVNVd&u&%T=n({m?E=v`ZV9!t|G1PW@rj9c>GJ7_9v5
zAdZ66WiAi2ZY^9uAC7{x_L&;YBkXwnfVcO@4VB~yE5}hi0|bRpkhRGdde_O@=p(ix
zPThRi+_MCjdzn*eIcu7-npgb%{LridJuduEF)nzmuw7F3e=P<Yf%j@q3qo;Z{ugQ`
z5Wx=}?A`wFW8kUUaKJj%)^GCffZ*cY5`#fO!&R^KjJ%#jIugJglBK^bI^&0&uAEEE
zFM;~9B;qH6*0^Tdzz+;`KNyUubTh?_Rny(ER_vDfViUcNE1UpkSMk2D4V45b?N>^w
zFI}-el9}hvdJ9+bdWXl>yaubY#~ah<OG_&46z7uvXq$y=?3dg*c1cHdhelDn$=g&(
zmeM`9IT_$>I)hl<Ej`@ne7Cu669#%6FtQw3!yF(41Ynz6^TZY2{wg_Nx<6R*1cELY
ztTM9b7n@=I37~*is@E0(t0@MxN4fwd4(V6`s~M@hABeMz`a$%sXsB9X6)k}3NeTx!
zki<4<93IvKP@s|(iqr9|$r4`q{>t;bJWVeo=7l_p#RX8X6X$HPtUCxG`04=QpVQ-2
zdhC~Wv31Budmm(K7>ed%nft>Tr)~7bQ3*-setioRwwB%<T&91(y;;R?nr5;?P;lXb
zr%87M!Xlesk_loBaOLY-6-%Y`gOjZx37Q(XXDP`}tk>l1^0nn~lOYd4J^uy#K3X!p
z?vWU)Yvidg&-ZJ|(rNuhG}~d4n1^4*?g$!PhaY-}fMHJ8<O*NHXq>Zo8&F(qP#q2`
zr=&M%;_O?EYl&`F7v27f!EG$J9|0{x303o;=IO};z%mSwa<E{3wWqbss5)sE5)xXv
z-Q<<$-^l{{X;`6a%5EpWUZ!46e{keNLP}8^Y{rwAu->2k>3m7huk_8H7Eu-iVr*^A
z6brpS5q|h$yMaXEJ(=mg|7pDe@cNx$pH_ZjMjJ!j*DZRARAO@4>;KGE4e4m_s_w^b
zby&KsLjPE6hZ_9R!wtwB{&&}%1~JF@4IlU_+%bqz&eNuP^<P_Q$cbftcYMl85ARkt
zRmAruz@)8Q;(p{m9TqjhX_5V2(oZTG&_)dJT_anx@gBgPrw8akZXbZUyQr%a1qo1v
zisyaV%;Zf7ztNoklZX<B^NeTC!f(t`?q>Wa4va@hFFaZeE2&d6z&zP?H!s&j`<wTH
z{vHQ$YmpcvOCxJVHI!!&NIsGs-L1_jQ-1md{64n5fNzxbUpwyv%;zbrDFa_YN+*iE
zo^E%1D8>jiGzmjUiZ$2W^sk`s#?TwvMv6HBLZ2g`r@8jMt(ygIdJSkvF)F}YkZu4d
z={!|vC_iz|tJZr3^f<M`n6QauSA)LS>WWCLKgSX*`P&F^m`}n_j}5<@4oXQ$p?ynS
zLGXQa-KL-+p_hUpU2MqO;=^+38=%(&(mo-&9N;Dq;3+X1$Kd|7VH5HLE??+;5-t(z
zIX>N(aYE$Da|<H><$0rd$vo8)z0v;Ih-BuOvykH$Z*`|2^|(#itjUACDdQSQ_&4i9
zz5tOS<;X=rKK#MRH9Ji<r=;QNH-Sao28*}@@v5|GELPPk0RX`KP<wcW3m)0jxMh)Q
zDje-N5VR=~$i{b5BXS1iwMTeTmxD2l-LpP@RyeWQQr4Tt0O&!07E4L8Y*5duh=Z_s
z*R~%s7Abxi8E;;hx2_xVl$Y}i?P*`|fB9tWD-VR|aVSEB11Tj5MFDajY$-zOIDW1J
zhJ8y(@0d+vnje`=R%!eMh&OlfP~8VN8L2E*rcJdc>Mz(^KX3OC2=Guu=MtL-@z*aS
zuzFwWz3icG_?Pn69qDx^rdV21ZcgiTo8ie10b8i`6k~5}v@>b&65h>5J7Z@fIlrY)
zWxma-^9DyhDAIgnf2(J1fUV<$&w3fpi?uvC$N1%<+TFL2l(-z`WbkvAb<EiW40z%w
z*@D4CK0A&8N_=x+WS$F<YJUG19D__X74n)9k6E4iBwdwFMbif1RxuqVegyj`qXSMb
zSdYxBPh*ji?sDLp7>67Ox>6=)Zm??A?^*=H4b1s!Vj_Hdgtx31O~BToKB{hj$M808
zZuE)hFvg~GK$N_Vag04(ss6ERh)Z*%(V9z}o(y9WQr@s=EEwS|>Cr97Sjp`H`T&S+
zFOTHi=rf5FLgO0tjY{;5{{Aq^G?)LHU<|dkpdfQ2WT$`FEhx@TmiM>mLc~P1AmS0)
z^?t$kq9h2z2J^Yx&M+P_R5PO|k|=yu!T@ICleVNJ2B)<m*lNR7-u8Z>I1_kP%zV^a
zs`Eog*fxcK&`%1YA*7y?$L-FV8Nc-$#`nmM1`CvKfKHh3h#~LGE;2WZ8qLlbt}=ss
z!2Cq_hoJW}!T1be-AZcjm&0>&AZ5ele*s1=*5?XXKV-h^QNOtZa=Zs1lO!3VUj@p>
zPOMtBxS?x_u6#>f)V@qk^EQFW?7HE6fYZoQ><*3J%%_~04n~|4`>a5&W^stuKd4Xh
zV`2DH`U*hWa|>9`=hWIju1B4k%d7iNZw%llPG{O&cR=Jw2wzZ(NA=>}yiw2Hf>9Wk
z9*Nk|iKcZP#tg9KqvWorqB);vVQ9^i=(PcMHjK@c_(0^uXkv^wgdTn;5>46>pahDa
zj+Fg+Fz_`yftiqan(He$<o(6GU015J5W}l53=8`fUxX+)p?6S2^l~fDlO#T_ep|$S
zH(dXQAH7>QreD`#Ix4u+O<1=Vxw#s;72KK)2N#hl_37hRR-S^_Mxj#mgWYCk)BfuE
zDyz=)lq$iLZe3W5SIf**8dCZg+?qp-)n-%{J54t2eqCceqe`x(<+X`qp()(3P(%RW
zs$e5b*kE{u_s<XOJ>R)mx*28#yzxeEXjN}{-w$G9>^}0a`n?yOVP9i%de^&$(d0={
zA@s7p5pVQX#Y%~3i@xkL;cYspDGt0HJ26tkttkR=FbvVKVE}YFdkk^r1n>a6C5qt?
z(+~-d<$SKvT{4GVS3qXJCXr&pVvzY+g}Pn-H{tv`<#m3=^@^%0R`rUYsDDmX>657!
z?lm~?{oMgm-2k-Jfk=<9Tu=-~MgWuyb{VygLK5iRlDx!aT>|>IOEc&><6OTM`|Cj>
z$ITrpcl|LUCip9`?iT~@&+e*poXRJrwm!Z8v9E7-)CtO2cpg@M{8-}T_!3V-sD9q~
zT57+ul(8``z&ZuY-q2C__3eOGMR#5Ya*pMja0Z|P24r~DV?nz%<KFC~pKRVqOIMoP
z<QDT?eiv0~3S9(TVH9+dItV-`7u9a4^qBbJNJSTM*+<X*d}Ya$T@W(T=0B^IM0TCD
zR%^LT-7%;?ryR<J>=3p6#Ta;b2nWpvNc3><o}Xn!X?$V6W%X6?&3#Ga_^cgiAeY<G
zEeqr4H`B*s39x4~WjQR34A>9NoUZ3*d+Ep;JllRxO}ZYI5EY~V0Pae<U7mtYhx4Pi
zJd9>vNg8m9V8j2?Jh^hGB~&$2aL@j)`L$?-rpbiztYwoC)(op~18YcTuR;eTAY$=m
zyVmWn6iov|%OR$R7yL8u=y5ivE=6f5OIx{iJcSKjW3MjMY$AT0PEY>)rM%znI6Jq>
zB^8>wQG3|xk9Hs;lRxy>sq6jvuX$nW)WW&B^coBrmJ8gk(96Nzn0|j9*WlNnh(ovX
z!L;ja&Z@ql);#w(Vk*J?X?A!U$1SnM{2xteM3p&^Q=p^Ma^M^u(_iia*3r`uJ8I<}
zp^(*+qa4o1gunNwm%EEt^0y_UkBe3h7-W)5MhEW!Dp=0WAa-OvEZZF9PJm58Ea6jB
z)>K&lQ$dSzW&4cs?!P%jb24;Lmjh*=UGHENjf`Q#Q#Dm8@jQFyCwKzFrJq8ZC*BM{
z!R8=(Jy}Vea;)PITilo}hF~xaHh6T0%inn}bB1~%J(3R!#`kbdQY$StJ%-6Ugd>4E
z_OlX3i}3*7$*gTMUwFpkv86RK&&=#K3+Ll_aHjKl_y^>^&q=LPhfwBnXU!Uo`qmUb
zrry2lBFD)xmF>$*K5}jKmei-!YPwwr5=*b17Sn%v%o_710UX9%qsyy=-=k|Ng9&@5
zA}v09UJ{9*A}H69AV3kfr9M_;3irPXg{b^@6U?7!vuqWF(~~voNY})gj{|-E@1m+b
zQr9Fih2Ko|2NRZznMm1ZDN<<dQ~kjLXl&5i;X#wdSKH6vJcXc)XIXe-(JN6;%`d4A
zx#^x)#(<bfv{2$$HQMOb_%*&hDos>ITwEy?M4TcTqy#E-Boc>yx&7}D-S|%iuB=%y
zJPX%bVt&$WvQPZRyX=o8<PeUlpFByS%ajxQ0+yzSN;!IOWEaFmtazgdo@V&!L?I!!
zlFt<d)vGemQkhd<Tf*iO!+&E<w4ddp=U%D`kV+}w&Vc^ctI5;6Modue`(+(eF_vEC
zzva6id8+l_zB8l*lMqf?i^r1&dM?d|gqW!YQT~6=bo~3hylRnaA3yrV*m64{FA%OD
zB$p3c-rn`LPA(y}Sl~AOUkwSe25J)cS|T#McYaSQBwI9wgO@gun92lt5!6iQ9{E_Y
zQKU`LgsA1ul*rl55lO;%lKp;q6~{4$^X4`KXE$e|d5r_a{HgdN5iQBv!!t8kBUr9G
z=2UE?2wUHnp6@j3$%+=gCspH`ND&m2q@UiA#mO{=gKcr`0YV8;-<yLyifgpnJ<e~Z
zuZ<;B`QpR90QuAIVj12ru5?s#k#~NB`#UkHUh>aVkpxr8v=JSXTnRjOU^d4tpMdhy
z{BqbL`cdXFQvQuvDFQ)22Y@QHvC{txCx}UB;Hi6#Bbm`rZyY)3VW6><h_OEKUm1qq
zmQZlY;v9V6Sg8qzk8{5x`~O$byfPcHs5Scx|0%2)3jX%=7E0BuKm>t09I`I<^_il%
zlKegPtN%`6iUp~M$`R)USVV)FdGp1xzU4pddkQVGMmQFw&rk<bmnaG^T+RPVP{`XA
zsuQOkd$;=4F0_JDI4(?@Y-%uh06n7iES`YMNb?}>Jnk$alutPbJ&)_vYpAagUadE?
z30ljVRAr_-IA%4LMto8?Qbp6-lV8>x#hi0Qj2-w<;=2EDr)_3eBJ=E2nDX3*eT}w(
zOf^4_YggAlc5dP`v~q)>67!2|3ZeV|TZV+4S$G4+Gqfj(U{E^XMuGJhgQKG{8`R96
z37=zQMUjXy)_GiHsZO957Q}U>uW|ClSZ|CMa<;|sG-+&qyvV^jph+m9_n(=`TUTk)
z(>QS|?tpd@Ree0SzlU1?U#J$f1eUVqc2Xq1U<*)ToHxb0|Ky<5c!<%GZ88wR8esAl
z1&KD}Q4C-FYtRP)`RwjX^JUGVHGKa_&}jIiO13L~%fl8&oGp&}9_&xeLHz0XSn~7k
ztV9dYRCuXUKL`bG@X1rI>kII-@DC`3m4Iv7ns(oO&m&f+o_kV1j?OHe!3~x0GBEfn
ze|e4&<MF6M>wlUlp4yYeqjUgN;HJkc+rpTF929MzY-!#<qknp60(E5JUe9ot%a|pz
zp7vQ!5aWvNQlh0+T{r@GaGlVXWhjvW_BM{!hUZ)w)AsDiqyQH;DJXvY_-4{ZRz4Wk
zMhM~Pq5ea0_Np&J?|oaABWahT(01k8zX;2g{J~-$iEG)X2_jgoUzJ*kiPd_6=Q6wh
z^+2JbRac|{l--l9vDX*2biU0cZ0PQP;eFNU@Drti>8bU6^-~Z0Vm2JS^!>6<^OLEI
z`<vt}_5T-0kvZ?9DSW;Pg!_r1#Q)Vu`g*;o_^6!xICS1F7!s%le1Jv6woqe6h44RF
z0yJDAxmIk8TFg`(6qU!F-TM+8>rF6uT&CzLAWaheTncA~8}&(4JJfP;{;{BCcjkE;
zt*MhsVoe2WXUlDVWkY}MDC+-w!MaGS!#OwTg|2E}=5sf7rEbQ4?4<3w{>PWU^+xSO
zuvVRTiPWFDp-dx|n2j<%w*p#wS|$F>;o;SI*5JA##!%a(S{D4a|60$eJ}jcC@U1vM
z32wWTqn!Ww<W|yGJuOpcx1FWl7%9kQl?g-Nj-5m)g=_mIXXR6e`>nTRC;%)`k6b`}
zOmb6-Fl9YTU3#Tb^Q5Zo?IpDS#{FN6LpL4tzp0a#WhQC?)#+CL=>Oc$r$*z0+M*z?
z{yhpzrK)8<qb{(+&PPs{lU(rL#p784BWdriqFG|)E28;(@We9^vEqh?l*4ax(AQm#
z`+IY(k2_1+n}tq}A~D6wBlK28W^{B^L<xfk_m6x6Or3gTDDa!5QpK{a7P;Ih>FFHN
zge^A%lH;|VACDdNQd22me1d}BOI5y(-M)Yb4S_%)J4m<cH1dCIvaa-*60BCVcO99A
z_eGt)T59T6iKJbbX!JAa|Gwtq>WeFny>aGdtk6>kNFo)^it&iJm6>s(>dC_6er)Ym
zVirzG;G>?-T7rnN9#h7TpLT%evM&<<bE;n{V#~ctmL(c%nB+#p`pg{uGnM&4;94AD
zp<V{)fhB01<>G6_B4q#C>N-L3AY2t^3{T+*s;+RTPzoQyxfHZVKI+AuQq``D_Ar^M
zXAD0^wA7Pb`rg02pEN0=y6%+K&VHv%`+~R?<75`)S^QL##N!h^?Gf9c$z$sT(qHM5
z9Y3vf+n{n|xIWVn88cuo__Xl9hPB-4i%27FlUQ7w<Es^GSAmckg4FCrQm1|lP5Gs#
zvs_=`5=N+szbCO})wWy|XG{i}GrKyf{db7#*(yZ<SB~XJZ4+89)F9MQ8<Hu5ItBVH
ze|vf|b+(*^|Ht4ySF(8a=dY%$^+rC=`vTo|Gd=}SDI~I$b;Qo(NuN0s^i0{Y2Y7fP
z44+h5wdyRXyy=%N^bC_^pMIyL?sun|58@)8!3|$iB}0>-R119l|Jl9}u~`2fPgfaM
z)%SFf?(UTC?gr^jk?!tpknZm8?!176ba$6@mq;i`_#S@xe?MQi&prFho>_Zlt+loE
zqxN_bFMaZ)W<n6CNU1qV{}v83nic^A=qc>{lB|;KK<#LhN{zom2U<~ae0ZcaNgng<
zn<!JA5hvZ~3&{^g+i?(5f2U9>v|#IqgH?)~;HLa;2$&dU_JU<nlR3~Y#5joOEd{~@
z|IKyOz+$XM*%57iFJs$)SbVqfgBT6Exc+5$T|;>SKX<(iW-Wa*p}P$yv6W~6^3_-{
znfw3oSDe2QgmL<=E^Exm22n7U+%ekLgc<2YpLp~1|0}$d4?QH<f)TERLW2a$Tm?_d
ziHChvVF2ym+kZ7%g$gf%!%r`o1PbRCU&!xA7E?g83{quW(WsSj%)#HX!B%L|{rJc>
zXZz4l;T2d4Ja+%04TYj$S@?g95s6IG16uY6X9%7CYofN@@ulw^B`d*d?N$GP8<c*c
zy_$ug3Wv{X%rpr%1p42tV5;h<M(uN15#V@+ojZ#_Iujeh6xmt0A$?*-OO^aL<-oS!
z1;v87;%l^sMEee8^@97ta#8+Gp7ViRBcOa?ODa_&o;3(Fvei2~Cgu+!WPj7TJXw9M
z216K>3#EV~`gYtdz~hi6hw=@{4fB%K{ksdG;TgGW59wDP_ac6UAl%#%|BECjZmZ~h
zRoj88IJ<oRt>D}aDtpXqD~f;13FWB)DTUK(LXtJr)(A0gPd<l;Xakq=zc5oiakj<j
z$IL>i3^N~?JD;3yh*;|QKrXxV7oI^@I9htysy<Ogu{uCen{0r_YRpY@|30hC6y4IL
z>J;6$gMHs{9Nrg+ORkel0PDhXmH&O>CO8E9sphjDy<fRm7Sy7~Sf>^oQUc1u?rvFJ
zC!zlk8(Sj@H#jT^X{wHAOytDA>ZzNP-iKed7z{zD#}lbLP5N(GCtGJos!-HJq<=~a
zwbxY2k*}2^OZ>Y4R8EB9Mw-=2&{amCOXs-NNzRn$QllQB)9p4ANl0@UWQqTMMa5B{
z7AJjenLX#-xf5w+OBuufsCC0}SN$)vtHQ;-t6B=e!a}erT)K(UsNK~3gs*Lc6Zbvv
zgO3&LwhaEA+lA^%7Rh<=Ul6~>@LNP_c2&Hv0vp*Dce8=*%75}~%Mixl6uWhpj=OaG
zi(+(cwm;jR+}ht?3eL>)<4d7}$Gxql&bL_;B)g`8K#sWD5}^;ZMmpp<n0#MmU@5Zy
zuCAn4wTI3eh9aZ9?y_0-7S@$kqE|ZJD8%1yLTZ(&9ai2`XV?G{{yt>nuM0PlR>~AD
z&*tPu`HM9wDUiIi+9CJ8=-v(|HP&hs!^sxDm4)$?1PTrH=6*U~%_W(n_Bxv_fpv!Y
z|M375*q(Y|j=e%#c1C&@9BZ`Abs(B*{^j$t2%BJ|Vo~8QP>Dw*vn2*i?g#@8Qg~Q@
z2fIl>f_v`;R@{=`S9)RY^C;TJKO)s_{tbjAxNj`(1F+N0Cti*KdeOL$82DBDKPF+L
zpXS2dJ>&12v|QuFfq|J2Iktj-gWw>XGQ|NWu{LEVcq4rAv~B4iNw&RA$A4V34@r^<
zVNmTXZq*5=tH>BI#&#R^2H{IL)x=CsGKIx|YMM;{k`CurcOM*dI9*1xUxE7XUAcC?
zB3kH2PnN5QJ`?qC<}1tdnsfDAIsg2N>%ux?Z+U|WiZBLKdf%?xKW3u&fZ;jD{rtK%
zn$YGKNxa?GrM-yqN%g<{H~3STT5VG#Nn%}2c^GmMdm7}EUxL2$LGj`}L~{SJpj4<x
zq&daE;P<ydf2g0AZh-xq<KXxgGg2l9NNM1PrLqKW!xBV@dJg^tL=u^@McSB>?}tfX
z$s?T(I@ppUVr`j`rh@*)hjbDJ!^9E)l8Euiz4_e}@!Gwkl0W2s<M5Qq-sYI89C|kJ
zhFU%DqWs5EC>`*>aRX-pwb4k%R<lqM0rmTC3G{cc{_chW{;~{d&NdS7_>!in;=eed
z*dGznr3LN!Bz}rfg-g)h=&c_6R5$eZjot*xDByHuJ0^K2QN$h25%eb(t^NCC%<kwp
zu62+{1D{GCv%GH5yU<JMe;Ev&Vf)($O-KTx8TiwuWsRiOHIEvTjr4&39!c#3Kr(<7
zZ<eVg@)zVW9ztQ~|NA&&gEIIxe3&O3;P2y19(*YUWGE70L4W@Tyai7?C%Od;&V%7K
zi1XCdT<3o;40?UDW&zyzp@(y{biHZwf|uiO8o+>cx+Ulj3<10xj6BIh_vbIIYg`Fm
zjF{d&&IBJ!!p<#2*zqOcZ>|mIE8(+JFW8dUR;>1>{O=*kz${%dz7)-(nvpLdWz0eS
zhQ<+mKaK4UAPc?pH!k`c;}O-I+jV!o0d>WXr_(+;SI^#V=q&8xAx^@&yKdWF(*LSd
zAPa)xe1P$UpsltpfF9`hH7H&EyqRUY6L|>#ZK^_;@uqs+W^00+WySjLR!b-+!dXgZ
z`l{3a_3u`lzA4~eOEk-rKWed;w{l)wT(sy2o^ZHsIwNRWu>Fm&NRjel8s}9hTt#9u
z58Dm<Q%4<b?HZb<&8W+#NTGkgCr|($+0cj}7h8?s9NxakQlI);H|TPaxaIEhFPy{@
zDKz@XjUU^R)lZpP!k2*jQ_@riM|-{{A<a;qI<jj~{x24z#*f)6Z09mXS>DITKoYm2
zbn9Pa{GE2}b=$dK17>aK&!_gUp!FjT;132n`OStQ44|T4m000Z*(=9QT)J15ideni
zTfF@lrkQG>qRz*8+X$el?&io2Ai$jTxN*wM^;~|jmy&|X1TgJ?NK%C=lP{TzPD8V`
zIEw@c`bPo@3h$j+9R-~3Gc_Yo+$S1MnSuWYXo{V?0Z_T-iO5M&cE7YVP#7*2oldSe
zGglaG^*en9|HkWBD1fmvY|Ce??uN#Oz4s#}?;E`jS<B}v6O4$cp}0eB&TpQv{TTiQ
z#>|#7Y-e<9t5wVL<!6C2Ev@f<70Z6{`x0BqQ=1h`-f5p=ju>brivI3j87s$7VNZ)i
z7b&+F#wDb-GQqZWKa{oDk&_-yJz~Hd*^Ov~7DlnM<R70#t=I5-aBy&S(K;Qy?)l*P
ze94BaPfdgD_D)n$1@Xd+#X9KnsplWf7*54cPnRg7cvM#HH=YgjkDti-+W{zFF~|ID
zaMzqRe};Q#@cgBQCXdWtA{WJTwAyYolW8tC;_w#AStEUOM?e~J($;-kI{#TMeB%7y
z-cX^62X**-VVH-FW}fx4Vc<uC;c_D{OfM~g@}v5<2K-N2HehbpePJq>;%VWif@auZ
z*Jw=b|HC2&H}b$ivrY~r07el!-#?6AzPlxBnGC_03GeT@3thZwm;9p4R4&`1e^;!R
zbZJTXpM)0w{d^CRj|OC7+4+tY{)RvJxwZzuI~2W|gwB<}+YVzCGz{bW1vgL7p6dMX
z*U3L@wGe3K34EjiaX3D&&J>?$H80vx{Jv-Wx7kCmohzY_inul8;9)^Rmj9ir)S$$*
z6NXlQ?&gd}-)MH=*8S^@eW)94JWOo%6Yq=lFJRzq`U~7lrSqV$t(;?$!=QXeYi-^q
z{nsiTS2yD5lu0C-L4Fy9-&<9x>2=4bHe9iIRx<}(j<-T?D4y<il+0PGCsR1<Z8)v2
z?J<lf>hU|}t~MIe$Ies8@69^Zyua29C(a;|(CEoqc*`pYo*?SU8^n>w8jhbAJd`+;
z?kU=dc0;qJi(!zZ7yAP;q}t6pvh7yjoKrypK0PEnaoH4`^NWf*==|n5!|u3+k9p@<
zgxn2|<4KxExRiG`W_NU%F-D2gW^Z{m6M3@C3a=?N8FgRN2h~w}hOMvcGdf4IQQ5#{
zf#jFE^G7HG>)a^+;w4mDgdn1!1L;~jRhx|;j3d!9wfht@?EE=}MUYIv!^14*u|SO9
zY#N$xu-;y_C$a<lNpf&lyW4!fyAwQlYt3~lOX@^D>pv@>p{Z6TA-P!3*$Q$;Rc)x9
z;GxpwcHUUN`|*PMl^XP^+O6=P9PH@ZKp@-Jr6e;QMmHjhs~lcN#?Zi5(NlU2n-m%`
z<LAIW8Q_JdSiqMp9C^84<nTuyZ~UCbN#MKv3TbGh8r}A2D(uP^YN*qg&9PaMm-glL
zzB03Jd36C3Rf&ms&<WfFn3`_+j}YaZ`{a>OTLocYouNp3p7Cg4E)`d(zy|5LZ~f?n
zK#st7i{S6p%9XdpqzF<_?o;P@WV0VEHUpyR@RW?*T4*ZhsDUL>`}RPX@5f|Ow~fQ=
zWc~48a2?FX#xqQ1D=a8^Ik&_JhyTyLmAA6*Q4o>2KW+++&c-^I-C4(BnhuHg30j=A
zT&ZfehJ!fiYP*#Q;fS65Y6Nf<@+`OGw`?w8hzdjEJo@h2H@`ZYP9|Ee5CY2hr_{Sh
z$#`JRn+^|LD&==gmOR{*KsC#oA`9}M+PNb;MNVr4gMC>7NBhQG5MKRqL&@nE?zRPM
zj-m<XufF@k_M==EHs~7^{&&0KD|I>$zj}jzEe&WlYBFJI10pi_omUt}t)`YaOIJ7d
z`=38SAP}L;<XqmdXP(@&+oPMq2@?dgDwnhQEf_GU$b`&F_0(<6yLVUdSwVPIv)6V3
z195I|OIS1<UFU8={vh`@H&?T_szm(w+2z$CX%QY?BI)~L5VV2M)Ka>>_t^c4fya#A
zFT|fHUX>1<Ns^^EvoF71eg+{x!@v~N)GZAZC~vKPyL}SY)n-UFQju~Z96|%%j2w3Q
zEUO6wvKMmZz3Nm$0dA_(s7kY4xmLDJtya4Q!p|@y0_N_E_`|eij@IA;T<YcG__~L0
zLpWl!^uZ9ReSL*}Q4TQr_$9FvH5x_Ue*43*e*mcuPMA|S8uXB}j*iryo!NSSKmVK(
zmZ|}o;Yi|pG7qZGQ-1Hf+Ao5_ai{<h5n+Ftx0r0CtnWZz95ugEd4bKM|2aC-HypUG
zr!H<_>j;ZIi$Z37V*@^P-eLNWUDm1*?o!nf62Y>b*O0-h_mBax=gDi~nethQj9r0X
zEwp}VXU{qvjG~o_)JP8Ky>^@X5VQaNEe}$)*b7aKE}ff)$DgaD?U~aHM<SdT@s)nK
zv-VQ~E~=`W#ZJ6tG80=0<QPH>;N*T|OP-9<tG@rGZlC8Gjby}>mQ=tR{sV=txUB30
zx^QwMBNrSy_3F(RrX=gU?9=fFTjg_(+GTw1O-B<OIRbZY%;8pTM#S@YftwvM6ye#3
zGyOg}-Rkax%hvlKl<u3+{H`ZK9N#kt9RI73<oK=nTGUkd(=#{v&+bP`RjKdj6~+%$
zb$omb{_JqBZ11!a^U)=r>DG1JW+iwUrm;((Hx-(znp)jFm{SO{Oqj4p#PrqJlQEla
zwoV<uQOU09F49o+;MKi`+ygih4}l6}l0bP|H=uC&8covoR-N2v5P~8PsySA-rBtbS
zhzhYaY*E=~cMw#T!k!cNGfs*`&*{$#iUu9$$`83x=T8>LU#ORV-n*rPJ1ELc<T!U!
zYi<>`-s=2$YE|31zuGtWah873^NV=H-s1tm!11{dhVk6;a=T@B7v}0|$?GcvR<L$0
zK4hrZ?U8}YrJM5k&t(lnSUiIH>`k9ysrXsK>F_!6eJg|!yzxm^6%*W6cLX_mMXI%I
zgf(=@($Di$z$uMGjQtY^ON@BA;LHFA88#O-ARZgv1}KUEH>zkh0w*CaI&;ntG#Eph
zOcgrByJqIdJ~oZK@r5`{`CPIX4N_v|p5R{6!QuPMukDTPZ9S$3Wt&d4pTdo=NH9dp
zYuYt!d`o6_PJMKISMGX5%-`Ir&4?IX*0t9shTN2DUYF{pYgepOWz7s5*gUqL0U{(w
z)uut6zb;ti0}i!mF<{9nUbiDBGTIyyg+o!c29v!8uW^`B0bIQfB~NQIE}C^@%8Nlc
z?FVFDYKbzmOeIJa8+r1c?*lXU4~bI5Ywb=Z78cZt_|ZuWQDmltLFR0kb_$}%xW}_D
zW_Ol&dNfLE{DFaj`vf+2XIFY({UH#IPpq<rUtYRBw%ta=Py}YTH&!-Q+N>JBelD=+
z%Sn^qx4WcJ)U8ZSTFn*SwziV%T85f%|K@W{1YNzW+^UU-Z@YNTp}{b6`)u6`?c=vl
zrcm}&q9#>^rcPK4-=ihT*OM0vHjE*u>f)_MdD_UOG*-MA@X#es`%e0&c|xNy&CVUh
zSOQovb|f0Jmr9fP^10g}IqM!8?Rz}3z?7Je;MfB!;<sp#rV*lG?<x0o<=ALzd6C$R
z8QI9dD8ih9KD>O4yc7rhTsGs$aRv)uYp2uc&Ulpb#u^0(bd)o_R7e(0`p<hfCaIIs
z=<LOT(jp0S;v7lD6eb;gkY^=uk*=~qv9zfnK9dTonNq)~G|oSO5d~@&cLzg27<CJ^
z6;C+ZR=62_Hhaxk_D;}uIpl29{}WG5>`$TJeH54N@Un5w{q1)4OI^^X`cSb{Z8ysZ
zKx8&&(-VIa#j>zZW0VP9MlzJ>ZE*(s&Lo$Nr9?cKHKRfLF>4W_I_SL!Q{>o^qA#gZ
zFgm38jb<q$JnpRWxw(-f+aS3^b4dJ0n>Dg@+4l^I(!mlcW@|a7qTr(}!19dU%u_J?
z)__Y>L6IQ>!=yu*K0>mCTSW5)K=<;4J^yhMAlJSEk{xe=%%3EJKJfK!UaoLC|IhRB
zZKS277<Z{w`KfH1)1tck9@)}?iDKz{i;OveAA`T0<>)JGQjwAGx9?^MNOXSCh(~^B
zPtIaIgGFAmiBCQM^yl<Shie(S#=F(x1tVU_b=$A{>g(^_&yxO5TREz8a>2dP{SCk+
zp_&Y$9`Aiajh&XNKGHzJOM*;39E)gqpckoL-#P_1e;9lp!`f#5jjzVq$|`X%A|y{#
z9E~<oVk-ehh>Q}cNzAMfmQ@H)oV=L_yuQAg#PJ>hG~85OkrZ4wRANFxhE!SLrg&Jf
z{=^?u)pdM;z~Oi*J6r-Y&ZI!Ka?@#q=*^HonFl$5JYE1jQ5An4ViA(|a1!EOBpQW2
z9f~rzuc>&<qAs{4Gx%r(Fmp~}guD%#BxTDtbnd)pnji+qg>p<CCAv%#A#kSNZ}hLr
zc>lX%;MY6>CKaM3m~6p?*gN@)SwvbJniLyZOu-9Sj%-a9BO5BqLXAD@_K|zAc7*u&
zfJB0T*yj$dWil~*OU*{b=V{{S`hLJ6f6sA(3Cgw~NwxmDB`uQy=w$Wf*Pqcusjo(V
zim|6?u?v=az8VccYwopLBU!N5o#P;seyr9IyD@T<MC-OBB#+K@WgWAtTW0p%MNs0|
z4S_<yj>r)GiOsD4JnhkQ`)0|3u57Is-v?s=ojDi}U)=i~1?<^Sx*33rEe6o9{GTqV
z;V6*yKGo@Zty`6M?_t%i+O>V#dKl);1IWrepG0<vh=`;iu)?*;0~pBwr}psqgdYJA
z$h|Tm{>bkVpbFqRw2u?PC=XU35{M2yPW7z|6ax*fG{Z6!$s^QB#*F%&o7DPVkR;*-
zs)~(FJeWC!CRH>xBj5d^+E>6kK=wIi7<XAxYqha=HY7SMIdtk%|5zpidxm6p-r${!
zjuGagsAGTRce>UVb(_|{ab-fT=SA%v&mTp+F8b}qS5MssLkQ`N;lCg38+Y0m^xHkh
z_CgsC)5t+<o$7QxLx$7O9hEi<_5QQcAHvsAB|=a|LF^I`XY5zqMl4|kxyoy?1l(kk
zV+=VjqOYBuor#ULwMZstNs+Ap9efwyAi5;FJ2)^ee}LL0M>LbjQpn~aH9xOyljNoO
z89^Sm3W#Y+O-=jW>o*!hAzIqv9~ZU(T>wQcCpvGyjf9l^4AD=*_+b@(u(P!lORFJ*
zJwVUn+daVb=Y$_I3h<=xdHyj{xUkAc2aOdT|DgeEbz3@qJ^_~&E!Y##_Y4+S(Y#CK
z`6EH#WJ$`<P3lMjoJnHhC(-vz!24=~9*+Tj^T1%!pVuc3H@8Fg34kFV?uB@Zs9`kz
z;eg)YQFc;0!=$4G4=IMQc(%*3U)d%R58X8?T=<rH$-Da<FKH_>`3&>j-OsBpPglS`
zZBUKGFU&6^DmC^i*p4hN(Z*YEKm9SHQLp_txV}VS-RiAbFKOgC2x1O!yTU10zMZc*
zC)BXZfxkXQo@hN)xXXTo!R71k^16)^etlq{=7AuGGhBMJ+$oM1@_uyAAz1~KQ{MrC
z_8}lzK#cyg{pZ&o(OSR($r;eR`vG!wUO>7AS~Jhif4wW8{W?9ZSn(ZD9y~VzOh%&b
zo+GtwTT#yM!@v9g>a6cL!l%U^z=!v~U;1S7&<_gZM4|l#sHEOB75?Ws+d&1!5hjFh
z4jAGG8(Tj?Z>lQXy&+??<9E2f-qhtn&$}q(M}^_Ud_PxBRQh+rNsu9k#*Sw44Jy_B
zpZ7_~iNj&mn*f^rhoiY}9xRbV6uy&!HxU$Id9bbgI)r2Jyf)*H?e#{>X3_y6wiaCh
zEhMifL-PU1AT1~t9CNM=j0SkajRTJ+)<?s<!I<z4=`zt(iHuf&=f*^9L}hZ28Jy{b
z)Mu1S6)tjR&UZ(j?us^a`&^(*18M=?-~H5La_>2Y>M=m%y7TxYAx7|<t4^!a+0fBa
zaRq#ab~?ZF;nj!O_ard<yOzgype^HeUv;0_6IiV8FFsZb({u{MK4u*E(i{KyQv4jP
z+o6jQ5rSwkK&C$Xf#wIWRKHG&<M$BXc+0^d-#d=;aP<Kg^hR1wAvp5^)E9z)aRzSU
ztocEI2dOEF_M0mQ;VyNa=iZ{4(hDH#K)QT0{D>-2hE1AV0}qb<U<p_O0i0pz7^}ev
z?KQq>FpYZsZpYpJH;rPw_fqwn(lkfJ7vRmOTQIz%gFqk%9SwAPxnBVeVTI?*wFB*c
z-sJsBjo%Dj0lnn!rTT(H=Z|2tiD02QKtB4l4ahIt08!kYvgk7uj_x%eN4<st)_**e
zUPTErdK}muwxo|Gft7IV=m0ueK#e~|=8Khx9F(UwWHdJP?|ld>a=F5bmFA3gB@VN*
zbH#@nttul}Zw4EsxfDY`e@}y*Zr@si(dl%hJL2-K7XiL#ITh(8Tcci&mxl+ol^C}|
z1N!{e_LCu|q*&>AYP>LE`)g1g@2_u8)YYxgTgHuXe%r;(ya-}25W}OK9`B({5mma(
z#`JcT{BM$h%Sxy~&Vb&f8!-5?wXqrK?WZLTLCx|Qr!9X580}9A+}}bND##@de70_h
zR~Oz24nXIRKNAZ!xC6|70D5yT-2<RxfCUFTWp!_43{hFk;dNorJoM)5U3Q|2LSh7b
z9LV79gmwZT+_(KaRyRAZzEp1>^(6+xfWaxlB0~%kdL1Mx+wjVTZjnQmBUhl$lOMk6
zO)=vxxVJp_0o@A(yLY;tyC{a?OR;Io51>e(PI_eQyBtpsEq9bPo5<5fvB`{fv1-(!
zp#l>ZxCMdyO3ou4X-;zqCKKp^q9i#^sRoym%S@If&2lUKTr7~Ag%rQ=1y&&~4}sWI
z8k5e}@>ZhubXi{Dz2FOhH$94AkC0RJ#znh}jfDkcm76>0s%2prhS=M1Bq{XQ)>kft
ze&Y^PuTWXR&DC%G>a|5QC*+cnHgfdPa4CGd-0@M;Y9p+Vumc5wDEs$-<|pu-A0Q3>
zu#3!h^1cKu^#$-|y8}#%4r&3d?3+Y4z3YH7LH>juQ)N7{S$ehU-rMix_dUy0;bBC$
zN}O>cT!{m5t29dL3lQuvNq}()aD+|poXX+^fRnJ%R9jmckdz5aNm(_FbX-NQrzH^;
z5tKis#NcAmM1zBnNq($CHo25xLcK{<EEfTFu=@mK+a{2iSDEO7*`ZCPz(d}FYYtKY
z&67Oz3`dp;BU#>uonYqfJJnU*40qIct12&VQMQ2I=f~Un_C5Fv$|OIk;AO)t(?qU(
z%pLk&$#N@=L$IMqOFllCT5|7N7_BcvfVDf(T~qhZb)RfIkj;6<!n_c7OAySbx(yD^
z=I0Nl<@XiK3vEVISy)K?U6+ARuMg>;MNn~=^jj{G`5864T3WlwX)sk7!XQnt`{BIA
zERr<UEX-bpszO*HX+z^7i<VjVfEJM^?(CbJ3+qk-v<U*`j=baPd?~I@Lj&MzrXM5c
z<sB_MhDk)lBaY?`w@(1>3nXSS99Bt})?uo*k`}fWi{A5=2((*enY!|QZ^quTe4~n~
zC>v%RWD=TAdKWA?|ACew+W}ZFS&5$KQnmj5Tde>NHlnG@_)P^G4L43VPAhsIKtrS-
z)u7Qhw1RWei9&>w2HtD8xP`C=XoYyGvV@NcMAF&-us5UC5UW?CugcdxaSWb4zJk*h
zOI{SP9Lr8&NjAzo8e6mE;`bkCAWbxviqDwxZ3Ka|zd&C0>WjPVFGf8Ayxnx$`=oT@
zhNV5q4F-KShib2hV^_?}hej-v531=522HL{c5Ulk>5Hucq5PMh?+CV^r$2u_Y^>+s
zF$=eA{)Vit?5f)&#VWvppT=kqruGhxo};XxsB%L5(Q+ZJb&6|4dJ?c0gN^|e$MM1E
zqNrdZ^Ixza4u&G&_yal8puzCn0mhd&BbfJrrK)h*xcK<mJ-&}`67x5oyM_rsljW|t
zTLGcECm?b~W`e=yn|OFL!91cp`cvrX!Uaexy^g{F(rSb+CLHSLlQKJ?b(Q8(9VaEl
z7J$^phicGc*sH-_5(0`YvcPpOclW8n8<dRa*@MMBl#aQLahc{l2BdUfQ9Xf@C&a=M
zkPMd+nN>_$ffY3b+EFWi%eSl<L4zYPAz(+zGrmXc29M*P8X``ilF_NK#lZ&+iIb}%
z{{Z5lU{l>*#Bg&rr!Mi&2N!i1-b66{Y4bW?bD(t_XPs8krESfbRBZE~s&5g7(lE=(
z)8vlHHFAb|h@zQ<zNhDkHdyZjuGqJle#hx)D6e<WU(szJg)dtCeAmeT^owse>H|IU
zDQVM%2Y(XoKD0@B;_xp2*3UE^Hk^<`*$4LE=s@vzcw%gM6s3sFG7yzv%f^%M7>=w=
zYbnxjN#j#IWvC8pRHS<}d?Q6UmGP#n^+TzQWWvCbNRbk<<TP)hP$=`b9f*;kbI1gM
z%{qGoi24<o%8#YTB2qxvt5hYjKtCKK5YA!|k%|>8t@q9A?eptxKJcdMjdpv@d+8<>
zGwd3$n-|`y6(Hn31=K9od45OpLVp~8qjtO}S>WuZ8D#9)5zf8fw4g;);s3e02ZNHo
zMup~1e&DF)(S}gG>T-I>ETaqC<y_gmlIPRCJLSOpYB%Dr-cVW1sHv;?1Or2?)m_HM
zkr1*(iWp6~ks2+ry2q2*Clu~?(lM)!&#JPxYPX_?&5(iO)$dur8c0g6V@eV+YLtpd
zE~?r`tuT>i9s(M(#BdWwR2|n2kme9|mN5=Ni)7FgFTq4Wjc3_=2QE#%6o8Td_O?3X
zW6cLbpQ7}o;2UTT%=$UL-Y@I40Rk>gn`J;|_H_-A(gW)5bl@0IrIW%UoAz6-u?e8e
zq?C&bxfxQ4;@-}`rN>Fuk@wet%A-rQQl!D?*3}i5qfIcrp|~Ev!;KJ-d7xedeBC1R
zvS9l2{qwXaP65H{h`gc@HXDIrO6a5%m$(H_oXz(y6VohZMEr1odF||83GM@tot@7`
z_pc-(_Y8iAwQS*=eEuuY`A-BL_YJe`ZiA-p%NvZRmW{yuAqFoM1S^HJ%Djl!CkfvN
zOha}=8H)8hHn4=YnOXe83XMu4MU{)*mB?MyJC@3KS!U}pN_h{8r0z}>QAmP~u@JhP
zN_amsX{f43cEKCHGfD|&>`%v)NpOHQ>WBzo(ddI&g^WtY9SenoodBWgw^}cK0uDuh
zijV{lmv(n|lRWgo0L|tbK5`^k5vCMG13Cuj%&B*8=h1h`aK4itU=8!MnoQxq0TImw
zfO-NR4*&-;0E-3#_66Z@Vv>9Bmp4xU05#+}cf>F>8-fB^l1Hdo;R?8IN3J}ds3y1S
zf-4CZyvW`9jSJ7W>ZdR0cP;h0iGi!vf&oD<&7jSBZMtar@k}=N=dH~}km?8>Hek;9
zV;zQ`p19`I@3Yj`cCHllaAMt#vL?@buL%#$HFnH_6NLh?MT1uDTJ7q~F2Dlb>qk#q
z?w7j|ycd<PHx)rjdO3{7gAtJ6u*9`y6wvPy<pWHWd2q{c6VcP|U`0I8;7}n9j45JL
z0-`z0jyk~l1NejJhpiIyqmsHJ61}5P8nBlVK7yl@Gq>Q83G(ppIBW^riB+n9kY$kd
zUNd&#*=~8S!;SE^^@30PLz=uIkDAIlJ(IwGu$Z&p^x2At<n4<-Uu4+vVRr=y&0_0^
zDDIO~nYVp)BbRBVw<gk7)TD9U`t?V0Gd0I)mihBdr~3CVw^to5#|~|mpw%IY9+iuS
zxO09ZLaseYpF$H$yRWUU{yqbKR_d)qXTwYJn#{fn&vqW&Pd})+?p-~8*}@mYGF|_`
zA@myDedp&vPg<O<V57o?m`KQ=3N;*qTZ3*ef51^s6e=$34S6%@B{F(zZzO=LW8TB4
zg(==aIv{e@I*|x*gAO?sks-jwY^^Q}L_uVN7kR#*>DeeX>YQy25!4jF0=p7%UZE=k
zPts!MpE+VS__fjLt+;-Gx#(-@&n3v|A_~zkV<<g8(UrzDd{w7TXA1t?xi!<hHg_H9
zy60)v>RY$re9r()$1@0@>Jq1HaM`Xe&dv4QD)L{n9$(2}GlvjubvwNzG7EQA7h_5w
zRS5mUbC6E3x5NKvGWKZ>gr~KMm}D-e8W&2JI!6d?@`>}Q7_|?&ArHd8@}Yf<OKoiG
ztrp`&%i~Y=1dK`5K*>wNnqVdHj+bN*%@R(;)mr->bLxTIYC=BKC*Or<$ung_F^<%g
zysU4{5p&^p`*o+DDPu~JakY3na*r^~oa?q1v|HL#xXp73w{(@boEL2V272PZe%jJK
z==<1sofd`ie{X-`2V76Ko1eU4_E=&tZnd=opAx~*$G-9S!;I4b9dBhy4E$gUV(t~q
z8|Pu5Rgxo6#+$$lpAu(sqY$k<AXP6bP-^qRm?HfFh$*E=U*p8y3NL7kXlYL0kVXxb
z>P(ercI+gJo5N*Jg~}Uu%+<_ckU2Mjt<7%@EGxFJB#XbgjT<A{t-G-$?_x4+`12;1
zDO}Vx+AcrrOlf7Q!)&Bo@p#N7Nyw#Bsi@a~6d1|lZnGJ=Y_p@qx!?#>oO9VEli;b{
zwNv?QE^sQcTPTrn$hbpGIV@EA?TeYTai2KrBN@0ea`Y`h2elxAk_nbXrs6fE6^jZv
z@KPp+q@Qa7@1pTjdEv#H3xykM=Nvmg^q~8ijMz#}xEJlV{j8N0(kAWdzJAHxMm>_x
zsCLxYtv`>M6s&_~CV~pJf#%7)*#wA=biUP(ro|@wzRHf0sm4jDdcTiNK-bboDY`se
z&-pN8^~dV-dSeWovZ4ua2#9O?1p}94&Y<L046K?CG8IW?!~x$nL&%Y`^F^W}Iec8c
zyyQSO)vlH!We&cGLLpa^tK)!l$)$Gd^0#k-JRGY97I5eH-bj()Uw773CP1Aq{`fay
z`*9XNcTXfx`AmPjmEGthEzgK)-EkQN1-YXVe>~0~ebbcu^nGkq-kRN?O+5)%3GKYI
zXD+|7nnT3NI^@N*Y1b^X4fpp`(o)vTuD`y((VB=aA{w@%ElOL1k)gWg7&p#tZC!ck
z!*<k()!TG;``Iiz;9hKKZkhjj|GqU0?XpQiKS2Ab=Q&JDjRY}VyeUiE*7(<*Cmqor
z^?Ak7lMh)~S!or*Z$zz3^x<4zQ*AZ`cBCY|ERV+pp4Xt(OeY!8TGw>Xy&PQNW=aXS
zYo_z0aH5|*p6+CFC$*XSZztdq0xU%Cbns0yQ=N&X0UR&Vfxu%N-+I`Utz9PFv$j_L
zyhCqfM4Ozo0%7AG*hwOCzk%7L5Xof`)tGaxnY8jv1|8Mj5UWYWnH`CniUk^m7+FqA
zTN(Cz6iZ=&PU+7=I*MM)Xfk=y8PpMZTeBjhoM=;Q;}VQUBQqf`0sS4?2stXw9Id*t
ztIi;Smm@WyrOPA7^B*#7VxJ>+B}D^nUoLMD1i?wZT!=PQH!kVLh9!k8u6qdNUs;jk
zd}}()rWmE<Sh03R>M$Ac(3w8@kk5vJ74YD@gl#MC&2($oesDz#I?+1B^O#`}ecD}<
zcyh^FV3;Q#IN%JmKxaGKNq$B~5#<n*w}$WSN@I31(n^|#@f|mMrLoD&g?OCjaeOx{
zNGWMX*xF7RlkVwRK327xw}Z-^vU~q9az*V!Aec0Zu&AK=h}k6CC(&%2$x^!4YwmS}
zIYU*kpvfKOL>?G<(1Vw3UL>#9%TYD%^2MVxS3!Yj=~^W^8|psC{tA!$@-se@$-#W{
zu#5UdizyqvY_r?&Xaj?)JT_zW!gwqS30MO5Jc$q#TDk!oNe=}RsFgMfg2BKmW(|=U
zR%<wil{OD;rX*+AT6v*aRu!|2E?8_{-l}mdG>^;%KcDs`OX}w|w^|%9t(m8eb^}@B
zw(?}{(#bQ+cS|nkd7F!;j);Su22FLw2>cPZ*Uf@wiBaIq>GtZx=s+C1=h*Zd-3SXq
zX|>ox+_!fQnnD<`$|h;V?Q{H5JUa4>*<QZt0Bv>Yn4OP3L-8G(U3Wx<F;jy{%(@eg
zoA@Sm8%{&0dQ^T(ApiI}#XjhUbt<DkgMsp3!71Sqo|oz*juVEBpWqLfUP_q2Gq)eA
zIje!WeB}bR6$Q76csE?su4MC!70;F{;?(<`wVI-Q>SBEYck@fN{nLX?=ccQ%r<2N?
z8qn|4k4BI)ull31CF6p>o;;&F4dwgc&Y{P0WU0!xsf?{Rg#0{z`}E$u$6>+i=B-ob
zW(68gkZ!@s$r=Rl#W4ceU=peUb~b14z)KTH%;FeVQ<B+tX`fTrs**4QvRqtTD)JrU
zV9nfD%db7nNTW<fwqt5?XLmnqvpEZ^Zf6jW4~v21?J3CDx#!Jn*Ld)<%PJ!ndrPL<
zgqF<&nw|LBn6db4+%YZJXBUi3_44@?GPA4rj1tutmipCB+bq_F)j}&<)IV!?#FV?_
z#I3qah00P?&o)D(b2C+lHD@2i)RJ;eNxN-%Q8Do4!VvO%-g|Gz5c2O5fK<)~hx&7{
zgkcH!-57q)i9i12oIes`C-iM1UZ4D3c9WOGNGJ7SN(POcjhgvTMPWanegdrtT}YkZ
zKrp9{7lqP>u7~#F;(D^gY@!f5*7oC3Y_QB~jz0s&%9Bi#9kfigF*TEO7o8oI8^(Uw
zc=Xr`Sy?61RQ9{<Z}Vv%_i3+9#XeNgDNC3csi#IJswh?F4IJ9DDzQEuu+oNSoSviU
z303{c7iG+n^EQuN3);*HDU*ft92n3cSt~kDXk5z4Q4nsPCi<F$4yVw#zyX@)am%SI
zbtv=HI5`4)se&O~3Syu(ZNT^qMLz=~@*ksmNuf$gtmF;a^)`XZEkx;bl5c=3FjZGz
zI>38RK#Z3Z#R<j6eRINLl$?-GVLNIpJ$`F*5HU$K)WE1{Z@M)lI)y!wN#&dzv^G7e
z5!m<<7i}TOzlH#3nj!Q+aTNTK_ejl<=RR4(5V5IIg{hp^-1F06qa%i>TLS41SF0`A
zW*@c&v$GE}a#CdcR|$z7%^&wB!M53?wDMT9ZKgx$C0Tq??S{<=vPKo)%f8B6Ot>a8
zH~CPt?xLG+*)g$s=qPT{V|3IE?#eZ;L0eK%?+H;;oVMHF+U$m?Bz6#lu5G!XaDK;Y
zH)^7BO$+ovw<bz@zH$35U&Y%SoLLt#;H2IBHJRd)q=r<2F!T<~mVD{L^Sfyst-xeN
zXcyf+S!k9r$kKS&Xpb|jtV%hVP4alcd=?E@lu=7MV-kd6PMolv>m-J2XX4F^nqesC
zui3E1o?<#jd1iUQ;b9^)k+FEF(VhXrcB+K)Q&$%HT*QIOS{H_7z@Ul7AsS)9W>?El
zOhxHf_E4;5_|T82GM;2bNpR*Q8^zdbar-+BNhUch4ASb+bRiQI67pduP$8O%!hsEU
zav9v3C<dRbXqZT{SeM~^%$Dvg8b=&~AF3VnX)U8iwwbFS8+TMA>kLwM<p*{ur0<dD
z+@vN-RD*a;f|C9{@9o<OnlYQ!RAOTBLQ^b)1mq<L;r1^X*S)#MkUMKM2JF>?roOOd
z<~I_&mY`rb+O9MQ%Z3IGkA1VL0%tS_wK};{G-|J?O~{;d&qfp+*Jbfp1NU512o#NF
zBq+PsjF86LY3G*XNU=UAwpq)u;PK)#xdf1RgqbgMD2#o|8o$ZdPklJ%ILTp<-_PJH
zv3gd%d&rn)<EAqMsq7D1Ohz3s49h&V|J;+To8HtMjwO^x%Z)Qs%x@C|f85iQ9L&}}
zI!xU6JiW3_1lMxhETXkgqa`GVbAeHU=78~BV~88fA&Ln;9Z=C?>&$=RnUE!5-AKNM
zrRHEnMhTmmRo7b6#okFsU_MqPGo$aKKu~Y>)%qP()GW{<FdS>VxK3q(pGP`ZjAySf
zePVB^IJ?PPmKHIlM?Byd<onfjT48k5ZAxpHXZ<^DOo`QbQV?15Z#a`1`H+-bOuR<M
zD~dJ7;+#lsnXqq`CE)uXgVE(w9uAr)7#wFZ(5P6^i`4PTpb67E36YOG;NnV@6xX_<
zxFr2@fAzQujl>ty20BsMhh#^nj17M&AB5B@XveO+7xbtfy*M=@VMhu07GvtVIlIxA
zJQ!DGto>zIw8GQ$ktlB8$Li#L&LD+y&9#X&?Ypx|U!?C%woV*Vxk8&yTE4g1A(krc
zg%_Z%Q73q+ri&CxF|tuJ8wFl<3;R!8!#53U)gs_joEn^uN@o=n=29xU5Y4QtY+T1Q
zhwX?Cp~9mi=ANaIhFR%S^*+uNQhCfMwzQkL)+t(4?Wkw6bWzb06DgEeW@5{D=q7v3
z(xPb;#yrKn6AD)E;_1Q9okx^8&CK$|ZnB9+#Z+HuKAE34?yHbbv9T8CAcpN`P)#<{
zG&TWv-rO{f$`tCkOHWHZkCHwYGI8M=ztUFY5Y9?*xKufYwx7jXB`w<p$)ZFtxELyu
zfJzR+;%p5w_%p^B3Hp)$#DLPbSRSVQMb4ElI@7&y1lAt|qfv}h%--yEv_#(Q@k#H0
zwIB{K&_zqU*GUV^_^3^&(OW+EjWAzyKke4V=`KB0f}R&d>lP+MeqX42fzs)V6s}-=
z6Mk#Xs^vCBu=RpDdCp)X?+Xe-Ui)DwJC_qEhbOrlJAAM+U>!5D!o_d3$kM{<ed-}!
zKNa%ZJ9gvBH$+4F!%eeLp+!G0y3f0LBkD?w@cY7W2VXF2qK%&KJb`k+*;Qt6V^3(x
zCrPMDwX~Nie^Xj=_(xhL)I5I~8Qvz7^$l)2EUgrL$~6l)`<ym=h$lf8;)#aHa-7lJ
zB%560MM<C5xOsYQ@(`hZ3PfKGo6V^h7i%5HFvAhr)EsY_Wf`x)<n_<cxrt(22bZMM
zu}oyEvj8VNqWsi!KXcR27@<X8;Sq}%8mGa2%ZkaGEOKj_OLT5<naMwEbdRP6$Rb+f
zC^rm2FNs-GiuhD<#=`_ygi4{w$*}9<N7uscx?IP^BvpjeiTb0?Xaf7@Q1juD)FoIL
z?F{iEl;$L59}aHH995bc%j{W<7LW)@|6~@Q-SEk#I8b>!GaEA61uJ=>dC$8T0Nodp
zsIjOtcxiF9mX<yqwPD<q77bke)Q+k77NL!+<Szm|^2D57LG!T@s7;}BKLXC#zVs_3
zF3Q}@JVial%39HdqdVs~4Orb~lr=crB!;i0v$!#i97um&(8gdz1TltF`z7tqn(GP?
zv!$ns^=-m=8OkM`9ddH)&J9F>k|PYM6>&RuKd!t^nC>yLz6=X-Ab35D$`)?s9b&3-
zKis;V|LG`fUG^jcX{=irE+m`7xuIwsmQgHxIxtmoiY(LAPf4Z95PJlB!r<0NN2=#0
zRYMn&m(CKf9($l-3;vXqD+=Yv?Wox_haXjLF8khNzz!>G0FqgaY1}djor02gx|i5b
zSs~BV*(m(aZq}`;KFGG-3W0E}dYDv>g=vi|3}FU4Ydn{Szm~l=-L*J}bYpO|HD!Wg
zl!bseywNJV!1fO1M&0Z5ddST2W4lx~**oUUxZ?s}mM#}cx_mSmaGRSfr)W!~5{x1C
z(?L>p6h`)~u(88976P!NQ8Y<Y!!UY?rUctabTy|%jcMs>1rr{!YUwm>T}3t1yd>Q`
z6>!x$L)ipui`eP?(;f1rRs|-xKC{E<oYdbG+lU|5;1ldT#V3!5UQ3gucrMDyYI|cv
zKw|`B7|Ie^xN#27gu--nYj_nfS-*E=M(3UCrdXUQv1amfKK>+V%cL_lcZ=dU7Ex%m
z3G*OMHxi<Wb0!PcI>^Dauga^zKZk6VJ{{YaxbaG*)yOewk5Y&ulagq}u)I&^eRfIP
zy^M9#;@(|gNVHj>w_Hg9<6WIuDIy`-XlBHjc0&02^<WDaKM2WEAd&p6q_;iJxQA_m
zH6bn9_Ho|>0WO#~<e&0Dc8xEMNzD{8=T_RyIRPy>T!EL;$uu}#nB!IALQ4_GyrcQ(
zR<9$ylpJDcmKY%Lli+BK_##*>tAf?tJzl|hn%~C;IK`^UNP`I<bCcpF_D}kQQYM5P
zs8Gx}9PHU+6saVx!@_<g_r9yyg$l!%U<-Q0ol@ON))^u}=X{qE%*LIHB*}Cb6Jf8P
zVX0F*!8(C~iBj<cPZt-35bnC)k$KdfWQ&YZ2JBC9byB)qK02|=;qD2Q<lTegdRY?2
z@2w)deqA-lvE!~)Dqj7Ree6G)qpyhMZN@)`uC=YmrGN_zp-RjDm`{TB{)y;^qATct
zX@X>pwSbpXd`uTQTs)FTOD+F}GEiQ79mTpqBB6#wW2W|-74H-`#cp58IaZdPPp${C
z)2Q7PALV+AOo(PMmnuf>ZV({`v)3&dK29vn#`bE89O{UF=s=2r>=r4uQ-U4wG1$e<
zePL}pG178kAUhLmAys-MCzCDfTS(}tIvYJANeUqzjVZDc`(OoTBxRG40_Dw@GScMG
zCQM%PG|%4I{205N>=iXUau<t()0;G;?=S-yRfz0lm3Uvu#BM%n9^mr1$}`;0p40}g
zs;HtHu}SX}MzkExdz3Cb{D`$d;lDsQhoJ-IW^61;PrmypQ@dgm{2Zma;Y79(rY%)!
zT<f!s!GE>*d*ILNF(m>QC2$8FmbNc_jct=%$`vU&TQSLD!=8N+x-#@@F-M>ap?7k*
z2(1||=O=u%(6#R=WMu}+ippqp(Ss^|cRpIWsEkQU+57WNP4f9g9~P;6sThXVwuZge
zTX^b1r@k&EYWCRp*yB@Uzl>rNQkG+C1$vDkhG&yUu)+-o?wJuiE`ID1F)iH1eK)ZP
zruYp~%B8rZE@HIv9e>6bN*(fRJ_=FpGG{M}Xj9bjt58HK^rk^QJ5WaXsL#eT%I5>e
z+_37zCE27*{Ua9RhLM;S5pGKoL&12k!O^&alAKg<Ei)dXpspYR;_0TiK5e?xPl?Qw
z@!^Bq_4kuRWK6-<q9%AF7~THwqZVkK1%9i1lznenc^graZaF|Wn&|o7Z9m}ocqC{{
zE?>8ZCr8BaY0*#jV|$I;+FT4xz&>npfGa5x6vdWP${>%AM?=5UZUrh`3|F6-p<IfN
zEG~>1xo?&z6#`!IO(s^7?DLP^5U)-bPx*|7g!DkmDz?L2%ttA9@^rQ^lggIepZ&!j
z2QKmDKvKi~^zxL>@{zo{UFzOsC0r+)N2~&fLpR7K%9D;&HIq)ab7zeN5~}M7&%R9*
zg~Iki3jI9b36WAH(kG(_A)3)9?`%wkB8e)XQYf91BB0+3#>+!3tnLrCkkW-Z&$87Y
zK{3n+MdHtO6Q*INV9eI@p_C`oP;oGsb1vkVn|iO&%*Qc?(Z@}3;|w}NULve3B*pW`
ziS?h%OESpKWE`mW;OOW#8FjzxKy*9syn4=T6ed!|Y6mYARnJwACRMf~wU&Joy+td@
zg4~Gg;%V40E@z}gX|ES3G26C7c(VVrYL$q!NbHi6bdK5ap70h`aK3{g)^5G;!nQ3<
z+_BEVOXwr=rHmseegTGItnMH;upzq$v(f{<%!ynA%8{>EsY;Cl>pMFk#pp2$Rw~xu
zVG#|c^h9BNSqU;_@j;#0LMZeNngYMDd=ZWPYH5%fou(0D`mhtaNs*X@vJ#!RY$=#S
zvDQGWQvSnC5ijQ_T@9yR-+2-95%R1euhcc=G{lVe?n*KC?9(DcSyZfA)?0+7<pv1k
z&9j(nx=3fokUlH2jv>x5o{J_ld1>-7aM$Iwk^Gx?kr!P8DJwa`mM&Bxalas6ZfSPW
zY0}Q74(G=pAW;}gg>G{eo1ON=g;iwFB6ej=l2G93;u(7dnk(^R-_fP{+DBVPuEBq2
z)mK`3gp92sPc=qOa5gPDNDS>wPc$^S*lAf9O1S%gU!<X0Pkj&lVy#13a5;;7OjZK4
z@5QV+yJ*>2z`)fR6~*GHc?Zo+223g9r+Z`M=2>LOQ{rl4toa=Q%j(&d<tBWM3rZos
zZ^3cod<qT)!%l(?YJ_oj<c;?4%7;(P4+_q%xj8yW1K`b@vMln^MTm)w&1Z3&K6Zh5
z#?L?OUJ+fb3zWX+<@w=AC}k!$=$N5e)U-Oc`N=%k(m#z#PBwo{*e_$|2+52;dMBbw
z4|7^Dh$~@XalC8u2nDWK8va`NBZ?0yJH>Zd3_<t{e*ApJoOwjEy$avvUMY{X_^?La
zQ3XuDgAoFtNAHDjkPJ%N2`Dx}ZY3W*CQ6lLwFP1K+(*9P4BW^%nvyY|NmF*X8qQ;B
zcJ68;<+MtE<gQ!i0AronDM_;vz92c%!Y_MBhCu0_&?%^OnwTXxki)Obfo#%PfH8KY
zOIZ7@{tmy!e2#E70HTZ5SJqukqdET<L}KV;LW$D2G_9r5>}x^1ZLDume+&KYaWXGa
zb4%2`Biyw@-~b+N+#ep;CdlPlkD8#TCxu^n*V)2aqO`E%M(R##%%3dxZ;R}Ry0H<E
zZRO|LF3KYyH{1k;?}J?(gE_x0Ft(&c*P3;n+<&x*GjMy(k}u8ZY|wk<@=#@J1*Paz
zEqS-9#&^<Z6YHyyz~hT$%vo+@27TybHtZB&^6YHsuY1JKIq%3oIer*oA~}Ai-brfQ
z@U{MPLH$hOcA?~DX=n;sC>FfLxRO<=e9_s4o4hnguzXitu=-5R!o+np-e%5Y?fSU=
zb#@a<G%3UieLXdbU0v(fb@5BQfU#HJv5&6=_){=QT<ALlzMigC+~NCr0{0ww4b#Md
zXmvYvMInkbx*QlDCs5eH1GfvBo>SpFX@vtw-$53(26@T$7T`kWS$0v>QT!W9!@~T_
zDvNZoYD}3DTe;uDayd_3*q^&-Z%#7yb-`gMWPV0|6(I2|s(-*eV6*&OsL>UJJ07gA
zc=j7>q+U5DnQE!Otaa&CYDH5JtA@I=ktjxnE{HwDHYNGFKvTSuXUf!!`YZOTBjypj
zGX;ML5pf`t*3`!m%%D@12XqLMjUy8@YBVv&p8bb9wF-$L?T71254)}x#p+UZOWI`A
zxo5E+(^3?=d=y6aCU9kZx<u=N5#ps#A`(RNt-^IOoX<C&6T=EwEeZQ(h_3~j1(2>n
zV&TT!JBttus)3jKJ2ND<O1VE5?HB1{txKN@!?^?>97FWJX+_~1;Y(_yBov!BRV3HR
zDct@($~8JOB)e9D-7FB1t4JGEcI3$!Atyiz+SDz{O9T@dLJIe4zt+Bk<<7;qm1c^X
zCly<cUDQ=H<Pz5XfSrOO8z@XmYEvjPj#Ypn<O;9ls*ys=6FmiP0vbKA!K)*9$yRTn
zuwj#ADl*P!wdPnd!y7dbE-dDcE^7SnO$4!=gOz;GDsg=x@lhCGcBELRF_)B2=wzKT
zmfV%;CzdxU2!pRrx;Dvx=69fum8Y1Swv`ry&DEuWkAcB9d3Sew$qR(W=dWh>NpdHU
zsO+{oUiU2Wd$2mjo|w{hU1T8nffRYSrflhF%buw?r}bv@Ki8}hjT-Z^$vVr#zYi95
zSq}G1yP^cPa!jY1rFoO0$gKzzqAy}~>BBk72ZWz!0@E^W2dHQwZ&LQ;a(G7yp~gth
zOKo>j)H*M)7YeQ8FMsEqQ^Tp_27}Sg5pXP;ZS6$vrB)kJiq*1`^SaXn<)+nqFvfC3
zR%zLt?R3S9l`q6}hc;IkkqA&?^sEXcr*+lKD3{3zaXSxuB56KrFp{um!CR;k&9#bV
zOEm)S9@$S}2uQ*KFW=#NXDtKcQLKVOaNif$ch-wqhAuCStI8qhgl0*d8}CFhf=aV!
zat<#J^+kS6iv1p~J9Wy%k`T(jTUD#eu`oBxJ&2VPb2v2+i+(2w_NV)(337SkBJZ9h
z*c?j|Q}KL7Tj_RlT?sC{G)3*9S0EAfF$A1oU*IGhVg8|6d=4w0mxI|U?>md#tKzL4
zEb~+`5Kl_55-e|0(P921+MRsNg2ff98fJRjNA#nRJ6fTkISoWY(hW{}dCst8*$83F
z25H6}xm?r9`S_$H*k+|;sh%05>JuItz*MpkhNMuAh$mx?mgj4dXc*i7)pU;0l{LZM
zPcoTU6Wg|JpV+o-PcpG>+jb_lZB1<3e9v?5eS4h``@>#m?XK0`)m7E~`{Q|);zxs;
z6k4|-=q^cwTOj0~??>fcNUMa?KM;o~Ir7?~M5=&h*p&qwDBCJ1YaLNO-AE*lG@;D7
z5;KeOO*}`&s0KyjE$x-H+<t{}Y<@GY9~k5<XmY;t?$6SS>WcEoXp4Q0olKd=ji=yA
z@gplhDjB7bEb5$5Rfw{?-+d(y9vr0Vc+w;#z!Zw#^@W9W@UtJ!X}Vu%RSRJ?8Yv7O
ziL^des@rIE5$is-#v+*RQzGCvqOK#zIK*bpG@_`gKB20nd7q-9n3PehK_nw2YFzOH
z=5Q^nPH&{Xl1%&}Q&OA?DFx{Yktp&xm9hNj6Ba0+fP_mnIWa7%fiT8nV*T+{Sp~}^
zz#A5RX=$Lu6PiSta8c{76X^!7<rhorS1aW0h=QLP-&TGJ0jKFbB$x^bZc*Bxhe%Sa
zk6d318-p~$T0qqv|71TdLp%w(C!Hr$VLoFzQBInVWz$?N;<#d9d}KkQQmOT=tfFIC
z`Ubya{6aN_90{PpQtMxnqw4eU(o_5U1;v##4qIyxd(t4<#8Y<f2!4Rntarp8v7dFW
zHYm}I>N}?XxGVY)(9d|^=C-1w;{3=zEPu||4HUez6$-46b>dKkwCk&}g>uDHML-6E
zPijSk$aj!L=1WEtC&FnB4a63d5hv)(OYZ$D4i6jwz4K6Pi6paPg~&}*`a8=lDyU;h
zqY3{0a9gqD;<@;w`>(Wg(&AXuvJXKCcKWUwmBKKMSm#A03~RS&nbMyeOG%z$NE1}X
z-~lD(a9yy;?Ql3B{!>jdlQdbven1gX!L0@)Pk!*HKV;t%ShrND;qJO3W`AD`{$Lvp
zbHV!@ZO*#KtaKyS<WEIENE|w2vrsls+kHj<WEUcojLUX@2;+^Vtt0Mw>yb3?!m{Pn
zI>*l+KsLXW&Oo|Zl<J1iyk=5v2sTIZdnCJ@1KJ(qx3s-;611dVcqtYZ=vH46aVDB4
z-OtwX21VdKc?P;<4=ISz<D>_w_=`eb&QoeV6Nw>ZW_nZ@iN`VKd20F$5t0RSUvfQu
z84!mus;#R14P23D*>Zl=P>@f6)P?SP^g#!DINK$v1u=PWk-hRv;WNL5DhZ2L>ojYp
z1?IvRSuh9k5LziFZG!Ls1tY2CI9CX<B_n3;I(d4T+#Lg3${PtGlLPeh>PZd4ksS8(
z&zTUd`)FW}V4SV;s*}QYahH-VRTLqUumQg~!BT=Ggu<}fn%4;JaIZ@yrYSU(gYJ$R
zoRs19gm&=OKpY!Ydc~J>626G$anYdLBZ#C?!G@@r-e8oXCQ;>$9r&~Jy7^;0z<sLd
z!V$t9`f|dyB*HLeN!-#K17<d$!cl`;9cNMF4^El&^M>Mb4-<vrN2ap0WkQ1TtlHr5
zqswx*F_K|XQTB+K;<Hnf%$y6ZVp_!j6RJ7CQ?7A?n4701YPxMqpf|6QB`y_~te^MS
zWdB8`>)nhs6krB4qBtsScU)R~a{Ys4VuGqX)<Tn*s-tQ@UYJFqh4%4)jDMcAH@-6`
zV53?y!;BzXJQU-Jr$UsCxhsHZ@CUS&4x+cf%@3*I`Cs8^tc!wh1HJXa|029oYq+>X
za5l$>x1!}A>~vNd4Q+h}P?iOIbk9cs2DpzzJ?Fct<;7Gn7y`vCQg50tiYg)J^82$Y
z8T>niDH_7cr;ECFMswJ9!E2YeWK0$iKP@mxXlC%6MALMV5^$?`>CCK8S+vPO0W#2}
zSrmTz@QN$DD2H+K=Tlk;lH$<EF}zf2d&N)WENn9}QwJwJ8c88fQp>D&w&zRMC#*2$
zA`S@IQhj#yV56*UsEMfLYV8`)$~Q^V{hE!ZRpA}MvEJP0&psMbX_^)R_!l+(wjLI2
zZj_nfF88rlfrPNv4p?1Bxl8K|9tQ*Qpcg}m;B=SgK!wap*}~O;#Q3Zk3smx4*s+NH
z-5?MMywZI5IW1<&C>pd4BmWxDcRQ(N*HwoQtJqCveb&`Pgr{}Az4tUK1@m_GKoHr&
zPWNANIb;OiF6BV{ypK(=alM!xhgrNgwu2I?CI$E<Q-yg>+I01pyC`(SC+VTWcnL`L
z5b~=<GnVfZwD`}PZPX(&aLSB+5@hLkGrHO&-&@W(hcv$McuMctLNJ%AdIlQP?ftmp
z+rX~leye7_-0r1oNVh`tkmj2?o@;psY;=KV31yVW*b58Jt@i`b8_y?$><|`oH*{k-
zYp2!I3zj2gY_l(_$!ZR12N$BS5W2`zYoTgb*0I^gGz;Y!5svK)l@MCa3tBfu%W^MD
z{}F8|c{=P4P`8jvaL(4zI5wYvc#<D}^uH8wPQB2m0V}u`3J1==WOE!C{aPo=P%Lnr
z$WcZ4nKNqq%odCjIf))GQ`FR~SMKR@r-Q8IbS^!;f9fpujA5U&z?3Ts;(5^Q*{C4W
z3);4=D|tH8n)vi>lJE_Keia^i$B*Qb`cXui{-Yc^jirh}afU|S0XO04=MWPE9@E9+
zM)z1)gkBVUp-i;vx}7yLPV=?{F+CtIHbIy*@1}DhiiUe?L!6@TmD>d$2)_kH-kCQX
zN8aU9;5<$B+;XZn#!hjh#zEdmCbDZM3Gn~1SgSJcJ2H*<m5Y;mxQ7WnQJ+dt*i4?|
z{W0etilOj4M}Z)U7+Q$e)YK9R_z{!yneWUMB_r?69e!Ag+b8zOYE{IU|2Ufs7?3-6
zo3BfF>kW~BToKT!c&zHUX0KefUV5KLYS>KGDqf`Su-kMzXCzZ>%KD|8ylOKfm#n@0
zkOdzrZ~`$+v%BzhwC-GJ;BHWQKWeDByPVHzLL3?xn?V6zs)L#`EG?j*_^K5%rVdC7
zYMbCP3M#DFlRsn0;(L~r>DHG4Yy2UbZkFDW8_KW}ZtOX->ro2z)aFlX_6<x<Mm&H>
zMF5B#H-c)Ije0m&AzciEg3{ekbj=6p2RKVDS(KUDqa=b$bFO>m>UT7gx4fGF)|(BX
zD9Ud-fnkjJ+9Vdn6tCAYpcO(RNL@qHpZe?wSL`NWihg!|GS(I{7Vy}*<Ruh_hvTqZ
zWMcYd#K*p3MJ{sJkexQ!V6)hRG!M62fHYzXOku*q+vzk{yx*d!36wWaq!xH=E8|;{
zViBlpe)n`Sfc`D2n65sRaX;zioBy#XyC56rC#m4g92kMUWz4LfGrZ#`Li#J~*F9=7
zCljVDqy8cWDU6jj(=asaA8-{FTt-P)VHOt-zWIUdnJ)8+)6Z|Mj<c-a9q&%>ZX(<!
z-|o4pz-zWo8mjNLx}|cu8KyU_Xw-_Z=ggKBlE$Jf(X=BPd4%>Y3`0csbJ&NJL8!X!
zs#kGTF9&Z$MHe<U+Ba+JDn=-%ALW^t(e!!z0A+$lh2&gPbL&AOQ%11{d8gkv?};k9
z2M>O;R^o;<>t8p+>oG+5eP(q<sGFG^ZE&40dmFZ4ZBq;B#Uk;>B4FTzV5Wdvl~D+^
z3f&(g`UsdgK$1|qMsI$$QTF-?frr!Q{*o(B0^#y+5ZdHJla8?{ffBUM0p1sngWH$H
zAQ>xW?(xC}+^tE3LaAnHH}c!0g`$nbh!;sW{1e_MpPt1jp8cP-?rt2yi`cN*#&f+_
z9(mtmkFnxEI<kcK(E5~5TJ^9&c$WatNhhFH!V$Potm4$fO|}(bsA43Sq*tvnY{&%8
z!hKjBstpQLK7*0se^C0)FbCt6(3FEEEn8*WZA!;-$69b$B2*^~b&5<%RfAr_dK?*t
z#}w5JTC5Io<*?es1T@8OcL-cnogoWnm!Oy`B1y|*$(8q8rT(!kc~h!lPzBbu)lC(<
zXeJ|sPKI&Dkmhh1Kh`Pq?_no)zl>}81;RG?1!sfH<Q{@3TeihFVKbFw$QOGO2YPJ8
z4x7C?D&b+CZu2+%<~g{zy3`2%J+(<hO-d9<>s{5I&3VK{FTr4)>P!9eNn(FiazXpg
zI|(Ah{AdaCx(WB*Y;XYbs?M3lrs5cGYcVlIv&A+K8dQ9`qU@zg^Iy8*v}TG_WXuUy
zaTUV=Kmj=CO9RVdx=0i=71Gkx$wPnHdFO*-ZRHH0ZXR5_w6&GO+&FfuOX^dOsiP_3
zy2^7s<M0=Q!>U#ck(pl4sQpau+LYC5l{gQ_Got<4C3v!v0)Pa=zq!$h+J<VKs5GCE
z4--`y)bQMhXjfit&#IZ5U2BLGzeU*b=nIL;=Ojsq_8A>MO+)clb}_dk7EH?q6*?b3
znMn9VY|+ke^O-{zchl)t^YjfAgY4)sGiO5hV85Kzueyo)slgcGUBPTyq+A^iWP=tt
z<7KBo(g;}|yigXrC<+-|hQt(r_f4wyLEf(}<*~=f0C{{<8-fT{vw-PnP7{~~r(hh}
zl(bTtYLbzf!bY!JG)SaNnY~ZU{4-*VwQ4ooklWsUZOCPN5l~z_EaD?`h%Np^fh)Bu
zLrSQ`Q_V6O4kM`OfY<}$dcRYAZ0Wko%W4<Fr_!kQCX~=(^*Dz8iq8%tw~gCK2fI0F
z5sD~}!kF~**x&w#jin8db51E)Lh>M2I<l(fYQq^Gs6-J0B?Sy#I)KyHuj1I#ZY~_G
zNlPk(*3O%b1;2?zVfFZ#^c06xo@BGGc?;f$3H_*RkNHRAFP9*c=6oB=l9psN#l(9*
zS%u7a)&iyiGd1H-qUU8&J_!TS`^6Hr`t0G*uHsBN7?rru&%r@j3>+&~Zk(sQaNQK%
zD47J!fyvw^S(pF|^+F-sMH^-*?Br=mWAT>4hN+9YUsNGFD~mdN3(IZsX|0uf>O?~l
zI!QgPi%F=TNaO;^Hs(hOhok;QUM;bMiN*8N`H~Kdvn;Zm4GJV>sgUI)v3~bsm<;sX
zIdyFM-Mhw`sho!8NXf8kni5!~bON@o0L&sf256>75id*DR%;Al+a1H8R(@=b3QOk=
z=#e%W&m(m2*(iRrTG?c~vr`-jXkRmHFNzV~T86dOmT8#;e6}^QQ{$4bgArUaO|-Uv
zYQ^<7m7|;}MSrS)phg!e+#xHg>B3^;rTmIQg6|a68)hj8L+&x2rRQib#4HX?ldh6R
zOdCE}Wzss)%v2^)C1<ic7qr{5CS<y`Y}Wg-h~P09FH=9HO8<gm85K(FU7?^4*rz&1
z6K03MMv|85RZ3%*+Ne>j<r9(=vjS)*tHnhdsG}%0i`=Tiwy%F8nZ$DTCkrW6s_lE}
zN*OQV(p5|b#3QT1%y7$eq*RGip;MbFMExR=vcqH(iclh(pdp|_GIUB$V4Wi-Njle5
z3LRn`8Ps7lLHE8Z;=9mv73Ux!+%Jn5mH7q9nj@4E;TW8qw;0J&2U{hhPURAaw1av3
z8YQ1a9&O=bKx!?nN3Oc|-Y%DHMyXiN8i7RW&L7YuRp_N*uDISjMLQdn;HK8w$vUfC
zA&fKSKZO)Z$LdnlBhW{bbK{nC5IhR0AYH=h3g~5n%%J0cbtuogHIyC%k5s9WsWsgz
z%t;{4E-qLbqHh~a48$fR7{!rjV<+g{h^V|(%GbDqZ3Q{1!Y#HO)t`I=m1apEb19W&
zZgwA~jYoD=RY9wCEHsI$sRtMpsBB8sTRu}+7EafsDVa{3%Cn|JF69b+kcmLhEtJ{f
zS<om!u}HU54HhXM6-WFqy%LK22p3|G6lP15nZYYtsIE5GN-;rY3p2YA9~(z4|3S#t
zD?u_WOY}<Embth^bXprz(&TM@m#zY-?nR_#pVgeM3WZDbgd7yq!wjqZH=P@J)~y_4
z{JPBn{{R#reqT%usl9lXAykNr+C^;Ws>V|qy@u25>rNF`9dFxpb?z%G*>Pr`Qey`V
z!?okSt1O|#K~XPiLTo-BWjHUv@47#xfVvEO(J!0f9t6R48ZWD7%5lPM;x4m?TO=b3
z;{v}1bx1-EH=VeFl+V<Jndxve-xSp~a5KvyWAku|VrsP|vJ^aB&w{m4fro0LF`~$%
z?P@YJiHci7mNA2Lo9}6}b9>}E`7r6pv6#Wutg)Dco6`n#-H#W$xTq%X=#T~bh>7EI
zY`GZ%hC<#riYVBzSw@YJj4)3lCA@#E&|61V+YbwO{AILEpYlv+SiI7tn3!dgQggq7
zG=w&yTJ2zmSZ*|f1I_~wM{Za>R~9oacRVF)i`7{yt{g+9%#N+ffIUkMO%7Pk6>CFd
z+paq{TI`2bMRJj?APdvwZCr#l%^;1(Q{);WUnPV6!H*K9xwuMER50v@lxjn2ioq=9
zi@n69esDu9YL$TN&}sZ5@aiYu4xWOm0-TZpo80Fr-o{$2&YdZ7tU%Oo&;Z9aM#BhJ
z+0Mg7)Vz=t)3mJ^bAk7%WlQEdC_+%0V%zO8UvX4jB4<B1BPVa#BKF4-d}!IES%$im
z&@S<iQHhFei=svox5*dEdLiB~$mYt@LD_`U__Iqv$lIe-_=ZEj`y35IWxSdwgv`Hn
zCm7-(61cd})s(iZx>+#Ag4W0oJAf4gB=OTERwc|xMN%O=l`-*EOd^%J{J3GI_>_ej
zMK|dP)Xi0{!L~pMlm(OMFlwsw#-ec4vOvlN{RN^yePyzY!+6rij3P`7>J2H;qByeZ
zBqMe}L4@5|$O)^PMS*hhVxBMp<xlt2MX}#U<feNJjgf07Z6bE8?SRS2VoX@l>2;&H
z?}{t~_#?9TnN-cvk2d*4jNkY*AS6m`M`u~pmXNA{JCznHgM_%~RRotD%guS|V#R|q
zw*OJnK^@gx=z47gEHUtY1T{uZsBvK6FK7M3a7|v20(3(TE|~;w4+X%!1PbvphD$@>
zF0}>?IZj%8*R(looGBEPdv~FW;JyYYJW#`Cxp>&y_lpXdfRB+V$P>Gw$U7#gw3_Ce
z85fApv(U5*L<>c?>7r7}_BdrA4N_!wH{`jMgH@?|T>XAQXS%?yV=E=)U!hBcCPZGl
zH6)@1pe+<4IM5Fe)Ox&p{(N@bi&3>U><TVU<XtsKA6ZBEI4m4XP;5z};>Di*HGqgN
zJ8woaNUR-$!?X~a;2&(kBa==Wpve*$k8BD@usjyJCb$BQz_#@W(Ar(yA*?0xG#7L-
zSxTQ}qAWOYTU?gwm%wXSHj{ck5khZfNu_KH)Eex231j6?kcu4SR(94c=U%uc<(6iQ
zAl)q#KNUU_H(tiu_bZDctwt$&kxX#R6XrY5AO-DQAp7FvH<5-J#5at|qqLbq*#v0a
z_S#+i%(n56B<ett-=Z#;3}i+};FO}<C=ymApvGpcz-rdV+pmp4mAg4ufsoeQwM3tm
zK=gDgGOX6y-i%GBiVNMPlzA=5Rw_|htdaJrbaRZO%_vHam}VZVDL(u%viwK&>k?`m
zuN<LR(1|+rSc((0UZ54>2$9!pDt*Bz;VXW(X>R8SRjZo(YmXz>N`bo*s|8nj(GaeB
zhGe*honkP0Kc!d5{tq$aBKvgR2FZ2^t%kCrI4c)xPH5%{3*^=@Tu{X&A_m5LB*Rv@
z^?bWMs`5R;>4Nel(IpAgLTnyB)p!A1xHt0zW-*pIu(c<~e}M9~8aFJ@VaoEILSF7Z
zF6YrGui~^dCrC7ui(w1aWGZ_n8r9jLxLg1yjYmz}j#3>0B4hVE^<m<w&OawxI{zNK
zgN=yAF#n#LQk+&lL_~Dl(vx<w5t^wp9-Fa-!WhoGHVORig4c<dOWme+&hM}$_wsW(
zsdFEpu8WmTMp`mUDp~1|_yp~{4X|mE#r}7Br@Dzv4!3+D+$2L)E#v~8R35!a6F*kO
zopn4>n0p>;N}fz|AP+BRJi}@+D#^A+^*B7=cEyN?R($4i?IAeNQ?pxzPJEkz@4D;P
zwFPDigr<@AA?vXobDWZjBvJY#N}J)>VsiECc;ep8jig4kXK+K}=$&rp47i!HZiAy)
z5H`5CGgkEKkN#yq5-X0kIJN@M{kUQwRxuKle_V~(@6pv=vx?aZZ!{R_OdC9hFR@<$
z<|b<jUmLu8=-?{C6q4WBOc})oE%Z6Kc60e*ZOV!xxRaD_l4Cz{o>R02!?26RtW4Sg
z0Rbu*GD+dt<z7bev(Dy^lZC@z+DElYQJMoqOxR6_iDVoJ)R0+omgdjVI8Uh2oI4(q
zjuLUfY&XaVusk)F9`if^s22Pkox$sxxJDoBJW8`r;$UWn+&gZ+r>I6?B%>^CR#b4v
zNS(dJEGysa0ERQ&mN17Z-NFv43|~Se02j(`E6x+C;p~uMWG#!{q5v^_0Ty0S06&}0
zu6kZyQC_8!$Q&%2pwpyaU@-TGglBwl9qlCF#ZP7Gudz^Z;IVPM5*9AjEzQssmk(ek
zIy%~LdY@+g1&+N|(~-5exiGlwCsU&asx<u}1ELXYirn96%9d3Vw_z+MA!S)Xbqz;5
ze<a{Ntx5gM_P$)wa`S((cwq=nd&8U&W=>du1$?0oQFU`P86%_6d8+7wc9^4l*6_Ph
zb^v;L8)-&cWIP|Ef^?~Hy6L1-I=!_F?MGP2uy-X6`M&5uVT+SOIvlShQeD!3W6*+N
z8Me!WYBO?U+bT+b2pMvPnL>`+{H!B#7Il$TRYG5@)RHOWxjk*Gwh$k6Y^biKsgUK@
zuf|lozb9#lztyuf_|FEn4kcU|baXPhW)aQEICrtb&(VEq1uMjFEy%C2{S7=?c6-AM
zN1rEnjULI#-h(0TFQ!Ui-NOBgY8L6mb2Kkpc_dR}NYe*fnc2mm@urQK<XsQTt!7vn
zWYB56%o$w|ox{dVNtHf-ntPj6X&qmaz37sdfquE=@FZm~trIy`M502L>jt=_|LBj2
z4AzflVi_)3gFA0F^XZ({_cMI!T|(@d!)}+RXBrhp!vqw3%!Q`~0dGK}uW8XW2oY&M
z9zdI+KpU%Nkf!4WVmCWv2V;5QWS!d7Za|GJNonEXM30PQa|+L$L?;DAd2Z2Wq>D0F
zv`5vRkdsa1oz6owSK2g|+eC>4C=Q|!uvw{~G0BHnS+<d-K1`y`MH^k<3bIHsR}_?q
zY~jtZm6}|{B?My)C8!SmDy^Vel~T;kq4v!EcbI+Co0@CgN_ZOIx7)e}LYBctlf&#T
zxVuXMZ@lwmO!N`P5P0FjHr_^KH$M$01F??3aVAc9=wL4$gkZrRi;J85@h6q!vblfv
zk24D|D16-XU?M!aTJJENzf??xKef?uO2mWQo(idCLdpWsQU$;zQ2<MiNs3-^&LCWI
zKrx1ljXqywhAss*jYV<yqs@7f66=&e3Wu#5QoPaHvp^&x2FT$YjI-D1CJ)bd{*hL?
z=kKQUPqPL@l%*hhoGxFR^)DS(gH*Ab9aY;{LRxPRdzpC(ZR+3>Wdt;yqH;zWv#ya=
zNX1$RV?|a}zy{q+1s4Sj`7!ff$%b&VYPRrn-DuP(9I`@6NjuSsnzh3PxpCw6#x(7J
zwU&Nd+@8t+1YdmqS;OOZE{`!f2}a7`B?Eymdoqs^=&13IgZ_gLcAh7rSq^^jfT`DM
zbG^)oUo@pw<0~zw^-=Wb#}5zmIXwoi1&1TF8jc$UOEa0i2e;0#-gfhidDs}<rKPAT
zpLHkffsA(~-I{HvkcUe3I4h7lbsuu^P15asn!+(W4;u2^B+&pt0b^Fs(w1p<vv#C1
z`swV%`K^A^-&ZyPcPi6rHh_|a?O8gP?;B?Urn=v00&%jQsmM7eq;G`?>%#F~0&xq)
z;B88Cj<dbYLqd|<&#y^XYL~_&`?wTeggJ1dDU1R{+@#uMVuIs1EHFP8<ZeNLFyXXr
zvW(~^(V=i`)c6LXyS7X{;zpn0?l6;3Z^WwV>p(h)KaHBT@DDtkMMX5c7Kcv$mn*$a
zO=neDM#%evD#mKC-v{6d@1o(clnL@1n8iY<^_9-r@n3R`E!HzplM#M1CcbBNk~=3B
zE12A_UQ*~|8C30tNz(-;imq2lV2W`SsiBi#b*@mWupe!pzKU=aCDwZ}F;Okzm2&xE
zB@STun%F<aHcD)j@=t_k;4&)MOmZqluUO;wtW`FVG#eX9v%vhgq8LdzQD4|J{nLH6
zp$l4>c$Eln6INCYwwTEn%ZNWG3JU-{raedv`N87Rrka>0K`KmC4SkT&<B3tkW3>8_
z=GJ2SNX%H)1--DkrH9;&N7FT-(e-n4Ye32;Ut=~U9v*>X-3wFt)G%(1ifVjbd)g3K
zAi1d(gyAyWVk4DO!FuZkHT8U}qHfVI?71gO!v$i+GxAi){VMLcWto)8L?zf|S``_j
zLPv#0(R9N0ih^{Lz?O>3NnWSF(-vx3OeS7mrR|ckp{%cD{v*iGt*zzfq{p<>;lsq1
z8x=K{5JqZliQl71LmDvQnnf3kdd3T22@u-nl~IqOT?(AR@fCm(sI|Xq4Is}(j1{vi
z9z2C-l*wd&llp!vL1#6ARLIRc;To^$T9F>sH&rU8;i(-#-lw=SX!0H3utlx_W#cl8
z+gEUxx~x=9hhXfNvql-n{$PosG#3e;hWptjvpcOecw$DI#_h7s9$CkY<>NU7m;(~#
z7-<Ue?2t-Uq5T^J>EoZVn`GwAOMZmpTiT?azD4SN#K-SyErxmbfSF%rn;;Q!1^ESU
zQ{ETE0jt7SEPzX$<~t>Rn_JZ!l7YfbNcwFP>3CX(#7RoAvi=NDf-D=lM(PjThSSwi
z%1;B+_c;IR)H2FZfPQ=vBS#0trwLXDvFfZygK*!&`F=w`>XfmA#XokAz4Z)!3j})>
zNySNeB`HHQCQEA*UrA(d()4yUGv2$h__fz6Uq({^mtkZk;4JLO&TH6>vcwYv_Bcfi
zz|60yBJTu9jmG9uV9sd^gidE+7oVb2q9QzGOr87XVh^jq85%|=tpg(r{tj5f9)a^+
zIxRdcG!W{xOS$eD0FRdi^Xj)Cy3{Qb?j;#sq|9lM&#Tn_hiK_Z&n0(vWMU@H6r_Zm
zsQVR#Dl&ipm0xX<p)HktB<b4ZOKI7XhQY=h``<zR1k##AlZam~6C&u@aYYg_)S^d%
z()5Pr_Dc(t4`SLUest~r3sPIYv7Wz}>D|@Gg^-pri}QFZf4g<5RjWg$MPl9VCP!F_
zD}{;KipR&QnePqv$s}d;Q^F%FV^lC-Mv4_%vZKx2-HULnj^AL*zl9T9rW0=^5M#Uk
zpga>5la3qIu_}<vz$6uOkp%3Dqb61$_2?`_bAe+0Dm+T^s4>MaC>!D|t6^7`vP<O@
zNzp`WcJX31At84wQ4XxZNhF2|4kuI|--hlrqAxk2?D0=A#~52XAt=LkZvW7So^Aw{
z|FfFb?>xg%dmOi-GIn{#3a;&Ji^pYn5>jOKwa86md%wE)`?M<YntR9a+`5o>+ZNp+
z|CCLsC&goF6tSy7`2rx#=Zrxx_xB|1ReFV1)6;u9fo)Sd_5p*gmX;Hj?lGb(W_w8c
z>eo0Gj~zf*v72FL%XE-M56w*xEm-_MFNgdfF;+C$^v=MW`-J`e+C?NiTM@!B56>8m
z`to7!g4X<Bi*0)<?f*6e+14eir84yYZK0&J+5!{1nd(zA;*%2FbhJ5#JNNbCY>XUh
zo`LRKb><O6L|_xkGfu5nTNGrUZ85<^jW{1(ifFH2_@irD`Ap=O`%(Y@E%ZeHAyHz+
z+fw+uRbqk%7Dw2~K*Ty0XzjIi@cfggq2LP8iE;E$c3N$189~etgIT3=a7!6^90#FU
z8+Ibt-~c8~4P2EQ^`9Zt$;rBd$tlUz@U*JhxOX1w<|dKf!o3yPG@DYzcW?@9ep*fR
z?@M_@3&G*EHe73aJ@mjoZ311UMUN!ElL0+{G2f}_81gkY2(A`*pGIHYkTJ3oT?l7{
zMn?~Y`0rJJth01YRd+Bpt(F##48rUCG!Su5a~-?5Oo>@?mcRW@Eki^<CzgR$n$dc>
z8@KvmSWdbQrEV=p1Vcdi5~1uyQ0`tilI|e)j<hv&gz9f-4hEVAJ#A-n8R2`s;oQUI
zT=dJ`nD(2GdN-4qr5_^mcyxKI1QRy$+gqchrLN9nxj>VeRQC@yYl1}{wyOKE;S}J9
z08}U8PLI#S!Mhb_LKR!2fzo3Co&doUh7P(dYv$C}mL7^HgnwY23Uzu|@Q_S>cM3mi
z#-HDH&E?Bhp4F_fiFv1J1N<CU_X&+h55%;<pnZehbU*BSL;LGD+;>+Jc;2UKvsFq9
z9Rf7)BP@(zTE6spzVC@@lR42C;OB$BQFsr1-3t0O-c~5yjz9l#eske(SMQC&s-=y8
ztK{CO?f;ZW`JRF8kaa|H+_B+f=JkG-_kFw1{j`}_rb{d6==dF@QNNd@EYJ7(z>;%S
zx-sYU+11J)PbyE2CF%7q;k;Un1`13z8`Q4-wB$ePk``(~B5JVsvz1Dg+qxye=ZS=2
zI#xoqfIaWiP#IFXM@Zg#*&dUxCt+76R>;}3fbIPiW^8Cbw-?4+er^a|588{P5)_S{
z%2UB2o?O@Ny&1tDz3qmz9D#{@7(j8H+JV6S__yyk`noM)3ST%oo_9I6cfD4P9s3;L
zT*ro|vi&}MSK`Q2{~nd$+Im4W)#_VUEP9Z;(13}4avRv|l5(K>hk<vkN;M4By8ykW
zK}2TQ50i5sfb9P5ytXz*jjtDD*I3$iC<5);>-qP8GVl9uta+uSkV;ev`Ewhq=`eVh
z1O&Az)D<%z82a8!CVF{NQ6A<=mg)W3bA~g8K!NSp{7JaNztvB}?irGh$UQ0=uWx(d
zD*}nNWjIyE1fHxfK53MI##p`TQ?`8YAxaqG5qMpW3uuXsfw>(1QuCPmy}JMmb@WN8
zqvw+Q#|GtMbjd$Q7SK<j)ibNpfrb-&@1*-;6orbwY^X(gYw%Fh|L<uwBIH^-)<Tzq
zTZWr>&mZyKjeivdi3mygWNgL{oIX4A!6mKXX-wKAB<NuRZ*#hYM>$tHKnxD<?~Qut
z6xz*B&jpg$s(%ew=NC;Hv^p+xL$yAe=eguxCs$WT;GK{XM~XjnS){Ag&d<)2Cg2=^
zj5r~^Kd*-sGGHm2KzJF2;zXysH=l-gYrPxcMz`tvZ~Bk{AW{y+c-=SZv&ZL;@jUg^
zIsex{@D>|+H>3ia$pN@f+sHMKUNj3t+1rmy>DXv7N_3k`GP+~~Yx4K%#aO;CoTJu%
zmCqi{O2t|=DzWsb%SqDaXmUCSRic3&K#@FOy5q?#s!M%OS;$gerQx~n%HxZ~sMzjQ
z4At1~*=}Gipy&UaCt~~kWBZoW^3b@UHXO#>cmHBux?4M2bm?K&C<cZWvFnskc|&wE
zt-7}R?F>k@gIDpn8)ImFJ3|Bl>sCpjmaDa&IdWego-Y6G+zfMczY=RE;Jf&_GksGp
z8WDp<ABn5>F7J4>PeWnoc@Q0ByKj}x;cD?a3}cxK>OU0cTD!>GcrO7QUQXqGt@hqy
z{e3gC)j6OKUnM4WJ#;S6UDBoh=H*M-^(pR^R);7<>%E91+KOY^wGwy~Jt!RHv7-LF
z)9M7hYVKX8%k^4_^r3y(Ty#&oa#~f6@wU&rwm+w5`?a;^(?@*`&Ttq_fSV6R>C9}{
z@qSBrmC<3$x?kV;^eWc7_b+s}Zr^u`3AmhF4m322;V9QV>VHhLfYUmG5r_bQl5>uy
z7xu9-LQ82)1b^=POsr|)>$?XdUg_*TC;pS}hV}Ji`DM7;ezksn)%C1?==A!A!{6+5
z7*D>t14`Ct4@McGqh8DcUAA)W_3drex)T6P=-eXi-&UZS?Rk_wo3e2S+k71k|NV}*
zbJLjnIXU=DfcUkoxj%&(seyv=Fs)hl;b}g_V^fY1%L9Ogclwxx_NilAsac<9E$T<=
z=X9I=OL`7>yY^UYAMI!Bh&LOt-^#_0{8PsywOzTYx^LMr;LvIBwdR^fw|`csjt;72
zn!edAxqm^5M*e<UOG8t`0=<wGE?Y8n{%(PeFJ-=bWm)}Wp`>=}nH04P$#I4kJr(9_
zvnLP%+(;A|cahm?{XYMB(?@=%F1xo<Ui;5x=8TCZI=V8@P5h7fazB^Ru#cFvPz_B7
zUtI}aUpg2nvtDZr&V7{FvIu<6gPQGQu<F=SN(rm+c-*pF<^dd=E{R)*DW0x(8{F*d
zZbOImIM~=aU2kRbzDM>^kA$ED`P+i$lbJMrMSlzZ#EIr!e4_7N{9+2XfNPbs^d+q(
z?J3uB7JS>ovVO$7Ufox$d=M{E%hQU!_8dJWJjU7T8odRT73VETId&YmBDKh0y2}&)
zy2m4{o9@T0nhXK<&fgXT!$-YgC`q0}<kGKK106JxG{F(M<n{UwT?P77%k2@(!gb9W
ztK6liQ*^;Yc~25sKS!qd@|oBFIcewPoYhw8j@-Zaac0_4|ARczdzD^PW&R5{??Kjc
zPF1yC!3%#-Rpp|`^JX!+<%$>){QSd@!p^fX#mtcD=f!n3UCGZI=D-d5D9Zc+Fa)_m
zC>V<7@^b9PHz9Dfl)N)SD1P8ddaN%=^HT;)tsaO)G_@FfdyEzMxEUDcR^A!k*^6Z8
zJ}HQ#@4OMNI|6F3_qbiIzq5R(frv#vL$lkilR7tm*1A8f&svH|hZSH7{R)RDk62_;
zMU&*~{Zu@~cE-lZdh;r6o3rFUQu*6DB`fEgiNbHGwq)X1m6LBCY1u3jhCe%?_PjJt
z5qg%nQnTsy{iaoY@<bo=hR*5ZBR5l!Xa2{!7e|*TgSVBYW(5`$VaX~XhQgB1Re@@_
zY)+=~Usm+CgFU`&jOd><56&<y3ogUT0@q8}A+-R%TW~BAzfzi5`-epI5Oq3*&LH=r
zrPAYFNTkl9@VH}UQ%wySXyArrL3nx`?)SdUn+#wHNo!H44+wWA83h8Cfw~K#bXZUQ
zN;AHFusW&F(!QUSKJ*-=;s5M=@D3?wX%t9`grjf#RXW6hyi>Abcv65NOAtD9cs>uB
z<+O?_AsSiQ=;SP}d#4t<R{4t4UdgT{3b&?af!v~@e<>#cNO$wtzo(s+GljI2w+|(G
zowP%A>Nvf69Q41;BUH~zq5WlBlrN5ZYRVF;8IR=g3l>F7IYpK6%NT4aLw}N5>)XDk
z+|xnv!Ct+j3^0ZM5*ou%Eidd?HWLc^>n3kVM1_>X2UDc{HxT}(n~QA;>?%`&WPmuB
z+^l>GYElF!M=p!re(bx}{g?%dn6ByXU}3}8yTddr_vdT&l60`(3$$ziH&tc-v^fA<
zRTn0cs3|Bb|2c>o^SW!73NHs+=tprKp_2XR?;XDsK+beoyX{y3ZX5!!00?iBr-MnS
znB9|fy*5bS8_{)xsGI^!;zFvM?@QExzVq9C&O&pYuS8**sL4p{bY(;<R_IjST2zMN
z{2rNHnLV6@F&3&>IUie66sSV;mCj$Tghhy78@G4>TSENn(8<7m2g+ui^kg>5DZxWY
zbvCw4bWj|L$zyB%eMMH3Qj@|%<FkTtOUQ7l&QClZy#Z)<bpuattLu8yT6GRY*etA^
z7JDqg)1$&2A?_5Q$^u1R!WE|S=2SKzv&czlikysqxw{ekFIi{cgdDgTcpebS<ZwQz
zQOyx|g+e~O%ZSiOYPtW(aoJE5(oZ;X`=hs4lI}JFYPL<lB(5tZbkp0b{k8FU^3Ub1
z?n<Z4+IDW6cQOw8JSMC@g`K1Yd9_*P8k}}@YcNqHF>aB!uE(E!Z7sN4m7r)TMVsU5
zYt|}zd3%rf*G0AGVcRWpL(g|K^{&fHg3b>-b^Y6EL@vcZe(2OiC>2Igbo2#3Q|m}e
zP}I2UQh0NTPQ=MP#s3B~qZ9xVQaY7B*c(WfW?P4zuK#VYfFhq~3yXg73Aw!x>f*p~
z0UNo#B!Ndrp{b&7I{aVPiJn#BBF@}=Ug)%IJ-GT)CiGigZIA8VB2)Qqj~RqkZ&Q6M
z$kO)Az)kG$o1m2?8nw5_7c`W;ss{xK3#^uSt4c+Xa^aXquzQi+E@x)={^$WA0EJGO
zmbn;JS!fc|l4oi^>?ftq?KU0~n&MEg$6hX48FpvdVRFvfsJ^=(vCHX}<5Mc0!l$*j
z%W$nt8PXk~!3yWV9Y6pg{W-_XmjCM&hMI0>%+Y#0<xaI3sC<t%#%&p{-@XXkK5u-V
zHXQ$4XJbsi-3~Qge-*CXyk1%#Z-2M{MAT`&$>+dpxuT22_c`Ai`S!jY{!6#%Jv2{u
z&FTH#kz%O``Ew$bA=LXIUV^n9l3b?2*w|S6uia2pyTu-2gE`1#byhzMxtaxPd7G{d
z94j}K>VI=0i?5tJR4qRa<{6)DXbK9YTx)q&ff0(9Jp;+~L_=?4j|Wth0$O7Mm4jr_
zicO*UNsK2r-+@3sl+*`<c85K)@dIp)8_zYX0<p!-N)B#Z1}KA=6ZIHhZER@W)76qf
zJZBUw3p!i9H3gAZX*3TGDqe_!3nA=@E#+6=P?z>!cqRkO@b<PdrjNsUO4A|VY5EMU
zzwWw$;f{NcD3AXbd|Ao=_cE;KU;D){-Hql;`4p_(D(kmbi029))AM>Xlrw)@{WS^>
zl9`WpAiAr<O@w+UnA82y6c8_Jzc?Qrj#6?TNZ_qcG1fTEJCSAvlac`1Xp3MxURPSr
z0<#J1mxW?TI*VVK)B3U&cIr0npO>o>5`pO2S1jQ>bpd$+uh{!~ebVc%2yWoWfiTrS
zJk3f@E~SWb8L75^?Z@QBoA@U!xCF_G06YTmnU8dMp|%(NXtjvx9B^mPflw*0Lb;)i
zr@4Z8ayOfB=D~>+vM-0KiZk$Uq=naax%`;!ZGX$djZx_VTO-okWU3b-j2q2`)D*C(
zN1w^sSHy2bhai9G>O*}A0@=6MgZMx8VzM`NHUd??f$(sv<>|SGCrEESp^eZg6WQe!
zTR=dT11b)n$Z>*>L-ODF`*gDOs{FNFD9N<%#%j)WdpnJ!5D@I%HW+ylAMWjr5<hof
zG@U}#5~dJ2=7kqrY42>ST=Yf$@T^?R_+bOl;Eu!+6G#asqJY=~Z5D<kcvzjHg(Mc4
z%{d(&O*hE>4x)fCsgOrWc41Hzan(`t-iz{CjjqW;|JH+rqq%~6@iex~R_DrkC0?)Z
z7IDv4_vjd%Sm@uxxc4rr|EGTF-|jk}@>|kqM<FlWrj%L}z3!IxkN$??^FY?OkJ6gA
z4fyMh(-8OXfyZm%_}-%0cG>^iS`9VTQK%;NuvCNu#ZKFD6IiMw2g)t^ea*LP&|a<9
z?*ru&u<_Zg%W<`c%7DA{KXq$1)0rIKm-fD)MYu?eFjAo)E|PJmBjPS>ZfBzf5n6Y`
zD(P5Fy;=D@<y!f!#pmB7*jo+e4(uDHrzNfFptym^NC`z+)_e~pr#v`_-@|W*`rCCd
zpfLRc0^JvtvDJ$=GqDUkKKH+HDi6I|lMZAoS^CF9-@Qv@^2CY_H}5-F=?rW?mpV9Z
zG&X^{H+1^<Z)6m-&c}F1)8{}o_3iItbn4?2{jaYpdH!uKI(l+PvWVXWMNk<d-jq61
zc|RUd3xg`0bC&fLMF>0|J0QLfHlajnJrOTDwwy1op7s8IcKLoDB<Geiy6CV-)%<8T
zseift@lMYY$zI}-x)%QTVi>NGp(14Caf{?g-(K$rm~Z-6`GE>NliTB#`frxs_ZGgs
z-$3O4xRB@M@98Wq4U=5gWzE;`5nLRc_pRsd-}e~y5PTlp?w8Fg*-qnB87_pJ&l}Fg
zks<iKNvS$cV->2Ei)H+NawAs$Sr5{US65fB_s5x|U;A0k)BYdh>fP&_Vx@N(D<9$1
z5deg^_0DGN72#YgFZ|zZ9Gz-_p1+o_(Vw+{NHsU3bWycgY0SYCyIOydTW9l~3)pcU
zEvq)V_Z3)t#isYv9<^+*=zmXb?i>}3`uLN%I<CAKJfl-kl5m&q<$MPeuju_TyY9Vd
zy^eX`s_{6UHaXTY|H3u@v&N7b5OF;WWnvKn)4soVCbAyfmFbi(3zlmIXuOlvNAXpt
zeSKQDgbOT{ZP>?ko6z?!k{xtR(RpXDUHzF8Lf_^g{n2NyUs?`a%6tEBgAZJ<$YOb6
z<zZEixlx0@o~yIm@p3ytSc0gtRp3oOL@G6x@zX%H11o@p?0KMAgYZaFMYBO)m)GMN
z8jV_Sx97c?{@3rLJ+a9Dq<oa+_*C!kDD{BYS!!r1L9wv@Ez3#QDX_z@_iOdfyq$~2
znUIgWRD1u$2tS=rr!g|`Gi{s_bbuvI#P;Wvd)*|QiM6I)?26X)>P!1Id~WrO8Aiqt
zzc+>8QW715LqTTFdpRt^H`^0zO4?0TcEeUu>-Q=zrrt~Q7knTU0tnf~-cCz@%t&(e
zSXlXe!Z9aD=k8ux7eHTr?}e}0Dh+ibe|>aMY~t&3q=)C-QyOQ;X{WvWxTv$7p;t}C
z(3<g8#ina-zV?9Ema~<A@w@bTMa5t@wRY{cdnPSxANMQ#?+e-20{fvQh;hRck1hA#
zx>byeY==loL#v9ApZsZFqS&U$sv=w(Cq-7YO7_6qQKCFQmKUlRkgneW)G}bVS@pyA
zzn|v0PSLjK(@=qTKm|7;${*N(5=&ex6GX<`6h%N*2u7di*b2~552lk&fIt4&EIjr-
zu7~Z8ym<-U*7lvVg~Fll_PKA%-EPc&kG_!Ow8F)^9<JcF5WO08uy!%$oy~<q@CfAj
z%-8L^u>*HE8LSPxu@RlNm<TLz4+K?SkE-*w+fAOK!{9^c-a?j-XcVd&&j49}-k0b~
ztm)o=^!=Xb`Fgtk{#@y}`u?2dxL$kp?SAT=SO0U?44h~7xn<(e%L_FlD=BmOEaL;a
zMOKQXVDzF2Kw|3CQm#TKtI!ta&&>7_^-c1rej};X=Kq4ps_I;zQ<M{0%DbCGtjhU)
zDW2ZTrF{ulifcwB7;1Rx{Zm~{q4+59wJ%Vk(}v8AzTm#)d5j{@3(9<Qdg}knde*0t
z-}GqKmCj7V1#%Qk(6z`-91W58#_xcibJn;1afsn=j?1SVW?1g^h{M4aKB44!tL_7b
zA(S^x4R|#GGnoi3mW}@ROM@?g&o8T}k@p2FJQ%+#8h;^wU!|-e?Pb7S+rGek2FVqb
zCwa5mFgu-t8Kyn?_1E9N+S)_)p7Dj?YDACfxj~w<o`qg7f~hE_ZvN`OI#HSXn}6&p
zGbX8HbZ#01JoeivQ|M0bc}GUhaAlL{&Vw8tRf4+ST#x1{BpXM5_P67(#TDU!-}zpE
zdgNe$gQ6DoONf^@KRwL=41qJVuLc-71VcY`LaK`R$4+jkJV`Az@F~E-!yl?_E-kt4
zM{`iC{s3;5B<9&xbnfe8eJ(zM2}&TWy#nY&K-&E)L7y}TKZ%KC=Ru>XWsU;D>F)o-
z6EEX^^0-~BwmFwd8LZUkK5tZiXVN@|;=2y#Y_Rm!AOIbOe@9Bsw6HuAAq=f;VfRm{
z(~C7Iz)F8>0|*iAROHLReh3c7ue!SBA=3$-S;(q(=`Hgwhb>KsyOpJrU-VE~_bI}P
z^hHc?n{O6KE#u+p_RH2ntVr<7Fe0TnE~}w>?ne=1urPLej-^AZt{Gx|&1{};RLjfE
zahLzr6$FR%$~!b@y@u$6<bK}x5csJ3dXh%F&;75{1R7;M&B(Uv%=sU)-4?9sNVxL%
zjiOKP4nxJW*wPDYjphJw2tBMU=YC$8_W;S&f}pDZA;1MrixL;VqCnXStR8|lw;=CG
zUqp;l2!3BMP5n`Dcsnh%eudE>R4k{a=0OuPrzXAG2}G=5{^4Mo&05cni(lPy`|RuA
z%!Ua58i9SN3`%0IV5jE28`RTfa>x*&hx}%E_CQv8eQ4|Q9=W-6!Y6?H*4J)Ev-@wV
zb53^1-?j|Z3wuaUNB%QmKh>(x81|Uf;z__^jf}x(B)8kcjZ-dSIG53hJ3cMAA{X2D
z>-68(C&&5Rp*Lt(?RPS?i$;UQJnr!YMz+U(=*#vR9c@VnFyvq_F*q;e|67f9=YP|s
z#Ab4z!DetyRfhfM-}nfWXz>C{hkTkVvN?Rc9&ZB`a>(cVyaj9AvHgL#?<Wd@*YI#$
zI33T!<hR;#Ma39i?q)nCM<50KW1{CHGW<dS#u(A7I-WAD-^<~8wc+cizn3X1Xi<(V
z7Hn2NtIN=nVfz;0%qd{#b^}9Lz#)nwQQyu=@Au5APv*IX;qU6X{$4eEZ}SU}KkE*G
z1vp7rw^QalJEJRIA3x3U`FbcMX?B)4%SQeTPuhCrpk{-~U*UJ(R4~LYj&{FKEc9Mn
z&2xNT1;Qd~=PANQQW^YTuDgOKwEIp_wRKIQ`NSKN6P44i+T15=#!V=66xB{uz{zem
z-#x8kIg!z)1>y>*5S2`$KAp}oGDt_u9K~kj@U;Eqb+J|L$R{Ih$p;8+*RFm&bP*zZ
z9mLUZ8UDAmz(M0Q9}v0|6izeY$lSQ`M$Vj)gRcF9@FLddw5H?FCz1>9nSljmYt-d|
zjqKe4+MWU-XjO&4%d$X&iY=4u|CK2IXw~c6*cvkVw017wwRK;={=p{lh>5ibqL~EG
zqSoK=a7e@`ylHcQjTAw9qGExCjWnlw!Sl)(w!|jW;lY5ZxxS^)&WMOsYBsfu6d?d+
z5NK(0nk8SYAt-hQJPwK5H5_;+Jv-5+-htqzC1hGtZQOZa1a4?}dl8J|fuFKqM|ggr
zhC8%&E}c}=*1|psEci(NPa;&qjCAHDGg+Z<<PlgHTL4jD115=I>DRbr_JA;YD&@o?
zJ_vD;-x3>p3L)8KbnCq~s<kV!2kFAqYAhMSLw%uN8D0zu!!30$wZI}9x-BZq&$`E(
z8wX4|kG9(d@Wp`kj4ARnHged=QY@)?+Z;8z4h*~074%Tr3x-x&@*k19j3+FDtAwXY
z<%>&8rhDk<kOZ%(i&*3+%|hm+-+-pzq5L2JTg1}ybB9MXcbU8-UDz_@`nMMsU}_Ef
mUyBsMd;0zVA8}&tzd?^G*Pqi_2z)?*4Im~bS|e-_@c#h9|K)f9

diff --git a/windows/configuration/supported-csp-start-menu-layout-windows.md b/windows/configuration/supported-csp-start-menu-layout-windows.md
index 6fad4fcfa8..c6941e178b 100644
--- a/windows/configuration/supported-csp-start-menu-layout-windows.md
+++ b/windows/configuration/supported-csp-start-menu-layout-windows.md
@@ -1,8 +1,7 @@
 ---
-title: Supported CSP policies to customize start menu layout on Windows 11 | Microsoft Docs
-description: See a list of the Policy CSP - Start items that are supported on Windows 11 to customize the Start menu layout.
+title: Supported CSP policies to customize Start menu on Windows 11 | Microsoft Docs
+description: See a list of the Policy CSP - Start items that are supported on Windows 11 to customize the Start menu.
 ms.assetid: 
-ms.reviewer: 
 manager: dougeby
 ms.author: mandia
 ms.reviewer: ericpapa
@@ -11,11 +10,11 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mobile
 author: MandiOhlinger
-ms.date: 09/07/2021
+ms.date: 09/08/2021
 ms.localizationpriority: medium
 ---
 
-# Supported configuration service provider (CSP) policies for Windows 11 Start menu layout
+# Supported configuration service provider (CSP) policies for Windows 11 Start menu
 
 **Applies to**:
 
@@ -23,11 +22,11 @@ ms.localizationpriority: medium
 
 The Windows OS exposes CSPs that are used by MDM providers, like [Microsoft Endpoint Manager](/mem/endpoint-manager-overview). In an MDM policy, these CSPs are settings that you configure in a policy. When the policy is ready, you deploy the policy to your devices.
 
-This article lists the CSPs that are available to customize the Start menu layout for Windows 11 and later devices. Windows 11 uses the [Policy CSP - Start](../client-management/mdm/policy-csp-start.md).
+This article lists the CSPs that are available to customize the Start menu for Windows 11 devices. Windows 11 uses the [Policy CSP - Start](../client-management/mdm/policy-csp-start.md).
 
 For more general information, see [Configuration service provider reference](../client-management/mdm/configuration-service-provider-reference.md).
 
-## Existing Windows CSP policies that support Windows 11
+## Existing Windows CSP policies that Windows 11 supports
 
 - [Start/AllowPinnedFolderDocuments](../client-management/mdm/policy-csp-start.md#start-allowpinnedfolderdocuments)
 - [Start/AllowPinnedFolderDownloads](../client-management/mdm/policy-csp-start.md#start-allowpinnedfolderfileexplorer)
@@ -39,7 +38,7 @@ For more general information, see [Configuration service provider reference](../
 - [Start/AllowPinnedFolderPictures](../client-management/mdm/policy-csp-start.md#start-allowpinnedfolderpictures)
 - [Start/AllowPinnedFolderSettings](../client-management/mdm/policy-csp-start.md#start-allowpinnedfoldersettings)
 - [Start/AllowPinnedFolderVideos](../client-management/mdm/policy-csp-start.md#start-allowpinnedfoldervideos)
-- [Start/DisableContextMenus](../client-management/mdm/policy-csp-start.md#start-disablecontextmenus): Doesn't work for Pinned app lists or Recommended app lists. Works for all other apps list.
+- [Start/DisableContextMenus](../client-management/mdm/policy-csp-start.md#start-disablecontextmenus)
 - [Start/HideChangeAccountSettings](../client-management/mdm/policy-csp-start.md#start-hidechangeaccountsettings)
 - [Start/HideHibernate](../client-management/mdm/policy-csp-start.md#start-hidehibernate)
 - [Start/HideLock](../client-management/mdm/policy-csp-start.md#start-hidelock)
@@ -50,10 +49,7 @@ For more general information, see [Configuration service provider reference](../
 - [Start/HideSleep](../client-management/mdm/policy-csp-start.md#start-hidesleep)
 - [Start/HideSwitchAccount](../client-management/mdm/policy-csp-start.md#start-hideswitchaccount)
 - [Start/HideUserTile](../client-management/mdm/policy-csp-start.md#start-hideusertile)
-- [Start/HideRecentJumplists](../client-management/mdm/policy-csp-start.md#start-hiderecentjumplists): Also hides files from the Recommended section.
-
-  Note: Recent JLs never appear in Pinned (because the feature isn’t supported yet)
-
+- [Start/HideRecentJumplists](../client-management/mdm/policy-csp-start.md#start-hiderecentjumplists)
 - [Start/NoPinningToTaskbar](../client-management/mdm/policy-csp-start.md#start-nopinningtotaskbar)
 - Start/ShowOrHideMostUsedApps --> Need CSP link
 
@@ -61,7 +57,7 @@ For more general information, see [Configuration service provider reference](../
 
 - [Start/HideFrequentlyUsedApps](../client-management/mdm/policy-csp-start.md#start-hidefrequentlyusedapps): What does this configure on Windows 10? How is it different than ShowOrHideMostUsedApps? 
 
-## Existing CSP policies that don't support Windows 11
+## Existing CSP policies that Windows 11 doesn't support
 
 - [Start/StartLayout](../client-management/mdm/policy-csp-start.md#start-startlayout)
 - [Start/HideRecentlyAddedApps](../client-management/mdm/policy-csp-start.md#start-hiderecentlyaddedapps)
diff --git a/windows/configuration/use-json-customize-start-menu-windows.md b/windows/configuration/use-json-customize-start-menu-windows.md
index c9eae45f65..fa2da8f58a 100644
--- a/windows/configuration/use-json-customize-start-menu-windows.md
+++ b/windows/configuration/use-json-customize-start-menu-windows.md
@@ -1,8 +1,7 @@
 ---
-title: Use JSON to customize start menu layout on Windows 11 | Microsoft Docs
+title: Use JSON to customize Start menu layout on Windows 11 | Microsoft Docs
 description: Export start layout to LayoutModification.json that includes pinned apps. Add or remove apps, and use the JSON syntax in an MDM policy to deploy a custom Start menu layout to Windows 11 devices.
 ms.assetid: 
-ms.reviewer: 
 manager: dougeby
 ms.author: mandia
 ms.reviewer: ericpapa
@@ -11,7 +10,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mobile
 author: MandiOhlinger
-ms.date: 09/07/2021
+ms.date: 09/08/2021
 ms.localizationpriority: medium
 ---
 
@@ -21,13 +20,11 @@ ms.localizationpriority: medium
 
 - Windows 11
 
-> **Looking for consumer information?** [See what's on the Start menu](https://support.microsoft.com/help/17195/windows-10-see-whats-on-the-menu)
->
 > **Looking for OEM information?** See [Customize the Taskbar](/windows-hardware/customize/desktop/customize-the-windows-11-taskbar) and [Customize the Start layout](/windows-hardware/customize/desktop/customize-the-windows-11-start-menu).
 
-Your organization can deploy a customized Start layout to your Windows 11 devices. Customizing the Start layout is common when you have similar devices used by many users, and on devices that are locked down.
+Your organization can deploy a customized Start layout to your Windows 11 devices. Customizing the Start layout is common when you have similar devices used by many users.
 
-For example, you can create a pinned list that includes a common set of apps. As an administrator, you can use this feature to pin Win32 apps, remove default pinned apps, order the app list, and more. 
+For example, you can override the default set of apps with your own a set of pinned apps, and in the order you choose. As an administrator, use this feature to pin Win32 apps, remove default pinned apps, order the apps, and more.
 
 This article shows you how to export an existing Start menu layout, and use the syntax in a Microsoft Intune MDM policy.
 
@@ -47,34 +44,34 @@ This article shows you how to export an existing Start menu layout, and use the
 
 ## Start menu features and sections
 
-Starting with Windows 11, the Start menu is updated. The apps are shown as a flat list, and users can scroll through multiple pages. There aren't any groups, folders, rows, or columns. It's a more simplified layout:
+In Windows 11, the Start menu is redesigned with a simplified set of apps that are arranged in a grid of pages. There aren't folders, groups, or different sized app icons:
 
 :::image type="content" source="./images/use-json-customize-start-menu-windows/start-menu-layout.png" alt-text="Sample start menu layout on Windows 11 devices that shows pinned apps, access to all apps, and shows recommended files.":::
 
-The layout has the following areas:
+Start has the following areas:
 
-- **Pinned**: This area shows some of the apps that are installed on the device. You can customize this section using the **ConfigureStartPins** policy, and create a pinned list of apps you want on the devices. You can also remove apps that are pinned by default.
+- **Pinned**: This area shows pinned apps, or a subset of all of the apps installed on the device. You can create a list of pinned apps you want on the devices using the **ConfigureStartPins** policy. **ConfigureStartPins** overrides the entire layout, which also remove apps that are pinned by default.
 
   This article shows you how to use the **ConfigureStartPins** policy.
 
-- **All apps**: Users can select this option to see a list of all the apps on the device. This section can't be customized.
-- **Recommended**: This area shows recent files that have been opened. You can't hide this section, but you can prevent files from showing. The [Start/HideRecentJumplists CSP](../client-management/mdm/policy-csp-start.md#start-hiderecentjumplists) controls this setting, and can be set using an MDM provider, like Microsoft Intune.
+- **All apps**: Users can select this option to see an alphabetical list of all the apps on the device. This section can't be customized.
+- **Recommended**: This area shows recently opened files and recently installed apps. You can't hide this section, but you can prevent files from showing. The [Start/HideRecentJumplists CSP](../client-management/mdm/policy-csp-start.md#start-hiderecentjumplists) controls this setting, and can be set using an MDM provider, like Microsoft Intune.
 
   For more information on the Start menu settings you can configure in a Microsoft Intune policy, see [Windows 10 (and later) device settings to allow or restrict features using Intune](/mem/intune/configuration/device-restrictions-windows-10#start).
 
 ### What you need to know
 
-- When you customize the Start layout, you overwrite the entire full layout. Users can't pin, unpin, or uninstall apps from Start. Users can see and open all apps in the **All Apps** view, but they can't pin any apps to Start. A partial Start layout isn't available.
-- On Windows 11 and later devices, you must create a new JSON file. You can't use a file from a previous OS, such as Windows 10.
+- When you customize the Start layout, you overwrite the entire full layout. A partial Start layout isn't available. Users can pin and unpin apps, and uninstall apps from Start. You can't prevent users from customizing the layout.
+- On Windows 11 and later devices, you must create a JSON file. You can't use an XML file from a previous OS, such as Windows 10.
 
 ## Create the JSON file
 
-On an existing Windows 11 device, use the [Windows PowerShell Export-StartLayout](/powershell/module/startlayout/export-startlayout) cmdlet to export the existing layout to a `LayoutModification.json` file. You can also pin and unpin apps to get the layout you want, and then export the layout.
+On an existing Windows 11 device, set up your own Start layout with the pinned apps you want users to see. Then, use the [Windows PowerShell Export-StartLayout](/powershell/module/startlayout/export-startlayout) cmdlet to export the existing layout to a `LayoutModification.json` file.
 
 The JSON file controls the Start menu layout, and lists all the apps that are pinned. You can update the JSON file to:
 
 - Change the order of existing apps. The apps in the JSON file are shown on Start in the same order.
-- Add more apps by entering the app ID.
+- Add more apps by entering the app ID. For more information, see [Get the pinnedList JSON syntax](#get-the-pinnedlist-json-syntax) (in this article).
 
 If you're familiar with creating JSON files, you can create your own `LayoutModification.json` file. But, it's easier and faster to export the layout from an existing device.
 
@@ -93,7 +90,7 @@ If you're familiar with creating JSON files, you can create your own `LayoutModi
 ### Get the pinnedList JSON syntax
 
 1. Open the `LayoutModification.json` file in a JSON editor, such as Visual Studio Code or the Notepad app. For more information, see [edit JSON with Visual Studio Code](https://code.visualstudio.com/docs/languages/json).
-2. In the file, you see the `pinnedList` section. This section includes all the apps that are pinned. Copy the syntax. You'll use it in the next section.
+2. In the file, you see the `pinnedList` section. This section includes all the apps that are pinned. Copy the `pinnedList` content in the JSON file. You'll use it in the next section.
 
     In the following example, you see that Microsoft Edge, Microsoft Word, the Microsoft Store app, and Notepad are pinned:
 
@@ -108,7 +105,7 @@ If you're familiar with creating JSON files, you can create your own `LayoutModi
     } 
     ```
 
-3. Starting with Windows 11, the **ConfigureStartPins** policy is available. This policy is used by the LayoutModification.json file to add files to the Pinned section. In your JSON syntax, you can add more apps to this section using the following keys:
+3. Starting with Windows 11, the **ConfigureStartPins** policy is available. This policy uses the LayoutModification.json file to add apps to the Pinned section. In your JSON file, you can add more apps to this section using the following keys:
 
     ---
     | Key | Description |
@@ -119,7 +116,7 @@ If you're familiar with creating JSON files, you can create your own `LayoutModi
 
 ## Use MDM to create and deploy a pinned list policy
 
-Now that you have the JSON syntax, you're ready to deploy your customized start layout to devices in your organization.
+Now that you have the JSON syntax, you're ready to deploy your customized Start layout to devices in your organization.
 
 MDM providers can deploy policies to devices managed by the organization, including organization-owned devices, and personal or bring your own device (BYOD).  Using an MDM provider, such as Microsoft Intune, you can deploy a policy that configures the pinned list.
 
@@ -139,13 +136,13 @@ To deploy this policy in Microsoft Intune, the devices must be enrolled in Micro
 4. Select **Create**.
 5. In **Basics**, enter the following properties:
 
-    - **Name**: Enter a descriptive name for the profile. Name your profiles so you can easily identify them later. For example, a good profile name is **Win11: Custom start layout**.
+    - **Name**: Enter a descriptive name for the profile. Name your profiles so you can easily identify them later. For example, a good profile name is **Win11: Custom Start layout**.
     - **Description**: Enter a description for the profile. This setting is optional, and recommended.
 
 6. Select **Next**.
 7. In **Configuration settings** > **OMA-URI**, select **Add**. Add the following properties:
 
-    - **Name**: Enter something like **Configure start pins**.
+    - **Name**: Enter something like **Configure Start pins**.
     - **Description**: Enter a description for the row. This setting is optional, and recommended.
     - **OMA-URI**: Enter `./Vendor/MSFT/Policy/Config/Start/ConfigureStartPins`.
     - **Data type**: Select **String**.
@@ -169,11 +166,11 @@ To deploy this policy in Microsoft Intune, the devices must be enrolled in Micro
 8. Select **Save** > **Next** to save your changes.
 9. Configure the rest of the policy settings. For more specific information, see [Create a profile with custom settings in Intune](/mem/intune/configuration/custom-settings-configure).
 
-The Windows OS has many CSPs that apply to the Start menu layout. Using an MDM provider, like Intune, you can use these CSPs to customize the layout even more. For a list, see [Supported CSP policies for Windows 11 Start menu layout](supported-csp-start-menu-layout-windows.md).
+The Windows OS has many CSPs that apply to the Start menu. Using an MDM provider, like Intune, you can use these CSPs to customize Start even more. For a list, see [Supported CSP policies for Windows 11 Start menu](supported-csp-start-menu-layout-windows.md).
 
 ### Deploy the policy using Microsoft Intune
 
-When the policy is created, you can deploy it now, or deploy it later. Since this policy is a customized Start layout, the policy can be deployed before users sign in the first time. If you use [Windows Autopilot](/mem/autopilot/windows-autopilot) (opens another Microsoft web site), add the pinned list policy to your Windows Autopilot policy.
+When the policy is created, you can deploy it now, or deploy it later. Since this policy is a customized Start layout, the policy can be deployed before users sign in the first time.
 
 For more information on assigning policies using Microsoft Intune, see [Assign user and device profiles in Microsoft Intune](/mem/intune/configuration/device-profile-assign).
 

From 3c93913c6cf390e1b769061fdaa3c72711d3dfb1 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 10:34:56 -0700
Subject: [PATCH 207/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index d70e3a6e9f..4508d05be3 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -23,7 +23,7 @@ Use the links in the following table to learn more about the operating system se
 |:---|:---|
 | System security | [Trusted Boot](os-security/trusted-boot.md) (includes Secure Boot and Measured Boot) <br/><br/>[Cryptography and certificate management](os-security/cryptography-certificate-mgmt.md) <br/><br/>[Windows Security app](os-security/windows-security-app.md) |
 | Encryption and data protection | [Encryption](os-security/encryption-data-protection.md)<br/><br/>[BitLocker](information-protection/bitlocker/bitlocker-overview.md) |
-| Network security | Virtual Private Networks (VPNs)<br/>Windows Defender Firewall<br/>Bluetooth<br/>DSN security<br/>Windows Wi-Fi<br/>Transport Layer Security (TLS) |
+| Network security | Virtual Private Networks (VPNs)<br/><br/>Windows Defender Firewall<br/><br/>Bluetooth<br/><br/>DSN security<br/><br/>Windows Wi-Fi<br/><br/>Transport Layer Security (TLS) |
 | Protection from viruses and threats | Microsoft Defender Antivirus<br/>Attack surface reduction<br/>Tamper protection<br/>Network protection<br/>Controlled folder access<br/>Exploit protection<br/>Additional protection with Microsoft Defender for Endpoint |
 
 

From 8c007085172d52a1ba8a9e066768a6d7023a4ba6 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 10:40:36 -0700
Subject: [PATCH 208/671] Update operating-system.md

---
 windows/security/operating-system.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 4508d05be3..8e129805a2 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -22,8 +22,8 @@ Use the links in the following table to learn more about the operating system se
 | Security Measures | Features & Capabilities |
 |:---|:---|
 | System security | [Trusted Boot](os-security/trusted-boot.md) (includes Secure Boot and Measured Boot) <br/><br/>[Cryptography and certificate management](os-security/cryptography-certificate-mgmt.md) <br/><br/>[Windows Security app](os-security/windows-security-app.md) |
-| Encryption and data protection | [Encryption](os-security/encryption-data-protection.md)<br/><br/>[BitLocker](information-protection/bitlocker/bitlocker-overview.md) |
+| Encryption and data protection | [Encryption and data protection in Windows 11](os-security/encryption-data-protection.md)<br/><br/>[Encryption](os-security/encryption-data-protection.md)<br/><br/>[BitLocker](information-protection/bitlocker/bitlocker-overview.md) |
 | Network security | Virtual Private Networks (VPNs)<br/><br/>Windows Defender Firewall<br/><br/>Bluetooth<br/><br/>DSN security<br/><br/>Windows Wi-Fi<br/><br/>Transport Layer Security (TLS) |
-| Protection from viruses and threats | Microsoft Defender Antivirus<br/>Attack surface reduction<br/>Tamper protection<br/>Network protection<br/>Controlled folder access<br/>Exploit protection<br/>Additional protection with Microsoft Defender for Endpoint |
+| Protection from viruses and threats | Microsoft Defender Antivirus<br/><br/>Attack surface reduction<br/><br/>Tamper protection<br/><br/>Network protection<br/><br/>Controlled folder access<br/><br/>Exploit protection<br/><br/>Additional protection with Microsoft Defender for Endpoint |
 
 

From ea1c1c8a622485f1d266fa843ebf1da7ad25178d Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 10:48:25 -0700
Subject: [PATCH 209/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 8e129805a2..28b535a905 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -24,6 +24,6 @@ Use the links in the following table to learn more about the operating system se
 | System security | [Trusted Boot](os-security/trusted-boot.md) (includes Secure Boot and Measured Boot) <br/><br/>[Cryptography and certificate management](os-security/cryptography-certificate-mgmt.md) <br/><br/>[Windows Security app](os-security/windows-security-app.md) |
 | Encryption and data protection | [Encryption and data protection in Windows 11](os-security/encryption-data-protection.md)<br/><br/>[Encryption](os-security/encryption-data-protection.md)<br/><br/>[BitLocker](information-protection/bitlocker/bitlocker-overview.md) |
 | Network security | Virtual Private Networks (VPNs)<br/><br/>Windows Defender Firewall<br/><br/>Bluetooth<br/><br/>DSN security<br/><br/>Windows Wi-Fi<br/><br/>Transport Layer Security (TLS) |
-| Protection from viruses and threats | Microsoft Defender Antivirus<br/><br/>Attack surface reduction<br/><br/>Tamper protection<br/><br/>Network protection<br/><br/>Controlled folder access<br/><br/>Exploit protection<br/><br/>Additional protection with Microsoft Defender for Endpoint |
+| Protection from viruses and threats | [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows?view=o365-worldwide)<br/><br/>[Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction?view=o365-worldwide)<br/><br/>[Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-worldwide)<br/><br/>[Network protection](/microsoft-365/security/defender-endpoint/network-protection?view=o365-worldwide)<br/><br/>Controlled folder access<br/><br/>[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection?view=o365-worldwide)<br/><br/>Integration with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/?view=o365-worldwide) for additional threat protection |
 
 

From 0c26c82991db73d4f55b56ca783c9702867f53de Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 10:48:58 -0700
Subject: [PATCH 210/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 28b535a905..c6f0d3d41b 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -24,6 +24,6 @@ Use the links in the following table to learn more about the operating system se
 | System security | [Trusted Boot](os-security/trusted-boot.md) (includes Secure Boot and Measured Boot) <br/><br/>[Cryptography and certificate management](os-security/cryptography-certificate-mgmt.md) <br/><br/>[Windows Security app](os-security/windows-security-app.md) |
 | Encryption and data protection | [Encryption and data protection in Windows 11](os-security/encryption-data-protection.md)<br/><br/>[Encryption](os-security/encryption-data-protection.md)<br/><br/>[BitLocker](information-protection/bitlocker/bitlocker-overview.md) |
 | Network security | Virtual Private Networks (VPNs)<br/><br/>Windows Defender Firewall<br/><br/>Bluetooth<br/><br/>DSN security<br/><br/>Windows Wi-Fi<br/><br/>Transport Layer Security (TLS) |
-| Protection from viruses and threats | [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows?view=o365-worldwide)<br/><br/>[Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction?view=o365-worldwide)<br/><br/>[Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-worldwide)<br/><br/>[Network protection](/microsoft-365/security/defender-endpoint/network-protection?view=o365-worldwide)<br/><br/>Controlled folder access<br/><br/>[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection?view=o365-worldwide)<br/><br/>Integration with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/?view=o365-worldwide) for additional threat protection |
+| Protection from viruses and threats | [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)<br/><br/>[Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction)<br/><br/>[Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)<br/><br/>[Network protection](/microsoft-365/security/defender-endpoint/network-protection)<br/><br/>Controlled folder access<br/><br/>[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)<br/><br/>Integration with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint) for additional threat protection |
 
 

From d6d5837699b6fcbeacda7f7378c568060a7d0293 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 10:52:32 -0700
Subject: [PATCH 211/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index c6f0d3d41b..7db88749a3 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -23,7 +23,7 @@ Use the links in the following table to learn more about the operating system se
 |:---|:---|
 | System security | [Trusted Boot](os-security/trusted-boot.md) (includes Secure Boot and Measured Boot) <br/><br/>[Cryptography and certificate management](os-security/cryptography-certificate-mgmt.md) <br/><br/>[Windows Security app](os-security/windows-security-app.md) |
 | Encryption and data protection | [Encryption and data protection in Windows 11](os-security/encryption-data-protection.md)<br/><br/>[Encryption](os-security/encryption-data-protection.md)<br/><br/>[BitLocker](information-protection/bitlocker/bitlocker-overview.md) |
-| Network security | Virtual Private Networks (VPNs)<br/><br/>Windows Defender Firewall<br/><br/>Bluetooth<br/><br/>DSN security<br/><br/>Windows Wi-Fi<br/><br/>Transport Layer Security (TLS) |
+| Network security | [Virtual Private Networks](identity-protection/vpn/vpn-guide.md) (VPNs)<br/><br/>[Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md)<br/><br/>Bluetooth<br/><br/>DSN security<br/><br/>Windows Wi-Fi<br/><br/>Transport Layer Security (TLS) |
 | Protection from viruses and threats | [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)<br/><br/>[Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction)<br/><br/>[Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)<br/><br/>[Network protection](/microsoft-365/security/defender-endpoint/network-protection)<br/><br/>Controlled folder access<br/><br/>[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)<br/><br/>Integration with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint) for additional threat protection |
 
 

From b03e7ddaddd87b9a2a2e190baace89ab3988fddf Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 10:58:37 -0700
Subject: [PATCH 212/671] moved a few articles

---
 .../security/{os-security => }/cryptography-certificate-mgmt.md   | 0
 windows/security/{os-security => }/encryption-data-protection.md  | 0
 windows/security/{os-security => }/trusted-boot.md                | 0
 windows/security/{os-security => }/windows-security-app.md        | 0
 4 files changed, 0 insertions(+), 0 deletions(-)
 rename windows/security/{os-security => }/cryptography-certificate-mgmt.md (100%)
 rename windows/security/{os-security => }/encryption-data-protection.md (100%)
 rename windows/security/{os-security => }/trusted-boot.md (100%)
 rename windows/security/{os-security => }/windows-security-app.md (100%)

diff --git a/windows/security/os-security/cryptography-certificate-mgmt.md b/windows/security/cryptography-certificate-mgmt.md
similarity index 100%
rename from windows/security/os-security/cryptography-certificate-mgmt.md
rename to windows/security/cryptography-certificate-mgmt.md
diff --git a/windows/security/os-security/encryption-data-protection.md b/windows/security/encryption-data-protection.md
similarity index 100%
rename from windows/security/os-security/encryption-data-protection.md
rename to windows/security/encryption-data-protection.md
diff --git a/windows/security/os-security/trusted-boot.md b/windows/security/trusted-boot.md
similarity index 100%
rename from windows/security/os-security/trusted-boot.md
rename to windows/security/trusted-boot.md
diff --git a/windows/security/os-security/windows-security-app.md b/windows/security/windows-security-app.md
similarity index 100%
rename from windows/security/os-security/windows-security-app.md
rename to windows/security/windows-security-app.md

From e74a3a6714c853db6539c9b62e13efe43a69646f Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:00:36 -0700
Subject: [PATCH 213/671] fixed links

---
 windows/security/TOC.yml             | 8 ++++----
 windows/security/index.yml           | 4 ++--
 windows/security/operating-system.md | 6 +++---
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index bb79e0aa9b..4d66d47a1e 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -38,13 +38,13 @@
    - name: System security   
      items:
      - name: Trusted Boot
-       href: os-security/trusted-boot.md
+       href: trusted-boot.md
      - name: Cryptography and certificate management
-       href: os-security/cryptography-certificate-mgmt.md
+       href: cryptography-certificate-mgmt.md
      - name: Windows Security app in Windows 11
-       href: os-security/windows-security-app.md
+       href: windows-security-app.md
    - name: Encryption and data protection 
-     href: os-security/encryption-data-protection.md
+     href: encryption-data-protection.md
      items:
      
      - name: Encrypted Hard Drive
diff --git a/windows/security/index.yml b/windows/security/index.yml
index 6e0ba8210f..6f614b438e 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -42,9 +42,9 @@ landingContent:
       - linkListType: concept
         links:
         - text: System security
-          url: os-security/trusted-boot.md
+          url: trusted-boot.md
         - text: Encryption and data protection
-          url: os-security/encryption-data-protection.md
+          url: encryption-data-protection.md
         - text: Network security
           url: /windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
         - text: Network security
diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 7db88749a3..7b815fda53 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -21,9 +21,9 @@ Use the links in the following table to learn more about the operating system se
 
 | Security Measures | Features & Capabilities |
 |:---|:---|
-| System security | [Trusted Boot](os-security/trusted-boot.md) (includes Secure Boot and Measured Boot) <br/><br/>[Cryptography and certificate management](os-security/cryptography-certificate-mgmt.md) <br/><br/>[Windows Security app](os-security/windows-security-app.md) |
-| Encryption and data protection | [Encryption and data protection in Windows 11](os-security/encryption-data-protection.md)<br/><br/>[Encryption](os-security/encryption-data-protection.md)<br/><br/>[BitLocker](information-protection/bitlocker/bitlocker-overview.md) |
-| Network security | [Virtual Private Networks](identity-protection/vpn/vpn-guide.md) (VPNs)<br/><br/>[Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md)<br/><br/>Bluetooth<br/><br/>DSN security<br/><br/>Windows Wi-Fi<br/><br/>Transport Layer Security (TLS) |
+| System security | [Trusted Boot](trusted-boot.md) (includes Secure Boot and Measured Boot) <br/><br/>[Cryptography and certificate management](cryptography-certificate-mgmt.md) <br/><br/>[Windows Security app](windows-security-app.md) |
+| Encryption and data protection | [Encryption and data protection in Windows 11](encryption-data-protection.md)<br/><br/>[Encryption](encryption-data-protection.md)<br/><br/>[BitLocker](information-protection/bitlocker/bitlocker-overview.md) |
+| Network security | [Virtual Private Networks](identity-protection/vpn/vpn-guide.md) (VPNs)<br/><br/>[Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md)<br/><br/>Bluetooth<br/><br/>Domain Name System (DNS) security<br/><br/>Windows Wi-Fi<br/><br/>Transport Layer Security (TLS) |
 | Protection from viruses and threats | [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)<br/><br/>[Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction)<br/><br/>[Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)<br/><br/>[Network protection](/microsoft-365/security/defender-endpoint/network-protection)<br/><br/>Controlled folder access<br/><br/>[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)<br/><br/>Integration with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint) for additional threat protection |
 
 

From 958d49a159316362fcd050f164d0bb2ea7cf87e7 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:02:23 -0700
Subject: [PATCH 214/671] Update trusted-boot.md

---
 windows/security/trusted-boot.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/trusted-boot.md b/windows/security/trusted-boot.md
index 7728813615..ca4a7577b1 100644
--- a/windows/security/trusted-boot.md
+++ b/windows/security/trusted-boot.md
@@ -7,7 +7,7 @@ ms.author: deniseb
 manager: dansimp 
 audience: ITPro
 ms.topic: conceptual
-ms.date: 09/07/2021
+ms.date: 09/08/2021
 ms.prod: w11
 ms.localizationpriority: medium
 ms.collection: 
@@ -20,7 +20,7 @@ f1.keywords: NOCSH
 
 *This article describes Secure Boot and Trusted Boot, security measures built into Windows 11.*
 
-Secure Boot and Trusted Boot help prevent malware and corrupted components from loading when a Windows 11 device is starting. Secure Boot starts with initial boot-up protection, and then Trusted Boot picks up where Secure Boot leaves off. Together, Secure Boot and Trusted Boot help to ensure your Windows 11 system boots up safely and securely.
+Secure Boot and Trusted Boot help prevent malware and corrupted components from loading when a Windows 11 device is starting. Secure Boot starts with initial boot-up protection, and then Trusted Boot picks up the process. Together, Secure Boot and Trusted Boot help to ensure your Windows 11 system boots up safely and securely.
 
 ## Secure Boot
 
@@ -30,7 +30,7 @@ As the PC begins the boot process, it will first verify that the firmware is dig
 
 ## Trusted Boot
 
-Trusted Boot takes over where Secure Boot leaves off. The Windows bootloader verifies the digital signature of the Windows kernel before loading it. The Windows kernel, in turn, verifies every other component of the Windows startup process, including boot drivers, startup files, and your antimalware product’s early-launch antimalware (ELAM) driver. If any of these files were tampered, the bootloader detects the problem and refuses to load the corrupted component. Tampering or malware attacks on the Windows boot sequence are blocked by the signature-enforcement handshakes between the UEFI, bootloader, kernel, and application environments.
+Trusted Boot picks up the process that started with Secure Boot. The Windows bootloader verifies the digital signature of the Windows kernel before loading it. The Windows kernel, in turn, verifies every other component of the Windows startup process, including boot drivers, startup files, and your antimalware product’s early-launch antimalware (ELAM) driver. If any of these files were tampered, the bootloader detects the problem and refuses to load the corrupted component. Tampering or malware attacks on the Windows boot sequence are blocked by the signature-enforcement handshakes between the UEFI, bootloader, kernel, and application environments.
 
 Often, Windows can automatically repair the corrupted component, restoring the integrity of Windows and allowing the Windows 11 device to start normally.
 

From f4867fcc93433ade866641696b1225959fc87da0 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:04:40 -0700
Subject: [PATCH 215/671] Update encryption-data-protection.md

---
 windows/security/encryption-data-protection.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/encryption-data-protection.md b/windows/security/encryption-data-protection.md
index e0af5c0142..1841a48867 100644
--- a/windows/security/encryption-data-protection.md
+++ b/windows/security/encryption-data-protection.md
@@ -7,7 +7,7 @@ ms.author: deniseb
 manager: dansimp 
 audience: ITPro
 ms.topic: conceptual
-ms.date: 09/07/2021
+ms.date: 09/08/2021
 ms.prod: w11
 ms.localizationpriority: medium
 ms.collection: 
@@ -52,6 +52,6 @@ Windows consistently improves data protection by improving existing options and
 
 ## See also
 
-- [Encrypted Hard Drive](../information-protection/encrypted-hard-drive.md)
-- [BitLocker](../information-protection/bitlocker/bitlocker-overview.md)
+- [Encrypted Hard Drive](information-protection/encrypted-hard-drive.md)
+- [BitLocker](information-protection/bitlocker/bitlocker-overview.md)
 

From 758dee50b9bfb9ea794bc1e0d67dc80ac8bef76a Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:04:59 -0700
Subject: [PATCH 216/671] Update trusted-boot.md

---
 windows/security/trusted-boot.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/trusted-boot.md b/windows/security/trusted-boot.md
index ca4a7577b1..35a581f3af 100644
--- a/windows/security/trusted-boot.md
+++ b/windows/security/trusted-boot.md
@@ -36,4 +36,4 @@ Often, Windows can automatically repair the corrupted component, restoring the i
 
 ## See also
 
-[Secure the Windows boot process](../information-protection/secure-the-windows-10-boot-process.md)
\ No newline at end of file
+[Secure the Windows boot process](information-protection/secure-the-windows-10-boot-process.md)
\ No newline at end of file

From 4ea8e32cae85514e11a1bd5385c569d6eec8fca7 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:05:37 -0700
Subject: [PATCH 217/671] Update windows-security-app.md

---
 windows/security/windows-security-app.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/windows-security-app.md b/windows/security/windows-security-app.md
index c9d1cbea97..83aff40683 100644
--- a/windows/security/windows-security-app.md
+++ b/windows/security/windows-security-app.md
@@ -7,7 +7,7 @@ ms.author: deniseb
 manager: dansimp 
 audience: ITPro
 ms.topic: conceptual
-ms.date: 09/07/2021
+ms.date: 09/08/2021
 ms.prod: w11
 ms.localizationpriority: medium
 ms.collection: 
@@ -16,11 +16,11 @@ ms.reviewer: kaeladawson, bmcneil
 f1.keywords: NOCSH  
 ---
 
-# The Windows Security app
+# The Windows Security app in Windows 11
 
 *This article provides an overview of the Windows Security app in Windows 11.*
 
-:::image type="content" source="../images/windows-security-app-w11.png" alt-text="Windows Security app in Windows 11":::
+:::image type="content" source="images/windows-security-app-w11.png" alt-text="Windows Security app in Windows 11":::
 
 Visibility and awareness of device security and health is key to any action taken. The Windows built-in security app provides an at-a-glance view of the security status and health of your device. These insights help you identify issues and take action to make sure you’re protected. You can quickly see the status of your virus and threat protection, firewall and network security, device security controls, and more. 
 

From 0b52366967172cd91f198299250382c99e2f26c2 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:06:00 -0700
Subject: [PATCH 218/671] Update hardware.md

---
 windows/security/hardware.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/hardware.md b/windows/security/hardware.md
index 34c5329f7f..cd1daa5805 100644
--- a/windows/security/hardware.md
+++ b/windows/security/hardware.md
@@ -1,6 +1,6 @@
 ---
 title: Windows hardware security
-description: 
+description: Get an overview of hardware security in Windows 11
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp

From 40e02ed7bcdf46463747e10b4e04da844e5f409c Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:06:22 -0700
Subject: [PATCH 219/671] Update identity.md

---
 windows/security/identity.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity.md b/windows/security/identity.md
index 61afd163d1..f943325f1d 100644
--- a/windows/security/identity.md
+++ b/windows/security/identity.md
@@ -1,6 +1,6 @@
 ---
 title: Windows identity security
-description: 
+description: Get an overview of identity security in Windows 11
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp

From 0c236a233e37c46b142c3ba8e6ceb4272249eeb9 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:08:48 -0700
Subject: [PATCH 220/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 7b815fda53..09c512c94c 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -24,6 +24,6 @@ Use the links in the following table to learn more about the operating system se
 | System security | [Trusted Boot](trusted-boot.md) (includes Secure Boot and Measured Boot) <br/><br/>[Cryptography and certificate management](cryptography-certificate-mgmt.md) <br/><br/>[Windows Security app](windows-security-app.md) |
 | Encryption and data protection | [Encryption and data protection in Windows 11](encryption-data-protection.md)<br/><br/>[Encryption](encryption-data-protection.md)<br/><br/>[BitLocker](information-protection/bitlocker/bitlocker-overview.md) |
 | Network security | [Virtual Private Networks](identity-protection/vpn/vpn-guide.md) (VPNs)<br/><br/>[Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md)<br/><br/>Bluetooth<br/><br/>Domain Name System (DNS) security<br/><br/>Windows Wi-Fi<br/><br/>Transport Layer Security (TLS) |
-| Protection from viruses and threats | [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)<br/><br/>[Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction)<br/><br/>[Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)<br/><br/>[Network protection](/microsoft-365/security/defender-endpoint/network-protection)<br/><br/>Controlled folder access<br/><br/>[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)<br/><br/>Integration with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint) for additional threat protection |
+| Protection from viruses and threats | [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)<br/><br/>[Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction)<br/><br/>[Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)<br/><br/>[Network protection](/microsoft-365/security/defender-endpoint/network-protection)<br/><br/>[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)<br/><br/>[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)<br/><br/>Integration with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint) for additional threat protection |
 
 

From fd6ed9b974c276dc0a12acf2ba51f23e23cc536f Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:13:17 -0700
Subject: [PATCH 221/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 09c512c94c..5aa13cb32d 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -23,7 +23,7 @@ Use the links in the following table to learn more about the operating system se
 |:---|:---|
 | System security | [Trusted Boot](trusted-boot.md) (includes Secure Boot and Measured Boot) <br/><br/>[Cryptography and certificate management](cryptography-certificate-mgmt.md) <br/><br/>[Windows Security app](windows-security-app.md) |
 | Encryption and data protection | [Encryption and data protection in Windows 11](encryption-data-protection.md)<br/><br/>[Encryption](encryption-data-protection.md)<br/><br/>[BitLocker](information-protection/bitlocker/bitlocker-overview.md) |
-| Network security | [Virtual Private Networks](identity-protection/vpn/vpn-guide.md) (VPNs)<br/><br/>[Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md)<br/><br/>Bluetooth<br/><br/>Domain Name System (DNS) security<br/><br/>Windows Wi-Fi<br/><br/>Transport Layer Security (TLS) |
+| Network security | [Virtual Private Networks](identity-protection/vpn/vpn-guide.md) (VPNs)<br/><br/>[Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md)<br/><br/>Bluetooth (NEEDED)<br/><br/>Domain Name System (DNS) security (NEEDED)<br/><br/>Windows Wi-Fi (NEEDED)<br/><br/>Transport Layer Security (TLS) (NEEDED) |
 | Protection from viruses and threats | [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)<br/><br/>[Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction)<br/><br/>[Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)<br/><br/>[Network protection](/microsoft-365/security/defender-endpoint/network-protection)<br/><br/>[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)<br/><br/>[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)<br/><br/>Integration with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint) for additional threat protection |
 
 

From 8eb0bac74a41652574a39041ed5866cd1ac1f191 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:13:55 -0700
Subject: [PATCH 222/671] Update cloud.md

---
 windows/security/cloud.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index b3ad85903d..3fb7c8e46f 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -1,6 +1,6 @@
 ---
 title: Windows and cloud security
-description: 
+description: Get an overview of cloud services supported in Windows 11
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp

From 7c204a4116ef72cb02ea33dc4a59d431980ae7c2 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:14:28 -0700
Subject: [PATCH 223/671] Update apps.md

---
 windows/security/apps.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/apps.md b/windows/security/apps.md
index 4b15230a76..098f9524ea 100644
--- a/windows/security/apps.md
+++ b/windows/security/apps.md
@@ -1,6 +1,6 @@
 ---
 title: Windows application security
-description: 
+description: Get an overview of application security in Windows 11
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp

From e1133942fdf5098d2254edcf7b8e2b8136890aa1 Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Wed, 8 Sep 2021 14:25:36 -0400
Subject: [PATCH 224/671] saving changes

---
 .../configuration/customize-taskbar-windows-11.md    | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/windows/configuration/customize-taskbar-windows-11.md b/windows/configuration/customize-taskbar-windows-11.md
index 07fc7f54ca..eff027de9b 100644
--- a/windows/configuration/customize-taskbar-windows-11.md
+++ b/windows/configuration/customize-taskbar-windows-11.md
@@ -10,7 +10,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mobile
 author: MandiOhlinger
-ms.date: 09/07/2021
+ms.date: 09/08/2021
 ms.localizationpriority: medium
 ---
 
@@ -22,9 +22,11 @@ ms.localizationpriority: medium
 
 > **Looking for OEM information?** See [Customize the Taskbar](/windows-hardware/customize/desktop/customize-the-windows-11-taskbar) and [Customize the Start layout](/windows-hardware/customize/desktop/customize-the-windows-11-start-menu).
 
-On Windows 11 devices, you can pin apps to the taskbar. If your organization uses a common set of apps, or devices only run some apps, you may want to use this feature. You can pin more apps to the taskbar, and also remove the default pinned apps.
+On Windows 11 devices, you can pin apps you want to the taskbar. Use this feature if your organization uses a common set of apps, and or wants to bring attention to specific apps. You can also remove the default pinned apps.
 
-To add specific apps you want pinned to the taskbar, you use an XML file. You can use an existing XML file, or create a new file. If you have an XML file that's used on Windows 10 devices, you can also use it on Windows 11 devices. You may have to update the App IDs.
+For example, you can override the default set of apps with your own a set of pinned apps, and in the order you choose. As an administrator, use this feature to pin Win32 apps, remove default pinned apps, order the apps, and more.
+
+To add apps you want pinned to the taskbar, you use an XML file. You can use an existing XML file, or create a new file. If you have an XML file that's used on Windows 10 devices, you can also use it on Windows 11 devices. You may have to update the App IDs.
 
 This article shows you how to create the XML file, add apps to the XML, and deploy the XML file.
 
@@ -46,7 +48,7 @@ This article shows you how to create the XML file, add apps to the XML, and depl
 
 ## Create the XML file
 
-1. In a text editor, such as Visual Studio Code, create a new XML file. To help you get started, you can copy and paste the following XML sample. The sample pins two apps to the taskbar: Microsoft Edge and File Explorer:
+1. In a text editor, such as Visual Studio Code, create a new XML file. To help you get started, you can copy and paste the following XML sample. The sample pins two apps to the taskbar - Microsoft Edge and File Explorer:
 
     ```xml
     <?xml version="1.0" encoding="utf-8"?>
@@ -184,7 +186,7 @@ Use the following steps to create an Intune policy that deploys your taskbar XML
 
 7. Select **Next**, and configure the rest of the policy settings. For more specific information, see [Configure device restriction settings in Microsoft Intune](/mem/intune/configuration/device-restrictions-configure).
 
-8. When the policy is created, you can deploy it now, or deploy it later. Since this policy is a customized taskbar, the policy can also be deployed before users sign in the first time. If you use [Windows Autopilot](/mem/autopilot/windows-autopilot) (opens another Microsoft web site), add the taskbar policy to your Windows Autopilot policy.
+8. When the policy is created, you can deploy it now, or deploy it later. Since this policy is a customized taskbar, the policy can also be deployed before users sign in the first time. 
 
     For more information and guidance on assigning policies using Microsoft Intune, see [Assign user and device profiles in Microsoft Intune](/mem/intune/configuration/device-profile-assign).
 

From eeb6d8acea2795196c16b40fa5822a554ee4af94 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:26:27 -0700
Subject: [PATCH 225/671] Update TOC.yml

---
 windows/security/TOC.yml | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 4d66d47a1e..b67c377e07 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -204,12 +204,19 @@
    - name: Threat protection
      items: 
      - name: Microsoft Defender Antivirus
-     - name: Attack surface reduction
+       href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows
+     - name: Attack surface reduction rules
+       href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/attack-surface-reduction
      - name: Tamper protection
+       href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection
      - name: Network protection
+       href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/network-protection
      - name: Controlled folder access
+       href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/controlled-folders
      - name: Exploit protection
+       href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/exploit-protection
      - name: Microsoft Defender for Endpoint
+       href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint
 - name: Application security
   items:
 - name: Secured identity

From a3ac9aebf1fdba2601525390ace41dcb80ac27e9 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:27:04 -0700
Subject: [PATCH 226/671] Update TOC.yml

---
 windows/security/TOC.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index b67c377e07..34265c2950 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -222,6 +222,7 @@
 - name: Secured identity
   items:
 - name: Cloud services
+  href: cloud.md
   items:
 - name: User protection
   items:

From 9826ff95917bbda169367be141d560814c832079 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:27:35 -0700
Subject: [PATCH 227/671] Update TOC.yml

---
 windows/security/TOC.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 34265c2950..fde9174fb8 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -218,8 +218,10 @@
      - name: Microsoft Defender for Endpoint
        href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint
 - name: Application security
+  href: apps.md
   items:
 - name: Secured identity
+  href: identity.md
   items:
 - name: Cloud services
   href: cloud.md

From 28dea0ab7000b00cd5b615d0899faa149ed330bb Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:32:01 -0700
Subject: [PATCH 228/671] nixed an article

---
 windows/security/operating-system.md     |  2 +-
 windows/security/windows-security-app.md | 40 ------------------------
 2 files changed, 1 insertion(+), 41 deletions(-)
 delete mode 100644 windows/security/windows-security-app.md

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 5aa13cb32d..c78b9821e0 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -21,7 +21,7 @@ Use the links in the following table to learn more about the operating system se
 
 | Security Measures | Features & Capabilities |
 |:---|:---|
-| System security | [Trusted Boot](trusted-boot.md) (includes Secure Boot and Measured Boot) <br/><br/>[Cryptography and certificate management](cryptography-certificate-mgmt.md) <br/><br/>[Windows Security app](windows-security-app.md) |
+| System security | [Trusted Boot](trusted-boot.md) (includes Secure Boot and Measured Boot) <br/><br/>[Cryptography and certificate management](cryptography-certificate-mgmt.md) <br/><br/>[Windows Security app](threat-protection/windows-defender-security-center/windows-defender-security-center.md) |
 | Encryption and data protection | [Encryption and data protection in Windows 11](encryption-data-protection.md)<br/><br/>[Encryption](encryption-data-protection.md)<br/><br/>[BitLocker](information-protection/bitlocker/bitlocker-overview.md) |
 | Network security | [Virtual Private Networks](identity-protection/vpn/vpn-guide.md) (VPNs)<br/><br/>[Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md)<br/><br/>Bluetooth (NEEDED)<br/><br/>Domain Name System (DNS) security (NEEDED)<br/><br/>Windows Wi-Fi (NEEDED)<br/><br/>Transport Layer Security (TLS) (NEEDED) |
 | Protection from viruses and threats | [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)<br/><br/>[Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction)<br/><br/>[Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)<br/><br/>[Network protection](/microsoft-365/security/defender-endpoint/network-protection)<br/><br/>[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)<br/><br/>[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)<br/><br/>Integration with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint) for additional threat protection |
diff --git a/windows/security/windows-security-app.md b/windows/security/windows-security-app.md
deleted file mode 100644
index 83aff40683..0000000000
--- a/windows/security/windows-security-app.md
+++ /dev/null
@@ -1,40 +0,0 @@
----
-title: The Windows Security app in Windows 11
-description: Get an overview of the Windows Security app in Windows 11
-search.appverid: MET150 
-author: denisebmsft
-ms.author: deniseb
-manager: dansimp 
-audience: ITPro
-ms.topic: conceptual
-ms.date: 09/08/2021
-ms.prod: w11
-ms.localizationpriority: medium
-ms.collection: 
-ms.custom: 
-ms.reviewer: kaeladawson, bmcneil
-f1.keywords: NOCSH  
----
-
-# The Windows Security app in Windows 11
-
-*This article provides an overview of the Windows Security app in Windows 11.*
-
-:::image type="content" source="images/windows-security-app-w11.png" alt-text="Windows Security app in Windows 11":::
-
-Visibility and awareness of device security and health is key to any action taken. The Windows built-in security app provides an at-a-glance view of the security status and health of your device. These insights help you identify issues and take action to make sure you’re protected. You can quickly see the status of your virus and threat protection, firewall and network security, device security controls, and more. 
-
-The Windows Security app in Windows 11 looks a lot like what you see in Windows 10, with the addition of the new **Protection history** button and increased security features and capabilities.
-
-The following table describes the various sections of the Windows Security app.<br/><br/>
-
-| Section | Description |
-|:---|:---|
-| Virus & threat protection | Description goes here |
-| Account protection | Description goes here |
-| Firewall & network protection | Description goes here |
-| App & browser control | Description goes here |
-| Device security | Description goes here |
-| Device performance & health | Description goes here |
-| Family options | Description goes here |
-| Protection history | Description goes here |
\ No newline at end of file

From ec7fa14aa1c5e5f73171846dd387a7b66e4f233c Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:33:16 -0700
Subject: [PATCH 229/671] Update TOC.yml

---
 windows/security/TOC.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index fde9174fb8..ecd6997651 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -42,7 +42,7 @@
      - name: Cryptography and certificate management
        href: cryptography-certificate-mgmt.md
      - name: Windows Security app in Windows 11
-       href: windows-security-app.md
+       href: threat-protection/windows-defender-security-center/windows-defender-security-center.md
    - name: Encryption and data protection 
      href: encryption-data-protection.md
      items:

From b16515b38100d8beb75e3c9eb2d0a133985498b6 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:33:39 -0700
Subject: [PATCH 230/671] Update TOC.yml

---
 windows/security/TOC.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index ecd6997651..d3d682fb40 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -41,7 +41,7 @@
        href: trusted-boot.md
      - name: Cryptography and certificate management
        href: cryptography-certificate-mgmt.md
-     - name: Windows Security app in Windows 11
+     - name: The Windows Security app
        href: threat-protection/windows-defender-security-center/windows-defender-security-center.md
    - name: Encryption and data protection 
      href: encryption-data-protection.md

From 211c955061b510daa07e5a5d0fdec6e3ee84ac3e Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:38:04 -0700
Subject: [PATCH 231/671] Update cloud.md

---
 windows/security/cloud.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index 3fb7c8e46f..efd9e32f1d 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -21,8 +21,8 @@ Windows 11 includes the cloud services that are listed in the following table:
 
 | Service type | Description |
 |:---|:---|
-| Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. <br/>Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere. |
-| Modern device management (MDM) and Microsoft Endpoint Manager | Remote wipe <br/> Work or school account<br/>Config Lock<br/>Remote device attestation<br/>(other stuff coming soon):Device Installation<br/>DMA Guard<br/>Endpoint Detection and Response<br/>Microsoft Defender Security Center<br/>Smartscreen<br/>System Guard<br/>Windows Hello for Business |
+| Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/><br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. <br/><br/>Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere.<br/><br/>To learn more, see [What is Azure AD?](/azure/active-directory/fundamentals/active-directory-whatis) |
+| Modern device management (MDM) and Microsoft Endpoint Manager | Remote wipe <br/><br/> Work or school account<br/><br/>Config Lock<br/><br/>Remote device attestation<br/><br/>(other stuff coming soon):Device Installation<br/><br/>DMA Guard<br/><br/>Endpoint Detection and Response<br/><br/>Microsoft Defender Security Center<br/><br/>Smartscreen<br/><br/>System Guard<br/><br/>Windows Hello for Business |
 | Microsoft account |  |
 | OneDrive |  |
 | Family safety |  |

From af13a6cdbf90491a21cead19c3604d52532cdf57 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:47:17 -0700
Subject: [PATCH 232/671] Update cloud.md

---
 windows/security/cloud.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index efd9e32f1d..0fbd68985f 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -22,7 +22,7 @@ Windows 11 includes the cloud services that are listed in the following table:
 | Service type | Description |
 |:---|:---|
 | Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/><br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. <br/><br/>Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere.<br/><br/>To learn more, see [What is Azure AD?](/azure/active-directory/fundamentals/active-directory-whatis) |
-| Modern device management (MDM) and Microsoft Endpoint Manager | Remote wipe <br/><br/> Work or school account<br/><br/>Config Lock<br/><br/>Remote device attestation<br/><br/>(other stuff coming soon):Device Installation<br/><br/>DMA Guard<br/><br/>Endpoint Detection and Response<br/><br/>Microsoft Defender Security Center<br/><br/>Smartscreen<br/><br/>System Guard<br/><br/>Windows Hello for Business |
+| Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Windows 11 includes a management component that includes:<br/>- The enrollment client, which enrolls and configures the endpoint to communicate with the enterprise management server; and <br/>- The management client, which periodically synchronizes with the management server to check for updates and apply your security team's latest policies. <br/><br/>MDM includes several security features & capabilites. These include: <br/>- Remote wipe <br/>- Support for your work or school account<br/>- Config Lock<br/>- Remote device attestation<br/>- (other stuff coming soon): Device Installation, DMA Guard, Endpoint Detection and Response, the Microsoft Defender Security Center, Smartscreen, System Guard, and Windows Hello for Business <br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>Learn more about MDM and Windows 11 |
 | Microsoft account |  |
 | OneDrive |  |
 | Family safety |  |

From 39b49673a5d565cc24f799367d3214ff982530a3 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:52:05 -0700
Subject: [PATCH 233/671] Update cloud.md

---
 windows/security/cloud.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index 0fbd68985f..ba9d3e8118 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -22,7 +22,7 @@ Windows 11 includes the cloud services that are listed in the following table:
 | Service type | Description |
 |:---|:---|
 | Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/><br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. <br/><br/>Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere.<br/><br/>To learn more, see [What is Azure AD?](/azure/active-directory/fundamentals/active-directory-whatis) |
-| Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Windows 11 includes a management component that includes:<br/>- The enrollment client, which enrolls and configures the endpoint to communicate with the enterprise management server; and <br/>- The management client, which periodically synchronizes with the management server to check for updates and apply your security team's latest policies. <br/><br/>MDM includes several security features & capabilites. These include: <br/>- Remote wipe <br/>- Support for your work or school account<br/>- Config Lock<br/>- Remote device attestation<br/>- (other stuff coming soon): Device Installation, DMA Guard, Endpoint Detection and Response, the Microsoft Defender Security Center, Smartscreen, System Guard, and Windows Hello for Business <br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>Learn more about MDM and Windows 11 |
+| Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Windows 11 includes a management component that includes:<br/>- The enrollment client, which enrolls and configures the endpoint to communicate with the enterprise management server; and <br/>- The management client, which periodically synchronizes with the management server to check for updates and apply your security team's latest policies. <br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>Learn more about MDM and Windows 11 |
 | Microsoft account |  |
 | OneDrive |  |
 | Family safety |  |

From 1c273319af990ac6be11227c9d7c50572e5f2800 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:57:17 -0700
Subject: [PATCH 234/671] Create mdm-windows.md

---
 windows/security/mdm-windows.md | 34 +++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 windows/security/mdm-windows.md

diff --git a/windows/security/mdm-windows.md b/windows/security/mdm-windows.md
new file mode 100644
index 0000000000..6b5de3479e
--- /dev/null
+++ b/windows/security/mdm-windows.md
@@ -0,0 +1,34 @@
+---
+title: Modern device management and Windows 11
+description: Get an overview of modern device management with Microsoft Endpoint Manager and Windows 11
+search.appverid: MET150 
+author: denisebmsft
+ms.author: deniseb
+manager: dansimp 
+audience: ITPro
+ms.topic: conceptual
+ms.date: 09/08/2021
+ms.prod: w11
+ms.localizationpriority: medium
+ms.collection: 
+ms.custom: 
+ms.reviewer: 
+f1.keywords: NOCSH 
+---
+
+# Modern device management and Windows 11
+
+Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.
+
+Windows 11 includes a management component that includes:
+- The enrollment client, which enrolls and configures the endpoint to communicate with the enterprise management server; and
+- The management client, which periodically synchronizes with the management server to check for updates and apply your security team's latest policies.
+
+MDM includes several security features & capabilities. These include:
+- Remote wipe
+- Support for your work or school account
+- Config Lock
+- Remote device attestation
+- (other stuff coming soon): Device Installation, DMA Guard, Endpoint Detection and Response, the Microsoft Defender Security Center, Smartscreen, System Guard, and Windows Hello for Business
+
+Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.
\ No newline at end of file

From 88f6194aa4c98271565d671ce388cf33d8c1ddc8 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:58:12 -0700
Subject: [PATCH 235/671] Update TOC.yml

---
 windows/security/TOC.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index d3d682fb40..5e5d767e80 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -226,6 +226,8 @@
 - name: Cloud services
   href: cloud.md
   items:
+    - name: MDM and Windows 11
+      href: mdm-windows.md
 - name: User protection
   items:
     - name: Technical support policy for lost or forgotten passwords

From 29b5c1f904cdae60dd14f0febfa764765039a223 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 11:58:50 -0700
Subject: [PATCH 236/671] Update cloud.md

---
 windows/security/cloud.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index ba9d3e8118..a52fd1128b 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -22,7 +22,7 @@ Windows 11 includes the cloud services that are listed in the following table:
 | Service type | Description |
 |:---|:---|
 | Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/><br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. <br/><br/>Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere.<br/><br/>To learn more, see [What is Azure AD?](/azure/active-directory/fundamentals/active-directory-whatis) |
-| Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Windows 11 includes a management component that includes:<br/>- The enrollment client, which enrolls and configures the endpoint to communicate with the enterprise management server; and <br/>- The management client, which periodically synchronizes with the management server to check for updates and apply your security team's latest policies. <br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>Learn more about MDM and Windows 11 |
+| Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>Learn more about MDM and Windows 11 |
 | Microsoft account |  |
 | OneDrive |  |
 | Family safety |  |

From 12aad635d46094612054cce4afe32498a958277d Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 12:03:19 -0700
Subject: [PATCH 237/671] Update cloud.md

---
 windows/security/cloud.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index a52fd1128b..51c4a4e806 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -22,7 +22,7 @@ Windows 11 includes the cloud services that are listed in the following table:
 | Service type | Description |
 |:---|:---|
 | Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/><br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. <br/><br/>Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere.<br/><br/>To learn more, see [What is Azure AD?](/azure/active-directory/fundamentals/active-directory-whatis) |
-| Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>Learn more about MDM and Windows 11 |
+| Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>To learn more, see [MDM and Windows 11](mdm-windows.md). |
 | Microsoft account |  |
 | OneDrive |  |
 | Family safety |  |

From a44f2fa06e52571abaa6d80709778aeece845c8b Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 12:06:40 -0700
Subject: [PATCH 238/671] Update cloud.md

---
 windows/security/cloud.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index 51c4a4e806..0dd25f1585 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -23,7 +23,7 @@ Windows 11 includes the cloud services that are listed in the following table:
 |:---|:---|
 | Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/><br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. <br/><br/>Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere.<br/><br/>To learn more, see [What is Azure AD?](/azure/active-directory/fundamentals/active-directory-whatis) |
 | Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>To learn more, see [MDM and Windows 11](mdm-windows.md). |
-| Microsoft account |  |
-| OneDrive |  |
-| Family safety |  |
+| Microsoft account | When you add your Microsoft Account to Windows 11, you can bring your Windows, Microsoft Edge, and Xbox settings, web page favorites, files, photos, and more across your different devices. Your Microsoft account lets you manage everything all in one place. Keep tabs on your subscriptions and order history, organize your family's digital life, update your privacy and security settings, track the health and safety of your devices, and get rewards. Everything stays with you in the cloud and across devices, including iOS and Android.   |
+| OneDrive | OneDrive provides additional security, backup, and restore options for your important files and photos. With options for both personal and business, OneDrive stores and protects your files in the cloud, allowing you to access them from your laptop, desktop, and mobile devices. Plus, OneDrive provides an excellent backup and restore solution. If your device is lost or stolen, you can quickly recover all your important files, photos, and data. <br/><br/>OneDrive also provides protection for your most sensitive files without losing the convenience of anywhere access. Protect digital copies of your passport, driver’s license, and other important documents in OneDrive Personal Vault. Your files will be secured by identity verification, yet easily accessible to you across your devices. <br/><br/>Learn how to set up your Personal Vault with a strong authentication method or a second step of identity verification, such as your fingerprint, face, PIN, or a code sent to you via email or SMS. <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have additional options to mitigate and recover from a ransomware attack. Learn more about how to recover from a ransomware attack using Office 365 |
+| Family safety | Microsoft Family Safety empowers you and your family to create healthy habits and protect your loved ones, both online and offline. Get peace of mind that your family is safer while giving your kids independence.<br/><br/>Use your Microsoft account to create a family group on Windows, Xbox, or your mobile devices. Then customize your family settings as your needs change, from the family.microsoft.com website or the Microsoft Family Safety app on Android and iOS.<br/><br/>Develop healthy digital habits with transparency into your family's activities. View your kids’ weekly activity, including web, search, apps and games, and screen time. Balance their time online by setting screen time limits across Windows and Xbox, or set time limits on specific apps or games on Windows, Xbox, or Android to enable kids to be connected for online learning but stay focused. <br/><br/>Create a safe space for your kids to explore online. Use the content filtering settings to block inappropriate apps and games, and limit browsing to kid-friendly websites using Microsoft Edge on Windows, Xbox, and Android. To avoid surprises, get notified when your kids want to download a more mature app or game from the Microsoft Store on Windows and Xbox with age limits.<br/><br/>Stay connected even when you’re apart with family location sharing and tracking. Share your location with loved ones, spot them on a map, and save places they visit the most. <br/><br/>Learn more about Microsoft Family Safety.   |
 

From 60dd25515980b4a4f18f7cd1c8f82f4fef2221d6 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 12:08:43 -0700
Subject: [PATCH 239/671] Update cloud.md

---
 windows/security/cloud.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index 0dd25f1585..dcaa0a7cb0 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -24,6 +24,6 @@ Windows 11 includes the cloud services that are listed in the following table:
 | Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/><br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. <br/><br/>Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere.<br/><br/>To learn more, see [What is Azure AD?](/azure/active-directory/fundamentals/active-directory-whatis) |
 | Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>To learn more, see [MDM and Windows 11](mdm-windows.md). |
 | Microsoft account | When you add your Microsoft Account to Windows 11, you can bring your Windows, Microsoft Edge, and Xbox settings, web page favorites, files, photos, and more across your different devices. Your Microsoft account lets you manage everything all in one place. Keep tabs on your subscriptions and order history, organize your family's digital life, update your privacy and security settings, track the health and safety of your devices, and get rewards. Everything stays with you in the cloud and across devices, including iOS and Android.   |
-| OneDrive | OneDrive provides additional security, backup, and restore options for your important files and photos. With options for both personal and business, OneDrive stores and protects your files in the cloud, allowing you to access them from your laptop, desktop, and mobile devices. Plus, OneDrive provides an excellent backup and restore solution. If your device is lost or stolen, you can quickly recover all your important files, photos, and data. <br/><br/>OneDrive also provides protection for your most sensitive files without losing the convenience of anywhere access. Protect digital copies of your passport, driver’s license, and other important documents in OneDrive Personal Vault. Your files will be secured by identity verification, yet easily accessible to you across your devices. <br/><br/>Learn how to set up your Personal Vault with a strong authentication method or a second step of identity verification, such as your fingerprint, face, PIN, or a code sent to you via email or SMS. <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have additional options to mitigate and recover from a ransomware attack. Learn more about how to recover from a ransomware attack using Office 365 |
+| OneDrive | OneDrive provides extra security, backup, and restore options for your important files and photos. With options for both personal and business, OneDrive stores and protects your files in the cloud, allowing you to access them from your laptop, desktop, and mobile devices. Plus, OneDrive provides an excellent backup and restore solution. If your device is lost or stolen, you can quickly recover all your important files, photos, and data. <br/><br/>OneDrive also provides protection for your most sensitive files without losing the convenience of anywhere access. Protect digital copies of your passport, driver’s license, and other important documents in OneDrive Personal Vault. Your files will be secured by identity verification, yet easily accessible to you across your devices. <br/><br/>Learn how to set up your Personal Vault with a strong authentication method or a second step of identity verification, such as your fingerprint, face, PIN, or a code sent to you via email or SMS. <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. Learn more about how to recover from a ransomware attack using Office 365 |
 | Family safety | Microsoft Family Safety empowers you and your family to create healthy habits and protect your loved ones, both online and offline. Get peace of mind that your family is safer while giving your kids independence.<br/><br/>Use your Microsoft account to create a family group on Windows, Xbox, or your mobile devices. Then customize your family settings as your needs change, from the family.microsoft.com website or the Microsoft Family Safety app on Android and iOS.<br/><br/>Develop healthy digital habits with transparency into your family's activities. View your kids’ weekly activity, including web, search, apps and games, and screen time. Balance their time online by setting screen time limits across Windows and Xbox, or set time limits on specific apps or games on Windows, Xbox, or Android to enable kids to be connected for online learning but stay focused. <br/><br/>Create a safe space for your kids to explore online. Use the content filtering settings to block inappropriate apps and games, and limit browsing to kid-friendly websites using Microsoft Edge on Windows, Xbox, and Android. To avoid surprises, get notified when your kids want to download a more mature app or game from the Microsoft Store on Windows and Xbox with age limits.<br/><br/>Stay connected even when you’re apart with family location sharing and tracking. Share your location with loved ones, spot them on a map, and save places they visit the most. <br/><br/>Learn more about Microsoft Family Safety.   |
 

From 71bb8c02d02813d43ae0a7095dc93632e4da762a Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 12:18:27 -0700
Subject: [PATCH 240/671] Update cloud.md

---
 windows/security/cloud.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index dcaa0a7cb0..4e2e6d3131 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -24,6 +24,6 @@ Windows 11 includes the cloud services that are listed in the following table:
 | Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/><br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. <br/><br/>Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere.<br/><br/>To learn more, see [What is Azure AD?](/azure/active-directory/fundamentals/active-directory-whatis) |
 | Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>To learn more, see [MDM and Windows 11](mdm-windows.md). |
 | Microsoft account | When you add your Microsoft Account to Windows 11, you can bring your Windows, Microsoft Edge, and Xbox settings, web page favorites, files, photos, and more across your different devices. Your Microsoft account lets you manage everything all in one place. Keep tabs on your subscriptions and order history, organize your family's digital life, update your privacy and security settings, track the health and safety of your devices, and get rewards. Everything stays with you in the cloud and across devices, including iOS and Android.   |
-| OneDrive | OneDrive provides extra security, backup, and restore options for your important files and photos. With options for both personal and business, OneDrive stores and protects your files in the cloud, allowing you to access them from your laptop, desktop, and mobile devices. Plus, OneDrive provides an excellent backup and restore solution. If your device is lost or stolen, you can quickly recover all your important files, photos, and data. <br/><br/>OneDrive also provides protection for your most sensitive files without losing the convenience of anywhere access. Protect digital copies of your passport, driver’s license, and other important documents in OneDrive Personal Vault. Your files will be secured by identity verification, yet easily accessible to you across your devices. <br/><br/>Learn how to set up your Personal Vault with a strong authentication method or a second step of identity verification, such as your fingerprint, face, PIN, or a code sent to you via email or SMS. <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. Learn more about how to recover from a ransomware attack using Office 365 |
+| OneDrive | OneDrive is your online storage for your files, photos, and data. OneDrive provides extra security, backup, and restore options for important files and photos. With options for both personal and business, people can use OneDrive to store and protect files in the cloud, allowing users to them on their laptops, desktops, and mobile devices. If a device is lost or stolen, people can quickly recover all their important files, photos, and data. <br/><br/>The OneDrive Personal Vault also provides protection for your most sensitive files without losing the convenience of anywhere access. Files are secured by identity verification, yet easily accessible to users across their devices. [Learn how to set up your Personal Vault](https://support.microsoft.com/en-us/office/protect-your-onedrive-files-in-personal-vault-6540ef37-e9bf-4121-a773-56f98dce78c4?ui=en-us&rs=en-us&ad=us) with a strong authentication method or a second step of identity verification, such as your fingerprint, face, PIN, or a code sent to you via email or SMS. <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. [Learn more about how to recover from a ransomware attack using Office 365](/microsoft-365/security/office-365-security/recover-from-ransomware?view=o365-worldwide) |
 | Family safety | Microsoft Family Safety empowers you and your family to create healthy habits and protect your loved ones, both online and offline. Get peace of mind that your family is safer while giving your kids independence.<br/><br/>Use your Microsoft account to create a family group on Windows, Xbox, or your mobile devices. Then customize your family settings as your needs change, from the family.microsoft.com website or the Microsoft Family Safety app on Android and iOS.<br/><br/>Develop healthy digital habits with transparency into your family's activities. View your kids’ weekly activity, including web, search, apps and games, and screen time. Balance their time online by setting screen time limits across Windows and Xbox, or set time limits on specific apps or games on Windows, Xbox, or Android to enable kids to be connected for online learning but stay focused. <br/><br/>Create a safe space for your kids to explore online. Use the content filtering settings to block inappropriate apps and games, and limit browsing to kid-friendly websites using Microsoft Edge on Windows, Xbox, and Android. To avoid surprises, get notified when your kids want to download a more mature app or game from the Microsoft Store on Windows and Xbox with age limits.<br/><br/>Stay connected even when you’re apart with family location sharing and tracking. Share your location with loved ones, spot them on a map, and save places they visit the most. <br/><br/>Learn more about Microsoft Family Safety.   |
 

From ce5eba5952585143d2100dea98b5fa903f1386bd Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 12:19:17 -0700
Subject: [PATCH 241/671] Update cloud.md

---
 windows/security/cloud.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index 4e2e6d3131..51ac9dadd3 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -25,5 +25,5 @@ Windows 11 includes the cloud services that are listed in the following table:
 | Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>To learn more, see [MDM and Windows 11](mdm-windows.md). |
 | Microsoft account | When you add your Microsoft Account to Windows 11, you can bring your Windows, Microsoft Edge, and Xbox settings, web page favorites, files, photos, and more across your different devices. Your Microsoft account lets you manage everything all in one place. Keep tabs on your subscriptions and order history, organize your family's digital life, update your privacy and security settings, track the health and safety of your devices, and get rewards. Everything stays with you in the cloud and across devices, including iOS and Android.   |
 | OneDrive | OneDrive is your online storage for your files, photos, and data. OneDrive provides extra security, backup, and restore options for important files and photos. With options for both personal and business, people can use OneDrive to store and protect files in the cloud, allowing users to them on their laptops, desktops, and mobile devices. If a device is lost or stolen, people can quickly recover all their important files, photos, and data. <br/><br/>The OneDrive Personal Vault also provides protection for your most sensitive files without losing the convenience of anywhere access. Files are secured by identity verification, yet easily accessible to users across their devices. [Learn how to set up your Personal Vault](https://support.microsoft.com/en-us/office/protect-your-onedrive-files-in-personal-vault-6540ef37-e9bf-4121-a773-56f98dce78c4?ui=en-us&rs=en-us&ad=us) with a strong authentication method or a second step of identity verification, such as your fingerprint, face, PIN, or a code sent to you via email or SMS. <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. [Learn more about how to recover from a ransomware attack using Office 365](/microsoft-365/security/office-365-security/recover-from-ransomware?view=o365-worldwide) |
-| Family safety | Microsoft Family Safety empowers you and your family to create healthy habits and protect your loved ones, both online and offline. Get peace of mind that your family is safer while giving your kids independence.<br/><br/>Use your Microsoft account to create a family group on Windows, Xbox, or your mobile devices. Then customize your family settings as your needs change, from the family.microsoft.com website or the Microsoft Family Safety app on Android and iOS.<br/><br/>Develop healthy digital habits with transparency into your family's activities. View your kids’ weekly activity, including web, search, apps and games, and screen time. Balance their time online by setting screen time limits across Windows and Xbox, or set time limits on specific apps or games on Windows, Xbox, or Android to enable kids to be connected for online learning but stay focused. <br/><br/>Create a safe space for your kids to explore online. Use the content filtering settings to block inappropriate apps and games, and limit browsing to kid-friendly websites using Microsoft Edge on Windows, Xbox, and Android. To avoid surprises, get notified when your kids want to download a more mature app or game from the Microsoft Store on Windows and Xbox with age limits.<br/><br/>Stay connected even when you’re apart with family location sharing and tracking. Share your location with loved ones, spot them on a map, and save places they visit the most. <br/><br/>Learn more about Microsoft Family Safety.   |
+| Family safety | Microsoft Family Safety empowers you and your family to create healthy habits and protect your loved ones, both online and offline. Get peace of mind that your family is safer while giving your kids independence.<br/><br/>Use your Microsoft account to create a family group on Windows, Xbox, or your mobile devices. Then customize your family settings as your needs change, from the family.microsoft.com website or the Microsoft Family Safety app on Android and iOS.<br/><br/>Develop healthy digital habits with transparency into your family's activities. View your kids’ weekly activity, including web, search, apps and games, and screen time. Balance their time online by setting screen time limits across Windows and Xbox, or set time limits on specific apps or games on Windows, Xbox, or Android to enable kids to be connected for online learning but stay focused. <br/><br/>Create a safe space for your kids to explore online. Use the content filtering settings to block inappropriate apps and games, and limit browsing to kid-friendly websites using Microsoft Edge on Windows, Xbox, and Android. To avoid surprises, get notified when your kids want to download a more mature app or game from the Microsoft Store on Windows and Xbox with age limits.<br/><br/>Stay connected even when you’re apart with family location sharing and tracking. Share your location with loved ones, spot them on a map, and save places they visit the most. <br/><br/>[Learn more about Microsoft Family Safety](https://www.microsoft.com/en-us/microsoft-365/family-safety).   |
 

From a19534b1b5ac35d33bbb9054176eab6727d6217c Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 12:21:50 -0700
Subject: [PATCH 242/671] Update cloud.md

---
 windows/security/cloud.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index 51ac9dadd3..773394f619 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -23,7 +23,7 @@ Windows 11 includes the cloud services that are listed in the following table:
 |:---|:---|
 | Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/><br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. <br/><br/>Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere.<br/><br/>To learn more, see [What is Azure AD?](/azure/active-directory/fundamentals/active-directory-whatis) |
 | Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>To learn more, see [MDM and Windows 11](mdm-windows.md). |
-| Microsoft account | When you add your Microsoft Account to Windows 11, you can bring your Windows, Microsoft Edge, and Xbox settings, web page favorites, files, photos, and more across your different devices. Your Microsoft account lets you manage everything all in one place. Keep tabs on your subscriptions and order history, organize your family's digital life, update your privacy and security settings, track the health and safety of your devices, and get rewards. Everything stays with you in the cloud and across devices, including iOS and Android.   |
+| Microsoft account | When users add their Microsoft account to Windows 11, they can bring their Windows, Microsoft Edge, Xbox settings, web page favorites, files, photos, and more across their devices. <br/><br/>The Microsoft account enables people to manage everything in one place. They can keep tabs on their subscriptions and order history, organize your family's digital life, update your privacy and security settings, track the health and safety of their devices, and even get rewards. |
 | OneDrive | OneDrive is your online storage for your files, photos, and data. OneDrive provides extra security, backup, and restore options for important files and photos. With options for both personal and business, people can use OneDrive to store and protect files in the cloud, allowing users to them on their laptops, desktops, and mobile devices. If a device is lost or stolen, people can quickly recover all their important files, photos, and data. <br/><br/>The OneDrive Personal Vault also provides protection for your most sensitive files without losing the convenience of anywhere access. Files are secured by identity verification, yet easily accessible to users across their devices. [Learn how to set up your Personal Vault](https://support.microsoft.com/en-us/office/protect-your-onedrive-files-in-personal-vault-6540ef37-e9bf-4121-a773-56f98dce78c4?ui=en-us&rs=en-us&ad=us) with a strong authentication method or a second step of identity verification, such as your fingerprint, face, PIN, or a code sent to you via email or SMS. <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. [Learn more about how to recover from a ransomware attack using Office 365](/microsoft-365/security/office-365-security/recover-from-ransomware?view=o365-worldwide) |
 | Family safety | Microsoft Family Safety empowers you and your family to create healthy habits and protect your loved ones, both online and offline. Get peace of mind that your family is safer while giving your kids independence.<br/><br/>Use your Microsoft account to create a family group on Windows, Xbox, or your mobile devices. Then customize your family settings as your needs change, from the family.microsoft.com website or the Microsoft Family Safety app on Android and iOS.<br/><br/>Develop healthy digital habits with transparency into your family's activities. View your kids’ weekly activity, including web, search, apps and games, and screen time. Balance their time online by setting screen time limits across Windows and Xbox, or set time limits on specific apps or games on Windows, Xbox, or Android to enable kids to be connected for online learning but stay focused. <br/><br/>Create a safe space for your kids to explore online. Use the content filtering settings to block inappropriate apps and games, and limit browsing to kid-friendly websites using Microsoft Edge on Windows, Xbox, and Android. To avoid surprises, get notified when your kids want to download a more mature app or game from the Microsoft Store on Windows and Xbox with age limits.<br/><br/>Stay connected even when you’re apart with family location sharing and tracking. Share your location with loved ones, spot them on a map, and save places they visit the most. <br/><br/>[Learn more about Microsoft Family Safety](https://www.microsoft.com/en-us/microsoft-365/family-safety).   |
 

From 489a499500abf23e82cb54644eb5c3df700ab865 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 12:27:52 -0700
Subject: [PATCH 243/671] Update cloud.md

---
 windows/security/cloud.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index 773394f619..a8ccd0ff3c 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -25,5 +25,5 @@ Windows 11 includes the cloud services that are listed in the following table:
 | Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>To learn more, see [MDM and Windows 11](mdm-windows.md). |
 | Microsoft account | When users add their Microsoft account to Windows 11, they can bring their Windows, Microsoft Edge, Xbox settings, web page favorites, files, photos, and more across their devices. <br/><br/>The Microsoft account enables people to manage everything in one place. They can keep tabs on their subscriptions and order history, organize your family's digital life, update your privacy and security settings, track the health and safety of their devices, and even get rewards. |
 | OneDrive | OneDrive is your online storage for your files, photos, and data. OneDrive provides extra security, backup, and restore options for important files and photos. With options for both personal and business, people can use OneDrive to store and protect files in the cloud, allowing users to them on their laptops, desktops, and mobile devices. If a device is lost or stolen, people can quickly recover all their important files, photos, and data. <br/><br/>The OneDrive Personal Vault also provides protection for your most sensitive files without losing the convenience of anywhere access. Files are secured by identity verification, yet easily accessible to users across their devices. [Learn how to set up your Personal Vault](https://support.microsoft.com/en-us/office/protect-your-onedrive-files-in-personal-vault-6540ef37-e9bf-4121-a773-56f98dce78c4?ui=en-us&rs=en-us&ad=us) with a strong authentication method or a second step of identity verification, such as your fingerprint, face, PIN, or a code sent to you via email or SMS. <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. [Learn more about how to recover from a ransomware attack using Office 365](/microsoft-365/security/office-365-security/recover-from-ransomware?view=o365-worldwide) |
-| Family safety | Microsoft Family Safety empowers you and your family to create healthy habits and protect your loved ones, both online and offline. Get peace of mind that your family is safer while giving your kids independence.<br/><br/>Use your Microsoft account to create a family group on Windows, Xbox, or your mobile devices. Then customize your family settings as your needs change, from the family.microsoft.com website or the Microsoft Family Safety app on Android and iOS.<br/><br/>Develop healthy digital habits with transparency into your family's activities. View your kids’ weekly activity, including web, search, apps and games, and screen time. Balance their time online by setting screen time limits across Windows and Xbox, or set time limits on specific apps or games on Windows, Xbox, or Android to enable kids to be connected for online learning but stay focused. <br/><br/>Create a safe space for your kids to explore online. Use the content filtering settings to block inappropriate apps and games, and limit browsing to kid-friendly websites using Microsoft Edge on Windows, Xbox, and Android. To avoid surprises, get notified when your kids want to download a more mature app or game from the Microsoft Store on Windows and Xbox with age limits.<br/><br/>Stay connected even when you’re apart with family location sharing and tracking. Share your location with loved ones, spot them on a map, and save places they visit the most. <br/><br/>[Learn more about Microsoft Family Safety](https://www.microsoft.com/en-us/microsoft-365/family-safety).   |
+| Family safety | Microsoft Family Safety empowers people and their family members to create healthy habits and protect their loved ones, both online and offline. People can use their Microsoft account to create a family group on Windows, Xbox, or your mobile devices, and then customize their your family settings by using the `family.microsoft.com` website or the Microsoft Family Safety app on Android and iOS.<br/><br/>[Learn more about Microsoft Family Safety](https://www.microsoft.com/en-us/microsoft-365/family-safety).   |
 

From ea8ddca8fa3ec811b1f7e5eeb6f8585cbbc420c1 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 12:31:03 -0700
Subject: [PATCH 244/671] Update cloud.md

---
 windows/security/cloud.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index a8ccd0ff3c..8f692a5af0 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -15,9 +15,9 @@ author: dansimp
 
 *This article provides an overview of cloud services built into Windows 11.*
 
-Today’s workforce has more freedom and mobility than ever before. With the growth of enterprise cloud adoption, increased personal app usage, and increased use of third-party apps, the risk of data exposure is at its highest. Enabling Zero-Trust protection, Windows 11 works with Microsoft cloud services to help organizations strengthen their multi-cloud security infrastructure, protect hybrid cloud workloads, and safeguard sensitive information while controlling access and mitigating threats. 
+Today’s workforce has more freedom and mobility than ever before. With the growth of enterprise cloud adoption, increased personal app usage, and increased use of third-party apps, the risk of data exposure is at its highest. Enabling Zero-Trust protection, Windows 11 works with Microsoft cloud services. Windows and cloud services together help organizations strengthen their multi-cloud security infrastructure, protect hybrid cloud workloads, and safeguard sensitive information while controlling access and mitigating threats. 
 
-Windows 11 includes the cloud services that are listed in the following table:
+Windows 11 includes the cloud services that are listed in the following table:<br/><br/>
 
 | Service type | Description |
 |:---|:---|
@@ -25,5 +25,5 @@ Windows 11 includes the cloud services that are listed in the following table:
 | Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>To learn more, see [MDM and Windows 11](mdm-windows.md). |
 | Microsoft account | When users add their Microsoft account to Windows 11, they can bring their Windows, Microsoft Edge, Xbox settings, web page favorites, files, photos, and more across their devices. <br/><br/>The Microsoft account enables people to manage everything in one place. They can keep tabs on their subscriptions and order history, organize your family's digital life, update your privacy and security settings, track the health and safety of their devices, and even get rewards. |
 | OneDrive | OneDrive is your online storage for your files, photos, and data. OneDrive provides extra security, backup, and restore options for important files and photos. With options for both personal and business, people can use OneDrive to store and protect files in the cloud, allowing users to them on their laptops, desktops, and mobile devices. If a device is lost or stolen, people can quickly recover all their important files, photos, and data. <br/><br/>The OneDrive Personal Vault also provides protection for your most sensitive files without losing the convenience of anywhere access. Files are secured by identity verification, yet easily accessible to users across their devices. [Learn how to set up your Personal Vault](https://support.microsoft.com/en-us/office/protect-your-onedrive-files-in-personal-vault-6540ef37-e9bf-4121-a773-56f98dce78c4?ui=en-us&rs=en-us&ad=us) with a strong authentication method or a second step of identity verification, such as your fingerprint, face, PIN, or a code sent to you via email or SMS. <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. [Learn more about how to recover from a ransomware attack using Office 365](/microsoft-365/security/office-365-security/recover-from-ransomware?view=o365-worldwide) |
-| Family safety | Microsoft Family Safety empowers people and their family members to create healthy habits and protect their loved ones, both online and offline. People can use their Microsoft account to create a family group on Windows, Xbox, or your mobile devices, and then customize their your family settings by using the `family.microsoft.com` website or the Microsoft Family Safety app on Android and iOS.<br/><br/>[Learn more about Microsoft Family Safety](https://www.microsoft.com/en-us/microsoft-365/family-safety).   |
+| Family safety | Microsoft Family Safety empowers people and their family members to create healthy habits and protect their loved ones, both online and offline. People can use their Microsoft account to create a family group on Windows, Xbox, or your mobile devices, and then customize their family settings by using the `family.microsoft.com` website or the Microsoft Family Safety app on Android and iOS.<br/><br/>[Learn more about Microsoft Family Safety](https://www.microsoft.com/en-us/microsoft-365/family-safety).   |
 

From 0023bfa72ec58e4223624377419efd9003efa46d Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 12:32:47 -0700
Subject: [PATCH 245/671] Update cloud.md

---
 windows/security/cloud.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index 8f692a5af0..879368adf1 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -23,7 +23,7 @@ Windows 11 includes the cloud services that are listed in the following table:<b
 |:---|:---|
 | Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/><br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. <br/><br/>Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere.<br/><br/>To learn more, see [What is Azure AD?](/azure/active-directory/fundamentals/active-directory-whatis) |
 | Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>To learn more, see [MDM and Windows 11](mdm-windows.md). |
-| Microsoft account | When users add their Microsoft account to Windows 11, they can bring their Windows, Microsoft Edge, Xbox settings, web page favorites, files, photos, and more across their devices. <br/><br/>The Microsoft account enables people to manage everything in one place. They can keep tabs on their subscriptions and order history, organize your family's digital life, update your privacy and security settings, track the health and safety of their devices, and even get rewards. |
+| Microsoft account | When users add their Microsoft account to Windows 11, they can bring their Windows, Microsoft Edge, Xbox settings, web page favorites, files, photos, and more across their devices. <br/><br/>The Microsoft account enables people to manage everything in one place. They can keep tabs on their subscriptions and order history, organize their family's digital life, update their privacy and security settings, track the health and safety of their devices, and even get rewards. <br/><br/>To learn more, see [Microsoft Accounts](identity-protection/access-control/microsoft-accounts.md).|
 | OneDrive | OneDrive is your online storage for your files, photos, and data. OneDrive provides extra security, backup, and restore options for important files and photos. With options for both personal and business, people can use OneDrive to store and protect files in the cloud, allowing users to them on their laptops, desktops, and mobile devices. If a device is lost or stolen, people can quickly recover all their important files, photos, and data. <br/><br/>The OneDrive Personal Vault also provides protection for your most sensitive files without losing the convenience of anywhere access. Files are secured by identity verification, yet easily accessible to users across their devices. [Learn how to set up your Personal Vault](https://support.microsoft.com/en-us/office/protect-your-onedrive-files-in-personal-vault-6540ef37-e9bf-4121-a773-56f98dce78c4?ui=en-us&rs=en-us&ad=us) with a strong authentication method or a second step of identity verification, such as your fingerprint, face, PIN, or a code sent to you via email or SMS. <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. [Learn more about how to recover from a ransomware attack using Office 365](/microsoft-365/security/office-365-security/recover-from-ransomware?view=o365-worldwide) |
 | Family safety | Microsoft Family Safety empowers people and their family members to create healthy habits and protect their loved ones, both online and offline. People can use their Microsoft account to create a family group on Windows, Xbox, or your mobile devices, and then customize their family settings by using the `family.microsoft.com` website or the Microsoft Family Safety app on Android and iOS.<br/><br/>[Learn more about Microsoft Family Safety](https://www.microsoft.com/en-us/microsoft-365/family-safety).   |
 

From 06c3a2d37d7e6709f75f62b4d2985cebdd7e52f3 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 12:33:33 -0700
Subject: [PATCH 246/671] Update cloud.md

---
 windows/security/cloud.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index 879368adf1..c48b1c6ba0 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -24,6 +24,6 @@ Windows 11 includes the cloud services that are listed in the following table:<b
 | Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/><br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. <br/><br/>Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere.<br/><br/>To learn more, see [What is Azure AD?](/azure/active-directory/fundamentals/active-directory-whatis) |
 | Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>To learn more, see [MDM and Windows 11](mdm-windows.md). |
 | Microsoft account | When users add their Microsoft account to Windows 11, they can bring their Windows, Microsoft Edge, Xbox settings, web page favorites, files, photos, and more across their devices. <br/><br/>The Microsoft account enables people to manage everything in one place. They can keep tabs on their subscriptions and order history, organize their family's digital life, update their privacy and security settings, track the health and safety of their devices, and even get rewards. <br/><br/>To learn more, see [Microsoft Accounts](identity-protection/access-control/microsoft-accounts.md).|
-| OneDrive | OneDrive is your online storage for your files, photos, and data. OneDrive provides extra security, backup, and restore options for important files and photos. With options for both personal and business, people can use OneDrive to store and protect files in the cloud, allowing users to them on their laptops, desktops, and mobile devices. If a device is lost or stolen, people can quickly recover all their important files, photos, and data. <br/><br/>The OneDrive Personal Vault also provides protection for your most sensitive files without losing the convenience of anywhere access. Files are secured by identity verification, yet easily accessible to users across their devices. [Learn how to set up your Personal Vault](https://support.microsoft.com/en-us/office/protect-your-onedrive-files-in-personal-vault-6540ef37-e9bf-4121-a773-56f98dce78c4?ui=en-us&rs=en-us&ad=us) with a strong authentication method or a second step of identity verification, such as your fingerprint, face, PIN, or a code sent to you via email or SMS. <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. [Learn more about how to recover from a ransomware attack using Office 365](/microsoft-365/security/office-365-security/recover-from-ransomware?view=o365-worldwide) |
+| OneDrive | OneDrive is your online storage for your files, photos, and data. OneDrive provides extra security, backup, and restore options for important files and photos. With options for both personal and business, people can use OneDrive to store and protect files in the cloud, allowing users to them on their laptops, desktops, and mobile devices. If a device is lost or stolen, people can quickly recover all their important files, photos, and data. <br/><br/>The OneDrive Personal Vault also provides protection for your most sensitive files without losing the convenience of anywhere access. Files are secured by identity verification, yet easily accessible to users across their devices. [Learn how to set up your Personal Vault](https://support.microsoft.com/en-us/office/protect-your-onedrive-files-in-personal-vault-6540ef37-e9bf-4121-a773-56f98dce78c4?ui=en-us&rs=en-us&ad=us) with a strong authentication method or a second step of identity verification, such as your fingerprint, face, PIN, or a code sent to you via email or SMS. <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. [Learn more about how to recover from a ransomware attack using Office 365](/microsoft-365/security/office-365-security/recover-from-ransomware) |
 | Family safety | Microsoft Family Safety empowers people and their family members to create healthy habits and protect their loved ones, both online and offline. People can use their Microsoft account to create a family group on Windows, Xbox, or your mobile devices, and then customize their family settings by using the `family.microsoft.com` website or the Microsoft Family Safety app on Android and iOS.<br/><br/>[Learn more about Microsoft Family Safety](https://www.microsoft.com/en-us/microsoft-365/family-safety).   |
 

From f54e646cfb25353a509615b8c32a8949935ab372 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 12:33:54 -0700
Subject: [PATCH 247/671] Update cloud.md

---
 windows/security/cloud.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index c48b1c6ba0..0b40946517 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -24,6 +24,6 @@ Windows 11 includes the cloud services that are listed in the following table:<b
 | Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/><br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. <br/><br/>Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere.<br/><br/>To learn more, see [What is Azure AD?](/azure/active-directory/fundamentals/active-directory-whatis) |
 | Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>To learn more, see [MDM and Windows 11](mdm-windows.md). |
 | Microsoft account | When users add their Microsoft account to Windows 11, they can bring their Windows, Microsoft Edge, Xbox settings, web page favorites, files, photos, and more across their devices. <br/><br/>The Microsoft account enables people to manage everything in one place. They can keep tabs on their subscriptions and order history, organize their family's digital life, update their privacy and security settings, track the health and safety of their devices, and even get rewards. <br/><br/>To learn more, see [Microsoft Accounts](identity-protection/access-control/microsoft-accounts.md).|
-| OneDrive | OneDrive is your online storage for your files, photos, and data. OneDrive provides extra security, backup, and restore options for important files and photos. With options for both personal and business, people can use OneDrive to store and protect files in the cloud, allowing users to them on their laptops, desktops, and mobile devices. If a device is lost or stolen, people can quickly recover all their important files, photos, and data. <br/><br/>The OneDrive Personal Vault also provides protection for your most sensitive files without losing the convenience of anywhere access. Files are secured by identity verification, yet easily accessible to users across their devices. [Learn how to set up your Personal Vault](https://support.microsoft.com/en-us/office/protect-your-onedrive-files-in-personal-vault-6540ef37-e9bf-4121-a773-56f98dce78c4?ui=en-us&rs=en-us&ad=us) with a strong authentication method or a second step of identity verification, such as your fingerprint, face, PIN, or a code sent to you via email or SMS. <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. [Learn more about how to recover from a ransomware attack using Office 365](/microsoft-365/security/office-365-security/recover-from-ransomware) |
+| OneDrive | OneDrive is your online storage for your files, photos, and data. OneDrive provides extra security, backup, and restore options for important files and photos. With options for both personal and business, people can use OneDrive to store and protect files in the cloud, allowing users to them on their laptops, desktops, and mobile devices. If a device is lost or stolen, people can quickly recover all their important files, photos, and data. <br/><br/>The OneDrive Personal Vault also provides protection for your most sensitive files without losing the convenience of anywhere access. Files are secured by identity verification, yet easily accessible to users across their devices. [Learn how to set up your Personal Vault](https://support.microsoft.com/office/protect-your-onedrive-files-in-personal-vault-6540ef37-e9bf-4121-a773-56f98dce78c4) with a strong authentication method or a second step of identity verification, such as your fingerprint, face, PIN, or a code sent to you via email or SMS. <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. [Learn more about how to recover from a ransomware attack using Office 365](/microsoft-365/security/office-365-security/recover-from-ransomware) |
 | Family safety | Microsoft Family Safety empowers people and their family members to create healthy habits and protect their loved ones, both online and offline. People can use their Microsoft account to create a family group on Windows, Xbox, or your mobile devices, and then customize their family settings by using the `family.microsoft.com` website or the Microsoft Family Safety app on Android and iOS.<br/><br/>[Learn more about Microsoft Family Safety](https://www.microsoft.com/en-us/microsoft-365/family-safety).   |
 

From 69635a233af330c1ec58cbfd84e088841b72474d Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 12:34:36 -0700
Subject: [PATCH 248/671] Update cloud.md

---
 windows/security/cloud.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index 0b40946517..389cae3460 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -24,6 +24,6 @@ Windows 11 includes the cloud services that are listed in the following table:<b
 | Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/><br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. <br/><br/>Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere.<br/><br/>To learn more, see [What is Azure AD?](/azure/active-directory/fundamentals/active-directory-whatis) |
 | Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>To learn more, see [MDM and Windows 11](mdm-windows.md). |
 | Microsoft account | When users add their Microsoft account to Windows 11, they can bring their Windows, Microsoft Edge, Xbox settings, web page favorites, files, photos, and more across their devices. <br/><br/>The Microsoft account enables people to manage everything in one place. They can keep tabs on their subscriptions and order history, organize their family's digital life, update their privacy and security settings, track the health and safety of their devices, and even get rewards. <br/><br/>To learn more, see [Microsoft Accounts](identity-protection/access-control/microsoft-accounts.md).|
-| OneDrive | OneDrive is your online storage for your files, photos, and data. OneDrive provides extra security, backup, and restore options for important files and photos. With options for both personal and business, people can use OneDrive to store and protect files in the cloud, allowing users to them on their laptops, desktops, and mobile devices. If a device is lost or stolen, people can quickly recover all their important files, photos, and data. <br/><br/>The OneDrive Personal Vault also provides protection for your most sensitive files without losing the convenience of anywhere access. Files are secured by identity verification, yet easily accessible to users across their devices. [Learn how to set up your Personal Vault](https://support.microsoft.com/office/protect-your-onedrive-files-in-personal-vault-6540ef37-e9bf-4121-a773-56f98dce78c4) with a strong authentication method or a second step of identity verification, such as your fingerprint, face, PIN, or a code sent to you via email or SMS. <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. [Learn more about how to recover from a ransomware attack using Office 365](/microsoft-365/security/office-365-security/recover-from-ransomware) |
+| OneDrive | OneDrive is your online storage for your files, photos, and data. OneDrive provides extra security, backup, and restore options for important files and photos. With options for both personal and business, people can use OneDrive to store and protect files in the cloud, allowing users to them on their laptops, desktops, and mobile devices. If a device is lost or stolen, people can quickly recover all their important files, photos, and data. <br/><br/>The OneDrive Personal Vault also provides protection for your most sensitive files without losing the convenience of anywhere access. Files are secured by identity verification, yet easily accessible to users across their devices. [Learn how to set up your Personal Vault](https://support.microsoft.com/office/protect-your-onedrive-files-in-personal-vault-6540ef37-e9bf-4121-a773-56f98dce78c4). <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. [Learn more about how to recover from a ransomware attack using Office 365](/microsoft-365/security/office-365-security/recover-from-ransomware). |
 | Family safety | Microsoft Family Safety empowers people and their family members to create healthy habits and protect their loved ones, both online and offline. People can use their Microsoft account to create a family group on Windows, Xbox, or your mobile devices, and then customize their family settings by using the `family.microsoft.com` website or the Microsoft Family Safety app on Android and iOS.<br/><br/>[Learn more about Microsoft Family Safety](https://www.microsoft.com/en-us/microsoft-365/family-safety).   |
 

From e9f4f576784d0b9eb2285aa9edb0b907266b0f84 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 12:36:56 -0700
Subject: [PATCH 249/671] Update cloud.md

---
 windows/security/cloud.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index 389cae3460..f167df48d7 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -21,7 +21,7 @@ Windows 11 includes the cloud services that are listed in the following table:<b
 
 | Service type | Description |
 |:---|:---|
-| Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/><br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. <br/><br/>Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere.<br/><br/>To learn more, see [What is Azure AD?](/azure/active-directory/fundamentals/active-directory-whatis) |
+| Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/><br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere.<br/><br/>To learn more, see [What is Azure AD?](/azure/active-directory/fundamentals/active-directory-whatis) |
 | Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>To learn more, see [MDM and Windows 11](mdm-windows.md). |
 | Microsoft account | When users add their Microsoft account to Windows 11, they can bring their Windows, Microsoft Edge, Xbox settings, web page favorites, files, photos, and more across their devices. <br/><br/>The Microsoft account enables people to manage everything in one place. They can keep tabs on their subscriptions and order history, organize their family's digital life, update their privacy and security settings, track the health and safety of their devices, and even get rewards. <br/><br/>To learn more, see [Microsoft Accounts](identity-protection/access-control/microsoft-accounts.md).|
 | OneDrive | OneDrive is your online storage for your files, photos, and data. OneDrive provides extra security, backup, and restore options for important files and photos. With options for both personal and business, people can use OneDrive to store and protect files in the cloud, allowing users to them on their laptops, desktops, and mobile devices. If a device is lost or stolen, people can quickly recover all their important files, photos, and data. <br/><br/>The OneDrive Personal Vault also provides protection for your most sensitive files without losing the convenience of anywhere access. Files are secured by identity verification, yet easily accessible to users across their devices. [Learn how to set up your Personal Vault](https://support.microsoft.com/office/protect-your-onedrive-files-in-personal-vault-6540ef37-e9bf-4121-a773-56f98dce78c4). <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. [Learn more about how to recover from a ransomware attack using Office 365](/microsoft-365/security/office-365-security/recover-from-ransomware). |

From 9dd3cadae71f5a6f6a5c6aeee936d1d3e8367499 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 12:47:28 -0700
Subject: [PATCH 250/671] Update mdm-windows.md

---
 windows/security/mdm-windows.md | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/windows/security/mdm-windows.md b/windows/security/mdm-windows.md
index 6b5de3479e..6668d62e59 100644
--- a/windows/security/mdm-windows.md
+++ b/windows/security/mdm-windows.md
@@ -21,9 +21,12 @@ f1.keywords: NOCSH
 Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.
 
 Windows 11 includes a management component that includes:
+
 - The enrollment client, which enrolls and configures the endpoint to communicate with the enterprise management server; and
 - The management client, which periodically synchronizes with the management server to check for updates and apply your security team's latest policies.
 
+## MDM features and capabilities
+
 MDM includes several security features & capabilities. These include:
 - Remote wipe
 - Support for your work or school account
@@ -31,4 +34,23 @@ MDM includes several security features & capabilities. These include:
 - Remote device attestation
 - (other stuff coming soon): Device Installation, DMA Guard, Endpoint Detection and Response, the Microsoft Defender Security Center, Smartscreen, System Guard, and Windows Hello for Business
 
-Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.
\ No newline at end of file
+## Support for non-Microsoft MDM servers
+
+Non-Microsoft MDM servers can be used to manage Windows 11 by using industry standard protocols. The built-in management client can communicate with a third-party server proxy that supports the MDM protocols to perform enterprise management tasks. The third-party server will have the same consistent first-party user experience for enrollment, which also provides simplicity for Windows 11 users. MDM servers do not need to create or download a client to manage Windows 11. 
+
+For details about the MDM protocols, the following resources:
+
+- [MS-MDM: Mobile Device Management Protocol](/openspecs/windows_protocols/ms-mdm/33769a92-ac31-47ef-ae7b-dc8501f7104f) 
+- [MS-MDE2: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692)
+
+## Security baselines
+
+Windows 11 can be configured with the Microsoft MDM security baseline backed by ADMX policies, which functions like the Microsoft GP-based security baseline. Security baseline enables IT admins to easily integrate this baseline into any MDM, addressing security concerns and compliance needs for modern cloud-managed devices.
+
+The MDM security baseline includes policies that cover the following areas:
+
+- Microsoft inbox security technology (not deprecated) such as BitLocker, Windows Defender SmartScreen, and Virtual-based security, Exploit Guard, Defender, and Firewall
+- Restricting remote access to devices
+- Setting credential requirements for passwords and PINs
+- Restricting use of legacy technology
+- Legacy technology policies that offer alternative solutions with modern technology

From 806a912dea4d76b854392b1baedd81af33a33191 Mon Sep 17 00:00:00 2001
From: Nick Bassett <nbassett@microsoft.com>
Date: Wed, 8 Sep 2021 12:57:15 -0700
Subject: [PATCH 251/671] Update virus-initiative-criteria.md

Update to membership requirements, follow-up link for application, and high-level program summary.
---
 .../intelligence/virus-initiative-criteria.md | 29 +++++++------------
 1 file changed, 11 insertions(+), 18 deletions(-)

diff --git a/windows/security/threat-protection/intelligence/virus-initiative-criteria.md b/windows/security/threat-protection/intelligence/virus-initiative-criteria.md
index 83ca25908d..360a4bde38 100644
--- a/windows/security/threat-protection/intelligence/virus-initiative-criteria.md
+++ b/windows/security/threat-protection/intelligence/virus-initiative-criteria.md
@@ -18,34 +18,27 @@ ms.technology: mde
 
 # Microsoft Virus Initiative
 
-The Microsoft Virus Initiative (MVI) helps organizations to get their products working and integrated with Windows.
-
-MVI members receive access to Windows APIs and other technologies including IOAV, AMSI, and Cloud files. Members also get malware telemetry and samples and invitations to security-related events and conferences.
+The Microsoft Virus Initiative (MVI) helps organizations develop better-together security solutions that are performant, reliable, and aligned with Microsoft technology & strategy.
 
 ## Become a member
 
-You can request membership if you're a representative for an organization that develops and produces antimalware or antivirus technology. Your organization must meet the following requirements to qualify for the MVI program:
+You can request membership if you're a representative for an organization that develops and produces antimalware or antivirus technology. 
 
-1. Offer an antimalware or antivirus product that meets one of the following criteria:
+To qualify for the MVI program, your organization must meet all the following requirements.
 
-   * Your organization's own creation.
-   * Developed by using an SDK (engine and other components) from another MVI Partner company and your organization adds a custom UI and/or other functionality.
+1)	Your security solution either replaces or compliments Microsoft Defender Antivirus.
 
-2. Have your own malware research team unless you build a product based on an SDK.
+2)	Your organization is responsible for both developing and distributing app updates to end-customers that address compatibility with Windows.
 
-3. Be active and have a positive reputation in the antimalware industry.
+3)	Your organization must be active in the antimalware industry and have a positive reputation, as evidenced by participation in industry conferences or being reviewed in an industry standard report such as AV Comparatives, OPSWAT, or Gartner.
 
-   * Activity can include participation in industry conferences or being reviewed in an industry standard report such as AV Comparatives, OPSWAT, or Gartner.
+4)	Your organization must sign a non-disclosure agreement (NDA) with Microsoft.
 
-4. Be willing to sign a non-disclosure agreement (NDA) with Microsoft.
+5)	Your organization must sign a program license agreement. Maintaining this license agreement requires that you adhere to all program requirements for antimalware apps. These requirements define the behavior of antimalware apps necessary to ensure proper interaction with Windows.
 
-5. Be willing to sign a program license agreement.
+6)	You must submit your app to Microsoft for periodic performance testing and feature review.
 
-6. Be willing to adhere to program requirements for antimalware apps. These requirements define the behavior of antimalware apps necessary to ensure proper interaction with Windows.
-
-7. Submit your app to Microsoft for periodic performance testing.
-
-8. Certified through independent testing by at least one industry standard organization.
+7)	Your solution must be certified through independent testing by at least one industry standard organization, and yearly certification must be maintained.
 
 Test Provider | Lab Test Type |	Minimum Level / Score
 ------------- |---------------|----------------------
@@ -60,4 +53,4 @@ West Coast Labs |	Checkmark Certified </br> http://www.checkmarkcertified.com/sm
 
 ## Apply now
 
-If your organization meets these criteria and is interested in joining, [apply for membership now](https://www.microsoft.com/wdsi/alliances/apply-alliance-membership). For questions, [contact us for more information](https://www.microsoft.com/wdsi/alliances/collaboration-inquiry).
+If your organization meets these criteria and is interested in joining, [apply for membership now](https://forms.office.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbRxusDUkejalGp0OAgRTWC7BUQVRYUEVMNlFZUjFaUDY2T1U1UDVVU1NKVi4u).

From 9d97e27242884a64c7a1e4d250c417f6eb4d36f4 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 13:03:26 -0700
Subject: [PATCH 252/671] Update mdm-windows.md

---
 windows/security/mdm-windows.md | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/windows/security/mdm-windows.md b/windows/security/mdm-windows.md
index 6668d62e59..c19ab3a22a 100644
--- a/windows/security/mdm-windows.md
+++ b/windows/security/mdm-windows.md
@@ -27,12 +27,15 @@ Windows 11 includes a management component that includes:
 
 ## MDM features and capabilities
 
-MDM includes several security features & capabilities. These include:
-- Remote wipe
-- Support for your work or school account
-- Config Lock
-- Remote device attestation
-- (other stuff coming soon): Device Installation, DMA Guard, Endpoint Detection and Response, the Microsoft Defender Security Center, Smartscreen, System Guard, and Windows Hello for Business
+MDM includes several security features & capabilities, as described in the following table:
+
+| Feature/capability | Description |
+|:---|:---|
+| Remote wipe | When a device is lost or stolen, IT admins can attempt to wipe it remotely and make the data stored in memory and hard disks difficult to recover. A help desk agent might also want to reset devices to fix issues encountered by remote workers. Windows 10 and Windows 11 supports the Remote Wipe configuration service provider (CSP) so that MDM solutions can remotely initiate any of the following operations: <br/>- Reset the device and remove user accounts and data <br/>- Reset the device and clean the drive <br/>- Reset the device but persist user accounts and data |
+| Support for your work or school account | Adding a work or school account enables devices to connect to your work environment. You can join the device to an Active Directory domain, an Azure Active Directory (Azure AD) domain, or by quickly provisioning corporate owned devices so they meet the policy and security guidelines for the company. Easily configure the devices with the apps and settings the person needs to do their work through management solutions such as Microsoft Endpoint Manager (MEM). <br/><br/>When a device is joined to Azure AD and managed with MDM, it will bring the following security values: <br/>- Default fully managed user and device settings and policies<br/>- Single Sign On to all Microsoft Online Services<br/>- Full suite of password management capabilities, using Windows Hello For Business<br/>- Authentication uses Tokens<br/>- No use of consumer Microsoft Account identity | 
+| Config Lock |  |
+| Remote device attestation |  |
+| (other stuff coming soon) | Device Installation, DMA Guard, Endpoint Detection and Response, the Microsoft Defender Security Center, Smartscreen, System Guard, and Windows Hello for Business |
 
 ## Support for non-Microsoft MDM servers
 
@@ -45,12 +48,12 @@ For details about the MDM protocols, the following resources:
 
 ## Security baselines
 
-Windows 11 can be configured with the Microsoft MDM security baseline backed by ADMX policies, which functions like the Microsoft GP-based security baseline. Security baseline enables IT admins to easily integrate this baseline into any MDM, addressing security concerns and compliance needs for modern cloud-managed devices.
+Windows 11 can be configured with the [Microsoft MDM security baseline](/mem/intune/protect/security-baseline-settings-mdm-all?pivots=mdm-december-2020) backed by ADMX policies, which functions like the Microsoft Group Policy security baseline. Security baselines enable security teams and IT admins to easily integrate this baseline into any MDM, addressing security concerns and compliance needs for modern cloud-managed devices.
 
 The MDM security baseline includes policies that cover the following areas:
 
-- Microsoft inbox security technology (not deprecated) such as BitLocker, Windows Defender SmartScreen, and Virtual-based security, Exploit Guard, Defender, and Firewall
+- Microsoft inbox security technology (such as BitLocker and Windows Defender SmartScreen), and Virtual-based security ( exploit protection, Microsoft Defender Antivirus, and Windows Defender Firewall)
 - Restricting remote access to devices
 - Setting credential requirements for passwords and PINs
-- Restricting use of legacy technology
+- Restricting the use of legacy technology
 - Legacy technology policies that offer alternative solutions with modern technology

From 95cdc814fd5685b3b6ab5d1930b43d74aa590c4a Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 13:05:05 -0700
Subject: [PATCH 253/671] Update mdm-windows.md

---
 windows/security/mdm-windows.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/mdm-windows.md b/windows/security/mdm-windows.md
index c19ab3a22a..546c0c4aeb 100644
--- a/windows/security/mdm-windows.md
+++ b/windows/security/mdm-windows.md
@@ -18,7 +18,7 @@ f1.keywords: NOCSH
 
 # Modern device management and Windows 11
 
-Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.
+Windows 11 supports modern device management (MDM), an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.
 
 Windows 11 includes a management component that includes:
 

From 2d859018a2c817774e710ae88ac9b821753710ed Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 13:07:40 -0700
Subject: [PATCH 254/671] Update mdm-windows.md

---
 windows/security/mdm-windows.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/mdm-windows.md b/windows/security/mdm-windows.md
index 546c0c4aeb..da333c0c9c 100644
--- a/windows/security/mdm-windows.md
+++ b/windows/security/mdm-windows.md
@@ -27,11 +27,11 @@ Windows 11 includes a management component that includes:
 
 ## MDM features and capabilities
 
-MDM includes several security features & capabilities, as described in the following table:
+MDM includes several security features & capabilities, as described in the following table:<br/><br/>
 
 | Feature/capability | Description |
 |:---|:---|
-| Remote wipe | When a device is lost or stolen, IT admins can attempt to wipe it remotely and make the data stored in memory and hard disks difficult to recover. A help desk agent might also want to reset devices to fix issues encountered by remote workers. Windows 10 and Windows 11 supports the Remote Wipe configuration service provider (CSP) so that MDM solutions can remotely initiate any of the following operations: <br/>- Reset the device and remove user accounts and data <br/>- Reset the device and clean the drive <br/>- Reset the device but persist user accounts and data |
+| Remote wipe | When a device is lost or stolen, IT admins can attempt to wipe it remotely and make the data stored in memory and hard disks difficult to recover. Help desk agents can also reset devices to fix issues that are encountered by remote workers.<br/><br/>Windows 10 and Windows 11 supports the remote wipe configuration service provider (CSP) so that MDM solutions can remotely initiate any of the following operations: <br/>- Reset the device and remove user accounts and data <br/>- Reset the device and clean the drive <br/>- Reset the device but persist user accounts and data |
 | Support for your work or school account | Adding a work or school account enables devices to connect to your work environment. You can join the device to an Active Directory domain, an Azure Active Directory (Azure AD) domain, or by quickly provisioning corporate owned devices so they meet the policy and security guidelines for the company. Easily configure the devices with the apps and settings the person needs to do their work through management solutions such as Microsoft Endpoint Manager (MEM). <br/><br/>When a device is joined to Azure AD and managed with MDM, it will bring the following security values: <br/>- Default fully managed user and device settings and policies<br/>- Single Sign On to all Microsoft Online Services<br/>- Full suite of password management capabilities, using Windows Hello For Business<br/>- Authentication uses Tokens<br/>- No use of consumer Microsoft Account identity | 
 | Config Lock |  |
 | Remote device attestation |  |

From d4d00c370544114cf09fe588a1bf52d4fb9ceb2a Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Wed, 8 Sep 2021 16:24:43 -0400
Subject: [PATCH 255/671] Eng review updates

---
 windows/configuration/TOC.yml                 |  2 +-
 ...supported-csp-start-menu-layout-windows.md |  8 ++--
 .../use-json-customize-start-menu-windows.md  | 41 ++++++++-----------
 3 files changed, 21 insertions(+), 30 deletions(-)

diff --git a/windows/configuration/TOC.yml b/windows/configuration/TOC.yml
index 2ce55a2aa9..b1675f73ae 100644
--- a/windows/configuration/TOC.yml
+++ b/windows/configuration/TOC.yml
@@ -6,7 +6,7 @@
       items:
         - name: Start layout
           href: use-json-customize-start-menu-windows.md
-        - name: Supported Start layout CSPs
+        - name: Supported Start menu CSPs
           href: supported-csp-start-menu-layout-windows.md
     - name: Windows 10 Start and taskbar
       items:
diff --git a/windows/configuration/supported-csp-start-menu-layout-windows.md b/windows/configuration/supported-csp-start-menu-layout-windows.md
index c6941e178b..34b7121cdb 100644
--- a/windows/configuration/supported-csp-start-menu-layout-windows.md
+++ b/windows/configuration/supported-csp-start-menu-layout-windows.md
@@ -38,7 +38,6 @@ For more general information, see [Configuration service provider reference](../
 - [Start/AllowPinnedFolderPictures](../client-management/mdm/policy-csp-start.md#start-allowpinnedfolderpictures)
 - [Start/AllowPinnedFolderSettings](../client-management/mdm/policy-csp-start.md#start-allowpinnedfoldersettings)
 - [Start/AllowPinnedFolderVideos](../client-management/mdm/policy-csp-start.md#start-allowpinnedfoldervideos)
-- [Start/DisableContextMenus](../client-management/mdm/policy-csp-start.md#start-disablecontextmenus)
 - [Start/HideChangeAccountSettings](../client-management/mdm/policy-csp-start.md#start-hidechangeaccountsettings)
 - [Start/HideHibernate](../client-management/mdm/policy-csp-start.md#start-hidehibernate)
 - [Start/HideLock](../client-management/mdm/policy-csp-start.md#start-hidelock)
@@ -51,14 +50,13 @@ For more general information, see [Configuration service provider reference](../
 - [Start/HideUserTile](../client-management/mdm/policy-csp-start.md#start-hideusertile)
 - [Start/HideRecentJumplists](../client-management/mdm/policy-csp-start.md#start-hiderecentjumplists)
 - [Start/NoPinningToTaskbar](../client-management/mdm/policy-csp-start.md#start-nopinningtotaskbar)
-- Start/ShowOrHideMostUsedApps --> Need CSP link
+- Start/ShowOrHideMostUsedApps: New policy starting with Windows 11. This policy enforces always showing Most Used Apps, or always hiding Most Used Apps. If you use this policy, the [Start/HideFrequentlyUsedApps](../client-management/mdm/policy-csp-start.md#start-hidefrequentlyusedapps) policy is ignored.
 
-## Untested policies
-
-- [Start/HideFrequentlyUsedApps](../client-management/mdm/policy-csp-start.md#start-hidefrequentlyusedapps): What does this configure on Windows 10? How is it different than ShowOrHideMostUsedApps? 
+  The [Start/HideFrequentlyUsedApps](../client-management/mdm/policy-csp-start.md#start-hidefrequentlyusedapps) CSP is the previous version of this policy, and is available on Windows 10 and older devices. This policy enforces hiding Most Used Apps. You can't use this policy to enforce always showing Most Used Apps.
 
 ## Existing CSP policies that Windows 11 doesn't support
 
 - [Start/StartLayout](../client-management/mdm/policy-csp-start.md#start-startlayout)
 - [Start/HideRecentlyAddedApps](../client-management/mdm/policy-csp-start.md#start-hiderecentlyaddedapps)
 - [Start/HideAppList](../client-management/mdm/policy-csp-start.md#start-hideapplist)
+- [Start/DisableContextMenus](../client-management/mdm/policy-csp-start.md#start-disablecontextmenus)
diff --git a/windows/configuration/use-json-customize-start-menu-windows.md b/windows/configuration/use-json-customize-start-menu-windows.md
index fa2da8f58a..1456952c66 100644
--- a/windows/configuration/use-json-customize-start-menu-windows.md
+++ b/windows/configuration/use-json-customize-start-menu-windows.md
@@ -1,6 +1,6 @@
 ---
 title: Use JSON to customize Start menu layout on Windows 11 | Microsoft Docs
-description: Export start layout to LayoutModification.json that includes pinned apps. Add or remove apps, and use the JSON syntax in an MDM policy to deploy a custom Start menu layout to Windows 11 devices.
+description: Export start layout to LayoutModification.json that includes pinned apps. Add or remove apps, and use the JSON text in an MDM policy to deploy a custom Start menu layout to Windows 11 devices.
 ms.assetid: 
 manager: dougeby
 ms.author: mandia
@@ -22,17 +22,17 @@ ms.localizationpriority: medium
 
 > **Looking for OEM information?** See [Customize the Taskbar](/windows-hardware/customize/desktop/customize-the-windows-11-taskbar) and [Customize the Start layout](/windows-hardware/customize/desktop/customize-the-windows-11-start-menu).
 
-Your organization can deploy a customized Start layout to your Windows 11 devices. Customizing the Start layout is common when you have similar devices used by many users.
+Your organization can deploy a customized Start layout to your Windows 11 devices. Customizing the Start layout is common when you have similar devices used by many users, or you want to pin specific apps.
 
-For example, you can override the default set of apps with your own a set of pinned apps, and in the order you choose. As an administrator, use this feature to pin Win32 apps, remove default pinned apps, order the apps, and more.
+For example, you can override the default set of apps with your own a set of pinned apps, and in the order you choose. As an administrator, use this feature to pin apps, remove default pinned apps, order the apps, and more.
 
-This article shows you how to export an existing Start menu layout, and use the syntax in a Microsoft Intune MDM policy.
+To add apps you want pinned to the Start menu, you use a JSON file. In previous Windows versions, IT administrators used an XML file to customize the Start menu. The XML file isn't available on Windows 11 and later ***unless*** [you're an OEM](/windows-hardware/customize/desktop/customize-the-windows-11-start-menu).
+
+This article shows you how to export an existing Start menu layout, and use the JSON in a Microsoft Intune MDM policy.
 
 ## Before you begin
 
-- Starting with Windows 11, IT administrators use JSON to customize the Start layout.
-
-  In previous Windows versions, IT administrators used an XML file to customize the Start layout. The XML file isn't available on Windows 11 and later. OEMs can use XML and JSON files. If you're an OEM, see [Customize the Start layout](/windows-hardware/customize/desktop/customize-the-windows-11-start-menu).
+- When you customize the Start layout, you overwrite the entire full layout. A partial Start layout isn't available. Users can pin and unpin apps, and uninstall apps from Start. You can't prevent users from changing the layout.
 
 - It's recommended to use a Mobile Device Management (MDM) provider. MDM providers help manage your devices, and help manage apps on your devices. For Microsoft, that includes using Microsoft Endpoint Manager. Endpoint Manager includes Microsoft Intune, which is a cloud service, and Configuration Manager, which is on-premises.
 
@@ -44,25 +44,20 @@ This article shows you how to export an existing Start menu layout, and use the
 
 ## Start menu features and sections
 
-In Windows 11, the Start menu is redesigned with a simplified set of apps that are arranged in a grid of pages. There aren't folders, groups, or different sized app icons:
+In Windows 11, the Start menu is redesigned with a simplified set of apps that are arranged in a grid of pages. There aren't folders, groups, or different-sized app icons:
 
 :::image type="content" source="./images/use-json-customize-start-menu-windows/start-menu-layout.png" alt-text="Sample start menu layout on Windows 11 devices that shows pinned apps, access to all apps, and shows recommended files.":::
 
 Start has the following areas:
 
-- **Pinned**: This area shows pinned apps, or a subset of all of the apps installed on the device. You can create a list of pinned apps you want on the devices using the **ConfigureStartPins** policy. **ConfigureStartPins** overrides the entire layout, which also remove apps that are pinned by default.
+- **Pinned**: This area shows pinned apps, or a subset of all of the apps installed on the device. You can create a list of pinned apps you want on the devices using the **ConfigureStartPins** policy. **ConfigureStartPins** overrides the entire layout, which also removes apps that are pinned by default.
 
   This article shows you how to use the **ConfigureStartPins** policy.
 
-- **All apps**: Users can select this option to see an alphabetical list of all the apps on the device. This section can't be customized.
-- **Recommended**: This area shows recently opened files and recently installed apps. You can't hide this section, but you can prevent files from showing. The [Start/HideRecentJumplists CSP](../client-management/mdm/policy-csp-start.md#start-hiderecentjumplists) controls this setting, and can be set using an MDM provider, like Microsoft Intune.
+- **All apps**: Users select this option to see an alphabetical list of all the apps on the device. This section can't be customized using the JSON file. You can use the `Start/ShowOrHideMostUsedApps` CSP, which is a new policy available in Windows 11.
+- **Recommended**: Shows recently opened files and recently installed apps. This section can't be customized using the JSON file. To prevent files from showing in this section, you can use the [Start/HideRecentJumplists CSP](../client-management/mdm/policy-csp-start.md#start-hiderecentjumplists). This CSP also hides recent files that show from the taskbar.
 
-  For more information on the Start menu settings you can configure in a Microsoft Intune policy, see [Windows 10 (and later) device settings to allow or restrict features using Intune](/mem/intune/configuration/device-restrictions-windows-10#start).
-
-### What you need to know
-
-- When you customize the Start layout, you overwrite the entire full layout. A partial Start layout isn't available. Users can pin and unpin apps, and uninstall apps from Start. You can't prevent users from customizing the layout.
-- On Windows 11 and later devices, you must create a JSON file. You can't use an XML file from a previous OS, such as Windows 10.
+  You can use an MDM provider, like Microsoft Intune, to manage the `Start/HideRecentJumplists` CSP on your devices. For more information on the Start menu settings you can configure in a Microsoft Intune policy, see [Windows 10 (and later) device settings to allow or restrict features using Intune](/mem/intune/configuration/device-restrictions-windows-10#start).
 
 ## Create the JSON file
 
@@ -71,7 +66,7 @@ On an existing Windows 11 device, set up your own Start layout with the pinned a
 The JSON file controls the Start menu layout, and lists all the apps that are pinned. You can update the JSON file to:
 
 - Change the order of existing apps. The apps in the JSON file are shown on Start in the same order.
-- Add more apps by entering the app ID. For more information, see [Get the pinnedList JSON syntax](#get-the-pinnedlist-json-syntax) (in this article).
+- Add more apps by entering the app ID. For more information, see [Get the pinnedList JSON](#get-the-pinnedlist-json) (in this article).
 
 If you're familiar with creating JSON files, you can create your own `LayoutModification.json` file. But, it's easier and faster to export the layout from an existing device.
 
@@ -79,15 +74,13 @@ If you're familiar with creating JSON files, you can create your own `LayoutModi
 
 1. Create a folder to save the `.json` file. For example, create the `C:\Layouts` folder.
 2. On a Windows 11 device, open the Windows PowerShell app.
-3. Run the following cmdlet:
+3. Run the following cmdletBe sure to name the file `LayoutModification.json`.
 
     ```powershell
     Export-StartLayout -Path "C:\Layouts\LayoutModification.json" 
     ```
 
-    Be sure to name the file `LayoutModification.json`.
-
-### Get the pinnedList JSON syntax
+### Get the pinnedList JSON
 
 1. Open the `LayoutModification.json` file in a JSON editor, such as Visual Studio Code or the Notepad app. For more information, see [edit JSON with Visual Studio Code](https://code.visualstudio.com/docs/languages/json).
 2. In the file, you see the `pinnedList` section. This section includes all the apps that are pinned. Copy the `pinnedList` content in the JSON file. You'll use it in the next section.
@@ -116,7 +109,7 @@ If you're familiar with creating JSON files, you can create your own `LayoutModi
 
 ## Use MDM to create and deploy a pinned list policy
 
-Now that you have the JSON syntax, you're ready to deploy your customized Start layout to devices in your organization.
+Now that you have the JSON, you're ready to deploy your customized Start layout to devices in your organization.
 
 MDM providers can deploy policies to devices managed by the organization, including organization-owned devices, and personal or bring your own device (BYOD).  Using an MDM provider, such as Microsoft Intune, you can deploy a policy that configures the pinned list.
 
@@ -146,7 +139,7 @@ To deploy this policy in Microsoft Intune, the devices must be enrolled in Micro
     - **Description**: Enter a description for the row. This setting is optional, and recommended.
     - **OMA-URI**: Enter `./Vendor/MSFT/Policy/Config/Start/ConfigureStartPins`.
     - **Data type**: Select **String**.
-    - **Value**: Paste the JSON syntax you created or updated in the previous section. For example, enter the following syntax:
+    - **Value**: Paste the JSON you created or updated in the previous section. For example, enter the following text:
 
       ```json
       { 

From 6d409e7688f4d229461d017bad06d6ef1c391c2d Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Wed, 8 Sep 2021 16:30:56 -0400
Subject: [PATCH 256/671] review updates

---
 .../configuration/supported-csp-start-menu-layout-windows.md    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/configuration/supported-csp-start-menu-layout-windows.md b/windows/configuration/supported-csp-start-menu-layout-windows.md
index 34b7121cdb..07bdab824e 100644
--- a/windows/configuration/supported-csp-start-menu-layout-windows.md
+++ b/windows/configuration/supported-csp-start-menu-layout-windows.md
@@ -52,7 +52,7 @@ For more general information, see [Configuration service provider reference](../
 - [Start/NoPinningToTaskbar](../client-management/mdm/policy-csp-start.md#start-nopinningtotaskbar)
 - Start/ShowOrHideMostUsedApps: New policy starting with Windows 11. This policy enforces always showing Most Used Apps, or always hiding Most Used Apps. If you use this policy, the [Start/HideFrequentlyUsedApps](../client-management/mdm/policy-csp-start.md#start-hidefrequentlyusedapps) policy is ignored.
 
-  The [Start/HideFrequentlyUsedApps](../client-management/mdm/policy-csp-start.md#start-hidefrequentlyusedapps) CSP is the previous version of this policy, and is available on Windows 10 and older devices. This policy enforces hiding Most Used Apps. You can't use this policy to enforce always showing Most Used Apps.
+  The [Start/HideFrequentlyUsedApps](../client-management/mdm/policy-csp-start.md#start-hidefrequentlyusedapps) policy enforces hiding Most Used Apps. You can't use this policy to enforce always showing Most Used Apps.
 
 ## Existing CSP policies that Windows 11 doesn't support
 

From 2a36d93435fe4029f01203358e541c695f3fab1f Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 13:40:57 -0700
Subject: [PATCH 257/671] Update mdm-windows.md

---
 windows/security/mdm-windows.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/mdm-windows.md b/windows/security/mdm-windows.md
index da333c0c9c..1ba8b1ff88 100644
--- a/windows/security/mdm-windows.md
+++ b/windows/security/mdm-windows.md
@@ -32,7 +32,7 @@ MDM includes several security features & capabilities, as described in the follo
 | Feature/capability | Description |
 |:---|:---|
 | Remote wipe | When a device is lost or stolen, IT admins can attempt to wipe it remotely and make the data stored in memory and hard disks difficult to recover. Help desk agents can also reset devices to fix issues that are encountered by remote workers.<br/><br/>Windows 10 and Windows 11 supports the remote wipe configuration service provider (CSP) so that MDM solutions can remotely initiate any of the following operations: <br/>- Reset the device and remove user accounts and data <br/>- Reset the device and clean the drive <br/>- Reset the device but persist user accounts and data |
-| Support for your work or school account | Adding a work or school account enables devices to connect to your work environment. You can join the device to an Active Directory domain, an Azure Active Directory (Azure AD) domain, or by quickly provisioning corporate owned devices so they meet the policy and security guidelines for the company. Easily configure the devices with the apps and settings the person needs to do their work through management solutions such as Microsoft Endpoint Manager (MEM). <br/><br/>When a device is joined to Azure AD and managed with MDM, it will bring the following security values: <br/>- Default fully managed user and device settings and policies<br/>- Single Sign On to all Microsoft Online Services<br/>- Full suite of password management capabilities, using Windows Hello For Business<br/>- Authentication uses Tokens<br/>- No use of consumer Microsoft Account identity | 
+| Support for your work or school account | Adding a work or school account enables people to connect their devices to your work environment. Devices can be joined to an Active Directory domain, an Azure Active Directory (Azure AD) domain, or by quickly provisioning corporate-owned devices so they meet your security and policy guidelines. <br/><br/>When a device is joined to Azure AD and managed with MDM, you get teh following security benefits: <br/>- Fully managed user/device settings and policies by default<br/>- Single Sign On to all Microsoft online services<br/>- Password management capabilities (Windows Hello for Business)<br/>- Authentication using tokens<br/>- No use of consumer Microsoft Account identities | 
 | Config Lock |  |
 | Remote device attestation |  |
 | (other stuff coming soon) | Device Installation, DMA Guard, Endpoint Detection and Response, the Microsoft Defender Security Center, Smartscreen, System Guard, and Windows Hello for Business |

From ef784279f138ee03a4121ad42707d7d566e4a633 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 13:53:04 -0700
Subject: [PATCH 258/671] Update mdm-windows.md

---
 windows/security/mdm-windows.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/mdm-windows.md b/windows/security/mdm-windows.md
index 1ba8b1ff88..e938581f41 100644
--- a/windows/security/mdm-windows.md
+++ b/windows/security/mdm-windows.md
@@ -33,8 +33,8 @@ MDM includes several security features & capabilities, as described in the follo
 |:---|:---|
 | Remote wipe | When a device is lost or stolen, IT admins can attempt to wipe it remotely and make the data stored in memory and hard disks difficult to recover. Help desk agents can also reset devices to fix issues that are encountered by remote workers.<br/><br/>Windows 10 and Windows 11 supports the remote wipe configuration service provider (CSP) so that MDM solutions can remotely initiate any of the following operations: <br/>- Reset the device and remove user accounts and data <br/>- Reset the device and clean the drive <br/>- Reset the device but persist user accounts and data |
 | Support for your work or school account | Adding a work or school account enables people to connect their devices to your work environment. Devices can be joined to an Active Directory domain, an Azure Active Directory (Azure AD) domain, or by quickly provisioning corporate-owned devices so they meet your security and policy guidelines. <br/><br/>When a device is joined to Azure AD and managed with MDM, you get teh following security benefits: <br/>- Fully managed user/device settings and policies by default<br/>- Single Sign On to all Microsoft online services<br/>- Password management capabilities (Windows Hello for Business)<br/>- Authentication using tokens<br/>- No use of consumer Microsoft Account identities | 
-| Config Lock |  |
-| Remote device attestation |  |
+| Config Lock | In enterprise organizations, security teams and IT admins typically enforce policies on corporate devices to keep the devices in a compliant state and protect the operating system from changes made by users.<br/><br/>When users who have local admin rights attempt to work around security policies, they run the risk of leaving the device in a non-compliant state. We call this *config drift*. Config drift can introduce security risks until the next time the device syncs with MDM and the configuration is reset. In a worst-case scenario, correcting config drift could take up to eight hours. Many organizations consider config drift a security risk. <br/><br/> Windows 11 with Config Lock enables IT admins to remediate config drift and keep the operating system configuration to the IT desired state on the following feature sets. The operating system monitors the registry keys that configures each feature and when a drift is detected, it will revert back to the IT desired state in seconds. <br/><br/>Config Lock works with Application Control, Application Guard, and BitLocker. |
+| Remote device attestation | Attestation relies on the Trusted Platform Module (TPM) and measured boot capabilities to enhance the security provided by trusted boot. IT Administrators of the attestation service can leverage the information available in the boot to protect themselves from boot level attacks and misconfigurations. An enterprise’s device management operators can rely on Microsoft Azure Attestation service to securely report on the device boot health, firmware security and other low level security features usually used for device compliance. Microsoft Azure Attestation is designed to be policy-configured, giving control of your enterprises device health to the administrator, allowing them to deal with low level threats with confidence. One of the fundamental device management verticals of any enterprise is the security stature of its devices. Windows 11 comes with MDM integration with Microsoft Azure Attestation allowing MDM providers to also leverage the attestation capabilities to trust and enhance the security of a device. |
 | (other stuff coming soon) | Device Installation, DMA Guard, Endpoint Detection and Response, the Microsoft Defender Security Center, Smartscreen, System Guard, and Windows Hello for Business |
 
 ## Support for non-Microsoft MDM servers

From 4923e4027c6858b3b08cf3a3dea3c650ecc2523a Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 14:00:52 -0700
Subject: [PATCH 259/671] Update mdm-windows.md

---
 windows/security/mdm-windows.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/mdm-windows.md b/windows/security/mdm-windows.md
index e938581f41..3d2d701333 100644
--- a/windows/security/mdm-windows.md
+++ b/windows/security/mdm-windows.md
@@ -33,8 +33,8 @@ MDM includes several security features & capabilities, as described in the follo
 |:---|:---|
 | Remote wipe | When a device is lost or stolen, IT admins can attempt to wipe it remotely and make the data stored in memory and hard disks difficult to recover. Help desk agents can also reset devices to fix issues that are encountered by remote workers.<br/><br/>Windows 10 and Windows 11 supports the remote wipe configuration service provider (CSP) so that MDM solutions can remotely initiate any of the following operations: <br/>- Reset the device and remove user accounts and data <br/>- Reset the device and clean the drive <br/>- Reset the device but persist user accounts and data |
 | Support for your work or school account | Adding a work or school account enables people to connect their devices to your work environment. Devices can be joined to an Active Directory domain, an Azure Active Directory (Azure AD) domain, or by quickly provisioning corporate-owned devices so they meet your security and policy guidelines. <br/><br/>When a device is joined to Azure AD and managed with MDM, you get teh following security benefits: <br/>- Fully managed user/device settings and policies by default<br/>- Single Sign On to all Microsoft online services<br/>- Password management capabilities (Windows Hello for Business)<br/>- Authentication using tokens<br/>- No use of consumer Microsoft Account identities | 
-| Config Lock | In enterprise organizations, security teams and IT admins typically enforce policies on corporate devices to keep the devices in a compliant state and protect the operating system from changes made by users.<br/><br/>When users who have local admin rights attempt to work around security policies, they run the risk of leaving the device in a non-compliant state. We call this *config drift*. Config drift can introduce security risks until the next time the device syncs with MDM and the configuration is reset. In a worst-case scenario, correcting config drift could take up to eight hours. Many organizations consider config drift a security risk. <br/><br/> Windows 11 with Config Lock enables IT admins to remediate config drift and keep the operating system configuration to the IT desired state on the following feature sets. The operating system monitors the registry keys that configures each feature and when a drift is detected, it will revert back to the IT desired state in seconds. <br/><br/>Config Lock works with Application Control, Application Guard, and BitLocker. |
-| Remote device attestation | Attestation relies on the Trusted Platform Module (TPM) and measured boot capabilities to enhance the security provided by trusted boot. IT Administrators of the attestation service can leverage the information available in the boot to protect themselves from boot level attacks and misconfigurations. An enterprise’s device management operators can rely on Microsoft Azure Attestation service to securely report on the device boot health, firmware security and other low level security features usually used for device compliance. Microsoft Azure Attestation is designed to be policy-configured, giving control of your enterprises device health to the administrator, allowing them to deal with low level threats with confidence. One of the fundamental device management verticals of any enterprise is the security stature of its devices. Windows 11 comes with MDM integration with Microsoft Azure Attestation allowing MDM providers to also leverage the attestation capabilities to trust and enhance the security of a device. |
+| Config Lock | Security teams and IT admins typically enforce policies on corporate devices to keep those devices in a compliant state, and protect the operating system from changes made by users.<br/><br/>When users who have local admin rights attempt to work around security policies, they run the risk of leaving the device in a non-compliant state called *config drift*. Config drift can introduce security risks until the next time the device syncs with MDM and the configuration is reset. In a worst-case scenario, correcting config drift could take up to eight hours. Many organizations consider config drift a security risk. <br/><br/> Windows 11 with Config Lock enables IT admins to remediate config drift and keep the operating system configuration to its proper state. The operating system monitors the registry keys that configures each feature and when a drift is detected, it will revert back to the IT desired state in seconds. <br/><br/>Config Lock works with Application Control, Application Guard, and BitLocker. |
+| Remote device attestation | Attestation relies on the Trusted Platform Module (TPM) and measured boot capabilities to enhance the security provided by trusted boot. IT administrators can use available boot information to protect against boot-level attacks and misconfigurations. The Microsoft Azure Attestation service securely reports on device boot health, firmware security, and other low-level security features usually used for device compliance. Microsoft Azure Attestation is designed to be policy-configured, giving control of your enterprise's device health to the administrator, allowing them to deal with low-level threats with confidence. Windows 11 comes with MDM integration with Microsoft Azure Attestation, allowing MDM providers to use the attestation capabilities to trust and enhance device security. <br/><br/>Learn more about [Microsoft Azure Attestation](/azure/attestation). |
 | (other stuff coming soon) | Device Installation, DMA Guard, Endpoint Detection and Response, the Microsoft Defender Security Center, Smartscreen, System Guard, and Windows Hello for Business |
 
 ## Support for non-Microsoft MDM servers

From c71125c86601deb5278bbdc2172e0c6e97cb165d Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 14:05:36 -0700
Subject: [PATCH 260/671] Update mdm-windows.md

---
 windows/security/mdm-windows.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/mdm-windows.md b/windows/security/mdm-windows.md
index 3d2d701333..356249fc2e 100644
--- a/windows/security/mdm-windows.md
+++ b/windows/security/mdm-windows.md
@@ -32,9 +32,9 @@ MDM includes several security features & capabilities, as described in the follo
 | Feature/capability | Description |
 |:---|:---|
 | Remote wipe | When a device is lost or stolen, IT admins can attempt to wipe it remotely and make the data stored in memory and hard disks difficult to recover. Help desk agents can also reset devices to fix issues that are encountered by remote workers.<br/><br/>Windows 10 and Windows 11 supports the remote wipe configuration service provider (CSP) so that MDM solutions can remotely initiate any of the following operations: <br/>- Reset the device and remove user accounts and data <br/>- Reset the device and clean the drive <br/>- Reset the device but persist user accounts and data |
-| Support for your work or school account | Adding a work or school account enables people to connect their devices to your work environment. Devices can be joined to an Active Directory domain, an Azure Active Directory (Azure AD) domain, or by quickly provisioning corporate-owned devices so they meet your security and policy guidelines. <br/><br/>When a device is joined to Azure AD and managed with MDM, you get teh following security benefits: <br/>- Fully managed user/device settings and policies by default<br/>- Single Sign On to all Microsoft online services<br/>- Password management capabilities (Windows Hello for Business)<br/>- Authentication using tokens<br/>- No use of consumer Microsoft Account identities | 
+| Support for your work or school account | Adding a work or school account enables people to connect their devices to your work environment. Devices can be joined to an Active Directory domain, an Azure Active Directory (Azure AD) domain, or by quickly provisioning corporate-owned devices so they meet your security and policy guidelines. <br/><br/>When a device is joined to Azure AD and managed with MDM, you get the following security benefits: <br/>- Fully managed user/device settings and policies by default<br/>- Single Sign On to all Microsoft online services<br/>- Password management capabilities (Windows Hello for Business)<br/>- Authentication using tokens<br/>- No use of consumer Microsoft Account identities | 
 | Config Lock | Security teams and IT admins typically enforce policies on corporate devices to keep those devices in a compliant state, and protect the operating system from changes made by users.<br/><br/>When users who have local admin rights attempt to work around security policies, they run the risk of leaving the device in a non-compliant state called *config drift*. Config drift can introduce security risks until the next time the device syncs with MDM and the configuration is reset. In a worst-case scenario, correcting config drift could take up to eight hours. Many organizations consider config drift a security risk. <br/><br/> Windows 11 with Config Lock enables IT admins to remediate config drift and keep the operating system configuration to its proper state. The operating system monitors the registry keys that configures each feature and when a drift is detected, it will revert back to the IT desired state in seconds. <br/><br/>Config Lock works with Application Control, Application Guard, and BitLocker. |
-| Remote device attestation | Attestation relies on the Trusted Platform Module (TPM) and measured boot capabilities to enhance the security provided by trusted boot. IT administrators can use available boot information to protect against boot-level attacks and misconfigurations. The Microsoft Azure Attestation service securely reports on device boot health, firmware security, and other low-level security features usually used for device compliance. Microsoft Azure Attestation is designed to be policy-configured, giving control of your enterprise's device health to the administrator, allowing them to deal with low-level threats with confidence. Windows 11 comes with MDM integration with Microsoft Azure Attestation, allowing MDM providers to use the attestation capabilities to trust and enhance device security. <br/><br/>Learn more about [Microsoft Azure Attestation](/azure/attestation). |
+| Remote device attestation | Attestation relies on the Trusted Platform Module (TPM) and measured boot capabilities to enhance the security provided by trusted boot. IT administrators can use available boot information to protect against boot-level attacks and misconfigurations. The Microsoft Azure Attestation service securely reports on device boot health, firmware security, and other low-level security features used for device compliance. Microsoft Azure Attestation is designed to be policy-configured, giving control of your enterprise's device health to the administrator, allowing them to deal with low-level threats with confidence. Windows 11 comes with MDM integration with Microsoft Azure Attestation, allowing MDM providers to use the attestation capabilities to trust and enhance device security. <br/><br/>Learn more about [Microsoft Azure Attestation](/azure/attestation). |
 | (other stuff coming soon) | Device Installation, DMA Guard, Endpoint Detection and Response, the Microsoft Defender Security Center, Smartscreen, System Guard, and Windows Hello for Business |
 
 ## Support for non-Microsoft MDM servers
@@ -52,7 +52,7 @@ Windows 11 can be configured with the [Microsoft MDM security baseline](/mem/int
 
 The MDM security baseline includes policies that cover the following areas:
 
-- Microsoft inbox security technology (such as BitLocker and Windows Defender SmartScreen), and Virtual-based security ( exploit protection, Microsoft Defender Antivirus, and Windows Defender Firewall)
+- Microsoft inbox security technology (such as BitLocker and Windows Defender SmartScreen), and Virtual-based security (exploit protection, Microsoft Defender Antivirus, and Windows Defender Firewall)
 - Restricting remote access to devices
 - Setting credential requirements for passwords and PINs
 - Restricting the use of legacy technology

From bb962e51002acb34a1c996a78fca520a1c2729c9 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 14:06:19 -0700
Subject: [PATCH 261/671] Update mdm-windows.md

---
 windows/security/mdm-windows.md | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/windows/security/mdm-windows.md b/windows/security/mdm-windows.md
index 356249fc2e..2456527534 100644
--- a/windows/security/mdm-windows.md
+++ b/windows/security/mdm-windows.md
@@ -37,15 +37,6 @@ MDM includes several security features & capabilities, as described in the follo
 | Remote device attestation | Attestation relies on the Trusted Platform Module (TPM) and measured boot capabilities to enhance the security provided by trusted boot. IT administrators can use available boot information to protect against boot-level attacks and misconfigurations. The Microsoft Azure Attestation service securely reports on device boot health, firmware security, and other low-level security features used for device compliance. Microsoft Azure Attestation is designed to be policy-configured, giving control of your enterprise's device health to the administrator, allowing them to deal with low-level threats with confidence. Windows 11 comes with MDM integration with Microsoft Azure Attestation, allowing MDM providers to use the attestation capabilities to trust and enhance device security. <br/><br/>Learn more about [Microsoft Azure Attestation](/azure/attestation). |
 | (other stuff coming soon) | Device Installation, DMA Guard, Endpoint Detection and Response, the Microsoft Defender Security Center, Smartscreen, System Guard, and Windows Hello for Business |
 
-## Support for non-Microsoft MDM servers
-
-Non-Microsoft MDM servers can be used to manage Windows 11 by using industry standard protocols. The built-in management client can communicate with a third-party server proxy that supports the MDM protocols to perform enterprise management tasks. The third-party server will have the same consistent first-party user experience for enrollment, which also provides simplicity for Windows 11 users. MDM servers do not need to create or download a client to manage Windows 11. 
-
-For details about the MDM protocols, the following resources:
-
-- [MS-MDM: Mobile Device Management Protocol](/openspecs/windows_protocols/ms-mdm/33769a92-ac31-47ef-ae7b-dc8501f7104f) 
-- [MS-MDE2: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692)
-
 ## Security baselines
 
 Windows 11 can be configured with the [Microsoft MDM security baseline](/mem/intune/protect/security-baseline-settings-mdm-all?pivots=mdm-december-2020) backed by ADMX policies, which functions like the Microsoft Group Policy security baseline. Security baselines enable security teams and IT admins to easily integrate this baseline into any MDM, addressing security concerns and compliance needs for modern cloud-managed devices.
@@ -57,3 +48,14 @@ The MDM security baseline includes policies that cover the following areas:
 - Setting credential requirements for passwords and PINs
 - Restricting the use of legacy technology
 - Legacy technology policies that offer alternative solutions with modern technology
+
+
+## Support for non-Microsoft MDM servers
+
+Non-Microsoft MDM servers can be used to manage Windows 11 by using industry standard protocols. The built-in management client can communicate with a third-party server proxy that supports the MDM protocols to perform enterprise management tasks. The third-party server will have the same consistent first-party user experience for enrollment, which also provides simplicity for Windows 11 users. MDM servers do not need to create or download a client to manage Windows 11. 
+
+For details about the MDM protocols, the following resources:
+
+- [MS-MDM: Mobile Device Management Protocol](/openspecs/windows_protocols/ms-mdm/33769a92-ac31-47ef-ae7b-dc8501f7104f) 
+- [MS-MDE2: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692)
+

From dcd94f585a0d2b32e728b452e39e87c81e7a37f9 Mon Sep 17 00:00:00 2001
From: Kim Klein <v-kikl@microsoft.com>
Date: Wed, 8 Sep 2021 14:41:45 -0700
Subject: [PATCH 262/671] Removed quotes around the GUID where they weren't
 needed

---
 ...stration-in-windows-defender-application-control-policy.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
index 7515385cee..88be69c40f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
@@ -107,7 +107,7 @@ Level: Error<br/>
 Keywords:<br/>
 User: S-1-5-21-3340858017-3068726007-3466559902-3647<br/>
 Computer: contoso.com<br/>
-Description: "{f8d253d9-89a4-4daa-87b6-1168369f0b21}" was prevented from running due to Config CI policy.<br/>
+Description: {f8d253d9-89a4-4daa-87b6-1168369f0b21} was prevented from running due to Config CI policy.<br/>
 
 Event XML:
 
@@ -131,7 +131,7 @@ Event XML:
   </System>
   <EventData>
     <Data Name="IsApproved">false</Data>
-    <Data Name="CLSID">"{f8d253d9-89a4-4daa-87b6-1168369f0b21}"</Data>
+    <Data Name="CLSID">{f8d253d9-89a4-4daa-87b6-1168369f0b21}</Data>
   </EventData>
 </Event>
 ```

From 333565c8e8d8968889dabc4d37ccddd5ca4912fa Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 15:45:05 -0700
Subject: [PATCH 263/671] Update mdm-windows.md

---
 windows/security/mdm-windows.md | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/windows/security/mdm-windows.md b/windows/security/mdm-windows.md
index 2456527534..f86e30a938 100644
--- a/windows/security/mdm-windows.md
+++ b/windows/security/mdm-windows.md
@@ -18,6 +18,8 @@ f1.keywords: NOCSH
 
 # Modern device management and Windows 11
 
+*This article provides an overview of modern device management and Windows 11.*
+
 Windows 11 supports modern device management (MDM), an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.
 
 Windows 11 includes a management component that includes:
@@ -25,6 +27,8 @@ Windows 11 includes a management component that includes:
 - The enrollment client, which enrolls and configures the endpoint to communicate with the enterprise management server; and
 - The management client, which periodically synchronizes with the management server to check for updates and apply your security team's latest policies.
 
+Read this article to learn more about how Windows 11 works with MDM.
+
 ## MDM features and capabilities
 
 MDM includes several security features & capabilities, as described in the following table:<br/><br/>
@@ -33,7 +37,7 @@ MDM includes several security features & capabilities, as described in the follo
 |:---|:---|
 | Remote wipe | When a device is lost or stolen, IT admins can attempt to wipe it remotely and make the data stored in memory and hard disks difficult to recover. Help desk agents can also reset devices to fix issues that are encountered by remote workers.<br/><br/>Windows 10 and Windows 11 supports the remote wipe configuration service provider (CSP) so that MDM solutions can remotely initiate any of the following operations: <br/>- Reset the device and remove user accounts and data <br/>- Reset the device and clean the drive <br/>- Reset the device but persist user accounts and data |
 | Support for your work or school account | Adding a work or school account enables people to connect their devices to your work environment. Devices can be joined to an Active Directory domain, an Azure Active Directory (Azure AD) domain, or by quickly provisioning corporate-owned devices so they meet your security and policy guidelines. <br/><br/>When a device is joined to Azure AD and managed with MDM, you get the following security benefits: <br/>- Fully managed user/device settings and policies by default<br/>- Single Sign On to all Microsoft online services<br/>- Password management capabilities (Windows Hello for Business)<br/>- Authentication using tokens<br/>- No use of consumer Microsoft Account identities | 
-| Config Lock | Security teams and IT admins typically enforce policies on corporate devices to keep those devices in a compliant state, and protect the operating system from changes made by users.<br/><br/>When users who have local admin rights attempt to work around security policies, they run the risk of leaving the device in a non-compliant state called *config drift*. Config drift can introduce security risks until the next time the device syncs with MDM and the configuration is reset. In a worst-case scenario, correcting config drift could take up to eight hours. Many organizations consider config drift a security risk. <br/><br/> Windows 11 with Config Lock enables IT admins to remediate config drift and keep the operating system configuration to its proper state. The operating system monitors the registry keys that configures each feature and when a drift is detected, it will revert back to the IT desired state in seconds. <br/><br/>Config Lock works with Application Control, Application Guard, and BitLocker. |
+| Config Lock | Security teams and IT admins typically enforce policies on corporate devices to keep those devices in a compliant state, and protect the operating system from changes made by users.<br/><br/>When users who have local admin rights attempt to work around security policies, they run the risk of leaving the device in a non-compliant state called *config drift*. Config drift can introduce security risks until the next time the device syncs with MDM and the configuration is reset. In a worst-case scenario, correcting config drift could take up to eight hours. Many organizations consider config drift a security risk. <br/><br/> Windows 11 with Config Lock enables IT admins to remediate config drift and keep the operating system configuration to its proper state. The operating system monitors registry keys, and when a drift is detected, the operating system reverts back to the IT-configured state within seconds. <br/><br/>Config Lock works with Application Control, Application Guard, and BitLocker. |
 | Remote device attestation | Attestation relies on the Trusted Platform Module (TPM) and measured boot capabilities to enhance the security provided by trusted boot. IT administrators can use available boot information to protect against boot-level attacks and misconfigurations. The Microsoft Azure Attestation service securely reports on device boot health, firmware security, and other low-level security features used for device compliance. Microsoft Azure Attestation is designed to be policy-configured, giving control of your enterprise's device health to the administrator, allowing them to deal with low-level threats with confidence. Windows 11 comes with MDM integration with Microsoft Azure Attestation, allowing MDM providers to use the attestation capabilities to trust and enhance device security. <br/><br/>Learn more about [Microsoft Azure Attestation](/azure/attestation). |
 | (other stuff coming soon) | Device Installation, DMA Guard, Endpoint Detection and Response, the Microsoft Defender Security Center, Smartscreen, System Guard, and Windows Hello for Business |
 
@@ -49,7 +53,6 @@ The MDM security baseline includes policies that cover the following areas:
 - Restricting the use of legacy technology
 - Legacy technology policies that offer alternative solutions with modern technology
 
-
 ## Support for non-Microsoft MDM servers
 
 Non-Microsoft MDM servers can be used to manage Windows 11 by using industry standard protocols. The built-in management client can communicate with a third-party server proxy that supports the MDM protocols to perform enterprise management tasks. The third-party server will have the same consistent first-party user experience for enrollment, which also provides simplicity for Windows 11 users. MDM servers do not need to create or download a client to manage Windows 11. 

From 32c9b1cf0952b95d266dae9457357517ab6ab1d7 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 15:46:27 -0700
Subject: [PATCH 264/671] Update mdm-windows.md

---
 windows/security/mdm-windows.md | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/windows/security/mdm-windows.md b/windows/security/mdm-windows.md
index f86e30a938..93de42d94e 100644
--- a/windows/security/mdm-windows.md
+++ b/windows/security/mdm-windows.md
@@ -47,7 +47,13 @@ Windows 11 can be configured with the [Microsoft MDM security baseline](/mem/int
 
 The MDM security baseline includes policies that cover the following areas:
 
-- Microsoft inbox security technology (such as BitLocker and Windows Defender SmartScreen), and Virtual-based security (exploit protection, Microsoft Defender Antivirus, and Windows Defender Firewall)
+- Microsoft inbox security technology
+    - BitLocker
+    - Windows Defender SmartScreen
+- Virtual-based security
+    - Exploit protection
+    - Microsoft Defender Antivirus
+    - Windows Defender Firewall
 - Restricting remote access to devices
 - Setting credential requirements for passwords and PINs
 - Restricting the use of legacy technology

From 4e9176935966009f25f40131f31e535bc469913c Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 15:51:30 -0700
Subject: [PATCH 265/671] Update index.yml

---
 windows/security/index.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 6f614b438e..0fcb21c951 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -45,8 +45,6 @@ landingContent:
           url: trusted-boot.md
         - text: Encryption and data protection
           url: encryption-data-protection.md
-        - text: Network security
-          url: /windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
         - text: Network security
           url: operating-system.md
         - text: Virus & threat protection

From a076ee6a6fa411bdab66426befbace6796b882d5 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 15:57:48 -0700
Subject: [PATCH 266/671] Update index.yml

---
 windows/security/index.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 0fcb21c951..3b306dfcc8 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -37,7 +37,7 @@ landingContent:
     linkLists:
       - linkListType: overview
         links:
-        - text: Overview of operating system security
+        - text: Operating system security
           url: operating-system.md
       - linkListType: concept
         links:
@@ -46,9 +46,9 @@ landingContent:
         - text: Encryption and data protection
           url: encryption-data-protection.md
         - text: Network security
-          url: operating-system.md
+          url: identity-protection/vpn/vpn-guide.md
         - text: Virus & threat protection
-          url: operating-system.md
+          url: https://docs.microsoft.com/microsoft-365/security/defender-endpoint
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)

From 07360076eea9869d8df4e31fd0a92b195e0d0b9f Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 16:00:47 -0700
Subject: [PATCH 267/671] Update index.yml

---
 windows/security/index.yml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 3b306dfcc8..71c6da2416 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -74,8 +74,13 @@ landingContent:
     linkLists:
       - linkListType: overview
         links:
-        - text: article (change link later, add more)
-          url: /windows/security/threat-protection/windows-security-baselines.md
+        - text: Azure Active Directory
+          url: https://www.microsoft.com/security/business/identity-access-management/azure-active-directory
+        - text: MDM and Windows 11
+          url: mdm-windows.md
+        - text: Your Microsoft Account
+        - text: OneDrive
+        - text: Family safety
 
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb

From 5209b0a013b7814956338394874cabeaf97b93a0 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 16:04:50 -0700
Subject: [PATCH 268/671] cards

---
 windows/security/cloud.md  | 18 ++++++++++++++----
 windows/security/index.yml | 10 +++++++---
 2 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index f167df48d7..c7194406ef 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -2,13 +2,23 @@
 title: Windows and cloud security
 description: Get an overview of cloud services supported in Windows 11
 ms.reviewer: 
-manager: dansimp
-ms.author: dansimp
-ms.prod: w10
+author: denisebmsft
+ms.author: deniseb
+manager: dansimp 
+ms.prod: w11
+audience: ITPro
+ms.topic: conceptual
+ms.date: 09/08/2021
+ms.prod: w11
+ms.localizationpriority: medium
+ms.collection: 
+ms.custom: 
+ms.reviewer: 
+f1.keywords: NOCSH 
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-author: dansimp
+search.appverid: MET150 
 ---
 
 # Windows and cloud security
diff --git a/windows/security/index.yml b/windows/security/index.yml
index 71c6da2416..e121d5124b 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -85,12 +85,16 @@ landingContent:
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)
-  - title: User protection
+  - title: Secured-core and cloud devices
     linkLists:
       - linkListType: overview
         links:
-        - text: article (change link later)
-          url: /windows/security/threat-protection/windows-security-baselines.md
+        - text: Windows 11 secured-core devices
+        - text: Windows 365 Cloud PCs
+        - text: Windows 365 for Business
+        - text: Windows 365 for Enterprise
+        - text: Azure Virtual Desktop
+          
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)

From d6617cb1d320cf60c787500d355b7b0bfd311163 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 16:08:42 -0700
Subject: [PATCH 269/671] Update TOC.yml

---
 windows/security/TOC.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 5e5d767e80..c3103245fe 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -201,7 +201,7 @@
           href: identity-protection/vpn/vpn-office-365-optimization.md
      - name: Windows Defender Firewall
        href: threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
-   - name: Threat protection
+   - name: Virus & threat protection
      items: 
      - name: Microsoft Defender Antivirus
        href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows

From 8cd576544c44d60bba7c7f37a5357ffa7b6c93ac Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 16:11:43 -0700
Subject: [PATCH 270/671] more fixes

---
 windows/security/cloud.md  | 1 -
 windows/security/index.yml | 3 +++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index c7194406ef..45b41e1e1f 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -9,7 +9,6 @@ ms.prod: w11
 audience: ITPro
 ms.topic: conceptual
 ms.date: 09/08/2021
-ms.prod: w11
 ms.localizationpriority: medium
 ms.collection: 
 ms.custom: 
diff --git a/windows/security/index.yml b/windows/security/index.yml
index e121d5124b..3f5829169f 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -79,8 +79,11 @@ landingContent:
         - text: MDM and Windows 11
           url: mdm-windows.md
         - text: Your Microsoft Account
+          url: 
         - text: OneDrive
+          url: 
         - text: Family safety
+          url: 
 
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb

From 2ad69061f52fa21ec75cb49b46ac65d9d578863c Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 16:12:14 -0700
Subject: [PATCH 271/671] Update cloud.md

---
 windows/security/cloud.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index 45b41e1e1f..c8ff9dc957 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -12,7 +12,6 @@ ms.date: 09/08/2021
 ms.localizationpriority: medium
 ms.collection: 
 ms.custom: 
-ms.reviewer: 
 f1.keywords: NOCSH 
 ms.mktglfcycl: deploy
 ms.sitesec: library

From 546f8850d8cd87e3949b0f801e2e004ae085818f Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 16:16:10 -0700
Subject: [PATCH 272/671] Update index.yml

---
 windows/security/index.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 3f5829169f..182f6bf688 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -79,11 +79,11 @@ landingContent:
         - text: MDM and Windows 11
           url: mdm-windows.md
         - text: Your Microsoft Account
-          url: 
+          url: identity-protection/access-control/microsoft-accounts.md
         - text: OneDrive
-          url: 
+          url: https://docs.microsoft.com/onedrive/onedrive
         - text: Family safety
-          url: 
+          url: threat-protection/windows-defender-security-center/wdsc-family-options.md
 
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb

From 90dd8080b6c32dc8531e3df3779171a68bdc772d Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 8 Sep 2021 16:18:24 -0700
Subject: [PATCH 273/671] Update index.yml

---
 windows/security/index.yml | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 182f6bf688..a2b6354f5b 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -92,11 +92,17 @@ landingContent:
     linkLists:
       - linkListType: overview
         links:
-        - text: Windows 11 secured-core devices
-        - text: Windows 365 Cloud PCs
-        - text: Windows 365 for Business
-        - text: Windows 365 for Enterprise
-        - text: Azure Virtual Desktop
+        - text: Windows 11 secured-core devices (change link later)
+          url: https://docs.microsoft.com/windows/whats-new/windows-11
+        - text: Windows 365 Cloud PCs (change link later)
+          url: https://docs.microsoft.com/windows/whats-new/windows-11
+        - text: Windows 365 for Business (change link later)
+          url: https://docs.microsoft.com/windows/whats-new/windows-11
+        - text: Windows 365 for Enterprise (change link later)
+          url: https://docs.microsoft.com/windows/whats-new/windows-11
+        - text: Azure Virtual Desktop (change link later)
+          url: https://docs.microsoft.com/windows/whats-new/windows-11
+
           
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb

From a1cda8fa36ea392d0ea18d69ee435db8dd342d72 Mon Sep 17 00:00:00 2001
From: Rick Munck <33725928+jmunck@users.noreply.github.com>
Date: Wed, 8 Sep 2021 21:55:01 -0500
Subject: [PATCH 274/671] Update security-compliance-toolkit-10.md

Added Server 2022 baseline
---
 .../security/threat-protection/security-compliance-toolkit-10.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/threat-protection/security-compliance-toolkit-10.md b/windows/security/threat-protection/security-compliance-toolkit-10.md
index 2ec5067168..3fe631aa97 100644
--- a/windows/security/threat-protection/security-compliance-toolkit-10.md
+++ b/windows/security/threat-protection/security-compliance-toolkit-10.md
@@ -37,6 +37,7 @@ The Security Compliance Toolkit consists of:
     - Windows 10, Version 1507
 
 - Windows Server security baselines
+    - Windows Server 2022
     - Windows Server 2019
     - Windows Server 2016
     - Windows Server 2012 R2

From 7ae962b5fba949d615df06e981ed24d35faf0245 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Thu, 9 Sep 2021 11:07:34 +0530
Subject: [PATCH 275/671] Updated

---
 .../policy-configuration-service-provider.md  |  11 +
 .../mdm/policy-csp-admx-diskdiagnostic.md     | 204 ++++++++++++++++++
 2 files changed, 215 insertions(+)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md

diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index e3f98b9005..a394943879 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -736,6 +736,17 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
+### ADMX_DiskDiagnostic policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-admx-diskdiagnostic.md#admx-diskdiagnostic-dfdalertpolicy" id="admx-diskdiagnostic-dfdalertpolicy">ADMX_DiskDiagnostic/DfdAlertPolicy</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-diskdiagnostic.md#admx-diskdiagnostic-wdiscenarioexecutionpolicy" id="admx-diskdiagnostic-wdiscenarioexecutionpolicy">ADMX_DiskDiagnostic/WdiScenarioExecutionPolicy</a>
+  </dd>
+</dl>
+
 ### ADMX_DistributedLinkTracking policies  
 
 <dl>
diff --git a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
new file mode 100644
index 0000000000..eecf8264d6
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
@@ -0,0 +1,204 @@
+---
+title: Policy CSP - ADMX_DiskDiagnostic
+description: Policy CSP - ADMX_DiskDiagnostic
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/08/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_DiskDiagnostic
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_DiskDiagnostic policies  
+
+<dl>
+  <dd>
+    <a href="#admx-diskdiagnostic-dfdalertpolicy">ADMX_DiskDiagnostic/DfdAlertPolicy</a>
+  </dd>
+  <dd>
+    <a href="#admx-diskdiagnostic-wdiscenarioexecutionpolicy">ADMX_DiskDiagnostic/WdiScenarioExecutionPolicy</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-diskdiagnostic-dfdalertpolicy"></a>**ADMX_DiskDiagnostic/DfdAlertPolicy**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>No</td>
+    <td>No</td>
+<tr>
+    <td>Business</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting substitutes custom alert text in the disk diagnostic message shown to users when a disk reports a S.M.A.R.T. fault.
+
+- If you enable this policy setting, Windows displays custom alert text in the disk diagnostic message. The custom text may not exceed 512 characters.
+- If you disable or do not configure this policy setting, Windows displays the default alert text in the disk diagnostic message. 
+
+No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately. 
+
+This policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed. 
+The DPS can be configured with the Services snap-in to the Microsoft Management Console.
+
+> [!NOTE]
+> For Windows Server systems, this policy setting applies only if the Desktop Experience optional component is installed and the Remote Desktop Services.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP Friendly name: *Configure custom alert text*
+-   GP name: *DfdAlertPolicy*
+-   GP path: *System\Troubleshooting and Diagnostics\Disk Diagnostic*
+-   GP ADMX file name: *DiskDiagnostic.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-diskdiagnostic-wdiscenarioexecutionpolicy"></a>**ADMX_DiskDiagnostic/WdiScenarioExecutionPolicy**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>No</td>
+    <td>No</td>
+<tr>
+    <td>Business</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting determines the execution level for S.M.A.R.T.-based disk diagnostics. 
+
+Self-Monitoring And Reporting Technology (S.M.A.R.T.) is a standard mechanism for storage devices to report faults to Windows. A disk that reports a S.M.A.R.T. fault may need to be repaired or replaced. The Diagnostic Policy Service (DPS) detects and logs S.M.A.R.T. faults to the event log when they occur.
+  
+- If you enable this policy setting, the DPS also warns users of S.M.A.R.T. faults and guides them through backup and recovery to minimize potential data loss.  
+- If you disable this policy, S.M.A.R.T. faults are still detected and logged, but no corrective action is taken. 
+- If you do not configure this policy setting, the DPS enables S.M.A.R.T. fault resolution by default. This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured.  
+
+No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately. 
+This policy setting takes effect only when the DPS is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console. 
+
+> [!NOTE]
+> For Windows Server systems, this policy setting applies only if the Desktop Experience optional component is installed and the Remote Desktop Services role is not installed.
+			
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP Friendly name: *Configure execution level*
+-   GP name: *WdiScenarioExecutionPolicy*
+-   GP path: *System\Troubleshooting and Diagnostics\Disk Diagnostic*
+-   GP ADMX file name: *DiskDiagnostic.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+> [!NOTE]
+> These policies are for upcoming release.
+
+<!--/Policies-->
+

From aba3cec174bc60c9da8efef4e5242479b755878c Mon Sep 17 00:00:00 2001
From: Ashok Lobo <v-ashoklobo@microsoft.com>
Date: Thu, 9 Sep 2021 11:40:01 +0530
Subject: [PATCH 276/671] Updated as per 5358843-files301to325

---
 windows/security/threat-protection/auditing/event-6281.md   | 6 +-----
 windows/security/threat-protection/auditing/event-6400.md   | 6 +-----
 windows/security/threat-protection/auditing/event-6401.md   | 6 +-----
 windows/security/threat-protection/auditing/event-6402.md   | 6 +-----
 windows/security/threat-protection/auditing/event-6403.md   | 6 +-----
 windows/security/threat-protection/auditing/event-6404.md   | 6 +-----
 windows/security/threat-protection/auditing/event-6405.md   | 6 +-----
 windows/security/threat-protection/auditing/event-6406.md   | 6 +-----
 windows/security/threat-protection/auditing/event-6407.md   | 6 +-----
 windows/security/threat-protection/auditing/event-6408.md   | 6 +-----
 windows/security/threat-protection/auditing/event-6409.md   | 6 +-----
 windows/security/threat-protection/auditing/event-6410.md   | 6 +-----
 windows/security/threat-protection/auditing/event-6416.md   | 6 +-----
 windows/security/threat-protection/auditing/event-6419.md   | 6 +-----
 windows/security/threat-protection/auditing/event-6420.md   | 6 +-----
 windows/security/threat-protection/auditing/event-6421.md   | 6 +-----
 windows/security/threat-protection/auditing/event-6422.md   | 6 +-----
 windows/security/threat-protection/auditing/event-6423.md   | 6 +-----
 windows/security/threat-protection/auditing/event-6424.md   | 6 +-----
 .../auditing/file-system-global-object-access-auditing.md   | 4 +---
 .../auditing/how-to-list-xml-elements-in-eventdata.md       | 4 +---
 .../monitor-central-access-policy-and-rule-definitions.md   | 4 +---
 .../threat-protection/auditing/monitor-claim-types.md       | 4 +---
 .../auditing/monitor-resource-attribute-definitions.md      | 4 +---
 ...ral-access-policies-associated-with-files-and-folders.md | 4 +---
 25 files changed, 25 insertions(+), 113 deletions(-)

diff --git a/windows/security/threat-protection/auditing/event-6281.md b/windows/security/threat-protection/auditing/event-6281.md
index e6ec5bea59..28b9c2e509 100644
--- a/windows/security/threat-protection/auditing/event-6281.md
+++ b/windows/security/threat-protection/auditing/event-6281.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6281(F): Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
- 
 
 The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error.
 
diff --git a/windows/security/threat-protection/auditing/event-6400.md b/windows/security/threat-protection/auditing/event-6400.md
index 511aeb3ae9..214d0c5b93 100644
--- a/windows/security/threat-protection/auditing/event-6400.md
+++ b/windows/security/threat-protection/auditing/event-6400.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6400(-): BranchCache: Received an incorrectly formatted response while discovering availability of content.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 [BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.
 
diff --git a/windows/security/threat-protection/auditing/event-6401.md b/windows/security/threat-protection/auditing/event-6401.md
index 829c3215c9..7ae7c5a3ab 100644
--- a/windows/security/threat-protection/auditing/event-6401.md
+++ b/windows/security/threat-protection/auditing/event-6401.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6401(-): BranchCache: Received invalid data from a peer. Data discarded.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 [BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.
 
diff --git a/windows/security/threat-protection/auditing/event-6402.md b/windows/security/threat-protection/auditing/event-6402.md
index 2aee0f9232..ca0ea21dbe 100644
--- a/windows/security/threat-protection/auditing/event-6402.md
+++ b/windows/security/threat-protection/auditing/event-6402.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6402(-): BranchCache: The message to the hosted cache offering it data is incorrectly formatted.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 [BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.
 
diff --git a/windows/security/threat-protection/auditing/event-6403.md b/windows/security/threat-protection/auditing/event-6403.md
index ec9028c852..dfa11c62ac 100644
--- a/windows/security/threat-protection/auditing/event-6403.md
+++ b/windows/security/threat-protection/auditing/event-6403.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6403(-): BranchCache: The hosted cache sent an incorrectly formatted response to the client.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 [BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.
 
diff --git a/windows/security/threat-protection/auditing/event-6404.md b/windows/security/threat-protection/auditing/event-6404.md
index eaa912b6e3..fb4bccd26f 100644
--- a/windows/security/threat-protection/auditing/event-6404.md
+++ b/windows/security/threat-protection/auditing/event-6404.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6404(-): BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 [BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.
 
diff --git a/windows/security/threat-protection/auditing/event-6405.md b/windows/security/threat-protection/auditing/event-6405.md
index fc188cce3b..557c8ebabe 100644
--- a/windows/security/threat-protection/auditing/event-6405.md
+++ b/windows/security/threat-protection/auditing/event-6405.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6405(-): BranchCache: %2 instance(s) of event id %1 occurred.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 [BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.
 
diff --git a/windows/security/threat-protection/auditing/event-6406.md b/windows/security/threat-protection/auditing/event-6406.md
index 689085b2fd..dbaeb0e873 100644
--- a/windows/security/threat-protection/auditing/event-6406.md
+++ b/windows/security/threat-protection/auditing/event-6406.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6406(-): %1 registered to Windows Firewall to control filtering for the following: %2.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 [BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.
 
diff --git a/windows/security/threat-protection/auditing/event-6407.md b/windows/security/threat-protection/auditing/event-6407.md
index 3273efaba1..28612dacba 100644
--- a/windows/security/threat-protection/auditing/event-6407.md
+++ b/windows/security/threat-protection/auditing/event-6407.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6407(-): 1%.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 [BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.
 
diff --git a/windows/security/threat-protection/auditing/event-6408.md b/windows/security/threat-protection/auditing/event-6408.md
index 7b29a0468c..c36f520a60 100644
--- a/windows/security/threat-protection/auditing/event-6408.md
+++ b/windows/security/threat-protection/auditing/event-6408.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6408(-): Registered product %1 failed and Windows Firewall is now controlling the filtering for %2.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 [BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.
 
diff --git a/windows/security/threat-protection/auditing/event-6409.md b/windows/security/threat-protection/auditing/event-6409.md
index 6855ea810d..1ac08c75f1 100644
--- a/windows/security/threat-protection/auditing/event-6409.md
+++ b/windows/security/threat-protection/auditing/event-6409.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6409(-): BranchCache: A service connection point object could not be parsed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 [BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.
 
diff --git a/windows/security/threat-protection/auditing/event-6410.md b/windows/security/threat-protection/auditing/event-6410.md
index a306a98882..a9f5e5111f 100644
--- a/windows/security/threat-protection/auditing/event-6410.md
+++ b/windows/security/threat-protection/auditing/event-6410.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6410(F): Code integrity determined that a file does not meet the security requirements to load into a process.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 [Code Integrity](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd348642(v=ws.10)) is a feature that improves the security of the operating system by validating the integrity of a driver or system file each time it is loaded into memory. Code Integrity detects whether an unsigned driver or system file is being loaded into the kernel, or whether a system file has been modified by malicious software that is being run by a user account with administrative permissions. On x64-based versions of the operating system, kernel-mode drivers must be digitally signed.
 
diff --git a/windows/security/threat-protection/auditing/event-6416.md b/windows/security/threat-protection/auditing/event-6416.md
index 4b85673aa7..337a5395be 100644
--- a/windows/security/threat-protection/auditing/event-6416.md
+++ b/windows/security/threat-protection/auditing/event-6416.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6416(S): A new external device was recognized by the System.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-6416.png" alt="Event 6416 illustration" width="438" height="598" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-6419.md b/windows/security/threat-protection/auditing/event-6419.md
index 90c145ff77..69a6f30def 100644
--- a/windows/security/threat-protection/auditing/event-6419.md
+++ b/windows/security/threat-protection/auditing/event-6419.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6419(S): A request was made to disable a device.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-6419.png" alt="Event 6419 illustration" width="526" height="682" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-6420.md b/windows/security/threat-protection/auditing/event-6420.md
index 51570d3ab3..3a2dc5c9d9 100644
--- a/windows/security/threat-protection/auditing/event-6420.md
+++ b/windows/security/threat-protection/auditing/event-6420.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6420(S): A device was disabled.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-6420.png" alt="Event 6420 illustration" width="526" height="682" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-6421.md b/windows/security/threat-protection/auditing/event-6421.md
index ef4e0b856f..8ac5372312 100644
--- a/windows/security/threat-protection/auditing/event-6421.md
+++ b/windows/security/threat-protection/auditing/event-6421.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6421(S): A request was made to enable a device.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-6421.png" alt="Event 6421 illustration" width="526" height="682" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-6422.md b/windows/security/threat-protection/auditing/event-6422.md
index 2b2f45d1b8..7e577f25c3 100644
--- a/windows/security/threat-protection/auditing/event-6422.md
+++ b/windows/security/threat-protection/auditing/event-6422.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6422(S): A device was enabled.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-6422.png" alt="Event 6422 illustration" width="526" height="682" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-6423.md b/windows/security/threat-protection/auditing/event-6423.md
index 3332a01011..5f8278b20e 100644
--- a/windows/security/threat-protection/auditing/event-6423.md
+++ b/windows/security/threat-protection/auditing/event-6423.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6423(S): The installation of this device is forbidden by system policy.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-6423.png" alt="Event 6423 illustration" width="526" height="680" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-6424.md b/windows/security/threat-protection/auditing/event-6424.md
index 8ca1ce36d6..ba3fcbffe7 100644
--- a/windows/security/threat-protection/auditing/event-6424.md
+++ b/windows/security/threat-protection/auditing/event-6424.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6424(S): The installation of this device was allowed, after having previously been forbidden by policy.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event occurs rarely, and in some situations may be difficult to reproduce.
 
diff --git a/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md b/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md
index 1093140e38..9c7941df2b 100644
--- a/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md
+++ b/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.technology: mde
 ---
 
 # File System (Global Object Access Auditing)
 
-**Applies to**
--   Windows 10
 
 This topic for the IT professional describes the Advanced Security Audit policy setting, **File System (Global Object Access Auditing)**, which enables you to configure a global system access control list (SACL) on the file system for an entire computer.
 
diff --git a/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md b/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md
index 1efc819647..cc3bf79488 100644
--- a/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md
+++ b/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md
@@ -7,7 +7,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 author: dansimp
-ms.date: 10/22/2018
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,8 +16,6 @@ ms.technology: mde
 
 # How to get a list of XML data name elements in EventData
 
-**Applies to**
--   Windows 10
 
 The Security log uses a manifest where you can get all of the event schema.
 
diff --git a/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md b/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md
index 3c07a1dae0..c446bdec67 100644
--- a/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md
+++ b/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.technology: mde
 ---
 
 # Monitor central access policy and rule definitions
 
-**Applies to**
--   Windows 10
 
 This article for IT professionals describes how to monitor changes to central access policy and central access rule definitions when you use advanced security auditing options to monitor dynamic access control objects.
 
diff --git a/windows/security/threat-protection/auditing/monitor-claim-types.md b/windows/security/threat-protection/auditing/monitor-claim-types.md
index baf7d9e8a7..b9e1ea714f 100644
--- a/windows/security/threat-protection/auditing/monitor-claim-types.md
+++ b/windows/security/threat-protection/auditing/monitor-claim-types.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.technology: mde
 ---
 
 # Monitor claim types
 
-**Applies to**
--   Windows 10
 
 This topic for the IT professional describes how to monitor changes to claim types that are associated with dynamic access control when you are using advanced security auditing options.
 
diff --git a/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md b/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md
index ed4d03037f..791549bb4f 100644
--- a/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md
+++ b/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.technology: mde
 ---
 
 # Monitor resource attribute definitions
 
-**Applies to**
--   Windows 10
 
 This topic for the IT professional describes how to monitor changes to resource attribute definitions when you are using advanced security auditing options to monitor dynamic access control objects.
 Resource attribute definitions define the basic properties of resource attributes, such as what it means for a resource to be defined as “high business value.” Resource attribute definitions are stored in AD DS under the Resource Properties container. Changes to these definitions could significantly change the protections that govern a resource, even if the resource attributes that apply to the resource remain unchanged. Changes can be monitored like any other AD DS object.
diff --git a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md
index f034f7c0fc..ece759aeb6 100644
--- a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md
+++ b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.technology: mde
 ---
 
 # Monitor the central access policies associated with files and folders
 
-**Applies to**
--   Windows 10
 
 This article for IT professionals describes how to monitor changes to the central access policies that are associated with files and folders when you're using advanced security auditing options to monitor dynamic access control objects.
 

From 64a004b6725c82409b78a0e0d29a13143e745550 Mon Sep 17 00:00:00 2001
From: Ashok Lobo <v-ashoklobo@microsoft.com>
Date: Thu, 9 Sep 2021 12:12:20 +0530
Subject: [PATCH 277/671] Updated as per 5358843-files326to336

---
 ...e-central-access-policies-that-apply-on-a-file-server.md | 4 +---
 .../monitor-the-resource-attributes-on-files-and-folders.md | 4 +---
 .../monitor-the-use-of-removable-storage-devices.md         | 4 +---
 .../monitor-user-and-device-claims-during-sign-in.md        | 4 +---
 windows/security/threat-protection/auditing/other-events.md | 6 +-----
 ...anning-and-deploying-advanced-security-audit-policies.md | 4 +---
 .../auditing/registry-global-object-access-auditing.md      | 4 +---
 .../auditing/security-auditing-overview.md                  | 4 +---
 ...ing-options-to-monitor-dynamic-access-control-objects.md | 4 +---
 .../auditing/view-the-security-event-log.md                 | 4 +---
 ...f-windows-support-advanced-audit-policy-configuration.md | 4 +---
 11 files changed, 11 insertions(+), 35 deletions(-)

diff --git a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md
index 12dedf0d60..2d50a5c7db 100644
--- a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md
+++ b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.technology: mde
 ---
 
 # Monitor the central access policies that apply on a file server
 
-**Applies to**
--   Windows 10
 
 This article describes how to monitor changes to the central access policies (CAPs) that apply to a file server when using advanced security auditing options to monitor dynamic access control objects. CAPs are created on a domain controller and then applied to file servers through Group Policy management.
 
diff --git a/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md b/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md
index f1676a1640..f223b3433d 100644
--- a/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md
+++ b/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.technology: mde
 ---
 
 # Monitor the resource attributes on files and folders
 
-**Applies to**
--   Windows 10
 
 This topic for the IT professional describes how to monitor attempts to change settings to the resource attributes on files when you are using advanced security auditing options to monitor dynamic access control objects.
 
diff --git a/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md b/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md
index 04ac1c7929..af897bbd62 100644
--- a/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md
+++ b/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 
+ms.date: 09/09/2021
 ms.technology: mde
 ---
 
 # Monitor the use of removable storage devices
 
-**Applies to**
--   Windows 10
 
 This topic for the IT professional describes how to monitor attempts to use removable storage devices to access network resources. It describes how to use advanced security auditing options to monitor dynamic access control objects.
 
diff --git a/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md b/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md
index edaf8e590f..7f950dd7b1 100644
--- a/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md
+++ b/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.technology: mde
 ---
 
 # Monitor user and device claims during sign-in
 
-**Applies to**
--   Windows 10
 
 This topic for the IT professional describes how to monitor user and device claims that are associated with a user’s security token when you are using advanced security auditing options to monitor dynamic access control objects.
 
diff --git a/windows/security/threat-protection/auditing/other-events.md b/windows/security/threat-protection/auditing/other-events.md
index e74cf80553..a54f6a6f1c 100644
--- a/windows/security/threat-protection/auditing/other-events.md
+++ b/windows/security/threat-protection/auditing/other-events.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: medium
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # Other Events
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Events in this section generate automatically and are enabled by default.
 
diff --git a/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md b/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md
index 068c8792d4..d47efbedbf 100644
--- a/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md
+++ b/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.technology: mde
 ---
 
 # Plan and deploy advanced security audit policies
 
-**Applies to**
--   Windows 10
 
 This article for IT professionals explains the options that security policy planners should consider and the tasks they must complete to deploy an effective security audit policy in a network that includes advanced security audit policies.
 
diff --git a/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md b/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md
index 3c5c1ece1e..a01a3a3514 100644
--- a/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md
+++ b/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.technology: mde
 ---
 
 # Registry (Global Object Access Auditing)
 
-**Applies to**
--   Windows 10
 
 This topic for the IT professional describes the Advanced Security Audit policy setting, **Registry (Global Object Access Auditing)**, which enables you to configure a global system access control list (SACL) on the registry of a computer.
 
diff --git a/windows/security/threat-protection/auditing/security-auditing-overview.md b/windows/security/threat-protection/auditing/security-auditing-overview.md
index ec89d5ef53..fb1184eed7 100644
--- a/windows/security/threat-protection/auditing/security-auditing-overview.md
+++ b/windows/security/threat-protection/auditing/security-auditing-overview.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.technology: mde
 ---
 
 # Security auditing
 
-**Applies to**
--   Windows 10
 
 Topics in this section are for IT professionals and describes the security auditing features in Windows and how your organization can benefit from using these technologies to enhance the security and manageability of your network.
 
diff --git a/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md b/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md
index 6e90c989e0..dd8bb6516d 100644
--- a/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md
+++ b/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.technology: mde
 ---
 
 # Using advanced security auditing options to monitor dynamic access control objects
 
-**Applies to**
--   Windows 10
 
 This guide explains the process of setting up advanced security auditing capabilities that are made possible through settings and events that were introduced in Windows 8 and Windows Server 2012.
 
diff --git a/windows/security/threat-protection/auditing/view-the-security-event-log.md b/windows/security/threat-protection/auditing/view-the-security-event-log.md
index 84a296e182..5b89a3802e 100644
--- a/windows/security/threat-protection/auditing/view-the-security-event-log.md
+++ b/windows/security/threat-protection/auditing/view-the-security-event-log.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.technology: mde
 ---
 
 # View the security event log
 
-**Applies to**
--   Windows 10
 
 The security log records each event as defined by the audit policies you set on each object.
 
diff --git a/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md b/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md
index 4b20841dd8..8e1db3e1b0 100644
--- a/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md
+++ b/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.technology: mde
 ---
 
 # Which editions of Windows support advanced audit policy configuration
 
-**Applies to**
--   Windows 10
 
 Advanced audit policy configuration is supported on all versions of Windows since it was introduced in Windows Vista. 
 There is no difference in security auditing support between 32-bit and 64-bit versions. 

From 87408d21fafb78e486616e2aac62f0a78aeb5d7b Mon Sep 17 00:00:00 2001
From: Meghana Athavale <v-mathavale@microsoft.com>
Date: Thu, 9 Sep 2021 13:57:32 +0530
Subject: [PATCH 278/671] Updated as per feedback

---
 .../tpm/initialize-and-configure-ownership-of-the-tpm.md    | 6 +++---
 .../information-protection/tpm/manage-tpm-lockout.md        | 4 ++--
 .../security/information-protection/tpm/tpm-fundamentals.md | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md b/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
index b309abe563..2cce643c84 100644
--- a/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
+++ b/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
@@ -108,7 +108,7 @@ Membership in the local Administrators group, or equivalent, is the minimum requ
 
 7.  After the PC restarts, your TPM will be automatically prepared for use by Windows.
 
-## <a href="" id="turn-on-or-turn-off"></a>Turn on or turn off the TPM (available only with TPM 1.2 with Windows 10, version 1507 or 1511)
+## <a href="" id="turn-on-or-turn-off"></a>Turn on or turn off the TPM (available only with TPM 1.2 with Windows 10, version 1507 and higher)
 
 Normally, the TPM is turned on as part of the TPM initialization process. You do not normally need to turn the TPM on or off. However, if necessary you can do so by using the TPM MMC.
 
@@ -116,7 +116,7 @@ Normally, the TPM is turned on as part of the TPM initialization process. You do
 
 If you want to use the TPM after you have turned it off, you can use the following procedure to turn on the TPM.
 
-**To turn on the TPM (TPM 1.2 with Windows 10, version 1507 or 1511 only)**
+**To turn on the TPM (TPM 1.2 with Windows 10, version 1507 and higher)**
 
 1.  Open the TPM MMC (tpm.msc).
 
@@ -130,7 +130,7 @@ If you want to use the TPM after you have turned it off, you can use the followi
 
 If you want to stop using the services that are provided by the TPM, you can use the TPM MMC to turn off the TPM.
 
-**To turn off the TPM (TPM 1.2 with Windows 10, version 1507 or 1511 only)**
+**To turn off the TPM (TPM 1.2 with Windows 10, version 1507 and higher)**
 
 1. Open the TPM MMC (tpm.msc).
 
diff --git a/windows/security/information-protection/tpm/manage-tpm-lockout.md b/windows/security/information-protection/tpm/manage-tpm-lockout.md
index 49e541aba5..777005b678 100644
--- a/windows/security/information-protection/tpm/manage-tpm-lockout.md
+++ b/windows/security/information-protection/tpm/manage-tpm-lockout.md
@@ -40,12 +40,12 @@ The industry standards from the Trusted Computing Group (TCG) specify that TPM m
 
 TPM 2.0 devices have standardized lockout behavior which is configured by Windows. TPM 2.0 devices have a maximum count threshold and a healing time. Windows configures the maximum count to be 32 and the healing time to be 10 minutes. This means that every continuous ten minutes of powered on operation without an event which increases the counter will cause the counter to decrease by 1.
 
-If your TPM has entered lockout mode or is responding slowly to commands, you can reset the lockout value by using the following procedures. Resetting the TPM lockout requires the TPM owner’s authorization. This value is no longer retained by default starting with Windows 10 version 1607 or Windows 11.
+If your TPM has entered lockout mode or is responding slowly to commands, you can reset the lockout value by using the following procedures. Resetting the TPM lockout requires the TPM owner’s authorization. This value is no longer retained by default starting with Windows 10 version 1607 and higher.
 
 ## Reset the TPM lockout by using the TPM MMC
 
 > [!NOTE]
-> This procedure is only available if you have configured Windows to retain the TPM Owner Password. By default, this password is not available in Windows 10 starting with version 1607 or Windows 11.
+> This procedure is only available if you have configured Windows to retain the TPM Owner Password. By default, this password is not available in Windows 10 starting with version 1607 and higher.
 
 The following procedure explains the steps to reset the TPM lockout by using the TPM MMC.
 
diff --git a/windows/security/information-protection/tpm/tpm-fundamentals.md b/windows/security/information-protection/tpm/tpm-fundamentals.md
index faf6827fc3..a1f536f4be 100644
--- a/windows/security/information-protection/tpm/tpm-fundamentals.md
+++ b/windows/security/information-protection/tpm/tpm-fundamentals.md
@@ -135,7 +135,7 @@ Increasing the PIN length requires a greater number of guesses for an attacker.
 In that case, the lockout duration between each guess can be shortened to allow legitimate users to retry a failed attempt sooner, while maintaining a similar level of protection.
 
 Beginning with Windows 10, version 1703, the minimum length for the BitLocker PIN was increased to 6 characters to better align with other Windows features that leverage TPM 2.0, including Windows Hello.
-To help organizations with the transition, beginning with Windows 10, version 1709 and Windows 10, version 1703 with the October 2017 [cumulative update](https://support.microsoft.com/help/4018124) installed, and Windows 11, the BitLocker PIN length is 6 characters by default, but it can be reduced to 4 characters.
+To help organizations with the transition, with Windows 10, version 1703 with the October 2017 [cumulative update](https://support.microsoft.com/help/4018124) installed,Windows 10, version 1709 and higher, and Windows 11, the BitLocker PIN length is 6 characters by default, but it can be reduced to 4 characters.
 If the minimum PIN length is reduced from the default of six characters, then the TPM 2.0 lockout period will be extended.
 
 ### TPM-based smart cards

From 32c5c896e9cb292e4abb49cdda2e23096177cd89 Mon Sep 17 00:00:00 2001
From: Meghana Athavale <v-mathavale@microsoft.com>
Date: Thu, 9 Sep 2021 14:17:31 +0530
Subject: [PATCH 279/671] Updated suggestions

---
 .../tpm/initialize-and-configure-ownership-of-the-tpm.md      | 4 ++--
 .../information-protection/tpm/manage-tpm-commands.md         | 2 +-
 .../trusted-platform-module-services-group-policy-settings.md | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md b/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
index 2cce643c84..0fb36c69fe 100644
--- a/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
+++ b/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
@@ -33,7 +33,7 @@ With TPM 1.2 and Windows 10, version 1507 or 1511, or Windows 11, you can also t
 
 -   [Turn on or turn off the TPM](#turn-on-or-turn-off)
 
-For information about the TPM cmdlets, see [TPM Cmdlets in Windows PowerShell](/powershell/module/trustedplatformmodule/?view=win10-ps &preserve-view=true).
+For information about the TPM cmdlets, see [TPM Cmdlets in Windows PowerShell](/powershell/module/trustedplatformmodule/?view=win10-ps&preserve-view=true).
 
 ## About TPM initialization and ownership
 
@@ -146,7 +146,7 @@ If you want to stop using the services that are provided by the TPM, you can use
   
 ## Use the TPM cmdlets
 
-You can manage the TPM using Windows PowerShell. For details, see [TPM Cmdlets in Windows PowerShell](/powershell/module/trustedplatformmodule/?view=win10-ps &preserve-view=true).
+You can manage the TPM using Windows PowerShell. For details, see [TPM Cmdlets in Windows PowerShell](/powershell/module/trustedplatformmodule/?view=win10-ps&preserve-view=true).
 
 ## Related topics
 
diff --git a/windows/security/information-protection/tpm/manage-tpm-commands.md b/windows/security/information-protection/tpm/manage-tpm-commands.md
index ddc7cd93d0..23fb8a8789 100644
--- a/windows/security/information-protection/tpm/manage-tpm-commands.md
+++ b/windows/security/information-protection/tpm/manage-tpm-commands.md
@@ -79,7 +79,7 @@ The following procedures describe how to manage the TPM command lists. You must
 
 ## Use the TPM cmdlets
 
-You can manage the TPM using Windows PowerShell. For details, see [TrustedPlatformModule PowerShell cmdlets](/powershell/module/trustedplatformmodule/?view=win10-ps &preserve-view=true).
+You can manage the TPM using Windows PowerShell. For details, see [TrustedPlatformModule PowerShell cmdlets](/powershell/module/trustedplatformmodule/?view=win10-ps&preserve-view=true).
 
 ## Related topics
 
diff --git a/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md b/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
index 13b87d24b2..0ae9cb6622 100644
--- a/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
+++ b/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
@@ -146,5 +146,5 @@ If you don't want users to see the recommendation to update TPM firmware, you ca
 ## Related topics
 
 - [Trusted Platform Module](trusted-platform-module-top-node.md) 
-- [TPM Cmdlets in Windows PowerShell](/powershell/module/trustedplatformmodule/?view=win10-ps &preserve-view=true)
+- [TPM Cmdlets in Windows PowerShell](/powershell/module/trustedplatformmodule/?view=win10-ps&preserve-view=true)
 - [Prepare your organization for BitLocker: Planning and Policies - TPM configurations](../bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md)
\ No newline at end of file

From 5c827349602dd50932ae91b533329359de75c654 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Thu, 9 Sep 2021 15:01:01 +0530
Subject: [PATCH 280/671] Updated

---
 .../mdm/policies-in-policy-csp-admx-backed.md                 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index cb9e4b2fbd..b5ce749a5a 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -121,8 +121,8 @@ ms.date: 10/08/2020
 - [ADMX_CtrlAltDel/DisableTaskMgr](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disabletaskmgr)
 - [ADMX_CtrlAltDel/NoLogoff](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-nologoff)
 - [ADMX_DataCollection/CommercialIdPolicy](./policy-csp-admx-datacollection.md#admx-datacollection-commercialidpolicy)
-- [ADMX_DCOM/DCOMActivationSecurityCheckAllowLocalList](./policy-csp-admx-dcom-dcomactivationsecuritycheckallowlocallist)
-- [ADMX_DCOM/DCOMActivationSecurityCheckExemptionList](./policy-csp-admx-dcom-dcomactivationsecuritycheckexemptionlist)
+- [ADMX_DCOM/DCOMActivationSecurityCheckAllowLocalList](./policy-csp-admx-dcom.md#admx-dcomactivationsecuritycheckallowlocallist)
+- [ADMX_DCOM/DCOMActivationSecurityCheckExemptionList](./policy-csp-admx-dcom.md#admx-dcomactivationsecuritycheckexemptionlist)
 - [ADMX_Desktop/AD_EnableFilter](./policy-csp-admx-desktop.md#admx-desktop-ad-enablefilter)
 - [ADMX_Desktop/AD_HideDirectoryFolder](./policy-csp-admx-desktop.md#admx-desktop-ad-hidedirectoryfolder)
 - [ADMX_Desktop/AD_QueryLimit](./policy-csp-admx-desktop.md#admx-desktop-ad-querylimit)

From febd0ebc22a3287f109e89a8eba7d7536112696a Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Thu, 9 Sep 2021 08:07:49 -0400
Subject: [PATCH 281/671] saving changes

---
 .../customize-taskbar-windows-11.md           | 14 +++----
 .../supported-csp-taskbar-windows.md          | 38 +++++++++++++++++++
 2 files changed, 45 insertions(+), 7 deletions(-)
 create mode 100644 windows/configuration/supported-csp-taskbar-windows.md

diff --git a/windows/configuration/customize-taskbar-windows-11.md b/windows/configuration/customize-taskbar-windows-11.md
index eff027de9b..9cc1f10e7a 100644
--- a/windows/configuration/customize-taskbar-windows-11.md
+++ b/windows/configuration/customize-taskbar-windows-11.md
@@ -4,7 +4,7 @@ description: On Windows 11 devices devices, iin additional apps to the taskbar a
 ms.assetid: 
 manager: dougeby
 ms.author: mandia
-ms.reviewer: 
+ms.reviewer: chataylo
 ms.prod: w11
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -22,9 +22,9 @@ ms.localizationpriority: medium
 
 > **Looking for OEM information?** See [Customize the Taskbar](/windows-hardware/customize/desktop/customize-the-windows-11-taskbar) and [Customize the Start layout](/windows-hardware/customize/desktop/customize-the-windows-11-start-menu).
 
-On Windows 11 devices, you can pin apps you want to the taskbar. Use this feature if your organization uses a common set of apps, and or wants to bring attention to specific apps. You can also remove the default pinned apps.
+Your organization can deploy a customized taskbar to your Windows 11 devices. Customizing the taskbar is common when your organization uses a common set of apps, or wants to bring attention to specific apps. You can also remove the default pinned apps.
 
-For example, you can override the default set of apps with your own a set of pinned apps, and in the order you choose. As an administrator, use this feature to pin Win32 apps, remove default pinned apps, order the apps, and more.
+For example, you can override the default set of apps with your own a set of pinned apps, and in the order you choose. As an administrator, use this feature to pin apps, remove default pinned apps, order the apps, and more on the taskbar.
 
 To add apps you want pinned to the taskbar, you use an XML file. You can use an existing XML file, or create a new file. If you have an XML file that's used on Windows 10 devices, you can also use it on Windows 11 devices. You may have to update the App IDs.
 
@@ -134,7 +134,7 @@ This article shows you how to create the XML file, add apps to the XML, and depl
 
 ## Use Group Policy or MDM to create and deploy a taskbar policy
 
-Now that you have the XML file with your customized task bar, you're ready to deploy it to devices in your organization. You can deploy your taskbar XML file using Group Policy, or using an MDM provider, like Microsoft Intune.
+Now that you have the XML file with your customized taskbar, you're ready to deploy it to devices in your organization. You can deploy your taskbar XML file using Group Policy, or using an MDM provider, like Microsoft Intune.
 
 This section shows you how to deploy the XML both ways.
 
@@ -148,9 +148,9 @@ Use the following steps to add your XML file to a group policy, and apply the po
     - `Computer Configuration\Administrative Templates\Start Menu and Taskbar\Start Layout`
     - `User Configuration\Administrative Templates\Start Menu and Taskbar\Start Layout`
 
-3. Double-select `Start Layout` > **Enable**. Enter the fully qualified path to your XML file, including the XML file name. You can enter a local path, like `C:\StartLayouts\CustomTaskbar.xml`, or a network path, like `\\Server\Share\CustomTaskbar.xml`. If the file isn't available when the user signs in, then the taskbar isn't changed. Users can't customize the taskbar when this setting is enabled. If using a network share, be sure to give users read access to the XML file.
+3. Double-select `Start Layout` > **Enable**. Enter the fully qualified path to your XML file, including the XML file name. You can enter a local path, like `C:\StartLayouts\CustomTaskbar.xml`, or a network path, like `\\Server\Share\CustomTaskbar.xml`. If using a network share, be sure to give users read access to the XML file. If the file isn't available when the user signs in, then the taskbar isn't changed. Users can't customize the taskbar when this setting is enabled.
 
-    You policy looks like the following policy:
+    Your policy looks like the following policy:
 
     :::image type="content" source="./images/customize-taskbar-windows-11/start-layout-group-policy.png" alt-text="Add your taskbar layout XML file to the Start Layout policy on Windows devices.":::
 
@@ -186,7 +186,7 @@ Use the following steps to create an Intune policy that deploys your taskbar XML
 
 7. Select **Next**, and configure the rest of the policy settings. For more specific information, see [Configure device restriction settings in Microsoft Intune](/mem/intune/configuration/device-restrictions-configure).
 
-8. When the policy is created, you can deploy it now, or deploy it later. Since this policy is a customized taskbar, the policy can also be deployed before users sign in the first time. 
+8. When the policy is created, you can deploy it now, or deploy it later. Since this policy is a customized taskbar, the policy can also be deployed before users sign in the first time.
 
     For more information and guidance on assigning policies using Microsoft Intune, see [Assign user and device profiles in Microsoft Intune](/mem/intune/configuration/device-profile-assign).
 
diff --git a/windows/configuration/supported-csp-taskbar-windows.md b/windows/configuration/supported-csp-taskbar-windows.md
new file mode 100644
index 0000000000..960917e21f
--- /dev/null
+++ b/windows/configuration/supported-csp-taskbar-windows.md
@@ -0,0 +1,38 @@
+---
+title: Configure and customize Windows 11 taskbar | Microsoft Docs
+description: On Windows 11 devices devices, iin additional apps to the taskbar and remove default pinned apps from the taskbar by adding a section to a layout modification XML file. 
+ms.assetid: 
+manager: dougeby
+ms.author: mandia
+ms.reviewer: chataylo
+ms.prod: w11
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: mobile
+author: MandiOhlinger
+ms.date: 09/08/2021
+ms.localizationpriority: medium
+---
+
+# Supported configuration service provider (CSP) policies for Windows 11 taskbar
+
+**Applies to**:
+
+- Windows 11
+
+
+- [Start/HideRecentJumplists CSP](../client-management/mdm/policy-csp-start.md#start-hiderecentjumplists)
+  - Group policy: User Configuration\Administrative Templates\Start Menu and Taskbar\Do not keep history of recently opened documents
+  - Local setting: Settings > Personalization > Start > Show recently opened items in Jump Lists on Start or the taskbar
+
+
+All settings
+
+Group policy: User Configuration\Administrative Templates\Prevent changes to Taskbar and Start Menu Settings
+Local setting: None
+
+
+Taskbar
+
+Local setting: None
+MDM policy: Start/NoPinningToTaskbar

From ba7e9dcda9768ad0db48c75cba8d7113df08f54b Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Thu, 9 Sep 2021 08:24:41 -0400
Subject: [PATCH 282/671] Changed local links to site links

---
 windows/configuration/TOC.yml                 |  2 +-
 ...supported-csp-start-menu-layout-windows.md | 62 +++++++++----------
 .../use-json-customize-start-menu-windows.md  | 12 ++--
 3 files changed, 38 insertions(+), 38 deletions(-)

diff --git a/windows/configuration/TOC.yml b/windows/configuration/TOC.yml
index b1675f73ae..d5ce0457f4 100644
--- a/windows/configuration/TOC.yml
+++ b/windows/configuration/TOC.yml
@@ -4,7 +4,7 @@
   items:
     - name: Windows 11
       items:
-        - name: Start layout
+        - name: Start menu layout
           href: use-json-customize-start-menu-windows.md
         - name: Supported Start menu CSPs
           href: supported-csp-start-menu-layout-windows.md
diff --git a/windows/configuration/supported-csp-start-menu-layout-windows.md b/windows/configuration/supported-csp-start-menu-layout-windows.md
index 07bdab824e..6a3d62ba5f 100644
--- a/windows/configuration/supported-csp-start-menu-layout-windows.md
+++ b/windows/configuration/supported-csp-start-menu-layout-windows.md
@@ -10,7 +10,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mobile
 author: MandiOhlinger
-ms.date: 09/08/2021
+ms.date: 09/09/2021
 ms.localizationpriority: medium
 ---
 
@@ -22,41 +22,41 @@ ms.localizationpriority: medium
 
 The Windows OS exposes CSPs that are used by MDM providers, like [Microsoft Endpoint Manager](/mem/endpoint-manager-overview). In an MDM policy, these CSPs are settings that you configure in a policy. When the policy is ready, you deploy the policy to your devices.
 
-This article lists the CSPs that are available to customize the Start menu for Windows 11 devices. Windows 11 uses the [Policy CSP - Start](../client-management/mdm/policy-csp-start.md).
+This article lists the CSPs that are available to customize the Start menu for Windows 11 devices. Windows 11 uses the [Policy CSP - Start](/windows/client-management/mdm/policy-csp-start).
 
-For more general information, see [Configuration service provider reference](../client-management/mdm/configuration-service-provider-reference.md).
+For more general information, see [Configuration service provider (CSP) reference](/windows/client-management/mdm/configuration-service-provider-reference).
 
 ## Existing Windows CSP policies that Windows 11 supports
 
-- [Start/AllowPinnedFolderDocuments](../client-management/mdm/policy-csp-start.md#start-allowpinnedfolderdocuments)
-- [Start/AllowPinnedFolderDownloads](../client-management/mdm/policy-csp-start.md#start-allowpinnedfolderfileexplorer)
-- [Start/AllowPinnedFolderFileExplorer](../client-management/mdm/policy-csp-start.md#start-allowpinnedfolderhomegroup)
-- [Start/AllowPinnedFolderHomeGroup](../client-management/mdm/policy-csp-start.md#start-allowpinnedfolderhomegroup)
-- [Start/AllowPinnedFolderMusic](../client-management/mdm/policy-csp-start.md#start-allowpinnedfoldermusic)
-- [Start/AllowPinnedFolderNetwork](../client-management/mdm/policy-csp-start.md#start-allowpinnedfoldernetwork)
-- [Start/AllowPinnedFolderPersonalFolder](../client-management/mdm/policy-csp-start.md#start-allowpinnedfolderpersonalfolder)
-- [Start/AllowPinnedFolderPictures](../client-management/mdm/policy-csp-start.md#start-allowpinnedfolderpictures)
-- [Start/AllowPinnedFolderSettings](../client-management/mdm/policy-csp-start.md#start-allowpinnedfoldersettings)
-- [Start/AllowPinnedFolderVideos](../client-management/mdm/policy-csp-start.md#start-allowpinnedfoldervideos)
-- [Start/HideChangeAccountSettings](../client-management/mdm/policy-csp-start.md#start-hidechangeaccountsettings)
-- [Start/HideHibernate](../client-management/mdm/policy-csp-start.md#start-hidehibernate)
-- [Start/HideLock](../client-management/mdm/policy-csp-start.md#start-hidelock)
-- [Start/HidePowerButton](../client-management/mdm/policy-csp-start.md#start-hidepowerbutton)
-- [Start/HideRestart](../client-management/mdm/policy-csp-start.md#start-hiderestart)
-- [Start/HideShutDown](../client-management/mdm/policy-csp-start.md#start-hideshutdown)
-- [Start/HideSignOut](../client-management/mdm/policy-csp-start.md#start-hidesignout)
-- [Start/HideSleep](../client-management/mdm/policy-csp-start.md#start-hidesleep)
-- [Start/HideSwitchAccount](../client-management/mdm/policy-csp-start.md#start-hideswitchaccount)
-- [Start/HideUserTile](../client-management/mdm/policy-csp-start.md#start-hideusertile)
-- [Start/HideRecentJumplists](../client-management/mdm/policy-csp-start.md#start-hiderecentjumplists)
-- [Start/NoPinningToTaskbar](../client-management/mdm/policy-csp-start.md#start-nopinningtotaskbar)
-- Start/ShowOrHideMostUsedApps: New policy starting with Windows 11. This policy enforces always showing Most Used Apps, or always hiding Most Used Apps. If you use this policy, the [Start/HideFrequentlyUsedApps](../client-management/mdm/policy-csp-start.md#start-hidefrequentlyusedapps) policy is ignored.
+- [Start/AllowPinnedFolderDocuments](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderdocuments)
+- [Start/AllowPinnedFolderDownloads](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderfileexplorer)
+- [Start/AllowPinnedFolderFileExplorer](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderhomegroup)
+- [Start/AllowPinnedFolderHomeGroup](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderhomegroup)
+- [Start/AllowPinnedFolderMusic](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldermusic)
+- [Start/AllowPinnedFolderNetwork](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldernetwork)
+- [Start/AllowPinnedFolderPersonalFolder](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderpersonalfolder)
+- [Start/AllowPinnedFolderPictures](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderpictures)
+- [Start/AllowPinnedFolderSettings](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldersettings)
+- [Start/AllowPinnedFolderVideos](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldervideos)
+- [Start/HideChangeAccountSettings](/windows/client-management/mdm/policy-csp-start#start-hidechangeaccountsettings)
+- [Start/HideHibernate](/windows/client-management/mdm/policy-csp-start#start-hidehibernate)
+- [Start/HideLock](/windows/client-management/mdm/policy-csp-start#start-hidelock)
+- [Start/HidePowerButton](/windows/client-management/mdm/policy-csp-start#start-hidepowerbutton)
+- [Start/HideRestart](/windows/client-management/mdm/policy-csp-start#start-hiderestart)
+- [Start/HideShutDown](/windows/client-management/mdm/policy-csp-start#start-hideshutdown)
+- [Start/HideSignOut](/windows/client-management/mdm/policy-csp-start#start-hidesignout)
+- [Start/HideSleep](/windows/client-management/mdm/policy-csp-start#start-hidesleep)
+- [Start/HideSwitchAccount](/windows/client-management/mdm/policy-csp-start#start-hideswitchaccount)
+- [Start/HideUserTile](/windows/client-management/mdm/policy-csp-start#start-hideusertile)
+- [Start/HideRecentJumplists](/windows/client-management/mdm/policy-csp-start#start-hiderecentjumplists)
+- [Start/NoPinningToTaskbar](/windows/client-management/mdm/policy-csp-start#start-nopinningtotaskbar)
+- **Start/ShowOrHideMostUsedApps**: New policy starting with Windows 11. This policy enforces always showing Most Used Apps, or always hiding Most Used Apps in the Start menu. If you use this policy, the [Start/HideFrequentlyUsedApps](/windows/client-management/mdm/policy-csp-start#start-hidefrequentlyusedapps) policy is ignored.
 
-  The [Start/HideFrequentlyUsedApps](../client-management/mdm/policy-csp-start.md#start-hidefrequentlyusedapps) policy enforces hiding Most Used Apps. You can't use this policy to enforce always showing Most Used Apps.
+  The [Start/HideFrequentlyUsedApps](/windows/client-management/mdm/policy-csp-start#start-hidefrequentlyusedapps) policy enforces hiding Most Used Apps on the Start menu. You can't use this policy to enforce always showing Most Used Apps on the Start menu.
 
 ## Existing CSP policies that Windows 11 doesn't support
 
-- [Start/StartLayout](../client-management/mdm/policy-csp-start.md#start-startlayout)
-- [Start/HideRecentlyAddedApps](../client-management/mdm/policy-csp-start.md#start-hiderecentlyaddedapps)
-- [Start/HideAppList](../client-management/mdm/policy-csp-start.md#start-hideapplist)
-- [Start/DisableContextMenus](../client-management/mdm/policy-csp-start.md#start-disablecontextmenus)
+- [Start/StartLayout](/windows/client-management/mdm/policy-csp-start#start-startlayout)
+- [Start/HideRecentlyAddedApps](/windows/client-management/mdm/policy-csp-start#start-hiderecentlyaddedapps)
+- [Start/HideAppList](/windows/client-management/mdm/policy-csp-start#start-hideapplist)
+- [Start/DisableContextMenus](/windows/client-management/mdm/policy-csp-start#start-disablecontextmenus)
diff --git a/windows/configuration/use-json-customize-start-menu-windows.md b/windows/configuration/use-json-customize-start-menu-windows.md
index 1456952c66..90db044f87 100644
--- a/windows/configuration/use-json-customize-start-menu-windows.md
+++ b/windows/configuration/use-json-customize-start-menu-windows.md
@@ -10,7 +10,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mobile
 author: MandiOhlinger
-ms.date: 09/08/2021
+ms.date: 09/09/2021
 ms.localizationpriority: medium
 ---
 
@@ -55,9 +55,9 @@ Start has the following areas:
   This article shows you how to use the **ConfigureStartPins** policy.
 
 - **All apps**: Users select this option to see an alphabetical list of all the apps on the device. This section can't be customized using the JSON file. You can use the `Start/ShowOrHideMostUsedApps` CSP, which is a new policy available in Windows 11.
-- **Recommended**: Shows recently opened files and recently installed apps. This section can't be customized using the JSON file. To prevent files from showing in this section, you can use the [Start/HideRecentJumplists CSP](../client-management/mdm/policy-csp-start.md#start-hiderecentjumplists). This CSP also hides recent files that show from the taskbar.
+- **Recommended**: Shows recently opened files and recently installed apps. This section can't be customized using the JSON file. To prevent files from showing in this section, you can use the [Start/HideRecentJumplists CSP](/windows/client-management/mdm/policy-csp-start#start-hiderecentjumplists). This CSP also hides recent files that show from the taskbar.
 
-  You can use an MDM provider, like Microsoft Intune, to manage the `Start/HideRecentJumplists` CSP on your devices. For more information on the Start menu settings you can configure in a Microsoft Intune policy, see [Windows 10 (and later) device settings to allow or restrict features using Intune](/mem/intune/configuration/device-restrictions-windows-10#start).
+  You can use an MDM provider, like Microsoft Intune, to manage the [Start/HideRecentJumplists CSP](/windows/client-management/mdm/policy-csp-start#start-hiderecentjumplists) on your devices. For more information on the Start menu settings you can configure in a Microsoft Intune policy, see [Windows 10 (and later) device settings to allow or restrict features using Intune](/mem/intune/configuration/device-restrictions-windows-10#start).
 
 ## Create the JSON file
 
@@ -82,7 +82,7 @@ If you're familiar with creating JSON files, you can create your own `LayoutModi
 
 ### Get the pinnedList JSON
 
-1. Open the `LayoutModification.json` file in a JSON editor, such as Visual Studio Code or the Notepad app. For more information, see [edit JSON with Visual Studio Code](https://code.visualstudio.com/docs/languages/json).
+1. Open the `LayoutModification.json` file in a JSON editor, such as Visual Studio Code or Notepad. For more information, see [edit JSON with Visual Studio Code](https://code.visualstudio.com/docs/languages/json).
 2. In the file, you see the `pinnedList` section. This section includes all the apps that are pinned. Copy the `pinnedList` content in the JSON file. You'll use it in the next section.
 
     In the following example, you see that Microsoft Edge, Microsoft Word, the Microsoft Store app, and Notepad are pinned:
@@ -98,7 +98,7 @@ If you're familiar with creating JSON files, you can create your own `LayoutModi
     } 
     ```
 
-3. Starting with Windows 11, the **ConfigureStartPins** policy is available. This policy uses the LayoutModification.json file to add apps to the Pinned section. In your JSON file, you can add more apps to this section using the following keys:
+3. Starting with Windows 11, the **ConfigureStartPins** policy is available. This policy uses the `LayoutModification.json` file to add apps to the Pinned section. In your JSON file, you can add more apps to this section using the following keys:
 
     ---
     | Key | Description |
@@ -109,7 +109,7 @@ If you're familiar with creating JSON files, you can create your own `LayoutModi
 
 ## Use MDM to create and deploy a pinned list policy
 
-Now that you have the JSON, you're ready to deploy your customized Start layout to devices in your organization.
+Now that you have the JSON syntax, you're ready to deploy your customized Start layout to devices in your organization.
 
 MDM providers can deploy policies to devices managed by the organization, including organization-owned devices, and personal or bring your own device (BYOD).  Using an MDM provider, such as Microsoft Intune, you can deploy a policy that configures the pinned list.
 

From 6f64bc5651706a553acc637c85cc3e35edcda1de Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Thu, 9 Sep 2021 20:59:25 +0530
Subject: [PATCH 283/671] Updated

---
 .../mdm/policies-in-policy-csp-admx-backed.md                 | 4 ++--
 windows/client-management/mdm/policy-csp-admx-admpwd.md       | 4 +++-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index b5ce749a5a..c4eba79f3d 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -121,8 +121,8 @@ ms.date: 10/08/2020
 - [ADMX_CtrlAltDel/DisableTaskMgr](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disabletaskmgr)
 - [ADMX_CtrlAltDel/NoLogoff](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-nologoff)
 - [ADMX_DataCollection/CommercialIdPolicy](./policy-csp-admx-datacollection.md#admx-datacollection-commercialidpolicy)
-- [ADMX_DCOM/DCOMActivationSecurityCheckAllowLocalList](./policy-csp-admx-dcom.md#admx-dcomactivationsecuritycheckallowlocallist)
-- [ADMX_DCOM/DCOMActivationSecurityCheckExemptionList](./policy-csp-admx-dcom.md#admx-dcomactivationsecuritycheckexemptionlist)
+- [ADMX_DCOM/DCOMActivationSecurityCheckAllowLocalList](./policy-csp-admx-dcom.md#admx-dcom-dcomactivationsecuritycheckallowlocallist)
+- [ADMX_DCOM/DCOMActivationSecurityCheckExemptionList](./policy-csp-admx-dcom.md#admx-dcom-dcomactivationsecuritycheckexemptionlist)
 - [ADMX_Desktop/AD_EnableFilter](./policy-csp-admx-desktop.md#admx-desktop-ad-enablefilter)
 - [ADMX_Desktop/AD_HideDirectoryFolder](./policy-csp-admx-desktop.md#admx-desktop-ad-hidedirectoryfolder)
 - [ADMX_Desktop/AD_QueryLimit](./policy-csp-admx-desktop.md#admx-desktop-ad-querylimit)
diff --git a/windows/client-management/mdm/policy-csp-admx-admpwd.md b/windows/client-management/mdm/policy-csp-admx-admpwd.md
index e67627501c..273f31c37b 100644
--- a/windows/client-management/mdm/policy-csp-admx-admpwd.md
+++ b/windows/client-management/mdm/policy-csp-admx-admpwd.md
@@ -22,7 +22,8 @@ manager: dansimp
 ## ADMX_AdmPwd policies  
 
 <dl>
-  <dd>
+  
+<dd>
     <a href="#admx-admpwd-pol_admpwd_dontallowpwdexpirationbehindpolicy">ADMX_AdmPwd/POL_AdmPwd_DontAllowPwdExpirationBehindPolicy</a>
   </dd>
   <dd>
@@ -34,6 +35,7 @@ manager: dansimp
     <dd>
     <a href="#admx-admpwd-pol_admpwd">ADMX_AdmPwd/POL_AdmPwd</a>
   </dd
+
 </dl>
 
 <hr/>

From d72ad55cf12e1ac2d582d8ee6eedfe6928c2028c Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Thu, 9 Sep 2021 21:11:26 +0530
Subject: [PATCH 284/671] Updated

---
 .../mdm/policy-csp-admx-admpwd.md             | 127 ------------------
 1 file changed, 127 deletions(-)
 delete mode 100644 windows/client-management/mdm/policy-csp-admx-admpwd.md

diff --git a/windows/client-management/mdm/policy-csp-admx-admpwd.md b/windows/client-management/mdm/policy-csp-admx-admpwd.md
deleted file mode 100644
index 273f31c37b..0000000000
--- a/windows/client-management/mdm/policy-csp-admx-admpwd.md
+++ /dev/null
@@ -1,127 +0,0 @@
----
-title: Policy CSP - ADMX_AdmPwd
-description: Policy CSP - ADMX_AdmPwd
-ms.author: dansimp
-ms.localizationpriority: medium
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: nimishasatapathy
-ms.date: 08/09/2021
-ms.reviewer: 
-manager: dansimp
----
-
-# Policy CSP - ADMX_AdmPwd
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
-
-<hr/>
-
-<!--Policies-->
-## ADMX_AdmPwd policies  
-
-<dl>
-  
-<dd>
-    <a href="#admx-admpwd-pol_admpwd_dontallowpwdexpirationbehindpolicy">ADMX_AdmPwd/POL_AdmPwd_DontAllowPwdExpirationBehindPolicy</a>
-  </dd>
-  <dd>
-    <a href="#admx-admpwd-pol_admpwd_enabled">ADMX_AdmPwd/POL_AdmPwd_Enabled</a>
-  </dd>
-  <dd>
-    <a href="#admx-admpwd-pol_admpwd_adminname">ADMX_AdmPwd/POL_AdmPwd_AdminName</a>
-  </dd>
-    <dd>
-    <a href="#admx-admpwd-pol_admpwd">ADMX_AdmPwd/POL_AdmPwd</a>
-  </dd
-
-</dl>
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-admpwd-pol_admpwd_dontallowpwdexpirationbehindpolicy"></a>**ADMX_AdmPwd/POL_AdmPwd_DontAllowPwdExpirationBehindPolicy**  
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Edition</th>
-    <th>Windows 10</th>
-    <th>Windows 11</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td>No</td>
-    <td>No</td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td>No</td>
-    <td>No</td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td>No</td>
-    <td>No</td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td>Yes</td>
-    <td>Yes</td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td>Yes</td>
-    <td>Yes</td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-This policy setting controls the installation of ActiveX controls for sites in Trusted zone.
-
-If you enable this policy setting, ActiveX controls are installed according to the settings defined by this policy setting.
-
-If you disable or do not configure this policy setting, ActiveX controls prompt the user before installation. 
-
-If the trusted site uses the HTTPS protocol, this policy setting can also control how ActiveX Installer Service responds to certificate errors. By default all HTTPS connections must supply a server certificate that passes all validation criteria. If you are aware that a trusted site has a certificate error but you want to trust it anyway you can select the certificate errors that you want to ignore.
-
-> [!NOTE]
-> This policy setting applies to all sites in Trusted zones.
-
-<!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP Friendly name: *Establish ActiveX installation policy for sites in Trusted zones*
--   GP name: *AxISURLZonePolicies*
--   GP path: *Windows Components\ActiveX Installer Service*
--   GP ADMX file name: *ActiveXInstallService.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-<hr/>
-
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
-
-<!--/Policies-->
-

From 5c9fc1c94735a72644fd102d1987f05ca65cd365 Mon Sep 17 00:00:00 2001
From: Fojonx <90415493+Fojonx@users.noreply.github.com>
Date: Thu, 9 Sep 2021 14:21:38 -0400
Subject: [PATCH 285/671] Update security-compliance-toolkit-10.md

Adding Windows Server 2022 entry
---
 .../security/threat-protection/security-compliance-toolkit-10.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/threat-protection/security-compliance-toolkit-10.md b/windows/security/threat-protection/security-compliance-toolkit-10.md
index 2ec5067168..3fe631aa97 100644
--- a/windows/security/threat-protection/security-compliance-toolkit-10.md
+++ b/windows/security/threat-protection/security-compliance-toolkit-10.md
@@ -37,6 +37,7 @@ The Security Compliance Toolkit consists of:
     - Windows 10, Version 1507
 
 - Windows Server security baselines
+    - Windows Server 2022
     - Windows Server 2019
     - Windows Server 2016
     - Windows Server 2012 R2

From 119190a4e18d3b5ff72de1714872f593f49ee750 Mon Sep 17 00:00:00 2001
From: Kamil <KamilRT@users.noreply.github.com>
Date: Fri, 10 Sep 2021 01:44:16 +0200
Subject: [PATCH 286/671] Update windows-adk-scenarios-for-it-pros.md

Image creation functionality has been removed from Windows ICD a long time ago. Also, the link that has been deleted is no longer valid.
---
 windows/deployment/windows-adk-scenarios-for-it-pros.md | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/windows/deployment/windows-adk-scenarios-for-it-pros.md b/windows/deployment/windows-adk-scenarios-for-it-pros.md
index 9c27c2ce11..39d68c7a0e 100644
--- a/windows/deployment/windows-adk-scenarios-for-it-pros.md
+++ b/windows/deployment/windows-adk-scenarios-for-it-pros.md
@@ -71,7 +71,7 @@ Here are some things you can do with Windows SIM:
 
 For a list of settings you can change, see [Unattended Windows Setup Reference](/windows-hardware/customize/desktop/unattend/) on the MSDN Hardware Dev Center.
 
-### Create a Windows image using Windows ICD
+### Create a provisioning package using Windows ICD
 
 Introduced in Windows 10, [Windows Imaging and Configuration Designer (ICD)](/windows/configuration/provisioning-packages/provisioning-install-icd) streamlines the customizing and provisioning of a Windows 10 for desktop editions (Home, Pro, Enterprise, and Education) or Windows 10 IoT Core (IoT Core) image.
 
@@ -79,7 +79,6 @@ Here are some things you can do with Windows ICD:
 
 -   [Build and apply a provisioning package](/windows/configuration/provisioning-packages/provisioning-create-package)
 -   [Export a provisioning package](/windows/configuration/provisioning-packages/provisioning-create-package)
--   [Build and deploy an image for Windows 10 for desktop editions](https://msdn.microsoft.com/library/windows/hardware/dn916105.aspx)
 
 ### IT Pro Windows deployment tools
 
@@ -90,4 +89,4 @@ There are also a few tools included in the Windows ADK that are specific to IT P
 
  
 
- 
\ No newline at end of file
+ 

From 6037d535995c032a051eb0ddd5d4e3666820e03d Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Thu, 9 Sep 2021 19:55:14 -0400
Subject: [PATCH 287/671] saving changes

---
 windows/configuration/TOC.yml                 | 16 ++++--
 .../customize-taskbar-windows-11.md           | 55 ++++++++++++++++---
 .../supported-csp-taskbar-windows.md          | 29 +++++-----
 3 files changed, 75 insertions(+), 25 deletions(-)

diff --git a/windows/configuration/TOC.yml b/windows/configuration/TOC.yml
index d5ce0457f4..f2f974f0c8 100644
--- a/windows/configuration/TOC.yml
+++ b/windows/configuration/TOC.yml
@@ -4,10 +4,18 @@
   items:
     - name: Windows 11
       items:
-        - name: Start menu layout
-          href: use-json-customize-start-menu-windows.md
-        - name: Supported Start menu CSPs
-          href: supported-csp-start-menu-layout-windows.md
+        - name: Start menu
+          items:
+          - name: Customize Start menu layout
+            href: use-json-customize-start-menu-windows.md
+          - name: Supported Start menu CSPs
+            href: supported-csp-start-menu-layout-windows.md
+        - name: Taskbar
+          items:
+          - name: Customize Taskbar
+            href: customize-taskbar-windows-11.md
+          - name: Supported Taskbar CSPs
+            href: supported-csp-taskbar-windows.md
     - name: Windows 10 Start and taskbar
       items:
         - name: Start layout and taskbar
diff --git a/windows/configuration/customize-taskbar-windows-11.md b/windows/configuration/customize-taskbar-windows-11.md
index 9cc1f10e7a..489d1c5554 100644
--- a/windows/configuration/customize-taskbar-windows-11.md
+++ b/windows/configuration/customize-taskbar-windows-11.md
@@ -1,6 +1,6 @@
 ---
 title: Configure and customize Windows 11 taskbar | Microsoft Docs
-description: On Windows 11 devices devices, iin additional apps to the taskbar and remove default pinned apps from the taskbar by adding a section to a layout modification XML file. 
+description: On Windows 11 devices, pin and unpin default apps and organization apps on the taskbar using an XML file. Deploy the taskbar XML file using Group Policy or MDM and Microsoft Intune. See what happens to the taskbar when the Windows OS client is installed or upgraded.
 ms.assetid: 
 manager: dougeby
 ms.author: mandia
@@ -10,11 +10,11 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mobile
 author: MandiOhlinger
-ms.date: 09/08/2021
+ms.date: 09/09/2021
 ms.localizationpriority: medium
 ---
 
-# Pin apps to the Taskbar on Windows 11
+# Customize the Taskbar on Windows 11
 
 **Applies to**:
 
@@ -22,7 +22,7 @@ ms.localizationpriority: medium
 
 > **Looking for OEM information?** See [Customize the Taskbar](/windows-hardware/customize/desktop/customize-the-windows-11-taskbar) and [Customize the Start layout](/windows-hardware/customize/desktop/customize-the-windows-11-start-menu).
 
-Your organization can deploy a customized taskbar to your Windows 11 devices. Customizing the taskbar is common when your organization uses a common set of apps, or wants to bring attention to specific apps. You can also remove the default pinned apps.
+Your organization can deploy a customized taskbar to your Windows devices. Customizing the taskbar is common when your organization uses a common set of apps, or wants to bring attention to specific apps. You can also remove the default pinned apps.
 
 For example, you can override the default set of apps with your own a set of pinned apps, and in the order you choose. As an administrator, use this feature to pin apps, remove default pinned apps, order the apps, and more on the taskbar.
 
@@ -48,7 +48,9 @@ This article shows you how to create the XML file, add apps to the XML, and depl
 
 ## Create the XML file
 
-1. In a text editor, such as Visual Studio Code, create a new XML file. To help you get started, you can copy and paste the following XML sample. The sample pins two apps to the taskbar - Microsoft Edge and File Explorer:
+1. In a text editor, such as Visual Studio Code, create a new XML file. To help you get started, you can copy and paste the following XML sample. The sample pins 2 apps to the taskbar - Microsoft Edge and File Explorer:
+
+    ??Need to confirm XML syntax since start doesn't use XML anymore??
 
     ```xml
     <?xml version="1.0" encoding="utf-8"?>
@@ -90,6 +92,8 @@ This article shows you how to create the XML file, add apps to the XML, and depl
     - If the `<TaskbarPinList>` node doesn't have a region tag for the current region, then the first `<TaskbarPinList>` node with no region is applied.
     - ??What happens if only a region is added, and device is configured with a different region? I assume no apps are pinned (other than the default)??
 
+    ??Need to confirm XML syntax since start doesn't use XML anymore??
+
     ```xml
     <?xml version="1.0" encoding="utf-8"?>
     <LayoutModificationTemplate
@@ -132,6 +136,8 @@ This article shows you how to create the XML file, add apps to the XML, and depl
 
 5. Save the file, and name the file so you know what it is. For example, name the file something like `CustomTaskbar.xml`. Once you have the file, it's ready to be deployed to your Windows devices.
 
+    ??Can the XML file name be anything? Or does it have to be 
+
 ## Use Group Policy or MDM to create and deploy a taskbar policy
 
 Now that you have the XML file with your customized taskbar, you're ready to deploy it to devices in your organization. You can deploy your taskbar XML file using Group Policy, or using an MDM provider, like Microsoft Intune.
@@ -154,7 +160,7 @@ Use the following steps to add your XML file to a group policy, and apply the po
 
     :::image type="content" source="./images/customize-taskbar-windows-11/start-layout-group-policy.png" alt-text="Add your taskbar layout XML file to the Start Layout policy on Windows devices.":::
 
-    The `User Configuration\Administrative Templates\Start Menu and Taskbar` policy includes other settings that control the taskbar. Some policies may not work as expected on Windows 11. Be sure to test your policies before broadly deploying them across your devices.
+    The `User Configuration\Administrative Templates\Start Menu and Taskbar` policy includes other settings that control the taskbar. Some policies may not work as expected. Be sure to test your policies before broadly deploying them across your devices.
 
 4. When you apply the policy, the taskbar includes your changes. The next time users sign in, they'll see the changes.
 
@@ -195,7 +201,7 @@ Use the following steps to create an Intune policy that deploys your taskbar XML
 
 ## Get the AUMID and Desktop app link path
 
-In the layout modification XML file, you add apps in the XML markup. To pin an app, you enter the AUMID or Desktop Application Link Path. The easiest way to find this app information is to use the [Export-StartLayout](/powershell/module/startlayout/export-startlayout) Windows Powershell cmdlet:
+In the layout modification XML file, you add apps in the XML markup. To pin an app, you enter the AUMID or Desktop Application Link Path. The easiest way to find this app information is to use the [Export-StartLayout](/powershell/module/startlayout/export-startlayout) Windows PowerShell cmdlet:
 
 1. On an existing Windows 11 device, pin the app to the Start menu.
 2. Create a folder to save an output file. For example, create the `C:\Layouts` folder.
@@ -207,3 +213,38 @@ In the layout modification XML file, you add apps in the XML markup. To pin an a
 
 4. Open the generated GetIDorPath.xml file, and look for the app you pinned. When you find the app, get the AppID or Path. Add these properties to your XML file.
 
+## Pin order for all apps
+
+On a taskbar, the following apps are typically pinned:
+
+- Apps pinned by the user
+- Default Windows apps pinned during the OS installation, such as Microsoft Edge, File Explorer, and Store
+- Apps pinned by your organization, such as in an unattended Windows setup
+
+  In an unattended Windows setup file, use the XML file you created in this article. It's not recommended to use [TaskbarLinks](/windows-hardware/customize/desktop/unattend/microsoft-windows-shell-setup-taskbarlinks).
+
+Apps are pinned in the following order:
+
+1. Windows default apps are pinned first.
+2. User-pinned apps are pinned after the Windows default apps.
+3. XML-pinned apps are pinned after the user-pinned apps.
+
+If the OS is configured to use a right-to-left language, then the taskbar order is reversed.
+
+## OS install and upgrade
+
+- On a clean install of the Windows client, if you apply a taskbar layout, the following apps are pinned to the taskbar:
+
+  - Apps you specifically add
+  - Any default apps you don't remove
+
+  After the taskbar layout is applied, users can pin more apps, change the order, and unpin apps.
+
+- On a Windows client upgrade, apps are already pinned to the taskbar. Apps may have been pinned by a user, by an image, or by using Windows unattended setup. For upgrades, the taskbar layout applies the following behavior:
+
+  - If users pinned apps to the taskbar, then those pinned apps remain. New apps are pinned after the existing user-pinned apps.
+  - If the apps are pinned during the install or by a policy (not by a user), and the apps aren't pinned in an updated layout file, then the apps are unpinned.
+  - If a user didn't pin an app, and the same app is pinned in the updated layout file, then the app is pinned after any existing pinned apps.
+  - New apps in updated layout file are pinned after the user's pinned apps.
+
+  After the layout is applied, users can pin more apps, change the order, and unpin apps.
diff --git a/windows/configuration/supported-csp-taskbar-windows.md b/windows/configuration/supported-csp-taskbar-windows.md
index 960917e21f..962f249a8f 100644
--- a/windows/configuration/supported-csp-taskbar-windows.md
+++ b/windows/configuration/supported-csp-taskbar-windows.md
@@ -1,6 +1,6 @@
 ---
-title: Configure and customize Windows 11 taskbar | Microsoft Docs
-description: On Windows 11 devices devices, iin additional apps to the taskbar and remove default pinned apps from the taskbar by adding a section to a layout modification XML file. 
+title: Supported CSP policies to customize the Taskbar on Windows 11 | Microsoft Docs
+description: See a list of the Policy CSP - Start items that are supported on Windows 11 to customize the Taskbar.
 ms.assetid: 
 manager: dougeby
 ms.author: mandia
@@ -10,7 +10,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mobile
 author: MandiOhlinger
-ms.date: 09/08/2021
+ms.date: 09/09/2021
 ms.localizationpriority: medium
 ---
 
@@ -20,19 +20,20 @@ ms.localizationpriority: medium
 
 - Windows 11
 
+The Windows OS exposes CSPs that are used by MDM providers, like [Microsoft Endpoint Manager](/mem/endpoint-manager-overview). In an MDM policy, these CSPs are settings that you configure in a policy. When the policy is ready, you deploy the policy to your devices.
 
-- [Start/HideRecentJumplists CSP](../client-management/mdm/policy-csp-start.md#start-hiderecentjumplists)
+This article lists the CSPs that are available to customize the Taskbar for Windows 11 devices. Windows 11 uses the [Policy CSP - Start](/windows/client-management/mdm/policy-csp-start).
+
+For more general information, see [Configuration service provider (CSP) reference](/windows/client-management/mdm/configuration-service-provider-reference).
+
+## Existing CSP policies that Windows 11 taskbar supports
+
+- [Start/HideRecentJumplists CSP](/windows/client-management/mdm/policy-csp-start.mdstart-hiderecentjumplists)
   - Group policy: User Configuration\Administrative Templates\Start Menu and Taskbar\Do not keep history of recently opened documents
   - Local setting: Settings > Personalization > Start > Show recently opened items in Jump Lists on Start or the taskbar
 
+- [Start/NoPinningToTaskbar](/windows/client-management/mdm/policy-csp-start#start-nopinningtotaskbar)
+  - Group policy: User Configuration\Administrative Templates\Start Menu and Taskbar\Do not allow pinning programs to the Taskbar or Removed pinned programs from the Taskbar? Which one??
+  - Local setting: None
 
-All settings
-
-Group policy: User Configuration\Administrative Templates\Prevent changes to Taskbar and Start Menu Settings
-Local setting: None
-
-
-Taskbar
-
-Local setting: None
-MDM policy: Start/NoPinningToTaskbar
+## ??Add an unsupported section??

From 7849ca4adb49e0b5e1d9053d39a60a651300105d Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Thu, 9 Sep 2021 20:09:49 -0400
Subject: [PATCH 288/671] Updated image, updated metadata

---
 windows/configuration/TOC.yml                  |   2 +-
 ...ize-the-start-menu-layout-on-windows-11.md} |   8 ++++----
 ...dmin-center-custom-oma-uri-start-layout.png | Bin
 .../start-menu-layout.png                      | Bin 0 -> 123878 bytes
 .../start-menu-layout.png                      | Bin 63981 -> 0 bytes
 .../supported-csp-start-menu-layout-windows.md |   4 ++--
 6 files changed, 7 insertions(+), 7 deletions(-)
 rename windows/configuration/{use-json-customize-start-menu-windows.md => customize-the-start-menu-layout-on-windows-11.md} (93%)
 rename windows/configuration/images/{use-json-customize-start-menu-windows => customize-the-start-menu-layout-on-windows-11}/endpoint-manager-admin-center-custom-oma-uri-start-layout.png (100%)
 create mode 100644 windows/configuration/images/customize-the-start-menu-layout-on-windows-11/start-menu-layout.png
 delete mode 100644 windows/configuration/images/use-json-customize-start-menu-windows/start-menu-layout.png

diff --git a/windows/configuration/TOC.yml b/windows/configuration/TOC.yml
index d5ce0457f4..dd7ec29388 100644
--- a/windows/configuration/TOC.yml
+++ b/windows/configuration/TOC.yml
@@ -5,7 +5,7 @@
     - name: Windows 11
       items:
         - name: Start menu layout
-          href: use-json-customize-start-menu-windows.md
+          href: customize-the-start-menu-layout-on-windows-11.md
         - name: Supported Start menu CSPs
           href: supported-csp-start-menu-layout-windows.md
     - name: Windows 10 Start and taskbar
diff --git a/windows/configuration/use-json-customize-start-menu-windows.md b/windows/configuration/customize-the-start-menu-layout-on-windows-11.md
similarity index 93%
rename from windows/configuration/use-json-customize-start-menu-windows.md
rename to windows/configuration/customize-the-start-menu-layout-on-windows-11.md
index 90db044f87..254d50005b 100644
--- a/windows/configuration/use-json-customize-start-menu-windows.md
+++ b/windows/configuration/customize-the-start-menu-layout-on-windows-11.md
@@ -1,6 +1,6 @@
 ---
-title: Use JSON to customize Start menu layout on Windows 11 | Microsoft Docs
-description: Export start layout to LayoutModification.json that includes pinned apps. Add or remove apps, and use the JSON text in an MDM policy to deploy a custom Start menu layout to Windows 11 devices.
+title: Add or remove pinned apps on the Start menu in Windows 11 | Microsoft Docs
+description: Export start layout to LayoutModification.json that includes pinned apps. Add or remove pinned apps, and use the JSON text in an MDM policy to deploy a custom Start menu layout to Windows 11 devices.
 ms.assetid: 
 manager: dougeby
 ms.author: mandia
@@ -46,7 +46,7 @@ This article shows you how to export an existing Start menu layout, and use the
 
 In Windows 11, the Start menu is redesigned with a simplified set of apps that are arranged in a grid of pages. There aren't folders, groups, or different-sized app icons:
 
-:::image type="content" source="./images/use-json-customize-start-menu-windows/start-menu-layout.png" alt-text="Sample start menu layout on Windows 11 devices that shows pinned apps, access to all apps, and shows recommended files.":::
+:::image type="content" source="./images/customize-the-start-menu-layout-on-windows-11/start-menu-layout.png" alt-text="Sample start menu layout on Windows 11 devices that shows pinned apps, access to all apps, and shows recommended files.":::
 
 Start has the following areas:
 
@@ -154,7 +154,7 @@ To deploy this policy in Microsoft Intune, the devices must be enrolled in Micro
 
     Your settings look similar to the following settings:
 
-    :::image type="content" source="./images/use-json-customize-start-menu-windows/endpoint-manager-admin-center-custom-oma-uri-start-layout.png" alt-text="Custom OMA-URI settings to customize Start menu layout using pinnedList":::
+    :::image type="content" source="./images/customize-the-start-menu-layout-on-windows-11/endpoint-manager-admin-center-custom-oma-uri-start-layout.png" alt-text="Custom OMA-URI settings to customize Start menu layout using pinnedList":::
 
 8. Select **Save** > **Next** to save your changes.
 9. Configure the rest of the policy settings. For more specific information, see [Create a profile with custom settings in Intune](/mem/intune/configuration/custom-settings-configure).
diff --git a/windows/configuration/images/use-json-customize-start-menu-windows/endpoint-manager-admin-center-custom-oma-uri-start-layout.png b/windows/configuration/images/customize-the-start-menu-layout-on-windows-11/endpoint-manager-admin-center-custom-oma-uri-start-layout.png
similarity index 100%
rename from windows/configuration/images/use-json-customize-start-menu-windows/endpoint-manager-admin-center-custom-oma-uri-start-layout.png
rename to windows/configuration/images/customize-the-start-menu-layout-on-windows-11/endpoint-manager-admin-center-custom-oma-uri-start-layout.png
diff --git a/windows/configuration/images/customize-the-start-menu-layout-on-windows-11/start-menu-layout.png b/windows/configuration/images/customize-the-start-menu-layout-on-windows-11/start-menu-layout.png
new file mode 100644
index 0000000000000000000000000000000000000000..ca0cbd51cc64359fb9f2560c252656f2df0052c0
GIT binary patch
literal 123878
zcmXV1Wl&sAvtD)=SQcB{-Q6v?1ee8v1$P1jhoFnQgy6y5AwaO;?h@P*+=C=&AaHrV
zx<95)&8eE{o;lM`_w>^z8m_K@2_=OB002xSML8`10IB|^eSrX9-o&|hEWbRE+_e;B
z0JT%(M=u?)t+bjn0PrOd{m~rxrH|&KXy6V2VD<gikO-KS5dgq*iISYOj*rP{Cu;u2
zK&mAB(apnO_u-8p3Zhq~vWhgpU?AFOb;VG%_w=79os-oBX;M8LWH7^i05g76A(4@h
z39WxKecz(|cPf)FOEg)&y?uI`{^9w@wB-h0*|g#-(xbF8$u0-m&pAKrN*DK%*L<(L
z3U%36OB$?=vYhRCjOGN?gq+sq9p@5`42_4J?dOk49Yt%2IK=hleNj%II!xFd(rOH{
zN_p_engx^Wkg?zZ<8hQOr<2WfU>>2O0J=SV)3~?V!vKW6z6jR6C~f4h<o#H?(uP#?
z#X$1pQ&!rd(EBej$QMOMn_#!C{S+#CNL}+3WCBflKE_%!XO?hk(Dm2qy92i@-9<I@
zQW;c9F+6akdt_YEJKwhI)Y!$a=$p7q!&=AF^_sok+_VjDTGsujMuL(VC=dkFenvz|
zW+`E!0Unc`<?spUwUgfGMRXCVr+lm4JF`H{sPFo=YMI4C{KpTzO$n4v2+U8S!#p93
zccJ(NAoA0+ST9~1jok8h;)*@xzX@11em$K1oHh@@1#Tvr*b3_Mle>W{Gol_VYNSY%
zJj~Va+`W*SwoN`NITiH`+zd;_Aq5mA1FQLgfFpg~jB>Cx@)v55pruUkvu#g3KXlQv
z|Kk@-2bYipGz_WX2<)EHi)1Vu;t0IBL^6M57FHy+zmD3P5tz1kG)^LsnJ$J)anQUK
zhjyetQAYWi4$Fd$miZw@`M>0}$iy|@Ir5~fzg=!ypKmCKzRK_WEfvCK$;~(t4KlXk
z?q)|R%B%@~C66(QnICMwEdSQFi9%K;aadsSR1O%e^HziDtH*i*)33jbqKjF+H)l0Q
z=Wm^hzYC)fV~(Sdh4n`86m!zclb9*e=S!oE48PS+P9anQrdUb=LK#pWGlFTPVir{;
z2}AWn3HhY(?p)yr4&RyXe}=BIrqwk+L-3Zv3_}mPozmIMMI+)Ht9uO`mRI67X7a5Y
zn<?kq8EQmPZBx>??5#5l%Rg^I6Fk=qP7z^2r>fLId7w4U%4vr+0lZOJAMespD5o)Y
zjI%0{(8{8a_murCKHbQQ*YvcwH|iAp#gp&7dIo{taGSjJT(i@hGCW_6oyP|l@@fJ$
zXDbNE(4iISwp+b6aC#!|6sr5RY-z+$T`WwZk7)qh3=^0@B}Ey02Y~J2PGP6?m45tt
z7T~3q?kw|LXHk<%mU?SI2H1I_hcJi;uu>zgizhAm9MM%Zd3M(SSb$|geFeH-cFEVs
zG)tr`y4}4trf{KfvqAB~A4i?mivgelZK6do82ly_{kG{ltL^>1ohF!c4#<bGNI93Q
zzF}vOcdsB8z?q0~y?`oM4s)vV$`u)_#$T=knuBarw@B;{X^`;i+GbqHA<aKY5^sc)
z-bPB7(r~v9Xp?yGa0rrv?YO7o5b0xQ3PBfCrme49r3g=8Wx!oazzvjhGX+RdyT?4Y
zGDgvdGVL;C``m`Ft|Yc^R+$uOLcwxBK-tltP1cc*&1eC&3eOF;$?}m0eM;pOn=3%)
z&pp-u+C-cN<jDCttTFfSaBX`w;qBP)l|J0cH-p(RQ?P*rut+W_PE6z}jn{(JE6lE>
zmT1m{M0$dq0-%7>k`EcOJ4*?KX^o&;$Y?N`y(>xfE&VZ-5Yu_%c6)qcvKRw5t*<p_
z&&G;DHLGak{A9+x%`L1oOn9Gd<B56YieAT)EoT)1wA7Lgv!+N>+$FxuphU$=kkbHA
z%xM^CopDJag+Y-CW_VR>OoKSza58zmT^{iKMwu4I;nh5aK-RI%L&1d7&PxmD_exH%
zl1Dp2S3aT{<4e<+4+~LVjSL+3ym|G8q>^$Toj(6!#Tss7je}+T-JAiS9vGivc1T4w
z>r*MLCq$c1zAb|REIB^C4dSGHKO^{l@y`d3@c10f2~t&Vq+Dj}vm_YizJD+IB!83B
zH-3FX8HPSzH72o{yFQeVXLA)Mj#B7C{nx=P9+kwBD<{#@CvxARtOVpx`w(|tj}S}s
zR%rx;-xAI57{8`X_x<_ojh90>?a+eR7KYIxHJsK)BgamtMT%v9)%PoIii(a|XruWO
z&ojRixd1TzAPr@~<u`t3k!hq~FuA%YWH~oPZvwOCPBP{-__MxSqKeNxA(^6mET%2M
z8_9hnBJNvw2EU)<=_WyD2H8on(5?*mSQ>KQJv9p{^&rXse<q%K5$SbO4^4e0H4b(^
zpl+fIs3Q{~2F$>vfMzhdeB74b4W^*lRS>pVBql<lZSLE~y~#7ci+{sTr(Oi8p~qS>
zH)gbOs4tnz#D`<C;WL|_T15si59*ahTLaXC;E`2~uMm7hY_b#1Bo*<L?>oLu`5z^8
zyg?!S+h0fxAiv`5n;`_pQL|K0s*?0?WugDm{`bWdU4`>aQ9a|3XF0cjIPqLEns{o{
zCs)x=-{<VV1*UwlasMzlIsTO*N1vC+V9^DXAeT<M0}DnF5A=p*;QI`u+^M3fFcJ6C
z!ZH)EJ`22+0g6(x8TF_ZlkvHZU=zkgw+1d7TeFM1=%h``)Ml_>=kfBm&PyNddypr%
zlWX86Mre^tONkx%m_S}7K<<ubOn?aj@-u{)9*1sO6hR&59z0;}$Y<IN*}q7(dZn7v
zg7z*;6PB0HxFK=UvqQ$8l<nJqd`#GV**R>S!n9h|b;Ib`>lUaHHy+{$Ht$t+#%q5h
zFCZ_qA;T-gtcwl<u5Z^!T4!85*9`pgUx-+vNVK|HNz&*xMF3LTE`K9)J`rk1?2cTr
zC-T;6`@M-_&(dC<I`H@U8|wLNo;G>LcdP|kNjdeQ7(3{%l_NGAY+~s51bI6GsC;1l
zXkR>IzreSv@Q9=^h^#8EwyoVl2)K+@=x3{2`uSC;VXOq!B*NJF{obiXzcg!#X|Pzd
z4p8c?jRPkU5uOBSt=&V)$>%KkZL~{X@Jm*Z=kfw-^I@F(p!`g#&PW7H<2wf9gQRH<
ztK|mKqh^yoqeAZ99BhOZ*DI>Zp&>qpHT6FlPm>K;@jrk4ah^BhJF&}NJALQ*nc~|7
zRl9{zc7s_`7OF{vMsWWxQ#%~gZ<MlS=ur4~j#efxb~W0_8=A~ds7>K2HC$K#Vd2kH
zuIK?D2_^_8a81Syo&Y7Nz>7|M1e>8M8ri7+VJMKJVRx2BpBq~P5Y`0lzsjJylHx*=
z;(($hCGcW-Q~9z>h^o`m@QAE45=1craTR<}T03}>bTAbJ<d`PbG3QhIcB;zOQHvZR
zIPWsMM$6;|npxqI>gM`<Lq(aRP<7w{UejqrY_<pvEi}dq?CIJ+h0h$TPZyp5!r0>8
zN~L`hJROa?t6-;DS-sm2Bus0*>94yr@h~<jTgjLzy^?*;Oj>G?&T5M*PBi&W_=B6Q
z-jAG^i-FCv4>Z+pDZy5?h9DZ5B=Y8%d}kvABnB(GQxbgjN0%{jX{^3~qty;D7T9jB
zf*duYBWNp~2dnM(!&Rlq7)=uPUga41L>O+qlV=n&SYruwr3|7uSsp`b%{ESv5Mp-m
zHcm<gqks+27&Vq$gY9ezp&G91gYAEX(q=TQfr$_W6LMM@7i5I$9C))^0%muzpcoL1
zywH$yVAr2NOSi?OS@B;u7UNiK#xu5?2>*?^Vv4&=GavNEnaOg1&1h}wD5DkVdg$z<
zoqXORTlt|$L_og_8yDE45stn_=EP1Aa23l9%c`zJOk)s-5bb^ny_RO82S-)X=ZCEg
zeHu!Vx>1_7BjfiXaB;~W;{4EYpYCfRAC7<wOJ>69?(BOt?+!Ml{ava;mFvZwQcXf|
zHaW@7cF{oO4yag9`Ofo%l5zxczXJA;Vo4J-iVuFjE-G00G55Y^T}wR`?<nJhN87q&
zQ|c)FN*W(GH8jOaH`9xncyooxsyv`_KJXDRo&0A;*gPq66Uikk1@fT^Wke1ys>>gw
z7-9ZK3(^YLyFDkTw<3Do{T(c3jJ65CQHmJ|BQ)Cus=%>eK5)@s)-n8W>gwXw5WV0D
zw~62b`_v_uq!<lNVswkcd^Z+GX@oHDPp6%$M>aJyC<&!oUt0GV>>DoWXf$IVIt}Qq
zGZ>OlY-VUEXg@(h)Dpw6GnsR9##sYzy2KL%#^LkyOGEQd6Jr2h?0EC51TPv03@P=T
znfcHld!aikRaDs=)MF!76g0@R^E`Nd9e6TTsY@eAVaPy^6?qbV;!TnD57aWCk1#QG
zV1AQJMm-8x%bC;Xp&*m(ltTS(P^KArG41~l%ZE_Hg2-(ArUy~VqiahevQ*is^{*=l
zwnUUyMq}jq)3S&HIXy-{j*yGoQU4s6t{Zd`O`!T^{V@EcR8Rg*q{S=9){P8lzC2pk
z1F@kLJC6b&j`J1-a1&8Vd=+iQ*zO7W5+CM(LVXD>;-F_cVEm@MWQCiZ02bk+wMrm^
zZG1u;R?2a9&wspTgU63sPi!t}A}MgKK}q40p~dLVc9bF-gqM1VBI#dw7(tXjnhGa3
z^EYGg0JR{4k?4`M5H6PbX+MKz^B&ERpZet^BU(3msEV)MrNdHp^pJgAPtaRTo)_R%
zT|^VP*%xt}$fTChxSI+-Z%d5p`A}lmLfaiR!XxqW$zaQ2pLK=^YVc{vKOK&?Qq%sW
z_S5!FQ_InXIDWiXYu^^O@J|IRYNb2vt-$;82wb9$h;YI}NMX3%so7vU5tkLV0aVEP
z2Puq?9S+pV@zn1oQyHoK(;U3Uq(%J1{QS++C%*)jz?dKLIiqKA89MYRe(*qc4mtf{
zr6va-d&T8iB16^x&R_uS9DqNjzqR7<zFkol#s=Gg?|$#%VY!Bdf7Y3LK6DXN5Qrz2
zQP-Vm5SU@-w2HS5aigAuPGStSD#oa?=1pZ`+`Tnu$AI<T_bnoM6nw-xhH?w(O6}uF
zP03k4-{KW;9>S$Vy5&P;GW8ect{uYi3{<<@wb6>}nrUk#sol)N%Z=`=QEo(pYm4U7
zkhETtBeKYltRP0iAO={jJaJ*22YHW@%#IdD2-<ERjiP}hbK!)Z@U2uuZ(mrV;uJX5
zK;bB^=XElQ38@GPbS11C1(dQ!|DO@Dj*wj#u=LX^aw=*I7jYo$x6ywZsDkVj`UT|e
z^S0S20C9A819Cj?dg`Lc1(D`ib7iHoOsrSZ5qa8dyN@B#DoC1y*36%@MAs4>Wz}x`
z>!AGilx4!S&F?Vd1G*=zObbAQN8!a%?prxH+>kFH9=51lt$ZRG`!88e!j6_w!h^7)
z`=>?^H3vknC%D;Oby669;AMtsVgj;?+3}Fz`z#fIQmJW{F-40jkP-A2fsfQUj^PP!
zk<k2W>ASuYP)BLx!#E+JMC;ZfSQK#qrI{SF9(}RP=3??=vKhPrg(@)A?EvTl7uJj?
zz<26rU$YtI+;gH9)<do@Yko#U2>~j?v5`05eCoa48Z5)h72#O5rn4QK0HnjczFuTg
zN=N52GU3QQh!FTZkZ(#dhmj`dMMV@M-Y7^VLr1dsBUVur<t0RQ4pc?lKm6Kv32!Pa
zy&0vElVhGll94kqr|qAM$1qH8{i&vVUpX06FGv+)8^(HvYGi~Z5tX4Rr)X9V%NC@R
zm2b<J7GU2$ZMgj$PB7xWrG-TJl_q$aU?7H9vqAG~B#t>OkQt}L@w+AKAuq|RvfAS6
zu%akxweT*Oj}?}w4<vZp(2%Th%ZD(lSI<T$LrG^O%Zk}`ARht8gneD{MJD?k$e%`j
z@rh_sdWe8zJeWAeY}`$EhSlYp0!%@!EH*|G>hy0PC=6A~L>Xt2Lb2zrNAUJzt|aML
zCy)tiCg_wRi-{F7B&_umQ2-?5NgS%|&ekD<o47tW+GX&F5dD#ra3qeOb+Xb|8t%&-
zsHi`=gq>-ws6$--^>i#;$RWLRlR|CBn6foO3d$`!nZ4?>WP}ZP7ZvVhe~QDvf&w)i
z^Nqex(L$DbbESa><-FAyXe?iZ(}Uvy&z7@E$XJTfdsH-kLOmc`fnoqP6LJuYy#nFE
ziepVynDZ)nPzA+<0@;~Mc%g@j3keRTn^FSYssDKuo#vz)wjc2cw-~^C(?&Kqa{KOH
zg5ziZn<)Ae>fdr8b>(#sT1+{mloYW197oCcD;o+8?lFO={MPEsFN2#1*9|v=N<evg
zCr#AoG3i$r1hxFAb~QMnFT%tBs|n_4B{YomUY8_94r@%ug)Zi^)z)}Ilfe<w2x-X8
z{iUc3fKM^fuA7QMkpv6dxr7(+@zfOUYr?4-{jO>zQO}lAy%YH2H?>-YRI8u792T8)
z98TP9ZulD!(zri|)aSG$fbTxUhVndhz0ldS$Pj&z*I}$MIrJ$c^@Z51B3<0n23v?L
zGOb-h`zZ>-eb4-!JS1CqH-2+g`pzIBm`jFW)3qA1iNaFP@iD{p%7GZC!A6H|rb@Mv
zi)u7>jpj<xz~-AS>qRTF!1t>|1=rUXq60N+l;7rsiv*>jl<`x)z<a3Oq<bZp==um$
zLXy$Ca$38%zYY^{b?FQItwc@{k<%IM5x4DG<z8~K|G-DGQ_0I}Bc-_(1b&6XqX<f5
z8yOZdH5q|E-oYdsB6-O<k-}sNfmvGG-`(sA%li#XqRd$Xa4YX20G|}hjPxXCa$5Zw
zNIfpdgWrYi`^7=%CChY-FTq_7fOc6IKv|Ac6E<7`$MZKpN*sz>qNI{z3|x975aT-t
z{WDEdRu$sX)g3%TK5ZxOa$44(1t=)EmyJa;3v<GMsKJR}Y%=hD*O<_KGHeC3lh3`O
za$wrspa3cT@I<c!;qJ?Z6D5wrA)W=JdR*%{u>h^BN-3;U4WO_<F83~I8r&^JGQszL
z>Ky@IaFhe!H`^5mqXa1##o3z90r0&#3dpGNh7j75k{Vpf*b$Dvkp4tE+XqszX3pdt
zL95U-Sm%mrB8SN~flyaO2Hh~T^&7PKU1C=;Q8Bx?>f1u*To5+U<}Y@+;(^t(3)Te6
zgyK*dK3ej%e~62ojoAwJENHn>-2y*J2k)UMCB%FvVZLtXCKxIms2HYIAh$-HWcVxH
zdp=PgiqvpY`37uGhD@oJM-#6;)~8E2prDe0<)?UpkA*K>DN#p|r1<7yW}X=Xn-H)9
zk4R3ecvVO(3sjPp+>Wx6(~RY9g2{={hq)K9L7|0d%VsFYGa>yU^!mano0@NXH#Zv{
zEpOGGrn`Qh(lxoxc~lL&_Ro+_G8(|sL`mr#<DbLeMNkdvzBUPtJxE{?(FAEIC`B4I
zigT%3l%VRs@TG5PGkCLKm3t6_-=|QIKvN{?Xa|!Ws}9|}as8VUP__0fT8yley-wTY
zq|D5;>A-dsG?8%H5i*j#H$K#pl~_pmXbyqX%B8r)jBKD^BAL4;1J&Td?DS&Xa$<&J
z&|sNU1ngtL4!Ij{6$XELg)><ZlhJTaLAuuJ55Y%E9`bx$_a{5q;imb+)B~Ev&|ZNH
zE`6MSWJYAYx0qxP-*_6l-@6aL;RiTJrIByH&rxwGED)T{u6~Rr`{BuN93P#6m5SM9
z9}9jM^fWkjDrR=2HHhA)XB;xY`H(eCbKEXctAv+ik7c&?Q=0C(tL)SAPnAl9KN?X8
zTt*Nd#u!-f^YeEQwOB32_plnf%0NsQ%WUwzTOS0TzaL&4&37tAOK_n`;B`fMHi(+;
z8{ce>08N1ooMokSzbDZcY?~_2Nj`cEm#UT2i2j}Woch%J4eOZ0#hkxYM#^GPYlV04
zr;^26q&5|U8N$1+Eo!sA<*H#!)QK{1IQDTPhtfhIc$s11L@r`2{5x5uo}8RWg!vQ*
z;ibFeJ*ETbiF_l#`UhJ9d%`Y>DJ%&sZ}%rABbqxN#O;KSAp!!qu)B{3M^*y@`(2nQ
zWf{bN0A^CrW_9UQ_rr%%TSF_kx2%G3HyuUv184rY3+wAe@Y-55)O;Jcn?P3li8<x+
z_Ff=lLpPX$Z#&v5JFq(`bofH1o+5-zz{c`tmv6sm-qgvTx?|>jWs01DXF;Za{d07L
za<7l!nCRgauiiLU$I5ofV}8fAHz#_PTq7z_fi0!hcAf@oRimyPef}BDUxW%1ko(|=
zOB#Xh)7P_T)by5`f;I)Nj6HCsvr&)DnvftlIJ0ItmL6xtJBUi<b{4wMHYh<jP_<|Z
zLUx_XTdlEZtLZ$ai!6RRh`SX3pru7iZ@CfDG1gYGb1ZC0+)q5j{e#o-$7~geJ?Q;_
z2&&YrI4{RB%>u7Nd1FZHSymZ(gu(ZTWT&mV4VMCJGZi&t1q%Z&R+?OCtpAN(LuHnL
zht&6pge%uZ01QQAQ&|-03lPZ2vk_T#>6dyq8~IuX!WW2TnGuL#?f;L7Q@(U{pw*S#
z6@6b%t)PqC799V+k{Avx$Yf~Uv%XH1ZS@ZQa3GVejCkUX;E6MT)b3#=Nagn=@d(|}
zSc}kI<iI;i_p}dJT$nttYCXh!(c~^2nSgm&zC7sI!scCs(@L|wQK`?gp`9|LR3!z*
z|5WWp$;Xn(EOZ#@N=4+?n(=Zv5(wbEPV22KKr#BsCx?ooOyi>me%X*0ku4<fI{ndY
zfuynYesFE$??0ea46klSBf>5<_Dhi?q%Yz!5CkC-qjE;tzi*L3LA#0LlD~(orKHl)
z|5F&l(gnUiJuRbV`(AwfTtcM>nf|H3SD$j*G$XkeBZ;6u%N*ceVB(2Cz8Lx3^f;OG
z&r~vCY)L(@-A3;@@~M?P<E_|#vk(h}Dib(XEmWI{%yY9x!7;utj`^P27+u=C4Iwqg
z@WKYJ*ibirGd0IMDw+g7brh8fQHginH)u?fZKQx1i5@Qgp49#Hm{V)n@LJ<&S$BK>
zcbh(L%^4Nf>393XeOkQZPhDhJSC{B{2cG1L#D5|oQo5tM$(8d=Z>NJ}tj%bw_7azb
zht=CQcU07T>Cv)iqqq|hWs6>KJ&x&rnBVoW;N_XD^@>WUW(!|tSSGC0oA;M%77=p3
zB~Bb}qvlmE(bCf+I-gH?dU`^o^g(!I0rK&iTUy9c^A`WN)%4{$40_U^-lbz0#V&9?
zr8#ARK!dVOj6d7zD>fg2#KB|P<)MzQBX(5m;|XLomc}8sp{^(6-!!roUNy4}K4dk2
ztGbwIpTedRNVwe?vEt?6;CQ!GD}G#Fl+P$}Ie<4;rh)pzH!TJ#*^L+avE1%?VwosT
z7&|x=N21M)pT=(RyAPcUu`u$HZnVFrr|0kWiKwV(FQFK}pdc{dXTWXms{85kmkOQZ
zQKmfqKa)beM!cC}U+FIt5-E*MO*QthCGIwN5+$*8Jr}DD-gjOTdgxW_&#tep&(F(2
z>+Qm=q$1rA`f#Zh#}!_uReqTG?-9C`V`)^1CWi%9moDdxb`m}tsr^ld+p`TkMpXb-
ziX$;Hn1aUw+(z+o7IAPo{|z<}@I6ZUh2}Tx5w`hN6km>f52$<3QEy~}o<|ci9Cau2
zPJZ#VY<_vaE-Q75^MS6**eTAEcuS5qajn1G8XBL`2POa<9y4e``w{W#`{E)>OD6nn
zzQ2@Ou-k_*mNF@d^_KTk>)N)BD|70im=HLfQMvY7v(sm>54<`}e&?M;kL$iCHGlRe
zMNjMdoxA^e=>udKLOc&!U3Z?IZoBcQ@biJm_cW2@K!&?z%fyW@mctv~KQRZkBB`)$
z&o?$UiZ904>ZGC{H&G>p10Q`LR~P-*dA`RLuq&$PJ5)v6sqFh7w_Ufh3RIJOZg35n
zUv!CLxK{;;T>syre-5T2ziv(Ch??UoPzCU(SmJp9hg<L-y=DL<<+qdY2vfkot*#x*
zA-;5N^<z^4StVT8Wng}&ifZle_2)(Qjpcv8jf{zmTPkbnz}}N@$uY{K;nw+Ly$(3s
zFOu8aU+IS<*&feVNcDVooGVp>H`~2NL5{*G7<eHe3Q@u_&RPqcoqu)(Tpurtr*ZJ9
z;W?b7uxRIV_a5V>c@ChuYi5}7D549&q}#&uVWeq(pM~BtB5z8S1RhtENnwgf(FC5g
z9pn#51KVrQSHGT=q??Q#{DDWABSRNpX|?t0Vn@ZFsM*R3HjxO6(TO<2f_wT17aMoI
z{##}eLQm*NNKaQgDzufjDL=OIuDMB@z3Po@a1u3TN5_|wwII`PyW2&j@l%ic!D{Ie
zt@ewp?Vq^}Giq=8VcTkXuVV>&U!kA55V7k61gctE((mB=`8LvnB4@2T5|3NhrXI7e
zb>2a)!myNa?}95=XJ#&PZ#xcTss7F&6TJlpK*k6a&Drkq{+-&ImyD_kFlXtIZ<+W_
z=ZX)6iN1w1k~)9l>bU6hcoi_GCL|pnVfbN6<iP(}JMY!)y8C(iNo_(x0-m}sl4CD6
zvo@nkUYGZ|iOnRsxFga`iPitWlAtnA^KHLiJ?VDPGUWx{WrYBRX@~iBoh0u=YbJ-O
zgwyXyQ$vqG=~(|(zm;xcGrs}RM}KfweSw*=Jzn<KO-ejrmwxou2QRWhIoENhJm)oC
zil9Qd^(J%yA^E+8$4l#N?ptRWlteO^CCXrQq29>Xv`3))G->=+p-3b93y|)41etRN
zw>gj<LkS7WzwRr$6^e_YqBzs`t9fm6pR|(6#jFDI!;C_?B#AfJ&tHG{#|sp=w5W$C
zQy=_?)H{G4k-<&fY^PS}K!U{fxaih?ePiQ!2;Om^=hJR(uyk(HUPEdE(Qx9}MHjR?
z$Z8x%J1Ze)cH-e{erG3zv!b~<^3{I;ebI~B|Bs8kAz!`oVdMPl>@31TG0P<u`W5X=
zUOG>>zAMxhOn|4XVQb6OxdIegsy7QGbJEZ0b*uZDDmg$efiKFOGJu2#iW0CK!pJX3
z3RcvS1+2ddCD@f$jRL-c1#AyQ*RQX&y3(;zn(sjnpY0$D?=<RH>&-y}6rx`2^nfEI
zJm;2R0L7K)%ev@Dz0Qut({V3-t`Z#-W4VprO$>GW-H)B*9?u$eH_fr8x3Btf30FKV
z9cY|MBq6&#Bb6M76PX|gR+uC%qvdG7_}!j~zMQmJ(??n&?Ef6~GlK(H6k@DyR7<+!
z>4@@1ji6nP%!<L^2<f)jW!mrM@Vr=^v$pn}=#NV*-2Z$#@z7>(Oi^$m_KGO$GtqGY
z%55$jX%H2_mpO5|(ilzopU1|K!YskiVOteUk@HO_siN(0`Tx)%@AY+yok$0P#*&jh
z4R3w2@c;bkbC68QsWizRo800}3vGxeEnyq~f7%fb%^<}jmLXo(+N#dZE`H`*cTQFA
zr06`z`|fgttc~)IlW*Po{N$K~k9Hv`n#oe2bBXVN6NbvoHu<{mbv~fT3kdjh%>%wx
z|0Tr~xEgYNl&saiY$^Lz65`|buOu(?)nSN!`uB6Au7k*yI@TSb63hOU%@@Jk4oEts
zS+NndN8yDeOHEWc;tvzAEg#TR&xPfX(b17F{q$-(E;F4wFZ+IZRX~t0wV8yTZumk?
zX@F)6?atn&3h#5f{>bdevVv8sA)|McMs-<qj1t#oCt9D3spFpswrE2FD!#<DX|QVn
zqV*T`CZ*NIXj_9Ctn}z3t6^YoBGX{H?h1LRNj@&qzYEA7%;9}6pbCbkfj>*oG;t-v
z5S2nHgyGKqfU_YLYBq9T<^IQ2$y5;R)BXU$nfXNQafD78=OUbtY$hLSiITLT3!<M{
zP0AH1?XtqUA$olox)ObEeEBzi`o>H;jKIQFVfvm)=yV$TF-iR}cg@;<TgU9}YsH(7
zO51a+`W2w0ds=V=9z{q|9PLm!NeqV0MTNBRRIHW;gAY{<7|}GshlweI)GVU_5Q#%a
z){IKp@^?rjQeLH#K^099lCSD*a@`Tep~NRlph}cHhO*Iutr8pwqTmdPf1tE&UIkw0
zT)<CAhzXMWC)5}qlzH<A*GEfLN{dAe@H-0IB?FisXD1i#Z0Oac^RNm>1ZeO1=~X|j
zHMYvE4?!)?%hVn2e%ao(Q2SC3VW<b}9I$(eU6TBUQy>+<x0JLpMMt(?^ZYp)VM*fm
z^>8Me1T?XJkyB`3$YrlMY>Z*@G?+|&SZ@Lv1e++G@>-~3D@2@Xf?;78l}nKBiD39g
zoNd05)SuCyVd|b4Yy-_4S>|0FwgxQ*RvE~e^Z;haaOzym1*<egFt>SOj16ENs=E*g
zWp5i&ee~0-={Q<(KCl!5kj?}L_uV2vP&pUoM%rqVwl0mo_nwi}7oj|h;9!dRT7f=t
zw7`);5%528ImQ93V&~hd2jixgqq%)rAlNW=CW{yhEbSjMc{Wzh!|4^AB+wy_RZx<Y
zJi(OYzNRtKHCjW9DWn+O+$ZN$qMVWvE&`L~CEtRhoV5GQYz5dz&5jaMSG7;1l-Kfj
zAoRsF<HiDm!v8$!0@^M=c$8|ZR^hrGbE?q*IKOvjyxIcQD)wK8AZhwk&4NmV4qFq%
zW$yA-b*KrJ<zp1o!`RICzc3*i&<k1Mg13V6rUPDmnI$Ot5OCGI6Rcx)vT(gpXsZrY
z#L#8O4igN=Ba~<{Ns`eOz?vyyl)hpvCl?3ndOkuY8e=DgYf}_4jLaaq-dz$9cXK#$
zAC&?0!LY~T2oOpzKogk}B^8#q$fS$G(*s(%QlY@=SmZZHa`lI}jor=C{dN&3VMdzV
z`nx|5`7Nk#3r(u3#F93LgyPO)<!tP5#hy{hxOC7SJ~V;;Byw}FtRzi`0%84VJ0y|x
zXrVKjlVPM2#oJ`nKJ2ODM%(V-FqcO(*FjovG1#cYi=K#FbqSHIAFHV|B7yo#vfbPo
zE4nZNqlK$Gdy{97(@1Oyx-yy{*)5qrA+k4h@XQl+RKoK+D{99!47(u^5kqwrK)ezs
zb&RiGiWYJqODK(UMz3>W&#bn47$^rV2I_w_S{(}{p0va@jp~4mPQ-ExCG)?X#MHke
zt(OObo>Z9|tOZ7Pv=V30_Ap1A>|tF@2D*S_II<57HPOf5=4>moea(RKt5%_*#NDuh
zA)IeCeIq7?!xAn@Oy1q{#1UgsD-K{XBR*e7YIcb|5{CXL2c-O~zAbObC<G<mSeA^!
ztvsV!UqX#9to$^Pkz*LwKb+^wOfC*!<vVit^%JP*$YngPPG2#CK8o07Qy(I2kp}k0
zO-@=P$6sidQTxuMM%nk0!OVe}ZnqNxP0hCAO)C8^0M-5ybiH_J?E^TES=u<|gUIDk
z^7&g)wd}6|uvu=1@kwa^M{dQl(-^>q`ZbtOT!`0KJW`zEB7}x6iMp2wLEt2{QRX=|
zj@2HJd6Yz<AsVR6v`k_2ucyGGo`6=v0{*asd?CdXO2@~*l&n?Lz)kKUv#V#d6Y;aE
zI=rd4V1gTL6=P(B_W6)9Y#|A$BRcF6+!sCkO&aD92OHZ}<ChepHBg8u#}QMVg@i-_
z6!8_f-b6J}5hzZ5Ho{XUw0)EX;V?t!3po;Kb=p|1j8^^x0<(283BTwJV>y$PIuVG#
zi1_gvTF_AD<;3hR+^uDkP~!=?eKc5Aw%(xe3=-7)l^g<$?NXVyF2PchH7pj3zCcZ&
zvjekKt^Wr%i6JQF8%=joPkWUx3<f^hKBw>$$ZTcrH>yg5=!%eN9Cz9ClE1dDBQ#o{
zKrET&aE4>5raWy?nE)^(nnI9p2H=`;Ue2e<cA>UUY((?wL4rNDAQ)eohh3ygR!`H?
zg-2f@P=y9k3^Z~8=rC2vBMQi&hcW#QurcybWonGvT?lM2kJkS85ZLig9r{NnX1nUt
z515O$uPk$73aCs%rAE}{c&#|d!;oW0nP7e7kdHl2`9m#aAN<XC1aI1)SH{|KN#KNm
z7aaXkjX>;o#R8T&y}z6*NQvclGSz_mWgj3gtahnvov3M`*rks=iu8?_vsxmB$1K^o
zE>eZ-UX-9LGAXxOa0Vm+^a(0gAfJSm$+daFjAM0%f)Sm_T4+Qy{|UGEbM^LUliR#V
zSQ4%*1wXkNo*ChW(P4dITSe>U-<}J7R&r#Ngj_!eFh`0ZZqTFiQpKo7>q}kHxi*vF
z<IUV0%H@Li7}bPW7!j5piPU<5Ph97i1Piy1+|5MDI9m$nI|PW{FF3pT#`C@ewJ94T
zjGHDWCXzI{9GMn_VfdS72->fIvesb&A-IgRuVhk<+vHr>o&zwig&oG?D|VW``$;%s
zb(G7_1L@MI*@KEMM-R4hjI*zUFl}T5e$GZ-Q@Invvct<=3qf1Cmd5W!2A&ThbiKK#
zW<GayAO}5Fb>2SWk#W^@Qg54FwR?vyR1lvQShJB)J?pK@+E@ns{GxD05oEO@a9xnZ
zI4bI;q~pmt+RPiQi;05jR`o+kmgxIVH*X~?%+QLa8Jy`QJ?RPKwC-uenTMTq3)AD?
z&}IqECo2~qB*88~%kaXd6(XavfGF=LF1i*wlQo4Y8>^<#c<611jI`=-kpJAVpB@%5
zinwIN^Tz|qg&abhm6CD8^VVn6KfVMfNAC=OTaD+a_;j<%c*S46#EGb5+Ij^=8g^=s
zHQi9ClKk!)e(XnbDn(?*n5_DwGWGp$fb}F8J*H+pv!(~&>=P)%Edqkf1|yzxWg;@n
zMW0t53X3OiV&s>&BrkhPr298ysE*0A?iYJ@jL~W>c!guSVaQ4FP4ursfd9_>sl>nU
zgmAo5eOkO9v4aRse(mH0DJ@^#Et)<Por9$Xgi<S#inl%y3;KO54YI=#q2I$i#_{gP
z4it^S^k1n;P7~;a*As`_VfmyuIAA<B63ggW=}Xf~Lg5A}@AJ00gV0DQ@VK6Ea73RD
zMBgx~HO2MXu+n8=&-58+vyIbv^)5079x%x{KiuE0oWP4uL*50R%w6VfwEqoWKn}PP
zYEDBROi1{lLG|<Mvj#Gu+)CCEF>)cb`rm!*=;fzR=i8JP{^@uXc)}i~vRdgJQfCi;
zc8u$A?z65IsOl4%_q-pup<%3iE@L2NE$L*Ph)o>~WGmh7y<izB;<1U(76cHwV8d$T
z*(gGC4LyJ`Ie~Jxnf;)71}dXF{^r6b6xxZ7S8}sSDh03L0#PBYztSI<)4l}Rk45cA
zzhg-;w{t`!M46D>I&nm`zsZYveoPR!t(zi=CT7Q9F`7b3T<)D}R1q`A?m-W<X5H*Z
zjGd&$UC@W|JNgzD#~S=z`WMLy>^;vDw%Qg5>w;k@*(?-5>AnLXw19?ey9-6E@`aa3
zfSO5xcA2#V!KzaEqMJr5s*-k%{$vMhE6CogL1o$pHU6Kvwi$PBk9@`l1^RI;;o?oj
zRhMt%Ds~a(FD1*iRI`lc$O2^wuj?x@wae|47-zlPzQ09E9JxKJfXzXH-`!q&c^nF?
zJEi7R6XH~rpGoQiVqQRwfLR}KJcn8$mdRQM%_tm&ZNNSXHFLojdzH#|ER^89;*f>j
ztdlnv#l~!6)38Cp%|JTa5rBH=<M++=9WvjM*@Z3qdy1rri=IU%@dC2QiI(BGX03=C
zCCOejg9uxs@5<<TiU#=Agv3)kIMBYxpJBr0we%!O!CAZ^?l*KX&e!>ygXiUG{PP#B
zud~F7>6pJ4l57Lb)dE^uquBB<XdvcjYRoff6KKU!)TCK6s1Qa0q^%fIk8u3g4V4&M
zOPJ~HGQ$i+6x1E<NKc_XXM~-Yb*mkuV~>UbRl(hVi2&8N)vx9GjYGSkcauJDVKgMR
z^fUC0QO!03S0SY&D>$n(kw>u_-?2#Fr;jri`rDnX(qJeyZj9&};Eh3(CW5)QU6{Xe
zAXv=cWvCqRmCHyYts2C$KeDQX=r-|Wv*uO;w3)^p@;nCXBW$KoXQfv7r~{%tkp7WG
zrz<;k8RFBF+K351Na9Of2t!>-rJ~U?KMS6aensC6=o&B68(ttf;Oh9xSAm?`qJFVy
zRs82z1&QISg1eDaojyB32;8H2zWe~js^}Z~n$l>t!STI8b^eVeHdJ2bd}KI|;N7V%
z+38t!+Q{}VYywe-RPlbp60DdSP^~H6h*N8gC=|gTJc*Vk19<DZ9uwi-BPE?egE%VQ
zoSFa?$Wc4ZKEhND;z@aoqxgN5Q+2}0>X=aT86!}r)hw`Rtlqov%8h4B=`6sls+%=k
zsv=RN0NI=Jj?r(B(9DfShZicaM#(Y={<KBtxat&%H_S%VsG7ZVX`Ux`FO~)Kj}L2p
zWn6Z662xs*Gkn)+o#t*mx4R-!SS#Y;8A0mLYrcwZT~oEhul%~RYH7K{_}zKaJ=H`g
zxEzPWvfR!6QEsKB0c%;4h+;kogLL%8y=YpX-=zfO;O5Dt>I49AzV?D1li!IT%ur|@
zthS8aFxco?il7%(4U^%EIajC{slJq9&}$==?4b~AfpA37z>PJ9+Q?l8EBIttimL3=
z9TmwYU}3}hC)U(4Oas4(k@o!|RTWE=W?r7<wD{F5prNIgoXWq9G^;kSQ1z6sacHdI
z_g>IHS=U20yOLZ^I%g8EUe>*@S}Z=ZhHQ33T03N@Sa>i&cqxka^_`bSI8E=uWw4UD
z*ro8%*5b9kP4`yJxjQo-0>wK0=}8t0+xdeE$I$N8lJR1sh1|*FL{Z_>jX1zAS_`Ax
z-fH!5Jl64Wx70Wc=Hf3Le%`cVjf>to;tl(ou0ReL{n1=)MV=-Ws(cTi`xs?znESzJ
z4Uw2|6;iPxx=40U5nfEWG?wLr^_q24+D%6MIS`cKW-BOoG|A!XUS;wVvCyW^o<7b<
zk!1zM^wWZH6(`xWtuKjEH-%FHy*<sOa?Mr1$OOhD)P<$;Nj>L^5mBg{lzkz0(yN<N
z8E7w8Q5mqbAkKH@C<zI`#`1_1G7DOwL?qmW4q=Sm*Pz#i8ekWQ=2B^;t=7-6`z|C%
zJZktaxjCMXnc3l&K18$q*DpH@Q&V3zT=DcQ-@YLzW`2)``^!QlC!c~i_Ndf8@L}9k
z@_eFkTJ%r$!<ny{T;o$`o$1}Tyyx-?v>3X-`5dkLb!TB;*ofQT=+$-q{f$l~dSbk%
zB|^C4h;YQazF6+=htS64_kEh6AK}wRJJkG5&CIjH`khO-yr2ne)2i^nPVVknNx?Zp
z2_6A+0Lr0T)5wHuyvNnV;l9XC<m#b7VRM;(Bz~ozLr+VN(^NxAr%xvqggPzx?C<9%
z3d_mK5!&#Wt2O>+rcy`)&fYB1iuQgg0URi*^4&Tut=<qfm$Y=QtX=y?rt$?FA*q%G
z2_nxmdfwrV9_JtGggV<<H+qc62W9$ROx(v38sCk&QwCgxa|NBeqY^vcx$k(RS0=!J
ze0^=$O!<>ty-Yw~W>IJ}1{b}pR*3&-#rIUkT)=}ODuQ_3mF%0B^B;-I=rj%CzJQTS
zFlJbOZ?@fUkdZV%N>0vGXBLm=wH1O~ZF#&&?w(o{7sexlp+xUtB}qw&UyfvzMSVx<
zGY@Wczo7+=;=BuH4dG>_j;aGQ(0?9b!40Zc(tB-c`cpyT_eUe=w(!HUT;Ix~B2Y6u
zh0N}s`&iEQ!@YFV{eM9WQvX=IP8Zle{lf|NnOK*Y>Fk_Fgg_cK;;Gwt8(Hc16dyja
ztTk`U&;Q;^4BAhZe5yO*v+4Z(9i2=3x$kq8Ue{OWKTBOMTZ!Gz{d^kYds`1w_Rcdw
zFZuP$KUDv&*5{`0_FtQRov>(DfB5tM$>T2?Q@}&4DOV~qI_0MS{PA{_DaZfeXYIR)
zwev%J)B-~6+{>|2xpAWxe?$$TWcn)Gn$kleL(c|blp*w?j-c~E!02d89kH6KH)$Xt
zEH9BD3Ot=03Zp0%0mD|Xft<1$+s+6^{uXF*FQG(hd;sL*3nvhecQ?Q!=(r4EG83b$
ztE!3}w5Z>+Q2TZ{MD|}6nXR_9uc2Cnvu(Fb@*m4#ok^$fM!TovOPad-e)4_buXm<w
z_|TUe{KJ@D*Y6#wXW};@>)$aiKJ+3J`Jem!^t)cr6FD(OYg#{$^eQ50)v<calJ@(Q
z^`}qz8;zsFs97|7(B5Fxlh<&B=eq>Sqj?1?f4jkVb-TYoLErXc($W@>P^Tk4A2yVT
zUtWMT#QdKlCER{o2i^a1*N_Z2r?@q_j{N!d?tWULd6!D>@u{U{{i5Zh?(dwf<iq`0
z?bMH4%Kpv7i~$h7Pka_`ZyANfSuO$!)|QK`G5wUGjJ*&X82&KE7I~TyD@JMpL6=4#
z&E{eRYji0}mnvy9Lm(6+(hhymE{d?GdRpuT-Pik4H=AcVJ@Fmi0Zyp8178t8&CulB
zevz?)To-uN{I;W+@_#VkMwh6h+cX+XrE<G&54=!ac+Q1OFQ#QRnyjrZvWISZ*Y`p>
zwA)N(5t;hqRMP0YN|M<SJIoK2c)p+Z%e5XAzFD^He*SkZi^-8bp1mgxPeUd3Phe*z
zJe_On;9LX_gN=Exf7=pQ=%O|P5xkslJpbKxKaNrb{cC*wH@U||(LK^I;ql5TZTwTI
z>cjD%Y1?LDU7A{B%THx%UaE(yaH5>&Xu3p^z@-GIX|c=0@-I6-R_phZ!XpPQZb04}
zH*H)&fB5q54%55-b^6dcXA#EkVkDL5_Ui}qn^{s|gfVe5kv4~3G5VWldS@ND7F?Xz
z(1pk-PvxVDN&}+2bXYAfrOKl@0Fc>o6{AcgEbD~G(wYexAOM{4ZHU7vS#g^O5_)`*
z1w~N9BcfpaMKYA{M&e;<QKt3wbEQNkK3gvzaOL;j_<8qppzua(kF=4|+6zs1Geq{@
zikGCdAXnV)W_vI;QS#|dhjn3L;rfLlK^<dA8HpzodO8StvVH&lTvyMS;CDWE`uK)R
zKjuNUI~Kc)$arYhu&9SwV`vpquIz%2B2sfT{+sITSNde+vH+)o$5fS)yyvaTG84bO
z5cKKk#<F@w_Br!k4u}6hh7x(9dz8z)tCaLE(MWwWmXkGf9956eLC<4}ftL^H-M>rP
zBZks*11gKk&Of4_ksY3w5fpZa?Pg*_O^jR)d~Oi*4e;eL)kJk2h-qqUGN^EnkhI(f
zzZ@ruIzdb<6Dz`nZgcC7AO$vS6`%o~PbG*-yMGJinwL8EaV3_;+@}(piJ0jA)QGOx
zsTWs;b^m*uD{^m(E9hQD|7VT<7mK~I)Ikdzb<XmD;`$GN_78IXoX^(Vdcs&ykgs0o
zzQ@_bKz`@-*3cJ*G}rI!e^iR|-{Mc|hF={PT!$%c?{*TsJv@?XP&e<ZO#dBEWb$=C
z?r}v{)8e37Ng@~FstY+ju?h9w2g^YyLKuCy?LP_WVurIQm+@Wduk(KGGGR9#wPK~z
z7{CBQ4*Td!wS166tMF1p^zRrxjapQ=%%(qW@Ye9DOWZe7iNCw9j3;`&7$*B^81(2m
z+<p1CVb*d;i(}U_v?k)C*%}Rkk0x+N3dyb7%rlG|4Sb8tRlPMsj6Ok5nI6j_<xzna
zRcrRQWNcp=(oO2pp{iDKV%{KrBsG)kJ=yWTu&st%C({<Y(m~I=Ot}w~81vJ1zL+hc
zhj#sN08is_L_q@RJys+i|MvyBfCIx4H$2Q<^$g*33Bucjv7D>TPHQb)*EO?63jJz4
z*%6bIlP{)v`9eqcg`-P*Jl!AUd9B)q%WPdQnRf3ctMp_$iX-;W*WU#li2mIA2a}^X
zf&(pAo1Mw8V{8a(63!BXPV*(7ZbQyY0v~(QZ20<es}qz=54s~;uUoP&&H^ajMBU_W
zh#D%yg?Wn7BcXo_@VkA%5mmvpAI<MirFT@qE&Lw3zU&O0uYLPg+tpQ25O{kgo-bzO
z;T|-#TJNl8sr{$*5|ts@(9h`oTCO-AlZMmJ7Vr6tFS+9%4=^&xpZuZ{8hoi<f2PQi
zx7!_fU+i^;v?^K}Nc8NG&x0zR1~r@jdPJw8AtvY($m;V__cS8<_?N?gw5+d?R;AU2
zC50nUWj^8(tQm4&Za>pltZ@ZNJ#FHT9H7@+FOConYWGDUpm(DhfxmCo-j{J!W4-|1
z!@u*nbAmIX-}l?io%cFWx1F6lpD%af1JCr^0GXvMvQMUe7j=c+Uc=Val|TKW8~m}t
zb?3$OQz;>=*+odqdUZgR@uiT;-eCuebmLVaL#DD??kglmEqnRH)jOpfQc|+9Qo+FO
z<^4D15nf`>6Q=y$eZ`^db5jSW`}+|F?%3*#mUxVb?z*xUZ|9Qet;3B4^kg{Ma5*%h
zRloI2+A%1CE#02F1^Ygwl!TNPXfA00tV*G}RWv;%wB+)y;hSUcHh;uH>dU+Un<m8b
z7_Br9Lqc6hw^Q@R9X^)^wmGk_0xcx*$Y{-QPbu_|%>A7r6?E^sIPS_|*=pw#QkLs7
zKO#J7@u<7?o5roznjJSm!%e?rkfJSm1=U)Y6oB|W9geGQ*_eN=-m(U>u~!TNPw+D0
z@Yj`I%hWK!6a@=f0rsugSm0A4iF^oKo;f)@>{nS#%1yP3&^jD2QI6(Afr-)}iLkyD
zB1Vn$5eq#1G8}U&%cz>+GC~sx>&&a)^!l6U6ZU81t`AD9+TrubsvK~ZG2Em13QAtE
zb(v$wBKsR{P3j;ah3)Q221A5(2&p2x9Z=x-+ISlxnrie0i7oyQeNllt19*+HUig_c
zpC^Wp;;lgd`v{D5LDw1~C=e|DN((fGS$%%vwYw_Xj^ft#^b}n19wecjBA9gY>*Qy1
z;~Y1xe~$i1EeWle3p4M~Y@NN$kK@Cq0fpgzTd3&Yd{I8f`n7!MP<<i|@@U;_kqk56
z8KkyA^ZF5u5_JTm<ySe=UrfgoYd*G(O2+j*khVhs26B8Ag2(N<a8pmi^kInJ@J~4a
zns2!LIKaRuNt_f1D;?ZAVwBdTWwSl4K6OMYRetNwIfh&s=hUatn1Yi*t%|a5cxPXC
zKPB?wiTH(#fAAX~+#Dm)I5jITj<dFH#Psy^{7rl56cABvKdE+w;fhubV__JCR{=_;
zohM#yU+&0RcY!<xI!FQaI8tLDA0NnLB{Cydd3AKPSnfE$sJKa=LCJik7Cgej5TpHx
zy|KBH3rZU`ScKe2Em$qgjyKXS#4JK6B#+u>9uSB;Ey!D(LxA+v9<{$Q5&VUUI^D%6
zOOakaft1f}z7?lv2<7V=?@#v}T6)fJo#-9=#ZZ-K@*Iu-N&ZPQ0B-Q^WPkV(g9+T|
z^!4iQSnBAPna&1p?u;qAawjpRlvT;RKGd=lK~pbBt!s_p1;wK^|M(($aY+(-Y?h=Z
zm((_l)^^SJ%#viA<aTjD2rM|IkxQp`2Xnmq!G#_cYKZivwx4l~XBR0WDV4ggzs!^b
zS)!uoz>}bUr(OoeA**=l4JPK0`kQS~5VDDh>B4?<vbCRtD8=k1mqBmt3DEc!Ch+$S
zS}+!ogNd+%-R^9X7&v4wnZOz~#-*S~<bYm*06Tg4Gka7>yi(?FeK@BR0puDF#hgK`
z90WFVk-o)yPRW-I%d*k4o2zA_K6lCuM!4t>1HF{Bd#~7-uir(!)qAqf|3Z9PG^S{&
ze(}@Z=bLg9cosbi(u6Q%lz3M4T>M23(~_$%gvq(Q$KnGVb63Ccl1>zg$`0NI06e=V
zDMwP`&$UGlXj?s(G0X4k`Y-bLK|L$T7J3(<(tq)X*N}974D1{fK?n3GI}tRbQk!vI
zop|`*i9Q5NAFtJxTiP;^Uo;mbzXpSpnTj)t<aH{fSr?&v$C@pQ#TpF8!O$bti>!gs
z`IJWhh<d!_5!4*V?cV`mDSb(giuCw0{E<9zN#2K>Qv1(g0R%}xHZliv*A##}QW|D+
zbAn=O8fuVK{jMn}BhMUD-%E16=OmiGn$Q@p`2PT)KwrNeygVwHV%7ysBt&DPDqxy)
z$-?H=SBF-B;<=37o)CVH8ctNNM}m(<nG>66a-dRlWFhb<kUL_^+aZNW6$oksKS7`_
zX?jEeC39%;HuzVB7}U%k=u~S$(7L47BxQZYtPIs5dH@df2!N=zKJTlmMvS$Rt@(G&
zYW>vV(*{baTwofcTkFal08I~ctIg}AuR34d``r&gnH&h~{evQQg~hy6f<b{QAG`T2
z|JaSfV}vY)3Nx1sBG|f6t9~>n1|>id*&HD$sd5tdjG|pHXwPNLC3U<i00P;A(<KPE
zE)PtHv}Cs~9mfs%qb+r#fRsJpPAV=!ojF3;730ygzAa!U*Tnz$sUGzETL0JZHh%2p
z${Vg)qF=CdYc5~hv9IUkmZmQqF|FTS5XG(qu4^|tM`uJ#{N_*o_4g1JMDMs%hq7lj
z2&BmPjtzeWp2~}iYVxX(^AVZIUP(cS5YTaR;hr9?941%$*8w}*sbXSoB5n4{WXN~e
z9E|M+H}Q)kZ6t*rhqv#7BP1W>hVkC6g2+NbsFr&lZg}QJ#`?dF!ldzgzj!|H97s3?
z@gZZ)R(t(6d&gcaSHRy>pdBf8CxUfccf=8@p*R5W?9#Qq<B#P1e^nGFPvBHER0b%~
z49?MC;kxA>`0Q(f*b#moRNd&5#w}|=2%0H51i-0)q!Z#9pk!7>kX2M~l)M-Y0}j(k
znE12>zNF;>Fj1K`7f3)hPOKW>xD%c$4!n^L6ewc<F^3fo8q3K4!zhg!(R1=*-q|m}
ztcWJMO4$05w{Epc#jc*74^D0R&I!}{itIRI`;Uxj*p)&Rd^kmuoW=LFjlA~u<c{5p
z_b-Ri=#iagoR(WKM=@C6)H&0`;hQCA0=Z#@@*;p;73h(Ls03xMkQW?{!0d(q6ePMU
z5jRQ#vJTO;hEt=eBRQBFVKM}hlMf2Q7?sTd1z+0p1e^}RSvw2vex@VLU12y^<vT=F
zNu0r@qSTKFuqDUgPEe<E%Y69FTeNbiySMl3X;2WSVnK`ud1@I=mLVyCD6;n;h^T5*
zl5&m+kyT)5NucnqG85i}P~5j6R3;UKOGAO_fw^<%$XSj<CQ(D^$_UXH2=_@MaxTLk
zNC{9Qkv{}E_e+T%1yMCcm`Dg!b%f-SqBCA)b70{*3i;^qg$@|%GwgpZ<j~{R@f+YC
z*=mt1aYDGO8W71tb5n}nGPA!0j|&SU+!8b(YiTP0U9co$Vh1^jlv)_1s47&%tQv}}
z0D++;f!Dii?}lK532TyGfC={&B=y0Q3<cum^4*+tV<?+Mi39q=7C^LzLtD8Cj!bw!
ze9?j+M6xn9ViG(Y>JsgN%=Ap4QXdg0@FP^!Eu`qc^Q3X00AYMZg@;yUP(3T=Pzi`a
z<MM>t4+MD{bOg$gS}nj|;D@o<_zgZ>Q`0O^1Blwky23Z~f<o1vLKH|z3@xNwBYIbj
zPU3|OzSi`aE7&#Eu**2kYXyGCq~K8lkgePZGEMMv1cLYn8veM%5quy#Q}MQ@>coau
zh)a!7>z*Gf$P+?@NJ$W0fF3nKfRZdE`u`2!S*GJ(+Y>W@52gq}(7KP)j3CHek7!6i
zNja%igG<kslfuQIQU^cIcfVB_qPY;+;vSMfDbq-WL?#3+KukaX{~6HG#2ASnS_W_w
z$H0LBMW@|Fdy40C;4)Bnc3A9HObBsBH!6ZN_qqz!M1)Ia)STiFfMUY!vZm|!W2*$<
zDwFwVWLN=YCz=xe^nfFj70J6DDcq_C3_QVh2=A*GWJ4_&lmKjLG3Y6U9ta^3vM#ee
z03g5r^yYz|<3Ol;R0O|9M6h$@v@5B{ws@Dd|8V|Zun&wGo?p}iJbI$b9?K9sQM{fV
zaZK0Z{-|!_1T4om=|;#%ssoG%X-{uRvVzD4hBwduD&VO=ZfQenh-n!^OX}Ews5g-5
znaWD;!8@-8RI>y*i|FX7^x>FD7<$AOGo1V4Y7i<O-NElYzegZ!$X`#2W>i{2SG2hL
zWF2a-#41g|&yj#^xaPwN3a21!4VY=3ZGgpoLG}q@pmEM%gTX1<kTep8mWk_i$*@}#
z0UDlim#DL#L<Lkzf)_XrCV&G0j+~rn_m(X<DzLmzV<M;NaCUT-EE7)?rt~iWo82MD
zCV%+rx@i_l#n~<C#gki#>OZ=FfFLG<c8F*QsC|ZJuj?y6(w@7&z4!i(t|z;?mi6^)
zFAe~|HJ$<m`lvTIz#-w5y7IOHP>@(aQgb12hgZN%96gmj9K?mP)?KjR$jFslE${B;
zO7=h*_eCnE<2NX|g9^yKpC1*%KEk*J*fCw|DD(}O#r|?Zw7zm7XP0tzF=rJAEZjot
zH}MZUq>Q)-B^p8I5YxW}2x4de?jWJ0Zl`q3()6x2qq|ej57<V`N++;5S`kmg2ovX1
z5uQcy9o+C5QU)CDH?3&Dc**X6tnD6OADcZY0~MuAe`&+_Mv4OrM#BSzDv|wS!D0TX
zCvOGhE@-CXI<&Y|{`H>xUA@*j8jQwd3|9s**X6%HroY)=_}1=nMz@Y?NXFs@jK*ZY
zsqoK2Ivs!Dkylr|_LhG9ty{HHv8%WD{ZkviPM<@3TcMZ)SgU4qdu31g@4NG_^cK6V
zf@TyAy=3b}AmZ_SbF#3oK6z&2<ipeBO<fZ;Tzu4q;2MeNxNu~O@BtIxcHk(fl%X1y
zP3t$W_O0(WQxO*4Wm{`b>K7kgH#!?HIe$_H5RgbUkQs!n-JXn~8kWt{#jpKoW%pYd
zBgthbvJ<gH<G4{)+~vG%n=P^WACCX{xMY*_S8c)o8dWEys+a2Hi$N*W^qsqsuRa*t
z_?q6nBaw_Xj6KLoHxyb9>YsLGZt4+uc2+sys}BdE(h_6jH!aaT38dpjI;K6dx%U^(
z?R)yIehm%`%Z$aXk1uTb`iTckADQVXSS8ba#5-UMGM)j1B^4qRSqL#eRweihWQNcJ
zzykK!&AoqpX>TdtHL!4!-H>g3WxZ}??L<PeEZsKY{M2nr1ERmzY)!Nub7<@Ow~W^}
zHH~P!`1Cnro3ka8{VHN5fG>7+48jEAeC%dPZ1RV`4k;E2#aXTC#gm3$g$NnR)1(5(
zMe_m*NJ_JA*;V@GmcoWyITkb1F*BiCa1}`y7ThtU4LcSq?zY=sGgsy8u37O(3HCRd
z3E)vZC2}Z9!<#|Ce7e=DOnS`Fdvb+4H{{w2M$yu8W|fvNYh4BNn6Zg*_3<(sFv@wU
z3YJu@hM-T4Xxc*lUAck3Y`AAnp)+rl`prDF0W;rM&KK>HU7zaL@;R$eX?Cfj+<RjE
zA>&g`%CExvfNKF~m=qQv4;%<a3wI=;MFiJ!mPbOw`G~j<{lp_TWN!ai^37*ry={8A
z7*8b9jSaCvU$S$1{l=xKoofnB<I63rM!+!-g-r4o06A#~zz{q!0Kb|Npbu5LIUU>D
zmH*KbyT1GAp3VCTT0(<kT#wn7X}-Rx`_7g7G}~G*zP>3NFR<j@zMYjXdyz%z6a<$D
zdCDu<b9fk%sh%;c-#xec_7^+e+S@+<kZ}!->8BrEwR%f&Lq}=D?!NWVcJ;E>vwq$7
zd`6#i^vurn+n#!0*&AE?j-EAg{=^XlIQsVszH}o4SBMY20xLv(h6sR-7+Z8ee31gt
z&}bToPg}>mXn_D(TC=X-Ui$NPyjV0OHMqZFKhz6dxJ$6{GKudw=vghE)bvNoFWg+b
z-83zHvf^AU6#<+)5E31hiW_1$)Hozp00V9Z;MM>e-Xo;qMpABg*8s=5qQwmjq;Mr5
z=a7{viV~zDH;3&3coWm&Z!%zENVhi07~H?d)A1y%2a`@i+K4Bh>9K?kTe-zjIOwWx
z1@T64o#++5zlkKBxshpHi!!Mrf@3+(8r&n>X6EJ}*WdrgcsZ{(wCd?PI9}jpS<?+I
zme7(}EnSz{yMF8gzsjs%Zi2q!UD{TvAu+uGu59Cm;0Y%PS4RO|$5Loo=I@^0^RDYR
zUGs7$9P@g@HmtH{mUXifx6OE3+uM`-{+(;i{PWBISg{-Ksq0cPDTPWkl=A`__})x`
zCAcCtVv4S0<u#W9H)<A~h88Rojkr<l?8)tIHwpzkt;gbKJZ>f8R+6<;+=^#nR#&&x
z-cx96OTscZ0VlQ@;o@_E!4lw4nAuR(;{`4kI8zL%3#Mbsym_C=K$lunWDWbVedX)-
zXbqV}G7iT;(JJO`y{yB%PYeRVoWrG2XSbE*m}WNWiDmY4PnDO%or}Ck%mtBxBvYiN
zutW$=8jQjan7URfSslHl&c0GdU%9KVT*?*7xtwTLxvay|3r^ag#^Tdf4HCfC(NHEM
zGyOymV!Bqe%=Uraj(lH7uD>JST`rdFQrU(rYcTgZl>A_DM?61&3x*>MN|N}n6$(TP
zK5pTdESIeAPP@0;?CsM3{tNAeyK?D<yrt)h#ayveHeG*N36ZReY30#RUY^+YmX#C-
zH`G}=z$<W@MMAA65HFK3U<L5N+O9Kh-2D9|yZ82%b*SMM)<GSrArfT`w&ijXZk1B{
z>zg}2e&x#-{N?4fJG)!!V(}QR3Mejka}9v;J)8<ca+M~62w7KQhf5c@D^4uG@6{Kt
zf2uF1L)!QkfeU#XZX^mh4O%`A2V48*y)XadiVcq~i@{YYKcFlAK5AgT0jO2q2XFwz
z@TA+e!jaU~({tw3#;?`(3{jqBoE+#7i_etkM?+lKy7Q&)Y%;d?<#Ss$_3hqUE*4>r
z#L{|tL^3_GA=Z+$i&i{VNF{o*$<F%pzPeOrDz&dZp1Z*Q&vD5KCGN=$N`P{blHp0p
zsGh2%A-mFXRrSN0*FCnfEem(`a7tPBK+!Zo2mfA#ZI$hGQ)<k-@kS!;f5?VwUd{fW
z;~M9VPUp+2Bvd>Zim}uJ%Kv+hU;5CdXR~q05L50i<}4eIZY&TQT>KNs^vKp^I^8^R
ztO+X;DJ8f_!DaPV6F<A4aZ(O1Su7z^5Saxr0e*h1fC0qyuFEbiynMf&s>eUt-P>Wu
z;vj&Lz%GD0%|tRadG@SPlPAGgxD}z4%ePG4edc%dSW<U>C7H@Q(D>@fN*+isNX1cf
zw1cfuF@1CUz|WrEbI-DNEnm{&khY1bS|$=uWN>1E<IqHyrZ!Maj>vxLowF`{$Lwrf
zh8=Sln4-(@2KR`AAeoU*!H^xm9!T4zpS-;1hD~Ky<Kmx4hhqkJ0Zt=J9&*M5izRR2
z)eFvU!+;yB{(^bg`=*{bcU+(Rz>fArRMe!bfcWZOY|44xfXhyvJwrTtQcEe?GekBu
zFd?EL!~_X~02f>jM~RGKJ=kg7wYFpL3rjn9c0vuYlMQyF-ZGPgj$-%bc1<@kqw93L
zm@ozsF=+kqSYOh}6=J*U?9{>fLU!luLnXlq6#4AOl(OZWcEc0f*6-}YwPDHX&zn8{
za8<`U{H~r7h^>5~JkVPhuydV#xvqY>4RrSByZYWeyK!uDs_dVCCoxaX)P=2wUps8f
z-`4)J{MPjyn@tneiJhGTJ*ik?ppeTI^GPEH$8kBI&+Xo4=5v}6&-L~fy88<~yyd%l
zVf((Z#~xJIBEKng0O6erya@H*ds%tgTH7p_yV}a7qE#rE1AT1vbSROqMohMjfPdaI
zEtZJ)>@L)gDUO@0v#SyK78-IKV9MQ~X%~ElaEDU?<{z$^UwmNWlBd?6Iw$e2L+TbC
z6hCZ2{IH1$XopWs9R_W3`tV7a!zV+_LOWt=-QiQ}kC@i5cy3F7`@Xv$SvhL@*yE;;
zDwc70RM3MmtU#$DjT3wc6=I9Qcue6Gk6GrceWi7YbW?LC-CUn;Zb&s|lMNZWE)#3W
zrkm>G4fR%iozc*cYHo}*H=E5P^yZdCb4$6Q>3x$jGn<k{x>Qx4u%U<a43QllYzEzl
zct*^|EQ(-IiKAH~Fu&51m{1tHR<QM_w)Ad&aYe42j*pxiYaXZ9w;FXVcGH;Bh=~)&
zO-^hqbZppb#G$_AH7jSE1=}oI<r3UdZ?RV7;I@K0lR#sVx3$A($F9FJSQjpP(?(~0
z_t{xZ+4w=N$v<5<XZD0TxM2VCGqdJRu7?|FxGJ*u3UN)PXi7+dh{V}<COO*FO2B=M
zD<*g2u9HR_fBwz3FL~ER-#PJP`?~j@HvNdJ&iQUSmMEE!xn-A3s4PgR8Vm4tfpQiN
z0CN#fLa{cB#j)ppe%24Jm~+YXQ@;4ac+&`|jI=hvH!(rkKWnjg{l=H=5}f@gBYy<p
zUIr+I%sfSq6x5^)2;0>=kQ>uHaq-0eK5fM1A0B`8Cud##>G@ZGdcoBfEV}A5hhFvB
z!>;=5;a7g{$Sc2a^pzJLbLB;guej*AEB^iX%P(B~hw~SG?cWwo{M>u<Q^%JEir|Y4
zf`<~x`$vJ0#YDqam81}=!3DZy+GRK+3*~aYTrQM=C>6?M4YNfn7xQJaP#SBLTl7*f
zUo!KBgJQ*2y;#b_r3;TPZ^kuXFg7Y+2K3wk3mgMuQX>UyTn=Hey2;Ja0#H&84*^D;
z$xb>(xiuujbZt-Gd~x|!Tg${6M_REY%#dyAB|Tve^nc}G?fUmkxc<CD-yP57d)stv
zK(hyIGY@lbmWy^t>oMC3R*w6ULE)UB?w$nIlnOPr?!?iv9=!UrnJTbhVfe{Y51KwU
zGk<dZ$4(x1>Vno$4T&$DKCxJ|;8;PmkS0LxrGNsmR#cE5Y|Nd{rvSU1v3v9VdwSb{
z@~$r|p0e;aXMQ!N8GCx#46K~6L->)PZvR}sxL94b^7)acot>F7tMmECM!)An2Y=^R
zW+4Z+%=ms>5Ms$>_fDg?6EDj?2$mqA_TzN&9tU+n2bx>zRwNA{V0x1<*Hfl^eM`%)
zUhdwpZO=egPfuU5x4$H{VlQy0_2zT!of|gq{>iGo>s#iIICP!?V`RHnj^|58f}Dw<
z1qYxubJ=mQK5ifbm}y7^u0WR7SF{&4n2)|Qd&^1Lm~9=>U_J5P`dd$_OW4-D2K(vv
zH{A8^#-^B^XSWqzpKm|dn}YQAtn=(d0Vz*+%FG;jWJyAy0!(PU3ol}+7!W66XgfM`
zJKKx#Y@=lxcx=PW>ao6^JKtly^`*t*N3^s|J!s@NkC`_$rWeaSnwirqsEJq*&2ru-
z$8=kH!|Z^?RR<49i4ZDea5P|jwRz9L@{K)*PHi}3QvI%u!mJ5(hacRyZb$!{TYKSf
zkHw5wJfN{B;uT1@DgZWrE>3koR<KWTw~AH;bQISmQoniT=7-k4_>WKjx;xkR<-30g
zD@V4lwG9U_4o?Ff_adQs$e{(Mk1Ih~#&*B<?D|W7+4b^M^#>nfYj`*TAagAqSF~g@
zQO?DC+q~a@a^~DKgUTHtGzFLmXSjBstW*K&#>%B`JAUcjmWx&;p4!r-_jl>0_k&D0
zkaDru-Fe@x{%^H6-DZu#Pu}DUz~>rnD6_2&<_v7%)tdl+mEf@OFkyRvu1#gruG7uN
zI(<SGR*!Z@H=FA8@fppqt*mY})fp4BS_~{8e}&Vx9hd_Y5j^+s`tD39O(1Nk1%g(K
zV$DdZVqC<AuGkV0cn7U(rDD0PC2T#0Phi;<-71x=*Pov`x*^d}2j!%!8zY(;C)LHx
za;I+fSti^i=b<L%%YCEE(=vM2>s(|b2$n`fkP%B;vX{sTh-t%NX)ayYee(R)`BNG$
ze_-o`5vend8nt{wH(cs9%glH5<@fdE+k9<bPp+-UDqEP_pi)JEAvO5V>tJnQhq48C
z&4pa=BkNyk%{INTc|}LZ?gW1R&C*I%w!_NqDHpcy%k9{mms)Pe9@tvN5@ak#tu6ok
z2G%?iPeik?XXL3LSp3*?Eyulc(`El_mCA68gQR_L+m2PMcdUAI`)YT4WA(N*Ym0?~
z?)+jrKqL<%lIf6XB{fnYKkT#+))JI#cAO=3yD@GrE7pB^L*q~0C~e={o+$Rij^R3%
z85`(by{Gek_9T9u8?(d6HtH7C7qf)7AbhdzPEwt)h^`U?Pi@7Z8jk~f@5C;dT1VdM
z%G()3dw!2~`W^e;cVGKJ*?xJi`L0{`oN;e^Ur7V{w3~LHcKhDF{dOGR`tk$}iSI#l
zO%=Gca6*TGQxl!Bh7CCgqB6?XM8XyVh9?f?uP$LEV=-L#vn!0P$L(EPwSm5^z4-Zd
zKtj_t<~r8rHzze%9`<V{-ZkgSJ;`GFaN`UE=au;qpztAqtED9kg~6{ZaUf;5<$7vm
z=ZW)Mr;f?|?eQJyq;claqn}>c4#mbYt)7nlu6?~-`}%yXx4RAMyYm=D0x*0$6?g??
z&7Wj6(7gBO`)7=q_MMYIdF|5sKX&-(iw{1kcc2f8W!WtC43xVD`a3(jJKK6X+ojgl
z+u07bbT&rEU^7(!;^ILARl&6MWNKi`hOO8CVcBQjx8t6_>6tnzm3=+EZ98_f?bzAw
zY1_BA?dvQhvUJl!-e?O9F(M!Y9h5nl$WWMgJc_OZ$hJ;{@@8Dq*6``qQ@5?_DfM({
zr951zx;i`ly1V?Ho{>-6tr<g4WBIpX5m_$75ym3~<>rD=@<m5DHz?Izfkwp@*0o~U
zZZgdOoS*#c3|P3BiFo|*gBs?Ju7f<2vBVJ*8t0B-bUY69A!F;|$b~NVP=PWnKdL7f
z28hib1Tq@_V-+-jiQ~XCDq<2fLu3ungJP5|ZEQoLB^|@>G~!YPrpdCq_9p8ZpLk=}
zwtao+q!!n-6+N4`<hB;gu3WiepxoJ4YD<^XXT`rVEwcc>PbMHjy5Wr;kPWa&BBn|W
zw*=Bo#&lQ@CSrPfck!*wJ)3tAB;v->H#^{d8O}&{XG!;$iU!`q`~>8s0_1@EZU}%U
z7ruF7UvbX&_V#st`r7X--Mae9^S+;rCClX!j1C{M#dP<*a;0%ED#-cCbPdCd06d7<
zomwnYm)p8w=UspA+q70srJ+)=tE`4M`|-G<8CtA$tkE*2@+D9QB0~?M%p7+G6G0=|
zfvB_r5boG5Cw?x)v<=H{G^{P9)Wz!?zVVv1a?9Qq_ICeATf<*UqX&#+y$<(K7Susl
z8=9~!;=?<(sBz_1C9V>|C#eE1Rji1;MeB$b?b}Dz{o=?>onbF(vVU?y{beUMq;>nS
zR{N(XHC}O2J@5}}u`fBb>FRejjZSG$&?|>9cQ}~DYlLf@EFLZ<=rMA&9acNQp?8eH
zp<62VjTHed5@Q+?3&$ii*tG}^u6lYQpUPym?CHDY=9lr0Mkllr8fSiI?E6p4E;=+Z
z`_RO~_omMMQp3-VZa!U0NiJpYjHU#n;a33|$vzmWTf?CoH?+3y!u$Vw>9?+2)tHU_
z?~QBE`mdKZ@9cv*j|)hgXBdaNaW6Fiv-D*;Sm3N%RzouT=VxyD;9tH8*YnT)?T0`7
z$DivGY1}>ZJyTG_Uq!It_FitDhZUX)1fk$4=h36@L5N5O)<U@DPiNQv>bu)+y*fF1
zq@GBz`obI6^P`xz4?Z;BRFC&5DhO@};fEM$^+Sh&O+VIjd|u?_oYt(Aq21S>{q&0Z
zi?_C{)f<}Pb{tAP)In^vS;iG2)I=H}<x?ee#Dsi`(Dj<S#*e3MLet;sEIzfi>y|Y=
z10`!qSMkX;UAL_2%$Kaqoy8~L?D+c|T?0j=pIy^&+sY1D+TayEWFChK?o|1!12HaK
zn4p;c4IOaqypxAOp6U_=a}tlo&zfBaBtAogqX80%!CkUmpGn^K^t!M7@$r3Kxrw9e
z&zXAcH>Q5-J5#=L@#Kpyn0mq7aWjn!++Mg{QqLKXVqn0c=7Z!2HMoj@pSinWHIOU!
z;X8nZ`<~hH{2T45baMTU{DUv;E1Qs992`KgPw53^OKJrX%0D>@U_O{0@74~FB?Rp+
z^qaZfww|`zU$|@C_O+>W-L9UtJC;4%oA1XD%CS!d!6Bb2>h;A$T`?|NeKDRb#y~^(
z1aCA7KgSQy@$1V7GIT-L%z^%LPd9AapL?YL&DRY$cwo_l&4Ox<_spo~a|U-J$*g|N
z`{81SC$tK}#-F4zHyRNU)S`gh6;(<ho&xwmY+N+f8&<a&-?=T<vA%Pl8y8d{!aB&y
zqE*Ich#1wAk2-WnLQF(CQxi~*)B`*`bZb>l?4wWQzWjWlXzFWwW9L0GaN*OrvZcS-
zZJhgH{}-MbD46>CUgMp2_I`XxUmt!*m&Ku1Ipoj+{j;+M8|NV^LGhLuf7}7?C<=wb
ztP$yBhU(|Pe3J(ZY7p8d<bXqWYP0d;_JJMyN;>{}WIUGZjSckZv3N3WytZ!lBd=`g
z>MO>QaXn#_b**!t@cf$XKfm#*kxkj@6PsNhX?Dk;o{JZhL`5PdNqz}LJfXw=OU%$`
zO=y@qwQ1_u^zN;1nFDP}yVovsS%q$EU}w3%t(@yG^|pIjp{Kpn*Z#p%W{n@)P=f1a
zP&6)Z@6N#jJV}A<cudES>FKdKV`k1CH)nFoq`h0W*}a8SDP|0qTCQyLmJ@c&P8eEW
z(da4Zy+zTq?t;-<{J@cCjvFz$3^%9l`~@xZgLGu3&;bG<Xjz8?F0pZ4gChVAmFWwN
zNwYfJ_x0ur14ewn)(12rr)jx(qP{-c0A<e&y}!F~>^TjmpP#^AV~KRT2r9~C1Puh`
zEFh}^JYBfn<O})xc9y!W7=8%|!M3n6AR52Wk5+|&a!-4~Dp?8kg(zGYma#bIiq_nW
zeZr`8Ne_E=;R0nTr&8_6@}w<m>$)D-%x88EJh#tUJW9X)JuUB<l)me&!t6%vo-;?B
zIW2qJ+T7e0{l2qDzISTo!HsYl=mvfh6tAPDlJ)-SnK>gfH5Q-nWc^_JFa~OFYy4pL
z!>_JbwoyOn?^~^MvAehT%;}9^J!x8h0mY!~9ek}&Wy{Z%;G-^OSg&vC`0(F%_ZBog
zlZ*{?WH!C7#n=~3ZL3fy6^f;XbbMrEIu+OZ`t#ej?VC4q%=Q0$-sn;8f=G~Z@J3Xn
z2XF@N6Z`djoDBY^020ZBws&9udq4e?Ej!!O&|%OMStB!AGg5v_Si8h@?dD6)J97TG
z{v1jJC!fw(e=?B)rm}Onn@PZ(J0cO+_IC82_3ig<+q*TDOf#NlB;&Ehlpbg2o7)Sl
zv2;Vb_N#wAe8wTUg6p=Ew1hf|fJTCGIqmZ2(pMNt%0dC4r`dB@b_>7!=D+T_=D*_x
zRB-mo4Vu=Jj8DuavT;5}2HWWG>7Rah@=Jeg9W%x*Dc;lyhbI{U;K+#)&6IH?iwJNX
z?d<CM{HuLi%E=^qwt`g<zv>3s45Bi!w;-SnCNr_75$RMW2Di*m6T6D`heui8pWm9(
z6JSsNSwt5+p-I7$jNb}C`MWgTdNA!7yY!P+_WpjY^|7h;jc1L@_m&R6q2q`V+TG`k
zDG!(jUAgzz(fZvV9hdJd&c9~w=3YI;mgI0dm@k@tdC!Qm=d||X?`jg1S$GgdM?g|m
z*)=t#zx=H$Z@BsqykO#C$=)RPOwG`O(x3}n5b~CB=%l7Up3&Nn)a?FZIon!l8K;-{
zC$7`UcvBq|6m3su-=<w%+jn&>nmhioZ=E@MM3dqhhvCx|kOX79EurUe<>xTu3U;A{
zEnn11rk!Y<9B-N)Ynm2kEmn6B{wNHt$`t^va2b#qiwZJT=y1pu!Z|VJSh<o_DBG-Q
zWviSVS)Ul)kQh}@E#92r)ezuGk-E&ICp+j8M-cErRUQ7r7H9#PCWtsd5G^<WP^T{0
z*?G$<YG%PUirU<BE|~R&pUfTAa%jd}*qmC>nw{2=%t+NxFBM>I*f(pj@ws2OjAPXh
z0Agy9A!jJS^Kl3e!Jz4C3IF|?1T1!Vvy5BzJ!ZOVW;f0bAG!coTES9r@7BKdodc!3
z34FL~#s^Kzk31(HR6_G>w-+H+a@uNuPa8i_{QS=1SMS~Nsr&cz6tq`&m%en@_K)7R
zv#+Qv-BtYJ?OQ&2=gu8{HvT>@4hqMp;o3Zc|NR7w4YsOCf=BN%Lql~j9s8dgdXOfa
z6I6JE0m7V>c<1a9*L-lqA!B1&Un$>uaIR^rUCQB4ec-`>7f`sQz+`^lq?wm}^L<k$
zj49DiAB$iBho)$Xn6h#>{Kg7*9L{878z|}dVr-yj^iwNn{rPf8qg@c}d+<>DB&KK1
z*zt*nDE!M?g#k04GYixP%DI8!fU@<oEtsHBY38xU`ww(1{!EQD9U4c^4j5t!!Vj-Q
ziGy$UK>nr$%i8g0o^OBgPo=phz`2(#^reae2HZnK%k^sc{zAjZ?)QEv@x?!ko;*pf
zEKD2(#r8oc$`+81NXg+NL(bf9ScL14$s5#XY$g_J+yaMf%chM|SR~pybUWLNySDXr
zcNO6>3|*L5IgKzl`$d_O2N8U7l_GxX$!;sBe!nJm+g6x(y`!A?(<<Y(&2S5(?<*$$
zywbR9W6ZP-7zmE2j3#jTHDNsdISWIyfqJy48)6D;lM`;*YO`DB_s?kh>Pb`k*ex@P
z_$!*rvsMG#fzc273Q33o&W)5_YU}E|ZAJGz>kDsoTIGGawDz4^zAt8#S{hP^PHs8-
z_=Deh<cwrGYuW6hlpZ)CD4JIumVip;;RTqBC~yZ<C=`Bv^~1~7>`5i%PXnn@Dwz|<
zHvQnD(_35W%F186p^yP_tAgzOlOzLlaIV-(%rFXt;%{#M)$+|N(}~J2W(T2IE=?Rc
z;d}q~y_Tltvhy3CH1mT7X3JI_9AY`i{IUxm&sm1dF$}|uYu#M~eXC!z*Da0h-J<t(
zYKf%PJl32zCwa(mO;cvn!Cf2wG5!E}0tCRHiRikWD?$MaCVZf`>&wr#zn)8^an$UJ
z1mJhd03zU$#R=Rnnig55c<k%*(_cICpqw2826tTxzy@;mSPG6}8eFP2RFafd{>!qR
zzj&jV#LtlN^xOmCTe$E-l1RYn(6qCLef<Z<95Z>u0Ikyzo<#hpsvy8LtEo3PrSaEp
z{`wdeM6F!x>ghdmM$^|$t`tN+6q6DHe+D=?h=_jRYM-==oqf4=ZH2eG?Y>+I?wuQA
z=In8e2ajvYX0t_D7_xVlab{`P(bhp=Ab)OdmfMX_Utx}@gd+vBV8W`F^+a~mbpekO
zI8PHsECp9rU(S-c*Rp1a96TV$n558vtjZ=_xLK!4Xb>h6Nge+(hB%;y2AEO+A%OW(
z&LDDXrGODL%ozSAc`0AS_i;7dNF-881D`D7t!TA`-QI!#DUl*<J?RMu9lr`3$7Z>-
zW6z#FJp*t+b4{itS^3Nyz^I}6PaQL&wWS5RFeKS3BFMxaLgB}&RO$D0b!^((0S68(
z_een3HCPPcmT?>)A4+3WeP;SWqhpCQV<4Yx!x2S?;MAQ^xC$b!5W9QNoZ0xblc)I$
zB2ANGUc#YDf_RmuWuf44Z9A^PA<g%)t;fpjqZD`$$w9blnZ=>V+^d706_x}KJ3tFi
z3B+{Ruc@-G4=x|914jbhsVd-RDphI(_z-!aKhbwPXKw;>x+)<5>cypYK>Ua!=0}5*
zFgpd2fDP^j`0sRasu{2!9gb%uC>lEFj3{vFLM1me3x6&K(sTYkC%I)so{>@xBoY7(
zOXq*&%jK8BqbzqxnMF}UHstWC%6;3gOt*ro<MzfxxN{7XfBui)G6_I69WIaJ3bSg0
zg81z#Z}`h&EDsz10EKew0O2x{ZvnRZJRYGGMy!Sat_T-TBVN#x1wB>Jl0~>9z+aa}
z#}!XRQ80H%PXY*a0$#4dFcf}$eAI2aTG`#jR^|lW_;5QJ5)Vjq=8+(*g%2VyZPieL
z2L;Z=HDaU&sCC8|{6mrx#Nt2%=OF|K8><w!WvZkOTgHcjjTzuQC1#1=o}^TVwi*It
zIk={7Ek@A6l87I?jVH8N!j2`O5dj<vyFgbO6IGgNBxp#=ixNa4DNc_sF(LIsF$Axw
zr?1<Pi95F{%}7{U<c|s=Xb{zasXIqNHOL;Fk7ZSh0zz^gs#Oiq^78<XUO7E~2H;jC
z$0i{#PQ{iyQma51y13Qg3Kw7rY@rsEo@5H7+fm?<BEc0JD~8*jFPgg-3DrzUF0?%A
z(4{754`hW3sL!^zVHJ^sRY_hVJr~de1Wy3yib+<+#?<hYwD6nw)L7#DDH}5IO)e(k
zOb(f5W`R)v5CaI<5<wtBX{AP0RmxI=-1o`^(2P5%DV-{ihZ+T_%)iUbI<#Mc5lzbl
z3?YFHy#@ru;%QJq)Eo#CAiU-kHOWBI0!kJjy#2w$lZ-bv1|@T-Ae=*WU<HB$m+kJ*
zL1|Rwv-O$>z@bJoZXGqeEnzfuYmTdg90?5Jh^v_6fj%fyvy<g4C~k=$RB~{@bZ}R&
zbHXFX`zSJ}Q$~!zqX!}ZL8Cq=5&qDE0|YfCynNXyhnuBPsPKGIm;^Q|t04gG>!7i@
z!L{H8f7}6Wqb3C=QB>*H7&Kk^L|MSvS}dkDG-wTtTH1NWYFk<+tHt7>$1{kcWQOqQ
zsmzGymxP9Z^inB37Q;(@BB3XfNI(~ua^^r%Bf#x{HtRg%di&wz!C!4H9y971jD`jy
zoyLo$4C+aV;?+HyWxq^8_pOWxgw)t!=57E%00beT362L4ARdo3G{hR}@i!Sf=>f=4
zW&;Pi@E;ncXs0tqL!$v{`{z8B_A+tD)VOPWNh!c`;b6~}T!4smbq0VW@i=BnBLJYS
z4hI$fBuE|O%K!^%0KW(z`~Zmds1Zmx3Q}p@BWe7)J_qflY$nE!h+u#?Q<sRv@QbZO
z0~!yxBie`Hq2bK&XPM|hWeh+qP9mbr6nO$ozsqoQsCwO9JrCaZ$nAf-`?Z&sCD^w-
zpfWD`$3xq;Y)eX?0O2#}b{FWJkB+|tp(0bJ9$+eh#^c(W)$4kD`ykKVyY}wfu{)L2
zdb)eozPS!W1n>d+)BuK|mx{%E@4BZ@$OFxIfUqR@AC-fTvSFZCnE$S>t|j+BeEThT
zzPj`^DC>-kfMUWa1g~_-r16h??rqz*NB)y<g8+FWg5crMHWAl5+S?zv@4>t7ytlKX
z15QQ8<^Y|l6Bm!`Z>(5#$1Qh0{p2(9yIw$9mbLt~<;7xAu7DLf)OE$cp+Q~wI1l*H
zWPKSZ(lyB8m6w;5$|X1=;DXxM*SGw&mB6PrxnNr^msY;MqN}sxo;&YBrbyBa;QF%`
z>G?$fkW%wPl{8FFwl4O@ij}wh{f<|czQPhgr9{Hmwsp&r2OfZHYM?`gR5JF!efRC!
zxjm7n=`mseD9NB;jxcE81m_CFKJZMW5}|>7a8xTMVZJNK)@iT2@Z618UDnmPt*f&W
zR*UuZT1!TI`T1vdZQqv8YV{3pNkJwcozd#*w7Pn%>VUxXFf{y+mH{b7(*?*u>+1A>
z+;i&_k3KlIS-<MC-~9Gh|1+jpf9#P59=!j~k*#`Ny<Xp-!zm5tWJ3ck8<A*)nv#6#
z@rT)YNRfkML$JU>MuqGhX{issVI{Kk<>zj=_Oi~79dN$EA{SO7@q__|50<{LY^<-t
z-}*|WV)gY#eSHi@@zfI!b$52ac`KX@8e}Vb@X*;h<C&)(z2)X>ckkTri=TbJv!lJa
zIaXH($v{#@8kQum;>g63$rvD!jKvcug5_i^9!sWTjSVsI0K4YR)hm`fc=xq``BObx
z3&U~@7U{5fEEWndBd{M~9!Rv}^;ecWa92|^TP(ZxjOe-96)2|ym@?nv1daii?f(AW
zFMRsk7oK|(b7<7>xb=qr`tFxugpedmJERB66idbazP=|Odyr~SNDgucY5;$3#8LYp
zu1}W98rNQZ)eYBN(cZT6)uk^&N_14f;k{?qj%S~FESWa4b@96TcqS8vJnQS@*=)SN
zA&#qG17<kU(rUc;+*5n^?yf__L|t71)H0c5eSI<>_b(fvuTGFl{G)Os*xrGz$Hu?^
z>*bPJC=?GFoj!W1_s1P*LaPOmK-$jTaV2~-7qFySwPN+?G2_1b)qkHfYidt-@yg%-
z;gLrl-M)3piKn~^?#+Jvzn8r7!qSz?-&l0`5pZd`;`hJbx_SG&1@oN`D)<mu<rPro
z8SFz=hXR++o6BE&>6jBv`NzHY<OcdrJ^ifv?z!`%Q{KIO$DTi4dg)6qytrV|p_?~u
zy6J}N-dew5+(8q5`^#Uv{L(W6{e35$`krJm0og{Ir~LvugZQ94;Sx!G)f=luj~@Ho
zZ+~(6oN0I5dS8EEziFCJKlRwb2T%L+?|*mqowpx6V|Hgp=O2If>$PjwEm*kl#TTBR
zzu>SDBSx5tpZOeOq>{#Kuf8^G_S|oN?emX4@my2Wh*y`s{MRe5*tK)_!87LEe#?!E
z4m<3=d+zS(?oK9C&prEOQ&aPwe*c?SUV3@KqJ>Ledg<1`-?VREXHRd>H!uFd@h80F
zmYc3Q_V`n;`17A`zxD679iKUK#`0yaj5}x|bYFPx*(LYiKYPx?zh3pH`|i1Q;>2mw
zXG|^Qhe|6DvpD!&CfzLq0s9`daB1o3>3)6L(!SoFli%^quFl*|*I(T_V&v)XJM*Cj
zm;Ck0%e#99X3m<sa>c7-#*JUO{MD0AeK+K=Uuj5)?gUnUufFoyl7HO&%isO^#FLLX
z^su9#jNEwrwYS}JQ&aQkR4TJ+(}s7PcFG;M-g)D7e~rh}Ev+MNy7AiQo__l2C!aX%
zh@&jagkAIaqfhSKvF+5;PG9}T>dXH0yPZ3C&R?+bp1W?l@1DD0p)hsYMECa;g0lmO
z5Y~FiGvJRqJhE)X@-0SdgEeKGHD|gtqSbbO^3H{tCz|C$JBcG&h7>4USNGsOw_o_x
zuRZhR3-{lB2i!}Z^PzL|xttM?|K-nro-u3g@h89I>BpCB+_3Jim;LteBj!Kz#KVt2
z^bo8Q6{vA)Faf_sun*77<n!9R`G*b+^uPGx^63Y|X}jRrXI_FEu~aI3?bTO&>{A~f
zKYr2;*Id1E<GR&vEPu}#@4D*Gmx9jmC!W^Z+e3Fl5UP5{HSZ4>D%R}u6XA$}JDj>~
z-Gl$Q<H9d~?ZNw>JY>P#`|iE<mYe=M{oomYx$@7cbo%_yd<OQ&AAk3=L*~zgllI=b
z?`?op?%Rk=Ci~>$4_)%BKO_=~9ox4+LHz31FWR_a?K4k3vSstejT_#2?2-FlS^E6y
zRm<Dk_g#6}rBK|vx;k#Y@dhk0eZ8lib}ST{KmGpazxe6*PkYztH(YylJdyaqMW4I>
z-rHYazU;;4pUUS3?z{VzLk~YXlg&Q(z<tM^aO&|VzGKm0hZcNa@1vb1&tV`yiRL|k
zKo8VqC>Dwf79Nq!*1h@0h8LfIZtC<IaP2G<&1|;*q*LE<_Z>HFSik1Eryqw46)g_|
z^y0}x?n>?hq1I6k&rYVaRV$Y-Sabv|?%LbTT+S|)%<&T@&zZa6y1!h`R*MafKl<F`
zk3M+xF^6A!^&i)+S+(SWyH9)fJG;9&o`3eqd+xkd*NwBzKD&RQ-?r>brtY+Nz5CIJ
z?_a&@jVB&kGJe9udGqHN3Z8mYZKgpUaLS9J1<XUm${0UhOE&0jdA%#={ZT<cwG_Mn
z2h<1^f7Kk3CTJD%`J<0J@#6pf!Qn?8xn}hnXMXS_M;$WzkVS{J?b+Sm+k5tT=bd=+
z;dAFN+Op}b?#|A(wzgTb=ZzXY#&h+?c?pe3;VS6?z@o;{R@8yQ-(s@IjcXn?dh8vy
zTsLdZA&1OA?9SV+hZC~5w|DZCX(t@H-~;D;6z)TzxSw*`dq<5L3uopB&;8&DCoLX5
zc3i1c<gR45Zxe8``26Fag~=bi_{59<;|B{D9<ylCbjvJn-n8ME#fNOzu=XP#{mgMk
z&V$9*u3g(Z+B>F9nLd8Pc(~bTrf(DA#x@p@PntC8+u!*Qwzzoj!g;e#e#hxsw{AN6
zm=o^0<0e?Dz~W-rt1r!*IdAKhO>n+7G&UbRV_G7SJnfxlj2Si3GEJb*c>h`NKkKYb
z8`ppE+>al9=pnP`9<pKm+D829VQJ>9c_*H9<Y9*&Q!L~gnwk%qFlp@AX7-&U7huMq
zd3ILVz7t2Abl9;2hjRoQk3`#oLEUrr&95(e`LuVRQ7jhV26@e!E7z@A6_3RWg+iTb
z2_Sj!W+Hc`_!TIbUN0QTwJfcvxpnvM9jQ3nJI5NE^tQIWD_?(g=Z>v#cV8+NV3OZj
zzYY%UeS7yEar9!_G8Zm7{P?5iLk;cdXy3MN^I0GK$T5e{n>Tl1cXuZ&5mv2S2CIkO
z-tLK$rox&rlWnj<zf|c3>IUkQ0LG})pp`n?>c*S<^tJo6ojv&VCeLjr%~ABE@WTR9
zYyg&+YWA1~Cvk;RE|+)j+5z=$$M#K=r%b*1x-0H~^4Vt|e|W^mQFZkV*Ia(tUAHe;
zzh?Ec=`+WTpEz^wVaK2Pu4yx7J7*<jKq0FImNk^Rzzp^wr!5eRX;Y>i{P2T!&zU=a
z_T2f8KYah#apUJNn6vS%b+_O5@b!QF6I4c6FhVKJrnFQ#^Vch{f_sYfYgfb31LneE
zSn4422Ob>wEgLN}aI`>~F#o%EY}x!)TicFDmb_F~*D!I?lqVj0dFHG+S6y-GUH3iK
z*VhB<-{~{vopACyXU~}j>n~WUpo0SsNDo%i^A1_`(GP#1u0B0y-u!#-x#gippM3P;
z`xY!b?2rYAEqUNBC}c2%H&?GX>ga_Bjh{GS!laW<dFP_Tj?Co-a=HFO2@bH*nP;7M
z!pV!l8|<uWuKvTl4?ec(t@R5R9oE^|4(H^+Kpz}V{r&xgVj-K!EPwT-x8B+=zrQ2{
zxUxW@q_*QAbB_nOorL0Y><LG%Uio^lP?#}u?m&M(96~QW|MZc^91R*U1h^3~A=UnV
z|DhruAj$)Ym_o;sKm|%;2Ll84JKlNPzP)>X`SU+6ees2-9)IeI$CvEgvun|zN5M4`
zGVJN@oHciDYwO4(jympy6W;;Vv%9+sPSgIrURc;pnl$;w>#n$O$<s?;eil{<k3RCi
zkw+hsNW@FUVm=QS<(#h?hGr8Deiv-uxFFyi-H44l_Zx<3nT6uqmh|FDE#h~yXpRCW
z%LC~nH9%AXM=&ORp_quLw{P3BcJ=y!{^GeG{n+M>n|AHocl2>5%$Rk^@h6|UYQ<}Y
z5#P6a=LbIY(MeOLK79YZFn4fbB$J6K#a9ibRj?~awK6QXnrZ2cO|9b&nt1q;i?emv
zrlyu7k2!w)gi+(iAN=?uk3dcT=qEk})uVOfsIlV?nlWq9(ifjjrBcTnd-CL|2g7w0
zhCrSx{{0A()dCDg7e&rM=z1ca+Ocixx;1OdW&HV+6Ha>P!i7h|_56e9p11bR)f+Z!
zSbW?`^XDJ>@PqgC^mNaevjFbwCQY7}&SYU#!<`&J=(erHG`5bK0Ht8&teLP*dFsh$
zk30U9lTSS*7E3iWG#z>Laj=~{dHTG0v!_iz<hf@b-?4q`%-IVY8yex_)Y#NwTgHS5
zlVh=Lscb_T-L_@($`x;%d)_B!&7NbL*3@Y;;I4ei)EN*6cHd!#AHHMzc3n?Roj$2t
zs>~G(6-e4DKwQ|W#bLm;x(#ct?7=f;Oq?|1up^FcXlw%h(Tk6V^fqtWa>P-`9z1gn
zFk#x^7=xNlhJ%J8$FM!gWl*p(>GY9DpYZ0Y70|NT=69cd=FT14p@JWI)UhnL`cqCh
zv9B-x<l~PuHa5dWlpQM5%VmA!h*2lM;~i_)yxHE?an#YrL&a=qX<f7W%>|1NpEGx1
zQ&aPVNmJlPL^`6v5<;N7nvM!$N2SvV_6%{We!?C2;||?DeP>Q<{OWO2`=lG7n)aqx
z9<m+kpjwii5VoZylla~-*p*6JE{AU@!?Zwyo8p(Ad%0Z7zqx8vN88?u|NFlT-AJZ1
z%Y=(L`=#|kKxq`}$(68A6Y_+mL^iAS^q{P<Q6Cu4iX}Un(Nk%>%joL`1uR6loSjPQ
z**XpCBk<vROS`|OIj=gsfj~oM45?HOI}NVNsbmc2AK%Bs#PEmd*~+(AwCn5fnN?pO
zb~9O&_V?MTv|cR0DBg}mB4m|L$Jp$du!ZdF>Wp{-4;5H2LBF9P28A-7(BpBKYBQCJ
z!M=du_4na7;vmOT(X6YF74lk{B^-;z;MUVH@cC~cZ)UTxeBMrH^!`4Ry;Ti-yQxVB
zX+DoXf=iHRU9rDv+l2^lD2#x{cg)jpR9l&h0h3%TTG=`Sju4uE;N)`}9Qlw{Is*e&
zJouM0tO{?wVa6^QoUMsOtS*Z#N@bWp{Ky9|VQOKColL+{U9NA4C*oS62vR$p*8BQO
znGCL7N+lC^7AOOq%US6({+Tj3{9tLANEn3z{*4$O1`(W7MWWV$(Rl=d!w4>HZpwV=
z;=kT-?KAqxR1o|6-Z!=JE5}alFIKc8f=ZzW$W!rUC_*q3*zlw!4^Svqtz7-|qf44w
zTHk-}zh$#&_T11hs1+e50U~d<)q;XNY!1=9;zCf-ryWr(hhVVmSPhmVl0V`MGNu1R
zs6H^ahELx!dmN0V7S#gsAofBCgeFCdViK5Jps`QjW=NsAARq)QL5f7(?pz2Ex%?<}
zKp5gw7J_C|Q|8MT|MmK7pM}D#8-^akKUrTvz+e>cS3_Wg<`DqNOpJuB0yqi<?T`g?
zzxDlZTyW9(nM@iM1zfAvU{at8h^Z7gKp|VJhN}tq=TI{8x&UQr1ix({WV0FoHh6!I
zGc1|IF(7(wNt6-)pMpHLFet`NEZBk%*t#?vw^7|!1Nf=xiqasslJQ}vvhswH+~OTS
zwLpN(J8R)t2SCIK2<CSxEAr>(E&vCLp=QT)Tc_W<VO|3KtKo@S>4uIGBQt_)Im+}Z
zm{@%rz^MzjW?h|HPdBc~`A_ak3e^G1O8sa~DCh9WiQvht;<)pq7A+&kJgRne2v7cD
zh7bJzQ8@DfgLjYLGv!0K2ROhX1cWU$KV&8;M*&#{Dk~!))B@qh5%U@njKBbc1o*=i
z)h+3<BynxSdJeD$Mbd!PAyz{J7YoGmC=LqMTnM>5gT&+_w+B#j&ovXfb*jLx3><2q
zpwJjSRFj16B)t~S<2q?yI3$Gtnz}+B31sYvT@&`l_WyAxrbeD`K}ghoA>uJWp@cFa
z+yoGqpvO@JfGc4kk_iQqD*}bv1xvXk%-l0x<?w-7;o~n(V=2UkwPFpaG;@J+fGvAh
zRAht%aKbV~eQF%c38BIl9x8e=SQYU_QSlg*0<~%d7@2g)Jc_;#f{7WkVhEFiuadTG
z2sCwN=7B-rcqj)UKJb~m9iTyZQEi|4AuME5p!ai@YEOhij4Q;0$c+d^s#U_f#n5v;
z3qf#bRIB0%pa>s=V1LykA!IF)r?Ut_5R><@2*&Uy1z_cZ&yper0WddWXl|#`y#zqE
zXHzc%A$&_+0k0+iH2um-rUUW-TTnrV!I}cqR4^XDzh_$v5y9<03z#k^hZ_I9QB!2s
z;Q=gHKNxN`d44K%L{~ltR{+^_6p(UN6H*9Fu!_A~EcHBYp&L2}?6h?|V^FXnfd`9f
z4(jUo64;tB#(rW57l^gMSq2I#9;s?f58TRF>ja0nc4t+icfW1~YfONpQMD9?$l05>
zjw4Brh7<0%wjJTY{uqPpe#MRe@Gk~WGc?2q^XQTdcCf;ThC<yMPaY020rECFD0+~U
zoDtB035G=lnOiLNh;-cIQBHI~Af`?-x64ojtAYfDUWLG6a&R*MXi{?lSBP-SjH@uF
z7jehB7tEC){3Q^s45}%6qHt8T67XvhCxQo8p1}}0K!8`)a6=^!Usx;v(?Bf0V#x@1
z?$%YHN^Vh756Av{2!U`8L|`DCGjGF5geFNjM>If{)JX|Zp{l}bBogP_DluIE5268t
ztB4>g0Z&%|d<y?Eg7m8Z%p^;H!XT_^6cPrRQ4m7hc|_Fp>chUI51aBc)^p;jz^Z2j
z6@%)gK1e1&R;wCRXQIKQiQYLG2DT~;+O@)g${F!6!^&yPAZrpWb7}%4Mh!d!CCO1m
z9E$z1jSkl=K!;5nHIk8n*h1rpNm6gBq$d*`iZMkWrlbj^%WsYF+j<hMnv`EbX+l0p
zBrCX-J+ZxzWMt+rguw9@;hkkU5NKC3U<ghQBmo|XErgO5*ti@Dku1PJ)llEae-DwB
z0?C69SS%!;vZF9F2UT<=&j7D7o+_NI0y!;06vNO`NFb?jMsZkPcoOrz8?r+XLYKBR
zLFfzj#DQ&?t19AZ*dN;vu&Kf=_YYm-upR*TL<>TQWQg<>(m}I=;K{XO8r_GmC0`<a
z528CHh)EI<o`XVgghdj`dg1X&dSRXf$dXhmHjzxd;7%%D1jK9zfgteVU;seCWwx!y
z6Ae>m;V)(bP2Zsjf~OR^z)M0Hyy>|0E9Okkr(DguKxD-VRHcyI$j*SKRsm#%iD5-_
z3n~z7@J}IVEBJmpzcas%2j1zD5hi=PAa)-o*fwbDBo!|_%0!0^kZXgALM!6TNNPmN
z-jI+KLO@o~C?|OwRpD0#PLQ8So&%MHV>j3dB9bRSm-HDC3_MMUVA}(UkO)o^2pS7P
zPTn%h4I{^9$4=sZWQrfIGJxYWkC1msS`FSQlT6S7bxBF>jbvUokr0|*P$?8lOwaE_
zJy{AUoy(STAOT{+)?*F;HBTduvR@w&CJ03}c~t1^0X58+$b<-yy&z<Gm?9Z;#R$O(
zL*=^$LjrHiNI6t6xHLRLqBsf5tJWl#K5T>?I4A#t2!^VZMnbqj4enTm6@6vGTx{F1
zy5@2s2?Y^9bwevemjPR7${et)_>Pv9%b{aWrb-9ijIs21)xCzK;^F!^GGL@CDMSx8
z3c7A^h|GbYCTN16BOtysDRclK>H9&-O6Q0`K_~`c;sPYanz-^fj0z%#kWB!dZUC5X
zPrO<Xo?GO}p$rC_gbN`~ARW;ZsGfvM#(1(ri4OA>0U_oAB4F1Z)3=s$fn;J(b}ZK0
z+i6&Mn&SsWToKt}EDWHz9J@MUkR2)@0=Qls1XLfFnqLJtYC8v>y6=O_0d-s~7s!>^
zhI<Zz$9F&|HAHH{DlmsZBo}HDDs+w>&tS;L!>kqH1Uv{Q0p3W33Edh|<{?}siihYJ
zB5wiH5F!u=)R0pXbaj6KDkw;>tqUOz!hM4@TtS9H+0%E8PB(J7{$lSo1J;HXEDtTX
zjYbVzI!PsiTvQw}X*ke{n-C`S>S992?-My5mJfcba4>z(ZL;h`;Sc-7_DTR^bh5*L
zE<~0hH!oa*K&@~H8^xsfAxH2>i{c_EN8*Er00m%^gl(Nj0m=cWP1_IG`25a*11)$6
zN_ccdw-z5V0``G(rcidmIn=ob-@RZ8V53m1YAXSBtEp3BB0YzQ8l|GA8)m5|mfKr-
zhDardJj(tmbkrzS0B(4>6XS4^fWb!c+hH)ycZcA*z;xsikfmUg2iSUC4Hblcv8@$~
zq&;wntLP%6(TbFS2)1-m@DIR|)COT990Es9#SLQ6mQ2~!rx$`+bUl#A$7$h>(x$E;
z2(p<93bzi(YwaL60f8ACHhyu`ScA#Q7fm<`NE6_ZNL^P3(4i&+lq(!qBAPiP-^W*o
zCVPem8bYb!nz)sI6_75EBpK3cr4)L@IN%x_(DAFNtdx2P3Z;xjOc%Hxg)dT8m<%;2
z1w{tY02z|4I#u9Os~zB0*abKU&RR&KgjVWAn-P(u9FY5imuOC8xGXBZT##b{pzF0F
zOMIILzYf8>#37PF7`n_E{2YQ~s)BH*Mu5zH7bVlILR5vLqtFd84;G;W{s$^Rh9sj@
zorEj;#32{57kOyVi<zbJ-tAZrd1H5!E*p=72!I&W5R$FJjpMwc5Af-^qy)b&g?9#(
zHv&mu>r+wiC<mXW1d{np{hUycE`<}R0%Tf-M~y&EC^9LKj$cy}Mul(=sLfJ<jKfh?
zCyEm(!-{&1NrPb&3t2}M%c**PU%;U^!<`MO&^COOq!WlR;{X}31FIpfm#RcWIGz;|
z!V(HZKuEzRg0>VOsA_`_H4jKzH#D=q$KJbz-c(_a5j}ot&%Y83Y=g|*8M%6BQY~sN
zS;^xUc0hQ25DS}2;?C6Dt$>V#DR<@LM24{TCr^<19#Ig$#H$G`?nw9xhFgVt<WQ1C
z%w;H`N||^<0)&)M<lLA&(?&{oLyqV~hwMX6L8eu1Ne&VqWL+6Sd_=7>DU2Ycyi_KB
zV9n&D58)mHq`<~gGR#&MvxLKx2_6kTOhe1}v}<<JuuS~B8T6(Kg4C<K^}@4Tg##cs
z?PhuOJrKGs__=C5gm{-+fQ1c#OGxPjCP}*0Ji1Vma!6?5Mx-d34-`{GR%ofL)Q~iJ
z0*ohUHL8e*5)ew{2(*aIiR!sl?CDij5C6`xA{N(|%w!Lt-T>9)91+zdsHQ;06P`gx
z@@lczDNRZWhauJhDXG{1PXxIOTmP3*<UV=zc&Gr2ug-3nZQZp(ROm(q*s@9lQC)6`
zCBemDRx(Hw)3v0bC149pV_T=iKujiXLvn@hm3srKz?2=z1tD=cAucrFlDJj~4*}+K
zI9Y}G6{)w+09~2mk%plL)!J|%90&LWwwPK&)3S2YVQaH3Z*`iM3GgJQy=v~VCdK6)
zj;anMfH9~`78QpQgxswwL1~5v5U6<MnHfZRPZ@y4Bc|(3sYGi!(VFqJIBOoJt2L(+
zar~Vb2YhUb(1InBbO2=78WkXB43yNf2mIr%-D;MKUERHB&2IYUJEry(xF8}be%+a<
z^OCr(ggD>zlGe2W+wQaQGm@U{L7~|&phOltBF8^5ot_F6nO93V1cB0d2tXh9tIH}B
z7(&OTdD&8=K`innXe6QpaQh=eVdoYyAj{1*;Bx7Uq_AYp0m?soNIY_*lGgyw7=i)S
zu-~@du(UE;FvJpZnB^G$;cL7TD(6f{7UsN3*XH4`-#O=@<eA06J`WfWlng=0Jpf#q
z0cHeYgIeAb+1;yvVg>pQG7A<6iN~{?P+&L?)P$qHSTgThx4R80i0iNk4lQ8WO_{`*
zv&J-}68uEqMqXP=k_Z6M4#%rW5P6WMfTs&+YR-J|E5Eq$>O1wt*KD<lrOvMIv*$K{
z>$DmQqRXR`k2)`cBMUI(k8FvN(X|&%{pXuXZ*8$-uuznM7bC+uYKHdxF{ufLU8FmG
z2Xu5hUIS1OyA&Y|^j*OKReZSswp~RNDnoElBzIhl9otUD^oC?iE{P--szOqs1O2-p
z`6S5RT&Ub2AfOalMcd9<m9NnNKt*MbbDq@nw64Q_2In~-6N1lh@Nj&JbcjK8#xfr+
zmaj_JrC~=HTIZ%Vt8DFCv&**ZWPNJN@iSwoSlQCjw*5V;Fg20Dzr4%rMS`w7FNu^v
zBXf;OB!NVLSr~W~Qh0VlxOS<j4OHA<*TOTUQhf~0YNa7z{PgK{zk1|N4S!;_x}6K)
zq-=fq`02lT_q_fRT&_5mUSzn&>!imxYGn^dNm$7WtRVi96~w=6GmC}J?j9(J-+pJL
zg6N7QW#Uarj_Jr$w)g`7;kr_n)Zqw*6RghAF4|)+-(5JPV4D?d1gy;aE$ezSf60vI
zPmeOX%jmRJ*7C)QmaOkZu$C(~K$sT=vN7%Mow+}38eo4qxC+2G=)~c0GHs~-|240E
zW^<|_6?gIwmO|AS0&Xv1p4q{O)v#=KUe{ONYU*rZ6%M<s84Y^#`Spnral7nu42<f7
zsRh!&fh4aYg0AbyV&R^A@s6hEI(B91*wk*BR@<AqU}2c3OHDapW;|)o=ghuR>^~%(
zE;tTFf)NWMfrqYS051VHN}!43jJ*oa9)MHs9=19@O@c05M@wc<ydX~uJ|X#M1TRX}
zhQVFHbftCcQ+L1i;Of0vI*!))G73{MxMK>>f}>boJf-#a4<Bx6F}$ieMKK7Jn4_dt
z7RiHH3=KfE@IZu95buhOKlAIhY36dpIiu3YAKX&JKXx1lFeZBd<XoZos~aMw1EG&#
ze6cWu9c)_mQ)}9nZt7aSv+s@Vy$^R3>&@c(<9#Fa+-RvCr044F++&@kbZ2kx?%w4)
zdRJ`i&KIqNnlrBDwh|SYSId<fAk2#zDc!zr_rNoqaIR?srm9(5pQ-IF*xe-?Kl@p>
z%O%?^Yuy9ZVa@vVrew+e!3OAfvmyiv0-#b3@QiFdrWbpQy^rR!Zrv_vcA<JRd(HHM
zM0{ji^Z&tma0!!HQ^G+2Cn`UJhlH-jZR_>U{BvD;xwkaXQ!-L%J(+HtI;LUL=<L|m
z{_f&Hcd5U(l<O&;kTA!klky?YB1kb*;Rr4Xbm)NL++Z_5L^X5}VoV}fI;3OT{hPE$
zwrVq)?8cN{VqY_>0lveV%-I%YKvZ!k&VRh>=rPUw$GSc1+WKL^0_%ZKFP?JptWoPa
z268#LT2}FdFzsor*>h%((TrGlF{H$#$>!O5AUGap!q$UyD)GRQ7goHsMnCEbe1_QB
z)qBporth3SwKvZ-{NOR%{*>N1B$+p3E~;o`llp6$yWaErrCQO%Rd=bBm^W67$4V=A
zVV6%5yR1Xmi`n}8iT2ig+MaHd7RxgxHa+-_lhdh`|6yDO6$w)QNvt5)M=<oPUjE&N
z-fMQ28{%r;a4QXW|EG+K*{1!{UNdfKNgRr1maMPOO&mX|vEcl1Y&a(=1;zdg%R3qZ
zMh6En{tZSXv_f~j<M+LKhoQxp2#jpF;|#Eb-J;tq7uIK{r>sJN4k1)n1pxz>*_gbp
zr_JJx+k39)OV`Wy`)=S`+_HW;-Z-qaKJU#+a;XZ6Q9MI&si|y&folTEmp2zF7Wu_$
z7}xGvXW#Rd4p*PqE%rqVwC1!9l}8HfcO$_k6o#}w0lDN#3C9I{g*i`Y<<H*x`hBbS
z!0GwlXUzH0J7)s_k@aowz4E0p?1iegOhxm=X{|SXaFJ~!EPTML26>Uv_l<<X6U?I|
z50FGavlZg6ZoK+#1C}cI7Bed~N`N*s8K4`Wu7Jz7Vp(xO)IgyWGjt;zPb7^5+&pjG
ztFPOYO6jS%1uY#n(=pgu>4cTh%=8-@v)w(}w2_V5@q}F}<a6>pvj>%+2pUe9a?NlD
zPyxiS`u@uF_@9qVUUp3C^V8#2(N3Cn3Y&(%(<?a$dxBFXPR*bwx}jM`E7xAgcR(xV
zJBztoZXiEEtuHrFG)uMq>75FOFlV<bk&q_>WD3Q-YGbO*Ktjb;z;J=>(g{$DhAPz%
zKuiikYr{L&+IO$lfoMu<Z*}XJt<<{mHr$>@f-eSnX1A$a7Ii@Wbb$kx{OKd9ciiNb
zY+Vu;0yV&^EG8JXZW;EfrWzC*_%0D!=Yl^hh)@k(AG>iNQXy+pU~?uEeHIL)p_I9q
zvLbBpAhu0dKE<puHrs;a;NB8%FR_`r3C%K0OSi3<X&M%^Qp_sB7H-wtz9o1CL6x5&
zOcn&P3A2Q0j9FTPW}h%BMhD&rW8!tTma??8rBOlj*&_q~dw03FUpssr;7~9U#&iGs
z`mOJK^v(}Gar;@1-TR4WpMGS;Q!g)j;<;r{Jp0<CPc41n)s=;EUapC_zwnRpum)$U
z?*kguGmSVFP$NxgI*2DCI_w&u_)v*6LX}5S_L<12EfG2vVMC2LiMY{JXQUF9r*GsG
zZZBYMc>5ar&b4}q{dG7vEiy4}LzjN}O1-aW$FR5xPc@*nQpgTqHNali|NQ*sz9OEF
ze|TX_Pfs2nBkmu-6(#0R&yxtoX9V&6X@b<xbb!|M)xF9uW($wF1rBTU8VNo<@`k90
z$X`XmVcSsJ46~@?wxnBS=qAj3yqt@hxtLjqS%sLHGc2Ta8|xrb!!6L<i3i?%un&P1
z;VG#aKn7tpdNLVHr{l3WtOPTbZItZCwwLi!pSJe+=5oAjLqUWUV%lQM1WHQ+OuXWR
z4GS0<(%>;NgfZ=|O??9$`GK~4=jOhyZT-bUDW5C%wCD2qQn6@ucJ=n;yM-N8Mp%;X
zY3tnE-nF-*Yww<}a^3_ccoPYtXQIT=fFKraD;l8?9^J}hErfzVL~*MCGlNZlc?7Sn
zEUEy1ixeRO!Z}!<F?M(4fAY6=8+P<H)?q0j5nORnaqYI%SPfxq2u!R?ti^O=Z*OrR
zU*KzAB_J<qZZHG)qw8=$JkZAQoZ&?}e%ni1C;asBNk4o1ySJ~<k}>?Dg#IG7d|4}7
zTCSuO%GiK#Kj88o?fy8d3mdPdfDkA(LYQn|hVxx!;7Pi0TqDP4@99=R=58^~8^SFj
zl9gEwQq!RzLV;t|4a!{JGTxtC`h53KAM3gF`R-qSz5l_Jj{W1O-+%F^-uK;)y!-o&
z$z7o3luoRk%!eE9d_*5!cwz!x&HV<hxf1y`>wBJhPT$*}ji+E4*re-st}T7}vE0`l
z%{{cP)C?DVxL;-~M7Z6lBqw3W^Qu6a0*YcJaFrKJ8)sd5*b$$Y+SgWS9G7|Dj~1rt
z6Bd4w$SzwYkq^|+a=F|;P#DOuHc+t27Ook=4=J#1VE#f-b%fvunxjT;<*fpN0tIT(
z<*1k_j3fGk@!*hXSk!?t4yxhauEJL@d;K@Jt^fBwEL*d+uPKYaM`ajLXYAWn*>}Fl
zt05S`X$#weWu)xFd6T+F)h9|p58o(^1n|HT1>gMCcQ_$nil9UWK`2?r&K>h_3&*`@
z)~F92JxME>2aj&}`nzXAJM+--&2`D|yl3`p7aVoVr;q&dI}T35;t@)u1HV_n5i#W?
zJqcIKzY5r`0sp27eoz%A#<Sw4SEpA4z;i%yxC8KodJ@nC*G{Y&LQOPFmRTNCYFkj=
zbhNp3fw_5Fao33EO%um%n=p3kL8CXu?OwfHuB;GED2Q&a-Wb8-2$lpR)JE5#0QN6^
zt>gYB-Os(S>)!j!oxAIkDOd@@ZSuM{`>i%BYs112Z<&)OY+;2cIdn*88tDQ)m@KQn
zy^}24E<;f>^dmkp<=o#L(K5NtNa{y@d}=IZluM@n9TmLMmY>Ht_nH8peA@gK;f|{S
zD0p<FE|B1y8g&7la9Enzdqm-lYs*maWMJGtoe0M6Eg0~gt<|NCy`6<G{BHTH8@k4g
z&TQJ7`~2^gy}7lowcbd_?AzYZZeNAfkRCVV(h91fX(Y|U$EI{1J*~M6S5@CWLhn8v
zA%GnOX8}{ytYCh4!MMxMKIEzo&i~I-ro%GuhzU)<Ib#mA%g>(o#D&LPa{8=u=Z^)Q
z-@kv}9iKQn4tv3$wi{wvS^2Ig`^_Te7yyU^D@3ryhCw;WS|q5nD+h%mWpbaM1JY-6
zf-6Mc;1<{{;z_6{3wi>!WlcBDSlQH|nXncyP2DOQcw3Ek*6I~v1+LJQ3<2t-!XerC
z%%Myq6UqJ;mUcb!ypf2<>$By)-c1kOSJ=L@A(=_rdR=cm(_6@Bddh}s2rESXriwoi
zbr@In`wj5M9YRgEEelRGyM0T4*N%br|7=k)SI%`6P2g(yD3|mEctNCRh`bu&)<2M%
z0WP3baucs==Po8xW<$^C%=VrA9eV}>+iu*NWgAAp4J$zuaD@=LDYFRyMZk537s-Ua
ztD|t?@39)T)Ft4+Z_LIw@6CPTcgt38?7C--aqAm8+%jWK_ERhn8meK!Dtvr;=i=$D
z1uY4?kNXk`PLCaKTueg&1gkTIjkn?r)cTA3vsc}4kF4tjXAO8zV|vlJMxqI4%o%;!
zoY7j|`&li@2SB-1NsK|5>=)ojrY|zH6M-`$L7D*>s<fciqN>t@>yv=35XB-<gL^Qz
zD=U`s#ZtKdl-Zrjw)J6a@2j^>3*SyLi?~Q+>qO?lfh&@$<I2#VP)+cdL-p46Ogz>9
z;?j<1pEKeyJlQNOmWY@7df$BL9|POBmA7<suiD+QW^eDdu8gfieS~TVD@Xp<U<KS=
zS8qRa4hEc1^x2wt%J|0*UO#AF^D*a7&-Ij`6qaq%^c6(dBe{GbS19HRxD_WP&G7yn
zpl*9|4LoQ-3n9?1`CtN=^-{s?Z7=k7RB13UX6C>hR0c`7wonV!4*<{CQ@g-TI-$R`
zYS*)?JDRcy5`s=cCboG`-?wh>x^p#K8v@gLx>YC}3A^yggFBC%-jcTy_{O6L?hrB*
z52hIcMuUe1y#^pSk`K48*mdMDpZelGt4hwBpo=H9c&EdMs`IVnr_-6HrVN1hs{`EN
z3K8#@Em(FznGOml0GU(s0Zc2_6&>1rN()E7BI7GWs)@~|p1bQ0TQK2=i^pBOVB&xO
zqUF8G<@39rKC$oF69-;8QO~CgI}Zy(9cm&h6~T%-@dT@MTp11$?xB!7;xTs0i1)p`
zwC&mFWAQkvhOmsq3wkV(DE9Zh_P|{`SG}%lW&A$bp5C_YP!qMZ&E92p`Srp{J49u_
zfu-Am8)LXMCNlB1O}+R1aQUfUnUifv!nKIr?B|*chG9T8+`F%RUt7oCwhq{q%4Ha`
zoMPB))6Sqq-D)5e@~@r<Ndx8{Z<(t#S6o#Nav)BFnmT+4$bfBO!yd#DgdkVcj+xc)
z;bZE1^ZelioR?;~Jbm`8hJ&WyN)|Y*8bZT6WxH_x%+6zHwB&JZ7`+-|c=#_8kOv)T
z1PF5&6}^S>7w>uFl}+t`esulwTRMn2wjt%8dD$t@tc$PV!Gsj_(wX%7^=odp?z+{h
zS7J>Jw<Pay(7+0@l-I11os3(ll(@#LfEJvT0b`+tARVSAk!n;-9N?QOv_dqY%$1Ub
z-u7_^zj^u>*SzZsZ=U||+h!f}^TQsx`t&7NzkA6wr#>(y*<C7GxI)C5SoN0KH|OEW
zso^&8nH$M?`>HqhKK(4L4I!S6Z{EZ4i$^gm!sD@6sg&QgXLV24Rt@UDq3zk%yJII?
zCtB>mkS9fTdNn5<2`n@u3pEi6Uo2r{S`*LQxOVMRyIUsIm7!4L3X$E{NJ+BeM*^35
z9z-J)lOF_7r6%<V!l&S<QAMl-j)ao|aHTw$5X=E=e73|Wo7RXCBYyDFneSVef|>|L
z(K5^9rp_2QbsAn%aoNJ^fvASFST(eg5!Z$gMJx<~R;fs-u|VP_7~xVccJ$=i2TEF9
zQi~b8d-->S=`A>dJU1+1PIy2ZIkqR!Og6Q0#j=n8+ZkW`(q}&Uq4&M?;<MSh6qf}9
z-Rg!hd5Se_u03~=HexheBnnUv(R>gYb9i+E%w+gXbhC`r5Lbv;=HgJT%Q>wypp}Y=
zQmz2YY}or2zO$xbDa1O+l|?}eNOiyA^Xqe}8+w0RI~>SZ8{ja-QivaDVxMWkrxJ0)
zFwN4o-EVYvZibo|GqmmPeH(XoWo<nkFj>`Rum)6hg=;`VE96SoeCnyKE88;-iEBUq
z^dHW7DA!leVsI<%JMjWQ6C<Vv2ybZ5)CmJpm9&W@NiATd+Wr2Czkz~K4}w=xTOKqR
zX*_O_K#0qx-7<2_k3J4HG1)s{j+s1T?38J+HiW6CuV{g4o>jxo%;`LCRx4J+$UBAN
zK>9QSd8>fX0|cgDGhiJ2S+fo$kq1z^_a)}iqK;3ef^5ckc**@+Hf<a|X6&BbJ0HCN
zo@7!kyk3ASo)+BsG>*{=F=Km|-qDAj{6s{U0y!I0XC|;=4KHTc4+ffhRDgvm#3H^`
zViw^>7#dza(itt4(b8~Li8Uni_)~VsFk?1<Gnzd^#C0O~QvszjBna^1W<w8dBn>F*
zQ~|{bkrhW|S{57-X1TO|=gRJm&9E|$8``F>{x$pX^L_G^3MiR_8<yIYfUXt#OS!&$
ze`oHse{5>o)U7A=_MLsp?%$Hn7fY5^Dtn)N2LZAZv8n|10}Py{CO{B0V(KbJ&#Wqd
zwNS|__QG(&TA{CmwMI6SAV=YJfTjdt1cc;(NNFp{B-nPbWVehM^MjAfIQy8^^r)%j
zG8{6MwPC(&q_o0k=XD+n)zD6;@05dFJ3^AfHf%JcF0>U0lLevr{4pJmnkXhw%n7BE
zHgDd7L^9dY-UjA#<{pB-FAxkq7%bMhv3{qvtzB#H(F;WulA;F>)|D}NV#?0^u}(11
zJU|N$W2eBeH;#2X*|9sl{Mq!%=hMrdPwm`z=bLkGdtt_{FV47W>FmB-EMXVuX(Qce
zql=1LMSxJ@5WpE4Ud^EtI`_-cB9RfSCKh+>Sl->f32UNmuj}sHmn*{hkvkGl=Q;G*
z!#M}R5BbovS!Ya{^}flAJ~U(IdnTq^&Fl!XX}q3pveJ!a%a~X^9uvV~jWv)j?%vz6
zr>%3(zE0Sd%cfXzc~Yz#FrmN+WX)q<Wxzh~u=*S5FXy-Rw{0H?Y8~4L+P4psOZYJ(
zZWaKHPH9B~s7v`0DGf=8B_$blp=7s?9{0TuPB>=N-u?o+n8I=7RKw5BXKO>{yC?yW
z@07(jXd9FR7Y8E1ZYUtTX5+3fqDSrP%fItI@B8I%E`Rsw@Bhh9e|y$B|JEPrXAR*}
zY#4=tUM|}B<97io05LgYHZe8U=oL0{-h&2yx&sO#eT)XmqG4oqZXWU2ts|bibHt-J
zHLQF6N6)|aGq<1p**nj==-&6Y_h-_2o>fn*p&E<<vf!vBBXS0o7)UJuyMUp&+2kC5
z?3LcOhw=woix!FaaE_NnCW=u_+_tQzeG^dN%M6GjxPwYQGHk6}unxaq=0|RR$GLw!
z<-F@oIr~p1&Oc_{>^UP3Sul3~g0Y7lI)2gY>Gg?5IZe~D3dK^<Y0~^-ve5Al2?WZ4
z5R>#>UiJqREW9}{9*7+LL#P?xLh_;r#vt)=o!B~Z?1hWXqet%ThZDlW_moq1;qwbS
zkDuL=w*uZ%R_9vb`sJ!*m{y=SK%jub)-nnHwd#gc9J<LEztT6Q*)N4K)F-)49S}a3
zEPk~>!GJ@tTq=M3Q|JHX`dcsj(wD)L8N5WKBY;f>D~LLri)A<?;asjf7$-P-2u`p}
zrPtaJv^E4l!mSP2Ow6`R1-9rb<Bc<<m#Q<;bw;L6kH;DkrRI!@EnSM+_>hs7hh`x+
zvLTyIr`Rc}2r!6L2M5>_I{OPXRQ{*}%B2u#Bw$4rGp+LWZOghlHo|29i)H}cw&Y6#
zRyl8*1=s_cRkml0m^Xjak#k2KMr~r_!RdHLK1}iOkifYJt|POE1_8-DBH>gJLP6*Y
zHQCnPk)Rt|EK$7$+N%U2IY6MD15k!mRgJ-=g;DHc*=`v%?sG?%j~ThAGjAld!WRzh
zJYi02&W!%t5HkSJBJ03hxCZLeCKzEdj)d|2md?K|-}$#?JMMU6x0W<EwD$vj<FXys
zzqSJpb2wCD`u%J60Ta|7-O%R$vUA9^MaTdFXJTJ3{ya%<PYzaE;_&o)77p<khKhr0
z!?J-j(Q?HSmM{h=WU$4?>>WLKFBsqoJYY2pMyae#89(ZsN6qT)>NE>^8&)i^=qnX~
zuuFNnn72zst(@0NyrGCmiv#^;F?Z&vM`tr>{(%J_Fab_R$yXpimDnz)3_4Ucv(%sK
zAISIhW9uIPI@bprr1Q8%qChQIDEIXDuU-4%?(J*v7TZ-*!ck=mesRP>!(oJA&#jVX
zI%CykOx}{^lu?QsCBtbk8}2RotumBR*yc?ef9;ms;7Ev+;}X-)2U_qwIvzDbg-Loo
z*hW0nzc;b<xu$I|1+|84FE(s@DOT#on&E~w5GjbX2p|iH&f(E_Ae@s>p#^<Zvf+$q
z9X0NPqwEh)-Sox7JC4U{81cCwXQ|?=fO=jRJ}AO?!0SgUcKfm&AHVjMk6-udB@eHI
z<>IT`x`6(~b+7)%J*)5xHFPZ=`{UCafeC8Yys!no?+o6VIpyrR?#hTdC<Z)^9XOs9
zaF|#SV<X=64ZDOt5IcW#>f~AY1F>L<6_6|W5iC(5ybj8M>bz*?gnVvb`;OhP#*OQC
zOt)g12}^25K*QhjK!SDSu%@-jEe+YvedLU@-+QVJivl;q6!1wTig&6aIB((CAsv@G
zEC4%u`zMcWf;MGr^W-tjlgBnAF}4NUxYkMTHu<2DV@Ea27@s};ghT4;(u#T>lx=AB
zbjer;HgM*L*+?*S!_>+hd)o3=uF#Y#G*HVIrB-e%^d!3nGW~Vq6UouW*khXKoi#m?
zfV(*wLnRbZH1`A`s0k1)bHq%Lrgvh9s{&kC5{cML%T_)8{L2mH-uOU=vc>v3jQ+L{
z96x{J*w%9JFC_&<i3;aDA~*gp3ipx{%w@K|ZqdZVgwc&foBa~C40YC=3!aGrf?6<`
zqS_lFOa_2CPwLh^Yj>~P*^9qV3I``tJ!}U1;YmECu;CAzGH1|a9q1O#i6b)S%^Pd!
zt}ktgQACFrEF6sh1J-=7LUjBHsQ_`(>BIvMzp`TaW_|iEw!-48v%B}Bhc^As`|$^2
z12U*JF+}ugNc$S*$1D}!+OoZ;r=L!FU^}lB;B#U&Z6F#wYQ*?)W7!+}Oi=>#$;>5i
zc?w6Us!s?*(6zEzER^u$OOzd7e^7@AL?t1lVlhLHC1bIqy2`Oa=8cA$N^LjT6Lo%h
zW9nj$AfJ<J^ya$@dHlIxg(lluaHv7%)XUaoQ$`m5&J?Kf5Kbh=T=<b467As-{G1Ae
z%m-aJQgP$%Ctv!}^^e3MKRBdRD3#6DhRkK(`pEQ2<BIMdMW}=ej#3>`(qeS-K-9in
zL**TqXSQy4$=sR($OX?r7-0l*{Ru)<4LhM*PpsSVqo+4^m25ucavq_8x?iVj7aup}
z>_aB9-$;&T761w!kH<G{-ne4<t8?cqIC#daa=A?DhzSufh||=R`SQ1~xc=HF^eI2x
zVwXxC-Mt?_yy+)rPwmMuxfjY514kUa4hqP-n>}s~`9wqoPz1q{9V>y!5L~Vzr58a-
zp@O;4vCATI4S1mhc;A%`RdU$6xD_Z1A|OcL4W0^BDq18ed?^6up(m~@9tj*4>@9px
zOn{qJtX;MYAS3@Ck<6*sd*FA+!3BMNJ==HfDwWG{o%Dsk9^AV%Hq=iXe^4y${T48G
z0{w>~G<6R{9igJ+vzHMl#0xM9tBe4K495>{B?GnF&`c1hV8Q8H&Ug0q^%tb?jJZ(p
zL!pEkWRXcGMm9Craaa>ntOGL&1={O6TnYbv^Y!c2u9`S$>c>C%nOH1N>qLUbE%31*
zUVPQ{*F33D`tcU4RO;;N{p1l%KRMT55F@7)p?-P5UCR;32`h8ZspgRFQACv_U4E+Q
z5~?YIoSX(If{>C^%M}9)9;<V!>va{mAmWkFdx#n?SI#nASn!b85B0)?6xM4iA;^W$
zR47y#w38s*iYeW5Ih#8jzXReyg;6C?FjQe>9yo@s%e~h`<w8I$ba5l(?&ybw3QdEf
zqJv8q{J4bV8S|*(gr^FpJpL^f>eK+R@B|<q@kHXq7oL4}>5KChEIQ%DQ%(9jrvuWV
zKGCcoUVZ(wPvP%oVKa5C@f<)<iw3A-wO2z9cT5@{qz>m&b%(s*2p1K|wk|&kT@Ta_
zy&$Kg2(%(sY5F4}Og$i{>Je}f-PI5fVP+k;A3M73s(Ycdg`S*-5QTV=^|@Y^m|P44
zL<;|Yqq4<dYvZ%3V0Tpl`5<z2CGF`U$g#`4O9?uDqpEQ2(rURoA*zI`nugb2ht+s2
zuE!F3EQ#AV(A4G4kO<L;qZ#-!VBC+h4H*bYWd)*POF5NGr6Z48eEtPrIPQc~U~MR>
zp|BFE6T#$g+{9QxH1RLMsm@>p%Y|A>p_~CV7t48#<jrgEg<24(J}7`Unq43q&y>7a
z89D6z!+v=2ECw+>;;<B>JC3wd1i&vhs00MaPJk9&nGb-jIyaA=7mnC@g#+3PACGG~
zTi&k{NClsX$iL!N370HPkvsCLaF$?K%iU4*`jNqX4hGy#?SWYSsbcpbxHDvt+6B`Q
zYO)TQQ<wO#f3w*-+UH~<8wv=K&MuaQZ91Qg;~&<MmDRu^SgjPo_|j=Tong=Tu&-sa
zc)>^{u;GUXL>$Kt=Hw6|sIS+dL9X)S2E#Dw>y3s+e9Vte;~Y`AD<7(l-33yI;)1`f
z5o>6SW$W=LzY>XfIupk|tOBH3YaD@!U5x_+kOfW*?Ge^bByrN}>J)ED5ky4Lfw_f2
zLH_9sy`k?i(Zx4y+@3@)XwV)$biJuSAB&k5i{W2npoz_7*zXB(R4n}Fpr6U&-l?mL
zfiRge(rE*4@3?%wAsk5_y+dH|G9`UDY2$HBl3E5ok;_E{=q6KKn&N*@$~yvOPzjE{
z*KQC%7nl+PKmQ9Y1!=`-?~v3^B$C-|8VIy-(i6d9*#@?0ICBixt*9nM;R7Kx+6qmN
z33S1qX_}H(H1UV1h=FAovFx#5v)JEdK6GOGoeNqD{=ZG)E?B}50DQ?^0C8X&PipJl
zT;JKzHEMJ#EJBkhedY31h7sSrYfoo;$H-AF{1LoVRXwhhNT>AMZ@KN!haNuq*u~-@
zek_I$gC2eOq2;eGA31t#eM1)J0r*iI4j$y4Z4+_*&DC!{_sla}Hf@<Td&a6a-dOqi
z@|m-ymwkV=9ZNMnA+=a#QbNUdZe3k6>;yUCkZ+}c<k^rnTdQv{HgDSg$b%2<-o0=7
z!BasXA3X#}lO=4ww)B<emex!r(bw0%dDEuW5hEOT2xnXl3tk}xhT$&)&>^7=PuC0P
z1Ma}u_U+rYb?ex1W8h-`#>y3Sb&bg+{+23tz@D@CU4h|>*I$4Bx#xE7*gbdNw52b;
z^45m84xTX?zaqo{CY7NmQ&BPnT=p&qJ0QG1DkexJlltymyB~h=!Ofetu6%tZoH!FF
zPq4)Pvo%;oY~8Z;nJ1rGzH9{yf8xZ^rK0Q2aj$<boOl7LGK9$_aJ59j*uHIBS7&=m
zYcrgKaLmKe($G*(he0Zxcysj|ue|)?+<9|M>F)$Uo@AfRBwl@W>6$gGMvWe|dE>^B
zqejwGJO4m{LybU$+$9=}1x=7?8NlabaCB0s#6yp*SiW+H0r$%mv@-tUT}2BB*2FSU
z>6(~iL|YN5u~EPFsy|$K{<(>SmQ3qC-F+W9>y%esdM=SD6$=G8MjIRSx;k7fX6y9&
z20b3rGZ|d^H8dg<6o3E)0Ox~#R^PFG*L`>2a?Zbf;Fg=NU$OjEIHf^B)5@3p&v#yW
z;hFVoS9f>rx&7}qtb6kfSkYwbaP8B`mW_$H(b#09QbrQiL=CtsiYM5wg;(I}L;@Q>
zB#_P;fBfA~m%jYm<BvY@hu{5b%jUP1z4p?`W(b7eRZ6AfKtRjZ#RmrZFZ<Ik<M9Nn
zA{!dxb@lQ3dc3H@dIt#DqQ{5`%@>3oIdsKN1RAF9v4<b~-ZwAYyL;2!cii;D|Ge1H
zOE6u)hxvgu6zuuBdIK8l2)Jba`{&O4)9)@B*`jaXy7{s{{sQI`mFscAQdb|_v3<+c
zSNyiIDV9jY8XAz9OsfClxF-z&bp_K4M*u5R%PRluC*RBGa_iT<`R70Ue8h-4mH^CV
zERn=@6I^IuF$jRgAf$m`zSeZu(ZBh{4_B>Re$SmZ|MkkN-rBHs)f>x4!hJ>q9sqbe
zG~%dX*$cZ82)NaNV+H_*AcEOQdJh%f<OYBS8#puscLYaqp^$IexBZeI|Hq5ZKb0Hk
zX=*a+*$k5kB=)!Kue|S`Te~{8|M&;rzUJzy;o!+;@vv!Xj3*O;cO)!CpiDv(9Y95`
zzCQ8b19#tf$IbP1_?@3(v0#?Vb#;mQ`gB7>8urV^x7I!N<ReW@aKn^l`e|seW&|Jg
zb?Ff;@y%N{E?>5E?V2|)|MR6yO{vDlOnrT(p)rGZuM%hg&^$9K=2qlHY6Lhel2GRo
z_=CG->(>VeDZBU^vDDFDhr_*)D=wOte)qzbVyR+D#sb{T2R{=yv?N@y?B!W=4nJ(}
z#9MB;^VOH1KmC0lG<2<0vPZR!`1Q{(x&7~dA3JX1qYpiJ*KN0s95s6T_Fcce<R?!&
z^6319M-222T>6WjJ@&{W#~y#mYp=X==`Vlw#G{WcJoNC}Zocuw=bmhAs=xN?D_>u}
zbm5{S$BY}<+dc5d-~RkN|M`>8eBuKgJp&hi{i4-xEI;nV(_Vc3g+E;S%NL$|{+Pv!
zm%aMhU$4A;%jQjE#*Y8hCI9=>6Hm^Yx3I20>nt<nDXI-Hi?O)=$U_f)<6A%Yw~w8B
z<z;`KF>^K)>&KsXdgY2YPCDhd)vMP2>XIKn@Q?du%$)c9b5BAwDVB<d9)9>Ae*2qS
zZo09vv-{{{7CrIUQ-AvXZ+2|oaoFL9Ngoezpj!AK@L~`QA!K_FdSZ}pwiojGAOF{P
zF8==ie)8iVeD4R&yz%-Q8k<JJMSjWs_uqWO^&>`(oi%g(EjQhI-CwRM<gLk54~C1)
zrcE0rPg~H?(DcgE=g#`z8Bag)!f${5^CupAbiu;IZocuFzyIy8jg8HdCQtd*&o6oC
zf%~UTpFLtkv&pad0qIAXcgGYi*yATOZ`!zh?V8m~UwZBXXP?*8)Ah5T{1^_BMTZ>*
z3&uBBuR3($jO(wxp{cp$zPs<d^R`>zWH@-{lyX^r{E-KL^wZy+@{ZH5{mW%DX3kmu
z+RG0=`q-wowjFok5gRvd|K<Pw=)Sw}8990!4DFgLFMseK_doW~!^fU*Qcq9!rI-Bd
zktIu}&zRfV+UWXmJdt|97=TBKJLyZ{`Yy9FelMl<J*O>xdFk>CzxeHAjyvMV|NWEO
zZ~1#yXYazp7L-eNDs4Re$fKve<Mc0IbpBDtoel^5iKm>t?A2F(`>RWyeEjjbhb(Gp
zs;3(xHzbZ<SV5S~fma8v^sm1Bid8Njd;IaXWxw*u%i|83u;hXJ9)0-1oBnqF#EA#P
z(x<n#cg&bc*Ijef;>E}P{if@0y#BACdFbJD{(jTVS6qI@s+F%FJY&|FF$Znhxc=ao
z^RB+)@(1t#$ICChaMUr2p(esg6J}2|fY?GRL<5wm$K&xWn>Rl7#3OKZ95rgR{Fxgi
zpmHvGe8uuNcH>va@rj-Z_dBlB%OA!sg{>es7=;^HZd%qEXPx)tqYt$8m~XuP>igb*
zu4$ReUR}QFt#wyj@u#wBe*U71;LhvToBj&BGh3JW{jYxf$qO!+HD~_SmtXq#zx}17
zqwVt-eQw*<&42#=&p-KT;2-jvpZ|36aVO85eaHvSKI`x!7Qg4cXHS?kF`u)VS{lCj
z-S2<@;xGO9l1nE}7<1&&$A9p{pWLy1=Z)80@#U}mdtF@vl)}}kmc#Yxy=T7fe}DA<
zvG*TvaunCvI6OITR9fYnvjj>A6v<#?Of=aT<BW~NwXcn_FW6u?k-<cha~2Xp0_B8q
z&N+w8vpad_|5Tmsn(8>SlJLFX@BJQ?dQP2sPN?eY>gw6q*<V++?^s`3^VlPQ!LE~~
zE2V!bpikiEvd=y9@ZCT8>Di;lm6lZ=K78PY8@{!4@w~+gmOS#0`=?%T*+rLJG3|lh
z<7&hre(m+&dh)S{>g((7zWYaWW_>(=-lAuodU)j7V<%6&AeGX5K0v@kWqpSAWX_b8
z9*^VD!DE47aPY9fM^3UgfH0ni5AFZ#(@#>V)RYS@d-bJfX3v`Y(fe<WJLfEH47Y9B
zP*K_H`#=5_@=PX^!C-jTu0z=B-tz6+`t}=y+ts*pCJi4k`l3rNeDMBz`KCTJ?SbF<
z14@cKv_4(bO*$n546RXPL+-Zk-1)(KuQxR{4jMe-&-eZQTQ}W0bog11J~VCnw#{2M
zuZsknOP4IDtE>I!{WrRF={|hqutdV)_Be25KK9T9zx&k>Cr+A*Rr2JCV>jG%)2vV4
z-?DkvLx26Bk)zMK`uZE6di1ZmcWrzB?N=|q;%gwxo;m%gNB-_|V|Nq&+XMID2G5^G
z3IIK#LcJ?&paQ<rscdc3kxHi0>GZTe{{=JZuDgFY{iC;+FIk3dFXy<LnxeHaNBfQy
zz5Di?JA3B8pL_f}ciz#ZYxjr$@h3dM8ZuM|m|iWjQE4rO;+FZv_I&Q=pH`nd{^^Vl
zu`@gO+{w>8^@!gez)ke&e?2~V^2E>Qd^+Qk55|of{jaAUdgrZoKAri|_rCw#l1K?|
z%t+ho^Bp~U{Db%3yy2#6H*Q?JaKXG#&@bmpgGom~G>M+c1p|ROy==)sY(Ez+_#%}`
zVh6y9d4Ohsi~X=0OJ|mSvjco<#)S+>B^n^eGC>FmR8n(u^O$iH@p$;)efRepFtkh8
z9yr;-U@)7_?Ao#Q+jsnA+^E4_yLRl<soP~=zvkfn!(F=dm~zgD>u$X5=#j%$Uj41M
zZQ8v5&ih-pZ0z2%&y?{auDjvejg9pfYh0P#J9ow|phwR>Wo1F!x8w2LH@|V=>+gNM
zXZOB0-*~@sm+k`w4n44c&#>X6MhzQ${SCJtI<z0F45C!Fs@l7IM>N`qHF40O;V?9&
ze+u9uhkc^w!iz8Y;ZJ_h*jR^+?Kxvc3>-Xc!}@iRlG3ZLI{(V6FL3jH8TP_GdUf2j
zYdaDfK4jqNvFB~uy6v8O?_IHc(Xyor__QXkD$GtDgLUFY3!Mgc!P2sl#)kTa`gmzM
z`(x)AuCnshm91J|eA$)b&Ye_NR=#HSD#SQ=;J~=?6Ma5kV`Ibk^Um$nyZ;N%K3Y-H
zYR9%+-MjaiJbolUFAeB>+jdnQI<(!sZ3~{8`~m-2qsGN!{1>z>^0!PMd@2T{Qkkl%
zl2N1288?3No;|xeckXuKq_eO6){Rl@LmKKMky03iLt)&Bu|`~U**8MrGUbgRrxWw=
zo7aBpmhXJ4p}zjSNf(?qdPJ{2{dR8Of!TP?^;ceg!ML_<+wa)6W!$-wr;a~s)R^%{
zjvU&zcNbPApU*Smtg+~edB$3$NL;A(My!tidbJGPld!wF_J-Tf8ZvO~xCxs#ZSdle
zl*8xqmj-cVInWEN`#pR1J#WnL>u>x{U2RQcV@g^OwIQIkjA@sN3dxvWRRu09{*x02
zGNiv=(zacD-1{+Su*SJv?oU2`4`*cJxo59kv&!f7?ccwD!lWsiHf<g=X8c*hhfKNP
z683q1TtDpZC8W+hZ}Ql)hvR{xw)Uj_(5%MR^g~t(C{5Vhxm?|P^lII@UC&;9aO!E3
zLAKzNA06<x%ojxVC6u^C;6?VV7?VIp;X(*`P_xtkU(HQX2;<M2`tN5S`Pw(WQCm};
zN+#p67*^}vefvN1_xs-cVAiG$?E1lM?mw_E=HILDOn>6xX`MTFO(tVgF1T>s=d)eT
z?6D&UUwwP}6OT;8EDwbv^>sD$>@sier#02}KA$rlYku~*x7V#%?(_TDZ=2<EpMLUQ
z&z^l&uUz)w%-R2X;va(s55wKHvA#a+cVL6rsdKk;Cr&wg^f|^KdYm$vo0~4Y<ciC`
zegOtEk%;3?4kfyboYU#l<4?TwuP0s#M@oD3?t!_!c;U*SLr4DWiNAd^YtG6qmku5>
zB-$Ls8j1(cL?Wqs1I28(3qx}*4L;EE4xK7-@&Do{w=J5t;Li^}dg$Q3i!PpAed2hG
zp}DrU8ml>$@^dF$F!iF#G0SnuH8jNT{J{^faIaglV%V?&?0mgF{qaYpb?(xweftg@
zH>};TVcXDQBPv_BnK1GEbH-0bSel5+9Mt91a^QN${SWg86RBUn?zqpr`1*%WJo?X$
zow^JeHgfLgGvE7o*0Lq@afvoHHDM;ucRt~aB$J7+U3uLF7f(#3+1Y81M$--ldW1zh
z5-EB7p(mex`Mp@I3DXkFgu{V{WjN_KU=Z#QlcrvH&Uuq@PL#e73Y`?u-F&BE!mR8p
z(Lvm;v91jmF!-s*{`&E(&oSDg$Bs+Hak;Y0H>_JV`}29fyz9FI1`hegH?P{XaqV00
z&v^3DX+3-PE-m%4#f3qerxMo`cFCyFa?l@A;7*6rkxt{;Ywj0|w{PFg-a}+Ro^6if
zB5!WOv8J~A+Uss^YHoV+U$2ZjYYd)9CQZ5Uyopn%Oug{4&!*4#boOhnJfBXb@UV!>
z2e#2DyJ~QAgAC^)uoz5&Jg{_>nFP2UHEQfF(&rG>tQoXj;(!Vv-Cnn6<j->HOgf$%
z+AVO=2<4~DCI+TpUbO7IjAw9nhfZDa2t07mupz?+#1mOuIjvf^Y1O9f#g|^TecQIJ
zTQ(0KHnMG1`!3yjwyUb>*=z8unV&==kstl^7dv<Co;73o<nu4S^6IO)cJDW9=5$Ql
z@BZK}hr=BThr9LY+p%-6O&ivrsdbz3Oxm${!JM^g)^_XG6VFgpRh?I_S~g+g1%3Ms
zoH6~AZrys^a@)5PiA+_8jvYEy4H$U#+&MG$?c0N0WJN`}+1oBH1Ewz@Y**KAJ^cPM
z{)2ueZcUxAtf!p)2MjrP;?#Mc&x$rSeE&zkXy385)9Kr`Wy|f~{oc_d$G%*?>YG>J
zFmC*qnbT+O+=*TDk2`hloR)qhr$C%%9dHV*p|qJ$m@1uej2%BNnanO(yx8OM{Oni1
zudImR?Dy>5FB}fLT<(i6y%g)_7qe&M!KeR#!PuL0@6o%oEYPFZ;PQ%!^Cph(-gEG0
z{JebU&Y$3{Ha0X?SJ&Tk>vxtcTCipF2J9uPs@iFWm+rVY7*ispX_EojtgB<Eu048m
z?%8|joLQeBvG08E$G!UWuB)xvy=(7;N#_q3JTx3B>Djxl&+n%R>2$igb?@o+gmM{X
z-mZOzst%pf8CReFgU+2edC8*r$B!Pq^T)qz-KL!%-R#*XopE;P)cL}TFI}>5{?^T#
zdiNdBwr%VDdx(Z9Lki>$fjS{H3KSEAr3OTIVVuvMIC1~py{lHNx%OMPjyP*XJkEY1
z?s56|?c23u`)=Gjue;%<lG1RuZhi3}ifihQ@BIY*(k$74Wi<OVWE5b!J^n+74s74H
z-R<)B8!)76*B&LMrFe9}+7}Fla6NYH*!i1R-?)7F;!7^O0*lnVxt|C8!3!?9AP@*I
zT(Ee=S);H}wrf{aQd))+R9afry?f78+S#>hw^ps%W-Y$NFh8n1KN@fXRR#D*f*2sn
zdLsgU&#d`d*KV(O2JYCOOD7YxjW<szd+0me>zfJ<7RA)D3`WQy6n5gOOQ#*-FjoCs
zDCA_fcmAn8+^9=S+2xFll+VW=0kDV%+2<BnYhwf7frr?y(7@0iaI!y}#q|K>#>Q+Q
z;Nouae35mz*pH;$?C-`YwxKX?@(#bx;SaE%p@Zi0vm|4&j6dLpA-pv;IZ{b>BRYM+
zTcpH|+c=)-Q1kmeZa4g=BN0zB!S3yd2q0o2kuELsAZ9e0Eh)jW0}Zy)>5@_`N)C8v
zZZ=EFDoKm%HD|*>p@&#@8lBEan7ze@N;AtXS5o4{4jaRWhoGjW9Q*0N2c1GIJAKe#
zfeS}mUXP=`E*lED*!jw!FYF6A%gS6}qB|ueEDFvkZbHQ**dk!4Lm>})pCpk9h1@h@
zqK!%dM8G&hAB)kiSF;Qv5mzjRsmLxce}Mgxc2hGOe{>cZMtH)of?F6y8(G)j2UAz-
zi~5~<X1TM$R9o~tR`^AAIhSP<DIQ~&1E#dg<w&wA!M=ftIvxlxPe`n(iTyTOkZWKS
zjpowquO2FX7zzX|CLb*aHPJ~9EHr_D9}@$);k+X{rgtFViN&z1!sYBsrm|j-E166M
zL*8gK9*G2SU0{+#qp^~bAf^^Fk0&sx(mtOTG{4W=7;O%RLs$y29hTk!$b+)5f>o<d
zFLgoy#6Ua0L0L)Q?*IAV`46@_{kQMWWm3tS`kSVdJ@VZibv6s4vBjDzV3U0w8b3ui
zRoxO*_xl*uD3*76IGrfwqlK*%8sJyoY&K&E`6Nsz`b*nl01aB{Z8XKJo?`CE08Ya}
z<YCzl9aNsgr;r*4`AS}rX(TJqSQdiDQbB?AnTeU14jPI%-#UtcZyB(NOc<<bnif3`
z8OkbYv=y}=NKJWAD>VrSjj>4wdxG2wSqChLKY!qp=U$w{?u7ievdvhe6h*+O(ZW7&
z4K#jiopQi4IVURp!b}k;?D<T9LbRawMZsz{v_Qcm!~hn8i4VOBb(=_*;AUbqFUo@^
zlAOGz!2<G_6wz@DSXj!@^%PuP#RSw)O!&5aRQdFZqltqS!NNZ8nIsdMPQ|MVQ{+#5
zQM3jayGa_5jZHe(6KsMqIGx#KgX6?b7h4VSBtcwV5s<60UJHbzLb5oTLl?rvuL^i0
z60L*(mzF{Tb@w#G8O*uDZX~tPBw;YqrKnUby`w?XR;X{5jx3<}UjUp=`(<-z{3(*0
zGh|JBzG4fQ73w)r^8Q%8kPRWvA|HC#=BVY{1vGbVfEmZy)HF95S85_V$Rt>}VK8+i
zVBcy5V>pqC4!Ap~8c#Y>G4_?V>~n~w*91(d5M;Rsw4@J3`2~skQ*;(BN%wyl=ot-|
zVc4w3(Mm4>0v`Y^QCm|9IRDnmqB@RN1dZO>izQ$p3PILTVW2cnF+Z;gi=e3x$f`hJ
zbTE&k0VpW&r;T5Pr3U7F+cb+0Q6y7KLrqpFsc1M<k^3$L-lUL)4Yg`qe3g)sp`g0Z
zL{Mm02ie=Uv^~tIPt9^E1UM2N6{q$vajvP@fQ8W8TA^6pSAa7eR2^0mzf5HrPO-y_
zhN28%9-K#>Y%XE)CU!h(QeOq&+rqs_)s$go1hVK8`OUNBHXFb|OVb&ls&PwT??Wk~
z9l&8U<;4^h4cvs<$l8Ku-zLF~M!gbhCYZY-W5YO@kcnx8egKPrsUIuY_|G@7_i$Wz
zWOlOe@Wwy(BRD(goT5rO*#yhOWF$;fR=~9?<`}}+Ml9Cn{~1t+EYh~=4I2fMk$?pi
z#a8+}ml63UyD?RkO8G}PHa_irog#QI;I}x}c@~*a9Ue4k8+}o;An6VA5T<$`%*4V*
z2ZdFDY{-!XP(-xZSxd|Uu%Kzw8gII+P}OPFi&X&;bQ}RIy+v9ItgNhH<m)u-JB8VT
z$Uqm3eFFJrI3iz#bAk;O4NO#~pg>~hQYc)pZvW3f?vO?2R5f1peJiG~#Ia$biMQHp
z4*}&}JC$S0{R+T?TMQ6~rcJ5nlGIdnzNigH($i6AubP-PDqu^Yd5Z>lmI)dD)lhjs
zMG?*woE{T8jatu<>qt_rN?VsasE(tdM<$x$p$}sXFs;ZMy_5ePEcU@g`a!b<(?p>x
z&;jAZCWRtF9(Z0Ta$M3#Fev_aa0)pTJ0IY>SgMX`VOb1E2fOa+&5LkXB)F%dM>Zdq
zBr-HHmlGse*63hpGC1VxKnnn}9UlR;F%5h>2X>yd;7lW36Whd_XeU8b#Ui3jo>i#<
zM_rSNcNIFO5d{f0FtKI7A%_212m3ZbmY2DIXhpGv=q?@2dr1xEZ5nWv2xknf)fD0I
zD};z%d>WL#u1{tl3U^!tTLGA`$On)tWhY9yd0s*2KPOwL!^QfwgX+W1SH3MTAvbvt
zH0E-}*axx{desGX(5lEF`(QBoF(U8Tj%{dDY&5WRU`95F#FRTj>b#G<BmlaJmVv3s
znM@!)>5aCeKYduFWCBE#gGw?UgxI$?Q?@9IPhlX00wB8r85P}ZAPR+<ivn)Hde8_J
znMP5=sRuVQ37}h_3{Xt+mh7?EXafyX7S#idwceG{wVA2~P_6A!%SSMYB^#QjLR#V(
z!-!VP40v0M_l6qi5;M<J<RAnSST+;|6VE0NMS2j#@X)JicyLHBAHNEij~kCD2eqOB
z?1s<26(`5P=s25&o#<o%P!LfH0N(9Ltd0MOlL|m-2pf?S30#i@6+KK;rw$QCE~ffo
zK<SI#6amSxJRtS}O&^Kph^lGq7G2J!9&FKa3xIM}6SH)YZ^%o$uL^`#R+@l#ILaid
zsu~jI_LhNJnmdqH`ED>6_$Jl_1Je#>WWB=Np*$p_nJWvdhT48HkjAK&Vd~QcR(ui5
z7*1<~9U}ij<M|I}7lcGBhE6~pM)#sB(iI#MNFyLxjlGhgvuYtIh$yDe>Fv`YfKv=j
z3(1JG(YvrnP){R2PUXHN8!1e^fgSj|s=y+?5iJS8Qzh7ZE|MYNs^<wG<{6r5bxPQ)
z8sSZVx8R_@7DO=|eH6(?h`Kx!6z5%m8QH>t9F1fmnrEQ`93#P02@UiX!5ORq*_h}c
z;!-RlG$F7<<ex*t77=u-=p2locUeTbc^i;*eA)~O3J$~(OvN%!Vc_>7RudY6Ocv(0
zdmq+rD5ro^vnm$kU5tqYgTeqMGto1Hg`!q?#eq4o4qZ4YTd3xgvYoS*q+rrN3SiQ}
z?NN9WxuV^I4CRANRvu(94)F?5rL-k7iK0#KLt++&1=&QWsBB!*AQ5by|EwCw7OhgR
zTL3F7Sr6y-{)wOk-yyP3-9Tn9d4f2JieL@7T@{#)Of5le1_ra#s)fvFp;E(3!9mdw
zWRH@c|I48KMK360P2LtmAUGE78ZQdRlB$UaStdf(<fDVeCo0x42vWODH3^Y#*0=>z
zlmZ|-6djc`T4g=}YvIiXjx|hpvO|Cp;jr*)9;?_4I3%(hgoJ!Ta+?Bb6j~{Hy2dqp
z(H9{I$UI#bjf>NR@GM6+Y5-$~Y=`Lb@Gp0ueo^OCm*m9=(u-EvFFlq~)g&GZ#4Rb1
z0j5e7%v6TzNhzj42Ng3V6&vpVCGfG+B`QW$^J)gP30sB7UL+Hvwe_gzxH1v4(GydV
z*2Jd?T>)>An}uv)1GPm9hX`)oGia%h43IM|TW$fw+%6XSIjca{N)FA*W&rc_$hyud
zg1Jwjg^}ESQ#O=xDF)=WMJA>obKwn;vn>qvW)T0o%uHeq$YCDjS9U6gF$>1dKk11n
z+$rlI$^2+$ZUxEM0QeEE@;ollY-FvFX#YzLx%~eWip&=@c}xKQmI#*sl6jR64ioYQ
zW*`b3)t5qmLo1)87e|R%ly8-63iC#zmV#0d;NgWrZUL0l5S*g2ROg>9q!4E0q5|1N
z>jE`W2*DQe2tXzy*-j83$Yd)JN45gUr%>ub6a?{gCbDOOj-acmP(F5pcK*R^3A)q?
zs4^~>g#ge>BURNSQ!5Rmga@5Zz^Ex6w8~K+rKn)LLl#?78DX&czl<UWO3>tPX>3u!
zsfQpKEgk{IUtv2<U{rBhRF$r&Ai#$?e^E3NkO{Qr`B0k-XoxDzc-7PcO>gGF*k%f4
zQWk)k5p$jw1x!2;)1<)y1}2461FJA`OB7=y=;_f#Ty_KqMlzraB{;%A3ioMl4p`|0
zbRl%GY886&uT-7<k4&*1k~+VpF(^8N07yc9MIu0ecUIJ&N6JSdpcl4UKutvh6F)kN
z(i_$p*|}8$3W%q3^`8f_G)wf<^2&SC`II_ajAvNqX=dq}L)gHCtc0!gx<=4uC5(&Y
zn?c7A&Lo#YL4{l3pjsA=!J)l~OhNuRv}B4(MUTR6C78QVbea}(x6rB?D%naJT-oMU
zM#wzj5K0?+3MU}TrqG2DRS3dX=Tiph$%_3gBbS%&5b>X_Y>JiAY~fu6bgW(IA+SY|
z)Y>tVIXcKR33;{7L}}n5sKPF;JZOPdSb#C2CCDgmdIr&Ar#b`b1y@2W&?nGjbH=9A
z!5b8N$lOf<Un&$U4HShOO9P#akTs5oB#O=(_OVRK1^#LV>WX!{0Yv4aLB+yc%0&{b
z!7rjBppp#!i?S{V3ok8n4!Utzcn@3PNH!-kp%DV~6zddVOw#Dz29y#VfgBb@Uy%Q%
z3MEBa^(c5U)G$gTRTZUV0MRrdqfaxMhGjI-sZ1v!>2NeQn$fi&GgISJgy~>t0gA*j
zGr-zVfI*NwsRA=4y?9_P?&39r@Xn#FohGP{qVQ9oidH~l3%WwCBm*)R3NC9edr7oI
zA)4q1f9lk-sR0l|9tN@<ESM&0bGK@SdYI%@1Q0-HC_?ID3nuAxt$<OZgE2#x*jtf_
zVu<^q$Lk0M*~f0=Z+6i66;)a_*^y?8D7=kr3>A^Vn4A?<I{~di^{*)=DBLDcd~T--
zr`PN8`Q+l3iyy_GFJ3SE8{{@n^EdCE5vDwGg2V$)OUFTRfER55)cgUL&!_#<si%h`
za}$Xe`Amb=6%Rlmmm}hGl(?J`motE8B6=iJK!!L957K*_CY?0{Cl$KAkWcXFJvco?
zpnM~#^7SI1C5xKghn-u|fP`g|df6*ul^-HWmX&!pU0#pJ=k@t~eiX0Q=XQIn{(2Mv
zg0b1uIh15&)oQ9Y1$u`|(UEL&IxpGb%qFw7jW=9g@z~G$)J5fS5Kxu;m32qULaq4N
z7SP9ax!fK%)235cwDVuq=*Eb;*&3csvp=`Wb$VMJC^tja#i1n~!<o)zvxg5Kh{t2<
zSyyx9;IdMOoXKV?D_T`mb<7t0HcDe27KxE}sj(#;um;@1k=z%KTrlL?zGX)!6zSNh
zeLSxIX}Tgn4hx`#xr^+u_GMj;?2+TS-D`6-2a&fkQt7Ph;Ox}TT~+3YIUFg?j}g^4
zQvdWlwSZwnOu_w|G0m+leZmhb{Hy!i{OHU=!yfx%xFVE567-(zJOk7$WL3~uL8<d%
z)Bw0nait~_@rL@khQ@|uDhXvE5GX4xM{#>RX=t2If54wgrT|<o!VkqgHHfr}fe2St
z8vN<KufOobhfe3k+a1|duC{?Kh<EoD3!<8w^z$`U^%X$x*XMONHN|)A*oXlgHf#*`
zTp9jHTCo#3d9rrH##J3VcJ0xvm(%4;r`eyZwFf26I$}VveKIvRz~k|pIB|65r|)Ir
zaX0&$#8?eE5QSekBr9r%Bc5}#YSaFkSANUy3t&y8Omv}mhKBIP<x@P5V6~i4Vhlp!
zS4nA^bIpqNzq;$T%2sXu^w+04b?KH$6<pbiM$2+%P_py8(mU5@-uZiO)u)c?;|}(x
zVI9eoBR65HZ|DS9*6+LYJFYerxhD2&{A2+}zK?*WVg=noVGgwuW>ga$Q{gP&pUdg+
zxEyX51l(rX))H+PU99A>tfMKLi)J0Qscdt=Q|ENXGPz0aY%A;@#GqL?w}EcF!G=ce
zB(Ew*0lBIWoKCOD8*OUbxoi9W{d;QbYU7DGU8h(hgMnb{R&9Fp?A^O(-)ttcX3g^6
zeFn5@)i$B-A;=q(S^|++@rJTVd0FrWKY!|#XJ)Vk(V0<qh(D(V5k;{O-dhx@B~W8Y
zzzo>GfA`w8%WG;*X0w^TeFl#lIWENiw(*G*#}_P|efaQx?7h2m={{!kg!1wV{^xfK
zgE~)w04YV2C5r1jZi$Bu?VC5}qlVJTqy2{PzgNT8J}zXrjAJ&F%jBG{c&y8=m92vQ
zuU+x2l9E#EUKnEACZj!5#pTTr3Od-9+-xA2PjO|?OU~g9IF~P5_lMv7_~ePhUXSk&
z4?c0uc@vX~!smiAL?KT?$fE^WYry>YT#3C~v%eVUJY4ID;2y>F>1Idcq$^8)`LDpb
z&l`SpU1(r0&-ec3o%nS}vxEKJZaD#cDyHD1BAC1%Y(z~uq%{XA>~{scF3f^NCYwxW
zo0Hj^c&0X%sg5Qayq-p<>v$}4v?(3;dvfKzhD5d=Jg>W=Qz)6qMU%Oo1hSX=bIN{3
zpPOZ_l$dFTy7e9eQI};MaPi_Q*u7`RnsqBro;;CCr-Ok&X=#bi=fx$^)Euj;Z%8DQ
zsA54pdGz21Z@)Bj#F!ua<kuAyt*~g?<Wme}L&{L+$LN_fWo5x1-TlPN&(CqXutUUx
zSkrLB*DA3?tZ!mpd-I=yAySUrL+Wa)XUu#XyJ)Z1i!~&fOhh7Ol@+bine?$^hZBi}
z2l`C5sX5xMYtPFry$UxLEHsJ-1JGMt8#FX1Tu+UrEDI3VteqCb`JcSKr{9QO=TG*q
zzc|jWI95nVJFszNCGAKj)1w!?)WZ?K?8=+07euo#)(IF;6bbPAa<6@yUAl_>X@3*2
z&+z9QuAI{i8OL1C7YHX-ZvOPA$B!TLdA+yX`Rgmbc|F_LxC+0SSXA!CB`!{$KsMxR
z{Ny$FA8&A$vZ^!b$R!;O5qJ8&=@kRc@~rx_?w*?>$Pt^b@BJ<Ct)DxaG2!{_AzwwI
z$i1N%2|A>!Z^`-GuI2mc=kKV-@>ks$JJRep;VP+*r5c(NxR<sa-VryeG*-TJu3gt~
zDD255v)NR(taTt#?n@;zwW-|I!Q6Kv&PI4PI9Fb^&}AX2>R{@xDAEg#sZ(5uxPI5I
zTZPrIITkA`EgdmrV81@SD$2_|UJqt?EEYd<^!WNsTQ_dqj<ph(#KGO$c5d5v<<+;`
z{@tI%n(^GPI9Jms0FjRo#XAAmg7}N4UVh;Vx3kxe9T?_Va!B96C1YDBk}O1ve4P@g
zBPu8!*WsedWHVS+;)xh!)`GoMy!mAHiMqNPR59XMCBep4t3&(F-MaL|X`pP4Ih*PE
zn*c3_YGme70Lwu`L*1V3n`&EC)pzdUjNxj;ijI=yh2Q$)>0Bb6Nv1Q2bjO1mDx8_V
z1BUwjev37oMWO~xOp64xD2fDN5p(7;e|RK2Yo=@cF30+<YT4pgzb&_ZXKwwj?D{>t
z?8|Q0mtA`}v}4P%V~c<4NS^e0JkhSV-*CfC9m?HUH5HGxD4bTYi7P}L#n?G>&Zs*S
z-@d?k@@Og$YVJR_al&=Y=iT6G-!%~MIqGYov)}Z499g#`z2q}Tn=am=BXEKg;{qs>
z#_};=4FNe<1v%`hTrTGi-q`f+g1zew)a^K2e<bN?NVya7gd>$KZ5u9cTk634NoRdN
zS4k^>B9V<HupT=675)q^hE&#>&W`gr`}v(I_|uG@c^Wc>XUljb0J_IyakK#uu!GsO
zdHsr2OJnh5zurBsz4G#b{ri-bL|iW1LfHhz#;|p(%Km+OwQtw<z`?_~8p>O>DUFm)
znR;nut2Q9O4`m{ttLi{af*_M2*xLd`K=J#%Gv=&bzu}<zu^awhz~0N5fe1)~TE+Pd
z216w!<>@rewIiL$B$Fu&XgCxKhQb(B>=3a%WDlO%Y^zpnJRbH?1Z(O)fjTLAL3*w!
zuo_yo!UuOFVps!D!|sMUM|Ct;-;k@X&(*P#t*_74)iId~s5ZE&Pq-2>o9ATljs?&B
zt3@W04F+<KQfH*ZAxcSQuC#R)rL0Z1ymht$rB$}9UAQW+wr}GvTl=fMF6YUr>l=F9
zmct5D+}_X*)Xx@nRi-oRbS_fWHTS#e(fj5$-!seg+Yc-5c(7vPwb@)I+uZ2tb9VDj
zo@s8^-GSY@&(ZwEj}x0WIRpHMcLks_@M=ru`B*SaY?V5uy(^b-1e^iCGZ64Nd;vT`
zU^R54Q=YPLGL`e@a^)^(pH}{1Vb7#e_f>7Y-|y`IS%vGjWsV10yPj$9xj5p&)15Yi
zJ{Uj)tYLA8Vbtw@sX~062_RXqH_#6sKDc`AidZZ$bWpz=uK7k~MR_unPT&cd{oEvt
ze~_b1&GAICf8XBMU3qzFIFv}H`VJY{y=QN}V6q6pCqY*=LMF7x7Qu)>{lZo22!!3v
zo<DNrGPzh{NWYNSA%4Z+A>>>nu+NJ-a$B~nk2W>3S>kl{=-y>e|K5Z8bnnx%OZ%$!
zIO)|jwO9|+>2%xH?YejCfyGfV=3dQ4K|?S?r!?iL;Efgx+9B@Tx7%BLqGa9j%FQcU
zZ(Y%D=i1g=SGL}^vh9vl?f0zhuy;+{-7DMgUETHY`iLXt4TcBwA8fWmwE780f&5ey
zMIx|Bxy%Q19D5GBeO|7@bFnw)^yQrXoXf`wlYO~dC=y7nZGYe{Z|WFMPIde1>-&5!
z7;#<JKi8q$&))hs0KF300y(uHWj$ajti1tOcHee)F5PzQxh38}$mK}IqD}S3{9bP)
zQs(V5K00t>a@`zXv^En>Wtva=CtmGjZzL80!*rFQ=3quLH&nFrg!AT#1BXsFd7W98
z&s$L*>{#OH)7E=dw~`4xN+wjgCbe;2(#boemFsL@W@I2Y*q`g>&Q`>efkY}7OUL7>
zfS3Q?SswY2vQ{U{RU--#1ki;{CbRs@MMsVv?$EyKTUTG<_IR)mV%NgAF6=*!xbI@B
z*VWbi`N3&@`t%w&u-}G_TWag-LZMLCF5R;1=a5B3q`noIn~_XWWKF>D{cQfGwHx=-
z?=o{8`{R560Z=d#&>IkefOFrzUB`|eK{~kSj2tm!)X=_Jf9Z;&j`b&;t=qP}Y|8jC
zXOF<hV(HwrV@qvqT_E75?TJ2r7D~D85b^}Bl~a)ii1Zet!R_>mR~~4?{xuj3_U+W6
zf9H;UI<&9!dAhf4HLzPJl=fwjwvoWVZk-2r@6@wXmBZy`(?lCxz$5`vo(YN~nS%ZJ
z$DMWhv#tO;isJHT9pP{wy}sT4yFJOHSPg61U)9+E`@V?R=}kFZY(V(XoGMN|Wi6b}
zoYz^i=)>A~9&)p{0{EA~v!88YoO75b<z7dV$G5Q01<l?-F6c-s`7p6<lhg8Zl)O(g
zi3<0v_yN!`u^y(<nOHo|wkGLxX=$dabFQ?r*U{E@G~ifrxaR#`$DiAL{Ld?o{e0n(
z?|*UV=Glj?{q(>!Gf)m*GyTAIAMLyJtv#=-I}xFqnIR2P!5Hh?B&hw&&oUdb4!ClU
z9XoR9$RU_cI(Mwk=Yt2o&+Br#aH(Rg#6^K;K0Gql*Ejs`o<CrpSYA<C)vnFpf&H*;
z+`M&jW3&<bi6Uo#$gmg~$)>hU8Lej9F<b&RSNNF$^UnudKs(r24N+@~Hm+T_Zqbs@
zv)K%0Fnd3?bGx_JH(mGIu{+;6cI&GLu6cUf%DoMf#tt7ks6U>jYwK!1n(^+g-Fs50
zlm|Or4e-Rt0?=?!;aU!Qdr}eQMDj3I=D{Y9871dPCKK)2RgIr8Vf46h<IX*|qD`A&
zBSwrr@4WLSP3qaFPsc9ZCQX@q?t}^FO_&ggM6l15KK!8pX*F#Hayo4!vpFwY3Y&A;
zq$}$V<ggC%l1ur#xu!K$d++uo4&ni?w*3_i1Apj^c$~f@c9HTR;#CwI<XgqLX$h>H
zvqUluXWP!{hU#>TJhRIjb3BzyV$s>ZXUmE0E7DyC?C3BAb0FQAh^?IEP?i!I1$!U^
zn+a<&TJjw<cZ&&+1;dfaxE+~rRav&Ib#th)&RbgND%qd%A5I4voxvujKko3MBy;X$
z)}73_l4)lm?LcXYXAjrK;Y4v~fr9;^G|f}A2HWB09ET1ch(@FB+O+Q3qZ=M~-g)oC
zM<0Lk<jLxAIP7w{!ND$}uD;>dzxi!xY3c9p`ERe++td{6+oxAB5IAx21h$rLH~&mP
z5in-hqJ#+=6Wo&$jgCYEe-9C`y1dT}#JgcC453_3=ZX~z-+Aw)MT_Pn6A9eS%gf99
zcJH`&Z~Wd*t54R&{JEqrm)f$o?#Hie!MPuI){syzh+E3xBZuC6_tocKd<wfoFMX1m
zfjXs%k|5SWK%9P^aGJoLkAB!nPr)8!<%E(wHsD5zD)gv=gF7PMAW~|1V7XSLGn7(6
zAbKpD{qAkfHLv^Dzvh4W58gKIa?xxCiz7<X>*&*|`TXEBsp>5mSMX%dI~s@m#8>8X
z`BRJ#WFHQ;fv$HX=Pl&6qG1&fW9!N|g1tv1kM2tx-s8kd$EYkuQ*(UJuI&eQt@rx8
zZ7a*2qrRT-1Tg%GZ7VWqepTnebE3qo(}MxGv3RtCAr+GI6%!!18w+`J+#h!P%F7%s
zpA)I)+?iDR`ktY)%N-|cqnT93naQCz(m7`u$E*X-N$IRJlXao+Pk1Trv{3U@Kr)Vk
z%`bi>#Zv&LYciFru0EMcr8{+O@ALXFs{8iuf9mPyzWtp$pMCBHJQO!JMxnXq_kSoY
zEB(!H{tG)s+?*20WLZf`d3k9p9y@;gm?q1X0BIXd3-(2Cl1;HsNkCx3_!X{(5-0^j
zD9puFI(_8G!RA=A+vBBbtICQ<IPmethFmNjbfw*yq$iUM`*ZvD*UVmbv~&A5tt#1D
zwjK|=x#RY-XYVdHr`dVtCzqm#SaMLgl^3A^T6j`qQyv^eUGK2`;mCfYhA)e54|_ny
z(}U0J@p-*y!?X}LA}OwI3i)Vf5{aZ^KySx+XFI38nV7#Zef<>AtOtX=x;q;1z!}J;
zJ(=%}tNrUQuN^k>oWosiZXSHQx5Vr6C0qf%V&a*aKQhY@eIP;ZlBRp8XzHf|eQYd<
zJq9|;+tyBh#u<cr7J%K5a=BD8p2?&kcj?lv*Z9kl;Z|vfBUODQ8_TetwJVVP*^V}E
zw0PfC4?9Pg0hlN4`?M|XR#x7lox>AkpU_HWQpt2O+Vtb$t=_z{=bZz?jn#DxjWOu6
z=m9%sRGAg_mVhA@F}fl=Rb?VAg*q5K*#g_EWU@IHLlPC`Wq5RpHZ^_sj@zGp>hZpP
z`#k;J^S6EbJ6B(Q)fHEKJyH_+@8A3yv{)>TCuuxH<C!`X3}7W~Xl!JOXl_g9U@TrB
zQ0gS>(6TNt@GpqPEaAI-qr)=-?pe6E4#MUu-zVa{viEy3xj?}0bbD)~2}d^JOedWg
zR$S?%Ba^6aN_hN!zt7Kp+RP@pgZ(BDo9Lz|R}0f|5*c#PaEoFG#Yz(u$s9a<c+uh|
zU#?iWc*)WuM~|*vy=L*!WeXQA*|K%p{{8#r&R@82@zVK=7Bw_9uw5dLLN0I=4__Lm
z0tFHR3NwuGc^t>1*_)@upP!Su?cvxHGZXzfx!(D&P>)WI6DdcV;L+sar3(&~9vJwm
z<iKlu!L-YllHXxu^O&bAV)Kre<5co9147UcX&tg#OfVb_f9?Ax-+s7Z{U&z_mK$~}
z;!`Du8&XBv?mc=BE^XZ|<MCy(j&w4~9#_d$aakC4R}B)%w-n_wm&u0OwP`i9x36ux
zoWqkzWi#wUTA55DRnwgGd)*IS((A=5I(Kl#j#oFN6KQ1~6i3{2v3XRS<p+dfQ+QI!
z+3++)Ee}ol#eu&`$PONl2QTR~`{DAiVMG7tkN5uVuYd7*UCY<3J8<~uB^O=j_4;Tv
z#P!Op*!7D8>bUMj<~9%<nM^YEj*=H$D7G(bm(ITai%p=Sjamfmlst>vEdpU(z!AG>
zwyt4da@nTlSS08h&@SMJ#jp;dU|Gzi;+Vffx>mwZLo|vbyX~h_Fk~A6bfh4xDOM-L
zO0Ph1DE#Iy8%iRPZr!?e?%b(M=gz@kphJfa-MV(|4ppbBwR;=ydw18L-`n~4%>9k=
zv|D>&@mR`Zy?I<gHAjJD&4C??(-FrLeK6a)U9P+`_lsAXpO_u*-_gD7k7b|yEb`L#
z+djOx>yKuKH)cA9D|}90+Ud`@{OUW50W65h(Ce~8)tE2SP@1QdEP>n#2fV68!}RfH
zbFC&{;~X^pz%MUr-nO;6_5|iv+qP|SrM9Z-*`xQ+aHT(ecvq(S7#6}@MU^YyWA8Ew
zD4wi9dk6!BP7w-t(IMyb<lG@VEVIw>V?o63j~C>O1t%VlUpA=q^jrE|+s9W|Q`g*_
z%<*-Q7jQCchbRFfLq*6Wh$CQi*|#8R73`^qPl5V|2L3}7B$cjjXl!a~9x;5_w0}H&
z)0lxjz5a?`{Rh@J)T5OZM$2Gtm`tVkb<F*+1A}P}##Yf6K&KQ<GRF>1H~ac8c52~?
zt%;^NoEju=NQW}AcF%UHPG`S9gSvI=g&RmBk-++R=<v~o=EQd<cJ1EIAFZyBH#f(k
zP0{1ESC8*@>6qTT_Z>QN^f-1`@kAmLE*aE+Q1707Fusb%Q-T-+<6smRQ;->7`Pl*%
z#Imx|&Ye27ud3?OrE__Cd4~?|JG5`#sZ+-eRqc*7x=u9v>Jz@BQ7^W?>ZPSb(1tZY
z4CWbv2nPWR9G=y%-SdaD!IIp6y&L`gM@{?dG96pxo?h#&Deo6)TOKZPu+@<L06NF_
zhB;?|eKd!C&43vwUrHGvgpjYCDui2tSfTLZ_qa-Z&UWSD?!S7{=?|=b_*eUOuTQ4Z
zCypNtm9^<L<ebuukz_Pk^V);ySaUk(@Qt{@?SliwgX+l~;EA~U9#B1>NbvwUmre8E
z>ExR}z8d1l);mlmM>>Utqpl&=I^_P>Rox%Cv`rf~R!D4YX+g}f-*DDGGBb}-5<(CZ
ze%a?idVP;t0L34!N<0X2umumvS6A1Tcj)w&iM@Yx-VjGHjGj<42(ZAzbxlpJ+s)os
zhq*|=n2DUO)Qdczqyor#dnioyJ91w3i7iOV;tUwGIAzGL;J%0id-mu%b<!p0Pr0;R
z+x8gA>YCc6E7uS1-sXc}oqNON9zELx2X!j>?X6>8{_o4(Zr4Yj&Wk57$<zJ&^uOxz
ztFO4^$}XL|@ewW}k~tJx42C@E1;kj}f(<2mFjFTddrL%3ii<gyGwX9@y(rEM=pYNv
zU=jU428s)?&|a)={0%{@iJ@$`H22T>(et0Ip7O7gGj}$Xl&0MQwlPF2?Fy+-Rq3WR
z<gT%xBJi0(K6cRKJX9C^{(E~aeqzH*J6xZB<LTc8u5N5-3OSO_R6G!?OK)FsV#fP>
z?!KgH$;Y|0!#R9H>6B|-Nq)`%+g=pzWC3$Kuq_jNOjcGyzCEM`k*_Np*dj#ZsXHdL
zziL3Bu`#YLh<NPh3nCv^d1ysdH{P^*$x2H6G}33wh|lNSv+uyk>Kg2C_=?AWg(91c
z$Ks9gWMeFrOky=;N_xP?zUSbf!?ktw>;aL-wn_kc(H9v;4S9ebg6xfCQp$Sr0F4U^
zVkXKSnVCwgiKh!5j+}8(kqZGM=<#|2fnbLYozEFNAs7fbU9P1o)_yd5Vc$-bul(1=
zs~^8{)xU1N|2vbispK;+zqMh@Hf#^8+Ez_DZ))4N?fij&*Xt?zV@w2*pPVI=d7a%T
zB)ueAL1nm{uG-qVeFqL4K73^F-u)+Qs&Up29Xh=K0A7!>)i#@@!mdI<HAVJR1PTY$
zphex+ILA{u7DN}{?osgsa%JTXcQ6+W=OS!lh=mW&$b!I@Lbe+6H4*l@*r<wr0h-p9
zrD+9nF9&gWT+XI=>Xvu+f4u%!D_8v^U+nqEy3FQSyMJvjTOTi3>FT_F^~yuv8ME*1
zE1MU8&g@1`YJK-pC1n*3JX>fy>A~-j`aWvFY{`YKBNHfOtZVG8Lv=M|+e3cLq_98a
zTf}ra;KB1p>i2JKes0mRu*W4Wi0sx%e(b~Zi!;xZdt`rF&}vV>M0UG9bq$RxR;}gl
zB=SdM73_U5_C_HS`4LNE4xL)FZllxX<~i97ud&IhkAkU77&7%&rw2%%&BPq><9O6T
zNBHLu&%m0<M;oAky0CVD8MEYHb>ymQ*8!VEoPN~i%v=1>(=UJe`GTFhcdg&J<^4})
z-}jHFmabgu_xmxLy?XSnsHk-DALh0so)XRmiZ3=Qc`{xK$Ka3ub@lbTcJJA{Z{O~{
z`=ZgN{Ra=CwsZIHBS)|xvY#Ab_?<cSSxbmIp9L~IbCBXfbh0Inc8FNxc!BH*WU(gF
zswY-JPE!^~+EK!RNSoYJRhBjV`f57qb30ZYsNZ;~`N_*#e|S@`yGE5dVo9GnIlOzj
zN9%h3{$Q8ayrZ3Cr-sH%a9(t+|0j=E-Sc{z?)_Zs?R>?98Q4;&h*n_jE$tHcR1~nK
z4Ld}!8mfyOc8FLH@i<-TcW&5MbKMiG@B8FPG!t|=-Hd>xCX;0gI{Q7L{D;ce8Rdc;
zgRakfNDiVEgzQI#FsDT%6bvu<a^;R)yZwG2e|Bb@LA<gLUhrj5Sr4;Wzt6XF)!Kar
zkN5-Z*R=SB)&dlnwhWz#h{yC!jDOUTNzhN3ftF=s2JS(`B!9(b%^tak3(4d4VvWN9
zvWwK`-FNWNyVGYq{`_lCyztsbv%aXVtqt;Dbi<h9M&$OGe*v#GPOYcxswf<W`%Wg4
zojP`$JmI`?W5-N7Z+wULRin=ydEU9_OqqDz&>@2|=@eTH`4`~u_0VJ@C_|wN{~6>w
zc;?CGu)6uO4sqlH^olGM#-w8)n{(k>P?8nh5y^}0<X=SFDZ>0DVv`hbvLBOdj|S@8
z6?^ail+D~Tx#~OPx+LOhM`OdX$e<rjdhzfNU+(?e=evIM2W?un@nj3EhRUlI&|ZjQ
z27?Wz7hC@5!!&#;#8wdx!fZ`R`&>DXBlE=UT~|D|e%|g}Nkwaq+n2>6!xuyp2afdS
z3m;nD=u%bPt!N;pe=7apR*HZ2z~jJ!8dm0a-k-i_-~M1AfS|N2vNuQB&wki{Y<j$2
z@2WNH7B62J3<lwVYzcB2r<PJdz->Nle&oPYQVtK9xT~1Q)eWl=62aiX5X}~hM_lan
z8XFr99XW_cX7=_2--qK_7z2r#2cpZ(77{*wyY}qD>cj1dL`xD9$Gj1f?1u$pB#kv%
zeLl#t4}0d=kDf6zAmdi)$gnRy!jbn+;}aFgN?d;Y&j9lv5X5rAw}JE&tR9&lc8H=0
zCCHABK+fyW`L&xUbU{A<`6m0ZD-3v|VgOesGLC_5gEtKD+&AY)zrU@0XG868FKBz`
z#J*WyBpT0*FG>8PXKf_WFl~#|>-Lnm*v&{fxjI+`lEK=ER)|>yu)6Wb<ShTW3jcs1
zE4hF>x93>HZO^Rx<+}$OofV~J6}g;;f0Z2j{u}yPGai|ZH&&|iAx9gliQzXr4?1N_
z&lN(j`Rs6nLZRkl^3^xrTexItGLiK8y`D@WcgdZO;gfx7_T7DWewsD=i#hWadVPNO
zwP5_6ba5&W7lJGc2w7GN=#;3EMz$guZbk2;ZnAc_qwAe)eU8V6^bcP;zFquGe7OUQ
z(GoXuw{iDKB;wn)Z?3JYr8N<&O3!Y+h726qxl?DXDK&L9Sj5>kXC#yD+qLiCcYxbn
z)VEHxEGG^cEOz7<JbNHf#!q?C0jqUgUCo9~>nbYByLV&1zy#%vox7^4s!Ade<ay%6
z@ulnb9IMN@bL^M2y0>+fM}otKjtuw%>U@A}bLR}!E%t4u5WRtb;C(7m<2$A<?3TNr
zi(_gh#|0f7Q>&a)+d0o~<C@aiIknO?rNTYA%ssipGdb*;9P&)^dnft4lf2&ZJ%MiQ
z7cBg`6i`E<UeO}}qO@!`uYoc?CJ-$-hs)y~)y~<wB+(_3`_bsiZ=BW56D&R2(DcH_
z=<h~^zH?SPcOv%Emc-@V0#zmcH2X3EBNQd&Z=NrsSm$F2a}(S?@kIRL*1ALWDL30w
z;bw|kD1AIHyZdOvlV2QKx<4H$t7IEPEaPaUg7t?lCz(WMXt(f1Lt3Y@%Fp|GBy1U3
z`V<wCF1+ZPc^``g^2frrb=%hFSTpO3!{POKu@%_5eFr9gO>J#6_Bj5s>R4+3o;|DA
ztzWcs`Jp4nBau=pj+hdd`N>qWV~36d`u0O_m_v))NCv|+VWA`f6+q}oLxUicgh0SM
z^Rq?kR&RDX&t2opC9}2lH(Xiu_^$`oHClZil?^C_79y-!qYnH^$pbf<nwpc#RxH`F
zZA&~EpEQ2bh@ofsd_FYAnw#g$pR;`Rmu018BL)u}J#tKGX&Iic$<P`_Bw>JN$aLe!
zJQ`H|8<2MI+406Zuj9d?b?a7`j(A2me&S?VSt)yb$T{lj>rU1-);F`~3y&)o31rL5
z%D(&U@0XWVWcV+la;NNIo-ta`U=kTH*A@i%!<FUACUcpT=1c&hstW3iRW$5Q;dEtv
zUgK@)jHU_bGGhv;;7>HDzH{zOlKr-%%bRt1+%9KLZOx_c9_v&d`Ptc}e_2{{vN<{9
zst#q566~%N3&l@9gk749Wk{wlEKOWaXC{@r;oZHf4#xs6{`|-mJH9MtGEGf!3^KM-
zcqC@qDE4+7P8feoVmm8-@)}duPign~w+BR%I15ZC@|Qa$AouPRdZGh+s%xl!=fiiZ
zYpd}*$C5+}Skg1>8!Hm=I5Gx@bt}Ujl7fLCmO`wfL<F-b);wn9*;ik2b(+1OOOO7A
zL7DRtrw9aH)dpaKhEiG<{PEBK^3t<!yPaLIL(E`@IJAGsC1+@d$WTl=9J<vIfN3xo
z?AE1whpG-ey7m|}U`QYk!azG+ZlBNJv3<ujty_;BIcD&{Ap!R5%<T8Z6-#rRVvpdI
z#!CaW&R-3UPG=&K*u7_GDwT>xn;N4{P0h_7w<p#dt8Zv*Xl%@8a-o2)Rm59f;wcS#
zFte-LwI4QkIKNf0Jb6&PTRqI%3t3r!%-9gR+zz+T>0!mij}CrRidQaPr^oB`d6~ef
z?2QcWMgg43+31H+Qz-_PXOKKmIFflRR}Pn@%bRnux5%LhdYoN7jqh)1dVXz#JCk~F
zT)2Pxij?%>N!S*(8ZwGyGS;v*K?@7!bUCui_ca`>OGex|KbAkIT3n8Z&lC1~{4OVC
zlz?(Xlhf~Z1l;ULNnWSp!l9L8`&QBpQRGjZGVKoUvUN{e0!;gKI=yG#p2ld@&96uL
zOE50C3l}Vwzd$hL^ZNt1j6>mIDCorm0}Ukh%fpO`v(&d&pI$wBV$n2B$uw1HNGSw>
zm{et*mzr=N5i&tku|u5k+2ZxsA-cw|&Sew1x`rFSS@qbjhv;^QFd(Paux?jd3OUg?
zQkEDR+y==wzXxPD9_*ypAGhNpsksg<P^bq*Kn$EDkzc9Kkxr*-Yir{1IDbfF`zHVg
z-VZ&{o016jxMf)GNyFXce^zJ$eLw-r1|7&bu_-Zv2nvl|0%W5wG!+5ar`&u>&&zt}
zMumXXq9L(Lvgye2>gs5!ZCS8=n^swOK<3b0xj=S|u5nu&tWD&WT(%+FRMQw!W{jE-
zze{SMBuV#A6}S-El!t<$5L;wa$V<EqbW-Se`k)2z#ED}K_4RNn+(KZxLbRpRcmP5R
z9--I|LUB2(f$@qwp{Z(DRZ>!>Xw5(glK_wm2t6P-kzQ^k7&QR<69PYf@a1RTb~?{l
z$^Q&#!wpweJ^q`a_0obUJOaWsRV5e{IuvL(X%?~cVBA9CG-wgo93l-RC913W8FzDR
zqVh)>R>>Qf0uxF7FD(_Q+vRQP&n8eFYT|n6A_|U1Z<3Z?1w&GuUYZ1LaC-mIkOLH2
zwK;>0GW(H!7I#;8!fE1G8nRt##+9i6Z24x5c*bWL+JN;!0Xd*5WVEnfWmc!re{Lz%
z`q8e^9PC<PKL)@K2H9c%=yqcxquIy61}YK&>cVLPu7n?&IU0>23jZTh55D~DTl7(8
z5ZL@6NdOwMq$WB7LLj=C{?s92$(b<d>&4&<WQ4F(2+A2(9UB9%wT+$if?)SaJUGxJ
zgJP^Yl#l-bSPd=H=X<V82z3)XQkiE?S`#B9Oq?@ot`iL;h*(_ETPa{SDJ+4moXdlU
z4u0L@f1V6mlk6Cah#GYfu;AOeVav1&Px{uy>B*`EGWJ`f;YaqMYSINQ#8{mv$g$YO
zHv$vg<Hh4Lwy$_{_W9T!s#lsg$cC+0(peBN?Tb*#0?9%n`=N2sdDepF0{&yErisC)
z2sO$udXY5xHB<<K1HtH_Nazh&-6TV6nD^+^AUa~mLKy@tS`e46H8Up`IK4jU0>K%I
zP(lzgi$iTh(m-D~!h|7I1+3+jiUU<iBWFvXMuV9iY)w>FHw{zx0c4re3ivd@)`Yy9
zv@2GWp%vt2A(Oy6r8trUXuHEeZF$BS0s`?w7(_|}vTOuP9z}wv81n~&(kK)JdB!b~
zzY=(bT;$kWu*inXTv?=RnW?kVdte)RMKnQ<eKk`g;wdTdU^`8@PyuLb&2D`h!65sp
zMBY*m<lxLe7m~SV|B;Wcq|_G(=D%$jL+kZ=k*6}?IBL%{ZieA7y<M2svpXaQ1)}o-
zSz~$HfVW_f4I}&Xa=_{FFu~_TFPy=U(nV-I{Kq69(^HH{0{s9Jt!xGxpc^7UXh08z
zUDy^dGia&7#0Npd%NOJv3b{*4-5#%74i0@FNN+9^RS%H;KK7=SHf24N(E{F*Ql$XA
zj|i*~2#n_U1p+>;Hvw*90i5DU#LwQ~<7XF}rclVQv>5>ZKA)eb!K%736ICD>43v}v
z@RR{2{;`tF1_FVS(jXOV%;1WxI=P(B3(@M2JDx6Nr@<f#&3~KLi+!O@#88-h$FowA
zpdI);bdFFZO<r#qN(CPzu_W=c!D_<J?d<d&_Gd`riJ=2ZE;+Z#{*O$dP0dxIiPRxb
zAqWA$<t5fJEg^>~o=&G{&ziYm-TJoe+J{2y8;l8<?zko~npiPWWxw{gYDKFyZSkZ@
z1Y5}Q&j2*t;qyBf@-APtbm`*7(P*@N`;N3z^!wf0wr*atYGvR4eKKj@6Q)+I@rYbs
zS37gY^xl2?qj#i)0A$&%N!4&cJ`K{a%aRV34FIBLGucfWH&#}*^7&o6cJ9e#9c3kf
z!-tP<+p=xd%9XwP^aIQ5b?n)-xB6sFySA0|%|RlkfZsXulNrvOvu!)2iL3KR8A5}u
zdA-gL-+M0-E-f!FRZgyK09olCO-?<y2iKy73%^|YWgr-C)vBC6Dg%8Y5nsDzRhza|
zrWX~wc|Fce8#ZLJ*|M^T`T-l07(SnC?dsLb7BAVoYtNe1Yl5K=kD|{f7<7NRY}wA8
z+xztCk*1TIhgs?>kY230dCjU-ZQ8VB&ya3seSO`Q%^TZQwdZDfTRc{7-?lj#ZLDln
znNzO^8Z&w1e16~RRV!9}xx7o)?q2@4!Emwo{hrmURxVw#c<=5#h*(=wjc!y{l;hd-
z*s-IB4<BsPrnT^?gY5j&z^{wIvZafcE?$&OCF^QyS1eyTaA5y*TL0cCoAcT1habGt
zp+je^;6*Oelp#?eQxP%~wC@$_k;^fHwwW!DxN-yDnX?wHU$u$v5V;xyXX&VDz?bM5
zyisBQRjr&ZhA)#z{OOOsT)k@f)~%cN@863XKDLUH5>IKVXYZb!FFf~HmnzS!neQ)L
zFsH065Q{a#7Ojzpx3rXf@XhT3(@RwhaVW%O+?k3T-%|qu`2+61{pJ1_o_zvy?91g#
z5Dp1PN|1(Y&+Z+I7tIX>TqPymaK!8PW5cMtX%Z=MH8$4Ip7k-Dl$2m!%t|(!dGgU|
zSgmkxz$Pdhc7ui>;gAd7uoln>J8fVa=z8p*f8MfbeMPzRC*QmAjn|%USMGe_*~jL5
zHhuY$`K6_fvNG&k*muGEyct|n@4fv>MTOJncScH_B_$YJ$AY=DPM$ah^GJkc1&85?
ztAr<s03{LDLH=hQm=diX4+Lj<xpV#(vyL4*jFnNDAM(i|naw^f7!VG-o_hSBNao;y
z-CH+r;1S*72nzeqek>M)F|V?R41a(<XFv#t*c9@3+=)aYol0SYiD?5ppBwPWPEA=E
zn<|Kl<uuyVux{PT2k!sxLkIU`y?|{=#ODvNufh+7eUXT-wA6=FwtoGpl`EF0+fstA
zKPJFNskWx(%CAjYwqyZj1>!#YuZMsB(>r`V`1FUvfzr|d<}$W>IAZjWUW)zY&LnoX
zk&*xk_I4hx7n?zl*+tKO8^phS>7pke|NEEA7eDgQgV^aOlS#B-;cJREZdkwOzCZrg
zi4#Y6Y~T9#Y4>@2*!lXOe(K>B%a_2=G+pT$Eez8MiR%L6`S-uv_rh~e9y@kq{n}MK
zcWhm>;EP}gBOeThgE)f4I)dG6NdWv=pMD&V$4X26kQFbsps_Ym<;+D#h%AY$MjCLa
zFj=gjyxr~Wd^`K(dn_?@V9BNDwzvNrBDp9CD_TAY9v!E@zP|pc$NqlLAOCvm4VRTx
zwy!=}_vk}^oB8oa-Fx(V<JA}5dFv(6-g@KprHkkF=-Im|+Eh`|`t?^{oHg^4=^uSC
zdhGaAB7XlLe>ZRL=PSNkF?h)E#fug^`S?RMwKc<r4K?1B&IpisIP9A>^V50rK6~M%
z*Up_V_Uut(>+2gIedzD+z5P~I`)=uU2D4$x)QSIk;^`Nkf7<DCV;56d*&3JSyKlYK
zy+@z5YrdRv{zWf7|J<uDy?}?CJ$rWkW7;3FWf(i|+-IJ8;?<X4JbduTxN#$2dhzAA
z-*`Qf$@J^rOZhry0rT-S*9w%DI(O{YQ&WAiYqtUKz4K})965K&MQ^?S+9hARdhM#^
zt5&S}<in50o-^UV{sYly{p&CP`_oU}@7}$q+Y|Wf1NSdov}D9tqc?8YxNYl(58nH*
z`eehna|X}*V#&jQ`^(%pbNUY)j=BECqYuMdS$P}3&;PF{9$hqlLGL~T9)IMYAAj&M
zHYO7%U(~j3TWqY9$)|zcl=J&t5C47Ig_m6MtDk+h&!E1uKAHdFd+#7nLw!@<egijd
zSlhj4pO;^FcJaamufF(vw{E?$7kllcf6tiy(cI7Hj5}xi#*ORRwypa7v)P}`oca2z
zFScsccEErx@4WrqGfzIYY{}B5rlx^|`o?0}L4$hr?lWZfuI&#!^x%=Bb@%__UU=x(
zxm)j^?LV9K`NRL1wqV{DBhMbQXZK#LJLAq77ms6;Y?n3zwL96z^)c*Nxtg1sF1qBB
zBS&hUd-~D#9XfsUs;l3B_r0f{cnG_^5hF*x_R8}eJ9c(^+^@g-3T~4)L6OqX-={q|
z<C72ZND*sp`o~}YykP#^QDeqqAK>$P_U+q?yYJ9pBU`m@wR6YLb!%3R9y_`zniw>w
zU*CR1wr<(@*MCeKJmjo5Uw^qD`#ZOhH(vYqcfS=;Z>0bL<H|`yK~(=!uQz}j3D2wm
z3d|=1BH`etGe4O(clPryy?*X_<3^1+YwMOBCr%u@;QXnNJ@V+Que`8p*Uod!8IO(X
zgMa$N#~*#rr_X@x+qaB6XTmd2KT%O$*{)sNOeUY0ah{Ndl)5HSRjl~PW2NJIIt~0q
z;?X)NfTeuKtcB}WZ{%M?#_rGj>yJ(wx<m!A`PAJ5P|Kt<ZQHiG>*v4z#a*{Q@Yly8
zVaMZ-OslW2ZClmhFMt01*l`nvj~sKwmERaPV${?NF6-94|BUJH;qLd=8~>g-c`9bi
z#~;4);tNmViRl|xUNdXv2Pcjnef-gB6DM6TZrpjvB>SwQ66v&|bA;#0l`EGb5FS&i
ztCP*mS#)H;pkZCR^?3B5X>5N~Qu@}LAFNsP<()tLVb5NDus_1a5PO+L3%@`sZicB;
zrd?IXv(6s($UpzoxpTK+BhJ3z=I^}n(zCmEZU4p3f4F?v!r8Ou&i#Bwd3nW{aibCm
zvlG+ulNFCUMvXal|Gqto7cIQ#(knxu&=;RCDlIMR-KQTGg7YuB2pjNOGiL1EzGds?
zZ4)M6FmC+BAwx&r``>qW?baO|;b)(ECc}S=;CtWy?k69;{o#8v{{8G@H-G!KzWoP1
z{I@^ma&A0y4;(b~sYj<BK70U+>DAYN^YvGs&1N#!-}tTOrY4pzA4lzAvdO225@b~(
znfu)z9{A|}H-7MwUp6<!Hf~t8X7!ghfBV+A-}pDup7+J4xor0BH(u(}t;Z#oU-iTz
z({^m%GGqF?H{bfLbSnAAYp<+cx$O9{BXd6cIGs*TJ^#{|UU+Kln$6g6{_w|l*45T5
zT{O=hU~kMcH#-{Y>u?_TA8Nes55GG9!b>l@<m>RZYUR4;pLyht@7>wCYxjr#{&$}b
zyWAomcZ<u|2aO$f9(DkmHtm@E`K&>MhxO>ud%^q#AH4VaPw)OQE{@k<dA_c$cEy)V
z01!d%zOck&H;tVgp3R?p?BQfGQBhI(=szEP>4ks6*|%=Ig(X10#*)dLtUmto%g^@d
z(`Vn_-KAyaIrhmGXLEA~_t#V^S$#6$^E-x*I2#*7?AJPU>fE&}`w}UhR$+)96xC&i
z!{c?VTDfe(r1O0~To;&4Y|j`eDS6}dceZTV@Qa_{g|6Wl`LT!p+N)QeTW<ZXKM+7i
zu)W3OQJ=njaZxCacxVw+mxes90y++RELQAgmVpQ8+~IM7t%gj(Q8b<wL@WXLR+PH7
zoFfs>UVq)?uf6@@)-9W#fA$qzc)0teQ}NMb#^DaxrcJx99XsNp?b5YJ>(-S%pFfpO
z4I4h{{0qlpxx@;1{P>X@Zn|UY#F4mky*~dh|Lb>i=FC{TW`);_hnh3f9RQAyI2ATb
zIY+BjtuX~dK1V3%D=T*$Jh*Sk;<-p3O9p^>zjpPCtFF0e{HP&AhV_Dna5xeSg@VBl
zWb7ACo;<#G^_P2gZ+E%efj|f|zHk37+qQ1H>e`!!3>q+b>c#8VuIb#RJFf7O(hBLW
zslvQx1^SyvI0g?HfsMw@kKdU*^|Gp}jxRm;Sl|AG(XIXihMqrZ^r+G2HZ;_;Pe_D9
zWo4C}I(PF0$`2mc*HB;Ip=0OXeS2VayZr0djv77~em?(vHdeqX<40b9!?)v!_|`2O
zmM>X&;K1HYHiJuH{CSf{4(_{m_s(mszwNxy!}|{$l1#)637RBKDtVg3<JsY7^?UP!
zciL5Tdf?B~BBiAlU;2%S=bY8CQ<uiZ1`I5w1nxSQUVg>pS6qk@#+Ky#3ojovY|urQ
zegnyeLSbB&ty;H*6_$9+rIjmI;#M?j_>fC3zcLUEvfUD*^1zsT2lgL=&#SJw@XD(%
z!YP|O_lrS;ho3igIJ$}XhAp0YV>d}Y54i&zU^|^IB=+*ZpThI(rI&vb3)ZHM>qn10
zcjVAP*M93(+zT(f=xZC+uU@if-bI&u!{_(IX#2J;xC3F53>-Z4=G(ptKQli02pb8H
z*K_j3N$dvx{qp-CPM`D8KmUrg=4)U7Ml8m@=tRye)|{I(<sv-k&zkk|x#vwOdNI_%
zrmJ#Caa~m6y4bgeT^AudBQvGj<=(ty)7QR!&EP@(FaO$A3+8{(+!Ve2jyuPnH@r)i
zu6y?GTC{NP_kQ?OY<cB<t8V;|fKt?z1hRY@w0!XqQ)N-Zi$arlN*j|@frGyrUECI0
zg5;nGX!eGxj3nJ2XEfUQ^wV!_+_2i~#fW4E4jL8-mrR~|5w56`(h|&%&D(ckWn8@Q
z^Fs#@B~uC96)`EX*=cBO@OZsd?K?j4*tA#Pn6Y`&I^0XWUhnYXqwwef|3$tlQ6$8m
z!D&-d_R6cT+q7}*gMWQ|@#2MZznDAy<M-mR7;gJm3oy}}qS3QPjd}Us|9a=cSu2-s
zC@-&k=Pf+{zIf#DA?y(GT(ETUe5@dN1WP58=*5W>$3OpU5gwXeeD3j2Kl|c~IWxzf
zdoCWbu&uzE(RD*pE#f=~3icFj+WPQBws_$eLx%P4*{k2jAG~?isB_}6cvDj}p2d*X
zV;hB)3s0S)aA^6``86l^<FT|`_udmGT`+p=IW@J_ufFuJ*Wa6t(Z2D<n|Ey8{My^o
zv8l%<5$pSr!v}_s7>#jAr_$IGVoG)G*7IMF|Lv_0K3z0_4rV;1&L^iBPCew_fq|3g
zaXa3A{o^k_Tjclqv)NQ4p1^Z%Jm<j7!6k&ueIDQ8LkC`a@%cyo@t8jl#O`D6oS7ef
zG7IBBX54rz@wiFhykLipBesEqhYnq`Xzs@|K6~fQmk>on#PqALtL@gKOFEr;{PBPP
z>xma}1HSz7%dvjF`Q9f_J^qjW0|vX@o>;8OWM+xpm~{?(+$oPAKYGE1Q<g1V;BvdL
zf*(D4`0TSs<Dp^tr?c?{-LK!k(W3`pSzNnz)!5O4s;f`nk{vu`Sb16b#EDbKkDpXq
zQ**&Zm(KZY#_nCaaKHBlF&f#o-+E=$$|aaZH8m$!uU^i6Q<%?tG+}%YI+08b88-Cz
zv7-y;e?DR2l;-9ZeKk~J$Q^BNN`3R{>o;#)`<K5ywq((QPo~dFBoavD?6XI`{_69e
z&6)ebdvARGif@L(;eY(?FK@r~3AVtUI(50>#&7@pt~+aLj(ffOKgvwb(H$CZCa5E?
zzAA#6Mt<mX^vexugWyY)Jm6MU=iJVY-_GUIxDgK?SbFJs9pWhi{VM=s;4uM@k2rG+
z=FM5Zc3tm2{ja_L<^cnTtzWxx-MZCXy7nG6Y)DN_ZEbDrlFP2#ym@_Pt2W(w^z7QD
z2X5d!di23c(YkfptFFFw%cf1(Bb+>bY|`Y5mn~g%@ZjD%zIRufHf`khBhD0PSmC*>
ztaQxSNnb8sykpyzvhp^#;qThH4U66AaT9v<>>ZAjTzv6GjZLu?%a&m^!Nb?`WeZA5
z%FjJ-a<?A6JRbMd^Dn{Wfxe9!KY8e|k!9r->(;Ee^*i5diZ(4;yzJsjzCLlvxmZ|w
z_Uez#n)%&|QpulZ0li97&pFG=+Vtx`Wbm*d;Yek>cJ0rbbRizUuodc#A<a0e+IMPK
z)dBbUk!PQ^Z_i$Tu;lV9uA4RUgF^@R_a8X2s;UFFIUCk(xZ&12$DK2xQ`i2Vefmix
zQu6IPe%PaDzk~bt;sO|R&V*il`r{tZu}jZ^L(bZ|dE@cp)f1;&)NjC$P!N5gn>T|=
z?plDr7DTUe?dp|ZE?bN{#~t7Mk=GkQhOOIH<+83`z55|hr!L)=EtwZ7DaB&<)1UwP
z7*?7?2O1h1vF*L;>Z@b%WVi0U%F4=d#GTdcc1@Z*xkJZpYgVsxI@tDn!o&&u4MD6w
zIcz5f4IVmV*x3u`&xtlR-1&o_b??!oW2auTW`5GDb?ZCs{9ZbfYuBy=_RIQrsHrpN
zmk!gyc_b3)-@kvi?)}D&Jr9G1k(_e=1(mJZe)j3CK7IP%aMNwr{e*&LgNF?7)2nA9
zk;4P-`4?QceA!a${`&PFjHik(=FGbM>sR5<gk=to8v_OoSulUjo?UFh_v=6C%jL_?
z9yQj*{va%(<-(zGpS}Yic)hOD(#pYuhYuM#G?`3MPNxH_6Ne|?^0KnAV<&vMe94aO
zTUxbh+qd5U^z@QTE@^6xFIcc>%G8T4y5!;k1Bb6%vGnkvgCj<cLXuZrbv-sWnM|%r
z*De|DsLFwCXA58bR0bdJeAVRcWl*9T@Ox)`%HBhCI?rC{$fk0&bvIty`SE+sV!z95
zeqMDbiev|#IA(lFshh3PSw~|d`x^^vs^D%D!y{h0yxfyaLdcbtI`OdL@vukiK+qL!
zO!))eV9>E(-qNO~#yxv>Zd$+gum5~36!JM;j(E(0X9v@PIDL@UEdNMam^}eIFvpU~
z9MaBY*!LDAVdNQ$rAkV?ZV1gx87bx8f0%JJH)Hj2#bc~TZ~|pCnhA&99<QUJfjM!z
z9jPRg*^-DW7H40XXg(L9l+L;Y%Wi{?$AnPO>Ge74>vA5Cv$WJvSI1@pMiLPN0rt4S
zo=Ti-%*!jBNFK{^IKq_JaCp7wHT#(?cIfCxDCi0V*-%6qSlANYNAS_=_c4dK6q%BL
z1#VLld&{`xCk0nD`&<Eb56Hi<k&P{YyG2RFlSr`4Po9k4^@E%L^}^egm2M>P&YSPA
zU9<9$fBdO7=BRH-g+pGP9iPvcNMv)_Y)Ogd$dQ`G3%+Pu)#}+NpSbDPJ10+_+SJ7M
zO?Wa5h1`veNu1dbKeJ6uxkNG<4*C57Ha{C0QeL0e<wW#2--k({bHS#x4ornUcs%R}
z+>MQ~a3qLxno6ZYVSltS9tj70J_qjIh>QJQBoc&U&?4a=`|aO!rlgd;YuVJyzAYvg
zaHP^0*cf-5!*)0rWNF0XIk(%1$<|QMoA~E9LLomf+2R-ux!jJ%2KL=tMEEMe1|XNi
z!+to#ehQBZA(={J-`CU>D=iITV&j25+8D!QTqNSbxJ3C-$Kr`_*q=ybl8Ho%(xZur
z)t_wSGav+pykr8h0?NxmKm6IBUU}vXr|YZ*xm+?=TYuxVUH+pBB7i>GLZqt-Dxbgl
z{O+xrx6b_JJ#50SzV?=iigNzGYyqFA3Cc$Ujfzz$TTLEJZEC9g+A_@q*@S*XMy^QE
z!^EF}rcDXKkBT4Z1$seH)V7da>-gkB5F}YclsOjAIX2j<z$Jty+{FvO7<<k{zt89P
zIQQ<^i{1C=F=LWR_D6oDSj-G71^6Gn_vWF42hJKbcGBdjxOExBsj$);peGh<NEs5u
zm_TDSKJ;#wY;^{4nr_Kl&Rlr2>JFeYu>teO7eNV11QAGfN3Vs}7zJfzp&$M1{#TxP
z6AR*eM=q6R3nF%iXVZeHxK&*8V;;ptC<a9)oA0K?XAcJ0uz15^CPbs`liTWGow*EE
zz%e;hBIuyeDr=kuj9_Z2Dz%Ngrl?Fi10`$5e?>CFL@T<$_Fbn03Mj)=qXi3Ql8q&p
zKk{jGuC22QIN^x5sfqmr9FcrJFLsg5%_;Q{j_Dm>OMz{d$IZ4dv^O-sU}6PxVqtU9
zFUrwM22fS?dADRvM^XJ>fymPck&?)^MG#%Hfa2cRaWXNT;7SuOLMA~hi0p&eY#vDt
zum@!;3lRY!oN;Kv*a0NUPiDh9nM~Ezrt0caxa~`~j-q_F2>H?B&{fYYblDp_1C65O
z=hGq?sPirS4CBP|7b}ZGKu{h~1L4b<Cxyie8CpSVg2-z4ukl7|UQ|8R6)74`v2MZ2
z$^L?IJVvWwo}-A0BG=fEtgTI+?rLZPC4ebJk4T^+u_4Q?LIzY?-Yqm#!I8+8AqznS
z62j>~PD7WHy?<l=qH6>?xpd4|nZRFE5FbjFs6hD1@*)FGd~Ah5&gIBuo$MP1!Q?-#
zCbddYh|p6x<0#Ip$}-!0=^=7IlhEZ@M9Ny6YDPLcs%n&2BdndPb0g<;qL|vZ0J0s8
zfIJQcuS_8b#u2m0Ma~qmbgLu1#z+pKC$<=;W<@Zu)uxoMf=X=BDl}Tq)y=jjib4yr
z5^d%rYlw)l6H^ouLT-XA3c=Vrqeeh>1&H?+`BKPMDgLVR$PvwTlC=;z;Z_yc*eW8x
zMOU^tolRvO8Kp^fNV2TaXZlq_+gS!paLY_iCq>a$O{W35fr>r!NmwSOddly8Bo()l
zV;S8jtujdkbl~TAkeZWk4%0McCFMg$Kse-ql)}{oLn%(U3Gvx{CXm2f@ma1mC^V|@
zK#CJBRE}scFwCG@*?`)KsL*AV35*S-;k{P6K%gp-#gQ`^OFngZNrliDn~I0M?dgY*
zJ4+D#6-`Fx{M7UR{MV3aVPq>J6#>;!zIPII3Yu&*t$0--up|4Qb9EgNDrxNjA(P7J
zjLji@oGBnNGoRE)S*;;b#T=Fmg#bhNrO0&DfTEjt7e*ZBghCJ$)m;5~i>X5uHcffZ
znqo~AEyU6h<=lxNYh*xA^Nb662#pXhJ1I4Sh)X$WJ?Q<(R;nR%5{+Ew?Tjdj#Gr;z
zK~@E9rS#0Ha(H5@e5R)H{EDFOP|=`H*_g|n(m`&52OB1UCma6C_6zxm!fi|wAdak;
zjPjGs#@2P=Pr82nzq(HNRhM38l_nFsr7+YjywU3^K&<LTdjpXfVNlLU0vZ@S^5NG?
zwqf%p?sR~YM^W<O?Lj1oswBxTDac66CT%no8BVm4iDZ~JC8f>}(EwFo?ZgxiF4!RE
z?emgMmSl`oo}<8^FhCQ-4n)+@3mEG91;9Y36fU4tW%OGqib92KDE!Du8(7f_^uYo~
zZ$>{NLsQ62G82Nq6>AhzS8g>KBNZANt1&JGB0mIK<|gdmI$WEJx!h$vLKU5ZS+n2l
zk<HXt{HSd>GqCoF7T)+(M708SR*h@}q7Yppwg4iGh)N(qG?{u<$Z{LMsz@VyFa;51
zYXE#vsA_~TF`b-bV)RUNRH;Z%RJ>6Qr)Qd&8Fgf2nlS@48?0J@7TAhNA|0ausB&H>
zw*qh?G{Pqx3!+F`K_CHLR)CyXF#y>nAJ&?mOn7CpSP39mDmx(?M+*2Gj*6^@K@UaF
zb?{_v@3GwOL%EuUtm)Uvfn*mK0jZo8RC`3Sb;VNFes=G)L#v=(>iepzT14Y%70N{K
zN(X5k=&7QkrsoHG4WE`mbrUZ)nYsla2$^84TBU>*k+`su$xsSChqCk4ftjeM76)21
zO_>1q$yuyukUxR?7QlpG0C@|N@^veSoQ*u4hN@B@<tbopZZ#lZ9YjQ{(58B0@-nPk
zDFfo9{l3PBsL=V%pJi*%b%26!_7P>c9BF4V>8x*bG$kA^v!7<s-I~&12P@cwEehP2
zJXrfN1~KDeK&@R^f!0@cw6molHp24S6)4D%-iJUD11?8253RiB!ThLNT~u;Tklm6@
zt+EL<38t<UEux8lR%nQ$YXam8UWPJr^9O~dyhu<z8(P%quT4)N@3SxjH*Zm_t%xoR
zps^Ya8I*o8u;}0!gU)}kJ=a3+vh2a$8?1C^mQ{qp-dF`Zi1ic>?T3p;l#z1<9FCyF
z5pc3UTBEqpdm$Y=%JWU@NP>L|rvyXZ`BVkKQ6no`$TI=vQgny}9CiLtHAzT^LP;^V
z()fxf5M-s02?d<0pzO$}&O~;ugFRDR!&Jplt^z^;_(V6kC%}bvCD6q*f=zd=XT^ij
zIR|T3#1?@Wk*%dUMU;<#%$8GvELQ<k>H4Q5fjBy*fL%6c2s;0AJ_SP;w6*FNf&D01
z5gDJEkQuMo?p26~7v_N~1!Ad%WPo3wIhQ-*K=EdC@}H|vC86P57K4$fkVeP~C<{v6
zJ|h!I2Eq@A2q#0ZF;cX>(-I_aEe33<FpyhRgnylDrK;1O0<_P8vOifb!zQMYY-Nrk
z3bj%cDg<K)zKF4zCpUpFJJCY3gb9clr@AuON#Gobphi+{O=0KI1faLX0$dSVO-IQ`
zmy&gcFwul8Cccd~8OAgULgou|p)BYP1grcD+5&VHYoK1*N|WX2U^PRV`7|@a)D4{o
zS2pFy@#5fLBfvevFZ0esZ46UK1d}Ekwk4!!5DgwkA*UpR^rF>@W(Vo6po3^IXJ~?1
zI<bLabs#8eq13k80W^_^&WdE2KtNTdnSm{Zilp@qkhxHDg2GZ>1kfPWc}>$!5P8ys
zB!<EhZ6<aA<11n@(9o&U5_1loCxgyXRMpX73ac&?EE_oNTLqLz)}U+wAqc+E5Q>Zl
z$cD0&Z8EG;{{0h$$ttXh)sQI_tr2;Pg5WOopq%-dn{zcb<f4s^#s>BUqNI|$1X*V<
zw+awP9}H9~ErZs;(%kR}%9(-=K~Jy;u?yabq!0uH6^SWcP6xs*ZHtub_z|)(4O8ei
zWJOB32@XX#AppeT;n=L8IVn64xL&c6^#EBB@>bl797VM@0S_nKGY?#&BHtoFD!o<@
znUd#{HeWYIJ~{^(<a;OCQ??`skOl)FD`lBr)Yza!WEmn=ArMY89|744vW*i=3AXAf
zHJ*?*C%U4{JTP7X=c+TUOT|hU(u(Yg);ppNx#mXpty8jBnJR;v%1x%UGYPW*T!(|y
zCUy5zQqtI1I*`W{GKxaYH_+NqJTzPpSeJpQiionAeK^qyfeOh0rAiKQ6oslPCvQPb
zR5wE96HQ@h$kI}%ay0EaP-vM!2{7pG3b@JxEHy<ATIUPfYK$zP^KHtfNT%@wzi>7Z
zT15UTV4nb5jRabKIGB*%hZw1htgM&<D$$H>fbcB<jpR&5&Q(#F^ZT;7Y%Zt%-m_H@
z;YA!tAU??g8Ye{6G3=mHg$Wm^W|bb(gCX5#PUUCKEx}jeUDrEQxkjg!`<Oox^i&Sj
z4}&gkqXz(0zKdanG<cCYkabmp8bw6oO{noXo!4@OB3XhFOi0|D1bw|IFe9E*3n2_d
zmrch(2f6n~j__H0HdcX70dOU}$#U_qH!=0ee?1x9Wj)TH1RYg-0Sg)*$^6VTLf0Ty
zMFct>%#rGt^sb&go&5&5`}B8|m9y{i6b%C8LMUxoN#HRUgg_vU`f@6OH?kIP<q+Zq
zB1a&(WijQXEszhYyna=X{Ik=B0u3Dj`6!^P3J5*<DFn?kortJ2gpxFLWE^(u&(Cls
zs4Icw5DKP~LujFy?iyNN4Jdw!h2Sb<X#!(P&`^<Wh(>w=qengz`OyH#&*|fgI3egd
zC2(pXin9VsA+pht?z);B_{`Ccuwtl7RR__kusNV4y{e@5+^C%$$+>F}`$%@q?PY&>
zS99uAt`)3WDX<)#zywm!v8CWvxKL!bkWp;&RMts476of6g(KJmHE*)bl7YLH{R;~c
z__Sdnad4zMwHjg63+I3=OI&l8f@~EU8m^RPG_3@Dmhl=ZyipiQQXWKPAWy;{gT}zj
z+8!*$ynj=mO+*xeYy%~8W9CKh4UPG#(Mkq6C&32xtu2L!XrG%7R%BytGLt_kD+*<`
zp};g-3P53)c3-FDE)}4OS|ufk%3WVN=3Kk?JGbs~Y}l4NUgL19e}J3Jz)<Z?KweBC
ztiUm+*%&J@Glha*U~&Upf|@)Hrf9Y4NHHLP!jBxm;8}jJLxQ<hg6drk0ht5>2}C5C
z05u6R843tl(6oTU=u&~PL9W7*dt)s2<0P&`O=m(JQY#z|S!N#ii$=*E$=8uuiUt|8
z;6+)1gal9oo2oL58W|!UWE+}*(Hn)fvK5IH3E@X}NU~8QpsVU&-ztNcH1@bQ<dXnV
z=SQJ&nV`}oGc(9vbSS9sqeNGf^eWo(l8ER^$DQ$JS7W`asfqoj3PCgrp+&H<%I5-7
zVejS)IH3j-Oy4UMf#@PNcXTF@_nhxrOT($pr~Jj<R$OLs;d<qWLK=VsQ6)%K*~kQ@
z4MGDyiYsZ3Gg15CLozY)CMqQVil`xwF7HsHw+O}AiS$4>TIe!2g}e?@k^PWHhEAi4
zYs}%)06!E(IHamBnU<nO>G5rX^rIB6VNb2rUeuhGA+?9GFVK*g(VWOQQUTONa;{v8
z{Ye!^JeMu{Z@b%MCz?nw`qOKQi<k%a+@x?IRi#=m7-<A6JwY}{p@<@ZJnX&L0^ZpC
zP-?8I>lbOL=-y7IiX5DC@*25G0@-O?$&ee29`YJ7$E~NWc-RN>QXWialB9-bW@iV^
zXO~h7tc)>qS;<wwRKsYjse+<2$ul?vO~7OvP8;OY#<MOfdx(Tv=#c5yBquZDkVy_n
zsZv@nCS(Xcit2=bS2oAU6)HxbG)rC1bk@O2&XNDa`FW`BG%)%S5KSVm4$xB}S$eU8
zS+j7#!K0YmY$Of6foci+RzMISP-J~t7HQ^DTnu6vok1gtN>n@&85Kbw2v-V^fvl)V
z(AEgTn{Y@_G-M){8}*f1Wq*8H=bZ>a1>=%Z(<HmlR*FDN`FbD|L!JV{x#+wGqA$XO
zwW~bxPL<a)21JKXDwLHmpJFl;AhLa)28RZ^mVp{6<Rc*TMM98yJnFO(+RCS3&=Ct_
z8pV-Hvp=J$1sE;LrWjCoy=PsHdRVr}4dUJ-An&=1t;K^ziqIk_vY|bgTdixV$sXi!
zV}I}=uQMSNs9C)e8{1WAL+8OQ^k#}DTIdvzq;rF+C<0n<N=>WeP;Ag*(r5u9pL%z7
zshZJPpLx&8JF5vADzb@S0OZ-|(5L}SmBqs}3Y8W?&R+-Fm62f3Fol>bZ0xwqoNz}t
zKp_esjc`$rsj3qbb0dv3YIm5z<<4YK9GSFJd=OEEeYZ~^@Tr90-fdSb^EQ!Hk?9GV
zU8qw-!3+w9q(M+U34ahs77iegtTKs0b4WRAOCI_xEQuVP%?>sk4&jz4sG_Kus4o&Y
zU(pd6Q0l~H6-7}56az)HhMHI&q@h9(f&e<g`=a*^CN!o2Nh!Ovq3K|%)WMjfsm7=*
z9%M^LV@kraZ3x(DO{E${`I9ez>WV3B-Rc1{Y<N*#Wpl_>B^p3S0jhFN*5%2hz1fV%
zk#+0baOf=0AXwI1VChO*xfXy~Dk8wW8Qf?TY{{h}`eiUM0hts)-l_0ygiVtQ^#=&L
zh-4|0LLfaI*<VoP1+B8VEECfNvPWad!$c(@v|P|nN<bwj9-x%NN_>S-98_izMmma|
zp$^g_$c|t_koh`WR5^zgY7$i{03A;Ox>$hG6=_6hqsgg3Bwr9j%W3{pT^{V(qoE{l
ziK>*X+ODx`Db&y!&jO^h3Xsia9nPT36>D}jM_tjVGimx)85PKW&lLC&<nv=fOT%b8
zCwsF2I5bklM>D$BYshH<*f7{ah)d9hf<_8TM<bC4q!)r6$Ps~LS!03%%>aV(qGw8V
zlO_};Th^#2Sb*$Qa*;+VECz=yf>e|`7eJ=E2qMgRXBD(C1wAZMVkqA8Y35)GxsOI5
zA_WBp1LtIa28E9ye=!AP3b*Q95o6v`z>Hh6SK&f&F2UYAEIqz}BU0&V+_|A~=f>o=
zHSv>2oXY1ASzk!fIsJ-2!Ke?`56;xCg^9xO^Al?$FzttlnD!h7Z3uF!4{Pg%8g1V+
zP#`>;`jeaN0@}4%p|FjbzQV+d!A99WKri=Ikr~@yVFH8WVvINt$TR`v8dhp~$YjBX
z01Xv_?21|e(OM*0%9lauQ8A)O&!#j}hXQ0m9Py!RB@^jwdm3Dwe}%2nwg758tqY1y
zAc9IO0Ix6T^hccjzK=LEsYG4<&9|KO$o-esH>Am!I~AVuK&y$i5L~f%Xyw|{xl7!Q
zQAPFt7_z}Y<M>h0@uMLqDhX^z)#*bcERHROI6DPwTjsiWcAg1|l2KL0w`3$RQZZ4q
zoMJ3EOhe-$H63K3lv_=eMikjff<0Nllm_Kj1d*W)D0wqTnes)jh&~o-S0TGn1&yto
zlH6dQ16oT<!oU3eBQLx)kNuSnK2P&MQ4vmgcXUN*Ws(G4)d;MH6(4=}|LkfA;FeG}
zdqL&<GnKjtlu@)ldG?Uboi)%_YyhGb$u?)ID*b9Gs7z4*TLZ0BS_U3eY)dH&ZB~>m
zi||Msk)&#(*Ar0HX$VjXhk%hIT1k+}#em{c`RbtaZ<-_#_|{MEQ=Us|&}4I+XAaxj
zq!!#2b4-G4D|=Q6dFZM-DBfJ&oV(n`K9HTuvhQ`kQTyHx1<?9JjTPOSL<PHqy`dug
zzm34gt%@W8qer7D#?)-&ivl}0W`+e%kQq)Pz5=oo{W7{jou$OrB&V3+mN08AXrzU@
z{An&fSw=Heg%X05MhBtPWn`M5sRux(H&(3-ziL>;Wh16M7n^jHsg3U?Yp4)e&BWLm
z{D+Qt3z8^9a@Qhn65u$Tb+>hTd;P<aOQmY+ZoX~QBY(c4u3q_5q#_0hfGlfap_b73
zm;Xb;!3X|3=kbti3XLz`IkO&G^jcMOCt40_&?>rolSZw=r~x#ISwSJO7mWv}qw}xs
zC-K0vdq@zFjPgNbb4v0Iz}PEu6w8yKnCMdFTDAts`n=4VImHfUgn~v27>}Y0h-Byp
z=&JURT@?v(ehMfipRW`}jEP0h=vGGyqDm3tKmr>1QM6lvXe4M}RXtG9i4`b;@{+*a
z_r3T0+nZhdr$Ny3qv}--FVs4vI7*bluwM-U*%7;v_$P8Gv>mva9aGbguaKm(GVM%(
zPQr!cMbEUh)P`m}V<266#emWw!{W>-tTA{&*qdl}WB{m4qgWJ-WgtLNz=$z;P=%+X
zi>gSB1RR+qmjP2*Xig0xq7HH<qI?yw%KuDt5Ky-J{Ia#$`g5IGgBesFty5H#@hN7M
zTEcNV;tekLz`~32UI33sIzYHn5|L6tm5wTiLgf@e&V{{*4#+aE85A&7x9I$+B@oPX
zWMbBmS3)4Uh`uqRsW(%|4k7cio=5S1OhLYIEaXQMv?b85ciJjzCD)`EVR(amP_!Bd
z_7;+faTw(yKn8g;4!Nq6Z6Msr{s}q{A`MZ5Qifc$4{Z<GRu|%QAg>vDsGp*Rplg9%
z)hL%K{!2;|$W2C?=nI;PbYcW0z>3qAi`O_#&czOqe_6Ka?4)H;F3N#HBt#H;4yC45
z76$mTTg4nIT`*e|$IY{3KFLBu`G_jXg*w%;P7CLNECWTvvI8Yg$otX7U^ty1HpZ-l
zTE!8;*{9Ulk#trtYqhjM1C_!MJlQ}Di99weRkcu+jzVJu>ETw;L;+-3hDbw(PHD6{
zBalacLg)h7d<6i#d&u8F<RGS*7t~PXb^&YmN|Q>^5QP(HZ9EhMGG`gOT*>HeNBRK!
z?FP2aTdj#&(E2FzL~^>Wa;|>+Pz>N4Rw7XW(ie8f8Fn;no31Z%m0;A^=K#KTggESN
zIJlvPXbf!y8~11ut!(;goKnnFM&8!oMNv?6IV|SHsjP<P0Mn98aS6mDs!#%gBa}iT
zL&pJxMihb&bb#J8Q7BDKto+EZa;SriD_s*+)0u2Kon=SUlFp<vyf8s1`7xym>1-;K
z&4^ZBGTbV~j;vK~f~#yc$N#8+9$cmL2{ILeY4=Y7`KbJNm$5@+A}Q3PC?;U`xZ+JN
zdIs5yM<RtO*ADqCRj}dWTW$Vo2MWfI_CyB3AS-fipRReUsx8KYJw!^y1L0&VN<i<2
zpEU`mlOv!px6hf9A&x!MGAk2xf&9^|V~898SvI0jk_<YIh-GDKsy9^@=$HhVNpdln
zTLF)XiA3DvOnTiZk1ORxar2{G+-a|i7a?%jgQ`anP<-l<1lGz6X-F2u=gH)<iDV)v
zHk{~-eMgEJBBKXrWTmc3+dZed+XD_P)3tRs-Zu8JzkIX4KBY8EL#&3^m;=b4t}(O4
zU4zcQypMzffBiiPMM9f#{*`B?)(w!h`eqzOrzhz;A(~}9l$L$fG-#hTG(TnjolI3E
z{vw%J2C)JRG!eBfl+(mGI@YNn?*x(|SJo=@L}jv~wt-oziO$|h9wIRq7?S*7fSmUk
z$w%}{*TGZiuhSWi$J&&8%ge)x=067~HjammHl#Bi08<pn(?m7)LLNgI+{7Gmlhv@4
zmq&i^gI~S+;tMVw8UL_lWeu`ZGKL0%+DJu(Dr&bLUm4Wi;FSkd^D;n6$Bdxp@=fMm
zxSkaT_6c^<7~yicL<2&b42DLP_hIUd!^DR@3K%GnTI|*g7M)SRTJfLsB+&bYcJD|r
z*tZhEDTc;_D&l_{B1ID9bSW#F++?zVsggi`K(KOHJaXBb+nI|*0#c6uvEp#MJtbiu
zo}76NJz|~aVjf}~bb5l-C=nS)DmuVQ6#nffURTbMB_9362(nC)y^z3<)X4v<fVI3V
z%1v5Ww_u&FaJOp3N;s_kc^4f-Hum5T*A&Svo&;0JWXl)CeANg}U<^UPU|46GcLPZ>
z(L?>2c?)0_l+uSgB3S3v0?5g$U<#9@5s%FerDlMcCxS+;RBVz*6BQk7OwKq&0;ZYR
z!<1jpiIHH`h=H^iXa({m{GW%KHcJAsoHNPtu^5;R9Vule3eANz$H)JS3L6GxS=2#f
zAnZxtWKzqG`I@OW6%t<sHd)zhcG{n&{osxtpe$LqG#F%Sq6w8N;omky9{dwgErtjY
zDe*r1&;!#RytlN>D;$ZeJRWajW5bQtU%GS0)<8fZ&{31Qu(XDeB0j@VJWPj+Aiu3)
zLo0-$x+U}^z{a{K*12d}@)aus>k$8&_&<`B?u-<PSS+?-!v>||a5OeHZry6~t5#<U
z{GQ29uSim<+rrp22vkfV96}%t)3A#T3yw!TGAnul@$zgH6b40BazLTD$iLX^2^2;i
zE|)WvN<H+q`=ZgtR4RG>)fcW>v8trRU0&|4taL{rZY<g^m%FUYUBUN{sD?tUsiM*o
z40*8E4uw4>rJnL~Pg%Lg@Ap6t8OcJ%T2@x(t*G$&{oe9&Cb&J!BpCEnRQf6^d|209
zZg*L^FH*uZp|B6F9xs@_iiq>@p#!^jZ+E+$#4oS#`Mln2&Jhm#TD5{Qw0_;H=H@86
zfR30AjwNU?2?nd;-Izmb&uT5o%?uiAk+}-iivOgCKy|KZ`P$Bm35q9swAB6oDyTaq
z{Sqn+8!w7RRcfkd09r@vTxrMg(4j+TpMCbql`E<G;DZm|amO7bpBgr8+VuSM&np!Z
zu;(g~f-LJGbLglOj1c2S0?|mLn7HuB>|-ChQR?bw7>@u1G6u+<+@ykHDH0$xnL@Z^
zz%zS!Mdg3}?$58i{A@57T(fG0-|Kkr{s*u5##JAEFuk<Y?R2Ie{>LMz{`=YITeosA
zTl(eA-@5U(8*g5-YHgcVo>yLc@tG%|{`p;Z|K(2)?%lKN+c(|%!2J(|L+&p=|LmWC
z`}-g7{lndN{p`U0eLwy2PwxKd&zho*73JQwYu4O&{q;Y)>#nAz`eR2A-+RwJ|9<|t
zo36ip-rTtr<-Uf7`n!Mn)7$U(LG{VwB_(AczhljsHE0FDrlz`8g>TO6*;jqz+NYlQ
zds$h9+g;!{aIC<F!1CGHLfsPZ6^Z*fU1xcFGfzy1|MD4UGJVJf4JJ0`T86yZf}jQx
z;VgMy0eF8-5oF0dC~v9a$P3j3&@&o81=Or)^<)i18wr}D)(%1GjWQ0t4rmE@XzSCb
z&-?Gc54o<cZpo4*ef#!>{K+Su+;!JofBW0tV7_tVMl6(1KmBxlef@p+-FMGD_f%I`
zb88c{Z{L3Q?Ab6>>RKRyd^XZi28{spBoq%F*~ByZ_Cp{4U^Z*z1Ec&Gg+T<CJyIJr
zDZD(GtzwdQV}(3}-iCYS-%tJa-oJG0)a8nAUis@^{&xP{&&HlJ=B^*!yngMb2kyV;
z=_mhr*4bx8N&+iZY`FRQOFDJxQW7b>;hKw%9I0Nqc;2)Je%G#D<)i=n^N+uOOZT2#
z|MI8*Ubt}4o;^G7`{RFwg1%2ae)pOy&u`nV^;@sM_}Z(_9XWdJ&O5FfIB3wWo!fqK
z_xG?wKJ@qdw{F?!bUA<ggPRkH#INqYbIIcQT{?GOwQ^Y`64|lq==bipcEF%PyLWE;
z^{;-ob?eUW+;&yxE?titIfUZz_^1~W)Sk-&XMk-ZP<RBbAUvz%%MWy92Mz4gFt(cJ
zBxq<Qxn-&A*>={{)-wMLEw?b3*uDt^GUM|Xx)qQ%FF+C=P=&;c7%;Meo)u1@Dr1lr
zs|3_m1&Y8!l8m!2RzRKyJPEHRXl`!4=%R~o#2WYMr=N}-IkHEO9!r-l{rA8BebY@h
z9X)#V<(FUHzJ2@WpMQS-`RD)fkAL)fy_rnr4}bWBVsAiYWhG43u3h`&lTRutGqBXO
zX`xDmln{ysOoSDA79gKg99R%tSP(&Cbk&L<RFG1m0u*}{x+)+H=sU#<{B)6lF|Z)I
zT(0Fy7yS8uetr9Qf7-oA+xOmnrG1A^&CQKi_*So8Is4O(pL*`i|M~r|@4Wq6Z@=~0
z@R6e*`RAXXdhW6E@`?rX7va(M!i%rC|Bt^Ld(Ol`gGWsJ^B+f#J#X`-^=_y8>`~|3
z_s9Rf=DJ%tcJBJX{lCBB%4_%U-?L!BB0Qcu9oaT*tLp1(u^(*LuKhjtPW$71|MYo%
z8`f`KxnjxVPriKb?|<{PZ(NI8B|=1_QQ{|)vA5oQZOG7(k3Tx?foYGoZrwJSOyql_
zgIV`!(3BRt@iC5Wu`uz<LmJ)XGqC`_MDr*%Cl<@fv6-IoP+F`E^Pn6k87Ut!Bu7-_
zstj496XYgMT4n-)RaKt)sz^-c>k?bngbaaKiLA7WLI=L~(OryzmPn;y0BFWGWzkbX
z+YT<U&Aa>|d3L%aCV<s55C~j)>7@@p{P2bi8?L?fT5J^X1P#quXPt$|=k@E?yWQ?<
zuDPar_wMV~t&7ECe!qXvph1d#%OSczM^v>L>8tjD6BIHbnLuuZE2YWhcDViQky&DL
zkV2^0QK!;_v=l%M!^k9?+Zd2#pJvbe?cwL%`f%>OzrAbAmLsKQ<()crz3q-4zx?Km
zOD??<cdCu+*F@8f6Ag(rZQA3x_(XkX@1FX)+M0IlJ7m)7NTd{gJYH`kQUU?%E6!*p
zn+b;_RIR9J1p!KIi$kGsE}OmZ;%{OReCl5>({h}|QWtCX`Tah>FPqKn+POWE$!*!R
z9!)C$s^8x`?TM$JFD)%Ubm%}`G`DfXn%bI^9=GyiaWTrpKq1@N6ghYr2!Hu2(Ao_M
z^63L~>FBCv(0f;XT3x)>*(fMTU{FbTl?!QP7^{Mb7a_|6fi${mUXX413p*IblWMF=
zg=BFQ5LLxM^{f}Drc_m>0-SESO3<yL!iwJ;mGzNr9GR`wI-O2q8#rakln+1r5D!V%
z9v(Y(Y}BYx)2B~gv}n<@&ptb5%or?@jg5^U4;(nKTeogs|N7UlsU&kFYHDh*wH!8V
z*!RExeMKdK(h`Fs2ISNrT*-a1@#(~Z=<%^1sxT5ep|YV0(ov(*o|gnf_9C82Vkbkx
zRx75NrBcbGM-E^8wTal}{rc|j-SzX|z5epEH(mRU-~952!BF70zkgubpMN)g)Y%W-
z|G;<d_%=3=<3|s@?831Vr(8T~;@Q~Z!5mJ~DF*V!mcDE@#s6Fk^jPnhkWMu=)?a+l
zl)n82-g?tF?)diApU?RWizaq?#K)T0rcJv$?)=HmetP?57hiVx&;guv#_tdQ72o;x
z)gOO2{pMS53HSq}Mh?O*)$8}`M??pGv+0nWL6A$yF&}REOvq<S2cZGS^fYN<bij3H
zYD*BGnY6$X7qIU7x3aYHsOz8zZ(|}rwlu>b(-FW?2;wMUs<eVJ4SBn#0xT*3H7j;(
zontTbpNbBO#x$P}9Xeoj!(QQ`haS4|#v6S;-_)s7M~@zT`|Y=X@WBTI1`N3Bs;heS
z>V+i|<a_VEch|06Z@&2^_K9R}#E~OM@NoT$U;IL;Yaw#bC1aYK469zz(aNm=(}T(%
znVqiAe{|&1+1k1rzkSZ*f4R1<-tJFLF=)J6rpo-Q0?<YMJ&l9n+W@t58H0}P;nvOT
zyL9W>s<N!Up?Uq<Rp*>LVfW6Rd-m+?-lJEy?ma?5*Otw@_Uzu#xBsAS-8#i%*(HnS
z27<xSW5+pj*=^f)U~kx?d)KYoc3_|1wQJ|io3>O`RKhu)i2L{JyKn!&L_FT7Pp{p(
z_aIik{(YL8)614DaJgM0MvTs6(z|wU8!&Jv7So+OxAy5fAQBEOU%u4u4^&oE;v92+
zYT43-;13&iR(W~Ji4!&J)~*~dV93dn$2)fJf?Fsyl?W&IOBn|JZ>j+KiLLD7EP-Y*
zoJB(6V~j;Iiap;12w&P%6;LbDXwSd}D`;92E8J!AFh=)UJ<L2QI_n^MC`>c|c2Lr@
zH55q*jy>NV#oG!dA3ZLeDKOXYD0-F$%?~u@ve+@iI(IDddQb7kgQtnwx@dJ>5)WsX
zH>cTq>Zj<i><t=vD3$?2X=(VUzkc-JFMsZIb^0UrOl(2CZQSG2t}DDC3Q!#Qmd+ll
zY2#6wSPrlt5(hB$I~?}J<GFM?gR|lfIGUTX0l&-bbztY0Ot8PB9|*WTUPmI%sveI!
z7<6C>ipB7>oecy%IJ>cUIu!Ik8IPyKAx}EZvhjEvSjz%_ugm3Vj-`SDFH(-hQp`hu
z{Wf<j#=aIe81ytXCGqGS40&SBY>ycVc{3S4X`GIDEXgCXPy95;(ujx~rr+;KBywJ#
zGahHp`)p!qMu7K_AFLL{B2K<SRD~8mUJ&5`_EaT7RE?0DSc0;Z0VX=A*hrYMt$moY
z4PZ26(o(=oSjqC41x*!u=LMs~iF8Q;?B1f)=plR>Y!#56W&;rvCf88)e|<qbS(gm(
z1yNC*D#%_8gK%dyFbc{_!*~7W@fTm6t1g$PkONFmSP+sJC?t-e=pg?weDT8;L2GJC
z)3TCIr<<Y~3{5Pai8f{ud^H5H?x31VWt=Vtn9*nkCV0w)3#@>NMB2rLBp0yErIL6)
zPD6mtL^2hRr=U+Hm;ep)(3HX=h{t3A0z%-Sxw(lwYXi{4<H<xKnTTVdq=-o<5fN29
zf}@HZCHPp9p#gAEyJZQ}k+BB(Yl#H|vyw9r=>gC~pd)}I2{O1w<3#qRLZcIvmaT@x
z0=CRtPF3g5)VsL8m_3(uoi()*ux|xq0u8b~3Q}}VFb_@LqA#Lr)UH<fC!Mr;!vi!p
zl7OTYpX^kr_D=S3U@rZyK$~$(K$g5)te_8~8={IrG#P>hxLoQ_nHku)6!FtwBVePL
z<t1A%8u8dsHIg$^K`f;+R-h)Cpdr)wwt|wu83TN2-4%9T#Gu>s-U=p8nF^lx{)H|E
z@@w=?8gjwNW*iQElswI9J=6gtDn&ztAUioRa-$qopG**QK$cZzL0I%X4;`T(Uk8z@
z3{uh&4ox|LvZ$$0*E`16H8H3f_A0e9Ci|@iXDXemuBlhF|5;$$Qd1jsyWFN7HFm`c
zU=~9b9J)s+3T(36KBu$Oz1aF>YwKJ5$ZSMD7kyTS2Sz}9%G8+(r93EtBW`JVD7-w~
zbTk=QgT=F{)m)PRhPkZ(Z?<rxJVD7L0EOsIp+{zgRWJoJ=rdAWsA?;xl3899c}URK
z1en^i$xLZUmca<R1mw)2L{;O3t8_|M<#i0bhOBzikp*BSPd?^EIjb6QwH78S2A#u#
z5NR7>%uQ7FQ79SiifVw=j(ugezP`ro!n00Zt<q&vOIUCU+F?P=`1~c|a0EFhDl@>5
zl(16ODeXaIm9M-)SymGI*}c!b@WwJcGShJ5P~>gh8hP`g9DziIDpI0(K@fyShB0GP
z8X)U6HdY1_K+%UeZBW=E-asT2%d-dTg*0SFr)Z*9-lXre)MSg|pEQahnvl$Mkfso>
zXhpz()q(O#tD)o-9Mp75eo=6Nj#3jjheB5<BFRj^P;-@1rNS$kbxH;&$*~A5qJ@c0
zFIOQduDDx8P(`$AO>-`ntGv9mFHqt2l^IH@dMx!Bj-q(9Rht4P6_O(*ts{k2Lx2)y
z{Ze}Y$Vw}yJ!QkgWz11!nySYf`%M*>n=Obmi0TxgSaN9z@)qW{l1kIcDl`?iTGOV0
z+IUgVvo2#)sX+(!7@>#^WYr=RX;KWWCDBhIQyF=4SyCp2VV49@3qVbxDnqq08EK}%
zf0Gu#Ov}8RvsL6<g=1YxG-q%WYk?rpS%)4Pr3hJ_?m#{URHDM0m3hN$AoEa4VNhNq
zSE>e}e4wCK?jxThz#OW4IgrdD$ZiV&Oi{Q$7KJ2L%|sqZ2mY*`^ZR{)fFH%rkAVQH
zq|xZbF~|i`pb<r~rK-@g0z<OJ(d+eOtye?d6$OyNqx3}&^8M0+427PXumh1%hyXAS
zn-gxAGBMbw@nOe*Q52Y{3Lww5H_?#tM}Dg(=<?13$*PyMAOo^2U}CO-Cd(Ovi8IrL
z{&P^mBQZ@Ps9SfOGg&iH$k3Y3!JCDl0an)bUQJpxz2FQsjm;Jjz*Gq+>kE!j1aKK0
z|D~O#`l2+cHBBqY%2DC~kmV|^O-ghv8M4qDq3H-un~|w-hl(v7wNOmeCQ)TpB<sL_
zn#lgp5<l|4ETYJH2&F01R@s7SbRKk2qN|X5EXziq)ruhL^Mj2@qR4PMTu!IQrR*FT
zT{G+qWTCOsIkAPp<pZR`kUE-JEA*m?3G$@0LNV*63QJc7VzdBep3J>dp2fX;cqRdl
z@({^Yo1qg;b_ww|!>ld@JHEaR5v&p*sxW|%H|CN^j9-cQ)knEXbQ4J%hG|rRfynCo
zRFql>rT~fgi&6#V0Hvgdg{CMbz%yelJe~+DN9Pm;Iv*5@UX>RKWF?fcfTH@$8<AcB
z1i5MjD~_BtK`@OboUB-&6@_-8!h_Pr;dHv#FRL+;c_Mzk8BpBtBRdl$D@>(Q07R6X
znnQ6f=SQ|Q1N06I4u!crh$ews6g0B}8QR|4O@Wit0t-Yj76Bp4N)40->boh+s7KZ0
z23Zg-Gq4#0+u`Aj#6Un26a&1dOBKn)5Itc_5|`OgQUazYk+qN?EzGzK!U+Vn*r~Dr
zM3IaFiq7?nDb`0WvqAt(>PQ~qikHBm)56UmyJ1ipNQomUh{l!dpz|r9a`GUJ>VyS{
zAbbKkS2mtaVWkITS4No(Wph)$GOAb*@yN{18!k_7goA7hId4NR#860i=@ekFWC~eH
zGK&kzShN6*GBmVss8dtWRG8DPpl7RflWD5J+`ls11!3$J1d^#qj$4GwJYALORdz$*
z&J>TL6?IkC1QQi?m~}8!o;vai4L>3!%wH-@gF0SBOhM&^)l^xB{2=I>SOE4)>lB@9
zt20h|#^mc10ZK)txKwym$s8Q6WadOB1I0|`=U-V1lW7elkibpIjw#fsrtmq03DM{%
zL21Sdny3hv$&3$~_$14qCUUB4(!tm&4C!cul^)LMPGMutlo&uB731Ut+-|3<^S$(|
zdpF#6&J%yRzOG*R))oSF#vIhf+;Nw-==@)QQl$Uqad6u2Xy((IFavKWJg6MXDX=+D
z1UmZ?%=n~JX$nI}M62b3p1(R}7?e;jFU65LG+iWfF3<vGVPpxSE4BbR<h{x(4M4v9
zw5id}Kz#x&PgV}9XNsbTk|&j%7X$<wP**@=33FMthhVDy6e0gAL2AuIRthHswyY=u
zgUl2hD}ZU_n3@}zB9MIRF+x}=t&*40NZ?n0di#ZU*Rd~mPyoT;MyG%WQKU9AOD*C9
z+4oBR|B>p@js(lq(B_IX0;4YI1?&uG%mPL?ElJ1-vq<o0z8YErY-T`4%B*KY$li?C
zxDrG~DYr3jOB}@Vq)=6!hR<6Sh{cy56%(md9Ervb+%pPfrOGwDodL|e9i@Rbt|C2w
z^-t81hU!7(GLS~LvVxAu1sp6*ML2s<U#-%x_dtA84n-GDwoFE3NvK6e-UGR#B7xPM
zuB<b_-$P`OKa6P!3L^*0r=Y%=qVD2JiM~CR%KxiKwP{s9^*qZlBB0rDwk)Bek)fq6
zYfz$dn&}C%NsoLJ!GvaGDWgc5DMZ)cg!^H$mQ7q%msT50drVBm5Ecr!l>${}9N9A+
z=@Lhw7g7?iDnZt}W*S9Du{mTGWL6a_zPbT8D*jY6i6TMO>YP(m@t`iU1dX{l*jOo|
z0WhaR01t(#bW{@%6b7OJ&<fcGHUwRhX;oSZ^J(aqEE5_TLCSN9oXa@_S#N8ntJA%?
zTsp_T+~J(Zr)eIU!IP}?kV7goQlV0Cab@lHoWcwpSXfoiLe0+5pfr)CNvjTmq0LLJ
znK&?v1Ft)kJE;-S+s)77VBQf$tMRQe@oE;6Ed``ExHKpLMmM5(CZN}|@lZq#RG7+S
z{HTQ>OeC7Yg85NIVXL^8*g^y7ngEsuZ(~Z)Ol&}wWmxGgKwf2tI6_bUtY`#7tI{HK
z08upx0%}!xCC{jk00_R&SV6XG5hyEe%MK!<IV@tRYG-MQ@8=JG{@jc6*_S);%htr9
zeGIfx0TjQQiY=HWv8|wQwPynq)`n(mQZ&UR%s@OXTdkSIHMk{?O@?P+HM9i$Dz1$Q
z=wgaINl${rvFkx$w8WaYYG~S+@zqeuhGd}-*~%JzkPAPk48bHpsbWLH&juqxP}{h%
z0%6FM)F3x=S*KuCS*1d0GQd=+WTn)&terUIO=uvH2@1fMLJ}GBl1d|xKpOHuP^;`j
z$a(@=g@=~H%24N%2W1C3nnt8%qMEwpEwH76$7N5ldaL8$`|6iFkW*7rTfi?FQFK;m
zfg^jGX31pEB@`2Yo2Wz+1FcFIz#LkVS}QUc6kBFd8Jr&YxmRTKfW{2vw9Ql0Ju>BC
zP&0)E*A^^qb%ry@J|r2UF+(|j6;M#ph86+3P{<*tGg(LH&%DNnGIXs*GPxu_Y8(xi
ziNTB%#AmW<Mz4ZSRifoz#fvp8JSf1}X{&h}0p?V!ATx~+4he!IlZj*X+bvkF^C2WN
zRm7Rpo=m4B8?VKy__`mwY6wL_X8=7x!oCA9tUy~}1IST`rsh@@$Pt;)QR7<mB`fv*
zTNJN_KwP-DjleIj(?@|Y`guTrlJsOv*#d%0f~e-fRdxYokau&K_y#B$W$Vl&QkwuR
zI^TjT^rTUb*1kB0N*>$`xsvseb^ZxP88lf5kS&gaAR|xKnW+GuOvnR@sEVTsWkaXy
zHSq;>9t4C#n2Wt3X#m-Y&Y=-T69V}py(|-C88y)htzLz>mVujD7`eO-2m6~UVo|bo
zV+*61+Go5fuI*sGCh{8*YZeS47=sE81eGRvmPB)aV8=0UE9g}RyERX~k)0+Ab;Q_?
z*m8Jre>LW$*N~;{jV%v$J{7S@sC1eL#aa_hq$*oMCcWB9Iq5r~<#4DBQ*TDddLe7b
z(sQmX$o_?1m!5!5kE(WvY4KtjqX%6q0yH8hpiO{z(?RFK=uiiv2f!*5K=A1a7q8Hp
zTt{3XJwzBmZI;dK>%Sacwjf$liUQA11I3}D)ioNx*d`qM4M+ATPO=&P=ch6dSe5h&
zO9Q(|JSQTU(?GBr2+KCRpc3--=AP_gw-~3?5iK+uN!iAvzve?w<iHS$CEH{#H$k?_
z-{^sBl-m(scZI1U(2LN5i6Z+4sH!@#L%vm&$Vxz0CFqo7DjxxrBeGyE%AJI31ryL!
zWk4^&NgNY8Xu^*$5kfH_vQ;LMD~(sHitI;gtFbTvmROgE?-1GTgZUAgf>VPqhJZrx
z)vL<ZGZ{$W3m#hsQ>kPs5zEA*xmZIcTAzwGreaO$L_CvD=dd_3XiO=nZ7>DJaLmDD
z&|?Ff6dL9{Y$Hlrg);?fhed`W8q(HfZereo<WG&NIn5-Bqb@yy+v8z>IML_#@}nq<
z((A(ls5NAs5C%bcTvmmkUK$KiJ`6^saL5hwkYzxa==4;TmAZ&%k~uPyz%`7eGdu-I
zA(%t*DZ3>CKmwYC&>{#w<X=<?yo!4jYtc0U`B)_7>kPD=)N5_vbUWMux1)3dF6~?_
zK4f^8OV1x1SHG<P6oAOaK~ZG(QYbV2cZmSL6s8=B=2TPT(fa7t>ez<b#35&{CY_2m
z$6T>ycRH2j`)3zh&)KisC>~k>vq^*Oi}NG`+R;t2vRe4e^+l&+0ZU`nplL+KHj><E
zODqI)W8+kpz%K-0CngvQjgQ<!vdiVFsXnoH_x6(~kDWYm^aRRremrsXID}(|W3lG)
z@=ESP6I!^Ep;ao&sH_w&WF^VE40V8B<P4A?s-j8e=wQ%`Tv!to0Ug=CN!2KqiH-o6
zniy$16vF`|ju16=?AoHjD*UL2xz-ASfOp3173<gSb-T(YI&#@uJUL`|=hIve3C2Ve
z4STW65_e-Doz7$uv1DW2^5f0_KJ0kqxc8%K?-#Y6L*3hLYhAI*6W;3ZHpb&+&5eF+
z65Sq`i!F%qn#iU6%pkbko?rm`26vWyp%H793{;W7dcEF2z~gkf@sKXN6`(nS1ByNj
zH0*C$xkF)ZGRgk#3e%`$1~Z4|N@4Pqp&0+*5bX>k!v@PZV1>W~Q*;_hf-x&a<8q}_
zsd;nW_qY;{9G)<u=~OhGR7)zFNjEK;H>)uk?a`}0pK*36!6(}N9GDo`TGIPAIAdxu
z?Br1q5P3$zAxvi;1x|d>WYrH*Vxx+OATBDPJY+vYh9Fw0kj#}V8rKk|Fvz?hgge34
zX;@&jv=n4g$WUpgKm>FZvNDKrLmp6>XsyBc{($$>&sVM6aM0~6oyc~G@dV!?4m$k>
z5fIq|Br6G8T=@W>nb{P!e(|QmHFb|4a6Wf3ye007VeVlom~*slAN2V>@r?7h+rPnE
zvL)vYH#M|P$8&Bsb_DFJdsOH0V-A417>Ri6>l?pZzVz_n!)0X^cx+-?o}t_2_If>7
zg<%a{DC9eO?AYp+E0W1%>o#rOZZ|av(3t>}If0PXzrBmqu%_nZ(j|*~^z2E0l@#p?
z#kBj@V<G@AMB+kWevweKqL-qe=Zee<f{jGW!B3Nj06_%A(KIsVK`a(KxPSZA*In1Q
zZ~xwX`sz#XzDJH8jy6^wJb18Yul{Vd@F)Z!sm`4^q1(1?+OcEn@ngrfZ{HFQN5bJS
zCaaW;CK0%!rxvVt^XJXMEW&d-X6VtQN3ywWBvQhb>~wnP&g~^7rI=ufnbr$rs!~3p
zss(E#y=XO~=^=AW`D#$sM?s*@3XMqYOhI_&z*WI&A}H6XM-)wifQiZ)L{|6#zjx*r
zYu9Z$%zt%{D@{CMqOhXW3PN}ggM}ij`Gs%eE0;>8v(3?+Cu)DX-Sf(Ee>$Bjab~@k
zc|3<)I+sgjo$0JMnf9g9JDkCPc-zlx$|mb-5{U%6Z}Vv_(iM@y5$}rSEAIZu?F;75
z`ry6S*RNX@3VBLOedQItaM*`utJhw6uDqPBZlREO)ygk_|KC4dylBqs+0*fa_2wHd
zg68pfK_~;q<qQUWWo5pqD&MS`A8y{fzNF0O4=`7e5+CAYm2A_--P9C)>x~z2A;}v|
z{laMtd5j>Va7!GNSwgZ@tYO<|3K5+WrUVG63%SK;c_soBR1R(Lj1Rjr9*bd*pV9&=
z5pH$3eO`C{jc!ML&SxKB)5qR<QNb(~kpZ6E9{0{2+unTrrC<L1`->LNg?X#i0i1Q9
zqJk}tUY|D<3T3j{ASQ>;7w`wmD?%luK`e-Gz4damvC-vrha-W<9{uaqEgRRZUAbiO
z{POb1-o3jr*-S}Eu%t8uJ~-%LNhDNJ5rSuz%UxO)ij;(~DJ?4tm2rZ{<0&l-F?}S2
z3lr5)h%L>?Qw&b=qeKvVi3}Z<LfMnK{}w@)jEx^U1w@do*t->?E;Vow2bpURbF$Oz
zari>mAx>g@qgZn2@XnWr9U{f1>sh+0?Lj=j)>Q!}vuj$`G2o<Prl#Y~2dnFTy~}%6
z=dvq1xptjwI?|ZRu|IRb-dikh7xenv$y7F)%H=Y-kwNFUGSA0}kiV(1r!$Es5Pq|j
zmmmfxo1%^P{N|@Wy6ZPT`u;7Ke(jQWRoxSb)XOiv@WH$9_UzT~<B#5b_UT80p|T-E
zhlWC~7oL9}6YPn{{x*92xQG7!k5^xQrgiJ8aJcm0hyS*A&Dv3;&t5Qp-i+xVZ``o)
z#pj=1wQ||$G3OoJfAFz~|51Ii=B!aewr$<<@IU^sVZ$0EeBs5HrPFMSsAgpBH(;t{
zfLcr%OOgWnR#Rxl2^F<2^dyKDk&FhGZRT_{*fEhME1V?q5i&tkG1fk>t32#==28du
zZX9{`Fqg}Z2_OSg9ozPe8#fFcHhjp?VY_#2*}rdpmu|grLzP|0Q7|z_j~UUWYaeX!
zo_yjT^X4yp_w9GHxeTgLJ^n~jQ&S=lU$=JEh~Wc2|NQg%I-vFu%!lfl{{08dpFiiE
zb0%U}==Hki%>J}p+p3pdeCCVKXZ7mc2Mcj&S^2D4Gd`d5+3e3g8#-)cX=&u$ciw#U
zm6zJIX@^z#^;ch7xnfyadBuw_JTv!;&xZ~jarEfn58r?1(;1%}*uQVs@DWE2ADTD!
zv;O@DVlC#GGRPwXm{xU402=fch0B_`K}vu);z*iPhHR_zg9JoS1z=DC)GQ_F9N0j3
z(IepVezsuK+O5ZNZ)7_#9L=vf?S+#c9y3s*kphiS!kuo<iM0ch6nF1<WBoHnyz3fW
zmsjO}H>T~JZ+5<KR7rP#qNctn8cSg*tWRbgncUd0^X`t`yE=L=DR+5ujyH0xwl+3r
znwv5i{zvJx@cCSuH*P8|EuTDj)Z%5^Uw-NRqel<C{_4LsZdlW%UHkj~@ayh9diL(!
zZ^)1lnM}5^F>~{+w?`Z6ZoB>ahYp??JY;yUUVVoQ9dh*8;lYE4ez|-xChqK6)7P(C
zect#{J$v^ZJ$ig|Q+(P3_Y4`*@7=dwnep+ACm#9Bz`;ZPzCe9_om2WEA@h@94L(W=
z<oTiRULF(y#}<Urd()d*N7JJSCZiPZkich(G+juL2L}*Y2fVHwhoirJdHa2D?|)}Y
zoBw`c&+lK}e$PwWsQl)It<&D#S>K$-vWUIgyKlca<CBlE5nH+J^EE3MVR?d2)3L)n
zwy6noqal?}#Z!*wo_)N!`b7W!{Tu4*&pLa|OD{gXZR_Uu-g_gR$$j+UI|mQ$|NGzX
zA2Ou>+i$)yZ~p9XD9n>p@(qT<eftg=GIV&mcAegM?Zt+My2l^=YumO}2M_N1_@j5`
zeu3wbPx|!f`?qQTvu*3f=bn9R@Q{(oM7&FvuE&obedU$s_8-{$>MPGpo;+dBoSArj
zUod~po;|yQA@*=%b=Kv90;no_Dq2Z^l5Y$ZwP*#5{;eX~Ll@TwlhqK=rJ{*lWFm!W
zPLJ2&3$ou-aq&Ml#owt@A<RjIBVRQ&Flw}6MKhFny@?U~1MrS`)8gv%f~IhV*ZK77
zV^|{Fm-v4+s@?qSx<56ka#&f$)!Z~8nE6#l&-dDU`-hyk*MCu+KG~FtI=s^p;aIc*
zODa}Yc+=#NW3v#?uvpl=-pu^DpS|+p3!68t$NE}*@>qwCo!Yi--=%B!5oZlZrE`fy
zx>KhP&%N~WS)<0^^V?rnRJQKkv(M1My>J0+*}Nf@O4ilZmX%dpd;P7$h79S@q0^YL
z=hal7JbdWDp541TcI>=;`}WeZiaTz-=36)45h*F<dkzJx({fr0OjHDQkn(paXizK-
z7%Uns)cW&40W4tMQZ#H+7tpZOr4UNe8-2)$1%1vBmmPiR{XLIQKQw)7`9D88bl*!m
z?tgXHU*Fqz|0}y5d~NrCJ-=hsj(RMJmt1<;;Gx5CFB~*z@THf1?dXvMSR!5Oy<Y^C
zol{#n?P%Ao{Y^LD(Yj4rtYTZYY^bfR>D9Ym=g!?;dg<k=s*c$7?ccX&&+gq-?K_C?
z@E|`3fhTKBwt<6&cJ0;~57+5bdeGouH{N{x#g}}&p}ua_%H_#K0&Y8X>Wl~N2@}u1
z^rCUG=4LFos74zba8X=v;bj+HFmc>D6F!^u$*x`7FT3o@SS%$%h@2r%Y$XE~qAI$k
z3V5ZWfTVogS}q7V6Ef6g1tm0?>a-f_o%1#wxWcT#97MAwvzDCG<#u>{cp&w<T^_qG
zQoiIa?-T2%T9IsJH+ilWeBG68@VuOAjx~K&?@i^L5ubO_k>uw)j`NmW$nU;oSerT5
zb$e-O@RmrtRl2z$nNDUL4XNxG$CKDF`qG&->F|zbtY<MiJFxwx6dG&Xkf8%xwQlpv
zpZ~U^vSh%Zp=j>jvsZ^sov**)mK$!mJs1q^+PQt(wgY&a^84Lu)@)d|Wc9G&XJh^~
zH#hFvyKCc?gU|l!;lV@Bs%qacnT+F(ok+&97sdL!;>#tGk`k<{mwxTKTfY7M%Pzli
z*UoL9&0YS%yRRKPa@g%*X{ec442D514<LZ5PD3zNTEaXy)7tvUn~`Mh=8S^!;enJl
zUBw89R3V5=ga9SZJ+}Gbi0`j=_P=0QDK_ZWP3?Hu*mkaL?#|1*+;vrVx66q;FSr#I
zl>-J0?B9PtkDk3ccIu3MqUlqo5HQu#nM`wY6IAhd91Hcft=rys{l&>srUrxTy~1<P
zn>_7-dq<5L+qG*qteBTxe)TQ4eQ)USk<~RPF(27o&FR3>mP{rwr#Gx$bMiz@BALKG
zAel_WVmYjL@puf$v}xP!+Usw+?c3kSQ#Qh3nmzU8KcVc~Z$JW5Ih}@8bJBrjar(#a
zdOW_qefy^1lX6stD4#Y5s-mc4$X-=4Ue%Rbh0%|!(Yj&~vaA#!rD>A{wkps$U{NRr
zlS~1!Wt)ToUUa~U$lfsaR9uKVPbQWaI;_*B=MT{Tlv(EuRi$TQ?_wU2h}0qk0lt<h
zIs{KA;=5`Z-#8i0@L!*4PCM%B>aQ8p8j~r_em^CHC*M{fZ)>01l}=YTCqq8Zvf9jy
zBT4q0gGb$rt4%gGIGA(!L+pJb?PqSCPS?2;rfgWZ`qP=8V&%Q&x?9Jcd+wqIa~Cd{
zTT#(!%(&6}_U_-eclX(&N4q`FO&d16{pL$}puXn%TPIGQv~A0lnwq-vCQh9<@3Rga
zJC7VWCLD=$>f8-0Y-Q^XU(A^~Zv4dd9Xr4I+Dmw-nLKrBhmKv|c<m)@4~LH!HDKV7
z4F4%JhcsLYj2d~M@M>t5VAp2aXl<ah;Dw47#&c%|BgNFH2u~6O+eQ%S;pq1|7i_9t
zxT*fJ9}X-HdEQ%mblzXa4DMF)<R|-H_&GZlA1pj_>jfQqw2wHQnB=(nP+Z4P96xa2
zaL?ZT<vAk*dTbsOi8xN!put0HYS@;rQ|FG2(dhd1>wEU<Gi=z%p1t}uG}d4KwQqLp
z*xu>#yz}<!)hAEjwu;rNZ@+;)zYpo*@uFMzo<oL?Sh(<u($ey_?W%h8?2R>X;J_hR
zEByigH?H^w9L|~jX&@MaTXbpQz`>QRs+KNU$Y<2q?K^Y~_yaw9^zGQG{Db#Dm^kVD
ze*Fg|k|{A71XNA?A_fWv8aLffP6T+9Mj*&C0UF^#CL0B7C>uj2@gsw52AR@TDsr0@
zilY&W5uE{_XV&8FYqp<s`npcbWz(se+M8}2_2^%&s&CNz2?70x!C2Oap!tk7Fw-eu
zZulp$GwF1)vG%ilwSPKV>1F<*$;4}qfBMbNqkFbVCfNC&aU{L3K6zyqf2W9R+wq1I
zIsd~4T<h!70lqJYrd?y4HNUJ%McTCY`vdfsvqYNM5_-IzaM+niJFqEE#2uM*HXL?g
zv%sFz<H?c|JiIt!u_R0a0iVyyY_VgAHK$5Sy@`aw?RKzFfV15Jlhf&3GMNI??{_pc
zWr9I0!OWz&DHRBMK|mFro0?LjXDgq{K$tIx9Qp<}D*Q!W>A7bcNK`;u6VP80dYV$V
zBe9y^%tT{O15A}XF|`G+Gy=LKH31}-1YP&Px#REe9(>_fL%UT4fAP%Lm5+=&UYDHw
zn=fbl&sl$XWyedi55D@l5suas(O4R%2DkoE9RsZ!cg$V1a_R+F!Wjd1MW8?c)E<uq
zQ>&>d8V*OWn}en#63S%Rd}wNlqZ)|>qtO_)s3nmwEMXXHj=_Y;a1jiJQz`5a9igzl
zIhOQ#Ja|C%2jH{G=kvSWF6;qIN<x@9c+SCI((m)3DHINQ-0as6lF1Bq4j!*B7K<%h
z@cHzQ-hJ?|kGkDn_A6UF$sz$VA1-qvSu2k)fiyNC=VIK99tcF>WDA$(Y74R+#nFhR
zB<d`S1b#m4qvt-{#D1tkC7+z!1Eo<diakG~BAAM%1wcFkRy6DZtCNm2>2mBh4VvAd
zr&b=rLhW<q-rN(vb#C=9K0orqPxd#)Q=P-!wZ|Ga)+Bsv*<$m-na$RvoUv2}74j(q
zPO;`T)TgjQH8!NM!s52v(2#6uN@6txp|LR;gMj|yB1t40qseGA8N-u_BL`YCk;JnO
zG@xNZ!vxz*tdE$o&|v!tKWJ@=Vm-~pVyS2})!3M7YG$h;i*7zNCQ5nK^8k?+EpCBl
z8+yFaKjfI8Fayv8HP3*7e3^S>+M;5$1bkuQ9Y=w8`ADE9f+{GDYj-zvsPtbyvHg-Q
zwTEls-<sGS4O<RGy<QjYg$;GFy4qNMZLF@Q8TULoO|myR1OYol%$Zno6COVBB+GtK
zoy#>eHZ?ajH8wP%37UomriZsER!#Q536Ik8STl76a|<$_dDEFRnCVms>lz+@us4MB
zG@Dm!RYemJi#2C5X(Z=#vCmXCMw=QN+0U|Jjp>+($5yRecKaPa428p(e#W$A=#<hG
zs|OlTh%Z|~7Hb4RG%8djkRUh$vP>WjzuHL5L#gZ4#RHbb8H-3P3##BL9FNRy7ki6?
zU0&>q5d}>FR8)jaPz25st)~JOm>r!tEGP~8q9+bUPacfc9Bj;-OwC$XbNG0j!|hzY
zzae_)WVp6=`G&(M8WN$Pr?w$+a9>^HiCF!~cmpemhWaFCB~PPJDlBB-bOqxSdUgsX
zDv+EQeMyvb0F9bfX9_b{2H5nJG&l;u1Waq*a>@{IAL0cC-sSWum|2I=l5==n8}>G~
zDf8WSey8VV9bB-X_RfpDG{({gPQ-m4S2mN4RyRd!SZO>NO*ALj2es4y^h*AX5PDf4
zSw0F-hEN()g+{dMtc(!mU}EtN1cSf-!=Lcz-Q3iyG)NGh39567gNZ}ERn;6+7x@@L
z1ZpChE(D6K0SbA;qmD@<o7m=-qQMFU2^>VBBV9!@pm1R~jxl0uq@kH|QjGag4@qlH
zGdBhJbXS5novuta-H=SMl886NGj;JX9m`JCHl|bQtGfES=bGckYHl1@(l+90j;Al~
z6o|x{8|o6V##AhtYHCd7VktMz0S>7s{mHS9BI0=m_h|(2dc92Pbh2OXSAix}!J>P)
zfVNf$EFO)dTGPVo^`Mo<^0?T~^!XdOC|>rA&130}*e^JU&kW1iC<{hQVA+|xCpC8l
zBfZ5DPXiPSIZzr_p`n+XIN#~<IQJflL0?(oowuQ8@#flArQU<p@!Dw0<94P}nPZ3R
zj~=W$da(Y;fx5=}xH7^#60GoQ49ApC7yG<4JHyUk0RMuaP?$|8K4~ZuG8E=KA4L#H
zf@lK3Cs}r41KLPpM=2&7Ae`tt1H3AjqEQ3UEKFpF1fc=Uy>JK*R!}#FbX349vLY`-
z(lE_Xh(PV^C?w<d6kzuY_TCu3zNn}$?K-vRiTp(vfhlAaW;zKJ7zw!C9m7~5u*J)|
zoEbdgMoQe*j_z=%A$8<<-S{q{nYZ+w|I?xWeMxsbu;QtCU~BIsUEGcQffvAILt9@u
zh?T|V5*?+)-5zI6O?7qk39r|Qr{$wZ4)Y5jcktjo+-zw|dA;tfTQ?p#d;kJBYB{u>
z)O8tA@Qiiv0Q+nQF4yD7jyK1ekWXDr?TO>Z5A5HMXK;CP1E?YMH7i#&Hq^5|F%@qh
z81M4tkSMyGRM69b6=*PtU>Pn?u|*LS2|00#kmJfegr1bBLO}7joF^NSdymJkPdrkc
zz%iA{Z9CAE&gAeAfk)|kZs`5zTl?I9OYgsbx8KEQwTdM(!Y?^70&@oEX!-Ib&CSht
zp8e>fcRqaot+(HLW%K3@SQ*)`j`BO4lL_h#jDstf25wzWY(MDNOj!^JxK%@-jz9&0
ziVjAN5vCm4g;`A&(#j2#0||7bs_sawfFKJ^5isGhKwM1@TY^HtMLQdFE@>|`4REI1
z9-J){VoOw=f&?)n`BA}`bFI)2M}n*{G%_npl$^`kqs-aLo4_N1Gn;Y5Q|I?7>C-ms
z@I}__sou2bXophwsP3g$E>rBgA2P{w_PXAIP%goK2F+H{Oy6LVy)*4%yDgD5fW6`I
zV@KwFF)JMQ95}G|g=Zhj;s#q^|HbSXKEE#z@baIHxcBVddHnb>pU=&!K1^2J{QUtC
z*e}4KN_rIbyIEX`I7Fb&^r9zFE?)RWA`xfbJr(f!{c!FD4Pyk)3+8=x^ypz+K5xJI
z;_8)4%gS9#7R}wacbAiY*ud|1p#*{m#o!OPf+6Sjt(zMg8+<+|wkFVcy)KW(#lOyi
zRbl1zF%4wc>XuXvqec&_y{7JD3X&aL19M{0p!HBmK%@ad$bhaDNV7Nh93Hpp&PO-h
z{I~UfuZ#Uq<=0<6K7D^U;7+92WDN&A<q=jYA|4QE{>s-06ms@B9m!-8QwSy66vftX
z;J~3HMvkhhs|A(K#$+-YZN&Z&Co7#!W1S;I%!j6?XmfKDCLyLoCY!0RuLB>zT#dzI
z^>wwFX5z%*rQoRP2y#^(2MKz$t}X{vMuHz@nK)DcGznSO6O2v>{N~EkvJ!xbt%h7n
zRvbi@6eh556)5P30|~GN5vaHXlPJqRcGKaK^ZRK&b^}rYZ)&sPSdd9=-sr?U&IWVw
zoyQxuS7S1zeeT?^rgp3hdypNLl_S-SGgs}~aIC3wMW8a^&Sdd?oaqvAuRapnT<3JU
zy{#P0w{=dmY2Dfv!0nnXRU#0kdn8i2Vcn{J{fF<^zV+~-gFSoqJ$dptde*5^r<pT8
z-m!gKr_Nomb1W?@FDombHS^=ut5$UA(5a^8<Y%8w-@0W}hmM`GO<S>i$-1?xnwpxh
zbS_)EsAH!t!C+v~{JAT>ToMXLTD7Xg!nAAW_D?=~uemAOt9Rd(%a_fc_eD)jO_#3S
z&_jQ~ed74Z=BB2K%Br=iSNQ$@p1lUHUiszF5u<8rPKHZLSFKpFb@Qh6Yu9w?)&r}-
ztQpg{ZrX|qX5irAsZ?s#%um*?T3KG+8u{}dN_v+pSkR+S&o!%8Wz*T^OP8!)x3+WF
z?$9fjcOKG^Tbvp+SheJbQF%3kT^mP1f*FvLh;B>|8l%$dac<gMyLfATz{l3X`sQ?y
zz31ROcru<yX0SJp1l+e@(6K`+e;N}m$9~lh6AaG}>|-~*22i3#w`_^c<$Cn!U0YY%
zwr#u0%2uu0v~7wuR-Zh1!G#xoI&=EkH7mAm-F)ca{%u<~ZQQW7SFgTU=CBAJJg|T9
z!nxQ*mX%ldyuSC}d-KqteM^@t?AWmrX5gI9W^CWSrLMM?K74~f#?XLHDOVxOL#t(4
z4mw%s+!BmRSwn^d(wjPwL0c_?bUr0OXX49@sfR6x+_HJCr&;wq;PZU;<(@UW>)r0M
zOF+xU<3oqHzhtU*K{T4`G;-A}j?kGkGB7>z#)_QFMKblX52Vwv?34keH;roNak6LO
z75f^WUwr(9g@-;l?wETtQQz3qDeP(+_5?hxfGhLKo@8^*|Mk-27k4l5msH@!i`^5P
ziZh4V91aI|@80F{crgpRbnOvsY^<-V!6LY9$-<J7Qal0SVK#_WEgV_1YDFj<9y#*t
zL?SV7?q}o9nc(qyH*8qr_Xjs@SUqvl)R{9r>f3h!rY~IKdcc;mW5>=*m&_kLWCR|7
z5dG+pL*pk**}Z!Q*3AnpK7Zr-jqu;KTNj$}2lnkjV&O<hHiMqwQamwa*vN(RKF3=2
z`DfG58Z{12_YDno2M_K?2ZjtEwt3_F0fUBqF?(j`F5Ua|?YDICJnTkms!!s<>kIZf
zUITY*-Bev&T~}8#e!|3HAcP!vr**Izdj)Lt1xd@bm_1ru0ry1^Opt$M7S<ve9C>3N
zq|am>-P`!i=^dEV-`6j+^N-&>=a%!kd~0IWty4SPJf*|8CRE*dai;-Y!t%#d#Ddtp
zXMa>hEFJJH91I3GZCu~6L+8@6GOV%-=6~L`TlX$qJ1$@TWv|}-h723NbjgC-ZvWo)
z?c1;#R<-YdNrJhDZ6lsM67l$n6UQqmE3drr8(X(*jYLY;uUj=`>cwNnowsP=+%|36
zm6n#VpIj@^G-(LgDmQgt#L*7aEc>Klgv=4p@#Q8RC>s^B5rau3Z=h*30|?ffe4{zX
z%F^%i%wDl~&7OKJAN*;HeIVL843Lkc0#)7k7dRbe;5QET9Ow%T>r`<~*CsqKpWCA}
zlgYlf`sfc{-0<_)HZ9s#gSDozb-P`;R)1KXx%}ND_k4b6{gLRHDqor3)g^oK%1$|7
zNu?Lhmg-xGa<b@Lm#*Dctyl^fE7!h#yRoKJR<=2Q;%F+B#A9%Wj-Ar!R6G`IXs91|
z&cr_bI%76t)(#okW8~Rm)2S4mdV2Nh*RxlbPMxrU>(!%YpG-P^<nW<fCW8l`9=-Y^
zTRge*H`*gr?K>VndU()~5q*1f7&v$+9+R<5rBm7eue$dDl&dKJK)2W1dr!GHx1=W|
zfpiE7ApxWaVgV5q5fK%o2o`Jz7F3EN2vUM{kPay%AtAl@UT<#8?RER^`_0Tbvvb<+
z-X#9td%v8Vo%#CAne)xe?%BP?C8fx-d-v?9sU4M`k+EUjs=}fYhuwxfcq|gdI<$7=
z2v~-%uFj6h=g+9AEh{c5N3ug~lP{P&X528R%axg#<MZ{mG&PK$cs>$3mL7BFUX-1k
zy<_XvXoNglmk5Se$51Wahw`C=Gq~u<z#ORzbMIP*pn!|5LsmxGoJqrGk1rpd6P#3;
zHg0(4gevJcuR5!`%qu;Kpn}{suynYTN#B|wOk~6E?oLcySlI;vCS1O(tZb|Yi;7B|
zPMgQ=K^`Qxlf}Aa^ZKTyMvvQzw2OH$J3H6qGGUBhTMd)Ac3v;}(H!gma09X?Fo-d5
zx^7?;;4>+G5m5O7A@0QpDgmy=>AV1z2(e1u&><k1MJlSGZ`43of~cTDoRd(@0Avwm
zHe0OZnNMqsewUf9Fb$w;I!7|UMtUk(Efy#Cd+9k}AD20!y#LW<^<Vnu_TRj<f5)*7
zmo?_Go2=w_2Qf=~vUBs>9r=&%w_Np3+m-KkM+W+ST+unSxXA8uV^Esq3jx14SahLK
zY}l|7dv@>edechFvav<Q8nLuIKR34^D?6ud<d|WVRlz_2nJFtP>(gZ)Z`!a6gC2=#
z^{TC_RxZWt?eTbgejkQ0rg{wDKmg}pX<4~9J-xc7uDZI8B(+!+t?>JOdw1`^f^O@U
z4I8)Y-L-Suu;C*jVX^{FOLL;Tj~qTwT2@q0SiEb;R-|d{-2%Y?Znj`B0Q>%c5BElP
zcFyXROE+!UclgjgM2J=|U-s$etGB~@-RSC`?r!YPkg0cU-&|Z;(cRTkIby`g6UXZ7
zPuj_I?ZyBz+4V94>rZ|)&%_MTNv_AX{LGP7ng_taWf+URof3=&La|`PLcilnmW{$;
zHe<vK2Ly1fiJWZOC`8bsWE(@C&^}dv0t?2Bj4bjPEcqf87K8MsJmG@w1&F-a#GWXm
z^ytV@qt~oi`R1D+Vm{8w${9MW^6j@?dG(c7ydI3na+)IJP{qJot!+M~F|r<036)uG
zOF_ZG&9N$jXx+$@XppKC0=E_ia*rsQDhzbg<TEf06--FD^DIb%R%`B+h%o98jvH6B
zaBj8!55$UIj6AC7%BcZm+DCdIk~A8#1uMbv+5W@zr?;I5n(P+0EoQ+ei;~Zst@*iT
zOux~X)nc=|yd4owq_^vyVO=w8Dx8^lZkLNJGliVaOBjyyDGB$8nmYQ6b)JffVfh95
zMMV{d4(@MjZ7D7;^LRa(8QHZXM>W)+Jl%S_re@U8p_O~~?7&8Q=B$e>W~;~JMQ%b?
z&Mzp$E#Y*!Mvooa+S+>L@FCFi^77!tX0v#`>Gda%O`0+t&DpnSUv=F`ED}ROHr&l_
zw-@WjlF|~pgWOJ4)!3$yr9@tSAsU{SUx1N<z5AGP<LXbI#M-l}x)zH>tVB*6JJQ+N
zF=N);tekYK%~e>41!Xx@M%0Y#Xz$p$eM?Q<sM@;G=&B^p8_TSt5?!GGA=Cl!3&<l$
z9F>-Zk%UR>$l=}9BPvnFOoQ2r9bvh^t4L%mElu_HO;y#S;VOY6T;IZiqO9y}cyQRA
z6%|8mc6%fe&d)2rUfAVwV-(r#j@(>Kw0Rbb8MzZ#4~m#C%gZYY3X96ihh}DGx3{%o
zuP|}qWDKFq%&f`hPlF73n^FUvrb(|HdY6-eF+_P@*7m1p1uVv8XU^g(oX#m6N@2zF
zij~P(t0n;qLta7_S0!155k%;QDuZY;0jI;dbaVZV6TN18)w8B(DAdvU^{<b4{P&l2
zslK{r1lD?3Qg%bU3ecP=3NjHj=xP;X0>cZN%D_Nh=jn#`wl}_YAY9*P#bB|SqSi>r
zF?zHqw}AY_XC#&u?we|B{%U!scGwV-4c%_L&5qQ<L*RZHP<6S<Z~8;o<szRv1Og$O
z&FXZL$I%0R=_jG0k(kRxev$zcEF2sT@)4w;lu6nO27^wQ1Gf@bm`HHf!6saWLb&Vb
zxAe#l#M*6Elg}R^KhJ2xdclO1ABzDSDfXL<;9_;+bea7=+%@Er;!xORx4}r1e1dEt
zUk!A*>2I=;IAgfOoi1V_6ojuRVn!LlZZ{UBG4h)f4&n%sbhBmzxj)2yp`a>Cs#=D`
z0tme-NJvGMj;d-T252d8M4lJ{gEdDhAw;4ECdEi3x^nsZUF}Ua;b~J{pl`8=s~j<Q
z()qLL``DxdRhBu$ZnI$lh+#sO5f)rETv;p_?Vvyr*BeRJZYNa$^0<~rkyt=lZPpVf
zj_ugK1uH>VTX^}^a13kkjzI-oYM#KTy%da`NCZ^IW>8fbbY)cL7=@o1RAM5Fg9$J?
z6;Ox}3j$AoqN0H@ms>+Au?;ndv=~K($8qmdt6yB%Xts@b-V_alJG;Mr<EY0UT$pM?
zJR|7FO#6t&hank_1n3Wd1p7LUooZTpq<vdMps^>~9|&72tDV`IIg!2*j{ftrLgPxa
zGxAHEo^+Sfi9yM;Ap^TG03-6M0R%oPCRUR?i4H|bkBlg%E4iW}DxBz=q(m4ck|+xb
ztR~Tno}iIH)dXEYFh*YE>Vg=GG}Xt2X+e+xNKHv0(8|PL1ZXK_dSnH>u&9t=Sb>MZ
zAySwOs+g{Nd%9@cGM{BwE=>#gXS3S8Y3bzs7Wsm4BT2!HsUR8RuFPhn#ipi43~wwg
zQAJv%9La*pj@GP9QIQ7?rq9AdnH2zTmpS5RKom;|qJ*@>O^IO31p`Bg%_rm%W@2?6
zklnGSUFjbC{r_6KXl0YxUh|?U8Vq%G-*`ja6Avyp!-UAp8+V>j)U^BPNF=KQmJ_29
z`ZGr%EUtV#y}do1z5P7{L5v`e!<yx?XJ%wL)3R*tH1b%W-HzFsJj+NOaR1b-1T94m
z27Ij{35tpmghlkIh%BdmrHEG~KOz@pP!;kNLP$)6fd~pL4Jgl8fOfwOwV0Hj1b13t
zwT_ySqL|bWLSziq0iuxDY85yONr%1(Ln|O@bVLq&bC41waIP-6F>Qf^QQ`t-Gt0Ti
z)T$*RuPBW$Z4QBx8kE)~h`v-{EYKN?SGfubTuUr7&{U`;OLb{ssD?gOMq)1G>&x)q
z^&pX1tXvWa@n_Gh|IcU5*bQQnXr-Su%O4G$0hnz~2pWP0WZ)7xDKZ2>ABy&PJZWhe
zX*ostrNgVLM@}3!cGB1}BWp*MR*uXp9-5Y&=k<EAHpD(9KJEo~)TDF(%y>d@Ss7f1
z8<Hp*Nd?FZNd&0~lQUSl$&y??fmJ0$K~km;m?>jWB|R66#)2_2!e!17gVbc=dchK?
zj6sY^it=o?L4F^RY;vV@3<de1B&jSXd<n3FIwvvv+&JU1swxr=CL;pzAQh@M$beX(
zWlrE8*fD76>hM+oqFq)HU5X84Wl>iwqbBcH6=YPvKq@3gm{A3kHU<lpH4LD~BQ({W
z$ePJXR%9M4{gjy{L`bV+HUeuNmu3Y`2tZPUJS%W*k|F84bawKc5H}JZb~K*!OixCZ
zHzU)VmgaVQur|at88S4RN??|_N3onTg#KZ#ar3z70#_gUTu`M*1Z$uqwne}+HO=4z
zRv^QU77|+2SkZ%IKx0RvoIG}gOe*3sL|-aBR2hZSQGh&CVFf0`4n{{I0k}E`uQEke
z<wO*?Wh02fsX&O3*=BkvYM%+j2w7RxOQLV%I56~x9ycOFN`(MK*b#@yn+j^_I0%Q`
ziK&3uVTV)~LzSp9u+g+wT;#J|^4r;Doyb;*aeYHDkz`V-LeCCKi!?D}M~vKOrw0nC
zfdr123R#KQwU-Ahl?))3m0;prgO`&-<(F28u8}_Il8QEB1{74vN($3sH09z$1(lUJ
zphS73Lv@4Ev#O;T+Sk=j1kH+?8$baE<7)je3N~&`jA?<$3JhEe1+4`R*%Se{z~x1Q
z44jg{rU8hm)}TJ^EC6%NB9D+2aK?c<UpI1HB0#l-0iy)v3Xp{;QO(pKF;^eFbxFak
zYuv=l7H7<sNglmnhnQjp7gjRa!PwG(W=0NDH87~@6txuUTp+a`Gz?s;Yp^dS&=Zyr
zXK`&qGlmfDYkj2xXfe0C&Oy}BQ;AZJB^B90f;UsI?ZhAV$%w3qvZ%<*T8J!_7)){F
zyugvbrZHG7{P-V2w2rdaOPr;WF#u83a+$&S+K@qZli(hakx;<!)+f*~)C7dY4qYJR
zklEgA_V9#Amx}6k7`jgkt(s9BNk9zgG)xQHRFW^{u&EaPAs@<8LuGWZ;i=RaA#Oxw
zvkirWc#)Lw-_WU`lnS^w3dvP95=JUQza_M4$V?uK5fa}ys(uqh2}jiAWo=h;mdX>W
zCN(0e>k0#68BkVXj2%g!GLisBlFSX~GMBun)lx}n!A7+{7aXRqwW~)`!dQTtRf5H!
zi9{_80i(76jD<~SAm9%i*humq`Rgj=Q07Ak#!(tWw8QibtRypT5Ri&Y?;pCpW%kro
z2^T6%OU;z&Tww6fnv5fEQ?Q<zLPF@7F!(Gl37A9fmKR`*+e<MhLkvn^bgYC(76Oi2
zhXAW89SX7<s7R<%BSs-8<WXh^he4SXX_YOWM5!c5T{N*IxM-2sD5C}f%#@x0TXX1u
zQH|fUN#Knku>iP+0!p4*j5nN%i4u%UV6%iy?KN%th^!FJ<g0r&#uBAvfTl-I2(Dn*
zMGUfB5-|!My?9o?^0TtQk|wKAf<EAaAE`ky7Pl#sm=UErsitpVDJlau5j_};BZGu7
zQ|1^;Fla+y8v3CD$qXuCXa)d}v9&X^)(ID8ue8kcWHQyFVmL7a3YHO6EVU-3Bv4m^
z3rb2xilTiEUE*NDjWE}!G778e#-sJiwqKw_o*gPAw4=2r0$gJO!ZhS68EQK$PLRad
zRJM4Phz0#7yN7(DV#a=%9E7XeFbZ&0))Il)NvI=nj6Fg`p{+7STPxFy-4L*gDb3D`
z+l`l*0ntpNz%<YmRs<zfAgo|<=tdSVKuMUP<)XwFb#<WcP#;QJg%>SSF`SxnxL`{R
zanXkow0R8N5)qb)1Y(&&;>%*9UP@qciPbol7i7q833OC7^7{5wM6Fg*Xw7np*fd@5
z9Q5uXBD!MnsPuZ_jG~r7RL@Wyu9>D7Gs>*W3IdDDS{x>;lfH*&#lb&imS7NwKKTrz
zmeqvFQi9wV?MfmESX!itl5f25kJxZ#22qgMi4d343xlvkx=MyS5?*9*p13e%P+C;j
zq=G6-g9Oo5#c2%LRmutmP=+kEB2Glf$b(W-1u&VaN}DOA8gybg&gBJaT}xI&#YotY
zI1J4h0P?I07`PX$ccTDkDr8K>y~b1+gV1?}owcv};A(mxoW$x3Oh#W4RCX}%vP@?u
z-b9PZ>afJf+E98Fk?<KW5%i@JQ<T?$SYRd9wHXX#^KoM-gLVSf<T0p%0naErmQQuK
zgsgd?pyfE7l@c{yl?pjXmNd{zWG)HR@d(Z-(I6Ng&e6&kYbA!Pr){WMRk8E{L(EnR
zvV(v&C`Q2o_e>lORwrq<#si{fKvYSpPQklQKRoV&NNFVGcc>D;m`hZXsxvSdg`{q@
z8VL5|3dn(Wiy3P}<U}joHOtWPqXy5b1k9#N9z?z15?WQkuyHBm?WB-Q;DsHE$aFo+
zM9DkOiZ+V+6ksu$)|!H%!`9eRK$_d+3I%hPNRRRi1hgS=P>nc0f#lhPMaRC*kvJrS
zb^y?0hqlas0<?Kmgh~=XnO9kvRe70Jfh5=L{}QZ!REG#vl|#I#8F=$VfEd3A1jscb
z^C^RQ)%aEt484%>q@o%clY%QGKqN$(4e66NWK~SLFvbqqE+?=m06AGy0<#Nnk|-}1
z;_}I%NVx>u1t66NV^0NQ0qX1^i0`8Tl(;*=Z(Ldj1~JL%3c8UHg|Q0}vWn<dVMZ6p
zB@{ApF&<KC!JQ%Cj@w6p9a@NuPzrDk$f6X3E=4><FbXrT<?0~0L<-PtuL=nqu|U}&
zf>(Ka7?fg+NzV9>L*z0Z2VrrNJV8@=m7o?()&PVfbCpssE)euBFd2Ow1!d{;>1WGW
zA=>Ci%;Zr-BB$64vbR!sm4X{XftFd`613thHAFj*P*l~>H9&v}jqDE!q6HQSHA_x#
z!IL8`NEDSyJbtPvYbd}is{p!!sHd9<ao+@_hS`h<tq-b`P=ZZC;!+1i(UsDzjD$7`
z6lzJNA*-GVm0&#Cr1+!<Rh6J{DS*-WS?fp?0C+({lIT+dGoous?JpsWf&pD*!6rMj
zppr}+2kA^kF_I^Mgc6Lv?i5-~0Am43n+oVj8EZ;l!6$=Sgw*NnO+HOPLX=V={mnm7
znstYid)S-%ab~<I6iCr{D1)v@C<(y6nWqJ#B2Y+>@MLp_S1x53q*#3_+!=e+x5CI=
z3k4lH3C0`+)MB_m$@(`%%T$iW$^vF;{A}Fzgh=RI#njz=8W><?v1<wFmp*Mq2Y5{E
z3|e!B&DX=(o6=ff-GQ^%FRaQa#(*pl!HaHS(nS%^6et?0C;>r1O&>`G07E+|C?^y_
z0<>7khbm@_53Cd8(#)kaORx$++DuE@8;=p>Y>2aT$dd*R0hExS2P2V4$N<4$I2a;-
zj@fD@e+idCX?@UOcBIxNv;`S;*a{VWWvW70oQ;Bxsj~pHd}cOPL9^IcNn~-$0#T(3
z7*H5l%QOOg?}i`H!@&b!6uHO|FC!ZUgTdC*O|7lXisLjnPPa7q`upt3emnMm3Nh|;
z2xgY`6)($ur3M5ji>@tbL3%aPl@&xV3tHL1<LoUcAU8@xQv2jRM6-LrHd7?v>*&7e
z^881CGNHSV{waz$B+D?yyNN(>sG!qoBF~g3Xe(f~+FMW8pFFzD>2%RQLq^_S$A1D+
ziDG#e3WqFKXWiJT-n6tZ{bLk~+z~C4%Vl%BNuj^r6bgl*AgZVWmSUs1-0iXX{n8I0
zL*3!9xjke)@C}#(0s2RsaL~Kg?Y1G7P$&W-ma%TP#YcV+TQY{#x7%&@`(iGa*&iUk
zM^E(xkO;{C!9Zbvftb)Cb5NeK0F8hI&F!$VtU+ESt^}=+^ddl@q#^^5nzSNOi3-60
zC=vp?TzdN(b?hEuu@y_-iA4h#Mf3_V7E>kXlP6D3I{%_^6VCVJlE~NS{};eI0E0)2
z8SNo^JMuf>5#Bi{Btu+;mvlRVbs2%uC~8z*N!3RRGRbx~GEx-NB8g&FhU5Fc_+ZhZ
z-DdX{J5Aw$ue1B6g}IO3IbM?x0d+?a+j^ZB?>l9ggKvfKs%OAtvpJ3(*<&~Lj2}NC
zf;1$p6!>U|fOW@?9nol{rLDJa?DVv>v=IGS_5^S^%!dyh-Lh#d%JUaqosoew8fCW)
zD7-*{8u9_DW0irC_xj7v&0ly`PEKAp97#*J)t_wsZ26L4FfiqU8Pzp4p-_}H(r&kG
z-MqP=u(-6WG#0b;_4U5@_N!mK{ziwx31cuC2nODJ>y^u|`qJLr+iUB_q-CU&KZYr|
zCSkCW9D`I#0v$1KNDq{k+%}O=+2NY_FLbydBozgU1ep@&7|Q@CQU|Pem@iQQ6s5kR
zh6~r<-?!@1cW$`x1~>g1coKtxbgs$t{J;Oz+}tu@((H+or~CXqIt3U47Hl?5sBTQ9
zn3A#flo;m%Fb>PeWr0A@<MAN8{{DWall(ntBx@Ee2dX}wkNweS-YyUk62_|2h3rr6
zFirnRAiwwLaFRKIu7#KkcaW$H6j2aRLc)O-helb2R8t|KmQ*!?19T-ZxeFx3JAV1m
zi!bf9V6$wtW6Mk*zR@2UFsHBxA#^-BP!TvN5*9twkZrJ69RUU+V|F;nUyQ;6QF^bF
zDxpmN@}AX>t65n&V(h39d$)g%)Pu`RL=<37q{EwLeeb`oty#UIxvBB@zrGg@^`_a#
zZ_8S(SOD4`RxIwILx?U=2;E_~dA$~_2iLD%HPGK@vBHRL%cjlu-ua!r{*FM<fB4XT
zhtuM4VqBV?PV$#f><$Oc7|9+lal7{O72$9=EzNARThh|a7_XnNT8@G1a=FcBvRZVx
zEm$o=$!diP)Iou;87ok`9hU-;4-S%oVb3y9DP!BDzoeo9qE%yUBgh(Y&4e}>lTLzi
zQ39$sR87>gg*B5kf=MiblNz`R>FF6a-1zkadpB*`u-fhNNJ<94GPAMa)UCJNaPM8W
zKl;~)$&b-F$aWiv2}1={WFnN=tpi~?3*vr)oE?`N<C9fU#t1<f0xtGfa!e+V$NlWT
z{;_-4j{H3Lf8T!fwO3v!%=c{By#B@KpT^7$6=s=?Nrxjd)BEJ#|GH<-&NQ!={r)xt
zGBUlZS1<q1qG$8+ybcxyp(70GJpqJE!mwI>e*gY`dz|F&^~C!O;_T3eUgv@;-<anP
zNzAb;uZD`s+oBZJQ8WNDiQPi7A^D~XHluVWX{fHpqXg2u^dO<gHYi7WfdFeSBeJp)
zU;*R!$dMzvcJAE0d-oo8>>&pz4X5fcOYhmUr?<Dy9P{njzK%MTyipIlECE9V199&B
z%WuBr4!6ha^F<zc_~D=3bLX}#8~^s_KmO$Vw|us8WiSx<?Js}vy9e(7;cd4d1Gcxd
z{P4E#-hcNUeSJL`?q&<wXg~3{KYi!+pWJuPkA89Q9pC)=)t@d|{?1#k<z`!+fA*>4
z$4(wQdMM!cA31#N_FKOF`(NFQxjH@F``<U;z5lN7Kl#`{kl@nN(-Fq*o!bI|z$1V7
z<HNuG)%U*j^`l3RnM@(XbI*^yx9;<G-5qVezW@Ha?zpwBwKd7#6jcJE(l{7|k`7=*
zvIEGbRM(5i3<g?pV*}i}c-P8^GwGRvWB>-FP@Bb?>GEVc(>xYunmZj?00~6|8!Ew2
zsI0u=ySLqb>iC}BJ2xR;Fblds>S<`G_YDmE{FlGK>E`dWG&gp4bzu?L*m$a^r@Onm
zbK90p?d@%Dj|<sw_pa^7j~(`U-CdoXt*xiGZQX>y>~=f4x;i&*T-)2*gHdth@Bt(>
zj4K$&YzpGiB_DZRws+osebI~0x}4UPE0%`BWTUom!`kNNrnEG7UvDp_^MePEU<H8n
zVNY*wQ)2^CE>dShePb*d#maH#_B|c#Z8Q@)c5L5z^29NuMJzuXPMzGbZA+Thz527|
z5B>g^CyyVq*|cj20(FOrb-9<7?=~exQekCk&__xh`7lsQ4<=gN=j4Z}$Ns=%iiU!r
z@s+MirxXO(Hqg+HJ_A$)B;_T#cqFfKRemMlaqEHnq3Di|(++F6u5M&*ZeBq_L4HAg
zKKW0M!otGL%*_72zLO_Uc64-xLZLt?QdTj7uBX_c1Gm?*as4LjVL$%xoyq4<n=o<G
zgTKD-rf=OodhEDpB!b!gzi+-g`=U!8dH8{!{pz>-_w8+OZ(X^3$*3{o7F>4qvLzqR
zUvO1cc6wvO>1B)G|G`i0-G89|@hAS?(bL!7-f{Hs!3Fa#eCFwAA-wX_#aTHyufFu$
z!ppxnX54vOx2!L(81~pB4_<xE7hZei<*cmS_O{a(Oq=!MzyERm)S3Ty^r5fZa0~9A
z?OQe;IehrQzTFefoAT<SXM215akt#_^PgvA=8|9SP1so?#K!CQLdwwE5sd?^EK-!v
za#Eql0EaS>=ZuB)S$2!9!`J=c!Oyld?%vk8yUpCUxApjrhC@3W598Q&>Oe!+>ESu0
zn3lF|+St<E+|}KM<=dxAKgi23%F8b%e@j3Q$U8_z8#a7iQ!^5~)#JyHzV_-Ox5vHs
zlMj1)yZ`v`ue-Y1UjEPX(`U>=UR$|h*^1>$%FD~&eB<ReU;odpUEB8W-&<Q(_rNdi
zX>V)I%FaQ$eC^ejwr<&o95;T##85cua5`77T0VB-Oc2x4(`!dgS+RWag%{2H+h6{0
z^zgnnUVnM?=rKEY?zr#XAK-52@9QlpE_vedKUY>&zxn3Nn>MZQ@9)dYD|q9zMW;^H
zzy9h=mo8ZN#%nLHU;p{a<x9)Uhnzm${O@O<+_!H}V?$$0OVj#wpO==Fj~O!-t7oZs
zTCmRLU97AQCLt!3OuPaUkz9yLDCJTz&4796<Ihg)_<Si=h!!(u3@bed1S=@&*wmr&
zJC_xR1QikQXp|G);8X!!WU*jteB{`%U04<F+q-w)K6Wtd*tv7S?;BQ$O>@<lv175b
zrjJjm<Dn5q2do8xfh(@M{`LR9_1TIgn>TG7H(}Du3uhkySwW`0J$zv4Cm)<{X~7*b
zFfcG~!sN*lYDSNph-tRFtMiJhzBJ|h+Oo1C;ZP8FN_I|WC>T6>;^ffbB_*X5Z@&5(
zHcKvSxiQI;C8QPQ-ku)p&@TJJyz{3{FD@=Ua_Au1a=Nu`?j@I%l$M9+hvROyCmab^
zR@F|MIdk;5i3soT!F`y<gMr?Q<}JMbYu}i3{*<Slc)Yu-&1Tg!$^ejK9ZSv$yEqjv
z1H`v%3a@fe3W<A^D1yY<0~Xn#HA$TjP!{8Jn#pT-zp~?l+x~m+y(=F1XZ=Svzw)yi
zUwPo`uRU<%3wPbP=-zL<{_D%1`|-y5Jy`M0ntdUblUV4bXJky7Jmt`VU9ctI>hTf<
zmX_ExFaG5H4eQq}SU3+e*@M6S*{$Ebt-HHx-1zezfAo>*(=UACxo6&Z?WOGO94rYx
z`tW^h%oi-Y@^6nlgITkwu?4<n&7O0?1yi4R>@V0adpw?Z-+2Rmur(Pua*W+(f9LJj
z>PC(pJ9fgm|9veZBlE!iz1cZA|9tZCZ+!E+Z@m7R&o?mTg6ZGC?VI69<d;9Y>kC(2
zd*Phv$B!KuQZe)^U;7G{ja4IRp8n_KWo6}yKl$X1*I&xb&4tRcr60fipBJ#!$;!%p
z_uV&U&boN^?2B)@`9_~F!24F!QUcl+BIFugQ-9x3$FLG9rq)zUNzju^EnWc11IJAL
zn=B?|Lv|pCN!t{9=H~VM=u(+;oY}!3mXpG4H-#<MsNFVv#E4PnO&mF4!pQOC>n8AH
z9I7>A$5)RTQ#*F7D>IYi7<>E=ND`okLvU%qhBp}8y=&`7AAA^zgfTdJd%8hfvw9VF
zE5j?R2m1S?(J0E;rS$doV8%xN`s43^@zg(F*uHHemXOh?DKpc3-B-T;(;t6#*(dKq
z-sANSA6~iov!&1d=k*P1S7AV7>c;$!E&0R0d-&;p{B6&!?c*k#mz$GUIbzhPF%!xw
zhIVy!VA+HD94irw;9wv!Fwlo820B(lqsEM%IO&3hQ>Ut`N1Qlzbob7kPNx)qQt-A)
zy`XbtL?mHT&~Z-%QAn-;iBznn4C0htR1|pY0I@8)jPI<`jotnplg)`O^DP%#_oXRc
zaA4B1Id7PD?U$!q;c;MJ9P9S=L9%K@^@4?$UvlY!*%!_^f9f=|*@Br&Y=Y8}372W|
zlxctY^Ml|1&W(Wpd50HMtleS9J&nl>0)c=Z!v=|R)aY^F`u6v}ar3u>!9YP#5zbg(
z4jDS^vA_T8?YCb0#}j|e%FeE-8+G+HU%vaNzr;Ql11~EptzyWq=bn9X+_>}3n|#4b
zFFuRWlAfL^C5%|iN*;+bl@ynf-iXGK#5+1VLSfUxe|p@TmVWn-@5KHZi$Ta>_+j4l
zdeg>?o%o$wfAE#B-h`n(qPlke{L6p+n?LpSVZ8ODm)PPP|8b~VN+9%u0DbD2BK2%|
zmPpxx*%a}&m`o9?ebSGxiV6h-6NWnHPt3!X8GWRV7d0Kr`qaUL+QALrvUU9S_tD4x
zWclDz-|O%8y!cx8qSw1$dcB7pD0IK{Mi)6=$I-dywVqervVFY7|G~$uY13_aStjzi
ztz=P*3nRee&FbuIZ*FeA`IbAXs%x=KD=r;UH*!o{TZ_Ztm_6r`p+hV4@(aq!hgofI
zWW!4qTz+u>KD*s<>19_B8CHdS=MO~3PaIQNSg~otW}DsmwXc7tZd8rU=B_{4u;7Yo
zMpV~jW#<kXK4Qk~xjVOSE+{Cv=;BK!O_@?!KK%2~R$_foH+pP#c5eBQ;h9<45QDFZ
zp_LB1BPTC^{(?)}+dFsd+%>Fn1a7L8%a+Z$Xx_X9m!<Y$rqoXMf|inw)EVQ01HB&7
zts-=!0!H*iNEDdH9=(|C0K_vO7ZetqR{LkiHf?Cy6^w-Lm~s8@F1_vf%^y_emVWrH
zziq1D``MAL*b02(yvv5?l@V!d8L9P_mX`YZ#^F_U)P@dl`7n5%fBxw`dk=5hvZJxF
zv7@8?nlFC&{deCfDlUHioi{gZ+ERb=#C<>eMQ?B4n$;_tni@xr8oO`r?(&Ku*eI-B
zy9(Lrh3B6R1OlVSj2}PYypKM7=X6VRenDYnWmPyFM#e;*`tXByetg&c*!&_hUVH6V
zF1q-_H(!74)8)%IZdiBQ_wImGB;^^irY~Ez;+x;T{lgFb+uPH(=JU@Q8ct?q<`fkb
zb#}DRzHsKpA1$6dWva{VUbl7?HprM|hYlU~!TWEwwYPdb-iZ^(FM9Fc1O35?=beWw
zGg^=C!@+x1g0jxUv{J@MDw#?)ghc8dwHUOz%VquW<F&iC?lGs`ej*n1_jmQ)JR|)t
zH&=HLkSF^Xs7cKzW?iTu>ylD{9Jj?B^VoV9UO8m-dr^}sOa?40;_fC>8cfrJ-0buq
z6zDiiu~R0Sd-ax#33br{owr4Za10w&tH(nMKA$Pzk9fV-{{D#7YE92DMIt8bh<(18
z+hy+UjX)9+VRxI6N$6M`_79Lh70s-9JXWU*v$Sb|Jck&`$Rr<e!@@v+%;_@IJ+Uc0
z-4v!avF>!cEiShSi;up(nA>Ca4a7V+`(OtYtb;8!hY7@t4Dt&b1N~%op9Xcv_aa)_
z#AJ})lqMh=v^$gKM6yUo0Dj$JkY8%ynp2h}#y~kTTPz7s$p9)bwU$}#0X0K{f{b9&
z9cd4I`sm|ZUUFHTS?=^*cfGpw;D(Zne5cJZ^NDY}?2ce0{M?rxu%vtKF>^_F!QTF+
zG1(RQEuocbHe5XaYSQC+eU6zLY3sy^qrE*nm`X9F<>cgez3E+Dt?#`3RyY#IGP9_#
zG&3s`!({ia?NF(%sq60P#?}~%#;&f;^z`(D2lhK%uDZHW7K`=3{yjZCJ&<v^oY5$G
zDhnGI?5QzLB7nBGR&1HQUeCaQZ};vUL&<wI#iv_Zam_L_Guqob5CC>Ot*tFkY;SMF
zE*tx9f54xWmD$nWN&ZM>TKbM1TP;>=RaFhDM~@zEX=xrYqBbWx>(r@JNUS6gN2DRG
zfN(__=tb914MD||%8UCsL!|Ch7lT&M%5vO(#~)vM=2dgr4^JQg^mX*yJU#6%Hz^V#
z1GTL;CUt0fVu>KcjfCj7^<DRsvc+%4Oc_yAU(95SnF29Wdd%d9U77@=W>W_8PmH8X
zd(7lOI%=`I+$&e5kFAON)CrMC12@{pboz`6;lx?2oY;;51oIkCjKEA$o3eyPGBrrs
zMq)74@vEN`xgA=d_NW-Dj7V$rBva&~;#DlkP{|kz04P$^if2UCI%*3UNQlcHeSGsv
zS<Z~kfv&HexA3K}{x%Q}O?m95y)8%69PVH^{OA|&+3i1_ZgGw(uUy)(Z+_9(seL)0
ze!lMFORk1N-Gm4r^<X=ULX7@tXEH-ZqsWR+KlL=W+qd5K?T&Uok|ws&$bhhc1ch}U
z{iDxOEHFdiFxLK1M&^P8q)BLD!3b;2K9;VK$Nm~+hr<~Tha!=v&1S_O1!hB`5Xy)l
z6bfUX4hrUBtHp{-XtUa|d1n?NMszVh$6_>$7+g?;4v51zY&xCfS)4#1sFRc!1@Xx&
z+TmI`Bcvjk;!YVz-LDE<QD{jDAPMmYe|qU(uUX7Cvk8aYY_gIIF7X9`gnrRsz@6G7
zBXNeBEkl%16oDv`T}FoY-_NBz`?UM#zlqt+o}b*E@yx$6|MiUX(yK$JPVcwBlk>t0
z8Grh{IWsG23X#B+(b0ev5UYYK4Jc0(PzkHdrUa!4)KoUl3F3i?E5^joi$kl6I|qV{
zE^~=ys$Swy`AgUhl*!T)lf#*Nlr{A%a3Rc=<dIb@y4m+SsIb`_Lw;#(3wLxxeZf%o
z0M61|m3qcFV8QSA;XsN(eu_jQpmcQfU-5-&uejoxw$^?u@nDCF`H>Bw0zYhHfjk9z
zfY3>Lf*%y<H)P^#G)S^+2%vx}ticP!V272F2T_1ExIr}-3Zm@ulXoEj%C#UiBx?xJ
zFu1`W>_Emswmt-;$pAmILjgiM_t`L2q%N5NXJEuao?bWG$wwI`^1L%0`-XN1kB_%F
zn2L@TBWZa$q8zYKmM)p;_IVc$Jo=RT&f6Tb=h)}W4DUNM@Sj(*UVh3}R_&NIHRca=
z|Lx&uU!RGrB56?6Dpi+iJXG8c*d1fHi|sI`S=<$<vLLv89CCDVb?J3b5Zb8JXCB$X
zg#>8|rAkWR3qJaik^uuDkQMO=Vj>-7p(+;@n&$w_IjoAo%4LzJK!3<TJiq*jYwmgC
z^VfGY9(wxP`$-a^Stb^W23mT<UH*ZSt=(&O_aAE}U*uOg&<9!lVIhX>hBX&9rday9
zTrQ6{P2wj6JTNE8{TKtfMjgz|vJ|Vg875GBm(7tAXBas!1Qb%y;hvIW&=Dx1XyV{N
zCJGx8qM0T{@@ru6xY?lub(Qe#DLpL;Zc)kB5MZ1f!B8v|a^84-WY7N4f!$<&Y;Emd
z`BAj7**<1`<W!S=!r1g%z8kYz$Z}E!3yhf*gS6Q!ogM9;eDukxm8&qG8yo7kY+C1V
z;x-^1!2P2}2}BnK_RBhiF0;5~GAIR&)rcc{R%~AxH8ntx$@1VBMXsG8<Y?4pgedhu
zTOvanLK1B)c$e#G>RO9I0ZSyzdoO(XS5B+rXCMFLS4*D0V91ys&%U8A=)>B{Zm|}*
zvhrP-X)$|Y(2*9glJAEm1BQduYT37MPk(=(-QhTRVBfp%ym9d0KDWoUcFku^jSWbV
zlBf)E$dCd(P$vfkV{xeKN+b-Cnv@Mdl9l*bVrY$U1|XJ|m2-i_D=iUc={i+6x-d&C
zL|e>^1rstOR*0m}1dGhR+6BppI#-B`aV@o?j6_^&+-k9;rG@wG>%8*1Q2haOcDBjw
zc8!~A$;}Sz+-4~$3as1I^_M?Kv3)RMKodZVn-pRrG%N=j8&9RBrMI`WZdkhp8;!2c
z4s2L3#LY;MRNiW{lJ|z_BMwNQ7Mq2<Q$rujv^%V1eGv|mLUL$YB}AiwAgW(X3axFV
z1lFP?NG8Gf<eYkFDY6a4bQp|;vxcW<#caj~85yx4J$Kd7ZP&hd??A}E=J<{~-}`G{
zpx^6o`vU&b+``{|<F0$Iz4goUu6+7|$F84yC3eD+x&g2%#J+Xuk`Lc|=Z%4Z{%9o9
z($Z91Qo44{s;0)K&dv_(Pq87zf>BbSUv9xLBO4JcHtY^?F@(qmaAvc^=>!XOo6U~#
zCMn1ruGgygwNUi~rAq|%A_{OV4pEl?JdsTx8b}3$5>AS9XieR))PMl2R`<nsnqm=u
zAaGuZ<C40ZKp3_(kugG?jFME*h$_JZRfjGx$=NM|H{MJ?vd84kw$@hn|Nbx0-d2;z
zX|Jtwj34coHm&!ezxg+>bdH-6I(*c>ZnfFuGMl3PR-5zYo1KMuG5U6*+!Jw6;c%?5
zuz2*?ieSKcx}~M4q-@uYEk_O=+`o5sRdo&dHmc3sP+z}%=|}ta?kp@Su~{wezWw^4
zL;JUF-B?mu(b>`V$%pUk-nk7Kv#h)<5=qe425mEHa-5@-Kuzx=qy$+pi8fnOBotzN
z9tbNZK|+HXB$wtA$z7XFE~{hBi7o3+tnUu_m+$|4|EU8}i!~Sutlzh0(}|tI7<p*m
z+ZS9tG^Ye9iM;WKwIumwR6BX>X2eKCCo$+nii=BndV4UCGBY!W4y&xK8+u^>;oRK3
zo}R8_M-Ok=vJq)<$k5@iiSe{?!`gN0RyQ>_R9Dv>J$mSqkKQ|S<lyn+N2_Z_e!hD7
zy0xng?AudRRFamS4*8_L00Ab$3mkl5$ic4{pyml6*Poda6%uJ^k)p6HmRx*L-bHXl
zZ6Q^V$8HvH+_~kT)pN<6NGtwOa6++TUTsc5y5Thz89_lth1BuiKxZ((^>JAG|NVlu
z{$QlPr{~R=!=e6&DHb+G`j>sw`{tXyZ@)Tla97l1?fq=Yz}5{>lO<vbT1>(2XwdbI
z?>I{ekPw9tEyRMv=`x=<-n?<$n(4D<_4oJJpFIAhuYPIQj$LlIx3DN5^LIEDNzX`c
zY&aDR1Y4S$+-}dp%ja*~x-BOsZ}Y}=GiJ{nH{ra`RxGWksC0YW;>50mK?fx77o`Mh
z$yG$erJ3sBv<<+F;H=kLt%p=7s@pFK*k>VJoT;*^u8l}6TI|j(a21@FH*$m}@8-GJ
zUomRdg4*c|$IMwc`oeiNQ*WC5g}GIeq03uD5@I_|h?TX}pB`e^Kv*&|vi9uRSyED#
zm7RmV)aR?#`u)DC)240PwzZ(3Xy(j|)~xxgwr&&*LL(Z9=H%vX*|edss2Is{&c*YK
zic7H3cDbAf_V4@J4L2bp@7%d<)aY^12w8v_fw6dF#a7dVrqc}|=}<Z3JctwPPg$B$
z2Z0oYsTh+@qyb)v1`}Yg7Nibfa5}9YFW$6s>mjT6(mQbl1Hs@#mJo4)Br$_1)nuuz
zCz>iqXyk1bbJ*uQ?r?P0jdskO;~zgMFkwny!sOt19Os25ObJaqKQv)-c>H9PW0NlE
zsvdbTw=jLq!tA;8EM9Mnq;eLFA{M*de5$@-_m1sz=PxL$$U1SX3C<>*S9kPqeR_Ik
zK~VwRZ`-_~y}d0E2xMet_4W2tRo7Mx%{zSLl*{Gr>};PtV@7t4bMKx51%)LUnVIy5
z8nw{t07lc}FvuJ-O4Tsd(nT^?g9bH4PWaD`vxe?1Yyb>Hh|4{lGyrfTu}F?L`@-Q<
z&MO+_YVNt^${VH(9W`ahXm(5;I%Z696~v-K;)^H55p{C@(SSO(Sj_wO?M6b(&duGp
zeht=)^Dn*3X1DC!v!|-6rl7F!@S%glD@V9ouAZK5EDy~VOIK$HmVxc<tutp{h<(VZ
z`V%&*&EarPIe!%P(+3akMM8`ie1Td7YdFrVAVXObz!|JPqFj8O(e4#`cTh-Co{BNq
zBpQPaKo^5Df~G6vu|oW4$)=s#4qMDNli7+%Fh;)=EF-CLwSfAKMOGClMqn~ncEtjb
z{2zSF^xz*YzrNe{+xz-{^4)>EZ}XAkcK<!!_uqYc;I8kH<L=voci$eq_xs)l@9Vnb
zw(=+cVlOO;2FQDfI#HW3GR>bYUy7|0cEnpY?Sl|`vLQy!u^8R3#7y-VtTsEg&yjE#
z!+PbXpM13B^P@)&=H?aT=H<Qf_M7kh_hY-=QBqPAiD>sYAmA`)t4>TQVDMT}H_~%z
zNa6#gL~AKoh7jwF#4r>P7%0jgHnB*Q0Vr#<j{J$7I1mf^O(C3n2YMo!pI#TUVH_B|
z5*aV7q%I&Fs9UU-_O{mb>sDi5ymG~|hEq-8hC)H=C_pl}#WK*}-_p{Iopmr2%E-uc
zyWDTS@yhDYmUnk|)zpq`XgK-bw?A32Vo7c7X!@fhI$$nwfUT5Z69n-?UPxI1CeL(v
zRRmhkSYSv6wa7UE0;DlA+su>fPlNwO0ExjvK|wlbusB(*>6g(JBDT!=j=9x*%S_`W
z2WuPtYaj_oHK9&~*}<p`%r38TP)W&$C2DD{KjDZBjH|87Nl!1#$|^88O7il8eZ7bG
z9UeYpB(+J+aIhLBU=XCGrNetD7<M|{C8ZU)dHGH!XjwVA1vWeR&Tv`9@ZRpO;g!{;
zWfj9Jhh%2uI~<O#&aSeup%W)h8W`|lVxKnSB4kW?dB`159|XK0K#!(}v(XiR(4a*x
zY-&g%2sYU-=o>Vq$s;JK{Uicl8t{!dWEf$pJAQ2c#EBCzhhYtv0FdwP={b7zL}j(~
z9-_)JtKvW=&7xmYvD@t)uQwPVzsZ`JnZ-8I7%ka3x!6`?T2D{U$jQm|`Fvx>jK@f;
zt{oYTMcr=lgJ6><Ur=5#w5_$ZvZ{L2sIftVuV-?nI7HCvprXYgGU8=fgWh1YD9R}-
zsUfL~EWib|g*cL0OA&*z17RF|m=ay5%l7f&EjzazF&F;*BvM6Zci%T^y$>&_>Iuke
z`1r7vp!(VXpb*ika51r<I?GJ*Vt3dM9oTbZ|Hk5yvKal?7gHMX$_wO7r#Z8^qoX|(
zvChBZD;BdwG4o6I;&3>nKPwc8n8G1!e=yre9d`1wI*~BRa5k&O;UM3)vsg_>kJKMM
zydTp(_C8;@>N=~H{vN2=6!4P=XsNxyKog7};yoZVBSl@-l~hkwPEn7_D;zTLFl0NV
z%hj<FXmu$?K~~Ag)i~KefJ3~pap)2WEc6emEc^Hkx7+5F{)B)bAl%v6o|aKCd(J{!
zT(pxd7Ri(jkP<D>C@>BpVe-ix_Qga5LxOzegZ%n0fSf2NxR}G?!s?IMGsQM<TptMf
z>rWmZHmqvuw3*>>#NmXU2!9eg0mMFM1v#8}fDBAhMPyV-MS2mqoRlh3l$XUsaUPr+
zgN;EKgEb=bfsCw7=l6f|^rB}Ln~R@184DsI_I{%#{h|4l@r1~r(xtyq&cU0hkkYGg
zF|oie76*n`!0$WV(in<_B@rNgq9DVT*3BkN(Rukr*cOvpmO*V&4^&sMC;>FH1px%G
zSw=dpt{r7}*!dn=2tayG38}<Gg}9)?d@Aa!IqWGsZJ#Da;)EgjkN2(;TB=Nma|~n*
z1q24#f<=w&TPdf~QlqQ0qq(_3sxXjDN4_`=yYxic7K>rkUsPN|eqBaNG8Bv}LZ)aO
ztK<~0SgdVrE%o&$v1S}Tyb7CciIEW8InIJR$&r#sz!-$6;?b(qSk%sTo1CJSEXKv*
zRbTbY!q6f`J1h>dgW@0w@veU@dS;2a^qG?}x<b5ZMB4A?RrUlUIx0$vcBu&H_|bQr
z1ZE5(>6aOe!Mx%EN6Ay$^rA}?0{B%GM6jqpSA|C@IN`={ILPh-^F3yMZh#phN-D*q
z;3f<amyld=sNCy9Vo|+8Cq(JL5tucjjHuC-s|s>b83O?cB$J8Vpm^2x7zKT@UMho2
zWTdPhzYiyCktH5^dXdzaBm?8(Ma+{75-Sc-Nh)(0o7IMCH5$Q^F!}Eni2=wU1d_^W
zAS&0KqGd6#;FT;&8XQDF$pDv-WrDn*k28ow1r``TGZ?u?)exDP&O7dUX3?|Du-zof
zBKo(E*<-!zodzX9VFv}7VX2fT$jTz+On?Al<cpaCB8CU~QYqH6%7G&GhAzO>jgrda
zggeI{hz9)RJN%+0g%=UJ)&>X3Ftenv$6Y4y!dbGg7^i;BsR4$0WC{EWpi(KiglsBC
zsWpwsxTdZ*j3V}q3wh6%zEVL_W(CSbg-XcTknpKGz@lS!H_N3AvM7hx26cN-k3_<L
zpYP1FA#qI$tos#iWiS;r3smTEbGn*?1GShOw7)nEHBz*e3YZ;k4eqs;LDZ$kL3!vh
z3rmRPAYWXejX_R~8R^F9M1~z4D6-y=Xm}Biq)0^uP>2Z?R%B<^d>kwwT?ncov^^(Q
zNg4k|lITLE31}($AXe~S9WT_?BnnQ{a6u4#Ch?z;E!x(NLLac1$gIFi#i(K{8%M&x
z8ED3%XO4J{_$IIHt9w!))F>-U6xop=B>EPk;A{dgL|$S*6NgfsEIP!TrUH{^iaJoO
zspD3R?41*&X#8Bople4YvNG=>R?zoOd&z9FkZ<fE8^$bFl_brHy1H?qBq63ni6oq5
zj$9EB4pmixK2;ZrfrG}OnyC3nz`Kw`$C$2VBh6$mlmdgdMFjV*%S|0bSGOf+46U`n
z+D}P7wMH{3wQM3P1s7lkA|f#*iA%v2j3oh+OtFu+7%Q-|t}mAIWk4`R4_XXT@oZcT
z0?Y@RsBOJSNz4^M$Vi1&i`j}Z$}zG?RDiThwFZ=+XtPuj#h6d6o*K+faycVtTmr0s
zv#wc{m~jB$b6J3kD2Sq>o{`icYV*(}pw23cA)Xn)rPZ?w!4L^;pPf%hJBblCv=D~a
zXyEL8YoKQiG<N7gpUi?ZP*Fo8OuVrwXNjg%@`@^Zp=X$2R+s=lcl}&1b)={QG3J=o
z7`Sf*&LD;ako^*He_BckAeLxCw2;5ONB+c{;`XMX_6U`XNDY^oP?UJ~WMnZwNkTrS
z06jr&g@BacBHn1RqU%OfR|)9K%V1U&z9>kQE2?;dh9Ux;3hawig#@dT*-J%E8Hw~H
zo*<%Zt5%m%QZPx7NKAmnB-*O&@>Gl&UMM{VXd>A_S0bx~Qvm{2#f+-3-&Gi7_PH04
z1@I4xa3fP0W`q#POWb7YNKwZ?3}jV^sTxcSBO_Y6NYU4#^8^9yJ&Y;&Jw%I@-c0OJ
zgOErU>)YgzlvQa_L=pojKxF|{Mp5*<ksAo<vJ}b+kXFkD?n@0LcMRYf+ZRBDM0YqO
z!;HkCb;s4@SCvL0Bo1EYCk;Ud(22_#YbeAx)FgJd3$kQKsMS-&naHmQre+|U0-2P#
z>!dC<K{Ak49bQB(GbLJP2ZvZzRG>rdbp`)_1K9;$Ro?z5{+UIb#eNbY(!~h$<@r28
z*yIXGD@5`(BAZwUbebWN$QV>{86{4XN{O>4V;YNS%*l|O6(@@^>o*zzmmLgoZ2_Wy
z0Fjo+z7~uK9bK*l>^&cqJE@w$2#*N`UOp2fiV{3>yCxFRAVpz_k+4<Ls+MR!<wIR(
zg?Nr3F4Yt;ASYl@uz)o(q%B}-n*&NJ1_5^S@<THDe+<dD40Ql!8IVeyS4EeAN=(I7
zfc1F1-_eQEhbq`Fvrm~hU{)Q!REK)vWXF{u#ts!2!Ptg^BSi~ZoE$HKiwZeYIfbSX
zm=G65ftfG>b0I3Rvp%>e2dXe(Y@b6{H4bKk9~?}Gp2-YHYlA~V9qvl>se#r+(m(_O
z9a%k+o=Ha2;|vDSH)@_hmy0^yzyejvP*HR=;~-3J6h?6Y%p*CdT~^RZt7iymbWmW?
z{12gPJw=x~Vp6{`4(T`cp$fT+=#z!oubP9PpvCJtIdM?J`cRwT;8$6^+`OE`yb+tx
znH90Dgvb%kYH&FmDC5vd>uc&DxgaF?!CV7WO$_*4gL_IDagC(9DgkAcJTSvv<KX3U
z&{*B*K%{ioCoaf;CZ}+Simo=GkfRXvnRQ8(y-1ZoL0B7-n!?^0V=(GmR@>S*&N3b#
zk@XaiiaJSx@^gqJU;`a>TckQkbL<eIBTPuDr6Ti$v&0?*s5QByqbrgW609N|QUe4i
zYYf~Mhek~URY!8^Bx*oh6D4+}<Swo!A-SuRp|LGNNk0RJgHbW-JdTL*%lapEC}P%a
zn2H#Gcm>|LE2#h$jzI;$z6?(mAxh}RVhAIbk`=}tR9t5U>Vk)kntn6RK9V!DkVH$d
zWri$y_mHj-QIT_EimoLgMgMb9gGw-x84FRe7L|Y!D@)usLwcp4OnsIf6jvl3pPrsX
zV_ZD}88E{;4dB&8;1bYDE-gYW&FYClj5E|CgY#_cL9(O!L53k@QRDE`hz|iBAO>A_
zvNjH`4|oXdH9>n>JjQ%|(6KyNr8p#I+9uX8Me_*n%#F)P(Sn|s4(%-CfjYBrmUakK
zLxEjuVbGC0NLGl_=PHcDmBav07OMnO9pXeo&DEpGKu#pSr~rH08vmI%E5M)>rJM>S
zFY=iYMKC%bvIvngbfGXrD_YY65*yRkg$|=9QC2`}3EGARXeY`l<Q4y!Fe{|&*-%h2
zPA*6M^9}ChEFjnd)aGQa1T*{o9Vuye#$d8>@pvUplk92;9Gnv;i^8b^8VV&=PsI+C
z5pG>cQ<JY#G4?-zq1$s3k9t_72)ekB2cW2ELD)!wHu@eSOHfRllnhkW^mrZCv>Q;3
zd>llctMJV$eK&-ukaa98kdp-MhkncsATdNfZI_ai6jaziLyW`_+#xRjtSw?SH84F^
z&<D4v0q2OG4IxP+kwq9ZBqNzPT@F~L#5u<HjX4~+p6ru976~n+zH64G<k$#6Vh8!J
z4w^w(lRmv09H>g%4ljYujs$=(4oODdzmqd9$seIGlW`YkffS7hVul)L9}lx|hIZtE
ziZeNqSRrf-F9OKMbbh-ReXSufEhXZ0a&@$Jv=k+nADqQ4J^j52@=Oo|N>-tYg)NmL
zigEKQM?}K#xrx-l95FC=?9d0KnF22WkY-g*Ndh9uTyPB(w0`;BnX2Kl1H7xg&7_Kl
z!-%d2S(dd>t*W-9YAND@gh*rxm<y$`qJT7nz@t(`ksSndK8{xj)ZPIdQWB6Q2D8a@
zQ~6CzNU|diT7fN$484h7{0S-@B;v)PHfjJ_jJ+zm?EkaS#HeX3e-Dui58lf}jEXXO
ziK2v>q7+IluLfczB61AKhM)}e_xAVq;TY%#aFz}r5{cODWK8o$8eEZNjsfaX0KF{)
zqR0e?ANo+3lB+6dm5eb&LEW-wST3tWGYnOQxC6uZz>utw>!gb~UG^(e@G2DzbU{uY
zD+Y%`5CuwzgHSNTn@n`@FpyCs7jWu}gfV{9e@R&h*yLsv_6LKw5%$8uj#HBX^3ucz
z&^K_A^u)X;?ty685Gi_00ZL2E|GBd+;2ayJ<Am8{1<eG44z$?JV;7%{g+g7uJ=Ydz
z+&^h}AN^yVT4Cv8GE1za5n&|eQ;$nwM3*ho>l*uf*}MI{?erIql?oUW(O5@k=aiWX
zN7PpPeZq7rIVO<p&;lbRhE7!S{zMO0WkijBJzJ~A8pdD{4T%;9`R!8j3(OLgN^6_I
zs|Hq$<4%mYp1PzLHMug34jDl}(iMn=B30u|5kfVo04uBb1Tu+U_|+>u?C<Y#I-Gif
zvG$IR^QX-nQ9au4ACQOykQLfNp+gd&9R|#uDo3jTo=#K(6v}jh<{*7e2R13nWm=%L
zvw~#8YPGVTPNT-L@KlX+!4oSQ_K`j{8O}^gAM)i$4AOwibjKaPdVkStyUpWBLJW5G
z^<G<)abG+kO8*tm5OgR6@~o!MHKtQwkoo%iSA6{Pm#@Fp<MFBn9Jxql^NY_t)7jNK
zW%d_pM~{r>L`A!WF&QIYOiW9ogT`#??=yu$!e`wKs*tFP)oKa`qS~Pbf^G{iF4HsU
z-ztb<d20#=b##?MCIa?+85z`(+0@r-iqgM^$hAQ?wnUZ4pGY?&21ZH=%qY<&{~1({
z7=u!1QT4_(fmT<dkg9?yLa36WF_(Z=1saW7Qp5Ne80cTQ^sO&n|0RznO+9|-dqXci
z|7>Sx_xUp}tsObe?-O&P8ZbzV$6{``$8NXw^z^bEqzec;9L{h!%$yp^DS<(5w-aHX
zFXRsdMEk@wdx?Y56r@xVBANh4PA3r#1Y$nlfTkhjx5-^DS8s1Omd|dt%jfg!HCCXY
zsE&m}hm<nTMt9I);p50aLj3gyi(cDnExw8Tq55DjG&0>eqa>UD^*YwSn#i=FYAFP=
zGXCoeP#Caq4T7Oy!|?-S$BuD0UG%*m`W7NP=-);;dGh4kd2?5<_{3~WD=sYzhjA&T
zF(F+b;X+z%Fd2Q}nP=a4<<-p_w$zOtlb-Iv5Te5fS&tMTg93&zquA``fj(bHM@MF6
zIwni24KbLpGR2GCW{yN-fBWOFMva+}p5_UI3m*1pF_Xh-e(~9VzxnE`Yd%{uqGnWP
zW*X>}6|-8&A2~po36m2H#$q-*vFvb|cW&SI!8@-zozD0E`|5>rriDT#+*gnO`HvsI
z_x|?HJ4TNk?{GRGDFtaEZ?U3`c1B5_#H?<%*<g^g8otn+NI2Tk+?<)2L4F~1(1`aQ
zO1fhn$(eMzj(}R0r*Vy>2$cbql)5U~K|v0LTy=DBC>T0*;_%q9W9j%&y_v|z&%D(u
zmzb@N;?jz6Sm&4hnG5E{>vgYQwQ}W(WmBeH!2S#X@?%R&<CA~?>$DlONq^gHkVm1Z
zsSy{^L4I=GL`RO5*kO*b^1>Czb)rLp8aAb;dslt7{9jK!vG|jZa&q&^Dk`v?utAFm
zn4wOGy#?XeY!0SnrNfb}<5-oI$)F%~8#T-pdSt``P((8P<l_&Xd*-QSOPA#4=9ZUN
zfCzCc03l$r*@=wDwQ1A3hada}nIvMN1N--{UbTGMjH%%e37dt)jK`rN=#o;#+2{@$
zVtZUp>&L4O@7&vl-XMQ}l)mf21{MJ+Kvp|HXbJjFkf_|C0>rXZ6airjsWhiK&Ea)f
z>|TePUMdA3gbNc428RwCe)G*YAKbC}=%K?-m-HSvKn;@<bB&g{T&CYYaNqvDyRQ4n
zmuz<X{Xe-q5by^B<WKxWA`!nYfE?G;-P_XC;&PdhhJwLxUr*bzCGS7>$nOHdZf}~U
zt+lPYtK01+f4!)Gz~9z-8aG2vPgf)oMN)za=38_l2KthZ-<>>VMqzQuBM<-5;WRZj
zH~V}(WT^iBezXMwDBzCj>+9?8?1JT{hQ=-wyjW58!zPwCEzOO{`H=1H>Dshm%~x)?
zvHrx-e?9rPf*ezKcXw-RyW4{sK8Ug2(9no8ayKZwy?v+Z8=NlE<Zw9B*VnaS-KszQ
z?*6V$TwuMv)`h`E(buQhm$Q@?+Sp^9V=R*b$bgj%2(DvhBm|Gg>`99_Toz9n`WypD
zJRr=+&o^%V=7BvMjvn6cbh!y#G9p2Y56R`-ciwpJ*(W<YI;=K3mRcAB?d|O?EzP*7
zk!ZBO{v<qw!l4I$bKj2bTX2bSjjR?^0Q(mVvM~A4Y^bDpJ*Qim1A%}YYr<G8EzR@(
zyKn#VAAg-Q@6wAeS%`I+$7Sp3?rdm0<#M|bK`0pR?&|9A??Z%*4fV*o2nO~*Y-?+E
zyWL2CU0t20PdB?<ZY(3B(MWR>`AaewlYYM+(<JiUz(61R%H^_swqj{!R`x{~&wJ!g
zzw78|N7${cEq0q722Y+mhL9|l=*x@#eZkb3^X4zWJki$P+IqU#>oo@h{)UEnC!Jkr
zfBY{1%l|v$>Wixnvjr<7YYA3}(MT{5#0qhGakjX}q5&p~5<KEbUj$V2A73Bnfrv;&
zz-l)8LcWcs_8e?Ivisz&Xoju6r}bES!|{$r97oztbqw?rr|03SY~HldKi~_Kk5;Uo
ze*8{h$?&Y)ocK~mzHE5Gs_o$ZqaVKe#uLx{yQHjS?wo0#e7w|bcD(cEf2Pj3XxH{F
z@4fwMb#3im|M;6vmwf1Qr+0R={rv9lb$52}*tU7w=5>|BhBq~xUi92k;Et%S`QY8R
zp7_gyZnrZW3U{=(ZCJPZ@=K>Z^2j4tJXY5Yi-b%oKK<l|o4#9AQo3R7DmZ`bKhG{(
z{Ql74Bc6Qh4>M+8ynpZR58i!k>!$V3J^gq|N%6|%E8ckJ`48WFBPXxao1S^((Ej0-
z)hCW0oip#^V9+!$FtC2@s>{A`^~n<_ii%6H+W5y~kE~j`BsZ^M+m=mF{Pp)cw{7^~
z-8bjWpTBY4#y>vz^L1-JJ8|szs4?Sza>vcvw`|_Kd&ibd>(bKF&zn4%{GEkVfd125
zEDeD}>Sd;cL#xfJd=L;ZVMHiZgd#!WDuMd;#Cpd+;NQJ5aN<Ds!R<x1X!vxKui?1A
z@dOTE{n1c&rz5WjYQp%jFJ1h8VNqFjc5Y0$x#n;>ocs6h#dVo@-V`LY>C-2?{PN3B
z{{1gow`_=nBUfI1-P8YkeA&{EckkYYthDI)e<A%LTkYJjb^g5Rzx&;9i;7C#fA7sV
zURwki<jUorE`IObH)hPd$eWgqr1{YAe|g`}emiT{wDO9o@*%|^y#L{&e|c!l=PT<^
zo|rmq#t-lK*5=LY-+Skc!-w|2{njgo4;>ggZsI*Zxoy|ZZLhz!C_N+7>rMOHBftN2
z=|>rvS*K2&eCT&S+p>AX+BKh*l~+9buP3g)=CU_ldmWKnFm)RGZ}n#@Cr_Sw$^3;M
zeeh0kN%_z2{b76iX^$uEPY?ZS)5bNMHm)lx8~*IS{*DBS$?oKd<LMb$eSN({hgALf
zj}NX}xB7H*)5J-WFx^W10-*oZS6$~arG_(BObNQyMIu=tu0FDJe;4`PFC27%Bk?%U
zSfZq2XljI@Bytc7;7LLTkXdOC%d6Yp`QnQ=f9Jh>|8V^6`TzdG!e@WD@ZWdNdGgjd
z|Ge$8=YBNn$y+y{+KYAK`4>#>?CLsx{1~R?k##kDwr?Q%G)}S?mM;^|SZ!etW4Jh-
z<efO|c8ZEik@b4IyOCHik9TymWoKv1nYVxp-2cAX)zOZ^FMs}%E3UeJ{=%yleBp{e
zKKSdBl5#9HUS71Qv!ngOix=GV?VB(yPnt3v!*t(~)?-Hwj+-zED^6@yu-Ew2&wupC
z-`#)1P2a4psh%_M5=`vJj~*^8F5SL$^TrLUYwE@}o;rEs&9_wyt^9n|r~iEJxx4QB
z-K#IXfE5H>kXFcWIGk;#TkihR?R$3b_|9!#f9SWrNl(wfefz>QPq(+7E-kBg{@H&N
zmzKZr>T7Sl_Trs)Kk&?pFCYnSTK_pR=}&+0`|sUx&y3k~Z@KNefdH07^g1L3>oN(7
z3#OxQMrsq@5>zS3Dj>>q>6N_5MVY06AS*y!RYhfSySo;@)bx`D-4A`U{GG=S-1dbX
zH_zSm?MwIEe%0O|T)XcFU)+7mg1)`m>=-{&r*{tcj-SA?&N`~DcJHpubnT<C&nsT9
z{nKTiU{6|BR<UBmlIE7458i+K&wqRBjvxJ$ZdXj_O~QDbfh<!|F?8027vFi;&#-I8
z2(ensJw4r6EH*baUUc#NyYBhLrj2VK`^P`CbMlaVJRUp7Fw`rC4D0H`rp4dh*7Ki5
z&)$3gZ=QN)(Y7rcckkNK)6;YJy$>J}!@@tG`41-4hEpeD`6u`M;ujA*^y<scdp+KH
zmoCiC$wkh^(lR$M|C#5WJ>AlT=J*DDd-fdPx@F_U^Ue<jBWNEMn8<gx-SYLTuDL!V
zGZRhw_3wW5=Ie_P+oDDP#=7;$kwaHr{iR!O{Q)-b*!yE$?D2S>d+y)u9c`7B)h|5v
z&#tZ>X-m#~OTW)j2QzdAii3d8=+y;oKx`whqe6lG93o&4noNf6RLzS>q0N-v(%XiT
z+wQt*^o6slCb2ttZq3w7YNy&QcB~)U`@29HJ$lS#mtQge(uEgZG-vAcnV?`1#2heB
zyc`OdDyym*Pt_kj*j$`z>hCulJ#?U^Zgg)Cw!qjRhcK(Z`_|hlmn}}u%t8*r`lWj0
zXn6Gv4B&>vngI)klCp{`uDb5)H-8QCRn;{CKg<S)4zC(9qVDm({&Do!iA5#pkuX_d
z*zArkUVqc0|9ocRr1P<$LoUYH!j@^?f-66I|E-p$#+kD(#BONlu&Va9j?B!g9G9uM
zq?D%S5X)LTdHMamilM`wdGWQhw6sq?T5We&OUsAMyzs*B|M>g3dCDt>K?WAE`@{Ma
z5oSA0>6w|mz1>)5W@foDw_~Y-ZM$smtibwHYl)>aEuFrxnGiBxshdno4aHmwQ{na&
zGx@%OC2j2a1@pgH^o1L8XUw;H(r^_mE_cK?5bEiK<mkHE%O;MRKYu<SKiFgP^vqsa
zV3?(P`}`Z$uj%aU*s*=n@nc7}ZQY7>Sy@?bMn)#~&R9IY@ch%JSSTwq8(9qpR+O+1
zrf)TpQG}U3J)@+w-0pDH)QobwEm_&w*ri4zrh<ZehuyK}^Un$ko#~mbP%s2VNakeO
z($dp$1&fM`b8_;sva+kI>#*mAN9>F9^9w;vPtVNA$a?dQ|9t-0a%_ajQ$%J<ZQW>>
z-He3maJpv9y69g|J(ix4F?Rg;Kp===fblSA?xhd^`O)jXbaih}Pi0lL!-_ki9~l`_
zaejV5UvD4#>wp-L$c7k-(O9gvw+FLtZC%~{zkCSUQ1hWPhunRGgLdqkd!!nf#fnM8
zVnsG2+g0*Tq83uTgoXdYZij-mCMB2BB&;VZ(+~~@bg#evYZESAdD~OD-mIGZAxm%l
z`_v(020~avS?yLkk%Qw%j6LD1{9sOPJRFLZRpfv9#+&cH<695@?%}KF&&kTpx%8rm
z*|~Z5{OFFCp8F>*e0O(mFc825Oa1^`G=?(9a`})Ut5+^vyK>cnE3VqMdHsQXyR9}a
z3<l_*PeYCig~GEgy5!Tv@6Wz?0a7G@F^Az&Qd*Xt?&<66!#WPb&gUEO`}`M7sX2c1
zAa0D}0!P5_>+9{FJY_7x{{D~dec-+y%$a)$R)0vcScc$MA+{)>i}1ew&F{Uk=-C;w
z=I-9P^}xQp(TE+n`@e6#bl=Z^vt`rTFMZ|u^QKJw=}&I`!H<9D^`xCQc^YzkD2V&2
z1S`|$pLxaU((7;|B$O4ItjrUiYFu+k{qYW}#2|uPMj;FiVRB0hsw&YTf|N|uv3{{w
zq5=P~JAPgF@C!q4|HY`kyfWsAw;ef!F{C`q521j6>1)CDi%tJ|DE87rrk=Kd=0hj3
z?sB<4`)oPV%2Urg_2}RJblK(CY}>l2qGH&0Z@Klczdh_5=*Jw{(caqI+ZPB0kP6e%
zGXD67U)R))+O%oiPw)Tr?%g|Jf&7iga4-^$Vyt4;#L$5Y3|<U?JMO#}d)uGh`-=yD
z_Os*1k7BWQ_m98(gFEiRJUVXtdA+^8bfkr_d_w{aM?y}A3yZ{`|Mb55fBJ(<F1^g>
z_XUC&x>#wFKN3mA$RZ##Fwj5ul7*{QE}Jl6G8R3oO$Y)@$h^F4EDMnAh;Y<&#g*4S
z_Sc7gdfzXPA3M6>vUymOVi0m*>b>F%SDnDvJ-DyGuh-*sgUEX396@tI|IZ;^ZoFU^
z*=*Kf-@MZti=xk~J<baX$$N-ogfStC1R*QLRB8f1Chk~CBCta&o1HfE$|IXLHtcX%
z?Hf++zUBO@vOO7Bjh>B5ebcMIa?(%PE*mwYB{Fcb=XAd*w5jJ<%wl%*22Y%79#%b?
zT9d5`Kn9yIY4n(JQ?bPxJ8r_^LkBW*ioW=juUW0mx%01>GIiz!(`P$e?r{?)UpQw0
zX3MIYkycw;L1AHa%^0^gYvC1_o6L61x>X}aS5?;z88X~%cUISoEw3nSZEeTsyz%Cn
z0)B)>Fmm*SqN37h)arD(CZ9hu9FBhBsxQ}$9G#QnUb^_xE5G>F+=Akv!$x9N=yH2z
z%$^?(MW)WUaPIthHk-S4<e0MZp>?Cix?JR=ZFm_yW`f6?SyBp>>gluQ<mMGPUEWFO
zkKeR@<Itg1=bb<C+ArUdm!E@16%>?#`?Z^H#hL|oV_JGvdb)SaxXCV;r>MBZa8geK
z(v|GONrOfYyuX>4P(?95Q&9_2mAs8en3O~*!ddYNvL2L7!I0VR=-<2|v}ZlmN~K@E
zwSWK44OdO-+qZSdx9<*|Zs^*y%ItLIO_>#2{2yyUnXSLe+<4T~)7p_=S>MnyysDO(
zQv->{W^+uNKHF~hcK3y<s%kOeT{8bNOjIDwowsmARZVrxNOb$P*L^K7zX023htoM>
z;^YYvr+CxSzk0(r3yVrBN7R&-RAi)Qj2cZYF7^k*hE>|E_FynHWXO=2v*%)MIAmC5
z-N?~Xr_IdD%E2Z3+6~{t;<UDI3^oD9#iiA?SRuMcjvfc%v7?9QFSugzlxcG=o<DNb
zSf|5r-sGt>XJ0%7Lw7`t#p<dWQ8#qhaEsZzZtd!uZobuGv7;3jX~Qc=3>!YeYIPtp
zV#|zM!s<w?sTo;aJIZ2peC@_>!B=Vd(6aI&2mq!k%3-DoyRq_$%4j4ydh7&jR*-l}
zf2%K&@}i^!`NI9b4HksUVf}br{m#RE=8IO52eW(ndKTto+%a}|e;C6xegh~%W>n=K
zj0rO_!cZ_3&@rV%hSTz^#eaW%!}D3L^v?e7+h$z%k86G!jD#+F^0xISc4fFc!EpF*
z*WA4=(2`+sjw!GDq;v1W!f`WubC#~#eDP)1!zNM^F+@FyQK8^;nr#lU3hwPS`T7Ua
zGdwOA=1fy0O19M=uPGWfVe-TJ%wjPG1H_KkYYs<HHhDe7&cFbYl$lP{(abE%&h5K?
z^Yi;}|ItrpT{yk3Pf9s1mj(G3qX&UFoEC=zW#Z+xzx*lYo(CR$u)i;cNZ^rtLT$5n
z+{B~LAH_o5X2Yh2EO7#U@&F^257>L5%*`TT#O83B{`lKRkp8~^y&F$=nL<JGG>_Xu
zJ|goEkc$JS?0rM*&d_q-fZpSf2_Re=^r%WzU~)i;yl9<>>P(SV$wiXh|3jS=SVe?D
zNh&}<9eKT{|M|;-SN|HbSjWHcDf)fi&%cv*(Zb3fKXmZ7cQn2IoZ0QIz5g%HwePzw
zyvo_I&os~r#Uo?puR7H?_o9U;69^4qp0U-%t_6Ex(CJ69)=)U)^|(Xf2*k0UaJxO|
zVX~eI1du45F6Ti1fYa%;Sgp9qp<vKvvti*6VVLs!eNLwfI{~cYaN*$3?y$R@cH|lC
zC6Kv19%9XhF%gYI((m^>9M~0^gTX+0hWE(fBai>>505<hG)6*SFE$Vsx5pI;$FKv3
zyv2-h62M&8)YSB=pWlrv`Sowy+|xt0?eLCC8XFMmmprTk`2A#e1-jj4_WQvJBW$cm
z;SQM>24NrjCAZsUvzz>Wsta4ZgW}L3rGPWj`kx>(&2h&gpD+68l*Mi~+08Kr{b&Wi
ziH$YGV3oI*IDiNY)zm{cA;|LLbRT)UFcb+l^|aZn<asWVBqC9JdylQF*Xj$~x`S4K
zm=LLs3Y>@nbde+adt<#l<XhVwuO}3a_4UR4{umMp2Fm~~BM)M11wo-p7-Ya8UHbL+
z;~>xO2ZK>$L)b(H^m+^Kf8Y;OXT-B1;3vbFRG}UUMf>}rpacTpE3W#|kM4fJ??WKi
zst_3nU<^YSBOmf82eB)nXVxCLW7!a3W(Nj{d{<}ey06?kZ~hfc?XfU@!W<3o4Ui^a
zT}iZPHU}MA<f(PzE20DCMIx6$povVus=|TV00kqW66d0#&{HW2AYw{U0u==bmQrLZ
zk^a7napzBdWBt(Ee%|=jv#m?twt6!pUNjQ!?Fv>;3Di!F&irC5x7bXdL*zj+z#wTp
zMjX;WFhHJ}LK!<`jFKoWL_fBZ?BOk+Zva5%Lg!=g)!#?P3U<dJB8_5y6AT5zWRk?i
zC678IXF-e&Tb!^Z?(4%IcL3QC6lnGL53o^0vM?D)Bm&6y_4#sh^MCl``-x270HT8!
z3P`d@yRgZ`5R1iP`_`>@TzCBqy}drz0f=7=M9Hri2^#5}#ejyuGG$>q6#$Fw(}Or;
z4GSWg*4OI?iK;StXNhxW=$t?rHS9wbhsETym|Q3eAKM{V!vRX5XbdFzU?L2ImMX}S
zs6Kq*Kv72ilVAMlE8CVF?`-<}HTPgn#%RO!z*HFM=nM4*e5bp5cOD&RY&Thj4`=mk
z;;Qp!@yr%8%Nkse1ur%>9vY~ELA!(86s(LpsIa(j)R>VxXDJXjL6$?9Y|ooK(dooi
zg*+(BjX;JzV{4JzlUtBhWng|LpL$UWX$5U5=I`7*@>V-mMJ#e5Mja&PrUGsO1zr|=
zj07iBcmZH#UX=^P2BV7<21b#x8v{tBCQu9@TO+V~)4R5OzWK}3wp>5$@E`8RMvweq
zNdmLkW)CcVt@oA3dSCo=xcQVRr-*C~h<$RvH9I7K<U31NEDY)J!=~IJdf|v)Qy3u?
zWwf+C4lLc{VmctJQ=t_w!_0CDh7Q(`B_(C73LeG=kIn6Jg9|UnXX)wb6DLjv*NxSk
z%MC8dE^IMqV34=j&=e;M%+#Qv&`Z=PJq%X<+ymi@2O`4Rj3uEBOKx+F9%P-!q<Oq4
z1`aVCOj$CahXgDMk_oaJdg{8L<$JS!`0k&7`N>lYYNvf?>NS0V0g}cdF>`Oo>WfC(
z`yvM$BdtCB!ystm`m!?zMii#ma41ZF_R;L~K~oV3lrhen<eLSW2BVu~Sq!NY$4;;h
z;Aj<ziLCw@R}Hf0Bz=pF#w<XR?2)Y&%;XraR0w`8?X7KC4`3e#F+_-_V;X074bJ`j
z{mo6y5O6pwn6bg4=`@Dz7xpg!5{wkG*d#^s1`D|dU}SK1s3KS41s0%el|W#TL!O$*
z3s|fs(HP<+1zA(2U^LwD>6tLscW8Iubd%NPF|#jJQWklW0v+e;v!rL)$4xT@$Qp`A
z#lTJ5Y}U56*2acYPNc$E?8xDR7@W8W5&=>jt>T-44hfP6>A^^G3jq0Ek;SrZ?J6wn
zkeC$80-()%0DwC-R6s$QZnwz;(pb0=3SzU{v2<)WRgZl-B)4tdxct*42M+ARUKl}w
zb?n%Yl`EEQ+PD@~EMxcV*~tP&4sCC1J#yqAT1V=Jpwc+eR|O=BE-x_#D}OG5PGg4@
zI6o*ehA9)bqQ_$LT1{!z81~MRGzG+XSr3vK4kpj2tlvdw2ox$RNk9Yz={W~ZAHU({
zU$*yme|l)+&p&z6YPPuS&Vhh`NI}VyKlt76zj4>MuKenMAAR{-U-;^P{9RNSV}}T<
z&D`43^2rBpdpzdmrpD!qKk#@g-Zb*%JaC;ZGs-CJ+p{0@D5F3UgBFL&MGg#Rw}%{S
zRxR)E>$N+~9<Rkg-XO9dPm#oD!z@h`UyQ8jVBhJsxLuZGM~^l)H@Q91FO@;e=j;FX
zzaDFEZ-oquY}>MN*^>9)ef#B;Cr-eW+im&q{Wm{f^{LBE(jHXaee0D~D;B@=*2~9X
z>+r#+|Na+pH(D$R^6l3btzG>o!lSn1t>%~D3?W}~7?JIeSK2rNnXiS~Etf=c&}hYN
zl9HsV8a1eC2r7!QN-A{zF*{uiFaM+E{g><++2nm(ZWwz~EVrF*IJT4wci-|Wb74g+
zNM;~NFd<%Gz=gn6wruG~7K`=ZfqlDnZO_b1M*_m~3M`!2m)=%=_9-STyUm6Ln%#z1
zJ2ah67cQ37DiMzzJ&au{@|u+_&zxW(b3qpZD8m=ZOc(N4*&RBxfBUvg<SQ$5b$Rmm
z(M2yjy>9JlhtmZ`EccokPrdxozgMnU;`X>YJK8sIT8||nPsMh-W9^#HIy>8&ni^Lu
zU((&(_1rW6XliO;-z@z2<9AmsUxF~0upZ=YU>8r-FK2>tVB*YxNtYcw1Ue#lT|RIX
zY*y>6@80Q%MNE-knaedQKRXhYhpBu{1)@C8#DbvAivmrCKyuMfnKv9?+ZPQl*|&Pv
zi9Io^EfDgr-n(kk$=&2_o>1VXDOV29E5q!E)Bs>;c679#Y-kxSe9A1k##SjeFKg%a
zZ60s-?j2idMve^x2G*=v=kcUv=cMo6xo7A09sBq0MjFb<$So-=+_`<%?j5@e3QPQc
z-@*O+8ylK(^9r_Z+;rmj$?mR>x{+ggd;8X|`aBp6VH`I%HWn6Tw=}n55s{OVh1}WE
z-m!kon!etFtn94+zWM6$qlZe%E7H7P?8%%?q|{ZX>W@#Dcz#Pub5D1FQE}0<8B?PX
z>)}KD$4{(1eDKto)t{D>mRF6a42MnOaCHCPonN`}=7Pe~P3za><ri+-yuP@!e8|xJ
zQ}wMYKmE93NagSm!$Tpd3)#2@bUHb8Kv|>D#zRuGTtJj$Wj%F?KwjvFFSITZSz9zJ
zMkI-9cG&wiuMBNkX0_Y;x2^5kxd}r&8t}`9FX|g8{_<@Z3%_bT?;_X28?9x-k%v0k
z+fSZq99}h2=)yQK#`5wCni}g*pKdvM;^@qo7wy`)WA*1Nkp7BGN<Lq`a`Wc(`}XbL
zxqVAG5-BMwU$t`C<}K?pGBdH7Te{@Kwzku0>FFPR`0k-Y`+9qNCQO`s<jA3AOFwQs
z-E6hl_wU<XU0c0x&mQEd($WeH<|Bs>e7fx8Q}ri`i%XX;TfBSM_Wb;Ug2EzfM*xpE
z&F>o+J8tyaHLH8Nd-4nN+@7?)zTVNJ$2K-KHa9oUzHn|?SvmGGh@58dy%)~8Wc-9l
z>({S_L5#X+G%{+`sQUW)9ox1Pmy}jlkL3Fm4U~PI+Ql%&poGs2*ye+rRL;o+sE)_w
zuzs?oc}IQFI`h^$&5`K9K(NT^8eNbbrn|sI;m3!KB&8CT_`>L70*P!=KqJeRnPyF&
zkXKh}&HdV}tLN8Fn>*tCc_U}dtDQcla?&;9=UrMe)ox+mGbbPkvAwOnp(Xy<4THS<
zz}aRqXQXF;@XqVGdHF+zRjydNq_{Y5=eBL(NObM$72_w4!&<qsqiy`eu}2OaJ9hXW
zCiX)I_SzlxB_F>xangicJ9eBt-JFr0fx$X)^0dZNC(Wklj%}MUMeo_QZQO)$t5&YW
zoL^d20*CeWCrz=)t{q#`(sKHGyPYoAi0T@f-Q{#z_U%20&3krEZeejrPghqY8XGpO
z6r*v&x;2#}YBDo&HmqMaqPh;_zOrf<eX7?4J9Y<x*^`r(k97e;f@1Bcy7g<;y4;?O
zjI5!<h9Y$`pt0;Y2T)qk+SK(T5_uT~dZ`j=kijWkPYEE%3K~VtP^KV6O#5MPjz2vo
zR5h`!U`Xv3Z_J%GH|zY1vM!i|BXjbF`SY&Ho-xmynQO_;Cm-jB!*u+#*Vi`=udHK+
zw7_61EGmBQoi}P~M`H1YHQKmw<8jr}GqN^rSc@DqX6%I1EzNW0F4(YcbysI+QE}<k
zEgLd2vyhLj_`)^IKV4i=F?8gpvHSMy8a-xwI2_8$%iq3jb8cSViQ`9y4X@s?eoa|f
z1^Mn^EQ)-G2^je`JtH$GCpRrEee&d~5%O_%Br`Jy;|E!<whlwx3|4-AVJsRuapKs>
zkz*o}D3UK0iAc3oRW*nitH|BEcVN)sJYqyO<dF@LD>2#c-nAnuI~xrfQC(}05QR=g
zQK!pwuR;P0R{jjZW>#r22=Ibbiq}<e*{z>!Z`n~Fu(b7<Pj#3Mx5hg9rQglg*H8{w
z8Ir6%Q$}JgM<5a#SyuC_g+IRc!aJ_anS9@zoA18p#(U;`ogMehz4?37uS<7$kTN6%
zT_~H3VlZGDT3Mc!o>4n;?1^KCd%8M%db%+#GcvM~9~&B)a4st!Qd2h!OU3^Fe&0Y}
zBog%d{G-N97&&@GOLN1emtB3~+-ZeHWf+mz0`>Ox^!N9rr)TEm=I`El0BcE%QS!7+
z6dh;*mwZbk5-O`0I-+J|UVavK-%U*|%ND<vm7Uq#)Nt~|u?dq#*Nqy{)9wG{!w<_V
zD#lG1_2%oZM<V1W02&+X`}%!Yyh95??%B0HBO`OhtQo$6{?f7`-n6uJpKrmiuC5ss
zWDf`Ffxd@%wn$(>mqp&#mx^&fQobNsrU1qyXDL1M0~EO+!yqTdLZOVRQKjE|DEH={
zw@zMA@~yinZu()xH-5y9A>aB*>Gii*-DwcRK|Y+~knP2zU><2H91dsa<W&qEHoUUB
zxw#3O+JOOIP2DK0<riLl^`?#MjvOYB+-GHFA-9^zZ@EXujG2H$Goq>{EiG+epdT4?
z=&<sf+&rJpcl_9qQ>RX%3F+w>SQTzuw+6ekp~I`-1u9rSo;Yz7u2Dwvg^bthqyyfJ
z;eiA3;8b2Qw6L%k!yrWG!%#Sqo16R9uYKvJZ+z$Y@uS!sBMcUPW>)qE(`HVcHZw?m
zQNl4|MD3@`KJoebt7}FEaAW)*LGIsk4%sjnA#77j3o=mRM^ePdrx7-*<w$4j@agEm
z6VbNz82xRngis7j9e_`qE5%X?2Y^^O77bcVA!~FX7VPsOt&nFPL_|`4$XIYnK59W)
zp}+Fx#cFHH)R}WHy&^ZiVEU|C9c`VfS1v;)>go(+W@eX^RZN>T`=Ys*kT;K_n3*wj
z&4&-|JASOS^>kBTZ||y=ONUogAsb?J*3^ypY{e&qMI~uz<U^T&Kd^l1hvh?tWo6|c
zR1Cqk)|LSI8fh#VF%7S(ZfR*e-O|+4-PPF8(bdtt;?pHLIeB9zOziCN6%`jdoz~;W
z54X3S4*1B2Cz$hXHv8pQU3cNdv)HFGFgbeMgb&|)y<+Hahr>aiv7oJ^-7R!E84^PC
z2M=m1frX^TmDiuZK!uPc;kblUVlUwG_r>DS&587yxgr5~G;9y~LcKj0KjBbFJjj*M
zh1`{J#p0oLy0;=v3zA1-ppT`T)8Q;AD6Xg&hT+lI+mn@*ee~#IWW8NGx0hE8!F4Gv
zDlIJ~Uw$9(4cHwf2rOCr!RM<!Z)m8;kT`H)Z*g%6R;B^Jf8?k!n>MXOcC*{;@PiAy
zckiyEq7p3bFn&C4&*4M+8yj0tr4eDqB}+V~)4YA_=0k_}I~;cMDO@n%u-mY5T(M&9
zisehPvvbnYGT0MX7$G$^BP%N_X|j#<_4SM%GZu<@d4(>Q8?!qztAX6Nc-8CX!QdR2
zNCN)mAgd^jK?2vnVzKrV|Db7ixOaP?y3l?3v>ZQq|3L{px_LnW+|nT{opq5UG$k9O
z8sp~V(LIwVorkR`hE4)NzQ3>c=<)jD)nk~t${LFbHrra;Fhvim8rFEKVaL|3prmJH
zEc@gmjH>CgX1BMso<7}n!Sw0atsL09*Xzv$7c+BNMOkKM;rg|ob+&h4vaKCCCg2}9
ze(abxEgg%>ilJp2)~vZ;#zh|TL$)!y-RkrCPo6mLa5~E?h7}i=ZQZ;+H@6U`yxz1?
zqibqvtB~a;OgtY0ePF=f+tc0B)BumZ0pHw9F030l!kbo*Ur>ZCGkdbSqrI)Tq|9t4
zKX%{K(~BFUy1FtHjE)&MaiG5+O(-rci$tWWBD6b6e-9p{3#DRW>q4Fq#aLM<uW3O=
zxSXtrL;7SUZi1#NsVsnupJ4Fh@%@t~O+t@J1H}N4@9*n7dhEpT5u?bWn%ILQ*r0ik
zIsw4KY>L!YQd)*t>d29U=^5Cu792i&&|)@Y*PM}=+0oH9<^1WGGEbeV&&$uph8J^i
zT3TjV`OwzWEf~qQb)&Fpz+~Cn+%RH94U#7It^4-wx?t)o#EHS?bT}|UHa9g68&-+y
zjuj|2BFL2(w`^C0bzf#iW_C_?M@NUl;mph=pQK|InUkA~>~`$vA;dOg<{TttCJ&kH
zoLsAo<W1b^kj%@=D=w)RGGrLqj!iV(r%U5UhR~%bN`0b&4oMFwiVY6ZFp$@SGEg}y
zcP_hS@s73~4MDSM?qQQTZ0ha(+848)xU;IOSJ^?VCeYwk=q0_anTC`kQl&hm)<7V*
z_?_pn(vVo(nhT}?gxlL&T^S`8Ew~1AIN2)3A0bnK{j@58NjnrI-{Ypz<Y5;w_{ldw
zu|OsdtA!~S)<6%3$+uIOByJz<v}|?|aeI&tJ@)R}g;99rHP@17xoI;T4hy)L(P52z
zR7@-=mb6&wk)1X9by#AbPUP_hqB$U9ZOE!NyM=zife5e<A~DeEBRFJxDoO&p(U4Bk
z;RYaXXe^>B26@>;!0gBCDhSOH#pJTCo`#6dp@uXTNR1J3CLjbZLO{k(Fu3^rmom~_
zE^+*DTTGLhAWuHEx4F~uF1qAuEFPIK<tPBU)9DI_LlLY%v68o0!y)p}vfE95BGB*m
zBcmbXAS*eXE{vie`7s6Z^Q&0CA@#UiE_R`@OLf>CP=}AczP@EkKEz}>=i*EKe(CXP
zY?JNsLo-;@c|0Dn)sP?df<a_>e<0v=I+5eRf^j54_{A$)i^#D}iAKp+O%S!iftbTs
zS3;Mhf2%D(bwLCLiU^N*RYPvQ&`~ntr4%qIVPn7yxhyi|u}J4gxp>ydblZNkXwM64
zd(GyBhmj3p-F-J)mHqgSD!clq4>1BjS!EH@C?tl0uMtiHr988Kx~ZZ51OlVEioQEV
z1{AkO>!{#lv)amsRpsOrP*GxxFu5cJtE$z>D@jb0L%;+GQGQmDI3YTcyae*iCo`6B
ztClaFdC?_#`MKeckeKKWi<y+l#vlzNUJPWUa0dZVgBcyX4c;G8hsZ@vP6oL-(B&#Z
zS=Wq`NNe;m#u+RU`5qu36x1ZsaXQe_+)#h=7<fd6EiS1hGeS(0;X`Q16BR=+e)1)j
zfVh0BpeE%TmFki*8^nS&@{D~?cNaDaW5=DxmWQ0HEu1?fwZ{XLUX?)%Dx5(H8v|y<
z7-$(MigV<Gf+WP3_P($l3GuSSrdTM}(|5y_G$E>1h=7tHM<HEcwY0u)LTDU<LY@Pp
z9MJ_C#G*x7CdmzJL-{5I*Z^c;78p_~6Udf0o!va7Kq=C2H=CVyGuD5|hKi^dWFuz|
ztxaRls91qVdRE{~7C>yKYL{LP9+e7gdeLz8WC@M@=dGezlB6O+i6*ni^P_an%jL<7
zG_^7bDM<3hBi3)Yh?2YtR9d7{lN7SNR!I$|WjKymEmrJ+0`v=iTE8NNIn(;kY9&Nc
zSwR3r9qXxkOI<P{RAy*MIs@|@z)TY2fA+qxp%)u5$psxSl*@oJJCtAq@hm|j4690l
z9t<QfK*=~EgN2;gL58pZQbQ_KW<!8X$}&OhJQfe*Xz3DAl6hQ46y}m}8VE)s;X(d%
zLh9hLrT`{L8!{NR{}E*WMsYB@hO6mEK>|gg7MG0EK_iF6qT`1Q4tiz-f*zUz5g>X*
zkt#C_k{v)U;gubv3{9Nr^ds|)0b!*O(LxsX`+RKZYE6g~u}u9E@Iq?PdQd?S(3eeW
zfg^Rvgpg-00I%dY$Jr33_(AKmNZy&Ez~m{FB>&P$3&g46C<)vNH>nQ;2Lxoq>VP_z
z4xC6Z?1d@;C?v4T1JgoMB%Lk^F+ZfBwn^AYns%<BbetH2kxc^DI&Kg>0a{A-i6D-|
z-DAX6(uo~vN+2`yjA{^%Buz$!5~LaIRZ(E#u*Uq6vV4{fMFbRDN&;v_Stb?ZH)xAQ
z=N4E2M50g2iD6{c5GqfDLyAG^K~$B?Y!J~VFcPhw8z@b&8qO9oPl&`b85}rEbzT3;
z9;WgtTB^|1N@k7msR&D51PGglsu#1uq^zz0wAjJQ0Fz;tgtJ6wjl{uuTD8GqFc!G1
z7+az^W$4IITihVcK13>cII?15N#lf~OV=UNnA!DF#!pE2&yGPrE1gQ$oejiJP<hvN
z&55ZujAdS_VhC9Pulj9H#bGKkdVn7H%gO@&2bVzh!CvJWEznQdXkC~c<F6_pHf4AQ
z!5XLw&{#?ZT!};)Plg22Z6Slz<e8s96;kpD&k`g=S{QsY)nLs|!44cUDXnZ$ZQdbV
zQtZ8?>RKdKp#nzNK|?3faUwI$>KM2zt$-MJ3IaQX(iz|k)dmOs@E8d#5_xA7PrO&o
z6ldf%b*KUqs<a62=Oh4TM>eHvlJH~k6{4#5Wq`~M85)8JT}N>kD-tANv1qydgzqIV
zGpa1fkw8%b4U+g$ih@jtQZ1RCgl!o#k~kw!Ib>CKPC;9Os&!l)1)g_Ogzy$j0vO3C
z>8OzdA?V1{kO+^J*&#tvr2Kd#33S`2OB@uq1&yh*w{3)^?Ue<%pjupAH$aMFdQkaQ
zSUL-{alnXRM_Cg=$Y!!-mVX^kTon+Ys-$QLDi}DDkw7<@Wez4q&xQ)dO+Hglb2#xZ
z&$0bfVAx!Jun2M1hH7L<L078rn$}uE3{qSHBVCEEY6Yq+Co<@?5lnUnC0*z;45d>B
zx1cc<C#b?cJEuvtH3I5hOVR%z!-Tj>1AdjRu^>sf=1Cn&BZ*DY8JDgQNr-&<Wzoq2
z@|sN01u-BMmEc+l)Dv3P1@%Qwf^JeXqJUu;6~o35Fi!HTm5e`V4ALOlA+}2dEa|co
z9;k#gA}AOE=fMPG6oQBZ_View#mA}wG&aT~Y*h8#6AP@s1d|>_l%4@jIk%9^o;%Yi
zTar9eD3nsPkg_8Vc44?*v7F$loe6~41Q#kWcO(joZi|WiS|3IRC3CR2n5+S~hJhmr
z#xt^$%!LY&HS)z-Dtls;>oQ@^Qj}RmRAZpZqNGGhfMonZfO!?qDS-QjhDymOG*OI{
zb$ls48%+k5agqWuMq<Y5ES)L&h)q5uwm?xrRAgn9t9X^OIf<232LmriQ2R{;weH}d
z3dRVsjG<ss3k)fW36MQYP*o)i-mC)5C^a%TOJq3FFPL#P{jsA1rXjmEK+4t<gB#HG
z#Wwn!6_-)cxe*i?QM4wOb-~|GfTS$UP5z&NdrKOtMns5N2Vygr7^83%R0WDCo(#-H
ze0ZH1600k?DpABLW=$5lx&e&I&#EdvGjIVNaGpZKP+T8_6h9NlF3!l+U@pHgG_Hk9
zbFO;;_6$tIo#2-Y6pO`dp^rNbA`D~u0=TQhNX;pvQnbgxgptM6?~5v-!!(d*k%Gw%
ziqxV%w=f7#1tukgswk_#o5rDP7^|LPYmL0>03M8-7_(rXWITy0dgEnUU>3-M{~}9N
zksukP;AN)Gz{(;;4MRo>NMu(h+Bh*~r-?im@|c&DedxhJ88<2A7`h$|QnjG!NfHBq
zEi>{VNr|c1F_eON@kjuXtC2KP<z1x}0G(t#C4&j`J4Nns0wOOJ6_AKrP6Z=+0_eIq
zduSS)7)%!7>$ZSfQgNlv*#r#ItqjSIu5(=^kkn&w8oSu+dJ9m+Oj|+Zs3wu7WgRFK
z^+hNoOHxgcR51nxIM>(JH77SG70AsU{IwJuFn1|<Oe{q&2EZ=b;3LvPaAxdUcB=-`
zAhMzOp$a8yz$~*v4Q4y_ra+QeG0@^JwC<R=mdNO&pfpHoGEclsKvNlE0FfI|TB49i
zTvta%1zk7i1Y)eoAVvWtcJQ)MjAr5ad>I<T;E;NEB#;CvsU3`DLm81ldw>y`Szgw`
zAR4bWpl>iCM3toKsoSTLtR?zNshdgxFh;vrDr;>E6e=}{KGp*@$82hSQSfjyAPVfw
zL;CAi1d^m^3S}M3%&M_%HB@58irg0pS}8^pKoTH}kRO!HUZkodgtL;)z{`YBZw{7K
zMHx^eBT71jh9E-rc<v#`lN695O_O6`O8lJI2ItD{5Vcc-tQmKfs&-;IZcY!9qeN+u
zbqKS<W29go84-@W?82dvF@PjX!3z>Z-k>0AF(Zs37E%F~XG(?|h78tSG7QBS;*zYC
z$fJst#BxH&x^QZ21{^)6L^GRXR`Osr#sIzgM4GmNsYz0xsE*XZ<@I#A7k+Svf+Afk
zbHs(^H$yoE1(n&juo5HyDynrM-dW575tgg}9|w<6)h^Z$4xNSw-N@RjvXBzAIy#<=
zkkn@iL9vU+ub-yXIKX2Ckp&18$%^dG_>*f9k}N$-P*es3?wWy@2V*da>|jhKM7*;H
zXYy<Ukah8j!{DkIT(7uaL~f<uWv15}yJu!gbqp3M>x%pY8b)R)UAg{aOFTkXEc93z
z6_WXBk%5spBt?4GfxLwjEr?|uBw?Q&5RGB11V+w5haS#cz{m_A+00c!Z>b@EucVHo
zDyi8d2~9qf5ZlGeD2Q@`3?b`S(FGI2nHQwe|0P(frOFwAwOuxl#1Ih{I*W*lRk17s
zG(B?a(1c_VBglzGQL)j-ZqQ@&y+i{;sUn4zsbXRpsdtA;o|)oRkp-SYOsF!Ts!~q^
zc~C)~9b!ZDk&@8=3aWOom>E<-p^8H#PoP7J<4jw226{<VSPN3NOh-JCXJ;9rJ}Zk9
z4VV=o!uu&vhw1zIp8-zDK?6*99c58{KviHHiZQ7Dpw9F;GzMgqB$iV`LL1Bxi%5o`
zK=XsuY_^-omYK5XJBord(~Tc=g`_+PO*mBC_`$46FH%Vc3o2n-bf7S*f^r!sffEHC
zRuqLnVO4HFE*>ut85{z^04WKb9a6K;+n7L{%fum*I7^f{la@h8$4x4LS}K|;ipgN{
zu*@dCT|@{dhzBDAtjxg5^h}hwq$r~U;zuf;L#Umq!cF8c5idzwbfL0mWL|9=^)vC7
zIDQe3(>M?av}iS(9M~#Dmh79!r_D?PXGxUTCGZl<fl|c~a<JSCI~3r&RKQoUI4h0I
zpfyfX@Z<_f-4x7%SQRG(fNin40EdR~|0+_5Cb39T16<&28_s%MT34L`$R(1BiIAEY
zlj2PxRgxLC^C?8w!O9Fwm7S>y&8bwE%K)mfRHcrn>{)>umn_i;;uR86a&RMJs0>Q|
z<kr*@2{d$A$?cyp;yoV++zB4p3ejY8S<L?rdH?T<=u`(l00000NkvXXu0mjf|7H2t

literal 0
HcmV?d00001

diff --git a/windows/configuration/images/use-json-customize-start-menu-windows/start-menu-layout.png b/windows/configuration/images/use-json-customize-start-menu-windows/start-menu-layout.png
deleted file mode 100644
index c80391141f96753682d311d0c70e7f0abd9ae1b2..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 63981
zcmXt81yEc~v&A8}yF+ki(ctdx1h>VV1PugO+}&AR6P%zSxVyVcaCh=H`Tke6x3=!o
zNKg0ap3^-yLQO>$4Vf4j3JMBMUQS8_3JN9)@=zkdKw8W-8yq2j(C!+t5>Vg9Nsk~e
za5mz~;!sevaVRfl@R0X+E^_+rP*C`^e;?>9ynb9LsK>AJQsP>ljZbnA14$c~K(d(`
zYaJbS&u6P7eWuaMd?kw>HRa$WHEaWHqz>8;;wyUE5KM!>cr|Q0BrpO;dTdZSek3Pv
ze@EJ})yV9hSK8C{^+yM#%eB+o+!@>VG1gu(G)Hr#j3dz%8$>YHAs60+gA7<)cu);B
zr;-R#w4)_c_;n-V;kdP-@mm<<fzEK-+&e(d;J9qCV+d~)-oV}C(7QQ948vRngjL2<
zlDNK6JuK&{Pb9~yU3{<;9!C2utIF`PI8SUe2ShGG&LQL&UpX%HF$s5H)E<!PIgl=I
ziA>;8;TXuNkvH<CTyb%Wi{*L)BHJ&dDh9hO5o)Q94mYK&mx=dEt2{n0lCa>3XuzmX
zy3ld+$C6dTi4Pn8IG0aqS}83Ucl{bpw&>8eY}!Yh7Pg8i;785@%6TWTPxIx_!k3?|
zcXz@1PQp*T-z-iW>H}L^Bvhy2Y1N{%n^LkQU1)5pW4Rt0RY<*vw|U0JktXeyY8CUm
zgW;@vdb@*yp%@z`QC&oakehmcnzy?K13j5GojUE5D7PPZ!G%9uH`H8@Wp<B1#9rU)
z>FM2)-y-^J!F#W6?#$_<R1eyWn?y$Ti<WbDn!uili*l|_+)4cl+b>eD;#it$DXfV{
zl8+fe=3g!t{g#y#@D37F!MrYh1pzXJI@C+up9g;=$jwThxD19vOUh_1U3NwK1`PTK
zH#dM-BREp_hj1}8KzXiCTwAm_pmU#cjvL_y<gF+=tbE5V*%izI%*eoHqGbvunq{1$
zna9FqN*Jy5U5hM!yI}CHlAloy7Ro09(>5b?LK|HvL&@(`d&=lNv5if{5gze!@U{ys
zr1&U8KPdM=jP!DX7iexy=_ODG)|)#NW7;R#43syb;TmS|DE1Q3G{IA)sIa@EXDx%-
z?=;0iU0Jx45UDg~vC4sltsf~h24&S85KAdKsJ9#P7PBKXFvla4?--d*Ng~puclJhO
zT|QvDF~_W3?V0_Obru`TS>|`d<cViWIze3S498C>giYS^^m~a4)RUHxPXEfqB7v&|
zu1XtX6wy*}3gohcy>elcmfBUIX1PWZz1E&iqk1tr2m)eIYg@)MTf?5>tdwq=z%i8j
zYvm#-(29~^_PzI_%Yr^l8sRN3a4Scmp&y5NY(RetDTHF;bE77K$-R<9F7sjMnj|VJ
zf&Pj1+lWD&K@We>$gsgkjlp;xx|RoS4hG<_#d^aYKx@9FK6A@DD?Gfg6~#R%VwD{|
ztSTtRU*WxUKDv)>Ijj4ASg1g1S$qXkI-Dy%_no$%w&d7vgD9f+(oF~ahc=Ylf$mPy
zlal$1eh;ak<1o{)!UQB?%jzwbo!WjGPfpTp-*xQO)rv=Md&7{1e<+MibFPC75{JYJ
z(WM7+)LhjYF%#yb1*>M?NR|h<jw@I#MQpW~ksM{6lq8M>pqcE|B?O3o6oXTxqmn9#
z5!N_xEm2z$=gG$h`}QbNw|)ECdT-5&SkSi-fk;VdL+k{@+RKl-jnxuVME(1W3`|u0
zV&+t0eHf?{D8h*$UEyJd=K!~r97Mtd+&E&^^5kEILt2}y@!Sld$u<=^S`)>*g&9%n
zDa#^)hHlh>-!TQsGZf*m1f*M$M^MAf&w=n)<%r<+!x{gL*u{WNa9AyM*}9CC)lyA@
zwzL(<s8^XJYE&z+n5w^gQjr8~|Ddw@q4WHQ@$#h+UlA;gHvYJ71q)eu-HH7nNodj@
zEwc1k$D(IrRLDm*p=8QL;i<tI8&_k20>3cffmF2c`367<(ZFVj03Mx&3|F5JqHwgC
zPtd71sc#CMFnY-K7U{x$dsh#%jioMSROn5*Mhg3GMz?u0xB4=7MgfeQWQJ76x7hHC
zw&}r-#kBNqL8~Qha)pADEj6TJY`jQi8w552Qen0vEOs?|RSk7^lNZw>b2?SM(YRn=
zWFi*Cg;J5INP}6b%emcN4x_VN7HvW6t=(o#tSEmP6F+A!dMiOzjR>YpSEe|*Qd7f#
z1ZoX;&1LvOs*-rdWZE9{AmkCF0vL6(hYUAO^$bm|b0zaO_QVLS0nB1r*UfI{w9*~k
zJ-$fyOte9~y^_t5nD~-mAuUG+;Wn%mT@Pdi^(Lh9-V381mqB`Z7z7yd@l1m>CTKyN
zT6%$4rj*}}LqmVOGOPTwNcfZd$_Sol-7@wTIg!I_z4h=3YoQ#6ZEYQl6Oc3jg2_v8
z5A(5u{zGiojoG{mWK@|hh6UkFZq2fLDM^V-iU6`YCp9+)F;M_)r`r}+vZ|1soAr-a
z!YK25W$+{&@@Nl1IzAaAZ<r$`Nh2H<zKECPQ(Zf-dD%;qzjo#Z{K8w7yin|45bmiY
zA(S;6K;%zECgg`#yv!&nUGT9?XINi%wtRH?n3^d%P-La9Ot}KiPmaFZ!_G}JFtXwt
zJFh!!MQzB=n>Qm{Ldq%|{~%=LDjX0Q856E%XnmWZFK#_j#AM<hiBao*90+i$8>=i+
zz&Q;^PR(c{idZqL=vQSSYn&OZZlbX4N9&0MG{LP#zMq*)?{cNI1MG?0gS|AObY59t
zW?PGUQmr<!A}ZLvPWQ!9h6Dt^G~rU#X*f-3BFTOjAf<O)YOihS1eZ5ewF3t?e*;HN
zv54vUMQlG(V+k_$xPRWPf%@?70};(409O!g4~5FNra`_`K3ASrkio-RRvM)kJt~$1
z2meFi6OFoEh1}jETq|izzEY+{+Y*C9z<H4*GeRG6qRetQZ>hI?Bu{boJgs7J`ngz%
zgd#)3kq?5GQY1iT1(0|F!yjj<ZIH<TaC^|0Do$KQem|aapj5yB$RIi5`YFhOjIw}_
zSB+RoPoGc`B3MYBc|0=LhgE4!Jq&FkTN*YE?2sE}DG$FR!=wOk8R#5cmQB!rZQGy~
z1&ygQN-o2+4#kGJJu-LomB3R35w8RNDeRrvTDTR48G#>D>n-f=XAN*Mu@b(GCo7Gz
zIT8#?eelG#1eb-61R|MJXlb#jsViV1QY*5z<t0mWmZ>9IrfPsrIER(Xdq<hLsuU>e
zc~TfYwv{oF66sXRiE6HBtJLB@3ba*liKSy<QY)*31KzpMzw^y(V$=;Ad7mU<B>IG3
zhWX~^<BWx+;-dkUFOt+aR#E{6-Jod=@W((+?R!W3Vn#J~Bz!gXj`X`C6g-g}S1E@&
zEnDOjkq%IIhfk)?7SnRYQhSu9&C;i)MNq*N!mH6ZlpaA_h?BKt8&d9R#Wb<xVgR6{
zv69djFaQo%XoiTw#s=Ae_dFTtix@<s?`_KS{e_aEV-yd$aquarRipW(PYIev7}Seb
z@2ExsNqK3oSLW@T0}PL>t|O8tM|7lnL0W(v+9jZ`tg({<U4>s`2`vexWv5CAqk<Xo
zAZ`3os{tjBTVZ!;jX^~>lRjNVxC?F<VhU_uyk^O#eJR(*%DhSQDA_0$ntlD(F~?8j
zSVtCsLbFV@LqKy(N@bR2H|TB%B;#1%hL0?*i?1eLOr)Hm&CAUHJA_*>=DbMi_m?sb
zDY2)JMVM2B$0E`U&oVnO+lN>SgX}Cb>5XZ#9z=AakGPE3$YT-<*P2I^8AvmhMQ$5b
z(5U{4leQBC$Yk*nNe|+=b1zMq+v8q(T=8q_PZ~_5A>~!TG%4nyR~!)y%kn9%5r8>X
zLkC@tlgMQ$y%s8?om?0i;{vBSt8JmcSf-|o{jl77&Ol7w28zYb5we9qp${DSMz)d`
zqVh%l;oNxPE?Qz5PSW~TH+uZEkxJ(GZZLLXR$@8tYX2m&eKLMZRw+fKR~kgfnQ|aM
zvP{-Vn^M|H$x`-g0@)JuDKIHKqn+@%NL5wkO%y`Mb+rT~e3dAj&XrAq1GBSO*ZnwJ
z36--k@~SV8*vyv-rKHc7UJ}C155`6bp~t>t=MJaE8dn~Lvs8mWtWOGjNER3}`?B0E
zu!2=vrP)RcD-fZdri{zh27fDkT0b;X`r;6fLOmWp&(?+?njld*BvoE+UjD>Zs}@?z
zFhf0Pg$A?*^vEZqS_9;N9KypbvR|rpp6JZNAY1taq*RC?At%0LBs*$|w=s~k#u}*P
zwbOv#!wSYDX~)17G_DOD+J25Gwj(o8gsVw>A>QjnELO18=vQ}p#!VnmDVd>;<cO8{
znrHxBEh&l650fP6P&*kbHMLe$xOzQJGvHvTMWhO5zQtJ$*|U&l1q7rj6gXy)3KQ)d
z)|bVDkGA2cq-VbfN?~;gY|S#+ZiIN*+(mX0i7S-m>f+{w%bSqXsJusmvfMJ$3`~sz
z$x?=P!tRl&AvgLZ1Wym)1XBriG|Wm6gc)H8cT5xjr~;i>P|XK7y~%qdYzDnx5n`g7
zTft;}{u@ABtD)rcsb$__)Ezd(@hr0ti4-lBw#cZN2F*o63I6p!YuXx%<k*fbkph-M
z0@sSNg49X28H4bhkAoh|-hw{*z&g^J5(7GP1<Rt30Mdd!w|5DTMVQNIkBf|SGT`pg
z4D8>vyNyOHO)%MjY>BU(vi@1=D)<{g%U`#5N)+<H;~46gEptEcD{9r@ZfbR#GcK_&
z3i&+F{~$s`MWKta8b|^k^V_3+=;$%FXkP#JW9glKNbwBI(NYYnOu<xRH8lng^2Yeo
zZDgVp=hPeGXio_^`T@H__dzBb$uoVoY<SXaTZ!^#`k~bOeEZFAqRt3ab-9L(!CeEu
zZNwP$8GpH+cSAAHR{hPOS@3gQcn|(9tll@7OcK_2mBmYPtsGLyJ!UGVpWkU^Q@Y@Y
zBjXJQosxFf^b>qwZHPPcA)Qcpt}$m_tjl%wffk^E&hv{F7jlc&P&tAg*wkZShVg)3
zzh})G$3&)zlyp{pPiz<|tK}@}t?`EyG333>*Lqr2KxqsJzyAFeJ$5ce{d&((m%uN5
zG#K{ilHhGAQ$TS$NT+a)6Pr!d+j{vxrHd@@*TtwHyCs7@yN8+o$W>8h0+ETDkw^L9
z5vKZ7Uk70s9)mVUhiqm=glaXO=T|$>(G)cc*j;Qcv?6Rz-5;}bytlN>v4Fhs)+gEU
zn|PLZsilFJ`X&N6i|cbpicanD@N{I5*H1U5bV4K6UQ@=S;_P@fZbF$zL;k`W)@%U=
zRbub_#}Qt6SajHfV03XmJ^??B@iZ;sC%dV%EhJQe6a!LhZJ9mI*HU7(D>X(co2<B7
z+pI-rK{PufH@$>xhIh5_xa|IU4+_6|fQXyD&6Ra{8xkVQq*k4Z0a(Z>c0VpM1lb*z
zfRY{pa4SW}<qi6mG24}x;(9VbQLFfVb7~B-#s`G0s1BS?=bhEZ+0;XPC~pnvf@N(c
z(h)S+Z1a;Qhn$L-lD?b|(^T*#2O75F^16ce*6xF(TDYKWbFcZDL@npCw|H}8g2BKt
zKv~IypaaEPBI_=G#3H+QrrJq}b5eCV={;3DKlRifuzE3Ctbv94*3@rnLhyCW8`+XW
z5?yXLF1G?=ns(eb(oQmql%IGTL8~F@8417gRrN8WLNC*?;>?cW=Dx;yC}DTtleI-R
z1tXKEB*hX;22FF0WNQ`H<U!vKtY75xqfzj+_i;}f!#sV|!i`x(@akyfkt?0ztP8h#
zp9DTvlSLv+N<%&RO~T7g%sD46NPp$9O}oQful{vhWV*~eoF)}TiY|f8OMzBH#Wg)y
zg+~TXItQ^q-PO|E$Uv+*!OuXpN<lgfUG^hF-&5*f+;yO4k6&ObCa<G_+2TdDLgrdm
zwCk?D123_m5x~kRe=2HO;xw}}qlwzS7|7{SV<*~2u6~^6OW#S}xoDM)c$!~zXTC9~
zkrBhoa#zV(%&NVgLV;WCjBOKxZcsEdwuM6zhuT0wWq?lhJ;conXjf=OOxH_?*n$LC
zp;;)DctTyX#jy-RmD}L@*xG5ovbvQUG>qX1+*B`Z|MJ+ha_gS){+dr<cGQl<kQGIF
zb=(Ob`Xri2LWx@4V+Mv#D=gS?SZF#e{|}FmAX~_X+uBA4J%kzyBo5I~XVrQSA#w@;
zgR!L~$XjR_CmZB)q?78BkBi@l+m<Y`CSOow8!+UlE|1hQsG{yD#u{AlSVm(>YKlaO
zy+=fw*V&Sj_b!5?8pDKFnd+lQFrh-_MBp|Vox`y!1zW=YyJ$SWR^nW_=W50{U%F4q
zSwv-Xgh;>g2PUC;-y3<B9DRBqTsE~YxR+d^S2PeeVY-9afqxnlKfz-XO(79OR?sUM
znFdjKGG^AH!eQbOy~|L}#gg|5cGP41eC1%BKvFA|jf3(&+J%rcF73WPN<lp;(HhCb
zvgo&hGGPp%r0rnfqR4MNzsHWUAvw6iMl9(r9APL9^(?nLSx~Waf*q6FwOkz|8Gbc8
z8Kv}DL?p`m*w3>_Y}Z)a7H_xar6U<Z2h1t-wkcbF5;2^!c!m{+FsWoqUM3V1OR)4b
z;_+F9eXEcQW|OpYQWgas)T1jxEsu96W+?kmt~lk-Z?H?FB8Bs7jLPzSDGH4xuTLc*
z3S7||+`q5vCaQ>A_nah~7kS1CPjQJ^5smmPDald7P(A2RJ0HJ&h$C&3o?GM$W{8t1
zJX%^5S3qXV<h(5x&(0=hA6D0vi4rgAfoUo4E;Rdj@}-yly+8n$F>$dv9W5bm%|unW
zqck<(r-~}U<SLRdIB--XnwqgIpf?uk=8_N)MMgPP$}VogkWYJS_9LO;VHSv-osk#7
z`#cir+<AZ0cJ9~u*^@?Qiz<#d;qA3~(X|)<1HAP{{Qads6_N&U&W%>v|AkdX?`Qkr
zro6Aiw?qK3vIx|a7S+4!A*(^heJP#fm4u=9B16GwDj2zN+3rd5D_EfD3(8-BC3yuE
zV)kTR$3VZ|dcag1d_sBQYFcn(p8?VcXJD^Zy(h7<^HyKlM*HP_*w2r)JTeGqD_$le
zY|W=v@hOBdoMSw-!yA;EP5NCv>j5O!dH1>MI{2FM#4&UxgH4uH0h6+Y%J?hwxx46t
zW0O2Ib%9jn9y}UM%>Ef%U;CQsY`fF)poXhachQlRALl?o_{Z;f1~boPmDQrJx^a9N
zANWX8sN#rRM6QKmn=I-cI)Q9;;Cy&T-r48dy|9?&I)kdRDd5$+abfQ;tP|rcV4a{Z
z3Zp<P0t=auEk2vgkzi~SWdn|x#Oh$YGOcVKb3r%$IGh`osZr)ri8Ht+a`?3Q*^UM8
z`jS}rynw+Nknb}nTYs!sTMc8pU0=}UKBKaHYm|g{8bzuBe%202x?edNr8rZ;ijhfj
zjyFi0%l7n8wEwW+bfha_5UQmq6MBbSZdD@Aj*9(B3>mKkm70akghuSEqIwncOnro-
zx*JoLhr&Ehrtv_ycwZj7ov{u@$;^~a^OE~&!|_9B81KwH-FB_ZG`V3#xJ=;?U+;|E
z4U1fVM3{PK(+;%oJUzKa5Ic+<ZATcBd!mh7iL|;kLUdB$fEq*GXI|+CH$0yU>62(b
z+E6W%(_G}qPw!-PI%H-Pm%LX3bkufAU!*EHkBVj{feYYgwtC#Y?y173%6|(L<y1z`
zc&RKlwR{`%I32aBkFXzi^Q`r^EmZ{e8}f$^CnqI_@>26MgUe8@u9}L0fR047U~2Jr
z1-eX0Q6zuWQO2q3LF9%!Jz7G6_V1DQfXo*wVWt*W74WtrAE@!?tKw*25{~7rK)sI4
z{)+fj-Usg7p(=cPKu6jXtVK|sLW2ZYlA*!xQm4)KeFM(SERHg<a%X`9@JJ4Yo2@cj
zKP{pE_CrffQ(2;oh7~r@HLO{oz^`RD8pEx5vgz0DNubP(eS{26ZI@?t;ChSvy}|Tx
zb2541FCZY(uQYhGu_Y#PS0yKTj?@YdMp;7niX}&4|0ufYJy(NB>C}z2Iru;iEU#)2
zFVxJ~AX7NyfO;%~F_%%-q<OXq41<RtI%*_1UGY4uB<&7)z|(yS2-qMai8rktCmsV`
zq?_zc_25Y4!UhL8z#i%pPT|6FxbQU|<8sR8&~#C+ze`rZ*&}Pp`0Gz}_JTbT6rMQ9
zV}i~~ka^GJxt3VZDuD}Q9(sJofXsE2wV$j3X|c=+_zU2^m<*T<#lk6Ir*KPRRW(%1
zer5i`#z-mcp={_;X=tA(5Ip*EwYdDRI7FD%M*!k6-D$cBs@Erxj(F9g@;>4i$Yy}8
zusmt3RW@~{^}GO_%<51BNE;yY40@S`uJtITb@!(7H_zXmN6=j=_)T2UQAA%1!2fGO
zvK>d}5qfg0JaHs_3PAsFzIU#3`h)cig^g&{keP^;?`dLeiYK~fkpFwd5M$te=h+`m
z7djs&ZV!M=J+l_i#Z2FjY41G`=^s<Fl7IkMnj%6Z$vnfuajqvA{x>kD<d{mEj>=j9
zxjIF^kP)-@;X|By7<lSNBUvh{DIYgeBlP><^<ql02GhrfBTB0qg#Mcz2XnrjBR{C=
z|D|pqn!K`MNRfa5Q6g|p;5P>#(>RhVUp_ac$z*&IO|p;?E_rf~^>6#Sd=?sOHWo+y
z%YvMZMA1O(-FmuL?cfhv`O=x(gU8PA+y9h!Bg8VorOZtnQ}Ix;8#qIe-V6-ab>O6D
z#TB&FS#l<tUAE+?9EkC16$2X@8oG}5_4PG5R?_~{mk;^3V~KiG)&3pVl!hVx&1l4Z
zR?_W0<sMgHtKqoYh^;fS!;?Op-bDOCWF#`{#6MeXiB(YQWxI!IxzA9ap`*Cv{6Mev
zXkk7hz83o4(4Zy#SFMFdm&wV=V(nU%I1+bUW6lRm9`hg&mhxLk@4f#FKwIjcp~>T{
z^o?A1aD^@LCXH4lN;9Y&A&{6w&4^INn)|CxnZiIBrVn08FxpO{Q)8hVN$liahmjFZ
z|AYsSVfF-4qPpQ`vWaphxw|1O{LjjKVo8gWz>P3o?%RIsI`9yulP$@A$Z`^A05|{{
z8ZwVT5=nC0BfLrs4V__saSX_G3XCA>g<${?O=^H!;2qJ?H2EDR|1%<4{Lu*!$Q~{i
zt2^<IpWCtjG%!n~9wz1AKw{+u31l=gFT%&&K@doeWE35(u1H(tKM{@Ok+?G)4l%Ek
ztRV|$?lnnTgR*Um+2#xN+q_PLF+@JUJs#w__7h!T$wV5I{KIVSw6$cE{#n-n_!kUq
z;w?*V`|qXp`*mNwH4jZItGyImWAFR5Pd&1PjB>gH|CBT&yZrN82$2W|stP*+&L@wg
zjo_f_msw5K9M5_EBzo0v6%`W5ejy28Z(^E@oI4+_7dOb%Mmj(6_VN0%T<?!bmj4aw
z5NC!inw*ALS|3s7ZOC3byZrv*ciBfkubc_+I8?)%2*fS2D3APtNAS@F`ouZ#!Ya)u
z73~1)yyJe|<j<2X-aqM~Dc9)`98<4Q^KcDbep|}P-_Q^Xr`>OS`BIwWrIBz)Nv5b>
zM4+atn<huA^$!N{V*P>RhYileRs++DzXWzOZqKv$PoGyRtFk~If<_t|1=J=<0~B9g
zo;Ut<MmCiG_(7<MA^PHix51z5y`Ld`zgq9S(W#im*72|%1<}lg9PQVeM*9WhfX6)?
zdKJIhIbECaYyrqa;@pmv;lDv4?9=d(K<DJNdE;%6CeH8asFX%FmW7=??MOeK;;4Dm
z4dseOuf}x6u{nig;M1DdiX%k+KhZ?o3W|z|8068tS<anA?_ui+P58{ZLsYIU#rGFX
zzW9%2@;o3rxJR)ziM>6awVgwLGQ$<xl^`?{5R7^YJS!{fmp{)N=k3?ytA&R*hIIp>
zy}y6|etUhUxeO&R?uz}pfd^z<uBN;1UtW)Meb2-*b}l}xy2=)f=6q-dgP}>J%$>w-
zA#n|Qa(Nlz9@>^OE`N6ZR981j=5h_`-RT{=Wv<fUWO6@UMw9!K5m(fAMvcjx=gXT!
zfhEIY2|2f~Cq&bxn%8~o(~P_lXx;&-icp4c+BRO%t)C#;36dI|lf)4AShg*t@;}J=
z1iFg2736YW7h({G!?SyuR%EAwe|{VgeZyLg!>bjf74VgsDOLS>(T&3XWAiK8ZUW^5
z=Kv|}kSu5@iGJke!$}Qn!Na%DLIDd#pUSI<T%_dEi27s6qLOd@Q9|yj>c=Iv#SzKi
zOsbUgNzsLG)H0}FH{R}=k+NO7-__;gvwhUl(h9*E;#v53z3M&z4hQo5bt?x_jyy9y
z_seN)d_kFX9b`1ERB}|U>mCeIt^e?~OX9j2gxGmK{(%ei{kr}44oku;GSL7b7;SBB
z%<4FiC#0=EZ}&fC$vknRbwj`jn5K(`$!)@jq%KgiC`y?C+so}fxnGo~qv@P(J9=bH
zS!DR8h`XoGB!e@IEsvK*^f?~W1=3N1Cm0QybkxDCr;zRFr0G7@B3a15(J~;mQ1ilY
zzOCPPhAC4q;Xr#CJE2ut*pH+^0QNVgEfK=_ER{~cQp|I6uXd?+d*Jf|(thSm6?ziG
zJnm;Xf2$0Y6BkUac;GY7a%>8^=!y-w)HO27>7b~ttJ6Rb^J)@EkQ2J-g1w@12~747
zWF^?6=3z;*<a%89Jujad=ijNH5Rr`hINR)OLbNEBtMUs{?F5yFL%}SWeaX+6o)1%w
zi=nad-}u@SCXA*@5@D__-9%cmmp~)?%@=rF@;CBY@4Q26eQ}uXnY5HdG}aJ;Wpw~j
zelaK<NK`1^l(aVfyag}t9)-fJsH-Rm;gAmj29_JkYnMLHuMUFzN-eM@6YVTBdECfF
z+?SV~Huu5IM3W(ibk*}%U2wW6Zj0$cEiC$VQlW71E1uueOlcqh$;qBfWjqc*=@&#g
zX<BiTrSJ#9aILhOG89Vu)!Jh$M}`fY?SwM_(Y{oHNRCtD6-#d9es}s=xtLIXuMH&D
zL7YfWQ}a4&;{`#691`!S=?i|o=Kz$d=Doc=pC34#-Y%Hr@i~*jTwsBGs8HX1`CVRG
z#KS)3G~9}H(lDd47(Ti&Jxx8fgzlh39w^Nf_)>2@mPjy|@UR(-(G40OhnB0UbaSpB
zUOQ^8`q)wji9~d6c_RL~epm7dwKRlLlo*}x_RuZ*e^KhEsI)H$_HUk(=Xq~<Ji`c{
zykYQ|$lZYC=-!}<E*+7hq9mu5J$yp%3#_-)d3XGByBZcNt*?g=<3&w%L4vC9b_D(K
zN)_c+5}k548`Wz`mecZs{kO$Ah!g)gD$VPU)cxq%x7y-P<z}Z3iW!3SSEj`tgo==U
zQ)Fv_vp|u8I3)~=w3ziso#`)_mgWnySDNA(=U=Xl^<%t?NE(8xV!0?FsRu7hSj|!u
z?ec$G#{Vooac$>Ef9f02r3w;{tWDrZ$)C6}uRWFd7H~a8QP!RXDk-6RgqrA2VxC~K
zoq>w@%4Ouem!d!PWh<0m^UEG>{ok_$Icu&`H!UTle6Ymqd+_&%s}ZYj_O0UFxWtKL
zRO8+6xQV|VTtdK6h_Xx6elx8IiNK@7|3(6gK*vq3PTkiURKhNJ5(xrpq%zL9ngTwQ
z9CmG8J|a8O-1zLq?Po7Ff7byR1@1KY7*B^uAm;iI@oj9&FOFZaow?HJc3gfwU_X8O
z_JB~o`gdzn9_&UOBOS*9rTzk+LJwrnMl7P&p_m+je#i^KthRr90Feoue4?LkI#uz-
zz(m}$B#O99S^rkaWP`Wne)UUn^LW%3!cg||pv?ZS-HB>IrG#RFgWo8~NfFof-$KAv
zd~mPFV@9-Xh^b`MO3OP<rB9l5|MmYyZ%-FSyZCXHOa?jwk|jcXtt2auv{@i?5B;cw
zlO~>f{l7WfkR%T+2@Wm1=nVY{2vPylz28-xd_sAZXYT#~9knqf13TX2y^7MjR4rFZ
zcFF``s_E|Nv&iGg?Cbu1ng8!IGdnx`o)^&7jKqp>GGNwm@G)zBx7WP(>FLR8Bz5oY
z>_5STG3D^!P>_wZw2BgWiHiE;ZP=tTO-D&zNjvfkKZdObEY|V8d1mX?*p^pUJ32bf
zQU7JenYl_r<m_y0XDiL$Bb^nzR{qSgAAIvzBjomHoGzLSGE2`6gC^l?kHY;&z=)OE
zaPFR`+Szq|jT3$eCy3p<B^i-P<asZwR{kSDF(ovBkuk!9488~|2T<o&FNxAuO4OSu
z(f>$4!r{8(wC!bh%ELhkmflTO%77n6DqwH=A6J}d47YVCIU~S%x2j6-Pd_9SM+AM|
zoz?np=#=GFw9^h9Nv7$;PG{0rxv<V2*zg7&;6JOkLQ_G)+{}9*R~eCqz^MR7;Y`pu
z@sr@+gbN5*gJo=Z!le-Mm_Zl?PF&7h?2-M?M6HD7qZ*}sEX{sLrCS0)X~<?W{|IB@
zk(*pz{e(~y5}!A4N>$B=#YHdQ@qcT<yK*;6rBD67b5!ATLj-}pcq;r|CDVzLRv5$|
zWfGcNze=sY)~$Tb`VSp4Gkb7XyiROIdgE?M);6K~ivJS}x&si6n;C#-AlLADAYBip
zJhl6O$x0<w{i>y8lF&>FkaL6e|A873=5ZuYIg%YPiCjU(;Re>R`)~8X(L(N=9m;}Z
zpZ8doP^Na8?EKw-w{WepCZiLVND%h`jccVs|ME=D!xNt_eU$wLIC0mmk9FWZXQLzi
z|G0Q7NnKV75i4D*ndAl&{v=7ufMbr|^<!QH@Sf5U==kBc+azR*>;2ylv+GTRYQSh|
zXSnulX@(I^|9Qn3<#l`tYWSzLLEL{r0oEcuV?!=s*I4LI_oJnb5B`@wkr(wT38H~z
z2$7Yql=cDO_y5Zn#UQM`Xo%C;GfPiw-K#Kj<MSISvM0_HI%5PIVvJ0^*-d@9kxZIr
zUmLl{)K_@>;CxzB<9Sej>7>p7)(ias!`i6Nz-`fPus8|hD0z?RApj8>t<X1uEk6py
z`+G2Z=A*R4M`!d+n{!;vNemMR4}*+7LOAr|*s469JpF%&-$NY}AuC_6Zu4?hPyX}e
z8@S#So9<28iHj78O3S+M{~^*t0MO&uE$>~T@1&rP^1n6=Olz4d)PyF~9`n(!Xw^Lb
z%Ui<2MnjUWP;;!UZ}S+9fHyzXS)GMG@rJg(dwmI%N(+XN3J#OXv<v?YSJDMf?e;(j
zpHH>Qpwl{SD~)Q~?!ah!sedGgk;pyL0B}E}gyI83&!`Un8imAq$2UTX8XB6JjjhSi
z@I4+Tp;tpw6N0$f-$>B;q4fvz`aw;lHCsHg<4iHopS>AkF<g$CT&f8?JUn>D38;b4
zLW}4vIc<%%ZrjwAO|1T{8F*U;kFqZ_e}RpRot|D?T+F2L1CkKpc9V)I+Z#srBnb5^
z@czXyE=%l=LxFvRF!D$pvKaWNyB^xn`lc&|qtG`>;^$>Q$%OEIcI3Y(85md*Y6h)@
z(BlT;aJQ0-Dy>G2oKY3^KSqTRw=M{8<jZ)29R2&-QS7N(%0Vy2|3$!kdkJR-st?Q9
z<8->87r+D2MAz}ACyTXw>z{WD<3u8RnZLJVn`Maqb;6u02v5j!8)j^QR!;kM*i6ql
z&g#nEtZ^t&SWsY2|7%XyB<8Tec4qUualtr@)Gb`^+g~5;E0Rw#?JARt+Xaz0m3{xN
zo6rr?rwZfE(#UnUX@T8Bz9>1nx^jD1(m#YGE|@`4Y^`!75SgLf_eZga(4-)Y^bo>Q
z@q;dR1`dpyJC91T;=g)SrHuV){`tz9wKzFRi37n0ok<{A$h<e)CfB=!UJ>$@5xEZ}
zd%Q<Z*r(fR`V~2g%NK>4kA_wog8El+SKZeU^tlW(?%v1M&9Q>N%i7LbD{E^nAw*ic
z9K>lqUnL%lAbc|^DH(>|_j@FjRg!v_NZ@<RKJmli1D@{3AgROq7{2u%2f4n~*CFq4
zY6=zuAqLw;Qx$!^fv|k{hpn)Y${>>=leeoh*PVXxSyh2OT*eH!pqMBIY_r&jTw#(3
zHxTKOoK!$GRD8JfAZ0zP{uR$UG?&lK;om_Wl0`>mz+l%NOE3{Ay!-|R#{8Z3+mLDi
z3{Pmu8HA77iK9dIx=$5GN?qES#%5HZfo2gWeAh)?<@Ps2Y4y3adsswjqPwOcTM2U$
zz3jzNyA*vrQXP!e{(or^F@=B!y%9K5W+E>aJxrd#`4}%ZGpYov1^|b}nyNBU2#r=#
zqb<mT<GLK<+gP=$td9Q-!Q4j(qlvd9<WBqO_D;ie#ndyyk>=<<wQ_TW>o^MoH|{cn
zQYc7o982i!VW&)$$y2z?TnBuIO2{FGU>e&KCg;o=?<J7@{5QpHO;Lhi%Lg4o+JveO
zMEsw`{tS<dnE0OZG@8CPG&E$pj|+s6c`ZV!0cDA(J16xM{rH%H(>5^{gu{#cFl{Gw
zBX=v#aU$+NU+<oGDE=Vzw0`;X#uZmWb7P<6@!^vkuSXEm&8HDa=73HCD_Q=8y*Osk
zA3fA@SM?oIz{q@o0U?HXg_!P-W^mZfe!Ydd6@I;$`HQ&~=bx{2BW#-GBx54aC&Ax?
z)jbZuVV!^8o|!y%(uIBR&I9h-44qowciyFFg-;$U9H!)9`4JaQDly;as;R3(7rrFO
zl6#-E9GI$#J{=Y=82hqL)2rqR+0V0tBp{iXgh7gG-XXJt(nRZi*JCz${$4$4VUQ}+
z6h${B8!PKrN5b7!7)2`c+aCLupd%KXTJcA`3sHzlS(_GNylbdWPLfnb^v9K*Xgj2G
zgFesL^qMyPGN)qZ`kbJ1_<g^h#93%JUXrq>%<$8Oe{(jW==CVKnVw`zf}V~}$-m7D
zZ9|Ci+b@iOd}<IU#NtURf=7^wi|*w(p|H=5Sr}PU5BdjE*IuliFbrLYTR5%qSD{G0
z<a}Cxgvi8*GZ0JW3#kK8UH*+K+k*a2HywA&ip$54dPMtZ6Q}9nB*`w37+9bgjTt*p
zVgL=_#`=%poW#@Z&^%x6b4H{G;*&1H`&Lp&0Ti?}Xk1WUZkuF$AG(J6r&RQ{JX*n&
zPcrxX=br$)b8MaO#%LDu(w#Jrkell_y<zjc3Yi}RjhthAOv2A1;@?5(EsM$36Ru}X
z%G>a3$L0TPp#e(F<}NGOpJ$n3^@}<E$^IQ08|it-TC_cEZ70)xnyY4n({a4}0#w|}
z%=oO4vek*y^#JQcG$Y{8Z1CR@7U8(kd0r{Ewe4+8i>;pU68bALR^}w#jGslRE<YuV
zN`}I&{I3Ma?-)ERED9rW*_4%)OKdCT*3AvPpj^FhMqNTBnh*cc0Y*KRk*^Z$hD|IP
zN)<)jFpvYn-q!Y4LPb$~s73s*uap<0>?wDdn&k%lmCnCl1cJZkHU0kIX|!*Di(Rf&
z(bCfL?VCy;N_b>s<ki)c9!tsg2BXny!(7J1s1bK~SZtC?4J96}U6DkXQu{|GW)BSU
z{|>>{v_qKIAMvFxhk4ibPedH~hVu=)bA-kc>x?pd-JxI#P|#@UKVDVB96=N#vsTsG
zch1Z5r&s^FMf0cHKg2>9`Lpde!>J$E-&Pv9ZW0ktQ1Pwt3=IF3Kc_rMj^_I<6*Ujr
z5EwnuwSlicQvR7{Es}^Mi#v*h^h${rurtS3Zsk#`w>@?+p`CChw((3kwU<8y<c&Ug
z4=@sg5RoLhyz8TEI+|Va&B-W*UDp3n6ku!G<b5zy2{$Q?EOxcyVQ$!8`cio0s3dez
zrMeH`>OYjubD0K>KQF}mqnb$vdZ|{K*#Yoy+e+tHn)R#U%=88SB@nH+6BvFQY2P1k
zv6Ydlwe|lVaG6eF--M%7$%)l$zMbRF{5w}|x|GVtT+FOf4GX8L5QPVB&=N!)n9n~i
zr9<wg93ZtOng$|jG+X@G%L-9W5J)`r_J?`|U#_UC^$Gs2@aWK=w)qdIvfIYj>#~@O
zd}|H?m&Lckl~rP2SXCfPUWI=1E3w|*y%x=wVfh+wmnh~J;$iVgmHK4EB-Dp0yR9@Y
zwe{`O**&^0<3B!y7D5_Jl$vaF<vkbk00>1B_NweX7VZMgPe9wZqTq9Ja<++d-wI_d
za%zt$RKsFld(-KX&-lcd!b+!U6620CBHl8J>N&~8lo%fQ2rnP!M~S=@Nb8LUIWYcZ
z^fN)X5h0if<2+?Xb_e=gyVY=3pZs!Y)ZpvEJL@hP4xh_qX0qZ7SSXr?R~h$7sIuSu
znPU*1u47mPin;V_^>sbx*<FS6(A%=ZWb>zPK1<l?L0eEY=r?fP3N?^-+W|rxP&p8%
z_&=}M`wf=M^*08m&O|+J_Nw+rG!>^dhQ>$nvVOF#bdy&tc67cJpSlZ6)K>{34=+B{
z-TZN3g+9!vAgKpOZR8+Tr94tw$6yg76Fg6q8EXd+P&ND&kg8I6)PYn?`I^GSvVt6s
zEK!lDFV;CKHqz_s0h_>tZ-J>4WgGF4ty^MWa9Untg0ihS1By&fr)Y&*FMZ1FiV#D9
zOk@;FLG4jK`zWscgmVOAi$;5I0qDbrX~n;!cSE8G$Rw3>oTbkUk5<?7x1>$)4pG3*
z%Yct(-Lt_hW&JrSqZoRcA@6LsYB6|{wW=Dqds4*DAt+(M@X|y|J6Z!CipEzrVE8~{
zB}IevM@yz5Swu=)JyWl2>c(6y!AdisT80^72GAs$#P4b?)C?pOx+z#J3Du%}Ibj_(
z3mKbUnSIKz(Bt@oU*w@em=Q>tN=4y2UEn>^1YCpn({AP2+vCF4W_Fdv^qL$3lmvTf
z89b27sYZ;K!l(pR2KUl*CsN`V+K}Fm)T0a`N4Jf=sy@K<Du%adZGJdsQU>{f2nH;9
zNC}3`MIh;GNu^_*c^2o0TqYHF%n#f2=tn(MLaZcLTfK@B`W&Foakx%%!VJ!&ij|l4
z88}|U?3P-EU09-)|EPu&H5iH6T)g-ChYeva(UUb{mp+5M%wB&?U>G@u|Hg%;p3-;j
z<SeX}67d+NNuZB_9i^gUu;1TH1;=<TF|hJkMhPsHm-4&=2)$R25iL~$oS~YD1BXeA
z9(qSLvHhmF0{CIY!K`EeHY1|j%_b6AOJ~IY^+1;~BHqxOEAeau+wf^tJ$(FYBwbSI
z4Q?MTUMnNu1u3c)6FKHGaw`j(vB4^2S1p}|BLOIu=AQ>|3v3i}_#I^WB`WI9ab+Ip
z!@iBk-HS_h%QJiTc@E7k!z_A*>2d#>piJ&lO?e*XmqwA#t^JQ&M?BB5zg{Mh2yegD
zM6@&5%wc_b-hN<ANtx4;s-BGU4$yhEVa7pn_`nfxkuJhjy9s6rYWg+Wg_K`{S9LS?
zzTb9i=A4k@vP)bhW(D|&s<P{lgsa!B;jT2p)#CZOJzIs~oF%e95hgp+dGKHy9mdJ+
z0ed$6g16VZ+&v((YlD%G6LI3OAy<{4(t}R#;MpSu02IcXf5$jrg+8D<knpvl^DZWW
zMs@b%BXfTx?ujMw;#^BpKq)S4Z-~9($vi71S=V#Bm=JxH=sZ~}!Ux?=mQ1n`@-f{)
zHd_JwRCA=T8yD51`@6^T5MGAZ2v+75`uebrDp=xq(so=ZsSWZ$HR~s}-u5!PsHrKp
zMmKf~+Ya~fpZM(^`SQI$WB0f*g+G2T_>#|3(h6ofQO#%KvO_i8iX$a{vw>jJ-@~(x
z%<WHt%)_JM>B)FLbdCDP>7cxQX<MC}VDE_3WE0Xo3@3fd&x}2)eWR59unRRp)-wjX
zKs>Oqo8p=>{RgTLy_4#X41Om~?bAw~&Y#5(*H*CGnt6WDZ|WJYb$P+!#t%y!M`pO%
zeH@MH-AS-JXxQGIHTQ7~8BSR5hN4HtUP)d4c4Sqh*Z9;ECu&%0H&!+#d&cehRl#vW
z@%v9<-?NwM=2eHV+7&JBJMHqU#51)+lhJIHP#7T6F5!24<d}ZleB@Vslr}dJ=c|r*
zZ`x51EJX>nUvSGI72!R{^ug*LOZ4))86`s@$BeVG&%4tiAMSTt8^Ok67Q;USmg|0Y
zb{O>S#k5Y(zw60UB7L|H2BqQY+u2fWXHK~>|2S<-`T65@LuHQ8;`RXNi?8~oK+yTy
zeWWPSYco%QEB^cExP*p$KQ;bNEF_Apl9Vdjz1(Kwl^O@_zD;Q7oKMQ?>hkLCyLEY_
zzQgF8nIiPic5MmKVpIFQtx2)e%D(cxptalS(N8ek#OVoYFBh@$X(?0rgx#e)_&;}k
zc*ae90y!G}hA%eGv_qZ8CFwOq>=#SYo^>Ef=&NUrBWlgDSvNTy^j#A$O1^8s<E}0{
z{?JZooON@e@Mj^fjp>S&gR>4SKXGxznJ^TroMNB{Xm03yn@0t5cT<_2)E>v~^gFPo
zSqBMy5&1;Uga11rda96j!*{}{FhTjl(h?c6|I%nn`KVfoU%wnUK`hMZGqV2#@^xM%
z$8;EW5*02N5_dL^njSBe2bUUfqsTW{XvTwcG0q^OY^_^gjad1$!QnaQlvR2h<{$yX
z{@Z73SIyy4Bp%pDQZ)E{VXlw(++W;x@#&)}DCZf(3}}k?%AYDwjNO7K(SRkkFYK`>
zGctz_0UkTBtJ^YF!{OQzabN?`R_!DT4ExO*lw?<z)e&8)Q?|>TfL9T}9Q}IR9Xfvb
zW&(1*=AX9fFliQ}Ub3mHq8F@!o`hd#pgURuff1SK{v7->fNuiV2HS1RI~#a;ZaG30
z1U_5aUOUHEQ?1L28eZ$(%`%oUcC=v124yGrT#k0QYf#Ahw$XBv+}Hqqx(M}JtW2Fl
zeXu=2%2I8CmY|h+$BWGiGb7$pi3@m4BiG7wIhne#Dp0S%a>;(ihW{ILQ3f%rC!ZPr
zXR$x7D^5mpaj1J%%sT#WeL@d_<YE=MJr-6*5%b}<Iqg@VWESX5{g6EbO?hFt>~YE=
zS5GVO#kTf#kclvmR)EMouw?d7C`n7xN-d>3zb)YFq!g;4GBXL44;lT<nY{9IR}QlV
za%%Gd->LtI&B2>}P`nK;Dp7d!iG&*xl6Q%V`?SCxu>Q00pR*N{`SKJLl(T09zF@hG
zUlu~9?Xz)2tVaPdvr33~oN)s%71D=asFvAKOoc6GW%n$Iq3tl33@{C<T=x_{SOKc<
zKEnyLQ~r{y98}RONz8Ld8bR=Z^8gB1783r<QWw?G(IBstZ2kr=p0#DT(ntvOUA2t_
zRHwfh8`aw<6XS`iozPP|8O>J4`Jy2>EA?k$d-+%D+lP5-s|a6JRXD1QnW%kSXUAsd
z(@!8{jY`&@Z~R<4pK0D~>~F!2Q0x>6Qf6!DR)ZVFqiys=vmKzCa>TfKXtDjiaeuMn
zGGpv(&$yeRcE!>YGsb$2@0H`_MP$h<nYAY>UHK=_q9jWRWdzju34WJIQZ+F<&;dv|
z#!={>CxA-_i)2G2OozjVNJMvUCck3Mg)c8v72-%|o}i;Q-IP-2{q(h9hi^x6t^_5#
z_;&o3o%Q)3jE7o=RZPiVGq5{DOhr%SRO8`?5u%aLAS3|e&rXVvW%dc3xIYe<*}JC$
zBd)bI@5nlUi|E0f+1#E_rHtznkp?=wbY?OcaAm?ZIKpL(SUzTlPvu2v3gqr5DwVt>
z+%8+$0~F68zfk#Nxa!@`V4pcB076ljWIRHb{(%O@ywhuw<CgKlp-7VsO~0zTUPpYD
ze|~XwE$~Vi;4o&~7LR-`ud|?Q3EFt-ZL5`Ixkw7ild!Jp-wXM1o&hafji6W~lCdv)
zqC<{;k^3qeEo~u`>6T>6KK0$_uo2PO_0ZT*zkL9=uX!_TX_Egc`bf#keLfn0>*7cf
z<-%<xGNm#v_X*ht=P@h*UYq0CM)EXi<!dSF7t250b>MrEhcxbkR=^Oe0p?rXr&N60
zyvB<!-?&_{u|P~aVxjU3Xi`NHM9yyfa~^9b6uHjb(O$0%FuBgY;<E$DmP*};S8u<C
z#a38Z-Y%}LI-GLLclCkw@#|fbh4I-x+L=ayTa_+!mnMIVS~r{_pWwB8%`~l<B$n8~
zAPYt;86wtQ_;VeRW+U_hsjPiTcaW1#x80sJV!!eG(S<0EIr#+>;gBoeqUl$O=;b_#
z=%1aNFF&nj>ZfZe1o#ZhzuCe&@(E}PCx4@F7M;TD9#HGG*pH;Uzh`IDH%!{p!40(_
ziIv7E5I9;wnKogw8s*N`=}{#C4WJRkl50xJPfHg!P!tKV>-R<{vg=&3TNjFJup$d3
zg*Mr;er&(%4ijZV^?pM*(YESr)je5zHD^C3TPgm!6l4aE;CEC-8DbKTO1!wy#0tnp
zS2Khu^FD=;vac`GiHXWg6Kf%a1kIi}zad3^bd>PQ{T1_B_P8i8qB2j(v~szY=CG|y
zT2Ns>Qlmxn0F%cEVQ_pQi42S&7NN{4(zMg$lhj4oXzF>so9Mm%>D|KXIR-nMtpY#j
zoTzieZ{gx2oEHC1`U1Wcbat5WTs~CG{`@XQUIx!w9YM*Pvp{3k%RoWf57SEl!r2Tu
zc47`81KuKr2n#mGBkn+4Vp;k3`{D!O$=whkMGCwTbp2|J>*>VSWV}l=n<R-W8GBr0
zR`QwQKz8a<b74$x5vxyw=@XCf8Z_$7t$=Np56C=?8TJTl_c=EQC^_tDZVU}8k^R`y
z)oHmz$O*jDqjHkqV9L|BA!-_yj5Y&?hW5!_@nqJKDi+RekLlkjFfqA@nT{veu79j*
ztzN9d!V?cL8*3d4+SC|X8D(Cv8_JzOn0V-C;KI|kw>L;R7Q_d_fbqmU<cg#TepP%g
z^{Dk|Q!nSc`jYyr8bzaNKc!s&i$tvRtvv6;f~}pESBNW44*Oc@ahsQP!{?E=so!4B
z@7>S(POQgaRuu51iK%t$<vkjQX4EU^xMnyj_gV+@wCCHc<c*$eFeV<)yXkBZdxjY8
zf5#Q0vBE6j5&=gFy8#O^xCwb(Kw!6yHeXKD@x^bAjKtCqAplwD&JFEaA?gR!kIzW3
znI=?87_Bgl;&}>R3WR`!^vL49Q?8SnD!2p|YNR8<ePsN5_<5Wy$(dPPIOVSq)@h8t
z$h!r7Y3?;wogI6HOScm-Cc`;^ctcd~WRMb!Fl-D>flWtGSE-`>)xIV!j5eYASnq69
z`u9Cj8Q!C2GmXSJw>`o>xc;>JKOwE9FE%tbEv{8=*uGEDoGG;YCoPs|Qq4CM{B;}@
zOpn)V7~#B7OL%`kQ$Jhnx&nVkUU8}9_gy@J`mIKE+4K>(DU)W93cYr_>jR{+7A-w`
zSnjEGM_;DRfJC#n^7&v{HI@d7JSSgpF5kpfwKI>jrkQ)~4*Tb`pFDYNckTSlB!sCt
zVSWBF+X1BCs(x<W$&Y#HD4SSSc{wn5_Pbz%U?m6d)tL@+3}H9WU<WR#3y#H_CBA2U
zZg@nXpyLfjgRk%6F$Ks4`>w@Sm%8=dI{*A&U%fW%Fk7{4pH|yA5|fE%Hilep&G=n^
z*e<Phd9TVTRK1zH$_Q(|8gQI;)mmH?kRk5mt=BA6X0o;LT?*M=kDQmXHJb1H_EG;Q
z5hK6ZKf;xrbk0;s3k907zYy18LH*)sqAp*D4tK2MJDRbBu_f+^Zm1*x%<%AB0)@OF
zgWx!%C|ZA%{pJTSvByY}#9+35F+J5i+kkvbsN7=bR$X`m(>d1+S_{sF2k;@)c2URF
zKyUxSdbxgevbU_?B9$QBxT}wqB2|@G$s&s~93;=|qSgR(`gZ88#QBNQsa4Z=iX`wb
zQvPHTxmzb$0~A6K+3SU~CZ`^S64m1Vb2ms<_3WJ}Ip?P(v(-a&!<)*onjehWR&MTU
zR(&C4{iHSby`R++vX5k}AYc1kAF!*DFyVg8jfCr?TgK>MC!~AdPoMI$2YQ6+^+)xz
zvr>oN?g@G4Yr2(Pj_b%*z3X96#>@s=c~!wZo1134e?nGC%r)eKSW=WW!gIPhhBHe$
z`b4)=-(<u2Hh4ZfB|Njb$wj>le!l+3F}KOPLX^Fg_Kn{4o+w+&i>ZKqWIFgmW=@G<
zU%klVOHOm#vehOl0jZOIYD70y87T?c4dO%RmtVK{qHpWNr*|ujpNFAUqcs$-i5JBb
zg!*LnMR5v6gHVU%Y$BFoHr@BJ9);T|iTu_{F80cs(NqzjIyhp;!(4VX9^}M}B?^!#
zpFOe0t8E8iMYFz~1s_E0w%hdZdd#zcz$~!7I#~qHHUx$&TcCxX=cD?H>};hD$@)Yy
zUxZ8as!bS*X2xGJ{*1V4<v<FiAO4T0cMPxV`@X*8q+!$8PGdK=ZQHhOJ8A3_v$3tl
zMq}Fz+Bo;__y2pIyv%iyeYVzGbIdV5>#D8DZk;JdK<83`ne|&Qd!)o;pYncj?j8>^
zz3`Nf!`*$11JLY>UPDK&yn1;vNr)BaSW=nOa}c?9TA@HVN`dL3U~*JkR1OuJ4Z%1(
zzZI7AeL7P^*vi}vcx11TT&ySiLGVeI=YYL&&%8QEOlHusUd8ll%%Ei#+ffP|edS#`
z2lSLwtRXgjtSO`jcKRGrM?7jGv)v=%-JsbKF3*m-Wfq8nl2p-g{&2Pt0WCRa%f5{H
zYp(CmBgoCotwI%^9_oQ`N$+rlbN0@d9?=9XYDnv=?AGxwtX04`)hJCr?NZKk!w4_-
zYGJ%c5BFOwiiI>ST2z~Xl$4SFOQz_1Fqni0*2d{Gl@tqvqWTwYMvRWJJ}J)%%ryHz
zgiX<%CS3hwo;d#wjCdZo(LmeJ&dq5n1sLA<*sdV-Ihep%^H>uzstKD(qUu`(UlOnT
zfG+}BS+B-5jQK5vw6lAJ%%||NSy^jkd4Axz2{E|n;Wt2s4J}I4km>dLaM>l#!P892
z*(!v?!R<WTpe5&N^h_pSH>`&iGe&O92jW&Ht@elC$=pbGR@Ra@0vK+uxxFF@tVqW#
zHyaW)EwrHs(T(t4(UZ)jIIA+I!Xxrq&gb_NvHr<D)NBd5bsPD`l=}O+9<g<ebUOpJ
zKjQ<#jEuT0M>~9YI{YnDp~K%zxwE4pm%cFT>`2sLPV0T=(pTDxA0;zJ{{9kvynxP8
zKx-eJM?YiuD_vDb;%~?I-m|h0>u^LIWx#j_qQwQ1{xphs4v7SL?wxnsVJ{;y5#m<Q
zG3hUvB9p(_@%cGfPhWcecch6m+R7~4{Me}qjkF^DhT)#f{j+Xymz!k1a#F(x!aeTY
ztW=Mmra@-I`dv+?THH*J1|0i+pNoD7`@{m$_7`)uyM@`!!+s*uJUWr&vK*J+4r=6s
zm%j{*hovD{h2>a^Jx~l0z=9Zw_zg_Qe3qL*o2gZ}1_A31R`t@+uotZgT?*T=ICARF
z>^W$}3tSwBM`-Z<;rjK)6o4IAOAd)oIQS0PPMjW>$*}Kau4qo_!&>{UN=8L8fs^eW
z5_@c{?_Foufy)W~w(EU4cIKEtFnR+5Pz11*^z@K=13s*uv#ulU>p&<U?R6j>=0vn-
zx~s#h-wn6lB*RPOL(tO17dV@Fe|m*B!o970ZVm3c!B1%HlVZnbZ8%v%^LSj~7g1Q{
z_TKE*+4Mb8r{(vGz^h=AeB$?&z@D8CcmGV`!rbRL^B|&Z1~faZI?m&BUd@H<+blw&
z-;?-G%BsZQEPnbnWiBtPV-L;hmDi5fBU>WYWs^+Sb%Ca?>FnByjb_igYHi8Gpa>E<
zDV;3s*qst>gLuihhe|o%6r~HHjjNT1qW$fo*CJmTp&D*u{Z+<UX%Gd66LFk_hO33S
z`s&2Zt;8pmc1={~iy0(?vpT}9YK8KYkh+eJQfGR1mKMzznJj8KEFfIXv`gSjw0k;4
z?PzC$HhK3$5=dq^Pumf3+2EG%s=tBDTBMn~XPG}JawsZ@zQIrSd6}timdRu%*^M}@
z8&bEVJ&>#<UiuLE3;RkDl2JAd$88i(qcbF0jnN@JOz|ooh*&yCpEiHV!8xHW;-!nm
z8u290d_39QRIhn^I3Tc1$iuoFG_2EdRs5I|AC|EdK>egV$7BaH`<E@03(->KQN#@7
zqcap?(S|HD82)ql)F0$axD#rA!8oVKkgvfHbe#e7k15M3C$g(H5dUvz228o2L!cx4
z)cXyiwZRC<+6z1wqChxtP1Y$Bo4su8!p7Y<GqSe@UCX@P%hIjboobpFMgpS297zy6
z9`@Gl<5IA;Qkbh?rX-?RYz(Yoily2a{c~MlT(evAOgDD%0;gdLk%)?PS-Py>R#nAR
z?g^$bK0NcZ)R=rY);L`&@7$NK1w4-6lPBP*7|au%7yIg#jnycV3Nl{e^ua}fC+}}@
z6pEG^6VAiPea?!29au04M5SCNRmlpU`(aFGWoa2NZk&kC%qGFnciJvT)r9JjV|sZz
zbN<U0D5gxLv(&Zyv!3!Cpy-9h>A#7rx4sr%mXWHG5YL!OMYy7_Va><liX_C$#%)Zx
z#WqO@#8JGUpIZFDKOl*j^2efZ@4VhGrI1OJG{FsL$qFt1Q#{4wT`)C!{qyI~ku>Pz
zPMvAA-nkS6=hAh)>ueySDr!I~PybL=X|X$e*eTFsdodXE=TRY7Ix1b^@z*>v3f;!r
zsdi@6@Px<Paq?V%0n=_&)@0g{I6Oqf$e!R}H36Lxm-7jmQrcI$ua@iR9fq36G$KM^
zcHu+e-`s5S1A_jQWS-nfG@;kUy}rM>%39J=IGHqK7M@Ql!%;NYd|S9Jr7bS3=FO>R
zZV(`I&M(4_t5FI%4c*8#l_I^xe#wc}0C%^DJ8Sel`%C<!mbyCS@_FQQ)~lH2jB<9E
zHZ30a2MS$C+vTTx?A*CK7VxQwJ^Zp@;!Mq!l}Bg&#UGJBP0YQds;t^DO(+vsirC<Q
z9<^>355EWYU>^~@96Q^EcmoL1yE6k7$_MIY&Tlu|j0HiA>RDgORXJmzYw;@$1#{yY
z`S$C8*x<*@Tuw&^cVvCez4&jT8dQ5LtIXc6tFxc}Gb?H=0hqQygx$ZF;yS|ud21VZ
zO7_v1J<W&cs`kuM>6FQxBU5f^8ms3c(Z{ZS)sc2pkJHUaDK!^=E@=2{I;@7>kL;Ve
zU)2}guF+tHkSRBY2pw2)(C$9vLO!z>^bMaN{82S~r<j88W%zi$xw)ERiN!*0M-luv
z-k`UfUy^em&)!0Rg8rE2R@9>Am`>S4XTkLe(hs>3>hFS<T^e{LSGg@j^BQ+~?U+e1
zi0+_07fFw*I81nAzpzE{ISbjB%5}iruF{d0>OT5gl?v#WH4X!x^Uop}bnYDfx2UE}
zCCiRiI`j6Ws-i_Y4r;a#-t07^IRq6KbS=zEPa;`)>lqjfTs4DbTPgYk-PEnqR@T+m
zr#oQ2ELZ?jceAs*tZ7cFS}~^`a2G(0BXLyEZXd*XE({hdht(7JGwD5%P>C)hDrjPt
z{aQ+d{c<py-1>DyOhJa)L4o1<K62gzxfIXKbUXkhKET~{HC9BXn7zo*N=PWsL`Wj)
zN_i0r-oa3llA+j5lyZD&4s}p6*~nJfoC?hFK{!u?@2~Mmu~hatkGI1Y2=NoHiUb2+
z^TU_?CwX`|RBBDE?y2#xX8nOwm?oetl)->_(5{aa$#CpDL4&aLsTm@-P1Wpl0!+HJ
zE7JZC3=$HO_0*q#*O3K=O$z(zkt(rA<jW^z)dwwfw``b7*9SINf?ralv1uK|%VpnA
zc|ZDt)xJfwov+_tk@57eE<QgYG1o?N(aDx}QwrFciLbHwYL1ty1RY1rIacwTc%gEL
zAmfx)3d+fDP*M^QyG@IGb2kV>qNBcUq~HkkHexxvZTKK))M$sL-TX;@Mpzj9z)~N@
zXcWw@ST$|Z3SVmQjo_ZI+tf339T;@?2vTa9Rj5o+&YpxISCUpO78Q-A(HYkV6O^ck
zh7$@CA{zvYf%!(rYB-hBU-g%$$y(r1<QHLN-u<*ezSr^6*KPm9sDPe5SVs?Cw=a#S
zW$LpC7IGHE9JD>4&v4e(8oVFE8S-;c>GG=7X0pd^eQucaADl_$2)^DXU(Cpokkc6|
z-M;_mK&GcV9RRa1$U8xPKU))@Xz*{6aQl<&qMj%6TVBsg?%;x2hiturBg>2<_3x|<
zENJE?3`x(^BYKrz8#<mAlj)gyY&HT1-!uN0QiTMad+k>|=2Rt;vVHLilI=6K5bfC0
zVmLIC7~z|{Lx$wjlzt*{n0ZeecyC*fm#XPx$zd-Z0Uj(QE(KK<77esj!|T@Ty!rfm
z>_eA5yky3%Tz`wk)Rm9OLSUz{j(b~QEaJR94DjL%>Zg*;^n=51kG3Bp9OqyjmMZ>m
z_p(fFNnz8oAEU&C;XJBl-*=6ndMJit%k_4fP^fj_Jy(#k*oNwT{~93ryjJzz@n`MD
z=Ht4*W1AOB<L(?5k&)s-^9Kdx*!q@^GBzN<+RU77#CV*;+fB>5;*pBc-THa_j*ch2
zgx!6mXtsyn&j{{7_8a(1semhBKanKj)ZwDl=1B6>WnUugs#7k%nq7qt<iX9IXi<#c
zu-~WGf&;Je(t90HtUjTrr`J6*v^mXriv94-3t@<YwO8(T5^(!I7sjKN$9hc^3k4<Q
z&Dj|d9$?xD@*>OCib^_j3<Q&({urBin<$EjgJS%fb#6ne@{>!AM}c8=0OcZO@ItbJ
zK=e|btiFYRRgq^L+g&#QS}s-&y|<9W|5_S7-BQ<5ZcpYGR@IeQzPV5Y-BiUqZ0?tU
z3$FFrRpMmsayYw3qD8^&Ay)&|p_myO;j{5%ccXiNb)2lJm|5qRfW`ebfA-BIZY7wd
z67Y*xlj&s-Klb<fC1W}1)zhujqN|+tiK41<z9_k<uCPFKjZbf`7<><cS#kENhoeDW
zxf?rELl0urq|Jb5(S3wQ;vJ21Z`y8`MLMSfzF}gN4ub)X*JJE9;Y-vSGU?k>LkF9v
zwyf*F;Zsd5b${gAd58q|{a)fLVtI9<1<_<?YdMf=A$?0<_<7Z9C$I=h?kwPg%8lgJ
z^O77wGGp`Whu=q0rZYX59shCc_i4Vn;<rC*enXMFXEwLk%4S9)9=A=Yl{j8gW1T3h
z#%AH!eXAG}Aw_InC)xh<uC~bAH>8w4W>SZ>4j-OUCY1(aT80g%6sZ~s8v$qW7P?%9
z*JKl|n~m4yN=szOc&;}NBYGZJk@*Dce@CV2`J_O@NGA94nrw7)%QqNL#WO31(}H-4
zpg%WkQw!`2E|>vxDXypQ$X|?@YmmMU64TDW0i&14$pLOSL49TTV7+Dq=O)NVY|>hK
zSB!!M8j`!wIYaAP><AU~@Ngn5b?TsIQWvsZMN@OI;35K?wRX=a8nv?7X^G+aY=v!6
z-srnVaQOxV1dRkZG0e3p-`W+j3ixjxQs6;WzS|Pt@tICG`_R!S7SK~lm;FwmXPA<j
zN*HjDs;2hlo8t}Q`|vuX$HHthdpj&cBkXpaKe&Xs;I6c8RZ3NH$G;u=w%z&nI6}Br
zZ^q}KqGIp(^N9rNh2{O^_XGl_g5EXDcd|pR)!6}zHM+n2>nJhH(@mseARH$VI7D%>
zp#IA~nond5`%2zEQT+p<e`m|4j^B=chZ04EWw7gn^nF|SnS#1Mvwm9_Ba!zy0XimN
zH<Tu-GBDc)RY+RR?@)8>KHImH%r^T*y7-?qo*0!dzKG(CmYOE5As!SKeA8raY<71d
zwc)T((;_WOw0n+!jqp}Xl<sm<ockJ)+Qmn~fPhSWEgLoSn%Bh`n;fia{F7w3F`g#d
z3Hx3XQ{#&AM#!&5dNROKR5{zJLrinjCGtlznx7aU#yI#Bg=RFyAtsotb!rh9F@?PY
zRn;mxj=n@q7y_@wX)?-}noH3&gaH(dC5j=p?+|3TaTo39^0yZuKTD5bKOR)={6fsK
zI_<yhIAC4et*F6%ykretzdWUEwh%yg>36pr#rqIxw>USC#zP>W@HysdR&RD!J)t1r
zAQX4N(c<dSED<tCQbTEqOoc^U+KTTfS`wM~Wi6s$w~AD)M0!rfGK=?euC|h1pgHNk
zO|Bo6p=><A!dkJSLLsAb6V@`lCQJ57$1cDB{zBzyvzGC^jdDz<pW}*_$An(K31>Gg
zktE(MJ_9F8uVGrmV#s~Z6mlPgm*uFrsCrJ9C&J-*Jno{N{pLFK=>)k#IB>dt_p6S}
z6-1G!K&lj|vyX~GP<q|ZXmNow3F1tlB#{>Gpox8ST4})uK7cH!5205sJ7`T6MBJn$
zNk_2AjRjgi^$@QKvwh(geeM>uk%LXjt1p$eZ|_^Nj!8<2%)N}o#m&C<x~aD)>sD9M
zLCH;<W_vnoZcgBTcqMxG{X36QrK;X9zaFOqXj}!O_l>P}Ia0Y&g$PsOKmMqHn0|m`
z(4kh_2@=^rx#nZTJd&_>dr}O5u5o+LU-Hg<=!{DsuUpFa2|U({j<^0E_4ekxJY^m7
zuI)J$EzxHFc~7=^XLoyiKhE{ur{&oANH)WAqT<U^R{yT#i9T2WizL;N7hk!CL;Qn=
zJdj4_T<a)BBiH55Gq2Uy-+3z9yaMPlmatFMy{7p}xaU32Y(Z0^tt-#-yY-SX|LtK)
zqEg4q8x0DK#DZ5;@hZbk^jO*3xrl2CoI4$Lqi9#IaYlz|Kt7<Ucg1N=GjAG&v70^s
ziQX$sVD@I)GS1rvy+4zm7^qPz@V}c$+|5nST(|x0r}cj+J9l_nzjkOpPp%3G7|aKp
zn1cz!!qCp~`0Rjs9vDda9Z4=7NPMt>Za;=dE5Y|$oVRnlD<a)dw%_Frskdp6vki1~
zZi^y%t6feAnK7TiTX#uq(nNpJeKNYqh^-94K80Z2!E}vOIcJ`oDdojP@Jd4Mus`um
z;X}OczKWG9qGO{KZw)|D!|b7IagPj*4gJg862MMf#W~OpZrNzzbJKX5Xz|!2PYFHB
z<a^(Em^zn?O|F}{rab!L;YcFO9p}@50~^(!W6%hpq^~|)cps}6=%lwPon!JapKJ?H
zBV|<*#9P?MGF&<iANBZn3+pGU?cX>|9T3ErAY;w?-geEzc-Xu+JELPJZk6N0s*TV2
zN!)>~paWd*@9DfzibS*st2L`rMAu4I4%f%yD$ha3)AVSO{ZFMRF1w){g`i1v4uU#K
zR6j{dx`oE7j8Z<=q0quTX?yXZX30MX4z0z!&?8eGo7=OC<ncT@1g5dVnNWuoA&-$_
zg&!WP?UDA}9q;L^lmu>X8(wCok}^ZBN;pH!mMKtNQtXMfD`_|}Sl3KU-ji)TK}J3`
zsN01&4k6k8<VWb~EMM8^;9~pzwv9p1&Fl~(E+Ks;;SO5rP31%4RRw>;vlwD*xyoO=
zOx%gotkSiORQWMwFdONpLq%yPoPsAUW<qHGav#Xs6tSi*tiesZHuy|IQ`cqKXf*%O
z&Qv#dHQ&<lm+2vk$B!FiuL>UoWD0D@6k(4bq|{qk>QcKXbdfHz*t0;+r-lO29Nyms
z#5-*by;xCoT@tbPZEg8_+8EST;V2fVsw|yU+Pe0s#JU)?r(}MktY*_IQ@oNE7So4+
z5WrYc#7-j@6c~<^S)o%XHjTD;I-`vqdpcd`Vv*Back7*}*1~^M<~+yiA*O~>#n^fh
z2xLl6=`6aft$uTaQDdiDnKOmTgz4^5Mi0@{hTE*N)2e9t^|kvpdh=qzo#ET~evle|
zhLUSZ@$7G9G6LK^W((FEIkG0XtVK8985CaRu$CIjt`!zL<S^uRn-v|z%0OWUEh}c)
z*x8sH){;~!Hs#{=1s6NZ$nx?%X^+N*wJ#M@tGrsva!GAdS7&B%r!e0B;)Okw+d^0c
z@=d&oP7Pwllxn{40(WJ~RCLNNXv387LCNLNUYKUWi8%BH2<AD1EI+X|gjwkH(Zw{r
z$e~fQ1fsXYTg&_jcYHh?hIXA$h$pld${1*%G2N!7^i2vHV5yJ8Pm+%i0`XGJ<uUf?
zQk|h9>pk6aWdg5^JWs(>Oj;!p27C?<n+@$6nlYR-UWX%GuBzn?u`)|Bi~D6>QvL=0
z<wRE8w+Fg=IUeiOd#RMaR`!RVB3?j;LLp8^UZZxnO$EnJ1g+mv9YrF<UX=q5%|`44
z_Ay4XV*Rhj6rimXkj*P7qLe3SoMuuFkjpD`i>6pm2XeX(a;7MYh&_gp9V0lFOV59i
z#}x-5&3haO>_JWB3H?0O(xB#wA|+J`{XQ{lK&e!U0sq|tm%&EtYGLyB(ong$kzbGy
zM=*NkqM9AjvN6Ttlk%Uux^7)nI7NEmO$xi|?gP3UP3fpiO9{K_WYp8OKE|AgVV6~4
z)HgGuD1?dhPBc2G>z5$%-kF)<dc!)-bGogMNC3t!(}IuKP`o5b(^-#an^`{am03kg
zD-ji1BWaM8W<+S$T;>B>M@66zNCqul4Ttr|TJ4A52-20ta9rQ9`y$;b8V-9yv9)P&
zTRzd6e;?mHI~6)!NZRa;$cWpQicqXlFSfSdXG9;jE0+@+>eIT|t8!z+hf!&z1!Gs!
zh$n<o#hNZ7Un_#a);37Q{tRd}%-Mns*mj)3v)$;tWvS7Jr=uGr|9v$t!*+v(Q}Pfr
z6DCsSG_F4*qmnR>k_5GB(%g=+Y2)Jlx>ko1=tY?p@J^p6<<ZFI>FPrBGUfE)z!Aij
zw+A1{$z6tFL4~>J`btPT2;H~3El}|GT~$k_gP!@g{{)Fdj2oG?=rhhr@0mr}o8gOH
zD<*}I8Mp)B!OHQPujjGjC{^&n*~qAAc|1i)5O^){qY??9ia_bUw<wDz(6jt?Bv&yz
z5KhUOr4{@4CG|ocY?J!WfEf_n@`cqn;zRMq%SywUo#Dk2t07)`HanetDPwrtZ*0t|
z)I%)$8R^pnVpiTBQnuOg{Cw=c(R@<&BO0l7=*Hi72w8yNccijGv%wytv2Y`L-huat
z-xi#?6kIuDtPF=HaIIvB+kp)aLocl7Te%`lF}3Rvownb2?Z;{)iKBRSQpS==Xo)`=
zm_g|TQ<D~qsWj&3-DYp6=i-rwn(o4jX1({+`nBJEuY$m~)5VDiN`AHS`rYXFnck1z
zlfVh`SmyJ!U`t8YSDZfc3?p-1q1+w)aiJfvxUVvg{Vr@khB=2Z<fQZDRXgkdc@}MZ
z1F@j}Y(!K~NM&s2!?*3|G-26a+aOuCg*<uc$CwD(9)y+qek=y_ejy*MKAV#vi)mD1
z_81JSn#0eD8qanG0ms9Iws4W?2J2A4mfA6xCUq<LoKzb;d!LIMjqU8sl`Q+(emizH
zh}CkqDw*l_YxWAN_$xl6m;78$$B*~0J8det{@Dlk?vLLASv;-dQJ&cMFyUiz$|qIB
zq}II91+#??#HeQB4&ei5X1b#`ipyoS*_QTJQfuy^3rMv0hHVO1Q@#suuddvV_~sZ+
zJXaCm-UL?^nc2qfDO${Hbaokv+l%0HFSEa_fy^1@$EkPN)^(^(?_)y%jqr@toS5Zz
zfBpKpf>WQ*!WoeEFX4ybyoRWQG}hMka!-ounwGfs*u}itPQC({Jk(^FdxW&?(a&D)
zQqfv<17wMIv;)!Oh^)elyv)MQyAM`O^UeRkOOCR?uuL4I0@fr#B+ntH(+CHbYxPl>
zTP%EGs$yly(pQyJ*)FFc#0)u&9UKlVAZp0&8-r+{0Lu{a`@%;&@eZDdq+2+{ipNyy
zKdbtk-oB6lXR9r(akiKet+mD0vlQbZyl=-k({_K*s1wX-MWPzX97_`6&;W55x;Agc
z7}7c%9p(yMpm1ZLJ{)`)@~N_xc*d9r_1w{a(YsYq&tj!XV2&7~iPmDKV&iN2TDye_
zC7t()q%Kg{RLul60%7>Uih70QFVX@>n?*TTgY%QPLYO8BgUSDqJsPR&jG1Y_)Z1bw
z!XWT%%atF4mTn=yMB)@r>YrzXAyMt2N*xoe=@76(Xuh*Ykk98Cg){vap0Pkk0S6>b
zoP`uolg#PQPydDYp29Wf$_eUEQ++?@%pz<QE1p#M9nfh1OEc+v_gqIwWS~+OW%w`4
zb#ZD(Qg8kV^W8&|5GuHhl*p}Mv-~zLg(uRW`3u3fLr)f={$Hek9aX&#@hbs2UhZ;-
z>D`*DOm3SBVwPBX0fKNa=ZKMK@l2vx{)N?V8;{R=PwU9H*it@n&jeq|&7pNH-Qnys
zRt;q>*s_<?JX~8FC;sm%+A~2;Z#3mwO13V4&040^u?|C$tEC0y>rb{vX4k@1G|Nsz
zi;~V+F1FZBu*pbEe`b>N=J}+G=^Y~m1hlDWXo6LXpoEQx7i8JhCHQ~01fYkX&#hw{
z>Zri81KMYL%smi{^O+OFBDvuRlBF~J7rFv6dU|3#{9a1Z|8jaj<gSu5JDkhqXh)|7
z;80*(6Wq7#zfF(*Vef`ow?*3IF7pyA^v`VccAC|d@rX{6T$ob1wII30C#eSz#ZE5-
zIu75gCzN#Td!CL&!Vy#9;|_~|3MI-?f|{(pLbs=WK|%q~I#-9VD^xU$DUuY8W!Lds
zL;NlH6#`Y+3B2%}(wqwjy(Mt&!C{QK0E~@x;2Yt>BEYwiJ&rf}_CsUYwr;w!_@Obo
zoh<^9ENt$$8##_max|Cz!i#pn-q;i%HEnn1H0S{r?&N$tl0dY53T}^`6A9!AMa1CY
z*qFIkMCxsKY)P}L@rYZg;44~JvC|mex{NM;%gowQn{b)UHTffulQ@&uTD#+b+*7G^
zRclw5@4DRx04zzr?s?g|Sk33);21Gx)|`opi$h%xSE5tRq_dCYz+75d%Eas@LO0gc
zR?d+wIXgc~Y6R8y-|<bf9IDwp(HEazCY?TwW-yx&dY_PBpl&#g5Qs$l_)9UybJ+yA
z^e#(CpAb9dd;n(4?F6I5FEIbteWEJpu+i|DTOei^%&!{Gftv64M@vd73US-*mmW*v
zL_3fG-10i!6$Nk@`;Yqx660q}Rb_J7l<7y%SO&h#e?EYmp(hYB?73Rm`v*7yhy-fI
zihbA!AvFLDLIHDv(B}e#Sq+)i($X^SXs?7W>(H2VGi%OE;!m!PGfA+enfw>7iX-%D
zuUuMMX8DH}UILaFX_EijbB%WM*_O{0*I9XycpR=9a10@PP}S@$5M1*+uW89*bJ}z8
zzr$N3S($ivKw|8=89)hm9HejExCMwLIRXy)HZoNmLDhld(ha~#01y~7J1OxJrEj*_
z-B-wcuLC<+n;f#C;o&fu5C`+G&?7GZ4hG0a@|{4KMyF6AZXG5P@poXfQ^~Zj89GkP
z3)Tys9@1z{e4>?(fj@1um`RH|x5p8SvjwAOnJG0Hw7_{GR&iA1WV;|w#0>$9$K_v!
zUM)HCGW*o`JhuFKEzQVq_##Q#1TJRF|K;)@jRw4!jDn*VO2p#H{R$u~(G9=nc<x1M
zA{c3HFK^N%%IunKJI4_CP_Vl40nd6Sua~om%J<muTkuuA0npeg1o^l~NWuWP<d8Bt
z-PxBk(rB{eX0uJ_t0y2=*r%LK#)^(02qqCRP6n_Saqv;)+2lFC@SsB%f_d!}U5(u#
z7%X>h$dM4szznC>d@aY293%6@HbR8Ao8M?rr1B!jD)o}`an`raFI!22CQ`qSKAaGE
z-u@_+&1?YRDkhRwoYTko0q+3D0rKtk6&e8-57&@(Bs!W&|K)G*M;z$+{&XP%kx;kM
z-L9+La&Auyh`-*{v~G4d&J7T~?!cn(KYpHaZskZxz0CQz+hVe30EiWqsj&m|+%Ff6
zX4tYhoWB7OhDeEo!~2R!LdD|iF%SsE;c=%M5*%i=1x5f)S$xLvf3aJ|3W#!u157n&
z86&?QfTP1g03E3YAb`wN=~pxLorW>cC}jn)mmyu1%+FmXPBP@V4pY+gy`{uC2=MqP
zv<#u+3Hfk&K8di~{4U5BgYWnSKsE$A(SvEu2Z3BDA|zata|l&Q=XH-xmR#@0+cjhN
zy|Qc3qrNQ?o&?zGD2zZSYqHIcb{MfBfAx3_Cg%ZpWBLPLAdkqiS*^?5=|kmy0XZ-l
z-kmJdNmxG6`~JX~0nXB4JPhANoa2O_rR%+{WighCmxAZK=jjwkg&!!2&-o|dbiSma
z6hu0<HV?|VgBU&Nhb8g_&^E$RjmA+$cx;xRk)dECt)l{~2{||6JgDH?qYr9Yw}f#D
zuSn>0h^&dvNR;cSp+p&Q$3T@PZi{GKl%r$=eXNKbd$MbETdYW7rLJC$8F0rOX<}H}
zMp7DTYH{oKoj{lpOOL!m{+AnYbDvZc_}uye!Go?p&NO;i+B4-#6i-nASkGcc&)ajZ
z=e*R9^QFZ_2K}bT-s`T$?Vgu7Z2s3<1O4||5tM;COy>=y;zob{kfR_}?yS#(PKWHV
zKpP)XkNH3Xr?NO0Y_kKt=HDwD+|T(8hcR>Wd|q1w4;m5ebpe<#AeF?^6K2r;2?FsG
z6+_BywN~TooFVF$1fDC-Or+}0LuQkouB+r*Fw+fCr`XJ+eCZP83v<>xCRTsi>d-M0
zE@<bVMcU`+jp2f+q(4Q_{TkLNkUg5oPq@)=9wmt=kYvv50rIuQ8HWu)Q%6^MO@n^`
zQWaH>>hljkj94MMu>R9D{zXJpd&$|73c)}f1^ZJ9BdjVbek4A>v0Dy06nBbCk0Zc6
zDNG2%@mo}q7}J8n&!wYcqrk_NCCj{{6;dh~Ql!&V!leAk(NF*e0BryYPTU;gPbjaa
z5G#;^0KR=_P9C}Oo*sUC<Hnw|YmZ24@Z2{O?_D_I`2FXe1Xsk4M(eXDf9_oUZgV8t
z^M>1o(xao~y}d95tUsqJ;4bYY&CvTjsk9o?d926#2?D`~<PL0TC<e_W7F{LzzY6?|
z{wU;fV}xiS3aD9|cLfZgN(gE%t5tWIcV4!HNSj^O(VghedGv{%J1(h{M*K-erZh}L
zUdsoFab_u9@OIwI9%+r$4vP)DxuRIF>)Y>`X{1?`9fwcNeON+e2HvL>u7^}csn2Q$
zS9!eOlHDSRvvIZf>OPcHdv$sSov)0EtEduRu6qS|Zjz504%Pu{xjoG4T1<Z;+X6G?
z$+Oa0YZ#aKXO0ZU;;=>ODQ7fjk{PgMDFv>WvNB%*M?HzH1GganrIhptAeR!4D`{&(
zg-2qd-M9Vz0@F@Idj)lp<m+3{i{m&KhsUbdvB#E|#o6Mq%GlySSd3!a;-I$imXLo;
zG1!5Y^F{rLvEcKvjsqx0RjP14Jw07yk_pNmxPPkFLSXfw)Q~ZlU$K;2y&9N{Aa*?K
z?^iAIF>uxcy&^~l%At)+^$i%K+#-+(;B{b)Y<YS9)&<df;N<2V(mBr@nhD^S^3Kzp
zSTxE2MUAP^IB~4WQ1mPcU6|fFD1`~}Z1L#4&MENAcQG1;p+IoR9Y(D}|Ho@uj&-BI
z2jbqu<&aGHhgZ9fj*9<mYr0SmsX+kR3~iWJ22!FaqHSXqlq2>t4;fi;Z3?V~MH?TY
zT_U|ZAFNutSvt%)+IX-4x9FRZ$_{XHsZo#0_Zt6*X}}=-=63wmn=_V292@Iy_5P7n
z*F7zJsFdjdh&pGQtElY%!z_8;6aeG_6hdC?@#k)`c)>f)-B2|56{CnL_I1Q)9X-7`
z@Y9sB?@px=C`9o>9=wDRP(?_uyTDxgb{!z#|H=RyOP3`xwE41wLDt1qBD#s{2Skzu
zn8*RZP5Q^{QPmA31dlq2oNFxdRka2=?#FS+=kY!PQ|++P9(IWpZEbkr^eAt8K{7so
zJHyT(`ylYxNLmNE?f@XDPGAv{bO{Xcf*d4h9Ce2bMGK8N2!DKk#^S8F;2(9cB<e-0
zhp>~@5K+-8gL&&W6>KPXTy>lqa@E)b4=!&6e7rSsEQ8-yDiYgb+UU8jno)67ht(kA
zu_IESjBuDYws-zA=`@ce2mXcupX|>a0M6^)2}UTc5ilD^kIhMhtLOT7y<=t(&lPq3
zbFo@pJ__86;h)~zRT{Pa0FUp$et%Kd`?N%Il8-w>mQ$a6T<3E<|FdPNOH6P}gMS@$
z?5-(n*ck~LGgval=|47ChwLPtq;4n~WEMW_1Vgc_6RP)x<y~C5KLyJ_{T8bc)Y<N#
zJ5gbk2@&<c%Sf6?-OgWqa5#}p1l$$uEoq!-d#FBm*p)0ZEfzkH|AN^asMzP&NUx^~
z0m{FxgB@xm4AS+=avFE;_5wLxTzNR&#<c8{El9Y$0vfSRv0+IWv1L$8R;_*#4@!pi
z93Ax+rlqBo$fT13tIDhHzxs%m1QF)LNk~y(=cI@R(cK%R_x~!01wA^nQ84f8w?FF&
zrN@lIwxiTKS?2A7f|D!4-*5Hvz^hFwdgkH66PV`BG`0JbK_x<nVgIIMj&<9{PiT~a
z!;I|*$<@LZYB)xZ%BR5QF8@lyQoKxofSxY!yYiy=EIJ1DO6aH9Wb@xrALgg+v-qMU
zy!$QnTfR>pqAgdu>oYWhx+Ph{_TX&TMp>X~U14$3cvWdn;GraBH0bH-=;)}guUE+D
z2RN6_&CQz7qpzcgi_8Cgd7hJJt*gz_9M%ALDMNNx61l&^1xpS(7_o3d$s|?E;i!R3
zA|a?^*fM~E;h;IsRDg=jWC)ffoVVNB0)T3iOa<lXlIIy(DU-Gf|7FOhJYqApG1;4<
zN6%-;d4>IN{R??$3zd^yAPEHJB^@HPoGQjw<G_k7S`(4}MXkl}^dQA3VXZI+zAIVI
zldHr10=a<5Y-=mp=c)<G=#HBz&{<mDCwSXkS5p4Vly8$Dt|3;C&}vJ6d*gM6vkK;o
z!Af&2l!g9upsrsS{t#>FPJ?G;rBEBAsQ?s=Y*})l=;kF0V5r`1pAaDRKmT=hAiuS4
zf*R=hAv|IGUo6}eX&}6m+CFQG(k&eNlNS8xF_jNVqG`oA3mxSDeSq&X$!~W1K$M2U
zQ;(D|wmH&W_)J}#t&IQSwxGsXi}F)GL&OCzPsmk@M$&Z$Z-iW`!TuwmWaY{H3@>d>
znf2wkk0Pfj_!SKuR;xyEuQ~A_*~=SBIWHB7-hUnb87LO9KBcOg{iE;Pa}JdEtAraR
zfg=rdZ!qORdShqhMO?Yfi~VhE?RC-F9{mqBWltQ7!}}>LjlD_P@`<K?%T`M|H?92t
zK&BmE(%1*u>e8eNcZVEwaKI79q$>Ucx{5C>Ia0YM_4}4LwiW4YO(5NA;mkfm)cjv$
zAH1T$S0idH!-`3T&u+=)A2H(JL(UpVI)N3PNj?vlbPx?iXmgkUM;2|J-2&QWAdLSH
zynxBlxKVAFmi<`+xK`NzmDqExe6q4m5%=eEl>3;+IAQ82x?=_Z9WCoe*cJs$7(2-f
z<w2%s)|avVyP+xL|E{?uz&~#W0o&yibKQ|9np?U^Di~YQ{*V0=h*N5`0v-c(upW-H
z3w{S$ArW0`MQoHbTm0{tS_orWXrkk>9wBYPh{{N_x>2NR+LdUV+irO-kNw|&{{qK`
zz81ZPia=_o#ddxfmV@K&MaNEMoL=eszfXK#na#;eGYT{M4E5uf0yNvx@72_1K*yix
z!Z-0BRZ7kSEbJ(4Og034?XC-*!;>0e!dUFE6ywhCP4a(0DliNE&&9fB!*0nHrZL&_
zF4K}Ade&t3tQ}SHf43PxwZWlthYEKpgLL%1PRUF>-xF!t0X?3j#~=Sci0kVi*OvBZ
z<8?`FpNaS=WIlyT)Y>zJ{DLr<ts2h%E-(r5g@p!HQ$D+J#jL)I%$@R}6%#2nS>f&f
zh)l`@fvTA}Inbq2*BJXfzxIScS}~|*X%zY&|9Hf}a1)~hPr!nyNeN5$<s<3(Yq0TX
zWAkO&u!HPd(fAqxfW3n0^&0+yvsv60H8ifpn%ktpUQp?Mz%&?J1rV2y@OJU~Un&^4
zJ&yc#>2!8~eS@YpuVZ0l57mf|M_&ELZQVI4$q)ctAV^J1s{)b}QTg7ZR(^gW&6j-P
ze#3}GU(FE<pAVZO5zA!ieo(9#>odm$_n1+$SKI5@J-$xhsuflJd=rxXqr>+phwIY}
z>)tRdfePPgTlXty1P{aHw3X`{?$j^PvV(uY!^2m!>*Z&><V0}u;ricvJq9fGu~<ie
znzXJYb4c)fhgdOK-<X!aHW><J3+*&Y&PmN#4w(g^X6?7o`#n7wRCR6kmolItir^mm
zGam=N2>3jLRB2L?LsUN(57d>D^8S4-=o(;>W=DV}u)NR5PO~FSi#Jtg^bV834yXDK
ztU7yc$7uluXg;5hyPRB{RTiL708{oQP~UP`%@+f-n;~Q7=3sHMi=zOxUT=##gt1vA
zDFZPsM(*B=8<QB1vh6imx+Y<)FM74J-;q0g`+2uHkV2Tn^%^D$DZWZvkTQlEubZ?)
zb-liRqj3OY=`sfk=l(n&^&?-t*>p4A49tESa6Ksl$r^bsx9h7lk7GJd)J?=$60!fG
zYniHmDGZZm$;<)D1Yjk?X}8t{knvL22qhl??u`Gu)K@z|>`}B&T|@9}XYcY)3OfpB
z^8E}YgesHYsrC9eCB4k<!&qbeR<ImU`_l$KCs5+Y)_4v}fyRbg`%j0irmG&5Txgni
zw+w6oKL9L?nZaCx;f+S3V_+XhUhTKTQ+AHw{Xtfn_aZh~e}<GF7H$)2g;~qF$z~F}
zK3Uhg!Q%T6R;9LeWr&s<xxLnLwxl5du$xN75JH&l=la7*(AOd)BfxdJ;pF)j&NbSn
z6C9jl6khqZcSmTn+kh6e`4q0@U6<Egp5LF<kJn=X05J=s`0vkuU5BE{XRw%!0}IXP
zKbJ8lr8XFRiEjc02t*AwfeN)-cgovDgx#ju@S?}lxt$c+@jEe;f8!3PCBB_zyHmfe
z<6?T*OzZlLj2Flc_wws#LVjp_xi@S5*n3J)Kam61#`HyuF{6b%2>{!aq~In!4LEk~
z7QS{_IW(A*DU-{82|^Vv(NkCUVmEP@9I;Fw9M<=LmriZvSwW|mzdxOv`O#7NJBE>W
z<Wp=PiZHipj@{!xGUiWL$Hgf5{GM|vwz~Z}8I4NE{vhM>s;Wl2&aSSSbWvl#?U)ao
z=0D76dHD&jPUCwz_`d(!)1DQeZb_iq*cG<Sp*{MVoy9#(Bjo$evH0^Ao?sOx%*E#0
zcbk;;n8<7Zq~c!y0vV95bR7Y8Y^>x<Xd?mqK-dUP?{4uojvDwgwbyKjq@Lch*WmhM
zj_TQ$>?H8ab=@tL4Mqs>iCf~It!CC~Kc?XX;B;}WQuNDb8&E;tj7$+fgSjT9=^NGf
z-V0|JlAU>n<*_{-yI|Hz)f=z7I4$Crx=Jl^%^rcl+hwfV4jcGi!2_4$(O!nU+xuaU
z=Suhedc^OS(g0ocaV(KCiuJ7};Con4SpRXBN?N2|vzqt#;l_Wi1J(tshBfruFial-
zt?D0r3RMvS3IUTYa@aTo21(gTNKS4FK=`uRt+7os0DRFjR5I~$XlNms@c@7Kv!#*>
z4y+E^bCpSjm*zY7=Q$G1&~ehYS-Fm}BM)RkE}x^1Y5o^m^0btcE@0KxBw5h#sev{)
z7-z~86d*k{mCqfc_PWkY&3^R9Uw|RjW*$%dq?61{Mb_=fr1Cn4WUHYIrIoR1uOZqO
z(^JC}&)ZJbLB(=4l6VXolLvtIlnGSOW-aJ;iEJ+`nVo8~L7YPn%u#+h{h@KfSEkGD
zF^4-s#SRGzJ0qMBagR0^>Io-vNQ;R1@w;>>fzSRqXpD0jFp>_R;5f!)!tE>~XK`B9
zc3x+`E-v_NyGt}RjVs{hb_kmRBxZr9F$MF<jNfZEwQqY^y=~8DRdX<lEdAyHQuhb%
z$0GnS?)`Y_JzXg4eSbcOI|hvCV67h<5BnC`gfDGwY9iY4%X6xx96=>4fkVGBN|<Rk
zfHCcGQouKpD;p$&J-XWqI6{tV=@)uvy<i+l&EGm72r#HEmj|d6g-iq%7$&Hs+3P(>
zb>J0$BeI~@{B+wiWr>;_tCA`D(ARx((i<Z~c=7KTmyo6rbJ!KmbJLiSFcjZw<Kn|0
zaD>@D-rFUOY?5-gWT@7m&DQr`W!L<{G?<W*q6$<gCkTui*H0DS3B4_6{a;345d(E2
z;!(+YJfNj)Y-kT~)Ei<8!8ZW)mZ=DfQGdfqPXaFk5Zvb^h~5CzSB6BQ1rXlA%-O<Q
zSrot>H}Ay>IXN{S%}<;=#DYvyJK%$Itk*#-G(2Go@;sM71;+Dt!{tz!eEi-P+jQ_m
z`k?jT8|~Y3XSTk25~9(7oB0x@f!6%(b^FxEW7p|b=2Srb((MUW6c%QQfbM0jT)FT0
z?op{l7D98$Vc>f!rD{=Ac|Y=z63$ibsCffJyUg5jG4J3PPam<1!*7r(JyQ^5mum`i
zM1RI`S(7BqF>puS?$QIxVu^nurQ_Vse-WW!3np>Rg6b$Bgg)wFthV@K-T>k{XEk5{
z^x<pz%IA^5ecjcdRHVuul&@V&E2$6EW`LxnA;!{|(F3rmZESclFFybZoC4p&BEUhD
z9EP4f3V6TEmq~Noq?;`@*Tm84z)6x9Dc&{RPbVhm{@Jr6#<Bs#V9w60anfAjEQ;XD
zuSZ?3?7UW)7Zo8Zbv>qdXi@x~Pp468xsL>FX1toODm~5uKJ*9Uh?WgL{5NagbzFAO
zs}!<2eCK=9E}w6*7W8eq_R%cNk-QDsz0-aYKS`cv1CYc5AHCE}2_aN`vj_dKv?=gQ
z;aE?<j#iOGJ327%Vv#%}`L3R7PwgqiuREGENK$1vvpL$0t2x?f@?}YK_DtKT@C0GP
zc&35~c-(A;eA)MeiVejG(jd7G3>{hf?+WbqN9nq%+}=$%*9R@=4WNbG&H>2O_iX@&
z-GR0kTR&GM;o(jHj}MH;>v_|m;Y|$qFm42m*ie|9La8aVv}YC-4v4)I3h3a()tgT3
z*$ILGtljJH5u)ovWK+-0`3at6(4A`x?n;<F*qq(dFI^9#{f@%*pn@@}HxILYJE9uy
zt5uAb4?OVR(%iY%+GP(#S>Uu6`x#V)OgQW<9PrQ8Mwdy#a4?z3)q|OoO~3amTk!$s
z&DX2WGm0czP0>m$#(mg0q7iE;pWHEFH(v4-Q<s4xu2JyD<hU!D8U~KU#ab_EMh7Qr
z#Wz81PqK8l@1ZoYOyU>^M!K0v%L@?Kx4h5kF~*GchN6H;K!|*Ptg$QcQsCohX8&iL
z%5OwV45lKL3W!W=PTz?ymaO>kGLy~=x~-Nk@JD4H)v;spP)aypfH$=ppezOev}s=8
z^*B*cwf3nv;=S(NKdqQS3%CA)?O=FQHGsOXRp~J2KPVl)U3qbDH{s9n<095hCZNvE
zcYO3DeyPi$vvtFhR@+Ecqzv!<#y>+fT~ht&A-^NWv@Nhcv!2&PyyzmHsfcFYX0!zk
zj_En>=;$b7OaCEc9n-(14%5g>ZxvNAFX?t|{xQZTyv;KHv*9Z$8*vJ0+$C}LM!|-^
zJ|s>!Ok-jmH@qLmJ%J^A=qe&2A+~xDb(7HuSJ|(G@4PA&16~$uWWRmB3j=jC0ci~>
z4v>Iz2D&ZkYHAga+=v9+_khH2vfbmS#yfa>II-<jCU|wfYSPFlWwkRJWe?Aj(*ZTt
zNIX7od+ficHA<xkaI*n~p4T+jG0-%EbQkpVdjrI*koyf@uw4kxsfo_hb{Z(Ut&e_c
zzaJaTA7l}TPdh_F3IzHO$9^yG)~(Sp?myZLN1|gqu3VNv#|18zK0qN6U48>Q9Pw3M
zX8FncEiAN4cMwKv4jm5a`?>j}R2fOn!eQ`Oc$d)4lEbk@p~6`2i$X9>5RaC~T3-J5
zn^`(#%ahtkoFAa(>j16w#l;N(^(|*X=jY>fv6K~L?98JgDO_we`$zi^`!)l8!-@Lw
zYkmO)Z>&=q3j`Xe9FS>gVyXr$Y&6NDJ(M}Zky02Hhi2AaELk=esQ4O*dmO<hSS^%R
zD25jn7XG8y4~EYzKqmtUAwbXD2ZZ~{<^(|88UYA|V-4IrrvG5%8X#WS8ov!ee1dM;
zK6nCvTNgYV*e7g?wEcHraR_`oTwKE$U`PTDxmCvASC%F%<kx-~#%?y3BiT&Y0uk`A
zxu{9^^oqnjTrGX?y_1taYLoBLr{Im;gaVG9+cq9}ug^|ut=F)F+NF(}I(k|A&Fh{*
z!ML-AP^*~V(sV>JwKzSr?V&7Doni2BUq=Iey&k4ga>X^Y40m1$#5H0r6&_nzTL*uf
zB^Mqq#|QG7RM?7sp_teAw)h)22Wd?FqRM7RmA`9*x-W(4{M)iFCJE7smCJtNawE)5
ziM&Y)v}-7vz0uGk4MK`F=W&A`83;pAqZ$Mts{wuBu%=~3Mp*ie{m{UU7KbH3GiDHp
z!&Gdo#SS|LXz+E%nrn5qR=^($_{2sw_U#AFjC$qd<wWqu$Pb{vh-$ipdgBZMe9CR1
z*i^chh;NNS{}8H}U^N-cMF@t`cyxEm?J=_`3m-ZQ_rDZu7<~PflxFDi?@#7)33a)z
z-p%%j^qqG0s}wS|Jsx=IKVAoNe-+$jS6gm_n5wI;`Rlf?zoxx;R!d9J-&(7d7f`dT
zd@<0A4QKYuz>#|(B-3Um+m^udx-Ba0?Y%Vp;ry9aC${SSdpJe6yWNz|L?Po3zznQ@
zw~mvP#ud{QzNs>kfTyjjq(m4c3NMleorjvNN5vrQBfjH8`9p94ZJ<=m5}tq>`C@OD
zfzo7+!Cbx8Q|<O=o$r$~#+N?Ip1o*VX=!Owbnn-N{P+8cvb<Yfl>H3=&Uu(D!_c3h
z!9V~+JAp<uR7IN7STqK$D%D43gB%eYD+1qbNMKkGe&hGa=dJiuRA16(VCoCFpOa8d
z5K_-JEBNu_3Q%$(Ye)s(-M$juCZ!eZyQowt_&Gg9&2Vho_YNV%<gB{AubF1t2*<u>
z6F6A8Jijf`Crs6J{^_Mf@rh>O-F^hMN_M-DwTu+(k+IL{kHN@=J@1J67*A?Sqjb@@
z@2JbDd%+W|#?RK%X>H~-=ebnKL2>k0zgifb#yselHn)dJE_4%D{Bp-uQUW$<(AC9{
z6Q64vLRZ_0VIvDG#nOXe8@>!vw0!Dgdcud*QiRV<vUsEzU{ph3<H{)Y0=D>Y0Ol+f
z_}}lqz78M2BF7|$R;7UBU%L_5JOZ*gjd~rZ^t3E;)v(2PJ1*+I!e-4g<_;F<@dV{v
zL_ja%RG5G^^^1abz82tn0u5{{y`<j33`&Jh%coEzgZKT2Hkwv*TOv!j#ul;kZ~e=|
z5w@6{KcdsiA^)bevTgFY43j7ftWBS}@|=Lr4vetHE;EJFOjzQW)KxZecw(_PaDBF)
z55{$ap~YjH*yQ(c#tW*JT-TqtIz9Hl*3#G0gDxs8FNeF;Rb+1hH=16VC6Nv)Z6ldK
zfVWTMK@OYd{9@Hy@N1zrAOM3U7TA&GGDSr`X}7er6oIkJaWiHd`)&*9TYo;Sw#|2)
zmjZglNk)o#xlej^!G^c&ekGC!uuhnK&?##Vf2teCsE~t!4I!lX(vowK4uWq}G7$y?
zVM@eDBs^aP*h<c3UXZ<BLWLL!_1upA&*bZ4JkEeY*gqg=@gqM1(d%O<XohI@cwDcj
z6R}{TP6*D%=MYtar;%GeBVD-C8=NY{_$R;k2W{X5;x2E^eMetX8bkS+j`KLOJTDX7
z%%s~}RRjt_4~4DR!Z*2e9YTD)^48hkkCZN(dfmTT@$|!yCB|7{dg_=D*q1yGI7|h<
z<ItmL*;@YQOg3}$KB`niRz}rUJZY;d-Y1`FQMVjU)3K+9oU=sNUN2K13RS6C1U9B&
z2TJ{F#N%XHN|JfN5<pb29BGUI^pq8rW4DZB=uHclR!m~}Z%Kh*+VI3@Nzfa;v{%kT
z$~T~ll8$gWDOd)&`{BG~E=Jh1hILE7<^63GrGRPNGau>Ax{cnR>OA1%0Jscl&i85I
zW5OeUZFqV_ZR^x3gu~=xab_M*tNGZ1@1UsNYQbnA<;3n*Eo_HTb$+31*(prip9(nk
z)g`&^rsCow>5ERF6=lrUZT{SRvjS2U8XDB+?K=mna1e}e^ZtqCxtM>&=iDrv??v>B
z7idg`KCg&@XU-`X$3W`nSuElE-t@CDdEV?ueWwKZiv-pJjAsDI3l&X@RfCZ7G6O7X
z(G+-tz;J)!SmY$VmBjh|-PC}A57}hD9`sEJ6D~e2l@`(EbMZJSD{bosSiVt3lv?gN
zz+N%-!0Y7q@+WnU4%q9aebRu5{a!t(CF(n!P)zo_q1zo~<9Wbe{i&zg8ZN)Jv+rdC
zwe2Sl;dlbJe%?K;np0NmWaH28<_SSFzO~Op-(x7<HWt;B`e{^847=C`?vEq4TOh<@
zQ*pXDB-uJ}sp3>m#>dA8e`*jiTgOdR;6Ec{vlu>N-fPFl(!k<`m6l(}a%`=5HO>b?
z!ltFCV*x*Tydkq5klUYL(cg{=+mwK$%6KwEwU+%LO)$c4!NNeE`e}C_-=7r`{^c$J
zXe?5U>IuxGMx-9re8=+}8@`v#zs6g=5(s$Q0WXX=n9hn>`a=&qB@qs5aTo7T$zmg^
z2>#6udIn*I>caIQD!NAi2mEi}rETX4dhE8ztZ(PQHa;OV7Dy*1@m%I31RlU!^fR20
zNUf1kYlHDD{rb0pr1P8GHT(95m+{)(A`dO`$_<(d*0)W*#y<_Gw3Gt%w>w|6ub$b;
zi+uVorp8V7VMmu-a2&7}WhY?*iwmm!<~11ULcx%Zy6&nPpkbjfAeSY{AyP{Wa#zjz
zl8Vl0qzh9+!aeHp8vV&Fvn;#n?naZ}Gso;~K{p3DaCmFKA(c<6k?61Xj!;9^U8y?)
z;i@$S0d78`39dZ-$pc``u(&-KE8hURsHCsq;o%buorq^um=1|R8z|5F|MB#W@o~N1
z_jl0PZS16JY&SL<+cq0pO&Z&_ZL2YxOl;e>?$gircmE&Gd1a6@XRfoawbtJ6<5ECN
z!bbQC_HR%zl~})}eXbp75!@jueJ0cJHheqxAd*HrSx_Pq`rkbWQ_I@^?QUUVZcZ@z
zAKwT-$wc9CoJX)s2-FVqOqp+W__$XuHZjegr@~@3R|pPFot6FQ>UPf7i>e07x#Jh)
zyx`Jv-jeI0P8#|}CLa*2E}=6PJNxQu_uk7#`_+83P;<O{nvdyH)YM;<0?<(oC?{Dv
z3^R_J+?ozS2%$Alf{49qBX*^tF-06nrlsOeIv|<26VKO3eAp3)XmYh?ic&k3pr?hA
zyzn%@$~RIGkDHtK3~WZk#q|_RD;#wa!cx<A0IOmo4hyu)&0ew|pR4UedtO)Azj5cl
z9ys7$Anczd3WzRsmuaK6`P79%;oJknlkfN5XWBLsKkk4eOqbi0A@<*yBAFG7;!Gg*
zR11hT7XaqSKa}{!=^1m5r||axGPUIcYX@6{)8=gc^T$n0mzo?UuSxpjuRfzM&|<C?
zQD^LoeC{Gka)T=C9S<?CvL){);G&)=Nb$Nrol92aeC;xszun%eDj&PvGY#_PzY!xt
z*xC2D63HY@#Q2Pm8@LKsd8%q^a?8|B;crbCWC_$}yWfvF&TYCHb}ogw?pKk&Gm=pB
z7JzPrq~oU$1QE`4ZCO6U$3`I$HOw(Y5!fwOS^k0^1nGJbc;8N8kNg8EP4c}|{8%&p
zcU@r6sP^yJV~4kLIAbBU+stLpe4TQl;_?GO^ZZgir?aZ)YJz<VTmt~W<^rhWA_Z(c
z*tI3tSpm{9*vSd<-uG}Bd~M*)@<#OiQ<_eL*%15}v)K6XqcF*zkfu(mX3(IsHfrrf
z3GYCV;bj<KK}Cf%C`a%m0^YT81HHOmjnw4##QA-CyS2jRLe>IgRJPv{Enz4-FhwEI
zc{csSZoy}V1JC~Yd`0)Ab9yv|=}qUN@MxleLy@5?%WZ3Jzm#EtpWo)pk)h&sa`xLK
z&q0&RYi=>^p`}WRpMVZOaQWIz>v`YJMP_VFn8bqRFMo~V^vBu`m<o7FL_F6LVQ=s%
zPPtGMpDXV#IEVN#DPjPhlN@V6Mz7T*9kl1oWSI}uBT@eGuoJJmYxQ}pt8Ck!z}<aF
zGO&IWFi|~sPT=2nxR(~-)nb3ma+9^ONa6l9tF9#VMDHeoi$ApA5xe<StLCy+M{C84
zb=-KMosuCiEcjN2F&cIw<Y^=cl%8U5Zq48?5!+1`uV>j?dmN9+df8p4u5|n#-9b`5
zjr)1!NxGLnZcq1lWRgC^e%?J4gJ#b1ggBdln&+Py+?MsDFo%-bB404Ir3&Fma7RHB
zYUtMr%Feb;_QU~EU&Q-KJ3^g@^yq48E28OSmiP4t1(Ex1ED%PNVCbN^-RuYx=BQsL
zEd5A2#a=p1i1StkST9XE@qd5V>tJ_mabx%NXap%}=sz6WqLwzck|Jq6`AvEK*!ZyR
zF(sV7=!DZ!14iY89R>0OzstLR8v<r&Gj{?_9!r%RnCPf!slp{LuHSBh&e{pzD9^&@
zR0>d^fV4r&-Mp4B9XCqA5^%eVBv`o@+w(W>oeyw3)R>Cf9g}1I*i*}Xzni4cehd!I
zcDFefG9iMTMT)`e0yMLAAO-+zodN0ib0}0PNR-yWs+;Ad=3)~H64Gse=p`!*Sz-Vo
zjpFsTx?}!kEoo+LA19R~DPxcIBCd>|c<mCh_-JbVYJG-Q(SGVlgcOZx+DXP^#fN{j
z)};5aY~A6k74nD8Y;ejpIScM!L&_DsJTA%-&3Cs<g>K4EZYL`Gwt*C{pZyE+0%3Qb
zQq8iSmL`3Iz$<=e@-wEzeqeP!4gg6vEe(y$i{wS;^d4GR5YK6x&(t+|?e#Ay%eNJx
zmy08{kDZw8b+<XX509O<NxZbf;+#Tugj8f7K)lM=0>Uqu3RxkT1wsL6s&{&26Yoi+
zynjv|UH2x-{yJbVIIW{}d_b-HgY*cXWs4Rp*m?_d`B^S?ZwNS37d>Oz(lL(em_76s
zYYh6z%F0mBov&8~ql5wyZ9cGh;pluit!{JX7+!bO8!Nae2}HVm7CQ_>BYc8es@ee%
z!%po1X?54%WLj4*j;(gOteI18nXDCjPHvked3+@~$Y9lenhPRj6gC&`j^iAngaiy9
zlx@xle<%b(x6NPw)Hgs;Q7JtWtpC;H4G2m=8s*VyY4vF=w!7sb9EwKx={W8WM{f?9
zX(SPg!$EEOS@TMhF!Zf3;l@L}zcMwHWRP+<;6-WKG|uG+27r#xcWs<B02hP4q}?p5
zeVs-GPhZ>kG5a|SI#%_{A1p6V=pV>xV%;q3W0;9Ph7MLjGKhKvOkSfsMy6Q&#OR?j
z>dEjtxoT&+g8lCrvuab{7scG3`2f{UyA6eZPL!n7rvtuJiCJ3pl=n%gD_{QPAB{}{
z>48F?s+Oy!kqX=rYDjVyb}`+5&#%CRrC<=LDh~r>o3yCKoBe{O78f}Im;ero>3Awj
zaa9#^BSgRw;8L9eX<Hzv2;f^fi&_7i29{TSyfmQjX|;?U=I%5T)IQK_MX!6sXwKst
zIdR2GNc05VX=`X`=yNz!OEEjWuRgvCS5|xCy$M$~8DwdAY(`6=&~^-!HwgI}fu5XT
zhpUS4xHEv+zWLoL+><ix;{~qe;HphKO1D*?!>tc1VXC~Yy1t4|oaZ9^_{0^dsr#~I
z4P>w4S<KkDM~o#EHf)|%&N^&3T@0NLOWY*ko>gI4;6*C`h1G|JT<<#R802Jp65u&l
z<?uL2gR!Fd^KbniSTgI)1K*R3_cW$E?*&|`SvgDuYo;?lgsU;~5y1CVA(Ok^HXcMg
z9zZ7F0RDiZu<%>2XiawhULgh~On;b^^@>>F;W}6D)Gh;^!SUbOiU-A;{T8VtPv^hT
zYgrnWgTZNuTH??bmeFa-tmK36yHF*Wc^GXmhlGLehFK|lsxwj*PRR!VowH~7$(-`G
zQ+ya|O=uzcKjtOt$+QgoTj7bDMqm+9W&#5p+E2`xo3{UKaVMCw{YR?NBf4)6w#lWT
zKmX@quLX2qGw@gl#2-m>7>500qWqhy|J8_oY{5Pr90?{=b>#m{bqwYloE;J>*4()N
z-?_ehKf1?C-$QRkH~k+?b;=1#D6pQC?i}5yH=?NZT=)8<;J;_z>L*|WuU5d0)gdsM
z%5vZbiM;4>Qt8+Sz)4mguXap=bSE}GQRj_p0o+3#0O*0X__*x9e0P{1T^2&#S7$N?
zIs`qV+M1gSl#+&RCrWwJwd%y*IwJg-!5e8!)*^{R03VL1I6ssIcD$NSpP0RmXG?)}
zX-&oL(xuCajVnO@97F8<gbw?Ie1)zHkUD{+SOek%drr$zSsjyqnwFMr+Yvd=VFChu
z3s|ZO*~e2G)EsyP{mNPliLksMBs8MHBM{aVR1tXwTm&+QJq~P}9J{(sB!N+AXrk6T
zie{_0T}<U3zbqUT%H(QRIAy*bQ7oNVZfHkZ?kSn;2u^GBE%+@98j0(Fdt6}up4;{h
z@gfmBkMamWQUEoC>-W^>DE@c1)J3V1l9HDFG^?uibKqd^>pn;K)7ej78mv2N{i2+v
zRY3l)D+AJhgqA(eBb9WnYtG4tPNV-N-bF>PGk(g;6a3MvtgK}A+D|phgC=EkJ=eye
zB=dPY(JKe3#cKIFv=`AX`BP)tiIfO|830{z+700UBKEugtYzR`|HXGP8YJTJ%X0((
z0BRy;a^4M5hD5~tMe70K()T?6Ky)@XHWD;0AUXAO!)+%Lb~nhrYs*Y6m@U+~Fcj`i
zXoxHyk3HoY`49$|KZ3-m9oSN6t4e8VYRcn=^y&*)42u}Y-+%GKUS$@=#0{h5F!T8p
zK*zu^i98Di!AY871*C`>qH6ncO{~IcnNlgV<OG_sh;>}P!44zkecrc-JZ{L*f7?X0
zbK=ZETEN^DbmRt3W^72wZ7mlr@ibbX&F|ja#DNIpJmw5nfuFc|cng_E>JJ@e;Shme
z$HZO4N!x|?sUn)1_}Euh9Rz&?dzgM;`$rxQR;M(_kRk+{(&|HNgI|tNWJeHiH}(Cw
z0iu7v{4pqFJfn|rhA!-1t2Lu!vQJdS84f^~!;Z1ha5uoZ6z+sZ!u|aZsl+%;SM$S<
zeg`O+eE{XzA-Fc0=Xw}W1;f7b0tvzi0LfF3GbF-p!T$zGJVT1;2@PLs4}ouV4CC<?
zqCK+hAM!J=v`;!Alye%`!E8tDxKT)_*a4d2@GbK2C>W87#61D5QA+f+wrfQ6XaJI-
zazZg%*^EB~o`#mOV|-GKHd@X+FpYvBR2<*_lV*mrF93!`OWg7jVJ}}*ggD7^^>cch
z#c`e|F!|qksB1M@0{Sba`cWU-X!fx**i`FRd;REtQ=R{W462oPb(cg`g=kv?_63BH
zTC8xhV6>Th-fiO=*nb$QX=to0Erp26;zYWs+QDuS%)wwg03Q-CtCxQF3ZnhZ<|i_^
z6#+o4C&0xYLv!gq1i&p}ZTy_wfRM2y3o-@4d=~!h7RYX0bg&xC#Q)bTa4NU~?oMI?
zq?nIGz>`+~JRN1tRijDYDbSK5l|=iiESLIU2ZTZ+F-lLZQHR4{wuO?GO|7hlUURF=
zYos(SclYnFKj&p{kaI^1CPw2XT>n{r4VT&@;GD@o|Ak`g9pr#wF8=NxJw^S$J7F|c
zoItItk7vMI7S}~C@46&(jq6m(Sr4#s`JV+7Z`pnst^tiE0QHBx0v}tLnk{%$DgyXi
zUEYE=V6(zbbqrmPq@Q%Z?a@sipD`}H(M@_9G&KI4{D)=*);J|m_$X(L6ab!lL?Y=7
zt{pZ=iE)53ACY0=AHDu5X?rkYbgDToIz}mBdZ-9gRj}SoQdNS1==-v=5d_3k4Zq*b
zD*Y>3Py0{*rR_DGhKUDE0jBK)IVm2r0HA7o@2&al1GKB4;IW_5TnwJpZsyeO6OZF!
zd%^Bz-CC1WplHxyujDcsFjr|d!tZ^>a{iGuUm}YDZ|!9RPKgh!d;p9Jlg6J)si>sD
z3wmt=5C=MqL!Y;L?=oFA<n<)M8yfFwul^#L1R@IPCVpt1u@c1^jtiGCFHO?^##syf
zeL&><Jd;f>mxZ|XOOwcXRw3p<w)(sRLHakK<D39wroOOC1(FHCU;`L9KzfpR5AY0<
z8*{+~7DBmz9g5o5h+j`g9IJjiiQ>T%YM5&PqL?1&ODMnx!tIP!@^KO!!0YG>8DK2J
zP~w<>4uehi*AQ6w%K@N<-bQJvH(MN{IUWiCQr8QBQc6f&*aIj>{|e=wZAV1`$Xq40
zwP;TYaR4ApC7k=KoRxAh6cl@16Y(1$KK?Sd+05l@;M@HK`|rOO2N>37!>PWYBlpR9
zqEs_)bTKV0BD|T^UEZJ)Wg68Apsj_%7-{LzC9N6sMGcTCACP2!udWttbYOkdb!#uu
zIlVEM0<@~1(6bQluAB-eaKUiMk!tq;hjH<qo^tGdoR(~lSdllEV5O+nzy=wMmH*2$
z&J_M(^#T}F0CL@f?Tih3o3>h*27Wsf;4Q|Rtvb!f087p&;6{~h1AqMI$HU8?P4WZs
z+f>umi&Z(gBjj7!e@HuX4+x!VaZhQU=kQjCq?I_T3_MI0+ONCPs}ui6RXo{Rb>_h$
zBDo1fXz9AI_!lJu`0~}?>jgx>PEGBvQnP*+6<7WX5dK4rj=B`3+IW!tm*K;ekrP@1
z<<0}22zaA5v}d%#QzQe%d|`J2uJXxeQ>OnN#|mNoZXi6?>|^<VF#2>qaw#0lXIczR
z5d*E6|CbfSi8CTutjW5f+V4WxT%h=`wiprDr+}PcG(n8|t)V`nnf2enBNC8|p|*D5
z{Pq7nZ8R~>ur_Q%*s;{q|7r}>mRXb6;Nw7}{~nsRVdM_kR6ox`|1Z$T3r000{oxSw
zUxmX9_t`Xr^^0p5Tm#hq0)Z%glCeeH0|JyWUpD^l`M6KIwhke%c(`qdx5odSRaRaw
zS$@tDoSlqybqMGANg!dFj>!8C(B1J6MwoaF2DWBtn~Sin6J0Na)eBZ68c?0Zf)zFN
zQhnEY&pqlqAD!<V^I3qlS5~aydJnL)adX+3l{_?y+;bfX_avX<!>T*(Z_S(wbT_Mo
zy!D$4Yvt8IbRb#7V;|gtl{dPn34q$Y)j!+NY*~45*C{2^CnHbEE~W512{eJRuRD(h
zttgw8YPats%{Tu&H}rm~e}6lzDJUk05t~uU^&GhDk>(uyTY*%G7b|v?IraYLwIt!W
zq>98qVWm~G_PjP4^iWV=xZ$<oIiX<1x(3k(D?88fJ*43qK>OUsyY08RJ<n>~nHqCN
zgk{rh)?e0|Jel?kuX9x+jf6J#L^cqJM~WnFL~Nr)8kqNAqZ#gmrF*L$<IpPS5ZH^G
zN}CvyprZppta4_~-HGQPeQH3kWtu5UZ()J2JYoY$S(LyeX8*brg&=8@7IDag2>*>>
z0tR}qf&BqH=kNm~v@^y!R3S8sbcAZT>09r}=K|(0gD!Fl)XSn6<3hm!U(wlw2#ldq
zdFvHd(g^CDDe>T&_U6nzsLbV8(U-05kIJELzpAD6l8Z|gDj7n|LR^t>>%>aO_{A9A
zB6ez$%_nFKkC{h2gLadmD2d^})O8Gy=7cp>f_XAJsIA~rSrfmGZ#%~hQK%6wGmi<$
zTa7VEndXYkgy&}0F@LYm`8z$592$xlXJeBFAvRooJE9PGD6|s#X=(JkJVQ7dKGxCn
z$gxnlS(`!ak9W1)rmy3ogjSvlNlIcXn1NzoPl^WA2l(Ht5JH)g3m4!r$z3RHUZjLu
zP6cE?ncGiH!BQwfS+)`@SuuA}GhkR~0VgmL)My%?(E>|{&b2}dF}2MK^<#fEte%ck
zh*spFBuU`|-q`=t6<mi&Bn98Ohq_%;G_S5q^eKu9+I>8eP`O<cr?ki^cgC>p7sL|A
z9>o(5iCTFGN~<kq;=0nGqvVp#Kqb%Qsr`%smyibQC|c4KI<zM%Fp05|+^Jj5!_j)c
zLZ-qu%rl9hz|AeXR0u=J7B1-f^KgY?hNBz1mkQe|2;gTn>lqnQ*$|^^|FE{2;N_YX
zr1udMs7I`y(~CPp8Gm{LM}UCVYmKSi*(F8Ba&js{3@J24t@Ep}u%4`kEMH`35?a~$
z)gv4)3;rWAsXQ+Jw&PkDDb`rF_D8R}%<8bAU3?OhQ$|qscQOYFIMFcm-;8_t%p~Gv
z(mx5<hfB{Cp(BepATjoxic_GB((so+4(ioMG7_<v`SrxGJV(;|8bww?T^B*Q^3=x~
zNBp<g#qW!C8k<bTREPwWPWo{Y`Fe#u$<IHhy=$L%#E!*L_m6GoW8Druam`tTIL$NR
zZsvfc{tPC6keR8;0g;Tx?V!h0jZF7-KR**9p5-mdxW(vX99IbC!wAw{F#%(k!1$06
z*<gP~$RZ?9nL1>UW$C7&hh=xq4gL}n1~Hh}vBJdnd5A#<FzGNqAutymz8PAd@YU;e
zdB*`^+W!~ko%0fJ_~Iv>EJ2O-n04VPq^Ut`TR2lmLW894rBPnXYQS3TU(}#P=r|g_
ziY9usRZGfme*H$?M{lT#zs9_@Is4Qk<GRny&HH5pf3Qu>n=&i)0LvtacQficlqE@O
zcx6`dWk>B>XYoVbc#Kxi5z7XL*C;8xTx6VQgL3E_x)Il(R-07S;f|Qr+@HVs^2dxb
zkb^QP3o?4TdFa{XV7S4L#}T6gZOzr8>&-KS=qXb+;2xbOI<VH=Tt~v@x}xnDIr>?j
zK)>ElmRy@{#BGY=;6oVp>Ac=5abQDqMZ97*w&du{!}pE(fbj`K)}7x>mROxS3C|os
zR4fPcX+?kO;?vD>6;!$0>A9>dH6v_h%<iRJPYbVIU^H_%aB$F|Sh4e8P{631Hm4?I
zp=mXBJL+uDZbf5{!p~Uir&oUj@mSamAy2z3HitY!-cThTQK?vr)##%$AIo{msY}&8
z0G^+wGGYB*JTkIKf+}|@DjI%<o$>o9B0-%3Ck4IjwLU(L`gkp(s|o6?Pqp&vBMpKy
z$L6h$v~^gJ3@==U)Y6yFkK_0_?{9wZ(kzClQ-37-1T($|;T3J=fBjWu3_l_cm49~x
zb|ierqQV^z0of;mr#o6hIvx>ID>LZo2h||PH<Koj^-!Kpl>VF+=8J{zd+5WV=j>z8
zQ?w1$qvPvKR^GIo-<PeO=k-MO)i74m<!Y%obdfyw<j#C!g#Y<<40@PljmlIb2u%rI
z<}B1IkY3(6Qfz?&@=;zf%pesCi%OQ9$Ljf1|M|dxlrawcCKU@?7ok~8y`M#A<620z
zNw0PbrIeD_O3tzWn&AaQ9M_%ykQLu1^Lf7GLbur+BA7TDb`%FBYSgC9@H3xm4>JI*
z0gFgc)Ipd8Q~u=F>2C*8EO_hQGFCT%86^pERSsB!<bizxgPR!J`P=X4%L5$Lf#lud
zN!iCJ7O*5iXq>tm!6W#<{M$=t<VA;ND@WB?tZM6!AsznnCyV%=R1%$F1{Z%rir*yq
z+hC$o0_%}~n*SD<kiYy~L9yNRW2RU`O*1fu9uGGzGw*^3e;UqyzrMpEDt&YvTL0qW
zcFoWopi;U0G^uy)scuORZKi0OxUk<GPO0~)A2!Y~`SsMv%bK)JH~K!?;kkn0L}mpZ
z=xKnSf!Dc|=d}$^Ny1b^j0DyFpygJLuX?-mwVwBP>LpqnpP}QK16n>$^!6VZ?hcA7
z7~)hTtrptE9D7SE!fN(6J1XN}ZY^x@e^{Tdkg4_RlJR#honK+IXb<wF1+ZyHFY(on
zqYmbxAd$Q<Hc<W{7@XdYNtIIST-^rODMV?(VonciLTe#;IP7dAVf~K7Ir8VsNUg&a
zd%oGa&!0!QAdwNF5bGBq^qv3olnLW?E@<^3<s!ZE<{*LhHaf_JjVgXh1~F(Wr=OHC
zyk#{A5r%LS$)%Ct8di*&5_f?EAB%pF)K1lYl{SjV<GrbH$FkQPRZNIm<2YY+pT+m%
z;pRZcvp&okwY{Ru=_V5dt%U{1E7i)Sc)Lkf6a056!pdYHtvBnzc6Hv9FPkMZz$CyD
ztAgHLC?Jx+II9K+_prx`aHlOsT02DZkY+9>=63YmtmLl^M4MnP3ZLWsEBPX*%V273
zz&z=N7#IQSu^=RGem{@sGZ`>jACo^L{T2>u_8D$8EfijS1l>GagADhyHyan`l#V_7
zXNYjDF*;cGwhw{5wP@j#6ZQM($_R>SU=&vL1KY8cDUto*A;}&|hDDp5K`&zb{weXb
zthYmtrmxs^^<5Z8bzKw#i!5Q3O>3o?kwks^u1CqVHR}o=ocrB(9g=%<<ZN+X!ku46
zLUzJY1{JqR!z^;~sCbxzH;j!(T;TA1epl9lNzy?Wh#}1bUYrz8nSW@S$IS4N2kOp1
z{yZ<MeSg%maN>>$)f{F&B`{RuD~TIC|Jn&WuXBI1?Y{E0vW#%k8}r8&ZVVv1iLV7k
z7{Gr1?SiTfzBGt^EmDhty`J?m27%O+cGSrHe4JA9Uc;?7&@)l4;frlPT7L=f{di{E
zO?;U4>_5SuULQ~Yb*cC;#*J#8Y<bg6o^Ux%DmOVX8?q7ad<PIBz_+xM6-?YCOMQ1m
zg;n-0@m$bvELI`_j3L3|B6!@Ii2ms6kkd1Me`*aZ1O;cZnfZKaSQ3}>p9l~~Fq;tR
zz3}mSmb5QBy4}Vn{UIAQ1RE=1rc0N{s<}+hG6x&`#cIv1ec2-`uT5jP4i)mQor?TG
zb-FUWIp;ng`oyXeS`}Yx6jRS_`H=Tz0fj*(%~U=6zN^A@zGx;Yb+v1hKi79gp>JCS
zW8aU@T4UMGONDcTZT@!@cwk(8_fvGW?aW~45I;%^K}xKjC`8|H#F<%kVTP?4Z(Uf>
zE!*1RCq&!lTfg5nxeBpU=J7kApY+w>pmdi&f*%iQvG_{rq!VF?_hbdCd1U4edSbsT
zqZRFXxjz``%=Z(oh|kG(LXGVm>k4vP8@h5UYFqOP8}q&?OvN3~Y~R}0zcg|tRvvYQ
zDvMI9oVS?h${*tlfHVB43}f}3E$;DslDk--wb{17lVRLQ{chF;UzyGBUL;FZ@o}5D
zotyvF8>W2V<e>gLf^rFQ3<2$$iv-_Y%Wk<Df8xzR0C`uiz+pT3osLLsvT89MI`$!b
z3WlBi3mF$`A2lo9^6S<Tr!!xsvpJ2944HTqXXYqLK76=Hs#F2!bE*WgcWJ1Qu>Nwl
zg~B=svMhd93^crOx-ha7iV%9;z!>hjTchdKv7)M~g68!S&?CacqdQmU-(A~q7g-n@
zG@lnV@21hHr@ME?7IMaxl9;~Vk#re7*?F_H>78fbu?=?6lIzui6XQORtGQiO>t&i=
zJe#7zv-)RkzpdqnLzFt77Dt^4nAfj6Z5JO4iogc4(R>kR3r9-$8(qumxyz3Q^iPsH
zQZ|_<Py-lZ`9{ffwx)9?jO4s6%rtyE^02WsI4*y9Ql^|J{9e1V$fmB*;a_yw;hA3J
zu26Z!jpy5CK3YtW9~e!qHq)%se)2hO_6v(gt=0dm=q4yFIuh4ZSdB6N&14y3k>+Zi
zwNZE4_wDEVLE|r};1oKGZk~N{8-83I?;g;WClVr4FWN?2cS0nueBit=xBEozqL}8i
z3`=pT{QJ#8JCOi^B)Jy<_dP?P8N@&mZVHpC*HFx_SFuTSv}$rqUSSF=@wD#7r-Hp1
z?hqR9+4JD9CV<sm3hoUGqG1dK?6|<0pjg!<8;;8@VU=SJQuP+MJ-Fh5qel4C<H>af
zqy1QpwVJ)Fp^^c2h)8x=gSQYr6TBi(X#LHbRF(j<Yz=g(b4b^Fxx9h(u++$XmW$i!
zpBC2Ul}vesw5qCRjq^)%iL{IE{g*^4?8>;JH~CWtrnrp;QaX#*4{&?!>I!45v@A~A
z95M`?BSwQfP@#Vq=Z*0P`gdf;nvRC}*r7cut=`mIu_9}f{lA@ry-k1aW+k|qQTQkT
zx2n!SZ8myiOo7DS*tj&<-f;dF+>eD+P5<!*V;YWzg2;i`>A>=QP6Ed?X7hp%e<peM
z73TzJcl7I7d_+FH{l=ddf9Nhjs*{ID0;>;hXZwWerns!cYbh6rY{xN_Z4>r2eYKtW
zdG=vK6`pAe+)8?>79Y{s>JTJsWidRY#co-T`qvpQUF9U^*M_YJ-U_cF$04RKnesj>
zQ$SnB#GXc-J*kcay!XmR4#<Ex_3^PFybfN5PlT&{R46*p2FdHwW^jA=qj)Z8kYSR6
zHjwW+Pa}LrTAMcCor7tZj`mP_M)ED`8u4*>%VM%vOHE!z#O&^VAi31!DS$a+1W-)3
zUicDb!7a?DI`%_!EQ8-Cb`Whn?|e4o_}NrxHR81g%G^a&8lsOb!Nt0BD+8u!o+mWr
zxorZs?&-?tukK6XfAH3?GI*P@El2D;=`I(GiEPAAGJ5=`&C$vbTDV^O(p25{GTg&W
z&UbajXWJWI91((-22z`m6Vv+Q^L%*RKj(?EXNuP8D`WfX%CTwh0)Ll)*S>#a-IAI}
z!xS3XCWfBPOnMs8hN8ILqFD>VUgkG`Crt|dpY+ubb=o9$NSe$LXf}I({l9SRHCqP{
zZ;Yy@<LxJFX2|acJ3~Cz*CTS>4x=p9@0a}5*{|d2{BF;cM0^kTK+f0qqE;@-?R4ww
zxw_+|xLEJ^<BRy?CiRgHXm0b+z#|DqDPr9Q)j!q}Sv?D>=k$obulz6#ew#}Qxq34o
znhS9YC{I{>vepxfrrM<KiGdldi9nRcWzpQ^`w@G}>k@}Ewy7sMUikdNuWSjEzTnjC
zP%iXR@`nmP>`_5SfOE<ssdA&Hq|Ceop=&SLlYlH-r#i@2=<6XA4~zQKq7OJGUlT;#
z3)*IJ`RSkPg<sQsL2mEhgZ;5y`jYP9dR#V8=?mI;_Ery7w^BOgy$tT27^BN~5R*MF
zH#Iq20$ACRf0(^!{Dg{M7AsacY`I-l6MjvYiW%`FMtS_QQ13eWmPa=g_xNq+MJz2j
zUEaKnC$rxis!&H0JsMY4NqFZh7>Pk+-SW8#<2lI<IqkVXngmYtvze$@gQy2=gD@wq
z6B<uJa0cCkH6Hw5Bt>%~c!H=?wZ=)5rr@L3C%yfN_aWc(1$v`O=RJe6Ub|<9VrHkZ
zHz(gdBJ<iX=5^ol(N2of`pxy|WS&<^>;e={58r)`MIS4LlrZ+@>C9{1lgDnUE}^V%
zozexloQI4p7PjsmL_r%KOP4G3c=j(0;_FXie=pj+Zn|~5_IQ({+aAIyKkWDBAM_gk
z3adrB?;h8Fw3)UKRWEIgSh;%NCB<!jo=Ujx>N^6fIEVpwaY9)mwM}~2wCIQ1Ol!7U
zj{EL35B&bCKEc(i50{BA_)UfveX6I<00SzxBE{`8EL3Uu?7RCDAq?Hd+n>F5f*P-0
z@G;jl->0e<I->52I-Pr+rW-z*s5ga-bt#FG$ODv<Q%Cl&Z>FdsIhdiEV-Dft2^-CF
zf21c3z4o-Z_dk3+55O5k?Ylox*E-)_+_s>=5isRrN<s$1&<d8Jv{)7Lp}#<}?aOU5
zkdURtpvISkehVYVR+f(?{)>yJU;z!@<Bt(Lu~KcF`oY5DIn)UyGVrj@-9;4SZDwZX
z`qR|xAob$(JOXwF2{L+T2%oTo)*f+am0#7><w8c-!xp7StZC_^35#3RUS*aJDI{mJ
z$;evHVF+>QAD$c!+9iLdwtz;l&S-g2eG(FLg`%H`lgdMMBQI`oU*I=)53;20vUxCf
zP)8o4(UzhTZ?Jd(7F*QU;P!+!CkoZ%D6I~A6Po}M{65EBztZb=%Q^k&gX@nbgtQQ&
zdxrRK^_ShbKw%+7ZXCOK0|t$A4{;(-W$M`H%cXCT&h}C{?gxPZrE&6k!i>6#v#3<n
zNKR6$oJ1)DcpmS&AypjrfMdrrX4;7f8_eZZo^MhNk%hNgLHSwe*K9ErkC(gdl|Kdz
zN|Ng@gaoHm1?0M=bP>&Yg^~!`@`8qrx-zTcGJ3nj%yv~5S%y7J6%&<2_|mdd<+)m=
z<fu%p<Rn){8KwELC%r9JVIMlubUToVvS^7|hLDoEa+IBUlsIDja6?!PYekAdF9wcS
zEL^bN<6mr!&9D}#%ynwWLYlZO2R7mj?J3@Pckz>l?hZPTADVe)=%5XFDM+$8Pugy#
z5z!G6efbMod+ml`?1ZWr4cdNH>~_=A$a1xm@Gu(bK+;bHE>#7Ue!50=iJAl&jAb^+
zCNG(BemUJ8SV~qU_`e*pFH0%Ai12UEF=3M8B0*<;_mQbcE+x!|7+NKM;l_whe}*rA
z%gb5qozP=>wfNWwADEZqlkgY2AR3Hi*|~Sj)5~y!@sE9&9LqhcjZV0;>4)ErsZcgR
z2FeDCPA@j`s$zr;eK~!rBw_g!h>UAXrhnl(()=>{HliT+QLu5t;bpat;<@3bXe`xv
z^IBwc;ob0_IR{gPQpo;u?*#^;i2zmJTo)a=TnSwS-15huN0bY1%jC!3@7Ax<EqomO
za}QWIWnDLKs!kr&Xcq3BDs%9yiP^&H;Ef5N3e>7iA!f4tO#ax$VL0|2)qmO(L{XdE
z1(V3CTt}lRz!MIS@hTSJdg2j&VV$NCt`%U_HcmwdITN1<D<vJ3xi)uC=9l^D=_@l=
zfBi<lHceX9anj=t$3j7DI4;r)iCk{av*P041bHO$O_axivv;d!Fy>6<6Hc_7%ead?
zH^OA%7xBgMYY`CYcvD|dO<EQ^QBPu0w3ZC!W-t207!4M$+KDw5)e@AI0~&m$bI!w`
zkrA~Zt&0qTH=U21?(}H5OjYlN>8y2nnDakjcH@+FAhc`GO7i3)9nA7mt3w19|IM9u
zEgSP)tt=&6);!y|)JWR#aSw{|F9W0sTjT%>;Nf}fTPFQ?WDdi#G^DF!K4<oCT)OVd
ze!;fx4?RO1I!uMeQxt>ukuI4-hJrM-(&x<F1KQ%q9I6r+v3Vv3O?HZRM6_0~rvx;b
z%O=BfnJ~I#ed#r>Aq`3Dw6febmmynyViDNv4*i$8!g9igAQIsTPVfHI;%J_mh}f?|
zNTM0BeZg7Y^Ed|*!8KbBdMa}-L)7@YRz%Yy3j#5J{OfaZ&Obd_glk=2_$Kl_7%$z_
zk7farml5j6-dWmD2a12_d6n%B6o&zi%+J3{4kg;4Ptthbk6bTgQ~B;Jg^5n8(0X(k
zUfp0w>6WNJXNRfnvrGI<!aXD6xsZ1*zmTCI%?Ab1==X^1mdGhAf`mR<>l(GQBc><p
z6lHJ~g4ofyK&aC03Z)==^fr=BGG3By_#hz|{pdb&xq+{kG=65}=IQAffzpJVS>IL>
zf(V;UogvGs5~nR0(HNl+7#Yx!>j+IwK|hk=@LXfP_|Z5L8iI5F3M|jeQS~Vjg>##V
zP&at>lBEyE-HKXd8z<u0?2LpdSLb01=0aBKU@{uohT%nC33O`w6nCprCmUPab;pXP
z<gK&1UW-=EdK*j3C$DVZ&qb;3GFu6!>HH~r-)(Dr$%3^v5ml7of#q%($lGU^5^oqq
zr*|>_!GTn7ako^j(|p(I>3cgtu<>y_!mr=B!(?V?fsyFSz4IL4>$K6c@Y*?4l5Wz`
zDNxWjn&%K`a0){*LyI6-ll$iU`x6AEm-_Pwm&iFq^d<}jyf!jfkcaZRb6xU^qy9TO
z=Jj;XD+UkloiIAHaxS9DBto!_oa{5$+g>d>6ALlV)~1B}g5p@&`yR@JnrngJi*Xyz
zq$JnKGF`Tfqh%lX1TuezlqkTSusF&{Ww57FR$iq-J^f5g6&~E{h(*g9p8*94<Lp?O
zb7kS&($uq48sxx@fpFzV#h+yEaLgkrYca0m?`htrZYtxi;~-Me!5M@kuVW!O_9AAQ
zJ8S&}j}h1LbuMXy6x=pt;+eDD7B*A_$#EOM5{GwN{Ra0N3Vf2Dx-#yaIUjU1bT8^s
zo5V0ZwJaRw?kZE|v4DbbjZxVSRj0c5@!bbUtI}DM!}ohPZLdp>oorLQY&MtYcevA-
z(S#6${S;_dbqEzSYjY*!`mmQ8N!fkwU(=&H-MI6YBR^>WO28%YGJH7hUFCmO;r;r8
zKb`v_(WsLY)ga+|Ck&6EQs2}<Va#NOHq9Ir-L1)peccY1$~EbdQNWsfy>V<2cHEG(
zyi-k+z}hS_xVrR~KUE0!c=9B;zfks!Y{hty1`qeSD1##7cYMW4oliNCzUa{FW<JM`
zTxnXcIc2)bipK25{IK>u?*8fau=-*D=g@{6iLeIwbU#J#X69HzCcsaW7=sIuPRV_b
zh&Ni0FjruaP+GLFroxQhc&=*TxVH>ten=s;jF~mQ)^4fPl`jdN;5P0@?jGvKBJT|=
zM>U9FBN59zG8G}PNr<Wxw56<2OP4`x)`SrQPjDP#2;*9%)8_Gk>uF@%t`rdwA>RAz
z(5&%v=P&K>wyf|daQDewmp3;M%xzUZBsidk4MREIXybAGD!)oHy_ZuZJfu(e{^Y6J
zz}hxRQWC1V;WBmo!M(TEUdMN-LaNi?%kSF=0y&G_l&{wjT4*#93!JYqTdwB^;otr~
zXpyBZ#Ly(4-_Qgbejg;*5a0UzELKmt6Fd|R*Sy)9$>mJB%JXdQ4l!#8GaOP;Uf%dg
z!aay36=!>k7@_M;j7>_U-Nh)_cZ@n(*=@v*S>t+{hHa*(0%%&}7%<>0%zNpFD8@G=
zl23Z=5bU^9VD|SGp4#ycxxFetqDzNxkHUAtt0Q3<x?2Tw9GQ%pseQ#&w!5P<hpI9H
zq!sHihRms|lW`9YjJg&yssmMtWze)_>^z!$#k8?bhD%^WTKb!&hBItR8;=Q&bD`*!
zxw#`{M^BwPC3Yyrf?5KrY9g6BbrvmBQEz$}sS9mV1jZ1g?b+b&yfT~_6~ivsSPGV@
zIXEDjGhyR;Qz^-|lGq%+GVp2)TjnQvd{v)s1#Y27Y_^t?)jJ)^UT+=U->;T;ljJx#
zJk}U1UzRwQ*wSB1(lYUj!30K?p=hn~B6W#Ynp8qE?qy~?LRL|r8amhc^e|Q-f+~I}
zWohkjYVkHNS6j-H7*Ku5ycqW3^!37}8^o#G!;#|Or;m>a80Hx%wzg0mvv`xQCOD*+
z^5FJj)=|t2;6XR+nF}woVy{VPKfeUeCYs{c&^9do{4LZN%=u^j*BsDZ;ki9zlR)m%
zeApb3sH#^2qGKUw?W?voYn21_h2VWkL{F2jqytYi8K!ru&&CDsYmbsvn7k<29?g2q
z$1C7aK*g>heA_UMW@+Nxn($yii*p=Gyb%Z)bLV{3F(xBWp<5yG37y&#+5Rwf4&4fj
zA(yGIYEY+gG7j+Kp~PtGvE!Gs^&DE7S6{l=R6kIrP4gEL58uuVi!@J;(~ovYGKXC$
zbs!;iu>CxADHLNCuwoauFh=n4`WCl7^g^TICR=x(xnQ;KW3q$rq5XDnG1_HIvYze0
z3-MRJ0a%y?I|58pe5@C@VUQ$jpW1}E8{}TwRBBpp4kn);l;qw$@8j!D`Pp3g{7olQ
zA0Edw?4o&@tmaR@Q@YB%zmy(DPiDL?jsvAHkghNr^Zxdp3lF^ow;<VKn|UzbHi5Y?
z1+T;T5U3aHXU$|gm!CiK*e);-ySDER>0?>1SFZMUd5V#2ug;mP%xVnN%btDr=Vk<@
zJt>F_8M{9?Ywl=;Ld1h;ye)zJnFyEH`;t#MSOl4;X5QZLgniI-Qm>b;cv=F9dl4B*
ziRyfDRrm{*OCFb(Pkuez9z@u28XQH-Tg41Awn7%{r<5~jo+lnnD>~BBZAc3RWJROJ
zNF+&@56`SIA;|^nnCgBrL#c!Mcy3$q->Xx*uBI`9)5Ck(Es|e9hrxVB`eiPx(7#vp
zS19t^l-Sp#5UfJQpIxX2rp<b*s*0ak-JKU#UrmQ>czt|v!qwSO=<HTS0wmytKS6?j
zrxzwQ;T&dX)qAC2f&yyhs-;!Mg3LA>E25V70N;0~x0#26rb=;G4oJo#w8wj*NjdB1
z;fREUTRvIwARZ&7o#LM-a}Zy3RKn5vg0h_VkIb^&2bat;?Vm#o7M%u%w+=ELF;`0*
zC%H}{Vnc2~>GP0M6);JfDD<^OZ<ES%O{;1IrG7CxndCYY=c7}zyXoW8>XZe_q>_sA
zb5hIg0I{i>fs{f|tAmBY$^wV(!a+h$<w&`*`1A`Af#2^DjZCS}zhVgBR#X=a_H-YL
zKd#O{bjxfd3Ow$^2wV-#7hz9&!#kAZ?w<+CJTA;qMi#dhwm;HptAr1P-T#!b#`mGr
z1>`1FVrV+=mnrQs)nyA(SNmZ1>wMk%)HLa4TY1o5!<MN0MYA*_G4_f-)9^L$Zd@rc
zQj&eodtooPz>ICtVfTy1xbbhN+uO#=>PUE{EEln7n5S;FZ+>{=GFNt-gzy~D`FFK7
zL!W`k+1us;s^<6O1g8OJik+U~=WfK;=^M%K_etO^@3w@k{8}#>ciosRvUO8Zu;)xP
z`tIW~dN<#LXtTLkrZtpM`xm-b$|N}Y!jf*EmMQ|O-nAA;)L^8zNyu7F2$D3j@c49d
z4Kaw@Ob0%aE-ac61*O#1Bq%9*U3Rl@`4w}C^>l-fGNs*`=<uUkbzO)u^-Oj-uBr1B
zUm@Is^mNx4+6F;CBfGP*AJy2r?Me8G^x?u&9q#)RPG*U`U7FkUy~ge<RY%p^7c+hJ
zUeDC5o6)Ai`nIS8l7)X^b#MKBOupG?UO-GHYqs5()KAV@Swd?f5ed-{G=*-lFlGC6
zjjL@p%!11l^aYkY|6>J{@8amu$f{GlhQzqg*gZy6h>nHXltSwC*foqx_ie*DdzLH(
zt6812H;&w~k-gYLGwGG?tn_#3?30OZq2hOoz0u#Wwz#&SAHRD?>}bFFYsEK>ktW*K
z{;>?UGjiHF9`5Xh?c({O0)+GVPPN{a_UYEggLPl`B6H2X$>KtSbXZL5;^ga!CgR@^
z2-W0}8gO*<jl&zvD3n(C<!m-`I86KyDVi%8xHgCDx;D^yUtW(qPu8`RFRu|@R6m*!
z<H3)+@o!)V8?)a}hA7d0C)=HhEy#M*<TeV8IlX8hK$r+v;c3#;-W%sbHa?GrpEmFj
z#M{k&dZCUYN;oiAg8Gn&9+LUK!-T%<c+7`T$>+M-^@87DnQ&wy-niY#W3>hu&+m0O
zaTmR=$8uK{`S4+~!-By6bJ^CW`ard%z)E!OK^Da`l<r4vs<OE)6w(-FOsIMRdMOP`
zATsplSb56(>-pJ!ldF0?#s$_C_At3NiOuNO1b9A*S!~LeCtvo8#q~;R^#M^H;?D+2
zb-UOmWvHdYGW~75+r>1Is(+nwytV|WoQQGYi-nldp_;!b5+Y!D4iKWZ@l0=?&oG^{
zl3_|qyuX`!Zo^F=6_eSv^1K6bx`*?YxejNX-;&K>M1#=SI7<PIfcw0$2p3Sdl#^%P
ztamOv;!U@V49+#{w7e#7Xk4Xl{d}_=4#Ik`<rrp(d5Eb9NXPh&v;Q(pERw|Ij@2Ux
zIleKsq08A~J6(SgNMP24<et>IO5Ne7SXRA()kzLL9Vl#_!uAl4Q_mNa{=PdjW9IXE
zI37*tzMUVO{b)W|fw~Ydh9U9(Xc|U+bRB6T_elmb47*Sjhk<3{{iwD_0MwY7!}xWo
z<?P#W*$IcQ_LmJ^t0kn|gkY{#@j}i^KVT|To*E}AB9u^%z%Zk9>e}&qY&Z`LTnuEq
z9fNgPo?nfS0*7Lgp8Hj)%KTq%qk1{GhcJyIT670y>uArSqqK-Q?nok$#lp#&fozSS
zHCV`HBL{t<w?oVa?03?G8PWoW(pJ*O;0mifjzeO8D)oUk3|Q<b(y#OSpA=)&Yux7Y
zrTdrc)#jbg<6+ZWBJfNiFzgxNzqwkoM9mZL*f+epfoe0vRC`Geko0o}HuoNcdQuED
z>91)Lck6yF@F)SDtw-ngarVVN+{aa&B3Zwx)N9SJ_M5byPpCyOg;i?%MtaUzywm>)
zGm!9SZAj9?OS7%9yF7*HZ8347Rup*ZS!x>~#Y7gu>MC7boqlxE(MZESN`)%*r^Fp~
zq+H!Ng=>ZY7sa`!9`mT}UaejPbsl{7v2o`72;bQj+_;m%RX@hQ*p{7d(xw9ubv2BT
zvO7I5c)~D=Sxj|?pweH1LBPJVCkI0nK9V-BumtQ_tpM_eF%Bt2U{k+I@Rj>PP4NV?
zSyV*i@g5oENP>h=?$jTt)?qR1Nm*}y-a2}ZBjFRwpC-@=YwM%Apt?<B{(|`9qUd)h
zoP-s_`Rh}kkXK0Wq@C1l)yozPMnh54iYdh9DRq#SCzqq;qrF;MryMNND$8o4f3kxr
zV&J~*u*<mEq`7fLY$`Cq;fIIwvE81)j(9QK{457gBN=uCt|{1^Eomy_E~RVW6wC~K
z`;)ZCMXVVyl<L*)>30@FUxy$Mm6uSBdWB4$_uW%*Q=a!rr<Ng89wsRj1`8HVRgNFI
zb7-$d81Px?sJ6YkRJH}P$;ecM1a+G0J}n=d7do}iPwmjp_KrOZ*-R^VPRLd1XYR))
zoP|}_q^8EIz;-QBF$J=2w4WR!qj62|&fDRtJ(4KFuD;&D$9L_8S@Q+Dv`?{6+ycT&
z6E6WS(h{|5dF`AJOY@=nS>(^sPie_wBg4qj!DgQ`>(wSUMQw-Ml)Ahy#<V-T+!Bm1
z_3@h2qd&~(<kXf36Px}<D&EUMJJ0M%d^YP2hw(m|8OozgN-ru2ryC^fdFd>9T6LVL
zNSa($dlVY<MnA3X*B3V{G$>4cm38psoDUmNZayPEV2cwz^<kDph({W>kJBTgce=C@
zpn^+%;_b6<eMMBhFD|Z*CLLQTD%qHNJw9rJN=8DSMeW_{Ws698yb$(!BKj+@L7c(d
zH?mi2^peRY>2d%grD2IzzCj(mQ)<y`%|NAZSg+5Bi8w%8K1&}8jekFZ!J&n~5fs+G
z>|cnDqU$8G7cFZbB&%L9kzSo}%lr4CQLNyk2iT!5&mp|s6`e-$EL6D-KJ4*#x1QOe
zb827IPhzLKvms*M>;QFTNB!hDa_akI{7g~~*{G%V9hk?#!@^|l;)Sn$K-9g=<=x%k
zn8S7{R!5^{<!RxKbroOK(v<mJS;E7gwyRy`deqI&eY8w}6<N-D;((bUCPlkAaIz1{
zhqqErFVgOUU3&<h20t1pr@8{J;v37}OLT2XAm9i~*y8f$>()}HdeCJ-j=jB9=c>5W
zO!)+ndGtKW^bsLL!sN-Aj`GOek%;z6Stp!L$B8k`QR5Wumpm|$9Le@tc7$O;Ke()|
zCFndZ>h(G_efxKM1aCekcPT$~CU057@TzPaY(0LvIa^5zGh=Tb7^sy^#4yJk#mXM9
zG5f^BsyqEe7kqrr;NOcP8-JGEP~A&D7XN%#2geXATm~gIwrb8JkBKow-!%7fdHHhM
zdUe{_s(Uvyj#Pi$r#@g%(U+T77Cn<MXTH%lc7KL-Hr-c7X}ZE*=gZS%d8?Ai|H7k+
z<DxU%9KIjX>T5>dEk)x8Z?1OQ8@FCwVJ1@)XY;?M>d3X#<fDm#fM+x)iMzQu-9!%T
z&A~u&?A_*TV0tyEEpZm(0W=}hEB$?`$jKr)gJW4QQNh0O+mXX|d1Kq_a{ip=yZE=f
z=#BF!at&Oapcz?mIA5h+8&q(X5ZtN#kpcxGX%T&bzR!cEyV78DOs6C%{`4$J^qEv<
zB0H;z*9<7RWycZ6#3Hfp=^Mkpw@|9Mmx&|3aoVC!Zk3|oMqqIaWUZm5e`rh{AM3B8
z)x`(FEf`6P`?Qy6K1`1w+ZImZHiCc1e7MBRq*lZVr_V5xxo$QOhlh!{k2@F2oDL_n
z=pZAVdPd<O0f_)z(^_+?@Rs`~Gd#8T4*L<5ooZcl-z)z|go7LR{L0jWdKmGRW|WF_
zPPdu6ug5=$lpeNqYSUb$ZMk(jdaBBonwS<V8-{9r-sF5^p`V1)<Sr;w(Zo1fOE_TQ
zaq}Ue(Qt2P?LMpwDrs&hjNjn)IPTH3dfDf#TaLZ3D^Fr-M!4vSzWS)@GZALqo9nx~
znPboI(ja&6h?nSQOUg|(h}_c{ATUTK@?9bOU_Ha_&gw&X5QN|D)w@#cEyoi48se~d
zX*_BUOP*I110N}&m>U~O|3$J8RP-7G4{sxsyT?6ttp1sfOwnjLzQD^y`B+)_(?nw~
zD5w-;*)UQxkKB4ebA*c{@wX87FmqJ8WP$cpn*)}+){(RV%r%ji6e78&OU-XR&E;e1
zqn0BHjV%1B*VnR2@EFA<8U~8LVz{eSodGYIV}>O8WW!^PLY~0S+<b^{Yn$GH2A#bZ
z4b34kh5&Y{$B;ppkTx_?IZZ4DCj19AcaK>+KzdnN(jnFP$$2yLEW<NqJ*xM7yS(vm
zmSIZT`7(cVj?WV<u~74F8I&Y=T%^F>fXmBqBE!_#=_e4T{{;v0-Q(Jn)s-iBQ1c>;
zjbSx&V=_0CmGZT$?JxSa)83c?^pbS{X^`s|D{?Qx1@iXnrN+ly2}7mLe4NI+M(1zh
zP|+>BId)90NDD057F5D^#_`ZHIPPFeZAvgnvVj6&uj+rxA9;2_sTw#?cPc-z9Qyts
zeP+bY*dawNO<WF#4PvI^oh4}F7yL-pQbrz8X}z7*{q_rFWyY!=0mF&QKdiCpMBSIr
zaKULm5wpPjauKEXd%8e)?{!;n1~$xX)o~p`nE_6jVNU^hXgq}R>#8Ip#R$msSL~_B
zwbGziI$J>mUE^R9m#3!%ye)#9%^sVnMI<ougJE!%aJ`V^aL_tAKQaDA`caeT@v)=!
z%g1*0X`IAD0I3R0Z~W@DWFJMj(`HqxQE$sdHpi;oh_BCGaJOY3p|fm!@kBJ=`!3W$
zW+t5E(tY0yQFi03;IBB>FjVk9ye0mM@LeKb=XhYT1>Ji%O}kFKZIneTFcIfEkgf_q
zQ8{hpooHA<jrdMiTk?m5!A0IHMoIW^x(JKPNM?SiuHSJ1)j_IKqAndAPZN4`dwh%9
z+0H(lS03uEBs0MlkCl3gOHnjaakLVp#txhhRkl#Vp(uxPPA(BClVP6YI-@o+&e!!Y
zM#q6HxY6DZJ;2UF2w=HfKDxui0{^buyvO{uo$8B>^ZlXWnZ?+d1P`r*lM{tY><^R8
z{&Mf$KBlb=9NYXSJS(T(H^e%ntjst9gtGLYZ`S*qz4qH|>=_2hDK3&F54pLz-t%gg
z@WCUY`hi%tMC%7kRVSHmec7Fl&*|^aSw@?+;ymt?7t-~19=sH<@3Jb(vz0p^Gghf4
z|6fgK84%U;aA8FxL`p(Be}Hs%ha!!XgrvlRba$6Z3rNEPBGS^`-QC^Yo$oCEUq7zP
zy>sWz&YU?jbDnWwoN*3CggLIG-<LP2L!gq5|7_G<;mVt^Q1+_7Q7T6dN7Z25!5N#A
zd!en^Ns**urn1+8`pKf@$b6=RKX3PPU7J36FFiQMQfjnHKjX&fTTVd)B_`Ko!BTt{
zjqY4OUu>RljD*zCuqd61l%3~9L6o=&1*(Q=q^XLK|5BmmWukZg(|F9BW^c*diUt+J
zv8WauM`s2iO=mSCIl`%E{jA0q#rSOd>bt@2@FTBZwy`GgpIY>f+bn~*UcZatrPc2-
zq>p(wD}wRBK(1m^zw2l{MxT^IE~}CKa%MF+obQbiVQ~wWfe2KekX%7!e2pD7^yqKH
zeNRZ$!_mYAd`4ihZAW2yTe=xZmDtkHh6ZsQFUH#Aa3+^}3~miBlnAfW1!1{cuj2!5
zaZBuLuhivnq@RxH9ef%~VFHc`rO>lyrb?T>VmSK90y*;|M$<*IVSK|sm<<xSg0vpC
zH+&q(x!bEr%XLd%&%7!qo2%SwZ4n?a9xC;OoU|8;e8B8coQqQZep{$XrMO9~@hg%b
zH^~Z%o`$_eq4qz1zWZG9H!6b78jYAN@syF9^c(+W)-jUm(eo<XI7(RQW~=B!WxTIr
zF7vZG$TK0fl?YLK?E7(+81j~CHbsixa;fpBSdqT=vVFwmn_+{amWJYUF!q#Tr4UPU
zxyZ(4(Y{#gi^Dm{OTI{*5V~{6$}<z*?C~p?y<kcXL=`wc)F~FOZFIJ4+ooCX4DWE?
zlXE*IC0=J9ThDq}Ek_w35n2qcxBY1qSU!<~rNHZSl_S^mUNx`OL}N|V_ciy2%@(?G
z0m&EI?>p1?GNj8S1XW_}{OPeIJ+~?Jo*>U)lYb9b?YTcrMCe#SV<6!y{hH&<&Y6GO
zjpI<6hlP#i8Tv#eJ@V6^EVgH3d;)xT_3vfme)flFI4Ll%!MW@=32>-<tZ@HDI7O%H
z-lTtvRr=YU?~wbB{%8Wj^LK@NK!{7AiOtx=G7Wy>f3|OplY2=Ym<?x6KB>a%%l25p
zhu2uMQ9d876<Ljc^U^kL@ENn_JydJR=3)7mL_l%>TU^s><$FlO_E5lGP2?L4MeeNR
z915!J7lN-Jmi&|!uf;hBMNpvqWiG=pbKy+i0;u2uZ;`kdMKrRvvETkul=&`QD&~So
zal(*nc{Zs|MI28<I(SVum=`&f(1kBN5rY-z{p)K()-2M8DD+Qfe-n)@Zdw#Xufwmq
zY!gt-qc{<#UAOC$pNV~^Mogk33=U$0rzw$aS3Vf2nuOSLs0|v52CP)iiW>6beZ#hh
zGBL2CQ7qRr4POyYMw5BY&+R%?nKUCkZw4<4qL^1-u@5%|+heL#9lqoga2T1QLG~p>
z^6f<S(fh!Hw_eQLAAQ1H4HCqQGhqKg@za_qh{u75hP?}GY7lmXNVioj!Z2%P49J^O
zqJt>x1n}2nw&5M4B7q`kNQNi_)B)7sli=AE-muRz(kaA@!<mC_oPLPtDd4zfgV-)t
zv=w|M$X|<P(%vrIHFZ7PUb}e_d4ql5ZFv}K>~PcMU``WrN;F|dY$VQKFNQL;lHZQY
zgk;T&_!19r;`a&<IA1%zUIe7d!m6b}Li_a)Lhb_H22Z}`eHNQ#iQpd%!@dqX<7<B`
zq2`wwKM<a`FN_n!ySIb^#!wVm@4~9d;MHQ`F2Yn7v$<xShhr+-8^Ri7TLhN?O*s4j
z=}Vce!;cwh$G9(cU6m45Ussev$1qR=It#t-zAQ+-0SBZnIlqj<PM7}r^^4CAEZO=H
zN?F~BSs(Nz^H*3c)br;?b6d_{_OjdJHPo&E27_4t6T=~JCU-HO&FEW0J}28%x%pHv
zEJ77=-Rii34HU##b6%)sU|yMPuv8la7=v)_;99Y$AXLJ2tIPH`nYC+7d4{)60UO=;
zNB$3Gs!weJCu4kcwA5S+I-B+q>iU)*-PI3+<8<(a9~dfGG4vS>a4?H-BAqNgti3ie
zG6MNQ66=krTbkb2&1@plPuWm&`F=*+hLA9Ss>JBF-~RJkKABH7=t=9)dfV;Q2{=k>
z&^knZzh3)1-kUA$4$!^|nCRZn9JXYfpmx>D`TPfx;9B~k!hbOd;Qx@ZYF7GL;fOYT
zxgq?ZK`4GmmZ|ZlQ@)-n%fXPr=I555A=^{QMkP?Nt{_=>B8`n#ViBLO6_I*p{g5VV
zHez>Y5Mh~8QyTCQ*}eJx6#f$Ab_p@4(FL+PTQ|95{PMqvH<uBu-$aWLGyWi-WVLIQ
z<ywcom0ukI(S5%y=c@H_JoijpVoF5ExAHr=^O`g0sk|@o8?vULjx<(2^WTj48_qJh
zYQheQvXXY!0`EShQJ1Pr0f<h+6jc>CHeFb?PB2OaS-V?fwx#}<-48N3mt4Ss{lB9z
zDBm<2Jnt~{*L&lUnwXFnUMlA4Q=e~*bm)GZ1;@_o+%Dcp>r*tUiF`d6%0N_$yiE~w
z+vWiwuTQqA4JSZwV6k0UeLV^5kb1j*S+dW1WCNp>sF;q&nW}Td@bvUF>@>5dVGlA*
zQd+r8gzPGzNECDRX8P`GhM6~&PnMusjnlzB2pHVaw%6G*%e^bHUF+@uQAjX~+-juc
zVM$`lx7}6PVOJzk!^@6PLT;C1!`-lHJAiY!Mx&#n8}1l2JYH(WQutH~!Mx>RbDYrn
z&}i+pT$}2Cj4VxDY%`vx0eMjxv|To}cLI*B8k%5=wTBTWR>hF5PJZh(RpU}*Hl?>4
z&XnSwv&RaX+9s~>ymK`~V^ikFjl2b?^>0B=`ovH~1^$^YDNQrJO#}!j(nc&71ZSjq
z&nG|M#V}~rbrT?M{7&`EIf%|JsP0Ce<LyH$<9Eq*>iw=2&K{1!$?6+{z=0)C9)A7x
z`;i~%tzNS~@_jYka;{pwSRzX3A5lL9s9{<#IuVcJM1xh`8Sb)pz76>Y%#5cz?w8iH
zR*-0;{rK8<6&wnH%Qrkc46?U+(N(8><=!kD?ie#`(hSm!q7ZUhjv5iTz(Jeuo;-l#
z-*Fy^Mx;4<A~^ue7-6>h@;}4`9}$&~nyD{A<MSW{UQvs@1%#Q+%QAoRT*D#Asunoi
zo2h_8p+<io2&GSBQ8}~<`{UV7PB(}6vY52-*{-}>nr(fxkpf1@MGl@TqUZtu;U#M4
zyU}KzLQ=}trLH$=Y+d~n+AW5bROSI@+j01cTx?UmgfI9Dv}?-8YR5WwLH@eUPLp2_
za^#s{Fb_{B$el10XeXQDAr>Jd=p!JWJU6VyO&Ho%9Z$1>o?v(y7NX5Qui?Rla9W*Z
z-BzB#mri|PZ)xhH)j_${-UrMzQknO8I%8?mecrjjgikIIZWWD2;j(3IXp%tmRIm#O
z8Cw7`7?7^z^4`+6<JWV;5-8aDxE?Z)!Rk{FQ^i(j)7{O*1IT_z+~ODWL#V*;UNu}G
znF^x&FA$CRThtTPclA*7G}a4PWU)L|`cV5X>Jt_I!jl}MKb;7iWNe6PDCPvjQQErP
zH6Hdtkc`7#_5uG=6Z<-RkV{$5Jh8ibK1I39XLS+)a^JFyz8g+_tooJhbTB`6QTB$b
zMp@7CozASQt$`-5YISMK^Q4N`A=iIysvT-xRXk;CsDEk={6~pwFB*jucYq%thcgh%
zJWH&uB>%7_^84?{EJihFve0<*Cc!5Wyb*gKyZsZ$s;FEm;&a-c1-~Hqu26VmiS;RU
zE?)D70~>jPBZ+AEQL@U44-WGn?>mUpv$BB^g=5iOSM3;+wEd~=D^KhaV;s4Z;XIYi
zM%m-Y50zgOWA*rUFgU<=3-vU1=vcu=BGl)|Za6qN<XNN%101>fgX&$U*ZX<qdFp@D
zO$Ji(*Dcs1J`}Au<Oj^zM1cG=C9CGI*8avO=58P+*mpIpd+blkD~Gm%Lbj-+tE1qM
z2ogcp&3YdY=xREaqe>S$(2rKOQ#+P;45vPLoI$71RT8yL%w_ME`urf**KHk9`10wl
zaGfhSo4<@8A_!N)Ga~7q13#hUM2bo(L}c{btqHvallAF;pR5>F*rsejsBju1T&a|O
z4`W3momkyqg_UkHO@hrzdtVaoh^~|$L-Slf9UC)bmGeE)zI!y*rM@sZ76O{NklQtg
zHiC6!trGEF@<Q9mAnuxy{qGCYg(7{w263U0JQcG4_^*l>z`#5F^clit=aYDELKBca
zh9ohz6=du~Y*Qop0gx!m0HyO9>LTxm`mAhRaEzaxuqX};NZ+XSdTK3@EgM1Xfz$2f
zQE*^qB_eywD|?jR;_}UYy`w%B=&#aqpC|J%=(?=oI6K<Jbc7LqUkJ&65{c=%DsJ?5
z0z_p5-^fdjl)7d!_i7O{3VWmOO{Ek;2d6{Uhnncu3=72i17~Vh_y-m!-JI;+&J4uK
zVMq`@DM2_}2Yj?!2ZI5?I{f&_u8$MHjQSkgqEK>ycV#?=w9!6LQ5<R%?nLf|4*mkI
z>r|_m9q_Ftx%raFf|Ju0u<ha!xSvrZyZlU4NgxXrlmeN}fP6R$AXlHqehmHn+_7!#
zOQ!j@jy5au_+>|ipBhVlRZ{$LnvNw*k39i*`ki#2i*xY17^k|ip_~GyscxU-?DEc%
z7W|hn7{I2F@Tli#bAHa8t*TQgWsW5pWcEKwG`r#C8SCPV#Hx4aiL*(g|0EjRPcDwn
zW`B|*@v|k6u6MtYAuad(E!|pOcI{>My`)2GT0{IOof5AE@p=X>e54xrd5I3Pin08K
z%&okPt0e?C1g7;2!r4I368&h%F+h{}jhRoe<YA`Mbdf}GF0iW|$P8$OK!TqMI}TxD
zM8$98VOnz#Kb3qF;^Xku*m`oXIlzxA7b^1}3Z!K{7lu6Qt*f+P@Foa;;Bq~M5La3+
zHNzOO>24qy(qujM$=R06cP)8s^k1ahmPBIIatZ!OJYwOvcJHwQz)s4vF>weY1!}k&
z#Pwbllz7a?+U%5$<1&nYU%g0A)YxDb@cVSa-CUy+DtOo@&Wz0F4Uimjl_$h=^j$y)
zfNyi{F?2gCQBN5}*JW>$8_%9Lc<PHMiqT4vRbKAsM6K2xw(`9e4v?t2Xj)SCr^|MD
zH<F$;1=784BpPmI@<Givoc1D<`}_?PUUb)#S~iXaFj~N`)i9HTy^KAUaf31Nx;&|x
zB+%i*hoLJl)B`deh_!pUq{|b;5xF3e`0HKn&$j6I^Z`txe_(Yo4S)7h6V3+Ynz)*p
z(uOR8Rw8Dvk3re2A4Kd3_>JVvAgT!Tb+f~@mb?yv62zYVd7r9mN3%cFu!AdZym46<
z^R%FHm|huD{>jd1gTO^HepI*dAoO0c7n#EjG?)NHL&9SL&``aSI}xXK!sSVBGb+Z-
zBM*XYUXOFY&qNHQZSitEHZ0uzF7CFpK9Y@LR$eCV`#+K+|0WO!Z%Pm~i~~oF!wHq3
zBe)!2!Pi^4n?6Vqztx^?eNCAvLhq+xy>CWHkogOMnI5MHeo=Zztfd;~wl%)>|C;hF
z<?o-T0{x#xqzTk!SERf=A=mSuNrI`wSB$_z*(E%+D8yyB7kh+bqYZLk-hxr($4)yS
zoB3(NjtJtQa&CLG%<wkB{@>-jo6PsyQ2ksAyv5il4L1M3q!<%rRa64)+BDs>$0AY+
zek7t;;6f7ptbS_UCrQ!z*bbp*JjKNwkpcqN_$wlgPNZsA^C%a|SsCl_g53nLS|~-F
zwjCY7LiDn_(jru^lmU6_KOOkqs~aiBt!2-Sjy)EQw-u%MI3*d4NO9`UdM2k>Bfv_W
zuopw%g6pv+cavWVTzpKWc2$eMK=SY2AwV5KX$cJE`0@PTgJsqpd#8s5O&PzHOLFVA
z6+F9)hgC%IY;*o_rB<|cGwpzMHN)C;pl6I0+Or(v43#gBZ=#eo1#?YcwK8_kEWi=s
z33;5y35I>iB+{=b*qO8@F^71ez#amls>MdR02MLRQJ|wqiH<`SLhv*3v96K+oBI2M
z3%fcVHGd;?+!J;MvS~c>j+OEN6qmrK7A+x`d`#S?{~83Gf^$(~z)ypeK0!noBXN5D
zEd4g{eIyDKXR(AKr4)~eQ#saGrjNxy7Q<6C8Zb_IMpzvn2CH@WNGt)#N~xu+N_tdC
zo>>6(%;Q7aesw=*P*O^KD=io*pTpe-zj8{!{n-4_n9RxLOn5r&z9A<DDQJdR`}ODx
z-`HO-2GEM%R$3s*p}=ad)MQ#OeN&ma)@qH0D#bc(qX`+BBEAEya;p9JZX{-!19D$N
zOvO>i`yeDjHkd!DOQW}1`0_nGyA_Gc7>Bs*2}>1WkFhK>Wc=bR`Q$+JN=l+K<&fxU
z8E#m@jP!f^m;dU8<WK9MG3|iaAJBv?9_P59C<T_fp{=Fwdsy4_-q*~YRBo_M{7{y7
zeBhyR>jBox5>#fRN~wLSI~~iqf3G#EQU5<TT5=1BRwr}eYA_WXg+;`>$A-CoI9g(&
z(D}Nm?EMbwW7Yb0(jIf}M}zSDK(XKXCUHa0S?Xf$%|l@C=@_Mnh<Y(vjQ+O;WP9bY
zJV_Li3{u%gLO*(C*do~~UD3271|{cVZN5IO!3URu_IIBmg?7<r4>OloQtuz~u)Df=
z|0qvcd!@A3KuhgU-+?!CQw?weoZuY{F<FEB6x#e@isUF=EhA*RdHPb*1a-c!XCwIA
zUo_O-V2dsGGi+)5n;iPpvraE!!){d5@naxmEeRj(WVCWtGg|*WZXly69s;}qJ;$x$
zrXEYSk=8d0WyVo*kwW9$E!kjdH_n-LOWZvf(Q<y+J>i$E@dlgMk3%gl$AYQ4agYjj
z%tm-A$GQxaP|CvwdrK1OX4s~GP74y=3NQ}1#>@3!fVX2{CF<N<B4{K?AL)3<-B#~A
zT&j>ZsBRVzh&Y|}{=XuBVgAs*)3Y6#hn{crUs++zF;ox3_+#IzeBls)z<aTPMK?xr
zIe$^_v<VG5KUioeF1GEAAO|R}3X7V|ObL|ojVoopxGZFx4z`Tw_d?|cszH?Sp1Z#&
zH__}ahv2-0F_84WUOpk8e4Xfhu7@SS!yJ3~*-2s~v1qjKIWeNA`LL%4k@>Y4usa-p
zqPV2jZ3Venm=E<g`zI5i>kmHv8jUR}Z$<T%Ahs0oZZIb;GZ%v+;cS2I1~?BpU_O#2
zD||Br(nHUuEN03%m8J8<jLKd;gYQoIVDM+pikOCSX&N1UnM{JdbY4blPkpST=@sje
zkJ!#L3W<)P7x^*j2L&|?XS5jjp3b241lPS%Fe|w(eQ})bT7@Emo#wu_wsv=Y28%I+
z0iDzt5CZ0_9q3QdhY3U95fTt!FuwXKLW}8ZL>KcSKn$Y?OtZjrNSyjd*MBOwtXN;+
zDIjG902{@l=GR2FycoyB(;wi$Z8aYfk)BSm`@BI-7jGYAw(&f_<zaRVLi`OtRDO*s
zos-|J=Uf}17)bVXkEKFm?EUnu)OI*9w#iHbNo0>K8`u|$LcvU%(`8>OEa%b&S@Hlb
zc@SXcuWtZoCAYBto7~`H*_VlXFcA$Z^8lg3$qwThii)kZFoh48G(dW~gBYuN;4#=t
zf;o2#{YQ#vX3wMVK(8JE1oh8Pwq46@-)ZENoB_l*goyW;^x;zS^JhwI0!jWw?`K8R
zz}8U)glhnUy#qOHfq-=i8B9CyIB)|=Odu*xr1v=r?k7M(y%Yp0eXEDLq1LDexAR04
zk=Pz2DJ{qGVD<}v2)yKMK)fMFf)#W}1a<i(AjB@I*Pjl{@L2=I(#KCW&*5w$09j~L
z1T^V%K}tCjW~!vjV(72;xjOrBY#HPOMfOmao>)dgcH@_;hag=l@DEJqi_O4-w-$h-
z6d~@sd~^v4$OPc+;llTLxd6lB)z5z*u*<LC><=b1c<GNh<{+-hfBYWsW+zBhKdPyT
zVHVb3Zv$%W=R(rEP06A-@}&+UyIw$pPn^(kLtU@jZ`CO?8v}YO>{2;Pw(9n{2bQ%Z
zHZ;WG3~~VVRK=x%_uvGkVEQ|-%sM0p{o*KuNKcZ3HcKvX9M~j;R<$;B)ei4R_bL|d
z0c%SSXDQY5`j0$qqYVaZ67QcOYCR&yy>$uh$Cv;IIC3+qT|dC&l#v+LZ9*1ALM+-<
zb-7RU6u<_l0rWi_Z&uU*9bjs3pqFofn}A^5IuNToIx*4W4NIui>mdPr5aIiyaF7p(
zidPKwfCe#%J&@V5e3uL*c+Ti`*n|k|0*+SR<zUK!>g^m5C5WD0fJ4yXGv3SsBi8D@
z=`i>Uy8wvvULJ&sLu-Pc1q7O+1=Q~p)BqOyvu6b9ZXgg(?{)UN4<gAW;Bc()DF2q<
zn<ymp8~~Qi6F(Bi2d{@4-QDk<faxoc@LZDE0Xxcj)qJ)RQ>K$$^A+E%g4gvA>1_B8
zpDiyi8K)#N@qsqDUmb(UJ+Zc-emqtK_*GJ_I#Sqh4e7AvZ21pcLZe@C)t<TH1s!~8
zXVa^?l`#Hti<xtP2N!*aWzc}rhEb&*K}!}H21X7c61>pup}2Y-iwpUZtK>{MbaoP+
zUhN{5@)pF7{mIR3p}vzP;CsP}7Suw_XWtm68J?SyQ^bFZ)S<Q;+*vfV)PY&;u#-iq
zy>rO}H;qwbb0p(>zRPR9D6;##9say6Jla%oF>d-<TiYvPsY2rt>m{*F6$j4?0)SH&
z8!yytFrQ*`W~+G|YMzD|UlD0`my|-+>^4KV><UFBG@qfoa@+tmOAUbUA(4v})L)xj
zvN!Jg$A7n;W6v96h1$8|FsK)$WoEYOPKk>o`aJMs7lq$hFb)bMuh;107Zi+>3~t+?
z30>-$cef5a_HE~(9b~Oa-^)-LqfwJ1*PE}WCA~NVT#i?Zi`nqTVM&O9NueJlpDN@5
zs6~?;=94T8`brI%jcTp_1(fR`);}mtz4`rIfV(Fr%;#v?R$k2Hp0yS)-{%s4aOU7V
zEWs4Mk=axWA1Txo=AeZ|cP77azMXs=0TEuk+|j6S+nX8O8idQ#s<7mqcU}Rg7IGEP
zstNPVkWSiO>$*SOUF^uO=+wE&C32yX#7*dRMNu7!7cB+tlCOi{IctBxf<YcKwC{c^
z*q2hkYQ7Il_9jJ-OkvS)j${3NdSWV<+u@TAW08AiE(2zRDEz-4%78UFPwCW2P37NJ
zs8vJf+KsAG4tnnOWq?-_G^3oVP1{XRqv9T`P8uc*_x!n(vwz6*9(d6UM+i-&qDGF_
z&3eDi!hckzE^y|Mrq#_+rIf$XVAYTGQP)W5P^@+g&i<I2Q_7EDY9L<kIur9Cd;I<$
z3Em*n>y+rvw0-e9md?K*k2)w4rL-weU^vjY2wEb$(W~}POyT17ktBgIeg1iDN|^eh
zaN4vq7d*=(sQgcm$*C#iS_)RatFJ@{%3Gz^B$@*jZx3uARgz_7R>}3T2H~Iv7l%rs
z&f}j4e<CLp{Sv9B4C(wJ{0mv`pYUFNHJ6HN)2`H)|7KzB94a{kt_UB=U#x=nqVFu2
zN-0qgUxMJD2KO<kE{#EEr0H$sqh$x*5?#e+Y}3pvLrq4D)Rm-XhJA!#5$4V>i_H3;
zhEO!uOU6+?iF@+LqSIs#r2P_*5mg%zGl|w{c>fOeWeLKTcou>DmTfzTk+_|yc&<WG
zcIrRX4fh{jl(|^+9g{`N`*3}+$8R$&dB^vLu&{UgwFP>TJQhj<?a1F+u;nu~ck}Ew
ze6_#Z>sd!aKq??nbXbQcreH1``)hr826hpYwl2JXyoe<WgYjFJwBUGsN(|0?inB7D
zMKf7e!D29{g%$s0kXTS0&N`F=myYxES`pME6s8)1es2s!lL%D|3Haum-5MNC=t_V}
z_EPeaG6c+Pfh5bq^9jb!DQaGWrpreT%MTUz2Ob&@lsEaW{DMFG_fF)Cq(iJ}D5rT<
zRFDJ0-Up~r#=Nlzq$K>`^sJ-VxKi21rD7TF=BFA79^+2IMtPK<Eum{O<X>wbq9^(u
zd!RgR`mh|PxapVvYc2*ge|;!|GCng^>ai6K#bU=e6l@lINp+Akr87|s4wZBRO}&qN
zHHU+${aA-pX_ev|%Q+-!A2vi}=}KAFCe&u_o|neEB_VA7lgE02J?fbpM%cV+gXPY{
z5m=@yOD@Gf3Cl}KLt%<Kn5)f)i||)Djvbun%qs00j@BvV7Z%wrg}1?O^z=f75Bv0G
z9Rr2DrlNPGxD%I9SnV94t{fqu*e^y#y;B(F?Q-R(-6(&R!a{|cIUQd45zd7~Xk~87
zs<y^>kLC!{_4(-deqc&i>pdUr4ZE)(Q7*Ew>zBN1+D^hwY7$7)3heQ>m<iOs#Jmt%
zFPP_ZzvkzpUG*<oLFT3Tt;c}jI!=4=kSCb(IPblr{wp{hVR&X!2o>dVjIPrEGZ<*(
zESpIbZZ{HM`Sa*7k&wxK+b;pTSk!}*X(6uX5*`I1)vi0twOyxH2)Y8R*VdG`*0|v_
zsApY)2<tqUOa7sHsx&iFth|1KA!)I0uhAQ-j)Df<Ddg6vErUe9boezrXq}W@<52^#
z1cp8!W50qf?5bW6re+H(mtQ!q_b2n~H9jG}MD@X1vcG=;YeCV`$wkTVPIX|<88Y+e
zq@Mk*Qdd&+;%rfG-68L3oL9q5%Wq*b@&W5U90E&v^sAb^S8t90QR5D$ZL!I3B2R<e
zcD0jzKwt!YT70nx$U3HI!o^x7jS5Tcl9B^7AX{rdqVin~Go0A>tUw{!{xJ4yLf8u}
zl%|Nm=tZ-}#Z`pRj1EGg9p9ih<ayilRnex&x?x3ZnC4d8(94-pjB8jr;qh26f}Zyl
z=a-4PSZ^5Lb~XrH)<E2+EdUTBFyy20-Cge#rh469Ax%}<tbp=lRO|z)iNi>Z7dg!1
z1pPA5n<`1zv%piIoLGSM1MWrwJ#wtfV~{DrmieHj(HX_f<KpfY>(wl27b)CrX3PC=
zM?NaJxoO!wpI=H)AK;(0e1cz)pC915H3p>M?INPE_lD4Ofod82gnYL+%xpojk-d<)
zB~hYQ3HQ1(Dj=zo`JDoP=jFYO{CfiimRc|XU!HAgl2lb!6O5M&v3Y8h<WCpw*-A8G
z+Uo_v@FE}-n1t29U*|2yo~Z+K=M|`9%wWHjT0WK^9Olz+he6Gq)4jxW*z-2wPB_mh
zx&STpOCU}$pPGX~^WT8J7h=$khU)y)CI{=5)M@n}=D!w5js<R^F?Qo>6^d&N7iV}v
z?w4R4amj~4)E~Io=`EaIS3SDM{Yl8sYLF{^n}(~RswygpiOA|S^dJC~DZsE{vyw-s
z2gC~j)DX~_B>aG47Q-jcPU3zjy2)p588>}+2{j$h*Fwa)0_%)bLTBJzokns_f>`0y
zWrlm#1hosXMS$$$FdhCcc~~`9ZL5=e!JS<VGg#L*Z_o!cb~j#QI-OOO*Wde$Z!-oa
z>Wf_VP~NfV*>9@h?+p8Vjb=Q)=RF<JnRA?|LDe+UolD{~zrOxB!Rhi;tNUaWhn}k=
zk+8$`qrs6|An723b<m6;Ft5*mm~DJ!hr3Sw@)L1^k0*?Q1H_@A+xe-V<}(6xt&=3X
z{-X)4XNW<AU}EV7jO=UP)7NZP^8%Aomr_qiggN@ag5%BkUM^=P5DOWS;X38!@$>N8
zJ3Ah_%9?ZZ{1`H&go{4r;yE@tlY;<D>pO2!@dWmgG^OkMa5#Hv6?F1F+&pjnCS=|G
zn&etu#^I<E$F~JMymKNcao3{LQv71Udb`!v;MQ`Wt9|8icXYx0@pyLBK)$A)xCMo2
z%kBtMm9hNNlG{hx;b8s_#6<gw!W14T8i>gC0s+!sf&IR8MBXoQuI$T4FY#FTd4O*X
zexhYJl>U~_&_o0R9RcE-A;bYM%QHKDjM8MLk6(E<`KbmYE$x(?oQ30|EHiiGLGR!&
z1r3t#B%zdLfkp-7F5zRj)m5XMYK@~`6Qd=3DASF-(cf&00#arxT2#Egx2nMl`Psxm
zUs}GTj-q)$)@a7Q8f&rdFSpRGYfo1w{G@P6!`1SrnE3>j+JN%DTm7M+Sx=0h;X5k&
z8@db-2>CfVVjOrs2U&L0S42R2+b-LoDPw6ZJ2o9_g%-6At#Xx3A9qHafS(!}JirMO
z^RbA71z)|3oecdBfD<4Bk;kq-*1>d%2+X+%NL^LkH0My>oq&~Hdom@cTb0AiTjA_>
z^hvqD;JMy7b6GfB-I?S{w79ODfBs{(&Vkp9?OU?^Z8)l*IBw?>^CZ@-e&nx}DcMZO
z`2JYmAAOYa@#=RcsNFH}p*2CI))!NC(v-1YX@#h#$myKG6!#KD>7*Ndon+mNJgCRw
zet8JiLPH5Sw<kY`kJ-ScEnpd&)Mnn}LYsK_6@<K%B#<XPlvLOgu!xF&+mr$~nhbt=
zYC96FjG#=l)4^%o3%uC`a{GJ664Fm?M_5N@jp3CD_d-y=8U8&##S`a4cJPEg!N|Ol
zj}O=cvVN~XzekDDAW(yn4D(vr^EC!u?P$DdQYU7|>MgoT^Wu|lMyk9WDN7BS_u7sL
zVme(ZC;z83=PPdOsX3*rE*rS>vgf6~WH|DF$ve6GRv#1T)-O<LHDTbD%-Vm2iIO&(
zUzFEHuM2*s5<Vp+IA*VtoVNpdKGxI7nUHX+zdFxos?<l|8O<yH5~E6VM!C-Zi~RG_
zX2EMx42yZud~F+i`aL9^@!Z!JTRaChci_Ba=afXkezeWwC>=_++?%VPm%=Lf2ZP<e
zDU|HwC2q*k@Hgs0q76<b^lfJwg<$(E8vdRDiac?g65k&Pdu|uJ{999&<udIs8Pv+{
zgBlP<sQBNKbk$MXV3N&umrtG$9C}Lw>2<*}Ep>4VJ9>5g7DJq5jm**TsVH;Re#gf<
zqv}1E9Wm6Qdz$}2x(yYH9h(nhIgCauGL4k=0so|R+q8%K@3cjp@fWPGeYPvQ3qtEt
zjQL?^kBY|P>jqx|s-Um*4TaI7a47*rA7g)S?E?wHXlwGyL%H+xacF(jta^u8`Q~W3
z{m6Vi>HTUTPNMRCzv*cKBQZ?%xl@Wn1?VHm)YJY-B6q8JUZVF7u_*T91!K_5#A5Td
zz`zg$nF;lQatjv20Z)`J9D}yl)gl_<)bgAzlzBPFfqxGn_vATl5;B%riMtF?R<56W
zS>j9$`od!yZV!(tVg$H<E@9=s*$w2;MXtnisD4^A`!OH)y8QNVOOD^QR*R^~X)he+
z(3}-|oqepQ8=$+5;i&O4ln^)c3IM|E@*4zyT{`n`x;f-M`fB_}9de)9t8=s^xtdhe
zS*Q6JN#X@Tu7_PF!Ebrg-xAkIJb!y$V(ol1H=AF%!>Oe1^GC)46W`^aeO|D!20%*+
zFX<m!(G#ijOsaghs<k9FDRLsJfh#L<QXSRk{C+A?yM3dD>#4M7r{nd>z9`JozpdV~
z@B^C2UtUi0^=s2yGp){w1IJY0S{wl!K{fDbNSzm-BIS@)2W9{Hqfzf()c|`#tHMh9
zm5Jr4Yr{nrk<u<Cx9VM90V(#^<P$_Qay?tfH?alPTbEdFYL_$Ept;Ux7kKdPp5{AD
zt=!GZFEHE`pYBeTNQRTR7Jmb-RC8vaz93ja0=t*UGoeuZ?r7TS>2WTb9v)cVx_k?&
z?=4yEq|x4V8O$Gn(V!xB3${{kS83w28o`xHLd|z!$cpZfPj;wWTOvfdq_`%%FV~X4
ze$8OisZ~dWOF|+?>IfGl@;CIPLpwGyS%m3cO)`P~M$^AOAx(kjyO}fse+Hi)5)sJq
z-7QWpq`crh$jQ(o4uz)>^ir9Kym{*w*PdTl`X9HQZWNVFtOzH}E=XcG=?A&^C@rq5
zosj_X#ZfMFx#%}&<u98ePz6@=^V^?-h0l6ms$d}A8}-DBp6RENx^6;)xttI6h!K+j
zWD%H-S?3MFSejzjX*KwZCC?+8iZoo1ivO^q`@pvvA&wEuZj5~mmeGQqP)@gg#RBGM
zFe?Qad?Y<R{So1z^21TM*C)WHM#ASZS2uP76N}|98E=EPbS#-kE|kKE+CMWtrMNqc
z*Jk3&l=^vTSv7}X%(UAB)TAXClQBAhp@_tG-lKc}%15yb=D)0x#cCR0LO*weF|KTi
zqvEr{Yhfb#CcNi}-{(sNuFL+|N8JEK-)TURY@Jw20Ip!;<XsEtecBkdNsweJF=CKs
zuDWel9-!<Q=tjhIV<Adh0)667TCUgRyVmn_<@bKYf~TwJ7lxrvgRC$QxG)%F`wRVK
zx2Ac~woP!^2Hj83NEha%6#e9w_a=$`^*y+2<`p-My<=+3t+GLoTyF7P%^47yS?wkQ
zp^WSVJ`HdhLV-0pjjq}lEvfaieINKs%K2G+{UqTXWi+3;{bb2_0JrgO!G1y;W^I*l
zKiysflcPzj&I0o@GR=AdW2C16>tTnpbqdfX!501n56$1y6t#8}U8Q$(j_7gFg}Z&H
zRM%}<yu2bF_PHMQF?KFBHMMQTE+kXVFoACQ$y%3^gB}C0%FmLaPxNJn>lr-GhS=iy
z-i*U{(Nt~W-1e_Jo>xXVkxiF6wa%>e1c2Bhi3p<>@i2J4y1jIn9IbJ(B9eSi>1-(P
zd90O?#a_Q36yU_ICpzl)$QmYW0=m79ncT`s1*tC-bFG<yD+MPtPmiD1FhBRl$hiVP
zfab<JATzVT9)dM6d}(NFhvvhmxcmpTei49nWieR<9plM|%MYlhnC_0Dzax9@kL4P_
zRorh4HdTpbVtRpHQ9R$#TBr2YcNzg=SPC)4^Lk5hIT1KLfbJ@8{LZA4E9@)j*G`zN
z*t<do$k$B(SP&X<wlks33|6pOQ(8Vk=5H#(OkdD%z7-o6I(m!#$t8{yifURi#qHFT
zbg}Kl<Mr9XwKeMQd_mvOb^w2R?CK8rij{K%^k=XsN61Uq3{5wvJdyM|v#Do66Hr=t
zOvT+&?1w|<QEIA2LIkoQ^H(>~@M~$GWAO(AIqZ`4Rllxf_+3#96xJR~hm#1tPXRS}
zjD=L9L$J+TO2coX{Sh1w`XlYe803UDP@|VRg1)ek=D`;m+)8yrwZJEARf;d0z+t-7
z9AJ{-lGPv&>*TQNS-w0Y2qQiH(!mm^Uk!b-qtARb5q^EmIumg|*z;&sFq*dL?305+
zQhGEiuKeh%%3qyO!>}0O{N!}72Ww$u!9<k8f&Fnq$6x5PsMGvA^hm^DW`-}sEv;Kb
z;WO2pE7!X#DUJ|R&eX@94H#A4;?ZRSEx#79Pd<^qoeuw>QF4e1*;<V=uw|2O5>)8i
zf7~uXX6wxb+YZ1RA9GKld0{Jas}37{MN4Ui&D*`|PAwpu*;Ks{1;l@j#`+}!2PA87
z*p=GlpD|D(4!vWtltj8F`sY}{Z6Iu9>8sa^<!%gaZ4BHK!WPlM<plAO0|k06+Sux5
z>t!E(iAeTgaj>xs>Jc!0VEaQF_L+p`;<dIV)j*#)<Vr--;?dqpm&5EmT+Do${1-YF
zXE6PTHuCY=JCOs~GCT+qoJcnCsoCY)<s31zICe~eu7{>E1S?)Y-cw=P;JoX{fX@AR
zkRqf>mUh@xmeo{Hrft1j925!cJy|S@x%(h&q|04cD?dFLNM315)VmPpVTWc8fz|J1
z53kK)RnNk3Y_;&ywJ@iuE%JZsxgoth(@H77P?Pu9#$U)${4>JD&P@*h`5I>$K&mzo
zhyOh`Z(xGQtFRqW8OIQHxLcloA9DKISxVE?RIQnOl!pE~W6)itj{H}fi{UiXre@;L
zlpgQjNq+npVoB%H?}{epF$??KNaf7A5Md0HJ?>Nb*#a8ku7Bl0>h~vF#hUJo!M8wC
zm>J-|Zur+e>`v2Wx29-D>ShUwVY?)dD7ZKKEfl7Elv0eCD{zhfcN@kC6VrF%DQj%(
zc7eM)?W9rv?*7!5FzJt|O!QM!pZ0Hx;ptm$|30U}Fg1=#H)7`Qg|Pkas-0+-Kfd-R
z8hA2u|Gx>S?~Gx@YxizCFmR4x&*ZrjY+Y1z6`q&D>6*86cXPe{0de%nuy%C$hT0SG
OPwK6_M1h!|@BabSe$NyD

diff --git a/windows/configuration/supported-csp-start-menu-layout-windows.md b/windows/configuration/supported-csp-start-menu-layout-windows.md
index 6a3d62ba5f..9a2216a0c5 100644
--- a/windows/configuration/supported-csp-start-menu-layout-windows.md
+++ b/windows/configuration/supported-csp-start-menu-layout-windows.md
@@ -22,9 +22,9 @@ ms.localizationpriority: medium
 
 The Windows OS exposes CSPs that are used by MDM providers, like [Microsoft Endpoint Manager](/mem/endpoint-manager-overview). In an MDM policy, these CSPs are settings that you configure in a policy. When the policy is ready, you deploy the policy to your devices.
 
-This article lists the CSPs that are available to customize the Start menu for Windows 11 devices. Windows 11 uses the [Policy CSP - Start](/windows/client-management/mdm/policy-csp-start).
+This article lists the CSPs that are available to customize the Start menu for Windows 11 devices. Windows 11 uses the [Policy CSP - Start](/windows/client-management/mdm/policy-csp-start). For more general information, see [Configuration service provider (CSP) reference](/windows/client-management/mdm/configuration-service-provider-reference).
 
-For more general information, see [Configuration service provider (CSP) reference](/windows/client-management/mdm/configuration-service-provider-reference).
+For information on customizing the Start menu layout using policy, see [Customize the Start menu layout on Windows 11](customize-the-start-menu-layout-on-windows-11.md).
 
 ## Existing Windows CSP policies that Windows 11 supports
 

From 5814d413bafd260a65d081f3b15e8be54072992e Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Thu, 9 Sep 2021 20:47:29 -0400
Subject: [PATCH 289/671] adding private store draft

---
 ...ate-store-mdm-company-portal-windows-11.md | 145 ++++++++++++++++++
 windows/application-management/toc.yml        |   2 +
 2 files changed, 147 insertions(+)
 create mode 100644 windows/application-management/private-store-mdm-company-portal-windows-11.md

diff --git a/windows/application-management/private-store-mdm-company-portal-windows-11.md b/windows/application-management/private-store-mdm-company-portal-windows-11.md
new file mode 100644
index 0000000000..bcdb98e1dc
--- /dev/null
+++ b/windows/application-management/private-store-mdm-company-portal-windows-11.md
@@ -0,0 +1,145 @@
+---
+title: Use the Company Portal app for your private store on Windows 11 devices | Microsoft Docs
+description: Use the Company Portal app in Windows 11 devices to access the private store. Add apps to an MDM/MAM provider, and deploy the apps to Windows devices using policies. The Company Portal app replaces Microsoft Store private store on Windows 11 devices.
+ms.assetid: 
+ms.reviewer: 
+manager: dougeby
+ms.author: mandia
+ms.prod: w11
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: mobile
+author: MandiOhlinger
+ms.date: 09/09/2021
+ms.localizationpriority: medium
+---
+
+# Private app store in Windows 11
+
+**Applies to**:
+
+- Windows 11
+
+Starting with Windows 11, how administrators deploy apps to devices is updated. The Microsoft Store app is available on Windows 11, and allows users to install public and retail apps. The Microsoft Store app on Windows 11 doesn't have a private store for organization-specific apps.
+
+Instead of a private store in the Microsoft Store app, you install the Company Portal app on devices. The Company Portal app replaces the private store in Microsoft Store for Business. When the Company Portal app is installed, users open it, and see the apps your organization makes available. They select an app, and install it.
+
+The Company Portal app has many benefits, including:
+
+- On existing devices, users can enroll their devices, and be managed by your organization. When they enroll, they get access to organization resources, including apps.
+- Users can browse and install approved organization apps that you add.
+- You can personalize the Company Portal app by adding help desk details, and other information from your IT department.
+- Users can see all their enrolled devices, and see the device information.
+- Users can reset their devices, which is helpful if their device is lost or stolen.
+
+This article discusses the Company Portal app installation options, adding organization apps, and more.
+
+## Before you begin
+
+As organizations become more global, and to support employees working from anywhere, it's recommended to use a Mobile Device Management (MDM) provider. MDM providers help manage your devices, and help manage apps on your devices. For Microsoft, that includes using Microsoft Endpoint Manager. Endpoint Manager includes Microsoft Intune, which is a cloud service, and Configuration Manager, which is on-premises.
+
+In this article, we mention these services. If you're not managing your devices using an MDM provider, the following resources may help you get started:
+
+- [Microsoft Endpoint Manager overview](/mem/endpoint-manager-overview)
+- [What is Microsoft Intune](/mem/intune/fundamentals/what-is-intune) and [Microsoft Intune planning guide](/mem/intune/fundamentals/intune-planning-guide)
+- [What is Configuration Manager?](/mem/configmgr/core/understand/introduction)
+
+## Prerequisites
+
+To use the Company Portal app:
+
+- Users must have a work account that's already set up. For more information, see [Manage users and groups in Microsoft 365](/microsoft-365/admin/add-users).
+- Your organization must have an Intune subscription. For more information, see [Microsoft Intune licensing](/mem/intune/fundamentals/licenses).
+
+## Install the Company Portal app
+
+To install the Company Portal app, you have some options:
+
+- **Use Microsoft Endpoint Manager**: Endpoint Manager includes Microsoft Intune (cloud) and Configuration Manager (on-premises). With both services, you can add Microsoft Store apps, like the Company Portal app. Once added, you create an app policy that deploys and installs the Company Portal app to your devices.
+
+  - On co-managed devices, which are managed by Microsoft Intune + Configuration Manager together, the Company Portal app shows your Intune apps and your Configuration Manager apps. So, all apps are shown in one place.
+
+  - When apps are installed from the Microsoft Store app, by default, they're automatically updated. Users can also open the Microsoft Store app, go to the **Library**, and check for updates.
+
+  - Using Endpoint Manager is the most scalable option. When you create the app policy, the policy can be deployed to many users and many devices simultaneously.
+
+  For more information, see:
+  
+  - [What is Microsoft Endpoint Manager](/mem/endpoint-manager-overview)
+  - [Add Microsoft Store apps to Microsoft Intune](/mem/intune/apps/store-apps-windows)
+  - [What is co-management?](/mem/configmgr/comanage/overview)
+  - [Use the Company Portal app on co-managed devices](/mem/configmgr/comanage/company-portal)
+
+- **Use Windows Autopilot**: Windows Autopilot automatically provisions devices, and gets them ready for production. If you're purchasing new devices, then we recommend using Windows Autopilot to preconfigure the devices, and get them ready for use.
+
+  - In the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), you add the Company Portal app from the Microsoft Store. Once it's added, the app can be included in your Windows Autopilot deployment. When the device turns on and is getting ready, the Company Portal app is also installed, before users sign in.
+
+  - When apps are installed from the Microsoft Store app, by default, they're automatically updated. Users can also open the Microsoft Store app, go to the **Library**, and check for updates.
+
+  For more information, see:
+  
+  - [What is Windows Autopilot](/mem/autopilot/windows-autopilot)
+  - [Add and assign the Company Portal app for Autopilot provisioned devices](/mem/intune/apps/store-apps-company-portal-autopilot)
+
+- **Use the Microsoft Store**: The Company Portal app is available in the Microsoft Store, and can be downloaded by your users. Users open the Microsoft Store app on their device, search for **Company Portal**, and install it. When it's installed, users might be prompted to sign in with their organization account (`user@contoso.com`). When the app opens, they see a list of approved organization apps that can be installed.
+
+  - When apps are installed from the Microsoft Store app, by default, they're automatically updated. Users can also open the Microsoft Store, go to the **Library**, and check for updates. Within the Company Portal app, they can use the update feature to get app fixes and feature updates on the organization apps you added.
+
+  - This option requires users to install the app themselves. If you have many users, the recommended approach is to deploy the Company Portal app using Endpoint Manager or using Windows Autopilot.
+
+## Customize the Company Portal app
+
+Many organizations customize the Company Portal app to include their specific information. In the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), you can customize the Company Portal app. For example, you can add a brand logo, include support information, add self-service device actions, and more.
+
+For more information, see [Configure the Intune Company Portal app](/mem/intune/apps/company-portal-app).
+
+## Add your organization apps to the Company Portal app
+
+**??What are the non-MDM ways to add apps to CP app? Windows Package Manager? ??**
+
+When you add an app in the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), there is a **Show this as a featured app in the Company Portal** setting. Be sure you use this setting.
+
+On co-managed devices (Microsoft Intune + Configuration Manager together), your Configuration Manager apps can also be shown in the Company Portal app. For more information, see [Use the Company Portal app on co-managed devices](/mem/configmgr/comanage/company-portal).
+
+When the apps are shown, users can select and download the apps on their devices. You can add Microsoft Store apps, web apps, Microsoft 365 apps, LOB apps, Win32 apps, and sideload apps. For more information on adding apps to the Endpoint Manager admin center, see:
+
+- [Add Microsoft 365 apps using Intune](/mem/intune/apps/apps-add-office365)
+- [Add web apps using Intune](/mem/intune/apps/web-app)
+- [Add LOB apps using Intune](/mem/intune/apps/lob-apps-windows)
+- [Win32 app management in Intune](/mem/intune/apps/apps-win32-app-management)
+- [Create and deploy an application with Configuration Manager](/mem/configmgr/apps/get-started/create-and-deploy-an-application)
+
+If you use a third party or partner MDM provider, be sure to configure the settings that list your apps in the Company Portal app.
+
+## Use Group Policy or MDM to block the Microsoft Store
+
+By default, the OS shows the Microsoft Store, and allows users to install the public and retail apps. To hide the Microsoft Store on your user devices, you can use Group Policy (on-premises), or use an MDM provider, such as Microsoft Intune (cloud).
+
+### Group Policy
+
+If you use Group Policy, you can use the following policies:
+
+- `Computer configuration\Administrative templates\Windows Components\Store\Turn off the Store application`
+- `User configuration\Administrative templates\Windows Components\Store\Turn off the Store application`
+
+If you currently use the `Only display the private store within Microsoft Store app` and `To show private store only in Microsoft Store app` policies, then you should now use `Disable all apps from Microsoft Store` policy.
+
+### MDM
+
+Using an MDM provider, you can deploy a policy that turns off or blocks the Microsoft Store.
+
+Using Microsoft Intune, you can use [Administrative Templates](/mem/intune/configuration/administrative-templates-windows) (opens another Microsoft web site) or the [Settings Catalog](/mem/intune/configuration/settings-catalog) (opens another Microsoft web site) to turn off the Microsoft Store app.
+
+## Use Microsoft Defender Application Control or AppLocker
+
+The Microsoft Store app uses the `WinStore.App.exe` file. You can block access to this file using AppLocker or Microsoft Defender Application Control. For more information on these options, see:
+
+- [Windows Defender Application Control and AppLocker Overview](/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview)
+- [Block Microsoft Store using AppLocker](../configuration/stop-employees-from-using-microsoft-store.md#block-microsoft-store-using-applocker)
+
+## Microsoft Store for Business
+
+> [!IMPORTANT]
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+
+In the Microsoft Store app, the private store includes apps used by our organization. On Windows 10 devices, users open the Microsoft Store app, go to your organization's tab, select an app, and install it.
diff --git a/windows/application-management/toc.yml b/windows/application-management/toc.yml
index 6847361924..e8e1f49908 100644
--- a/windows/application-management/toc.yml
+++ b/windows/application-management/toc.yml
@@ -11,6 +11,8 @@ items:
           href: provisioned-apps-windows-client-os.md
         - name: System apps in Windows client OS
           href: system-apps-windows-client-os.md
+        - name: Private store on Windows 11
+          href: private-store-mdm-company-portal-windows-11.md
     - name: Add features in Windows client
       href: add-apps-and-features.md
     - name: Sideload apps

From 36cd95bd83429ab9fc2794abd8ce06bfb09fa1dd Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Thu, 9 Sep 2021 20:56:54 -0400
Subject: [PATCH 290/671] quick review updates

---
 .../private-store-mdm-company-portal-windows-11.md          | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/windows/application-management/private-store-mdm-company-portal-windows-11.md b/windows/application-management/private-store-mdm-company-portal-windows-11.md
index bcdb98e1dc..806b6b9c94 100644
--- a/windows/application-management/private-store-mdm-company-portal-windows-11.md
+++ b/windows/application-management/private-store-mdm-company-portal-windows-11.md
@@ -113,7 +113,7 @@ If you use a third party or partner MDM provider, be sure to configure the setti
 
 ## Use Group Policy or MDM to block the Microsoft Store
 
-By default, the OS shows the Microsoft Store, and allows users to install the public and retail apps. To hide the Microsoft Store on your user devices, you can use Group Policy (on-premises), or use an MDM provider, such as Microsoft Intune (cloud).
+By default, the OS shows the Microsoft Store, and allows users to install the public and retail apps. If you want, you can hide the Microsoft Store on your user devices using Group Policy (on-premises), or using an MDM provider, such as Microsoft Intune (cloud).
 
 ### Group Policy
 
@@ -130,12 +130,14 @@ Using an MDM provider, you can deploy a policy that turns off or blocks the Micr
 
 Using Microsoft Intune, you can use [Administrative Templates](/mem/intune/configuration/administrative-templates-windows) (opens another Microsoft web site) or the [Settings Catalog](/mem/intune/configuration/settings-catalog) (opens another Microsoft web site) to turn off the Microsoft Store app.
 
+**--> Need to add more specific info. <--**
+
 ## Use Microsoft Defender Application Control or AppLocker
 
 The Microsoft Store app uses the `WinStore.App.exe` file. You can block access to this file using AppLocker or Microsoft Defender Application Control. For more information on these options, see:
 
 - [Windows Defender Application Control and AppLocker Overview](/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview)
-- [Block Microsoft Store using AppLocker](../configuration/stop-employees-from-using-microsoft-store.md#block-microsoft-store-using-applocker)
+- [Block Microsoft Store using AppLocker](/windows/configuration/stop-employees-from-using-microsoft-store#block-microsoft-store-using-applocker)
 
 ## Microsoft Store for Business
 

From 23bf32ee87fa34a401b839092887a746b17839db Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Fri, 10 Sep 2021 09:54:54 -0700
Subject: [PATCH 291/671] Update TOC.yml

---
 windows/security/TOC.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index c3103245fe..d6aa4bd0b5 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -4,6 +4,8 @@
   expanded: true
 - name: Hardware security
   items: 
+    - name: Overview
+      href: hardware.md
     - name: Trusted Platform Module
       href: information-protection/tpm/trusted-platform-module-top-node.md
       items: 

From 70e73dbe10b174b5c07e72e4d8997494f874268e Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Fri, 10 Sep 2021 10:03:14 -0700
Subject: [PATCH 292/671] Update cloud.md

---
 windows/security/cloud.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index c8ff9dc957..807a9bdc7e 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -8,7 +8,7 @@ manager: dansimp
 ms.prod: w11
 audience: ITPro
 ms.topic: conceptual
-ms.date: 09/08/2021
+ms.date: 09/10/2021
 ms.localizationpriority: medium
 ms.collection: 
 ms.custom: 
@@ -35,3 +35,7 @@ Windows 11 includes the cloud services that are listed in the following table:<b
 | OneDrive | OneDrive is your online storage for your files, photos, and data. OneDrive provides extra security, backup, and restore options for important files and photos. With options for both personal and business, people can use OneDrive to store and protect files in the cloud, allowing users to them on their laptops, desktops, and mobile devices. If a device is lost or stolen, people can quickly recover all their important files, photos, and data. <br/><br/>The OneDrive Personal Vault also provides protection for your most sensitive files without losing the convenience of anywhere access. Files are secured by identity verification, yet easily accessible to users across their devices. [Learn how to set up your Personal Vault](https://support.microsoft.com/office/protect-your-onedrive-files-in-personal-vault-6540ef37-e9bf-4121-a773-56f98dce78c4). <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. [Learn more about how to recover from a ransomware attack using Office 365](/microsoft-365/security/office-365-security/recover-from-ransomware). |
 | Family safety | Microsoft Family Safety empowers people and their family members to create healthy habits and protect their loved ones, both online and offline. People can use their Microsoft account to create a family group on Windows, Xbox, or your mobile devices, and then customize their family settings by using the `family.microsoft.com` website or the Microsoft Family Safety app on Android and iOS.<br/><br/>[Learn more about Microsoft Family Safety](https://www.microsoft.com/en-us/microsoft-365/family-safety).   |
 
+## Next steps
+
+- [Learn more about MDM and Windows 11](mdm-windows.md)
+- [Learn more about Windows security](index.yml)
\ No newline at end of file

From 61008f0d0e2111c3f606626cff1a935c03071920 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Fri, 10 Sep 2021 10:07:21 -0700
Subject: [PATCH 293/671] Update apps.md

---
 windows/security/apps.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/apps.md b/windows/security/apps.md
index 098f9524ea..033e42b863 100644
--- a/windows/security/apps.md
+++ b/windows/security/apps.md
@@ -13,7 +13,7 @@ author: dansimp
 
 # Windows application security
 
-Cybercriminals regularly gain access to valuable data by hacking poorly secured applications. Common security failures include “code injection” attacks, in which attackers insert malicious code that can tamper with data, or even destroy it. An application may have its security misconfigured, leaving open doors for hackers. Or vital customer and corporate information may leave sensitive data exposed. Windows 11 protects your valuable data with layers of application security. A rich application platform, isolation, and code integrity enables developers to build-in security from the ground up to protect against breaches and malware.
+Cybercriminals regularly gain access to valuable data by hacking poorly secured applications. Common security failures include “code injection” attacks, in which attackers insert malicious code that can tamper with data, or even destroy it. An application may have its security misconfigured, leaving open doors for hackers. Or vital customer and corporate information may leave sensitive data exposed. Windows 11 protects your valuable data with layers of application security. A rich application platform, isolation, and code integrity enable developers to build in security from the ground up to protect against breaches and malware.
 
 The following table summarizes the Windows security features and capabilities for apps:<br/><br/>
 
@@ -29,7 +29,7 @@ The following table summarizes the Windows security features and capabilities fo
 | Security Measures | Features & Capabilities |
 |:---|:---|
 | Windows Defender Application Control | Application control is one of the most effective security controls to prevent unwanted or malicious code from running. It moves away from an application trust model where all code is assumed trustworthy to one where apps must earn trust to run. Learn more: [Application Control for Windows](/threat-protection/windows-defender-application-control/windows-defender-application-control.md) |
-| Microsoft Defender Application Guard | Application Guard leverages chip based hardware isolation to isolate untrusted websites and untrusted Office files, seamlessly running these in an isolated Hyper-V based container, separate from the desktop operating system, and making sure that anything that happens within the container remains isolated from the desktop. Learn more [Microsoft Defender Application Guard overview](/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md). |
+| Microsoft Defender Application Guard | Application Guard uses chip-based hardware isolation to isolate untrusted websites and untrusted Office files, seamlessly running untrusted websites and files in an isolated Hyper-V-based container, separate from the desktop operating system, and making sure that anything that happens within the container remains isolated from the desktop. Learn more [Microsoft Defender Application Guard overview](/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md). |
 | Email Security |  With Windows S/MIME email security, users can encrypt outgoing messages and attachments, so only intended recipients with digital identification (ID)—also called a certificate—can read them. Users can digitally sign a message, which verifies the identity of the sender and ensures the message has not been tampered with.[Configure S/MIME for Windows 10](/identity-protection/configure-s-mime.md) |
 | Microsoft Defender SmartScreen |  Microsoft Defender SmartScreen protects against phishing or malware websites and applications, and the downloading of potentially malicious files. Learn more: [Microsoft Defender SmartScreen overview](/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md) | 
 | Isolating UWP apps |  TBD |

From e36dc09ff7778d67e46f61481ca735bd5ce76dd3 Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Fri, 10 Sep 2021 14:21:09 -0700
Subject: [PATCH 294/671] add link to security video

---
 windows/whats-new/windows-11.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/whats-new/windows-11.md b/windows/whats-new/windows-11.md
index d7f3653761..dc6efb73c9 100644
--- a/windows/whats-new/windows-11.md
+++ b/windows/whats-new/windows-11.md
@@ -89,3 +89,4 @@ When Windows 11 reaches general availability, important servicing-related announ
 ## Also see
 
 [What's new in Windows 11](/windows-hardware/get-started/what-s-new-in-windows)<br>
+[Windows 11 Security — Our Hacker-in-Chief Runs Attacks and Shows Solutions](https://www.youtube.com/watch?v=2RTwGNyhSy8)

From de068b493555aaaaf80a7f38e153cdf408839a24 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Fri, 10 Sep 2021 16:09:36 -0700
Subject: [PATCH 295/671] tweaks

---
 windows/security/TOC.yml   | 6 ++----
 windows/security/index.yml | 2 +-
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index d6aa4bd0b5..2ef62a440f 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -344,7 +344,5 @@
       href: threat-protection/msft-security-dev-lifecycle.md
     - name: Microsoft Bug Bounty Program
       href: threat-protection/microsoft-bug-bounty-program.md
-- name: Privacy controls
-  items:
-  - name: Windows Privacy controls
-    href: https://docs.microsoft.com/windows/privacy/windows-10-and-privacy-compliance
\ No newline at end of file
+- name: Windows Privacy
+  href: /windows/privacy/windows-10-and-privacy-compliance.md
diff --git a/windows/security/index.yml b/windows/security/index.yml
index a2b6354f5b..09d23443f6 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -1,7 +1,7 @@
 ### YamlMime:Landing
 
 title: Windows security # < 60 chars
-summary: Learn about Windows security from chip to cloud.  # < 160 chars
+summary: Windows is a Zero Trust-ready operating system that provides security from chip to cloud.  # < 160 chars
 
 metadata:
   title: Windows security # Required; page title displayed in search results. Include the brand. < 60 chars.

From 51417fe3eb029b3581be86df6c6a5497e60c4fa6 Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Sat, 11 Sep 2021 02:09:01 -0700
Subject: [PATCH 296/671] add link to perf video

---
 windows/whats-new/windows-11.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/whats-new/windows-11.md b/windows/whats-new/windows-11.md
index dc6efb73c9..77e2fa58a9 100644
--- a/windows/whats-new/windows-11.md
+++ b/windows/whats-new/windows-11.md
@@ -89,4 +89,5 @@ When Windows 11 reaches general availability, important servicing-related announ
 ## Also see
 
 [What's new in Windows 11](/windows-hardware/get-started/what-s-new-in-windows)<br>
-[Windows 11 Security — Our Hacker-in-Chief Runs Attacks and Shows Solutions](https://www.youtube.com/watch?v=2RTwGNyhSy8)
+[Windows 11 Security — Our Hacker-in-Chief Runs Attacks and Shows Solutions](https://www.youtube.com/watch?v=2RTwGNyhSy8)<br>
+[Windows 11: The Optimization and Performance Improvements](https://www.youtube.com/watch?v=oIYHRRTCVy4)

From 761b29781d1f204fbcf5e71938cc44816e1f6a34 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Sat, 11 Sep 2021 19:45:46 +0530
Subject: [PATCH 297/671] Updated

---
 .../mdm/policies-in-policy-csp-admx-backed.md |   4 +
 .../mdm/policy-csp-admx-disknvcache.md        | 367 ++++++++++++++++++
 2 files changed, 371 insertions(+)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-disknvcache.md

diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 6c81fd4df2..ac534808ce 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -163,6 +163,10 @@ ms.date: 10/08/2020
 - [ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_1](./policy-csp-admx-digitallocker.md#admx-digitallocker-digitalx-diableapplication-titletext-1)
 - [ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_2](./policy-csp-admx-digitallocker.md#admx-digitallocker-digitalx-diableapplication-titletext-2)
 - [ADMX_DistributedLinkTracking/DLT_AllowDomainMode](./policy-csp-admx-distributedlinktracking.md#admx-distributedlinktracking-dlt_allowdomainmode)
+- [ADMX_DiskNVCache/BootResumePolicy](./policy-csp-admx-disknvcache.md#admx-disknvcache-bootresumepolicy)
+- [ADMX_DiskNVCache/CachePowerModePolicy](./policy-csp-admx-disknvcache.md#admx-disknvcache-cachepowermodepolicy)
+- [ADMX_DiskNVCache/FeatureOffPolicy](./policy-csp-admx-disknvcache.md#admx-disknvcache-featureoffpolicy)
+- [ADMX_DiskNVCache/SolidStatePolicy](./policy-csp-admx-disknvcache.md#admx-disknvcache-solidstatepolicy)
 - [ADMX_DnsClient/DNS_AllowFQDNNetBiosQueries](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-allowfqdnnetbiosqueries)
 - [ADMX_DnsClient/DNS_AppendToMultiLabelName](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-appendtomultilabelname)
 - [ADMX_DnsClient/DNS_Domain](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-domain)
diff --git a/windows/client-management/mdm/policy-csp-admx-disknvcache.md b/windows/client-management/mdm/policy-csp-admx-disknvcache.md
new file mode 100644
index 0000000000..0535130b2e
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-disknvcache.md
@@ -0,0 +1,367 @@
+---
+title: Policy CSP - ADMX_DiskNVCache
+description: Policy CSP - ADMX_DiskNVCache
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/09/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_DiskNVCache
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_DiskNVCache policies  
+
+<dl>
+  <dd>
+    <a href="#admx-disknvcache-bootresumepolicy">ADMX_DiskNVCache/BootResumePolicy</a>
+  </dd>
+  <dd>
+    <a href="#admx-disknvcache-cachepowermodepolicy">ADMX_DiskNVCache/CachePowerModePolicy</a>
+  </dd>
+  <dd>
+    <a href="#admx-disknvcache-featureoffpolicy">ADMX_DiskNVCache/FeatureOffPolicy</a>
+  </dd>
+  <dd>
+    <a href="#admx-disknvcache-solidstatepolicy">ADMX_DiskNVCache/SolidStatePolicy</a>
+  </dd>  
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-disknvcache-bootresumepolicy"></a>**DiskNVCache/BootResumePolicy**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting turns off the boot and resume optimizations for the hybrid hard disks in the system.
+
+- If you enable this policy setting, the system does not use the non-volatile (NV) cache to optimize boot and resume.
+- If you disable this policy setting, the system uses the NV cache to achieve faster boot and resume.
+
+The system determines the data that will be stored in the NV cache to optimize boot and resume.
+The required data is stored in the NV cache during shutdown and hibernate, respectively. 
+This might cause a slight increase in the time taken for shutdown and hibernate.
+If you do not configure this policy setting, the default behavior is observed and the NV cache is used for boot and resume optimizations.  
+
+> [!NOTE]
+> This policy setting is applicable only if the NV cache feature is on.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP Friendly name: *Turn off boot and resume optimizations*
+-   GP name: *BootResumePolicy*
+-   GP path: *Windows\NvCache!OptimizeBootAndResume*
+-   GP ADMX file name: *DiskNVCache.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-disknvcache-cachepowermodepolicy"></a>**ADMX_DiskNVCache/CachePowerModePolicy**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting turns off power save mode on the hybrid hard disks in the system.
+
+- If you enable this policy setting, the hard disks are not put into NV cache power save mode and no power savings are achieved. 
+- If you disable this policy setting, the hard disks are put into an NV cache power saving mode. 
+
+In this mode, the system tries to save power by aggressively spinning down the disk.  
+If you do not configure this policy setting, the default behavior is to allow the hybrid hard disks to be in power save mode.
+
+> [!NOTE]
+> This policy setting is applicable only if the NV cache feature is on. 
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP Friendly name: *Turn off cache power mode*
+-   GP name: *DiskNVCache/CachePowerModePolicy*
+-   GP path: *Windows\NvCache!EnablePowerModeState*
+-   GP ADMX file name: *DiskNVCache.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-disknvcache-featureoffpolicy"></a>**ADMX_DiskNVCache/FeatureOffPolicy**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td>No</td>
+    <td>No</td>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Machine
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting turns off all support for the non-volatile (NV) cache on all hybrid hard disks in the system.
+
+To check if you have hybrid hard disks in the system, from Device Manager, right-click the disk drive and select Properties.
+
+The NV cache can be used to optimize boot and resume by reading data from the cache while the disks are spinning up. 
+The NV cache can also be used to reduce the power consumption of the system by keeping the disks spun down while satisfying reads and writes from the cache.
+- If you enable this policy setting, the system will not manage the NV cache and will not enable NV cache power saving mode.  
+- If you disable this policy setting, the system will manage the NV cache on the disks if the other policy settings for the NV cache are appropriately configured. 
+
+> [!NOTE]
+> This policy setting will take effect on next boot. If you do not configure this policy setting, the default behavior is to turn on support for the NV cache.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP Friendly name: *Turn off non-volatile cache feature*
+-   GP name: *DiskNVCache/FeatureOffPolicy*
+-   GP path: *Windows\NvCache!EnableNvCache*
+-   GP ADMX file name: *DiskNVCache.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-disknvcache-solidstatepolicy"></a>**ADMX_DiskNVCache/SolidStatePolicy**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting turns off the solid state mode for the hybrid hard disks.  
+- If you enable this policy setting, frequently written files such as the file system metadata and registry may not be stored in the NV cache.
+- If you disable this policy setting, the system will store frequently written data into the non-volatile (NV) cache.
+
+This allows the system to exclusively run out of the NV cache and power down the disk for longer periods to save power. 
+
+> [!NOTE]
+> This can cause increased wear of the NV cache. If you do not configure this policy setting, the default behavior of the system is observed and frequently written files will be stored in the NV cache.  
+
+> [!NOTE]
+> This policy setting is applicable only if the NV cache feature is on.	
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP Friendly name: *Turn off solid state mode*
+-   GP name: *DiskNVCache/SolidStatePolicy*
+-   GP path: *Windows\NvCache!EnableSolidStateMode*
+-   GP ADMX file name: *DiskNVCache.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+
+<!--/Policies-->
+

From 298a4eda47444373dd3fbb205a8155e1af222d5f Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Sat, 11 Sep 2021 19:55:46 +0530
Subject: [PATCH 298/671] Updated

---
 .../mdm/policy-configuration-service-provider.md            | 6 ++++++
 windows/client-management/mdm/toc.yml                       | 2 ++
 2 files changed, 8 insertions(+)

diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index a03f3f09f7..c6a2af8ab9 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -705,6 +705,12 @@ The following diagram shows the Policy configuration service provider in tree fo
   </dd>
 </dl>
 
+### ADMX_DistributedLinkTracking policies  
+
+<dl>
+  <dd>
+    <a href="./policy-csp-admx-distributedlinktracking.md#admx-distributedlinktracking-dlt_allowdomainmode" id="admx-distributedlinktracking-dlt_allowdomainmode">ADMX_DistributedLinkTracking/DLT_AllowDomainMode</a>
+  </dd>
 ### ADMX_DnsClient policies
 
 <dl>
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index 1d385366fb..28851c355a 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -449,6 +449,8 @@ items:
               href: policy-csp-admx-digitallocker.md
             - name: ADMX_DistributedLinkTracking
               href: policy-csp-admx-distributedlinktracking.md
+            - name: ADMX_DiskNVCache
+              href: policy-csp-admx-disknvcache.md
             - name: ADMX_DnsClient
               href: policy-csp-admx-dnsclient.md
             - name: ADMX_DWM

From c2794e1177d39f80910b01494c9656abbbfaf5e3 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Sat, 11 Sep 2021 20:28:03 +0530
Subject: [PATCH 299/671] Update policy-configuration-service-provider.md

---
 .../policy-configuration-service-provider.md  | 22 +++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index c6a2af8ab9..31adf09c31 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -705,12 +705,30 @@ The following diagram shows the Policy configuration service provider in tree fo
   </dd>
 </dl>
 
-### ADMX_DistributedLinkTracking policies  
+### ADMX_DiskNVCache policies  
 
 <dl>
   <dd>
-    <a href="./policy-csp-admx-distributedlinktracking.md#admx-distributedlinktracking-dlt_allowdomainmode" id="admx-distributedlinktracking-dlt_allowdomainmode">ADMX_DistributedLinkTracking/DLT_AllowDomainMode</a>
+    <a href="./policy-csp-admx-disknvcache-bootresumepolicy.md#admx-disknvcache-bootresumepolicy" id="admx-disknvcache-bootresumepolicy">ADMX_DiskNVCache/BootResumePolicy</a>
   </dd>
+
+  <dd>
+    <a href="./policy-csp-admx-disknvcache-cachepowermodepolicy.md#admx-disknvcache-cachepowermodepolicy" id="admx-disknvcache-cachepowermodepolicy">ADMX_DiskNVCache/CachePowerModePolicy</a>
+  </dd>
+
+  <dd>
+    <a href="./policy-csp-admx-disknvcache-featureoffpolicy.md#admx-disknvcache-featureoffpolicy" id="admx-disknvcache-featureoffpolicy">ADMX_DiskNVCache/FeatureOffPolicy</a>
+  </dd>
+
+  <dd>
+    <a href="./policy-csp-admx-disknvcache-featureoffpolicy.md#admx-disknvcache-featureoffpolicy" id="admx-disknvcache-featureoffpolicy">ADMX_DiskNVCache/FeatureOffPolicy</a>
+  </dd>
+
+  <dd>
+    <a href="./policy-csp-admx-disknvcache-solidstatepolicy.md#admx-disknvcache-solidstatepolicy" id="admx-disknvcache-solidstatepolicy">ADMX_DiskNVCache/SolidStatePolicy</a>
+  </dd>
+<dl>
+
 ### ADMX_DnsClient policies
 
 <dl>

From 81c44f8e2254a778479ced8f9d554b437c09649c Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Sat, 11 Sep 2021 21:13:32 +0530
Subject: [PATCH 300/671] Update policy-configuration-service-provider.md

---
 .../mdm/policy-configuration-service-provider.md       | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 31adf09c31..f9ad946023 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -708,22 +708,16 @@ The following diagram shows the Policy configuration service provider in tree fo
 ### ADMX_DiskNVCache policies  
 
 <dl>
-  <dd>
+  
+<dd>
     <a href="./policy-csp-admx-disknvcache-bootresumepolicy.md#admx-disknvcache-bootresumepolicy" id="admx-disknvcache-bootresumepolicy">ADMX_DiskNVCache/BootResumePolicy</a>
   </dd>
-
   <dd>
     <a href="./policy-csp-admx-disknvcache-cachepowermodepolicy.md#admx-disknvcache-cachepowermodepolicy" id="admx-disknvcache-cachepowermodepolicy">ADMX_DiskNVCache/CachePowerModePolicy</a>
   </dd>
-
   <dd>
     <a href="./policy-csp-admx-disknvcache-featureoffpolicy.md#admx-disknvcache-featureoffpolicy" id="admx-disknvcache-featureoffpolicy">ADMX_DiskNVCache/FeatureOffPolicy</a>
   </dd>
-
-  <dd>
-    <a href="./policy-csp-admx-disknvcache-featureoffpolicy.md#admx-disknvcache-featureoffpolicy" id="admx-disknvcache-featureoffpolicy">ADMX_DiskNVCache/FeatureOffPolicy</a>
-  </dd>
-
   <dd>
     <a href="./policy-csp-admx-disknvcache-solidstatepolicy.md#admx-disknvcache-solidstatepolicy" id="admx-disknvcache-solidstatepolicy">ADMX_DiskNVCache/SolidStatePolicy</a>
   </dd>

From 262abbc3f8375d361f5597c5c2e80150d14869f5 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Mon, 13 Sep 2021 10:39:07 +0530
Subject: [PATCH 301/671] Updated

---
 .../mdm/policies-in-policy-csp-admx-backed.md |   1 +
 .../policy-configuration-service-provider.md  |   8 +-
 .../mdm/policy-csp-admx-diskquota.md          | 386 ++++++++++++++++++
 .../mdm/policy-csp-admx-eventlogging.md       | 114 ++++++
 windows/client-management/mdm/toc.yml         |   2 +
 5 files changed, 510 insertions(+), 1 deletion(-)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-diskquota.md
 create mode 100644 windows/client-management/mdm/policy-csp-admx-eventlogging.md

diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index ac534808ce..e907750c05 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -207,6 +207,7 @@ ms.date: 10/08/2020
 - [ADMX_EAIME/L_TurnOnLexiconUpdate](./policy-csp-admx-eaime.md#admx-eaime-l-turnonlexiconupdate)
 - [ADMX_EAIME/L_TurnOnLiveStickers](./policy-csp-admx-eaime.md#admx-eaime-l-turnonlivestickers)
 - [ADMX_EAIME/L_TurnOnMisconversionLoggingForMisconversionReport](./policy-csp-admx-eaime.md#admx-eaime-l-turnonmisconversionloggingformisconversionreport)
+- [ADMX_EventLogging/EnableProtectedEventLogging](./policy-csp-admx-eventlogging.md#admx-eventlogging-enableprotectedeventlogging)
 - [ADMX_EncryptFilesonMove/NoEncryptOnMove](./policy-csp-admx-encryptfilesonmove.md#admx-encryptfilesonmove-noencryptonmove)
 - [ADMX_EnhancedStorage/ApprovedEnStorDevices](./policy-csp-admx-enhancedstorage.md#admx-enhancedstorage-approvedenstordevices)
 - [ADMX_EnhancedStorage/ApprovedSilos](./policy-csp-admx-enhancedstorage.md#admx-enhancedstorage-approvedsilos)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index f9ad946023..2351fd3af7 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -706,7 +706,7 @@ The following diagram shows the Policy configuration service provider in tree fo
 </dl>
 
 ### ADMX_DiskNVCache policies  
-
+                                    
 <dl>
   
 <dd>
@@ -865,6 +865,12 @@ The following diagram shows the Policy configuration service provider in tree fo
   </dd>
 </dl>
 
+### ADMX_EncryptFilesonMove policies
+<dl>
+  <dd>
+    <a href="./policy-csp-admx-eventlogging.md#admx-eventlogging-enableprotectedeventlogging" id="admx-eventlogging-enableprotectedeventlogging">ADMX_EventLogging/EnableProtectedEventLogging</a>
+  </dd>
+</dl>
 ### ADMX_EnhancedStorage policies  
 
 <dl>
diff --git a/windows/client-management/mdm/policy-csp-admx-diskquota.md b/windows/client-management/mdm/policy-csp-admx-diskquota.md
new file mode 100644
index 0000000000..b9a51a2def
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-diskquota.md
@@ -0,0 +1,386 @@
+---
+title: Policy CSP - ADMX_DiskQuota
+description: Policy CSP - ADMX_DiskQuota
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/12/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_DiskQuota
+
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_DiskQuota policies  
+
+<dl>
+  <dd>
+    <a href="#admx-diskquota-dq_removablemedia">ADMX_DiskQuota/DQ_RemovableMedia</a>
+  </dd>
+  <dd>
+    <a href="#admx-diskquota-dq_enable">ADMX_DiskQuota/DQ_Enable</a>
+  </dd>
+  <dd>
+    <a href="#admx-diskquota-dq_enforce">ADMX_DiskQuota/DQ_Enforce</a>
+  </dd>
+  <dd>
+    <a href="#admx-diskquota-dq_logeventoverlimit">ADMX_DiskQuota/DQ_LogEventOverLimit</a>
+  </dd>
+  <dd>
+    <a href="#admx-diskquota-dq_logeventoverthreshold">ADMX_DiskQuota/DQ_LogEventOverThreshold</a>
+  </dd>
+  <dd>
+    <a href="#admx-diskquota-dq_limit">ADMX_DiskQuota/DQ_Limit</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-diskquota-dq_removablemedia"></a>**ADMX_diskquota/DQ_RemovableMedia**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>No</td>
+    <td>No</td>
+<tr>
+    <td>Business</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting extends the disk quota policies in this folder to NTFS file system volumes on removable media.  
+
+If you disable or do not configure this policy setting, the disk quota policies established in this folder apply to fixed-media NTFS volumes only. 
+
+> [!NOTE]
+> When this policy setting is applied, the computer will apply the disk quota to both fixed and removable media.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP Friendly name: *Apply policy to removable media*
+-   GP name: *DQ_RemovableMedia*
+-   GP path: *System\Disk Quotas*
+-   GP ADMX file name: *DiskQuota.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-diskquota-dq_enable"></a>**ADMX_DiskQuota/DQ_Enable**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting turns on and turns off disk quota management on all NTFS volumes of the computer, and prevents users from changing the setting.  
+
+- If you enable this policy setting, disk quota management is turned on, and users cannot turn it off.  
+
+- If you disable the policy setting, disk quota management is turned off, and users cannot turn it on.  
+
+If this policy setting is not configured, disk quota management is turned off by default, but administrators can turn it on.  
+
+To prevent users from changing the setting while a setting is in effect, the system disables the "Enable quota management" option on the Quota tab of NTFS volumes.  
+
+> [!NOTE]
+> This policy setting turns on disk quota management but does not establish or enforce a particular disk quota limit. 
+
+To specify a disk quota limit, use the "Default quota limit and warning level" policy setting. Otherwise, the system uses the physical space on the volume as the quota limit.  
+
+> [!NOTE]
+> To turn on or turn off disk quota management without specifying a setting, in My Computer, right-click the name of an NTFS volume, click **Properties**, click the **Quota** tab, and then click **Enable quota management**.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP Friendly name: *Enable disk quotas*
+-   GP name: *DQ_Enable*
+-   GP path: *Windows NT\DiskQuota!Enable*
+-   GP ADMX file name: *DiskQuota.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-diskquota-dq_enforce"></a>**ADMX_DiskQuota/DQ_Enforce**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting specifies the default disk quota limit and warning level for new users of the volume.  
+
+This policy setting determines how much disk space can be used by each user on each of the NTFS file system volumes on a computer. 
+It also specifies the warning level, the point at which the user's status in the Quota Entries window changes to indicate that the user is approaching the disk quota limit. 
+
+This setting overrides new users’ settings for the disk quota limit and warning level on their volumes, and it disables the corresponding options in the "Select the default quota limit for new users of this volume" section on the Quota tab. 
+
+This policy setting applies to all new users as soon as they write to the volume. It does not affect disk quota limits for current users, or affect customized limits and warning levels set for particular users (on the Quota tab in Volume Properties).  
+
+If you disable or do not configure this policy setting, the disk space available to users is not limited. The disk quota management feature uses the physical space on each volume as its quota limit and warning level. When you select a limit, remember that the same limit applies to all users on all volumes, regardless of actual volume size. Ensure to set the limit and warning level so that it is reasonable for the range of volumes in the group. 
+ 
+This policy setting is effective only when disk quota management is enabled on the volume. Also, if disk quotas are not enforced, users can exceed the quota limit you set. When users reach the quota limit, their status in the Quota Entries window changes, but users can continue to write to the volume.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP Friendly name: *Specify default quota limit and warning level*
+-   GP name: *DQ_Enforce*
+-   GP path: *Windows NT\DiskQuota!Limit*
+-   GP ADMX file name: *DiskQuota.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<hr/>
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-diskquota-dq_enforce"></a>**ADMX_DiskQuota/DQ_Enforce**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting specifies the default disk quota limit and warning level for new users of the volume.  
+
+This policy setting determines how much disk space can be used by each user on each of the NTFS file system volumes on a computer. 
+It also specifies the warning level, the point at which the user's status in the Quota Entries window changes to indicate that the user is approaching the disk quota limit. 
+
+This setting overrides new users’ settings for the disk quota limit and warning level on their volumes, and it disables the corresponding options in the "Select the default quota limit for new users of this volume" section on the Quota tab. 
+
+This policy setting applies to all new users as soon as they write to the volume. It does not affect disk quota limits for current users, or affect customized limits and warning levels set for particular users (on the Quota tab in Volume Properties).  
+
+If you disable or do not configure this policy setting, the disk space available to users is not limited. The disk quota management feature uses the physical space on each volume as its quota limit and warning level. When you select a limit, remember that the same limit applies to all users on all volumes, regardless of actual volume size. Ensure to set the limit and warning level so that it is reasonable for the range of volumes in the group. 
+ 
+This policy setting is effective only when disk quota management is enabled on the volume. Also, if disk quotas are not enforced, users can exceed the quota limit you set. When users reach the quota limit, their status in the Quota Entries window changes, but users can continue to write to the volume.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP Friendly name: *Specify default quota limit and warning level*
+-   GP name: *DQ_LogEventOverLimit*
+-   GP path: *Windows NT\DiskQuota!Limit*
+-   GP ADMX file name: *DiskQuota.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+
+> [!NOTE]
+> These policies are currently only available as part of a Windows Insider release.
+
+<!--/Policies-->
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-eventlogging.md b/windows/client-management/mdm/policy-csp-admx-eventlogging.md
new file mode 100644
index 0000000000..f5b94b93f3
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-eventlogging.md
@@ -0,0 +1,114 @@
+---
+title: Policy CSP - ADMX_EventLogging
+description: Policy CSP - ADMX_EventLogging
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/12/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_EventLogging
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_EventLogging policies  
+
+<dl>
+  <dd>
+    <a href="#admx-eventlogging-enableprotectedeventlogging">ADMX_EventLogging/EnableProtectedEventLogging</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-eventlogging-enableprotectedeventlogging"></a>**ADMX_EventLogging/EnableProtectedEventLogging**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting lets you configure Protected Event Logging.  
+
+- If you enable this policy setting, components that support it will use the certificate you supply to encrypt potentially sensitive event log data before writing it to the event log. Data will be encrypted using the Cryptographic Message Syntax (CMS) standard and the public key you provide. 
+
+You can use the Unprotect-CmsMessage PowerShell cmdlet to decrypt these encrypted messages, provided that you have access to the private key corresponding to the public key that they were encrypted with.  
+
+- If you disable or do not configure this policy setting, components will not encrypt event log messages before writing them to the event log.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP Friendly name: *Enable Protected Event Logging*
+-   GP name: *EnableProtectedEventLogging*
+-   GP path: *Windows Components\Event Logging*
+-   GP ADMX file name: *EventLogging.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+> [!NOTE]
+> These policies are currently only available as part of a Windows Insider release.
+
+<!--/Policies-->
+
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index 28851c355a..3f056c5aeb 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -459,6 +459,8 @@ items:
               href: policy-csp-admx-eaime.md
             - name: ADMX_EncryptFilesonMove
               href: policy-csp-admx-encryptfilesonmove.md
+            - name: ADMX_EventLogging
+              href: policy-csp-admx-eventlogging.md  
             - name: ADMX_EnhancedStorage
               href: policy-csp-admx-enhancedstorage.md
             - name: ADMX_ErrorReporting

From 936fae37fd27b67c8c4a68ba279df64ad8002229 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Mon, 13 Sep 2021 15:41:10 +0530
Subject: [PATCH 302/671] Updated

---
 .../mdm/policies-in-policy-csp-admx-backed.md |   3 +
 .../policy-configuration-service-provider.md  |  14 +-
 .../mdm/policy-csp-admx-eventviewer.md        | 256 ++++++++++++++++++
 windows/client-management/mdm/toc.yml         |   2 +
 4 files changed, 274 insertions(+), 1 deletion(-)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-eventviewer.md

diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index e907750c05..cd5b5165a8 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -267,6 +267,9 @@ ms.date: 10/08/2020
 - [ADMX_EventLog/Channel_Log_Retention_2](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-retention-2)
 - [ADMX_EventLog/Channel_Log_Retention_3](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-retention-3)
 - [ADMX_EventLog/Channel_Log_Retention_4](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-retention-4)
+- [ADMX_EventViewer/EventViewer_RedirectionProgram](./policy-csp-admx-eventviewer.md#admx-eventviewer-eventviewer_redirectionprogram)
+- [ADMX_EventViewer/EventViewer_RedirectionProgramCommandLineParameters](./policy-csp-admx-eventviewer.md#admx-eventviewer-eventviewer_redirectionprogramcommandlineparameters)
+- [ADMX_EventViewer/EventViewer_RedirectionURL](./policy-csp-admx-eventviewer-eventviewer_redirectionurl)
 - [ADMX_Explorer/AdminInfoUrl](./policy-csp-admx-explorer.md#admx-explorer-admininfourl)
 - [ADMX_Explorer/AlwaysShowClassicMenu](./policy-csp-admx-explorer.md#admx-explorer-alwaysshowclassicmenu)
 - [ADMX_Explorer/DisableRoamedProfileInit](./policy-csp-admx-explorer.md#admx-explorer-disableroamedprofileinit)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 2351fd3af7..25807561c2 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -865,12 +865,13 @@ The following diagram shows the Policy configuration service provider in tree fo
   </dd>
 </dl>
 
-### ADMX_EncryptFilesonMove policies
+### ADMX_EventLogging policies
 <dl>
   <dd>
     <a href="./policy-csp-admx-eventlogging.md#admx-eventlogging-enableprotectedeventlogging" id="admx-eventlogging-enableprotectedeventlogging">ADMX_EventLogging/EnableProtectedEventLogging</a>
   </dd>
 </dl>
+
 ### ADMX_EnhancedStorage policies  
 
 <dl>
@@ -1064,7 +1065,18 @@ The following diagram shows the Policy configuration service provider in tree fo
     <a href="./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-retention-4" id="admx-eventlog-channel-log-retention-4">ADMX_EventLog/Channel_Log_Retention_4</a>
   </dd>
 </dl>
+### ADMX_EventViewer policies  
 
+<dl>
+  <dd>
+    <a href="./policy-csp-admx-eventviewer.md#admx-eventviewer-eventviewer_eventviewer_redirectionprogram" id="admx-eventviewer-eventviewer_eventviewer_redirectionprogram">ADMX_EventViewer/EventViewer_RedirectionProgram</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-eventviewer.md#admx-eventviewer-eventviewer_redirectionprogramcommandlineparameters" id="admx-eventviewer-eventviewer_redirectionprogramcommandlineparameters">ADMX_EventViewer/EventViewer_RedirectionProgramCommandLineParameters</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-eventviewer.md#admx-eventviewer-eventviewer_redirectionurl" id="admx-eventviewer-eventviewer_redirectionurl">ADMX_EventViewer/EventViewer_RedirectionURL</a>
+  <dd>
 ### ADMX_Explorer policies  
 
 <dl>
diff --git a/windows/client-management/mdm/policy-csp-admx-eventviewer.md b/windows/client-management/mdm/policy-csp-admx-eventviewer.md
new file mode 100644
index 0000000000..d153f1ca58
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-eventviewer.md
@@ -0,0 +1,256 @@
+---
+title: Policy CSP - ADMX_EventViewer
+description: Policy CSP - ADMX_EventViewer
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/13/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_EventViewer
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_EventViewer policies  
+
+<dl>
+  <dd>
+    <a href="#admx-eventviewer-eventviewer_redirectionprogram">ADMX_EventViewer/EventViewer_RedirectionProgram</a>
+  </dd>
+  <dd>
+    <a href="#admx-eventviewer-eventviewer_redirectionprogramcommandlineparameters">ADMX_EventViewer_RedirectionProgramCommandLineParameters</a>
+  </dd>
+  <dd>
+    <a href="#admx-eventviewer-eventviewer_redirectionurl">ADMX_EventViewer/EventViewer_RedirectionURL</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-eventviewer-eventviewer_redirectionprogram"></a>**ADMX_EventViewer/EventViewer_RedirectionProgram**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This is the program that will be invoked when the user clicks the `events.asp` link.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP Friendly name: *Events.asp program*
+-   GP name: *EventViewer_RedirectionProgram*
+-   GP path: *Windows Components\Event Viewer*
+-   GP ADMX file name: *EventViewer.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-eventviewer-eventviewer_redirectionprogramcommandlineparameters"></a>**ADMX_EventViewer/EventViewer_RedirectionProgramCommandLineParameters**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This specifies the command line parameters that will be passed to the `events.asp` program.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP Friendly name: *Events.asp program command line parameters*
+-   GP name: *EventViewer_RedirectionProgramCommandLineParameters*
+-   GP path: *Windows Components\Event Viewer*
+-   GP ADMX file name: *EventViewer.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-eventviewer-eventviewer_redirectionurl"></a>**ADMX_EventViewer/EventViewer_RedirectionURL**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This is the URL that will be passed to the Description area in the Event Properties dialog box. 
+Change this value if you want to use a different Web server to handle event information requests.
+
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP Friendly name: *Events.asp URL*
+-   GP name: *EventViewer_RedirectionURL*
+-   GP path: *Windows Components\Event Viewer*
+-   GP ADMX file name: *EventViewer.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+
+<!--/Policies-->
+
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index 3f056c5aeb..2ac642df0e 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -469,6 +469,8 @@ items:
               href: policy-csp-admx-eventforwarding.md
             - name: ADMX_EventLog
               href: policy-csp-admx-eventlog.md
+            - name: ADMX_EventViewer
+              href: policy-csp-admx-eventviewer.md  
             - name: ADMX_Explorer
               href: policy-csp-admx-explorer.md
             - name: ADMX_FileRecovery

From c0fa1a8b30d749a65835ab9a5e3798c35268dbc6 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Mon, 13 Sep 2021 16:44:31 +0530
Subject: [PATCH 303/671] Updated

---
 .../mdm/policies-in-policy-csp-admx-backed.md |   3 +
 .../policy-configuration-service-provider.md  |  15 +
 .../mdm/policy-csp-admx-externalboot.md       | 274 ++++++++++++++++++
 windows/client-management/mdm/toc.yml         |   2 +
 4 files changed, 294 insertions(+)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-externalboot.md

diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index cd5b5165a8..b39e42b398 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -275,6 +275,9 @@ ms.date: 10/08/2020
 - [ADMX_Explorer/DisableRoamedProfileInit](./policy-csp-admx-explorer.md#admx-explorer-disableroamedprofileinit)
 - [ADMX_Explorer/PreventItemCreationInUsersFilesFolder](./policy-csp-admx-explorer.md#admx-explorer-preventitemcreationinusersfilesfolder)
 - [ADMX_Explorer/TurnOffSPIAnimations](./policy-csp-admx-explorer.md#admx-explorer-turnoffspianimations)
+- [ADMX_ExternalBoot/PortableOperatingSystem_Hibernate](./policy-csp-admx-externalboot.md#admx-externalboot-portableoperatingsystem_hibernate)
+- [ADMX_ExternalBoot/PortableOperatingSystem_Sleep](./policy-csp-admx-externalboot.md#admx-externalboot-portableoperatingsystem_sleep)
+- [ADMX_ExternalBoot/PortableOperatingSystem_Launcher](./policy-csp-admx-externalboot.md#admx-externalboot-portableoperatingsystem_launcher)
 - [ADMX_FileRecovery/WdiScenarioExecutionPolicy](./policy-csp-admx-filerecovery.md#admx-filerecovery-wdiscenarioexecutionpolicy)
 - [ADMX_FileServerVSSProvider/Pol_EncryptProtocol](./policy-csp-admx-fileservervssprovider.md#admx-fileservervssprovider-pol-encryptprotocol)
 - [ADMX_FileSys/DisableCompression](./policy-csp-admx-filesys.md#admx-filesys-disablecompression)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 25807561c2..109ef13de2 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -1065,6 +1065,7 @@ The following diagram shows the Policy configuration service provider in tree fo
     <a href="./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-retention-4" id="admx-eventlog-channel-log-retention-4">ADMX_EventLog/Channel_Log_Retention_4</a>
   </dd>
 </dl>
+
 ### ADMX_EventViewer policies  
 
 <dl>
@@ -1077,6 +1078,7 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-admx-eventviewer.md#admx-eventviewer-eventviewer_redirectionurl" id="admx-eventviewer-eventviewer_redirectionurl">ADMX_EventViewer/EventViewer_RedirectionURL</a>
   <dd>
+
 ### ADMX_Explorer policies  
 
 <dl>
@@ -1097,6 +1099,19 @@ The following diagram shows the Policy configuration service provider in tree fo
   </dd>
 </dl>
 
+### ADMX_ExternalBoot policies  
+
+<dl>
+  <dd>
+    <a href="./policy-csp-admx-externalboot.md#admx-externalboot-portableoperatingsystem_hibernate" id="admx-externalboot-portableoperatingsystem_hibernate">ADMX_ExternalBoot/PortableOperatingSystem_Hibernate</a>
+  </dd>
+    <a href="./policy-csp-admx-externalboot.md#admx-externalboot-portableoperatingsystem_sleep" id="admx-externalboot-portableoperatingsystem_sleep">ADMX_ExternalBoot/PortableOperatingSystem_Sleep</a>
+  </dd>
+  </dd>
+    <a href="./policy-csp-admx-externalboot.md#admx-externalboot-portableoperatingsystem_launcher" id="admx-externalboot-portableoperatingsystem_launcher">ADMX_ExternalBoot/PortableOperatingSystem_Launcher</a>
+  </dd>
+<dl>
+
 ### ADMX_FileRecovery policies
 <dl>
   <dd>
diff --git a/windows/client-management/mdm/policy-csp-admx-externalboot.md b/windows/client-management/mdm/policy-csp-admx-externalboot.md
new file mode 100644
index 0000000000..24c4aeecbe
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-externalboot.md
@@ -0,0 +1,274 @@
+---
+title: Policy CSP - ADMX_ExternalBoot
+description: Policy CSP - ADMX_ExternalBoot
+ms.author: dansimp
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.localizationpriority: medium
+ms.date: 09/13/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_ExternalBoot
+
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## Policy CSP - ADMX_ExternalBoot  
+
+<dl>
+  <dd>
+    <a href="#admx-externalboot-portableoperatingsystem_hibernate">ADMX_ExternalBoot/PortableOperatingSystem_Hibernate
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx-externalboot-portableoperatingsystem_sleep">ADMX_ExternalBoot/PortableOperatingSystem_Sleep
+    </a>
+  </dd>
+  <dd>
+    <a href="#admx-externalboot-portableoperatingsystem_launcher">ADMX_ExternalBoot/PortableOperatingSystem_Launcher
+    </a>
+  </dd>
+<dl>
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-externalboot-portableoperatingsystem_hibernate"></a>**ADMX_ExternalBoot/PortableOperatingSystem_Hibernate**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy specifies whether the PC can use the hibernation sleep state (S4) when started from a Windows To Go workspace.  
+
+- If you enable this setting, Windows, when started from a Windows To Go workspace, can hibernate the PC.  
+
+- If you disable or do not configure this setting, Windows, when started from a Windows To Go workspace, and cannot hibernate the PC.
+
+
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP Friendly name: *Allow hibernate (S4) when starting from a Windows To Go workspace*
+-   GP name: *PortableOperatingSystem_Hibernate*
+-   GP path: *Windows Components\Portable Operating System*
+-   GP ADMX file name: *ExternalBoot.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-externalboot-portableoperatingsystem_sleep"></a>**ADMX_ExternalBoot/PortableOperatingSystem_Sleep**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>No</td>
+    <td>No</td>
+<tr>
+    <td>Business</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy specifies whether the PC can use standby sleep states (S1-S3) when starting from a Windows To Go workspace.  
+
+If you enable this setting, Windows, when started from a Windows To Go workspace, cannot use standby states to make the PC sleep.  
+
+If you disable or do not configure this setting, Windows, when started from a Windows To Go workspace, can use standby states to make the PC sleep.
+
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP Friendly name: *Disallow standby sleep states (S1-S3) when starting from a Windows to Go workspace*
+-   GP name: *PortableOperatingSystem_Sleep*
+-   GP path: *Windows Components\Portable Operating System*
+-   GP ADMX file name: *ExternalBoot.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-externalboot-portableoperatingsystem_launcher"></a>**ADMX_ExternalBoot/PortableOperatingSystem_Launcher**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting controls whether the PC will boot to Windows To Go if a USB device containing a Windows To Go workspace is connected, and controls whether users can make changes using the Windows To Go Startup Options Control Panel item.  
+
+- If you enable this setting, booting to Windows To Go when a USB device is connected will be enabled, and users will not be able to make changes using the Windows To Go Startup Options Control Panel item.  
+
+- If you disable this setting, booting to Windows To Go when a USB device is connected will not be enabled unless a user configures the option manually in the BIOS or other boot order configuration.  
+
+If you do not configure this setting, users who are members of the Administrators group can make changes using the Windows To Go Startup Options Control Panel item.
+
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP Friendly name: *Windows To Go Default Startup Options*
+-   GP name: *PortableOperatingSystem_Launcher*
+-   GP path: *Windows Components\Portable Operating System*
+-   GP ADMX file name: *ExternalBoot.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<!--/Policies-->
+
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index 2ac642df0e..e422f23fa5 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -473,6 +473,8 @@ items:
               href: policy-csp-admx-eventviewer.md  
             - name: ADMX_Explorer
               href: policy-csp-admx-explorer.md
+            - name: ADMX_ExternalBoot
+              href: policy-csp-admx-externalboot.md  
             - name: ADMX_FileRecovery
               href: policy-csp-admx-filerecovery.md
             - name: ADMX_FileServerVSSProvider

From c1d782db88c69cfe900e8901718f4fb53728adcb Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Mon, 13 Sep 2021 17:11:18 +0530
Subject: [PATCH 304/671] Updated

---
 .../mdm/policies-in-policy-csp-admx-backed.md |   1 +
 .../policy-configuration-service-provider.md  |   7 ++
 .../mdm/policy-csp-admx-filerevocation.md     | 115 ++++++++++++++++++
 windows/client-management/mdm/toc.yml         |   2 +
 4 files changed, 125 insertions(+)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-filerevocation.md

diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index b39e42b398..903667d7cf 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -289,6 +289,7 @@ ms.date: 10/08/2020
 - [ADMX_FileSys/SymlinkEvaluation](./policy-csp-admx-filesys.md#admx-filesys-symlinkevaluation)
 - [ADMX_FileSys/TxfDeprecatedFunctionality](./policy-csp-admx-filesys.md#admx-filesys-txfdeprecatedfunctionality)
 - [ADMX_FileRecovery/WdiScenarioExecutionPolicy](./policy-csp-admx-filerecovery.md#admx-filerecovery-wdiscenarioexecutionpolicy)
+- [ADMX_FileRevocation/DelegatedPackageFamilyNames](./policy-csp-admx-filerevocation.md#admx-filerevocation-delegatedpackagefamilynames)
 - [ADMX_FolderRedirection/DisableFRAdminPin](./policy-csp-admx-folderredirection.md#admx-folderredirection-disablefradminpin)
 - [ADMX_FolderRedirection/DisableFRAdminPinByFolder](./policy-csp-admx-folderredirection.md#admx-folderredirection-disablefradminpinbyfolder)
 - [ADMX_FolderRedirection/FolderRedirectionEnableCacheRename](./policy-csp-admx-folderredirection.md#admx-folderredirection-folderredirectionenablecacherename)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 109ef13de2..7a6e45b161 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -1119,6 +1119,13 @@ The following diagram shows the Policy configuration service provider in tree fo
   </dd>
 </dl>
 
+### ADMX_FileRevocation policies
+<dl>
+  <dd>
+    <a href="./policy-csp-admx-filerevocation.md#admx-filerevocation-delegatedpackagefamilynames" id="admx-filerevocation-delegatedpackagefamilynames">ADMX_FileRevocation/DelegatedPackageFamilyNames</a>
+  </dd>
+</dl>
+
 ### ADMX_FileServerVSSProvider policies
 <dl>
   <dd>
diff --git a/windows/client-management/mdm/policy-csp-admx-filerevocation.md b/windows/client-management/mdm/policy-csp-admx-filerevocation.md
new file mode 100644
index 0000000000..25d1b34051
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-filerevocation.md
@@ -0,0 +1,115 @@
+---
+title: Policy CSP - ADMX_FileRevocation
+description: Policy CSP - ADMX_FileRevocation
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/13/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_FileRevocation
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+<dl>
+  <dd>
+    <a href="#admx-filerevocation-delegatedpackagefamilynames">ADMX_FileRevocation/DelegatedPackageFamilyNames</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-filerevocation-delegatedpackagefamilynames"></a>**ADMX_FileRevocation/DelegatedPackageFamilyNames**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<!--/Scope-->
+<!--Description-->
+Windows Runtime applications can protect content which has been associated with an enterprise identifier (EID), but can only revoke access to content it protected. To allow an application to revoke access to all content on the device that is protected by a particular enterprise, add an entry to the list on a new line that contains the enterprise identifier, separated by a comma, and the Package Family Name of the application. The EID must be an internet domain belonging to the enterprise in standard international domain name format.   
+Example value: `Contoso.com,ContosoIT.HumanResourcesApp_m5g0r7arhahqy` 
+
+- If you enable this policy setting, the application identified by the Package Family Name will be permitted to revoke access to all content protected using the specified EID on the device.    
+
+- If you disable or do not configure this policy setting, the only Windows Runtime applications that can revoke access to all enterprise-protected content on the device are Windows Mail and the user-selected mailto protocol handler app.  
+
+Any other Windows Runtime application will only be able to revoke access to content it protected.  
+
+> [!NOTE]
+> Information the user should notice even if skimmingFile revocation applies to all content protected under the same second level domain as the provided enterprise identifier. Therefore, revoking an enterprise ID of `mail.contoso.com`will revoke the user’s access to all content protected under the contoso.com hierarchy.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP Friendly name: *Allow Windows Runtime apps to revoke enterprise data.*
+-   GP name: *DelegatedPackageFamilyNames*
+-   GP path: *Windows Components\File Revocation*
+-   GP ADMX file name: *FileRevocation.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+> [!NOTE]
+> These policies are currently only available as part of a Windows Insider release.
+
+<!--/Policies-->
+
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index e422f23fa5..5c510d70b6 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -477,6 +477,8 @@ items:
               href: policy-csp-admx-externalboot.md  
             - name: ADMX_FileRecovery
               href: policy-csp-admx-filerecovery.md
+            - name: ADMX_FileRevocation
+              href: policy-csp-admx-filerevocation.md  
             - name: ADMX_FileServerVSSProvider
               href: policy-csp-admx-fileservervssprovider.md
             - name: ADMX_FileSys

From c0ba4d9e06e79c6273f2cff3b74d351053a860fd Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Mon, 13 Sep 2021 17:14:53 +0530
Subject: [PATCH 305/671] Update policies-in-policy-csp-admx-backed.md

---
 .../client-management/mdm/policies-in-policy-csp-admx-backed.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 903667d7cf..89fe8ce981 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -269,7 +269,7 @@ ms.date: 10/08/2020
 - [ADMX_EventLog/Channel_Log_Retention_4](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-retention-4)
 - [ADMX_EventViewer/EventViewer_RedirectionProgram](./policy-csp-admx-eventviewer.md#admx-eventviewer-eventviewer_redirectionprogram)
 - [ADMX_EventViewer/EventViewer_RedirectionProgramCommandLineParameters](./policy-csp-admx-eventviewer.md#admx-eventviewer-eventviewer_redirectionprogramcommandlineparameters)
-- [ADMX_EventViewer/EventViewer_RedirectionURL](./policy-csp-admx-eventviewer-eventviewer_redirectionurl)
+- [ADMX_EventViewer/EventViewer_RedirectionURL](./policy-csp-admx-eventviewer.md#admx-eventviewer_redirectionurl)
 - [ADMX_Explorer/AdminInfoUrl](./policy-csp-admx-explorer.md#admx-explorer-admininfourl)
 - [ADMX_Explorer/AlwaysShowClassicMenu](./policy-csp-admx-explorer.md#admx-explorer-alwaysshowclassicmenu)
 - [ADMX_Explorer/DisableRoamedProfileInit](./policy-csp-admx-explorer.md#admx-explorer-disableroamedprofileinit)

From cf58d43ebf6cb8b03a658f5e39667bdc270cf2b0 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Mon, 13 Sep 2021 17:19:21 +0530
Subject: [PATCH 306/671] Update policies-in-policy-csp-admx-backed.md

---
 .../client-management/mdm/policies-in-policy-csp-admx-backed.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 89fe8ce981..e88516dcd6 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -269,7 +269,7 @@ ms.date: 10/08/2020
 - [ADMX_EventLog/Channel_Log_Retention_4](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-retention-4)
 - [ADMX_EventViewer/EventViewer_RedirectionProgram](./policy-csp-admx-eventviewer.md#admx-eventviewer-eventviewer_redirectionprogram)
 - [ADMX_EventViewer/EventViewer_RedirectionProgramCommandLineParameters](./policy-csp-admx-eventviewer.md#admx-eventviewer-eventviewer_redirectionprogramcommandlineparameters)
-- [ADMX_EventViewer/EventViewer_RedirectionURL](./policy-csp-admx-eventviewer.md#admx-eventviewer_redirectionurl)
+- [ADMX_EventViewer/EventViewer_RedirectionURL](./policy-csp-admx-eventviewer.md#admx-eventviewer-eventviewer_redirectionurl)
 - [ADMX_Explorer/AdminInfoUrl](./policy-csp-admx-explorer.md#admx-explorer-admininfourl)
 - [ADMX_Explorer/AlwaysShowClassicMenu](./policy-csp-admx-explorer.md#admx-explorer-alwaysshowclassicmenu)
 - [ADMX_Explorer/DisableRoamedProfileInit](./policy-csp-admx-explorer.md#admx-explorer-disableroamedprofileinit)

From 3718f80bc491e5be883ca7081b4e7c959419a340 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Mon, 13 Sep 2021 17:26:05 +0530
Subject: [PATCH 307/671] Update policy-configuration-service-provider.md

---
 .../mdm/policy-configuration-service-provider.md                | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 7a6e45b161..25f972019b 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -1070,7 +1070,7 @@ The following diagram shows the Policy configuration service provider in tree fo
 
 <dl>
   <dd>
-    <a href="./policy-csp-admx-eventviewer.md#admx-eventviewer-eventviewer_eventviewer_redirectionprogram" id="admx-eventviewer-eventviewer_eventviewer_redirectionprogram">ADMX_EventViewer/EventViewer_RedirectionProgram</a>
+    <a href="./policy-csp-admx-eventviewer.md#admx-eventviewer-eventviewer_eventviewer_redirectionprogram" id="admx-eventviewer-eventviewer_redirectionprogram">ADMX_EventViewer/EventViewer_RedirectionProgram</a>
   </dd>
   <dd>
     <a href="./policy-csp-admx-eventviewer.md#admx-eventviewer-eventviewer_redirectionprogramcommandlineparameters" id="admx-eventviewer-eventviewer_redirectionprogramcommandlineparameters">ADMX_EventViewer/EventViewer_RedirectionProgramCommandLineParameters</a>

From 83ad11c27762d9c9a55f2e76ae3f61c36f3bdbc4 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Mon, 13 Sep 2021 17:28:55 +0530
Subject: [PATCH 308/671] Update policy-configuration-service-provider.md

---
 .../mdm/policy-configuration-service-provider.md                | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 25f972019b..094dfa1b2f 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -1070,7 +1070,7 @@ The following diagram shows the Policy configuration service provider in tree fo
 
 <dl>
   <dd>
-    <a href="./policy-csp-admx-eventviewer.md#admx-eventviewer-eventviewer_eventviewer_redirectionprogram" id="admx-eventviewer-eventviewer_redirectionprogram">ADMX_EventViewer/EventViewer_RedirectionProgram</a>
+    <a href="./policy-csp-admx-eventviewer.md#admx-eventviewer-eventviewer_redirectionprogram" id="admx-eventviewer-eventviewer_redirectionprogram">ADMX_EventViewer/EventViewer_RedirectionProgram</a>
   </dd>
   <dd>
     <a href="./policy-csp-admx-eventviewer.md#admx-eventviewer-eventviewer_redirectionprogramcommandlineparameters" id="admx-eventviewer-eventviewer_redirectionprogramcommandlineparameters">ADMX_EventViewer/EventViewer_RedirectionProgramCommandLineParameters</a>

From 4577da4de031f9b95b2df3c2862ac11514cac0fd Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Mon, 13 Sep 2021 18:18:38 +0530
Subject: [PATCH 309/671] Updated

---
 .../mdm/policies-in-policy-csp-admx-backed.md |   4 -
 .../policy-configuration-service-provider.md  |  17 -
 .../mdm/policy-csp-admx-disknvcache.md        | 367 -----------------
 .../mdm/policy-csp-admx-diskquota.md          | 386 ------------------
 windows/client-management/mdm/toc.yml         |   2 -
 5 files changed, 776 deletions(-)
 delete mode 100644 windows/client-management/mdm/policy-csp-admx-disknvcache.md
 delete mode 100644 windows/client-management/mdm/policy-csp-admx-diskquota.md

diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index e88516dcd6..0a24fe8c1b 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -163,10 +163,6 @@ ms.date: 10/08/2020
 - [ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_1](./policy-csp-admx-digitallocker.md#admx-digitallocker-digitalx-diableapplication-titletext-1)
 - [ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_2](./policy-csp-admx-digitallocker.md#admx-digitallocker-digitalx-diableapplication-titletext-2)
 - [ADMX_DistributedLinkTracking/DLT_AllowDomainMode](./policy-csp-admx-distributedlinktracking.md#admx-distributedlinktracking-dlt_allowdomainmode)
-- [ADMX_DiskNVCache/BootResumePolicy](./policy-csp-admx-disknvcache.md#admx-disknvcache-bootresumepolicy)
-- [ADMX_DiskNVCache/CachePowerModePolicy](./policy-csp-admx-disknvcache.md#admx-disknvcache-cachepowermodepolicy)
-- [ADMX_DiskNVCache/FeatureOffPolicy](./policy-csp-admx-disknvcache.md#admx-disknvcache-featureoffpolicy)
-- [ADMX_DiskNVCache/SolidStatePolicy](./policy-csp-admx-disknvcache.md#admx-disknvcache-solidstatepolicy)
 - [ADMX_DnsClient/DNS_AllowFQDNNetBiosQueries](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-allowfqdnnetbiosqueries)
 - [ADMX_DnsClient/DNS_AppendToMultiLabelName](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-appendtomultilabelname)
 - [ADMX_DnsClient/DNS_Domain](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-domain)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 094dfa1b2f..910bfd4f8e 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -705,23 +705,6 @@ The following diagram shows the Policy configuration service provider in tree fo
   </dd>
 </dl>
 
-### ADMX_DiskNVCache policies  
-                                    
-<dl>
-  
-<dd>
-    <a href="./policy-csp-admx-disknvcache-bootresumepolicy.md#admx-disknvcache-bootresumepolicy" id="admx-disknvcache-bootresumepolicy">ADMX_DiskNVCache/BootResumePolicy</a>
-  </dd>
-  <dd>
-    <a href="./policy-csp-admx-disknvcache-cachepowermodepolicy.md#admx-disknvcache-cachepowermodepolicy" id="admx-disknvcache-cachepowermodepolicy">ADMX_DiskNVCache/CachePowerModePolicy</a>
-  </dd>
-  <dd>
-    <a href="./policy-csp-admx-disknvcache-featureoffpolicy.md#admx-disknvcache-featureoffpolicy" id="admx-disknvcache-featureoffpolicy">ADMX_DiskNVCache/FeatureOffPolicy</a>
-  </dd>
-  <dd>
-    <a href="./policy-csp-admx-disknvcache-solidstatepolicy.md#admx-disknvcache-solidstatepolicy" id="admx-disknvcache-solidstatepolicy">ADMX_DiskNVCache/SolidStatePolicy</a>
-  </dd>
-<dl>
 
 ### ADMX_DnsClient policies
 
diff --git a/windows/client-management/mdm/policy-csp-admx-disknvcache.md b/windows/client-management/mdm/policy-csp-admx-disknvcache.md
deleted file mode 100644
index 0535130b2e..0000000000
--- a/windows/client-management/mdm/policy-csp-admx-disknvcache.md
+++ /dev/null
@@ -1,367 +0,0 @@
----
-title: Policy CSP - ADMX_DiskNVCache
-description: Policy CSP - ADMX_DiskNVCache
-ms.author: dansimp
-ms.localizationpriority: medium
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: nimishasatapathy
-ms.date: 09/09/2021
-ms.reviewer: 
-manager: dansimp
----
-
-# Policy CSP - ADMX_DiskNVCache
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
-
-<hr/>
-
-<!--Policies-->
-## ADMX_DiskNVCache policies  
-
-<dl>
-  <dd>
-    <a href="#admx-disknvcache-bootresumepolicy">ADMX_DiskNVCache/BootResumePolicy</a>
-  </dd>
-  <dd>
-    <a href="#admx-disknvcache-cachepowermodepolicy">ADMX_DiskNVCache/CachePowerModePolicy</a>
-  </dd>
-  <dd>
-    <a href="#admx-disknvcache-featureoffpolicy">ADMX_DiskNVCache/FeatureOffPolicy</a>
-  </dd>
-  <dd>
-    <a href="#admx-disknvcache-solidstatepolicy">ADMX_DiskNVCache/SolidStatePolicy</a>
-  </dd>  
-</dl>
-
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-disknvcache-bootresumepolicy"></a>**DiskNVCache/BootResumePolicy**  
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Edition</th>
-    <th>Windows 10</th>
-    <th>Windows 11</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td>No</td>
-    <td>No</td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td>No</td>
-    <td>No</td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td>No</td>
-    <td>No</td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td>Yes</td>
-    <td>Yes</td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td>Yes</td>
-    <td>Yes</td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-This policy setting turns off the boot and resume optimizations for the hybrid hard disks in the system.
-
-- If you enable this policy setting, the system does not use the non-volatile (NV) cache to optimize boot and resume.
-- If you disable this policy setting, the system uses the NV cache to achieve faster boot and resume.
-
-The system determines the data that will be stored in the NV cache to optimize boot and resume.
-The required data is stored in the NV cache during shutdown and hibernate, respectively. 
-This might cause a slight increase in the time taken for shutdown and hibernate.
-If you do not configure this policy setting, the default behavior is observed and the NV cache is used for boot and resume optimizations.  
-
-> [!NOTE]
-> This policy setting is applicable only if the NV cache feature is on.
-
-<!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP Friendly name: *Turn off boot and resume optimizations*
--   GP name: *BootResumePolicy*
--   GP path: *Windows\NvCache!OptimizeBootAndResume*
--   GP ADMX file name: *DiskNVCache.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-disknvcache-cachepowermodepolicy"></a>**ADMX_DiskNVCache/CachePowerModePolicy**  
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Edition</th>
-    <th>Windows 10</th>
-    <th>Windows 11</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td>No</td>
-    <td>No</td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td>No</td>
-    <td>No</td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td>No</td>
-    <td>No</td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td>Yes</td>
-    <td>Yes</td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td>Yes</td>
-    <td>Yes</td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-This policy setting turns off power save mode on the hybrid hard disks in the system.
-
-- If you enable this policy setting, the hard disks are not put into NV cache power save mode and no power savings are achieved. 
-- If you disable this policy setting, the hard disks are put into an NV cache power saving mode. 
-
-In this mode, the system tries to save power by aggressively spinning down the disk.  
-If you do not configure this policy setting, the default behavior is to allow the hybrid hard disks to be in power save mode.
-
-> [!NOTE]
-> This policy setting is applicable only if the NV cache feature is on. 
-
-<!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP Friendly name: *Turn off cache power mode*
--   GP name: *DiskNVCache/CachePowerModePolicy*
--   GP path: *Windows\NvCache!EnablePowerModeState*
--   GP ADMX file name: *DiskNVCache.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-disknvcache-featureoffpolicy"></a>**ADMX_DiskNVCache/FeatureOffPolicy**  
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Edition</th>
-    <th>Windows 10</th>
-    <th>Windows 11</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td>No</td>
-    <td>No</td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td>No</td>
-    <td>No</td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td>No</td>
-    <td>No</td>
-<tr>
-    <td>Enterprise</td>
-    <td>Yes</td>
-    <td>Yes</td>
-<tr>
-    <td>Education</td>
-    <td>Yes</td>
-    <td>Yes</td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Machine
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-This policy setting turns off all support for the non-volatile (NV) cache on all hybrid hard disks in the system.
-
-To check if you have hybrid hard disks in the system, from Device Manager, right-click the disk drive and select Properties.
-
-The NV cache can be used to optimize boot and resume by reading data from the cache while the disks are spinning up. 
-The NV cache can also be used to reduce the power consumption of the system by keeping the disks spun down while satisfying reads and writes from the cache.
-- If you enable this policy setting, the system will not manage the NV cache and will not enable NV cache power saving mode.  
-- If you disable this policy setting, the system will manage the NV cache on the disks if the other policy settings for the NV cache are appropriately configured. 
-
-> [!NOTE]
-> This policy setting will take effect on next boot. If you do not configure this policy setting, the default behavior is to turn on support for the NV cache.
-
-<!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP Friendly name: *Turn off non-volatile cache feature*
--   GP name: *DiskNVCache/FeatureOffPolicy*
--   GP path: *Windows\NvCache!EnableNvCache*
--   GP ADMX file name: *DiskNVCache.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-disknvcache-solidstatepolicy"></a>**ADMX_DiskNVCache/SolidStatePolicy**  
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Edition</th>
-    <th>Windows 10</th>
-    <th>Windows 11</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td>No</td>
-    <td>No</td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td>No</td>
-    <td>No</td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td>No</td>
-    <td>No</td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td>Yes</td>
-    <td>Yes</td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td>Yes</td>
-    <td>Yes</td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-This policy setting turns off the solid state mode for the hybrid hard disks.  
-- If you enable this policy setting, frequently written files such as the file system metadata and registry may not be stored in the NV cache.
-- If you disable this policy setting, the system will store frequently written data into the non-volatile (NV) cache.
-
-This allows the system to exclusively run out of the NV cache and power down the disk for longer periods to save power. 
-
-> [!NOTE]
-> This can cause increased wear of the NV cache. If you do not configure this policy setting, the default behavior of the system is observed and frequently written files will be stored in the NV cache.  
-
-> [!NOTE]
-> This policy setting is applicable only if the NV cache feature is on.	
-
-<!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP Friendly name: *Turn off solid state mode*
--   GP name: *DiskNVCache/SolidStatePolicy*
--   GP path: *Windows\NvCache!EnableSolidStateMode*
--   GP ADMX file name: *DiskNVCache.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-<hr/>
-
-
-<!--/Policies-->
-
diff --git a/windows/client-management/mdm/policy-csp-admx-diskquota.md b/windows/client-management/mdm/policy-csp-admx-diskquota.md
deleted file mode 100644
index b9a51a2def..0000000000
--- a/windows/client-management/mdm/policy-csp-admx-diskquota.md
+++ /dev/null
@@ -1,386 +0,0 @@
----
-title: Policy CSP - ADMX_DiskQuota
-description: Policy CSP - ADMX_DiskQuota
-ms.author: dansimp
-ms.localizationpriority: medium
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: nimishasatapathy
-ms.date: 09/12/2021
-ms.reviewer: 
-manager: dansimp
----
-
-# Policy CSP - ADMX_DiskQuota
-
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
-
-<hr/>
-
-<!--Policies-->
-## ADMX_DiskQuota policies  
-
-<dl>
-  <dd>
-    <a href="#admx-diskquota-dq_removablemedia">ADMX_DiskQuota/DQ_RemovableMedia</a>
-  </dd>
-  <dd>
-    <a href="#admx-diskquota-dq_enable">ADMX_DiskQuota/DQ_Enable</a>
-  </dd>
-  <dd>
-    <a href="#admx-diskquota-dq_enforce">ADMX_DiskQuota/DQ_Enforce</a>
-  </dd>
-  <dd>
-    <a href="#admx-diskquota-dq_logeventoverlimit">ADMX_DiskQuota/DQ_LogEventOverLimit</a>
-  </dd>
-  <dd>
-    <a href="#admx-diskquota-dq_logeventoverthreshold">ADMX_DiskQuota/DQ_LogEventOverThreshold</a>
-  </dd>
-  <dd>
-    <a href="#admx-diskquota-dq_limit">ADMX_DiskQuota/DQ_Limit</a>
-  </dd>
-</dl>
-
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-diskquota-dq_removablemedia"></a>**ADMX_diskquota/DQ_RemovableMedia**  
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Edition</th>
-    <th>Windows 10</th>
-    <th>Windows 11</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td>No</td>
-    <td>No</td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td>No</td>
-    <td>No</td>
-<tr>
-    <td>Business</td>
-    <td>No</td>
-    <td>No</td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td>Yes</td>
-    <td>Yes</td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td>Yes</td>
-    <td>Yes</td>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-This policy setting extends the disk quota policies in this folder to NTFS file system volumes on removable media.  
-
-If you disable or do not configure this policy setting, the disk quota policies established in this folder apply to fixed-media NTFS volumes only. 
-
-> [!NOTE]
-> When this policy setting is applied, the computer will apply the disk quota to both fixed and removable media.
-
-<!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP Friendly name: *Apply policy to removable media*
--   GP name: *DQ_RemovableMedia*
--   GP path: *System\Disk Quotas*
--   GP ADMX file name: *DiskQuota.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-<hr/>
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-diskquota-dq_enable"></a>**ADMX_DiskQuota/DQ_Enable**  
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Edition</th>
-    <th>Windows 10</th>
-    <th>Windows 11</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td>No</td>
-    <td>No</td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td>No</td>
-    <td>No</td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td>No</td>
-    <td>No</td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td>Yes</td>
-    <td>Yes</td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td>Yes</td>
-    <td>Yes</td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-This policy setting turns on and turns off disk quota management on all NTFS volumes of the computer, and prevents users from changing the setting.  
-
-- If you enable this policy setting, disk quota management is turned on, and users cannot turn it off.  
-
-- If you disable the policy setting, disk quota management is turned off, and users cannot turn it on.  
-
-If this policy setting is not configured, disk quota management is turned off by default, but administrators can turn it on.  
-
-To prevent users from changing the setting while a setting is in effect, the system disables the "Enable quota management" option on the Quota tab of NTFS volumes.  
-
-> [!NOTE]
-> This policy setting turns on disk quota management but does not establish or enforce a particular disk quota limit. 
-
-To specify a disk quota limit, use the "Default quota limit and warning level" policy setting. Otherwise, the system uses the physical space on the volume as the quota limit.  
-
-> [!NOTE]
-> To turn on or turn off disk quota management without specifying a setting, in My Computer, right-click the name of an NTFS volume, click **Properties**, click the **Quota** tab, and then click **Enable quota management**.
-
-<!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP Friendly name: *Enable disk quotas*
--   GP name: *DQ_Enable*
--   GP path: *Windows NT\DiskQuota!Enable*
--   GP ADMX file name: *DiskQuota.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-<hr/>
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-diskquota-dq_enforce"></a>**ADMX_DiskQuota/DQ_Enforce**  
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Edition</th>
-    <th>Windows 10</th>
-    <th>Windows 11</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td>No</td>
-    <td>No</td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td>No</td>
-    <td>No</td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td>No</td>
-    <td>No</td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td>Yes</td>
-    <td>Yes</td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td>Yes</td>
-    <td>Yes</td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-This policy setting specifies the default disk quota limit and warning level for new users of the volume.  
-
-This policy setting determines how much disk space can be used by each user on each of the NTFS file system volumes on a computer. 
-It also specifies the warning level, the point at which the user's status in the Quota Entries window changes to indicate that the user is approaching the disk quota limit. 
-
-This setting overrides new users’ settings for the disk quota limit and warning level on their volumes, and it disables the corresponding options in the "Select the default quota limit for new users of this volume" section on the Quota tab. 
-
-This policy setting applies to all new users as soon as they write to the volume. It does not affect disk quota limits for current users, or affect customized limits and warning levels set for particular users (on the Quota tab in Volume Properties).  
-
-If you disable or do not configure this policy setting, the disk space available to users is not limited. The disk quota management feature uses the physical space on each volume as its quota limit and warning level. When you select a limit, remember that the same limit applies to all users on all volumes, regardless of actual volume size. Ensure to set the limit and warning level so that it is reasonable for the range of volumes in the group. 
- 
-This policy setting is effective only when disk quota management is enabled on the volume. Also, if disk quotas are not enforced, users can exceed the quota limit you set. When users reach the quota limit, their status in the Quota Entries window changes, but users can continue to write to the volume.
-
-<!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP Friendly name: *Specify default quota limit and warning level*
--   GP name: *DQ_Enforce*
--   GP path: *Windows NT\DiskQuota!Limit*
--   GP ADMX file name: *DiskQuota.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-<hr/>
-
-<hr/>
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="admx-diskquota-dq_enforce"></a>**ADMX_DiskQuota/DQ_Enforce**  
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Edition</th>
-    <th>Windows 10</th>
-    <th>Windows 11</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td>No</td>
-    <td>No</td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td>No</td>
-    <td>No</td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td>No</td>
-    <td>No</td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td>Yes</td>
-    <td>Yes</td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td>Yes</td>
-    <td>Yes</td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-This policy setting specifies the default disk quota limit and warning level for new users of the volume.  
-
-This policy setting determines how much disk space can be used by each user on each of the NTFS file system volumes on a computer. 
-It also specifies the warning level, the point at which the user's status in the Quota Entries window changes to indicate that the user is approaching the disk quota limit. 
-
-This setting overrides new users’ settings for the disk quota limit and warning level on their volumes, and it disables the corresponding options in the "Select the default quota limit for new users of this volume" section on the Quota tab. 
-
-This policy setting applies to all new users as soon as they write to the volume. It does not affect disk quota limits for current users, or affect customized limits and warning levels set for particular users (on the Quota tab in Volume Properties).  
-
-If you disable or do not configure this policy setting, the disk space available to users is not limited. The disk quota management feature uses the physical space on each volume as its quota limit and warning level. When you select a limit, remember that the same limit applies to all users on all volumes, regardless of actual volume size. Ensure to set the limit and warning level so that it is reasonable for the range of volumes in the group. 
- 
-This policy setting is effective only when disk quota management is enabled on the volume. Also, if disk quotas are not enforced, users can exceed the quota limit you set. When users reach the quota limit, their status in the Quota Entries window changes, but users can continue to write to the volume.
-
-<!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP Friendly name: *Specify default quota limit and warning level*
--   GP name: *DQ_LogEventOverLimit*
--   GP path: *Windows NT\DiskQuota!Limit*
--   GP ADMX file name: *DiskQuota.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-<hr/>
-
-
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
-
-<!--/Policies-->
\ No newline at end of file
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index 5c510d70b6..f9f9d0b8a7 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -449,8 +449,6 @@ items:
               href: policy-csp-admx-digitallocker.md
             - name: ADMX_DistributedLinkTracking
               href: policy-csp-admx-distributedlinktracking.md
-            - name: ADMX_DiskNVCache
-              href: policy-csp-admx-disknvcache.md
             - name: ADMX_DnsClient
               href: policy-csp-admx-dnsclient.md
             - name: ADMX_DWM

From 929d168ce509613966e31bf727b2b9abbae593f4 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 13 Sep 2021 07:35:04 -0700
Subject: [PATCH 310/671] Update
 windows/security/threat-protection/intelligence/virus-initiative-criteria.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../threat-protection/intelligence/virus-initiative-criteria.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/intelligence/virus-initiative-criteria.md b/windows/security/threat-protection/intelligence/virus-initiative-criteria.md
index 360a4bde38..844c34033a 100644
--- a/windows/security/threat-protection/intelligence/virus-initiative-criteria.md
+++ b/windows/security/threat-protection/intelligence/virus-initiative-criteria.md
@@ -18,7 +18,7 @@ ms.technology: mde
 
 # Microsoft Virus Initiative
 
-The Microsoft Virus Initiative (MVI) helps organizations develop better-together security solutions that are performant, reliable, and aligned with Microsoft technology & strategy.
+The Microsoft Virus Initiative (MVI) helps organizations develop better-together security solutions that are performant, reliable, and aligned with Microsoft technology and strategy.
 
 ## Become a member
 

From 24ccda538c6f7d704e4aaabf2e1e9d865db2f4b6 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 13 Sep 2021 07:41:28 -0700
Subject: [PATCH 311/671] Update event-4776.md

---
 .../threat-protection/auditing/event-4776.md  | 28 +++++++++----------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/windows/security/threat-protection/auditing/event-4776.md b/windows/security/threat-protection/auditing/event-4776.md
index 3249451c6f..8b9727aaa0 100644
--- a/windows/security/threat-protection/auditing/event-4776.md
+++ b/windows/security/threat-protection/auditing/event-4776.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/13/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -125,14 +125,14 @@ This event does *not* generate when a domain account logs on locally to a domain
 
 For 4776(S, F): The computer attempted to validate the credentials for an account.
 
-| **Type of monitoring required**                                                                                                                                                                                                                                                                                   | **Recommendation**                                                                                                                                                                                                                                                                                                                |
-|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| **High-value accounts**: You might have high-value domain or local accounts for which you need to monitor each action.<br>Examples of high-value accounts are database administrators, built-in local administrator account, domain administrators, service accounts, domain controller accounts and so on. | Monitor this event with the **“Logon Account”** that corresponds to the high-value account or accounts.                                                                                                                                                                                                                           |
+| **Type of monitoring required**     | **Recommendation**          |
+|-----------------|---------|
+| **High-value accounts**: You might have high-value domain or local accounts for which you need to monitor each action.<br>Examples of high-value accounts are database administrators, built-in local administrator account, domain administrators, service accounts, domain controller accounts and so on. | Monitor this event with the **“Logon Account”** that corresponds to the high-value account or accounts.        |
 | **Anomalies or malicious actions**: You might have specific requirements for detecting anomalies or monitoring potential malicious actions. For example, you might need to monitor for use of an account outside of working hours.                                                                                | When you monitor for anomalies or malicious actions, use the **“Logon Account”** value (with other information) to monitor how or when a particular account is being used.<br>To monitor activity of specific user accounts outside of working hours, monitor the appropriate **Logon Account + Source Workstation** pairs. |
-| **Non-active accounts**: You might have non-active, disabled, or guest accounts, or other accounts that should never be used.                                                                                                                                                                                     | Monitor this event with the **“Logon Account”** that should never be used.                                                                                                                                                                                                                                                        |
-| **Account allow list**: You might have a specific allow list of accounts that are the only ones allowed to perform actions corresponding to particular events.                                                                                                                                                      | If this event corresponds to a “allow list-only” action, review the **“Logon Account”** for accounts that are outside the allow list.                                                                                                                                                                                               |
-| **Restricted-use computers**: You might have certain computers from which certain people (accounts) should not log on.                                                                                                                                                                                            | Monitor the target **Source Workstation** for credential validation requests from the **“Logon Account”** that you are concerned about.                                                                                                                                                                                           |
-| **Account naming conventions**: Your organization might have specific naming conventions for account names.                                                                                                                                                                                                       | Monitor “**Logon Account”** for names that don’t comply with naming conventions.                                                                                                                                                                                                                                                  |
+| **Non-active accounts**: You might have non-active, disabled, or guest accounts, or other accounts that should never be used. | Monitor this event with the **“Logon Account”** that should never be used.   |
+| **Account allow list**: You might have a specific allow list of accounts that are the only ones allowed to perform actions corresponding to particular events.   | If this event corresponds to a “allow list-only” action, review the **“Logon Account”** for accounts that are outside the allow list.     |
+| **Restricted-use computers**: You might have certain computers from which certain people (accounts) should not log on.   | Monitor the target **Source Workstation** for credential validation requests from the **“Logon Account”** that you are concerned about.  |
+| **Account naming conventions**: Your organization might have specific naming conventions for account names.  | Monitor “**Logon Account”** for names that don’t comply with naming conventions. |
 
 -   If NTLM authentication should not be used for a specific account, monitor for that account. Don’t forget that local logon will always use NTLM authentication if an account logs on to a device where its user account is stored.
 
@@ -142,12 +142,12 @@ For 4776(S, F): The computer attempted to validate the credentials for an accoun
 
 -   Consider tracking the following errors for the reasons listed:
 
-| **Error to track**                                  | **What the error might indicate**                                                                                                                   |
-|-----------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------|
+| **Error to track**  | **What the error might indicate**   |
+|----------|----------------|
 | **User logon with misspelled or bad user account**  | For example, N events in the last N minutes can be an indicator of an account enumeration attack, especially relevant for highly critical accounts. |
 | **User logon with misspelled or bad password**      | For example, N events in the last N minutes can be an indicator of a brute-force password attack, especially relevant for highly critical accounts. |
-| **User logon outside authorized hours**             | Can indicate a compromised account; especially relevant for highly critical accounts.                                                               |
-| **User logon from unauthorized workstation**        | Can indicate a compromised account; especially relevant for highly critical accounts.                                                               |
+| **User logon outside authorized hours**             | Can indicate a compromised account; especially relevant for highly critical accounts.  |
+| **User logon from unauthorized workstation**        | Can indicate a compromised account; especially relevant for highly critical accounts.    |
 | **User logon to account disabled by administrator** | For example, N events in last N minutes can be an indicator of an account compromise attempt, especially relevant for highly critical accounts.     |
-| **User logon with expired account**                 | Can indicate an account compromise attempt; especially relevant for highly critical accounts.                                                       |
-| **User logon with account locked**                  | Can indicate a brute-force password attack; especially relevant for highly critical accounts.                                                       |
+| **User logon with expired account**                 | Can indicate an account compromise attempt; especially relevant for highly critical accounts.   |
+| **User logon with account locked**                  | Can indicate a brute-force password attack; especially relevant for highly critical accounts.  |

From 6d758546f4242526ead4bb73b4c5955b52bdf2de Mon Sep 17 00:00:00 2001
From: Diana Hanson <v-dihans@microsoft.com>
Date: Mon, 13 Sep 2021 10:07:47 -0600
Subject: [PATCH 312/671] Update
 windows/client-management/mdm/policy-csp-admx-filerevocation.md

---
 windows/client-management/mdm/policy-csp-admx-filerevocation.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-admx-filerevocation.md b/windows/client-management/mdm/policy-csp-admx-filerevocation.md
index 25d1b34051..a36aca27de 100644
--- a/windows/client-management/mdm/policy-csp-admx-filerevocation.md
+++ b/windows/client-management/mdm/policy-csp-admx-filerevocation.md
@@ -87,7 +87,7 @@ Example value: `Contoso.com,ContosoIT.HumanResourcesApp_m5g0r7arhahqy`
 Any other Windows Runtime application will only be able to revoke access to content it protected.  
 
 > [!NOTE]
-> Information the user should notice even if skimmingFile revocation applies to all content protected under the same second level domain as the provided enterprise identifier. Therefore, revoking an enterprise ID of `mail.contoso.com`will revoke the user’s access to all content protected under the contoso.com hierarchy.
+> Information the user should notice even if skimmingFile revocation applies to all content protected under the same second level domain as the provided enterprise identifier. Therefore, revoking an enterprise ID of `mail.contoso.com` will revoke the user’s access to all content protected under the contoso.com hierarchy.
 
 <!--/Description-->
 > [!TIP]

From d164f0e48c961288671bf254d786b6cfb656f729 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 13 Sep 2021 09:08:19 -0700
Subject: [PATCH 313/671] Update wdsc-customize-contact-information.md

---
 .../wdsc-customize-contact-information.md                   | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md
index 969d80c8bf..a34c0c2bce 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: dansimp
 ms.author: dansimp
-ms.date: 04/30/2018
+ms.date: 09/13/2021
 ms.reviewer: 
 manager: dansimp
 ms.technology: mde
@@ -36,8 +36,6 @@ You can add information about your organization in a contact card to the Windows
 
 This information will also be shown in some enterprise-specific notifications (including notifications for the [Block at first sight feature](/windows/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus), and [potentially unwanted applications](/windows/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus)).
 
-![A security center notification.](images/security-center-custom-notif.png)
-
 Users can select the displayed information to initiate a support request:
 
 - Select **Call** or the phone number to open Skype to start a call to the displayed number.
@@ -76,4 +74,4 @@ This can only be done in Group Policy.
 7. Select **OK** after you configure each setting to save your changes.
 
 >[!IMPORTANT]
->You must specify the contact company name and at least one contact method - email, phone number, or website URL. If you do not specify the contact name and a contact method the customization will not apply, the contact card will not show, and notifications will not be customized.
\ No newline at end of file
+>You must specify the contact company name and at least one contact method - email, phone number, or website URL. If you do not specify the contact name and a contact method the customization will not apply, the contact card will not show, and notifications will not be customized.

From 0ecf4835cb88fb05b94407c14da632142a7ce443 Mon Sep 17 00:00:00 2001
From: Diana Hanson <v-dihans@microsoft.com>
Date: Mon, 13 Sep 2021 10:33:18 -0600
Subject: [PATCH 315/671] fix acro spelling

Sync PR: https://github.com/MicrosoftDocs/windows-docs-pr/pull/5631
---
 .../wdsc-customize-contact-information.md                       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md
index a34c0c2bce..33a2c7d531 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md
@@ -58,7 +58,7 @@ This can only be done in Group Policy.
 
 3. Expand the tree to **Windows components > Windows Security > Enterprise Customization**.
 
-4. Enable the contact card and the customized notifications by configuring two separate Group Policy settings. They will both use the same source of information (explained in Steps 5 and 6). You can enable both, or slect one or the other:
+4. Enable the contact card and the customized notifications by configuring two separate Group Policy settings. They will both use the same source of information (explained in Steps 5 and 6). You can enable both, or select one or the other:
 
     1. To enable the contact card, open the **Configure customized contact information** setting and set it to **Enabled**. Click **OK**.
 

From 2ebaf7559022359f82af54fe22ec781f515f9a58 Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Mon, 13 Sep 2021 15:03:16 -0400
Subject: [PATCH 316/671] fixed blocking issues

---
 .openpublishing.redirection.json                |   5 +++++
 windows/configuration/TOC.yml                   |  16 ++++++++--------
 ...> customize-start-menu-layout-windows-11.md} |   6 +++---
 ...admin-center-custom-oma-uri-start-layout.png | Bin
 .../start-menu-layout.png                       | Bin
 .../supported-csp-start-menu-layout-windows.md  |   4 ++--
 6 files changed, 18 insertions(+), 13 deletions(-)
 rename windows/configuration/{customize-the-start-menu-layout-on-windows-11.md => customize-start-menu-layout-windows-11.md} (95%)
 rename windows/configuration/images/{customize-the-start-menu-layout-on-windows-11 => customize-start-menu-layout-windows-11}/endpoint-manager-admin-center-custom-oma-uri-start-layout.png (100%)
 rename windows/configuration/images/{customize-the-start-menu-layout-on-windows-11 => customize-start-menu-layout-windows-11}/start-menu-layout.png (100%)

diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 8b2d2e8dff..fc68ba7fb1 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -1,5 +1,10 @@
 {
   "redirections": [
+    {
+      "source_path": "windows/configuration/customize-the-start-menu-layout-on-windows-11.md",
+      "redirect_url": "/windows/configuration/customize-start-menu-layout-windows-11",
+      "redirect_document_id": false  
+    },
     {
       "source_path": "windows/application-management/msix-app-packaging-tool.md",
       "redirect_url": "/windows/application-management/apps-in-windows-10",
diff --git a/windows/configuration/TOC.yml b/windows/configuration/TOC.yml
index dd7ec29388..90c2e725ed 100644
--- a/windows/configuration/TOC.yml
+++ b/windows/configuration/TOC.yml
@@ -5,7 +5,7 @@
     - name: Windows 11
       items:
         - name: Start menu layout
-          href: customize-the-start-menu-layout-on-windows-11.md
+          href: customize-start-menu-layout-windows-11.md
         - name: Supported Start menu CSPs
           href: supported-csp-start-menu-layout-windows.md
     - name: Windows 10 Start and taskbar
@@ -64,7 +64,7 @@
       href: set-up-shared-or-guest-pc.md
     - name: Set up a kiosk on Windows 10 Mobile 
       href: mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition.md 
-    - name: Additional kiosk reference information
+    - name: Kiosk reference information
       items:
         - name: More kiosk methods and reference information
           href: kiosk-additional-reference.md
@@ -129,7 +129,7 @@
           href: cortana-at-work/cortana-at-work-testing-scenarios.md
         - name: Test scenario 1 - Sign into Azure AD, enable the wake word, and try a voice query
           href: cortana-at-work/cortana-at-work-scenario-1.md
-        - name: Test scenario 2 - Perform a Bing search with Cortana
+        - name: Test scenario 2 - Run a Bing search with Cortana
           href: cortana-at-work/cortana-at-work-scenario-2.md
         - name: Test scenario 3 - Set a reminder
           href: cortana-at-work/cortana-at-work-scenario-3.md
@@ -137,9 +137,9 @@
           href: cortana-at-work/cortana-at-work-scenario-4.md
         - name: Test scenario 5 - Find out about a person
           href: cortana-at-work/cortana-at-work-scenario-5.md
-        - name: Test scenario 6 - Change your language and perform a quick search with Cortana
+        - name: Test scenario 6 - Change your language and run a quick search with Cortana
           href: cortana-at-work/cortana-at-work-scenario-6.md
-    - name: Send feedback about Cortana back to Microsoftr
+    - name: Send feedback about Cortana back to Microsoft
       href: cortana-at-work/cortana-at-work-feedback.md
     - name: Testing scenarios using Cortana in Windows 10, versions 1909 and earlier, with Microsoft 365 in your organization
       items:
@@ -149,13 +149,13 @@
           href: cortana-at-work/testing-scenarios-using-cortana-in-business-org.md
         - name: Test scenario 1 - Sign into Azure AD, enable the wake word, and try a voice query
           href: cortana-at-work/test-scenario-1.md
-        - name: Test scenario 2 - Perform a quick search with Cortana at work
+        - name: Test scenario 2 - Run a quick search with Cortana at work
           href: cortana-at-work/test-scenario-2.md
         - name: Test scenario 3 - Set a reminder for a specific location using Cortana at work
           href: cortana-at-work/test-scenario-3.md
         - name: Test scenario 4 - Use Cortana at work to find your upcoming meetings
           href: cortana-at-work/test-scenario-4.md
-        - name: Test scenario 5 - Use Cortana to send email to a co-worker
+        - name: Test scenario 5 - Use Cortana to send email to a coworker
           href: cortana-at-work/test-scenario-5.md
         - name: Test scenario 6 - Review a reminder suggested by Cortana based on what you’ve promised in email
           href: cortana-at-work/test-scenario-6.md
@@ -341,7 +341,7 @@
               href: ue-v/uev-deploy-uev-for-custom-applications.md
         - name: Administer UE-V
           items:
-            - name: UE-V administion guide
+            - name: UE-V administration guide
               href: ue-v/uev-administering-uev.md
             - name: Manage Configurations for UE-V
               items:
diff --git a/windows/configuration/customize-the-start-menu-layout-on-windows-11.md b/windows/configuration/customize-start-menu-layout-windows-11.md
similarity index 95%
rename from windows/configuration/customize-the-start-menu-layout-on-windows-11.md
rename to windows/configuration/customize-start-menu-layout-windows-11.md
index 254d50005b..ab20b9ad4f 100644
--- a/windows/configuration/customize-the-start-menu-layout-on-windows-11.md
+++ b/windows/configuration/customize-start-menu-layout-windows-11.md
@@ -10,7 +10,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mobile
 author: MandiOhlinger
-ms.date: 09/09/2021
+ms.date: 09/13/2021
 ms.localizationpriority: medium
 ---
 
@@ -46,7 +46,7 @@ This article shows you how to export an existing Start menu layout, and use the
 
 In Windows 11, the Start menu is redesigned with a simplified set of apps that are arranged in a grid of pages. There aren't folders, groups, or different-sized app icons:
 
-:::image type="content" source="./images/customize-the-start-menu-layout-on-windows-11/start-menu-layout.png" alt-text="Sample start menu layout on Windows 11 devices that shows pinned apps, access to all apps, and shows recommended files.":::
+:::image type="content" source="./images/customize-start-menu-layout-windows-11/start-menu-layout.png" alt-text="Sample start menu layout on Windows 11 devices that shows pinned apps, access to all apps, and shows recommended files.":::
 
 Start has the following areas:
 
@@ -154,7 +154,7 @@ To deploy this policy in Microsoft Intune, the devices must be enrolled in Micro
 
     Your settings look similar to the following settings:
 
-    :::image type="content" source="./images/customize-the-start-menu-layout-on-windows-11/endpoint-manager-admin-center-custom-oma-uri-start-layout.png" alt-text="Custom OMA-URI settings to customize Start menu layout using pinnedList":::
+    :::image type="content" source="./images/customize-start-menu-layout-windows-11/endpoint-manager-admin-center-custom-oma-uri-start-layout.png" alt-text="Custom OMA-URI settings to customize Start menu layout using pinnedList":::
 
 8. Select **Save** > **Next** to save your changes.
 9. Configure the rest of the policy settings. For more specific information, see [Create a profile with custom settings in Intune](/mem/intune/configuration/custom-settings-configure).
diff --git a/windows/configuration/images/customize-the-start-menu-layout-on-windows-11/endpoint-manager-admin-center-custom-oma-uri-start-layout.png b/windows/configuration/images/customize-start-menu-layout-windows-11/endpoint-manager-admin-center-custom-oma-uri-start-layout.png
similarity index 100%
rename from windows/configuration/images/customize-the-start-menu-layout-on-windows-11/endpoint-manager-admin-center-custom-oma-uri-start-layout.png
rename to windows/configuration/images/customize-start-menu-layout-windows-11/endpoint-manager-admin-center-custom-oma-uri-start-layout.png
diff --git a/windows/configuration/images/customize-the-start-menu-layout-on-windows-11/start-menu-layout.png b/windows/configuration/images/customize-start-menu-layout-windows-11/start-menu-layout.png
similarity index 100%
rename from windows/configuration/images/customize-the-start-menu-layout-on-windows-11/start-menu-layout.png
rename to windows/configuration/images/customize-start-menu-layout-windows-11/start-menu-layout.png
diff --git a/windows/configuration/supported-csp-start-menu-layout-windows.md b/windows/configuration/supported-csp-start-menu-layout-windows.md
index 9a2216a0c5..d26c7b384d 100644
--- a/windows/configuration/supported-csp-start-menu-layout-windows.md
+++ b/windows/configuration/supported-csp-start-menu-layout-windows.md
@@ -10,7 +10,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mobile
 author: MandiOhlinger
-ms.date: 09/09/2021
+ms.date: 09/13/2021
 ms.localizationpriority: medium
 ---
 
@@ -24,7 +24,7 @@ The Windows OS exposes CSPs that are used by MDM providers, like [Microsoft Endp
 
 This article lists the CSPs that are available to customize the Start menu for Windows 11 devices. Windows 11 uses the [Policy CSP - Start](/windows/client-management/mdm/policy-csp-start). For more general information, see [Configuration service provider (CSP) reference](/windows/client-management/mdm/configuration-service-provider-reference).
 
-For information on customizing the Start menu layout using policy, see [Customize the Start menu layout on Windows 11](customize-the-start-menu-layout-on-windows-11.md).
+For information on customizing the Start menu layout using policy, see [Customize the Start menu layout on Windows 11](customize-start-menu-layout-windows-11.md).
 
 ## Existing Windows CSP policies that Windows 11 supports
 

From 5a4970ecca38d013c176fd6d135cbef365ae91ad Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Mon, 13 Sep 2021 13:56:38 -0700
Subject: [PATCH 317/671] Update TOC.yml

---
 windows/security/TOC.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 2ef62a440f..a3470a1c0f 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -228,7 +228,7 @@
 - name: Cloud services
   href: cloud.md
   items:
-    - name: MDM and Windows 11
+    - name: Modern device management with Windows 11
       href: mdm-windows.md
 - name: User protection
   items:

From 0724a68bec65409a5d2a1653a16ef5abe5e68789 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Mon, 13 Sep 2021 13:57:31 -0700
Subject: [PATCH 318/671] Update TOC.yml

---
 windows/security/TOC.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index a3470a1c0f..5bfdf80bd2 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -204,6 +204,7 @@
      - name: Windows Defender Firewall
        href: threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
    - name: Virus & threat protection
+     href: threat-protection/index.md
      items: 
      - name: Microsoft Defender Antivirus
        href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows

From 35db7b8a2b27e85d113321379171537609f2544c Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Mon, 13 Sep 2021 14:12:29 -0700
Subject: [PATCH 319/671] Update TOC.yml

---
 windows/security/TOC.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 5bfdf80bd2..05b9de9c14 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -231,6 +231,16 @@
   items:
     - name: Modern device management with Windows 11
       href: mdm-windows.md
+    - name: Windows 11 secured-core devices (need link)
+      href: https://docs.microsoft.com/windows/whats-new/windows-11
+    - name: Windows 365 Cloud PCs (need link)
+      href: https://docs.microsoft.com/windows/whats-new/windows-11
+    - name: Windows 365 for Enterprise (need link)
+      href: https://docs.microsoft.com/windows/whats-new/windows-11
+    - name: Windows 365 for Business (need link)
+      href: https://docs.microsoft.com/windows/whats-new/windows-11
+    - name: Azure Virtual Desktop (need link)
+      href: https://docs.microsoft.com/windows/whats-new/windows-11
 - name: User protection
   items:
     - name: Technical support policy for lost or forgotten passwords

From 103916b96d52904c6cb6781098470008890c1ba0 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Mon, 13 Sep 2021 14:12:53 -0700
Subject: [PATCH 320/671] Update index.yml

---
 windows/security/index.yml | 21 +--------------------
 1 file changed, 1 insertion(+), 20 deletions(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 09d23443f6..5b1feb7f15 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -11,7 +11,7 @@ metadata:
   ms.collection: m365-security-compliance
   author: dansimp #Required; your GitHub user alias, with correct capitalization.
   ms.author: dansimp #Required; microsoft alias of author; optional team alias.
-  ms.date: 09/07/2021
+  ms.date: 09/13/2021
   localization_priority: Priority
     
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
@@ -85,25 +85,6 @@ landingContent:
         - text: Family safety
           url: threat-protection/windows-defender-security-center/wdsc-family-options.md
 
-# Cards and links should be based on top customer tasks or top subjects
-# Start card title with a verb
-  # Card (optional)
-  - title: Secured-core and cloud devices
-    linkLists:
-      - linkListType: overview
-        links:
-        - text: Windows 11 secured-core devices (change link later)
-          url: https://docs.microsoft.com/windows/whats-new/windows-11
-        - text: Windows 365 Cloud PCs (change link later)
-          url: https://docs.microsoft.com/windows/whats-new/windows-11
-        - text: Windows 365 for Business (change link later)
-          url: https://docs.microsoft.com/windows/whats-new/windows-11
-        - text: Windows 365 for Enterprise (change link later)
-          url: https://docs.microsoft.com/windows/whats-new/windows-11
-        - text: Azure Virtual Desktop (change link later)
-          url: https://docs.microsoft.com/windows/whats-new/windows-11
-
-          
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)

From ef05e5292fb183a219471c1d11d235ef77250a3a Mon Sep 17 00:00:00 2001
From: Rick Munck <33725928+jmunck@users.noreply.github.com>
Date: Mon, 13 Sep 2021 18:48:13 -0500
Subject: [PATCH 321/671] Update security-compliance-toolkit-10.md

Updated to version 93
---
 .../threat-protection/security-compliance-toolkit-10.md         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/security-compliance-toolkit-10.md b/windows/security/threat-protection/security-compliance-toolkit-10.md
index 3fe631aa97..164d2ee773 100644
--- a/windows/security/threat-protection/security-compliance-toolkit-10.md
+++ b/windows/security/threat-protection/security-compliance-toolkit-10.md
@@ -46,7 +46,7 @@ The Security Compliance Toolkit consists of:
     - Microsoft 365 Apps for enterprise, Version 2104
 
 - Microsoft Edge security baseline
-    - Version 92
+    - Version 93
     
 - Windows Update security baseline
     - Windows 10 20H2 and below (October 2020 Update)

From 028a0ca21def6ffa3b1ac56e8fec4a8d10f4e29b Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Mon, 13 Sep 2021 20:50:48 -0400
Subject: [PATCH 322/671] adding Intune PM changes

---
 ...ate-store-mdm-company-portal-windows-11.md | 46 ++-----------------
 1 file changed, 3 insertions(+), 43 deletions(-)

diff --git a/windows/application-management/private-store-mdm-company-portal-windows-11.md b/windows/application-management/private-store-mdm-company-portal-windows-11.md
index 806b6b9c94..2f1a61682d 100644
--- a/windows/application-management/private-store-mdm-company-portal-windows-11.md
+++ b/windows/application-management/private-store-mdm-company-portal-windows-11.md
@@ -10,7 +10,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mobile
 author: MandiOhlinger
-ms.date: 09/09/2021
+ms.date: 09/13/2021
 ms.localizationpriority: medium
 ---
 
@@ -24,14 +24,6 @@ Starting with Windows 11, how administrators deploy apps to devices is updated.
 
 Instead of a private store in the Microsoft Store app, you install the Company Portal app on devices. The Company Portal app replaces the private store in Microsoft Store for Business. When the Company Portal app is installed, users open it, and see the apps your organization makes available. They select an app, and install it.
 
-The Company Portal app has many benefits, including:
-
-- On existing devices, users can enroll their devices, and be managed by your organization. When they enroll, they get access to organization resources, including apps.
-- Users can browse and install approved organization apps that you add.
-- You can personalize the Company Portal app by adding help desk details, and other information from your IT department.
-- Users can see all their enrolled devices, and see the device information.
-- Users can reset their devices, which is helpful if their device is lost or stolen.
-
 This article discusses the Company Portal app installation options, adding organization apps, and more.
 
 ## Before you begin
@@ -57,6 +49,8 @@ To install the Company Portal app, you have some options:
 
 - **Use Microsoft Endpoint Manager**: Endpoint Manager includes Microsoft Intune (cloud) and Configuration Manager (on-premises). With both services, you can add Microsoft Store apps, like the Company Portal app. Once added, you create an app policy that deploys and installs the Company Portal app to your devices.
 
+  This option is preferred. Admins can makes sure the app is installed on organization-managed devices.
+
   - On co-managed devices, which are managed by Microsoft Intune + Configuration Manager together, the Company Portal app shows your Intune apps and your Configuration Manager apps. So, all apps are shown in one place.
 
   - When apps are installed from the Microsoft Store app, by default, they're automatically updated. Users can also open the Microsoft Store app, go to the **Library**, and check for updates.
@@ -111,37 +105,3 @@ When the apps are shown, users can select and download the apps on their devices
 
 If you use a third party or partner MDM provider, be sure to configure the settings that list your apps in the Company Portal app.
 
-## Use Group Policy or MDM to block the Microsoft Store
-
-By default, the OS shows the Microsoft Store, and allows users to install the public and retail apps. If you want, you can hide the Microsoft Store on your user devices using Group Policy (on-premises), or using an MDM provider, such as Microsoft Intune (cloud).
-
-### Group Policy
-
-If you use Group Policy, you can use the following policies:
-
-- `Computer configuration\Administrative templates\Windows Components\Store\Turn off the Store application`
-- `User configuration\Administrative templates\Windows Components\Store\Turn off the Store application`
-
-If you currently use the `Only display the private store within Microsoft Store app` and `To show private store only in Microsoft Store app` policies, then you should now use `Disable all apps from Microsoft Store` policy.
-
-### MDM
-
-Using an MDM provider, you can deploy a policy that turns off or blocks the Microsoft Store.
-
-Using Microsoft Intune, you can use [Administrative Templates](/mem/intune/configuration/administrative-templates-windows) (opens another Microsoft web site) or the [Settings Catalog](/mem/intune/configuration/settings-catalog) (opens another Microsoft web site) to turn off the Microsoft Store app.
-
-**--> Need to add more specific info. <--**
-
-## Use Microsoft Defender Application Control or AppLocker
-
-The Microsoft Store app uses the `WinStore.App.exe` file. You can block access to this file using AppLocker or Microsoft Defender Application Control. For more information on these options, see:
-
-- [Windows Defender Application Control and AppLocker Overview](/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview)
-- [Block Microsoft Store using AppLocker](/windows/configuration/stop-employees-from-using-microsoft-store#block-microsoft-store-using-applocker)
-
-## Microsoft Store for Business
-
-> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
-
-In the Microsoft Store app, the private store includes apps used by our organization. On Windows 10 devices, users open the Microsoft Store app, go to your organization's tab, select an app, and install it.

From 2e08b6bd87ecd59b68ffa90d824668f47d249e5d Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Mon, 13 Sep 2021 20:52:48 -0400
Subject: [PATCH 323/671] TOC update

---
 windows/application-management/toc.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/application-management/toc.yml b/windows/application-management/toc.yml
index e8e1f49908..9ed78f7a9d 100644
--- a/windows/application-management/toc.yml
+++ b/windows/application-management/toc.yml
@@ -11,12 +11,12 @@ items:
           href: provisioned-apps-windows-client-os.md
         - name: System apps in Windows client OS
           href: system-apps-windows-client-os.md
-        - name: Private store on Windows 11
-          href: private-store-mdm-company-portal-windows-11.md
     - name: Add features in Windows client
       href: add-apps-and-features.md
     - name: Sideload apps
       href: sideload-apps-in-windows-10.md
+    - name: Private store on Windows 11
+      href: private-store-mdm-company-portal-windows-11.md
     - name: Remove background task resource restrictions
       href: enterprise-background-activity-controls.md
     - name: Enable or block Windows Mixed Reality apps in the enterprise

From ebad3c4166357d929c214b2129e9a3856213393d Mon Sep 17 00:00:00 2001
From: Meghana Athavale <v-mathavale@microsoft.com>
Date: Tue, 14 Sep 2021 09:45:57 +0530
Subject: [PATCH 324/671] Incorporated review comments

---
 .../tpm/change-the-tpm-owner-password.md      |  1 +
 .../tpm/how-windows-uses-the-tpm.md           | 12 +++----
 ...lize-and-configure-ownership-of-the-tpm.md | 36 +++++++++----------
 .../tpm/manage-tpm-lockout.md                 |  2 +-
 .../tpm/tpm-fundamentals.md                   | 31 ++++++++--------
 .../tpm/tpm-recommendations.md                | 18 +++++-----
 6 files changed, 50 insertions(+), 50 deletions(-)

diff --git a/windows/security/information-protection/tpm/change-the-tpm-owner-password.md b/windows/security/information-protection/tpm/change-the-tpm-owner-password.md
index c139f7a4df..6edba10d03 100644
--- a/windows/security/information-protection/tpm/change-the-tpm-owner-password.md
+++ b/windows/security/information-protection/tpm/change-the-tpm-owner-password.md
@@ -20,6 +20,7 @@ ms.date: 09/03/2021
 
 **Applies to**
 -   Windows 10
+-   TPM 1.2
 -   Windows 11
 -   Windows Server 2016 and above
 
diff --git a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md b/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md
index 532dc2607c..038e7da093 100644
--- a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md
+++ b/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md
@@ -19,7 +19,7 @@ ms.date: 09/03/2021
 
 # How Windows uses the Trusted Platform Module
 
-The Windows operating system improves most existing security features in the operating system and adds groundbreaking new security features such as Device Guard and Windows Hello for Business. It places hardware-based security deeper inside the operating system than previous Windows versions had done, maximizing platform security while increasing usability. To achieve many of these security enhancements, Windows makes extensive use of the Trusted Platform Module (TPM). This article offers a brief overview of the TPM, describes how it works, and discusses the benefits that TPM brings to Windows as well as the cumulative security impact of running Windows on a PC that contains a TPM.
+The Windows operating system improves most existing security features in the operating system and adds groundbreaking new security features such as Device Guard and Windows Hello for Business. It places hardware-based security deeper inside the operating system than previous Windows versions had done, maximizing platform security while increasing usability. To achieve many of these security enhancements, Windows makes extensive use of the Trusted Platform Module (TPM). This article offers a brief overview of the TPM, describes how it works, and discusses the benefits that TPM brings to Windows and the cumulative security impact of running Windows on a PC that contains a TPM.
 
 
 **See also:**
@@ -36,7 +36,7 @@ The TPM is a cryptographic module that enhances computer security and privacy. P
 
 Historically, TPMs have been discrete chips soldered to a computer’s motherboard. Such implementations allow the computer’s original equipment manufacturer (OEM) to evaluate and certify the TPM separate from the rest of the system. Although discrete TPM implementations are still common, they can be problematic for integrated devices that are small or have low power consumption. Some newer TPM implementations integrate TPM functionality into the same chipset as other platform components while still providing logical separation similar to discrete TPM chips.
 
-TPMs are passive: they receive commands and return responses. To realize the full benefit of a TPM, the OEM must carefully integrate system hardware and firmware with the TPM to send it commands and react to its responses. TPMs were originally designed to provide security and privacy benefits to a platform’s owner and users, but newer versions can provide security and privacy benefits to the system hardware itself. Before it can be used for advanced scenarios, a TPM must be provisioned. Windows automatically provisions a TPM, but if the user reinstalls the operating system, he or she may need to tell the operating system to explicitly provision the TPM again before it can use all the TPM’s features.
+TPMs are passive: they receive commands and return responses. To realize the full benefit of a TPM, the OEM must carefully integrate system hardware and firmware with the TPM to send it commands and react to its responses. TPMs were originally designed to provide security and privacy benefits to a platform’s owner and users, but newer versions can provide security and privacy benefits to the system hardware itself. Before it can be used for advanced scenarios, a TPM must be provisioned. Windows automatically provisions a TPM, but if the user reinstalls the operating system, user may need to tell the operating system to explicitly provision the TPM again before it can use all the TPM’s features.
 
 The Trusted Computing Group (TCG) is the nonprofit organization that publishes and maintains the TPM specification. The TCG exists to develop, define, and promote vendor-neutral, global industry standards that support a hardware-based root of trust for interoperable trusted computing platforms. The TCG also publishes the TPM specification as the international standard ISO/IEC 11889, using the Publicly Available Specification Submission Process that the Joint Technical Committee 1 defines between the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
 
@@ -58,11 +58,11 @@ Although CNG sounds like a mundane starting point, it illustrates some of the ad
 
 The Platform Crypto Provider, introduced in the Windows 8 operating system, exposes the following special TPM properties, which software-only CNG providers cannot offer or cannot offer as effectively:
 
-•	**Key protection**. The Platform Crypto Provider can create keys in the TPM with restrictions on their use. The operating system can load and use the keys in the TPM without copying the keys to system memory, where they are vulnerable to malware. The Platform Crypto Provider can also configure keys that a TPM protects so that they are not removable. If a TPM creates a key, the key is unique and resides only in that TPM. If the TPM imports a key, the Platform Crypto Provider can use the key in that TPM, but that TPM is not a source for making additional copies of the key or enabling the use of copies elsewhere. In sharp contrast, software solutions that protect keys from copying are subject to reverse-engineering attacks, in which someone figures out how the solution stores keys or makes copies of keys while they are in memory during use.
+•	**Key protection**. The Platform Crypto Provider can create keys in the TPM with restrictions on their use. The operating system can load and use the keys in the TPM without copying the keys to system memory, where they are vulnerable to malware. The Platform Crypto Provider can also configure keys that a TPM protects so that they are not removable. If a TPM creates a key, the key is unique and resides only in that TPM. If the TPM imports a key, the Platform Crypto Provider can use the key in that TPM, but that TPM is not a source for making more copies of the key or enabling the use of copies elsewhere. In sharp contrast, software solutions that protect keys from copying are subject to reverse-engineering attacks, in which someone figures out how the solution stores keys or makes copies of keys while they are in memory during use.
 
 •	**Dictionary attack protection**. Keys that a TPM protects can require an authorization value such as a PIN. With dictionary attack protection, the TPM can prevent attacks that attempt a large number of guesses to determine the PIN. After too many guesses, the TPM simply returns an error saying no more guesses are allowed for a period of time. Software solutions might provide similar features, but they cannot provide the same level of protection, especially if the system restarts, the system clock changes, or files on the hard disk that count failed guesses are rolled back. In addition, with dictionary attack protection, authorization values such as PINs can be shorter and easier to remember while still providing the same level of protection as more complex values when using software solutions.
 
-These TPM features give Platform Crypto Provider distinct advantages over software-based solutions. A practical way to see these benefits in action is when using certificates on a Windows device. On platforms that include a TPM, Windows can use the Platform Crypto Provider to provide certificate storage. Certificate templates can specify that a TPM use the Platform Crypto Provider to protect the key associated with a certificate. In mixed environments, where some computers might not have a TPM, the certificate template could simply prefer the Platform Crypto Provider over the standard Windows software provider. If a certificate is configured as not able to be exported, the private key for the certificate is restricted and cannot be exported from the TPM. If the certificate requires a PIN, the PIN gains the TPM’s dictionary attack protection automatically.
+These TPM features give Platform Crypto Provider distinct advantages over software-based solutions. A practical way to see these benefits in action is when using certificates on a Windows device. On platforms that include a TPM, Windows can use the Platform Crypto Provider to provide certificate storage. Certificate templates can specify that a TPM use the Platform Crypto Provider to protect the key associated with a certificate. In mixed environments, where some computers might not have a TPM, the certificate template could prefer the Platform Crypto Provider over the standard Windows software provider. If a certificate is configured as not able to be exported, the private key for the certificate is restricted and cannot be exported from the TPM. If the certificate requires a PIN, the PIN gains the TPM’s dictionary attack protection automatically.
 
 ## Virtual Smart Card
 
@@ -92,13 +92,13 @@ For Windows Hello for Business, Microsoft can fill the role of the identity CA.
 
 ## BitLocker Drive Encryption
 
-BitLocker provides full-volume encryption to protect data at rest. The most common device configuration splits the hard drive into several volumes. The operating system and user data reside on one volume that holds confidential information, and other volumes hold public information such as boot components, system information and recovery tools. (These other volumes are used infrequently enough that they do not need to be visible to users.) Without additional protections in place, if the volume containing the operating system and user data is not encrypted, someone can boot another operating system and easily bypass the intended operating system’s enforcement of file permissions to read any user data.
+BitLocker provides full-volume encryption to protect data at rest. The most common device configuration splits the hard drive into several volumes. The operating system and user data reside on one volume that holds confidential information, and other volumes hold public information such as boot components, system information and recovery tools. (These other volumes are used infrequently enough that they do not need to be visible to users.) Without more protections in place, if the volume containing the operating system and user data is not encrypted, someone can boot another operating system and easily bypass the intended operating system’s enforcement of file permissions to read any user data.
 
 In the most common configuration, BitLocker encrypts the operating system volume so that if the computer or hard disk is lost or stolen when powered off, the data on the volume remains confidential. When the computer is turned on, starts normally, and proceeds to the Windows logon prompt, the only path forward is for the user to log on with his or her credentials, allowing the operating system to enforce its normal file permissions. If something about the boot process changes, however—for example, a different operating system is booted from a USB device—the operating system volume and user data cannot be read and are not accessible. The TPM and system firmware collaborate to record measurements of how the system started, including loaded software and configuration details such as whether boot occurred from the hard drive or a USB device. BitLocker relies on the TPM to allow the use of a key only when startup occurs in an expected way. The system firmware and TPM are carefully designed to work together to provide the following capabilities:
 
 •	**Hardware root of trust for measurement**. A TPM allows software to send it commands that record measurements of software or configuration information. This information can be calculated using a hash algorithm that essentially transforms a lot of data into a small, statistically unique hash value. The system firmware has a component called the Core Root of Trust for Measurement (CRTM) that is implicitly trusted. The CRTM unconditionally hashes the next software component and records the measurement value by sending a command to the TPM. Successive components, whether system firmware or operating system loaders, continue the process by measuring any software components they load before running them. Because each component’s measurement is sent to the TPM before it runs, a component cannot erase its measurement from the TPM. (However, measurements are erased when the system is restarted.) The result is that at each step of the system startup process, the TPM holds measurements of boot software and configuration information. Any changes in boot software or configuration yield different TPM measurements at that step and later steps. Because the system firmware unconditionally starts the measurement chain, it provides a hardware-based root of trust for the TPM measurements. At some point in the startup process, the value of recording all loaded software and configuration information diminishes and the chain of measurements stops. The TPM allows for the creation of keys that can be used only when the platform configuration registers that hold the measurements have specific values.
 
-•	**Key used only when boot measurements are accurate**. BitLocker creates a key in the TPM that can be used only when the boot measurements match an expected value. The expected value is calculated for the step in the startup process when Windows Boot Manager runs from the operating system volume on the system hard drive. Windows Boot Manager, which is stored unencrypted on the boot volume, needs to use the TPM key so that it can decrypt data read into memory from the operating system volume and startup can proceed using the encrypted operating system volume. If a different operating system is booted or the configuration is changed, the measurement values in the TPM will be different, the TPM will not let Windows Boot Manager use the key, and the startup process cannot proceed normally because the data on the operating system cannot be decrypted. If someone tries to boot the system with a different operating system or a different device, the software or configuration measurements in the TPM will be wrong and the TPM will not allow use of the key needed to decrypt the operating system volume. As a failsafe, if measurement values change unexpectedly, the user can always use the BitLocker recovery key to access volume data. Organizations can configure BitLocker to store the recovery key in Active Directory Domain Services (AD DS).
+•	**Key used only when boot measurements are accurate**. BitLocker creates a key in the TPM that can be used only when the boot measurements match an expected value. The expected value is calculated for the step in the startup process when Windows Boot Manager runs from the operating system volume on the system hard drive. Windows Boot Manager, which is stored unencrypted on the boot volume, needs to use the TPM key so that it can decrypt data read into memory from the operating system volume and startup can proceed using the encrypted operating system volume. If a different operating system is booted or the configuration is changed, the measurement values in the TPM will be different, the TPM will not let Windows Boot Manager use the key, and the startup process cannot proceed normally because the data on the operating system cannot be decrypted. If someone tries to boot the system with a different operating system or a different device, the software or configuration measurements in the TPM will be wrong and the TPM will not allow use of the key needed to decrypt the operating system volume. As a failsafe, if measurement values change unexpectedly, the user can always use the BitLocker recovery key to access volume data. Organizations can configure BitLocker to store the recovery key-in Active Directory Domain Services (AD DS).
 
 Device hardware characteristics are important to BitLocker and its ability to protect data. One consideration is whether the device provides attack vectors when the system is at the logon screen. For example, if the Windows device has a port that allows direct memory access so that someone can plug in hardware and read memory, an attacker can read the operating system volume’s decryption key from memory while at the Windows logon screen. To mitigate this risk, organizations can configure BitLocker so that the TPM key requires both the correct software measurements and an authorization value. The system startup process stops at Windows Boot Manager, and the user is prompted to enter the authorization value for the TPM key or insert a USB device with the value. This process stops BitLocker from automatically loading the key into memory where it might be vulnerable, but has a less desirable user experience.
 
diff --git a/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md b/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
index 0fb36c69fe..bb72304f8c 100644
--- a/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
+++ b/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
@@ -1,6 +1,6 @@
 ---
 title: Troubleshoot the TPM (Windows)
-description: This topic for the IT professional describes how to view status for, clear, or troubleshoot the Trusted Platform Module (TPM).
+description: This article for the IT professional describes how to view status for, clear, or troubleshoot the Trusted Platform Module (TPM).
 ms.assetid: 1166efaf-7aa3-4420-9279-435d9c6ac6f8
 ms.reviewer: 
 ms.prod: w10
@@ -23,7 +23,7 @@ ms.date: 09/06/2021
 -   Windows 11
 -   Windows Server 2016 and above
 
-This topic provides information for the IT professional to troubleshoot the Trusted Platform Module (TPM):
+This article provides information for the IT professional to troubleshoot the Trusted Platform Module (TPM):
 
 -   [Troubleshoot TPM initialization](#troubleshoot-tpm-initialization)
 
@@ -43,7 +43,7 @@ Starting with Windows 10 and Windows 11, the operating system automatically init
 
 If you find that Windows is not able to initialize the TPM automatically, review the following information:
 
--   You can try clearing the TPM to the factory default values and allowing Windows to re-initialize it. For important precautions for this process, and instructions for completing it, see [Clear all the keys from the TPM](#clear-all-the-keys-from-the-tpm), later in this topic.
+-   You can try clearing the TPM to the factory default values and allowing Windows to re-initialize it. For important precautions for this process, and instructions for completing it, see [Clear all the keys from the TPM](#clear-all-the-keys-from-the-tpm), later in this article.
 
 -   If the TPM is a TPM 2.0 and is not detected by Windows, verify that your computer hardware contains a Unified Extensible Firmware Interface (UEFI) that is Trusted Computing Group-compliant. Also, ensure that in the UEFI settings, the TPM has not been disabled or hidden from the operating system.
 
@@ -63,7 +63,7 @@ If these issues occur, an error message appears, and you cannot complete the ini
 
 ### Troubleshoot systems with multiple TPMs
 
-Some systems may have multiple TPMs and the active TPM may be toggled in UEFI. Windows does not support this behavior. If you switch TPMs, Windows might not properly detect or interact with the new TPM. If you plan to switch TPMs you should toggle to the new TPM, clear it, and reinstall Windows. For more information, see [Clear all the keys from the TPM](#clear-all-the-keys-from-the-tpm), later in this topic.
+Some systems may have multiple TPMs and the active TPM may be toggled in UEFI. Windows does not support this behavior. If you switch TPMs, Windows might not properly detect or interact with the new TPM. If you plan to switch TPMs you should toggle to the new TPM, clear it, and reinstall Windows. For more information, see [Clear all the keys from the TPM](#clear-all-the-keys-from-the-tpm), later in this article.
 
 For example, toggling TPMs will cause BitLocker to enter recovery mode. We strongly recommend that, on systems with two TPMs, one TPM is selected to be used and the selection is not changed.
 
@@ -80,11 +80,11 @@ Clearing the TPM resets it to an unowned state. After you clear the TPM, the Win
 
 Clearing the TPM can result in data loss. To protect against such loss, review the following precautions:
 
--   Clearing the TPM causes you to lose all created keys associated with the TPM, and data protected by those keys, such as a virtual smart card or a login PIN. Make sure that you have a backup and recovery method for any data that is protected or encrypted by the TPM.
+-   Clearing the TPM causes you to lose all created keys associated with the TPM, and data protected by those keys, such as a virtual smart card or a sign in PIN. Make sure that you have a backup and recovery method for any data that is protected or encrypted by the TPM.
 
 -   Do not clear the TPM on a device you do not own, such as a work or school PC, without being instructed to do so by your IT administrator.
 
--   If you want to temporarily suspend TPM operations and you have TPM 1.2 with Windows 10, version 1507 or 1511, or Windows 11, you can turn off the TPM. For more information, see [Turn off the TPM](#turn-off-the-tpm), later in this topic.
+-   If you want to temporarily suspend TPM operations and you have TPM 1.2 with Windows 10, version 1507 or 1511, or Windows 11, you can turn off the TPM. For more information, see [Turn off the TPM](#turn-off-the-tpm), later in this article.
 
 -   Always use functionality in the operating system (such as TPM.msc) to the clear the TPM. Do not clear the TPM directly from UEFI.
 
@@ -96,13 +96,13 @@ Membership in the local Administrators group, or equivalent, is the minimum requ
 
 1. Open the Windows Defender Security Center app.
 
-2. Click **Device security**.
+2. Select **Device security**.
 
-3. Click **Security processor details**.
+3. Select **Security processor details**.
 
-4. Click **Security processor troubleshooting**.
+4. Select **Security processor troubleshooting**.
 
-5. Click **Clear TPM**.
+5. Select **Clear TPM**.
 
 6.  You will be prompted to restart the computer. During the restart, you might be prompted by the UEFI to press a button to confirm that you wish to clear the TPM.
 
@@ -120,9 +120,9 @@ If you want to use the TPM after you have turned it off, you can use the followi
 
 1.  Open the TPM MMC (tpm.msc).
 
-2.  In the **Action** pane, click **Turn TPM On** to display the **Turn on the TPM Security Hardware** page. Read the instructions on this page.
+2.  In the **Action** pane, select **Turn TPM On** to display the **Turn on the TPM Security Hardware** page. Read the instructions on this page.
 
-3.  Click **Shutdown** (or **Restart**), and then follow the UEFI screen prompts.
+3.  Select **Shutdown** (or **Restart**), and then follow the UEFI screen prompts.
 
     After the computer restarts, but before you sign in to Windows, you will be prompted to accept the reconfiguration of the TPM. This ensures that the user has physical access to the computer and that malicious software is not attempting to make changes to the TPM.
 
@@ -134,20 +134,20 @@ If you want to stop using the services that are provided by the TPM, you can use
 
 1. Open the TPM MMC (tpm.msc).
 
-2. In the **Action** pane, click **Turn TPM Off** to display the **Turn off the TPM security hardware** page.
+2. In the **Action** pane, select **Turn TPM Off** to display the **Turn off the TPM security hardware** page.
 
 3. In the **Turn off the TPM security hardware** dialog box, select a method to enter your owner password and turning off the TPM:
 
-   -   If you saved your TPM owner password on a removable storage device, insert it, and then click **I have the owner password file**. In the **Select backup file with the TPM owner password** dialog box, click **Browse** to locate the .tpm file that is saved on your removable storage device, click **Open**, and then click **Turn TPM Off**.
+   -   If you saved your TPM owner password on a removable storage device, insert it, and then select **I have the owner password file**. In the **Select backup file with the TPM owner password** dialog box, select **Browse** to locate the .tpm file that is saved on your removable storage device, select **Open**, and then select **Turn TPM Off**.
 
-   -   If you do not have the removable storage device with your saved TPM owner password, click **I want to enter the password**. In the **Type your TPM owner password** dialog box, type your password (including hyphens), and then click **Turn TPM Off**.
+   -   If you do not have the removable storage device with your saved TPM owner password, select **I want to enter the password**. In the **Type your TPM owner password** dialog box, type your password (including hyphens), and then select **Turn TPM Off**.
 
-   -   If you did not save your TPM owner password or no longer know it, click **I do not have the TPM owner password**, and follow the instructions that are provided in the dialog box and subsequent UEFI screens to turn off the TPM without entering the password.
+   -   If you did not save your TPM owner password or no longer know it, select **I do not have the TPM owner password**, and follow the instructions that are provided in the dialog box and subsequent UEFI screens to turn off the TPM without entering the password.
   
 ## Use the TPM cmdlets
 
 You can manage the TPM using Windows PowerShell. For details, see [TPM Cmdlets in Windows PowerShell](/powershell/module/trustedplatformmodule/?view=win10-ps&preserve-view=true).
 
-## Related topics
+## Related articles
 
-- [Trusted Platform Module](trusted-platform-module-top-node.md) (list of topics)
+- [Trusted Platform Module](trusted-platform-module-top-node.md) (list of articles)
diff --git a/windows/security/information-protection/tpm/manage-tpm-lockout.md b/windows/security/information-protection/tpm/manage-tpm-lockout.md
index 777005b678..fe1fb8255c 100644
--- a/windows/security/information-protection/tpm/manage-tpm-lockout.md
+++ b/windows/security/information-protection/tpm/manage-tpm-lockout.md
@@ -38,7 +38,7 @@ The industry standards from the Trusted Computing Group (TCG) specify that TPM m
 
 **TPM 2.0**
 
-TPM 2.0 devices have standardized lockout behavior which is configured by Windows. TPM 2.0 devices have a maximum count threshold and a healing time. Windows configures the maximum count to be 32 and the healing time to be 10 minutes. This means that every continuous ten minutes of powered on operation without an event which increases the counter will cause the counter to decrease by 1.
+TPM 2.0 devices have standardized lockout behavior, which is configured by Windows. TPM 2.0 devices have a maximum count threshold and a healing time. Windows configures the maximum count to be 32 and the healing time to be 10 minutes. This means that every continuous ten minutes of powered on operation without an event, which increases the counter will cause the counter to decrease by 1.
 
 If your TPM has entered lockout mode or is responding slowly to commands, you can reset the lockout value by using the following procedures. Resetting the TPM lockout requires the TPM owner’s authorization. This value is no longer retained by default starting with Windows 10 version 1607 and higher.
 
diff --git a/windows/security/information-protection/tpm/tpm-fundamentals.md b/windows/security/information-protection/tpm/tpm-fundamentals.md
index a1f536f4be..7cd1b04f28 100644
--- a/windows/security/information-protection/tpm/tpm-fundamentals.md
+++ b/windows/security/information-protection/tpm/tpm-fundamentals.md
@@ -1,5 +1,5 @@
 ---
-title: TPM fundamentals (Windows)
+title: Trusted Platform Module (TPM) fundamentals (Windows)
 description: Inform yourself about the components of the Trusted Platform Module (TPM 1.2 and TPM 2.0) and how they are used to mitigate dictionary attacks.
 ms.assetid: ac90f5f9-9a15-4e87-b00d-4adcf2ec3000
 ms.reviewer: 
@@ -23,17 +23,17 @@ ms.date: 09/06/2021
 -   Windows 11
 -   Windows Server 2016 and above
 
-This topic for the IT professional provides a description of the components of the Trusted Platform Module (TPM 1.2 and TPM 2.0) and explains how they are used to mitigate dictionary attacks.
+This article for the IT professional provides a description of the components of the Trusted Platform Module (TPM 1.2 and TPM 2.0) and explains how they are used to mitigate dictionary attacks.
 
-A Trusted Platform Module (TPM) is a microchip designed to provide basic security-related functions, primarily involving encryption keys. The TPM is usually installed on the motherboard of a computer, and it communicates with the remainder of the system by using a hardware bus.
+A Trusted Platform Module (TPM) is a microchip designed to provide basic security-related functions, primarily involving encryption keys. The TPM is installed on the motherboard of a computer, and it communicates with the rest of the system by using a hardware bus.
 
 Computers that incorporate a TPM can create cryptographic keys and encrypt them so that they can only be decrypted by the TPM. This process, often called wrapping or binding a key, can help protect the key from disclosure. Each TPM has a master wrapping key, called the storage root key, which is stored within the TPM itself. The private portion of a storage root key or endorsement key that is created in a TPM is never exposed to any other component, software, process, or user.
 
 You can specify whether encryption keys that are created by the TPM can be migrated or not. If you specify that they can be migrated, the public and private portions of the key can be exposed to other components, software, processes, or users. If you specify that encryption keys cannot be migrated, the private portion of the key is never exposed outside the TPM.
 
-Computers that incorporate a TPM can also create a key that has not only been wrapped, but is also tied to certain platform measurements. This type of key can be unwrapped only when those platform measurements have the same values that they had when the key was created. This process is referred to as “sealing the key to the TPM.” Decrypting the key is called unsealing. The TPM can also seal and unseal data that is generated outside the TPM. With this sealed key and software, such as BitLocker Drive Encryption, you can lock data until specific hardware or software conditions are met.
+Computers that incorporate a TPM can also create a key that is wrapped and tied to certain platform measurements. This type of key can be unwrapped only when those platform measurements have the same values that they had when the key was created. This process is referred to as “sealing the key to the TPM.” Decrypting the key is called unsealing. The TPM can also seal and unseal data that is generated outside the TPM. With this sealed key and software, such as BitLocker Drive Encryption, you can lock data until specific hardware or software conditions are met.
 
-With a TPM, private portions of key pairs are kept separate from the memory that is controlled by the operating system. Keys can be sealed to the TPM, and certain assurances about the state of a system (assurances that define the trustworthiness of a system) can be made before the keys are unsealed and released for use. Because the TPM uses its own internal firmware and logic circuits to process instructions, it does not rely on the operating system, and it is not exposed to vulnerabilities that might exist in the operating system or application software.
+With a TPM, private portions of key pairs are kept separate from the memory that is controlled by the operating system. Keys can be sealed to the TPM, and certain assurances about the state of a system (assurances that define the trustworthiness of a system) can be made before the keys are unsealed and released for use. The TPM uses its own internal firmware and logic circuits to process instructions. Hence, it doesn't rely on the operating system and it isn't exposed to vulnerabilities that might exist in the operating system or application software.
 
 For info about which versions of Windows support which versions of the TPM, see [Trusted Platform Module technology overview](trusted-platform-module-overview.md). The features that are available in the versions are defined in specifications by the Trusted Computing Group (TCG). For more info, see the Trusted Platform Module page on the Trusted Computing Group website: [Trusted Platform Module](http://www.trustedcomputinggroup.org/developers/trusted_platform_module).
 
@@ -62,16 +62,15 @@ The following topic describes the TPM Services that can be controlled centrally
 
 ## Measured Boot with support for attestation
 
-The Measured Boot feature provides antimalware software with a trusted (resistant to spoofing and tampering) log of all boot components. Antimalware software can use the log to determine whether components that ran before it are trustworthy versus infected with malware. It can also send the Measured Boot logs to a remote server for evaluation. The remote server can initiate remediation actions by interacting with software on the client or through out-of-band mechanisms, as appropriate.
+The Measured Boot feature provides antimalware software with a trusted (resistant to spoofing and tampering) log of all boot components. Antimalware software can use the log to determine whether components that ran before it are trustworthy versus infected with malware. It can also send the Measured Boot logs to a remote server for evaluation. The remote server can start remediation actions by interacting with software on the client or through out-of-band mechanisms, as appropriate.
 
 ## TPM-based Virtual Smart Card
 
-The Virtual Smart Card emulates the functionality of traditional smart cards, but Virtual Smart Cards use the TPM chip that is available on an organization’s computers, rather than requiring the use of a separate physical smart card and reader. This greatly reduces the management and deployment cost of smart cards in an enterprise. To the end user, the Virtual Smart Card is always available on the computer. If a user needs to use more than one computer, a
-Virtual Smart Card must be issued to the user for each computer. A computer that is shared among multiple users can host multiple Virtual Smart Cards, one for each user.
+The Virtual Smart Card emulates the functionality of traditional smart cards. Virtual Smart Cards use the TPM chip that is available on an organization’s computers, rather than using a separate physical smart card and reader. This greatly reduces the management and deployment cost of smart cards in an enterprise. To the end user, the Virtual Smart Card is always available on the computer. If a user needs to use more than one computer, a Virtual Smart Card must be issued to the user for each computer. A computer that is shared among multiple users can host multiple Virtual Smart Cards, one for each user.
 
 ## TPM-based certificate storage
 
-The TPM can be used to protect certificates and RSA keys. The TPM key storage provider (KSP) provides easy, convenient use of the TPM as a way of strongly protecting private keys. The TPM KSP can be used to generate keys when an organization enrolls for certificates, and the KSP is managed by templates in the UI. The TPM can also be used to protect certificates that are imported from an outside source. TPM-based certificates can be used exactly as standard certificates with the added functionality that the certificate can never leave the TPM from which the keys were generated. The TPM can now be used for crypto-operations through Cryptography API: Next Generation (CNG). For more info, see [Cryptography API: Next Generation](/windows/win32/seccng/cng-portal).
+The TPM protects certificates and RSA keys. The TPM key storage provider (KSP) provides easy and convenient use of the TPM as a way of strongly protecting private keys. The TPM KSP generates keys when an organization enrolls for certificates. The KSP is managed by templates in the UI. The TPM also protects certificates that are imported from an outside source. TPM-based certificates are standard certificates. The certificate can never leave the TPM from which the keys are generated. The TPM can now be used for crypto-operations through Cryptography API: Next Generation (CNG). For more info, see [Cryptography API: Next Generation](/windows/win32/seccng/cng-portal).
 
 ## TPM Cmdlets
 
@@ -79,31 +78,31 @@ You can manage the TPM using Windows PowerShell. For details, see [TPM Cmdlets i
 
 ## Physical presence interface
 
-For TPM 1.2, the TCG specifications for TPMs require physical presence (typically, pressing a key) for turning the TPM on, turning it off, or clearing it. These actions typically cannot be automated with scripts or other automation tools unless the individual OEM supplies them.
+For TPM 1.2, the TCG specifications for TPMs require physical presence (typically, pressing a key) for turning on the TPM, turning it off, or clearing it. These actions typically cannot be automated with scripts or other automation tools unless the individual OEM supplies them.
 
 ## TPM 1.2 states and initialization
 
-For TPM 1.2, there are multiple possible states. Windows automatically initializes the TPM, which brings it to an enabled, activated, and owned state.
+TPM 1.2 has multiple possible states. Windows automatically initializes the TPM, which brings it to an enabled, activated, and owned state.
 
 ## Endorsement keys
 
-For a TPM to be usable by a trusted application, it must contain an endorsement key, which is an RSA key pair. The private half of the key pair is held inside the TPM, and it is never revealed or accessible outside the TPM.
+A trusted application can use TPM only if the TPM contains an endorsement key, which is an RSA key pair. The private half of the key pair is held inside the TPM and it is never revealed or accessible outside the TPM.
 
 ## Key attestation
 
-TPM key attestation allows a certification authority to verify that a private key is actually protected by a TPM and that the TPM is one that the certification authority trusts. Endorsement keys which have been proven valid can be used to bind the user identity to a device. Moreover, the user certificate with a TPM attested key provides higher security assurance backed up by the non-exportability, anti-hammering, and isolation of keys provided by a TPM.
+TPM key attestation allows a certification authority to verify that a private key is protected by a TPM and that the TPM is one that the certification authority trusts. Endorsement keys proven valid are used to bind the user identity to a device. The user certificate with a TPM attested key provides higher security assurance backed up by the non-exportability, anti-hammering, and isolation of keys provided by a TPM.
 
 ## Anti-hammering
 
-When a TPM processes a command, it does so in a protected environment, for example, a dedicated microcontroller on a discrete chip or a special hardware-protected mode on the main CPU. A TPM can be used to create a cryptographic key that is not disclosed outside the TPM, but is able to be used in the TPM after the correct authorization value is provided.
+When a TPM processes a command, it does so in a protected environment, for example, a dedicated microcontroller on a discrete chip or a special hardware-protected mode on the main CPU. A TPM is used to create a cryptographic key that is not disclosed outside the TPM. It is used in the TPM after the correct authorization value is provided.
 
 TPMs have anti-hammering protection that is designed to prevent brute force attacks, or more complex dictionary attacks, that attempt to determine authorization values for using a key. The basic approach is for the TPM to allow only a limited number of authorization failures before it prevents more attempts to use keys and locks. Providing a failure count for individual keys is not technically practical, so TPMs have a global lockout when too many authorization failures occur.
 
-Because many entities can use the TPM, a single authorization success cannot reset the TPM’s anti-hammering protection. This prevents an attacker from creating a key with a known authorization value and then using it to reset the TPM’s protection. Generally, TPMs are designed to forget about authorization failures after a period of time so the TPM does not enter a lockout state unnecessarily. A TPM owner password can be used to reset the TPM’s lockout logic.
+Because many entities can use the TPM, a single authorization success cannot reset the TPM’s anti-hammering protection. This prevents an attacker from creating a key with a known authorization value and then using it to reset the TPM’s protection. TPMs are designed to forget about authorization failures after a period of time so the TPM does not enter a lockout state unnecessarily. A TPM owner password can be used to reset the TPM’s lockout logic.
 
 ### TPM 2.0 anti-hammering
 
-TPM 2.0 has well defined anti-hammering behavior. This is in contrast to TPM 1.2 for which the anti-hammering protection was implemented by the manufacturer, and the logic varied widely throughout the industry.
+TPM 2.0 has well defined anti-hammering behavior. This is in contrast to TPM 1.2 for which the anti-hammering protection was implemented by the manufacturer and the logic varied widely throughout the industry.
 
 For systems with TPM 2.0, the TPM is configured by Windows to lock after 32 authorization failures and to forget one authorization failure every two hours. This means that a user could quickly attempt to use a key with the wrong authorization value 32 times. For each of the 32 attempts, the TPM records if the authorization value was correct or not. This inadvertently causes the TPM to enter a locked state after 32 failed attempts.
 
diff --git a/windows/security/information-protection/tpm/tpm-recommendations.md b/windows/security/information-protection/tpm/tpm-recommendations.md
index a0a68a10b5..de5f910d13 100644
--- a/windows/security/information-protection/tpm/tpm-recommendations.md
+++ b/windows/security/information-protection/tpm/tpm-recommendations.md
@@ -31,11 +31,11 @@ For a basic feature description of TPM, see the [Trusted Platform Module Technol
 
 ## TPM design and implementation
 
-Traditionally, TPMs have been discrete chips soldered to a computer’s motherboard. Such implementations allow the computer’s original equipment manufacturer (OEM) to evaluate and certify the TPM separate from the rest of the system. Although discrete TPM implementations are still common, they can be problematic for integrated devices that are small or have low power consumption. Some newer TPM implementations integrate TPM functionality into the same chipset as other platform components while still providing logical separation similar to discrete TPM chips.
+Traditionally, TPMs are discrete chips soldered to a computer’s motherboard. Such implementations allow the computer’s original equipment manufacturer (OEM) to evaluate and certify the TPM separate from the rest of the system. Discrete TPM implementations are common. However, they can be problematic for integrated devices that are small or have low power consumption. Some newer TPM implementations integrate TPM functionality into the same chipset as other platform components while still providing logical separation similar to discrete TPM chips.
 
 TPMs are passive: they receive commands and return responses. To realize the full benefit of a TPM, the OEM must carefully integrate system hardware and firmware with the TPM to send it commands and react to its responses. TPMs were originally designed to provide security and privacy benefits to a platform’s owner and users, but newer versions can provide security and privacy benefits to the system hardware itself. Before it can be used for advanced scenarios, however, a TPM must be provisioned. Windows automatically provisions a TPM, but if the user is planning to reinstall the operating system, he or she may need to clear the TPM before reinstalling so that Windows can take full advantage of the TPM.
 
-The Trusted Computing Group (TCG) is the nonprofit organization that publishes and maintains the TPM specification. The TCG exists to develop, define, and promote vendor-neutral, global industry standards that support a hardware-based root of trust for interoperable trusted computing platforms. The TCG also publishes the TPM specification as the international standard ISO/IEC 11889, using the Publicly Available Specification Submission Process that the Joint Technical Committee 1 defines between the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
+The Trusted Computing Group (TCG) is the nonprofit organization that publishes and maintains the TPM specification. The TCG exists to develop, define, and promote vendor-neutral, global industry standards. These standards support a hardware-based root of trust for interoperable trusted computing platforms. The TCG also publishes the TPM specification as the international standard ISO/IEC 11889, using the Publicly Available Specification Submission Process that the Joint Technical Committee 1 defines between the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
 
 OEMs implement the TPM as a component in a trusted computing platform, such as a PC, tablet, or phone. Trusted computing platforms use the TPM to support privacy and security scenarios that software alone cannot achieve. For example, software alone cannot reliably report whether malware is present during the system startup process. The close integration between TPM and platform increases the transparency of the startup process and supports evaluating device health by enabling reliable measuring and reporting of the software that starts the device. Implementation of a TPM as part of a trusted computing platform provides a hardware root of trust—that is, it behaves in a trusted way. For example, if a key stored in a TPM has properties that disallow exporting the key, that key truly cannot leave the TPM.
 
@@ -55,7 +55,7 @@ TPM 2.0 products and systems have important security advantages over TPM 1.2, in
 
 - TPM 2.0 **enables greater crypto agility** by being more flexible with respect to cryptographic algorithms.
 
-  - TPM 2.0 supports newer algorithms, which can improve drive signing and key generation performance. For the full list of supported algorithms, see the [TCG Algorithm Registry](http://www.trustedcomputinggroup.org/tcg-algorithm-registry/). Some TPMs do not support all algorithms.
+  - TPM 2.0 supports newer algorithms, which can improve drive signing and key generation performance. For the full list of supported algorithms, see the [TCG Algorithm Registry](http://www.trustedcomputinggroup.org/tcg-algorithm-registry/). Some TPMs don't support all algorithms.
 
   - For the list of algorithms that Windows supports in the platform cryptographic storage provider, see [CNG Cryptographic Algorithm Providers](/windows/win32/seccertenroll/cng-cryptographic-algorithm-providers).
 
@@ -69,14 +69,14 @@ TPM 2.0 products and systems have important security advantages over TPM 1.2, in
 
   - TPM 2.0 lockout policy is configured by Windows, ensuring a consistent dictionary attack protection guarantee.
 
-- While TPM 1.2 parts are discrete silicon components which are typically soldered on the motherboard, TPM 2.0 is available as a **discrete (dTPM)** silicon component in a single semiconductor package, an **integrated** component incorporated in one or more semiconductor packages - alongside other logic units in the same package(s) - and as a **firmware (fTPM)** based component running in a trusted execution environment (TEE) on a general purpose SoC.
+- While TPM 1.2 parts are discrete silicon components, which are typically soldered on the motherboard, TPM 2.0 is available as a **discrete (dTPM)** silicon component in a single semiconductor package, an **integrated** component incorporated in one or more semiconductor packages - alongside other logic units in the same package(s), and as a **firmware (fTPM)** based component running in a trusted execution environment (TEE) on a general purpose SoC.
 
 > [!NOTE]
 > TPM 2.0 is not supported in Legacy and CSM Modes of the BIOS. Devices with TPM 2.0 must have their BIOS mode configured as Native UEFI only. The Legacy and Compatibility Support Module (CSM) options must be disabled. For added security Enable the Secure Boot feature.
 >
 > Installed Operating System on hardware in legacy mode will stop the OS from booting when the BIOS mode is changed to UEFI. Use the tool [MBR2GPT](/windows/deployment/mbr-to-gpt) before changing the BIOS mode which will prepare the OS and the disk to support UEFI.
 
-## Discrete, Integrated or Firmware TPM?
+## Discrete, Integrated, or Firmware TPM?
 
 There are three implementation options for TPMs:
 
@@ -86,17 +86,17 @@ There are three implementation options for TPMs:
 
 - Firmware TPM solution, running the TPM in firmware in a Trusted Execution mode of a general purpose computation unit
 
-Windows uses any compatible TPM in the same way. Microsoft does not take a position on which way a TPM should be implemented and there is a wide ecosystem of available TPM solutions which should suit all needs.
+Windows uses any compatible TPM in the same way. Microsoft does not take a position on which way a TPM should be implemented and there is a wide ecosystem of available TPM solutions, which should suit all needs.
 
 ## Is there any importance for TPM for consumers?
 
-For end consumers, TPM is behind the scenes but is still very relevant. TPM is used for Windows Hello, Windows Hello for Business and in the future, will be a component of many other key security features in Windows. TPM secures the PIN, helps encrypt passwords, and builds on our overall Windows experience story for security as a critical pillar. Using Windows on a system with a TPM enables a deeper and broader level of security coverage.
+For end consumers, TPM is behind the scenes but is still relevant. TPM is used for Windows Hello, Windows Hello for Business and in the future, will be a component of many other key security features in Windows. TPM secures the PIN, helps encrypt passwords, and builds on our overall Windows experience story for security as a critical pillar. Using Windows on a system with a TPM enables a deeper and broader level of security coverage.
 
 ## TPM 2.0 Compliance for Windows
 
 ### Windows for desktop editions (Home, Pro, Enterprise, and Education)
 
-- Since July 28, 2016, all new device models, lines or series (or if you are updating the hardware configuration of an existing model, line or series with a major update, such as CPU, graphic cards) must implement and enable by default TPM 2.0 (details in section 3.7 of the [Minimum hardware requirements](/windows-hardware/design/minimum/minimum-hardware-requirements-overview) page). The requirement to enable TPM 2.0 only applies to the manufacturing of new devices. For TPM recommendations for specific Windows features, see [TPM and Windows Features](#tpm-and-windows-features).
+- Since July 28, 2016, all new device models, lines, or series (or if you're updating the hardware configuration of an existing model, line, or series with a major update, such as CPU, graphic cards) must implement and enable by default TPM 2.0 (details in section 3.7 of the [Minimum hardware requirements](/windows-hardware/design/minimum/minimum-hardware-requirements-overview) page). The requirement to enable TPM 2.0 only applies to the manufacturing of new devices. For TPM recommendations for specific Windows features, see [TPM and Windows Features](#tpm-and-windows-features).
 
 ### IoT Core
 
@@ -104,7 +104,7 @@ For end consumers, TPM is behind the scenes but is still very relevant. TPM is u
 
 ### Windows Server 2016
 
-- TPM is optional for Windows Server SKUs unless the SKU meets the additional qualification (AQ) criteria for the Host Guardian Services scenario in which case TPM 2.0 is required.
+- TPM is optional for Windows Server SKUs unless the SKU meets the other qualification (AQ) criteria for the Host Guardian Services scenario in which case TPM 2.0 is required.
 
 ## TPM and Windows Features
 

From e2ad7e35ae5f66b43c5d4cf46db0cdbf844ea465 Mon Sep 17 00:00:00 2001
From: Alekhya Jupudi <v-aljupudi@microsoft.com>
Date: Tue, 14 Sep 2021 09:51:04 +0530
Subject: [PATCH 325/671] Update feature-multifactor-unlock

---
 .../hello-for-business/feature-multifactor-unlock.md   | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
index 2fe1b87295..d1e93b59ef 100644
--- a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
+++ b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
@@ -94,13 +94,13 @@ You represent signal rules in XML.  Each signal rule has an starting and ending
 ```
 
 ### Signal element
-Each rule element has a **signal** element.  All signal elements have a **type** element and value. Windows 10, version 1709 supports the **ipConfig** and **bluetooth** type values.
+Each rule element has a **signal** element.  All signal elements have a **type** element and value. Windows 10, version 1709 or later supports the **ipConfig** and **bluetooth** type values.
 
 
 |Attribute|Value|
 |---------|-----|
-| type| "bluetooth" or "ipConfig" (Windows 10, version 1709)| 
-| type| "wifi" (Windows 10, version 1803)
+| type| "bluetooth" or "ipConfig" (Windows 10, version 1709) or later| 
+| type| "wifi" (Windows 10, version 1803 or later) 
 
 #### Bluetooth
 You define the bluetooth signal with additional attributes in the signal element. The bluetooth configuration does not use any other elements. You can end the signal element with short ending tag "\/>".
@@ -222,7 +222,7 @@ The fully qualified domain name of your organization's internal DNS suffix where
 #### Wi-Fi
 
 **Applies to:**
--   Windows 10, version 1803
+-   Windows 10, version 1803 or later
 
 You define Wi-Fi signals using one or more wifi elements.  Each element has a string value.  Wifi elements do not have attributes or nested elements.
 
@@ -324,7 +324,7 @@ This example configures the same as example 2 using compounding And elements.  T
 ```
 
 #### Example 4 
-This example configures Wi-Fi as a trusted signal (Windows 10, version 1803)
+This example configures Wi-Fi as a trusted signal (Windows 10, version 1803 or later)
 
 ```xml
 <rule schemaVersion="1.0"> 

From a291620b9d6cf1adff2443e07ac72f27094897b2 Mon Sep 17 00:00:00 2001
From: Alekhya Jupudi <v-aljupudi@microsoft.com>
Date: Tue, 14 Sep 2021 10:05:48 +0530
Subject: [PATCH 326/671] Acrolinx fix

To improve score
---
 .../credential-guard/credential-guard-how-it-works.md       | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md b/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md
index 4919aa21ec..c3473caa24 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md
@@ -25,11 +25,11 @@ ms.reviewer:
 - Windows Server 2019
 
 
-Kerberos, NTLM, and Credential manager isolate secrets by using Virtualization-based security. Previous versions of Windows stored secrets in the Local Security Authority (LSA). Prior to Windows 10, the LSA stored secrets used by the operating system in its process memory. With Windows Defender Credential Guard enabled, the LSA process in the operating system talks to a new component called the isolated LSA process that stores and protects those secrets. Data stored by the isolated LSA process is protected using Virtualization-based security and is not accessible to the rest of the operating system. LSA uses remote procedure calls to communicate with the isolated LSA process.
+Kerberos, NTLM, and Credential manager isolate secrets by using virtualization-based security. Previous versions of Windows stored secrets in the Local Security Authority (LSA). Prior to Windows 10, the LSA stored secrets used by the operating system in its process memory. With Windows Defender Credential Guard enabled, the LSA process in the operating system talks to a new component called the isolated LSA process that stores and protects those secrets. Data stored by the isolated LSA process is protected using Virtualization-based security and is not accessible to the rest of the operating system. LSA uses remote procedure calls to communicate with the isolated LSA process.
 
-For security reasons, the isolated LSA process doesn't host any device drivers. Instead, it only hosts a small subset of operating system binaries that are needed for security and nothing else. All of these binaries are signed with a certificate that is trusted by Virtualization-based security and these signatures are validated before launching the file in the protected environment.
+For security reasons, the isolated LSA process doesn't host any device drivers. Instead, it only hosts a small subset of operating system binaries that are needed for security and nothing else. All of these binaries are signed with a certificate that is trusted by virtualization-based security and these signatures are validated before launching the file in the protected environment.
 
-When Windows Defender Credential Guard is enabled, NTLMv1, MS-CHAPv2, Digest, and CredSSP cannot use the signed-in credentials. Thus, single sign-on does not work with these protocols. However, applications can prompt for credentials or use credentials stored in the Windows Vault, which are not protected by Windows Defender Credential Guard with any of these protocols. It is recommended that valuable credentials, such as the sign-in credentials, not be used with any of these protocols. If these protocols must be used by domain or Azure AD users, secondary credentials should be provisioned for these use cases.
+When Windows Defender Credential Guard is enabled, NTLMv1, MS-CHAPv2, Digest, and CredSSP cannot use the signed-in credentials. Thus, single sign-on does not work with these protocols. However, applications can prompt for credentials or use credentials stored in the Windows Vault, which are not protected by Windows Defender Credential Guard with any of these protocols. It is recommended that valuable credentials, such as the sign-in credentials, are not to be used with any of these protocols. If these protocols must be used by domain or Azure AD users, secondary credentials should be provisioned for these use cases.
 
 When Windows Defender Credential Guard is enabled, Kerberos does not allow unconstrained Kerberos delegation or DES encryption, not only for signed-in credentials, but also prompted or saved credentials.
 

From 7f24b32b2070d49545f18a2d80aca67d4e69b0f2 Mon Sep 17 00:00:00 2001
From: Meghana Athavale <v-mathavale@microsoft.com>
Date: Tue, 14 Sep 2021 14:34:21 +0530
Subject: [PATCH 327/671] Updated by removing some reference

---
 .../kernel-dma-protection-for-thunderbolt.md                     | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
index 3acf1337a9..640caf7a64 100644
--- a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
+++ b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
@@ -27,7 +27,6 @@ Drive-by DMA attacks can lead to disclosure of sensitive information residing on
 
 This feature does not protect against DMA attacks via 1394/FireWire, PCMCIA, CardBus, ExpressCard, and so on.
 
-For Thunderbolt DMA protection on earlier Windows versions and platforms that lack support for Kernel DMA Protection, please refer to [Intel Thunderbolt™ 3 Security documentation](https://thunderbolttechnology.net/security/Thunderbolt%203%20and%20Security.pdf).
 
 ## Background
 

From d34ba0f9657bf4d3fde17c27c5e5cb905396fc2f Mon Sep 17 00:00:00 2001
From: Alekhya Jupudi <v-aljupudi@microsoft.com>
Date: Tue, 14 Sep 2021 15:54:08 +0530
Subject: [PATCH 328/671] Update Kerberos with PKINIT policy

Task: 5370815: -Kerberos new settings for PKINIT Crypto Agility - Hash Algorithms
---
 .../mdm/policy-csp-kerberos.md                | 207 ++++++++++++++----
 1 file changed, 165 insertions(+), 42 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md
index 2b2391edc6..47384ff4ef 100644
--- a/windows/client-management/mdm/policy-csp-kerberos.md
+++ b/windows/client-management/mdm/policy-csp-kerberos.md
@@ -27,6 +27,9 @@ manager: dansimp
   <dd>
     <a href="#kerberos-kerberosclientsupportsclaimscompoundarmor">Kerberos/KerberosClientSupportsClaimsCompoundArmor</a>
   </dd>
+  <dd>
+    <a href="#kerberos-pkinithashalgorithmconfiguration">Kerberos/PKInitHashAlgorithmConfiguration</a>
+  </dd>
   <dd>
     <a href="#kerberos-requirekerberosarmoring">Kerberos/RequireKerberosArmoring</a>
   </dd>
@@ -50,28 +53,34 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -120,28 +129,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -183,34 +198,124 @@ ADMX Info:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="kerberos-pkinithashalgorithmconfiguration"></a>**Kerberos/PKInitHashAlgorithmConfiguration**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Business</td>
+     <td>Yes</td>
+     <td>Yes</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+
+This policy setting controls hash or checksum algorithms used by the Kerberos client when performing certificate authentication.
+
+If you enable this policy, you will be able to configure one of four states for each algorithm:
+
+* **Default**: This sets the algorithm to the recommended state.
+* **Supported**: This enables usage of the algorithm. Enabling algorithms that have been disabled by default may reduce your security.
+* **Audited**: This enables usage of the algorithm and reports an event (ID 205) every time it is used. This state is intended to verify that the algorithm is not being used and can be safely disabled.
+* **Not Supported**: This disables usage of the algorithm. This state is intended for algorithms that are deemed to be insecure.
+
+If you disable or do not configure this policy, each algorithm will assume the **Default** state.
+
+More information about the hash and checksum algorithms supported by the Windows Kerberos client and their default states can be found https://go.microsoft.com/fwlink/?linkid=2169037.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP Friendly name: *Introducing agility to PKINIT in Kerberos protocol*
+-   GP name: *PKInitHashAlgorithmConfiguration*
+-   GP path: *System/Kerberos*
+-   GP ADMX file name: *Kerberos.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="kerberos-requirekerberosarmoring"></a>**Kerberos/RequireKerberosArmoring**  
 
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+     <td>Yes</td>
+     <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+     <td>Yes</td>
+     <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+     <td>Yes</td>
+     <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+     <td>Yes</td>
+     <td>Yes</td>
 </tr>
 </table>
 
@@ -263,28 +368,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+     <td>Yes</td>
+     <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+     <td>Yes</td>
+     <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+     <td>Yes</td>
+     <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+     <td>Yes</td>
+     <td>Yes</td>
 </tr>
 </table>
 
@@ -333,28 +444,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+     <td>Yes</td>
+     <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+     <td>Yes</td>
+     <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+     <td>Yes</td>
+     <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+     <td>Yes</td>
+     <td>Yes</td>
 </tr>
 </table>
 
@@ -407,28 +524,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+     <td>Yes</td>
+     <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+     <td>Yes</td>
+     <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+     <td>Yes</td>
+     <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+     <td>Yes</td>
+     <td>Yes</td>
 </tr>
 </table>
 

From 8f7ddf5cc8202b8248e38a83c5c388af7a54bb79 Mon Sep 17 00:00:00 2001
From: Meghana Athavale <v-mathavale@microsoft.com>
Date: Tue, 14 Sep 2021 17:41:02 +0530
Subject: [PATCH 329/671] Updated for grammar

---
 .../kernel-dma-protection-for-thunderbolt.md  | 26 +++++++++----------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
index 640caf7a64..bca11cfd78 100644
--- a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
+++ b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
@@ -21,11 +21,11 @@ ms.reviewer:
 -   Windows 10
 -   Windows 11
 
-In Windows 10 version 1803, Microsoft introduced a new feature called Kernel DMA Protection to protect PCs against drive-by Direct Memory Access (DMA) attacks using PCI hot plug devices connected to externally accessible PCIe ports (e.g., Thunderbolt™ 3 ports and CFexpress). In Windows 10 version 1903, Microsoft expanded the Kernel DMA Protection support to cover internal PCIe ports (e.g., M.2 slots)
+In Windows 10 version 1803, Microsoft introduced a new feature called Kernel DMA Protection to protect PCs against drive-by Direct Memory Access (DMA) attacks using PCI hot plug devices connected to externally accessible PCIe ports (for example, Thunderbolt™ 3 ports and CFexpress). In Windows 10 version 1903, Microsoft expanded the Kernel DMA Protection support to cover internal PCIe ports (for example, M.2 slots)
 
 Drive-by DMA attacks can lead to disclosure of sensitive information residing on a PC, or even injection of malware that allows attackers to bypass the lock screen or control PCs remotely.
 
-This feature does not protect against DMA attacks via 1394/FireWire, PCMCIA, CardBus, ExpressCard, and so on.
+This feature doesn't protect against DMA attacks via 1394/FireWire, PCMCIA, CardBus, ExpressCard, and so on.
 
 
 ## Background
@@ -35,19 +35,19 @@ The DMA capability is what makes PCI devices the highest performing devices avai
 These devices have historically existed only inside the PC chassis, either connected as a card or soldered on the motherboard. 
 Access to these devices required the user to turn off power to the system and disassemble the chassis. 
 
-Today, this is no longer the case with hot plug PCIe ports (e.g., Thunderbolt™ and CFexpress). 
+Today, this is no longer the case with hot plug PCIe ports (for example, Thunderbolt™ and CFexpress). 
 
-Hot plug PCIe ports such as Thunderbolt™ technology have provided modern PCs with extensibility that was not available before for PCs. 
+Hot plug PCIe ports such as Thunderbolt™ technology have provided modern PCs with extensibility that wasn't available before for PCs. 
 It allows users to attach new classes of external peripherals, such as graphics cards or other PCI devices, to their PCs with a hot plug experience identical to USB. 
 Having PCI hot plug ports externally and easily accessible makes PCs susceptible to drive-by DMA attacks.
 
 Drive-by DMA attacks are attacks that occur while the owner of the system is not present and usually take less than 10 minutes, with simple to moderate attacking tools (affordable, off-the-shelf hardware and software) that do not require the disassembly of the PC. 
-A simple example would be a PC owner leaves the PC for a quick coffee break, and within the break, and attacker steps in, plugs in a USB-like device and walks away with all the secrets on the machine, or injects a malware that allows them to have full control over the PC remotely.
+A simple example would be a PC owner leaves the PC for a quick coffee break, and within the break, an attacker steps in, plugs in a USB-like device and walks away with all the secrets on the machine, or injects a malware that allows them to have full control over the PC remotely.
 
 ## How Windows protects against DMA drive-by attacks
 
 Windows leverages the system Input/Output Memory Management Unit (IOMMU) to block external peripherals from starting and performing DMA unless the drivers for these peripherals support memory isolation (such as DMA-remapping). 
-Peripherals with [DMA Remapping compatible drivers](/windows-hardware/drivers/pci/enabling-dma-remapping-for-device-drivers) will be automatically enumerated, started and allowed to perform DMA to their assigned memory regions. 
+Peripherals with [DMA Remapping compatible drivers](/windows-hardware/drivers/pci/enabling-dma-remapping-for-device-drivers) will be automatically enumerated, started, and allowed to perform DMA to their assigned memory regions. 
 
 By default, peripherals with DMA Remapping incompatible drivers will be blocked from starting and performing DMA until an authorized user signs into the system or unlocks the screen. IT administrators can modify the default behavior applied to devices with DMA Remapping incompatible drivers using the [DmaGuard MDM policies](/windows/client-management/mdm/policy-csp-dmaguard#dmaguard-policies).
 
@@ -61,7 +61,7 @@ The peripheral will continue to function normally if the user locks the screen o
 ## System compatibility
 
 Kernel DMA Protection requires new UEFI firmware support. 
-This support is anticipated only on newly-introduced, Intel-based systems shipping with Windows 10 version 1803 (not all systems). Virtualization-based Security (VBS) is not required.
+This support is anticipated only on newly introduced, Intel-based systems shipping with Windows 10 version 1803 (not all systems). Virtualization-based Security (VBS) is not required.
 
 To see if a system supports Kernel DMA Protection, check the System Information desktop app (MSINFO32). 
 Systems released prior to Windows 10 version 1803 do not support Kernel DMA Protection, but they can leverage other DMA attack mitigations as described in [BitLocker countermeasures](bitlocker/bitlocker-countermeasures.md).
@@ -110,8 +110,8 @@ In-market systems, released with Windows 10 version 1709 or earlier, will not su
 No, Kernel DMA Protection only protects against drive-by DMA attacks after the OS is loaded. It is the responsibility of the system firmware/BIOS to protect against attacks via the Thunderbolt™ 3 ports during boot. 
 
 ### How can I check if a certain driver supports DMA-remapping?
-DMA-remapping is supported for specific device drivers, and is not universally supported by all devices and drivers on a platform. To check if a specific driver is opted into DMA-remapping, check the values corresponding to the DMA Remapping Policy property in the Details tab of a device in Device Manager*. A value of 0 or 1 means that the device driver does not support DMA-remapping. A value of 2 means that the device driver supports DMA-remapping. If the property is not available, then the policy is not set by the device driver (i.e. the device driver does not support DMA-remapping).
-Please check the driver instance for the device you are testing. Some drivers may have varying values depending on the location of the device (internal vs. external).
+DMA-remapping is supported for specific device drivers, and is not universally supported by all devices and drivers on a platform. To check if a specific driver is opted into DMA-remapping, check the values corresponding to the DMA Remapping Policy property in the Details tab of a device in Device Manager*. A value of 0 or 1 means that the device driver does not support DMA-remapping. A value of two means that the device driver supports DMA-remapping. If the property is not available, then the policy is not set by the device driver (that is, the device driver does not support DMA-remapping).
+Check the driver instance for the device you are testing. Some drivers may have varying values depending on the location of the device (internal vs. external).
 
 ![Kernel DMA protection user experience.](images/device_details_tab_1903.png)
 
@@ -119,9 +119,9 @@ Please check the driver instance for the device you are testing. Some drivers ma
 
 ![Kernel DMA protection user experience.](images/device-details-tab.png)
 
-### What should I do if the drivers for my PCI or Thunderbolt™ 3 peripherals do not support DMA-remapping?
+### When the drivers for PCI or Thunderbolt™ 3 peripherals do not support DMA-remapping?
 
-If the peripherals do have class drivers provided by Windows, please use these drivers on your systems. If there are no class drivers provided by Windows for your peripherals, please contact your peripheral vendor/driver vendor to update the driver to support [DMA Remapping](/windows-hardware/drivers/pci/enabling-dma-remapping-for-device-drivers).
+If the peripherals do have class drivers provided by Windows, use these drivers on your systems. If there are no class drivers provided by Windows for your peripherals, contact your peripheral vendor/driver vendor to update the driver to support [DMA Remapping](/windows-hardware/drivers/pci/enabling-dma-remapping-for-device-drivers).
 
 ### My system's Kernel DMA Protection is off. Can DMA-remapping for a specific device be turned on?
 
@@ -130,13 +130,13 @@ Yes. DMA remapping for a specific device can be turned on independent from Kerne
 Kernel DMA Protection is a policy that allows or blocks devices to perform DMA, based on their remapping state and capabilities.
 
 ### Do Microsoft drivers support DMA-remapping?
-In Windows 10 1803 and beyond, the Microsoft inbox drivers for USB XHCI (3.x) Controllers, Storage AHCI/SATA Controllers and Storage NVMe Controllers support DMA Remapping.
+In Windows 10 1803 and beyond, the Microsoft inbox drivers for USB XHCI (3.x) Controllers, Storage AHCI/SATA Controllers, and Storage NVMe Controllers support DMA Remapping.
 
 ### Do drivers for non-PCI devices need to be compatible with DMA-remapping?
 No. Devices for non-PCI peripherals, such as USB devices, do not perform DMA, thus no need for the driver to be compatible with DMA Remapping.
 
 ### How can an enterprise enable the External device enumeration policy?
-The External device enumeration policy controls whether to enumerate external peripherals that are not compatible with DMA-remapping. Peripherals that are compatible with DMA-remapping are always enumerated. Peripherals that don't can be blocked, allowed, or allowed only after the user signs in (default).
+The External device enumeration policy controls whether to enumerate external peripherals that are not compatible with DMA-remapping. Peripherals that are compatible with DMA-remapping are always enumerated. Peripherals that aren't, can be blocked, allowed, or allowed only after the user signs in (default).
 
 The policy can be enabled by using: 
 

From 726b5b8b5f6b276f6debedd923b186976a39b9ee Mon Sep 17 00:00:00 2001
From: Rob Truxal <55893679+rotruxal@users.noreply.github.com>
Date: Tue, 14 Sep 2021 08:50:53 -0700
Subject: [PATCH 330/671] removed Device Guard references

replaced references to Device Guard with references to HVCI and/or WDAC where appropriate.
---
 ...tualization-based-protection-of-code-integrity.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md
index 4065b2122a..59657cc8ed 100644
--- a/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md
+++ b/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md
@@ -1,6 +1,6 @@
 ---
 title: Deployment guidelines for Windows Defender Device Guard (Windows 10)
-description: Plan your deployment of Windows Defender Device Guard. Learn about hardware requirements, deployment approaches, code signing and code integrity policies.
+description: Plan your deployment of Hypervisor Protected Code Integrity (aka Memory Integrity). Learn about hardware requirements, deployment approaches, code signing and code integrity policies.
 keywords: virtualization, security, malware
 ms.prod: m365-security
 ms.mktglfcycl: deploy
@@ -21,14 +21,14 @@ ms.technology: mde
 **Applies to** 
 - Windows 10
 
-Computers must meet certain hardware, firmware, and software requirements in order to take advantage of all of the virtualization-based security (VBS) features in [Windows Defender Device Guard](../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md). Computers lacking these requirements can still be protected by Windows Defender Application Control (WDAC) policies—the difference is that those computers will not be as hardened against certain threats.
+Computers must meet certain hardware, firmware, and software requirements in order to take advantage of Hypervisor Protected Code Integrity (HVCI,) a  virtualization-based security (VBS) feature in Windows. HVCI is referred to as Memory Integrity under the Core Isolation section of the Windows security settings. Computers lacking these requirements can still be protected by Windows Defender Application Control (WDAC) policies—the difference is that those computers will not be as hardened against certain threats.
 
 For example, hardware that includes CPU virtualization extensions and SLAT will be hardened against malware that attempts to gain access to the kernel, but without protected BIOS options such as “Boot only from internal hard drive,” the computer could be booted (by a malicious person who has physical access) into an operating system on bootable media.
 
 > [!WARNING]
 >  Virtualization-based protection of code integrity may be incompatible with some devices and applications. We strongly recommend testing this configuration in your lab before enabling virtualization-based protection of code integrity on production systems. Failure to do so may result in unexpected failures up to and including data loss or a blue screen error (also called a stop error).
 
-The following tables provide more information about the hardware, firmware, and software required for deployment of various Windows Defender Device Guard features. The tables describe baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, 2016, and 2017.
+The following tables provide more information about the hardware, firmware, and software required for deployment of WDAC and HVCI. The tables describe baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, 2016, and 2017.
 
 > [!NOTE]
 > Beginning with Windows 10, version 1607, Trusted Platform Module (TPM 2.0) must be enabled by default on new computers.
@@ -42,9 +42,9 @@ The following tables provide more information about the hardware, firmware, and
 | Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot** | See the System.Fundamentals.Firmware.UEFISecureBoot requirement in the [Windows Hardware Compatibility Specifications for Windows 10, version 1809 and Windows Server 2019 - Systems download](https://go.microsoft.com/fwlink/?linkid=2027110). You can find previous versions of the Windows Hardware Compatibility Program Specifications and Policies [here](/windows-hardware/design/compatibility/whcp-specifications-policies). | UEFI Secure Boot helps ensure that the device boots only authorized code. This can prevent boot kits and root kits from installing and persisting across reboots.  |
 | Firmware: **Secure firmware update process**      | UEFI firmware must support secure firmware update found under the System.Fundamentals.Firmware.UEFISecureBoot requirement in the [Windows Hardware Compatibility Specifications for Windows 10, version 1809 and Windows Server 2019 - Systems download](https://go.microsoft.com/fwlink/?linkid=2027110). You can find previous versions of the Windows Hardware Compatibility Program Specifications and Policies [here](/windows-hardware/design/compatibility/whcp-specifications-policies).  | UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed. |
 | Software: **HVCI compatible drivers**       | See the Filter.Driver.DeviceGuard.DriverCompatibility requirement in the [Windows Hardware Compatibility Specifications for Windows 10, version 1809 and Windows Server 2019 - Filter driver download](https://go.microsoft.com/fwlink/?linkid=2027110). You can find previous versions of the Windows Hardware Compatibility Program Specifications and Policies [here](/windows-hardware/design/compatibility/whcp-specifications-policies). | [HVCI Compatible](https://blogs.msdn.microsoft.com/windows_hardware_certification/2015/05/22/driver-compatibility-with-device-guard-in-windows-10/) drivers help ensure that VBS can maintain appropriate memory permissions. This increases resistance to bypassing vulnerable kernel drivers and helps ensure that malware cannot run in kernel. Only code verified through code integrity can run in kernel mode.  |
-| Software: Qualified **Windows operating system**  | Windows 10 Enterprise, Windows 10 Pro, Windows 10 Education, Windows Server 2016, or Windows 10 IoT Enterprise<br><blockquote><p><b>Important:</b><br> Windows Server 2016 running as a domain controller does not support Windows Defender Credential Guard. Only virtualization-based protection of code integrity is supported in this configuration.</p></blockquote> | Support for VBS and for management features that simplify configuration of Windows Defender Device Guard. |
+| Software: Qualified **Windows operating system**  | Windows 10 Enterprise, Windows 10 Pro, Windows 10 Education, Windows Server 2016, or Windows 10 IoT Enterprise<br><blockquote><p><b>Important:</b><br> Windows Server 2016 running as a domain controller does not support Windows Defender Credential Guard. Only virtualization-based protection of code integrity is supported in this configuration.</p></blockquote> | Support for VBS and for management features. |
 
-> **Important**&nbsp;&nbsp;The following tables list additional qualifications for improved security. You can use Windows Defender Device Guard with hardware, firmware, and software that support baseline protections, even if they do not support protections for improved security. However, we strongly recommend meeting these additional qualifications to significantly strengthen the level of security that Windows Defender Device Guard can provide.
+> **Important**&nbsp;&nbsp;The following tables list additional qualifications for improved security. You can use WDAC and HVCI with hardware, firmware, and software that support baseline protections, even if they do not support protections for improved security. However, we strongly recommend meeting these additional qualifications to significantly strengthen the level of security that WDAC and HVCI can provide.
 
 ## Additional qualifications for improved security
 
@@ -76,4 +76,4 @@ The following tables describe additional hardware and firmware qualifications, a
 | Protections for Improved Security          | Description                                        | Security benefits |
 |---------------------------------------------|----------------------------------------------------|------|
 | Firmware: **VBS enablement of NX protection for UEFI runtime services** | • VBS will enable No-Execute (NX) protection on UEFI runtime service code and data memory regions. UEFI runtime service code must support read-only page protections, and UEFI runtime service data must not be executable.<br>• UEFI runtime service must meet these requirements: <br>&nbsp;&nbsp;&nbsp;&nbsp;• Implement UEFI 2.6 EFI_MEMORY_ATTRIBUTES_TABLE. All UEFI runtime service memory (code and data) must be described by this table. <br>&nbsp;&nbsp;&nbsp;&nbsp;• PE sections need to be page-aligned in memory (not required for in non-volitile storage).<br>&nbsp;&nbsp;&nbsp;&nbsp;• The Memory Attributes Table needs to correctly mark code and data as RO/NX for configuration by the OS:<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;• All entries must include attributes EFI_MEMORY_RO, EFI_MEMORY_XP, or both <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;• No entries may be left with neither of the above attributes, indicating memory that is both executable and writable. Memory must be either readable and executable or writeable and non-executable. <br><blockquote><p><b>Notes:</b><br>• This only applies to UEFI runtime service memory, and not UEFI boot service memory. <br>• This protection is applied by VBS on OS page tables.</p></blockquote><br> Please also note the following: <br>• Do not use sections that are both writeable and executable<br>• Do not attempt to directly modify executable system memory<br>• Do not use dynamic code  | • Vulnerabilities in UEFI runtime, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)<br>• Reduces the attack surface to VBS from system firmware.   |
-| Firmware: **Firmware support for SMM protection** | The [Windows SMM Security Mitigations Table (WSMT) specification](https://download.microsoft.com/download/1/8/A/18A21244-EB67-4538-BAA2-1A54E0E490B6/WSMT.docx) contains details of an Advanced Configuration and Power Interface (ACPI) table that was created for use with Windows operating systems that support Windows virtualization-based security (VBS) features.| • Protects against potential vulnerabilities in UEFI runtime services, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)<br>• Reduces the attack surface to VBS from system firmware.<br>• Blocks additional security attacks against SMM.  |
\ No newline at end of file
+| Firmware: **Firmware support for SMM protection** | The [Windows SMM Security Mitigations Table (WSMT) specification](https://download.microsoft.com/download/1/8/A/18A21244-EB67-4538-BAA2-1A54E0E490B6/WSMT.docx) contains details of an Advanced Configuration and Power Interface (ACPI) table that was created for use with Windows operating systems that support Windows virtualization-based security (VBS) features.| • Protects against potential vulnerabilities in UEFI runtime services, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)<br>• Reduces the attack surface to VBS from system firmware.<br>• Blocks additional security attacks against SMM.  |

From 07c9915cdd722664bdf93a01a3fe1a45b100147d Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Tue, 14 Sep 2021 11:18:31 -0700
Subject: [PATCH 331/671] updating metadata

---
 windows/security/apps.md             | 3 +++
 windows/security/cloud.md            | 5 ++++-
 windows/security/hardware.md         | 3 +++
 windows/security/identity.md         | 3 +++
 windows/security/operating-system.md | 3 +++
 5 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/windows/security/apps.md b/windows/security/apps.md
index 033e42b863..dfbf8d5711 100644
--- a/windows/security/apps.md
+++ b/windows/security/apps.md
@@ -9,6 +9,9 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: dansimp
+ms.collection: M365-security-compliance
+ms.prod: m365-security
+ms.technology: windows-sec
 ---
 
 # Windows application security
diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index 807a9bdc7e..04dc44e601 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -5,7 +5,7 @@ ms.reviewer:
 author: denisebmsft
 ms.author: deniseb
 manager: dansimp 
-ms.prod: w11
+ms.prod: w10
 audience: ITPro
 ms.topic: conceptual
 ms.date: 09/10/2021
@@ -17,6 +17,9 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 search.appverid: MET150 
+ms.collection: M365-security-compliance
+ms.prod: m365-security
+ms.technology: windows-sec
 ---
 
 # Windows and cloud security
diff --git a/windows/security/hardware.md b/windows/security/hardware.md
index cd1daa5805..3d619b9226 100644
--- a/windows/security/hardware.md
+++ b/windows/security/hardware.md
@@ -9,6 +9,9 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: dansimp
+ms.collection: M365-security-compliance
+ms.prod: m365-security
+ms.technology: windows-sec
 ---
 
 # Windows hardware security
diff --git a/windows/security/identity.md b/windows/security/identity.md
index f943325f1d..e7927861b9 100644
--- a/windows/security/identity.md
+++ b/windows/security/identity.md
@@ -9,6 +9,9 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: dansimp
+ms.collection: M365-security-compliance
+ms.prod: m365-security
+ms.technology: windows-sec
 ---
 
 # Windows identity security
diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index ee5fa0eda4..892b507022 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -10,6 +10,9 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: denisebmsft
+ms.collection: M365-security-compliance
+ms.prod: m365-security
+ms.technology: windows-sec
 ---
 
 # Windows operating system security

From 1c2500bd8480998fada680b5257f6f873efdc457 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 14 Sep 2021 12:21:39 -0700
Subject: [PATCH 332/671] spelling out modern device management

---
 windows/security/TOC.yml        | 28 +++++++++++++++-------------
 windows/security/mdm-windows.md | 28 ++++++++++++++--------------
 2 files changed, 29 insertions(+), 27 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 05b9de9c14..d58e115f79 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -227,20 +227,22 @@
   href: identity.md
   items:
 - name: Cloud services
-  href: cloud.md
   items:
-    - name: Modern device management with Windows 11
-      href: mdm-windows.md
-    - name: Windows 11 secured-core devices (need link)
-      href: https://docs.microsoft.com/windows/whats-new/windows-11
-    - name: Windows 365 Cloud PCs (need link)
-      href: https://docs.microsoft.com/windows/whats-new/windows-11
-    - name: Windows 365 for Enterprise (need link)
-      href: https://docs.microsoft.com/windows/whats-new/windows-11
-    - name: Windows 365 for Business (need link)
-      href: https://docs.microsoft.com/windows/whats-new/windows-11
-    - name: Azure Virtual Desktop (need link)
-      href: https://docs.microsoft.com/windows/whats-new/windows-11
+   - name: Overview
+     href: cloud.md
+     items:
+     - name: Modern device management with Windows 11
+       href: mdm-windows.md
+     - name: Windows 11 secured-core devices (need link)
+       href: https://docs.microsoft.com/windows/whats-new/windows-11
+     - name: Windows 365 Cloud PCs (need link)
+       href: https://docs.microsoft.com/windows/whats-new/windows-11
+     - name: Windows 365 for Enterprise (need link)
+       href: https://docs.microsoft.com/windows/whats-new/windows-11
+     - name: Windows 365 for Business (need link)
+       href: https://docs.microsoft.com/windows/whats-new/windows-11
+     - name: Azure Virtual Desktop (need link)
+       href: https://docs.microsoft.com/windows/whats-new/windows-11
 - name: User protection
   items:
     - name: Technical support policy for lost or forgotten passwords
diff --git a/windows/security/mdm-windows.md b/windows/security/mdm-windows.md
index 93de42d94e..db735842c5 100644
--- a/windows/security/mdm-windows.md
+++ b/windows/security/mdm-windows.md
@@ -7,7 +7,7 @@ ms.author: deniseb
 manager: dansimp 
 audience: ITPro
 ms.topic: conceptual
-ms.date: 09/08/2021
+ms.date: 09/14/2021
 ms.prod: w11
 ms.localizationpriority: medium
 ms.collection: 
@@ -20,32 +20,32 @@ f1.keywords: NOCSH
 
 *This article provides an overview of modern device management and Windows 11.*
 
-Windows 11 supports modern device management (MDM), an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.
+Windows 11 supports modern device management, an enterprise management solution to help you manage your organization's security policies and business applications. Modern device management enables your security team to manage devices without compromising people's privacy on their personal devices.
 
 Windows 11 includes a management component that includes:
 
 - The enrollment client, which enrolls and configures the endpoint to communicate with the enterprise management server; and
 - The management client, which periodically synchronizes with the management server to check for updates and apply your security team's latest policies.
 
-Read this article to learn more about how Windows 11 works with MDM.
+Read this article to learn more about how Windows 11 works with modern device management.
 
-## MDM features and capabilities
+## Modern device management features and capabilities
 
-MDM includes several security features & capabilities, as described in the following table:<br/><br/>
+Modern device management includes several security features & capabilities, as described in the following table:<br/><br/>
 
 | Feature/capability | Description |
 |:---|:---|
-| Remote wipe | When a device is lost or stolen, IT admins can attempt to wipe it remotely and make the data stored in memory and hard disks difficult to recover. Help desk agents can also reset devices to fix issues that are encountered by remote workers.<br/><br/>Windows 10 and Windows 11 supports the remote wipe configuration service provider (CSP) so that MDM solutions can remotely initiate any of the following operations: <br/>- Reset the device and remove user accounts and data <br/>- Reset the device and clean the drive <br/>- Reset the device but persist user accounts and data |
-| Support for your work or school account | Adding a work or school account enables people to connect their devices to your work environment. Devices can be joined to an Active Directory domain, an Azure Active Directory (Azure AD) domain, or by quickly provisioning corporate-owned devices so they meet your security and policy guidelines. <br/><br/>When a device is joined to Azure AD and managed with MDM, you get the following security benefits: <br/>- Fully managed user/device settings and policies by default<br/>- Single Sign On to all Microsoft online services<br/>- Password management capabilities (Windows Hello for Business)<br/>- Authentication using tokens<br/>- No use of consumer Microsoft Account identities | 
-| Config Lock | Security teams and IT admins typically enforce policies on corporate devices to keep those devices in a compliant state, and protect the operating system from changes made by users.<br/><br/>When users who have local admin rights attempt to work around security policies, they run the risk of leaving the device in a non-compliant state called *config drift*. Config drift can introduce security risks until the next time the device syncs with MDM and the configuration is reset. In a worst-case scenario, correcting config drift could take up to eight hours. Many organizations consider config drift a security risk. <br/><br/> Windows 11 with Config Lock enables IT admins to remediate config drift and keep the operating system configuration to its proper state. The operating system monitors registry keys, and when a drift is detected, the operating system reverts back to the IT-configured state within seconds. <br/><br/>Config Lock works with Application Control, Application Guard, and BitLocker. |
-| Remote device attestation | Attestation relies on the Trusted Platform Module (TPM) and measured boot capabilities to enhance the security provided by trusted boot. IT administrators can use available boot information to protect against boot-level attacks and misconfigurations. The Microsoft Azure Attestation service securely reports on device boot health, firmware security, and other low-level security features used for device compliance. Microsoft Azure Attestation is designed to be policy-configured, giving control of your enterprise's device health to the administrator, allowing them to deal with low-level threats with confidence. Windows 11 comes with MDM integration with Microsoft Azure Attestation, allowing MDM providers to use the attestation capabilities to trust and enhance device security. <br/><br/>Learn more about [Microsoft Azure Attestation](/azure/attestation). |
+| Remote wipe | When a device is lost or stolen, IT admins can attempt to wipe it remotely and make the data stored in memory and hard disks difficult to recover. Help desk agents can also reset devices to fix issues that are encountered by remote workers.<br/><br/>Windows 10 and Windows 11 supports the remote wipe configuration service provider (CSP) so that modern device management solutions can remotely initiate any of the following operations: <br/>- Reset the device and remove user accounts and data <br/>- Reset the device and clean the drive <br/>- Reset the device but persist user accounts and data |
+| Support for your work or school account | Adding a work or school account enables people to connect their devices to your work environment. Devices can be joined to an Active Directory domain, an Azure Active Directory (Azure AD) domain, or by quickly provisioning corporate-owned devices so they meet your security and policy guidelines. <br/><br/>When a device is joined to Azure AD and managed with modern device management, you get the following security benefits: <br/>- Fully managed user/device settings and policies by default<br/>- Single Sign On to all Microsoft online services<br/>- Password management capabilities (Windows Hello for Business)<br/>- Authentication using tokens<br/>- No use of consumer Microsoft Account identities | 
+| Config Lock | Security teams and IT admins typically enforce policies on corporate devices to keep those devices in a compliant state, and protect the operating system from changes made by users.<br/><br/>When users who have local admin rights attempt to work around security policies, they run the risk of leaving the device in a non-compliant state called *config drift*. Config drift can introduce security risks until the next time the device syncs with modern device management and the configuration is reset. In a worst-case scenario, correcting config drift could take up to eight hours. Many organizations consider config drift a security risk. <br/><br/> Windows 11 with Config Lock enables IT admins to remediate config drift and keep the operating system configuration to its proper state. The operating system monitors registry keys, and when a drift is detected, the operating system reverts back to the IT-configured state within seconds. <br/><br/>Config Lock works with Application Control, Application Guard, and BitLocker. |
+| Remote device attestation | Attestation relies on the Trusted Platform Module (TPM) and measured boot capabilities to enhance the security provided by trusted boot. IT administrators can use available boot information to protect against boot-level attacks and misconfigurations. The Microsoft Azure Attestation service securely reports on device boot health, firmware security, and other low-level security features used for device compliance. Microsoft Azure Attestation is designed to be policy-configured, giving control of your enterprise's device health to the administrator, allowing them to deal with low-level threats with confidence. Windows 11 comes with modern device management integration with Microsoft Azure Attestation, allowing modern device management providers to use the attestation capabilities to trust and enhance device security. <br/><br/>Learn more about [Microsoft Azure Attestation](/azure/attestation). |
 | (other stuff coming soon) | Device Installation, DMA Guard, Endpoint Detection and Response, the Microsoft Defender Security Center, Smartscreen, System Guard, and Windows Hello for Business |
 
 ## Security baselines
 
-Windows 11 can be configured with the [Microsoft MDM security baseline](/mem/intune/protect/security-baseline-settings-mdm-all?pivots=mdm-december-2020) backed by ADMX policies, which functions like the Microsoft Group Policy security baseline. Security baselines enable security teams and IT admins to easily integrate this baseline into any MDM, addressing security concerns and compliance needs for modern cloud-managed devices.
+Windows 11 can be configured with the [Microsoft modern device management security baseline](/mem/intune/protect/security-baseline-settings-modern device management-all?pivots=mdm-december-2020) backed by ADMX policies, which functions like the Microsoft Group Policy security baseline. Security baselines enable security teams and IT admins to easily integrate this baseline into any modern device management, addressing security concerns and compliance needs for modern cloud-managed devices.
 
-The MDM security baseline includes policies that cover the following areas:
+The modern device management security baseline includes policies that cover the following areas:
 
 - Microsoft inbox security technology
     - BitLocker
@@ -59,11 +59,11 @@ The MDM security baseline includes policies that cover the following areas:
 - Restricting the use of legacy technology
 - Legacy technology policies that offer alternative solutions with modern technology
 
-## Support for non-Microsoft MDM servers
+## Support for non-Microsoft modern device management servers
 
-Non-Microsoft MDM servers can be used to manage Windows 11 by using industry standard protocols. The built-in management client can communicate with a third-party server proxy that supports the MDM protocols to perform enterprise management tasks. The third-party server will have the same consistent first-party user experience for enrollment, which also provides simplicity for Windows 11 users. MDM servers do not need to create or download a client to manage Windows 11. 
+Non-Microsoft modern device management servers can be used to manage Windows 11 by using industry standard protocols. The built-in management client can communicate with a third-party server proxy that supports the modern device management protocols to perform enterprise management tasks. The third-party server will have the same consistent first-party user experience for enrollment, which also provides simplicity for Windows 11 users. Modern device management servers do not need to create or download a client to manage Windows 11. 
 
-For details about the MDM protocols, the following resources:
+For details about the modern device management protocols, the following resources:
 
 - [MS-MDM: Mobile Device Management Protocol](/openspecs/windows_protocols/ms-mdm/33769a92-ac31-47ef-ae7b-dc8501f7104f) 
 - [MS-MDE2: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692)

From 79043da03237363a7378fdb886519f44c0fef574 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 14 Sep 2021 12:23:30 -0700
Subject: [PATCH 333/671] Update index.yml

---
 windows/security/index.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 5b1feb7f15..0dc418be7d 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -11,7 +11,7 @@ metadata:
   ms.collection: m365-security-compliance
   author: dansimp #Required; your GitHub user alias, with correct capitalization.
   ms.author: dansimp #Required; microsoft alias of author; optional team alias.
-  ms.date: 09/13/2021
+  ms.date: 09/14/2021
   localization_priority: Priority
     
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
@@ -76,7 +76,7 @@ landingContent:
         links:
         - text: Azure Active Directory
           url: https://www.microsoft.com/security/business/identity-access-management/azure-active-directory
-        - text: MDM and Windows 11
+        - text: Modern device management with Windows 11
           url: mdm-windows.md
         - text: Your Microsoft Account
           url: identity-protection/access-control/microsoft-accounts.md

From 10569c19b0a066af09c0fa9b96f944fc7de3a4ab Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Tue, 14 Sep 2021 13:44:00 -0700
Subject: [PATCH 334/671] finalizing apps page

---
 windows/security/apps.md | 13 +------------
 1 file changed, 1 insertion(+), 12 deletions(-)

diff --git a/windows/security/apps.md b/windows/security/apps.md
index dfbf8d5711..a76c2d05d5 100644
--- a/windows/security/apps.md
+++ b/windows/security/apps.md
@@ -16,24 +16,13 @@ ms.technology: windows-sec
 
 # Windows application security
 
-Cybercriminals regularly gain access to valuable data by hacking poorly secured applications. Common security failures include “code injection” attacks, in which attackers insert malicious code that can tamper with data, or even destroy it. An application may have its security misconfigured, leaving open doors for hackers. Or vital customer and corporate information may leave sensitive data exposed. Windows 11 protects your valuable data with layers of application security. A rich application platform, isolation, and code integrity enable developers to build in security from the ground up to protect against breaches and malware.
+Cyber-criminals regularly gain access to valuable data by hacking applications. This can include “code injection” attacks, in which attackers insert malicious code that can tamper with data, or even destroy it. An application may have its security misconfigured, leaving open doors for hackers. Or vital customer and corporate information may leave sensitive data exposed. Windows protects your valuable data with layers of application security.
 
 The following table summarizes the Windows security features and capabilities for apps:<br/><br/>
 
-| Security Measures | Features & Capabilities |
-|:---|:---|
-| Application Security |[Application Control for Windows](/threat-protection/windows-defender-application-control/windows-defender-application-control.md)<br>[Microsoft Defender Application Guard](/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md)<br>[Email security for Windows](/identity-protection/configure-s-mime.md)<br>[Microsoft Defender SmartScreen ](/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md) |
-| Privacy Controls |[Windows privacy and compliance](/windows/privacy/windows-10-and-privacy-compliance)<br>[Windows privacy controls and transparency](/privacy/changes-to-windows-diagnostic-data-collection.md)<br>|
-
-
-
-## TEST
-
 | Security Measures | Features & Capabilities |
 |:---|:---|
 | Windows Defender Application Control | Application control is one of the most effective security controls to prevent unwanted or malicious code from running. It moves away from an application trust model where all code is assumed trustworthy to one where apps must earn trust to run. Learn more: [Application Control for Windows](/threat-protection/windows-defender-application-control/windows-defender-application-control.md) |
 | Microsoft Defender Application Guard | Application Guard uses chip-based hardware isolation to isolate untrusted websites and untrusted Office files, seamlessly running untrusted websites and files in an isolated Hyper-V-based container, separate from the desktop operating system, and making sure that anything that happens within the container remains isolated from the desktop. Learn more [Microsoft Defender Application Guard overview](/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md). |
 | Email Security |  With Windows S/MIME email security, users can encrypt outgoing messages and attachments, so only intended recipients with digital identification (ID)—also called a certificate—can read them. Users can digitally sign a message, which verifies the identity of the sender and ensures the message has not been tampered with.[Configure S/MIME for Windows 10](/identity-protection/configure-s-mime.md) |
 | Microsoft Defender SmartScreen |  Microsoft Defender SmartScreen protects against phishing or malware websites and applications, and the downloading of potentially malicious files. Learn more: [Microsoft Defender SmartScreen overview](/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md) | 
-| Isolating UWP apps |  TBD |
-| Developer security | TBD |
\ No newline at end of file

From 59cc0285743adb0db84c370bd3d0e55d68cd2c84 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Tue, 14 Sep 2021 14:01:32 -0700
Subject: [PATCH 335/671] identity

---
 windows/security/identity.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/windows/security/identity.md b/windows/security/identity.md
index e7927861b9..e7f014671d 100644
--- a/windows/security/identity.md
+++ b/windows/security/identity.md
@@ -20,3 +20,11 @@ Malicious actors launch an average of 50 million password attacks every day—57
 
 New Windows 11 devices protect users by removing vulnerable passwords by default, from day one. Weak passwords, password spraying, and phishing are the entry point for many attacks. Windows Hello, Windows Hello for Business, and Credential Guard enable customers to move to passwordless multifactor authentication (MFA). MFA can reduce the risk of compromise in organizations by more than 99.9 percent. As remote and hybrid work becomes the new normal, Windows 11 gives IT teams a variety of MFA options to meet business and consumer needs while complying with ever-evolving regulations.
 
+| Security capabilities | Description |
+|:---|:---|
+| Securing user identity with Windows Hello  |  Windows Hello and Windows Hello for Business replace password-based authentication with a stronger authentication model to sign into your device using a passcode (PIN) or other biometric based authentication. This PIN or biometric based authentication is only valid on the device that you registered it for and cannot be used on another deviceLearn more: [Windows Hello for Business](identity-protection\hello-for-business\hello-overview.md) |
+| Credential Guard | Credential Guard helps protects your systems from credential theft attack techniques (pass-the-hash or pass-the-ticket) as well as helping prevent malware from accessing system secrets even if the process is running with admin privileges. Learn more: [Credential Guard](identity-protection/credential-guard/credential-guard-how-it-works.md)|
+| FIDO Alliance | Fast Identity Online (FIDO) defined protocols are becoming the open standard for providing strong authentication that helps prevent phishing and are user-friendly and privacy-respecting. Windows 11 supports the use of device sign-in with FIDO 2 security keys, and with Microsoft Edge or other modern browsers, supports the use of secure FIDO-backed credentials to keep user accounts protected. Learn more about the [FIDO Alliance](https://fidoalliance.org/). |
+| Microsoft Authenticator | The Microsoft Authenticator app is a perfect companion to help keep secure with Windows 11. It allows easy, secure sign-ins for all your online accounts using multi-factor authentication, passwordless phone sign-in, or password autofill. You also have additional account management options for your Microsoft personal, work, or school accounts. Microsoft Authenticator can be used to set up multi-factor authentication for your users. Learn more: [Enable passwordless sign-in with the Microsoft Authenticator app](/azure/active-directory/authentication/howto-authentication-passwordless-phone.md).  |
+| Smart Cards | Smart cards are tamper-resistant portable storage devices that can enhance the security of tasks in Windows, such as authenticating clients, signing code, securing e-mail, and signing in with Windows domain accounts. Learn more about [Smart Cards](identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md).|
+| Access Control | Access control is the process of authorizing users, groups, and computers to access objects and assets on a network or computer. Computers can control the use of system and network resources through the interrelated mechanisms of authentication and authorization. Learn more: [Access Control](identity-protection/access-control/access-control.md).|
\ No newline at end of file

From e2c970dbd910131c482bbd667454d5667f7aa551 Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Tue, 14 Sep 2021 17:50:59 -0400
Subject: [PATCH 336/671] final draft, hopefully

---
 ...pository-mdm-company-portal-windows-11.md} | 32 +++++++++----------
 windows/application-management/toc.yml        |  6 ++--
 2 files changed, 19 insertions(+), 19 deletions(-)
 rename windows/application-management/{private-store-mdm-company-portal-windows-11.md => private-app-repository-mdm-company-portal-windows-11.md} (71%)

diff --git a/windows/application-management/private-store-mdm-company-portal-windows-11.md b/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md
similarity index 71%
rename from windows/application-management/private-store-mdm-company-portal-windows-11.md
rename to windows/application-management/private-app-repository-mdm-company-portal-windows-11.md
index 2f1a61682d..f01c8947a9 100644
--- a/windows/application-management/private-store-mdm-company-portal-windows-11.md
+++ b/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md
@@ -1,20 +1,21 @@
 ---
-title: Use the Company Portal app for your private store on Windows 11 devices | Microsoft Docs
-description: Use the Company Portal app in Windows 11 devices to access the private store. Add apps to an MDM/MAM provider, and deploy the apps to Windows devices using policies. The Company Portal app replaces Microsoft Store private store on Windows 11 devices.
+title: Use the Company Portal app for your private app repo on Windows 11 devices | Microsoft Docs
+description: Use the Company Portal app in Windows 11 devices to access the private app repository for your organization or company apps. Add apps to an MDM/MAM provider, and deploy the apps to Windows devices using policies. The Company Portal app replaces Microsoft Store for Business private store on Windows 11 devices.
 ms.assetid: 
 ms.reviewer: 
 manager: dougeby
 ms.author: mandia
+ms.reviewer: amanh
 ms.prod: w11
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mobile
 author: MandiOhlinger
-ms.date: 09/13/2021
+ms.date: 09/14/2021
 ms.localizationpriority: medium
 ---
 
-# Private app store in Windows 11
+# Private app repository in Windows 11
 
 **Applies to**:
 
@@ -22,7 +23,7 @@ ms.localizationpriority: medium
 
 Starting with Windows 11, how administrators deploy apps to devices is updated. The Microsoft Store app is available on Windows 11, and allows users to install public and retail apps. The Microsoft Store app on Windows 11 doesn't have a private store for organization-specific apps.
 
-Instead of a private store in the Microsoft Store app, you install the Company Portal app on devices. The Company Portal app replaces the private store in Microsoft Store for Business. When the Company Portal app is installed, users open it, and see the apps your organization makes available. They select an app, and install it.
+Instead of a private store in the Microsoft Store app, you install the Company Portal app on devices. The Company Portal app replaces the private store in Microsoft Store for Business. When the Company Portal app is installed, users open it, and see the apps your organization makes available in your private app repository. Users select an app, and install it.
 
 This article discusses the Company Portal app installation options, adding organization apps, and more.
 
@@ -49,13 +50,11 @@ To install the Company Portal app, you have some options:
 
 - **Use Microsoft Endpoint Manager**: Endpoint Manager includes Microsoft Intune (cloud) and Configuration Manager (on-premises). With both services, you can add Microsoft Store apps, like the Company Portal app. Once added, you create an app policy that deploys and installs the Company Portal app to your devices.
 
-  This option is preferred. Admins can makes sure the app is installed on organization-managed devices.
+  - This option is preferred, and is the most scalable option, especially if you have many devices. When you create the app policy, the policy can be deployed to many users and many devices simultaneously. Admins can also use reporting to make sure the app is installed on organization-managed devices.
 
   - On co-managed devices, which are managed by Microsoft Intune + Configuration Manager together, the Company Portal app shows your Intune apps and your Configuration Manager apps. So, all apps are shown in one place.
 
-  - When apps are installed from the Microsoft Store app, by default, they're automatically updated. Users can also open the Microsoft Store app, go to the **Library**, and check for updates.
-
-  - Using Endpoint Manager is the most scalable option. When you create the app policy, the policy can be deployed to many users and many devices simultaneously.
+  - When the Company Portal app is installed from the Microsoft Store app, by default, it's automatically updated. Users can also open the Microsoft Store app, go to the **Library**, and check for updates.
 
   For more information, see:
   
@@ -64,11 +63,11 @@ To install the Company Portal app, you have some options:
   - [What is co-management?](/mem/configmgr/comanage/overview)
   - [Use the Company Portal app on co-managed devices](/mem/configmgr/comanage/company-portal)
 
-- **Use Windows Autopilot**: Windows Autopilot automatically provisions devices, and gets them ready for production. If you're purchasing new devices, then we recommend using Windows Autopilot to preconfigure the devices, and get them ready for use.
+- **Use Windows Autopilot**: Windows Autopilot automatically provisions devices, registers them in your organization in Azure AD, and gets them ready for production. If you're purchasing new devices, then we recommend using Windows Autopilot to preconfigure the devices, and get them ready for use.
 
   - In the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), you add the Company Portal app from the Microsoft Store. Once it's added, the app can be included in your Windows Autopilot deployment. When the device turns on and is getting ready, the Company Portal app is also installed, before users sign in.
 
-  - When apps are installed from the Microsoft Store app, by default, they're automatically updated. Users can also open the Microsoft Store app, go to the **Library**, and check for updates.
+  - When the Company Portal app is installed from the Microsoft Store app, by default, it's automatically updated. Users can also open the Microsoft Store app, go to the **Library**, and check for updates.
 
   For more information, see:
   
@@ -77,10 +76,10 @@ To install the Company Portal app, you have some options:
 
 - **Use the Microsoft Store**: The Company Portal app is available in the Microsoft Store, and can be downloaded by your users. Users open the Microsoft Store app on their device, search for **Company Portal**, and install it. When it's installed, users might be prompted to sign in with their organization account (`user@contoso.com`). When the app opens, they see a list of approved organization apps that can be installed.
 
-  - When apps are installed from the Microsoft Store app, by default, they're automatically updated. Users can also open the Microsoft Store, go to the **Library**, and check for updates. Within the Company Portal app, they can use the update feature to get app fixes and feature updates on the organization apps you added.
-
   - This option requires users to install the app themselves. If you have many users, the recommended approach is to deploy the Company Portal app using Endpoint Manager or using Windows Autopilot.
 
+  - When the Company Portal app is installed from the Microsoft Store app, by default, it's automatically updated. Users can also open the Microsoft Store, go to the **Library**, and check for updates. Within the Company Portal app, they can use the update feature to get app fixes and feature updates on the organization apps you added.
+
 ## Customize the Company Portal app
 
 Many organizations customize the Company Portal app to include their specific information. In the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), you can customize the Company Portal app. For example, you can add a brand logo, include support information, add self-service device actions, and more.
@@ -89,9 +88,7 @@ For more information, see [Configure the Intune Company Portal app](/mem/intune/
 
 ## Add your organization apps to the Company Portal app
 
-**??What are the non-MDM ways to add apps to CP app? Windows Package Manager? ??**
-
-When you add an app in the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), there is a **Show this as a featured app in the Company Portal** setting. Be sure you use this setting.
+When you add an app in the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), there's a **Show this as a featured app in the Company Portal** setting. Be sure you use this setting.
 
 On co-managed devices (Microsoft Intune + Configuration Manager together), your Configuration Manager apps can also be shown in the Company Portal app. For more information, see [Use the Company Portal app on co-managed devices](/mem/configmgr/comanage/company-portal).
 
@@ -105,3 +102,6 @@ When the apps are shown, users can select and download the apps on their devices
 
 If you use a third party or partner MDM provider, be sure to configure the settings that list your apps in the Company Portal app.
 
+## Windows Package Manager
+
+If your organization creates its own apps, your app developers can use [Windows Package Manager](/windows/package-manager/) to deploy apps. For more information on Endpoint Manager and Windows Package Manager, see [Evolving the Microsoft Store for Business and Education](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/evolving-the-microsoft-store-for-business-and-education/ba-p/2569423).
diff --git a/windows/application-management/toc.yml b/windows/application-management/toc.yml
index 9ed78f7a9d..3655fed6e5 100644
--- a/windows/application-management/toc.yml
+++ b/windows/application-management/toc.yml
@@ -15,8 +15,8 @@ items:
       href: add-apps-and-features.md
     - name: Sideload apps
       href: sideload-apps-in-windows-10.md
-    - name: Private store on Windows 11
-      href: private-store-mdm-company-portal-windows-11.md
+    - name: Private app repo on Windows 11
+      href: private-app-repository-mdm-company-portal-windows-11.md
     - name: Remove background task resource restrictions
       href: enterprise-background-activity-controls.md
     - name: Enable or block Windows Mixed Reality apps in the enterprise
@@ -201,7 +201,7 @@ items:
               items: 
                 - name: Using the App-V client management console
                   href: app-v/appv-using-the-client-management-console.md
-                - name: Automatically clean-up unpublished packages on the App-V client
+                - name: Automatically clean up unpublished packages on the App-V client
                   href: app-v/appv-auto-clean-unpublished-packages.md
             - name: Migrating
               items: 

From f4ce9c8efea6f3ee0ea8bece2b1238116e8e8a7a Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Tue, 14 Sep 2021 17:58:07 -0400
Subject: [PATCH 337/671] updating with master branch

---
 ...private-app-repository-mdm-company-portal-windows-11.md | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md b/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md
index f01c8947a9..fab6838e38 100644
--- a/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md
+++ b/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md
@@ -2,7 +2,6 @@
 title: Use the Company Portal app for your private app repo on Windows 11 devices | Microsoft Docs
 description: Use the Company Portal app in Windows 11 devices to access the private app repository for your organization or company apps. Add apps to an MDM/MAM provider, and deploy the apps to Windows devices using policies. The Company Portal app replaces Microsoft Store for Business private store on Windows 11 devices.
 ms.assetid: 
-ms.reviewer: 
 manager: dougeby
 ms.author: mandia
 ms.reviewer: amanh
@@ -23,7 +22,9 @@ ms.localizationpriority: medium
 
 Starting with Windows 11, how administrators deploy apps to devices is updated. The Microsoft Store app is available on Windows 11, and allows users to install public and retail apps. The Microsoft Store app on Windows 11 doesn't have a private store for organization-specific apps.
 
-Instead of a private store in the Microsoft Store app, you install the Company Portal app on devices. The Company Portal app replaces the private store in Microsoft Store for Business. When the Company Portal app is installed, users open it, and see the apps your organization makes available in your private app repository. Users select an app, and install it.
+Instead of a private store in the Microsoft Store app, you install the Company Portal app on devices. The Company Portal app replaces the private store in Microsoft Store for Business.
+
+When the Company Portal app is installed, users open it, and see the apps your organization makes available in your private app repository. Users select an app, and install it.
 
 This article discusses the Company Portal app installation options, adding organization apps, and more.
 
@@ -63,7 +64,7 @@ To install the Company Portal app, you have some options:
   - [What is co-management?](/mem/configmgr/comanage/overview)
   - [Use the Company Portal app on co-managed devices](/mem/configmgr/comanage/company-portal)
 
-- **Use Windows Autopilot**: Windows Autopilot automatically provisions devices, registers them in your organization in Azure AD, and gets them ready for production. If you're purchasing new devices, then we recommend using Windows Autopilot to preconfigure the devices, and get them ready for use.
+- **Use Windows Autopilot**: Windows Autopilot automatically provisions devices, registers them in your Azure AD organization (tenant), and gets them ready for production. If you're purchasing new devices, then we recommend using Windows Autopilot to preconfigure the devices, and get them ready for use.
 
   - In the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), you add the Company Portal app from the Microsoft Store. Once it's added, the app can be included in your Windows Autopilot deployment. When the device turns on and is getting ready, the Company Portal app is also installed, before users sign in.
 

From 9ef28a8dafb78f6a221d22816d8ad4b41a56ea77 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 14 Sep 2021 14:58:53 -0700
Subject: [PATCH 338/671] Update TOC.yml

---
 windows/security/TOC.yml | 25 ++++++++++++-------------
 1 file changed, 12 insertions(+), 13 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index d58e115f79..6d271597fd 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -230,19 +230,18 @@
   items:
    - name: Overview
      href: cloud.md
-     items:
-     - name: Modern device management with Windows 11
-       href: mdm-windows.md
-     - name: Windows 11 secured-core devices (need link)
-       href: https://docs.microsoft.com/windows/whats-new/windows-11
-     - name: Windows 365 Cloud PCs (need link)
-       href: https://docs.microsoft.com/windows/whats-new/windows-11
-     - name: Windows 365 for Enterprise (need link)
-       href: https://docs.microsoft.com/windows/whats-new/windows-11
-     - name: Windows 365 for Business (need link)
-       href: https://docs.microsoft.com/windows/whats-new/windows-11
-     - name: Azure Virtual Desktop (need link)
-       href: https://docs.microsoft.com/windows/whats-new/windows-11
+   - name: Modern device management with Windows 11
+     href: mdm-windows.md
+   - name: Windows 11 secured-core devices (need link)
+     href: https://docs.microsoft.com/windows/whats-new/windows-11
+   - name: Windows 365 Cloud PCs (need link)
+     href: https://docs.microsoft.com/windows/whats-new/windows-11
+   - name: Windows 365 for Enterprise (need link)
+     href: https://docs.microsoft.com/windows/whats-new/windows-11
+   - name: Windows 365 for Business (need link)
+     href: https://docs.microsoft.com/windows/whats-new/windows-11
+   - name: Azure Virtual Desktop (need link)
+     href: https://docs.microsoft.com/windows/whats-new/windows-11
 - name: User protection
   items:
     - name: Technical support policy for lost or forgotten passwords

From 1e404ac27d46dc6927777c25e11060793854c0a9 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 14 Sep 2021 15:03:38 -0700
Subject: [PATCH 339/671] Update index.md

---
 windows/security/threat-protection/index.md | 140 +++-----------------
 1 file changed, 21 insertions(+), 119 deletions(-)

diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md
index f299d99657..7baa36b1a0 100644
--- a/windows/security/threat-protection/index.md
+++ b/windows/security/threat-protection/index.md
@@ -1,149 +1,51 @@
 ---
-title: Threat Protection (Windows 10)
-description: Microsoft Defender for Endpoint is a unified platform for preventative protection, post-breach detection, automated investigation, and response.
-keywords: threat protection, Microsoft Defender Advanced Threat Protection, attack surface reduction, next-generation protection, endpoint detection and response, automated investigation and response, microsoft threat experts, Microsoft Secure Score for Devices, advanced hunting, cyber threat hunting, web threat protection
+title: Windows threat protection
+description: Describes the security capabilities in Windows client focused on threat protection
+keywords: threat protection, Microsoft Defender Antivirus, attack surface reduction, next-generation protection, endpoint detection and response, automated investigation and response, microsoft threat experts, Microsoft Secure Score for Devices, advanced hunting, cyber threat hunting, web threat protection
 search.product: eADQiWindows 10XVcnh
 ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
+ms.author: dansimp
+author: dansimp
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.technology: mde
+ms.technology: windows-sec
 ---
 
-# Threat Protection
+# Windows threat protection
 
 **Applies to:**
-- [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/)
-- [Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-defender)
+- Windows 10
+- Windows 11
 
-[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint) is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Defender for Endpoint protects endpoints from cyber threats, detects advanced attacks and data breaches, automates security incidents, and improves security posture.
+In Windows client, hardware and software work together to help protect you from new and emerging threats. Expanded security protections in Windows 11 help boost security from the chip, to the cloud.  
 
-**Applies to:**
-- [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/)
+## Windows threat protection
 
-> [!TIP]
-> Enable your users to access cloud services and on-premises applications with ease and enable modern management capabilities for all devices. For more information, see [Secure your remote workforce](/enterprise-mobility-security/remote-work/). 
+See the following articles to learn more about the different areas of Windows threat protection:
 
-<center><h2>Microsoft Defender for Endpoint</center></h2>
-<table>
-<tr>
-<td><a href="#tvm"><center><img src="images/TVM_icon.png" alt="threat and vulnerability icon"> <br><b>Threat & vulnerability management</b></center></a></td>
-<td><a href="#asr"><center><img src="images/asr-icon.png" alt="attack surface reduction icon"> <br><b>Attack surface reduction</b></center></a></td>
-<td><center><a href="#ngp"><img src="images/ngp-icon.png" alt="next generation protection icon"><br> <b>Next-generation protection</b></a></center></td>
-<td><center><a href="#edr"><img src="images/edr-icon.png" alt="endpoint detection and response icon"><br> <b>Endpoint detection and response</b></a></center></td>
-<td><center><a href="#ai"><img src="images/air-icon.png" alt="automated investigation and remediation icon"><br> <b>Automated investigation and remediation</b></a></center></td>
-<td><center><a href="#mte"><img src="images/mte-icon.png" alt="microsoft threat experts icon"><br> <b>Microsoft Threat Experts</b></a></center></td>
-</tr>
-<tr>
-<td colspan="7">
-<a href="#apis"><center><b>Centralized configuration and administration, APIs</a></b></center></td>
-</tr>
-<tr>
-<td colspan="7"><a href="#mtp"><center><b>Microsoft 365 Defender</a></center></b></td>
-</tr>
-</table>
-<br>
-
-<a name="tvm"></a>
-
-
->[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4obJq]
-
-**[Threat & vulnerability management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)**<br>
-This built-in capability uses a game-changing risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations.
-
-- [Threat & vulnerability management overview](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
-- [Get started](/microsoft-365/security/defender-endpoint/tvm-prerequisites)
-- [Access your security posture](/microsoft-365/security/defender-endpoint/tvm-dashboard-insights)
-- [Improve your security posture and reduce risk](/microsoft-365/security/defender-endpoint/tvm-security-recommendation)
-- [Understand vulnerabilities on your devices](/microsoft-365/security/defender-endpoint/tvm-software-inventory)
-
-<a name="asr"></a>
-
-**[Attack surface reduction](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**<br>
-The attack surface reduction set of capabilities provide the first line of defense in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitation.
-
-- [Hardware based isolation](/microsoft-365/security/defender-endpoint/overview-hardware-based-isolation)
-- [Application control](windows-defender-application-control/windows-defender-application-control.md)
-- [Device control](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
+- [Microsoft Defender Application Guard](\windows\security\threat-protection\microsoft-defender-application-guard\md-app-guard-overview.md)
+- [Virtualization-based protection of code integrity](\windows\security\threat-protection\device-guard\enable-virtualization-based-protection-of-code-integrity.md)
+- [Application control](/windows-defender-application-control/windows-defender-application-control.md)
+- [Microsoft Defender Device Guard](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
 - [Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)
 - [Network protection](/microsoft-365/security/defender-endpoint/network-protection), [web protection](/microsoft-365/security/defender-endpoint/web-protection-overview)
+- [Microsoft Defender SmartScreen](\windows\security\threat-protection\microsoft-defender-smartscreen\microsoft-defender-smartscreen-overview.md)
 - [Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)
 - [Network firewall](windows-firewall/windows-firewall-with-advanced-security.md)
 - [Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction)
+- [Windows Sandbox](\windows\security\threat-protection\windows-sandbox\windows-sandbox-overview.md)
 
-<a name="ngp"></a>
-
-**[Next-generation protection](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-in-windows-10)**<br>
-To further reinforce the security perimeter of your network, Microsoft Defender for Endpoint uses next-generation protection designed to catch all types of emerging threats.
+### Next-generation protection
+Next-generation protection is designed to identify and block new and emerging threats. Powered by the cloud and machine learning, Microsoft Defender Antivirus can help stop attacks in real-time. 
 
 - [Behavior monitoring](/microsoft-365/security/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus)
 - [Cloud-based protection](/microsoft-365/security/defender-endpoint/configure-protection-features-microsoft-defender-antivirus)
 - [Machine learning](/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus)
 - [URL Protection](/microsoft-365/security/defender-endpoint/configure-network-connections-microsoft-defender-antivirus)
-- [Automated sandbox service](/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus)
-
-<a name="edr"></a>
-
-**[Endpoint detection and response](/microsoft-365/security/defender-endpoint/overview-endpoint-detection-response)**<br>
-Endpoint detection and response capabilities are put in place to detect, investigate, and respond to intrusion attempts and active breaches. With Advanced hunting, you have a query-based threat-hunting tool that lets your proactively find breaches and create custom detections.
-
-- [Alerts](/microsoft-365/security/defender-endpoint/alerts-queue)
-- [Historical endpoint data](/microsoft-365/security/defender-endpoint/investigate-machines#timeline)
-- [Response orchestration](/microsoft-365/security/defender-endpoint/respond-machine-alerts)
-- [Forensic collection](/microsoft-365/security/defender-endpoint/respond-machine-alerts#collect-investigation-package-from-devices)
-- [Threat intelligence](/microsoft-365/security/defender-endpoint/threat-indicator-concepts)
-- [Advanced detonation and analysis service](/microsoft-365/security/defender-endpoint/respond-file-alerts#deep-analysis)
-- [Advanced hunting](/microsoft-365/security/defender-endpoint/advanced-hunting-overview)
-    - [Custom detections](/microsoft-365/security/defender-endpoint/overview-custom-detections)
-
-<a name="ai"></a>
-
-**[Automated investigation and remediation](/microsoft-365/security/defender-endpoint/automated-investigations)**<br>
-In addition to quickly responding to advanced attacks, Microsoft Defender for Endpoint offers automated investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale.
-
-- [Get an overview of automated investigation and remediation](/microsoft-365/security/defender-endpoint/automated-investigations)
-- [Learn about automation levels](/microsoft-365/security/defender-endpoint/automation-levels)
-- [Configure automated investigation and remediation in Defender for Endpoint](/microsoft-365/security/defender-endpoint/configure-automated-investigations-remediation)
-- [Visit the Action center to see remediation actions](/microsoft-365/security/defender-endpoint/auto-investigation-action-center)
-- [Review remediation actions following an automated investigation](/microsoft-365/security/defender-endpoint/manage-auto-investigation)
-
-<a name="mte"></a>
-
-**[Microsoft Threat Experts](/microsoft-365/security/defender-endpoint/microsoft-threat-experts)**<br>
-Microsoft Defender for Endpoint's new managed threat hunting service provides proactive hunting, prioritization, and additional context and insights. Microsoft Threat Experts further empowers Security Operation Centers (SOCs) to identify and respond to threats quickly and accurately.
-
-- [Targeted attack notification](/microsoft-365/security/defender-endpoint/microsoft-threat-experts)
-- [Experts-on-demand](/microsoft-365/security/defender-endpoint/microsoft-threat-experts)
-- [Configure your Microsoft 365 Defender managed hunting service](/microsoft-365/security/defender-endpoint/configure-microsoft-threat-experts)
-
-<a name="apis"></a>
-
-**[Centralized configuration and administration, APIs](/microsoft-365/security/defender-endpoint/management-apis)**<br>
-Integrate Microsoft Defender for Endpoint into your existing workflows.
-- [Onboarding](/microsoft-365/security/defender-endpoint/onboard-configure)
-- [API and SIEM integration](/microsoft-365/security/defender-endpoint/configure-siem)
-- [Exposed APIs](/microsoft-365/security/defender-endpoint/apis-intro)
-- [Role-based access control (RBAC)](/microsoft-365/security/defender-endpoint/rbac)
-- [Reporting and trends](/microsoft-365/security/defender-endpoint/threat-protection-reports)
-
-<a name="integration"></a>
-**[Integration with Microsoft solutions](/microsoft-365/security/defender-endpoint/threat-protection-integration)** <br>
- Microsoft Defender for Endpoint directly integrates with various Microsoft solutions, including:
-- Intune
-- Microsoft Defender for Office 365
-- Microsoft Defender for Identity
-- Azure Defender
-- Skype for Business
-- Microsoft Cloud App Security
-
-<a name="mtp"></a>
-**[Microsoft 365 Defender](/microsoft-365/security/mtp/microsoft-threat-protection)**<br>
- With Microsoft 365 Defender, Microsoft Defender for Endpoint and various Microsoft security solutions form a unified pre- and post-breach enterprise defense suite that natively integrates across endpoint, identity, email, and applications to detect, prevent, investigate, and automatically respond to sophisticated attacks.
\ No newline at end of file
+- [Automated sandbox service](/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus)
\ No newline at end of file

From f8663351ba22d54de97664cfda1c037530a9a6fa Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 14 Sep 2021 15:05:51 -0700
Subject: [PATCH 340/671] Update TOC.yml

---
 windows/security/TOC.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 6d271597fd..a50131a114 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -48,7 +48,6 @@
    - name: Encryption and data protection 
      href: encryption-data-protection.md
      items:
-     
      - name: Encrypted Hard Drive
        href: information-protection/encrypted-hard-drive.md
      - name: Bitlocker 

From 93f6b8cfbf06297ad14e0162241c017eba5a7890 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 14 Sep 2021 15:08:29 -0700
Subject: [PATCH 341/671] Update TOC.yml

---
 windows/security/TOC.yml | 31 ++++++++++++++++---------------
 1 file changed, 16 insertions(+), 15 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index a50131a114..812098c2f6 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -203,22 +203,23 @@
      - name: Windows Defender Firewall
        href: threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
    - name: Virus & threat protection
-     href: threat-protection/index.md
      items: 
-     - name: Microsoft Defender Antivirus
-       href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows
-     - name: Attack surface reduction rules
-       href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/attack-surface-reduction
-     - name: Tamper protection
-       href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection
-     - name: Network protection
-       href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/network-protection
-     - name: Controlled folder access
-       href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/controlled-folders
-     - name: Exploit protection
-       href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/exploit-protection
-     - name: Microsoft Defender for Endpoint
-       href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint
+      - name: Overview
+        href: threat-protection/index.md
+      - name: Microsoft Defender Antivirus
+        href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows
+      - name: Attack surface reduction rules
+        href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/attack-surface-reduction
+      - name: Tamper protection
+        href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection
+      - name: Network protection
+        href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/network-protection
+      - name: Controlled folder access
+        href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/controlled-folders
+      - name: Exploit protection
+        href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/exploit-protection
+      - name: Microsoft Defender for Endpoint
+        href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint
 - name: Application security
   href: apps.md
   items:

From 43e344af4ca08da6f79c66851d560fd128ba4807 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 14 Sep 2021 15:18:32 -0700
Subject: [PATCH 342/671] Update TOC.yml

---
 windows/security/threat-protection/TOC.yml | 1423 +-------------------
 1 file changed, 17 insertions(+), 1406 deletions(-)

diff --git a/windows/security/threat-protection/TOC.yml b/windows/security/threat-protection/TOC.yml
index ae12fde723..dcf41c2615 100644
--- a/windows/security/threat-protection/TOC.yml
+++ b/windows/security/threat-protection/TOC.yml
@@ -1,1410 +1,21 @@
 - name: Threat protection
   href: index.md
   items: 
-    - name: Next-generation protection with Microsoft Defender Antivirus
+    - name: Windows threat protection
       items: 
-        - name: Microsoft Defender Antivirus overview
-          href: /microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-in-windows-10
-        - name: Evaluate Microsoft Defender Antivirus
-          href: /microsoft-365/security/defender-endpoint/evaluate-microsoft-defender-antivirus
-        - name: Configure Microsoft Defender Antivirus
-          items: 
-            - name: Configure Microsoft Defender Antivirus features
-              href: /microsoft-365/security/defender-endpoint/configure-microsoft-defender-antivirus-features
-            - name: Use Microsoft cloud-delivered protection
-              href: /microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus
-              items: 
-                - name: Prevent security settings changes with tamper protection
-                  href: /microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection
-                - name: Enable Block at first sight
-                  href: /microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus
-                - name: Configure the cloud block timeout period
-                  href: /microsoft-365/security/defender-endpoint/configure-cloud-block-timeout-period-microsoft-defender-antivirus
-            - name: Configure behavioral, heuristic, and real-time protection
-              items: 
-                - name: Configuration overview
-                  href: /microsoft-365/security/defender-endpoint/configure-protection-features-microsoft-defender-antivirus
-                - name: Detect and block Potentially Unwanted Applications
-                  href: /microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus
-                - name: Enable and configure always-on protection and monitoring
-                  href: /microsoft-365/security/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus
-            - name: Antivirus on Windows Server
-              href: /microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-on-windows-server
-            - name: Antivirus compatibility
-              items: 
-                - name: Compatibility charts
-                  href: /microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility
-                - name: Use limited periodic antivirus scanning
-                  href: /microsoft-365/security/defender-endpoint/limited-periodic-scanning-microsoft-defender-antivirus
-            - name: Manage Microsoft Defender Antivirus in your business
-              items: 
-                - name: Management overview
-                  href: /microsoft-365/security/defender-endpoint/configuration-management-reference-microsoft-defender-antivirus
-                - name: Use Microsoft Intune and Microsoft Endpoint Manager to manage Microsoft Defender Antivirus
-                  href: /microsoft-365/security/defender-endpoint/use-intune-config-manager-microsoft-defender-antivirus
-                - name: Use Group Policy settings to manage Microsoft Defender Antivirus
-                  href: /microsoft-365/security/defender-endpoint/use-group-policy-microsoft-defender-antivirus
-                - name: Use PowerShell cmdlets to manage Microsoft Defender Antivirus
-                  href: /microsoft-365/security/defender-endpoint/use-powershell-cmdlets-microsoft-defender-antivirus
-                - name: Use Windows Management Instrumentation (WMI) to manage Microsoft Defender Antivirus
-                  href: /microsoft-365/security/defender-endpoint/use-wmi-microsoft-defender-antivirus
-                - name: Use the mpcmdrun.exe command line tool to manage Microsoft Defender Antivirus
-                  href: /microsoft-365/security/defender-endpoint/command-line-arguments-microsoft-defender-antivirus
-            - name: Deploy, manage updates, and report on Microsoft Defender Antivirus
-              items: 
-                - name: Preparing to deploy
-                  href: /microsoft-365/security/defender-endpoint/deploy-manage-report-microsoft-defender-antivirus
-                - name: Deploy and enable Microsoft Defender Antivirus
-                  href: /microsoft-365/security/defender-endpoint/deploy-microsoft-defender-antivirus
-                - name: Deployment guide for VDI environments
-                  href: /microsoft-365/security/defender-endpoint/deployment-vdi-microsoft-defender-antivirus
-                - name: Report on antivirus protection
-                - name: Review protection status and alerts
-                  href: /microsoft-365/security/defender-endpoint/report-monitor-microsoft-defender-antivirus
-                - name: Troubleshoot antivirus reporting in Update Compliance
-                  href: /microsoft-365/security/defender-endpoint/troubleshoot-reporting
-                - name: Learn about the recent updates
-                  href: /microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus
-                - name: Manage protection and security intelligence updates
-                  href: /microsoft-365/security/defender-endpoint/manage-protection-updates-microsoft-defender-antivirus
-                - name: Manage when protection updates should be downloaded and applied
-                  href: /microsoft-365/security/defender-endpoint/manage-protection-update-schedule-microsoft-defender-antivirus
-                - name: Manage updates for endpoints that are out of date
-                  href: /microsoft-365/security/defender-endpoint/manage-outdated-endpoints-microsoft-defender-antivirus
-                - name: Manage event-based forced updates
-                  href: /microsoft-365/security/defender-endpoint/manage-event-based-updates-microsoft-defender-antivirus
-                - name: Manage updates for mobile devices and VMs
-                  href: /microsoft-365/security/defender-endpoint/manage-updates-mobile-devices-vms-microsoft-defender-antivirus
-            - name: Customize, initiate, and review the results of scans and remediation
-              items: 
-                - name: Configuration overview
-                  href: /microsoft-365/security/defender-endpoint/customize-run-review-remediate-scans-microsoft-defender-antivirus
-                - name: Configure and validate exclusions in antivirus scans
-                  href: /microsoft-365/security/defender-endpoint/configure-exclusions-microsoft-defender-antivirus
-                - name: Configure and validate exclusions based on file name, extension, and folder location
-                  href: /microsoft-365/security/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus
-                - name: Configure and validate exclusions for files opened by processes
-                  href: /microsoft-365/security/defender-endpoint/configure-process-opened-file-exclusions-microsoft-defender-antivirus
-                - name: Configure antivirus exclusions Windows Server
-                  href: /microsoft-365/security/defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus
-                - name: Common mistakes when defining exclusions
-                  href: /microsoft-365/security/defender-endpoint/common-exclusion-mistakes-microsoft-defender-antivirus
-                - name: Configure scanning antivirus options
-                  href: /microsoft-365/security/defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus
-                - name: Configure remediation for scans
-                  href: /microsoft-365/security/defender-endpoint/configure-remediation-microsoft-defender-antivirus
-                - name: Configure scheduled scans
-                  href: /microsoft-365/security/defender-endpoint/scheduled-catch-up-scans-microsoft-defender-antivirus
-                - name: Configure and run scans
-                  href: /microsoft-365/security/defender-endpoint/run-scan-microsoft-defender-antivirus
-                - name: Review scan results
-                  href: /microsoft-365/security/defender-endpoint/review-scan-results-microsoft-defender-antivirus
-                - name: Run and review the results of an offline scan
-                  href: /microsoft-365/security/defender-endpoint//microsoft-defender-offline
-            - name: Restore quarantined files
-              href: /microsoft-365/security/defender-endpoint/restore-quarantined-files-microsoft-defender-antivirus
-            - name: Manage scans and remediation
-              items: 
-                - name: Management overview
-                  href: /microsoft-365/security/defender-endpoint/customize-run-review-remediate-scans-microsoft-defender-antivirus
-                - name: Configure and validate exclusions in antivirus scans
-                - name: Exclusions overview
-                  href: /microsoft-365/security/defender-endpoint/configure-exclusions-microsoft-defender-antivirus
-                - name: Configure and validate exclusions based on file name, extension, and folder location
-                  href: /microsoft-365/security/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus
-                - name: Configure and validate exclusions for files opened by processes
-                  href: /microsoft-365/security/defender-endpoint/configure-process-opened-file-exclusions-microsoft-defender-antivirus
-                - name: Configure antivirus exclusions on Windows Server
-                  href: /microsoft-365/security/defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus
-                - name: Configure scanning options
-                  href: /microsoft-365/security/defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus
-            - name: Configure remediation for scans
-              href: /microsoft-365/security/defender-endpoint/configure-remediation-microsoft-defender-antivirus
-              items: 
-                - name: Configure scheduled scans
-                  href: /microsoft-365/security/defender-endpoint/scheduled-catch-up-scans-microsoft-defender-antivirus
-                - name: Configure and run scans
-                  href: /microsoft-365/security/defender-endpoint/run-scan-microsoft-defender-antivirus
-                - name: Review scan results
-                  href: /microsoft-365/security/defender-endpoint/review-scan-results-microsoft-defender-antivirus
-                - name: Run and review the results of an offline scan
-                  href: /microsoft-365/security/defender-endpoint/microsoft-defender-offline
-                - name: Restore quarantined files
-                  href: /microsoft-365/security/defender-endpoint/restore-quarantined-files-microsoft-defender-antivirus
-        - name: Troubleshoot Microsoft Defender Antivirus
-          items: 
-            - name: Troubleshoot Microsoft Defender Antivirus issues
-              href: /microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus
-            - name: Troubleshoot Microsoft Defender Antivirus migration issues
-              href: /microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus-when-migrating
-    - name: "Better together: Microsoft Defender Antivirus and Microsoft Defender for Endpoint"
-      href: /microsoft-365/security/defender-endpoint/why-use-microsoft-defender-antivirus
-    - name: "Better together: Microsoft Defender Antivirus and Office 365"
-      href: /microsoft-365/security/defender-endpoint/office-365-microsoft-defender-antivirus
-    - name: Hardware-based isolation
-      items: 
-        - name: Hardware-based isolation evaluation
-          href: microsoft-defender-application-guard/test-scenarios-md-app-guard.md
-        - name: Application isolation
-          items: 
-            - name: Application guard overview
-              href: microsoft-defender-application-guard/md-app-guard-overview.md
-            - name: System requirements
-              href: microsoft-defender-application-guard/reqs-md-app-guard.md
-            - name: Install Microsoft Defender Application Guard
-              href: microsoft-defender-application-guard/install-md-app-guard.md
-            - name: Install Microsoft Defender Application Guard Extension
-              href: microsoft-defender-application-guard/md-app-guard-browser-extension.md
-        - name: Application control
-          href: windows-defender-application-control/windows-defender-application-control.md
-          items: 
-            - name: Audit Application control policies
-              href: windows-defender-application-control/audit-windows-defender-application-control-policies.md
-        - name: System isolation
-          href: windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md
-        - name: System integrity
-          href: windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md
-    - name: Code integrity
-      href: device-guard/enable-virtualization-based-protection-of-code-integrity.md
-    - name: Network firewall
-      items: 
-        - name: Network firewall overview
-          href: windows-firewall/windows-firewall-with-advanced-security.md
-        - name: Network firewall evaluation
-          href: windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md
-    - name: Security intelligence
-      href: intelligence/index.md
-      items: 
-        - name: Understand malware & other threats
-          href: intelligence/understanding-malware.md
-          items: 
-            - name: Prevent malware infection
-              href: intelligence/prevent-malware-infection.md
-            - name: Malware names
-              href: intelligence/malware-naming.md
-            - name: Coin miners
-              href: intelligence/coinminer-malware.md
-            - name: Exploits and exploit kits
-              href: intelligence/exploits-malware.md
-            - name: Fileless threats
-              href: intelligence/fileless-threats.md
-            - name: Macro malware
-              href: intelligence/macro-malware.md
-            - name: Phishing
-              href: intelligence/phishing.md
-            - name: Ransomware
-              href: /security/compass/human-operated-ransomware
-            - name: Rootkits
-              href: intelligence/rootkits-malware.md
-            - name: Supply chain attacks
-              href: intelligence/supply-chain-malware.md
-            - name: Tech support scams
-              href: intelligence/support-scams.md
-            - name: Trojans
-              href: intelligence/trojans-malware.md
-            - name: Unwanted software
-              href: intelligence/unwanted-software.md
-            - name: Worms
-              href: intelligence/worms-malware.md
-        - name: How Microsoft identifies malware and PUA
-          href: intelligence/criteria.md
-        - name: Submit files for analysis
-          href: intelligence/submission-guide.md
-        - name: Safety Scanner download
-          href: intelligence/safety-scanner-download.md
-        - name: Industry collaboration programs
-          href: intelligence/cybersecurity-industry-partners.md
-          items: 
-            - name: Virus information alliance
-              href: intelligence/virus-information-alliance-criteria.md
-            - name: Microsoft virus initiative
-              href: intelligence/virus-initiative-criteria.md
-            - name: Coordinated malware eradication
-              href: intelligence/coordinated-malware-eradication.md
-        - name: Information for developers
-          items: 
-            - name: Software developer FAQ
-              href: intelligence/developer-faq.yml
-            - name: Software developer resources
-              href: intelligence/developer-resources.md
-    - name: The Windows Security app
-      href: windows-defender-security-center/windows-defender-security-center.md
-      items: 
-        - name: Customize the Windows Security app for your organization
-          href: windows-defender-security-center/wdsc-customize-contact-information.md
-        - name: Hide Windows Security app notifications
-          href: windows-defender-security-center/wdsc-hide-notifications.md
-        - name: Manage Windows Security app in Windows 10 in S mode
-          href: windows-defender-security-center/wdsc-windows-10-in-s-mode.md
-        - name: Virus and threat protection
-          href: windows-defender-security-center/wdsc-virus-threat-protection.md
-        - name: Account protection
-          href: windows-defender-security-center/wdsc-account-protection.md
-        - name: Firewall and network protection
-          href: windows-defender-security-center/wdsc-firewall-network-protection.md
-        - name: App and browser control
-          href: windows-defender-security-center/wdsc-app-browser-control.md
-        - name: Device security
-          href: windows-defender-security-center/wdsc-device-security.md
-        - name: Device performance and health
-          href: windows-defender-security-center/wdsc-device-performance-health.md
-          items: 
-            - name: Family options
-              href: windows-defender-security-center/wdsc-family-options.md
-    - name: Microsoft Defender SmartScreen
-      href: microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
-      items: 
-        - name: Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings
-          href: microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md
-        - name: Set up and use Microsoft Defender SmartScreen on individual devices
-          href: microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device.md
-    - name: Windows Sandbox
-      href: windows-sandbox/windows-sandbox-overview.md
-      items: 
-        - name: Windows Sandbox architecture
-          href: windows-sandbox/windows-sandbox-architecture.md
-        - name: Windows Sandbox configuration
-          href: windows-sandbox/windows-sandbox-configure-using-wsb-file.md
-    - name: "Windows Defender Application Control and virtualization-based protection of code integrity"
-      href: device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
-    - name: Windows Certifications
-      items: 
-        - name: FIPS 140 Validations
-          href: fips-140-validation.md
-        - name: Common Criteria Certifications
-          href: windows-platform-common-criteria.md
-    - name: More Windows 10 security
-      items: 
-        - name: Control the health of Windows 10-based devices
-          href: protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
-        - name: Mitigate threats by using Windows 10 security features
-          href: overview-of-threat-mitigations-in-windows-10.md
-        - name: Override Process Mitigation Options to help enforce app-related security policies
-          href: override-mitigation-options-for-app-related-security-policies.md
-        - name: Use Windows Event Forwarding to help with intrusion detection
-          href: use-windows-event-forwarding-to-assist-in-intrusion-detection.md
-        - name: Block untrusted fonts in an enterprise
-          href: block-untrusted-fonts-in-enterprise.md
-        - name: Security auditing
-          href: auditing/security-auditing-overview.md
-          items: 
-            - name: Basic security audit policies
-              href: auditing/basic-security-audit-policies.md
-              items: 
-                - name: Create a basic audit policy for an event category
-                  href: auditing/create-a-basic-audit-policy-settings-for-an-event-category.md
-                - name: Apply a basic audit policy on a file or folder
-                  href: auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md
-                - name: View the security event log
-                  href: auditing/view-the-security-event-log.md
-                - name: Basic security audit policy settings
-                  href: auditing/basic-security-audit-policy-settings.md
-                  items: 
-                    - name: Audit account logon events
-                      href: auditing/basic-audit-account-logon-events.md
-                    - name: Audit account management
-                      href: auditing/basic-audit-account-management.md
-                    - name: Audit directory service access
-                      href: auditing/basic-audit-directory-service-access.md
-                    - name: Audit logon events
-                      href: auditing/basic-audit-logon-events.md
-                    - name: Audit object access
-                      href: auditing/basic-audit-object-access.md
-                    - name: Audit policy change
-                      href: auditing/basic-audit-policy-change.md
-                    - name: Audit privilege use
-                      href: auditing/basic-audit-privilege-use.md
-                    - name: Audit process tracking
-                      href: auditing/basic-audit-process-tracking.md
-                    - name: Audit system events
-                      href: auditing/basic-audit-system-events.md
-            - name: Advanced security audit policies
-              href: auditing/advanced-security-auditing.md
-              items: 
-                - name: Planning and deploying advanced security audit policies
-                  href: auditing/planning-and-deploying-advanced-security-audit-policies.md
-                - name: Advanced security auditing FAQ
-                  href: auditing/advanced-security-auditing-faq.yml
-                  items: 
-                    - name: Which editions of Windows support advanced audit policy configuration
-                      href: auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md
-                    - name: How to list XML elements in \<EventData>
-                      href: auditing/how-to-list-xml-elements-in-eventdata.md
-                    - name: Using advanced security auditing options to monitor dynamic access control objects
-                      href: auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md
-                      items: 
-                        - name: Monitor the central access policies that apply on a file server
-                          href: auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md
-                        - name: Monitor the use of removable storage devices
-                          href: auditing/monitor-the-use-of-removable-storage-devices.md
-                        - name: Monitor resource attribute definitions
-                          href: auditing/monitor-resource-attribute-definitions.md
-                        - name: Monitor central access policy and rule definitions
-                          href: auditing/monitor-central-access-policy-and-rule-definitions.md
-                        - name: Monitor user and device claims during sign-in
-                          href: auditing/monitor-user-and-device-claims-during-sign-in.md
-                        - name: Monitor the resource attributes on files and folders
-                          href: auditing/monitor-the-resource-attributes-on-files-and-folders.md
-                        - name: Monitor the central access policies associated with files and folders
-                          href: auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md
-                        - name: Monitor claim types
-                          href: auditing/monitor-claim-types.md
-                    - name: Advanced security audit policy settings
-                      href: auditing/advanced-security-audit-policy-settings.md
-                      items: 
-                        - name: Audit Credential Validation
-                          href: auditing/audit-credential-validation.md
-                        - name: "Event 4774 S, F: An account was mapped for logon."
-                          href: auditing/event-4774.md
-                        - name: "Event 4775 F: An account could not be mapped for logon."
-                          href: auditing/event-4775.md
-                        - name: "Event 4776 S, F: The computer attempted to validate the credentials for an account."
-                          href: auditing/event-4776.md
-                        - name: "Event 4777 F: The domain controller failed to validate the credentials for an account."
-                          href: auditing/event-4777.md
-                    - name: Audit Kerberos Authentication Service
-                      href: auditing/audit-kerberos-authentication-service.md
-                      items: 
-                        - name: "Event 4768 S, F: A Kerberos authentication ticket, TGT, was requested."
-                          href: auditing/event-4768.md
-                        - name: "Event 4771 F: Kerberos pre-authentication failed."
-                          href: auditing/event-4771.md
-                        - name: "Event 4772 F: A Kerberos authentication ticket request failed."
-                          href: auditing/event-4772.md
-                    - name: Audit Kerberos Service Ticket Operations
-                      href: auditing/audit-kerberos-service-ticket-operations.md
-                      items: 
-                        - name: "Event 4769 S, F: A Kerberos service ticket was requested."
-                          href: auditing/event-4769.md
-                        - name: "Event 4770 S: A Kerberos service ticket was renewed."
-                          href: auditing/event-4770.md
-                        - name: "Event 4773 F: A Kerberos service ticket request failed."
-                          href: auditing/event-4773.md
-                    - name: Audit Other Account Logon Events
-                      href: auditing/audit-other-account-logon-events.md
-                    - name: Audit Application Group Management
-                      href: auditing/audit-application-group-management.md
-                    - name: Audit Computer Account Management
-                      href: auditing/audit-computer-account-management.md
-                      items: 
-                        - name: "Event 4741 S: A computer account was created."
-                          href: auditing/event-4741.md
-                        - name: "Event 4742 S: A computer account was changed."
-                          href: auditing/event-4742.md
-                        - name: "Event 4743 S: A computer account was deleted."
-                          href: auditing/event-4743.md
-                    - name: Audit Distribution Group Management
-                      href: auditing/audit-distribution-group-management.md
-                      items: 
-                        - name: "Event 4749 S: A security-disabled global group was created."
-                          href: auditing/event-4749.md
-                        - name: "Event 4750 S: A security-disabled global group was changed."
-                          href: auditing/event-4750.md
-                        - name: "Event 4751 S: A member was added to a security-disabled global group."
-                          href: auditing/event-4751.md
-                        - name: "Event 4752 S: A member was removed from a security-disabled global group."
-                          href: auditing/event-4752.md
-                        - name: "Event 4753 S: A security-disabled global group was deleted."
-                          href: auditing/event-4753.md
-                    - name: Audit Other Account Management Events
-                      href: auditing/audit-other-account-management-events.md
-                      items: 
-                        - name: "Event 4782 S: The password hash of an account was accessed."
-                          href: auditing/event-4782.md
-                        - name: "Event 4793 S: The Password Policy Checking API was called."
-                          href: auditing/event-4793.md
-                    - name: Audit Security Group Management
-                      href: auditing/audit-security-group-management.md
-                      items: 
-                        - name: "Event 4731 S: A security-enabled local group was created."
-                          href: auditing/event-4731.md
-                        - name: "Event 4732 S: A member was added to a security-enabled local group."
-                          href: auditing/event-4732.md
-                        - name: "Event 4733 S: A member was removed from a security-enabled local group."
-                          href: auditing/event-4733.md
-                        - name: "Event 4734 S: A security-enabled local group was deleted."
-                          href: auditing/event-4734.md
-                        - name: "Event 4735 S: A security-enabled local group was changed."
-                          href: auditing/event-4735.md
-                        - name: "Event 4764 S: A group�s type was changed."
-                          href: auditing/event-4764.md
-                        - name: "Event 4799 S: A security-enabled local group membership was enumerated."
-                          href: auditing/event-4799.md
-                    - name: Audit User Account Management
-                      href: auditing/audit-user-account-management.md
-                      items: 
-                        - name: "Event 4720 S: A user account was created."
-                          href: auditing/event-4720.md
-                        - name: "Event 4722 S: A user account was enabled."
-                          href: auditing/event-4722.md
-                        - name: "Event 4723 S, F: An attempt was made to change an account's password."
-                          href: auditing/event-4723.md
-                        - name: "Event 4724 S, F: An attempt was made to reset an account's password."
-                          href: auditing/event-4724.md
-                        - name: "Event 4725 S: A user account was disabled."
-                          href: auditing/event-4725.md
-                        - name: "Event 4726 S: A user account was deleted."
-                          href: auditing/event-4726.md
-                        - name: "Event 4738 S: A user account was changed."
-                          href: auditing/event-4738.md
-                        - name: "Event 4740 S: A user account was locked out."
-                          href: auditing/event-4740.md
-                        - name: "Event 4765 S: SID History was added to an account."
-                          href: auditing/event-4765.md
-                        - name: "Event 4766 F: An attempt to add SID History to an account failed."
-                          href: auditing/event-4766.md
-                        - name: "Event 4767 S: A user account was unlocked."
-                          href: auditing/event-4767.md
-                        - name: "Event 4780 S: The ACL was set on accounts that are members of administrators groups."
-                          href: auditing/event-4780.md
-                        - name: "Event 4781 S: The name of an account was changed."
-                          href: auditing/event-4781.md
-                        - name: "Event 4794 S, F: An attempt was made to set the Directory Services Restore Mode administrator password."
-                          href: auditing/event-4794.md
-                        - name: "Event 4798 S: A user's local group membership was enumerated."
-                          href: auditing/event-4798.md
-                        - name: "Event 5376 S: Credential Manager credentials were backed up."
-                          href: auditing/event-5376.md
-                        - name: "Event 5377 S: Credential Manager credentials were restored from a backup."
-                          href: auditing/event-5377.md
-                    - name: Audit DPAPI Activity
-                      href: auditing/audit-dpapi-activity.md
-                      items: 
-                        - name: "Event 4692 S, F: Backup of data protection master key was attempted."
-                          href: auditing/event-4692.md
-                        - name: "Event 4693 S, F: Recovery of data protection master key was attempted."
-                          href: auditing/event-4693.md
-                        - name: "Event 4694 S, F: Protection of auditable protected data was attempted."
-                          href: auditing/event-4694.md
-                        - name: "Event 4695 S, F: Unprotection of auditable protected data was attempted."
-                          href: auditing/event-4695.md
-                    - name: Audit PNP Activity
-                      href: auditing/audit-pnp-activity.md
-                      items: 
-                        - name: "Event 6416 S: A new external device was recognized by the System."
-                          href: auditing/event-6416.md
-                        - name: "Event 6419 S: A request was made to disable a device."
-                          href: auditing/event-6419.md
-                        - name: "Event 6420 S: A device was disabled."
-                          href: auditing/event-6420.md
-                        - name: "Event 6421 S: A request was made to enable a device."
-                          href: auditing/event-6421.md
-                        - name: "Event 6422 S: A device was enabled."
-                          href: auditing/event-6422.md
-                        - name: "Event 6423 S: The installation of this device is forbidden by system policy."
-                          href: auditing/event-6423.md
-                        - name: "Event 6424 S: The installation of this device was allowed, after having previously been forbidden by policy."
-                          href: auditing/event-6424.md
-                    - name: Audit Process Creation
-                      href: auditing/audit-process-creation.md
-                      items: 
-                        - name: "Event 4688 S: A new process has been created."
-                          href: auditing/event-4688.md
-                        - name: "Event 4696 S: A primary token was assigned to process."
-                          href: auditing/event-4696.md
-                    - name: Audit Process Termination
-                      href: auditing/audit-process-termination.md
-                      items: 
-                        - name: "Event 4689 S: A process has exited."
-                          href: auditing/event-4689.md
-                    - name: Audit RPC Events
-                      href: auditing/audit-rpc-events.md
-                      items: 
-                        - name: "Event 5712 S: A Remote Procedure Call, RPC, was attempted."
-                          href: auditing/event-5712.md
-                    - name: Audit Token Right Adjusted
-                      href: auditing/audit-token-right-adjusted.md
-                      items: 
-                        - name: "Event 4703 S: A user right was adjusted."
-                          href: auditing/event-4703.md
-                    - name: Audit Detailed Directory Service Replication
-                      href: auditing/audit-detailed-directory-service-replication.md
-                      items: 
-                        - name: "Event 4928 S, F: An Active Directory replica source naming context was established."
-                          href: auditing/event-4928.md
-                        - name: "Event 4929 S, F: An Active Directory replica source naming context was removed."
-                          href: auditing/event-4929.md
-                        - name: "Event 4930 S, F: An Active Directory replica source naming context was modified."
-                          href: auditing/event-4930.md
-                        - name: "Event 4931 S, F: An Active Directory replica destination naming context was modified."
-                          href: auditing/event-4931.md
-                        - name: "Event 4934 S: Attributes of an Active Directory object were replicated."
-                          href: auditing/event-4934.md
-                        - name: "Event 4935 F: Replication failure begins."
-                          href: auditing/event-4935.md
-                        - name: "Event 4936 S: Replication failure ends."
-                          href: auditing/event-4936.md
-                        - name: "Event 4937 S: A lingering object was removed from a replica."
-                          href: auditing/event-4937.md
-                    - name: Audit Directory Service Access
-                      href: auditing/audit-directory-service-access.md
-                      items: 
-                        - name: "Event 4662 S, F: An operation was performed on an object."
-                          href: auditing/event-4662.md
-                        - name: "Event 4661 S, F: A handle to an object was requested."
-                          href: auditing/event-4661.md
-                    - name: Audit Directory Service Changes
-                      href: auditing/audit-directory-service-changes.md
-                      items: 
-                        - name: "Event 5136 S: A directory service object was modified."
-                          href: auditing/event-5136.md
-                        - name: "Event 5137 S: A directory service object was created."
-                          href: auditing/event-5137.md
-                        - name: "Event 5138 S: A directory service object was undeleted."
-                          href: auditing/event-5138.md
-                        - name: "Event 5139 S: A directory service object was moved."
-                          href: auditing/event-5139.md
-                        - name: "Event 5141 S: A directory service object was deleted."
-                          href: auditing/event-5141.md
-                    - name: Audit Directory Service Replication
-                      href: auditing/audit-directory-service-replication.md
-                      items: 
-                        - name: "Event 4932 S: Synchronization of a replica of an Active Directory naming context has begun."
-                          href: auditing/event-4932.md
-                        - name: "Event 4933 S, F: Synchronization of a replica of an Active Directory naming context has ended."
-                          href: auditing/event-4933.md
-                    - name: Audit Account Lockout
-                      href: auditing/audit-account-lockout.md
-                      items: 
-                        - name: "Event 4625 F: An account failed to log on."
-                          href: auditing/event-4625.md
-                    - name: Audit User/Device Claims
-                      href: auditing/audit-user-device-claims.md
-                      items: 
-                        - name: "Event 4626 S: User/Device claims information."
-                          href: auditing/event-4626.md
-                    - name: Audit Group Membership
-                      href: auditing/audit-group-membership.md
-                      items: 
-                        - name: "Event 4627 S: Group membership information."
-                          href: auditing/event-4627.md
-                    - name: Audit IPsec Extended Mode
-                      href: auditing/audit-ipsec-extended-mode.md
-                    - name: Audit IPsec Main Mode
-                      href: auditing/audit-ipsec-main-mode.md
-                    - name: Audit IPsec Quick Mode
-                      href: auditing/audit-ipsec-quick-mode.md
-                    - name: Audit Logoff
-                      href: auditing/audit-logoff.md
-                      items: 
-                        - name: "Event 4634 S: An account was logged off."
-                          href: auditing/event-4634.md
-                        - name: "Event 4647 S: User initiated logoff."
-                          href: auditing/event-4647.md
-                    - name: Audit Logon
-                      href: auditing/audit-logon.md
-                      items: 
-                        - name: "Event 4624 S: An account was successfully logged on."
-                          href: auditing/event-4624.md
-                        - name: "Event 4625 F: An account failed to log on."
-                          href: auditing/event-4625.md
-                        - name: "Event 4648 S: A logon was attempted using explicit credentials."
-                          href: auditing/event-4648.md
-                        - name: "Event 4675 S: SIDs were filtered."
-                          href: auditing/event-4675.md
-                    - name: Audit Network Policy Server
-                      href: auditing/audit-network-policy-server.md
-                    - name: Audit Other Logon/Logoff Events
-                      href: auditing/audit-other-logonlogoff-events.md
-                      items: 
-                        - name: "Event 4649 S: A replay attack was detected."
-                          href: auditing/event-4649.md
-                        - name: "Event 4778 S: A session was reconnected to a Window Station."
-                          href: auditing/event-4778.md
-                        - name: "Event 4779 S: A session was disconnected from a Window Station."
-                          href: auditing/event-4779.md
-                        - name: "Event 4800 S: The workstation was locked."
-                          href: auditing/event-4800.md
-                        - name: "Event 4801 S: The workstation was unlocked."
-                          href: auditing/event-4801.md
-                        - name: "Event 4802 S: The screen saver was invoked."
-                          href: auditing/event-4802.md
-                        - name: "Event 4803 S: The screen saver was dismissed."
-                          href: auditing/event-4803.md
-                        - name: "Event 5378 F: The requested credentials delegation was disallowed by policy."
-                          href: auditing/event-5378.md
-                        - name: "Event 5632 S, F: A request was made to authenticate to a wireless network."
-                          href: auditing/event-5632.md
-                        - name: "Event 5633 S, F: A request was made to authenticate to a wired network."
-                          href: auditing/event-5633.md
-                    - name: Audit Special Logon
-                      href: auditing/audit-special-logon.md
-                      items: 
-                        - name: "Event 4964 S: Special groups have been assigned to a new logon."
-                          href: auditing/event-4964.md
-                        - name: "Event 4672 S: Special privileges assigned to new logon."
-                          href: auditing/event-4672.md
-                    - name: Audit Application Generated
-                      href: auditing/audit-application-generated.md
-                    - name: Audit Certification Services
-                      href: auditing/audit-certification-services.md
-                    - name: Audit Detailed File Share
-                      href: auditing/audit-detailed-file-share.md
-                      items: 
-                        - name: "Event 5145 S, F: A network share object was checked to see whether client can be granted desired access."
-                          href: auditing/event-5145.md
-                    - name: Audit File Share
-                      href: auditing/audit-file-share.md
-                      items: 
-                        - name: "Event 5140 S, F: A network share object was accessed."
-                          href: auditing/event-5140.md
-                        - name: "Event 5142 S: A network share object was added."
-                          href: auditing/event-5142.md
-                        - name: "Event 5143 S: A network share object was modified."
-                          href: auditing/event-5143.md
-                        - name: "Event 5144 S: A network share object was deleted."
-                          href: auditing/event-5144.md
-                        - name: "Event 5168 F: SPN check for SMB/SMB2 failed."
-                          href: auditing/event-5168.md
-                    - name: Audit File System
-                      href: auditing/audit-file-system.md
-                      items: 
-                        - name: "Event 4656 S, F: A handle to an object was requested."
-                          href: auditing/event-4656.md
-                        - name: "Event 4658 S: The handle to an object was closed."
-                          href: auditing/event-4658.md
-                        - name: "Event 4660 S: An object was deleted."
-                          href: auditing/event-4660.md
-                        - name: "Event 4663 S: An attempt was made to access an object."
-                          href: auditing/event-4663.md
-                        - name: "Event 4664 S: An attempt was made to create a hard link."
-                          href: auditing/event-4664.md
-                        - name: "Event 4985 S: The state of a transaction has changed."
-                          href: auditing/event-4985.md
-                        - name: "Event 5051: A file was virtualized."
-                          href: auditing/event-5051.md
-                        - name: "Event 4670 S: Permissions on an object were changed."
-                          href: auditing/event-4670.md
-                    - name: Audit Filtering Platform Connection
-                      href: auditing/audit-filtering-platform-connection.md
-                      items: 
-                        - name: "Event 5031 F: The Windows Firewall Service blocked an application from accepting incoming connections on the network."
-                          href: auditing/event-5031.md
-                        - name: "Event 5150: The Windows Filtering Platform blocked a packet."
-                          href: auditing/event-5150.md
-                        - name: "Event 5151: A more restrictive Windows Filtering Platform filter has blocked a packet."
-                          href: auditing/event-5151.md
-                        - name: "Event 5154 S: The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections."
-                          href: auditing/event-5154.md
-                        - name: "Event 5155 F: The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections."
-                          href: auditing/event-5155.md
-                        - name: "Event 5156 S: The Windows Filtering Platform has permitted a connection."
-                          href: auditing/event-5156.md
-                        - name: "Event 5157 F: The Windows Filtering Platform has blocked a connection."
-                          href: auditing/event-5157.md
-                        - name: "Event 5158 S: The Windows Filtering Platform has permitted a bind to a local port."
-                          href: auditing/event-5158.md
-                        - name: "Event 5159 F: The Windows Filtering Platform has blocked a bind to a local port."
-                          href: auditing/event-5159.md
-                    - name: Audit Filtering Platform Packet Drop
-                      href: auditing/audit-filtering-platform-packet-drop.md
-                      items: 
-                        - name: "Event 5152 F: The Windows Filtering Platform blocked a packet."
-                          href: auditing/event-5152.md
-                        - name: "Event 5153 S: A more restrictive Windows Filtering Platform filter has blocked a packet."
-                          href: auditing/event-5153.md
-                    - name: Audit Handle Manipulation
-                      href: auditing/audit-handle-manipulation.md
-                      items: 
-                        - name: "Event 4690 S: An attempt was made to duplicate a handle to an object."
-                          href: auditing/event-4690.md
-                    - name: Audit Kernel Object
-                      href: auditing/audit-kernel-object.md
-                      items: 
-                        - name: "Event 4656 S, F: A handle to an object was requested."
-                          href: auditing/event-4656.md
-                        - name: "Event 4658 S: The handle to an object was closed."
-                          href: auditing/event-4658.md
-                        - name: "Event 4660 S: An object was deleted."
-                          href: auditing/event-4660.md
-                        - name: "Event 4663 S: An attempt was made to access an object."
-                          href: auditing/event-4663.md
-                    - name: Audit Other Object Access Events
-                      href: auditing/audit-other-object-access-events.md
-                      items: 
-                        - name: "Event 4671: An application attempted to access a blocked ordinal through the TBS."
-                          href: auditing/event-4671.md
-                        - name: "Event 4691 S: Indirect access to an object was requested."
-                          href: auditing/event-4691.md
-                        - name: "Event 5148 F: The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded."
-                          href: auditing/event-5148.md
-                        - name: "Event 5149 F: The DoS attack has subsided and normal processing is being resumed."
-                          href: auditing/event-5149.md
-                        - name: "Event 4698 S: A scheduled task was created."
-                          href: auditing/event-4698.md
-                        - name: "Event 4699 S: A scheduled task was deleted."
-                          href: auditing/event-4699.md
-                        - name: "Event 4700 S: A scheduled task was enabled."
-                          href: auditing/event-4700.md
-                        - name: "Event 4701 S: A scheduled task was disabled."
-                          href: auditing/event-4701.md
-                        - name: "Event 4702 S: A scheduled task was updated."
-                          href: auditing/event-4702.md
-                        - name: "Event 5888 S: An object in the COM+ Catalog was modified."
-                          href: auditing/event-5888.md
-                        - name: "Event 5889 S: An object was deleted from the COM+ Catalog."
-                          href: auditing/event-5889.md
-                        - name: "Event 5890 S: An object was added to the COM+ Catalog."
-                          href: auditing/event-5890.md
-                    - name: Audit Registry
-                      href: auditing/audit-registry.md
-                      items: 
-                        - name: "Event 4663 S: An attempt was made to access an object."
-                          href: auditing/event-4663.md
-                        - name: "Event 4656 S, F: A handle to an object was requested."
-                          href: auditing/event-4656.md
-                        - name: "Event 4658 S: The handle to an object was closed."
-                          href: auditing/event-4658.md
-                        - name: "Event 4660 S: An object was deleted."
-                          href: auditing/event-4660.md
-                        - name: "Event 4657 S: A registry value was modified."
-                          href: auditing/event-4657.md
-                        - name: "Event 5039: A registry key was virtualized."
-                          href: auditing/event-5039.md
-                        - name: "Event 4670 S: Permissions on an object were changed."
-                          href: auditing/event-4670.md
-                    - name: Audit Removable Storage
-                      href: auditing/audit-removable-storage.md
-                    - name: Audit SAM
-                      href: auditing/audit-sam.md
-                      items: 
-                        - name: "Event 4661 S, F: A handle to an object was requested."
-                          href: auditing/event-4661.md
-                    - name: Audit Central Access Policy Staging
-                      href: auditing/audit-central-access-policy-staging.md
-                      items: 
-                        - name: "Event 4818 S: Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy."
-                          href: auditing/event-4818.md
-                    - name: Audit Audit Policy Change
-                      href: auditing/audit-audit-policy-change.md
-                      items: 
-                        - name: "Event 4670 S: Permissions on an object were changed."
-                          href: auditing/event-4670.md
-                        - name: "Event 4715 S: The audit policy, SACL, on an object was changed."
-                          href: auditing/event-4715.md
-                        - name: "Event 4719 S: System audit policy was changed."
-                          href: auditing/event-4719.md
-                        - name: "Event 4817 S: Auditing settings on object were changed."
-                          href: auditing/event-4817.md
-                        - name: "Event 4902 S: The Per-user audit policy table was created."
-                          href: auditing/event-4902.md
-                        - name: "Event 4906 S: The CrashOnAuditFail value has changed."
-                          href: auditing/event-4906.md
-                        - name: "Event 4907 S: Auditing settings on object were changed."
-                          href: auditing/event-4907.md
-                        - name: "Event 4908 S: Special Groups Logon table modified."
-                          href: auditing/event-4908.md
-                        - name: "Event 4912 S: Per User Audit Policy was changed."
-                          href: auditing/event-4912.md
-                        - name: "Event 4904 S: An attempt was made to register a security event source."
-                          href: auditing/event-4904.md
-                        - name: "Event 4905 S: An attempt was made to unregister a security event source."
-                          href: auditing/event-4905.md
-                    - name: Audit Authentication Policy Change
-                      href: auditing/audit-authentication-policy-change.md
-                      items: 
-                        - name: "Event 4706 S: A new trust was created to a domain."
-                          href: auditing/event-4706.md
-                        - name: "Event 4707 S: A trust to a domain was removed."
-                          href: auditing/event-4707.md
-                        - name: "Event 4716 S: Trusted domain information was modified."
-                          href: auditing/event-4716.md
-                        - name: "Event 4713 S: Kerberos policy was changed."
-                          href: auditing/event-4713.md
-                        - name: "Event 4717 S: System security access was granted to an account."
-                          href: auditing/event-4717.md
-                        - name: "Event 4718 S: System security access was removed from an account."
-                          href: auditing/event-4718.md
-                        - name: "Event 4739 S: Domain Policy was changed."
-                          href: auditing/event-4739.md
-                        - name: "Event 4864 S: A namespace collision was detected."
-                          href: auditing/event-4864.md
-                        - name: "Event 4865 S: A trusted forest information entry was added."
-                          href: auditing/event-4865.md
-                        - name: "Event 4866 S: A trusted forest information entry was removed."
-                          href: auditing/event-4866.md
-                        - name: "Event 4867 S: A trusted forest information entry was modified."
-                          href: auditing/event-4867.md
-                    - name: Audit Authorization Policy Change
-                      href: auditing/audit-authorization-policy-change.md
-                      items: 
-                        - name: "Event 4703 S: A user right was adjusted."
-                          href: auditing/event-4703.md
-                        - name: "Event 4704 S: A user right was assigned."
-                          href: auditing/event-4704.md
-                        - name: "Event 4705 S: A user right was removed."
-                          href: auditing/event-4705.md
-                        - name: "Event 4670 S: Permissions on an object were changed."
-                          href: auditing/event-4670.md
-                        - name: "Event 4911 S: Resource attributes of the object were changed."
-                          href: auditing/event-4911.md
-                        - name: "Event 4913 S: Central Access Policy on the object was changed."
-                          href: auditing/event-4913.md
-                    - name: Audit Filtering Platform Policy Change
-                      href: auditing/audit-filtering-platform-policy-change.md
-                    - name: Audit MPSSVC Rule-Level Policy Change
-                      href: auditing/audit-mpssvc-rule-level-policy-change.md
-                      items: 
-                        - name: "Event 4944 S: The following policy was active when the Windows Firewall started."
-                          href: auditing/event-4944.md
-                        - name: "Event 4945 S: A rule was listed when the Windows Firewall started."
-                          href: auditing/event-4945.md
-                        - name: "Event 4946 S: A change has been made to Windows Firewall exception list. A rule was added."
-                          href: auditing/event-4946.md
-                        - name: "Event 4947 S: A change has been made to Windows Firewall exception list. A rule was modified."
-                          href: auditing/event-4947.md
-                        - name: "Event 4948 S: A change has been made to Windows Firewall exception list. A rule was deleted."
-                          href: auditing/event-4948.md
-                        - name: "Event 4949 S: Windows Firewall settings were restored to the default values."
-                          href: auditing/event-4949.md
-                        - name: "Event 4950 S: A Windows Firewall setting has changed."
-                          href: auditing/event-4950.md
-                        - name: "Event 4951 F: A rule has been ignored because its major version number was not recognized by Windows Firewall."
-                          href: auditing/event-4951.md
-                        - name: "Event 4952 F: Parts of a rule have been ignored because its minor version number was not recognized by Windows Firewall. The other parts of the rule will be enforced."
-                          href: auditing/event-4952.md
-                        - name: "Event 4953 F: Windows Firewall ignored a rule because it could not be parsed."
-                          href: auditing/event-4953.md
-                        - name: "Event 4954 S: Windows Firewall Group Policy settings have changed. The new settings have been applied."
-                          href: auditing/event-4954.md
-                        - name: "Event 4956 S: Windows Firewall has changed the active profile."
-                          href: auditing/event-4956.md
-                        - name: "Event 4957 F: Windows Firewall did not apply the following rule."
-                          href: auditing/event-4957.md
-                        - name: "Event 4958 F: Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer."
-                          href: auditing/event-4958.md
-                    - name: Audit Other Policy Change Events
-                      href: auditing/audit-other-policy-change-events.md
-                      items: 
-                        - name: "Event 4714 S: Encrypted data recovery policy was changed."
-                          href: auditing/event-4714.md
-                        - name: "Event 4819 S: Central Access Policies on the machine have been changed."
-                          href: auditing/event-4819.md
-                        - name: "Event 4826 S: Boot Configuration Data loaded."
-                          href: auditing/event-4826.md
-                        - name: "Event 4909: The local policy settings for the TBS were changed."
-                          href: auditing/event-4909.md
-                        - name: "Event 4910: The group policy settings for the TBS were changed."
-                          href: auditing/event-4910.md
-                        - name: "Event 5063 S, F: A cryptographic provider operation was attempted."
-                          href: auditing/event-5063.md
-                        - name: "Event 5064 S, F: A cryptographic context operation was attempted."
-                          href: auditing/event-5064.md
-                        - name: "Event 5065 S, F: A cryptographic context modification was attempted."
-                          href: auditing/event-5065.md
-                        - name: "Event 5066 S, F: A cryptographic function operation was attempted."
-                          href: auditing/event-5066.md
-                        - name: "Event 5067 S, F: A cryptographic function modification was attempted."
-                          href: auditing/event-5067.md
-                        - name: "Event 5068 S, F: A cryptographic function provider operation was attempted."
-                          href: auditing/event-5068.md
-                        - name: "Event 5069 S, F: A cryptographic function property operation was attempted."
-                          href: auditing/event-5069.md
-                        - name: "Event 5070 S, F: A cryptographic function property modification was attempted."
-                          href: auditing/event-5070.md
-                        - name: "Event 5447 S: A Windows Filtering Platform filter has been changed."
-                          href: auditing/event-5447.md
-                        - name: "Event 6144 S: Security policy in the group policy objects has been applied successfully."
-                          href: auditing/event-6144.md
-                        - name: "Event 6145 F: One or more errors occurred while processing security policy in the group policy objects."
-                          href: auditing/event-6145.md
-                    - name: Audit Sensitive Privilege Use
-                      href: auditing/audit-sensitive-privilege-use.md
-                      items: 
-                        - name: "Event 4673 S, F: A privileged service was called."
-                          href: auditing/event-4673.md
-                        - name: "Event 4674 S, F: An operation was attempted on a privileged object."
-                          href: auditing/event-4674.md
-                        - name: "Event 4985 S: The state of a transaction has changed."
-                          href: auditing/event-4985.md
-                    - name: Audit Non Sensitive Privilege Use
-                      href: auditing/audit-non-sensitive-privilege-use.md
-                      items: 
-                        - name: "Event 4673 S, F: A privileged service was called."
-                          href: auditing/event-4673.md
-                        - name: "Event 4674 S, F: An operation was attempted on a privileged object."
-                          href: auditing/event-4674.md
-                        - name: "Event 4985 S: The state of a transaction has changed."
-                          href: auditing/event-4985.md
-                    - name: Audit Other Privilege Use Events
-                      href: auditing/audit-other-privilege-use-events.md
-                      items: 
-                        - name: "Event 4985 S: The state of a transaction has changed."
-                          href: auditing/event-4985.md
-                    - name: Audit IPsec Driver
-                      href: auditing/audit-ipsec-driver.md
-                    - name: Audit Other System Events
-                      href: auditing/audit-other-system-events.md
-                      items: 
-                        - name: "Event 5024 S: The Windows Firewall Service has started successfully."
-                          href: auditing/event-5024.md
-                        - name: "Event 5025 S: The Windows Firewall Service has been stopped."
-                          href: auditing/event-5025.md
-                        - name: "Event 5027 F: The Windows Firewall Service was unable to retrieve the security policy from the local storage. The service will continue enforcing the current policy."
-                          href: auditing/event-5027.md
-                        - name: "Event 5028 F: The Windows Firewall Service was unable to parse the new security policy. The service will continue with currently enforced policy."
-                          href: auditing/event-5028.md
-                        - name: "Event 5029 F: The Windows Firewall Service failed to initialize the driver. The service will continue to enforce the current policy."
-                          href: auditing/event-5029.md
-                        - name: "Event 5030 F: The Windows Firewall Service failed to start."
-                          href: auditing/event-5030.md
-                        - name: "Event 5032 F: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network."
-                          href: auditing/event-5032.md
-                        - name: "Event 5033 S: The Windows Firewall Driver has started successfully."
-                          href: auditing/event-5033.md
-                        - name: "Event 5034 S: The Windows Firewall Driver was stopped."
-                          href: auditing/event-5034.md
-                        - name: "Event 5035 F: The Windows Firewall Driver failed to start."
-                          href: auditing/event-5035.md
-                        - name: "Event 5037 F: The Windows Firewall Driver detected critical runtime error. Terminating."
-                          href: auditing/event-5037.md
-                        - name: "Event 5058 S, F: Key file operation."
-                          href: auditing/event-5058.md
-                        - name: "Event 5059 S, F: Key migration operation."
-                          href: auditing/event-5059.md
-                        - name: "Event 6400: BranchCache: Received an incorrectly formatted response while discovering availability of content."
-                          href: auditing/event-6400.md
-                        - name: "Event 6401: BranchCache: Received invalid data from a peer. Data discarded."
-                          href: auditing/event-6401.md
-                        - name: "Event 6402: BranchCache: The message to the hosted cache offering it data is incorrectly formatted."
-                          href: auditing/event-6402.md
-                        - name: "Event 6403: BranchCache: The hosted cache sent an incorrectly formatted response to the client."
-                          href: auditing/event-6403.md
-                        - name: "Event 6404: BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate."
-                          href: auditing/event-6404.md
-                        - name: "Event 6405: BranchCache: %2 instances of event id %1 occurred."
-                          href: auditing/event-6405.md
-                        - name: "Event 6406: %1 registered to Windows Firewall to control filtering for the following: %2."
-                          href: auditing/event-6406.md
-                        - name: "Event 6407: 1%."
-                          href: auditing/event-6407.md
-                        - name: "Event 6408: Registered product %1 failed and Windows Firewall is now controlling the filtering for %2."
-                          href: auditing/event-6408.md
-                        - name: "Event 6409: BranchCache: A service connection point object could not be parsed."
-                          href: auditing/event-6409.md
-                    - name: Audit Security State Change
-                      href: auditing/audit-security-state-change.md
-                      items: 
-                        - name: "Event 4608 S: Windows is starting up."
-                          href: auditing/event-4608.md
-                        - name: "Event 4616 S: The system time was changed."
-                          href: auditing/event-4616.md
-                        - name: "Event 4621 S: Administrator recovered system from CrashOnAuditFail."
-                          href: auditing/event-4621.md
-                    - name: Audit Security System Extension
-                      href: auditing/audit-security-system-extension.md
-                      items: 
-                        - name: "Event 4610 S: An authentication package has been loaded by the Local Security Authority."
-                          href: auditing/event-4610.md
-                        - name: "Event 4611 S: A trusted logon process has been registered with the Local Security Authority."
-                          href: auditing/event-4611.md
-                        - name: "Event 4614 S: A notification package has been loaded by the Security Account Manager."
-                          href: auditing/event-4614.md
-                        - name: "Event 4622 S: A security package has been loaded by the Local Security Authority."
-                          href: auditing/event-4622.md
-                        - name: "Event 4697 S: A service was installed in the system."
-                          href: auditing/event-4697.md
-                    - name: Audit System Integrity
-                      href: auditing/audit-system-integrity.md
-                      items: 
-                        - name: "Event 4612 S: Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits."
-                          href: auditing/event-4612.md
-                        - name: "Event 4615 S: Invalid use of LPC port."
-                          href: auditing/event-4615.md
-                        - name: "Event 4618 S: A monitored security event pattern has occurred."
-                          href: auditing/event-4618.md
-                        - name: "Event 4816 S: RPC detected an integrity violation while decrypting an incoming message."
-                          href: auditing/event-4816.md
-                        - name: "Event 5038 F: Code integrity determined that the image hash of a file is not valid."
-                          href: auditing/event-5038.md
-                        - name: "Event 5056 S: A cryptographic self-test was performed."
-                          href: auditing/event-5056.md
-                        - name: "Event 5062 S: A kernel-mode cryptographic self-test was performed."
-                          href: auditing/event-5062.md
-                        - name: "Event 5057 F: A cryptographic primitive operation failed."
-                          href: auditing/event-5057.md
-                        - name: "Event 5060 F: Verification operation failed."
-                          href: auditing/event-5060.md
-                        - name: "Event 5061 S, F: Cryptographic operation."
-                          href: auditing/event-5061.md
-                        - name: "Event 6281 F: Code Integrity determined that the page hashes of an image file are not valid."
-                          href: auditing/event-6281.md
-                        - name: "Event 6410 F: Code integrity determined that a file does not meet the security requirements to load into a process."
-                          href: auditing/event-6410.md
-                    - name: Other Events
-                      href: auditing/other-events.md
-                      items: 
-                        - name: "Event 1100 S: The event logging service has shut down."
-                          href: auditing/event-1100.md
-                        - name: "Event 1102 S: The audit log was cleared."
-                          href: auditing/event-1102.md
-                        - name: "Event 1104 S: The security log is now full."
-                          href: auditing/event-1104.md
-                        - name: "Event 1105 S: Event log automatic backup."
-                          href: auditing/event-1105.md
-                        - name: "Event 1108 S: The event logging service encountered an error while processing an incoming event published from %1."
-                          href: auditing/event-1108.md
-                    - name: "Appendix A: Security monitoring recommendations for many audit events"
-                      href: auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md
-                    - name: Registry (Global Object Access Auditing)
-                      href: auditing/registry-global-object-access-auditing.md
-                    - name: File System (Global Object Access Auditing)
-                      href: auditing/file-system-global-object-access-auditing.md
-        - name: Security policy settings
-          href: security-policy-settings/security-policy-settings.md
-          items: 
-            - name: Administer security policy settings
-              href: security-policy-settings/administer-security-policy-settings.md
-              items: 
-                - name: Network List Manager policies
-                  href: security-policy-settings/network-list-manager-policies.md
-            - name: Configure security policy settings
-              href: security-policy-settings/how-to-configure-security-policy-settings.md
-            - name: Security policy settings reference
-              href: security-policy-settings/security-policy-settings-reference.md
-              items: 
-                - name: Account Policies
-                  href: security-policy-settings/account-policies.md
-                  items: 
-                    - name: Password Policy
-                      href: security-policy-settings/password-policy.md
-                      items: 
-                        - name: Enforce password history
-                          href: security-policy-settings/enforce-password-history.md
-                        - name: Maximum password age
-                          href: security-policy-settings/maximum-password-age.md
-                        - name: Minimum password age
-                          href: security-policy-settings/minimum-password-age.md
-                        - name: Minimum password length
-                          href: security-policy-settings/minimum-password-length.md
-                        - name: Password must meet complexity requirements
-                          href: security-policy-settings/password-must-meet-complexity-requirements.md
-                        - name: Store passwords using reversible encryption
-                          href: security-policy-settings/store-passwords-using-reversible-encryption.md
-                    - name: Account Lockout Policy
-                      href: security-policy-settings/account-lockout-policy.md
-                      items: 
-                        - name: Account lockout duration
-                          href: security-policy-settings/account-lockout-duration.md
-                        - name: Account lockout threshold
-                          href: security-policy-settings/account-lockout-threshold.md
-                        - name: Reset account lockout counter after
-                          href: security-policy-settings/reset-account-lockout-counter-after.md
-                    - name: Kerberos Policy
-                      href: security-policy-settings/kerberos-policy.md
-                      items: 
-                        - name: Enforce user logon restrictions
-                          href: security-policy-settings/enforce-user-logon-restrictions.md
-                        - name: Maximum lifetime for service ticket
-                          href: security-policy-settings/maximum-lifetime-for-service-ticket.md
-                        - name: Maximum lifetime for user ticket
-                          href: security-policy-settings/maximum-lifetime-for-user-ticket.md
-                        - name: Maximum lifetime for user ticket renewal
-                          href: security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md
-                        - name: Maximum tolerance for computer clock synchronization
-                          href: security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md
-                - name: Audit Policy
-                  href: security-policy-settings/audit-policy.md
-                - name: Security Options
-                  href: security-policy-settings/security-options.md
-                  items: 
-                    - name: "Accounts: Administrator account status"
-                      href: security-policy-settings/accounts-administrator-account-status.md
-                    - name: "Accounts: Block Microsoft accounts"
-                      href: security-policy-settings/accounts-block-microsoft-accounts.md
-                    - name: "Accounts: Guest account status"
-                      href: security-policy-settings/accounts-guest-account-status.md
-                    - name: "Accounts: Limit local account use of blank passwords to console logon only"
-                      href: security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md
-                    - name: "Accounts: Rename administrator account"
-                      href: security-policy-settings/accounts-rename-administrator-account.md
-                    - name: "Accounts: Rename guest account"
-                      href: security-policy-settings/accounts-rename-guest-account.md
-                    - name: "Audit: Audit the access of global system objects"
-                      href: security-policy-settings/audit-audit-the-access-of-global-system-objects.md
-                    - name: "Audit: Audit the use of Backup and Restore privilege"
-                      href: security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md
-                    - name: "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings"
-                      href: security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md
-                    - name: "Audit: Shut down system immediately if unable to log security audits"
-                      href: security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md
-                    - name: "DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax"
-                      href: security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
-                    - name: "DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax"
-                      href: security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
-                    - name: "Devices: Allow undock without having to log on"
-                      href: security-policy-settings/devices-allow-undock-without-having-to-log-on.md
-                    - name: "Devices: Allowed to format and eject removable media"
-                      href: security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md
-                    - name: "Devices: Prevent users from installing printer drivers"
-                      href: security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md
-                    - name: "Devices: Restrict CD-ROM access to locally logged-on user only"
-                      href: security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md
-                    - name: "Devices: Restrict floppy access to locally logged-on user only"
-                      href: security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md
-                    - name: "Domain controller: Allow server operators to schedule tasks"
-                      href: security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md
-                    - name: "Domain controller: LDAP server signing requirements"
-                      href: security-policy-settings/domain-controller-ldap-server-signing-requirements.md
-                    - name: "Domain controller: Refuse machine account password changes"
-                      href: security-policy-settings/domain-controller-refuse-machine-account-password-changes.md
-                    - name: "Domain member: Digitally encrypt or sign secure channel data (always)"
-                      href: security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md
-                    - name: "Domain member: Digitally encrypt secure channel data (when possible)"
-                      href: security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md
-                    - name: "Domain member: Digitally sign secure channel data (when possible)"
-                      href: security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md
-                    - name: "Domain member: Disable machine account password changes"
-                      href: security-policy-settings/domain-member-disable-machine-account-password-changes.md
-                    - name: "Domain member: Maximum machine account password age"
-                      href: security-policy-settings/domain-member-maximum-machine-account-password-age.md
-                    - name: "Domain member: Require strong (Windows 2000 or later) session key"
-                      href: security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md
-                    - name: "Interactive logon: Display user information when the session is locked"
-                      href: security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md
-                    - name: "Interactive logon: Don't display last signed-in"
-                      href: security-policy-settings/interactive-logon-do-not-display-last-user-name.md
-                    - name: "Interactive logon: Don't display username at sign-in"
-                      href: security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md
-                    - name: "Interactive logon: Do not require CTRL+ALT+DEL"
-                      href: security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md
-                    - name: "Interactive logon: Machine account lockout threshold"
-                      href: security-policy-settings/interactive-logon-machine-account-lockout-threshold.md
-                    - name: "Interactive logon: Machine inactivity limit"
-                      href: security-policy-settings/interactive-logon-machine-inactivity-limit.md
-                    - name: "Interactive logon: Message text for users attempting to log on"
-                      href: security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md
-                    - name: "Interactive logon: Message title for users attempting to log on"
-                      href: security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md
-                    - name: "Interactive logon: Number of previous logons to cache (in case domain controller is not available)"
-                      href: security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md
-                    - name: "Interactive logon: Prompt user to change password before expiration"
-                      href: security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md
-                    - name: "Interactive logon: Require Domain Controller authentication to unlock workstation"
-                      href: security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md
-                    - name: "Interactive logon: Require smart card"
-                      href: security-policy-settings/interactive-logon-require-smart-card.md
-                    - name: "Interactive logon: Smart card removal behavior"
-                      href: security-policy-settings/interactive-logon-smart-card-removal-behavior.md
-                    - name: "Microsoft network client: Digitally sign communications (always)"
-                      href: security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md
-                    - name: "SMBv1 Microsoft network client: Digitally sign communications (always)"
-                      href: security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md
-                    - name: "SMBv1 Microsoft network client: Digitally sign communications (if server agrees)"
-                      href: security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md
-                    - name: "Microsoft network client: Send unencrypted password to third-party SMB servers"
-                      href: security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md
-                    - name: "Microsoft network server: Amount of idle time required before suspending session"
-                      href: security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md
-                    - name: "Microsoft network server: Attempt S4U2Self to obtain claim information"
-                      href: security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md
-                    - name: "Microsoft network server: Digitally sign communications (always)"
-                      href: security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md
-                    - name: "SMBv1 Microsoft network server: Digitally sign communications (always)"
-                      href: security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md
-                    - name: "SMBv1 Microsoft network server: Digitally sign communications (if client agrees)"
-                      href: security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md
-                    - name: "Microsoft network server: Disconnect clients when logon hours expire"
-                      href: security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md
-                    - name: "Microsoft network server: Server SPN target name validation level"
-                      href: security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md
-                    - name: "Network access: Allow anonymous SID/Name translation"
-                      href: security-policy-settings/network-access-allow-anonymous-sidname-translation.md
-                    - name: "Network access: Do not allow anonymous enumeration of SAM accounts"
-                      href: security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md
-                    - name: "Network access: Do not allow anonymous enumeration of SAM accounts and shares"
-                      href: security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md
-                    - name: "Network access: Do not allow storage of passwords and credentials for network authentication"
-                      href: security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md
-                    - name: "Network access: Let Everyone permissions apply to anonymous users"
-                      href: security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md
-                    - name: "Network access: Named Pipes that can be accessed anonymously"
-                      href: security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md
-                    - name: "Network access: Remotely accessible registry paths"
-                      href: security-policy-settings/network-access-remotely-accessible-registry-paths.md
-                    - name: "Network access: Remotely accessible registry paths and subpaths"
-                      href: security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md
-                    - name: "Network access: Restrict anonymous access to Named Pipes and Shares"
-                      href: security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md
-                    - name: "Network access: Restrict clients allowed to make remote calls to SAM"
-                      href: security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md
-                    - name: "Network access: Shares that can be accessed anonymously"
-                      href: security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md
-                    - name: "Network access: Sharing and security model for local accounts"
-                      href: security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md
-                    - name: "Network security: Allow Local System to use computer identity for NTLM"
-                      href: security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md
-                    - name: "Network security: Allow LocalSystem NULL session fallback"
-                      href: security-policy-settings/network-security-allow-localsystem-null-session-fallback.md
-                    - name: "Network security: Allow PKU2U authentication requests to this computer to use online identities"
-                      href: security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md
-                    - name: "Network security: Configure encryption types allowed for Kerberos"
-                      href: security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md
-                    - name: "Network security: Do not store LAN Manager hash value on next password change"
-                      href: security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md
-                    - name: "Network security: Force logoff when logon hours expire"
-                      href: security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md
-                    - name: "Network security: LAN Manager authentication level"
-                      href: security-policy-settings/network-security-lan-manager-authentication-level.md
-                    - name: "Network security: LDAP client signing requirements"
-                      href: security-policy-settings/network-security-ldap-client-signing-requirements.md
-                    - name: "Network security: Minimum session security for NTLM SSP based (including secure RPC) clients"
-                      href: security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md
-                    - name: "Network security: Minimum session security for NTLM SSP based (including secure RPC) servers"
-                      href: security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md
-                    - name: "Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication"
-                      href: security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md
-                    - name: "Network security: Restrict NTLM: Add server exceptions in this domain"
-                      href: security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md
-                    - name: "Network security: Restrict NTLM: Audit incoming NTLM traffic"
-                      href: security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md
-                    - name: "Network security: Restrict NTLM: Audit NTLM authentication in this domain"
-                      href: security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md
-                    - name: "Network security: Restrict NTLM: Incoming NTLM traffic"
-                      href: security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md
-                    - name: "Network security: Restrict NTLM: NTLM authentication in this domain"
-                      href: security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md
-                    - name: "Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers"
-                      href: security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md
-                    - name: "Recovery console: Allow automatic administrative logon"
-                      href: security-policy-settings/recovery-console-allow-automatic-administrative-logon.md
-                    - name: "Recovery console: Allow floppy copy and access to all drives and folders"
-                      href: security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md
-                    - name: "Shutdown: Allow system to be shut down without having to log on"
-                      href: security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md
-                    - name: "Shutdown: Clear virtual memory pagefile"
-                      href: security-policy-settings/shutdown-clear-virtual-memory-pagefile.md
-                    - name: "System cryptography: Force strong key protection for user keys stored on the computer"
-                      href: security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md
-                    - name: "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing"
-                      href: security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md
-                    - name: "System objects: Require case insensitivity for non-Windows subsystems"
-                      href: security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md
-                    - name: "System objects: Strengthen default permissions of internal system objects (Symbolic Links)"
-                      href: security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md
-                    - name: "System settings: Optional subsystems"
-                      href: security-policy-settings/system-settings-optional-subsystems.md
-                    - name: "System settings: Use certificate rules on Windows executables for Software Restriction Policies"
-                      href: security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md
-                    - name: "User Account Control: Admin Approval Mode for the Built-in Administrator account"
-                      href: security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md
-                    - name: "User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop"
-                      href: security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md
-                    - name: "User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode"
-                      href: security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md
-                    - name: "User Account Control: Behavior of the elevation prompt for standard users"
-                      href: security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md
-                    - name: "User Account Control: Detect application installations and prompt for elevation"
-                      href: security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md
-                    - name: "User Account Control: Only elevate executables that are signed and validated"
-                      href: security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md
-                    - name: "User Account Control: Only elevate UIAccess applications that are installed in secure locations"
-                      href: security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md
-                    - name: "User Account Control: Run all administrators in Admin Approval Mode"
-                      href: security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md
-                    - name: "User Account Control: Switch to the secure desktop when prompting for elevation"
-                      href: security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md
-                    - name: "User Account Control: Virtualize file and registry write failures to per-user locations"
-                      href: security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md
-                - name: Advanced security audit policy settings
-                  href: security-policy-settings/secpol-advanced-security-audit-policy-settings.md
-                - name: User Rights Assignment
-                  href: security-policy-settings/user-rights-assignment.md
-                  items: 
-                    - name: Access Credential Manager as a trusted caller
-                      href: security-policy-settings/access-credential-manager-as-a-trusted-caller.md
-                    - name: Access this computer from the network
-                      href: security-policy-settings/access-this-computer-from-the-network.md
-                    - name: Act as part of the operating system
-                      href: security-policy-settings/act-as-part-of-the-operating-system.md
-                    - name: Add workstations to domain
-                      href: security-policy-settings/add-workstations-to-domain.md
-                    - name: Adjust memory quotas for a process
-                      href: security-policy-settings/adjust-memory-quotas-for-a-process.md
-                    - name: Allow log on locally
-                      href: security-policy-settings/allow-log-on-locally.md
-                    - name: Allow log on through Remote Desktop Services
-                      href: security-policy-settings/allow-log-on-through-remote-desktop-services.md
-                    - name: Back up files and directories
-                      href: security-policy-settings/back-up-files-and-directories.md
-                    - name: Bypass traverse checking
-                      href: security-policy-settings/bypass-traverse-checking.md
-                    - name: Change the system time
-                      href: security-policy-settings/change-the-system-time.md
-                    - name: Change the time zone
-                      href: security-policy-settings/change-the-time-zone.md
-                    - name: Create a pagefile
-                      href: security-policy-settings/create-a-pagefile.md
-                    - name: Create a token object
-                      href: security-policy-settings/create-a-token-object.md
-                    - name: Create global objects
-                      href: security-policy-settings/create-global-objects.md
-                    - name: Create permanent shared objects
-                      href: security-policy-settings/create-permanent-shared-objects.md
-                    - name: Create symbolic links
-                      href: security-policy-settings/create-symbolic-links.md
-                    - name: Debug programs
-                      href: security-policy-settings/debug-programs.md
-                    - name: Deny access to this computer from the network
-                      href: security-policy-settings/deny-access-to-this-computer-from-the-network.md
-                    - name: Deny log on as a batch job
-                      href: security-policy-settings/deny-log-on-as-a-batch-job.md
-                    - name: Deny log on as a service
-                      href: security-policy-settings/deny-log-on-as-a-service.md
-                    - name: Deny log on locally
-                      href: security-policy-settings/deny-log-on-locally.md
-                    - name: Deny log on through Remote Desktop Services
-                      href: security-policy-settings/deny-log-on-through-remote-desktop-services.md
-                    - name: Enable computer and user accounts to be trusted for delegation
-                      href: security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md
-                    - name: Force shutdown from a remote system
-                      href: security-policy-settings/force-shutdown-from-a-remote-system.md
-                    - name: Generate security audits
-                      href: security-policy-settings/generate-security-audits.md
-                    - name: Impersonate a client after authentication
-                      href: security-policy-settings/impersonate-a-client-after-authentication.md
-                    - name: Increase a process working set
-                      href: security-policy-settings/increase-a-process-working-set.md
-                    - name: Increase scheduling priority
-                      href: security-policy-settings/increase-scheduling-priority.md
-                    - name: Load and unload device drivers
-                      href: security-policy-settings/load-and-unload-device-drivers.md
-                    - name: Lock pages in memory
-                      href: security-policy-settings/lock-pages-in-memory.md
-                    - name: Log on as a batch job
-                      href: security-policy-settings/log-on-as-a-batch-job.md
-                    - name: Log on as a service
-                      href: security-policy-settings/log-on-as-a-service.md
-                    - name: Manage auditing and security log
-                      href: security-policy-settings/manage-auditing-and-security-log.md
-                    - name: Modify an object label
-                      href: security-policy-settings/modify-an-object-label.md
-                    - name: Modify firmware environment values
-                      href: security-policy-settings/modify-firmware-environment-values.md
-                    - name: Perform volume maintenance tasks
-                      href: security-policy-settings/perform-volume-maintenance-tasks.md
-                    - name: Profile single process
-                      href: security-policy-settings/profile-single-process.md
-                    - name: Profile system performance
-                      href: security-policy-settings/profile-system-performance.md
-                    - name: Remove computer from docking station
-                      href: security-policy-settings/remove-computer-from-docking-station.md
-                    - name: Replace a process level token
-                      href: security-policy-settings/replace-a-process-level-token.md
-                    - name: Restore files and directories
-                      href: security-policy-settings/restore-files-and-directories.md
-                    - name: Shut down the system
-                      href: security-policy-settings/shut-down-the-system.md
-                    - name: Synchronize directory service data
-                      href: security-policy-settings/synchronize-directory-service-data.md
-                    - name: Take ownership of files or other objects
-                      href: security-policy-settings/take-ownership-of-files-or-other-objects.md
-        - name: Windows security guidance for enterprises
-          items: 
-            - name: Windows security baselines
-              href: windows-security-configuration-framework/windows-security-baselines.md
-              items: 
-                - name: Security Compliance Toolkit
-                  href: windows-security-configuration-framework/security-compliance-toolkit-10.md
-                - name: Get support
-                  href: windows-security-configuration-framework/get-support-for-security-baselines.md
+       - name: Overview
+         href: threat-protection/index.md
+       - name: Microsoft Defender Antivirus
+         href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows
+       - name: Attack surface reduction rules
+         href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/attack-surface-reduction
+       - name: Tamper protection
+         href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection
+       - name: Network protection
+         href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/network-protection
+       - name: Controlled folder access
+         href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/controlled-folders
+       - name: Exploit protection
+         href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/exploit-protection
+       - name: Microsoft Defender for Endpoint
+         href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint

From dffdcc71290fdb82401776ef2b8faeaa086e1338 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 14 Sep 2021 15:21:16 -0700
Subject: [PATCH 343/671] Update TOC.yml

---
 windows/security/threat-protection/TOC.yml | 37 ++++++++++------------
 1 file changed, 17 insertions(+), 20 deletions(-)

diff --git a/windows/security/threat-protection/TOC.yml b/windows/security/threat-protection/TOC.yml
index dcf41c2615..960b757d3d 100644
--- a/windows/security/threat-protection/TOC.yml
+++ b/windows/security/threat-protection/TOC.yml
@@ -1,21 +1,18 @@
-- name: Threat protection
-  href: index.md
+- name: Windows threat protection
   items: 
-    - name: Windows threat protection
-      items: 
-       - name: Overview
-         href: threat-protection/index.md
-       - name: Microsoft Defender Antivirus
-         href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows
-       - name: Attack surface reduction rules
-         href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/attack-surface-reduction
-       - name: Tamper protection
-         href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection
-       - name: Network protection
-         href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/network-protection
-       - name: Controlled folder access
-         href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/controlled-folders
-       - name: Exploit protection
-         href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/exploit-protection
-       - name: Microsoft Defender for Endpoint
-         href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint
+   - name: Overview
+     href: threat-protection/index.md
+   - name: Microsoft Defender Antivirus
+     href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows
+   - name: Attack surface reduction rules
+     href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/attack-surface-reduction
+   - name: Tamper protection
+     href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection
+   - name: Network protection
+     href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/network-protection
+   - name: Controlled folder access
+     href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/controlled-folders
+   - name: Exploit protection
+     href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/exploit-protection
+   - name: Microsoft Defender for Endpoint
+     href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint

From 9c3e97b747b67f97f9bf802521de32a169a1c462 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 14 Sep 2021 15:29:33 -0700
Subject: [PATCH 344/671] Update TOC.yml

---
 windows/security/threat-protection/TOC.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/TOC.yml b/windows/security/threat-protection/TOC.yml
index 960b757d3d..4a98f2c7e0 100644
--- a/windows/security/threat-protection/TOC.yml
+++ b/windows/security/threat-protection/TOC.yml
@@ -1,7 +1,7 @@
 - name: Windows threat protection
   items: 
    - name: Overview
-     href: threat-protection/index.md
+     href: index.md
    - name: Microsoft Defender Antivirus
      href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows
    - name: Attack surface reduction rules

From 6dfe630ba149f684a079ffcb8d8e88d026370de7 Mon Sep 17 00:00:00 2001
From: Eric P <epapa@users.noreply.github.com>
Date: Tue, 14 Sep 2021 15:47:44 -0700
Subject: [PATCH 345/671] Updates to Windows 11 Start documentation

---
 .../customize-start-menu-layout-windows-11.md      | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/configuration/customize-start-menu-layout-windows-11.md b/windows/configuration/customize-start-menu-layout-windows-11.md
index ab20b9ad4f..7c57b80530 100644
--- a/windows/configuration/customize-start-menu-layout-windows-11.md
+++ b/windows/configuration/customize-start-menu-layout-windows-11.md
@@ -1,6 +1,6 @@
 ---
-title: Add or remove pinned apps on the Start menu in Windows 11 | Microsoft Docs
-description: Export start layout to LayoutModification.json that includes pinned apps. Add or remove pinned apps, and use the JSON text in an MDM policy to deploy a custom Start menu layout to Windows 11 devices.
+title: Customize the Start menu layout on Windows 11 | Microsoft Docs
+description: Export Start layout to LayoutModification.json with pinned apps, add or remove pinned apps, and use the JSON text in an MDM policy to deploy a custom Start menu layout to Windows 11 devices.
 ms.assetid: 
 manager: dougeby
 ms.author: mandia
@@ -42,7 +42,7 @@ This article shows you how to export an existing Start menu layout, and use the
   - [What is Microsoft Intune](/mem/intune/fundamentals/what-is-intune) and [Microsoft Intune planning guide](/mem/intune/fundamentals/intune-planning-guide)
   - [What is Configuration Manager?](/mem/configmgr/core/understand/introduction)
 
-## Start menu features and sections
+## Start menu features and areas
 
 In Windows 11, the Start menu is redesigned with a simplified set of apps that are arranged in a grid of pages. There aren't folders, groups, or different-sized app icons:
 
@@ -50,11 +50,11 @@ In Windows 11, the Start menu is redesigned with a simplified set of apps that a
 
 Start has the following areas:
 
-- **Pinned**: This area shows pinned apps, or a subset of all of the apps installed on the device. You can create a list of pinned apps you want on the devices using the **ConfigureStartPins** policy. **ConfigureStartPins** overrides the entire layout, which also removes apps that are pinned by default.
+- **Pinned**: Shows pinned apps, or a subset of all of the apps installed on the device. You can create a list of pinned apps you want on the devices using the **ConfigureStartPins** policy. **ConfigureStartPins** overrides the entire layout, which also removes apps that are pinned by default.
 
   This article shows you how to use the **ConfigureStartPins** policy.
 
-- **All apps**: Users select this option to see an alphabetical list of all the apps on the device. This section can't be customized using the JSON file. You can use the `Start/ShowOrHideMostUsedApps` CSP, which is a new policy available in Windows 11.
+- **All apps**: Users select this option to see an alphabetical list of all the apps on the device. This section can't be customized using the JSON file. You can use the `Start/ShowOrHideMostUsedApps` CSP, which is a policy to configure the "Most used" section at the top of the all apps list.
 - **Recommended**: Shows recently opened files and recently installed apps. This section can't be customized using the JSON file. To prevent files from showing in this section, you can use the [Start/HideRecentJumplists CSP](/windows/client-management/mdm/policy-csp-start#start-hiderecentjumplists). This CSP also hides recent files that show from the taskbar.
 
   You can use an MDM provider, like Microsoft Intune, to manage the [Start/HideRecentJumplists CSP](/windows/client-management/mdm/policy-csp-start#start-hiderecentjumplists) on your devices. For more information on the Start menu settings you can configure in a Microsoft Intune policy, see [Windows 10 (and later) device settings to allow or restrict features using Intune](/mem/intune/configuration/device-restrictions-windows-10#start).
@@ -74,7 +74,7 @@ If you're familiar with creating JSON files, you can create your own `LayoutModi
 
 1. Create a folder to save the `.json` file. For example, create the `C:\Layouts` folder.
 2. On a Windows 11 device, open the Windows PowerShell app.
-3. Run the following cmdletBe sure to name the file `LayoutModification.json`.
+3. Run the following cmdlet. Name the file `LayoutModification.json`.
 
     ```powershell
     Export-StartLayout -Path "C:\Layouts\LayoutModification.json" 
@@ -83,7 +83,7 @@ If you're familiar with creating JSON files, you can create your own `LayoutModi
 ### Get the pinnedList JSON
 
 1. Open the `LayoutModification.json` file in a JSON editor, such as Visual Studio Code or Notepad. For more information, see [edit JSON with Visual Studio Code](https://code.visualstudio.com/docs/languages/json).
-2. In the file, you see the `pinnedList` section. This section includes all the apps that are pinned. Copy the `pinnedList` content in the JSON file. You'll use it in the next section.
+2. In the file, you see the `pinnedList` section. This section includes all of the pinned apps. Copy the `pinnedList` content in the JSON file. You'll use it in the next section.
 
     In the following example, you see that Microsoft Edge, Microsoft Word, the Microsoft Store app, and Notepad are pinned:
 

From 043a2016c38a905086393d6eac1a1bc5e3516c6e Mon Sep 17 00:00:00 2001
From: Mandi Ohlinger <Mandi.Ohlinger@microsoft.com>
Date: Tue, 14 Sep 2021 18:56:01 -0400
Subject: [PATCH 346/671] Put title back to original text

---
 .../configuration/customize-start-menu-layout-windows-11.md   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/configuration/customize-start-menu-layout-windows-11.md b/windows/configuration/customize-start-menu-layout-windows-11.md
index 7c57b80530..90070e8930 100644
--- a/windows/configuration/customize-start-menu-layout-windows-11.md
+++ b/windows/configuration/customize-start-menu-layout-windows-11.md
@@ -1,5 +1,5 @@
 ---
-title: Customize the Start menu layout on Windows 11 | Microsoft Docs
+title: Add or remove pinned apps on the Start menu in Windows 11 | Microsoft Docs
 description: Export Start layout to LayoutModification.json with pinned apps, add or remove pinned apps, and use the JSON text in an MDM policy to deploy a custom Start menu layout to Windows 11 devices.
 ms.assetid: 
 manager: dougeby
@@ -10,7 +10,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mobile
 author: MandiOhlinger
-ms.date: 09/13/2021
+ms.date: 09/14/2021
 ms.localizationpriority: medium
 ---
 

From 35c79d481912ea9c45e80f547ee6a18d041f4326 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Tue, 14 Sep 2021 16:10:50 -0700
Subject: [PATCH 347/671] edits!

---
 windows/security/TOC.yml                      | 27 ++++++++++++++++---
 windows/security/apps.md                      |  9 ++++---
 ...dential-theft-mitigation-guide-abstract.md |  8 +++---
 3 files changed, 32 insertions(+), 12 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index d58e115f79..5df7b605f9 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -13,7 +13,7 @@
           href: information-protection/tpm/trusted-platform-module-overview.md
         - name: TPM fundamentals
           href: information-protection/tpm/tpm-fundamentals.md
-        - name: How Windows 10 uses the TPM
+        - name: How Windows uses the TPM
           href: information-protection/tpm/how-windows-uses-the-tpm.md
         - name: TPM Group Policy settings
           href: information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
@@ -54,7 +54,7 @@
      - name: Bitlocker 
        href: information-protection/bitlocker/bitlocker-overview.md
        items: 
-        - name: Overview of BitLocker Device Encryption in Windows 10
+        - name: Overview of BitLocker Device Encryption in Windows
           href: information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
         - name: BitLocker frequently asked questions (FAQ)
           href: information-protection/bitlocker/bitlocker-frequently-asked-questions.yml
@@ -125,7 +125,7 @@
                   href: information-protection/bitlocker/ts-bitlocker-tpm-issues.md
                 - name: Decode Measured Boot logs to track PCR changes
                   href: information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md
-     - name: Configure S/MIME for Windows 10
+     - name: Configure S/MIME for Windows
        href: identity-protection/configure-s-mime.md     
      - name: Windows Information Protection (WIP)
        href: information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
@@ -199,7 +199,7 @@
           href: identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
         - name: How to use single sign-on (SSO) over VPN and Wi-Fi connections
           href: identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
-        - name: Optimizing Office 365 traffic with the Windows 10 VPN client
+        - name: Optimizing Office 365 traffic with the Windows VPN client
           href: identity-protection/vpn/vpn-office-365-optimization.md
      - name: Windows Defender Firewall
        href: threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
@@ -223,6 +223,25 @@
 - name: Application security
   href: apps.md
   items:
+   - name: Windows Defender Application Control and virtualization-based protection of code integrity
+     href: device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
+   - name: Windows Defender Application Control
+     href: threat-protection\windows-defender-application-control\windows-defender-application-control.md
+   - name: Microsoft Defender Application Guard
+     href: threat-protection\microsoft-defender-application-guard\md-app-guard-overview.md
+   - name: Windows Sandbox
+     href: windows-sandbox/windows-sandbox-overview.md
+     items: 
+        - name: Windows Sandbox architecture
+          href: windows-sandbox/windows-sandbox-architecture.md
+        - name: Windows Sandbox configuration
+          href: windows-sandbox/windows-sandbox-configure-using-wsb-file.md
+   - name: Microsoft Defender SmartScreen overview
+     href: threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
+   - name: Configure S/MIME for Windows
+     href: identity-protection\configure-s-mime.md
+   - name: Windows Credential Theft Mitigation Guide Abstract
+     href: identity-protection\windows-credential-theft-mitigation-guide-abstract.md 
 - name: Secured identity
   href: identity.md
   items:
diff --git a/windows/security/apps.md b/windows/security/apps.md
index a76c2d05d5..a216c26a2c 100644
--- a/windows/security/apps.md
+++ b/windows/security/apps.md
@@ -22,7 +22,8 @@ The following table summarizes the Windows security features and capabilities fo
 
 | Security Measures | Features & Capabilities |
 |:---|:---|
-| Windows Defender Application Control | Application control is one of the most effective security controls to prevent unwanted or malicious code from running. It moves away from an application trust model where all code is assumed trustworthy to one where apps must earn trust to run. Learn more: [Application Control for Windows](/threat-protection/windows-defender-application-control/windows-defender-application-control.md) |
-| Microsoft Defender Application Guard | Application Guard uses chip-based hardware isolation to isolate untrusted websites and untrusted Office files, seamlessly running untrusted websites and files in an isolated Hyper-V-based container, separate from the desktop operating system, and making sure that anything that happens within the container remains isolated from the desktop. Learn more [Microsoft Defender Application Guard overview](/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md). |
-| Email Security |  With Windows S/MIME email security, users can encrypt outgoing messages and attachments, so only intended recipients with digital identification (ID)—also called a certificate—can read them. Users can digitally sign a message, which verifies the identity of the sender and ensures the message has not been tampered with.[Configure S/MIME for Windows 10](/identity-protection/configure-s-mime.md) |
-| Microsoft Defender SmartScreen |  Microsoft Defender SmartScreen protects against phishing or malware websites and applications, and the downloading of potentially malicious files. Learn more: [Microsoft Defender SmartScreen overview](/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md) | 
+| Windows Defender Application Control | Application control is one of the most effective security controls to prevent unwanted or malicious code from running. It moves away from an application trust model where all code is assumed trustworthy to one where apps must earn trust to run. Learn more: [Application Control for Windows](threat-protection/windows-defender-application-control/windows-defender-application-control.md) |
+| Microsoft Defender Application Guard | Application Guard uses chip-based hardware isolation to isolate untrusted websites and untrusted Office files, seamlessly running untrusted websites and files in an isolated Hyper-V-based container, separate from the desktop operating system, and making sure that anything that happens within the container remains isolated from the desktop. Learn more [Microsoft Defender Application Guard overview](threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md). |
+| Windows Sandbox | Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. Software installed inside the Windows Sandbox environment remains "sandboxed" and runs separately from the host machine. A sandbox is temporary. When it's closed, all the software and files and the state are deleted. You get a brand-new instance of the sandbox every time you open the application. Learn more: [Windows Sandbox](threat-protection\windows-sandbox\windows-sandbox-overview.md)
+| Email Security |  With Windows S/MIME email security, users can encrypt outgoing messages and attachments, so only intended recipients with digital identification (ID)—also called a certificate—can read them. Users can digitally sign a message, which verifies the identity of the sender and ensures the message has not been tampered with.[Configure S/MIME for Windows 10](identity-protection/configure-s-mime.md) |
+| Microsoft Defender SmartScreen |  Microsoft Defender SmartScreen protects against phishing or malware websites and applications, and the downloading of potentially malicious files. Learn more: [Microsoft Defender SmartScreen overview](threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md) | 
diff --git a/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md b/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md
index 62a4cf6cf0..3a8d6e6ed0 100644
--- a/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md
+++ b/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md
@@ -1,6 +1,6 @@
 ---
-title: Windows 10 Credential Theft Mitigation Guide Abstract (Windows 10)
-description: Provides a summary of the Windows 10 credential theft mitigation guide.
+title: Windows Credential Theft Mitigation Guide Abstract
+description: Provides a summary of the Windows credential theft mitigation guide.
 ms.assetid: 821ddc1a-f401-4732-82a7-40d1fff5a78a
 ms.reviewer: 
 ms.prod: w10
@@ -17,12 +17,12 @@ ms.localizationpriority: medium
 ms.date: 04/19/2017
 ---
 
-# Windows 10 Credential Theft Mitigation Guide Abstract
+# Windows Credential Theft Mitigation Guide Abstract
 
 **Applies to**
 -   Windows 10
 
-This topic provides a summary of the Windows 10 credential theft mitigation guide, which can be downloaded from the [Microsoft Download Center](https://download.microsoft.com/download/C/1/4/C14579CA-E564-4743-8B51-61C0882662AC/Windows%2010%20credential%20theft%20mitigation%20guide.docx).
+This topic provides a summary of the Windows credential theft mitigation guide, which can be downloaded from the [Microsoft Download Center](https://download.microsoft.com/download/C/1/4/C14579CA-E564-4743-8B51-61C0882662AC/Windows%2010%20credential%20theft%20mitigation%20guide.docx).
 This guide explains how credential theft attacks occur and the strategies and countermeasures you can implement to mitigate them, following these security stages:
 
 - Identify high-value assets

From 0478c9e05670e449f926ba55cea7944da4a22e82 Mon Sep 17 00:00:00 2001
From: Jordan Geurten <jogeurte@microsoft.com>
Date: Tue, 14 Sep 2021 16:16:32 -0700
Subject: [PATCH 348/671] Updated the recommended blocklist to block
 un-enlightened versions of cscript/wscript with versions less than 10.0.0.0

---
 .../microsoft-recommended-block-rules.md                    | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
index 008d041e97..0365837d1b 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
@@ -40,6 +40,7 @@ Unless your use scenarios explicitly require them, Microsoft recommends that you
 - bash.exe
 - bginfo.exe<sup>1</sup>
 - cdb.exe
+- cscript.exe
 - csi.exe
 - dbghost.exe
 - dbgsvc.exe
@@ -69,6 +70,7 @@ Unless your use scenarios explicitly require them, Microsoft recommends that you
 - wfc.exe
 - windbg.exe
 - wmic.exe
+- wscript.exe
 - wsl.exe
 - wslconfig.exe
 - wslhost.exe
@@ -149,7 +151,7 @@ Select the correct version of each .dll for the Windows release you plan to supp
   <Deny ID="ID_DENY_BGINFO" FriendlyName="bginfo.exe" FileName="BGINFO.Exe" MinimumFileVersion="4.21.0.0"/> 
   <Deny ID="ID_DENY_CBD" FriendlyName="cdb.exe" FileName="CDB.Exe" MinimumFileVersion="65535.65535.65535.65535"/>
   <Deny ID="ID_DENY_CSI" FriendlyName="csi.exe" FileName="csi.Exe" MinimumFileVersion="65535.65535.65535.65535"/>
-  <Deny ID="ID_DENY_CSCRIPT" FriendlyName="cscript.exe" FileName="cscript.exe" MinimumFileVersion = "65535.65535.65535.65535" />
+  <Deny ID="ID_DENY_CSCRIPT" FriendlyName="cscript.exe" FileName="cscript.exe" MinimumFileVersion = "10.0.0.0" />
   <Deny ID="ID_DENY_DBGHOST" FriendlyName="dbghost.exe" FileName="DBGHOST.Exe" MinimumFileVersion="2.3.0.0"/> 
   <Deny ID="ID_DENY_DBGSVC" FriendlyName="dbgsvc.exe" FileName="DBGSVC.Exe" MinimumFileVersion="2.3.0.0"/>
   <Deny ID="ID_DENY_DNX" FriendlyName="dnx.exe" FileName="dnx.Exe" MinimumFileVersion="65535.65535.65535.65535"/> 
@@ -179,7 +181,7 @@ Select the correct version of each .dll for the Windows release you plan to supp
   <Deny ID="ID_DENY_WFC" FriendlyName="WFC.exe" FileName="wfc.exe" MinimumFileVersion="65535.65535.65535.65535" />   
   <Deny ID="ID_DENY_WINDBG" FriendlyName="windbg.exe" FileName="windbg.Exe" MinimumFileVersion="65535.65535.65535.65535"/> 
   <Deny ID="ID_DENY_WMIC" FriendlyName="wmic.exe" FileName="wmic.exe" MinimumFileVersion="65535.65535.65535.65535"/>
-  <Deny ID="ID_DENY_WSCRIPT" FriendlyName="wscript.exe"  FileName="wscript.exe" MinimumFileVersion = "65535.65535.65535.65535" />
+  <Deny ID="ID_DENY_WSCRIPT" FriendlyName="wscript.exe"  FileName="wscript.exe" MinimumFileVersion = "10.0.0.0" />
   <Deny ID="ID_DENY_WSL" FriendlyName="wsl.exe" FileName="wsl.exe" MinimumFileVersion="65535.65535.65535.65535"/> 
   <Deny ID="ID_DENY_WSLCONFIG" FriendlyName="wslconfig.exe" FileName="wslconfig.exe" MinimumFileVersion="65535.65535.65535.65535"/> 
   <Deny ID="ID_DENY_WSLHOST" FriendlyName="wslhost.exe" FileName="wslhost.exe" MinimumFileVersion="65535.65535.65535.65535"/> 

From 6d49e0655f0b6c1869f20a7822a439bcca97486c Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Tue, 14 Sep 2021 16:33:17 -0700
Subject: [PATCH 349/671] fixing TOC, reordering

---
 windows/security/TOC.yml             | 58 ++++++++++++++--------------
 windows/security/apps.md             |  1 -
 windows/security/cloud.md            |  2 -
 windows/security/hardware.md         |  6 ++-
 windows/security/identity.md         |  3 +-
 windows/security/operating-system.md |  1 -
 windows/security/trusted-boot.md     |  2 +-
 7 files changed, 35 insertions(+), 38 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 5df7b605f9..fc3319a432 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -242,9 +242,6 @@
      href: identity-protection\configure-s-mime.md
    - name: Windows Credential Theft Mitigation Guide Abstract
      href: identity-protection\windows-credential-theft-mitigation-guide-abstract.md 
-- name: Secured identity
-  href: identity.md
-  items:
 - name: Cloud services
   items:
    - name: Overview
@@ -263,7 +260,35 @@
      - name: Azure Virtual Desktop (need link)
        href: https://docs.microsoft.com/windows/whats-new/windows-11
 - name: User protection
+  href: identity.md
   items:
+    - name: Windows Hello for Business
+      href: identity-protection/hello-for-business/index.yml
+    - name: Windows credential theft mitigation guide
+      href: identity-protection/windows-credential-theft-mitigation-guide-abstract.md
+    - name: Enterprise Certificate Pinning
+      href: identity-protection/enterprise-certificate-pinning.md
+    - name: Protect derived domain credentials with Credential Guard
+      href: identity-protection/credential-guard/credential-guard.md
+      items: 
+        - name: How Credential Guard works
+          href: identity-protection/credential-guard/credential-guard-how-it-works.md
+        - name: Credential Guard Requirements
+          href: identity-protection/credential-guard/credential-guard-requirements.md
+        - name: Manage Credential Guard
+          href: identity-protection/credential-guard/credential-guard-manage.md
+        - name: Hardware readiness tool
+          href: identity-protection/credential-guard/dg-readiness-tool.md
+        - name: Credential Guard protection limits
+          href: identity-protection/credential-guard/credential-guard-protection-limits.md
+        - name: Considerations when using Credential Guard
+          href: identity-protection/credential-guard/credential-guard-considerations.md
+        - name: "Credential Guard: Additional mitigations"
+          href: identity-protection/credential-guard/additional-mitigations.md
+        - name: "Credential Guard: Known issues"
+          href: identity-protection/credential-guard/credential-guard-known-issues.md
+    - name: Protect Remote Desktop credentials with Remote Credential Guard
+      href: identity-protection/remote-credential-guard.md
     - name: Technical support policy for lost or forgotten passwords
       href: identity-protection/password-support-policy.md
     - name: Access Control Overview
@@ -296,33 +321,6 @@
               href: identity-protection/user-account-control/user-account-control-security-policy-settings.md
             - name: User Account Control Group Policy and registry key settings
               href: identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
-    - name: Windows Hello for Business
-      href: identity-protection/hello-for-business/index.yml
-    - name: Windows credential theft mitigation guide
-      href: identity-protection/windows-credential-theft-mitigation-guide-abstract.md
-    - name: Enterprise Certificate Pinning
-      href: identity-protection/enterprise-certificate-pinning.md
-    - name: Protect derived domain credentials with Credential Guard
-      href: identity-protection/credential-guard/credential-guard.md
-      items: 
-        - name: How Credential Guard works
-          href: identity-protection/credential-guard/credential-guard-how-it-works.md
-        - name: Credential Guard Requirements
-          href: identity-protection/credential-guard/credential-guard-requirements.md
-        - name: Manage Credential Guard
-          href: identity-protection/credential-guard/credential-guard-manage.md
-        - name: Hardware readiness tool
-          href: identity-protection/credential-guard/dg-readiness-tool.md
-        - name: Credential Guard protection limits
-          href: identity-protection/credential-guard/credential-guard-protection-limits.md
-        - name: Considerations when using Credential Guard
-          href: identity-protection/credential-guard/credential-guard-considerations.md
-        - name: "Credential Guard: Additional mitigations"
-          href: identity-protection/credential-guard/additional-mitigations.md
-        - name: "Credential Guard: Known issues"
-          href: identity-protection/credential-guard/credential-guard-known-issues.md
-    - name: Protect Remote Desktop credentials with Remote Credential Guard
-      href: identity-protection/remote-credential-guard.md
     - name: Smart Cards
       href: identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md
       items: 
diff --git a/windows/security/apps.md b/windows/security/apps.md
index a216c26a2c..4acb890ee6 100644
--- a/windows/security/apps.md
+++ b/windows/security/apps.md
@@ -4,7 +4,6 @@ description: Get an overview of application security in Windows 11
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
-ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index 04dc44e601..f83dc607ac 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -5,12 +5,10 @@ ms.reviewer:
 author: denisebmsft
 ms.author: deniseb
 manager: dansimp 
-ms.prod: w10
 audience: ITPro
 ms.topic: conceptual
 ms.date: 09/10/2021
 ms.localizationpriority: medium
-ms.collection: 
 ms.custom: 
 f1.keywords: NOCSH 
 ms.mktglfcycl: deploy
diff --git a/windows/security/hardware.md b/windows/security/hardware.md
index 3d619b9226..1a0e0d64e2 100644
--- a/windows/security/hardware.md
+++ b/windows/security/hardware.md
@@ -4,7 +4,6 @@ description: Get an overview of hardware security in Windows 11
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
-ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -20,3 +19,8 @@ Modern threats require modern security with a strong alignment between hardware
 These new threats call for computing hardware that is secure down to the very core, including hardware chips and processors. Microsoft and our partners, including chip and device manufacturers, have worked together to integrate powerful security capabilities across software, firmware, and hardware. 
 With Windows 11, we have raised the hardware security baseline to design the most secure version of Windows ever. We have carefully chosen the hardware requirements and default security features based on threat intelligence and input from leading experts around the globe, including our own Microsoft Cybersecurity team.  
 Though a powerful combination of hardware root-of-trust and silicon-assisted security, Windows 11 delivers built-in hardware protection out-of-the box.  
+
+
+| Security Measures | Features & Capabilities |
+|:---|:---|
+| Windows Defender Application Control | Application control is one of the most effective security controls to prevent unwanted or malicious code from running. It moves away from an application trust model where all code is assumed trustworthy to one where apps must earn trust to run. Learn more: [Application Control for Windows](/threat-protection/windows-defender-application-control/windows-defender-application-control.md) |
\ No newline at end of file
diff --git a/windows/security/identity.md b/windows/security/identity.md
index e7f014671d..3c8edb7851 100644
--- a/windows/security/identity.md
+++ b/windows/security/identity.md
@@ -4,7 +4,6 @@ description: Get an overview of identity security in Windows 11
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
-ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -23,7 +22,7 @@ New Windows 11 devices protect users by removing vulnerable passwords by default
 | Security capabilities | Description |
 |:---|:---|
 | Securing user identity with Windows Hello  |  Windows Hello and Windows Hello for Business replace password-based authentication with a stronger authentication model to sign into your device using a passcode (PIN) or other biometric based authentication. This PIN or biometric based authentication is only valid on the device that you registered it for and cannot be used on another deviceLearn more: [Windows Hello for Business](identity-protection\hello-for-business\hello-overview.md) |
-| Credential Guard | Credential Guard helps protects your systems from credential theft attack techniques (pass-the-hash or pass-the-ticket) as well as helping prevent malware from accessing system secrets even if the process is running with admin privileges. Learn more: [Credential Guard](identity-protection/credential-guard/credential-guard-how-it-works.md)|
+| Windows Defender Credential Guard and Remote Credential Guard | Windows Defender Credential Guard helps protects your systems from credential theft attack techniques (pass-the-hash or pass-the-ticket) as well as helping prevent malware from accessing system secrets even if the process is running with admin privileges. Windows Defender Remote Credential Guard helps you protect your credentials over a Remote Desktop connection by redirecting Kerberos requests back to the device that's requesting the connection. It also provides single sign-on experiences for Remote Desktop sessions.Learn more: [Protect derived domain credentials with Windows Defender Credential Guard](identity-protection/credential-guard/credential-guard-how-it-works.md) and [Protect Remote Desktop credentials with Windows Defender Remote Credential Guard](identity-protection/remote-credential-guard.md)|
 | FIDO Alliance | Fast Identity Online (FIDO) defined protocols are becoming the open standard for providing strong authentication that helps prevent phishing and are user-friendly and privacy-respecting. Windows 11 supports the use of device sign-in with FIDO 2 security keys, and with Microsoft Edge or other modern browsers, supports the use of secure FIDO-backed credentials to keep user accounts protected. Learn more about the [FIDO Alliance](https://fidoalliance.org/). |
 | Microsoft Authenticator | The Microsoft Authenticator app is a perfect companion to help keep secure with Windows 11. It allows easy, secure sign-ins for all your online accounts using multi-factor authentication, passwordless phone sign-in, or password autofill. You also have additional account management options for your Microsoft personal, work, or school accounts. Microsoft Authenticator can be used to set up multi-factor authentication for your users. Learn more: [Enable passwordless sign-in with the Microsoft Authenticator app](/azure/active-directory/authentication/howto-authentication-passwordless-phone.md).  |
 | Smart Cards | Smart cards are tamper-resistant portable storage devices that can enhance the security of tasks in Windows, such as authenticating clients, signing code, securing e-mail, and signing in with Windows domain accounts. Learn more about [Smart Cards](identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md).|
diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 892b507022..561540525e 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -5,7 +5,6 @@ ms.reviewer:
 ms.topic: article
 manager: dansimp
 ms.author: deniseb
-ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/security/trusted-boot.md b/windows/security/trusted-boot.md
index 35a581f3af..69631d8340 100644
--- a/windows/security/trusted-boot.md
+++ b/windows/security/trusted-boot.md
@@ -8,7 +8,7 @@ manager: dansimp
 audience: ITPro
 ms.topic: conceptual
 ms.date: 09/08/2021
-ms.prod: w11
+ms.prod: w10
 ms.localizationpriority: medium
 ms.collection: 
 ms.custom: 

From 6771460c570457edf6a14cd3d06ccdcf4ab09528 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Tue, 14 Sep 2021 16:40:42 -0700
Subject: [PATCH 350/671] TOC fixes

---
 windows/security/TOC.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 8a7d808e9b..3c93924299 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -230,12 +230,12 @@
    - name: Microsoft Defender Application Guard
      href: threat-protection\microsoft-defender-application-guard\md-app-guard-overview.md
    - name: Windows Sandbox
-     href: windows-sandbox/windows-sandbox-overview.md
+     href: threat-protection/windows-sandbox/windows-sandbox-overview.md
      items: 
         - name: Windows Sandbox architecture
-          href: windows-sandbox/windows-sandbox-architecture.md
+          href: threat-protection/windows-sandbox/windows-sandbox-architecture.md
         - name: Windows Sandbox configuration
-          href: windows-sandbox/windows-sandbox-configure-using-wsb-file.md
+          href: threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
    - name: Microsoft Defender SmartScreen overview
      href: threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
    - name: Configure S/MIME for Windows

From 0deb9a8a559892903c330aa3a6422db1ac705687 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Tue, 14 Sep 2021 17:05:52 -0700
Subject: [PATCH 351/671] Corrected note styles

---
 windows/client-management/mdm/policy-csp-kerberos.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md
index 47384ff4ef..863153876a 100644
--- a/windows/client-management/mdm/policy-csp-kerberos.md
+++ b/windows/client-management/mdm/policy-csp-kerberos.md
@@ -338,7 +338,8 @@ Warning: When a domain does not support Kerberos armoring by enabling "Support D
 
 If you enable this policy setting, the client computers in the domain enforce the use of Kerberos armoring in only authentication service (AS) and ticket-granting service (TGS) message exchanges with the domain controllers. 
 
-Note: The Kerberos Group Policy "Kerberos client support for claims, compound authentication and Kerberos armoring" must also be enabled to support Kerberos armoring. 
+> [!NOTE]
+> The Kerberos Group Policy "Kerberos client support for claims, compound authentication and Kerberos armoring" must also be enabled to support Kerberos armoring. 
 
 If you disable or do not configure this policy setting, the client computers in the domain enforce the use of Kerberos armoring when possible as supported by the target domain.
 
@@ -496,7 +497,8 @@ If you enable this policy setting, the Kerberos client or server uses the config
 
 If you disable or do not configure this policy setting, the Kerberos client or server uses the locally configured value or the default value. 
 
-Note: This policy setting configures the existing MaxTokenSize registry value in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters, which was added in Windows XP and Windows Server 2003, with a default value of 12,000 bytes. Beginning with Windows 8 the default is 48,000 bytes. Due to HTTP's base64 encoding of authentication context tokens, it is not advised to set this value more than 48,000 bytes.
+> [!NOTE]
+> This policy setting configures the existing MaxTokenSize registry value in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters, which was added in Windows XP and Windows Server 2003, with a default value of 12,000 bytes. Beginning with Windows 8 the default is 48,000 bytes. Due to HTTP's base64 encoding of authentication context tokens, it is not advised to set this value more than 48,000 bytes.
 
 <!--/Description-->
 > [!TIP]

From 6a4dabdafe3f88d9fb3b108aca7c08ecc57debd6 Mon Sep 17 00:00:00 2001
From: Alekhya Jupudi <v-aljupudi@microsoft.com>
Date: Wed, 15 Sep 2021 11:54:17 +0530
Subject: [PATCH 352/671] Updated Policy-CSP-Experience with Feeds Policy

Updated policy settings in Experience with Feeds
---
 .../mdm/policy-csp-experience.md              | 550 +++++++++++-------
 1 file changed, 341 insertions(+), 209 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index ff50ae9cb0..697cc4af50 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -37,9 +37,6 @@ manager: dansimp
   <dd>
     <a href="#experience-allowmanualmdmunenrollment">Experience/AllowManualMDMUnenrollment</a>
   </dd>
-  <dd>
-    <a href="#experience-allownewsandinterestsonthetaskbar">Experience/AllowNewsAndInterestsOnTheTaskbar</a>
-  </dd>
   <dd>
     <a href="#experience-allowsaveasofofficefiles">Experience/AllowSaveAsOfOfficeFiles</a>
   </dd>
@@ -88,6 +85,9 @@ manager: dansimp
   <dd>
     <a href="#experience-donotsyncbrowsersetting">Experience/DoNotSyncBrowserSettings</a>
   </dd>
+  <dd>
+    <a href="#experience-feeds">Experience/Feeds</a>
+  </dd>
   <dd>
     <a href="#experience-preventusersfromturningonbrowsersyncing">Experience/PreventUsersFromTurningOnBrowserSyncing</a>
   </dd>
@@ -105,28 +105,34 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -184,28 +190,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -252,28 +264,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -314,28 +332,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -384,28 +408,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -442,65 +472,6 @@ The following list shows the supported values:
 
 <hr/>
 
-
-<!--Policy-->
-<a href="" id="experience-allownewsandinterestsonthetaskbar"></a>**Experience/AllowNewsAndInterestsOnTheTaskbar**  
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Machine
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Specifies whether to allow "News and interests" on the Taskbar.
-
-<!--/Description-->
-<!--SupportedValues-->
-The values for this policy are 1 and 0. This policy defaults to 1.
-
-- 1 - Default - News and interests feature will be allowed on the taskbar. The settings UI will be present in Taskbar context menu, and users will be able to turn off or switch mode.
-
-- 0 - News and interests feature will be turned off completely, and the settings UI in Taskbar context menu will be removed.
-
-<!--/SupportedValues-->
-<!--/Policy-->
-
-<hr/>
 <!--Policy-->
 <a href="" id="experience-allowsaveasofofficefiles"></a><b>Experience/AllowSaveAsOfOfficeFiles</b>
 
@@ -531,28 +502,34 @@ This policy is deprecated.
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -589,28 +566,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -665,28 +648,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -735,28 +724,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -808,28 +803,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -880,28 +881,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -951,28 +958,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1021,28 +1034,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1093,28 +1112,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1159,28 +1184,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1217,28 +1248,34 @@ The values for this policy are 0, 1, 2, and 3. This policy defaults to 0 if not
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1286,28 +1323,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1356,28 +1399,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1426,28 +1475,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1514,34 +1569,105 @@ _**Turn syncing off by default but don’t disable**_
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="experience-feeds"></a>**Experience/Feeds**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>  
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Specifies whether "Feeds" is enabled on the taskbar.
+
+<!--/Description-->
+<!--SupportedValues-->
+The values for this policy are 1 and 0. This policy defaults to 1.
+
+- 1 - Default - "Feeds" feature will be allowed on the taskbar. The settings UI will be present in Taskbar context menu, and users will be able to turn off or switch mode.
+
+- 0 - "Feeds" feature will be turned off completely, and the settings UI in Taskbar context menu will be removed.
+
+<!--/SupportedValues-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="experience-preventusersfromturningonbrowsersyncing"></a>**Experience/PreventUsersFromTurningOnBrowserSyncing**  
 
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1615,28 +1741,34 @@ Validation procedure:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 

From d2a3c13010c578450d228d9b74ba113faa0d3605 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Wed, 15 Sep 2021 12:05:52 +0530
Subject: [PATCH 353/671] Create policy-csp-admx-framepanes.md

---
 .../mdm/policy-csp-admx-framepanes.md         | 193 ++++++++++++++++++
 1 file changed, 193 insertions(+)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-framepanes.md

diff --git a/windows/client-management/mdm/policy-csp-admx-framepanes.md b/windows/client-management/mdm/policy-csp-admx-framepanes.md
new file mode 100644
index 0000000000..b6c506ddd9
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-framepanes.md
@@ -0,0 +1,193 @@
+---
+title: Policy CSP - ADMX_FramePanes
+description: Policy CSP - ADMX_FramePanes
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/14/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_FramePanes
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_FramePanes policies  
+
+<dl>
+  <dd>
+    <a href="#admx-framepanes-noreadingpane">ADMX_FramePanes/NoReadingPane</a>
+  </dd>
+  <dd>
+    <a href="#admx-framepanes-nopreviewpane">ADMX_FramePanes/NoPreviewPane</a>
+  </dd>  
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-framepanes-noreadingpane"></a>**ADMX_FramePanes/NoReadingPane**  
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting shows or hides the Details Pane in File Explorer.  
+
+- If you enable this policy setting and configure it to hide the pane, the Details Pane in File Explorer is hidden and cannot be turned on by the user.  
+
+- If you enable this policy setting and configure it to show the pane, the Details Pane is always visible and cannot be hidden by the user. 
+
+> [!NOTE]
+> This has a side effect of not being able to toggle to the Preview Pane since the two cannot be displayed at the same time.  
+
+- If you disable, or do not configure this policy setting, the Details Pane is hidden by default and can be displayed by the user. 
+
+This is the default policy setting.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP Friendly name: *Turn on or off details pane*
+-   GP name: *NoReadingPane*
+-   GP path: *Windows Components\File Explorer\Explorer Frame Pane*
+-   GP ADMX file name: *FramePanes.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-framepanes-nopreviewpane"></a>**ADMX_FramePanes/NoPreviewPane**  
+
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Hides the Preview Pane in File Explorer.  
+
+- If you enable this policy setting, the Preview Pane in File Explorer is hidden and cannot be turned on by the user.  
+
+- If you disable, or do not configure this setting, the Preview Pane is hidden by default and can be displayed by the user.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP Friendly name: *Turn off Preview Pane*
+-   GP name: *NoPreviewPane*
+-   GP path: *Windows Components\File Explorer\Explorer Frame Pane*
+-   GP ADMX file name: *FramePanes.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+> [!NOTE]
+> These policies are currently only available as part of a Windows Insider release.
+
+<!--/Policies-->
+

From 560e60cc6449ec8a09d5b95e67d886d9ce848c00 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Wed, 15 Sep 2021 12:05:57 +0530
Subject: [PATCH 354/671] Update policy-configuration-service-provider.md

---
 .../mdm/policy-configuration-service-provider.md       | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index a394943879..82b6038a3e 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -1177,6 +1177,16 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
+### ADMX_FramePanes policies
+<dl>
+  <dd>
+    <a href="./policy-csp-admx-framepanes.md#admx-framepanes-noreadingpane" id="admx-framepanes-noreadingpane">ADMX_FramePanes/NoReadingPane</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-framepanes.md#admx-framepanes-nopreviewpane" id="admx-framepanes-nopreviewpane">ADMX_FramePanes/NoPreviewPane</a>
+  </dd>
+<dl>
+
 ### ADMX_Help policies
 <dl>
   <dd>

From 0f8d5166f662c84f4814ec1755847d82bcd26ab2 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Wed, 15 Sep 2021 12:29:27 +0530
Subject: [PATCH 355/671] Updated

---
 .../client-management/mdm/policies-in-policy-csp-admx-backed.md | 2 ++
 windows/client-management/mdm/toc.yml                           | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index c4eba79f3d..86ae6b3e10 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -291,6 +291,8 @@ ms.date: 10/08/2020
 - [ADMX_FolderRedirection/LocalizeXPRelativePaths_2](./policy-csp-admx-folderredirection.md#admx-folderredirection-localizexprelativepaths-2)
 - [ADMX_FolderRedirection/PrimaryComputer_FR_1](./policy-csp-admx-folderredirection.md#admx-folderredirection-primarycomputer-fr-1)
 - [ADMX_FolderRedirection/PrimaryComputer_FR_2](./policy-csp-admx-folderredirection.md#admx-folderredirection-primarycomputer-fr-2)
+- [ADMX_FramePanes/NoReadingPane](./policy-csp-admx-framepanes.md#admx-framepanes-noreadingpane)
+- [ADMX_FramePanes/NoPreviewPane](./policy-csp-admx-framepanes.md#admx-framepanes-nopreviewpane)
 - [ADMX_Globalization/BlockUserInputMethodsForSignIn](./policy-csp-admx-globalization.md#admx-globalization-blockuserinputmethodsforsignin)
 - [ADMX_Globalization/CustomLocalesNoSelect_1](./policy-csp-admx-globalization.md#admx-globalization-customlocalesnoselect-1)
 - [ADMX_Globalization/CustomLocalesNoSelect_2](./policy-csp-admx-globalization.md#admx-globalization-customlocalesnoselect-2)
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index 4395fbc920..76433d4d19 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -483,6 +483,8 @@ items:
               href: policy-csp-admx-filesys.md
             - name: ADMX_FolderRedirection
               href: policy-csp-admx-folderredirection.md
+            - name: ADMX_FramePanes
+              href: policy-csp-admx-framepanes.md
             - name: ADMX_Globalization
               href: policy-csp-admx-globalization.md
             - name: ADMX_GroupPolicy

From 4b6ad246f282c2035a4aab8f9cb53e8ca094a6f4 Mon Sep 17 00:00:00 2001
From: Ashok Lobo <v-ashoklobo@microsoft.com>
Date: Wed, 15 Sep 2021 16:08:21 +0530
Subject: [PATCH 356/671] Updated as per task 5388078

---
 .../administrative-tools-in-windows-10.md         | 13 +++++++------
 ...advanced-troubleshooting-802-authentication.md |  2 +-
 .../connect-to-remote-aadj-pc.md                  |  7 ++++---
 .../data-collection-for-802-authentication.md     |  2 +-
 .../determine-appropriate-page-file-size.md       |  2 +-
 ...icies-for-enterprise-and-education-editions.md |  5 +++--
 .../client-management/manage-corporate-devices.md | 11 ++++++-----
 ...anage-device-installation-with-group-policy.md | 15 ++++++++-------
 .../manage-settings-app-with-group-policy.md      |  7 ++++---
 .../client-management/mandatory-user-profile.md   |  6 ++++--
 .../new-policies-for-windows-10.md                |  5 +++--
 windows/client-management/quick-assist.md         |  2 +-
 .../troubleshoot-tcpip-port-exhaust.md            |  2 +-
 windows/client-management/windows-libraries.md    |  4 ++--
 14 files changed, 46 insertions(+), 37 deletions(-)

diff --git a/windows/client-management/administrative-tools-in-windows-10.md b/windows/client-management/administrative-tools-in-windows-10.md
index 6da0fdfdb9..8cf6c2a75d 100644
--- a/windows/client-management/administrative-tools-in-windows-10.md
+++ b/windows/client-management/administrative-tools-in-windows-10.md
@@ -1,5 +1,5 @@
 ---
-title: Administrative Tools in Windows 10 (Windows 10)
+title: Administrative Tools in Windows 10 and Windows 11
 description: Administrative Tools is a folder in Control Panel that contains tools for system administrators and advanced users.
 ms.assetid: FDC63933-C94C-43CB-8373-629795926DC8
 ms.reviewer: 
@@ -10,16 +10,17 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 author: greg-lindsay
 ms.localizationpriority: medium
-ms.date: 07/27/2017
+ms.date: 09/14/2021
 ms.topic: article
 ---
 
-# Administrative Tools in Windows 10
+# Administrative Tools in Windows
 
 
 **Applies to**
 
--   Windows 10
+- Windows 10
+- Windows 11
 
 Administrative Tools is a folder in Control Panel that contains tools for system administrators and advanced users. 
 
@@ -29,7 +30,7 @@ The tools in the folder might vary depending on which edition of Windows you are
 
 ![Screenshot of folder of admin tools.](images/admin-tools-folder.png)
 
-These tools were included in previous versions of Windows. The associated documentation for each tool should help you use these tools in Windows 10. The following list provides links to documentation for each tool. The tools are located within the folder C:\Windows\System32\ or its subfolders.
+These tools were included in previous versions of Windows. The associated documentation for each tool should help you use these tools in Windows. The following list provides links to documentation for each tool. The tools are located within the folder C:\Windows\System32\ or its subfolders.
 
  
 
@@ -54,7 +55,7 @@ These tools were included in previous versions of Windows. The associated docume
 -   [Windows Memory Diagnostic]( https://go.microsoft.com/fwlink/p/?LinkId=708507)
 
 > [!TIP]
-> If the content that is linked to a tool in the following list doesn't provide the information you need to use that tool, send us a comment by using the **Was this page helpful?** feature on this **Administrative Tools in Windows 10** page. Details about the information you want for a tool will help us plan future content. 
+> If the content that is linked to a tool in the following list doesn't provide the information you need to use that tool, send us a comment by using the **Was this page helpful?** feature on this **Administrative Tools in Windows** page. Details about the information you want for a tool will help us plan future content. 
 
 ## Related topics
 
diff --git a/windows/client-management/advanced-troubleshooting-802-authentication.md b/windows/client-management/advanced-troubleshooting-802-authentication.md
index c2a8ea0c57..80304a3e5f 100644
--- a/windows/client-management/advanced-troubleshooting-802-authentication.md
+++ b/windows/client-management/advanced-troubleshooting-802-authentication.md
@@ -21,7 +21,7 @@ This article includes general troubleshooting for 802.1X wireless and wired clie
  
 ## Scenarios
 
-This troubleshooting technique applies to any scenario in which wireless or wired connections with 802.1X authentication is attempted and then fails to establish. The workflow covers Windows 7 through Windows 10 for clients, and Windows Server 2008 R2 through Windows Server 2012 R2 for NPS.
+This troubleshooting technique applies to any scenario in which wireless or wired connections with 802.1X authentication is attempted and then fails to establish. The workflow covers Windows 7 through Windows 10 (and Windows 11) for clients, and Windows Server 2008 R2 through Windows Server 2012 R2 for NPS.
  
 ## Known issues
 
diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md
index 4d8f35673e..63d3683704 100644
--- a/windows/client-management/connect-to-remote-aadj-pc.md
+++ b/windows/client-management/connect-to-remote-aadj-pc.md
@@ -1,5 +1,5 @@
 ---
-title: Connect to remote Azure Active Directory-joined PC (Windows 10)
+title: Connect to remote Azure Active Directory-joined PC (Windows 10 and Windows 11)
 description: You can use Remote Desktop Connection to connect to an Azure AD-joined PC.
 keywords: ["MDM", "device management", "RDP", "AADJ"]
 ms.prod: w10
@@ -9,7 +9,7 @@ ms.pagetype: devices
 author: dansimp
 ms.localizationpriority: medium
 ms.author: dansimp
-ms.date: 08/02/2018
+ms.date: 09/14/2021
 ms.reviewer: 
 manager: dansimp
 ms.topic: article
@@ -21,6 +21,7 @@ ms.topic: article
 **Applies to**
 
 - Windows 10
+- Windows 11
 
 From its release, Windows 10 has supported remote connections to PCs joined to Active Directory. Starting in Windows 10, version 1607, you can also connect to a remote PC that is [joined to Azure Active Directory (Azure AD)](/azure/active-directory/devices/concept-azure-ad-join). Starting in Windows 10, version 1809, you can [use biometrics to authenticate to a remote desktop session](/windows/whats-new/whats-new-windows-10-version-1809#remote-desktop-with-biometrics).
 
@@ -28,7 +29,7 @@ From its release, Windows 10 has supported remote connections to PCs joined to A
 
 ## Set up
 
-- Both PCs (local and remote) must be running Windows 10, version 1607 or later. Remote connections to an Azure AD-joined PC running earlier versions of Windows 10 are not supported.
+- Both PCs (local and remote) must be running Windows 10, version 1607 or later or Windows 11. Remote connections to an Azure AD-joined PC running earlier versions of Windows 10 are not supported.
 - Your local PC (where you are connecting from) must be either Azure AD-joined or Hybrid Azure AD-joined if using Windows 10, version 1607 and above, or [Azure AD registered](/azure/active-directory/devices/concept-azure-ad-register) if using Windows 10, version 2004 and above. Remote connections to an Azure AD-joined PC from an unjoined device or a non-Windows 10 device are not supported. 
 - The local PC and remote PC must be in the same Azure AD tenant. Azure AD B2B guests are not supported for Remote desktop. 
 
diff --git a/windows/client-management/data-collection-for-802-authentication.md b/windows/client-management/data-collection-for-802-authentication.md
index 58f94bd27e..0002838314 100644
--- a/windows/client-management/data-collection-for-802-authentication.md
+++ b/windows/client-management/data-collection-for-802-authentication.md
@@ -24,7 +24,7 @@ Use the following steps to collect wireless and wired logs on Windows and Window
 1. Create C:\MSLOG on the client machine to store captured logs.
 2. Launch an elevated command prompt on the client machine, and run the following commands to start a RAS trace log and a Wireless/Wired scenario log.
 
-   **Wireless Windows 8.1 and Windows 10:**
+   **Wireless Windows 8.1, Windows 10, and Windows 11:**
    ```
    netsh ras set tracing * enabled
    netsh trace start scenario=wlan,wlan_wpp,wlan_dbg,wireless_dbg globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wireless_cli.etl
diff --git a/windows/client-management/determine-appropriate-page-file-size.md b/windows/client-management/determine-appropriate-page-file-size.md
index 8daf0f4ce4..da6bb869ab 100644
--- a/windows/client-management/determine-appropriate-page-file-size.md
+++ b/windows/client-management/determine-appropriate-page-file-size.md
@@ -74,7 +74,7 @@ By default, page files are system-managed. This means that the page files increa
 
 For example, when the system commit charge is more than 90 percent of the system commit limit, the page file is increased to back it. This continues to occur until the page file reaches three times the size of physical memory or 4 GB, whichever is larger. This all assumes that the logical disk that is hosting the page file is large enough to accommodate the growth.
 
-The following table lists the minimum and maximum page file sizes of system-managed page files in Windows 10.
+The following table lists the minimum and maximum page file sizes of system-managed page files in Windows 10 and Windows 11.
 
 |Minimum page file size	|Maximum page file size|
 |---------------|------------------|
diff --git a/windows/client-management/group-policies-for-enterprise-and-education-editions.md b/windows/client-management/group-policies-for-enterprise-and-education-editions.md
index 8b2eb55f2f..2fbd6d4691 100644
--- a/windows/client-management/group-policies-for-enterprise-and-education-editions.md
+++ b/windows/client-management/group-policies-for-enterprise-and-education-editions.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 author: dansimp
 ms.localizationpriority: medium
-ms.date: 10/13/2017
+ms.date: 09/14/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -17,7 +17,8 @@ ms.topic: troubleshooting
 
 **Applies to**
 
--   Windows 10
+- Windows 10
+- Windows 11
 
 In Windows 10, version 1607, the following Group Policy settings apply only to Windows 10 Enterprise and Windows 10 Education.
 
diff --git a/windows/client-management/manage-corporate-devices.md b/windows/client-management/manage-corporate-devices.md
index f7fdbd3994..25dcf468c0 100644
--- a/windows/client-management/manage-corporate-devices.md
+++ b/windows/client-management/manage-corporate-devices.md
@@ -1,5 +1,5 @@
 ---
-title: Manage corporate devices (Windows 10)
+title: Manage corporate devices (Windows 10 and Windows 11)
 description: You can use the same management tools to manage all device types running Windows 10 desktops, laptops, tablets, and phones.
 ms.assetid: 62D6710C-E59C-4077-9C7E-CE0A92DFC05D
 ms.reviewer: 
@@ -12,7 +12,7 @@ ms.sitesec: library
 ms.pagetype: devices
 author: dansimp
 ms.localizationpriority: medium
-ms.date: 09/21/2017
+ms.date: 09/14/2021
 ms.topic: article
 ---
 
@@ -21,9 +21,10 @@ ms.topic: article
 
 **Applies to**
 
--   Windows 10
+- Windows 10
+- Windows 11
 
-You can use the same management tools to manage all device types running Windows 10 : desktops, laptops, tablets, and phones. And your current management tools, such as Group Policy, Windows Management Instrumentation (WMI), PowerShell scripts, System Center tools, and so on, will continue to work for Windows 10.
+You can use the same management tools to manage all device types running Windows 10 and Windows 11: desktops, laptops, tablets, and phones. And your current management tools, such as Group Policy, Windows Management Instrumentation (WMI), PowerShell scripts, System Center tools, and so on, will continue to work for Windows 10 and Windows 11.
 
 ## In this section
 
@@ -35,7 +36,7 @@ You can use the same management tools to manage all device types running Windows
 | [New policies for Windows 10](new-policies-for-windows-10.md) | New Group Policy settings added in Windows 10 |
 | [Group Policies that apply only to Windows 10 Enterprise and Windows 10 Education](group-policies-for-enterprise-and-education-editions.md) | Group Policy settings that apply only to Windows 10 Enterprise and Windows 10 Education |
 | [Changes to Group Policy settings for Start in Windows 10](/windows/configuration/changes-to-start-policies-in-windows-10) | Changes to the Group Policy settings that you use to manage Start |
-| [Introduction to configuration service providers (CSPs) for IT pros](/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers) | How IT pros and system administrators can take advantage of many settings available through CSPs to configure devices running Windows 10 in their organizations |
+| [Introduction to configuration service providers (CSPs) for IT pros](/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers) | How IT pros and system administrators can take advantage of many settings available through CSPs to configure devices running Windows 10 and Windows 11 in their organizations |
 
 
 ## Learn more
diff --git a/windows/client-management/manage-device-installation-with-group-policy.md b/windows/client-management/manage-device-installation-with-group-policy.md
index db00986ab0..4c263fc3c8 100644
--- a/windows/client-management/manage-device-installation-with-group-policy.md
+++ b/windows/client-management/manage-device-installation-with-group-policy.md
@@ -1,11 +1,11 @@
 ---
-title: Manage Device Installation with Group Policy (Windows 10)
+title: Manage Device Installation with Group Policy (Windows 10 and Windows 11)
 description: Find out how to manage Device Installation Restrictions with Group Policy.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: barakm
-ms.date: 07/05/2021
+ms.date: 09/14/2021
 ms.reviewer: 
 manager: barakm
 ms.author: barakm
@@ -18,15 +18,16 @@ ms.topic: article
 **Applies to**
 
 - Windows 10, Windows Server 2022
+- Windows 11
 
 
 ## Summary
-By using Windows 10 operating systems, administrators can determine what devices can be installed on computers they manage. This guide summarizes the device installation process and demonstrates several techniques for controlling device installation by using Group Policy.
+By using Windows 10 and Windows 11 operating systems, administrators can determine what devices can be installed on computers they manage. This guide summarizes the device installation process and demonstrates several techniques for controlling device installation by using Group Policy.
 
 ## Introduction
 
 ### General
-This step-by-step guide describes how you can control device installation on the computers that you manage, including designating which devices users can and cannot install. This guide applies to all Windows 10 versions starting with RS5 (1809). The guide includes the following scenarios:
+This step-by-step guide describes how you can control device installation on the computers that you manage, including designating which devices users can and cannot install. This guide applies to all Windows 10 (and Windows 11) versions starting with RS5 (1809). The guide includes the following scenarios:
 
 - Prevent users from installing devices that are on a "prohibited" list. If a device is not on the list, then the user can install it.
 - Allow users to install only devices that are on an "approved" list. If a device is not on the list, then the user cannot install it.
@@ -44,7 +45,7 @@ It is important to understand that the Group Policies that are presented in this
 
 This guide is targeted at the following audiences:
 
-- Information technology planners and analysts who are evaluating Windows 10 and Windows Server 2022
+- Information technology planners and analysts who are evaluating Windows 10 (and Windows 11) and Windows Server 2022
 - Enterprise information technology planners and designers
 - Security architects who are responsible for implementing trustworthy computing in their organization
 - Administrators who want to become familiar with the technology
@@ -102,7 +103,7 @@ A device is a piece of hardware with which Windows interacts to perform some fun
 
 When Windows detects a device that has never been installed on the computer, the operating system queries the device to retrieve its list of device identification strings. A device usually has multiple device identification strings, which the device manufacturer assigns. The same device identification strings are included in the .inf file (also known as an _INF_) that is part of the driver package. Windows chooses which driver package to install by matching the device identification strings retrieved from the device to those included with the driver packages.
 
-Windows uses four types of identifiers to control device installation and configuration. You can use the Group Policy settings in Windows 10 to specify which of these identifiers to allow or block.
+Windows uses four types of identifiers to control device installation and configuration. You can use the Group Policy settings in Windows 10 (and Windows 11) to specify which of these identifiers to allow or block.
 
 The four types of identifiers are:
 
@@ -223,7 +224,7 @@ Some of these policies take precedence over other policies. The flowchart shown
 
 To complete each of the scenarios, please ensure your have:
 
-- A client computer running Windows 10.
+- A client computer running Windows 10 (and Windows 11).
 
 - A USB thumb drive. The scenarios described in this guide use a USB thumb drive as the example device (also known as a “removable disk drive”, "memory drive," a "flash drive," or a "keyring drive"). Most USB thumb drives do not require any manufacturer-provided drivers, and these devices work with the inbox drivers provided with the Windows build.
 
diff --git a/windows/client-management/manage-settings-app-with-group-policy.md b/windows/client-management/manage-settings-app-with-group-policy.md
index f64ee0de0c..0188879565 100644
--- a/windows/client-management/manage-settings-app-with-group-policy.md
+++ b/windows/client-management/manage-settings-app-with-group-policy.md
@@ -1,11 +1,11 @@
 ---
-title: Manage the Settings app with Group Policy (Windows 10)
+title: Manage the Settings app with Group Policy (Windows 10 and Windows 11)
 description: Find out how to manage the Settings app with Group Policy so you can hide specific pages from users.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/14/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -17,7 +17,8 @@ ms.topic: article
 
 **Applies to**
 
--   Windows 10, Windows Server 2016
+- Windows 10, Windows Server 2016
+- Windows 11
 
 You can now manage the pages that are shown in the Settings app by using Group Policy. When you use Group Policy to manage pages, you can hide specific pages from users. Before Windows 10, version 1703, you could either show everything in the Settings app or hide it completely.
 To make use of the Settings App group policies on Windows server 2016, install fix [4457127](https://support.microsoft.com/help/4457127/windows-10-update-kb4457127) or a later cumulative update. 
diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md
index 7b77f47742..8b2e2bc3e9 100644
--- a/windows/client-management/mandatory-user-profile.md
+++ b/windows/client-management/mandatory-user-profile.md
@@ -1,5 +1,5 @@
 ---
-title: Create mandatory user profiles (Windows 10)
+title: Create mandatory user profiles (Windows 10 and Windows 11)
 description: A mandatory user profile is a special type of pre-configured roaming user profile that administrators can use to specify settings for users.
 keywords: [".man","ntuser"]
 ms.prod: w10
@@ -7,7 +7,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 author: dansimp
 ms.author: dansimp
-ms.date: 10/02/2018
+ms.date: 09/14/2021
 ms.reviewer: 
 manager: dansimp
 ms.topic: article
@@ -16,7 +16,9 @@ ms.topic: article
 # Create mandatory user profiles
 
 **Applies to**
+
 - Windows 10
+- Windows 11
 
 A mandatory user profile is a roaming user profile that has been pre-configured by an administrator to specify settings for users. Settings commonly defined in a mandatory profile include (but are not limited to): icons that appear on the desktop, desktop backgrounds, user preferences in Control Panel, printer selections, and more. Configuration changes made during a user's session that are normally saved to a roaming user profile are not saved when a mandatory user profile is assigned.
 
diff --git a/windows/client-management/new-policies-for-windows-10.md b/windows/client-management/new-policies-for-windows-10.md
index 183335b55e..9d8d9e35c6 100644
--- a/windows/client-management/new-policies-for-windows-10.md
+++ b/windows/client-management/new-policies-for-windows-10.md
@@ -11,7 +11,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 author: dansimp
 ms.localizationpriority: medium
-ms.date: 10/24/2017
+ms.date: 09/15/2021
 ms.topic: reference
 ---
 
@@ -20,7 +20,8 @@ ms.topic: reference
 
 **Applies to**
 
--   Windows 10
+- Windows 10
+- Windows 11
 
 As of September 2020 This page will no longer be updated. To find the Group Polices that ship in each version of Windows,  refer to the Group Policy Settings Reference Spreadsheet. You can always locate the most recent version of the Spreadsheet by searching the Internet for "Windows Version + Group Policy Settings Reference".
 
diff --git a/windows/client-management/quick-assist.md b/windows/client-management/quick-assist.md
index acdcd2d268..0449d63dde 100644
--- a/windows/client-management/quick-assist.md
+++ b/windows/client-management/quick-assist.md
@@ -12,7 +12,7 @@ manager: laurawi
 
 # Use Quick Assist to help users
 
-Quick Assist is a Windows 10 application that enables a person to share their device with another person over a remote connection. Your support staff can use it to remotely connect to a user’s device and then view its display, make annotations, or take full control. In this way, they can troubleshoot, diagnose technological issues, and provide instructions to users directly on their devices.
+Quick Assist is a Windows 10 and Windows 11 application that enables a person to share their device with another person over a remote connection. Your support staff can use it to remotely connect to a user’s device and then view its display, make annotations, or take full control. In this way, they can troubleshoot, diagnose technological issues, and provide instructions to users directly on their devices.
 
 ## Before you begin
 
diff --git a/windows/client-management/troubleshoot-tcpip-port-exhaust.md b/windows/client-management/troubleshoot-tcpip-port-exhaust.md
index 4c1e8b1b7f..26ba85c430 100644
--- a/windows/client-management/troubleshoot-tcpip-port-exhaust.md
+++ b/windows/client-management/troubleshoot-tcpip-port-exhaust.md
@@ -196,4 +196,4 @@ goto loop
 
 - [Port Exhaustion and You!](/archive/blogs/askds/port-exhaustion-and-you-or-why-the-netstat-tool-is-your-friend) - this article gives a detail on netstat states and how you can use netstat output to determine the port status
 
-- [Detecting ephemeral port exhaustion](/archive/blogs/yongrhee/windows-server-2012-r2-ephemeral-ports-a-k-a-dynamic-ports-hotfixes): this article has a script which will run in a loop to report the port status. (Applicable for Windows 2012 R2, Windows 8, Windows 10)
+- [Detecting ephemeral port exhaustion](/archive/blogs/yongrhee/windows-server-2012-r2-ephemeral-ports-a-k-a-dynamic-ports-hotfixes): this article has a script which will run in a loop to report the port status. (Applicable for Windows 2012 R2, Windows 8, Windows 10 and Windows 11)
diff --git a/windows/client-management/windows-libraries.md b/windows/client-management/windows-libraries.md
index a287d48be1..5db8c1238b 100644
--- a/windows/client-management/windows-libraries.md
+++ b/windows/client-management/windows-libraries.md
@@ -10,11 +10,11 @@ ms.technology: storage
 ms.topic: article
 author: dansimp
 description: All about Windows Libraries, which are containers for users' content, such as Documents and Pictures.
-ms.date: 04/19/2017
+ms.date: 09/15/2021
 ---
 # Windows libraries
 
-> Applies to: Windows 10, Windows 8.1, Windows 7, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2
+> Applies to: Windows 10, Windows 11, Windows 8.1, Windows 7, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2
 
 Libraries are virtual containers for users’ content. A library can contain files and folders stored on the local computer or in a remote storage location. In Windows Explorer, users interact with libraries in ways similar to how they would interact with other folders. Libraries are built upon the legacy known folders (such as My Documents, My Pictures, and My Music) that users are familiar with, and these known folders are automatically included in the default libraries and set as the default save location.
 

From 58d4a0a3a9f6446ac95c4dbbcea047e75ff565eb Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Wed, 15 Sep 2021 18:47:06 +0530
Subject: [PATCH 357/671] Updated

---
 .../mdm/policies-in-policy-csp-admx-backed.md |   1 +
 .../mdm/policy-csp-admx-fthsvc.md             | 116 ++++++++++++++++++
 windows/client-management/mdm/toc.yml         |   2 +
 3 files changed, 119 insertions(+)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-fthsvc.md

diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 86ae6b3e10..0c20f673c6 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -293,6 +293,7 @@ ms.date: 10/08/2020
 - [ADMX_FolderRedirection/PrimaryComputer_FR_2](./policy-csp-admx-folderredirection.md#admx-folderredirection-primarycomputer-fr-2)
 - [ADMX_FramePanes/NoReadingPane](./policy-csp-admx-framepanes.md#admx-framepanes-noreadingpane)
 - [ADMX_FramePanes/NoPreviewPane](./policy-csp-admx-framepanes.md#admx-framepanes-nopreviewpane)
+- [ADMX_FTHSVC/WdiScenarioExecutionPolicy](./policy-csp-admx-fthsvc-wdiscenarioexecutionpolicy.md#admx-fthsvc-wdiscenarioexecutionpolicy)
 - [ADMX_Globalization/BlockUserInputMethodsForSignIn](./policy-csp-admx-globalization.md#admx-globalization-blockuserinputmethodsforsignin)
 - [ADMX_Globalization/CustomLocalesNoSelect_1](./policy-csp-admx-globalization.md#admx-globalization-customlocalesnoselect-1)
 - [ADMX_Globalization/CustomLocalesNoSelect_2](./policy-csp-admx-globalization.md#admx-globalization-customlocalesnoselect-2)
diff --git a/windows/client-management/mdm/policy-csp-admx-fthsvc.md b/windows/client-management/mdm/policy-csp-admx-fthsvc.md
new file mode 100644
index 0000000000..8790ac9ad7
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-fthsvc.md
@@ -0,0 +1,116 @@
+---
+title: Policy CSP - ADMX_FTHSVC
+description: Policy CSP - ADMX_FTHSVC
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/15/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_FTHSVC
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_FTHSVC policies  
+
+<dl>
+  <dd>
+    <a href="#admx-fthsvc-wdiscenarioexecutionpolicy">ADMX_FTHSVC/WdiScenarioExecutionPolicy</a>
+  </dd>
+</dl>
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-fthsvc-wdiscenarioexecutionpolicy"></a>**ADMX_FTHSVC/WdiScenarioExecutionPolicy**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Machine
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting permits or prohibits the Diagnostic Policy Service (DPS) from automatically resolving any heap corruption problems.  
+
+- If you enable this policy setting, the DPS detects, troubleshoots, and attempts to resolve automatically any heap corruption problems.  
+
+- If you disable this policy setting, Windows cannot detect, troubleshoot, and attempt to resolve automatically any heap corruption problems that are handled by the DPS.  
+If you do not configure this policy setting, the DPS enables Fault Tolerant Heap for resolution by default.  
+This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured.  
+This policy setting takes effect only when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed. 
+The DPS can be configured with the Services snap-in to the Microsoft Management Console.  
+No system restart or service restart is required for this policy setting to take effect: changes take effect immediately.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP Friendly name: *Configure Scenario Execution Level*
+-   GP name: *WdiScenarioExecutionPolicy*
+-   GP path: *System\Troubleshooting and Diagnostics\Fault Tolerant Heap*
+-   GP ADMX file name: *FTHSVC.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+> [!NOTE]
+> These policies are currently only available as part of a Windows Insider release.
+<!--/Policies-->
+
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index 76433d4d19..dc49d0d690 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -485,6 +485,8 @@ items:
               href: policy-csp-admx-folderredirection.md
             - name: ADMX_FramePanes
               href: policy-csp-admx-framepanes.md
+            - name: ADMX_FTHSVC
+              href: policy-csp-admx-fthsvc.md 
             - name: ADMX_Globalization
               href: policy-csp-admx-globalization.md
             - name: ADMX_GroupPolicy

From fd963bd7d8b4b73be47820e7aeb6e7135d0623e2 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Wed, 15 Sep 2021 18:52:33 +0530
Subject: [PATCH 358/671] Update policy-configuration-service-provider.md

---
 .../mdm/policy-configuration-service-provider.md                 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 82b6038a3e..584f15a4e5 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -1187,6 +1187,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 <dl>
 
+### ADMX_FTHSVC policies
 ### ADMX_Help policies
 <dl>
   <dd>

From 61904effb4d5e4481def041491234225329684e8 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Wed, 15 Sep 2021 19:39:05 +0530
Subject: [PATCH 359/671] Updated

---
 .../policy-configuration-service-provider.md  |  13 ++
 .../mdm/policy-csp-admx-hotspotauth.md        | 115 ++++++++++++++++++
 2 files changed, 128 insertions(+)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-hotspotauth.md

diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 584f15a4e5..4496c8609f 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -1188,6 +1188,12 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
 <dl>
 
 ### ADMX_FTHSVC policies
+<dl>
+  <dd>
+    <a href="./policy-csp-admx-fthsvc.md#admx-fthsvc-wdiscenarioexecutionpolicy" id="admx-fthsvc-wdiscenarioexecutionpolicy">ADMX_FTHSVC/WdiScenarioExecutionPolicy</a>
+  </dd>
+<dl>
+
 ### ADMX_Help policies
 <dl>
   <dd>
@@ -1204,6 +1210,13 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
+### ADMX_HotSpotAuth policies
+<dl>
+  <dd>
+    <a href="./policy-csp-admx-hotspotauth.md#admx-hotspotauth-hotspotauth_enable" id="admx-hotspotauth-hotspotauth_enable">ADMX_HotSpotAuth/HotspotAuth_Enable</a>
+  </dd>
+</dl>
+
 ### ADMX_Globalization policies  
 
 <dl>
diff --git a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md
new file mode 100644
index 0000000000..17e85306fc
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md
@@ -0,0 +1,115 @@
+---
+title: Policy CSP - ADMX_HotSpotAuth
+description: Policy CSP - ADMX_HotSpotAuth
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/15/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_HotSpotAuth
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_HotSpotAuth policies  
+
+<dl>
+  <dd>
+    <a href="#admx-hotspotauth-hotspotauth_enable">ADMX_HotSpotAuth/HotspotAuth_Enable</a>
+  </dd>
+</dl>
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-hotspotauth-hotspotauth_enable"></a>**ADMX_HotSpotAuth/HotspotAuth_Enable**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Machine
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting defines whether WLAN hotspots are probed for Wireless Internet Service Provider roaming (WISPr) protocol support.  
+
+- If a WLAN hotspot supports the WISPr protocol, users can submit credentials when manually connecting to the network. 
+
+- If authentication is successful, users will be connected automatically on subsequent attempts. Credentials can also be configured by network operators.  
+
+- If you enable this policy setting, or if you do not configure this policy setting, WLAN hotspots are automatically probed for WISPR protocol support.  
+
+- If you disable this policy setting, WLAN hotspots are not probed for WISPr protocol support, and users can only authenticate with WLAN hotspots using a web browser.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP Friendly name: *Enable Hotspot Authentication*
+-   GP name: *HotspotAuth_Enable*
+-   GP path: *Network\Hotspot Authentication*
+-   GP ADMX file name: *HotSpotAuth.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+> [!NOTE]
+> These policies are currently only available as part of a Windows Insider release.
+<!--/Policies-->
+

From cd6397d4af697073515bd02390ec05239846f410 Mon Sep 17 00:00:00 2001
From: Rob Truxal <55893679+rotruxal@users.noreply.github.com>
Date: Wed, 15 Sep 2021 09:41:25 -0700
Subject: [PATCH 360/671] Update
 windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 ...nes-for-virtualization-based-protection-of-code-integrity.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md
index 59657cc8ed..f8ce091fab 100644
--- a/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md
+++ b/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md
@@ -1,6 +1,6 @@
 ---
 title: Deployment guidelines for Windows Defender Device Guard (Windows 10)
-description: Plan your deployment of Hypervisor Protected Code Integrity (aka Memory Integrity). Learn about hardware requirements, deployment approaches, code signing and code integrity policies.
+description: Plan your deployment of Hypervisor-Protected Code Integrity (aka Memory Integrity). Learn about hardware requirements, deployment approaches, code signing and code integrity policies.
 keywords: virtualization, security, malware
 ms.prod: m365-security
 ms.mktglfcycl: deploy

From b8eb11081ba758c0262ee35d1c6f3afcc31aebde Mon Sep 17 00:00:00 2001
From: Rob Truxal <55893679+rotruxal@users.noreply.github.com>
Date: Wed, 15 Sep 2021 09:46:20 -0700
Subject: [PATCH 361/671] Update
 windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 ...nes-for-virtualization-based-protection-of-code-integrity.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md
index f8ce091fab..3112632b29 100644
--- a/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md
+++ b/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md
@@ -21,7 +21,7 @@ ms.technology: mde
 **Applies to** 
 - Windows 10
 
-Computers must meet certain hardware, firmware, and software requirements in order to take advantage of Hypervisor Protected Code Integrity (HVCI,) a  virtualization-based security (VBS) feature in Windows. HVCI is referred to as Memory Integrity under the Core Isolation section of the Windows security settings. Computers lacking these requirements can still be protected by Windows Defender Application Control (WDAC) policies—the difference is that those computers will not be as hardened against certain threats.
+Computers must meet certain hardware, firmware, and software requirements in order to take advantage of Hypervisor-Protected Code Integrity (HVCI), a  virtualization-based security (VBS) feature in Windows. HVCI is referred to as Memory Integrity under the Core Isolation section of the Windows security settings. Computers lacking these requirements can still be protected by Windows Defender Application Control (WDAC) policies—the difference is that those computers will not be as hardened against certain threats.
 
 For example, hardware that includes CPU virtualization extensions and SLAT will be hardened against malware that attempts to gain access to the kernel, but without protected BIOS options such as “Boot only from internal hard drive,” the computer could be booted (by a malicious person who has physical access) into an operating system on bootable media.
 

From 9e7ffadc1f920397709e6025f97891629cd85dcb Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Wed, 15 Sep 2021 12:51:09 -0400
Subject: [PATCH 362/671] MEM PM updates

---
 ...p-repository-mdm-company-portal-windows-11.md | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md b/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md
index fab6838e38..7b908dc7a8 100644
--- a/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md
+++ b/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md
@@ -10,7 +10,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mobile
 author: MandiOhlinger
-ms.date: 09/14/2021
+ms.date: 09/15/2021
 ms.localizationpriority: medium
 ---
 
@@ -20,19 +20,19 @@ ms.localizationpriority: medium
 
 - Windows 11
 
-Starting with Windows 11, how administrators deploy apps to devices is updated. The Microsoft Store app is available on Windows 11, and allows users to install public and retail apps. The Microsoft Store app on Windows 11 doesn't have a private store for organization-specific apps.
+Starting in Windows 11, administrators have new options to deploy apps to devices. The Microsoft Store will continue to allow users to install public and retail apps.
 
-Instead of a private store in the Microsoft Store app, you install the Company Portal app on devices. The Company Portal app replaces the private store in Microsoft Store for Business.
+The Company Portal app is the private app repository for organizations and enterprises. It supports more app types and scenarios.
 
-When the Company Portal app is installed, users open it, and see the apps your organization makes available in your private app repository. Users select an app, and install it.
+When the Company Portal app is installed, users open it, and see the apps your organization makes available. Users select an app, and install it.
 
 This article discusses the Company Portal app installation options, adding organization apps, and more.
 
 ## Before you begin
 
-As organizations become more global, and to support employees working from anywhere, it's recommended to use a Mobile Device Management (MDM) provider. MDM providers help manage your devices, and help manage apps on your devices. For Microsoft, that includes using Microsoft Endpoint Manager. Endpoint Manager includes Microsoft Intune, which is a cloud service, and Configuration Manager, which is on-premises.
+The Company Portal app is included with Microsoft Endpoint Manager (MEM). Endpoint Manager is a Mobile Device Management (MDM) and Mobile Application manager (MAM) provider. It help manages your devices, and manage apps on your devices.
 
-In this article, we mention these services. If you're not managing your devices using an MDM provider, the following resources may help you get started:
+If you're not managing your devices using an MDM provider, the following resources may help you get started:
 
 - [Microsoft Endpoint Manager overview](/mem/endpoint-manager-overview)
 - [What is Microsoft Intune](/mem/intune/fundamentals/what-is-intune) and [Microsoft Intune planning guide](/mem/intune/fundamentals/intune-planning-guide)
@@ -51,7 +51,7 @@ To install the Company Portal app, you have some options:
 
 - **Use Microsoft Endpoint Manager**: Endpoint Manager includes Microsoft Intune (cloud) and Configuration Manager (on-premises). With both services, you can add Microsoft Store apps, like the Company Portal app. Once added, you create an app policy that deploys and installs the Company Portal app to your devices.
 
-  - This option is preferred, and is the most scalable option, especially if you have many devices. When you create the app policy, the policy can be deployed to many users and many devices simultaneously. Admins can also use reporting to make sure the app is installed on organization-managed devices.
+  - This option is preferred, and is the most scalable, especially if you have many devices. When you create the app policy, the policy can be deployed to many users and many devices simultaneously. Admins can also use reporting to make sure the app is installed on organization-managed devices.
 
   - On co-managed devices, which are managed by Microsoft Intune + Configuration Manager together, the Company Portal app shows your Intune apps and your Configuration Manager apps. So, all apps are shown in one place.
 
@@ -77,7 +77,7 @@ To install the Company Portal app, you have some options:
 
 - **Use the Microsoft Store**: The Company Portal app is available in the Microsoft Store, and can be downloaded by your users. Users open the Microsoft Store app on their device, search for **Company Portal**, and install it. When it's installed, users might be prompted to sign in with their organization account (`user@contoso.com`). When the app opens, they see a list of approved organization apps that can be installed.
 
-  - This option requires users to install the app themselves. If you have many users, the recommended approach is to deploy the Company Portal app using Endpoint Manager or using Windows Autopilot.
+  - This option requires users to install the Company Portal app themselves. If you have many users, the recommended approach is to deploy the Company Portal app using Endpoint Manager or using Windows Autopilot.
 
   - When the Company Portal app is installed from the Microsoft Store app, by default, it's automatically updated. Users can also open the Microsoft Store, go to the **Library**, and check for updates. Within the Company Portal app, they can use the update feature to get app fixes and feature updates on the organization apps you added.
 

From 61fe4f0fa19e0c07bda86809745dc3372a5b969b Mon Sep 17 00:00:00 2001
From: gkomatsu <gkomatsu@microsoft.com>
Date: Wed, 15 Sep 2021 15:23:11 -0700
Subject: [PATCH 363/671] Changed terminology for clarification

Changed term
ADMX-backed policy -> ADMX policy
---
 .../mdm/enable-admx-backed-policies-in-mdm.md | 24 +++++++++----------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
index cfc9928a0b..ef636898be 100644
--- a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
+++ b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
@@ -1,6 +1,6 @@
 ---
-title: Enable ADMX-backed policies in MDM
-description: Use this step-by-step guide to configure a selected set of Group Policy administrative templates (ADMX-backed policies) in Mobile Device Management (MDM).
+title: Enable ADMX policies in MDM
+description: Use this step-by-step guide to configure a selected set of Group Policy administrative templates (ADMX policies) in Mobile Device Management (MDM).
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
@@ -12,30 +12,30 @@ ms.reviewer:
 manager: dansimp
 ---
 
-# Enable ADMX-backed policies in MDM
+# Enable ADMX policies in MDM
 
 
-This is a step-by-step guide to configuring ADMX-backed policies in MDM.
+This is a step-by-step guide to configuring ADMX policies in MDM.
 
-Starting in Windows 10 version 1703, Mobile Device Management (MDM) policy configuration support was expanded to allow access of [selected set of Group Policy administrative templates (ADMX-backed policies)](./policies-in-policy-csp-admx-backed.md) for Windows PCs via the [Policy configuration service provider (CSP)](policy-configuration-service-provider.md). Configuring ADMX-backed policies in Policy CSP is different from the typical way you configure a traditional MDM policy. 
+Starting in Windows 10 version 1703, Mobile Device Management (MDM) policy configuration support was expanded to allow access of [selected set of Group Policy administrative templates (ADMX policies)](./policies-in-policy-csp-admx-backed.md) for Windows PCs via the [Policy configuration service provider (CSP)](policy-configuration-service-provider.md). Configuring ADMX policies in Policy CSP is different from the typical way you configure a traditional MDM policy. 
 
 Summary of steps to enable a policy:
-- Find the policy from the list ADMX-backed policies. 
+- Find the policy from the list ADMX policies. 
 - Find the Group Policy related information from the MDM policy description.
 - Use the Group Policy Editor to determine whether there are parameters necessary to enable the policy.
 - Create the data payload for the SyncML.
 
-See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Support-Tip-Ingesting-Office-ADMX-Backed-policies-using/ba-p/354824) and [Deploying ADMX-Backed policies using Microsoft Intune](/archive/blogs/senthilkumar/intune-deploying-admx-backed-policies-using-microsoft-intune) for a walk-through using Intune.
+See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Support-Tip-Ingesting-Office-ADMX-Backed-policies-using/ba-p/354824) and [Deploying ADMX policies using Microsoft Intune](/archive/blogs/senthilkumar/intune-deploying-admx-backed-policies-using-microsoft-intune) for a walk-through using Intune.
 
->[!TIP]
->Intune has added a number of ADMX-backed administrative templates in public preview. Check if the policy settings you need are available in a template before using the SyncML method described below. [Learn more about Intune's administrative templates.](/intune/administrative-templates-windows)
+<!-- >[!TIP] -->
+<!--  >Intune has added a number of ADMX administrative templates in public preview. Check if the policy settings you need are available in a template before using the SyncML method described below. [Learn more about Intune's administrative templates.](/intune/administrative-templates-windows) -->
 
 ## Enable a policy
 
 > [!NOTE]
-> See [Understanding ADMX-backed policies in Policy CSP](./understanding-admx-backed-policies.md).
+> See [Understanding ADMX policies in Policy CSP](./understanding-admx-backed-policies.md).
 
-1.  Find the policy from the list [ADMX-backed policies](./policies-in-policy-csp-admx-backed.md). You need the following information listed in the policy description.  
+1.  Find the policy from the list [ADMX policies](./policies-in-policy-csp-admx-backed.md). You need the following information listed in the policy description.  
     - GP English name
     - GP name
     - GP ADMX file name
@@ -308,4 +308,4 @@ The \<Data> payload is empty. Here an example to set AppVirtualization/Publishin
     <Final/>
   </SyncBody>
 </SyncML>
-```
\ No newline at end of file
+```

From dfa6f2914dcfc00113767abb14051db21dafa089 Mon Sep 17 00:00:00 2001
From: gkomatsu <gkomatsu@microsoft.com>
Date: Wed, 15 Sep 2021 15:42:16 -0700
Subject: [PATCH 364/671] Terminology change for ADMX for clarifiation

Changed from
ADMX-Backed Policies
_> ADMX Policies
---
 .../mdm/understanding-admx-backed-policies.md | 30 +++++++++----------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/windows/client-management/mdm/understanding-admx-backed-policies.md b/windows/client-management/mdm/understanding-admx-backed-policies.md
index 21f39c4389..4550b1717b 100644
--- a/windows/client-management/mdm/understanding-admx-backed-policies.md
+++ b/windows/client-management/mdm/understanding-admx-backed-policies.md
@@ -1,6 +1,6 @@
 ---
-title: Understanding ADMX-backed policies
-description: Starting in Windows 10, version 1703, you can use ADMX-backed policies for Windows 10 mobile device management (MDM) across Windows 10 devices.
+title: Understanding ADMX policies
+description: In Windows 10, you can use ADMX policies for Windows 10 mobile device management (MDM) across Windows 10 devices.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
@@ -11,15 +11,15 @@ ms.reviewer:
 manager: dansimp
 ---
 
-# Understanding ADMX-backed policies
+# Understanding ADMX policies
 
-Due to increased simplicity and the ease with which devices can be targeted, enterprise businesses are finding it increasingly advantageous to move their PC management to a cloud-based device management solution. Unfortunately, current Windows PC device-management solutions lack the critical policy and app settings configuration capabilities that are supported in a traditional PC management solution. 
+Due to increased simplicity and the ease with which devices can be targeted, enterprise businesses are finding it increasingly advantageous to move their PC management to a cloud-based device management solution. Unfortunately, the modern Windows PC device-management solutions lack the critical policy and app settings configuration capabilities that are supported in a traditional PC management solution. 
 
-Starting in Windows 10 version 1703, Mobile Device Management (MDM) policy configuration support will be expanded to allow access of select Group Policy administrative templates (ADMX-backed policies) for Windows PCs via the Policy configuration service provider (CSP). This expanded access ensures that enterprises do not need to compromise security of their devices in the cloud.
+Starting in Windows 10 version 1703, Mobile Device Management (MDM) policy configuration support expanded to allow access of selected set of Group Policy administrative templates (ADMX policies) for Windows PCs via the Policy configuration service provider (CSP). This expanded access ensures that enterprises can keep their devices compliant and prevent the risk on compromising security of their devices managed through the cloud.
 
 ## <a href="" id="background"></a>Background
 
-In addition to standard policies, the Policy CSP can now also handle ADMX-backed policies. In an ADMX-backed policy, an administrative template contains the metadata of a Window Group Policy and can be edited in the Local Group Policy Editor on a PC. Each administrative template specifies the registry keys (and their values) that are associated with a Group Policy and defines the policy settings that can be managed. Administrative templates organize Group Policies in a hierarchy in which each segment in the hierarchical path is defined as a category. Each setting in a Group Policy administrative template corresponds to a specific registry value. These Group Policy settings are defined in a standards-based, XML file format known as an ADMX file. For more information, see [Group Policy ADMX Syntax Reference Guide](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753471(v=ws.10)). 
+In addition to standard MDM policies, the Policy CSP can also handle selected set of ADMX policies. In an ADMX policy, an administrative template contains the metadata of a Window Group Policy and can be edited in the Local Group Policy Editor on a PC. Each administrative template specifies the registry keys (and their values) that are associated with a Group Policy and defines the policy settings that can be managed. Administrative templates organize Group Policies in a hierarchy in which each segment in the hierarchical path is defined as a category. Each setting in a Group Policy administrative template corresponds to a specific registry value. These Group Policy settings are defined in a standards-based, XML file format known as an ADMX file. For more information, see [Group Policy ADMX Syntax Reference Guide](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753471(v=ws.10)). 
 
 ADMX files can either describe operating system (OS) Group Policies that are shipped with Windows or they can describe settings of applications, which are separate from the OS and can usually be downloaded and installed on a PC.
 Depending on the specific category of the settings that they control (OS or application), the administrative template settings are found in the following two locations in the Local Group Policy Editor:
@@ -30,29 +30,29 @@ In a domain controller/Group Policy ecosystem, Group Policies are automatically
 
 An ADMX file can either be shipped with Windows (located at `%SystemRoot%\policydefinitions`) or it can be ingested to a device through the Policy CSP URI (`./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall`). Inbox ADMX files are processed into MDM policies at OS-build time. ADMX files that are ingested are processed into MDM policies post-OS shipment through the Policy CSP. Because the Policy CSP does not rely upon any aspect of the Group Policy client stack, including the PC's Group Policy Service (GPSvc), the policy handlers that are ingested to the device are able to react to policies that are set by the MDM.
 
-Windows maps the name and category path of a Group Policy to a MDM policy area and policy name by parsing the associated ADMX file, finding the specified Group Policy, and storing the definition (metadata) in the MDM Policy CSP client store. When the MDM policy is referenced by a SyncML command and the Policy CSP URI, `.\[device|user]\vendor\msft\policy\[config|result]\<area>\<policy>`, this metadata is referenced and determines which registry keys are set or removed. For a list of ADMX-backed policies supported by MDM, see [Policy CSP - ADMX-backed policies](./policy-configuration-service-provider.md).
+Windows maps the name and category path of a Group Policy to a MDM policy area and policy name by parsing the associated ADMX file, finding the specified Group Policy, and storing the definition (metadata) in the MDM Policy CSP client store. When the MDM policy is referenced by a SyncML command and the Policy CSP URI, `.\[device|user]\vendor\msft\policy\[config|result]\<area>\<policy>`, this metadata is referenced and determines which registry keys are set or removed. For a list of ADMX policies supported by MDM, see [Policy CSP - ADMX policies](./policy-configuration-service-provider.md).
 
->[!TIP]
->Intune has added a number of ADMX-backed administrative templates in public preview. Check if the policy settings you need are available in a template before using the SyncML method described below. [Learn more about Intune's administrative templates.](/intune/administrative-templates-windows)
+<!-- [!TIP] -->
+<!--  Intune has added a number of ADMX administrative templates in public preview. Check if the policy settings you need are available in a template before using the SyncML method described below. [Learn more about Intune's administrative templates.](/intune/administrative-templates-windows) -->
 
 ## <a href="" id="admx-files-and-the-group-policy-editor"></a>ADMX files and the Group Policy Editor
 
-To capture the end-to-end MDM handling of ADMX Group Policies, an IT administrator must use a UI, such as the Group Policy Editor (gpedit.msc), to gather the necessary data. The MDM ISV console UI determines how to gather the needed Group Policy data from the IT administrator. ADMX-backed Group Policies are organized in a hierarchy and can have a scope of machine, user, or both. The Group Policy example in the next section uses a machine-wide Group Policy named "Publishing Server 2 Settings." When this Group Policy is selected, its available states are **Not Configured**, **Enabled**, and **Disabled**. 
+To capture the end-to-end MDM handling of ADMX Group Policies, an IT administrator must use a UI, such as the Group Policy Editor (gpedit.msc), to gather the necessary data. The MDM ISV console UI determines how to gather the needed Group Policy data from the IT administrator. ADMX Group Policies are organized in a hierarchy and can have a scope of machine, user, or both. The Group Policy example in the next section uses a machine-wide Group Policy named "Publishing Server 2 Settings." When this Group Policy is selected, its available states are **Not Configured**, **Enabled**, and **Disabled**. 
 
 The ADMX file that the MDM ISV uses to determine what UI to display to the IT administrator is the same ADMX file that the client uses for the policy definition. The ADMX file is processed either by the OS at build time or set by the client at OS runtime. In either case, the client and the MDM ISV must be synchronized with the ADMX policy definitions. Each ADMX file corresponds to a Group Policy category and typically contains several policy definitions, each of which represents a single Group Policy. For example, the policy definition for the "Publishing Server 2 Settings" is contained in the appv.admx file, which holds the policy definitions for the Microsoft Application Virtualization (App-V) Group Policy category. 
 
 Group Policy option button setting:
 - If **Enabled** is selected, the necessary data entry controls are displayed for the user in the UI. When IT administrator enters the data and clicks **Apply**, the following events occur:
     - The MDM ISV server sets up a Replace SyncML command with a payload that contains the user-entered data.  
-    - The MDM client stack receives this data, which causes the Policy CSP to update the device's registry per the ADMX-backed policy definition.
+    - The MDM client stack receives this data, which causes the Policy CSP to update the device's registry per the ADMX policy definition.
 
 - If **Disabled** is selected and you click **Apply**, the following events occur:
     - The MDM ISV server sets up a Replace SyncML command with a payload set to `<disabled\>`. 
-    - The MDM client stack receives this command, which causes the Policy CSP to either delete the device's registry settings, set the registry keys, or both, per the state change directed by the ADMX-backed policy definition.
+    - The MDM client stack receives this command, which causes the Policy CSP to either delete the device's registry settings, set the registry keys, or both, per the state change directed by the ADMX policy definition.
 
 - If **Not Configured** is selected and you click **Apply**, the following events occur:
     - MDM ISV server sets up a Delete SyncML command. 
-    - The MDM client stack receives this command, which causes the Policy CSP to delete the device's registry settings per the ADMX-backed policy definition.
+    - The MDM client stack receives this command, which causes the Policy CSP to delete the device's registry settings per the ADMX policy definition.
 
 The following diagram shows the main display for the Group Policy Editor.
 
@@ -83,9 +83,9 @@ Appv.admx file:
 ```
 
 
-## <a href="" id="admx-backed-policy-examples"></a>ADMX-backed policy examples
+## <a href="" id="admx-backed-policy-examples"></a>ADMX policy examples
 
-The following SyncML examples describe how to set a MDM policy that is defined by an ADMX template, specifically the Publishing_Server2_Policy Group Policy description in the application virtualization ADMX file, appv.admx. Note that the functionality that this Group Policy manages is not important; it is used to illustrate only how an MDM ISV can set an ADMX-backed policy. These SyncML examples illustrate common options and the corresponding SyncML code that can be used for testing your policies. Note that the payload of the SyncML must be XML-encoded; for this XML encoding, you can use favorite online tool. To avoid encoding the payload, you can use CData if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+The following SyncML examples describe how to set a MDM policy that is defined by an ADMX template, specifically the Publishing_Server2_Policy Group Policy description in the application virtualization ADMX file, appv.admx. Note that the functionality that this Group Policy manages is not important; it is used to illustrate only how an MDM ISV can set an ADMX policy. These SyncML examples illustrate common options and the corresponding SyncML code that can be used for testing your policies. Note that the payload of the SyncML must be XML-encoded; for this XML encoding, you can use favorite online tool. To avoid encoding the payload, you can use CData if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 ### <a href="" id="enabling-a-policy"></a>Enabling a policy

From 776cad1c724fd2678281c2ed1a56ac01437a1c3b Mon Sep 17 00:00:00 2001
From: gkomatsu <gkomatsu@microsoft.com>
Date: Wed, 15 Sep 2021 15:49:20 -0700
Subject: [PATCH 365/671] Terminology changes for clarity

ADMX-Backed policy -> ADMX policy
Import -> Ingest
---
 ...in32-and-centennial-app-policy-configuration.md | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md b/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md
index 3d2584ee4e..2e285342fd 100644
--- a/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md
+++ b/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md
@@ -1,6 +1,6 @@
 ---
-title: Win32 and Desktop Bridge app policy configuration
-description: Starting in Windows 10, version 1703, you can import ADMX files and set those ADMX-backed policies for Win32 and Desktop Bridge apps.
+title: Win32 and Desktop Bridge app ADMX policy Ingestion
+description: Starting in Windows 10, version 1703, you can ingest ADMX files and set those ADMX policies for Win32 and Desktop Bridge apps.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
@@ -11,21 +11,21 @@ ms.reviewer:
 manager: dansimp
 ---
 
-# Win32 and Desktop Bridge app policy configuration
+# Win32 and Desktop Bridge app ADMX policy Ingestion
   
 ## In this section
 
 -   [Overview](#overview)
 -   [Ingesting an app ADMX file](#ingesting-an-app-admx-file)
 -   [URI format for configuring an app policy](#uri-format-for-configuring-an-app-policy)
--   [ADMX-backed app policy examples](#admx-backed-app-policy-examples)
+-   [ADMX app policy examples](#admx-backed-app-policy-examples)
     - [Enabling an app policy](#enabling-an-app-policy)
     - [Disabling an app policy](#disabling-an-app-policy)
     - [Setting an app policy to not configured](#setting-an-app-policy-to-not-configured)
 
 ## <a href="" id="overview"></a>Overview
 
-Starting in Windows 10, version 1703, you can import ADMX files (also called ADMX ingestion) and set those ADMX-backed policies for Win32 and Desktop Bridge apps by using Windows 10 Mobile Device Management (MDM) on desktop SKUs. The ADMX files that define policy information can be ingested to your device by using the Policy CSP URI, `./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall`. The ingested ADMX file is then processed into MDM policies. 
+Starting in Windows 10, version 1703, you can ingest ADMX files (ADMX ingestion) and set those ADMX policies for Win32 and Desktop Bridge apps by using Windows 10 Mobile Device Management (MDM) on desktop SKUs. The ADMX files that define policy information can be ingested to your device by using the Policy CSP URI, `./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall`. The ingested ADMX file is then processed into MDM policies. 
 
 NOTE: Starting from the following Windows 10 version Replace command is supported
 - Windows 10, version 1903 with KB4512941 and KB4517211 installed 
@@ -33,7 +33,7 @@ NOTE: Starting from the following Windows 10 version Replace command is supporte
 - Windows 10, version 1803 with KB4512509 and KB installed 
 - Windows 10, version 1709 with KB4516071 and KB installed 
 
-When the ADMX policies are imported, the registry keys to which each policy is written are checked so that known system registry keys, or registry keys that are used by existing inbox policies or system components, are not overwritten. This precaution helps to avoid security concerns over opening the entire registry. Currently, the ingested policies are not allowed to write to locations within the **System**, **Software\Microsoft**, and **Software\Policies\Microsoft** keys, except for the following locations:
+When the ADMX policies are ingested, the registry keys to which each policy is written are checked so that known system registry keys, or registry keys that are used by existing inbox policies or system components, are not overwritten. This precaution helps to avoid security concerns over opening the entire registry. Currently, the ingested policies are not allowed to write to locations within the **System**, **Software\Microsoft**, and **Software\Policies\Microsoft** keys, except for the following locations:
 
 - Software\Policies\Microsoft\Office\
 - Software\Microsoft\Office\
@@ -58,7 +58,7 @@ When the ADMX policies are imported, the registry keys to which each policy is w
 - Software\Microsoft\EdgeUpdate\
 
 > [!Warning]
-> Some operating system components have built in functionality to check devices for domain membership. MDM enforces the configured policy values only if the devices are domain joined, otherwise it does not. However, you can still import ADMX files and set ADMX-backed policies regardless of whether the device is domain joined or non-domain joined.
+> Some operating system components have built in functionality to check devices for domain membership. MDM enforces the configured policy values only if the devices are domain joined, otherwise it does not. However, you can still ingest ADMX files and set ADMX policies regardless of whether the device is domain joined or non-domain joined.
 
 > [!NOTE]
 > Settings that cannot be configured using custom policy ingestion have to be set by pushing the appropriate registry keys directly (for example, by using PowerShell script). 

From b325e6129c5ca240912065f7c3c9b940cc19aa2e Mon Sep 17 00:00:00 2001
From: Mandi Ohlinger <Mandi.Ohlinger@microsoft.com>
Date: Wed, 15 Sep 2021 19:18:04 -0400
Subject: [PATCH 366/671] Fixed redirect

---
 .openpublishing.redirection.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index fc68ba7fb1..1fc2ec8e56 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -1,7 +1,7 @@
 {
   "redirections": [
     {
-      "source_path": "windows/configuration/customize-the-start-menu-layout-on-windows-11.md",
+      "source_path": "windows/configuration/use-json-customize-start-menu-windows.md",
       "redirect_url": "/windows/configuration/customize-start-menu-layout-windows-11",
       "redirect_document_id": false  
     },

From 7f03c674a2fe1a61d8f858198c73a7c321b00122 Mon Sep 17 00:00:00 2001
From: Alekhya Jupudi <v-aljupudi@microsoft.com>
Date: Thu, 16 Sep 2021 11:34:22 +0530
Subject: [PATCH 367/671] Build issue- fixes as per comments

Fixed the formatting issues in hello-hybrid-cert-trust-devreg.md and added valid code-blocks to the file.
---
 .../hello-hybrid-aadj-sso-base.md             |   7 +-
 .../hello-hybrid-aadj-sso-cert.md             |   4 +-
 .../hello-hybrid-cert-trust-devreg.md         | 127 +++++++++---------
 .../hello-hybrid-cert-whfb-provision.md       |   2 +-
 .../hello-hybrid-cert-whfb-settings-pki.md    |   2 +-
 5 files changed, 74 insertions(+), 68 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
index f8b221e861..86d9a96b10 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
@@ -213,8 +213,8 @@ The web server is ready to host the CRL distribution point.  Now, configure the
 4. On the **Extensions** tab, click **Add**.  Type the computer and share name you create for your CRL distribution point in [Configure the CDP file share](#configure-the-cdp-file-share).  For example, **\\\app\cdp$\\** (do not forget the trailing backwards slash).
 5. Select **\<CaName>** from the **Variable** list and click **Insert**.  Select **\<CRLNameSuffix>** from the **Variable** list and click **Insert**.  Select **\<DeltaCRLAllowed>** from the **Variable** list and click **Insert**.
 6. Type **.crl** at the end of the text in **Location**. Click **OK**.
-7. Select the CDP you just created.
-   ![CDP publishing location.](images/aadj/cdp-extension-complete-unc.png)
+7. Select the CDP you just created. <br>
+![CDP publishing location.](images/aadj/cdp-extension-complete-unc.png)
 8. Select **Publish CRLs to this location**.
 9. Select **Publish Delta CRLs to this location**.
 10. Click **Apply** save your selections.  Click **Yes** when ask to restart the service.  Click **OK** to close the properties dialog box.
@@ -262,7 +262,6 @@ With the CA properly configured with a valid HTTP-based CRL distribution point,
 5. Review the information below the list of fields to confirm the new URL for the CRL distribution point is present in the certificate.  Click **OK**.</br>
 ![New Certificate with updated CDP.](images/aadj/dc-cert-with-new-cdp.png)
 
-
 ## Configure and Assign a Trusted Certificate Device Configuration Profile
 
 Your domain controllers have new certificate that include the new CRL distribution point.  Next, you need your enterprise root certificate so you can deploy it to Azure AD joined devices.  Deploying the enterprise root certificates to the device, ensures the device trusts any certificates issued by the certificate authority.  Without the certificate, Azure AD joined devices do not trust domain controller certificates and authentication fails. 
@@ -282,7 +281,7 @@ Steps you will perform include:
 ![Details tab and copy to file.](images/aadj/certlm-root-cert-details-tab.png)
 6. In the **Certificate Export Wizard**, click **Next**.  
 7. On the **Export File Format** page of the wizard, click **Next**.  
-8. On the **File to Export** page in the wizard, type the name and location of the root certificate and click **Next**. Click **Finish** and then click **OK** to close the success dialog box.
+8. On the **File to Export** page in the wizard, type the name and location of the root certificate and click **Next**. Click **Finish** and then click **OK** to close the success dialog box. <br>
 ![Export root certificate.](images/aadj/certlm-export-root-certificate.png)
 9. Click **OK**  two times to return to the **Certificate Manager** for the local computer.  Close the **Certificate Manager**.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
index 6cca936be0..61eb44f8f8 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
@@ -323,7 +323,7 @@ Sign-in a domain controller with a minimum access equivalent to _Domain Admins_.
 3. Select **Trust this user for delegation to specified services only**.
 4. Select **Use any authentication protocol**.
 5. Click **Add**.
-6. Click **Users or Computers...**  Type the name of the _NDES Server_ you use to issue Windows Hello for Business authentication certificates to Azure AD joined devices.  From the **Avaiable services** list, select **HOST**.  Click **OK**.
+6. Click **Users or Computers...**  Type the name of the _NDES Server_ you use to issue Windows Hello for Business authentication certificates to Azure AD joined devices.  From the **Available services** list, select **HOST**.  Click **OK**.
    ![NDES Service delegation to NDES host.](images/aadjcert/ndessvcdelegation-host-ndes-spn.png)
 7. Repeat steps 5 and 6 for each NDES server using this service account. Click **Add**.
 8. Click **Users or computers...**  Type the name of the issuing certificate authority this NDES service account uses to issue Windows Hello for Business authentication certificates to Azure AD joined devices.  From the **Available services** list, select **dcom**.  Hold the **CTRL** key and select **HOST**. Click **OK**.
@@ -509,7 +509,7 @@ Sign-in the NDES server with access equivalent to _local administrator_.
    ```
    where **[fqdnHostName]** is the fully qualified internal DNS host name of the NDES server.
 
-A web page similar to the following should appear in your web browser.  If you do not see a similar page, or you get a **503 Service unavailable** message, ensure the NDES Service account has the proper user rights.  You can also review the application event log for events with the **NetworkDeviceEnrollmentSerice** source.
+A web page similar to the following should appear in your web browser.  If you do not see a similar page, or you get a **503 Service unavailable** message, ensure the NDES Service account has the proper user rights.  You can also review the application event log for events with the **NetworkDeviceEnrollmentService** source.
 
 ![NDES IIS Console: Source](images/aadjcert/ndes-https-website-test-01.png)
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
index 387a5f1ded..07738c4e4a 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
@@ -24,7 +24,6 @@ ms.reviewer:
 -  Hybrid deployment
 -  Certificate trust
 
-
 Your environment is federated and you are ready to configure device registration for your hybrid environment. Hybrid Windows Hello for Business deployment needs device registration and device write-back to enable proper device authentication.  
 
 > [!IMPORTANT]
@@ -34,15 +33,17 @@ Your environment is federated and you are ready to configure device registration
 >Refer to the [Tutorial: Configure hybrid Azure Active Directory join for federated domains](/azure/active-directory/devices/hybrid-azuread-join-federated-domains) to learn more about setting up Azure Active Directory Connect for a simplified join flow for Azure AD device registration.
 
 Use this three-phased approach for configuring device registration.
+
 1. [Configure devices to register in Azure](#configure-azure-for-device-registration)
 2. [Synchronize devices to on-premises Active Directory](#configure-active-directory-to-support-azure-device-synchronization)
 3. [Configure AD FS to use cloud devices](#configure-ad-fs-to-use-azure-registered-devices)
 
 > [!NOTE]
 > Before proceeding, you should familiarize yourself with device registration concepts such as:
-> * Azure AD registered devices
-> * Azure AD joined devices
-> * Hybrid Azure AD joined devices
+>
+> - Azure AD registered devices
+> - Azure AD joined devices
+> - Hybrid Azure AD joined devices
 >
 > You can learn about this and more by reading [Introduction to Device Management in Azure Active Directory.](/azure/active-directory/device-management-introduction)
 
@@ -50,7 +51,8 @@ Use this three-phased approach for configuring device registration.
 > To use hybrid identity with Azure Active Directory and device WriteBack features, you must use the built-in GUI with the [latest updates for ADConnect](https://www.microsoft.com/download/details.aspx?id=47594).
 
 ## Configure Azure for Device Registration
-Begin configuring device registration to support Hybrid Windows Hello for Business by configuring device registration capabilities in Azure AD. 
+
+Begin configuring device registration to support Hybrid Windows Hello for Business by configuring device registration capabilities in Azure AD.
 
 To do this, follow the **Configure device settings** steps under [Setting up Azure AD Join in your organization](/azure/active-directory/devices/device-management-azure-portal)  
 
@@ -60,7 +62,7 @@ Azure Active Directory is now configured for device registration. Next, you need
 
 ### Upgrading Active Directory to the Windows Server 2016 or later Schema 
 
-To use Windows Hello for Business with Hybrid Azure AD joined devices, you must first upgrade your Active Directory schema to Windows Server 2016 or later. 
+To use Windows Hello for Business with Hybrid Azure AD joined devices, you must first upgrade your Active Directory schema to Windows Server 2016 or later.
 
 > [!IMPORTANT]
 > If you already have a Windows Server 2016 or later domain controller in your forest, you can skip **Upgrading Active Directory to the Windows Server 2016 or later Schema** (this section).
@@ -83,110 +85,107 @@ Manually updating Active Directory uses the command-line utility **adprep.exe**
 
 Sign-in to the domain controller hosting the schema master operational role using enterprise administrator equivalent credentials.
 
-1.  Open an elevated command prompt.
-2.  Type ```cd /d x:\support\adprep``` where *x* is the drive letter of the DVD or mounted ISO.
-3.  To update the schema, type ```adprep /forestprep```.
-4.  Read the Adprep Warning.  Type the letter **C*** and press **Enter** to update the schema.
-5.  Close the Command Prompt and sign-out.
+1. Open an elevated command prompt.
+2. Type ```cd /d x:\support\adprep``` where *x* is the drive letter of the DVD or mounted ISO.
+3. To update the schema, type ```adprep /forestprep```.
+4. Read the Adprep Warning.  Type the letter **C*** and press **Enter** to update the schema.
+5. Close the Command Prompt and sign-out.
 
 > [!NOTE]
 > If you installed Azure AD Connect prior to upgrading the schema, you will need to re-run the Azure AD Connect installation and refresh the on-premises AD schema to ensure the synchronization rule for msDS-KeyCredentialLink is configured.
 
-
 ### Setup Active Directory Federation Services
+
 If you are new to AD FS and federation services, you should review [Understanding Key AD FS Concepts](/windows-server/identity/ad-fs/technical-reference/understanding-key-ad-fs-concepts) to prior to designing and deploying your federation service.
 Review the [AD FS Design guide](/windows-server/identity/ad-fs/design/ad-fs-design-guide-in-windows-server-2012-r2) to plan your federation service.
 
 Once you have your AD FS design ready, review [Deploying a Federation Server farm](/windows-server/identity/ad-fs/deployment/deploying-a-federation-server-farm) to configure AD FS in your environment.
 > [!IMPORTANT]
-> During your AD FS deployment, skip the **Configure a federation server with Device Registration Service** and the **Configure Corporate DNS for the Federation Service and DRS** procedures.      
+> During your AD FS deployment, skip the **Configure a federation server with Device Registration Service** and the **Configure Corporate DNS for the Federation Service and DRS** procedures.
 
 The AD FS farm used with Windows Hello for Business must be Windows Server 2016 with minimum update of [KB4088889 (14393.2155)](https://support.microsoft.com/help/4088889).  If your AD FS farm is not running the AD FS role with updates from Windows Server 2016, then read [Upgrading to AD FS in Windows Server 2016](/windows-server/identity/ad-fs/deployment/upgrading-to-ad-fs-in-windows-server-2016)
 
 #### ADFS Web Proxy ###
+
 Federation server proxies are computers that run AD FS software that have been configured manually to act in the proxy role. You can use federation server proxies in your organization to provide intermediary services between an Internet client and a federation server that is behind a firewall on your corporate network.
 Use the [Setting of a Federation Proxy](/windows-server/identity/ad-fs/deployment/checklist--setting-up-a-federation-server-proxy) checklist to configure AD FS proxy servers in your environment.
 
 ### Deploy Azure AD Connect
+
 Next, you need to synchronize the on-premises Active Directory with Azure Active Directory.  To do this, first review the [Integrating on-prem directories with Azure Active Directory](/azure/active-directory/connect/active-directory-aadconnect) and [hardware and prerequisites](/azure/active-directory/connect/active-directory-aadconnect-prerequisites) needed and then [download the software](https://go.microsoft.com/fwlink/?LinkId=615771).
 
 When you are ready to install, follow the **Configuring federation with AD FS** section of [Custom installation of Azure AD Connect](/azure/active-directory/connect/active-directory-aadconnect-get-started-custom).  Select the **Federation with AD FS** option on the **User sign-in** page.  At the **AD FS Farm** page, select the use an existing option and click **Next**.  
 
-### Create AD objects for AD FS Device Authentication  
-If your AD FS farm is not already configured for Device Authentication (you can see this in the AD FS Management console under Service -> Device Registration), use the following steps to create the correct AD DS objects and configuration.  
+### Create AD objects for AD FS Device Authentication
 
+If your AD FS farm is not already configured for Device Authentication (you can see this in the AD FS Management console under Service -> Device Registration), use the following steps to create the correct AD DS objects and configuration.
 ![Device Registration: AD FS](images/hybridct/device1.png)
 
 > [!NOTE]
 > The below commands require Active Directory administration tools, so if your federation server is not also a domain controller, first install the tools using step 1 below.  Otherwise you can skip step 1.  
 
-1.  Run the **Add Roles & Features** wizard and select feature **Remote Server Administration Tools** -> **Role Administration Tools** -> **AD DS and AD LDS Tools** -> Choose both the **Active Directory module for Windows PowerShell** and the **AD DS Tools**.
-
-![Device Registration: Overview](images/hybridct/device2.png)
-
+1. Run the **Add Roles & Features** wizard and select feature **Remote Server Administration Tools** -> **Role Administration Tools** -> **AD DS and AD LDS Tools** -> Choose both the **Active Directory module for Windows PowerShell** and the **AD DS Tools**.
+    ![Device Registration: Overview](images/hybridct/device2.png)
 2. On your AD FS primary server, ensure you are logged in as AD DS user with enterprise administrator privileges and open an elevated Windows PowerShell prompt.  Then, run the following commands:  
-
    `Import-module activedirectory`  
    `PS C:\> Initialize-ADDeviceRegistration -ServiceAccountName "<your service account>"` 
 3. On the pop-up window click **Yes**.
 
-> [!NOTE]
-> If your AD FS service is configured to use a GMSA account, enter the account name in the format "domain\accountname$"
+   > [!NOTE]
+   > If your AD FS service is configured to use a GMSA account, enter the account name in the format "domain\accountname$"
 
-![Device Registration: Domain](images/hybridct/device3.png)  
+   ![Device Registration: Domain](images/hybridct/device3.png)  
+   The above PSH creates the following objects:  
 
-The above PSH creates the following objects:  
-
-- RegisteredDevices container under the AD domain partition  
-- Device Registration Service container and object under Configuration --> Services --> Device Registration Configuration  
-- Device Registration Service DKM container and object under Configuration --> Services --> Device Registration Configuration  
-
-![Device Registration: Tests](images/hybridct/device4.png)  
+   - RegisteredDevices container under the AD domain partition  
+   - Device Registration Service container and object under Configuration --> Services --> Device Registration Configuration  
+   - Device Registration Service DKM container and object under Configuration --> Services --> Device Registration Configuration  
 
+   ![Device Registration: Tests](images/hybridct/device4.png) <br>
 4. Once this is done, you will see a successful completion message.
 
-![Device Registration: Completion](images/hybridct/device5.png) 
+   ![Device Registration: Completion](images/hybridct/device5.png) 
 
 ### Create Service Connection Point (SCP) in Active Directory  
 If you plan to use Windows domain join (with automatic registration to Azure AD) as described here, execute the following commands to create a service connection point in AD DS  
-1.  Open Windows PowerShell and execute the following:
+
+1. Open Windows PowerShell and execute the following:
 
     `PS C:>Import-Module -Name "C:\Program Files\Microsoft Azure Active Directory Connect\AdPrep\AdSyncPrep.psm1"` 
 
-> [!NOTE]
-> If necessary, copy the AdSyncPrep.psm1 file from your Azure AD Connect server.  This file is located in Program Files\Microsoft Azure Active Directory Connect\AdPrep
-
-![Device Registration AdPrep](images/hybridct/device6.png)   
+   > [!NOTE]
+   > If necessary, copy the AdSyncPrep.psm1 file from your Azure AD Connect server.  This file is located in Program Files\Microsoft Azure Active Directory Connect\AdPrep
 
+   ![Device Registration AdPrep](images/hybridct/device6.png)
 2. Provide your Azure AD global administrator credentials  
 
-    `PS C:>$aadAdminCred = Get-Credential`
-
-![Device Registration: Credential](images/hybridct/device7.png) 
+   `PS C:>$aadAdminCred = Get-Credential`
 
+   ![Device Registration: Credential](images/hybridct/device7.png) 
 3. Run the following PowerShell command 
 
    `PS C:>Initialize-ADSyncDomainJoinedComputerSync -AdConnectorAccount [AD connector account name] -AzureADCredentials $aadAdminCred` 
 
-Where the [AD connector account name] is the name of the account you configured in Azure AD Connect when adding your on-premises AD DS directory.
+   Where the [AD connector account name] is the name of the account you configured in Azure AD Connect when adding your on-premises AD DS directory.
 
 The above commands enable Windows clients to find the correct Azure AD domain to join by creating the serviceConnectionpoint object in AD DS.  
 
 ### Prepare AD for Device Write Back   
 To ensure AD DS objects and containers are in the correct state for write back of devices from Azure AD, do the following.
 
-1.  Open Windows PowerShell and execute the following:  
+1. Open Windows PowerShell and execute the following:  
 
     `PS C:>Initialize-ADSyncDeviceWriteBack -DomainName <AD DS domain name> -AdConnectorAccount [AD connector account name]` 
 
-Where the [AD connector account name] is the name of the account you configured in Azure AD Connect when adding your on-premises AD DS directory in domain\accountname format  
+   Where the [AD connector account name] is the name of the account you configured in Azure AD Connect when adding your on-premises AD DS directory in domain\accountname format  
 
 The above command creates the following objects for device write back to AD DS, if they do not exist already, and allows access to the specified AD connector account name  
 
 - RegisteredDevices container in the AD domain partition  
 - Device Registration Service container and object under Configuration --> Services --> Device Registration Configuration  
 
-### Enable Device Write Back in Azure AD Connect  
+### Enable Device Write Back in Azure AD Connect
+
 If you have not done so before, enable device write back in Azure AD Connect by running the wizard a second time and selecting **"Customize Synchronization Options"**, then checking the box for device write back and selecting the forest in which you have run the above cmdlets  
 
 ## Configure AD FS to use Azure registered devices
@@ -213,17 +212,17 @@ When you're using AD FS, you need to enable the following WS-Trust endpoints:
 
 The following claims must exist in the token received by Azure DRS for device registration to complete. Azure DRS will create a device object in Azure AD with some of this information which is then used by Azure AD Connect to associate the newly created device object with the computer account on-premises.
 
-* `http://schemas.microsoft.com/ws/2012/01/accounttype`
-* `http://schemas.microsoft.com/identity/claims/onpremobjectguid`
-* `http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid`
+- `http://schemas.microsoft.com/ws/2012/01/accounttype`
+- `http://schemas.microsoft.com/identity/claims/onpremobjectguid`
+- `http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid`
 
 If you have more than one verified domain name, you need to provide the following claim for computers:
 
-* `http://schemas.microsoft.com/ws/2008/06/identity/claims/issuerid`
+- `http://schemas.microsoft.com/ws/2008/06/identity/claims/issuerid`
 
 If you are already issuing an ImmutableID claim (e.g., alternate login ID) you need to provide one corresponding claim for computers:
 
-* `http://schemas.microsoft.com/LiveID/Federation/2008/05/ImmutableID`
+- `http://schemas.microsoft.com/LiveID/Federation/2008/05/ImmutableID`
 
 In the following sections, you find information about:
 
@@ -239,7 +238,8 @@ The definition helps you to verify whether the values are present or if you need
 
 **`http://schemas.microsoft.com/ws/2012/01/accounttype`** - This claim must contain a value of **DJ**, which identifies the device as a domain-joined computer. In AD FS, you can add an issuance transform rule that looks like this:
 
-```
+```powershell
+
     @RuleName = "Issue account type for domain-joined computers"
     c:[
         Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", 
@@ -256,7 +256,8 @@ The definition helps you to verify whether the values are present or if you need
 
 **`http://schemas.microsoft.com/identity/claims/onpremobjectguid`** - This claim must contain the **objectGUID** value of the on-premises computer account. In AD FS, you can add an issuance transform rule that looks like this:
 
-```
+```powershell
+
     @RuleName = "Issue object GUID for domain-joined computers"
     c1:[
         Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", 
@@ -280,7 +281,8 @@ The definition helps you to verify whether the values are present or if you need
 
 **`http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid`** - This claim must contain the **objectSid** value of the on-premises computer account. In AD FS, you can add an issuance transform rule that looks like this:
 
-```
+```powershell
+
     @RuleName = "Issue objectSID for domain-joined computers"
     c1:[
         Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", 
@@ -299,7 +301,8 @@ The definition helps you to verify whether the values are present or if you need
 
 **`http://schemas.microsoft.com/ws/2008/06/identity/claims/issuerid`** - This claim must contain the Uniform Resource Identifier (URI) of any of the verified domain names that connect with the on-premises federation service (AD FS or 3rd party) issuing the token. In AD FS, you can add issuance transform rules that look like the ones below in that specific order after the ones above. Please note that one rule to explicitly issue the rule for users is necessary. In the rules below, a first rule identifying user vs. computer authentication is added.
 
-```
+```powershell
+
     @RuleName = "Issue account type with the value User when it is not a computer"
 
     NOT EXISTS(
@@ -355,7 +358,8 @@ To get a list of your verified company domains, you can use the [Get-MsolDomain]
 
 **`http://schemas.microsoft.com/LiveID/Federation/2008/05/ImmutableID`** - This claim must contain a valid value for computers. In AD FS, you can create an issuance transform rule as follows:
 
-```
+```powershell
+
     @RuleName = "Issue ImmutableID for computers"
     c1:[
         Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", 
@@ -379,7 +383,8 @@ To get a list of your verified company domains, you can use the [Get-MsolDomain]
 
 The following script helps you with the creation of the issuance transform rules described above.
 
-```
+```powershell
+
     $multipleVerifiedDomainNames = $false
     $immutableIDAlreadyIssuedforUsers = $false
     $oneOfVerifiedDomainNames = 'example.com'   # Replace example.com with one of your verified domains
@@ -506,20 +511,21 @@ The following script helps you with the creation of the issuance transform rules
 
 - If you have multiple verified domain names (as shown in the Azure AD portal or via the Get-MsolDomains cmdlet), set the value of **$multipleVerifiedDomainNames** in the script to **$true**. Also make sure that you remove any existing issuerid claim that might have been created by Azure AD Connect or via other means. Here is an example for this rule:
 
-
-~~~
+  ~~~
     c:[Type == "http://schemas.xmlsoap.org/claims/UPN"]
     => issue(Type = "http://schemas.microsoft.com/ws/2008/06/identity/claims/issuerid", Value = regexreplace(c.Value, ".+@(?<domain>.+)",  "http://${domain}/adfs/services/trust/")); 
-~~~
+  ~~~
 
 - If you have already issued an **ImmutableID** claim  for user accounts, set the value of **$immutableIDAlreadyIssuedforUsers** in the script to **$true**.
 
-#### Configure Device Authentication in AD FS  
+#### Configure Device Authentication in AD FS 
+
 Using an elevated PowerShell command window, configure AD FS policy by executing the following command  
 
 `PS C:>Set-AdfsGlobalAuthenticationPolicy -DeviceAuthenticationEnabled $true -DeviceAuthenticationMethod SignedToken` 
 
-#### Check your configuration  
+#### Check your configuration
+
 For your reference, below is a comprehensive list of the AD DS devices, containers and permissions required for device write-back and authentication to work
 
 - object of type ms-DS-DeviceContainer at CN=RegisteredDevices,DC=&lt;domain&gt;        
@@ -528,7 +534,7 @@ For your reference, below is a comprehensive list of the AD DS devices, containe
 - Container CN=Device Registration Configuration,CN=Services,CN=Configuration,DC=&lt;domain&gt;
 - Container Device Registration Service DKM under the above container
 
-![Device Registration: Container](images/hybridct/device8.png) 
+   ![Device Registration: Container](images/hybridct/device8.png) 
 
 - object of type serviceConnectionpoint at CN=&lt;guid&gt;, CN=Device Registration Configuration,CN=Services,CN=Configuration,DC=&lt;domain&gt;  
   - read/write access to the specified AD connector account name on the new object 
@@ -542,6 +548,7 @@ For your reference, below is a comprehensive list of the AD DS devices, containe
 <hr>
 
 ## Follow the Windows Hello for Business hybrid certificate trust deployment guide
+
 1. [Overview](hello-hybrid-cert-trust.md)
 2. [Prerequisites](hello-hybrid-cert-trust-prereqs.md)
 3. [New Installation Baseline](hello-hybrid-cert-new-install.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md
index f1dc22e50f..e7082740c2 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md
@@ -1,6 +1,6 @@
 ---
 title: Hybrid Azure AD joined Windows Hello for Business Certificate Trust Provisioning (Windows Hello for Business)
-description: In this article, learn about provisioning for hybrid certificate trust deployments of Windows Hello for Businesss.
+description: In this article, learn about provisioning for hybrid certificate trust deployments of Windows Hello for Business.
 keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust
 ms.prod: w10
 ms.mktglfcycl: deploy
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
index 1cc5c20c10..53d6fd45a0 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
@@ -17,7 +17,7 @@ ms.date: 4/30/2021
 ms.reviewer: 
 ---
 
-# Configure Hybrid Azure AD joined Windows Hello for Busines - Public Key Infrastructure
+# Configure Hybrid Azure AD joined Windows Hello for Business - Public Key Infrastructure
 
 **Applies to**
 

From f58bdbb941fec3bd6d7cd9afc278f9d2d54246a6 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Thu, 16 Sep 2021 15:15:39 +0530
Subject: [PATCH 368/671] Up

---
 ...in-policy-csp-supported-by-group-policy.md |  1 +
 .../policy-configuration-service-provider.md  |  8 ++
 .../mdm/policy-csp-experience.md              | 70 --------------
 .../client-management/mdm/policy-csp-feeds.md | 94 +++++++++++++++++++
 4 files changed, 103 insertions(+), 70 deletions(-)
 create mode 100644 windows/client-management/mdm/policy-csp-feeds.md

diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
index d7d340e2b5..eee115e673 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
@@ -262,6 +262,7 @@ ms.date: 07/18/2019
 - [Experience/PreventUsersFromTurningOnBrowserSyncing](./policy-csp-experience.md#experience-preventusersfromturningonbrowsersyncing)
 - [Experience/ShowLockOnUserTile](policy-csp-experience.md#experience-showlockonusertile)
 - [ExploitGuard/ExploitProtectionSettings](./policy-csp-exploitguard.md#exploitguard-exploitprotectionsettings)
+- [Feeds/FeedsEnabled](./policy-csp-feeds-feedsenabled.md#feeds-feedsenabled)
 - [FileExplorer/TurnOffDataExecutionPreventionForExplorer](./policy-csp-fileexplorer.md#fileexplorer-turnoffdataexecutionpreventionforexplorer)
 - [FileExplorer/TurnOffHeapTerminationOnCorruption](./policy-csp-fileexplorer.md#fileexplorer-turnoffheapterminationoncorruption)
 - [Handwriting/PanelDefaultModeDocked](./policy-csp-handwriting.md#handwriting-paneldefaultmodedocked)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 6922bada43..d55c3144ba 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -6025,6 +6025,14 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
+### Feeds policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-feeds.md#feeds-feedsenabled" id="feeds-feedsenabled">Feeds/FeedsEnabled</a>
+  </dd>
+</dl>
+
 ### FileExplorer policies
 
 <dl>
diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index 697cc4af50..27eaa323af 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -85,9 +85,6 @@ manager: dansimp
   <dd>
     <a href="#experience-donotsyncbrowsersetting">Experience/DoNotSyncBrowserSettings</a>
   </dd>
-  <dd>
-    <a href="#experience-feeds">Experience/Feeds</a>
-  </dd>
   <dd>
     <a href="#experience-preventusersfromturningonbrowsersyncing">Experience/PreventUsersFromTurningOnBrowserSyncing</a>
   </dd>
@@ -1567,73 +1564,6 @@ _**Turn syncing off by default but don’t disable**_
 <!--/Validation-->
 <!--/Policy-->
 
-<hr/>
-
-<!--Policy-->
-<a href="" id="experience-feeds"></a>**Experience/Feeds**  
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Edition</th>
-    <th>Windows 10</th>
-    <th>Windows 11</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td>No</td>
-    <td>No</td>  
-</tr>
-<tr>
-    <td>Pro</td>
-    <td>Yes</td>
-    <td>Yes</td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td>Yes</td>
-    <td>Yes</td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td>Yes</td>
-    <td>Yes</td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td>Yes</td>
-    <td>Yes</td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Specifies whether "Feeds" is enabled on the taskbar.
-
-<!--/Description-->
-<!--SupportedValues-->
-The values for this policy are 1 and 0. This policy defaults to 1.
-
-- 1 - Default - "Feeds" feature will be allowed on the taskbar. The settings UI will be present in Taskbar context menu, and users will be able to turn off or switch mode.
-
-- 0 - "Feeds" feature will be turned off completely, and the settings UI in Taskbar context menu will be removed.
-
-<!--/SupportedValues-->
-<!--/Policy-->
-
-<hr/>
-
 <!--Policy-->
 <a href="" id="experience-preventusersfromturningonbrowsersyncing"></a>**Experience/PreventUsersFromTurningOnBrowserSyncing**  
 
diff --git a/windows/client-management/mdm/policy-csp-feeds.md b/windows/client-management/mdm/policy-csp-feeds.md
new file mode 100644
index 0000000000..e0fca8ab18
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-feeds.md
@@ -0,0 +1,94 @@
+---
+title: Policy CSP - Feeds
+description: Define the list of trusting forests that the Kerberos client searches when attempting to resolve two-part service principal names (SPNs).
+ms.author: dansimp
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.localizationpriority: medium
+ms.date: 09/27/2019
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - Feeds
+
+
+<hr/>
+
+<!--Policies-->
+## Feeds policies  
+
+<dl>
+  <dd>
+    <a href="#feeds-feedsenabled">Feeds/FeedsEnabled</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="feeds-feedsenabled"></a>**Feeds/FeedsEnabled**  
+
+<<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+
+<!--/Description-->
+Specifies whether "Feeds" is enabled on the taskbar.
+
+The values for this policy are 1 and 0. This policy defaults to 1.
+
+1 - Default - "Feeds" feature will be allowed on the taskbar. The settings UI will be present in Taskbar context menu, and users will be able to turn off or switch mode.
+
+0 - "Feeds" feature will be turned off completely, and the settings UI in Taskbar context menu will be removed.
+<!--/Description-->
+
+<!--/Policy-->
+<!--/Policies-->
+

From a34f21eac242530f27f1b80afc05b3f33409c00a Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Thu, 16 Sep 2021 15:23:03 +0530
Subject: [PATCH 369/671] Update toc.yml

---
 windows/client-management/mdm/toc.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index 04c1850c2f..354021ef05 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -705,6 +705,8 @@ items:
               href: policy-csp-experience.md
             - name: ExploitGuard
               href: policy-csp-exploitguard.md
+            - name: Feeds
+              href: policy-csp-feeds.md  
             - name: FileExplorer
               href: policy-csp-fileexplorer.md
             - name: Games

From 18f536a2b00f8110d147ca856089731b0adaabf5 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Thu, 16 Sep 2021 17:19:56 +0530
Subject: [PATCH 370/671] Updated

---
 .../mdm/policies-in-policy-csp-admx-backed.md |   1 +
 ...in-policy-csp-supported-by-group-policy.md |   1 -
 .../policy-configuration-service-provider.md  |  15 ++-
 .../mdm/policy-csp-admx-feeds.md              | 111 ++++++++++++++++++
 .../client-management/mdm/policy-csp-feeds.md |  94 ---------------
 5 files changed, 119 insertions(+), 103 deletions(-)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-feeds.md
 delete mode 100644 windows/client-management/mdm/policy-csp-feeds.md

diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 586e5edcc6..282b9ad9c4 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -280,6 +280,7 @@ ms.date: 10/08/2020
 - [ADMX_ExternalBoot/PortableOperatingSystem_Hibernate](./policy-csp-admx-externalboot.md#admx-externalboot-portableoperatingsystem_hibernate)
 - [ADMX_ExternalBoot/PortableOperatingSystem_Sleep](./policy-csp-admx-externalboot.md#admx-externalboot-portableoperatingsystem_sleep)
 - [ADMX_ExternalBoot/PortableOperatingSystem_Launcher](./policy-csp-admx-externalboot.md#admx-externalboot-portableoperatingsystem_launcher)
+- [ADMX_Feeds/FeedsEnabled](./policy-csp-admx-feeds.md#admx-feeds-feedsEnabled)
 - [ADMX_FileRecovery/WdiScenarioExecutionPolicy](./policy-csp-admx-filerecovery.md#admx-filerecovery-wdiscenarioexecutionpolicy)
 - [ADMX_FileServerVSSProvider/Pol_EncryptProtocol](./policy-csp-admx-fileservervssprovider.md#admx-fileservervssprovider-pol-encryptprotocol)
 - [ADMX_FileSys/DisableCompression](./policy-csp-admx-filesys.md#admx-filesys-disablecompression)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
index eee115e673..d7d340e2b5 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
@@ -262,7 +262,6 @@ ms.date: 07/18/2019
 - [Experience/PreventUsersFromTurningOnBrowserSyncing](./policy-csp-experience.md#experience-preventusersfromturningonbrowsersyncing)
 - [Experience/ShowLockOnUserTile](policy-csp-experience.md#experience-showlockonusertile)
 - [ExploitGuard/ExploitProtectionSettings](./policy-csp-exploitguard.md#exploitguard-exploitprotectionsettings)
-- [Feeds/FeedsEnabled](./policy-csp-feeds-feedsenabled.md#feeds-feedsenabled)
 - [FileExplorer/TurnOffDataExecutionPreventionForExplorer](./policy-csp-fileexplorer.md#fileexplorer-turnoffdataexecutionpreventionforexplorer)
 - [FileExplorer/TurnOffHeapTerminationOnCorruption](./policy-csp-fileexplorer.md#fileexplorer-turnoffheapterminationoncorruption)
 - [Handwriting/PanelDefaultModeDocked](./policy-csp-handwriting.md#handwriting-paneldefaultmodedocked)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index d55c3144ba..fa753bd3f4 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -1144,6 +1144,13 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 <dl>
 
+### ADMX_Feeds policies
+<dl>
+  <dd>
+    <a href="./policy-csp-admx-feeds.md#admx-feeds-feedsenabled" id="admx-feeds-feedsenabled">ADMX_Feeds/FeedsEnabled</a>
+  </dd>
+</dl>
+
 ### ADMX_FileRecovery policies
 <dl>
   <dd>
@@ -6025,14 +6032,6 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### Feeds policies
-
-<dl>
-  <dd>
-    <a href="./policy-csp-feeds.md#feeds-feedsenabled" id="feeds-feedsenabled">Feeds/FeedsEnabled</a>
-  </dd>
-</dl>
-
 ### FileExplorer policies
 
 <dl>
diff --git a/windows/client-management/mdm/policy-csp-admx-feeds.md b/windows/client-management/mdm/policy-csp-admx-feeds.md
new file mode 100644
index 0000000000..b96c8f3500
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-feeds.md
@@ -0,0 +1,111 @@
+---
+title: Policy CSP - ADMX_Feeds
+description: Policy CSP - ADMX_Feeds
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/16/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_Feeds
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+<dl>
+  <dd>
+    <a href="#admx-feeds-feedsenabled">ADMX_Feeds/FeedsEnabled</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-feeds-feedsenabled"></a>**ADMX_Feeds/FeedsEnabled**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Machine
+
+<!--/Scope-->
+<!--Description-->
+
+This policy setting specifies whether news and interests is allowed on the device.
+
+The values for this policy are 1 and 0. This policy defaults to 1.
+
+- 1 - Default - News and interests feature will be allowed on the taskbar. The settings UI will be present in Taskbar context menu, and users will be able to turn off or switch mode.
+
+- 0 - News and interests feature will be turned off completely, and the settings UI in Taskbar context menu will be removed.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP Friendly name: *Enable news and interests on the taskbar.*
+-   GP name: *FeedsEnabled*
+-   GP path: *Windows Components\News and interests*
+-   GP ADMX file name: *Feeds.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+> [!NOTE]
+> These policies are currently only available as part of a Windows Insider release.
+
+<!--/Policies-->
+
diff --git a/windows/client-management/mdm/policy-csp-feeds.md b/windows/client-management/mdm/policy-csp-feeds.md
deleted file mode 100644
index e0fca8ab18..0000000000
--- a/windows/client-management/mdm/policy-csp-feeds.md
+++ /dev/null
@@ -1,94 +0,0 @@
----
-title: Policy CSP - Feeds
-description: Define the list of trusting forests that the Kerberos client searches when attempting to resolve two-part service principal names (SPNs).
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.localizationpriority: medium
-ms.date: 09/27/2019
-ms.reviewer: 
-manager: dansimp
----
-
-# Policy CSP - Feeds
-
-
-<hr/>
-
-<!--Policies-->
-## Feeds policies  
-
-<dl>
-  <dd>
-    <a href="#feeds-feedsenabled">Feeds/FeedsEnabled</a>
-  </dd>
-</dl>
-
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="feeds-feedsenabled"></a>**Feeds/FeedsEnabled**  
-
-<<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Edition</th>
-    <th>Windows 10</th>
-    <th>Windows 11</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td>No</td>
-    <td>No</td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td>Yes</td>
-    <td>Yes</td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td>Yes</td>
-    <td>Yes</td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td>Yes</td>
-    <td>Yes</td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td>Yes</td>
-    <td>Yes</td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-
-<!--/Description-->
-Specifies whether "Feeds" is enabled on the taskbar.
-
-The values for this policy are 1 and 0. This policy defaults to 1.
-
-1 - Default - "Feeds" feature will be allowed on the taskbar. The settings UI will be present in Taskbar context menu, and users will be able to turn off or switch mode.
-
-0 - "Feeds" feature will be turned off completely, and the settings UI in Taskbar context menu will be removed.
-<!--/Description-->
-
-<!--/Policy-->
-<!--/Policies-->
-

From 3fe3d1ca56695eeb1683d1748a47d0140366939b Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Thu, 16 Sep 2021 17:25:30 +0530
Subject: [PATCH 371/671] Update toc.yml

---
 windows/client-management/mdm/toc.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index 354021ef05..753d778986 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -480,7 +480,9 @@ items:
             - name: ADMX_Explorer
               href: policy-csp-admx-explorer.md
             - name: ADMX_ExternalBoot
-              href: policy-csp-admx-externalboot.md  
+              href: policy-csp-admx-externalboot.md
+            - name: Feeds
+              href: policy-csp-admx-feeds.md    
             - name: ADMX_FileRecovery
               href: policy-csp-admx-filerecovery.md
             - name: ADMX_FileRevocation
@@ -705,8 +707,6 @@ items:
               href: policy-csp-experience.md
             - name: ExploitGuard
               href: policy-csp-exploitguard.md
-            - name: Feeds
-              href: policy-csp-feeds.md  
             - name: FileExplorer
               href: policy-csp-fileexplorer.md
             - name: Games

From b6c6c91d1cc874cc45abb3ebf8723cc6b29dd6fb Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Thu, 16 Sep 2021 17:30:43 +0530
Subject: [PATCH 372/671] Update policies-in-policy-csp-admx-backed.md

---
 .../client-management/mdm/policies-in-policy-csp-admx-backed.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 282b9ad9c4..e215f891b8 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -280,7 +280,7 @@ ms.date: 10/08/2020
 - [ADMX_ExternalBoot/PortableOperatingSystem_Hibernate](./policy-csp-admx-externalboot.md#admx-externalboot-portableoperatingsystem_hibernate)
 - [ADMX_ExternalBoot/PortableOperatingSystem_Sleep](./policy-csp-admx-externalboot.md#admx-externalboot-portableoperatingsystem_sleep)
 - [ADMX_ExternalBoot/PortableOperatingSystem_Launcher](./policy-csp-admx-externalboot.md#admx-externalboot-portableoperatingsystem_launcher)
-- [ADMX_Feeds/FeedsEnabled](./policy-csp-admx-feeds.md#admx-feeds-feedsEnabled)
+- [ADMX_Feeds/FeedsEnabled](./policy-csp-admx-feeds.md#admx-feeds-feedsenabled)
 - [ADMX_FileRecovery/WdiScenarioExecutionPolicy](./policy-csp-admx-filerecovery.md#admx-filerecovery-wdiscenarioexecutionpolicy)
 - [ADMX_FileServerVSSProvider/Pol_EncryptProtocol](./policy-csp-admx-fileservervssprovider.md#admx-fileservervssprovider-pol-encryptprotocol)
 - [ADMX_FileSys/DisableCompression](./policy-csp-admx-filesys.md#admx-filesys-disablecompression)

From 266f215617500b3a9497e5600814d25b7b23c2e2 Mon Sep 17 00:00:00 2001
From: Alekhya Jupudi <v-aljupudi@microsoft.com>
Date: Thu, 16 Sep 2021 17:37:38 +0530
Subject: [PATCH 373/671] 5402449-Localpoliciessecurityoptions: Updated Missing
 Documentation

Added missing documentation (MicrosoftNetworkClient_DigitallySignCommunicationsAlways) in Policy CSP - LocalPoliciesSecurityOptions - Windows Client Management | Microsoft Docs.
---
 ...policy-csp-localpoliciessecurityoptions.md | 1090 +++++++++++------
 1 file changed, 729 insertions(+), 361 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
index c004295d70..50d1696f71 100644
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - LocalPoliciesSecurityOptions
-description: These settings prevents users from adding new Microsoft accounts on a specific computer using LocalPoliciesSecurityOptions.
+description: These settings prevent users from adding new Microsoft accounts on a specific computer using LocalPoliciesSecurityOptions.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
@@ -69,6 +69,9 @@ manager: dansimp
   <dd>
     <a href="#localpoliciessecurityoptions-interactivelogon-smartcardremovalbehavior">LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior</a>
   </dd>
+  <dd>
+    <a href="#localpoliciessecurityoptions-microsoftnetworkclient-digitallysigncommunicationsalways">LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways</a>
+  </dd>
   <dd>
     <a href="#localpoliciessecurityoptions-microsoftnetworkclient-digitallysigncommunicationsifserveragrees">LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees</a>
   </dd>
@@ -173,28 +176,34 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -245,28 +254,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -322,28 +337,34 @@ Valid values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -385,28 +406,34 @@ GP Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -448,28 +475,34 @@ GP Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -512,28 +545,34 @@ GP Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -576,28 +615,34 @@ GP Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -642,28 +687,34 @@ GP Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -705,28 +756,34 @@ GP Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -772,28 +829,34 @@ Valid values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -843,29 +906,34 @@ Valid values:
 
 <!--SupportedSKUs-->
 <table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -917,28 +985,34 @@ Valid values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -991,28 +1065,34 @@ Valid values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1058,28 +1138,34 @@ Valid values: From 0 to 599940, where the value is the amount of inactivity time
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1123,28 +1209,34 @@ GP Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1186,28 +1278,34 @@ GP Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1254,6 +1352,88 @@ GP Info:
 -   GP Friendly name: *Interactive logon: Smart card removal behavior*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 
+<!--/RegistryMapped-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="localpoliciessecurityoptions-microsoftnetworkclient-digitallysigncommunicationsalways"></a>**LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Microsoft network client: Digitally sign communications (always)
+
+This security setting determines whether packet signing is required by the SMB client component.  The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB server is permitted.  
+
+If this setting is enabled, the Microsoft network client will not communicate with a Microsoft network server unless that server agrees to perform SMB packet signing. If this policy is disabled, SMB packet signing is negotiated between the client and server. 
+ 
+Default: Disabled.  
+
+>[!Important] 
+>For this policy to take effect on computers running Windows 2000, client-side packet signing must also be enabled. To enable client-side SMB packet signing, set Microsoft network client: Digitally sign communications (if server agrees). 
+
+>[!Note] 
+>All Windows operating systems support both a client-side SMB component and a server-side SMB component.
+
+On Windows 2000 and later operating systems, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings: 
+- Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing. 
+- Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
+- Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing. 
+- Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled. 
+
+SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136."
+
+<!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP Friendly name: *Microsoft network client: Digitally sign communications (always)*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
 <!--/RegistryMapped-->
 <!--/Policy-->
 
@@ -1265,28 +1445,34 @@ GP Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1313,14 +1499,16 @@ If this setting is enabled, the Microsoft network client will ask the server to
 
 Default: Enabled.
 
-Notes
+>[!Note]
+>All Windows operating systems support both a client-side SMB component and a server-side SMB component. 
 
-All Windows operating systems support both a client-side SMB component and a server-side SMB component. On Windows 2000 and later, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
-Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
-Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
-Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
-Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
+On Windows 2000 and later, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
+- Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
+- Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
+- Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
+- Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
 If both client-side and server-side SMB signing is enabled and the client establishes an SMB 1.0 connection to the server, SMB signing will be attempted.
+
 SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections.
 For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.
 
@@ -1341,28 +1529,34 @@ GP Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1404,28 +1598,34 @@ GP Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1482,28 +1682,34 @@ GP Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1533,21 +1739,21 @@ Default:
 Disabled for member servers.
 Enabled for domain controllers.
 
-Notes
+>[!Note]
+>All Windows operating systems support both a client-side SMB component and a server-side SMB component. 
+
+On Windows 2000 and later, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
+- Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
+- Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
+- Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
+- Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
 
-All Windows operating systems support both a client-side SMB component and a server-side SMB component. On Windows 2000 and later, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
-Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
-Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
-Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
-Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
 Similarly, if client-side SMB signing is required, that client will not be able to establish a session with servers that do not have packet signing enabled. By default, server-side SMB signing is enabled only on domain controllers.
 If server-side SMB signing is enabled, SMB packet signing will be negotiated with clients that have client-side SMB signing enabled.
 SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors.
 
-Important
-
-For this policy to take effect on computers running Windows 2000, server-side packet signing must also be enabled. To enable server-side SMB packet signing, set the following policy:
-Microsoft network server: Digitally sign communications (if server agrees)
+>[!Important]
+>For this policy to take effect on computers running Windows 2000, server-side packet signing must also be enabled. To enable server-side SMB packet signing, set the following policy: Microsoft network server: Digitally sign communications (if server agrees)
 
 For Windows 2000 servers to negotiate signing with Windows NT 4.0 clients, the following registry value must be set to 1 on the Windows 2000 server:
 HKLM\System\CurrentControlSet\Services\lanmanserver\parameters\enableW9xsecuritysignature
@@ -1570,28 +1776,34 @@ GP Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1618,18 +1830,19 @@ If this setting is enabled, the Microsoft network server will negotiate SMB pack
 
 Default: Enabled on domain controllers only.
 
-Important
+>[!Important]
+>For Windows 2000 servers to negotiate signing with Windows NT 4.0 clients, the following registry value must be set to 1 on the server running Windows 2000: HKLM\System\CurrentControlSet\Services\lanmanserver\parameters\enableW9xsecuritysignature
 
-For Windows 2000 servers to negotiate signing with Windows NT 4.0 clients, the following registry value must be set to 1 on the server running Windows 2000: HKLM\System\CurrentControlSet\Services\lanmanserver\parameters\enableW9xsecuritysignature
+>[!Note]
+> All Windows operating systems support both a client-side SMB component and a server-side SMB component. 
 
-Notes
-
-All Windows operating systems support both a client-side SMB component and a server-side SMB component. For Windows 2000 and above, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
-Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
-Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
-Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
-Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
+For Windows 2000 and above, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
+- Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
+- Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
+- Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
+- Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
 If both client-side and server-side SMB signing is enabled and the client establishes an SMB 1.0 connection to the server, SMB signing will be attempted.
+
 SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections.
 For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.
 
@@ -1650,28 +1863,34 @@ GP Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1702,9 +1921,8 @@ Disabled: No additional restrictions. Rely on default permissions.
 Default on workstations: Enabled.
 Default on server:Enabled.
 
-Important
-
-This policy has no impact on domain controllers.
+>[!Important]
+>This policy has no impact on domain controllers.
 
 <!--/Description-->
 <!--RegistryMapped-->
@@ -1723,28 +1941,34 @@ GP Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1786,28 +2010,34 @@ GP Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1849,28 +2079,34 @@ GP Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1912,28 +2148,34 @@ GP Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1979,28 +2221,34 @@ Valid values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2047,28 +2295,34 @@ Valid values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2115,28 +2369,34 @@ GP Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2169,9 +2429,8 @@ Send NTLMv2 response only\refuse LM: Clients use NTLMv2 authentication only and
 
 Send NTLMv2 response only\refuse LM and NTLM: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers refuse LM and NTLM (accept only NTLMv2 authentication).
 
-Important
-
-This setting can affect the ability of computers running Windows 2000 Server, Windows 2000 Professional, Windows XP Professional, and the Windows Server 2003 family to communicate with computers running Windows NT 4.0 and earlier over the network. For example, at the time of this writing, computers running Windows NT 4.0 SP4 and earlier did not support NTLMv2. Computers running Windows 95 and Windows 98 did not support NTLM.
+>[!Important]
+>This setting can affect the ability of computers running Windows 2000 Server, Windows 2000 Professional, Windows XP Professional, and the Windows Server 2003 family to communicate with computers running Windows NT 4.0 and earlier over the network. For example, at the time of this writing, computers running Windows NT 4.0 SP4 and earlier did not support NTLMv2. Computers running Windows 95 and Windows 98 did not support NTLM.
 
 Default:
 
@@ -2198,28 +2457,34 @@ GP Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2266,28 +2531,34 @@ GP Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2334,28 +2605,34 @@ GP Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2408,28 +2685,34 @@ GP Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2487,28 +2770,34 @@ GP Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2566,28 +2855,34 @@ GP Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2645,28 +2940,34 @@ GP Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2719,28 +3020,34 @@ Valid values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2784,28 +3091,34 @@ GP Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2858,27 +3171,34 @@ Valid values:
 <table>
 <tr>
     <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2934,28 +3254,34 @@ GP Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -3002,28 +3328,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -3067,28 +3399,34 @@ GP Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -3132,28 +3470,34 @@ GP Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -3204,28 +3548,34 @@ GP Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -3272,28 +3622,34 @@ GP Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -3337,28 +3693,34 @@ GP Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -3402,28 +3764,34 @@ GP Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 

From 935b551112e86ddc13cc1126c83153d8801c5852 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 16 Sep 2021 08:29:56 -0700
Subject: [PATCH 374/671] Update change-the-tpm-owner-password.md

---
 .../tpm/change-the-tpm-owner-password.md                       | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/windows/security/information-protection/tpm/change-the-tpm-owner-password.md b/windows/security/information-protection/tpm/change-the-tpm-owner-password.md
index 6edba10d03..44bdc2c7a6 100644
--- a/windows/security/information-protection/tpm/change-the-tpm-owner-password.md
+++ b/windows/security/information-protection/tpm/change-the-tpm-owner-password.md
@@ -20,7 +20,6 @@ ms.date: 09/03/2021
 
 **Applies to**
 -   Windows 10
--   TPM 1.2
 -   Windows 11
 -   Windows Server 2016 and above
 
@@ -57,4 +56,4 @@ You can manage the TPM using Windows PowerShell. For details, see [TPM Cmdlets i
 
 ## Related topics
 
-- [Trusted Platform Module](trusted-platform-module-top-node.md) (list of topics)
\ No newline at end of file
+- [Trusted Platform Module](trusted-platform-module-top-node.md) (list of topics)

From a12b662e2b3390a2abfeddd4a69bd1842b775d9f Mon Sep 17 00:00:00 2001
From: Diana Hanson <v-dihans@microsoft.com>
Date: Thu, 16 Sep 2021 09:39:33 -0600
Subject: [PATCH 375/671] Update hello-hybrid-aadj-sso-base.md

Attempt fix line 217 indent
---
 .../hello-for-business/hello-hybrid-aadj-sso-base.md          | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
index 86d9a96b10..a679646de2 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
@@ -213,8 +213,8 @@ The web server is ready to host the CRL distribution point.  Now, configure the
 4. On the **Extensions** tab, click **Add**.  Type the computer and share name you create for your CRL distribution point in [Configure the CDP file share](#configure-the-cdp-file-share).  For example, **\\\app\cdp$\\** (do not forget the trailing backwards slash).
 5. Select **\<CaName>** from the **Variable** list and click **Insert**.  Select **\<CRLNameSuffix>** from the **Variable** list and click **Insert**.  Select **\<DeltaCRLAllowed>** from the **Variable** list and click **Insert**.
 6. Type **.crl** at the end of the text in **Location**. Click **OK**.
-7. Select the CDP you just created. <br>
-![CDP publishing location.](images/aadj/cdp-extension-complete-unc.png)
+7. Select the CDP you just created.
+   ![CDP publishing location.](images/aadj/cdp-extension-complete-unc.png)
 8. Select **Publish CRLs to this location**.
 9. Select **Publish Delta CRLs to this location**.
 10. Click **Apply** save your selections.  Click **Yes** when ask to restart the service.  Click **OK** to close the properties dialog box.

From d728e76a74bbcb26d283a04dec18905e6935306d Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 16 Sep 2021 08:46:10 -0700
Subject: [PATCH 376/671] Update configure-md-app-guard.md

---
 .../configure-md-app-guard.md                                   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
index 48f214f758..41284661d3 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
@@ -8,7 +8,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
-ms.date: 05/24/2021
+ms.date: 09/16/2021
 ms.reviewer: 
 manager: dansimp
 ms.custom: asr

From 6e87dcadb8a53b610f3938e5cdb14dd1ff12a316 Mon Sep 17 00:00:00 2001
From: Diana Hanson <v-dihans@microsoft.com>
Date: Thu, 16 Sep 2021 09:48:25 -0600
Subject: [PATCH 377/671] Update hello-hybrid-aadj-sso-base.md

---
 .../hello-for-business/hello-hybrid-aadj-sso-base.md             | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
index a679646de2..f81d496669 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
@@ -214,6 +214,7 @@ The web server is ready to host the CRL distribution point.  Now, configure the
 5. Select **\<CaName>** from the **Variable** list and click **Insert**.  Select **\<CRLNameSuffix>** from the **Variable** list and click **Insert**.  Select **\<DeltaCRLAllowed>** from the **Variable** list and click **Insert**.
 6. Type **.crl** at the end of the text in **Location**. Click **OK**.
 7. Select the CDP you just created.
+
    ![CDP publishing location.](images/aadj/cdp-extension-complete-unc.png)
 8. Select **Publish CRLs to this location**.
 9. Select **Publish Delta CRLs to this location**.

From 85320e5e8b80287fd7672c21f78014761f95604d Mon Sep 17 00:00:00 2001
From: Diana Hanson <v-dihans@microsoft.com>
Date: Thu, 16 Sep 2021 09:58:54 -0600
Subject: [PATCH 378/671] Update hello-hybrid-aadj-sso-base.md

attempt 2 fix indent line 217
---
 .../hello-for-business/hello-hybrid-aadj-sso-base.md           | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
index f81d496669..eeb8ee8626 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
@@ -213,8 +213,7 @@ The web server is ready to host the CRL distribution point.  Now, configure the
 4. On the **Extensions** tab, click **Add**.  Type the computer and share name you create for your CRL distribution point in [Configure the CDP file share](#configure-the-cdp-file-share).  For example, **\\\app\cdp$\\** (do not forget the trailing backwards slash).
 5. Select **\<CaName>** from the **Variable** list and click **Insert**.  Select **\<CRLNameSuffix>** from the **Variable** list and click **Insert**.  Select **\<DeltaCRLAllowed>** from the **Variable** list and click **Insert**.
 6. Type **.crl** at the end of the text in **Location**. Click **OK**.
-7. Select the CDP you just created.
-
+7. Select the CDP you just created. <br/>
    ![CDP publishing location.](images/aadj/cdp-extension-complete-unc.png)
 8. Select **Publish CRLs to this location**.
 9. Select **Publish Delta CRLs to this location**.

From 323c7813668a8b3231e3dc51f52ec4271d0fecb4 Mon Sep 17 00:00:00 2001
From: Diana Hanson <v-dihans@microsoft.com>
Date: Thu, 16 Sep 2021 10:31:25 -0600
Subject: [PATCH 379/671] Update hello-hybrid-cert-trust-devreg.md

Add language identifier line 514
---
 .../hello-for-business/hello-hybrid-cert-trust-devreg.md    | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
index 07738c4e4a..ba0f914fa0 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
@@ -511,10 +511,10 @@ The following script helps you with the creation of the issuance transform rules
 
 - If you have multiple verified domain names (as shown in the Azure AD portal or via the Get-MsolDomains cmdlet), set the value of **$multipleVerifiedDomainNames** in the script to **$true**. Also make sure that you remove any existing issuerid claim that might have been created by Azure AD Connect or via other means. Here is an example for this rule:
 
-  ~~~
+  ```Claims Rule Language
     c:[Type == "http://schemas.xmlsoap.org/claims/UPN"]
     => issue(Type = "http://schemas.microsoft.com/ws/2008/06/identity/claims/issuerid", Value = regexreplace(c.Value, ".+@(?<domain>.+)",  "http://${domain}/adfs/services/trust/")); 
-  ~~~
+  ```
 
 - If you have already issued an **ImmutableID** claim  for user accounts, set the value of **$immutableIDAlreadyIssuedforUsers** in the script to **$true**.
 
@@ -554,4 +554,4 @@ For your reference, below is a comprehensive list of the AD DS devices, containe
 3. [New Installation Baseline](hello-hybrid-cert-new-install.md)
 4. Configure Azure Device Registration (*You are here*)
 5. [Configure Windows Hello for Business settings](hello-hybrid-cert-whfb-settings.md)
-6. [Sign-in and Provision](hello-hybrid-cert-whfb-provision.md)
\ No newline at end of file
+6. [Sign-in and Provision](hello-hybrid-cert-whfb-provision.md)

From ae900fd2fe6df2d65cdec40bad5d75a6653754ec Mon Sep 17 00:00:00 2001
From: Diana Hanson <v-dihans@microsoft.com>
Date: Thu, 16 Sep 2021 11:13:34 -0600
Subject: [PATCH 380/671] Update tpm-fundamentals.md

---
 .../security/information-protection/tpm/tpm-fundamentals.md   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/information-protection/tpm/tpm-fundamentals.md b/windows/security/information-protection/tpm/tpm-fundamentals.md
index 7cd1b04f28..123b5b21c7 100644
--- a/windows/security/information-protection/tpm/tpm-fundamentals.md
+++ b/windows/security/information-protection/tpm/tpm-fundamentals.md
@@ -134,7 +134,7 @@ Increasing the PIN length requires a greater number of guesses for an attacker.
 In that case, the lockout duration between each guess can be shortened to allow legitimate users to retry a failed attempt sooner, while maintaining a similar level of protection.
 
 Beginning with Windows 10, version 1703, the minimum length for the BitLocker PIN was increased to 6 characters to better align with other Windows features that leverage TPM 2.0, including Windows Hello.
-To help organizations with the transition, with Windows 10, version 1703 with the October 2017 [cumulative update](https://support.microsoft.com/help/4018124) installed,Windows 10, version 1709 and higher, and Windows 11, the BitLocker PIN length is 6 characters by default, but it can be reduced to 4 characters.
+To help organizations with the transition, with Windows 10, version 1703 with the October 2017 [cumulative update](https://support.microsoft.com/help/4018124) installed, Windows 10, version 1709 and higher, and Windows 11, the BitLocker PIN length is 6 characters by default, but it can be reduced to 4 characters.
 If the minimum PIN length is reduced from the default of six characters, then the TPM 2.0 lockout period will be extended.
 
 ### TPM-based smart cards
@@ -152,4 +152,4 @@ The Windows TPM-based smart card, which is a virtual smart card, can be configur
 - [Trusted Platform Module](trusted-platform-module-top-node.md) (list of topics)
 - [TPM Cmdlets in Windows PowerShell](/powershell/module/trustedplatformmodule/)
 - [TPM WMI providers](/windows/win32/secprov/security-wmi-providers-reference)
-- [Prepare your organization for BitLocker: Planning and Policies - TPM configurations](../bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md#tpm-hardware-configurations)
\ No newline at end of file
+- [Prepare your organization for BitLocker: Planning and Policies - TPM configurations](../bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md#tpm-hardware-configurations)

From ce1ed5e3d4dc18dc89be7e4d45415b83a3f07a3e Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 16 Sep 2021 10:22:58 -0700
Subject: [PATCH 381/671] Update toc.yml

removing "-backed" from TOC
---
 windows/client-management/mdm/toc.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index 04c1850c2f..af181cb7c5 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -23,9 +23,9 @@ items:
           href: certificate-authentication-device-enrollment.md
         - name: On-premises authentication device enrollment
           href: on-premise-authentication-device-enrollment.md
-    - name: Understanding ADMX-backed policies
+    - name: Understanding ADMX policies
       href: understanding-admx-backed-policies.md
-    - name: Enable ADMX-backed policies in MDM
+    - name: Enable ADMX policies in MDM
       href: enable-admx-backed-policies-in-mdm.md
     - name: Win32 and Desktop Bridge app policy configuration
       href: win32-and-centennial-app-policy-configuration.md
@@ -381,7 +381,7 @@ items:
               href: policy-ddf-file.md
             - name: Policies in Policy CSP supported by Group Policy
               href: policies-in-policy-csp-supported-by-group-policy.md
-            - name: ADMX-backed policies in Policy CSP
+            - name: ADMX policies in Policy CSP
               href: policies-in-policy-csp-admx-backed.md
             - name: Policies in Policy CSP supported by HoloLens 2
               href: policies-in-policy-csp-supported-by-hololens2.md

From 35f5bd941b0880765c0382fa2501298412466379 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 16 Sep 2021 10:35:17 -0700
Subject: [PATCH 382/671] Update enable-admx-backed-policies-in-mdm.md

---
 .../mdm/enable-admx-backed-policies-in-mdm.md        | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
index ef636898be..bf6cf8cc1e 100644
--- a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
+++ b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
@@ -15,7 +15,7 @@ manager: dansimp
 # Enable ADMX policies in MDM
 
 
-This is a step-by-step guide to configuring ADMX policies in MDM.
+Here's how to configure Group Policy administrative templates (ADMX policies) in Mobile Device Management (MDM).
 
 Starting in Windows 10 version 1703, Mobile Device Management (MDM) policy configuration support was expanded to allow access of [selected set of Group Policy administrative templates (ADMX policies)](./policies-in-policy-csp-admx-backed.md) for Windows PCs via the [Policy configuration service provider (CSP)](policy-configuration-service-provider.md). Configuring ADMX policies in Policy CSP is different from the typical way you configure a traditional MDM policy. 
 
@@ -63,7 +63,7 @@ See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https:/
 
 3.  Create the SyncML to enable the policy that does not require any parameter.  
 
-    In this example you configure **Enable App-V Client** to **Enabled**.
+    In this example, you configure **Enable App-V Client** to **Enabled**.
 
     > [!NOTE]
     > The \<Data> payload must be XML encoded. To avoid encoding, you can use CData if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). If you are using Intune, select String as the data type.
@@ -109,12 +109,12 @@ See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https:/
 
       ![Publishing server 2 policy description.](images/admx-appv-policy-description.png)
 
-   3. Navigate to **C:\Windows\PolicyDefinitions** (default location of the admx files) and open appv.admx.
+   3. Navigate to **C:\Windows\PolicyDefinitions** (default location of the ADMX files) and open appv.admx.
 
    4. Search for GP name **Publishing_Server2_policy**.
 
 
-   5. Under **policy name="Publishing_Server2_Policy"** you can see the \<elements> listed. The text id and enum id represents the data id you need to include in the SyncML data payload. They correspond to the fields you see in GP Editor.
+   5. Under **policy name="Publishing_Server2_Policy"** you can see the \<elements> listed. The *text id* and *enum id* represents the *data id* you need to include in the SyncML data payload. They correspond to the fields you see in the Group Policy Editor.
     
       Here is the snippet from appv.admx:
 
@@ -206,9 +206,9 @@ See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https:/
       </policy>
       ```
 
-   6. From the \<elements>  tag, copy all the text id and enum id and create an XML with data id and value fields. The value field contains the configuration settings you would enter in the GP Editor.
+   6. From the **\<elements>**  tag, copy all of the *text id* and *enum id* and create an XML with *data id* and *value* fields. The *value* field contains the configuration settings that you would enter in the Group Policy Editor.
 
-      Here is the example XML for Publishing_Server2_Policy :
+      Here is the example XML for Publishing_Server2_Policy:
         
       ```xml
       <data id="Publishing_Server2_Name_Prompt" value="Name"/>

From 0a36cb78d845a5a3f7d5fd1c159fbcff2ff58f42 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 11:26:21 -0700
Subject: [PATCH 383/671] TOCs

---
 windows/security/TOC.yml                   |  2 +-
 windows/security/threat-protection/TOC.yml | 20 ++++++++++++++++++++
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 3c93924299..d3a7f0f24d 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -374,4 +374,4 @@
     - name: Microsoft Bug Bounty Program
       href: threat-protection/microsoft-bug-bounty-program.md
 - name: Windows Privacy
-  href: /windows/privacy/windows-10-and-privacy-compliance.md
+  href: windows/privacy/windows-10-and-privacy-compliance.md
diff --git a/windows/security/threat-protection/TOC.yml b/windows/security/threat-protection/TOC.yml
index 4a98f2c7e0..5342060e01 100644
--- a/windows/security/threat-protection/TOC.yml
+++ b/windows/security/threat-protection/TOC.yml
@@ -16,3 +16,23 @@
      href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/exploit-protection
    - name: Microsoft Defender for Endpoint
      href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint
+
+- name: Hardware security
+  href: ../hardware.md
+
+- name: Operating system security
+  href: ../operating-system.md
+
+- name: Application security
+  href: ../apps.md
+
+- name: Cloud services
+  href: ../cloud.md
+
+- name: User protection
+  href: ../identity.md
+
+- name: Security foundations
+
+- name: Windows Privacy
+  href: windows/privacy/windows-10-and-privacy-compliance.md
\ No newline at end of file

From 411d1016234f3e029b03a80611da36882674d028 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 16 Sep 2021 12:32:02 -0700
Subject: [PATCH 384/671] hardware

---
 windows/security/TOC.yml                               |  4 ++--
 windows/security/hardware.md                           | 10 +++++++---
 .../security/identity-protection/configure-s-mime.md   |  7 ++++---
 3 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 3c93924299..24c534a52c 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -29,8 +29,8 @@
       href: threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md
     - name: System Guard Secure Launch and SMM protection
       href: threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md
-    - name: Protect derived domain credentials with Windows Defender Credential Guard
-      href: identity-protection/credential-guard/credential-guard.md
+    - name: Enable virtualization-based protection of code integrity
+      href: threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md    
     - name: Kernel DMA Protection
       href: information-protection/kernel-dma-protection-for-thunderbolt.md
 - name: Operating system security
diff --git a/windows/security/hardware.md b/windows/security/hardware.md
index 1a0e0d64e2..cd3279e414 100644
--- a/windows/security/hardware.md
+++ b/windows/security/hardware.md
@@ -1,6 +1,6 @@
 ---
 title: Windows hardware security
-description: Get an overview of hardware security in Windows 11
+description: Get an overview of hardware security in Windows
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -17,10 +17,14 @@ ms.technology: windows-sec
 
 Modern threats require modern security with a strong alignment between hardware security and software security techniques to keep users, data and devices protected. The operating system alone cannot protect from the wide range of tools and techniques cybercriminals use to compromise a computer deep inside its silicon. Once inside, intruders can be difficult to detect while engaging in multiple nefarious activities from stealing important data to capturing email addresses and other sensitive pieces of information.
 These new threats call for computing hardware that is secure down to the very core, including hardware chips and processors. Microsoft and our partners, including chip and device manufacturers, have worked together to integrate powerful security capabilities across software, firmware, and hardware. 
+
 With Windows 11, we have raised the hardware security baseline to design the most secure version of Windows ever. We have carefully chosen the hardware requirements and default security features based on threat intelligence and input from leading experts around the globe, including our own Microsoft Cybersecurity team.  
-Though a powerful combination of hardware root-of-trust and silicon-assisted security, Windows 11 delivers built-in hardware protection out-of-the box.  
+  
 
 
 | Security Measures | Features & Capabilities |
 |:---|:---|
-| Windows Defender Application Control | Application control is one of the most effective security controls to prevent unwanted or malicious code from running. It moves away from an application trust model where all code is assumed trustworthy to one where apps must earn trust to run. Learn more: [Application Control for Windows](/threat-protection/windows-defender-application-control/windows-defender-application-control.md) |
\ No newline at end of file
+| Trusted Platform Module (TPM) | A Trusted Platform Module (TPM) is designed to provide hardware-based security-related functions and help prevent unwanted tampering. TPMs provide security and privacy benefits for system hardware, platform owners, and users. <br> A TPM chip is a secure crypto-processor that helps with actions such as generating, storing, and limiting the use of cryptographic keys. Many TPMs include multiple physical security mechanisms to make it tamper resistant and prevent malicious software from tampering with the security functions of the TPM. <br> Learn more about the [Trusted Platform Module](information-protection/tpm/trusted-platform-module-top-node.md). |
+| Hardware-based root of trust with Windows Defender System Guard | To protect critical resources such as Windows authentication, single sign-on tokens, Windows Hello, and the Virtual Trusted Platform Module, a system's firmware and hardware must be trustworthy.  <br> Windows Defender System Guard helps protect and maintain the integrity of the system as it starts up and validate that system integrity has truly been maintained through local and remote attestation. <br> Learn more about [How a hardware-based root of trust helps protect Windows](threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md) and [System Guard Secure Launch and SMM protection](threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md). |
+| Enable virtualization-based protection of code integrity | Hypervisor-protected Code Integrity (HVCI) is a  virtualization based security (VBS) feature available in Windows. In the Windows Device Security settings, HVCI is referred to as Memory Integrity. <br> HVCI and VBS improve the threat model of Windows and provide stronger protections against malware trying to exploit the Windows Kernel. VBS leverages the Windows Hypervisor to create an isolated virtual environment that becomes the root of trust of the OS that assumes the kernel can be compromised. HVCI is a critical component that protects and hardens this virtual environment by running kernel mode code integrity within it and restricting kernel memory allocations that could be used to compromise the system. <br> Learn more: [Enable virtualization-based protection of code integrity](threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md).
+| Kernel Direct Memory Access (DMA) Protection | PCIe hot plug devices such as Thunderbolt, USB4, and CFexpress allow users to attach new classes of external peripherals, including graphics cards or other PCI devices, to their PCs with an experience identical to USB. Because PCI hot plug ports are external and easily-accessible, PCs are susceptible to drive-by Direct Memory Access (DMA) attacks.  Memory access protection (also known as Kernel DMA Protection)  protects PCs against drive-by DMA attacks that use PCIe hot plug devices by limiting these external peripherals from being able to directly copy memory when the user has locked their PC. <br> Learn more about [Kernel DMA Protection](information-protection/kernel-dma-protection-for-thunderbolt.md). |
diff --git a/windows/security/identity-protection/configure-s-mime.md b/windows/security/identity-protection/configure-s-mime.md
index 9423de2923..0d04b78646 100644
--- a/windows/security/identity-protection/configure-s-mime.md
+++ b/windows/security/identity-protection/configure-s-mime.md
@@ -1,5 +1,5 @@
 ---
-title: Configure S/MIME for Windows 10
+title: Configure S/MIME for Windows
 description: S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients with a digital ID, also known as a certificate, can read them.
 ms.assetid: 7F9C2A99-42EB-4BCC-BB53-41C04FBBBF05
 ms.reviewer: 
@@ -19,10 +19,11 @@ ms.date: 07/27/2017
 ---
 
 
-# Configure S/MIME for Windows 10
+# Configure S/MIME for Windows
 
 **Applies to**
--   Windows 10
+- Windows 10
+- Windows 11
 
 S/MIME stands for Secure/Multipurpose Internet Mail Extensions, and provides an added layer of security for email sent to and from an Exchange ActiveSync (EAS) account. In Windows 10, S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients who have a digital identification (ID), also known as a certificate, can read them. Users can digitally sign a message, which provides the recipients with a way to verify the identity of the sender and that the message hasn't been tampered with.
 

From 2d10cc83a774c4100071b7790014b200487b4a44 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 13:02:17 -0700
Subject: [PATCH 385/671] Update operating-system.md

---
 windows/security/operating-system.md | 27 +++++++++++++++++++++------
 1 file changed, 21 insertions(+), 6 deletions(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 561540525e..56f2e3ec2e 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -20,13 +20,28 @@ ms.technology: windows-sec
 
 Security and privacy depend on an operating system that guards your system and information from the moment it starts up, providing fundamental chip-to-cloud protection. Windows 11 is the most secure Windows yet with extensive security measures designed to help keep you safe. These measures include built-in advanced encryption and data protection, robust network and system security, and intelligent safeguards against ever-evolving threats. 
 
-Use the links in the following table to learn more about the operating system security features and capabilities in Windows 11:<br/><br/>
+Use the links in the following table to learn more about the operating system security features and capabilities in Windows 11: |  |
 
-| Security Measures | Features & Capabilities |
+| Security Measures | Features & Capabilities | Description |
 |:---|:---|
-| System security | [Trusted Boot](trusted-boot.md) (includes Secure Boot and Measured Boot) <br/><br/>[Cryptography and certificate management](cryptography-certificate-mgmt.md) <br/><br/>[Windows Security app](threat-protection/windows-defender-security-center/windows-defender-security-center.md) |
-| Encryption and data protection | [Encryption and data protection in Windows 11](encryption-data-protection.md)<br/><br/>[Encryption](encryption-data-protection.md)<br/><br/>[BitLocker](information-protection/bitlocker/bitlocker-overview.md) |
-| Network security | [Virtual Private Networks](identity-protection/vpn/vpn-guide.md) (VPNs)<br/><br/>[Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md)<br/><br/>Bluetooth (NEEDED)<br/><br/>Domain Name System (DNS) security (NEEDED)<br/><br/>Windows Wi-Fi (NEEDED)<br/><br/>Transport Layer Security (TLS) (NEEDED) |
-| Protection from viruses and threats | [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)<br/><br/>[Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction)<br/><br/>[Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)<br/><br/>[Network protection](/microsoft-365/security/defender-endpoint/network-protection)<br/><br/>[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)<br/><br/>[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)<br/><br/>Integration with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint) for additional threat protection |
+| System security | [Trusted Boot](trusted-boot.md) (includes Secure Boot and Measured Boot) |    | 
+|   | [Cryptography and certificate management](cryptography-certificate-mgmt.md) |   |
+|   | [Windows Security app](threat-protection/windows-defender-security-center/windows-defender-security-center.md) |  |
+| Encryption and data protection | [Encryption and data protection in Windows 11](encryption-data-protection.md) |  |
+|   | [Encryption](encryption-data-protection.md) |  |
+|   | [BitLocker](information-protection/bitlocker/bitlocker-overview.md) | |
+| Network security | [Virtual Private Networks](identity-protection/vpn/vpn-guide.md) (VPNs) |  | 
+|  | [Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md) |  |
+|  | Bluetooth (NEEDED) |  |
+|  | Domain Name System (DNS) security (NEEDED) |  |
+|  | Windows Wi-Fi (NEEDED) |  |
+|  | Transport Layer Security (TLS) (NEEDED) |  |
+| Protection from viruses and threats | [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows) |  |
+|  | [Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction) |  |
+|  | [Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection) |  |
+|  | [Network protection](/microsoft-365/security/defender-endpoint/network-protection) |  |
+|  | [Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders) |  |
+|  | [Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection) |  |
+|  | Integration with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint) for additional threat protection |
 
 

From a5c83f988ef16c18f1eea3a610d2bad7c21f214c Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 13:05:12 -0700
Subject: [PATCH 386/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 56f2e3ec2e..7fdd6c2b63 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -24,7 +24,7 @@ Use the links in the following table to learn more about the operating system se
 
 | Security Measures | Features & Capabilities | Description |
 |:---|:---|
-| System security | [Trusted Boot](trusted-boot.md) (includes Secure Boot and Measured Boot) |    | 
+| System security | Secure Boot and Trusted Boot  | Secure Boot and Trusted Boot help prevent malware and corrupted components from loading when a Windows 11 device is starting. Secure Boot starts with initial boot-up protection, and then Trusted Boot picks up the process. Together, Secure Boot and Trusted Boot help to ensure your Windows 11 system boots up safely and securely. <br/><br/>To learn more, see [Secure Boot and Trusted Boot](trusted-boot.md).    | 
 |   | [Cryptography and certificate management](cryptography-certificate-mgmt.md) |   |
 |   | [Windows Security app](threat-protection/windows-defender-security-center/windows-defender-security-center.md) |  |
 | Encryption and data protection | [Encryption and data protection in Windows 11](encryption-data-protection.md) |  |

From 04161d9b11718d5b6ffdfeaef4a1fda6508e0d01 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 13:07:59 -0700
Subject: [PATCH 387/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 7fdd6c2b63..53dda92727 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -25,7 +25,7 @@ Use the links in the following table to learn more about the operating system se
 | Security Measures | Features & Capabilities | Description |
 |:---|:---|
 | System security | Secure Boot and Trusted Boot  | Secure Boot and Trusted Boot help prevent malware and corrupted components from loading when a Windows 11 device is starting. Secure Boot starts with initial boot-up protection, and then Trusted Boot picks up the process. Together, Secure Boot and Trusted Boot help to ensure your Windows 11 system boots up safely and securely. <br/><br/>To learn more, see [Secure Boot and Trusted Boot](trusted-boot.md).    | 
-|   | [Cryptography and certificate management](cryptography-certificate-mgmt.md) |   |
+|   | Cryptography and certificate management | Cryptography uses code to convert data so that only a specific recipient can read it by using a key. Cryptography enforces privacy to prevent anyone except the intended recipient from reading data, integrity to ensure data is free of tampering, and authentication that verifies identity to ensure that communication is secure. The cryptography stack in Windows extends from the chip to the cloud enabling Windows, applications, and services protect system and user secrets. <br/><br/>Certificates are crucial to public key infrastructure (PKI) as they provide the means for safeguarding and authenticating information. Windows offers several APIs to operate and manage certificates.<br/><br/>To learn more, see [Cryptography and Certificate Management](cryptography-certificate-mgmt.md).   |
 |   | [Windows Security app](threat-protection/windows-defender-security-center/windows-defender-security-center.md) |  |
 | Encryption and data protection | [Encryption and data protection in Windows 11](encryption-data-protection.md) |  |
 |   | [Encryption](encryption-data-protection.md) |  |

From ec519eb0a2d0d7b069cd8504751ca9070d2803c2 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 13:08:27 -0700
Subject: [PATCH 388/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 53dda92727..9df0d0b533 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -20,7 +20,7 @@ ms.technology: windows-sec
 
 Security and privacy depend on an operating system that guards your system and information from the moment it starts up, providing fundamental chip-to-cloud protection. Windows 11 is the most secure Windows yet with extensive security measures designed to help keep you safe. These measures include built-in advanced encryption and data protection, robust network and system security, and intelligent safeguards against ever-evolving threats. 
 
-Use the links in the following table to learn more about the operating system security features and capabilities in Windows 11: |  |
+Use the links in the following table to learn more about the operating system security features and capabilities in Windows 11: <br/><br/>
 
 | Security Measures | Features & Capabilities | Description |
 |:---|:---|

From bf1f2ab0cffa9bc897cbeaf9b5461c30fc20d70e Mon Sep 17 00:00:00 2001
From: Carmen Forsmann <cmforsmann@live.com>
Date: Thu, 16 Sep 2021 14:08:57 -0600
Subject: [PATCH 389/671] Adding clarity to content, removed use of 'DO',
 removed HTML tags

---
 windows/deployment/TOC.yml                    |  2 --
 .../update/delivery-optimization-workflow.md  | 27 ++++++++++---------
 2 files changed, 14 insertions(+), 15 deletions(-)

diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml
index 67733d50fd..8daccb955a 100644
--- a/windows/deployment/TOC.yml
+++ b/windows/deployment/TOC.yml
@@ -52,8 +52,6 @@
           items:
             - name: Using a proxy with Delivery Optimization
               href: update/delivery-optimization-proxy.md
-            - name: Delivery Optimization Client-Service Communication Explained
-              href: update/delivery-optimization-workflow.md
         - name: Best practices for feature updates on mission-critical devices
           href: update/feature-update-mission-critical.md
         - name: Windows 10 deployment considerations
diff --git a/windows/deployment/update/delivery-optimization-workflow.md b/windows/deployment/update/delivery-optimization-workflow.md
index d560a58ca2..03df1c3743 100644
--- a/windows/deployment/update/delivery-optimization-workflow.md
+++ b/windows/deployment/update/delivery-optimization-workflow.md
@@ -19,21 +19,22 @@ ms.topic: article
 
 ## Download Request Workflow
 
-The DO workflow described below allows Delivery Optimization to securely and efficiently deliver requested content to the calling device.
+The Delivery Optimization workflow described below allows Delivery Optimization to securely and efficiently deliver requested content to the calling device. Delivery Optimization leverages content metadata to determine all available locations to pull content from, as well as content verification.
 
-* When a download starts, the DO client will attempt to get its content metadata, from the DO service, which is a hash file containing the SHA-256 hash of each piece in the file, typically piece = 1 MB. Separate metadata that is obtained, through an SSL channel, provides DO a way to verify the authenticity of the hash file itself once it is downloaded.
-* When DO pulls a certain piece of the hash from another peer, it is verified against the known hash in the hash file.
-* If a peer provides an invalid piece, that piece is discarded. A peer that sends multiple bad pieces is banned and will no longer be used as a source by the client performing the download.
-* If DO is unable to obtain the hash file, or the verification of the hash file itself fails, the download will fall back to “Simple Mode” (pulling content only from an HTTP source) and peer to peer will not be allowed.
-* Once DO is done downloading and puts together the file from all the pieces it got, the caller using DO (ConfigMgr for example) performs yet another check for the entire file as well as verify the signature of it prior to proceeding with installation.
+* When a download starts, the Delivery Optimization client will attempt to get its content metadata, from the Delivery Optimization service, via an SSL channel. This content metadata is a hash file containing the SHA-256 block level hashes of each piece in the file (typically one piece = 1 MB). The authenticity of the content metadata file itself is verified prior to any content being downloaded.
+* Once the content metadata file is verified, Delivery Optimization proceeds with accessing the requested pieces of the content file.
+* When Delivery Optimization pulls a certain piece of the hash from another peer, it is verified against the known hash in the content metadata file.
+* If a peer provides an invalid piece, that piece is discarded. When a peer sends multiple bad pieces it is banned and will no longer be used as a source by the Delivery Optimization client performing the download.
+* If Delivery Optimization is unable to obtain the content metadata file, or if the verification of the hash file itself fails, the download will fallback to “Simple Mode” (pulling content only from an HTTP source) and peer to peer will not be allowed.
+* Once Delivery Optimization downloading is complete, all retrieved pieces of the content are used to put the file together. At that point, the Delivery Optimization caller (e.g. ConfigMgr) performs another check of the entire file to verify the signature, prior to proceeding with installation.
 
 ## Delivery Optimization Service Endpoint And Data Information
 
 |Endpoint hostname|Name|Description|Data sent from the computer to the Endpoint (Field/Description)
-|----|-----|---------------|-----------------------|
-|<ul><li>geover-prod.do.dsp.mp.microsoft.com</li><li>geo-prod.do.dsp.mp.microsoft.com</li><li>geo.prod.do.dsp.mp.microsoft.com</li><li>geover.prod.do.dsp.mp.microsoft.com</li></ul> | Geo | Service used to identify the geo location of the device in order to direct it to the nearest data center. | <ul><li>**Profile**: The device type (ex: PC vs Xbox)</li><li>**doClientVersion**: The version of the DoSvc Client</li><li>**groupID**: Group the device belongs to (set via DownloadMode = '2' (Group download mode) + groupID group policy / MDM policies)</li></ul> |
-| <ul><li>kv*-prod.do.dsp.mp.microsoft.com</li><li>kv*.prod.do.dsp.mp.microsoft.com</li>|KeyValue|Bootstrap service, provides endpoints for all other services as well as device configs| <ul><li>**countryCode**: The country the client is connected from</li><li>**doClientVersion**: The version of the DoSvc Client</li><li>**Profile**: The device type (ex: PC vs Xbox)</li><li>**eId**: Client grouping Id</li><li>**CacheHost**: Cache host id<</li></ul> |
-| <ul><li>cp*-prod.do.dsp.mp.microsoft.com</li><li>cp*.prod.do.dsp.mp.microsoft.com</li></ul> | Content Policy | Provides content specific policies as well as content metadata URLs | <ul><li>**Profile**: The device type (ex: PC vs Xbox)</li><li>**ContentId**: The content identifier</li><li>**doClientVersion**: The version of the dosvc client</li><li>**countryCode**: The country the client is connected from</li><li>**altCatalogId**: If ContentId isn't available, use the download URL instead</li><li>**eId**: Client grouping Id</li><li>**CacheHost**: Cache host id </li></ul> |
-| <ul><li>disc*-prod.do.dsp.mp.microsoft.com</li><li>disc*.prod.do.dsp.mp.microsoft.com</li></ul> | Discovery | Provides the client with the geo-located Array to connect to. (There are two endpoints providing this functionality: /content and /v2/content) | <ul><li>**Profile**: The device type (ex: PC vs Xbox)</li><li>**ContentId**: The content identifier</li><li>**doClientVersion**: The version of the dosvc client</li><li>**partitionId**: Client partitioning hint</li><li>**altCatalogId**: If ContentId isn't available, use the download URL instead</li><li>**eId**: Client grouping Id</li></ul> |
-| <ul><li>cn*-prod.do.dsp.mp.microsoft.com</li><li>cn*.prod.do.dsp.mp.microsoft.com</li></ul> | Arrays | Provides the client with list of peers that have the same content and belong to the same peer group. | <ul><li>**Profile**: The device type (ex: PC vs Xbox)</li><li>**ContentId**: The content identifier</li><li>**doClientVersion**: The version of the dosvc client</li><li>**altCatalogId**: If ContentId isn't available, use the download URL instead</li><li>**PeerId**:  Identified of the device running DO client</li><li>**ReportedIp**: The internal / private IP Address</li><li>**IsBackground**: Is the download interactive or background</li><li>**Uploaded**: Total bytes uploaded to peers</li><li>**Downloaded**: Total bytes downloaded from peers</li><li>**DownloadedCdn**: Total bytes downloaded from CDN</li><li>**Left**: Bytes left to download</li><li>**Peers Wanted**: Total number of peers wanted</li><li>**Group Id**: Group the device belongs to (set via DownloadMode 2 + Group ID GP / MDM policies)</li><li>**Scope**: The Download mode</li><li>**UploadedBPS**: The upload speed in Bytes per Second</li><li>**DownloadBPS**: The download speed in Bytes per second</li><li>**eId**: Client grouping Id</li></ul> |
-| <ul><li>dl.delivery.mp.microsoft.com</li><li>emdl.ws.microsoft.com</li></ul> |  | Metadata download can come from different hostnames, however it is required for P2P |  
+|--------------------------------------------|--------------|---------------|-----------------------|
+| geover-prod.do.dsp.mp.microsoft.com <br> geo-prod.do.dsp.mp.microsoft.com <br> geo.prod.do.dsp.mp.microsoft.com <br> geover.prod.do.dsp.mp.microsoft.com | Geo | Service used to identify the geo location of the device in order to direct it to the nearest data center. | **Profile**: The device type (ex: PC vs Xbox) <br> **doClientVersion**: The version of the DoSvc Client <br> **groupID**: Group the device belongs to (set via DownloadMode = '2' (Group download mode) + groupID group policy / MDM policies) |
+| kv*-prod.do.dsp.mp.microsoft.com <br> kv*.prod.do.dsp.mp.microsoft.com | KeyValue | Bootstrap service, provides endpoints for all other services as well as device configs | **countryCode**: The country the client is connected from <br> **doClientVersion**: The version of the DoSvc Client <br> **Profile**: The device type (ex: PC vs Xbox) <br> **eId**: Client grouping Id <br> **CacheHost**: Cache host id |
+| cp*-prod.do.dsp.mp.microsoft.com <br> cp*.prod.do.dsp.mp.microsoft.com <br> | Content Policy | Provides content specific policies as well as content metadata URLs | **Profile**: The device type (ex: PC vs Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the dosvc client <br> **countryCode**: The country the client is connected from <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **eId**: Client grouping Id <br> **CacheHost**: Cache host id |
+| disc*-prod.do.dsp.mp.microsoft.com <br> disc*.prod.do.dsp.mp.microsoft.com | Discovery | Provides the client with the geo-located Array to connect to. (There are two endpoints providing this functionality: /content and /v2/content) | **Profile**: The device type (ex: PC vs Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the dosvc client <br> **partitionId**: Client partitioning hint <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **eId**: Client grouping Id |
+| cn*-prod.do.dsp.mp.microsoft.com <br> cn*.prod.do.dsp.mp.microsoft.com | Arrays | Provides the client with list of peers that have the same content and belong to the same peer group. | **Profile**: The device type (ex: PC vs Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the dosvc client <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **PeerId**:  Identified of the device running DO client <br> **ReportedIp**: The internal / private IP Address <br> **IsBackground**: Is the download interactive or background <br> **Uploaded**: Total bytes uploaded to peers <br> **Downloaded**: Total bytes downloaded from peers <br> **DownloadedCdn**: Total bytes downloaded from CDN <br> **Left**: Bytes left to download <br> **Peers Wanted**: Total number of peers wanted <br> **Group Id**: Group the device belongs to (set via DownloadMode 2 + Group ID GP / MDM policies) <br> **Scope**: The Download mode <br> **UploadedBPS**: The upload speed in Bytes per Second <br> **DownloadBPS**: The download speed in Bytes per second <br> **eId**: Client grouping Id |
+| dl.delivery.mp.microsoft.com <br> emdl.ws.microsoft.com |  | Metadata download can come from different hostnames, however it is required for P2P |  

From 073e467d2ce27571bb91209e54fd26cdd353ab2c Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 16 Sep 2021 13:16:02 -0700
Subject: [PATCH 390/671] Update windows-defender-security-center.md

---
 .../windows-defender-security-center.md            | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md
index fe03727f33..cb27db7bfd 100644
--- a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md
+++ b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md
@@ -29,7 +29,7 @@ This library describes the Windows Security app, and provides information on con
 
 In Windows 10, version 1709 and later, the app also shows information from third-party antivirus and firewall apps.
 
-In Windows 10, version 1803, the app has two new areas, **Account protection** and **Device security**.
+In Windows 10, version 1803, the app has two new areas: **Account protection** and **Device security**.
 
 ![Screenshot of the Windows Security app showing that the device is protected and five icons for each of the features.](images/security-center-home.png)
 
@@ -75,20 +75,20 @@ You can find more information about each section, including options for configur
 ## How the Windows Security app works with Windows security features
 
 > [!IMPORTANT]
-> Microsoft Defender AV and the Windows Security app use similarly named services for specific purposes.  
+> Microsoft Defender Antivirus  and the Windows Security app use similarly named services for specific purposes.  
 >
 > The Windows Security app uses the Windows Security Service (*SecurityHealthService* or *Windows Security Health Servce*), which in turn utilizes the Security Center service ([*wscsvc*](/previous-versions/windows/it-pro/windows-xp/bb457154(v=technet.10)#EDAA)) to ensure the app provides the most up-to-date information about the protection status on the endpoint, including protection offered by third-party antivirus products, Windows Defender Firewall, third-party firewalls, and other security protection.  
 >
->These services do not affect the state of Microsoft Defender AV. Disabling or modifying these services will not disable Microsoft Defender AV, and will lead to a lowered protection state on the endpoint, even if you are using a third-party antivirus product.  
+>These services do not affect the state of Microsoft Defender Antivirus. Disabling or modifying these services will not disable Microsoft Defender Antivirus, and will lead to a lowered protection state on the endpoint, even if you are using a third-party antivirus product.  
 >
->Microsoft Defender AV will be [disabled automatically when a third-party antivirus product is installed and kept up to date]/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility).
+>Microsoft Defender Antivirus will be [disabled automatically when a third-party antivirus product is installed and kept up to date](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility).
 >
-> Disabling the Windows Security Center service will not disable Microsoft Defender AV or [Windows Defender Firewall](/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security).  
+> Disabling the Windows Security Center service will not disable Microsoft Defender Antivirus or [Windows Defender Firewall](/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security).  
 
 > [!WARNING]
 > If you disable the Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Security app may display stale or inaccurate information about any antivirus or firewall products you have installed on the device.
 >
-> It may also prevent Microsoft Defender AV from enabling itself if you have an old or outdated third-party antivirus, or if you uninstall any third-party antivirus products you may have previously installed.
+> It may also prevent Microsoft Defender Antivirus from enabling itself if you have an old or outdated third-party antivirus, or if you uninstall any third-party antivirus products you may have previously installed.
 >
 > This will significantly lower the protection of your device and could lead to malware infection.
 
@@ -101,4 +101,4 @@ Disabling any of the individual features (through Group Policy or other manageme
 > [!IMPORTANT]
 > Individually disabling any of the services will not disable the other services or the Windows Security app.
 
-For example, [using a third-party antivirus will disable Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility). However, the Windows Security app will still run, show its icon in the taskbar, and display information about the other features, such as Windows Defender SmartScreen and Windows Defender Firewall.
\ No newline at end of file
+For example, [using a third-party antivirus will disable Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility). However, the Windows Security app will still run, show its icon in the taskbar, and display information about the other features, such as Windows Defender SmartScreen and Windows Defender Firewall.

From 55f7844dce17e078f556878b01f01f5d2cd4cf36 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 13:20:48 -0700
Subject: [PATCH 392/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 9df0d0b533..28b76003fc 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -26,7 +26,7 @@ Use the links in the following table to learn more about the operating system se
 |:---|:---|
 | System security | Secure Boot and Trusted Boot  | Secure Boot and Trusted Boot help prevent malware and corrupted components from loading when a Windows 11 device is starting. Secure Boot starts with initial boot-up protection, and then Trusted Boot picks up the process. Together, Secure Boot and Trusted Boot help to ensure your Windows 11 system boots up safely and securely. <br/><br/>To learn more, see [Secure Boot and Trusted Boot](trusted-boot.md).    | 
 |   | Cryptography and certificate management | Cryptography uses code to convert data so that only a specific recipient can read it by using a key. Cryptography enforces privacy to prevent anyone except the intended recipient from reading data, integrity to ensure data is free of tampering, and authentication that verifies identity to ensure that communication is secure. The cryptography stack in Windows extends from the chip to the cloud enabling Windows, applications, and services protect system and user secrets. <br/><br/>Certificates are crucial to public key infrastructure (PKI) as they provide the means for safeguarding and authenticating information. Windows offers several APIs to operate and manage certificates.<br/><br/>To learn more, see [Cryptography and Certificate Management](cryptography-certificate-mgmt.md).   |
-|   | [Windows Security app](threat-protection/windows-defender-security-center/windows-defender-security-center.md) |  |
+|   | The Windows Security app is a client interface that is built into Windows, beginning with Windows 10, version 1703, and continuing through Windows 11. The Windows Security app enables users to view their security settings, including virus & threat protection settings, firewall & network protection, device security, and more. <br/><br/>The Windows Security app uses the Windows Security Service (SecurityHealthService or Windows Security Health Service), which in turn uses the Security Center service (wscsvc) to ensure the app provides the most up-to-date information about the protection status on the endpoint. <br/><br/> To learn more, see [Windows Security app](threat-protection/windows-defender-security-center/windows-defender-security-center.md).  |
 | Encryption and data protection | [Encryption and data protection in Windows 11](encryption-data-protection.md) |  |
 |   | [Encryption](encryption-data-protection.md) |  |
 |   | [BitLocker](information-protection/bitlocker/bitlocker-overview.md) | |

From fde3de7f2788223872335b3756eff0880d268e30 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 13:25:08 -0700
Subject: [PATCH 393/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 28b76003fc..baf6cd5cac 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -27,7 +27,7 @@ Use the links in the following table to learn more about the operating system se
 | System security | Secure Boot and Trusted Boot  | Secure Boot and Trusted Boot help prevent malware and corrupted components from loading when a Windows 11 device is starting. Secure Boot starts with initial boot-up protection, and then Trusted Boot picks up the process. Together, Secure Boot and Trusted Boot help to ensure your Windows 11 system boots up safely and securely. <br/><br/>To learn more, see [Secure Boot and Trusted Boot](trusted-boot.md).    | 
 |   | Cryptography and certificate management | Cryptography uses code to convert data so that only a specific recipient can read it by using a key. Cryptography enforces privacy to prevent anyone except the intended recipient from reading data, integrity to ensure data is free of tampering, and authentication that verifies identity to ensure that communication is secure. The cryptography stack in Windows extends from the chip to the cloud enabling Windows, applications, and services protect system and user secrets. <br/><br/>Certificates are crucial to public key infrastructure (PKI) as they provide the means for safeguarding and authenticating information. Windows offers several APIs to operate and manage certificates.<br/><br/>To learn more, see [Cryptography and Certificate Management](cryptography-certificate-mgmt.md).   |
 |   | The Windows Security app is a client interface that is built into Windows, beginning with Windows 10, version 1703, and continuing through Windows 11. The Windows Security app enables users to view their security settings, including virus & threat protection settings, firewall & network protection, device security, and more. <br/><br/>The Windows Security app uses the Windows Security Service (SecurityHealthService or Windows Security Health Service), which in turn uses the Security Center service (wscsvc) to ensure the app provides the most up-to-date information about the protection status on the endpoint. <br/><br/> To learn more, see [Windows Security app](threat-protection/windows-defender-security-center/windows-defender-security-center.md).  |
-| Encryption and data protection | [Encryption and data protection in Windows 11](encryption-data-protection.md) |  |
+| Encryption and data protection | | In Windows 11, encryption and data protection features include Encrypted Hard Drive and  BitLocker. <br/><br/>To learn more, see [Encryption and data protection in Windows 11](encryption-data-protection.md).   |
 |   | [Encryption](encryption-data-protection.md) |  |
 |   | [BitLocker](information-protection/bitlocker/bitlocker-overview.md) | |
 | Network security | [Virtual Private Networks](identity-protection/vpn/vpn-guide.md) (VPNs) |  | 

From 1cde7c3e2caaf57e4a3d2be45682102e75ba17f7 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 13:27:05 -0700
Subject: [PATCH 394/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index baf6cd5cac..992c45d18b 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -27,7 +27,7 @@ Use the links in the following table to learn more about the operating system se
 | System security | Secure Boot and Trusted Boot  | Secure Boot and Trusted Boot help prevent malware and corrupted components from loading when a Windows 11 device is starting. Secure Boot starts with initial boot-up protection, and then Trusted Boot picks up the process. Together, Secure Boot and Trusted Boot help to ensure your Windows 11 system boots up safely and securely. <br/><br/>To learn more, see [Secure Boot and Trusted Boot](trusted-boot.md).    | 
 |   | Cryptography and certificate management | Cryptography uses code to convert data so that only a specific recipient can read it by using a key. Cryptography enforces privacy to prevent anyone except the intended recipient from reading data, integrity to ensure data is free of tampering, and authentication that verifies identity to ensure that communication is secure. The cryptography stack in Windows extends from the chip to the cloud enabling Windows, applications, and services protect system and user secrets. <br/><br/>Certificates are crucial to public key infrastructure (PKI) as they provide the means for safeguarding and authenticating information. Windows offers several APIs to operate and manage certificates.<br/><br/>To learn more, see [Cryptography and Certificate Management](cryptography-certificate-mgmt.md).   |
 |   | The Windows Security app is a client interface that is built into Windows, beginning with Windows 10, version 1703, and continuing through Windows 11. The Windows Security app enables users to view their security settings, including virus & threat protection settings, firewall & network protection, device security, and more. <br/><br/>The Windows Security app uses the Windows Security Service (SecurityHealthService or Windows Security Health Service), which in turn uses the Security Center service (wscsvc) to ensure the app provides the most up-to-date information about the protection status on the endpoint. <br/><br/> To learn more, see [Windows Security app](threat-protection/windows-defender-security-center/windows-defender-security-center.md).  |
-| Encryption and data protection | | In Windows 11, encryption and data protection features include Encrypted Hard Drive and  BitLocker. <br/><br/>To learn more, see [Encryption and data protection in Windows 11](encryption-data-protection.md).   |
+| Encryption and data protection | | In Windows 11, encryption and data protection features include encrypted hard drives and BitLocker. Encrypted hard drives are a new class of hard drives that are self-encrypted at a hardware level and allow for full disk hardware encryption. BitLocker provides encryption for the operating system, fixed data, and removable data drives. <br/><br/>To learn more, see [Encryption and data protection in Windows 11](encryption-data-protection.md).   |
 |   | [Encryption](encryption-data-protection.md) |  |
 |   | [BitLocker](information-protection/bitlocker/bitlocker-overview.md) | |
 | Network security | [Virtual Private Networks](identity-protection/vpn/vpn-guide.md) (VPNs) |  | 

From 2a6a6d9b1c94d0e659afa6bc1682298f321930f5 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 13:27:37 -0700
Subject: [PATCH 395/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 992c45d18b..c9c4040e93 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -26,7 +26,7 @@ Use the links in the following table to learn more about the operating system se
 |:---|:---|
 | System security | Secure Boot and Trusted Boot  | Secure Boot and Trusted Boot help prevent malware and corrupted components from loading when a Windows 11 device is starting. Secure Boot starts with initial boot-up protection, and then Trusted Boot picks up the process. Together, Secure Boot and Trusted Boot help to ensure your Windows 11 system boots up safely and securely. <br/><br/>To learn more, see [Secure Boot and Trusted Boot](trusted-boot.md).    | 
 |   | Cryptography and certificate management | Cryptography uses code to convert data so that only a specific recipient can read it by using a key. Cryptography enforces privacy to prevent anyone except the intended recipient from reading data, integrity to ensure data is free of tampering, and authentication that verifies identity to ensure that communication is secure. The cryptography stack in Windows extends from the chip to the cloud enabling Windows, applications, and services protect system and user secrets. <br/><br/>Certificates are crucial to public key infrastructure (PKI) as they provide the means for safeguarding and authenticating information. Windows offers several APIs to operate and manage certificates.<br/><br/>To learn more, see [Cryptography and Certificate Management](cryptography-certificate-mgmt.md).   |
-|   | The Windows Security app is a client interface that is built into Windows, beginning with Windows 10, version 1703, and continuing through Windows 11. The Windows Security app enables users to view their security settings, including virus & threat protection settings, firewall & network protection, device security, and more. <br/><br/>The Windows Security app uses the Windows Security Service (SecurityHealthService or Windows Security Health Service), which in turn uses the Security Center service (wscsvc) to ensure the app provides the most up-to-date information about the protection status on the endpoint. <br/><br/> To learn more, see [Windows Security app](threat-protection/windows-defender-security-center/windows-defender-security-center.md).  |
+|   | The Windows Security app is a client interface that is built into Windows, beginning with Windows 10, version 1703, and continuing through Windows 11. The Windows Security app enables users to view their security settings, including virus & threat protection settings, firewall & network protection, device security, and more on their device. <br/><br/>The Windows Security app uses the Windows Security Service (SecurityHealthService or Windows Security Health Service), which in turn uses the Security Center service (wscsvc) to ensure the app provides the most up-to-date information about the protection status on the endpoint. <br/><br/> To learn more, see [Windows Security app](threat-protection/windows-defender-security-center/windows-defender-security-center.md).  |
 | Encryption and data protection | | In Windows 11, encryption and data protection features include encrypted hard drives and BitLocker. Encrypted hard drives are a new class of hard drives that are self-encrypted at a hardware level and allow for full disk hardware encryption. BitLocker provides encryption for the operating system, fixed data, and removable data drives. <br/><br/>To learn more, see [Encryption and data protection in Windows 11](encryption-data-protection.md).   |
 |   | [Encryption](encryption-data-protection.md) |  |
 |   | [BitLocker](information-protection/bitlocker/bitlocker-overview.md) | |

From f7721855a9da8b77503c8fc4ecc4804aa7b1be9a Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 13:35:17 -0700
Subject: [PATCH 396/671] Update operating-system.md

---
 windows/security/operating-system.md | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index c9c4040e93..07898bd0fd 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -27,9 +27,7 @@ Use the links in the following table to learn more about the operating system se
 | System security | Secure Boot and Trusted Boot  | Secure Boot and Trusted Boot help prevent malware and corrupted components from loading when a Windows 11 device is starting. Secure Boot starts with initial boot-up protection, and then Trusted Boot picks up the process. Together, Secure Boot and Trusted Boot help to ensure your Windows 11 system boots up safely and securely. <br/><br/>To learn more, see [Secure Boot and Trusted Boot](trusted-boot.md).    | 
 |   | Cryptography and certificate management | Cryptography uses code to convert data so that only a specific recipient can read it by using a key. Cryptography enforces privacy to prevent anyone except the intended recipient from reading data, integrity to ensure data is free of tampering, and authentication that verifies identity to ensure that communication is secure. The cryptography stack in Windows extends from the chip to the cloud enabling Windows, applications, and services protect system and user secrets. <br/><br/>Certificates are crucial to public key infrastructure (PKI) as they provide the means for safeguarding and authenticating information. Windows offers several APIs to operate and manage certificates.<br/><br/>To learn more, see [Cryptography and Certificate Management](cryptography-certificate-mgmt.md).   |
 |   | The Windows Security app is a client interface that is built into Windows, beginning with Windows 10, version 1703, and continuing through Windows 11. The Windows Security app enables users to view their security settings, including virus & threat protection settings, firewall & network protection, device security, and more on their device. <br/><br/>The Windows Security app uses the Windows Security Service (SecurityHealthService or Windows Security Health Service), which in turn uses the Security Center service (wscsvc) to ensure the app provides the most up-to-date information about the protection status on the endpoint. <br/><br/> To learn more, see [Windows Security app](threat-protection/windows-defender-security-center/windows-defender-security-center.md).  |
-| Encryption and data protection | | In Windows 11, encryption and data protection features include encrypted hard drives and BitLocker. Encrypted hard drives are a new class of hard drives that are self-encrypted at a hardware level and allow for full disk hardware encryption. BitLocker provides encryption for the operating system, fixed data, and removable data drives. <br/><br/>To learn more, see [Encryption and data protection in Windows 11](encryption-data-protection.md).   |
-|   | [Encryption](encryption-data-protection.md) |  |
-|   | [BitLocker](information-protection/bitlocker/bitlocker-overview.md) | |
+| Encryption and data protection | In Windows 11, encryption and data protection features include encrypted hard drives and BitLocker. Encrypted hard drives are a new class of hard drives that are self-encrypted at a hardware level and allow for full disk hardware encryption. BitLocker provides encryption for the operating system, fixed data, and removable data drives. <br/><br/>To learn more, see [Encryption and data protection in Windows 11](encryption-data-protection.md).   |
 | Network security | [Virtual Private Networks](identity-protection/vpn/vpn-guide.md) (VPNs) |  | 
 |  | [Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md) |  |
 |  | Bluetooth (NEEDED) |  |

From 9d3add4009ed5ea41a067e6d1b9db0562dc1b89f Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 16 Sep 2021 13:40:59 -0700
Subject: [PATCH 397/671] sync changes

---
 windows/security/TOC.yml                      |  4 +--
 .../security/cryptography-certificate-mgmt.md |  5 ++-
 windows/security/hardware.md                  |  6 +---
 windows/security/operating-system.md          | 33 ++++++++-----------
 windows/security/threat-protection/TOC.yml    |  2 +-
 5 files changed, 20 insertions(+), 30 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 2dbd89eb75..91e70fb5b7 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -224,7 +224,7 @@
   href: apps.md
   items:
    - name: Windows Defender Application Control and virtualization-based protection of code integrity
-     href: device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
+     href: threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
    - name: Windows Defender Application Control
      href: threat-protection\windows-defender-application-control\windows-defender-application-control.md
    - name: Microsoft Defender Application Guard
@@ -374,4 +374,4 @@
     - name: Microsoft Bug Bounty Program
       href: threat-protection/microsoft-bug-bounty-program.md
 - name: Windows Privacy
-  href: windows/privacy/windows-10-and-privacy-compliance.md
+  href: /windows/privacy/windows-10-and-privacy-compliance.md
diff --git a/windows/security/cryptography-certificate-mgmt.md b/windows/security/cryptography-certificate-mgmt.md
index f5d63c9686..dbc385fefd 100644
--- a/windows/security/cryptography-certificate-mgmt.md
+++ b/windows/security/cryptography-certificate-mgmt.md
@@ -1,6 +1,6 @@
 ---
 title: Cryptography and Certificate Management
-description: Get an overview of cryptography and certificate management in Windows 11
+description: Get an overview of cryptography and certificate management in Windows
 search.appverid: MET150  
 author: denisebmsft
 ms.author: deniseb
@@ -18,13 +18,12 @@ f1.keywords: NOCSH
 
 # Cryptography and Certificate Management
 
-*This article describes cryptography and certificate management in Windows 11.*
 
 ## Cryptography
 
 Cryptography uses code to convert data so that only a specific recipient can read it by using a key. Cryptography enforces privacy to prevent anyone except the intended recipient from reading data, integrity to ensure data is free of tampering, and authentication that verifies identity to ensure that communication is secure. The cryptography stack in Windows extends from the chip to the cloud enabling Windows, applications, and services protect system and user secrets. 
 
-All cryptography on Windows 11 is Federal Information Processing Standards (FIPS) 140 certified. FIPS 140 certification ensures that US government approved algorithms are being used (RSA for signing, ECDH with NIST curves for key agreement, AES for symmetric encryption, and SHA2 for hashing), tests module integrity to prove that no tampering has occurred and proves the randomness for entropy sources.
+Cryptography in Windows is Federal Information Processing Standards (FIPS) 140 certified. FIPS 140 certification ensures that US government approved algorithms are being used (RSA for signing, ECDH with NIST curves for key agreement, AES for symmetric encryption, and SHA2 for hashing), tests module integrity to prove that no tampering has occurred and proves the randomness for entropy sources.
 
 Windows cryptographic modules provide low-level primitives such as:
 
diff --git a/windows/security/hardware.md b/windows/security/hardware.md
index cd3279e414..95ff8377ea 100644
--- a/windows/security/hardware.md
+++ b/windows/security/hardware.md
@@ -16,11 +16,7 @@ ms.technology: windows-sec
 # Windows hardware security
 
 Modern threats require modern security with a strong alignment between hardware security and software security techniques to keep users, data and devices protected. The operating system alone cannot protect from the wide range of tools and techniques cybercriminals use to compromise a computer deep inside its silicon. Once inside, intruders can be difficult to detect while engaging in multiple nefarious activities from stealing important data to capturing email addresses and other sensitive pieces of information.
-These new threats call for computing hardware that is secure down to the very core, including hardware chips and processors. Microsoft and our partners, including chip and device manufacturers, have worked together to integrate powerful security capabilities across software, firmware, and hardware. 
-
-With Windows 11, we have raised the hardware security baseline to design the most secure version of Windows ever. We have carefully chosen the hardware requirements and default security features based on threat intelligence and input from leading experts around the globe, including our own Microsoft Cybersecurity team.  
-  
-
+These new threats call for computing hardware that is secure down to the very core, including hardware chips and processors. Microsoft and our partners, including chip and device manufacturers, have worked together to integrate powerful security capabilities across software, firmware, and hardware.
 
 | Security Measures | Features & Capabilities |
 |:---|:---|
diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 07898bd0fd..c5141ef796 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -20,26 +20,21 @@ ms.technology: windows-sec
 
 Security and privacy depend on an operating system that guards your system and information from the moment it starts up, providing fundamental chip-to-cloud protection. Windows 11 is the most secure Windows yet with extensive security measures designed to help keep you safe. These measures include built-in advanced encryption and data protection, robust network and system security, and intelligent safeguards against ever-evolving threats. 
 
-Use the links in the following table to learn more about the operating system security features and capabilities in Windows 11: <br/><br/>
+Use the links in the following table to learn more about the operating system security features and capabilities in Windows 11:<br/><br/>
 
-| Security Measures | Features & Capabilities | Description |
+| Security Measures | Features & Capabilities |
 |:---|:---|
-| System security | Secure Boot and Trusted Boot  | Secure Boot and Trusted Boot help prevent malware and corrupted components from loading when a Windows 11 device is starting. Secure Boot starts with initial boot-up protection, and then Trusted Boot picks up the process. Together, Secure Boot and Trusted Boot help to ensure your Windows 11 system boots up safely and securely. <br/><br/>To learn more, see [Secure Boot and Trusted Boot](trusted-boot.md).    | 
-|   | Cryptography and certificate management | Cryptography uses code to convert data so that only a specific recipient can read it by using a key. Cryptography enforces privacy to prevent anyone except the intended recipient from reading data, integrity to ensure data is free of tampering, and authentication that verifies identity to ensure that communication is secure. The cryptography stack in Windows extends from the chip to the cloud enabling Windows, applications, and services protect system and user secrets. <br/><br/>Certificates are crucial to public key infrastructure (PKI) as they provide the means for safeguarding and authenticating information. Windows offers several APIs to operate and manage certificates.<br/><br/>To learn more, see [Cryptography and Certificate Management](cryptography-certificate-mgmt.md).   |
-|   | The Windows Security app is a client interface that is built into Windows, beginning with Windows 10, version 1703, and continuing through Windows 11. The Windows Security app enables users to view their security settings, including virus & threat protection settings, firewall & network protection, device security, and more on their device. <br/><br/>The Windows Security app uses the Windows Security Service (SecurityHealthService or Windows Security Health Service), which in turn uses the Security Center service (wscsvc) to ensure the app provides the most up-to-date information about the protection status on the endpoint. <br/><br/> To learn more, see [Windows Security app](threat-protection/windows-defender-security-center/windows-defender-security-center.md).  |
-| Encryption and data protection | In Windows 11, encryption and data protection features include encrypted hard drives and BitLocker. Encrypted hard drives are a new class of hard drives that are self-encrypted at a hardware level and allow for full disk hardware encryption. BitLocker provides encryption for the operating system, fixed data, and removable data drives. <br/><br/>To learn more, see [Encryption and data protection in Windows 11](encryption-data-protection.md).   |
-| Network security | [Virtual Private Networks](identity-protection/vpn/vpn-guide.md) (VPNs) |  | 
-|  | [Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md) |  |
-|  | Bluetooth (NEEDED) |  |
-|  | Domain Name System (DNS) security (NEEDED) |  |
-|  | Windows Wi-Fi (NEEDED) |  |
-|  | Transport Layer Security (TLS) (NEEDED) |  |
-| Protection from viruses and threats | [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows) |  |
-|  | [Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction) |  |
-|  | [Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection) |  |
-|  | [Network protection](/microsoft-365/security/defender-endpoint/network-protection) |  |
-|  | [Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders) |  |
-|  | [Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection) |  |
-|  | Integration with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint) for additional threat protection |
+| Secure Boot and Trusted Boot | Secure Boot and Trusted Boot help prevent malware and corrupted components from loading when a Windows device is starting. Secure Boot starts with initial boot-up protection, and then Trusted Boot picks up the process. Together, Secure Boot and Trusted Boot help to ensure your Windows system boots up safely and securely.<br><br/> Learn more [Secure Boot and Trusted Boot](trusted-boot.md). <br/>||
+Cryptography and certificate management|Cryptography uses code to convert data so that only a specific recipient can read it by using a key. Cryptography enforces privacy to prevent anyone except the intended recipient from reading data, integrity to ensure data is free of tampering, and authentication that verifies identity to ensure that communication is secure. <br><br/> Learn more about [Cryptography and certificate management](cryptography-certificate-mgmt.md). <br/><br/>|
+Windows Security app | The Windows built-in security application found in setitngs provides an at-a-glance view of the security status and health of your device. These insights help you identify issues and take action to make sure you’re protected. You can quickly see the status of your virus and threat protection, firewall and network security, device security controls, and more. <br><br/> Learn more about the [Windows Security app](threat-protection/windows-defender-security-center/windows-defender-security-center.md).|
+| Encryption and data protection | Wherever confidential data is stored, it must be protected against unauthorized access, whether through physical device theft or from malicious applications. Windows provides strong at-rest data-protection solutions that guard against nefarious attackers. <br/><br/> Learn more about [Encryption](encryption-data-protection.md). 
+| BitLocker | BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. BitLocker provides the most protection when used with a Trusted Platform Module (TPM) version 1.2 or later. <br/> <br/> Learn more about [BitLocker](information-protection/bitlocker/bitlocker-overview.md). |
+| Encrypted Hard Drive | <br/><br/>Encrypted Hard Drive uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management. <br> By offloading the cryptographic operations to hardware, Encrypted Hard Drives increase BitLocker performance and reduce CPU usage and power consumption. Because Encrypted Hard Drives encrypt data quickly, enterprise devices can expand BitLocker deployment with minimal impact on productivity. <br/><br/> Learn more about [Encrypted Hard Drives](information-protection/encrypted-hard-drive.md). <br><br/> |
+| Virtual Private Network | Virtual private networks (VPNs) are point-to-point connections across a private or public network, such as the Internet. A VPN client uses special TCP/IP or UDP-based protocols, called tunneling protocols, to make a virtual call to a virtual port on a VPN server. <br><br/>Learn more about [Virtual Private Networks](identity-protection/vpn/vpn-guide.md) (VPNs).<br/><br/>|
+| Windows Defender Firewall | Windows Defender Firewall is a stateful host firewall that helps secure the device by allowing you to create rules that determine which network traffic is permitted to enter the device from the network and which network traffic the device is allowed to send to the network. Windows Defender Firewall also supports Internet Protocol security (IPsec), which you can use to require authentication from any device that is attempting to communicate with your device. <br><br/> Learn more about [Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md).<br/><br/>
+| Protection from viruses and threats | The next-generation protection capabilities in Windows helps identify and block new and emerging threats. By reducing your attack surface, you can reduce the risk of malware getting onto a device. Powered by the cloud and machine learning, Microsoft Defender Antivirus can help stop attacks in real-time. These capabilities can help security teams prevent malware from infecting a device. <br><br/> [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)<br/><br/>[Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction)<br/><br/>[Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)<br/><br/>[Network protection](/microsoft-365/security/defender-endpoint/network-protection)<br/><br/>[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)<br/><br/>[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)<br/><br/>Integration with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint) for additional threat protection |
 
 
+
+
+Bluetooth (NEEDED)<br/><br/>Domain Name System (DNS) security (NEEDED)<br/><br/>Windows Wi-Fi (NEEDED)<br/><br/>Transport Layer Security (TLS) (NEEDED) |
diff --git a/windows/security/threat-protection/TOC.yml b/windows/security/threat-protection/TOC.yml
index 5342060e01..c4a518650a 100644
--- a/windows/security/threat-protection/TOC.yml
+++ b/windows/security/threat-protection/TOC.yml
@@ -35,4 +35,4 @@
 - name: Security foundations
 
 - name: Windows Privacy
-  href: windows/privacy/windows-10-and-privacy-compliance.md
\ No newline at end of file
+  href: /windows/privacy/windows-10-and-privacy-compliance.md
\ No newline at end of file

From 4064975d0931bd4cce539500e3a8b8505a19cdae Mon Sep 17 00:00:00 2001
From: jaimeo <jaimeo@microsoft.com>
Date: Thu, 16 Sep 2021 13:42:50 -0700
Subject: [PATCH 398/671] tuning up articles in the plan section; doesn't
 include ones needing the biggest changes

---
 .../update/create-deployment-plan.md          | 12 ++++++----
 windows/deployment/update/eval-infra-tools.md | 23 +++++++++++--------
 .../update/plan-define-readiness.md           |  5 ++++
 .../update/plan-determine-app-readiness.md    |  7 +++++-
 4 files changed, 33 insertions(+), 14 deletions(-)

diff --git a/windows/deployment/update/create-deployment-plan.md b/windows/deployment/update/create-deployment-plan.md
index 2d806516c6..0f7d0795a5 100644
--- a/windows/deployment/update/create-deployment-plan.md
+++ b/windows/deployment/update/create-deployment-plan.md
@@ -13,9 +13,14 @@ ms.topic: article
 
 # Create a deployment plan
 
+**Applies to**
+
+-   Windows 10
+-   Windows 11
+
 A "service management" mindset means that the devices in your organization fall into a continuum, with the software update process being constantly planned, deployed, monitored, and optimized. And once you use this process for feature updates, quality updates become a lightweight procedure that is simple and fast to execute, ultimately increasing velocity.
 
-When you move to a service management model, you need effective ways of rolling out updates to representative groups of devices. We’ve found that a ring-based deployment works well for us at Microsoft and many other organizations across the globe. Deployment rings in Windows 10 are similar to the deployment groups most organizations constructed for previous major revision upgrades. They are simply a method to separate devices into a deployment timeline.
+When you move to a service management model, you need effective ways of rolling out updates to representative groups of devices. We’ve found that a ring-based deployment works well for us at Microsoft and many other organizations across the globe. Deployment rings in Windows client are similar to the deployment groups most organizations constructed for previous major revision upgrades. They are simply a method to separate devices into a deployment timeline.
 
 At the highest level, each “ring” comprises a group of users or devices that receive a particular update concurrently. For each ring, IT administrators set criteria to control deferral time or adoption (completion) that should be met before deployment to the next broader ring of devices or users can occur.
 
@@ -99,8 +104,7 @@ Once the devices in the Limited ring have had a sufficient stabilization period,
 In most businesses, the Broad ring includes the rest of your organization. Because of the work in the previous ring to vet stability and minimize disruption (with diagnostic data to support your decision) broad deployment can occur relatively quickly.
 
 > [!NOTE]
-> In some instances, you might hold back on mission critical devices (such as medical devices) until deployment in the Broad ring is complete. Get best practices and recommendations for deploying Windows 10 feature
-> updates to mission critical devices.
+> In some instances, you might hold back on mission-critical devices (such as medical devices) until deployment in the Broad ring is complete. Get best practices and recommendations for deploying Windows client feature updates to mission critical-devices.
 
 During the broad deployment phase, you should focus on the following activities:
 
@@ -116,7 +120,7 @@ Previously, we have provided methods for analyzing your deployments, but these h
 [Desktop Analytics](/mem/configmgr/desktop-analytics/overview) is a cloud-based service and a key tool in [Microsoft Endpoint Manager](/mem/configmgr/core/understand/microsoft-endpoint-manager-faq). Using artificial intelligence and machine learning, Desktop Analytics is a powerful tool to give you insights and intelligence to
 make informed decisions about the readiness of your Windows devices.
 
-In Windows 10 deployments, we have seen compatibility issues on < 0.5% of apps when using Desktop Analytics. Using Desktop Analytics with Microsoft Endpoint Manager can help you assess app compatibility with the latest
+In Windows client deployments, we have seen compatibility issues on < 0.5% of apps when using Desktop Analytics. Using Desktop Analytics with Microsoft Endpoint Manager can help you assess app compatibility with the latest
 feature update and create groups that represent the broadest number of hardware and software configurations on the smallest set of devices across your organization. In addition, Desktop Analytics can provide you with a device and software inventory and identify issues, giving you data that equate to actionable decisions.
 
 > [!IMPORTANT]
diff --git a/windows/deployment/update/eval-infra-tools.md b/windows/deployment/update/eval-infra-tools.md
index ce3c85e030..1d8974b7b8 100644
--- a/windows/deployment/update/eval-infra-tools.md
+++ b/windows/deployment/update/eval-infra-tools.md
@@ -15,34 +15,39 @@ ms.collection: m365initiative-coredeploy
 
 # Evaluate infrastructure and tools
 
+**Applies to**
+
+-   Windows 10
+-   Windows 11
+
 Before you deploy an update, it's best to assess your deployment infrastructure (that is, tools such as Configuration Manager, Microsoft Intune, or similar) and current configurations (such as security baselines, administrative templates, and policies that affect updates). Then, set some criteria to define your operational readiness.
 
 ## Infrastructure
 
 Do your deployment tools need updates?
 
-- If you use Configuration Manager, is it on the Current Branch with the latest release installed. Being on this branch ensures that it supports the next Windows 10 feature update. Configuration Manager releases are supported for 18 months.
+- If you use Configuration Manager, is it on the Current Branch with the latest release installed.? Being on this branch ensures that it supports the next Windows client feature update. Configuration Manager releases are supported for 18 months.
 - Using a cloud-based management tool like Microsoft Intune reduces support challenges, since no related products need to be updated.
-- If you use a non-Microsoft tool, check with its product support to make sure you're using the current version and that it supports the next Windows 10 feature update.
+- If you use a non-Microsoft tool, check with its product support to make sure you're using the current version and that it supports the next Windows client feature update.
 
 Rely on your experiences and data from previous deployments to help you judge how long infrastructure changes take and identify any problems you've encountered while doing so.
 
 ## Device settings
 
-Make sure your security baseline, administrative templates, and policies have the right settings to support your devices once the new Windows 10 update is installed.
+Make sure your security baseline, administrative templates, and policies have the right settings to support your devices once the new Windows client update is installed.
 
 ### Security baseline
 
-Keep security baselines current to help ensure that your environment is secure and that new security feature in the coming Windows 10 update are set properly.
+Keep security baselines current to help ensure that your environment is secure and that new security feature in the coming Windows client update are set properly.
 
 - **Microsoft security baselines**: You should implement security baselines from Microsoft. They are included in the [Security Compliance Toolkit](https://www.microsoft.com/download/details.aspx?id=55319), along with tools for managing them. 
-- **Industry- or region-specific baselines**: Your specific industry or region might have particular baselines that you must follow per regulations. Ensure that any new baselines support the version of Windows 10 you are about to deploy.
+- **Industry- or region-specific baselines**: Your specific industry or region might have particular baselines that you must follow per regulations. Ensure that any new baselines support the version of Windows client you are about to deploy.
 
 ### Configuration updates
 
 There are a number of Windows policies (set by Group Policy, Intune, or other methods) that affect when Windows updates are installed, deferral, end-user experience, and many other aspects. Check these policies to make sure they are set appropriately.
 
-- **Windows 10 Administrative templates**: Each Windows 10 feature update has a supporting Administrative template (.admx) file. Group Policy tools use Administrative template files to populate policy settings in the user interface. The templates are available in the Download Center, for example, this one for [Windows 10, version 1909](https://www.microsoft.com/download/100591).
+- **Windows Administrative templates**: Each Windows client feature update has a supporting Administrative template (.admx) file. Group Policy tools use Administrative template files to populate policy settings in the user interface. The templates are available in the Download Center, for example, this one for [Windows 10, version 1909](https://www.microsoft.com/download/100591).
 - **Policies for update compliance and end-user experience**: A number of settings affect when a device installs updates, whether and for how long a user can defer an update, restart behavior after installation, and many other aspects of update behavior. It's especially important to look for existing policies that are out of date or could conflict with new ones. 
 
 
@@ -50,9 +55,9 @@ There are a number of Windows policies (set by Group Policy, Intune, or other me
 
 When you’ve deployed an update, you’ll need to make sure the update isn’t introducing new operational issues. And you’ll also ensure that if incidents arise, the needed documentation and processes are available. Work with your operations and support team to define acceptable trends and what documents or processes require updating:
 
-- **Call trend**: Define what percentage increase in calls relating to Windows 10 feature updates are acceptable or can be supported.
-- **Incident trend**: Define what percentage of increase in calls asking for support relating to Windows 10 feature updates are acceptable or can be supported.
-- **Support documentation**: Review supporting documentation that requires an update to support new infrastructure tooling or configuration as part of the Windows 10 feature update.
+- **Call trend**: Define what percentage increase in calls relating to Windows client feature updates are acceptable or can be supported.
+- **Incident trend**: Define what percentage of increase in calls asking for support relating to Windows client feature updates are acceptable or can be supported.
+- **Support documentation**: Review supporting documentation that requires an update to support new infrastructure tooling or configuration as part of the Windows client feature update.
 - **Process changes:** Define and update any processes that will change as a result of the Windows 10 feature update.
 
 Your operations and support staff can help you determine if the appropriate information is being tracked at the moment. If it isn't, work out how to get this information so you can gain the right insight. 
diff --git a/windows/deployment/update/plan-define-readiness.md b/windows/deployment/update/plan-define-readiness.md
index 2e371a0df1..40198581cc 100644
--- a/windows/deployment/update/plan-define-readiness.md
+++ b/windows/deployment/update/plan-define-readiness.md
@@ -15,6 +15,11 @@ ms.collection: m365initiative-coredeploy
 
 # Define readiness criteria
 
+**Applies to**
+
+-   Windows 10
+-   Windows 11
+
 ## Figure out roles and personnel
 
 Planning and managing a deployment involves a variety of distinct activities and roles best suited to each. As you plan, it's worth figuring out which roles you'll need to carry out the deployment and who should fill them. Different roles are active at various phases of a deployment. Depending on the size and complexity of your organization, some of the roles could be filled by the same person. However, it's best to have an established *process manager*, who will oversee all of the tasks for the deployment.
diff --git a/windows/deployment/update/plan-determine-app-readiness.md b/windows/deployment/update/plan-determine-app-readiness.md
index 0bb65d7087..8fcd5f228e 100644
--- a/windows/deployment/update/plan-determine-app-readiness.md
+++ b/windows/deployment/update/plan-determine-app-readiness.md
@@ -16,7 +16,12 @@ author: jaimeo
 
 # Determine application readiness
 
-Before you deploy a Windows 10 update, you should know which apps will continue to work without problems, which need their own updates, and which just won't work and must be replaced. If you haven't already, it's worth [classifying your apps]<link to plan-define-readiness> with respect to their criticality in your organization.
+**Applies to**
+
+-   Windows 10
+-   Windows 11
+
+Before you deploy a Windows client update, you should know which apps will continue to work without problems, which need their own updates, and which just won't work and must be replaced. If you haven't already, it's worth [classifying your apps](plan-define-readiness.md) with respect to their criticality in your organization.
 
 ## Validation methods
 

From b77b359befcffe4b10c709510575f69ef0663a06 Mon Sep 17 00:00:00 2001
From: Carmen Forsmann <cmforsmann@live.com>
Date: Thu, 16 Sep 2021 13:56:39 -0700
Subject: [PATCH 399/671] Update TOC.yml

---
 windows/deployment/TOC.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml
index 8daccb955a..67733d50fd 100644
--- a/windows/deployment/TOC.yml
+++ b/windows/deployment/TOC.yml
@@ -52,6 +52,8 @@
           items:
             - name: Using a proxy with Delivery Optimization
               href: update/delivery-optimization-proxy.md
+            - name: Delivery Optimization Client-Service Communication Explained
+              href: update/delivery-optimization-workflow.md
         - name: Best practices for feature updates on mission-critical devices
           href: update/feature-update-mission-critical.md
         - name: Windows 10 deployment considerations

From 7126358e79d8dc230c5c03ccbd9fd025c3dc0c04 Mon Sep 17 00:00:00 2001
From: Carmen Forsmann <cmforsmann@live.com>
Date: Thu, 16 Sep 2021 14:08:07 -0700
Subject: [PATCH 400/671] Update delivery-optimization-workflow.md

---
 windows/deployment/update/delivery-optimization-workflow.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/delivery-optimization-workflow.md b/windows/deployment/update/delivery-optimization-workflow.md
index 03df1c3743..4171973c8f 100644
--- a/windows/deployment/update/delivery-optimization-workflow.md
+++ b/windows/deployment/update/delivery-optimization-workflow.md
@@ -1,7 +1,7 @@
 ---
 title: Understand the Delivery Optimization Client-Service Communication Explained
 manager: laurawi
-description: Settings to use with various proxy configurations to allow Delivery Optimization to work
+description: Understand the details of Delivery Optimization client to service communication when content is requested to download.
 keywords: updates, downloads, network, bandwidth
 ms.prod: w10
 ms.mktglfcycl: deploy

From bdc2f146d51d3ac89275f8de5a8ae949143abfeb Mon Sep 17 00:00:00 2001
From: Carmen Forsmann <cmforsmann@live.com>
Date: Thu, 16 Sep 2021 14:10:55 -0700
Subject: [PATCH 401/671] Update delivery-optimization-workflow.md

---
 windows/deployment/update/delivery-optimization-workflow.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/delivery-optimization-workflow.md b/windows/deployment/update/delivery-optimization-workflow.md
index 4171973c8f..e9c345ce99 100644
--- a/windows/deployment/update/delivery-optimization-workflow.md
+++ b/windows/deployment/update/delivery-optimization-workflow.md
@@ -1,5 +1,5 @@
 ---
-title: Understand the Delivery Optimization Client-Service Communication Explained
+title: Delivery Optimization Client-Service Communication Explained
 manager: laurawi
 description: Understand the details of Delivery Optimization client to service communication when content is requested to download.
 keywords: updates, downloads, network, bandwidth

From 65351fa7c0cb5be54aa0cfe29c60e4bd69913bd8 Mon Sep 17 00:00:00 2001
From: Jaime Ondrusek <jaimeo@microsoft.com>
Date: Thu, 16 Sep 2021 14:16:24 -0700
Subject: [PATCH 402/671] Update TOC.yml

Fixing capitalization.
---
 windows/deployment/TOC.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml
index 67733d50fd..18817d1d38 100644
--- a/windows/deployment/TOC.yml
+++ b/windows/deployment/TOC.yml
@@ -52,7 +52,7 @@
           items:
             - name: Using a proxy with Delivery Optimization
               href: update/delivery-optimization-proxy.md
-            - name: Delivery Optimization Client-Service Communication Explained
+            - name: Delivery Optimization client-service communication
               href: update/delivery-optimization-workflow.md
         - name: Best practices for feature updates on mission-critical devices
           href: update/feature-update-mission-critical.md

From 40ae56944e8446e5103874098342390d27009686 Mon Sep 17 00:00:00 2001
From: Jaime Ondrusek <jaimeo@microsoft.com>
Date: Thu, 16 Sep 2021 14:28:19 -0700
Subject: [PATCH 403/671] Update delivery-optimization-workflow.md

Style and capitalization corrections.
---
 .../update/delivery-optimization-workflow.md  | 43 ++++++++++---------
 1 file changed, 23 insertions(+), 20 deletions(-)

diff --git a/windows/deployment/update/delivery-optimization-workflow.md b/windows/deployment/update/delivery-optimization-workflow.md
index e9c345ce99..c31e4dacdd 100644
--- a/windows/deployment/update/delivery-optimization-workflow.md
+++ b/windows/deployment/update/delivery-optimization-workflow.md
@@ -1,7 +1,7 @@
 ---
-title: Delivery Optimization Client-Service Communication Explained
+title: Delivery Optimization client-service communication explained
 manager: laurawi
-description: Understand the details of Delivery Optimization client to service communication when content is requested to download.
+description: Details of how Delivery Optimization communicates with the server when content is requested to download
 keywords: updates, downloads, network, bandwidth
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -13,28 +13,31 @@ ms.collection: M365-modern-desktop
 ms.topic: article
 ---
 
-# Delivery Optimization Client-Service Communication Explained
+# Delivery Optimization client-service communication explained
 
-**Applies to**: Windows 10
+**Applies to**
 
-## Download Request Workflow
+-   Windows 10
+-   Windows 11
 
-The Delivery Optimization workflow described below allows Delivery Optimization to securely and efficiently deliver requested content to the calling device. Delivery Optimization leverages content metadata to determine all available locations to pull content from, as well as content verification.
+## Download request workflow
 
-* When a download starts, the Delivery Optimization client will attempt to get its content metadata, from the Delivery Optimization service, via an SSL channel. This content metadata is a hash file containing the SHA-256 block level hashes of each piece in the file (typically one piece = 1 MB). The authenticity of the content metadata file itself is verified prior to any content being downloaded.
-* Once the content metadata file is verified, Delivery Optimization proceeds with accessing the requested pieces of the content file.
-* When Delivery Optimization pulls a certain piece of the hash from another peer, it is verified against the known hash in the content metadata file.
-* If a peer provides an invalid piece, that piece is discarded. When a peer sends multiple bad pieces it is banned and will no longer be used as a source by the Delivery Optimization client performing the download.
-* If Delivery Optimization is unable to obtain the content metadata file, or if the verification of the hash file itself fails, the download will fallback to “Simple Mode” (pulling content only from an HTTP source) and peer to peer will not be allowed.
-* Once Delivery Optimization downloading is complete, all retrieved pieces of the content are used to put the file together. At that point, the Delivery Optimization caller (e.g. ConfigMgr) performs another check of the entire file to verify the signature, prior to proceeding with installation.
+This workflow allows Delivery Optimization to securely and efficiently deliver requested content to the calling device. Delivery Optimization uses content metadata to determine all available locations to pull content from, as well as content verification.
 
-## Delivery Optimization Service Endpoint And Data Information
+1. When a download starts, the Delivery Optimization client attempts to get its content metadata from the Delivery Optimization service over an SSL channel. This content metadata is a hash file containing the SHA-256 block-level hashes of each piece in the file (typically one piece = 1 MB). The authenticity of the content metadata file itself is verified prior to any content being downloaded.
+2. Once the content metadata file is verified, Delivery Optimization accesses the requested pieces of the content file.
+3. When Delivery Optimization pulls a certain piece of the hash from another peer, it verifies the hash against the known hash in the content metadata file.
+4. If a peer provides an invalid piece, that piece is discarded. When a peer sends multiple bad pieces, it's banned and will no longer be used as a source by the Delivery Optimization client performing the download.
+5. If Delivery Optimization is unable to obtain the content metadata file, or if the verification of the hash file itself fails, the download will fall back to “simple mode” (pulling content only from an HTTP source) and peer-to-peer won't be allowed.
+6. Once downloading is complete, Delivery Optimization uses all retrieved pieces of the content to put the file together. At that point, the Delivery Optimization caller (for example, ConfigMgr) checks the entire file to verify the signature prior to installing it.
 
-|Endpoint hostname|Name|Description|Data sent from the computer to the Endpoint (Field/Description)
+## Delivery Optimization service endpoint and data information
+
+|Endpoint hostname|Name|Description|Data sent from the computer to the endpoint
 |--------------------------------------------|--------------|---------------|-----------------------|
-| geover-prod.do.dsp.mp.microsoft.com <br> geo-prod.do.dsp.mp.microsoft.com <br> geo.prod.do.dsp.mp.microsoft.com <br> geover.prod.do.dsp.mp.microsoft.com | Geo | Service used to identify the geo location of the device in order to direct it to the nearest data center. | **Profile**: The device type (ex: PC vs Xbox) <br> **doClientVersion**: The version of the DoSvc Client <br> **groupID**: Group the device belongs to (set via DownloadMode = '2' (Group download mode) + groupID group policy / MDM policies) |
-| kv*-prod.do.dsp.mp.microsoft.com <br> kv*.prod.do.dsp.mp.microsoft.com | KeyValue | Bootstrap service, provides endpoints for all other services as well as device configs | **countryCode**: The country the client is connected from <br> **doClientVersion**: The version of the DoSvc Client <br> **Profile**: The device type (ex: PC vs Xbox) <br> **eId**: Client grouping Id <br> **CacheHost**: Cache host id |
-| cp*-prod.do.dsp.mp.microsoft.com <br> cp*.prod.do.dsp.mp.microsoft.com <br> | Content Policy | Provides content specific policies as well as content metadata URLs | **Profile**: The device type (ex: PC vs Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the dosvc client <br> **countryCode**: The country the client is connected from <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **eId**: Client grouping Id <br> **CacheHost**: Cache host id |
-| disc*-prod.do.dsp.mp.microsoft.com <br> disc*.prod.do.dsp.mp.microsoft.com | Discovery | Provides the client with the geo-located Array to connect to. (There are two endpoints providing this functionality: /content and /v2/content) | **Profile**: The device type (ex: PC vs Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the dosvc client <br> **partitionId**: Client partitioning hint <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **eId**: Client grouping Id |
-| cn*-prod.do.dsp.mp.microsoft.com <br> cn*.prod.do.dsp.mp.microsoft.com | Arrays | Provides the client with list of peers that have the same content and belong to the same peer group. | **Profile**: The device type (ex: PC vs Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the dosvc client <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **PeerId**:  Identified of the device running DO client <br> **ReportedIp**: The internal / private IP Address <br> **IsBackground**: Is the download interactive or background <br> **Uploaded**: Total bytes uploaded to peers <br> **Downloaded**: Total bytes downloaded from peers <br> **DownloadedCdn**: Total bytes downloaded from CDN <br> **Left**: Bytes left to download <br> **Peers Wanted**: Total number of peers wanted <br> **Group Id**: Group the device belongs to (set via DownloadMode 2 + Group ID GP / MDM policies) <br> **Scope**: The Download mode <br> **UploadedBPS**: The upload speed in Bytes per Second <br> **DownloadBPS**: The download speed in Bytes per second <br> **eId**: Client grouping Id |
-| dl.delivery.mp.microsoft.com <br> emdl.ws.microsoft.com |  | Metadata download can come from different hostnames, however it is required for P2P |  
+| geover-prod.do.dsp.mp.microsoft.com <br> geo-prod.do.dsp.mp.microsoft.com <br> geo.prod.do.dsp.mp.microsoft.com <br> geover.prod.do.dsp.mp.microsoft.com | Geo | Service used to identify the location of the device in order to direct it to the nearest data center. | **Profile**: The device type (for example, PC or Xbox) <br> **doClientVersion**: The version of the DoSvc Client <br> **groupID**: Group the device belongs to (set with DownloadMode = '2' (Group download mode) + groupID group policy / MDM policies) |
+| kv*-prod.do.dsp.mp.microsoft.com <br> kv*.prod.do.dsp.mp.microsoft.com | KeyValue | Bootstrap service provides endpoints for all other services as well as device configs | **countryCode**: The country the client is connected from <br> **doClientVersion**: The version of the DoSvc Client <br> **Profile**: The device type (for example, PC or Xbox) <br> **eId**: Client grouping Id <br> **CacheHost**: Cache host id |
+| cp*-prod.do.dsp.mp.microsoft.com <br> cp*.prod.do.dsp.mp.microsoft.com <br> | Content Policy | Provides content specific policies as well as content metadata URLs | **Profile**: The device type (for example, PC or Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the dosvc client <br> **countryCode**: The country the client is connected from <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **eId**: Client grouping Id <br> **CacheHost**: Cache host id |
+| disc*-prod.do.dsp.mp.microsoft.com <br> disc*.prod.do.dsp.mp.microsoft.com | Discovery | Provides the client with the geo-located array to connect to. (There are two endpoints providing this functionality: /content and /v2/content.) | **Profile**: The device type (for example, PC or Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the dosvc client <br> **partitionId**: Client partitioning hint <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **eId**: Client grouping Id |
+| cn*-prod.do.dsp.mp.microsoft.com <br> cn*.prod.do.dsp.mp.microsoft.com | Arrays | Provides the client with list of peers that have the same content and belong to the same peer group. | **Profile**: The device type (for example, PC or Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the dosvc client <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **PeerId**:  Identified of the device running DO client <br> **ReportedIp**: The internal / private IP Address <br> **IsBackground**: Is the download interactive or background <br> **Uploaded**: Total bytes uploaded to peers <br> **Downloaded**: Total bytes downloaded from peers <br> **DownloadedCdn**: Total bytes downloaded from CDN <br> **Left**: Bytes left to download <br> **Peers Wanted**: Total number of peers wanted <br> **Group Id**: Group the device belongs to (set via DownloadMode 2 + Group ID GP / MDM policies) <br> **Scope**: The Download mode <br> **UploadedBPS**: The upload speed in bytes per second <br> **DownloadBPS**: The download speed in Bytes per second <br> **eId**: Client grouping Id |
+| dl.delivery.mp.microsoft.com <br> emdl.ws.microsoft.com |  | Metadata download can come from different hostnames, but it's required for peer to peer |  

From 4ca86379d0f4c23baa03c0e69b9fd34c8a9c9aae Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 14:29:33 -0700
Subject: [PATCH 404/671] Update operating-system.md

---
 windows/security/operating-system.md | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index c5141ef796..6863bd1951 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -34,7 +34,4 @@ Windows Security app | The Windows built-in security application found in setitn
 | Windows Defender Firewall | Windows Defender Firewall is a stateful host firewall that helps secure the device by allowing you to create rules that determine which network traffic is permitted to enter the device from the network and which network traffic the device is allowed to send to the network. Windows Defender Firewall also supports Internet Protocol security (IPsec), which you can use to require authentication from any device that is attempting to communicate with your device. <br><br/> Learn more about [Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md).<br/><br/>
 | Protection from viruses and threats | The next-generation protection capabilities in Windows helps identify and block new and emerging threats. By reducing your attack surface, you can reduce the risk of malware getting onto a device. Powered by the cloud and machine learning, Microsoft Defender Antivirus can help stop attacks in real-time. These capabilities can help security teams prevent malware from infecting a device. <br><br/> [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)<br/><br/>[Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction)<br/><br/>[Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)<br/><br/>[Network protection](/microsoft-365/security/defender-endpoint/network-protection)<br/><br/>[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)<br/><br/>[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)<br/><br/>Integration with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint) for additional threat protection |
 
-
-
-
-Bluetooth (NEEDED)<br/><br/>Domain Name System (DNS) security (NEEDED)<br/><br/>Windows Wi-Fi (NEEDED)<br/><br/>Transport Layer Security (TLS) (NEEDED) |
+<!-- DanSimp to follow on on Bluetooth, Domain Name System (DNS) security, Windows Wi-Fi, Transport Layer Security (TLS)-->

From 1c4a51ff3eb8a2c9cdc73de18dae12f953ae69bc Mon Sep 17 00:00:00 2001
From: Jaime Ondrusek <jaimeo@microsoft.com>
Date: Thu, 16 Sep 2021 14:30:35 -0700
Subject: [PATCH 405/671] Update delivery-optimization-workflow.md

Adding updated manager metadata.
---
 windows/deployment/update/delivery-optimization-workflow.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/delivery-optimization-workflow.md b/windows/deployment/update/delivery-optimization-workflow.md
index c31e4dacdd..292f034e70 100644
--- a/windows/deployment/update/delivery-optimization-workflow.md
+++ b/windows/deployment/update/delivery-optimization-workflow.md
@@ -1,6 +1,6 @@
 ---
 title: Delivery Optimization client-service communication explained
-manager: laurawi
+manager: dougeby
 description: Details of how Delivery Optimization communicates with the server when content is requested to download
 keywords: updates, downloads, network, bandwidth
 ms.prod: w10

From 5c451f27247a6f82e5668ac29eb93f772f6acf89 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 16 Sep 2021 14:49:07 -0700
Subject: [PATCH 406/671] TOC palooza

---
 windows/security/TOC.yml                      |  76 +-
 windows/security/operating-system.md          |   3 -
 .../threat-protection/auditing/TOC.yml        | 765 ++++++++++++++++++
 .../security-policy-settings/TOC.yml          | 349 ++++++++
 4 files changed, 1189 insertions(+), 4 deletions(-)
 create mode 100644 windows/security/threat-protection/auditing/TOC.yml
 create mode 100644 windows/security/threat-protection/security-policy-settings/TOC.yml

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 91e70fb5b7..3c0315e244 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -125,7 +125,11 @@
                 - name: Decode Measured Boot logs to track PCR changes
                   href: information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md
      - name: Configure S/MIME for Windows
-       href: identity-protection/configure-s-mime.md     
+       href: identity-protection/configure-s-mime.md    
+     - name: Security policy settings
+       href: threat-protection/security-policy-settings/security-policy-settings.md
+     - name: Security auditing
+       href: threat-protection/auditing/security-auditing-overview.md
      - name: Windows Information Protection (WIP)
        href: information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
        items: 
@@ -173,6 +177,21 @@
               href: information-protection/windows-information-protection/using-owa-with-wip.md
         - name: Fine-tune WIP Learning
           href: information-protection/windows-information-protection/wip-learning.md
+        - name: Windows security baselines
+          href: threat-protection/windows-security-configuration-framework/windows-security-baselines.md
+          items: 
+            - name: Security Compliance Toolkit
+              href: threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
+            - name: Get support
+              href: threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md     
+     - name: More Windows security
+       items: 
+        - name: Override Process Mitigation Options to help enforce app-related security policies
+          href: threat-protection/override-mitigation-options-for-app-related-security-policies.md
+        - name: Use Windows Event Forwarding to help with intrusion detection
+          href: threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
+        - name: Block untrusted fonts in an enterprise
+          href: threat-protection/block-untrusted-fonts-in-enterprise.md
    - name: Network security
      items:
      - name: VPN technical guide
@@ -220,6 +239,61 @@
         href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/exploit-protection
       - name: Microsoft Defender for Endpoint
         href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint
+      - name: Security intelligence
+        href: threat-protection/intelligence/index.md
+        items: 
+        - name: Understand malware & other threats
+          href: threat-protection/intelligence/understanding-malware.md
+          items: 
+            - name: Prevent malware infection
+              href: threat-protection/intelligence/prevent-malware-infection.md
+            - name: Malware names
+              href: threat-protection/intelligence/malware-naming.md
+            - name: Coin miners
+              href: threat-protection/intelligence/coinminer-malware.md
+            - name: Exploits and exploit kits
+              href: threat-protection/intelligence/exploits-malware.md
+            - name: Fileless threats
+              href: threat-protection/intelligence/fileless-threats.md
+            - name: Macro malware
+              href: threat-protection/intelligence/macro-malware.md
+            - name: Phishing
+              href: threat-protection/intelligence/phishing.md
+            - name: Ransomware
+              href: /security/compass/human-operated-ransomware
+            - name: Rootkits
+              href: threat-protection/intelligence/rootkits-malware.md
+            - name: Supply chain attacks
+              href: threat-protection/intelligence/supply-chain-malware.md
+            - name: Tech support scams
+              href: threat-protection/intelligence/support-scams.md
+            - name: Trojans
+              href: threat-protection/intelligence/trojans-malware.md
+            - name: Unwanted software
+              href: threat-protection/intelligence/unwanted-software.md
+            - name: Worms
+              href: threat-protection/intelligence/worms-malware.md
+        - name: How Microsoft identifies malware and PUA
+          href: threat-protection/intelligence/criteria.md
+        - name: Submit files for analysis
+          href: threat-protection/intelligence/submission-guide.md
+        - name: Safety Scanner download
+          href: threat-protection/intelligence/safety-scanner-download.md
+        - name: Industry collaboration programs
+          href: threat-protection/intelligence/cybersecurity-industry-partners.md
+          items: 
+            - name: Virus information alliance
+              href: threat-protection/intelligence/virus-information-alliance-criteria.md
+            - name: Microsoft virus initiative
+              href: threat-protection/intelligence/virus-initiative-criteria.md
+            - name: Coordinated malware eradication
+              href: threat-protection/intelligence/coordinated-malware-eradication.md
+        - name: Information for developers
+          items: 
+            - name: Software developer FAQ
+              href: threat-protection/intelligence/developer-faq.yml
+            - name: Software developer resources
+              href: threat-protection/intelligence/developer-resources.md
 - name: Application security
   href: apps.md
   items:
diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index c5141ef796..859d7ec1d9 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -35,6 +35,3 @@ Windows Security app | The Windows built-in security application found in setitn
 | Protection from viruses and threats | The next-generation protection capabilities in Windows helps identify and block new and emerging threats. By reducing your attack surface, you can reduce the risk of malware getting onto a device. Powered by the cloud and machine learning, Microsoft Defender Antivirus can help stop attacks in real-time. These capabilities can help security teams prevent malware from infecting a device. <br><br/> [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)<br/><br/>[Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction)<br/><br/>[Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)<br/><br/>[Network protection](/microsoft-365/security/defender-endpoint/network-protection)<br/><br/>[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)<br/><br/>[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)<br/><br/>Integration with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint) for additional threat protection |
 
 
-
-
-Bluetooth (NEEDED)<br/><br/>Domain Name System (DNS) security (NEEDED)<br/><br/>Windows Wi-Fi (NEEDED)<br/><br/>Transport Layer Security (TLS) (NEEDED) |
diff --git a/windows/security/threat-protection/auditing/TOC.yml b/windows/security/threat-protection/auditing/TOC.yml
new file mode 100644
index 0000000000..88646f01b0
--- /dev/null
+++ b/windows/security/threat-protection/auditing/TOC.yml
@@ -0,0 +1,765 @@
+        - name: Security auditing
+          href: security-auditing-overview.md
+          items: 
+            - name: Basic security audit policies
+              href: basic-security-audit-policies.md
+              items: 
+                - name: Create a basic audit policy for an event category
+                  href: create-a-basic-audit-policy-settings-for-an-event-category.md
+                - name: Apply a basic audit policy on a file or folder
+                  href: apply-a-basic-audit-policy-on-a-file-or-folder.md
+                - name: View the security event log
+                  href: view-the-security-event-log.md
+                - name: Basic security audit policy settings
+                  href: basic-security-audit-policy-settings.md
+                  items: 
+                    - name: Audit account logon events
+                      href: basic-audit-account-logon-events.md
+                    - name: Audit account management
+                      href: basic-audit-account-management.md
+                    - name: Audit directory service access
+                      href: basic-audit-directory-service-access.md
+                    - name: Audit logon events
+                      href: basic-audit-logon-events.md
+                    - name: Audit object access
+                      href: basic-audit-object-access.md
+                    - name: Audit policy change
+                      href: basic-audit-policy-change.md
+                    - name: Audit privilege use
+                      href: basic-audit-privilege-use.md
+                    - name: Audit process tracking
+                      href: basic-audit-process-tracking.md
+                    - name: Audit system events
+                      href: basic-audit-system-events.md
+            - name: Advanced security audit policies
+              href: advanced-security-auditing.md
+              items: 
+                - name: Planning and deploying advanced security audit policies
+                  href: planning-and-deploying-advanced-security-audit-policies.md
+                - name: Advanced security auditing FAQ
+                  href: advanced-security-auditing-faq.yml
+                  items: 
+                    - name: Which editions of Windows support advanced audit policy configuration
+                      href: which-editions-of-windows-support-advanced-audit-policy-configuration.md
+                    - name: How to list XML elements in \<EventData>
+                      href: how-to-list-xml-elements-in-eventdata.md
+                    - name: Using advanced security auditing options to monitor dynamic access control objects
+                      href: using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md
+                      items: 
+                        - name: Monitor the central access policies that apply on a file server
+                          href: monitor-the-central-access-policies-that-apply-on-a-file-server.md
+                        - name: Monitor the use of removable storage devices
+                          href: monitor-the-use-of-removable-storage-devices.md
+                        - name: Monitor resource attribute definitions
+                          href: monitor-resource-attribute-definitions.md
+                        - name: Monitor central access policy and rule definitions
+                          href: monitor-central-access-policy-and-rule-definitions.md
+                        - name: Monitor user and device claims during sign-in
+                          href: monitor-user-and-device-claims-during-sign-in.md
+                        - name: Monitor the resource attributes on files and folders
+                          href: monitor-the-resource-attributes-on-files-and-folders.md
+                        - name: Monitor the central access policies associated with files and folders
+                          href: monitor-the-central-access-policies-associated-with-files-and-folders.md
+                        - name: Monitor claim types
+                          href: monitor-claim-types.md
+                    - name: Advanced security audit policy settings
+                      href: advanced-security-audit-policy-settings.md
+                      items: 
+                        - name: Audit Credential Validation
+                          href: audit-credential-validation.md
+                        - name: "Event 4774 S, F: An account was mapped for logon."
+                          href: event-4774.md
+                        - name: "Event 4775 F: An account could not be mapped for logon."
+                          href: event-4775.md
+                        - name: "Event 4776 S, F: The computer attempted to validate the credentials for an account."
+                          href: event-4776.md
+                        - name: "Event 4777 F: The domain controller failed to validate the credentials for an account."
+                          href: event-4777.md
+                    - name: Audit Kerberos Authentication Service
+                      href: audit-kerberos-authentication-service.md
+                      items: 
+                        - name: "Event 4768 S, F: A Kerberos authentication ticket, TGT, was requested."
+                          href: event-4768.md
+                        - name: "Event 4771 F: Kerberos pre-authentication failed."
+                          href: event-4771.md
+                        - name: "Event 4772 F: A Kerberos authentication ticket request failed."
+                          href: event-4772.md
+                    - name: Audit Kerberos Service Ticket Operations
+                      href: audit-kerberos-service-ticket-operations.md
+                      items: 
+                        - name: "Event 4769 S, F: A Kerberos service ticket was requested."
+                          href: event-4769.md
+                        - name: "Event 4770 S: A Kerberos service ticket was renewed."
+                          href: event-4770.md
+                        - name: "Event 4773 F: A Kerberos service ticket request failed."
+                          href: event-4773.md
+                    - name: Audit Other Account Logon Events
+                      href: audit-other-account-logon-events.md
+                    - name: Audit Application Group Management
+                      href: audit-application-group-management.md
+                    - name: Audit Computer Account Management
+                      href: audit-computer-account-management.md
+                      items: 
+                        - name: "Event 4741 S: A computer account was created."
+                          href: event-4741.md
+                        - name: "Event 4742 S: A computer account was changed."
+                          href: event-4742.md
+                        - name: "Event 4743 S: A computer account was deleted."
+                          href: event-4743.md
+                    - name: Audit Distribution Group Management
+                      href: audit-distribution-group-management.md
+                      items: 
+                        - name: "Event 4749 S: A security-disabled global group was created."
+                          href: event-4749.md
+                        - name: "Event 4750 S: A security-disabled global group was changed."
+                          href: event-4750.md
+                        - name: "Event 4751 S: A member was added to a security-disabled global group."
+                          href: event-4751.md
+                        - name: "Event 4752 S: A member was removed from a security-disabled global group."
+                          href: event-4752.md
+                        - name: "Event 4753 S: A security-disabled global group was deleted."
+                          href: event-4753.md
+                    - name: Audit Other Account Management Events
+                      href: audit-other-account-management-events.md
+                      items: 
+                        - name: "Event 4782 S: The password hash of an account was accessed."
+                          href: event-4782.md
+                        - name: "Event 4793 S: The Password Policy Checking API was called."
+                          href: event-4793.md
+                    - name: Audit Security Group Management
+                      href: audit-security-group-management.md
+                      items: 
+                        - name: "Event 4731 S: A security-enabled local group was created."
+                          href: event-4731.md
+                        - name: "Event 4732 S: A member was added to a security-enabled local group."
+                          href: event-4732.md
+                        - name: "Event 4733 S: A member was removed from a security-enabled local group."
+                          href: event-4733.md
+                        - name: "Event 4734 S: A security-enabled local group was deleted."
+                          href: event-4734.md
+                        - name: "Event 4735 S: A security-enabled local group was changed."
+                          href: event-4735.md
+                        - name: "Event 4764 S: A group�s type was changed."
+                          href: event-4764.md
+                        - name: "Event 4799 S: A security-enabled local group membership was enumerated."
+                          href: event-4799.md
+                    - name: Audit User Account Management
+                      href: audit-user-account-management.md
+                      items: 
+                        - name: "Event 4720 S: A user account was created."
+                          href: event-4720.md
+                        - name: "Event 4722 S: A user account was enabled."
+                          href: event-4722.md
+                        - name: "Event 4723 S, F: An attempt was made to change an account's password."
+                          href: event-4723.md
+                        - name: "Event 4724 S, F: An attempt was made to reset an account's password."
+                          href: event-4724.md
+                        - name: "Event 4725 S: A user account was disabled."
+                          href: event-4725.md
+                        - name: "Event 4726 S: A user account was deleted."
+                          href: event-4726.md
+                        - name: "Event 4738 S: A user account was changed."
+                          href: event-4738.md
+                        - name: "Event 4740 S: A user account was locked out."
+                          href: event-4740.md
+                        - name: "Event 4765 S: SID History was added to an account."
+                          href: event-4765.md
+                        - name: "Event 4766 F: An attempt to add SID History to an account failed."
+                          href: event-4766.md
+                        - name: "Event 4767 S: A user account was unlocked."
+                          href: event-4767.md
+                        - name: "Event 4780 S: The ACL was set on accounts that are members of administrators groups."
+                          href: event-4780.md
+                        - name: "Event 4781 S: The name of an account was changed."
+                          href: event-4781.md
+                        - name: "Event 4794 S, F: An attempt was made to set the Directory Services Restore Mode administrator password."
+                          href: event-4794.md
+                        - name: "Event 4798 S: A user's local group membership was enumerated."
+                          href: event-4798.md
+                        - name: "Event 5376 S: Credential Manager credentials were backed up."
+                          href: event-5376.md
+                        - name: "Event 5377 S: Credential Manager credentials were restored from a backup."
+                          href: event-5377.md
+                    - name: Audit DPAPI Activity
+                      href: audit-dpapi-activity.md
+                      items: 
+                        - name: "Event 4692 S, F: Backup of data protection master key was attempted."
+                          href: event-4692.md
+                        - name: "Event 4693 S, F: Recovery of data protection master key was attempted."
+                          href: event-4693.md
+                        - name: "Event 4694 S, F: Protection of auditable protected data was attempted."
+                          href: event-4694.md
+                        - name: "Event 4695 S, F: Unprotection of auditable protected data was attempted."
+                          href: event-4695.md
+                    - name: Audit PNP Activity
+                      href: audit-pnp-activity.md
+                      items: 
+                        - name: "Event 6416 S: A new external device was recognized by the System."
+                          href: event-6416.md
+                        - name: "Event 6419 S: A request was made to disable a device."
+                          href: event-6419.md
+                        - name: "Event 6420 S: A device was disabled."
+                          href: event-6420.md
+                        - name: "Event 6421 S: A request was made to enable a device."
+                          href: event-6421.md
+                        - name: "Event 6422 S: A device was enabled."
+                          href: event-6422.md
+                        - name: "Event 6423 S: The installation of this device is forbidden by system policy."
+                          href: event-6423.md
+                        - name: "Event 6424 S: The installation of this device was allowed, after having previously been forbidden by policy."
+                          href: event-6424.md
+                    - name: Audit Process Creation
+                      href: audit-process-creation.md
+                      items: 
+                        - name: "Event 4688 S: A new process has been created."
+                          href: event-4688.md
+                        - name: "Event 4696 S: A primary token was assigned to process."
+                          href: event-4696.md
+                    - name: Audit Process Termination
+                      href: audit-process-termination.md
+                      items: 
+                        - name: "Event 4689 S: A process has exited."
+                          href: event-4689.md
+                    - name: Audit RPC Events
+                      href: audit-rpc-events.md
+                      items: 
+                        - name: "Event 5712 S: A Remote Procedure Call, RPC, was attempted."
+                          href: event-5712.md
+                    - name: Audit Token Right Adjusted
+                      href: audit-token-right-adjusted.md
+                      items: 
+                        - name: "Event 4703 S: A user right was adjusted."
+                          href: event-4703.md
+                    - name: Audit Detailed Directory Service Replication
+                      href: audit-detailed-directory-service-replication.md
+                      items: 
+                        - name: "Event 4928 S, F: An Active Directory replica source naming context was established."
+                          href: event-4928.md
+                        - name: "Event 4929 S, F: An Active Directory replica source naming context was removed."
+                          href: event-4929.md
+                        - name: "Event 4930 S, F: An Active Directory replica source naming context was modified."
+                          href: event-4930.md
+                        - name: "Event 4931 S, F: An Active Directory replica destination naming context was modified."
+                          href: event-4931.md
+                        - name: "Event 4934 S: Attributes of an Active Directory object were replicated."
+                          href: event-4934.md
+                        - name: "Event 4935 F: Replication failure begins."
+                          href: event-4935.md
+                        - name: "Event 4936 S: Replication failure ends."
+                          href: event-4936.md
+                        - name: "Event 4937 S: A lingering object was removed from a replica."
+                          href: event-4937.md
+                    - name: Audit Directory Service Access
+                      href: audit-directory-service-access.md
+                      items: 
+                        - name: "Event 4662 S, F: An operation was performed on an object."
+                          href: event-4662.md
+                        - name: "Event 4661 S, F: A handle to an object was requested."
+                          href: event-4661.md
+                    - name: Audit Directory Service Changes
+                      href: audit-directory-service-changes.md
+                      items: 
+                        - name: "Event 5136 S: A directory service object was modified."
+                          href: event-5136.md
+                        - name: "Event 5137 S: A directory service object was created."
+                          href: event-5137.md
+                        - name: "Event 5138 S: A directory service object was undeleted."
+                          href: event-5138.md
+                        - name: "Event 5139 S: A directory service object was moved."
+                          href: event-5139.md
+                        - name: "Event 5141 S: A directory service object was deleted."
+                          href: event-5141.md
+                    - name: Audit Directory Service Replication
+                      href: audit-directory-service-replication.md
+                      items: 
+                        - name: "Event 4932 S: Synchronization of a replica of an Active Directory naming context has begun."
+                          href: event-4932.md
+                        - name: "Event 4933 S, F: Synchronization of a replica of an Active Directory naming context has ended."
+                          href: event-4933.md
+                    - name: Audit Account Lockout
+                      href: audit-account-lockout.md
+                      items: 
+                        - name: "Event 4625 F: An account failed to log on."
+                          href: event-4625.md
+                    - name: Audit User/Device Claims
+                      href: audit-user-device-claims.md
+                      items: 
+                        - name: "Event 4626 S: User/Device claims information."
+                          href: event-4626.md
+                    - name: Audit Group Membership
+                      href: audit-group-membership.md
+                      items: 
+                        - name: "Event 4627 S: Group membership information."
+                          href: event-4627.md
+                    - name: Audit IPsec Extended Mode
+                      href: audit-ipsec-extended-mode.md
+                    - name: Audit IPsec Main Mode
+                      href: audit-ipsec-main-mode.md
+                    - name: Audit IPsec Quick Mode
+                      href: audit-ipsec-quick-mode.md
+                    - name: Audit Logoff
+                      href: audit-logoff.md
+                      items: 
+                        - name: "Event 4634 S: An account was logged off."
+                          href: event-4634.md
+                        - name: "Event 4647 S: User initiated logoff."
+                          href: event-4647.md
+                    - name: Audit Logon
+                      href: audit-logon.md
+                      items: 
+                        - name: "Event 4624 S: An account was successfully logged on."
+                          href: event-4624.md
+                        - name: "Event 4625 F: An account failed to log on."
+                          href: event-4625.md
+                        - name: "Event 4648 S: A logon was attempted using explicit credentials."
+                          href: event-4648.md
+                        - name: "Event 4675 S: SIDs were filtered."
+                          href: event-4675.md
+                    - name: Audit Network Policy Server
+                      href: audit-network-policy-server.md
+                    - name: Audit Other Logon/Logoff Events
+                      href: audit-other-logonlogoff-events.md
+                      items: 
+                        - name: "Event 4649 S: A replay attack was detected."
+                          href: event-4649.md
+                        - name: "Event 4778 S: A session was reconnected to a Window Station."
+                          href: event-4778.md
+                        - name: "Event 4779 S: A session was disconnected from a Window Station."
+                          href: event-4779.md
+                        - name: "Event 4800 S: The workstation was locked."
+                          href: event-4800.md
+                        - name: "Event 4801 S: The workstation was unlocked."
+                          href: event-4801.md
+                        - name: "Event 4802 S: The screen saver was invoked."
+                          href: event-4802.md
+                        - name: "Event 4803 S: The screen saver was dismissed."
+                          href: event-4803.md
+                        - name: "Event 5378 F: The requested credentials delegation was disallowed by policy."
+                          href: event-5378.md
+                        - name: "Event 5632 S, F: A request was made to authenticate to a wireless network."
+                          href: event-5632.md
+                        - name: "Event 5633 S, F: A request was made to authenticate to a wired network."
+                          href: event-5633.md
+                    - name: Audit Special Logon
+                      href: audit-special-logon.md
+                      items: 
+                        - name: "Event 4964 S: Special groups have been assigned to a new logon."
+                          href: event-4964.md
+                        - name: "Event 4672 S: Special privileges assigned to new logon."
+                          href: event-4672.md
+                    - name: Audit Application Generated
+                      href: audit-application-generated.md
+                    - name: Audit Certification Services
+                      href: audit-certification-services.md
+                    - name: Audit Detailed File Share
+                      href: audit-detailed-file-share.md
+                      items: 
+                        - name: "Event 5145 S, F: A network share object was checked to see whether client can be granted desired access."
+                          href: event-5145.md
+                    - name: Audit File Share
+                      href: audit-file-share.md
+                      items: 
+                        - name: "Event 5140 S, F: A network share object was accessed."
+                          href: event-5140.md
+                        - name: "Event 5142 S: A network share object was added."
+                          href: event-5142.md
+                        - name: "Event 5143 S: A network share object was modified."
+                          href: event-5143.md
+                        - name: "Event 5144 S: A network share object was deleted."
+                          href: event-5144.md
+                        - name: "Event 5168 F: SPN check for SMB/SMB2 failed."
+                          href: event-5168.md
+                    - name: Audit File System
+                      href: audit-file-system.md
+                      items: 
+                        - name: "Event 4656 S, F: A handle to an object was requested."
+                          href: event-4656.md
+                        - name: "Event 4658 S: The handle to an object was closed."
+                          href: event-4658.md
+                        - name: "Event 4660 S: An object was deleted."
+                          href: event-4660.md
+                        - name: "Event 4663 S: An attempt was made to access an object."
+                          href: event-4663.md
+                        - name: "Event 4664 S: An attempt was made to create a hard link."
+                          href: event-4664.md
+                        - name: "Event 4985 S: The state of a transaction has changed."
+                          href: event-4985.md
+                        - name: "Event 5051: A file was virtualized."
+                          href: event-5051.md
+                        - name: "Event 4670 S: Permissions on an object were changed."
+                          href: event-4670.md
+                    - name: Audit Filtering Platform Connection
+                      href: audit-filtering-platform-connection.md
+                      items: 
+                        - name: "Event 5031 F: The Windows Firewall Service blocked an application from accepting incoming connections on the network."
+                          href: event-5031.md
+                        - name: "Event 5150: The Windows Filtering Platform blocked a packet."
+                          href: event-5150.md
+                        - name: "Event 5151: A more restrictive Windows Filtering Platform filter has blocked a packet."
+                          href: event-5151.md
+                        - name: "Event 5154 S: The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections."
+                          href: event-5154.md
+                        - name: "Event 5155 F: The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections."
+                          href: event-5155.md
+                        - name: "Event 5156 S: The Windows Filtering Platform has permitted a connection."
+                          href: event-5156.md
+                        - name: "Event 5157 F: The Windows Filtering Platform has blocked a connection."
+                          href: event-5157.md
+                        - name: "Event 5158 S: The Windows Filtering Platform has permitted a bind to a local port."
+                          href: event-5158.md
+                        - name: "Event 5159 F: The Windows Filtering Platform has blocked a bind to a local port."
+                          href: event-5159.md
+                    - name: Audit Filtering Platform Packet Drop
+                      href: audit-filtering-platform-packet-drop.md
+                      items: 
+                        - name: "Event 5152 F: The Windows Filtering Platform blocked a packet."
+                          href: event-5152.md
+                        - name: "Event 5153 S: A more restrictive Windows Filtering Platform filter has blocked a packet."
+                          href: event-5153.md
+                    - name: Audit Handle Manipulation
+                      href: audit-handle-manipulation.md
+                      items: 
+                        - name: "Event 4690 S: An attempt was made to duplicate a handle to an object."
+                          href: event-4690.md
+                    - name: Audit Kernel Object
+                      href: audit-kernel-object.md
+                      items: 
+                        - name: "Event 4656 S, F: A handle to an object was requested."
+                          href: event-4656.md
+                        - name: "Event 4658 S: The handle to an object was closed."
+                          href: event-4658.md
+                        - name: "Event 4660 S: An object was deleted."
+                          href: event-4660.md
+                        - name: "Event 4663 S: An attempt was made to access an object."
+                          href: event-4663.md
+                    - name: Audit Other Object Access Events
+                      href: audit-other-object-access-events.md
+                      items: 
+                        - name: "Event 4671: An application attempted to access a blocked ordinal through the TBS."
+                          href: event-4671.md
+                        - name: "Event 4691 S: Indirect access to an object was requested."
+                          href: event-4691.md
+                        - name: "Event 5148 F: The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded."
+                          href: event-5148.md
+                        - name: "Event 5149 F: The DoS attack has subsided and normal processing is being resumed."
+                          href: event-5149.md
+                        - name: "Event 4698 S: A scheduled task was created."
+                          href: event-4698.md
+                        - name: "Event 4699 S: A scheduled task was deleted."
+                          href: event-4699.md
+                        - name: "Event 4700 S: A scheduled task was enabled."
+                          href: event-4700.md
+                        - name: "Event 4701 S: A scheduled task was disabled."
+                          href: event-4701.md
+                        - name: "Event 4702 S: A scheduled task was updated."
+                          href: event-4702.md
+                        - name: "Event 5888 S: An object in the COM+ Catalog was modified."
+                          href: event-5888.md
+                        - name: "Event 5889 S: An object was deleted from the COM+ Catalog."
+                          href: event-5889.md
+                        - name: "Event 5890 S: An object was added to the COM+ Catalog."
+                          href: event-5890.md
+                    - name: Audit Registry
+                      href: audit-registry.md
+                      items: 
+                        - name: "Event 4663 S: An attempt was made to access an object."
+                          href: event-4663.md
+                        - name: "Event 4656 S, F: A handle to an object was requested."
+                          href: event-4656.md
+                        - name: "Event 4658 S: The handle to an object was closed."
+                          href: event-4658.md
+                        - name: "Event 4660 S: An object was deleted."
+                          href: event-4660.md
+                        - name: "Event 4657 S: A registry value was modified."
+                          href: event-4657.md
+                        - name: "Event 5039: A registry key was virtualized."
+                          href: event-5039.md
+                        - name: "Event 4670 S: Permissions on an object were changed."
+                          href: event-4670.md
+                    - name: Audit Removable Storage
+                      href: audit-removable-storage.md
+                    - name: Audit SAM
+                      href: audit-sam.md
+                      items: 
+                        - name: "Event 4661 S, F: A handle to an object was requested."
+                          href: event-4661.md
+                    - name: Audit Central Access Policy Staging
+                      href: audit-central-access-policy-staging.md
+                      items: 
+                        - name: "Event 4818 S: Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy."
+                          href: event-4818.md
+                    - name: Audit Audit Policy Change
+                      href: audit-audit-policy-change.md
+                      items: 
+                        - name: "Event 4670 S: Permissions on an object were changed."
+                          href: event-4670.md
+                        - name: "Event 4715 S: The audit policy, SACL, on an object was changed."
+                          href: event-4715.md
+                        - name: "Event 4719 S: System audit policy was changed."
+                          href: event-4719.md
+                        - name: "Event 4817 S: Auditing settings on object were changed."
+                          href: event-4817.md
+                        - name: "Event 4902 S: The Per-user audit policy table was created."
+                          href: event-4902.md
+                        - name: "Event 4906 S: The CrashOnAuditFail value has changed."
+                          href: event-4906.md
+                        - name: "Event 4907 S: Auditing settings on object were changed."
+                          href: event-4907.md
+                        - name: "Event 4908 S: Special Groups Logon table modified."
+                          href: event-4908.md
+                        - name: "Event 4912 S: Per User Audit Policy was changed."
+                          href: event-4912.md
+                        - name: "Event 4904 S: An attempt was made to register a security event source."
+                          href: event-4904.md
+                        - name: "Event 4905 S: An attempt was made to unregister a security event source."
+                          href: event-4905.md
+                    - name: Audit Authentication Policy Change
+                      href: audit-authentication-policy-change.md
+                      items: 
+                        - name: "Event 4706 S: A new trust was created to a domain."
+                          href: event-4706.md
+                        - name: "Event 4707 S: A trust to a domain was removed."
+                          href: event-4707.md
+                        - name: "Event 4716 S: Trusted domain information was modified."
+                          href: event-4716.md
+                        - name: "Event 4713 S: Kerberos policy was changed."
+                          href: event-4713.md
+                        - name: "Event 4717 S: System security access was granted to an account."
+                          href: event-4717.md
+                        - name: "Event 4718 S: System security access was removed from an account."
+                          href: event-4718.md
+                        - name: "Event 4739 S: Domain Policy was changed."
+                          href: event-4739.md
+                        - name: "Event 4864 S: A namespace collision was detected."
+                          href: event-4864.md
+                        - name: "Event 4865 S: A trusted forest information entry was added."
+                          href: event-4865.md
+                        - name: "Event 4866 S: A trusted forest information entry was removed."
+                          href: event-4866.md
+                        - name: "Event 4867 S: A trusted forest information entry was modified."
+                          href: event-4867.md
+                    - name: Audit Authorization Policy Change
+                      href: audit-authorization-policy-change.md
+                      items: 
+                        - name: "Event 4703 S: A user right was adjusted."
+                          href: event-4703.md
+                        - name: "Event 4704 S: A user right was assigned."
+                          href: event-4704.md
+                        - name: "Event 4705 S: A user right was removed."
+                          href: event-4705.md
+                        - name: "Event 4670 S: Permissions on an object were changed."
+                          href: event-4670.md
+                        - name: "Event 4911 S: Resource attributes of the object were changed."
+                          href: event-4911.md
+                        - name: "Event 4913 S: Central Access Policy on the object was changed."
+                          href: event-4913.md
+                    - name: Audit Filtering Platform Policy Change
+                      href: audit-filtering-platform-policy-change.md
+                    - name: Audit MPSSVC Rule-Level Policy Change
+                      href: audit-mpssvc-rule-level-policy-change.md
+                      items: 
+                        - name: "Event 4944 S: The following policy was active when the Windows Firewall started."
+                          href: event-4944.md
+                        - name: "Event 4945 S: A rule was listed when the Windows Firewall started."
+                          href: event-4945.md
+                        - name: "Event 4946 S: A change has been made to Windows Firewall exception list. A rule was added."
+                          href: event-4946.md
+                        - name: "Event 4947 S: A change has been made to Windows Firewall exception list. A rule was modified."
+                          href: event-4947.md
+                        - name: "Event 4948 S: A change has been made to Windows Firewall exception list. A rule was deleted."
+                          href: event-4948.md
+                        - name: "Event 4949 S: Windows Firewall settings were restored to the default values."
+                          href: event-4949.md
+                        - name: "Event 4950 S: A Windows Firewall setting has changed."
+                          href: event-4950.md
+                        - name: "Event 4951 F: A rule has been ignored because its major version number was not recognized by Windows Firewall."
+                          href: event-4951.md
+                        - name: "Event 4952 F: Parts of a rule have been ignored because its minor version number was not recognized by Windows Firewall. The other parts of the rule will be enforced."
+                          href: event-4952.md
+                        - name: "Event 4953 F: Windows Firewall ignored a rule because it could not be parsed."
+                          href: event-4953.md
+                        - name: "Event 4954 S: Windows Firewall Group Policy settings have changed. The new settings have been applied."
+                          href: event-4954.md
+                        - name: "Event 4956 S: Windows Firewall has changed the active profile."
+                          href: event-4956.md
+                        - name: "Event 4957 F: Windows Firewall did not apply the following rule."
+                          href: event-4957.md
+                        - name: "Event 4958 F: Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer."
+                          href: event-4958.md
+                    - name: Audit Other Policy Change Events
+                      href: audit-other-policy-change-events.md
+                      items: 
+                        - name: "Event 4714 S: Encrypted data recovery policy was changed."
+                          href: event-4714.md
+                        - name: "Event 4819 S: Central Access Policies on the machine have been changed."
+                          href: event-4819.md
+                        - name: "Event 4826 S: Boot Configuration Data loaded."
+                          href: event-4826.md
+                        - name: "Event 4909: The local policy settings for the TBS were changed."
+                          href: event-4909.md
+                        - name: "Event 4910: The group policy settings for the TBS were changed."
+                          href: event-4910.md
+                        - name: "Event 5063 S, F: A cryptographic provider operation was attempted."
+                          href: event-5063.md
+                        - name: "Event 5064 S, F: A cryptographic context operation was attempted."
+                          href: event-5064.md
+                        - name: "Event 5065 S, F: A cryptographic context modification was attempted."
+                          href: event-5065.md
+                        - name: "Event 5066 S, F: A cryptographic function operation was attempted."
+                          href: event-5066.md
+                        - name: "Event 5067 S, F: A cryptographic function modification was attempted."
+                          href: event-5067.md
+                        - name: "Event 5068 S, F: A cryptographic function provider operation was attempted."
+                          href: event-5068.md
+                        - name: "Event 5069 S, F: A cryptographic function property operation was attempted."
+                          href: event-5069.md
+                        - name: "Event 5070 S, F: A cryptographic function property modification was attempted."
+                          href: event-5070.md
+                        - name: "Event 5447 S: A Windows Filtering Platform filter has been changed."
+                          href: event-5447.md
+                        - name: "Event 6144 S: Security policy in the group policy objects has been applied successfully."
+                          href: event-6144.md
+                        - name: "Event 6145 F: One or more errors occurred while processing security policy in the group policy objects."
+                          href: event-6145.md
+                    - name: Audit Sensitive Privilege Use
+                      href: audit-sensitive-privilege-use.md
+                      items: 
+                        - name: "Event 4673 S, F: A privileged service was called."
+                          href: event-4673.md
+                        - name: "Event 4674 S, F: An operation was attempted on a privileged object."
+                          href: event-4674.md
+                        - name: "Event 4985 S: The state of a transaction has changed."
+                          href: event-4985.md
+                    - name: Audit Non Sensitive Privilege Use
+                      href: audit-non-sensitive-privilege-use.md
+                      items: 
+                        - name: "Event 4673 S, F: A privileged service was called."
+                          href: event-4673.md
+                        - name: "Event 4674 S, F: An operation was attempted on a privileged object."
+                          href: event-4674.md
+                        - name: "Event 4985 S: The state of a transaction has changed."
+                          href: event-4985.md
+                    - name: Audit Other Privilege Use Events
+                      href: audit-other-privilege-use-events.md
+                      items: 
+                        - name: "Event 4985 S: The state of a transaction has changed."
+                          href: event-4985.md
+                    - name: Audit IPsec Driver
+                      href: audit-ipsec-driver.md
+                    - name: Audit Other System Events
+                      href: audit-other-system-events.md
+                      items: 
+                        - name: "Event 5024 S: The Windows Firewall Service has started successfully."
+                          href: event-5024.md
+                        - name: "Event 5025 S: The Windows Firewall Service has been stopped."
+                          href: event-5025.md
+                        - name: "Event 5027 F: The Windows Firewall Service was unable to retrieve the security policy from the local storage. The service will continue enforcing the current policy."
+                          href: event-5027.md
+                        - name: "Event 5028 F: The Windows Firewall Service was unable to parse the new security policy. The service will continue with currently enforced policy."
+                          href: event-5028.md
+                        - name: "Event 5029 F: The Windows Firewall Service failed to initialize the driver. The service will continue to enforce the current policy."
+                          href: event-5029.md
+                        - name: "Event 5030 F: The Windows Firewall Service failed to start."
+                          href: event-5030.md
+                        - name: "Event 5032 F: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network."
+                          href: event-5032.md
+                        - name: "Event 5033 S: The Windows Firewall Driver has started successfully."
+                          href: event-5033.md
+                        - name: "Event 5034 S: The Windows Firewall Driver was stopped."
+                          href: event-5034.md
+                        - name: "Event 5035 F: The Windows Firewall Driver failed to start."
+                          href: event-5035.md
+                        - name: "Event 5037 F: The Windows Firewall Driver detected critical runtime error. Terminating."
+                          href: event-5037.md
+                        - name: "Event 5058 S, F: Key file operation."
+                          href: event-5058.md
+                        - name: "Event 5059 S, F: Key migration operation."
+                          href: event-5059.md
+                        - name: "Event 6400: BranchCache: Received an incorrectly formatted response while discovering availability of content."
+                          href: event-6400.md
+                        - name: "Event 6401: BranchCache: Received invalid data from a peer. Data discarded."
+                          href: event-6401.md
+                        - name: "Event 6402: BranchCache: The message to the hosted cache offering it data is incorrectly formatted."
+                          href: event-6402.md
+                        - name: "Event 6403: BranchCache: The hosted cache sent an incorrectly formatted response to the client."
+                          href: event-6403.md
+                        - name: "Event 6404: BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate."
+                          href: event-6404.md
+                        - name: "Event 6405: BranchCache: %2 instances of event id %1 occurred."
+                          href: event-6405.md
+                        - name: "Event 6406: %1 registered to Windows Firewall to control filtering for the following: %2."
+                          href: event-6406.md
+                        - name: "Event 6407: 1%."
+                          href: event-6407.md
+                        - name: "Event 6408: Registered product %1 failed and Windows Firewall is now controlling the filtering for %2."
+                          href: event-6408.md
+                        - name: "Event 6409: BranchCache: A service connection point object could not be parsed."
+                          href: event-6409.md
+                    - name: Audit Security State Change
+                      href: audit-security-state-change.md
+                      items: 
+                        - name: "Event 4608 S: Windows is starting up."
+                          href: event-4608.md
+                        - name: "Event 4616 S: The system time was changed."
+                          href: event-4616.md
+                        - name: "Event 4621 S: Administrator recovered system from CrashOnAuditFail."
+                          href: event-4621.md
+                    - name: Audit Security System Extension
+                      href: audit-security-system-extension.md
+                      items: 
+                        - name: "Event 4610 S: An authentication package has been loaded by the Local Security Authority."
+                          href: event-4610.md
+                        - name: "Event 4611 S: A trusted logon process has been registered with the Local Security Authority."
+                          href: event-4611.md
+                        - name: "Event 4614 S: A notification package has been loaded by the Security Account Manager."
+                          href: event-4614.md
+                        - name: "Event 4622 S: A security package has been loaded by the Local Security Authority."
+                          href: event-4622.md
+                        - name: "Event 4697 S: A service was installed in the system."
+                          href: event-4697.md
+                    - name: Audit System Integrity
+                      href: audit-system-integrity.md
+                      items: 
+                        - name: "Event 4612 S: Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits."
+                          href: event-4612.md
+                        - name: "Event 4615 S: Invalid use of LPC port."
+                          href: event-4615.md
+                        - name: "Event 4618 S: A monitored security event pattern has occurred."
+                          href: event-4618.md
+                        - name: "Event 4816 S: RPC detected an integrity violation while decrypting an incoming message."
+                          href: event-4816.md
+                        - name: "Event 5038 F: Code integrity determined that the image hash of a file is not valid."
+                          href: event-5038.md
+                        - name: "Event 5056 S: A cryptographic self-test was performed."
+                          href: event-5056.md
+                        - name: "Event 5062 S: A kernel-mode cryptographic self-test was performed."
+                          href: event-5062.md
+                        - name: "Event 5057 F: A cryptographic primitive operation failed."
+                          href: event-5057.md
+                        - name: "Event 5060 F: Verification operation failed."
+                          href: event-5060.md
+                        - name: "Event 5061 S, F: Cryptographic operation."
+                          href: event-5061.md
+                        - name: "Event 6281 F: Code Integrity determined that the page hashes of an image file are not valid."
+                          href: event-6281.md
+                        - name: "Event 6410 F: Code integrity determined that a file does not meet the security requirements to load into a process."
+                          href: event-6410.md
+                    - name: Other Events
+                      href: other-events.md
+                      items: 
+                        - name: "Event 1100 S: The event logging service has shut down."
+                          href: event-1100.md
+                        - name: "Event 1102 S: The audit log was cleared."
+                          href: event-1102.md
+                        - name: "Event 1104 S: The security log is now full."
+                          href: event-1104.md
+                        - name: "Event 1105 S: Event log automatic backup."
+                          href: event-1105.md
+                        - name: "Event 1108 S: The event logging service encountered an error while processing an incoming event published from %1."
+                          href: event-1108.md
+                    - name: "Appendix A: Security monitoring recommendations for many audit events"
+                      href: appendix-a-security-monitoring-recommendations-for-many-audit-events.md
+                    - name: Registry (Global Object Access Auditing)
+                      href: registry-global-object-access-auditing.md
+                    - name: File System (Global Object Access Auditing)
+                      href: file-system-global-object-access-auditing.md
\ No newline at end of file
diff --git a/windows/security/threat-protection/security-policy-settings/TOC.yml b/windows/security/threat-protection/security-policy-settings/TOC.yml
new file mode 100644
index 0000000000..8e8f9f630c
--- /dev/null
+++ b/windows/security/threat-protection/security-policy-settings/TOC.yml
@@ -0,0 +1,349 @@
+        - name: Security policy settings
+          href: security-policy-settings.md
+          items: 
+            - name: Administer security policy settings
+              href: administer-security-policy-settings.md
+              items: 
+                - name: Network List Manager policies
+                  href: network-list-manager-policies.md
+            - name: Configure security policy settings
+              href: how-to-configure-security-policy-settings.md
+            - name: Security policy settings reference
+              href: security-policy-settings-reference.md
+              items: 
+                - name: Account Policies
+                  href: account-policies.md
+                  items: 
+                    - name: Password Policy
+                      href: password-policy.md
+                      items: 
+                        - name: Enforce password history
+                          href: enforce-password-history.md
+                        - name: Maximum password age
+                          href: maximum-password-age.md
+                        - name: Minimum password age
+                          href: minimum-password-age.md
+                        - name: Minimum password length
+                          href: minimum-password-length.md
+                        - name: Password must meet complexity requirements
+                          href: password-must-meet-complexity-requirements.md
+                        - name: Store passwords using reversible encryption
+                          href: store-passwords-using-reversible-encryption.md
+                    - name: Account Lockout Policy
+                      href: account-lockout-policy.md
+                      items: 
+                        - name: Account lockout duration
+                          href: account-lockout-duration.md
+                        - name: Account lockout threshold
+                          href: account-lockout-threshold.md
+                        - name: Reset account lockout counter after
+                          href: reset-account-lockout-counter-after.md
+                    - name: Kerberos Policy
+                      href: kerberos-policy.md
+                      items: 
+                        - name: Enforce user logon restrictions
+                          href: enforce-user-logon-restrictions.md
+                        - name: Maximum lifetime for service ticket
+                          href: maximum-lifetime-for-service-ticket.md
+                        - name: Maximum lifetime for user ticket
+                          href: maximum-lifetime-for-user-ticket.md
+                        - name: Maximum lifetime for user ticket renewal
+                          href: maximum-lifetime-for-user-ticket-renewal.md
+                        - name: Maximum tolerance for computer clock synchronization
+                          href: maximum-tolerance-for-computer-clock-synchronization.md
+                - name: Audit Policy
+                  href: audit-policy.md
+                - name: Security Options
+                  href: security-options.md
+                  items: 
+                    - name: "Accounts: Administrator account status"
+                      href: accounts-administrator-account-status.md
+                    - name: "Accounts: Block Microsoft accounts"
+                      href: accounts-block-microsoft-accounts.md
+                    - name: "Accounts: Guest account status"
+                      href: accounts-guest-account-status.md
+                    - name: "Accounts: Limit local account use of blank passwords to console logon only"
+                      href: accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md
+                    - name: "Accounts: Rename administrator account"
+                      href: accounts-rename-administrator-account.md
+                    - name: "Accounts: Rename guest account"
+                      href: accounts-rename-guest-account.md
+                    - name: "Audit: Audit the access of global system objects"
+                      href: audit-audit-the-access-of-global-system-objects.md
+                    - name: "Audit: Audit the use of Backup and Restore privilege"
+                      href: audit-audit-the-use-of-backup-and-restore-privilege.md
+                    - name: "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings"
+                      href: audit-force-audit-policy-subcategory-settings-to-override.md
+                    - name: "Audit: Shut down system immediately if unable to log security audits"
+                      href: audit-shut-down-system-immediately-if-unable-to-log-security-audits.md
+                    - name: "DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax"
+                      href: dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
+                    - name: "DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax"
+                      href: dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
+                    - name: "Devices: Allow undock without having to log on"
+                      href: devices-allow-undock-without-having-to-log-on.md
+                    - name: "Devices: Allowed to format and eject removable media"
+                      href: devices-allowed-to-format-and-eject-removable-media.md
+                    - name: "Devices: Prevent users from installing printer drivers"
+                      href: devices-prevent-users-from-installing-printer-drivers.md
+                    - name: "Devices: Restrict CD-ROM access to locally logged-on user only"
+                      href: devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md
+                    - name: "Devices: Restrict floppy access to locally logged-on user only"
+                      href: devices-restrict-floppy-access-to-locally-logged-on-user-only.md
+                    - name: "Domain controller: Allow server operators to schedule tasks"
+                      href: domain-controller-allow-server-operators-to-schedule-tasks.md
+                    - name: "Domain controller: LDAP server signing requirements"
+                      href: domain-controller-ldap-server-signing-requirements.md
+                    - name: "Domain controller: Refuse machine account password changes"
+                      href: domain-controller-refuse-machine-account-password-changes.md
+                    - name: "Domain member: Digitally encrypt or sign secure channel data (always)"
+                      href: domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md
+                    - name: "Domain member: Digitally encrypt secure channel data (when possible)"
+                      href: domain-member-digitally-encrypt-secure-channel-data-when-possible.md
+                    - name: "Domain member: Digitally sign secure channel data (when possible)"
+                      href: domain-member-digitally-sign-secure-channel-data-when-possible.md
+                    - name: "Domain member: Disable machine account password changes"
+                      href: domain-member-disable-machine-account-password-changes.md
+                    - name: "Domain member: Maximum machine account password age"
+                      href: domain-member-maximum-machine-account-password-age.md
+                    - name: "Domain member: Require strong (Windows 2000 or later) session key"
+                      href: domain-member-require-strong-windows-2000-or-later-session-key.md
+                    - name: "Interactive logon: Display user information when the session is locked"
+                      href: interactive-logon-display-user-information-when-the-session-is-locked.md
+                    - name: "Interactive logon: Don't display last signed-in"
+                      href: interactive-logon-do-not-display-last-user-name.md
+                    - name: "Interactive logon: Don't display username at sign-in"
+                      href: interactive-logon-dont-display-username-at-sign-in.md
+                    - name: "Interactive logon: Do not require CTRL+ALT+DEL"
+                      href: interactive-logon-do-not-require-ctrl-alt-del.md
+                    - name: "Interactive logon: Machine account lockout threshold"
+                      href: interactive-logon-machine-account-lockout-threshold.md
+                    - name: "Interactive logon: Machine inactivity limit"
+                      href: interactive-logon-machine-inactivity-limit.md
+                    - name: "Interactive logon: Message text for users attempting to log on"
+                      href: interactive-logon-message-text-for-users-attempting-to-log-on.md
+                    - name: "Interactive logon: Message title for users attempting to log on"
+                      href: interactive-logon-message-title-for-users-attempting-to-log-on.md
+                    - name: "Interactive logon: Number of previous logons to cache (in case domain controller is not available)"
+                      href: interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md
+                    - name: "Interactive logon: Prompt user to change password before expiration"
+                      href: interactive-logon-prompt-user-to-change-password-before-expiration.md
+                    - name: "Interactive logon: Require Domain Controller authentication to unlock workstation"
+                      href: interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md
+                    - name: "Interactive logon: Require smart card"
+                      href: interactive-logon-require-smart-card.md
+                    - name: "Interactive logon: Smart card removal behavior"
+                      href: interactive-logon-smart-card-removal-behavior.md
+                    - name: "Microsoft network client: Digitally sign communications (always)"
+                      href: microsoft-network-client-digitally-sign-communications-always.md
+                    - name: "SMBv1 Microsoft network client: Digitally sign communications (always)"
+                      href: smbv1-microsoft-network-client-digitally-sign-communications-always.md
+                    - name: "SMBv1 Microsoft network client: Digitally sign communications (if server agrees)"
+                      href: smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md
+                    - name: "Microsoft network client: Send unencrypted password to third-party SMB servers"
+                      href: microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md
+                    - name: "Microsoft network server: Amount of idle time required before suspending session"
+                      href: microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md
+                    - name: "Microsoft network server: Attempt S4U2Self to obtain claim information"
+                      href: microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md
+                    - name: "Microsoft network server: Digitally sign communications (always)"
+                      href: microsoft-network-server-digitally-sign-communications-always.md
+                    - name: "SMBv1 Microsoft network server: Digitally sign communications (always)"
+                      href: smbv1-microsoft-network-server-digitally-sign-communications-always.md
+                    - name: "SMBv1 Microsoft network server: Digitally sign communications (if client agrees)"
+                      href: smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md
+                    - name: "Microsoft network server: Disconnect clients when logon hours expire"
+                      href: microsoft-network-server-disconnect-clients-when-logon-hours-expire.md
+                    - name: "Microsoft network server: Server SPN target name validation level"
+                      href: microsoft-network-server-server-spn-target-name-validation-level.md
+                    - name: "Network access: Allow anonymous SID/Name translation"
+                      href: network-access-allow-anonymous-sidname-translation.md
+                    - name: "Network access: Do not allow anonymous enumeration of SAM accounts"
+                      href: network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md
+                    - name: "Network access: Do not allow anonymous enumeration of SAM accounts and shares"
+                      href: network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md
+                    - name: "Network access: Do not allow storage of passwords and credentials for network authentication"
+                      href: network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md
+                    - name: "Network access: Let Everyone permissions apply to anonymous users"
+                      href: network-access-let-everyone-permissions-apply-to-anonymous-users.md
+                    - name: "Network access: Named Pipes that can be accessed anonymously"
+                      href: network-access-named-pipes-that-can-be-accessed-anonymously.md
+                    - name: "Network access: Remotely accessible registry paths"
+                      href: network-access-remotely-accessible-registry-paths.md
+                    - name: "Network access: Remotely accessible registry paths and subpaths"
+                      href: network-access-remotely-accessible-registry-paths-and-subpaths.md
+                    - name: "Network access: Restrict anonymous access to Named Pipes and Shares"
+                      href: network-access-restrict-anonymous-access-to-named-pipes-and-shares.md
+                    - name: "Network access: Restrict clients allowed to make remote calls to SAM"
+                      href: network-access-restrict-clients-allowed-to-make-remote-sam-calls.md
+                    - name: "Network access: Shares that can be accessed anonymously"
+                      href: network-access-shares-that-can-be-accessed-anonymously.md
+                    - name: "Network access: Sharing and security model for local accounts"
+                      href: network-access-sharing-and-security-model-for-local-accounts.md
+                    - name: "Network security: Allow Local System to use computer identity for NTLM"
+                      href: network-security-allow-local-system-to-use-computer-identity-for-ntlm.md
+                    - name: "Network security: Allow LocalSystem NULL session fallback"
+                      href: network-security-allow-localsystem-null-session-fallback.md
+                    - name: "Network security: Allow PKU2U authentication requests to this computer to use online identities"
+                      href: network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md
+                    - name: "Network security: Configure encryption types allowed for Kerberos"
+                      href: network-security-configure-encryption-types-allowed-for-kerberos.md
+                    - name: "Network security: Do not store LAN Manager hash value on next password change"
+                      href: network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md
+                    - name: "Network security: Force logoff when logon hours expire"
+                      href: network-security-force-logoff-when-logon-hours-expire.md
+                    - name: "Network security: LAN Manager authentication level"
+                      href: network-security-lan-manager-authentication-level.md
+                    - name: "Network security: LDAP client signing requirements"
+                      href: network-security-ldap-client-signing-requirements.md
+                    - name: "Network security: Minimum session security for NTLM SSP based (including secure RPC) clients"
+                      href: network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md
+                    - name: "Network security: Minimum session security for NTLM SSP based (including secure RPC) servers"
+                      href: network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md
+                    - name: "Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication"
+                      href: network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md
+                    - name: "Network security: Restrict NTLM: Add server exceptions in this domain"
+                      href: network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md
+                    - name: "Network security: Restrict NTLM: Audit incoming NTLM traffic"
+                      href: network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md
+                    - name: "Network security: Restrict NTLM: Audit NTLM authentication in this domain"
+                      href: network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md
+                    - name: "Network security: Restrict NTLM: Incoming NTLM traffic"
+                      href: network-security-restrict-ntlm-incoming-ntlm-traffic.md
+                    - name: "Network security: Restrict NTLM: NTLM authentication in this domain"
+                      href: network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md
+                    - name: "Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers"
+                      href: network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md
+                    - name: "Recovery console: Allow automatic administrative logon"
+                      href: recovery-console-allow-automatic-administrative-logon.md
+                    - name: "Recovery console: Allow floppy copy and access to all drives and folders"
+                      href: recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md
+                    - name: "Shutdown: Allow system to be shut down without having to log on"
+                      href: shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md
+                    - name: "Shutdown: Clear virtual memory pagefile"
+                      href: shutdown-clear-virtual-memory-pagefile.md
+                    - name: "System cryptography: Force strong key protection for user keys stored on the computer"
+                      href: system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md
+                    - name: "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing"
+                      href: system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md
+                    - name: "System objects: Require case insensitivity for non-Windows subsystems"
+                      href: system-objects-require-case-insensitivity-for-non-windows-subsystems.md
+                    - name: "System objects: Strengthen default permissions of internal system objects (Symbolic Links)"
+                      href: system-objects-strengthen-default-permissions-of-internal-system-objects.md
+                    - name: "System settings: Optional subsystems"
+                      href: system-settings-optional-subsystems.md
+                    - name: "System settings: Use certificate rules on Windows executables for Software Restriction Policies"
+                      href: system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md
+                    - name: "User Account Control: Admin Approval Mode for the Built-in Administrator account"
+                      href: user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md
+                    - name: "User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop"
+                      href: user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md
+                    - name: "User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode"
+                      href: user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md
+                    - name: "User Account Control: Behavior of the elevation prompt for standard users"
+                      href: user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md
+                    - name: "User Account Control: Detect application installations and prompt for elevation"
+                      href: user-account-control-detect-application-installations-and-prompt-for-elevation.md
+                    - name: "User Account Control: Only elevate executables that are signed and validated"
+                      href: user-account-control-only-elevate-executables-that-are-signed-and-validated.md
+                    - name: "User Account Control: Only elevate UIAccess applications that are installed in secure locations"
+                      href: user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md
+                    - name: "User Account Control: Run all administrators in Admin Approval Mode"
+                      href: user-account-control-run-all-administrators-in-admin-approval-mode.md
+                    - name: "User Account Control: Switch to the secure desktop when prompting for elevation"
+                      href: user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md
+                    - name: "User Account Control: Virtualize file and registry write failures to per-user locations"
+                      href: user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md
+                - name: Advanced security audit policy settings
+                  href: secpol-advanced-security-audit-policy-settings.md
+                - name: User Rights Assignment
+                  href: user-rights-assignment.md
+                  items: 
+                    - name: Access Credential Manager as a trusted caller
+                      href: access-credential-manager-as-a-trusted-caller.md
+                    - name: Access this computer from the network
+                      href: access-this-computer-from-the-network.md
+                    - name: Act as part of the operating system
+                      href: act-as-part-of-the-operating-system.md
+                    - name: Add workstations to domain
+                      href: add-workstations-to-domain.md
+                    - name: Adjust memory quotas for a process
+                      href: adjust-memory-quotas-for-a-process.md
+                    - name: Allow log on locally
+                      href: allow-log-on-locally.md
+                    - name: Allow log on through Remote Desktop Services
+                      href: allow-log-on-through-remote-desktop-services.md
+                    - name: Back up files and directories
+                      href: back-up-files-and-directories.md
+                    - name: Bypass traverse checking
+                      href: bypass-traverse-checking.md
+                    - name: Change the system time
+                      href: change-the-system-time.md
+                    - name: Change the time zone
+                      href: change-the-time-zone.md
+                    - name: Create a pagefile
+                      href: create-a-pagefile.md
+                    - name: Create a token object
+                      href: create-a-token-object.md
+                    - name: Create global objects
+                      href: create-global-objects.md
+                    - name: Create permanent shared objects
+                      href: create-permanent-shared-objects.md
+                    - name: Create symbolic links
+                      href: create-symbolic-links.md
+                    - name: Debug programs
+                      href: debug-programs.md
+                    - name: Deny access to this computer from the network
+                      href: deny-access-to-this-computer-from-the-network.md
+                    - name: Deny log on as a batch job
+                      href: deny-log-on-as-a-batch-job.md
+                    - name: Deny log on as a service
+                      href: deny-log-on-as-a-service.md
+                    - name: Deny log on locally
+                      href: deny-log-on-locally.md
+                    - name: Deny log on through Remote Desktop Services
+                      href: deny-log-on-through-remote-desktop-services.md
+                    - name: Enable computer and user accounts to be trusted for delegation
+                      href: enable-computer-and-user-accounts-to-be-trusted-for-delegation.md
+                    - name: Force shutdown from a remote system
+                      href: force-shutdown-from-a-remote-system.md
+                    - name: Generate security audits
+                      href: generate-security-audits.md
+                    - name: Impersonate a client after authentication
+                      href: impersonate-a-client-after-authentication.md
+                    - name: Increase a process working set
+                      href: increase-a-process-working-set.md
+                    - name: Increase scheduling priority
+                      href: increase-scheduling-priority.md
+                    - name: Load and unload device drivers
+                      href: load-and-unload-device-drivers.md
+                    - name: Lock pages in memory
+                      href: lock-pages-in-memory.md
+                    - name: Log on as a batch job
+                      href: log-on-as-a-batch-job.md
+                    - name: Log on as a service
+                      href: log-on-as-a-service.md
+                    - name: Manage auditing and security log
+                      href: manage-auditing-and-security-log.md
+                    - name: Modify an object label
+                      href: modify-an-object-label.md
+                    - name: Modify firmware environment values
+                      href: modify-firmware-environment-values.md
+                    - name: Perform volume maintenance tasks
+                      href: perform-volume-maintenance-tasks.md
+                    - name: Profile single process
+                      href: profile-single-process.md
+                    - name: Profile system performance
+                      href: profile-system-performance.md
+                    - name: Remove computer from docking station
+                      href: remove-computer-from-docking-station.md
+                    - name: Replace a process level token
+                      href: replace-a-process-level-token.md
+                    - name: Restore files and directories
+                      href: restore-files-and-directories.md
+                    - name: Shut down the system
+                      href: shut-down-the-system.md
+                    - name: Synchronize directory service data
+                      href: synchronize-directory-service-data.md
+                    - name: Take ownership of files or other objects
+                      href: take-ownership-of-files-or-other-objects.md
\ No newline at end of file

From 49265c3a81b5ee195eccd791fdb2651d3ef53024 Mon Sep 17 00:00:00 2001
From: Carmen Forsmann <cmforsmann@live.com>
Date: Thu, 16 Sep 2021 14:49:59 -0700
Subject: [PATCH 407/671] Updated endpoints

---
 .../deployment/update/delivery-optimization-workflow.md   | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/deployment/update/delivery-optimization-workflow.md b/windows/deployment/update/delivery-optimization-workflow.md
index 292f034e70..77fcff84c6 100644
--- a/windows/deployment/update/delivery-optimization-workflow.md
+++ b/windows/deployment/update/delivery-optimization-workflow.md
@@ -36,8 +36,8 @@ This workflow allows Delivery Optimization to securely and efficiently deliver r
 |Endpoint hostname|Name|Description|Data sent from the computer to the endpoint
 |--------------------------------------------|--------------|---------------|-----------------------|
 | geover-prod.do.dsp.mp.microsoft.com <br> geo-prod.do.dsp.mp.microsoft.com <br> geo.prod.do.dsp.mp.microsoft.com <br> geover.prod.do.dsp.mp.microsoft.com | Geo | Service used to identify the location of the device in order to direct it to the nearest data center. | **Profile**: The device type (for example, PC or Xbox) <br> **doClientVersion**: The version of the DoSvc Client <br> **groupID**: Group the device belongs to (set with DownloadMode = '2' (Group download mode) + groupID group policy / MDM policies) |
-| kv*-prod.do.dsp.mp.microsoft.com <br> kv*.prod.do.dsp.mp.microsoft.com | KeyValue | Bootstrap service provides endpoints for all other services as well as device configs | **countryCode**: The country the client is connected from <br> **doClientVersion**: The version of the DoSvc Client <br> **Profile**: The device type (for example, PC or Xbox) <br> **eId**: Client grouping Id <br> **CacheHost**: Cache host id |
-| cp*-prod.do.dsp.mp.microsoft.com <br> cp*.prod.do.dsp.mp.microsoft.com <br> | Content Policy | Provides content specific policies as well as content metadata URLs | **Profile**: The device type (for example, PC or Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the dosvc client <br> **countryCode**: The country the client is connected from <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **eId**: Client grouping Id <br> **CacheHost**: Cache host id |
-| disc*-prod.do.dsp.mp.microsoft.com <br> disc*.prod.do.dsp.mp.microsoft.com | Discovery | Provides the client with the geo-located array to connect to. (There are two endpoints providing this functionality: /content and /v2/content.) | **Profile**: The device type (for example, PC or Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the dosvc client <br> **partitionId**: Client partitioning hint <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **eId**: Client grouping Id |
-| cn*-prod.do.dsp.mp.microsoft.com <br> cn*.prod.do.dsp.mp.microsoft.com | Arrays | Provides the client with list of peers that have the same content and belong to the same peer group. | **Profile**: The device type (for example, PC or Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the dosvc client <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **PeerId**:  Identified of the device running DO client <br> **ReportedIp**: The internal / private IP Address <br> **IsBackground**: Is the download interactive or background <br> **Uploaded**: Total bytes uploaded to peers <br> **Downloaded**: Total bytes downloaded from peers <br> **DownloadedCdn**: Total bytes downloaded from CDN <br> **Left**: Bytes left to download <br> **Peers Wanted**: Total number of peers wanted <br> **Group Id**: Group the device belongs to (set via DownloadMode 2 + Group ID GP / MDM policies) <br> **Scope**: The Download mode <br> **UploadedBPS**: The upload speed in bytes per second <br> **DownloadBPS**: The download speed in Bytes per second <br> **eId**: Client grouping Id |
+| kv*prod.do.dsp.mp.microsoft.com <br> kv*.prod.do.dsp.mp.microsoft.com | KeyValue | Bootstrap service provides endpoints for all other services as well as device configs | **countryCode**: The country the client is connected from <br> **doClientVersion**: The version of the DoSvc Client <br> **Profile**: The device type (for example, PC or Xbox) <br> **eId**: Client grouping Id <br> **CacheHost**: Cache host id |
+| cp*prod.do.dsp.mp.microsoft.com <br> cp*.prod.do.dsp.mp.microsoft.com <br> | Content Policy | Provides content specific policies as well as content metadata URLs | **Profile**: The device type (for example, PC or Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the dosvc client <br> **countryCode**: The country the client is connected from <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **eId**: Client grouping Id <br> **CacheHost**: Cache host id |
+| disc*prod.do.dsp.mp.microsoft.com <br> disc*.prod.do.dsp.mp.microsoft.com | Discovery | Provides the client with the geo-located array to connect to. (There are two endpoints providing this functionality: /content and /v2/content.) | **Profile**: The device type (for example, PC or Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the dosvc client <br> **partitionId**: Client partitioning hint <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **eId**: Client grouping Id |
+| array*prod.do.dsp.mp.microsoft.com | Arrays | Provides the client with list of peers that have the same content and belong to the same peer group. | **Profile**: The device type (for example, PC or Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the dosvc client <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **PeerId**:  Identified of the device running DO client <br> **ReportedIp**: The internal / private IP Address <br> **IsBackground**: Is the download interactive or background <br> **Uploaded**: Total bytes uploaded to peers <br> **Downloaded**: Total bytes downloaded from peers <br> **DownloadedCdn**: Total bytes downloaded from CDN <br> **Left**: Bytes left to download <br> **Peers Wanted**: Total number of peers wanted <br> **Group Id**: Group the device belongs to (set via DownloadMode 2 + Group ID GP / MDM policies) <br> **Scope**: The Download mode <br> **UploadedBPS**: The upload speed in bytes per second <br> **DownloadBPS**: The download speed in Bytes per second <br> **eId**: Client grouping Id |
 | dl.delivery.mp.microsoft.com <br> emdl.ws.microsoft.com |  | Metadata download can come from different hostnames, but it's required for peer to peer |  

From a75d72ecde07dc9b40caa45f0dc7a52be61bdc75 Mon Sep 17 00:00:00 2001
From: Carmen Forsmann <cmforsmann@live.com>
Date: Thu, 16 Sep 2021 15:08:08 -0700
Subject: [PATCH 408/671] Update delivery-optimization-workflow.md

---
 .../deployment/update/delivery-optimization-workflow.md   | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/deployment/update/delivery-optimization-workflow.md b/windows/deployment/update/delivery-optimization-workflow.md
index 77fcff84c6..b6a9e024c3 100644
--- a/windows/deployment/update/delivery-optimization-workflow.md
+++ b/windows/deployment/update/delivery-optimization-workflow.md
@@ -36,8 +36,8 @@ This workflow allows Delivery Optimization to securely and efficiently deliver r
 |Endpoint hostname|Name|Description|Data sent from the computer to the endpoint
 |--------------------------------------------|--------------|---------------|-----------------------|
 | geover-prod.do.dsp.mp.microsoft.com <br> geo-prod.do.dsp.mp.microsoft.com <br> geo.prod.do.dsp.mp.microsoft.com <br> geover.prod.do.dsp.mp.microsoft.com | Geo | Service used to identify the location of the device in order to direct it to the nearest data center. | **Profile**: The device type (for example, PC or Xbox) <br> **doClientVersion**: The version of the DoSvc Client <br> **groupID**: Group the device belongs to (set with DownloadMode = '2' (Group download mode) + groupID group policy / MDM policies) |
-| kv*prod.do.dsp.mp.microsoft.com <br> kv*.prod.do.dsp.mp.microsoft.com | KeyValue | Bootstrap service provides endpoints for all other services as well as device configs | **countryCode**: The country the client is connected from <br> **doClientVersion**: The version of the DoSvc Client <br> **Profile**: The device type (for example, PC or Xbox) <br> **eId**: Client grouping Id <br> **CacheHost**: Cache host id |
-| cp*prod.do.dsp.mp.microsoft.com <br> cp*.prod.do.dsp.mp.microsoft.com <br> | Content Policy | Provides content specific policies as well as content metadata URLs | **Profile**: The device type (for example, PC or Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the dosvc client <br> **countryCode**: The country the client is connected from <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **eId**: Client grouping Id <br> **CacheHost**: Cache host id |
-| disc*prod.do.dsp.mp.microsoft.com <br> disc*.prod.do.dsp.mp.microsoft.com | Discovery | Provides the client with the geo-located array to connect to. (There are two endpoints providing this functionality: /content and /v2/content.) | **Profile**: The device type (for example, PC or Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the dosvc client <br> **partitionId**: Client partitioning hint <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **eId**: Client grouping Id |
-| array*prod.do.dsp.mp.microsoft.com | Arrays | Provides the client with list of peers that have the same content and belong to the same peer group. | **Profile**: The device type (for example, PC or Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the dosvc client <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **PeerId**:  Identified of the device running DO client <br> **ReportedIp**: The internal / private IP Address <br> **IsBackground**: Is the download interactive or background <br> **Uploaded**: Total bytes uploaded to peers <br> **Downloaded**: Total bytes downloaded from peers <br> **DownloadedCdn**: Total bytes downloaded from CDN <br> **Left**: Bytes left to download <br> **Peers Wanted**: Total number of peers wanted <br> **Group Id**: Group the device belongs to (set via DownloadMode 2 + Group ID GP / MDM policies) <br> **Scope**: The Download mode <br> **UploadedBPS**: The upload speed in bytes per second <br> **DownloadBPS**: The download speed in Bytes per second <br> **eId**: Client grouping Id |
+| kv\*.prod.do.dsp.mp.microsoft.com | KeyValue | Bootstrap service provides endpoints for all other services as well as device configs | **countryCode**: The country the client is connected from <br> **doClientVersion**: The version of the DoSvc Client <br> **Profile**: The device type (for example, PC or Xbox) <br> **eId**: Client grouping Id <br> **CacheHost**: Cache host id |
+| cp\*.prod.do.dsp.mp.microsoft.com <br> | Content Policy | Provides content specific policies as well as content metadata URLs | **Profile**: The device type (for example, PC or Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the dosvc client <br> **countryCode**: The country the client is connected from <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **eId**: Client grouping Id <br> **CacheHost**: Cache host id |
+| disc\*.prod.do.dsp.mp.microsoft.com | Discovery | Provides the client with the geo-located array to connect to. (There are two endpoints providing this functionality: /content and /v2/content.) | **Profile**: The device type (for example, PC or Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the dosvc client <br> **partitionId**: Client partitioning hint <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **eId**: Client grouping Id |
+| array\*.prod.do.dsp.mp.microsoft.com | Arrays | Provides the client with list of peers that have the same content and belong to the same peer group. | **Profile**: The device type (for example, PC or Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the dosvc client <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **PeerId**:  Identified of the device running DO client <br> **ReportedIp**: The internal / private IP Address <br> **IsBackground**: Is the download interactive or background <br> **Uploaded**: Total bytes uploaded to peers <br> **Downloaded**: Total bytes downloaded from peers <br> **DownloadedCdn**: Total bytes downloaded from CDN <br> **Left**: Bytes left to download <br> **Peers Wanted**: Total number of peers wanted <br> **Group Id**: Group the device belongs to (set via DownloadMode 2 + Group ID GP / MDM policies) <br> **Scope**: The Download mode <br> **UploadedBPS**: The upload speed in bytes per second <br> **DownloadBPS**: The download speed in Bytes per second <br> **eId**: Client grouping Id |
 | dl.delivery.mp.microsoft.com <br> emdl.ws.microsoft.com |  | Metadata download can come from different hostnames, but it's required for peer to peer |  

From f6dc9933fcdc84c0241de0f65dcb9495e55a195c Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 15:14:35 -0700
Subject: [PATCH 409/671] Update operating-system.md

---
 windows/security/operating-system.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 6863bd1951..8f5ab571d6 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -32,6 +32,13 @@ Windows Security app | The Windows built-in security application found in setitn
 | Encrypted Hard Drive | <br/><br/>Encrypted Hard Drive uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management. <br> By offloading the cryptographic operations to hardware, Encrypted Hard Drives increase BitLocker performance and reduce CPU usage and power consumption. Because Encrypted Hard Drives encrypt data quickly, enterprise devices can expand BitLocker deployment with minimal impact on productivity. <br/><br/> Learn more about [Encrypted Hard Drives](information-protection/encrypted-hard-drive.md). <br><br/> |
 | Virtual Private Network | Virtual private networks (VPNs) are point-to-point connections across a private or public network, such as the Internet. A VPN client uses special TCP/IP or UDP-based protocols, called tunneling protocols, to make a virtual call to a virtual port on a VPN server. <br><br/>Learn more about [Virtual Private Networks](identity-protection/vpn/vpn-guide.md) (VPNs).<br/><br/>|
 | Windows Defender Firewall | Windows Defender Firewall is a stateful host firewall that helps secure the device by allowing you to create rules that determine which network traffic is permitted to enter the device from the network and which network traffic the device is allowed to send to the network. Windows Defender Firewall also supports Internet Protocol security (IPsec), which you can use to require authentication from any device that is attempting to communicate with your device. <br><br/> Learn more about [Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md).<br/><br/>
-| Protection from viruses and threats | The next-generation protection capabilities in Windows helps identify and block new and emerging threats. By reducing your attack surface, you can reduce the risk of malware getting onto a device. Powered by the cloud and machine learning, Microsoft Defender Antivirus can help stop attacks in real-time. These capabilities can help security teams prevent malware from infecting a device. <br><br/> [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)<br/><br/>[Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction)<br/><br/>[Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)<br/><br/>[Network protection](/microsoft-365/security/defender-endpoint/network-protection)<br/><br/>[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)<br/><br/>[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)<br/><br/>Integration with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint) for additional threat protection |
+| Protection from viruses and threats | The next-generation protection capabilities in Windows helps identify and block new and emerging threats. By reducing your attack surface, you can reduce the risk of malware getting onto a device. Powered by the cloud and machine learning, Microsoft Defender Antivirus can help stop attacks in real-time. These capabilities can help security teams prevent malware from infecting a device. | 
+| Antivirus & antimalware protection | [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)| 
+| Attack surface reduction rules | Learn more about [Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction) |
+| Anti-tampering protection | Learn more about [Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection). | 
+| Network protection | Learn more about [Network protection](/microsoft-365/security/defender-endpoint/network-protection). |
+| Controlled folder access | Learn more about [Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders). |
+| Exploit protection | Learn more about [Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection). | 
+| Microsoft Defender for Endpoint | Learn more about [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint). |
 
 <!-- DanSimp to follow on on Bluetooth, Domain Name System (DNS) security, Windows Wi-Fi, Transport Layer Security (TLS)-->

From 2b0e4f98d39b98ad8b64c1183c2a5afebcc45b8d Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 16 Sep 2021 15:28:43 -0700
Subject: [PATCH 410/671] so many updates

---
 windows/security/TOC.yml                      | 132 +++++++++---------
 windows/security/apps.md                      |   2 +-
 windows/security/cloud.md                     |   4 +-
 windows/security/hardware.md                  |   2 +-
 windows/security/identity.md                  |   2 +-
 windows/security/operating-system.md          |   2 -
 .../threat-protection/fips-140-validation.md  |   2 +-
 .../wdsc-account-protection.md                |   8 +-
 .../wdsc-app-browser-control.md               |   7 +-
 .../wdsc-customize-contact-information.md     |  15 +-
 .../wdsc-device-performance-health.md         |   7 +-
 .../wdsc-device-security.md                   |   7 +-
 .../wdsc-family-options.md                    |   8 +-
 .../wdsc-firewall-network-protection.md       |   8 +-
 .../wdsc-hide-notifications.md                |  15 +-
 .../wdsc-virus-threat-protection.md           |   7 +-
 .../windows-defender-security-center.md       |   5 +-
 .../TOC.yml                                   |   9 --
 18 files changed, 109 insertions(+), 133 deletions(-)
 delete mode 100644 windows/security/threat-protection/windows-security-configuration-framework/TOC.yml

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 3c0315e244..340d3c91b4 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -45,6 +45,10 @@
        href: cryptography-certificate-mgmt.md
      - name: The Windows Security app
        href: threat-protection/windows-defender-security-center/windows-defender-security-center.md
+     - name: Security policy settings
+       href: threat-protection/security-policy-settings/security-policy-settings.md
+     - name: Security auditing
+       href: threat-protection/auditing/security-auditing-overview.md
    - name: Encryption and data protection 
      href: encryption-data-protection.md
      items:
@@ -126,72 +130,13 @@
                   href: information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md
      - name: Configure S/MIME for Windows
        href: identity-protection/configure-s-mime.md    
-     - name: Security policy settings
-       href: threat-protection/security-policy-settings/security-policy-settings.md
-     - name: Security auditing
-       href: threat-protection/auditing/security-auditing-overview.md
-     - name: Windows Information Protection (WIP)
-       href: information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
-       items: 
-        - name: Create a WIP policy using Microsoft Intune
-          href: information-protection/windows-information-protection/overview-create-wip-policy.md
-          items: 
-            - name: Create a WIP policy with MDM using the Azure portal for Microsoft Intune
-              href: information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
-              items: 
-                - name: Deploy your WIP policy using the Azure portal for Microsoft Intune
-                  href: information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md
-                - name: Associate and deploy a VPN policy for WIP using the Azure portal for Microsoft Intune
-                  href: information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md
-            - name: Create and verify an EFS Data Recovery Agent (DRA) certificate
-              href: information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
-            - name: Determine the Enterprise Context of an app running in WIP
-              href: information-protection/windows-information-protection/wip-app-enterprise-context.md
-        - name: Create a WIP policy using Microsoft Endpoint Configuration Manager
-          href: information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md
-          items: 
-            - name: Create and deploy a WIP policy using Microsoft Endpoint Configuration Manager
-              href: information-protection/windows-information-protection/create-wip-policy-using-configmgr.md
-            - name: Create and verify an EFS Data Recovery Agent (DRA) certificate
-              href: information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
-            - name: Determine the Enterprise Context of an app running in WIP
-              href: information-protection/windows-information-protection/wip-app-enterprise-context.md
-        - name: Mandatory tasks and settings required to turn on WIP
-          href: information-protection/windows-information-protection/mandatory-settings-for-wip.md
-        - name: Testing scenarios for WIP
-          href: information-protection/windows-information-protection/testing-scenarios-for-wip.md
-        - name: Limitations while using WIP
-          href: information-protection/windows-information-protection/limitations-with-wip.md
-        - name: How to collect WIP audit event logs
-          href: information-protection/windows-information-protection/collect-wip-audit-event-logs.md
-        - name: General guidance and best practices for WIP
-          href: information-protection/windows-information-protection/guidance-and-best-practices-wip.md
-          items: 
-            - name: Enlightened apps for use with WIP
-              href: information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
-            - name: Unenlightened and enlightened app behavior while using WIP
-              href: information-protection/windows-information-protection/app-behavior-with-wip.md
-            - name: Recommended Enterprise Cloud Resources and Neutral Resources network settings with WIP
-              href: information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
-            - name: Using Outlook Web Access with WIP
-              href: information-protection/windows-information-protection/using-owa-with-wip.md
-        - name: Fine-tune WIP Learning
-          href: information-protection/windows-information-protection/wip-learning.md
-        - name: Windows security baselines
-          href: threat-protection/windows-security-configuration-framework/windows-security-baselines.md
-          items: 
-            - name: Security Compliance Toolkit
-              href: threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
-            - name: Get support
-              href: threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md     
-     - name: More Windows security
-       items: 
-        - name: Override Process Mitigation Options to help enforce app-related security policies
-          href: threat-protection/override-mitigation-options-for-app-related-security-policies.md
-        - name: Use Windows Event Forwarding to help with intrusion detection
-          href: threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
-        - name: Block untrusted fonts in an enterprise
-          href: threat-protection/block-untrusted-fonts-in-enterprise.md
+   - name: Windows security baselines
+     href: threat-protection/windows-security-configuration-framework/windows-security-baselines.md
+     items: 
+      - name: Security Compliance Toolkit
+        href: threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
+      - name: Get support
+        href: threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md     
    - name: Network security
      items:
      - name: VPN technical guide
@@ -294,6 +239,61 @@
               href: threat-protection/intelligence/developer-faq.yml
             - name: Software developer resources
               href: threat-protection/intelligence/developer-resources.md
+   - name: More Windows security
+     items: 
+      - name: Override Process Mitigation Options to help enforce app-related security policies
+        href: threat-protection/override-mitigation-options-for-app-related-security-policies.md
+      - name: Use Windows Event Forwarding to help with intrusion detection
+        href: threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
+      - name: Block untrusted fonts in an enterprise
+        href: threat-protection/block-untrusted-fonts-in-enterprise.md
+      - name: Windows Information Protection (WIP)
+        href: information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
+        items: 
+         - name: Create a WIP policy using Microsoft Intune
+           href: information-protection/windows-information-protection/overview-create-wip-policy.md
+           items: 
+            - name: Create a WIP policy with MDM using the Azure portal for Microsoft Intune
+              href: information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
+              items: 
+                - name: Deploy your WIP policy using the Azure portal for Microsoft Intune
+                  href: information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md
+                - name: Associate and deploy a VPN policy for WIP using the Azure portal for Microsoft Intune
+                  href: information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md
+            - name: Create and verify an EFS Data Recovery Agent (DRA) certificate
+              href: information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
+            - name: Determine the Enterprise Context of an app running in WIP
+              href: information-protection/windows-information-protection/wip-app-enterprise-context.md
+         - name: Create a WIP policy using Microsoft Endpoint Configuration Manager
+           href: information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md
+           items: 
+            - name: Create and deploy a WIP policy using Microsoft Endpoint Configuration Manager
+              href: information-protection/windows-information-protection/create-wip-policy-using-configmgr.md
+            - name: Create and verify an EFS Data Recovery Agent (DRA) certificate
+              href: information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
+            - name: Determine the Enterprise Context of an app running in WIP
+              href: information-protection/windows-information-protection/wip-app-enterprise-context.md
+         - name: Mandatory tasks and settings required to turn on WIP
+           href: information-protection/windows-information-protection/mandatory-settings-for-wip.md
+         - name: Testing scenarios for WIP
+           href: information-protection/windows-information-protection/testing-scenarios-for-wip.md
+         - name: Limitations while using WIP
+           href: information-protection/windows-information-protection/limitations-with-wip.md
+         - name: How to collect WIP audit event logs
+           href: information-protection/windows-information-protection/collect-wip-audit-event-logs.md
+         - name: General guidance and best practices for WIP
+           href: information-protection/windows-information-protection/guidance-and-best-practices-wip.md
+           items: 
+            - name: Enlightened apps for use with WIP
+              href: information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
+            - name: Unenlightened and enlightened app behavior while using WIP
+              href: information-protection/windows-information-protection/app-behavior-with-wip.md
+            - name: Recommended Enterprise Cloud Resources and Neutral Resources network settings with WIP
+              href: information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
+            - name: Using Outlook Web Access with WIP
+              href: information-protection/windows-information-protection/using-owa-with-wip.md
+         - name: Fine-tune WIP Learning
+           href: information-protection/windows-information-protection/wip-learning.md
 - name: Application security
   href: apps.md
   items:
diff --git a/windows/security/apps.md b/windows/security/apps.md
index 4acb890ee6..e376d06d98 100644
--- a/windows/security/apps.md
+++ b/windows/security/apps.md
@@ -1,6 +1,6 @@
 ---
 title: Windows application security
-description: Get an overview of application security in Windows 11
+description: Get an overview of application security in Windows 10 and Windows 11
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index f83dc607ac..f65cdf002c 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -1,6 +1,6 @@
 ---
 title: Windows and cloud security
-description: Get an overview of cloud services supported in Windows 11
+description: Get an overview of cloud services supported in Windows 11 and Windows 10
 ms.reviewer: 
 author: denisebmsft
 ms.author: deniseb
@@ -22,8 +22,6 @@ ms.technology: windows-sec
 
 # Windows and cloud security
 
-*This article provides an overview of cloud services built into Windows 11.*
-
 Today’s workforce has more freedom and mobility than ever before. With the growth of enterprise cloud adoption, increased personal app usage, and increased use of third-party apps, the risk of data exposure is at its highest. Enabling Zero-Trust protection, Windows 11 works with Microsoft cloud services. Windows and cloud services together help organizations strengthen their multi-cloud security infrastructure, protect hybrid cloud workloads, and safeguard sensitive information while controlling access and mitigating threats. 
 
 Windows 11 includes the cloud services that are listed in the following table:<br/><br/>
diff --git a/windows/security/hardware.md b/windows/security/hardware.md
index 95ff8377ea..3233f71e48 100644
--- a/windows/security/hardware.md
+++ b/windows/security/hardware.md
@@ -1,6 +1,6 @@
 ---
 title: Windows hardware security
-description: Get an overview of hardware security in Windows
+description: Get an overview of hardware security in Windows 11 and Windows 10
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
diff --git a/windows/security/identity.md b/windows/security/identity.md
index 3c8edb7851..5a1dd59008 100644
--- a/windows/security/identity.md
+++ b/windows/security/identity.md
@@ -1,6 +1,6 @@
 ---
 title: Windows identity security
-description: Get an overview of identity security in Windows 11
+description: Get an overview of identity security in Windows 11 and Windows 10
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 326b25099b..bd3b4d7082 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -16,8 +16,6 @@ ms.technology: windows-sec
 
 # Windows operating system security
 
-*This article provides an overview of operating system security in Windows 11.*
-
 Security and privacy depend on an operating system that guards your system and information from the moment it starts up, providing fundamental chip-to-cloud protection. Windows 11 is the most secure Windows yet with extensive security measures designed to help keep you safe. These measures include built-in advanced encryption and data protection, robust network and system security, and intelligent safeguards against ever-evolving threats. 
 
 Use the links in the following table to learn more about the operating system security features and capabilities in Windows 11:<br/><br/>
diff --git a/windows/security/threat-protection/fips-140-validation.md b/windows/security/threat-protection/fips-140-validation.md
index b7e5fddec5..fc40dc48df 100644
--- a/windows/security/threat-protection/fips-140-validation.md
+++ b/windows/security/threat-protection/fips-140-validation.md
@@ -6780,7 +6780,7 @@ Version 6.3.9600</td>
 
 #### SP 800-132 Password-Based Key Derivation Function (PBKDF)
 
-<table border="1" cellpadding="0" summary="table" xmlns="http://www.w3.org/1999/xhtml">
+<table border="1" cellpadding="0">
   <tr>
     <td>
       <b>Modes / States / Key Sizes</b>
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md
index ed1a7fe460..7669a41a8b 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md
@@ -10,10 +10,10 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: dansimp
 ms.author: dansimp
-ms.date: 04/30/2018
+ms.date:
 ms.reviewer: 
 manager: dansimp
-ms.technology: mde
+ms.technology: windows-sec
 ---
 
 
@@ -21,8 +21,8 @@ ms.technology: mde
 
 **Applies to**
 
-- Windows 10, version 1803 and later
-
+- Windows 10
+- Windows 11
 
 The **Account protection** section contains information and settings for account protection and sign in. IT administrators and IT pros can get more information and documentation about configuration from the following:
 
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md
index 544e90142e..acfa2cee01 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md
@@ -11,17 +11,18 @@ ms.localizationpriority: medium
 audience: ITPro
 author: dansimp
 ms.author: dansimp
-ms.date: 04/30/2018
+ms.date: 
 ms.reviewer: 
 manager: dansimp
-ms.technology: mde
+ms.technology: windows-sec
 ---
 
 # App and browser control
 
 **Applies to**
 
-- Windows 10, version 1703 and later
+- Windows 10
+- Windows 11
 
 The **App and browser control** section contains information and settings for Windows Defender SmartScreen. IT administrators and IT pros can get configuration guidance from the [Windows Defender SmartScreen documentation library](/windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview).
 
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md
index 33a2c7d531..9f9932bc80 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md
@@ -10,25 +10,18 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: dansimp
 ms.author: dansimp
-ms.date: 09/13/2021
+ms.date: 
 ms.reviewer: 
 manager: dansimp
-ms.technology: mde
+ms.technology: windows-sec
 ---
 
 # Customize the Windows Security app for your organization
 
 **Applies to**
 
-- Windows 10, version 1709 and later
-
-**Audience**
-
-- Enterprise security administrators
-
-**Manageability available with**
-
-- Group Policy
+- Windows 10
+- Windows 11
 
 You can add information about your organization in a contact card to the Windows Security app. You can include a link to a support site, a phone number for a help desk, and an email address for email-based support.
 
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md
index 13fce0f2d5..3672d5c25a 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md
@@ -10,10 +10,10 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: dansimp
 ms.author: dansimp
-ms.date: 04/30/2018
+ms.date: 
 ms.reviewer: 
 manager: dansimp
-ms.technology: mde
+ms.technology: windows-sec
 ---
 
 
@@ -21,7 +21,8 @@ ms.technology: mde
 
 **Applies to**
 
-- Windows 10, version 1703 and later
+- Windows 10
+- Windows 11
 
 
 The **Device performance & health** section contains information about hardware, devices, and drivers related to the machine. IT administrators and IT pros should reference the appropriate documentation library for the issues they are seeing, such as the [configure the Load and unload device drivers security policy setting](/windows/device-security/security-policy-settings/load-and-unload-device-drivers) and how to [deploy drivers during Windows 10 deployment using Microsoft Endpoint Configuration Manager](/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager).
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md
index f4d3053cd9..dfa866ecb4 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md
@@ -10,17 +10,18 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: dansimp
 ms.author: dansimp
-ms.date: 10/02/2018
+ms.date: 
 ms.reviewer: 
 manager: dansimp
-ms.technology: mde
+ms.technology: windows-sec
 ---
 
 # Device security
 
 **Applies to**
 
-- Windows 10, version 1803 and later
+- Windows 10
+- Windows 11
 
 The **Device security** section contains information and settings for built-in device security.
 
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md
index 274c66bd66..a719854982 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md
@@ -10,10 +10,10 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: dansimp
 ms.author: dansimp
-ms.date: 04/30/2018
+ms.date: 
 ms.reviewer: 
 manager: dansimp
-ms.technology: mde
+ms.technology: windows-sec
 ---
 
 
@@ -21,8 +21,8 @@ ms.technology: mde
 
 **Applies to**
 
-- Windows 10, version 1703 and later
-
+- Windows 10
+- Windows 11
 
 The **Family options** section contains links to settings and further information for parents of a Windows 10 PC. It is not generally intended for enterprise or business environments.
 
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md
index 3a14dc7c26..924bcd1150 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md
@@ -9,10 +9,10 @@ ms.sitesec: library
 ms.localizationpriority: medium
 author: dansimp
 ms.author: dansimp
-ms.date: 04/30/2018
+ms.date:
 ms.reviewer: 
 manager: dansimp
-ms.technology: mde
+ms.technology: windows-sec
 ---
 
 
@@ -20,8 +20,8 @@ ms.technology: mde
 
 **Applies to**
 
-- Windows 10, version 1703 and later
-
+- Windows 10
+- Windows 11
 
 The **Firewall & network protection** section contains information about the firewalls and network connections used by the machine, including the status of Windows Defender Firewall and any other third-party firewalls. IT administrators and IT pros can get configuration guidance from the [Windows Defender Firewall with Advanced Security documentation library](../windows-firewall/windows-firewall-with-advanced-security.md).
 
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md
index 0a1389c07b..a58b61c3b1 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md
@@ -10,25 +10,18 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: dansimp
 ms.author: dansimp
-ms.date: 07/23/2020
+ms.date: 
 ms.reviewer: 
 manager: dansimp
-ms.technology: mde
+ms.technology: windows-sec
 ---
 
 # Hide Windows Security app notifications
 
 **Applies to**
 
-- Windows 10, version 1809 and above
-
-**Audience**
-
-- Enterprise security administrators
-
-**Manageability available with**
-
-- Group Policy
+- Windows 10
+- Windows 11
 
 The Windows Security app is used by a number of Windows security features to provide notifications about the health and security of the machine. These include notifications about firewalls, antivirus products, Windows Defender SmartScreen, and others.
 
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md
index 87960171d1..2d43e965ba 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md
@@ -12,16 +12,15 @@ author: dansimp
 ms.author: dansimp
 ms.reviewer: 
 manager: dansimp
-ms.technology: mde
+ms.technology: windows-sec
 ---
 
-
 # Virus and threat protection
 
 **Applies to**
 
-- Windows 10, version 1703 and later
-
+- Windows 10
+- Windows 11
 
 The **Virus & threat protection** section contains information and settings for antivirus protection from Microsoft Defender Antivirus and third-party AV products.
 
diff --git a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md
index fe03727f33..fa3600fc6a 100644
--- a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md
+++ b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md
@@ -11,14 +11,15 @@ author: dansimp
 ms.author: dansimp
 ms.reviewer: 
 manager: dansimp
-ms.technology: mde
+ms.technology: windows-sec
 ---
 
 # The Windows Security app
 
 **Applies to**
 
-- Windows 10, version 1703 and later
+- Windows 10
+- Windows 11
 
 This library describes the Windows Security app, and provides information on configuring certain features, including:
 
diff --git a/windows/security/threat-protection/windows-security-configuration-framework/TOC.yml b/windows/security/threat-protection/windows-security-configuration-framework/TOC.yml
deleted file mode 100644
index f7e0955409..0000000000
--- a/windows/security/threat-protection/windows-security-configuration-framework/TOC.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-- name: Windows security guidance for enterprises
-  items: 
-    - name: Windows security baselines
-      href: windows-security-baselines.md
-      items: 
-        - name: Security Compliance Toolkit
-          href: security-compliance-toolkit-10.md
-        - name: Get support
-          href: get-support-for-security-baselines.md

From 5c4cc1cd9bb7aa0dff914829090dd4a9cf3976d6 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 16 Sep 2021 15:36:05 -0700
Subject: [PATCH 411/671] acrolinx

---
 .../wdsc-account-protection.md                     | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md
index 7669a41a8b..203ac733d5 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md
@@ -24,33 +24,33 @@ ms.technology: windows-sec
 - Windows 10
 - Windows 11
 
-The **Account protection** section contains information and settings for account protection and sign in. IT administrators and IT pros can get more information and documentation about configuration from the following:
+The **Account protection** section contains information and settings for account protection and sign-in. You can get more information about these capabilities from the following list: 
 
 - [Microsoft Account](https://account.microsoft.com/account/faq)
 - [Windows Hello for Business](../../identity-protection/hello-for-business/hello-identity-verification.md)
 - [Lock your Windows 10 PC automatically when you step away from it](https://support.microsoft.com/help/4028111/windows-lock-your-windows-10-pc-automatically-when-you-step-away-from)
 
-You can also choose to hide the section from users of the machine. This can be useful if you don't want employees in your organization to see or have access to user-configured options for the features shown in the section.
+You can also choose to hide the section from users of the device. This is useful if you don't want your employees to access or view user-configured options for these features.
 
 
 ## Hide the Account protection section
 
-You can choose to hide the entire section by using Group Policy. The section will not appear on the home page of the Windows Security app, and its icon will not be shown on the navigiation bar on the side of the app.
+You can choose to hide the entire section by using Group Policy. The section won't appear on the home page of the Windows Security app, and its icon won't be shown on the navigation bar on the side of the app.
 
-This can only be done in Group Policy.
+You can only configure these settings by using Group Policy.
 
 >[!IMPORTANT]
 >### Requirements
 >
 >You must have Windows 10, version 1803 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings. 
 
-1.  On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and click **Edit**.
+1.  On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select  **Edit**.
 
-3.  In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
+3.  In the **Group Policy Management Editor** go to **Computer configuration** and select **Administrative templates**.
 
 5.  Expand the tree to **Windows components > Windows Security > Account protection**.
 
-6.  Open the **Hide the Account protection area** setting and set it to **Enabled**. Click **OK**.
+6.  Open the **Hide the Account protection area** setting and set it to **Enabled**. Select **OK**.
 
 7. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy). 
 

From 577051d2605c702e2d6f5e30e44a3097ef72191b Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 15:52:47 -0700
Subject: [PATCH 412/671] Update operating-system.md

---
 windows/security/operating-system.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index e6acec62fc..9b4dea2c7c 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -30,8 +30,7 @@ Windows Security app | The Windows built-in security application found in setitn
 | Encrypted Hard Drive | <br/><br/>Encrypted Hard Drive uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management. <br> By offloading the cryptographic operations to hardware, Encrypted Hard Drives increase BitLocker performance and reduce CPU usage and power consumption. Because Encrypted Hard Drives encrypt data quickly, enterprise devices can expand BitLocker deployment with minimal impact on productivity. <br/><br/> Learn more about [Encrypted Hard Drives](information-protection/encrypted-hard-drive.md). <br><br/> |
 | Virtual Private Network | Virtual private networks (VPNs) are point-to-point connections across a private or public network, such as the Internet. A VPN client uses special TCP/IP or UDP-based protocols, called tunneling protocols, to make a virtual call to a virtual port on a VPN server. <br><br/>Learn more about [Virtual Private Networks](identity-protection/vpn/vpn-guide.md) (VPNs).<br/><br/>|
 | Windows Defender Firewall | Windows Defender Firewall is a stateful host firewall that helps secure the device by allowing you to create rules that determine which network traffic is permitted to enter the device from the network and which network traffic the device is allowed to send to the network. Windows Defender Firewall also supports Internet Protocol security (IPsec), which you can use to require authentication from any device that is attempting to communicate with your device. <br><br/> Learn more about [Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md).<br/><br/>
-| Protection from viruses and threats | The next-generation protection capabilities in Windows helps identify and block new and emerging threats. By reducing your attack surface, you can reduce the risk of malware getting onto a device. Powered by the cloud and machine learning, Microsoft Defender Antivirus can help stop attacks in real-time. These capabilities can help security teams prevent malware from infecting a device. | 
-| Antivirus & antimalware protection | [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)| 
+| Antivirus & antimalware protection | Microsoft Defender Antivirus is included in all versions of Windows 10, Windows Server 2016 and later, and Windows 11. From the moment you boot Windows, Microsoft Defender Antivirus continually monitors for malware, viruses, and security threats. Updates are downloaded automatically to help protect your device from threats.  Microsoft Defender Antivirus continually scans for malware and threats, and also detects and blocks potentially unwanted applications (applications that can negatively impact your device even though they are not considered malware).<br/><br/>If you have another antivirus app installed and turned on, Microsoft Defender Antivirus will turn off automatically. If you uninstall the other app, Microsoft Defender Antivirus will turn back on. <br/><br/>Microsoft Defender Antivirus integrates with cloud-delivered protection, which helps ensure near-instant detection and blocking of new and emerging threats.<br/><br/>Learn more about [next-generation protection and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows).| 
 | Attack surface reduction rules | Learn more about [Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction) |
 | Anti-tampering protection | Learn more about [Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection). | 
 | Network protection | Learn more about [Network protection](/microsoft-365/security/defender-endpoint/network-protection). |

From 689307f9830b9db4f8650dab86830eb4e333978d Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 15:58:18 -0700
Subject: [PATCH 413/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 9b4dea2c7c..c30a88ed3e 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -31,7 +31,7 @@ Windows Security app | The Windows built-in security application found in setitn
 | Virtual Private Network | Virtual private networks (VPNs) are point-to-point connections across a private or public network, such as the Internet. A VPN client uses special TCP/IP or UDP-based protocols, called tunneling protocols, to make a virtual call to a virtual port on a VPN server. <br><br/>Learn more about [Virtual Private Networks](identity-protection/vpn/vpn-guide.md) (VPNs).<br/><br/>|
 | Windows Defender Firewall | Windows Defender Firewall is a stateful host firewall that helps secure the device by allowing you to create rules that determine which network traffic is permitted to enter the device from the network and which network traffic the device is allowed to send to the network. Windows Defender Firewall also supports Internet Protocol security (IPsec), which you can use to require authentication from any device that is attempting to communicate with your device. <br><br/> Learn more about [Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md).<br/><br/>
 | Antivirus & antimalware protection | Microsoft Defender Antivirus is included in all versions of Windows 10, Windows Server 2016 and later, and Windows 11. From the moment you boot Windows, Microsoft Defender Antivirus continually monitors for malware, viruses, and security threats. Updates are downloaded automatically to help protect your device from threats.  Microsoft Defender Antivirus continually scans for malware and threats, and also detects and blocks potentially unwanted applications (applications that can negatively impact your device even though they are not considered malware).<br/><br/>If you have another antivirus app installed and turned on, Microsoft Defender Antivirus will turn off automatically. If you uninstall the other app, Microsoft Defender Antivirus will turn back on. <br/><br/>Microsoft Defender Antivirus integrates with cloud-delivered protection, which helps ensure near-instant detection and blocking of new and emerging threats.<br/><br/>Learn more about [next-generation protection and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows).| 
-| Attack surface reduction rules | Learn more about [Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction) |
+| Attack surface reduction rules | Your attack surfaces are the places and ways you are vulnerable to a cyber attack. Attack surface reduction rules are built into Windows and Windows Server. These rules block certain behaviors that are often abused to compromise your device or network. Such behaviors can include launching scripts or executables that attempt to download or run other files, running suspicious scripts, or performing other behaviors that apps don't typically initiate during normal work. You can configure rules to protect against risky behaviors.<br/><br/> Learn more about [Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction) |
 | Anti-tampering protection | Learn more about [Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection). | 
 | Network protection | Learn more about [Network protection](/microsoft-365/security/defender-endpoint/network-protection). |
 | Controlled folder access | Learn more about [Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders). |

From 3b6d0e1a9efa8f6647b0e9f47ec97df1039273bb Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 15:59:09 -0700
Subject: [PATCH 414/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index c30a88ed3e..4b1e910a63 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -30,7 +30,7 @@ Windows Security app | The Windows built-in security application found in setitn
 | Encrypted Hard Drive | <br/><br/>Encrypted Hard Drive uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management. <br> By offloading the cryptographic operations to hardware, Encrypted Hard Drives increase BitLocker performance and reduce CPU usage and power consumption. Because Encrypted Hard Drives encrypt data quickly, enterprise devices can expand BitLocker deployment with minimal impact on productivity. <br/><br/> Learn more about [Encrypted Hard Drives](information-protection/encrypted-hard-drive.md). <br><br/> |
 | Virtual Private Network | Virtual private networks (VPNs) are point-to-point connections across a private or public network, such as the Internet. A VPN client uses special TCP/IP or UDP-based protocols, called tunneling protocols, to make a virtual call to a virtual port on a VPN server. <br><br/>Learn more about [Virtual Private Networks](identity-protection/vpn/vpn-guide.md) (VPNs).<br/><br/>|
 | Windows Defender Firewall | Windows Defender Firewall is a stateful host firewall that helps secure the device by allowing you to create rules that determine which network traffic is permitted to enter the device from the network and which network traffic the device is allowed to send to the network. Windows Defender Firewall also supports Internet Protocol security (IPsec), which you can use to require authentication from any device that is attempting to communicate with your device. <br><br/> Learn more about [Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md).<br/><br/>
-| Antivirus & antimalware protection | Microsoft Defender Antivirus is included in all versions of Windows 10, Windows Server 2016 and later, and Windows 11. From the moment you boot Windows, Microsoft Defender Antivirus continually monitors for malware, viruses, and security threats. Updates are downloaded automatically to help protect your device from threats.  Microsoft Defender Antivirus continually scans for malware and threats, and also detects and blocks potentially unwanted applications (applications that can negatively impact your device even though they are not considered malware).<br/><br/>If you have another antivirus app installed and turned on, Microsoft Defender Antivirus will turn off automatically. If you uninstall the other app, Microsoft Defender Antivirus will turn back on. <br/><br/>Microsoft Defender Antivirus integrates with cloud-delivered protection, which helps ensure near-instant detection and blocking of new and emerging threats.<br/><br/>Learn more about [next-generation protection and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows).| 
+| Antivirus & antimalware protection | Microsoft Defender Antivirus is included in all versions of Windows 10, Windows Server 2016 and later, and Windows 11. <br/><br/>From the moment you boot Windows, Microsoft Defender Antivirus continually monitors for malware, viruses, and security threats. Updates are downloaded automatically to help protect your device from threats.  Microsoft Defender Antivirus continually scans for malware and threats, and also detects and blocks potentially unwanted applications (applications that can negatively impact your device even though they are not considered malware).<br/><br/>If you have another antivirus app installed and turned on, Microsoft Defender Antivirus will turn off automatically. If you uninstall the other app, Microsoft Defender Antivirus will turn back on. <br/><br/>Microsoft Defender Antivirus integrates with cloud-delivered protection, which helps ensure near-instant detection and blocking of new and emerging threats.<br/><br/>Learn more about [next-generation protection and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows).| 
 | Attack surface reduction rules | Your attack surfaces are the places and ways you are vulnerable to a cyber attack. Attack surface reduction rules are built into Windows and Windows Server. These rules block certain behaviors that are often abused to compromise your device or network. Such behaviors can include launching scripts or executables that attempt to download or run other files, running suspicious scripts, or performing other behaviors that apps don't typically initiate during normal work. You can configure rules to protect against risky behaviors.<br/><br/> Learn more about [Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction) |
 | Anti-tampering protection | Learn more about [Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection). | 
 | Network protection | Learn more about [Network protection](/microsoft-365/security/defender-endpoint/network-protection). |

From f70e467f3e957b8b28079e60388edf9cce336f2b Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 16:01:51 -0700
Subject: [PATCH 415/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 4b1e910a63..15aca579bc 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -32,7 +32,7 @@ Windows Security app | The Windows built-in security application found in setitn
 | Windows Defender Firewall | Windows Defender Firewall is a stateful host firewall that helps secure the device by allowing you to create rules that determine which network traffic is permitted to enter the device from the network and which network traffic the device is allowed to send to the network. Windows Defender Firewall also supports Internet Protocol security (IPsec), which you can use to require authentication from any device that is attempting to communicate with your device. <br><br/> Learn more about [Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md).<br/><br/>
 | Antivirus & antimalware protection | Microsoft Defender Antivirus is included in all versions of Windows 10, Windows Server 2016 and later, and Windows 11. <br/><br/>From the moment you boot Windows, Microsoft Defender Antivirus continually monitors for malware, viruses, and security threats. Updates are downloaded automatically to help protect your device from threats.  Microsoft Defender Antivirus continually scans for malware and threats, and also detects and blocks potentially unwanted applications (applications that can negatively impact your device even though they are not considered malware).<br/><br/>If you have another antivirus app installed and turned on, Microsoft Defender Antivirus will turn off automatically. If you uninstall the other app, Microsoft Defender Antivirus will turn back on. <br/><br/>Microsoft Defender Antivirus integrates with cloud-delivered protection, which helps ensure near-instant detection and blocking of new and emerging threats.<br/><br/>Learn more about [next-generation protection and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows).| 
 | Attack surface reduction rules | Your attack surfaces are the places and ways you are vulnerable to a cyber attack. Attack surface reduction rules are built into Windows and Windows Server. These rules block certain behaviors that are often abused to compromise your device or network. Such behaviors can include launching scripts or executables that attempt to download or run other files, running suspicious scripts, or performing other behaviors that apps don't typically initiate during normal work. You can configure rules to protect against risky behaviors.<br/><br/> Learn more about [Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction) |
-| Anti-tampering protection | Learn more about [Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection). | 
+| Anti-tampering protection | Attacks like ransomware attempt to disable security features, such as anti-virus protection, on targeted devices. Bad actors like to disable security features to get easier access to user’s data, to install malware, or to otherwise exploit user’s data, identity, and devices without fear of being blocked. Tamper protection helps prevent these kinds of activities.<br/><br/>With tamper protection, malware is prevented from taking actions such as:<br/>- Disabling virus and threat protection<br/>- Disabling real-time protection<br/>- Turning off behavior monitoring<br/>- Disabling antivirus (such as IOfficeAntivirus (IOAV))<br/>- Disabling cloud-delivered protection<br/>- Removing security intelligence updates <br/><br/>Learn more about [Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection). | 
 | Network protection | Learn more about [Network protection](/microsoft-365/security/defender-endpoint/network-protection). |
 | Controlled folder access | Learn more about [Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders). |
 | Exploit protection | Learn more about [Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection). | 

From 71126292d1bc6fd9676af65f60bbca548f35a130 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 16:03:25 -0700
Subject: [PATCH 416/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 15aca579bc..9e7ed088cc 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -33,7 +33,7 @@ Windows Security app | The Windows built-in security application found in setitn
 | Antivirus & antimalware protection | Microsoft Defender Antivirus is included in all versions of Windows 10, Windows Server 2016 and later, and Windows 11. <br/><br/>From the moment you boot Windows, Microsoft Defender Antivirus continually monitors for malware, viruses, and security threats. Updates are downloaded automatically to help protect your device from threats.  Microsoft Defender Antivirus continually scans for malware and threats, and also detects and blocks potentially unwanted applications (applications that can negatively impact your device even though they are not considered malware).<br/><br/>If you have another antivirus app installed and turned on, Microsoft Defender Antivirus will turn off automatically. If you uninstall the other app, Microsoft Defender Antivirus will turn back on. <br/><br/>Microsoft Defender Antivirus integrates with cloud-delivered protection, which helps ensure near-instant detection and blocking of new and emerging threats.<br/><br/>Learn more about [next-generation protection and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows).| 
 | Attack surface reduction rules | Your attack surfaces are the places and ways you are vulnerable to a cyber attack. Attack surface reduction rules are built into Windows and Windows Server. These rules block certain behaviors that are often abused to compromise your device or network. Such behaviors can include launching scripts or executables that attempt to download or run other files, running suspicious scripts, or performing other behaviors that apps don't typically initiate during normal work. You can configure rules to protect against risky behaviors.<br/><br/> Learn more about [Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction) |
 | Anti-tampering protection | Attacks like ransomware attempt to disable security features, such as anti-virus protection, on targeted devices. Bad actors like to disable security features to get easier access to user’s data, to install malware, or to otherwise exploit user’s data, identity, and devices without fear of being blocked. Tamper protection helps prevent these kinds of activities.<br/><br/>With tamper protection, malware is prevented from taking actions such as:<br/>- Disabling virus and threat protection<br/>- Disabling real-time protection<br/>- Turning off behavior monitoring<br/>- Disabling antivirus (such as IOfficeAntivirus (IOAV))<br/>- Disabling cloud-delivered protection<br/>- Removing security intelligence updates <br/><br/>Learn more about [Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection). | 
-| Network protection | Learn more about [Network protection](/microsoft-365/security/defender-endpoint/network-protection). |
+| Network protection | Network protection in Windows helps prevent users from accessing dangerous IP addresses and domains that may host phishing scams, exploits, and other malicious content on the Internet. Network protection is part of attack surface reduction and helps provide an additional layer of protection for a user. <br/><br/>Using reputation-based services, network protection blocks access to potentially harmful, low-reputation based domains and IP addresses. <br/><br/>In enterprise environments, network protection works best with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/?view=o365-worldwide), which provides detailed reporting into protection events as part of larger investigation scenarios.<br/><br/> Learn more about [Network protection](/microsoft-365/security/defender-endpoint/network-protection). |
 | Controlled folder access | Learn more about [Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders). |
 | Exploit protection | Learn more about [Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection). | 
 | Microsoft Defender for Endpoint | Learn more about [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint). |

From 5ba75a719df664b22ca93e7df7007c0254f634bc Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 16 Sep 2021 16:09:44 -0700
Subject: [PATCH 417/671] adding new ZT landing page

---
 windows/security/TOC.yml                      |  2 +
 .../zero-trust-windows-device-health.md       | 52 +++++++++++++++++++
 2 files changed, 54 insertions(+)
 create mode 100644 windows/security/zero-trust-windows-device-health.md

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 340d3c91b4..4dd99c673d 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -1,6 +1,8 @@
 
 - name: Windows security
   href: index.yml
+- name: Windows and Zero Trust
+  href: zero-trust-windows-device-health.md
   expanded: true
 - name: Hardware security
   items: 
diff --git a/windows/security/zero-trust-windows-device-health.md b/windows/security/zero-trust-windows-device-health.md
new file mode 100644
index 0000000000..c8c7cf6ef5
--- /dev/null
+++ b/windows/security/zero-trust-windows-device-health.md
@@ -0,0 +1,52 @@
+---
+title: Zero Trust and Windows device health 
+description: Describes the process of Windows device health attestation
+ms.reviewer: 
+ms.topic: article
+manager: dansimp
+ms.author: dansimp
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: dansimp
+ms.collection: M365-security-compliance
+ms.prod: m365-security
+ms.technology: windows-sec
+---
+
+# Zero Trust and Windows device health
+Today’s organizations need a new security model that more effectively adapts to the complexity of the modern environment, embraces the hybrid workplace, and protects people, devices, apps, and data wherever they’re located. Implementing a Zero Trust model for security addresses today's complex work environments.
+
+The [Zero Trust Principles](https://www.microsoft.com/security/business/zero-trust) are threefold.
+
+**Verify explicitly**. Always authenticate and authorize based on all available data points, including user identity, location, device health, service or workload, data classification, and monitor anomalies.
+
+**Use least-privileged access**. Limit user access with just-in-time and just-enough-access, risk-based adaptive polices, and data protection to help secure data and maintain productivity.
+
+**Assume breach**. Assume breach operates in a manner that minimizes blast radius and segments access. Verify end-to-end encryption and use analytics to get visibility, drive threat detection, and improve defenses.
+
+For Windows 11, the Zero Trust concept of verify explicitly applies to the risks introduced by both devices and users. Windows 11 provides IT administrators the attestation and measurements to determine whether a device meets requirements and can be trusted. And Windows 11 works out of the box with Microsoft Intune and Azure Active Directory, so access decisions and enforcement are seamless. Plus, IT Administrators can easily customize Windows 11 to meet specific user and policy requirements for access, privacy, compliance, and more.
+
+## Device health attestation on Windows
+Zero Trust principles state that all endpoints are untrusted unless they are verified. The verification process uses remote attestation as the secure channel to determine and present the device’s health. Remote attestation determines:
+
+- If the device can be trusted. This is determined with the help of a secure root of trust (Trusted Platform Module). Devices can attest that the TPM is enabled and in the attestation flow.
+- If the OS booted correctly. Many security risks can emerge during the boot process as this process can be the most privileged component of the whole system.
+- If the OS has the right set of security features enabled.
+Windows includes many security features to help protect users from malware and attacks. However, trusting the Windows security components can only be achieved if the platform boots as expected and was not tampered with. Windows relies on Unified Extensible Firmware Interface (UEFI) Secure Boot, ELAM, DRTM, Trusted Boot and other low-level hardware and firmware security features to protect your PC from attacks. When you power on your PC until your anti-malware starts, Windows is backed with the appropriate hardware configurations helps keep you safe. [Measured and Trusted boot](information-protection/secure-the-windows-10-boot-process.md), implemented by bootloaders and BIOS, verifies and cryptographically records each step of the boot in a chained manner. These events are bound to a security coprocessor (TPM) that acts as the Root of Trust. Remote Attestation is the mechanism by which these events are read and verified by a service to provide a verifiable, unbiased, and tamper resilient report. Remote attestation is the trusted auditor of your systems boot, allowing relying parties to bind trust to the device and its security. 
+
+A summary of the steps involved in attestation and Zero Trust on the device side are as follows:
+
+1. During each step of the boot process, such as a file load, update of special variables, and more, information such as file hashes and signature are measured in the TPM PCRs. The measurements are bound by a [Trusted Computing Group specification](https://trustedcomputinggroup.org/resource/pc-client-platform-tpm-profile-ptp-specification/) (TCG) that dictates what events can be recorded and the format of each event.
+2. Once Windows has booted, the attestor/verifier requests the TPM to fetch the measurements stored in its Platform Configuration Register (PCR) alongside a TCG log. Both of these together form the attestation evidence that’s sent to the attestation service (learn more about the attestation service below).
+3. The TPM is verified by using the keys/cryptographic material available on the chipset with an [Azure Certificate Service](/windows-server/identity/ad-ds/manage/component-updates/tpm-key-attestation). 
+4. This information is then sent to the attestation service in the cloud to verify that the device is safe. Microsoft Endpoint Manger (MEM) integrates with Microsoft Azure Attestation to review device health comprehensively and connect this information with AAD conditional access. This integration is key for Zero Trust solutions that help bind trust to an untrusted device.
+5. The attestation service does the following:
+
+    - Verify the integrity of the evidence. This is done by validating the PCRs that match the values recomputed by replaying the TCG log.
+    - Verify that the TPM has a valid Attestation Identity Key issued by the authenticated TPM.
+    - Verify that the security features are in the expected states.
+
+6. The attestation service returns an attestation report that contains information about the security features based on the policy configured in the attestation service.
+7. The device then sends the report to the MEM cloud to assess the trustworthiness of the platform according to the admin-configured device compliance rules.
+8. Conditional access, along with device-compliance state then decides to grant access to protected resource or not.

From 2b6c78b87fadb73235bce209282d6d2ea9e7a82e Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 16:14:07 -0700
Subject: [PATCH 418/671] Update operating-system.md

---
 windows/security/operating-system.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 9e7ed088cc..d072a0acb2 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -34,7 +34,7 @@ Windows Security app | The Windows built-in security application found in setitn
 | Attack surface reduction rules | Your attack surfaces are the places and ways you are vulnerable to a cyber attack. Attack surface reduction rules are built into Windows and Windows Server. These rules block certain behaviors that are often abused to compromise your device or network. Such behaviors can include launching scripts or executables that attempt to download or run other files, running suspicious scripts, or performing other behaviors that apps don't typically initiate during normal work. You can configure rules to protect against risky behaviors.<br/><br/> Learn more about [Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction) |
 | Anti-tampering protection | Attacks like ransomware attempt to disable security features, such as anti-virus protection, on targeted devices. Bad actors like to disable security features to get easier access to user’s data, to install malware, or to otherwise exploit user’s data, identity, and devices without fear of being blocked. Tamper protection helps prevent these kinds of activities.<br/><br/>With tamper protection, malware is prevented from taking actions such as:<br/>- Disabling virus and threat protection<br/>- Disabling real-time protection<br/>- Turning off behavior monitoring<br/>- Disabling antivirus (such as IOfficeAntivirus (IOAV))<br/>- Disabling cloud-delivered protection<br/>- Removing security intelligence updates <br/><br/>Learn more about [Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection). | 
 | Network protection | Network protection in Windows helps prevent users from accessing dangerous IP addresses and domains that may host phishing scams, exploits, and other malicious content on the Internet. Network protection is part of attack surface reduction and helps provide an additional layer of protection for a user. <br/><br/>Using reputation-based services, network protection blocks access to potentially harmful, low-reputation based domains and IP addresses. <br/><br/>In enterprise environments, network protection works best with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/?view=o365-worldwide), which provides detailed reporting into protection events as part of larger investigation scenarios.<br/><br/> Learn more about [Network protection](/microsoft-365/security/defender-endpoint/network-protection). |
-| Controlled folder access | Learn more about [Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders). |
-| Exploit protection | Learn more about [Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection). | 
-| Microsoft Defender for Endpoint | Learn more about [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint). |
+| Controlled folder access | With controlled folder access, you can protect your valuable information in specific folders by managing apps’ access to specific folders. Only trusted apps can access protected folders, which are specified when controlled folder access is configured. Typically, commonly used folders, such as those used for documents, pictures, downloads, are included in the list of controlled folders. <br/><br/>Controlled folder access works with a list of trusted apps. Apps that are included in the list of trusted software work as expected. Apps that are not included in the trusted list are prevented from making any changes to files inside protected folders.<br/><br/> Controlled folder access helps protect valuable data from malicious apps and threats, such as ransomware. Learn more about [Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders). |
+| Exploit protection | Exploit protection automatically applies several exploit mitigation techniques to operating system processes and apps. Exploit protection works best with Microsoft Defender for Endpoint, which gives organizations detailed reporting into exploit protection events and blocks as part of typical alert investigation scenarios. <br/><br/>You can enable exploit protection on an individual device, and then use Group Policy to distribute the XML file to multiple devices simultaneously.When a mitigation is encountered on the device, a notification will be displayed from the Action Center. You can customize the notification with your company details and contact information. You can also enable the rules individually to customize which techniques the feature monitors.<br/><br/>You can use audit mode to evaluate how exploit protection would impact your organization if it were enabled.<br/><br/>In Windows 10, version 1709 and later provides configuration options for Exploit protection. You can prevent users from modifying these specific options with Group Policy. <br/><br/>Learn more about [Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection). | 
+| Microsoft Defender for Endpoint | Windows E5 customers benefit from [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide), an enterprise endpoint detection and response capability that helps enterprise security teams detect, investigate, and respond to advanced threats. With rich event data and attack insights, Defender for Endpoint enables your security team to investigate incidents and take remediation actions effectively and efficiently.<br/><br/>Defender for Endpoint brings together the following elements to provide a more complete picture of security incidents:<br/><br/>- Endpoint behavioral sensors: Embedded in Windows, these sensors collect and process behavioral signals from the operating system and send this sensor data to your private, isolated, cloud instance of Microsoft Defender for Endpoint.<br/><br/>- Cloud security analytics: Leveraging big-data, device-learning, and unique Microsoft optics across the Windows ecosystem, enterprise cloud products such as Microsoft 365, and online assets, behavioral signals are translated into insights, detections, and recommended responses to advanced threats.<br/><br/>- Threat intelligence: Microsoft’s threat intelligence is informed by trillions of security signals every day. Combined with our global team of security experts, and cutting-edge artificial intelligence and machine learning, we can see threats that others miss. Our threat intelligence helps provide unparalleled protection for our customers.<br/><br/>Defender for Endpoint also is part of [Microsoft 365 Defender](/microsoft-365/security/defender/?view=o365-worldwide), a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.<br/><br/>Learn more about [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint). |
 

From 22533381f80c153986cc4295b2372c4d147a1751 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 16:15:20 -0700
Subject: [PATCH 419/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index d072a0acb2..31fcfaae14 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -36,5 +36,5 @@ Windows Security app | The Windows built-in security application found in setitn
 | Network protection | Network protection in Windows helps prevent users from accessing dangerous IP addresses and domains that may host phishing scams, exploits, and other malicious content on the Internet. Network protection is part of attack surface reduction and helps provide an additional layer of protection for a user. <br/><br/>Using reputation-based services, network protection blocks access to potentially harmful, low-reputation based domains and IP addresses. <br/><br/>In enterprise environments, network protection works best with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/?view=o365-worldwide), which provides detailed reporting into protection events as part of larger investigation scenarios.<br/><br/> Learn more about [Network protection](/microsoft-365/security/defender-endpoint/network-protection). |
 | Controlled folder access | With controlled folder access, you can protect your valuable information in specific folders by managing apps’ access to specific folders. Only trusted apps can access protected folders, which are specified when controlled folder access is configured. Typically, commonly used folders, such as those used for documents, pictures, downloads, are included in the list of controlled folders. <br/><br/>Controlled folder access works with a list of trusted apps. Apps that are included in the list of trusted software work as expected. Apps that are not included in the trusted list are prevented from making any changes to files inside protected folders.<br/><br/> Controlled folder access helps protect valuable data from malicious apps and threats, such as ransomware. Learn more about [Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders). |
 | Exploit protection | Exploit protection automatically applies several exploit mitigation techniques to operating system processes and apps. Exploit protection works best with Microsoft Defender for Endpoint, which gives organizations detailed reporting into exploit protection events and blocks as part of typical alert investigation scenarios. <br/><br/>You can enable exploit protection on an individual device, and then use Group Policy to distribute the XML file to multiple devices simultaneously.When a mitigation is encountered on the device, a notification will be displayed from the Action Center. You can customize the notification with your company details and contact information. You can also enable the rules individually to customize which techniques the feature monitors.<br/><br/>You can use audit mode to evaluate how exploit protection would impact your organization if it were enabled.<br/><br/>In Windows 10, version 1709 and later provides configuration options for Exploit protection. You can prevent users from modifying these specific options with Group Policy. <br/><br/>Learn more about [Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection). | 
-| Microsoft Defender for Endpoint | Windows E5 customers benefit from [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide), an enterprise endpoint detection and response capability that helps enterprise security teams detect, investigate, and respond to advanced threats. With rich event data and attack insights, Defender for Endpoint enables your security team to investigate incidents and take remediation actions effectively and efficiently.<br/><br/>Defender for Endpoint brings together the following elements to provide a more complete picture of security incidents:<br/><br/>- Endpoint behavioral sensors: Embedded in Windows, these sensors collect and process behavioral signals from the operating system and send this sensor data to your private, isolated, cloud instance of Microsoft Defender for Endpoint.<br/><br/>- Cloud security analytics: Leveraging big-data, device-learning, and unique Microsoft optics across the Windows ecosystem, enterprise cloud products such as Microsoft 365, and online assets, behavioral signals are translated into insights, detections, and recommended responses to advanced threats.<br/><br/>- Threat intelligence: Microsoft’s threat intelligence is informed by trillions of security signals every day. Combined with our global team of security experts, and cutting-edge artificial intelligence and machine learning, we can see threats that others miss. Our threat intelligence helps provide unparalleled protection for our customers.<br/><br/>Defender for Endpoint also is part of [Microsoft 365 Defender](/microsoft-365/security/defender/?view=o365-worldwide), a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.<br/><br/>Learn more about [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint). |
+| Microsoft Defender for Endpoint | Windows E5 customers benefit from [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide), an enterprise endpoint detection and response capability that helps enterprise security teams detect, investigate, and respond to advanced threats. With rich event data and attack insights, Defender for Endpoint enables your security team to investigate incidents and take remediation actions effectively and efficiently.<br/><br/>Defender for Endpoint also is part of [Microsoft 365 Defender](/microsoft-365/security/defender/?view=o365-worldwide), a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.<br/><br/>Learn more about [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint). |
 

From 11fcd75a488dac5b7abb0821ffc0708261e17c22 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 16:18:33 -0700
Subject: [PATCH 420/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 31fcfaae14..49c1b14910 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -34,7 +34,7 @@ Windows Security app | The Windows built-in security application found in setitn
 | Attack surface reduction rules | Your attack surfaces are the places and ways you are vulnerable to a cyber attack. Attack surface reduction rules are built into Windows and Windows Server. These rules block certain behaviors that are often abused to compromise your device or network. Such behaviors can include launching scripts or executables that attempt to download or run other files, running suspicious scripts, or performing other behaviors that apps don't typically initiate during normal work. You can configure rules to protect against risky behaviors.<br/><br/> Learn more about [Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction) |
 | Anti-tampering protection | Attacks like ransomware attempt to disable security features, such as anti-virus protection, on targeted devices. Bad actors like to disable security features to get easier access to user’s data, to install malware, or to otherwise exploit user’s data, identity, and devices without fear of being blocked. Tamper protection helps prevent these kinds of activities.<br/><br/>With tamper protection, malware is prevented from taking actions such as:<br/>- Disabling virus and threat protection<br/>- Disabling real-time protection<br/>- Turning off behavior monitoring<br/>- Disabling antivirus (such as IOfficeAntivirus (IOAV))<br/>- Disabling cloud-delivered protection<br/>- Removing security intelligence updates <br/><br/>Learn more about [Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection). | 
 | Network protection | Network protection in Windows helps prevent users from accessing dangerous IP addresses and domains that may host phishing scams, exploits, and other malicious content on the Internet. Network protection is part of attack surface reduction and helps provide an additional layer of protection for a user. <br/><br/>Using reputation-based services, network protection blocks access to potentially harmful, low-reputation based domains and IP addresses. <br/><br/>In enterprise environments, network protection works best with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/?view=o365-worldwide), which provides detailed reporting into protection events as part of larger investigation scenarios.<br/><br/> Learn more about [Network protection](/microsoft-365/security/defender-endpoint/network-protection). |
-| Controlled folder access | With controlled folder access, you can protect your valuable information in specific folders by managing apps’ access to specific folders. Only trusted apps can access protected folders, which are specified when controlled folder access is configured. Typically, commonly used folders, such as those used for documents, pictures, downloads, are included in the list of controlled folders. <br/><br/>Controlled folder access works with a list of trusted apps. Apps that are included in the list of trusted software work as expected. Apps that are not included in the trusted list are prevented from making any changes to files inside protected folders.<br/><br/> Controlled folder access helps protect valuable data from malicious apps and threats, such as ransomware. Learn more about [Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders). |
+| Controlled folder access | With controlled folder access, you can protect your valuable information in specific folders by managing apps’ access to specific folders. Only trusted apps can access protected folders, which are specified when controlled folder access is configured. Typically, commonly used folders, such as those used for documents, pictures, downloads, are included in the list of controlled folders.<br/><br/> Controlled folder access helps protect valuable data from malicious apps and threats, such as ransomware. Learn more about [Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders). |
 | Exploit protection | Exploit protection automatically applies several exploit mitigation techniques to operating system processes and apps. Exploit protection works best with Microsoft Defender for Endpoint, which gives organizations detailed reporting into exploit protection events and blocks as part of typical alert investigation scenarios. <br/><br/>You can enable exploit protection on an individual device, and then use Group Policy to distribute the XML file to multiple devices simultaneously.When a mitigation is encountered on the device, a notification will be displayed from the Action Center. You can customize the notification with your company details and contact information. You can also enable the rules individually to customize which techniques the feature monitors.<br/><br/>You can use audit mode to evaluate how exploit protection would impact your organization if it were enabled.<br/><br/>In Windows 10, version 1709 and later provides configuration options for Exploit protection. You can prevent users from modifying these specific options with Group Policy. <br/><br/>Learn more about [Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection). | 
 | Microsoft Defender for Endpoint | Windows E5 customers benefit from [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide), an enterprise endpoint detection and response capability that helps enterprise security teams detect, investigate, and respond to advanced threats. With rich event data and attack insights, Defender for Endpoint enables your security team to investigate incidents and take remediation actions effectively and efficiently.<br/><br/>Defender for Endpoint also is part of [Microsoft 365 Defender](/microsoft-365/security/defender/?view=o365-worldwide), a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.<br/><br/>Learn more about [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint). |
 

From 397251695439ee621e40277c49152c3314c25215 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 16:19:01 -0700
Subject: [PATCH 421/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 49c1b14910..3889734f8f 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -33,7 +33,7 @@ Windows Security app | The Windows built-in security application found in setitn
 | Antivirus & antimalware protection | Microsoft Defender Antivirus is included in all versions of Windows 10, Windows Server 2016 and later, and Windows 11. <br/><br/>From the moment you boot Windows, Microsoft Defender Antivirus continually monitors for malware, viruses, and security threats. Updates are downloaded automatically to help protect your device from threats.  Microsoft Defender Antivirus continually scans for malware and threats, and also detects and blocks potentially unwanted applications (applications that can negatively impact your device even though they are not considered malware).<br/><br/>If you have another antivirus app installed and turned on, Microsoft Defender Antivirus will turn off automatically. If you uninstall the other app, Microsoft Defender Antivirus will turn back on. <br/><br/>Microsoft Defender Antivirus integrates with cloud-delivered protection, which helps ensure near-instant detection and blocking of new and emerging threats.<br/><br/>Learn more about [next-generation protection and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows).| 
 | Attack surface reduction rules | Your attack surfaces are the places and ways you are vulnerable to a cyber attack. Attack surface reduction rules are built into Windows and Windows Server. These rules block certain behaviors that are often abused to compromise your device or network. Such behaviors can include launching scripts or executables that attempt to download or run other files, running suspicious scripts, or performing other behaviors that apps don't typically initiate during normal work. You can configure rules to protect against risky behaviors.<br/><br/> Learn more about [Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction) |
 | Anti-tampering protection | Attacks like ransomware attempt to disable security features, such as anti-virus protection, on targeted devices. Bad actors like to disable security features to get easier access to user’s data, to install malware, or to otherwise exploit user’s data, identity, and devices without fear of being blocked. Tamper protection helps prevent these kinds of activities.<br/><br/>With tamper protection, malware is prevented from taking actions such as:<br/>- Disabling virus and threat protection<br/>- Disabling real-time protection<br/>- Turning off behavior monitoring<br/>- Disabling antivirus (such as IOfficeAntivirus (IOAV))<br/>- Disabling cloud-delivered protection<br/>- Removing security intelligence updates <br/><br/>Learn more about [Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection). | 
-| Network protection | Network protection in Windows helps prevent users from accessing dangerous IP addresses and domains that may host phishing scams, exploits, and other malicious content on the Internet. Network protection is part of attack surface reduction and helps provide an additional layer of protection for a user. <br/><br/>Using reputation-based services, network protection blocks access to potentially harmful, low-reputation based domains and IP addresses. <br/><br/>In enterprise environments, network protection works best with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/?view=o365-worldwide), which provides detailed reporting into protection events as part of larger investigation scenarios.<br/><br/> Learn more about [Network protection](/microsoft-365/security/defender-endpoint/network-protection). |
+| Network protection | Network protection in Windows helps prevent users from accessing dangerous IP addresses and domains that may host phishing scams, exploits, and other malicious content on the Internet. Network protection is part of attack surface reduction and helps provide an additional layer of protection for a user. Using reputation-based services, network protection blocks access to potentially harmful, low-reputation based domains and IP addresses. <br/><br/>In enterprise environments, network protection works best with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/?view=o365-worldwide), which provides detailed reporting into protection events as part of larger investigation scenarios.<br/><br/> Learn more about [Network protection](/microsoft-365/security/defender-endpoint/network-protection). |
 | Controlled folder access | With controlled folder access, you can protect your valuable information in specific folders by managing apps’ access to specific folders. Only trusted apps can access protected folders, which are specified when controlled folder access is configured. Typically, commonly used folders, such as those used for documents, pictures, downloads, are included in the list of controlled folders.<br/><br/> Controlled folder access helps protect valuable data from malicious apps and threats, such as ransomware. Learn more about [Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders). |
 | Exploit protection | Exploit protection automatically applies several exploit mitigation techniques to operating system processes and apps. Exploit protection works best with Microsoft Defender for Endpoint, which gives organizations detailed reporting into exploit protection events and blocks as part of typical alert investigation scenarios. <br/><br/>You can enable exploit protection on an individual device, and then use Group Policy to distribute the XML file to multiple devices simultaneously.When a mitigation is encountered on the device, a notification will be displayed from the Action Center. You can customize the notification with your company details and contact information. You can also enable the rules individually to customize which techniques the feature monitors.<br/><br/>You can use audit mode to evaluate how exploit protection would impact your organization if it were enabled.<br/><br/>In Windows 10, version 1709 and later provides configuration options for Exploit protection. You can prevent users from modifying these specific options with Group Policy. <br/><br/>Learn more about [Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection). | 
 | Microsoft Defender for Endpoint | Windows E5 customers benefit from [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide), an enterprise endpoint detection and response capability that helps enterprise security teams detect, investigate, and respond to advanced threats. With rich event data and attack insights, Defender for Endpoint enables your security team to investigate incidents and take remediation actions effectively and efficiently.<br/><br/>Defender for Endpoint also is part of [Microsoft 365 Defender](/microsoft-365/security/defender/?view=o365-worldwide), a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.<br/><br/>Learn more about [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint). |

From 5f83cad73f11915d5eeffa17809a51fafc1f1066 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 16:21:08 -0700
Subject: [PATCH 422/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 3889734f8f..82c9994bc3 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -35,6 +35,6 @@ Windows Security app | The Windows built-in security application found in setitn
 | Anti-tampering protection | Attacks like ransomware attempt to disable security features, such as anti-virus protection, on targeted devices. Bad actors like to disable security features to get easier access to user’s data, to install malware, or to otherwise exploit user’s data, identity, and devices without fear of being blocked. Tamper protection helps prevent these kinds of activities.<br/><br/>With tamper protection, malware is prevented from taking actions such as:<br/>- Disabling virus and threat protection<br/>- Disabling real-time protection<br/>- Turning off behavior monitoring<br/>- Disabling antivirus (such as IOfficeAntivirus (IOAV))<br/>- Disabling cloud-delivered protection<br/>- Removing security intelligence updates <br/><br/>Learn more about [Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection). | 
 | Network protection | Network protection in Windows helps prevent users from accessing dangerous IP addresses and domains that may host phishing scams, exploits, and other malicious content on the Internet. Network protection is part of attack surface reduction and helps provide an additional layer of protection for a user. Using reputation-based services, network protection blocks access to potentially harmful, low-reputation based domains and IP addresses. <br/><br/>In enterprise environments, network protection works best with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/?view=o365-worldwide), which provides detailed reporting into protection events as part of larger investigation scenarios.<br/><br/> Learn more about [Network protection](/microsoft-365/security/defender-endpoint/network-protection). |
 | Controlled folder access | With controlled folder access, you can protect your valuable information in specific folders by managing apps’ access to specific folders. Only trusted apps can access protected folders, which are specified when controlled folder access is configured. Typically, commonly used folders, such as those used for documents, pictures, downloads, are included in the list of controlled folders.<br/><br/> Controlled folder access helps protect valuable data from malicious apps and threats, such as ransomware. Learn more about [Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders). |
-| Exploit protection | Exploit protection automatically applies several exploit mitigation techniques to operating system processes and apps. Exploit protection works best with Microsoft Defender for Endpoint, which gives organizations detailed reporting into exploit protection events and blocks as part of typical alert investigation scenarios. <br/><br/>You can enable exploit protection on an individual device, and then use Group Policy to distribute the XML file to multiple devices simultaneously.When a mitigation is encountered on the device, a notification will be displayed from the Action Center. You can customize the notification with your company details and contact information. You can also enable the rules individually to customize which techniques the feature monitors.<br/><br/>You can use audit mode to evaluate how exploit protection would impact your organization if it were enabled.<br/><br/>In Windows 10, version 1709 and later provides configuration options for Exploit protection. You can prevent users from modifying these specific options with Group Policy. <br/><br/>Learn more about [Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection). | 
+| Exploit protection | Exploit protection automatically applies several exploit mitigation techniques to operating system processes and apps. Exploit protection works best with Microsoft Defender for Endpoint, which gives organizations detailed reporting into exploit protection events and blocks as part of typical alert investigation scenarios. <br/><br/>You can enable exploit protection on an individual device, and then use Group Policy to distribute the XML file to multiple devices simultaneously. When a mitigation is encountered on the device, a notification will be displayed from the Action Center. You can customize the notification with your company details and contact information. You can also enable the rules individually to customize which techniques the feature monitors.<br/><br/>Exploit protection is available in Windows 10, version 1709 and later. <br/><br/>Learn more about [Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection). | 
 | Microsoft Defender for Endpoint | Windows E5 customers benefit from [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide), an enterprise endpoint detection and response capability that helps enterprise security teams detect, investigate, and respond to advanced threats. With rich event data and attack insights, Defender for Endpoint enables your security team to investigate incidents and take remediation actions effectively and efficiently.<br/><br/>Defender for Endpoint also is part of [Microsoft 365 Defender](/microsoft-365/security/defender/?view=o365-worldwide), a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.<br/><br/>Learn more about [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint). |
 

From 0e58601b434b7b4cc8110dd79eb0a462593b7ed4 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 16 Sep 2021 16:24:10 -0700
Subject: [PATCH 423/671] cross linking TOCs

---
 windows/security/TOC.yml                                  | 2 +-
 windows/security/threat-protection/auditing/TOC.yml       | 4 +++-
 .../threat-protection/security-policy-settings/TOC.yml    | 4 +++-
 .../security/threat-protection/windows-firewall/TOC.yml   | 2 ++
 windows/security/zero-trust-windows-device-health.md      | 8 ++++++--
 5 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 4dd99c673d..1e359ee788 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -1,7 +1,7 @@
 
 - name: Windows security
   href: index.yml
-- name: Windows and Zero Trust
+- name: Zero Trust and Windows
   href: zero-trust-windows-device-health.md
   expanded: true
 - name: Hardware security
diff --git a/windows/security/threat-protection/auditing/TOC.yml b/windows/security/threat-protection/auditing/TOC.yml
index 88646f01b0..00e500f989 100644
--- a/windows/security/threat-protection/auditing/TOC.yml
+++ b/windows/security/threat-protection/auditing/TOC.yml
@@ -762,4 +762,6 @@
                     - name: Registry (Global Object Access Auditing)
                       href: registry-global-object-access-auditing.md
                     - name: File System (Global Object Access Auditing)
-                      href: file-system-global-object-access-auditing.md
\ No newline at end of file
+                      href: file-system-global-object-access-auditing.md
+        - name: Windows security
+          href: /windows/security/index.yml
\ No newline at end of file
diff --git a/windows/security/threat-protection/security-policy-settings/TOC.yml b/windows/security/threat-protection/security-policy-settings/TOC.yml
index 8e8f9f630c..5afa3d271b 100644
--- a/windows/security/threat-protection/security-policy-settings/TOC.yml
+++ b/windows/security/threat-protection/security-policy-settings/TOC.yml
@@ -346,4 +346,6 @@
                     - name: Synchronize directory service data
                       href: synchronize-directory-service-data.md
                     - name: Take ownership of files or other objects
-                      href: take-ownership-of-files-or-other-objects.md
\ No newline at end of file
+                      href: take-ownership-of-files-or-other-objects.md
+        - name: Windows security
+          href: /windows/security/index.yml
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-firewall/TOC.yml b/windows/security/threat-protection/windows-firewall/TOC.yml
index efaa07fa4e..55e911297b 100644
--- a/windows/security/threat-protection/windows-firewall/TOC.yml
+++ b/windows/security/threat-protection/windows-firewall/TOC.yml
@@ -250,3 +250,5 @@
           href: quarantine.md
         - name: Firewall settings lost on upgrade
           href: firewall-settings-lost-on-upgrade.md
+- name: Windows security
+  href: /windows/security/index.yml
diff --git a/windows/security/zero-trust-windows-device-health.md b/windows/security/zero-trust-windows-device-health.md
index c8c7cf6ef5..41ad5cd387 100644
--- a/windows/security/zero-trust-windows-device-health.md
+++ b/windows/security/zero-trust-windows-device-health.md
@@ -23,7 +23,7 @@ The [Zero Trust Principles](https://www.microsoft.com/security/business/zero-tru
 
 **Use least-privileged access**. Limit user access with just-in-time and just-enough-access, risk-based adaptive polices, and data protection to help secure data and maintain productivity.
 
-**Assume breach**. Assume breach operates in a manner that minimizes blast radius and segments access. Verify end-to-end encryption and use analytics to get visibility, drive threat detection, and improve defenses.
+**Assume breach**. Prevent attackers from obtaining access to minimize potential damage to data and systems. Protect privileged roles, verify end-to-end encryption, use analytics to get visibility, and drive threat detection to improve defenses.
 
 For Windows 11, the Zero Trust concept of verify explicitly applies to the risks introduced by both devices and users. Windows 11 provides IT administrators the attestation and measurements to determine whether a device meets requirements and can be trusted. And Windows 11 works out of the box with Microsoft Intune and Azure Active Directory, so access decisions and enforcement are seamless. Plus, IT Administrators can easily customize Windows 11 to meet specific user and policy requirements for access, privacy, compliance, and more.
 
@@ -39,7 +39,7 @@ A summary of the steps involved in attestation and Zero Trust on the device side
 
 1. During each step of the boot process, such as a file load, update of special variables, and more, information such as file hashes and signature are measured in the TPM PCRs. The measurements are bound by a [Trusted Computing Group specification](https://trustedcomputinggroup.org/resource/pc-client-platform-tpm-profile-ptp-specification/) (TCG) that dictates what events can be recorded and the format of each event.
 2. Once Windows has booted, the attestor/verifier requests the TPM to fetch the measurements stored in its Platform Configuration Register (PCR) alongside a TCG log. Both of these together form the attestation evidence that’s sent to the attestation service (learn more about the attestation service below).
-3. The TPM is verified by using the keys/cryptographic material available on the chipset with an [Azure Certificate Service](/windows-server/identity/ad-ds/manage/component-updates/tpm-key-attestation). 
+3. The TPM is verified by using the keys/cryptographic material available on the chipset with an [Azure Certificate Service](/windows-server/identity/ad-ds/manage/component-updates/tpm-key-attestation).
 4. This information is then sent to the attestation service in the cloud to verify that the device is safe. Microsoft Endpoint Manger (MEM) integrates with Microsoft Azure Attestation to review device health comprehensively and connect this information with AAD conditional access. This integration is key for Zero Trust solutions that help bind trust to an untrusted device.
 5. The attestation service does the following:
 
@@ -50,3 +50,7 @@ A summary of the steps involved in attestation and Zero Trust on the device side
 6. The attestation service returns an attestation report that contains information about the security features based on the policy configured in the attestation service.
 7. The device then sends the report to the MEM cloud to assess the trustworthiness of the platform according to the admin-configured device compliance rules.
 8. Conditional access, along with device-compliance state then decides to grant access to protected resource or not.
+
+## Additional Resources
+
+Learn more about Microsoft Zero Trust solutions in the [Zero Trust Guidance Center](/security/zero-trust/)

From 2cf1f97af68fde3a9b37e04119a0bd1ab949a663 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 16:30:17 -0700
Subject: [PATCH 424/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 82c9994bc3..c4926b7add 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -35,6 +35,6 @@ Windows Security app | The Windows built-in security application found in setitn
 | Anti-tampering protection | Attacks like ransomware attempt to disable security features, such as anti-virus protection, on targeted devices. Bad actors like to disable security features to get easier access to user’s data, to install malware, or to otherwise exploit user’s data, identity, and devices without fear of being blocked. Tamper protection helps prevent these kinds of activities.<br/><br/>With tamper protection, malware is prevented from taking actions such as:<br/>- Disabling virus and threat protection<br/>- Disabling real-time protection<br/>- Turning off behavior monitoring<br/>- Disabling antivirus (such as IOfficeAntivirus (IOAV))<br/>- Disabling cloud-delivered protection<br/>- Removing security intelligence updates <br/><br/>Learn more about [Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection). | 
 | Network protection | Network protection in Windows helps prevent users from accessing dangerous IP addresses and domains that may host phishing scams, exploits, and other malicious content on the Internet. Network protection is part of attack surface reduction and helps provide an additional layer of protection for a user. Using reputation-based services, network protection blocks access to potentially harmful, low-reputation based domains and IP addresses. <br/><br/>In enterprise environments, network protection works best with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/?view=o365-worldwide), which provides detailed reporting into protection events as part of larger investigation scenarios.<br/><br/> Learn more about [Network protection](/microsoft-365/security/defender-endpoint/network-protection). |
 | Controlled folder access | With controlled folder access, you can protect your valuable information in specific folders by managing apps’ access to specific folders. Only trusted apps can access protected folders, which are specified when controlled folder access is configured. Typically, commonly used folders, such as those used for documents, pictures, downloads, are included in the list of controlled folders.<br/><br/> Controlled folder access helps protect valuable data from malicious apps and threats, such as ransomware. Learn more about [Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders). |
-| Exploit protection | Exploit protection automatically applies several exploit mitigation techniques to operating system processes and apps. Exploit protection works best with Microsoft Defender for Endpoint, which gives organizations detailed reporting into exploit protection events and blocks as part of typical alert investigation scenarios. <br/><br/>You can enable exploit protection on an individual device, and then use Group Policy to distribute the XML file to multiple devices simultaneously. When a mitigation is encountered on the device, a notification will be displayed from the Action Center. You can customize the notification with your company details and contact information. You can also enable the rules individually to customize which techniques the feature monitors.<br/><br/>Exploit protection is available in Windows 10, version 1709 and later. <br/><br/>Learn more about [Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection). | 
+| Exploit protection | Exploit protection, available in Windows 10, version 1709 and later, automatically applies several exploit mitigation techniques to operating system processes and apps. Exploit protection works best with Microsoft Defender for Endpoint, which gives organizations detailed reporting into exploit protection events and blocks as part of typical alert investigation scenarios. <br/><br/>You can enable exploit protection on an individual device, and then use Group Policy to distribute the XML file to multiple devices simultaneously. When a mitigation is encountered on the device, a notification will be displayed from the Action Center. You can customize the notification with your company details and contact information. You can also enable the rules individually to customize which techniques the feature monitors.<br/><br/>Learn more about [Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection). | 
 | Microsoft Defender for Endpoint | Windows E5 customers benefit from [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide), an enterprise endpoint detection and response capability that helps enterprise security teams detect, investigate, and respond to advanced threats. With rich event data and attack insights, Defender for Endpoint enables your security team to investigate incidents and take remediation actions effectively and efficiently.<br/><br/>Defender for Endpoint also is part of [Microsoft 365 Defender](/microsoft-365/security/defender/?view=o365-worldwide), a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.<br/><br/>Learn more about [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint). |
 

From 59f4417c1b72b8dc93083e386d30c02413b85684 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 16:44:50 -0700
Subject: [PATCH 425/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index c4926b7add..9e6018c19d 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -30,7 +30,7 @@ Windows Security app | The Windows built-in security application found in setitn
 | Encrypted Hard Drive | <br/><br/>Encrypted Hard Drive uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management. <br> By offloading the cryptographic operations to hardware, Encrypted Hard Drives increase BitLocker performance and reduce CPU usage and power consumption. Because Encrypted Hard Drives encrypt data quickly, enterprise devices can expand BitLocker deployment with minimal impact on productivity. <br/><br/> Learn more about [Encrypted Hard Drives](information-protection/encrypted-hard-drive.md). <br><br/> |
 | Virtual Private Network | Virtual private networks (VPNs) are point-to-point connections across a private or public network, such as the Internet. A VPN client uses special TCP/IP or UDP-based protocols, called tunneling protocols, to make a virtual call to a virtual port on a VPN server. <br><br/>Learn more about [Virtual Private Networks](identity-protection/vpn/vpn-guide.md) (VPNs).<br/><br/>|
 | Windows Defender Firewall | Windows Defender Firewall is a stateful host firewall that helps secure the device by allowing you to create rules that determine which network traffic is permitted to enter the device from the network and which network traffic the device is allowed to send to the network. Windows Defender Firewall also supports Internet Protocol security (IPsec), which you can use to require authentication from any device that is attempting to communicate with your device. <br><br/> Learn more about [Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md).<br/><br/>
-| Antivirus & antimalware protection | Microsoft Defender Antivirus is included in all versions of Windows 10, Windows Server 2016 and later, and Windows 11. <br/><br/>From the moment you boot Windows, Microsoft Defender Antivirus continually monitors for malware, viruses, and security threats. Updates are downloaded automatically to help protect your device from threats.  Microsoft Defender Antivirus continually scans for malware and threats, and also detects and blocks potentially unwanted applications (applications that can negatively impact your device even though they are not considered malware).<br/><br/>If you have another antivirus app installed and turned on, Microsoft Defender Antivirus will turn off automatically. If you uninstall the other app, Microsoft Defender Antivirus will turn back on. <br/><br/>Microsoft Defender Antivirus integrates with cloud-delivered protection, which helps ensure near-instant detection and blocking of new and emerging threats.<br/><br/>Learn more about [next-generation protection and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows).| 
+| Antivirus & antimalware protection | Microsoft Defender Antivirus is included in all versions of Windows 10, Windows Server 2016 and later, and Windows 11. If you have another antivirus app installed and turned on, Microsoft Defender Antivirus will turn off automatically. If you uninstall the other app, Microsoft Defender Antivirus will turn back on. <br/><br/>From the moment you boot Windows, Microsoft Defender Antivirus continually monitors for malware, viruses, and security threats. Updates are downloaded automatically to help protect your device from threats.  Microsoft Defender Antivirus continually scans for malware and threats, and also detects and blocks potentially unwanted applications (applications that can negatively impact your device even though they are not considered malware).<br/><br/>Microsoft Defender Antivirus integrates with cloud-delivered protection, which helps ensure near-instant detection and blocking of new and emerging threats.<br/><br/>Learn more about [next-generation protection and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows).| 
 | Attack surface reduction rules | Your attack surfaces are the places and ways you are vulnerable to a cyber attack. Attack surface reduction rules are built into Windows and Windows Server. These rules block certain behaviors that are often abused to compromise your device or network. Such behaviors can include launching scripts or executables that attempt to download or run other files, running suspicious scripts, or performing other behaviors that apps don't typically initiate during normal work. You can configure rules to protect against risky behaviors.<br/><br/> Learn more about [Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction) |
 | Anti-tampering protection | Attacks like ransomware attempt to disable security features, such as anti-virus protection, on targeted devices. Bad actors like to disable security features to get easier access to user’s data, to install malware, or to otherwise exploit user’s data, identity, and devices without fear of being blocked. Tamper protection helps prevent these kinds of activities.<br/><br/>With tamper protection, malware is prevented from taking actions such as:<br/>- Disabling virus and threat protection<br/>- Disabling real-time protection<br/>- Turning off behavior monitoring<br/>- Disabling antivirus (such as IOfficeAntivirus (IOAV))<br/>- Disabling cloud-delivered protection<br/>- Removing security intelligence updates <br/><br/>Learn more about [Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection). | 
 | Network protection | Network protection in Windows helps prevent users from accessing dangerous IP addresses and domains that may host phishing scams, exploits, and other malicious content on the Internet. Network protection is part of attack surface reduction and helps provide an additional layer of protection for a user. Using reputation-based services, network protection blocks access to potentially harmful, low-reputation based domains and IP addresses. <br/><br/>In enterprise environments, network protection works best with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/?view=o365-worldwide), which provides detailed reporting into protection events as part of larger investigation scenarios.<br/><br/> Learn more about [Network protection](/microsoft-365/security/defender-endpoint/network-protection). |

From c6a3ad498cd9d6b15025034d5498a5a4218e5eb8 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 16:45:55 -0700
Subject: [PATCH 426/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 9e6018c19d..a16171bae0 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -34,7 +34,7 @@ Windows Security app | The Windows built-in security application found in setitn
 | Attack surface reduction rules | Your attack surfaces are the places and ways you are vulnerable to a cyber attack. Attack surface reduction rules are built into Windows and Windows Server. These rules block certain behaviors that are often abused to compromise your device or network. Such behaviors can include launching scripts or executables that attempt to download or run other files, running suspicious scripts, or performing other behaviors that apps don't typically initiate during normal work. You can configure rules to protect against risky behaviors.<br/><br/> Learn more about [Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction) |
 | Anti-tampering protection | Attacks like ransomware attempt to disable security features, such as anti-virus protection, on targeted devices. Bad actors like to disable security features to get easier access to user’s data, to install malware, or to otherwise exploit user’s data, identity, and devices without fear of being blocked. Tamper protection helps prevent these kinds of activities.<br/><br/>With tamper protection, malware is prevented from taking actions such as:<br/>- Disabling virus and threat protection<br/>- Disabling real-time protection<br/>- Turning off behavior monitoring<br/>- Disabling antivirus (such as IOfficeAntivirus (IOAV))<br/>- Disabling cloud-delivered protection<br/>- Removing security intelligence updates <br/><br/>Learn more about [Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection). | 
 | Network protection | Network protection in Windows helps prevent users from accessing dangerous IP addresses and domains that may host phishing scams, exploits, and other malicious content on the Internet. Network protection is part of attack surface reduction and helps provide an additional layer of protection for a user. Using reputation-based services, network protection blocks access to potentially harmful, low-reputation based domains and IP addresses. <br/><br/>In enterprise environments, network protection works best with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/?view=o365-worldwide), which provides detailed reporting into protection events as part of larger investigation scenarios.<br/><br/> Learn more about [Network protection](/microsoft-365/security/defender-endpoint/network-protection). |
-| Controlled folder access | With controlled folder access, you can protect your valuable information in specific folders by managing apps’ access to specific folders. Only trusted apps can access protected folders, which are specified when controlled folder access is configured. Typically, commonly used folders, such as those used for documents, pictures, downloads, are included in the list of controlled folders.<br/><br/> Controlled folder access helps protect valuable data from malicious apps and threats, such as ransomware. Learn more about [Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders). |
+| Controlled folder access | With controlled folder access, you can protect your valuable information in specific folders by managing apps’ access to specific folders. Only trusted apps can access protected folders, which are specified when controlled folder access is configured. Typically, commonly used folders, such as those used for documents, pictures, downloads, are included in the list of controlled folders. Controlled folder access helps protect valuable data from malicious apps and threats, such as ransomware. <br/><br/>Learn more about [Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders). |
 | Exploit protection | Exploit protection, available in Windows 10, version 1709 and later, automatically applies several exploit mitigation techniques to operating system processes and apps. Exploit protection works best with Microsoft Defender for Endpoint, which gives organizations detailed reporting into exploit protection events and blocks as part of typical alert investigation scenarios. <br/><br/>You can enable exploit protection on an individual device, and then use Group Policy to distribute the XML file to multiple devices simultaneously. When a mitigation is encountered on the device, a notification will be displayed from the Action Center. You can customize the notification with your company details and contact information. You can also enable the rules individually to customize which techniques the feature monitors.<br/><br/>Learn more about [Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection). | 
 | Microsoft Defender for Endpoint | Windows E5 customers benefit from [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide), an enterprise endpoint detection and response capability that helps enterprise security teams detect, investigate, and respond to advanced threats. With rich event data and attack insights, Defender for Endpoint enables your security team to investigate incidents and take remediation actions effectively and efficiently.<br/><br/>Defender for Endpoint also is part of [Microsoft 365 Defender](/microsoft-365/security/defender/?view=o365-worldwide), a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.<br/><br/>Learn more about [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint). |
 

From 5e418b87cbbed64ea18a99fcefaba8ea2fe489cb Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 16:46:35 -0700
Subject: [PATCH 427/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index a16171bae0..0541c53a89 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -28,7 +28,7 @@ Windows Security app | The Windows built-in security application found in setitn
 | Encryption and data protection | Wherever confidential data is stored, it must be protected against unauthorized access, whether through physical device theft or from malicious applications. Windows provides strong at-rest data-protection solutions that guard against nefarious attackers. <br/><br/> Learn more about [Encryption](encryption-data-protection.md). 
 | BitLocker | BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. BitLocker provides the most protection when used with a Trusted Platform Module (TPM) version 1.2 or later. <br/> <br/> Learn more about [BitLocker](information-protection/bitlocker/bitlocker-overview.md). |
 | Encrypted Hard Drive | <br/><br/>Encrypted Hard Drive uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management. <br> By offloading the cryptographic operations to hardware, Encrypted Hard Drives increase BitLocker performance and reduce CPU usage and power consumption. Because Encrypted Hard Drives encrypt data quickly, enterprise devices can expand BitLocker deployment with minimal impact on productivity. <br/><br/> Learn more about [Encrypted Hard Drives](information-protection/encrypted-hard-drive.md). <br><br/> |
-| Virtual Private Network | Virtual private networks (VPNs) are point-to-point connections across a private or public network, such as the Internet. A VPN client uses special TCP/IP or UDP-based protocols, called tunneling protocols, to make a virtual call to a virtual port on a VPN server. <br><br/>Learn more about [Virtual Private Networks](identity-protection/vpn/vpn-guide.md) (VPNs).<br/><br/>|
+| Virtual Private Network | Virtual private networks (VPNs) are point-to-point connections across a private or public network, such as the Internet. A VPN client uses special TCP/IP or UDP-based protocols, called tunneling protocols, to make a virtual call to a virtual port on a VPN server. <br><br/>Learn more about [Virtual Private Networks](identity-protection/vpn/vpn-guide.md).<br/><br/>|
 | Windows Defender Firewall | Windows Defender Firewall is a stateful host firewall that helps secure the device by allowing you to create rules that determine which network traffic is permitted to enter the device from the network and which network traffic the device is allowed to send to the network. Windows Defender Firewall also supports Internet Protocol security (IPsec), which you can use to require authentication from any device that is attempting to communicate with your device. <br><br/> Learn more about [Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md).<br/><br/>
 | Antivirus & antimalware protection | Microsoft Defender Antivirus is included in all versions of Windows 10, Windows Server 2016 and later, and Windows 11. If you have another antivirus app installed and turned on, Microsoft Defender Antivirus will turn off automatically. If you uninstall the other app, Microsoft Defender Antivirus will turn back on. <br/><br/>From the moment you boot Windows, Microsoft Defender Antivirus continually monitors for malware, viruses, and security threats. Updates are downloaded automatically to help protect your device from threats.  Microsoft Defender Antivirus continually scans for malware and threats, and also detects and blocks potentially unwanted applications (applications that can negatively impact your device even though they are not considered malware).<br/><br/>Microsoft Defender Antivirus integrates with cloud-delivered protection, which helps ensure near-instant detection and blocking of new and emerging threats.<br/><br/>Learn more about [next-generation protection and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows).| 
 | Attack surface reduction rules | Your attack surfaces are the places and ways you are vulnerable to a cyber attack. Attack surface reduction rules are built into Windows and Windows Server. These rules block certain behaviors that are often abused to compromise your device or network. Such behaviors can include launching scripts or executables that attempt to download or run other files, running suspicious scripts, or performing other behaviors that apps don't typically initiate during normal work. You can configure rules to protect against risky behaviors.<br/><br/> Learn more about [Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction) |

From a117b862955c39a4edbcac27139bc978e80618a1 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 16:52:42 -0700
Subject: [PATCH 428/671] Update operating-system.md

---
 windows/security/operating-system.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 0541c53a89..7b23896865 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -28,6 +28,7 @@ Windows Security app | The Windows built-in security application found in setitn
 | Encryption and data protection | Wherever confidential data is stored, it must be protected against unauthorized access, whether through physical device theft or from malicious applications. Windows provides strong at-rest data-protection solutions that guard against nefarious attackers. <br/><br/> Learn more about [Encryption](encryption-data-protection.md). 
 | BitLocker | BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. BitLocker provides the most protection when used with a Trusted Platform Module (TPM) version 1.2 or later. <br/> <br/> Learn more about [BitLocker](information-protection/bitlocker/bitlocker-overview.md). |
 | Encrypted Hard Drive | <br/><br/>Encrypted Hard Drive uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management. <br> By offloading the cryptographic operations to hardware, Encrypted Hard Drives increase BitLocker performance and reduce CPU usage and power consumption. Because Encrypted Hard Drives encrypt data quickly, enterprise devices can expand BitLocker deployment with minimal impact on productivity. <br/><br/> Learn more about [Encrypted Hard Drives](information-protection/encrypted-hard-drive.md). <br><br/> |
+| Security baselines | A security baseline is a group of Microsoft-recommended configuration settings that explains their security impact. These settings are based on feedback from Microsoft security engineering teams, product groups, partners, and customers. <br/><br/>Security baselines are included in the [Security Compliance Toolkit](threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md) that you can download from the Microsoft Download Center.<br/><br/> |
 | Virtual Private Network | Virtual private networks (VPNs) are point-to-point connections across a private or public network, such as the Internet. A VPN client uses special TCP/IP or UDP-based protocols, called tunneling protocols, to make a virtual call to a virtual port on a VPN server. <br><br/>Learn more about [Virtual Private Networks](identity-protection/vpn/vpn-guide.md).<br/><br/>|
 | Windows Defender Firewall | Windows Defender Firewall is a stateful host firewall that helps secure the device by allowing you to create rules that determine which network traffic is permitted to enter the device from the network and which network traffic the device is allowed to send to the network. Windows Defender Firewall also supports Internet Protocol security (IPsec), which you can use to require authentication from any device that is attempting to communicate with your device. <br><br/> Learn more about [Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md).<br/><br/>
 | Antivirus & antimalware protection | Microsoft Defender Antivirus is included in all versions of Windows 10, Windows Server 2016 and later, and Windows 11. If you have another antivirus app installed and turned on, Microsoft Defender Antivirus will turn off automatically. If you uninstall the other app, Microsoft Defender Antivirus will turn back on. <br/><br/>From the moment you boot Windows, Microsoft Defender Antivirus continually monitors for malware, viruses, and security threats. Updates are downloaded automatically to help protect your device from threats.  Microsoft Defender Antivirus continually scans for malware and threats, and also detects and blocks potentially unwanted applications (applications that can negatively impact your device even though they are not considered malware).<br/><br/>Microsoft Defender Antivirus integrates with cloud-delivered protection, which helps ensure near-instant detection and blocking of new and emerging threats.<br/><br/>Learn more about [next-generation protection and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows).| 

From f0daf1250b579f998aba11f8696d1b5475df3d6c Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 16:54:00 -0700
Subject: [PATCH 429/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 7b23896865..46f1b7f35e 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -28,7 +28,7 @@ Windows Security app | The Windows built-in security application found in setitn
 | Encryption and data protection | Wherever confidential data is stored, it must be protected against unauthorized access, whether through physical device theft or from malicious applications. Windows provides strong at-rest data-protection solutions that guard against nefarious attackers. <br/><br/> Learn more about [Encryption](encryption-data-protection.md). 
 | BitLocker | BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. BitLocker provides the most protection when used with a Trusted Platform Module (TPM) version 1.2 or later. <br/> <br/> Learn more about [BitLocker](information-protection/bitlocker/bitlocker-overview.md). |
 | Encrypted Hard Drive | <br/><br/>Encrypted Hard Drive uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management. <br> By offloading the cryptographic operations to hardware, Encrypted Hard Drives increase BitLocker performance and reduce CPU usage and power consumption. Because Encrypted Hard Drives encrypt data quickly, enterprise devices can expand BitLocker deployment with minimal impact on productivity. <br/><br/> Learn more about [Encrypted Hard Drives](information-protection/encrypted-hard-drive.md). <br><br/> |
-| Security baselines | A security baseline is a group of Microsoft-recommended configuration settings that explains their security impact. These settings are based on feedback from Microsoft security engineering teams, product groups, partners, and customers. <br/><br/>Security baselines are included in the [Security Compliance Toolkit](threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md) that you can download from the Microsoft Download Center.<br/><br/> |
+| Security baselines | A security baseline is a group of Microsoft-recommended configuration settings that explains their security impact. These settings are based on feedback from Microsoft security engineering teams, product groups, partners, and customers. <br/><br/>Security baselines are included in the [Security Compliance Toolkit](threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md) that you can download from the Microsoft Download Center.<br/><br/>Learn more about [security baselines](threat-protection/windows-security-configuration-framework/windows-security-baselines.md). |
 | Virtual Private Network | Virtual private networks (VPNs) are point-to-point connections across a private or public network, such as the Internet. A VPN client uses special TCP/IP or UDP-based protocols, called tunneling protocols, to make a virtual call to a virtual port on a VPN server. <br><br/>Learn more about [Virtual Private Networks](identity-protection/vpn/vpn-guide.md).<br/><br/>|
 | Windows Defender Firewall | Windows Defender Firewall is a stateful host firewall that helps secure the device by allowing you to create rules that determine which network traffic is permitted to enter the device from the network and which network traffic the device is allowed to send to the network. Windows Defender Firewall also supports Internet Protocol security (IPsec), which you can use to require authentication from any device that is attempting to communicate with your device. <br><br/> Learn more about [Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md).<br/><br/>
 | Antivirus & antimalware protection | Microsoft Defender Antivirus is included in all versions of Windows 10, Windows Server 2016 and later, and Windows 11. If you have another antivirus app installed and turned on, Microsoft Defender Antivirus will turn off automatically. If you uninstall the other app, Microsoft Defender Antivirus will turn back on. <br/><br/>From the moment you boot Windows, Microsoft Defender Antivirus continually monitors for malware, viruses, and security threats. Updates are downloaded automatically to help protect your device from threats.  Microsoft Defender Antivirus continually scans for malware and threats, and also detects and blocks potentially unwanted applications (applications that can negatively impact your device even though they are not considered malware).<br/><br/>Microsoft Defender Antivirus integrates with cloud-delivered protection, which helps ensure near-instant detection and blocking of new and emerging threats.<br/><br/>Learn more about [next-generation protection and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows).| 

From 6078ad66a337f975bd74fb024c203cc7f5d14ead Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 16:55:25 -0700
Subject: [PATCH 430/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 46f1b7f35e..21eeae82fb 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -31,7 +31,7 @@ Windows Security app | The Windows built-in security application found in setitn
 | Security baselines | A security baseline is a group of Microsoft-recommended configuration settings that explains their security impact. These settings are based on feedback from Microsoft security engineering teams, product groups, partners, and customers. <br/><br/>Security baselines are included in the [Security Compliance Toolkit](threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md) that you can download from the Microsoft Download Center.<br/><br/>Learn more about [security baselines](threat-protection/windows-security-configuration-framework/windows-security-baselines.md). |
 | Virtual Private Network | Virtual private networks (VPNs) are point-to-point connections across a private or public network, such as the Internet. A VPN client uses special TCP/IP or UDP-based protocols, called tunneling protocols, to make a virtual call to a virtual port on a VPN server. <br><br/>Learn more about [Virtual Private Networks](identity-protection/vpn/vpn-guide.md).<br/><br/>|
 | Windows Defender Firewall | Windows Defender Firewall is a stateful host firewall that helps secure the device by allowing you to create rules that determine which network traffic is permitted to enter the device from the network and which network traffic the device is allowed to send to the network. Windows Defender Firewall also supports Internet Protocol security (IPsec), which you can use to require authentication from any device that is attempting to communicate with your device. <br><br/> Learn more about [Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md).<br/><br/>
-| Antivirus & antimalware protection | Microsoft Defender Antivirus is included in all versions of Windows 10, Windows Server 2016 and later, and Windows 11. If you have another antivirus app installed and turned on, Microsoft Defender Antivirus will turn off automatically. If you uninstall the other app, Microsoft Defender Antivirus will turn back on. <br/><br/>From the moment you boot Windows, Microsoft Defender Antivirus continually monitors for malware, viruses, and security threats. Updates are downloaded automatically to help protect your device from threats.  Microsoft Defender Antivirus continually scans for malware and threats, and also detects and blocks potentially unwanted applications (applications that can negatively impact your device even though they are not considered malware).<br/><br/>Microsoft Defender Antivirus integrates with cloud-delivered protection, which helps ensure near-instant detection and blocking of new and emerging threats.<br/><br/>Learn more about [next-generation protection and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows).| 
+| Antivirus & antimalware protection | Microsoft Defender Antivirus is included in all versions of Windows 10, Windows Server 2016 and later, and Windows 11. If you have another antivirus app installed and turned on, Microsoft Defender Antivirus will turn off automatically. If you uninstall the other app, Microsoft Defender Antivirus will turn back on. <br/><br/>From the moment you boot Windows, Microsoft Defender Antivirus continually monitors for malware, viruses, and security threats. Updates are downloaded automatically to help protect your device from threats.  Microsoft Defender Antivirus continually scans for malware and threats, and also detects and blocks potentially unwanted applications (applications that can negatively impact your device even though they are not considered malware).<br/><br/>Microsoft Defender Antivirus integrates with [cloud-delivered protection](/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus?view=o365-worldwide), which helps ensure near-instant detection and blocking of new and emerging threats.<br/><br/>Learn more about [next-generation protection and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows).| 
 | Attack surface reduction rules | Your attack surfaces are the places and ways you are vulnerable to a cyber attack. Attack surface reduction rules are built into Windows and Windows Server. These rules block certain behaviors that are often abused to compromise your device or network. Such behaviors can include launching scripts or executables that attempt to download or run other files, running suspicious scripts, or performing other behaviors that apps don't typically initiate during normal work. You can configure rules to protect against risky behaviors.<br/><br/> Learn more about [Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction) |
 | Anti-tampering protection | Attacks like ransomware attempt to disable security features, such as anti-virus protection, on targeted devices. Bad actors like to disable security features to get easier access to user’s data, to install malware, or to otherwise exploit user’s data, identity, and devices without fear of being blocked. Tamper protection helps prevent these kinds of activities.<br/><br/>With tamper protection, malware is prevented from taking actions such as:<br/>- Disabling virus and threat protection<br/>- Disabling real-time protection<br/>- Turning off behavior monitoring<br/>- Disabling antivirus (such as IOfficeAntivirus (IOAV))<br/>- Disabling cloud-delivered protection<br/>- Removing security intelligence updates <br/><br/>Learn more about [Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection). | 
 | Network protection | Network protection in Windows helps prevent users from accessing dangerous IP addresses and domains that may host phishing scams, exploits, and other malicious content on the Internet. Network protection is part of attack surface reduction and helps provide an additional layer of protection for a user. Using reputation-based services, network protection blocks access to potentially harmful, low-reputation based domains and IP addresses. <br/><br/>In enterprise environments, network protection works best with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/?view=o365-worldwide), which provides detailed reporting into protection events as part of larger investigation scenarios.<br/><br/> Learn more about [Network protection](/microsoft-365/security/defender-endpoint/network-protection). |

From d4286878b4d61dd8e5c2d812b0a15c13f41b853a Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 16:59:04 -0700
Subject: [PATCH 431/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 21eeae82fb..97a88f9cc3 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -31,7 +31,7 @@ Windows Security app | The Windows built-in security application found in setitn
 | Security baselines | A security baseline is a group of Microsoft-recommended configuration settings that explains their security impact. These settings are based on feedback from Microsoft security engineering teams, product groups, partners, and customers. <br/><br/>Security baselines are included in the [Security Compliance Toolkit](threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md) that you can download from the Microsoft Download Center.<br/><br/>Learn more about [security baselines](threat-protection/windows-security-configuration-framework/windows-security-baselines.md). |
 | Virtual Private Network | Virtual private networks (VPNs) are point-to-point connections across a private or public network, such as the Internet. A VPN client uses special TCP/IP or UDP-based protocols, called tunneling protocols, to make a virtual call to a virtual port on a VPN server. <br><br/>Learn more about [Virtual Private Networks](identity-protection/vpn/vpn-guide.md).<br/><br/>|
 | Windows Defender Firewall | Windows Defender Firewall is a stateful host firewall that helps secure the device by allowing you to create rules that determine which network traffic is permitted to enter the device from the network and which network traffic the device is allowed to send to the network. Windows Defender Firewall also supports Internet Protocol security (IPsec), which you can use to require authentication from any device that is attempting to communicate with your device. <br><br/> Learn more about [Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md).<br/><br/>
-| Antivirus & antimalware protection | Microsoft Defender Antivirus is included in all versions of Windows 10, Windows Server 2016 and later, and Windows 11. If you have another antivirus app installed and turned on, Microsoft Defender Antivirus will turn off automatically. If you uninstall the other app, Microsoft Defender Antivirus will turn back on. <br/><br/>From the moment you boot Windows, Microsoft Defender Antivirus continually monitors for malware, viruses, and security threats. Updates are downloaded automatically to help protect your device from threats.  Microsoft Defender Antivirus continually scans for malware and threats, and also detects and blocks potentially unwanted applications (applications that can negatively impact your device even though they are not considered malware).<br/><br/>Microsoft Defender Antivirus integrates with [cloud-delivered protection](/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus?view=o365-worldwide), which helps ensure near-instant detection and blocking of new and emerging threats.<br/><br/>Learn more about [next-generation protection and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows).| 
+| Antivirus & antimalware protection | Microsoft Defender Antivirus is included in all versions of Windows 10, Windows Server 2016 and later, and Windows 11. If you have another antivirus app installed and turned on, Microsoft Defender Antivirus will turn off automatically. If you uninstall the other app, Microsoft Defender Antivirus will turn back on. <br/><br/>From the moment you boot Windows, Microsoft Defender Antivirus continually monitors for malware, viruses, and security threats. Updates are downloaded automatically to help protect your device from threats.  Microsoft Defender Antivirus continually scans for malware and threats, and also detects and blocks [potentially unwanted applications](/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus?view=o365-worldwide) (applications that can negatively impact your device even though they are not considered malware).<br/><br/>Microsoft Defender Antivirus integrates with [cloud-delivered protection](/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus?view=o365-worldwide), which helps ensure near-instant detection and blocking of new and emerging threats.<br/><br/>Learn more about [next-generation protection and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows).| 
 | Attack surface reduction rules | Your attack surfaces are the places and ways you are vulnerable to a cyber attack. Attack surface reduction rules are built into Windows and Windows Server. These rules block certain behaviors that are often abused to compromise your device or network. Such behaviors can include launching scripts or executables that attempt to download or run other files, running suspicious scripts, or performing other behaviors that apps don't typically initiate during normal work. You can configure rules to protect against risky behaviors.<br/><br/> Learn more about [Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction) |
 | Anti-tampering protection | Attacks like ransomware attempt to disable security features, such as anti-virus protection, on targeted devices. Bad actors like to disable security features to get easier access to user’s data, to install malware, or to otherwise exploit user’s data, identity, and devices without fear of being blocked. Tamper protection helps prevent these kinds of activities.<br/><br/>With tamper protection, malware is prevented from taking actions such as:<br/>- Disabling virus and threat protection<br/>- Disabling real-time protection<br/>- Turning off behavior monitoring<br/>- Disabling antivirus (such as IOfficeAntivirus (IOAV))<br/>- Disabling cloud-delivered protection<br/>- Removing security intelligence updates <br/><br/>Learn more about [Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection). | 
 | Network protection | Network protection in Windows helps prevent users from accessing dangerous IP addresses and domains that may host phishing scams, exploits, and other malicious content on the Internet. Network protection is part of attack surface reduction and helps provide an additional layer of protection for a user. Using reputation-based services, network protection blocks access to potentially harmful, low-reputation based domains and IP addresses. <br/><br/>In enterprise environments, network protection works best with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/?view=o365-worldwide), which provides detailed reporting into protection events as part of larger investigation scenarios.<br/><br/> Learn more about [Network protection](/microsoft-365/security/defender-endpoint/network-protection). |

From 2375afe19d14d1f3991bb56d4a8d2b498072492e Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 17:01:15 -0700
Subject: [PATCH 432/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 97a88f9cc3..fbc384e66c 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -32,7 +32,7 @@ Windows Security app | The Windows built-in security application found in setitn
 | Virtual Private Network | Virtual private networks (VPNs) are point-to-point connections across a private or public network, such as the Internet. A VPN client uses special TCP/IP or UDP-based protocols, called tunneling protocols, to make a virtual call to a virtual port on a VPN server. <br><br/>Learn more about [Virtual Private Networks](identity-protection/vpn/vpn-guide.md).<br/><br/>|
 | Windows Defender Firewall | Windows Defender Firewall is a stateful host firewall that helps secure the device by allowing you to create rules that determine which network traffic is permitted to enter the device from the network and which network traffic the device is allowed to send to the network. Windows Defender Firewall also supports Internet Protocol security (IPsec), which you can use to require authentication from any device that is attempting to communicate with your device. <br><br/> Learn more about [Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md).<br/><br/>
 | Antivirus & antimalware protection | Microsoft Defender Antivirus is included in all versions of Windows 10, Windows Server 2016 and later, and Windows 11. If you have another antivirus app installed and turned on, Microsoft Defender Antivirus will turn off automatically. If you uninstall the other app, Microsoft Defender Antivirus will turn back on. <br/><br/>From the moment you boot Windows, Microsoft Defender Antivirus continually monitors for malware, viruses, and security threats. Updates are downloaded automatically to help protect your device from threats.  Microsoft Defender Antivirus continually scans for malware and threats, and also detects and blocks [potentially unwanted applications](/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus?view=o365-worldwide) (applications that can negatively impact your device even though they are not considered malware).<br/><br/>Microsoft Defender Antivirus integrates with [cloud-delivered protection](/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus?view=o365-worldwide), which helps ensure near-instant detection and blocking of new and emerging threats.<br/><br/>Learn more about [next-generation protection and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows).| 
-| Attack surface reduction rules | Your attack surfaces are the places and ways you are vulnerable to a cyber attack. Attack surface reduction rules are built into Windows and Windows Server. These rules block certain behaviors that are often abused to compromise your device or network. Such behaviors can include launching scripts or executables that attempt to download or run other files, running suspicious scripts, or performing other behaviors that apps don't typically initiate during normal work. You can configure rules to protect against risky behaviors.<br/><br/> Learn more about [Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction) |
+| Attack surface reduction rules | Your attack surfaces are the places and ways you are vulnerable to a cyber attack. Attack surface reduction rules are built into Windows and Windows Server to prevent and block certain behaviors that are often abused to compromise your device or network. Such behaviors can include launching scripts or executables that attempt to download or run other files, running suspicious scripts, or performing other behaviors that apps don't typically initiate during normal work. You can configure your attack surface reduction rules to protect against risky behaviors.<br/><br/> Learn more about [Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction) |
 | Anti-tampering protection | Attacks like ransomware attempt to disable security features, such as anti-virus protection, on targeted devices. Bad actors like to disable security features to get easier access to user’s data, to install malware, or to otherwise exploit user’s data, identity, and devices without fear of being blocked. Tamper protection helps prevent these kinds of activities.<br/><br/>With tamper protection, malware is prevented from taking actions such as:<br/>- Disabling virus and threat protection<br/>- Disabling real-time protection<br/>- Turning off behavior monitoring<br/>- Disabling antivirus (such as IOfficeAntivirus (IOAV))<br/>- Disabling cloud-delivered protection<br/>- Removing security intelligence updates <br/><br/>Learn more about [Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection). | 
 | Network protection | Network protection in Windows helps prevent users from accessing dangerous IP addresses and domains that may host phishing scams, exploits, and other malicious content on the Internet. Network protection is part of attack surface reduction and helps provide an additional layer of protection for a user. Using reputation-based services, network protection blocks access to potentially harmful, low-reputation based domains and IP addresses. <br/><br/>In enterprise environments, network protection works best with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/?view=o365-worldwide), which provides detailed reporting into protection events as part of larger investigation scenarios.<br/><br/> Learn more about [Network protection](/microsoft-365/security/defender-endpoint/network-protection). |
 | Controlled folder access | With controlled folder access, you can protect your valuable information in specific folders by managing apps’ access to specific folders. Only trusted apps can access protected folders, which are specified when controlled folder access is configured. Typically, commonly used folders, such as those used for documents, pictures, downloads, are included in the list of controlled folders. Controlled folder access helps protect valuable data from malicious apps and threats, such as ransomware. <br/><br/>Learn more about [Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders). |

From 07060fa8b9396c9048e6b6d34d47e49d3b5ae5d4 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 16 Sep 2021 17:01:31 -0700
Subject: [PATCH 433/671] removing TP TOC fixing home link

---
 windows/security/threat-protection/TOC.yml    | 38 -------------------
 .../threat-protection/auditing/TOC.yml        |  2 +-
 .../security-policy-settings/TOC.yml          |  2 +-
 .../windows-firewall/TOC.yml                  |  2 +-
 4 files changed, 3 insertions(+), 41 deletions(-)
 delete mode 100644 windows/security/threat-protection/TOC.yml

diff --git a/windows/security/threat-protection/TOC.yml b/windows/security/threat-protection/TOC.yml
deleted file mode 100644
index c4a518650a..0000000000
--- a/windows/security/threat-protection/TOC.yml
+++ /dev/null
@@ -1,38 +0,0 @@
-- name: Windows threat protection
-  items: 
-   - name: Overview
-     href: index.md
-   - name: Microsoft Defender Antivirus
-     href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows
-   - name: Attack surface reduction rules
-     href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/attack-surface-reduction
-   - name: Tamper protection
-     href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection
-   - name: Network protection
-     href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/network-protection
-   - name: Controlled folder access
-     href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/controlled-folders
-   - name: Exploit protection
-     href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/exploit-protection
-   - name: Microsoft Defender for Endpoint
-     href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint
-
-- name: Hardware security
-  href: ../hardware.md
-
-- name: Operating system security
-  href: ../operating-system.md
-
-- name: Application security
-  href: ../apps.md
-
-- name: Cloud services
-  href: ../cloud.md
-
-- name: User protection
-  href: ../identity.md
-
-- name: Security foundations
-
-- name: Windows Privacy
-  href: /windows/privacy/windows-10-and-privacy-compliance.md
\ No newline at end of file
diff --git a/windows/security/threat-protection/auditing/TOC.yml b/windows/security/threat-protection/auditing/TOC.yml
index 00e500f989..4f122c5d8e 100644
--- a/windows/security/threat-protection/auditing/TOC.yml
+++ b/windows/security/threat-protection/auditing/TOC.yml
@@ -764,4 +764,4 @@
                     - name: File System (Global Object Access Auditing)
                       href: file-system-global-object-access-auditing.md
         - name: Windows security
-          href: /windows/security/index.yml
\ No newline at end of file
+          href: /windows/security/
\ No newline at end of file
diff --git a/windows/security/threat-protection/security-policy-settings/TOC.yml b/windows/security/threat-protection/security-policy-settings/TOC.yml
index 5afa3d271b..1ddc477ef1 100644
--- a/windows/security/threat-protection/security-policy-settings/TOC.yml
+++ b/windows/security/threat-protection/security-policy-settings/TOC.yml
@@ -348,4 +348,4 @@
                     - name: Take ownership of files or other objects
                       href: take-ownership-of-files-or-other-objects.md
         - name: Windows security
-          href: /windows/security/index.yml
\ No newline at end of file
+          href: /windows/security/
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-firewall/TOC.yml b/windows/security/threat-protection/windows-firewall/TOC.yml
index 55e911297b..ca84e461a5 100644
--- a/windows/security/threat-protection/windows-firewall/TOC.yml
+++ b/windows/security/threat-protection/windows-firewall/TOC.yml
@@ -251,4 +251,4 @@
         - name: Firewall settings lost on upgrade
           href: firewall-settings-lost-on-upgrade.md
 - name: Windows security
-  href: /windows/security/index.yml
+  href: /windows/security/

From be4b27ae24edbc97eb2c358bcb050255602c8e5a Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 17:02:07 -0700
Subject: [PATCH 434/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index fbc384e66c..578efaf296 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -37,5 +37,5 @@ Windows Security app | The Windows built-in security application found in setitn
 | Network protection | Network protection in Windows helps prevent users from accessing dangerous IP addresses and domains that may host phishing scams, exploits, and other malicious content on the Internet. Network protection is part of attack surface reduction and helps provide an additional layer of protection for a user. Using reputation-based services, network protection blocks access to potentially harmful, low-reputation based domains and IP addresses. <br/><br/>In enterprise environments, network protection works best with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/?view=o365-worldwide), which provides detailed reporting into protection events as part of larger investigation scenarios.<br/><br/> Learn more about [Network protection](/microsoft-365/security/defender-endpoint/network-protection). |
 | Controlled folder access | With controlled folder access, you can protect your valuable information in specific folders by managing apps’ access to specific folders. Only trusted apps can access protected folders, which are specified when controlled folder access is configured. Typically, commonly used folders, such as those used for documents, pictures, downloads, are included in the list of controlled folders. Controlled folder access helps protect valuable data from malicious apps and threats, such as ransomware. <br/><br/>Learn more about [Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders). |
 | Exploit protection | Exploit protection, available in Windows 10, version 1709 and later, automatically applies several exploit mitigation techniques to operating system processes and apps. Exploit protection works best with Microsoft Defender for Endpoint, which gives organizations detailed reporting into exploit protection events and blocks as part of typical alert investigation scenarios. <br/><br/>You can enable exploit protection on an individual device, and then use Group Policy to distribute the XML file to multiple devices simultaneously. When a mitigation is encountered on the device, a notification will be displayed from the Action Center. You can customize the notification with your company details and contact information. You can also enable the rules individually to customize which techniques the feature monitors.<br/><br/>Learn more about [Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection). | 
-| Microsoft Defender for Endpoint | Windows E5 customers benefit from [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide), an enterprise endpoint detection and response capability that helps enterprise security teams detect, investigate, and respond to advanced threats. With rich event data and attack insights, Defender for Endpoint enables your security team to investigate incidents and take remediation actions effectively and efficiently.<br/><br/>Defender for Endpoint also is part of [Microsoft 365 Defender](/microsoft-365/security/defender/?view=o365-worldwide), a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.<br/><br/>Learn more about [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint). |
+| Microsoft Defender for Endpoint | Windows E5 customers benefit from [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide), an enterprise endpoint detection and response capability that helps enterprise security teams detect, investigate, and respond to advanced threats. With rich event data and attack insights, Defender for Endpoint enables your security team to investigate incidents and take remediation actions effectively and efficiently.<br/><br/>Defender for Endpoint also is part of [Microsoft 365 Defender](/microsoft-365/security/defender/?view=o365-worldwide), a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.<br/><br/>Learn more about [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint) and [Microsoft 365 Defender](/microsoft-365/security/defender/?view=o365-worldwide). |
 

From 76cdce8dc15a23416cb2604d44427bbf6bb0d3ea Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 17:11:11 -0700
Subject: [PATCH 435/671] Create security-foundations.md

---
 windows/security/security-foundations.md | 27 ++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 windows/security/security-foundations.md

diff --git a/windows/security/security-foundations.md b/windows/security/security-foundations.md
new file mode 100644
index 0000000000..1c9ec3e3dc
--- /dev/null
+++ b/windows/security/security-foundations.md
@@ -0,0 +1,27 @@
+---
+title: Windows security foundations
+description: Get an overview of security foundations, including the security development lifecycle, common criteria, and the bug bounty program.
+ms.reviewer: 
+ms.topic: article
+manager: dansimp
+ms.author: deniseb
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: denisebmsft
+ms.collection: M365-security-compliance
+ms.prod: m365-security
+ms.technology: windows-sec
+---
+
+# Windows security foundations
+
+Microsoft is committed to continuously invest in improving our software development process, building highly secure-by-design software, and addressing security compliance requirements. At Microsoft, we embed security and privacy considerations from the earliest life-cycle phases of all our software development processes. We build in security from the ground for powerful defense in today’s threat environment.
+
+Our strong security foundation leverages Microsoft Security Development Lifecycle (SDL) Bug Bounty, support for product security standards and certifications, and Azure Code signing. As a result, we improve security by producing software with fewer defects and vulnerabilities instead of relying on applying updates after vulnerabilities have been identified. 
+
+Use the links in the following table to learn more about the security foundations:<br/><br/>
+
+| Concept | Description |
+|:---|:---|
+| FIBS 140-2 Validation | The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government standard. FIPS is based on Section 5131 of the Information Technology Management Reform Act of 1996. It defines the minimum security requirements for cryptographic modules in IT products. Microsoft maintains an active commitment to meeting the requirements of the FIPS 140-2 standard, having validated cryptographic modules against it since it was first established in 2001. <br/><br/>Learn more about [FIPS 140-2 Validation](threat-protection/fips-140-validation.md). |
\ No newline at end of file

From 964f5da205df9a897d929b2d4df0aefaaf1bb68b Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 17:12:12 -0700
Subject: [PATCH 436/671] Update TOC.yml

---
 windows/security/TOC.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 1e359ee788..41b9403668 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -441,6 +441,8 @@
               href: identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
 - name: Security foundations
   items: 
+    - name: Overview
+      href: security-foundations.md
     - name: FIPS 140-2 Validation
       href: threat-protection/fips-140-validation.md
     - name: Common Criteria Certifications

From f48a3e4ed72db368c8e787238e9aee9841fb8685 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 17:17:36 -0700
Subject: [PATCH 437/671] Update security-foundations.md

---
 windows/security/security-foundations.md | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/windows/security/security-foundations.md b/windows/security/security-foundations.md
index 1c9ec3e3dc..2e2f94b61b 100644
--- a/windows/security/security-foundations.md
+++ b/windows/security/security-foundations.md
@@ -24,4 +24,10 @@ Use the links in the following table to learn more about the security foundation
 
 | Concept | Description |
 |:---|:---|
-| FIBS 140-2 Validation | The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government standard. FIPS is based on Section 5131 of the Information Technology Management Reform Act of 1996. It defines the minimum security requirements for cryptographic modules in IT products. Microsoft maintains an active commitment to meeting the requirements of the FIPS 140-2 standard, having validated cryptographic modules against it since it was first established in 2001. <br/><br/>Learn more about [FIPS 140-2 Validation](threat-protection/fips-140-validation.md). |
\ No newline at end of file
+| FIBS 140-2 Validation | The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government standard. FIPS is based on Section 5131 of the Information Technology Management Reform Act of 1996. It defines the minimum security requirements for cryptographic modules in IT products. Microsoft maintains an active commitment to meeting the requirements of the FIPS 140-2 standard, having validated cryptographic modules against it since it was first established in 2001. <br/><br/>Learn more about [FIPS 140-2 Validation](threat-protection/fips-140-validation.md). |
+| Common Criteria Certifications |  Microsoft supports the Common Criteria certification program, ensures that products incorporate the features and functions required by relevant Common Criteria Protection Profiles, and completes Common Criteria certifications of Microsoft Windows products. <br/><br/>Learn more about [Common Criteria Certifications](threat-protection/windows-platform-common-criteria.md). |
+| Microsoft Security Development Lifecycle | The Security Development Lifecycle (SDL) is a security assurance process that is focused on software development. The SDL has played a critical role in embedding security and privacy in software and culture at Microsoft.<br/><br/>Learn more about [Microsoft SDL](threat-protection/msft-security-dev-lifecycle.md).|
+| Microsoft Bug Bounty Program | If you find a vulnerability in a Microsoft product, service, or device, we want to hear from you! If your vulnerability report affects a product or service that is within scope of one of our bounty programs below, you could receive a bounty award according to the program descriptions.<br/><br/>Learn more about the [Microsoft Bug Bounty Program](https://www.microsoft.com/en-us/msrc/bounty?rtc=1). |
+
+
+

From 804a7e8151928b5c2f5a17485bdc729c997f7ecc Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 17:19:24 -0700
Subject: [PATCH 438/671] Update TOC.yml

---
 windows/security/TOC.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 41b9403668..bb4ea7332b 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -443,13 +443,13 @@
   items: 
     - name: Overview
       href: security-foundations.md
-    - name: FIPS 140-2 Validation
-      href: threat-protection/fips-140-validation.md
-    - name: Common Criteria Certifications
-      href: threat-protection/windows-platform-common-criteria.md
     - name: Microsoft Security Development Lifecycle
       href: threat-protection/msft-security-dev-lifecycle.md
     - name: Microsoft Bug Bounty Program
       href: threat-protection/microsoft-bug-bounty-program.md
+    - name: FIPS 140-2 Validation
+      href: threat-protection/fips-140-validation.md
+    - name: Common Criteria Certifications
+      href: threat-protection/windows-platform-common-criteria.md
 - name: Windows Privacy
   href: /windows/privacy/windows-10-and-privacy-compliance.md

From 997d731f3ee906bdb9592e32e910017d27cd9e94 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 17:21:38 -0700
Subject: [PATCH 439/671] Update index.yml

---
 windows/security/index.yml | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 0dc418be7d..30b34d27ab 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -11,7 +11,7 @@ metadata:
   ms.collection: m365-security-compliance
   author: dansimp #Required; your GitHub user alias, with correct capitalization.
   ms.author: dansimp #Required; microsoft alias of author; optional team alias.
-  ms.date: 09/14/2021
+  ms.date: 09/16/2021
   localization_priority: Priority
     
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
@@ -90,16 +90,20 @@ landingContent:
   # Card (optional)
   - title: Security foundations
     linkLists:
+      - linkListType: overview
+        links:
+        - text: Security foundations
+          url: security-foundations.md
       - linkListType: concept
         links:
-          - text: Federal Information Processing Standard (FIPS) 140 Validation
-            url: /windows/security/threat-protection/fips-140-validation.md
-          - text: Common Criteria Certifications
-            url: /windows/security/threat-protection/windows-platform-common-criteria.md
           - text: Microsoft Security Development Lifecycle
             url: /windows/security/threat-protection/msft-security-dev-lifecycle.md
           - text: Microsoft Bug Bounty
             url: /windows/security/threat-protection/microsoft-bug-bounty-program.md
+          - text: Common Criteria Certifications
+            url: /windows/security/threat-protection/windows-platform-common-criteria.md
+          - text: Federal Information Processing Standard (FIPS) 140 Validation
+            url: /windows/security/threat-protection/fips-140-validation.md
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)

From 6d1f805d7698668aa71cb2e38c2105fc4ce1b59b Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 17:26:27 -0700
Subject: [PATCH 440/671] Update index.yml

---
 windows/security/index.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 30b34d27ab..fa6bce4547 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -26,6 +26,8 @@ landingContent:
         links:
         - text: Trusted Platform Module
           url: /windows/security/information-protection/tpm/trusted-platform-module-top-node.md
+        - text: Hardware-based root of trust
+          url: threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md
         - text: Protect domain credentials
           url: /windows/security/identity-protection/credential-guard/credential-guard.md
         - text: Kernel DMA Protection

From c46601ff9968cdc9d76e8af24480f514ac81a901 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 16 Sep 2021 17:28:05 -0700
Subject: [PATCH 441/671] adding links back to WinSecurity

---
 .../microsoft-defender-application-guard/TOC.yml         | 9 ++++++---
 .../windows-defender-application-control/TOC.yml         | 3 +++
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/TOC.yml b/windows/security/threat-protection/microsoft-defender-application-guard/TOC.yml
index ee887e168a..e235cf65ec 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/TOC.yml
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/TOC.yml
@@ -3,13 +3,16 @@
   items: 
     - name: System requirements
       href: reqs-md-app-guard.md
-    - name: Install WDAG
+    - name: Install Application Guard
       href: install-md-app-guard.md
-    - name: Configure WDAG policies
+    - name: Configure Application Guard policies
       href: configure-md-app-guard.md
     - name: Test scenarios
       href: test-scenarios-md-app-guard.md
     - name: Microsoft Defender Application Guard Extension
       href: md-app-guard-browser-extension.md
-    - name: FAQ
+    - name: Application Guard FAQ
       href: faq-md-app-guard.yml
+- name: Windows security
+  href: /windows/security/
+
diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.yml b/windows/security/threat-protection/windows-defender-application-control/TOC.yml
index 2a9d13497a..c867f6aee4 100644
--- a/windows/security/threat-protection/windows-defender-application-control/TOC.yml
+++ b/windows/security/threat-protection/windows-defender-application-control/TOC.yml
@@ -292,3 +292,6 @@
                   href: applocker\using-event-viewer-with-applocker.md
             - name: AppLocker Settings
               href: applocker\applocker-settings.md
+- name: Windows security
+  href: /windows/security/
+

From ae0476ab69990813002ba579c427d05f1e441738 Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Thu, 16 Sep 2021 20:28:16 -0400
Subject: [PATCH 442/671] added policy

---
 windows/configuration/customize-taskbar-windows-11.md  | 4 ++--
 windows/configuration/supported-csp-taskbar-windows.md | 8 ++------
 2 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/windows/configuration/customize-taskbar-windows-11.md b/windows/configuration/customize-taskbar-windows-11.md
index c037aa2e48..9d438d7209 100644
--- a/windows/configuration/customize-taskbar-windows-11.md
+++ b/windows/configuration/customize-taskbar-windows-11.md
@@ -215,8 +215,8 @@ In the layout modification XML file, you add apps in the XML markup. To pin an a
 On a taskbar, the following apps are typically pinned:
 
 - Apps pinned by the user
-- Default Windows apps pinned during the OS installation, such as Microsoft Edge, File Explorer, and Store
-- Apps pinned by your organization, such as in an unattended Windows setup
+- Default Windows apps pinned during the OS installation, such as Microsoft Edge, File Explorer, and Microsoft Store.
+- Apps pinned by your organization, such as in an unattended Windows setup.
 
   In an unattended Windows setup file, use the XML file you created in this article. It's not recommended to use [TaskbarLinks](/windows-hardware/customize/desktop/unattend/microsoft-windows-shell-setup-taskbarlinks).
 
diff --git a/windows/configuration/supported-csp-taskbar-windows.md b/windows/configuration/supported-csp-taskbar-windows.md
index 5d3f7d1066..65eee0ffa3 100644
--- a/windows/configuration/supported-csp-taskbar-windows.md
+++ b/windows/configuration/supported-csp-taskbar-windows.md
@@ -29,13 +29,9 @@ For more general information, see [Configuration service provider (CSP) referenc
 ## Existing CSP policies that Windows 11 taskbar supports
 
 - [Start/HideRecentJumplists CSP](/windows/client-management/mdm/policy-csp-start.mdstart-hiderecentjumplists)
-  - Group policy: User Configuration\Administrative Templates\Start Menu and Taskbar\Do not keep history of recently opened documents
+  - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Do not keep history of recently opened documents`
   - Local setting: Settings > Personalization > Start > Show recently opened items in Jump Lists on Start or the taskbar
 
 - [Start/NoPinningToTaskbar](/windows/client-management/mdm/policy-csp-start#start-nopinningtotaskbar)
-  - Group policy: ??
-    User Configuration\Administrative Templates\Start Menu and Taskbar\Do not allow pinning programs to the Taskbar 
-    --OR--
-    User Configuration\Administrative Templates\Start Menu and Taskbar\Removed pinned programs from the Taskbar
+  - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Do not allow pinning programs to the Taskbar`
   - Local setting: None
-

From 2b7947cef7e377a1cb565ff8dea7da708eb79190 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 17:28:43 -0700
Subject: [PATCH 443/671] Update index.yml

---
 windows/security/index.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index fa6bce4547..7736e62226 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -28,6 +28,10 @@ landingContent:
           url: /windows/security/information-protection/tpm/trusted-platform-module-top-node.md
         - text: Hardware-based root of trust
           url: threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md
+        - text: System Guard Secure Launch and SMM protection
+          url: threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md
+        - text: Virtualization-based protection of code integrity
+          url: threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
         - text: Protect domain credentials
           url: /windows/security/identity-protection/credential-guard/credential-guard.md
         - text: Kernel DMA Protection

From 8a74cbf4e52bf88b65e1f1779b37892d7aea7333 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 17:30:01 -0700
Subject: [PATCH 444/671] Update index.yml

---
 windows/security/index.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 7736e62226..ff58a9aa81 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -22,6 +22,10 @@ landingContent:
   # Card (optional)
   - title: Hardware security
     linkLists:
+      - linkListType: overview
+        links:
+        - text: Overview
+          url: hardware.md
       - linkListType: concept
         links:
         - text: Trusted Platform Module

From f3a337b0b0f65f005c8ed26e86b9104a6573314f Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 17:31:51 -0700
Subject: [PATCH 445/671] Update index.yml

---
 windows/security/index.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index ff58a9aa81..7f20751de7 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -18,6 +18,15 @@ metadata:
 
 landingContent:
 # Cards and links should be based on top customer tasks or top subjects
+# Start card title with a verb
+  # Card (optional)
+  - title: Zero Trust and Windows
+    linkLists:
+      - linkListType: overview
+        links:
+        - text: Overview
+          url: zero-trust-windows-device-health.md
+# Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)
   - title: Hardware security

From f9492e2bdd50d6e1ae4258248789b51905f07272 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 17:33:51 -0700
Subject: [PATCH 446/671] Update index.yml

---
 windows/security/index.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 7f20751de7..26d8ea6d19 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -64,6 +64,8 @@ landingContent:
           url: trusted-boot.md
         - text: Encryption and data protection
           url: encryption-data-protection.md
+        - text: Windows security baselines
+          url: threat-protection/windows-security-configuration-framework/windows-security-baselines.md
         - text: Network security
           url: identity-protection/vpn/vpn-guide.md
         - text: Virus & threat protection

From e8feeab903790d9debfbd59a883b260d55054333 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 17:36:00 -0700
Subject: [PATCH 447/671] Update index.yml

---
 windows/security/index.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 26d8ea6d19..18071b80dd 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -66,8 +66,10 @@ landingContent:
           url: encryption-data-protection.md
         - text: Windows security baselines
           url: threat-protection/windows-security-configuration-framework/windows-security-baselines.md
-        - text: Network security
+        - text: Virtual private network guide
           url: identity-protection/vpn/vpn-guide.md
+        - text: Windows Defender Firewall
+          url: threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
         - text: Virus & threat protection
           url: https://docs.microsoft.com/microsoft-365/security/defender-endpoint
 # Cards and links should be based on top customer tasks or top subjects

From 8bc6bf5ae977985c9780a5bf4538fbcd80589f16 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 16 Sep 2021 17:36:10 -0700
Subject: [PATCH 448/671] fixing links

---
 windows/security/TOC.yml                                 | 2 +-
 windows/security/identity-protection/configure-s-mime.md | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index bb4ea7332b..74fe21d3ec 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -452,4 +452,4 @@
     - name: Common Criteria Certifications
       href: threat-protection/windows-platform-common-criteria.md
 - name: Windows Privacy
-  href: /windows/privacy/windows-10-and-privacy-compliance.md
+  href: /windows/privacy/windows-10-and-privacy-compliance
diff --git a/windows/security/identity-protection/configure-s-mime.md b/windows/security/identity-protection/configure-s-mime.md
index 0d04b78646..2f95950f32 100644
--- a/windows/security/identity-protection/configure-s-mime.md
+++ b/windows/security/identity-protection/configure-s-mime.md
@@ -25,11 +25,11 @@ ms.date: 07/27/2017
 - Windows 10
 - Windows 11
 
-S/MIME stands for Secure/Multipurpose Internet Mail Extensions, and provides an added layer of security for email sent to and from an Exchange ActiveSync (EAS) account. In Windows 10, S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients who have a digital identification (ID), also known as a certificate, can read them. Users can digitally sign a message, which provides the recipients with a way to verify the identity of the sender and that the message hasn't been tampered with.
+S/MIME stands for Secure/Multipurpose Internet Mail Extensions, and provides an added layer of security for email sent to and from an Exchange ActiveSync (EAS) account. S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients who have a digital identification (ID), also known as a certificate, can read them. Users can digitally sign a message, which provides the recipients with a way to verify the identity of the sender and that the message hasn't been tampered with.
 
 ## About message encryption
 
-Users can send encrypted message to people in their organization and people outside their organization if they have their encryption certificates. However, users using Windows 10 Mail app can only read encrypted messages if the message is received on their Exchange account and they have corresponding decryption keys.
+Users can send encrypted message to people in their organization and people outside their organization if they have their encryption certificates. However, users using Windows Mail app can only read encrypted messages if the message is received on their Exchange account and they have corresponding decryption keys.
 
 Encrypted messages can be read only by recipients who have a certificate. If you try to send an encrypted message to recipient(s) whose encryption certificate are not available, the app will prompt you to remove these recipients before sending the email.
 
@@ -49,7 +49,7 @@ A digitally signed message reassures the recipient that the message hasn't been
 
 On the device, perform the following steps: (add select certificate)
 
-1.  Open the Mail app. (In Windows 10 Mobile, the app is Outlook Mail.)
+1.  Open the Mail app.
 
 2.  Open **Settings** by tapping the gear icon on a PC, or the ellipsis (...) and then the gear icon on a phone.
 

From 053ad959407f22f24d23454397b8500cfe341655 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 17:37:03 -0700
Subject: [PATCH 449/671] Update index.yml

---
 windows/security/index.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 18071b80dd..8b49a21d68 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -71,7 +71,7 @@ landingContent:
         - text: Windows Defender Firewall
           url: threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
         - text: Virus & threat protection
-          url: https://docs.microsoft.com/microsoft-365/security/defender-endpoint
+          url: threat-protection/index.md
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)

From 9e3806b78b98bd4e181b05f99ab4a777d9dba2ad Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 17:38:12 -0700
Subject: [PATCH 450/671] Update index.yml

---
 windows/security/index.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 8b49a21d68..d5a96c4a6b 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -79,8 +79,8 @@ landingContent:
     linkLists:
       - linkListType: overview
         links:
-        - text: article (change link later, add more)
-          url: /windows/security/threat-protection/windows-security-baselines.md
+        - text: Overview
+          url: apps.md
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)

From 067617a1914141f92a601499a99f2d8688d6af56 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 17:41:21 -0700
Subject: [PATCH 451/671] Update index.yml

---
 windows/security/index.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index d5a96c4a6b..277579de26 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -81,6 +81,14 @@ landingContent:
         links:
         - text: Overview
           url: apps.md
+      - linkListType: concept
+        links:
+        - text: Application Control and virtualization-based protection
+          url: threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
+        - text: Application Control
+          url: threat-protection/windows-defender-application-control/windows-defender-application-control.md
+        - text: Application Guard
+          url: threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)

From 4ac25a67946185430e01b8d2d17cd1621a93504c Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 16 Sep 2021 17:41:31 -0700
Subject: [PATCH 452/671] removing ?view=o365-worldwide

---
 windows/security/operating-system.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 578efaf296..bf8710c480 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -31,10 +31,10 @@ Windows Security app | The Windows built-in security application found in setitn
 | Security baselines | A security baseline is a group of Microsoft-recommended configuration settings that explains their security impact. These settings are based on feedback from Microsoft security engineering teams, product groups, partners, and customers. <br/><br/>Security baselines are included in the [Security Compliance Toolkit](threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md) that you can download from the Microsoft Download Center.<br/><br/>Learn more about [security baselines](threat-protection/windows-security-configuration-framework/windows-security-baselines.md). |
 | Virtual Private Network | Virtual private networks (VPNs) are point-to-point connections across a private or public network, such as the Internet. A VPN client uses special TCP/IP or UDP-based protocols, called tunneling protocols, to make a virtual call to a virtual port on a VPN server. <br><br/>Learn more about [Virtual Private Networks](identity-protection/vpn/vpn-guide.md).<br/><br/>|
 | Windows Defender Firewall | Windows Defender Firewall is a stateful host firewall that helps secure the device by allowing you to create rules that determine which network traffic is permitted to enter the device from the network and which network traffic the device is allowed to send to the network. Windows Defender Firewall also supports Internet Protocol security (IPsec), which you can use to require authentication from any device that is attempting to communicate with your device. <br><br/> Learn more about [Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md).<br/><br/>
-| Antivirus & antimalware protection | Microsoft Defender Antivirus is included in all versions of Windows 10, Windows Server 2016 and later, and Windows 11. If you have another antivirus app installed and turned on, Microsoft Defender Antivirus will turn off automatically. If you uninstall the other app, Microsoft Defender Antivirus will turn back on. <br/><br/>From the moment you boot Windows, Microsoft Defender Antivirus continually monitors for malware, viruses, and security threats. Updates are downloaded automatically to help protect your device from threats.  Microsoft Defender Antivirus continually scans for malware and threats, and also detects and blocks [potentially unwanted applications](/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus?view=o365-worldwide) (applications that can negatively impact your device even though they are not considered malware).<br/><br/>Microsoft Defender Antivirus integrates with [cloud-delivered protection](/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus?view=o365-worldwide), which helps ensure near-instant detection and blocking of new and emerging threats.<br/><br/>Learn more about [next-generation protection and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows).| 
+| Antivirus & antimalware protection | Microsoft Defender Antivirus is included in all versions of Windows 10, Windows Server 2016 and later, and Windows 11. If you have another antivirus app installed and turned on, Microsoft Defender Antivirus will turn off automatically. If you uninstall the other app, Microsoft Defender Antivirus will turn back on. <br/><br/>From the moment you boot Windows, Microsoft Defender Antivirus continually monitors for malware, viruses, and security threats. Updates are downloaded automatically to help protect your device from threats.  Microsoft Defender Antivirus continually scans for malware and threats, and also detects and blocks [potentially unwanted applications](/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus) (applications that can negatively impact your device even though they are not considered malware).<br/><br/>Microsoft Defender Antivirus integrates with [cloud-delivered protection](/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus), which helps ensure near-instant detection and blocking of new and emerging threats.<br/><br/>Learn more about [next-generation protection and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows).| 
 | Attack surface reduction rules | Your attack surfaces are the places and ways you are vulnerable to a cyber attack. Attack surface reduction rules are built into Windows and Windows Server to prevent and block certain behaviors that are often abused to compromise your device or network. Such behaviors can include launching scripts or executables that attempt to download or run other files, running suspicious scripts, or performing other behaviors that apps don't typically initiate during normal work. You can configure your attack surface reduction rules to protect against risky behaviors.<br/><br/> Learn more about [Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction) |
 | Anti-tampering protection | Attacks like ransomware attempt to disable security features, such as anti-virus protection, on targeted devices. Bad actors like to disable security features to get easier access to user’s data, to install malware, or to otherwise exploit user’s data, identity, and devices without fear of being blocked. Tamper protection helps prevent these kinds of activities.<br/><br/>With tamper protection, malware is prevented from taking actions such as:<br/>- Disabling virus and threat protection<br/>- Disabling real-time protection<br/>- Turning off behavior monitoring<br/>- Disabling antivirus (such as IOfficeAntivirus (IOAV))<br/>- Disabling cloud-delivered protection<br/>- Removing security intelligence updates <br/><br/>Learn more about [Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection). | 
-| Network protection | Network protection in Windows helps prevent users from accessing dangerous IP addresses and domains that may host phishing scams, exploits, and other malicious content on the Internet. Network protection is part of attack surface reduction and helps provide an additional layer of protection for a user. Using reputation-based services, network protection blocks access to potentially harmful, low-reputation based domains and IP addresses. <br/><br/>In enterprise environments, network protection works best with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/?view=o365-worldwide), which provides detailed reporting into protection events as part of larger investigation scenarios.<br/><br/> Learn more about [Network protection](/microsoft-365/security/defender-endpoint/network-protection). |
+| Network protection | Network protection in Windows helps prevent users from accessing dangerous IP addresses and domains that may host phishing scams, exploits, and other malicious content on the Internet. Network protection is part of attack surface reduction and helps provide an additional layer of protection for a user. Using reputation-based services, network protection blocks access to potentially harmful, low-reputation based domains and IP addresses. <br/><br/>In enterprise environments, network protection works best with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/), which provides detailed reporting into protection events as part of larger investigation scenarios.<br/><br/> Learn more about [Network protection](/microsoft-365/security/defender-endpoint/network-protection). |
 | Controlled folder access | With controlled folder access, you can protect your valuable information in specific folders by managing apps’ access to specific folders. Only trusted apps can access protected folders, which are specified when controlled folder access is configured. Typically, commonly used folders, such as those used for documents, pictures, downloads, are included in the list of controlled folders. Controlled folder access helps protect valuable data from malicious apps and threats, such as ransomware. <br/><br/>Learn more about [Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders). |
 | Exploit protection | Exploit protection, available in Windows 10, version 1709 and later, automatically applies several exploit mitigation techniques to operating system processes and apps. Exploit protection works best with Microsoft Defender for Endpoint, which gives organizations detailed reporting into exploit protection events and blocks as part of typical alert investigation scenarios. <br/><br/>You can enable exploit protection on an individual device, and then use Group Policy to distribute the XML file to multiple devices simultaneously. When a mitigation is encountered on the device, a notification will be displayed from the Action Center. You can customize the notification with your company details and contact information. You can also enable the rules individually to customize which techniques the feature monitors.<br/><br/>Learn more about [Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection). | 
 | Microsoft Defender for Endpoint | Windows E5 customers benefit from [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide), an enterprise endpoint detection and response capability that helps enterprise security teams detect, investigate, and respond to advanced threats. With rich event data and attack insights, Defender for Endpoint enables your security team to investigate incidents and take remediation actions effectively and efficiently.<br/><br/>Defender for Endpoint also is part of [Microsoft 365 Defender](/microsoft-365/security/defender/?view=o365-worldwide), a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.<br/><br/>Learn more about [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint) and [Microsoft 365 Defender](/microsoft-365/security/defender/?view=o365-worldwide). |

From 54c28083a0aebcbf62d62e20ac94542bc7e0ddbe Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 17:42:25 -0700
Subject: [PATCH 453/671] Update index.yml

---
 windows/security/index.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 277579de26..438fc44278 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -89,6 +89,8 @@ landingContent:
           url: threat-protection/windows-defender-application-control/windows-defender-application-control.md
         - text: Application Guard
           url: threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
+        - text: Windows Sandbox
+          url: threat-protection/windows-sandbox/windows-sandbox-overview.md
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)

From 2df3d9ada5af85fea316f7062979db769c9136e1 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 17:43:31 -0700
Subject: [PATCH 454/671] Update index.yml

---
 windows/security/index.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 438fc44278..2c221e552d 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -91,6 +91,8 @@ landingContent:
           url: threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
         - text: Windows Sandbox
           url: threat-protection/windows-sandbox/windows-sandbox-overview.md
+        - text: Microsoft Defender SmartScreen
+          url: threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)

From 55ebf6f33c1397d87f211468c2b7c95ac363d5ce Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 17:44:14 -0700
Subject: [PATCH 455/671] Update index.yml

---
 windows/security/index.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 2c221e552d..6f641ae252 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -93,6 +93,8 @@ landingContent:
           url: threat-protection/windows-sandbox/windows-sandbox-overview.md
         - text: Microsoft Defender SmartScreen
           url: threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
+        - text: S/MIME for Windows
+          url: identity-protection/configure-s-mime.md
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)

From d456a08f2d920b32c64816bdd16d69bf6fb50ac0 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 17:45:06 -0700
Subject: [PATCH 456/671] Update index.yml

---
 windows/security/index.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 6f641ae252..2ac8196845 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -95,6 +95,8 @@ landingContent:
           url: threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
         - text: S/MIME for Windows
           url: identity-protection/configure-s-mime.md
+        - text: Windows Credential Theft Mitigation
+          url: identity-protection/windows-credential-theft-mitigation-guide-abstract.md
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)

From 96ff6aaaa060a4ec9d62158a71dde9ed1cd84342 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 17:45:43 -0700
Subject: [PATCH 457/671] Update index.yml

---
 windows/security/index.yml | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 2ac8196845..cce8b931e2 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -98,15 +98,6 @@ landingContent:
         - text: Windows Credential Theft Mitigation
           url: identity-protection/windows-credential-theft-mitigation-guide-abstract.md
 # Cards and links should be based on top customer tasks or top subjects
-# Start card title with a verb
-  # Card (optional)
-  - title: Secured identity
-    linkLists:
-      - linkListType: overview
-        links:
-        - text: article (change link later, add more)
-          url: /windows/security/threat-protection/windows-security-baselines.md
-# Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)
   - title: Cloud services

From aab9a577441e50dff0fbd81bb91031dc5080e6e7 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 17:47:12 -0700
Subject: [PATCH 458/671] Update index.yml

---
 windows/security/index.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index cce8b931e2..80627b4e1a 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -104,10 +104,10 @@ landingContent:
     linkLists:
       - linkListType: overview
         links:
-        - text: Azure Active Directory
-          url: https://www.microsoft.com/security/business/identity-access-management/azure-active-directory
         - text: Modern device management with Windows 11
           url: mdm-windows.md
+        - text: Azure Active Directory
+          url: https://www.microsoft.com/security/business/identity-access-management/azure-active-directory
         - text: Your Microsoft Account
           url: identity-protection/access-control/microsoft-accounts.md
         - text: OneDrive

From 6e0c627228265cd0c264a481add4b6a9d2bf0ced Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 17:48:55 -0700
Subject: [PATCH 459/671] Update index.yml

---
 windows/security/index.yml | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 80627b4e1a..74c809b0f3 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -114,7 +114,15 @@ landingContent:
           url: https://docs.microsoft.com/onedrive/onedrive
         - text: Family safety
           url: threat-protection/windows-defender-security-center/wdsc-family-options.md
-
+# Cards and links should be based on top customer tasks or top subjects
+# Start card title with a verb
+  # Card (optional)
+  - title: User protection
+    linkLists:
+      - linkListType: overview
+        links:
+        - text: Windows identity security
+          url: identity.md
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)

From 9c41f693705675150ed691228868aa27df4a5540 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 17:54:04 -0700
Subject: [PATCH 460/671] Update index.yml

---
 windows/security/index.yml | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 74c809b0f3..244760c0e0 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -95,8 +95,6 @@ landingContent:
           url: threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
         - text: S/MIME for Windows
           url: identity-protection/configure-s-mime.md
-        - text: Windows Credential Theft Mitigation
-          url: identity-protection/windows-credential-theft-mitigation-guide-abstract.md
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)
@@ -123,6 +121,14 @@ landingContent:
         links:
         - text: Windows identity security
           url: identity.md
+      - linkListType: concept
+        links:
+        - text: Windows Hello for Business
+          url: identity-protection/hello-for-business/hello-overview.md
+        - text: Windows Credential Theft Mitigation
+          url: identity-protection/windows-credential-theft-mitigation-guide-abstract.md
+        - text: Windows Defender Credential Guard
+          url: identity-protection/credential-guard/credential-guard.md
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)

From 6c61feef73fb24997484c2a7c443056a46c07679 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 17:54:43 -0700
Subject: [PATCH 461/671] Update index.yml

---
 windows/security/index.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 244760c0e0..201bedcb02 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -102,7 +102,7 @@ landingContent:
     linkLists:
       - linkListType: overview
         links:
-        - text: Modern device management with Windows 11
+        - text: Modern device management
           url: mdm-windows.md
         - text: Azure Active Directory
           url: https://www.microsoft.com/security/business/identity-access-management/azure-active-directory

From 7c0e6255c33072436feada8aa3d985be39aabe71 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 17:55:46 -0700
Subject: [PATCH 462/671] Update index.yml

---
 windows/security/index.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 201bedcb02..8b31a20285 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -129,6 +129,8 @@ landingContent:
           url: identity-protection/windows-credential-theft-mitigation-guide-abstract.md
         - text: Windows Defender Credential Guard
           url: identity-protection/credential-guard/credential-guard.md
+        - text: Lost or forgotten passwords
+          url: identity-protection/password-support-policy.md
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)

From 15065dc15b44f03449a1695425b953905b87c658 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 17:56:46 -0700
Subject: [PATCH 463/671] Update index.yml

---
 windows/security/index.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 8b31a20285..e467ac1649 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -131,6 +131,8 @@ landingContent:
           url: identity-protection/credential-guard/credential-guard.md
         - text: Lost or forgotten passwords
           url: identity-protection/password-support-policy.md
+        - text: Access control
+          url: identity-protection/access-control/access-control.md
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)

From 2433569099608808da36ab1e34a7205357aadc84 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 17:57:45 -0700
Subject: [PATCH 464/671] Update index.yml

---
 windows/security/index.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index e467ac1649..25c5bee6eb 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -133,6 +133,8 @@ landingContent:
           url: identity-protection/password-support-policy.md
         - text: Access control
           url: identity-protection/access-control/access-control.md
+        - text: Smart cards
+          url: identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)

From 302174e41a0e92cdc8e02578ea56491fbbf2259a Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 18:25:02 -0700
Subject: [PATCH 465/671] Update hardware.md

---
 windows/security/hardware.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/hardware.md b/windows/security/hardware.md
index 3233f71e48..2201c1ec64 100644
--- a/windows/security/hardware.md
+++ b/windows/security/hardware.md
@@ -16,7 +16,7 @@ ms.technology: windows-sec
 # Windows hardware security
 
 Modern threats require modern security with a strong alignment between hardware security and software security techniques to keep users, data and devices protected. The operating system alone cannot protect from the wide range of tools and techniques cybercriminals use to compromise a computer deep inside its silicon. Once inside, intruders can be difficult to detect while engaging in multiple nefarious activities from stealing important data to capturing email addresses and other sensitive pieces of information.
-These new threats call for computing hardware that is secure down to the very core, including hardware chips and processors. Microsoft and our partners, including chip and device manufacturers, have worked together to integrate powerful security capabilities across software, firmware, and hardware.
+These new threats call for computing hardware that is secure down to the very core, including hardware chips and processors. Microsoft and our partners, including chip and device manufacturers, have worked together to integrate powerful security capabilities across software, firmware, and hardware. <br/><br/>
 
 | Security Measures | Features & Capabilities |
 |:---|:---|

From 038241ba330a2ad6741179ca084b6cc440a55dba Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 18:26:01 -0700
Subject: [PATCH 466/671] Update operating-system.md

---
 windows/security/operating-system.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index bf8710c480..bbd4cc590f 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -22,9 +22,9 @@ Use the links in the following table to learn more about the operating system se
 
 | Security Measures | Features & Capabilities |
 |:---|:---|
-| Secure Boot and Trusted Boot | Secure Boot and Trusted Boot help prevent malware and corrupted components from loading when a Windows device is starting. Secure Boot starts with initial boot-up protection, and then Trusted Boot picks up the process. Together, Secure Boot and Trusted Boot help to ensure your Windows system boots up safely and securely.<br><br/> Learn more [Secure Boot and Trusted Boot](trusted-boot.md). <br/>||
+| Secure Boot and Trusted Boot | Secure Boot and Trusted Boot help prevent malware and corrupted components from loading when a Windows device is starting. Secure Boot starts with initial boot-up protection, and then Trusted Boot picks up the process. Together, Secure Boot and Trusted Boot help to ensure your Windows system boots up safely and securely.<br><br/> Learn more [Secure Boot and Trusted Boot](trusted-boot.md). |
 Cryptography and certificate management|Cryptography uses code to convert data so that only a specific recipient can read it by using a key. Cryptography enforces privacy to prevent anyone except the intended recipient from reading data, integrity to ensure data is free of tampering, and authentication that verifies identity to ensure that communication is secure. <br><br/> Learn more about [Cryptography and certificate management](cryptography-certificate-mgmt.md). <br/><br/>|
-Windows Security app | The Windows built-in security application found in setitngs provides an at-a-glance view of the security status and health of your device. These insights help you identify issues and take action to make sure you’re protected. You can quickly see the status of your virus and threat protection, firewall and network security, device security controls, and more. <br><br/> Learn more about the [Windows Security app](threat-protection/windows-defender-security-center/windows-defender-security-center.md).|
+Windows Security app | The Windows built-in security application found in settings provides an at-a-glance view of the security status and health of your device. These insights help you identify issues and take action to make sure you’re protected. You can quickly see the status of your virus and threat protection, firewall and network security, device security controls, and more. <br><br/> Learn more about the [Windows Security app](threat-protection/windows-defender-security-center/windows-defender-security-center.md).|
 | Encryption and data protection | Wherever confidential data is stored, it must be protected against unauthorized access, whether through physical device theft or from malicious applications. Windows provides strong at-rest data-protection solutions that guard against nefarious attackers. <br/><br/> Learn more about [Encryption](encryption-data-protection.md). 
 | BitLocker | BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. BitLocker provides the most protection when used with a Trusted Platform Module (TPM) version 1.2 or later. <br/> <br/> Learn more about [BitLocker](information-protection/bitlocker/bitlocker-overview.md). |
 | Encrypted Hard Drive | <br/><br/>Encrypted Hard Drive uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management. <br> By offloading the cryptographic operations to hardware, Encrypted Hard Drives increase BitLocker performance and reduce CPU usage and power consumption. Because Encrypted Hard Drives encrypt data quickly, enterprise devices can expand BitLocker deployment with minimal impact on productivity. <br/><br/> Learn more about [Encrypted Hard Drives](information-protection/encrypted-hard-drive.md). <br><br/> |

From 378ff8ba125715639256ffc03086244fde062d0b Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 18:26:40 -0700
Subject: [PATCH 467/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index bbd4cc590f..5e6d6d553a 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -18,7 +18,7 @@ ms.technology: windows-sec
 
 Security and privacy depend on an operating system that guards your system and information from the moment it starts up, providing fundamental chip-to-cloud protection. Windows 11 is the most secure Windows yet with extensive security measures designed to help keep you safe. These measures include built-in advanced encryption and data protection, robust network and system security, and intelligent safeguards against ever-evolving threats. 
 
-Use the links in the following table to learn more about the operating system security features and capabilities in Windows 11:<br/><br/>
+Use the links in the following table to learn more about the operating system security features and capabilities in Windows 11.<br/><br/>
 
 | Security Measures | Features & Capabilities |
 |:---|:---|

From 6732eff1ad97157404c6b8d4c2df83e47288f00e Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 18:29:01 -0700
Subject: [PATCH 468/671] Update index.yml

---
 windows/security/index.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 25c5bee6eb..31bb07f3e7 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -45,8 +45,6 @@ landingContent:
           url: threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md
         - text: Virtualization-based protection of code integrity
           url: threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
-        - text: Protect domain credentials
-          url: /windows/security/identity-protection/credential-guard/credential-guard.md
         - text: Kernel DMA Protection
           url: /windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
 # Cards and links should be based on top customer tasks or top subjects
@@ -127,6 +125,8 @@ landingContent:
           url: identity-protection/hello-for-business/hello-overview.md
         - text: Windows Credential Theft Mitigation
           url: identity-protection/windows-credential-theft-mitigation-guide-abstract.md
+        - text: Protect domain credentials
+          url: /windows/security/identity-protection/credential-guard/credential-guard.md
         - text: Windows Defender Credential Guard
           url: identity-protection/credential-guard/credential-guard.md
         - text: Lost or forgotten passwords

From 06e76d7ce41a1d28c9db0e4df265d4671f833d40 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 18:37:59 -0700
Subject: [PATCH 469/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 5e6d6d553a..6563a1a785 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -27,7 +27,7 @@ Cryptography and certificate management|Cryptography uses code to convert data s
 Windows Security app | The Windows built-in security application found in settings provides an at-a-glance view of the security status and health of your device. These insights help you identify issues and take action to make sure you’re protected. You can quickly see the status of your virus and threat protection, firewall and network security, device security controls, and more. <br><br/> Learn more about the [Windows Security app](threat-protection/windows-defender-security-center/windows-defender-security-center.md).|
 | Encryption and data protection | Wherever confidential data is stored, it must be protected against unauthorized access, whether through physical device theft or from malicious applications. Windows provides strong at-rest data-protection solutions that guard against nefarious attackers. <br/><br/> Learn more about [Encryption](encryption-data-protection.md). 
 | BitLocker | BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. BitLocker provides the most protection when used with a Trusted Platform Module (TPM) version 1.2 or later. <br/> <br/> Learn more about [BitLocker](information-protection/bitlocker/bitlocker-overview.md). |
-| Encrypted Hard Drive | <br/><br/>Encrypted Hard Drive uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management. <br> By offloading the cryptographic operations to hardware, Encrypted Hard Drives increase BitLocker performance and reduce CPU usage and power consumption. Because Encrypted Hard Drives encrypt data quickly, enterprise devices can expand BitLocker deployment with minimal impact on productivity. <br/><br/> Learn more about [Encrypted Hard Drives](information-protection/encrypted-hard-drive.md). <br><br/> |
+| Encrypted Hard Drive | Encrypted Hard Drive uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management. <br> By offloading the cryptographic operations to hardware, Encrypted Hard Drives increase BitLocker performance and reduce CPU usage and power consumption. Because Encrypted Hard Drives encrypt data quickly, enterprise devices can expand BitLocker deployment with minimal impact on productivity. <br/><br/> Learn more about [Encrypted Hard Drives](information-protection/encrypted-hard-drive.md). <br><br/> |
 | Security baselines | A security baseline is a group of Microsoft-recommended configuration settings that explains their security impact. These settings are based on feedback from Microsoft security engineering teams, product groups, partners, and customers. <br/><br/>Security baselines are included in the [Security Compliance Toolkit](threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md) that you can download from the Microsoft Download Center.<br/><br/>Learn more about [security baselines](threat-protection/windows-security-configuration-framework/windows-security-baselines.md). |
 | Virtual Private Network | Virtual private networks (VPNs) are point-to-point connections across a private or public network, such as the Internet. A VPN client uses special TCP/IP or UDP-based protocols, called tunneling protocols, to make a virtual call to a virtual port on a VPN server. <br><br/>Learn more about [Virtual Private Networks](identity-protection/vpn/vpn-guide.md).<br/><br/>|
 | Windows Defender Firewall | Windows Defender Firewall is a stateful host firewall that helps secure the device by allowing you to create rules that determine which network traffic is permitted to enter the device from the network and which network traffic the device is allowed to send to the network. Windows Defender Firewall also supports Internet Protocol security (IPsec), which you can use to require authentication from any device that is attempting to communicate with your device. <br><br/> Learn more about [Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md).<br/><br/>

From 8c4bc8e4ead9fb38085ab146b9c563766ba1809c Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 18:39:14 -0700
Subject: [PATCH 470/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 6563a1a785..17e431c6b0 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -32,7 +32,7 @@ Windows Security app | The Windows built-in security application found in settin
 | Virtual Private Network | Virtual private networks (VPNs) are point-to-point connections across a private or public network, such as the Internet. A VPN client uses special TCP/IP or UDP-based protocols, called tunneling protocols, to make a virtual call to a virtual port on a VPN server. <br><br/>Learn more about [Virtual Private Networks](identity-protection/vpn/vpn-guide.md).<br/><br/>|
 | Windows Defender Firewall | Windows Defender Firewall is a stateful host firewall that helps secure the device by allowing you to create rules that determine which network traffic is permitted to enter the device from the network and which network traffic the device is allowed to send to the network. Windows Defender Firewall also supports Internet Protocol security (IPsec), which you can use to require authentication from any device that is attempting to communicate with your device. <br><br/> Learn more about [Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md).<br/><br/>
 | Antivirus & antimalware protection | Microsoft Defender Antivirus is included in all versions of Windows 10, Windows Server 2016 and later, and Windows 11. If you have another antivirus app installed and turned on, Microsoft Defender Antivirus will turn off automatically. If you uninstall the other app, Microsoft Defender Antivirus will turn back on. <br/><br/>From the moment you boot Windows, Microsoft Defender Antivirus continually monitors for malware, viruses, and security threats. Updates are downloaded automatically to help protect your device from threats.  Microsoft Defender Antivirus continually scans for malware and threats, and also detects and blocks [potentially unwanted applications](/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus) (applications that can negatively impact your device even though they are not considered malware).<br/><br/>Microsoft Defender Antivirus integrates with [cloud-delivered protection](/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus), which helps ensure near-instant detection and blocking of new and emerging threats.<br/><br/>Learn more about [next-generation protection and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows).| 
-| Attack surface reduction rules | Your attack surfaces are the places and ways you are vulnerable to a cyber attack. Attack surface reduction rules are built into Windows and Windows Server to prevent and block certain behaviors that are often abused to compromise your device or network. Such behaviors can include launching scripts or executables that attempt to download or run other files, running suspicious scripts, or performing other behaviors that apps don't typically initiate during normal work. You can configure your attack surface reduction rules to protect against risky behaviors.<br/><br/> Learn more about [Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction) |
+| Attack surface reduction rules | Your attack surfaces are the places and ways you are vulnerable to a cyber attack. Attack surface reduction rules are built into Windows and Windows Server to prevent and block certain behaviors that are often abused to compromise your device or network. Such behaviors can include launching scripts or executables that attempt to download or run other files, running suspicious scripts, or performing other behaviors that apps don't typically initiate during normal work. You can configure your attack surface reduction rules to protect against these risky behaviors.<br/><br/> Learn more about [Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction) |
 | Anti-tampering protection | Attacks like ransomware attempt to disable security features, such as anti-virus protection, on targeted devices. Bad actors like to disable security features to get easier access to user’s data, to install malware, or to otherwise exploit user’s data, identity, and devices without fear of being blocked. Tamper protection helps prevent these kinds of activities.<br/><br/>With tamper protection, malware is prevented from taking actions such as:<br/>- Disabling virus and threat protection<br/>- Disabling real-time protection<br/>- Turning off behavior monitoring<br/>- Disabling antivirus (such as IOfficeAntivirus (IOAV))<br/>- Disabling cloud-delivered protection<br/>- Removing security intelligence updates <br/><br/>Learn more about [Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection). | 
 | Network protection | Network protection in Windows helps prevent users from accessing dangerous IP addresses and domains that may host phishing scams, exploits, and other malicious content on the Internet. Network protection is part of attack surface reduction and helps provide an additional layer of protection for a user. Using reputation-based services, network protection blocks access to potentially harmful, low-reputation based domains and IP addresses. <br/><br/>In enterprise environments, network protection works best with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/), which provides detailed reporting into protection events as part of larger investigation scenarios.<br/><br/> Learn more about [Network protection](/microsoft-365/security/defender-endpoint/network-protection). |
 | Controlled folder access | With controlled folder access, you can protect your valuable information in specific folders by managing apps’ access to specific folders. Only trusted apps can access protected folders, which are specified when controlled folder access is configured. Typically, commonly used folders, such as those used for documents, pictures, downloads, are included in the list of controlled folders. Controlled folder access helps protect valuable data from malicious apps and threats, such as ransomware. <br/><br/>Learn more about [Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders). |

From 141a815406e9d9567b8808ed49e8f9054bfb66ba Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 18:39:38 -0700
Subject: [PATCH 471/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 17e431c6b0..cc3ad4f461 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -33,7 +33,7 @@ Windows Security app | The Windows built-in security application found in settin
 | Windows Defender Firewall | Windows Defender Firewall is a stateful host firewall that helps secure the device by allowing you to create rules that determine which network traffic is permitted to enter the device from the network and which network traffic the device is allowed to send to the network. Windows Defender Firewall also supports Internet Protocol security (IPsec), which you can use to require authentication from any device that is attempting to communicate with your device. <br><br/> Learn more about [Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md).<br/><br/>
 | Antivirus & antimalware protection | Microsoft Defender Antivirus is included in all versions of Windows 10, Windows Server 2016 and later, and Windows 11. If you have another antivirus app installed and turned on, Microsoft Defender Antivirus will turn off automatically. If you uninstall the other app, Microsoft Defender Antivirus will turn back on. <br/><br/>From the moment you boot Windows, Microsoft Defender Antivirus continually monitors for malware, viruses, and security threats. Updates are downloaded automatically to help protect your device from threats.  Microsoft Defender Antivirus continually scans for malware and threats, and also detects and blocks [potentially unwanted applications](/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus) (applications that can negatively impact your device even though they are not considered malware).<br/><br/>Microsoft Defender Antivirus integrates with [cloud-delivered protection](/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus), which helps ensure near-instant detection and blocking of new and emerging threats.<br/><br/>Learn more about [next-generation protection and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows).| 
 | Attack surface reduction rules | Your attack surfaces are the places and ways you are vulnerable to a cyber attack. Attack surface reduction rules are built into Windows and Windows Server to prevent and block certain behaviors that are often abused to compromise your device or network. Such behaviors can include launching scripts or executables that attempt to download or run other files, running suspicious scripts, or performing other behaviors that apps don't typically initiate during normal work. You can configure your attack surface reduction rules to protect against these risky behaviors.<br/><br/> Learn more about [Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction) |
-| Anti-tampering protection | Attacks like ransomware attempt to disable security features, such as anti-virus protection, on targeted devices. Bad actors like to disable security features to get easier access to user’s data, to install malware, or to otherwise exploit user’s data, identity, and devices without fear of being blocked. Tamper protection helps prevent these kinds of activities.<br/><br/>With tamper protection, malware is prevented from taking actions such as:<br/>- Disabling virus and threat protection<br/>- Disabling real-time protection<br/>- Turning off behavior monitoring<br/>- Disabling antivirus (such as IOfficeAntivirus (IOAV))<br/>- Disabling cloud-delivered protection<br/>- Removing security intelligence updates <br/><br/>Learn more about [Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection). | 
+| Anti-tampering protection | Attacks (like ransomware) attempt to disable security features, such as anti-virus protection, on targeted devices. Bad actors like to disable security features to get easier access to user’s data, to install malware, or to otherwise exploit user’s data, identity, and devices without fear of being blocked. Tamper protection helps prevent these kinds of activities.<br/><br/>With tamper protection, malware is prevented from taking actions such as:<br/>- Disabling virus and threat protection<br/>- Disabling real-time protection<br/>- Turning off behavior monitoring<br/>- Disabling antivirus (such as IOfficeAntivirus (IOAV))<br/>- Disabling cloud-delivered protection<br/>- Removing security intelligence updates <br/><br/>Learn more about [Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection). | 
 | Network protection | Network protection in Windows helps prevent users from accessing dangerous IP addresses and domains that may host phishing scams, exploits, and other malicious content on the Internet. Network protection is part of attack surface reduction and helps provide an additional layer of protection for a user. Using reputation-based services, network protection blocks access to potentially harmful, low-reputation based domains and IP addresses. <br/><br/>In enterprise environments, network protection works best with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/), which provides detailed reporting into protection events as part of larger investigation scenarios.<br/><br/> Learn more about [Network protection](/microsoft-365/security/defender-endpoint/network-protection). |
 | Controlled folder access | With controlled folder access, you can protect your valuable information in specific folders by managing apps’ access to specific folders. Only trusted apps can access protected folders, which are specified when controlled folder access is configured. Typically, commonly used folders, such as those used for documents, pictures, downloads, are included in the list of controlled folders. Controlled folder access helps protect valuable data from malicious apps and threats, such as ransomware. <br/><br/>Learn more about [Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders). |
 | Exploit protection | Exploit protection, available in Windows 10, version 1709 and later, automatically applies several exploit mitigation techniques to operating system processes and apps. Exploit protection works best with Microsoft Defender for Endpoint, which gives organizations detailed reporting into exploit protection events and blocks as part of typical alert investigation scenarios. <br/><br/>You can enable exploit protection on an individual device, and then use Group Policy to distribute the XML file to multiple devices simultaneously. When a mitigation is encountered on the device, a notification will be displayed from the Action Center. You can customize the notification with your company details and contact information. You can also enable the rules individually to customize which techniques the feature monitors.<br/><br/>Learn more about [Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection). | 

From c010502e191ea5e5990c8d29f3bd9bcc2138ce54 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 18:40:22 -0700
Subject: [PATCH 472/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index cc3ad4f461..75e536d9cf 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -33,7 +33,7 @@ Windows Security app | The Windows built-in security application found in settin
 | Windows Defender Firewall | Windows Defender Firewall is a stateful host firewall that helps secure the device by allowing you to create rules that determine which network traffic is permitted to enter the device from the network and which network traffic the device is allowed to send to the network. Windows Defender Firewall also supports Internet Protocol security (IPsec), which you can use to require authentication from any device that is attempting to communicate with your device. <br><br/> Learn more about [Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md).<br/><br/>
 | Antivirus & antimalware protection | Microsoft Defender Antivirus is included in all versions of Windows 10, Windows Server 2016 and later, and Windows 11. If you have another antivirus app installed and turned on, Microsoft Defender Antivirus will turn off automatically. If you uninstall the other app, Microsoft Defender Antivirus will turn back on. <br/><br/>From the moment you boot Windows, Microsoft Defender Antivirus continually monitors for malware, viruses, and security threats. Updates are downloaded automatically to help protect your device from threats.  Microsoft Defender Antivirus continually scans for malware and threats, and also detects and blocks [potentially unwanted applications](/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus) (applications that can negatively impact your device even though they are not considered malware).<br/><br/>Microsoft Defender Antivirus integrates with [cloud-delivered protection](/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus), which helps ensure near-instant detection and blocking of new and emerging threats.<br/><br/>Learn more about [next-generation protection and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows).| 
 | Attack surface reduction rules | Your attack surfaces are the places and ways you are vulnerable to a cyber attack. Attack surface reduction rules are built into Windows and Windows Server to prevent and block certain behaviors that are often abused to compromise your device or network. Such behaviors can include launching scripts or executables that attempt to download or run other files, running suspicious scripts, or performing other behaviors that apps don't typically initiate during normal work. You can configure your attack surface reduction rules to protect against these risky behaviors.<br/><br/> Learn more about [Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction) |
-| Anti-tampering protection | Attacks (like ransomware) attempt to disable security features, such as anti-virus protection, on targeted devices. Bad actors like to disable security features to get easier access to user’s data, to install malware, or to otherwise exploit user’s data, identity, and devices without fear of being blocked. Tamper protection helps prevent these kinds of activities.<br/><br/>With tamper protection, malware is prevented from taking actions such as:<br/>- Disabling virus and threat protection<br/>- Disabling real-time protection<br/>- Turning off behavior monitoring<br/>- Disabling antivirus (such as IOfficeAntivirus (IOAV))<br/>- Disabling cloud-delivered protection<br/>- Removing security intelligence updates <br/><br/>Learn more about [Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection). | 
+| Anti-tampering protection | During cyber attacks (like ransomware attempts), bad actors attempt to disable security features, such as antivirus protection on targeted devices. Bad actors like to disable security features to get easier access to user’s data, to install malware, or to otherwise exploit user’s data, identity, and devices without fear of being blocked. Tamper protection helps prevent these kinds of activities.<br/><br/>With tamper protection, malware is prevented from taking actions such as:<br/>- Disabling virus and threat protection<br/>- Disabling real-time protection<br/>- Turning off behavior monitoring<br/>- Disabling antivirus (such as IOfficeAntivirus (IOAV))<br/>- Disabling cloud-delivered protection<br/>- Removing security intelligence updates <br/><br/>Learn more about [Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection). | 
 | Network protection | Network protection in Windows helps prevent users from accessing dangerous IP addresses and domains that may host phishing scams, exploits, and other malicious content on the Internet. Network protection is part of attack surface reduction and helps provide an additional layer of protection for a user. Using reputation-based services, network protection blocks access to potentially harmful, low-reputation based domains and IP addresses. <br/><br/>In enterprise environments, network protection works best with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/), which provides detailed reporting into protection events as part of larger investigation scenarios.<br/><br/> Learn more about [Network protection](/microsoft-365/security/defender-endpoint/network-protection). |
 | Controlled folder access | With controlled folder access, you can protect your valuable information in specific folders by managing apps’ access to specific folders. Only trusted apps can access protected folders, which are specified when controlled folder access is configured. Typically, commonly used folders, such as those used for documents, pictures, downloads, are included in the list of controlled folders. Controlled folder access helps protect valuable data from malicious apps and threats, such as ransomware. <br/><br/>Learn more about [Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders). |
 | Exploit protection | Exploit protection, available in Windows 10, version 1709 and later, automatically applies several exploit mitigation techniques to operating system processes and apps. Exploit protection works best with Microsoft Defender for Endpoint, which gives organizations detailed reporting into exploit protection events and blocks as part of typical alert investigation scenarios. <br/><br/>You can enable exploit protection on an individual device, and then use Group Policy to distribute the XML file to multiple devices simultaneously. When a mitigation is encountered on the device, a notification will be displayed from the Action Center. You can customize the notification with your company details and contact information. You can also enable the rules individually to customize which techniques the feature monitors.<br/><br/>Learn more about [Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection). | 

From 231a176b905c17270c20767c6fd0fc96b7b29a44 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 18:42:44 -0700
Subject: [PATCH 473/671] Update TOC.yml

---
 windows/security/TOC.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 74fe21d3ec..f9175c9dc3 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -297,8 +297,9 @@
          - name: Fine-tune WIP Learning
            href: information-protection/windows-information-protection/wip-learning.md
 - name: Application security
-  href: apps.md
   items:
+   - name: Overview
+     href: apps.md
    - name: Windows Defender Application Control and virtualization-based protection of code integrity
      href: threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
    - name: Windows Defender Application Control

From d22e6cea58842e7417d0eaf1ea3fd1d8a8d527f0 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 18:43:36 -0700
Subject: [PATCH 474/671] Update TOC.yml

---
 windows/security/TOC.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index f9175c9dc3..e10a8415d9 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -336,8 +336,9 @@
    - name: Azure Virtual Desktop (need link)
      href: https://docs.microsoft.com/windows/whats-new/windows-11
 - name: User protection
-  href: identity.md
   items:
+    - name: Overview
+      href: identity.md
     - name: Windows Hello for Business
       href: identity-protection/hello-for-business/index.yml
     - name: Windows credential theft mitigation guide

From b3d8a1227acd79a5224f6eb0a92c6967bf08b5c1 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 18:46:53 -0700
Subject: [PATCH 475/671] Update index.yml

---
 windows/security/index.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 31bb07f3e7..b935d3fc7c 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -99,6 +99,10 @@ landingContent:
   - title: Cloud services
     linkLists:
       - linkListType: overview
+        links:
+        - text: Overview
+          url: cloud.md
+      - linkListType: concept
         links:
         - text: Modern device management
           url: mdm-windows.md

From 6cac5f5e5ab345507823e912b3166d9f22e20811 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 18:48:07 -0700
Subject: [PATCH 476/671] Update index.yml

---
 windows/security/index.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index b935d3fc7c..a75d4258bd 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -148,7 +148,7 @@ landingContent:
         links:
         - text: Security foundations
           url: security-foundations.md
-      - linkListType: concept
+      - linkListType: reference
         links:
           - text: Microsoft Security Development Lifecycle
             url: /windows/security/threat-protection/msft-security-dev-lifecycle.md

From 996dfb556af5b1be0baa80a6e12a907f03e65c33 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 16 Sep 2021 18:53:59 -0700
Subject: [PATCH 477/671] Update index.yml

---
 windows/security/index.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index a75d4258bd..5a22246777 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -163,7 +163,7 @@ landingContent:
   # Card (optional)
   - title: Privacy controls
     linkLists:
-      - linkListType: overview
+      - linkListType: reference
         links:
         - text: Windows and Privacy Compliance
           url: /windows/privacy/windows-10-and-privacy-compliance.md

From d460e188234d33761241b543a9b87e1470aec810 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 16 Sep 2021 19:37:18 -0700
Subject: [PATCH 478/671] adding security app topics to TOC

---
 windows/security/TOC.yml                          | 15 +++++++++++++++
 .../wdsc-windows-10-in-s-mode.md                  |  8 --------
 2 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 74fe21d3ec..f03d8c0fdf 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -47,6 +47,21 @@
        href: cryptography-certificate-mgmt.md
      - name: The Windows Security app
        href: threat-protection/windows-defender-security-center/windows-defender-security-center.md
+       items:
+       - name: Virus & threat protection
+         href: threat-protection\windows-defender-security-center\wdsc-virus-threat-protection.md
+       - name: Account protection
+         href: threat-protection\windows-defender-security-center\wdsc-account-protection.md
+       - name: Firewall & network protection
+         href: threat-protection\windows-defender-security-center\wdsc-firewall-network-protection.md
+       - name: App & browser control
+         href: threat-protection\windows-defender-security-center\wdsc-app-browser-control.md
+       - name: Device security
+         href: threat-protection\windows-defender-security-center\wdsc-device-security.md
+       - name: Device performance & health
+         href: threat-protection\windows-defender-security-center\wdsc-device-performance-health.md
+       - name: Family options
+         href: threat-protection\windows-defender-security-center\wdsc-family-options.md
      - name: Security policy settings
        href: threat-protection/security-policy-settings/security-policy-settings.md
      - name: Security auditing
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md
index 30cc06c3d0..3b0f4cf952 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md
@@ -22,14 +22,6 @@ ms.technology: mde
 
 - Windows 10 in S mode, version 1803
 
-**Audience**
-
-- Enterprise security administrators
-
-**Manageability available with**
-
-- Microsoft Intune
-
 Windows 10 in S mode is streamlined for tighter security and superior performance. With Windows 10 in S mode, users can only use apps from the Microsoft Store, ensuring Microsoft-verified security so you can minimize malware attacks. In addition, using Microsoft Edge provides a more secure browser experience, with extra protections against phishing and malicious software.
 
 The Windows Security interface is a little different in Windows 10 in S mode. The **Virus & threat protection** area has fewer options, because the built-in security of Windows 10 in S mode prevents viruses and other threats from running on devices in your organization. In addition, devices running Windows 10 in S mode receive security updates automatically.

From 5f6256d33b33406d7431e76824dcf5a0c1746e27 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 16 Sep 2021 19:41:51 -0700
Subject: [PATCH 479/671] removing ?view=o365-worldwide

---
 windows/security/operating-system.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 75e536d9cf..9c4e6c86ea 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -12,6 +12,7 @@ author: denisebmsft
 ms.collection: M365-security-compliance
 ms.prod: m365-security
 ms.technology: windows-sec
+ms.date: 
 ---
 
 # Windows operating system security
@@ -37,5 +38,5 @@ Windows Security app | The Windows built-in security application found in settin
 | Network protection | Network protection in Windows helps prevent users from accessing dangerous IP addresses and domains that may host phishing scams, exploits, and other malicious content on the Internet. Network protection is part of attack surface reduction and helps provide an additional layer of protection for a user. Using reputation-based services, network protection blocks access to potentially harmful, low-reputation based domains and IP addresses. <br/><br/>In enterprise environments, network protection works best with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/), which provides detailed reporting into protection events as part of larger investigation scenarios.<br/><br/> Learn more about [Network protection](/microsoft-365/security/defender-endpoint/network-protection). |
 | Controlled folder access | With controlled folder access, you can protect your valuable information in specific folders by managing apps’ access to specific folders. Only trusted apps can access protected folders, which are specified when controlled folder access is configured. Typically, commonly used folders, such as those used for documents, pictures, downloads, are included in the list of controlled folders. Controlled folder access helps protect valuable data from malicious apps and threats, such as ransomware. <br/><br/>Learn more about [Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders). |
 | Exploit protection | Exploit protection, available in Windows 10, version 1709 and later, automatically applies several exploit mitigation techniques to operating system processes and apps. Exploit protection works best with Microsoft Defender for Endpoint, which gives organizations detailed reporting into exploit protection events and blocks as part of typical alert investigation scenarios. <br/><br/>You can enable exploit protection on an individual device, and then use Group Policy to distribute the XML file to multiple devices simultaneously. When a mitigation is encountered on the device, a notification will be displayed from the Action Center. You can customize the notification with your company details and contact information. You can also enable the rules individually to customize which techniques the feature monitors.<br/><br/>Learn more about [Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection). | 
-| Microsoft Defender for Endpoint | Windows E5 customers benefit from [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide), an enterprise endpoint detection and response capability that helps enterprise security teams detect, investigate, and respond to advanced threats. With rich event data and attack insights, Defender for Endpoint enables your security team to investigate incidents and take remediation actions effectively and efficiently.<br/><br/>Defender for Endpoint also is part of [Microsoft 365 Defender](/microsoft-365/security/defender/?view=o365-worldwide), a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.<br/><br/>Learn more about [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint) and [Microsoft 365 Defender](/microsoft-365/security/defender/?view=o365-worldwide). |
+| Microsoft Defender for Endpoint | Windows E5 customers benefit from [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint), an enterprise endpoint detection and response capability that helps enterprise security teams detect, investigate, and respond to advanced threats. With rich event data and attack insights, Defender for Endpoint enables your security team to investigate incidents and take remediation actions effectively and efficiently.<br/><br/>Defender for Endpoint also is part of [Microsoft 365 Defender](/microsoft-365/security/defender/), a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.<br/><br/>Learn more about [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint) and [Microsoft 365 Defender](/microsoft-365/security/defender/). |
 

From 4991b4a99d6a46d114c300ae6ab903ee72b1643f Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 16 Sep 2021 19:53:24 -0700
Subject: [PATCH 480/671] updating cloud toc

---
 windows/security/TOC.yml | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 05b67211e7..78af7bca44 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -341,15 +341,11 @@
    - name: Modern device management with Windows 11
      href: mdm-windows.md
    - name: Windows 11 secured-core devices (need link)
-     href: https://docs.microsoft.com/windows/whats-new/windows-11
-   - name: Windows 365 Cloud PCs (need link)
-     href: https://docs.microsoft.com/windows/whats-new/windows-11
-   - name: Windows 365 for Enterprise (need link)
-     href: https://docs.microsoft.com/windows/whats-new/windows-11
-   - name: Windows 365 for Business (need link)
-     href: https://docs.microsoft.com/windows/whats-new/windows-11
+     href: /windows-hardware/design/device-experiences/oem-highly-secure
+   - name: Windows 365 Cloud PCs
+     href: /windows-365/overview
    - name: Azure Virtual Desktop (need link)
-     href: https://docs.microsoft.com/windows/whats-new/windows-11
+     href: /azure/virtual-desktop/
 - name: User protection
   items:
     - name: Overview

From 8d75b4f1800b988e752dc5aabc4f48d0f32cde9d Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 16 Sep 2021 19:57:07 -0700
Subject: [PATCH 481/671] Windows 10 & 11

---
 windows/security/encryption-data-protection.md | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/windows/security/encryption-data-protection.md b/windows/security/encryption-data-protection.md
index 1841a48867..b9967d05ac 100644
--- a/windows/security/encryption-data-protection.md
+++ b/windows/security/encryption-data-protection.md
@@ -1,6 +1,6 @@
 ---
-title: Encryption and data protection in Windows 11
-description: Get an overview encryption and data protection in Windows 11
+title: Encryption and data protection in Windows
+description: Get an overview encryption and data protection in Windows 11 and Windows 10
 search.appverid: MET150 
 author: denisebmsft
 ms.author: deniseb
@@ -16,13 +16,10 @@ ms.reviewer: deepakm, rafals
 f1.keywords: NOCSH  
 ---
 
-# Encryption and data protection in Windows 11
+# Encryption and data protection in Windows client
 
-*This article provides a brief overview of encryption and data protection built into Windows 11.*
-
-When people travel with their computers and devices, their confidential information travels with them. Wherever confidential data is stored, it must be protected against unauthorized access, whether through physical device theft or from malicious applications. Windows has a long history of providing at-rest data-protection solutions that guard against nefarious attackers, starting with the Encrypting File System (EFS) in the Windows 2000 operating system. 
-
-In Windows 11, encryption and data protection features include:
+When people travel with their computers and devices, their confidential information travels with them. Wherever confidential data is stored, it must be protected against unauthorized access, whether through physical device theft or from malicious applications. 
+Encryption and data protection features include:
 
 - Encrypted Hard Drive
 - BitLocker
@@ -54,4 +51,3 @@ Windows consistently improves data protection by improving existing options and
 
 - [Encrypted Hard Drive](information-protection/encrypted-hard-drive.md)
 - [BitLocker](information-protection/bitlocker/bitlocker-overview.md)
-

From 120fd20bb612f24fa75d200a243b1c863cf9c7eb Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 16 Sep 2021 20:08:22 -0700
Subject: [PATCH 482/671] updating identity

---
 windows/security/TOC.yml     | 6 +++---
 windows/security/identity.md | 4 +---
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 78af7bca44..22300ecb09 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -340,13 +340,13 @@
      href: cloud.md
    - name: Modern device management with Windows 11
      href: mdm-windows.md
-   - name: Windows 11 secured-core devices (need link)
+   - name: Windows 11 secured-core devices
      href: /windows-hardware/design/device-experiences/oem-highly-secure
    - name: Windows 365 Cloud PCs
      href: /windows-365/overview
-   - name: Azure Virtual Desktop (need link)
+   - name: Azure Virtual Desktop
      href: /azure/virtual-desktop/
-- name: User protection
+- name: identity protection
   items:
     - name: Overview
       href: identity.md
diff --git a/windows/security/identity.md b/windows/security/identity.md
index 5a1dd59008..259aebe12d 100644
--- a/windows/security/identity.md
+++ b/windows/security/identity.md
@@ -15,9 +15,7 @@ ms.technology: windows-sec
 
 # Windows identity security
  
-Malicious actors launch an average of 50 million password attacks every day—579 per second. And Identity is the battleground for attacks of the future. Knowing that the right user is accessing the right device and the right data is critical to keeping your business, family, and self, safe and secure. Windows 11 correctly identifies users while delivering a high-quality user experience, which helps hybrid and remote workers stay productive without sacrificing security.
-
-New Windows 11 devices protect users by removing vulnerable passwords by default, from day one. Weak passwords, password spraying, and phishing are the entry point for many attacks. Windows Hello, Windows Hello for Business, and Credential Guard enable customers to move to passwordless multifactor authentication (MFA). MFA can reduce the risk of compromise in organizations by more than 99.9 percent. As remote and hybrid work becomes the new normal, Windows 11 gives IT teams a variety of MFA options to meet business and consumer needs while complying with ever-evolving regulations.
+Malicious actors launch millions of password attacks every day. Weak passwords, password spraying, and phishing are the entry point for many attacks. Knowing that the right user is accessing the right device and the right data is critical to keeping your business, family, and self, safe and secure.  Windows Hello, Windows Hello for Business, and Credential Guard enable customers to move to passwordless multifactor authentication (MFA). MFA can reduce the risk of compromise in organizations.
 
 | Security capabilities | Description |
 |:---|:---|

From 6becfcb915ca5cec3499a809b03899a1f79093cf Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 16 Sep 2021 20:23:46 -0700
Subject: [PATCH 483/671] ch ch ch changes

---
 windows/security/TOC.yml     | 26 +++++++++++++-------------
 windows/security/cloud.md    |  3 +--
 windows/security/identity.md |  4 ++--
 3 files changed, 16 insertions(+), 17 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 22300ecb09..edabc8b73e 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -35,6 +35,8 @@
       href: threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md    
     - name: Kernel DMA Protection
       href: information-protection/kernel-dma-protection-for-thunderbolt.md
+    - name: Windows 11 secured-core devices
+      href: /windows-hardware/design/device-experiences/oem-highly-secure
 - name: Operating system security
   items: 
    - name: Overview
@@ -334,19 +336,7 @@
      href: identity-protection\configure-s-mime.md
    - name: Windows Credential Theft Mitigation Guide Abstract
      href: identity-protection\windows-credential-theft-mitigation-guide-abstract.md 
-- name: Cloud services
-  items:
-   - name: Overview
-     href: cloud.md
-   - name: Modern device management with Windows 11
-     href: mdm-windows.md
-   - name: Windows 11 secured-core devices
-     href: /windows-hardware/design/device-experiences/oem-highly-secure
-   - name: Windows 365 Cloud PCs
-     href: /windows-365/overview
-   - name: Azure Virtual Desktop
-     href: /azure/virtual-desktop/
-- name: identity protection
+- name: Identity and user security
   items:
     - name: Overview
       href: identity.md
@@ -452,6 +442,16 @@
                   href: identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md
             - name: Tpmvscmgr
               href: identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
+- name: Cloud services
+  items:
+   - name: Overview
+     href: cloud.md
+   - name: Modern device management with Windows 11
+     href: mdm-windows.md
+   - name: Windows 365 Cloud PCs
+     href: /windows-365/overview
+   - name: Azure Virtual Desktop
+     href: /azure/virtual-desktop/
 - name: Security foundations
   items: 
     - name: Overview
diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index f65cdf002c..78bd1111d0 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -28,11 +28,10 @@ Windows 11 includes the cloud services that are listed in the following table:<b
 
 | Service type | Description |
 |:---|:---|
-| Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/><br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere.<br/><br/>To learn more, see [What is Azure AD?](/azure/active-directory/fundamentals/active-directory-whatis) |
 | Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>To learn more, see [MDM and Windows 11](mdm-windows.md). |
 | Microsoft account | When users add their Microsoft account to Windows 11, they can bring their Windows, Microsoft Edge, Xbox settings, web page favorites, files, photos, and more across their devices. <br/><br/>The Microsoft account enables people to manage everything in one place. They can keep tabs on their subscriptions and order history, organize their family's digital life, update their privacy and security settings, track the health and safety of their devices, and even get rewards. <br/><br/>To learn more, see [Microsoft Accounts](identity-protection/access-control/microsoft-accounts.md).|
 | OneDrive | OneDrive is your online storage for your files, photos, and data. OneDrive provides extra security, backup, and restore options for important files and photos. With options for both personal and business, people can use OneDrive to store and protect files in the cloud, allowing users to them on their laptops, desktops, and mobile devices. If a device is lost or stolen, people can quickly recover all their important files, photos, and data. <br/><br/>The OneDrive Personal Vault also provides protection for your most sensitive files without losing the convenience of anywhere access. Files are secured by identity verification, yet easily accessible to users across their devices. [Learn how to set up your Personal Vault](https://support.microsoft.com/office/protect-your-onedrive-files-in-personal-vault-6540ef37-e9bf-4121-a773-56f98dce78c4). <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. [Learn more about how to recover from a ransomware attack using Office 365](/microsoft-365/security/office-365-security/recover-from-ransomware). |
-| Family safety | Microsoft Family Safety empowers people and their family members to create healthy habits and protect their loved ones, both online and offline. People can use their Microsoft account to create a family group on Windows, Xbox, or your mobile devices, and then customize their family settings by using the `family.microsoft.com` website or the Microsoft Family Safety app on Android and iOS.<br/><br/>[Learn more about Microsoft Family Safety](https://www.microsoft.com/en-us/microsoft-365/family-safety).   |
+| Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/><br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere.<br/><br/>To learn more, see [What is Azure AD?](/azure/active-directory/fundamentals/active-directory-whatis) |
 
 ## Next steps
 
diff --git a/windows/security/identity.md b/windows/security/identity.md
index 259aebe12d..b9a43f3ca6 100644
--- a/windows/security/identity.md
+++ b/windows/security/identity.md
@@ -1,5 +1,5 @@
 ---
-title: Windows identity security
+title: Windows identity and user security
 description: Get an overview of identity security in Windows 11 and Windows 10
 ms.reviewer: 
 manager: dansimp
@@ -13,7 +13,7 @@ ms.prod: m365-security
 ms.technology: windows-sec
 ---
 
-# Windows identity security
+# Windows identity and user security
  
 Malicious actors launch millions of password attacks every day. Weak passwords, password spraying, and phishing are the entry point for many attacks. Knowing that the right user is accessing the right device and the right data is critical to keeping your business, family, and self, safe and secure.  Windows Hello, Windows Hello for Business, and Credential Guard enable customers to move to passwordless multifactor authentication (MFA). MFA can reduce the risk of compromise in organizations.
 

From 7c37664b9388f7c81a84bb0434f03751f36b618f Mon Sep 17 00:00:00 2001
From: Alekhya Jupudi <v-aljupudi@microsoft.com>
Date: Fri, 17 Sep 2021 11:59:52 +0530
Subject: [PATCH 484/671] Updated the file as per feedback and suggestions

---
 ...policy-csp-localpoliciessecurityoptions.md | 115 +++++++-----------
 1 file changed, 41 insertions(+), 74 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
index 50d1696f71..256a265ebe 100644
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@@ -666,9 +666,8 @@ For a computer to print to a shared printer, the driver for that shared printer
 Default on servers: Enabled.
 Default on workstations: Disabled
 
-Note
-
-This setting does not affect the ability to add a local printer. This setting does not affect Administrators.
+[!Note]
+>This setting does not affect the ability to add a local printer. This setting does not affect Administrators.
 
 <!--/Description-->
 <!--RegistryMapped-->
@@ -1412,21 +1411,16 @@ This security setting determines whether packet signing is required by the SMB c
 
 If this setting is enabled, the Microsoft network client will not communicate with a Microsoft network server unless that server agrees to perform SMB packet signing. If this policy is disabled, SMB packet signing is negotiated between the client and server. 
  
-Default: Disabled.  
-
->[!Important] 
->For this policy to take effect on computers running Windows 2000, client-side packet signing must also be enabled. To enable client-side SMB packet signing, set Microsoft network client: Digitally sign communications (if server agrees). 
+Default: Disabled.   
 
 >[!Note] 
->All Windows operating systems support both a client-side SMB component and a server-side SMB component.
-
-On Windows 2000 and later operating systems, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings: 
-- Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing. 
-- Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
-- Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing. 
-- Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled. 
-
-SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136."
+>All Windows operating systems support both a client-side SMB component and a server-side SMB component.Enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
+>- Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing. 
+>- Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
+>- Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing. 
+>- Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled. 
+>
+>SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](https://docs.microsoft.com/troubleshoot/windows-server/networking/reduced-performance-after-smb-encryption-signing).
 
 <!--/Description-->
 <!--RegistryMapped-->
@@ -1500,17 +1494,15 @@ If this setting is enabled, the Microsoft network client will ask the server to
 Default: Enabled.
 
 >[!Note]
->All Windows operating systems support both a client-side SMB component and a server-side SMB component. 
-
-On Windows 2000 and later, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
-- Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
-- Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
-- Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
-- Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
-If both client-side and server-side SMB signing is enabled and the client establishes an SMB 1.0 connection to the server, SMB signing will be attempted.
-
-SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections.
-For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.
+>All Windows operating systems support both a client-side SMB component and a server-side SMB component. Enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
+>- Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
+>- Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
+>- Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
+>- Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
+>If both client-side and server-side SMB signing is enabled and the client establishes an SMB 1.0 connection to the server, SMB signing will be attempted.
+>
+>SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections.
+For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](https://docs.microsoft.com/troubleshoot/windows-server/networking/reduced-performance-after-smb-encryption-signing).
 
 <!--/Description-->
 <!--RegistryMapped-->
@@ -1734,30 +1726,18 @@ The server message block (SMB) protocol provides the basis for Microsoft file an
 
 If this setting is enabled, the Microsoft network server will not communicate with a Microsoft network client unless that client agrees to perform SMB packet signing. If this setting is disabled, SMB packet signing is negotiated between the client and server.
 
-Default:
-
-Disabled for member servers.
-Enabled for domain controllers.
+Default: Disabled for member servers. Enabled for domain controllers.
 
 >[!Note]
->All Windows operating systems support both a client-side SMB component and a server-side SMB component. 
-
-On Windows 2000 and later, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
-- Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
-- Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
-- Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
-- Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
-
-Similarly, if client-side SMB signing is required, that client will not be able to establish a session with servers that do not have packet signing enabled. By default, server-side SMB signing is enabled only on domain controllers.
-If server-side SMB signing is enabled, SMB packet signing will be negotiated with clients that have client-side SMB signing enabled.
-SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors.
-
->[!Important]
->For this policy to take effect on computers running Windows 2000, server-side packet signing must also be enabled. To enable server-side SMB packet signing, set the following policy: Microsoft network server: Digitally sign communications (if server agrees)
-
-For Windows 2000 servers to negotiate signing with Windows NT 4.0 clients, the following registry value must be set to 1 on the Windows 2000 server:
-HKLM\System\CurrentControlSet\Services\lanmanserver\parameters\enableW9xsecuritysignature
-For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.
+>All Windows operating systems support both a client-side SMB component and a server-side SMB component. Enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
+>- Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
+>- Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
+>- Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
+>- Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
+>
+>Similarly, if client-side SMB signing is required, that client will not be able to establish a session with servers that do not have packet signing enabled. By default, server-side SMB signing is enabled only on domain controllers.
+>If server-side SMB signing is enabled, SMB packet signing will be negotiated with clients that have client-side SMB signing enabled.
+>SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](https://docs.microsoft.com/troubleshoot/windows-server/networking/reduced-performance-after-smb-encryption-signing).
 
 <!--/Description-->
 <!--RegistryMapped-->
@@ -1830,21 +1810,16 @@ If this setting is enabled, the Microsoft network server will negotiate SMB pack
 
 Default: Enabled on domain controllers only.
 
->[!Important]
->For Windows 2000 servers to negotiate signing with Windows NT 4.0 clients, the following registry value must be set to 1 on the server running Windows 2000: HKLM\System\CurrentControlSet\Services\lanmanserver\parameters\enableW9xsecuritysignature
-
 >[!Note]
-> All Windows operating systems support both a client-side SMB component and a server-side SMB component. 
-
-For Windows 2000 and above, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
-- Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
-- Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
-- Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
-- Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
-If both client-side and server-side SMB signing is enabled and the client establishes an SMB 1.0 connection to the server, SMB signing will be attempted.
-
-SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections.
-For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.
+> All Windows operating systems support both a client-side SMB component and a server-side SMB component. Enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
+>- Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
+>- Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
+>- Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
+>- Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
+>If both client-side and server-side SMB signing is enabled and the client establishes an SMB 1.0 connection to the server, SMB signing will be attempted.
+>
+>SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections.
+For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](https://docs.microsoft.com/troubleshoot/windows-server/networking/reduced-performance-after-smb-encryption-signing).
 
 <!--/Description-->
 <!--RegistryMapped-->
@@ -2347,11 +2322,6 @@ This security setting determines if, at the next password change, the LAN Manage
 Default on Windows Vista and above: Enabled
 Default on Windows XP: Disabled.
 
-Important
-
-Windows 2000 Service Pack 2 (SP2) and above offer compatibility with authentication to previous versions of Windows, such as Microsoft Windows NT 4.0.
-This setting can affect the ability of computers running Windows 2000 Server, Windows 2000 Professional, Windows XP, and the Windows Server 2003 family to communicate with computers running Windows 95 and Windows 98.
-
 <!--/Description-->
 <!--RegistryMapped-->
 GP Info:  
@@ -2429,12 +2399,9 @@ Send NTLMv2 response only\refuse LM: Clients use NTLMv2 authentication only and
 
 Send NTLMv2 response only\refuse LM and NTLM: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers refuse LM and NTLM (accept only NTLMv2 authentication).
 
->[!Important]
->This setting can affect the ability of computers running Windows 2000 Server, Windows 2000 Professional, Windows XP Professional, and the Windows Server 2003 family to communicate with computers running Windows NT 4.0 and earlier over the network. For example, at the time of this writing, computers running Windows NT 4.0 SP4 and earlier did not support NTLMv2. Computers running Windows 95 and Windows 98 did not support NTLM.
-
 Default:
 
-Windows 2000 and windows XP: send LM and NTLM responses
+windows XP: send LM and NTLM responses
 
 Windows Server 2003: Send NTLM response only
 
@@ -2510,7 +2477,7 @@ This security setting allows a client device to require the negotiation of 128-b
 
 Default:
 
-Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows Server 2008: No requirements.
+Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008: No requirements.
 
 Windows 7 and Windows Server 2008 R2: Require 128-bit encryption.
 
@@ -2584,7 +2551,7 @@ Require 128-bit encryption. The connection will fail if strong encryption (128-b
 
 Default:
 
-Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows Server 2008: No requirements.
+Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008: No requirements.
 
 Windows 7 and Windows Server 2008 R2: Require 128-bit encryption
 

From 49b4a83d17ed83c4e1f61f4544e85791a83a355a Mon Sep 17 00:00:00 2001
From: Alekhya Jupudi <v-aljupudi@microsoft.com>
Date: Fri, 17 Sep 2021 13:38:48 +0530
Subject: [PATCH 485/671] Update policy-csp-localpoliciessecurityoptions.md

---
 .../mdm/policy-csp-localpoliciessecurityoptions.md     | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
index 256a265ebe..d88347f9e1 100644
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@@ -666,7 +666,7 @@ For a computer to print to a shared printer, the driver for that shared printer
 Default on servers: Enabled.
 Default on workstations: Disabled
 
-[!Note]
+>[!Note]
 >This setting does not affect the ability to add a local printer. This setting does not affect Administrators.
 
 <!--/Description-->
@@ -1420,7 +1420,7 @@ Default: Disabled.
 >- Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing. 
 >- Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled. 
 >
->SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](https://docs.microsoft.com/troubleshoot/windows-server/networking/reduced-performance-after-smb-encryption-signing).
+>SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](https://github.com/MicrosoftDocs/SupportArticles-docs/blob/d3eb07e4942ef66cbb98d8e2a0df5cfb598230a7/support/windows-server/networking/reduced-performance-after-smb-encryption-signing.md) .
 
 <!--/Description-->
 <!--RegistryMapped-->
@@ -1502,7 +1502,7 @@ Default: Enabled.
 >If both client-side and server-side SMB signing is enabled and the client establishes an SMB 1.0 connection to the server, SMB signing will be attempted.
 >
 >SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections.
-For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](https://docs.microsoft.com/troubleshoot/windows-server/networking/reduced-performance-after-smb-encryption-signing).
+For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](https://github.com/MicrosoftDocs/SupportArticles-docs/blob/d3eb07e4942ef66cbb98d8e2a0df5cfb598230a7/support/windows-server/networking/reduced-performance-after-smb-encryption-signing.md).
 
 <!--/Description-->
 <!--RegistryMapped-->
@@ -1737,7 +1737,7 @@ Default: Disabled for member servers. Enabled for domain controllers.
 >
 >Similarly, if client-side SMB signing is required, that client will not be able to establish a session with servers that do not have packet signing enabled. By default, server-side SMB signing is enabled only on domain controllers.
 >If server-side SMB signing is enabled, SMB packet signing will be negotiated with clients that have client-side SMB signing enabled.
->SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](https://docs.microsoft.com/troubleshoot/windows-server/networking/reduced-performance-after-smb-encryption-signing).
+>SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](https://github.com/MicrosoftDocs/SupportArticles-docs/blob/d3eb07e4942ef66cbb98d8e2a0df5cfb598230a7/support/windows-server/networking/reduced-performance-after-smb-encryption-signing.md).
 
 <!--/Description-->
 <!--RegistryMapped-->
@@ -1819,7 +1819,7 @@ Default: Enabled on domain controllers only.
 >If both client-side and server-side SMB signing is enabled and the client establishes an SMB 1.0 connection to the server, SMB signing will be attempted.
 >
 >SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections.
-For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](https://docs.microsoft.com/troubleshoot/windows-server/networking/reduced-performance-after-smb-encryption-signing).
+For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](https://github.com/MicrosoftDocs/SupportArticles-docs/blob/d3eb07e4942ef66cbb98d8e2a0df5cfb598230a7/support/windows-server/networking/reduced-performance-after-smb-encryption-signing.md).
 
 <!--/Description-->
 <!--RegistryMapped-->

From 3db89c2afdcc8d5d10e07ad603bb85bc7adc654e Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Fri, 17 Sep 2021 15:40:54 +0530
Subject: [PATCH 486/671] Updated

---
 .../mdm/policies-in-policy-csp-admx-backed.md |  1 -
 .../policy-configuration-service-provider.md  |  7 ----
 ...-csp-admx-feeds.md => policy-csp-feeds.md} | 36 ++++++++-----------
 3 files changed, 15 insertions(+), 29 deletions(-)
 rename windows/client-management/mdm/{policy-csp-admx-feeds.md => policy-csp-feeds.md} (53%)

diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index e215f891b8..586e5edcc6 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -280,7 +280,6 @@ ms.date: 10/08/2020
 - [ADMX_ExternalBoot/PortableOperatingSystem_Hibernate](./policy-csp-admx-externalboot.md#admx-externalboot-portableoperatingsystem_hibernate)
 - [ADMX_ExternalBoot/PortableOperatingSystem_Sleep](./policy-csp-admx-externalboot.md#admx-externalboot-portableoperatingsystem_sleep)
 - [ADMX_ExternalBoot/PortableOperatingSystem_Launcher](./policy-csp-admx-externalboot.md#admx-externalboot-portableoperatingsystem_launcher)
-- [ADMX_Feeds/FeedsEnabled](./policy-csp-admx-feeds.md#admx-feeds-feedsenabled)
 - [ADMX_FileRecovery/WdiScenarioExecutionPolicy](./policy-csp-admx-filerecovery.md#admx-filerecovery-wdiscenarioexecutionpolicy)
 - [ADMX_FileServerVSSProvider/Pol_EncryptProtocol](./policy-csp-admx-fileservervssprovider.md#admx-fileservervssprovider-pol-encryptprotocol)
 - [ADMX_FileSys/DisableCompression](./policy-csp-admx-filesys.md#admx-filesys-disablecompression)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index fa753bd3f4..6922bada43 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -1144,13 +1144,6 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 <dl>
 
-### ADMX_Feeds policies
-<dl>
-  <dd>
-    <a href="./policy-csp-admx-feeds.md#admx-feeds-feedsenabled" id="admx-feeds-feedsenabled">ADMX_Feeds/FeedsEnabled</a>
-  </dd>
-</dl>
-
 ### ADMX_FileRecovery policies
 <dl>
   <dd>
diff --git a/windows/client-management/mdm/policy-csp-admx-feeds.md b/windows/client-management/mdm/policy-csp-feeds.md
similarity index 53%
rename from windows/client-management/mdm/policy-csp-admx-feeds.md
rename to windows/client-management/mdm/policy-csp-feeds.md
index b96c8f3500..bc8b0b1996 100644
--- a/windows/client-management/mdm/policy-csp-admx-feeds.md
+++ b/windows/client-management/mdm/policy-csp-feeds.md
@@ -1,27 +1,30 @@
 ---
-title: Policy CSP - ADMX_Feeds
-description: Policy CSP - ADMX_Feeds
+title: Policy CSP - Feeds
+description: Use the Policy CSP - Feeds setting policy specifies whether news and interests is allowed on the device.
+.
 ms.author: dansimp
-ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nimishasatapathy
-ms.date: 09/16/2021
+ms.localizationpriority: medium
+ms.date: 09/17/2021
 ms.reviewer: 
 manager: dansimp
 ---
 
-# Policy CSP - ADMX_Feeds
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+# Policy CSP - Feeds
+
+
 
 <hr/>
 
 <!--Policies-->
+## Feeds policies  
+
 <dl>
   <dd>
-    <a href="#admx-feeds-feedsenabled">ADMX_Feeds/FeedsEnabled</a>
+    <a href="#feeds-feedsenabled">Feeds/FeedsEnabled</a>
   </dd>
 </dl>
 
@@ -29,7 +32,7 @@ manager: dansimp
 <hr/>
 
 <!--Policy-->
-<a href="" id="admx-feeds-feedsenabled"></a>**ADMX_Feeds/FeedsEnabled**  
+<a href="" id="feeds-feedsenabled"></a>**Feeds/FeedsEnabled**  
 
 <!--SupportedSKUs-->
 <table>
@@ -74,9 +77,10 @@ manager: dansimp
 > [!div class = "checklist"]
 > * Machine
 
+<hr/>
+
 <!--/Scope-->
 <!--Description-->
-
 This policy setting specifies whether news and interests is allowed on the device.
 
 The values for this policy are 1 and 0. This policy defaults to 1.
@@ -86,26 +90,16 @@ The values for this policy are 1 and 0. This policy defaults to 1.
 - 0 - News and interests feature will be turned off completely, and the settings UI in Taskbar context menu will be removed.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP Friendly name: *Enable news and interests on the taskbar.*
+-   GP Friendly name: *Enable news and interests on the taskbar*
 -   GP name: *FeedsEnabled*
 -   GP path: *Windows Components\News and interests*
 -   GP ADMX file name: *Feeds.admx*
 
 <!--/ADMXBacked-->
 <!--/Policy-->
-<hr/>
-
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 <!--/Policies-->
 

From adca70b7787282d526ceec93d3e56d153a6a6b70 Mon Sep 17 00:00:00 2001
From: Ashok Lobo <v-ashoklobo@microsoft.com>
Date: Fri, 17 Sep 2021 15:58:16 +0530
Subject: [PATCH 487/671] Incorporated the review comments

---
 .../administrative-tools-in-windows-10.md           |  4 ++--
 .../advanced-troubleshooting-802-authentication.md  |  2 +-
 .../client-management/connect-to-remote-aadj-pc.md  |  4 ++--
 .../client-management/manage-corporate-devices.md   |  8 ++++----
 .../manage-device-installation-with-group-policy.md | 13 +++++++------
 windows/client-management/quick-assist.md           |  2 +-
 .../troubleshoot-tcpip-port-exhaust.md              |  2 +-
 7 files changed, 18 insertions(+), 17 deletions(-)

diff --git a/windows/client-management/administrative-tools-in-windows-10.md b/windows/client-management/administrative-tools-in-windows-10.md
index 8cf6c2a75d..b7d0186f19 100644
--- a/windows/client-management/administrative-tools-in-windows-10.md
+++ b/windows/client-management/administrative-tools-in-windows-10.md
@@ -1,5 +1,5 @@
 ---
-title: Administrative Tools in Windows 10 and Windows 11
+title: Administrative Tools in Windows 
 description: Administrative Tools is a folder in Control Panel that contains tools for system administrators and advanced users.
 ms.assetid: FDC63933-C94C-43CB-8373-629795926DC8
 ms.reviewer: 
@@ -55,7 +55,7 @@ These tools were included in previous versions of Windows. The associated docume
 -   [Windows Memory Diagnostic]( https://go.microsoft.com/fwlink/p/?LinkId=708507)
 
 > [!TIP]
-> If the content that is linked to a tool in the following list doesn't provide the information you need to use that tool, send us a comment by using the **Was this page helpful?** feature on this **Administrative Tools in Windows** page. Details about the information you want for a tool will help us plan future content. 
+> If the content that is linked to a tool in the following list doesn't provide the information you need to use that tool, send us a comment by using the **Was this page helpful?** feature on this **Administrative Tools in Windows 10** or **Administrative Tools in Windows 11** page. Details about the information you want for a tool will help us plan future content. 
 
 ## Related topics
 
diff --git a/windows/client-management/advanced-troubleshooting-802-authentication.md b/windows/client-management/advanced-troubleshooting-802-authentication.md
index 80304a3e5f..d3f7cdaa23 100644
--- a/windows/client-management/advanced-troubleshooting-802-authentication.md
+++ b/windows/client-management/advanced-troubleshooting-802-authentication.md
@@ -21,7 +21,7 @@ This article includes general troubleshooting for 802.1X wireless and wired clie
  
 ## Scenarios
 
-This troubleshooting technique applies to any scenario in which wireless or wired connections with 802.1X authentication is attempted and then fails to establish. The workflow covers Windows 7 through Windows 10 (and Windows 11) for clients, and Windows Server 2008 R2 through Windows Server 2012 R2 for NPS.
+This troubleshooting technique applies to any scenario in which wireless or wired connections with 802.1X authentication is attempted and then fails to establish. The workflow covers Windows 7 through Windows 11 for clients, and Windows Server 2008 R2 through Windows Server 2012 R2 for NPS.
  
 ## Known issues
 
diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md
index 63d3683704..d35a51b495 100644
--- a/windows/client-management/connect-to-remote-aadj-pc.md
+++ b/windows/client-management/connect-to-remote-aadj-pc.md
@@ -1,5 +1,5 @@
 ---
-title: Connect to remote Azure Active Directory-joined PC (Windows 10 and Windows 11)
+title: Connect to remote Azure Active Directory-joined PC (Windows)
 description: You can use Remote Desktop Connection to connect to an Azure AD-joined PC.
 keywords: ["MDM", "device management", "RDP", "AADJ"]
 ms.prod: w10
@@ -29,7 +29,7 @@ From its release, Windows 10 has supported remote connections to PCs joined to A
 
 ## Set up
 
-- Both PCs (local and remote) must be running Windows 10, version 1607 or later or Windows 11. Remote connections to an Azure AD-joined PC running earlier versions of Windows 10 are not supported.
+- Both PCs (local and remote) must be running Windows 10, version 1607 or later. Remote connections to an Azure AD-joined PC running earlier versions of Windows 10 are not supported.
 - Your local PC (where you are connecting from) must be either Azure AD-joined or Hybrid Azure AD-joined if using Windows 10, version 1607 and above, or [Azure AD registered](/azure/active-directory/devices/concept-azure-ad-register) if using Windows 10, version 2004 and above. Remote connections to an Azure AD-joined PC from an unjoined device or a non-Windows 10 device are not supported. 
 - The local PC and remote PC must be in the same Azure AD tenant. Azure AD B2B guests are not supported for Remote desktop. 
 
diff --git a/windows/client-management/manage-corporate-devices.md b/windows/client-management/manage-corporate-devices.md
index 25dcf468c0..b1ab3c2cab 100644
--- a/windows/client-management/manage-corporate-devices.md
+++ b/windows/client-management/manage-corporate-devices.md
@@ -1,6 +1,6 @@
 ---
-title: Manage corporate devices (Windows 10 and Windows 11)
-description: You can use the same management tools to manage all device types running Windows 10 desktops, laptops, tablets, and phones.
+title: Manage corporate devices (Windows)
+description: You can use the same management tools to manage all device types running Windows 10 or Windows 11 desktops, laptops, tablets, and phones.
 ms.assetid: 62D6710C-E59C-4077-9C7E-CE0A92DFC05D
 ms.reviewer: 
 manager: dansimp
@@ -24,7 +24,7 @@ ms.topic: article
 - Windows 10
 - Windows 11
 
-You can use the same management tools to manage all device types running Windows 10 and Windows 11: desktops, laptops, tablets, and phones. And your current management tools, such as Group Policy, Windows Management Instrumentation (WMI), PowerShell scripts, System Center tools, and so on, will continue to work for Windows 10 and Windows 11.
+You can use the same management tools to manage all device types running Windows 10 or Windows 11 desktops, laptops, tablets, and phones. And your current management tools, such as Group Policy, Windows Management Instrumentation (WMI), PowerShell scripts, System Center tools, and so on, will continue to work for Windows 10 and Windows 11.
 
 ## In this section
 
@@ -36,7 +36,7 @@ You can use the same management tools to manage all device types running Windows
 | [New policies for Windows 10](new-policies-for-windows-10.md) | New Group Policy settings added in Windows 10 |
 | [Group Policies that apply only to Windows 10 Enterprise and Windows 10 Education](group-policies-for-enterprise-and-education-editions.md) | Group Policy settings that apply only to Windows 10 Enterprise and Windows 10 Education |
 | [Changes to Group Policy settings for Start in Windows 10](/windows/configuration/changes-to-start-policies-in-windows-10) | Changes to the Group Policy settings that you use to manage Start |
-| [Introduction to configuration service providers (CSPs) for IT pros](/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers) | How IT pros and system administrators can take advantage of many settings available through CSPs to configure devices running Windows 10 and Windows 11 in their organizations |
+| [Introduction to configuration service providers (CSPs) for IT pros](/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers) | How IT pros and system administrators can take advantage of many settings available through CSPs to configure devices running Windows 10 or Windows 11 in their organizations |
 
 
 ## Learn more
diff --git a/windows/client-management/manage-device-installation-with-group-policy.md b/windows/client-management/manage-device-installation-with-group-policy.md
index 4c263fc3c8..25ce17d38a 100644
--- a/windows/client-management/manage-device-installation-with-group-policy.md
+++ b/windows/client-management/manage-device-installation-with-group-policy.md
@@ -17,17 +17,18 @@ ms.topic: article
 
 **Applies to**
 
-- Windows 10, Windows Server 2022
+- Windows 10
 - Windows 11
+- Windows Server 2022
 
 
 ## Summary
-By using Windows 10 and Windows 11 operating systems, administrators can determine what devices can be installed on computers they manage. This guide summarizes the device installation process and demonstrates several techniques for controlling device installation by using Group Policy.
+By using Windows operating systems, administrators can determine what devices can be installed on computers they manage. This guide summarizes the device installation process and demonstrates several techniques for controlling device installation by using Group Policy.
 
 ## Introduction
 
 ### General
-This step-by-step guide describes how you can control device installation on the computers that you manage, including designating which devices users can and cannot install. This guide applies to all Windows 10 (and Windows 11) versions starting with RS5 (1809). The guide includes the following scenarios:
+This step-by-step guide describes how you can control device installation on the computers that you manage, including designating which devices users can and cannot install. This guide applies to all Windows versions starting with RS5 (1809). The guide includes the following scenarios:
 
 - Prevent users from installing devices that are on a "prohibited" list. If a device is not on the list, then the user can install it.
 - Allow users to install only devices that are on an "approved" list. If a device is not on the list, then the user cannot install it.
@@ -45,7 +46,7 @@ It is important to understand that the Group Policies that are presented in this
 
 This guide is targeted at the following audiences:
 
-- Information technology planners and analysts who are evaluating Windows 10 (and Windows 11) and Windows Server 2022
+- Information technology planners and analysts who are evaluating Windows 10, Windows 11 or Windows Server 2022
 - Enterprise information technology planners and designers
 - Security architects who are responsible for implementing trustworthy computing in their organization
 - Administrators who want to become familiar with the technology
@@ -103,7 +104,7 @@ A device is a piece of hardware with which Windows interacts to perform some fun
 
 When Windows detects a device that has never been installed on the computer, the operating system queries the device to retrieve its list of device identification strings. A device usually has multiple device identification strings, which the device manufacturer assigns. The same device identification strings are included in the .inf file (also known as an _INF_) that is part of the driver package. Windows chooses which driver package to install by matching the device identification strings retrieved from the device to those included with the driver packages.
 
-Windows uses four types of identifiers to control device installation and configuration. You can use the Group Policy settings in Windows 10 (and Windows 11) to specify which of these identifiers to allow or block.
+Windows uses four types of identifiers to control device installation and configuration. You can use the Group Policy settings in Windows to specify which of these identifiers to allow or block.
 
 The four types of identifiers are:
 
@@ -224,7 +225,7 @@ Some of these policies take precedence over other policies. The flowchart shown
 
 To complete each of the scenarios, please ensure your have:
 
-- A client computer running Windows 10 (and Windows 11).
+- A client computer running Windows.
 
 - A USB thumb drive. The scenarios described in this guide use a USB thumb drive as the example device (also known as a “removable disk drive”, "memory drive," a "flash drive," or a "keyring drive"). Most USB thumb drives do not require any manufacturer-provided drivers, and these devices work with the inbox drivers provided with the Windows build.
 
diff --git a/windows/client-management/quick-assist.md b/windows/client-management/quick-assist.md
index 0449d63dde..ced09ebede 100644
--- a/windows/client-management/quick-assist.md
+++ b/windows/client-management/quick-assist.md
@@ -12,7 +12,7 @@ manager: laurawi
 
 # Use Quick Assist to help users
 
-Quick Assist is a Windows 10 and Windows 11 application that enables a person to share their device with another person over a remote connection. Your support staff can use it to remotely connect to a user’s device and then view its display, make annotations, or take full control. In this way, they can troubleshoot, diagnose technological issues, and provide instructions to users directly on their devices.
+Quick Assist is a Windows application that enables a person to share their device with another person over a remote connection. Your support staff can use it to remotely connect to a user’s device and then view its display, make annotations, or take full control. In this way, they can troubleshoot, diagnose technological issues, and provide instructions to users directly on their devices.
 
 ## Before you begin
 
diff --git a/windows/client-management/troubleshoot-tcpip-port-exhaust.md b/windows/client-management/troubleshoot-tcpip-port-exhaust.md
index 26ba85c430..3e8eeea8a1 100644
--- a/windows/client-management/troubleshoot-tcpip-port-exhaust.md
+++ b/windows/client-management/troubleshoot-tcpip-port-exhaust.md
@@ -196,4 +196,4 @@ goto loop
 
 - [Port Exhaustion and You!](/archive/blogs/askds/port-exhaustion-and-you-or-why-the-netstat-tool-is-your-friend) - this article gives a detail on netstat states and how you can use netstat output to determine the port status
 
-- [Detecting ephemeral port exhaustion](/archive/blogs/yongrhee/windows-server-2012-r2-ephemeral-ports-a-k-a-dynamic-ports-hotfixes): this article has a script which will run in a loop to report the port status. (Applicable for Windows 2012 R2, Windows 8, Windows 10 and Windows 11)
+- [Detecting ephemeral port exhaustion](/archive/blogs/yongrhee/windows-server-2012-r2-ephemeral-ports-a-k-a-dynamic-ports-hotfixes): this article has a script which will run in a loop to report the port status. (Applicable for Windows 2012 R2, Windows 8, Windows 10, and Windows 11)

From d70fd37e67aed91bc008ce627d19382c79460e95 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Fri, 17 Sep 2021 16:03:20 +0530
Subject: [PATCH 488/671] updated

---
 .../policy-configuration-service-provider.md  |   9 ++
 .../mdm/policy-csp-admx-iis.md                | 113 ++++++++++++++++++
 windows/client-management/mdm/toc.yml         |   2 +
 3 files changed, 124 insertions(+)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-iis.md

diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 4496c8609f..2cfb72007a 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -1528,6 +1528,15 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
+### ADMX_IIS policies
+<dl>
+  <dd>
+    <a href="./policy-csp-admx-iis.md#admx-iis-preventiisinstall
+" id="admx-iis-preventiisinstall
+">ADMX_IIS/PreventIISInstall</a>
+  </dd>
+<dl>
+
 ### ADMX_kdc policies
 <dl>
   <dd>
diff --git a/windows/client-management/mdm/policy-csp-admx-iis.md b/windows/client-management/mdm/policy-csp-admx-iis.md
new file mode 100644
index 0000000000..7516b56b97
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-iis.md
@@ -0,0 +1,113 @@
+---
+title: Policy CSP - ADMX_IIS
+description: Policy CSP - ADMX_IIS
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/17/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_IIS
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_IIS policies  
+
+<dl>
+  <dd>
+    <a href="#admx-iis-preventiisinstall">ADMX_IIS/PreventIISInstall</a>
+  </dd>
+</dl>
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-iis-preventiisinstall"></a>**ADMX_IIS/PreventIISInstall**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Machine
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting prevents installation of Internet Information Services (IIS) on this computer. 
+
+- If you enable this policy setting, Internet Information Services (IIS) cannot be installed, and you will not be able to install Windows components or applications that require IIS. Users installing Windows components or applications that require IIS might not receive a warning that IIS cannot be installed because of this Group Policy setting. 
+
+Enabling this setting will not have any effect on IIS if IIS is already installed on the computer. 
+
+- If you disable or do not configure this policy setting, IIS can be installed, as well as all the programs and applications that require IIS to run."
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP Friendly name: *Prevent IIS installation*
+-   GP name: *PreventIISInstall*
+-   GP path: *Windows Components\Internet Information Services*
+-   GP ADMX file name: *IIS.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+> [!NOTE]
+> These policies are currently only available as part of a Windows Insider release.
+<!--/Policies-->
+
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index dc49d0d690..eb0e3b7e08 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -497,6 +497,8 @@ items:
               href: policy-csp-admx-helpandsupport.md
             - name: ADMX_ICM
               href: policy-csp-admx-icm.md
+            - name: ADMX_IIS
+              href: policy-csp-admx-iis.md 
             - name: ADMX_kdc
               href: policy-csp-admx-kdc.md
             - name: ADMX_Kerberos

From 97f0f2cbc2c4c6d4b83bf7e0568ac69b636c2a86 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Fri, 17 Sep 2021 16:13:34 +0530
Subject: [PATCH 489/671] Update policies-in-policy-csp-admx-backed.md

---
 .../mdm/policies-in-policy-csp-admx-backed.md                  | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 0c20f673c6..912040f409 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -293,7 +293,7 @@ ms.date: 10/08/2020
 - [ADMX_FolderRedirection/PrimaryComputer_FR_2](./policy-csp-admx-folderredirection.md#admx-folderredirection-primarycomputer-fr-2)
 - [ADMX_FramePanes/NoReadingPane](./policy-csp-admx-framepanes.md#admx-framepanes-noreadingpane)
 - [ADMX_FramePanes/NoPreviewPane](./policy-csp-admx-framepanes.md#admx-framepanes-nopreviewpane)
-- [ADMX_FTHSVC/WdiScenarioExecutionPolicy](./policy-csp-admx-fthsvc-wdiscenarioexecutionpolicy.md#admx-fthsvc-wdiscenarioexecutionpolicy)
+- [ADMX_FTHSVC/WdiScenarioExecutionPolicy](./policy-csp-admx-fthsvc.md#admx-fthsvc-wdiscenarioexecutionpolicy)
 - [ADMX_Globalization/BlockUserInputMethodsForSignIn](./policy-csp-admx-globalization.md#admx-globalization-blockuserinputmethodsforsignin)
 - [ADMX_Globalization/CustomLocalesNoSelect_1](./policy-csp-admx-globalization.md#admx-globalization-customlocalesnoselect-1)
 - [ADMX_Globalization/CustomLocalesNoSelect_2](./policy-csp-admx-globalization.md#admx-globalization-customlocalesnoselect-2)
@@ -395,6 +395,7 @@ ms.date: 10/08/2020
 - [ADMX_ICM/ShellRemovePublishToWeb_2](./policy-csp-admx-icm.md#admx-icm-shellremovepublishtoweb-2)
 - [ADMX_ICM/WinMSG_NoInstrumentation_1](./policy-csp-admx-icm.md#admx-icm-winmsg_noinstrumentation-1)
 - [ADMX_ICM/WinMSG_NoInstrumentation_2](./policy-csp-admx-icm.md#admx-icm-winmsg_noinstrumentation-2)
+- [ADMX_IIS/PreventIISInstall](./policy-csp-admx-iis.md#admx-iis-preventiisinstall)
 - [ADMX_kdc/CbacAndArmor](./policy-csp-admx-kdc.md#admx-kdc-cbacandarmor)
 - [ADMX_kdc/ForestSearch](./policy-csp-admx-kdc.md#admx-kdc-forestsearch)
 - [ADMX_kdc/PKINITFreshness](./policy-csp-admx-kdc.md#admx-kdc-pkinitfreshness)

From b7c667953575042501de18ba86e0c22a6246c1a6 Mon Sep 17 00:00:00 2001
From: Alekhya Jupudi <v-aljupudi@microsoft.com>
Date: Fri, 17 Sep 2021 16:15:59 +0530
Subject: [PATCH 490/671] Link fix

---
 .../mdm/policy-csp-localpoliciessecurityoptions.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
index d88347f9e1..798ae71573 100644
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@@ -1420,7 +1420,7 @@ Default: Disabled.
 >- Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing. 
 >- Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled. 
 >
->SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](https://github.com/MicrosoftDocs/SupportArticles-docs/blob/d3eb07e4942ef66cbb98d8e2a0df5cfb598230a7/support/windows-server/networking/reduced-performance-after-smb-encryption-signing.md) .
+>SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](/troubleshoot/windows-server/networking/reduced-performance-after-smb-encryption-signing).
 
 <!--/Description-->
 <!--RegistryMapped-->

From 6cba995ed1bda001c06e601136dd13bb81120a94 Mon Sep 17 00:00:00 2001
From: Alekhya Jupudi <v-aljupudi@microsoft.com>
Date: Fri, 17 Sep 2021 16:21:33 +0530
Subject: [PATCH 491/671] link fixes-part-2

---
 .../mdm/policy-csp-localpoliciessecurityoptions.md          | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
index 798ae71573..1c0cdcacb8 100644
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@@ -1502,7 +1502,7 @@ Default: Enabled.
 >If both client-side and server-side SMB signing is enabled and the client establishes an SMB 1.0 connection to the server, SMB signing will be attempted.
 >
 >SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections.
-For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](https://github.com/MicrosoftDocs/SupportArticles-docs/blob/d3eb07e4942ef66cbb98d8e2a0df5cfb598230a7/support/windows-server/networking/reduced-performance-after-smb-encryption-signing.md).
+For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](/troubleshoot/windows-server/networking/reduced-performance-after-smb-encryption-signing).
 
 <!--/Description-->
 <!--RegistryMapped-->
@@ -1737,7 +1737,7 @@ Default: Disabled for member servers. Enabled for domain controllers.
 >
 >Similarly, if client-side SMB signing is required, that client will not be able to establish a session with servers that do not have packet signing enabled. By default, server-side SMB signing is enabled only on domain controllers.
 >If server-side SMB signing is enabled, SMB packet signing will be negotiated with clients that have client-side SMB signing enabled.
->SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](https://github.com/MicrosoftDocs/SupportArticles-docs/blob/d3eb07e4942ef66cbb98d8e2a0df5cfb598230a7/support/windows-server/networking/reduced-performance-after-smb-encryption-signing.md).
+>SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](/troubleshoot/windows-server/networking/reduced-performance-after-smb-encryption-signing).
 
 <!--/Description-->
 <!--RegistryMapped-->
@@ -1819,7 +1819,7 @@ Default: Enabled on domain controllers only.
 >If both client-side and server-side SMB signing is enabled and the client establishes an SMB 1.0 connection to the server, SMB signing will be attempted.
 >
 >SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections.
-For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](https://github.com/MicrosoftDocs/SupportArticles-docs/blob/d3eb07e4942ef66cbb98d8e2a0df5cfb598230a7/support/windows-server/networking/reduced-performance-after-smb-encryption-signing.md).
+For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](/troubleshoot/windows-server/networking/reduced-performance-after-smb-encryption-signing).
 
 <!--/Description-->
 <!--RegistryMapped-->

From 50f98bd356fe7d2dad772b158484b519c57cbf83 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Fri, 17 Sep 2021 07:53:56 -0700
Subject: [PATCH 492/671] Delete mdm-windows.md

---
 windows/security/mdm-windows.md | 70 ---------------------------------
 1 file changed, 70 deletions(-)
 delete mode 100644 windows/security/mdm-windows.md

diff --git a/windows/security/mdm-windows.md b/windows/security/mdm-windows.md
deleted file mode 100644
index db735842c5..0000000000
--- a/windows/security/mdm-windows.md
+++ /dev/null
@@ -1,70 +0,0 @@
----
-title: Modern device management and Windows 11
-description: Get an overview of modern device management with Microsoft Endpoint Manager and Windows 11
-search.appverid: MET150 
-author: denisebmsft
-ms.author: deniseb
-manager: dansimp 
-audience: ITPro
-ms.topic: conceptual
-ms.date: 09/14/2021
-ms.prod: w11
-ms.localizationpriority: medium
-ms.collection: 
-ms.custom: 
-ms.reviewer: 
-f1.keywords: NOCSH 
----
-
-# Modern device management and Windows 11
-
-*This article provides an overview of modern device management and Windows 11.*
-
-Windows 11 supports modern device management, an enterprise management solution to help you manage your organization's security policies and business applications. Modern device management enables your security team to manage devices without compromising people's privacy on their personal devices.
-
-Windows 11 includes a management component that includes:
-
-- The enrollment client, which enrolls and configures the endpoint to communicate with the enterprise management server; and
-- The management client, which periodically synchronizes with the management server to check for updates and apply your security team's latest policies.
-
-Read this article to learn more about how Windows 11 works with modern device management.
-
-## Modern device management features and capabilities
-
-Modern device management includes several security features & capabilities, as described in the following table:<br/><br/>
-
-| Feature/capability | Description |
-|:---|:---|
-| Remote wipe | When a device is lost or stolen, IT admins can attempt to wipe it remotely and make the data stored in memory and hard disks difficult to recover. Help desk agents can also reset devices to fix issues that are encountered by remote workers.<br/><br/>Windows 10 and Windows 11 supports the remote wipe configuration service provider (CSP) so that modern device management solutions can remotely initiate any of the following operations: <br/>- Reset the device and remove user accounts and data <br/>- Reset the device and clean the drive <br/>- Reset the device but persist user accounts and data |
-| Support for your work or school account | Adding a work or school account enables people to connect their devices to your work environment. Devices can be joined to an Active Directory domain, an Azure Active Directory (Azure AD) domain, or by quickly provisioning corporate-owned devices so they meet your security and policy guidelines. <br/><br/>When a device is joined to Azure AD and managed with modern device management, you get the following security benefits: <br/>- Fully managed user/device settings and policies by default<br/>- Single Sign On to all Microsoft online services<br/>- Password management capabilities (Windows Hello for Business)<br/>- Authentication using tokens<br/>- No use of consumer Microsoft Account identities | 
-| Config Lock | Security teams and IT admins typically enforce policies on corporate devices to keep those devices in a compliant state, and protect the operating system from changes made by users.<br/><br/>When users who have local admin rights attempt to work around security policies, they run the risk of leaving the device in a non-compliant state called *config drift*. Config drift can introduce security risks until the next time the device syncs with modern device management and the configuration is reset. In a worst-case scenario, correcting config drift could take up to eight hours. Many organizations consider config drift a security risk. <br/><br/> Windows 11 with Config Lock enables IT admins to remediate config drift and keep the operating system configuration to its proper state. The operating system monitors registry keys, and when a drift is detected, the operating system reverts back to the IT-configured state within seconds. <br/><br/>Config Lock works with Application Control, Application Guard, and BitLocker. |
-| Remote device attestation | Attestation relies on the Trusted Platform Module (TPM) and measured boot capabilities to enhance the security provided by trusted boot. IT administrators can use available boot information to protect against boot-level attacks and misconfigurations. The Microsoft Azure Attestation service securely reports on device boot health, firmware security, and other low-level security features used for device compliance. Microsoft Azure Attestation is designed to be policy-configured, giving control of your enterprise's device health to the administrator, allowing them to deal with low-level threats with confidence. Windows 11 comes with modern device management integration with Microsoft Azure Attestation, allowing modern device management providers to use the attestation capabilities to trust and enhance device security. <br/><br/>Learn more about [Microsoft Azure Attestation](/azure/attestation). |
-| (other stuff coming soon) | Device Installation, DMA Guard, Endpoint Detection and Response, the Microsoft Defender Security Center, Smartscreen, System Guard, and Windows Hello for Business |
-
-## Security baselines
-
-Windows 11 can be configured with the [Microsoft modern device management security baseline](/mem/intune/protect/security-baseline-settings-modern device management-all?pivots=mdm-december-2020) backed by ADMX policies, which functions like the Microsoft Group Policy security baseline. Security baselines enable security teams and IT admins to easily integrate this baseline into any modern device management, addressing security concerns and compliance needs for modern cloud-managed devices.
-
-The modern device management security baseline includes policies that cover the following areas:
-
-- Microsoft inbox security technology
-    - BitLocker
-    - Windows Defender SmartScreen
-- Virtual-based security
-    - Exploit protection
-    - Microsoft Defender Antivirus
-    - Windows Defender Firewall
-- Restricting remote access to devices
-- Setting credential requirements for passwords and PINs
-- Restricting the use of legacy technology
-- Legacy technology policies that offer alternative solutions with modern technology
-
-## Support for non-Microsoft modern device management servers
-
-Non-Microsoft modern device management servers can be used to manage Windows 11 by using industry standard protocols. The built-in management client can communicate with a third-party server proxy that supports the modern device management protocols to perform enterprise management tasks. The third-party server will have the same consistent first-party user experience for enrollment, which also provides simplicity for Windows 11 users. Modern device management servers do not need to create or download a client to manage Windows 11. 
-
-For details about the modern device management protocols, the following resources:
-
-- [MS-MDM: Mobile Device Management Protocol](/openspecs/windows_protocols/ms-mdm/33769a92-ac31-47ef-ae7b-dc8501f7104f) 
-- [MS-MDE2: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692)
-

From e1652f67eb24ce6dde631cceae1ce51a2bc03e35 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Fri, 17 Sep 2021 07:56:39 -0700
Subject: [PATCH 493/671] MDM

---
 windows/security/TOC.yml   | 4 ++--
 windows/security/index.yml | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index edabc8b73e..cc5c7302ed 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -446,8 +446,8 @@
   items:
    - name: Overview
      href: cloud.md
-   - name: Modern device management with Windows 11
-     href: mdm-windows.md
+   - name: Mobile device management
+     href: client-management/mdm.md
    - name: Windows 365 Cloud PCs
      href: /windows-365/overview
    - name: Azure Virtual Desktop
diff --git a/windows/security/index.yml b/windows/security/index.yml
index 5a22246777..0807b2123a 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -11,7 +11,7 @@ metadata:
   ms.collection: m365-security-compliance
   author: dansimp #Required; your GitHub user alias, with correct capitalization.
   ms.author: dansimp #Required; microsoft alias of author; optional team alias.
-  ms.date: 09/16/2021
+  ms.date: 09/17/2021
   localization_priority: Priority
     
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
@@ -104,8 +104,8 @@ landingContent:
           url: cloud.md
       - linkListType: concept
         links:
-        - text: Modern device management
-          url: mdm-windows.md
+        - text: Mobile device management
+          url: client-management/mdm.md
         - text: Azure Active Directory
           url: https://www.microsoft.com/security/business/identity-access-management/azure-active-directory
         - text: Your Microsoft Account

From 65611f9f9c383ba1f1e3a708f9826b82225f4622 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Fri, 17 Sep 2021 08:31:32 -0700
Subject: [PATCH 494/671] Update cloud.md

---
 windows/security/cloud.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index 78bd1111d0..81019491b7 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -7,7 +7,7 @@ ms.author: deniseb
 manager: dansimp 
 audience: ITPro
 ms.topic: conceptual
-ms.date: 09/10/2021
+ms.date: 09/17/2021
 ms.localizationpriority: medium
 ms.custom: 
 f1.keywords: NOCSH 
@@ -28,7 +28,7 @@ Windows 11 includes the cloud services that are listed in the following table:<b
 
 | Service type | Description |
 |:---|:---|
-| Modern device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>To learn more, see [MDM and Windows 11](mdm-windows.md). |
+| Mobile device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>To learn more, see [MDM and Windows](../client-management/mdm/index.md). |
 | Microsoft account | When users add their Microsoft account to Windows 11, they can bring their Windows, Microsoft Edge, Xbox settings, web page favorites, files, photos, and more across their devices. <br/><br/>The Microsoft account enables people to manage everything in one place. They can keep tabs on their subscriptions and order history, organize their family's digital life, update their privacy and security settings, track the health and safety of their devices, and even get rewards. <br/><br/>To learn more, see [Microsoft Accounts](identity-protection/access-control/microsoft-accounts.md).|
 | OneDrive | OneDrive is your online storage for your files, photos, and data. OneDrive provides extra security, backup, and restore options for important files and photos. With options for both personal and business, people can use OneDrive to store and protect files in the cloud, allowing users to them on their laptops, desktops, and mobile devices. If a device is lost or stolen, people can quickly recover all their important files, photos, and data. <br/><br/>The OneDrive Personal Vault also provides protection for your most sensitive files without losing the convenience of anywhere access. Files are secured by identity verification, yet easily accessible to users across their devices. [Learn how to set up your Personal Vault](https://support.microsoft.com/office/protect-your-onedrive-files-in-personal-vault-6540ef37-e9bf-4121-a773-56f98dce78c4). <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. [Learn more about how to recover from a ransomware attack using Office 365](/microsoft-365/security/office-365-security/recover-from-ransomware). |
 | Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/><br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere.<br/><br/>To learn more, see [What is Azure AD?](/azure/active-directory/fundamentals/active-directory-whatis) |

From 032a63cb9b4c7da1e246b2cd00c29490b7443b3a Mon Sep 17 00:00:00 2001
From: jaimeo <jaimeo@microsoft.com>
Date: Fri, 17 Sep 2021 09:09:20 -0700
Subject: [PATCH 495/671] more reference changes

---
 .../update/prepare-deploy-windows.md          | 11 ++++--
 windows/deployment/update/update-baseline.md  |  3 ++
 windows/deployment/update/update-policies.md  | 10 ++++-
 ...aas-deployment-rings-windows-10-updates.md | 33 ++++++-----------
 .../update/waas-manage-updates-wsus.md        | 36 +++++-------------
 .../waas-optimize-windows-10-updates.md       | 37 +++++++------------
 ...s-servicing-strategy-windows-10-updates.md | 31 +++++-----------
 7 files changed, 65 insertions(+), 96 deletions(-)

diff --git a/windows/deployment/update/prepare-deploy-windows.md b/windows/deployment/update/prepare-deploy-windows.md
index 4da49340aa..3ea447d2c4 100644
--- a/windows/deployment/update/prepare-deploy-windows.md
+++ b/windows/deployment/update/prepare-deploy-windows.md
@@ -15,7 +15,12 @@ ms.collection: m365initiative-coredeploy
 
 # Prepare to deploy Windows
 
-Having worked through the activities in the planning phase, you should be in a good position to prepare your environment and process to deploy Windows 10. The planning phase will have left you with these useful items:
+**Applies to**
+
+-   Windows 10
+-   Windows 11
+
+Having worked through the activities in the planning phase, you should be in a good position to prepare your environment and process to deploy Windows client. The planning phase will have left you with these useful items:
 
 - A clear understanding of necessary personnel and their roles and criteria for [rating app readiness](plan-define-readiness.md)
 - A plan for [testing and validating](plan-determine-app-readiness.md) apps
@@ -114,7 +119,7 @@ Ensure that devices can reach necessary Windows Update endpoints through the fir
 > [!NOTE]
 > Be sure not to use HTTPS for those endpoints that specify HTTP, and vice versa. The connection will fail.
 
-The specific endpoints can vary between Windows 10 versions. See, for example, [Windows 10 2004 Enterprise connection endpoints](/windows/privacy/manage-windows-2004-endpoints). Similar articles for other Windows 10 versions are available in the table of contents nearby.
+The specific endpoints can vary between Windows versions. See, for example, [Windows 10 2004 Enterprise connection endpoints](/windows/privacy/manage-windows-2004-endpoints). Similar articles for other Windows client versions are available in the table of contents nearby.
 
 
 ### Optimize download bandwidth
@@ -124,7 +129,7 @@ Set up [Delivery Optimization](waas-delivery-optimization.md) for peer network s
 
 In the course of surveying your device population, either with Desktop Analytics or by some other means, you might find devices that have systemic problems that could interfere with update installation. Now is the time to fix those problems.
 
-- **Low disk space:** Quality updates require a minimum of 2 GB to successfully install. Feature updates require between 8 GB and 15 GB depending upon the configuration. On Windows 10, version 1903 and later you can proactively use the "reserved storage" feature (for wipe and loads, rebuilds, and new builds) to avoid running out of disk space. If you find a group of devices that don't have enough disk space, you can often resolve the problem by cleaning up log files and asking users to clean up data if necessary. A good place to start is to delete the following files:
+- **Low disk space:** Quality updates require a minimum of 2 GB to successfully install. Feature updates require between 8 GB and 15 GB depending upon the configuration. On Windows 10, version 1903 and later (and Windows 11) you can proactively use the "reserved storage" feature (for wipe and loads, rebuilds, and new builds) to avoid running out of disk space. If you find a group of devices that don't have enough disk space, you can often resolve the problem by cleaning up log files and asking users to clean up data if necessary. A good place to start is to delete the following files:
 
   - C:\Windows\temp
   - C:\Windows\cbstemp (though this file might be necessary to investigate update failures)
diff --git a/windows/deployment/update/update-baseline.md b/windows/deployment/update/update-baseline.md
index 2e4ab4fd64..ed9feda6cd 100644
--- a/windows/deployment/update/update-baseline.md
+++ b/windows/deployment/update/update-baseline.md
@@ -15,6 +15,9 @@ ms.topic: article
 
 **Applies to:** Windows 10
 
+> [!NOTE]
+> Update Baseline is not currently available for Windows 11.
+
 With the large number of different policies offered for Windows 10, Update Baseline provides a clear list of recommended Windows Update policy settings for IT administrators who want the best user experience while also meeting their monthly update compliance goals. See [Policies included in the Update Baseline](#policies-included-in-the-update-baseline) for the full list of policy configurations. 
 
 ## Why is Update Baseline needed? 
diff --git a/windows/deployment/update/update-policies.md b/windows/deployment/update/update-policies.md
index a9b3b9cd95..0fd8905103 100644
--- a/windows/deployment/update/update-policies.md
+++ b/windows/deployment/update/update-policies.md
@@ -15,6 +15,12 @@ ms.collection: M365-modern-desktop
 ---
 
 # Policies for update compliance, activity, and end-user experience
+
+**Applies to**
+
+-   Windows 10
+-   Windows 11
+- 
 Keeping devices up to date is the best way to keep them working smoothly and securely. 
 
 ## Deadlines for update compliance
@@ -25,7 +31,7 @@ deadline approaches, and then prioritize velocity as the deadline nears, while s
 ### Deadlines
 
 Beginning with Windows 10, version 1903 and with the August 2019 security update for Windows 10, version 1709
-and late, a new policy was introduced to replace older deadline-like policies: **Specify deadlines for automatic updates and restarts**.
+and later (including Windows 11), a new policy was introduced to replace older deadline-like policies: **Specify deadlines for automatic updates and restarts**.
 
 The older policies started enforcing deadlines once the device reached a “restart pending” state for
 an update. The new policy starts the countdown for the update installation deadline from when the
@@ -172,7 +178,7 @@ The default timeout on devices that support traditional sleep is set to three ho
 
 ## Old or conflicting policies
 
-Each release of Windows 10 can introduce new policies to make the experience better for both administrators and their organizations. When we release a new client policy, we either release it purely for that release and later or we backport the policy to make it available on earlier versions. 
+Each release of Windows client can introduce new policies to make the experience better for both administrators and their organizations. When we release a new client policy, we either release it purely for that release and later or we backport the policy to make it available on earlier versions. 
 
 > [!IMPORTANT]
 > If you are using Group Policy, note that we don't update the old ADMX templates and you must use the newer (1903) ADMX template in order to use the newer policy. Also, if you are
diff --git a/windows/deployment/update/waas-deployment-rings-windows-10-updates.md b/windows/deployment/update/waas-deployment-rings-windows-10-updates.md
index 52a1ec6f2c..177e2b07ca 100644
--- a/windows/deployment/update/waas-deployment-rings-windows-10-updates.md
+++ b/windows/deployment/update/waas-deployment-rings-windows-10-updates.md
@@ -1,6 +1,6 @@
 ---
-title: Build deployment rings for Windows 10 updates (Windows 10)
-description: Deployment rings in Windows 10 are similar to the deployment groups most organizations constructed for previous major revision upgrades.
+title: Build deployment rings for Windows client updates
+description: Deployment rings in Windows client are similar to the deployment groups most organizations constructed for previous major revision upgrades.
 ms.prod: w10
 ms.mktglfcycl: manage
 author: jaimeo
@@ -14,10 +14,11 @@ ms.topic: article
 
 # Build deployment rings for Windows 10 updates
 
-
 **Applies to**
 
-- Windows 10
+-   Windows 10
+-   Windows 11
+
 
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
 
@@ -26,7 +27,7 @@ ms.topic: article
 
 For Windows as a service, maintenance is ongoing and iterative. Deploying previous versions of Windows required organizations to build sets of users to roll out the changes in phases. Typically, these users ranged (in order) from the most adaptable and least risky to the least adaptable or riskiest. With Windows 10, a similar methodology exists, but construction of the groups is a little different. 
 
-Deployment rings in Windows 10 are similar to the deployment groups most organizations constructed for previous major revision upgrades. They are simply a method by which to separate machines into a deployment timeline. With Windows 10, you construct deployment rings a bit differently in each servicing tool, but the concepts remain the same. Each deployment ring should reduce the risk of issues derived from the deployment of the feature updates by gradually deploying the update to entire departments. As previously mentioned, consider including a portion of each department’s employees in several deployment rings. 
+Deployment rings in Windows client are similar to the deployment groups most organizations constructed for previous major revision upgrades. They are simply a method by which to separate machines into a deployment timeline. With Windows client, you construct deployment rings a bit differently in each servicing tool, but the concepts remain the same. Each deployment ring should reduce the risk of issues derived from the deployment of the feature updates by gradually deploying the update to entire departments. As previously mentioned, consider including a portion of each department’s employees in several deployment rings. 
 
 Defining deployment rings is generally a one-time event (or at least infrequent), but IT should revisit these groups to ensure that the sequencing is still correct. Also, there are times in which client computers could move between different deployment rings when necessary.
 
@@ -47,25 +48,15 @@ Table 1 provides an example of the deployment rings you might use.
 As Table 1 shows, each combination of servicing channel and deployment group is tied to a specific deployment ring. As you can see, the associated groups of devices are combined with a servicing channel to specify which deployment ring those devices and their users fall into. The naming convention used to identify the rings is completely customizable as long as the name clearly identifies the sequence. Deployment rings represent a sequential deployment timeline, regardless of the servicing channel they contain. Deployment rings will likely rarely change for an organization, but they should be periodically assessed to ensure that the deployment cadence still makes sense. 
 
 
-## Steps to manage updates for Windows 10
+## Steps to manage updates for Windows client
 
 |&nbsp; |&nbsp; |
 | --- | --- |
 | ![done.](images/checklistdone.png) | [Learn about updates and servicing channels](waas-overview.md) |
-| ![done.](images/checklistdone.png) | [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md) |
-| ![done.](images/checklistdone.png) | Build deployment rings for Windows 10 updates (this topic) |
-| ![to do.](images/checklistbox.gif) | [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md) |
-| ![to do.](images/checklistbox.gif) | [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) |
-| ![to do.](images/checklistbox.gif) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)</br>or [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)</br>or [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) |
+| ![done.](images/checklistdone.png) | [Prepare servicing strategy for Windows client updates](waas-servicing-strategy-windows-10-updates.md) |
+| ![done.](images/checklistdone.png) | Build deployment rings for Windows client updates (this topic) |
+| ![to do.](images/checklistbox.gif) | [Assign devices to servicing channels for Windows client updates](waas-servicing-channels-windows-10-updates.md) |
+| ![to do.](images/checklistbox.gif) | [Optimize update delivery for Windows client updates](waas-optimize-windows-10-updates.md) |
+| ![to do.](images/checklistbox.gif) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)</br>or [Deploy Windows client updates using Windows Server Update Services](waas-manage-updates-wsus.md)</br>or [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) |
 
-## Related topics
 
-- [Update Windows 10 in the enterprise](index.md) 
-- [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md)
-- [Configure BranchCache for Windows 10 updates](waas-branchcache.md)
-- [Configure Windows Update for Business](waas-configure-wufb.md)
-- [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md)
-- [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md)
-- [Manage software updates in Intune](/intune/windows-update-for-business-configure)
-- [Walkthrough: use Intune to configure Windows Update for Business](/intune/windows-update-for-business-configure)
-- [Manage device restarts after updates](waas-restart.md)
diff --git a/windows/deployment/update/waas-manage-updates-wsus.md b/windows/deployment/update/waas-manage-updates-wsus.md
index d6f97a6fae..bc2accd828 100644
--- a/windows/deployment/update/waas-manage-updates-wsus.md
+++ b/windows/deployment/update/waas-manage-updates-wsus.md
@@ -1,5 +1,5 @@
 ---
-title: Deploy Windows 10 updates using Windows Server Update Services (Windows 10)
+title: Deploy Windows client updates using Windows Server Update Services
 description: WSUS allows companies to defer, selectively approve, choose when delivered, and determine which devices receive updates.
 ms.prod: w10
 ms.mktglfcycl: manage
@@ -11,12 +11,13 @@ manager: laurawi
 ms.topic: article
 ---
 
-# Deploy Windows 10 updates using Windows Server Update Services (WSUS)
+# Deploy Windows client updates using Windows Server Update Services (WSUS)
 
 
 **Applies to**
 
-- Windows 10
+-   Windows 10
+-   Windows 11
 
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
 
@@ -329,33 +330,16 @@ Now that you have the **All Windows 10 Upgrades** view, complete the following s
 
 </br>
 
-## Steps to manage updates for Windows 10
+## Steps to manage updates for Windows client
 
 |&nbsp; |&nbsp; |
 | --- | --- |
 | ![done.](images/checklistdone.png) | [Learn about updates and servicing channels](waas-overview.md) |
-| ![done.](images/checklistdone.png) | [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md) |
-| ![done.](images/checklistdone.png) | [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) |
-| ![done.](images/checklistdone.png) | [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md) |
-| ![done.](images/checklistdone.png) | [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) |
-| ![done.](images/checklistdone.png) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)</br>or Deploy Windows 10 updates using Windows Server Update Services (this topic)</br>or [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) |
+| ![done.](images/checklistdone.png) | [Prepare servicing strategy for Windows client updates](waas-servicing-strategy-windows-10-updates.md) |
+| ![done.](images/checklistdone.png) | [Build deployment rings for Windows client updates](waas-deployment-rings-windows-10-updates.md) |
+| ![done.](images/checklistdone.png) | [Assign devices to servicing channels for Windows client updates](waas-servicing-channels-windows-10-updates.md) |
+| ![done.](images/checklistdone.png) | [Optimize update delivery for Windows client updates](waas-optimize-windows-10-updates.md) |
+| ![done.](images/checklistdone.png) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)</br>or Deploy Windows client updates using Windows Server Update Services (this topic)</br>or [Deploy Windows client updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) |
 
 
 
-## Related topics
-
-- [Update Windows 10 in the enterprise](index.md)
-- [Overview of Windows as a service](waas-overview.md)
-- [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md)
-- [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md)
-- [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md)
-- [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md)
-- [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md)
-- [Configure BranchCache for Windows 10 updates](waas-branchcache.md) 
-- [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)
-- [Configure Windows Update for Business](waas-configure-wufb.md)
-- [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md)
-- [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md)
-- [Walkthrough: use Intune to configure Windows Update for Business](/intune/windows-update-for-business-configure)
-- [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service)
-- [Manage device restarts after updates](waas-restart.md)
diff --git a/windows/deployment/update/waas-optimize-windows-10-updates.md b/windows/deployment/update/waas-optimize-windows-10-updates.md
index 672e2ff5a9..32f43cc742 100644
--- a/windows/deployment/update/waas-optimize-windows-10-updates.md
+++ b/windows/deployment/update/waas-optimize-windows-10-updates.md
@@ -1,5 +1,5 @@
 ---
-title: Optimize update delivery for Windows 10 updates (Windows 10)
+title: Optimize update delivery for Windows client updates
 description: Two methods of peer-to-peer content distribution are available in Windows 10, Delivery Optimization and BranchCache.
 ms.prod: w10
 ms.mktglfcycl: manage
@@ -11,24 +11,25 @@ manager: laurawi
 ms.topic: article
 ---
 
-# Optimize Windows 10 update delivery
+# Optimize Windows client update delivery
 
 
 **Applies to**
 
-- Windows 10
+-   Windows 10
+-   Windows 11
 
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
 
-When considering your content distribution strategy for Windows 10, think about enabling a form of peer-to-peer content sharing to reduce bandwidth issues during updates. Windows 10 offers two peer-to-peer options for update content distribution: Delivery Optimization and BranchCache. These technologies can be used with several of the servicing tools for Windows 10.
+When considering your content distribution strategy for Windows 10, think about enabling a form of peer-to-peer content sharing to reduce bandwidth issues during updates. Windows client offers two peer-to-peer options for update content distribution: Delivery Optimization and BranchCache. These technologies can be used with several of the servicing tools for Windows client.
 
-Two methods of peer-to-peer content distribution are available in Windows 10.
+Two methods of peer-to-peer content distribution are available.
 
-- [Delivery Optimization](waas-delivery-optimization.md) is a new peer-to-peer distribution method in Windows 10. Windows 10 clients can source content from other devices on their local network that have already downloaded the updates or from peers over the internet. Using the settings available for Delivery Optimization, clients can be configured into groups, allowing organizations to identify devices that are possibly the best candidates to fulfill peer-to-peer requests.
+- [Delivery Optimization](waas-delivery-optimization.md) is a peer-to-peer distribution method in Windows. Windows clients can source content from other devices on their local network that have already downloaded the updates or from peers over the internet. Using the settings available for Delivery Optimization, clients can be configured into groups, allowing organizations to identify devices that are possibly the best candidates to fulfill peer-to-peer requests.
 
     Windows Update, Windows Update for Business, and Windows Server Update Services (WSUS) can use Delivery Optimization. Delivery Optimization can significantly reduce the amount of network traffic to external Windows Update sources as well as the time it takes for clients to retrieve the updates.
 
-- [BranchCache](waas-branchcache.md) is a bandwidth optimization technology that is included in some editions of Windows Server 2016 and Windows 10 operating systems, as well as in some editions of Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows 8, Windows Server 2008 R2, and Windows 7.
+- [BranchCache](waas-branchcache.md) is a bandwidth optimization technology that is included in some editions of Windows Server 2016 and Windows operating systems, as well as in some editions of Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows 8, Windows Server 2008 R2, and Windows 7.
 
     >[!NOTE]
     >Full BranchCache functionality is supported in Windows 10 Enterprise and Education; Windows 10 Pro supports some BranchCache functionality, including BITS transfers used for servicing operations.
@@ -49,7 +50,7 @@ Two methods of peer-to-peer content distribution are available in Windows 10.
 
 ## Express update delivery
 
-Windows 10 quality update downloads can be large because every package contains all previously released fixes to ensure consistency and simplicity. Windows has been able to reduce the size of Windows Update downloads with a feature called Express.
+Windows client quality update downloads can be large because every package contains all previously released fixes to ensure consistency and simplicity. Windows has been able to reduce the size of Windows Update downloads with a feature called Express.
 
 > [!NOTE]
 > Express update delivery applies to quality update downloads. Starting with Windows 10, version 1709, Express update delivery also applies to feature update downloads for clients connected to Windows Update and Windows Update for Business.
@@ -84,25 +85,15 @@ At this point, the download is complete and the update is ready to be installed.
 > [!TIP]
 > Express will **always** be leveraged if your machines are updated regularly with the latest cumulative updates.
 
-## Steps to manage updates for Windows 10
+## Steps to manage updates for Windows client
 
 |&nbsp; |&nbsp; |
 | --- | --- |
 | ![done.](images/checklistdone.png) | [Learn about updates and servicing channels](waas-overview.md) |
-| ![done.](images/checklistdone.png) | [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md) |
-| ![done.](images/checklistdone.png) | [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) |
-| ![done.](images/checklistdone.png) | [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md) |
+| ![done.](images/checklistdone.png) | [Prepare servicing strategy for Windows client updates](waas-servicing-strategy-windows-10-updates.md) |
+| ![done.](images/checklistdone.png) | [Build deployment rings for Windows client updates](waas-deployment-rings-windows-10-updates.md) |
+| ![done.](images/checklistdone.png) | [Assign devices to servicing channels for Windows client updates](waas-servicing-channels-windows-10-updates.md) |
 | ![done.](images/checklistdone.png) | Optimize update delivery for Windows 10 updates (this topic) |
-| ![to do.](images/checklistbox.gif) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)<br/>or [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)<br/>or [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) |
+| ![to do.](images/checklistbox.gif) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)<br/>or [Deploy Windows client updates using Windows Server Update Services](waas-manage-updates-wsus.md)<br/>or [Deploy Windows client updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) |
 
 
-## Related topics
-
-- [Update Windows 10 in the enterprise](index.md) 
-- [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md)
-- [Configure BranchCache for Windows 10 updates](waas-branchcache.md)
-- [Configure Windows Update for Business](waas-configure-wufb.md)
-- [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md)
-- [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md)
-- [Walkthrough: use Intune to configure Windows Update for Business](/intune/windows-update-for-business-configure)
-- [Manage device restarts after updates](waas-restart.md)
diff --git a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
index e22c1fd433..86a3d1f00d 100644
--- a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
+++ b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
@@ -1,6 +1,6 @@
 ---
-title: Prepare servicing strategy for Windows 10 updates (Windows 10)
-description: A strong Windows 10 deployment strategy begins with establishing a simple, repeatable process for testing and deploying each feature update. 
+title: Prepare servicing strategy for Windows client updates
+description: A strong Windows client deployment strategy begins with establishing a simple, repeatable process for testing and deploying each feature update. 
 ms.prod: w10
 ms.mktglfcycl: manage
 author: jaimeo
@@ -17,7 +17,8 @@ ms.collection: m365initiative-coredeploy
 
 **Applies to**
 
-- Windows 10
+-   Windows 10
+-   Windows 11
 
 
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
@@ -48,25 +49,13 @@ Each time Microsoft releases a Windows 10 feature update, the IT department shou
 3.	**Deploy broadly.** Finally, focus on the large-scale deployment using deployment rings, like the ones discussed in Table 1. Build deployment rings that target groups of computers in your selected update-management product. To reduce risk as much as possible, construct your deployment rings in a way that splits individual departments into multiple rings. This way, if you were to encounter an issue, you don’t prevent any critical business from continuing. By using this method, each deployment ring reduces risk as more people have been updated in any particular department. 
 
 
-## Steps to manage updates for Windows 10
+## Steps to manage updates for Windows client
 
 |&nbsp; |&nbsp; |
 | --- | --- |
 | ![done.](images/checklistdone.png) | [Learn about updates and servicing channels](waas-overview.md) |
-| ![done.](images/checklistdone.png) | Prepare servicing strategy for Windows 10 updates (this topic) |
-| ![to do.](images/checklistbox.gif) | [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) |
-| ![to do.](images/checklistbox.gif) | [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md) |
-| ![to do.](images/checklistbox.gif) | [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) |
-| ![to do.](images/checklistbox.gif) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)</br>or [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)</br>or [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) |
-
-
-## Related topics
-
-- [Update Windows 10 in the enterprise](index.md) 
-- [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md)
-- [Configure BranchCache for Windows 10 updates](waas-branchcache.md)
-- [Configure Windows Update for Business](waas-configure-wufb.md)
-- [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md)
-- [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md)
-- [Walkthrough: use Intune to configure Windows Update for Business](/intune/windows-update-for-business-configure)
-- [Manage device restarts after updates](waas-restart.md)
\ No newline at end of file
+| ![done.](images/checklistdone.png) | Prepare servicing strategy for Windows client updates (this topic) |
+| ![to do.](images/checklistbox.gif) | [Build deployment rings for Windows client updates](waas-deployment-rings-windows-10-updates.md) |
+| ![to do.](images/checklistbox.gif) | [Assign devices to servicing channels for Windows client updates](waas-servicing-channels-windows-10-updates.md) |
+| ![to do.](images/checklistbox.gif) | [Optimize update delivery for Windows client updates](waas-optimize-windows-10-updates.md) |
+| ![to do.](images/checklistbox.gif) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)</br>or [Deploy Windows client updates using Windows Server Update Services](waas-manage-updates-wsus.md)</br>or [Deploy Windows client updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) |

From 57cf71fe3bb1334aaf49dadd7f1bc1d916abe0a8 Mon Sep 17 00:00:00 2001
From: jaimeo <jaimeo@microsoft.com>
Date: Fri, 17 Sep 2021 09:24:04 -0700
Subject: [PATCH 496/671] adding description

---
 windows/deployment/update/update-policies.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/deployment/update/update-policies.md b/windows/deployment/update/update-policies.md
index 0fd8905103..41ba2897fd 100644
--- a/windows/deployment/update/update-policies.md
+++ b/windows/deployment/update/update-policies.md
@@ -1,8 +1,8 @@
 ---
-title: Policies for update compliance, activity, and end-user experience
+title: Policies for update compliance, activity, and user experience
 ms.reviewer: 
 manager: laurawi
-description: 
+description: Explanation and recommendations for settings
 keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools
 ms.prod: w10
 ms.mktglfcycl: manage
@@ -14,7 +14,7 @@ ms.topic: article
 ms.collection: M365-modern-desktop
 ---
 
-# Policies for update compliance, activity, and end-user experience
+# Policies for update compliance, activity, and user experience
 
 **Applies to**
 

From b092353fccb7b5d5d34e7a223150b5a31e0f2dc8 Mon Sep 17 00:00:00 2001
From: jaimeo <jaimeo@microsoft.com>
Date: Fri, 17 Sep 2021 10:28:41 -0700
Subject: [PATCH 497/671] more small updates for Win11

---
 .../update/deployment-service-troubleshoot.md   |  5 ++++-
 .../update/how-windows-update-works.md          |  7 +++++--
 windows/deployment/update/safeguard-opt-out.md  | 13 +++++++++----
 .../update/windows-update-error-reference.md    |  5 ++++-
 .../deployment/update/windows-update-errors.md  |  5 ++++-
 .../update/windows-update-troubleshooting.md    | 17 ++++++++++-------
 6 files changed, 36 insertions(+), 16 deletions(-)

diff --git a/windows/deployment/update/deployment-service-troubleshoot.md b/windows/deployment/update/deployment-service-troubleshoot.md
index 1f9675d1d9..e1b83d057b 100644
--- a/windows/deployment/update/deployment-service-troubleshoot.md
+++ b/windows/deployment/update/deployment-service-troubleshoot.md
@@ -16,7 +16,10 @@ ms.topic: article
 
 # Troubleshoot the Windows Update for Business deployment service
 
-> Applies to: Windows 10
+**Applies to**
+
+-   Windows 10
+-   Windows 11
 
 This troubleshooting guide addresses the most common issues that IT administrators face when using the Windows Update for Business [deployment service](deployment-service-overview.md). For a general troubleshooting guide for Windows Update, see [Windows Update troubleshooting](windows-update-troubleshooting.md).
 
diff --git a/windows/deployment/update/how-windows-update-works.md b/windows/deployment/update/how-windows-update-works.md
index a926abfb28..1cb0a47bf7 100644
--- a/windows/deployment/update/how-windows-update-works.md
+++ b/windows/deployment/update/how-windows-update-works.md
@@ -15,9 +15,12 @@ ms.topic: article
 ms.custom: seo-marvel-apr2020
 ---
 
-# How does Windows Update work?
+# How Windows Update works
 
-> Applies to: Windows 10
+**Applies to**
+
+-   Windows 10
+-   Windows 11
 
 The Windows Update workflow has four core areas of functionality: 
 
diff --git a/windows/deployment/update/safeguard-opt-out.md b/windows/deployment/update/safeguard-opt-out.md
index a6ad9a0b05..928b215cef 100644
--- a/windows/deployment/update/safeguard-opt-out.md
+++ b/windows/deployment/update/safeguard-opt-out.md
@@ -12,21 +12,26 @@ ms.topic: article
 
 # Opt out of safeguard holds
 
-Safeguard holds prevent a device with a known compatibility issue from being offered a new Windows 10 feature update by using Windows Update. We use safeguard holds to protect the device and user from a failed or poor update experience. We renew the offering once a fix is issued and is verified on an affected device. For more information about safeguard holds, see [Safeguard holds](safeguard-holds.md).
+**Applies to**
+
+-   Windows 10
+-   Windows 11
+
+Safeguard holds prevent a device with a known compatibility issue from being offered a new Windows client feature update by using Windows Update. We use safeguard holds to protect the device and user from a failed or poor update experience. We renew the offering once a fix is issued and is verified on an affected device. For more information about safeguard holds, see [Safeguard holds](safeguard-holds.md).
 
 ## How can I opt out of safeguard holds?
 
-IT admins can, if necessary, opt devices out of safeguard protections by using the disable safeguards policy. In a Mobile Device Management (MDM) tool, use the **Update/DisableWUfBSafeguards** CSP. In Group Policy, use the **Disable safeguards for Feature Updates** Group Policy. This policy is available to Windows Update for Business devices running Windows 10, version 1809 or later that have installed the October 2020 security update. 
+IT admins can, if necessary, opt devices out of safeguard protections by using the disable safeguards policy. In a Mobile Device Management (MDM) tool, use the **Update/DisableWUfBSafeguards** CSP. In Group Policy, use the **Disable safeguards for Feature Updates** Group Policy. This policy is available to Windows Update for Business devices running Windows 10, version 1809 or later that have installed the October 2020 security update and in Windows 11. 
 
 > [!CAUTION]
 > Opting out of a safeguard hold can put devices at risk from known performance issues. 
 
-We recommend opting out only in an IT environment and for validation purposes. You can also validate an upcoming Windows 10 feature update version without the safeguards being applied by using the Release Preview channel of the Windows Insider Program for Business.
+We recommend opting out only in an IT environment and for validation purposes. You can also validate an upcoming Windows client feature update version without the safeguards being applied by using the Release Preview channel of the Windows Insider Program for Business.
 
 Disabling safeguards does not guarantee your device will be able to successfully update. The update might still fail and will likely result in a bad experience since you are bypassing the protection against known issues. 
 
 > [!NOTE]
-> After a device installs a new Windows 10 version, the **Disable safeguards for Feature Updates** Group Policy will revert to “not configured” even if it was previously enabled. We do this to ensure the admin is consciously disabling Microsoft’s default protection from known issues for each new feature update.  
+> After a device installs a new Windows client version, the **Disable safeguards for Feature Updates** Group Policy will revert to “not configured” even if it was previously enabled. We do this to ensure the admin is consciously disabling Microsoft’s default protection from known issues for each new feature update.  
 
 
 
diff --git a/windows/deployment/update/windows-update-error-reference.md b/windows/deployment/update/windows-update-error-reference.md
index def8d11796..508a27d244 100644
--- a/windows/deployment/update/windows-update-error-reference.md
+++ b/windows/deployment/update/windows-update-error-reference.md
@@ -17,7 +17,10 @@ ms.custom: seo-marvel-apr2020
 
 # Windows Update error codes by component
 
-> Applies to: Windows 10
+**Applies to**
+
+-   Windows 10
+-   Windows 11
 
 
 This section lists the error codes for Microsoft Windows Update. 
diff --git a/windows/deployment/update/windows-update-errors.md b/windows/deployment/update/windows-update-errors.md
index d66be080b0..eb178f7528 100644
--- a/windows/deployment/update/windows-update-errors.md
+++ b/windows/deployment/update/windows-update-errors.md
@@ -15,7 +15,10 @@ ms.custom: seo-marvel-apr2020
 
 # Windows Update common errors and mitigation
 
->Applies to: Windows 10
+**Applies to**
+
+-   Windows 10
+-   Windows 11
 
 The following table provides information about common errors you might run into with Windows Update, as well as steps to help you mitigate them.
 
diff --git a/windows/deployment/update/windows-update-troubleshooting.md b/windows/deployment/update/windows-update-troubleshooting.md
index 802e6f9aa3..affb4df80e 100644
--- a/windows/deployment/update/windows-update-troubleshooting.md
+++ b/windows/deployment/update/windows-update-troubleshooting.md
@@ -15,13 +15,16 @@ ms.custom: seo-marvel-apr2020
 
 # Windows Update troubleshooting
 
->Applies to: Windows 10
+**Applies to**
+
+-   Windows 10
+-   Windows 11
 
 If you run into problems when using Windows Update, start with the following steps: 
  
 1. Run the built-in Windows Update troubleshooter to fix common issues. Navigate to **Settings > Update & Security > Troubleshoot > Windows Update**. 
 
-2. Install the most recent Servicing Stack Update (SSU) that matches your version of Windows from the Microsoft Update Catalog. See [Servicing stack updates](servicing-stack-updates.md) for more details on servicing stack updates. 
+2. Install the most recent Servicing Stack Update that matches your version of Windows from the Microsoft Update Catalog. See [Servicing stack updates](servicing-stack-updates.md) for more details on servicing stack updates. 
 
 3. Make sure that you install the latest Windows updates, cumulative updates, and rollup updates. To verify the update status, refer to the appropriate update history for your system: 
 
@@ -171,11 +174,11 @@ Ensure that devices can reach necessary Windows Update endpoints through the fir
 > [!NOTE]
 > Be sure not to use HTTPS for those endpoints that specify HTTP, and vice versa. The connection will fail.
 
-The specific endpoints can vary between Windows 10 versions. See, for example, [Windows 10 2004 Enterprise connection endpoints](/windows/privacy/manage-windows-2004-endpoints). Similar articles for other Windows 10 versions are available in the table of contents nearby.
+The specific endpoints can vary between Windows client versions. See, for example, [Windows 10 2004 Enterprise connection endpoints](/windows/privacy/manage-windows-2004-endpoints). Similar articles for other Windows client versions are available in the table of contents nearby.
 
  
 ## Updates aren't downloading from the intranet endpoint (WSUS or Configuration Manager) 
-Windows 10 devices can receive updates from a variety of sources, including Windows Update online, a Windows Server Update Services server, and others. To determine the source of Windows Updates currently being used on a device, follow these steps: 
+Windows client devices can receive updates from a variety of sources, including Windows Update online, a Windows Server Update Services server, and others. To determine the source of Windows Updates currently being used on a device, follow these steps: 
  
 1. Start Windows PowerShell as an administrator.
 2. Run \$MUSM = New-Object -ComObject "Microsoft.Update.ServiceManager". 
@@ -186,7 +189,7 @@ Check the output for the Name and OffersWindowsUPdates parameters, which you can
 |Output|Meaning| 
 |-|-|
 |- Name: Microsoft Update <br>-OffersWindowsUpdates: True| - The update source is Microsoft Update, which means that updates for other Microsoft products besides the operating system could also be delivered.<br>- Indicates that the client is configured to receive updates for all Microsoft Products (Office, etc.) |
-|- <a name="BKMK_DCAT"></a>Name: DCat Flighting Prod <br>- OffersWindowsUpdates: True |- Starting with Windows 10 1709, feature updates are always delivered through the DCAT service.<br>- Indicates that the client is configured to receive feature updates from Windows Update. |
+|- <a name="BKMK_DCAT"></a>Name: DCat Flighting Prod <br>- OffersWindowsUpdates: True |- Starting with Windows 10, version 1709, feature updates are always delivered through the DCAT service.<br>- Indicates that the client is configured to receive feature updates from Windows Update. |
 |- Name: Windows Store (DCat Prod) <br>- OffersWindowsUpdates: False |-The update source is Insider Updates for Store Apps.<br>- Indicates that the client will not receive or is not configured to receive these updates.| 
 |- Name: Windows Server Update Service <br>- OffersWindowsUpdates: True |- The source is a Windows Server Updates Services server. <br>- The client is configured to receive updates from WSUS. |
 |- Name: Windows Update<br>- OffersWindowsUpdates: True|- The source is Windows Update. <br>- The client is configured to receive updates from Windows Update Online.| 
@@ -230,8 +233,8 @@ As shown in the following logs, automatic update runs the scan and finds no upda
 2018-08-06 10:58:47:383  480 5d8 Agent **  END  **  Agent: Finding updates [CallerId = AutomaticUpdates  Id = 57] 
 ```
 
-## High bandwidth usage on Windows 10 by Windows Update 
-Users might see that Windows 10 is consuming all the bandwidth in the different offices under the system context. This behavior is by design. Components that might consume bandwidth expand beyond Windows Update components. 
+## High bandwidth usage on Windows client by Windows Update 
+Users might see that Windows is consuming all the bandwidth in the different offices under the system context. This behavior is by design. Components that might consume bandwidth expand beyond Windows Update components. 
 
 The following group policies can help mitigate this situation: 
  

From 0c62ac35444a6ad7fe65cc709efe378224469ac6 Mon Sep 17 00:00:00 2001
From: Nick Bassett <nbassett@microsoft.com>
Date: Fri, 17 Sep 2021 10:34:20 -0700
Subject: [PATCH 498/671] Update
 windows/security/threat-protection/intelligence/virus-initiative-criteria.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../threat-protection/intelligence/virus-initiative-criteria.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/intelligence/virus-initiative-criteria.md b/windows/security/threat-protection/intelligence/virus-initiative-criteria.md
index 844c34033a..e4459d2d4f 100644
--- a/windows/security/threat-protection/intelligence/virus-initiative-criteria.md
+++ b/windows/security/threat-protection/intelligence/virus-initiative-criteria.md
@@ -24,7 +24,7 @@ The Microsoft Virus Initiative (MVI) helps organizations develop better-together
 
 You can request membership if you're a representative for an organization that develops and produces antimalware or antivirus technology. 
 
-To qualify for the MVI program, your organization must meet all the following requirements.
+To qualify for the MVI program, your organization must meet all the following requirements:
 
 1)	Your security solution either replaces or compliments Microsoft Defender Antivirus.
 

From 3337a3c55206b1dc60327e2faf83846de0d833e4 Mon Sep 17 00:00:00 2001
From: Nick Bassett <nbassett@microsoft.com>
Date: Fri, 17 Sep 2021 10:34:27 -0700
Subject: [PATCH 499/671] Update
 windows/security/threat-protection/intelligence/virus-initiative-criteria.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../threat-protection/intelligence/virus-initiative-criteria.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/intelligence/virus-initiative-criteria.md b/windows/security/threat-protection/intelligence/virus-initiative-criteria.md
index e4459d2d4f..e079bcdc67 100644
--- a/windows/security/threat-protection/intelligence/virus-initiative-criteria.md
+++ b/windows/security/threat-protection/intelligence/virus-initiative-criteria.md
@@ -30,7 +30,7 @@ To qualify for the MVI program, your organization must meet all the following re
 
 2)	Your organization is responsible for both developing and distributing app updates to end-customers that address compatibility with Windows.
 
-3)	Your organization must be active in the antimalware industry and have a positive reputation, as evidenced by participation in industry conferences or being reviewed in an industry standard report such as AV Comparatives, OPSWAT, or Gartner.
+3)	Your organization must be active in the antimalware industry and have a positive reputation, as evidenced by participation in industry conferences or being reviewed in an industry-standard report such as AV-Comparatives, OPSWAT, or Gartner.
 
 4)	Your organization must sign a non-disclosure agreement (NDA) with Microsoft.
 

From 636b5f231abae09a437e40b8caf37b135447d767 Mon Sep 17 00:00:00 2001
From: Nick Bassett <nbassett@microsoft.com>
Date: Fri, 17 Sep 2021 10:34:34 -0700
Subject: [PATCH 500/671] Update
 windows/security/threat-protection/intelligence/virus-initiative-criteria.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../threat-protection/intelligence/virus-initiative-criteria.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/intelligence/virus-initiative-criteria.md b/windows/security/threat-protection/intelligence/virus-initiative-criteria.md
index e079bcdc67..ccb2eb6624 100644
--- a/windows/security/threat-protection/intelligence/virus-initiative-criteria.md
+++ b/windows/security/threat-protection/intelligence/virus-initiative-criteria.md
@@ -38,7 +38,7 @@ To qualify for the MVI program, your organization must meet all the following re
 
 6)	You must submit your app to Microsoft for periodic performance testing and feature review.
 
-7)	Your solution must be certified through independent testing by at least one industry standard organization, and yearly certification must be maintained.
+7)	Your solution must be certified through independent testing by at least one industry-standard organization, and yearly certification must be maintained.
 
 Test Provider | Lab Test Type |	Minimum Level / Score
 ------------- |---------------|----------------------

From a86009d94657d4a1d63e93a72b13a680dc982175 Mon Sep 17 00:00:00 2001
From: jaimeo <jaimeo@microsoft.com>
Date: Fri, 17 Sep 2021 10:46:49 -0700
Subject: [PATCH 501/671] fixing typos

---
 windows/deployment/update/update-baseline.md | 2 +-
 windows/deployment/update/update-policies.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/update/update-baseline.md b/windows/deployment/update/update-baseline.md
index ed9feda6cd..a8e162f8c3 100644
--- a/windows/deployment/update/update-baseline.md
+++ b/windows/deployment/update/update-baseline.md
@@ -18,7 +18,7 @@ ms.topic: article
 > [!NOTE]
 > Update Baseline is not currently available for Windows 11.
 
-With the large number of different policies offered for Windows 10, Update Baseline provides a clear list of recommended Windows Update policy settings for IT administrators who want the best user experience while also meeting their monthly update compliance goals. See [Policies included in the Update Baseline](#policies-included-in-the-update-baseline) for the full list of policy configurations. 
+With the large number of different policies offered for Windows client, Update Baseline provides a clear list of recommended Windows Update policy settings for IT administrators who want the best user experience while also meeting their monthly update compliance goals. See [Policies included in the Update Baseline](#policies-included-in-the-update-baseline) for the full list of policy configurations. 
 
 ## Why is Update Baseline needed? 
 
diff --git a/windows/deployment/update/update-policies.md b/windows/deployment/update/update-policies.md
index 41ba2897fd..54d768fbfe 100644
--- a/windows/deployment/update/update-policies.md
+++ b/windows/deployment/update/update-policies.md
@@ -20,7 +20,7 @@ ms.collection: M365-modern-desktop
 
 -   Windows 10
 -   Windows 11
-- 
+
 Keeping devices up to date is the best way to keep them working smoothly and securely. 
 
 ## Deadlines for update compliance

From 9c87cbff083eabe36e387ed91f322b64415112de Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Fri, 17 Sep 2021 10:53:17 -0700
Subject: [PATCH 502/671] fix

---
 windows/security/TOC.yml     |  2 +-
 windows/security/hardware.md | 11 ++++++-----
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index cc5c7302ed..46d6c42528 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -35,7 +35,7 @@
       href: threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md    
     - name: Kernel DMA Protection
       href: information-protection/kernel-dma-protection-for-thunderbolt.md
-    - name: Windows 11 secured-core devices
+    - name: Windows secured-core devices
       href: /windows-hardware/design/device-experiences/oem-highly-secure
 - name: Operating system security
   items: 
diff --git a/windows/security/hardware.md b/windows/security/hardware.md
index 2201c1ec64..5fbcc6156a 100644
--- a/windows/security/hardware.md
+++ b/windows/security/hardware.md
@@ -16,11 +16,12 @@ ms.technology: windows-sec
 # Windows hardware security
 
 Modern threats require modern security with a strong alignment between hardware security and software security techniques to keep users, data and devices protected. The operating system alone cannot protect from the wide range of tools and techniques cybercriminals use to compromise a computer deep inside its silicon. Once inside, intruders can be difficult to detect while engaging in multiple nefarious activities from stealing important data to capturing email addresses and other sensitive pieces of information.
-These new threats call for computing hardware that is secure down to the very core, including hardware chips and processors. Microsoft and our partners, including chip and device manufacturers, have worked together to integrate powerful security capabilities across software, firmware, and hardware. <br/><br/>
+These new threats call for computing hardware that is secure down to the very core, including hardware chips and processors. Microsoft and our partners, including chip and device manufacturers, have worked together to integrate powerful security capabilities across software, firmware, and hardware. <br><br/>
 
 | Security Measures | Features & Capabilities |
 |:---|:---|
-| Trusted Platform Module (TPM) | A Trusted Platform Module (TPM) is designed to provide hardware-based security-related functions and help prevent unwanted tampering. TPMs provide security and privacy benefits for system hardware, platform owners, and users. <br> A TPM chip is a secure crypto-processor that helps with actions such as generating, storing, and limiting the use of cryptographic keys. Many TPMs include multiple physical security mechanisms to make it tamper resistant and prevent malicious software from tampering with the security functions of the TPM. <br> Learn more about the [Trusted Platform Module](information-protection/tpm/trusted-platform-module-top-node.md). |
-| Hardware-based root of trust with Windows Defender System Guard | To protect critical resources such as Windows authentication, single sign-on tokens, Windows Hello, and the Virtual Trusted Platform Module, a system's firmware and hardware must be trustworthy.  <br> Windows Defender System Guard helps protect and maintain the integrity of the system as it starts up and validate that system integrity has truly been maintained through local and remote attestation. <br> Learn more about [How a hardware-based root of trust helps protect Windows](threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md) and [System Guard Secure Launch and SMM protection](threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md). |
-| Enable virtualization-based protection of code integrity | Hypervisor-protected Code Integrity (HVCI) is a  virtualization based security (VBS) feature available in Windows. In the Windows Device Security settings, HVCI is referred to as Memory Integrity. <br> HVCI and VBS improve the threat model of Windows and provide stronger protections against malware trying to exploit the Windows Kernel. VBS leverages the Windows Hypervisor to create an isolated virtual environment that becomes the root of trust of the OS that assumes the kernel can be compromised. HVCI is a critical component that protects and hardens this virtual environment by running kernel mode code integrity within it and restricting kernel memory allocations that could be used to compromise the system. <br> Learn more: [Enable virtualization-based protection of code integrity](threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md).
-| Kernel Direct Memory Access (DMA) Protection | PCIe hot plug devices such as Thunderbolt, USB4, and CFexpress allow users to attach new classes of external peripherals, including graphics cards or other PCI devices, to their PCs with an experience identical to USB. Because PCI hot plug ports are external and easily-accessible, PCs are susceptible to drive-by Direct Memory Access (DMA) attacks.  Memory access protection (also known as Kernel DMA Protection)  protects PCs against drive-by DMA attacks that use PCIe hot plug devices by limiting these external peripherals from being able to directly copy memory when the user has locked their PC. <br> Learn more about [Kernel DMA Protection](information-protection/kernel-dma-protection-for-thunderbolt.md). |
+| Trusted Platform Module (TPM) | A Trusted Platform Module (TPM) is designed to provide hardware-based security-related functions and help prevent unwanted tampering. TPMs provide security and privacy benefits for system hardware, platform owners, and users. <br> A TPM chip is a secure crypto-processor that helps with actions such as generating, storing, and limiting the use of cryptographic keys. Many TPMs include multiple physical security mechanisms to make it tamper resistant and prevent malicious software from tampering with the security functions of the TPM. <br><br/> Learn more about the [Trusted Platform Module](information-protection/tpm/trusted-platform-module-top-node.md). |
+| Hardware-based root of trust with Windows Defender System Guard | To protect critical resources such as Windows authentication, single sign-on tokens, Windows Hello, and the Virtual Trusted Platform Module, a system's firmware and hardware must be trustworthy.  <br> Windows Defender System Guard helps protect and maintain the integrity of the system as it starts up and validate that system integrity has truly been maintained through local and remote attestation. <br><br/> Learn more about [How a hardware-based root of trust helps protect Windows](threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md) and [System Guard Secure Launch and SMM protection](threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md). |
+| Enable virtualization-based protection of code integrity | Hypervisor-protected Code Integrity (HVCI) is a  virtualization based security (VBS) feature available in Windows. In the Windows Device Security settings, HVCI is referred to as Memory Integrity. <br> HVCI and VBS improve the threat model of Windows and provide stronger protections against malware trying to exploit the Windows Kernel. VBS leverages the Windows Hypervisor to create an isolated virtual environment that becomes the root of trust of the OS that assumes the kernel can be compromised. HVCI is a critical component that protects and hardens this virtual environment by running kernel mode code integrity within it and restricting kernel memory allocations that could be used to compromise the system. <br><br/> Learn more: [Enable virtualization-based protection of code integrity](threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md).
+| Kernel Direct Memory Access (DMA) Protection | PCIe hot plug devices such as Thunderbolt, USB4, and CFexpress allow users to attach new classes of external peripherals, including graphics cards or other PCI devices, to their PCs with an experience identical to USB. Because PCI hot plug ports are external and easily-accessible, PCs are susceptible to drive-by Direct Memory Access (DMA) attacks.  Memory access protection (also known as Kernel DMA Protection)  protects PCs against drive-by DMA attacks that use PCIe hot plug devices by limiting these external peripherals from being able to directly copy memory when the user has locked their PC. <br><br/> Learn more about [Kernel DMA Protection](information-protection/kernel-dma-protection-for-thunderbolt.md). |
+| Secure core devices | Microsoft is working closely with OEM partners and silicon vendors to build Secured-core PCs that features deeply integrated hardware, firmware and software to ensure enhanced security for devices, identities and data. <br><br/> Secured-core PCs provide protections that are useful against sophisticated attacks and can provide increased assurance when handling mission-critical data in some of the most data-sensitive industries, such as healthcare workers that handle medical records and other personally identifiable information (PII), commercial roles that handle high business impact and highly sensitive data, such as a financial controller with earnings data. <br><br/> Learn more about [Secure core PCs](/windows-hardware/design/device-experiences/oem-highly-secure).| 

From 737487990f432251753651c2c31204141b24a840 Mon Sep 17 00:00:00 2001
From: jaimeo <jaimeo@microsoft.com>
Date: Fri, 17 Sep 2021 11:04:34 -0700
Subject: [PATCH 503/671] typo

---
 windows/deployment/update/update-policies.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/update-policies.md b/windows/deployment/update/update-policies.md
index 54d768fbfe..f6bb3195f2 100644
--- a/windows/deployment/update/update-policies.md
+++ b/windows/deployment/update/update-policies.md
@@ -46,7 +46,7 @@ restarts for maximum update velocity).
 We recommend you set deadlines as follows:
 - Quality update deadline, in days: 3
 - Feature update deadline, in days: 7
-- 
+
 Notifications are automatically presented to the user at appropriate times, and users can choose to be reminded
 later, to reschedule, or to restart immediately, depending on how close the deadline is. We recommend that you
 do **not** set any notification policies, because they are automatically configured with appropriate defaults. An exception is if you

From 08000679b99fa39a7a770c977ebbd65801e1a60d Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Fri, 17 Sep 2021 16:01:56 -0700
Subject: [PATCH 504/671] removing older TOCs

---
 .../threat-protection/intelligence/TOC.yml    |  60 ------
 .../applocker/TOC.yml                         | 186 ------------------
 2 files changed, 246 deletions(-)
 delete mode 100644 windows/security/threat-protection/intelligence/TOC.yml
 delete mode 100644 windows/security/threat-protection/windows-defender-application-control/applocker/TOC.yml

diff --git a/windows/security/threat-protection/intelligence/TOC.yml b/windows/security/threat-protection/intelligence/TOC.yml
deleted file mode 100644
index 78fea4eba3..0000000000
--- a/windows/security/threat-protection/intelligence/TOC.yml
+++ /dev/null
@@ -1,60 +0,0 @@
-- name: Security intelligence
-  href: index.md
-  items: 
-    - name: Understand malware & other threats
-      href: understanding-malware.md
-      items: 
-        - name: Coin miners
-          href: coinminer-malware.md
-        - name: Exploits and exploit kits
-          href: exploits-malware.md
-        - name: Fileless threats
-          href: fileless-threats.md
-        - name: Macro malware
-          href: macro-malware.md
-        - name: Phishing attacks
-          href: phishing.md
-          items: 
-            - name: Phishing trends and techniques
-              href: phishing-trends.md
-        - name: Ransomware
-          href: /security/compass/human-operated-ransomware
-        - name: Rootkits
-          href: rootkits-malware.md
-        - name: Supply chain attacks
-          href: supply-chain-malware.md
-        - name: Tech support scams
-          href: support-scams.md
-        - name: Trojans
-          href: trojans-malware.md
-        - name: Unwanted software
-          href: unwanted-software.md
-        - name: Worms
-          href: worms-malware.md
-    - name: Prevent malware infection
-      href: prevent-malware-infection.md
-    - name: Malware naming convention
-      href: malware-naming.md
-    - name: How Microsoft identifies malware and PUA
-      href: criteria.md
-    - name: Submit files for analysis
-      href: submission-guide.md
-    - name: Troubleshoot malware submission
-      href: portal-submission-troubleshooting.md
-    - name: Safety Scanner download
-      href: safety-scanner-download.md
-    - name: Industry collaboration programs
-      href: cybersecurity-industry-partners.md
-      items: 
-        - name: Virus information alliance
-          href: virus-information-alliance-criteria.md
-        - name: Microsoft virus initiative
-          href: virus-initiative-criteria.md
-        - name: Coordinated malware eradication
-          href: coordinated-malware-eradication.md
-    - name: Information for developers
-      items: 
-        - name: Software developer FAQ
-          href: developer-faq.yml
-        - name: Software developer resources
-          href: developer-resources.md
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/TOC.yml b/windows/security/threat-protection/windows-defender-application-control/applocker/TOC.yml
deleted file mode 100644
index b796c0e95e..0000000000
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/TOC.yml
+++ /dev/null
@@ -1,186 +0,0 @@
-- name: AppLocker
-  href: applocker-overview.md
-  items: 
-    - name: Administer AppLocker
-      href: administer-applocker.md
-      items: 
-        - name: Maintain AppLocker policies
-          href: maintain-applocker-policies.md
-        - name: Edit an AppLocker policy
-          href: edit-an-applocker-policy.md
-        - name: Test and update an AppLocker policy
-          href: test-and-update-an-applocker-policy.md
-        - name: Deploy AppLocker policies by using the enforce rules setting
-          href: deploy-applocker-policies-by-using-the-enforce-rules-setting.md
-        - name: Use the AppLocker Windows PowerShell cmdlets
-          href: use-the-applocker-windows-powershell-cmdlets.md
-        - name: Use AppLocker and Software Restriction Policies in the same domain
-          href: use-applocker-and-software-restriction-policies-in-the-same-domain.md
-        - name: Optimize AppLocker performance
-          href: optimize-applocker-performance.md
-        - name: Monitor app usage with AppLocker
-          href: monitor-application-usage-with-applocker.md
-        - name: Manage packaged apps with AppLocker
-          href: manage-packaged-apps-with-applocker.md
-        - name: Working with AppLocker rules
-          href: working-with-applocker-rules.md
-          items: 
-            - name: Create a rule that uses a file hash condition
-              href: create-a-rule-that-uses-a-file-hash-condition.md
-            - name: Create a rule that uses a path condition
-              href: create-a-rule-that-uses-a-path-condition.md
-            - name: Create a rule that uses a publisher condition
-              href: create-a-rule-that-uses-a-publisher-condition.md
-            - name: Create AppLocker default rules
-              href: create-applocker-default-rules.md
-            - name: Add exceptions for an AppLocker rule
-              href: configure-exceptions-for-an-applocker-rule.md
-            - name: Create a rule for packaged apps
-              href: create-a-rule-for-packaged-apps.md
-            - name: Delete an AppLocker rule
-              href: delete-an-applocker-rule.md
-            - name: Edit AppLocker rules
-              href: edit-applocker-rules.md
-            - name: Enable the DLL rule collection
-              href: enable-the-dll-rule-collection.md
-            - name: Enforce AppLocker rules
-              href: enforce-applocker-rules.md
-            - name: Run the Automatically Generate Rules wizard
-              href: run-the-automatically-generate-rules-wizard.md
-        - name: Working with AppLocker policies
-          href: working-with-applocker-policies.md
-          items: 
-            - name: Configure the Application Identity service
-              href: configure-the-application-identity-service.md
-            - name: Configure an AppLocker policy for audit only
-              href: configure-an-applocker-policy-for-audit-only.md
-            - name: Configure an AppLocker policy for enforce rules
-              href: configure-an-applocker-policy-for-enforce-rules.md
-            - name: Display a custom URL message when users try to run a blocked app
-              href: display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
-            - name: Export an AppLocker policy from a GPO
-              href: export-an-applocker-policy-from-a-gpo.md
-            - name: Export an AppLocker policy to an XML file
-              href: export-an-applocker-policy-to-an-xml-file.md
-            - name: Import an AppLocker policy from another computer
-              href: import-an-applocker-policy-from-another-computer.md
-            - name: Import an AppLocker policy into a GPO
-              href: import-an-applocker-policy-into-a-gpo.md
-            - name: Add rules for packaged apps to existing AppLocker rule-set
-              href: add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
-            - name: Merge AppLocker policies by using Set-ApplockerPolicy
-              href: merge-applocker-policies-by-using-set-applockerpolicy.md
-            - name: Merge AppLocker policies manually
-              href: merge-applocker-policies-manually.md
-            - name: Refresh an AppLocker policy
-              href: refresh-an-applocker-policy.md
-            - name: Test an AppLocker policy by using Test-AppLockerPolicy
-              href: test-an-applocker-policy-by-using-test-applockerpolicy.md
-    - name: AppLocker design guide
-      href: applocker-policies-design-guide.md
-      items: 
-        - name: Understand AppLocker policy design decisions
-          href: understand-applocker-policy-design-decisions.md
-        - name: Determine your application control objectives
-          href: determine-your-application-control-objectives.md
-        - name: Create a list of apps deployed to each business group
-          href: create-list-of-applications-deployed-to-each-business-group.md
-          items: 
-            - name: Document your app list
-              href: document-your-application-list.md
-        - name: Select the types of rules to create
-          href: select-types-of-rules-to-create.md
-          items: 
-            - name: Document your AppLocker rules
-              href: document-your-applocker-rules.md
-        - name: Determine the Group Policy structure and rule enforcement
-          href: determine-group-policy-structure-and-rule-enforcement.md
-          items: 
-            - name: Understand AppLocker enforcement settings
-              href: understand-applocker-enforcement-settings.md
-            - name: Understand AppLocker rules and enforcement setting inheritance in Group Policy
-              href: understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md
-            - name: Document the Group Policy structure and AppLocker rule enforcement
-              href: document-group-policy-structure-and-applocker-rule-enforcement.md
-        - name: Plan for AppLocker policy management
-          href: plan-for-applocker-policy-management.md
-    - name: AppLocker deployment guide
-      href: applocker-policies-deployment-guide.md
-      items: 
-        - name: Understand the AppLocker policy deployment process
-          href: understand-the-applocker-policy-deployment-process.md
-        - name: Requirements for Deploying AppLocker Policies
-          href: requirements-for-deploying-applocker-policies.md
-        - name: Use Software Restriction Policies and AppLocker policies
-          href: using-software-restriction-policies-and-applocker-policies.md
-        - name: Create Your AppLocker policies
-          href: create-your-applocker-policies.md
-          items: 
-            - name: Create Your AppLocker rules
-              href: create-your-applocker-rules.md
-        - name: Deploy the AppLocker policy into production
-          href: deploy-the-applocker-policy-into-production.md
-          items: 
-            - name: Use a reference device to create and maintain AppLocker policies
-              href: use-a-reference-computer-to-create-and-maintain-applocker-policies.md
-            - name: Determine which apps are digitally signed on a reference device
-              href: determine-which-applications-are-digitally-signed-on-a-reference-computer.md
-        - name: Configure the AppLocker reference device
-          href: configure-the-appLocker-reference-device.md
-    - name: AppLocker technical reference
-      href: applocker-technical-reference.md
-      items: 
-        - name: What Is AppLocker?
-          href: what-is-applocker.md
-        - name: Requirements to use AppLocker
-          href: requirements-to-use-applocker.md
-        - name: AppLocker policy use scenarios
-          href: applocker-policy-use-scenarios.md
-        - name: How AppLocker works
-          href: how-applocker-works-techref.md
-          items: 
-            - name: Understanding AppLocker rule behavior
-              href: understanding-applocker-rule-behavior.md
-            - name: Understanding AppLocker rule exceptions
-              href: understanding-applocker-rule-exceptions.md
-            - name: Understanding AppLocker rule collections
-              href: understanding-applocker-rule-collections.md
-            - name: Understanding AppLocker allow and deny actions on rules
-              href: understanding-applocker-allow-and-deny-actions-on-rules.md
-            - name: Understanding AppLocker rule condition types
-              href: understanding-applocker-rule-condition-types.md
-              items: 
-                - name: Understanding the publisher rule condition in AppLocker
-                  href: understanding-the-publisher-rule-condition-in-applocker.md
-                - name: Understanding the path rule condition in AppLocker
-                  href: understanding-the-path-rule-condition-in-applocker.md
-                - name: Understanding the file hash rule condition in AppLocker
-                  href: understanding-the-file-hash-rule-condition-in-applocker.md
-            - name: Understanding AppLocker default rules
-              href: understanding-applocker-default-rules.md
-              items: 
-                - name: Executable rules in AppLocker
-                  href: executable-rules-in-applocker.md
-                - name: Windows Installer rules in AppLocker
-                  href: windows-installer-rules-in-applocker.md
-                - name: Script rules in AppLocker
-                  href: script-rules-in-applocker.md
-                - name: DLL rules in AppLocker
-                  href: dll-rules-in-applocker.md
-                - name: Packaged apps and packaged app installer rules in AppLocker
-                  href: packaged-apps-and-packaged-app-installer-rules-in-applocker.md
-        - name: AppLocker architecture and components
-          href: applocker-architecture-and-components.md
-        - name: AppLocker processes and interactions
-          href: applocker-processes-and-interactions.md
-        - name: AppLocker functions
-          href: applocker-functions.md
-        - name: Security considerations for AppLocker
-          href: security-considerations-for-applocker.md
-        - name: Tools to Use with AppLocker
-          href: tools-to-use-with-applocker.md
-          items: 
-            - name: Using Event Viewer with AppLocker
-              href: using-event-viewer-with-applocker.md
-        - name: AppLocker Settings
-          href: applocker-settings.md

From dec0bacbf2df720a7de008a14addaefed2daa843 Mon Sep 17 00:00:00 2001
From: Carmen Forsmann <cmforsmann@live.com>
Date: Fri, 17 Sep 2021 18:12:26 -0700
Subject: [PATCH 505/671] Update delivery-optimization-workflow.md

---
 .../update/delivery-optimization-workflow.md  | 22 +++++++++----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/windows/deployment/update/delivery-optimization-workflow.md b/windows/deployment/update/delivery-optimization-workflow.md
index b6a9e024c3..83b1f2f287 100644
--- a/windows/deployment/update/delivery-optimization-workflow.md
+++ b/windows/deployment/update/delivery-optimization-workflow.md
@@ -24,20 +24,20 @@ ms.topic: article
 
 This workflow allows Delivery Optimization to securely and efficiently deliver requested content to the calling device. Delivery Optimization uses content metadata to determine all available locations to pull content from, as well as content verification.
 
-1. When a download starts, the Delivery Optimization client attempts to get its content metadata from the Delivery Optimization service over an SSL channel. This content metadata is a hash file containing the SHA-256 block-level hashes of each piece in the file (typically one piece = 1 MB). The authenticity of the content metadata file itself is verified prior to any content being downloaded.
-2. Once the content metadata file is verified, Delivery Optimization accesses the requested pieces of the content file.
+1. When a download starts, the Delivery Optimization client attempts to get its content metadata from the Delivery Optimization service. This content metadata is a hash file containing the SHA-256 block-level hashes of each piece in the file (typically one piece = 1 MB). The authenticity of the content metadata file itself is verified prior to any content being downloaded.
+2. Once the content metadata file is verified, Delivery Optimization accesses the requested pieces of the content file, over an SSL channel.
 3. When Delivery Optimization pulls a certain piece of the hash from another peer, it verifies the hash against the known hash in the content metadata file.
 4. If a peer provides an invalid piece, that piece is discarded. When a peer sends multiple bad pieces, it's banned and will no longer be used as a source by the Delivery Optimization client performing the download.
 5. If Delivery Optimization is unable to obtain the content metadata file, or if the verification of the hash file itself fails, the download will fall back to “simple mode” (pulling content only from an HTTP source) and peer-to-peer won't be allowed.
-6. Once downloading is complete, Delivery Optimization uses all retrieved pieces of the content to put the file together. At that point, the Delivery Optimization caller (for example, ConfigMgr) checks the entire file to verify the signature prior to installing it.
+6. Once downloading is complete, Delivery Optimization uses all retrieved pieces of the content to put the file together. At that point, the Delivery Optimization caller (for example, Windows Update) checks the entire file to verify the signature prior to installing it.
 
 ## Delivery Optimization service endpoint and data information
 
-|Endpoint hostname|Name|Description|Data sent from the computer to the endpoint
-|--------------------------------------------|--------------|---------------|-----------------------|
-| geover-prod.do.dsp.mp.microsoft.com <br> geo-prod.do.dsp.mp.microsoft.com <br> geo.prod.do.dsp.mp.microsoft.com <br> geover.prod.do.dsp.mp.microsoft.com | Geo | Service used to identify the location of the device in order to direct it to the nearest data center. | **Profile**: The device type (for example, PC or Xbox) <br> **doClientVersion**: The version of the DoSvc Client <br> **groupID**: Group the device belongs to (set with DownloadMode = '2' (Group download mode) + groupID group policy / MDM policies) |
-| kv\*.prod.do.dsp.mp.microsoft.com | KeyValue | Bootstrap service provides endpoints for all other services as well as device configs | **countryCode**: The country the client is connected from <br> **doClientVersion**: The version of the DoSvc Client <br> **Profile**: The device type (for example, PC or Xbox) <br> **eId**: Client grouping Id <br> **CacheHost**: Cache host id |
-| cp\*.prod.do.dsp.mp.microsoft.com <br> | Content Policy | Provides content specific policies as well as content metadata URLs | **Profile**: The device type (for example, PC or Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the dosvc client <br> **countryCode**: The country the client is connected from <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **eId**: Client grouping Id <br> **CacheHost**: Cache host id |
-| disc\*.prod.do.dsp.mp.microsoft.com | Discovery | Provides the client with the geo-located array to connect to. (There are two endpoints providing this functionality: /content and /v2/content.) | **Profile**: The device type (for example, PC or Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the dosvc client <br> **partitionId**: Client partitioning hint <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **eId**: Client grouping Id |
-| array\*.prod.do.dsp.mp.microsoft.com | Arrays | Provides the client with list of peers that have the same content and belong to the same peer group. | **Profile**: The device type (for example, PC or Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the dosvc client <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **PeerId**:  Identified of the device running DO client <br> **ReportedIp**: The internal / private IP Address <br> **IsBackground**: Is the download interactive or background <br> **Uploaded**: Total bytes uploaded to peers <br> **Downloaded**: Total bytes downloaded from peers <br> **DownloadedCdn**: Total bytes downloaded from CDN <br> **Left**: Bytes left to download <br> **Peers Wanted**: Total number of peers wanted <br> **Group Id**: Group the device belongs to (set via DownloadMode 2 + Group ID GP / MDM policies) <br> **Scope**: The Download mode <br> **UploadedBPS**: The upload speed in bytes per second <br> **DownloadBPS**: The download speed in Bytes per second <br> **eId**: Client grouping Id |
-| dl.delivery.mp.microsoft.com <br> emdl.ws.microsoft.com |  | Metadata download can come from different hostnames, but it's required for peer to peer |  
+|Endpoint hostname|Port|Name|Description|Data sent from the computer to the endpoint
+|--------------------------------------------|--------|---------------|-----------------------|------------------------|
+| geover-prod.do.dsp.mp.microsoft.com <br> geo-prod.do.dsp.mp.microsoft.com <br> geo.prod.do.dsp.mp.microsoft.com <br> geover.prod.do.dsp.mp.microsoft.com | 443 | Geo | Service used to identify the location of the device in order to direct it to the nearest data center. | **Profile**: The device type (for example, PC or Xbox) <br> **doClientVersion**: The version of the DoSvc Client <br> **groupID**: Group the device belongs to (set with DownloadMode = '2' (Group download mode) + groupID group policy / MDM policies) |
+| kv\*.prod.do.dsp.mp.microsoft.com | 443| KeyValue | Bootstrap service provides endpoints for all other services as well as device configs | **countryCode**: The country the client is connected from <br> **doClientVersion**: The version of the DoSvc Client <br> **Profile**: The device type (for example, PC or Xbox) <br> **eId**: Client grouping Id <br> **CacheHost**: Cache host id |
+| cp\*.prod.do.dsp.mp.microsoft.com <br> | 443 | Content Policy | Provides content specific policies as well as content metadata URLs | **Profile**: The device type (for example, PC or Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the dosvc client <br> **countryCode**: The country the client is connected from <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **eId**: Client grouping Id <br> **CacheHost**: Cache host id |
+| disc\*.prod.do.dsp.mp.microsoft.com | 443 | Discovery | Directs clients to a particular instance of the peer matching service (Array), ensuing that clients are collocated by factors, such as content, groupId and external IP | **Profile**: The device type (for example, PC or Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the dosvc client <br> **partitionId**: Client partitioning hint <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **eId**: Client grouping Id |
+| array\*.prod.do.dsp.mp.microsoft.com | 443 | Arrays | Provides the client with list of peers that have the same content and belong to the same peer group. | **Profile**: The device type (for example, PC or Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the dosvc client <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **PeerId**:  Identified of the device running DO client <br> **ReportedIp**: The internal / private IP Address <br> **IsBackground**: Is the download interactive or background <br> **Uploaded**: Total bytes uploaded to peers <br> **Downloaded**: Total bytes downloaded from peers <br> **DownloadedCdn**: Total bytes downloaded from CDN <br> **Left**: Bytes left to download <br> **Peers Wanted**: Total number of peers wanted <br> **Group Id**: Group the device belongs to (set via DownloadMode 2 + Group ID GP / MDM policies) <br> **Scope**: The Download mode <br> **UploadedBPS**: The upload speed in bytes per second <br> **DownloadBPS**: The download speed in Bytes per second <br> **eId**: Client grouping Id |
+| dl.delivery.mp.microsoft.com <br> emdl.ws.microsoft.com | | Port? |  | Metadata download can come from different hostnames, but it's required for peer to peer |  

From 563d4b2eb0e316c688f29cae961a7cabe6f896e6 Mon Sep 17 00:00:00 2001
From: Carmen Forsmann <cmforsmann@live.com>
Date: Fri, 17 Sep 2021 18:13:09 -0700
Subject: [PATCH 506/671] Update
 windows/deployment/update/delivery-optimization-workflow.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 windows/deployment/update/delivery-optimization-workflow.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/delivery-optimization-workflow.md b/windows/deployment/update/delivery-optimization-workflow.md
index 83b1f2f287..d9a85a0aee 100644
--- a/windows/deployment/update/delivery-optimization-workflow.md
+++ b/windows/deployment/update/delivery-optimization-workflow.md
@@ -1,7 +1,7 @@
 ---
 title: Delivery Optimization client-service communication explained
 manager: dougeby
-description: Details of how Delivery Optimization communicates with the server when content is requested to download
+description: Details of how Delivery Optimization communicates with the server when content is requested to download.
 keywords: updates, downloads, network, bandwidth
 ms.prod: w10
 ms.mktglfcycl: deploy

From 4dcbb0287aa955510c386a24acd826f018f0daa5 Mon Sep 17 00:00:00 2001
From: Carmen Forsmann <cmforsmann@live.com>
Date: Fri, 17 Sep 2021 18:16:15 -0700
Subject: [PATCH 507/671] Update delivery-optimization-workflow.md

---
 windows/deployment/update/delivery-optimization-workflow.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/delivery-optimization-workflow.md b/windows/deployment/update/delivery-optimization-workflow.md
index d9a85a0aee..83501b56aa 100644
--- a/windows/deployment/update/delivery-optimization-workflow.md
+++ b/windows/deployment/update/delivery-optimization-workflow.md
@@ -40,4 +40,4 @@ This workflow allows Delivery Optimization to securely and efficiently deliver r
 | cp\*.prod.do.dsp.mp.microsoft.com <br> | 443 | Content Policy | Provides content specific policies as well as content metadata URLs | **Profile**: The device type (for example, PC or Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the dosvc client <br> **countryCode**: The country the client is connected from <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **eId**: Client grouping Id <br> **CacheHost**: Cache host id |
 | disc\*.prod.do.dsp.mp.microsoft.com | 443 | Discovery | Directs clients to a particular instance of the peer matching service (Array), ensuing that clients are collocated by factors, such as content, groupId and external IP | **Profile**: The device type (for example, PC or Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the dosvc client <br> **partitionId**: Client partitioning hint <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **eId**: Client grouping Id |
 | array\*.prod.do.dsp.mp.microsoft.com | 443 | Arrays | Provides the client with list of peers that have the same content and belong to the same peer group. | **Profile**: The device type (for example, PC or Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the dosvc client <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **PeerId**:  Identified of the device running DO client <br> **ReportedIp**: The internal / private IP Address <br> **IsBackground**: Is the download interactive or background <br> **Uploaded**: Total bytes uploaded to peers <br> **Downloaded**: Total bytes downloaded from peers <br> **DownloadedCdn**: Total bytes downloaded from CDN <br> **Left**: Bytes left to download <br> **Peers Wanted**: Total number of peers wanted <br> **Group Id**: Group the device belongs to (set via DownloadMode 2 + Group ID GP / MDM policies) <br> **Scope**: The Download mode <br> **UploadedBPS**: The upload speed in bytes per second <br> **DownloadBPS**: The download speed in Bytes per second <br> **eId**: Client grouping Id |
-| dl.delivery.mp.microsoft.com <br> emdl.ws.microsoft.com | | Port? |  | Metadata download can come from different hostnames, but it's required for peer to peer |  
+| dl.delivery.mp.microsoft.com <br> emdl.ws.microsoft.com | | |  | Metadata download can come from different hostnames, but it's required for peer to peer |  

From 9909b2c8fbe21d62bccb2aa4bc7c7d23165d4323 Mon Sep 17 00:00:00 2001
From: Carmen Forsmann <cmforsmann@live.com>
Date: Fri, 17 Sep 2021 18:24:44 -0700
Subject: [PATCH 508/671] Update delivery-optimization-workflow.md

---
 .../deployment/update/delivery-optimization-workflow.md   | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/deployment/update/delivery-optimization-workflow.md b/windows/deployment/update/delivery-optimization-workflow.md
index 83501b56aa..f849ad5038 100644
--- a/windows/deployment/update/delivery-optimization-workflow.md
+++ b/windows/deployment/update/delivery-optimization-workflow.md
@@ -36,8 +36,8 @@ This workflow allows Delivery Optimization to securely and efficiently deliver r
 |Endpoint hostname|Port|Name|Description|Data sent from the computer to the endpoint
 |--------------------------------------------|--------|---------------|-----------------------|------------------------|
 | geover-prod.do.dsp.mp.microsoft.com <br> geo-prod.do.dsp.mp.microsoft.com <br> geo.prod.do.dsp.mp.microsoft.com <br> geover.prod.do.dsp.mp.microsoft.com | 443 | Geo | Service used to identify the location of the device in order to direct it to the nearest data center. | **Profile**: The device type (for example, PC or Xbox) <br> **doClientVersion**: The version of the DoSvc Client <br> **groupID**: Group the device belongs to (set with DownloadMode = '2' (Group download mode) + groupID group policy / MDM policies) |
-| kv\*.prod.do.dsp.mp.microsoft.com | 443| KeyValue | Bootstrap service provides endpoints for all other services as well as device configs | **countryCode**: The country the client is connected from <br> **doClientVersion**: The version of the DoSvc Client <br> **Profile**: The device type (for example, PC or Xbox) <br> **eId**: Client grouping Id <br> **CacheHost**: Cache host id |
-| cp\*.prod.do.dsp.mp.microsoft.com <br> | 443 | Content Policy | Provides content specific policies as well as content metadata URLs | **Profile**: The device type (for example, PC or Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the dosvc client <br> **countryCode**: The country the client is connected from <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **eId**: Client grouping Id <br> **CacheHost**: Cache host id |
-| disc\*.prod.do.dsp.mp.microsoft.com | 443 | Discovery | Directs clients to a particular instance of the peer matching service (Array), ensuing that clients are collocated by factors, such as content, groupId and external IP | **Profile**: The device type (for example, PC or Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the dosvc client <br> **partitionId**: Client partitioning hint <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **eId**: Client grouping Id |
+| kv\*.prod.do.dsp.mp.microsoft.com | 443| KeyValue | Bootstrap service provides endpoints for all other services as well as device configs. | **countryCode**: The country the client is connected from <br> **doClientVersion**: The version of the DoSvc Client <br> **Profile**: The device type (for example, PC or Xbox) <br> **eId**: Client grouping Id <br> **CacheHost**: Cache host id |
+| cp\*.prod.do.dsp.mp.microsoft.com <br> | 443 | Content Policy | Provides content specific policies as well as content metadata URLs. | **Profile**: The device type (for example, PC or Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the dosvc client <br> **countryCode**: The country the client is connected from <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **eId**: Client grouping Id <br> **CacheHost**: Cache host id |
+| disc\*.prod.do.dsp.mp.microsoft.com | 443 | Discovery | Directs clients to a particular instance of the peer matching service (Array), ensuing that clients are collocated by factors, such as content, groupId and external IP. | **Profile**: The device type (for example, PC or Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the dosvc client <br> **partitionId**: Client partitioning hint <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **eId**: Client grouping Id |
 | array\*.prod.do.dsp.mp.microsoft.com | 443 | Arrays | Provides the client with list of peers that have the same content and belong to the same peer group. | **Profile**: The device type (for example, PC or Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the dosvc client <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **PeerId**:  Identified of the device running DO client <br> **ReportedIp**: The internal / private IP Address <br> **IsBackground**: Is the download interactive or background <br> **Uploaded**: Total bytes uploaded to peers <br> **Downloaded**: Total bytes downloaded from peers <br> **DownloadedCdn**: Total bytes downloaded from CDN <br> **Left**: Bytes left to download <br> **Peers Wanted**: Total number of peers wanted <br> **Group Id**: Group the device belongs to (set via DownloadMode 2 + Group ID GP / MDM policies) <br> **Scope**: The Download mode <br> **UploadedBPS**: The upload speed in bytes per second <br> **DownloadBPS**: The download speed in Bytes per second <br> **eId**: Client grouping Id |
-| dl.delivery.mp.microsoft.com <br> emdl.ws.microsoft.com | | |  | Metadata download can come from different hostnames, but it's required for peer to peer |  
+| dl.delivery.mp.microsoft.com <br> emdl.ws.microsoft.com | | |  | Metadata download can come from different hostnames, but it's required for peer to peer. |  

From d91709bf3260bef8981cf359afafe2c6822766e7 Mon Sep 17 00:00:00 2001
From: Asha Iyengar <v-aiyengar@microsoft.com>
Date: Sat, 18 Sep 2021 13:52:21 +0530
Subject: [PATCH 509/671] minor changes

---
 .../threat-protection/windows-firewall/boundary-zone.md         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-firewall/boundary-zone.md b/windows/security/threat-protection/windows-firewall/boundary-zone.md
index a78415035a..9c0d1186eb 100644
--- a/windows/security/threat-protection/windows-firewall/boundary-zone.md
+++ b/windows/security/threat-protection/windows-firewall/boundary-zone.md
@@ -31,7 +31,7 @@ Devices in the boundary zone are trusted devices that can accept communication r
 
 The GPOs you build for the boundary zone include IPsec or connection security rules that request authentication for both inbound and outbound network connections, but don't require it.
 
-These boundary zone devices receive unsolicited inbound communications from untrusted devices that use plaintext. Therefore, they must be carefully managed and secured in other ways. Mitigating this extra risk is an important part of deciding whether to add a device to the boundary zone. For example, completing a formal business justification process before adding each device to the boundary zone minimizes the additional risk. The following illustration shows a sample process that can help make such a decision.
+These boundary zone devices might receive unsolicited inbound communications from untrusted devices that use plaintext and must be carefully managed and secured in other ways. Mitigating this extra risk is an important part of deciding whether to add a device to the boundary zone. For example, completing a formal business justification process before adding each device to the boundary zone minimizes the additional risk. The following illustration shows a sample process that can help make such a decision.
 
 ![design flowchart.](images/wfas-designflowchart1.gif)
 

From 17e9e58a6da94d0f6fb7a861c1e4114600dc80fd Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Sat, 18 Sep 2021 15:08:27 +0530
Subject: [PATCH 510/671] updated

---
 .../policy-configuration-service-provider.md  |   7 +
 .../mdm/policy-csp-admx-leakdiagnostic.md     | 123 ++++++++++++++++++
 windows/client-management/mdm/toc.yml         |   2 +
 3 files changed, 132 insertions(+)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md

diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 2cfb72007a..c7181e248d 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -1618,6 +1618,13 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
+### ADMX_LeakDiagnostic policies
+<dl>
+  <dd>
+    <a href="./policy-csp-admx-leakdiagnostic.md#admx-leakdiagnostic-wdiscenarioexecutionpolicy" id="admx-leakdiagnostic-wdiscenarioexecutionpolicy">ADMX_LeakDiagnostic/WdiScenarioExecutionPolicy</a>
+  </dd>
+<dl>
+
 ### ADMX_LinkLayerTopologyDiscovery policies
 <dl>
   <dd>
diff --git a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md
new file mode 100644
index 0000000000..23ab94d3d1
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md
@@ -0,0 +1,123 @@
+---
+title: Policy CSP - ADMX_LeakDiagnostic
+description: Policy CSP - ADMX_LeakDiagnostic
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/17/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_LeakDiagnostic
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_LeakDiagnostic policies  
+
+<dl>
+  <dd>
+    <a href="#admx-leakdiagnostic-wdiscenarioexecutionpolicy">ADMX_LeakDiagnostic/WdiScenarioExecutionPolicy</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-leakdiagnostic-wdiscenarioexecutionpolicy"></a>**ADMX_LeakDiagnostic/WdiScenarioExecutionPolicy**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Machine
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting substitutes custom alert text in the disk diagnostic message shown to users when a disk reports a S.M.A.R.T. fault.  
+
+- If you enable this policy setting, Windows displays custom alert text in the disk diagnostic message. The custom text may not exceed 512 characters.  
+
+- If you disable or do not configure this policy setting, Windows displays the default alert text in the disk diagnostic message.  
+
+No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately.  
+
+This policy setting only takes effect if the Disk Diagnostic scenario policy setting  is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed. 
+
+The DPS can be configured with the Services snap-in to the Microsoft Management Console.  
+
+> [!NOTE]
+> For Windows Server systems, this policy setting applies only if the Desktop Experience optional component is installed and the Remote Desktop Services role is not installed.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Configure custom alert text*
+-   GP name: *WdiScenarioExecutionPolicy*
+-   GP path: *System\Troubleshooting and Diagnostics\Disk Diagnostic*
+-   GP ADMX file name: *LeakDiagnostic.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policies-->
+
+> [!NOTE]
+> These policies are currently only available as part of a Windows Insider release.
+
+<!--/Policies-->
+
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index eb0e3b7e08..5a2779b257 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -507,6 +507,8 @@ items:
               href: policy-csp-admx-lanmanserver.md
             - name: ADMX_LanmanWorkstation
               href: policy-csp-admx-lanmanworkstation.md
+            - name: ADMX_LeakDiagnostic
+              href: policy-csp-admx-leakdiagnostic.md  
             - name: ADMX_LinkLayerTopologyDiscovery
               href: policy-csp-admx-linklayertopologydiscovery.md
             - name: ADMX_Logon

From 47268eeea5d00f6afe4a242f89b7fa5594b80423 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Sat, 18 Sep 2021 15:26:45 +0530
Subject: [PATCH 511/671] Update policies-in-policy-csp-admx-backed.md

---
 .../client-management/mdm/policies-in-policy-csp-admx-backed.md  | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 912040f409..b3c2dcc841 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -417,6 +417,7 @@ ms.date: 10/08/2020
 - [ADMX_LanmanWorkstation/Pol_CipherSuiteOrder](./policy-csp-admx-lanmanworkstation.md#admx-lanmanworkstation-pol-ciphersuiteorder)
 - [ADMX_LanmanWorkstation/Pol_EnableHandleCachingForCAFiles](./policy-csp-admx-lanmanworkstation.md#admx-lanmanworkstation-pol-enablehandlecachingforcafiles)
 - [ADMX_LanmanWorkstation/Pol_EnableOfflineFilesforCAShares](./policy-csp-admx-lanmanworkstation.md#admx-lanmanworkstation-pol-enableofflinefilesforcashares)
+- [ADMX_LeakDiagnostic/WdiScenarioExecutionPolicy](./policy-csp-admx-leakdiagnostic.md#admx-leakdiagnostic-wdiscenarioexecutionpolicy)
 - [ADMX_LinkLayerTopologyDiscovery/LLTD_EnableLLTDIO](./policy-csp-admx-linklayertopologydiscovery.md#admx-linklayertopologydiscovery-lltd-enablelltdio)
 - [ADMX_LinkLayerTopologyDiscovery/LLTD_EnableRspndr](./policy-csp-admx-linklayertopologydiscovery.md#admx-linklayertopologydiscovery-lltd-enablerspndr)
 - [ADMX_Logon/BlockUserFromShowingAccountDetailsOnSignin](./policy-csp-admx-logon.md#admx-logon-blockuserfromshowingaccountdetailsonsignin)

From babcc6903b7dce4cff2de4a1a24d6e6545e7a9e4 Mon Sep 17 00:00:00 2001
From: Asha Iyengar <v-aiyengar@microsoft.com>
Date: Sat, 18 Sep 2021 16:19:51 +0530
Subject: [PATCH 512/671] conflict resolution

---
 windows/security/threat-protection/auditing/event-4776.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/auditing/event-4776.md b/windows/security/threat-protection/auditing/event-4776.md
index 7da08c0312..4f229b6fa2 100644
--- a/windows/security/threat-protection/auditing/event-4776.md
+++ b/windows/security/threat-protection/auditing/event-4776.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 09/07/2021
+ms.date: 09/13/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -146,4 +146,4 @@ For 4776(S, F): The computer attempted to validate the credentials for an accoun
 | **User logon from unauthorized workstation**        | Can indicate a compromised account; especially relevant for highly critical accounts.                                                               |
 | **User logon to account disabled by administrator** | For example, N events in last N minutes can be an indicator of an account compromise attempt, especially relevant for highly critical accounts.     |
 | **User logon with expired account**                 | Can indicate an account compromise attempt; especially relevant for highly critical accounts.                                                       |
-| **User logon with account locked**                  | Can indicate a brute-force password attack; especially relevant for highly critical accounts.                                                       |
\ No newline at end of file
+| **User logon with account locked**                  | Can indicate a brute-force password attack; especially relevant for highly critical accounts.                                                       |

From f91a0d978bd2bcb6089c6ee698e050adb8d1d1ab Mon Sep 17 00:00:00 2001
From: Asha Iyengar <v-aiyengar@microsoft.com>
Date: Sat, 18 Sep 2021 16:37:27 +0530
Subject: [PATCH 513/671] conflict resolved

---
 windows/security/threat-protection/auditing/event-4776.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/auditing/event-4776.md b/windows/security/threat-protection/auditing/event-4776.md
index 4f229b6fa2..f56f581b2a 100644
--- a/windows/security/threat-protection/auditing/event-4776.md
+++ b/windows/security/threat-protection/auditing/event-4776.md
@@ -145,5 +145,5 @@ For 4776(S, F): The computer attempted to validate the credentials for an accoun
 | **User logon outside authorized hours**             | Can indicate a compromised account; especially relevant for highly critical accounts.                                                               |
 | **User logon from unauthorized workstation**        | Can indicate a compromised account; especially relevant for highly critical accounts.                                                               |
 | **User logon to account disabled by administrator** | For example, N events in last N minutes can be an indicator of an account compromise attempt, especially relevant for highly critical accounts.     |
-| **User logon with expired account**                 | Can indicate an account compromise attempt; especially relevant for highly critical accounts.                                                       |
-| **User logon with account locked**                  | Can indicate a brute-force password attack; especially relevant for highly critical accounts.                                                       |
+| **User logon with expired account**                 | Can indicate an account compromise attempt; especially relevant for highly critical accounts.                             |
+| **User logon with account locked**                  | Can indicate a brute-force password attack; especially relevant for highly critical accounts.                             |

From 8448a97857577e19e94c129d751077dfd78310e3 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Mon, 20 Sep 2021 00:03:15 +0530
Subject: [PATCH 514/671] Updated

---
 .../mdm/policies-in-policy-csp-admx-backed.md        |  1 +
 .../mdm/policy-configuration-service-provider.md     |  7 +++++++
 .../client-management/mdm/policy-csp-experience.md   | 12 ++++++------
 windows/client-management/mdm/policy-csp-feeds.md    |  1 -
 windows/client-management/mdm/toc.yml                |  2 ++
 5 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 586e5edcc6..33771b68a4 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -1431,6 +1431,7 @@ ms.date: 10/08/2020
 - [EventLogService/SpecifyMaximumFileSizeApplicationLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizeapplicationlog)
 - [EventLogService/SpecifyMaximumFileSizeSecurityLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizesecuritylog)
 - [EventLogService/SpecifyMaximumFileSizeSystemLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizesystemlog)
+- [Feeds/FeedsEnabled](./policy-csp-feeds.md#feeds-feedsenabled)
 - [FileExplorer/TurnOffDataExecutionPreventionForExplorer](./policy-csp-fileexplorer.md#fileexplorer-turnoffdataexecutionpreventionforexplorer)
 - [FileExplorer/TurnOffHeapTerminationOnCorruption](./policy-csp-fileexplorer.md#fileexplorer-turnoffheapterminationoncorruption)
 - [InternetExplorer/AddSearchProvider](./policy-csp-internetexplorer.md#internetexplorer-addsearchprovider)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 6922bada43..f5507cb383 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -6025,6 +6025,13 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
+### Feeds policies
+<dl>
+  <dd>
+    <a href="./policy-csp-feeds.md#feeds-feedsenabled" id="feeds-feedsenabled">Feeds/FeedsEnabled</a>
+  </dd>
+</dl>
+
 ### FileExplorer policies
 
 <dl>
diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index 27eaa323af..61abaceb22 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -1192,22 +1192,22 @@ The following list shows the supported values:
 </tr>
 <tr>
     <td>Pro</td>
-    <td>Yes</td>
-    <td>Yes</td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td>Yes</td>
-    <td>Yes</td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td>Yes</td>
+    <td>No</td>
     <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td>Yes</td>
+    <td>No</td>
     <td>Yes</td>
 </tr>
 </table>
diff --git a/windows/client-management/mdm/policy-csp-feeds.md b/windows/client-management/mdm/policy-csp-feeds.md
index bc8b0b1996..7cf158d3b9 100644
--- a/windows/client-management/mdm/policy-csp-feeds.md
+++ b/windows/client-management/mdm/policy-csp-feeds.md
@@ -16,7 +16,6 @@ manager: dansimp
 # Policy CSP - Feeds
 
 
-
 <hr/>
 
 <!--Policies-->
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index 753d778986..0abecf442a 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -707,6 +707,8 @@ items:
               href: policy-csp-experience.md
             - name: ExploitGuard
               href: policy-csp-exploitguard.md
+            - name: Feeds
+              href: policy-csp-feedsenabled.md
             - name: FileExplorer
               href: policy-csp-fileexplorer.md
             - name: Games

From 221bd0216a87203ad16cad9f41d87f72de15afdc Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Mon, 20 Sep 2021 00:10:38 +0530
Subject: [PATCH 515/671] Updated

---
 windows/client-management/mdm/policy-csp-feeds.md | 3 +--
 windows/client-management/mdm/toc.yml             | 6 ++----
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-feeds.md b/windows/client-management/mdm/policy-csp-feeds.md
index 7cf158d3b9..834c6f8226 100644
--- a/windows/client-management/mdm/policy-csp-feeds.md
+++ b/windows/client-management/mdm/policy-csp-feeds.md
@@ -1,8 +1,7 @@
 ---
 title: Policy CSP - Feeds
 description: Use the Policy CSP - Feeds setting policy specifies whether news and interests is allowed on the device.
-.
-ms.author: dansimp
+ms.author: v-nsatapathy
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index 0abecf442a..5c32037d42 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -480,9 +480,7 @@ items:
             - name: ADMX_Explorer
               href: policy-csp-admx-explorer.md
             - name: ADMX_ExternalBoot
-              href: policy-csp-admx-externalboot.md
-            - name: Feeds
-              href: policy-csp-admx-feeds.md    
+              href: policy-csp-admx-externalboot.md 
             - name: ADMX_FileRecovery
               href: policy-csp-admx-filerecovery.md
             - name: ADMX_FileRevocation
@@ -708,7 +706,7 @@ items:
             - name: ExploitGuard
               href: policy-csp-exploitguard.md
             - name: Feeds
-              href: policy-csp-feedsenabled.md
+              href: policy-csp-feeds.md
             - name: FileExplorer
               href: policy-csp-fileexplorer.md
             - name: Games

From 83de1a36e71618e763c3964eee0bacd496e385b8 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Mon, 20 Sep 2021 11:17:13 +0530
Subject: [PATCH 516/671] Updated

---
 .../mdm/policies-in-policy-csp-admx-backed.md |   1 +
 .../policy-configuration-service-provider.md  |   8 ++
 .../policy-csp-admx-locationprovideradm.md    | 112 ++++++++++++++++++
 windows/client-management/mdm/toc.yml         |   2 +
 4 files changed, 123 insertions(+)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-locationprovideradm.md

diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 33771b68a4..2cccb73779 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -423,6 +423,7 @@ ms.date: 10/08/2020
 - [ADMX_LanmanWorkstation/Pol_EnableOfflineFilesforCAShares](./policy-csp-admx-lanmanworkstation.md#admx-lanmanworkstation-pol-enableofflinefilesforcashares)
 - [ADMX_LinkLayerTopologyDiscovery/LLTD_EnableLLTDIO](./policy-csp-admx-linklayertopologydiscovery.md#admx-linklayertopologydiscovery-lltd-enablelltdio)
 - [ADMX_LinkLayerTopologyDiscovery/LLTD_EnableRspndr](./policy-csp-admx-linklayertopologydiscovery.md#admx-linklayertopologydiscovery-lltd-enablerspndr)
+- [ADMX_LocationProviderAdm/DisableWindowsLocationProvider_1](./policy-csp-admx-locationprovideradm.md#admx-locationprovideradm-disablewindowslocationprovider_1)
 - [ADMX_Logon/BlockUserFromShowingAccountDetailsOnSignin](./policy-csp-admx-logon.md#admx-logon-blockuserfromshowingaccountdetailsonsignin)
 - [ADMX_Logon/DisableAcrylicBackgroundOnLogon](./policy-csp-admx-logon.md#admx-logon-disableacrylicbackgroundonlogon)
 - [ADMX_Logon/DisableExplorerRunLegacy_1](./policy-csp-admx-logon.md#admx-logon-disableexplorerrunlegacy-1)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index f5507cb383..b65e797058 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -1636,6 +1636,14 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
+### ADMX_LocationProviderAdm policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-admx-locationprovideradm.md#admx-locationprovideradm-disablewindowslocationprovider_1" id="admx-locationprovideradm-disablewindowslocationprovider_1">ADMX_LocationProviderAdm/BlockUserFromShowingAccountDetailsOnSignin</a>
+  </dd>
+<dl>
+
 ### ADMX_Logon policies  
 
 <dl>
diff --git a/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md
new file mode 100644
index 0000000000..c1280d5f04
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md
@@ -0,0 +1,112 @@
+---
+title: Policy CSP - ADMX_LocationProviderAdm
+description: Policy CSP - ADMX_LocationProviderAdm
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/20/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_LocationProviderAdm
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_LocationProviderAdm policies  
+
+<dl>
+  <dd>
+    <a href="#admx-locationprovideradm-disablewindowslocationprovider_1">ADMX_LocationProviderAdm/DisableWindowsLocationProvider_1</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-locationprovideradm-disablewindowslocationprovider_1"></a>**ADMX_LocationProviderAdm/DisableWindowsLocationProvider_1**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Machine
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting turns off the Windows Location Provider feature for this computer.  
+
+- If you enable this policy setting, the Windows Location Provider feature will be turned off, and all programs on this computer will not be able to use the Windows Location Provider feature.  
+
+- If you disable or do not configure this policy setting, all programs on this computer can use the Windows Location Provider feature.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP Friendly name: *Turn off Windows Location Provider*
+-   GP name: *DisableWindowsLocationProvider_1*
+-   GP path: *Windows Components\Location and Sensors\Windows Location Provider*
+-   GP ADMX file name: *LocationProviderAdm.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+> [!NOTE]
+> These policies are currently only available as part of a Windows Insider release.
+
+<!--/Policies-->
+
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index 5c32037d42..3af12f96b7 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -511,6 +511,8 @@ items:
               href: policy-csp-admx-lanmanworkstation.md
             - name: ADMX_LinkLayerTopologyDiscovery
               href: policy-csp-admx-linklayertopologydiscovery.md
+            - name: ADMX_LocationProviderAdm
+              href: policy-csp-admx-locationprovideradm.md  
             - name: ADMX_Logon
               href: policy-csp-admx-logon.md
             - name: ADMX_MicrosoftDefenderAntivirus

From 3e597cfb6b4fc6fcd8e76cc290bf152ec2b9661d Mon Sep 17 00:00:00 2001
From: Diana Hanson <v-dihans@microsoft.com>
Date: Mon, 20 Sep 2021 09:30:01 -0600
Subject: [PATCH 517/671] Update policies-in-policy-csp-admx-backed.md

fixed link syntax
---
 .../mdm/policies-in-policy-csp-admx-backed.md                 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index c31aaee266..2dbb97d08c 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -284,7 +284,7 @@ ms.date: 10/08/2020
 - [ADMX_FileServerVSSProvider/Pol_EncryptProtocol](./policy-csp-admx-fileservervssprovider.md#admx-fileservervssprovider-pol-encryptprotocol)
 - [ADMX_FileSys/DisableCompression](./policy-csp-admx-filesys.md#admx-filesys-disablecompression)
 - [ADMX_FileSys/DisableDeleteNotification](./policy-csp-admx-filesys.md#admx-filesys-disabledeletenotification)
-- ADMX_FileSys/DisableEncryption](./policy-csp-admx-filesys.md#admx-filesys-disableencryption)
+- [ADMX_FileSys/DisableEncryption](./policy-csp-admx-filesys.md#admx-filesys-disableencryption)
 - [ADMX_FileSys/EnablePagefileEncryption](./policy-csp-admx-filesys.md#admx-filesys-enablepagefileencryption)
 - [ADMX_FileSys/LongPathsEnabled](./policy-csp-admx-filesys.md#admx-filesys-longpathsenabled)
 - [ADMX_FileSys/ShortNameCreationSettings](./policy-csp-admx-filesys.md#admx-filesys-shortnamecreationsettings)
@@ -1766,4 +1766,4 @@ ms.date: 10/08/2020
 
 ## Related topics
 
-[Policy CSP](policy-configuration-service-provider.md)
\ No newline at end of file
+[Policy CSP](policy-configuration-service-provider.md)

From c753e380312f9cf45cd838fe3415c4d1a1b5e817 Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Mon, 20 Sep 2021 12:53:16 -0400
Subject: [PATCH 518/671] Created include, and added to key files

---
 .../app-v/appv-evaluating-appv.md                    |  3 +++
 .../application-management/app-v/appv-for-windows.md |  3 +++
 .../app-v/appv-getting-started.md                    |  3 +++
 .../app-v/appv-planning-for-appv.md                  |  3 +++
 windows/application-management/apps-in-windows-10.md |  2 +-
 .../includes/app-v-end-life-statement.md             | 12 ++++++++++++
 6 files changed, 25 insertions(+), 1 deletion(-)
 create mode 100644 windows/application-management/includes/app-v-end-life-statement.md

diff --git a/windows/application-management/app-v/appv-evaluating-appv.md b/windows/application-management/app-v/appv-evaluating-appv.md
index 3ee9e20feb..731ea42546 100644
--- a/windows/application-management/app-v/appv-evaluating-appv.md
+++ b/windows/application-management/app-v/appv-evaluating-appv.md
@@ -18,6 +18,9 @@ ms.author: greglin
 **Applies to**
 -   Windows 10, version 1607
 
+> [!NOTE]
+> [!INCLUDE [Application Virtualization will be end of life in April 2026](../includes/app-v-end-life-statement.md)]
+
 Before you deploy App-V into a production environment, you should evaluate it in a lab environment. You can use the information in this topic to set up App-V in a lab environment for evaluation purposes only.
 
 ## Configure lab computers for App-V Evaluation
diff --git a/windows/application-management/app-v/appv-for-windows.md b/windows/application-management/app-v/appv-for-windows.md
index bcea5b5e47..51b2a21a10 100644
--- a/windows/application-management/app-v/appv-for-windows.md
+++ b/windows/application-management/app-v/appv-for-windows.md
@@ -16,6 +16,9 @@ ms.topic: article
 
 >Applies to: Windows 10, version 1607
 
+> [!NOTE]
+> [!INCLUDE [Application Virtualization will be end of life in April 2026](../includes/app-v-end-life-statement.md)]
+
 The topics in this section provide information and instructions to help you administer App-V and its components. This information is for system administrators who manage large installations with many servers and clients, and for support personnel who interact directly with the computers or users.
 
 [Getting started with App-V](appv-getting-started.md)  
diff --git a/windows/application-management/app-v/appv-getting-started.md b/windows/application-management/app-v/appv-getting-started.md
index 56cf023ddc..fd20851076 100644
--- a/windows/application-management/app-v/appv-getting-started.md
+++ b/windows/application-management/app-v/appv-getting-started.md
@@ -16,6 +16,9 @@ ms.topic: article
 
 >Applies to: Windows 10, version 1607
 
+> [!NOTE]
+> [!INCLUDE [Application Virtualization will be end of life in April 2026](../includes/app-v-end-life-statement.md)]
+
 Microsoft Application Virtualization (App-V) for Windows 10 delivers Win32 applications to users as virtual applications. Virtual applications are installed on centrally managed servers and delivered to users as a service in real time and on an as-needed basis. Users launch virtual applications from familiar access points and interact with them as if they were installed locally.
 
 With the release of Windows 10, version 1607, App-V is included with the [Windows 10 for Enterprise edition](https://www.microsoft.com/WindowsForBusiness/windows-for-enterprise). If you're new to Windows 10 and App-V, you’ll need to download, activate, and install server- and client-side components to start delivering virtual applications to users. To learn what you need to know before getting started with App-V, see the [Application Virtualization (App-V) overview](appv-for-windows.md).
diff --git a/windows/application-management/app-v/appv-planning-for-appv.md b/windows/application-management/app-v/appv-planning-for-appv.md
index 94081c7ff8..9f7685040d 100644
--- a/windows/application-management/app-v/appv-planning-for-appv.md
+++ b/windows/application-management/app-v/appv-planning-for-appv.md
@@ -16,6 +16,9 @@ ms.topic: article
 
 >Applies to: Windows 10, version 1607
 
+> [!NOTE]
+> [!INCLUDE [Application Virtualization will be end of life in April 2026](../includes/app-v-end-life-statement.md)]
+
 Use the following information to plan to deploy App-V without disrupting your existing network or user experience.
 
 ## Planning information
diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md
index 4fc3710369..f30e8fa94f 100644
--- a/windows/application-management/apps-in-windows-10.md
+++ b/windows/application-management/apps-in-windows-10.md
@@ -134,7 +134,7 @@ When your apps are ready, you can add or deploy these apps to your Windows devic
 - **Application Virtualization (App-V)**: App-V allows Win32 apps to be used as virtual apps.
 
   > [!NOTE]
-  > Application Virtualization will be [end of life in April 2026](/lifecycle/announcements/mdop-extended). We recommend looking at **Azure Virtual desktop with MSIX app attach**. For more information, see [What is Azure Virtual Desktop?](/azure/virtual-desktop/overview) and [Set up MSIX app attach with the Azure portal](/azure/virtual-desktop/app-attach-azure-portal).
+  > [!INCLUDE [Application Virtualization will be end of life in April 2026](./includes/app-v-end-life-statement.md)]
 
   On an on-premises server, you install and configure the App-V server components, and then install your Win32 apps. On Windows Enterprise client devices, you use the App-V client components to run the virtualized apps. They allow users to open the virtual apps using the icons and file names they're familiar with. Users use the apps as if they're installed locally.
 
diff --git a/windows/application-management/includes/app-v-end-life-statement.md b/windows/application-management/includes/app-v-end-life-statement.md
new file mode 100644
index 0000000000..f016963135
--- /dev/null
+++ b/windows/application-management/includes/app-v-end-life-statement.md
@@ -0,0 +1,12 @@
+---
+author: MandiOhlinger
+ms.author: mandia
+ms.date: 09/20/2021
+ms.reviewer: 
+audience: itpro
+manager: dansimp
+ms.prod: w10
+ms.topic: include
+---
+
+Application Virtualization will be [end of life in April 2026](/lifecycle/announcements/mdop-extended). We recommend looking at Azure Virtual Desktop with MSIX app attach. For more information, see [What is Azure Virtual Desktop?](/azure/virtual-desktop/overview) and [Set up MSIX app attach with the Azure portal](/azure/virtual-desktop/app-attach-azure-portal).

From 04b929803969b0bd2b5ed4bae640b4618cd21e61 Mon Sep 17 00:00:00 2001
From: jaimeo <jaimeo@microsoft.com>
Date: Mon, 20 Sep 2021 10:16:28 -0700
Subject: [PATCH 519/671] a few more updates

---
 .../update/deployment-service-overview.md     | 25 +++++++++++--------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/windows/deployment/update/deployment-service-overview.md b/windows/deployment/update/deployment-service-overview.md
index 4eca196e15..01812adc48 100644
--- a/windows/deployment/update/deployment-service-overview.md
+++ b/windows/deployment/update/deployment-service-overview.md
@@ -16,7 +16,10 @@ ms.topic: article
 
 # Windows Update for Business deployment service
 
-> Applies to: Windows 10
+**Applies to**
+
+-   Windows 10
+-   Windows 11
 
 The Windows Update for Business deployment service is a cloud service within the Windows Update for Business product family. It provides control over the approval, scheduling, and safeguarding of updates delivered from Windows Update. It's designed to work in harmony with your existing Windows Update for Business policies.
 
@@ -56,18 +59,18 @@ The deployment service exposes these capabilities through Microsoft [Graph REST
 
 To work with the deployment service, devices must meet all these requirements:
 
-- Be running Windows 10, version 1709 or later
+- Be running Windows 10, version 1709 or later (or Windows 11)
 - Be joined to Azure Active Directory (AD) or Hybrid AD
-- Have one of the following Windows 10 editions installed:
-    - Windows 10 Pro
-    - Windows 10 Enterprise
-    - Windows 10 Education
-    - Windows 10 Pro Education
-    - Windows 10 Pro for Workstations
+- Have one of the following Windows 10 or Windows 11 editions installed:
+    - Pro
+    - Enterprise
+    - Education
+    - Pro Education
+    - Pro for Workstations
 
 Additionally, your organization must have one of the following subscriptions:
-- Windows 10 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
-- Windows 10 Education A3 or A5 (included in Microsoft 365 A3 or A5)
+- Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
+- Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5)
 - Windows Virtual Desktop Access E3 or E5
 - Microsoft 365 Business Premium
 
@@ -78,7 +81,7 @@ To use the deployment service, you use a management tool built on the platform,
 
 ### Using Microsoft Endpoint Manager
 
-Microsoft Endpoint Manager integrates with the deployment service to provide Windows 10 update management capabilities. For more information, see [Windows 10 feature updates policy in Intune](/mem/intune/protect/windows-10-feature-updates).
+Microsoft Endpoint Manager integrates with the deployment service to provide Windows client update management capabilities. For more information, see [Windows 10 feature updates policy in Intune](/mem/intune/protect/windows-10-feature-updates).
 
 ### Scripting common actions using PowerShell
 

From 877ef1bebf8c99859d7aa562af7aff7739487fdb Mon Sep 17 00:00:00 2001
From: jaimeo <jaimeo@microsoft.com>
Date: Mon, 20 Sep 2021 10:40:38 -0700
Subject: [PATCH 520/671] adding article on safeguard holds

---
 windows/deployment/update/safeguard-holds.md | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/update/safeguard-holds.md b/windows/deployment/update/safeguard-holds.md
index 735acd6e97..eb28dce097 100644
--- a/windows/deployment/update/safeguard-holds.md
+++ b/windows/deployment/update/safeguard-holds.md
@@ -12,9 +12,14 @@ ms.topic: article
 
 # Safeguard holds
 
-Microsoft uses quality and compatibility data to identify issues that might cause a Windows 10 feature update to fail or roll back. When we find such an issue, we might apply holds to the updating service to prevent affected devices from installing the update in order to safeguard them from these experiences. We also use holds when a customer, a partner, or Microsoft internal validation finds an issue that would cause severe impact (for example, rollback of the update, data loss, loss of connectivity, or loss of key functionality) and when a workaround is not immediately available.
+**Applies to**
 
-Safeguard holds prevent a device with a known issue from being offered a new operating system version. We renew the offering once a fix is found and verified. We use holds to ensure customers have a successful experience as their device moves to a new version of Windows 10.
+-   Windows 10
+-   Windows 11
+
+Microsoft uses quality and compatibility data to identify issues that might cause a Windows client feature update to fail or roll back. When we find such an issue, we might apply holds to the updating service to prevent affected devices from installing the update in order to safeguard them from these experiences. We also use holds when a customer, a partner, or Microsoft internal validation finds an issue that would cause severe impact (for example, rollback of the update, data loss, loss of connectivity, or loss of key functionality) and when a workaround is not immediately available.
+
+Safeguard holds prevent a device with a known issue from being offered a new operating system version. We renew the offering once a fix is found and verified. We use holds to ensure customers have a successful experience as their device moves to a new version of Windows client.
 
 The lifespan of holds varies depending on the time required to investigate and fix an issue. During this time Microsoft works diligently to procure, develop, and validate a fix and then offer it to affected devices. We monitor quality and compatibility data to confirm that a fix is complete before releasing the hold. Once we release the hold, Windows Update will resume offering new operating system versions to devices.
 

From 97b2691d63b6e1e56b69f84155dd20217ccd349d Mon Sep 17 00:00:00 2001
From: Kaushik Ainapure <kaushika@microsoft.com>
Date: Tue, 21 Sep 2021 00:23:48 +0530
Subject: [PATCH 521/671] Format changes and additional error codes

1. Updated article with H2 formatting for better discoverability of the error codes.
2. Updated article to include 17 additional error codes.
---
 .../update/windows-update-errors.md           | 227 ++++++++++++++++--
 1 file changed, 205 insertions(+), 22 deletions(-)

diff --git a/windows/deployment/update/windows-update-errors.md b/windows/deployment/update/windows-update-errors.md
index eb178f7528..0604df39cc 100644
--- a/windows/deployment/update/windows-update-errors.md
+++ b/windows/deployment/update/windows-update-errors.md
@@ -3,13 +3,14 @@ title: Windows Update common errors and mitigation
 description: In this article, learn about some common issues you might experience with Windows Update, as well as steps to resolve them.
 ms.prod: w10
 ms.mktglfcycl: 
-audience: itpro
 itproauthor: jaimeo
 ms.audience: itpro
 author: jaimeo
-ms.reviewer: 
-manager: laurawi
-ms.topic: article
+ms.reviewer: kaushika 
+manager: dcscontentpm
+audience: itpro
+ms.topic: troubleshooting
+ms.technology: windows-client-deployment
 ms.custom: seo-marvel-apr2020
 ---
 
@@ -22,22 +23,204 @@ ms.custom: seo-marvel-apr2020
 
 The following table provides information about common errors you might run into with Windows Update, as well as steps to help you mitigate them.
 
+## 0x8024402F
 
-|                Error Code                |              Message              |                                          Description                                          |                                                                                                                                                                                                                     Mitigation                                                                                                                                                                                                                      |
-|------------------------------------------|-----------------------------------|-----------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-|                0x8024402F                | WU_E_PT_ECP_SUCCEEDED_WITH_ERRORS |                    External cab file processing completed with some errors                    |                                                                                               One of the reasons we see this issue is due to the design of a software called Lightspeed Rocket for Web filtering. <br>Add the IP addresses of devices you want to get updates to the exceptions list of Lightspeed                                                                                               |
-|                0x80242006                |      WU_E_UH_INVALIDMETADATA      |   A handler operation could not be completed because the update contains invalid metadata.    | Rename Software Redistribution Folder and attempt to download the updates again: <br>Rename the following folders to \*.BAK: <br>- %systemroot%\system32\catroot2 <br><br>Type the following commands at a command prompt. Press ENTER after you type each command.<br>- Ren %systemroot%\SoftwareDistribution\DataStore \*.bak<br>- Ren %systemroot%\SoftwareDistribution\Download \*.bak<br>Ren %systemroot%\system32\catroot2 \*.bak |
-|                0x80070BC9                |    ERROR_FAIL_REBOOT_REQUIRED     |    The requested operation failed. A system reboot is required to roll back changes made.     |                                                                                                                          Ensure that you don't have any policies that control the start behavior for the Windows Module Installer. This service should be managed by the operating system.                                                                                                                          |
-|                0x80200053                |      BG_E_VALIDATION_FAILED       |                                              NA                                               |                                                                  Ensure that there are no firewalls that filter downloads. Such filtering could lead to incorrect responses being received by the Windows Update Client.<br><br>If the issue still persists, run the [Windows Update reset script](https://gallery.technet.microsoft.com/scriptcenter/Reset-Windows-Update-Agent-d824badc).                                                                  |
-|                0x80072EE2                |         WININET_E_TIMEOUT         |                                    The operation timed out                                    |                   This error message can be caused if the computer isn't connected to the Internet. To fix this issue, follow these steps: make sure these URLs are not blocked: <br> http://<em>.update.microsoft.com<br>https://</em>.update.microsoft.com <br><http://download.windowsupdate.com>  <br><br>You can also take a network trace to check what is timing out. \<Refer to Firewall Troubleshooting scenario>                   |
-| 0x80072EFD <br>0x80072EFE <br>0x80D02002 |          TIME_OUT_ERRORS          |                                    The operation timed out                                    |                                                                                                                                Make sure there are no firewall rules or proxy to block Microsoft download URLs. <br>Take a network monitor trace to understand better. \<Refer to Firewall Troubleshooting scenario>                                                                                                                                 |
-|                0X8007000D                |        ERROR_INVALID_DATA         |                   Indicates invalid data downloaded or corruption occurred.                   |                                                                                                                                                                                            Attempt to re-download the update and initiate installation.                                                                                                                                                                                             |
-|                0x8024A10A                |    USO_E_SERVICE_SHUTTING_DOWN    |                        Indicates that the Windows Update Service is shutting down.                        |                                                                                         This can occur after a very long period of time of inactivity, the system failing to respond leading to the service being idle and causing the service to shut down. Ensure that the system remains active and the connections remain established to complete the upgrade.                                                                                          |
-|                0x80240020                |     WU_E_NO_INTERACTIVE_USER      |          Operation did not complete because there is no logged-on interactive user.           |                                                                                                                                                                            Sign in to the device to start the installation and allow the device to restart.                                                                                                                                                                             |
-|                0x80242014                |  WU_E_UH_POSTREBOOTSTILLPENDING   |                The post-restart operation for the update is still in progress.                 |                                                                                                                                                               Some Windows Updates require the device to be restarted. Restart the device to complete update installation.                                                                                                                                                              |
-|                0x80246017                |  WU_E_DM_UNAUTHORIZED_LOCAL_USER  | The download failed because the local user was denied authorization to download the content.  |                                                                                                                                               Ensure that the user attempting to download and install updates has been provided with sufficient privileges to install updates (Local Administrator).                                                                                                                                                |
-|                0x8024000B                |        WU_E_CALL_CANCELLED        |                                   Operation was canceled.                                    |                                                            The operation was canceled by the user or service. You might also receive this error when we are unable to filter the results. Run the [Decline Superseded PowerShell script](https://gallery.technet.microsoft.com/scriptcenter/Cleanup-WSUS-server-4424c9d6) to allow the filtering process to complete.                                                             |
-|                0x8024000E                |         WU_E_XML_INVALID          |           Windows Update Agent found invalid information in the update's XML data.            |                                                                                                              Certain drivers contain additional metadata information in the update.xml, which could lead Orchestrator to understand it as invalid data. Ensure that you have the latest Windows Update Agent installed on the machine.                                                                                                              |
-|                0x8024D009                |      WU_E_SETUP_SKIP_UPDATE       | An update to the Windows Update Agent was skipped due to a directive in the wuident.cab file. |                                                                                       You may encounter this error when WSUS is not sending the Self-update to the clients.<br><br>Review [KB920659](https://support.microsoft.com/help/920659/the-microsoft-windows-server-update-services-wsus-selfupdate-service-d) for instructions to resolve the issue.                                                                                       |
-|                0x80244007                |   WU_E_PT_SOAPCLIENT_SOAPFAULT    | SOAP client failed because there was a SOAP fault for reasons of WU_E_PT_SOAP_\* error codes. |                                                                                        This issue occurs because Windows cannot renew the cookies for Windows Update.  <br><br>Review [KB2883975](https://support.microsoft.com/help/2883975/0x80244007-error-when-windows-tries-to-scan-for-updates-on-a-wsus-serv) for instructions to resolve the issue.                                                                                         |
-|                0x80070422               |       | This issue occurs when the Windows Update service stops working or is not running. |                                                                                       Check if the Windows Update service is running.<br>                                                                                        |
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WU_E_PT_ECP_SUCCEEDED_WITH_ERRORS | External cab file processing completed with some errors | One of the reasons we see this issue is due to the design of a software called Lightspeed Rocket for Web filtering. <br>Add the IP addresses of devices you want to get updates to the exceptions list of Lightspeed |
+
+## 0x80242006
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WU_E_UH_INVALIDMETADATA | A handler operation could not be completed because the update contains invalid metadata. | Rename Software Redistribution Folder and attempt to download the updates again: <br>Rename the following folders to \*.BAK: <br>- %systemroot%\system32\catroot2 <br><br>Type the following commands at a command prompt. Press ENTER after you type each command.<br>- Ren %systemroot%\SoftwareDistribution\DataStore \*.bak<br>- Ren %systemroot%\SoftwareDistribution\Download \*.bak<br>- Ren %systemroot%\system32\catroot2 \*.bak |
+
+## 0x80070BC9
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| ERROR_FAIL_REBOOT_REQUIRED | The requested operation failed. A system reboot is required to roll back changes made. | Ensure that you don't have any policies that control the start behavior for the Windows Module Installer. This service should be managed by the operating system |
+
+## 0x80200053
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| BG_E_VALIDATION_FAILED | NA | Ensure that there are no firewalls that filter downloads. Such filtering could lead to incorrect responses being received by the Windows Update Client.<br><br>If the issue still persists, run the [Windows Update reset script](https://gallery.technet.microsoft.com/scriptcenter/Reset-Windows-Update-Agent-d824badc).|
+
+## 0x80072EE2
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WININET_E_TIMEOUT | The operation timed out | This error message can be caused if the computer isn't connected to the Internet. To fix this issue, follow these steps: make sure these URLs are not blocked: <br> http://<em>.update.microsoft.com<br>https://</em>.update.microsoft.com <br><http://download.windowsupdate.com>  <br><br>You can also take a network trace to check what is timing out. \<Refer to Firewall Troubleshooting scenario> |
+
+## 0x80072EFD or 0x80072EFE or 0x80D02002
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| TIME_OUT_ERRORS | The operation timed out | Make sure there are no firewall rules or proxy to block Microsoft download URLs. <br>Take a network monitor trace to understand better. \<Refer to Firewall Troubleshooting scenario> |
+
+## 0X8007000D
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| ERROR_INVALID_DATA | Indicates invalid data downloaded or corruption occurred.| Attempt to re-download the update and initiate installation. |
+
+## 0x8024A10A
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| USO_E_SERVICE_SHUTTING_DOWN  | Indicates that the Windows Update Service is shutting down. | This can occur after a very long period of time of inactivity, the system failing to respond leading to the service being idle and causing the service to shut down. Ensure that the system remains active and the connections remain established to complete the upgrade. |
+
+## 0x80240020
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WU_E_NO_INTERACTIVE_USER | Operation did not complete because there is no logged-on interactive user. | Sign in to the device to start the installation and allow the device to restart. |
+
+## 0x80242014
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WU_E_UH_POSTREBOOTSTILLPENDING | The post-restart operation for the update is still in progress. | Some Windows Updates require the device to be restarted. Restart the device to complete update nstallation. |
+
+## 0x80246017
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WU_E_DM_UNAUTHORIZED_LOCAL_USER | The download failed because the local user was denied authorization to download the content.  | Ensure that the user attempting to download and install updates has been provided with sufficient privileges to install updates (Local Administrator).|
+
+## 0x8024000B
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WU_E_CALL_CANCELLED | Operation was canceled. | The operation was canceled by the user or service. You might also receive this error when we are unable to filter the results. Run the [Decline Superseded PowerShell script](https://gallery.technet.microsoft.com/scriptcenter/Cleanup-WSUS-server-4424c9d6) to allow the filtering process to complete. |
+
+## 0x8024000E
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WU_E_XML_INVALID | Windows Update Agent found invalid information in the update's XML data. | Certain drivers contain additional metadata information in the update.xml, which could lead Orchestrator to understand it as invalid data. Ensure that you have the latest Windows Update Agent installed on the machine. |
+
+## 0x8024D009
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WU_E_SETUP_SKIP_UPDATE | An update to the Windows Update Agent was skipped due to a directive in the wuident.cab file. | You may encounter this error when WSUS is not sending the Self-update to the clients.<br><br>Review [KB920659](https://support.microsoft.com/help/920659/the-microsoft-windows-server-update-services-wsus-selfupdate-service-d) for instructions to resolve the issue. |
+
+## 0x80244007
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WU_E_PT_SOAPCLIENT_SOAPFAULT | SOAP client failed because there was a SOAP fault for reasons of WU_E_PT_SOAP_\* error codes. | This issue occurs because Windows cannot renew the cookies for Windows Update.  <br><br>Review [KB2883975](https://support.microsoft.com/help/2883975/0x80244007-error-when-windows-tries-to-scan-for-updates-on-a-wsus-serv) for instructions to resolve the issue. |
+
+## 0x80070422
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| NA | This issue occurs when the Windows Update service stops working or is not running. | Check if the Windows Update service is running.<br> |
+
+## 0x800f0821
+
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| CBS_E_ABORT; client abort, IDABORT returned by ICbsUIHandler method except Error() | CBS   transaction timeout exceeded. | A   servicing operation is taking a long time to complete.  The servicing stack watchdog timer expires   and assumes the system has hung.    Extending the timeout will mitigate the issue. Increase the machine   resources. If a virtual machine, increase virtual CPU and memory to speedup   the operation. Make sure the machine as at least the KB4493473, if not please   download and manually install it.|
+
+## 0x800f0825
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| CBS_E_CANNOT_UNINSTALL; Package cannot be uninstalled. | Typically   component store corruption caused when a component is in a partially   installed state. | Repair component store with Dism RestoreHealth command OR manually repair with   payload from the partially installed component. Open and elevated command prompt and execute the below commands, by order:<br>1. DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH<br>2. DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT<br>3. DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH<br>4. Sfc /Scannow<br>5. Reboot the machine |
+
+## 0x800F0920
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| CBS_E_HANG_DETECTED; A hang was detected while processing the operation. | Subsequent   error logged after getting 0x800f0821 | A servicing operation is taking a long time to complete. The servicing stack watchdog timer expires and assumes the system has hung.  Extending the timeout will mitigate the issue. Increase the machine resources. If a virtual machine, increase virtual CPU and memory to speedup   the operation. Make sure the machine as at least the KB4493473, if not please download and manually install it. |
+
+## 0x800f081f
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| CBS_E_SOURCE_MISSING; source for package or file not found, ResolveSource() unsuccessful | Component  Store corruption | Repair component store with Dism RestoreHealth command OR manually repair with   payload from the partially installed component. Open and elevated command prompt and execute the below commands, by order:<br>1. DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH<br>2. DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT<br>3. DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH<br>4. Sfc /Scannow<br>5. Reboot the machine |
+
+## 0x800f0831
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| CBS_E_STORE_CORRUPTION; CBS store is corrupted. | Corruption in the Windows Component  Store. | Repair component store with Dism RestoreHealth command OR manually repair with   payload from the partially installed component. Open and elevated command prompt and execute the below commands, by order:<br>1. DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH<br>2. DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT<br>3. DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH<br>4. Sfc /Scannow<br>5. Reboot the machine |
+
+## 0x80070005
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| E_ACCESSDENIED; General access denied error | File system or registry key permissions have been changed and the servicing stack doesn't have the required level of access. | This error generally means an ACCESS DENIED.<br> Go to %Windir%\logs\CBS and open the last CBS.log and search for “, error” and match with the timestamp. After finding the error, scroll up and try to determine what caused the   ACCESS DENIED, it could be acess denied to a file, registry key,etc. Determine what object needs the right permissions and change the   permissions |
+
+## 0x80070570
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| ERROR_FILE_CORRUPT; The file or directory is corrupted and unreadable. | Component Store corruption | Repair component store with Dism RestoreHealth command OR manually repair with   payload from the partially installed component. Open and elevated command prompt and execute the below commands, by order:<br>1. DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH <br> 2. DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT<br>3. DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH<br>4. Sfc /Scannow<br>5. Reboot the machine |
+
+
+## 0x80070003
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| ERROR_PATH_NOT_FOUND; The system cannot find the path specified. | The servicing stack cannot access a specific path. | Indicates an invalid path to an executable. Go to %Windir%\logs\CBS and open the last   CBS.log and search for “, error” and match with the timestamp. |
+
+
+## 0x80070020
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| ERROR_SHARING_VIOLATION | Numerous   causes.  CBS log analysis required. | This   error is usually caused by 3rd party filter drivers like Antivirus. <br> 1. [Perform a clean boot and retry the installation](https://support.microsoft.com/help/929135/)  <br> 2. Download the sysinternal tool process monitor ->   https://docs.microsoft.com/en-us/sysinternals/downloads/procmon <br> 3. Run procmon.exe. It will start data capture automatically <br> 4. Install the Update package again <br> 5. With procmon program main window in focus, press Ctrl + E or click the magnifying glass to terminate data capture <br> 6. Click File > Save > All Events > PML, and choose an adequate path to save the .PML file <br> 7. Go to %windir%\logs\cbs and open the last cbs.log file and search for the error <br> 8. After finding the error line a bit above you should have the file being accessed during the installation that is giving the sharing violation error <br> 9. In the Procmon windows filter for path and insert the file name (it should   be something like “path” “contains” “filename from CBS”) <br> 10. After checking which process is accessing that file try to stop it or uninstall it from the machine |
+
+## 0x80073701
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| ERROR_SXS_ASSEMBLY_MISSING; The referenced assembly could not be found. | Typically component store corruption caused when a component is in a partially installed state. | Repair component store with Dism RestoreHealth command OR manually repair with   payload from the partially installed component. Open and elevated command prompt and execute the below commands, by order:<br>1. DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH <br> 2. DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT<br>3. DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH<br>4. Sfc /Scannow<br>5. Reboot the machine | 
+
+## 0x8007371b
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| ERROR_SXS_TRANSACTION_CLOSURE_INCOMPLETE; One or more required members of the transaction are not present. | Component Store corruption. | Repair component store with Dism RestoreHealth command OR manually repair with   payload from the partially installed component. Open and elevated command prompt and execute the below commands, by order:<br>1. DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH <br> 2. DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT<br>3. DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH<br>4. Sfc /Scannow<br>5. Reboot the machine | 
+
+## 0x80072EFE
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WININET_E_CONNECTION_ABORTED; The connection with the server was terminated abnormally | BITS is unable to transfer the file successfully. | Encountered if BITS is broken or if the file being transferred can't be written to the destination folder on the client. This error is usually caused by connection errors while checking/downloading updates.<br> From a cmd prompt run: **BITSADMIN /LIST /ALLUSERS /VERBOSE** <br> Search for the 0x80072EFE error code. You should see a reference to a HTTP   code with a specific file, try to download it manually from your browser making sure you’re using your proxy organization settings. If it fails, check with your proxy manager to allow for the communication to be sucesfull. Also   check with your network team for this specific URL access. |
+
+## 0x80072F8F
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WININET_E_DECODING_FAILED; Content decoding has failed | TLS 1.2 is not configured correctly on the client machine. | This error generally means that the Windows Update Agent was unable to decode the   received content. You need to install and configure TLS 1.2 by installing this KB: https://support.microsoft.com/help/3140245/ 
+
+## 0x80072EE2
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WININET_E_TIMEOUT; The operation timed out | Unable to scan for updates due to a connectivity issue to WU, SCCM, or WSUS. | This error generally means that the Windows Update Agent was unable to connect to the update servers or your own configured WSUS/SCCM/MEM/etc. <br> Check with your network team if the machine is able to get to your WSUS/SCCM/MEM/etc or the internet servers. See, https://docs.microsoft.com/en-US/troubleshoot/mem/configmgr/troubleshoot-software-update-scan-failures <br> In case you’re using the public MS update servers, check that your device can access the following Windows Update endpoints: <br> http://windowsupdate.microsoft.com <br> http://*.windowsupdate.microsoft.com <br> https://*.windowsupdate.microsoft.com <br> http://*.update.microsoft.com <br> https://*.update.microsoft.com <br> http://*.windowsupdate.com <br> http://download.windowsupdate.com <br> https://download.microsoft.com <br> http://*.download.windowsupdate.com <br> http://wustat.windows.com <br>    http://ntservicepack.microsoft.com |
+
+## 0x80240022
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WU_E_ALL_UPDATES_FAILED; Operation failed for all the updates. | Multiple root causes for this error.| Most common issue is where Anti-Virus software is blocking access to certain folders (like SoftwareDistribution). CBS.log analysis needed to determine the file or folder being protected. |
+
+## 0x8024401B
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WU_E_PT_HTTP_STATUS_PROXY_AUTH_REQ; Same as HTTP status 407 - proxy authentication is required. | Unable to authenticate through a proxy server. | Either the Winhttp proxy or WinInet proxy settings are not configured correctly. This error generally means that the Windows Update Agent was unable to connect to the update servers or your own configured WSUS/SCCM/MEM/etc due to a Proxy error. <br> - Verify the proxy settings on the client, and make sure that they are configured correctly. The Windows Update Agent uses WinHTTP to scan for available updates. So, when there is a proxy server between the client and the WSUS computer, the proxy settings must be configured correctly on the clients to enable them to communicate with WSUS by using the computer's FQDN. <br> - Check with your network team and proxy team if the machine is able to get to your WSUS/SCCM7MEM/etc or the internet servers without the proxy requiring user authentication |
+
+
+## 0x80244022
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WU_E_PT_HTTP_STATUS_SERVICE_UNAVAILABLE; Same as HTTP status 503 - the service is temporarily overloaded. | Unable to connect to the configured update source. | Network troubleshooting needed to resolve the connectivity issue. Check with your network team and proxy team if the machine is able to get to your WSUS/SCCM7MEM/etc or the internet servers without the proxy requiring user authentication. |

From f595ca95fbca8e50be62f8285f8356353ba3bde2 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Mon, 20 Sep 2021 12:07:42 -0700
Subject: [PATCH 522/671] Update index.yml

---
 windows/security/index.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 0807b2123a..287a123350 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -11,7 +11,7 @@ metadata:
   ms.collection: m365-security-compliance
   author: dansimp #Required; your GitHub user alias, with correct capitalization.
   ms.author: dansimp #Required; microsoft alias of author; optional team alias.
-  ms.date: 09/17/2021
+  ms.date: 09/20/2021
   localization_priority: Priority
     
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
@@ -54,7 +54,7 @@ landingContent:
     linkLists:
       - linkListType: overview
         links:
-        - text: Operating system security
+        - text: Overview
           url: operating-system.md
       - linkListType: concept
         links:
@@ -117,11 +117,11 @@ landingContent:
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)
-  - title: User protection
+  - title: User security and secured identity
     linkLists:
       - linkListType: overview
         links:
-        - text: Windows identity security
+        - text: Overview
           url: identity.md
       - linkListType: concept
         links:
@@ -146,7 +146,7 @@ landingContent:
     linkLists:
       - linkListType: overview
         links:
-        - text: Security foundations
+        - text: Overview
           url: security-foundations.md
       - linkListType: reference
         links:

From dc78c5d5cb557e61a1e60bef8a7c09cc3b905147 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Mon, 20 Sep 2021 12:10:26 -0700
Subject: [PATCH 523/671] Update TOC.yml

---
 windows/security/TOC.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 46d6c42528..e86b164792 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -447,7 +447,7 @@
    - name: Overview
      href: cloud.md
    - name: Mobile device management
-     href: client-management/mdm.md
+     href: client-management/mdm/index.md
    - name: Windows 365 Cloud PCs
      href: /windows-365/overview
    - name: Azure Virtual Desktop

From 34aadbfc6e062f9ecd7b8dc8b460461df3243f23 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Mon, 20 Sep 2021 12:13:28 -0700
Subject: [PATCH 524/671] Update index.yml

---
 windows/security/index.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 287a123350..c637b78687 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -105,7 +105,7 @@ landingContent:
       - linkListType: concept
         links:
         - text: Mobile device management
-          url: client-management/mdm.md
+          url: client-management/mdm/index.md
         - text: Azure Active Directory
           url: https://www.microsoft.com/security/business/identity-access-management/azure-active-directory
         - text: Your Microsoft Account

From ff2d12f60bf9273caf78e29c07743bb392c78ac4 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Mon, 20 Sep 2021 12:17:34 -0700
Subject: [PATCH 525/671] Update cloud.md

---
 windows/security/cloud.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index 81019491b7..4e2d1d9f9e 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -7,7 +7,7 @@ ms.author: deniseb
 manager: dansimp 
 audience: ITPro
 ms.topic: conceptual
-ms.date: 09/17/2021
+ms.date: 09/20/2021
 ms.localizationpriority: medium
 ms.custom: 
 f1.keywords: NOCSH 
@@ -28,12 +28,12 @@ Windows 11 includes the cloud services that are listed in the following table:<b
 
 | Service type | Description |
 |:---|:---|
-| Mobile device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>To learn more, see [MDM and Windows](../client-management/mdm/index.md). |
+| Mobile device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>To learn more, see [Mobile device management](../client-management/mdm/index.md). |
 | Microsoft account | When users add their Microsoft account to Windows 11, they can bring their Windows, Microsoft Edge, Xbox settings, web page favorites, files, photos, and more across their devices. <br/><br/>The Microsoft account enables people to manage everything in one place. They can keep tabs on their subscriptions and order history, organize their family's digital life, update their privacy and security settings, track the health and safety of their devices, and even get rewards. <br/><br/>To learn more, see [Microsoft Accounts](identity-protection/access-control/microsoft-accounts.md).|
 | OneDrive | OneDrive is your online storage for your files, photos, and data. OneDrive provides extra security, backup, and restore options for important files and photos. With options for both personal and business, people can use OneDrive to store and protect files in the cloud, allowing users to them on their laptops, desktops, and mobile devices. If a device is lost or stolen, people can quickly recover all their important files, photos, and data. <br/><br/>The OneDrive Personal Vault also provides protection for your most sensitive files without losing the convenience of anywhere access. Files are secured by identity verification, yet easily accessible to users across their devices. [Learn how to set up your Personal Vault](https://support.microsoft.com/office/protect-your-onedrive-files-in-personal-vault-6540ef37-e9bf-4121-a773-56f98dce78c4). <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. [Learn more about how to recover from a ransomware attack using Office 365](/microsoft-365/security/office-365-security/recover-from-ransomware). |
 | Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/><br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere.<br/><br/>To learn more, see [What is Azure AD?](/azure/active-directory/fundamentals/active-directory-whatis) |
 
 ## Next steps
 
-- [Learn more about MDM and Windows 11](mdm-windows.md)
+- [Learn more about MDM and Windows 11](../client-management/mdm/index.md)
 - [Learn more about Windows security](index.yml)
\ No newline at end of file

From 3a6cc4c7d4b8774fe8f079648693f8d04e51a214 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Mon, 20 Sep 2021 12:24:53 -0700
Subject: [PATCH 526/671] Update index.yml

---
 windows/security/index.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index c637b78687..0472ae7481 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -105,7 +105,7 @@ landingContent:
       - linkListType: concept
         links:
         - text: Mobile device management
-          url: client-management/mdm/index.md
+          url: windows/client-management/mdm/index.md
         - text: Azure Active Directory
           url: https://www.microsoft.com/security/business/identity-access-management/azure-active-directory
         - text: Your Microsoft Account

From fbf07f5dfd0b72691df874be5713bb8218f0057d Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Mon, 20 Sep 2021 12:28:19 -0700
Subject: [PATCH 527/671] Update index.yml

---
 windows/security/index.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 0472ae7481..faaade9a1b 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -105,7 +105,7 @@ landingContent:
       - linkListType: concept
         links:
         - text: Mobile device management
-          url: windows/client-management/mdm/index.md
+          url: https://docs.microsoft.com/windows/client-management/mdm/
         - text: Azure Active Directory
           url: https://www.microsoft.com/security/business/identity-access-management/azure-active-directory
         - text: Your Microsoft Account

From 7b4135e87a0f941598f17e0808fdc0d00683cc26 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Mon, 20 Sep 2021 12:28:47 -0700
Subject: [PATCH 528/671] Update TOC.yml

---
 windows/security/TOC.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index e86b164792..8eb8e35f21 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -447,7 +447,7 @@
    - name: Overview
      href: cloud.md
    - name: Mobile device management
-     href: client-management/mdm/index.md
+     href: https://docs.microsoft.com/windows/client-management/mdm/
    - name: Windows 365 Cloud PCs
      href: /windows-365/overview
    - name: Azure Virtual Desktop

From dc7e7c88713bcb8d1afd28ae95ae51be1b27abb5 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Mon, 20 Sep 2021 12:31:55 -0700
Subject: [PATCH 529/671] Update cloud.md

---
 windows/security/cloud.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index 4e2d1d9f9e..7bccc2aa84 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -28,12 +28,12 @@ Windows 11 includes the cloud services that are listed in the following table:<b
 
 | Service type | Description |
 |:---|:---|
-| Mobile device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>To learn more, see [Mobile device management](../client-management/mdm/index.md). |
+| Mobile device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>To learn more, see [Mobile device management](/windows/client-management/mdm/). |
 | Microsoft account | When users add their Microsoft account to Windows 11, they can bring their Windows, Microsoft Edge, Xbox settings, web page favorites, files, photos, and more across their devices. <br/><br/>The Microsoft account enables people to manage everything in one place. They can keep tabs on their subscriptions and order history, organize their family's digital life, update their privacy and security settings, track the health and safety of their devices, and even get rewards. <br/><br/>To learn more, see [Microsoft Accounts](identity-protection/access-control/microsoft-accounts.md).|
 | OneDrive | OneDrive is your online storage for your files, photos, and data. OneDrive provides extra security, backup, and restore options for important files and photos. With options for both personal and business, people can use OneDrive to store and protect files in the cloud, allowing users to them on their laptops, desktops, and mobile devices. If a device is lost or stolen, people can quickly recover all their important files, photos, and data. <br/><br/>The OneDrive Personal Vault also provides protection for your most sensitive files without losing the convenience of anywhere access. Files are secured by identity verification, yet easily accessible to users across their devices. [Learn how to set up your Personal Vault](https://support.microsoft.com/office/protect-your-onedrive-files-in-personal-vault-6540ef37-e9bf-4121-a773-56f98dce78c4). <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. [Learn more about how to recover from a ransomware attack using Office 365](/microsoft-365/security/office-365-security/recover-from-ransomware). |
 | Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/><br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere.<br/><br/>To learn more, see [What is Azure AD?](/azure/active-directory/fundamentals/active-directory-whatis) |
 
 ## Next steps
 
-- [Learn more about MDM and Windows 11](../client-management/mdm/index.md)
+- [Learn more about MDM and Windows 11](/windows/client-management/mdm/)
 - [Learn more about Windows security](index.yml)
\ No newline at end of file

From 18891fb08147e3ab1930cadeb82ddc2df3c03f09 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Mon, 20 Sep 2021 12:35:32 -0700
Subject: [PATCH 530/671] Update index.yml

---
 windows/security/index.yml | 42 +++++++++++++++++++-------------------
 1 file changed, 21 insertions(+), 21 deletions(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index faaade9a1b..64e0ecd4fb 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -94,27 +94,6 @@ landingContent:
         - text: S/MIME for Windows
           url: identity-protection/configure-s-mime.md
 # Cards and links should be based on top customer tasks or top subjects
-# Start card title with a verb
-  # Card (optional)
-  - title: Cloud services
-    linkLists:
-      - linkListType: overview
-        links:
-        - text: Overview
-          url: cloud.md
-      - linkListType: concept
-        links:
-        - text: Mobile device management
-          url: https://docs.microsoft.com/windows/client-management/mdm/
-        - text: Azure Active Directory
-          url: https://www.microsoft.com/security/business/identity-access-management/azure-active-directory
-        - text: Your Microsoft Account
-          url: identity-protection/access-control/microsoft-accounts.md
-        - text: OneDrive
-          url: https://docs.microsoft.com/onedrive/onedrive
-        - text: Family safety
-          url: threat-protection/windows-defender-security-center/wdsc-family-options.md
-# Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)
   - title: User security and secured identity
@@ -140,6 +119,27 @@ landingContent:
         - text: Smart cards
           url: identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md
 # Cards and links should be based on top customer tasks or top subjects
+# Start card title with a verb
+  # Card (optional)
+  - title: Cloud services
+    linkLists:
+      - linkListType: overview
+        links:
+        - text: Overview
+          url: cloud.md
+      - linkListType: concept
+        links:
+        - text: Mobile device management
+          url: https://docs.microsoft.com/windows/client-management/mdm/
+        - text: Azure Active Directory
+          url: https://www.microsoft.com/security/business/identity-access-management/azure-active-directory
+        - text: Your Microsoft Account
+          url: identity-protection/access-control/microsoft-accounts.md
+        - text: OneDrive
+          url: https://docs.microsoft.com/onedrive/onedrive
+        - text: Family safety
+          url: threat-protection/windows-defender-security-center/wdsc-family-options.md
+# Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)
   - title: Security foundations

From 428047c22848cbe7c7e4807a9181dae25244ff5e Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Mon, 20 Sep 2021 15:36:28 -0400
Subject: [PATCH 531/671] win11 kiosk updates

---
 .../guidelines-for-assigned-access-app.md     |  13 +-
 .../kiosk-additional-reference.md             |  14 +-
 windows/configuration/kiosk-mdm-bridge.md     |   7 +-
 windows/configuration/kiosk-methods.md        |  33 ++-
 windows/configuration/kiosk-policies.md       |   5 +-
 windows/configuration/kiosk-prepare.md        | 224 ++++++------------
 windows/configuration/kiosk-shelllauncher.md  |   9 +-
 windows/configuration/kiosk-single-app.md     | 127 +++++-----
 windows/configuration/kiosk-troubleshoot.md   |   5 +-
 windows/configuration/kiosk-validate.md       |   7 +-
 windows/configuration/kiosk-xml.md            |  28 ++-
 .../lock-down-windows-10-to-specific-apps.md  |  15 +-
 .../set-up-shared-or-guest-pc.md              |  25 +-
 .../configuration/setup-digital-signage.md    |  38 +--
 14 files changed, 223 insertions(+), 327 deletions(-)

diff --git a/windows/configuration/guidelines-for-assigned-access-app.md b/windows/configuration/guidelines-for-assigned-access-app.md
index d24b76cd0c..2969e1dd6f 100644
--- a/windows/configuration/guidelines-for-assigned-access-app.md
+++ b/windows/configuration/guidelines-for-assigned-access-app.md
@@ -1,5 +1,5 @@
 ---
-title: Guidelines for choosing an app for assigned access (Windows 10)
+title: Guidelines for choosing an app for assigned access (Windows 10/11)
 description: The following guidelines may help you choose an appropriate Windows app for your assigned access experience.
 keywords: ["kiosk", "lockdown", "assigned access"]
 ms.prod: w10
@@ -19,7 +19,8 @@ manager: dansimp
 
 **Applies to**
 
--   Windows 10
+- Windows 10
+- Windows 11
 
 
 You can use assigned access to restrict customers at your business to using only one Windows app so your device acts like a kiosk.  Administrators can use assigned access to restrict a selected user account to access a single Windows app. You can choose almost any Windows app for assigned access; however, some apps may not provide a good user experience.
@@ -45,9 +46,9 @@ Avoid selecting Windows apps that are designed to launch other apps as part of t
 
 ## Guidelines for web browsers
 
-In Windows 10, version 1809, Microsoft Edge includes support for kiosk mode. [Learn how to deploy Microsoft Edge kiosk mode.](/microsoft-edge/deploy/microsoft-edge-kiosk-mode-deploy)
+Starting with Windows 10 version 1809+, Microsoft Edge includes support for kiosk mode. [Learn how to deploy Microsoft Edge kiosk mode.](/microsoft-edge/deploy/microsoft-edge-kiosk-mode-deploy)
 
-In Windows 10, version 1803 and later, you can install the **Kiosk Browser** app from Microsoft to use as your kiosk app. For digital signage scenarios, you can configure **Kiosk Browser** to navigate to a URL and show only that content -- no navigation buttons, no address bar, etc. For kiosk scenarios, you can configure additional settings, such as allowed and blocked URLs, navigation buttons, and end session buttons. For example, you could configure your kiosk to show the online catalog for your store, where customers can navigate between departments and items, but aren’t allowed to go to a competitor's website. 
+In Windows client, you can install the **Kiosk Browser** app from Microsoft to use as your kiosk app. For digital signage scenarios, you can configure **Kiosk Browser** to navigate to a URL and show only that content -- no navigation buttons, no address bar, etc. For kiosk scenarios, you can configure additional settings, such as allowed and blocked URLs, navigation buttons, and end session buttons. For example, you could configure your kiosk to show the online catalog for your store, where customers can navigate between departments and items, but aren’t allowed to go to a competitor's website. 
 
 >[!NOTE]
 >Kiosk Browser supports a single tab. If a website has links that open a new tab, those links will not work with Kiosk Browser. Kiosk Browser does not support .pdfs.
@@ -55,7 +56,7 @@ In Windows 10, version 1803 and later, you can install the **Kiosk Browser** app
 >Kiosk Browser cannot access intranet websites.
 
 
-**Kiosk Browser** must be downloaded for offline licensing using Microsoft Store For Business. You can deploy **Kiosk Browser** to devices running Windows 10, version 1803 (Pro, Business, Enterprise, and Education).
+**Kiosk Browser** must be downloaded for offline licensing using Microsoft Store For Business. You can deploy **Kiosk Browser** to devices running Windows 10, version 1803 (Pro, Business, Enterprise, and Education) / Windows 11.
 
 1. [Get **Kiosk Browser** in Microsoft Store for Business with offline license type.](/microsoft-store/acquire-apps-microsoft-store-for-business#acquire-apps)
 2. [Deploy **Kiosk Browser** to kiosk devices.](/microsoft-store/distribute-offline-apps)
@@ -162,7 +163,7 @@ Check the guidelines published by your selected app and set up accordingly.
 
 ## Develop your kiosk app
 
-Assigned access in Windows 10 leverages the new lock framework. When an assigned access user signs in, the selected kiosk app is launched above the lock screen. The kiosk app is running as an above lock screen app. 
+Assigned access in Windows client leverages the new lock framework. When an assigned access user signs in, the selected kiosk app is launched above the lock screen. The kiosk app is running as an above lock screen app. 
 
 Follow the [best practices guidance for developing a kiosk app for assigned access](/windows-hardware/drivers/partnerapps/create-a-kiosk-app-for-assigned-access). 
 
diff --git a/windows/configuration/kiosk-additional-reference.md b/windows/configuration/kiosk-additional-reference.md
index 67f49befe3..666ea49c71 100644
--- a/windows/configuration/kiosk-additional-reference.md
+++ b/windows/configuration/kiosk-additional-reference.md
@@ -1,5 +1,5 @@
 ---
-title: More kiosk methods and reference information (Windows 10)
+title: More kiosk methods and reference information (Windows 10/11)
 description: Find more information for configuring, validating, and troubleshooting kiosk configuration.
 ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
 ms.reviewer: 
@@ -19,7 +19,8 @@ ms.topic: reference
 
 **Applies to**
 
--   Windows 10 Pro, Enterprise, and Education
+- Windows 10 Pro, Enterprise, and Education
+- Windows 11
 
 
 ## In this section
@@ -31,11 +32,8 @@ Topic | Description
 [Guidelines for choosing an app for assigned access (kiosk mode)](guidelines-for-assigned-access-app.md) | These guidelines will help you choose an appropriate Windows app for your assigned access experience.
 [Policies enforced on kiosk devices](kiosk-policies.md) | Learn about the policies enforced on a device when you configure it as a kiosk.
 [Assigned access XML reference](kiosk-xml.md) | The XML and XSD for kiosk device configuration.
-[Use AppLocker to create a Windows 10 kiosk](lock-down-windows-10-applocker.md) | Learn how to use AppLocker to configure a kiosk device running Windows 10 Enterprise or Windows 10 Education, version 1703 and earlier, so that users can only run a few specific apps.
-[Use Shell Launcher to create a Windows 10 kiosk](kiosk-shelllauncher.md) |  Using Shell Launcher, you can configure a kiosk device that runs a Windows application as the user interface.
-[Use MDM Bridge WMI Provider to create a Windows 10 kiosk](kiosk-mdm-bridge.md) | Environments that use Windows Management Instrumentation (WMI) can use the MDM Bridge WMI Provider to configure the MDM_AssignedAccess class.
+[Use AppLocker to create a Windows client kiosk](lock-down-windows-10-applocker.md) | Learn how to use AppLocker to configure a kiosk device running Windows 10 Enterprise or Windows 10 Education, version 1703 and earlier, so that users can only run a few specific apps.
+[Use Shell Launcher to create a Windows client kiosk](kiosk-shelllauncher.md) |  Using Shell Launcher, you can configure a kiosk device that runs a Windows application as the user interface.
+[Use MDM Bridge WMI Provider to create a Windows client kiosk](kiosk-mdm-bridge.md) | Environments that use Windows Management Instrumentation (WMI) can use the MDM Bridge WMI Provider to configure the MDM_AssignedAccess class.
 [Troubleshoot kiosk mode issues](kiosk-troubleshoot.md) | Tips for troubleshooting multi-app kiosk configuration.
 
-
-
-
diff --git a/windows/configuration/kiosk-mdm-bridge.md b/windows/configuration/kiosk-mdm-bridge.md
index 73c8fdcc17..85ad833603 100644
--- a/windows/configuration/kiosk-mdm-bridge.md
+++ b/windows/configuration/kiosk-mdm-bridge.md
@@ -1,5 +1,5 @@
 ---
-title: Use MDM Bridge WMI Provider to create a Windows 10 kiosk (Windows 10)
+title: Use MDM Bridge WMI Provider to create a Windows 10/11 kiosk (Windows 10/11)
 description: Environments that use Windows Management Instrumentation (WMI) can use the MDM Bridge WMI Provider to configure the MDM_AssignedAccess class.
 ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
 ms.reviewer: 
@@ -15,12 +15,13 @@ ms.date: 11/07/2018
 ms.topic: article
 ---
 
-# Use MDM Bridge WMI Provider to create a Windows 10 kiosk
+# Use MDM Bridge WMI Provider to create a Windows client kiosk
 
 
 **Applies to**
 
--   Windows 10 Pro, Enterprise, and Education
+- Windows 10 Pro, Enterprise, and Education
+- Windows 11
 
 Environments that use [Windows Management Instrumentation (WMI)](/windows/win32/wmisdk/wmi-start-page) can use the [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal) to configure the MDM_AssignedAccess class. For more information about using a PowerShell script to configure AssignedAccess, see [PowerShell Scripting with WMI Bridge Provider](/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider). 
 
diff --git a/windows/configuration/kiosk-methods.md b/windows/configuration/kiosk-methods.md
index 9efa2b652d..ef90aa43f4 100644
--- a/windows/configuration/kiosk-methods.md
+++ b/windows/configuration/kiosk-methods.md
@@ -1,9 +1,9 @@
 ---
-title: Configure kiosks and digital signs on Windows desktop editions (Windows 10)
+title: Configure kiosks and digital signs on Windows desktop editions (Windows 10/11)
 ms.reviewer: 
 manager: dansimp
 ms.author: greglin
-description: In this article, learn about the methods for configuring kiosks and digital signs on Windows desktop editions.
+description: In this article, learn about the methods for configuring kiosks and digital signs on Windows 10 or Windows 11 desktop editions.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -18,21 +18,29 @@ ms.topic: article
 >[!WARNING]
 >Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
-Some desktop devices in an enterprise serve a special purpose, such as a PC in the lobby that customers can use to view your product catalog or a PC displaying visual content as a digital sign. Windows 10 offers two different locked-down experiences for public or specialized use:
+**Applies to**
 
-- **A single-app kiosk**, which runs a single Universal Windows Platform (UWP) app in fullscreen above the lockscreen. People using the kiosk can see only that app. When the kiosk account (a local standard user account) signs in, the kiosk app will launch automatically, and you can configure the kiosk account to sign in automatically as well. If the kiosk app is closed, it will automatically restart. 
+- Windows 10
+- Windows 11
+
+Some desktop devices in an enterprise serve a special purpose, such as a PC in the lobby that customers can use to view your product catalog or a PC displaying visual content as a digital sign. Windows client offers two different locked-down experiences for public or specialized use:
+
+- **A single-app kiosk**: Runs a single Universal Windows Platform (UWP) app in fullscreen above the lockscreen. People using the kiosk can see only that app. When the kiosk account (a local standard user account) signs in, the kiosk app will launch automatically, and you can configure the kiosk account to sign in automatically as well. If the kiosk app is closed, it will automatically restart. 
   
-    A single-app kiosk is ideal for public use. Using [Shell Launcher](kiosk-shelllauncher.md), you can configure a kiosk device that runs a Windows desktop application as the user interface. The application that you specify replaces the default shell (explorer.exe) that usually runs when a user logs on. This type of single-app kiosk does not run above the lockscreen. 
+  A single-app kiosk is ideal for public use. Using [Shell Launcher](kiosk-shelllauncher.md), you can configure a kiosk device that runs a Windows desktop application as the user interface. The application that you specify replaces the default shell (explorer.exe) that usually runs when a user logs on. This type of single-app kiosk does not run above the lockscreen. 
 
-    ![Illustration of a full-screen kiosk experience.](images/kiosk-fullscreen.png)
+  ![Illustration of a full-screen kiosk experience that runs one app on a Windows client device.](images/kiosk-fullscreen.png)
 
 - **A multi-app kiosk**, which runs one or more apps from the desktop. People using the kiosk see a customized Start that shows only the tiles for the apps that are allowed. With this approach, you can configure a locked-down experience for different account types. 
 
-    A multi-app kiosk is appropriate for devices that are shared by multiple people. When you configure a multi-app kiosk, [specific policies are enforced](kiosk-policies.md) that will affect **all** non-administrator users on the device. 
+  A multi-app kiosk is appropriate for devices that are shared by multiple people. When you configure a multi-app kiosk, [specific policies are enforced](kiosk-policies.md) that will affect **all** non-administrator users on the device. 
 
-    ![Illustration of a kiosk Start screen.](images/kiosk-desktop.png)
+  ![Illustration of a kiosk Start screen that runs multiple apps on a Windows client device.](images/kiosk-desktop.png)
 
-Kiosk configurations are based on **Assigned Access**, a feature in Windows 10 that allows an administrator to manage the user's experience by limiting the application entry points exposed to the user. 
+  > [!NOTE]
+  > Currently, multi-app kiosk is only supported on Windows 10. It's not supported on Windows 11.
+
+Kiosk configurations are based on **Assigned Access**, a feature in Windows client that allows an administrator to manage the user's experience by limiting the application entry points exposed to the user. 
 
 There are several kiosk configuration methods that you can choose from, depending on your answers to the following questions.
 
@@ -48,11 +56,11 @@ There are several kiosk configuration methods that you can choose from, dependin
 
     If you want your kiosk to run a single app for anyone to see or use, consider a single-app kiosk that runs either a [Universal Windows Platform (UWP) app](#uwp) or a [Windows desktop application](#classic). For a kiosk that people can sign in to with their accounts or that runs more than one app, choose [a multi-app kiosk](#desktop).
 
-- **Which edition of Windows 10 will the kiosk run?**
+- **Which edition of Windows client will the kiosk run?**
 
     ![icon that represents Windows.](images/windows.png)
 
-    All of the configuration methods work for Windows 10 Enterprise and Education; some of the methods work for Windows 10 Pro. Kiosk mode is not available on Windows 10 Home.
+    All of the configuration methods work for Windows client Enterprise and Education; some of the methods work for Windows Pro. Kiosk mode is not available on Windows Home.
 
 - **Which type of user account will be the kiosk account?**
 
@@ -110,5 +118,4 @@ Microsoft Intune or other MDM [for full-screen single-app kiosk](kiosk-single-ap
 
 
 >[!NOTE]
->For devices running Windows 10 Enterprise and Education, version 1703 and earlier, you can use [AppLocker](lock-down-windows-10-applocker.md) to lock down a device to specific apps. 
-
+>For devices running Windows client Enterprise and Education, you can also use [Windows Defender Application Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control) or [AppLocker](lock-down-windows-10-applocker.md) to lock down a device to specific apps.
diff --git a/windows/configuration/kiosk-policies.md b/windows/configuration/kiosk-policies.md
index 9f817f7581..df85323213 100644
--- a/windows/configuration/kiosk-policies.md
+++ b/windows/configuration/kiosk-policies.md
@@ -1,5 +1,5 @@
 ---
-title: Policies enforced on kiosk devices (Windows 10)
+title: Policies enforced on kiosk devices (Windows 10/11)
 description: Learn about the policies enforced on a device when you configure it as a kiosk.
 ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
 ms.reviewer: 
@@ -21,7 +21,8 @@ ms.topic: article
 
 **Applies to**
 
--   Windows 10 Pro, Enterprise, and Education
+- Windows 10 Pro, Enterprise, and Education
+- Windwos 11
 
 
 
diff --git a/windows/configuration/kiosk-prepare.md b/windows/configuration/kiosk-prepare.md
index ba1aaa2b58..39121135bb 100644
--- a/windows/configuration/kiosk-prepare.md
+++ b/windows/configuration/kiosk-prepare.md
@@ -1,5 +1,5 @@
 ---
-title: Prepare a device for kiosk configuration (Windows 10)
+title: Prepare a device for kiosk configuration (Windows 10/11) | Microsoft Docs
 description: Learn how to prepare a device for kiosk configuration. Also, learn about the recommended kiosk configuration changes.
 ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
 ms.reviewer: 
@@ -19,7 +19,8 @@ ms.topic: article
 
 **Applies to**
 
--   Windows 10 Pro, Enterprise, and Education
+- Windows 10 Pro, Enterprise, and Education
+- Windows 11
 
 > [!WARNING]
 > For kiosks in public-facing environments with auto sign-in enabled, you should use a user account with the least privileges, such as a local standard user account.
@@ -35,33 +36,33 @@ ms.topic: article
 
 For a more secure kiosk experience, we recommend that you make the following configuration changes to the device before you configure it as a kiosk: 
 
-Recommendation | How to
---- | ---
-Hide update notifications<br>(New in Windows 10, version 1809)   | Go to **Group Policy Editor** &gt; **Computer Configuration** &gt; **Administrative Templates\\Windows Components\\Windows Update\\Display options for update notifications**<br>-or-<br>Use the MDM setting **Update/UpdateNotificationLevel** from the [**Policy/Update** configuration service provider](/windows/client-management/mdm/policy-csp-update#update-updatenotificationlevel)<br>-or-<br>Add the following registry keys as type DWORD (32-bit) in the path of **HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate**:<br>**\SetUpdateNotificationLevel** with a value of `1`, and **\UpdateNotificationLevel** with a value of `1` to hide all notifications except restart warnings, or value of `2` to hide all notifications, including restart warnings.
-Enable and schedule automatic updates | Go to **Group Policy Editor** &gt; **Computer Configuration** &gt; **Administrative Templates\\Windows Components\\Windows Update\\Configure Automatic Updates**, and select `option 4 (Auto download and schedule the install)`<br>-or-<br>Use the MDM setting **Update/AllowAutoUpdate** from the [**Policy/Update** configuration service provider](/windows/client-management/mdm/policy-csp-update#update-allowautoupdate), and select `option 3 (Auto install and restart at a specified time)`<br><br>**Note:** Installations can take from between 30 minutes and 2 hours, depending on the device, so you should schedule updates to occur when a block of 3-4 hours is available.<br><br>To schedule the automatic update, configure **Schedule Install Day**, **Schedule Install Time**, and **Schedule Install Week**.
-Enable automatic restart at the scheduled time | Go to **Group Policy Editor** &gt; **Computer Configuration** &gt; **Administrative Templates\\Windows Components\\Windows Update\\Always automatically restart at the scheduled time**
-Replace "blue screen" with blank screen for OS errors   | Add the following registry key as DWORD (32-bit) type with a value of `1`:</br></br>**HKLM\SYSTEM\CurrentControlSet\Control\CrashControl\DisplayDisabled**
-Put device in **Tablet mode**. | If you want users to be able to use the touch (on screen) keyboard, go to **Settings** &gt; **System** &gt; **Tablet mode** and choose **On.** Do not turn on this setting if users will not interact with the kiosk, such as for a digital sign.
+| Recommendation | How to |
+| --- | --- |
+|Hide update notifications<br>(New starting in Windows 10, version 1809)   | Go to **Group Policy Editor** &gt; **Computer Configuration** &gt; **Administrative Templates\\Windows Components\\Windows Update\\Display options for update notifications**<br>-or-<br>Use the MDM setting **Update/UpdateNotificationLevel** from the [**Policy/Update** configuration service provider](/windows/client-management/mdm/policy-csp-update#update-updatenotificationlevel)<br>-or-<br>Add the following registry keys as type DWORD (32-bit) in the path of **HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate**:<br>**\SetUpdateNotificationLevel** with a value of `1`, and **\UpdateNotificationLevel** with a value of `1` to hide all notifications except restart warnings, or value of `2` to hide all notifications, including restart warnings. |
+| Enable and schedule automatic updates | Go to **Group Policy Editor** &gt; **Computer Configuration** &gt; **Administrative Templates\\Windows Components\\Windows Update\\Configure Automatic Updates**, and select `option 4 (Auto download and schedule the install)`<br>-or-<br>Use the MDM setting **Update/AllowAutoUpdate** from the [**Policy/Update** configuration service provider](/windows/client-management/mdm/policy-csp-update#update-allowautoupdate), and select `option 3 (Auto install and restart at a specified time)`<br><br>**Note:** Installations can take from between 30 minutes and 2 hours, depending on the device, so you should schedule updates to occur when a block of 3-4 hours is available.<br><br>To schedule the automatic update, configure **Schedule Install Day**, **Schedule Install Time**, and **Schedule Install Week**. |
+| Enable automatic restart at the scheduled time | Go to **Group Policy Editor** &gt; **Computer Configuration** &gt; **Administrative Templates\\Windows Components\\Windows Update\\Always automatically restart at the scheduled time** |
+| Replace "blue screen" with blank screen for OS errors   | Add the following registry key as DWORD (32-bit) type with a value of `1`:</br></br>**HKLM\SYSTEM\CurrentControlSet\Control\CrashControl\DisplayDisabled** |
+| Put device in **Tablet mode**. | If you want users to be able to use the touch (on screen) keyboard, go to **Settings** &gt; **System** &gt; **Tablet mode** and choose **On.** Do not turn on this setting if users will not interact with the kiosk, such as for a digital sign.
 Hide **Ease of access** feature on the sign-in screen. |     See [how to disable the Ease of Access button in the registry.](/windows-hardware/customize/enterprise/complementary-features-to-custom-logon#welcome-screen)
-Disable the hardware power button. |     Go to **Power Options** &gt; **Choose what the power button does**, change the setting to **Do nothing**, and then **Save changes**.
-Remove the power button from the sign-in screen. |     Go to **Computer Configuration** &gt; **Windows Settings** &gt; **Security Settings** &gt; **Local Policies** &gt;**Security Options** &gt; **Shutdown: Allow system to be shut down without having to log on** and select **Disabled.**
-Disable the camera. |     Go to **Settings** &gt; **Privacy** &gt; **Camera**, and turn off **Let apps use my camera**.
-Turn off app notifications on the lock screen. |     Go to **Group Policy Editor** &gt; **Computer Configuration** &gt; **Administrative Templates\\System\\Logon\\Turn off app notifications on the lock screen**.
-Disable removable media. |     Go to **Group Policy Editor** &gt; **Computer Configuration** &gt; **Administrative Templates\\System\\Device Installation\\Device Installation Restrictions**. Review the policy settings available in **Device Installation Restrictions** for the settings applicable to your situation.</br></br>**NOTE**: To prevent this policy from affecting a member of the Administrators group, in **Device Installation Restrictions**, enable **Allow administrators to override Device Installation Restriction policies**.
+| Disable the hardware power button. |     Go to **Power Options** &gt; **Choose what the power button does**, change the setting to **Do nothing**, and then **Save changes**. |
+| Remove the power button from the sign-in screen. |     Go to **Computer Configuration** &gt; **Windows Settings** &gt; **Security Settings** &gt; **Local Policies** &gt;**Security Options** &gt; **Shutdown: Allow system to be shut down without having to log on** and select **Disabled.** |
+| Disable the camera. |     Go to **Settings** &gt; **Privacy** &gt; **Camera**, and turn off **Let apps use my camera**. |
+| Turn off app notifications on the lock screen. |     Go to **Group Policy Editor** &gt; **Computer Configuration** &gt; **Administrative Templates\\System\\Logon\\Turn off app notifications on the lock screen**. |
+| Disable removable media. |     Go to **Group Policy Editor** &gt; **Computer Configuration** &gt; **Administrative Templates\\System\\Device Installation\\Device Installation Restrictions**. Review the policy settings available in **Device Installation Restrictions** for the settings applicable to your situation.</br></br>**NOTE**: To prevent this policy from affecting a member of the Administrators group, in **Device Installation Restrictions**, enable **Allow administrators to override Device Installation Restriction policies**. |
 
 
 ## Enable logging
 
 Logs can help you [troubleshoot issues](./kiosk-troubleshoot.md) kiosk issues. Logs about configuration and runtime issues can be obtained by enabling the **Applications and Services Logs\Microsoft\Windows\AssignedAccess\Operational** channel, which is disabled by default.
 
-![Event Viewer, right-click Operational, select enable log.](images/enable-assigned-access-log.png)
+:::image type="content" source="images/enable-assigned-access-log.png" alt-text="On Windows client, open Event Viewer, right-click Operational, select enable log to turn on logging to help troubleshoot.":::
 
 ## Automatic logon
 
 In addition to the settings in the table, you may want to set up **automatic logon** for your kiosk device. When your kiosk device restarts, whether from an update or power outage, you can sign in the assigned access account manually or you can configure the device to sign in to the assigned access account automatically. Make sure that Group Policy settings applied to the device do not prevent automatic sign in.
 
 > [!NOTE]
-> If you are using a Windows 10 and later device restriction CSP to set "Preferred Azure AD tenant domain", this will break the "User logon type" auto-login feature of the Kiosk profile.
+> If you are using a Windows client device restriction CSP to set "Preferred Azure AD tenant domain", this will break the "User logon type" auto-login feature of the Kiosk profile.
 
 > [!TIP]
 > If you use the [kiosk wizard in Windows Configuration Designer](kiosk-single-app.md#wizard) or [XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) to configure your kiosk, you can set an account to sign in automatically in the wizard or XML. 
@@ -107,147 +108,56 @@ The following table describes some features that have interoperability issues we
 > [!Note]
 > Where applicable, the table notes which features are optional that you can configure for assigned access.
 
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th>Feature</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td><p>Accessibility</p></td>
-<td><p>Assigned access does not change Ease of Access settings.</p>
-<p>We recommend that you use <a href="/windows-hardware/customize/enterprise/keyboardfilter" data-raw-source="[Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter)">Keyboard Filter</a> to block the following key combinations that bring up accessibility features:</p>
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th>Key combination</th>
-<th>Blocked behavior</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td><p>Left Alt+Left Shift+Print Screen</p></td>
-<td><p>Open High Contrast dialog box.</p></td>
-</tr>
-<tr class="even">
-<td><p>Left Alt+Left Shift+Num Lock</p></td>
-<td><p>Open Mouse Keys dialog box.</p></td>
-</tr>
-<tr class="odd">
-<td><p>Windows logo key+U</p></td>
-<td><p>Open Ease of Access Center.</p></td>
-</tr>
-</tbody>
-</table>
-<p> </p></td>
-</tr>
-<tr class="even">
-<td><p>Assigned access Windows PowerShell cmdlets</p></td>
-<td><p>In addition to using the Windows UI, you can use the Windows PowerShell cmdlets to set or clear assigned access. For more information, see <a href="/powershell/module/assignedaccess/?view=win10-ps" data-raw-source="[Assigned access Windows PowerShell reference](/powershell/module/assignedaccess/?view=win10-ps)">Assigned access Windows PowerShell reference</a>.</p></td>
-</tr>
-<tr class="odd">
-<td><p>Key sequences blocked by assigned access</p></td>
-<td><p>When in assigned access, some key combinations are blocked for assigned access users.</p>
-<p>Alt+F4, Alt+Shift+Tab, Alt+Tab are not blocked by Assigned Access, it is recommended you use <a href="/windows-hardware/customize/enterprise/keyboardfilter" data-raw-source="[Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter)">Keyboard Filter</a> to block these key combinations.</p>
-<p>Ctrl+Alt+Delete is the key to break out of Assigned Access. If needed, you can use Keyboard Filter to configure a different key combination to break out of assigned access by setting BreakoutKeyScanCode as described in <a href="/windows-hardware/customize/enterprise/wekf-settings" data-raw-source="[WEKF_Settings](/windows-hardware/customize/enterprise/wekf-settings)">WEKF_Settings</a>.</p>
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th>Key combination</th>
-<th>Blocked behavior for assigned access users</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td><p>Alt+Esc</p></td>
-<td><p>Cycle through items in the reverse order from which they were opened.</p></td>
-</tr>
-<tr class="even">
-<td><p>Ctrl+Alt+Esc</p></td>
-<td><p>Cycle through items in the reverse order from which they were opened.</p></td>
-</tr>
-<tr class="odd">
-<td><p>Ctrl+Esc</p></td>
-<td><p>Open the Start screen.</p></td>
-</tr>
-<tr class="even">
-<td><p>Ctrl+F4</p></td>
-<td><p>Close the window.</p></td>
-</tr>
-<tr class="odd">
-<td><p>Ctrl+Shift+Esc</p></td>
-<td><p>Open Task Manager.</p></td>
-</tr>
-<tr class="even">
-<td><p>Ctrl+Tab</p></td>
-<td><p>Switch windows within the application currently open.</p></td>
-</tr>
-<tr class="odd">
-<td><p>LaunchApp1</p></td>
-<td><p>Open the app that is assigned to this key.</p></td>
-</tr>
-<tr class="even">
-<td><p>LaunchApp2</p></td>
-<td><p>Open the app that is assigned to this key, which on many Microsoft keyboards is Calculator.</p></td>
-</tr>
-<tr class="odd">
-<td><p>LaunchMail</p></td>
-<td><p>Open the default mail client.</p></td>
-</tr>
-<tr class="even">
-<td><p>Windows logo key</p></td>
-<td><p>Open the Start screen.</p></td>
-</tr>
-</tbody>
-</table>
-<p> </p>
-<p>Keyboard Filter settings apply to other standard accounts.</p></td>
-</tr>
-<tr class="even">
-<td><p>Key sequences blocked by <a href="/windows-hardware/customize/enterprise/keyboardfilter" data-raw-source="[Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter)">Keyboard Filter</a></p></td>
-<td><p>If Keyboard Filter is turned ON then some key combinations are blocked automatically without you having to explicitly block them. For more information, see the <a href="/windows-hardware/customize/enterprise/keyboardfilter" data-raw-source="[Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter)">Keyboard Filter</a> reference topic.</p>
-<p><a href="/windows-hardware/customize/enterprise/keyboardfilter" data-raw-source="[Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter)">Keyboard Filter</a> is only available on Windows 10 Enterprise or Windows 10 Education.</p>
-</td>
-</tr>
-<tr class="odd">
-<td><p>Power button</p></td>
-<td><p>Customizations for the Power button complement assigned access, letting you implement features such as removing the power button from the Welcome screen. Removing the power button ensures the user cannot turn off the device when it is in assigned access.</p>
-<p>For more information on removing the power button or disabling the physical power button, see <a href="/windows-hardware/customize/enterprise/custom-logon" data-raw-source="[Custom Logon](/windows-hardware/customize/enterprise/custom-logon)">Custom Logon</a>.</p></td>
-</tr>
-<tr class="even">
-<td><p>Unified Write Filter (UWF)</p></td>
-<td><p>UWFsettings apply to all users, including those with assigned access.</p>
-<p>For more information, see <a href="/windows-hardware/customize/enterprise/unified-write-filter" data-raw-source="[Unified Write Filter](/windows-hardware/customize/enterprise/unified-write-filter)">Unified Write Filter</a>.</p></td>
-</tr>
-<tr class="odd">
-<td><p>WEDL_AssignedAccess class</p></td>
-<td><p>Although you can use this class to configure and manage basic lockdown features for assigned access, we recommend that you use the Windows PowerShell cmdlets instead.</p>
-<p>If you need to use assigned access API, see <a href="/windows-hardware/customize/enterprise/wedl-assignedaccess" data-raw-source="[WEDL_AssignedAccess](./w/windows-hardware/customize/enterprise/wedl-assignedaccess)">WEDL_AssignedAccess</a>.</p></td>
-</tr>
-<tr class="even">
-<td><p>Welcome Screen</p></td>
-<td><p>Customizations for the Welcome screen let you personalize not only how the Welcome screen looks, but for how it functions. You can disable the power or language button, or remove all user interface elements. There are many options to make the Welcome screen your own.</p>
-<p>For more information, see <a href="/windows-hardware/customize/enterprise/custom-logon" data-raw-source="[Custom Logon](/windows-hardware/customize/enterprise/custom-logon)">Custom Logon</a>.</p></td>
-</tr>
-</tbody>
-</table>
+- **Accessibility**: Assigned access does not change Ease of Access settings. We recommend that you use [Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter) to block the following key combinations that bring up accessibility features:
 
+  | Key combination | Blocked behavior |
+  | --- | --- | 
+  | Left Alt + Left Shift + Print Screen | Open High Contrast dialog box. |
+  | Left Alt + Left Shift + Num Lock | Open Mouse Keys dialog box. |
+  | Windows logo key + U | Open Ease of Access Center. | 
 
-<span id="test-vm"/>
+- **Assigned access Windows PowerShell cmdlets**: In addition to using the Windows UI, you can use the Windows PowerShell cmdlets to set or clear assigned access. For more information, see [Assigned access Windows PowerShell reference](/powershell/module/assignedaccess/)
+
+- **Key sequences blocked by assigned access**: When in assigned access, some key combinations are blocked for assigned access users.
+
+  Alt+F4, Alt+Shift+Tab, Alt+Tab are not blocked by Assigned Access, it is recommended you use [Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter) to block these key combinations.
+
+  Ctrl+Alt+Delete is the key to break out of Assigned Access. If needed, you can use Keyboard Filter to configure a different key combination to break out of assigned access by setting BreakoutKeyScanCode as described in [WEKF_Settings](/windows-hardware/customize/enterprise/wekf-settings).
+
+  | Key combination | Blocked behavior for assigned access users |
+  | --- | --- | 
+  | Alt+Esc | Cycle through items in the reverse order from which they were opened. |
+  | Ctrl+Alt+Esc | Cycle through items in the reverse order from which they were opened. |
+  | Ctrl+Esc | Open the Start screen. |
+  | Ctrl+F4 | Close the window. |
+  | Ctrl+Shift+Esc | Open Task Manager. |
+  | Ctrl+Tab | Switch windows within the application currently open. |
+  | LaunchApp1 | Open the app that is assigned to this key. |
+  | LaunchApp2 | Open the app that is assigned to this key, which on many Microsoft keyboards is Calculator. |
+  | LaunchMail | Open the default mail client. |
+  | Windows logo key | Open the Start screen. |
+
+  Keyboard Filter settings apply to other standard accounts.
+
+- **Key sequences blocked by [Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter)**: If Keyboard Filter is turned ON, then some key combinations are blocked automatically without you having to explicitly block them. For more information, see the [Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter).
+
+  [Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter) is only available on Windows client Enterprise or Education.
+
+- **Power button**: Customizations for the Power button complement assigned access, letting you implement features such as removing the power button from the Welcome screen. Removing the power button ensures the user cannot turn off the device when it is in assigned access.
+
+  For more information on removing the power button or disabling the physical power button, see [Custom Logon](/windows-hardware/customize/enterprise/custom-logon).
+
+- **Unified Write Filter (UWF)**: UWFsettings apply to all users, including those with assigned access.
+
+  For more information, see [Unified Write Filter](/windows-hardware/customize/enterprise/unified-write-filter).
+
+- **WEDL_AssignedAccess class**: Although you can use this class to configure and manage basic lockdown features for assigned access, we recommend that you use the Windows PowerShell cmdlets instead.
+
+  If you need to use assigned access API, see [WEDL_AssignedAccess](/windows-hardware/customize/enterprise/wedl-assignedaccess).
+
+- **Welcome Screen**: Customizations for the Welcome screen let you personalize not only how the Welcome screen looks, but for how it functions. You can disable the power or language button, or remove all user interface elements. There are many options to make the Welcome screen your own.
+
+  For more information, see [Custom Logon](/windows-hardware/customize/enterprise/custom-logon).
 
 ## Testing your kiosk in a virtual machine (VM)
 
@@ -257,8 +167,8 @@ A single-app kiosk configuration runs an app above the lock screen. It doesn't w
 
 When you connect to a VM configured as a single-app kiosk, you need a *basic* session rather than an enhanced session. In the following image, notice that **Enhanced session** is not selected in the **View** menu; that means it's a basic session.
 
-![VM windows, View menu, Extended session is not selected.](images/vm-kiosk.png)
+:::image type="content" source="images/vm-kiosk.png" alt-text="Use a basic session to connect a virtual machine. In the View menu, Extended session is not selected, which means basic is used.":::
 
 To connect to a VM in a basic session, do not select **Connect** in the connection dialog, as shown in the following image, but instead, select the **X** button in the upper-right corner to cancel the dialog. 
 
-![Do not select the connect button, use "close X" in the top corner](images/vm-kiosk-connect.png)
\ No newline at end of file
+:::image type="content" source="images/vm-kiosk-connect.png" alt-text="Do not select the connect button. Use "close X" in the top corner to connect to a VM in basic session":::
diff --git a/windows/configuration/kiosk-shelllauncher.md b/windows/configuration/kiosk-shelllauncher.md
index 73e724bd75..5c54ed24d0 100644
--- a/windows/configuration/kiosk-shelllauncher.md
+++ b/windows/configuration/kiosk-shelllauncher.md
@@ -1,5 +1,5 @@
 ---
-title: Use Shell Launcher to create a Windows 10 kiosk (Windows 10)
+title: Use Shell Launcher to create a Windows 10/11 kiosk (Windows 10/11)
 description: Shell Launcher lets you change the default shell that launches when a user signs in to a device.
 ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
 ms.reviewer: 
@@ -14,13 +14,14 @@ ms.localizationpriority: medium
 ms.topic: article
 ---
 
-# Use Shell Launcher to create a Windows 10 kiosk
+# Use Shell Launcher to create a Windows client kiosk
 
 
 **Applies to**
 - Windows 10 Ent, Edu
+- Windows 11
 
-Using Shell Launcher, you can configure a device that runs an application as the user interface, replacing the default shell (explorer.exe). In **Shell Launcher v1**, available in Windows 10, you can only specify a Windows desktop application as the replacement shell. In **Shell Launcher v2**, available in Windows 10, version 1809 and above, you can also specify a UWP app as the replacement shell. To use **Shell Launcher v2** in version 1809, you need to install the [KB4551853](https://support.microsoft.com/help/4551853) update. 
+Using Shell Launcher, you can configure a device that runs an application as the user interface, replacing the default shell (explorer.exe). In **Shell Launcher v1**, available in Windows client, you can only specify a Windows desktop application as the replacement shell. In **Shell Launcher v2**, available in Windows 10 version 1809+ / Windows 11, you can also specify a UWP app as the replacement shell. To use **Shell Launcher v2** in Windows 10 version 1809, you need to install the [KB4551853](https://support.microsoft.com/help/4551853) update. 
 
 >[!NOTE]
 >Shell Launcher controls which application the user sees as the shell after sign-in. It does not prevent the user from accessing other desktop applications and system components. 
@@ -30,7 +31,7 @@ Using Shell Launcher, you can configure a device that runs an application as the
 >- [AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview) - Application control policies
 >- [Mobile Device Management](/windows/client-management/mdm) - Enterprise management of device security policies
 
-You can apply a custom shell through Shell Launcher [by using PowerShell](#configure-a-custom-shell-using-powershell). In Windows 10, version 1803 and later, you can also [use mobile device management (MDM)](#configure-a-custom-shell-in-mdm) to apply a custom shell through Shell Launcher.
+You can apply a custom shell through Shell Launcher [by using PowerShell](#configure-a-custom-shell-using-powershell). In Windows 10 version 1803+ / Windows 11, you can also [use mobile device management (MDM)](#configure-a-custom-shell-in-mdm) to apply a custom shell through Shell Launcher.
 
 
 ## Differences between Shell Launcher v1 and Shell Launcher v2
diff --git a/windows/configuration/kiosk-single-app.md b/windows/configuration/kiosk-single-app.md
index 4a123b3408..08a4c1d23e 100644
--- a/windows/configuration/kiosk-single-app.md
+++ b/windows/configuration/kiosk-single-app.md
@@ -1,5 +1,5 @@
 ---
-title: Set up a single-app kiosk (Windows 10)
+title: Set up a single-app kiosk (Windows 10/11)
 description: A single-use device is easy to set up in Windows 10 for desktop editions (Pro, Enterprise, and Education).
 ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
 ms.reviewer: 
@@ -11,7 +11,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 author: greg-lindsay
 ms.localizationpriority: medium
-ms.date: 01/09/2019
+ms.date: 09/20/2021
 ms.topic: article
 ---
 
@@ -20,7 +20,8 @@ ms.topic: article
 
 **Applies to**
 
--   Windows 10 Pro, Enterprise, and Education
+- Windows 10 Pro, Enterprise, and Education
+- Windows 11
 
 A single-app kiosk uses the Assigned Access feature to run a single app above the lockscreen. When the kiosk account signs in, the app is launched automatically. The person using the kiosk cannot do anything on the device outside of the kiosk app.
 
@@ -35,11 +36,10 @@ You have several options for configuring your single-app kiosk.
 
 Method | Description
 --- | ---
-[Locally, in Settings](#local) | The **Set up a kiosk** (previously named **Set up assigned access**) option in **Settings** is a quick and easy method to set up a single device as a kiosk for a local standard user account. <br><br>This method is supported on Windows 10 Pro, Enterprise, and Education.
-[PowerShell](#powershell) | You can use Windows PowerShell cmdlets to set up a single-app kiosk. First, you need to [create the user account](https://support.microsoft.com/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10) on the device and install the kiosk app for that account.<br><br>This method is supported on Windows 10 Pro, Enterprise, and Education.
-[The kiosk wizard in Windows Configuration Designer](#wizard) | Windows Configuration Designer is a tool that produces a *provisioning package*, which is a package of configuration settings that can be applied to one or more devices during the first-run experience (OOBE) or after OOBE is done (runtime). You can also create the kiosk user account and install the kiosk app, as well as other useful settings, using the kiosk wizard.<br><br>This method is supported on Windows 10 Pro (version 1709 and later), Enterprise, and Education.
-[Microsoft Intune or other mobile device management (MDM) provider](#mdm) | For managed devices, you can use MDM to set up a kiosk configuration.<br><br>This method is supported on Windows 10 Pro (version 1709 and later), Enterprise, and Education.
-
+[Locally, in Settings](#local) | The **Set up a kiosk** (previously named **Set up assigned access**) option in **Settings** is a quick and easy method to set up a single device as a kiosk for a local standard user account. <br><br>This method is supported on Windows client Pro, Enterprise, and Education.
+[PowerShell](#powershell) | You can use Windows PowerShell cmdlets to set up a single-app kiosk. First, you need to [create the user account](https://support.microsoft.com/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10) on the device and install the kiosk app for that account.<br><br>This method is supported on Windows client Pro, Enterprise, and Education.
+[The kiosk wizard in Windows Configuration Designer](#wizard) | Windows Configuration Designer is a tool that produces a *provisioning package*, which is a package of configuration settings that can be applied to one or more devices during the first-run experience (OOBE) or after OOBE is done (runtime). You can also create the kiosk user account and install the kiosk app, as well as other useful settings, using the kiosk wizard.<br><br>This method is supported on Windows 10 Pro version 1709+, Enterprise, and Education / Windows 11.
+[Microsoft Intune or other mobile device management (MDM) provider](#mdm) | For managed devices, you can use MDM to set up a kiosk configuration.<br><br>This method is supported on Windows 10 Pro version 1709+, Enterprise, and Education / Windows 11.
 
 >[!TIP]
 >You can also configure a kiosk account and app for single-app kiosk within [XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) by using a [kiosk profile](lock-down-windows-10-to-specific-apps.md#profile).  
@@ -52,11 +52,14 @@ Method | Description
 
 ## Set up a kiosk in local Settings
 
->App type: UWP
+>App type: 
+> - UWP
 >
->OS edition: Windows 10 Pro, Ent, Edu
+>OS edition: 
+> - Windows client Pro, Ent, Edu
 >
->Account type: Local standard user
+>Account type:
+> - Local standard user
 
 You can use **Settings** to quickly configure one or a few devices as a kiosk. 
 
@@ -68,11 +71,9 @@ When your kiosk is a local device that is not managed by Active Directory or Azu
 
 ![Screenshot of automatic sign-in setting.](images/auto-signin.png)
 
-### Instructions for Windows 10, version 1809
+### Windows 10 version 1809 / Windows 11
 
-When you set up a kiosk (also known as *assigned access*) in **Settings** for Windows 10, version 1809, you create the kiosk user account at the same time.
-
-**To set up assigned access in PC settings**
+When you set up a kiosk (also known as *assigned access*) in **Settings** for Windows client, you create the kiosk user account at the same time. To set up assigned access in PC settings:
 
 1.  Go to **Start** &gt; **Settings** &gt; **Accounts** &gt; **Other users**.
 
@@ -94,9 +95,9 @@ When you set up a kiosk (also known as *assigned access*) in **Settings** for Wi
 To remove assigned access, select the account tile on the **Set up a kiosk** page, and then select **Remove kiosk**.
 
 
-### Instructions for Windows 10, version 1803 and earlier
+### Instructions for Windows 10 version 1803 and earlier
 
-When you set up a kiosk (also known as *assigned access*) in **Settings** for Windows 10, version 1803 and earlier, you must select an existing local standard user account. [Learn how to create a local standard user account.](https://support.microsoft.com/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10)
+When you set up a kiosk (also known as *assigned access*) in **Settings** for Windows 10 version 1803 and earlier, you must select an existing local standard user account. [Learn how to create a local standard user account.](https://support.microsoft.com/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10)
 
 ![The Set up assigned access page in Settings.](images/kiosk-settings.png)
 
@@ -114,22 +115,19 @@ When you set up a kiosk (also known as *assigned access*) in **Settings** for Wi
 
 To remove assigned access, choose **Turn off assigned access and sign out of the selected account**.
 
-
-
-
-
-
-
 <span id="powershell"/>
 
 ## Set up a kiosk using Windows PowerShell
 
  
->App type: UWP
+>App type: 
+> - UWP
 >
->OS edition: Windows 10 Pro, Ent, Edu
+>OS edition: 
+> - Windows client Pro, Ent, Edu
 >
->Account type: Local standard user
+>Account type: 
+> - Local standard user
 
 ![PowerShell windows displaying Set-AssignedAccess cmdlet.](images/set-assignedaccess.png)
 
@@ -144,28 +142,12 @@ Before you run the cmdlet:
 5. Log out as the Assigned Access user account.
 6. Log in as administrator.
 
-To open PowerShell on Windows 10, search for PowerShell and find **Windows PowerShell Desktop app** in the results. Run PowerShell as administrator.
+To open PowerShell on Windows client, search for PowerShell, and find **Windows PowerShell Desktop app** in the results. Run PowerShell as administrator.
 
-**Configure assigned access by AppUserModelID and user name**
-
-```
-Set-AssignedAccess -AppUserModelId <AUMID> -UserName <username>
-```
-**Configure assigned access by AppUserModelID and user SID**
-
-```
-Set-AssignedAccess -AppUserModelId <AUMID> -UserSID <usersid>
-```
-**Configure assigned access by app name and user name**
-
-```
-Set-AssignedAccess -AppName <CustomApp> -UserName <username>
-```
-**Configure assigned access by app name and user SID**
-
-```
-Set-AssignedAccess -AppName <CustomApp> -UserSID <usersid>
-```
+- **Configure assigned access by AppUserModelID and user name**: `Set-AssignedAccess -AppUserModelId <AUMID> -UserName <username>`
+- **Configure assigned access by AppUserModelID and user SID**: `Set-AssignedAccess -AppUserModelId <AUMID> -UserSID <usersid>`
+- **Configure assigned access by app name and user name**: `Set-AssignedAccess -AppName <CustomApp> -UserName <username>`
+- **Configure assigned access by app name and user SID**: `Set-AssignedAccess -AppName <CustomApp> -UserSID <usersid>`
 
 > [!NOTE]
 > To set up assigned access using `-AppName`, the user account that you specify for assigned access must have logged on at least once. 
@@ -174,22 +156,27 @@ Set-AssignedAccess -AppName <CustomApp> -UserSID <usersid>
 
 [Learn how to get the AppName](/powershell/module/assignedaccess/set-assignedaccess) (see **Parameters**).
 
-To remove assigned access, using PowerShell, run the following cmdlet.
+To remove assigned access, using PowerShell, run the following cmdlet:
 
-```
+```powershell
 Clear-AssignedAccess
 ```
 
-
 <span id="wizard" />
 
 ## Set up a kiosk using the kiosk wizard in Windows Configuration Designer
 
->App type: UWP or Windows desktop application
+>App type:
+> - UWP 
+> - Windows desktop application
 >
->OS edition: Windows 10 Pro (version 1709 and later) for UWP only; Ent, Edu for both app types
+>OS edition:
+> - Windows 10 Pro version 1709+ for UWP only; Ent, Edu for both app types
+> - Windows 11
 >
->Account type: Local standard user, Active Directory 
+>Account type:
+> - Local standard user
+> - Active Directory 
 
 ![Kiosk wizard option in Windows Configuration Designer.](images/kiosk-wizard.png)
 
@@ -202,12 +189,10 @@ When you use the **Provision kiosk devices** wizard in Windows Configuration Des
 
 [Install Windows Configuration Designer](provisioning-packages/provisioning-install-icd.md), then open Windows Configuration Designer and select **Provision kiosk devices**. After you name your project, and click **Next**, configure the settings as shown in the following table.
 
-
-
 <table>
-<tr><td valign="top"><img src="images/one.png" alt="step one"/><img src="images/set-up-device.png" alt="set up device"/></br></br>Enable device setup if you want to configure settings on this page.</br></br><strong>If enabled:</strong></br></br>Enter a name for the device.</br></br>(Optional) Select a license file to upgrade Windows 10 to a different edition. <a href="/windows/deployment/upgrade/windows-10-edition-upgrades" data-raw-source="[See the permitted upgrades.](/windows/deployment/upgrade/windows-10-edition-upgrades)">See the permitted upgrades.</a></br></br>Toggle <strong>Configure devices for shared use</strong> off. This setting optimizes Windows 10 for shared use scenarios and isn&#39;t necessary for a kiosk scenario.</br></br>You can also select to remove pre-installed software from the device. </td><td><img src="images/set-up-device-details.png" alt="device name, upgrade to enterprise, shared use, remove pre-installed software"/></td></tr>
+<tr><td valign="top"><img src="images/one.png" alt="step one"/><img src="images/set-up-device.png" alt="set up device"/></br></br>Enable device setup if you want to configure settings on this page.</br></br><strong>If enabled:</strong></br></br>Enter a name for the device.</br></br>(Optional) Select a license file to upgrade Windows client to a different edition. <a href="/windows/deployment/upgrade/windows-10-edition-upgrades" data-raw-source="[See the permitted upgrades.](/windows/deployment/upgrade/windows-10-edition-upgrades)">See the permitted upgrades.</a></br></br>Toggle <strong>Configure devices for shared use</strong> off. This setting optimizes Windows client for shared use scenarios and isn&#39;t necessary for a kiosk scenario.</br></br>You can also select to remove pre-installed software from the device. </td><td><img src="images/set-up-device-details.png" alt="device name, upgrade to enterprise, shared use, remove pre-installed software"/></td></tr>
 <tr><td valign="top"><img src="images/two.png" alt="step two"/>  <img src="images/set-up-network.png" alt="set up network"/></br></br>Enable network setup if you want to configure settings on this page.</br></br><strong>If enabled:</strong></br></br>Toggle <strong>On</strong> or <strong>Off</strong> for wireless network connectivity. If you select <strong>On</strong>, enter the SSID, the network type (<strong>Open</strong> or <strong>WPA2-Personal</strong>), and (if <strong>WPA2-Personal</strong>) the password for the wireless network.</td><td><img src="images/set-up-network-details.png" alt="Enter network SSID and type"/></td></tr>
-<tr><td valign="top"><img src="images/three.png" alt="step three"/>  <img src="images/account-management.png" alt="account management"/></br></br>Enable account management if you want to configure settings on this page. </br></br><strong>If enabled:</strong></br></br>You can enroll the device in Active Directory, enroll in Azure Active Directory, or create a local administrator account on the device</br></br>To enroll the device in Active Directory, enter the credentials for a least-privileged user account to join the device to the domain.</br></br>Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, <a href="/azure/active-directory/active-directory-azureadjoin-setup" data-raw-source="[set up Azure AD join in your organization](/azure/active-directory/active-directory-azureadjoin-setup)">set up Azure AD join in your organization</a>. The <strong>maximum number of devices per user</strong> setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 180 days from the date you get the token). Click <strong>Get bulk token</strong>. In the <strong>Let&#39;s get you signed in</strong> window, enter an account that has permissions to join a device to Azure AD, and then the password. Click <strong>Accept</strong> to give Windows Configuration Designer the necessary permissions.</br></br><strong>Warning:</strong> You must run Windows Configuration Designer on Windows 10 to configure Azure Active Directory enrollment using any of the wizards.</br></br>To create a local administrator account, select that option and enter a user name and password. </br></br><strong>Important:</strong> If you create a local account in the provisioning package, you must change the password using the <strong>Settings</strong> app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in.  </td><td><img src="images/account-management-details.png" alt="join Active Directory, Azure AD, or create a local admin account"/></td></tr>
+<tr><td valign="top"><img src="images/three.png" alt="step three"/>  <img src="images/account-management.png" alt="account management"/></br></br>Enable account management if you want to configure settings on this page. </br></br><strong>If enabled:</strong></br></br>You can enroll the device in Active Directory, enroll in Azure Active Directory, or create a local administrator account on the device</br></br>To enroll the device in Active Directory, enter the credentials for a least-privileged user account to join the device to the domain.</br></br>Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, <a href="/azure/active-directory/active-directory-azureadjoin-setup" data-raw-source="[set up Azure AD join in your organization](/azure/active-directory/active-directory-azureadjoin-setup)">set up Azure AD join in your organization</a>. The <strong>maximum number of devices per user</strong> setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 180 days from the date you get the token). Click <strong>Get bulk token</strong>. In the <strong>Let&#39;s get you signed in</strong> window, enter an account that has permissions to join a device to Azure AD, and then the password. Click <strong>Accept</strong> to give Windows Configuration Designer the necessary permissions.</br></br><strong>Warning:</strong> You must run Windows Configuration Designer on Windows client to configure Azure Active Directory enrollment using any of the wizards.</br></br>To create a local administrator account, select that option and enter a user name and password. </br></br><strong>Important:</strong> If you create a local account in the provisioning package, you must change the password using the <strong>Settings</strong> app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in.  </td><td><img src="images/account-management-details.png" alt="join Active Directory, Azure AD, or create a local admin account"/></td></tr>
 <tr><td valign="top"><img src="images/four.png" alt="step four"/> <img src="images/add-applications.png" alt="add applications"/></br></br>You can provision the kiosk app in the <strong>Add applications</strong> step. You can install multiple applications, both Windows desktop applications (Win32) and Universal Windows Platform (UWP) apps, in a provisioning package. The settings in this step vary according to the application that you select. For help with the settings, see <a href="provisioning-packages/provision-pcs-with-apps.md" data-raw-source="[Provision PCs with apps](provisioning-packages/provision-pcs-with-apps.md)">Provision PCs with apps</a></br></br><strong>Warning:</strong> If you click the plus button to add an application, you must specify an application for the provisioning package to validate. If you click the plus button in error, select any executable file in <strong>Installer Path</strong>, and then a <strong>Cancel</strong> button becomes available, allowing you to complete the provisioning package without an application. </td><td><img src="images/add-applications-details.png" alt="add an application"/></td></tr>
 <tr><td valign="top"><img src="images/five.png" alt="step five"/> <img src="images/add-certificates.png" alt="add certificates"/></br></br>To provision the device with a certificate for the kiosk app, click <strong>Add a certificate</strong>. Enter a name for the certificate, and then browse to and select the certificate to be used.</td><td><img src="images/add-certificates-details.png" alt="add a certificate"/></td></tr> 
 <tr><td valign="top"><img src="images/six.png" alt="step six"/>  <img src="images/kiosk-account.png" alt="Configure kiosk account and app"/></br></br>You can create a local standard user account that will be used to run the kiosk app. If you toggle <strong>No</strong>, make sure that you have an existing user account to run the kiosk app.</br></br>If you want to create an account, enter the user name and password, and then toggle <strong>Yes</strong> or <strong>No</strong> to automatically sign in the account when the device starts. (If you encounter issues with auto sign-in after you apply the provisioning package, check the Event Viewer logs for auto logon issues under <strong>Applications and Services Logs\Microsoft\Windows\Authentication User Interface\Operational</strong>.)</br></br>In <strong>Configure the kiosk mode app</strong>, enter the name of the user account that will run the kiosk mode app. Select the type of app to run in kiosk mode, and then enter the path or filename (for a Windows desktop application) or the AUMID (for a Universal Windows app). For a Windows desktop application, you can use the filename if the path to the file is in the PATH environment variable, otherwise the full path is required.</td><td><img src="images/kiosk-account-details.png" alt="The 'Configure kiosk common settings' button as displayed while provisioning a kiosk device in Windows Configuration Designer."/></td></tr>
@@ -222,36 +207,31 @@ When you use the **Provision kiosk devices** wizard in Windows Configuration Des
 >[!IMPORTANT]
 >When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
 
-
-
-
 [Learn how to apply a provisioning package.](provisioning-packages/provisioning-apply-package.md)
 
-
-
-
-
- 
-
-
 <span id="mdm" />
 
 ## Set up a kiosk or digital sign using Microsoft Intune or other MDM service
 
->App type: UWP 
+>App type: 
+> - UWP
 >
->OS edition: Windows 10 Pro (version 1709), Ent, Edu
+>OS edition: 
+> - Windows 10 Pro version 1709+, Ent, Edu
+> - Windows 11
 >
->Account type: Local standard user, Azure AD
+>Account type:
+> - Local standard user
+> - Azure AD
 
 
 
 Microsoft Intune and other MDM services enable kiosk configuration through the [AssignedAccess configuration service provider (CSP)](/windows/client-management/mdm/assignedaccess-csp). Assigned Access has a `KioskModeApp` setting. In the `KioskModeApp` setting, you enter the user account name and the [AUMID](/windows-hardware/customize/enterprise/find-the-application-user-model-id-of-an-installed-app) for the app to run in kiosk mode.
 
 >[!TIP]
->Starting in Windows 10, version 1803, a ShellLauncher node has been added to the [AssignedAccess CSP](/windows/client-management/mdm/assignedaccess-csp). 
+>A ShellLauncher node has been added to the [AssignedAccess CSP](/windows/client-management/mdm/assignedaccess-csp). 
 
-To configure a kiosk in Microsoft Intune, see [Windows 10 and Windows Holographic for Business device settings to run as a dedicated kiosk using Intune](/intune/kiosk-settings). For other MDM services, see the documentation for your provider.
+To configure a kiosk in Microsoft Intune, see [Windows client and Windows Holographic for Business device settings to run as a dedicated kiosk using Intune](/intune/kiosk-settings). For other MDM services, see the documentation for your provider.
 
 
 
@@ -261,7 +241,6 @@ To exit the assigned access (kiosk) app, press **Ctrl + Alt + Del**, and then si
 
 If you press **Ctrl + Alt + Del** and do not sign in to another account, after a set time, assigned access will resume. The default time is 30 seconds, but you can change that in the following registry key:
 
-**HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI**
+`HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI`
 
 To change the default time for assigned access to resume, add *IdleTimeOut* (DWORD) and enter the value data as milliseconds in hexadecimal.
-
diff --git a/windows/configuration/kiosk-troubleshoot.md b/windows/configuration/kiosk-troubleshoot.md
index e34bee8204..7591e5d1bb 100644
--- a/windows/configuration/kiosk-troubleshoot.md
+++ b/windows/configuration/kiosk-troubleshoot.md
@@ -1,5 +1,5 @@
 ---
-title: Troubleshoot kiosk mode issues (Windows 10)
+title: Troubleshoot kiosk mode issues (Windows 10/11)
 description: Learn how to troubleshoot single-app and multi-app kiosk configurations, as well as common problems like sign-in issues.
 ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
 ms.reviewer: 
@@ -20,7 +20,8 @@ ms.topic: article
 
 **Applies to**
 
--   Windows 10
+- Windows 10
+- Windows 11
 
 ## Single-app kiosk issues
 
diff --git a/windows/configuration/kiosk-validate.md b/windows/configuration/kiosk-validate.md
index 13ba945753..ca90b1212e 100644
--- a/windows/configuration/kiosk-validate.md
+++ b/windows/configuration/kiosk-validate.md
@@ -1,6 +1,6 @@
 ---
-title: Validate kiosk configuration (Windows 10)
-description: In this article, learn what to expect on a multi-app kiosk in Windows 10 Pro, Enterprise, and Education.
+title: Validate kiosk configuration (Windows 10/11)
+description: In this article, learn what to expect on a multi-app kiosk in Windows 10/11 Pro, Enterprise, and Education.
 ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
 ms.reviewer: 
 manager: dansimp
@@ -20,7 +20,8 @@ ms.topic: article
 
 **Applies to**
 
--   Windows 10 Pro, Enterprise, and Education
+- Windows 10 Pro, Enterprise, and Education
+- Windows 11
 
 To identify the provisioning packages applied to a device, go to **Settings** > **Accounts** > **Access work or school**, and then click **Add or remove a provisioning package**. You should see a list of packages that were applied to the device.
 
diff --git a/windows/configuration/kiosk-xml.md b/windows/configuration/kiosk-xml.md
index 36dd8ce054..59612cdcd1 100644
--- a/windows/configuration/kiosk-xml.md
+++ b/windows/configuration/kiosk-xml.md
@@ -1,6 +1,6 @@
 ---
-title: Assigned Access configuration kiosk XML reference (Windows 10)
-description: Learn about the assigned access configuration (kiosk) for XML and XSD for kiosk device configuration in Windows 10.
+title: Assigned Access configuration kiosk XML reference (Windows 10/11)
+description: Learn about the assigned access configuration (kiosk) for XML and XSD for kiosk device configuration in Windows 10/11.
 ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
 ms.reviewer: 
 manager: dansimp
@@ -21,7 +21,8 @@ ms.topic: article
 
 **Applies to**
 
--   Windows 10
+- Windows 10
+- Windwos 11
 
 ## Full XML sample
 
@@ -255,9 +256,10 @@ This sample demonstrates that both UWP and Win32 apps can be configured to autom
 ```
 
 ## Global Profile Sample XML
-Global Profile is currently supported in Windows 10, version 2004. Global Profile is designed for scenarios where a user does not have a designated profile, yet IT Admin still wants the user to run in lockdown mode, or used as mitigation when a profile cannot be determined for a user.
+Global Profile is currently supported in Windows 10 version 2004 / Windows 11. Global Profile is designed for scenarios where a user does not have a designated profile, yet IT Admin still wants the user to run in lockdown mode, or used as mitigation when a profile cannot be determined for a user.
+
+This sample demonstrates that only a global profile is used, no active user configured. Global profile will be applied when every non-admin account logs in.
 
-This sample demonstrates that only a global profile is used, no active user configured. Global profile will be applied when every non-admin account logs in 
 ```xml
 <?xml version="1.0" encoding="utf-8" ?>
 <AssignedAccessConfiguration
@@ -394,7 +396,7 @@ Below sample shows dedicated profile and global profile mixed usage, a user woul
 ```
 
 ## Folder Access sample xml
-In Windows 10, version 1809, folder access is locked down so that when common file dialog is opened, IT Admin can specify if the user has access to the Downloads folder, or no access to any folder at all. This restriction has been redesigned for finer granularity and easier use, and is available in Windows 10 version 2009 and later.
+Starting with Windows 10 version 1809 +, folder access is locked down so that when common file dialog is opened, IT Admin can specify if the user has access to the Downloads folder, or no access to any folder at all. This restriction has been redesigned for finer granularity and easier use, and is available in Windows 10 version 2009+.
 
 IT Admin now can specify user access to Downloads folder, Removable drives, or no restrictions at all. Downloads and Removable Drives can be allowed at the same time.
 
@@ -636,8 +638,9 @@ IT Admin now can specify user access to Downloads folder, Removable drives, or n
 ## XSD for AssignedAccess configuration XML
 
 >[!NOTE]
->Updated for Windows 10, version 1903 and later.
-Below schema is for AssignedAccess Configuration up to Windows 10 1803 release.
+>Updated for Windows 10, version 1903+.
+
+The following XML schema is for AssignedAccess Configuration up to Windows 10 1803 release.:
 
 ```xml
 <?xml version="1.0" encoding="utf-8"?>
@@ -814,7 +817,8 @@ Below schema is for AssignedAccess Configuration up to Windows 10 1803 release.
 </xs:schema>
 ```
 
-Here is the schema for new features introduced in Windows 10 1809 release
+The following XML is the schema for new features introduced in Windows 10 1809 release:
+
 ```xml
 <?xml version="1.0" encoding="utf-8"?>
 <xs:schema
@@ -859,7 +863,8 @@ Here is the schema for new features introduced in Windows 10 1809 release
 </xs:schema>
 ```
 
-Schema for Windows 10, version 1909 and later
+The following XML is the schema for Windows 10 version 1909+:
+
 ```xml
 <?xml version="1.0" encoding="utf-8"?>
 <xs:schema
@@ -889,7 +894,8 @@ Schema for Windows 10, version 1909 and later
 </xs:schema>
 ```
 
-To authorize a compatible configuration XML that includes elements and attributes from Windows 10, version 1809 or newer, always include the namespace of these add-on schemas, and decorate the attributes and elements accordingly with the namespace alias. For example, to configure the autolaunch feature that was added in Windows 10, version 1809, use the following sample. Notice an alias r1809 is given to the 201810 namespace for Windows 10, version 1809, and the alias is tagged on AutoLaunch and AutoLaunchArguments inline.
+To authorize a compatible configuration XML that includes elements and attributes from Windows 10 version 1809 or newer / Windows 11, always include the namespace of these add-on schemas, and decorate the attributes and elements accordingly with the namespace alias. For example, to configure the autolaunch feature that was added in Windows 10 version 1809 / Windows 11, use the following sample. Notice an alias r1809 is given to the 201810 namespace for Windows 10 version 1809 / Windows 11, and the alias is tagged on AutoLaunch and AutoLaunchArguments inline.
+
 ```xml
 <AssignedAccessConfiguration
     xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"
diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index 2bbcd7f1a3..d1055a6e2a 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -1,5 +1,5 @@
 ---
-title: Set up a multi-app kiosk  (Windows 10)
+title: Set up a multi-app kiosk  (Windows 10) | Microsoft Docs
 description: Learn how to configure a kiosk device running Windows 10 so that users can only run a few specific apps.
 ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
 ms.reviewer: 
@@ -11,7 +11,7 @@ ms.sitesec: library
 ms.pagetype: edu, security
 author: greg-lindsay
 ms.localizationpriority: medium
-ms.date: 01/09/2019
+ms.date: 09/20/2021
 ms.author: greglin
 ms.topic: article
 ---
@@ -22,13 +22,16 @@ ms.topic: article
 
 - Windows 10 Pro, Enterprise, and Education
 
+> [!NOTE]
+> Currently, multi-app kiosk is only supported on Windows 10. It's not supported on Windows 11.
+
 A [kiosk device](./kiosk-single-app.md) typically runs a single app, and users are prevented from accessing any features or functions on the device outside of the kiosk app. In Windows 10, version 1709, the [AssignedAccess configuration service provider (CSP)](/windows/client-management/mdm/assignedaccess-csp) was expanded to make it easy for administrators to create kiosks that run more than one app. The benefit of a kiosk that runs only one or more specified apps is to provide an easy-to-understand experience for individuals by putting in front of them only the things they need to use, and removing from their view the things they don’t need to access.
 
 The following table lists changes to multi-app kiosk in recent updates.
 
-|                                                                                                                            New features and improvements                                                                                                                             |                                                                                                           In update                                                                                                           |
-|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-|                     - Configure [a single-app kiosk profile](#profile) in your XML file<br><br>- Assign [group accounts to a config profile](#config-for-group-accounts)<br><br>- Configure [an account to sign in automatically](#config-for-autologon-account)                     |                                                                                                   Windows 10, version 1803                                                                                                    |
+| New features and improvements |  In update |
+| --- | ---|
+| - Configure [a single-app kiosk profile](#profile) in your XML file<br><br>- Assign [group accounts to a config profile](#config-for-group-accounts)<br><br>- Configure [an account to sign in automatically](#config-for-autologon-account) | Windows 10, version 1803 |
 | - Explicitly allow [some known folders when user opens file dialog box](#fileexplorernamespacerestrictions)<br><br>- [Automatically launch an app](#allowedapps) when the user signs in<br><br>- Configure a [display name for the autologon account](#config-for-autologon-account) | Windows 10, version 1809<br><br>**Important:** To use features released in Windows 10, version 1809, make sure that [your XML file](#create-xml-file) references `https://schemas.microsoft.com/AssignedAccess/201810/config`. |
 
 >[!WARNING]
@@ -43,7 +46,7 @@ You can configure multi-app kiosks using [Microsoft Intune](#intune) or a [provi
 
 ## Configure a kiosk in Microsoft Intune
 
-To configure a kiosk in Microsoft Intune, see [Windows 10 and Windows Holographic for Business device settings to run as a dedicated kiosk using Intune](/intune/kiosk-settings). For explanations of the specific settings, see [Windows 10 and later device settings to run as a kiosk in Intune](/intune/kiosk-settings-windows).
+To configure a kiosk in Microsoft Intune, see [Windows client and Windows Holographic for Business device settings to run as a dedicated kiosk using Intune](/intune/kiosk-settings). For explanations of the specific settings, see [Windows client device settings to run as a kiosk in Intune](/intune/kiosk-settings-windows).
 
 <span id="provision" />
 
diff --git a/windows/configuration/set-up-shared-or-guest-pc.md b/windows/configuration/set-up-shared-or-guest-pc.md
index ed5c4ee3a3..cd316111c2 100644
--- a/windows/configuration/set-up-shared-or-guest-pc.md
+++ b/windows/configuration/set-up-shared-or-guest-pc.md
@@ -1,6 +1,6 @@
 ---
-title: Set up a shared or guest PC with Windows 10 (Windows 10)
-description: Windows 10, version 1607, introduces *shared PC mode*, which optimizes Windows 10 for shared use scenarios.
+title: Set up a shared or guest PC with Windows 10/11 (Windows 10/11)
+description: Windows 10, version 1607, introduces *shared PC mode*, which optimizes Windows client for shared use scenarios.
 keywords: ["shared pc mode"]
 ms.prod: w10
 ms.mktglfcycl: manage
@@ -13,26 +13,27 @@ ms.reviewer:
 manager: dansimp
 ---
 
-# Set up a shared or guest PC with Windows 10
+# Set up a shared or guest PC with Windows 10/11
 
 
 **Applies to**
 
--   Windows 10
+- Windows 10
+- Windows 11
 
-Windows 10, version 1607, introduced *shared PC mode*, which optimizes Windows 10 for shared use scenarios, such as touchdown spaces in an enterprise and temporary customer use in retail. You can apply shared PC mode to Windows 10 Pro, Pro Education, Education, and Enterprise.
+Windows client has a *shared PC mode*, which optimizes Windows client for shared use scenarios, such as touchdown spaces in an enterprise and temporary customer use in retail. You can apply shared PC mode to Windows client Pro, Pro Education, Education, and Enterprise.
 
 > [!NOTE]
-> If you're interested in using Windows 10 for shared PCs in a school, see [Use Set up School PCs app](/education/windows/use-set-up-school-pcs-app) which provides a simple way to configure PCs with shared PC mode plus additional settings specific for education.
+> If you're interested in using Windows client for shared PCs in a school, see [Use Set up School PCs app](/education/windows/use-set-up-school-pcs-app) which provides a simple way to configure PCs with shared PC mode plus additional settings specific for education.
 
 ## Shared PC mode concepts
-A Windows 10 PC in shared PC mode is designed to be management- and maintenance-free with high reliability. In shared PC mode, only one user can be signed in at a time. When the PC is locked, the currently signed in user can always be signed out at the lock screen. 
+A Windows client PC in shared PC mode is designed to be management- and maintenance-free with high reliability. In shared PC mode, only one user can be signed in at a time. When the PC is locked, the currently signed in user can always be signed out at the lock screen. 
 
 ### Account models
-It is intended that shared PCs are joined to an Active Directory or Azure Active Directory domain by a user with the necessary rights to perform a domain join as part of a setup process. This enables any user that is part of the directory to sign-in to the PC. If using Azure Active Directory Premium, any domain user can also be configured to sign in with administrative rights. Additionally, shared PC mode can be configured to enable a **Guest** option on the sign-in screen, which doesn't require any user credentials or authentication, and creates a new local account each time it is used. Windows 10, version 1703, introduces a **kiosk mode** account. Shared PC mode can be configured to enable a **Kiosk** option on the sign-in screen, which doesn't require any user credentials or authentication, and creates a new local account each time it is used to run a specified app in assigned access (kiosk) mode.
+It is intended that shared PCs are joined to an Active Directory or Azure Active Directory domain by a user with the necessary rights to perform a domain join as part of a setup process. This enables any user that is part of the directory to sign-in to the PC. If using Azure Active Directory Premium, any domain user can also be configured to sign in with administrative rights. Additionally, shared PC mode can be configured to enable a **Guest** option on the sign-in screen, which doesn't require any user credentials or authentication, and creates a new local account each time it is used. Windows client has a **kiosk mode** account. Shared PC mode can be configured to enable a **Kiosk** option on the sign-in screen, which doesn't require any user credentials or authentication, and creates a new local account each time it is used to run a specified app in assigned access (kiosk) mode.
 
 ### Account management
-When the account management service is turned on in shared PC mode, accounts are automatically deleted. Account deletion applies to Active Directory, Azure Active Directory, and local accounts that are created by the **Guest** and **Kiosk** options. Account management is performed both at sign-off time (to make sure there is enough disk space for the next user) as well as during system maintenance time periods. Shared PC mode can be configured to delete accounts immediately at sign-out or when disk space is low. In Windows 10, version 1703, an inactive option is added which deletes accounts if they haven't signed in after a specified number of days.
+When the account management service is turned on in shared PC mode, accounts are automatically deleted. Account deletion applies to Active Directory, Azure Active Directory, and local accounts that are created by the **Guest** and **Kiosk** options. Account management is performed both at sign-off time (to make sure there is enough disk space for the next user) as well as during system maintenance time periods. Shared PC mode can be configured to delete accounts immediately at sign-out or when disk space is low. In Windows client, an inactive option is added which deletes accounts if they haven't signed in after a specified number of days.
 
 ### Maintenance and sleep
 Shared PC mode is configured to take advantage of maintenance time periods which run while the PC is not in use. Therefore, sleep is strongly recommended so that the PC can wake up when it is not in use to perform maintenance, clean up accounts, and run Windows Update. The recommended settings can be set by choosing **SetPowerPolicies** in the list of shared PC options. Additionally, on devices without Advanced Configuration and Power Interface (ACPI) wake alarms, shared PC mode will always override real-time clock (RTC) wake alarms to be allowed to wake the PC from sleep (by default, RTC wake alarms are off). This ensures that the widest variety of hardware will take advantage of maintenance periods.
@@ -73,7 +74,7 @@ Shared PC mode exposes a set of customizations to tailor the behavior to your re
 | Customization: MaintenanceStartTime | By default, the maintenance start time (which is when automatic maintenance tasks run, such as Windows Update) is midnight. You can adjust the start time in this setting by entering a new start time in minutes from midnight. For example, if you want maintenance to begin at 2 AM, enter `120` as the value.   |
 | Customization: MaxPageFileSizeMB | Adjusts the maximum page file size in MB. This can be used to fine-tune page file behavior, especially on low end PCs.  |  
 | Customization: RestrictLocalStorage | Set as **True** to restrict the user from saving or viewing local storage when using File Explorer. This setting controls this API: [ShouldAvoidLocalStorage](/uwp/api/windows.system.profile.sharedmodesettings)  | 
-| Customization: SetEduPolicies | Set to **True** for PCs that will be used in a school. For more information, see [Windows 10 configuration recommendations for education customers](/education/windows/configure-windows-for-education). This setting controls this API: [IsEducationEnvironment](/uwp/api/windows.system.profile.educationsettings) |
+| Customization: SetEduPolicies | Set to **True** for PCs that will be used in a school. For more information, see [Windows client configuration recommendations for education customers](/education/windows/configure-windows-for-education). This setting controls this API: [IsEducationEnvironment](/uwp/api/windows.system.profile.educationsettings) |
 | Customization: SetPowerPolicies |  When set as **True**:<br/>- Prevents users from changing power settings<br/>- Turns off hibernate<br/>- Overrides all power state transitions to sleep (e.g. lid close)  |
 | Customization: SignInOnResume | This setting specifies if the user is required to sign in with a password when the PC wakes from sleep.     |
 | Customization: SleepTimeout | Specifies all timeouts for when the PC should sleep. Enter the amount of idle time in seconds. If you don't set sleep timeout, the default of 1 hour applies.     |
@@ -83,7 +84,7 @@ Shared PC mode exposes a set of customizations to tailor the behavior to your re
 
 You can configure Windows to be in shared PC mode in a couple different ways:
 
-- Mobile device management (MDM): Shared PC mode is enabled by the [SharedPC configuration service provider (CSP)](/windows/client-management/mdm/sharedpc-csp). To setup a shared device policy for Windows 10 in Intune, complete the following steps:
+- Mobile device management (MDM): Shared PC mode is enabled by the [SharedPC configuration service provider (CSP)](/windows/client-management/mdm/sharedpc-csp). To setup a shared device policy for Windows client in Intune, complete the following steps:
 
   1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
   
@@ -117,7 +118,7 @@ You can configure Windows to be in shared PC mode in a couple different ways:
      ![Shared PC settings in ICD.](images/icd-adv-shared-pc.png)
 
 - WMI bridge: Environments that use Group Policy can use the [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal) to configure the [MDM_SharedPC class](/windows/win32/dmwmibridgeprov/mdm-sharedpc). For all device settings, the WMI Bridge client must be executed under local system user; for more information, see [Using PowerShell scripting with the WMI Bridge Provider](/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider). For example, open PowerShell as an administrator and enter the following:
-    
+
   ```powershell
   $sharedPC = Get-CimInstance -Namespace "root\cimv2\mdm\dmmap" -ClassName "MDM_SharedPC"
   $sharedPC.EnableSharedPCMode = $True
diff --git a/windows/configuration/setup-digital-signage.md b/windows/configuration/setup-digital-signage.md
index 80bbd5b7da..15c04acb08 100644
--- a/windows/configuration/setup-digital-signage.md
+++ b/windows/configuration/setup-digital-signage.md
@@ -1,5 +1,5 @@
 ---
-title: Set up digital signs on Windows 10  (Windows 10)
+title: Set up digital signs on Windows 10/11  (Windows 10/11)
 description: A single-use device such as a digital sign is easy to set up in Windows 10 (Pro, Enterprise, and Education).
 ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
 ms.reviewer: 
@@ -11,31 +11,30 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 author: greg-lindsay
 ms.localizationpriority: medium
-ms.date: 10/02/2018
+ms.date: 09/20/2021
 ms.topic: article
 ---
 
-# Set up digital signs on Windows 10
-
+# Set up digital signs on Windows 10/11
 
 **Applies to**
 
--   Windows 10 Pro, Enterprise, and Education
+- Windows 10 Pro, Enterprise, and Education
+- Windows 11
 
 Digital signage can be a useful and exciting business tool. Use digital signs to showcase your products and services, to display testimonials, or to advertise promotions and campaigns. A digital sign can be a static display, such as a building directory or menu, or it can be dynamic, such as repeating videos or a social media feed. 
 
-For digital signage, simply select a digital sign player as your kiosk app. You can also use [Microsoft Edge in kiosk mode](/microsoft-edge/deploy/microsoft-edge-kiosk-mode-deploy) or the Kiosk Browser app (a new Microsoft app for Windows 10, version 1803) and configure it to show your online content.
+For digital signage, simply select a digital sign player as your kiosk app. You can also use [Microsoft Edge in kiosk mode](/microsoft-edge/deploy/microsoft-edge-kiosk-mode-deploy) or the Kiosk Browser app, and configure it to show your online content.
 
 >[!TIP]
 >Kiosk Browser can also be used in [single-app kiosks](kiosk-single-app.md) and [multi-app kiosk](lock-down-windows-10-to-specific-apps.md) as a web browser. For more information, see [Guidelines for web browsers](guidelines-for-assigned-access-app.md#guidelines-for-web-browsers). 
 
-Kiosk Browser must be downloaded for offline licensing using Microsoft Store for Business. You can deploy Kiosk Browser to devices running Windows 10, version 1803.
+Kiosk Browser must be downloaded for offline licensing using Microsoft Store for Business. You can deploy Kiosk Browser to devices running Windows 11, and Windows 10 version 1803+.
 
 >[!NOTE]
 >If you haven't set up your Microsoft Store for Business yet, check out [the prerequisites](/microsoft-store/prerequisites-microsoft-store-for-business) and then [sign up](/microsoft-store/sign-up-microsoft-store-for-business).
 
-
-This procedure explains how to configure digital signage using Kiosk Browser on a device running Windows 10, version 1803, that has already been set up (completed the first-run experience). 
+This procedure explains how to configure digital signage using Kiosk Browser on a device running Windows client that has already been set up (completed the first-run experience).
 
 1. [Get **Kiosk Browser** in Microsoft Store for Business with offline, unencoded license type.](/microsoft-store/acquire-apps-microsoft-store-for-business#acquire-apps) 
 2. [Download the **Kiosk Browser** package, license file, and all required frameworks.](/microsoft-store/distribute-offline-apps#download-an-offline-licensed-app)
@@ -43,24 +42,24 @@ This procedure explains how to configure digital signage using Kiosk Browser on
 3. Open Windows Configuration Designer and select **Provision kiosk devices**.
 4. Enter a friendly name for the project, and select **Finish**.
 5. On **Set up device**, select **Disabled**, and select **Next**.
-6. On **Set up network**, enable network setup. 
+6. On **Set up network**, enable network setup:
     - Toggle **On** wireless network connectivity. 
     - Enter the SSID, the network type (**Open** or **WPA2-Personal**), and (if **WPA2-Personal**) the password for the wireless network.
 7. On **Account management**, select **Disabled**, and select **Next**.
-8. On **Add applications**, select **Add an application**.
+8. On **Add applications**, select **Add an application**:
     - For **Application name**, enter `Kiosk Browser`.
     - For **Installer path**, browse to and select the AppxBundle that you downloaded from Microsoft Store for Business. After you select the package, additional fields are displayed.
     - For **License file path**, browse to and select the XML license file that you downloaded from Microsoft Store for Business.
     - The **Package family name** is populated automatically.
     - Select **Next**.
 9. On **Add certificates**, select **Next**.
-10. On **Configure kiosk account and app**, toggle **Yes** to create a local user account for your digital signage. 
+10. On **Configure kiosk account and app**, toggle **Yes** to create a local user account for your digital signage:
     - Enter a user name and password, and toggle **Auto sign-in** to **Yes**.
     - Under **Configure the kiosk mode app**, enter the user name for the account that you're creating.
     - For **App type**, select **Universal Windows App**.
     - In **Enter the AUMID for the app**, enter `Microsoft.KioskBrowser_8wekyb3d8bbwe!App`.
 11. In the bottom left corner of Windows Configuration Designer, select **Switch to advanced editor**. 
-12. Go to **Runtime settings** > **Policies** > **KioskBrowser**. Let's assume that the URL for your digital signage content is contoso.com/menu.
+12. Go to **Runtime settings** > **Policies** > **KioskBrowser**. Let's assume that the URL for your digital signage content is contoso.com/menu:
     - In **BlockedUrlExceptions**, enter `https://www.contoso.com/menu`.
     - In **BlockedUrl**, enter `*`.
     - In **DefaultUrl**, enter `https://www.contoso.com/menu`.
@@ -79,16 +78,3 @@ This procedure explains how to configure digital signage using Kiosk Browser on
 20. Copy the .ppkg file to a USB drive.
 21. Attach the USB drive to the device that you want to use for your digital sign.
 22. Go to **Settings** > **Accounts** > **Access work or school** > **Add or remove a provisioning package** > **Add a package**, and select the package on the USB drive.
-
-     
-
-
-
-
-
-
-
-
-
-
-

From 801a5de6667d3cf4a4f8daa7acbe43f1ee2fb2a4 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Mon, 20 Sep 2021 12:38:07 -0700
Subject: [PATCH 532/671] Update TOC.yml

---
 windows/security/TOC.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 8eb8e35f21..b2c47ab56b 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -336,7 +336,7 @@
      href: identity-protection\configure-s-mime.md
    - name: Windows Credential Theft Mitigation Guide Abstract
      href: identity-protection\windows-credential-theft-mitigation-guide-abstract.md 
-- name: Identity and user security
+- name: User security and secured identity
   items:
     - name: Overview
       href: identity.md

From 8018fc90224e43e4c1c5f9c078bbad24e7c0e0e8 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Mon, 20 Sep 2021 13:44:38 -0700
Subject: [PATCH 533/671] Fixed broken note; added vertical space for nicer
 layout

---
 .../update/deployment-service-overview.md     | 20 ++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/windows/deployment/update/deployment-service-overview.md b/windows/deployment/update/deployment-service-overview.md
index 01812adc48..f78e87008d 100644
--- a/windows/deployment/update/deployment-service-overview.md
+++ b/windows/deployment/update/deployment-service-overview.md
@@ -136,26 +136,35 @@ To enroll devices in Windows Update for Business cloud processing, set the **All
 
 > [!NOTE]
 > Setting this policy by using Group Policy isn't currently supported.
-
-| Policy                                                                                                       | Sets registry key under **HKLM\\Software**                                |
-|--------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------|
-| MDM for Windows 10, version 1809 or later: ../Vendor/MSFT/ Policy/Config/System/**AllowWUfBCloudProcessing** | \\Microsoft\\PolicyManager\\default\\System\\AllowWUfBCloudProcessing |
+>
+> | Policy                                                                                                       | Sets registry key under **HKLM\\Software**                                |
+> |--------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------|
+> | MDM for Windows 10, version 1809 or later: ../Vendor/MSFT/ Policy/Config/System/**AllowWUfBCloudProcessing** | \\Microsoft\\PolicyManager\\default\\System\\AllowWUfBCloudProcessing |
 
 Following is an example of setting the policy using Microsoft Endpoint Manager:
 
 1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+
 2. Select **Devices** > **Configuration profiles** > **Create profile**.
+
 3. Select **Windows 10 and later** in **Platform**, select **Templates** in **Profile type**, select **Custom** in **Template name**, and then select **Create**.
+
 4. In **Basics**, enter a meaningful name and a description for the policy, and then select **Next**.
+
 5. In **Configuration settings**, select **Add**, enter the following settings, select **Save**, and then select **Next**.
     - Name: **AllowWUfBCloudProcessing**
     - Description: Enter a description.
     - OMA-URI: `./Vendor/MSFT/Policy/Config/System/AllowWUfBCloudProcessing`
     - Data type: **Integer**
     - Value: **8**
+
 6. In **Assignments**, select the groups that will receive the profile, and then select **Next**.
+
 7. In **Review + create**, review your settings, and then select **Create**.
-8. (Optional) To verify that the policy reached the client, check the value of the following registry entry: **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager \\default\\System\\AllowWUfBCloudProcessing**.
+
+8. (Optional) To verify that the policy reached the client, check the value of the following registry entry: 
+
+   **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager \\default\\System\\AllowWUfBCloudProcessing**
 
 ## Best practices
 Follow these suggestions for the best results with the service.
@@ -163,6 +172,7 @@ Follow these suggestions for the best results with the service.
 ### Device onboarding 
 
 - Wait until devices finish provisioning before managing with the service. If a device is being provisioned by Autopilot, it can only be managed by the deployment service after it finishes provisioning (typically one day).
+
 - Use the deployment service for feature update management without feature update deferral policy. If you want to use the deployment service to manage feature updates on a device that previously used a feature update deferral policy, it's best to set the feature update deferral policy to **0** days to avoid having multiple conditions governing feature updates. You should only change the feature update deferral policy value to 0 days after you've confirmed that the device was enrolled in the service with no errors.
 
 ### General

From 03c5cb308d48731ed17a3a6c2597f31f78645c83 Mon Sep 17 00:00:00 2001
From: Thomas Raya <v-thraya@microsoft.com>
Date: Mon, 20 Sep 2021 13:47:16 -0700
Subject: [PATCH 534/671] Revert "Format changes and additional error codes"

---
 .../update/windows-update-errors.md           | 227 ++----------------
 1 file changed, 22 insertions(+), 205 deletions(-)

diff --git a/windows/deployment/update/windows-update-errors.md b/windows/deployment/update/windows-update-errors.md
index 0604df39cc..eb178f7528 100644
--- a/windows/deployment/update/windows-update-errors.md
+++ b/windows/deployment/update/windows-update-errors.md
@@ -3,14 +3,13 @@ title: Windows Update common errors and mitigation
 description: In this article, learn about some common issues you might experience with Windows Update, as well as steps to resolve them.
 ms.prod: w10
 ms.mktglfcycl: 
+audience: itpro
 itproauthor: jaimeo
 ms.audience: itpro
 author: jaimeo
-ms.reviewer: kaushika 
-manager: dcscontentpm
-audience: itpro
-ms.topic: troubleshooting
-ms.technology: windows-client-deployment
+ms.reviewer: 
+manager: laurawi
+ms.topic: article
 ms.custom: seo-marvel-apr2020
 ---
 
@@ -23,204 +22,22 @@ ms.custom: seo-marvel-apr2020
 
 The following table provides information about common errors you might run into with Windows Update, as well as steps to help you mitigate them.
 
-## 0x8024402F
 
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| WU_E_PT_ECP_SUCCEEDED_WITH_ERRORS | External cab file processing completed with some errors | One of the reasons we see this issue is due to the design of a software called Lightspeed Rocket for Web filtering. <br>Add the IP addresses of devices you want to get updates to the exceptions list of Lightspeed |
-
-## 0x80242006
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| WU_E_UH_INVALIDMETADATA | A handler operation could not be completed because the update contains invalid metadata. | Rename Software Redistribution Folder and attempt to download the updates again: <br>Rename the following folders to \*.BAK: <br>- %systemroot%\system32\catroot2 <br><br>Type the following commands at a command prompt. Press ENTER after you type each command.<br>- Ren %systemroot%\SoftwareDistribution\DataStore \*.bak<br>- Ren %systemroot%\SoftwareDistribution\Download \*.bak<br>- Ren %systemroot%\system32\catroot2 \*.bak |
-
-## 0x80070BC9
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| ERROR_FAIL_REBOOT_REQUIRED | The requested operation failed. A system reboot is required to roll back changes made. | Ensure that you don't have any policies that control the start behavior for the Windows Module Installer. This service should be managed by the operating system |
-
-## 0x80200053
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| BG_E_VALIDATION_FAILED | NA | Ensure that there are no firewalls that filter downloads. Such filtering could lead to incorrect responses being received by the Windows Update Client.<br><br>If the issue still persists, run the [Windows Update reset script](https://gallery.technet.microsoft.com/scriptcenter/Reset-Windows-Update-Agent-d824badc).|
-
-## 0x80072EE2
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| WININET_E_TIMEOUT | The operation timed out | This error message can be caused if the computer isn't connected to the Internet. To fix this issue, follow these steps: make sure these URLs are not blocked: <br> http://<em>.update.microsoft.com<br>https://</em>.update.microsoft.com <br><http://download.windowsupdate.com>  <br><br>You can also take a network trace to check what is timing out. \<Refer to Firewall Troubleshooting scenario> |
-
-## 0x80072EFD or 0x80072EFE or 0x80D02002
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| TIME_OUT_ERRORS | The operation timed out | Make sure there are no firewall rules or proxy to block Microsoft download URLs. <br>Take a network monitor trace to understand better. \<Refer to Firewall Troubleshooting scenario> |
-
-## 0X8007000D
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| ERROR_INVALID_DATA | Indicates invalid data downloaded or corruption occurred.| Attempt to re-download the update and initiate installation. |
-
-## 0x8024A10A
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| USO_E_SERVICE_SHUTTING_DOWN  | Indicates that the Windows Update Service is shutting down. | This can occur after a very long period of time of inactivity, the system failing to respond leading to the service being idle and causing the service to shut down. Ensure that the system remains active and the connections remain established to complete the upgrade. |
-
-## 0x80240020
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| WU_E_NO_INTERACTIVE_USER | Operation did not complete because there is no logged-on interactive user. | Sign in to the device to start the installation and allow the device to restart. |
-
-## 0x80242014
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| WU_E_UH_POSTREBOOTSTILLPENDING | The post-restart operation for the update is still in progress. | Some Windows Updates require the device to be restarted. Restart the device to complete update nstallation. |
-
-## 0x80246017
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| WU_E_DM_UNAUTHORIZED_LOCAL_USER | The download failed because the local user was denied authorization to download the content.  | Ensure that the user attempting to download and install updates has been provided with sufficient privileges to install updates (Local Administrator).|
-
-## 0x8024000B
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| WU_E_CALL_CANCELLED | Operation was canceled. | The operation was canceled by the user or service. You might also receive this error when we are unable to filter the results. Run the [Decline Superseded PowerShell script](https://gallery.technet.microsoft.com/scriptcenter/Cleanup-WSUS-server-4424c9d6) to allow the filtering process to complete. |
-
-## 0x8024000E
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| WU_E_XML_INVALID | Windows Update Agent found invalid information in the update's XML data. | Certain drivers contain additional metadata information in the update.xml, which could lead Orchestrator to understand it as invalid data. Ensure that you have the latest Windows Update Agent installed on the machine. |
-
-## 0x8024D009
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| WU_E_SETUP_SKIP_UPDATE | An update to the Windows Update Agent was skipped due to a directive in the wuident.cab file. | You may encounter this error when WSUS is not sending the Self-update to the clients.<br><br>Review [KB920659](https://support.microsoft.com/help/920659/the-microsoft-windows-server-update-services-wsus-selfupdate-service-d) for instructions to resolve the issue. |
-
-## 0x80244007
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| WU_E_PT_SOAPCLIENT_SOAPFAULT | SOAP client failed because there was a SOAP fault for reasons of WU_E_PT_SOAP_\* error codes. | This issue occurs because Windows cannot renew the cookies for Windows Update.  <br><br>Review [KB2883975](https://support.microsoft.com/help/2883975/0x80244007-error-when-windows-tries-to-scan-for-updates-on-a-wsus-serv) for instructions to resolve the issue. |
-
-## 0x80070422
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| NA | This issue occurs when the Windows Update service stops working or is not running. | Check if the Windows Update service is running.<br> |
-
-## 0x800f0821
-
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| CBS_E_ABORT; client abort, IDABORT returned by ICbsUIHandler method except Error() | CBS   transaction timeout exceeded. | A   servicing operation is taking a long time to complete.  The servicing stack watchdog timer expires   and assumes the system has hung.    Extending the timeout will mitigate the issue. Increase the machine   resources. If a virtual machine, increase virtual CPU and memory to speedup   the operation. Make sure the machine as at least the KB4493473, if not please   download and manually install it.|
-
-## 0x800f0825
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| CBS_E_CANNOT_UNINSTALL; Package cannot be uninstalled. | Typically   component store corruption caused when a component is in a partially   installed state. | Repair component store with Dism RestoreHealth command OR manually repair with   payload from the partially installed component. Open and elevated command prompt and execute the below commands, by order:<br>1. DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH<br>2. DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT<br>3. DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH<br>4. Sfc /Scannow<br>5. Reboot the machine |
-
-## 0x800F0920
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| CBS_E_HANG_DETECTED; A hang was detected while processing the operation. | Subsequent   error logged after getting 0x800f0821 | A servicing operation is taking a long time to complete. The servicing stack watchdog timer expires and assumes the system has hung.  Extending the timeout will mitigate the issue. Increase the machine resources. If a virtual machine, increase virtual CPU and memory to speedup   the operation. Make sure the machine as at least the KB4493473, if not please download and manually install it. |
-
-## 0x800f081f
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| CBS_E_SOURCE_MISSING; source for package or file not found, ResolveSource() unsuccessful | Component  Store corruption | Repair component store with Dism RestoreHealth command OR manually repair with   payload from the partially installed component. Open and elevated command prompt and execute the below commands, by order:<br>1. DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH<br>2. DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT<br>3. DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH<br>4. Sfc /Scannow<br>5. Reboot the machine |
-
-## 0x800f0831
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| CBS_E_STORE_CORRUPTION; CBS store is corrupted. | Corruption in the Windows Component  Store. | Repair component store with Dism RestoreHealth command OR manually repair with   payload from the partially installed component. Open and elevated command prompt and execute the below commands, by order:<br>1. DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH<br>2. DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT<br>3. DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH<br>4. Sfc /Scannow<br>5. Reboot the machine |
-
-## 0x80070005
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| E_ACCESSDENIED; General access denied error | File system or registry key permissions have been changed and the servicing stack doesn't have the required level of access. | This error generally means an ACCESS DENIED.<br> Go to %Windir%\logs\CBS and open the last CBS.log and search for “, error” and match with the timestamp. After finding the error, scroll up and try to determine what caused the   ACCESS DENIED, it could be acess denied to a file, registry key,etc. Determine what object needs the right permissions and change the   permissions |
-
-## 0x80070570
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| ERROR_FILE_CORRUPT; The file or directory is corrupted and unreadable. | Component Store corruption | Repair component store with Dism RestoreHealth command OR manually repair with   payload from the partially installed component. Open and elevated command prompt and execute the below commands, by order:<br>1. DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH <br> 2. DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT<br>3. DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH<br>4. Sfc /Scannow<br>5. Reboot the machine |
-
-
-## 0x80070003
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| ERROR_PATH_NOT_FOUND; The system cannot find the path specified. | The servicing stack cannot access a specific path. | Indicates an invalid path to an executable. Go to %Windir%\logs\CBS and open the last   CBS.log and search for “, error” and match with the timestamp. |
-
-
-## 0x80070020
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| ERROR_SHARING_VIOLATION | Numerous   causes.  CBS log analysis required. | This   error is usually caused by 3rd party filter drivers like Antivirus. <br> 1. [Perform a clean boot and retry the installation](https://support.microsoft.com/help/929135/)  <br> 2. Download the sysinternal tool process monitor ->   https://docs.microsoft.com/en-us/sysinternals/downloads/procmon <br> 3. Run procmon.exe. It will start data capture automatically <br> 4. Install the Update package again <br> 5. With procmon program main window in focus, press Ctrl + E or click the magnifying glass to terminate data capture <br> 6. Click File > Save > All Events > PML, and choose an adequate path to save the .PML file <br> 7. Go to %windir%\logs\cbs and open the last cbs.log file and search for the error <br> 8. After finding the error line a bit above you should have the file being accessed during the installation that is giving the sharing violation error <br> 9. In the Procmon windows filter for path and insert the file name (it should   be something like “path” “contains” “filename from CBS”) <br> 10. After checking which process is accessing that file try to stop it or uninstall it from the machine |
-
-## 0x80073701
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| ERROR_SXS_ASSEMBLY_MISSING; The referenced assembly could not be found. | Typically component store corruption caused when a component is in a partially installed state. | Repair component store with Dism RestoreHealth command OR manually repair with   payload from the partially installed component. Open and elevated command prompt and execute the below commands, by order:<br>1. DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH <br> 2. DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT<br>3. DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH<br>4. Sfc /Scannow<br>5. Reboot the machine | 
-
-## 0x8007371b
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| ERROR_SXS_TRANSACTION_CLOSURE_INCOMPLETE; One or more required members of the transaction are not present. | Component Store corruption. | Repair component store with Dism RestoreHealth command OR manually repair with   payload from the partially installed component. Open and elevated command prompt and execute the below commands, by order:<br>1. DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH <br> 2. DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT<br>3. DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH<br>4. Sfc /Scannow<br>5. Reboot the machine | 
-
-## 0x80072EFE
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| WININET_E_CONNECTION_ABORTED; The connection with the server was terminated abnormally | BITS is unable to transfer the file successfully. | Encountered if BITS is broken or if the file being transferred can't be written to the destination folder on the client. This error is usually caused by connection errors while checking/downloading updates.<br> From a cmd prompt run: **BITSADMIN /LIST /ALLUSERS /VERBOSE** <br> Search for the 0x80072EFE error code. You should see a reference to a HTTP   code with a specific file, try to download it manually from your browser making sure you’re using your proxy organization settings. If it fails, check with your proxy manager to allow for the communication to be sucesfull. Also   check with your network team for this specific URL access. |
-
-## 0x80072F8F
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| WININET_E_DECODING_FAILED; Content decoding has failed | TLS 1.2 is not configured correctly on the client machine. | This error generally means that the Windows Update Agent was unable to decode the   received content. You need to install and configure TLS 1.2 by installing this KB: https://support.microsoft.com/help/3140245/ 
-
-## 0x80072EE2
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| WININET_E_TIMEOUT; The operation timed out | Unable to scan for updates due to a connectivity issue to WU, SCCM, or WSUS. | This error generally means that the Windows Update Agent was unable to connect to the update servers or your own configured WSUS/SCCM/MEM/etc. <br> Check with your network team if the machine is able to get to your WSUS/SCCM/MEM/etc or the internet servers. See, https://docs.microsoft.com/en-US/troubleshoot/mem/configmgr/troubleshoot-software-update-scan-failures <br> In case you’re using the public MS update servers, check that your device can access the following Windows Update endpoints: <br> http://windowsupdate.microsoft.com <br> http://*.windowsupdate.microsoft.com <br> https://*.windowsupdate.microsoft.com <br> http://*.update.microsoft.com <br> https://*.update.microsoft.com <br> http://*.windowsupdate.com <br> http://download.windowsupdate.com <br> https://download.microsoft.com <br> http://*.download.windowsupdate.com <br> http://wustat.windows.com <br>    http://ntservicepack.microsoft.com |
-
-## 0x80240022
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| WU_E_ALL_UPDATES_FAILED; Operation failed for all the updates. | Multiple root causes for this error.| Most common issue is where Anti-Virus software is blocking access to certain folders (like SoftwareDistribution). CBS.log analysis needed to determine the file or folder being protected. |
-
-## 0x8024401B
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| WU_E_PT_HTTP_STATUS_PROXY_AUTH_REQ; Same as HTTP status 407 - proxy authentication is required. | Unable to authenticate through a proxy server. | Either the Winhttp proxy or WinInet proxy settings are not configured correctly. This error generally means that the Windows Update Agent was unable to connect to the update servers or your own configured WSUS/SCCM/MEM/etc due to a Proxy error. <br> - Verify the proxy settings on the client, and make sure that they are configured correctly. The Windows Update Agent uses WinHTTP to scan for available updates. So, when there is a proxy server between the client and the WSUS computer, the proxy settings must be configured correctly on the clients to enable them to communicate with WSUS by using the computer's FQDN. <br> - Check with your network team and proxy team if the machine is able to get to your WSUS/SCCM7MEM/etc or the internet servers without the proxy requiring user authentication |
-
-
-## 0x80244022
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| WU_E_PT_HTTP_STATUS_SERVICE_UNAVAILABLE; Same as HTTP status 503 - the service is temporarily overloaded. | Unable to connect to the configured update source. | Network troubleshooting needed to resolve the connectivity issue. Check with your network team and proxy team if the machine is able to get to your WSUS/SCCM7MEM/etc or the internet servers without the proxy requiring user authentication. |
+|                Error Code                |              Message              |                                          Description                                          |                                                                                                                                                                                                                     Mitigation                                                                                                                                                                                                                      |
+|------------------------------------------|-----------------------------------|-----------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|                0x8024402F                | WU_E_PT_ECP_SUCCEEDED_WITH_ERRORS |                    External cab file processing completed with some errors                    |                                                                                               One of the reasons we see this issue is due to the design of a software called Lightspeed Rocket for Web filtering. <br>Add the IP addresses of devices you want to get updates to the exceptions list of Lightspeed                                                                                               |
+|                0x80242006                |      WU_E_UH_INVALIDMETADATA      |   A handler operation could not be completed because the update contains invalid metadata.    | Rename Software Redistribution Folder and attempt to download the updates again: <br>Rename the following folders to \*.BAK: <br>- %systemroot%\system32\catroot2 <br><br>Type the following commands at a command prompt. Press ENTER after you type each command.<br>- Ren %systemroot%\SoftwareDistribution\DataStore \*.bak<br>- Ren %systemroot%\SoftwareDistribution\Download \*.bak<br>Ren %systemroot%\system32\catroot2 \*.bak |
+|                0x80070BC9                |    ERROR_FAIL_REBOOT_REQUIRED     |    The requested operation failed. A system reboot is required to roll back changes made.     |                                                                                                                          Ensure that you don't have any policies that control the start behavior for the Windows Module Installer. This service should be managed by the operating system.                                                                                                                          |
+|                0x80200053                |      BG_E_VALIDATION_FAILED       |                                              NA                                               |                                                                  Ensure that there are no firewalls that filter downloads. Such filtering could lead to incorrect responses being received by the Windows Update Client.<br><br>If the issue still persists, run the [Windows Update reset script](https://gallery.technet.microsoft.com/scriptcenter/Reset-Windows-Update-Agent-d824badc).                                                                  |
+|                0x80072EE2                |         WININET_E_TIMEOUT         |                                    The operation timed out                                    |                   This error message can be caused if the computer isn't connected to the Internet. To fix this issue, follow these steps: make sure these URLs are not blocked: <br> http://<em>.update.microsoft.com<br>https://</em>.update.microsoft.com <br><http://download.windowsupdate.com>  <br><br>You can also take a network trace to check what is timing out. \<Refer to Firewall Troubleshooting scenario>                   |
+| 0x80072EFD <br>0x80072EFE <br>0x80D02002 |          TIME_OUT_ERRORS          |                                    The operation timed out                                    |                                                                                                                                Make sure there are no firewall rules or proxy to block Microsoft download URLs. <br>Take a network monitor trace to understand better. \<Refer to Firewall Troubleshooting scenario>                                                                                                                                 |
+|                0X8007000D                |        ERROR_INVALID_DATA         |                   Indicates invalid data downloaded or corruption occurred.                   |                                                                                                                                                                                            Attempt to re-download the update and initiate installation.                                                                                                                                                                                             |
+|                0x8024A10A                |    USO_E_SERVICE_SHUTTING_DOWN    |                        Indicates that the Windows Update Service is shutting down.                        |                                                                                         This can occur after a very long period of time of inactivity, the system failing to respond leading to the service being idle and causing the service to shut down. Ensure that the system remains active and the connections remain established to complete the upgrade.                                                                                          |
+|                0x80240020                |     WU_E_NO_INTERACTIVE_USER      |          Operation did not complete because there is no logged-on interactive user.           |                                                                                                                                                                            Sign in to the device to start the installation and allow the device to restart.                                                                                                                                                                             |
+|                0x80242014                |  WU_E_UH_POSTREBOOTSTILLPENDING   |                The post-restart operation for the update is still in progress.                 |                                                                                                                                                               Some Windows Updates require the device to be restarted. Restart the device to complete update installation.                                                                                                                                                              |
+|                0x80246017                |  WU_E_DM_UNAUTHORIZED_LOCAL_USER  | The download failed because the local user was denied authorization to download the content.  |                                                                                                                                               Ensure that the user attempting to download and install updates has been provided with sufficient privileges to install updates (Local Administrator).                                                                                                                                                |
+|                0x8024000B                |        WU_E_CALL_CANCELLED        |                                   Operation was canceled.                                    |                                                            The operation was canceled by the user or service. You might also receive this error when we are unable to filter the results. Run the [Decline Superseded PowerShell script](https://gallery.technet.microsoft.com/scriptcenter/Cleanup-WSUS-server-4424c9d6) to allow the filtering process to complete.                                                             |
+|                0x8024000E                |         WU_E_XML_INVALID          |           Windows Update Agent found invalid information in the update's XML data.            |                                                                                                              Certain drivers contain additional metadata information in the update.xml, which could lead Orchestrator to understand it as invalid data. Ensure that you have the latest Windows Update Agent installed on the machine.                                                                                                              |
+|                0x8024D009                |      WU_E_SETUP_SKIP_UPDATE       | An update to the Windows Update Agent was skipped due to a directive in the wuident.cab file. |                                                                                       You may encounter this error when WSUS is not sending the Self-update to the clients.<br><br>Review [KB920659](https://support.microsoft.com/help/920659/the-microsoft-windows-server-update-services-wsus-selfupdate-service-d) for instructions to resolve the issue.                                                                                       |
+|                0x80244007                |   WU_E_PT_SOAPCLIENT_SOAPFAULT    | SOAP client failed because there was a SOAP fault for reasons of WU_E_PT_SOAP_\* error codes. |                                                                                        This issue occurs because Windows cannot renew the cookies for Windows Update.  <br><br>Review [KB2883975](https://support.microsoft.com/help/2883975/0x80244007-error-when-windows-tries-to-scan-for-updates-on-a-wsus-serv) for instructions to resolve the issue.                                                                                         |
+|                0x80070422               |       | This issue occurs when the Windows Update service stops working or is not running. |                                                                                       Check if the Windows Update service is running.<br>                                                                                        |

From 2ad81bb7395678071dc8e7d13c3c254d1e767f21 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Mon, 20 Sep 2021 13:58:02 -0700
Subject: [PATCH 535/671] Revert joining of note with table

---
 windows/deployment/update/deployment-service-overview.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/deployment/update/deployment-service-overview.md b/windows/deployment/update/deployment-service-overview.md
index f78e87008d..63c9c6aa24 100644
--- a/windows/deployment/update/deployment-service-overview.md
+++ b/windows/deployment/update/deployment-service-overview.md
@@ -136,10 +136,10 @@ To enroll devices in Windows Update for Business cloud processing, set the **All
 
 > [!NOTE]
 > Setting this policy by using Group Policy isn't currently supported.
->
-> | Policy                                                                                                       | Sets registry key under **HKLM\\Software**                                |
-> |--------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------|
-> | MDM for Windows 10, version 1809 or later: ../Vendor/MSFT/ Policy/Config/System/**AllowWUfBCloudProcessing** | \\Microsoft\\PolicyManager\\default\\System\\AllowWUfBCloudProcessing |
+
+| Policy                                                                                                       | Sets registry key under **HKLM\\Software**                                |
+|--------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------|
+| MDM for Windows 10, version 1809 or later: ../Vendor/MSFT/ Policy/Config/System/**AllowWUfBCloudProcessing** | \\Microsoft\\PolicyManager\\default\\System\\AllowWUfBCloudProcessing |
 
 Following is an example of setting the policy using Microsoft Endpoint Manager:
 

From 3a7820f2bda13cc304fa5b87112be38219246843 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Mon, 20 Sep 2021 14:29:43 -0700
Subject: [PATCH 536/671] Update hardware.md

---
 windows/security/hardware.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/hardware.md b/windows/security/hardware.md
index 5fbcc6156a..ae5f6ae709 100644
--- a/windows/security/hardware.md
+++ b/windows/security/hardware.md
@@ -15,13 +15,13 @@ ms.technology: windows-sec
 
 # Windows hardware security
 
-Modern threats require modern security with a strong alignment between hardware security and software security techniques to keep users, data and devices protected. The operating system alone cannot protect from the wide range of tools and techniques cybercriminals use to compromise a computer deep inside its silicon. Once inside, intruders can be difficult to detect while engaging in multiple nefarious activities from stealing important data to capturing email addresses and other sensitive pieces of information.
+Modern threats require modern security with a strong alignment between hardware security and software security techniques to keep users, data, and devices protected. The operating system alone cannot protect from the wide range of tools and techniques cybercriminals use to compromise a computer deep inside its silicon. Once inside, intruders can be difficult to detect while engaging in multiple nefarious activities from stealing important data to capturing email addresses and other sensitive pieces of information.
 These new threats call for computing hardware that is secure down to the very core, including hardware chips and processors. Microsoft and our partners, including chip and device manufacturers, have worked together to integrate powerful security capabilities across software, firmware, and hardware. <br><br/>
 
 | Security Measures | Features & Capabilities |
 |:---|:---|
 | Trusted Platform Module (TPM) | A Trusted Platform Module (TPM) is designed to provide hardware-based security-related functions and help prevent unwanted tampering. TPMs provide security and privacy benefits for system hardware, platform owners, and users. <br> A TPM chip is a secure crypto-processor that helps with actions such as generating, storing, and limiting the use of cryptographic keys. Many TPMs include multiple physical security mechanisms to make it tamper resistant and prevent malicious software from tampering with the security functions of the TPM. <br><br/> Learn more about the [Trusted Platform Module](information-protection/tpm/trusted-platform-module-top-node.md). |
 | Hardware-based root of trust with Windows Defender System Guard | To protect critical resources such as Windows authentication, single sign-on tokens, Windows Hello, and the Virtual Trusted Platform Module, a system's firmware and hardware must be trustworthy.  <br> Windows Defender System Guard helps protect and maintain the integrity of the system as it starts up and validate that system integrity has truly been maintained through local and remote attestation. <br><br/> Learn more about [How a hardware-based root of trust helps protect Windows](threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md) and [System Guard Secure Launch and SMM protection](threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md). |
-| Enable virtualization-based protection of code integrity | Hypervisor-protected Code Integrity (HVCI) is a  virtualization based security (VBS) feature available in Windows. In the Windows Device Security settings, HVCI is referred to as Memory Integrity. <br> HVCI and VBS improve the threat model of Windows and provide stronger protections against malware trying to exploit the Windows Kernel. VBS leverages the Windows Hypervisor to create an isolated virtual environment that becomes the root of trust of the OS that assumes the kernel can be compromised. HVCI is a critical component that protects and hardens this virtual environment by running kernel mode code integrity within it and restricting kernel memory allocations that could be used to compromise the system. <br><br/> Learn more: [Enable virtualization-based protection of code integrity](threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md).
-| Kernel Direct Memory Access (DMA) Protection | PCIe hot plug devices such as Thunderbolt, USB4, and CFexpress allow users to attach new classes of external peripherals, including graphics cards or other PCI devices, to their PCs with an experience identical to USB. Because PCI hot plug ports are external and easily-accessible, PCs are susceptible to drive-by Direct Memory Access (DMA) attacks.  Memory access protection (also known as Kernel DMA Protection)  protects PCs against drive-by DMA attacks that use PCIe hot plug devices by limiting these external peripherals from being able to directly copy memory when the user has locked their PC. <br><br/> Learn more about [Kernel DMA Protection](information-protection/kernel-dma-protection-for-thunderbolt.md). |
-| Secure core devices | Microsoft is working closely with OEM partners and silicon vendors to build Secured-core PCs that features deeply integrated hardware, firmware and software to ensure enhanced security for devices, identities and data. <br><br/> Secured-core PCs provide protections that are useful against sophisticated attacks and can provide increased assurance when handling mission-critical data in some of the most data-sensitive industries, such as healthcare workers that handle medical records and other personally identifiable information (PII), commercial roles that handle high business impact and highly sensitive data, such as a financial controller with earnings data. <br><br/> Learn more about [Secure core PCs](/windows-hardware/design/device-experiences/oem-highly-secure).| 
+| Enable virtualization-based protection of code integrity | Hypervisor-protected Code Integrity (HVCI) is a  virtualization based security (VBS) feature available in Windows. In the Windows Device Security settings, HVCI is referred to as Memory Integrity. <br> HVCI and VBS improve the threat model of Windows and provide stronger protections against malware trying to exploit the Windows Kernel. VBS uses the Windows Hypervisor to create an isolated virtual environment that becomes the root of trust of the OS that assumes the kernel can be compromised. HVCI is a critical component that protects and hardens this virtual environment by running kernel mode code integrity within it and restricting kernel memory allocations that could be used to compromise the system. <br><br/> Learn more: [Enable virtualization-based protection of code integrity](threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md).
+| Kernel Direct Memory Access (DMA) Protection | PCIe hot plug devices such as Thunderbolt, USB4, and CFexpress allow users to attach new classes of external peripherals, including graphics cards or other PCI devices, to their PCs with an experience identical to USB. Because PCI hot plug ports are external and easily accessible, PCs are susceptible to drive-by Direct Memory Access (DMA) attacks.  Memory access protection (also known as Kernel DMA Protection)  protects PCs against drive-by DMA attacks that use PCIe hot plug devices by limiting these external peripherals from being able to directly copy memory when the user has locked their PC. <br><br/> Learn more about [Kernel DMA Protection](information-protection/kernel-dma-protection-for-thunderbolt.md). |
+| Secure core devices | Microsoft is working closely with OEM partners and silicon vendors to build Secured-core PCs that feature deeply integrated hardware, firmware, and software to ensure enhanced security for devices, identities, and data. <br><br/> Secured-core PCs provide protections that are useful against sophisticated attacks and can provide increased assurance when handling mission-critical data in some of the most data-sensitive industries, such as healthcare workers that handle medical records and other personally identifiable information (PII), commercial roles that handle high business impact and highly sensitive data, such as a financial controller with earnings data. <br><br/> Learn more about [Secure core PCs](/windows-hardware/design/device-experiences/oem-highly-secure).| 

From f4b6943770ad34a2fd5ee0325e3e1936ca26890b Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Mon, 20 Sep 2021 15:04:18 -0700
Subject: [PATCH 537/671] reorg

---
 windows/security/TOC.yml | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index b2c47ab56b..5d2f4c0bdf 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -149,13 +149,6 @@
                   href: information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md
      - name: Configure S/MIME for Windows
        href: identity-protection/configure-s-mime.md    
-   - name: Windows security baselines
-     href: threat-protection/windows-security-configuration-framework/windows-security-baselines.md
-     items: 
-      - name: Security Compliance Toolkit
-        href: threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
-      - name: Get support
-        href: threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md     
    - name: Network security
      items:
      - name: VPN technical guide
@@ -185,6 +178,13 @@
           href: identity-protection/vpn/vpn-office-365-optimization.md
      - name: Windows Defender Firewall
        href: threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
+   - name: Windows security baselines
+     href: threat-protection/windows-security-configuration-framework/windows-security-baselines.md
+     items: 
+      - name: Security Compliance Toolkit
+        href: threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
+      - name: Get support
+        href: threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md     
    - name: Virus & threat protection
      items: 
       - name: Overview

From 7c33cd57fa95ad4ac6e078cf65e14db90b3fedc6 Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Mon, 20 Sep 2021 18:27:40 -0400
Subject: [PATCH 538/671] fixed errors and warnings

---
 windows/configuration/kiosk-prepare.md                         | 2 +-
 windows/configuration/kiosk-troubleshoot.md                    | 2 +-
 windows/configuration/lock-down-windows-10-to-specific-apps.md | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/configuration/kiosk-prepare.md b/windows/configuration/kiosk-prepare.md
index 39121135bb..ba6dd0c8c4 100644
--- a/windows/configuration/kiosk-prepare.md
+++ b/windows/configuration/kiosk-prepare.md
@@ -169,6 +169,6 @@ When you connect to a VM configured as a single-app kiosk, you need a *basic* se
 
 :::image type="content" source="images/vm-kiosk.png" alt-text="Use a basic session to connect a virtual machine. In the View menu, Extended session is not selected, which means basic is used.":::
 
-To connect to a VM in a basic session, do not select **Connect** in the connection dialog, as shown in the following image, but instead, select the **X** button in the upper-right corner to cancel the dialog. 
+To connect to a VM in a basic session, do not select **Connect** in the connection dialog, as shown in the following image, but instead, select the **X** button in the upper-right corner to cancel the dialog:
 
 :::image type="content" source="images/vm-kiosk-connect.png" alt-text="Do not select the connect button. Use "close X" in the top corner to connect to a VM in basic session":::
diff --git a/windows/configuration/kiosk-troubleshoot.md b/windows/configuration/kiosk-troubleshoot.md
index 7591e5d1bb..debe515b8b 100644
--- a/windows/configuration/kiosk-troubleshoot.md
+++ b/windows/configuration/kiosk-troubleshoot.md
@@ -26,7 +26,7 @@ ms.topic: article
 ## Single-app kiosk issues
 
 >[!TIP]
->We recommend that you [enable logging for kiosk issues](kiosk-prepare.md#enable-logging). For some failures, events are only captured once. If you enable logging after an issue occurs with your kiosk, the logs may not capture those one-time events. In that case, prepare a new kiosk environment (such as a [virtual machine (VM)](kiosk-prepare.md#test-vm)), set up your kiosk account and configuration, and try to reproduce the problem.
+>We recommend that you [enable logging for kiosk issues](kiosk-prepare.md#enable-logging). For some failures, events are only captured once. If you enable logging after an issue occurs with your kiosk, the logs may not capture those one-time events. In that case, prepare a new kiosk environment (such as a [virtual machine (VM)](kiosk-prepare.md#testing-your-kiosk-in-a-virtual-machine-vm)), set up your kiosk account and configuration, and try to reproduce the problem.
 
 ### Sign-in issues 
 
diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index d1055a6e2a..abcdad1b3a 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -541,7 +541,7 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
 Provisioning packages can be applied to a device during the first-run experience (out-of-box experience or "OOBE") and after ("runtime").
 
 >[!TIP]
->In addition to the methods below, you can use the PowerShell comdlet [install-provisioningpackage](/powershell/module/provisioning/Install-ProvisioningPackage?view=win10-ps) with `-LogsDirectoryPath` to get logs for the operation.
+>In addition to the methods below, you can use the PowerShell comdlet [install-provisioningpackage](/powershell/module/provisioning/Install-ProvisioningPackage) with `-LogsDirectoryPath` to get logs for the operation.
 
 #### During initial setup, from a USB drive
 

From 97c7b606e2f76fe54bef6d30e1036bc842d18d23 Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Mon, 20 Sep 2021 18:37:09 -0400
Subject: [PATCH 539/671] fixed image error

---
 windows/configuration/kiosk-prepare.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/configuration/kiosk-prepare.md b/windows/configuration/kiosk-prepare.md
index ba6dd0c8c4..59c3f0cd6f 100644
--- a/windows/configuration/kiosk-prepare.md
+++ b/windows/configuration/kiosk-prepare.md
@@ -171,4 +171,4 @@ When you connect to a VM configured as a single-app kiosk, you need a *basic* se
 
 To connect to a VM in a basic session, do not select **Connect** in the connection dialog, as shown in the following image, but instead, select the **X** button in the upper-right corner to cancel the dialog:
 
-:::image type="content" source="images/vm-kiosk-connect.png" alt-text="Do not select the connect button. Use "close X" in the top corner to connect to a VM in basic session":::
+:::image type="content" source="images/vm-kiosk-connect.png" alt-text="Do not select the connect button. Use the close X in the top corner to connect to a VM in basic session.":::

From 3a7ad6edb16bef5b17d82203718b9eb0c8a8ec85 Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Mon, 20 Sep 2021 21:34:27 -0400
Subject: [PATCH 540/671] removed html table; review updates

---
 windows/configuration/TOC.yml                 |  10 +-
 .../configuration/images/kiosk-account.PNG    | Bin 1679 -> 0 bytes
 windows/configuration/images/kiosk-common.PNG | Bin 1849 -> 0 bytes
 windows/configuration/images/sample-start.png | Bin 94324 -> 0 bytes
 windows/configuration/images/seven.png        | Bin 325 -> 0 bytes
 windows/configuration/images/six.png          | Bin 549 -> 0 bytes
 windows/configuration/kiosk-methods.md        |  26 ++--
 windows/configuration/kiosk-prepare.md        |  35 ++---
 windows/configuration/kiosk-single-app.md     | 138 ++++++++++++++----
 9 files changed, 139 insertions(+), 70 deletions(-)
 delete mode 100644 windows/configuration/images/kiosk-account.PNG
 delete mode 100644 windows/configuration/images/kiosk-common.PNG
 delete mode 100644 windows/configuration/images/sample-start.png
 delete mode 100644 windows/configuration/images/seven.png
 delete mode 100644 windows/configuration/images/six.png

diff --git a/windows/configuration/TOC.yml b/windows/configuration/TOC.yml
index 90c2e725ed..8670606e63 100644
--- a/windows/configuration/TOC.yml
+++ b/windows/configuration/TOC.yml
@@ -54,16 +54,14 @@
       href: kiosk-methods.md
     - name: Prepare a device for kiosk configuration
       href: kiosk-prepare.md
-    - name: Set up digital signs on Windows 10
+    - name: Set up digital signs
       href: setup-digital-signage.md
     - name: Set up a single-app kiosk
       href: kiosk-single-app.md
     - name: Set up a multi-app kiosk
       href: lock-down-windows-10-to-specific-apps.md
-    - name: Set up a shared or guest PC with Windows 10
+    - name: Set up a shared or guest PC
       href: set-up-shared-or-guest-pc.md
-    - name: Set up a kiosk on Windows 10 Mobile 
-      href: mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition.md 
     - name: Kiosk reference information
       items:
         - name: More kiosk methods and reference information
@@ -80,9 +78,9 @@
           href: kiosk-xml.md
         - name: Use AppLocker to create a Windows 10 kiosk
           href: lock-down-windows-10-applocker.md
-        - name: Use Shell Launcher to create a Windows 10 kiosk
+        - name: Use Shell Launcher to create a Windows client kiosk
           href: kiosk-shelllauncher.md
-        - name: Use MDM Bridge WMI Provider to create a Windows 10 kiosk
+        - name: Use MDM Bridge WMI Provider to create a Windows client kiosk
           href: kiosk-mdm-bridge.md
         - name: Troubleshoot kiosk mode issues
           href: kiosk-troubleshoot.md
diff --git a/windows/configuration/images/kiosk-account.PNG b/windows/configuration/images/kiosk-account.PNG
deleted file mode 100644
index f78f9b9d568c9683632e9c41cd739872fc87d0f3..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1679
zcmV;A25|X_P)<h;3K|Lk000e1NJLTq009&L001rs1^@s6>E`AJ00001b5ch_0Itp)
z=>Px#1ZP1_K>z@;j|==^1poj532;bRa{vGi!vFvd!vV){sAK>D1|&&DK~#8N?VZny
z97Pnz{ht)XK#pDv_y>6KBIGLUQIzDgVB$p-1#?&=|3JXNuDeKjLB)VU2yqyYy}5xU
zr`^+vNLjCbbieoNb#;$D?)2_{zwjZMsjjM5uU>uAGqc%wt!Wwu008SC7zzYI&{V-t
zAP8EU1`Xw}zyERfzgxI>?>FwvkN4agAMLu=0RUGXI_q@iZ{2I$_M;cU3x-rRlpmL`
z+|9cO=41eX>&1;b`)>dF%j6EWOhX|j`taLdy+iGp0|NlAD|_ztgQvZBE2g24nb?B?
z0KjfA6-$Mo(90a$nE(Ll>;<pT5{5#zF?i1e05Asf3jNYY7z%xwV|4@o0E@2={s`WY
zB@Bf=8n!wC0D#2@-~1B1BTE<xedcU+0ssJux3_-?-jO8?1wXU~09Xb30EbH$iq!!C
z0BUf-Pyhgv;DVt504Bi&LjeFxf(wQM0GI?93<Ur%39fk?%EJ>U|F^)oJA7zd_g`sF
z)3~Q@C;Z+2X<fGgc8;BUwRmQ<J#&X=eQhfcayy^(UT)%^EE}us>ccf#L)luK`-qf*
z_(QOqdXQR<+;ZIpwMP04WldaZL%HY!4nxVBr=eWL-NMWd6bxkwFqDggYnFyG_At?P
zTzo^r9nSHQxTYPmeW{b=uPYB&ERw8cBkyR+7_D}HM-_VKapjm{-nPF)j!$EE*B5hJ
z>&b2D`c`KrZi}8*>oxBPTU6YI5vBOD*!*$aEH-{EX2b0Aeu{QJMqZbWrHC~V#$eJh
z`^P+Qx*kPNk52{+Ma9&{+RY{MWaUD{+q0$(!8Joe8Rzz4L)pf}#CHXoH>e#a6dx<-
zyiuZmejH=qMHCB28%Etw<i_hU>+9^skHx5CX&>u#>3OJ~7qB-*Z74BUl_K@mb}u#c
zI%0g?I(+*g9*8h5-=oGKJc@HDX1zC_eDJz<ulC^S9MyA6Y%NZ^`NMc!JVUh;_Ld#`
z;(Cqm-?hnn<-R(0nF}v%LOib<hU=0Viafj-e$Ye#2GqE^X!&E^7Lap_Lp`S58j}iD
z#Mlx0AIahpZSlD>4i7hxa2WJjJUO1e_6j_=Wu7zk9ub2v8@Uqm47HD{A&$JhUOU#h
zR-2En-^|}YE^4{m1Y9#Tl%9g)m`RqKQ!fgS9)myT8`?6_P{P4A)blS5^$*g;mfGUj
zJ%y~-*3Qj}FkGXatI)=imEtP%km%W?Q862R#eNR8k2>JAUsCz{YVDZo8k#S*bLE_s
zb9rcvs-e($FqH9_2byC$G;L1*MyXBL8^s@o1E@AJv{wvc$WVBZj3D-pcPP5x_}J!w
z?wgCRA+I;AwO*Wh4xU@{Km_bPA_im5v9WeB&rti|0oSp~>+7{+t&5)Po3D(8uiwlc
zuYY5$wcKt3u6Y_t+63!R=hyPIDZ+F@;=3f*iy~jo#utxcf$*Xa^Xc)~{JOn7G;#jo
zAobAoPq|=g5n~sIAm<V974Smj>#drK%A1ZSjHBAqdnh3%e2>PyhoTQ?nnTVhYhxut
z(f!pL>b0ZRpRZ^ACHnBo+KPS4cD?p4Hz}_ozRkilQ$va5jp`(eC?vL(JP`Gw@R&ta
z7Fm}5l&3AMq~TA2h*&IKb`k3SxnGR07&{!$PPMka_2*odF?+-q=Wcnda;tL1$B=u(
z@>`2pw|i6C;rprg%2Vuj+h1On5pkWJx+SZP!P-%KpYJ65_EOfdpNs8ZoGX4xlqGVJ
z)_Tat;3ho-xMpoAv%)B10H#u!m*NuC9TyB`6y<F$0P6sTaxIXzv_UWv@IL@U0RR97
z7YqdeFbOVUDEO`S0Dx7f{?>bZFAo4<6{_FMbL$?yIS>Fap6WLTZa;cqb^-tZi!b)%
zk7^1-p>I;ZacAG`2mk;a@(S_{E@3F7{pT<J#dt3T08r=gZ+|A&=u{XA>Gp%C<^TWy
zK)nCe&&e&MOhcjDm}n}vQvm=-$V~K0oh;K(vYz~Y;%?qOFb4$yTrcQ76YFITSJhBR
z<V2tEF5P=y{^Z{I^oe`xlkd&R0037DI_q@i>Fj^@c+q=T!Zm0p5ClPE)fx%_08FQG
Z{{p_)@^>UIFNy#F002ovPDHLkV1g}4BH{o5

diff --git a/windows/configuration/images/kiosk-common.PNG b/windows/configuration/images/kiosk-common.PNG
deleted file mode 100644
index f5873a53aa33d61a16a450dfbc982aef98de8c59..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1849
zcmV-92gdk`P)<h;3K|Lk000e1NJLTq009sH001ut1^@s6D^Zo%00001b5ch_0Itp)
z=>Px#1ZP1_K>z@;j|==^1poj532;bRa{vGi!vFvd!vV){sAK>D2F^)DK~#8N?VZ7H
z97Pa@d8eE>AR%$$Q8*w);f4f45f^Se0LaMU5{_IV5P=OGB7q$dfh;50jvZnY+c<HY
z*f_*aGgaL^Q&n9v>v7C_?EQb~lXtg!daApsf6t69?Q5gaC;$M!Nniu9Iy`zA?yfx!
zzpg$C8$17m{pW|N1%jZ9EZXa|=kxw2FKCl%AP=_p!_vd2=^X??)2!94XN)IhAmlW2
zE8F4uiz9wdF7(;=OX0mQ?}WEM`5|0-{{{fyf<t?q_B`$V^+)^c1=$<y)rc|>>X7yI
z{Dbi3)$iOB005?gH$M6{T)(}RTtRyTsWuS0ZOK<2AAEJ!9Si_4om`%sV{f1<5b}zw
z+CcI%54!U31^@s|H~C70ydvMq)CNMLXCAn10RVW=?M!|q^824V{8JeSJv8wS1ONcy
z(;JKI75Q0+G7x(5>Kz0C07QNk;$DH^PqhGmF5de1CVR!s-oN})8HjfP002m&U?2d1
zUP!?}006y^f`I@4dLab^0RZ$u3I+lI=!Fyv1OU(rseu{Da)|%u)@X6$^*bTgHo_K<
zdJt}n=ymn;n$zzr7(EGLcOzVJ+Gf_Pkk^-s&-+1ZJD~Yqc;>^c-4M1G=AE|ljnr@q
zgf>tmZ5UP2zw*Y(#Dt!zA)O{2268&UKu!;@mZoQYrG{Z3d}Z)|FaE$23<Ehwz(BGF
zVIWr)4vuw+&i#bc<zd=@GqO(}v%Ymn;*DA+oNpD9wicFEk(4p&B8u%B{2AXOrEzu4
zPr^)nyulbqj3xFj&rPvQ>2dvYn)$j{d=hgGaelc@BsoTowdo_~kkp;G6l02yrRHwh
zNV1)CU7b_*=`?0NPZ?YLI!aZayY&^<sUEMGXQi%r<-T>FSZ}rLu@gjU5C)<ax`mj`
zoJ1lfvM%1V`1Lp`sZDX44P@SP!HcBi;?V{nljazR8b5s|inkm?kP0jpUi)!z-bJD3
z{&@qXwo9XGGxKXPUtTL6tH!J?&9yRAdTnE~SC4TWnq#?tCAE=Md^&IW_<Fu({4(~K
z2b=e<^^)k?o3D&V#L=1qo%@KcCqj*F=2_IIT^BPCeg10fDzEwVq>(x&2I3{mEGi{H
z7IuXm*CtrLFOzT2X%pDDJwoS^CMZbp^KTt9k8$%<@!Jh&`yAupaXFWaw@!MUi(~D^
zuw&Ty6!GhIbZbS9!N==0Zl6yauWTEayS8?{HY!#pZ?fH+myDZV7kNJ$qy}LiT?vl(
zg{zV>CPC#G;=NOJeGQ^)r|~^G^B^dGR%tLrAr)(73OfJxs?-#D6OS(Z60evUcb&$>
zN5`nVm^>7Dqjq@?IX7?PR>-)V82vSCp!u@uIL779i^I$-je9%;@#kgZ=J%{J2a`l<
z5C+m#m<=t3LrKXC{K^KRlb?$ypR+7N9h2W~$Lt`*AMcSnHh?qF_H)TOr1|m{h_jZ0
zaxNLWh7szY*SR?MR1KuX+~he<U?3Up$K#C4osKC|u1#M9vGbyKH*Om13{6C87zR?o
zi{)+Nw1AvkwP=(uk;Kjf<^FPf`93C4CM%xLj4#e_+r1)f3bOgE6%oIks~$VfTNax-
zPc=?c*s{>Ye0h`E4In7mt8w}~1Ci?>H#cMQP~?r;WuDDu<vhqdn$6eCK&oTc#kp+`
zR9q4h6JzF8q3W-gr*7x-$+%Mva@;fPwoT7*l1L54Ko~9#DV>nG$c<D2$0Vpsu=l=^
z{VPl!FKhf?Y06_*ZXs8g`15fzemS;|Rn0pWUQ+A)^IEsX(>jiwlanJkCXJ)=;>1z3
zcNhp^>O{uoZLYT55PB~9xX#?wF*L{2^_k{F$JenH^EB=0eXXjm{3}d7HcPMhq>&ny
zfeZ>$=m1O@YcNAW3I@^w|28ncF#wnte1$X2Utm%&kc7H?B*8quBr&&TLp2XV3I+lI
z=!Fyv1OU(rDHsR<pchigK=8dV0Dvw!zZVAIOa}ny;@vNPVXwe<;{pJB)A`-F^v&D!
z4cy*=0D$S{^$))Z_cougSNwMWG5@R$WOXYxT)(~M9t;4OZf1X6VUHlMI6QjEua$x1
z59vO~8vp<>oxJn;&+HGx%H~t{2~uq!q<mjPoycwIlEoVg05Bbp2ap%!i;MZ>5n0MW
zs1un;?o9VP^w8w;>>U63#ybH3;9^00o$f+t@8@S8<OyUR*&DKyfn?qPdoL_KY%WtE
z2%28e;|+P+BIOzgiJa!nz3uSR;%4~cuidbB@FKN95Ok46d!6<??R|Mi;;Gd@AP9oS
n2?hc|(1}$W2mk=|XB7Se0HcyX`XGPS00000NkvXXu0mjfd>m+p

diff --git a/windows/configuration/images/sample-start.png b/windows/configuration/images/sample-start.png
deleted file mode 100644
index 8ef9cc928c9559ee98d7e7801bdda01bcdf68049..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 94324
zcmXtfV~{9K&-U83ZQHhOn`dp?-m|uC+h=XtwvBJ^=dJI@)YNoWPfd4{E4h+Pgo2zn
zEEE<L00022q=bkP000mL005vQ1laFLz3lSI?+wsNNn8k^W*X=0_W{IQP*(7FDh~S7
z5cKyM(q2N-2><{$^uG&Gw*WZ+0N|%sQbbV2UGLHd)Zf(H<JrkaXGQlQ5;Tki1l|@9
z>feu0zJ&Jcggi8A5p9xC6l&@|NUDI4zW_u40wG<eX6oAA#WVkm*NofCWVV<2^<?bT
zwTJ5t=ZSaC&5O6=G;F??6DBACp%ifvC8E@74iHFMG!wRD5^Pa?S_iEvp}6EY<a`;{
zQvy$M`F$EJilz2Z#YWnsSs)VW1eY<;kslW>La|IK^)W78p_B}+Ofr0WWh_o43Ti-5
zptEnXe8>`nqdI+!nD2RUIU6rvEPj~}hm3Zdb9`wHv?8a3{5e)}&SR$b;9PUa0G}mn
zqaLvKfP&*vsny=NxNGxQAzRe-+QoMBIg5b*nqZ8TSWv1~ftI076zO6FDc~`>shZjv
z<p?s2l~%J7cX(Mf)kjQI-sRCqdqSJJx=Hii#}-#Y`%d<bkN*KObA>ot3Ind(yyerR
z3;v79OS5kZ!=nD@(f&}fybZtoF<quhL&dc+esc~^J~ToeVszGOE?K@BRh=QHl9HJ)
zG$YJKTbJ80xzT~snpRa+L|#%EshN_gG@z5JZ7dJVa-jGY$D9-K3zc}Uc5f~KIXe*v
zjv;GkhS<fV?95&Jdd*T=Q%1qC^1+EnU~V0UBBMvyj*AK&6+Za@q>dQiF_clgtw#f<
zVxbZ8A`Rb=8m4unL=rAD(t(fHkzUNLNak55-!a#bj>%N-<tEJM*N1xmH9In2_|USA
zwhKY;y5nCEj=Q{fmj)C<CZcRLXmdTA6%<*#PvWNt2tQxzf5JY2`wE?<TX{R+5cW-~
zmW7HWrd(qREK1@2B&$eUi6!{n%T|#IC{miZYB9655m}P}ORDLjVriDM1l$XcGnn2P
zd6e#!E=MP+oB;#n30ALsitUo@qK{c6h#QH>*6N&6{(qsYpsc2q5RrK4B^eA|zl+dv
z+B54gk|Ibm6F>zacrz!K294zO%Vks~JY7u>;d;a8vv!B*`h@&rDmFcvV&2dtvI_1B
z*WuO_bh)dA&|JVs(e-GZDP)!IvkkIQj!A;b^V`lnEG^`s;<?gGWhZ2MM^~fs`nusX
z%{1=u=os|%%$MftTgJ}=W1(?2VIy->%L`h|Fj5i6uq;puIWiwV_U`vHQO8D`flVd*
zwYgk`5!;b9%fY$bHGq4S{gg~=mdHyVKu(r#rt=j!0MXzpke5O#;eXs+d4$edZE1W;
zCpo{4XOeme*#M~v4=NR`AR=ukOldjC)`j^*J6j54@)D+hwMWy!KUVP`OM~*e$IPax
zA3*tqpa!d!t8QkXdC60OJjT5d1H0($a-W?aO5OrR0QmJ`ca{Nyi>~so<m!o#mTHEf
zH<)O}y)nl<o)ITUV1Z487)Ws*D)`&exJO4>rH7NLGPskFLX%cW!=C7&h*(E$t55Oi
zu@HLuE$VW;31Q#9(9@|s(PCjo#?bVUB~vksR1&9~4N+l@&Sd5QmoF4~upAN!YGCo2
zF_n_*d?uXIKI63O*7lVSMaZw}E?TmDRJZWLFW*=&SQ-?E;GP$G*!(!+)}cAB$Y>|~
z6$?|0{l)5l;bCK;$JI)x_)8fOd7%Lji5{ChLU1>G9#B1dTk&-zd3Mr>h_dAwY@jt8
z2i=Qzo}7S~m+o&!!8@H9Db|0!wiJio@bJ3CC}>Cx*Q$j~(5Dm#J7INs?)4qJOZ=!T
zsHdw>DKWzkeGps}JS!KdBwNW;!K<5?kVX$oM4_0`t|`MT#V_E0mUpaHo6CZ;x;iMt
z`q4@kEfzE(^RX9PwwBQB!nh>BeGyy3aFUj{7)mUZ@2j0DR$WJ-|1|DIg(0Z;I^}=n
z2vV*|K`m;jIFRr+#J_SoB=ROWfV!={4+hFl?|dQ^-LHjgs6HHaXujxM9lEwx2Aova
zFo`2Pj1zF7H4crDdul*j;nBRykyhCfQ}B-I1|qW6Q3n@h-o%-+m0hf9R^JE=>PADs
z$h0`ECYGzT065EE;YP`;DxL9EP1dCbLW(y$4+R?`T$4VXYVSc-!9+a5LN!o|^72VG
zyE~zv!3j(DSsfHr>6KO6GVtC`+sx4!<~DJoYP!0kR{alCrK}vUn>22Tad)wGvHm+N
zBk(-CcC-Txg$L;B@H4V9_QN3Rrw(exx*D?K+eN41)(l2ZSDUsAx$G$U(3}ZYDpivA
zSpWoci8rO6v^Obf@HDMyreb=-ea|K3KQj<f{c;j0O0~3?e^Oz4gKej0GXoDfcOZui
z$#9QHcE0E<dJh|K<dm9JdpdxA56|oeJKJ9Y{zX|Rx7Ki_yo+X*YG_W+*D<1AFX!Hl
zT=cj5OKK7Sw1Jr`7<2283cV<OB3Q(;?axCD?M(^W?0Eu>>>Au%J2bMgbSz94N3+v#
zJ}R#)E3+~*h+LPU?6$|9&=fjUoRLgL)dkN~5-6hRuB2M28xBB$7wczwP-Z%lxR!}2
z^}m<l?XPNUbGZ|l^3S`&_7Fd>I=|7d)o5FZKEnJyK)_sgX3UCQ55@mpnFC=M+3;eF
z+0DjT<(HvUXE@LX*pFEdrA62WQ2BMa?LjQnIS<~=>HSm(VUDyzDD=pvS9GQC2D;sh
zAQ96LI#*HRXM<AJcS)76HB!kch%FLzWnl9MzI6S3x&M>?hDqgnF}1j|=qILk2T*Gi
z?7e37n_|0Q)e1q*@1<xC;!2}ML^e9`B+eVPe^L|ESq~nq{D;Um<CA6?kKK<xea~8H
ze?Z?G$6Be*lujbdYfWtnl(l=iuJ6L4g#Fa4{nMR=b@q(%<_%ND_S(tvMo?I=&a_dJ
zNYeHwvwClDnNqyMUXkY!V8->R1uGJ-9kMs6`*{hjl*6@B_-A7Ef(!LVOEV#aKstiv
z({LpqtGzYAnLaJu&4md!>)qa0cm4BtD)=C*Qu*xxJ*1|F!=?5WW#%q80N8y7yv$ht
z9Y*JUpjUv}<(wE_2)EM_RPSZI_wGzXk7#nY{#2tI$8c{{7RH*rY7oBXb;tc*=5_!&
z|Bt2nxoBKpVeYr%Wv?H8X8H;oN#MRMmP}an_T4focT}p8-N{muD7rW=g;pw@`b&q@
z=N>y~t~t6n?+?`m1T9KWFYj2~`a|@7mU!FaqR^Ss*Hm8SIj|u3b#VZxkcyCn{uy`B
zzVu@7S`PdeW7m1JUx57QOD{9LGrnFmo9-Eer`gD==eSyuMmlv0?cg_XSlz|4cKy@m
zL!IM4rez1n6}<^efWaI6dYp-OPluB$xAYws>=jKEuj{n{<!L@(a5(r~m{3$R@y@Sl
zF9zpZ1o8~Z%T*6zzUL6TJ>H+2sY`tu5{k-6egD6pu<K^Dmj|}nRyn1)=pa&hiarrV
zdFydSOTkzndFF`dHu+rKZ*wV$HOr(|ao{1ut+vCI{F7N;Q>*+I+@z++2#6^BSv!^l
z<cMHcYB*ghugCIo$buN3z91*H%id)69@Qbzr9nyeGQ)HKhF3XUE~RfH;6Is{h{i0q
zp9;n$nYSxqw~V+MsNcQnb3GkaXx$7hfT#0guWC<MceeW+DLlAZ!nmGoAGj4qa>Q`C
zgPG-a{_q?<ce*K!#4>uLt-2=`g*wDt8Z!*KpJ8uD%=mp%3uLxd@KM*{qOIAw>@F;I
zo=ZJxc##Pmd)BCre7`@16>=><RE+`w+dDvgdx8I)N9gCqJ1vFq(-;n0YJs36X)Gs5
zH|DXmN<icrC-YM(3!m_vzJu?4L-qVD=<gNczcOHhVmk<$s~2&wHcA`s?%F=mUG%&8
zIivD@6xSZ?CIEV$K<5sq_kQW}oE3;4lxW`!Ipy4ubRBH{#P)tgspmJUQxhnD?nX{{
zfacu4LOZw{AhhmuB6qr8iOI{;w=^2_Uf#_N6G%cQ0<YR%3)}z1s5f2$1tR6)EmrXc
z7Hou&Q21g<DuAb=J-D#Cc-mB3jV(b$nhgcR)t-BYf2Qf(QiH#(SX54i=W$TP!3fJ)
zqjm&VAffna$O@5+b=Op#qUP+|3$_OciC#_Up(;TK_I~Pe40ta_@qZq~WTnN@9)RnA
z;Cug=_YR5kzeYeQ&ZZ-vnk9j%jT-FU>YiTRjJWy9;C>w0?Gi)`yY<}eEY|ZE#QK1^
zT<W?{FXTkJb)5vgZme{JWb0~cz#)F_n&-rJpDHfahm{+@7_8**o}OI~Jj+(z)s^-X
z6c`uMa5T>Wzc6qXx_?4{Bk`N+SUjztRpoWn<3@IMwiI+Ew7uUK>Up8*e7$EjPCn8o
zW>z*^gPcsise3;SxY--NZB!FeEKi^I&G+$7S2L%kE6{HigPcKgKlcY`#O^;3B_yT0
z=(^^}C5Aj*u<fp_=vkY7heP8>bY6F3g2P?)`T5=VVi<udmBa8!wtP*N@<I1@Tzl$#
z7t8M+`Ms^U4_fQRT$%IXr0Tpv=sY&@Gb1^gxDP?&V3?98wS8pTb->d5UPs+7O6P>L
zQm5`UobWU|eit>P+l(wK0)c1{SoklZ%Qr*i2W&@xeNuqq5t9);<3-*RFekuesH+=5
zY*`l%)ySPLt3^V1=+aO?rl{vm%5+ZBs{Dz{4qX%AYUvE)a>aG|V_N)%80SlI-Erf#
zSl@ck%YWy~mg-tGPkFvde~>Qk3+Qqg)Al*BSa0Xfy?tA;V)(&{zMnY4gM!X`A<E$`
z!sVI<SSeuTeEDmN)$Du!W_%%Y-rGuzry`HqE-~e+PBp5-@mGW5{H~#24{Tm`OVvNK
zWan4p%%QPQlF;NYg}st2aO>$o<q5xicXOJnO!xzKk$Ksnc5X`8`1~;BKA(LR`G{~v
zT?llw3+QN~#E;J}uuk7L8M;V;HX@&$lZv%F!Y%bdCaXRg98jS^OZbDAD%BW&z2G}~
zZ$G8>%rJ89mlDt3{)ooWAr$AP=gHQw;o$lb20rFUZEY{0g+Ab+((80w?a%_=kH+DB
zQI47<YLd?j<TO^#mon3HS_;Zw+um_!osnj)%Ps(*8I0f0N_VXNq`0!u>USHKplwrC
z^@`P1RWvwl?M5ScMmvXT$&v4x<+It#`xo50H31v56s-xFC7JAkP(a!2XTVvzq9E5x
z^K;DP3B-8qu#$c~9=m}LngpCs)k#Hc_c2#i!%@Hc{)1i!xz3}+vRfKgiwJJ#MAsjU
zMzDjRK~&rgS=`K`*snFaa$|f|P91B{=J}l1^HqD%k?%C*DY+KnP>(^{`T8#bvZ$76
zxzC%U+>wwt9|k=8V^Eneu&Q<n1+`ed0gIqKw`{2{XL*G5k@Ik$%><+1Y$7)%r#o5F
z>8YeWuk5jQrvmeA+4^dAUCz7>yQp${>(9hfy&&Ez)mSKb^;ETpC#P*XQi)!THw&Vs
z+X&?`7Wl-t$6JD$&!d^U+?y{i0>5}r*_7l{0cq(dxA`u|BGL*>;vjl7X^R^R@l}*+
zpfN*HKm6fD%fxJ=fqT0POU|J+OkHrQyY-zd-KT}#DrjP(ZzysB|B}4n1K7YU1UdhV
zgvn#aXccF<9hD3RV-4~<5s<-lw_~Qi^9wY?G?W>|XNriY3Pn>O)N!zed#A(DgY?X5
z9QTF7&eOR_)FtHQ;O&3CZgzE1V<v$uW|?rkrfPpb)t5ZJAXZgZIjp6Lq~b4^HCYR+
zFs?RLL3icC^ttMJ5?4zrurcMi#(KyB4#Sdy6yXpjbB&5u)YQ}a*|gfFMAAoUb>HqN
z#F#D$yY3h3rsE1+mg8_p-~H1cVP)0^vwViGCBdojtL7IEr0(Y$j!SNSSP|Ff4|cxB
z&;q~=5aCMVmh-bl<{u^}8%<D}P@4LI=e%htw`VE7f4Wba@YTWRq6ppNwNUq7+DHc5
zA}TaCvZFYLX4P^>Gf<uf+TWO^wp-CJJwJmc7u*4t0AgVyb4&k*r-fqw8Ff*dLR|OQ
zkw4?{_``Rf=wANuvfn1A8$hP>W!b)~c`>rLhq+j(Hq3T0+`>FLz?Am^;?_1Dk|<?<
ztyKTQY@Z<f)4R*a@z8YD_8BIgipe?%fsn_zsIjET;(q=KDypxTw8}2aGv~9^H7CFg
zOfjDRD1V|hwRR&vgETc%gh2Yd!K>WY8&_NRNK+5osg#!^<SeDAEyJut1~Zb>I6(X;
z7W(#*LoRsDS-IHo5<JPuWCuV?ug*WkFT9AfPz)#ACn2@-+Tx}>QZwxJbI=<=%$>(h
z-psnNv^MA%<-wI=6Xf{f(^>!0XXt&p<p&<U9rS?rVZpOE5O#oj^GN^}rmWFx1uEco
zG0hD=<GydK@R)M3fO)>Et_K#q6?PTp$uZ4iire#gg}?vP^EI{V@Wa=2Qtc=Fm1FW5
z)I#N?BcL1nk7+QW8nW(6bBp3uvuRLF!9K+-wEQ9K99hfs&W@jwi#!VSXv^k>g_!ON
z8A+dd!T5NoY-Q!1G_f3kuKiHxf@P3c-2UHD?qJl<r_17-xcy2uHv<EMi7hj+B+u(y
zs?lI*G6uH%zB>Om)pE`q163AJ&(Bir?#<2@zH?*d%TJJ<?+^KEqg$^ive_&9jwkz9
z^g)aM7s84Dr_5#B+p*Lq33<B?8n^3}V&J5YKfvF9x#C!Z#zd@ybRYLgbGA&tS$KLb
z<gFQyX&)P;A`FpX*%HXbJM<7jqy71UR`}@ImGG7{GoaEuT`rpH4m*Tc=}t-)e5`bN
z(22i42KImJSn$keE0~^)DHbE8b8aopSBV$vy&V3n{D9N@K4D9s6&br32@Da+;c|0D
zgX_P_{LyHwDKPGRVXfl*5DHZsdg*<o{ru|vf@cEu8+!S95q>>J?ahnj9hD$L#r695
zdSnjXsClQF_S=tgI851?UD}Fxm|l$}7XDyhapayK^SV>_dpa+cSJF{ddB}lpbLCD|
zu>WS!<|p@9u~uyXB@<>d>Qu8uua@onl&8*#o$YR^!y13YOkdOHQDchMXr!m*k4p?z
zDW&j^bq2s~T42h5-ndL=d7tCH#>5SM+H7%YH1=p@x7kQ4a!)geNNIZOGT-5KAG6*G
zt?c>o$Y>lu(#-;4`eUjy>#Agha(Y(F^P6I#QP5TiL;BE{aMvAocQp-by1&dj(R#hQ
z=ui0TnTEjjapY|GQl_&R(5^Mx>0;?oYs_n|ptpHGD|148&z@_UDgAmOV_MO`zrRxd
zC->?Km6t=x2dfay#)T`zR&3b45@x{({i(RcbumZWGRKhD8d?H4w<Y?u%X|j^HnFt}
zTHWW(n&o7&yRxxCh&DT`#LKVI!ki}&02)FSAUV(#^-_KOt%|JxQrt#cGg1MonD|^M
z!VKHV4w|(O1~O9M<egCvHv_5b+dx4=4wEBfKWvk=kR}wKI2V5yTK|jv^*#0b1!Jch
z9w86%H$&rdX67}d1LGYj{Uuc3^+I#H?c+WrXq-HG(eL8i+l{@kY4k7H7ZV|=U0n94
zZNyXbk1JmkB>vjNq|3C#%ruX@Q@ZNb**d{(ImAmo;9(>8-9WD=c+dAgJH?T6e{=t0
z=#{zEv+?!F=W`vO*#v+Um_<6APuam8xzFP$P}%sVW<EC%QMt9#C*#0#5+UNieUw6c
z$Cb&7nxq1aUNa~y%XA`OK%hz3)#Ij13v-r?;EW@k1Qc*TWp)0#;_Zy*8!+o9Qccc+
zyiBu?NZ3ElwKqyKN1~Qa_*PCcaFOanKg_Gu>5M3)3*_JTwq%viQVK~5q~p?Qc)FXu
zyp(CmUkRr<L_`!|W>1Ob@d&^!d7wo?_Q6WQLIH9vwpNkPRV~HINMAG&JxtiAs|WBE
z!Yg>r7w_Q}N>id!!pEL1l^0dP%=$8uxPlIH&MqLuMoOwFa7?*T(b{{+f+LW11h?xg
zxMVgB(q)z%z6|sRB&M;So*VtXyV5>!38Cc?o2kaI-gL9NoGwkhi)Q(H>`M551M9rK
z#wR|xMaAaA4rzSb2~ld^yB_ulP8$BU*EHYFu%h$~U!CRIG^W>dOkznT5o5A~=H1^3
zFF*Uhl?s>=ATB8Pb2%ZxjC`Bau;+@%b-mXqN|K1)Ee}~H$ju1=<9eYyMcS4NTh?3!
zd8V{qgiXt^YthEkb(f8;wzH&r*}uJHPO(Slow|!3NMsUF(6!Ek>BSaPpq8xnFx?Ee
zfzEUE005>?=p4B4dSRtGb+~9}KY)pud`(?glxVou0+(PJ(6l=WJ6)+-*D0>+>@0Q<
zx2{J7H&AiExfF?bZ6;ckmQc{SX~<tcVGB#e^&I?~7>C<b9}4Nex4EU5e`xAQu7T}A
zm&q?@y93#7Z6J#BTu1u!^uD80Am6)gB+?#_<~lPK*#8b@l9;(8@(U0@|NWAFe8GQJ
z=IVzvy^|ze#Q=Vs6!7Cw8Oam5HfIfU?ey<h?#bO53GE4MKz)yB#5N-FQJiGOmVrde
z*G?51pqc3)5OoM?CDgBkrO>WrDG98}EUwN^F1^~Y{!dBO#l4OjEQh6eeH1A#W+@CM
z{(+8X_Uh~g+B(S_kjK(!Qgx3c8^Shva%2=YzLQNcQz&$N=yB8^X9^e7u!n(-m9QTo
zfujLFw*8$i=8lXH)|P}k^9AzI>$0F7FZ|prOz;T1B7t0@jScYz-sg3`=}CBzbb*~v
zScgwl^~zEjK_xYwEtt{BydOn~&KhcV-lw#@Q*A)63d;7%$p;Y-N9tGO5$oB#FwQqa
z{dR2F4mKOj*7-S|S`P925d(9o_Ag7m`(rA%VO!CYps}PfX9ynwN~X(U86%)!5`T&1
zL?Co8Cd>?^<eT%g=7y`K%bVi;W)^~=NHhc??Hh!G-UF-iaDW%(my(yN$tm!)R`U&3
zBI2k(AC&E+g~~$rw%TsZf#04+itRTE2%UbQA{i**r2(bN`W&0?AI~JWIs_j?{3j~#
zYxqpmGxhy&p&Y5bmRg}J6|+0o6l*^ZSN@T|E)b+kV%G<a^R<a%!$TJD6!+(*YAvdK
zB`M%6Jl9(8-k;5@VVf=N*?Xs=upV=}=VZbf)9v-RnBWJiAa$^(Qu80sf)*n!Q+K};
z#AV_w8EOVXkq}S-%BjhSDlEDz@}E<#c*biR_Mikp>)V6mQ3$8{if#^>pB(-BgzOP;
zxj=cBA@D;h;Z<FfCk~+=we1<VP^*jfYIWFt7o)&r*Zvs+_SUQxdUFbD>An7p=jWeu
zzLGyMB<6>^KiQmt{!CZmpT#IMPhT<7h+D{S@x~G~WF?}A*)NCPAf3_Yo9DJ&b$xE$
zTaqp0IZ7kblB(sLnYPpAhX#(zt1AxPR0q01L}@O{$U0{vpdbh9dd4sSD?>`+vimw!
z9CzUYy<|`pV#Z!1nS&9bdVH_jMp62r?p79xO=2WnWIsT%q#WxiL6jBODk{?L(D^Qv
z9aQqKWw2QqvIZW%?t&|ef-u$ecu+5&#Cfy7QCJLGZ#`d6j{D?jZ8qd;v(KcO5kq7L
zMnq=iK@UYL9D3iO+iOP5zZI6v*VD@gN!$(H(pqFz*LfNj-)p=7i@j2+^9s8_0Zo6i
zR4em9<p=vUNiU(mmXK!=HKH2tc)(JkP`hYZiWww#56;n(Z{;dwoPf3G07*<i!;pZI
z>Ef<{c|M1ErfIji_%WLvv~wlYk4W?N9JaM^sj*-CMO5^d)pNv1sBp7wcX&^C>N{46
zk}847os7*~*qUWh<^A^1qH&vgrc*p}REtJOhZ@1Zt(E5Yt;jyx?X*!g`T4vc1X4&z
zb`V4wu2kDUHXU==@!rah2H89`K-#-aBH-#9xSutuv#&5>&3faBJeBK)o)h5e@-@x-
zyNkrUA`f-!La*nO(Ezh|G${dvSU;H!17Mcm+_c4k9iK~s^485ZmGM=1h4W{J{j>!t
zQ1wP<9c)$B*kUCHWx)t_Jq=qfk}C0Xfta``Siko7sCnso#=#JJJccc+z;WY5Y%l{8
zTe^!iRsR&bV`x2Wy~Hc!w_4?XCdZ>%FaA%tZ1oc}B{Uz8+R$=rsVg^?V@N!~J(*HG
zWNQf0_(<CS^keZDEw4U1OF<uzGv7=dbH=%V-R?F?W(#Car#Gugz81Ri>Nv+OsCw2B
zi!9sxxWka=`Qk__tS0a}PA>&b#ca{*y`wg<Gifwpd?Go0zSygFG_IZIYj1|D7fJ*&
zGY|nh4NwKsD!92aiLdPXOO)2Urn9q!kmIH%2U{p5dWNq~jWHe5E{*dy^+eFuCDg6A
z0Vo}l2jP3A3Y;zN@GRAeC(MkYb2#~i{8)vlp*rObha-p>P|ps<VT|lxg)+rMJv6NF
z?jAwHF|BmN8Q8FT8(FW!&vYy3%1lTBJCUVC|0!vK;vWQ6HJyJC&=`!B@AXk5cT~ou
z^I@-kA~WL~NYs4@A)B2SE9A52RK)JLXzs#aoV!MBfI*JDSVIDc22S;HmNJ5lGEem+
zf=;&BqjwSEo3Pmp#DTmB*#UIZ|20sfl2E<gq^N22kp`UJ0xTktH5#))l_=BvkF8We
zr;8$6&X|sMs(haljlvH~ILfEFpuZBU2Zs%*HuiE|;uw++k{nm1gzAAS-A(P=n%Uk|
z6T2v#lAvJ;LG)^XOs6TWw1?v#W>R?`h+@R4ecC*>LFlb|N$;k)@|f&$W?+hPgt#X<
zT+ICj#I#Sfc4`DEkYB0uS7}RO24i!VngUK2pRbO<8spJ0cJ-fAH;;@Z)S8Y%{rwzk
zLZ@cQ{xxo*6Svx#+YRw79$_0n)g8Qo*R5&DB!<XpUq;|}#@_P@5NQyp*!wGMJ=IaU
zBaKWGb-Aa80{g|#BeCZS_8{ijr3hsbBvF+Qu}PkMy<58M8r&rzN$1;-m&^}FZT4of
zr}=e=nEiCL`!e4-i}tGFsv(iFQ8fkkLa(LH@#$i9_4JR4g`KeKb5wsdMGHf_FP6w&
zFjew}PS|{7<+T*c3<x)%XvsO{W<W1{Ob$Ji+rS`D6VuXiNX4&qFVrmNl`rRb{AQ%=
z2HS#roo<Nl4-fIePqsj6@QB|237xRLl+gfI<$W3BU`r}1?SYFiws6X;U_VF|ZQzcM
zfE6brg=L&1))yVSSxuO>$8dzzJr2KpY=NUf^*UTbC)MK`xCS+QTOH-(j}Z=aJSz55
zWtAem`t>->b=go`tKX#J!k9Yhed%DGOrCABTtt>c21Tex*nEBys}(g}b>QY3WYoB_
z*|jFSn24xQv3inS<Yn^{n%a+Y$&utfRsYtEQ$U+DRz$_7+FpSg)2IEL)0D`IBelcv
z(`*$sdXCe<dJS@KrdH#+S47Y}m+>Om;!@Q4d_Y1{*L$;#jw=VJ(_Oh=r-4byBcxO&
zwKjUy+nwzn?G`fMwM;}iA}QblYUUmyU{>6H=k_8#A&VWIoB>~}SLj9fkXDtX3#B0J
z)h_xY!W-WJwUBbD%rQbH*4Q&JZ+xA)#_F53zN3}<V)GsP>*Ww?a2GsQs}r?jtV8qo
zowwj#yymAph)6zfvo}*L>#1b=k#-$jj@PNp?vb;Mz=7-=KJ&9m*;kahd&QmzO!vkL
zb;RWmdV;NYmx2WH<W4@WlOSTrCxt67Ukb<cGi-&NY&s@a;P?vFmncxb#N-gO3%#SG
zdA|H;U9gKYe2>}ZoJ%aV$<F~&$u|{WbD%fX9|Rp-D5hFW<;r;OR8>>`YaPy&lzix&
zT(%Q4GRtJ`2<g8M7qzkJ!R87?A|N27EzdFJYwf{QM3G+>W#)%=2XyiS(F=Qm-@2Mw
z-nJWUzW#*H@p&At&;^K1MH#p+cvu1s<qa8-Hzp#g4vl&DW8+JCV26~CC3)*=pewbT
zq`*h&=1@t~S^T}qf-$Aby1b2`0>LqybBgUNwQn8Ic5emq)7(S@j}dhkf`pGgguU(O
zE0j|FNu&vgcZ{YE^Scf_ftZS%GEZ1e#G~zxVdDZXp0eC?*SuwQ=M?C?>jB!4C{@;E
zMC2{7hXm{mhs|6U$|6jEPkkd*Wz^}R#K!FJCP^2Et8!%kQ{nnaI|UQT1#FW|o9iX7
zQ6;+H=NpIc&xj0KzJw&zeIUO9SKxgrDQein%DN9X!=!oJ$cnhoQF5fCsB6|+cHNkf
zM{|iO1No<XA4>M*HEg!tuUJwT?meeXOPt>(9N84!D<$m%l;kTutK&Y1SN{GYi^)nE
z5U5Mm_EX=%&N7Z9<SYOU4tuz)2AXpISXT?;QqU%zwY4S%%lM500Br1FX8`rKHX$bR
zdT%PdxDd!h>3L|G`L+eyO@;Dp7yi%fxOs~Lr-VbyC8+O{AsoT`cr&Jw2$2=^_yv58
z^r}^)`0kNP@DR;azGE}jJoCS3(_>BO`LJ)#J8F#wu^+@Kp{?f;Mj@^ib6Weoi?v}Z
zFiC!^LPtw0u#}ncE0ak<yklsomp^--%M-2ZtEaxZEBL1PCn6QrtheF4X%b4GF4r{+
z$sWwM=Yrol*l3@s`|P<+EQszl>t;dgOml*7hR=7@`~rzYf!-*DkFOAs45|TEwLVK{
zebhZrMWH-{0F8mv<}17M&N#JiOPGIwTY+<ZeN97)pMM-%ewtRklj;3(KEFzHJPJQQ
z2JgZg8idU~;dWrXk5mP;;bC?5UT1_^0CD%D-hJ&PhKk0Mvo(*5EKsV<=D$0bemfz=
zs}ZLAcj<6DKT&o?a}BVu?_hu@shfnj?CEb~*i|HM8>;&n`9Vy?c)<aWQO^&;R!8_>
ztn!+h=S!=C&K@Ij^G<)u+e<-QGvmqu>b{i!g|%>H4>(<avrqn^1{OU3D7E;BD*#Q>
zN9Sz<d%raca6?8urrZIHAdyYCm58V=jNwa)KG7t>!Q5~2Gbd?lJKPDzIUYQos8mih
ziVA|5V%x8Y0|hoH%u<~tWcMA}nd6@Tto1^=ANR)RMSH*jO;UgQ@RUe~=fS1a2)})i
zIUb<*>jHytoaHG>Grycmpc@bp8s(|RQ6=0`mssw;Mo%M%yyhh{etr5U73yWHb)Q$*
zWs8jRnBW<TIASMzMYfzglKs8DiXj`<5fqdZ@%-G70z^ZoK?)quM^X7G4R-0{<4VXI
z4WKct_{ggP0x9b^k;69#Ajl?BnF$ClKh5&5;j-RGS!RipRy`FlJckjI5dy~bT)t?!
zE_5*L9xF68mx?YDt)x@UPnM8UeY_l#A$WnBpa%rX`eXl<x6VK4nhs;kfU*+sm2F#+
zO)uaN@Y~O1d+S;&gyjq-68TG+3(RqKmaG-G1(8cfnnJGB46)9b&UmXc+LDp0QzRar
zWV(|{kdO%tBdnf8MZ^~PbTP}?3vc~YGeQC#-k=c(1b_pH$_hCOl&G1{oB@GAAQ)2P
zZISxxRw5{$1K4^c1jhna!*3L_8&i@cBK64xzMHRviIDbH@z*j5U<jz>iAaek*WnUJ
zW2u^5y(|W(qR4+=l7<!o85zXYq$8;V{>vJRgc-_cILoA(6o>})(4?y}N)%P5wQP@8
z5K|ykFVzg2s`fIo*Q^(=x?E=?Uk-`L8d_`!ZQ$?vZQ$3I<6C))9%ya7%B0i|XZ`|2
zMg2+_r-Yp1_lzEA{R?Ue6fFiQ&<yGo>=+Q|?4ik22lDwF%7FP9?R{Nb>>f|qrK8^#
zgD#O!65%C-gGHz**01N5<&yy0f_`1P)7*1>PqA?&9T6jnmu&iTVxA2x-Xh$PC@wy1
zUE6Jkuz<pUyIIupydV~VOj?-_Aja@T6p`Ef0*L~%mm|5SuE!@U3SG4BHLWgrH63t_
z0pFqqXhB4_^P;$p*hXkz52JW*K6WP;H5qo&e;)d@k{rf&^#>q_T)ZSTBGZab()<-^
z36NJb7>x@~j5J^hTUH>leqAwwx@CvkZ=~Y?$w68UUR{E6s&Aw(m=c~BUPe(>VT}JM
zLsp4z>_koK*;0)!-=vCSRmwOfl{CX>W$eR1lQsa(v9{Y0_nw1X8wCbJ`l~nO6h&vj
zT0o4jpON!{yZFRZD7d55_t=_|MW<C#Qvo`H%hRI{@V((-tJ(r2l!V=wB6DE_mu{72
zX~zJ7v2H3mSr0jDZvVy60{+N2Mo=RF9&SXA1xrm80V-u`s+-nROqBr=ky(qk=uYR;
zxg2wq<DRmd0{(x&tZvR>NKRdO*YW?iy0MJ;8AL<K-qW_{Lh>#=>eR{}@m#CX=djA;
z@-w0;P5*1o1NjTWs8YV^zo2~#Ok2q$*RXUB+b+pJ?^iu>Sw>$|kAP`lExcc%^4`-`
z#HStMb|J#{?O(un!$T}4M(Pn}0_fyGI2WuUNhf$YUZxfOL&ACqK{edVE?p#as40og
zlb^-_0D)M71l(wG%jj5AxaTR-i>5wfk1=dThv2zO2Sk##2(?~RwaFiMPYAdc3W8eS
z5!E(`9Ip@g`v!!P3zDfL)S7{4=oZ_p{Gxs<M!#o7ZlRNa<`mS^sYVzi89D+6O8#{=
z1n=c~XQ?_Ap(g2FHOz@9S>8iP=H^HYS$Ats!;XQL3WoKCCjYw{2*<8W9OD?82qV^O
zF$CvTv_h?tSW9*8VJ@m4G1-%v84wLZu%DjwH_Z4?m|(G)A>cdkSRMMJu1GX_AROs?
zWSBYsf07JWN7qVWzsTcjgHQ5??{~pcDxxz?_!j9eCIiWU$53KPZ!!h~L;>$iTDc+!
z#y@LYpfT$XEF}3C(QxUYTB`g}Q3X5(KTl*t>*xVIbf)RF`aeS`xJQYx5scH+XbTwV
zE?1^z4s6QPGtM#(WD2mR0FIpLCRCEAs#O8gFe$SG_wi2X<5OC``1fAWuyF#zw}?g{
zfIJ)i*Bn3NB!E`HSVDPeT&X%%veAxIg;<|A^e7b|3QF~_iP9HnnqS%O68K{M)82q<
z=Zf-wHX@qWoWi3bD&3M1_}o~Of5(Uci;lk>riv*ftw8#VIUIrrS@2K@yRX680uKAK
zZ2zNtO$s*-ReXJkAt>4kvcHF%i+~O3RYl_dpUBMmZI#sGAXCnOK_Czet_i7-N+V;G
zsK8ASVd2KWAQ*Tb&ok3}`s9BPtW^Z}SM4zc-ji|32O<ne`n?j8cU#?oKrG<;mj!>@
z<k*N}uq>8-tF^J=WPx3wI1_Oox|IKE#V?@Nh1(zM&33ykzTqGw{cnW9DXE#}#>VHJ
zv~NCGZ--Wl66edMq^1ic%ugRU^8cg=m;#n%%ZE2z7oKKckr^I}2p5JBX+g0EP^NFP
z>;_A^tvTY~L<1O~^(fxp{(YZ$mvxPOJ9{dtp@wC|Ti@gSY%D2YIrn5y2niwO4={qw
z!hur$1r1HWhJXv67C%`CWox*%U!6<_2Ed6N3+_l{Z{T(6xvP(_J)m#16SwjQyAOFK
zb}x|CBdfU~dO<C;zN0gk0Wvxv1*jG@uB%Q{^`X<GuSs+7!s+7uEr2w&&lng|N}eVp
zF3XLb?>#*Gb@GjUFUp!fZslJO*dcS1{$=RMGor02tA%Np<=i=(i#!Nz_sye@OdOK7
z`Uul*mw99T8TsI^x9&$YGnd2zwEd=gQpd5l0iX7G-*5J_JMO5j1-<w{(pbhEysvpn
zXzq5vkxEvea}d$2n)$rw)3HKmy8;)G2^v9BKzbTZp6YChpe?TS8p9EuYul~1pn6im
z+<esZB6lomk^wwXm1Fg6eFiAin`BG*+dm&PKT*W{v`8|2jUncIN+$w#J$P0PysFRv
z4}ZxQSiKrVZWF%WRD*-pR1uwQLwsu5qO}%6R1c!0iHZZPRb<8rNLWJ33$^*BO&062
zybk)uk7R5SiT1}+AzNk7&j7G8T2f(sfRo33P|x|%jZjU7SP5g;gBIMs-|G%MYo_IL
zX-r7?DA(}qrY%%glq3XK&@=UnuzG#dJ95!bEeERWQMziDaE9R*d@($)u4Z-n(Dea_
zHUdyf0qDO`Hh$_(3<4CX3Q6&XTfhJC<}~T{sx$U-yaaXHKlCuhHY@2x`7=!T?c(iX
z*H*)9E(o2=SfZw<i<?&F{o}6yu8LCU|70I@&sIlFGQvCE0O7gXQdy^YDF!P}wn3mZ
zCD~~LRoDHnhAA4J%dilx(GZbt^CuQIUUk~V<GGA>x_j8!@>iB$3k}F8k=ts4ec9~A
z#@)Jl{mkyWX)tHtShkapriuz@pmwxixBurw4Qz7axjSYD+HjB)L<+Ssc{$F1ZDl`H
zbWegbi!8Z60sl!#w~8^)m&1#Jk0)g14paWsc{ldBaNGPFe9P&+PVmq5v#4;Z{tuLp
zq~r5Qj10X$NH6Y0kdkJ$86ua<WV=sbM2GKopB(<&#Nm&Ch*D!dK!_@*=E*dUABel$
z=26fXmLsDiAd`Ix&uGM~@HfGy3t=9RP#hQ^jK=3(;$w}Bo<a=&rGzO_l1P&JtxjW{
ztkzeNhRz*wME(OZ%I<Fa>iM|q^<pDl@S_Vd=|P9isE)e?uK83b?tZEQrSl+$l$v*{
z1If3dxR)=Ae%8R$Ruir7ppE29aZoRqw1P4Y7xi2TAbI}Hjh0m<Nx$Bf_x3@z;P-!j
zc_m=ti8@*!tnJa%;O<1ew046X%-M4382nNLCYiwd1wZ4~E0aenXw*Q|{}82Q0Ev`B
zOVHz<@(QB++%+#-*S)62;L;oVHs_>vcmr=O%1J`OmXi)5QrXzqPQ);0q4G2~ByY6+
zb3CesE~{8ZA?er%@}w$mkK3;Waza~Zbe>{JrfHaX)JbO|ITB+6oiT^fh$DMgf-1-)
z!-P~_#PyK@4xU_52F`FP)T!=={3pV0b0^5Fwa!+WGRjDiAdsm8|Mf^b4YMWpnzhgP
zCox^q3M2&8z;3^cXneJ&AR3yjW!E8-+u{0LZRh~9DG3b0Mmvh-qCi8!*nlOfTNqTw
zVTYl|%NmXTtR1gb$Cox#Y#5PLlZOLq*pD<f7<<s%fS@D#O??#_Ci&-9Z?^(oO-;c$
zNo33b4^8soKRlO<H$b;FwX;npo`VA&SrsYby2k@I=%^&_QdxH>TE-FNq*I_gG0&Qt
z>0|<90xgo@5#yM>;$eyA1s>$!;Rx-oCvkkE+0TcNx?>Qssg`JJBIx>q%f*%xIn)k6
z*rI{8=8U)J7$8U&0%U+SV3QSW?;m}B@}0aw3L=YhS?7Q`;W_SpHHh@uFU@vvAioh>
zn%#_K?bTV=^9ue4^PQpN#v5Dh@(Y72@?dp!ApqR&d}v3%0TACyik!~pFeqN<M+XKL
za0ibQlz!%m*B7l91GpZQCh*^M<9_KWj8rfZ?0^2W4`$aTuNY+E>XVrC20cvc;q0(2
zu$M2%6_&=SYF-DWSqUAMRt_d!I;)#6TAim3SvZ|$OcJbcjYw*bLQ8x9c~~w~G=BPo
zF>QMH)*UNd1*}{J?Ux6nPjbwUA^w3zt?wuVe*45AnjIfQvUHPf{_>il8V3B>zcTdR
zTeH6XmTooFmFI4#`YRK0@OFDMtNDpcjxjNZiz{}6TRV8o?H8lM87b2eo!|^<{wzM5
zjyHV$0l(X;6gT*xR6A@?mi@MDXwa?K9Imh?ZoFMV!hG4yi}63D2IY?1-mTvWpG6x$
z!VmAV!7@p+?T+;p5^^DU`sc}*V3v8{>7Z!Oq^>?0fZPmSY#ge<JLS-D0-7>K^u0IW
z3uERqiar4mHaObggDZDr&yYT-(Gv`0{>FJ+t^o6pbA4}kC{21OteMd`YvHG52Ob+u
zjyQi&omecO@Fzqlxqe6@a=cq*xIu2$CeE_IG^ZU9USlV8&l$=sW;1X@thRAy*&4GG
zGal!SxKUsL(Q-thArBP&P*EtM=(cZLmxF~PoOm!y;aW@H&10Mh`7f2qH5a>BLe3JD
zR1wPmwivS7-Tf@4S=ETa3<w?xZgV*R|1)Fe-0ZN+V<;I(U_{hHkPa?kS20cw$=W;B
zw&l+@$TFG<%lF*Wl<#~z;r^*ft1-6{sQp}8Z$}Y=Gt%$K7nLA`7N%s0gCTEBktr1L
zRn!+yixXLhu}q*T7BN($Aw#S<n$Nl%SU<-|5=q&V%Ic*LWkB|%<-mExOOF^2@!SG@
z<N1ev`}P*r;$rk*C5%7l=E|47r}4z+bvV{-Z+Y;A2wxZW@*9@Hp1AHHQ@{}hl#MRi
zk}l~ULk^A6(E|T^%>jPAJM(T|+~!}p52ZG$HkW~UUF}8#eu$*ffX(vKe;gCHsEFDx
zg-t|^$WZ5dU)6oSoYwsZSslo-WJ8;Y_pUDOZ9YK5hI-1;ddwlS7zUMIyuD`|A;;Ma
z+_#rKBIt|=?g$El79}ArY<3G%JS~_uduES7a(uhr5J$3v+U^BKY7}*Vgq+ljJrI`K
z%VB(+4kj)xPXq}WPCa&wj<1WwqK}SBRvLh)b`NR$v(A<0W>fWi8G{59XAGVIPtrho
zgmUyGYBbv1zUYSXb>aNQ(9e>ZX^q2G1TRR%9T+MErQH<d7cRqzKU|Gy(1kZDrdC^Q
zN$Iv#$Y#v+QUk3N?nXG)X5B0vD;ghBf588X+L1xu^Rzf4<$3LRmtCw)0o{*4x7^Qz
z-X)bHljUy0Xsx9Y7t`oHXbe0r#7KpEvvzkW?!sXeO&&aO<c{r0imx&dhMhPs@y8Aj
zNR_6EaiH=spoldmiL;NYvYB6CzD&kBO$G_0V@m4lNn^W##pB145lTPmwzV3P%K(rG
z90&MkxR`_0`AtyAX?kg<)(dTDE-;>pT=#vYiWVa=_9^c54Ub6Mev)SP+%kItGh2Lt
zzOdzlV?j#Hf9P*-57}>T=je^4&GGI`FC?&}IsAm#)x=Uq(K6>1VjHXfNhmdC>m~e0
z(Pn8<?lnjf6X5sk==35|`Rf*#t9Bb_G$WMRTrI0x_vLO!B_*KpMOf`O<55zlJ=7{9
z#S~@Mn>F)ZQ=!tfj&S?Vdzh}VDGgXu`w+%#OX5c)=weLRViKH@B(wPq(}y@dXoCwd
z=+PN7VCVRPyt#rB5?ESZnvA#ZO(~9`B$7Ft$kQcfb^Wn4kf{&)FNj_{M{GrC5(E;C
zs%Xn3%3vc#!7ioo`mTjvj6LoYEh5|sC5V*h%x342MBTRrf1A{)M6`)V<KT^+_Hv2Q
ztOXDI;DRr&FqYv5FRreKTAqu}Vnju4QjI<ww9oe<jWQxYAncL)Sv?dz$ffJCO(NaT
z-zIKr<<mZ^<G))N_#Q5kCG4NAsL6oF#x*OsZ%f&2he0#7p8%sG-x5Rge@+>)x5JiQ
zQf|Rdb|=ZwK47y$umXDaD=%Oau@{xXwl_7g2MECX0`6d*OB*m`POfx>>rv+CP)r^`
zFJ;XbnfRpc2QWPdql5y0&D#A<(t`-4FeYLS3aYIcdH7<3go7ZMH<k4854EV6Ur9k?
z$L=gJQ?qwsV5zy|+m6L8K8AV;p7UFYdAWkYA9>*Eb>1|2ypB>G`qxwQE4yLKg<?ra
zO^51bi2hP1QlJr^%4`KqfAU4&^e*&xB%bfYI!b~heDNZQwsy=aSwvX@O*WE>Wexph
zpv1HrRl7V%J(5xe%a*Wn?nQC@{SgUBcuK!vF{5{0xB<~lepfrSx-4y}e~`Ut_h3c~
zI=Y@-n)7JzbvbI~AR1NC`wjGhIyU9dP|H-|T|7g@ZcHLJfpommwNHmZP6wBJPEe!s
zZiF_y7%vIEREo3_!l*y52{quFP7*VyP&3*TP>+K2FbZ^IU($^751VK#Zn+}{sNMtV
zw3n!!gwa3<&^-yu$+O#>JjfN~^lfwEh^Dt1IOkJF#5hTxVx7C3Hr}tGIuJUq;KNP-
zhTClhzUs0Qe&XASa-sD{=HON7Ek&_XcOcls5F$|)qD0u|D0)OyNQ{MO&+>XB$Kwno
z=yp1^9q6E_XGO`BhwH>%OInS;;Y|G2hWy*YZ0-~)w0Yh^^5iDO-ul3TC~l6ztI&_Q
zUY0ADG*caCpb!l3_Q2AMfvUqrh+n_-ZGoPalibhVuH5g1KLYNEzCRUxR(q-%fa==G
zqbKy+v$bLX+fY+T!PzV1|BjvIT}sAq7VOqaZ&gajoX-04$iB<L9gU4Kmh}ItSJ`6)
z{9-!@Mb+H&pa>#NObl>F3;T;Xz03>|HjZ&1k+v+TnHYcPjX0(QXx!8)zj5-A)gQ%;
zK8G2%yJx-ZIG`uehVn0*FF-yv)g?D^r4|RgOu$s1<{$xky}q~?w(X0Ir1l+-srQFf
zXfTYy(EtOukTVe`amW#o8y>Hpy`~2-Ro@Bw8Qx3*D(sPsW1b{pO$SN)`3vD7ND^l?
zbKon^hdk^K1IjWHneEwxEQ;pB#?s%WueI42-x`{9QPxDUzLme`fuYdlCJ6YK+0)?K
zAKxWUu<c!{W(df{+3B<(o#d=X&FJy^3+}A^%XRPsy78XJLPB}A+j!>f&!b@-Pf^Lx
zrpS?}@GchQ#!f7*l1gt;-6A15W5gjk<H#B};84y(QKUlUkVc0jq#S$5*z1${@NVe~
zs1N^BZ_w*s9g@hfvCuM2H&kGVgDFjvEp6=W9sTSqPJ~<!q^We%LC2@@d{R~E&2RRp
zC_l1y?K1jxY>pvm=CC9EgTMceXWYb(GqKN3#|{4bVI1)DgH=<<V?!{-dJS&D40E&u
zct?<tKa`mJW^gN0AEat^{5iGhss%x^?{pO6nN;&xIv@A^;EzM(d;ZV?ZU;^XQpH%m
z3e%kUZ_)t`amK?0KF2S1+L$Fw&GkEu&xtfX{9uZo=P+IE79QPgkMhJ>oln+-NWeH3
zxwO+Nxqgzo&w~T(^&p$7P3%}2z(#Ruc0^L50q5|Z1kEGb<S)h~NdgfdWnwhRLYMqW
zLcx~?VVogc7Ny=%i$LQax-gKfn)C2NQZym+0$kk)2B<Zh@urF6P{gSC^0m1@09E_C
z?O9Y|3h{xJwWv$zo$wF6H@(m2nVq;A8|=B^c8Qdqf`3fccyPvTO;}^2P{GE!uF=F3
zo)pK>8m%YfRhbB`=Gygc2Y=U&CM1shaV9!xm4*`r4>;0Ft~DO_)x`}?nhMG0dA-%d
zD3}YerQ3u-A?%s<E9w7uUl$?bwa~@N>$affeoO)Qwma>IHT3+LTPK`G5mzt7jWFxn
z7kmHq9LY9(LTSFJChotmNK-&~)S{+;1i3XV=CPy*ou0`Ns>-QPr^Gu)V-r#m{iVwz
zo;0t{G2tDX&6+{%7&{r~s+CPt63aLwNeDM^vcn#3@W45Y_L<2ye5WN$#t|bat;Vy-
z2c@P!?rT}cj9Z6N;mZ|ns)VnW?}f>v^Pm~0>D*I+`e!uCC**zBeo<%XMV|B1hsN{V
zBo{sJ(}U9AkZ>`lx*62J^>VP?6NRYP9`ZzVuOS8<VdUwK!@kvsPrOHm6j01WI7h_*
zsjP`q3{r~;4#B{D3K58Hkpl2|6|uH^1pjB`pZVjSuDYC#C}Pc5l+Eh7kGQF&L8yl_
ziJ)fLlo%_;2nNM7u_clq)trxa^_V`HtG!_OZCe|uDv-$Q0;y(rbulIp3f;jaEaM-|
zxuE8+>{IKw{BF`e%r79|jo&FO!xD7E4IL$t9P=$M%rbMV!rVShw47|A;#Inkj#!5i
zpw6wNv&ja832ldB;0TmxbBNkh<^(BdkADHV29b#oF)5E6Mtrz$pK`zPex94HZ$tFA
z!}k6_N;0K|{ka}C&)JSs*PD%$NE?y|PdoEH>emM<^s0AqXNCLIk#yk84rvCNV1ZG&
zF4Xq?u6?^PXhSh1p-=(qhM3Q1fDE}^27Uej{+!|PYbA10-d7>ij0}3iao0JojrS+D
zvAdk+@}DW=`+^zL%sf6@jb<e$?xNMB(k{hCIlvJ#tX?ZsQ}pwR4Y@$gf}9R_%R!T*
zBLTxpR3EPzIHk^_cWpM+?z=6f98SXgo+&N{u%?>g)KZ=ff$7sn6Bsk05-N_*YViLL
zsz6o0|8qhfCI`u5TTds>Ska5t7zY{-Jf$)R+tG34i&3OT2GHIWM?_x_Eid&0ISUMy
z)96?V@kAV>tc>gbv=dkS;#Pd~_eXHWp5?f6yxl&ws`IVmxeP{fMU0btB(;K7iXt?A
z7=1(6WBf=4ceZRpcExs#7m|oF+`i5>9N2L`ZrY#1UaVkqZ`5EH3D!^8nLKH(ySNS*
zAV7c<27R1Kef*ir@xH5uJ(Hu*XSJ6G+{iET;2Xr8vG|04MM5GaXHK2c(t}?FU28o$
z&r@KkAO%-$a_2;lxf4H}{ZfJQ!ZiN+F5sKjC-A?&jAGZGJT|np;rx}oc*w>C+PXUs
z?rcXk)`CP!8#-D-XyuHzR1RaPkip(`8tGyVkKVi<_YEGwfuV5>C39$x7E!Q|w3U%g
z9YT9+E84;&Ck1bdXQ`FNVu9uO^&1Z12RGb>Z(sd;T=k1v@Wp$gxF@^~q5ghccxn&A
zF}+TlrW8@scTIA9E|Dmbpe!4?8EvBnu=~CPxc$u6qYw_0oJ6s4Wd}+Fhw)2>`|IRd
zpuL;*z0?X_={ef5YP(BgXeCavRJN-E1PE}<c<6=}Jp0T}eDzObp2-pgXMYn8Q|eZ_
zOp|YoZ+@AuYakV;?HU~<cH*{gW}uwq)agzIS<7o2QL0Ug6Q#2@I+y+#Bx6BfV?)S3
z#FokeH}6Q`OIPRctt&Hl%l4JHxU&_HUq;!wl7n6kIy!m~ZEr_sS1(p{_n@Do<soa<
zU|m-Sx)LNIZ81a{-cYKDJp+fV_zENY(b1DYq{ITq4$`3cq3DE$%03#xkM1br3qQLT
zU%GAxmk)12u5%N)a|BO1jpe?rgG4Wf4BJ(?s53(P<_wTd>r7A{%LlJP>hNCtZslcY
zS-lx+`x02)5y!3_cj5cj+=1^6tN}Xv*^ZaeV9t!&Az2Cgr=3G-ZIYl^p?MOtqW}R;
zD7^lWUD!EX#E9NcT#AtX(UNcVN5nj-vIYs^h{L2s5YK+5@CUCj{ZbFktqt%s(g;)8
zEhb#LU705M5DDR>-_GDOzboU8eH=h`jpKQ}A-whcwRpi9oA97z9av66vb?<w=aRUT
z$_0$tKw4z=mC(gHEM(JYiI#Bha4)VKKMQ}#oeIP|7zgWisg}h;BUHwbNIS00Z^4e(
zHlRZXS=q3{WxVXXu<`U%p=2LqOOoG-sEp+@$d<Aw<+9j#;2PXl+=!tEyd0bQ==jJH
z+<N`Z_{dfJ@#C>o$hWU#97}B=XL=$DPncJ)pUo_l>U;qL1UTXFst0yr*T{sWhou84
z(*$Q#Q3(e|NldFCP9bSz<Gn~r(UW6UR?fQ{pmmj;%!6n=iklB+@$DVJyRJ#$l~+db
zxNn5;{Eyy-dv3TLPg~c8w_UIeuYce+&e#(e9M7OsD3DhcY$YX%5;CbQTEbcUEcXEX
zaM}OGwQJwVx~-gN3E+daUNlfg+2D+r)2tZ6uDwa5vITU++tAw<L3c|Soo!+Cx3!|L
zs~6`*cA#`*2X5(n9EQ_j+<eWA`21CO<5PEquqV6?g?K;1R6|~3<*k0@`j}622@oK_
zNshkO2u|sX*}=Od2N4tz5-MfHIju6GS%NdmmUiBgu;^J|pwzTWU!kln7t_4D;?e-J
za^i=Srh=R)De;FlA>0~6g{!S03*T?IgrNabKaUa$p-jSZAX&z>$yNA^->$>@f7*>T
zZ~6|t{_Fc}AZ;(@u&h0fR@O^_<mB+se%v=Wiue6^KMH3&7g)ZTbr@%sm*~pfQi9q@
zJcPIZJc*C}_-_30x?6F>od<E(j)T~@YZvamb2t8Y%U*Q<=@YnPWHm0|zaHQJ(<nZ2
zR~vqp--cwzR-nyWoj8sV5R?D`0vHlej+YvcmmH{6MKH8y9^r^C(QAktAfdNFL|9@S
z%mB$sE5%3)B|-_4)R-R*g!&C4M^^lz*{W7aGzjo^T8<z;`VAS8Ih`-@kFP4fx}reE
zM%>#%5*LxKQpIv8H%iPBhRVr_C7bDwvoQL5ky-OF{LL?7c+zKg;qhNMfH!=77ryzs
zL)dpPjgMY?2p_p)1#a)Th;_s~mUES|Tq<yNwNyt%mUjki`0lPQeEP-+KJfEF{Kr)X
z@qwR?;6JZT;i{W&$Etzf;`7<Z<0sKa;nvU=pnE0Iu0G(k{iO<j(v(i`CpQ9u5+J~F
zh?r)v3xK7eAe4$$iVn6?%0AJ7*AU4`*dru<5lPYc2K}gvNK7lkXyLt{?f1v%U83N%
zEo2IuqTk_(dDrT8kx%sP8I`~6HK4hw&{bhIl91SpSdGGwK`lgDlpqCqJc9YsE5jX}
zsrRkL!SZtaXio?J@eeI{`q#$rmEGHs>^rkk7fWr`q_*ysD%9rUVT{MSF_>711F?13
z6I+YH_<B6D?JndF9l|%do=;N3wlA)0dP42(c!1iE(#kYjvdioVZOh+jcFmx~&eh%z
zobz<f9P~5U0Ro)h(Dp)V1i0-gc6JViZOec&p1}66?{X{x*ncD85YAuQhAt|qJtGAi
z7%R?;XuIc=e;C1Fii3_mptKlJ`DaFfyRTu!byh*ji(=`a*qc2y;<h2=Mq|C+nGSQ{
z_kJPO2A~Kn>_DE(L<*Q$-}Z%ttGFfpkxQ#BC51u%IvXIjGOL2mbs=-PlW1@jS#fTi
z9m`o;Qms9}sgI?TiC_6WzQFw0ISS^7QdSx3>_emCSxi_P8wYm%zS0)roxp|%u}QE#
zmLgP!wZgVu&SvrZ>>0SB<>53tj@pj;kod&Vear{zLj6n=2=a{(mYuGi(HzuaR-6L7
z_)|c7^0yNL1UTWKfo*^t=NoUP;vzv=wgq_32P%W+V!)eWv~w1k;9xqRKR&Fn<w%+X
zw`RLiB8vf)|IlvWC+`Ik-pAvdQdZs@<zISk5-Md^7n*$eA^xDU4*3Qt5tA}4#4o~f
z@BD}biR3uq;h}C+4dQnhDKd<{&A`+CiEV6&zxsWmKxA`xKXA>**v3d&J68jb{69d>
z_iLKR1Ik)5(Nz<Q%I$Fh5k&EcyRT$dVqK`qso$52Gt5S#z7-%qfQ5k(g|dA$axj_4
zaBBYK$hc<oi%3rVP!goABrZ9Avs&@Phz$RD9H0U-JSrNb{G!7+b|}Z&5{m1}!7JKP
z*`ly5qE;$YZ9Qpahi0|sM=WT6VkI^4Rz;A#NKOq|3NZhu*KUqCh)he4$9!nzq?LV4
zXUIBqW`=zt7Ou&P`ic6-RO0$lfB*p&2O<o%eX#(t6v)X;VPr&#%DZZ-L9;ZQm61@G
zP#M}AJ|Y$r+1oSotE<j~$i0KyMJZI8NYK9t6{!jDTWF^@iQ*(H_FWGu+7Qj{%na=;
zKE<oB`8-J!m)uK4cmf1CNuaJOu*)IF{+D1MY44<T%#drjfC4N4RM^u=fB+{G>h*yd
zF+xJMrd1IABB~IU<`dzFRmh5FXGXwC1at;P_92R$N0HFK-g*$+TSFoZW!mXCXtb(i
zB*>e!=_6x0yC8RQ3GZXPwlWR6*Y{gQc67i|ag}JN<#-c?Dbc;cqniK$PDa=na<+eU
z1NBjLW3zD3WJxBCL`45MoKPJfkit{tP_z%N*BJGa_qhflJN+KFRVc+2CM7_C6BbTE
zc`FlBtu%;eggEG%J1Q;_5<xnwR<B8_x{o(TCTc_qQ*QJ{PpyoU7_O6|CyFcNNt6<C
zuRinI#^-jXS6f9|%GTRN35r%_6sCPCltEY*<{!HT2yhZW{Yvd!#6;)3>|mYPO2N8B
z^9VZ4+(V>7ge0emk#Y>9hl=dXHEnq0)@69|S<7+hIm>EfIUapVKh9g%hBdu0PSU7A
zt98n-0-_S&goFr(L}xVA&Uw-Ac8IXJtsDOq3A;swaPTT6=%gMRnL8*9H$hXFT8ftV
z-x$*UgovEz!o-xA)|gLp=-R&7qH`@25gCc>0%f}hP?@XkkT?cdcvyed4f{-<!tpS8
zi)S(52!vKYa%HSomcV&y+VSWutvIzmf%POEn|nf7(N3l2>9@%!V<cV1p0PX*jg|3-
zy*b>lKaHFBrE%-tG_9$`wO?*JvSA<rrh{hBOX)41lMO0=y~T6IdpT}!@ODri(pHXE
zD>U;`6ZcQI{Pzx%G+pzmZz34kY`T=vIU!w&zb2p(XBmBKfyca&x*_Qq2AEf9J8)EQ
z@qCmzv)g-%=VdJa<LoV-;}z=1(x*FqMY2zV=vFz|J?eGi0P_VYRf)E5a$&6N>%!Mw
zu?@d@?Kb@2&sXE^kL|^C&Thj6>ta~ZF%>xxLg;P{<IEKaT)4FbfBon#{O|Ku;y16}
zgzvs;JuW)4ucH67738*n0t7g&p$_3Xg*VgnH*0A#C$*?;{yK}oE;dPY{=`;k7`CFS
znp3Lq`jho3Pwd$&8)HJc<k;oK`S-%GkHZBBaFW7XAXWFM*Oddz2c&$8EOAbd9<aF+
zUwp|r?0(yNJooGtZ0!pnswLt%Kvz3(>8TyK^5tuA`(JOzC1>^^s(o$|6;r4I0vyk9
zZCD@5qZSi+5TDR>I;e};E)m1fwrGeXC#1J+d=e%x(E(SjKH8f&&YTjH(4YE~e(%Q)
z;(DU6MS7}4!!L@w4rFdyQ(pK{rYFp2`!Tlw3k$0ZPXa6&+%PDTa-6;~eSAR*N-G$-
z61J{t#lJjt4SxNa4S3PHzUAsBpl*}a8Iu{{wB<2e@v^n}((~8h(IhRlucz}aK_{F!
z`~yyaMS{vcP7%w{3QCh-%ak{1x(V7&4<r_5=@&n0?Ib#U%eX}*Y&lv&Qln>m8>RXt
zkQ4Sf{f3ag{W!5VifCtV73rDju_Q4piz~pwLG3~19t??#4kP;&32I|LAtfX}kSXFX
zFI<6Ny?Pz~?lC>~$%Lt}V>plhx^@JAarq#g@`ZzV%%>0G5ue<L$9-}q?+@cipE-o*
ze)%BY|EqCavonjL;+X=^JG&iMzj7l!aoKvT=;91bX$llz^UxU{`<Z_ZL>iESvRg!G
zsl>?)AWb(x+s%;eH-d$$_MlG9H0jLD1W}u5qm|l^UudR}yy*i~{&ZQ>3fkA=fb|t%
zNg+5SJ6{lKD3sAjLhzAGm*d6fd7tTSfIsce;$y!X#y4*p!-2tKWjjdgT=q$ALXZ06
z$cW9rI9O_RCQ-tR&g;izjN_pj66kN8poy#a!@dmu{OgDDr@iCsiwegA4KNk#kmerX
zr|+#S?{{wip73`-mSq@V{$b_sKP0O*%YogRZ<>R=cUEL7$gRensyo;A8P04V?~S0Y
zXA^)LG~3mRBu?F{fyW$&pISd&VTWW70M~q$eLN0yt_lvxE+p)bEcwKapR%87oKz>O
zjA8XhvH-^hk%w#vYnCPOg=ep6OioBH{`aO7Uhw4uc*w_h;=g}>2nU9;tR#|>1Qk^a
z!_jB8CHnNX_Ql<^eTJKE5_HS>zI5FoJoVE%ap5O-<3D~qgu~-UwPcFC^267S;Nc(J
zi9hWg3CPKez_QZ$ApL+_>oS&occp#<EF##T^<!xI>Z|yB)72q|5^WK2AesrBSBbg~
zyP%0QsOw7VS8lt;i9G14Hq(q)1OWn^j8JFN5AjGUohl$Ga}6n(TnVRb=)fQUVjG@*
z24{G6aOHhDJob}&@uDy7#8+=Pg0y~=t&OC^e({r)W3L7~&DQ|Vod!_t8->caW!E^~
z{G9`M@W*!HT~`j_`h6KZ;q&|OhHvddF2guPZUS;LGic1nb3n|KJciYI0xS;HZdDoD
zo}swMrr>wz*hQ0YUZpLy661)8#04dCqM4xH{?WFM2`zLkMcX(!lxx4=<G-hydZM!{
z0Ro)VP#@0(1Z7Ska#ASc;iq=vs#k2niZ0LGhYam6{oElu?!WKDFYX?#C^`4Br(=bE
zK#Bo!#&-XqB;NVMLwLxCcHx>k7>~VH*`T_sv$p_~!7|k^-DXBeJjZ}^ibiu#R{>@Y
zYp1&UL{-r=XH@%d_pUR9ID?3Y;!|JpCqmC=rf|(cMf3@K^OWFYjKX_u%i0Q#3#=B-
ze}F}SsxiRAL*;IZC+as^{pW;`hO_9Y0UDxMMo(7)|Nev(SY2mV=k9?5p7fc6`2HUU
zsH0d3nvIE6%=Lh$@I*%999TnSqH)Gm`x>(&C3(6jQCZrLqy@dRE;RV)XZDNiL8YV1
zj{z16EPt&=*jq6i+@0urikhs(`spB@XS<%WY~$=E70AEpU*tnX!-;$LAZL!RxW48@
z?a8))Xjhx3YQAV6VBw)UlLW=T@NjBX=Px}82+CYRukRKk`0k4~;9(mzOPYuu-JQbY
zKfMQ6-+82RHg7(NNi7t<#ZeQFDN0^*VVt_E8((?JCOqS;{>rLapcp4ZWm3@Bd3l}h
zItx$-EOV`5*^dBn@OBd62+zy31VvR=B`CAR1ahMQ6>+V2kTXX@^f190JHHP0+7=M?
zgou|ugYVCm%mOSNT(zoxRP@29xOh<4Qhj*+HK>ZYfPJYogbzPw6&|%kGpULA=pT}J
z@+Wp+=iwwLS*(G@9ON{}D!n8luYS~W{Q7n4@%%Fr_?IViV|5>UXz&%w`p~kYz5pB)
z&jN!5ZbVzZPgAGgG}Dz-XL6?j=vZKNPhw%;%b2Pm(9V9B$0JboNq(kZKQd_P<sUbB
z(6h))oT3lN*+=9k0Tvdj2b+lSDjlfj0E+|b6BP*v%CSO?nhpBW^Sbeh2X%XfM{(`W
z9RB{t`zjCi+c=BZ@|D(nh!eB~KJ=WG_~_I7&@X*UoUuHC*FLo0R#nVh03TRq_SI3A
zjh6Zsu?kOG*dbK!ekM>;mcL^mC-QIo+`CQ%S({dsClMJ<SQI%eWGB(12_K>)zIuJV
ztnDEup8Eg`2W@eOSyxeSn=R0RO9BBwIaZX)=<9C7J09JSR;`ZsaA3HISA1t528MHN
z_!I3G6zXjHm1E8hE<U3RH~r;Cyq;tvTtk-r--Z3yww5!!JlzHz)CZM?&YnzDCYpKW
zSauTktJ1dh7nJ3qK*g>me#|Qp^sjKH3r6<RsMQ@B8R)^cWh1^~TGu(&%8(-^PJHfb
zp|+&{>EQbILcztSRoD{=%9ouln^1w1QLm5JqPC6#Ob->KD>B`C5)hPQ1sm#R59q{$
z*Lh13K0NYM2XOn&bcLKO*2;-G5c^$wTNEFB)&~6S<!f=)8Y#s3`0|U^A=XMQdZH<y
zV}{BjL(y-*)B%;!re$$F=K<Zg>_I(v(57~p0cWgk$L3|6Nl!;oWUtr21JsAwv5D?|
z;!w}b;0$%}Yla_Y^M_S-WTJt}lv_t)s{ZQqdD%%3JF!3hh^7GB$QHJx3s38;v=x>|
zOFW84ZR==EQZ!KJ=BQmUzBqN+!?v`eEx~d)k#vM@w^4^r^|C;{KCU|UyQiB|SG3?+
z=k+uuDXP2a^ufspHB)g!6`SrU0YNzysDtY4$&;6P21oI)R}bOdUBi`+t<4oVY1DBV
zLGDSQ&fL&}pS)}n{_0`V|NhT|)<p2~2eNYo2WD%aI-H^&sf=Ft(0;t}kt=c5$^<Td
z@h0?igz?r#uffaC@2kwXRGzL(byfS3P+6_&N#MOtTL<WSIL@83chAmD*OLi0c#z~t
zTiI{dP(r%;%EjJ_q1YQ&o|vXnooTB@kXe&(VOm&xjzlZZwUCkDSPLN5Ok`MjRdRwG
zDPZ-j0v#Et5b5;?Fa_AgUiQFVT=j|#=<6d{BJo(;(}r)nXgz~rSW2tE&CvbhPwU1D
zAH1SMQY<e%d%yVGm3yu=V>?~e9>wRMw-#IbHHoQM9sgk7^a^;K1cijpK8jhdPU`gW
z%{sTIvuVEa>S>K&OCKkJDj$`bD^FcXPTqCtDxA8KaV_M^*OCXz#`+68h~7L^KcY+|
zC~^~^Iap&0;f+sRH)+`V<K8^p_nXm*UOX0ZqBz8~#l$7*2zI5Y!A}PciZ6S_D*TcP
z?Gbg}ED}cREC{^n!QJTWV(SR{&x}xFoqXx0B;NkNyYZRphwzq1uEC*X9%CXWY6hxH
zm8t4bSDC3AIe4t>h~u>vkQi!9NOh~acCUu(m#F1l{$->#rM7W0L2vBXIUp)_o9R+Y
zA}!v%t}?eD?sK9yX6UBOwyff^GV?_Dwc@wakN?>>O9VdK+cmuPs>C4Yen_cSAxkP-
z3%3DmOIRYsESVk!wvAuyOyk>swiZYgk!PD2apXj8#s%r=iidA#!xOi6SK5xu_}}c+
z#?+={rrE06nz`{BrfYj<FLMgbON?iTBs$-W{yCnYkLk6xb3)lkz0GTbdaLc@Z+Zml
z!Szddp<H+0IR5>LLu?N;^q0BrStqZ4NbgaCH&y#M=^*CLKBJ#|FcM$sauukY^c0j=
zb6}&~u(}m*dDz6Su@z|k{%ek4aB!T;(d*<hg&M5}H7bsk-7!3Pb2}cgr2~)J-p~6E
zY$5wj=wO|e3QbWos5GYK30o8B(@JCw((Ej6yJ8fZ-nY}@@#BGO6I5ziMNtn5FcWA1
zQN6Dt!Mkp6ihQGt|9fE{Zhq@FWZ!cpHmztwFYU_jI|DbqVY6LNTi=PldPFZeIi6nq
zrmeVeTNkc<!#3Rd#w{ql=M230qGeQYAzbmAQ?UDO+wt`mQYmUsIvJq8K#~z&z7^qR
z>k;l<g>dI;pl>xo9lab(SZFOG51g^;V`z4MK#EL+#tHkOy-7o{C464>Dz9JUt}KyX
zqL87Gz3V$AF?FB@eN3c8(b}%5>x&9Q7V@Wfc@fvq`ID;9omP9QBU^Lz*+x?Hq3e<u
zOy%&_r>{qn1D;5O`tZA+ydER(JRP^P4c*0dvUzO>Ui;8qTy|~(|M|Ri*s`h}KYP_C
zw!1C(=AUmfKSTd~I&Ne;Q(GJVm(!VCPP!hk9Dn%BO*r(9Q}Cb9-e?5+voF|){qHyx
zKYiIoEN_chyFQ_y?5Nu8*QZq{jp6U(Ke=}dm%nNwuK7QktS=|n7GHniGF<nTZCKS4
z#lC+y4L7lD554_Vyyq$F@Rp~n!m9QNzVd=KIBhLSbf98AsLb`Io3>F|E~*bor8m0D
zv0vp3FfF7I*sw0y)`@l9l_GRFFj~S7?iM-W!%SCCOwlmlWXSfFKlL1)8QF;6zIGF?
z`-_eE<*QfWy4P;R)l@Ryd&x#T?}1d%C2B@nNv2<kAMr5$_Q!{@dw8Px{?P&+|LJ{r
z-<A6@bSQ-n{Cdc<If{$7tMf=<*Mu3MA(Htr-u#G8T=_TKu(>~i@83LN%e_Coa~$XV
z{T=wpT{&F1u?63I=|(*3%Lj1YJMO?~AGi-cdD%Mr<#!Ka-!SmlcifIMSF|8fj^oU?
z-iq+w-HvxYZY3VNsSA(U5X0j?yC2W}z`g9l6WiU1j1UP#OLqqn-MvV3QTlrkqqLBu
zMElnux}4W#D-r5l3G}W2I+p`ooH(?1Q|IxTpwerhh|Fju#J)Sie&ZMWV44%(v&f5H
zF?apTFH)Q~L#AjJZAzAYje+PYGY{2U-AF`WBpRV~mHXzfvOS8Ie{(Nh@_=q^=}RC*
zlCo-jJKplhPISNZ4xIV6+pu%6fTx|_&HjG~|MlB6{_1nP@X@EOB$+AU*Y~IKtkV<N
zx+;z&CqnQ0<si=d>s#@iJ2Lpk$FIZ(zqk{BI*`Th_hj(Avs<v16QT!fXvOM(z7vo9
z#7<6*Dmgu&V7i)ps#>@8QQOCVaO+{b;d@7L+o3FW4Ce9PC#=T7u>y{yipa7}BuHc)
z{fYZ=&WG>CQ_g6|`>!~R+YaY&@uzm-j@|mP%M-37j~yx!PmXH2DmiIfIRQMdh+>H_
zF51dLyar#oIf>yxHoR$A_#~)P<f%jB?Rd{~*Wj1`XCq$zkPe(hCE_276zck}2rk*4
zz*k?i7FUzGpTChawE~q~ZRcX+-!+iIKmGD30r~bFX*}rT`*6)291ZnL$!%r)*Y!s*
zuDx*|o_7Y7y9U9aIW&y~$FlFSd|&a+{dfuo1g&yJsQ7N!%b7SUZvPmcS(`m9*I(|W
zSw|Fi-Z9F_dk7sQllC)7u`s$@BDi5c?b~QDm^Eeh+q;I*`H#2b!<VkWRsZi4Ti%~a
zk)B8>GoR@kC0jz8C73RUIg1S=9Sw8B)ruHNNR(tG(L?F&LulDD5|&j!pM<1kSwGOT
zjKXVo56KIOeLG1+3q@NwA|xR#BZ@4jOj+)>@}l-HGY8qpj|hlJg?giiJjJ$}+;$Sp
z<y0bP_7;&7!4VRP?p5)U=Aa`Ig9o$t!ENJs3MVr9`HZ!l5e(}5Qkw0Cq<F_*kwl_!
zv|V+^(49!&zpfp|KV5Yg8{T&}?%kC}ngj0ckpkOV7{9nLhrwhSSN!v7`1l{v_~MPD
zwtdvbFs{674B*5@IoLCjM|h_C?RbC@Qq`sEw?6!R{PCZ@AIrKsan&o=;x(7=$Mt)1
z$Z3M<L4E&Tk`{5Fc9vnjSVX8bghVuiR{PC0&tZUu@Q;0j@05FOp9*jkr7|042WPdD
z8}i$Jw6~%`X0m#sfrbkBsps}%=ihF?+a5Lfdn%3am@P5f@cNB-`^8km>R481UZp7w
zOv?ZKc0b<3S<<t=wja;@^nKWOh{`5GJF^dA$ALUPdp*s3=q2Yle|?9y{S!2TX3#;>
zdN@_a&b=9=IGAb=x{ZXRQ(BEZO@l>GYZ(82%>aJ;>a}?E8J)Q0U1#H8e|Z>(NJKPF
zKH{N$xcOijFFdCOk3GK|AO7=A*v-L4_4wpdI`Myhybs&@+Oc_kr?tbA0wf9L4BKaR
zoC9!%*EGsmmPxjZd|Kp%T+oxOj(xD`3)-sD>{NZRmF>8z9f__^wDhk;>+<Dj>0OWT
z@|6g$kgP&@C1o|Ge-#Oihz!e@?$PP3z{Dxq>e1G!^&4JeBqUM+jKVaj3G2i!T3Hd<
zsXEdUwulKqEBn13rB(M$pd}WfRPy$oUmd}#FKDxN^@qFD7$CX$+h=dYB@gVz6HjZy
zzy4wr!?`@3a#|EyR>tx9KOVw6E?R@LS0!-HDh|YKpFOQny!-*Zc+>-W@bRbi;5)aE
zU~7K@g?t*9Z0*GQ?l|r}lEbr4@5Y-hU5Qsds0R;T+j3%ZV-ZVZ4U+m9^!M?6u4JTR
zbw>>6uW8|U&_Xg;As`|o;vn6ej6_N1B&w$vuLEOYyyhXjXlZ8~I$8Q~Q(&Jid*UI2
zw&m~i?kja-GX`})UaZ4WJR|6H)9viM=RBPnK&Q`7QgFud;PowdJsX+MRyq9ao-DpV
zB2eLZDzGM?o}Lfkv~`{M=_}TtmkfJ0c+A!o97+Sfzdu!}Ge?kgWwl*(UkbNtCNDc<
z@4k3gzdh{<JmZWu_`i)Z!dd#yZr3s-)9819GC{NG^e}MOl`IDiEUlb@pL#Ldz~n=X
zqf}UT9?s%GlA~lqWeg0HsN8%Yh5cg%4ChO@V<3Yc{dSOJUL0qwj^Vo98GP_Z2ds?m
z9?s)o8(Q)8KaJu?caPzzr*>eRVZQuZdq^0gc-EO+Hn_ZxgyyE59IWkagA*KTcey06
z?@yJst3s6?(l;y06m7w9kU)uzSR(x;rLXfO(sR;Xy3(o6-s$Xw&TPmyOyUsIDolje
zM1m4WD4syLwF{9p_J!7Vlwu?)tt1s3$Pr`5Zl&ngh}H46*CE29{-I|b<TZsr(bY+n
z#n7#P;8T~9v7G2$R!YAJ(V8=ucAXTQ2(_`>53!An=aEV0al@gEt<c@NH;J#^ks_&x
zV@qEg@40#yyAO=v5J_B$ewK3({p9aQ*<^}1m*hlm<NT7k;*}Tl;`YNCtm}^A-B%Cc
z_jioqM$Y=5enuB=qxrXP9mP#|CGqopNjzj-E3!<|$A34BTMlGw<>rLY3(7;D<JrKD
zN`0xGmu+VGtKm$<gg(x;lO4_4ik?0*@%39q@eAtNy9RQ&hotV-gIVkMHy_AaS?wOl
z<4-jE6YFnXcL+D`&tO~=nUhtwI#~I0oEf;i!riqEYh_<zw^(+1rN`J`ufgfwBl!l_
zg>@h)<rSv@FaA_TX`igf6!G#$t;VOGNwVg{OTV@spTF)%WgV~?h@4PiMxqJ){8bz9
zs5&b$GXcjxT=0?I_~VWd>O^)lf5Z2$s`w#uwuQ4eE4rF#=x>t}t>BOQvUtG1-^cuT
z?c!vFI?Lcr;Cp{pQCxkSfTz8iZD8VxlffM-76EkdoB8jx0-!2UvAXs`<!ALFdkwO7
zu7OZp3aVfk*~)+~juRPLeHcFo{NWoc2a*MCmw3fu<k3Do?+ggts;%k`3ctC5?rnR<
zgS@Ng<xKZl@sKyV;hdK@z7Xs{E1@cs9}UiS_)B#{(QCtY<s?8qbS7)LmFQ2A=2a+?
zqnD$gC!HzlSPq=~<VskzsBL4eO{k4%dqHn}39gN(4atuy6X#xWb8y`I-ZSySFYm=K
zZl=!AmahEBjjjC19sek7g<*umGgDY6$~KSMQHtZ)9h!u&-rIVC(=K9uCr?5qmA_E!
z%PbGI4PDiLRR=0FYm0=tSJ_Hbt|#JF*-T;OKg9C?KFf#wS>+e5l=IP2RyoO{5m=r9
zJg{*+W}_{WR56??;QGB}a%z+_K`D&CeQf_RlM_L@<+ra{&l~NB*HoD5wqE^OV*u_O
z<V^qI#2Le?&M4MvDOjB;!1R#P@+&UEZ|1)jDQThj$*dHXp55Rgdx?~o#Q8Z{$jJnF
z18a%pAOawTr4^H6l8QgYXIk3ouiUX6=Q-8aV67&t!NP<ODbCcgbf4plS#Lt=O*nlc
zBuD!k!xSe-=TN2_3GxhIzhZ4)1g4ncEFr==NU)#9V{McU#M|2u@90FlcR3QvmI1x}
z2rutOcv&|>{apz4tpK`L0-fEJt)sRM)+Z%OiBQ6xNLed;jo@!Xg4%*3uv)cqZN{|`
zwI#J1HyHZc9o<}YZ_-xj&`NvfM_1>@g{?UKW+&pn+Dw*e%U`ILsb}Z<ugb`kmH*zA
z?}=E3#{#wAL<pg_2*U9=!fjnXf-)Ugp4H{ZlO0rc=dD#?9L28DA_lbUHIp_+y|BDH
zg4bWr{F#&K5a$H!wGZ#2qNT!Z7EE(0SHO;ui8Ho7Dy_3tk~m2x2MDleU<1`5)(~g3
zw(Y@ZT|`#2ByR%-J70+Hw<_w4bRW_3uk7ho#72VxCj}MaLU$#)DN;0B&eN^zv>KB4
zB+KU%%`<c>8JFZxB#FtUa>(WK6vjk?lOvJWA<1lkfk(>FZ(fDt9h3w@tt9##QN&1M
zV(lG>b+#ea-Hlj}u5BbPlrBzs+Id~5!|AON{Ml!B;Scwdgw+nZCmUGR6UMlODE|Nz
za55c<MbNdTA8q}8<nYT#@=5f&nk6WzJh^moQbRMbIJWh;k2qCu-;pAQ#yLBiY89#$
zg%X~6MjuvpO<kzJ+n2?kfBg`i_QeDE$=!@&8a(%O?+qNy8k<F?fCDwJBkQo&vUY}3
zyBZT9z(PXJk0bzj4*W(U*azHFyNHI!ihY^Yld8g^Wx;bVvE>n(h15@ZufwTwuRd!l
zBn-&De?rlj1d*1q0%rnT*djSHVt+w_LV{v$Gx9@sI;4@UxG7}wlr;HI86|~p!IUW>
z6e3Yd7=>5|3i>cuTRS4{U1;g*L0nr5wi>hmAW1pt$%zB2tttT)6xPMre=2i;QKXZ@
zNT-wR#j=q!i(s&#vJ0VYB0s@Enu<q+U?z>574ow4I=qMa_{{H9xZu6_;B&t@i0|Dn
zfG2+V9z6YXdoaxS8ev0!6r1}v8*7%JNI~=ej?u~F=M?wJ<^UDwP^P`j!I|!y2<vG{
z3TOPY5&MEGJI7p!-jvZV%nI)HUG3$UsmXM(4k_M~9O%Go)n0BXYS+4Iu$SJlSBXVZ
zWGJFC&MO^jB}N^<mfY3YX)pKM5)vWG(@#MpM_Wk>oNkQNP%JLbkG74poFd|qqM5c%
zL|PbxZ8_zNDATMg-ebb&VwzDY{UkEQ95M_$r!UOf_gSKoMc;6lAZ(9KNj<+3#nY_N
z{d7_{?s_7(4WwSUlcZkyjzt)zwF^RZs{`?~if5*2^t+z}saKvR)0DZ|!33e1dj(zx
z&h<?!NzuE?u9|*bwbCv-g~fXlUwCrk!mUj+%eutLLMD}Bmn)#8FGTB=eRVUeIK6E3
zqCTenDd^deYF+J_e{>dM*>>Qvj|1ruvp)I2G8l@W{Lxdr=L+6`Z4!U|-QB!Xsk(xk
z1|xYSKX?w>Sa0=k$3Ov(`S?y8($<Tc<%o1-OZca!t;henu>RK2P`ZSRKDh@s?i!<l
zZ*q2&E#gHFS&lD0f2C(o!Mm;;z&pQxpfb}s8KDm34#~zzOj=mxTOQ87peg-afZ<QY
zYGvj6=CoBQN9y!!Bf8~f_E3E@LKkndVVU~|4cd<hc~RhX%0X_V=yD_n2kxj08V>Rz
z=P|!u?_NYjew%5sA{UB7ex*Paj>Rj>8Yp;kN6V<Er0vyI!sSPGrScbauvUjI<-}HE
zbR(f(i-Y$Tr*ki10Qx+C=NcM|P<fCO*~_2qm1PYa_7z;-%aH#y4#~<)`0N&%Duhd`
zN#>Z)RisYl6%&L1-Z`}!y0bSYc(1pXlr$BAj2$d3GIa1+>Q=$Ha*}~aWi>rM$gMwI
z7kxEtdQf>1B8hc^m;e`+uGRQ`ux&r~=iz<4(t+x>XDjbX995V8GMN@ijBBUV+jY;G
zFifSz4qmgas|l=ut7~0V-nuHd2F|PYewcq(FM1GL_Mk_rF5YPMP+8}_hL|#mM1ua>
zTB7J;_s|%%jPn*9vq`bc?>Lmkkx`L+TC(gyxlug)>~#n;oZEH}U`#8Qp;i{15*4>E
ztXJYvS$l2X&Rg+WeNg%|$@2HNA34D)5)@T{3c#N^S{l^a&71~B2Dt1L5|sZA2uck>
z`41A5H_w=$aK`lEbFI?r;mbEB@xrfoVfq_-zKB!ScH+)AZuAT$Vw42tNuNJ}-`veQ
zYW5Xj5|kHTupD1_UO-SLz)w(Gx>yzLD04<m)X7>X4H|%|P2!Z(lvSXx<VfME&Uvvx
zj52F5EE|k@+f+D;mub*%;7sK~X`7H2xpn2>`KzX%Hz5*3y~68<oXL%i1-`h<yp4W+
zX464~w0Tszy}GFCy&72f{3CmFAorT_dGX1}yRG>59`yEx-TK@K_A0V>Z((S_(!DC3
zkUM|YbuTmX&p+;22@)A%SoWx(cq0x|jn}17S9`0-Jy$L^4#-#m$jp+U2N^0Lkpf;d
zTh=%yE2|@lpte#?k09db<<I4@3VEV9zkcYPk$c5jX_5$XYXcf@?BKp4(#jUE&dpSC
zUTUE<YY-2!ohjOKlHtiQMRl#)rlAPDNJKWRop^BZ>$jr>3wu(*9EG{9xk{8?KV14O
zAC=pqhJ?LEBq4OjTV>@BgH~}8u{iroEYXT~Ho<TrgpODUJsfv>n1@vicRP!xGf~C>
z3CfS|PvNHBDP-~;2xrrXjO@Z|pYuR;vaNjg#+}$x>_morw^(XHR@<Rk4OM=tTd;(Z
zXxpZ|(W>DDa!b&tk{w@Os_?>?Y*){5fZ3uh!S>Li6V3J7FB{nEPJhdv4AXDw$Ww$L
zV3x2ggSimaPgz?O65ZEvBZVSG=f3gLP~^WR40~<)Sj3xQ>%KZtOd)b>uK`aZQvUYV
z3`P3H%&Ej`-DrEn(!l}4^bTjVCbf-P&z|T~=AfkkR3dLm-c-<_XF`YaFUX&hNuVPU
zCmY1n(O7>WiPA<W42k*o9$Z*1E}5Hm#;MnOB^I8S$1oEg77?Zb(6V}w{awrFy6UUZ
zc|FUV_IU~Y>$T)u9_3t!#aR)1GfCG1-H5Gl5J-@8#}i$M$GZ`4p|pCUukrSGBh=Ro
zbW{2{BI!r%x=GBtcyB))&_TsSvrdN9PSIy-wc;SLttrOCOXZs|tkVed5Y<Y8vch{Q
zJmp_keM3gylJSdH$>Jo6nhdlst~TDc@?Ia?Yh}DGv~S^Hm*608*B*vLaqi8Y;p!Um
z!gEr6roDc(IN`r4O*$-0QTp^oiSlGy5T58O!T#`^XvI)hy`i8tdNkvd=()PJK{2-q
zgKn&RboIiPxr<BR*>TqiX{6YP0(~NPX2-BBy)ImqjlPVVplFLU!un&mg!vrq=tNZK
zomj73eO>5X-ifaM4kUWJ5Ne4aLjt0+;3MND>^+>uo<k!zGBAXZbO|}OKYc%_x3dkA
z)&!$q+zh|Oye4QK54E7DdlgnL>&MFeek|{4!}4WaY)%OsvqHGDh)`UFrNAruj^+e9
zFBxW=S0A$TWt3v&8p3jK1%-7|7wR)=T)Gk4Tdpmhj|3|ywOc&DN#d`+H^UW_(LDCQ
z=Nzo+^qy-lk}2acpV*0;bjsen?k6Qy3gc@p+l1$yq1v5{K{lkv{?8uVvS*A9!SgpA
zvPHb`A<OZlV2fuWq%{0nJZ*iznNMNo@dl$gf!a%h@>TVze+pApr8=q?j&5CWx}P=Z
z*_5mII4$Vj7&ptTSyc0+gfcFFf_1BbBFlEX>pG@`%2tVy0@h%mekLyyAWsU^TS;=k
z`O8lCb@QZxreat6{r+mJ#@Pw7v#?#f@?QhLdzX%SX>jgj?(DPzYK|%XaLkR&nE;nQ
z^Fv2^cK*em{OMO1(g~_p^X>~*?wnueUy!|PgQ{9>t7uDr7Ezj;cm63ANRFhRY<8sj
zk%j)~S?*OfE;4~}yR?W53vw<ZWh-W$TbWg&t3X#hyP%CM(m)4$%+kA>9mPTJ&A?@p
zP#I`u?{v059>H@~F{g!li_Af{a&KiR1HWgbix;IskiFafGk0odYSV;^N8!2P{Xtm*
zEU}e~;QZ)n>1TMVAKgoDIsdZPJ@Xm0x7sSt;>Pl2a{`fbP6o8a6A2Y)7P4-(GNKif
z5H`1@aN6>2tZ0uzBmXrAa`^4eaU`?t<e(XZ#&+R#Pd^_Wr96Im_dz7v`%o;#koVe`
zQeRL(6w6lC9NIXPm5@!R?Ja+i=%Onuy*;P&QbOn_K~XBFf*k9Q_UBfUpu8X;D76IT
zGk;9t<zFX3(M)%$Wf4D;1$^^W+wiQj>Jts&=6zY5`+@sdZ>%^4%dp@1ly&%r2Io(N
zy9SCRD7&zKn2b~nq#2|Oc>Uwo;X_aA^$aTbho24LAAb-Kl<J4t`nLejd_Q~GsOMm=
zV4dvvhqT>XLRxZkKk%FX;eA^reEV`M35X_4QpgjUxZ+nwk?3BQ92jfUHHp{=&b|60
z@Aar=->3_@AQhEurOKg4j2gl3M`^DIzjwKF1{2)VtgK8><VI1~rqj|@xiwfY{G*i)
zl}Cu>65?o~*|zNDzg{=@hhym><edXyORQY^<cExCrr%A{RWCE?OmbGMSsH-kL8~}|
zo)w><JlWvt3<&8@i%;%7Qsc9>d&d*11V9hknxP-*V8OYOdvoI;Ly9i8;-@&=-WDN$
z!i2h~omQ!|x+Q|<PmhJ88^56kktc;W!CrxSWZU4G>pYbXe_NhuCuc5x6{^0kqBdr~
z8ALOAR~lU~&aqgdedN!xuri{5^D8r#K|ygVT$y`RfaR~Q#pxLOA_a6M3OI%7KYdw;
zeSvtGu70^Mh3oH6A(`t$B%d~d@~Wpl0G-7QuDt6o2I6hxJ0vLVr<r07@n{Rl5z}PR
zBsjmQ#1&?~L?=~c`k9JsCWDgF>LoE;Nl}wfUi^7GSwR+jI5n{#mbZlvYnBW+P*HsD
z4^t0x=d4NK$UmQsk3D|_{_)b)xa;j_PDxILTMp*2e~5~qS)!!I&&IpHb8`CcI>J^n
z!)%?<(3XRiAl>Vzb0+M(CxYmF&YTO|ApckNINP+er`~*#QdKuJa|g9~8AvPZs*y>{
z_I#F=>k<?EILK1|ytjK4zJD;4l^_1FY#T)m7}q3+KFE(mev~ICE+6vh+&Fh`JIJ<a
zIBeua&P0UtObhu@I;&;mLHGXf9keA>@@DROV?urvmsUSi-r7=Axb~_MCplVf*FohR
z@AYYR31`jaToUO_3Mo#s^sC4z=0D9ybJUNCwld;vCB$3X(b`67??7vJ8``ur(A$P^
zR|~?_H=!1a2$RRPOti{i`C`J#tP9)XlRl%wC~?+(JM9@h+Ucg9W*tnMCQ<q+f)3_Q
zzcr?x4bjT87?ge%!flbb-%8V#h{{uEAM6XJ#v&?Yf<~tI7)_<@8HduKa?*;6$b`~q
zt1ogOkp~UyBGSAn4>A`Case4BWcu`)yS6nnXxnxWBed<B4hpaOkel)&b3JRTtA%OQ
zHkB(MtyC#pdd=O0WuOlW>i4Q_yHE{-qHSWOSHxvPKVVo<rqh0Bis_1yI3(iM+{^*%
zC6Z`GtKQDD2|*=?Djxl|P+VnbD|{rSOlG^~GsdC~lMl5ZTMTR7Yu#dy?c`v(hyzJ|
zFD!`>j-SI!=P)e`wv<!0H)H#|+OVp(9c!1jV|ibD6GM;URDzj+N~TVBun@vI>^#Ck
z^<hg-9DVI<MAj&qL^O;m?j6K6JJt9bqmOOlH4p8=J1*?U_K6D|b@8EVN2pX(=}lG`
zlN@1Z*xc<YEf3?_GWLxyoMwqmfB^Fe*9@(T`P!rgSV^_($*xv3Li<K(xp$C17lyr6
zBDKhY!{&B0R9AQQ=7!?nf;aG{y8YppK`lG*;QTpJ8sw}|_~wR=?DOj)gS^`7)_fFX
zFZk2x!gArcWN1LO^DNA#i`%(Xm^!y&goGY+@4~RWaqu&tJ3W(_70P+!vssRjlvEa3
z%Gd}cnPo8gkexngR}q>p${fPcBBC7lS`v~3$KM#aMI5ayltc_Id~RurAwg1+;Gn5-
zI>Z4vl&AlE7NH_1cEvG-IUvVb#_<q^18^dmrn)NI!e=xVuN)82z-i=%`pp}N836-i
z`gQJs`aB}yW8{Z<j!|^5RLwx+p4vn?#_>9VuvRbZ=MpG7EF9OBk=fQe-RaFAeE`rt
z7RYCvJJDGZ5hI<MX`}mgnsszmgv8Cx)@XE=9i7>>mrZt6KNQuEh=>bYqLmiyl~^8V
zZz6{b+w?vYZgs?4SN{gtInYu|7c5h&cRkyc=}<n)QG5F)OVK|CrBo@1Y_Z58#tUEZ
zvdHAqLT7n|_!MH{hgpurNP=~c;Fb6COWP#FOfs%iCXFGsmqE6b!Bh@I*&GJhPKMaN
zlO)I%UsGt_<%tg#^mTj1>W|{IWzot9*CsTEX~4?LkWv1Z2*n)X=KWdx@|MGFV>75Q
zD!#6^D7Gw9FFuOlObNFgVn+z-KEP6f+M{Vg4FbH_;7QQ{EIu#^awG?)O=VEgrp}*4
z_f8Cogo@h+bNZ3FKd!1f53;i`<(3YNq&V@#+X%9DPU?j(OQl6yGIo_29V$*cOv`xe
z9070Tw^juCQP_g+W$vEM9SyazQsRuLDjYZqo@nbKq?t6OC}Cvs=dvhK{1U;w#+&0n
zmS=HD3Mi8F6nHJ<Nn8pUWH|HB6tl?aAOg)p%tI_DvJx}Wva+)UYr5iC-P?k7eQnsf
zq66C~Tf2Gf>BN@K2sU;^u%V6DwlG$c1gz%$>W&ty>WFf37plA_+fw2TKf?ht!|{Kd
zI(&%bMsh+z5{-@{LP8L=?Wj?Nb+{LF$MzK=8HzBSky3$tAcs<Nj8-gfeV|Wup#~Qz
zBcc@!#>Yqiy}-b+Ak@{0md*~ebdZD?5z%S|b*vrM6%%3MMHrW@5;AVBf~eitPb>Ju
z&evFl)4fkjFRQSbL90-aE{3fwt0J!@KC4c}dWs?(G}BRmO5@>$_qNi)z>E;l-d2%Z
z2dfYb?;C^Fk1SiY=S$4CDqrqs!Apq$NLA@Bf-J`rojI}Qp{gy1QMR-Y%#x)k6enSc
z(0zrt<QQI>Z6KL1V1(^NVp$9@Ly(~S_I_3LQE03Dq3hHTT<>fGV!E*~zIwwTzIY=W
z=rLkHdCtY3IzT<5*5WmW>7ZE|ThaFJR&48?*c^6_<S}3brOB`Y1Xu`EyO?*Q<|)ym
zL<+F##z79GE;+FXX#nE0y0DDo)*nW-YpXwqq;Npf;4cfg5#&bkNSu2YhWehAvHM)U
z*0{A*qPKnOzJ=t2vvT1pJ&M{OODD82Lc;Jg0%$gEGj~4gCjpd4`(m!=Sy@(Cb|yk*
zUOCtd+Ord6uUWfaR1Vr!vn?hkbXV3^h6X{3t{NZ<l)NW)mWOWgl!CTCL~iI$@hLqV
z<jS6un2t2B+Ahi@Qy3dgVSFToq0uCU$C$5l8G7kMzqZ~U4x=X?#mYpO1g67e4P|X-
z0;l(fa86&C62j?yWt_D#f%Dh4;QZBLoW3TE^ZK&b++D=h)*P01l7uAk3^Rk?=rA^t
z1a0dqV{2y)r}PvU-Z(aPk73jDF>GH+*^tF~r}p7NXLaBKXD`D!+xxI>Qx`U@ZAVvk
zoRho+;v^~&t<J>SnAI3EtoMxD#?^-fZ5xK7-;WaUV4e-8uO;3^&t}H5)<xT3cEhr?
za`lz3u@#nW)jzLQ5s?&GksH}tBk)AThT&WN@=}G;q<3eE$VDn!HfHSwuLp6HqAxt%
z$(O2D?Ob0=&fE46y@~To2%oO?hMuLHX|s00H01cKc40y{yhhNr{GEK98j4-{5Y1`t
z2hP!33~V$fD_FK|tx;Tdc9(5yI&A7~$47rgf}s7wW}&iWr@eY-9v5#*aJJwJa0b{n
z47})@2XLEMiXEm>z)gb6^l9hz;#p^^u^+|1T{DK??P5o=1AsFK??i$Ww0^n!F8$Ie
zJ5y^9aO%Zu|C+T1n0KiBvm^++Zsep(Gd!9(WoN`$3eJNboqa{eRz$kX;2dzIvsDP*
zo0#QM$bHpJHxj2g3G+)w&Ps6z)p!VJXZHN#W{)zE|7rsLo;)~z66egp1>+nj{Vsf6
z6}D!@HoKJ*rdej1h$zh#o#$3(7<4{Cb{ZfoF6B{X)I&6$kT-g%KI>j^>6=Qb{&b^&
zB-D{+uefOL!qGMWpWW_3k?Bfnxt|89ToFl<v23=8v22+Ge~Da+!m#xANk#9K5Q-F-
zof4vaPQ*oK^!<(~`r0DsYj45YjyTqJw4lGg4g8O_Eg@_tIeGB<UYxO_8(WsOVC%|G
zY+2ibt?PQRa!oH1J*~)xqZns-kLSubJTivEV<{XN%V20cYpX!nd<Mlrghj|<T3-{^
zN}84(ls~mq)1efl)9Q+kT9wjPk<P(bnaJF`w^at!gTmld+j26VDJ&jBXIE6P3e)0X
zxYmAnE0H@(BOgctLnOa#te7^IWjl>mwMNjv^2{=gw-05pKUrk`#1R(x$|mvfGgkAy
zfE`Cj%EGOzTGeeCIjyGHEADDrieLSh&uRwMhQ%~#t4!sj*}hhom<DqaV1{5J?i@^G
z?^uN|I-Ip4gk|eG**MkPnguI_1Yl@%3{UvnL0o<-D|;5W^ndr^>N}29D%cuXlTcfX
zhj7U@vFVBU`b`5&o0Pd{5Fo%(fZC(Fn5|Z7<xy83WbfS6?TWILveYE2#;>4}agwq8
zNL|XG$f+F3%)2NaS=EbA_U49vY<*k~CB85kq3V|+=gzAi&W%KqNX27uQEb&ieVC$W
zmoF<D+0($bqqO=W;l0vl=N%-nr?rdMFE05KL1A0CH6nK|j2zRG<KUz3xabvIt-NSZ
zw(SU&F9R_G$XlYw`*JjD3sEV`7{eH4nuj?M?#~o(Fqy~h(KL3Z%Gf!U#=h|!rGP=&
z>1@MDCQS(;r7@J*i!!{{SP0#m2yX0&;-PEX@aQc)c-ZO=Y)KTcx}}I-#@9-cQ5Z~N
z_wE7Qcke;$xMvscx_>|J-!qDxhXyf_%99`!tq3F05Td+^8Ie$XRA$viXsLYoNrj$O
zCJy!km>fssMS<CJgTx~c76$JXwkrVlKnTB-Swmro47oTIrUwPBv{?Ezu4QduE~I!#
zZ0)x?RV{R9)$BdngVOHc)w!k(A?7D*B(2CQR^`(|@rWq-%S3SIA}10{Ta?b4T0xOV
ziVjr;D=3BxJIOh0+z(i-z1gE!))~Wh|2V`7P-9T3Hvze0(WcWmeD(T4>=+H>F<V-!
zBTa=7cDk?JJc{!_ybJped!MzR2{{p%kF%MN|9r{{&!B?a4&?B!KObhg)Tm|{=7|Ki
zf^z4TEDLtKwqONiK~cMcQia+ib&@W27C>6kZ%=qm%*xzR1S!#Ko0eZ6Id{g4wt7DS
z&QO7>4R~=XJjErElX`y5OztS=#{PI>iJ~+>t(A+%T^)4q#KA^UFL6@-em6>sZfw;>
zx4bvugITeBG&<QU%{9>KhdvQ+ulAbfiXVf@M^LyF=@I{cC^#~u)d4GSx|25>sHIm~
zFLs!haoaY9B#r{xM1iAcf$^p}CS~$vq_Rbf7eW{(8A+1O3}q4+CJ7o!6>%tCz(AIy
zC6~dzWDa{XCG4W^92_ZNe2DqWN6?apShkO3!npU~e&{90Jk!^j=s|a98&>x8W7CR$
zY+KfjQ&)CjU4J{)cO|f*EryP05s4_nh=<V{4cl>!1oNG<PeZ6cyfQG+W0}ShZEc7s
zD8ICj)1w7=6!POxJFw3Ln!KvM{ng;YHZ%Uwgj8=gvChM+hYt3+HnyFPPzF66ar7p_
zNHUDO2D2n-s)HywZ2@ihaXj#x)hMx??;J{DIMRwVtK2xLwxZOJt#TEiBS&fzB1CfK
z#PwylQFf;#C@MH*ij6~Ick}^g2Lz>@D<d9{;8|yOu-=b0sx=*9eC>`5Mnv_kG1X~s
z^<ZU8AsfGGM~Y#L<KBTh_KuX;2}9V;&a`W!h+V@a{C-ak-?}x4xBcWWKKAQDCWdjj
zSLbE|b(mxbA9>z7oW5eB0{YnXN&NhdkxDz6X}Bj6)Ui?|D7TZKXlYUe<+OmHEEtTS
z=tFJSvn^`S^4g*<Qnn`Ez05S2R+S&GX68K#aw{i7)sG%zC`T2=Xs~eWi27;86XE>v
zYR2q`deptH=APo<yxJg4OFIC`XMH)=EL?aJd6bz4=T{;>E_^+^dnbOkGSGynGOwL%
zZz6Mw!V&ysD+ijOsxIWtM1zT!R<~6ocr)h8@BVoA?stf^%&+jA(8#1}CVQ5@ZD-Je
zUd`U6$+@+>%B_ec4Z=|-HHs1k%RD7VB9krV?X~A*AwmL^$FLo`EMp{F##p9^!DOD~
zC6DBI7W+ptNVJBrtRqH!Tf`ssjN)KEhW)t`_NBrYpx<$J_i<Gbq2m!MiZ}=B&W;GW
zx?8cTn`EUYfqq_B^16ayEz=?0co{3&!{}y~I$}k%mUD=)Y(gY=5nh>6s$peRZ#O9d
z=F2kZ6P+Vc{n=#ED?^n<vygk&l-zw4j8lEa2rTba&lacbLZpZ!UL2D;S?9}IBj{wF
zIRxR>BWaSjGKzYuN~>^%Bp!U$YNRt+>>W&DEZj!kT1MJdMMN~&2CQ!?U>j5@ipy&o
zRj7^1zLH4Bdb(USh6XX!hTap`?>8*pc9MUn%|o$_7zxUqZ`z8@eJaqS_=lg3;UBNq
zQ>pY>4es=(N|*N-S-HrERb~Zt;9WmGuUU&;hnr0ts#kWv2XE`c@BU(qXIMdsabNVw
z{kZO4k{^rvB!>1ykL(04*Oz2D6X@RrJoDW^hJ$8+`G;ow`cT_7ALX=^lcR~+)z>Y&
z8@*B*(&0f)k^Kh;g{oU0Y|QpssJ)X2sed%W1TJ6ePU)kW4v;!KB|*kDNk8h9H?o`1
z)nuvk`#o`FFi`@ko+sQ^;l=<#dC}^s9Y*vVJG+UhtAa`4(LnC~tHOG<LqTe^7F-!B
z4`$?<8)#?WZSk9Vn2=8I>fm?o(mBbE%7Y1UWmh}iS$gEAHf}zX7(`1sa;XtKd|f*(
z-r9}d-=D#iJI7ICUk^n~_AL(`hlq0wY+>1#>0U|EaWtK4iI5nzMZzQ>9Li}%o>O_V
zn8CMD+^&^Wb)IFGqi#)-DCt)oq{mYnQgekOa+v}~vuTS@{8uT?v8=;%qb!%K+-YjR
zOXUiIf!o)W1^IA`1}bZ{fBB*4tsb{Rqx9(NVC{jC=qCwmg@un*`w+T92`rC?u_m6x
znSF7bLZ-DVAHuh9AHjYywrny>uPo%uVf@t#&gWci4A<Q^h+W|hWSO>c^+%FKTMg6e
z=@y?#P=%y8G|_XFr}R&3^UZDX*dWM2#Psy3?_dSRDzlW%<KEE-UU;rfs2|1l{s_K%
zM;1e4tPp#BYo=g%tFd@q^PCCfNr;@3)Y@gIuxCYp2)5@)OAKFn)(ULwlfpZStM1L>
z{l7eDO@7wlpC}MH*A~wm-XU47pqw78pez_v{@UW%{Rfu6+M=|YuTARK#Jf?yvDv+#
z87Xy^8{MjIJrQgG^BbzwYgXyaEbTy{1_t&yxswwGDQ6N(lM_J-n6Ni#6bAjfl?e4&
z=S--2l|98)RXj1&<kbR^-c`PwQkVP6r7A*gTngWQCx=&=d&#VHazgGMWbYSuBfaB9
z{*~S;oEs;ekzjFZ23;e{hum7+&T$Q#vC3SS<jl*6)dwxT$I6w4W-ej5*{Tl9&Cb>^
zK+8v%)>-sN^EhpFH}2dwg1spYn`}n~+xiQUl+c~Fk;p1Cyid_jvJkc{_9N*m4yN)r
zFq*=yp%nIwrLcc2hdrZtnip_58^Tbsh+&eGJlnG7JBhY1+S?-N?+9aUZwTvpBiP&<
z$A%Sc*i2cwEQ<AA5v*)0qqn7iM677rNF8yJp(42^NdbvcnE5H%nI<MguOnNgl_#}3
zy;)OI>RJ2+UMo@|H@w;k6x~_btBv#7+A4LNoehd2!FwG(?qD15Wce*ml+fQA$1n-i
z9sBY~X3A89agwMEB83zla_$=BQ)S#eTt+(7!rIk==L9*4!e=xryEvmSasr@|700dA
z2NNN&*Py*Rv~*Q|3we6D#t~p55)pj=_lI!*kV^U}){$lY{o}eTg{{UtTR3H9WTi%`
zN^BMoi!GIK**V>K)aHqA?x=PA_iqQuKc$>KqW}RG6Y4_N#nd3Fj4KaQK<@l91t#e>
zzrV@=Rhi|97%*O?MMh3@PDqO1uN>&=24g~Q8ztR&Q+gzpXZo`PwX$$<VJkgKmj)&;
z{DzPprQPS=5f#tM;+!sRP9IgpZ&ycLUM&1N4n#gh;zaiK){DLU;u9U-b!k(1NOW&o
z3VwGqwDT~|-n-i1Em3)Ckd*M*24mH23$1uh){x9+?bX<!OwP`@l<lkz2TVIu${?*e
zX%^)KCEUgP4iv-mAL*vFAWJER6G)X37|)WtWXsq)TEsnvQn+Ivja&AoaPyu~+_XD`
z8+K&yr~8xm<L)eOKTyEEgCXqVz&=DjMP{;vadvjJV%73)Y+tt==Wkw#2cNPM7i{an
zgEn>HL2Enkz}4+IcV!#SSsB9_D`MEvQ^Km&Jo>^J^pddXlk+W}#92nsd>#?|#tI8b
zKRzi^V=GH6Kihg?x!9XulFFmLWs(l(kc;G)w-E9qfckD<CLcoDH6@xAMP%q+>lk^K
zw|?%Rf{1+tw~BC_VbLzEuMO*&!lYD1ZgrKpp~T0g4#_fRQNLgXWg=8Atc<&dOL*aV
z9Wtnx6X&jO!FVx>Ywt+HJ~J%0O9D(wp@hEfc6{aetI*qCZ4HJm{xOaB{_Ietv4{wr
z><Cs+78h;>WykN?k1B&jW%N-4t<yfG8z(erx$$dBA7mx>Qi^rq{A$FL;?^@AJ7f8k
zv93zeq;TZWb6_9Ps@$5fq#k5$?s#LbX-XKs4XUzKT3i5fsPKiFJgN-jL@=lPqruwF
zG02aN;1q=|dwOu`leG)hg)tjgxHaO!u7*!XMjB{PD}p{8=f0Y1{#g#ngMEgdSF3AY
zb(mIpRGdyMPrR|Xc`rBiQ9D%>@8w2*Ij(iZ(>Q%yAMV&YhC>BT+U!GWawpFki4zt7
zLbYsV&+=0`#9$&KHen9t5r(P{kkNg-ok<Qc864b6(o)4R^eZXjIUVc;22&**9xh^E
zvWUTvJPr>ead;$yv1ACDY#vE_>xq#uiYV((KP27N8byC=3@dt~ln7S$MX{<kj#WCe
z+u4GZJuT>NZ9#8W3px^%c-X!l7b7_+7cxwKo<mX*F_OY^sfchf$6Tr%cx5G0ti!V5
z0-H?6K4O<38SZ7AJsmL|NfvPHz5<wJx~B&c#7HrTN1VL|NoH=>aGt~_$`Ff4i!&(k
zMh=-_m79H8m)D5Oo@Uy|GLodL(xGzIbF**p*sPs_1_Wg?ST=Vb$>G!$9XOk8){n<;
zZ^g}n1vdIrr3@FFq*!C(m7Qq!+qPp(w|d%9WY{(y_@R54PBxrbZB3nk2nfpJ!V#4F
zNl-MKwSFWE4H^|CR)x%^V5Q%xkm1CBISJl4V~~Hr`YQW@#p43iUcMgrY%8Odkjh2L
z@E#|^JW$wPq@?w%M+L1eR?m;~;<t3GDQ^43{5pGGedQq3hHdxqOR=Q$kMd#W8W@~o
zcO_gpWu#*8Sy_4MSyz`HKm5Ttu{`-u4WE`um!-ika=?g<u;^S7>p-u;+QD0r2-}XJ
z*h+`|dtP)ETrg(t8QNPj49CnUB7quwV-ajy)sB1i7jRglz_vnE=gJt{ovzmQG{~y&
zGhMb##9IYsXP<QMgUZ<4(2=Ffa}Xn8Az{*wEm{)7Wl9Vg5}RZ+gfY4w$Y-&agZ-iL
z4DKIE<G#@p?jJ8<Kjr@MF!t$ZNO(Usrt>RW?O?Ff>m4l-bhm`Dyf=i^oP2Jij^EN1
z!**>U^(U}xSpr*oquAI%Qqx|-iq<g5Y0!Zz+L+xI<}FH+5GN^aVY#$Ma_A&^Xep(z
zJQl-pIzB{F^{4$QTl5N%aD_;4qQw**dd?b*XN%Y~oI{EPPpd9bwlQt>SU<MI(gGu*
zKPwxzx@aXK5!BdJ?h*cLmY|3|YALOg1m&!NpiDragoEi4o^?hST55FRS*sHG*?oB&
z8DcB)A2M5LcuF<V(uU7IZ!I3WVY1TxtM3iq`W+-wrbibkol6Y?L0Me*35tFnL<2&V
zq)3TPZpUUPcTV4#Tk0+|ke@n`dnbbYSRXLYK1iub7?#cS2p6P_b3(j=FAN)Obwf|;
zlOir!6>tNnbE>Ne|G0GMs<>Pn6SCqF6ld;vnE+>It0@#)ad7v{ldY~W0F}AL>$z9H
z6sE3D1S2>arD!0+W@iaxUa_vaQyA`APn;iJCkQPig3@R1X<^$gN~6pvax1udU6o!x
zykLxT2+p0tE9cSOTEr=<I&jzi3<lM;^?Nwhwmgq&K2|mol{H1LLhF@WZ3ihlYY#rL
zRRfBZvooWAl@*O#_Dncfm&zrSNmNYq3)5`x`W+i>B^9GF<AO;#9?zFBl*wZ(UBFms
z9EX$o=1U%j#z<&LY6iy(AfLfVreq(pOEbC@%S+#bjmN@h2}jY|7Dabk3wpW}Sl^{p
zmrktfX~p_(l9%o{R&^w>DiJ|XB98t@1S?q2J#qc?KpcmXCEU6%g`$0(R^^mIyflIf
z&f9>|u`CV^Wszmt<Ftyf9of*seCwBswOC?p%hjh=wp@7{6sGQV4Na=X$xt8)R23iz
zFcB(jvfgX%9>puaz27rDiZfTl@wFGP#Htl!{23OcDWwI5;?&+_xfTEM)RlPgd9~+G
zfFInE!KeRlgn6Mm<tadbr3Tk5rKznONg?UM*Ip;+D?Zpthh}7Qr>kj5iU;RjS0|J7
zoDBWp$b*Dt&V4mbpG<%p%CAO0`Qx+oOFk-{3VwQRTya;09yGh>VCKgJH+7(-IH{&v
z5AvuqYVxUc%IxT6f<F_v_sYab8x3VHV}E(ngQ9UVA<R1B>QU!SOn)j)eLsVNSKW9b
zYh4w8E#yw-{<KL{?n*xI?WbzATVPN*$deLDORFc57B_%0G7E#|TE#JQPi)Yo8ykTA
zc3Oqgn<}3F32@JH?-NT;oYAz9>m(Q?!w9$8LEhnL8wN;d_7?Nlqg9t=3U`mEaL4dC
zZaXrD8;&IL$AKJfIg-ZBN3yv4PzLuN&fqZbkBk80BV`oGVA@EI+DTB?kc4b$kKx>|
z2+myAiU+P}$C)cTaLVfCSk={mHfA-WpC(XY*~>Gkha#(mWyGvTdEXi?qq~qsqL4ug
zMXy$Ovff(grHxrkXiJEMC!+jnTq-bsb_PlJ6rCNi^3mUB&!DKlwIma)piG9!hm~{t
z-Ib-SOSY*29)*6i>h%xl#Vtc++_{$(st&PGBtRXS{W+S5;t#Lih)YkKm^R`1JsCXZ
z^ZSt2=BWCDb;<ySU<GAy;a@?~ugJQlsX@W|kwz5Ng|1TQgxol>l?jULZ&mjd1z553
zZXNV&1C@7g(2ZZDL^V*-p=~kvtemx=Fsg8tUK(umL4N7Txp&s`Co_$WE*;K|fe)sa
zm1kLcaPFw*t67{1a___r^-CClzF%P<!1MBGfyt4e2&DgO6X%f{JzCm4W2L25{BX|`
z%8HO*3rphN7)hXo(r3y_=HA6GvKBn+30J@9{0Im4-j*UZav;8Ee+I)kL~5&a3WWLB
zY~Q}mLNmFyJn-JG(+T~XTSZ1#x#(Wysk-w-t3rCSMu)()m1jQ^=!w0Rqqf4UxmUVa
z{<exF!oz0~7lu(F0g_}{HhLjC!@)nvdQInBFh+tmoXue*m&I5<io=;aM$!dd3%2?)
zk}P0&EQf)l&d2B=EQv_INa9vPOC)SRw%i&I+b{XwIhbZDL@Ze6OmC!=#3ko$M0bv+
zBus5>G5d&JPpph~N>?O={%{_NaL!WL#XN;cTv{V7NQAORu|wf7L)6<wMFy#GNo1NL
zC{~jJL75V2bny~?$HD%L6>-YMS&dc#AGfU?`;uYYvWE&+`;yhAYWp*Huvvz#6tdm3
zH+JAVFW!g;u2bWlh;g?2M}BlK21iJoG#Q)gv>fjU2+HE3mY|qf<zh;ILLX9tcLSye
zXRN`(krnf&!PN{ssT~~&8Eed_3m1pGY7nmprzR;!Awy^3MI!y7TO~<WHn>p)nL97e
zo33h)^%CfJ<L;Y5)jj{%U`(+A)g{bkFNE4Y&17FKLg&XT2O~}djgE@UHPF(N2@OqX
zr!Z>EOI1{xJ-IP=vhWd<TDUMB8aT6bkc4!_i`cZh13M3rpy<0Da<8_fFhp4F><XW)
z-7t^Z4ioHC4|HVbE0ibY(erPjd*0|?Vac1bt3@>&&%G1*ljy++3*ES95gRKc3DanV
zw~~%BMc+>;llYV<c@iA^9Gu>!VO{CR{?b|n;WbOiv0r2;<HZuv*#gFLMU3ZC7|&)f
znkJzjxoBxkVAnVa%3-aXFh07|+g4E$l*f>uv=@trw!{!`i(*B46kR&3+n(Tk9Q}M=
z)fy*pNuZY#=Khu_I+^TFot-IX(ap(2qNuH)655!e2+Lnp9bm4&#!$%R@uu$|z|Zbh
z1y01Wwh+Gf{AGCmv)5tWiY}66HY6=)IYKcPP*@61uL<Wuc+16W@RL7ZkB6*x%H=2y
zkTqZW+5Omem;-?66E)TV0geN>rmFGKJ{G1%uNh{YzEsh{6)U;dAR#|?K++p<>a~5j
zmy=p38iPMx7tTx||2{u@bU{k|&kZ354Nx!b&A`Q3^)CZGXi_TCy%(=;Cy6}kb#Uk2
z6TPvKXE{l%ykt%fjq*2HWzj7iYultU=Qg7$p|Gpri&#ng{wl=7cBu4NFD+Wx5XrE6
z3Dd4G|B47GDLPOaWw=`5&}xU<eyW9wwvJT=bfE1Yt%_LwJkhg0wpOIrZx%7lDq|~W
ze}WZvilVZW-^%c=uk2d0r~d+piBdOA@-jrf`r!G&LKy>;!*n#v@o0=e4lquAigJwU
z87;RVN#ZeDj4}qjR?H+RKt-b{yd;R9CUZFq4-eTFdb5;rE{z`A_cFfaktjBG#&Aks
z1ZS;i!2?#d;Q^~!@G$+_^qMZ5y{Z%Etm(vqcs*@JFV5(VHc3#F0L5M{;Q)1^MjQ!Y
z&ygH1`RERO;}$iR$$0a_y0Pmm8}RSX*?{)ej!H%AXSc2Md9^)L$e$W)wuERjikCcW
zE$)5$HvIdO`>?ueay8#MP{89qcL-PCc7$zN9V4jQ0LLLrH&KkFOw)#)6N&t2OT$|X
zsLcF*a6zeWYCv)E$o&Mk0A~yJP3Z|mBH{3%ef>uLQT<#qZJYTjaY=d;8JI&TpMoak
z)nw?#rO`8V?gSZ`@Q>0ceO4<P*)$Qd$&m7`Z4F-KZ$exi>OI>k4a2Gq#8bfBQ{-G@
zx2`r+%P+5bRvQSlB1y8Erkj-9DQTuMT?V~`Sa?c&8>6P^w}Iq7PsfFJ+R@D3Hqth_
z0#F33AB#_-`zg|F+dwYz8nNvhiPEc86P+VuJW8SygTjy~K0)_tA8J!1HevZw+FOw4
z1U9YLor@8qS+1iTKZY32XgG#Zjv-^=R*aP57-!{V3Sov6sfKRd#mbc)Xdp9n!NaWM
zdq#@bKU&0{!{gX{WE}SmO48Ufl*GNf-aDkXk%|~h7ZBB|49VV#)-pDAlyO>r8RxEw
z;6bY+c+}c<%l*_)#>EirQ@GVq2+#;>K>Dn7tc>S=We@)Ax?#^^BGlI2@`x_{?zQXi
z_fJ}l&194Ilbuq4?lbm|urw06(V-%JGdUMVOFW9Fo!gBcy=)^s_uM{g={HR<3AZ20
z;<2CDhg)_qZ3(Z@2MBOHflc4EqJLns0Y{qCMh#CI!1>Xeby`U&ONp!V`TBxxB{qTZ
z#6i(W3`&e<;!2DUmLBiw;QYyp#O|er6~9D=g3?mUhG?fP1>4$@XrSWNwjY{=KP^*1
zK`L2-OQ!~N6W+VLDa#U<Y{3T68aZ0v6a}t9+$%4|<Kk)x49m()<)cJQ0T;ET$np}Y
z&}xL<I5P7}W}+-djkOc<qCC2fygB&8t0xm61J#iet!nrSss>Y7O@e}!d$mm`)(#Yh
z*Dma;a;BM9W;A9fyEc9>0BxD7{j*Kw>9;`gl`KUuUMM2TaV5pN*7sa;w&fK^kp-k^
zbv!1jI<@*|oGd3L#hL_3mXcBm$2mN;Aj@m2$gpTQ%JFR^UB+lSg9GCk930JH*P%3a
z42)26*g25J?jy7t%wuenl5FZrvP_6Fq$Mp86{RG=^w9ogA&)oz;4t3w!$YjR`UQ8!
ziU{6yQ7``RmmBbf7jD5T9<d5%tnVS&V55*i)Yov*HIkx?71%bS*x1*KM{e)Oe?EIX
zZhXTQT>fY4@VKpNr1kN|8<V*3lLv9&$XKQQn(_z`;5dah###5$;Asa8oyJxNnx=hQ
zx1^h}R3ZD7Z9CLJLHNbu@<h=XG&s}@WO661t$PO>^eFPHYgGf+MxephubySbXT8DU
z-ViZ+4n+1*u_oc-o(?W=5|>uL$jl{GG8N3;Ig%$0o_v;(lHN>u99*1Am#ykIK~fy#
zyvPXk4GwE7eAauf9E>AOh!%N__Xu+9@~Rc9SwVp)ugatoJvV@B%gsW;I}ub2R%bLQ
zFdi!(rCpiw9JyO-K70^CQ9sey8nq)zzFcH5`dmGS8<mOD9WL9#l}fun5>m1^s%W4y
zFXcQbP>DGUSq}Bqb%BH@OY0=sk&+Z6BtI>lw34v2kg&Az+J>=QD@NJv28_UjF`%Cb
z7%X59NlOzy7D!PZ^dTBm?6U2^Wx<aHHU(p<ypmL`S=oyBK4}&H?0kK3c6#VN_9G-B
zyHYtE7%ErvC!x;>ceF;ax+{wH?IHBHg>5xvI_wxK;6-0Kglq2|sx(sXa8!V4pjZ5Y
z9}8SONZXC<2Y&G}P6U0wdFAwyQ|fwl<5bn0hDN}(>@Ej&;EdHL?BiT=uUTgkaL#Sa
z(MYCvWZ;8y<3wrH)tO79Pk>91CK=3xd$bRMF_HF*&P_soEnoIjiCf8Zka;8B;o@~r
zT5I8VQ_o&7H~gb~8nM!>$n&U+OM~u}K3)B3ZUnirFm)qQoi)l#4dh&~^5?*uFJN6;
z4(FcMi|g(j!hlv<RHyo+zE&mNf#11+;;vioa{!kw2P>b-Z547e!CWL>tVWQf+Hjh;
zEojvb)$*yAM5jAEhRvN3Y+u)o>uw&w)%T2YETXNxpj#Y9FAm}jfBq=!**}W=_NS0+
zZL=deVYXX^o+UACW&MZC=?dp#$ofoO85v6DFsxd(Wr1na*<w96S)&1F1t~|Zq_jn_
zZ#ajSetjRF^X0=hY~Ki;8eMI`=4BB)W<x8Ue{LI|dv-;hcTPK=ygh;QS4Oa`qd9W&
zzF&;s{QufPax%)s$@JJqh^j3#K!D>9YQEBDHe;l?f!}Xlg_LmZc8Le)M_RKw<J2mO
z{OH+1<}&jubU)-){$%I#>w;AHesZENIH~W-LZF2PM)x>jK&jqL4>@)5N-876QJG2&
z`Q1qb7nZI<t$i(&emg+Q(WaK1sEp)K;mJtFrmM^pzH>GeEFDuNpaJSRXZ*%>WT%Ox
zD=SO$aROHq_44P3^5*K$^5@u~Ji4|Ws=N%uyIiPXFJFnK$)!HouYVQtuh)VrP1#+u
zyb0$+$gv!CT0s(KU`77Z;!d9a^hS|>`=~(jSET5g^(0rO8HrDl1aVRqnHoxhB*2WI
zie$}}O9g!M_lI!qhj!rqUNMN>gHmMk1AX`ACwFJC{R8*oZ9m+Lkuk;<V~Z1E3J~B#
zfKx|K9IE%a(Wq0qT{0EqN7`G8+PB@KV6?2Qj%DXu{1FN+F7;{oRh*t1U7W~?k|IrC
zO_B^H0<Rh%-LoSn_Q*el429`(qBmn2kuO1h-GHR~S|}^cK>p=cS1)OH)pIRmE)hAg
z@2Mza4R11ZaDyV@(oipbjo|V%=TLgJ8l$xO(|dxz-yRIgBO95{Gum*Zwku>wMD&Zv
zq9P(8^r-gAy37?bBrkGDGyBzUZ3tB$0-`7~+7b#!`CR#=e+c^eNsLiwGe|#*s9yw9
z$ofLA-VTZ~#wf`Ng=Dr6i<7vtG~H_nMXMK-bdXE;0cHesQjvpr2>XY#crQuAhWFls
zhktwz{{G5A{C;l^Ssi$tC33|w_6`^D<2%Q3>E{lh`ycPa6F+<p?%6+nR3Vz82oT^T
zfSS5=s5GWlMr?ItivCq~?;Zr_o+Kboy{7{T78cF*V|8*S&0HPiW#B{sxwkjumluh%
zHaJ6tD@jna1>9QcuNu>xTlHPrGFIF^k<OS-Z%l~O2bsyM1}4X=T$21EH+~Y~;}&Kv
zzs_FnwG?3@$J&;2TO=+(!5exsO;<kZrEekN;#Hn3Uoy}bCwOT*(V#4<8dPsq9n7bF
zomTf^#B77Cy8<gd$u_5|)%!=H!tz_zp>ox)+6%iuxmZGr%w<o<DI?e-C6%{+DiO+y
zHgk;XQ1n(%#in9gX=ZwnNiTb)^C6_!Cz`JTYozoY406W?m7h-Hx3M9RWnO#FDE{e+
zLwMxJ?#I(Ue+X~;@ezFfkK_2$!92$8Sb2S@I(7_}@Pj+j_`t75@Vu`a#`z!FjVFC>
zH@^R;VWhGollrA%y-}n%gL(^avO!H=T}ULwRvD&PY4AfD*@y@|7paz|F{QWNAg18#
z8!9x{eO)a|3u#+Nj^sve<;REyMFx6pRm3F1S$l+mYsEov$i1BSMebc+cKumrq^h50
zp9K_*6UE_3nqO2NUUUW<NjwphRvX*}1wzMB=F7h4VF~vj4>nErfo9r2a16)u-ZWeq
z%)i2^j=Igk>YAcB-Mt=kwJ*EYrgx5@bbDDocDRa~0Vb6(^J;I0sV#|$DDNdU-GY6*
z&EEN-i4~8PlLDZL_ZD0<9;q(;>Bsx+UhSU-wql}Z1z`212Zu_bhsp(VRgb*zPgSNp
zBr7-<MRxEtrvNYb6e&*q*JlIF5LT1k)qdfT*LcXjy4RTqp^XGX9K&BpYAoZq62{n$
zhSEjk^j42*Q%kD6RBJiFu_HJnySQj{NOmSr=W&Nj?daVUa2?H!`8p^m#C-ipMj|L8
z6<Ya_TLoPU^Qu3z^luy3VO*ty<~sc@zY5;mHvyLv=?op3ZRQ}_T%k6NirSGAv*RB-
z%<J;&hXx}_?YR!QlhB_o3a^<g$*s!5>dM8XtKx1V0Q168lY`^B)*Q||r5C@wX9xo&
zmp(c$J*x2L5H6{LTU<IOxD_8?Iu%E?Y#KmrWbfKj6(T4sgHjraa2#D^6)VGeZ0QT*
ztaTmu>96<WhTR#G4wVxFNe^OkZw{|~&IP!8&nWIXltMDzfw0~rV)*vL6v;<SRj-v7
z^+iTnV*AZ<0#I2^DX~YW&KRb>z)?Xn&7hKjNtp;RCva3zib@q{bza7iu{?Gj&f>Ox
zY236sjhlUP<E}LBIhe)4ksNY5fh0eot=6%<@B#z~FmtHuNU9T3XW$3>TD?9dy(`_W
zSz<*8AN8s)j2fY!#twB<u9|tc!Cme&SUJ(aQ7g{vV#DQ2qem?{u|xQ>G=mz*v6NLU
zTwva<2C{nIr-VE@X%aQgbG)Bi?ekFRHSr!h>IA6A>B>-Ul;LWo9YmgKNm88;m)$0%
zL0*#nEjh&@r@YFjj2uN3D9}XaWrm=Sr#LgK>&lxuZFJDW@G8>=bsQZd(MqQhm1>fp
z1XvhU$qGeFXL{R4B1Kj!GM5`iNK9c$0t5(9g{MI04$`;`P<!@HeL6xSC@#O!7b(%|
ziB^K*WEt{jt2v&%g9wO&!je9B;W)7wC}p9c^f=LYEpddYYR*5>Nw!i{kA%z+DpSc+
zP+2H$S2i<+OS_<?^L}#i&Ou&|SFoLjijiu$Nc83nayb;O5759X_k>rFI`~@ooSR4t
zD@MC6Y$*EKKUdVQs`NHbQEzzZ`zvZsy4TjA(Upp8uZIN)5a8qhJH7@@i9Pb_{~~ea
zlaCeAm#a<$NXtoQ&KVS#MrZF<#iXkSN(U9M%GC{U+VY6-US~||!B0pOUcFTmM+oK<
z3cpsAH<t!~S;|h&B3xPlwlgPl1jW$|>5x06W2Q~j<;#tL?m8QybHaiJWIxKN!m2>U
zqaPLY84>!P3G1F_I`b?_qN25Dde4!Flt|E>7gd#3Wb|%Ot`tVL6tx#b^cC7lf00Wz
zw&IN5;t3ESz;OvjNOV$7XDYNQtb3VJc`WOQVf)HfJob!Uy!TlfvFBgTLF$9&;DS?n
zP8^a_g{jV|!D5*nHIAf}WmFAb<;#oCW7vu(HMO3dI5J~yysKXp1BzE8f`6;Y5hbP3
zUv$o`#;>Zm-$9e`=h=y%pcHpAs7=?5;EPn@%-H`@fG-bo4mIqG4p0m_##%0F)5k0H
zviJ4ac({@R{&5;ZWJXdd>vxm06)zNR1L><MR@~tj?@3^y?a0}^%Li>qdS^~hPBeWL
zAi#+Xkr2HNRt}@1Erzq#cHv29_v3;sBp>>gHO-%PW)JRq%NG3n<!kZQM|WXuH|({+
z_3czW^1tX%8nndVmKmgkW{@s9wV5$*v={C^hi|_;TN92Rr4^+;1zjg-NjZ>8_QCH~
z*4pmSz#ZmnFwRj{D+^lc&NIFoMc-4=PlqTCMixE4P6U}Lc@o_#+s@qtILlg*M_p$C
zg{`7hkj-F1T9k2@;3ngBWo>0uBeOxZSug|koeozHb)dA%t-Yzk!8Kgw4Bj&rs_kC>
z=W)=Rlc3ceYucoPt527mMyQsZA9@3)WTlv+o#r%ZuGs<ulv};j5z5=jN7UR_N-M_u
zvQ|x^VcO|ej@Spn1tuehJd0b~MsX4wxmR)9H~a|k(Fs-0IA-1y=A=La1PCyDNIOV$
z;Z<7+(jHpvNK>7Rdm@dSE8$HSF2na<vI#$Y@n&4{inX}>vgNqqWovQ%HZqZ937`Jm
zC_erB@k)3ev^2Z1iz>t34_s_04VuYG{pqTcs7<Cz8c;e*%g0(hDlrTrDW22|#|=_~
z?lp!P<W}1lbp`{!A8A#+;S<xcH?KM*Xz{U5961tE(YI8}X_`^&_fwqEzeEFzMg*DZ
zo|lP`fgCCywc-MpArxe@I=<>oo>Vsecqb*cKIBd1TPrTeX44{AcD*vOx^*HbU3H+d
zLD4)iVb1XxmtM-Ucnhp!dr*7x%5fIOIV}{XlBPIkjRpioMWOJgDnnP!b@QgJn<7h4
zA6e6@z?GzC3fi1e8MEE$BW*OdpY-vdl!Qn?!X$rDR%TQTgoLFKDX{s65HHb;<i>60
zNUY0HCV+-A4-g>0aRX0Fm{L>M4xzmziVgj7Ja}^l-u{$LxZ(|4@SC@sijKC*zVHw4
z%;20gQ9NpE6stPINJK;EqSckJSd9mt-cF5^!YjVAA0Pb9#NXF?&;|~!Iy<o>R#Bt@
zofe$Qs6{xh`gQ{qrHKse+5o0yDOIiM%0L622+~xbTYL4FZc8M7Mjk2li^(J_MobvE
z>d^8cJG!fio)x*?XwdT*h3?FKE#$7A5Dcc8Y(Es%oWmEd<w>9R(x_K20UqRB){aBe
zqEY(mxpz^UdzTg`+LD+m&!uV;KN?+a7(~6a91FZ)EnL^9=Nc}Kso>n0PO02Z1lzkv
zGI8{;9IAdNM<5%OcE&5zl5213Z#1%|&1)?onH*9;Pyz%vzECLRj8$zoe`6;*IlFkV
zgtJ$*<H}cU!S7zX5&!(SPF%9B9S_?W$2VWN9{qg@+_`HE7kz3kZrD3fv-h@!@R{eV
z#RIl<QRx@(_A3VQzc)*nSI{C2Qcr6vDwLpECTiAsk)oAnu@<eMcn4qWLK>LvbZ}IP
zSvuTSp+ru2HG;&Ez`mf$dnx|B%=|*Pyx5P_g&3D)#)+4E#m~XTPcTbNkiA)Pj8O0j
zR)d<xA8!mgnoeC6kMdo$Yz#T^CDYI-%Z<#1Np>=jxP&%<;%*|Da}Jlh#fD461d<{{
zDgl}KQB7~1gwwAxRa3Tuu=cH!$!;6*Qa=KM5+K0wgj5l?zIhX_e)(Fw_lYZk@eqEy
za~yyB<0GDfqj>!G1itpdbsST}xM$ZWF8bUa9IW}i;+e}MxbAfuv2|@bQsYUy<ZB1<
zrtb~m;!p3z>%Mz{8lqM^ooJ||WUFwamUhQQ5_Fxyy_}2G=^G~^AGT_u!-2eaVi3{s
zRIe@ywhA{o=qh(EZu+gAayrQAgn`9@e#$kg7`FA{(s7JXFbY~xOc>l{;Y84iQ-jgp
zAI7}FpOzZfS(U|LCO%B6w|Ro%nJTNUh^lQ#25fY-#V7j)#cBS$`jnH3)5(sH+D(ms
zpackToMB+RfUeds-ul=ceDvj;sSrZA{MY+&!N+%ESQAzsF51$H-@R@N)~;^D$l-B3
z;FCLW_0BAA++V=I{bGbfWIs0l+uhio;vk|!ZG{v*c=cXfb^9>(4Qr2?+NL_NE(JIZ
zcnomf?WzK+DKvvDr5^R$I6gwr2rf(&mA*}sPtr_eKqG=16<nB=tvBNywo2tZYjwu^
zEgnI}PRt#p5gHCW^yHS<wUVN&*q1!(z{NEaxHQRMU6LUO(*)|m(1<m!s3{~%8q?-a
zUNfWST*Ad|^-{T=7bstnNo2AHb?QRSt3|>ayH_|$yL0C`&_x@Qu02$nb{$m1oC4t~
z6B{5vfTe{<2-oa9x<vnf9@L7rKW+ukP9k#W7+(5~eaQG$@W;tJO6=wjS=Y`1F@k-E
z)41^CJ8=F7?#ADK_ka<RJx6j#WjUB?V3ou<i0W&g?jwLp0jBWuN9pla6l^tMhENdV
z2qrFXHF<P8QG-`Wg*k<m^+UlZT+PaDqn*$;&4iI#Vbu#y?lnSrcDhv4={?tj(ki>D
z2Dd6f;nm(+spD8-C<(Gwd^3T+_!N~ZKZ63Ej$IMX+WB`P@9y3eV>9Wi>qddp1It74
zyD~6m{A1s-X#h7s9}8U3s5&hFGEkeIMZ2B~wMDPAH!2FD>R#z7@^1(QTWP8o<=HRn
z9UPZt_QPn5nefP-jO+gT0=+222~kf|j?EF2DFO%(Aix5G3hnyc6BXD$U($oWd{iIr
z68P@TW4P=aNAT944C10s?!q}Ax)&FJdM7TwZOAwHu+!VmDo{J<YF_|#T8UTPJ6S4_
z4zdACX%azUnya7Bo*@*L%A%fLQ}8mkH)nJ+)AJhgM`f;X^oEH27@#8r49|YCn74}G
zpa)5dcRhNsx{^C5wNM<=-xB#z`B)kGAanO)f=Z7OCYPQ%aB<EQE-i|G(wL$E<zO1f
ziOYiv$Dc1fYn-$;JPqo)aRplomWSNa+M2xL2{A(ZLC6Mh={Z&?-fGb(eU6|sQC>5F
zf^#A?mG(;EN9ifgHXS0N53ztmP^^3umXVSYRY=@!tKs_FkY{eku8^&sOmgOSPO1UI
zQ?*rt0<nbHQ-A;g788*$e!p)F_Z}(YtG6ccrXL)}C7(HfU)(za#HiRJMSS~){rJ}_
z_TlGuj$y~)43Zhm=-Gk&#KSMg1DqbJDk5pTS)^TF6vU)~PMXpS+quyyh+gy6tH71W
zr-pcwJX*R$21rJvUnQo<TPt?5w%`<rZj=x&F*4Gvc!ar`267`mF8LA%*?Egi3j!C9
z(x5TcpO$8!Fs72}!fa?S&tesI9LS2Jrhe8;E-G*lHo!F2v&XyzJPW8HssWYQY}uB*
zZ{F);_LY8NjtKjFo4L-?SWR(4F)KT=R6kHSvZI-d+(Kg`$j$Vaj>H5A5MW^t4dIG=
zQ`q(&ci{z}--QoeJ&2#(GKgFD=)8!hG_)e3ua~;tY7%6wCF|M9Vna!g*0Zw{8oBkr
z{LWS{sYn!*NQ#28Jl2e;a$`luKlTZ3Id+D+_d(uF+qwrSb&5V~Z(%ri;hUmX#LA1#
zowQMCCu@Z>(-jPtEC&VcMb#8sypm%@Z8{{=LJ2rZ4Q36+t@s)SB?k@ODw>PDA1_cb
zsL0ifn`kF?$hDNETd#7p;^Ey^kY{UmKlnEd*tXUDTX{9r#D_>U(Xh!kS1mRDF+hL-
ziwJ!{N?Q;jB>HM;LcN|nU0+w5Yte74OtsX#V2~!23S^pWkkPZYMP>;pM+Kq5%(B-&
zQ_G#%yM<{<9fhc5Ss1Jb)sK-7nbpADDL~~#L`Eu@{^V7+W<N{#^VBT-@#;EPaOKui
z(`nk_^l<UkEdy5}HF3EzXb3qt!Qk3T6VO}mM$+Zp$%G>Gejsp?xq~kv){A;i#=8ol
z>5_T~VcF?E-whxaN@RhZbj2yai$BE)OwId>0Ro(e(Ek0AoxtUP$MK{U=-&)H^IzD*
z#ykfLjBE+7d1Nm>_RKY&!Te(PND&+U;ciZOsCj0yrE;v$xryPuz||jM8kSegidrq=
zh!XZz9*za3+xSO>qU;fd+I;%m2=;|h5)3&rJBkq!KG-)<sBZm1<XCq4NL!eMDkclX
zLwEA)pdgQhocQ6wmDabdJ&~aXBe2}gB{@-eu3Q8wHzmXsUOi}3(>9vkUYaH$3b)Z{
z=HTLXWm-*({^&s>a!Ut#(<)p<UuO=dtmwsUyM{1YWc^rO(ur0gEfA((BdW`W7TlcG
zY+>P7ZVh&rS*sJWXqSOZ=MM^A`SG_^2ieIy%8V9^Se8xUVH?}9bz>L)=Zn8WD%Zzu
zK+k%WK6eC<+17_AUvwINdEX%Rj%QF#bR(OOF$e~t@A|km$MX8oK$S25v+V3ew`j>$
zQxfXaF3Vn;RK(N6a~vSR$qDru^(1L1$>Mg1w3NaEVJOY1j-7s6Oh}t)Q0G;9-_q*(
zgnU(-9V-~7eF~owFnzbg>R9#dhv&wG1BsTr6+a&<N?wDDZfaDjjO9jBwW2>IU1p9P
z9Lqpg3xz9a6~R^#oIwL9ElOvt$nR{5xOP;rf!CF(?rWf}105!wGM)6Vv?%O4K}>)@
z80WTnm8HZB&qhh!Gu%+5h=S@?qot)s^{IBoYi*oL$5hFk6&R=vQCqyTDfn4H`I0oM
z>mtj?`WzjVRX%d2U*4%08K@tk@hEFo>nL8q=w~+UgM@OxGAz+t?n!E7WOD#H(Uk<K
zTqwZ4IIDnNxP(Fr5Fo&mP_NMvzod5HI<c`pYH}J-i<L-Fw5_E9MnA&m|M8Dw26L%d
ztC0oeSmeVOzHVjg27D_Nzr75YCau8On=%z+gHyKpJrdh=m&(-u<Ux;fNlqLTmEu;?
z3N`uh!?|;L^NVkwXc`Jnesz_IeCX@7)^8-buYueYI56AFlpjifh>ZeL-=kkSX(nCr
z;?I}LL1KPo>4mHMDtYx0E+Vh<NLEiGC=z)hYU8xFQn@`Q_=`i)YD?8t*cJf(GOEp=
z?5xaGKHh_s53Q^%(@1_~Ma04}TTH1IjO<j7E*v8|x@TKtIMuq4laPL1FiK8SA&UO~
zFc(D}Aizlg^)x2|793J&Qe4wbv}XcSsQjaEzSx$L(~j=rY(Ds_U;b?BCvng{HLjGd
zh3kjY<j(y<sa-E2nwd`VDrYrmwIWQ)OA~N@9jawjYvDlyRxC+t{meownerz<<v0Vl
zC>6w{e0Xu_v;WSHMCoYEv&r}@ut3o?ge#+ZFmskUuN7yWL#26ARZNqSN&uc;*0HUs
z`B7#w@xu2ZASeL>1X$XT-V$G^)n79luO>i>QsJ2f)Qy(%-NDr<l&x9Oef2A`guUIs
zfi6@-0-Rf${rjecQ-wcQaIcj|$mlq`MMQa<A(V9g4F8y+0JU<V@^DZDeo~^cQQ69!
z#1H4D0pzt_n`q>%j(N3aritq00qY>5*NoXa+*@g?mYVWWbE~2BHBiZVrE3T9YYRAp
zVktanH#s0E0RjX#zMw%!N^-UYMM_ZmQExzL0I!}@l%Xs&U`qT0DIqKI3?2B>0YPm^
z$gGN5tt}C8p(oq=@f=U^GoN63jGQQc3l`~QOe!Nc!ik)yjCJosj{Vy~GHVj@I@4_0
zK$&B;hHQYXZmwu#oI%tlE?gmm`7dh4lJl2~%3FpkyeV6m4v*{Hm{u#JDrGMaug*fD
zFpBn-<B13eN`L?Xjt^*ASexK(R)4Gmi20XN)J>A2Ee5?tEapSed4$>(1d$AF2ico3
zgy~voS>K4J@mEGRzA_vegJnQywM8SLoa#E?n6#8W3n)J`ftOXgDxVX^9cL-Hw0Y%b
z(7hAE@7{l32daX}W84&Q;gzZ}1_NRv94(!qwW*rAptY+pvvUv5nTVjRoY;dI*~M`c
z&r7C|L6+hW)JK2-0hTzZy>x)CNX4aB7TrKJqrs>Sq-Pbb9pdx?lR|Z0$rP!m)y3vV
zH-1CGOO&U3E7qRpYC3rz;w(~j&fUC%5zPfb5o*h!5#&Zi;dkrG%sz;x!f<nK-Fu_c
zBsep<(Y@H5H(be!!mA~Z&0xZa=i6G+MI!sDimcgkm<g)oV^0eJ6`WY76R#kxFH~-;
z@bYU}_NppoZ>)KZ+AF?jD2iOU%qsTkO4hEdb(OeRjs5V|p)F>GqxSl;OGdczdlp_S
z0RjXFu+$)>r$e4L*tQ-W*JcY((Hara@8%dm(Ta%9p%B%u^=658E67|)aN4s9SvY0S
zdp+uRd_r0};Z@4n!clm<QFQ)r=M7AVwxW&&%8SzK8%U;wH+D_%E3tCZ9}yI1Sr0PT
z)LM1ojdK1sq-0bLZ-(%Kt3ZKOU@4KE3%eG|(@e`@I@B$ng@D?r+eVY{S?r)5L1Frg
zS9s;F+o=7X6YrckZ(?j`w)QA95fu9!D-XI=xIQC;o|SKB&hSH#3PJID4vmy3{WQ2b
zsX|wJ7p$NH1PBnI8E}9KbxJ#W&vOI?XF=)@NsunpPt@~S<GbBYg^DVzTs13~|1|af
z|8MV204&?8^8R(})?8gZ4{x4l-eV9D1w?`-Dk=dK6*Yf{n5YqrA!<}KQR9%o**GP^
z5imwUL^LXbOoE`y@Zi12o5$|gbJu+9-uwT4>+W@W-&6Ni-Kwtcu72-)-K)+%d#}Cr
z+QV6UoqhH>S4V6q`QtH=hdV4=0_YLc4{O%H1m=)H)EDr0i+535YMb_)NYfB)#Ovcd
zk>W$Qery{>R&QL>VuL1ql~0^tv&#-3_iV{t69X2!f~}=XBySuwmD()-v|LvzC*AC)
zk=H-*)FivDn-Lryt}3F`AsQ_HDw-UY;;y1Xg$fnUH)NmK_ra#t%>ZIBidaAHj0?GV
zBitP(itj!2L|D}Tcl!v#ZpyU!uOXv1X_DVp&e?>@ZOL0GO(q4(?a+s9U5I9hW1u)!
zfF{xu<K%BZ<v<B2F@;X(x9M#t;p}Omj9fpD$i1uz0lvL9-(EcZ>lgGN;o)H)X83lr
zAf80IXIEYLfSGifUVm!KDoB3FP-pW>5Yp)wkvl0cSEx{-!g&O?X;?E9Mr<>IW8%xz
zJWjwea%5t}@D<i_C9uRTU(oJMvW|3fhmyWr&e0PDoR>`i>g3c5MVbmnPi{QdLQMYQ
zr1X<L2*}&d*`Yn0^0tWrA=;d_g47p$%@w`y8#moKK>?LlQ-7mR8NK4pHlhi(GV-qT
zkj6a+T}P~Z@TJ+FRlu|9JpUO0boQ9lS~w_O@RB+~z;mR2-gkuxPdacdRM*230)?4l
zHsu6|V^-ZO^UCk;w{cXU5`5yqE;6wxh&ATDOY(6yi9dj^Qh@PthO;X+7~%#p7I+9p
zd`^CoDWY6{)fy$2`JI~_<?{sCX%2vhjbhE}N_cxhs`1(>G}$?C^V>=^s+6Go6!ha}
zU`3rW!L;4^M5wZ+8a=1~4WeAwIvX0t5vN1h__;t35`74wYEduv2GG55_z}RX&1HDJ
zqz*~g5Cb`itWe>}46XyNNT|ZO1#REMSttWGY+!8m>t(u#%O_&Dh{*O?zhh9t0a&fC
z`DQ~ro<LqKb?5NU<|Ct*A_;5RYz#Y_L;ZtmAxp$w9KLZ96dz>chxzK_gII|m5AnrJ
z5f#jkt4CdeH5IjPtW_s3KywRkWbwm~tkyT=)%nIs9K{U&yGQhAPT5$XEKZ@-%B9HQ
z$qA_3I==?qRap{MRzXUmZC1{hn*)kQ$3lK6OG0|8;d;bMU9RhTKq1sMCoTr$rIkJx
zt@8PeB01ia7DED+SPXGTeMyYVyp=X&V>(6KVs9)N+-c^7KV+2dI5hn90<yi1B}Dzb
ztw;MbH}bdu_`QpG<l`km6)HSgfnkUIsylD+8{>0?N&ofTt$;Q3pi9E$v6rrg?dw2{
zezzQbNG9wXh946fj~F0~cR!^37;3Ub*}0jdpZpP0AWsy?6KbpmU!9R0pR9F`2=a1A
zIxMOapN<IR8!h}^5l$9yzQ=}%pE`2nTtbjT5WSHXV7`J}e-S(pUJLL<+mo-0^d|_o
zy2{X6(q*Mg!%SS#Jth0Gsd(QXnGv5#ACkh+J(L-=8bY@q$|p|8k&&{~CWd;<eJT@W
zqFvT1rvQvJECme+SozUPCUKw0X#^Udg3*O@`Y{@5P@oHW=zl5?c%%uXh71;xms8z+
zC9&qYe27RtK1pBa3~z*Ad**j`bRet$Y!7In^RN#=&x@1HhYkIy3^G+m@9&O$&z!2s
zknnG|b;Ons1<)rAo%kjqDZ{R7|Bw-lQ=!6>5$iBCXA8Pw?>wT*Gi=OR#%up!Mn))%
z!ubN_uQXL%fQ31R<M33Ui9}Wqhr+)At0O<F4`WNzR308N_z%`W2<QWsAzA)GDcMAR
zL&o<qU}ek5AEyw;hN6cE88{a4>(ulqLo62)Wwn$KM}>{I{zyr2Ox_HHcqGNK!NkF%
zD)F;V2K(*t<V85dRD&MqEgobc+h-s_;=7uFb7(yvKmAdV%3vHZp{*blRHOZMH}0FE
z^ZfcVqJAk8D@37Z5a+6@&*MRPTY{)dP(qtF@IdF_iRj`?j1z@vIzG#>Ona-{*nsR|
zwPTa^gn=<Z!6?GV|CmSt^Ck@pPmeIpCS?=FE7d+0CzPae8)}dS<;P<%-j_i)fP7@d
zF=Pg!EObFP($S4L#v_#RQ(XX#KyknH;5vYX@h6O{eMVUQh^#P;NEVLbsLB>w(R2Wx
zM|l@?Z1F^<E_wbq58V?rRUg+I-8$p3t+uSS=Ou1I;d#{(eRGON3ZNhgIVp^SUW*D9
zo=jlObAkI+OT_s>y=L#dZ^3@-9mi6{*~4GoJ#YW@9goPU$RH#`we^6pVnRqpYFNao
zFOR5uflqD^F%gRD%!HZ@Y9e2H)~VaKGQuinGP~M?Forgt7(npo$gQPYaQ<M7b@b#k
zX;1~kQ&d?8%7Qm9)594R=K^wyx@0^B0rX%N!8uUjtlJY+s-}avkhpSuKTt%}CC}%#
z#*~?n_lI-{2O;L&kddMXMpQ2l<@c4<$uKGvMk$;6JJ3&K#EGy#eVA;y^T)yTRU9T~
z#rdym)BhAgXA%zYjI>yhqmVvf*vbSr!iwl<%L0sHBFi!Z5s#C_5ke=<aS*6q&M$bm
zildIMep@xFiG1CpqXxy+Rd-$$r(gAdK?$TmMBtcslBlWkwl^Sc!}TfhPX<u73Sp(O
zC0ZVluRmgSoG~41Hg!oyo&#wN78;8S4&^)1-VQ9U?Z3h7n_e%+>+BoI3Kh;fhIBz6
zx!3H?uhw;>yO%vzo4xGkbv2$$4CflUT)ED5NAmQG$86_>?lD#vtuq4#rO|BLhaX+A
zg?S0z>~D{(2TWck9yNQ{Z_1W&=aqwsGr?yj%qL~RCk*Tt20I`=ET%^(jY$zUvWE!l
zcUN^ep$r5Q#-Jvd<ROS{EKZWK=M-5uN^SI31lfu6L?(wQ94MRxJA7w|nDhg#D{%yv
zpi(_@M3$%*=P_v$CflIMi>FQ=ks>+wb`yNQNpnq}2fzoF;{k0{I23}<Q6hM~JR#4w
zqHlpREHBy9ZkV!5wh!BTZ$E5vLp#iW7lzl&qaXb1!dwgCg!BUO(YA!6f&-$bSe5Gz
z5#y>~xdR}wveM^`MnkO9neh9nAbvp2_B0mk1vgCF_UQ?G-Rs_K&9UtrCLHg@llC?L
z<QBW`s_pi-_s-hPV#^xsrY#STtE5r+H;aCyj_XDTpU!3bb+JvfvQCAnPE!Zkp1T+<
z>DUWA+r9L2DhH*)lLtIIJ^Wd-Kl(Sip5>tIz0T|vzot3sL}EA}z%b~*UH@v=>zRT{
zo;$|#2^^H;51YN?7d7|GparOROi+c2S!3XcFd4@j>`6?782XeUj3cKp5tZS$fbhk{
zBXEir=SLB?(?#+}Jn4?o<&UVmSlxi1J5mQ7$Z|bMX~-cOpiju>2nY`fcfO?au*xs$
zNgYC1KPVmj1JN$DGvW2<ki&IQ`9spjHxHLkv~dY*shhXYit&&TqM;S~FI#Q-gnjM}
z2W<EDrv2mXN9=fW${Hi|qlo@u-iz19y*+TIdKI!lxX>@Y1ZPv{y8|SC@4q5}Kp&tG
z1YaQdQ=E^-6t|YR9KNk%NcSf-+qHbkzDQ2o<it*U-5cIz&Cw~jcEeU{w5;AbX5aXt
zXV|q@PupMIHEX97w=4&5dAO~k3R9m9k4)GIkHr|^l+Rux?+_{EdtG&Oy*!bC4mEKg
zz>Scnb`E7Kpc6Lkbj4Mu@B{{99b*yC`gzg+ypMk=;7iTAz<WN^-y}NU&WXc2pksG@
z^J^kDN-n0O$I19D&xmFf=DE81iN0dr1;ic<KK|4`C2EM22OfVEBw`uLH=~xw-x`q)
z*i6bIpKsJun%|9z*b4$5Jf2RNbn@%m??MwldlqD|>u#Je*erP~jx>KeMR_4)pl`gn
z;@_o8<UH`wHf2ii2}ug+&e!+KxX$EH<pf1}g-q$=FGeWL?XJJF0d$P~xdXErROJHb
z<L#loK_Ayi#6B6HxFE`<yo@M6Ca)-#BhDO6=ng}IJ3*0`x`>ge$V+stlLH|mnn+U_
z8uJb6$BGG$?R;Di20FInoREf`LKcNkUP5t7fWGfhubw3S785s4C7uys9SO6_<j++A
zItR!{+cBPVqRePl=|Eo&Wjd|}>dd20R*=1}jN_VyBwu+QQuUP98uqPE{%bjimil}c
zc+s1zt#%wzmyi4B>zBpQkf3G7%O!N`R6~0Cz8>kxW@+CDox;mYVo8EKpd)&a53Vd+
zp~901Og0ToY)edl+*MT9z&Qnz;_PwJiEf%p#~F?%Wf?X3EvkPO<fP0W)$y3(6A_+Q
z{EYh0`9+Jw!6yp7f)qES<DBHpD$jywQTdVG;9TiTgq03?xx^DET^E&(!-P(AilZ#z
zm!#+XqP3UEr?e%;mC_1Qd|UBM<ZNKX+44`ri};=i<B#$<wk5xdB+DHS8T}wRV<YWl
z8*49Vx|`F;WfS6@&gX2jJu7P4s3zetR^wXIlL?K_OAJXqGm|?cF}V?jG@-CTlzjxg
zf29{ODKcMZ7IMnNC1UdBO%UX}Lz0nCw2~EsTzB}=kqIs0nA9lS^FU0hiu1gLsiXA3
z!EjQvJe`_aW{FiDRN$aFdC2eTMec;8Fkmu84o-1Ha(O-4zj`VsA~lf{`TU(*PD*v?
zMXsl0k%zsW?9Jg#7?($RatNShIW5cS=<<7kc-jt~(Op7(;+K4nFTw4b`klJCbAvuO
zHY!J=+LF;u^FKbOza++o6Iq>uMQutvTU#66W;!1ov!Nli?U=&#5p}a%joP?cVnW1m
z$d-qd#^Yo9nVYR}h*)J~Ps;GHB#vFwsU@A0>eCmz{&dkTX8-b!bkXTzs!-vH4!$q(
z*d1oC{f5pXh66X6ecS7+@qezsBeussYxaM>(`;f#iUcxd+=6ij-P2B&44I!|ZD9^W
zr*Qnbu-|DWc#@1Ht4N;ae@=rk3&1Sif`>fFRnYmc;EE$XY^(zw^iO+X27&Xdtb#q&
z!J)8!88@9eD3^9h2zHL%Zk)iAK>Uaj{2k8>lnWb^Wt2B8xy0uMa+--d4f3d-OkTb>
zNXW7kIwjEs;HP~Y<-`FH`jFLEL<A0y>#0BNGg&%r&wcupwrBgIz3qbsHRQJ2yzb(e
zm{03~5RsqL-vX<89#$L<fMY^p#TQMuZnaSkkdZKD>QHn^r0a-RFsOX;Q)e7BoY5S)
ze8vRz3i)y%Cgiy6)y>&+uis(YM)uij-~2A|PfMP7aBfZ<vv2vzXV_(zPT3!S_OP9t
zm%}kKZ3`-gEv@)x@=ttNO{x7l8*V%5@copcs>D#fy2SUYpn{FdL4lLO2a{h^eNZ_l
z6`pLsK{+S~<+r|3SJPC-LHX9oK{;oj{oO(NH>VwxFlZ$^+X0anw2~nsiiyL&?;x2S
z>(_}R3x*qboQS(qj4S7|!G81!8A^G=sFUWCw*vk)LW+YmluX$?fxATR!U_9ZEs19>
zATyj0f9$~I7=p3r$Ra*Rl1((MUao+SppFBjBk3NefIC!z*H4MO{>w4nJHp-|W*t5Z
zx0Zv2Y<PIpG&aNL)uuSgPQ{*v7?|OFb_?bnb>uV%8L&p*cs|PIwOxfhd&nY#7?+RR
z3!nE?+rP`~Q+FS+Me*aCE^18p+uN<W%`de~|E-}r{RWSHe7<a1(;t&jC}T<pJqr~{
z3#9@iMm~<w7{Q0~tYRqMS5^`{Nj&sDedM!v-jEp(mBaIfQpikU+JZ6bB9_&~ZCwgV
z^ZG5>sOq?FscF~m8nLHeK50u!llHrB{2Tf2JFU&DPyEpEi5dHruXwIqdgZkJ{ryMn
z<l?;4+vW~Ri*j_$!AcQrHE6RvBK6v~q<YkJEi8+#?e${Cq@$UC*+9+QaZqRv6yiui
zKU5A%g(n+g1?6|-pp42vxmXTLwMqQkf%ZQn2j%rRC_6j$DYsWWQ8L(ZN?xDXOX;g2
z*fHe(HWQR4*%e|^M7fCaoLa0<5Q&rFp26CHJ#4h=L_p->)F3N#5`v#}COr^*K3S&|
z4>GfnAqNS{$JbVa-`{dkFj$EuYdCzUQ-&|&Cuawq05WI-=J>p5m%|^Ce-58;u3r)o
zr>Sa=T#kc$;-`K%WjK2J&z#+C&D)iiPTTdD?6>Lt`^2K_ys@n0rp+xa*rMt(yV$l9
zn*L5TTXw3kXl<SI5xkc4Ta=$LCV5F4mrL<HVQYA$pbRAP0X-j!E%i#>Ri_Eqrvby5
zj-AIUh13pG9Z6aA{GECcVy&#htur2%fV@pWe9SMP^dXhcE7q;yrcIBG+vIrLeZq;c
zA)6j*`TJ(K9jMuUF@5T;1$*6F-lhugRv8QOb!Ke5K5k$0WnXB|c*=G=#n)x!a4gE1
zZ>Ybx9ccS^dgP4gUu$_;j*GI1ZE2|{R|!`|@bMz2g};ixF(je;5f61;4V8mZ;mL+r
zLHXU}ps<2cIVk52`3lO2929`j<>nC#V**z(URXD*_j=(g6<BQ@SzTeWU}DRG?9ioL
zMqX~$Btb$B&T&%8Gf4^MY*g7Tc?z>{fs@i)=!hF_6bd;k-vd4d7K)}N{fsFc6DV&)
z{3PS3(DZ>q{ZgL%)WyOma)*y|!R3k3(+362I6J8T+JLZcfL6ajg-#{-#13@S<mz9H
zJ^qNU?`0bv*>B4Wu~$R$9jvSp*)|O^9o?f*8pU(YO44S5veqpwYX|bKHHVi$TZ~Eu
zVv@tufx_(>bxYgEhR5y7i?6ipBQ1OQ(Zlx0<8vxU1+gcJ@v_*kF*!98W8!Vkd&{+I
zlNyq>&bI+Iu4+q*?&z_i;@gXqjSaKIy3Q!I!B`?tLT3d9<pBK<`cY9=I)y>ypj3FW
zAsm$7&K#8L5zo0pI4FPcU1pQ{9+UwQ_N#~S>xsg^E2F<XA%j><LOo^=<cI8XILeK9
ze?&rnnUgTUoWqz_WmZFE>4zvU>Ht6F<;Lt4O!<sJJ#}D%ssE0G-_8o;i8`mk)1ebk
zzF08{Q9Qn)45~#i;+;o-5KkDyx&K+K{*kE!mz!u!z)V@Z-pxd(Fe?o;HV!YzA6>Q<
z9|+?^er&jHvuPL|sfe6NoEhFQDJDte<(2G(K6>{;-ZnIQQqkiG_ZWViNgEv!Jb%A3
zrDvfkeXJA4H*$IX#vK&aFm&`Wqqbq}FS*O1VidQav~jfqD|T!Wmrbm<TJqV*H>YgP
zw8aJ4=%y3YLv{=+K)p!w&D^AE>_uH6MFD3kltvGPK!oEw!d`HN3QsaH?iv4pYo)pl
z&M|0kCWd&+AgIr6R}PXf?qS!~q5@=;eBWb$@nrz?C@Z2+(G9Vmod)Sx*&-_eR!o?X
zQH%_n_mEu%EI~Oqr|hnB5{h%miaNkZnXCxqt3nF<tE>^9&xqs`aqH_uoMia-EJVE8
z!G=**ok;6BZ$~}>M+irt&|@u-u|!OItZ1-V6IFAfiV*N>WF5mQ3lp&C)w!IJw$5Ah
ziSO!^KKz!EPyQmYd7a}GcYkw8M;t6qOzF`sT}0df1T#lgBp|}*$I<JT!d*mLtD*Ba
zcv;=(Md%y)J2AdRJc2<E&WNuXN=A#L_~p2as9*iJibm8v!*byG<O1~{RU1i86DNa<
zXJ}Gws5pNcNBlG)dLxVa`CDCye1k3V=&y1(r!z>S9OvuxYsNWJ|M+0*Ip8W(coKkd
z&&8ImvkK=LOa#3M=YiK@!+Y!l`fN4IfzJaW5{jaHf~Tx-lzJf4aDE|t0`5-POW|Q6
zxie39=dJ)Uk)2-cEd#bPfzX{tFO*S~lZXi>CQ*MJ1gR`Oz|}?b;z>uEG}<7DI0v$V
zxENH2kiqZ&EU8_h-9k<PU0qKFm;l*?;J*{3Ns-@~DVLd3$m=RU5p|@_{=0F=;V4>`
zTwcdzMZ|x{W}9eAS#XM!=C2u(SAy9<%f?q$O<X3gY^z|&9+%_7(>@2U{njO~&VCqV
zF&QhK$+T!+@!&YEmk>m|&_2BgeOJU&FCBBBYoSYtD8nCV$tk1`9_ENcp}q@8XjBxx
zzs06t<!#{5@U0S_&rB&_66gKr?;Wch>qGiKVPk5e5gj|f8zdb8{D3?V!`vS;G9Kvz
zMHXo|fSqv4ouIOO>4uLNb*EIQP@%$k0>(%N&sQCCB91$7pS=bER<cAGZoh-eh^1_P
zf5^Yd5O-$~Wnp-A%nd(;tg;*@$>A{-8%&+J<HK-AeK5MIF2#=(D&K1QLCl)y$<gnc
zB^xTr5%EC}pD@LP!AG=H#$S;1;^+<y{K!q@Gc=P4x{8OR|FEBqUHM58pSPcg9|+9r
zf)4KK=XEdf^didl&7BmWvUu~!-+qc?v|(yTC;EzbfsMI7rzwBlKK|&AGL~#u^WMnl
zkWEZTNt_c_7uqdbSX}BnzToXI|1L|);zWfY)x8K)zx5D$LJG5Lvo50U8vFk3n?#(`
zcl3>~umr_9>4`50wc`uF{zi|8-^D==Z|N)@Roc7_*X6+S9Us2UL;YK0@+(@(mfGv&
zBT71Iiwh^LvB<Z8j)_N(55L!g)8XwXa_0|9?HOatDV=+BvOk4AD1g7x$)8E#%{WI1
z)gF`zPd3CJl;8P!*%94^?Z46No8M4vl08?T{dtRL#dlBwVW&D~Y<0jZ!`_S6ZC@vN
z8fk(n5DYq^7atcZv#c<i<k3XZC7Tndq`T&iP7;BnCvy<!VUD{*cxEAqD&P}yitLin
zt8S9v`))ch9sXP(Wh5a!i6|U87vKaQ^bh0$BZI;?dZ>{^u0+aLq@$lsqD>qm_UY3c
zu<<Hu7iv}?9n~Cq#Gd)gn{D5LNgI<&i<&zZms>uM&o3|AoTj~ng}N;?*z`H1xwd9=
zjRk8YhoIeR*-~SvGw(<B0lE@b0<Kn?n#IcmP9vaOS-%ay%ccacFee#MPH7y9HiU1%
zM(g7mb}bu|GdCn>u+FMTea?neuj#3AyZVxCHrj65?VotW?mr|a#eZ2*j^EsZL@wG@
zmru*TSduSX_tF<sL4KsWsr>v>G%r0d6c;I6d<-8Jx}4cpf#meCDilCR;q+TP0Hw)L
zu2*mu4$2=_4oZb52i!rq%k1~RRo5dQYP;U-8(ypHNp}bp&OW$HJbaJYAHQ1d-@`%4
zY+7&R3<~>)*-o20ha2lP1$E{R^7=%_U2g(eOCr0#YQhR|w=a9@$5k>To8rPQ`%#fy
zSztn+9&(Cmx$>uNJ2PaFCJ>*W17;E5CsIzxu}YfDB)yMrD^QZ<dna;7C!z31l1wjS
z4f&odJy=DczYBKdT|8|6?2DdZlRIj5>{!#^Jeg_MoNYnQ%KY+>%`Pt4?2^BO(s5i`
zy1QpThpSB6=6WhqQ@Q!s1IqC|C7qNmJtc?Xw506J_r7@5!=WLXkwOVxRnV)yKp~z0
z?M@pijEcY?<D_r~M6p$5LTx@gHfmGKIwHQEqb=L6syt<H-42Y^?L8klYJdHnk0?=*
zY143BmH4)=d6r$jf65LmH8n)}9Db)Na@$<z_|=IyjXR#~@Hu=IrIw@*3sdvr_XR2x
zDeA!KMCPFQQeF>uG<OVY@QZGigYt)!gHqwi0UVUa?>74bUUQX$a*-UAulZ$Jt`mu&
z!dV3l%F+AH-uh#j%coOh0(J?*n;Ysd#6U*SjkK>I$lAi^;Sw}y4a;%y8`+T6i%o<L
z?Ic1n&`fxl4oqsG!w2BgWH&sl8|n~BL1~siAJ=mwygbQ9rswn}ee&g%420|wQZe2R
zJPwKaM?INE6h<{}VDSf5s?$R@a;SUHr6&n0zV!m&)q$C+PJxs_L{YN@WJ#twknqAM
zD!<B`XF-fNM??~lGvrWt{wM~(!!PYN<Y*kX=RE5wo1Z^qpZ@G&O`3eBJsP5IO@D+n
zA<@!<M_J@8JcWdMNk@lxn3dU|5l)mpl1h0)L@p{1mx0RVCR-If81W8#?*|1zob#i6
z3ORdc&kbErQ($zFpGR1>o3_>LMc41QJ0DoEx4iGu>MFGlds!A|ZD@YR{_WR(j!kYG
zw|C$1xV4(gHZRdb8dMEkR}FbSeE1GfqK^OuTvP2Y`^pAoSBdhYevnYJZ8#{M|DEi3
zT`4tC?8KGJv*$*$Z+l(kpj3Er0ONE-ckpl09sH<_)She1Uj7SmP);U>3TG8ePW+nj
z+tucL$#*Sa!Z3c!7Z^Q2od03(M{e7a-P7%By)6eN^5I=zC`&*B#<c@7vbw;8sssBi
z#1PZeX}%8Xn#^VH6%rGsl(G;AksrznkRZ3=O7H~}=R-P-*k~evj(jkSyIG&uR{{Cc
zL{T7RsVTrdOkU>bFNGB999X41CT!{w4HD{lr$oL;45WB(pHA>}zCe#M;VD*HbQ9fF
z`_O1BP|Az5(Bwnv$Lw>Sez`3+j@ccbeN5wFuVy;-KhP@bH=Gg|hm*ou26{6{P&B7r
zpv*K7UC(lz6MCt8HsE6feN-T;DV(!$+QX!0if90GRv%ij%NAzr#ZNt8cOPuqU%l@$
z;@8a@D?`nO9F(K>9WQ^XO-)VM+wOea<|VVCu~r|htCdFF@j2Zc6cQL#OSWB1Ct81M
zqv{q#_?tw0#?4c7Lga`pVE-jkHDXS_xhM%>xzdGIsPH5KcZ#FBHikqzBB(Baa}U1*
zWfI7Ue(}wJ8S(gq-wE*#YbB~dI5(0Ja&SCZ5gQ?X!kQyBYYk7xE>2oYcF>O{YKr`g
z56F}cTgloy{(`^8IV_&35}!!pra3$=`IIrFdp(hK<r|_c8FD|yxh8fe>F9D)k7j$D
zwOS(S*^)d@M~;(Z)`?FtyNI|%lsU?)v?ARZ`w`NuD|fR^_8hQ^<PJzbV)H5O7o<A-
zewjo*Pb9*-Vy<vUjO!&R<#W=xPmm&C*$EPGZeaBZH9(lgMvp{%Xs#w=KalF|ZH{x~
zW1~#L6NEfDA!*aIf0o^ySf<S>olh!S_2%sz>d)Bm*Q%KeX%Czt!ld^A;+gm*uj5=&
zrVhR6Tp;w}hyED5cn$Ow^FD7UdAyi{blx78gE2I2OXEt@wbiB_SxurkY%*D1^k(rE
zpdPHM3{R`c>edin+x-WPMJJ72U5}?}R6N5rul}1C@4V9IXixfv>saG)sI#M)!AZwZ
zg9;TYbb-qPgUJzlRN>qL!-oZ2LFy1DMgJNq23FM1j`<`=Kpn^%3;r84#OZDlXQh~Y
z*FcE&2^A~Nghf7%OjwD51LQ_KBBGp_>^YK;aGVF}oV!`_=4v6LOU)>RgpAniijEQG
zItYYUu&ZH)HNb;sy&xZQynQzS^l@iFLRhV6Qg=~9ZNowZ*B&?hPGU|A5)Sglwb>An
z#(6)$2ZcPqkK--ZI*%EY*z^kVC`bL^Hzev;%8h)3BG-*Dc?q8{gbuVR#}%aZ<~uko
z^@AUEE`3|A<&IyY{vD%P*ev23Th(sDm=Y$%z~$s$wO63#ZP>P<<sqAs<G$qMn>DG9
z8bLm2Xp=<vKWwmN@6UqHb;?D>$bw@NfR_G#c_Plw1)|(?dBk-duB{FD;IB|22Uil8
zNavdCk6z=a-?;3D_44N+Ur;ZEer3wbf@jd{<y--Eda1+&?yo8?bg0GmJg~H@fJvKv
zbSUhvS2DY<v(9d)^E@p5cTBE}BIuJp5rJGcn4qM)8~c<$$C_%92f37=Q%N3jVzP$_
zyKH!f=u>_#gz6C2#hHL2Ll*6cDg~&AK=lfpiNh1=19*|O7U1*lKyc?#2I#Z~PGel`
zB6h{{nk=u<t``W*o0a0a>UfS3`h*@`MElDhXyPQ|lqr(yYpBs#)KLGl{H8zxun{zm
zg7rEpPMu2P=hkFT+OaoD&I#L%`DG*6yHOXf(k0tTF$@77GkREm&UAQng9@rXH(xYn
z*X<v*Yxm*&sFaNu+w}nXs?DXlMs!1!mDgz5-tEJ-eL}Tg%jhb7=j5<myI+HodQ_;8
z!>^c5uqQNrrpD`bV27?Q{}`8$#^EJ9N4v*mKPY{;UbE{p21mGES&Ki1%G|$w#BMw=
z=EoIdSo&SOW5lmZu9ItYZC<^1RQh5_1j-W6_~?*bME<p|mvfDnP|Adp!UV#{p4gDs
zz)68hz}itKKFq}jr+6dLJG65b*o}xsPMRch&@}$@{U`tr5rlCx2#X@BK$#!Ri3m$4
zpMCl88FfkN+|u&_F;2<e<?Q4ju?JBc#Jm~~NyHH*jx?u9#Sszh*N51zz})S7ZbXDB
z?o2^@Quh%lGop5Z_!bSq<C`jcK#U!nta?Qoa-jTh1_`Gj-4mqe{K(QYHK)GoG!cmi
zP4d05NJ+;!;nhH&(pHRxXtylP#$Vd3FBoqjqZjoWuj@p#SrF~ji?BiLnW>N4cx_V6
zKWvl!{TszQ4=XG+TN)bi%L{O<DV=pE3SuaC)=tWx9@JA~p6iz8WgzmI6UL*rLvs@y
z6dA-_+lK8IUVgd#?2Gr?fBBOA_Sx^d)}D9GZuM()_F00;zHIk4d*}zRx37EZ4%J<i
zRNS~6lgD3kgZ<){U#d8az$y^`7hbi^e*BB~tAV_=DpVL8OD%iN3-{S$KYWA6k}fMI
z!$#X)blnbn_=m2u+YacGEjtZmDEWY{p`ZMx2kg>mS<gX-A!Q8@+nukz-u}}U?X?H~
z!}Vq}GNg?8C{ttlo1VVge(S3)_Uq*LUU7;2zzg=+o4@gL`_^agb^UF=X}|u@FSTF!
z$}85sUd}cA)(RqAq6l!{IeNdDJgg|sw|T5xJf_LP1O$<m_{$wZv|G+dk0W_xUC|Se
zjb`NN1Rnt=8jLgNK?2$M34PtM`YWm!>G(Jp<&iasUK5CfH}A$Mo+I+QNQ`_`%QHor
zkPz)z%;;hf?{aFVqHdy%B2~Y0XRc!q&Zj#<p#wL(Om`f!ijg0+bJYih@{)~58q2y?
zmf4HbiOCRxH7oP@qnz9YW^VLDP8Q~oTl~UsUqmC4FK_dl)?2|<K=&fD7pNocsvD-7
zocal=gn#H;X?%P`$}9(_UK>fSgyM#4x&()PQBt>A;;s2*#)DTlI&i@vF|l02xhKL;
zK<(h;elr~uIR&r!yj|96F4>p=!aerYzkZ+X|Eas|p2IU5$0~3}7ac~E$)DpXNO7Fw
zX304EIkccKPR6Ww(w&{>!P6p+yd1N;yhbv_|LnS5HZ-nE%fNp9Q+L_%g_fN_9tN0~
zumQ3OlP7eM6ZNMbI%41W>-VT-)hy&em(aOFg*7n47!$tp3+3bzUTWI+Ja>=ZwEOtP
zQTK5#@^PgEj*R1U4Ltnlf_?3;e%9`LT$2UyeocsHKJmqPWqih+w&HI%u+8pxykTGe
zL$@o7${w%VkI6B=a<49W${wrRfBEZ2?VtVjgZB3iE!fxm!9(_)zx9Cq&WBFecRYJf
zN8iaYd&O<j_KH8a*ZH>&u#9r>n6UEMfnav(*32gX415pJUfdD-<e{(|+ng8q+_^yr
z<{aMD%p^R4j6b3o66&ggJRzq*3RA5AYO?y>WhqQj<nIiz!H^e|#251$$AXl|FZ!~%
zG|DWFv`<E~FZ&bxgKnaY=+z78=du*=eh!5JlNjaG5795grC_x2dUYUg>e}}5h%KoJ
zhTUn+K|hF*iPYcv>BRO2deV-eV>!IqSR$=Qn|D#F_eMa~qIw*uOS!t<h_Wvk>YCGc
zp}L6ApRg~y(@fH*IqZ*qc%|57$$?w)Uwf|UK48>pa!^heL0jSkv!aAR>cjX}`=ATW
z<ZaFM2ju9aPzPMVEU~Ph(?#@z4B*8FM(t&{Znt0g`(tK1N9^jWCT&C>@uSBU?A2d%
zvEBZ|x7vL_aie|i)!Xd--+!Z>_}N=*`4^sQUwFedH_ZS2WtUmwmu|E9pTEt%|BElS
zZ+`A>`@p}yS&oD>m%*J=e0_Ax{`PyXwL?F1v;F0(ZtzDk;iRw{b!@(E`=(oV^`2oH
zn;x~Vx^=gG`mv@hXkz%f7wofle9yIJ$CosL?6tpo)wMP`F=QXp9q-)FKgE9IYp=4e
zf8HK@`}gbaQxm|CzxXm+lzxYP`WAbs9G%KZsh|r%)LFdjg~^ec{pY_uW#9ez+x?p0
zPW{C<jN6-UUsBGt-F(HQJ^Is6@v(pJkKbZfU$WCq{p_usv88eTcmM7t``K4qW*`2K
zx7sCpMs=-B+2NnL%?|#|P4+9VxXO7x^n=&y8o9-O?Uh&RW<!JCC*7LedG|59^^#$0
z|HbFq*S+CEUH5hS!fUqKcAV|Fd}Ud7jt?oRX4~17zpZX>yL;ZAajC+Mw!QeKNjr$+
zeo_X4yV<P*44A(Sz~)KXUlpQGs0c;<99<`;5jKoFv{kDXLIZu|^+n?65TXX1Q>Z7a
z6Ae~ZFwG@dXD~MvShG4&2<1lwN{Hw_$s0y4D~cZko1sI`wncE}k(^06<XyAv*9+#P
zc=QvKdIrkN382Sn^}spwWfH>4jo_Nme>XKc_kGIvQ9wQh?C^DpIK7`|<*pO-h2SnJ
zQJl(wAzS*{2g=K!l=y|iE>h)vgHXA^)8HAq|0=Usa2#0fe)xy3x9@quUca-Pl5xE1
zyFP9&y?MKR_VFd#@vlE-&-tJC+h2U^m3H-|6ZYjdOxws0+-{RU_8I%m=k1hHKVetx
z9=3}wp0fY>wU^s}d(UzEZ(q7cH;#4tjz4|WE}b^}vYRv!q{m0Y80jNR_SV}^*~?VM
zQ!kmYdr!>S#}6*}if++ZY9B&PIW||xk*cc+CcpQS_8tH8PB+?1npkeQX3D-scameT
zx!v~v;HT`(AD7b=Uz(}#Bn6`;jiElkA;10cMLRxQx6iw2m%a8IFSFOY?S#gD%}y?~
z>`mWrx&6>z9rCgN%kMj3Kl%kY^e62%zUFct=Qkf1vG4nfN9E`Y*%3J-fB$c;vOoC5
zG5d};KW5+Z%xU}OZ@AJfnI5)@@4v(T&1>)0T&BUyq&B~7|3hj2^_@rTOMdrZ`@^rj
zQqIPd9XYjRcOBMs+i&RV!no(YllH*}7wm<fyWeixKW@MBcc*moyhX=4b`8~{8!&3?
zQPmAC7B!upZJ=L1-w&cI{prWfp#XJ1CpcG)(+AX>IgIHh^9{}kdRD#M5nBx?&A?*C
zD?>!*#28}Hq8~hu>KkKF=j@Z6s*iP6NjkCVX{-LkY7+^bhmKoTF|3-%QSrqM7y{_X
zBf3>QZC0rem3){evjZ+*p3VBN9p;plVfsNyhi9dX?&!GDIeu)(zU?>fwcr2PNnhX?
z(H+}c@06D(<9cAaW<T}r$INz(*oPiovd50=&Qs$5{4ND%m#w|nw)fn-Y!^+9*zbLG
z#=iMkJMGz*OxsVs<8ixs&!oNmE<O-fv!BrU`|j7B2FsHP+cXip{^PUu-Ot-+|Mv6t
z**`uoZzmU<YV(?tFSCo5<kZx4e!J5D``?|g_y6Dx_PsB=!XE{}GOkX1>z&evrSvH^
z7~hDg@FWIT8COiYdtU`R<mCRxcRXyb`6s*VE3V&Z|NY$u-8m=MsK(WuhjoXrW5oXS
z_M^6M+ob*Hw?A$#yk?ty+p~Au_y5IXwol_NZua?A^Y`4p<k!zjUw6O#(t8fs%U<`O
zJ^JIf*!RBVvd%TR+_KB%t$*t?rtK$w?|%F1e>`H>{oI}Q=ihX>z422gZQ%qC$|~b`
zd`S8px1asuz4naDM(uCzKH7CnZ8_u?i*~{$t_!R8-=>11Aexim1Lf#90r#@CXF6Gj
zE?XVwNFOtYmD}qqflsx2(_AQRRDf}!`PnH`Jc6`ij5~;P(&D@qa(=!fTU)ka9jD|2
z@EFH!ljoH&ODnjXdXfCm_2@p3c$ekfIR8NAgbSHfARYlJgFoi$zTEo*W`0|sUrCBy
zlymWOGN5<9`Z}B5Ic&SHoUki*j@Z%prj2WY-_A2_8NLrZuw-xlmg{Ux&dQIzXqP=Y
zvt$QPwe0_U+8+CYXY8~ux@F3qb7|f4{l?!Pw4eUs-FDCMIa@w7Yah7pl)d7%UH0d9
z%-DPGo45OqEfh7t0bz1DsXM}t%kg>s)ph%wzk1XSK1=Tp9c$XNE}O8S{bTmLE5;Qs
zedIm;jU1kr{{92@-Ou0QTU@5Z`^br=>+_;#?zGEykH~=%Z_FAMo`hhKVFdij?2A#2
zbDWXCyMNaH>9te#e?B>*>t@+kM8=f%$wwFM>z}^UCU*_ne|z!e_O5%6+597?<S^Il
z`=7tl{^G8aHX+^#jlnTpD|a1T(lu1Kzr1tS{_)`jyZ2Z_4$hK&=bt@j|KjP>wtrgs
zXxu;e@Qgiha>>5y6<6E#y`%OsUwV=2^OXJLwtKJi#_LYtI+>6zg%6_g-u}UZ_RK3r
zZ1?22-F;Y2`DzZ$`2gyKadi+7r9;Oo6^Y#lo`JD0=H3XMRxz2yKHNco40y@29*`#p
zFnpOk&}*xs=+jXCECKPuYu|WmP0&asn?yB;rl0$bJ>ns*so=@0&k~8xt1TN>cuL`#
ze>g3%OLiOQB*}5sgwxYxt@G)a$TJY+g~QCs3r}s_`5E8!W1YlRKqlIO^`32e&7S^M
zx>(rgl7Ppr^xN;5vkx6wwqO3r1NM@er|r~2+kWH^9<-giNA0nhW&7AcrQdbRh9-yX
z$G&K<KMVirH#}gcWO)Da(4y`-_uA)NGH$PW>tlBJBMY`Du~RajKls-Nc^S$6?tw+S
zao>pjyXWt+ue@=GoRm2`!5$SE)Vhehv44B-tbOFjvJCd3edwVDo1PxA2Xz<u*7qOo
zI7KSsapigQ?WgR~g{J-AS6*f>yJgzG?M;u`sl}G>S9$wKj@v)#PWK1DaF2b-_1o;8
zqmp+-p50b6+!f9~SXG=qVRq*`HO4i-CU%<L_(F~U(lcLOnA_waKcKO8=e?)wqemO|
zN1r(Ads}gwKk~?&{jYyGZvR}@#j8Glm(FMGr{4Uina1bG4ma$PQw{rnpPBW?krTs1
z_V*9Y*>8N{n0?<D?6Gfn`gXfsj>fV1maeUf>=_qN*lYg!h<)avId?Fy5O29-$^OF&
zrtPb5+ir*FmhCw|f4BY1&);b;ylUG1?BmB}gga)0N3oM~qF8<OO}&h1{U0A2u{V6|
znBDPklDSnt`!CATd*C0{{_)^jz=&cE^VJ6bfPxHB#9=H6vJ_1`8)T6Oh<7S`5!}g<
z5fI;FHYZx5RwD6pKm?)!c@dz{&CmKE(=GDDUzXJiAwTpa3=tn`D?ntA`VNAS-&5{7
zKz?sK{b6?VZ`4qU@aSk%s7J$*ch&ang}R2(qV3<a&6XMqHgjs(n*3~lmx(~0H38`n
zv+baL&<kghcP-F7x%@uO)P-CZni?5=YevVB=8{dyAn{{?7f;mu@$#|eklk_r;}Sh$
zZNA>yT(pU?QG3?4JH5F3k2h?YFCFW;>hu;5d<KOVE}fLaiEsPvyqeg-fKfhhquDpT
zUPimmZ}DLC;yVz4jjU_}#F(%W0pj&Xl;C+cMiL(1h^jE}Ght8}q{zcya?2Oz96?%@
zaS%s-;wT?cGQ`dg2=nFxe3VO>Ji3Y3DJcU{oT5`NeJVWpfPv)4>i+D<HAW`Pc3)}s
zlK-T!bSg1q@bMxrmI$ZG-@}X_!n{GowLqF27YFHF4~)?`M+U<@#%GMzB_c(nLjlHo
zjP<y#D2p<q91zzDd6605+TdEsWo`xFRGgF}_jkXc@KmQws2>{x`9_HUfDDXE;LdA!
zQs=1-&Z|HEYr;%AS>1@jals?(dUQt{vdj!fW92LZY?SBg*g42oDgy*R#(!NPV-KB?
zMR$6gR{^|ag&0Dd2YTug8A|mX6p=j}YG(v@J|(bN-M~S~D_trGmJPMDGBu9cEjL|m
zGn&&LJG@{^L;Pws&M*Smung2LeAb_0spm$3j_8+HW3zy45cS8eLf1k1qsS}8eBnW3
zS#_Myb+%9PcIi5~ZTFDfvVY9(n;W*@f5+`IOOw`W=ptyGuw7H*_MQLqa>cdm-S^Mh
zjNeGK)ng-4gAcV00<Is*hMNZN^!rAex<4?oI3+;<qZiHzz=<G@52%HagvawJE}Vfd
z;^BnEdB~1<Kw7*SN&YbQ93vcgDHj7y{*Xoa<Rc#R(x*a&)xem6BFy-TaT#I89^)!^
z8sO!e^x)^1k5AGWhm6M<uQ@y|@y2z<F)s(?@^ipfmbsM>#@&%-qoN8rXY%mh-O1|!
zALrd)VK@y0<c4vhpqw7gNg1#OZ3L*ep1f2o79PlZCRH2+XGMNA7~`1s4cbJw!<(?t
zzB!*jXB_7Iu@22uy7X5dnwIADydCF+%WO>cVN%Zhn9?yrY{kUwfUP4|2{3wjX>Up=
zxK5BEC?7zbxJ~Zq3Kc3;*koX<xFcl3Er3ISsZ?Uvw%oq01$dE1UjM^PUcO6T1)gsm
zfS;9&C?+k8ty|8Z$g8oQcG)sW9n|I(S|-kTofe7}t_nRt(+%RBz=sFmyy;@l`AA)k
z$<UanZX<G1Cd7vihZDjp#k^?aH$>!Tg+y_=kJmwVZT1C;T-Xp7MUKw0U*(`ws8C_+
z0|SW7DhwgUE%u}k7H!0u@rcMb5woW#jO8kzeAuz490x@_W+6Wms~cTT*Cr#%x?qu4
zfX>A!<q=f27wK$)z6#2*o<85Ih;fJy;m!%@3{VzVN9x1==HO_3#Gm@GusS?6;@L+1
zv8eiiN3Z@EZq&xagSgX8qflFY)ct{!KET_7mq%zEM<rHeDKGBH`uCt*bhFvF{ju3x
zpFJq&9HD*;<iOz7x}cC(YfDu53EIv9_MjZO&+N@VqAPX6Y|m9@FZ;>fdr&rvGibvn
zMDtULd@yH~qWzCQZ1%VRLvzzqicDb7$ufHcCOcNN3=F8pud=TqipEYlB7);8c}Xso
z)Hw-0?)FQMdq@Vou2&3r57j$~Jsukojjm-`gMhp%>Y8JXwptCV)@1|e(v=gwpRo#Z
z{s_l$Rfu8vsNHg7+Jo|V+JnLubA3~+#uswDT~xV^*3o4M8|}L?LSBHexEAs})PcGb
zkYnCnw#nL%O%9KF(so^6JBJo+hlb%TdnfIxiMBn|s@reA^8uT03|Wh}SQZ<0>Gqa=
z^9!%A`DV-Bb02$9q)ctnmUaEHO{Ip<&t9;86^|sfjsF}Jr|2i2X?+d~zihbuVzcM|
zE7d1951mI~fM^WfF2Y#FIur4}`}+w9zc~1#x|Z+0Hge&t2aJ@iGKg5Eor4!PXf+h|
z67g|B>PL5`E?rZGe>7;FeIBw`19u8DN6bF<md;q4+GF<gmuURQz6CDj9*T9f(^^<X
z&RU?H4P<k0z4-5(3@89L2z3W(yR{H9e9btwOj+Y`zIfd1)9;iKE>E5)!^#JD)IAi!
z4sZ+TpTF<ZAyJ<d$x7f=%AON8nNoU@m$(4+Au^8(Fq5Qs4zNKh)F%;MC`07wsq-2j
zFWv3XN!QvuiG)k#4T@Z^0O9<6JqUHYjymx@Q_*&Wi;A2^=nyO%gN<+w(jopVpR`+V
zy2y^7I&O!KCI^M@e=$R9g7%^5ztJP%k<arEh|r5XUY|2W$ji~AIl2&S5_)&>Gm*%i
z$sxl*nHnCq30*teYc1PRTeLlLP;TBcX%|hl?Ez){{lC56jx3E>dr?9b=k1amE&G-)
zl!LO|vUfc&YjfDip)p%-4p~Di{FdkG&)0|ID3Fv1-IT;M?xSAkKBceAK>;`^OIyG>
z0ccKR0KRk^jgMg(;cjbvRon8QI-~qiPd0VI_>YgJIugV#p6x1!58!I>r$;+;8u|dv
z{UZ0Xl_1@Jr4%Ee$)v&RgqR~g*H5X40!3K_xXa=K=*OG^7UcKSDF;r<2zRpr&agWt
zfU<}$l~=C2U!Z>0xh_|zhn!v$;Q&A$+1Cw}P{x|{r|ky;Z1m%x?Y0*DcW|VGJ1BIr
z><VLm*ST|**yPR<aA2*n^Su5R5Au_p0FfSYa{d4|#5dRX=okOxWDKs-`LJckp$M1N
zOJINw1Mny>hraDen`{%6<Z%i=`PPd<lmf0hb=)MB)ZDO+fn1(HT1a6Z@I9_OP>zc7
zlmF|0hraSQ=X##8r`&pp9X)*9j+~T(Qcn&_+BE9?I4Eqy=H98uJ0Qrv;p?;qkk@z2
z^g)q_hCq>A84?>Z15LiAYTM+{kL#KoQ~mdiv~0KP`_z4twri|ykIE_kpYMFoj?GP4
zdr6gAIBr+$YTGxx@CrNCY}w!5KWmMlQ8^bi|KY`kM0b4P+=z3eL9z;@Bo53daFe_N
z2Spvaywx@-QPI2_3ge()WS(dUJIgrZf^h??deQ`EVhjcW%^77dg4|$)4ke&Z7!>lY
z=AeL_KgYm%VZ=dMjj@E%HPROt@nP=51%I_QzZ>XN_h_fkA4EKH1vo)YAA`FV^0L+q
zmFp9~%8hY#&OlvxyM_utY<`q&k#Y0S(dXcHs-?K7=W62tvC$^}GZ^$;)<=;J@^FAS
zfWzyPcaQ#c9{s`b^lx?O2m!`ac^t=ZK__?W0msZn^=yCA5S*Oj0MSv$je>GF+d(M<
zJvU=qb=8*>Km_6FqdY!=sC>+T744>k<r8+(jaS-<6UXexiR7U8nCao5Acy=}F>Au}
zi_WCKazwq>tAqCigR#dTZFgP@o*tRdsBGAz9F*bOlI<U<+odB*cK!Y-+o7A|LmDr?
z^X`Z2kp*45^HN~`gk8D2?T>g)$TspFGIvmPUATiH(fQ8>o<?uw;fx*y>wLtcD{?}e
zcijurQCoZ`HSc2Q4hq5bbm&$Eb%4Uf^ih}U$>~|NH;#~xarQA@(jiCaLz3&e3i|23
zuDs~M$$%K7tuWwAd?@Tg;+Itz(;e*<pQG`g9z*rAI{oU>7k%Um3i_c(^RJCkx#fxV
ztOA8``l7#RPsOp~5i2Wz+pngamq$J$cDJydNg}e9f!L^4*+I$E0CFM@L>QuYe{K$Q
zDi;I~>5NOx-BA${AGSYa#>5EV3CmlYNDx7ai9B5(5rIX<?y`F382}fog93=i5$Dt;
zbLNPSb|oC+rjP>^iGy;39F&t~2Zb>yqJMpLSMrh3x3BtOh5l!Vyk3K%(1FSj$opN1
z?Ijx-s@rsZSq{pWO~}ER9-6o5;bFUMqG8wVp0b@Ia!`hc?6=?hkUcsl2W3uja8UNj
zLHPnXD6F91plI&xc2Kxb;*mH&8Tx7E*dvA5813udBzy5w%>LDzw$LWoei*!370v+O
z%unF9=5fQ}yUpJ8Y8l%Jv%S}vz5M5Oz3~`oGwXc@vM$)>&lS(DZ5HpFWFInn*DuRz
zvErb(nDp~30n&-bfaeZM#OISbap7D93d5iBmiM=W9FoY(1dRP%O{V~P!}1pLGu<e=
zCtwK0(@I`sCwe2e5F8Zp2fEs)oRAliH3)1)e+tn@UF|HU<>Pka&6nHBqjFH<5s$B!
zDr0-D)6c#qMQwE<J1BkgXaKht{LSI*^_m=%njDldn;vP}PPrHdWcGN(GgWWfBcnt1
z2k$><51tsYX4yeml7sS4=@E~lcN`QJG@@{ni3@?W(+$(MCAD%*shvJuzk{;Ymt-qc
zcp`xb^5}hLfA+&22W9tFW-s~a<e*eI>tO#6Uy^<AZ*&}#024(R{v2V=n5TH0!m_+C
z&+8ms->XzYOgd$GobzZ2Cp8e+;UmmEmWzyd&?{WX=LF{<=>}ZqPH-iHKdlgOx+;Gk
zcv<`r@s-xC>Y$J}+A6}{4S52Mzl#2_k|&n~iar1}8)_W2+itzw4zYp~Uy@}7o{hOU
zC_X-(01isOzG%;DD9JIAQ^ub1DLE6Ypllca{;{_0);N3m{z?B`o`*(;?2kWq*zP|%
zWQ};lv$vHTly=8Ksl^J)xEz$WB$roEKytJ_?X+U3IV5LkjJ<J${cnW|6)IdPh>4~j
z+zyI~?=bjVN&z>2BCI>{I?9k1vxomK5AkuXFrU#ZgDC7PtV~$kVF!T_3Ci)k5b<l(
z>rBzH{vs9VZ#ni;XbYjIibT=@tLRT%%gLOV<9Jm>PH;_=Z&y;eFPKMRIFlI@8A0a~
zz1pG--xNILS4OAm`l~#xmIk?;dVWR2S3?xtY-m77TX6KfkRIr~P%ECc7@MAh3xo>C
zwZ#$si0^hz*h*L*l5@g|a3;-Np+bcU=N=d@sGrd#4g2TD5Xym(WO7TyhuT~acgPq^
zh%}DG!QTUv5%xAGK-pftkjJlue)Z`>#)N$j=Vwr0@o~C*LK>*R^8-|)jaN+OBoN7_
zY8X~Q%$uu19fgA;-mY#c=c7o7K3{LMMP0&KT~ViVfIh?cbbEFNEL&*v>NQ(!e`yV$
z#QoY<&1M#7RSlg`C)&70%Vn-a2*COGE+QhXIe3YTYb}GKxu+P(bj_qzs8FH87DpKR
zUT|Y5gzXDM*#($_QAeMZFwnC)<w&M5i%fzW00y@2gs=)ityPiqM@@pK=azM1pu)~C
z^8PEr=uQ9dxNkG2uhWIB*&=7+SWrw}pUuFgbRj}`oYE22dE=%N*J`w_(P~*uP6@s&
z>mht#q@@ec7aoi9i-7ltS5pjQwP86m!^T%(PXpfG4M{%k7upn*P&p_SDpc6|z<OcV
z!WOy}%s@PGaT{Dt=Nzlb_ma8{B*s&jGoyGK8}Tv($|{$?7T`y%zIWKcz!cG$CW>;X
zJ5EZp%@YODr_53t?23UA&3hrVA-dAv{T%gPD8^K;N)9QeEq9!FHnVoTdv6k5GhN)2
znU%ZhCzNXK&L@pxj5_GdK0n?mzS?rrcdK~eLgk=Ts8Hd;0Jat5n2eVL!xzSncu&hC
zOTb#X#SF-T`p?6Il9$phEkU1cpcZv3CX+Ivf)Hjr%@myWsqO^}>O;M7OwP7*a-o5?
zSx>vrj>VY5vnda-T4%3`<ktK#4DZp@{3C08_GwYn5Fv)FeoSbt;UsatFxnBl2GB{u
zYRgvhZ{v4RIVcq>RJgE!wF|;X$0HrLW?_^{xc2}6a9Bx1K~xGmhPD9FSW8bXKe|bL
zx_c`C-#MB1b8|l^B2P)Vbv^3YNV(?$t|s*i8UU~j(su)iTSvL)64Y-)UDzX|x0Nmq
z-qLlax8wQn1`coP<D@|Fu}PMzXP}~KHjT-l;<Adiq#Oj65%H(fDhH)Pg$fr2u!>kL
zC@duQE^Jz1HSt#PMiSuhGzI*%+AJ+lyxEeiqIBJ%MnMUjo-q&-YxO0HIz^FL(We1#
zQlzN6u$pdO4gKLKOW6HbE_cfTh3SZ#2AH<;G13c&C0*2REl6r&jy$CMhdwnX7#EC>
zNZTk7x0YUK6NR^-aCtnrPHNkBrzIAoY>l_tc!r~hI(jSE<Ps^~jMI2gJWa#i5r$Pq
zE_slpgJ^+xrMLa@kw3sGfpG^@$UTh#db&b|3Kh;X!hQt>Fo@W<E`!_S(F}R8yu%9c
zU6dT`0OT=`Kk7+&;l+30=%4^aaE>mdoe@G1ca0hGqiX!5YxoOcyUP<wp&*GFdh#Za
zg_)!&CjYsHGNlT$PsjJ_Y!xso(l<dp`nL?)V9?o3Z8DOYk+)U6ouUo-p-CSbip<B|
zMuAS7AqPFz1L}ms)l6e+#TeneoR%#q%|EFo{)YJZ=^mVn(7D0bDXyP}w;Rq&1AfI&
zOb6;Co$xdjS>zzCtp;fOS>8G1Wc+moJO2WegHoYFg$oy_E#ewDZS=as03kh0VV7*u
zGv@^n*wixug36Qy)9DIz3k1VD;Bu4j<#Y@=l*2EHv$_IpDJNx<L6xa5B>yM28~KY|
zTNX*-&>eqrJz({))@Oq%&WRj^X1ifc_5HjGX*K1vXsj$S98$6FtoTw1sCB-1q7YIe
zwhZ18qQvp^kwLcI!h4#={n*m=H6}^p?!a`=OVbJ!Dpc4yz<RCsj<F{)Cu7~nCUOu#
zoD}o}n>M+H=@uxbb7Q%=2>nAYx4O%!K<<>_tZeNWdvy%bW~w%iDDtk|dY~e#Yq0wR
zBD~Q7(XXP4Pf0P{*Z|@{9lw@BNlgs_KEOsg;Tl7N9kl)kEP){Tdx&?ZCSg*}2kT)(
z@lj|0u(PL6D1Nw;-8Zs#;wuNGLWK%j9~i9l-ZA!sTf@yk7-RH;HpPiTC^}}7P?U2v
ze1({e*q^{1Ha{&8@Vy36_yvS$!qj}LVMtZxe%<F<{?z5bmVZtAyaVNuhu~9oblMrB
z$9P&&5slWe{EwDs)LQZ`c!LL`<W89VDKS1v<3mhcnsLG~N|79pGpYbTQa&PYWmHGb
zd3fi}3?j)Rg11723Kh0Kl94;V$nRujtudzP)x+5L2FyA2LI^FT4_wANkvmrDljogJ
zs}e?+3lsy)<1}f(LS0!w%AK?=0jBAAG_yv920;w3E)Y@k6_WX8+m<0Ys66VKXUnXT
z*=I7;<n`mWHDT;RM<9Hi2RQ;!D}3AquLY|p4yEy}6mN0(Nr1>BMtCb!s8Hd;04o(8
zTi5|%tXP*N%V*piFz1;C)~<d1x-6KuesZv$*(BCwfL8<ZVa5WJA1djy89*fS$65{z
zs=ym6aQn*M6C4x&alA7CGB<5@>DLddfZd%mK)*IXztnGV@=LzVt~H#KWt`8m1j=2j
zU-|+i88b113(?O|^y8p_-}BJE1mpxU21G3t<$I~y<7&zgn`<_`o#vLCHWYi9Jey*h
zVkQm|Dcau<gN-=IK}vSr0MZbgMEW^(QJnuwl7bZ~RH(4^5e5u{#*uS?6@xHrjvkvk
zd3(h(VI;#EDno0jLtUFm05W>Wagdh@yktJZxULHF#@i@NG-m-(%{6rqqAB>p4+$<W
zDE}ZC&lOOPesCoR1iXtns1ay~)u5{K*kWX)(`+L=;#pT&>i}X0?U$ZFw={ObAwXVE
z#0>&;DfD0*GZqz58<W3L_qUmNqi0@D+fr@BnvEqJ8mie`qtRJZ^Cr?C-a7NVk|BPg
zm;5g)Q92Ypc#6wGd|b<cR1dbHjObXp!YWj#P+<!LI~NqdsA2p18E1II82YW5?vR}{
ziMfwZ76^L9<tP=l8tV%5Q?w6){Ve%29jFi<>x}RlH|wfQZy;jB6LA^q)rSU~)Ikl_
zZ#xMhVH4qM#>a)*JfpZ!fX+E>SamXoD}YBaDyL+~7S$HZt)}mXU39NRoN=wKxZZRk
z7NRCP5vSpz$-sa}o?z$<;;4AvA1m?=wCcXfL8(w-5Nw*Ut+1)UxMA=BeH7uINX)EV
zvndpZg_V_l6F;)nlzBElf#@oV;JE<p;l-Y-0yi17Rnb?e{rVx=RWsmeu9}*FJw_KO
zsE9k^1H$?7IC5yf<G8n4x=hp_?PXg~9N%|it;FBp$(yysNjM*U;Gdx-H%OWBgW_oq
zUWlkI;+ravzgd-%DpaVj8Zc&D_=WMSu%&=8%Z;XEMMMXD`-59FCShn5yXx?7g`7*o
z%*lOyDjO?(F4QP(54fO^IUF92^IpiVV_sC^gQ<aY(adKZYmMnH$hlzOQ2`ooTyaCT
zB<FppIbw}g!x{?XH1IgA^SD&tz`38U(sJ&^@MtRA*A#wH>MK8}FNVbmXPvRAaOI#>
zs4xh)#^MgM!qx`M^o=<kGfPdsC1bdv56d@^1%vXBq+bp$5JF1m5w&qpzNn|nD1Va*
z%te*k<$T~ws+O9~!4b!!T&I$3w%rsw3g<n2K_PFqbyY%@=gp<uNhxHtY*}edR#VuU
zBu9hq&DMB4n%eAi^G4wvgoqA_3oo#}tS}$ZS5SZamlouW;F$2bH}5I=BP8kXk9riW
z9Fz(b1_4(J#8p#aYXWQOD<tY9x13n&%=;kD<4d4VVReTF{<K`?t1R4N>$Cv3c2Ez%
zw=RoX_KZ*j*_n_ybsb3OgqfFwv{9F6DD;G-$g>I}Pw<~_l=UG@oP$20y?RkX<d1wL
z<&$-!NAoG{Z_6rvT5&bJ760~255SkpIwPnqygBAGbW)&Pm-T?`(Pq(ZJ&~6KrH#aZ
zpFW7M2$QDxnmZG1e>k(Kc0tpc;+Of7Y}%{SbPuD`=<FMz2}v2&-?~!0snw+IA%1#L
zGL^4hYZZ@j;DvZKIqoMAH>A?)YA32wp+be#!1agS;%cj~wLxF`5;VlK@$Am97huCe
zdLH;O#}JXkmEYE3*JZz*mxBPgAj;#IgF%+bkNL8gH%Uh)2+OYnB1nhwFf<6(!#fDj
z3EJrF68ezen~O?CzvPtd7l8%d<XieV6JD?GCykjj)tTRup~X9=gnC@)$VwCF8KI^=
zXOBk{-Sc`tjE6HswA~6s1My>hQ6A7Z;`fI5eI0(M$N6*|TC}!2h=%l?kt5X{9`QZY
zZB|>@!<ANCTD3*R(_TY1rs!d{5vBM89h@+)XTwHo!!}YM6Ajy_^n+;k8148w{^7QI
z%|_HWBkd(muN;&L71jb*9JT{WHyjnVFv1oO3iuraf&yy@A{pv4ubl==;aC99b45c?
z3B{a68s?fp6fU!ql&gKd5IUhx&xvv!pgulBh0t=}5Y8Gsk|DB?H}myQgTy39JZ#SN
zC>#)988}nLSA+ER-^0ljWBq`4Ut(+k^a#S}@NE{Hi=gaVEmS2ODEx+k<Q(v5CiojT
z7rdoK`B5Hq75N4b>A`nkh7>;}o}rp84^P@ct!{IY&1%zlyVhx)Y$NruA{KNCA*R#3
zHER!#+VIe*YFf9t^cZd~SzXRdTWP2|G1Rhc?Rls1;dz@DZ5y7m$@+pEoVHEWs}+<A
z6)IHd82Q2(7!YoVMPWrx+w4`4GsQPILr@P7r<Y9FDKluGa?c^q$7it(g4v5Yc7X|<
zNfn~f+@mwmu3$XfoI#vNT+zh-P{AefxpkL9I_S|2n}?)SP4!up{yw7v#qn%|x;sgu
z_(qR^NRWI{5r};3k75O;^GL>t$3}cSt)2E@;c)SuFytR$Ll#6KCE%%1R!feJKkni2
z4Oz!@$^)9V)o@};pl4W+3aO_xZFU~#h**6Ym1D9^j?%XFf@oRsi?&@3(ezNmrsTZT
zL?bGDTo>XF37wWu`lmvL3Twgd7@!JINMKPnI;k?Dtr!{|6WvW^<Z%e#j<#fy%Q}$-
z7UFYS5BjOI6@Xryrw0k4EYo0w<IbOOLL}v&ort4pSF}@ynZNuF%&^jYD+SE)mP!s}
zZTf7ff}7MUL--GTowccYLO2TUkU@A;N^9dhke9}iL&0Ms$RFL{v;YQXo>!F|3ZC2>
z7e9^*k7JzVX7IR2;re3J#(0BA)Omc<X}7|^(JB5A(s5lT)pWGw@KDQ!+e;mi{PB9j
zM(PU7@tM&1#L$vWtF7yDpvKg<6SYy>F*;$}$G6*oZBw>?`>0*Mdvx=gyh4R19Jmu{
z%<3pwITKZQqM)ZWT%*5B^GgR9aq>l81ar6Fs{nYJY#^+Cih>HH6Ap;znrPRFkc%AV
zuQQRAV};IZAoz1aAE;>4h-B4-aE3fzB*B`8b5P%|t`uWilRpQw0UI_u44R-@JQ68^
zbmuvXpm;AsO8EwjM0JrTNKu>;9>LH?!}`-!+d#vjA<;+*J1O10g+%_9T*Z4HoIC;1
z?&!$I`6>+M#MqTPqO!--ChRpSK29Q0oo@+sPF;llk<3p9OzF5y$8Ezk+acPezSvW5
z+P?9oT{P9UOLvail{;&8{r;Lg<)Tr$>C$n#@v?Ed=F(BS>Y}>s+dFJi+lOsvynfc3
zyh4R12Dl0<oF~xuSi^O8!bbXxJlq`y^(&XCRjnt+oJjzt5X!A_4$_z;#mfpEr#T^_
zD2Q1>6AN&?&H%_o97iwX41tQs>C(Fo;4SzSD2PNMbSi$<wuitxDJXYH%Fanw_LP}b
z2qs+xX$tbx{3~Q4pNR7n2F3X!mrk%CL~Ru0Emw`WVd*rI_M6loUg=d_EUn-~_+uE6
z|K1G(qzoS(41q+Io!ub5Ny3|M{%sP0x{}Suxx(=1fS)p?ewnJx$hTRt+6b=*>mQqZ
zmsOtcn1y**?YE>ZY}r)3W>-$u?aGNEIUvJ!?Vbs{df&KReqhS3xO|UYcF7*wfAKEc
zwP(tvc1&4oeB4eb&tt72duXm@pFX^7pLlf9{{F#5`@4G=?XN#O+fl7Tg$fn6E--{W
z?rK*9_E+|MLm;0o^D_%EIZ%FvIQ5yW7ou<`8jfT@4s{?cfoR`@AT!LNOx!&?KaLKh
z^Nmi7K4E!*YtR7bmnGLd;5_;hgfl{9T@~T|)B31L-T~+Cl;lL+lebZh&dY+LSvkU!
zgY+EU=A8_Dql5JWe*mKLM+iB8^c$qU<7=osE=p7`YY;>p9MgL42!$gOl>t#9(nRqX
zhet8~!;Xv{9qT$DT2ed?goxLMmwD6^vUF7Y*IG+*IBLoUpYk<lm3`J~zJYehMoE|K
zVU@E@j>%3n&fc-M?HX;_u$;6p^%uV&;BWn?t#~}c+dH)3?$IH;;=rU`v3Jb&PmkI*
zvDAiZHrs65;p2;T|FK28{jml6@B^pp{db?VcicN`e{+As-hTg*{p|w__MS&h+WQ_?
z`s0iC>67ALq<3~+J$MsS;R83Cebei8?Hx;z6)HS|!7Fr!?=gGRtIfuB2fOE1vzPs(
z=9*K9;Q{~?152{ls?J*Wg#+FyIPtLAyM9q~^fpCM304vYFk94ng!*Dk*8t+uT-aH<
zCND=KJ<vfE%OqBw_zJ+3>&Ox31U-}~qNxhvIgfdy3nZZb_-UTdaXp|N{7yT<lIg!z
zjL<TAD$+sD4jbpF7egwtc8S$V!J|J+Y_0?6Ak(WSQhF|%aKCm4G4MpV=srdGD?8GG
zPnIsTk#y0nn3%B_ecn~}?%R*qgPI&0j5A(M;Sq^DO`WVR6uFF#kc}S1t%cwRt{YB;
zoC3a3<^xH`HV#E;tny=go;USZQ5FFl;1t1uM?rZx4lk?|)M3OLHdbreko>K-obXZQ
z8Ie!MW0^@EN91HojgH!cBDX1wk36Ne+AS5YnXK6dA8y#|-hZDp>$}trYM;h&yKZ0I
zzVQW@+DxNmA3M~v1@-03V$0^5%QhpzZCG?2YSxs%CGYDoxne`54>c37cE~O_TBkyV
z3af#OsJK$fcQ{)dG6wabn%#QYlwG%fO6qe9exU*b2IVtEACSDBZh|)#>&^$A&b@UB
z@OpYbMBzcmVGoKjMG{dl$#T8|Fv64`>wrO=6S5VgKae{llEWJqBhn+Bl`b8F61wCh
zA{mvaJGwBD5RR+`pZ>5?!f`|ltdj6*t>1N%o-(k4P~=hAA2*b#!|LTlnX9z}ypYQj
z`6^T*cTUs>uCvZ->~VleNs>8a{0^_KZ)VM|Hj*RZkADP2g&t6_^+Hy(^HDr?8b+RG
zZO@Bbo%;%j;NKZZ<f|p<*;W_I8SxFSv(jHQG$U&H0*d?yjnZWsZ!FoEoUW<nj7_)a
zZAWd+_DaS+IYO6@HSPMzrag7XkUeeJh&}DnZT9)sZ?`YFd5=Bsx;^%sTlU&**YCBb
zT)x{b-#2BuwvSj#!slB}JGQuNM@}x;yi{TDZVg9@M_x5uFw{+P3#!-A<)(f3@NxU_
zky-o9+@jsL*tAF0mWS&Tc6<~Xw^Jh%wm7<7G-1o58V`)ex`-PIejRXxt+sR!<G!vY
zs#Z|WFHX_PgLlC|;NqH~!$lR&46L9WxyS5JUM(x23u({QW-t2%U6Cgf!xo1elB@TQ
z+XueuT01n`uv>rPGo8<7UMN_xg2J@|VZi!~@3@?poP5(?c30Z#Qp+cqNavcw@|W*u
zNr%6<%PR}yJZ7&FB5zFUUC87FA9d`!TGBxek&aviWET-hQQDxGa92St2ljIF5|@kV
zvRg`k-&Y(6qpZTd0W;^z;QXE73fXI+kH{|IB(X8n+mH-u99B-E9O*x@JY!c)&D-aH
z{>AozPaL)T4lUW@@OH6^-yJHLHSdv^M?;7yw@WX;N7kHoD4q*JAQZ`wu1)gGc^PUg
zic2So=EwU+<+!kYq^))ym+)~popq(xhwC;ao*~t5`-q&Ckzu8^ZDM@H#_Kh!*N1FO
z`Nrf(@WwF<stfXs=9d~ax3Fw8^K-VOspzCsV{vC*wAiT04{6#`d)98%eDbBYUTJq6
zY1tpX^Rr^&dnyv5OxIsBWUqL^rFQ>Z!`}SalafDV4LKrwHP+oaACqNJPZ~#wFwqp$
zxzx6mgK|D0=j5LMe3MP<E~B|gPKw5&9hq<0*Zskx_R$AVX&el4HC5<~u17pLDA&kA
z`S}aSL0N9u%@<GD?f>qY&h`IYA2Zw0V^v_QqRT<SC<1EI$3Y<}j9u=aa9%(s%$v*;
zu~{(k1S3Y(m*10vlIMq){2m!R>2B9wwoJ(L1Uz4$#NemO@4B#juR5YX@vaZ?qNH+%
zUw=5q-sfo!GN6w$_D4CHvXIjyONjCUq+@W(aj{Yn@ti`v5M`8g=!;TWA;6>cC)DBS
zZKA&EYQvPsq202H)~sE=ZOLBvoc;FB+mGA*k1pEcIF7KG-MIoV1LaG_IkIR+oCk2$
zaEJ=9Qi2k!j-VWlkC5f#_mqc4{B+G2PUUjj&}Nj!FOs)oa?&P8TcR-=(fAx6m;0jX
zP2hc?GD0+$ENW~oiCBo4TWtIH+D<Jr?fA?on^{&KIR$Nv{dRNF7UZoAjf}X1LSDWM
z+m>U8`g~Na-d?mDCztHYpLvme=HQUM>D{`?K`S{hwtPYk%1${b7s)|cvNzs2YYRAq
ztc)<Hp%8B*@zJ=#NhXqOCI$uPIZn4(<)EBToLI8vuRg8swYyQA(tv#7|9;Rue4iW?
ze+FM+!w3iEjdD=NbkXg*@EnwzE}F1Uzxo=#a~gfs1?Zq0PY%ks?raNChcIMVRt&y?
zH6!RzvcfevH5f`*vA7(O>E4O14c<tIRSKWHl;%84PAQ(~{4z>Koh~eRaZ*y-l0;Mz
z;Xp=l9t`NBFtdz*a$I3oPig2~l$C+3!0Q9EkPaPiLdIb1fjlYKvrA4wS9yt%Hgnx@
zqQW@?rFP5p&&$lw(?r1>N(G1$Gi8&9jTFJhk^o2l8C>@~m6ZAhC&9CF<l|<#j%jX%
z#~Tg1Vn@?n^sK%1cefw5J05M=(!>rmy?ANcXx{)u2E^jzaVnFx;T%xj@Pf){d62$D
zW#kTPoQ&yjeW+=}!*!YHnvKcX7?qyW?EBD7<@i|L_kr+qY*aEw^~V>4B#q+O)4C|{
zV_seeLl_5SuF<p;b4_b3%-hMihK3NoMyxW?OU}p=H>>^?TgGV8x1(JK)z=G3<G9xO
zs_S**r|jiVzsNp)ux4+3-yO;x4$5&kD7)Q3d0=+Y-gNhz&G8XB_BhdoeDG~J$yx!*
z#%YV|mvhDsE!Dy4P=)gX|M}`oMx)hs+g4!{L3?8Nwi^8PN6{)Bj$H=)*2StoM#$T8
z;6lN8apwi~s0?Z|pD>a7>WTQN6Rezbw?Blj49X`Tr8A+`CEIz#tEhq~8XM{pE)nR%
zNf=-9D;)fkiTIq#Dr3O?TO1<pI(e)RDiIEw9R$4m1edD_pG-3HM-j@9=PeVKKlI9J
z1+V_N(-b86kZ-c3Y_)^yp5kfakX6<{FQ=f8n^VZt5j~w0&x+QF%4Io$NsoT=c%{=n
z3~>KUJMpxs3UGbI!|S>1oj@)QRejMX?pAx*CP#-o`zXAMW7~|?#Xl-OWO_W4sEAGG
z5O2Zw#0t%+s73j`GvZ_Oyr_24MwgcStEs!>C|^2Jv+H(_+6{X~?CE>A+0!l`w$Hs{
z(w=+mw7uZEX?ymy+wIv`P1|i3PuWxUP1q&dMr~3KOnYw0jvZOBJMKMfAG`Cgz5k9G
z`}<FyvUiK#`H2~O*X@h;t~(a(z4tEKhaYa*-N(%yn47c{wH-DywA~t`)3!9S-Im7o
zO7A_=dt9X2LhcZ&lY+cIQ@g6k93$hlBqw8B?c&{`rtm5Q+T8~=hOy;OutvBn{MwPn
zG$cm)sjuCnkX#t6ZZ5PywSsa!abn39e&uQMo;#<{`=1Zn!IKSt4QxH&*Cj97Hf*o|
znoI1;T|;(szGYwh+K22T_g5<@XN*`u`QulsEp_*C@ik^I-6AU}>h~dyl@@o8I2Fmj
zc0p;E?-{j^zv?=B@I=d=`ZJ$2+lDzVfr$u1BI8_>j5hMZvpJveM?8<3z3bQIm+*)u
z>6BZoP?I>n%h!=fCYJZHy`C6GFw4x+Gwa>Jos)FExU6&}e{mUw92wrCU?CIfWs{U8
zpGIQzgXH*xp<plG6*3hOIswkhM!iTA<@xFI{2b(EdYb+qDic>ACNP{TbV*HCI3WQq
zmxv^s<^4$aC}$vW8vaN~Z6EP2A3hDpdU_1vO3|O4vkq_KiAN=;6Hg<Gaz}<f^MN5&
z@wVn{a`BWs^Rh{M){Q&ueRn=?AAWGwYP$~DvhEx^Yag|aziSJsmMZPnm*R+QHf^l6
ztZ>sGzf9HYwtd&6?H-?0w+`EsRK|ZC85TeOK)N>DYM({T%l>AsM9yh0pOqtWYGKx9
z7ix+Vsr&^#Ij^cMsLe;^P%NU3FeIVFI_I>(H5zj~pzZxmgjCwJQ)UNwxCh7*rhzc*
zBWmBp8GGigC41>D2kc{qYWBzPx<hH(#3P2r3A_HlHhaYjF0qGBF58>$nX{8PIrMvY
z_2|bqDZ`!L6n3oCuX0e%CrS>=t{=bOj-S-Tx87GlH3{w9Ic)#%ombm+d&epVWiwHB
zP!7mJdHEJ`P>wBG``4dlcRs#sFaF&J?CyiQKK&LZUFbL&I4`UL&nb>K5%|O-MlE+{
z+&LMtS3Yy6z2R#wvLka%+xs7G-x`}~3kT&lIu1%$D^!O#FX9yNyJhYG(~Rr}7Y42a
zC@e6L0M^EtcxVsqx-q(eY|iYUhnz?ceVG4xA~E^_Ch17~_cYw;SjdcsvT)+1hfnYc
z1j&;{^+bpSUQUYe-^T9*I}Q<(x`Z)CC>~zYIfBRsigIC0x6PiM^u|dDFBoR>#%fid
zOFm;+{lf`yT#JkcPa~r2m=Kpir@jSAN7Nru*=*c|i!W?Usqgo;X6@Nm@3iZ#+HIeD
z=!pG;Y-Xcfx7NsrE$ccN(PTTO>u0R3ysW~F$|;cpvVFX6qZ5-hHY{gBT`*2LQg=x5
zd5v~?v1yIPhBU0%k{prwrMAt_F52w;qRlPMi)YvxGzB{9z<1VK)Qz`T7`u!ODEg76
za1tXGa1bDOV)ABI9OF3N3hDy9w09qbIL2gz`NqoftbOj(l6~cE2kfJVm+g)3kv(J&
z3Qi=Cc=mT5@jP^LaeWR7-G|Q9D_u@yMD;6d0q|4PzNvKsG$yAeJoE}@2{doAyITTs
zKHqcCqTR4>*xvRnSGtqoh6QWPHhfJspMUKRd-=0=*-O7*r@i#~yX`BVy3206Y+A-a
zJUm~7S5C}RF4<<k{Z$8C>`%W-Hy>+04>}K^Zm5M(b5ev)-W*jICRcY(n8=7zk^>$r
zVA%?$83LjHs6|H%DTG|wrqiGztf<=8y_O^=Wj(Ers6Z*NKX#FBtkTpp3AsZApOCXc
zg*=^5FF&D7%4UK|<T^`8S%;9DBbU#gqTL|cjy97_+Rq==K$4H1&O<)I+g0Q%5`>lD
zD^JqTAE}A_5er9A$RaL|L7p$QLocFiKGFf{f9DMxIV`NIu+kNI(Z@dx509cmEcoy=
zX#0fOj;WgMo2uI-+uC-?_L^PJr`C6m*fkezw_C3{U{~##v>nZsUAJT0KL66)_OyLd
z_AJqJFWzR)xqRB5f88E?{!It$c{g5c&$#+hyXB%?wtI5S>hnu>^2kwp=z$~lsXGqa
zC+<3I|8V<Jd*3H!?ESZ&vcLWGDSPjor|bjwoU)HUG-G!iU9v~!T6Vm((-wIAGBoYP
zuhO*YyQTO}4Hepkda5prKd#e7^$$xeIMO&t^cy!D{)i?K4dg%Wr%HqP9Uq9e76jh_
zkZ3PIpyEbUE|<rM#<1V>Mmp-Og?>E9pe)eGu2w53=M$wBl<EI;pUs>+r3)@a3<^y!
z(>sUlL*I3cUB7p<T0z-N<SQt=X1w<rv#;JFD=6ysDc#Av?rW~Fmp)~}YTtK<#*Q2l
z8MS}?{QdT-=k9Vtyd4{bO_M?32JGm(*?mVA?O(j<G5gE|JTEu<;#+px+rIS@`;osq
zZa?+5hg4UMo2}sR<|`<pQyR}ihRI@Vi+qw!;~Xo>ojH>g74wR7;u$l@GO~n@VI(h;
zCE%Ci0&eWNgXfs!7nV7p5S!%#zN%4roJ3yui3%~1%(*)OiYSU;LdnW46;YsEwLllY
zPLR)pz)cNx^0w(Dd0-&jiVUao0lu>m@sU43wD(63<h<~O4uL2xe^lgwv_hctI*&X=
zn9XVFNpIoXj1rbSisp@&G3CP#+a^Y~qD-lIcZ%;K9k(fsrdbr<vf5=%<LHFC{^4V@
zcKG<bojf&Tk2iRvGH!hIz1e7|M=qMU*^Z)8*#5dixpK^ED#+7)?@II`gN+J`$yc7z
zxT0WwwU|Kk3GEGw_g4xt9^#E8cshSh!+8XvBMkEM2%|<XkcPTZzU;~9@{B!eSIxfk
zmR<JogG=`2_uZ#9+NSDASmU@|f1uwAO1ka{mQ;1nG(N5pdhk>Z%K1deLHQT|_i;Ni
zH?Iq=S8w)5Q?t%q-68zfFWGMwZy%`~l+DCec2KzTF%o?BlJHQ&MkmJYO<#Yxefdoo
zzqRo_Z#`<i@~+1flC@yv!GD@mGPi<r0#-OEn5!7mWd}gOz;pdDLt)){(_jQ^oGc;f
z<l)hdzoikp;&Is|!>e<DBmt$oWsrmoF7x;#!`m&yCs0KBQY4vpvU2nYm^dMfgW?IN
zlXCQvSwJVG6X$w{j>^btM<C?DM>rMfDDo<R)5V?{k4)eb>$DYhrQITLuO@T(>JuMZ
ziLsEMAum7VcwSNPwwju&hiqKVhW{p>`VQ8e;$u$7ruuK>>71XBfoD_+RC7qemi4c;
z%&~3P?H#d;<>)UgHEfy37SfMbcw4faO<fBOc^xO_hwS+LtUYk-lz&D3l;RfWn>M$!
zWQ%zH{<e?$%bn%qNC5N>_;}Ni@j*OZQdE{POFVOI8MK$b2@}G|6H5-MoE)$vv5v@=
zgY<H{19&@)Bpx+bd(lRli}u1xN9;w{ZL<$Q(zHMMz&+OB5f9#2=AhhvYQf%kFRvN1
zLWnTxrvM$&L(L9IM44RS)2JMj^NEs!vRSAclug8zc2IyWU#?&o$srlBUwg>``}XJL
zuj8(crDof{|1XZ(FTe9(XM)BU`UJ8?(9=P|vgQUmfm46%fc}hoIa@8|k4cpYfZs52
zCq?j;6DAY!Bhn{XId(ig2oWog@;XC=Im#jNRg(mgdrbfVcVcwJkaKh(2VFBcQ3O$L
z^h=0zN0M1&*9nhVh-YP~*uNo^>xLZC3Vkxc-d-fAZ4g&L@&55KRg^b2aBxF@fUJ}i
z$F5(@Edib`9ZDdsh;Lb4&U9OS&D@Spja1$&ch_7eu)2>a)p$a}K9BY?8&KtlH0E{5
zw5?fh*skFr+qGkx&77FCR%2N5h9rB*hR51AKDy)|KpP)#+vxD5P4C#QW*pbG#&66l
zTVr9t4llLr_)Oat7VCC+reW=d+#lCdeaRj$2im0$Br2jK5cTrY<hT^gq)7h^eqw@$
zl~O;YwoLLd(Ua&cA?gEIVC~03I%)1;H*92i)?R$gls*5lQTzCzVf(`me8!r~+tiK{
zk~=7~3-+eFW^I0)F-!sJx?_c@Yup5okAoY$s#9l4Q`AA-#&`W#3a<@*L2=t&v!{QR
zWU=&F;f%1@v>$o#Mcv=>*#yk%O8mW#oV3T}0CkLYg$)B^IwxoR_P<hF>MEPuWp>M#
zX#A%o=JSr!zcWpH&v##MFS}Jv)H=Xw-Iv`sX>*!f-gn0d873_I78*0O|Kg0<{r}i$
ze}DXmb5cS$9mV8^!Its%$2$S>@B?cF#6vpuO>>8XiJW3qAeB)DdrQLFlMh)Odo^R|
z3EV+qf*~)ICZ@;;D?yTSeY(`p3E4<5h&qK%DUz}{?WI$|9n=&q9#JV1D^T7hN-WYv
z-flP?L{KKj9!M%Up+`T)Tz1U4U8Dr&FD89Cn!IV&UT&#NTh@@1u*91$3eU<LnI*i?
zvXhG~JEgQ)9p@L?Hor70vn$6!V`F(}%$l{j&CZ*h()BaDJY;hVay*viY(`GT;ZrSp
z{P>(be7Io`AF11eM_YE!{quJBeTVJtM~>M8k1pEdM;GLnjM|Q!+id&xVcWlB#CGo)
zw_V%EY+|CW>bBG!eA{GRm)4Th$I+1O@JBk3#-p$Jse*jh#YvU)aVp{$i}}30JIzXi
z{QEBn{D>j^?(ixc<IAsM<inc}?gWxa;u!6o!?VfxQ)kqhOLo&`({`DL>IpfzAHDa8
ziW!y9tBmpk_H3K5r(C(sPRQ~5^y7=R%y=nQ52ZIjx_t#m@aJPfI48tWc!zpst8jks
zj(g_q&p$I~fAoo2d+0=ToY@B+T(Y++{!czNYoFmkXu_utE!v-bdd~jz_F4PDLtACS
ztZ>dD<NNaG?6c=x#Z0v^{J;x#+SQkB?->6r2kC^t^Su+vWOb>@iHv2wLQqW3DS{1#
zaZ|<GKOehb7bO#B;qM?vab2>@zyXAi&8o?iWH5oJDCPo+EcD0_lLvb8yEy(Wkzmd#
zLpdr{wX;$r@)c6*ts|Rn(aqmr5|dAS3UW$wkQWMFX;Yk%Akus@FX>D&YBRrk5{1+1
zJR(k!>4KPCm<)RWKIR(c9@yvy91Y@F(%?&C-1s)jBxWYxMNQ6f7@QjFzlO@;wU~zV
zYz%u9#>76#=1n$%VjdS&s2q)DQJe6*<oKp=<!1;$4cSXJpUxp?T)}Z$u1$C?meh_*
z%c>mvYDN#JZ4Stp*&!Yr`Ei?7_|*KgotkUg;gdCc<dNg{$q(OYAN~7#?4$p1zuo?^
z2kpMQj@sPO<2E%mWILzLF4{e5d-hM;#TW0eOE2DS2QJ=bdoP~0o%<$iVmlvfQ^_@X
zN;ob}DL5qJH+OtPuypkJAlgUu3dfqT?*~ao+RbZ1M~T-PMezZGB;}MNXC+PN;~EZh
z+XTl>QWqca?KUnf5|UsaC;gDdZ*dg)qh_wL36HI?Meyand(gh(7w)#NdBelD*jXcV
zeCJyZ+E*(6<-h*0Kl=>)?0b*dOMd=td+9IUX9u^+6Nd`t7P1=ksS*1(&)t<GHio^E
zHGApJ+d8%-zsuhW@VkFaKE5g-3yFHzvMx2HIBzQWYDQ38D>A7(+KF>)Hl~lsxR9ei
zOzi%K3g>`?C?t-^k@0WioOok-Y++w}f%ar#W@RJZYKaNI7oym*OutJO6(60GzSNUC
z`x`xqBb_`!I5J+oD4ZH6>BEn+QRg7q*WcXXs77L92{o0aOKvggD1c+c+ak<d?BQ?+
zL~X=ZMETY_AN&YfQ2e}((4xXP9CO5}T_GF?zPYX_Yp4O_ICS1XffV*PQaGwysmLz^
zEXomCnq9Jn$ek0q$VuS^$y(IO0&=AncGV|y$)+r}Eig8gmZY-MX$R`TtGe*<iayVW
zAo`3pbH`3RK8AGQ>#QR?)fKu1hjyvj+vHc(?dZW}d*r@D_UOIG?Y?`C+r#%iZigN|
zY)6mI*{tfnr23C&R-YapwY|G=T(;Y#m+i32<izaSHErV)+iYTN)M{fR>K640Z!`G^
z>eK=B0b>f?hg1g~86KbEP%<_c3r^@sg=kRsAUaTz6W4-Y4?W=fagqqN1=U}YC^jGa
z0vq`g2uhQ_qI!c|s!u`mt&UD@e_Tf~6}AW%_Xn;RvwwKim3Hl(!UCupmu>W-G5hQ9
zzS5q3>FIbMI{QcMjo*E(z2p{kZiOc<m|!rLyc!(Dxh~|V9+<G3H4e@c&%JWoMp#*p
z*sgM*^S!ddgj85d0Ufb#oYOYG8o>#c8w!Y#w{<*UvZySZL(ZxMpTJ2_L}7S|kQ3tY
z#LmI*?wFlY9DqNGE)Y%u<PMf(@ra7ar59XwqQVIgb;(g0&7h#^PQIf{R&Z23th(pR
z(g}JR^}@lzDUpm35fd*fOE@vEBX!KC2l9Hk$kg3Et5MJbBrl;MT2gokk3sD{r}mxG
zgvjgeI0^13a8!O)O&SXOY6>z{4tLBreaoVz#&T2o__&iJvn*bS4~O{1OvTTs3}pJb
zWVkaS*)!6CFQ4J;ppTaePa=u%d73=%oAjl<T^ABnZ{~9J61z8nHv=b1U!D<3E{}LU
zjW#4n`XU$S%<H2_9LMD;m8G${sPvg3Wv|=(kp-K1bkR=oi0HvZJM_Q_(Lp<S?@>E=
z|3Q27;Bom&E!#FRZU=Ua+m-vq?BYENi?;8XupK)_Y(mX6K0YLWMdkY@a4GELWv-)p
zF_<_gg3a$f?o)J;ta=n6Oyv`F-SEAbaq%t4nZrR@R&)7NR#xXq@alWW1rGpZc;j|5
z<G}h#mkLoEFV8RJBe25x#+P0{W$*cp>+D&Vb~_u-y>gqq|J$##e|lqg{L>Ch+S|V6
zDtq~DGFBCyxX`39B!lp@%eUDV@)POTP5be4uiB=Ixn(=m{m_|WmyDi270_MSbFbkO
z+?}#ssIsowqp^41ofMVt6KF<EF8&6Ez@f`-Vwg3VFz<K*d8nYwp1*0Jb0!leWL6LS
z5fV^*K{Tw=aR&HZALm7eqL~*UB{^XCBLVTi>->`2YsIACPk)L!i5CjpT!zT+-ZhaA
z(NW5h6ME!D5XU*+DH-7opL`;JJjFCZ89LB7zB(Y{v5GqwkS1atiQpJ4DLfxEYc{Jq
zGl}?Bx>@nfYGMp>heZ>e6Ap$7f|#_u9a0#F!B;fUNBPhNC&3@(AOj~u(Ks}|s-p9`
zQym>}&bgh3d{svIHKF+=+)`ebqdfk&L-}Z9Z)ZVG(sATeHpvixmo`we6Y+T-?+;xE
z9#(=oPAUs0D&&)o@endt&G7Qbt1-q{pzf?rP=Ahc6kE+PTW*YMULLdNOv7dm9=5~x
zKVtWNR`i+2?4bvb+2KPo);clg{>IL+VcWfZ*!Ia`*{_R#*X}(wy<^ID@7!jS+v_&I
zZP-Sp>Q?7-0s2p|zIUZYJBv8-NXhrL=*Uu(J2H4~3Og+;>%9ECwtN-2D(bt%rH1c^
z9^w&OQ>5|O`Q~n0)#k%?LpGxETJx1CNMZnOLs;F?c?_o$Xf_dJW?uccpuXiNm5+&Z
ztlr`|pD4Y>b7H<_J0{XehT{uNLM!9x&xsy4&edByn~1IO7LOc*OLmRgKfLNXyF@-o
zj@rNel)doT)AncIbeV0#7@Yy$cK57(>1!Xbn-7fHC;zSLnc+`9IcG2b-*;<%i`n=b
zfyw#AV`lIBZTSj2bS{Gq{7#j0kvk|U9>hd}H7txS5h8v<pO4V_T{DbwK#FT5;;17s
zL8>p=OT~CO5r^URyn;I!N+{kQ>O`*q4ifpCU%VXQWm03}LM`fxd<gXGV$w+?zqg6V
zL4@kS3PS<SFgRSkgs%w!X7qq?Ak<{uX8x!~VbZCm$BVk;2O>fYJ{il2a%LzUU?~qD
z;-t=Lh>`b#Ng$60y>Uh95VD94ptn0Za#BK<bm%CYZtjwp(;$x+$?s!Ar}?VW3cxSw
zV#zACLViND8I<!7-w$Oz#ust!lyj~>!*T{x{D_=a{GU;cmyRFA2HlRMP~(js*hSo9
zG?w{w<CZnl$8E+1|0Tbs@z9p@(rQtknz~%+x_*Xh%l3k+_t=ZB8nur-)UrSOhtJA)
z+$R4@W43w9uH09*SAM~z_Q=VG{mI=k)}GvE%grH`H7q|;t_ubG*ik{8u!o2UR-$5D
za`gTaaUfd9)taZmIYuw%1oU!FKriQ{!V?g>SmzsU`_RMl_K0p`ACPbKuzb%?KBkL3
zy+x5O^D_qX;Yk^<&mJ**NM%sg!BZ{!=s_8ia1PETFm4o!&Gc7UW!x}wzMq3gksH3m
z3$dEOky+I@u(IMHV~TUa<nI#^*OcNpkBn|fSz+M9O0tQ^k$}Rf2_nrMr4;ro`a^lF
z$T*+k&?m$dqy$uOepWYhx4}d*tor$ntf^mdSOCreyuHo9X(apZEA`CNPRhjH>6`{m
zL1H*{Tz9VO+!;A2(41&Vw4hFJh?b>?f0-Ck8!>_S-F`a8xlinn%7Os1;Ii(}8{DlY
zL>hCYlN60dL_Sf8eC32y6V;s+6MqaO@_I=Ck8@%V2}j~WrzN!?`(6rtM7^$xh%QL=
zgO{cbSw&heg1_9E8G7asMc?35aRd^zDk3i+54w3o>KBS`H+4xgZE1ed7EUbM$)gK)
z{IO$p?4hG}?2$uu^vH2Ldia#h96M$6qNUk6WgD_RyGQJb0~2=rRpWO372|fvo^ji^
zcig6@CTz!K&9+Z2+xGFA?HO&_?uoiCx3;T3r~YWxr>r?LZlhxw=NkWPj;-n6k{q9z
zR?}t{n*L3h#^Qpt+52-+G%K1vp>Zc-<MSLVCaToDq(byJ4hnr6W6Y&iD=6m=r4^J<
z9&Fg6F78ELynGRM-()A@&ch8mxugN2!Enj+kX^n5i>FEIL{k%%I#$>@TDR->buN}_
z1!WVl6;@CH6CoFJ{+NZX9jn{(ubZ|%|E9}iP|mEc|LU$;d+F~#sQFCg$jG?S4zM~i
z&P;iZ!Aiub$IL$PI_V&T$i4w4Zl3-7l6&F{gz@jpIGW^i@JBirJjMAZ{N<>ynGjxI
zwV+;Uvf<pTNq%^hmmuia%+nwqUXJMDlN-0Miio(fegT{pCOh^I!0UfxU!#B`PGAB>
z4wJHPidEk*!3Te0^BE+<RGif#-&c`j(w6AfIXQhObkqs2v%15DLzj39nF9Q|h>poA
zA<K~G1?BTHkm-(xj<l_hcb!DJ5beQhxc(|G2|3a^hv*yrxI7)%yTdsvbL$4e5L5>7
z^aYMBjaf8kH()CRJy*%n6S<toOB}MIIp`Of$H$qD@OXbJlJQP86whNDzUeZ#eZnR+
zhfI#vd~uC?kx|_MY?G7P()DxYuD0E@+w6UJ&D*;^d{_*Ufpa}~()Yi;>;;$Ey@wa<
z|J{Aa7MAO_D96)3o#!_KI&yP>!|VD{a7Pt~$0bDbrZ{p}*dln@?;o^h{f~R?#lQ2Y
zZgNid+IPS8pgmjhpZ6>G+rg8k<A33O$Lw<z|G7VVzkN1){kXyt5LgVp7`0s!S`fcV
ztmsE(TK1T3O3oAyooKm(?34L)Rt|JNoRb1FQ+_9}`uiI&GIpG!5;hlO3<00KG+FRE
zCO1_4w0>a;1%GpgYe*S+ChsyeY58x;P<K(Re9*YQ=RjrlBLBLl$X83!(PbzaeO9xs
z=*fhEp1keSV#NW+L%OnZ;2TS&A4m3A`2G%c@(JA-o;a$oj>NGagXi`$><<yKiL(Jw
zf8-)RNagY2x|S4+)d%Xx5kJPyRbSe-aAbtU<^<vh$hU&T5ESJE^@|T$mTt=u!bHXX
zmC!w2u_ep~RbI7?)sHSxJ_z;c_Rt6C5!t-;60+Dkg1k;=uYnNCcp^_u*j_rDW1RPp
z8M@^JTeMqD&TAp^0`e90%m_8PmKnb|6O=>0H*}MQljg6aPsoR@dsCb`G-n4NK4tgb
zbJFg+<D}hl*Gaqkt`m0mJ%{Y!dmpt=eCh#v$44HuJ0D5kN*X1<lo)Q?a(&F^bv<5p
z>7>2#Sy$SZ-m=?1|LPrf+hx1#;@x{}d~8xq&`A0ukrZKEvQkD{`OQY6xc=Zt2U@kl
z7Qv&ZFh&jg)vvfn9&3z1vt#UpKiaVW{^k4ZS(k?;mYu?Q9bL8``igz_Ww+?=vci)O
znr!cRc*Z_(pC+X<fsDal-#Ke-Ha(smdRqhN!wQc4q^|FF`09t^m=AcfgUyj_T4aTR
z&3}MN3oD1y!Kw)>V*WuZ3^k8<<W#tU6pzbGl@BMRNE1c7P-Yy7bG-<t>>(yVkx!!O
z=x-5aaY1Y%!@*!R`lR}A_LMGa=%m7rCpseHag1m|v@Bv`jc<j-8!rBahKR|%_>PE<
z#UzftDicS@H<3bW2eB3Y8}-47QMOK)$PDmBe6$7Oo+KTSj{|^SJig&;sQx@aLVN>m
z4{D+pc@_3m5@e{bSoV)cJRVj#IiYtz$-PN`Ale4`=+^yAtPe>qcRsp=Wdu0VKq!Mu
z_}4&Wr_E4>tcVyCksks@`zP`@V-$!V6687{jyZ)_y&F3BHq|%@@>j5j<U_RWnC!v9
zlS}s5gAM!W-G}YbW2zI*3Hj1Ks|SxQ+gtzsQG3h#58AyCFRMu>ZU4UgcFiR_?Y677
z*>i5%Y0tQ3huwVbPP_b)UAFt;9kyfdHXEMarW+q!k4$Me^(xlM9ef&rcZl*wJe{}>
z@=6D)M?9O0(j%Uy|I)+uniuV|SKP*P@YDFJ*FS16xoOhA>6trHOb4&|>%+ENch&#?
zc{@`~2h}5<O~h7t#IqWfTQ)g0W;6fsI=8(W!Q1Ydw}1BA56Y0qaGj66CjH=#cn+HV
z;~Qkm*dffF8^HL>@cMIW8Cnc4lNJVyJ3I_6`xj^sUO{Hn#ECmf8S9v|b07l?$zu-s
z-6t8YA1r1}Hp=UFe#%S|j(|VfQJCyJdWo>q@^W}X!e416LHy`T5RjLNiFyW04&uUi
z2jD64!=OY~Z#Z(ABh+`KM9O5JOv+kJ?Cy*ai7e^J-8b^#A)0(RIT7!xO|(l{X(40=
zU_nM9i#X(^a6iN&9tT3`6VCApi;A5_tQL?Iaw)SPoOd+^1d0v)X@k{Jlm#=qwB>5@
zvpVE#WF={h;)<r}i%cj%+LOsY<kC;UQf^MKiz0Dg_$Uc)#If4QwdE^^>6*Z1;25{%
zWV<u2a}_YcD$U54O^y!R)b<^^4C|e3V49P7KWIqT>jH24G-|fk<dKlF<1^_RT4Mi_
zu8EZnieFTICZ$Aq162;n=Ayg@<*_BZm7mru;m*TNyJ0U(-J|v3siqthUhC?PuN;(3
z#FlqZbkTC%E;Q|{pMAjo*UR_z-BjHVcOO}{7yQ;k_Q*jQ7{<#+y_~ZFRsd!Wn|<j2
zN;e#oq#FmfXlcUgQduW_b0jRAUmwItRvqV`1QE@o153{Yn;2s5?nzc8-ya%L`3*TF
z?gua#Ac_-rGIZjr89Mq~FJiz@I}iN)0i=_ew(S^i=P3Z6^iBGBB71E7aa+V?U~XQK
zA0Pk+PUl3yvtp7<3BDI2703Y|j*gHg`09m@<;iPMke8|lqK@<lD?R>w4o~R~UkPIt
z%_~8;PbRNdsnLph3BBsETKRzDm<!>f`&I+;yV?=Tbq^4a(3SSy5!oVZPZ45bM(>%}
zrHB9zV^(>5Fw>?CBtRP@C+SjG*d0){WjN0Mhdk*#1y9=wl{JKe5`6`e;#jru>w_|M
zWEIh`!yy~h#5X)TZo_gAYYNwR+$#O}!2Q(Zn6>M<gMwT_v>Ba{<ac#w<)CaXN)F0q
zp>j|*5nI|p(M8I2%0$Lw*sj}4p1#}u_#5`Ga9aD}Q->P%lHYyI?s@D)$JnsSz>wK0
zPD<gR{E5aglTU_1MH-<D>e4xM46*u=yFfV`nBjEqcN*9~;O*H7Vx()bd2JrYxPcYI
zPP&l?9C4Bo3RNhd)tZP%%DNnc#N-eVA1ttQ<Z%>sm`~zI90+ke=QR?kv=R$BqAo-N
zq%e=V^8F@VKmjJML69q$WCwEb!3LbQU)dRO9H|zpL5$Hn>}HOWynqD%Y&vNI$p!y_
z$i?<4!jX#Tr0ayS%igBA>yO80tkCiJu&<yJ7&E?~DxCw$@*xz3_5#-nWoJ6XPdTuP
zg7aCl1LHEC6n&Bkj4_|XWr%!_7xEb^;>RKB>Ql-^c9PX~9VyJJOr-f^RSDH;eW-42
z>DbW-=9JF?KSUhz%gR+aE0|eo8DDEYG2iy@9|iaUtQn1iQ~cPK@80i#xAA5c+fMu-
zR)r@SxGpsYo_Xa?`<Bl?Ap6p?w|wk~z4HGYvb&Eq{f53Dm|x%e={bAx??3F$$(~)~
z_KnZkZ<p<sf$^VH*g_XQ>WnOR-WY~_iJA*U<UgFoxrlftMY%H~aw8}{HOA<I?(h~C
zY>8KGdEIeFPUbPuQPC;Fa)gdOu5hB`k6Zhsj=lkv4XGmkO_*89gV--21DlHKK;=78
zu6QXQK0biP$H#DXd>;l&*vcEWHUi-o@<_-Zp@;`@fs|a>{jRb}q+Li%$nye!OydDR
z?R*DCx;QD^j=JgGH>fJwN&G!2rSqtZ6%qC(6t4y+QdB{CJiz%NPkiaM7m<(okE(^d
za@gl7@fHPTR8#*^PuiWa;ChOX2}@b0$QsDS67Gjcb6%Zr0kYpC>OeZ5t7j7S52Iz|
z?M+`R4|{QV#Ni*S6S3-m04~}f&S^JRCtPrufbx3d;Et0AD2-&_$D<={;3QWd!bRH?
zR@uH+N6aAte+0y;q3`DrKO5I6j=Y@HxBk-v$WmrEND4#T2=V1&exaNjzhRNTSp{F)
z_{Hg#=DV6rU(HA0I)#%rJZ{cW7DRltg0i_Nt)RU8^@r@SlM6PiyWijb>Pzg}J)M#8
zy?=4YK6w9vol=MY_E#UUXI<R6efs71pS0J1_?R7U)a~cKY?pn-jp}TnT0z-FY~>Xc
zd9kl}=3aa4SM9fHmPo(vPF<%m8jCI4zi-OE^oB`$-j!2!V4Gj_j<yWvL&ux;&U<I=
zPd=sb!H#<2OK#a~fB7vJ*{2_G*q8s#V|MT3s$cPC)$<6Jm}d^z&_~{2qodP0l`)dB
zY&Kh}Q`?qf4@jzC$7tyULkVzP2)jYnM8!QB_KbWW@=;anCyAsN@)DBm?4&8+4VtwN
zr@jd{TN!Z~DO2ZC?!dD}ei?8Or=CZE-|s{-o*cmk&<T^^ad{rX>R&uNcYH+tNI>zf
zLjXSXCY@7w;S-Zj>M)b;1!M^M;`jYN@R3&y&T{>r@W)=g_>mRmCb{0fJ@g3{2;}Wu
zAlF}ECeL!Y(Jr~Xh&vM?&zpyGbz~9`U84+lJQ4<7!F0J<J};va?6eW>l?rfYIrTGb
zNq@1@>JDWwfKuDRBS)#YkjOuwgZi8FWy$fqCL;ElpnH_<V@Q<4>zy2}0CgNjAIYQ`
z|LKL4?y~q|3j!mLSAc;j5KrH6tZ+{7S9i?W`#*WY{^@m7g>wSld!OPzbi_XIvWdbu
z0Uv*K);{>*qxRGTHGA<59p|LNlL!kf`@dg*kvk_p^>#TF-0^bJPYm0k<MZ}=A3S2;
z{wELFOMm|%d-?A?XfOZW2kjMac+mdsTOYAM`Iv4nxSQm+cj`m-{s&Il+wWPhoA-^_
z>%VTF%ic1O@oUX3+Tz@t&Ckq=PU*(-q&4T|V6h5v>adQ9cn$aXQN=yhp_59VIiVY>
z^!7{qaGbx&ijhtfch){xVssO^ffxB(G3n^-ruG?DIA}!V{3ZCEqK+8cpd4X)v9n>=
zAw)rhxdU~;kjfw`q5(I_m~QS`osYY5)zg2!Mn~$s$ep?JL;NmILE<4DJ|0*3%8ugM
z1WA4m6GvK^l#V=<!D*vi{ggZdl2180=HxO-U=@Igk|ULr{I2*!=*Na#svgZ0L>rRD
z9j}bMe2!Uk<o9+LQ5?rJ0Wv~u|Lq`A$d58eb6pY*3MO>MM=pyo;B{vX!3oox;lFPr
z2459Zzu{>3CRc@Fj@3YZMcLbw6*cA>-VRNk2Wt5q6XhKiKl$-5d_|Kq5y{kz^PKqO
zudlPOB@qtdl5||w(H{*djAP4}Y}0QWsbnOIe92TLums6cOt}yWuW(i|sy_M2S6pI0
z`bE1_Ob7h7!4G`Z752Ygwl~Fez^9D=<%=(~KYHb*Tk6G&CoJNc*ecNEcgN$4_WghP
zxc$gqJ*WYs%Q=i2s~=2`nlv~(|Jo^g=H-*JO<c&Th~MoeUa_8>0h26j(^<A}_&*2j
z|9;|>efp3L6q&XHPy?qx&PIFopqvlUiKEs&al+asdG%Hf3Eu&M{LzaHD-$z!bWVzk
zM;I)f`^1KQ6AuoHFQY5oUxQ6Yk0WntBibq_+NM0&`Pd+wfm6(CU!aHTMqUuvIWi{@
zz!vj3hzZ0e4*Czu?6yC`N=L|lqejVouCOn`GYLV2i7S)hX=ne<8wfcme|*_>1re`w
z^zla~@JnZiiFi;d^ZNuYQV|N2Nb!zxyvTo71}Y^Xhd8Nsx<80OcP8jaNQorT{z0%I
z2juM>L>%?+BJl=A{-CG=jw=&<&_>}aWKxvf-h7Y8-?Cz|mmVM<(NJzY26Y`!hI~3<
zrQLr5f&_?)N0_}Vk{OM_!B^D;9u1{vM`Y=VNK8aoh>0;1?L;!Zm8fP@2il!wm1rR<
zLy8ol0RhQ0G#=AM)gzuwL+KIEAADraUil0*bams;KeK3Gdfiy(%ibB@`{1%YWpB-P
zP0*XCQ9a_>MC6Zn#?&|auQ7Ys7J7?^F9|bg`j3KfWtXtrvKua%usdFTjo&Db|J#pu
zKD@R9y2#mVivxq<D2=J}2HOAV{bv8~XQUIa(_@T4sw+k<hB(I_O|TLn1N6$EbnfVQ
z+h8DhKzZQz-`~kVQOGD=yPX6ShCkCM`01jEW`ZS5m&9^@ntKZ5?cmG^kkNMI?~#K6
zJ<D}2mlf@dT*@s#gar7+6FQWItpTzjAGz6_xB|3Ev?*c0Jm#+qmnuOUFpfg!0O$GR
z5l>9lM$wiiA^7XmQp#7*N_ARsse}#)VHF}PgJ9IJq~^wv*FlI=%JCbGL^v$I!X{8}
z_;6})>f(2!)`Vm@8_MGpa7;MUx|EBT{zIodCORf{PPm+LVSr$(aMsYvIRRgO(@N(A
zJpc0H70yY8vjnb#!f0(FY}3HtE3d08p+ypV(z>2=cR@@{u>2U{RvS~Uzl@=8NaZMl
z>S0Y9q+#qKCeoO!Rt1@YRssE;v#v$}9r_`+rGo(5PoBI!UOyEE`LcdS*zw|Aiu-Cw
zssL$&5_@%`jDBSWkMHZriE^bRlen*@usXrSj^eET5MBckQ?w)Ov_mg~ha>I7aD{xJ
zQ|A~6iCATFy>%L61@d#^$(QoF?uq=7-h79AL#Q(F4Un!ni;Da~p#uuC@&yr}4pF~N
zLteIse&p!w!Jv!Eat;(nlqXTo6gLpm&^(I48Fc4HQ9);dym;n1NX5{S0@AaFq=LQ!
zeNd$<Y!s`^D;ow*^H~sE!Epgz6G`RRD0^W-%DYjNp=Bl4!&p|4$LUD@Alclm$%wdf
zg>qS3h`C-+7Y~YN<d1B!x;Sr&hjPB0R>Y-tVNxBGD3=2L(O4(gc{HH3obtyT9w)wn
z^d}}r-bC`p9qKQCQ%7MYd;bwZ98Agfaz#-u5V8s#dQhaJGK4QsK#5&W1Pm&(rm~#~
z(-DgIukPyTkM(qfm-^#$@TiHmCOuv3IAzS3IVs8!x^Q$vLPS#Mggj4<kg=(tu%HZl
zCx|y_Ms!omhYZgrq8)HDW6>?Cn;aC7S3*aB?2`rz;I!PJ70wL0kbN(hz_{ED0*y8c
zV>*lOtguO-g;}z_urTBkhOT`-T*!k0-E+bq#a+5)5T6`VG+mX?dmFJ`A!iUoxxLB?
zb%VzpD4qDk8Tx1B4jA=;6!!fxI-U#i@}ul1KM^Zdg?=gQpY7);UME#B+MEi9!xDtU
zz_jChDKBq_`XdzDLNdbJ@J+1PG4YneF1vH^vN(FXCL&yr5^3*(C|_mxS5H+guhNp=
zH~s3|N#_8ax#M%vd6~G=XBLgJInu`t7upGSg$07}m&aG=e^!8Eg>uqWPNF-9=MbSn
zPP89wnRz3Dnr*uXmL5<vDYXfaT9eESrs_50&4Vt|i*}3@{j?ci+#~DA+_G*C6r%4c
zY#gx%<&FQ&Y+{$$p6kqB_EWk6Je3%>I9hGnJvnSY`Ohx0LmCr5_SQ!_kAyB1#2%DC
z|8cX)?J2ShH&lrT_t*yl;tBSePzLs(u+f+aWT56E4@Oe<ve<;U3PPuze32LsQ#oo-
ztffZ)`F>N{3rUFcbb<vuOP()d@LzUTo6vqt+)U<yTvnG{ozRTFZ$#nPL*sENzD}n^
zL;~`ooI+Lx*jYjxPM`P(@G&MhFY<5#v-&^yV)EoX>Jj|R@5G0U$dmIFiNSy{jZs!=
zh;rRTAo349R{H=sWgUn^e}_)Ew)}%}XBkl^fIj8xsn9V)%Cm}t0+i&x(kTf%pT_H~
z9F)xkPQ=*&gT8W3&Kz9CN93UV$q$*0PRl{LQVz;bUpNj5z%cvfSA{Pm=LCd<@@H~T
zrsSaX9n$%Agk>&Sc#_FW(wcx-`FZ7$>&UMq;#YxBHe&Q&HddHs_B^Y!cdqhUD9Vpa
zDT0ZO$1EsG(wRInUXMP36~$#ja(TY;Aszj9kn)7oKIO8JOB|~v>}~N!OP-=EO7#6T
z<xHypdH(74q;O<qJcKC7H_gHWF$PE!q8s}yI3%$SL`45bIRuiZP6Cfr6j7uLMCZdL
zm$_bq4n>(na5Cs-*iAwdMbU)Ib?k-U6BX+BhB$nQZ$X|H%WoAn9mVqDCR62{Y$CW!
zxT<vJtZ~I`Nib=#@%2J;PI937szaK@V4#!EWc-ttWquuT0MZkO)j=MdK-o%u(HMK_
zpYaa6$uTT%0`h$ihvGd<Tp#j3(y4eP#5u~LCvg!Exz{3EC!(x@NPprnPglJ%Cg+K;
z`otX*=^2lT3Z2!!@kog<8=?IXOggf1&*K<>lqBNotRZ_4Ds)r6A}kP$>p2fQSXt1Z
zi|jZiP@I=32j}pzT0vJha%S3r{hq3eKTcu{q-gR4alTQ64lA%hp=67!c{oQN7d*5n
z*Di!JxS9!yJiLjOsH;nQLp5b^(bB%7ne$Fcg$hqPlwUEdaBi@!W|z_Tw?-gkbfcGO
zU{D|vs4&Q?3+#-I*yq5+$X*A3n}r)Z9gFX<B;EWI=S;fgcoA<Y#krHx{p}LjVVA`@
zlRa@t_K$E8&$;4Bk9^($040@1x#-f1{Cg|G-wUL{15q%fe1-lTX*bGBAjm{r>;Vz^
z+d*m{^p3Y?Al{<!H%o#%V}}<(-WTXVSrC0a0Nh!ToFboy{z7~g6zB4(19d?@c{_)J
zk@FJnnrS0K^>e2wDG_Bv-W9r?C*;FntuRN3I)p>gRreBtKl0<4cvllKI*5akKnJsQ
z>784l!jlb*eHl34R2CMb!Z`!YKaj!Btvi{RWE4mAy1Okalwcr4m-WfZDEJlOzn?{d
zB6(9J$lnlA9FO2u#AoM0z8@oqbLH!b3nD)9Azy942kZDbe0OeAdM|Q)c;kdTnw<SZ
zcM9W3`A6lH7V_g2TgvdpfC%GIs4RZdhq&Tx9~=(F`zO+M&KorT77y|={bS{$i<AYB
z?%z6zvdUqo1oFb-AAn1|J^@lk9m2;UOmg&<lk|%Z{rTJn198r{HV{E|p`Ks{@39Xg
zbPhEJEN)W~Wur@4P;zh{PJ7P7Q&o<U&T%zFK6gk&?wk<da~q;|eH{*pgUoA{TA{)d
z4Z3hJ&@3~@PeD{Tw@7nZ*W7@C<D6p`%63Xj{<>*89SG!C1|He?qXnHu`Ap)xdBU-X
z3sRmkKNGBnbzCv=u7{8n)GMx>mdIBuWa|B^pQW^3<Zro9H#K@5rp_)$JpN{k%A)Pb
zQ@qkkJVZW-_S1D!yzQe|jw9Dn@wt5Q#2Z8Yn5PdUwrIzqvUDnr1ByVB=c^JWj{sKS
zD>v!H>)Htx<13D|Q&9$_x)k!IXZdka8Qv};CiPWU5ke-%9*8mP^%mu0m@N7EW}>V=
z=hPwUlBWd$9FuTfRzq1n8_W5X=h!@)%In)~6)IE!x{A2#TGHJhzg6Ntd(M?r;hZ9x
zJd9%i16`VnP6I|+Iwn5<t&#Qi8~iHJH)v`SbO%)wzd^$>;{3yLDvK~H1_i&4tXOzD
zVd>%%yhI0KjB{|_YvSo!&ow|ba#{=Ucv~grE~h3%Lns-KhL#es85{kB2RY>D2oc90
zoQ%AT!l_^uj<`V(GJ+^P<n#b6`K%XpqP?Td$%=>-eomADC`V(eS4ZXjNm)V2&C?2f
zDX1%<gU~Cg65+ha6*4y&=p9uCQ5O*5GS6y2*IZxEM}&m%<{Uxd(&M2hszQYdy}-r7
zMdOnX5&6|s;hciLV8WmuIObi^w_BnEp|qqQ^Ff(%!`}tT@NaM=a^@trh$pNGnrNT&
zvUr>oPbaJy#UHn*0`XWS_LX=Vq;n=79lR(I^(CI8Q{w0MaC}uqM4p_d7a}d>cM&p4
z5QTp111Udlg8cg>nnj97H0gt1o`<8z+an_oNAz?jASJ?2zT)F;oRk17d{IYOaCTzf
zPT};Bfba~FmuPpK;E@vvulJRLLGTsw(-9EY#ZUrKB*)Ae`GcJ><Ot?ie&~THiX#L<
zpNL-#@C5Hh5cxL)p@Ta#I)NgRL)0;=YvrI+sIVq<_4wNaB8+E+^9Kx97+ks{8L|})
zOBcihACst0h64O$3d7GasE|p%L_P_EEUt)$Ko;*SZdushXwg_I9&xbhqI2ILqA-s@
zNN2n)Cvxb>BSw#7B}Tj)heW<dMC6Y@gwP+v1QT)oct!ztYE*H5ES1YF5sznbT?<lv
z|9~2Gk_>my6px%JyB|<9san7v4WWzV_+uN%>IL#qr@YVN(M{KkMnY*&kQa(}a7T!8
zq;rnoD|j<<ktF2D4CoM#E&xZ^;_*k9KSBa~F4k~T0uhdSBd>=F4&tMY)(i4d&#3d6
z0$I@}>@^u4(UDCn5KtWLR%)NhL8(w-O=MRpZx-~m2o=sAvNk6e1mZ~7&{Yt|y9}RD
znM5H?NU^-1QyBiB^5g{dip%3Ee@*0tMo<O1PHDXP<S+8o794^s&L1)1=#Y_mkrz_k
z{4o=gu87Ak?uev#$lqX*LxMAb)8mebWa4~>%rbT9TPBc&onN3mptS%yZSC!r<aF&b
z>47{sSjdkY2a%jmN1TsfN{CZ;QV0-H;t51jp<|AapMg3D-wOU-P#^dvTx6|*f#hX~
zDh<*PWkg<_hRp!&S9ly6Z|<B(c$;stWFN-MP&p_SDy$2Aj97)U3@j`bt`{jSx&^xj
z!H(T0?1m2p0`PN$A-%0qkj~wC5l@gm<`6Gg{82{I!_Oho5}(J5{BcdBCt4Mu8$`H7
z?j#_;6d&-%D-kEY&^_u(o&1=k;RNya4MldnMblw*O4&CAbk1e<LsGezKskqewMz*&
zT7&399)KMB-FaP*h{*ItQI5!ilj3E;!+<IA1%kgo$j=ljWF{I2<X@|TLL}obFmtca
zrw>9+Kwqy1<c&7vNcMG#aD)ziP3pw;;F<$EXT0=SM5-K=3Kc4BabV22yIhTA`F!HV
z*y%Kgtl_W}k6`){=CD*&@i;?5eAR_8N6I5E=gG()!$=>DF=Yq!Md(lh6SY5%QMey5
zw-x8`uR?_*BN|R|(Pq(BLCD(>5R}@;_19_W*$b2%6mWg?$G?vvS-eH$y03y<MwFS?
zw@Azo(XOZZ-yh?$BGQ9*Rb>1j6I#>n$e9N~Jkp8BB?Cj5aGrU5xDh7>qAq7NE(GKh
zUI!-`dZ<-7C>1JHxBw7VvKL{-u$)XRtQN>YaAGxtiBdc<iNh8YaTvx3_m!`S%b5t1
z0RhBu-h;nzXn33=UE(dDynH4K|KOUA{$qSnfc+O;`#;FXq=}4G$Tx{fj=v5s9Z=Ot
z1;ragg!4A=`erCs1He<}TNPxC_7U;x!91dh_9dF+LEw7m4{b@`@}W>ZGFK?q2cbfg
zS?I5JDnE`1<azv~aFoeO2GVf~RuoSHdiCI66XeNtTBC03Z9@=xBimQ_Xooe*>4$YY
zMkR#aMez!7o%r}qQ5ooo3Kc3;xWIwM!}?+6f;h*b%OJ-i5298h*vL{2bBFDe!tMk>
zi4P*JfYL%pJW}yTElgxQT9RO#6VI#o2Iow|;^VEEoH~UnP2u7ZO_`E>-<vWk(k$lj
zI7|Hg4Ww{9jtYXum7t;}L>0=kCde41451_Cke>;5U633^d437tV{x=gzc+nAR=l(D
zkv9LJTtsjz!OP%}<ocr}%IG7%Kok;k6F;XUL46&HJa2$H^<+NH&a6#%y>PM0=zE-^
z?Sgvre?L%ms^+>7I#U!Yi!LNx3$C2vI6z6Q%0a16p~4dc7`<ME0mMm>1K<;PqeHAr
zuvyeUuP(maZZoOm;hc!?1@d<xmG6%aa+2BgkCkyOr}ZG;BO&Ul(`tlSSG|grq>Rds
zqPo(1R19&{YpuHX1p>%Kd9=SrZUD;2YKpgq6zY1@XBD9&1^FL3lzb~Xs{>f*FaIDN
zV?#OzNTVwK`nhOx%19s@&~`nGjJy!}a9}}X?12!EysW6cKoojM-|<^*MW5$HT~{eL
zmy^p|4??^j`I91WnppkwzU@ST%0a16p~BV%hBzk3G7Vy&3qyz?CXtlcofSxNzWN{|
zT@dGKLd_{axhqKW{ljG(F}BJ;QNAjocwZ3-UZru&WkY}?dkxC8-aQ8^1cN-BgLoz=
zW``0_Sp;>WDWf?#u8PQ<3EIfy23$nQNwR!WkBNOPM7~uf<6Lz2$r=bgbu2p4F44ze
zpmu_A7Gh<g1d@?MAAmJwCWL5!SjHw}ut>laAc3-ju?I+sI&s`cKSo~az|kXA5w63i
z5b>hQL8(xo!qx|Ns~2G)!{^|9RbU8v5l9xXpeUde&!dX`5lI(mlJrLqaz^~^9!)YH
zhqI&jc+}xUoTwjqsR^yCz5y8VZZP+R5fqyVaw46Ho5_(0pJOqLbh42>Cy<BNgeu^7
z%bj2s)+GmoLI{I69|VzaP^Sh(GsRZb6WMeSkJ-c&Dse<iYRdkA5he;?d_;z<u|oa6
zI;?^`Z>d_Rm89RHJ_W!QN7SRbnQt)=LXWOCiN}x%Cfa-l#V^o|dSSJ+GS<Uep~Cq>
zjMEsa{le=(<l9KzCn7Lv{fH)FE*)qRD5IA^2tnLYmZ)o`B`29v-_+TITpm_jd`>7#
z+&VxOR3cl12L=vEULK~u7lF{1b9BaONr)uc8Op<}0!9>O(v|XYn)la0a>@vWHiEVC
zg_5*E0#S@Js4qe%`Z)tpQ9q9KVNXPUh=OQ;+Kpo>IG43vgy^1#M5v^HFXXZ|s!x$G
z1u_+4L~agP;^ec-{2oJ4*|>5J544uyB^{XyQoJ88ukux>a6aMVRL2GV;TU6_^I{CA
z@LGV!zsW#8oyTvR43hWBj4*1n8Pp3jVN5Oqkp%W4_Ce%Uw4k-ni?>I<etK?n0`M}J
z+z>#R0^+teCkpAIPp>$lda<sG$b>E;f_Z<%BF={EdA3k??gmBFw*;D*I#bUG_XK&P
z^J$m}D}J-g0XpyqvI}wENB_-0xk$gJ)DZsTl8lc|x!n#5nKoK+8R4ON&Hn34ue2jS
zd6PZ*<2Tt|ues4|wlv!0Z2aLjUE}1A$7)c+J>!ZU*8ch1%x37A5@g7qbM>SjD^xgd
z&^Y~^%O~vkPv2@+>=`keZ`rSX%@y|WkKb%|vSF9(p0f5Y+-i2J#~98bCuDqN$et!y
zT!)`~<)nT32XD2Vlajg7>+%T=uKO7g?Mhe_k6?J?g~u%H`@jH)ZHo`9!Rz6O-vrta
zuz^XR5HhSV^&oC23!^u7JIY$u+yQfBh;T3Jht<*&25JZ71Y@d~*G&h&jD$Zh2tthK
zMJ}?|K$No{^vgqh6uE*Y^ohqM>2XbrPd_ROVhDtP7;!-^C)z$_rZJBU+AHTLc~BsZ
z8y|j8sklZsDuJ)Nwni0Sy1qI}t%S=GQJ0?eC;@&beN5Ix^QILybG&ZfP@6U8dpIcT
zsbCJ>>3z?0_t?#Q&GvlHC+*@N_>}$dUmsH8Ds)yFW1Klkf#dT{Coc~tg)|%xUbUN}
zh5`mgJWFyu9;c0HxVa<;UYwF64SUbGUuAY!9v2OaOwu8K%!<mAhjO_Stx(}?V5nxF
z(HQ*5!A09PTC?HlVY__SuwAlU7yd%azVND1``BY?xiqc?AOG2yWlS%%Z2z{pz2WOF
zbHg*IF??vYWyeWN>7FO98Hn>Goionkx_Ck&>V+kbu<Gk3j5{tSfQ<YXcGcz$5gS&Q
zL=92w{b18-u@P2s{85au4nk^jFFL1n13}b-aRE^WbW#1{v-G^`%J1Mr7+nKo@3!7&
z5mcD6Irc!_CIca>JCDZvcZd|Xo_0iphP~%0)Ka^x1@f!~<aJfGRPU&7I2BOO%ML~;
zya?4b>Wr>F_LLrMu!KAaT}wrG7$uLq>}}$DkG2b1FNP!!{e5${WHrY+M}Hle@~CLi
zd8I<90V{HP)q{ABWnx%yB(D?Yo~F$i;&KFb?;f$Qd)jvUcYkrvOkvwKYJc<($LxxW
z#_dx-e3KphZ#Uc9zUNwbOk-+?cBh&$s6Y0V7g^&MZ?$`W{6_nN8~50ozx`^(H|)|q
z+w4u>d5s;D0mt{yt);#3Uted(|NAZWiPv0jSM3|Ow|xJ#HloSlvp;*QjgQytH(q&}
z&HemSZ26a-Vz*tsL!S7s{pq(~XCL^1>+CgOvR`f7a}-smaAwf8G<ULLAAe-to^jbu
zyL7s)o10;q<+|QKZP)60_~TFM0+-|R!SB1lPW<dG_RC*&h1uha_Qrp8wH?#7ao>;K
zVxtqo_SSE{!fx3&YVDuC*$&M#b%8G1C%^9+JNRF3u@~RA-R$_1{f95P%&&vRUwn$$
zqYL)U&)H|M|E6o~(Vx26zTmoP8HFd>IF|wN4W&?SEU|uW)x;ulLoH&txcE+q^7?Pg
zh<6BnOkPU!FmYH(?s5lgH?romVdO$Ea+EK9dhTUWQeIfFm(eeN!=Oxr(oVEHZPf#r
zYJ-6cDU)v|Wy7izXR;a;Q6}|8#X*!<(LSX-q!Yzmy-(2e1-JPnz!QYLLWh3HGeC?z
zDodMko(?&!CC~YkzoxOv7y;<L9*~c(=f)U=_-Gmxs_6!6DC!=Gr1cpCAlP!E9#l2j
zsZ0#5oU$=ME1gCNTrZ@+#ORQ<b<wvm6d`21ZVwz>u&4jZXYF%;?LON#S+{@jdDAxE
zXxpj9rhWTYUTm*?+D;q!wvXD?Kk{k2=UBs@cJa6rY}?52klnI>%o+;&YuhtR_SLVu
z&z}9O_u4z}Yua~x-fnxzPu^(<bw_&LcYoZz{%Hs7Mb}Q+q+|{M=)Lyw@43uwJTPVd
z<eG8&iMJoIpL*+KW@Fvetx#c8kS^|zJ~nUP{;Wy6YS);3;DHnN>mN8`zx0y5_Owf<
z?SFspG5d%d^mpGsYd8Gd-S!Qiv)x|)Pxjka{nmZ<yx+Xv{_3t7`^}eKZJ+zA_t^U$
zT(H^?ecE=8583mt9<}HHrg(niKKu7CIAEXmjEn4tU%1_F{Q0}>C*E<&-u)9d`_=YU
zw@lf^-}7;M&u34`NIk*ExvvuG=s)w%QRg03&HY@2VZ#tYAYRR71$RWG8=1n0cOl}i
zlxKh_JIY@-&?9IK1WOqGC^roJhIQzN&?^d|!8Z#bS45Edtk+3N*_~DcydZD4eucps
zV`weGp##mrG4B(?P*0GN@^MmnFp(V14HY^EqF^XFDTs@xF5Xp8To*~6KT_0jIsG<~
zKk^|eFE8>809gA`h|7uMQ=L~jC>ybD%6ELe<$F+S{%lR9Ky%A>(VkKJgI8W*-}#)~
zwtc)NKLZUqdhF93<IlWP26dObw5eemmtkGt?oW3;bK+}o_apcX;r0>x({H@WzV8e6
z*v<QNcgk}2MBPU5UgUWE6B+Wiep+``$U1t;K5=NtZqS|Usim6z`QIHj+qPcUvO<M*
zKx6k$KXuCXPuK0+p1IHNI?}K=-M(O7_ta_IHQuu03r*Xnw9B^-`xySY_a3rEIp2Tv
zudfx)b~)x_c2Z9J4ml-b8q+)F%#UhveaGERJGIcZ3CUkv9I~&zWy}uFEZeI-Z<pjY
z?C0Kn#I|ev|L+g$4s@r+{u9kP3AjPipDv2{5@9wl><|V!jCNm?1*{Wfp^UuDvyD(S
zFE{GAfhr6Rgb%t&WKe{{ss#Oty{BFr2SK!hxBD8EC)xS+hiwGD5{LIo1D4<`aG}f^
z2)RtGxv1zHMD!eku8ashIC37DgpeC-L4_<50!pC$B0Gfo@aAn9GI}Bv=8uqMOY+A@
zUHXR-O7}fqsyM{sIzE8t8IZLGQgQugbF7&J&7NAeKe_#+-TuATn;nya#~b!*Uw@fh
zDTm?s{IdP~U%J~anHu%gkP(%NWAW%r!+!LOrqiC0w%vXI3A=HxjO^%`{j1N}*7>rt
z8oVz4E9K~1zGK3^{kI;JuTn4U@JL-3%g%B8%exlrpFd^XWsP67!>-s-w?F&LNjXJg
z8r_^~R;bVy8qY@$F32~o*>kTRv$x;3VDJCfQQJRNm*Y{hg%fg8=34f*_srY(|JDQc
z(|`1cuMR%*@-h358q=RTylm5BHFw6hkBoH2zQk_R#WJkBe-;4P-}06_mgL0L?MMIg
zuzla_9<o1u?_rJcy3(pKUVw%R3gf)0Q4Vk?%cBN}j1XZa57JgaUS^bcRzLw6@^T}I
z@<V;Xn*xN5iZG}>#u~|I1eB-I)YiU7NQ$ppcQP<B4hU8R{C9UKmq|72G{kU<TKtC5
zpcRZhAWNtcRqHDT1_(!qv4$=&$!CBi`V@JEx{;8^Z|t+;v6(w!iq83|@|xyC`4Aff
zqIruC5vn})OZiukl>qtgE^(Cp{<UB6_-|2(*iV&*y}lv5H#Wzr;kC(l{+B;}#J>A2
zhwRj^-DanL@m9O%h}rFj7VYVmjM?$u{~Y^++fUe$xu)HHbjco*Bk|h5c+B4Tky$(S
ztGC(RKYF8W-(9!=^U)bQ_Ft~I=Uh2z@4J6a2D@b+d~nh3KfYx59zSVEf8i<iz^Qr3
zPy^@=^8*jg+C4vdt^Ls_AJ-l1j2-{gr`qw?TwyzZ;$AsIZF~RyY9zd(3Kh;a#)j+<
zKY7C5bKi_T{^*P^5C6?QbM~fB99Lq?KJVA>v2TCQ4m<j5PqmN#<Sq8T2bSzDx+Wg~
z&8OK@<bZ$p;dwi9vT1*Fudaa~y}=$l(Xfv`Iw#Z9wplswpMHG7-hKOFd;Ldr9sSJp
zcIsDdvw#1R%XEz`*qw(p&hcWN@Cb(i!oaNongqgr=LGVwGhu-tB7247d;o;(oX!ZL
zABH`2>49=xnUq59pff@r=Oo(sj1YB1V5;N5I;X;m-{*l=LFnr2I`MMUw(M2P%VY(C
zrvZh`0cD4bC@12=_sB&OE*Nv!Ia2~`x%`3@=}#_#AJRGdQ#>w3g`+|qRkg^!7K$>X
zoFED1=qs8c93prqgE!DTUBn$1PA7L@5$2^Be_IFAb&azVx+c_Y+eH*R81R}dy2b2Y
z{*l?-u@qUtq6$rqad29Ese`u;D3_H%mQT{78yn*-2b9z~<6d`yo?rhvUY_zJgUzj^
z!5eA53?t&L2tYcIeemwUq|#_G@=R8bcPeZU^%1i}cbdKKUuwKfneD&9>>FRJc@n3i
z2N=JM^$7;M!1#=@%5Lwt7IbRk`m?Aw;yL&I62yszVLd4sT*RX~GOQ!a^$_En>w|HQ
zk>GlIqG3qa?%{jP{`l2u(;X>tgGf!b0_x(G2xhgdgL7z76mhGdToze2#SG<ov6|5b
zIa^tmp7k9B4BRnMX`CT{)9M$HP~Y>QIwF_gT5vt|r_iI%YEK!_KCsq%)RFXI{V8-H
zqDMOniYPDO*M2A1ja)J6Qp#AC6F{w^+Au+Mx+;L3h%ogD3VxZGp2&FyL0LEQ_d_^1
zT<dL79VbzRssGng<Y2%^POA`zFsm0+=^RG^15A7vQydG@;DHyOILFBIe1|xkl{_t$
zv<XLE_(_Mz7kMgFI9Fg?hjRk*v6^2CK4ux)+4v_fV|F6(z(1}dad|i&=j1_tTu&AH
zLru4W`l8Gb=d55rYarNzFxcr{>db(!I7S#Svt+AEd2)nv_5gY@Cl3S!P>B#kM#{_t
zphmw*ZoOdA>Zx=ez=~7Ds)qyJs36438^<09c0cl`S4R<_Q@I`1(Ya+&WM@?+#1)7L
z^rkNHSR^5r5d^yWlSu3j`l%3qr9O>ew<{?b&~Lu)Mm+xZ8|R5gLqsp?DlZ}Q30e)_
z&nk~SEIj^+A8BkZ4(OoJJ}AKvs!*Xqg(nKIY1sW<hPDeB(y-WJ5C=rE!EVsc*oKB4
z;V4BI!O$AIg&vSkN-4Z1@^U%qoF#dGO_*~bR5)X#vY1Q<(k&s{nK!)LQIccA?;){D
zxtixhK9YOsP8vE;MdwMnMLTfrujU35v`QnOPY%Svj<^*%L}D&C!cYmpj>7{LvPcM0
zzM2YZ&4_3AG`0BsAjSFjS$Hc*deX1nw<2WqB6OxKs^2SpAd+4<Dlv|T)VLaQ;VT-Y
z2XbK*DpaWOL;`jjI~ew{FJQz7u5w4-50RB}&KL-b2@!A(aULrNeE=J`rqFN}UbF6i
z%v69fC|~DwO=!@jgR=5E4hXVAtOmq4aomZ(10Z1)P?Q%};^Q>NhpQA3sU5tWv;weJ
z`xh%b8HfszO!i$>jzowA%7FT`d9Z@enPWjpbc&7_u~~RoM4UTd#8U_ABJ%I8NHHhX
z*PRI^<peuzvk@xvl%R}iHg-|xt7+-6)T&?)%EeDH`&V!7zX#<BgH;Atg(nZ#gL3dr
zv)}vw%=e%ixY6wY``!L~P%50hbk?#bgMjvb{Ih0%_&s*Udr*1-U74gYl7W2LyD!K%
z;2wuE$hunFkT%d0I|Q*80_2l##P`rG%H{~lVcKF~C?k`Z@6Vttl^N~0E;*}#G9;I;
zoo?hQCUv7;o>wzqZCi@$gV+zjelVXDS82njBYASCqpouvpLky0e9EEtWjVLQ6AJgy
zBch{>O!R5Mg#6ftgu@(+9O-}YxU&&n00`l!zx-o#LPQ5vlv`#<`FkrjAdrazBpEKA
z_NHJwl}>!k#^s=_HJGRyJUk=XbB)<Q|1Zja%9C7hS;t;+7aIJ6JB!Hs`$BK4F3@gy
z<<`JfuR9yJjy_=a|NgVC9~qV1SD1a-k7z#N_ZKciM1!BDhA)d<$57~rA<ZnuA2xf(
zFUlS=xnR5~1R{Kf*D3ljd2t7aNX`)%V*54|jAa9jQDqbD0El+!C7-x~9h8^=xtk7Q
z5zl##_8~cECCrieVZC5-W-pcRBT$)i3FxIiW#kAQR)sRPB^UXW0|v^MfpWc13FsR3
z#|V8I7#1dNl51<Uq03C+eEa~M6rV%XsKs2OINA&1>&A827OzVW`5<Hg`iAo;!|Osm
zMetiXJYsTL0!iVIP=%1=dJqAULxV2J@wz5G3VspuetzzV2#$>RUhNqTvKq*bW1T~B
z?o@$TK|!xR{j~x(DdC&|${>H}jO-YsdHjV0_n>L`v!py?V*t@!YdMG)1Y#ic*lnI8
zPonN|;caE$q>N8@!cBGDVmAISIM7Elya<CeoLitX1Y!{F#yy=g&IyB!7Q-sa6wV2{
zhv6fP@bUnnK2hL+2)zR#j<{8?&AeQ~RD6{?<1!)(RoO6dWpfaZ;5Dwt04!_Pw-=O=
zH!or)q{x1A31w`^?okFu96}Yakv8-Eg1_a%3F8JKJ(LJuoB%ebdx7wk+Bo<?ujc2E
z%b+YV@Cr1q*}_ZF@F1V|i#J;X%t8KE3t<r|&~{yIoAPi;lof!F_;66j>$>RZ$oXM_
zsAH_W=#ZBSdNjf5ys3@_a))^}BpyWIH*m`19h9#%b&7+666@{owGb7&(11tjhC7zd
z&H%K551t+%4bVn(`~?px#2{jT_W>;Bx?YH5<bp;TcpQA3uhL%|0dm8h5XQLC$ApQ4
z)(vGIc$~mUA#ta;L3sO!2EH~ULnz8|jkYDr*|5EivOYP8E45Fs2i9ei$V>)JQUs|_
zF%f1UEham#uDX*M`AIQ!C4aB#^#dY+mm7+%@u+1a(kN)1&L>$=mkqj+jnx6-A&*N5
zMY;my;o7Wa<pqE6l|g!r;ETRsUkg0pu=E586fP#82R-sM|Em2}7Ft%Q1m?wZ7C%=$
z|6L|wxveuE@sQw+;?Wxe4igoCE@W)BgOXp6IcRIrIi_pw!UmOL^saKpMl_Cgh4YVM
zoNuy&0;2n|1sI~RD-qB6nc9iIwu(X+hnrBZydHfGbB@RW;#yb*p(@n3K4*elpBxm(
zg;=UoKlU|kR8#~9LdSCda*iE@E$SI%!AD%guL^FlnLI;p9Ye2y@(V>B72q3PJlZJY
zlJ0@f*UN~L0iBd!hvJC>;JjycMRGlkXxwsbdQ==GfUmZ4t-9k9f(JmavSP09DS`}i
zikPCEgD;Xe$KeS%IXEwuxnd54Au+Mx)`hBmY&?$qo+lph5E%t;6c{4vb0#vj0xAb(
zgNVxDqBEE{FM+7aLD?GU8s|OwYBLZ+qKx$x7cwH>s@Dum7@|$A7h)LF$zHFG&|!ed
zERw_i_G+(92Zcg3B97cDI+C<%dj~R^Y-$aedEfP_+raVzNp4Y=+PS9V!1)urT>YV&
zc)a3rCe;rL=XyFHq<}x}!M+VR5XcL9$qNzTz<a#@L_FtRj*Xc7npKz$!|Xfp@OmpQ
zAR92|pcQ}tq92hT83cmpnCljZdXbi8@puOTJR7hi9-S9*6pp721wX;F^@!&}#b!Gw
zy+C~485<a5TN6}_3S}cK2W>mD3GG_p%;Do){p4>etOn9C%I6Vr9fhj-FvE6nEd`HH
zFu}Nv$z(MYvPA=l%M}D1G4`t<vVe1D4=9vMMgKBe#NGi&@uAniI+bK{3ZiahMEZv2
zATlcx4pFF#oIw#~6L1GW!C0lp5q$o*hlV(VyDUWHZIPcxIf0xn;5>=Z=PC4w=QqR;
zIOd})vOz2QHyA<|=P-%<+c%|g0wN3WbUGt+3oynw7c&k@_$$EKlrO%LZD#*JWK}C2
T7h)D%00000NkvXXu0mjfK$-&g

diff --git a/windows/configuration/images/seven.png b/windows/configuration/images/seven.png
deleted file mode 100644
index 285a92df0b1b319b6cd86f35d6251a27c96af7e8..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 325
zcmeAS@N?(olHy`uVBq!ia0vp^GC-`v!2~1^%j?MjDaPU;cPEB*=VV?2IV|apzK#qG
z8~eHcB(eheoCO|{#S9F5he4R}c>anMpx`Y}7sn6}@3)sP3bq(<xCXx7r0{y9)a;EC
zcYE}i7=>;Wrq}P;ujVdv{N)cv{a-cz9k-`m(v_Zf>*tD<Cv9%KF(;gDGTpV__?r9d
z>$25>-D+u1PFAws;#=u9p_9?#bf9S}+fyCquP2K&R<>ka=3H-Nml2w8lJV=&@~TZT
zU4eJDR?KtQ?HrdHxaR$TDa|c$Ve_w)-wOQrPtcQ_^XrveMK!O#d$rBl{i@SwnL}@H
zO5ZuZly0_X8y_!mW1jEqdfZV;SM}Lc<G7m{nheniC*3DzR!d1Oy8mU7f4PkMKCzeI
UrhRw&0Q4n;r>mdKI;Vst04A4%tN;K2

diff --git a/windows/configuration/images/six.png b/windows/configuration/images/six.png
deleted file mode 100644
index e8906332ecac02906e2ca6c0dc6cf93d5ff50629..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 549
zcmV+=0^0qFP)<h;3K|Lk000e1NJLTq001EX001Kh1^@s68Z2XE00001b5ch_0Itp)
z=>Px#1ZP1_K>z@;j|==^1poj532;bRa{vGi!T<mc!T}X1N`L?W0lG;<K~z{r?UzB0
zgCG=!pK})KqUj0f4aU7ku*;dF(5<_<L05VMPheaW?_xo50DT~ICUN7Jyp%+RpPvVh
zCW8QW=0pAN${}JVN<@FZLXsqCT<^Vl>kVXL`r!kkAd@#NC=*}A;TKUA_&@<sRH}~v
zoFX`*Xy-9OS(qodh(9>6j1WiGA~+i;(wUB8!1{GNM~5v#RwAkb>u8G2S-B>#@u4lk
z<AS}u)le+okpnru_q$<<aJpb^J48T8c-$}!s~(=MYA&F821K=?en6?3QM6An0*)bq
zL)WOL1%*8Ol^`?-36z0wM!KkigE-LqG@Tg1!RUv?xt{iJ;M~2q{<FoM7tsZb5MtMm
zTdkgmXJ0?tjv&NW(fS6bZ)4rcPtZCDWO=*_ErO(QQB9i`o<>IXNcOhI3nayR0nvM^
zQ_I3|;sj@O5)E|Dj9P<<9HD110*)bqfNK)v!&vt$7yHHLVoZ_aTTH&BxA_v4pcA1d
zo>}0`L+C$FOo_X8;Dt-$IZ2~xhs0AqWT1BhZ|Q%dijM4lpHS?7vzpoaj;Y!Ew!Of&
nM4{GW9Dj&s4iPhlhzWofP4^QsA_S?#00000NkvXXu0mjfnd|F;

diff --git a/windows/configuration/kiosk-methods.md b/windows/configuration/kiosk-methods.md
index ef90aa43f4..2ae60be203 100644
--- a/windows/configuration/kiosk-methods.md
+++ b/windows/configuration/kiosk-methods.md
@@ -23,23 +23,23 @@ ms.topic: article
 - Windows 10
 - Windows 11
 
-Some desktop devices in an enterprise serve a special purpose, such as a PC in the lobby that customers can use to view your product catalog or a PC displaying visual content as a digital sign. Windows client offers two different locked-down experiences for public or specialized use:
+Some desktop devices in an enterprise serve a special purpose. For example, a PC in the lobby that customers use to see your product catalog. Or, a PC displaying visual content as a digital sign. Windows client offers two different locked-down experiences for public or specialized use:
 
-- **A single-app kiosk**: Runs a single Universal Windows Platform (UWP) app in fullscreen above the lockscreen. People using the kiosk can see only that app. When the kiosk account (a local standard user account) signs in, the kiosk app will launch automatically, and you can configure the kiosk account to sign in automatically as well. If the kiosk app is closed, it will automatically restart. 
+- **A single-app kiosk**: Runs a single Universal Windows Platform (UWP) app in full screen above the lock screen. People using the kiosk can see only that app. When the kiosk account (a local standard user account) signs in, the kiosk app will launch automatically, and you can configure the kiosk account to sign in automatically as well. If the kiosk app is closed, it will automatically restart. 
   
-  A single-app kiosk is ideal for public use. Using [Shell Launcher](kiosk-shelllauncher.md), you can configure a kiosk device that runs a Windows desktop application as the user interface. The application that you specify replaces the default shell (explorer.exe) that usually runs when a user logs on. This type of single-app kiosk does not run above the lockscreen. 
+  A single-app kiosk is ideal for public use. Using [Shell Launcher](kiosk-shelllauncher.md), you can configure a kiosk device that runs a Windows desktop application as the user interface. The application that you specify replaces the default shell (explorer.exe) that usually runs when a user logs on. This type of single-app kiosk does not run above the lock screen. 
 
   ![Illustration of a full-screen kiosk experience that runs one app on a Windows client device.](images/kiosk-fullscreen.png)
 
-- **A multi-app kiosk**, which runs one or more apps from the desktop. People using the kiosk see a customized Start that shows only the tiles for the apps that are allowed. With this approach, you can configure a locked-down experience for different account types. 
+- **A multi-app kiosk**: Runs one or more apps from the desktop. People using the kiosk see a customized Start that shows only the tiles for the apps that are allowed. With this approach, you can configure a locked-down experience for different account types. 
+
+  > [!NOTE]
+  > Currently, multi-app kiosk is only supported on Windows 10. It's not supported on Windows 11.
 
   A multi-app kiosk is appropriate for devices that are shared by multiple people. When you configure a multi-app kiosk, [specific policies are enforced](kiosk-policies.md) that will affect **all** non-administrator users on the device. 
 
   ![Illustration of a kiosk Start screen that runs multiple apps on a Windows client device.](images/kiosk-desktop.png)
 
-  > [!NOTE]
-  > Currently, multi-app kiosk is only supported on Windows 10. It's not supported on Windows 11.
-
 Kiosk configurations are based on **Assigned Access**, a feature in Windows client that allows an administrator to manage the user's experience by limiting the application entry points exposed to the user. 
 
 There are several kiosk configuration methods that you can choose from, depending on your answers to the following questions.
@@ -48,7 +48,7 @@ There are several kiosk configuration methods that you can choose from, dependin
 
     ![icon that represents apps.](images/office-logo.png) 
 
-    Your kiosk can run a Universal Windows Platform (UWP) app or a Windows desktop application. For [digital signage](setup-digital-signage.md), simply select a digital sign player as your kiosk app. [Check out the guidelines for kiosk apps.](guidelines-for-assigned-access-app.md)
+    Your kiosk can run a Universal Windows Platform (UWP) app or a Windows desktop application. For [digital signage](setup-digital-signage.md), select a digital sign player as your kiosk app. [Check out the guidelines for kiosk apps.](guidelines-for-assigned-access-app.md)
 
 - **Which type of kiosk do you need?**
 
@@ -60,7 +60,7 @@ There are several kiosk configuration methods that you can choose from, dependin
 
     ![icon that represents Windows.](images/windows.png)
 
-    All of the configuration methods work for Windows client Enterprise and Education; some of the methods work for Windows Pro. Kiosk mode is not available on Windows Home.
+    All of the configuration methods work for Windows client Enterprise and Education; some of the methods work for Windows Pro. Kiosk mode isn't available on Windows Home.
 
 - **Which type of user account will be the kiosk account?**
 
@@ -70,10 +70,10 @@ There are several kiosk configuration methods that you can choose from, dependin
 
 
 >[!IMPORTANT]
->Single-app kiosk mode is not supported over a remote desktop connection. Your kiosk users must sign in on the physical device that is set up as a kiosk.
- 
- <span id="uwp" />
- 
+>Single-app kiosk mode isn't supported over a remote desktop connection. Your kiosk users must sign in on the physical device that is set up as a kiosk.
+
+<span id="uwp" />
+
 ## Methods for a single-app kiosk running a UWP app
 
 You can use this method | For this edition | For this kiosk account type 
diff --git a/windows/configuration/kiosk-prepare.md b/windows/configuration/kiosk-prepare.md
index 59c3f0cd6f..e93b571a4b 100644
--- a/windows/configuration/kiosk-prepare.md
+++ b/windows/configuration/kiosk-prepare.md
@@ -42,7 +42,7 @@ For a more secure kiosk experience, we recommend that you make the following con
 | Enable and schedule automatic updates | Go to **Group Policy Editor** &gt; **Computer Configuration** &gt; **Administrative Templates\\Windows Components\\Windows Update\\Configure Automatic Updates**, and select `option 4 (Auto download and schedule the install)`<br>-or-<br>Use the MDM setting **Update/AllowAutoUpdate** from the [**Policy/Update** configuration service provider](/windows/client-management/mdm/policy-csp-update#update-allowautoupdate), and select `option 3 (Auto install and restart at a specified time)`<br><br>**Note:** Installations can take from between 30 minutes and 2 hours, depending on the device, so you should schedule updates to occur when a block of 3-4 hours is available.<br><br>To schedule the automatic update, configure **Schedule Install Day**, **Schedule Install Time**, and **Schedule Install Week**. |
 | Enable automatic restart at the scheduled time | Go to **Group Policy Editor** &gt; **Computer Configuration** &gt; **Administrative Templates\\Windows Components\\Windows Update\\Always automatically restart at the scheduled time** |
 | Replace "blue screen" with blank screen for OS errors   | Add the following registry key as DWORD (32-bit) type with a value of `1`:</br></br>**HKLM\SYSTEM\CurrentControlSet\Control\CrashControl\DisplayDisabled** |
-| Put device in **Tablet mode**. | If you want users to be able to use the touch (on screen) keyboard, go to **Settings** &gt; **System** &gt; **Tablet mode** and choose **On.** Do not turn on this setting if users will not interact with the kiosk, such as for a digital sign.
+| Put device in **Tablet mode**. | If you want users to be able to use the touch (on screen) keyboard, go to **Settings** &gt; **System** &gt; **Tablet mode** and choose **On.** Don't turn on this setting if users will not interact with the kiosk, such as for a digital sign.
 Hide **Ease of access** feature on the sign-in screen. |     See [how to disable the Ease of Access button in the registry.](/windows-hardware/customize/enterprise/complementary-features-to-custom-logon#welcome-screen)
 | Disable the hardware power button. |     Go to **Power Options** &gt; **Choose what the power button does**, change the setting to **Do nothing**, and then **Save changes**. |
 | Remove the power button from the sign-in screen. |     Go to **Computer Configuration** &gt; **Windows Settings** &gt; **Security Settings** &gt; **Local Policies** &gt;**Security Options** &gt; **Shutdown: Allow system to be shut down without having to log on** and select **Disabled.** |
@@ -59,7 +59,7 @@ Logs can help you [troubleshoot issues](./kiosk-troubleshoot.md) kiosk issues. L
 
 ## Automatic logon
 
-In addition to the settings in the table, you may want to set up **automatic logon** for your kiosk device. When your kiosk device restarts, whether from an update or power outage, you can sign in the assigned access account manually or you can configure the device to sign in to the assigned access account automatically. Make sure that Group Policy settings applied to the device do not prevent automatic sign in.
+You may also want to set up **automatic logon** for your kiosk device. When your kiosk device restarts, from an update or power outage, you can sign in the assigned access account manually. Or, you can configure the device to sign in to the assigned access account automatically. Make sure that Group Policy settings applied to the device don't prevent automatic sign in.
 
 > [!NOTE]
 > If you are using a Windows client device restriction CSP to set "Preferred Azure AD tenant domain", this will break the "User logon type" auto-login feature of the Kiosk profile.
@@ -105,9 +105,6 @@ In addition to the settings in the table, you may want to set up **automatic log
 
 The following table describes some features that have interoperability issues we recommend that you consider when running assigned access.
 
-> [!Note]
-> Where applicable, the table notes which features are optional that you can configure for assigned access.
-
 - **Accessibility**: Assigned access does not change Ease of Access settings. We recommend that you use [Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter) to block the following key combinations that bring up accessibility features:
 
   | Key combination | Blocked behavior |
@@ -120,18 +117,18 @@ The following table describes some features that have interoperability issues we
 
 - **Key sequences blocked by assigned access**: When in assigned access, some key combinations are blocked for assigned access users.
 
-  Alt+F4, Alt+Shift+Tab, Alt+Tab are not blocked by Assigned Access, it is recommended you use [Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter) to block these key combinations.
+  Alt + F4, Alt + Shift + Tab, Alt + Tab are not blocked by Assigned Access, it's recommended you use [Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter) to block these key combinations.
 
-  Ctrl+Alt+Delete is the key to break out of Assigned Access. If needed, you can use Keyboard Filter to configure a different key combination to break out of assigned access by setting BreakoutKeyScanCode as described in [WEKF_Settings](/windows-hardware/customize/enterprise/wekf-settings).
+  Ctrl + Alt + Delete is the key to break out of Assigned Access. If needed, you can use Keyboard Filter to configure a different key combination to break out of assigned access by setting BreakoutKeyScanCode as described in [WEKF_Settings](/windows-hardware/customize/enterprise/wekf-settings).
 
   | Key combination | Blocked behavior for assigned access users |
   | --- | --- | 
-  | Alt+Esc | Cycle through items in the reverse order from which they were opened. |
-  | Ctrl+Alt+Esc | Cycle through items in the reverse order from which they were opened. |
-  | Ctrl+Esc | Open the Start screen. |
-  | Ctrl+F4 | Close the window. |
-  | Ctrl+Shift+Esc | Open Task Manager. |
-  | Ctrl+Tab | Switch windows within the application currently open. |
+  | Alt + Esc | Cycle through items in the reverse order from which they were opened. |
+  | Ctrl + Alt + Esc | Cycle through items in the reverse order from which they were opened. |
+  | Ctrl + Esc | Open the Start screen. |
+  | Ctrl + F4 | Close the window. |
+  | Ctrl + Shift + Esc | Open Task Manager. |
+  | Ctrl + Tab | Switch windows within the application currently open. |
   | LaunchApp1 | Open the app that is assigned to this key. |
   | LaunchApp2 | Open the app that is assigned to this key, which on many Microsoft keyboards is Calculator. |
   | LaunchMail | Open the default mail client. |
@@ -143,15 +140,15 @@ The following table describes some features that have interoperability issues we
 
   [Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter) is only available on Windows client Enterprise or Education.
 
-- **Power button**: Customizations for the Power button complement assigned access, letting you implement features such as removing the power button from the Welcome screen. Removing the power button ensures the user cannot turn off the device when it is in assigned access.
+- **Power button**: Customizations for the Power button complement assigned access, letting you implement features such as removing the power button from the Welcome screen. Removing the power button ensures the user cannot turn off the device when it's in assigned access.
 
   For more information on removing the power button or disabling the physical power button, see [Custom Logon](/windows-hardware/customize/enterprise/custom-logon).
 
-- **Unified Write Filter (UWF)**: UWFsettings apply to all users, including those with assigned access.
+- **Unified Write Filter (UWF)**: UWFsettings apply to all users, including users with assigned access.
 
   For more information, see [Unified Write Filter](/windows-hardware/customize/enterprise/unified-write-filter).
 
-- **WEDL_AssignedAccess class**: Although you can use this class to configure and manage basic lockdown features for assigned access, we recommend that you use the Windows PowerShell cmdlets instead.
+- **WEDL_AssignedAccess class**: You can use this class to configure and manage basic lockdown features for assigned access. It's recommended to you use the Windows PowerShell cmdlets instead.
 
   If you need to use assigned access API, see [WEDL_AssignedAccess](/windows-hardware/customize/enterprise/wedl-assignedaccess).
 
@@ -167,8 +164,8 @@ A single-app kiosk configuration runs an app above the lock screen. It doesn't w
 
 When you connect to a VM configured as a single-app kiosk, you need a *basic* session rather than an enhanced session. In the following image, notice that **Enhanced session** is not selected in the **View** menu; that means it's a basic session.
 
-:::image type="content" source="images/vm-kiosk.png" alt-text="Use a basic session to connect a virtual machine. In the View menu, Extended session is not selected, which means basic is used.":::
+:::image type="content" source="images/vm-kiosk.png" alt-text="Use a basic session to connect a virtual machine. In the View menu, Extended session isn't selected, which means basic is used.":::
 
-To connect to a VM in a basic session, do not select **Connect** in the connection dialog, as shown in the following image, but instead, select the **X** button in the upper-right corner to cancel the dialog:
+To connect to a VM in a basic session, don't select **Connect** in the connection dialog, as shown in the following image, but instead, select the **X** button in the upper-right corner to cancel the dialog:
 
-:::image type="content" source="images/vm-kiosk-connect.png" alt-text="Do not select the connect button. Use the close X in the top corner to connect to a VM in basic session.":::
+:::image type="content" source="images/vm-kiosk-connect.png" alt-text="Don't select the connect button. Use the close X in the top corner to connect to a VM in basic session.":::
diff --git a/windows/configuration/kiosk-single-app.md b/windows/configuration/kiosk-single-app.md
index 08a4c1d23e..a4d89ffa8f 100644
--- a/windows/configuration/kiosk-single-app.md
+++ b/windows/configuration/kiosk-single-app.md
@@ -23,7 +23,7 @@ ms.topic: article
 - Windows 10 Pro, Enterprise, and Education
 - Windows 11
 
-A single-app kiosk uses the Assigned Access feature to run a single app above the lockscreen. When the kiosk account signs in, the app is launched automatically. The person using the kiosk cannot do anything on the device outside of the kiosk app.
+A single-app kiosk uses the Assigned Access feature to run a single app above the lock screen. When the kiosk account signs in, the app is launched automatically. The person using the kiosk cannot do anything on the device outside of the kiosk app.
 
 ![Illustration of a single-app kiosk experience.](images/kiosk-fullscreen-sm.png)
 
@@ -34,12 +34,12 @@ A single-app kiosk uses the Assigned Access feature to run a single app above th
 
 You have several options for configuring your single-app kiosk. 
 
-Method | Description
---- | ---
-[Locally, in Settings](#local) | The **Set up a kiosk** (previously named **Set up assigned access**) option in **Settings** is a quick and easy method to set up a single device as a kiosk for a local standard user account. <br><br>This method is supported on Windows client Pro, Enterprise, and Education.
-[PowerShell](#powershell) | You can use Windows PowerShell cmdlets to set up a single-app kiosk. First, you need to [create the user account](https://support.microsoft.com/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10) on the device and install the kiosk app for that account.<br><br>This method is supported on Windows client Pro, Enterprise, and Education.
-[The kiosk wizard in Windows Configuration Designer](#wizard) | Windows Configuration Designer is a tool that produces a *provisioning package*, which is a package of configuration settings that can be applied to one or more devices during the first-run experience (OOBE) or after OOBE is done (runtime). You can also create the kiosk user account and install the kiosk app, as well as other useful settings, using the kiosk wizard.<br><br>This method is supported on Windows 10 Pro version 1709+, Enterprise, and Education / Windows 11.
-[Microsoft Intune or other mobile device management (MDM) provider](#mdm) | For managed devices, you can use MDM to set up a kiosk configuration.<br><br>This method is supported on Windows 10 Pro version 1709+, Enterprise, and Education / Windows 11.
+| Method | Description |
+| --- | --- |
+| [Locally, in Settings](#local) | The **Set up a kiosk** (previously named **Set up assigned access**) option in **Settings** is a quick and easy method to set up a single device as a kiosk for a local standard user account. <br><br>This method is supported on Windows client Pro, Enterprise, and Education. |
+| [PowerShell](#powershell) | You can use Windows PowerShell cmdlets to set up a single-app kiosk. First, you need to [create the user account](https://support.microsoft.com/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10) on the device and install the kiosk app for that account.<br><br>This method is supported on Windows client Pro, Enterprise, and Education. |
+| [The kiosk wizard in Windows Configuration Designer](#wizard) | Windows Configuration Designer is a tool that produces a *provisioning package*. A provisioning package includes configuration settings that can be applied to one or more devices during the first-run experience (OOBE), or after OOBE is done (runtime). Using the kiosk wizard, you can also create the kiosk user account, install the kiosk app, and configure more useful settings.<br><br>This method is supported on Windows 10 Pro version 1709+, Enterprise, and Education. |
+| [Microsoft Intune or other mobile device management (MDM) provider](#mdm) | For managed devices, you can use MDM to set up a kiosk configuration.<br><br>This method is supported on Windows 10 Pro version 1709+, Enterprise, and Education / Windows 11. |
 
 >[!TIP]
 >You can also configure a kiosk account and app for single-app kiosk within [XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) by using a [kiosk profile](lock-down-windows-10-to-specific-apps.md#profile).  
@@ -63,11 +63,11 @@ Method | Description
 
 You can use **Settings** to quickly configure one or a few devices as a kiosk. 
 
-When your kiosk is a local device that is not managed by Active Directory or Azure Active Directory, there is a default setting that enables automatic sign-in after a restart. That means that when the device restarts, the last signed-in user will be signed in automatically. If the last signed-in user is the kiosk account, the kiosk app will be launched automatically after the device restarts.
+When your kiosk is a local device that isn't managed by Active Directory or Azure Active Directory, there is a default setting that enables automatic sign-in after a restart. That means that when the device restarts, the last signed-in user will be signed in automatically. If the last signed-in user is the kiosk account, the kiosk app will be launched automatically after the device restarts.
 
-- If you want the kiosk account signed in automatically and the kiosk app launched when the device restarts, there is nothing you need to do.
+- If you want the kiosk account to sign in automatically and the kiosk app launched when the device restarts, then you don't need to do anything.
 
-- If you do not want the kiosk account signed in automatically when the device restarts, you must change the default setting before you configure the device as a kiosk. Sign in with the account that you will assign as the kiosk account, go to **Settings** > **Accounts** > **Sign-in options**, and toggle the **Use my sign-in info to automatically finish setting up my device after an update or restart** setting to **Off**. After you change the setting, you can apply the kiosk configuration to the device.
+- If you don't want the kiosk account to sign in automatically when the device restarts, then you must change the default setting before you configure the device as a kiosk. Sign in with the account that you will assign as the kiosk account, go to **Settings** > **Accounts** > **Sign-in options**, and set the **Use my sign-in info to automatically finish setting up my device after an update or restart** setting to **Off**. After you change the setting, you can apply the kiosk configuration to the device.
 
 ![Screenshot of automatic sign-in setting.](images/auto-signin.png)
 
@@ -95,7 +95,7 @@ When you set up a kiosk (also known as *assigned access*) in **Settings** for Wi
 To remove assigned access, select the account tile on the **Set up a kiosk** page, and then select **Remove kiosk**.
 
 
-### Instructions for Windows 10 version 1803 and earlier
+### Windows 10 version 1803 and earlier
 
 When you set up a kiosk (also known as *assigned access*) in **Settings** for Windows 10 version 1803 and earlier, you must select an existing local standard user account. [Learn how to create a local standard user account.](https://support.microsoft.com/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10)
 
@@ -111,7 +111,7 @@ When you set up a kiosk (also known as *assigned access*) in **Settings** for Wi
 
 4.  Choose an app. Only apps that can run above the lock screen will be available in the list of apps to choose from. For more information, see [Guidelines for choosing an app for assigned access](guidelines-for-assigned-access-app.md).
 
-5.  Close **Settings** – your choices are saved automatically, and will be applied the next time that user account logs on.
+5.  Close **Settings** – your choices are saved automatically, and will be applied the next time that user account signs in.
 
 To remove assigned access, choose **Turn off assigned access and sign out of the selected account**.
 
@@ -135,12 +135,12 @@ You can use any of the following PowerShell cmdlets to set up assigned access on
 
 Before you run the cmdlet:
 
-1. Log in as administrator.
+1. Sign in as administrator.
 2. [Create the user account](https://support.microsoft.com/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10) for Assigned Access.
-3. Log in as the Assigned Access user account.
+3. Sign in as the Assigned Access user account.
 4. Install the Universal Windows app that follows the assigned access/above the lock guidelines.
-5. Log out as the Assigned Access user account.
-6. Log in as administrator.
+5. Sign out as the Assigned Access user account.
+6. Sign in as administrator.
 
 To open PowerShell on Windows client, search for PowerShell, and find **Windows PowerShell Desktop app** in the results. Run PowerShell as administrator.
 
@@ -150,7 +150,7 @@ To open PowerShell on Windows client, search for PowerShell, and find **Windows
 - **Configure assigned access by app name and user SID**: `Set-AssignedAccess -AppName <CustomApp> -UserSID <usersid>`
 
 > [!NOTE]
-> To set up assigned access using `-AppName`, the user account that you specify for assigned access must have logged on at least once. 
+> To set up assigned access using `-AppName`, the user account that you enter for assigned access must have signed in at least once. 
 
 [Learn how to get the AUMID](./find-the-application-user-model-id-of-an-installed-app.md).
 
@@ -172,7 +172,6 @@ Clear-AssignedAccess
 >
 >OS edition:
 > - Windows 10 Pro version 1709+ for UWP only; Ent, Edu for both app types
-> - Windows 11
 >
 >Account type:
 > - Local standard user
@@ -186,20 +185,97 @@ Clear-AssignedAccess
 
 When you use the **Provision kiosk devices** wizard in Windows Configuration Designer, you can configure the kiosk to run either a Universal Windows app or a Windows desktop application.
 
+[Install Windows Configuration Designer](provisioning-packages/provisioning-install-icd.md), then open Windows Configuration Designer and select **Provision kiosk devices**. After you name your project, and select **Next**, configure the following settings:
 
-[Install Windows Configuration Designer](provisioning-packages/provisioning-install-icd.md), then open Windows Configuration Designer and select **Provision kiosk devices**. After you name your project, and click **Next**, configure the settings as shown in the following table.
+1. Enable device setup:
 
-<table>
-<tr><td valign="top"><img src="images/one.png" alt="step one"/><img src="images/set-up-device.png" alt="set up device"/></br></br>Enable device setup if you want to configure settings on this page.</br></br><strong>If enabled:</strong></br></br>Enter a name for the device.</br></br>(Optional) Select a license file to upgrade Windows client to a different edition. <a href="/windows/deployment/upgrade/windows-10-edition-upgrades" data-raw-source="[See the permitted upgrades.](/windows/deployment/upgrade/windows-10-edition-upgrades)">See the permitted upgrades.</a></br></br>Toggle <strong>Configure devices for shared use</strong> off. This setting optimizes Windows client for shared use scenarios and isn&#39;t necessary for a kiosk scenario.</br></br>You can also select to remove pre-installed software from the device. </td><td><img src="images/set-up-device-details.png" alt="device name, upgrade to enterprise, shared use, remove pre-installed software"/></td></tr>
-<tr><td valign="top"><img src="images/two.png" alt="step two"/>  <img src="images/set-up-network.png" alt="set up network"/></br></br>Enable network setup if you want to configure settings on this page.</br></br><strong>If enabled:</strong></br></br>Toggle <strong>On</strong> or <strong>Off</strong> for wireless network connectivity. If you select <strong>On</strong>, enter the SSID, the network type (<strong>Open</strong> or <strong>WPA2-Personal</strong>), and (if <strong>WPA2-Personal</strong>) the password for the wireless network.</td><td><img src="images/set-up-network-details.png" alt="Enter network SSID and type"/></td></tr>
-<tr><td valign="top"><img src="images/three.png" alt="step three"/>  <img src="images/account-management.png" alt="account management"/></br></br>Enable account management if you want to configure settings on this page. </br></br><strong>If enabled:</strong></br></br>You can enroll the device in Active Directory, enroll in Azure Active Directory, or create a local administrator account on the device</br></br>To enroll the device in Active Directory, enter the credentials for a least-privileged user account to join the device to the domain.</br></br>Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, <a href="/azure/active-directory/active-directory-azureadjoin-setup" data-raw-source="[set up Azure AD join in your organization](/azure/active-directory/active-directory-azureadjoin-setup)">set up Azure AD join in your organization</a>. The <strong>maximum number of devices per user</strong> setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 180 days from the date you get the token). Click <strong>Get bulk token</strong>. In the <strong>Let&#39;s get you signed in</strong> window, enter an account that has permissions to join a device to Azure AD, and then the password. Click <strong>Accept</strong> to give Windows Configuration Designer the necessary permissions.</br></br><strong>Warning:</strong> You must run Windows Configuration Designer on Windows client to configure Azure Active Directory enrollment using any of the wizards.</br></br>To create a local administrator account, select that option and enter a user name and password. </br></br><strong>Important:</strong> If you create a local account in the provisioning package, you must change the password using the <strong>Settings</strong> app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in.  </td><td><img src="images/account-management-details.png" alt="join Active Directory, Azure AD, or create a local admin account"/></td></tr>
-<tr><td valign="top"><img src="images/four.png" alt="step four"/> <img src="images/add-applications.png" alt="add applications"/></br></br>You can provision the kiosk app in the <strong>Add applications</strong> step. You can install multiple applications, both Windows desktop applications (Win32) and Universal Windows Platform (UWP) apps, in a provisioning package. The settings in this step vary according to the application that you select. For help with the settings, see <a href="provisioning-packages/provision-pcs-with-apps.md" data-raw-source="[Provision PCs with apps](provisioning-packages/provision-pcs-with-apps.md)">Provision PCs with apps</a></br></br><strong>Warning:</strong> If you click the plus button to add an application, you must specify an application for the provisioning package to validate. If you click the plus button in error, select any executable file in <strong>Installer Path</strong>, and then a <strong>Cancel</strong> button becomes available, allowing you to complete the provisioning package without an application. </td><td><img src="images/add-applications-details.png" alt="add an application"/></td></tr>
-<tr><td valign="top"><img src="images/five.png" alt="step five"/> <img src="images/add-certificates.png" alt="add certificates"/></br></br>To provision the device with a certificate for the kiosk app, click <strong>Add a certificate</strong>. Enter a name for the certificate, and then browse to and select the certificate to be used.</td><td><img src="images/add-certificates-details.png" alt="add a certificate"/></td></tr> 
-<tr><td valign="top"><img src="images/six.png" alt="step six"/>  <img src="images/kiosk-account.png" alt="Configure kiosk account and app"/></br></br>You can create a local standard user account that will be used to run the kiosk app. If you toggle <strong>No</strong>, make sure that you have an existing user account to run the kiosk app.</br></br>If you want to create an account, enter the user name and password, and then toggle <strong>Yes</strong> or <strong>No</strong> to automatically sign in the account when the device starts. (If you encounter issues with auto sign-in after you apply the provisioning package, check the Event Viewer logs for auto logon issues under <strong>Applications and Services Logs\Microsoft\Windows\Authentication User Interface\Operational</strong>.)</br></br>In <strong>Configure the kiosk mode app</strong>, enter the name of the user account that will run the kiosk mode app. Select the type of app to run in kiosk mode, and then enter the path or filename (for a Windows desktop application) or the AUMID (for a Universal Windows app). For a Windows desktop application, you can use the filename if the path to the file is in the PATH environment variable, otherwise the full path is required.</td><td><img src="images/kiosk-account-details.png" alt="The 'Configure kiosk common settings' button as displayed while provisioning a kiosk device in Windows Configuration Designer."/></td></tr>
-<tr><td valign="top"><img src="images/seven.png" alt="step seven"/>  <img src="images/kiosk-common.png" alt="configure kiosk common settings"/></br></br>On this step, select your options for tablet mode, the user experience on the Welcome and shutdown screens, and the timeout settings.</td><td><img src="images/kiosk-common-details.png" alt="set tablet mode and configure welcome and shutdown and turn off timeout settings"/></td></tr>
-<tr><td valign="top">  <img src="images/finish.png" alt="The 'finish' button as displayed while provisioning a kiosk device in Windows Configuration Designer."/></br></br>You can set a password to protect your provisioning package. You must enter this password when you apply the provisioning package to a device.</td><td><img src="images/finish-details.png" alt="Protect your package"/></td></tr>
-</table>
+    :::image type="content" source="images/set-up-device-details.png" alt-text="In Windows Configuration Designer, enable device setup, enter the device name, the product key to upgrade, turn off shared use, and remove preinstalled software.":::
 
+    If you want to enable device setup, select **Set up device**, and configure the following settings:
+
+    - **Device name**: Required. Enter a unique 15-character name for the device. You can use variables to add unique characters to the name, such as `Contoso-%SERIAL%` and `Contoso-%RAND:5%`.
+    - **Enter product key**: Optional. Select a license file to upgrade Windows client to a different edition. For more information, see [the permitted upgrades](/windows/deployment/upgrade/windows-10-edition-upgrades).
+    - **Configure devices for shared use**: This setting optimizes Windows client for shared use scenarios, and isn't necessary for a kiosk scenario. Set this value to **No**, which may be the default.
+    - **Remove pre-installed software**: Optional. Select **Yes** if you want to remove preinstalled software.
+
+2. Set up the network:
+
+    :::image type="content" source="images/set-up-network-details.png" alt-text="In Windows Configuration Designer, turn on wireless connectivity, enter the network SSID, and network type.":::
+
+    If you want to enable network setup, select **Set up network**, and configure the following settings:
+
+    - **Set up network**: To enable wireless connectivity, select **On**.
+    - **Network SSID**: Enter the Service Set IDentifier (SSID) of the network.
+    - **Network type**: Select **Open** or **WPA2-Personal**. If you select **WPA2-Personal**, enter the password for the wireless network.
+
+3. Enable account management:
+
+    :::image type="content" source="images/account-management-details.png" alt-text="In Windows Configuration Designer, join Active Directory, Azure AD, or create a local admin account.":::
+
+    If you want to enable account management, select **Account Management**, and configure the following settings:
+
+    - **Manage organization/school accounts**: Choose how devices are enrolled. Your options:
+      - **Active Directory**: Enter the credentials for a least-privileged user account to join the device to the domain.
+      - **Azure Active Directory**: Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, [set up Azure AD join in your organization](/azure/active-directory/active-directory-azureadjoin-setup). In your Azure AD tenant, the **maximum number of devices per user** setting determines how many times the bulk token in the wizard can be used.
+
+        If you select this option, enter a friendly name for the bulk token you get using the wizard. Set an expiration date for the token. The maximum is 180 days from the date you get the token. Select **Get bulk token**. In **Let's get you signed in**, enter an account that has permissions to join a device to Azure AD, and then the password. Select **Accept** to give Windows Configuration Designer the necessary permissions.
+
+        You must run Windows Configuration Designer on Windows client to configure Azure AD enrollment using any of the wizards.
+
+      - **Local administrator**: If you select this option, enter a user name and password. If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password isn't changed during that period, the account might be locked out, and unable to sign in.
+
+4. Add applications:
+
+    :::image type="content" source="images/add-applications-details.png" alt-text="In Windows Configuration Designer, add an application that will run in kiosk mode.":::
+
+    To add applications to the devices, select **Add applications**. You can install multiple applications in a provisioning package, including Windows desktop applications (Win32) and Universal Windows Platform (UWP) apps. The settings in this step vary depending on the application you select. For help with the settings, see [Provision PCs with apps](provisioning-packages/provision-pcs-with-apps.md).
+
+    > [!WARNING]
+    > If you select the plus button to add an application, you must enter an application for the provisioning package to validate. If you select the plus button by mistake, then:
+    >
+    > 1. In **Installer Path**, select any executable file.
+    > 2. When the **Cancel** button shows, select it.
+    >
+    > These steps let you complete the provisioning package without adding an application.
+
+5. Add certificates:
+
+    :::image type="content" source="images/add-certificates-details.png" alt-text="In Windows Configuration Designer, add a certificate.":::
+
+    To add a certificate to the devices, select **Add certificates**, and configure the following settings:
+
+    - **Certificate name**: Enter a name for the certificate.
+    - **Certificate path**: Browse and select the certificate you want to add.
+
+6. Configure the kiosk account, and the kiosk mode app:
+
+    :::image type="content" source="images/kiosk-account-details.png" alt-text="In Windows Configuration Designer, the Configure kiosk common settings button is shown when provisioning a kiosk device.":::
+
+    To add the account that runs the app and choose the app type, select **Configure kiosk account and app**, and configure the following settings:
+
+    - **Create a local standard user account to run the kiosk mode app**: Select **Yes** to create a local standard user account, and enter the **User name** and **Password**. This user account runs the app. If you select **No**, make sure you have an existing user account to run the kiosk app.
+    - **Auto sign-in**: Select **Yes** to automatically sign in the account when the device starts. **No** doesn't automatically sign in the account. If there are issues with auto sign-in after you apply the provisioning package, then check the Event Viewer logs for auto logon issues (`Applications and Services Logs\Microsoft\Windows\Authentication User Interface\Operational`).
+    - **Configure the kiosk mode app**: Enter the **User name** of the account that will run the kiosk mode app. In **App type**, select the type of app to run. Your options:
+      - **Windows desktop application**: Enter the path or filename. If the file path is in the PATH environment variable, then you can use the filename. Otherwise, the full path is required.
+      - **Universal Windows app**: Enter the AUMID.
+
+7. Configure kiosk common settings:
+
+    :::image type="content" source="images/kiosk-common-details.png" alt-text="In Windows Configuration Designer, set tablet mode, configure the welcome and shutdown screens, and turn off the power timeout settings.":::
+
+    To configure the tablet mode, configure welcome and shutdown screens, and set the power settings, select **Configure kiosk common settings**, and configure the following settings:
+
+    - **Set tablet mode**
+    - **Customize user experience**
+    - **Configure power settings**
+
+8. Finish:
+
+    :::image type="content" source="images/finish-details.png" alt-text="In Windows Configuration Designer, protect your package with a password.":::
+
+    To complete the wizard, select **Finish**, and configure the following setting:
+
+    - **Protect your package**: Select **Yes** to password protect your provisioning package. When you apply the provisioning package to a device, you must enter this password.
 
 >[!NOTE]
 >If you want to use [the advanced editor in Windows Configuration Designer](provisioning-packages/provisioning-create-package.md#configure-settings), specify the user account and app (by AUMID) in **Runtime settings** &gt; **AssignedAccess** &gt; **AssignedAccessSettings**
@@ -224,8 +300,6 @@ When you use the **Provision kiosk devices** wizard in Windows Configuration Des
 > - Local standard user
 > - Azure AD
 
-
-
 Microsoft Intune and other MDM services enable kiosk configuration through the [AssignedAccess configuration service provider (CSP)](/windows/client-management/mdm/assignedaccess-csp). Assigned Access has a `KioskModeApp` setting. In the `KioskModeApp` setting, you enter the user account name and the [AUMID](/windows-hardware/customize/enterprise/find-the-application-user-model-id-of-an-installed-app) for the app to run in kiosk mode.
 
 >[!TIP]
@@ -237,7 +311,7 @@ To configure a kiosk in Microsoft Intune, see [Windows client and Windows Hologr
 
 ## Sign out of assigned access
 
-To exit the assigned access (kiosk) app, press **Ctrl + Alt + Del**, and then sign in using another account. When you press **Ctrl + Alt + Del** to sign out of assigned access, the kiosk app will exit automatically. If you sign in again as the assigned access account or wait for the login screen timeout, the kiosk app will be re-launched. The assigned access user will remain signed in until an admin account opens **Task Manager** > **Users** and signs out the user account.
+To exit the assigned access (kiosk) app, press **Ctrl + Alt + Del**, and then sign in using another account. When you press **Ctrl + Alt + Del** to sign out of assigned access, the kiosk app will exit automatically. If you sign in again as the assigned access account or wait for the sign in screen timeout, the kiosk app relaunches. The assigned access user will remain signed in until an admin account opens **Task Manager** > **Users** and signs out the user account.
 
 If you press **Ctrl + Alt + Del** and do not sign in to another account, after a set time, assigned access will resume. The default time is 30 seconds, but you can change that in the following registry key:
 

From 6d84f71eeb16a186c780a703f7bb007653d4d5f0 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Tue, 21 Sep 2021 10:13:18 +0530
Subject: [PATCH 541/671] Updated

---
 .../mdm/policies-in-policy-csp-admx-backed.md             | 1 -
 windows/client-management/mdm/policy-csp-feeds.md         | 8 ++++----
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 2cccb73779..5ceb9db7c3 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -1432,7 +1432,6 @@ ms.date: 10/08/2020
 - [EventLogService/SpecifyMaximumFileSizeApplicationLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizeapplicationlog)
 - [EventLogService/SpecifyMaximumFileSizeSecurityLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizesecuritylog)
 - [EventLogService/SpecifyMaximumFileSizeSystemLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizesystemlog)
-- [Feeds/FeedsEnabled](./policy-csp-feeds.md#feeds-feedsenabled)
 - [FileExplorer/TurnOffDataExecutionPreventionForExplorer](./policy-csp-fileexplorer.md#fileexplorer-turnoffdataexecutionpreventionforexplorer)
 - [FileExplorer/TurnOffHeapTerminationOnCorruption](./policy-csp-fileexplorer.md#fileexplorer-turnoffheapterminationoncorruption)
 - [InternetExplorer/AddSearchProvider](./policy-csp-internetexplorer.md#internetexplorer-addsearchprovider)
diff --git a/windows/client-management/mdm/policy-csp-feeds.md b/windows/client-management/mdm/policy-csp-feeds.md
index 834c6f8226..0f683d9be9 100644
--- a/windows/client-management/mdm/policy-csp-feeds.md
+++ b/windows/client-management/mdm/policy-csp-feeds.md
@@ -47,22 +47,22 @@ manager: dansimp
 <tr>
     <td>Pro</td>
     <td>Yes</td>
-    <td>Yes</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
     <td>Yes</td>
-    <td>Yes</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
     <td>Yes</td>
-    <td>Yes</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Education</td>
     <td>Yes</td>
-    <td>Yes</td>
+    <td>No</td>
 </tr>
 </table>
 

From 910c4184e1d66e93e3c621d38eeb5b330803bb11 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment=20Notin?= <clement.notin@gmail.com>
Date: Tue, 21 Sep 2021 13:45:09 +0200
Subject: [PATCH 542/671] Make Domain Admins well-known SID consistent with
 others

It was missing the "-21-" part which all other similar well-known have.
For example, see just below: "Domain Computers" -> "S-1-5-21-<domain>-515
---
 .../access-control/active-directory-security-groups.md          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/access-control/active-directory-security-groups.md b/windows/security/identity-protection/access-control/active-directory-security-groups.md
index 9b9c40977d..b14702f2e4 100644
--- a/windows/security/identity-protection/access-control/active-directory-security-groups.md
+++ b/windows/security/identity-protection/access-control/active-directory-security-groups.md
@@ -1489,7 +1489,7 @@ This security group has not changed since Windows Server 2008.
 <tbody>
 <tr class="odd">
 <td><p>Well-Known SID/RID</p></td>
-<td><p>S-1-5-&lt;domain&gt;-512</p></td>
+<td><p>S-1-5-21-&lt;domain&gt;-512</p></td>
 </tr>
 <tr class="even">
 <td><p>Type</p></td>

From cc0caf6d2bb98bf270634c341b0ff244063d90f9 Mon Sep 17 00:00:00 2001
From: Meghana Athavale <v-mathavale@microsoft.com>
Date: Tue, 21 Sep 2021 18:24:19 +0530
Subject: [PATCH 543/671] Updated 16 to 30

---
 .../mdm/policy-csp-admx-nca.md                |  176 ++-
 .../mdm/policy-csp-admx-ncsi.md               |  154 ++-
 .../mdm/policy-csp-admx-netlogon.md           |  770 +++++++-----
 .../mdm/policy-csp-admx-networkconnections.md |  594 ++++++----
 .../mdm/policy-csp-admx-offlinefiles.md       | 1034 +++++++++++------
 .../mdm/policy-csp-admx-peertopeercaching.md  |  198 ++--
 .../policy-csp-admx-performancediagnostics.md |   88 +-
 .../mdm/policy-csp-admx-power.md              |  550 +++++----
 ...licy-csp-admx-powershellexecutionpolicy.md |   88 +-
 .../mdm/policy-csp-admx-printing.md           |  572 +++++----
 .../mdm/policy-csp-admx-printing2.md          |  198 ++--
 .../mdm/policy-csp-admx-programs.md           |  154 ++-
 .../mdm/policy-csp-admx-reliability.md        |   88 +-
 .../mdm/policy-csp-admx-remoteassistance.md   |   44 +-
 .../mdm/policy-csp-admx-removablestorage.md   |  704 +++++++----
 15 files changed, 3444 insertions(+), 1968 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-admx-nca.md b/windows/client-management/mdm/policy-csp-admx-nca.md
index f35134f108..1148c8b887 100644
--- a/windows/client-management/mdm/policy-csp-admx-nca.md
+++ b/windows/client-management/mdm/policy-csp-admx-nca.md
@@ -57,28 +57,34 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -95,7 +101,7 @@ manager: dansimp
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies resources on your intranet that are normally accessible to DirectAccess clients. Each entry is a string that identifies the type of resource and the location of the resource. 
+This policy setting specifies resources on your intranet that are normally accessible to DirectAccess clients. Each entry is a string that identifies the type of resource and the location of the resource. 
 
 Each string can be one of the following types:  
 
@@ -136,28 +142,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -174,7 +186,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies commands configured by the administrator for custom logging. These commands will run in addition to default log commands.
+This policy setting specifies commands configured by the administrator for custom logging. These commands will run in addition to default log commands.
 
 <!--/Description-->
 > [!TIP]
@@ -201,28 +213,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -239,7 +257,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the IPv6 addresses of the endpoints of the Internet Protocol security (IPsec) tunnels that enable DirectAccess. NCA attempts to access the resources that are specified in the Corporate Resources setting through these configured tunnel endpoints. 
+This policy setting specifies the IPv6 addresses of the endpoints of the Internet Protocol security (IPsec) tunnels that enable DirectAccess. NCA attempts to access the resources that are specified in the Corporate Resources setting through these configured tunnel endpoints. 
 
 By default, NCA uses the same DirectAccess server that the DirectAccess client computer connection is using. In default configurations of DirectAccess, there are typically two IPsec tunnel endpoints: one for the infrastructure tunnel and one for the intranet tunnel. You should configure one endpoint for each tunnel.
 
@@ -272,28 +290,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -310,7 +334,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the string that appears for DirectAccess connectivity when the user clicks the Networking notification area icon. For example, you can specify “Contoso Intranet Access” for the DirectAccess clients of the Contoso Corporation.
+This policy setting specifies the string that appears for DirectAccess connectivity when the user clicks the Networking notification area icon. For example, you can specify “Contoso Intranet Access” for the DirectAccess clients of the Contoso Corporation.
 
 If this setting is not configured, the string that appears for DirectAccess connectivity is “Corporate Connection”.
 
@@ -339,28 +363,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -377,7 +407,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the user has Connect and Disconnect options for the DirectAccess entry when the user clicks the Networking notification area icon.
+This policy setting specifies whether the user has Connect and Disconnect options for the DirectAccess entry when the user clicks the Networking notification area icon.
 
 If the user clicks the Disconnect option, NCA removes the DirectAccess rules from the Name Resolution Policy Table (NRPT) and the DirectAccess client computer uses whatever normal name resolution is available to the client computer in its current network configuration, including sending all DNS queries to the local intranet or Internet DNS servers. Note that NCA does not remove the existing IPsec tunnels and users can still access intranet resources across the DirectAccess server by specifying IPv6 addresses rather than names.
 
@@ -415,28 +445,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -453,7 +489,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether NCA service runs in Passive Mode or not.
+This policy setting specifies whether NCA service runs in Passive Mode or not.
 
 Set this to Disabled to keep NCA probing actively all the time. If this setting is not configured, NCA probing is in active mode by default.
 <!--/Description-->
@@ -481,28 +517,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -519,7 +561,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether an entry for DirectAccess connectivity appears when the user clicks the Networking notification area icon.
+This policy setting specifies whether an entry for DirectAccess connectivity appears when the user clicks the Networking notification area icon.
 
 Set this to Disabled to prevent user confusion when you are just using DirectAccess to remotely manage DirectAccess client computers from your intranet and not providing seamless intranet access. 
 
@@ -550,28 +592,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -588,7 +636,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the e-mail address to be used when sending the log files that are generated by NCA to the network administrator. 
+This policy setting specifies the e-mail address to be used when sending the log files that are generated by NCA to the network administrator. 
 
 When the user sends the log files to the Administrator, NCA uses the default e-mail client to open a new message with the support email address in the To: field of the message, then attaches the generated log files as a .html file. The user can review the message and add additional information before sending the message.
 
diff --git a/windows/client-management/mdm/policy-csp-admx-ncsi.md b/windows/client-management/mdm/policy-csp-admx-ncsi.md
index 4981561468..a970faaac9 100644
--- a/windows/client-management/mdm/policy-csp-admx-ncsi.md
+++ b/windows/client-management/mdm/policy-csp-admx-ncsi.md
@@ -54,28 +54,34 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -92,7 +98,7 @@ manager: dansimp
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting  enables you to specify the expected address of the host name used for the DNS probe. Successful resolution of the host name to this address indicates corporate connectivity.
+This policy setting  enables you to specify the expected address of the host name used for the DNS probe. Successful resolution of the host name to this address indicates corporate connectivity.
 
 <!--/Description-->
 > [!TIP]
@@ -119,28 +125,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -157,7 +169,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting enables you to specify the host name of a computer known to be on the corporate network. Successful resolution of this host name to the expected address indicates corporate connectivity.
+This policy setting enables you to specify the host name of a computer known to be on the corporate network. Successful resolution of this host name to the expected address indicates corporate connectivity.
 
 <!--/Description-->
 > [!TIP]
@@ -184,28 +196,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -222,7 +240,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting enables you to specify the list of IPv6 corporate site prefixes to monitor for corporate connectivity. Reachability of addresses with any of these prefixes indicates corporate connectivity.
+This policy setting enables you to specify the list of IPv6 corporate site prefixes to monitor for corporate connectivity. Reachability of addresses with any of these prefixes indicates corporate connectivity.
 
 <!--/Description-->
 > [!TIP]
@@ -249,28 +267,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -287,7 +311,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting enables you to specify the URL of the corporate website, against which an active probe is performed.
+This policy setting enables you to specify the URL of the corporate website, against which an active probe is performed.
 
 <!--/Description-->
 > [!TIP]
@@ -317,28 +341,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -355,7 +385,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting enables you to specify the HTTPS URL of the corporate website that clients use to determine the current domain location (i.e. whether the computer is inside or outside the corporate network). Reachability of the URL destination indicates that the client location is inside corporate network; otherwise it is outside the network.
+This policy setting enables you to specify the HTTPS URL of the corporate website that clients use to determine the current domain location (i.e. whether the computer is inside or outside the corporate network). Reachability of the URL destination indicates that the client location is inside corporate network; otherwise it is outside the network.
 
 <!--/Description-->
 > [!TIP]
@@ -382,28 +412,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -420,7 +456,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting enables you to specify DNS binding behavior. NCSI by default will restrict DNS lookups to the interface it is currently probing on. If you enable this setting, NCSI will allow the DNS lookups to happen on any interface.
+This policy setting enables you to specify DNS binding behavior. NCSI by default will restrict DNS lookups to the interface it is currently probing on. If you enable this setting, NCSI will allow the DNS lookups to happen on any interface.
 
 <!--/Description-->
 > [!TIP]
@@ -447,28 +483,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -485,7 +527,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This Policy setting enables you to specify passive polling behavior. NCSI polls various measurements throughout the network stack on a frequent interval to determine if network connectivity has been lost.  Use the options to control the passive polling behavior.
+This Policy setting enables you to specify passive polling behavior. NCSI polls various measurements throughout the network stack on a frequent interval to determine if network connectivity has been lost.  Use the options to control the passive polling behavior.
 
 <!--/Description-->
 > [!TIP]
diff --git a/windows/client-management/mdm/policy-csp-admx-netlogon.md b/windows/client-management/mdm/policy-csp-admx-netlogon.md
index f8c2d7401e..4b32723dd1 100644
--- a/windows/client-management/mdm/policy-csp-admx-netlogon.md
+++ b/windows/client-management/mdm/policy-csp-admx-netlogon.md
@@ -138,28 +138,34 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -176,7 +182,7 @@ manager: dansimp
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures how a domain controller (DC) behaves when responding to a client whose IP address does not map to any configured site.
+This policy setting configures how a domain controller (DC) behaves when responding to a client whose IP address does not map to any configured site.
 
 Domain controllers use the client IP address during a DC locator ping request to compute which Active Directory site the client belongs to. If no site mapping can be computed, the DC may do an address lookup on the client network name to discover other IP addresses which may then be used to compute a matching site for the client. 
 
@@ -215,28 +221,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -253,7 +265,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the type of IP address that is returned for a domain controller. The DC Locator APIs return the IP address of the DC with the other parts of information. Before the support of IPv6, the returned DC IP address was IPv4. But with the support of IPv6, the DC Locator APIs can return IPv6 DC address. The returned IPv6 DC address may not be correctly handled by some of the existing applications. So this policy is provided to support such scenarios.
+This policy setting determines the type of IP address that is returned for a domain controller. The DC Locator APIs return the IP address of the DC with the other parts of information. Before the support of IPv6, the returned DC IP address was IPv4. But with the support of IPv6, the DC Locator APIs can return IPv6 DC address. The returned IPv6 DC address may not be correctly handled by some of the existing applications. So this policy is provided to support such scenarios.
 
 By default, DC Locator APIs can return IPv4/IPv6 DC address. But if some applications are broken due to the returned IPv6 DC address, this policy can be used to disable the default behavior and enforce to return only IPv4 DC address. Once applications are fixed, this policy can be used to enable the default behavior.
 
@@ -290,28 +302,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -328,7 +346,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the computers to which this setting is applied attempts DNS name resolution of single-label domain names, by appending different registered DNS suffixes, and uses NetBIOS name resolution only if DNS name resolution fails. This policy, including the specified default behavior, is not used if the AllowSingleLabelDnsDomain policy setting is enabled.
+This policy setting specifies whether the computers to which this setting is applied attempts DNS name resolution of single-label domain names, by appending different registered DNS suffixes, and uses NetBIOS name resolution only if DNS name resolution fails. This policy, including the specified default behavior, is not used if the AllowSingleLabelDnsDomain policy setting is enabled.
 
 By default, when no setting is specified for this policy, the behavior is the same as explicitly enabling this policy, unless the AllowSingleLabelDnsDomain policy setting is enabled.
 
@@ -363,28 +381,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -401,7 +425,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether the Net Logon service will allow the use of older cryptography algorithms that are used in Windows NT 4.0. The cryptography algorithms used in Windows NT 4.0 and earlier are not as secure as newer algorithms used in Windows 2000 or later, including this version of Windows.
+This policy setting controls whether the Net Logon service will allow the use of older cryptography algorithms that are used in Windows NT 4.0. The cryptography algorithms used in Windows NT 4.0 and earlier are not as secure as newer algorithms used in Windows 2000 or later, including this version of Windows.
 
 By default, Net Logon will not allow the older cryptography algorithms to be used and will not include them in the negotiation of cryptography algorithms. Therefore, computers running Windows NT 4.0 will not be able to establish a connection to this domain controller.
  
@@ -438,28 +462,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -476,7 +506,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the computers to which this setting is applied attempt DNS name resolution of a single-label domain names.
+This policy setting specifies whether the computers to which this setting is applied attempt DNS name resolution of a single-label domain names.
 
 By default, the behavior specified in the AllowDnsSuffixSearch is used. If the AllowDnsSuffixSearch policy is disabled, then NetBIOS name resolution is used exclusively, to locate a domain controller hosting an Active Directory domain specified with a single-label name.
 
@@ -513,28 +543,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -551,7 +587,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether domain controllers (DC) will dynamically register DC Locator site-specific SRV records for the closest sites where no DC for the same domain exists (or no Global Catalog for the same forest exists). These DNS records are dynamically registered by the Net Logon service, and they are used to locate the DC.
+This policy setting determines whether domain controllers (DC) will dynamically register DC Locator site-specific SRV records for the closest sites where no DC for the same domain exists (or no Global Catalog for the same forest exists). These DNS records are dynamically registered by the Net Logon service, and they are used to locate the DC.
 
 If you enable this policy setting, the DCs to which this setting is applied dynamically register DC Locator site-specific DNS SRV records for the closest sites where no DC for the same domain, or no Global Catalog for the same forest, exists.
 
@@ -586,28 +622,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -624,7 +666,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control the domain controller (DC) location algorithm. By default, the DC location algorithm prefers DNS-based discovery if the DNS domain name is known. If DNS-based discovery fails and the NetBIOS domain name is known, the algorithm then uses NetBIOS-based discovery as a fallback mechanism.
+This policy setting allows you to control the domain controller (DC) location algorithm. By default, the DC location algorithm prefers DNS-based discovery if the DNS domain name is known. If DNS-based discovery fails and the NetBIOS domain name is known, the algorithm then uses NetBIOS-based discovery as a fallback mechanism.
 
 NetBIOS-based discovery uses a WINS server and mailslot messages but does not use site information. Hence it does not ensure that clients will discover the closest DC. It also allows a hub-site client to discover a branch-site DC even if the branch-site DC only registers site-specific DNS records (as recommended). For these reasons, NetBIOS-based discovery is not recommended.
 
@@ -662,28 +704,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -700,7 +748,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting defines whether a domain controller (DC) should attempt to verify the password provided by a client with the PDC emulator if the DC failed to validate the password.
+This policy setting defines whether a domain controller (DC) should attempt to verify the password provided by a client with the PDC emulator if the DC failed to validate the password.
 
 Contacting the PDC emulator is useful in case the client’s password was recently changed and did not propagate to the DC yet. Users may want to disable this feature if the PDC emulator is located over a slow WAN connection.
 
@@ -737,28 +785,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -775,7 +829,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the amount of time (in seconds) to wait before the first retry for applications that perform periodic searches for domain controllers (DC) that are unable to find a DC.
+This policy setting determines the amount of time (in seconds) to wait before the first retry for applications that perform periodic searches for domain controllers (DC) that are unable to find a DC.
 
 The default value for this setting is 10 minutes (10*60). 
 
@@ -815,28 +869,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -853,7 +913,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines  the maximum retry interval allowed when applications performing periodic searches for Domain Controllers (DCs) are unable to find a DC.
+This policy setting determines  the maximum retry interval allowed when applications performing periodic searches for Domain Controllers (DCs) are unable to find a DC.
 
 For example, the retry intervals may be set at 10 minutes, then 20 minutes and then 40 minutes, but when the interval reaches the value set in this setting, that value becomes the retry interval for all subsequent retries until the value set in Final DC Discovery Retry Setting is reached.
 
@@ -895,28 +955,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -933,7 +999,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines when retries are no longer allowed for applications that perform periodic searches for domain controllers (DC) are unable to find a DC. For example, retires may be set to occur according to the Use maximum DC discovery retry interval policy setting, but when the value set in this policy setting is reached, no more retries occur. If a value for this policy setting is smaller than the value in the Use maximum DC discovery retry interval policy setting, the value for Use maximum DC discovery retry interval policy setting is used.
+This policy setting determines when retries are no longer allowed for applications that perform periodic searches for domain controllers (DC) are unable to find a DC. For example, retires may be set to occur according to the Use maximum DC discovery retry interval policy setting, but when the value set in this policy setting is reached, no more retries occur. If a value for this policy setting is smaller than the value in the Use maximum DC discovery retry interval policy setting, the value for Use maximum DC discovery retry interval policy setting is used.
 
 The default value for this setting is to not quit retrying (0). The maximum value for this setting is 49 days (0x49*24*60*60=4233600). The minimum value for this setting is 0.
 
@@ -967,28 +1033,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1005,7 +1077,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that periodically attempt to locate DCs, and it is applied before  returning the DC information to the caller program. The default value for this setting is infinite (4294967200). The maximum value for this setting is (4294967200), while the maximum that is not treated as infinity is 49 days (49*24*60*60=4233600). Any larger value is treated as infinity. The minimum value for this setting is to always refresh (0).
+This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that periodically attempt to locate DCs, and it is applied before  returning the DC information to the caller program. The default value for this setting is infinite (4294967200). The maximum value for this setting is (4294967200), while the maximum that is not treated as infinity is 49 days (49*24*60*60=4233600). Any larger value is treated as infinity. The minimum value for this setting is to always refresh (0).
 
 <!--/Description-->
 > [!TIP]
@@ -1034,28 +1106,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1072,7 +1150,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the level of debug output for the Net Logon service.
+This policy setting specifies the level of debug output for the Net Logon service.
 
 The Net Logon service outputs debug information to the log file netlogon.log in the directory %windir%\debug. By default, no debug information is logged.
 
@@ -1109,28 +1187,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1147,7 +1231,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines which DC Locator DNS records are not registered by the Net Logon service.
+This policy setting determines which DC Locator DNS records are not registered by the Net Logon service.
 
 If you enable this policy setting, select Enabled and specify a list of space-delimited mnemonics (instructions) for the DC Locator DNS records that will not be registered by the DCs to which this setting is applied.
 
@@ -1208,28 +1292,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1246,7 +1336,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the Refresh Interval of the DC Locator DNS resource records for DCs to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used by the DC Locator algorithm to locate the DC. This setting may be applied only to DCs using dynamic update.
+This policy setting specifies the Refresh Interval of the DC Locator DNS resource records for DCs to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used by the DC Locator algorithm to locate the DC. This setting may be applied only to DCs using dynamic update.
 
 DCs configured to perform dynamic registration of the DC Locator DNS resource records periodically reregister their records with DNS servers, even if their records’ data has not changed. If authoritative DNS servers are configured to perform scavenging of the stale records, this reregistration is required to instruct the DNS servers configured to automatically remove (scavenge) stale records that these records are current and should be preserved in the database.
 
@@ -1284,28 +1374,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1322,7 +1418,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures whether the domain controllers to which this setting is applied will lowercase their DNS host name when registering SRV records.
+This policy setting configures whether the domain controllers to which this setting is applied will lowercase their DNS host name when registering SRV records.
 
 If enabled, domain controllers will lowercase their DNS host name when registering domain controller SRV records. A best-effort attempt will be made to delete any previously registered SRV records that contain mixed-case DNS host names. For more information and potential manual cleanup procedures, see the link below.
 
@@ -1360,28 +1456,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1398,7 +1500,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the value for the Time-To-Live (TTL) field in SRV resource records that are registered by the Net Logon service. These DNS records are dynamically registered, and they are used to locate the domain controller (DC).
+This policy setting specifies the value for the Time-To-Live (TTL) field in SRV resource records that are registered by the Net Logon service. These DNS records are dynamically registered, and they are used to locate the domain controller (DC).
 
 To specify the TTL for DC Locator DNS records, click Enabled, and then enter a value in seconds (for example, the value "900" is 15 minutes).
 
@@ -1430,28 +1532,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1468,7 +1576,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the additional time for the computer to wait for the domain controller’s (DC) response when logging on to the network.
+This policy setting specifies the additional time for the computer to wait for the domain controller’s (DC) response when logging on to the network.
 
 To specify the expected dial-up delay at logon, click Enabled, and then enter the desired value in seconds (for example, the value "60" is 1 minute).
 
@@ -1501,28 +1609,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1539,7 +1653,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the interval for when a Force Rediscovery is carried out by DC Locator.
+This policy setting determines the interval for when a Force Rediscovery is carried out by DC Locator.
 
 The Domain Controller Locator (DC Locator) service is used by clients to find domain controllers for their Active Directory domain. When DC Locator finds a domain controller, it caches domain controllers to improve the efficiency of the location algorithm. As long as the cached domain controller meets the requirements and is running, DC Locator will continue to return it. If a new domain controller is introduced, existing clients will only discover it when a Force Rediscovery is carried out by DC Locator. To adapt to changes in network conditions DC Locator will by default carry out a Force Rediscovery according to a specific time interval and maintain efficient load-balancing of clients across all available domain controllers in all domains or forests. The default time interval for Force Rediscovery by DC Locator is 12 hours. Force Rediscovery can also be triggered if a call to DC Locator uses the DS_FORCE_REDISCOVERY flag. Rediscovery resets the timer on the cached domain controller entries.
 
@@ -1576,28 +1690,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1614,7 +1734,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the sites for which the global catalogs (GC) should register site-specific GC locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the GC resides, and records registered by a GC configured to register GC Locator DNS SRV records for those sites without a GC that are closest to it. 
+This policy setting specifies the sites for which the global catalogs (GC) should register site-specific GC locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the GC resides, and records registered by a GC configured to register GC Locator DNS SRV records for those sites without a GC that are closest to it. 
 
 The GC Locator DNS records and the site-specific SRV records are dynamically registered by the Net Logon service, and they are used to locate the GC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication. A GC is a domain controller that contains a partial replica of every domain in Active Directory.
 
@@ -1649,28 +1769,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1687,7 +1813,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control the processing of incoming mailslot messages by a local domain controller (DC).
+This policy setting allows you to control the processing of incoming mailslot messages by a local domain controller (DC).
 
 > [!NOTE]
 > To locate a remote DC based on its NetBIOS (single-label) domain name, DC Locator first gets the list of DCs from a WINS server that is configured in its local client settings. DC Locator then sends a mailslot message to each remote DC to get more information. DC location succeeds only if a remote DC responds to the mailslot message.
@@ -1725,28 +1851,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1763,7 +1895,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the Priority field in the SRV resource records registered by domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used to locate the DC.
+This policy setting specifies the Priority field in the SRV resource records registered by domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used to locate the DC.
 
 The Priority field in the SRV record sets the preference for target hosts (specified in the SRV record’s Target field). DNS clients that query for SRV resource records attempt to contact the first reachable host with the lowest priority number listed.
 
@@ -1798,28 +1930,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1836,7 +1974,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the Weight field in the SRV resource records registered by the domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service, and they are used to locate the DC.
+This policy setting specifies the Weight field in the SRV resource records registered by the domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service, and they are used to locate the DC.
 
 The Weight field in the SRV record can be used in addition to the Priority value to provide a load-balancing mechanism where multiple servers are specified in the SRV records Target field and are all set to the same priority. The probability with which the DNS client randomly selects the target host to be contacted is proportional to the Weight field value in the SRV record.
 
@@ -1871,28 +2009,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1909,7 +2053,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the maximum size in bytes of the log file netlogon.log in the directory %windir%\debug when logging is enabled.
+This policy setting specifies the maximum size in bytes of the log file netlogon.log in the directory %windir%\debug when logging is enabled.
 
 By default, the maximum size of the log file is 20MB. If you enable this policy setting, the maximum size of the log file is set to the specified size.  Once this size is reached the log file is saved to netlogon.bak and netlogon.log is truncated. A reasonable value based on available storage should be specified.
 
@@ -1942,28 +2086,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1980,7 +2130,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the sites for which the domain controllers (DC) that host the application directory partition should register the site-specific, application directory partition-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites without a DC that are closest to it. 
+This policy setting specifies the sites for which the domain controllers (DC) that host the application directory partition should register the site-specific, application directory partition-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites without a DC that are closest to it. 
 
 The application directory partition DC Locator DNS records and the site-specific SRV records are dynamically registered by the Net Logon service, and they are used to locate the application directory partition-specific DC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication.
 
@@ -2015,28 +2165,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2053,7 +2209,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the amount of time (in seconds) the DC locator remembers that a domain controller (DC) could not be found in a domain. When a subsequent attempt to locate the DC occurs within the time set in this setting, DC Discovery immediately fails, without attempting to find the DC.
+This policy setting specifies the amount of time (in seconds) the DC locator remembers that a domain controller (DC) could not be found in a domain. When a subsequent attempt to locate the DC occurs within the time set in this setting, DC Discovery immediately fails, without attempting to find the DC.
 
 The default value for this setting is 45 seconds. The maximum value for this setting is 7 days (7*24*60*60). The minimum value for this setting is 0.
 
@@ -2087,28 +2243,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2125,7 +2287,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether or not the Netlogon share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications.
+This policy setting controls whether or not the Netlogon share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications.
 
 If you enable this policy setting, the Netlogon share will honor file sharing semantics that grant requests for exclusive read access to files on the share even when the caller has only read permission.
 
@@ -2165,28 +2327,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2203,7 +2371,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that do not periodically attempt to locate DCs, and it is applied before the returning the DC information to the caller program. This policy setting is relevant to only those callers of DsGetDcName that have not specified the DS_BACKGROUND_ONLY flag.
+This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that do not periodically attempt to locate DCs, and it is applied before the returning the DC information to the caller program. This policy setting is relevant to only those callers of DsGetDcName that have not specified the DS_BACKGROUND_ONLY flag.
 
 The default value for this setting is 30 minutes (1800). The maximum value for this setting is (4294967200), while the maximum that is not treated as infinity is 49 days (49*24*60*60=4233600). Any larger value will be treated as infinity. The minimum value for this setting is to always refresh (0).
 
@@ -2234,28 +2402,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2272,7 +2446,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures whether the computers to which this setting is applied are more aggressive when trying to locate a domain controller (DC).
+This policy setting configures whether the computers to which this setting is applied are more aggressive when trying to locate a domain controller (DC).
 
 When an environment has a large number of DCs running both old and new operating systems, the default DC locator discovery behavior may be insufficient to find DCs running a newer operating system.  This policy setting can be enabled to configure DC locator to be more aggressive about trying to locate a DC in such an environment, by pinging DCs at a higher frequency.  Enabling this setting may result in additional network traffic and increased load on DCs.  You should disable this setting once all DCs are running the same OS version.
 
@@ -2312,28 +2486,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2350,7 +2530,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the interval at which Netlogon performs the following scavenging operations:
+This policy setting determines the interval at which Netlogon performs the following scavenging operations:
 
 - Checks if a password on a secure channel needs to be modified, and modifies it if necessary.
 
@@ -2389,28 +2569,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2427,7 +2613,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the sites for which the domain controllers (DC) register the site-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites without a DC that are closest to it. 
+This policy setting specifies the sites for which the domain controllers (DC) register the site-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites without a DC that are closest to it. 
 
 The DC Locator DNS records are dynamically registered by the Net Logon service, and they are used to locate the DC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication.
 
@@ -2462,28 +2648,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2500,7 +2692,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the Active Directory site to which computers belong.
+This policy setting specifies the Active Directory site to which computers belong.
 
 An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication.
 
@@ -2535,28 +2727,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2573,7 +2771,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether or not the SYSVOL share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications.
+This policy setting controls whether or not the SYSVOL share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications.
 
 When this setting is enabled, the SYSVOL share will honor file sharing semantics that grant requests for exclusive read access to files on the share even when the caller has only read permission.
 
@@ -2613,28 +2811,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2651,7 +2855,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting enables DC Locator to attempt to locate a DC in the nearest site based on the site link cost if a DC in same the site is not found. In scenarios with multiple sites, failing over to the try next closest site during DC Location streamlines network traffic more effectively.
+This policy setting enables DC Locator to attempt to locate a DC in the nearest site based on the site link cost if a DC in same the site is not found. In scenarios with multiple sites, failing over to the try next closest site during DC Location streamlines network traffic more effectively.
 
 The DC Locator service is used by clients to find domain controllers for their Active Directory domain. The default behavior for DC Locator is to find a DC in the same site. If none are found in the same site, a DC in another site, which might be several site-hops away, could be returned by DC Locator. Site proximity between two sites is determined by the total site-link cost between them. A site is closer if it has a lower site link cost than another site with a higher site link cost. 
 
@@ -2688,28 +2892,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2726,7 +2936,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines if dynamic registration of the domain controller (DC) locator DNS resource records is enabled. These DNS records are dynamically registered by the Net Logon service and are used by the Locator algorithm to locate the DC.
+This policy setting determines if dynamic registration of the domain controller (DC) locator DNS resource records is enabled. These DNS records are dynamically registered by the Net Logon service and are used by the Locator algorithm to locate the DC.
 
 If you enable this policy setting, DCs to which this setting is applied dynamically register DC Locator DNS resource records through dynamic DNS update-enabled network connections.
 
diff --git a/windows/client-management/mdm/policy-csp-admx-networkconnections.md b/windows/client-management/mdm/policy-csp-admx-networkconnections.md
index 42d74dc6ad..22f39d543e 100644
--- a/windows/client-management/mdm/policy-csp-admx-networkconnections.md
+++ b/windows/client-management/mdm/policy-csp-admx-networkconnections.md
@@ -115,28 +115,34 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -153,7 +159,7 @@ manager: dansimp
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether administrators can add and remove network components for a LAN or remote access connection. This setting has no effect on nonadministrators.
+This policy setting determines whether administrators can add and remove network components for a LAN or remote access connection. This setting has no effect on nonadministrators.
 
 If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Install and Uninstall buttons for components of connections are disabled, and administrators are not permitted to access network components in the Windows Components Wizard.
 
@@ -195,28 +201,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -233,7 +245,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether the Advanced Settings item on the Advanced menu in Network Connections is enabled for administrators.
+This policy setting determines whether the Advanced Settings item on the Advanced menu in Network Connections is enabled for administrators.
 
 The Advanced Settings item lets users view and change bindings and view and change the order in which the computer accesses connections, network providers, and print providers.
 
@@ -271,28 +283,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -309,7 +327,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can configure advanced TCP/IP settings.
+This policy setting determines whether users can configure advanced TCP/IP settings.
 
 If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Advanced button on the Internet Protocol (TCP/IP) Properties dialog box is disabled for all users (including administrators). As a result, users cannot open the Advanced TCP/IP Settings Properties page and modify IP settings, such as DNS and WINS server information.
 
@@ -352,28 +370,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -390,7 +414,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting Determines whether administrators can enable and disable the components used by LAN connections.
+This policy setting Determines whether administrators can enable and disable the components used by LAN connections.
 
 If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the check boxes for enabling and disabling components are disabled. As a result, administrators cannot enable or disable the components that a connection uses.
 
@@ -428,28 +452,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -466,7 +496,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can delete all user remote access connections.
+This policy setting determines whether users can delete all user remote access connections.
 
 To create an all-user remote access connection, on the Connection Availability page in the New Connection Wizard, click the "For all users" option.
 
@@ -510,28 +540,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -548,7 +584,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can delete remote access connections.
+This policy setting determines whether users can delete remote access connections.
 
 If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), users (including administrators) cannot delete any remote access connections. This setting also disables the Delete option on the context menu for a remote access connection and on the File menu in the Network Connections folder.
 
@@ -590,28 +626,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -628,7 +670,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether the Remote Access Preferences item on the Advanced menu in Network Connections folder is enabled.
+This policy setting determines whether the Remote Access Preferences item on the Advanced menu in Network Connections folder is enabled.
 
 The Remote Access Preferences item lets users create and change connections before logon and configure automatic dialing and callback features.
 
@@ -663,28 +705,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -701,7 +749,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether or not the "local access only" network icon will be shown.
+This policy setting specifies whether or not the "local access only" network icon will be shown.
 
 When enabled, the icon for Internet access will be shown in the system tray even when a user is connected to a network with local access only.
 
@@ -732,28 +780,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -770,7 +824,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether settings that existed in Windows 2000 Server family will apply to Administrators.
+This policy setting determines whether settings that existed in Windows 2000 Server family will apply to Administrators.
 
 The set of Network Connections group settings that existed in Windows 2000 Professional also exists in Windows XP Professional. In Windows 2000 Professional, all of these settings had the ability to prohibit the use of certain features from Administrators.
 
@@ -808,28 +862,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -846,7 +906,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether a remote client computer  routes Internet traffic through the internal network or whether the client accesses the Internet directly.
+This policy setting determines whether a remote client computer  routes Internet traffic through the internal network or whether the client accesses the Internet directly.
 
 When a remote client computer connects to an internal network using DirectAccess, it can access the Internet in two ways: through the secure tunnel that DirectAccess establishes between the computer and the internal network, or directly through the local default gateway.
 
@@ -881,28 +941,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -919,7 +985,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether notifications are shown to the user when a DHCP-configured connection is unable to retrieve an IP address from a DHCP server. This is often signified by the assignment of an automatic private IP address"(i.e. an IP address in the range 169.254.*.*). This indicates that a DHCP server could not be reached or the DHCP server was reached but unable to respond to the request with a valid IP address. By default, a notification is displayed providing the user with information on how the problem can be resolved.
+This policy setting allows you to manage whether notifications are shown to the user when a DHCP-configured connection is unable to retrieve an IP address from a DHCP server. This is often signified by the assignment of an automatic private IP address"(i.e. an IP address in the range 169.254.*.*). This indicates that a DHCP server could not be reached or the DHCP server was reached but unable to respond to the request with a valid IP address. By default, a notification is displayed providing the user with information on how the problem can be resolved.
 
 If you enable this policy setting, this condition will not be reported as an error to the user.
 
@@ -950,28 +1016,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -988,7 +1060,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Administrators and Network Configuration Operators can change the properties of components used by a LAN connection.
+This policy setting determines whether Administrators and Network Configuration Operators can change the properties of components used by a LAN connection.
 
 This setting determines whether the Properties button for components of a LAN connection is enabled.
 
@@ -1034,28 +1106,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1072,7 +1150,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can enable/disable LAN connections.
+This policy setting determines whether users can enable/disable LAN connections.
 
 If you enable this setting, the Enable and Disable options for LAN connections are available to users (including nonadministrators). Users can enable/disable a LAN connection by double-clicking the icon representing the connection, by right-clicking it, or by using the File menu.
 
@@ -1110,28 +1188,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1148,7 +1232,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can change the properties of a LAN connection.
+This policy setting determines whether users can change the properties of a LAN connection.
 
 This setting determines whether the Properties menu item is enabled, and thus, whether the Local Area Connection Properties dialog box is available to users.
 
@@ -1188,28 +1272,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1226,7 +1316,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can use the New Connection Wizard, which creates new network connections.
+This policy setting determines whether users can use the New Connection Wizard, which creates new network connections.
 
 If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Make New Connection icon does not appear in the Start Menu on in the Network Connections folder. As a result, users (including administrators) cannot start the New Connection Wizard.
 
@@ -1264,28 +1354,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1302,7 +1398,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting prohibits use of Internet Connection Firewall on your DNS domain network.
+This policy setting prohibits use of Internet Connection Firewall on your DNS domain network.
 
 Determines whether users can enable the Internet Connection Firewall feature on a connection, and if the Internet Connection Firewall service can run on a computer.
 
@@ -1342,28 +1438,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1380,7 +1482,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether a user can view and change the properties of remote access connections that are available to all users of the computer.
+This policy setting determines whether a user can view and change the properties of remote access connections that are available to all users of the computer.
 
 To create an all-user remote access connection, on the Connection Availability page in the New Connection Wizard, click the "For all users" option.
 
@@ -1424,28 +1526,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1462,7 +1570,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can view and change the properties of components used by a private or all-user remote access connection.
+This policy setting determines whether users can view and change the properties of components used by a private or all-user remote access connection.
 
 This setting determines whether the Properties button for components used by a private or all-user remote access connection is enabled.
 
@@ -1506,28 +1614,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1544,7 +1658,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can connect and disconnect remote access connections.
+This policy setting determines whether users can connect and disconnect remote access connections.
 
 If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), double-clicking the icon has no effect, and the Connect and Disconnect menu items are disabled for all users (including administrators).
 
@@ -1577,28 +1691,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1615,7 +1735,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can view and change the properties of their private remote access connections.
+This policy setting determines whether users can view and change the properties of their private remote access connections.
 
 Private connections are those that are available only to one user. To create a private connection, on the Connection Availability page in the New Connection Wizard, click the "Only for myself" option.
 
@@ -1657,28 +1777,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1695,7 +1821,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether nonadministrators can rename all-user remote access connections.
+This policy setting determines whether nonadministrators can rename all-user remote access connections.
 
 To create an all-user connection, on the Connection Availability page in the New Connection Wizard, click the "For all users" option.
 
@@ -1737,28 +1863,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1775,7 +1907,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting Determines whether users can rename LAN or all user remote access connections.
+This policy setting Determines whether users can rename LAN or all user remote access connections.
 
 If you enable this setting, the Rename option is enabled for all users. Users can rename connections by clicking the icon representing a connection or by using the File menu.
 
@@ -1815,28 +1947,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1853,7 +1991,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether nonadministrators can rename a LAN connection.
+This policy setting determines whether nonadministrators can rename a LAN connection.
 
 If you enable this setting, the Rename option is enabled for LAN connections. Nonadministrators can rename LAN connections by clicking an icon representing the connection or by using the File menu.
 
@@ -1891,28 +2029,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1929,7 +2073,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can rename their private remote access connections.
+This policy setting determines whether users can rename their private remote access connections.
 
 Private connections are those that are available only to one user. To create a private connection, on the Connection Availability page in the New Connection Wizard, click the "Only for myself" option.
 
@@ -1967,28 +2111,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2005,7 +2155,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether administrators can enable and configure the Internet Connection Sharing (ICS) feature of an Internet connection and if the ICS service can run on the computer.
+This policy setting determines whether administrators can enable and configure the Internet Connection Sharing (ICS) feature of an Internet connection and if the ICS service can run on the computer.
 
 ICS lets administrators configure their system as an Internet gateway for a small network and provides network services, such as name resolution and addressing through DHCP, to the local private network.
 
@@ -2049,28 +2199,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2087,7 +2243,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can view the status for an active connection.
+This policy setting determines whether users can view the status for an active connection.
 
 Connection status is available from the connection status taskbar icon or from the Status dialog box. The Status dialog box displays information about the connection and its activity. It also provides buttons to disconnect and to configure the properties of the connection.
 
@@ -2122,28 +2278,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2160,7 +2322,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether to require domain users to elevate when setting a network's location.
+This policy setting determines whether to require domain users to elevate when setting a network's location.
 
 If you enable this policy setting, domain users must elevate when setting a network's location.
 
diff --git a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md
index fa64224da3..51ec6464ca 100644
--- a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md
+++ b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md
@@ -171,28 +171,34 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -209,7 +215,7 @@ manager: dansimp
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting makes subfolders available offline whenever their parent folder is made available offline.
+This policy setting makes subfolders available offline whenever their parent folder is made available offline.
 
 This setting automatically extends the "make available offline" setting to all new and existing subfolders of a folder. Users do not have the option of excluding subfolders.
 
@@ -242,28 +248,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -280,7 +292,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting lists network files and folders that are always available for offline use. This ensures that the specified files and folders are available offline to users of the computer.
+This policy setting lists network files and folders that are always available for offline use. This ensures that the specified files and folders are available offline to users of the computer.
 
 If you enable this policy setting, the files you enter are always available offline to users of the computer. To specify a file or folder, click Show. In the Show Contents dialog box in the Value Name column, type the fully qualified UNC path to the file or folder. Leave the Value column field blank.
 
@@ -316,28 +328,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -354,7 +372,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting lists network files and folders that are always available for offline use. This ensures that the specified files and folders are available offline to users of the computer.
+This policy setting lists network files and folders that are always available for offline use. This ensures that the specified files and folders are available offline to users of the computer.
 
 If you enable this policy setting, the files you enter are always available offline to users of the computer. To specify a file or folder, click Show. In the Show Contents dialog box in the Value Name column, type the fully qualified UNC path to the file or folder. Leave the Value column field blank.
 
@@ -390,28 +408,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -428,7 +452,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls when background synchronization occurs while operating in slow-link mode, and applies to any user who logs onto the specified machine while this policy is in effect. To control slow-link mode, use the "Configure slow-link mode" policy setting.
+This policy setting controls when background synchronization occurs while operating in slow-link mode, and applies to any user who logs onto the specified machine while this policy is in effect. To control slow-link mode, use the "Configure slow-link mode" policy setting.
 
 If you enable this policy setting, you can control when Windows synchronizes in the background while operating in slow-link mode. Use  the 'Sync Interval' and 'Sync Variance' values to override the default sync interval and variance settings. Use 'Blockout Start Time' and 'Blockout Duration' to set a period of time where background sync is disabled. Use the 'Maximum Allowed Time Without A Sync' value to ensure that all  network folders on the machine are synchronized with the server on a regular basis.
 
@@ -461,28 +485,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -499,7 +529,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting limits the amount of disk space that can be used to store offline files. This includes the space used by automatically cached files and files that are specifically made available offline. Files can be automatically cached if the user accesses a file on an automatic caching network share.
+This policy setting limits the amount of disk space that can be used to store offline files. This includes the space used by automatically cached files and files that are specifically made available offline. Files can be automatically cached if the user accesses a file on an automatic caching network share.
 
 This setting also disables the ability to adjust, through the Offline Files control panel applet, the disk space limits on the Offline Files cache. This prevents users from trying to change the option while a policy setting controls it.
 
@@ -542,28 +572,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -580,7 +616,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files.
+This policy setting determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files.
 
 This setting also disables the "When a network connection is lost" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.
 
@@ -626,28 +662,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -664,7 +706,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files.
+This policy setting determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files.
 
 This setting also disables the "When a network connection is lost" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.
 
@@ -710,28 +752,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -748,7 +796,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Limits the percentage of the computer's disk space that can be used to store automatically cached offline files.
+Limits the percentage of the computer's disk space that can be used to store automatically cached offline files.
 
 This setting also disables the "Amount of disk space to use for temporary offline files" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.
 
@@ -790,28 +838,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -828,7 +882,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build.This policy setting determines whether the Offline Files feature is enabled. Offline Files saves a copy of network files on the user's computer for use when the computer is not connected to the network.
+This policy setting determines whether the Offline Files feature is enabled. Offline Files saves a copy of network files on the user's computer for use when the computer is not connected to the network.
 
 If you enable this policy setting, Offline Files is enabled and users cannot disable it.
 
@@ -864,28 +918,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -902,7 +962,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether offline files are encrypted.
+This policy setting determines whether offline files are encrypted.
 
 Offline files are locally cached copies of files from a network share. Encrypting this cache reduces the likelihood that a user could access files from the Offline Files cache without proper permissions.
 
@@ -941,28 +1001,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -979,7 +1045,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines which events the Offline Files feature records in the event log.
+This policy setting determines which events the Offline Files feature records in the event log.
 
 Offline Files records events in the Application log in Event Viewer when it detects errors. By default, Offline Files records an event only when the offline files storage cache is corrupted. However, you can use this setting to specify additional events you want Offline Files to record.
 
@@ -1021,28 +1087,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1059,7 +1131,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines which events the Offline Files feature records in the event log.
+This policy setting determines which events the Offline Files feature records in the event log.
 
 Offline Files records events in the Application log in Event Viewer when it detects errors. By default, Offline Files records an event only when the offline files storage cache is corrupted. However, you can use this setting to specify additional events you want Offline Files to record.
 
@@ -1101,28 +1173,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1139,7 +1217,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting enables administrators to block certain file types from being created in the folders that have been made available offline.
+This policy setting enables administrators to block certain file types from being created in the folders that have been made available offline.
 
 If you enable this policy setting, a user will be unable to create files with the specified file extensions in any of the folders that have been made available offline.
 
@@ -1170,28 +1248,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1208,7 +1292,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Lists types of files that cannot be used offline.
+Lists types of files that cannot be used offline.
 
 This setting lets you exclude certain types of files from automatic and manual caching for offline use. The system does not cache files of the type specified in this setting even when they reside on a network share configured for automatic caching. Also, if users try to make a file of this type available offline, the operation will fail and the following message will be displayed in the Synchronization Manager progress dialog box: "Files of this type cannot be made available offline."
 
@@ -1244,28 +1328,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1282,7 +1372,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files.
+This policy setting determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files.
 
 This setting also disables the "When a network connection is lost" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.
 
@@ -1328,28 +1418,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1366,7 +1462,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files.
+This policy setting determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files.
 
 This setting also disables the "When a network connection is lost" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.
 
@@ -1412,28 +1508,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1450,7 +1552,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting disables the Offline Files folder.
+This policy setting disables the Offline Files folder.
 
 This setting disables the "View Files" button on the Offline Files tab. As a result, users cannot use the Offline Files folder to view or open copies of network files stored on their computer. Also, they cannot use the folder to view characteristics of offline files, such as their server status, type, or location.
 
@@ -1486,28 +1588,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1524,7 +1632,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting disables the Offline Files folder.
+This policy setting disables the Offline Files folder.
 
 This setting disables the "View Files" button on the Offline Files tab. As a result, users cannot use the Offline Files folder to view or open copies of network files stored on their computer. Also, they cannot use the folder to view characteristics of offline files, such as their server status, type, or location.
 
@@ -1560,28 +1668,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1598,7 +1712,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from enabling, disabling, or changing the configuration of Offline Files.
+This policy setting prevents users from enabling, disabling, or changing the configuration of Offline Files.
 
 This setting removes the Offline Files tab from the Folder Options dialog box. It also removes the Settings item from the Offline Files context menu and disables the Settings button on the Offline Files Status dialog box. As a result, users cannot view or change the options on the Offline Files tab or Offline Files dialog box.
 
@@ -1634,28 +1748,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1672,7 +1792,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from enabling, disabling, or changing the configuration of Offline Files.
+This policy setting prevents users from enabling, disabling, or changing the configuration of Offline Files.
 
 This setting removes the Offline Files tab from the Folder Options dialog box. It also removes the Settings item from the Offline Files context menu and disables the Settings button on the Offline Files Status dialog box. As a result, users cannot view or change the options on the Offline Files tab or Offline Files dialog box.
 
@@ -1708,28 +1828,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1746,7 +1872,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from making network files and folders available offline.
+This policy setting prevents users from making network files and folders available offline.
 
 If you enable this policy setting, users cannot designate files to be saved on their computer for offline use. However, Windows will still cache local copies of files that reside on network shares designated for automatic caching.
 
@@ -1781,28 +1907,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1819,7 +1951,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from making network files and folders available offline.
+This policy setting prevents users from making network files and folders available offline.
 
 If you enable this policy setting, users cannot designate files to be saved on their computer for offline use. However, Windows will still cache local copies of files that reside on network shares designated for automatic caching.
 
@@ -1854,28 +1986,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1892,7 +2030,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage a list of files and folders for which you want to block the "Make Available Offline" command.
+This policy setting allows you to manage a list of files and folders for which you want to block the "Make Available Offline" command.
 
 If you enable this policy setting, the "Make Available Offline" command is not available for the files and folders that you list. To specify these files and folders, click Show. In the Show Contents dialog box, in the Value Name column box, type the fully qualified UNC path to the file or folder. Leave the Value column field blank.
 
@@ -1931,28 +2069,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1969,7 +2113,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage a list of files and folders for which you want to block the "Make Available Offline" command.
+This policy setting allows you to manage a list of files and folders for which you want to block the "Make Available Offline" command.
 
 If you enable this policy setting, the "Make Available Offline" command is not available for the files and folders that you list. To specify these files and folders, click Show. In the Show Contents dialog box, in the Value Name column box, type the fully qualified UNC path to the file or folder. Leave the Value column field blank.
 
@@ -2008,28 +2152,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2046,7 +2196,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Hides or displays reminder balloons, and prevents users from changing the setting.
+Hides or displays reminder balloons, and prevents users from changing the setting.
 
 Reminder balloons appear above the Offline Files icon in the notification area to notify users when they have lost the connection to a networked file and are working on a local copy of the file. Users can then decide how to proceed.
 
@@ -2088,28 +2238,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2126,7 +2282,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Hides or displays reminder balloons, and prevents users from changing the setting.
+Hides or displays reminder balloons, and prevents users from changing the setting.
 
 Reminder balloons appear above the Offline Files icon in the notification area to notify users when they have lost the connection to a networked file and are working on a local copy of the file. Users can then decide how to proceed.
 
@@ -2168,28 +2324,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2206,7 +2368,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether files read from file shares over a slow network are transparently cached in the Offline Files cache for future reads. When a user tries to access a file that has been transparently cached, Windows reads from the cached copy after verifying its integrity. This improves end-user response times and decreases bandwidth consumption over WAN links.
+This policy setting controls whether files read from file shares over a slow network are transparently cached in the Offline Files cache for future reads. When a user tries to access a file that has been transparently cached, Windows reads from the cached copy after verifying its integrity. This improves end-user response times and decreases bandwidth consumption over WAN links.
 
 The cached files are temporary and are not available to the user when offline. The cached files are not kept in sync with the version on the server, and the most current version from the server is always available for subsequent reads.
 
@@ -2241,28 +2403,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2279,7 +2447,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting makes subfolders available offline whenever their parent folder is made available offline.
+This policy setting makes subfolders available offline whenever their parent folder is made available offline.
 
 This setting automatically extends the "make available offline" setting to all new and existing subfolders of a folder. Users do not have the option of excluding subfolders.
 
@@ -2312,28 +2480,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2350,7 +2524,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting deletes local copies of the user's offline files when the user logs off.
+This policy setting deletes local copies of the user's offline files when the user logs off.
 
 This setting specifies that automatically and manually cached offline files are retained only while the user is logged on to the computer. When the user logs off, the system deletes all local copies of offline files.
 
@@ -2384,28 +2558,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2422,7 +2602,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn on economical application of administratively assigned Offline Files.
+This policy setting allows you to turn on economical application of administratively assigned Offline Files.
 
 If you enable or do not configure this policy setting, only new files and folders in administratively assigned folders are synchronized at logon. Files and folders that are already available offline are skipped and are synchronized later.
 
@@ -2453,28 +2633,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2491,7 +2677,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines how often reminder balloon updates appear.
+This policy setting determines how often reminder balloon updates appear.
 
 If you enable this setting, you can select how often reminder balloons updates appear and also prevent users from changing this setting.
 
@@ -2527,28 +2713,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2565,7 +2757,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines how often reminder balloon updates appear.
+This policy setting determines how often reminder balloon updates appear.
 
 If you enable this setting, you can select how often reminder balloons updates appear and also prevent users from changing this setting.
 
@@ -2601,28 +2793,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2639,7 +2837,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines how long the first reminder balloon for a network status change is displayed.
+This policy setting determines how long the first reminder balloon for a network status change is displayed.
 
 Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they are updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the first reminder.
 
@@ -2670,28 +2868,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2708,7 +2912,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines how long the first reminder balloon for a network status change is displayed.
+This policy setting determines how long the first reminder balloon for a network status change is displayed.
 
 Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they are updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the first reminder.
 
@@ -2739,28 +2943,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2777,7 +2987,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines how long updated reminder balloons are displayed.
+This policy setting determines how long updated reminder balloons are displayed.
 
 Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they are updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the update reminder.
 
@@ -2808,28 +3018,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2846,7 +3062,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines how long updated reminder balloons are displayed.
+This policy setting determines how long updated reminder balloons are displayed.
 
 Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they are updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the update reminder.
 
@@ -2877,28 +3093,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2915,7 +3137,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the network latency and throughput thresholds that will cause a client computers to transition files and folders that are already available offline to the slow-link mode so that the user's access to this data is not degraded due to network slowness. When Offline Files is operating in the slow-link mode, all network file requests are satisfied from the Offline Files cache. This is similar to a user working offline.
+This policy setting controls the network latency and throughput thresholds that will cause a client computers to transition files and folders that are already available offline to the slow-link mode so that the user's access to this data is not degraded due to network slowness. When Offline Files is operating in the slow-link mode, all network file requests are satisfied from the Offline Files cache. This is similar to a user working offline.
 
 If you enable this policy setting, Offline Files uses the slow-link mode if the network throughput between the client and the server is below (slower than) the Throughput threshold parameter, or if the round-trip network latency is above (slower than) the Latency threshold parameter.
 
@@ -2956,28 +3178,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2994,7 +3222,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the threshold value at which Offline Files considers a network connection to be "slow". Any network speed below this value is considered to be slow.
+This policy setting configures the threshold value at which Offline Files considers a network connection to be "slow". Any network speed below this value is considered to be slow.
 
 When a connection is considered slow, Offline Files automatically adjust its behavior to avoid excessive synchronization traffic and will not automatically reconnect to a server when the presence of a server is detected.
 
@@ -3030,28 +3258,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -3068,7 +3302,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether offline files are fully synchronized when users log off.
+This policy setting determines whether offline files are fully synchronized when users log off.
 
 This setting also disables the "Synchronize all offline files before logging off" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.
 
@@ -3108,28 +3342,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -3146,7 +3386,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether offline files are fully synchronized when users log off.
+This policy setting determines whether offline files are fully synchronized when users log off.
 
 This setting also disables the "Synchronize all offline files before logging off" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.
 
@@ -3186,28 +3426,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -3224,7 +3470,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether offline files are fully synchronized when users log on.
+This policy setting determines whether offline files are fully synchronized when users log on.
 
 This setting also disables the "Synchronize all offline files before logging on" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.
 
@@ -3266,28 +3512,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -3304,7 +3556,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether offline files are fully synchronized when users log on.
+This policy setting determines whether offline files are fully synchronized when users log on.
 
 This setting also disables the "Synchronize all offline files before logging on" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.
 
@@ -3344,28 +3596,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -3382,7 +3640,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether offline files are synchronized before a computer is suspended.
+This policy setting determines whether offline files are synchronized before a computer is suspended.
 
 If you enable this setting, offline files are synchronized whenever the computer is suspended. Setting the synchronization action to "Quick" ensures only that all files in the cache are complete. Setting the synchronization action to "Full" ensures that all cached files and folders are up-to-date with the most current version.
 
@@ -3416,28 +3674,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -3454,7 +3718,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether offline files are synchronized before a computer is suspended.
+This policy setting determines whether offline files are synchronized before a computer is suspended.
 
 If you enable this setting, offline files are synchronized whenever the computer is suspended. Setting the synchronization action to "Quick" ensures only that all files in the cache are complete. Setting the synchronization action to "Full" ensures that all cached files and folders are up-to-date with the most current version.
 
@@ -3488,28 +3752,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -3526,7 +3796,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether offline files are synchronized in the background when it could result in extra charges on cell phone or broadband plans.
+This policy setting determines whether offline files are synchronized in the background when it could result in extra charges on cell phone or broadband plans.
 
 If you enable this setting, synchronization can occur in the background when the user's network is roaming, near, or over the plan's data limit.  This may result in extra charges on cell phone or broadband plans.
 
@@ -3557,28 +3827,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -3595,7 +3871,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting removes the "Work offline" command from Explorer, preventing users from manually changing whether Offline Files is in online mode or offline mode.
+This policy setting removes the "Work offline" command from Explorer, preventing users from manually changing whether Offline Files is in online mode or offline mode.
 
 If you enable this policy setting, the "Work offline" command is not displayed in File Explorer.
 
@@ -3626,28 +3902,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -3664,7 +3946,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting removes the "Work offline" command from Explorer, preventing users from manually changing whether Offline Files is in online mode or offline mode.
+This policy setting removes the "Work offline" command from Explorer, preventing users from manually changing whether Offline Files is in online mode or offline mode.
 
 If you enable this policy setting, the "Work offline" command is not displayed in File Explorer.
 
diff --git a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md
index 790bed78ed..06e6d88a46 100644
--- a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md
+++ b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md
@@ -59,28 +59,34 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -97,7 +103,7 @@ manager: dansimp
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether BranchCache is enabled on client computers to which this policy is applied. In addition to this policy setting, you must specify whether the client computers are hosted cache mode or distributed cache mode clients. To do so, configure one of the following the policy settings: 
+This policy setting specifies whether BranchCache is enabled on client computers to which this policy is applied. In addition to this policy setting, you must specify whether the client computers are hosted cache mode or distributed cache mode clients. To do so, configure one of the following the policy settings: 
 
 - Set BranchCache Distributed Cache mode
 - Set BranchCache Hosted Cache mode
@@ -139,28 +145,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -177,7 +189,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether BranchCache distributed cache mode is enabled on client computers to which this policy is applied. In addition to this policy, you must use the policy "Turn on BranchCache" to enable BranchCache on client computers.
+This policy setting specifies whether BranchCache distributed cache mode is enabled on client computers to which this policy is applied. In addition to this policy, you must use the policy "Turn on BranchCache" to enable BranchCache on client computers.
 
 In distributed cache mode, client computers download content from BranchCache-enabled main office content servers, cache the content locally, and serve the content to other BranchCache distributed cache mode clients in the branch office.
 
@@ -217,28 +229,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -255,7 +273,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether BranchCache hosted cache mode is enabled on client computers to which this policy is applied. In addition to this policy, you must use the policy "Turn on BranchCache" to enable BranchCache on client computers.
+This policy setting specifies whether BranchCache hosted cache mode is enabled on client computers to which this policy is applied. In addition to this policy, you must use the policy "Turn on BranchCache" to enable BranchCache on client computers.
 
 When a client computer is configured as a hosted cache mode client, it is able to download cached content from a hosted cache server that is located at the branch office. In addition, when the hosted cache client obtains content from a content server, the client can upload the content to the hosted cache server for access by other hosted cache clients at the branch office.
 
@@ -301,28 +319,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -339,7 +363,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether client computers should attempt the automatic configuration of hosted cache mode by searching for hosted cache servers publishing service connection points that are associated with the client's current Active Directory site. If you enable this policy setting, client computers to which the policy setting is applied search for hosted cache servers using Active Directory, and will prefer both these servers and hosted cache mode rather than manual BranchCache configuration or BranchCache configuration by other group policies.
+This policy setting specifies whether client computers should attempt the automatic configuration of hosted cache mode by searching for hosted cache servers publishing service connection points that are associated with the client's current Active Directory site. If you enable this policy setting, client computers to which the policy setting is applied search for hosted cache servers using Active Directory, and will prefer both these servers and hosted cache mode rather than manual BranchCache configuration or BranchCache configuration by other group policies.
 
 If you enable this policy setting in addition to the "Turn on BranchCache" policy setting, BranchCache clients attempt to discover hosted cache servers in the local branch office. If client computers detect hosted cache servers, hosted cache mode is turned on. If they do not detect hosted cache servers, hosted cache mode is not turned on, and the client uses any other configuration that is specified manually or by Group Policy.
 
@@ -388,28 +412,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -426,7 +456,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether client computers are configured to use hosted cache mode and provides the computer name of the hosted cache servers that are available to the client computers. Hosted cache mode enables client computers in branch offices to retrieve content from one or more hosted cache servers that are installed in the same office location. You can use this setting to automatically configure client computers that are configured for hosted cache mode with the computer names of the hosted cache servers in the branch office.
+This policy setting specifies whether client computers are configured to use hosted cache mode and provides the computer name of the hosted cache servers that are available to the client computers. Hosted cache mode enables client computers in branch offices to retrieve content from one or more hosted cache servers that are installed in the same office location. You can use this setting to automatically configure client computers that are configured for hosted cache mode with the computer names of the hosted cache servers in the branch office.
 
 If you enable this policy setting and specify valid computer names of hosted cache servers, hosted cache mode is enabled for all client computers to which the policy setting is applied. For this policy setting to take effect, you must also enable the "Turn on BranchCache" policy setting.
 
@@ -471,28 +501,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -509,7 +545,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting is used only when you have deployed one or more BranchCache-enabled file servers at your main office. This policy setting specifies when client computers in branch offices start caching content from file servers based on the network latency - or delay - that occurs when the clients download content from the main office over a Wide Area Network (WAN) link. When you configure a value for this setting, which is the maximum round trip network latency allowed before caching begins, clients do not cache content until the network latency reaches the specified value; when network latency is greater than the value, clients begin caching content after they receive it from the file servers.
+This policy setting is used only when you have deployed one or more BranchCache-enabled file servers at your main office. This policy setting specifies when client computers in branch offices start caching content from file servers based on the network latency - or delay - that occurs when the clients download content from the main office over a Wide Area Network (WAN) link. When you configure a value for this setting, which is the maximum round trip network latency allowed before caching begins, clients do not cache content until the network latency reaches the specified value; when network latency is greater than the value, clients begin caching content after they receive it from the file servers.
 
 Policy configuration
 
@@ -548,28 +584,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -586,7 +628,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the default percentage of total disk space that is allocated for the BranchCache disk cache on client computers.
+This policy setting specifies the default percentage of total disk space that is allocated for the BranchCache disk cache on client computers.
 
 If you enable this policy setting, you can configure the percentage of total disk space to allocate for the cache.
 
@@ -632,28 +674,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -670,7 +718,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the default age in days for which segments are valid in the BranchCache data cache on client computers.
+This policy setting specifies the default age in days for which segments are valid in the BranchCache data cache on client computers.
 
 If you enable this policy setting, you can configure the age for segments in the data cache.
 
@@ -713,28 +761,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -751,7 +805,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether BranchCache-capable client computers operate in a downgraded mode in order to maintain compatibility with previous versions of BranchCache. If client computers do not use the same BranchCache version, cache efficiency might be reduced because client computers that are using different versions of BranchCache might store cache data in incompatible formats.
+This policy setting specifies whether BranchCache-capable client computers operate in a downgraded mode in order to maintain compatibility with previous versions of BranchCache. If client computers do not use the same BranchCache version, cache efficiency might be reduced because client computers that are using different versions of BranchCache might store cache data in incompatible formats.
 
 If you enable this policy setting, all clients use the version of BranchCache that you specify in "Select from the following versions."
 
diff --git a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md
index cd77c701e3..088f65c0dc 100644
--- a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md
+++ b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md
@@ -45,28 +45,34 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -83,7 +89,7 @@ manager: dansimp
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the execution level for Windows Boot Performance Diagnostics.
+This policy setting determines the execution level for Windows Boot Performance Diagnostics.
 
 If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Boot Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Boot Performance problems and indicate to the user that assisted resolution is available.
 
@@ -122,28 +128,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -160,7 +172,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Determines the execution level for Windows Standby/Resume Performance Diagnostics.
+Determines the execution level for Windows Standby/Resume Performance Diagnostics.
 
 If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Standby/Resume Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Standby/Resume Performance problems and indicate to the user that assisted resolution is available.
 
@@ -199,28 +211,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -237,7 +255,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the execution level for Windows Shutdown Performance Diagnostics.
+This policy setting determines the execution level for Windows Shutdown Performance Diagnostics.
 
 If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Shutdown Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Shutdown Performance problems and indicate to the user that assisted resolution is available.
 
@@ -276,28 +294,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -314,7 +338,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Determines the execution level for Windows Standby/Resume Performance Diagnostics.
+Determines the execution level for Windows Standby/Resume Performance Diagnostics.
 
 If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Standby/Resume Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Standby/Resume Performance problems and indicate to the user that assisted resolution is available.
 
diff --git a/windows/client-management/mdm/policy-csp-admx-power.md b/windows/client-management/mdm/policy-csp-admx-power.md
index 17087dd1d9..4b6fc28e8f 100644
--- a/windows/client-management/mdm/policy-csp-admx-power.md
+++ b/windows/client-management/mdm/policy-csp-admx-power.md
@@ -108,28 +108,34 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -146,7 +152,7 @@ manager: dansimp
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control the network connectivity state in standby on modern standby-capable systems.
+This policy setting allows you to control the network connectivity state in standby on modern standby-capable systems.
 
 If you enable this policy setting, network connectivity will be maintained in standby.
 
@@ -179,28 +185,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -217,7 +229,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn on the ability for applications and services to prevent the system from sleeping.
+This policy setting allows you to turn on the ability for applications and services to prevent the system from sleeping.
 
 If you enable this policy setting, an application or service may prevent the system from sleeping (Hybrid Sleep, Stand By, or Hibernate).
 
@@ -248,28 +260,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -286,7 +304,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the action that Windows takes when a user presses the Start menu Power button.
+This policy setting specifies the action that Windows takes when a user presses the Start menu Power button.
 
 If you enable this policy setting, select one of the following actions:
 
@@ -321,28 +339,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -359,7 +383,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows applications and services to prevent automatic sleep.
+This policy setting allows applications and services to prevent automatic sleep.
 
 If you enable this policy setting, any application, service, or device driver prevents Windows from automatically transitioning to sleep after a period of user inactivity.
 
@@ -390,28 +414,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -428,7 +458,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows applications and services to prevent automatic sleep.
+This policy setting allows applications and services to prevent automatic sleep.
 
 If you enable this policy setting, any application, service, or device driver prevents Windows from automatically transitioning to sleep after a period of user inactivity.
 
@@ -459,28 +489,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -497,7 +533,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage automatic sleep with open network files.
+This policy setting allows you to manage automatic sleep with open network files.
 
 If you enable this policy setting, the computer automatically sleeps when network files are open.
 
@@ -528,28 +564,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -566,7 +608,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage automatic sleep with open network files.
+This policy setting allows you to manage automatic sleep with open network files.
 
 If you enable this policy setting, the computer automatically sleeps when network files are open.
 
@@ -597,28 +639,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -635,7 +683,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the active power plan from a specified power plan’s GUID. The GUID for a custom power plan GUID can be retrieved by using powercfg, the power configuration command line tool.
+This policy setting specifies the active power plan from a specified power plan’s GUID. The GUID for a custom power plan GUID can be retrieved by using powercfg, the power configuration command line tool.
 
 If you enable this policy setting, you must specify a power plan, specified as a GUID using the following format: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX (For example, 103eea6e-9fcd-4544-a713-c282d8e50083), indicating the power plan to be active.
 
@@ -666,28 +714,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -704,7 +758,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the action that Windows takes when battery capacity reaches the critical battery notification level.  
+This policy setting specifies the action that Windows takes when battery capacity reaches the critical battery notification level.  
 
 If you enable this policy setting, select one of the following actions:
 
@@ -740,28 +794,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -778,7 +838,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the action that Windows takes when battery capacity reaches the low battery notification level.
+This policy setting specifies the action that Windows takes when battery capacity reaches the low battery notification level.
 
 If you enable this policy setting, select one of the following actions:
 
@@ -814,28 +874,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -852,7 +918,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the percentage of battery capacity remaining that triggers the critical battery notification action.
+This policy setting specifies the percentage of battery capacity remaining that triggers the critical battery notification action.
 
 If you enable this policy setting, you must enter a numeric value (percentage) to set the battery level that triggers the critical notification.
 
@@ -885,28 +951,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -923,7 +995,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting turns off the user notification when the battery capacity remaining equals the low battery notification level.
+This policy setting turns off the user notification when the battery capacity remaining equals the low battery notification level.
 
 If you enable this policy setting, Windows shows a notification when the battery capacity remaining equals the low battery notification level.
 
@@ -958,28 +1030,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -996,7 +1074,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the percentage of battery capacity remaining that triggers the low battery notification action.
+This policy setting specifies the percentage of battery capacity remaining that triggers the low battery notification action.
 
 If you enable this policy setting, you must enter a numeric value (percentage) to set the battery level that triggers the low notification.
 
@@ -1029,28 +1107,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1067,7 +1151,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control the network connectivity state in standby on modern standby-capable systems.
+This policy setting allows you to control the network connectivity state in standby on modern standby-capable systems.
 
 If you enable this policy setting, network connectivity will be maintained in standby.
 
@@ -1100,28 +1184,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1138,7 +1228,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn on the ability for applications and services to prevent the system from sleeping.
+This policy setting allows you to turn on the ability for applications and services to prevent the system from sleeping.
 
 If you enable this policy setting, an application or service may prevent the system from sleeping (Hybrid Sleep, Stand By, or Hibernate).
 
@@ -1169,28 +1259,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1207,7 +1303,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the action that Windows takes when a user presses the Start menu Power button.
+This policy setting specifies the action that Windows takes when a user presses the Start menu Power button.
 
 If you enable this policy setting, select one of the following actions:
 
@@ -1242,28 +1338,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1280,7 +1382,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the period of inactivity before Windows turns off the hard disk.
+This policy setting specifies the period of inactivity before Windows turns off the hard disk.
 
 If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the hard disk.
 
@@ -1311,28 +1413,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1349,7 +1457,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the period of inactivity before Windows turns off the hard disk.
+This policy setting specifies the period of inactivity before Windows turns off the hard disk.
 
 If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the hard disk.
 
@@ -1380,28 +1488,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1418,7 +1532,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure whether power is automatically turned off when Windows shutdown completes.
+This policy setting allows you to configure whether power is automatically turned off when Windows shutdown completes.
 
 This setting does not affect Windows shutdown behavior when shutdown is manually selected using the Start menu or Task Manager user interfaces.
 
@@ -1455,28 +1569,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1493,7 +1613,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify if Windows should enable the desktop background slideshow.
+This policy setting allows you to specify if Windows should enable the desktop background slideshow.
 
 If you enable this policy setting, desktop background slideshow is enabled.
 
@@ -1526,28 +1646,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1564,7 +1690,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify if Windows should enable the desktop background slideshow.
+This policy setting allows you to specify if Windows should enable the desktop background slideshow.
 
 If you enable this policy setting, desktop background slideshow is enabled.
 
@@ -1597,28 +1723,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1635,7 +1767,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the active power plan from a list of default Windows power plans. To specify a custom power plan, use the Custom Active Power Plan setting.
+This policy setting specifies the active power plan from a list of default Windows power plans. To specify a custom power plan, use the Custom Active Power Plan setting.
 
 If you enable this policy setting, specify a power plan from the Active Power Plan list.
 
@@ -1666,28 +1798,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1704,7 +1842,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure client computers to lock and prompt for a password when resuming from a hibernate or suspend state.
+This policy setting allows you to configure client computers to lock and prompt for a password when resuming from a hibernate or suspend state.
 
 If you enable this policy setting, the client computer is locked and prompted for a password when it is resumed from a suspend or hibernate state.
 
@@ -1735,28 +1873,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1773,7 +1917,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off Power Throttling.
+This policy setting allows you to turn off Power Throttling.
 
 If you enable this policy setting, Power Throttling will be turned off.
 
@@ -1804,28 +1948,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1842,7 +1992,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the percentage of battery capacity remaining that triggers the reserve power mode.
+This policy setting specifies the percentage of battery capacity remaining that triggers the reserve power mode.
 
 If you enable this policy setting, you must enter a numeric value (percentage) to set the battery level that triggers the reserve power notification.
 
diff --git a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md
index dff726a8e8..e53466c621 100644
--- a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md
+++ b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md
@@ -45,28 +45,34 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -84,7 +90,7 @@ manager: dansimp
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn on logging for Windows PowerShell modules.
+This policy setting allows you to turn on logging for Windows PowerShell modules.
 
 If you enable this policy setting, pipeline execution events for members of the specified modules are recorded in the Windows PowerShell log in Event Viewer. Enabling this policy setting for a module is equivalent to setting the LogPipelineExecutionDetails property of the module to True.
 
@@ -120,28 +126,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -159,7 +171,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting lets you configure the script execution policy, controlling which scripts are allowed to run.
+This policy setting lets you configure the script execution policy, controlling which scripts are allowed to run.
 
 If you enable this policy setting, the scripts selected in the drop-down list are allowed to run.  The "Allow only signed scripts" policy setting allows scripts to execute only if they are signed by a trusted publisher.
 
@@ -195,28 +207,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -234,7 +252,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting lets you capture the input and output of Windows PowerShell commands into text-based transcripts.
+This policy setting lets you capture the input and output of Windows PowerShell commands into text-based transcripts.
 
 If you enable this policy setting, Windows PowerShell will enable transcripting for Windows PowerShell, the Windows PowerShell ISE, and any other  applications that leverage the Windows PowerShell engine. By default, Windows PowerShell will record transcript output to each users' My Documents directory, with a file name that includes 'PowerShell_transcript', along with the computer name and time started. Enabling this policy is equivalent  to calling the Start-Transcript cmdlet on each Windows PowerShell session.
 
@@ -270,28 +288,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -309,7 +333,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to set the default value of the SourcePath parameter on the Update-Help cmdlet.
+This policy setting allows you to set the default value of the SourcePath parameter on the Update-Help cmdlet.
 
 If you enable this policy setting, the Update-Help cmdlet will use the specified value as the default value for the SourcePath parameter. This default value can be overridden by specifying a different value with the SourcePath parameter on the Update-Help cmdlet.
 
diff --git a/windows/client-management/mdm/policy-csp-admx-printing.md b/windows/client-management/mdm/policy-csp-admx-printing.md
index 2376b4480e..e2d5216e21 100644
--- a/windows/client-management/mdm/policy-csp-admx-printing.md
+++ b/windows/client-management/mdm/policy-csp-admx-printing.md
@@ -112,28 +112,34 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -150,7 +156,7 @@ manager: dansimp
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Internet printing lets you display printers on Web pages so that printers can be viewed, managed, and used across the Internet or an intranet.
+Internet printing lets you display printers on Web pages so that printers can be viewed, managed, and used across the Internet or an intranet.
 
 If you enable this policy setting, Internet printing is activated on this server.
 
@@ -188,28 +194,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -226,7 +238,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Determines if print driver components are isolated from applications instead of normally loading them into applications. Isolating print drivers greatly reduces the risk of a print driver failure causing an application crash.
+Determines if print driver components are isolated from applications instead of normally loading them into applications. Isolating print drivers greatly reduces the risk of a print driver failure causing an application crash.
 
 Not all applications support driver isolation. By default, Microsoft Excel 2007, Excel 2010, Word 2007, Word 2010 and certain other applications are configured to support it. Other applications may also be capable of isolating print drivers, depending on whether they are configured for it.
 
@@ -264,28 +276,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -302,7 +320,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. By default, the Printers folder includes a link to the Microsoft Support Web page called "Get help with printing". It can also include a link to a Web page supplied by the vendor of the currently selected printer.
+By default, the Printers folder includes a link to the Microsoft Support Web page called "Get help with printing". It can also include a link to a Web page supplied by the vendor of the currently selected printer.
 
 If you enable this policy setting, you replace the "Get help with printing" default link with a link to a Web page customized for your enterprise.
 
@@ -340,28 +358,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -378,7 +402,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage where client computers search for Point and Printer drivers.
+This policy setting allows you to manage where client computers search for Point and Printer drivers.
 
 If you enable this policy setting, the client computer will continue to search for compatible Point and Print drivers from Windows Update after it fails to find the compatible driver from the local driver store and the server driver cache.
 
@@ -413,28 +437,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -451,7 +481,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. If you enable this policy setting, it sets the maximum number of printers (of each type) that the Add Printer wizard will display on a computer on a managed network (when the computer is able to reach a domain controller, e.g. a domain-joined laptop on a corporate network.)
+If you enable this policy setting, it sets the maximum number of printers (of each type) that the Add Printer wizard will display on a computer on a managed network (when the computer is able to reach a domain controller, e.g. a domain-joined laptop on a corporate network.)
 
 If this policy setting is disabled, the network scan page will not be displayed.
 
@@ -496,28 +526,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -534,7 +570,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Allows users to use the Add Printer Wizard to search the network for shared printers.
+Allows users to use the Add Printer Wizard to search the network for shared printers.
 
 If you enable this setting or do not configure it, when users choose to add a network printer by selecting the "A network printer, or a printer attached to another computer" radio button on Add Printer Wizard's page 2, and also check the "Connect to this printer (or to browse for a printer, select this option and click Next)" radio button on Add Printer Wizard's page 3, and do not specify a printer name in the adjacent "Name" edit box, then Add Printer Wizard displays the list of shared printers on the network and invites to choose a printer from the shown list.
 
@@ -568,28 +604,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -606,7 +648,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. When printing through a print server, determines whether the print spooler on the client will process print jobs itself, or pass them on to the server to do the work.
+When printing through a print server, determines whether the print spooler on the client will process print jobs itself, or pass them on to the server to do the work.
 
 This policy setting only effects printing to a Windows print server.
 
@@ -648,28 +690,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -686,7 +734,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Determines whether the XPS Rasterization Service or the XPS-to-GDI conversion (XGC) is forced to use a software rasterizer instead of a Graphics Processing Unit (GPU) to rasterize pages.
+Determines whether the XPS Rasterization Service or the XPS-to-GDI conversion (XGC) is forced to use a software rasterizer instead of a Graphics Processing Unit (GPU) to rasterize pages.
 
 This setting may improve the performance of the XPS Rasterization Service or the XPS-to-GDI conversion (XGC) on machines that have a relatively powerful CPU as compared to the machine’s GPU.
 
@@ -715,28 +763,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -753,7 +807,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Adds a link to an Internet or intranet Web page to the Add Printer Wizard.
+Adds a link to an Internet or intranet Web page to the Add Printer Wizard.
 
 You can use this setting to direct users to a Web page from which they can install printers.
 
@@ -788,28 +842,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -826,7 +886,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Determines whether printers using kernel-mode drivers may be installed on the local computer.  Kernel-mode drivers have access to system-wide memory, and therefore poorly-written kernel-mode drivers can cause stop errors.
+Determines whether printers using kernel-mode drivers may be installed on the local computer.  Kernel-mode drivers have access to system-wide memory, and therefore poorly-written kernel-mode drivers can cause stop errors.
 
 If you disable this setting, or do not configure it, then printers using a kernel-mode drivers may be installed on the local computer running Windows XP Home Edition and Windows XP Professional.
 
@@ -862,28 +922,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -900,7 +966,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This preference allows you to change default printer management.
+This preference allows you to change default printer management.
 
 If you enable this setting, Windows will not manage the default printer.
 
@@ -933,28 +999,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -971,7 +1043,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Microsoft XPS Document Writer (MXDW) generates OpenXPS (*.oxps) files by default in Windows 10, Windows 10 and Windows Server 2019.
+Microsoft XPS Document Writer (MXDW) generates OpenXPS (*.oxps) files by default in Windows 10, Windows 10 and Windows Server 2019.
 
 If you enable this group policy setting, the default MXDW output format is the legacy Microsoft XPS (*.xps).
 
@@ -1002,28 +1074,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1040,7 +1118,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. If this policy setting is enabled, it prevents users from deleting local and network printers.
+If this policy setting is enabled, it prevents users from deleting local and network printers.
 
 If a user tries to delete a printer, such as by using the Delete option in Printers in Control Panel, a message appears explaining that a setting prevents the action.
 
@@ -1073,28 +1151,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1111,7 +1195,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy sets the maximum number of printers (of each type) that the Add Printer wizard will display on a computer on an unmanaged network (when the computer is not able to reach a domain controller, e.g. a domain-joined laptop on a home network.)
+This policy sets the maximum number of printers (of each type) that the Add Printer wizard will display on a computer on an unmanaged network (when the computer is not able to reach a domain controller, e.g. a domain-joined laptop on a home network.)
 
 If this setting is disabled, the network scan page will not be displayed.
 
@@ -1153,28 +1237,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1191,7 +1281,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy restricts clients computers to use package point and print only.
+This policy restricts clients computers to use package point and print only.
 
 If this setting is enabled, users will only be able to point and print to printers that use package-aware drivers. When using package point and print, client computers will check the driver signature of all drivers that are downloaded from print servers.
 
@@ -1222,28 +1312,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1260,7 +1356,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy restricts clients computers to use package point and print only.
+This policy restricts clients computers to use package point and print only.
 
 If this setting is enabled, users will only be able to point and print to printers that use package-aware drivers. When using package point and print, client computers will check the driver signature of all drivers that are downloaded from print servers.
 
@@ -1291,28 +1387,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1329,7 +1431,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Restricts package point and print to approved servers.
+Restricts package point and print to approved servers.
 
 This policy setting restricts package point and print connections to approved servers. This setting only applies to Package Point and Print connections, and is completely independent from the "Point and Print Restrictions" policy that governs the behavior of non-package point and print connections.
 
@@ -1364,28 +1466,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1402,7 +1510,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Restricts package point and print to approved servers.
+Restricts package point and print to approved servers.
 
 This policy setting restricts package point and print connections to approved servers. This setting only applies to Package Point and Print connections, and is completely independent from the "Point and Print Restrictions" policy that governs the behavior of non-package point and print connections.
 
@@ -1437,28 +1545,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1475,7 +1589,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. If this policy setting is enabled, it specifies the default location criteria used when searching for printers.
+If this policy setting is enabled, it specifies the default location criteria used when searching for printers.
 
 This setting is a component of the Location Tracking feature of Windows printers. To use this setting, enable Location Tracking by enabling the "Pre-populate printer search location text" setting.
 
@@ -1510,28 +1624,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1548,7 +1668,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Enables the physical Location Tracking setting for Windows printers.
+Enables the physical Location Tracking setting for Windows printers.
 
 Use Location Tracking to design a location scheme for your enterprise and assign computers and printers to locations in the scheme. Location Tracking overrides the standard method used to locate and associate computers and printers. The standard method uses a printer's IP address and subnet mask to estimate its physical location and proximity to computers.
 
@@ -1581,28 +1701,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1619,7 +1745,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether the print spooler will execute print drivers in an isolated or separate process. When print drivers are loaded in an isolated process (or isolated processes), a print driver failure will not cause the print spooler service to fail.
+This policy setting determines whether the print spooler will execute print drivers in an isolated or separate process. When print drivers are loaded in an isolated process (or isolated processes), a print driver failure will not cause the print spooler service to fail.
 
 If you enable or do not configure this policy setting, the print spooler will execute print drivers in an isolated process by default.
 
@@ -1655,28 +1781,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1693,7 +1825,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether the print spooler will override the Driver Isolation compatibility reported by the print driver. This enables executing print drivers in an isolated process, even if the driver does not report compatibility.
+This policy setting determines whether the print spooler will override the Driver Isolation compatibility reported by the print driver. This enables executing print drivers in an isolated process, even if the driver does not report compatibility.
 
 If you enable this policy setting, the print spooler isolates all print drivers that do not explicitly opt out of Driver Isolation.
 
@@ -1729,28 +1861,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1767,7 +1905,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Specifies the Active Directory location where searches for printers begin.
+Specifies the Active Directory location where searches for printers begin.
 
 The Add Printer Wizard gives users the option of searching Active Directory for a shared printer.
 
@@ -1800,28 +1938,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1838,7 +1982,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Announces the presence of shared printers to print browse main servers for the domain.
+Announces the presence of shared printers to print browse main servers for the domain.
 
 On domains with Active Directory, shared printer resources are available in Active Directory and are not announced.
 
@@ -1876,28 +2020,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1914,7 +2064,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy controls whether the print job name will be included in print event logs.
+This policy controls whether the print job name will be included in print event logs.
 
 If you disable or do not configure this policy setting, the print job name will not be included.
 
@@ -1948,28 +2098,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1986,7 +2142,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy determines if v4 printer drivers are allowed to run printer extensions.
+This policy determines if v4 printer drivers are allowed to run printer extensions.
 
 V4 printer drivers may include an optional, customized user interface known as a printer extension. These extensions may provide access to more device features, but this may not be appropriate for all enterprises.
 
diff --git a/windows/client-management/mdm/policy-csp-admx-printing2.md b/windows/client-management/mdm/policy-csp-admx-printing2.md
index 55aeef679a..6dd43fb7c3 100644
--- a/windows/client-management/mdm/policy-csp-admx-printing2.md
+++ b/windows/client-management/mdm/policy-csp-admx-printing2.md
@@ -60,28 +60,34 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -98,7 +104,7 @@ manager: dansimp
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Determines whether the Add Printer Wizard automatically publishes the computer's shared printers in Active Directory.
+Determines whether the Add Printer Wizard automatically publishes the computer's shared printers in Active Directory.
 
 If you enable this setting or do not configure it, the Add Printer Wizard automatically publishes all shared printers.
 
@@ -134,28 +140,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -172,7 +184,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Determines whether the domain controller can prune (delete from Active Directory) the printers published by this computer.
+Determines whether the domain controller can prune (delete from Active Directory) the printers published by this computer.
 
 By default, the pruning service on the domain controller prunes printer objects from Active Directory if the computer that published them does not respond to contact requests. When the computer that published the printers restarts, it republishes any deleted printer objects.
 
@@ -208,28 +220,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -246,7 +264,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Determines whether the pruning service on a domain controller prunes printer objects that are not automatically republished whenever the host computer does not respond,just as it does with Windows 2000 printers. This setting applies to printers running operating systems other than Windows 2000 and to Windows 2000 printers published outside their forest.
+Determines whether the pruning service on a domain controller prunes printer objects that are not automatically republished whenever the host computer does not respond,just as it does with Windows 2000 printers. This setting applies to printers running operating systems other than Windows 2000 and to Windows 2000 printers published outside their forest.
 
 The Windows pruning service prunes printer objects from Active Directory when the computer that published them does not respond to contact requests. Computers running Windows 2000 Professional detect and republish deleted printer objects when they rejoin the network. However, because non-Windows 2000 computers and computers in other domains cannot republish printers in Active Directory automatically, by default, the system never prunes their printer objects.
 
@@ -289,28 +307,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -327,7 +351,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Specifies how often the pruning service on a domain controller contacts computers to verify that their printers are operational.
+Specifies how often the pruning service on a domain controller contacts computers to verify that their printers are operational.
 
 The pruning service periodically contacts computers that have published printers. If a computer does not respond to the contact message (optionally, after repeated attempts), the pruning service "prunes" (deletes from Active Directory) printer objects the computer has published.
 
@@ -365,28 +389,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -403,7 +433,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Sets the priority of the pruning thread.
+Sets the priority of the pruning thread.
 
 The pruning thread, which runs only on domain controllers, deletes printer objects from Active Directory if the printer that published the object does not respond to contact attempts. This process keeps printer information in Active Directory current.
 
@@ -439,28 +469,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -477,7 +513,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Specifies how many times the pruning service on a domain controller repeats its attempt to contact a computer before pruning the computer's printers.
+Specifies how many times the pruning service on a domain controller repeats its attempt to contact a computer before pruning the computer's printers.
 
 The pruning service periodically contacts computers that have published printers to verify that the printers are still available for use. If a computer does not respond to the contact message, the message is repeated for the specified number of times. If the computer still fails to respond, then the pruning service "prunes" (deletes from Active Directory) printer objects the computer has published.
 
@@ -515,28 +551,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -553,7 +595,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Specifies whether or not to log events when the pruning service on a domain controller attempts to contact a computer before pruning the computer's printers.
+Specifies whether or not to log events when the pruning service on a domain controller attempts to contact a computer before pruning the computer's printers.
 
 The pruning service periodically contacts computers that have published printers to verify that the printers are still available for use. If a computer does not respond to the contact attempt, the attempt is retried a specified number of times, at a specified interval. The "Directory pruning retry" setting determines the number of times the attempt is retried; the default value is two retries. The "Directory Pruning Interval" setting determines the time interval between retries; the default value is every eight hours. If the computer has not responded by the last contact attempt, its printers are pruned from the directory.
 
@@ -591,28 +633,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -629,7 +677,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy controls whether the print spooler will accept client connections.
+This policy controls whether the print spooler will accept client connections.
 
 When the policy is not configured or enabled, the spooler will always accept client connections.
 
@@ -662,28 +710,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -700,7 +754,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Directs the system to periodically verify that the printers published by this computer still appear in Active Directory. This setting also specifies how often the system repeats the verification.
+Directs the system to periodically verify that the printers published by this computer still appear in Active Directory. This setting also specifies how often the system repeats the verification.
 
 By default, the system only verifies published printers at startup. This setting allows for periodic verification while the computer is operating.
 
diff --git a/windows/client-management/mdm/policy-csp-admx-programs.md b/windows/client-management/mdm/policy-csp-admx-programs.md
index 269ccd44c0..666626b0f5 100644
--- a/windows/client-management/mdm/policy-csp-admx-programs.md
+++ b/windows/client-management/mdm/policy-csp-admx-programs.md
@@ -54,28 +54,34 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -92,7 +98,7 @@ manager: dansimp
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This setting removes the Set Program Access and Defaults page from the Programs Control Panel. As a result, users cannot view or change the associated page.
+This setting removes the Set Program Access and Defaults page from the Programs Control Panel. As a result, users cannot view or change the associated page.
 
 The Set Program Access and Computer Defaults page allows administrators to specify default programs for certain activities, such as Web browsing or sending e-mail, as well as specify the programs that are accessible from the Start menu, desktop, and other locations.
 
@@ -127,28 +133,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -165,7 +177,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Prevents users from viewing or installing published programs from the network.  
+Prevents users from viewing or installing published programs from the network.  
 
 This setting prevents users from accessing the "Get Programs" page from the Programs Control Panel in Category View, Programs and Features in Classic View and the "Install a program from the network" task. The "Get Programs" page lists published programs and provides an easy way to install them.
 
@@ -203,28 +215,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -241,7 +259,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This setting prevents users from accessing "Installed Updates" page from the "View installed updates" task.
+This setting prevents users from accessing "Installed Updates" page from the "View installed updates" task.
 
 "Installed Updates" allows users to view and uninstall updates currently installed on the computer. The updates are often downloaded directly from Windows Update or from various program publishers.
 
@@ -274,28 +292,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -312,7 +336,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This setting prevents users from accessing "Programs and Features" to view, uninstall, change, or repair programs that are currently installed on the computer.
+This setting prevents users from accessing "Programs and Features" to view, uninstall, change, or repair programs that are currently installed on the computer.
 
 If this setting is disabled or not configured, "Programs and Features" will be available to all users.
 
@@ -343,28 +367,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -381,7 +411,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This setting prevents users from using the Programs Control Panel in Category View and Programs and Features in Classic View.
+This setting prevents users from using the Programs Control Panel in Category View and Programs and Features in Classic View.
  
 The Programs Control Panel allows users to uninstall, change, and repair programs, enable and disable Windows Features, set program defaults, view installed updates, and purchase software from Windows Marketplace. Programs published or assigned to the user by the system administrator also appear in the Programs Control Panel.
 
@@ -416,28 +446,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -454,7 +490,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This setting prevents users from accessing the "Turn Windows features on or off" task from the Programs Control Panel in Category View, Programs and Features in Classic View, and Get Programs. As a result, users cannot view, enable, or disable various Windows features and services.
+This setting prevents users from accessing the "Turn Windows features on or off" task from the Programs Control Panel in Category View, Programs and Features in Classic View, and Get Programs. As a result, users cannot view, enable, or disable various Windows features and services.
 
 If this setting is disabled or is not configured, the "Turn Windows features on or off" task will be available to all users.
 
@@ -485,28 +521,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -523,7 +565,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This setting prevents users from access the "Get new programs from Windows Marketplace" task from the Programs Control Panel in Category View, Programs and Features in Classic View, and Get Programs.
+This setting prevents users from access the "Get new programs from Windows Marketplace" task from the Programs Control Panel in Category View, Programs and Features in Classic View, and Get Programs.
 
 Windows Marketplace allows users to purchase and/or download various programs to their computer for installation.
 
diff --git a/windows/client-management/mdm/policy-csp-admx-reliability.md b/windows/client-management/mdm/policy-csp-admx-reliability.md
index 917a3bcdc5..c5d4d1c0ef 100644
--- a/windows/client-management/mdm/policy-csp-admx-reliability.md
+++ b/windows/client-management/mdm/policy-csp-admx-reliability.md
@@ -45,28 +45,34 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -83,7 +89,7 @@ manager: dansimp
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows the system to detect the time of unexpected shutdowns by writing the current time to disk on a schedule controlled by the Timestamp Interval.
+This policy setting allows the system to detect the time of unexpected shutdowns by writing the current time to disk on a schedule controlled by the Timestamp Interval.
 
 If you enable this policy setting, you are able to specify how often the Persistent System Timestamp is refreshed and subsequently written to the disk. You can specify the Timestamp Interval in seconds.
 
@@ -121,28 +127,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -159,7 +171,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether or not unplanned shutdown events can be reported when error reporting is enabled.
+This policy setting controls whether or not unplanned shutdown events can be reported when error reporting is enabled.
 
 If you enable this policy setting, error reporting includes unplanned shutdown events.
 
@@ -196,28 +208,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -234,7 +252,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting defines when the Shutdown Event Tracker System State Data feature is activated.
+This policy setting defines when the Shutdown Event Tracker System State Data feature is activated.
 
 The system state data file contains information about the basic system state as well as the state of all running processes.
 
@@ -274,28 +292,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -312,7 +336,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. The Shutdown Event Tracker can be displayed when you shut down a workstation or server.  This is an extra set of questions that is displayed when you invoke a shutdown to collect information related to why you are shutting down the computer.
+The Shutdown Event Tracker can be displayed when you shut down a workstation or server.  This is an extra set of questions that is displayed when you invoke a shutdown to collect information related to why you are shutting down the computer.
 
 If you enable this setting and choose "Always" from the drop-down menu list, the Shutdown Event Tracker is displayed when the computer shuts down.
 
diff --git a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md
index 485d680915..f4cf7d10ed 100644
--- a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md
+++ b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md
@@ -39,28 +39,34 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -77,7 +83,7 @@ manager: dansimp
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting enables Remote Assistance invitations to be generated with improved encryption so that only computers running this version (or later versions) of the operating system can connect. This policy setting does not affect Remote Assistance connections that are initiated by instant messaging contacts or the unsolicited Offer Remote Assistance.
+This policy setting enables Remote Assistance invitations to be generated with improved encryption so that only computers running this version (or later versions) of the operating system can connect. This policy setting does not affect Remote Assistance connections that are initiated by instant messaging contacts or the unsolicited Offer Remote Assistance.
 
 If you enable this policy setting, only computers running this version (or later versions) of the operating system can connect to this computer.
 
@@ -110,28 +116,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -148,7 +160,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to improve performance in low bandwidth scenarios.
+This policy setting allows you to improve performance in low bandwidth scenarios.
 
 This setting is incrementally scaled from "No optimization" to "Full optimization".  Each incremental setting includes the previous optimization setting.
 
diff --git a/windows/client-management/mdm/policy-csp-admx-removablestorage.md b/windows/client-management/mdm/policy-csp-admx-removablestorage.md
index b839eb3de7..2f66562c7a 100644
--- a/windows/client-management/mdm/policy-csp-admx-removablestorage.md
+++ b/windows/client-management/mdm/policy-csp-admx-removablestorage.md
@@ -129,28 +129,34 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -167,7 +173,7 @@ manager: dansimp
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the amount of time (in seconds) that the operating system waits to reboot in order to enforce a change in access rights to removable storage devices.
+This policy setting configures the amount of time (in seconds) that the operating system waits to reboot in order to enforce a change in access rights to removable storage devices.
 
 If you enable this policy setting, you can set the number of seconds you want the system to wait until a reboot.
 
@@ -201,28 +207,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -239,7 +251,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures the amount of time (in seconds) that the operating system waits to reboot in order to enforce a change in access rights to removable storage devices.
+This policy setting configures the amount of time (in seconds) that the operating system waits to reboot in order to enforce a change in access rights to removable storage devices.
 
 If you enable this policy setting, you can set the number of seconds you want the system to wait until a reboot.
 
@@ -273,28 +285,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -311,7 +329,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies execute access to the CD and DVD removable storage class.
+This policy setting denies execute access to the CD and DVD removable storage class.
 
 If you enable this policy setting, execute access is denied to this removable storage class.
 
@@ -342,28 +360,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -380,7 +404,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies read access to the CD and DVD removable storage class.
+This policy setting denies read access to the CD and DVD removable storage class.
 
 If you enable this policy setting, read access is denied to this removable storage class.
 
@@ -410,28 +434,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -448,7 +478,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies read access to the CD and DVD removable storage class.
+This policy setting denies read access to the CD and DVD removable storage class.
 
 If you enable this policy setting, read access is denied to this removable storage class.
 
@@ -479,28 +509,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -517,7 +553,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies write access to the CD and DVD removable storage class.
+This policy setting denies write access to the CD and DVD removable storage class.
 
 If you enable this policy setting, write access is denied to this removable storage class.
 
@@ -548,28 +584,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -586,7 +628,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies write access to the CD and DVD removable storage class.
+This policy setting denies write access to the CD and DVD removable storage class.
 
 If you enable this policy setting, write access is denied to this removable storage class.
 
@@ -617,28 +659,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -655,7 +703,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies read access to custom removable storage classes.
+This policy setting denies read access to custom removable storage classes.
 
 If you enable this policy setting, read access is denied to these removable storage classes.
 
@@ -686,28 +734,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -724,7 +778,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies read access to custom removable storage classes.
+This policy setting denies read access to custom removable storage classes.
 
 If you enable this policy setting, read access is denied to these removable storage classes.
 
@@ -755,28 +809,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -793,7 +853,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies write access to custom removable storage classes.
+This policy setting denies write access to custom removable storage classes.
 
 If you enable this policy setting, write access is denied to these removable storage classes.
 
@@ -823,28 +883,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -861,7 +927,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies write access to custom removable storage classes.
+This policy setting denies write access to custom removable storage classes.
 
 If you enable this policy setting, write access is denied to these removable storage classes.
 
@@ -891,28 +957,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -929,7 +1001,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies execute access to the Floppy Drives removable storage class, including USB Floppy Drives.
+This policy setting denies execute access to the Floppy Drives removable storage class, including USB Floppy Drives.
 
 If you enable this policy setting, execute access is denied to this removable storage class.
 
@@ -959,28 +1031,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -997,7 +1075,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies read access to the Floppy Drives removable storage class, including USB Floppy Drives.
+This policy setting denies read access to the Floppy Drives removable storage class, including USB Floppy Drives.
 
 If you enable this policy setting, read access is denied to this removable storage class.
 
@@ -1027,28 +1105,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1065,7 +1149,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies read access to the Floppy Drives removable storage class, including USB Floppy Drives.
+This policy setting denies read access to the Floppy Drives removable storage class, including USB Floppy Drives.
 
 If you enable this policy setting, read access is denied to this removable storage class.
 
@@ -1095,28 +1179,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1133,7 +1223,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies write access to the Floppy Drives removable storage class, including USB Floppy Drives.
+This policy setting denies write access to the Floppy Drives removable storage class, including USB Floppy Drives.
 
 If you enable this policy setting, write access is denied to this removable storage class.
 
@@ -1162,28 +1252,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1200,7 +1296,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies write access to the Floppy Drives removable storage class, including USB Floppy Drives.
+This policy setting denies write access to the Floppy Drives removable storage class, including USB Floppy Drives.
 
 If you enable this policy setting, write access is denied to this removable storage class.
 
@@ -1230,28 +1326,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1268,7 +1370,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies execute access to removable disks.
+This policy setting denies execute access to removable disks.
 
 If you enable this policy setting, execute access is denied to this removable storage class.
 
@@ -1297,28 +1399,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1335,7 +1443,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies read access to removable disks.
+This policy setting denies read access to removable disks.
 
 If you enable this policy setting, read access is denied to this removable storage class.
 
@@ -1365,28 +1473,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1403,7 +1517,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies read access to removable disks.
+This policy setting denies read access to removable disks.
 
 If you enable this policy setting, read access is denied to this removable storage class.
 
@@ -1432,28 +1546,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1470,7 +1590,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies write access to removable disks.
+This policy setting denies write access to removable disks.
 
 If you enable this policy setting, write access is denied to this removable storage class.
 
@@ -1503,28 +1623,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1541,7 +1667,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Configure access to all removable storage classes.
+Configure access to all removable storage classes.
 
 This policy setting takes precedence over any individual removable storage policy settings. To manage individual classes, use the policy settings available for each class.
 
@@ -1573,28 +1699,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1611,7 +1743,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. Configure access to all removable storage classes. 
+Configure access to all removable storage classes. 
 
 This policy setting takes precedence over any individual removable storage policy settings. To manage individual classes, use the policy settings available for each class.
 
@@ -1643,28 +1775,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1681,7 +1819,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting grants normal users direct access to removable storage devices in remote sessions.
+This policy setting grants normal users direct access to removable storage devices in remote sessions.
 
 If you enable this policy setting, remote users can open direct handles to removable storage devices in remote sessions.
 
@@ -1711,28 +1849,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1749,7 +1893,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies execute access to the Tape Drive removable storage class.
+This policy setting denies execute access to the Tape Drive removable storage class.
 
 If you enable this policy setting, execute access is denied to this removable storage class.
 
@@ -1779,28 +1923,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1817,7 +1967,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies read access to the Tape Drive removable storage class.
+This policy setting denies read access to the Tape Drive removable storage class.
 
 If you enable this policy setting, read access is denied to this removable storage class.
 
@@ -1846,28 +1996,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1884,7 +2040,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies read access to the Tape Drive removable storage class.
+This policy setting denies read access to the Tape Drive removable storage class.
 
 If you enable this policy setting, read access is denied to this removable storage class.
 
@@ -1914,28 +2070,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1952,7 +2114,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies write access to the Tape Drive removable storage class.
+This policy setting denies write access to the Tape Drive removable storage class.
 
 If you enable this policy setting, write access is denied to this removable storage class.
 
@@ -1981,28 +2143,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2019,7 +2187,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies write access to the Tape Drive removable storage class.
+This policy setting denies write access to the Tape Drive removable storage class.
 
 If you enable this policy setting, write access is denied to this removable storage class.
 
@@ -2049,28 +2217,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2087,7 +2261,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies read access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices.
+This policy setting denies read access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices.
 
 If you enable this policy setting, read access is denied to this removable storage class.
 
@@ -2117,28 +2291,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2155,7 +2335,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies read access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices.
+This policy setting denies read access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices.
 
 If you enable this policy setting, read access is denied to this removable storage class.
 
@@ -2184,28 +2364,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2222,7 +2408,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies write access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices.
+This policy setting denies write access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices.
 
 If you enable this policy setting, write access is denied to this removable storage class.
 
@@ -2252,28 +2438,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th> 
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -2290,7 +2482,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in the latest Windows 10 Insider Preview Build. This policy setting denies write access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices.
+This policy setting denies write access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices.
 
 If you enable this policy setting, write access is denied to this removable storage class.
 

From f6f5d1a98715fe82ef0abe8e52febb473ec05599 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment=20Notin?= <clement.notin@gmail.com>
Date: Tue, 21 Sep 2021 15:08:30 +0200
Subject: [PATCH 544/671] Enterprise Read Only Domain Controllers (-498) are
 defined at forest root level

---
 .../access-control/active-directory-security-groups.md          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/access-control/active-directory-security-groups.md b/windows/security/identity-protection/access-control/active-directory-security-groups.md
index 9b9c40977d..ab20f08979 100644
--- a/windows/security/identity-protection/access-control/active-directory-security-groups.md
+++ b/windows/security/identity-protection/access-control/active-directory-security-groups.md
@@ -1885,7 +1885,7 @@ This security group has not changed since Windows Server 2008.
 <tbody>
 <tr class="odd">
 <td><p>Well-Known SID/RID</p></td>
-<td><p>S-1-5-21-&lt;domain&gt;-498</p></td>
+<td><p>S-1-5-21-&lt;root domain&gt;-498</p></td>
 </tr>
 <tr class="even">
 <td><p>Type</p></td>

From 3778ff2e807d4b8965db0ce8d25a4c705ade4901 Mon Sep 17 00:00:00 2001
From: Kaushik Ainapure <kaushika@microsoft.com>
Date: Tue, 21 Sep 2021 18:56:56 +0530
Subject: [PATCH 545/671] Format changes with additional error codes

1. Updated article to include 17 additional error codes.
2. Updated article with H2 formatting for better discoverability of the error codes.

-------
cc: @jaimeo
---
 .../update/windows-update-errors.md           | 216 ++++++++++++++++--
 1 file changed, 196 insertions(+), 20 deletions(-)

diff --git a/windows/deployment/update/windows-update-errors.md b/windows/deployment/update/windows-update-errors.md
index eb178f7528..982fac6d52 100644
--- a/windows/deployment/update/windows-update-errors.md
+++ b/windows/deployment/update/windows-update-errors.md
@@ -7,9 +7,9 @@ audience: itpro
 itproauthor: jaimeo
 ms.audience: itpro
 author: jaimeo
-ms.reviewer: 
+ms.reviewer: kaushika
 manager: laurawi
-ms.topic: article
+ms.topic: troubleshooting
 ms.custom: seo-marvel-apr2020
 ---
 
@@ -22,22 +22,198 @@ ms.custom: seo-marvel-apr2020
 
 The following table provides information about common errors you might run into with Windows Update, as well as steps to help you mitigate them.
 
+## 0x8024402F
 
-|                Error Code                |              Message              |                                          Description                                          |                                                                                                                                                                                                                     Mitigation                                                                                                                                                                                                                      |
-|------------------------------------------|-----------------------------------|-----------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-|                0x8024402F                | WU_E_PT_ECP_SUCCEEDED_WITH_ERRORS |                    External cab file processing completed with some errors                    |                                                                                               One of the reasons we see this issue is due to the design of a software called Lightspeed Rocket for Web filtering. <br>Add the IP addresses of devices you want to get updates to the exceptions list of Lightspeed                                                                                               |
-|                0x80242006                |      WU_E_UH_INVALIDMETADATA      |   A handler operation could not be completed because the update contains invalid metadata.    | Rename Software Redistribution Folder and attempt to download the updates again: <br>Rename the following folders to \*.BAK: <br>- %systemroot%\system32\catroot2 <br><br>Type the following commands at a command prompt. Press ENTER after you type each command.<br>- Ren %systemroot%\SoftwareDistribution\DataStore \*.bak<br>- Ren %systemroot%\SoftwareDistribution\Download \*.bak<br>Ren %systemroot%\system32\catroot2 \*.bak |
-|                0x80070BC9                |    ERROR_FAIL_REBOOT_REQUIRED     |    The requested operation failed. A system reboot is required to roll back changes made.     |                                                                                                                          Ensure that you don't have any policies that control the start behavior for the Windows Module Installer. This service should be managed by the operating system.                                                                                                                          |
-|                0x80200053                |      BG_E_VALIDATION_FAILED       |                                              NA                                               |                                                                  Ensure that there are no firewalls that filter downloads. Such filtering could lead to incorrect responses being received by the Windows Update Client.<br><br>If the issue still persists, run the [Windows Update reset script](https://gallery.technet.microsoft.com/scriptcenter/Reset-Windows-Update-Agent-d824badc).                                                                  |
-|                0x80072EE2                |         WININET_E_TIMEOUT         |                                    The operation timed out                                    |                   This error message can be caused if the computer isn't connected to the Internet. To fix this issue, follow these steps: make sure these URLs are not blocked: <br> http://<em>.update.microsoft.com<br>https://</em>.update.microsoft.com <br><http://download.windowsupdate.com>  <br><br>You can also take a network trace to check what is timing out. \<Refer to Firewall Troubleshooting scenario>                   |
-| 0x80072EFD <br>0x80072EFE <br>0x80D02002 |          TIME_OUT_ERRORS          |                                    The operation timed out                                    |                                                                                                                                Make sure there are no firewall rules or proxy to block Microsoft download URLs. <br>Take a network monitor trace to understand better. \<Refer to Firewall Troubleshooting scenario>                                                                                                                                 |
-|                0X8007000D                |        ERROR_INVALID_DATA         |                   Indicates invalid data downloaded or corruption occurred.                   |                                                                                                                                                                                            Attempt to re-download the update and initiate installation.                                                                                                                                                                                             |
-|                0x8024A10A                |    USO_E_SERVICE_SHUTTING_DOWN    |                        Indicates that the Windows Update Service is shutting down.                        |                                                                                         This can occur after a very long period of time of inactivity, the system failing to respond leading to the service being idle and causing the service to shut down. Ensure that the system remains active and the connections remain established to complete the upgrade.                                                                                          |
-|                0x80240020                |     WU_E_NO_INTERACTIVE_USER      |          Operation did not complete because there is no logged-on interactive user.           |                                                                                                                                                                            Sign in to the device to start the installation and allow the device to restart.                                                                                                                                                                             |
-|                0x80242014                |  WU_E_UH_POSTREBOOTSTILLPENDING   |                The post-restart operation for the update is still in progress.                 |                                                                                                                                                               Some Windows Updates require the device to be restarted. Restart the device to complete update installation.                                                                                                                                                              |
-|                0x80246017                |  WU_E_DM_UNAUTHORIZED_LOCAL_USER  | The download failed because the local user was denied authorization to download the content.  |                                                                                                                                               Ensure that the user attempting to download and install updates has been provided with sufficient privileges to install updates (Local Administrator).                                                                                                                                                |
-|                0x8024000B                |        WU_E_CALL_CANCELLED        |                                   Operation was canceled.                                    |                                                            The operation was canceled by the user or service. You might also receive this error when we are unable to filter the results. Run the [Decline Superseded PowerShell script](https://gallery.technet.microsoft.com/scriptcenter/Cleanup-WSUS-server-4424c9d6) to allow the filtering process to complete.                                                             |
-|                0x8024000E                |         WU_E_XML_INVALID          |           Windows Update Agent found invalid information in the update's XML data.            |                                                                                                              Certain drivers contain additional metadata information in the update.xml, which could lead Orchestrator to understand it as invalid data. Ensure that you have the latest Windows Update Agent installed on the machine.                                                                                                              |
-|                0x8024D009                |      WU_E_SETUP_SKIP_UPDATE       | An update to the Windows Update Agent was skipped due to a directive in the wuident.cab file. |                                                                                       You may encounter this error when WSUS is not sending the Self-update to the clients.<br><br>Review [KB920659](https://support.microsoft.com/help/920659/the-microsoft-windows-server-update-services-wsus-selfupdate-service-d) for instructions to resolve the issue.                                                                                       |
-|                0x80244007                |   WU_E_PT_SOAPCLIENT_SOAPFAULT    | SOAP client failed because there was a SOAP fault for reasons of WU_E_PT_SOAP_\* error codes. |                                                                                        This issue occurs because Windows cannot renew the cookies for Windows Update.  <br><br>Review [KB2883975](https://support.microsoft.com/help/2883975/0x80244007-error-when-windows-tries-to-scan-for-updates-on-a-wsus-serv) for instructions to resolve the issue.                                                                                         |
-|                0x80070422               |       | This issue occurs when the Windows Update service stops working or is not running. |                                                                                       Check if the Windows Update service is running.<br>                                                                                        |
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WU_E_PT_ECP_SUCCEEDED_WITH_ERRORS | External cab file processing completed with some errors | One of the reasons we see this issue is due to the design of a software called Lightspeed Rocket for Web filtering. <br>Add the IP addresses of devices you want to get updates to the exceptions list of Lightspeed |
+
+## 0x80242006
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WU_E_UH_INVALIDMETADATA | A handler operation could not be completed because the update contains invalid metadata. | Rename Software Redistribution Folder and attempt to download the updates again: <br>Rename the following folders to \*.BAK: <br>- %systemroot%\system32\catroot2 <br><br>Type the following commands at a command prompt. Press ENTER after you type each command.<br>- Ren %systemroot%\SoftwareDistribution\DataStore \*.bak<br>- Ren %systemroot%\SoftwareDistribution\Download \*.bak<br>- Ren %systemroot%\system32\catroot2 \*.bak |
+
+## 0x80070BC9
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| ERROR_FAIL_REBOOT_REQUIRED | The requested operation failed. A system reboot is required to roll back changes made. | Ensure that you don't have any policies that control the start behavior for the Windows Module Installer. This service should be managed by the operating system |
+
+## 0x80200053
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| BG_E_VALIDATION_FAILED | NA | Ensure that there are no firewalls that filter downloads. Such filtering could lead to incorrect responses being received by the Windows Update Client.<br><br>If the issue still persists, run the [Windows Update reset script](https://gallery.technet.microsoft.com/scriptcenter/Reset-Windows-Update-Agent-d824badc).|
+
+## 0x80072EFD or 0x80072EFE or 0x80D02002
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| TIME_OUT_ERRORS | The operation timed out | Make sure there are no firewall rules or proxy to block Microsoft download URLs. <br>Take a network monitor trace to understand better. \<Refer to Firewall Troubleshooting scenario> |
+
+## 0X8007000D
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| ERROR_INVALID_DATA | Indicates invalid data downloaded or corruption occurred.| Attempt to re-download the update and initiate installation. |
+
+## 0x8024A10A
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| USO_E_SERVICE_SHUTTING_DOWN  | Indicates that the Windows Update Service is shutting down. | This can occur after a very long period of time of inactivity, the system failing to respond leading to the service being idle and causing the service to shut down. Ensure that the system remains active and the connections remain established to complete the upgrade. |
+
+## 0x80240020
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WU_E_NO_INTERACTIVE_USER | Operation did not complete because there is no logged-on interactive user. | Sign in to the device to start the installation and allow the device to restart. |
+
+## 0x80242014
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WU_E_UH_POSTREBOOTSTILLPENDING | The post-restart operation for the update is still in progress. | Some Windows Updates require the device to be restarted. Restart the device to complete update nstallation. |
+
+## 0x80246017
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WU_E_DM_UNAUTHORIZED_LOCAL_USER | The download failed because the local user was denied authorization to download the content.  | Ensure that the user attempting to download and install updates has been provided with sufficient privileges to install updates (Local Administrator).|
+
+## 0x8024000B
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WU_E_CALL_CANCELLED | Operation was canceled. | The operation was canceled by the user or service. You might also receive this error when we are unable to filter the results. Run the [Decline Superseded PowerShell script](https://gallery.technet.microsoft.com/scriptcenter/Cleanup-WSUS-server-4424c9d6) to allow the filtering process to complete. |
+
+## 0x8024000E
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WU_E_XML_INVALID | Windows Update Agent found invalid information in the update's XML data. | Certain drivers contain additional metadata information in the update.xml, which could lead Orchestrator to understand it as invalid data. Ensure that you have the latest Windows Update Agent installed on the machine. |
+
+## 0x8024D009
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WU_E_SETUP_SKIP_UPDATE | An update to the Windows Update Agent was skipped due to a directive in the wuident.cab file. | You may encounter this error when WSUS is not sending the Self-update to the clients.<br><br>Review [KB920659](https://support.microsoft.com/help/920659/the-microsoft-windows-server-update-services-wsus-selfupdate-service-d) for instructions to resolve the issue. |
+
+## 0x80244007
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WU_E_PT_SOAPCLIENT_SOAPFAULT | SOAP client failed because there was a SOAP fault for reasons of WU_E_PT_SOAP_\* error codes. | This issue occurs because Windows cannot renew the cookies for Windows Update.  <br><br>Review [KB2883975](https://support.microsoft.com/help/2883975/0x80244007-error-when-windows-tries-to-scan-for-updates-on-a-wsus-serv) for instructions to resolve the issue. |
+
+## 0x80070422
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| NA | This issue occurs when the Windows Update service stops working or is not running. | Check if the Windows Update service is running.<br> |
+
+## 0x800f0821
+
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| CBS_E_ABORT; client abort, IDABORT returned by ICbsUIHandler method except Error() | CBS   transaction timeout exceeded. | A   servicing operation is taking a long time to complete.  The servicing stack watchdog timer expires   and assumes the system has hung.    Extending the timeout will mitigate the issue. Increase the machine   resources. If a virtual machine, increase virtual CPU and memory to speedup   the operation. Make sure the machine as at least the KB4493473, if not please   download and manually install it.|
+
+## 0x800f0825
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| CBS_E_CANNOT_UNINSTALL; Package cannot be uninstalled. | Typically   component store corruption caused when a component is in a partially   installed state. | Repair component store with Dism RestoreHealth command OR manually repair with   payload from the partially installed component. Open and elevated command prompt and execute the below commands, by order:<br>1. DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH<br>2. DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT<br>3. DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH<br>4. Sfc /Scannow<br>5. Reboot the machine |
+
+## 0x800F0920
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| CBS_E_HANG_DETECTED; A hang was detected while processing the operation. | Subsequent   error logged after getting 0x800f0821 | A servicing operation is taking a long time to complete. The servicing stack watchdog timer expires and assumes the system has hung.  Extending the timeout will mitigate the issue. Increase the machine resources. If a virtual machine, increase virtual CPU and memory to speedup   the operation. Make sure the machine as at least the KB4493473, if not please download and manually install it. |
+
+## 0x800f081f
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| CBS_E_SOURCE_MISSING; source for package or file not found, ResolveSource() unsuccessful | Component  Store corruption | Repair component store with Dism RestoreHealth command OR manually repair with   payload from the partially installed component. Open and elevated command prompt and execute the below commands, by order:<br>1. DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH<br>2. DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT<br>3. DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH<br>4. Sfc /Scannow<br>5. Reboot the machine |
+
+## 0x800f0831
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| CBS_E_STORE_CORRUPTION; CBS store is corrupted. | Corruption in the Windows Component  Store. | Repair component store with Dism RestoreHealth command OR manually repair with   payload from the partially installed component. Open and elevated command prompt and execute the below commands, by order:<br>1. DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH<br>2. DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT<br>3. DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH<br>4. Sfc /Scannow<br>5. Reboot the machine |
+
+## 0x80070005
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| E_ACCESSDENIED; General access denied error | File system or registry key permissions have been changed and the servicing stack doesn't have the required level of access. | This error generally means an ACCESS DENIED.<br> Go to %Windir%\logs\CBS and open the last CBS.log and search for “, error” and match with the timestamp. After finding the error, scroll up and try to determine what caused the   ACCESS DENIED, it could be acess denied to a file, registry key,etc. Determine what object needs the right permissions and change the   permissions |
+
+## 0x80070570
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| ERROR_FILE_CORRUPT; The file or directory is corrupted and unreadable. | Component Store corruption | Repair component store with Dism RestoreHealth command OR manually repair with   payload from the partially installed component. Open and elevated command prompt and execute the below commands, by order:<br>1. DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH <br> 2. DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT<br>3. DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH<br>4. Sfc /Scannow<br>5. Reboot the machine |
+
+
+## 0x80070003
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| ERROR_PATH_NOT_FOUND; The system cannot find the path specified. | The servicing stack cannot access a specific path. | Indicates an invalid path to an executable. Go to %Windir%\logs\CBS and open the last   CBS.log and search for “, error” and match with the timestamp. |
+
+
+## 0x80070020
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| ERROR_SHARING_VIOLATION | Numerous   causes.  CBS log analysis required. | This   error is usually caused by 3rd party filter drivers like Antivirus. <br> 1. [Perform a clean boot and retry the installation](https://support.microsoft.com/help/929135/)  <br> 2. Download the sysinternal tool process monitor ->   https://docs.microsoft.com/sysinternals/downloads/procmon <br> 3. Run procmon.exe. It will start data capture automatically <br> 4. Install the Update package again <br> 5. With procmon program main window in focus, press Ctrl + E or click the magnifying glass to terminate data capture <br> 6. Click File > Save > All Events > PML, and choose an adequate path to save the .PML file <br> 7. Go to %windir%\logs\cbs and open the last cbs.log file and search for the error <br> 8. After finding the error line a bit above you should have the file being accessed during the installation that is giving the sharing violation error <br> 9. In the Procmon windows filter for path and insert the file name (it should   be something like “path” “contains” “filename from CBS”) <br> 10. After checking which process is accessing that file try to stop it or uninstall it from the machine |
+
+## 0x80073701
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| ERROR_SXS_ASSEMBLY_MISSING; The referenced assembly could not be found. | Typically component store corruption caused when a component is in a partially installed state. | Repair component store with Dism RestoreHealth command OR manually repair with   payload from the partially installed component. Open and elevated command prompt and execute the below commands, by order:<br>1. DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH <br> 2. DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT<br>3. DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH<br>4. Sfc /Scannow<br>5. Reboot the machine | 
+
+## 0x8007371b
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| ERROR_SXS_TRANSACTION_CLOSURE_INCOMPLETE; One or more required members of the transaction are not present. | Component Store corruption. | Repair component store with Dism RestoreHealth command OR manually repair with   payload from the partially installed component. Open and elevated command prompt and execute the below commands, by order:<br>1. DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH <br> 2. DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT<br>3. DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH<br>4. Sfc /Scannow<br>5. Reboot the machine | 
+
+## 0x80072EFE
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WININET_E_CONNECTION_ABORTED; The connection with the server was terminated abnormally | BITS is unable to transfer the file successfully. | Encountered if BITS is broken or if the file being transferred can't be written to the destination folder on the client. This error is usually caused by connection errors while checking/downloading updates.<br> From a cmd prompt run: **BITSADMIN /LIST /ALLUSERS /VERBOSE** <br> Search for the 0x80072EFE error code. You should see a reference to a HTTP   code with a specific file, try to download it manually from your browser making sure you’re using your proxy organization settings. If it fails, check with your proxy manager to allow for the communication to be sucesfull. Also   check with your network team for this specific URL access. |
+
+## 0x80072F8F
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WININET_E_DECODING_FAILED; Content decoding has failed | TLS 1.2 is not configured correctly on the client machine. | This error generally means that the Windows Update Agent was unable to decode the   received content. You need to install and configure TLS 1.2 by installing this KB: https://support.microsoft.com/help/3140245/ 
+
+## 0x80072EE2
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WININET_E_TIMEOUT; The operation timed out | Unable to scan for updates due to a connectivity issue to WU, SCCM, or WSUS. | This error generally means that the Windows Update Agent was unable to connect to the update servers or your own configured WSUS/SCCM/MEM/etc. <br> Check with your network team if the machine is able to get to your WSUS/SCCM/MEM/etc or the internet servers. See, https://docs.microsoft.com/troubleshoot/mem/configmgr/troubleshoot-software-update-scan-failures <br> In case you’re using the public MS update servers, check that your device can access the following Windows Update endpoints: <br> http://windowsupdate.microsoft.com <br> https://*.windowsupdate.microsoft.com <br> https://*.windowsupdate.microsoft.com <br> https://*.update.microsoft.com <br> https://*.update.microsoft.com <br> https://*.windowsupdate.com <br> https://download.windowsupdate.com <br> https://download.microsoft.com <br> https://*.download.windowsupdate.com <br> https://wustat.windows.com <br>    https://ntservicepack.microsoft.com |
+
+## 0x80240022
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WU_E_ALL_UPDATES_FAILED; Operation failed for all the updates. | Multiple root causes for this error.| Most common issue is where Anti-Virus software is blocking access to certain folders (like SoftwareDistribution). CBS.log analysis needed to determine the file or folder being protected. |
+
+## 0x8024401B
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WU_E_PT_HTTP_STATUS_PROXY_AUTH_REQ; Same as HTTP status 407 - proxy authentication is required. | Unable to authenticate through a proxy server. | Either the Winhttp proxy or WinInet proxy settings are not configured correctly. This error generally means that the Windows Update Agent was unable to connect to the update servers or your own configured WSUS/SCCM/MEM/etc due to a Proxy error. <br> - Verify the proxy settings on the client, and make sure that they are configured correctly. The Windows Update Agent uses WinHTTP to scan for available updates. So, when there is a proxy server between the client and the WSUS computer, the proxy settings must be configured correctly on the clients to enable them to communicate with WSUS by using the computer's FQDN. <br> - Check with your network team and proxy team if the machine is able to get to your WSUS/SCCM7MEM/etc or the internet servers without the proxy requiring user authentication |
+
+
+## 0x80244022
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WU_E_PT_HTTP_STATUS_SERVICE_UNAVAILABLE; Same as HTTP status 503 - the service is temporarily overloaded. | Unable to connect to the configured update source. | Network troubleshooting needed to resolve the connectivity issue. Check with your network team and proxy team if the machine is able to get to your WSUS/SCCM7MEM/etc or the internet servers without the proxy requiring user authentication. |

From 8dc6c215513a38d68523028a8c101aec55d05cdd Mon Sep 17 00:00:00 2001
From: Jaime Ondrusek <jaimeo@microsoft.com>
Date: Tue, 21 Sep 2021 09:20:54 -0700
Subject: [PATCH 546/671] Update windows-update-errors.md

Various typo, style, terminology, and capitalization fixes.
---
 .../update/windows-update-errors.md           | 62 +++++++++----------
 1 file changed, 31 insertions(+), 31 deletions(-)

diff --git a/windows/deployment/update/windows-update-errors.md b/windows/deployment/update/windows-update-errors.md
index 982fac6d52..20dc038060 100644
--- a/windows/deployment/update/windows-update-errors.md
+++ b/windows/deployment/update/windows-update-errors.md
@@ -26,55 +26,55 @@ The following table provides information about common errors you might run into
 
 | Message | Description | Mitigation |
 |---------|-------------|------------|
-| WU_E_PT_ECP_SUCCEEDED_WITH_ERRORS | External cab file processing completed with some errors | One of the reasons we see this issue is due to the design of a software called Lightspeed Rocket for Web filtering. <br>Add the IP addresses of devices you want to get updates to the exceptions list of Lightspeed |
+| WU_E_PT_ECP_SUCCEEDED_WITH_ERRORS | External .cab file processing completed with some errors | This can be caused by the Lightspeed Rocket for web filtering software. <br>Add the IP addresses of devices you want to get updates to the exceptions list of Lightspeed Rocket. |
 
 ## 0x80242006
 
 | Message | Description | Mitigation |
 |---------|-------------|------------|
-| WU_E_UH_INVALIDMETADATA | A handler operation could not be completed because the update contains invalid metadata. | Rename Software Redistribution Folder and attempt to download the updates again: <br>Rename the following folders to \*.BAK: <br>- %systemroot%\system32\catroot2 <br><br>Type the following commands at a command prompt. Press ENTER after you type each command.<br>- Ren %systemroot%\SoftwareDistribution\DataStore \*.bak<br>- Ren %systemroot%\SoftwareDistribution\Download \*.bak<br>- Ren %systemroot%\system32\catroot2 \*.bak |
+| WU_E_UH_INVALIDMETADATA | A handler operation could not be completed because the update contains invalid metadata. | Rename the software redistribution folder and try to download the updates again: <br>Rename the following folders to \*.BAK: <br>- %systemroot%\system32\catroot2 <br><br>Type the following commands at a command prompt. Press ENTER after you type each command.<br>- Ren %systemroot%\SoftwareDistribution\DataStore \*.bak<br>- Ren %systemroot%\SoftwareDistribution\Download \*.bak<br>- Ren %systemroot%\system32\catroot2 \*.bak |
 
 ## 0x80070BC9
 
 | Message | Description | Mitigation |
 |---------|-------------|------------|
-| ERROR_FAIL_REBOOT_REQUIRED | The requested operation failed. A system reboot is required to roll back changes made. | Ensure that you don't have any policies that control the start behavior for the Windows Module Installer. This service should be managed by the operating system |
+| ERROR_FAIL_REBOOT_REQUIRED | The requested operation failed. Restart the system to roll back changes made. | Ensure that you don't have any policies that control the start behavior for the Windows Module Installer. This service should be managed by the operating system. |
 
 ## 0x80200053
 
 | Message | Description | Mitigation |
 |---------|-------------|------------|
-| BG_E_VALIDATION_FAILED | NA | Ensure that there are no firewalls that filter downloads. Such filtering could lead to incorrect responses being received by the Windows Update Client.<br><br>If the issue still persists, run the [Windows Update reset script](https://gallery.technet.microsoft.com/scriptcenter/Reset-Windows-Update-Agent-d824badc).|
+| BG_E_VALIDATION_FAILED | NA | Ensure that there are no firewalls that filter downloads. Such filtering could lead to incorrect responses being received by the Windows Update client.<br><br>If the issue still persists, run the [Windows Update reset script](https://gallery.technet.microsoft.com/scriptcenter/Reset-Windows-Update-Agent-d824badc).|
 
 ## 0x80072EFD or 0x80072EFE or 0x80D02002
 
 | Message | Description | Mitigation |
 |---------|-------------|------------|
-| TIME_OUT_ERRORS | The operation timed out | Make sure there are no firewall rules or proxy to block Microsoft download URLs. <br>Take a network monitor trace to understand better. \<Refer to Firewall Troubleshooting scenario> |
+| TIME_OUT_ERRORS | The operation timed out | Make sure there are no firewall rules or proxies that block Microsoft download URLs. <br>Take a network monitor trace to understand better. \<Refer to Firewall Troubleshooting scenario> |
 
 ## 0X8007000D
 
 | Message | Description | Mitigation |
 |---------|-------------|------------|
-| ERROR_INVALID_DATA | Indicates invalid data downloaded or corruption occurred.| Attempt to re-download the update and initiate installation. |
+| ERROR_INVALID_DATA | Indicates data that isn't valid was downloaded or corruption occurred.| Attempt to re-download the update and start installation. |
 
 ## 0x8024A10A
 
 | Message | Description | Mitigation |
 |---------|-------------|------------|
-| USO_E_SERVICE_SHUTTING_DOWN  | Indicates that the Windows Update Service is shutting down. | This can occur after a very long period of time of inactivity, the system failing to respond leading to the service being idle and causing the service to shut down. Ensure that the system remains active and the connections remain established to complete the upgrade. |
+| USO_E_SERVICE_SHUTTING_DOWN  | Indicates that the Windows Update Service is shutting down. | This can occur after a very long period of time of inactivity. The system fails to respond, leading to the service being idle and causing the service to shut down. Ensure that the system remains active and the connections remain established to complete the installation. |
 
 ## 0x80240020
 
 | Message | Description | Mitigation |
 |---------|-------------|------------|
-| WU_E_NO_INTERACTIVE_USER | Operation did not complete because there is no logged-on interactive user. | Sign in to the device to start the installation and allow the device to restart. |
+| WU_E_NO_INTERACTIVE_USER | Operation did not complete because no interactive user is signed in. | Sign in to the device to start the installation and allow the device to restart. |
 
 ## 0x80242014
 
 | Message | Description | Mitigation |
 |---------|-------------|------------|
-| WU_E_UH_POSTREBOOTSTILLPENDING | The post-restart operation for the update is still in progress. | Some Windows Updates require the device to be restarted. Restart the device to complete update nstallation. |
+| WU_E_UH_POSTREBOOTSTILLPENDING | The post-restart operation for the update is still in progress. | Some Windows updates require the device to be restarted. Restart the device to complete update installation. |
 
 ## 0x80246017
 
@@ -86,134 +86,134 @@ The following table provides information about common errors you might run into
 
 | Message | Description | Mitigation |
 |---------|-------------|------------|
-| WU_E_CALL_CANCELLED | Operation was canceled. | The operation was canceled by the user or service. You might also receive this error when we are unable to filter the results. Run the [Decline Superseded PowerShell script](https://gallery.technet.microsoft.com/scriptcenter/Cleanup-WSUS-server-4424c9d6) to allow the filtering process to complete. |
+| WU_E_CALL_CANCELLED | Operation was canceled. | The operation was canceled by the user or service. You might also receive this error when we're unable to filter the results. Run the [Decline Superseded PowerShell script](https://gallery.technet.microsoft.com/scriptcenter/Cleanup-WSUS-server-4424c9d6) to allow the filtering process to complete. |
 
 ## 0x8024000E
 
 | Message | Description | Mitigation |
 |---------|-------------|------------|
-| WU_E_XML_INVALID | Windows Update Agent found invalid information in the update's XML data. | Certain drivers contain additional metadata information in the update.xml, which could lead Orchestrator to understand it as invalid data. Ensure that you have the latest Windows Update Agent installed on the machine. |
+| WU_E_XML_INVALID | Windows Update Agent found information in the update's XML data that isn't valid. | Certain drivers contain additional metadata information in Update.xml, which Orchestrator can interpret as data that isn't valid. Ensure that you have the latest Windows Update Agent installed on the device. |
 
 ## 0x8024D009
 
 | Message | Description | Mitigation |
 |---------|-------------|------------|
-| WU_E_SETUP_SKIP_UPDATE | An update to the Windows Update Agent was skipped due to a directive in the wuident.cab file. | You may encounter this error when WSUS is not sending the Self-update to the clients.<br><br>Review [KB920659](https://support.microsoft.com/help/920659/the-microsoft-windows-server-update-services-wsus-selfupdate-service-d) for instructions to resolve the issue. |
+| WU_E_SETUP_SKIP_UPDATE | An update to the Windows Update Agent was skipped due to a directive in the Wuident.cab file. | You might encounter this error when WSUS is not sending the self-update to the clients.<br><br>Review [KB920659](https://support.microsoft.com/help/920659/the-microsoft-windows-server-update-services-wsus-selfupdate-service-d) for instructions to resolve the issue. |
 
 ## 0x80244007
 
 | Message | Description | Mitigation |
 |---------|-------------|------------|
-| WU_E_PT_SOAPCLIENT_SOAPFAULT | SOAP client failed because there was a SOAP fault for reasons of WU_E_PT_SOAP_\* error codes. | This issue occurs because Windows cannot renew the cookies for Windows Update.  <br><br>Review [KB2883975](https://support.microsoft.com/help/2883975/0x80244007-error-when-windows-tries-to-scan-for-updates-on-a-wsus-serv) for instructions to resolve the issue. |
+| WU_E_PT_SOAPCLIENT_SOAPFAULT | SOAP client failed because there was a SOAP fault for reasons of WU_E_PT_SOAP_\* error codes. | This issue occurs because Windows can't renew the cookies for Windows Update.  <br><br>Review [KB2883975](https://support.microsoft.com/help/2883975/0x80244007-error-when-windows-tries-to-scan-for-updates-on-a-wsus-serv) for instructions to resolve the issue. |
 
 ## 0x80070422
 
 | Message | Description | Mitigation |
 |---------|-------------|------------|
-| NA | This issue occurs when the Windows Update service stops working or is not running. | Check if the Windows Update service is running.<br> |
+| NA | This issue occurs when the Windows Update service stops working or isn't running. | Check if the Windows Update service is running.<br> |
 
 ## 0x800f0821
 
 
 | Message | Description | Mitigation |
 |---------|-------------|------------|
-| CBS_E_ABORT; client abort, IDABORT returned by ICbsUIHandler method except Error() | CBS   transaction timeout exceeded. | A   servicing operation is taking a long time to complete.  The servicing stack watchdog timer expires   and assumes the system has hung.    Extending the timeout will mitigate the issue. Increase the machine   resources. If a virtual machine, increase virtual CPU and memory to speedup   the operation. Make sure the machine as at least the KB4493473, if not please   download and manually install it.|
+| CBS_E_ABORT; client abort, IDABORT returned by ICbsUIHandler method except Error() | CBS   transaction timeout exceeded. | A servicing operation is taking a long time to complete. The servicing stack watchdog timer expires. Extending the timeout will mitigate the issue. Increase the resources on the device. If a virtual machine, increase virtual CPU and memory to speed up operations. Make sure the has installed the update in KB4493473 or later.|
 
 ## 0x800f0825
 
 | Message | Description | Mitigation |
 |---------|-------------|------------|
-| CBS_E_CANNOT_UNINSTALL; Package cannot be uninstalled. | Typically   component store corruption caused when a component is in a partially   installed state. | Repair component store with Dism RestoreHealth command OR manually repair with   payload from the partially installed component. Open and elevated command prompt and execute the below commands, by order:<br>1. DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH<br>2. DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT<br>3. DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH<br>4. Sfc /Scannow<br>5. Reboot the machine |
+| CBS_E_CANNOT_UNINSTALL; Package cannot be uninstalled. | Typically this is due component store corruption caused when a component is in a partially installed state. | Repair the component store with the **Dism RestoreHealth** command or manually repair with a payload from the partially installed component. From an elevated command prompt, run these commands:<br>*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*<br>*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*<br>*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*<br>*Sfc /Scannow*<br> Restart the device. |
 
 ## 0x800F0920
 
 | Message | Description | Mitigation |
 |---------|-------------|------------|
-| CBS_E_HANG_DETECTED; A hang was detected while processing the operation. | Subsequent   error logged after getting 0x800f0821 | A servicing operation is taking a long time to complete. The servicing stack watchdog timer expires and assumes the system has hung.  Extending the timeout will mitigate the issue. Increase the machine resources. If a virtual machine, increase virtual CPU and memory to speedup   the operation. Make sure the machine as at least the KB4493473, if not please download and manually install it. |
+| CBS_E_HANG_DETECTED; A failure to respond was detected while processing the operation. | Subsequent error logged after getting 0x800f0821 | A servicing operation is taking a long time to complete. The servicing stack watchdog timer expires and assumes the system has stopped responding.  Extending the timeout will mitigate the issue. Increase the resources on the device. If a virtual machine, increase virtual CPU and memory to speed up operations. Make sure the device has installed the update in KB4493473 or later.|
 
 ## 0x800f081f
 
 | Message | Description | Mitigation |
 |---------|-------------|------------|
-| CBS_E_SOURCE_MISSING; source for package or file not found, ResolveSource() unsuccessful | Component  Store corruption | Repair component store with Dism RestoreHealth command OR manually repair with   payload from the partially installed component. Open and elevated command prompt and execute the below commands, by order:<br>1. DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH<br>2. DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT<br>3. DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH<br>4. Sfc /Scannow<br>5. Reboot the machine |
+| CBS_E_SOURCE_MISSING; source for package or file not found, ResolveSource() unsuccessful | Component Store corruption | Repair the component store with the **Dism RestoreHealth** command or manually repair with the payload from the partially installed component. From an elevated command prompt and run these commands:<br>*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*<br>*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*<br>*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*<br>*Sfc /Scannow*<br> Restart the device. |
 
 ## 0x800f0831
 
 | Message | Description | Mitigation |
 |---------|-------------|------------|
-| CBS_E_STORE_CORRUPTION; CBS store is corrupted. | Corruption in the Windows Component  Store. | Repair component store with Dism RestoreHealth command OR manually repair with   payload from the partially installed component. Open and elevated command prompt and execute the below commands, by order:<br>1. DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH<br>2. DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT<br>3. DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH<br>4. Sfc /Scannow<br>5. Reboot the machine |
+| CBS_E_STORE_CORRUPTION; CBS store is corrupted. | Corruption in the Windows Component  Store. | Repair the component store with **Dism RestoreHealth** or manually repair with   the payload from the partially installed component. From an elevated command prompt and run these commands:<br>*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*<br>*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*<br>*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*<br>*Sfc /Scannow*<br> Restart the device.  |
 
 ## 0x80070005
 
 | Message | Description | Mitigation |
 |---------|-------------|------------|
-| E_ACCESSDENIED; General access denied error | File system or registry key permissions have been changed and the servicing stack doesn't have the required level of access. | This error generally means an ACCESS DENIED.<br> Go to %Windir%\logs\CBS and open the last CBS.log and search for “, error” and match with the timestamp. After finding the error, scroll up and try to determine what caused the   ACCESS DENIED, it could be acess denied to a file, registry key,etc. Determine what object needs the right permissions and change the   permissions |
+| E_ACCESSDENIED; General access denied error | File system or registry key permissions have been changed and the servicing stack doesn't have the required level of access. | This error generally means an access was denied.<br> Go to %Windir%\logs\CBS, open the last CBS.log and search for “, error” and match with the timestamp. After finding the error, scroll up and try to determine what caused the access denial. It could be acess denied to a file, registry key. Determine what object needs the right permissions and change the permissions as needed. |
 
 ## 0x80070570
 
 | Message | Description | Mitigation |
 |---------|-------------|------------|
-| ERROR_FILE_CORRUPT; The file or directory is corrupted and unreadable. | Component Store corruption | Repair component store with Dism RestoreHealth command OR manually repair with   payload from the partially installed component. Open and elevated command prompt and execute the below commands, by order:<br>1. DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH <br> 2. DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT<br>3. DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH<br>4. Sfc /Scannow<br>5. Reboot the machine |
+| ERROR_FILE_CORRUPT; The file or directory is corrupted and unreadable. | Component Store corruption | Repair the component store with **Dism RestoreHealth** or manually repair with the payload from the partially installed component. From an elevated command prompt and run these commands:<br>*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*<br>*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*<br>*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*<br>*Sfc /Scannow*<br> Restart the device.|
 
 
 ## 0x80070003
 
 | Message | Description | Mitigation |
 |---------|-------------|------------|
-| ERROR_PATH_NOT_FOUND; The system cannot find the path specified. | The servicing stack cannot access a specific path. | Indicates an invalid path to an executable. Go to %Windir%\logs\CBS and open the last   CBS.log and search for “, error” and match with the timestamp. |
+| ERROR_PATH_NOT_FOUND; The system cannot find the path specified. | The servicing stack cannot access a specific path. | Indicates an invalid path to an executable. Go to %Windir%\logs\CBS, open the last CBS.log, and search for “, error” and match with the timestamp. |
 
 
 ## 0x80070020
 
 | Message | Description | Mitigation |
 |---------|-------------|------------|
-| ERROR_SHARING_VIOLATION | Numerous   causes.  CBS log analysis required. | This   error is usually caused by 3rd party filter drivers like Antivirus. <br> 1. [Perform a clean boot and retry the installation](https://support.microsoft.com/help/929135/)  <br> 2. Download the sysinternal tool process monitor ->   https://docs.microsoft.com/sysinternals/downloads/procmon <br> 3. Run procmon.exe. It will start data capture automatically <br> 4. Install the Update package again <br> 5. With procmon program main window in focus, press Ctrl + E or click the magnifying glass to terminate data capture <br> 6. Click File > Save > All Events > PML, and choose an adequate path to save the .PML file <br> 7. Go to %windir%\logs\cbs and open the last cbs.log file and search for the error <br> 8. After finding the error line a bit above you should have the file being accessed during the installation that is giving the sharing violation error <br> 9. In the Procmon windows filter for path and insert the file name (it should   be something like “path” “contains” “filename from CBS”) <br> 10. After checking which process is accessing that file try to stop it or uninstall it from the machine |
+| ERROR_SHARING_VIOLATION | Numerous causes. CBS log analysis required. | This error is usually caused by non-Microsoft filter drivers like antivirus. <br> 1. [Perform a clean boot and retry the installation](https://support.microsoft.com/help/929135/)  <br> 2. Download the sysinternal tool [Process Monitor](https://docs.microsoft.com/sysinternals/downloads/procmon). <br> 3. Run Procmon.exe. It will start data capture automatically. <br> 4. Install the update package again <br> 5. With the Process Monitor main window in focus, press CTRL + E or select the magnifying glass to stop data capture. <br> 6. Select **File > Save > All Events > PML**, and choose a path to save the .PML file <br> 7. Go to %windir%\logs\cbs, open the last Cbs.log file, and search for the error. After finding the error line a bit above, you should have the file being accessed during the installation that is giving the sharing violation error <br> 8. In Process Monitor, filter for path and insert the file name (it should be something like “path” “contains” “filename from CBS”). <br> 9. Try to stop it or uninstall the process causing the error. |
 
 ## 0x80073701
 
 | Message | Description | Mitigation |
 |---------|-------------|------------|
-| ERROR_SXS_ASSEMBLY_MISSING; The referenced assembly could not be found. | Typically component store corruption caused when a component is in a partially installed state. | Repair component store with Dism RestoreHealth command OR manually repair with   payload from the partially installed component. Open and elevated command prompt and execute the below commands, by order:<br>1. DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH <br> 2. DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT<br>3. DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH<br>4. Sfc /Scannow<br>5. Reboot the machine | 
+| ERROR_SXS_ASSEMBLY_MISSING; The referenced assembly could not be found. | Typically, a component store corruption caused when a component is in a partially installed state. | Repair the component store with **Dism RestoreHealth command** or manually repair it with the payload from the partially installed component. From an elevated command prompt and run these commands:<br>*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*<br>*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*<br>*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*<br>*Sfc /Scannow*<br> Restart the device. | 
 
 ## 0x8007371b
 
 | Message | Description | Mitigation |
 |---------|-------------|------------|
-| ERROR_SXS_TRANSACTION_CLOSURE_INCOMPLETE; One or more required members of the transaction are not present. | Component Store corruption. | Repair component store with Dism RestoreHealth command OR manually repair with   payload from the partially installed component. Open and elevated command prompt and execute the below commands, by order:<br>1. DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH <br> 2. DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT<br>3. DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH<br>4. Sfc /Scannow<br>5. Reboot the machine | 
+| ERROR_SXS_TRANSACTION_CLOSURE_INCOMPLETE; One or more required members of the transaction are not present. | Component Store corruption. | Repair the component store with **Dism RestoreHealth command** or manually repair it with the payload from the partially installed component. From an elevated command prompt and run these commands:<br>*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*<br>*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*<br>*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*<br>*Sfc /Scannow*<br> Restart the device. | 
 
 ## 0x80072EFE
 
 | Message | Description | Mitigation |
 |---------|-------------|------------|
-| WININET_E_CONNECTION_ABORTED; The connection with the server was terminated abnormally | BITS is unable to transfer the file successfully. | Encountered if BITS is broken or if the file being transferred can't be written to the destination folder on the client. This error is usually caused by connection errors while checking/downloading updates.<br> From a cmd prompt run: **BITSADMIN /LIST /ALLUSERS /VERBOSE** <br> Search for the 0x80072EFE error code. You should see a reference to a HTTP   code with a specific file, try to download it manually from your browser making sure you’re using your proxy organization settings. If it fails, check with your proxy manager to allow for the communication to be sucesfull. Also   check with your network team for this specific URL access. |
+| WININET_E_CONNECTION_ABORTED; The connection with the server was closed abnormally | BITS is unable to transfer the file successfully. | Encountered if BITS is broken or if the file being transferred can't be written to the destination folder on the client. This error is usually caused by connection errors while checking or downloading updates.<br> From a cmd prompt run: *BITSADMIN /LIST /ALLUSERS /VERBOSE* <br> Search for the 0x80072EFE error code. You should see a reference to an HTTP code with a specific file. Using a browser, try to download it manually, making sure you’re using your organization's proxy settings. If the download fails, check with your proxy manager to allow for the communication to be sucesfull. Also check with your network team for this specific URL access. |
 
 ## 0x80072F8F
 
 | Message | Description | Mitigation |
 |---------|-------------|------------|
-| WININET_E_DECODING_FAILED; Content decoding has failed | TLS 1.2 is not configured correctly on the client machine. | This error generally means that the Windows Update Agent was unable to decode the   received content. You need to install and configure TLS 1.2 by installing this KB: https://support.microsoft.com/help/3140245/ 
+| WININET_E_DECODING_FAILED; Content decoding has failed | TLS 1.2 is not configured correctly on the client. | This error generally means that the Windows Update Agent was unable to decode the received content. Install and configure TLS 1.2 by installing the update in [KB3140245](https://support.microsoft.com/help/3140245/). 
 
 ## 0x80072EE2
 
 | Message | Description | Mitigation |
 |---------|-------------|------------|
-| WININET_E_TIMEOUT; The operation timed out | Unable to scan for updates due to a connectivity issue to WU, SCCM, or WSUS. | This error generally means that the Windows Update Agent was unable to connect to the update servers or your own configured WSUS/SCCM/MEM/etc. <br> Check with your network team if the machine is able to get to your WSUS/SCCM/MEM/etc or the internet servers. See, https://docs.microsoft.com/troubleshoot/mem/configmgr/troubleshoot-software-update-scan-failures <br> In case you’re using the public MS update servers, check that your device can access the following Windows Update endpoints: <br> http://windowsupdate.microsoft.com <br> https://*.windowsupdate.microsoft.com <br> https://*.windowsupdate.microsoft.com <br> https://*.update.microsoft.com <br> https://*.update.microsoft.com <br> https://*.windowsupdate.com <br> https://download.windowsupdate.com <br> https://download.microsoft.com <br> https://*.download.windowsupdate.com <br> https://wustat.windows.com <br>    https://ntservicepack.microsoft.com |
+| WININET_E_TIMEOUT; The operation timed out | Unable to scan for updates due to a connectivity issue to Windows Update, Configuration Manager, or WSUS. | This error generally means that the Windows Update Agent was unable to connect to the update servers or your own source, such as WSUS, Configuration Manager, or Microsoft Endpoint Manager. <br> Check with your network team to ensure that the device can reach the update sources. For more info, see [Troubleshoot software update scan failures in Configuration Manager](/mem/configmgr/troubleshoot-software-update-scan-failures). <br> If you’re using the public Microsoft update servers, check that your device can access the following Windows Update endpoints: <br> `http://windowsupdate.microsoft.com` <br> https://*.windowsupdate.microsoft.com <br> https://*.windowsupdate.microsoft.com <br> https://*.update.microsoft.com <br> https://*.update.microsoft.com <br> https://*.windowsupdate.com <br> https://download.windowsupdate.com <br> https://download.microsoft.com <br> https://*.download.windowsupdate.com <br> https://wustat.windows.com <br> https://ntservicepack.microsoft.com |
 
 ## 0x80240022
 
 | Message | Description | Mitigation |
 |---------|-------------|------------|
-| WU_E_ALL_UPDATES_FAILED; Operation failed for all the updates. | Multiple root causes for this error.| Most common issue is where Anti-Virus software is blocking access to certain folders (like SoftwareDistribution). CBS.log analysis needed to determine the file or folder being protected. |
+| WU_E_ALL_UPDATES_FAILED; Operation failed for all the updates. | Multiple root causes for this error.| Most common issue is that antivirus software is blocking access to certain folders (like SoftwareDistribution). CBS.log analysis needed to determine the file or folder being protected. |
 
 ## 0x8024401B
 
 | Message | Description | Mitigation |
 |---------|-------------|------------|
-| WU_E_PT_HTTP_STATUS_PROXY_AUTH_REQ; Same as HTTP status 407 - proxy authentication is required. | Unable to authenticate through a proxy server. | Either the Winhttp proxy or WinInet proxy settings are not configured correctly. This error generally means that the Windows Update Agent was unable to connect to the update servers or your own configured WSUS/SCCM/MEM/etc due to a Proxy error. <br> - Verify the proxy settings on the client, and make sure that they are configured correctly. The Windows Update Agent uses WinHTTP to scan for available updates. So, when there is a proxy server between the client and the WSUS computer, the proxy settings must be configured correctly on the clients to enable them to communicate with WSUS by using the computer's FQDN. <br> - Check with your network team and proxy team if the machine is able to get to your WSUS/SCCM7MEM/etc or the internet servers without the proxy requiring user authentication |
+| WU_E_PT_HTTP_STATUS_PROXY_AUTH_REQ; Same as HTTP status 407 - proxy authentication is required. | Unable to authenticate through a proxy server. | Either the Winhttp proxy or WinInet proxy settings are not configured correctly. This error generally means that the Windows Update Agent was unable to connect to the update servers or your own update source, such as WSUS, Configuration Manager, or Microsoft Endpoint Manager, due to a proxy error. <br> Verify the proxy settings on the client. The Windows Update Agent uses WinHTTP to scan for available updates. When there is a proxy server between the client and the update source, the proxy settings must be configured correctly on the clients to enable them to communicate by using the source's FQDN. <br> Check with your network and proxy teams to confirm that the device can the update source without the proxy requiring user authentication. |
 
 
 ## 0x80244022
 
 | Message | Description | Mitigation |
 |---------|-------------|------------|
-| WU_E_PT_HTTP_STATUS_SERVICE_UNAVAILABLE; Same as HTTP status 503 - the service is temporarily overloaded. | Unable to connect to the configured update source. | Network troubleshooting needed to resolve the connectivity issue. Check with your network team and proxy team if the machine is able to get to your WSUS/SCCM7MEM/etc or the internet servers without the proxy requiring user authentication. |
+| WU_E_PT_HTTP_STATUS_SERVICE_UNAVAILABLE; Same as HTTP status 503 - the service is temporarily overloaded. | Unable to connect to the configured update source. | Network troubleshooting needed to resolve the connectivity issue. Check with your network and proxy teams to confirm that the device can the update source without the proxy requiring user authentication. |

From 127e66abde712accc1c7a8c26c5acc2f981c9d67 Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Tue, 21 Sep 2021 12:29:41 -0400
Subject: [PATCH 547/671] final updates, hopefully

---
 .../guidelines-for-assigned-access-app.md     |  4 +-
 .../multi-app-kiosk-support-windows11.md      | 12 ++++++
 .../kiosk-additional-reference.md             |  4 +-
 windows/configuration/kiosk-methods.md        | 22 +++++-----
 windows/configuration/kiosk-prepare.md        |  4 +-
 windows/configuration/kiosk-shelllauncher.md  |  4 +-
 windows/configuration/kiosk-single-app.md     | 40 ++++++++++---------
 windows/configuration/kiosk-troubleshoot.md   |  5 ++-
 windows/configuration/kiosk-xml.md            | 14 +++++--
 .../lock-down-windows-10-to-specific-apps.md  | 27 +++++++------
 .../set-up-shared-or-guest-pc.md              |  8 ++--
 .../configuration/setup-digital-signage.md    |  6 +--
 12 files changed, 88 insertions(+), 62 deletions(-)
 create mode 100644 windows/configuration/includes/multi-app-kiosk-support-windows11.md

diff --git a/windows/configuration/guidelines-for-assigned-access-app.md b/windows/configuration/guidelines-for-assigned-access-app.md
index 2969e1dd6f..cab2a5e86d 100644
--- a/windows/configuration/guidelines-for-assigned-access-app.md
+++ b/windows/configuration/guidelines-for-assigned-access-app.md
@@ -2,7 +2,7 @@
 title: Guidelines for choosing an app for assigned access (Windows 10/11)
 description: The following guidelines may help you choose an appropriate Windows app for your assigned access experience.
 keywords: ["kiosk", "lockdown", "assigned access"]
-ms.prod: w10
+ms.prod: w10, w11
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: greg-lindsay
@@ -56,7 +56,7 @@ In Windows client, you can install the **Kiosk Browser** app from Microsoft to u
 >Kiosk Browser cannot access intranet websites.
 
 
-**Kiosk Browser** must be downloaded for offline licensing using Microsoft Store For Business. You can deploy **Kiosk Browser** to devices running Windows 10, version 1803 (Pro, Business, Enterprise, and Education) / Windows 11.
+**Kiosk Browser** must be downloaded for offline licensing using Microsoft Store For Business. You can deploy **Kiosk Browser** to devices running Windows 10, version 1803 (Pro, Business, Enterprise, and Education) and Windows 11.
 
 1. [Get **Kiosk Browser** in Microsoft Store for Business with offline license type.](/microsoft-store/acquire-apps-microsoft-store-for-business#acquire-apps)
 2. [Deploy **Kiosk Browser** to kiosk devices.](/microsoft-store/distribute-offline-apps)
diff --git a/windows/configuration/includes/multi-app-kiosk-support-windows11.md b/windows/configuration/includes/multi-app-kiosk-support-windows11.md
new file mode 100644
index 0000000000..0213f9a5ac
--- /dev/null
+++ b/windows/configuration/includes/multi-app-kiosk-support-windows11.md
@@ -0,0 +1,12 @@
+---
+author: MandiOhlinger
+ms.author: mandia
+ms.date: 09/21/2021
+ms.reviewer: 
+audience: itpro
+manager: dansimp
+ms.prod: w10
+ms.topic: include
+---
+
+Currently, multi-app kiosk is only supported on Windows 10. It's not supported on Windows 11.
\ No newline at end of file
diff --git a/windows/configuration/kiosk-additional-reference.md b/windows/configuration/kiosk-additional-reference.md
index 666ea49c71..89636e3e37 100644
--- a/windows/configuration/kiosk-additional-reference.md
+++ b/windows/configuration/kiosk-additional-reference.md
@@ -6,7 +6,7 @@ ms.reviewer:
 manager: dansimp
 ms.author: greglin
 keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"]
-ms.prod: w10
+ms.prod: w10, w11
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: greg-lindsay
@@ -32,7 +32,7 @@ Topic | Description
 [Guidelines for choosing an app for assigned access (kiosk mode)](guidelines-for-assigned-access-app.md) | These guidelines will help you choose an appropriate Windows app for your assigned access experience.
 [Policies enforced on kiosk devices](kiosk-policies.md) | Learn about the policies enforced on a device when you configure it as a kiosk.
 [Assigned access XML reference](kiosk-xml.md) | The XML and XSD for kiosk device configuration.
-[Use AppLocker to create a Windows client kiosk](lock-down-windows-10-applocker.md) | Learn how to use AppLocker to configure a kiosk device running Windows 10 Enterprise or Windows 10 Education, version 1703 and earlier, so that users can only run a few specific apps.
+[Use AppLocker to create a Windows client kiosk](lock-down-windows-10-applocker.md) | Learn how to use AppLocker to configure a Windows client kiosk device running Enterprise or Education so that users can only run a few specific apps.
 [Use Shell Launcher to create a Windows client kiosk](kiosk-shelllauncher.md) |  Using Shell Launcher, you can configure a kiosk device that runs a Windows application as the user interface.
 [Use MDM Bridge WMI Provider to create a Windows client kiosk](kiosk-mdm-bridge.md) | Environments that use Windows Management Instrumentation (WMI) can use the MDM Bridge WMI Provider to configure the MDM_AssignedAccess class.
 [Troubleshoot kiosk mode issues](kiosk-troubleshoot.md) | Tips for troubleshooting multi-app kiosk configuration.
diff --git a/windows/configuration/kiosk-methods.md b/windows/configuration/kiosk-methods.md
index 2ae60be203..62f44d516d 100644
--- a/windows/configuration/kiosk-methods.md
+++ b/windows/configuration/kiosk-methods.md
@@ -1,10 +1,10 @@
 ---
-title: Configure kiosks and digital signs on Windows desktop editions (Windows 10/11)
+title: Configure kiosks and digital signs on Windows 10/11 desktop editions
 ms.reviewer: 
 manager: dansimp
 ms.author: greglin
 description: In this article, learn about the methods for configuring kiosks and digital signs on Windows 10 or Windows 11 desktop editions.
-ms.prod: w10
+ms.prod: w10, w11
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -34,7 +34,7 @@ Some desktop devices in an enterprise serve a special purpose. For example, a PC
 - **A multi-app kiosk**: Runs one or more apps from the desktop. People using the kiosk see a customized Start that shows only the tiles for the apps that are allowed. With this approach, you can configure a locked-down experience for different account types. 
 
   > [!NOTE]
-  > Currently, multi-app kiosk is only supported on Windows 10. It's not supported on Windows 11.
+  > [!INCLUDE [Multi-app kiosk mode not supported on Windows 11](./includes/multi-app-kiosk-support-windows11.md)]
 
   A multi-app kiosk is appropriate for devices that are shared by multiple people. When you configure a multi-app kiosk, [specific policies are enforced](kiosk-policies.md) that will affect **all** non-administrator users on the device. 
 
@@ -72,8 +72,6 @@ There are several kiosk configuration methods that you can choose from, dependin
 >[!IMPORTANT]
 >Single-app kiosk mode isn't supported over a remote desktop connection. Your kiosk users must sign in on the physical device that is set up as a kiosk.
 
-<span id="uwp" />
-
 ## Methods for a single-app kiosk running a UWP app
 
 You can use this method | For this edition | For this kiosk account type 
@@ -108,13 +106,13 @@ You can use this method | For this edition | For this kiosk account type
 
 Method | App type | Account type | Single-app kiosk | Multi-app kiosk
 --- | --- | --- | :---: | :---:
-[Assigned access in Settings](kiosk-single-app.md#local) | UWP | Local account | X  |
-[Assigned access cmdlets](kiosk-single-app.md#powershell) | UWP | Local account | X |
-[The kiosk wizard in Windows Configuration Designer](kiosk-single-app.md#wizard) | UWP, Windows desktop app | Local standard user, Active Directory, Azure AD | X  |
-[XML in a provisioning package](lock-down-windows-10-to-specific-apps.md)  | UWP, Windows desktop app | Local standard user, Active Directory, Azure AD | X  | X
-Microsoft Intune or other MDM [for full-screen single-app kiosk](kiosk-single-app.md#mdm) or [for multi-app kiosk with desktop](lock-down-windows-10-to-specific-apps.md) | UWP, Windows desktop app | Local standard user, Azure AD | X | X
-[Shell Launcher](kiosk-shelllauncher.md) |Windows desktop app | Local standard user, Active Directory, Azure AD | X | 
-[MDM Bridge WMI Provider](kiosk-mdm-bridge.md) | UWP, Windows desktop app | Local standard user, Active Directory, Azure AD |  | X
+[Assigned access in Settings](kiosk-single-app.md#local) | UWP | Local account | ✔️  |
+[Assigned access cmdlets](kiosk-single-app.md#powershell) | UWP | Local account | ✔️ |
+[The kiosk wizard in Windows Configuration Designer](kiosk-single-app.md#wizard) | UWP, Windows desktop app | Local standard user, Active Directory, Azure AD | ✔️  |
+[XML in a provisioning package](lock-down-windows-10-to-specific-apps.md)  | UWP, Windows desktop app | Local standard user, Active Directory, Azure AD | ✔️  | ✔️
+Microsoft Intune or other MDM [for full-screen single-app kiosk](kiosk-single-app.md#mdm) or [for multi-app kiosk with desktop](lock-down-windows-10-to-specific-apps.md) | UWP, Windows desktop app | Local standard user, Azure AD | ✔️ | ✔️
+[Shell Launcher](kiosk-shelllauncher.md) |Windows desktop app | Local standard user, Active Directory, Azure AD | ✔️ | 
+[MDM Bridge WMI Provider](kiosk-mdm-bridge.md) | UWP, Windows desktop app | Local standard user, Active Directory, Azure AD |  | ✔️
 
 
 >[!NOTE]
diff --git a/windows/configuration/kiosk-prepare.md b/windows/configuration/kiosk-prepare.md
index e93b571a4b..d520d448f6 100644
--- a/windows/configuration/kiosk-prepare.md
+++ b/windows/configuration/kiosk-prepare.md
@@ -1,12 +1,12 @@
 ---
-title: Prepare a device for kiosk configuration (Windows 10/11) | Microsoft Docs
+title: Prepare a device for kiosk configuration on Windows 10/11 | Microsoft Docs
 description: Learn how to prepare a device for kiosk configuration. Also, learn about the recommended kiosk configuration changes.
 ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
 ms.reviewer: 
 manager: dansimp
 ms.author: greglin
 keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"]
-ms.prod: w10
+ms.prod: w10, w11
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: greg-lindsay
diff --git a/windows/configuration/kiosk-shelllauncher.md b/windows/configuration/kiosk-shelllauncher.md
index 5c54ed24d0..01aa705dba 100644
--- a/windows/configuration/kiosk-shelllauncher.md
+++ b/windows/configuration/kiosk-shelllauncher.md
@@ -6,7 +6,7 @@ ms.reviewer:
 manager: dansimp
 ms.author: greglin
 keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"]
-ms.prod: w10
+ms.prod: w10, w11
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: greg-lindsay
@@ -31,7 +31,7 @@ Using Shell Launcher, you can configure a device that runs an application as the
 >- [AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview) - Application control policies
 >- [Mobile Device Management](/windows/client-management/mdm) - Enterprise management of device security policies
 
-You can apply a custom shell through Shell Launcher [by using PowerShell](#configure-a-custom-shell-using-powershell). In Windows 10 version 1803+ / Windows 11, you can also [use mobile device management (MDM)](#configure-a-custom-shell-in-mdm) to apply a custom shell through Shell Launcher.
+You can apply a custom shell through Shell Launcher [by using PowerShell](#configure-a-custom-shell-using-powershell). Starting with Windows 10 version 1803+, you can also [use mobile device management (MDM)](#configure-a-custom-shell-in-mdm) to apply a custom shell through Shell Launcher.
 
 
 ## Differences between Shell Launcher v1 and Shell Launcher v2
diff --git a/windows/configuration/kiosk-single-app.md b/windows/configuration/kiosk-single-app.md
index a4d89ffa8f..134b87cdfa 100644
--- a/windows/configuration/kiosk-single-app.md
+++ b/windows/configuration/kiosk-single-app.md
@@ -1,21 +1,21 @@
 ---
-title: Set up a single-app kiosk (Windows 10/11)
-description: A single-use device is easy to set up in Windows 10 for desktop editions (Pro, Enterprise, and Education).
+title: Set up a single-app kiosk on Windows 10/11
+description: A single-use device is easy to set up in Windows 10 and Windows 11 for desktop editions (Pro, Enterprise, and Education).
 ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
 ms.reviewer: 
 manager: dansimp
 ms.author: greglin
 keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"]
-ms.prod: w10
+ms.prod: w10, w11
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: greg-lindsay
 ms.localizationpriority: medium
-ms.date: 09/20/2021
+ms.date: 09/21/2021
 ms.topic: article
 ---
 
-# Set up a single-app kiosk
+# Set up a single-app kiosk on Windows 10/11
 
 
 **Applies to**
@@ -34,12 +34,12 @@ A single-app kiosk uses the Assigned Access feature to run a single app above th
 
 You have several options for configuring your single-app kiosk. 
 
-| Method | Description |
+| Option | Description |
 | --- | --- |
-| [Locally, in Settings](#local) | The **Set up a kiosk** (previously named **Set up assigned access**) option in **Settings** is a quick and easy method to set up a single device as a kiosk for a local standard user account. <br><br>This method is supported on Windows client Pro, Enterprise, and Education. |
-| [PowerShell](#powershell) | You can use Windows PowerShell cmdlets to set up a single-app kiosk. First, you need to [create the user account](https://support.microsoft.com/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10) on the device and install the kiosk app for that account.<br><br>This method is supported on Windows client Pro, Enterprise, and Education. |
-| [The kiosk wizard in Windows Configuration Designer](#wizard) | Windows Configuration Designer is a tool that produces a *provisioning package*. A provisioning package includes configuration settings that can be applied to one or more devices during the first-run experience (OOBE), or after OOBE is done (runtime). Using the kiosk wizard, you can also create the kiosk user account, install the kiosk app, and configure more useful settings.<br><br>This method is supported on Windows 10 Pro version 1709+, Enterprise, and Education. |
-| [Microsoft Intune or other mobile device management (MDM) provider](#mdm) | For managed devices, you can use MDM to set up a kiosk configuration.<br><br>This method is supported on Windows 10 Pro version 1709+, Enterprise, and Education / Windows 11. |
+| [Locally, in Settings](#local) | The **Set up a kiosk** (previously named **Set up assigned access**) option in **Settings** is a quick and easy method to set up a single device as a kiosk for a local standard user account. <br><br>This option is supported on: <br>- Windows 10 Pro, Enterprise, and Education<br>- Windows 11 |
+| [PowerShell](#powershell) | You can use Windows PowerShell cmdlets to set up a single-app kiosk. First, you need to [create the user account](https://support.microsoft.com/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10) on the device and install the kiosk app for that account.<br><br>This option is supported on: <br>- Windows 10 Pro, Enterprise, and Education<br>- Windows 11 |
+| [The kiosk wizard in Windows Configuration Designer](#wizard) | Windows Configuration Designer is a tool that produces a *provisioning package*. A provisioning package includes configuration settings that can be applied to one or more devices during the first-run experience (OOBE), or after OOBE is done (runtime). Using the kiosk wizard, you can also create the kiosk user account, install the kiosk app, and configure more useful settings.<br><br>This option is supported on: <br>- Windows 10 Pro version 1709+, Enterprise, and Education<br>- Windows 11 |
+| [Microsoft Intune or other mobile device management (MDM) provider](#mdm) | For managed devices, you can use MDM to set up a kiosk configuration.<br><br>This option is supported on: <br>- Windows 10 Pro version 1709+, Enterprise, and Education<br>- Windows 11 |
 
 >[!TIP]
 >You can also configure a kiosk account and app for single-app kiosk within [XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) by using a [kiosk profile](lock-down-windows-10-to-specific-apps.md#profile).  
@@ -55,8 +55,9 @@ You have several options for configuring your single-app kiosk.
 >App type: 
 > - UWP
 >
->OS edition: 
-> - Windows client Pro, Ent, Edu
+>OS:
+> - Windows 10 Pro, Ent, Edu
+> - Windows 11
 >
 >Account type:
 > - Local standard user
@@ -69,9 +70,9 @@ When your kiosk is a local device that isn't managed by Active Directory or Azur
 
 - If you don't want the kiosk account to sign in automatically when the device restarts, then you must change the default setting before you configure the device as a kiosk. Sign in with the account that you will assign as the kiosk account, go to **Settings** > **Accounts** > **Sign-in options**, and set the **Use my sign-in info to automatically finish setting up my device after an update or restart** setting to **Off**. After you change the setting, you can apply the kiosk configuration to the device.
 
-![Screenshot of automatic sign-in setting.](images/auto-signin.png)
+  ![Screenshot of automatic sign-in setting.](images/auto-signin.png)
 
-### Windows 10 version 1809 / Windows 11
+### Windows 10 version 1809+ / Windows 11
 
 When you set up a kiosk (also known as *assigned access*) in **Settings** for Windows client, you create the kiosk user account at the same time. To set up assigned access in PC settings:
 
@@ -123,8 +124,9 @@ To remove assigned access, choose **Turn off assigned access and sign out of the
 >App type: 
 > - UWP
 >
->OS edition: 
-> - Windows client Pro, Ent, Edu
+>OS: 
+> - Windows 10 Pro, Ent, Edu
+> - Windows 11
 >
 >Account type: 
 > - Local standard user
@@ -170,8 +172,10 @@ Clear-AssignedAccess
 > - UWP 
 > - Windows desktop application
 >
->OS edition:
-> - Windows 10 Pro version 1709+ for UWP only; Ent, Edu for both app types
+>OS:
+> - Windows 10 Pro version 1709+ for UWP only
+> - Windows 10 Ent, Edu for UWP and Windows desktop applications
+> - Windows 11
 >
 >Account type:
 > - Local standard user
diff --git a/windows/configuration/kiosk-troubleshoot.md b/windows/configuration/kiosk-troubleshoot.md
index debe515b8b..ed739f3bc4 100644
--- a/windows/configuration/kiosk-troubleshoot.md
+++ b/windows/configuration/kiosk-troubleshoot.md
@@ -5,7 +5,7 @@ ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
 ms.reviewer: 
 manager: dansimp
 keywords: ["lockdown", "app restrictions"]
-ms.prod: w10
+ms.prod: w10, w11
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: edu, security
@@ -39,6 +39,9 @@ Check the Event Viewer logs for auto logon issues under **Applications and Servi
 
 ## Multi-app kiosk issues
 
+> [!NOTE]
+> [!INCLUDE [Multi-app kiosk mode not supported on Windows 11](./includes/multi-app-kiosk-support-windows11.md)]
+
 ### Unexpected results 
 
 For example:
diff --git a/windows/configuration/kiosk-xml.md b/windows/configuration/kiosk-xml.md
index 59612cdcd1..fa28517269 100644
--- a/windows/configuration/kiosk-xml.md
+++ b/windows/configuration/kiosk-xml.md
@@ -5,7 +5,7 @@ ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
 ms.reviewer: 
 manager: dansimp
 keywords: ["lockdown", "app restrictions", "applocker"]
-ms.prod: w10
+ms.prod: w10, w11
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: edu, security
@@ -256,7 +256,13 @@ This sample demonstrates that both UWP and Win32 apps can be configured to autom
 ```
 
 ## Global Profile Sample XML
-Global Profile is currently supported in Windows 10 version 2004 / Windows 11. Global Profile is designed for scenarios where a user does not have a designated profile, yet IT Admin still wants the user to run in lockdown mode, or used as mitigation when a profile cannot be determined for a user.
+
+Global Profile is supported on:
+
+- Windows 10 version 2004+
+- Windows 11
+
+Global Profile is designed for scenarios where a user does not have a designated profile, yet IT Admin still wants the user to run in lockdown mode, or used as mitigation when a profile cannot be determined for a user.
 
 This sample demonstrates that only a global profile is used, no active user configured. Global profile will be applied when every non-admin account logs in.
 
@@ -894,7 +900,9 @@ The following XML is the schema for Windows 10 version 1909+:
 </xs:schema>
 ```
 
-To authorize a compatible configuration XML that includes elements and attributes from Windows 10 version 1809 or newer / Windows 11, always include the namespace of these add-on schemas, and decorate the attributes and elements accordingly with the namespace alias. For example, to configure the autolaunch feature that was added in Windows 10 version 1809 / Windows 11, use the following sample. Notice an alias r1809 is given to the 201810 namespace for Windows 10 version 1809 / Windows 11, and the alias is tagged on AutoLaunch and AutoLaunchArguments inline.
+To authorize a compatible configuration XML that includes elements and attributes from Windows 10 version 1809 or newer / Windows 11, always include the namespace of these add-on schemas, and decorate the attributes and elements accordingly with the namespace alias.
+
+For example, to configure the autolaunch feature that was added in Windows 10 version 1809 / Windows 11, use the following sample. Notice an alias r1809 is given to the 201810 namespace for Windows 10 version 1809 / Windows 11, and the alias is tagged on AutoLaunch and AutoLaunchArguments inline.
 
 ```xml
 <AssignedAccessConfiguration
diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index abcdad1b3a..f4095795fe 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -1,5 +1,5 @@
 ---
-title: Set up a multi-app kiosk  (Windows 10) | Microsoft Docs
+title: Set up a multi-app kiosk on Windows 10 | Microsoft Docs
 description: Learn how to configure a kiosk device running Windows 10 so that users can only run a few specific apps.
 ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
 ms.reviewer: 
@@ -11,19 +11,18 @@ ms.sitesec: library
 ms.pagetype: edu, security
 author: greg-lindsay
 ms.localizationpriority: medium
-ms.date: 09/20/2021
 ms.author: greglin
 ms.topic: article
 ---
 
-# Set up a multi-app kiosk
+# Set up a multi-app kiosk on Windows 10 devices
 
 **Applies to**
 
 - Windows 10 Pro, Enterprise, and Education
 
 > [!NOTE]
-> Currently, multi-app kiosk is only supported on Windows 10. It's not supported on Windows 11.
+> [!INCLUDE [Multi-app kiosk mode not supported on Windows 11](./includes/multi-app-kiosk-support-windows11.md)]
 
 A [kiosk device](./kiosk-single-app.md) typically runs a single app, and users are prevented from accessing any features or functions on the device outside of the kiosk app. In Windows 10, version 1709, the [AssignedAccess configuration service provider (CSP)](/windows/client-management/mdm/assignedaccess-csp) was expanded to make it easy for administrators to create kiosks that run more than one app. The benefit of a kiosk that runs only one or more specified apps is to provide an easy-to-understand experience for individuals by putting in front of them only the things they need to use, and removing from their view the things they don’t need to access.
 
@@ -46,7 +45,10 @@ You can configure multi-app kiosks using [Microsoft Intune](#intune) or a [provi
 
 ## Configure a kiosk in Microsoft Intune
 
-To configure a kiosk in Microsoft Intune, see [Windows client and Windows Holographic for Business device settings to run as a dedicated kiosk using Intune](/intune/kiosk-settings). For explanations of the specific settings, see [Windows client device settings to run as a kiosk in Intune](/intune/kiosk-settings-windows).
+To configure a kiosk in Microsoft Intune, see:
+
+- [Windows client and Windows Holographic for Business device settings to run as a dedicated kiosk using Intune](/intune/kiosk-settings)
+- [Windows client device settings to run as a kiosk in Intune](/intune/kiosk-settings-windows)
 
 <span id="provision" />
 
@@ -117,7 +119,7 @@ You can start your file by pasting the following XML (or any other examples in t
 There are two types of profiles that you can specify in the XML:
 
 - **Lockdown profile**: Users assigned a lockdown profile will see the desktop in tablet mode with the specific apps on the Start screen.
-- **Kiosk profile**: New in Windows 10, version 1803, this profile replaces the KioskModeApp node of the [AssignedAccess CSP](/windows/client-management/mdm/assignedaccess-csp). Users assigned a kiosk profile will not see the desktop, but only the kiosk app running in full-screen mode.
+- **Kiosk profile**: Starting with Windows 10 version 1803, this profile replaces the KioskModeApp node of the [AssignedAccess CSP](/windows/client-management/mdm/assignedaccess-csp). Users assigned a kiosk profile will not see the desktop, but only the kiosk app running in full-screen mode.
 
 A lockdown profile section in the XML has the following entries:
 
@@ -149,7 +151,7 @@ The profile **Id** is a GUID attribute to uniquely identify the profile. You can
 
 ##### AllowedApps
 
-**AllowedApps** is a list of applications that are allowed to run. Apps can be Universal Windows Platform (UWP) apps or Windows desktop applications. In Windows 10, version 1809, you can configure a single app in the **AllowedApps** list to run automatically when the assigned access user account signs in.
+**AllowedApps** is a list of applications that are allowed to run. Apps can be Universal Windows Platform (UWP) apps or Windows desktop applications. Starting with Windows 10 version 1809, you can configure a single app in the **AllowedApps** list to run automatically when the assigned access user account signs in.
 
 - For UWP apps, you need to provide the App User Model ID (AUMID). [Learn how to get the AUMID](./find-the-application-user-model-id-of-an-installed-app.md), or [get the AUMID from the Start Layout XML](#startlayout).
 - For desktop apps, you need to specify the full path of the executable, which can contain one or more system environment variables in the form of %variableName% (i.e. %systemroot%, %windir%).
@@ -192,7 +194,7 @@ The following example allows Groove Music, Movies & TV, Photos, Weather, Calcula
 
 ##### FileExplorerNamespaceRestrictions
 
-Starting in Windows 10, version 1809, you can explicitly allow some known folders to be accessed when the user tries to open the file dialog box in multi-app assigned access by including **FileExplorerNamespaceRestrictions** in your XML file. Currently, **Downloads** is the only folder supported.  This can also be set using Microsoft Intune.
+Starting in Windows 10 version 1809, you can explicitly allow some known folders to be accessed when the user tries to open the file dialog box in multi-app assigned access by including **FileExplorerNamespaceRestrictions** in your XML file. Currently, **Downloads** is the only folder supported.  This can also be set using Microsoft Intune.
 
 The following example shows how to allow user access to the Downloads folder in the common file dialog box.
 
@@ -234,7 +236,7 @@ FileExplorerNamespaceRestriction has been extended in current Windows 10 Prerele
 
 After you define the list of allowed applications, you can customize the Start layout for your kiosk experience. You can choose to pin all the allowed apps on the Start screen or just a subset, depending on whether you want the end user to directly access them on the Start screen.
 
-The easiest way to create a customized Start layout to apply to other Windows 10 devices is to set up the Start screen on a test device and then export the layout. For detailed steps, see [Customize and export Start layout](customize-and-export-start-layout.md).
+The easiest way to create a customized Start layout to apply to other Windows client devices is to set up the Start screen on a test device and then export the layout. For detailed steps, see [Customize and export Start layout](customize-and-export-start-layout.md).
 
 A few things to note here:
 
@@ -272,7 +274,7 @@ This example pins Groove Music, Movies & TV, Photos, Weather, Calculator, Paint,
 ```
 
 >[!NOTE]
->If an app is not installed for the user but is included in the Start layout XML, the app will not be shown on the Start screen.
+>If an app isn't installed for the user, but is included in the Start layout XML, the app isn't shown on the Start screen.
 
 ![What the Start screen looks like when the XML sample is applied.](images/sample-start.png)
 
@@ -336,7 +338,7 @@ The following example shows how to specify an account to sign in automatically.
 </Configs>
 ```
 
-In Windows 10, version 1809, you can configure the display name that will be shown when the user signs in. The following example shows how to create an AutoLogon Account that shows the name "Hello World".
+Starting with Windows 10 version 1809, you can configure the display name that will be shown when the user signs in. The following example shows how to create an AutoLogon Account that shows the name "Hello World".
 
 ```xml
 <Configs>
@@ -414,7 +416,7 @@ Group accounts are specified using `<UserGroup>`. Nested groups are not supporte
 <span id="add-xml" />
 
 #### [Preview] Global Profile
-Global profile is added in current Windows 10 Prerelease. There are times when IT Admin wants to everyone who logging into a specific devices are assigned access users, even there is no dedicated profile for that user, or there are times that Assigned Access could not identify a profile for the user and a fallback profile is wished to use. Global Profile is designed for these scenarios.
+Global profile is added in Windows 10. There are times when IT Admin wants to everyone who logging into a specific devices are assigned access users, even there is no dedicated profile for that user, or there are times that Assigned Access could not identify a profile for the user and a fallback profile is wished to use. Global Profile is designed for these scenarios.
 
 Usage is demonstrated below, by using the new xml namespace and specify GlobalProfile from that namespace. When GlobalProfile is configured, a non-admin account logs in, if this user does not have designated profile in Assigned Access, or Assigned Access fails to determine a profile for current user, global profile will be applied for the user.
 
@@ -575,7 +577,6 @@ Provisioning packages can be applied to a device during the first-run experience
 
 ![add a package option.](images/package.png)
 
-<span id="alternate-methods" />
 ### Use MDM to deploy the multi-app configuration
 
 Multi-app kiosk mode is enabled by the [AssignedAccess configuration service provider (CSP)](/windows/client-management/mdm/assignedaccess-csp). Your MDM policy can contain the assigned access configuration XML.
diff --git a/windows/configuration/set-up-shared-or-guest-pc.md b/windows/configuration/set-up-shared-or-guest-pc.md
index cd316111c2..ec1f517461 100644
--- a/windows/configuration/set-up-shared-or-guest-pc.md
+++ b/windows/configuration/set-up-shared-or-guest-pc.md
@@ -1,8 +1,8 @@
 ---
-title: Set up a shared or guest PC with Windows 10/11 (Windows 10/11)
-description: Windows 10, version 1607, introduces *shared PC mode*, which optimizes Windows client for shared use scenarios.
+title: Set up a shared or guest PC with Windows 10/11
+description: Windows 10 and Windows has shared PC mode, which optimizes Windows client for shared use scenarios.
 keywords: ["shared pc mode"]
-ms.prod: w10
+ms.prod: w10, w11
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: greg-lindsay
@@ -113,7 +113,7 @@ You can configure Windows to be in shared PC mode in a couple different ways:
 
   11. From this point on, you can configure any additional settings you’d like to be part of this policy, and then follow the rest of the set-up flow to its completion by selecting **Create** after **Step 6**.
 
-- A provisioning package created with the Windows Configuration Designer: You can apply a provisioning package when you initially set up the PC (also known as the out-of-box-experience or OOBE), or you can apply the provisioning package to a Windows 10 PC that is already in use. The provisioning package is created in Windows Configuration Designer. Shared PC mode is enabled by the [SharedPC configuration service provider (CSP)](/windows/client-management/mdm/sharedpc-csp), exposed in Windows Configuration Designer as **SharedPC**.
+- A provisioning package created with the Windows Configuration Designer: You can apply a provisioning package when you initially set up the PC (also known as the out-of-box-experience or OOBE), or you can apply the provisioning package to a Windows client that's already in use. The provisioning package is created in Windows Configuration Designer. Shared PC mode is enabled by the [SharedPC configuration service provider (CSP)](/windows/client-management/mdm/sharedpc-csp), exposed in Windows Configuration Designer as **SharedPC**.
 
      ![Shared PC settings in ICD.](images/icd-adv-shared-pc.png)
 
diff --git a/windows/configuration/setup-digital-signage.md b/windows/configuration/setup-digital-signage.md
index 15c04acb08..4b8f92635f 100644
--- a/windows/configuration/setup-digital-signage.md
+++ b/windows/configuration/setup-digital-signage.md
@@ -1,12 +1,12 @@
 ---
-title: Set up digital signs on Windows 10/11  (Windows 10/11)
-description: A single-use device such as a digital sign is easy to set up in Windows 10 (Pro, Enterprise, and Education).
+title: Set up digital signs on Windows 10/11
+description: A single-use device such as a digital sign is easy to set up in Windows 10 and Windows 11 (Pro, Enterprise, and Education).
 ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
 ms.reviewer: 
 manager: dansimp
 ms.author: greglin
 keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage", "kiosk browser", "browser"]
-ms.prod: w10
+ms.prod: w10, w11
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: greg-lindsay

From 821cc564f49f87d0cea924938c2d023502450f34 Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Tue, 21 Sep 2021 12:46:37 -0400
Subject: [PATCH 548/671] fixed validation warnings

---
 .../guidelines-for-assigned-access-app.md       |   2 +-
 windows/configuration/images/sample-start.png   | Bin 0 -> 94324 bytes
 .../configuration/kiosk-additional-reference.md |   2 +-
 windows/configuration/kiosk-methods.md          |   4 ++--
 windows/configuration/kiosk-prepare.md          |   2 +-
 windows/configuration/kiosk-shelllauncher.md    |   2 +-
 windows/configuration/kiosk-single-app.md       |   2 +-
 windows/configuration/kiosk-troubleshoot.md     |   2 +-
 windows/configuration/kiosk-xml.md              |   2 +-
 .../lock-down-windows-10-to-specific-apps.md    |   2 +-
 .../configuration/set-up-shared-or-guest-pc.md  |   2 +-
 windows/configuration/setup-digital-signage.md  |   2 +-
 12 files changed, 12 insertions(+), 12 deletions(-)
 create mode 100644 windows/configuration/images/sample-start.png

diff --git a/windows/configuration/guidelines-for-assigned-access-app.md b/windows/configuration/guidelines-for-assigned-access-app.md
index cab2a5e86d..78f688c2a8 100644
--- a/windows/configuration/guidelines-for-assigned-access-app.md
+++ b/windows/configuration/guidelines-for-assigned-access-app.md
@@ -2,7 +2,7 @@
 title: Guidelines for choosing an app for assigned access (Windows 10/11)
 description: The following guidelines may help you choose an appropriate Windows app for your assigned access experience.
 keywords: ["kiosk", "lockdown", "assigned access"]
-ms.prod: w10, w11
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: greg-lindsay
diff --git a/windows/configuration/images/sample-start.png b/windows/configuration/images/sample-start.png
new file mode 100644
index 0000000000000000000000000000000000000000..8ef9cc928c9559ee98d7e7801bdda01bcdf68049
GIT binary patch
literal 94324
zcmXtfV~{9K&-U83ZQHhOn`dp?-m|uC+h=XtwvBJ^=dJI@)YNoWPfd4{E4h+Pgo2zn
zEEE<L00022q=bkP000mL005vQ1laFLz3lSI?+wsNNn8k^W*X=0_W{IQP*(7FDh~S7
z5cKyM(q2N-2><{$^uG&Gw*WZ+0N|%sQbbV2UGLHd)Zf(H<JrkaXGQlQ5;Tki1l|@9
z>feu0zJ&Jcggi8A5p9xC6l&@|NUDI4zW_u40wG<eX6oAA#WVkm*NofCWVV<2^<?bT
zwTJ5t=ZSaC&5O6=G;F??6DBACp%ifvC8E@74iHFMG!wRD5^Pa?S_iEvp}6EY<a`;{
zQvy$M`F$EJilz2Z#YWnsSs)VW1eY<;kslW>La|IK^)W78p_B}+Ofr0WWh_o43Ti-5
zptEnXe8>`nqdI+!nD2RUIU6rvEPj~}hm3Zdb9`wHv?8a3{5e)}&SR$b;9PUa0G}mn
zqaLvKfP&*vsny=NxNGxQAzRe-+QoMBIg5b*nqZ8TSWv1~ftI076zO6FDc~`>shZjv
z<p?s2l~%J7cX(Mf)kjQI-sRCqdqSJJx=Hii#}-#Y`%d<bkN*KObA>ot3Ind(yyerR
z3;v79OS5kZ!=nD@(f&}fybZtoF<quhL&dc+esc~^J~ToeVszGOE?K@BRh=QHl9HJ)
zG$YJKTbJ80xzT~snpRa+L|#%EshN_gG@z5JZ7dJVa-jGY$D9-K3zc}Uc5f~KIXe*v
zjv;GkhS<fV?95&Jdd*T=Q%1qC^1+EnU~V0UBBMvyj*AK&6+Za@q>dQiF_clgtw#f<
zVxbZ8A`Rb=8m4unL=rAD(t(fHkzUNLNak55-!a#bj>%N-<tEJM*N1xmH9In2_|USA
zwhKY;y5nCEj=Q{fmj)C<CZcRLXmdTA6%<*#PvWNt2tQxzf5JY2`wE?<TX{R+5cW-~
zmW7HWrd(qREK1@2B&$eUi6!{n%T|#IC{miZYB9655m}P}ORDLjVriDM1l$XcGnn2P
zd6e#!E=MP+oB;#n30ALsitUo@qK{c6h#QH>*6N&6{(qsYpsc2q5RrK4B^eA|zl+dv
z+B54gk|Ibm6F>zacrz!K294zO%Vks~JY7u>;d;a8vv!B*`h@&rDmFcvV&2dtvI_1B
z*WuO_bh)dA&|JVs(e-GZDP)!IvkkIQj!A;b^V`lnEG^`s;<?gGWhZ2MM^~fs`nusX
z%{1=u=os|%%$MftTgJ}=W1(?2VIy->%L`h|Fj5i6uq;puIWiwV_U`vHQO8D`flVd*
zwYgk`5!;b9%fY$bHGq4S{gg~=mdHyVKu(r#rt=j!0MXzpke5O#;eXs+d4$edZE1W;
zCpo{4XOeme*#M~v4=NR`AR=ukOldjC)`j^*J6j54@)D+hwMWy!KUVP`OM~*e$IPax
zA3*tqpa!d!t8QkXdC60OJjT5d1H0($a-W?aO5OrR0QmJ`ca{Nyi>~so<m!o#mTHEf
zH<)O}y)nl<o)ITUV1Z487)Ws*D)`&exJO4>rH7NLGPskFLX%cW!=C7&h*(E$t55Oi
zu@HLuE$VW;31Q#9(9@|s(PCjo#?bVUB~vksR1&9~4N+l@&Sd5QmoF4~upAN!YGCo2
zF_n_*d?uXIKI63O*7lVSMaZw}E?TmDRJZWLFW*=&SQ-?E;GP$G*!(!+)}cAB$Y>|~
z6$?|0{l)5l;bCK;$JI)x_)8fOd7%Lji5{ChLU1>G9#B1dTk&-zd3Mr>h_dAwY@jt8
z2i=Qzo}7S~m+o&!!8@H9Db|0!wiJio@bJ3CC}>Cx*Q$j~(5Dm#J7INs?)4qJOZ=!T
zsHdw>DKWzkeGps}JS!KdBwNW;!K<5?kVX$oM4_0`t|`MT#V_E0mUpaHo6CZ;x;iMt
z`q4@kEfzE(^RX9PwwBQB!nh>BeGyy3aFUj{7)mUZ@2j0DR$WJ-|1|DIg(0Z;I^}=n
z2vV*|K`m;jIFRr+#J_SoB=ROWfV!={4+hFl?|dQ^-LHjgs6HHaXujxM9lEwx2Aova
zFo`2Pj1zF7H4crDdul*j;nBRykyhCfQ}B-I1|qW6Q3n@h-o%-+m0hf9R^JE=>PADs
z$h0`ECYGzT065EE;YP`;DxL9EP1dCbLW(y$4+R?`T$4VXYVSc-!9+a5LN!o|^72VG
zyE~zv!3j(DSsfHr>6KO6GVtC`+sx4!<~DJoYP!0kR{alCrK}vUn>22Tad)wGvHm+N
zBk(-CcC-Txg$L;B@H4V9_QN3Rrw(exx*D?K+eN41)(l2ZSDUsAx$G$U(3}ZYDpivA
zSpWoci8rO6v^Obf@HDMyreb=-ea|K3KQj<f{c;j0O0~3?e^Oz4gKej0GXoDfcOZui
z$#9QHcE0E<dJh|K<dm9JdpdxA56|oeJKJ9Y{zX|Rx7Ki_yo+X*YG_W+*D<1AFX!Hl
zT=cj5OKK7Sw1Jr`7<2283cV<OB3Q(;?axCD?M(^W?0Eu>>>Au%J2bMgbSz94N3+v#
zJ}R#)E3+~*h+LPU?6$|9&=fjUoRLgL)dkN~5-6hRuB2M28xBB$7wczwP-Z%lxR!}2
z^}m<l?XPNUbGZ|l^3S`&_7Fd>I=|7d)o5FZKEnJyK)_sgX3UCQ55@mpnFC=M+3;eF
z+0DjT<(HvUXE@LX*pFEdrA62WQ2BMa?LjQnIS<~=>HSm(VUDyzDD=pvS9GQC2D;sh
zAQ96LI#*HRXM<AJcS)76HB!kch%FLzWnl9MzI6S3x&M>?hDqgnF}1j|=qILk2T*Gi
z?7e37n_|0Q)e1q*@1<xC;!2}ML^e9`B+eVPe^L|ESq~nq{D;Um<CA6?kKK<xea~8H
ze?Z?G$6Be*lujbdYfWtnl(l=iuJ6L4g#Fa4{nMR=b@q(%<_%ND_S(tvMo?I=&a_dJ
zNYeHwvwClDnNqyMUXkY!V8->R1uGJ-9kMs6`*{hjl*6@B_-A7Ef(!LVOEV#aKstiv
z({LpqtGzYAnLaJu&4md!>)qa0cm4BtD)=C*Qu*xxJ*1|F!=?5WW#%q80N8y7yv$ht
z9Y*JUpjUv}<(wE_2)EM_RPSZI_wGzXk7#nY{#2tI$8c{{7RH*rY7oBXb;tc*=5_!&
z|Bt2nxoBKpVeYr%Wv?H8X8H;oN#MRMmP}an_T4focT}p8-N{muD7rW=g;pw@`b&q@
z=N>y~t~t6n?+?`m1T9KWFYj2~`a|@7mU!FaqR^Ss*Hm8SIj|u3b#VZxkcyCn{uy`B
zzVu@7S`PdeW7m1JUx57QOD{9LGrnFmo9-Eer`gD==eSyuMmlv0?cg_XSlz|4cKy@m
zL!IM4rez1n6}<^efWaI6dYp-OPluB$xAYws>=jKEuj{n{<!L@(a5(r~m{3$R@y@Sl
zF9zpZ1o8~Z%T*6zzUL6TJ>H+2sY`tu5{k-6egD6pu<K^Dmj|}nRyn1)=pa&hiarrV
zdFydSOTkzndFF`dHu+rKZ*wV$HOr(|ao{1ut+vCI{F7N;Q>*+I+@z++2#6^BSv!^l
z<cMHcYB*ghugCIo$buN3z91*H%id)69@Qbzr9nyeGQ)HKhF3XUE~RfH;6Is{h{i0q
zp9;n$nYSxqw~V+MsNcQnb3GkaXx$7hfT#0guWC<MceeW+DLlAZ!nmGoAGj4qa>Q`C
zgPG-a{_q?<ce*K!#4>uLt-2=`g*wDt8Z!*KpJ8uD%=mp%3uLxd@KM*{qOIAw>@F;I
zo=ZJxc##Pmd)BCre7`@16>=><RE+`w+dDvgdx8I)N9gCqJ1vFq(-;n0YJs36X)Gs5
zH|DXmN<icrC-YM(3!m_vzJu?4L-qVD=<gNczcOHhVmk<$s~2&wHcA`s?%F=mUG%&8
zIivD@6xSZ?CIEV$K<5sq_kQW}oE3;4lxW`!Ipy4ubRBH{#P)tgspmJUQxhnD?nX{{
zfacu4LOZw{AhhmuB6qr8iOI{;w=^2_Uf#_N6G%cQ0<YR%3)}z1s5f2$1tR6)EmrXc
z7Hou&Q21g<DuAb=J-D#Cc-mB3jV(b$nhgcR)t-BYf2Qf(QiH#(SX54i=W$TP!3fJ)
zqjm&VAffna$O@5+b=Op#qUP+|3$_OciC#_Up(;TK_I~Pe40ta_@qZq~WTnN@9)RnA
z;Cug=_YR5kzeYeQ&ZZ-vnk9j%jT-FU>YiTRjJWy9;C>w0?Gi)`yY<}eEY|ZE#QK1^
zT<W?{FXTkJb)5vgZme{JWb0~cz#)F_n&-rJpDHfahm{+@7_8**o}OI~Jj+(z)s^-X
z6c`uMa5T>Wzc6qXx_?4{Bk`N+SUjztRpoWn<3@IMwiI+Ew7uUK>Up8*e7$EjPCn8o
zW>z*^gPcsise3;SxY--NZB!FeEKi^I&G+$7S2L%kE6{HigPcKgKlcY`#O^;3B_yT0
z=(^^}C5Aj*u<fp_=vkY7heP8>bY6F3g2P?)`T5=VVi<udmBa8!wtP*N@<I1@Tzl$#
z7t8M+`Ms^U4_fQRT$%IXr0Tpv=sY&@Gb1^gxDP?&V3?98wS8pTb->d5UPs+7O6P>L
zQm5`UobWU|eit>P+l(wK0)c1{SoklZ%Qr*i2W&@xeNuqq5t9);<3-*RFekuesH+=5
zY*`l%)ySPLt3^V1=+aO?rl{vm%5+ZBs{Dz{4qX%AYUvE)a>aG|V_N)%80SlI-Erf#
zSl@ck%YWy~mg-tGPkFvde~>Qk3+Qqg)Al*BSa0Xfy?tA;V)(&{zMnY4gM!X`A<E$`
z!sVI<SSeuTeEDmN)$Du!W_%%Y-rGuzry`HqE-~e+PBp5-@mGW5{H~#24{Tm`OVvNK
zWan4p%%QPQlF;NYg}st2aO>$o<q5xicXOJnO!xzKk$Ksnc5X`8`1~;BKA(LR`G{~v
zT?llw3+QN~#E;J}uuk7L8M;V;HX@&$lZv%F!Y%bdCaXRg98jS^OZbDAD%BW&z2G}~
zZ$G8>%rJ89mlDt3{)ooWAr$AP=gHQw;o$lb20rFUZEY{0g+Ab+((80w?a%_=kH+DB
zQI47<YLd?j<TO^#mon3HS_;Zw+um_!osnj)%Ps(*8I0f0N_VXNq`0!u>USHKplwrC
z^@`P1RWvwl?M5ScMmvXT$&v4x<+It#`xo50H31v56s-xFC7JAkP(a!2XTVvzq9E5x
z^K;DP3B-8qu#$c~9=m}LngpCs)k#Hc_c2#i!%@Hc{)1i!xz3}+vRfKgiwJJ#MAsjU
zMzDjRK~&rgS=`K`*snFaa$|f|P91B{=J}l1^HqD%k?%C*DY+KnP>(^{`T8#bvZ$76
zxzC%U+>wwt9|k=8V^Eneu&Q<n1+`ed0gIqKw`{2{XL*G5k@Ik$%><+1Y$7)%r#o5F
z>8YeWuk5jQrvmeA+4^dAUCz7>yQp${>(9hfy&&Ez)mSKb^;ETpC#P*XQi)!THw&Vs
z+X&?`7Wl-t$6JD$&!d^U+?y{i0>5}r*_7l{0cq(dxA`u|BGL*>;vjl7X^R^R@l}*+
zpfN*HKm6fD%fxJ=fqT0POU|J+OkHrQyY-zd-KT}#DrjP(ZzysB|B}4n1K7YU1UdhV
zgvn#aXccF<9hD3RV-4~<5s<-lw_~Qi^9wY?G?W>|XNriY3Pn>O)N!zed#A(DgY?X5
z9QTF7&eOR_)FtHQ;O&3CZgzE1V<v$uW|?rkrfPpb)t5ZJAXZgZIjp6Lq~b4^HCYR+
zFs?RLL3icC^ttMJ5?4zrurcMi#(KyB4#Sdy6yXpjbB&5u)YQ}a*|gfFMAAoUb>HqN
z#F#D$yY3h3rsE1+mg8_p-~H1cVP)0^vwViGCBdojtL7IEr0(Y$j!SNSSP|Ff4|cxB
z&;q~=5aCMVmh-bl<{u^}8%<D}P@4LI=e%htw`VE7f4Wba@YTWRq6ppNwNUq7+DHc5
zA}TaCvZFYLX4P^>Gf<uf+TWO^wp-CJJwJmc7u*4t0AgVyb4&k*r-fqw8Ff*dLR|OQ
zkw4?{_``Rf=wANuvfn1A8$hP>W!b)~c`>rLhq+j(Hq3T0+`>FLz?Am^;?_1Dk|<?<
ztyKTQY@Z<f)4R*a@z8YD_8BIgipe?%fsn_zsIjET;(q=KDypxTw8}2aGv~9^H7CFg
zOfjDRD1V|hwRR&vgETc%gh2Yd!K>WY8&_NRNK+5osg#!^<SeDAEyJut1~Zb>I6(X;
z7W(#*LoRsDS-IHo5<JPuWCuV?ug*WkFT9AfPz)#ACn2@-+Tx}>QZwxJbI=<=%$>(h
z-psnNv^MA%<-wI=6Xf{f(^>!0XXt&p<p&<U9rS?rVZpOE5O#oj^GN^}rmWFx1uEco
zG0hD=<GydK@R)M3fO)>Et_K#q6?PTp$uZ4iire#gg}?vP^EI{V@Wa=2Qtc=Fm1FW5
z)I#N?BcL1nk7+QW8nW(6bBp3uvuRLF!9K+-wEQ9K99hfs&W@jwi#!VSXv^k>g_!ON
z8A+dd!T5NoY-Q!1G_f3kuKiHxf@P3c-2UHD?qJl<r_17-xcy2uHv<EMi7hj+B+u(y
zs?lI*G6uH%zB>Om)pE`q163AJ&(Bir?#<2@zH?*d%TJJ<?+^KEqg$^ive_&9jwkz9
z^g)aM7s84Dr_5#B+p*Lq33<B?8n^3}V&J5YKfvF9x#C!Z#zd@ybRYLgbGA&tS$KLb
z<gFQyX&)P;A`FpX*%HXbJM<7jqy71UR`}@ImGG7{GoaEuT`rpH4m*Tc=}t-)e5`bN
z(22i42KImJSn$keE0~^)DHbE8b8aopSBV$vy&V3n{D9N@K4D9s6&br32@Da+;c|0D
zgX_P_{LyHwDKPGRVXfl*5DHZsdg*<o{ru|vf@cEu8+!S95q>>J?ahnj9hD$L#r695
zdSnjXsClQF_S=tgI851?UD}Fxm|l$}7XDyhapayK^SV>_dpa+cSJF{ddB}lpbLCD|
zu>WS!<|p@9u~uyXB@<>d>Qu8uua@onl&8*#o$YR^!y13YOkdOHQDchMXr!m*k4p?z
zDW&j^bq2s~T42h5-ndL=d7tCH#>5SM+H7%YH1=p@x7kQ4a!)geNNIZOGT-5KAG6*G
zt?c>o$Y>lu(#-;4`eUjy>#Agha(Y(F^P6I#QP5TiL;BE{aMvAocQp-by1&dj(R#hQ
z=ui0TnTEjjapY|GQl_&R(5^Mx>0;?oYs_n|ptpHGD|148&z@_UDgAmOV_MO`zrRxd
zC->?Km6t=x2dfay#)T`zR&3b45@x{({i(RcbumZWGRKhD8d?H4w<Y?u%X|j^HnFt}
zTHWW(n&o7&yRxxCh&DT`#LKVI!ki}&02)FSAUV(#^-_KOt%|JxQrt#cGg1MonD|^M
z!VKHV4w|(O1~O9M<egCvHv_5b+dx4=4wEBfKWvk=kR}wKI2V5yTK|jv^*#0b1!Jch
z9w86%H$&rdX67}d1LGYj{Uuc3^+I#H?c+WrXq-HG(eL8i+l{@kY4k7H7ZV|=U0n94
zZNyXbk1JmkB>vjNq|3C#%ruX@Q@ZNb**d{(ImAmo;9(>8-9WD=c+dAgJH?T6e{=t0
z=#{zEv+?!F=W`vO*#v+Um_<6APuam8xzFP$P}%sVW<EC%QMt9#C*#0#5+UNieUw6c
z$Cb&7nxq1aUNa~y%XA`OK%hz3)#Ij13v-r?;EW@k1Qc*TWp)0#;_Zy*8!+o9Qccc+
zyiBu?NZ3ElwKqyKN1~Qa_*PCcaFOanKg_Gu>5M3)3*_JTwq%viQVK~5q~p?Qc)FXu
zyp(CmUkRr<L_`!|W>1Ob@d&^!d7wo?_Q6WQLIH9vwpNkPRV~HINMAG&JxtiAs|WBE
z!Yg>r7w_Q}N>id!!pEL1l^0dP%=$8uxPlIH&MqLuMoOwFa7?*T(b{{+f+LW11h?xg
zxMVgB(q)z%z6|sRB&M;So*VtXyV5>!38Cc?o2kaI-gL9NoGwkhi)Q(H>`M551M9rK
z#wR|xMaAaA4rzSb2~ld^yB_ulP8$BU*EHYFu%h$~U!CRIG^W>dOkznT5o5A~=H1^3
zFF*Uhl?s>=ATB8Pb2%ZxjC`Bau;+@%b-mXqN|K1)Ee}~H$ju1=<9eYyMcS4NTh?3!
zd8V{qgiXt^YthEkb(f8;wzH&r*}uJHPO(Slow|!3NMsUF(6!Ek>BSaPpq8xnFx?Ee
zfzEUE005>?=p4B4dSRtGb+~9}KY)pud`(?glxVou0+(PJ(6l=WJ6)+-*D0>+>@0Q<
zx2{J7H&AiExfF?bZ6;ckmQc{SX~<tcVGB#e^&I?~7>C<b9}4Nex4EU5e`xAQu7T}A
zm&q?@y93#7Z6J#BTu1u!^uD80Am6)gB+?#_<~lPK*#8b@l9;(8@(U0@|NWAFe8GQJ
z=IVzvy^|ze#Q=Vs6!7Cw8Oam5HfIfU?ey<h?#bO53GE4MKz)yB#5N-FQJiGOmVrde
z*G?51pqc3)5OoM?CDgBkrO>WrDG98}EUwN^F1^~Y{!dBO#l4OjEQh6eeH1A#W+@CM
z{(+8X_Uh~g+B(S_kjK(!Qgx3c8^Shva%2=YzLQNcQz&$N=yB8^X9^e7u!n(-m9QTo
zfujLFw*8$i=8lXH)|P}k^9AzI>$0F7FZ|prOz;T1B7t0@jScYz-sg3`=}CBzbb*~v
zScgwl^~zEjK_xYwEtt{BydOn~&KhcV-lw#@Q*A)63d;7%$p;Y-N9tGO5$oB#FwQqa
z{dR2F4mKOj*7-S|S`P925d(9o_Ag7m`(rA%VO!CYps}PfX9ynwN~X(U86%)!5`T&1
zL?Co8Cd>?^<eT%g=7y`K%bVi;W)^~=NHhc??Hh!G-UF-iaDW%(my(yN$tm!)R`U&3
zBI2k(AC&E+g~~$rw%TsZf#04+itRTE2%UbQA{i**r2(bN`W&0?AI~JWIs_j?{3j~#
zYxqpmGxhy&p&Y5bmRg}J6|+0o6l*^ZSN@T|E)b+kV%G<a^R<a%!$TJD6!+(*YAvdK
zB`M%6Jl9(8-k;5@VVf=N*?Xs=upV=}=VZbf)9v-RnBWJiAa$^(Qu80sf)*n!Q+K};
z#AV_w8EOVXkq}S-%BjhSDlEDz@}E<#c*biR_Mikp>)V6mQ3$8{if#^>pB(-BgzOP;
zxj=cBA@D;h;Z<FfCk~+=we1<VP^*jfYIWFt7o)&r*Zvs+_SUQxdUFbD>An7p=jWeu
zzLGyMB<6>^KiQmt{!CZmpT#IMPhT<7h+D{S@x~G~WF?}A*)NCPAf3_Yo9DJ&b$xE$
zTaqp0IZ7kblB(sLnYPpAhX#(zt1AxPR0q01L}@O{$U0{vpdbh9dd4sSD?>`+vimw!
z9CzUYy<|`pV#Z!1nS&9bdVH_jMp62r?p79xO=2WnWIsT%q#WxiL6jBODk{?L(D^Qv
z9aQqKWw2QqvIZW%?t&|ef-u$ecu+5&#Cfy7QCJLGZ#`d6j{D?jZ8qd;v(KcO5kq7L
zMnq=iK@UYL9D3iO+iOP5zZI6v*VD@gN!$(H(pqFz*LfNj-)p=7i@j2+^9s8_0Zo6i
zR4em9<p=vUNiU(mmXK!=HKH2tc)(JkP`hYZiWww#56;n(Z{;dwoPf3G07*<i!;pZI
z>Ef<{c|M1ErfIji_%WLvv~wlYk4W?N9JaM^sj*-CMO5^d)pNv1sBp7wcX&^C>N{46
zk}847os7*~*qUWh<^A^1qH&vgrc*p}REtJOhZ@1Zt(E5Yt;jyx?X*!g`T4vc1X4&z
zb`V4wu2kDUHXU==@!rah2H89`K-#-aBH-#9xSutuv#&5>&3faBJeBK)o)h5e@-@x-
zyNkrUA`f-!La*nO(Ezh|G${dvSU;H!17Mcm+_c4k9iK~s^485ZmGM=1h4W{J{j>!t
zQ1wP<9c)$B*kUCHWx)t_Jq=qfk}C0Xfta``Siko7sCnso#=#JJJccc+z;WY5Y%l{8
zTe^!iRsR&bV`x2Wy~Hc!w_4?XCdZ>%FaA%tZ1oc}B{Uz8+R$=rsVg^?V@N!~J(*HG
zWNQf0_(<CS^keZDEw4U1OF<uzGv7=dbH=%V-R?F?W(#Car#Gugz81Ri>Nv+OsCw2B
zi!9sxxWka=`Qk__tS0a}PA>&b#ca{*y`wg<Gifwpd?Go0zSygFG_IZIYj1|D7fJ*&
zGY|nh4NwKsD!92aiLdPXOO)2Urn9q!kmIH%2U{p5dWNq~jWHe5E{*dy^+eFuCDg6A
z0Vo}l2jP3A3Y;zN@GRAeC(MkYb2#~i{8)vlp*rObha-p>P|ps<VT|lxg)+rMJv6NF
z?jAwHF|BmN8Q8FT8(FW!&vYy3%1lTBJCUVC|0!vK;vWQ6HJyJC&=`!B@AXk5cT~ou
z^I@-kA~WL~NYs4@A)B2SE9A52RK)JLXzs#aoV!MBfI*JDSVIDc22S;HmNJ5lGEem+
zf=;&BqjwSEo3Pmp#DTmB*#UIZ|20sfl2E<gq^N22kp`UJ0xTktH5#))l_=BvkF8We
zr;8$6&X|sMs(haljlvH~ILfEFpuZBU2Zs%*HuiE|;uw++k{nm1gzAAS-A(P=n%Uk|
z6T2v#lAvJ;LG)^XOs6TWw1?v#W>R?`h+@R4ecC*>LFlb|N$;k)@|f&$W?+hPgt#X<
zT+ICj#I#Sfc4`DEkYB0uS7}RO24i!VngUK2pRbO<8spJ0cJ-fAH;;@Z)S8Y%{rwzk
zLZ@cQ{xxo*6Svx#+YRw79$_0n)g8Qo*R5&DB!<XpUq;|}#@_P@5NQyp*!wGMJ=IaU
zBaKWGb-Aa80{g|#BeCZS_8{ijr3hsbBvF+Qu}PkMy<58M8r&rzN$1;-m&^}FZT4of
zr}=e=nEiCL`!e4-i}tGFsv(iFQ8fkkLa(LH@#$i9_4JR4g`KeKb5wsdMGHf_FP6w&
zFjew}PS|{7<+T*c3<x)%XvsO{W<W1{Ob$Ji+rS`D6VuXiNX4&qFVrmNl`rRb{AQ%=
z2HS#roo<Nl4-fIePqsj6@QB|237xRLl+gfI<$W3BU`r}1?SYFiws6X;U_VF|ZQzcM
zfE6brg=L&1))yVSSxuO>$8dzzJr2KpY=NUf^*UTbC)MK`xCS+QTOH-(j}Z=aJSz55
zWtAem`t>->b=go`tKX#J!k9Yhed%DGOrCABTtt>c21Tex*nEBys}(g}b>QY3WYoB_
z*|jFSn24xQv3inS<Yn^{n%a+Y$&utfRsYtEQ$U+DRz$_7+FpSg)2IEL)0D`IBelcv
z(`*$sdXCe<dJS@KrdH#+S47Y}m+>Om;!@Q4d_Y1{*L$;#jw=VJ(_Oh=r-4byBcxO&
zwKjUy+nwzn?G`fMwM;}iA}QblYUUmyU{>6H=k_8#A&VWIoB>~}SLj9fkXDtX3#B0J
z)h_xY!W-WJwUBbD%rQbH*4Q&JZ+xA)#_F53zN3}<V)GsP>*Ww?a2GsQs}r?jtV8qo
zowwj#yymAph)6zfvo}*L>#1b=k#-$jj@PNp?vb;Mz=7-=KJ&9m*;kahd&QmzO!vkL
zb;RWmdV;NYmx2WH<W4@WlOSTrCxt67Ukb<cGi-&NY&s@a;P?vFmncxb#N-gO3%#SG
zdA|H;U9gKYe2>}ZoJ%aV$<F~&$u|{WbD%fX9|Rp-D5hFW<;r;OR8>>`YaPy&lzix&
zT(%Q4GRtJ`2<g8M7qzkJ!R87?A|N27EzdFJYwf{QM3G+>W#)%=2XyiS(F=Qm-@2Mw
z-nJWUzW#*H@p&At&;^K1MH#p+cvu1s<qa8-Hzp#g4vl&DW8+JCV26~CC3)*=pewbT
zq`*h&=1@t~S^T}qf-$Aby1b2`0>LqybBgUNwQn8Ic5emq)7(S@j}dhkf`pGgguU(O
zE0j|FNu&vgcZ{YE^Scf_ftZS%GEZ1e#G~zxVdDZXp0eC?*SuwQ=M?C?>jB!4C{@;E
zMC2{7hXm{mhs|6U$|6jEPkkd*Wz^}R#K!FJCP^2Et8!%kQ{nnaI|UQT1#FW|o9iX7
zQ6;+H=NpIc&xj0KzJw&zeIUO9SKxgrDQein%DN9X!=!oJ$cnhoQF5fCsB6|+cHNkf
zM{|iO1No<XA4>M*HEg!tuUJwT?meeXOPt>(9N84!D<$m%l;kTutK&Y1SN{GYi^)nE
z5U5Mm_EX=%&N7Z9<SYOU4tuz)2AXpISXT?;QqU%zwY4S%%lM500Br1FX8`rKHX$bR
zdT%PdxDd!h>3L|G`L+eyO@;Dp7yi%fxOs~Lr-VbyC8+O{AsoT`cr&Jw2$2=^_yv58
z^r}^)`0kNP@DR;azGE}jJoCS3(_>BO`LJ)#J8F#wu^+@Kp{?f;Mj@^ib6Weoi?v}Z
zFiC!^LPtw0u#}ncE0ak<yklsomp^--%M-2ZtEaxZEBL1PCn6QrtheF4X%b4GF4r{+
z$sWwM=Yrol*l3@s`|P<+EQszl>t;dgOml*7hR=7@`~rzYf!-*DkFOAs45|TEwLVK{
zebhZrMWH-{0F8mv<}17M&N#JiOPGIwTY+<ZeN97)pMM-%ewtRklj;3(KEFzHJPJQQ
z2JgZg8idU~;dWrXk5mP;;bC?5UT1_^0CD%D-hJ&PhKk0Mvo(*5EKsV<=D$0bemfz=
zs}ZLAcj<6DKT&o?a}BVu?_hu@shfnj?CEb~*i|HM8>;&n`9Vy?c)<aWQO^&;R!8_>
ztn!+h=S!=C&K@Ij^G<)u+e<-QGvmqu>b{i!g|%>H4>(<avrqn^1{OU3D7E;BD*#Q>
zN9Sz<d%raca6?8urrZIHAdyYCm58V=jNwa)KG7t>!Q5~2Gbd?lJKPDzIUYQos8mih
ziVA|5V%x8Y0|hoH%u<~tWcMA}nd6@Tto1^=ANR)RMSH*jO;UgQ@RUe~=fS1a2)})i
zIUb<*>jHytoaHG>Grycmpc@bp8s(|RQ6=0`mssw;Mo%M%yyhh{etr5U73yWHb)Q$*
zWs8jRnBW<TIASMzMYfzglKs8DiXj`<5fqdZ@%-G70z^ZoK?)quM^X7G4R-0{<4VXI
z4WKct_{ggP0x9b^k;69#Ajl?BnF$ClKh5&5;j-RGS!RipRy`FlJckjI5dy~bT)t?!
zE_5*L9xF68mx?YDt)x@UPnM8UeY_l#A$WnBpa%rX`eXl<x6VK4nhs;kfU*+sm2F#+
zO)uaN@Y~O1d+S;&gyjq-68TG+3(RqKmaG-G1(8cfnnJGB46)9b&UmXc+LDp0QzRar
zWV(|{kdO%tBdnf8MZ^~PbTP}?3vc~YGeQC#-k=c(1b_pH$_hCOl&G1{oB@GAAQ)2P
zZISxxRw5{$1K4^c1jhna!*3L_8&i@cBK64xzMHRviIDbH@z*j5U<jz>iAaek*WnUJ
zW2u^5y(|W(qR4+=l7<!o85zXYq$8;V{>vJRgc-_cILoA(6o>})(4?y}N)%P5wQP@8
z5K|ykFVzg2s`fIo*Q^(=x?E=?Uk-`L8d_`!ZQ$?vZQ$3I<6C))9%ya7%B0i|XZ`|2
zMg2+_r-Yp1_lzEA{R?Ue6fFiQ&<yGo>=+Q|?4ik22lDwF%7FP9?R{Nb>>f|qrK8^#
zgD#O!65%C-gGHz**01N5<&yy0f_`1P)7*1>PqA?&9T6jnmu&iTVxA2x-Xh$PC@wy1
zUE6Jkuz<pUyIIupydV~VOj?-_Aja@T6p`Ef0*L~%mm|5SuE!@U3SG4BHLWgrH63t_
z0pFqqXhB4_^P;$p*hXkz52JW*K6WP;H5qo&e;)d@k{rf&^#>q_T)ZSTBGZab()<-^
z36NJb7>x@~j5J^hTUH>leqAwwx@CvkZ=~Y?$w68UUR{E6s&Aw(m=c~BUPe(>VT}JM
zLsp4z>_koK*;0)!-=vCSRmwOfl{CX>W$eR1lQsa(v9{Y0_nw1X8wCbJ`l~nO6h&vj
zT0o4jpON!{yZFRZD7d55_t=_|MW<C#Qvo`H%hRI{@V((-tJ(r2l!V=wB6DE_mu{72
zX~zJ7v2H3mSr0jDZvVy60{+N2Mo=RF9&SXA1xrm80V-u`s+-nROqBr=ky(qk=uYR;
zxg2wq<DRmd0{(x&tZvR>NKRdO*YW?iy0MJ;8AL<K-qW_{Lh>#=>eR{}@m#CX=djA;
z@-w0;P5*1o1NjTWs8YV^zo2~#Ok2q$*RXUB+b+pJ?^iu>Sw>$|kAP`lExcc%^4`-`
z#HStMb|J#{?O(un!$T}4M(Pn}0_fyGI2WuUNhf$YUZxfOL&ACqK{edVE?p#as40og
zlb^-_0D)M71l(wG%jj5AxaTR-i>5wfk1=dThv2zO2Sk##2(?~RwaFiMPYAdc3W8eS
z5!E(`9Ip@g`v!!P3zDfL)S7{4=oZ_p{Gxs<M!#o7ZlRNa<`mS^sYVzi89D+6O8#{=
z1n=c~XQ?_Ap(g2FHOz@9S>8iP=H^HYS$Ats!;XQL3WoKCCjYw{2*<8W9OD?82qV^O
zF$CvTv_h?tSW9*8VJ@m4G1-%v84wLZu%DjwH_Z4?m|(G)A>cdkSRMMJu1GX_AROs?
zWSBYsf07JWN7qVWzsTcjgHQ5??{~pcDxxz?_!j9eCIiWU$53KPZ!!h~L;>$iTDc+!
z#y@LYpfT$XEF}3C(QxUYTB`g}Q3X5(KTl*t>*xVIbf)RF`aeS`xJQYx5scH+XbTwV
zE?1^z4s6QPGtM#(WD2mR0FIpLCRCEAs#O8gFe$SG_wi2X<5OC``1fAWuyF#zw}?g{
zfIJ)i*Bn3NB!E`HSVDPeT&X%%veAxIg;<|A^e7b|3QF~_iP9HnnqS%O68K{M)82q<
z=Zf-wHX@qWoWi3bD&3M1_}o~Of5(Uci;lk>riv*ftw8#VIUIrrS@2K@yRX680uKAK
zZ2zNtO$s*-ReXJkAt>4kvcHF%i+~O3RYl_dpUBMmZI#sGAXCnOK_Czet_i7-N+V;G
zsK8ASVd2KWAQ*Tb&ok3}`s9BPtW^Z}SM4zc-ji|32O<ne`n?j8cU#?oKrG<;mj!>@
z<k*N}uq>8-tF^J=WPx3wI1_Oox|IKE#V?@Nh1(zM&33ykzTqGw{cnW9DXE#}#>VHJ
zv~NCGZ--Wl66edMq^1ic%ugRU^8cg=m;#n%%ZE2z7oKKckr^I}2p5JBX+g0EP^NFP
z>;_A^tvTY~L<1O~^(fxp{(YZ$mvxPOJ9{dtp@wC|Ti@gSY%D2YIrn5y2niwO4={qw
z!hur$1r1HWhJXv67C%`CWox*%U!6<_2Ed6N3+_l{Z{T(6xvP(_J)m#16SwjQyAOFK
zb}x|CBdfU~dO<C;zN0gk0Wvxv1*jG@uB%Q{^`X<GuSs+7!s+7uEr2w&&lng|N}eVp
zF3XLb?>#*Gb@GjUFUp!fZslJO*dcS1{$=RMGor02tA%Np<=i=(i#!Nz_sye@OdOK7
z`Uul*mw99T8TsI^x9&$YGnd2zwEd=gQpd5l0iX7G-*5J_JMO5j1-<w{(pbhEysvpn
zXzq5vkxEvea}d$2n)$rw)3HKmy8;)G2^v9BKzbTZp6YChpe?TS8p9EuYul~1pn6im
z+<esZB6lomk^wwXm1Fg6eFiAin`BG*+dm&PKT*W{v`8|2jUncIN+$w#J$P0PysFRv
z4}ZxQSiKrVZWF%WRD*-pR1uwQLwsu5qO}%6R1c!0iHZZPRb<8rNLWJ33$^*BO&062
zybk)uk7R5SiT1}+AzNk7&j7G8T2f(sfRo33P|x|%jZjU7SP5g;gBIMs-|G%MYo_IL
zX-r7?DA(}qrY%%glq3XK&@=UnuzG#dJ95!bEeERWQMziDaE9R*d@($)u4Z-n(Dea_
zHUdyf0qDO`Hh$_(3<4CX3Q6&XTfhJC<}~T{sx$U-yaaXHKlCuhHY@2x`7=!T?c(iX
z*H*)9E(o2=SfZw<i<?&F{o}6yu8LCU|70I@&sIlFGQvCE0O7gXQdy^YDF!P}wn3mZ
zCD~~LRoDHnhAA4J%dilx(GZbt^CuQIUUk~V<GGA>x_j8!@>iB$3k}F8k=ts4ec9~A
z#@)Jl{mkyWX)tHtShkapriuz@pmwxixBurw4Qz7axjSYD+HjB)L<+Ssc{$F1ZDl`H
zbWegbi!8Z60sl!#w~8^)m&1#Jk0)g14paWsc{ldBaNGPFe9P&+PVmq5v#4;Z{tuLp
zq~r5Qj10X$NH6Y0kdkJ$86ua<WV=sbM2GKopB(<&#Nm&Ch*D!dK!_@*=E*dUABel$
z=26fXmLsDiAd`Ix&uGM~@HfGy3t=9RP#hQ^jK=3(;$w}Bo<a=&rGzO_l1P&JtxjW{
ztkzeNhRz*wME(OZ%I<Fa>iM|q^<pDl@S_Vd=|P9isE)e?uK83b?tZEQrSl+$l$v*{
z1If3dxR)=Ae%8R$Ruir7ppE29aZoRqw1P4Y7xi2TAbI}Hjh0m<Nx$Bf_x3@z;P-!j
zc_m=ti8@*!tnJa%;O<1ew046X%-M4382nNLCYiwd1wZ4~E0aenXw*Q|{}82Q0Ev`B
zOVHz<@(QB++%+#-*S)62;L;oVHs_>vcmr=O%1J`OmXi)5QrXzqPQ);0q4G2~ByY6+
zb3CesE~{8ZA?er%@}w$mkK3;Waza~Zbe>{JrfHaX)JbO|ITB+6oiT^fh$DMgf-1-)
z!-P~_#PyK@4xU_52F`FP)T!=={3pV0b0^5Fwa!+WGRjDiAdsm8|Mf^b4YMWpnzhgP
zCox^q3M2&8z;3^cXneJ&AR3yjW!E8-+u{0LZRh~9DG3b0Mmvh-qCi8!*nlOfTNqTw
zVTYl|%NmXTtR1gb$Cox#Y#5PLlZOLq*pD<f7<<s%fS@D#O??#_Ci&-9Z?^(oO-;c$
zNo33b4^8soKRlO<H$b;FwX;npo`VA&SrsYby2k@I=%^&_QdxH>TE-FNq*I_gG0&Qt
z>0|<90xgo@5#yM>;$eyA1s>$!;Rx-oCvkkE+0TcNx?>Qssg`JJBIx>q%f*%xIn)k6
z*rI{8=8U)J7$8U&0%U+SV3QSW?;m}B@}0aw3L=YhS?7Q`;W_SpHHh@uFU@vvAioh>
zn%#_K?bTV=^9ue4^PQpN#v5Dh@(Y72@?dp!ApqR&d}v3%0TACyik!~pFeqN<M+XKL
za0ibQlz!%m*B7l91GpZQCh*^M<9_KWj8rfZ?0^2W4`$aTuNY+E>XVrC20cvc;q0(2
zu$M2%6_&=SYF-DWSqUAMRt_d!I;)#6TAim3SvZ|$OcJbcjYw*bLQ8x9c~~w~G=BPo
zF>QMH)*UNd1*}{J?Ux6nPjbwUA^w3zt?wuVe*45AnjIfQvUHPf{_>il8V3B>zcTdR
zTeH6XmTooFmFI4#`YRK0@OFDMtNDpcjxjNZiz{}6TRV8o?H8lM87b2eo!|^<{wzM5
zjyHV$0l(X;6gT*xR6A@?mi@MDXwa?K9Imh?ZoFMV!hG4yi}63D2IY?1-mTvWpG6x$
z!VmAV!7@p+?T+;p5^^DU`sc}*V3v8{>7Z!Oq^>?0fZPmSY#ge<JLS-D0-7>K^u0IW
z3uERqiar4mHaObggDZDr&yYT-(Gv`0{>FJ+t^o6pbA4}kC{21OteMd`YvHG52Ob+u
zjyQi&omecO@Fzqlxqe6@a=cq*xIu2$CeE_IG^ZU9USlV8&l$=sW;1X@thRAy*&4GG
zGal!SxKUsL(Q-thArBP&P*EtM=(cZLmxF~PoOm!y;aW@H&10Mh`7f2qH5a>BLe3JD
zR1wPmwivS7-Tf@4S=ETa3<w?xZgV*R|1)Fe-0ZN+V<;I(U_{hHkPa?kS20cw$=W;B
zw&l+@$TFG<%lF*Wl<#~z;r^*ft1-6{sQp}8Z$}Y=Gt%$K7nLA`7N%s0gCTEBktr1L
zRn!+yixXLhu}q*T7BN($Aw#S<n$Nl%SU<-|5=q&V%Ic*LWkB|%<-mExOOF^2@!SG@
z<N1ev`}P*r;$rk*C5%7l=E|47r}4z+bvV{-Z+Y;A2wxZW@*9@Hp1AHHQ@{}hl#MRi
zk}l~ULk^A6(E|T^%>jPAJM(T|+~!}p52ZG$HkW~UUF}8#eu$*ffX(vKe;gCHsEFDx
zg-t|^$WZ5dU)6oSoYwsZSslo-WJ8;Y_pUDOZ9YK5hI-1;ddwlS7zUMIyuD`|A;;Ma
z+_#rKBIt|=?g$El79}ArY<3G%JS~_uduES7a(uhr5J$3v+U^BKY7}*Vgq+ljJrI`K
z%VB(+4kj)xPXq}WPCa&wj<1WwqK}SBRvLh)b`NR$v(A<0W>fWi8G{59XAGVIPtrho
zgmUyGYBbv1zUYSXb>aNQ(9e>ZX^q2G1TRR%9T+MErQH<d7cRqzKU|Gy(1kZDrdC^Q
zN$Iv#$Y#v+QUk3N?nXG)X5B0vD;ghBf588X+L1xu^Rzf4<$3LRmtCw)0o{*4x7^Qz
z-X)bHljUy0Xsx9Y7t`oHXbe0r#7KpEvvzkW?!sXeO&&aO<c{r0imx&dhMhPs@y8Aj
zNR_6EaiH=spoldmiL;NYvYB6CzD&kBO$G_0V@m4lNn^W##pB145lTPmwzV3P%K(rG
z90&MkxR`_0`AtyAX?kg<)(dTDE-;>pT=#vYiWVa=_9^c54Ub6Mev)SP+%kItGh2Lt
zzOdzlV?j#Hf9P*-57}>T=je^4&GGI`FC?&}IsAm#)x=Uq(K6>1VjHXfNhmdC>m~e0
z(Pn8<?lnjf6X5sk==35|`Rf*#t9Bb_G$WMRTrI0x_vLO!B_*KpMOf`O<55zlJ=7{9
z#S~@Mn>F)ZQ=!tfj&S?Vdzh}VDGgXu`w+%#OX5c)=weLRViKH@B(wPq(}y@dXoCwd
z=+PN7VCVRPyt#rB5?ESZnvA#ZO(~9`B$7Ft$kQcfb^Wn4kf{&)FNj_{M{GrC5(E;C
zs%Xn3%3vc#!7ioo`mTjvj6LoYEh5|sC5V*h%x342MBTRrf1A{)M6`)V<KT^+_Hv2Q
ztOXDI;DRr&FqYv5FRreKTAqu}Vnju4QjI<ww9oe<jWQxYAncL)Sv?dz$ffJCO(NaT
z-zIKr<<mZ^<G))N_#Q5kCG4NAsL6oF#x*OsZ%f&2he0#7p8%sG-x5Rge@+>)x5JiQ
zQf|Rdb|=ZwK47y$umXDaD=%Oau@{xXwl_7g2MECX0`6d*OB*m`POfx>>rv+CP)r^`
zFJ;XbnfRpc2QWPdql5y0&D#A<(t`-4FeYLS3aYIcdH7<3go7ZMH<k4854EV6Ur9k?
z$L=gJQ?qwsV5zy|+m6L8K8AV;p7UFYdAWkYA9>*Eb>1|2ypB>G`qxwQE4yLKg<?ra
zO^51bi2hP1QlJr^%4`KqfAU4&^e*&xB%bfYI!b~heDNZQwsy=aSwvX@O*WE>Wexph
zpv1HrRl7V%J(5xe%a*Wn?nQC@{SgUBcuK!vF{5{0xB<~lepfrSx-4y}e~`Ut_h3c~
zI=Y@-n)7JzbvbI~AR1NC`wjGhIyU9dP|H-|T|7g@ZcHLJfpommwNHmZP6wBJPEe!s
zZiF_y7%vIEREo3_!l*y52{quFP7*VyP&3*TP>+K2FbZ^IU($^751VK#Zn+}{sNMtV
zw3n!!gwa3<&^-yu$+O#>JjfN~^lfwEh^Dt1IOkJF#5hTxVx7C3Hr}tGIuJUq;KNP-
zhTClhzUs0Qe&XASa-sD{=HON7Ek&_XcOcls5F$|)qD0u|D0)OyNQ{MO&+>XB$Kwno
z=yp1^9q6E_XGO`BhwH>%OInS;;Y|G2hWy*YZ0-~)w0Yh^^5iDO-ul3TC~l6ztI&_Q
zUY0ADG*caCpb!l3_Q2AMfvUqrh+n_-ZGoPalibhVuH5g1KLYNEzCRUxR(q-%fa==G
zqbKy+v$bLX+fY+T!PzV1|BjvIT}sAq7VOqaZ&gajoX-04$iB<L9gU4Kmh}ItSJ`6)
z{9-!@Mb+H&pa>#NObl>F3;T;Xz03>|HjZ&1k+v+TnHYcPjX0(QXx!8)zj5-A)gQ%;
zK8G2%yJx-ZIG`uehVn0*FF-yv)g?D^r4|RgOu$s1<{$xky}q~?w(X0Ir1l+-srQFf
zXfTYy(EtOukTVe`amW#o8y>Hpy`~2-Ro@Bw8Qx3*D(sPsW1b{pO$SN)`3vD7ND^l?
zbKon^hdk^K1IjWHneEwxEQ;pB#?s%WueI42-x`{9QPxDUzLme`fuYdlCJ6YK+0)?K
zAKxWUu<c!{W(df{+3B<(o#d=X&FJy^3+}A^%XRPsy78XJLPB}A+j!>f&!b@-Pf^Lx
zrpS?}@GchQ#!f7*l1gt;-6A15W5gjk<H#B};84y(QKUlUkVc0jq#S$5*z1${@NVe~
zs1N^BZ_w*s9g@hfvCuM2H&kGVgDFjvEp6=W9sTSqPJ~<!q^We%LC2@@d{R~E&2RRp
zC_l1y?K1jxY>pvm=CC9EgTMceXWYb(GqKN3#|{4bVI1)DgH=<<V?!{-dJS&D40E&u
zct?<tKa`mJW^gN0AEat^{5iGhss%x^?{pO6nN;&xIv@A^;EzM(d;ZV?ZU;^XQpH%m
z3e%kUZ_)t`amK?0KF2S1+L$Fw&GkEu&xtfX{9uZo=P+IE79QPgkMhJ>oln+-NWeH3
zxwO+Nxqgzo&w~T(^&p$7P3%}2z(#Ruc0^L50q5|Z1kEGb<S)h~NdgfdWnwhRLYMqW
zLcx~?VVogc7Ny=%i$LQax-gKfn)C2NQZym+0$kk)2B<Zh@urF6P{gSC^0m1@09E_C
z?O9Y|3h{xJwWv$zo$wF6H@(m2nVq;A8|=B^c8Qdqf`3fccyPvTO;}^2P{GE!uF=F3
zo)pK>8m%YfRhbB`=Gygc2Y=U&CM1shaV9!xm4*`r4>;0Ft~DO_)x`}?nhMG0dA-%d
zD3}YerQ3u-A?%s<E9w7uUl$?bwa~@N>$affeoO)Qwma>IHT3+LTPK`G5mzt7jWFxn
z7kmHq9LY9(LTSFJChotmNK-&~)S{+;1i3XV=CPy*ou0`Ns>-QPr^Gu)V-r#m{iVwz
zo;0t{G2tDX&6+{%7&{r~s+CPt63aLwNeDM^vcn#3@W45Y_L<2ye5WN$#t|bat;Vy-
z2c@P!?rT}cj9Z6N;mZ|ns)VnW?}f>v^Pm~0>D*I+`e!uCC**zBeo<%XMV|B1hsN{V
zBo{sJ(}U9AkZ>`lx*62J^>VP?6NRYP9`ZzVuOS8<VdUwK!@kvsPrOHm6j01WI7h_*
zsjP`q3{r~;4#B{D3K58Hkpl2|6|uH^1pjB`pZVjSuDYC#C}Pc5l+Eh7kGQF&L8yl_
ziJ)fLlo%_;2nNM7u_clq)trxa^_V`HtG!_OZCe|uDv-$Q0;y(rbulIp3f;jaEaM-|
zxuE8+>{IKw{BF`e%r79|jo&FO!xD7E4IL$t9P=$M%rbMV!rVShw47|A;#Inkj#!5i
zpw6wNv&ja832ldB;0TmxbBNkh<^(BdkADHV29b#oF)5E6Mtrz$pK`zPex94HZ$tFA
z!}k6_N;0K|{ka}C&)JSs*PD%$NE?y|PdoEH>emM<^s0AqXNCLIk#yk84rvCNV1ZG&
zF4Xq?u6?^PXhSh1p-=(qhM3Q1fDE}^27Uej{+!|PYbA10-d7>ij0}3iao0JojrS+D
zvAdk+@}DW=`+^zL%sf6@jb<e$?xNMB(k{hCIlvJ#tX?ZsQ}pwR4Y@$gf}9R_%R!T*
zBLTxpR3EPzIHk^_cWpM+?z=6f98SXgo+&N{u%?>g)KZ=ff$7sn6Bsk05-N_*YViLL
zsz6o0|8qhfCI`u5TTds>Ska5t7zY{-Jf$)R+tG34i&3OT2GHIWM?_x_Eid&0ISUMy
z)96?V@kAV>tc>gbv=dkS;#Pd~_eXHWp5?f6yxl&ws`IVmxeP{fMU0btB(;K7iXt?A
z7=1(6WBf=4ceZRpcExs#7m|oF+`i5>9N2L`ZrY#1UaVkqZ`5EH3D!^8nLKH(ySNS*
zAV7c<27R1Kef*ir@xH5uJ(Hu*XSJ6G+{iET;2Xr8vG|04MM5GaXHK2c(t}?FU28o$
z&r@KkAO%-$a_2;lxf4H}{ZfJQ!ZiN+F5sKjC-A?&jAGZGJT|np;rx}oc*w>C+PXUs
z?rcXk)`CP!8#-D-XyuHzR1RaPkip(`8tGyVkKVi<_YEGwfuV5>C39$x7E!Q|w3U%g
z9YT9+E84;&Ck1bdXQ`FNVu9uO^&1Z12RGb>Z(sd;T=k1v@Wp$gxF@^~q5ghccxn&A
zF}+TlrW8@scTIA9E|Dmbpe!4?8EvBnu=~CPxc$u6qYw_0oJ6s4Wd}+Fhw)2>`|IRd
zpuL;*z0?X_={ef5YP(BgXeCavRJN-E1PE}<c<6=}Jp0T}eDzObp2-pgXMYn8Q|eZ_
zOp|YoZ+@AuYakV;?HU~<cH*{gW}uwq)agzIS<7o2QL0Ug6Q#2@I+y+#Bx6BfV?)S3
z#FokeH}6Q`OIPRctt&Hl%l4JHxU&_HUq;!wl7n6kIy!m~ZEr_sS1(p{_n@Do<soa<
zU|m-Sx)LNIZ81a{-cYKDJp+fV_zENY(b1DYq{ITq4$`3cq3DE$%03#xkM1br3qQLT
zU%GAxmk)12u5%N)a|BO1jpe?rgG4Wf4BJ(?s53(P<_wTd>r7A{%LlJP>hNCtZslcY
zS-lx+`x02)5y!3_cj5cj+=1^6tN}Xv*^ZaeV9t!&Az2Cgr=3G-ZIYl^p?MOtqW}R;
zD7^lWUD!EX#E9NcT#AtX(UNcVN5nj-vIYs^h{L2s5YK+5@CUCj{ZbFktqt%s(g;)8
zEhb#LU705M5DDR>-_GDOzboU8eH=h`jpKQ}A-whcwRpi9oA97z9av66vb?<w=aRUT
z$_0$tKw4z=mC(gHEM(JYiI#Bha4)VKKMQ}#oeIP|7zgWisg}h;BUHwbNIS00Z^4e(
zHlRZXS=q3{WxVXXu<`U%p=2LqOOoG-sEp+@$d<Aw<+9j#;2PXl+=!tEyd0bQ==jJH
z+<N`Z_{dfJ@#C>o$hWU#97}B=XL=$DPncJ)pUo_l>U;qL1UTXFst0yr*T{sWhou84
z(*$Q#Q3(e|NldFCP9bSz<Gn~r(UW6UR?fQ{pmmj;%!6n=iklB+@$DVJyRJ#$l~+db
zxNn5;{Eyy-dv3TLPg~c8w_UIeuYce+&e#(e9M7OsD3DhcY$YX%5;CbQTEbcUEcXEX
zaM}OGwQJwVx~-gN3E+daUNlfg+2D+r)2tZ6uDwa5vITU++tAw<L3c|Soo!+Cx3!|L
zs~6`*cA#`*2X5(n9EQ_j+<eWA`21CO<5PEquqV6?g?K;1R6|~3<*k0@`j}622@oK_
zNshkO2u|sX*}=Od2N4tz5-MfHIju6GS%NdmmUiBgu;^J|pwzTWU!kln7t_4D;?e-J
za^i=Srh=R)De;FlA>0~6g{!S03*T?IgrNabKaUa$p-jSZAX&z>$yNA^->$>@f7*>T
zZ~6|t{_Fc}AZ;(@u&h0fR@O^_<mB+se%v=Wiue6^KMH3&7g)ZTbr@%sm*~pfQi9q@
zJcPIZJc*C}_-_30x?6F>od<E(j)T~@YZvamb2t8Y%U*Q<=@YnPWHm0|zaHQJ(<nZ2
zR~vqp--cwzR-nyWoj8sV5R?D`0vHlej+YvcmmH{6MKH8y9^r^C(QAktAfdNFL|9@S
z%mB$sE5%3)B|-_4)R-R*g!&C4M^^lz*{W7aGzjo^T8<z;`VAS8Ih`-@kFP4fx}reE
zM%>#%5*LxKQpIv8H%iPBhRVr_C7bDwvoQL5ky-OF{LL?7c+zKg;qhNMfH!=77ryzs
zL)dpPjgMY?2p_p)1#a)Th;_s~mUES|Tq<yNwNyt%mUjki`0lPQeEP-+KJfEF{Kr)X
z@qwR?;6JZT;i{W&$Etzf;`7<Z<0sKa;nvU=pnE0Iu0G(k{iO<j(v(i`CpQ9u5+J~F
zh?r)v3xK7eAe4$$iVn6?%0AJ7*AU4`*dru<5lPYc2K}gvNK7lkXyLt{?f1v%U83N%
zEo2IuqTk_(dDrT8kx%sP8I`~6HK4hw&{bhIl91SpSdGGwK`lgDlpqCqJc9YsE5jX}
zsrRkL!SZtaXio?J@eeI{`q#$rmEGHs>^rkk7fWr`q_*ysD%9rUVT{MSF_>711F?13
z6I+YH_<B6D?JndF9l|%do=;N3wlA)0dP42(c!1iE(#kYjvdioVZOh+jcFmx~&eh%z
zobz<f9P~5U0Ro)h(Dp)V1i0-gc6JViZOec&p1}66?{X{x*ncD85YAuQhAt|qJtGAi
z7%R?;XuIc=e;C1Fii3_mptKlJ`DaFfyRTu!byh*ji(=`a*qc2y;<h2=Mq|C+nGSQ{
z_kJPO2A~Kn>_DE(L<*Q$-}Z%ttGFfpkxQ#BC51u%IvXIjGOL2mbs=-PlW1@jS#fTi
z9m`o;Qms9}sgI?TiC_6WzQFw0ISS^7QdSx3>_emCSxi_P8wYm%zS0)roxp|%u}QE#
zmLgP!wZgVu&SvrZ>>0SB<>53tj@pj;kod&Vear{zLj6n=2=a{(mYuGi(HzuaR-6L7
z_)|c7^0yNL1UTWKfo*^t=NoUP;vzv=wgq_32P%W+V!)eWv~w1k;9xqRKR&Fn<w%+X
zw`RLiB8vf)|IlvWC+`Ik-pAvdQdZs@<zISk5-Md^7n*$eA^xDU4*3Qt5tA}4#4o~f
z@BD}biR3uq;h}C+4dQnhDKd<{&A`+CiEV6&zxsWmKxA`xKXA>**v3d&J68jb{69d>
z_iLKR1Ik)5(Nz<Q%I$Fh5k&EcyRT$dVqK`qso$52Gt5S#z7-%qfQ5k(g|dA$axj_4
zaBBYK$hc<oi%3rVP!goABrZ9Avs&@Phz$RD9H0U-JSrNb{G!7+b|}Z&5{m1}!7JKP
z*`ly5qE;$YZ9Qpahi0|sM=WT6VkI^4Rz;A#NKOq|3NZhu*KUqCh)he4$9!nzq?LV4
zXUIBqW`=zt7Ou&P`ic6-RO0$lfB*p&2O<o%eX#(t6v)X;VPr&#%DZZ-L9;ZQm61@G
zP#M}AJ|Y$r+1oSotE<j~$i0KyMJZI8NYK9t6{!jDTWF^@iQ*(H_FWGu+7Qj{%na=;
zKE<oB`8-J!m)uK4cmf1CNuaJOu*)IF{+D1MY44<T%#drjfC4N4RM^u=fB+{G>h*yd
zF+xJMrd1IABB~IU<`dzFRmh5FXGXwC1at;P_92R$N0HFK-g*$+TSFoZW!mXCXtb(i
zB*>e!=_6x0yC8RQ3GZXPwlWR6*Y{gQc67i|ag}JN<#-c?Dbc;cqniK$PDa=na<+eU
z1NBjLW3zD3WJxBCL`45MoKPJfkit{tP_z%N*BJGa_qhflJN+KFRVc+2CM7_C6BbTE
zc`FlBtu%;eggEG%J1Q;_5<xnwR<B8_x{o(TCTc_qQ*QJ{PpyoU7_O6|CyFcNNt6<C
zuRinI#^-jXS6f9|%GTRN35r%_6sCPCltEY*<{!HT2yhZW{Yvd!#6;)3>|mYPO2N8B
z^9VZ4+(V>7ge0emk#Y>9hl=dXHEnq0)@69|S<7+hIm>EfIUapVKh9g%hBdu0PSU7A
zt98n-0-_S&goFr(L}xVA&Uw-Ac8IXJtsDOq3A;swaPTT6=%gMRnL8*9H$hXFT8ftV
z-x$*UgovEz!o-xA)|gLp=-R&7qH`@25gCc>0%f}hP?@XkkT?cdcvyed4f{-<!tpS8
zi)S(52!vKYa%HSomcV&y+VSWutvIzmf%POEn|nf7(N3l2>9@%!V<cV1p0PX*jg|3-
zy*b>lKaHFBrE%-tG_9$`wO?*JvSA<rrh{hBOX)41lMO0=y~T6IdpT}!@ODri(pHXE
zD>U;`6ZcQI{Pzx%G+pzmZz34kY`T=vIU!w&zb2p(XBmBKfyca&x*_Qq2AEf9J8)EQ
z@qCmzv)g-%=VdJa<LoV-;}z=1(x*FqMY2zV=vFz|J?eGi0P_VYRf)E5a$&6N>%!Mw
zu?@d@?Kb@2&sXE^kL|^C&Thj6>ta~ZF%>xxLg;P{<IEKaT)4FbfBon#{O|Ku;y16}
zgzvs;JuW)4ucH67738*n0t7g&p$_3Xg*VgnH*0A#C$*?;{yK}oE;dPY{=`;k7`CFS
znp3Lq`jho3Pwd$&8)HJc<k;oK`S-%GkHZBBaFW7XAXWFM*Oddz2c&$8EOAbd9<aF+
zUwp|r?0(yNJooGtZ0!pnswLt%Kvz3(>8TyK^5tuA`(JOzC1>^^s(o$|6;r4I0vyk9
zZCD@5qZSi+5TDR>I;e};E)m1fwrGeXC#1J+d=e%x(E(SjKH8f&&YTjH(4YE~e(%Q)
z;(DU6MS7}4!!L@w4rFdyQ(pK{rYFp2`!Tlw3k$0ZPXa6&+%PDTa-6;~eSAR*N-G$-
z61J{t#lJjt4SxNa4S3PHzUAsBpl*}a8Iu{{wB<2e@v^n}((~8h(IhRlucz}aK_{F!
z`~yyaMS{vcP7%w{3QCh-%ak{1x(V7&4<r_5=@&n0?Ib#U%eX}*Y&lv&Qln>m8>RXt
zkQ4Sf{f3ag{W!5VifCtV73rDju_Q4piz~pwLG3~19t??#4kP;&32I|LAtfX}kSXFX
zFI<6Ny?Pz~?lC>~$%Lt}V>plhx^@JAarq#g@`ZzV%%>0G5ue<L$9-}q?+@cipE-o*
ze)%BY|EqCavonjL;+X=^JG&iMzj7l!aoKvT=;91bX$llz^UxU{`<Z_ZL>iESvRg!G
zsl>?)AWb(x+s%;eH-d$$_MlG9H0jLD1W}u5qm|l^UudR}yy*i~{&ZQ>3fkA=fb|t%
zNg+5SJ6{lKD3sAjLhzAGm*d6fd7tTSfIsce;$y!X#y4*p!-2tKWjjdgT=q$ALXZ06
z$cW9rI9O_RCQ-tR&g;izjN_pj66kN8poy#a!@dmu{OgDDr@iCsiwegA4KNk#kmerX
zr|+#S?{{wip73`-mSq@V{$b_sKP0O*%YogRZ<>R=cUEL7$gRensyo;A8P04V?~S0Y
zXA^)LG~3mRBu?F{fyW$&pISd&VTWW70M~q$eLN0yt_lvxE+p)bEcwKapR%87oKz>O
zjA8XhvH-^hk%w#vYnCPOg=ep6OioBH{`aO7Uhw4uc*w_h;=g}>2nU9;tR#|>1Qk^a
z!_jB8CHnNX_Ql<^eTJKE5_HS>zI5FoJoVE%ap5O-<3D~qgu~-UwPcFC^267S;Nc(J
zi9hWg3CPKez_QZ$ApL+_>oS&occp#<EF##T^<!xI>Z|yB)72q|5^WK2AesrBSBbg~
zyP%0QsOw7VS8lt;i9G14Hq(q)1OWn^j8JFN5AjGUohl$Ga}6n(TnVRb=)fQUVjG@*
z24{G6aOHhDJob}&@uDy7#8+=Pg0y~=t&OC^e({r)W3L7~&DQ|Vod!_t8->caW!E^~
z{G9`M@W*!HT~`j_`h6KZ;q&|OhHvddF2guPZUS;LGic1nb3n|KJciYI0xS;HZdDoD
zo}swMrr>wz*hQ0YUZpLy661)8#04dCqM4xH{?WFM2`zLkMcX(!lxx4=<G-hydZM!{
z0Ro)VP#@0(1Z7Ska#ASc;iq=vs#k2niZ0LGhYam6{oElu?!WKDFYX?#C^`4Br(=bE
zK#Bo!#&-XqB;NVMLwLxCcHx>k7>~VH*`T_sv$p_~!7|k^-DXBeJjZ}^ibiu#R{>@Y
zYp1&UL{-r=XH@%d_pUR9ID?3Y;!|JpCqmC=rf|(cMf3@K^OWFYjKX_u%i0Q#3#=B-
ze}F}SsxiRAL*;IZC+as^{pW;`hO_9Y0UDxMMo(7)|Nev(SY2mV=k9?5p7fc6`2HUU
zsH0d3nvIE6%=Lh$@I*%999TnSqH)Gm`x>(&C3(6jQCZrLqy@dRE;RV)XZDNiL8YV1
zj{z16EPt&=*jq6i+@0urikhs(`spB@XS<%WY~$=E70AEpU*tnX!-;$LAZL!RxW48@
z?a8))Xjhx3YQAV6VBw)UlLW=T@NjBX=Px}82+CYRukRKk`0k4~;9(mzOPYuu-JQbY
zKfMQ6-+82RHg7(NNi7t<#ZeQFDN0^*VVt_E8((?JCOqS;{>rLapcp4ZWm3@Bd3l}h
zItx$-EOV`5*^dBn@OBd62+zy31VvR=B`CAR1ahMQ6>+V2kTXX@^f190JHHP0+7=M?
zgou|ugYVCm%mOSNT(zoxRP@29xOh<4Qhj*+HK>ZYfPJYogbzPw6&|%kGpULA=pT}J
z@+Wp+=iwwLS*(G@9ON{}D!n8luYS~W{Q7n4@%%Fr_?IViV|5>UXz&%w`p~kYz5pB)
z&jN!5ZbVzZPgAGgG}Dz-XL6?j=vZKNPhw%;%b2Pm(9V9B$0JboNq(kZKQd_P<sUbB
z(6h))oT3lN*+=9k0Tvdj2b+lSDjlfj0E+|b6BP*v%CSO?nhpBW^Sbeh2X%XfM{(`W
z9RB{t`zjCi+c=BZ@|D(nh!eB~KJ=WG_~_I7&@X*UoUuHC*FLo0R#nVh03TRq_SI3A
zjh6Zsu?kOG*dbK!ekM>;mcL^mC-QIo+`CQ%S({dsClMJ<SQI%eWGB(12_K>)zIuJV
ztnDEup8Eg`2W@eOSyxeSn=R0RO9BBwIaZX)=<9C7J09JSR;`ZsaA3HISA1t528MHN
z_!I3G6zXjHm1E8hE<U3RH~r;Cyq;tvTtk-r--Z3yww5!!JlzHz)CZM?&YnzDCYpKW
zSauTktJ1dh7nJ3qK*g>me#|Qp^sjKH3r6<RsMQ@B8R)^cWh1^~TGu(&%8(-^PJHfb
zp|+&{>EQbILcztSRoD{=%9ouln^1w1QLm5JqPC6#Ob->KD>B`C5)hPQ1sm#R59q{$
z*Lh13K0NYM2XOn&bcLKO*2;-G5c^$wTNEFB)&~6S<!f=)8Y#s3`0|U^A=XMQdZH<y
zV}{BjL(y-*)B%;!re$$F=K<Zg>_I(v(57~p0cWgk$L3|6Nl!;oWUtr21JsAwv5D?|
z;!w}b;0$%}Yla_Y^M_S-WTJt}lv_t)s{ZQqdD%%3JF!3hh^7GB$QHJx3s38;v=x>|
zOFW84ZR==EQZ!KJ=BQmUzBqN+!?v`eEx~d)k#vM@w^4^r^|C;{KCU|UyQiB|SG3?+
z=k+uuDXP2a^ufspHB)g!6`SrU0YNzysDtY4$&;6P21oI)R}bOdUBi`+t<4oVY1DBV
zLGDSQ&fL&}pS)}n{_0`V|NhT|)<p2~2eNYo2WD%aI-H^&sf=Ft(0;t}kt=c5$^<Td
z@h0?igz?r#uffaC@2kwXRGzL(byfS3P+6_&N#MOtTL<WSIL@83chAmD*OLi0c#z~t
zTiI{dP(r%;%EjJ_q1YQ&o|vXnooTB@kXe&(VOm&xjzlZZwUCkDSPLN5Ok`MjRdRwG
zDPZ-j0v#Et5b5;?Fa_AgUiQFVT=j|#=<6d{BJo(;(}r)nXgz~rSW2tE&CvbhPwU1D
zAH1SMQY<e%d%yVGm3yu=V>?~e9>wRMw-#IbHHoQM9sgk7^a^;K1cijpK8jhdPU`gW
z%{sTIvuVEa>S>K&OCKkJDj$`bD^FcXPTqCtDxA8KaV_M^*OCXz#`+68h~7L^KcY+|
zC~^~^Iap&0;f+sRH)+`V<K8^p_nXm*UOX0ZqBz8~#l$7*2zI5Y!A}PciZ6S_D*TcP
z?Gbg}ED}cREC{^n!QJTWV(SR{&x}xFoqXx0B;NkNyYZRphwzq1uEC*X9%CXWY6hxH
zm8t4bSDC3AIe4t>h~u>vkQi!9NOh~acCUu(m#F1l{$->#rM7W0L2vBXIUp)_o9R+Y
zA}!v%t}?eD?sK9yX6UBOwyff^GV?_Dwc@wakN?>>O9VdK+cmuPs>C4Yen_cSAxkP-
z3%3DmOIRYsESVk!wvAuyOyk>swiZYgk!PD2apXj8#s%r=iidA#!xOi6SK5xu_}}c+
z#?+={rrE06nz`{BrfYj<FLMgbON?iTBs$-W{yCnYkLk6xb3)lkz0GTbdaLc@Z+Zml
z!Szddp<H+0IR5>LLu?N;^q0BrStqZ4NbgaCH&y#M=^*CLKBJ#|FcM$sauukY^c0j=
zb6}&~u(}m*dDz6Su@z|k{%ek4aB!T;(d*<hg&M5}H7bsk-7!3Pb2}cgr2~)J-p~6E
zY$5wj=wO|e3QbWos5GYK30o8B(@JCw((Ej6yJ8fZ-nY}@@#BGO6I5ziMNtn5FcWA1
zQN6Dt!Mkp6ihQGt|9fE{Zhq@FWZ!cpHmztwFYU_jI|DbqVY6LNTi=PldPFZeIi6nq
zrmeVeTNkc<!#3Rd#w{ql=M230qGeQYAzbmAQ?UDO+wt`mQYmUsIvJq8K#~z&z7^qR
z>k;l<g>dI;pl>xo9lab(SZFOG51g^;V`z4MK#EL+#tHkOy-7o{C464>Dz9JUt}KyX
zqL87Gz3V$AF?FB@eN3c8(b}%5>x&9Q7V@Wfc@fvq`ID;9omP9QBU^Lz*+x?Hq3e<u
zOy%&_r>{qn1D;5O`tZA+ydER(JRP^P4c*0dvUzO>Ui;8qTy|~(|M|Ri*s`h}KYP_C
zw!1C(=AUmfKSTd~I&Ne;Q(GJVm(!VCPP!hk9Dn%BO*r(9Q}Cb9-e?5+voF|){qHyx
zKYiIoEN_chyFQ_y?5Nu8*QZq{jp6U(Ke=}dm%nNwuK7QktS=|n7GHniGF<nTZCKS4
z#lC+y4L7lD554_Vyyq$F@Rp~n!m9QNzVd=KIBhLSbf98AsLb`Io3>F|E~*bor8m0D
zv0vp3FfF7I*sw0y)`@l9l_GRFFj~S7?iM-W!%SCCOwlmlWXSfFKlL1)8QF;6zIGF?
z`-_eE<*QfWy4P;R)l@Ryd&x#T?}1d%C2B@nNv2<kAMr5$_Q!{@dw8Px{?P&+|LJ{r
z-<A6@bSQ-n{Cdc<If{$7tMf=<*Mu3MA(Htr-u#G8T=_TKu(>~i@83LN%e_Coa~$XV
z{T=wpT{&F1u?63I=|(*3%Lj1YJMO?~AGi-cdD%Mr<#!Ka-!SmlcifIMSF|8fj^oU?
z-iq+w-HvxYZY3VNsSA(U5X0j?yC2W}z`g9l6WiU1j1UP#OLqqn-MvV3QTlrkqqLBu
zMElnux}4W#D-r5l3G}W2I+p`ooH(?1Q|IxTpwerhh|Fju#J)Sie&ZMWV44%(v&f5H
zF?apTFH)Q~L#AjJZAzAYje+PYGY{2U-AF`WBpRV~mHXzfvOS8Ie{(Nh@_=q^=}RC*
zlCo-jJKplhPISNZ4xIV6+pu%6fTx|_&HjG~|MlB6{_1nP@X@EOB$+AU*Y~IKtkV<N
zx+;z&CqnQ0<si=d>s#@iJ2Lpk$FIZ(zqk{BI*`Th_hj(Avs<v16QT!fXvOM(z7vo9
z#7<6*Dmgu&V7i)ps#>@8QQOCVaO+{b;d@7L+o3FW4Ce9PC#=T7u>y{yipa7}BuHc)
z{fYZ=&WG>CQ_g6|`>!~R+YaY&@uzm-j@|mP%M-37j~yx!PmXH2DmiIfIRQMdh+>H_
zF51dLyar#oIf>yxHoR$A_#~)P<f%jB?Rd{~*Wj1`XCq$zkPe(hCE_276zck}2rk*4
zz*k?i7FUzGpTChawE~q~ZRcX+-!+iIKmGD30r~bFX*}rT`*6)291ZnL$!%r)*Y!s*
zuDx*|o_7Y7y9U9aIW&y~$FlFSd|&a+{dfuo1g&yJsQ7N!%b7SUZvPmcS(`m9*I(|W
zSw|Fi-Z9F_dk7sQllC)7u`s$@BDi5c?b~QDm^Eeh+q;I*`H#2b!<VkWRsZi4Ti%~a
zk)B8>GoR@kC0jz8C73RUIg1S=9Sw8B)ruHNNR(tG(L?F&LulDD5|&j!pM<1kSwGOT
zjKXVo56KIOeLG1+3q@NwA|xR#BZ@4jOj+)>@}l-HGY8qpj|hlJg?giiJjJ$}+;$Sp
z<y0bP_7;&7!4VRP?p5)U=Aa`Ig9o$t!ENJs3MVr9`HZ!l5e(}5Qkw0Cq<F_*kwl_!
zv|V+^(49!&zpfp|KV5Yg8{T&}?%kC}ngj0ckpkOV7{9nLhrwhSSN!v7`1l{v_~MPD
zwtdvbFs{674B*5@IoLCjM|h_C?RbC@Qq`sEw?6!R{PCZ@AIrKsan&o=;x(7=$Mt)1
z$Z3M<L4E&Tk`{5Fc9vnjSVX8bghVuiR{PC0&tZUu@Q;0j@05FOp9*jkr7|042WPdD
z8}i$Jw6~%`X0m#sfrbkBsps}%=ihF?+a5Lfdn%3am@P5f@cNB-`^8km>R481UZp7w
zOv?ZKc0b<3S<<t=wja;@^nKWOh{`5GJF^dA$ALUPdp*s3=q2Yle|?9y{S!2TX3#;>
zdN@_a&b=9=IGAb=x{ZXRQ(BEZO@l>GYZ(82%>aJ;>a}?E8J)Q0U1#H8e|Z>(NJKPF
zKH{N$xcOijFFdCOk3GK|AO7=A*v-L4_4wpdI`Myhybs&@+Oc_kr?tbA0wf9L4BKaR
zoC9!%*EGsmmPxjZd|Kp%T+oxOj(xD`3)-sD>{NZRmF>8z9f__^wDhk;>+<Dj>0OWT
z@|6g$kgP&@C1o|Ge-#Oihz!e@?$PP3z{Dxq>e1G!^&4JeBqUM+jKVaj3G2i!T3Hd<
zsXEdUwulKqEBn13rB(M$pd}WfRPy$oUmd}#FKDxN^@qFD7$CX$+h=dYB@gVz6HjZy
zzy4wr!?`@3a#|EyR>tx9KOVw6E?R@LS0!-HDh|YKpFOQny!-*Zc+>-W@bRbi;5)aE
zU~7K@g?t*9Z0*GQ?l|r}lEbr4@5Y-hU5Qsds0R;T+j3%ZV-ZVZ4U+m9^!M?6u4JTR
zbw>>6uW8|U&_Xg;As`|o;vn6ej6_N1B&w$vuLEOYyyhXjXlZ8~I$8Q~Q(&Jid*UI2
zw&m~i?kja-GX`})UaZ4WJR|6H)9viM=RBPnK&Q`7QgFud;PowdJsX+MRyq9ao-DpV
zB2eLZDzGM?o}Lfkv~`{M=_}TtmkfJ0c+A!o97+Sfzdu!}Ge?kgWwl*(UkbNtCNDc<
z@4k3gzdh{<JmZWu_`i)Z!dd#yZr3s-)9819GC{NG^e}MOl`IDiEUlb@pL#Ldz~n=X
zqf}UT9?s%GlA~lqWeg0HsN8%Yh5cg%4ChO@V<3Yc{dSOJUL0qwj^Vo98GP_Z2ds?m
z9?s)o8(Q)8KaJu?caPzzr*>eRVZQuZdq^0gc-EO+Hn_ZxgyyE59IWkagA*KTcey06
z?@yJst3s6?(l;y06m7w9kU)uzSR(x;rLXfO(sR;Xy3(o6-s$Xw&TPmyOyUsIDolje
zM1m4WD4syLwF{9p_J!7Vlwu?)tt1s3$Pr`5Zl&ngh}H46*CE29{-I|b<TZsr(bY+n
z#n7#P;8T~9v7G2$R!YAJ(V8=ucAXTQ2(_`>53!An=aEV0al@gEt<c@NH;J#^ks_&x
zV@qEg@40#yyAO=v5J_B$ewK3({p9aQ*<^}1m*hlm<NT7k;*}Tl;`YNCtm}^A-B%Cc
z_jioqM$Y=5enuB=qxrXP9mP#|CGqopNjzj-E3!<|$A34BTMlGw<>rLY3(7;D<JrKD
zN`0xGmu+VGtKm$<gg(x;lO4_4ik?0*@%39q@eAtNy9RQ&hotV-gIVkMHy_AaS?wOl
z<4-jE6YFnXcL+D`&tO~=nUhtwI#~I0oEf;i!riqEYh_<zw^(+1rN`J`ufgfwBl!l_
zg>@h)<rSv@FaA_TX`igf6!G#$t;VOGNwVg{OTV@spTF)%WgV~?h@4PiMxqJ){8bz9
zs5&b$GXcjxT=0?I_~VWd>O^)lf5Z2$s`w#uwuQ4eE4rF#=x>t}t>BOQvUtG1-^cuT
z?c!vFI?Lcr;Cp{pQCxkSfTz8iZD8VxlffM-76EkdoB8jx0-!2UvAXs`<!ALFdkwO7
zu7OZp3aVfk*~)+~juRPLeHcFo{NWoc2a*MCmw3fu<k3Do?+ggts;%k`3ctC5?rnR<
zgS@Ng<xKZl@sKyV;hdK@z7Xs{E1@cs9}UiS_)B#{(QCtY<s?8qbS7)LmFQ2A=2a+?
zqnD$gC!HzlSPq=~<VskzsBL4eO{k4%dqHn}39gN(4atuy6X#xWb8y`I-ZSySFYm=K
zZl=!AmahEBjjjC19sek7g<*umGgDY6$~KSMQHtZ)9h!u&-rIVC(=K9uCr?5qmA_E!
z%PbGI4PDiLRR=0FYm0=tSJ_Hbt|#JF*-T;OKg9C?KFf#wS>+e5l=IP2RyoO{5m=r9
zJg{*+W}_{WR56??;QGB}a%z+_K`D&CeQf_RlM_L@<+ra{&l~NB*HoD5wqE^OV*u_O
z<V^qI#2Le?&M4MvDOjB;!1R#P@+&UEZ|1)jDQThj$*dHXp55Rgdx?~o#Q8Z{$jJnF
z18a%pAOawTr4^H6l8QgYXIk3ouiUX6=Q-8aV67&t!NP<ODbCcgbf4plS#Lt=O*nlc
zBuD!k!xSe-=TN2_3GxhIzhZ4)1g4ncEFr==NU)#9V{McU#M|2u@90FlcR3QvmI1x}
z2rutOcv&|>{apz4tpK`L0-fEJt)sRM)+Z%OiBQ6xNLed;jo@!Xg4%*3uv)cqZN{|`
zwI#J1HyHZc9o<}YZ_-xj&`NvfM_1>@g{?UKW+&pn+Dw*e%U`ILsb}Z<ugb`kmH*zA
z?}=E3#{#wAL<pg_2*U9=!fjnXf-)Ugp4H{ZlO0rc=dD#?9L28DA_lbUHIp_+y|BDH
zg4bWr{F#&K5a$H!wGZ#2qNT!Z7EE(0SHO;ui8Ho7Dy_3tk~m2x2MDleU<1`5)(~g3
zw(Y@ZT|`#2ByR%-J70+Hw<_w4bRW_3uk7ho#72VxCj}MaLU$#)DN;0B&eN^zv>KB4
zB+KU%%`<c>8JFZxB#FtUa>(WK6vjk?lOvJWA<1lkfk(>FZ(fDt9h3w@tt9##QN&1M
zV(lG>b+#ea-Hlj}u5BbPlrBzs+Id~5!|AON{Ml!B;Scwdgw+nZCmUGR6UMlODE|Nz
za55c<MbNdTA8q}8<nYT#@=5f&nk6WzJh^moQbRMbIJWh;k2qCu-;pAQ#yLBiY89#$
zg%X~6MjuvpO<kzJ+n2?kfBg`i_QeDE$=!@&8a(%O?+qNy8k<F?fCDwJBkQo&vUY}3
zyBZT9z(PXJk0bzj4*W(U*azHFyNHI!ihY^Yld8g^Wx;bVvE>n(h15@ZufwTwuRd!l
zBn-&De?rlj1d*1q0%rnT*djSHVt+w_LV{v$Gx9@sI;4@UxG7}wlr;HI86|~p!IUW>
z6e3Yd7=>5|3i>cuTRS4{U1;g*L0nr5wi>hmAW1pt$%zB2tttT)6xPMre=2i;QKXZ@
zNT-wR#j=q!i(s&#vJ0VYB0s@Enu<q+U?z>574ow4I=qMa_{{H9xZu6_;B&t@i0|Dn
zfG2+V9z6YXdoaxS8ev0!6r1}v8*7%JNI~=ej?u~F=M?wJ<^UDwP^P`j!I|!y2<vG{
z3TOPY5&MEGJI7p!-jvZV%nI)HUG3$UsmXM(4k_M~9O%Go)n0BXYS+4Iu$SJlSBXVZ
zWGJFC&MO^jB}N^<mfY3YX)pKM5)vWG(@#MpM_Wk>oNkQNP%JLbkG74poFd|qqM5c%
zL|PbxZ8_zNDATMg-ebb&VwzDY{UkEQ95M_$r!UOf_gSKoMc;6lAZ(9KNj<+3#nY_N
z{d7_{?s_7(4WwSUlcZkyjzt)zwF^RZs{`?~if5*2^t+z}saKvR)0DZ|!33e1dj(zx
z&h<?!NzuE?u9|*bwbCv-g~fXlUwCrk!mUj+%eutLLMD}Bmn)#8FGTB=eRVUeIK6E3
zqCTenDd^deYF+J_e{>dM*>>Qvj|1ruvp)I2G8l@W{Lxdr=L+6`Z4!U|-QB!Xsk(xk
z1|xYSKX?w>Sa0=k$3Ov(`S?y8($<Tc<%o1-OZca!t;henu>RK2P`ZSRKDh@s?i!<l
zZ*q2&E#gHFS&lD0f2C(o!Mm;;z&pQxpfb}s8KDm34#~zzOj=mxTOQ87peg-afZ<QY
zYGvj6=CoBQN9y!!Bf8~f_E3E@LKkndVVU~|4cd<hc~RhX%0X_V=yD_n2kxj08V>Rz
z=P|!u?_NYjew%5sA{UB7ex*Paj>Rj>8Yp;kN6V<Er0vyI!sSPGrScbauvUjI<-}HE
zbR(f(i-Y$Tr*ki10Qx+C=NcM|P<fCO*~_2qm1PYa_7z;-%aH#y4#~<)`0N&%Duhd`
zN#>Z)RisYl6%&L1-Z`}!y0bSYc(1pXlr$BAj2$d3GIa1+>Q=$Ha*}~aWi>rM$gMwI
z7kxEtdQf>1B8hc^m;e`+uGRQ`ux&r~=iz<4(t+x>XDjbX995V8GMN@ijBBUV+jY;G
zFifSz4qmgas|l=ut7~0V-nuHd2F|PYewcq(FM1GL_Mk_rF5YPMP+8}_hL|#mM1ua>
zTB7J;_s|%%jPn*9vq`bc?>Lmkkx`L+TC(gyxlug)>~#n;oZEH}U`#8Qp;i{15*4>E
ztXJYvS$l2X&Rg+WeNg%|$@2HNA34D)5)@T{3c#N^S{l^a&71~B2Dt1L5|sZA2uck>
z`41A5H_w=$aK`lEbFI?r;mbEB@xrfoVfq_-zKB!ScH+)AZuAT$Vw42tNuNJ}-`veQ
zYW5Xj5|kHTupD1_UO-SLz)w(Gx>yzLD04<m)X7>X4H|%|P2!Z(lvSXx<VfME&Uvvx
zj52F5EE|k@+f+D;mub*%;7sK~X`7H2xpn2>`KzX%Hz5*3y~68<oXL%i1-`h<yp4W+
zX464~w0Tszy}GFCy&72f{3CmFAorT_dGX1}yRG>59`yEx-TK@K_A0V>Z((S_(!DC3
zkUM|YbuTmX&p+;22@)A%SoWx(cq0x|jn}17S9`0-Jy$L^4#-#m$jp+U2N^0Lkpf;d
zTh=%yE2|@lpte#?k09db<<I4@3VEV9zkcYPk$c5jX_5$XYXcf@?BKp4(#jUE&dpSC
zUTUE<YY-2!ohjOKlHtiQMRl#)rlAPDNJKWRop^BZ>$jr>3wu(*9EG{9xk{8?KV14O
zAC=pqhJ?LEBq4OjTV>@BgH~}8u{iroEYXT~Ho<TrgpODUJsfv>n1@vicRP!xGf~C>
z3CfS|PvNHBDP-~;2xrrXjO@Z|pYuR;vaNjg#+}$x>_morw^(XHR@<Rk4OM=tTd;(Z
zXxpZ|(W>DDa!b&tk{w@Os_?>?Y*){5fZ3uh!S>Li6V3J7FB{nEPJhdv4AXDw$Ww$L
zV3x2ggSimaPgz?O65ZEvBZVSG=f3gLP~^WR40~<)Sj3xQ>%KZtOd)b>uK`aZQvUYV
z3`P3H%&Ej`-DrEn(!l}4^bTjVCbf-P&z|T~=AfkkR3dLm-c-<_XF`YaFUX&hNuVPU
zCmY1n(O7>WiPA<W42k*o9$Z*1E}5Hm#;MnOB^I8S$1oEg77?Zb(6V}w{awrFy6UUZ
zc|FUV_IU~Y>$T)u9_3t!#aR)1GfCG1-H5Gl5J-@8#}i$M$GZ`4p|pCUukrSGBh=Ro
zbW{2{BI!r%x=GBtcyB))&_TsSvrdN9PSIy-wc;SLttrOCOXZs|tkVed5Y<Y8vch{Q
zJmp_keM3gylJSdH$>Jo6nhdlst~TDc@?Ia?Yh}DGv~S^Hm*608*B*vLaqi8Y;p!Um
z!gEr6roDc(IN`r4O*$-0QTp^oiSlGy5T58O!T#`^XvI)hy`i8tdNkvd=()PJK{2-q
zgKn&RboIiPxr<BR*>TqiX{6YP0(~NPX2-BBy)ImqjlPVVplFLU!un&mg!vrq=tNZK
zomj73eO>5X-ifaM4kUWJ5Ne4aLjt0+;3MND>^+>uo<k!zGBAXZbO|}OKYc%_x3dkA
z)&!$q+zh|Oye4QK54E7DdlgnL>&MFeek|{4!}4WaY)%OsvqHGDh)`UFrNAruj^+e9
zFBxW=S0A$TWt3v&8p3jK1%-7|7wR)=T)Gk4Tdpmhj|3|ywOc&DN#d`+H^UW_(LDCQ
z=Nzo+^qy-lk}2acpV*0;bjsen?k6Qy3gc@p+l1$yq1v5{K{lkv{?8uVvS*A9!SgpA
zvPHb`A<OZlV2fuWq%{0nJZ*iznNMNo@dl$gf!a%h@>TVze+pApr8=q?j&5CWx}P=Z
z*_5mII4$Vj7&ptTSyc0+gfcFFf_1BbBFlEX>pG@`%2tVy0@h%mekLyyAWsU^TS;=k
z`O8lCb@QZxreat6{r+mJ#@Pw7v#?#f@?QhLdzX%SX>jgj?(DPzYK|%XaLkR&nE;nQ
z^Fv2^cK*em{OMO1(g~_p^X>~*?wnueUy!|PgQ{9>t7uDr7Ezj;cm63ANRFhRY<8sj
zk%j)~S?*OfE;4~}yR?W53vw<ZWh-W$TbWg&t3X#hyP%CM(m)4$%+kA>9mPTJ&A?@p
zP#I`u?{v059>H@~F{g!li_Af{a&KiR1HWgbix;IskiFafGk0odYSV;^N8!2P{Xtm*
zEU}e~;QZ)n>1TMVAKgoDIsdZPJ@Xm0x7sSt;>Pl2a{`fbP6o8a6A2Y)7P4-(GNKif
z5H`1@aN6>2tZ0uzBmXrAa`^4eaU`?t<e(XZ#&+R#Pd^_Wr96Im_dz7v`%o;#koVe`
zQeRL(6w6lC9NIXPm5@!R?Ja+i=%Onuy*;P&QbOn_K~XBFf*k9Q_UBfUpu8X;D76IT
zGk;9t<zFX3(M)%$Wf4D;1$^^W+wiQj>Jts&=6zY5`+@sdZ>%^4%dp@1ly&%r2Io(N
zy9SCRD7&zKn2b~nq#2|Oc>Uwo;X_aA^$aTbho24LAAb-Kl<J4t`nLejd_Q~GsOMm=
zV4dvvhqT>XLRxZkKk%FX;eA^reEV`M35X_4QpgjUxZ+nwk?3BQ92jfUHHp{=&b|60
z@Aar=->3_@AQhEurOKg4j2gl3M`^DIzjwKF1{2)VtgK8><VI1~rqj|@xiwfY{G*i)
zl}Cu>65?o~*|zNDzg{=@hhym><edXyORQY^<cExCrr%A{RWCE?OmbGMSsH-kL8~}|
zo)w><JlWvt3<&8@i%;%7Qsc9>d&d*11V9hknxP-*V8OYOdvoI;Ly9i8;-@&=-WDN$
z!i2h~omQ!|x+Q|<PmhJ88^56kktc;W!CrxSWZU4G>pYbXe_NhuCuc5x6{^0kqBdr~
z8ALOAR~lU~&aqgdedN!xuri{5^D8r#K|ygVT$y`RfaR~Q#pxLOA_a6M3OI%7KYdw;
zeSvtGu70^Mh3oH6A(`t$B%d~d@~Wpl0G-7QuDt6o2I6hxJ0vLVr<r07@n{Rl5z}PR
zBsjmQ#1&?~L?=~c`k9JsCWDgF>LoE;Nl}wfUi^7GSwR+jI5n{#mbZlvYnBW+P*HsD
z4^t0x=d4NK$UmQsk3D|_{_)b)xa;j_PDxILTMp*2e~5~qS)!!I&&IpHb8`CcI>J^n
z!)%?<(3XRiAl>Vzb0+M(CxYmF&YTO|ApckNINP+er`~*#QdKuJa|g9~8AvPZs*y>{
z_I#F=>k<?EILK1|ytjK4zJD;4l^_1FY#T)m7}q3+KFE(mev~ICE+6vh+&Fh`JIJ<a
zIBeua&P0UtObhu@I;&;mLHGXf9keA>@@DROV?urvmsUSi-r7=Axb~_MCplVf*FohR
z@AYYR31`jaToUO_3Mo#s^sC4z=0D9ybJUNCwld;vCB$3X(b`67??7vJ8``ur(A$P^
zR|~?_H=!1a2$RRPOti{i`C`J#tP9)XlRl%wC~?+(JM9@h+Ucg9W*tnMCQ<q+f)3_Q
zzcr?x4bjT87?ge%!flbb-%8V#h{{uEAM6XJ#v&?Yf<~tI7)_<@8HduKa?*;6$b`~q
zt1ogOkp~UyBGSAn4>A`Case4BWcu`)yS6nnXxnxWBed<B4hpaOkel)&b3JRTtA%OQ
zHkB(MtyC#pdd=O0WuOlW>i4Q_yHE{-qHSWOSHxvPKVVo<rqh0Bis_1yI3(iM+{^*%
zC6Z`GtKQDD2|*=?Djxl|P+VnbD|{rSOlG^~GsdC~lMl5ZTMTR7Yu#dy?c`v(hyzJ|
zFD!`>j-SI!=P)e`wv<!0H)H#|+OVp(9c!1jV|ibD6GM;URDzj+N~TVBun@vI>^#Ck
z^<hg-9DVI<MAj&qL^O;m?j6K6JJt9bqmOOlH4p8=J1*?U_K6D|b@8EVN2pX(=}lG`
zlN@1Z*xc<YEf3?_GWLxyoMwqmfB^Fe*9@(T`P!rgSV^_($*xv3Li<K(xp$C17lyr6
zBDKhY!{&B0R9AQQ=7!?nf;aG{y8YppK`lG*;QTpJ8sw}|_~wR=?DOj)gS^`7)_fFX
zFZk2x!gArcWN1LO^DNA#i`%(Xm^!y&goGY+@4~RWaqu&tJ3W(_70P+!vssRjlvEa3
z%Gd}cnPo8gkexngR}q>p${fPcBBC7lS`v~3$KM#aMI5ayltc_Id~RurAwg1+;Gn5-
zI>Z4vl&AlE7NH_1cEvG-IUvVb#_<q^18^dmrn)NI!e=xVuN)82z-i=%`pp}N836-i
z`gQJs`aB}yW8{Z<j!|^5RLwx+p4vn?#_>9VuvRbZ=MpG7EF9OBk=fQe-RaFAeE`rt
z7RYCvJJDGZ5hI<MX`}mgnsszmgv8Cx)@XE=9i7>>mrZt6KNQuEh=>bYqLmiyl~^8V
zZz6{b+w?vYZgs?4SN{gtInYu|7c5h&cRkyc=}<n)QG5F)OVK|CrBo@1Y_Z58#tUEZ
zvdHAqLT7n|_!MH{hgpurNP=~c;Fb6COWP#FOfs%iCXFGsmqE6b!Bh@I*&GJhPKMaN
zlO)I%UsGt_<%tg#^mTj1>W|{IWzot9*CsTEX~4?LkWv1Z2*n)X=KWdx@|MGFV>75Q
zD!#6^D7Gw9FFuOlObNFgVn+z-KEP6f+M{Vg4FbH_;7QQ{EIu#^awG?)O=VEgrp}*4
z_f8Cogo@h+bNZ3FKd!1f53;i`<(3YNq&V@#+X%9DPU?j(OQl6yGIo_29V$*cOv`xe
z9070Tw^juCQP_g+W$vEM9SyazQsRuLDjYZqo@nbKq?t6OC}Cvs=dvhK{1U;w#+&0n
zmS=HD3Mi8F6nHJ<Nn8pUWH|HB6tl?aAOg)p%tI_DvJx}Wva+)UYr5iC-P?k7eQnsf
zq66C~Tf2Gf>BN@K2sU;^u%V6DwlG$c1gz%$>W&ty>WFf37plA_+fw2TKf?ht!|{Kd
zI(&%bMsh+z5{-@{LP8L=?Wj?Nb+{LF$MzK=8HzBSky3$tAcs<Nj8-gfeV|Wup#~Qz
zBcc@!#>Yqiy}-b+Ak@{0md*~ebdZD?5z%S|b*vrM6%%3MMHrW@5;AVBf~eitPb>Ju
z&evFl)4fkjFRQSbL90-aE{3fwt0J!@KC4c}dWs?(G}BRmO5@>$_qNi)z>E;l-d2%Z
z2dfYb?;C^Fk1SiY=S$4CDqrqs!Apq$NLA@Bf-J`rojI}Qp{gy1QMR-Y%#x)k6enSc
z(0zrt<QQI>Z6KL1V1(^NVp$9@Ly(~S_I_3LQE03Dq3hHTT<>fGV!E*~zIwwTzIY=W
z=rLkHdCtY3IzT<5*5WmW>7ZE|ThaFJR&48?*c^6_<S}3brOB`Y1Xu`EyO?*Q<|)ym
zL<+F##z79GE;+FXX#nE0y0DDo)*nW-YpXwqq;Npf;4cfg5#&bkNSu2YhWehAvHM)U
z*0{A*qPKnOzJ=t2vvT1pJ&M{OODD82Lc;Jg0%$gEGj~4gCjpd4`(m!=Sy@(Cb|yk*
zUOCtd+Ord6uUWfaR1Vr!vn?hkbXV3^h6X{3t{NZ<l)NW)mWOWgl!CTCL~iI$@hLqV
z<jS6un2t2B+Ahi@Qy3dgVSFToq0uCU$C$5l8G7kMzqZ~U4x=X?#mYpO1g67e4P|X-
z0;l(fa86&C62j?yWt_D#f%Dh4;QZBLoW3TE^ZK&b++D=h)*P01l7uAk3^Rk?=rA^t
z1a0dqV{2y)r}PvU-Z(aPk73jDF>GH+*^tF~r}p7NXLaBKXD`D!+xxI>Qx`U@ZAVvk
zoRho+;v^~&t<J>SnAI3EtoMxD#?^-fZ5xK7-;WaUV4e-8uO;3^&t}H5)<xT3cEhr?
za`lz3u@#nW)jzLQ5s?&GksH}tBk)AThT&WN@=}G;q<3eE$VDn!HfHSwuLp6HqAxt%
z$(O2D?Ob0=&fE46y@~To2%oO?hMuLHX|s00H01cKc40y{yhhNr{GEK98j4-{5Y1`t
z2hP!33~V$fD_FK|tx;Tdc9(5yI&A7~$47rgf}s7wW}&iWr@eY-9v5#*aJJwJa0b{n
z47})@2XLEMiXEm>z)gb6^l9hz;#p^^u^+|1T{DK??P5o=1AsFK??i$Ww0^n!F8$Ie
zJ5y^9aO%Zu|C+T1n0KiBvm^++Zsep(Gd!9(WoN`$3eJNboqa{eRz$kX;2dzIvsDP*
zo0#QM$bHpJHxj2g3G+)w&Ps6z)p!VJXZHN#W{)zE|7rsLo;)~z66egp1>+nj{Vsf6
z6}D!@HoKJ*rdej1h$zh#o#$3(7<4{Cb{ZfoF6B{X)I&6$kT-g%KI>j^>6=Qb{&b^&
zB-D{+uefOL!qGMWpWW_3k?Bfnxt|89ToFl<v23=8v22+Ge~Da+!m#xANk#9K5Q-F-
zof4vaPQ*oK^!<(~`r0DsYj45YjyTqJw4lGg4g8O_Eg@_tIeGB<UYxO_8(WsOVC%|G
zY+2ibt?PQRa!oH1J*~)xqZns-kLSubJTivEV<{XN%V20cYpX!nd<Mlrghj|<T3-{^
zN}84(ls~mq)1efl)9Q+kT9wjPk<P(bnaJF`w^at!gTmld+j26VDJ&jBXIE6P3e)0X
zxYmAnE0H@(BOgctLnOa#te7^IWjl>mwMNjv^2{=gw-05pKUrk`#1R(x$|mvfGgkAy
zfE`Cj%EGOzTGeeCIjyGHEADDrieLSh&uRwMhQ%~#t4!sj*}hhom<DqaV1{5J?i@^G
z?^uN|I-Ip4gk|eG**MkPnguI_1Yl@%3{UvnL0o<-D|;5W^ndr^>N}29D%cuXlTcfX
zhj7U@vFVBU`b`5&o0Pd{5Fo%(fZC(Fn5|Z7<xy83WbfS6?TWILveYE2#;>4}agwq8
zNL|XG$f+F3%)2NaS=EbA_U49vY<*k~CB85kq3V|+=gzAi&W%KqNX27uQEb&ieVC$W
zmoF<D+0($bqqO=W;l0vl=N%-nr?rdMFE05KL1A0CH6nK|j2zRG<KUz3xabvIt-NSZ
zw(SU&F9R_G$XlYw`*JjD3sEV`7{eH4nuj?M?#~o(Fqy~h(KL3Z%Gf!U#=h|!rGP=&
z>1@MDCQS(;r7@J*i!!{{SP0#m2yX0&;-PEX@aQc)c-ZO=Y)KTcx}}I-#@9-cQ5Z~N
z_wE7Qcke;$xMvscx_>|J-!qDxhXyf_%99`!tq3F05Td+^8Ie$XRA$viXsLYoNrj$O
zCJy!km>fssMS<CJgTx~c76$JXwkrVlKnTB-Swmro47oTIrUwPBv{?Ezu4QduE~I!#
zZ0)x?RV{R9)$BdngVOHc)w!k(A?7D*B(2CQR^`(|@rWq-%S3SIA}10{Ta?b4T0xOV
ziVjr;D=3BxJIOh0+z(i-z1gE!))~Wh|2V`7P-9T3Hvze0(WcWmeD(T4>=+H>F<V-!
zBTa=7cDk?JJc{!_ybJped!MzR2{{p%kF%MN|9r{{&!B?a4&?B!KObhg)Tm|{=7|Ki
zf^z4TEDLtKwqONiK~cMcQia+ib&@W27C>6kZ%=qm%*xzR1S!#Ko0eZ6Id{g4wt7DS
z&QO7>4R~=XJjErElX`y5OztS=#{PI>iJ~+>t(A+%T^)4q#KA^UFL6@-em6>sZfw;>
zx4bvugITeBG&<QU%{9>KhdvQ+ulAbfiXVf@M^LyF=@I{cC^#~u)d4GSx|25>sHIm~
zFLs!haoaY9B#r{xM1iAcf$^p}CS~$vq_Rbf7eW{(8A+1O3}q4+CJ7o!6>%tCz(AIy
zC6~dzWDa{XCG4W^92_ZNe2DqWN6?apShkO3!npU~e&{90Jk!^j=s|a98&>x8W7CR$
zY+KfjQ&)CjU4J{)cO|f*EryP05s4_nh=<V{4cl>!1oNG<PeZ6cyfQG+W0}ShZEc7s
zD8ICj)1w7=6!POxJFw3Ln!KvM{ng;YHZ%Uwgj8=gvChM+hYt3+HnyFPPzF66ar7p_
zNHUDO2D2n-s)HywZ2@ihaXj#x)hMx??;J{DIMRwVtK2xLwxZOJt#TEiBS&fzB1CfK
z#PwylQFf;#C@MH*ij6~Ick}^g2Lz>@D<d9{;8|yOu-=b0sx=*9eC>`5Mnv_kG1X~s
z^<ZU8AsfGGM~Y#L<KBTh_KuX;2}9V;&a`W!h+V@a{C-ak-?}x4xBcWWKKAQDCWdjj
zSLbE|b(mxbA9>z7oW5eB0{YnXN&NhdkxDz6X}Bj6)Ui?|D7TZKXlYUe<+OmHEEtTS
z=tFJSvn^`S^4g*<Qnn`Ez05S2R+S&GX68K#aw{i7)sG%zC`T2=Xs~eWi27;86XE>v
zYR2q`deptH=APo<yxJg4OFIC`XMH)=EL?aJd6bz4=T{;>E_^+^dnbOkGSGynGOwL%
zZz6Mw!V&ysD+ijOsxIWtM1zT!R<~6ocr)h8@BVoA?stf^%&+jA(8#1}CVQ5@ZD-Je
zUd`U6$+@+>%B_ec4Z=|-HHs1k%RD7VB9krV?X~A*AwmL^$FLo`EMp{F##p9^!DOD~
zC6DBI7W+ptNVJBrtRqH!Tf`ssjN)KEhW)t`_NBrYpx<$J_i<Gbq2m!MiZ}=B&W;GW
zx?8cTn`EUYfqq_B^16ayEz=?0co{3&!{}y~I$}k%mUD=)Y(gY=5nh>6s$peRZ#O9d
z=F2kZ6P+Vc{n=#ED?^n<vygk&l-zw4j8lEa2rTba&lacbLZpZ!UL2D;S?9}IBj{wF
zIRxR>BWaSjGKzYuN~>^%Bp!U$YNRt+>>W&DEZj!kT1MJdMMN~&2CQ!?U>j5@ipy&o
zRj7^1zLH4Bdb(USh6XX!hTap`?>8*pc9MUn%|o$_7zxUqZ`z8@eJaqS_=lg3;UBNq
zQ>pY>4es=(N|*N-S-HrERb~Zt;9WmGuUU&;hnr0ts#kWv2XE`c@BU(qXIMdsabNVw
z{kZO4k{^rvB!>1ykL(04*Oz2D6X@RrJoDW^hJ$8+`G;ow`cT_7ALX=^lcR~+)z>Y&
z8@*B*(&0f)k^Kh;g{oU0Y|QpssJ)X2sed%W1TJ6ePU)kW4v;!KB|*kDNk8h9H?o`1
z)nuvk`#o`FFi`@ko+sQ^;l=<#dC}^s9Y*vVJG+UhtAa`4(LnC~tHOG<LqTe^7F-!B
z4`$?<8)#?WZSk9Vn2=8I>fm?o(mBbE%7Y1UWmh}iS$gEAHf}zX7(`1sa;XtKd|f*(
z-r9}d-=D#iJI7ICUk^n~_AL(`hlq0wY+>1#>0U|EaWtK4iI5nzMZzQ>9Li}%o>O_V
zn8CMD+^&^Wb)IFGqi#)-DCt)oq{mYnQgekOa+v}~vuTS@{8uT?v8=;%qb!%K+-YjR
zOXUiIf!o)W1^IA`1}bZ{fBB*4tsb{Rqx9(NVC{jC=qCwmg@un*`w+T92`rC?u_m6x
znSF7bLZ-DVAHuh9AHjYywrny>uPo%uVf@t#&gWci4A<Q^h+W|hWSO>c^+%FKTMg6e
z=@y?#P=%y8G|_XFr}R&3^UZDX*dWM2#Psy3?_dSRDzlW%<KEE-UU;rfs2|1l{s_K%
zM;1e4tPp#BYo=g%tFd@q^PCCfNr;@3)Y@gIuxCYp2)5@)OAKFn)(ULwlfpZStM1L>
z{l7eDO@7wlpC}MH*A~wm-XU47pqw78pez_v{@UW%{Rfu6+M=|YuTARK#Jf?yvDv+#
z87Xy^8{MjIJrQgG^BbzwYgXyaEbTy{1_t&yxswwGDQ6N(lM_J-n6Ni#6bAjfl?e4&
z=S--2l|98)RXj1&<kbR^-c`PwQkVP6r7A*gTngWQCx=&=d&#VHazgGMWbYSuBfaB9
z{*~S;oEs;ekzjFZ23;e{hum7+&T$Q#vC3SS<jl*6)dwxT$I6w4W-ej5*{Tl9&Cb>^
zK+8v%)>-sN^EhpFH}2dwg1spYn`}n~+xiQUl+c~Fk;p1Cyid_jvJkc{_9N*m4yN)r
zFq*=yp%nIwrLcc2hdrZtnip_58^Tbsh+&eGJlnG7JBhY1+S?-N?+9aUZwTvpBiP&<
z$A%Sc*i2cwEQ<AA5v*)0qqn7iM677rNF8yJp(42^NdbvcnE5H%nI<MguOnNgl_#}3
zy;)OI>RJ2+UMo@|H@w;k6x~_btBv#7+A4LNoehd2!FwG(?qD15Wce*ml+fQA$1n-i
z9sBY~X3A89agwMEB83zla_$=BQ)S#eTt+(7!rIk==L9*4!e=xryEvmSasr@|700dA
z2NNN&*Py*Rv~*Q|3we6D#t~p55)pj=_lI!*kV^U}){$lY{o}eTg{{UtTR3H9WTi%`
zN^BMoi!GIK**V>K)aHqA?x=PA_iqQuKc$>KqW}RG6Y4_N#nd3Fj4KaQK<@l91t#e>
zzrV@=Rhi|97%*O?MMh3@PDqO1uN>&=24g~Q8ztR&Q+gzpXZo`PwX$$<VJkgKmj)&;
z{DzPprQPS=5f#tM;+!sRP9IgpZ&ycLUM&1N4n#gh;zaiK){DLU;u9U-b!k(1NOW&o
z3VwGqwDT~|-n-i1Em3)Ckd*M*24mH23$1uh){x9+?bX<!OwP`@l<lkz2TVIu${?*e
zX%^)KCEUgP4iv-mAL*vFAWJER6G)X37|)WtWXsq)TEsnvQn+Ivja&AoaPyu~+_XD`
z8+K&yr~8xm<L)eOKTyEEgCXqVz&=DjMP{;vadvjJV%73)Y+tt==Wkw#2cNPM7i{an
zgEn>HL2Enkz}4+IcV!#SSsB9_D`MEvQ^Km&Jo>^J^pddXlk+W}#92nsd>#?|#tI8b
zKRzi^V=GH6Kihg?x!9XulFFmLWs(l(kc;G)w-E9qfckD<CLcoDH6@xAMP%q+>lk^K
zw|?%Rf{1+tw~BC_VbLzEuMO*&!lYD1ZgrKpp~T0g4#_fRQNLgXWg=8Atc<&dOL*aV
z9Wtnx6X&jO!FVx>Ywt+HJ~J%0O9D(wp@hEfc6{aetI*qCZ4HJm{xOaB{_Ietv4{wr
z><Cs+78h;>WykN?k1B&jW%N-4t<yfG8z(erx$$dBA7mx>Qi^rq{A$FL;?^@AJ7f8k
zv93zeq;TZWb6_9Ps@$5fq#k5$?s#LbX-XKs4XUzKT3i5fsPKiFJgN-jL@=lPqruwF
zG02aN;1q=|dwOu`leG)hg)tjgxHaO!u7*!XMjB{PD}p{8=f0Y1{#g#ngMEgdSF3AY
zb(mIpRGdyMPrR|Xc`rBiQ9D%>@8w2*Ij(iZ(>Q%yAMV&YhC>BT+U!GWawpFki4zt7
zLbYsV&+=0`#9$&KHen9t5r(P{kkNg-ok<Qc864b6(o)4R^eZXjIUVc;22&**9xh^E
zvWUTvJPr>ead;$yv1ACDY#vE_>xq#uiYV((KP27N8byC=3@dt~ln7S$MX{<kj#WCe
z+u4GZJuT>NZ9#8W3px^%c-X!l7b7_+7cxwKo<mX*F_OY^sfchf$6Tr%cx5G0ti!V5
z0-H?6K4O<38SZ7AJsmL|NfvPHz5<wJx~B&c#7HrTN1VL|NoH=>aGt~_$`Ff4i!&(k
zMh=-_m79H8m)D5Oo@Uy|GLodL(xGzIbF**p*sPs_1_Wg?ST=Vb$>G!$9XOk8){n<;
zZ^g}n1vdIrr3@FFq*!C(m7Qq!+qPp(w|d%9WY{(y_@R54PBxrbZB3nk2nfpJ!V#4F
zNl-MKwSFWE4H^|CR)x%^V5Q%xkm1CBISJl4V~~Hr`YQW@#p43iUcMgrY%8Odkjh2L
z@E#|^JW$wPq@?w%M+L1eR?m;~;<t3GDQ^43{5pGGedQq3hHdxqOR=Q$kMd#W8W@~o
zcO_gpWu#*8Sy_4MSyz`HKm5Ttu{`-u4WE`um!-ika=?g<u;^S7>p-u;+QD0r2-}XJ
z*h+`|dtP)ETrg(t8QNPj49CnUB7quwV-ajy)sB1i7jRglz_vnE=gJt{ovzmQG{~y&
zGhMb##9IYsXP<QMgUZ<4(2=Ffa}Xn8Az{*wEm{)7Wl9Vg5}RZ+gfY4w$Y-&agZ-iL
z4DKIE<G#@p?jJ8<Kjr@MF!t$ZNO(Usrt>RW?O?Ff>m4l-bhm`Dyf=i^oP2Jij^EN1
z!**>U^(U}xSpr*oquAI%Qqx|-iq<g5Y0!Zz+L+xI<}FH+5GN^aVY#$Ma_A&^Xep(z
zJQl-pIzB{F^{4$QTl5N%aD_;4qQw**dd?b*XN%Y~oI{EPPpd9bwlQt>SU<MI(gGu*
zKPwxzx@aXK5!BdJ?h*cLmY|3|YALOg1m&!NpiDragoEi4o^?hST55FRS*sHG*?oB&
z8DcB)A2M5LcuF<V(uU7IZ!I3WVY1TxtM3iq`W+-wrbibkol6Y?L0Me*35tFnL<2&V
zq)3TPZpUUPcTV4#Tk0+|ke@n`dnbbYSRXLYK1iub7?#cS2p6P_b3(j=FAN)Obwf|;
zlOir!6>tNnbE>Ne|G0GMs<>Pn6SCqF6ld;vnE+>It0@#)ad7v{ldY~W0F}AL>$z9H
z6sE3D1S2>arD!0+W@iaxUa_vaQyA`APn;iJCkQPig3@R1X<^$gN~6pvax1udU6o!x
zykLxT2+p0tE9cSOTEr=<I&jzi3<lM;^?Nwhwmgq&K2|mol{H1LLhF@WZ3ihlYY#rL
zRRfBZvooWAl@*O#_Dncfm&zrSNmNYq3)5`x`W+i>B^9GF<AO;#9?zFBl*wZ(UBFms
z9EX$o=1U%j#z<&LY6iy(AfLfVreq(pOEbC@%S+#bjmN@h2}jY|7Dabk3wpW}Sl^{p
zmrktfX~p_(l9%o{R&^w>DiJ|XB98t@1S?q2J#qc?KpcmXCEU6%g`$0(R^^mIyflIf
z&f9>|u`CV^Wszmt<Ftyf9of*seCwBswOC?p%hjh=wp@7{6sGQV4Na=X$xt8)R23iz
zFcB(jvfgX%9>puaz27rDiZfTl@wFGP#Htl!{23OcDWwI5;?&+_xfTEM)RlPgd9~+G
zfFInE!KeRlgn6Mm<tadbr3Tk5rKznONg?UM*Ip;+D?Zpthh}7Qr>kj5iU;RjS0|J7
zoDBWp$b*Dt&V4mbpG<%p%CAO0`Qx+oOFk-{3VwQRTya;09yGh>VCKgJH+7(-IH{&v
z5AvuqYVxUc%IxT6f<F_v_sYab8x3VHV}E(ngQ9UVA<R1B>QU!SOn)j)eLsVNSKW9b
zYh4w8E#yw-{<KL{?n*xI?WbzATVPN*$deLDORFc57B_%0G7E#|TE#JQPi)Yo8ykTA
zc3Oqgn<}3F32@JH?-NT;oYAz9>m(Q?!w9$8LEhnL8wN;d_7?Nlqg9t=3U`mEaL4dC
zZaXrD8;&IL$AKJfIg-ZBN3yv4PzLuN&fqZbkBk80BV`oGVA@EI+DTB?kc4b$kKx>|
z2+myAiU+P}$C)cTaLVfCSk={mHfA-WpC(XY*~>Gkha#(mWyGvTdEXi?qq~qsqL4ug
zMXy$Ovff(grHxrkXiJEMC!+jnTq-bsb_PlJ6rCNi^3mUB&!DKlwIma)piG9!hm~{t
z-Ib-SOSY*29)*6i>h%xl#Vtc++_{$(st&PGBtRXS{W+S5;t#Lih)YkKm^R`1JsCXZ
z^ZSt2=BWCDb;<ySU<GAy;a@?~ugJQlsX@W|kwz5Ng|1TQgxol>l?jULZ&mjd1z553
zZXNV&1C@7g(2ZZDL^V*-p=~kvtemx=Fsg8tUK(umL4N7Txp&s`Co_$WE*;K|fe)sa
zm1kLcaPFw*t67{1a___r^-CClzF%P<!1MBGfyt4e2&DgO6X%f{JzCm4W2L25{BX|`
z%8HO*3rphN7)hXo(r3y_=HA6GvKBn+30J@9{0Im4-j*UZav;8Ee+I)kL~5&a3WWLB
zY~Q}mLNmFyJn-JG(+T~XTSZ1#x#(Wysk-w-t3rCSMu)()m1jQ^=!w0Rqqf4UxmUVa
z{<exF!oz0~7lu(F0g_}{HhLjC!@)nvdQInBFh+tmoXue*m&I5<io=;aM$!dd3%2?)
zk}P0&EQf)l&d2B=EQv_INa9vPOC)SRw%i&I+b{XwIhbZDL@Ze6OmC!=#3ko$M0bv+
zBus5>G5d&JPpph~N>?O={%{_NaL!WL#XN;cTv{V7NQAORu|wf7L)6<wMFy#GNo1NL
zC{~jJL75V2bny~?$HD%L6>-YMS&dc#AGfU?`;uYYvWE&+`;yhAYWp*Huvvz#6tdm3
zH+JAVFW!g;u2bWlh;g?2M}BlK21iJoG#Q)gv>fjU2+HE3mY|qf<zh;ILLX9tcLSye
zXRN`(krnf&!PN{ssT~~&8Eed_3m1pGY7nmprzR;!Awy^3MI!y7TO~<WHn>p)nL97e
zo33h)^%CfJ<L;Y5)jj{%U`(+A)g{bkFNE4Y&17FKLg&XT2O~}djgE@UHPF(N2@OqX
zr!Z>EOI1{xJ-IP=vhWd<TDUMB8aT6bkc4!_i`cZh13M3rpy<0Da<8_fFhp4F><XW)
z-7t^Z4ioHC4|HVbE0ibY(erPjd*0|?Vac1bt3@>&&%G1*ljy++3*ES95gRKc3DanV
zw~~%BMc+>;llYV<c@iA^9Gu>!VO{CR{?b|n;WbOiv0r2;<HZuv*#gFLMU3ZC7|&)f
znkJzjxoBxkVAnVa%3-aXFh07|+g4E$l*f>uv=@trw!{!`i(*B46kR&3+n(Tk9Q}M=
z)fy*pNuZY#=Khu_I+^TFot-IX(ap(2qNuH)655!e2+Lnp9bm4&#!$%R@uu$|z|Zbh
z1y01Wwh+Gf{AGCmv)5tWiY}66HY6=)IYKcPP*@61uL<Wuc+16W@RL7ZkB6*x%H=2y
zkTqZW+5Omem;-?66E)TV0geN>rmFGKJ{G1%uNh{YzEsh{6)U;dAR#|?K++p<>a~5j
zmy=p38iPMx7tTx||2{u@bU{k|&kZ354Nx!b&A`Q3^)CZGXi_TCy%(=;Cy6}kb#Uk2
z6TPvKXE{l%ykt%fjq*2HWzj7iYultU=Qg7$p|Gpri&#ng{wl=7cBu4NFD+Wx5XrE6
z3Dd4G|B47GDLPOaWw=`5&}xU<eyW9wwvJT=bfE1Yt%_LwJkhg0wpOIrZx%7lDq|~W
ze}WZvilVZW-^%c=uk2d0r~d+piBdOA@-jrf`r!G&LKy>;!*n#v@o0=e4lquAigJwU
z87;RVN#ZeDj4}qjR?H+RKt-b{yd;R9CUZFq4-eTFdb5;rE{z`A_cFfaktjBG#&Aks
z1ZS;i!2?#d;Q^~!@G$+_^qMZ5y{Z%Etm(vqcs*@JFV5(VHc3#F0L5M{;Q)1^MjQ!Y
z&ygH1`RERO;}$iR$$0a_y0Pmm8}RSX*?{)ej!H%AXSc2Md9^)L$e$W)wuERjikCcW
zE$)5$HvIdO`>?ueay8#MP{89qcL-PCc7$zN9V4jQ0LLLrH&KkFOw)#)6N&t2OT$|X
zsLcF*a6zeWYCv)E$o&Mk0A~yJP3Z|mBH{3%ef>uLQT<#qZJYTjaY=d;8JI&TpMoak
z)nw?#rO`8V?gSZ`@Q>0ceO4<P*)$Qd$&m7`Z4F-KZ$exi>OI>k4a2Gq#8bfBQ{-G@
zx2`r+%P+5bRvQSlB1y8Erkj-9DQTuMT?V~`Sa?c&8>6P^w}Iq7PsfFJ+R@D3Hqth_
z0#F33AB#_-`zg|F+dwYz8nNvhiPEc86P+VuJW8SygTjy~K0)_tA8J!1HevZw+FOw4
z1U9YLor@8qS+1iTKZY32XgG#Zjv-^=R*aP57-!{V3Sov6sfKRd#mbc)Xdp9n!NaWM
zdq#@bKU&0{!{gX{WE}SmO48Ufl*GNf-aDkXk%|~h7ZBB|49VV#)-pDAlyO>r8RxEw
z;6bY+c+}c<%l*_)#>EirQ@GVq2+#;>K>Dn7tc>S=We@)Ax?#^^BGlI2@`x_{?zQXi
z_fJ}l&194Ilbuq4?lbm|urw06(V-%JGdUMVOFW9Fo!gBcy=)^s_uM{g={HR<3AZ20
z;<2CDhg)_qZ3(Z@2MBOHflc4EqJLns0Y{qCMh#CI!1>Xeby`U&ONp!V`TBxxB{qTZ
z#6i(W3`&e<;!2DUmLBiw;QYyp#O|er6~9D=g3?mUhG?fP1>4$@XrSWNwjY{=KP^*1
zK`L2-OQ!~N6W+VLDa#U<Y{3T68aZ0v6a}t9+$%4|<Kk)x49m()<)cJQ0T;ET$np}Y
z&}xL<I5P7}W}+-djkOc<qCC2fygB&8t0xm61J#iet!nrSss>Y7O@e}!d$mm`)(#Yh
z*Dma;a;BM9W;A9fyEc9>0BxD7{j*Kw>9;`gl`KUuUMM2TaV5pN*7sa;w&fK^kp-k^
zbv!1jI<@*|oGd3L#hL_3mXcBm$2mN;Aj@m2$gpTQ%JFR^UB+lSg9GCk930JH*P%3a
z42)26*g25J?jy7t%wuenl5FZrvP_6Fq$Mp86{RG=^w9ogA&)oz;4t3w!$YjR`UQ8!
ziU{6yQ7``RmmBbf7jD5T9<d5%tnVS&V55*i)Yov*HIkx?71%bS*x1*KM{e)Oe?EIX
zZhXTQT>fY4@VKpNr1kN|8<V*3lLv9&$XKQQn(_z`;5dah###5$;Asa8oyJxNnx=hQ
zx1^h}R3ZD7Z9CLJLHNbu@<h=XG&s}@WO661t$PO>^eFPHYgGf+MxephubySbXT8DU
z-ViZ+4n+1*u_oc-o(?W=5|>uL$jl{GG8N3;Ig%$0o_v;(lHN>u99*1Am#ykIK~fy#
zyvPXk4GwE7eAauf9E>AOh!%N__Xu+9@~Rc9SwVp)ugatoJvV@B%gsW;I}ub2R%bLQ
zFdi!(rCpiw9JyO-K70^CQ9sey8nq)zzFcH5`dmGS8<mOD9WL9#l}fun5>m1^s%W4y
zFXcQbP>DGUSq}Bqb%BH@OY0=sk&+Z6BtI>lw34v2kg&Az+J>=QD@NJv28_UjF`%Cb
z7%X59NlOzy7D!PZ^dTBm?6U2^Wx<aHHU(p<ypmL`S=oyBK4}&H?0kK3c6#VN_9G-B
zyHYtE7%ErvC!x;>ceF;ax+{wH?IHBHg>5xvI_wxK;6-0Kglq2|sx(sXa8!V4pjZ5Y
z9}8SONZXC<2Y&G}P6U0wdFAwyQ|fwl<5bn0hDN}(>@Ej&;EdHL?BiT=uUTgkaL#Sa
z(MYCvWZ;8y<3wrH)tO79Pk>91CK=3xd$bRMF_HF*&P_soEnoIjiCf8Zka;8B;o@~r
zT5I8VQ_o&7H~gb~8nM!>$n&U+OM~u}K3)B3ZUnirFm)qQoi)l#4dh&~^5?*uFJN6;
z4(FcMi|g(j!hlv<RHyo+zE&mNf#11+;;vioa{!kw2P>b-Z547e!CWL>tVWQf+Hjh;
zEojvb)$*yAM5jAEhRvN3Y+u)o>uw&w)%T2YETXNxpj#Y9FAm}jfBq=!**}W=_NS0+
zZL=deVYXX^o+UACW&MZC=?dp#$ofoO85v6DFsxd(Wr1na*<w96S)&1F1t~|Zq_jn_
zZ#ajSetjRF^X0=hY~Ki;8eMI`=4BB)W<x8Ue{LI|dv-;hcTPK=ygh;QS4Oa`qd9W&
zzF&;s{QufPax%)s$@JJqh^j3#K!D>9YQEBDHe;l?f!}Xlg_LmZc8Le)M_RKw<J2mO
z{OH+1<}&jubU)-){$%I#>w;AHesZENIH~W-LZF2PM)x>jK&jqL4>@)5N-876QJG2&
z`Q1qb7nZI<t$i(&emg+Q(WaK1sEp)K;mJtFrmM^pzH>GeEFDuNpaJSRXZ*%>WT%Ox
zD=SO$aROHq_44P3^5*K$^5@u~Ji4|Ws=N%uyIiPXFJFnK$)!HouYVQtuh)VrP1#+u
zyb0$+$gv!CT0s(KU`77Z;!d9a^hS|>`=~(jSET5g^(0rO8HrDl1aVRqnHoxhB*2WI
zie$}}O9g!M_lI!qhj!rqUNMN>gHmMk1AX`ACwFJC{R8*oZ9m+Lkuk;<V~Z1E3J~B#
zfKx|K9IE%a(Wq0qT{0EqN7`G8+PB@KV6?2Qj%DXu{1FN+F7;{oRh*t1U7W~?k|IrC
zO_B^H0<Rh%-LoSn_Q*el429`(qBmn2kuO1h-GHR~S|}^cK>p=cS1)OH)pIRmE)hAg
z@2Mza4R11ZaDyV@(oipbjo|V%=TLgJ8l$xO(|dxz-yRIgBO95{Gum*Zwku>wMD&Zv
zq9P(8^r-gAy37?bBrkGDGyBzUZ3tB$0-`7~+7b#!`CR#=e+c^eNsLiwGe|#*s9yw9
z$ofLA-VTZ~#wf`Ng=Dr6i<7vtG~H_nMXMK-bdXE;0cHesQjvpr2>XY#crQuAhWFls
zhktwz{{G5A{C;l^Ssi$tC33|w_6`^D<2%Q3>E{lh`ycPa6F+<p?%6+nR3Vz82oT^T
zfSS5=s5GWlMr?ItivCq~?;Zr_o+Kboy{7{T78cF*V|8*S&0HPiW#B{sxwkjumluh%
zHaJ6tD@jna1>9QcuNu>xTlHPrGFIF^k<OS-Z%l~O2bsyM1}4X=T$21EH+~Y~;}&Kv
zzs_FnwG?3@$J&;2TO=+(!5exsO;<kZrEekN;#Hn3Uoy}bCwOT*(V#4<8dPsq9n7bF
zomTf^#B77Cy8<gd$u_5|)%!=H!tz_zp>ox)+6%iuxmZGr%w<o<DI?e-C6%{+DiO+y
zHgk;XQ1n(%#in9gX=ZwnNiTb)^C6_!Cz`JTYozoY406W?m7h-Hx3M9RWnO#FDE{e+
zLwMxJ?#I(Ue+X~;@ezFfkK_2$!92$8Sb2S@I(7_}@Pj+j_`t75@Vu`a#`z!FjVFC>
zH@^R;VWhGollrA%y-}n%gL(^avO!H=T}ULwRvD&PY4AfD*@y@|7paz|F{QWNAg18#
z8!9x{eO)a|3u#+Nj^sve<;REyMFx6pRm3F1S$l+mYsEov$i1BSMebc+cKumrq^h50
zp9K_*6UE_3nqO2NUUUW<NjwphRvX*}1wzMB=F7h4VF~vj4>nErfo9r2a16)u-ZWeq
z%)i2^j=Igk>YAcB-Mt=kwJ*EYrgx5@bbDDocDRa~0Vb6(^J;I0sV#|$DDNdU-GY6*
z&EEN-i4~8PlLDZL_ZD0<9;q(;>Bsx+UhSU-wql}Z1z`212Zu_bhsp(VRgb*zPgSNp
zBr7-<MRxEtrvNYb6e&*q*JlIF5LT1k)qdfT*LcXjy4RTqp^XGX9K&BpYAoZq62{n$
zhSEjk^j42*Q%kD6RBJiFu_HJnySQj{NOmSr=W&Nj?daVUa2?H!`8p^m#C-ipMj|L8
z6<Ya_TLoPU^Qu3z^luy3VO*ty<~sc@zY5;mHvyLv=?op3ZRQ}_T%k6NirSGAv*RB-
z%<J;&hXx}_?YR!QlhB_o3a^<g$*s!5>dM8XtKx1V0Q168lY`^B)*Q||r5C@wX9xo&
zmp(c$J*x2L5H6{LTU<IOxD_8?Iu%E?Y#KmrWbfKj6(T4sgHjraa2#D^6)VGeZ0QT*
ztaTmu>96<WhTR#G4wVxFNe^OkZw{|~&IP!8&nWIXltMDzfw0~rV)*vL6v;<SRj-v7
z^+iTnV*AZ<0#I2^DX~YW&KRb>z)?Xn&7hKjNtp;RCva3zib@q{bza7iu{?Gj&f>Ox
zY236sjhlUP<E}LBIhe)4ksNY5fh0eot=6%<@B#z~FmtHuNU9T3XW$3>TD?9dy(`_W
zSz<*8AN8s)j2fY!#twB<u9|tc!Cme&SUJ(aQ7g{vV#DQ2qem?{u|xQ>G=mz*v6NLU
zTwva<2C{nIr-VE@X%aQgbG)Bi?ekFRHSr!h>IA6A>B>-Ul;LWo9YmgKNm88;m)$0%
zL0*#nEjh&@r@YFjj2uN3D9}XaWrm=Sr#LgK>&lxuZFJDW@G8>=bsQZd(MqQhm1>fp
z1XvhU$qGeFXL{R4B1Kj!GM5`iNK9c$0t5(9g{MI04$`;`P<!@HeL6xSC@#O!7b(%|
ziB^K*WEt{jt2v&%g9wO&!je9B;W)7wC}p9c^f=LYEpddYYR*5>Nw!i{kA%z+DpSc+
zP+2H$S2i<+OS_<?^L}#i&Ou&|SFoLjijiu$Nc83nayb;O5759X_k>rFI`~@ooSR4t
zD@MC6Y$*EKKUdVQs`NHbQEzzZ`zvZsy4TjA(Upp8uZIN)5a8qhJH7@@i9Pb_{~~ea
zlaCeAm#a<$NXtoQ&KVS#MrZF<#iXkSN(U9M%GC{U+VY6-US~||!B0pOUcFTmM+oK<
z3cpsAH<t!~S;|h&B3xPlwlgPl1jW$|>5x06W2Q~j<;#tL?m8QybHaiJWIxKN!m2>U
zqaPLY84>!P3G1F_I`b?_qN25Dde4!Flt|E>7gd#3Wb|%Ot`tVL6tx#b^cC7lf00Wz
zw&IN5;t3ESz;OvjNOV$7XDYNQtb3VJc`WOQVf)HfJob!Uy!TlfvFBgTLF$9&;DS?n
zP8^a_g{jV|!D5*nHIAf}WmFAb<;#oCW7vu(HMO3dI5J~yysKXp1BzE8f`6;Y5hbP3
zUv$o`#;>Zm-$9e`=h=y%pcHpAs7=?5;EPn@%-H`@fG-bo4mIqG4p0m_##%0F)5k0H
zviJ4ac({@R{&5;ZWJXdd>vxm06)zNR1L><MR@~tj?@3^y?a0}^%Li>qdS^~hPBeWL
zAi#+Xkr2HNRt}@1Erzq#cHv29_v3;sBp>>gHO-%PW)JRq%NG3n<!kZQM|WXuH|({+
z_3czW^1tX%8nndVmKmgkW{@s9wV5$*v={C^hi|_;TN92Rr4^+;1zjg-NjZ>8_QCH~
z*4pmSz#ZmnFwRj{D+^lc&NIFoMc-4=PlqTCMixE4P6U}Lc@o_#+s@qtILlg*M_p$C
zg{`7hkj-F1T9k2@;3ngBWo>0uBeOxZSug|koeozHb)dA%t-Yzk!8Kgw4Bj&rs_kC>
z=W)=Rlc3ceYucoPt527mMyQsZA9@3)WTlv+o#r%ZuGs<ulv};j5z5=jN7UR_N-M_u
zvQ|x^VcO|ej@Spn1tuehJd0b~MsX4wxmR)9H~a|k(Fs-0IA-1y=A=La1PCyDNIOV$
z;Z<7+(jHpvNK>7Rdm@dSE8$HSF2na<vI#$Y@n&4{inX}>vgNqqWovQ%HZqZ937`Jm
zC_erB@k)3ev^2Z1iz>t34_s_04VuYG{pqTcs7<Cz8c;e*%g0(hDlrTrDW22|#|=_~
z?lp!P<W}1lbp`{!A8A#+;S<xcH?KM*Xz{U5961tE(YI8}X_`^&_fwqEzeEFzMg*DZ
zo|lP`fgCCywc-MpArxe@I=<>oo>Vsecqb*cKIBd1TPrTeX44{AcD*vOx^*HbU3H+d
zLD4)iVb1XxmtM-Ucnhp!dr*7x%5fIOIV}{XlBPIkjRpioMWOJgDnnP!b@QgJn<7h4
zA6e6@z?GzC3fi1e8MEE$BW*OdpY-vdl!Qn?!X$rDR%TQTgoLFKDX{s65HHb;<i>60
zNUY0HCV+-A4-g>0aRX0Fm{L>M4xzmziVgj7Ja}^l-u{$LxZ(|4@SC@sijKC*zVHw4
z%;20gQ9NpE6stPINJK;EqSckJSd9mt-cF5^!YjVAA0Pb9#NXF?&;|~!Iy<o>R#Bt@
zofe$Qs6{xh`gQ{qrHKse+5o0yDOIiM%0L622+~xbTYL4FZc8M7Mjk2li^(J_MobvE
z>d^8cJG!fio)x*?XwdT*h3?FKE#$7A5Dcc8Y(Es%oWmEd<w>9R(x_K20UqRB){aBe
zqEY(mxpz^UdzTg`+LD+m&!uV;KN?+a7(~6a91FZ)EnL^9=Nc}Kso>n0PO02Z1lzkv
zGI8{;9IAdNM<5%OcE&5zl5213Z#1%|&1)?onH*9;Pyz%vzECLRj8$zoe`6;*IlFkV
zgtJ$*<H}cU!S7zX5&!(SPF%9B9S_?W$2VWN9{qg@+_`HE7kz3kZrD3fv-h@!@R{eV
z#RIl<QRx@(_A3VQzc)*nSI{C2Qcr6vDwLpECTiAsk)oAnu@<eMcn4qWLK>LvbZ}IP
zSvuTSp+ru2HG;&Ez`mf$dnx|B%=|*Pyx5P_g&3D)#)+4E#m~XTPcTbNkiA)Pj8O0j
zR)d<xA8!mgnoeC6kMdo$Yz#T^CDYI-%Z<#1Np>=jxP&%<;%*|Da}Jlh#fD461d<{{
zDgl}KQB7~1gwwAxRa3Tuu=cH!$!;6*Qa=KM5+K0wgj5l?zIhX_e)(Fw_lYZk@eqEy
za~yyB<0GDfqj>!G1itpdbsST}xM$ZWF8bUa9IW}i;+e}MxbAfuv2|@bQsYUy<ZB1<
zrtb~m;!p3z>%Mz{8lqM^ooJ||WUFwamUhQQ5_Fxyy_}2G=^G~^AGT_u!-2eaVi3{s
zRIe@ywhA{o=qh(EZu+gAayrQAgn`9@e#$kg7`FA{(s7JXFbY~xOc>l{;Y84iQ-jgp
zAI7}FpOzZfS(U|LCO%B6w|Ro%nJTNUh^lQ#25fY-#V7j)#cBS$`jnH3)5(sH+D(ms
zpackToMB+RfUeds-ul=ceDvj;sSrZA{MY+&!N+%ESQAzsF51$H-@R@N)~;^D$l-B3
z;FCLW_0BAA++V=I{bGbfWIs0l+uhio;vk|!ZG{v*c=cXfb^9>(4Qr2?+NL_NE(JIZ
zcnomf?WzK+DKvvDr5^R$I6gwr2rf(&mA*}sPtr_eKqG=16<nB=tvBNywo2tZYjwu^
zEgnI}PRt#p5gHCW^yHS<wUVN&*q1!(z{NEaxHQRMU6LUO(*)|m(1<m!s3{~%8q?-a
zUNfWST*Ad|^-{T=7bstnNo2AHb?QRSt3|>ayH_|$yL0C`&_x@Qu02$nb{$m1oC4t~
z6B{5vfTe{<2-oa9x<vnf9@L7rKW+ukP9k#W7+(5~eaQG$@W;tJO6=wjS=Y`1F@k-E
z)41^CJ8=F7?#ADK_ka<RJx6j#WjUB?V3ou<i0W&g?jwLp0jBWuN9pla6l^tMhENdV
z2qrFXHF<P8QG-`Wg*k<m^+UlZT+PaDqn*$;&4iI#Vbu#y?lnSrcDhv4={?tj(ki>D
z2Dd6f;nm(+spD8-C<(Gwd^3T+_!N~ZKZ63Ej$IMX+WB`P@9y3eV>9Wi>qddp1It74
zyD~6m{A1s-X#h7s9}8U3s5&hFGEkeIMZ2B~wMDPAH!2FD>R#z7@^1(QTWP8o<=HRn
z9UPZt_QPn5nefP-jO+gT0=+222~kf|j?EF2DFO%(Aix5G3hnyc6BXD$U($oWd{iIr
z68P@TW4P=aNAT944C10s?!q}Ax)&FJdM7TwZOAwHu+!VmDo{J<YF_|#T8UTPJ6S4_
z4zdACX%azUnya7Bo*@*L%A%fLQ}8mkH)nJ+)AJhgM`f;X^oEH27@#8r49|YCn74}G
zpa)5dcRhNsx{^C5wNM<=-xB#z`B)kGAanO)f=Z7OCYPQ%aB<EQE-i|G(wL$E<zO1f
ziOYiv$Dc1fYn-$;JPqo)aRplomWSNa+M2xL2{A(ZLC6Mh={Z&?-fGb(eU6|sQC>5F
zf^#A?mG(;EN9ifgHXS0N53ztmP^^3umXVSYRY=@!tKs_FkY{eku8^&sOmgOSPO1UI
zQ?*rt0<nbHQ-A;g788*$e!p)F_Z}(YtG6ccrXL)}C7(HfU)(za#HiRJMSS~){rJ}_
z_TlGuj$y~)43Zhm=-Gk&#KSMg1DqbJDk5pTS)^TF6vU)~PMXpS+quyyh+gy6tH71W
zr-pcwJX*R$21rJvUnQo<TPt?5w%`<rZj=x&F*4Gvc!ar`267`mF8LA%*?Egi3j!C9
z(x5TcpO$8!Fs72}!fa?S&tesI9LS2Jrhe8;E-G*lHo!F2v&XyzJPW8HssWYQY}uB*
zZ{F);_LY8NjtKjFo4L-?SWR(4F)KT=R6kHSvZI-d+(Kg`$j$Vaj>H5A5MW^t4dIG=
zQ`q(&ci{z}--QoeJ&2#(GKgFD=)8!hG_)e3ua~;tY7%6wCF|M9Vna!g*0Zw{8oBkr
z{LWS{sYn!*NQ#28Jl2e;a$`luKlTZ3Id+D+_d(uF+qwrSb&5V~Z(%ri;hUmX#LA1#
zowQMCCu@Z>(-jPtEC&VcMb#8sypm%@Z8{{=LJ2rZ4Q36+t@s)SB?k@ODw>PDA1_cb
zsL0ifn`kF?$hDNETd#7p;^Ey^kY{UmKlnEd*tXUDTX{9r#D_>U(Xh!kS1mRDF+hL-
ziwJ!{N?Q;jB>HM;LcN|nU0+w5Yte74OtsX#V2~!23S^pWkkPZYMP>;pM+Kq5%(B-&
zQ_G#%yM<{<9fhc5Ss1Jb)sK-7nbpADDL~~#L`Eu@{^V7+W<N{#^VBT-@#;EPaOKui
z(`nk_^l<UkEdy5}HF3EzXb3qt!Qk3T6VO}mM$+Zp$%G>Gejsp?xq~kv){A;i#=8ol
z>5_T~VcF?E-whxaN@RhZbj2yai$BE)OwId>0Ro(e(Ek0AoxtUP$MK{U=-&)H^IzD*
z#ykfLjBE+7d1Nm>_RKY&!Te(PND&+U;ciZOsCj0yrE;v$xryPuz||jM8kSegidrq=
zh!XZz9*za3+xSO>qU;fd+I;%m2=;|h5)3&rJBkq!KG-)<sBZm1<XCq4NL!eMDkclX
zLwEA)pdgQhocQ6wmDabdJ&~aXBe2}gB{@-eu3Q8wHzmXsUOi}3(>9vkUYaH$3b)Z{
z=HTLXWm-*({^&s>a!Ut#(<)p<UuO=dtmwsUyM{1YWc^rO(ur0gEfA((BdW`W7TlcG
zY+>P7ZVh&rS*sJWXqSOZ=MM^A`SG_^2ieIy%8V9^Se8xUVH?}9bz>L)=Zn8WD%Zzu
zK+k%WK6eC<+17_AUvwINdEX%Rj%QF#bR(OOF$e~t@A|km$MX8oK$S25v+V3ew`j>$
zQxfXaF3Vn;RK(N6a~vSR$qDru^(1L1$>Mg1w3NaEVJOY1j-7s6Oh}t)Q0G;9-_q*(
zgnU(-9V-~7eF~owFnzbg>R9#dhv&wG1BsTr6+a&<N?wDDZfaDjjO9jBwW2>IU1p9P
z9Lqpg3xz9a6~R^#oIwL9ElOvt$nR{5xOP;rf!CF(?rWf}105!wGM)6Vv?%O4K}>)@
z80WTnm8HZB&qhh!Gu%+5h=S@?qot)s^{IBoYi*oL$5hFk6&R=vQCqyTDfn4H`I0oM
z>mtj?`WzjVRX%d2U*4%08K@tk@hEFo>nL8q=w~+UgM@OxGAz+t?n!E7WOD#H(Uk<K
zTqwZ4IIDnNxP(Fr5Fo&mP_NMvzod5HI<c`pYH}J-i<L-Fw5_E9MnA&m|M8Dw26L%d
ztC0oeSmeVOzHVjg27D_Nzr75YCau8On=%z+gHyKpJrdh=m&(-u<Ux;fNlqLTmEu;?
z3N`uh!?|;L^NVkwXc`Jnesz_IeCX@7)^8-buYueYI56AFlpjifh>ZeL-=kkSX(nCr
z;?I}LL1KPo>4mHMDtYx0E+Vh<NLEiGC=z)hYU8xFQn@`Q_=`i)YD?8t*cJf(GOEp=
z?5xaGKHh_s53Q^%(@1_~Ma04}TTH1IjO<j7E*v8|x@TKtIMuq4laPL1FiK8SA&UO~
zFc(D}Aizlg^)x2|793J&Qe4wbv}XcSsQjaEzSx$L(~j=rY(Ds_U;b?BCvng{HLjGd
zh3kjY<j(y<sa-E2nwd`VDrYrmwIWQ)OA~N@9jawjYvDlyRxC+t{meownerz<<v0Vl
zC>6w{e0Xu_v;WSHMCoYEv&r}@ut3o?ge#+ZFmskUuN7yWL#26ARZNqSN&uc;*0HUs
z`B7#w@xu2ZASeL>1X$XT-V$G^)n79luO>i>QsJ2f)Qy(%-NDr<l&x9Oef2A`guUIs
zfi6@-0-Rf${rjecQ-wcQaIcj|$mlq`MMQa<A(V9g4F8y+0JU<V@^DZDeo~^cQQ69!
z#1H4D0pzt_n`q>%j(N3aritq00qY>5*NoXa+*@g?mYVWWbE~2BHBiZVrE3T9YYRAp
zVktanH#s0E0RjX#zMw%!N^-UYMM_ZmQExzL0I!}@l%Xs&U`qT0DIqKI3?2B>0YPm^
z$gGN5tt}C8p(oq=@f=U^GoN63jGQQc3l`~QOe!Nc!ik)yjCJosj{Vy~GHVj@I@4_0
zK$&B;hHQYXZmwu#oI%tlE?gmm`7dh4lJl2~%3FpkyeV6m4v*{Hm{u#JDrGMaug*fD
zFpBn-<B13eN`L?Xjt^*ASexK(R)4Gmi20XN)J>A2Ee5?tEapSed4$>(1d$AF2ico3
zgy~voS>K4J@mEGRzA_vegJnQywM8SLoa#E?n6#8W3n)J`ftOXgDxVX^9cL-Hw0Y%b
z(7hAE@7{l32daX}W84&Q;gzZ}1_NRv94(!qwW*rAptY+pvvUv5nTVjRoY;dI*~M`c
z&r7C|L6+hW)JK2-0hTzZy>x)CNX4aB7TrKJqrs>Sq-Pbb9pdx?lR|Z0$rP!m)y3vV
zH-1CGOO&U3E7qRpYC3rz;w(~j&fUC%5zPfb5o*h!5#&Zi;dkrG%sz;x!f<nK-Fu_c
zBsep<(Y@H5H(be!!mA~Z&0xZa=i6G+MI!sDimcgkm<g)oV^0eJ6`WY76R#kxFH~-;
z@bYU}_NppoZ>)KZ+AF?jD2iOU%qsTkO4hEdb(OeRjs5V|p)F>GqxSl;OGdczdlp_S
z0RjXFu+$)>r$e4L*tQ-W*JcY((Hara@8%dm(Ta%9p%B%u^=658E67|)aN4s9SvY0S
zdp+uRd_r0};Z@4n!clm<QFQ)r=M7AVwxW&&%8SzK8%U;wH+D_%E3tCZ9}yI1Sr0PT
z)LM1ojdK1sq-0bLZ-(%Kt3ZKOU@4KE3%eG|(@e`@I@B$ng@D?r+eVY{S?r)5L1Frg
zS9s;F+o=7X6YrckZ(?j`w)QA95fu9!D-XI=xIQC;o|SKB&hSH#3PJID4vmy3{WQ2b
zsX|wJ7p$NH1PBnI8E}9KbxJ#W&vOI?XF=)@NsunpPt@~S<GbBYg^DVzTs13~|1|af
z|8MV204&?8^8R(})?8gZ4{x4l-eV9D1w?`-Dk=dK6*Yf{n5YqrA!<}KQR9%o**GP^
z5imwUL^LXbOoE`y@Zi12o5$|gbJu+9-uwT4>+W@W-&6Ni-Kwtcu72-)-K)+%d#}Cr
z+QV6UoqhH>S4V6q`QtH=hdV4=0_YLc4{O%H1m=)H)EDr0i+535YMb_)NYfB)#Ovcd
zk>W$Qery{>R&QL>VuL1ql~0^tv&#-3_iV{t69X2!f~}=XBySuwmD()-v|LvzC*AC)
zk=H-*)FivDn-Lryt}3F`AsQ_HDw-UY;;y1Xg$fnUH)NmK_ra#t%>ZIBidaAHj0?GV
zBitP(itj!2L|D}Tcl!v#ZpyU!uOXv1X_DVp&e?>@ZOL0GO(q4(?a+s9U5I9hW1u)!
zfF{xu<K%BZ<v<B2F@;X(x9M#t;p}Omj9fpD$i1uz0lvL9-(EcZ>lgGN;o)H)X83lr
zAf80IXIEYLfSGifUVm!KDoB3FP-pW>5Yp)wkvl0cSEx{-!g&O?X;?E9Mr<>IW8%xz
zJWjwea%5t}@D<i_C9uRTU(oJMvW|3fhmyWr&e0PDoR>`i>g3c5MVbmnPi{QdLQMYQ
zr1X<L2*}&d*`Yn0^0tWrA=;d_g47p$%@w`y8#moKK>?LlQ-7mR8NK4pHlhi(GV-qT
zkj6a+T}P~Z@TJ+FRlu|9JpUO0boQ9lS~w_O@RB+~z;mR2-gkuxPdacdRM*230)?4l
zHsu6|V^-ZO^UCk;w{cXU5`5yqE;6wxh&ATDOY(6yi9dj^Qh@PthO;X+7~%#p7I+9p
zd`^CoDWY6{)fy$2`JI~_<?{sCX%2vhjbhE}N_cxhs`1(>G}$?C^V>=^s+6Go6!ha}
zU`3rW!L;4^M5wZ+8a=1~4WeAwIvX0t5vN1h__;t35`74wYEduv2GG55_z}RX&1HDJ
zqz*~g5Cb`itWe>}46XyNNT|ZO1#REMSttWGY+!8m>t(u#%O_&Dh{*O?zhh9t0a&fC
z`DQ~ro<LqKb?5NU<|Ct*A_;5RYz#Y_L;ZtmAxp$w9KLZ96dz>chxzK_gII|m5AnrJ
z5f#jkt4CdeH5IjPtW_s3KywRkWbwm~tkyT=)%nIs9K{U&yGQhAPT5$XEKZ@-%B9HQ
z$qA_3I==?qRap{MRzXUmZC1{hn*)kQ$3lK6OG0|8;d;bMU9RhTKq1sMCoTr$rIkJx
zt@8PeB01ia7DED+SPXGTeMyYVyp=X&V>(6KVs9)N+-c^7KV+2dI5hn90<yi1B}Dzb
ztw;MbH}bdu_`QpG<l`km6)HSgfnkUIsylD+8{>0?N&ofTt$;Q3pi9E$v6rrg?dw2{
zezzQbNG9wXh946fj~F0~cR!^37;3Ub*}0jdpZpP0AWsy?6KbpmU!9R0pR9F`2=a1A
zIxMOapN<IR8!h}^5l$9yzQ=}%pE`2nTtbjT5WSHXV7`J}e-S(pUJLL<+mo-0^d|_o
zy2{X6(q*Mg!%SS#Jth0Gsd(QXnGv5#ACkh+J(L-=8bY@q$|p|8k&&{~CWd;<eJT@W
zqFvT1rvQvJECme+SozUPCUKw0X#^Udg3*O@`Y{@5P@oHW=zl5?c%%uXh71;xms8z+
zC9&qYe27RtK1pBa3~z*Ad**j`bRet$Y!7In^RN#=&x@1HhYkIy3^G+m@9&O$&z!2s
zknnG|b;Ons1<)rAo%kjqDZ{R7|Bw-lQ=!6>5$iBCXA8Pw?>wT*Gi=OR#%up!Mn))%
z!ubN_uQXL%fQ31R<M33Ui9}Wqhr+)At0O<F4`WNzR308N_z%`W2<QWsAzA)GDcMAR
zL&o<qU}ek5AEyw;hN6cE88{a4>(ulqLo62)Wwn$KM}>{I{zyr2Ox_HHcqGNK!NkF%
zD)F;V2K(*t<V85dRD&MqEgobc+h-s_;=7uFb7(yvKmAdV%3vHZp{*blRHOZMH}0FE
z^ZfcVqJAk8D@37Z5a+6@&*MRPTY{)dP(qtF@IdF_iRj`?j1z@vIzG#>Ona-{*nsR|
zwPTa^gn=<Z!6?GV|CmSt^Ck@pPmeIpCS?=FE7d+0CzPae8)}dS<;P<%-j_i)fP7@d
zF=Pg!EObFP($S4L#v_#RQ(XX#KyknH;5vYX@h6O{eMVUQh^#P;NEVLbsLB>w(R2Wx
zM|l@?Z1F^<E_wbq58V?rRUg+I-8$p3t+uSS=Ou1I;d#{(eRGON3ZNhgIVp^SUW*D9
zo=jlObAkI+OT_s>y=L#dZ^3@-9mi6{*~4GoJ#YW@9goPU$RH#`we^6pVnRqpYFNao
zFOR5uflqD^F%gRD%!HZ@Y9e2H)~VaKGQuinGP~M?Forgt7(npo$gQPYaQ<M7b@b#k
zX;1~kQ&d?8%7Qm9)594R=K^wyx@0^B0rX%N!8uUjtlJY+s-}avkhpSuKTt%}CC}%#
z#*~?n_lI-{2O;L&kddMXMpQ2l<@c4<$uKGvMk$;6JJ3&K#EGy#eVA;y^T)yTRU9T~
z#rdym)BhAgXA%zYjI>yhqmVvf*vbSr!iwl<%L0sHBFi!Z5s#C_5ke=<aS*6q&M$bm
zildIMep@xFiG1CpqXxy+Rd-$$r(gAdK?$TmMBtcslBlWkwl^Sc!}TfhPX<u73Sp(O
zC0ZVluRmgSoG~41Hg!oyo&#wN78;8S4&^)1-VQ9U?Z3h7n_e%+>+BoI3Kh;fhIBz6
zx!3H?uhw;>yO%vzo4xGkbv2$$4CflUT)ED5NAmQG$86_>?lD#vtuq4#rO|BLhaX+A
zg?S0z>~D{(2TWck9yNQ{Z_1W&=aqwsGr?yj%qL~RCk*Tt20I`=ET%^(jY$zUvWE!l
zcUN^ep$r5Q#-Jvd<ROS{EKZWK=M-5uN^SI31lfu6L?(wQ94MRxJA7w|nDhg#D{%yv
zpi(_@M3$%*=P_v$CflIMi>FQ=ks>+wb`yNQNpnq}2fzoF;{k0{I23}<Q6hM~JR#4w
zqHlpREHBy9ZkV!5wh!BTZ$E5vLp#iW7lzl&qaXb1!dwgCg!BUO(YA!6f&-$bSe5Gz
z5#y>~xdR}wveM^`MnkO9neh9nAbvp2_B0mk1vgCF_UQ?G-Rs_K&9UtrCLHg@llC?L
z<QBW`s_pi-_s-hPV#^xsrY#STtE5r+H;aCyj_XDTpU!3bb+JvfvQCAnPE!Zkp1T+<
z>DUWA+r9L2DhH*)lLtIIJ^Wd-Kl(Sip5>tIz0T|vzot3sL}EA}z%b~*UH@v=>zRT{
zo;$|#2^^H;51YN?7d7|GparOROi+c2S!3XcFd4@j>`6?782XeUj3cKp5tZS$fbhk{
zBXEir=SLB?(?#+}Jn4?o<&UVmSlxi1J5mQ7$Z|bMX~-cOpiju>2nY`fcfO?au*xs$
zNgYC1KPVmj1JN$DGvW2<ki&IQ`9spjHxHLkv~dY*shhXYit&&TqM;S~FI#Q-gnjM}
z2W<EDrv2mXN9=fW${Hi|qlo@u-iz19y*+TIdKI!lxX>@Y1ZPv{y8|SC@4q5}Kp&tG
z1YaQdQ=E^-6t|YR9KNk%NcSf-+qHbkzDQ2o<it*U-5cIz&Cw~jcEeU{w5;AbX5aXt
zXV|q@PupMIHEX97w=4&5dAO~k3R9m9k4)GIkHr|^l+Rux?+_{EdtG&Oy*!bC4mEKg
zz>Scnb`E7Kpc6Lkbj4Mu@B{{99b*yC`gzg+ypMk=;7iTAz<WN^-y}NU&WXc2pksG@
z^J^kDN-n0O$I19D&xmFf=DE81iN0dr1;ic<KK|4`C2EM22OfVEBw`uLH=~xw-x`q)
z*i6bIpKsJun%|9z*b4$5Jf2RNbn@%m??MwldlqD|>u#Je*erP~jx>KeMR_4)pl`gn
z;@_o8<UH`wHf2ii2}ug+&e!+KxX$EH<pf1}g-q$=FGeWL?XJJF0d$P~xdXErROJHb
z<L#loK_Ayi#6B6HxFE`<yo@M6Ca)-#BhDO6=ng}IJ3*0`x`>ge$V+stlLH|mnn+U_
z8uJb6$BGG$?R;Di20FInoREf`LKcNkUP5t7fWGfhubw3S785s4C7uys9SO6_<j++A
zItR!{+cBPVqRePl=|Eo&Wjd|}>dd20R*=1}jN_VyBwu+QQuUP98uqPE{%bjimil}c
zc+s1zt#%wzmyi4B>zBpQkf3G7%O!N`R6~0Cz8>kxW@+CDox;mYVo8EKpd)&a53Vd+
zp~901Og0ToY)edl+*MT9z&Qnz;_PwJiEf%p#~F?%Wf?X3EvkPO<fP0W)$y3(6A_+Q
z{EYh0`9+Jw!6yp7f)qES<DBHpD$jywQTdVG;9TiTgq03?xx^DET^E&(!-P(AilZ#z
zm!#+XqP3UEr?e%;mC_1Qd|UBM<ZNKX+44`ri};=i<B#$<wk5xdB+DHS8T}wRV<YWl
z8*49Vx|`F;WfS6@&gX2jJu7P4s3zetR^wXIlL?K_OAJXqGm|?cF}V?jG@-CTlzjxg
zf29{ODKcMZ7IMnNC1UdBO%UX}Lz0nCw2~EsTzB}=kqIs0nA9lS^FU0hiu1gLsiXA3
z!EjQvJe`_aW{FiDRN$aFdC2eTMec;8Fkmu84o-1Ha(O-4zj`VsA~lf{`TU(*PD*v?
zMXsl0k%zsW?9Jg#7?($RatNShIW5cS=<<7kc-jt~(Op7(;+K4nFTw4b`klJCbAvuO
zHY!J=+LF;u^FKbOza++o6Iq>uMQutvTU#66W;!1ov!Nli?U=&#5p}a%joP?cVnW1m
z$d-qd#^Yo9nVYR}h*)J~Ps;GHB#vFwsU@A0>eCmz{&dkTX8-b!bkXTzs!-vH4!$q(
z*d1oC{f5pXh66X6ecS7+@qezsBeussYxaM>(`;f#iUcxd+=6ij-P2B&44I!|ZD9^W
zr*Qnbu-|DWc#@1Ht4N;ae@=rk3&1Sif`>fFRnYmc;EE$XY^(zw^iO+X27&Xdtb#q&
z!J)8!88@9eD3^9h2zHL%Zk)iAK>Uaj{2k8>lnWb^Wt2B8xy0uMa+--d4f3d-OkTb>
zNXW7kIwjEs;HP~Y<-`FH`jFLEL<A0y>#0BNGg&%r&wcupwrBgIz3qbsHRQJ2yzb(e
zm{03~5RsqL-vX<89#$L<fMY^p#TQMuZnaSkkdZKD>QHn^r0a-RFsOX;Q)e7BoY5S)
ze8vRz3i)y%Cgiy6)y>&+uis(YM)uij-~2A|PfMP7aBfZ<vv2vzXV_(zPT3!S_OP9t
zm%}kKZ3`-gEv@)x@=ttNO{x7l8*V%5@copcs>D#fy2SUYpn{FdL4lLO2a{h^eNZ_l
z6`pLsK{+S~<+r|3SJPC-LHX9oK{;oj{oO(NH>VwxFlZ$^+X0anw2~nsiiyL&?;x2S
z>(_}R3x*qboQS(qj4S7|!G81!8A^G=sFUWCw*vk)LW+YmluX$?fxATR!U_9ZEs19>
zATyj0f9$~I7=p3r$Ra*Rl1((MUao+SppFBjBk3NefIC!z*H4MO{>w4nJHp-|W*t5Z
zx0Zv2Y<PIpG&aNL)uuSgPQ{*v7?|OFb_?bnb>uV%8L&p*cs|PIwOxfhd&nY#7?+RR
z3!nE?+rP`~Q+FS+Me*aCE^18p+uN<W%`de~|E-}r{RWSHe7<a1(;t&jC}T<pJqr~{
z3#9@iMm~<w7{Q0~tYRqMS5^`{Nj&sDedM!v-jEp(mBaIfQpikU+JZ6bB9_&~ZCwgV
z^ZG5>sOq?FscF~m8nLHeK50u!llHrB{2Tf2JFU&DPyEpEi5dHruXwIqdgZkJ{ryMn
z<l?;4+vW~Ri*j_$!AcQrHE6RvBK6v~q<YkJEi8+#?e${Cq@$UC*+9+QaZqRv6yiui
zKU5A%g(n+g1?6|-pp42vxmXTLwMqQkf%ZQn2j%rRC_6j$DYsWWQ8L(ZN?xDXOX;g2
z*fHe(HWQR4*%e|^M7fCaoLa0<5Q&rFp26CHJ#4h=L_p->)F3N#5`v#}COr^*K3S&|
z4>GfnAqNS{$JbVa-`{dkFj$EuYdCzUQ-&|&Cuawq05WI-=J>p5m%|^Ce-58;u3r)o
zr>Sa=T#kc$;-`K%WjK2J&z#+C&D)iiPTTdD?6>Lt`^2K_ys@n0rp+xa*rMt(yV$l9
zn*L5TTXw3kXl<SI5xkc4Ta=$LCV5F4mrL<HVQYA$pbRAP0X-j!E%i#>Ri_Eqrvby5
zj-AIUh13pG9Z6aA{GECcVy&#htur2%fV@pWe9SMP^dXhcE7q;yrcIBG+vIrLeZq;c
zA)6j*`TJ(K9jMuUF@5T;1$*6F-lhugRv8QOb!Ke5K5k$0WnXB|c*=G=#n)x!a4gE1
zZ>Ybx9ccS^dgP4gUu$_;j*GI1ZE2|{R|!`|@bMz2g};ixF(je;5f61;4V8mZ;mL+r
zLHXU}ps<2cIVk52`3lO2929`j<>nC#V**z(URXD*_j=(g6<BQ@SzTeWU}DRG?9ioL
zMqX~$Btb$B&T&%8Gf4^MY*g7Tc?z>{fs@i)=!hF_6bd;k-vd4d7K)}N{fsFc6DV&)
z{3PS3(DZ>q{ZgL%)WyOma)*y|!R3k3(+362I6J8T+JLZcfL6ajg-#{-#13@S<mz9H
zJ^qNU?`0bv*>B4Wu~$R$9jvSp*)|O^9o?f*8pU(YO44S5veqpwYX|bKHHVi$TZ~Eu
zVv@tufx_(>bxYgEhR5y7i?6ipBQ1OQ(Zlx0<8vxU1+gcJ@v_*kF*!98W8!Vkd&{+I
zlNyq>&bI+Iu4+q*?&z_i;@gXqjSaKIy3Q!I!B`?tLT3d9<pBK<`cY9=I)y>ypj3FW
zAsm$7&K#8L5zo0pI4FPcU1pQ{9+UwQ_N#~S>xsg^E2F<XA%j><LOo^=<cI8XILeK9
ze?&rnnUgTUoWqz_WmZFE>4zvU>Ht6F<;Lt4O!<sJJ#}D%ssE0G-_8o;i8`mk)1ebk
zzF08{Q9Qn)45~#i;+;o-5KkDyx&K+K{*kE!mz!u!z)V@Z-pxd(Fe?o;HV!YzA6>Q<
z9|+?^er&jHvuPL|sfe6NoEhFQDJDte<(2G(K6>{;-ZnIQQqkiG_ZWViNgEv!Jb%A3
zrDvfkeXJA4H*$IX#vK&aFm&`Wqqbq}FS*O1VidQav~jfqD|T!Wmrbm<TJqV*H>YgP
zw8aJ4=%y3YLv{=+K)p!w&D^AE>_uH6MFD3kltvGPK!oEw!d`HN3QsaH?iv4pYo)pl
z&M|0kCWd&+AgIr6R}PXf?qS!~q5@=;eBWb$@nrz?C@Z2+(G9Vmod)Sx*&-_eR!o?X
zQH%_n_mEu%EI~Oqr|hnB5{h%miaNkZnXCxqt3nF<tE>^9&xqs`aqH_uoMia-EJVE8
z!G=**ok;6BZ$~}>M+irt&|@u-u|!OItZ1-V6IFAfiV*N>WF5mQ3lp&C)w!IJw$5Ah
ziSO!^KKz!EPyQmYd7a}GcYkw8M;t6qOzF`sT}0df1T#lgBp|}*$I<JT!d*mLtD*Ba
zcv;=(Md%y)J2AdRJc2<E&WNuXN=A#L_~p2as9*iJibm8v!*byG<O1~{RU1i86DNa<
zXJ}Gws5pNcNBlG)dLxVa`CDCye1k3V=&y1(r!z>S9OvuxYsNWJ|M+0*Ip8W(coKkd
z&&8ImvkK=LOa#3M=YiK@!+Y!l`fN4IfzJaW5{jaHf~Tx-lzJf4aDE|t0`5-POW|Q6
zxie39=dJ)Uk)2-cEd#bPfzX{tFO*S~lZXi>CQ*MJ1gR`Oz|}?b;z>uEG}<7DI0v$V
zxENH2kiqZ&EU8_h-9k<PU0qKFm;l*?;J*{3Ns-@~DVLd3$m=RU5p|@_{=0F=;V4>`
zTwcdzMZ|x{W}9eAS#XM!=C2u(SAy9<%f?q$O<X3gY^z|&9+%_7(>@2U{njO~&VCqV
zF&QhK$+T!+@!&YEmk>m|&_2BgeOJU&FCBBBYoSYtD8nCV$tk1`9_ENcp}q@8XjBxx
zzs06t<!#{5@U0S_&rB&_66gKr?;Wch>qGiKVPk5e5gj|f8zdb8{D3?V!`vS;G9Kvz
zMHXo|fSqv4ouIOO>4uLNb*EIQP@%$k0>(%N&sQCCB91$7pS=bER<cAGZoh-eh^1_P
zf5^Yd5O-$~Wnp-A%nd(;tg;*@$>A{-8%&+J<HK-AeK5MIF2#=(D&K1QLCl)y$<gnc
zB^xTr5%EC}pD@LP!AG=H#$S;1;^+<y{K!q@Gc=P4x{8OR|FEBqUHM58pSPcg9|+9r
zf)4KK=XEdf^didl&7BmWvUu~!-+qc?v|(yTC;EzbfsMI7rzwBlKK|&AGL~#u^WMnl
zkWEZTNt_c_7uqdbSX}BnzToXI|1L|);zWfY)x8K)zx5D$LJG5Lvo50U8vFk3n?#(`
zcl3>~umr_9>4`50wc`uF{zi|8-^D==Z|N)@Roc7_*X6+S9Us2UL;YK0@+(@(mfGv&
zBT71Iiwh^LvB<Z8j)_N(55L!g)8XwXa_0|9?HOatDV=+BvOk4AD1g7x$)8E#%{WI1
z)gF`zPd3CJl;8P!*%94^?Z46No8M4vl08?T{dtRL#dlBwVW&D~Y<0jZ!`_S6ZC@vN
z8fk(n5DYq^7atcZv#c<i<k3XZC7Tndq`T&iP7;BnCvy<!VUD{*cxEAqD&P}yitLin
zt8S9v`))ch9sXP(Wh5a!i6|U87vKaQ^bh0$BZI;?dZ>{^u0+aLq@$lsqD>qm_UY3c
zu<<Hu7iv}?9n~Cq#Gd)gn{D5LNgI<&i<&zZms>uM&o3|AoTj~ng}N;?*z`H1xwd9=
zjRk8YhoIeR*-~SvGw(<B0lE@b0<Kn?n#IcmP9vaOS-%ay%ccacFee#MPH7y9HiU1%
zM(g7mb}bu|GdCn>u+FMTea?neuj#3AyZVxCHrj65?VotW?mr|a#eZ2*j^EsZL@wG@
zmru*TSduSX_tF<sL4KsWsr>v>G%r0d6c;I6d<-8Jx}4cpf#meCDilCR;q+TP0Hw)L
zu2*mu4$2=_4oZb52i!rq%k1~RRo5dQYP;U-8(ypHNp}bp&OW$HJbaJYAHQ1d-@`%4
zY+7&R3<~>)*-o20ha2lP1$E{R^7=%_U2g(eOCr0#YQhR|w=a9@$5k>To8rPQ`%#fy
zSztn+9&(Cmx$>uNJ2PaFCJ>*W17;E5CsIzxu}YfDB)yMrD^QZ<dna;7C!z31l1wjS
z4f&odJy=DczYBKdT|8|6?2DdZlRIj5>{!#^Jeg_MoNYnQ%KY+>%`Pt4?2^BO(s5i`
zy1QpThpSB6=6WhqQ@Q!s1IqC|C7qNmJtc?Xw506J_r7@5!=WLXkwOVxRnV)yKp~z0
z?M@pijEcY?<D_r~M6p$5LTx@gHfmGKIwHQEqb=L6syt<H-42Y^?L8klYJdHnk0?=*
zY143BmH4)=d6r$jf65LmH8n)}9Db)Na@$<z_|=IyjXR#~@Hu=IrIw@*3sdvr_XR2x
zDeA!KMCPFQQeF>uG<OVY@QZGigYt)!gHqwi0UVUa?>74bUUQX$a*-UAulZ$Jt`mu&
z!dV3l%F+AH-uh#j%coOh0(J?*n;Ysd#6U*SjkK>I$lAi^;Sw}y4a;%y8`+T6i%o<L
z?Ic1n&`fxl4oqsG!w2BgWH&sl8|n~BL1~siAJ=mwygbQ9rswn}ee&g%420|wQZe2R
zJPwKaM?INE6h<{}VDSf5s?$R@a;SUHr6&n0zV!m&)q$C+PJxs_L{YN@WJ#twknqAM
zD!<B`XF-fNM??~lGvrWt{wM~(!!PYN<Y*kX=RE5wo1Z^qpZ@G&O`3eBJsP5IO@D+n
zA<@!<M_J@8JcWdMNk@lxn3dU|5l)mpl1h0)L@p{1mx0RVCR-If81W8#?*|1zob#i6
z3ORdc&kbErQ($zFpGR1>o3_>LMc41QJ0DoEx4iGu>MFGlds!A|ZD@YR{_WR(j!kYG
zw|C$1xV4(gHZRdb8dMEkR}FbSeE1GfqK^OuTvP2Y`^pAoSBdhYevnYJZ8#{M|DEi3
zT`4tC?8KGJv*$*$Z+l(kpj3Er0ONE-ckpl09sH<_)She1Uj7SmP);U>3TG8ePW+nj
z+tucL$#*Sa!Z3c!7Z^Q2od03(M{e7a-P7%By)6eN^5I=zC`&*B#<c@7vbw;8sssBi
z#1PZeX}%8Xn#^VH6%rGsl(G;AksrznkRZ3=O7H~}=R-P-*k~evj(jkSyIG&uR{{Cc
zL{T7RsVTrdOkU>bFNGB999X41CT!{w4HD{lr$oL;45WB(pHA>}zCe#M;VD*HbQ9fF
z`_O1BP|Az5(Bwnv$Lw>Sez`3+j@ccbeN5wFuVy;-KhP@bH=Gg|hm*ou26{6{P&B7r
zpv*K7UC(lz6MCt8HsE6feN-T;DV(!$+QX!0if90GRv%ij%NAzr#ZNt8cOPuqU%l@$
z;@8a@D?`nO9F(K>9WQ^XO-)VM+wOea<|VVCu~r|htCdFF@j2Zc6cQL#OSWB1Ct81M
zqv{q#_?tw0#?4c7Lga`pVE-jkHDXS_xhM%>xzdGIsPH5KcZ#FBHikqzBB(Baa}U1*
zWfI7Ue(}wJ8S(gq-wE*#YbB~dI5(0Ja&SCZ5gQ?X!kQyBYYk7xE>2oYcF>O{YKr`g
z56F}cTgloy{(`^8IV_&35}!!pra3$=`IIrFdp(hK<r|_c8FD|yxh8fe>F9D)k7j$D
zwOS(S*^)d@M~;(Z)`?FtyNI|%lsU?)v?ARZ`w`NuD|fR^_8hQ^<PJzbV)H5O7o<A-
zewjo*Pb9*-Vy<vUjO!&R<#W=xPmm&C*$EPGZeaBZH9(lgMvp{%Xs#w=KalF|ZH{x~
zW1~#L6NEfDA!*aIf0o^ySf<S>olh!S_2%sz>d)Bm*Q%KeX%Czt!ld^A;+gm*uj5=&
zrVhR6Tp;w}hyED5cn$Ow^FD7UdAyi{blx78gE2I2OXEt@wbiB_SxurkY%*D1^k(rE
zpdPHM3{R`c>edin+x-WPMJJ72U5}?}R6N5rul}1C@4V9IXixfv>saG)sI#M)!AZwZ
zg9;TYbb-qPgUJzlRN>qL!-oZ2LFy1DMgJNq23FM1j`<`=Kpn^%3;r84#OZDlXQh~Y
z*FcE&2^A~Nghf7%OjwD51LQ_KBBGp_>^YK;aGVF}oV!`_=4v6LOU)>RgpAniijEQG
zItYYUu&ZH)HNb;sy&xZQynQzS^l@iFLRhV6Qg=~9ZNowZ*B&?hPGU|A5)Sglwb>An
z#(6)$2ZcPqkK--ZI*%EY*z^kVC`bL^Hzev;%8h)3BG-*Dc?q8{gbuVR#}%aZ<~uko
z^@AUEE`3|A<&IyY{vD%P*ev23Th(sDm=Y$%z~$s$wO63#ZP>P<<sqAs<G$qMn>DG9
z8bLm2Xp=<vKWwmN@6UqHb;?D>$bw@NfR_G#c_Plw1)|(?dBk-duB{FD;IB|22Uil8
zNavdCk6z=a-?;3D_44N+Ur;ZEer3wbf@jd{<y--Eda1+&?yo8?bg0GmJg~H@fJvKv
zbSUhvS2DY<v(9d)^E@p5cTBE}BIuJp5rJGcn4qM)8~c<$$C_%92f37=Q%N3jVzP$_
zyKH!f=u>_#gz6C2#hHL2Ll*6cDg~&AK=lfpiNh1=19*|O7U1*lKyc?#2I#Z~PGel`
zB6h{{nk=u<t``W*o0a0a>UfS3`h*@`MElDhXyPQ|lqr(yYpBs#)KLGl{H8zxun{zm
zg7rEpPMu2P=hkFT+OaoD&I#L%`DG*6yHOXf(k0tTF$@77GkREm&UAQng9@rXH(xYn
z*X<v*Yxm*&sFaNu+w}nXs?DXlMs!1!mDgz5-tEJ-eL}Tg%jhb7=j5<myI+HodQ_;8
z!>^c5uqQNrrpD`bV27?Q{}`8$#^EJ9N4v*mKPY{;UbE{p21mGES&Ki1%G|$w#BMw=
z=EoIdSo&SOW5lmZu9ItYZC<^1RQh5_1j-W6_~?*bME<p|mvfDnP|Adp!UV#{p4gDs
zz)68hz}itKKFq}jr+6dLJG65b*o}xsPMRch&@}$@{U`tr5rlCx2#X@BK$#!Ri3m$4
zpMCl88FfkN+|u&_F;2<e<?Q4ju?JBc#Jm~~NyHH*jx?u9#Sszh*N51zz})S7ZbXDB
z?o2^@Quh%lGop5Z_!bSq<C`jcK#U!nta?Qoa-jTh1_`Gj-4mqe{K(QYHK)GoG!cmi
zP4d05NJ+;!;nhH&(pHRxXtylP#$Vd3FBoqjqZjoWuj@p#SrF~ji?BiLnW>N4cx_V6
zKWvl!{TszQ4=XG+TN)bi%L{O<DV=pE3SuaC)=tWx9@JA~p6iz8WgzmI6UL*rLvs@y
z6dA-_+lK8IUVgd#?2Gr?fBBOA_Sx^d)}D9GZuM()_F00;zHIk4d*}zRx37EZ4%J<i
zRNS~6lgD3kgZ<){U#d8az$y^`7hbi^e*BB~tAV_=DpVL8OD%iN3-{S$KYWA6k}fMI
z!$#X)blnbn_=m2u+YacGEjtZmDEWY{p`ZMx2kg>mS<gX-A!Q8@+nukz-u}}U?X?H~
z!}Vq}GNg?8C{ttlo1VVge(S3)_Uq*LUU7;2zzg=+o4@gL`_^agb^UF=X}|u@FSTF!
z$}85sUd}cA)(RqAq6l!{IeNdDJgg|sw|T5xJf_LP1O$<m_{$wZv|G+dk0W_xUC|Se
zjb`NN1Rnt=8jLgNK?2$M34PtM`YWm!>G(Jp<&iasUK5CfH}A$Mo+I+QNQ`_`%QHor
zkPz)z%;;hf?{aFVqHdy%B2~Y0XRc!q&Zj#<p#wL(Om`f!ijg0+bJYih@{)~58q2y?
zmf4HbiOCRxH7oP@qnz9YW^VLDP8Q~oTl~UsUqmC4FK_dl)?2|<K=&fD7pNocsvD-7
zocal=gn#H;X?%P`$}9(_UK>fSgyM#4x&()PQBt>A;;s2*#)DTlI&i@vF|l02xhKL;
zK<(h;elr~uIR&r!yj|96F4>p=!aerYzkZ+X|Eas|p2IU5$0~3}7ac~E$)DpXNO7Fw
zX304EIkccKPR6Ww(w&{>!P6p+yd1N;yhbv_|LnS5HZ-nE%fNp9Q+L_%g_fN_9tN0~
zumQ3OlP7eM6ZNMbI%41W>-VT-)hy&em(aOFg*7n47!$tp3+3bzUTWI+Ja>=ZwEOtP
zQTK5#@^PgEj*R1U4Ltnlf_?3;e%9`LT$2UyeocsHKJmqPWqih+w&HI%u+8pxykTGe
zL$@o7${w%VkI6B=a<49W${wrRfBEZ2?VtVjgZB3iE!fxm!9(_)zx9Cq&WBFecRYJf
zN8iaYd&O<j_KH8a*ZH>&u#9r>n6UEMfnav(*32gX415pJUfdD-<e{(|+ng8q+_^yr
z<{aMD%p^R4j6b3o66&ggJRzq*3RA5AYO?y>WhqQj<nIiz!H^e|#251$$AXl|FZ!~%
zG|DWFv`<E~FZ&bxgKnaY=+z78=du*=eh!5JlNjaG5795grC_x2dUYUg>e}}5h%KoJ
zhTUn+K|hF*iPYcv>BRO2deV-eV>!IqSR$=Qn|D#F_eMa~qIw*uOS!t<h_Wvk>YCGc
zp}L6ApRg~y(@fH*IqZ*qc%|57$$?w)Uwf|UK48>pa!^heL0jSkv!aAR>cjX}`=ATW
z<ZaFM2ju9aPzPMVEU~Ph(?#@z4B*8FM(t&{Znt0g`(tK1N9^jWCT&C>@uSBU?A2d%
zvEBZ|x7vL_aie|i)!Xd--+!Z>_}N=*`4^sQUwFedH_ZS2WtUmwmu|E9pTEt%|BElS
zZ+`A>`@p}yS&oD>m%*J=e0_Ax{`PyXwL?F1v;F0(ZtzDk;iRw{b!@(E`=(oV^`2oH
zn;x~Vx^=gG`mv@hXkz%f7wofle9yIJ$CosL?6tpo)wMP`F=QXp9q-)FKgE9IYp=4e
zf8HK@`}gbaQxm|CzxXm+lzxYP`WAbs9G%KZsh|r%)LFdjg~^ec{pY_uW#9ez+x?p0
zPW{C<jN6-UUsBGt-F(HQJ^Is6@v(pJkKbZfU$WCq{p_usv88eTcmM7t``K4qW*`2K
zx7sCpMs=-B+2NnL%?|#|P4+9VxXO7x^n=&y8o9-O?Uh&RW<!JCC*7LedG|59^^#$0
z|HbFq*S+CEUH5hS!fUqKcAV|Fd}Ud7jt?oRX4~17zpZX>yL;ZAajC+Mw!QeKNjr$+
zeo_X4yV<P*44A(Sz~)KXUlpQGs0c;<99<`;5jKoFv{kDXLIZu|^+n?65TXX1Q>Z7a
z6Ae~ZFwG@dXD~MvShG4&2<1lwN{Hw_$s0y4D~cZko1sI`wncE}k(^06<XyAv*9+#P
zc=QvKdIrkN382Sn^}spwWfH>4jo_Nme>XKc_kGIvQ9wQh?C^DpIK7`|<*pO-h2SnJ
zQJl(wAzS*{2g=K!l=y|iE>h)vgHXA^)8HAq|0=Usa2#0fe)xy3x9@quUca-Pl5xE1
zyFP9&y?MKR_VFd#@vlE-&-tJC+h2U^m3H-|6ZYjdOxws0+-{RU_8I%m=k1hHKVetx
z9=3}wp0fY>wU^s}d(UzEZ(q7cH;#4tjz4|WE}b^}vYRv!q{m0Y80jNR_SV}^*~?VM
zQ!kmYdr!>S#}6*}if++ZY9B&PIW||xk*cc+CcpQS_8tH8PB+?1npkeQX3D-scameT
zx!v~v;HT`(AD7b=Uz(}#Bn6`;jiElkA;10cMLRxQx6iw2m%a8IFSFOY?S#gD%}y?~
z>`mWrx&6>z9rCgN%kMj3Kl%kY^e62%zUFct=Qkf1vG4nfN9E`Y*%3J-fB$c;vOoC5
zG5d};KW5+Z%xU}OZ@AJfnI5)@@4v(T&1>)0T&BUyq&B~7|3hj2^_@rTOMdrZ`@^rj
zQqIPd9XYjRcOBMs+i&RV!no(YllH*}7wm<fyWeixKW@MBcc*moyhX=4b`8~{8!&3?
zQPmAC7B!upZJ=L1-w&cI{prWfp#XJ1CpcG)(+AX>IgIHh^9{}kdRD#M5nBx?&A?*C
zD?>!*#28}Hq8~hu>KkKF=j@Z6s*iP6NjkCVX{-LkY7+^bhmKoTF|3-%QSrqM7y{_X
zBf3>QZC0rem3){evjZ+*p3VBN9p;plVfsNyhi9dX?&!GDIeu)(zU?>fwcr2PNnhX?
z(H+}c@06D(<9cAaW<T}r$INz(*oPiovd50=&Qs$5{4ND%m#w|nw)fn-Y!^+9*zbLG
z#=iMkJMGz*OxsVs<8ixs&!oNmE<O-fv!BrU`|j7B2FsHP+cXip{^PUu-Ot-+|Mv6t
z**`uoZzmU<YV(?tFSCo5<kZx4e!J5D``?|g_y6Dx_PsB=!XE{}GOkX1>z&evrSvH^
z7~hDg@FWIT8COiYdtU`R<mCRxcRXyb`6s*VE3V&Z|NY$u-8m=MsK(WuhjoXrW5oXS
z_M^6M+ob*Hw?A$#yk?ty+p~Au_y5IXwol_NZua?A^Y`4p<k!zjUw6O#(t8fs%U<`O
zJ^JIf*!RBVvd%TR+_KB%t$*t?rtK$w?|%F1e>`H>{oI}Q=ihX>z422gZQ%qC$|~b`
zd`S8px1asuz4naDM(uCzKH7CnZ8_u?i*~{$t_!R8-=>11Aexim1Lf#90r#@CXF6Gj
zE?XVwNFOtYmD}qqflsx2(_AQRRDf}!`PnH`Jc6`ij5~;P(&D@qa(=!fTU)ka9jD|2
z@EFH!ljoH&ODnjXdXfCm_2@p3c$ekfIR8NAgbSHfARYlJgFoi$zTEo*W`0|sUrCBy
zlymWOGN5<9`Z}B5Ic&SHoUki*j@Z%prj2WY-_A2_8NLrZuw-xlmg{Ux&dQIzXqP=Y
zvt$QPwe0_U+8+CYXY8~ux@F3qb7|f4{l?!Pw4eUs-FDCMIa@w7Yah7pl)d7%UH0d9
z%-DPGo45OqEfh7t0bz1DsXM}t%kg>s)ph%wzk1XSK1=Tp9c$XNE}O8S{bTmLE5;Qs
zedIm;jU1kr{{92@-Ou0QTU@5Z`^br=>+_;#?zGEykH~=%Z_FAMo`hhKVFdij?2A#2
zbDWXCyMNaH>9te#e?B>*>t@+kM8=f%$wwFM>z}^UCU*_ne|z!e_O5%6+597?<S^Il
z`=7tl{^G8aHX+^#jlnTpD|a1T(lu1Kzr1tS{_)`jyZ2Z_4$hK&=bt@j|KjP>wtrgs
zXxu;e@Qgiha>>5y6<6E#y`%OsUwV=2^OXJLwtKJi#_LYtI+>6zg%6_g-u}UZ_RK3r
zZ1?22-F;Y2`DzZ$`2gyKadi+7r9;Oo6^Y#lo`JD0=H3XMRxz2yKHNco40y@29*`#p
zFnpOk&}*xs=+jXCECKPuYu|WmP0&asn?yB;rl0$bJ>ns*so=@0&k~8xt1TN>cuL`#
ze>g3%OLiOQB*}5sgwxYxt@G)a$TJY+g~QCs3r}s_`5E8!W1YlRKqlIO^`32e&7S^M
zx>(rgl7Ppr^xN;5vkx6wwqO3r1NM@er|r~2+kWH^9<-giNA0nhW&7AcrQdbRh9-yX
z$G&K<KMVirH#}gcWO)Da(4y`-_uA)NGH$PW>tlBJBMY`Du~RajKls-Nc^S$6?tw+S
zao>pjyXWt+ue@=GoRm2`!5$SE)Vhehv44B-tbOFjvJCd3edwVDo1PxA2Xz<u*7qOo
zI7KSsapigQ?WgR~g{J-AS6*f>yJgzG?M;u`sl}G>S9$wKj@v)#PWK1DaF2b-_1o;8
zqmp+-p50b6+!f9~SXG=qVRq*`HO4i-CU%<L_(F~U(lcLOnA_waKcKO8=e?)wqemO|
zN1r(Ads}gwKk~?&{jYyGZvR}@#j8Glm(FMGr{4Uina1bG4ma$PQw{rnpPBW?krTs1
z_V*9Y*>8N{n0?<D?6Gfn`gXfsj>fV1maeUf>=_qN*lYg!h<)avId?Fy5O29-$^OF&
zrtPb5+ir*FmhCw|f4BY1&);b;ylUG1?BmB}gga)0N3oM~qF8<OO}&h1{U0A2u{V6|
znBDPklDSnt`!CATd*C0{{_)^jz=&cE^VJ6bfPxHB#9=H6vJ_1`8)T6Oh<7S`5!}g<
z5fI;FHYZx5RwD6pKm?)!c@dz{&CmKE(=GDDUzXJiAwTpa3=tn`D?ntA`VNAS-&5{7
zKz?sK{b6?VZ`4qU@aSk%s7J$*ch&ang}R2(qV3<a&6XMqHgjs(n*3~lmx(~0H38`n
zv+baL&<kghcP-F7x%@uO)P-CZni?5=YevVB=8{dyAn{{?7f;mu@$#|eklk_r;}Sh$
zZNA>yT(pU?QG3?4JH5F3k2h?YFCFW;>hu;5d<KOVE}fLaiEsPvyqeg-fKfhhquDpT
zUPimmZ}DLC;yVz4jjU_}#F(%W0pj&Xl;C+cMiL(1h^jE}Ght8}q{zcya?2Oz96?%@
zaS%s-;wT?cGQ`dg2=nFxe3VO>Ji3Y3DJcU{oT5`NeJVWpfPv)4>i+D<HAW`Pc3)}s
zlK-T!bSg1q@bMxrmI$ZG-@}X_!n{GowLqF27YFHF4~)?`M+U<@#%GMzB_c(nLjlHo
zjP<y#D2p<q91zzDd6605+TdEsWo`xFRGgF}_jkXc@KmQws2>{x`9_HUfDDXE;LdA!
zQs=1-&Z|HEYr;%AS>1@jals?(dUQt{vdj!fW92LZY?SBg*g42oDgy*R#(!NPV-KB?
zMR$6gR{^|ag&0Dd2YTug8A|mX6p=j}YG(v@J|(bN-M~S~D_trGmJPMDGBu9cEjL|m
zGn&&LJG@{^L;Pws&M*Smung2LeAb_0spm$3j_8+HW3zy45cS8eLf1k1qsS}8eBnW3
zS#_Myb+%9PcIi5~ZTFDfvVY9(n;W*@f5+`IOOw`W=ptyGuw7H*_MQLqa>cdm-S^Mh
zjNeGK)ng-4gAcV00<Is*hMNZN^!rAex<4?oI3+;<qZiHzz=<G@52%HagvawJE}Vfd
z;^BnEdB~1<Kw7*SN&YbQ93vcgDHj7y{*Xoa<Rc#R(x*a&)xem6BFy-TaT#I89^)!^
z8sO!e^x)^1k5AGWhm6M<uQ@y|@y2z<F)s(?@^ipfmbsM>#@&%-qoN8rXY%mh-O1|!
zALrd)VK@y0<c4vhpqw7gNg1#OZ3L*ep1f2o79PlZCRH2+XGMNA7~`1s4cbJw!<(?t
zzB!*jXB_7Iu@22uy7X5dnwIADydCF+%WO>cVN%Zhn9?yrY{kUwfUP4|2{3wjX>Up=
zxK5BEC?7zbxJ~Zq3Kc3;*koX<xFcl3Er3ISsZ?Uvw%oq01$dE1UjM^PUcO6T1)gsm
zfS;9&C?+k8ty|8Z$g8oQcG)sW9n|I(S|-kTofe7}t_nRt(+%RBz=sFmyy;@l`AA)k
z$<UanZX<G1Cd7vihZDjp#k^?aH$>!Tg+y_=kJmwVZT1C;T-Xp7MUKw0U*(`ws8C_+
z0|SW7DhwgUE%u}k7H!0u@rcMb5woW#jO8kzeAuz490x@_W+6Wms~cTT*Cr#%x?qu4
zfX>A!<q=f27wK$)z6#2*o<85Ih;fJy;m!%@3{VzVN9x1==HO_3#Gm@GusS?6;@L+1
zv8eiiN3Z@EZq&xagSgX8qflFY)ct{!KET_7mq%zEM<rHeDKGBH`uCt*bhFvF{ju3x
zpFJq&9HD*;<iOz7x}cC(YfDu53EIv9_MjZO&+N@VqAPX6Y|m9@FZ;>fdr&rvGibvn
zMDtULd@yH~qWzCQZ1%VRLvzzqicDb7$ufHcCOcNN3=F8pud=TqipEYlB7);8c}Xso
z)Hw-0?)FQMdq@Vou2&3r57j$~Jsukojjm-`gMhp%>Y8JXwptCV)@1|e(v=gwpRo#Z
z{s_l$Rfu8vsNHg7+Jo|V+JnLubA3~+#uswDT~xV^*3o4M8|}L?LSBHexEAs})PcGb
zkYnCnw#nL%O%9KF(so^6JBJo+hlb%TdnfIxiMBn|s@reA^8uT03|Wh}SQZ<0>Gqa=
z^9!%A`DV-Bb02$9q)ctnmUaEHO{Ip<&t9;86^|sfjsF}Jr|2i2X?+d~zihbuVzcM|
zE7d1951mI~fM^WfF2Y#FIur4}`}+w9zc~1#x|Z+0Hge&t2aJ@iGKg5Eor4!PXf+h|
z67g|B>PL5`E?rZGe>7;FeIBw`19u8DN6bF<md;q4+GF<gmuURQz6CDj9*T9f(^^<X
z&RU?H4P<k0z4-5(3@89L2z3W(yR{H9e9btwOj+Y`zIfd1)9;iKE>E5)!^#JD)IAi!
z4sZ+TpTF<ZAyJ<d$x7f=%AON8nNoU@m$(4+Au^8(Fq5Qs4zNKh)F%;MC`07wsq-2j
zFWv3XN!QvuiG)k#4T@Z^0O9<6JqUHYjymx@Q_*&Wi;A2^=nyO%gN<+w(jopVpR`+V
zy2y^7I&O!KCI^M@e=$R9g7%^5ztJP%k<arEh|r5XUY|2W$ji~AIl2&S5_)&>Gm*%i
z$sxl*nHnCq30*teYc1PRTeLlLP;TBcX%|hl?Ez){{lC56jx3E>dr?9b=k1amE&G-)
zl!LO|vUfc&YjfDip)p%-4p~Di{FdkG&)0|ID3Fv1-IT;M?xSAkKBceAK>;`^OIyG>
z0ccKR0KRk^jgMg(;cjbvRon8QI-~qiPd0VI_>YgJIugV#p6x1!58!I>r$;+;8u|dv
z{UZ0Xl_1@Jr4%Ee$)v&RgqR~g*H5X40!3K_xXa=K=*OG^7UcKSDF;r<2zRpr&agWt
zfU<}$l~=C2U!Z>0xh_|zhn!v$;Q&A$+1Cw}P{x|{r|ky;Z1m%x?Y0*DcW|VGJ1BIr
z><VLm*ST|**yPR<aA2*n^Su5R5Au_p0FfSYa{d4|#5dRX=okOxWDKs-`LJckp$M1N
zOJINw1Mny>hraDen`{%6<Z%i=`PPd<lmf0hb=)MB)ZDO+fn1(HT1a6Z@I9_OP>zc7
zlmF|0hraSQ=X##8r`&pp9X)*9j+~T(Qcn&_+BE9?I4Eqy=H98uJ0Qrv;p?;qkk@z2
z^g)q_hCq>A84?>Z15LiAYTM+{kL#KoQ~mdiv~0KP`_z4twri|ykIE_kpYMFoj?GP4
zdr6gAIBr+$YTGxx@CrNCY}w!5KWmMlQ8^bi|KY`kM0b4P+=z3eL9z;@Bo53daFe_N
z2Spvaywx@-QPI2_3ge()WS(dUJIgrZf^h??deQ`EVhjcW%^77dg4|$)4ke&Z7!>lY
z=AeL_KgYm%VZ=dMjj@E%HPROt@nP=51%I_QzZ>XN_h_fkA4EKH1vo)YAA`FV^0L+q
zmFp9~%8hY#&OlvxyM_utY<`q&k#Y0S(dXcHs-?K7=W62tvC$^}GZ^$;)<=;J@^FAS
zfWzyPcaQ#c9{s`b^lx?O2m!`ac^t=ZK__?W0msZn^=yCA5S*Oj0MSv$je>GF+d(M<
zJvU=qb=8*>Km_6FqdY!=sC>+T744>k<r8+(jaS-<6UXexiR7U8nCao5Acy=}F>Au}
zi_WCKazwq>tAqCigR#dTZFgP@o*tRdsBGAz9F*bOlI<U<+odB*cK!Y-+o7A|LmDr?
z^X`Z2kp*45^HN~`gk8D2?T>g)$TspFGIvmPUATiH(fQ8>o<?uw;fx*y>wLtcD{?}e
zcijurQCoZ`HSc2Q4hq5bbm&$Eb%4Uf^ih}U$>~|NH;#~xarQA@(jiCaLz3&e3i|23
zuDs~M$$%K7tuWwAd?@Tg;+Itz(;e*<pQG`g9z*rAI{oU>7k%Um3i_c(^RJCkx#fxV
ztOA8``l7#RPsOp~5i2Wz+pngamq$J$cDJydNg}e9f!L^4*+I$E0CFM@L>QuYe{K$Q
zDi;I~>5NOx-BA${AGSYa#>5EV3CmlYNDx7ai9B5(5rIX<?y`F382}fog93=i5$Dt;
zbLNPSb|oC+rjP>^iGy;39F&t~2Zb>yqJMpLSMrh3x3BtOh5l!Vyk3K%(1FSj$opN1
z?Ijx-s@rsZSq{pWO~}ER9-6o5;bFUMqG8wVp0b@Ia!`hc?6=?hkUcsl2W3uja8UNj
zLHPnXD6F91plI&xc2Kxb;*mH&8Tx7E*dvA5813udBzy5w%>LDzw$LWoei*!370v+O
z%unF9=5fQ}yUpJ8Y8l%Jv%S}vz5M5Oz3~`oGwXc@vM$)>&lS(DZ5HpFWFInn*DuRz
zvErb(nDp~30n&-bfaeZM#OISbap7D93d5iBmiM=W9FoY(1dRP%O{V~P!}1pLGu<e=
zCtwK0(@I`sCwe2e5F8Zp2fEs)oRAliH3)1)e+tn@UF|HU<>Pka&6nHBqjFH<5s$B!
zDr0-D)6c#qMQwE<J1BkgXaKht{LSI*^_m=%njDldn;vP}PPrHdWcGN(GgWWfBcnt1
z2k$><51tsYX4yeml7sS4=@E~lcN`QJG@@{ni3@?W(+$(MCAD%*shvJuzk{;Ymt-qc
zcp`xb^5}hLfA+&22W9tFW-s~a<e*eI>tO#6Uy^<AZ*&}#024(R{v2V=n5TH0!m_+C
z&+8ms->XzYOgd$GobzZ2Cp8e+;UmmEmWzyd&?{WX=LF{<=>}ZqPH-iHKdlgOx+;Gk
zcv<`r@s-xC>Y$J}+A6}{4S52Mzl#2_k|&n~iar1}8)_W2+itzw4zYp~Uy@}7o{hOU
zC_X-(01isOzG%;DD9JIAQ^ub1DLE6Ypllca{;{_0);N3m{z?B`o`*(;?2kWq*zP|%
zWQ};lv$vHTly=8Ksl^J)xEz$WB$roEKytJ_?X+U3IV5LkjJ<J${cnW|6)IdPh>4~j
z+zyI~?=bjVN&z>2BCI>{I?9k1vxomK5AkuXFrU#ZgDC7PtV~$kVF!T_3Ci)k5b<l(
z>rBzH{vs9VZ#ni;XbYjIibT=@tLRT%%gLOV<9Jm>PH;_=Z&y;eFPKMRIFlI@8A0a~
zz1pG--xNILS4OAm`l~#xmIk?;dVWR2S3?xtY-m77TX6KfkRIr~P%ECc7@MAh3xo>C
zwZ#$si0^hz*h*L*l5@g|a3;-Np+bcU=N=d@sGrd#4g2TD5Xym(WO7TyhuT~acgPq^
zh%}DG!QTUv5%xAGK-pftkjJlue)Z`>#)N$j=Vwr0@o~C*LK>*R^8-|)jaN+OBoN7_
zY8X~Q%$uu19fgA;-mY#c=c7o7K3{LMMP0&KT~ViVfIh?cbbEFNEL&*v>NQ(!e`yV$
z#QoY<&1M#7RSlg`C)&70%Vn-a2*COGE+QhXIe3YTYb}GKxu+P(bj_qzs8FH87DpKR
zUT|Y5gzXDM*#($_QAeMZFwnC)<w&M5i%fzW00y@2gs=)ityPiqM@@pK=azM1pu)~C
z^8PEr=uQ9dxNkG2uhWIB*&=7+SWrw}pUuFgbRj}`oYE22dE=%N*J`w_(P~*uP6@s&
z>mht#q@@ec7aoi9i-7ltS5pjQwP86m!^T%(PXpfG4M{%k7upn*P&p_SDpc6|z<OcV
z!WOy}%s@PGaT{Dt=Nzlb_ma8{B*s&jGoyGK8}Tv($|{$?7T`y%zIWKcz!cG$CW>;X
zJ5EZp%@YODr_53t?23UA&3hrVA-dAv{T%gPD8^K;N)9QeEq9!FHnVoTdv6k5GhN)2
znU%ZhCzNXK&L@pxj5_GdK0n?mzS?rrcdK~eLgk=Ts8Hd;0Jat5n2eVL!xzSncu&hC
zOTb#X#SF-T`p?6Il9$phEkU1cpcZv3CX+Ivf)Hjr%@myWsqO^}>O;M7OwP7*a-o5?
zSx>vrj>VY5vnda-T4%3`<ktK#4DZp@{3C08_GwYn5Fv)FeoSbt;UsatFxnBl2GB{u
zYRgvhZ{v4RIVcq>RJgE!wF|;X$0HrLW?_^{xc2}6a9Bx1K~xGmhPD9FSW8bXKe|bL
zx_c`C-#MB1b8|l^B2P)Vbv^3YNV(?$t|s*i8UU~j(su)iTSvL)64Y-)UDzX|x0Nmq
z-qLlax8wQn1`coP<D@|Fu}PMzXP}~KHjT-l;<Adiq#Oj65%H(fDhH)Pg$fr2u!>kL
zC@duQE^Jz1HSt#PMiSuhGzI*%+AJ+lyxEeiqIBJ%MnMUjo-q&-YxO0HIz^FL(We1#
zQlzN6u$pdO4gKLKOW6HbE_cfTh3SZ#2AH<;G13c&C0*2REl6r&jy$CMhdwnX7#EC>
zNZTk7x0YUK6NR^-aCtnrPHNkBrzIAoY>l_tc!r~hI(jSE<Ps^~jMI2gJWa#i5r$Pq
zE_slpgJ^+xrMLa@kw3sGfpG^@$UTh#db&b|3Kh;X!hQt>Fo@W<E`!_S(F}R8yu%9c
zU6dT`0OT=`Kk7+&;l+30=%4^aaE>mdoe@G1ca0hGqiX!5YxoOcyUP<wp&*GFdh#Za
zg_)!&CjYsHGNlT$PsjJ_Y!xso(l<dp`nL?)V9?o3Z8DOYk+)U6ouUo-p-CSbip<B|
zMuAS7AqPFz1L}ms)l6e+#TeneoR%#q%|EFo{)YJZ=^mVn(7D0bDXyP}w;Rq&1AfI&
zOb6;Co$xdjS>zzCtp;fOS>8G1Wc+moJO2WegHoYFg$oy_E#ewDZS=as03kh0VV7*u
zGv@^n*wixug36Qy)9DIz3k1VD;Bu4j<#Y@=l*2EHv$_IpDJNx<L6xa5B>yM28~KY|
zTNX*-&>eqrJz({))@Oq%&WRj^X1ifc_5HjGX*K1vXsj$S98$6FtoTw1sCB-1q7YIe
zwhZ18qQvp^kwLcI!h4#={n*m=H6}^p?!a`=OVbJ!Dpc4yz<RCsj<F{)Cu7~nCUOu#
zoD}o}n>M+H=@uxbb7Q%=2>nAYx4O%!K<<>_tZeNWdvy%bW~w%iDDtk|dY~e#Yq0wR
zBD~Q7(XXP4Pf0P{*Z|@{9lw@BNlgs_KEOsg;Tl7N9kl)kEP){Tdx&?ZCSg*}2kT)(
z@lj|0u(PL6D1Nw;-8Zs#;wuNGLWK%j9~i9l-ZA!sTf@yk7-RH;HpPiTC^}}7P?U2v
ze1({e*q^{1Ha{&8@Vy36_yvS$!qj}LVMtZxe%<F<{?z5bmVZtAyaVNuhu~9oblMrB
z$9P&&5slWe{EwDs)LQZ`c!LL`<W89VDKS1v<3mhcnsLG~N|79pGpYbTQa&PYWmHGb
zd3fi}3?j)Rg11723Kh0Kl94;V$nRujtudzP)x+5L2FyA2LI^FT4_wANkvmrDljogJ
zs}e?+3lsy)<1}f(LS0!w%AK?=0jBAAG_yv920;w3E)Y@k6_WX8+m<0Ys66VKXUnXT
z*=I7;<n`mWHDT;RM<9Hi2RQ;!D}3AquLY|p4yEy}6mN0(Nr1>BMtCb!s8Hd;04o(8
zTi5|%tXP*N%V*piFz1;C)~<d1x-6KuesZv$*(BCwfL8<ZVa5WJA1djy89*fS$65{z
zs=ym6aQn*M6C4x&alA7CGB<5@>DLddfZd%mK)*IXztnGV@=LzVt~H#KWt`8m1j=2j
zU-|+i88b113(?O|^y8p_-}BJE1mpxU21G3t<$I~y<7&zgn`<_`o#vLCHWYi9Jey*h
zVkQm|Dcau<gN-=IK}vSr0MZbgMEW^(QJnuwl7bZ~RH(4^5e5u{#*uS?6@xHrjvkvk
zd3(h(VI;#EDno0jLtUFm05W>Wagdh@yktJZxULHF#@i@NG-m-(%{6rqqAB>p4+$<W
zDE}ZC&lOOPesCoR1iXtns1ay~)u5{K*kWX)(`+L=;#pT&>i}X0?U$ZFw={ObAwXVE
z#0>&;DfD0*GZqz58<W3L_qUmNqi0@D+fr@BnvEqJ8mie`qtRJZ^Cr?C-a7NVk|BPg
zm;5g)Q92Ypc#6wGd|b<cR1dbHjObXp!YWj#P+<!LI~NqdsA2p18E1II82YW5?vR}{
ziMfwZ76^L9<tP=l8tV%5Q?w6){Ve%29jFi<>x}RlH|wfQZy;jB6LA^q)rSU~)Ikl_
zZ#xMhVH4qM#>a)*JfpZ!fX+E>SamXoD}YBaDyL+~7S$HZt)}mXU39NRoN=wKxZZRk
z7NRCP5vSpz$-sa}o?z$<;;4AvA1m?=wCcXfL8(w-5Nw*Ut+1)UxMA=BeH7uINX)EV
zvndpZg_V_l6F;)nlzBElf#@oV;JE<p;l-Y-0yi17Rnb?e{rVx=RWsmeu9}*FJw_KO
zsE9k^1H$?7IC5yf<G8n4x=hp_?PXg~9N%|it;FBp$(yysNjM*U;Gdx-H%OWBgW_oq
zUWlkI;+ravzgd-%DpaVj8Zc&D_=WMSu%&=8%Z;XEMMMXD`-59FCShn5yXx?7g`7*o
z%*lOyDjO?(F4QP(54fO^IUF92^IpiVV_sC^gQ<aY(adKZYmMnH$hlzOQ2`ooTyaCT
zB<FppIbw}g!x{?XH1IgA^SD&tz`38U(sJ&^@MtRA*A#wH>MK8}FNVbmXPvRAaOI#>
zs4xh)#^MgM!qx`M^o=<kGfPdsC1bdv56d@^1%vXBq+bp$5JF1m5w&qpzNn|nD1Va*
z%te*k<$T~ws+O9~!4b!!T&I$3w%rsw3g<n2K_PFqbyY%@=gp<uNhxHtY*}edR#VuU
zBu9hq&DMB4n%eAi^G4wvgoqA_3oo#}tS}$ZS5SZamlouW;F$2bH}5I=BP8kXk9riW
z9Fz(b1_4(J#8p#aYXWQOD<tY9x13n&%=;kD<4d4VVReTF{<K`?t1R4N>$Cv3c2Ez%
zw=RoX_KZ*j*_n_ybsb3OgqfFwv{9F6DD;G-$g>I}Pw<~_l=UG@oP$20y?RkX<d1wL
z<&$-!NAoG{Z_6rvT5&bJ760~255SkpIwPnqygBAGbW)&Pm-T?`(Pq(ZJ&~6KrH#aZ
zpFW7M2$QDxnmZG1e>k(Kc0tpc;+Of7Y}%{SbPuD`=<FMz2}v2&-?~!0snw+IA%1#L
zGL^4hYZZ@j;DvZKIqoMAH>A?)YA32wp+be#!1agS;%cj~wLxF`5;VlK@$Am97huCe
zdLH;O#}JXkmEYE3*JZz*mxBPgAj;#IgF%+bkNL8gH%Uh)2+OYnB1nhwFf<6(!#fDj
z3EJrF68ezen~O?CzvPtd7l8%d<XieV6JD?GCykjj)tTRup~X9=gnC@)$VwCF8KI^=
zXOBk{-Sc`tjE6HswA~6s1My>hQ6A7Z;`fI5eI0(M$N6*|TC}!2h=%l?kt5X{9`QZY
zZB|>@!<ANCTD3*R(_TY1rs!d{5vBM89h@+)XTwHo!!}YM6Ajy_^n+;k8148w{^7QI
z%|_HWBkd(muN;&L71jb*9JT{WHyjnVFv1oO3iuraf&yy@A{pv4ubl==;aC99b45c?
z3B{a68s?fp6fU!ql&gKd5IUhx&xvv!pgulBh0t=}5Y8Gsk|DB?H}myQgTy39JZ#SN
zC>#)988}nLSA+ER-^0ljWBq`4Ut(+k^a#S}@NE{Hi=gaVEmS2ODEx+k<Q(v5CiojT
z7rdoK`B5Hq75N4b>A`nkh7>;}o}rp84^P@ct!{IY&1%zlyVhx)Y$NruA{KNCA*R#3
zHER!#+VIe*YFf9t^cZd~SzXRdTWP2|G1Rhc?Rls1;dz@DZ5y7m$@+pEoVHEWs}+<A
z6)IHd82Q2(7!YoVMPWrx+w4`4GsQPILr@P7r<Y9FDKluGa?c^q$7it(g4v5Yc7X|<
zNfn~f+@mwmu3$XfoI#vNT+zh-P{AefxpkL9I_S|2n}?)SP4!up{yw7v#qn%|x;sgu
z_(qR^NRWI{5r};3k75O;^GL>t$3}cSt)2E@;c)SuFytR$Ll#6KCE%%1R!feJKkni2
z4Oz!@$^)9V)o@};pl4W+3aO_xZFU~#h**6Ym1D9^j?%XFf@oRsi?&@3(ezNmrsTZT
zL?bGDTo>XF37wWu`lmvL3Twgd7@!JINMKPnI;k?Dtr!{|6WvW^<Z%e#j<#fy%Q}$-
z7UFYS5BjOI6@Xryrw0k4EYo0w<IbOOLL}v&ort4pSF}@ynZNuF%&^jYD+SE)mP!s}
zZTf7ff}7MUL--GTowccYLO2TUkU@A;N^9dhke9}iL&0Ms$RFL{v;YQXo>!F|3ZC2>
z7e9^*k7JzVX7IR2;re3J#(0BA)Omc<X}7|^(JB5A(s5lT)pWGw@KDQ!+e;mi{PB9j
zM(PU7@tM&1#L$vWtF7yDpvKg<6SYy>F*;$}$G6*oZBw>?`>0*Mdvx=gyh4R19Jmu{
z%<3pwITKZQqM)ZWT%*5B^GgR9aq>l81ar6Fs{nYJY#^+Cih>HH6Ap;znrPRFkc%AV
zuQQRAV};IZAoz1aAE;>4h-B4-aE3fzB*B`8b5P%|t`uWilRpQw0UI_u44R-@JQ68^
zbmuvXpm;AsO8EwjM0JrTNKu>;9>LH?!}`-!+d#vjA<;+*J1O10g+%_9T*Z4HoIC;1
z?&!$I`6>+M#MqTPqO!--ChRpSK29Q0oo@+sPF;llk<3p9OzF5y$8Ezk+acPezSvW5
z+P?9oT{P9UOLvail{;&8{r;Lg<)Tr$>C$n#@v?Ed=F(BS>Y}>s+dFJi+lOsvynfc3
zyh4R12Dl0<oF~xuSi^O8!bbXxJlq`y^(&XCRjnt+oJjzt5X!A_4$_z;#mfpEr#T^_
zD2Q1>6AN&?&H%_o97iwX41tQs>C(Fo;4SzSD2PNMbSi$<wuitxDJXYH%Fanw_LP}b
z2qs+xX$tbx{3~Q4pNR7n2F3X!mrk%CL~Ru0Emw`WVd*rI_M6loUg=d_EUn-~_+uE6
z|K1G(qzoS(41q+Io!ub5Ny3|M{%sP0x{}Suxx(=1fS)p?ewnJx$hTRt+6b=*>mQqZ
zmsOtcn1y**?YE>ZY}r)3W>-$u?aGNEIUvJ!?Vbs{df&KReqhS3xO|UYcF7*wfAKEc
zwP(tvc1&4oeB4eb&tt72duXm@pFX^7pLlf9{{F#5`@4G=?XN#O+fl7Tg$fn6E--{W
z?rK*9_E+|MLm;0o^D_%EIZ%FvIQ5yW7ou<`8jfT@4s{?cfoR`@AT!LNOx!&?KaLKh
z^Nmi7K4E!*YtR7bmnGLd;5_;hgfl{9T@~T|)B31L-T~+Cl;lL+lebZh&dY+LSvkU!
zgY+EU=A8_Dql5JWe*mKLM+iB8^c$qU<7=osE=p7`YY;>p9MgL42!$gOl>t#9(nRqX
zhet8~!;Xv{9qT$DT2ed?goxLMmwD6^vUF7Y*IG+*IBLoUpYk<lm3`J~zJYehMoE|K
zVU@E@j>%3n&fc-M?HX;_u$;6p^%uV&;BWn?t#~}c+dH)3?$IH;;=rU`v3Jb&PmkI*
zvDAiZHrs65;p2;T|FK28{jml6@B^pp{db?VcicN`e{+As-hTg*{p|w__MS&h+WQ_?
z`s0iC>67ALq<3~+J$MsS;R83Cebei8?Hx;z6)HS|!7Fr!?=gGRtIfuB2fOE1vzPs(
z=9*K9;Q{~?152{ls?J*Wg#+FyIPtLAyM9q~^fpCM304vYFk94ng!*Dk*8t+uT-aH<
zCND=KJ<vfE%OqBw_zJ+3>&Ox31U-}~qNxhvIgfdy3nZZb_-UTdaXp|N{7yT<lIg!z
zjL<TAD$+sD4jbpF7egwtc8S$V!J|J+Y_0?6Ak(WSQhF|%aKCm4G4MpV=srdGD?8GG
zPnIsTk#y0nn3%B_ecn~}?%R*qgPI&0j5A(M;Sq^DO`WVR6uFF#kc}S1t%cwRt{YB;
zoC3a3<^xH`HV#E;tny=go;USZQ5FFl;1t1uM?rZx4lk?|)M3OLHdbreko>K-obXZQ
z8Ie!MW0^@EN91HojgH!cBDX1wk36Ne+AS5YnXK6dA8y#|-hZDp>$}trYM;h&yKZ0I
zzVQW@+DxNmA3M~v1@-03V$0^5%QhpzZCG?2YSxs%CGYDoxne`54>c37cE~O_TBkyV
z3af#OsJK$fcQ{)dG6wabn%#QYlwG%fO6qe9exU*b2IVtEACSDBZh|)#>&^$A&b@UB
z@OpYbMBzcmVGoKjMG{dl$#T8|Fv64`>wrO=6S5VgKae{llEWJqBhn+Bl`b8F61wCh
zA{mvaJGwBD5RR+`pZ>5?!f`|ltdj6*t>1N%o-(k4P~=hAA2*b#!|LTlnX9z}ypYQj
z`6^T*cTUs>uCvZ->~VleNs>8a{0^_KZ)VM|Hj*RZkADP2g&t6_^+Hy(^HDr?8b+RG
zZO@Bbo%;%j;NKZZ<f|p<*;W_I8SxFSv(jHQG$U&H0*d?yjnZWsZ!FoEoUW<nj7_)a
zZAWd+_DaS+IYO6@HSPMzrag7XkUeeJh&}DnZT9)sZ?`YFd5=Bsx;^%sTlU&**YCBb
zT)x{b-#2BuwvSj#!slB}JGQuNM@}x;yi{TDZVg9@M_x5uFw{+P3#!-A<)(f3@NxU_
zky-o9+@jsL*tAF0mWS&Tc6<~Xw^Jh%wm7<7G-1o58V`)ex`-PIejRXxt+sR!<G!vY
zs#Z|WFHX_PgLlC|;NqH~!$lR&46L9WxyS5JUM(x23u({QW-t2%U6Cgf!xo1elB@TQ
z+XueuT01n`uv>rPGo8<7UMN_xg2J@|VZi!~@3@?poP5(?c30Z#Qp+cqNavcw@|W*u
zNr%6<%PR}yJZ7&FB5zFUUC87FA9d`!TGBxek&aviWET-hQQDxGa92St2ljIF5|@kV
zvRg`k-&Y(6qpZTd0W;^z;QXE73fXI+kH{|IB(X8n+mH-u99B-E9O*x@JY!c)&D-aH
z{>AozPaL)T4lUW@@OH6^-yJHLHSdv^M?;7yw@WX;N7kHoD4q*JAQZ`wu1)gGc^PUg
zic2So=EwU+<+!kYq^))ym+)~popq(xhwC;ao*~t5`-q&Ckzu8^ZDM@H#_Kh!*N1FO
z`Nrf(@WwF<stfXs=9d~ax3Fw8^K-VOspzCsV{vC*wAiT04{6#`d)98%eDbBYUTJq6
zY1tpX^Rr^&dnyv5OxIsBWUqL^rFQ>Z!`}SalafDV4LKrwHP+oaACqNJPZ~#wFwqp$
zxzx6mgK|D0=j5LMe3MP<E~B|gPKw5&9hq<0*Zskx_R$AVX&el4HC5<~u17pLDA&kA
z`S}aSL0N9u%@<GD?f>qY&h`IYA2Zw0V^v_QqRT<SC<1EI$3Y<}j9u=aa9%(s%$v*;
zu~{(k1S3Y(m*10vlIMq){2m!R>2B9wwoJ(L1Uz4$#NemO@4B#juR5YX@vaZ?qNH+%
zUw=5q-sfo!GN6w$_D4CHvXIjyONjCUq+@W(aj{Yn@ti`v5M`8g=!;TWA;6>cC)DBS
zZKA&EYQvPsq202H)~sE=ZOLBvoc;FB+mGA*k1pEcIF7KG-MIoV1LaG_IkIR+oCk2$
zaEJ=9Qi2k!j-VWlkC5f#_mqc4{B+G2PUUjj&}Nj!FOs)oa?&P8TcR-=(fAx6m;0jX
zP2hc?GD0+$ENW~oiCBo4TWtIH+D<Jr?fA?on^{&KIR$Nv{dRNF7UZoAjf}X1LSDWM
z+m>U8`g~Na-d?mDCztHYpLvme=HQUM>D{`?K`S{hwtPYk%1${b7s)|cvNzs2YYRAq
ztc)<Hp%8B*@zJ=#NhXqOCI$uPIZn4(<)EBToLI8vuRg8swYyQA(tv#7|9;Rue4iW?
ze+FM+!w3iEjdD=NbkXg*@EnwzE}F1Uzxo=#a~gfs1?Zq0PY%ks?raNChcIMVRt&y?
zH6!RzvcfevH5f`*vA7(O>E4O14c<tIRSKWHl;%84PAQ(~{4z>Koh~eRaZ*y-l0;Mz
z;Xp=l9t`NBFtdz*a$I3oPig2~l$C+3!0Q9EkPaPiLdIb1fjlYKvrA4wS9yt%Hgnx@
zqQW@?rFP5p&&$lw(?r1>N(G1$Gi8&9jTFJhk^o2l8C>@~m6ZAhC&9CF<l|<#j%jX%
z#~Tg1Vn@?n^sK%1cefw5J05M=(!>rmy?ANcXx{)u2E^jzaVnFx;T%xj@Pf){d62$D
zW#kTPoQ&yjeW+=}!*!YHnvKcX7?qyW?EBD7<@i|L_kr+qY*aEw^~V>4B#q+O)4C|{
zV_seeLl_5SuF<p;b4_b3%-hMihK3NoMyxW?OU}p=H>>^?TgGV8x1(JK)z=G3<G9xO
zs_S**r|jiVzsNp)ux4+3-yO;x4$5&kD7)Q3d0=+Y-gNhz&G8XB_BhdoeDG~J$yx!*
z#%YV|mvhDsE!Dy4P=)gX|M}`oMx)hs+g4!{L3?8Nwi^8PN6{)Bj$H=)*2StoM#$T8
z;6lN8apwi~s0?Z|pD>a7>WTQN6Rezbw?Blj49X`Tr8A+`CEIz#tEhq~8XM{pE)nR%
zNf=-9D;)fkiTIq#Dr3O?TO1<pI(e)RDiIEw9R$4m1edD_pG-3HM-j@9=PeVKKlI9J
z1+V_N(-b86kZ-c3Y_)^yp5kfakX6<{FQ=f8n^VZt5j~w0&x+QF%4Io$NsoT=c%{=n
z3~>KUJMpxs3UGbI!|S>1oj@)QRejMX?pAx*CP#-o`zXAMW7~|?#Xl-OWO_W4sEAGG
z5O2Zw#0t%+s73j`GvZ_Oyr_24MwgcStEs!>C|^2Jv+H(_+6{X~?CE>A+0!l`w$Hs{
z(w=+mw7uZEX?ymy+wIv`P1|i3PuWxUP1q&dMr~3KOnYw0jvZOBJMKMfAG`Cgz5k9G
z`}<FyvUiK#`H2~O*X@h;t~(a(z4tEKhaYa*-N(%yn47c{wH-DywA~t`)3!9S-Im7o
zO7A_=dt9X2LhcZ&lY+cIQ@g6k93$hlBqw8B?c&{`rtm5Q+T8~=hOy;OutvBn{MwPn
zG$cm)sjuCnkX#t6ZZ5PywSsa!abn39e&uQMo;#<{`=1Zn!IKSt4QxH&*Cj97Hf*o|
znoI1;T|;(szGYwh+K22T_g5<@XN*`u`QulsEp_*C@ik^I-6AU}>h~dyl@@o8I2Fmj
zc0p;E?-{j^zv?=B@I=d=`ZJ$2+lDzVfr$u1BI8_>j5hMZvpJveM?8<3z3bQIm+*)u
z>6BZoP?I>n%h!=fCYJZHy`C6GFw4x+Gwa>Jos)FExU6&}e{mUw92wrCU?CIfWs{U8
zpGIQzgXH*xp<plG6*3hOIswkhM!iTA<@xFI{2b(EdYb+qDic>ACNP{TbV*HCI3WQq
zmxv^s<^4$aC}$vW8vaN~Z6EP2A3hDpdU_1vO3|O4vkq_KiAN=;6Hg<Gaz}<f^MN5&
z@wVn{a`BWs^Rh{M){Q&ueRn=?AAWGwYP$~DvhEx^Yag|aziSJsmMZPnm*R+QHf^l6
ztZ>sGzf9HYwtd&6?H-?0w+`EsRK|ZC85TeOK)N>DYM({T%l>AsM9yh0pOqtWYGKx9
z7ix+Vsr&^#Ij^cMsLe;^P%NU3FeIVFI_I>(H5zj~pzZxmgjCwJQ)UNwxCh7*rhzc*
zBWmBp8GGigC41>D2kc{qYWBzPx<hH(#3P2r3A_HlHhaYjF0qGBF58>$nX{8PIrMvY
z_2|bqDZ`!L6n3oCuX0e%CrS>=t{=bOj-S-Tx87GlH3{w9Ic)#%ombm+d&epVWiwHB
zP!7mJdHEJ`P>wBG``4dlcRs#sFaF&J?CyiQKK&LZUFbL&I4`UL&nb>K5%|O-MlE+{
z+&LMtS3Yy6z2R#wvLka%+xs7G-x`}~3kT&lIu1%$D^!O#FX9yNyJhYG(~Rr}7Y42a
zC@e6L0M^EtcxVsqx-q(eY|iYUhnz?ceVG4xA~E^_Ch17~_cYw;SjdcsvT)+1hfnYc
z1j&;{^+bpSUQUYe-^T9*I}Q<(x`Z)CC>~zYIfBRsigIC0x6PiM^u|dDFBoR>#%fid
zOFm;+{lf`yT#JkcPa~r2m=Kpir@jSAN7Nru*=*c|i!W?Usqgo;X6@Nm@3iZ#+HIeD
z=!pG;Y-Xcfx7NsrE$ccN(PTTO>u0R3ysW~F$|;cpvVFX6qZ5-hHY{gBT`*2LQg=x5
zd5v~?v1yIPhBU0%k{prwrMAt_F52w;qRlPMi)YvxGzB{9z<1VK)Qz`T7`u!ODEg76
za1tXGa1bDOV)ABI9OF3N3hDy9w09qbIL2gz`NqoftbOj(l6~cE2kfJVm+g)3kv(J&
z3Qi=Cc=mT5@jP^LaeWR7-G|Q9D_u@yMD;6d0q|4PzNvKsG$yAeJoE}@2{doAyITTs
zKHqcCqTR4>*xvRnSGtqoh6QWPHhfJspMUKRd-=0=*-O7*r@i#~yX`BVy3206Y+A-a
zJUm~7S5C}RF4<<k{Z$8C>`%W-Hy>+04>}K^Zm5M(b5ev)-W*jICRcY(n8=7zk^>$r
zVA%?$83LjHs6|H%DTG|wrqiGztf<=8y_O^=Wj(Ers6Z*NKX#FBtkTpp3AsZApOCXc
zg*=^5FF&D7%4UK|<T^`8S%;9DBbU#gqTL|cjy97_+Rq==K$4H1&O<)I+g0Q%5`>lD
zD^JqTAE}A_5er9A$RaL|L7p$QLocFiKGFf{f9DMxIV`NIu+kNI(Z@dx509cmEcoy=
zX#0fOj;WgMo2uI-+uC-?_L^PJr`C6m*fkezw_C3{U{~##v>nZsUAJT0KL66)_OyLd
z_AJqJFWzR)xqRB5f88E?{!It$c{g5c&$#+hyXB%?wtI5S>hnu>^2kwp=z$~lsXGqa
zC+<3I|8V<Jd*3H!?ESZ&vcLWGDSPjor|bjwoU)HUG-G!iU9v~!T6Vm((-wIAGBoYP
zuhO*YyQTO}4Hepkda5prKd#e7^$$xeIMO&t^cy!D{)i?K4dg%Wr%HqP9Uq9e76jh_
zkZ3PIpyEbUE|<rM#<1V>Mmp-Og?>E9pe)eGu2w53=M$wBl<EI;pUs>+r3)@a3<^y!
z(>sUlL*I3cUB7p<T0z-N<SQt=X1w<rv#;JFD=6ysDc#Av?rW~Fmp)~}YTtK<#*Q2l
z8MS}?{QdT-=k9Vtyd4{bO_M?32JGm(*?mVA?O(j<G5gE|JTEu<;#+px+rIS@`;osq
zZa?+5hg4UMo2}sR<|`<pQyR}ihRI@Vi+qw!;~Xo>ojH>g74wR7;u$l@GO~n@VI(h;
zCE%Ci0&eWNgXfs!7nV7p5S!%#zN%4roJ3yui3%~1%(*)OiYSU;LdnW46;YsEwLllY
zPLR)pz)cNx^0w(Dd0-&jiVUao0lu>m@sU43wD(63<h<~O4uL2xe^lgwv_hctI*&X=
zn9XVFNpIoXj1rbSisp@&G3CP#+a^Y~qD-lIcZ%;K9k(fsrdbr<vf5=%<LHFC{^4V@
zcKG<bojf&Tk2iRvGH!hIz1e7|M=qMU*^Z)8*#5dixpK^ED#+7)?@II`gN+J`$yc7z
zxT0WwwU|Kk3GEGw_g4xt9^#E8cshSh!+8XvBMkEM2%|<XkcPTZzU;~9@{B!eSIxfk
zmR<JogG=`2_uZ#9+NSDASmU@|f1uwAO1ka{mQ;1nG(N5pdhk>Z%K1deLHQT|_i;Ni
zH?Iq=S8w)5Q?t%q-68zfFWGMwZy%`~l+DCec2KzTF%o?BlJHQ&MkmJYO<#Yxefdoo
zzqRo_Z#`<i@~+1flC@yv!GD@mGPi<r0#-OEn5!7mWd}gOz;pdDLt)){(_jQ^oGc;f
z<l)hdzoikp;&Is|!>e<DBmt$oWsrmoF7x;#!`m&yCs0KBQY4vpvU2nYm^dMfgW?IN
zlXCQvSwJVG6X$w{j>^btM<C?DM>rMfDDo<R)5V?{k4)eb>$DYhrQITLuO@T(>JuMZ
ziLsEMAum7VcwSNPwwju&hiqKVhW{p>`VQ8e;$u$7ruuK>>71XBfoD_+RC7qemi4c;
z%&~3P?H#d;<>)UgHEfy37SfMbcw4faO<fBOc^xO_hwS+LtUYk-lz&D3l;RfWn>M$!
zWQ%zH{<e?$%bn%qNC5N>_;}Ni@j*OZQdE{POFVOI8MK$b2@}G|6H5-MoE)$vv5v@=
zgY<H{19&@)Bpx+bd(lRli}u1xN9;w{ZL<$Q(zHMMz&+OB5f9#2=AhhvYQf%kFRvN1
zLWnTxrvM$&L(L9IM44RS)2JMj^NEs!vRSAclug8zc2IyWU#?&o$srlBUwg>``}XJL
zuj8(crDof{|1XZ(FTe9(XM)BU`UJ8?(9=P|vgQUmfm46%fc}hoIa@8|k4cpYfZs52
zCq?j;6DAY!Bhn{XId(ig2oWog@;XC=Im#jNRg(mgdrbfVcVcwJkaKh(2VFBcQ3O$L
z^h=0zN0M1&*9nhVh-YP~*uNo^>xLZC3Vkxc-d-fAZ4g&L@&55KRg^b2aBxF@fUJ}i
z$F5(@Edib`9ZDdsh;Lb4&U9OS&D@Spja1$&ch_7eu)2>a)p$a}K9BY?8&KtlH0E{5
zw5?fh*skFr+qGkx&77FCR%2N5h9rB*hR51AKDy)|KpP)#+vxD5P4C#QW*pbG#&66l
zTVr9t4llLr_)Oat7VCC+reW=d+#lCdeaRj$2im0$Br2jK5cTrY<hT^gq)7h^eqw@$
zl~O;YwoLLd(Ua&cA?gEIVC~03I%)1;H*92i)?R$gls*5lQTzCzVf(`me8!r~+tiK{
zk~=7~3-+eFW^I0)F-!sJx?_c@Yup5okAoY$s#9l4Q`AA-#&`W#3a<@*L2=t&v!{QR
zWU=&F;f%1@v>$o#Mcv=>*#yk%O8mW#oV3T}0CkLYg$)B^IwxoR_P<hF>MEPuWp>M#
zX#A%o=JSr!zcWpH&v##MFS}Jv)H=Xw-Iv`sX>*!f-gn0d873_I78*0O|Kg0<{r}i$
ze}DXmb5cS$9mV8^!Its%$2$S>@B?cF#6vpuO>>8XiJW3qAeB)DdrQLFlMh)Odo^R|
z3EV+qf*~)ICZ@;;D?yTSeY(`p3E4<5h&qK%DUz}{?WI$|9n=&q9#JV1D^T7hN-WYv
z-flP?L{KKj9!M%Up+`T)Tz1U4U8Dr&FD89Cn!IV&UT&#NTh@@1u*91$3eU<LnI*i?
zvXhG~JEgQ)9p@L?Hor70vn$6!V`F(}%$l{j&CZ*h()BaDJY;hVay*viY(`GT;ZrSp
z{P>(be7Io`AF11eM_YE!{quJBeTVJtM~>M8k1pEdM;GLnjM|Q!+id&xVcWlB#CGo)
zw_V%EY+|CW>bBG!eA{GRm)4Th$I+1O@JBk3#-p$Jse*jh#YvU)aVp{$i}}30JIzXi
z{QEBn{D>j^?(ixc<IAsM<inc}?gWxa;u!6o!?VfxQ)kqhOLo&`({`DL>IpfzAHDa8
ziW!y9tBmpk_H3K5r(C(sPRQ~5^y7=R%y=nQ52ZIjx_t#m@aJPfI48tWc!zpst8jks
zj(g_q&p$I~fAoo2d+0=ToY@B+T(Y++{!czNYoFmkXu_utE!v-bdd~jz_F4PDLtACS
ztZ>dD<NNaG?6c=x#Z0v^{J;x#+SQkB?->6r2kC^t^Su+vWOb>@iHv2wLQqW3DS{1#
zaZ|<GKOehb7bO#B;qM?vab2>@zyXAi&8o?iWH5oJDCPo+EcD0_lLvb8yEy(Wkzmd#
zLpdr{wX;$r@)c6*ts|Rn(aqmr5|dAS3UW$wkQWMFX;Yk%Akus@FX>D&YBRrk5{1+1
zJR(k!>4KPCm<)RWKIR(c9@yvy91Y@F(%?&C-1s)jBxWYxMNQ6f7@QjFzlO@;wU~zV
zYz%u9#>76#=1n$%VjdS&s2q)DQJe6*<oKp=<!1;$4cSXJpUxp?T)}Z$u1$C?meh_*
z%c>mvYDN#JZ4Stp*&!Yr`Ei?7_|*KgotkUg;gdCc<dNg{$q(OYAN~7#?4$p1zuo?^
z2kpMQj@sPO<2E%mWILzLF4{e5d-hM;#TW0eOE2DS2QJ=bdoP~0o%<$iVmlvfQ^_@X
zN;ob}DL5qJH+OtPuypkJAlgUu3dfqT?*~ao+RbZ1M~T-PMezZGB;}MNXC+PN;~EZh
z+XTl>QWqca?KUnf5|UsaC;gDdZ*dg)qh_wL36HI?Meyand(gh(7w)#NdBelD*jXcV
zeCJyZ+E*(6<-h*0Kl=>)?0b*dOMd=td+9IUX9u^+6Nd`t7P1=ksS*1(&)t<GHio^E
zHGApJ+d8%-zsuhW@VkFaKE5g-3yFHzvMx2HIBzQWYDQ38D>A7(+KF>)Hl~lsxR9ei
zOzi%K3g>`?C?t-^k@0WioOok-Y++w}f%ar#W@RJZYKaNI7oym*OutJO6(60GzSNUC
z`x`xqBb_`!I5J+oD4ZH6>BEn+QRg7q*WcXXs77L92{o0aOKvggD1c+c+ak<d?BQ?+
zL~X=ZMETY_AN&YfQ2e}((4xXP9CO5}T_GF?zPYX_Yp4O_ICS1XffV*PQaGwysmLz^
zEXomCnq9Jn$ek0q$VuS^$y(IO0&=AncGV|y$)+r}Eig8gmZY-MX$R`TtGe*<iayVW
zAo`3pbH`3RK8AGQ>#QR?)fKu1hjyvj+vHc(?dZW}d*r@D_UOIG?Y?`C+r#%iZigN|
zY)6mI*{tfnr23C&R-YapwY|G=T(;Y#m+i32<izaSHErV)+iYTN)M{fR>K640Z!`G^
z>eK=B0b>f?hg1g~86KbEP%<_c3r^@sg=kRsAUaTz6W4-Y4?W=fagqqN1=U}YC^jGa
z0vq`g2uhQ_qI!c|s!u`mt&UD@e_Tf~6}AW%_Xn;RvwwKim3Hl(!UCupmu>W-G5hQ9
zzS5q3>FIbMI{QcMjo*E(z2p{kZiOc<m|!rLyc!(Dxh~|V9+<G3H4e@c&%JWoMp#*p
z*sgM*^S!ddgj85d0Ufb#oYOYG8o>#c8w!Y#w{<*UvZySZL(ZxMpTJ2_L}7S|kQ3tY
z#LmI*?wFlY9DqNGE)Y%u<PMf(@ra7ar59XwqQVIgb;(g0&7h#^PQIf{R&Z23th(pR
z(g}JR^}@lzDUpm35fd*fOE@vEBX!KC2l9Hk$kg3Et5MJbBrl;MT2gokk3sD{r}mxG
zgvjgeI0^13a8!O)O&SXOY6>z{4tLBreaoVz#&T2o__&iJvn*bS4~O{1OvTTs3}pJb
zWVkaS*)!6CFQ4J;ppTaePa=u%d73=%oAjl<T^ABnZ{~9J61z8nHv=b1U!D<3E{}LU
zjW#4n`XU$S%<H2_9LMD;m8G${sPvg3Wv|=(kp-K1bkR=oi0HvZJM_Q_(Lp<S?@>E=
z|3Q27;Bom&E!#FRZU=Ua+m-vq?BYENi?;8XupK)_Y(mX6K0YLWMdkY@a4GELWv-)p
zF_<_gg3a$f?o)J;ta=n6Oyv`F-SEAbaq%t4nZrR@R&)7NR#xXq@alWW1rGpZc;j|5
z<G}h#mkLoEFV8RJBe25x#+P0{W$*cp>+D&Vb~_u-y>gqq|J$##e|lqg{L>Ch+S|V6
zDtq~DGFBCyxX`39B!lp@%eUDV@)POTP5be4uiB=Ixn(=m{m_|WmyDi270_MSbFbkO
z+?}#ssIsowqp^41ofMVt6KF<EF8&6Ez@f`-Vwg3VFz<K*d8nYwp1*0Jb0!leWL6LS
z5fV^*K{Tw=aR&HZALm7eqL~*UB{^XCBLVTi>->`2YsIACPk)L!i5CjpT!zT+-ZhaA
z(NW5h6ME!D5XU*+DH-7opL`;JJjFCZ89LB7zB(Y{v5GqwkS1atiQpJ4DLfxEYc{Jq
zGl}?Bx>@nfYGMp>heZ>e6Ap$7f|#_u9a0#F!B;fUNBPhNC&3@(AOj~u(Ks}|s-p9`
zQym>}&bgh3d{svIHKF+=+)`ebqdfk&L-}Z9Z)ZVG(sATeHpvixmo`we6Y+T-?+;xE
z9#(=oPAUs0D&&)o@endt&G7Qbt1-q{pzf?rP=Ahc6kE+PTW*YMULLdNOv7dm9=5~x
zKVtWNR`i+2?4bvb+2KPo);clg{>IL+VcWfZ*!Ia`*{_R#*X}(wy<^ID@7!jS+v_&I
zZP-Sp>Q?7-0s2p|zIUZYJBv8-NXhrL=*Uu(J2H4~3Og+;>%9ECwtN-2D(bt%rH1c^
z9^w&OQ>5|O`Q~n0)#k%?LpGxETJx1CNMZnOLs;F?c?_o$Xf_dJW?uccpuXiNm5+&Z
ztlr`|pD4Y>b7H<_J0{XehT{uNLM!9x&xsy4&edByn~1IO7LOc*OLmRgKfLNXyF@-o
zj@rNel)doT)AncIbeV0#7@Yy$cK57(>1!Xbn-7fHC;zSLnc+`9IcG2b-*;<%i`n=b
zfyw#AV`lIBZTSj2bS{Gq{7#j0kvk|U9>hd}H7txS5h8v<pO4V_T{DbwK#FT5;;17s
zL8>p=OT~CO5r^URyn;I!N+{kQ>O`*q4ifpCU%VXQWm03}LM`fxd<gXGV$w+?zqg6V
zL4@kS3PS<SFgRSkgs%w!X7qq?Ak<{uX8x!~VbZCm$BVk;2O>fYJ{il2a%LzUU?~qD
z;-t=Lh>`b#Ng$60y>Uh95VD94ptn0Za#BK<bm%CYZtjwp(;$x+$?s!Ar}?VW3cxSw
zV#zACLViND8I<!7-w$Oz#ust!lyj~>!*T{x{D_=a{GU;cmyRFA2HlRMP~(js*hSo9
zG?w{w<CZnl$8E+1|0Tbs@z9p@(rQtknz~%+x_*Xh%l3k+_t=ZB8nur-)UrSOhtJA)
z+$R4@W43w9uH09*SAM~z_Q=VG{mI=k)}GvE%grH`H7q|;t_ubG*ik{8u!o2UR-$5D
za`gTaaUfd9)taZmIYuw%1oU!FKriQ{!V?g>SmzsU`_RMl_K0p`ACPbKuzb%?KBkL3
zy+x5O^D_qX;Yk^<&mJ**NM%sg!BZ{!=s_8ia1PETFm4o!&Gc7UW!x}wzMq3gksH3m
z3$dEOky+I@u(IMHV~TUa<nI#^*OcNpkBn|fSz+M9O0tQ^k$}Rf2_nrMr4;ro`a^lF
z$T*+k&?m$dqy$uOepWYhx4}d*tor$ntf^mdSOCreyuHo9X(apZEA`CNPRhjH>6`{m
zL1H*{Tz9VO+!;A2(41&Vw4hFJh?b>?f0-Ck8!>_S-F`a8xlinn%7Os1;Ii(}8{DlY
zL>hCYlN60dL_Sf8eC32y6V;s+6MqaO@_I=Ck8@%V2}j~WrzN!?`(6rtM7^$xh%QL=
zgO{cbSw&heg1_9E8G7asMc?35aRd^zDk3i+54w3o>KBS`H+4xgZE1ed7EUbM$)gK)
z{IO$p?4hG}?2$uu^vH2Ldia#h96M$6qNUk6WgD_RyGQJb0~2=rRpWO372|fvo^ji^
zcig6@CTz!K&9+Z2+xGFA?HO&_?uoiCx3;T3r~YWxr>r?LZlhxw=NkWPj;-n6k{q9z
zR?}t{n*L3h#^Qpt+52-+G%K1vp>Zc-<MSLVCaToDq(byJ4hnr6W6Y&iD=6m=r4^J<
z9&Fg6F78ELynGRM-()A@&ch8mxugN2!Enj+kX^n5i>FEIL{k%%I#$>@TDR->buN}_
z1!WVl6;@CH6CoFJ{+NZX9jn{(ubZ|%|E9}iP|mEc|LU$;d+F~#sQFCg$jG?S4zM~i
z&P;iZ!Aiub$IL$PI_V&T$i4w4Zl3-7l6&F{gz@jpIGW^i@JBirJjMAZ{N<>ynGjxI
zwV+;Uvf<pTNq%^hmmuia%+nwqUXJMDlN-0Miio(fegT{pCOh^I!0UfxU!#B`PGAB>
z4wJHPidEk*!3Te0^BE+<RGif#-&c`j(w6AfIXQhObkqs2v%15DLzj39nF9Q|h>poA
zA<K~G1?BTHkm-(xj<l_hcb!DJ5beQhxc(|G2|3a^hv*yrxI7)%yTdsvbL$4e5L5>7
z^aYMBjaf8kH()CRJy*%n6S<toOB}MIIp`Of$H$qD@OXbJlJQP86whNDzUeZ#eZnR+
zhfI#vd~uC?kx|_MY?G7P()DxYuD0E@+w6UJ&D*;^d{_*Ufpa}~()Yi;>;;$Ey@wa<
z|J{Aa7MAO_D96)3o#!_KI&yP>!|VD{a7Pt~$0bDbrZ{p}*dln@?;o^h{f~R?#lQ2Y
zZgNid+IPS8pgmjhpZ6>G+rg8k<A33O$Lw<z|G7VVzkN1){kXyt5LgVp7`0s!S`fcV
ztmsE(TK1T3O3oAyooKm(?34L)Rt|JNoRb1FQ+_9}`uiI&GIpG!5;hlO3<00KG+FRE
zCO1_4w0>a;1%GpgYe*S+ChsyeY58x;P<K(Re9*YQ=RjrlBLBLl$X83!(PbzaeO9xs
z=*fhEp1keSV#NW+L%OnZ;2TS&A4m3A`2G%c@(JA-o;a$oj>NGagXi`$><<yKiL(Jw
zf8-)RNagY2x|S4+)d%Xx5kJPyRbSe-aAbtU<^<vh$hU&T5ESJE^@|T$mTt=u!bHXX
zmC!w2u_ep~RbI7?)sHSxJ_z;c_Rt6C5!t-;60+Dkg1k;=uYnNCcp^_u*j_rDW1RPp
z8M@^JTeMqD&TAp^0`e90%m_8PmKnb|6O=>0H*}MQljg6aPsoR@dsCb`G-n4NK4tgb
zbJFg+<D}hl*Gaqkt`m0mJ%{Y!dmpt=eCh#v$44HuJ0D5kN*X1<lo)Q?a(&F^bv<5p
z>7>2#Sy$SZ-m=?1|LPrf+hx1#;@x{}d~8xq&`A0ukrZKEvQkD{`OQY6xc=Zt2U@kl
z7Qv&ZFh&jg)vvfn9&3z1vt#UpKiaVW{^k4ZS(k?;mYu?Q9bL8``igz_Ww+?=vci)O
znr!cRc*Z_(pC+X<fsDal-#Ke-Ha(smdRqhN!wQc4q^|FF`09t^m=AcfgUyj_T4aTR
z&3}MN3oD1y!Kw)>V*WuZ3^k8<<W#tU6pzbGl@BMRNE1c7P-Yy7bG-<t>>(yVkx!!O
z=x-5aaY1Y%!@*!R`lR}A_LMGa=%m7rCpseHag1m|v@Bv`jc<j-8!rBahKR|%_>PE<
z#UzftDicS@H<3bW2eB3Y8}-47QMOK)$PDmBe6$7Oo+KTSj{|^SJig&;sQx@aLVN>m
z4{D+pc@_3m5@e{bSoV)cJRVj#IiYtz$-PN`Ale4`=+^yAtPe>qcRsp=Wdu0VKq!Mu
z_}4&Wr_E4>tcVyCksks@`zP`@V-$!V6687{jyZ)_y&F3BHq|%@@>j5j<U_RWnC!v9
zlS}s5gAM!W-G}YbW2zI*3Hj1Ks|SxQ+gtzsQG3h#58AyCFRMu>ZU4UgcFiR_?Y677
z*>i5%Y0tQ3huwVbPP_b)UAFt;9kyfdHXEMarW+q!k4$Me^(xlM9ef&rcZl*wJe{}>
z@=6D)M?9O0(j%Uy|I)+uniuV|SKP*P@YDFJ*FS16xoOhA>6trHOb4&|>%+ENch&#?
zc{@`~2h}5<O~h7t#IqWfTQ)g0W;6fsI=8(W!Q1Ydw}1BA56Y0qaGj66CjH=#cn+HV
z;~Qkm*dffF8^HL>@cMIW8Cnc4lNJVyJ3I_6`xj^sUO{Hn#ECmf8S9v|b07l?$zu-s
z-6t8YA1r1}Hp=UFe#%S|j(|VfQJCyJdWo>q@^W}X!e416LHy`T5RjLNiFyW04&uUi
z2jD64!=OY~Z#Z(ABh+`KM9O5JOv+kJ?Cy*ai7e^J-8b^#A)0(RIT7!xO|(l{X(40=
zU_nM9i#X(^a6iN&9tT3`6VCApi;A5_tQL?Iaw)SPoOd+^1d0v)X@k{Jlm#=qwB>5@
zvpVE#WF={h;)<r}i%cj%+LOsY<kC;UQf^MKiz0Dg_$Uc)#If4QwdE^^>6*Z1;25{%
zWV<u2a}_YcD$U54O^y!R)b<^^4C|e3V49P7KWIqT>jH24G-|fk<dKlF<1^_RT4Mi_
zu8EZnieFTICZ$Aq162;n=Ayg@<*_BZm7mru;m*TNyJ0U(-J|v3siqthUhC?PuN;(3
z#FlqZbkTC%E;Q|{pMAjo*UR_z-BjHVcOO}{7yQ;k_Q*jQ7{<#+y_~ZFRsd!Wn|<j2
zN;e#oq#FmfXlcUgQduW_b0jRAUmwItRvqV`1QE@o153{Yn;2s5?nzc8-ya%L`3*TF
z?gua#Ac_-rGIZjr89Mq~FJiz@I}iN)0i=_ew(S^i=P3Z6^iBGBB71E7aa+V?U~XQK
zA0Pk+PUl3yvtp7<3BDI2703Y|j*gHg`09m@<;iPMke8|lqK@<lD?R>w4o~R~UkPIt
z%_~8;PbRNdsnLph3BBsETKRzDm<!>f`&I+;yV?=Tbq^4a(3SSy5!oVZPZ45bM(>%}
zrHB9zV^(>5Fw>?CBtRP@C+SjG*d0){WjN0Mhdk*#1y9=wl{JKe5`6`e;#jru>w_|M
zWEIh`!yy~h#5X)TZo_gAYYNwR+$#O}!2Q(Zn6>M<gMwT_v>Ba{<ac#w<)CaXN)F0q
zp>j|*5nI|p(M8I2%0$Lw*sj}4p1#}u_#5`Ga9aD}Q->P%lHYyI?s@D)$JnsSz>wK0
zPD<gR{E5aglTU_1MH-<D>e4xM46*u=yFfV`nBjEqcN*9~;O*H7Vx()bd2JrYxPcYI
zPP&l?9C4Bo3RNhd)tZP%%DNnc#N-eVA1ttQ<Z%>sm`~zI90+ke=QR?kv=R$BqAo-N
zq%e=V^8F@VKmjJML69q$WCwEb!3LbQU)dRO9H|zpL5$Hn>}HOWynqD%Y&vNI$p!y_
z$i?<4!jX#Tr0ayS%igBA>yO80tkCiJu&<yJ7&E?~DxCw$@*xz3_5#-nWoJ6XPdTuP
zg7aCl1LHEC6n&Bkj4_|XWr%!_7xEb^;>RKB>Ql-^c9PX~9VyJJOr-f^RSDH;eW-42
z>DbW-=9JF?KSUhz%gR+aE0|eo8DDEYG2iy@9|iaUtQn1iQ~cPK@80i#xAA5c+fMu-
zR)r@SxGpsYo_Xa?`<Bl?Ap6p?w|wk~z4HGYvb&Eq{f53Dm|x%e={bAx??3F$$(~)~
z_KnZkZ<p<sf$^VH*g_XQ>WnOR-WY~_iJA*U<UgFoxrlftMY%H~aw8}{HOA<I?(h~C
zY>8KGdEIeFPUbPuQPC;Fa)gdOu5hB`k6Zhsj=lkv4XGmkO_*89gV--21DlHKK;=78
zu6QXQK0biP$H#DXd>;l&*vcEWHUi-o@<_-Zp@;`@fs|a>{jRb}q+Li%$nye!OydDR
z?R*DCx;QD^j=JgGH>fJwN&G!2rSqtZ6%qC(6t4y+QdB{CJiz%NPkiaM7m<(okE(^d
za@gl7@fHPTR8#*^PuiWa;ChOX2}@b0$QsDS67Gjcb6%Zr0kYpC>OeZ5t7j7S52Iz|
z?M+`R4|{QV#Ni*S6S3-m04~}f&S^JRCtPrufbx3d;Et0AD2-&_$D<={;3QWd!bRH?
zR@uH+N6aAte+0y;q3`DrKO5I6j=Y@HxBk-v$WmrEND4#T2=V1&exaNjzhRNTSp{F)
z_{Hg#=DV6rU(HA0I)#%rJZ{cW7DRltg0i_Nt)RU8^@r@SlM6PiyWijb>Pzg}J)M#8
zy?=4YK6w9vol=MY_E#UUXI<R6efs71pS0J1_?R7U)a~cKY?pn-jp}TnT0z-FY~>Xc
zd9kl}=3aa4SM9fHmPo(vPF<%m8jCI4zi-OE^oB`$-j!2!V4Gj_j<yWvL&ux;&U<I=
zPd=sb!H#<2OK#a~fB7vJ*{2_G*q8s#V|MT3s$cPC)$<6Jm}d^z&_~{2qodP0l`)dB
zY&Kh}Q`?qf4@jzC$7tyULkVzP2)jYnM8!QB_KbWW@=;anCyAsN@)DBm?4&8+4VtwN
zr@jd{TN!Z~DO2ZC?!dD}ei?8Or=CZE-|s{-o*cmk&<T^^ad{rX>R&uNcYH+tNI>zf
zLjXSXCY@7w;S-Zj>M)b;1!M^M;`jYN@R3&y&T{>r@W)=g_>mRmCb{0fJ@g3{2;}Wu
zAlF}ECeL!Y(Jr~Xh&vM?&zpyGbz~9`U84+lJQ4<7!F0J<J};va?6eW>l?rfYIrTGb
zNq@1@>JDWwfKuDRBS)#YkjOuwgZi8FWy$fqCL;ElpnH_<V@Q<4>zy2}0CgNjAIYQ`
z|LKL4?y~q|3j!mLSAc;j5KrH6tZ+{7S9i?W`#*WY{^@m7g>wSld!OPzbi_XIvWdbu
z0Uv*K);{>*qxRGTHGA<59p|LNlL!kf`@dg*kvk_p^>#TF-0^bJPYm0k<MZ}=A3S2;
z{wELFOMm|%d-?A?XfOZW2kjMac+mdsTOYAM`Iv4nxSQm+cj`m-{s&Il+wWPhoA-^_
z>%VTF%ic1O@oUX3+Tz@t&Ckq=PU*(-q&4T|V6h5v>adQ9cn$aXQN=yhp_59VIiVY>
z^!7{qaGbx&ijhtfch){xVssO^ffxB(G3n^-ruG?DIA}!V{3ZCEqK+8cpd4X)v9n>=
zAw)rhxdU~;kjfw`q5(I_m~QS`osYY5)zg2!Mn~$s$ep?JL;NmILE<4DJ|0*3%8ugM
z1WA4m6GvK^l#V=<!D*vi{ggZdl2180=HxO-U=@Igk|ULr{I2*!=*Na#svgZ0L>rRD
z9j}bMe2!Uk<o9+LQ5?rJ0Wv~u|Lq`A$d58eb6pY*3MO>MM=pyo;B{vX!3oox;lFPr
z2459Zzu{>3CRc@Fj@3YZMcLbw6*cA>-VRNk2Wt5q6XhKiKl$-5d_|Kq5y{kz^PKqO
zudlPOB@qtdl5||w(H{*djAP4}Y}0QWsbnOIe92TLums6cOt}yWuW(i|sy_M2S6pI0
z`bE1_Ob7h7!4G`Z752Ygwl~Fez^9D=<%=(~KYHb*Tk6G&CoJNc*ecNEcgN$4_WghP
zxc$gqJ*WYs%Q=i2s~=2`nlv~(|Jo^g=H-*JO<c&Th~MoeUa_8>0h26j(^<A}_&*2j
z|9;|>efp3L6q&XHPy?qx&PIFopqvlUiKEs&al+asdG%Hf3Eu&M{LzaHD-$z!bWVzk
zM;I)f`^1KQ6AuoHFQY5oUxQ6Yk0WntBibq_+NM0&`Pd+wfm6(CU!aHTMqUuvIWi{@
zz!vj3hzZ0e4*Czu?6yC`N=L|lqejVouCOn`GYLV2i7S)hX=ne<8wfcme|*_>1re`w
z^zla~@JnZiiFi;d^ZNuYQV|N2Nb!zxyvTo71}Y^Xhd8Nsx<80OcP8jaNQorT{z0%I
z2juM>L>%?+BJl=A{-CG=jw=&<&_>}aWKxvf-h7Y8-?Cz|mmVM<(NJzY26Y`!hI~3<
zrQLr5f&_?)N0_}Vk{OM_!B^D;9u1{vM`Y=VNK8aoh>0;1?L;!Zm8fP@2il!wm1rR<
zLy8ol0RhQ0G#=AM)gzuwL+KIEAADraUil0*bams;KeK3Gdfiy(%ibB@`{1%YWpB-P
zP0*XCQ9a_>MC6Zn#?&|auQ7Ys7J7?^F9|bg`j3KfWtXtrvKua%usdFTjo&Db|J#pu
zKD@R9y2#mVivxq<D2=J}2HOAV{bv8~XQUIa(_@T4sw+k<hB(I_O|TLn1N6$EbnfVQ
z+h8DhKzZQz-`~kVQOGD=yPX6ShCkCM`01jEW`ZS5m&9^@ntKZ5?cmG^kkNMI?~#K6
zJ<D}2mlf@dT*@s#gar7+6FQWItpTzjAGz6_xB|3Ev?*c0Jm#+qmnuOUFpfg!0O$GR
z5l>9lM$wiiA^7XmQp#7*N_ARsse}#)VHF}PgJ9IJq~^wv*FlI=%JCbGL^v$I!X{8}
z_;6})>f(2!)`Vm@8_MGpa7;MUx|EBT{zIodCORf{PPm+LVSr$(aMsYvIRRgO(@N(A
zJpc0H70yY8vjnb#!f0(FY}3HtE3d08p+ypV(z>2=cR@@{u>2U{RvS~Uzl@=8NaZMl
z>S0Y9q+#qKCeoO!Rt1@YRssE;v#v$}9r_`+rGo(5PoBI!UOyEE`LcdS*zw|Aiu-Cw
zssL$&5_@%`jDBSWkMHZriE^bRlen*@usXrSj^eET5MBckQ?w)Ov_mg~ha>I7aD{xJ
zQ|A~6iCATFy>%L61@d#^$(QoF?uq=7-h79AL#Q(F4Un!ni;Da~p#uuC@&yr}4pF~N
zLteIse&p!w!Jv!Eat;(nlqXTo6gLpm&^(I48Fc4HQ9);dym;n1NX5{S0@AaFq=LQ!
zeNd$<Y!s`^D;ow*^H~sE!Epgz6G`RRD0^W-%DYjNp=Bl4!&p|4$LUD@Alclm$%wdf
zg>qS3h`C-+7Y~YN<d1B!x;Sr&hjPB0R>Y-tVNxBGD3=2L(O4(gc{HH3obtyT9w)wn
z^d}}r-bC`p9qKQCQ%7MYd;bwZ98Agfaz#-u5V8s#dQhaJGK4QsK#5&W1Pm&(rm~#~
z(-DgIukPyTkM(qfm-^#$@TiHmCOuv3IAzS3IVs8!x^Q$vLPS#Mggj4<kg=(tu%HZl
zCx|y_Ms!omhYZgrq8)HDW6>?Cn;aC7S3*aB?2`rz;I!PJ70wL0kbN(hz_{ED0*y8c
zV>*lOtguO-g;}z_urTBkhOT`-T*!k0-E+bq#a+5)5T6`VG+mX?dmFJ`A!iUoxxLB?
zb%VzpD4qDk8Tx1B4jA=;6!!fxI-U#i@}ul1KM^Zdg?=gQpY7);UME#B+MEi9!xDtU
zz_jChDKBq_`XdzDLNdbJ@J+1PG4YneF1vH^vN(FXCL&yr5^3*(C|_mxS5H+guhNp=
zH~s3|N#_8ax#M%vd6~G=XBLgJInu`t7upGSg$07}m&aG=e^!8Eg>uqWPNF-9=MbSn
zPP89wnRz3Dnr*uXmL5<vDYXfaT9eESrs_50&4Vt|i*}3@{j?ci+#~DA+_G*C6r%4c
zY#gx%<&FQ&Y+{$$p6kqB_EWk6Je3%>I9hGnJvnSY`Ohx0LmCr5_SQ!_kAyB1#2%DC
z|8cX)?J2ShH&lrT_t*yl;tBSePzLs(u+f+aWT56E4@Oe<ve<;U3PPuze32LsQ#oo-
ztffZ)`F>N{3rUFcbb<vuOP()d@LzUTo6vqt+)U<yTvnG{ozRTFZ$#nPL*sENzD}n^
zL;~`ooI+Lx*jYjxPM`P(@G&MhFY<5#v-&^yV)EoX>Jj|R@5G0U$dmIFiNSy{jZs!=
zh;rRTAo349R{H=sWgUn^e}_)Ew)}%}XBkl^fIj8xsn9V)%Cm}t0+i&x(kTf%pT_H~
z9F)xkPQ=*&gT8W3&Kz9CN93UV$q$*0PRl{LQVz;bUpNj5z%cvfSA{Pm=LCd<@@H~T
zrsSaX9n$%Agk>&Sc#_FW(wcx-`FZ7$>&UMq;#YxBHe&Q&HddHs_B^Y!cdqhUD9Vpa
zDT0ZO$1EsG(wRInUXMP36~$#ja(TY;Aszj9kn)7oKIO8JOB|~v>}~N!OP-=EO7#6T
z<xHypdH(74q;O<qJcKC7H_gHWF$PE!q8s}yI3%$SL`45bIRuiZP6Cfr6j7uLMCZdL
zm$_bq4n>(na5Cs-*iAwdMbU)Ib?k-U6BX+BhB$nQZ$X|H%WoAn9mVqDCR62{Y$CW!
zxT<vJtZ~I`Nib=#@%2J;PI937szaK@V4#!EWc-ttWquuT0MZkO)j=MdK-o%u(HMK_
zpYaa6$uTT%0`h$ihvGd<Tp#j3(y4eP#5u~LCvg!Exz{3EC!(x@NPprnPglJ%Cg+K;
z`otX*=^2lT3Z2!!@kog<8=?IXOggf1&*K<>lqBNotRZ_4Ds)r6A}kP$>p2fQSXt1Z
zi|jZiP@I=32j}pzT0vJha%S3r{hq3eKTcu{q-gR4alTQ64lA%hp=67!c{oQN7d*5n
z*Di!JxS9!yJiLjOsH;nQLp5b^(bB%7ne$Fcg$hqPlwUEdaBi@!W|z_Tw?-gkbfcGO
zU{D|vs4&Q?3+#-I*yq5+$X*A3n}r)Z9gFX<B;EWI=S;fgcoA<Y#krHx{p}LjVVA`@
zlRa@t_K$E8&$;4Bk9^($040@1x#-f1{Cg|G-wUL{15q%fe1-lTX*bGBAjm{r>;Vz^
z+d*m{^p3Y?Al{<!H%o#%V}}<(-WTXVSrC0a0Nh!ToFboy{z7~g6zB4(19d?@c{_)J
zk@FJnnrS0K^>e2wDG_Bv-W9r?C*;FntuRN3I)p>gRreBtKl0<4cvllKI*5akKnJsQ
z>784l!jlb*eHl34R2CMb!Z`!YKaj!Btvi{RWE4mAy1Okalwcr4m-WfZDEJlOzn?{d
zB6(9J$lnlA9FO2u#AoM0z8@oqbLH!b3nD)9Azy942kZDbe0OeAdM|Q)c;kdTnw<SZ
zcM9W3`A6lH7V_g2TgvdpfC%GIs4RZdhq&Tx9~=(F`zO+M&KorT77y|={bS{$i<AYB
z?%z6zvdUqo1oFb-AAn1|J^@lk9m2;UOmg&<lk|%Z{rTJn198r{HV{E|p`Ks{@39Xg
zbPhEJEN)W~Wur@4P;zh{PJ7P7Q&o<U&T%zFK6gk&?wk<da~q;|eH{*pgUoA{TA{)d
z4Z3hJ&@3~@PeD{Tw@7nZ*W7@C<D6p`%63Xj{<>*89SG!C1|He?qXnHu`Ap)xdBU-X
z3sRmkKNGBnbzCv=u7{8n)GMx>mdIBuWa|B^pQW^3<Zro9H#K@5rp_)$JpN{k%A)Pb
zQ@qkkJVZW-_S1D!yzQe|jw9Dn@wt5Q#2Z8Yn5PdUwrIzqvUDnr1ByVB=c^JWj{sKS
zD>v!H>)Htx<13D|Q&9$_x)k!IXZdka8Qv};CiPWU5ke-%9*8mP^%mu0m@N7EW}>V=
z=hPwUlBWd$9FuTfRzq1n8_W5X=h!@)%In)~6)IE!x{A2#TGHJhzg6Ntd(M?r;hZ9x
zJd9%i16`VnP6I|+Iwn5<t&#Qi8~iHJH)v`SbO%)wzd^$>;{3yLDvK~H1_i&4tXOzD
zVd>%%yhI0KjB{|_YvSo!&ow|ba#{=Ucv~grE~h3%Lns-KhL#es85{kB2RY>D2oc90
zoQ%AT!l_^uj<`V(GJ+^P<n#b6`K%XpqP?Td$%=>-eomADC`V(eS4ZXjNm)V2&C?2f
zDX1%<gU~Cg65+ha6*4y&=p9uCQ5O*5GS6y2*IZxEM}&m%<{Uxd(&M2hszQYdy}-r7
zMdOnX5&6|s;hciLV8WmuIObi^w_BnEp|qqQ^Ff(%!`}tT@NaM=a^@trh$pNGnrNT&
zvUr>oPbaJy#UHn*0`XWS_LX=Vq;n=79lR(I^(CI8Q{w0MaC}uqM4p_d7a}d>cM&p4
z5QTp111Udlg8cg>nnj97H0gt1o`<8z+an_oNAz?jASJ?2zT)F;oRk17d{IYOaCTzf
zPT};Bfba~FmuPpK;E@vvulJRLLGTsw(-9EY#ZUrKB*)Ae`GcJ><Ot?ie&~THiX#L<
zpNL-#@C5Hh5cxL)p@Ta#I)NgRL)0;=YvrI+sIVq<_4wNaB8+E+^9Kx97+ks{8L|})
zOBcihACst0h64O$3d7GasE|p%L_P_EEUt)$Ko;*SZdushXwg_I9&xbhqI2ILqA-s@
zNN2n)Cvxb>BSw#7B}Tj)heW<dMC6Y@gwP+v1QT)oct!ztYE*H5ES1YF5sznbT?<lv
z|9~2Gk_>my6px%JyB|<9san7v4WWzV_+uN%>IL#qr@YVN(M{KkMnY*&kQa(}a7T!8
zq;rnoD|j<<ktF2D4CoM#E&xZ^;_*k9KSBa~F4k~T0uhdSBd>=F4&tMY)(i4d&#3d6
z0$I@}>@^u4(UDCn5KtWLR%)NhL8(w-O=MRpZx-~m2o=sAvNk6e1mZ~7&{Yt|y9}RD
znM5H?NU^-1QyBiB^5g{dip%3Ee@*0tMo<O1PHDXP<S+8o794^s&L1)1=#Y_mkrz_k
z{4o=gu87Ak?uev#$lqX*LxMAb)8mebWa4~>%rbT9TPBc&onN3mptS%yZSC!r<aF&b
z>47{sSjdkY2a%jmN1TsfN{CZ;QV0-H;t51jp<|AapMg3D-wOU-P#^dvTx6|*f#hX~
zDh<*PWkg<_hRp!&S9ly6Z|<B(c$;stWFN-MP&p_SDy$2Aj97)U3@j`bt`{jSx&^xj
z!H(T0?1m2p0`PN$A-%0qkj~wC5l@gm<`6Gg{82{I!_Oho5}(J5{BcdBCt4Mu8$`H7
z?j#_;6d&-%D-kEY&^_u(o&1=k;RNya4MldnMblw*O4&CAbk1e<LsGezKskqewMz*&
zT7&399)KMB-FaP*h{*ItQI5!ilj3E;!+<IA1%kgo$j=ljWF{I2<X@|TLL}obFmtca
zrw>9+Kwqy1<c&7vNcMG#aD)ziP3pw;;F<$EXT0=SM5-K=3Kc4BabV22yIhTA`F!HV
z*y%Kgtl_W}k6`){=CD*&@i;?5eAR_8N6I5E=gG()!$=>DF=Yq!Md(lh6SY5%QMey5
zw-x8`uR?_*BN|R|(Pq(BLCD(>5R}@;_19_W*$b2%6mWg?$G?vvS-eH$y03y<MwFS?
zw@Azo(XOZZ-yh?$BGQ9*Rb>1j6I#>n$e9N~Jkp8BB?Cj5aGrU5xDh7>qAq7NE(GKh
zUI!-`dZ<-7C>1JHxBw7VvKL{-u$)XRtQN>YaAGxtiBdc<iNh8YaTvx3_m!`S%b5t1
z0RhBu-h;nzXn33=UE(dDynH4K|KOUA{$qSnfc+O;`#;FXq=}4G$Tx{fj=v5s9Z=Ot
z1;ragg!4A=`erCs1He<}TNPxC_7U;x!91dh_9dF+LEw7m4{b@`@}W>ZGFK?q2cbfg
zS?I5JDnE`1<azv~aFoeO2GVf~RuoSHdiCI66XeNtTBC03Z9@=xBimQ_Xooe*>4$YY
zMkR#aMez!7o%r}qQ5ooo3Kc3;xWIwM!}?+6f;h*b%OJ-i5298h*vL{2bBFDe!tMk>
zi4P*JfYL%pJW}yTElgxQT9RO#6VI#o2Iow|;^VEEoH~UnP2u7ZO_`E>-<vWk(k$lj
zI7|Hg4Ww{9jtYXum7t;}L>0=kCde41451_Cke>;5U633^d437tV{x=gzc+nAR=l(D
zkv9LJTtsjz!OP%}<ocr}%IG7%Kok;k6F;XUL46&HJa2$H^<+NH&a6#%y>PM0=zE-^
z?Sgvre?L%ms^+>7I#U!Yi!LNx3$C2vI6z6Q%0a16p~4dc7`<ME0mMm>1K<;PqeHAr
zuvyeUuP(maZZoOm;hc!?1@d<xmG6%aa+2BgkCkyOr}ZG;BO&Ul(`tlSSG|grq>Rds
zqPo(1R19&{YpuHX1p>%Kd9=SrZUD;2YKpgq6zY1@XBD9&1^FL3lzb~Xs{>f*FaIDN
zV?#OzNTVwK`nhOx%19s@&~`nGjJy!}a9}}X?12!EysW6cKoojM-|<^*MW5$HT~{eL
zmy^p|4??^j`I91WnppkwzU@ST%0a16p~BV%hBzk3G7Vy&3qyz?CXtlcofSxNzWN{|
zT@dGKLd_{axhqKW{ljG(F}BJ;QNAjocwZ3-UZru&WkY}?dkxC8-aQ8^1cN-BgLoz=
zW``0_Sp;>WDWf?#u8PQ<3EIfy23$nQNwR!WkBNOPM7~uf<6Lz2$r=bgbu2p4F44ze
zpmu_A7Gh<g1d@?MAAmJwCWL5!SjHw}ut>laAc3-ju?I+sI&s`cKSo~az|kXA5w63i
z5b>hQL8(xo!qx|Ns~2G)!{^|9RbU8v5l9xXpeUde&!dX`5lI(mlJrLqaz^~^9!)YH
zhqI&jc+}xUoTwjqsR^yCz5y8VZZP+R5fqyVaw46Ho5_(0pJOqLbh42>Cy<BNgeu^7
z%bj2s)+GmoLI{I69|VzaP^Sh(GsRZb6WMeSkJ-c&Dse<iYRdkA5he;?d_;z<u|oa6
zI;?^`Z>d_Rm89RHJ_W!QN7SRbnQt)=LXWOCiN}x%Cfa-l#V^o|dSSJ+GS<Uep~Cq>
zjMEsa{le=(<l9KzCn7Lv{fH)FE*)qRD5IA^2tnLYmZ)o`B`29v-_+TITpm_jd`>7#
z+&VxOR3cl12L=vEULK~u7lF{1b9BaONr)uc8Op<}0!9>O(v|XYn)la0a>@vWHiEVC
zg_5*E0#S@Js4qe%`Z)tpQ9q9KVNXPUh=OQ;+Kpo>IG43vgy^1#M5v^HFXXZ|s!x$G
z1u_+4L~agP;^ec-{2oJ4*|>5J544uyB^{XyQoJ88ukux>a6aMVRL2GV;TU6_^I{CA
z@LGV!zsW#8oyTvR43hWBj4*1n8Pp3jVN5Oqkp%W4_Ce%Uw4k-ni?>I<etK?n0`M}J
z+z>#R0^+teCkpAIPp>$lda<sG$b>E;f_Z<%BF={EdA3k??gmBFw*;D*I#bUG_XK&P
z^J$m}D}J-g0XpyqvI}wENB_-0xk$gJ)DZsTl8lc|x!n#5nKoK+8R4ON&Hn34ue2jS
zd6PZ*<2Tt|ues4|wlv!0Z2aLjUE}1A$7)c+J>!ZU*8ch1%x37A5@g7qbM>SjD^xgd
z&^Y~^%O~vkPv2@+>=`keZ`rSX%@y|WkKb%|vSF9(p0f5Y+-i2J#~98bCuDqN$et!y
zT!)`~<)nT32XD2Vlajg7>+%T=uKO7g?Mhe_k6?J?g~u%H`@jH)ZHo`9!Rz6O-vrta
zuz^XR5HhSV^&oC23!^u7JIY$u+yQfBh;T3Jht<*&25JZ71Y@d~*G&h&jD$Zh2tthK
zMJ}?|K$No{^vgqh6uE*Y^ohqM>2XbrPd_ROVhDtP7;!-^C)z$_rZJBU+AHTLc~BsZ
z8y|j8sklZsDuJ)Nwni0Sy1qI}t%S=GQJ0?eC;@&beN5Ix^QILybG&ZfP@6U8dpIcT
zsbCJ>>3z?0_t?#Q&GvlHC+*@N_>}$dUmsH8Ds)yFW1Klkf#dT{Coc~tg)|%xUbUN}
zh5`mgJWFyu9;c0HxVa<;UYwF64SUbGUuAY!9v2OaOwu8K%!<mAhjO_Stx(}?V5nxF
z(HQ*5!A09PTC?HlVY__SuwAlU7yd%azVND1``BY?xiqc?AOG2yWlS%%Z2z{pz2WOF
zbHg*IF??vYWyeWN>7FO98Hn>Goionkx_Ck&>V+kbu<Gk3j5{tSfQ<YXcGcz$5gS&Q
zL=92w{b18-u@P2s{85au4nk^jFFL1n13}b-aRE^WbW#1{v-G^`%J1Mr7+nKo@3!7&
z5mcD6Irc!_CIca>JCDZvcZd|Xo_0iphP~%0)Ka^x1@f!~<aJfGRPU&7I2BOO%ML~;
zya?4b>Wr>F_LLrMu!KAaT}wrG7$uLq>}}$DkG2b1FNP!!{e5${WHrY+M}Hle@~CLi
zd8I<90V{HP)q{ABWnx%yB(D?Yo~F$i;&KFb?;f$Qd)jvUcYkrvOkvwKYJc<($LxxW
z#_dx-e3KphZ#Uc9zUNwbOk-+?cBh&$s6Y0V7g^&MZ?$`W{6_nN8~50ozx`^(H|)|q
z+w4u>d5s;D0mt{yt);#3Uted(|NAZWiPv0jSM3|Ow|xJ#HloSlvp;*QjgQytH(q&}
z&HemSZ26a-Vz*tsL!S7s{pq(~XCL^1>+CgOvR`f7a}-smaAwf8G<ULLAAe-to^jbu
zyL7s)o10;q<+|QKZP)60_~TFM0+-|R!SB1lPW<dG_RC*&h1uha_Qrp8wH?#7ao>;K
zVxtqo_SSE{!fx3&YVDuC*$&M#b%8G1C%^9+JNRF3u@~RA-R$_1{f95P%&&vRUwn$$
zqYL)U&)H|M|E6o~(Vx26zTmoP8HFd>IF|wN4W&?SEU|uW)x;ulLoH&txcE+q^7?Pg
zh<6BnOkPU!FmYH(?s5lgH?romVdO$Ea+EK9dhTUWQeIfFm(eeN!=Oxr(oVEHZPf#r
zYJ-6cDU)v|Wy7izXR;a;Q6}|8#X*!<(LSX-q!Yzmy-(2e1-JPnz!QYLLWh3HGeC?z
zDodMko(?&!CC~YkzoxOv7y;<L9*~c(=f)U=_-Gmxs_6!6DC!=Gr1cpCAlP!E9#l2j
zsZ0#5oU$=ME1gCNTrZ@+#ORQ<b<wvm6d`21ZVwz>u&4jZXYF%;?LON#S+{@jdDAxE
zXxpj9rhWTYUTm*?+D;q!wvXD?Kk{k2=UBs@cJa6rY}?52klnI>%o+;&YuhtR_SLVu
z&z}9O_u4z}Yua~x-fnxzPu^(<bw_&LcYoZz{%Hs7Mb}Q+q+|{M=)Lyw@43uwJTPVd
z<eG8&iMJoIpL*+KW@Fvetx#c8kS^|zJ~nUP{;Wy6YS);3;DHnN>mN8`zx0y5_Owf<
z?SFspG5d%d^mpGsYd8Gd-S!Qiv)x|)Pxjka{nmZ<yx+Xv{_3t7`^}eKZJ+zA_t^U$
zT(H^?ecE=8583mt9<}HHrg(niKKu7CIAEXmjEn4tU%1_F{Q0}>C*E<&-u)9d`_=YU
zw@lf^-}7;M&u34`NIk*ExvvuG=s)w%QRg03&HY@2VZ#tYAYRR71$RWG8=1n0cOl}i
zlxKh_JIY@-&?9IK1WOqGC^roJhIQzN&?^d|!8Z#bS45Edtk+3N*_~DcydZD4eucps
zV`weGp##mrG4B(?P*0GN@^MmnFp(V14HY^EqF^XFDTs@xF5Xp8To*~6KT_0jIsG<~
zKk^|eFE8>809gA`h|7uMQ=L~jC>ybD%6ELe<$F+S{%lR9Ky%A>(VkKJgI8W*-}#)~
zwtc)NKLZUqdhF93<IlWP26dObw5eemmtkGt?oW3;bK+}o_apcX;r0>x({H@WzV8e6
z*v<QNcgk}2MBPU5UgUWE6B+Wiep+``$U1t;K5=NtZqS|Usim6z`QIHj+qPcUvO<M*
zKx6k$KXuCXPuK0+p1IHNI?}K=-M(O7_ta_IHQuu03r*Xnw9B^-`xySY_a3rEIp2Tv
zudfx)b~)x_c2Z9J4ml-b8q+)F%#UhveaGERJGIcZ3CUkv9I~&zWy}uFEZeI-Z<pjY
z?C0Kn#I|ev|L+g$4s@r+{u9kP3AjPipDv2{5@9wl><|V!jCNm?1*{Wfp^UuDvyD(S
zFE{GAfhr6Rgb%t&WKe{{ss#Oty{BFr2SK!hxBD8EC)xS+hiwGD5{LIo1D4<`aG}f^
z2)RtGxv1zHMD!eku8ashIC37DgpeC-L4_<50!pC$B0Gfo@aAn9GI}Bv=8uqMOY+A@
zUHXR-O7}fqsyM{sIzE8t8IZLGQgQugbF7&J&7NAeKe_#+-TuATn;nya#~b!*Uw@fh
zDTm?s{IdP~U%J~anHu%gkP(%NWAW%r!+!LOrqiC0w%vXI3A=HxjO^%`{j1N}*7>rt
z8oVz4E9K~1zGK3^{kI;JuTn4U@JL-3%g%B8%exlrpFd^XWsP67!>-s-w?F&LNjXJg
z8r_^~R;bVy8qY@$F32~o*>kTRv$x;3VDJCfQQJRNm*Y{hg%fg8=34f*_srY(|JDQc
z(|`1cuMR%*@-h358q=RTylm5BHFw6hkBoH2zQk_R#WJkBe-;4P-}06_mgL0L?MMIg
zuzla_9<o1u?_rJcy3(pKUVw%R3gf)0Q4Vk?%cBN}j1XZa57JgaUS^bcRzLw6@^T}I
z@<V;Xn*xN5iZG}>#u~|I1eB-I)YiU7NQ$ppcQP<B4hU8R{C9UKmq|72G{kU<TKtC5
zpcRZhAWNtcRqHDT1_(!qv4$=&$!CBi`V@JEx{;8^Z|t+;v6(w!iq83|@|xyC`4Aff
zqIruC5vn})OZiukl>qtgE^(Cp{<UB6_-|2(*iV&*y}lv5H#Wzr;kC(l{+B;}#J>A2
zhwRj^-DanL@m9O%h}rFj7VYVmjM?$u{~Y^++fUe$xu)HHbjco*Bk|h5c+B4Tky$(S
ztGC(RKYF8W-(9!=^U)bQ_Ft~I=Uh2z@4J6a2D@b+d~nh3KfYx59zSVEf8i<iz^Qr3
zPy^@=^8*jg+C4vdt^Ls_AJ-l1j2-{gr`qw?TwyzZ;$AsIZF~RyY9zd(3Kh;a#)j+<
zKY7C5bKi_T{^*P^5C6?QbM~fB99Lq?KJVA>v2TCQ4m<j5PqmN#<Sq8T2bSzDx+Wg~
z&8OK@<bZ$p;dwi9vT1*Fudaa~y}=$l(Xfv`Iw#Z9wplswpMHG7-hKOFd;Ldr9sSJp
zcIsDdvw#1R%XEz`*qw(p&hcWN@Cb(i!oaNongqgr=LGVwGhu-tB7247d;o;(oX!ZL
zABH`2>49=xnUq59pff@r=Oo(sj1YB1V5;N5I;X;m-{*l=LFnr2I`MMUw(M2P%VY(C
zrvZh`0cD4bC@12=_sB&OE*Nv!Ia2~`x%`3@=}#_#AJRGdQ#>w3g`+|qRkg^!7K$>X
zoFED1=qs8c93prqgE!DTUBn$1PA7L@5$2^Be_IFAb&azVx+c_Y+eH*R81R}dy2b2Y
z{*l?-u@qUtq6$rqad29Ese`u;D3_H%mQT{78yn*-2b9z~<6d`yo?rhvUY_zJgUzj^
z!5eA53?t&L2tYcIeemwUq|#_G@=R8bcPeZU^%1i}cbdKKUuwKfneD&9>>FRJc@n3i
z2N=JM^$7;M!1#=@%5Lwt7IbRk`m?Aw;yL&I62yszVLd4sT*RX~GOQ!a^$_En>w|HQ
zk>GlIqG3qa?%{jP{`l2u(;X>tgGf!b0_x(G2xhgdgL7z76mhGdToze2#SG<ov6|5b
zIa^tmp7k9B4BRnMX`CT{)9M$HP~Y>QIwF_gT5vt|r_iI%YEK!_KCsq%)RFXI{V8-H
zqDMOniYPDO*M2A1ja)J6Qp#AC6F{w^+Au+Mx+;L3h%ogD3VxZGp2&FyL0LEQ_d_^1
zT<dL79VbzRssGng<Y2%^POA`zFsm0+=^RG^15A7vQydG@;DHyOILFBIe1|xkl{_t$
zv<XLE_(_Mz7kMgFI9Fg?hjRk*v6^2CK4ux)+4v_fV|F6(z(1}dad|i&=j1_tTu&AH
zLru4W`l8Gb=d55rYarNzFxcr{>db(!I7S#Svt+AEd2)nv_5gY@Cl3S!P>B#kM#{_t
zphmw*ZoOdA>Zx=ez=~7Ds)qyJs36438^<09c0cl`S4R<_Q@I`1(Ya+&WM@?+#1)7L
z^rkNHSR^5r5d^yWlSu3j`l%3qr9O>ew<{?b&~Lu)Mm+xZ8|R5gLqsp?DlZ}Q30e)_
z&nk~SEIj^+A8BkZ4(OoJJ}AKvs!*Xqg(nKIY1sW<hPDeB(y-WJ5C=rE!EVsc*oKB4
z;V4BI!O$AIg&vSkN-4Z1@^U%qoF#dGO_*~bR5)X#vY1Q<(k&s{nK!)LQIccA?;){D
zxtixhK9YOsP8vE;MdwMnMLTfrujU35v`QnOPY%Svj<^*%L}D&C!cYmpj>7{LvPcM0
zzM2YZ&4_3AG`0BsAjSFjS$Hc*deX1nw<2WqB6OxKs^2SpAd+4<Dlv|T)VLaQ;VT-Y
z2XbK*DpaWOL;`jjI~ew{FJQz7u5w4-50RB}&KL-b2@!A(aULrNeE=J`rqFN}UbF6i
z%v69fC|~DwO=!@jgR=5E4hXVAtOmq4aomZ(10Z1)P?Q%};^Q>NhpQA3sU5tWv;weJ
z`xh%b8HfszO!i$>jzowA%7FT`d9Z@enPWjpbc&7_u~~RoM4UTd#8U_ABJ%I8NHHhX
z*PRI^<peuzvk@xvl%R}iHg-|xt7+-6)T&?)%EeDH`&V!7zX#<BgH;Atg(nZ#gL3dr
zv)}vw%=e%ixY6wY``!L~P%50hbk?#bgMjvb{Ih0%_&s*Udr*1-U74gYl7W2LyD!K%
z;2wuE$hunFkT%d0I|Q*80_2l##P`rG%H{~lVcKF~C?k`Z@6Vttl^N~0E;*}#G9;I;
zoo?hQCUv7;o>wzqZCi@$gV+zjelVXDS82njBYASCqpouvpLky0e9EEtWjVLQ6AJgy
zBch{>O!R5Mg#6ftgu@(+9O-}YxU&&n00`l!zx-o#LPQ5vlv`#<`FkrjAdrazBpEKA
z_NHJwl}>!k#^s=_HJGRyJUk=XbB)<Q|1Zja%9C7hS;t;+7aIJ6JB!Hs`$BK4F3@gy
z<<`JfuR9yJjy_=a|NgVC9~qV1SD1a-k7z#N_ZKciM1!BDhA)d<$57~rA<ZnuA2xf(
zFUlS=xnR5~1R{Kf*D3ljd2t7aNX`)%V*54|jAa9jQDqbD0El+!C7-x~9h8^=xtk7Q
z5zl##_8~cECCrieVZC5-W-pcRBT$)i3FxIiW#kAQR)sRPB^UXW0|v^MfpWc13FsR3
z#|V8I7#1dNl51<Uq03C+eEa~M6rV%XsKs2OINA&1>&A827OzVW`5<Hg`iAo;!|Osm
zMetiXJYsTL0!iVIP=%1=dJqAULxV2J@wz5G3VspuetzzV2#$>RUhNqTvKq*bW1T~B
z?o@$TK|!xR{j~x(DdC&|${>H}jO-YsdHjV0_n>L`v!py?V*t@!YdMG)1Y#ic*lnI8
zPonN|;caE$q>N8@!cBGDVmAISIM7Elya<CeoLitX1Y!{F#yy=g&IyB!7Q-sa6wV2{
zhv6fP@bUnnK2hL+2)zR#j<{8?&AeQ~RD6{?<1!)(RoO6dWpfaZ;5Dwt04!_Pw-=O=
zH!or)q{x1A31w`^?okFu96}Yakv8-Eg1_a%3F8JKJ(LJuoB%ebdx7wk+Bo<?ujc2E
z%b+YV@Cr1q*}_ZF@F1V|i#J;X%t8KE3t<r|&~{yIoAPi;lof!F_;66j>$>RZ$oXM_
zsAH_W=#ZBSdNjf5ys3@_a))^}BpyWIH*m`19h9#%b&7+666@{owGb7&(11tjhC7zd
z&H%K551t+%4bVn(`~?px#2{jT_W>;Bx?YH5<bp;TcpQA3uhL%|0dm8h5XQLC$ApQ4
z)(vGIc$~mUA#ta;L3sO!2EH~ULnz8|jkYDr*|5EivOYP8E45Fs2i9ei$V>)JQUs|_
zF%f1UEham#uDX*M`AIQ!C4aB#^#dY+mm7+%@u+1a(kN)1&L>$=mkqj+jnx6-A&*N5
zMY;my;o7Wa<pqE6l|g!r;ETRsUkg0pu=E586fP#82R-sM|Em2}7Ft%Q1m?wZ7C%=$
z|6L|wxveuE@sQw+;?Wxe4igoCE@W)BgOXp6IcRIrIi_pw!UmOL^saKpMl_Cgh4YVM
zoNuy&0;2n|1sI~RD-qB6nc9iIwu(X+hnrBZydHfGbB@RW;#yb*p(@n3K4*elpBxm(
zg;=UoKlU|kR8#~9LdSCda*iE@E$SI%!AD%guL^FlnLI;p9Ye2y@(V>B72q3PJlZJY
zlJ0@f*UN~L0iBd!hvJC>;JjycMRGlkXxwsbdQ==GfUmZ4t-9k9f(JmavSP09DS`}i
zikPCEgD;Xe$KeS%IXEwuxnd54Au+Mx)`hBmY&?$qo+lph5E%t;6c{4vb0#vj0xAb(
zgNVxDqBEE{FM+7aLD?GU8s|OwYBLZ+qKx$x7cwH>s@Dum7@|$A7h)LF$zHFG&|!ed
zERw_i_G+(92Zcg3B97cDI+C<%dj~R^Y-$aedEfP_+raVzNp4Y=+PS9V!1)urT>YV&
zc)a3rCe;rL=XyFHq<}x}!M+VR5XcL9$qNzTz<a#@L_FtRj*Xc7npKz$!|Xfp@OmpQ
zAR92|pcQ}tq92hT83cmpnCljZdXbi8@puOTJR7hi9-S9*6pp721wX;F^@!&}#b!Gw
zy+C~485<a5TN6}_3S}cK2W>mD3GG_p%;Do){p4>etOn9C%I6Vr9fhj-FvE6nEd`HH
zFu}Nv$z(MYvPA=l%M}D1G4`t<vVe1D4=9vMMgKBe#NGi&@uAniI+bK{3ZiahMEZv2
zATlcx4pFF#oIw#~6L1GW!C0lp5q$o*hlV(VyDUWHZIPcxIf0xn;5>=Z=PC4w=QqR;
zIOd})vOz2QHyA<|=P-%<+c%|g0wN3WbUGt+3oynw7c&k@_$$EKlrO%LZD#*JWK}C2
T7h)D%00000NkvXXu0mjfK$-&g

literal 0
HcmV?d00001

diff --git a/windows/configuration/kiosk-additional-reference.md b/windows/configuration/kiosk-additional-reference.md
index 89636e3e37..62e069a572 100644
--- a/windows/configuration/kiosk-additional-reference.md
+++ b/windows/configuration/kiosk-additional-reference.md
@@ -6,7 +6,7 @@ ms.reviewer:
 manager: dansimp
 ms.author: greglin
 keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"]
-ms.prod: w10, w11
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: greg-lindsay
diff --git a/windows/configuration/kiosk-methods.md b/windows/configuration/kiosk-methods.md
index 62f44d516d..8b8ed5a71b 100644
--- a/windows/configuration/kiosk-methods.md
+++ b/windows/configuration/kiosk-methods.md
@@ -4,7 +4,7 @@ ms.reviewer:
 manager: dansimp
 ms.author: greglin
 description: In this article, learn about the methods for configuring kiosks and digital signs on Windows 10 or Windows 11 desktop editions.
-ms.prod: w10, w11
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -54,7 +54,7 @@ There are several kiosk configuration methods that you can choose from, dependin
 
     ![icon that represents a kiosk.](images/kiosk.png)
 
-    If you want your kiosk to run a single app for anyone to see or use, consider a single-app kiosk that runs either a [Universal Windows Platform (UWP) app](#uwp) or a [Windows desktop application](#classic). For a kiosk that people can sign in to with their accounts or that runs more than one app, choose [a multi-app kiosk](#desktop).
+    If you want your kiosk to run a single app for anyone to see or use, consider a single-app kiosk that runs either a [Universal Windows Platform (UWP) app](#methods-for-a-single-app-kiosk-running-a-UWP-app) or a [Windows desktop application](#classic). For a kiosk that people can sign in to with their accounts or that runs more than one app, choose [a multi-app kiosk](#desktop).
 
 - **Which edition of Windows client will the kiosk run?**
 
diff --git a/windows/configuration/kiosk-prepare.md b/windows/configuration/kiosk-prepare.md
index d520d448f6..69c2860ab5 100644
--- a/windows/configuration/kiosk-prepare.md
+++ b/windows/configuration/kiosk-prepare.md
@@ -6,7 +6,7 @@ ms.reviewer:
 manager: dansimp
 ms.author: greglin
 keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"]
-ms.prod: w10, w11
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: greg-lindsay
diff --git a/windows/configuration/kiosk-shelllauncher.md b/windows/configuration/kiosk-shelllauncher.md
index 01aa705dba..a9119c35f2 100644
--- a/windows/configuration/kiosk-shelllauncher.md
+++ b/windows/configuration/kiosk-shelllauncher.md
@@ -6,7 +6,7 @@ ms.reviewer:
 manager: dansimp
 ms.author: greglin
 keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"]
-ms.prod: w10, w11
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: greg-lindsay
diff --git a/windows/configuration/kiosk-single-app.md b/windows/configuration/kiosk-single-app.md
index 134b87cdfa..fb1cd6eaee 100644
--- a/windows/configuration/kiosk-single-app.md
+++ b/windows/configuration/kiosk-single-app.md
@@ -6,7 +6,7 @@ ms.reviewer:
 manager: dansimp
 ms.author: greglin
 keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"]
-ms.prod: w10, w11
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: greg-lindsay
diff --git a/windows/configuration/kiosk-troubleshoot.md b/windows/configuration/kiosk-troubleshoot.md
index ed739f3bc4..b271f00d82 100644
--- a/windows/configuration/kiosk-troubleshoot.md
+++ b/windows/configuration/kiosk-troubleshoot.md
@@ -5,7 +5,7 @@ ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
 ms.reviewer: 
 manager: dansimp
 keywords: ["lockdown", "app restrictions"]
-ms.prod: w10, w11
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: edu, security
diff --git a/windows/configuration/kiosk-xml.md b/windows/configuration/kiosk-xml.md
index fa28517269..a8544cb71f 100644
--- a/windows/configuration/kiosk-xml.md
+++ b/windows/configuration/kiosk-xml.md
@@ -5,7 +5,7 @@ ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
 ms.reviewer: 
 manager: dansimp
 keywords: ["lockdown", "app restrictions", "applocker"]
-ms.prod: w10, w11
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: edu, security
diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index f4095795fe..2fa40326a6 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -64,7 +64,7 @@ Watch how to use a provisioning package to configure a multi-app kiosk.
 
 >[!VIDEO https://www.microsoft.com/videoplayer/embed/fa125d0f-77e4-4f64-b03e-d634a4926884?autoplay=false]
 
-If you don't want to use a provisioning package, you can deploy the configuration XML file using [mobile device management (MDM)](#alternate-methods) or you can configure assigned access using the [MDM Bridge WMI Provider](kiosk-mdm-bridge.md).
+If you don't want to use a provisioning package, you can deploy the configuration XML file using [mobile device management (MDM)](#use-mdm-to-deploy-the-multi-app configuration), or you can configure assigned access using the [MDM Bridge WMI Provider](kiosk-mdm-bridge.md).
 
 ### Prerequisites
 
diff --git a/windows/configuration/set-up-shared-or-guest-pc.md b/windows/configuration/set-up-shared-or-guest-pc.md
index ec1f517461..ef26049efa 100644
--- a/windows/configuration/set-up-shared-or-guest-pc.md
+++ b/windows/configuration/set-up-shared-or-guest-pc.md
@@ -2,7 +2,7 @@
 title: Set up a shared or guest PC with Windows 10/11
 description: Windows 10 and Windows has shared PC mode, which optimizes Windows client for shared use scenarios.
 keywords: ["shared pc mode"]
-ms.prod: w10, w11
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: greg-lindsay
diff --git a/windows/configuration/setup-digital-signage.md b/windows/configuration/setup-digital-signage.md
index 4b8f92635f..792409071b 100644
--- a/windows/configuration/setup-digital-signage.md
+++ b/windows/configuration/setup-digital-signage.md
@@ -6,7 +6,7 @@ ms.reviewer:
 manager: dansimp
 ms.author: greglin
 keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage", "kiosk browser", "browser"]
-ms.prod: w10, w11
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: greg-lindsay

From f464d757d3934fe33f6dd79b8a7182417969ff3e Mon Sep 17 00:00:00 2001
From: Jaime Ondrusek <jaimeo@microsoft.com>
Date: Tue, 21 Sep 2021 09:52:50 -0700
Subject: [PATCH 549/671] Update windows-update-errors.md

Fixing a link.
---
 windows/deployment/update/windows-update-errors.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/windows-update-errors.md b/windows/deployment/update/windows-update-errors.md
index 20dc038060..ac67414ec6 100644
--- a/windows/deployment/update/windows-update-errors.md
+++ b/windows/deployment/update/windows-update-errors.md
@@ -167,7 +167,7 @@ The following table provides information about common errors you might run into
 
 | Message | Description | Mitigation |
 |---------|-------------|------------|
-| ERROR_SHARING_VIOLATION | Numerous causes. CBS log analysis required. | This error is usually caused by non-Microsoft filter drivers like antivirus. <br> 1. [Perform a clean boot and retry the installation](https://support.microsoft.com/help/929135/)  <br> 2. Download the sysinternal tool [Process Monitor](https://docs.microsoft.com/sysinternals/downloads/procmon). <br> 3. Run Procmon.exe. It will start data capture automatically. <br> 4. Install the update package again <br> 5. With the Process Monitor main window in focus, press CTRL + E or select the magnifying glass to stop data capture. <br> 6. Select **File > Save > All Events > PML**, and choose a path to save the .PML file <br> 7. Go to %windir%\logs\cbs, open the last Cbs.log file, and search for the error. After finding the error line a bit above, you should have the file being accessed during the installation that is giving the sharing violation error <br> 8. In Process Monitor, filter for path and insert the file name (it should be something like “path” “contains” “filename from CBS”). <br> 9. Try to stop it or uninstall the process causing the error. |
+| ERROR_SHARING_VIOLATION | Numerous causes. CBS log analysis required. | This error is usually caused by non-Microsoft filter drivers like antivirus. <br> 1. [Perform a clean boot and retry the installation](https://support.microsoft.com/help/929135/)  <br> 2. Download the sysinternal tool [Process Monitor](/sysinternals/downloads/procmon). <br> 3. Run Procmon.exe. It will start data capture automatically. <br> 4. Install the update package again <br> 5. With the Process Monitor main window in focus, press CTRL + E or select the magnifying glass to stop data capture. <br> 6. Select **File > Save > All Events > PML**, and choose a path to save the .PML file <br> 7. Go to %windir%\logs\cbs, open the last Cbs.log file, and search for the error. After finding the error line a bit above, you should have the file being accessed during the installation that is giving the sharing violation error <br> 8. In Process Monitor, filter for path and insert the file name (it should be something like “path” “contains” “filename from CBS”). <br> 9. Try to stop it or uninstall the process causing the error. |
 
 ## 0x80073701
 

From 6cbcd669a2959b5bb04314c28173048b6b9ab1f0 Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Tue, 21 Sep 2021 12:57:03 -0400
Subject: [PATCH 550/671] fixed bookmark

---
 windows/configuration/kiosk-methods.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/configuration/kiosk-methods.md b/windows/configuration/kiosk-methods.md
index 8b8ed5a71b..6688c3e6e4 100644
--- a/windows/configuration/kiosk-methods.md
+++ b/windows/configuration/kiosk-methods.md
@@ -54,7 +54,7 @@ There are several kiosk configuration methods that you can choose from, dependin
 
     ![icon that represents a kiosk.](images/kiosk.png)
 
-    If you want your kiosk to run a single app for anyone to see or use, consider a single-app kiosk that runs either a [Universal Windows Platform (UWP) app](#methods-for-a-single-app-kiosk-running-a-UWP-app) or a [Windows desktop application](#classic). For a kiosk that people can sign in to with their accounts or that runs more than one app, choose [a multi-app kiosk](#desktop).
+    If you want your kiosk to run a single app for anyone to see or use, consider a single-app kiosk that runs either a [Universal Windows Platform (UWP) app](#methods-for-a-single-app-kiosk-running-a-uwp-app) or a [Windows desktop application](#classic). For a kiosk that people can sign in to with their accounts or that runs more than one app, choose [a multi-app kiosk](#desktop).
 
 - **Which edition of Windows client will the kiosk run?**
 

From 960c78b2cc51b5c256d6b39355da9d4814d1c56f Mon Sep 17 00:00:00 2001
From: Peter Smith <pesmith@microsoft.com>
Date: Tue, 21 Sep 2021 10:36:31 -0700
Subject: [PATCH 551/671] Update vpnv2-csp.md

From customer feedback -- IT admins should not use lots of DNS suffixes. Not only is there a limit to how many you can have, but each one makes name resolution slower.
---
 windows/client-management/mdm/vpnv2-csp.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md
index 1fed240483..291a8e0d58 100644
--- a/windows/client-management/mdm/vpnv2-csp.md
+++ b/windows/client-management/mdm/vpnv2-csp.md
@@ -591,7 +591,7 @@ Valid values:
 - True = Register the connection's addresses in DNS.
 
 <a href="" id="vpnv2-profilename-dnssuffix"></a>**VPNv2/**<em>ProfileName</em>**/DnsSuffix**  
-Optional. Specifies one or more comma-separated DNS suffixes. The first in the list is also used as the primary connection specific DNS suffix for the VPN Interface. The entire list will also be added into the SuffixSearchList.
+Optional. Specifies one or more comma-separated DNS suffixes. The first in the list is also used as the primary connection specific DNS suffix for the VPN Interface. The entire list will also be added into the SuffixSearchList. Windows has a limit of 50 DNS suffixes that can be set. Windows name resolution will apply each suffix in order. Long DNS suffix lists may impact performance.
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 

From 2583871160dbacf2c3709a0978d9145b0dfb5531 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 21 Sep 2021 10:43:36 -0700
Subject: [PATCH 552/671] Update vpnv2-csp.md

---
 windows/client-management/mdm/vpnv2-csp.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md
index 291a8e0d58..87588a2a0e 100644
--- a/windows/client-management/mdm/vpnv2-csp.md
+++ b/windows/client-management/mdm/vpnv2-csp.md
@@ -9,7 +9,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: manikadhiman
-ms.date: 10/30/2020
+ms.date: 09/21/2021
 ---
 
 # VPNv2 CSP

From a3670fcf38b685ee62775e042cc75d4fed288735 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 21 Sep 2021 10:46:08 -0700
Subject: [PATCH 553/671] Update active-directory-security-groups.md

---
 .../access-control/active-directory-security-groups.md     | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/windows/security/identity-protection/access-control/active-directory-security-groups.md b/windows/security/identity-protection/access-control/active-directory-security-groups.md
index ab20f08979..35606ee96a 100644
--- a/windows/security/identity-protection/access-control/active-directory-security-groups.md
+++ b/windows/security/identity-protection/access-control/active-directory-security-groups.md
@@ -1,5 +1,5 @@
 ---
-title: Active Directory Security Groups (Windows 10)
+title: Active Directory Security Groups
 description: Active Directory Security Groups
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -12,14 +12,15 @@ manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 04/19/2017
+ms.date: 09/21/2021
 ms.reviewer: 
 ---
 
 # Active Directory Security Groups
 
 **Applies to**
--   Windows Server 2016
+-   Windows Server 2016 or later
+-   Windows 10 or later
 
 This reference topic for the IT professional describes the default Active Directory security groups.
 

From 9dd48686ca8452d41d2290d2a7d0199fd9b9bfce Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 21 Sep 2021 10:58:03 -0700
Subject: [PATCH 554/671] Update zero-trust-windows-device-health.md

---
 windows/security/zero-trust-windows-device-health.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/zero-trust-windows-device-health.md b/windows/security/zero-trust-windows-device-health.md
index 41ad5cd387..6a133de741 100644
--- a/windows/security/zero-trust-windows-device-health.md
+++ b/windows/security/zero-trust-windows-device-health.md
@@ -19,18 +19,18 @@ Today’s organizations need a new security model that more effectively adapts t
 
 The [Zero Trust Principles](https://www.microsoft.com/security/business/zero-trust) are threefold.
 
-**Verify explicitly**. Always authenticate and authorize based on all available data points, including user identity, location, device health, service or workload, data classification, and monitor anomalies.
+- **Verify explicitly**. Always authenticate and authorize based on all available data points, including user identity, location, device health, service or workload, data classification, and monitor anomalies.
 
-**Use least-privileged access**. Limit user access with just-in-time and just-enough-access, risk-based adaptive polices, and data protection to help secure data and maintain productivity.
+- **Use least-privileged access**. Limit user access with just-in-time and just-enough-access, risk-based adaptive policies, and data protection to help secure data and maintain productivity.
 
-**Assume breach**. Prevent attackers from obtaining access to minimize potential damage to data and systems. Protect privileged roles, verify end-to-end encryption, use analytics to get visibility, and drive threat detection to improve defenses.
+- **Assume breach**. Prevent attackers from obtaining access to minimize potential damage to data and systems. Protect privileged roles, verify end-to-end encryption, use analytics to get visibility, and drive threat detection to improve defenses.
 
 For Windows 11, the Zero Trust concept of verify explicitly applies to the risks introduced by both devices and users. Windows 11 provides IT administrators the attestation and measurements to determine whether a device meets requirements and can be trusted. And Windows 11 works out of the box with Microsoft Intune and Azure Active Directory, so access decisions and enforcement are seamless. Plus, IT Administrators can easily customize Windows 11 to meet specific user and policy requirements for access, privacy, compliance, and more.
 
 ## Device health attestation on Windows
 Zero Trust principles state that all endpoints are untrusted unless they are verified. The verification process uses remote attestation as the secure channel to determine and present the device’s health. Remote attestation determines:
 
-- If the device can be trusted. This is determined with the help of a secure root of trust (Trusted Platform Module). Devices can attest that the TPM is enabled and in the attestation flow.
+- If the device can be trusted. The determination is made with the help of a secure root of trust (Trusted Platform Module). Devices can attest that the TPM is enabled and in the attestation flow.
 - If the OS booted correctly. Many security risks can emerge during the boot process as this process can be the most privileged component of the whole system.
 - If the OS has the right set of security features enabled.
 Windows includes many security features to help protect users from malware and attacks. However, trusting the Windows security components can only be achieved if the platform boots as expected and was not tampered with. Windows relies on Unified Extensible Firmware Interface (UEFI) Secure Boot, ELAM, DRTM, Trusted Boot and other low-level hardware and firmware security features to protect your PC from attacks. When you power on your PC until your anti-malware starts, Windows is backed with the appropriate hardware configurations helps keep you safe. [Measured and Trusted boot](information-protection/secure-the-windows-10-boot-process.md), implemented by bootloaders and BIOS, verifies and cryptographically records each step of the boot in a chained manner. These events are bound to a security coprocessor (TPM) that acts as the Root of Trust. Remote Attestation is the mechanism by which these events are read and verified by a service to provide a verifiable, unbiased, and tamper resilient report. Remote attestation is the trusted auditor of your systems boot, allowing relying parties to bind trust to the device and its security. 

From 25071781e9f44852b2978f60abbb123e1983270f Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 21 Sep 2021 10:59:30 -0700
Subject: [PATCH 555/671] Update zero-trust-windows-device-health.md

---
 windows/security/zero-trust-windows-device-health.md | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/windows/security/zero-trust-windows-device-health.md b/windows/security/zero-trust-windows-device-health.md
index 6a133de741..259a09da92 100644
--- a/windows/security/zero-trust-windows-device-health.md
+++ b/windows/security/zero-trust-windows-device-health.md
@@ -31,16 +31,22 @@ For Windows 11, the Zero Trust concept of verify explicitly applies to the risks
 Zero Trust principles state that all endpoints are untrusted unless they are verified. The verification process uses remote attestation as the secure channel to determine and present the device’s health. Remote attestation determines:
 
 - If the device can be trusted. The determination is made with the help of a secure root of trust (Trusted Platform Module). Devices can attest that the TPM is enabled and in the attestation flow.
+
 - If the OS booted correctly. Many security risks can emerge during the boot process as this process can be the most privileged component of the whole system.
+
 - If the OS has the right set of security features enabled.
 Windows includes many security features to help protect users from malware and attacks. However, trusting the Windows security components can only be achieved if the platform boots as expected and was not tampered with. Windows relies on Unified Extensible Firmware Interface (UEFI) Secure Boot, ELAM, DRTM, Trusted Boot and other low-level hardware and firmware security features to protect your PC from attacks. When you power on your PC until your anti-malware starts, Windows is backed with the appropriate hardware configurations helps keep you safe. [Measured and Trusted boot](information-protection/secure-the-windows-10-boot-process.md), implemented by bootloaders and BIOS, verifies and cryptographically records each step of the boot in a chained manner. These events are bound to a security coprocessor (TPM) that acts as the Root of Trust. Remote Attestation is the mechanism by which these events are read and verified by a service to provide a verifiable, unbiased, and tamper resilient report. Remote attestation is the trusted auditor of your systems boot, allowing relying parties to bind trust to the device and its security. 
 
 A summary of the steps involved in attestation and Zero Trust on the device side are as follows:
 
 1. During each step of the boot process, such as a file load, update of special variables, and more, information such as file hashes and signature are measured in the TPM PCRs. The measurements are bound by a [Trusted Computing Group specification](https://trustedcomputinggroup.org/resource/pc-client-platform-tpm-profile-ptp-specification/) (TCG) that dictates what events can be recorded and the format of each event.
+
 2. Once Windows has booted, the attestor/verifier requests the TPM to fetch the measurements stored in its Platform Configuration Register (PCR) alongside a TCG log. Both of these together form the attestation evidence that’s sent to the attestation service (learn more about the attestation service below).
+
 3. The TPM is verified by using the keys/cryptographic material available on the chipset with an [Azure Certificate Service](/windows-server/identity/ad-ds/manage/component-updates/tpm-key-attestation).
+
 4. This information is then sent to the attestation service in the cloud to verify that the device is safe. Microsoft Endpoint Manger (MEM) integrates with Microsoft Azure Attestation to review device health comprehensively and connect this information with AAD conditional access. This integration is key for Zero Trust solutions that help bind trust to an untrusted device.
+
 5. The attestation service does the following:
 
     - Verify the integrity of the evidence. This is done by validating the PCRs that match the values recomputed by replaying the TCG log.
@@ -48,9 +54,11 @@ A summary of the steps involved in attestation and Zero Trust on the device side
     - Verify that the security features are in the expected states.
 
 6. The attestation service returns an attestation report that contains information about the security features based on the policy configured in the attestation service.
+
 7. The device then sends the report to the MEM cloud to assess the trustworthiness of the platform according to the admin-configured device compliance rules.
+
 8. Conditional access, along with device-compliance state then decides to grant access to protected resource or not.
 
 ## Additional Resources
 
-Learn more about Microsoft Zero Trust solutions in the [Zero Trust Guidance Center](/security/zero-trust/)
+Learn more about Microsoft Zero Trust solutions in the [Zero Trust Guidance Center](/security/zero-trust/).

From 4fabe42624590f685149b2f86f1d13ea48083d34 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 21 Sep 2021 12:50:30 -0700
Subject: [PATCH 556/671] Update trusted-boot.md

---
 windows/security/trusted-boot.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/trusted-boot.md b/windows/security/trusted-boot.md
index 69631d8340..8f33995589 100644
--- a/windows/security/trusted-boot.md
+++ b/windows/security/trusted-boot.md
@@ -1,5 +1,5 @@
 ---
-title: Trusted Boot
+title: Secure Boot and Trusted Boot
 description: Trusted Boot prevents corrupted components from loading during the boot-up process in Windows 11
 search.appverid: MET150 
 author: denisebmsft
@@ -7,7 +7,7 @@ ms.author: deniseb
 manager: dansimp 
 audience: ITPro
 ms.topic: conceptual
-ms.date: 09/08/2021
+ms.date: 09/21/2021
 ms.prod: w10
 ms.localizationpriority: medium
 ms.collection: 

From 27ca51efc3c1876435d0a4ca0ef84c993ed848a2 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 21 Sep 2021 12:51:55 -0700
Subject: [PATCH 557/671] Update security-foundations.md

---
 windows/security/security-foundations.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/security-foundations.md b/windows/security/security-foundations.md
index 2e2f94b61b..7ec5414862 100644
--- a/windows/security/security-foundations.md
+++ b/windows/security/security-foundations.md
@@ -18,7 +18,7 @@ ms.technology: windows-sec
 
 Microsoft is committed to continuously invest in improving our software development process, building highly secure-by-design software, and addressing security compliance requirements. At Microsoft, we embed security and privacy considerations from the earliest life-cycle phases of all our software development processes. We build in security from the ground for powerful defense in today’s threat environment.
 
-Our strong security foundation leverages Microsoft Security Development Lifecycle (SDL) Bug Bounty, support for product security standards and certifications, and Azure Code signing. As a result, we improve security by producing software with fewer defects and vulnerabilities instead of relying on applying updates after vulnerabilities have been identified. 
+Our strong security foundation uses Microsoft Security Development Lifecycle (SDL) Bug Bounty, support for product security standards and certifications, and Azure Code signing. As a result, we improve security by producing software with fewer defects and vulnerabilities instead of relying on applying updates after vulnerabilities have been identified. 
 
 Use the links in the following table to learn more about the security foundations:<br/><br/>
 

From 41b1eb9c09c2873bce590ef20d041b72500dd382 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 21 Sep 2021 12:52:28 -0700
Subject: [PATCH 558/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index 9c4e6c86ea..c231c53e4b 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -12,7 +12,7 @@ author: denisebmsft
 ms.collection: M365-security-compliance
 ms.prod: m365-security
 ms.technology: windows-sec
-ms.date: 
+ms.date: 09/21/2021
 ---
 
 # Windows operating system security

From f28c1928b10c6f0468da649945e64b55c0abb613 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 21 Sep 2021 12:53:08 -0700
Subject: [PATCH 559/671] Update operating-system.md

---
 windows/security/operating-system.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
index c231c53e4b..66115fef04 100644
--- a/windows/security/operating-system.md
+++ b/windows/security/operating-system.md
@@ -35,7 +35,7 @@ Windows Security app | The Windows built-in security application found in settin
 | Antivirus & antimalware protection | Microsoft Defender Antivirus is included in all versions of Windows 10, Windows Server 2016 and later, and Windows 11. If you have another antivirus app installed and turned on, Microsoft Defender Antivirus will turn off automatically. If you uninstall the other app, Microsoft Defender Antivirus will turn back on. <br/><br/>From the moment you boot Windows, Microsoft Defender Antivirus continually monitors for malware, viruses, and security threats. Updates are downloaded automatically to help protect your device from threats.  Microsoft Defender Antivirus continually scans for malware and threats, and also detects and blocks [potentially unwanted applications](/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus) (applications that can negatively impact your device even though they are not considered malware).<br/><br/>Microsoft Defender Antivirus integrates with [cloud-delivered protection](/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus), which helps ensure near-instant detection and blocking of new and emerging threats.<br/><br/>Learn more about [next-generation protection and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows).| 
 | Attack surface reduction rules | Your attack surfaces are the places and ways you are vulnerable to a cyber attack. Attack surface reduction rules are built into Windows and Windows Server to prevent and block certain behaviors that are often abused to compromise your device or network. Such behaviors can include launching scripts or executables that attempt to download or run other files, running suspicious scripts, or performing other behaviors that apps don't typically initiate during normal work. You can configure your attack surface reduction rules to protect against these risky behaviors.<br/><br/> Learn more about [Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction) |
 | Anti-tampering protection | During cyber attacks (like ransomware attempts), bad actors attempt to disable security features, such as antivirus protection on targeted devices. Bad actors like to disable security features to get easier access to user’s data, to install malware, or to otherwise exploit user’s data, identity, and devices without fear of being blocked. Tamper protection helps prevent these kinds of activities.<br/><br/>With tamper protection, malware is prevented from taking actions such as:<br/>- Disabling virus and threat protection<br/>- Disabling real-time protection<br/>- Turning off behavior monitoring<br/>- Disabling antivirus (such as IOfficeAntivirus (IOAV))<br/>- Disabling cloud-delivered protection<br/>- Removing security intelligence updates <br/><br/>Learn more about [Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection). | 
-| Network protection | Network protection in Windows helps prevent users from accessing dangerous IP addresses and domains that may host phishing scams, exploits, and other malicious content on the Internet. Network protection is part of attack surface reduction and helps provide an additional layer of protection for a user. Using reputation-based services, network protection blocks access to potentially harmful, low-reputation based domains and IP addresses. <br/><br/>In enterprise environments, network protection works best with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/), which provides detailed reporting into protection events as part of larger investigation scenarios.<br/><br/> Learn more about [Network protection](/microsoft-365/security/defender-endpoint/network-protection). |
+| Network protection | Network protection in Windows helps prevent users from accessing dangerous IP addresses and domains that may host phishing scams, exploits, and other malicious content on the Internet. Network protection is part of attack surface reduction and helps provide an extra layer of protection for a user. Using reputation-based services, network protection blocks access to potentially harmful, low-reputation based domains and IP addresses. <br/><br/>In enterprise environments, network protection works best with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/), which provides detailed reporting into protection events as part of larger investigation scenarios.<br/><br/> Learn more about [Network protection](/microsoft-365/security/defender-endpoint/network-protection). |
 | Controlled folder access | With controlled folder access, you can protect your valuable information in specific folders by managing apps’ access to specific folders. Only trusted apps can access protected folders, which are specified when controlled folder access is configured. Typically, commonly used folders, such as those used for documents, pictures, downloads, are included in the list of controlled folders. Controlled folder access helps protect valuable data from malicious apps and threats, such as ransomware. <br/><br/>Learn more about [Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders). |
 | Exploit protection | Exploit protection, available in Windows 10, version 1709 and later, automatically applies several exploit mitigation techniques to operating system processes and apps. Exploit protection works best with Microsoft Defender for Endpoint, which gives organizations detailed reporting into exploit protection events and blocks as part of typical alert investigation scenarios. <br/><br/>You can enable exploit protection on an individual device, and then use Group Policy to distribute the XML file to multiple devices simultaneously. When a mitigation is encountered on the device, a notification will be displayed from the Action Center. You can customize the notification with your company details and contact information. You can also enable the rules individually to customize which techniques the feature monitors.<br/><br/>Learn more about [Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection). | 
 | Microsoft Defender for Endpoint | Windows E5 customers benefit from [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint), an enterprise endpoint detection and response capability that helps enterprise security teams detect, investigate, and respond to advanced threats. With rich event data and attack insights, Defender for Endpoint enables your security team to investigate incidents and take remediation actions effectively and efficiently.<br/><br/>Defender for Endpoint also is part of [Microsoft 365 Defender](/microsoft-365/security/defender/), a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.<br/><br/>Learn more about [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint) and [Microsoft 365 Defender](/microsoft-365/security/defender/). |

From 6f36336636b21df687530f325ab798d13fbdd2ae Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Tue, 21 Sep 2021 12:56:09 -0700
Subject: [PATCH 560/671] little fixes

---
 windows/security/cryptography-certificate-mgmt.md | 3 ++-
 windows/security/encryption-data-protection.md    | 3 ++-
 windows/security/trusted-boot.md                  | 3 ++-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/windows/security/cryptography-certificate-mgmt.md b/windows/security/cryptography-certificate-mgmt.md
index dbc385fefd..7c781c1bdf 100644
--- a/windows/security/cryptography-certificate-mgmt.md
+++ b/windows/security/cryptography-certificate-mgmt.md
@@ -8,7 +8,8 @@ manager: dansimp
 audience: ITPro
 ms.topic: conceptual
 ms.date: 09/07/2021
-ms.prod: w11
+ms.prod: m365-security
+ms.technology: windows-sec
 ms.localizationpriority: medium
 ms.collection: 
 ms.custom: 
diff --git a/windows/security/encryption-data-protection.md b/windows/security/encryption-data-protection.md
index b9967d05ac..359afde71f 100644
--- a/windows/security/encryption-data-protection.md
+++ b/windows/security/encryption-data-protection.md
@@ -8,7 +8,8 @@ manager: dansimp
 audience: ITPro
 ms.topic: conceptual
 ms.date: 09/08/2021
-ms.prod: w11
+ms.prod: m365-security
+ms.technology: windows-sec
 ms.localizationpriority: medium
 ms.collection: 
 ms.custom: 
diff --git a/windows/security/trusted-boot.md b/windows/security/trusted-boot.md
index 8f33995589..6792a8df14 100644
--- a/windows/security/trusted-boot.md
+++ b/windows/security/trusted-boot.md
@@ -8,7 +8,8 @@ manager: dansimp
 audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2021
-ms.prod: w10
+ms.prod: m365-security
+ms.technology: windows-sec
 ms.localizationpriority: medium
 ms.collection: 
 ms.custom: 

From f5239fafa2bf7dd1dad76e89e71bf407b80dbe8e Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Tue, 21 Sep 2021 13:45:02 -0700
Subject: [PATCH 561/671] adding MDM baselines

---
 .../windows-security-baselines.md                   | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md
index 170918a4fa..ce11769894 100644
--- a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md
+++ b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md
@@ -11,22 +11,17 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 06/25/2018
+ms.date: 
 ms.reviewer: 
 ms.technology: mde
 ---
 
 # Windows security baselines
 
-**Applies to**  
-
--   Windows 10
--   Windows Server 2016 
--   Office 2016 
 
 ## Using security baselines in your organization 
 
-Microsoft is dedicated to providing its customers with secure operating systems, such as Windows 10 and Windows Server, and secure apps, such as Microsoft Edge. In addition to the security assurance of its products, Microsoft also enables you to have fine control over your environments by providing various configuration capabilities. 
+Microsoft is dedicated to providing its customers with secure operating systems, such as Windows and Windows Server, and secure apps, such as Microsoft Edge. In addition to the security assurance of its products, Microsoft also enables you to have fine control over your environments by providing various configuration capabilities. 
 
 Even though Windows and Windows Server are designed to be secure out-of-the-box, many organizations still want more granular control over their security configurations. To navigate the large number of controls, organizations need guidance on configuring various security features. Microsoft provides this guidance in the form of security baselines.
 
@@ -56,6 +51,10 @@ You can use security baselines to:
 
 ## Where can I get the security baselines? 
 
+[Windows MDM (Mobile Device Management) baselines](/mem/intune/protect/security-baseline-settings-mdm-all.md) are the settings that Microsoft Intune supports for devices that run Windows 10 and Windows 11. The default values for settings represent the recommended configuration for applicable devices.
+
+[MDM (Mobile Device Management) security baselines](/windows/client-management/mdm/#mdm-security-baseline.md) function like the Microsoft group policy-based security baselines and can easily integrate this into an existing MDM management tool. 
+
 You can download the security baselines from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=55319). This download page is for the Security Compliance Toolkit (SCT), which comprises tools that can assist admins in managing  baselines in addition to the security baselines.
 
 The security baselines are included in the [Security Compliance Toolkit (SCT)](security-compliance-toolkit-10.md), which can be downloaded from the Microsoft Download Center. The SCT also includes tools to help admins manage the security baselines. 

From a811de340bd5ca74bf50ad4b46e5a68a292d3267 Mon Sep 17 00:00:00 2001
From: Jordan Geurten <jogeurte@microsoft.com>
Date: Tue, 21 Sep 2021 14:29:35 -0700
Subject: [PATCH 562/671] Corrected the minversion's since cscript/wscript do
 not follow typical win10 bin versions

---
 .../microsoft-recommended-block-rules.md                      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
index 0365837d1b..d9e8974465 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
@@ -151,7 +151,7 @@ Select the correct version of each .dll for the Windows release you plan to supp
   <Deny ID="ID_DENY_BGINFO" FriendlyName="bginfo.exe" FileName="BGINFO.Exe" MinimumFileVersion="4.21.0.0"/> 
   <Deny ID="ID_DENY_CBD" FriendlyName="cdb.exe" FileName="CDB.Exe" MinimumFileVersion="65535.65535.65535.65535"/>
   <Deny ID="ID_DENY_CSI" FriendlyName="csi.exe" FileName="csi.Exe" MinimumFileVersion="65535.65535.65535.65535"/>
-  <Deny ID="ID_DENY_CSCRIPT" FriendlyName="cscript.exe" FileName="cscript.exe" MinimumFileVersion = "10.0.0.0" />
+  <Deny ID="ID_DENY_CSCRIPT" FriendlyName="cscript.exe" FileName="cscript.exe" MinimumFileVersion = "5.812.10240.0" />
   <Deny ID="ID_DENY_DBGHOST" FriendlyName="dbghost.exe" FileName="DBGHOST.Exe" MinimumFileVersion="2.3.0.0"/> 
   <Deny ID="ID_DENY_DBGSVC" FriendlyName="dbgsvc.exe" FileName="DBGSVC.Exe" MinimumFileVersion="2.3.0.0"/>
   <Deny ID="ID_DENY_DNX" FriendlyName="dnx.exe" FileName="dnx.Exe" MinimumFileVersion="65535.65535.65535.65535"/> 
@@ -181,7 +181,7 @@ Select the correct version of each .dll for the Windows release you plan to supp
   <Deny ID="ID_DENY_WFC" FriendlyName="WFC.exe" FileName="wfc.exe" MinimumFileVersion="65535.65535.65535.65535" />   
   <Deny ID="ID_DENY_WINDBG" FriendlyName="windbg.exe" FileName="windbg.Exe" MinimumFileVersion="65535.65535.65535.65535"/> 
   <Deny ID="ID_DENY_WMIC" FriendlyName="wmic.exe" FileName="wmic.exe" MinimumFileVersion="65535.65535.65535.65535"/>
-  <Deny ID="ID_DENY_WSCRIPT" FriendlyName="wscript.exe"  FileName="wscript.exe" MinimumFileVersion = "10.0.0.0" />
+  <Deny ID="ID_DENY_WSCRIPT" FriendlyName="wscript.exe"  FileName="wscript.exe" MinimumFileVersion = "5.812.10240.0" />
   <Deny ID="ID_DENY_WSL" FriendlyName="wsl.exe" FileName="wsl.exe" MinimumFileVersion="65535.65535.65535.65535"/> 
   <Deny ID="ID_DENY_WSLCONFIG" FriendlyName="wslconfig.exe" FileName="wslconfig.exe" MinimumFileVersion="65535.65535.65535.65535"/> 
   <Deny ID="ID_DENY_WSLHOST" FriendlyName="wslhost.exe" FileName="wslhost.exe" MinimumFileVersion="65535.65535.65535.65535"/> 

From 6a1aca47b7e65e6d9687e4d2f124165ca727892a Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Tue, 21 Sep 2021 14:53:35 -0700
Subject: [PATCH 563/671] more updates

---
 windows/security/TOC.yml                       |  2 ++
 .../secure-the-windows-10-boot-process.md      | 18 +++++++++---------
 2 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 5d2f4c0bdf..5773487419 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -43,6 +43,8 @@
      href: operating-system.md
    - name: System security   
      items:
+     - name: Secure the Windows boot process
+       href: information-protection/secure-the-windows-10-boot-process.md
      - name: Trusted Boot
        href: trusted-boot.md
      - name: Cryptography and certificate management
diff --git a/windows/security/information-protection/secure-the-windows-10-boot-process.md b/windows/security/information-protection/secure-the-windows-10-boot-process.md
index 45659d1cac..a13435b388 100644
--- a/windows/security/information-protection/secure-the-windows-10-boot-process.md
+++ b/windows/security/information-protection/secure-the-windows-10-boot-process.md
@@ -1,7 +1,7 @@
 ---
-title: Secure the Windows 10 boot process
-description: This article describes how Windows 10 security features helps protect your PC from malware, including rootkits and other applications
-keywords: trusted boot, windows 10 boot process
+title: Secure the Windows boot process
+description: This article describes how Windows security features helps protect your PC from malware, including rootkits and other applications
+keywords: trusted boot, windows boot process
 ms.prod: w10
 ms.mktglfcycl: Explore
 ms.pagetype: security
@@ -12,12 +12,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 11/16/2018
+ms.date: 
 ms.reviewer: 
 ms.author: dansimp
 ---
 
-# Secure the Windows 10 boot process
+# Secure the Windows boot process
 
 **Applies to:**
 -  Windows 11
@@ -27,11 +27,11 @@ ms.author: dansimp
 
 The Windows operating system has many features to help protect you from malware, and it does an amazingly good job. Except for apps that businesses develop and use internally, all Microsoft Store apps must meet a series of requirements to be certified and included in the Microsoft Store. This certification process examines several criteria, including security, and is an effective means of preventing malware from entering the Microsoft Store. Even if a malicious app does get through, the Windows 10 operating system includes a series of security features that can mitigate the impact. For instance, Microsoft Store apps are sandboxed and lack the privileges necessary to access user data or change system settings.
 
-Windows has multiple levels of protection for desktop apps and data, too. Windows Defender uses signatures to detect and quarantine apps that are known to be malicious. Windows Defender SmartScreen warns users before allowing them to run an untrustworthy app, even if it’s recognized as malware. Before an app can change system settings, the user would have to grant the app administrative privileges by using User Account Control.
+Windows has multiple levels of protection for desktop apps and data, too. Windows Defender Antivirus uses cloud-powered real-time detection to identify and quarantine apps that are known to be malicious. Windows Defender SmartScreen warns users before allowing them to run an untrustworthy app, even if it’s recognized as malware. Before an app can change system settings, the user would have to grant the app administrative privileges by using User Account Control.
 
 Those are just some of the ways that Windows protects you from malware. However, those security features protect you only after Windows starts. Modern malware—and bootkits specifically—are capable of starting before Windows, completely bypassing operating system security, and remaining completely hidden.
 
-When you run Windows 10 on a PC or any PC that supports Unified Extensible Firmware Interface (UEFI), Trusted Boot protects your PC from malware from the moment you power on your PC until your anti-malware starts. In the unlikely event that malware does infect a PC, it can’t remain hidden; Trusted Boot can prove the system’s integrity to your infrastructure in a way that malware can’t disguise. Even on PCs without UEFI, Windows provides even better startup security than previous versions of Windows.
+When you run Windows 10 or Windows 11 on a PC or any PC that supports Unified Extensible Firmware Interface (UEFI), Trusted Boot protects your PC from malware from the moment you power on your PC until your anti-malware starts. In the unlikely event that malware does infect a PC, it can’t remain hidden; Trusted Boot can prove the system’s integrity to your infrastructure in a way that malware can’t disguise. Even on PCs without UEFI, Windows provides even better startup security than previous versions of Windows.
 
 First, let’s examine what rootkits are and how they work. Then, we’ll show you how Windows can protect you.
 
@@ -61,7 +61,7 @@ Figure 1 shows the Windows startup process.
 
 **Figure 1. Secure Boot, Trusted Boot, and Measured Boot block malware at every stage**
 
-Secure Boot and Measured Boot are only possible on PCs with UEFI 2.3.1 and a TPM chip. Fortunately, all Windows 10 PCs that meet Windows Hardware Compatibility Program requirements have these components, and many PCs designed for earlier versions of Windows have them as well.
+Secure Boot and Measured Boot are only possible on PCs with UEFI 2.3.1 and a TPM chip. Fortunately, all Windows 10 and Windows 11 PCs that meet Windows Hardware Compatibility Program requirements have these components, and many PCs designed for earlier versions of Windows have them as well.
 
 The sections that follow describe Secure Boot, Trusted Boot, ELAM, and Measured Boot.
 
@@ -131,4 +131,4 @@ Measured Boot uses the power of UEFI, TPM, and Windows to give you a way to conf
 Secure Boot, Trusted Boot, and Measured Boot create an architecture that is fundamentally resistant to bootkits and rootkits. In Windows, these features have the potential to eliminate kernel-level malware from your network. This is the most ground-breaking anti-malware solution that Windows has ever had; it’s leaps and bounds ahead of everything else. With Windows, you can truly trust the integrity of your operating system.
 
 ## Additional resources
--  [Windows 10 Enterprise LTSC 2019 or v2004 Evaluation](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise)
+-  [Windows Enterprise Evaluation](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise)

From 9d66e08783cc32d6ee9da8bd6e97b55039f2034c Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Tue, 21 Sep 2021 15:02:09 -0700
Subject: [PATCH 564/671] remvoing change list

---
 .openpublishing.redirection.json              |  6 ++--
 .../change-history-for-access-protection.md   | 36 -------------------
 2 files changed, 3 insertions(+), 39 deletions(-)
 delete mode 100644 windows/security/identity-protection/change-history-for-access-protection.md

diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 1fc2ec8e56..00a95b4582 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -18956,10 +18956,10 @@
       "redirect_document_id": false
     }, 
     {
-      "source_path": "windows/privacy/data-processor-service-for-windows-enterprise-public-preview-terms.md",
-      "redirect_url": "/windows/privacy/windows-10-and-privacy-compliance",
+      "source_path": "windows/security/identity-protection/change-history-for-access-protection.md",
+      "redirect_url": "/windows/security/",
       "redirect_document_id": false
-    },
+    }
     
 
 	    ]
diff --git a/windows/security/identity-protection/change-history-for-access-protection.md b/windows/security/identity-protection/change-history-for-access-protection.md
deleted file mode 100644
index 9cd9f0847d..0000000000
--- a/windows/security/identity-protection/change-history-for-access-protection.md
+++ /dev/null
@@ -1,36 +0,0 @@
----
-title: Change history for access protection (Windows 10)
-description: This topic lists new and updated topics in the Windows 10 access protection documentation for Windows 10.
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-audience: ITPro
-author: dansimp
-ms.author: dansimp
-manager: dansimp
-ms.collection: M365-identity-device-management
-ms.topic: article
-ms.localizationpriority: medium
-ms.date: 08/11/2017
-ms.reviewer: 
----
-
-# Change history for access protection
-This topic lists new and updated topics in the [Access protection](index.md) documentation.
-
-## August 2017
-|New or changed topic |Description |
-|---------------------|------------|
-|[Microsoft accounts](access-control/microsoft-accounts.md) |Revised to cover new Group Policy setting in Windows 10, version 1703, named **Block all consumer Microsoft account user authentication**.|
-
-## June 2017
-|New or changed topic |Description |
-|---------------------|------------|
-|[How hardware-based containers help protect Windows 10](/windows/security/threat-protection/windows-defender-atp/how-hardware-based-containers-help-protect-windows) | New | 
-
-
-## March 2017
-|New or changed topic |Description |
-|---------------------|------------|
-|[Protect derived domain credentials with Credential Guard](credential-guard/credential-guard.md) |Updated to include additional security qualifications starting with Window 10, version 1703.|
\ No newline at end of file

From cddf4161efdc500e0b8ff7c355fba73bbe89e507 Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Tue, 21 Sep 2021 19:48:59 -0400
Subject: [PATCH 565/671] updated to include Win11, and removed win10 mobile
 references

---
 windows/configuration/TOC.yml                 |  6 +-
 ...-by-using-provisioning-packages-and-icd.md |  4 +-
 ...can-use-configuration-service-providers.md | 55 ++++--------
 .../provision-pcs-for-initial-deployment.md   | 26 +++---
 .../provision-pcs-with-apps.md                | 78 ++++++++--------
 .../provisioning-apply-package.md             | 67 ++++----------
 .../provisioning-command-line.md              | 31 +++----
 .../provisioning-create-package.md            | 77 ++++++++--------
 .../provisioning-how-it-works.md              | 44 +++------
 .../provisioning-install-icd.md               | 37 +++-----
 .../provisioning-multivariant.md              | 90 +++++++++----------
 .../provisioning-packages.md                  | 77 ++++++++--------
 .../provisioning-powershell.md                | 82 +++++++++++------
 .../provisioning-script-to-install-app.md     | 77 ++++++++--------
 .../provisioning-uninstall-package.md         | 25 +++---
 15 files changed, 339 insertions(+), 437 deletions(-)

diff --git a/windows/configuration/TOC.yml b/windows/configuration/TOC.yml
index 90c2e725ed..4ca4c06712 100644
--- a/windows/configuration/TOC.yml
+++ b/windows/configuration/TOC.yml
@@ -90,9 +90,9 @@
 
 - name: Use provisioning packages
   items:
-    - name: Provisioning packages for Windows 10
+    - name: Provisioning packages for Windows client
       href: provisioning-packages/provisioning-packages.md
-    - name: How provisioning works in Windows 10
+    - name: How provisioning works in Windows client
       href: provisioning-packages/provisioning-how-it-works.md
     - name: Introduction to configuration service providers (CSPs)
       href: provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
@@ -112,7 +112,7 @@
       href: provisioning-packages/provisioning-script-to-install-app.md
     - name: Create a provisioning package with multivariant settings
       href: provisioning-packages/provisioning-multivariant.md
-    - name: PowerShell cmdlets for provisioning Windows 10 (reference)
+    - name: PowerShell cmdlets for provisioning Windows client (reference)
       href: provisioning-packages/provisioning-powershell.md
     - name: Windows Configuration Designer command-line interface (reference)
       href: provisioning-packages/provisioning-command-line.md
diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md b/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
index 42b70e6248..95b9c579b5 100644
--- a/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
+++ b/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
@@ -21,9 +21,11 @@ ms.localizationpriority: medium
 
 - Windows 10
 
-
 > **Looking for consumer information?** [Customize the Start menu](https://go.microsoft.com/fwlink/p/?LinkId=623630)
 
+> [!NOTE]
+> Currently, using provisioning packages to customize the Start menu layout is supported on Windows 10. It's not supported on Windows 11.
+
 In Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education, version 1703, you can use a provisioning package that you create with Windows Configuration Designer to deploy a customized Start and taskbar layout to users. No reimaging is required, and the Start and taskbar layout can be updated simply by overwriting the .xml file that contains the layout. The provisioning package can be applied to a running device. This enables you to customize Start and taskbar layouts for different departments or organizations, with minimal management overhead.
 
 > [!IMPORTANT]
diff --git a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
index 38d6791423..658cadc4da 100644
--- a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
+++ b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
@@ -1,5 +1,5 @@
 ---
-title: Configuration service providers for IT pros (Windows 10)
+title: Configuration service providers for IT pros (Windows 10/11)
 description: Describes how IT pros and system administrators can use configuration service providers (CSPs) to configure devices. 
 ms.assetid: 25C1FDCA-0E10-42A1-A368-984FFDB2B7B6
 ms.reviewer: 
@@ -11,32 +11,26 @@ author: greg-lindsay
 ms.author: greglin
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 07/27/2017
 ---
 
 # Configuration service providers for IT pros
 
 **Applies to**
 
--   Windows 10
--   Windows 10 Mobile
+- Windows 10
+- Windows 11
 
-This article explains how IT pros and system administrators can take advantage of many settings available through configuration service providers (CSPs) to configure devices running Windows 10 and Windows 10 Mobile in their organizations. CSPs expose device configuration settings in Windows 10. The CSPs are used by mobile device management (MDM) service providers and are documented in the [Hardware Dev Center](/windows/client-management/mdm/configuration-service-provider-reference). 
-
-> [!NOTE]
-> The information provided here about CSPs and CSP documentation also applies to Windows Mobile 5, Windows Mobile 6, Windows Phone 7, and Windows Phone 8, but links to current CSPs are for Windows 10 and Windows 10 Mobile.
-
- [See what's new for CSPs in Windows 10, version 1809.](/windows/client-management/mdm/new-in-windows-mdm-enrollment-management#whatsnew1809)
+This article explains how IT pros and system administrators can take advantage of many settings available through configuration service providers (CSPs) to configure devices running Windows client in their organizations. CSPs expose device configuration settings in Windows client. The CSPs are used by mobile device management (MDM) service providers and are documented in the [Hardware Dev Center](/windows/client-management/mdm/configuration-service-provider-reference).
 
 ## What is a CSP?
 
 In the client operating system, a CSP is the interface between configuration settings that are specified in a provisioning document and configuration settings that are on the device. CSPs are similar to Group Policy client-side extensions in that they provide an interface to read, set, modify, or delete configuration settings for a given feature. Typically, these settings map to registry keys, files, or permissions. Some of these settings are configurable, and some are read-only.
 
-Starting with Windows Mobile 5.0, CSPs were used to manage Windows mobile devices. On the Windows 10 platform, the management approach for both desktop and mobile devices converges, taking advantage of the same CSPs to configure and manage all devices running Windows 10.
+On the Windows client platform, the management approach for desktop uses CSPs to configure and manage all devices running Windows client.
 
 Each CSP provides access to specific settings. For example, the [Wi-Fi CSP](/windows/client-management/mdm/wifi-csp) contains the settings to create a Wi-Fi profile.
 
-CSPs are behind many of the management tasks and policies for Windows 10, both in Microsoft Intune and in non-Microsoft MDM service providers. For example, in Intune, the policy to allow search suggestions in the Microsoft Edge address bar uses **Browser/AllowSearchSuggestionsinAddressBar** in the [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider).
+CSPs are behind many of the management tasks and policies for Windows client, both in Microsoft Intune and in non-Microsoft MDM service providers. For example, in Intune, the policy to allow search suggestions in the Microsoft Edge address bar uses **Browser/AllowSearchSuggestionsinAddressBar** in the [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider).
 
 ![how intune maps to csp.](../images/policytocsp.png)
 
@@ -48,7 +42,7 @@ The Open Mobile Alliance Device Management (OMA-DM) protocol uses the XML-based
 
 ### The WMI-to-CSP Bridge
 
-The WMI-to-CSP Bridge is a component allowing configuration of Windows 10 CSPs using scripts and traditional enterprise management software, such as Configuration Manager using WMI. The bridge is responsible for reading WMI commands and through a component called the common device configurator pass them to a CSP for application on the device.
+The WMI-to-CSP Bridge is a component allowing configuration of Windows client CSPs using scripts and traditional enterprise management software, such as Configuration Manager using WMI. The bridge is responsible for reading WMI commands and through a component called the common device configurator pass them to a CSP for application on the device.
 
 [Learn how to use the WMI Bridge Provider with PowerShell.](/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider)
 
@@ -56,9 +50,7 @@ The WMI-to-CSP Bridge is a component allowing configuration of Windows 10 CSPs u
 
 Generally, enterprises rely on Group Policy or MDM to configure and manage devices. For devices running Windows, MDM services use CSPs to configure your devices.
 
-In addition, you may have unmanaged devices, or a large number of devices that you want to configure before enrolling them in management. You may also want to apply custom settings that aren't available through your MDM service. The [CSP documentation](#bkmk-csp-doc) can help you understand the settings that can be configured or queried.
-
-Some of the articles in the [Windows 10 and Windows 10 Mobile](/windows/windows-10) library on Technet include links to applicable CSP reference topics, such as [Cortana integration in your business or enterprise](../cortana-at-work/cortana-at-work-overview.md), which links to the [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider). In the CSP topics, you can learn about all of the available configuration settings.
+In addition, you may have unmanaged devices, or a large number of devices that you want to configure before enrolling them in management. You may also want to apply custom settings that aren't available through your MDM service. The [CSP documentation](#bkmk-csp-doc) can help you understand the settings that can be configured or queried. You can also learn about all of the available configuration settings.
 
 ### CSPs in Windows Configuration Designer
 
@@ -68,7 +60,7 @@ Many settings in Windows Configuration Designer will display documentation for t
 
 ![how help content appears in icd.](../images/cspinicd.png)
 
-[Provisioning packages in Windows 10](provisioning-packages.md) explains how to use the Windows Configuration Designer tool to create a runtime provisioning package.
+[Provisioning packages in Windows client](provisioning-packages.md) explains how to use the Windows Configuration Designer tool to create a runtime provisioning package.
 
 ### CSPs in MDM
 
@@ -78,13 +70,13 @@ When a CSP is available but is not explicitly included in your MDM solution, you
 
 ### CSPs in Lockdown XML
 
-Lockdown XML can be used to configure devices running Windows 10 Mobile. You can manually author a [Lockdown XML file](../mobile-devices/lockdown-xml.md) to make use of the configuration settings available through the [EnterpriseAssignedAccess configuration service provider (CSP)](/windows/client-management/mdm/enterpriseassignedaccess-csp). In Windows 10, version 1703, you can also use the new [Lockdown Designer app](../mobile-devices/mobile-lockdown-designer.md) to configure your Lockdown XML.
+Starting with Windows 10 version 1703, you can use the [Lockdown Designer app](../mobile-devices/mobile-lockdown-designer.md) to configure your Lockdown XML.
 
 ## <a href="" id="bkmk-csp-doc"></a>How do you use the CSP documentation?
 
-All CSPs in Windows 10 are documented in the [Configuration service provider reference](/windows/client-management/mdm/configuration-service-provider-reference).
+All CSPs are documented in the [Configuration service provider reference](/windows/client-management/mdm/configuration-service-provider-reference).
 
-The [main CSP topic](/windows/client-management/mdm/configuration-service-provider-reference) tells you which CSPs are supported on each edition of Windows 10, and links to the documentation for each individual CSP.
+The [CSP reference](/windows/client-management/mdm/configuration-service-provider-reference) tells you which CSPs are supported on each edition of Windows, and links to the documentation for each individual CSP.
 
 ![csp per windows edition.](../images/csptable.png)
 
@@ -114,26 +106,11 @@ The documentation for most CSPs will also include an XML example.
 
 ## CSP examples
 
-CSPs provide access to a number of settings useful to enterprises. This section introduces the CSPs that an enterprise might find useful.
+CSPs provide access to many settings useful to enterprises. This section introduces the CSPs that an enterprise might find useful.
 
--   [EnterpriseAssignedAccess CSP](/windows/client-management/mdm/enterpriseassignedaccess-csp)
-
-    The EnterpriseAssignedAccess CSP lets IT administrators configure settings on a Windows 10 Mobile device. An enterprise can make use of this CSP to create single-use or limited-use mobile devices, such as a handheld device that only runs a price-checking app.
-
-    In addition to lock screen wallpaper, theme, time zone, and language, the EnterpriseAssignedAccess CSP includes AssignedAccessXml that can be used to lock down the device through the following settings:
-
-    -   Enabling or disabling the Action Center.
-    -   Configuring the number of tile columns in the Start layout.
-    -   Restricting the apps that will be available on the device.
-    -   Restricting the settings that the user can access.
-    -   Restricting the hardware buttons that will be operable.
-    -   Restricting access to the context menu.
-    -   Enabling or disabling tile manipulation.
-    -   Creating role-specific configurations.
-    
 -   [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider)
 
-    The Policy CSP enables the enterprise to configure policies on Windows 10 and Windows 10 Mobile. Some of these policy settings can also be applied using Group Policy, and the CSP documentation lists the equivalent Group Policy settings.
+    The Policy CSP enables the enterprise to configure policies on Windows client. Some of these policy settings can also be applied using Group Policy, and the CSP documentation lists the equivalent Group Policy settings.
 
     Some of the settings available in the Policy CSP include the following:
 
@@ -153,7 +130,7 @@ CSPs provide access to a number of settings useful to enterprises. This section
     -   **Update**, such as whether the device can use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store.
     -   **WiFi**, such as whether Internet sharing is enabled.
 
-Here is a list of CSPs supported on Windows 10 Enterprise, Windows 10 Mobile Enterprise, or both:
+Here is a list of CSPs supported on Windows 10 Enterprise:
 
 -   [ActiveSync CSP](/windows/client-management/mdm/activesync-csp)
 -   [Application CSP](/windows/client-management/mdm/application-csp)
@@ -211,4 +188,4 @@ Here is a list of CSPs supported on Windows 10 Enterprise, Windows 10 Mobile Ent
 -   [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp)
 -   [Wi-Fi CSP](/documentation/)
 -   [WindowsLicensing CSP](/windows/client-management/mdm/windowslicensing-csp)
--   [WindowsSecurityAuditing CSP](/windows/client-management/mdm/windowssecurityauditing-csp)
\ No newline at end of file
+-   [WindowsSecurityAuditing CSP](/windows/client-management/mdm/windowssecurityauditing-csp)
diff --git a/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md b/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
index a67b88d02f..f826a8a266 100644
--- a/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
@@ -1,8 +1,8 @@
 ---
-title: Provision PCs with common settings (Windows 10)
+title: Provision PCs with common settings (Windows 10/11)
 description: Create a provisioning package to apply common settings to a PC running Windows 10. 
 ms.assetid: 66D14E97-E116-4218-8924-E2A326C9367E
-ms.reviewer: 
+ms.reviewer: gkomatsu
 manager: dansimp
 keywords: ["runtime provisioning", "provisioning package"]
 ms.prod: w10
@@ -12,7 +12,6 @@ author: greg-lindsay
 ms.author: greglin
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 07/27/2017
 ---
 
 # Provision PCs with common settings for initial deployment (desktop wizard)
@@ -20,16 +19,17 @@ ms.date: 07/27/2017
 
 **Applies to**
 
--   Windows 10
+- Windows 10
+- Windows 11
 
-This topic explains how to create and apply a provisioning package that contains common enterprise settings to a device running all desktop editions of Windows 10 except Windows 10 Home.
+This topic explains how to create and apply a provisioning package that contains common enterprise settings to a device running all desktop editions of Windows client except Home.
 
 You can apply a provisioning package on a USB drive to off-the-shelf devices during setup, making it fast and easy to configure new devices. 
 
 ## Advantages
 -   You can configure new devices without reimaging.
 
--   Works on both mobile and desktop devices.
+-   Works on desktop devices.
 
 -   No network connectivity required.
 
@@ -51,7 +51,7 @@ The desktop wizard helps you configure the following settings in a provisioning
 - Add applications and certificates
 
 >[!WARNING]
->You must run Windows Configuration Designer on Windows 10 to configure Azure Active Directory enrollment using any of the wizards.
+>You must run Windows Configuration Designer on Windows client to configure Azure Active Directory enrollment using any of the wizards.
 
 Provisioning packages can include management instructions and policies, installation of specific apps, customization of network connections and policies, and more. 
 
@@ -81,7 +81,7 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
 
 
 <table>
-<tr><td valign="top"><img src="../images/one.png" alt="step one"/><img src="../images/set-up-device.png" alt="set up device"/></br></br>Enter a name for the device.</br></br>(Optional) Select a license file to upgrade Windows 10 to a different edition. <a href="/windows/deployment/upgrade/windows-10-edition-upgrades" data-raw-source="[See the permitted upgrades.](/windows/deployment/upgrade/windows-10-edition-upgrades)">See the permitted upgrades.</a></br></br>Toggle <strong>Yes</strong> or <strong>No</strong> to <strong>Configure devices for shared use</strong>. This setting optimizes Windows 10 for shared use scenarios. <a href="../set-up-shared-or-guest-pc.md" data-raw-source="[Learn more about shared PC configuration.](../set-up-shared-or-guest-pc.md)">Learn more about shared PC configuration.</a></br></br>You can also select to remove pre-installed software from the device. </td><td><img src="../images/set-up-device-details-desktop.png" alt="device name, upgrade to enterprise, shared use, remove pre-installed software"/></td></tr>
+<tr><td valign="top"><img src="../images/one.png" alt="step one"/><img src="../images/set-up-device.png" alt="set up device"/></br></br>Enter a name for the device.</br></br>(Optional) Select a license file to upgrade Windows client to a different edition. <a href="/windows/deployment/upgrade/windows-10-edition-upgrades" data-raw-source="[See the permitted upgrades.](/windows/deployment/upgrade/windows-10-edition-upgrades)">See the permitted upgrades.</a></br></br>Toggle <strong>Yes</strong> or <strong>No</strong> to <strong>Configure devices for shared use</strong>. This setting optimizes Windows client for shared use scenarios. <a href="../set-up-shared-or-guest-pc.md" data-raw-source="[Learn more about shared PC configuration.](../set-up-shared-or-guest-pc.md)">Learn more about shared PC configuration.</a></br></br>You can also select to remove pre-installed software from the device. </td><td><img src="../images/set-up-device-details-desktop.png" alt="device name, upgrade to enterprise, shared use, remove pre-installed software"/></td></tr>
 <tr><td valign="top"><img src="../images/two.png" alt="step two"/>  <img src="../images/set-up-network.png" alt="set up network"/></br></br>Toggle <strong>On</strong> or <strong>Off</strong> for wireless network connectivity. If you select <strong>On</strong>, enter the SSID, the network type (<strong>Open</strong> or <strong>WPA2-Personal</strong>), and (if <strong>WPA2-Personal</strong>) the password for the wireless network.</td><td><img src="../images/set-up-network-details-desktop.png" alt="Enter network SSID and type"/></td></tr>
 <tr><td valign="top"><img src="../images/three.png" alt="step three"/>  <img src="../images/account-management.png" alt="account management"/></br></br>Enable account management if you want to configure settings on this page. </br></br>You can enroll the device in Active Directory, enroll in Azure Active Directory, or create a local administrator account on the device</br></br>To enroll the device in Active Directory, enter the credentials for a least-privileged user account to join the device to the domain.</br></br>Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, <a href="/azure/active-directory/active-directory-azureadjoin-setup" data-raw-source="[set up Azure AD join in your organization](/azure/active-directory/active-directory-azureadjoin-setup)">set up Azure AD join in your organization</a>. The <strong>maximum number of devices per user</strong> setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 180 days from the date you get the token). Click <strong>Get bulk token</strong>. In the <strong>Let&#39;s get you signed in</strong> window, enter an account that has permissions to join a device to Azure AD, and then the password. Click <strong>Accept</strong> to give Windows Configuration Designer the necessary permissions. </br></br>To create a local administrator account, select that option and enter a user name and password. </br></br><strong>Important:</strong> If you create a local account in the provisioning package, you must change the password using the <strong>Settings</strong> app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in.  </td><td><img src="../images/account-management-details.png" alt="join Active Directory, Azure AD, or create a local admin account"/></td></tr>
 <tr><td valign="top"><img src="../images/four.png" alt="step four"/> <img src="../images/add-applications.png" alt="add applications"/></br></br>You can install multiple applications, both Windows desktop applications (Win32) and Universal Windows Platform (UWP) apps, in a provisioning package. The settings in this step vary according to the application that you select. For help with the settings, see <a href="provision-pcs-with-apps.md" data-raw-source="[Provision PCs with apps](provision-pcs-with-apps.md)">Provision PCs with apps</a>. </td><td><img src="../images/add-applications-details.png" alt="add an application"/></td></tr>
@@ -98,19 +98,17 @@ After you're done, click **Create**. It only takes a few seconds. When the packa
 
 -   Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
 
--   Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922)
-
  
-## Related topics
+## Related articles
 
-- [Provisioning packages for Windows 10](provisioning-packages.md)
-- [How provisioning works in Windows 10](provisioning-how-it-works.md)
+- [Provisioning packages for Windows client](provisioning-packages.md)
+- [How provisioning works in Windows client](provisioning-how-it-works.md)
 - [Install Windows Configuration Designer](provisioning-install-icd.md)
 - [Create a provisioning package](provisioning-create-package.md)
 - [Apply a provisioning package](provisioning-apply-package.md)
 - [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
 - [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
-- [PowerShell cmdlets for provisioning Windows 10 (reference)](provisioning-powershell.md)
+- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
 - [NFC-based device provisioning](../mobile-devices/provisioning-nfc.md)
 - [Use the package splitter tool](../mobile-devices/provisioning-package-splitter.md)
 - [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
diff --git a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
index f6f7f9876b..312c48ca63 100644
--- a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
@@ -1,5 +1,5 @@
 ---
-title: Provision PCs with apps  (Windows 10)
+title: Provision PCs with apps  (Windows 10/11)
 description: Learn how to install multiple Universal Windows Platform (UWP) apps and Windows desktop applications (Win32) in a provisioning package.
 keywords: ["runtime provisioning", "provisioning package"]
 ms.prod: w10
@@ -9,8 +9,7 @@ author: greg-lindsay
 ms.localizationpriority: medium
 ms.author: greglin
 ms.topic: article
-ms.date: 09/06/2017
-ms.reviewer: 
+ms.reviewer: gkomatsu
 manager: dansimp
 ---
 
@@ -20,9 +19,10 @@ manager: dansimp
 **Applies to**
 
 - Windows 10
+- Windows 11
 
 
-In Windows 10, version 1703, you can install multiple Universal Windows Platform (UWP) apps and Windows desktop applications (Win32) in a provisioning package. This topic explains the various settings in [Windows Configuration Designer](provisioning-install-icd.md) for app install.
+You can install multiple Universal Windows Platform (UWP) apps and Windows desktop applications (Win32) in a provisioning package. This article explains the various settings in [Windows Configuration Designer](provisioning-install-icd.md) for app install.
 
 When you add an app in a Windows Configuration Designer wizard, the appropriate settings are displayed based on the app that you select. For instructions on adding an app using the advanced editor in Windows Configuration Designer, see [Add an app using advanced editor](#adv).
 
@@ -33,7 +33,7 @@ When you add an app in a Windows Configuration Designer wizard, the appropriate
 
 - **License Path**: Specify the license file if it is an app from the Microsoft Store. This is optional if you have a certificate for the app. 
 
-- **Package family name**: Specify the package family name if you don’t specify a license. This field will be auto-populated after you specify a license. 
+- **Package family name**: Specify the package family name if you don’t specify a license. This field will be autopopulated after you specify a license. 
 
 - **Required appx dependencies**: Specify the appx dependency packages that are required for the installation of the app 
 
@@ -44,25 +44,25 @@ When you add an app in a Windows Configuration Designer wizard, the appropriate
 > [!NOTE]
 > You can find more information about command-line options for Msiexec.exe [here](/windows/win32/msi/command-line-options).
 
-- **Command line arguments**: Optionally, append additional command arguments. The silent flag is appended for you. Example: PROPERTY=VALUE 
+- **Command line arguments**: Optionally, append more command arguments. The silent flag is appended for you. Example: PROPERTY=VALUE 
 
-- **Continue installations after failure**: Optionally, specify if you want to continue installing additional apps if this app fails to install 
+- **Continue installations after failure**: Optionally, specify if you want to continue installing more apps if this app fails to install 
 
-- **Restart required**: Optionally, specify if you want to initiate a reboot after a successful install of this app 
+- **Restart required**: Optionally, specify if you want to reboot after a successful install of this app 
 
-- **Required win32 app dependencies**: Optionally, specify additional files that are required for the installation of the app. For installers that have multiple file dependencies or have directory structures, [create a cab file of the assets](provisioning-script-to-install-app.md#cab). The installation script should [include expansion of the .cab file](provisioning-script-to-install-app.md#cab-extract).
+- **Required win32 app dependencies**: Optionally, specify more files that are required for the installation of the app. For installers that have multiple file dependencies or have directory structures, [create a cab file of the assets](provisioning-script-to-install-app.md#cab). The installation script should [include expansion of the .cab file](provisioning-script-to-install-app.md#cab-extract).
 
 ### Exe or other installer
 
-- **Command line arguments**: Append the command line arguments with a silent flag (required). Optionally, append additional flags 
+- **Command line arguments**: Append the command line arguments with a silent flag (required). Optionally, append more flags 
 
 - **Return Codes**: Specify the return codes for success and success with restart (0 and 3010 by default respectively) Any return code that is not listed will be interpreted as failure. The text boxes are space delimited. 
 
-- **Continue installations after failure**: Optionally, specify if you want to continue installing additional apps if this app fails to install 
+- **Continue installations after failure**: Optionally, specify if you want to continue installing more apps if this app fails to install 
 
-- **Restart required**: Optionally, specify if you want to initiate a reboot after a successful install of this app 
+- **Restart required**: Optionally, specify if you want to reboot after a successful install of this app 
 
-- **Required win32 app dependencies**: Optionally, specify additional files that are required for the installation of the app. For installers that have multiple file dependencies or have directory structures, [create a cab file of the assets](provisioning-script-to-install-app.md#cab). The installation script should [include expansion of the .cab file](provisioning-script-to-install-app.md#cab-extract).
+- **Required win32 app dependencies**: Optionally, specify more files that are required for the installation of the app. For installers that have multiple file dependencies or have directory structures, [create a cab file of the assets](provisioning-script-to-install-app.md#cab). The installation script should [include expansion of the .cab file](provisioning-script-to-install-app.md#cab-extract).
 
 
 <span id="adv" />
@@ -72,7 +72,7 @@ When you add an app in a Windows Configuration Designer wizard, the appropriate
 
 1. In the **Available customizations** pane, go to **Runtime settings** > **ProvisioningCommands** > **PrimaryContext** > **Command**. 
 
-2. Enter a name for the first app, and then click **Add**.
+2. Enter a name for the first app, and then select **Add**.
 
     ![enter name for first app.](../images/wcd-app-name.png)
 
@@ -90,9 +90,9 @@ Universal apps that you can distribute in the provisioning package can be line-o
 
     ![details for offline app package.](../images/uwp-family.png)
 
-3. For **ApplicationFile**, click **Browse** to find and select the target app (either an \*.appx or \*.appxbundle).
+3. For **ApplicationFile**, select **Browse** to find and select the target app (either an \*.appx or \*.appxbundle).
 
-4. For **DependencyAppxFiles**, click **Browse** to find and add any dependencies for the app. In Microsoft Store for Business, any dependencies for the app are listed in the **Required frameworks** section of the download page. 
+4. For **DependencyAppxFiles**, select **Browse** to find and add any dependencies for the app. In Microsoft Store for Business, any dependencies for the app are listed in the **Required frameworks** section of the download page. 
 
     ![required frameworks for offline app package.](../images/uwp-dependencies.png)
 
@@ -102,11 +102,11 @@ Universal apps that you can distribute in the provisioning package can be line-o
 
         ![generate license for offline app.](../images/uwp-license.png)
         
-    - Open the license file and search for **LicenseID=** to get the GUID, enter the GUID in the **LicenseProductID** field and click **Add**.
+    - Open the license file and search for **LicenseID=** to get the GUID, enter the GUID in the **LicenseProductID** field and select **Add**.
     
-6. In the **Available customizations** pane, click the **LicenseProductId** that you just added. 
+6. In the **Available customizations** pane, select the **LicenseProductId** that you just added. 
 
-7. For **LicenseInstall**, click **Browse**, navigate to the license file that you renamed *\<file name>*.**ms-windows-store-license**, and select the license file.
+7. For **LicenseInstall**, select **Browse**, navigate to the license file that you renamed *\<file name>*.**ms-windows-store-license**, and select the license file.
 
 [Learn more about distributing offline apps from the Microsoft Store for Business.](/microsoft-store/distribute-offline-apps)
 
@@ -119,7 +119,7 @@ Universal apps that you can distribute in the provisioning package can be line-o
 
 1. In the **Available customizations** pane, go to **Runtime settings** > **Certificates** > **ClientCertificates**. 
 
-2. Enter a **CertificateName** and then click **Add**. 
+2. Enter a **CertificateName** and then select **Add**. 
 
 2. Enter the **CertificatePassword**. 
 
@@ -136,12 +136,12 @@ For details about the settings you can customize in provisioning packages, see [
 
 ## Build your package
 
-1. When you are done configuring the provisioning package, on the **File** menu, click **Save**.
+1. When you are done configuring the provisioning package, on the **File** menu, select **Save**.
 
-2. Read the warning that project files may contain sensitive information, and click **OK**.
+2. Read the warning that project files may contain sensitive information, and select **OK**.
    > **Important**  When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
 
-3. On the **Export** menu, click **Provisioning package**.
+3. On the **Export** menu, select **Provisioning package**.
 
 4. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.**
 
@@ -154,25 +154,25 @@ For details about the settings you can customize in provisioning packages, see [
 
    -   **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen.
 
-   -   **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select...** and choosing the certificate you want to use to sign the package.
+   -   **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by selecting **Select...** and choosing the certificate you want to use to sign the package.
 
        **Important**  
        We recommend that you include a trusted provisioning certificate in your provisioning package. When the package is applied to a device, the certificate is added to the system store and any package signed with that certificate thereafter can be applied silently. 
 
-7. Click **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows ICD uses the project folder as the output location.<p>
-   Optionally, you can click **Browse** to change the default output location.
+7. Select **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows ICD uses the project folder as the output location.<p>
+   Optionally, you can select **Browse** to change the default output location.
 
-8. Click **Next**.
+8. Select **Next**.
 
-9. Click **Build** to start building the package. The project information is displayed in the build page and the progress bar indicates the build status.<p>
-   If you need to cancel the build, click **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**.
+9. Select **Build** to start building the package. The project information is displayed in the build page and the progress bar indicates the build status.<p>
+   If you need to cancel the build, select **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**.
 
 10. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.<p>
     If your build is successful, the name of the provisioning package, output directory, and project directory will be shown.
 
-    -   If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build.
+    -   If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, select **Back** to change the output package name and path, and then select **Next** to start another build.
     
-    -   If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**.
+    -   If you are done, select **Finish** to close the wizard and go back to the **Customizations Page**.
 
 11. Select the **output location** link to go to the location of the package. You can provide that .ppkg to others through any of the following methods:
 
@@ -184,32 +184,24 @@ For details about the settings you can customize in provisioning packages, see [
 
     -   Email
 
-    -   USB tether (mobile only)
-
-    -   NFC (mobile only)
-
-
-
 **Next step**: [How to apply a provisioning package](provisioning-apply-package.md)
 
 ## Learn more
 
 -   Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
-
--   Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922)
  
 
-## Related topics
+## Related articles
 
-- [Provisioning packages for Windows 10](provisioning-packages.md)
-- [How provisioning works in Windows 10](provisioning-how-it-works.md)
+- [Provisioning packages for Windows client](provisioning-packages.md)
+- [How provisioning works in Windows client](provisioning-how-it-works.md)
 - [Install Windows Configuration Designer](provisioning-install-icd.md)
 - [Create a provisioning package](provisioning-create-package.md)
 - [Apply a provisioning package](provisioning-apply-package.md)
 - [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
 - [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
 - [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
-- [PowerShell cmdlets for provisioning Windows 10 (reference)](provisioning-powershell.md)
+- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
 - [NFC-based device provisioning](../mobile-devices/provisioning-nfc.md)
 - [Use the package splitter tool](../mobile-devices/provisioning-package-splitter.md)
 - [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
diff --git a/windows/configuration/provisioning-packages/provisioning-apply-package.md b/windows/configuration/provisioning-packages/provisioning-apply-package.md
index 4a9381ab1c..65c0c03a4d 100644
--- a/windows/configuration/provisioning-packages/provisioning-apply-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-apply-package.md
@@ -1,5 +1,5 @@
 ---
-title: Apply a provisioning package (Windows 10)
+title: Apply a provisioning package (Windows 10/11)
 description: Provisioning packages can be applied to a device during the first-run experience (OOBE) and after ("runtime").
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -8,30 +8,26 @@ author: greg-lindsay
 ms.author: greglin
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 08/22/2017
 ms.reviewer: 
 manager: dansimp
 ---
 
-# Apply a provisioning package
+# Apply a provisioning package on Windows 10/11
 
 
 **Applies to**
 
 -   Windows 10
--   Windows 10 Mobile
+-   Windows 11
 
-Provisioning packages can be applied to a device during the first-run experience (out-of-box experience or "OOBE") and after ("runtime").
+Provisioning packages can be applied to client devices during the first-run experience (out-of-box experience or "OOBE") and after ("runtime").
 
 >[!NOTE]
->Applying a provisioning package to a desktop device requires administrator privileges on the device.
+>
+> - Applying a provisioning package to a desktop device requires administrator privileges on the device.
+> - You can interrupt a long-running provisioning process by pressing ESC.
 
-## Desktop editions
-
->[!NOTE]
->In Windows 10, version 1709, you can interrupt a long-running provisioning process by pressing ESC.
-
-### During initial setup, from a USB drive
+## During initial setup, from a USB drive
 
 1. Start with a computer on the first-run setup screen. If the PC has gone past this screen, reset the PC to start over. To reset the PC, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**.
 
@@ -41,66 +37,33 @@ Provisioning packages can be applied to a device during the first-run experience
 
     ![Set up device?](../images/setupmsg.jpg)
 
-3. The next screen asks you to select a provisioning source. Select **Removable Media** and tap **Next**.
+3. The next screen asks you to select a provisioning source. Select **Removable Media** and select **Next**.
 
     ![Provision this device.](../images/prov.jpg)
     
-4. Select the provisioning package (\*.ppkg) that you want to apply, and tap **Next**.
+4. Select the provisioning package (`.ppkg`) that you want to apply, and select **Next**.
 
     ![Choose a package.](../images/choose-package.png)
 
 5. Select **Yes, add it**.
 
     ![Do you trust this package?](../images/trust-package.png)
-    
 
-    
-### After setup, from a USB drive, network folder, or SharePoint site
+## After setup, from a USB drive, network folder, or SharePoint site
 
 Insert the USB drive to a desktop computer, navigate to **Settings** > **Accounts** > **Access work or school** > **Add or remove a provisioning package** > **Add a package**, and select the package to install. For a provisioning package stored on a network folder or on a SharePoint site, navigate to the provisioning package and double-click it to begin installation.
 
 ![add a package option.](../images/package.png)
-    
-## Mobile editions
 
-### Using removable media
+## Related articles
 
-1. Insert an SD card containing the provisioning package into the device.
-2. Navigate to **Settings** > **Accounts** > **Access work or school** > **Add or remove a provisioning package** > **Add a package**, and select the package to install. 
-
-    ![add a package option.](../images/packages-mobile.png)
-
-3. Click **Add**.
-
-4. On the device, the **Is this package from a source you trust?** message will appear. Tap **Yes, add it**.
-
-    ![Is this package from a source you trust.](../images/package-trust.png)
-    
-### Copying the provisioning package to the device
-
-1. Connect the device to your PC through USB.
-
-2. On the PC, select the provisioning package that you want to use to provision the device and then drag and drop the file to your device.
-
-3. On the device, the **Is this package from a source you trust?** message will appear. Tap **Yes, add it**.
-
-    ![Is this package from a source you trust.](../images/package-trust.png)
-
-
-
-
-
-
-
-## Related topics
-
-- [Provisioning packages for Windows 10](provisioning-packages.md)
-- [How provisioning works in Windows 10](provisioning-how-it-works.md)
+- [Provisioning packages for Windows client](provisioning-packages.md)
+- [How provisioning works in Windows client](provisioning-how-it-works.md)
 - [Install Windows Configuration Designer](provisioning-install-icd.md)
 - [Create a provisioning package](provisioning-create-package.md)
 - [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
 - [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
 - [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
-- [PowerShell cmdlets for provisioning Windows 10 (reference)](provisioning-powershell.md)
+- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
 - [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
 - [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
diff --git a/windows/configuration/provisioning-packages/provisioning-command-line.md b/windows/configuration/provisioning-packages/provisioning-command-line.md
index d4debef680..e73f3d5450 100644
--- a/windows/configuration/provisioning-packages/provisioning-command-line.md
+++ b/windows/configuration/provisioning-packages/provisioning-command-line.md
@@ -1,5 +1,5 @@
 ---
-title: Windows Configuration Designer command-line interface (Windows 10)
+title: Windows Configuration Designer command-line interface (Windows 10/11)
 description: 
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -8,8 +8,7 @@ author: greg-lindsay
 ms.author: greglin
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 07/27/2017
-ms.reviewer: 
+ms.reviewer: gkomatsu
 manager: dansimp
 ---
 
@@ -19,11 +18,11 @@ manager: dansimp
 **Applies to**
 
 - Windows 10
-- Windows 10 Mobile
+- Windows 11
 
 You can use the Windows Configuration Designer command-line interface (CLI) to automate the building of provisioning packages. 
 
-- IT pros can use the Windows Configuration Designer CLI to require less re-tooling of existing processes. You must run the Windows Configuration Designer CLI from a command window with administrator privileges.
+- IT pros can use the Windows Configuration Designer CLI to require less retooling of existing processes. You must run the Windows Configuration Designer CLI from a command window with administrator privileges.
 
 - You must use the Windows Configuration Designer CLI and edit the customizations.xml sources to create a provisioning package with multivariant support. You need the customizations.xml file as one of the inputs to the Windows Configuration Designer CLI to build a provisioning package. For more information, see [Create a provisioning package with multivariant settings](provisioning-multivariant.md). 
 
@@ -31,7 +30,7 @@ You can use the Windows Configuration Designer command-line interface (CLI) to a
 
 ## Syntax
 
-``` 
+``` icd
 icd.exe /Build-ProvisioningPackage /CustomizationXML:<path_to_xml> /PackagePath:<path_to_ppkg> 
 [/StoreFile:<path_to_storefile>]  [/MSPackageRoot:<path_to_mspackage_directory>]  [/OEMInputXML:<path_to_xml>]
 [/ProductName:<product_name>]  [/Variables:<name>:<value>] [[+|-]Encrypted] [[+|-]Overwrite] [/?]
@@ -45,28 +44,20 @@ icd.exe /Build-ProvisioningPackage /CustomizationXML:<path_to_xml> /PackagePath:
 | /PackagePath | Yes | Specifies the path and the package name where the built provisioning package will be saved. |
 | /StoreFile | No</br></br></br>See Important note. | For partners using a settings store other than the default store(s) used by Windows Configuration Designer, use this parameter to specify the path to one or more comma-separated Windows settings store file. By default, if you don't specify a settings store file, the settings store that's common to all Windows editions will be loaded by Windows Configuration Designer.</br></br></br>**Important**  If you use this parameter, you must not use /MSPackageRoot or /OEMInputXML. |
 | /Variables | No | Specifies a semicolon separated `<name>` and `<value>` macro pair. The format for the argument must be `<name>=<value>`. |
-| Encrypted | No | Denotes whether the provisioning package should be built with encryption. Windows Configuration Designer auto-generates the decryption password and includes this information in the output.</br></br></br>Precede with + for encryption or - for no encryption. The default is no encryption. |
+| Encrypted | No | Denotes whether the provisioning package should be built with encryption. Windows Configuration Designer autogenerates the decryption password and includes this information in the output.</br></br></br>Precede with `+` for encryption, or `-` for no encryption. The default is no encryption. |
 | Overwrite | No | Denotes whether to overwrite an existing provisioning package.</br></br></br>Precede with + to overwrite an existing package or - if you don't want to overwrite an existing package. The default is false (don't overwrite). |
 | /? | No | Lists the switches and their descriptions for the command-line tool or for certain commands. |
  
+## Related articles
 
-
-
-## Related topics
-
-- [Provisioning packages for Windows 10](provisioning-packages.md)
-- [How provisioning works in Windows 10](provisioning-how-it-works.md)
+- [Provisioning packages for Windows client](provisioning-packages.md)
+- [How provisioning works in Windows client](provisioning-how-it-works.md)
 - [Install Windows Configuration Designer](provisioning-install-icd.md)
 - [Create a provisioning package](provisioning-create-package.md)
 - [Apply a provisioning package](provisioning-apply-package.md)
 - [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
 - [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
 - [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
-- [PowerShell cmdlets for provisioning Windows 10 (reference)](provisioning-powershell.md)
+- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
 - [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
- 
-
-
-
-
-
+ 
\ No newline at end of file
diff --git a/windows/configuration/provisioning-packages/provisioning-create-package.md b/windows/configuration/provisioning-packages/provisioning-create-package.md
index 0aa10c16b5..c9767905ce 100644
--- a/windows/configuration/provisioning-packages/provisioning-create-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-create-package.md
@@ -1,6 +1,6 @@
 ---
-title: Create a provisioning package (Windows 10)
-description: Learn how to create a provisioning package for Windows 10, which lets you quickly configure a device without having to install a new image.
+title: Create a provisioning package (Windows 10/11)
+description: Learn how to create a provisioning package for Windows 10/11, which lets you quickly configure a device without having to install a new image.
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -8,20 +8,19 @@ author: greg-lindsay
 ms.author: greglin
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 07/27/2017
 ms.reviewer: 
 manager: dansimp
 ---
 
-# Create a provisioning package for Windows 10
+# Create a provisioning package for Windows 10/11
 
 
 **Applies to**
 
 -   Windows 10
--   Windows 10 Mobile
+-   Windows 11
 
-You can use Windows Configuration Designer to create a provisioning package (.ppkg) that contains customization settings, and then apply the provisioning package to a device running Windows 10 or Windows 10 Mobile. 
+You can use Windows Configuration Designer to create a provisioning package (`.ppkg`) that contains customization settings, and then apply the provisioning package to a device running Windows client.
 
 >[Learn how to install Windows Configuration Designer.](provisioning-install-icd.md)
 
@@ -41,15 +40,14 @@ You can use Windows Configuration Designer to create a provisioning package (.pp
 
     ![Configuration Designer wizards.](../images/icd-create-options-1703.png)
 
-    - The following wizard options provide a simple interface for configuring common settings for desktop, mobile, and kiosk devices: 
+    - The following wizard options provide a simple interface for configuring common settings for desktop and kiosk devices: 
 
         - [Instructions for the desktop wizard](provision-pcs-for-initial-deployment.md)
-        - [Instructions for the mobile wizard](../mobile-devices/provisioning-configure-mobile.md)
         - [Instructions for the kiosk wizard](../kiosk-single-app.md#wizard)
         - [Instructions for HoloLens wizard](/hololens/hololens-provisioning)
         - [Instructions for Surface Hub wizard](/surface-hub/provisioning-packages-for-surface-hub)
-        
-      Wizards are also available for creating provisioning packages for Microsoft Surface Hub and Microsoft HoloLens devices. For a summary of the settings available in the desktop, mobile, and kiosk devices, see [What you can configure using Configuration Designer wizards](provisioning-packages.md#configuration-designer-wizards).
+
+      Wizards are also available for creating provisioning packages for Microsoft Surface Hub and Microsoft HoloLens devices. For a summary of the settings available in the desktop and kiosk devices, see [What you can configure using Configuration Designer wizards](provisioning-packages.md#configuration-designer-wizards).
 
     - The **Advanced provisioning** option opens a new project with all the runtime settings available. (The rest of this procedure uses advanced provisioning.)
 
@@ -63,14 +61,13 @@ You can use Windows Configuration Designer to create a provisioning package (.pp
 4. Select the settings you want to configure, based on the type of device, and then select **Next**. The following table describes the options.
 
 
-   |          Windows edition          |              Settings available for customization               |                                              Provisioning package can apply to                                              |
-   |-----------------------------------|-----------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------|
-   |       All Windows editions        |                         Common settings                         |                                                   All Windows 10 devices                                                    |
-   |   All Windows desktop editions    |    Common settings and settings specific to desktop devices     |                All Windows 10 desktop editions (Home, Pro, Enterprise, Pro Education, Enterprise Education)                 |
-   |    All Windows mobile editions    |     Common settings and settings specific to mobile devices     |                                                All Windows 10 Mobile devices                                                |
-   |        Windows 10 IoT Core        |  Common settings and settings specific to Windows 10 IoT Core   |                                               All Windows 10 IoT Core devices                                               |
-   |      Windows 10 Holographic       | Common settings and settings specific to Windows 10 Holographic |                  [Microsoft HoloLens](/hololens/hololens-provisioning)                   |
-   | Common to Windows 10 Team edition |    Common settings and settings specific to Windows 10 Team     | [Microsoft Surface Hub](/surface-hub/provisioning-packages-for-surface-hub) |
+    | Windows edition | Settings available for customization | Provisioning package can apply to |
+    |---|---|---|
+    |  All Windows editions | Common settings  | All Windows client devices |
+    | All Windows desktop editions    |    Common settings and settings specific to desktop devices |  All Windows client desktop editions (Home, Pro, Enterprise, Pro Education, Enterprise Education) |
+    | Windows 10 IoT Core        |  Common settings and settings specific to Windows 10 IoT Core   | All Windows 10 IoT Core devices |
+    | Windows 10 Holographic       | Common settings and settings specific to Windows 10 Holographic | [Microsoft HoloLens](/hololens/hololens-provisioning) |
+    | Common to Windows 10 Team edition |    Common settings and settings specific to Windows 10 Team  | [Microsoft Surface Hub](/surface-hub/provisioning-packages-for-surface-hub) |
 
 
 5. On the **Import a provisioning package (optional)** page, you can select **Finish** to create your project, or browse to and select an existing provisioning package to import to your project, and then select **Finish**.
@@ -89,21 +86,33 @@ For an advanced provisioning project, Windows Configuration Designer opens the *
 
 ![What the ICD interface looks like.](../images/icd-runtime.png)
 
-The settings in Windows Configuration Designer are based on Windows 10 configuration service providers (CSPs). To learn more about CSPs, see [Introduction to configuration service providers (CSPs) for IT pros](./how-it-pros-can-use-configuration-service-providers.md).
+The settings in Windows Configuration Designer are based on Windows client configuration service providers (CSPs). To learn more about CSPs, see [Introduction to configuration service providers (CSPs) for IT pros](./how-it-pros-can-use-configuration-service-providers.md).
 
 The process for configuring settings is similar for all settings. The following table shows an example.
 
-<table>
-<tr><td><img src="../images/one.png" alt="step one"/></br>Expand a category.</td><td><img src="../images/icd-step1.png" alt="Expand Certificates category"/></td></tr>
-<tr><td><img src="../images/two.png" alt="step two"/></br>Select a setting.</td><td><img src="../images/icd-step2.png" alt="Select ClientCertificates"/></td></tr>
-<tr><td><img src="../images/three.png" alt="step three"/></br>Enter a value for the setting. Select <strong>Add</strong> if the button is displayed.</td><td><img src="../images/icd-step3.png" alt="Enter a name for the certificate"/></td></tr>
-<tr><td><img src="../images/four.png" alt="step four"/></br>Some settings, such as this example, require additional information. In <strong>Available customizations</strong>, select the value you just created, and additional settings are displayed.</td><td><img src="../images/icd-step4.png" alt="Additional settings for client certificate"/></td></tr> 
-<tr><td><img src="../images/five.png" alt="step five"/></br>When the setting is configured, it is displayed in the <strong>Selected customizations</strong> pane.</td><td><img src="../images/icd-step5.png" alt="Selected customizations pane"/></td></tr>
-</table>
+1. Expand a category:
 
-For details on each specific setting, see [Windows Provisioning settings reference](../wcd/wcd.md). The reference topic for a setting is also displayed in Windows Configuration Designer when you select the setting, as shown in the following image.
+    :::image type="content" source="../images/icd-step1.png" alt-text="In Windows Configuration Designer, expand the Certificates category.":::
 
-![Windows Configuration Designer opens the reference topic when you select a setting.](../images/icd-setting-help.png) 
+2. Select a setting:
+
+    :::image type="content" source="../images/icd-step2.png" alt-text="In Windows Configuration Designer, select ClientCertificates.":::
+
+3. Enter a value for the setting. Select **Add** if the button is displayed:
+
+    :::image type="content" source="../images/icd-step3.png" alt-text="In Windows Configuration Designer, enter a name for the certificate.":::
+
+4. Some settings, such as this example, require additional information. In **Available customizations**, select the value you just created, and more settings are displayed:
+
+    :::image type="content" source="../images/icd-step4.png" alt-text="In Windows Configuration Designer, additional settings for client certificate are available.":::
+
+5. When the setting is configured, it is displayed in the **Selected customizations** pane:
+
+    :::image type="content" source="../images/icd-step5.png" alt-text="In Windows Configuration Designer, the selected customizations pane shows your settings.":::
+
+For details on each specific setting, see [Windows Provisioning settings reference](../wcd/wcd.md). The reference article for a setting is also displayed in Windows Configuration Designer when you select the setting, as shown in the following image.
+
+![Windows Configuration Designer opens the reference topic when you select a setting.](../images/icd-setting-help.png)
 
 
  ## Build package
@@ -120,7 +129,7 @@ For details on each specific setting, see [Windows Provisioning settings referen
 
 3. In the **Select security details for the provisioning package** window, you can select to encrypt and/or sign a provisioning package with a selected certificate, and then select **Next**. Both selections are optional:
 
-   - **Encrypt package** -  If you select this option, an auto-generated password will be shown on the screen.
+   - **Encrypt package** -  If you select this option, an autogenerated password will be shown on the screen.
    - **Sign package** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by selecting **Select** and choosing the certificate you want to use to sign the package.
 
      >[!NOTE]
@@ -148,19 +157,17 @@ For details on each specific setting, see [Windows Provisioning settings referen
 
 - Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
 
-- Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922)
-
 - [How to bulk-enroll devices with On-premises Mobile Device Management in Microsoft Endpoint Configuration Manager](/configmgr/mdm/deploy-use/bulk-enroll-devices-on-premises-mdm)
 
-## Related topics
+## Related articles
 
-- [Provisioning packages for Windows 10](provisioning-packages.md)
-- [How provisioning works in Windows 10](provisioning-how-it-works.md)
+- [Provisioning packages for Windows client](provisioning-packages.md)
+- [How provisioning works in Windows client](provisioning-how-it-works.md)
 - [Install Windows Configuration Designer](provisioning-install-icd.md)
 - [Apply a provisioning package](provisioning-apply-package.md)
 - [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
 - [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
 - [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
-- [PowerShell cmdlets for provisioning Windows 10 (reference)](provisioning-powershell.md)
+- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
 - [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
 - [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
\ No newline at end of file
diff --git a/windows/configuration/provisioning-packages/provisioning-how-it-works.md b/windows/configuration/provisioning-packages/provisioning-how-it-works.md
index 71b38c30f7..e4ff8043f6 100644
--- a/windows/configuration/provisioning-packages/provisioning-how-it-works.md
+++ b/windows/configuration/provisioning-packages/provisioning-how-it-works.md
@@ -1,6 +1,6 @@
 ---
-title: How provisioning works in Windows 
-description: A provisioning package (.ppkg) is a container for a collection of configuration settings. 
+title: How provisioning works in Windows 10/11
+description: Learn more about how provisioning package work on Windows client devices. A provisioning package (.ppkg) is a container for a collection of configuration settings. 
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -8,7 +8,6 @@ author: greg-lindsay
 ms.author: greglin
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 09/03/2021
 ms.reviewer: 
 manager: dansimp
 ---
@@ -21,11 +20,11 @@ manager: dansimp
 -   Windows 10
 -   Windows 11
 
-Provisioning packages in Windows 10 provide IT administrators with a simplified way to apply configuration settings to Windows 10 and 11 devices. Windows Configuration Designer is a tool that makes it easy to create a provisioning package. Windows Configuration Designer can be installed from <!-- the [Windows Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) or through the --> Microsoft Store.
+Provisioning packages in Windows client provide IT administrators with a simplified way to apply configuration settings to Windows client devices. Windows Configuration Designer is a tool that makes it easy to create a provisioning package. Windows Configuration Designer can be installed from <!-- the [Windows Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) or through the --> Microsoft Store.
 
 ## Provisioning packages
 
-A provisioning package contains specific configurations/settings and assets that can be provided through a removable media or simply downloaded to the device.
+A provisioning package contains specific configurations/settings and assets that can be provided through a removable media or downloaded to the device.
 
 To enable adding multiple sets of settings or configurations, the configuration data used by the provisioning engine is built out of multiple configuration sources that consist of separate provisioning packages. Each provisioning package contains the provisioning data from a different source.
 
@@ -69,7 +68,7 @@ When the provisioning engine selects a configuration, the Windows provisioning X
 
 ## Provisioning engine
 
-The provisioning engine is the core component for managing provisioning and configuration at runtime in a device running Windows 10 or 11. 
+The provisioning engine is the core component for managing provisioning and configuration at runtime in a device running Windows 10/11. 
 
 The provisioning engine provides the following functionality:
 
@@ -82,7 +81,7 @@ The provisioning engine provides the following functionality:
 
 ## Configuration manager
 
-The configuration manager provides the unified way of managing Windows 10 and 11 devices. Configuration is mainly done through the Open Mobile Alliance (OMA) Device Management (DM) and Client Provisioning (CP) protocols. The configuration manager handles and parses these protocol requests from different channels and passes them down to [Configuration Service Providers (CSPs)](/windows/client-management/mdm/configuration-service-provider-reference) to perform the specific management requests and settings. 
+The configuration manager provides the unified way of managing Windows 10/11 devices. Configuration is mainly done through the Open Mobile Alliance (OMA) Device Management (DM) and Client Provisioning (CP) protocols. The configuration manager handles and parses these protocol requests from different channels and passes them down to [Configuration Service Providers (CSPs)](/windows/client-management/mdm/configuration-service-provider-reference) to perform the specific management requests and settings. 
 
 The provisioning engine relies on configuration manager for all of the actual processing and application of a chosen configuration. The provisioning engine determines the stage of provisioning and, based on a set of keys, determines the set of configuration to send to the configuration manager. The configuration manager in turn parses and calls into the CSPs for the setting to be applied. 
 
@@ -110,14 +109,6 @@ When a trigger occurs, provisioning is initiated for a particular provisioning s
 - **Update**: Runs after an update to apply potential updated settings changes.
 - **User**: runs during a user account first run to configure per-user settings.
 
-
-
-
-
-
-
-
-
 ## Device provisioning during OOBE
 
 The provisioning engine always applies provisioning packages persisted in the `C:\Recovery\Customizations` folder on the OS partition. When the provisioning engine applies provisioning packages in the `%ProgramData%\Microsoft\Provisioning` folder, certain runtime setting applications, such as the setting to install and configure Windows apps, may be extended past the OOBE pass and continually be processed in the background when the device gets to the desktop. Settings for configuring policies and certain crucial system configurations are always be completed before the first point at which they must take effect. 
@@ -129,8 +120,8 @@ The following table shows how device provisioning can be initiated when a user f
 
 | Package delivery | Initiation method | Supported device |
 | --- | --- | --- |
-| Removable media - USB drive or SD card</br> (Packages must be placed at media root) | 5 fast taps on the Windows key to launch the provisioning UI |All Windows devices |
-| From an administrator device through machine-to-machine NFC or NFC tag</br>(The administrator device must run an app that can transfer the package over NFC) | 5 fast taps on the Windows key to launch the provisioning UI | Windows <!-- 10 Mobile devices and -->IoT Core devices |
+| Removable media - USB drive or SD card</br> (Packages must be placed at media root) | Five fast taps on the Windows key to launch the provisioning UI |All Windows devices |
+| From an administrator device through machine-to-machine NFC or NFC tag</br>(The administrator device must run an app that can transfer the package over NFC) | Five fast taps on the Windows key to launch the provisioning UI | Windows IoT Core devices |
  
 The provisioning engine always copies the acquired provisioning packages to the `%ProgramData%\Microsoft\Provisioning` folder before processing them during OOBE. The provisioning engine always applies provisioning packages embedded in the installed Windows image during Windows Setup OOBE pass regardless of whether the package is signed and trusted. When the provisioning engine applies an encrypted provisioning package on an end-user device during OOBE, users must first provide a valid password to decrypt the package. The provisioning engine also checks whether a provisioning package is signed and trusted; if it's not, the user must provide consent before the package is applied to the device. 
 
@@ -143,8 +134,8 @@ At device runtime, stand-alone provisioning packages can be applied by user init
 | Package delivery | Initiation method | Supported device |
 | --- | --- | --- |
 | Removable media - USB drive or SD card</br>(Packages must be placed at media root) | **Settings** > **Accounts** > **Access work or school** > **Add or remove a provisioning package** | All Windows devices |
-| Downloaded from a network connection and copied to a local folder | Double-click the package file | Windows 10 for desktop editions devices |
-| From an administrator device connected to the target device through USB tethering | Drag and drop the package file onto the target device | Windows <!--10 Mobile devices and -->IoT Core devices |
+| Downloaded from a network connection and copied to a local folder | Double-click the package file | Windows client for desktop editions devices |
+| From an administrator device connected to the target device through USB tethering | Drag and drop the package file onto the target device | Windows IoT Core devices |
 
 When applying provisioning packages from a removable media attached to the device, the Settings UI allows viewing contents of a package before selecting the package for provisioning. To minimize the risk of the device being spammed by applying provisioning packages from unknown sources, a provisioning package can be signed and encrypted. Partners can also set policies to limit the application of provisioning packages at device runtime. Applying provisioning packages at device runtime requires administrator privilege. If the package is not signed or trusted, a user must provide consent before the package is applied to the device. If the package is encrypted, a valid password is needed to decrypt the package before it can be applied to the device.
 
@@ -157,25 +148,16 @@ After a stand-alone provisioning package is applied to the device, the package i
 
 -   Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
 
-<!-- -   Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922) -->
 
+## Related articles
 
-## Related topics
-
-- [Provisioning packages for Windows 10](provisioning-packages.md)
+- [Provisioning packages for Windows client](provisioning-packages.md)
 - [Install Windows Configuration Designer](provisioning-install-icd.md)
 - [Create a provisioning package](provisioning-create-package.md)
 - [Apply a provisioning package](provisioning-apply-package.md)
 - [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
 - [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
 - [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
-- [PowerShell cmdlets for provisioning Windows 10 (reference)](provisioning-powershell.md)
+- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
 - [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
 - [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
-
-
-
-
- 
-
- 
diff --git a/windows/configuration/provisioning-packages/provisioning-install-icd.md b/windows/configuration/provisioning-packages/provisioning-install-icd.md
index 1a467d4e6d..e43cd69d98 100644
--- a/windows/configuration/provisioning-packages/provisioning-install-icd.md
+++ b/windows/configuration/provisioning-packages/provisioning-install-icd.md
@@ -1,6 +1,6 @@
 ---
-title: Install Windows Configuration Designer (Windows 10)
-description: Learn how to install and use Windows Configuration Designer so you can easily configure devices running Windows 10. 
+title: Install Windows Configuration Designer (Windows 10/11)
+description: Learn how to install and use Windows Configuration Designer so you can easily configure devices running Windows 10/11. 
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -8,7 +8,6 @@ author: greg-lindsay
 ms.author: greglin
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 10/16/2017
 ms.reviewer: 
 manager: dansimp
 ---
@@ -19,13 +18,13 @@ manager: dansimp
 **Applies to**
 
 -   Windows 10
--   Windows 10 Mobile
+-   Windows 11
 
-Use the Windows Configuration Designer tool to create provisioning packages to easily configure devices running Windows 10. Windows Configuration Designer is primarily designed for use by IT departments for business and educational institutions who need to provision bring-your-own-device (BYOD) and business-supplied devices.
+Use the Windows Configuration Designer tool to create provisioning packages to easily configure devices running Windows client. Windows Configuration Designer is primarily designed for use by IT departments for business and educational institutions who need to provision bring-your-own-device (BYOD) and business-supplied devices.
 
 ## Supported platforms
 
-Windows Configuration Designer can create provisioning packages for Windows 10 desktop and mobile editions, including Windows 10 IoT Core, as well as Microsoft Surface Hub and Microsoft HoloLens. You can run Windows Configuration Designer on the following operating systems:
+Windows Configuration Designer can create provisioning packages for Windows client desktop, including Windows IoT Core, as well as Microsoft Surface Hub and Microsoft HoloLens. You can run Windows Configuration Designer on the following operating systems:
 
 - Windows 10 - x86 and amd64
 - Windows 8.1 Update - x86 and amd64
@@ -39,18 +38,18 @@ Windows Configuration Designer can create provisioning packages for Windows 10 d
 - Windows Server 2008 R2
 
 >[!WARNING]
->You must run Windows Configuration Designer on Windows 10 to configure Azure Active Directory enrollment using any of the wizards.
+>You must run Windows Configuration Designer on Windows client to configure Azure Active Directory enrollment using any of the wizards.
 
 ## Install Windows Configuration Designer
 
-On devices running Windows 10, you can install [the Windows Configuration Designer app from the Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22). To run Windows Configuration Designer on other operating systems or in languages other than English, install it from the [Windows Assessment and Deployment Kit (ADK) for Windows 10](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit).
+On devices running Windows client, you can install [the Windows Configuration Designer app from the Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22). To run Windows Configuration Designer on other operating systems or in languages other than English, install it from the [Windows Assessment and Deployment Kit (ADK) for Windows](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit).
 
 >[!NOTE]
 >If you install Windows Configuration Designer from both the ADK and Microsoft Store, the Store app will not open.
 >
 >The Windows Configuration Designer App from Microsoft Store currently supports only English. For a localized version of the Windows Configuration Designer, install it from the Windows ADK. 
 
-1. Go to [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) and select **Get Windows ADK** for the version of Windows 10 that you want to create provisioning packages for (version 1511, 1607, or 1703).
+1. Go to [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) and select **Get Windows ADK** for the version of Windows client that you want to create provisioning packages for (version 1511, 1607, or 1703).
 
     >[!NOTE]
     >The rest of this procedure uses Windows ADK for Windows 10, version 1703 as an example.
@@ -94,27 +93,15 @@ On devices running Windows 10, you can install [the Windows Configuration Design
 
 -   Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
 
--   Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922)
+## Related articles
 
-## Related topics
-
-- [Provisioning packages for Windows 10](provisioning-packages.md)
-- [How provisioning works in Windows 10](provisioning-how-it-works.md)
+- [Provisioning packages for Windows client](provisioning-packages.md)
+- [How provisioning works in Windows client](provisioning-how-it-works.md)
 - [Create a provisioning package](provisioning-create-package.md)
 - [Apply a provisioning package](provisioning-apply-package.md)
 - [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
 - [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
 - [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
-- [PowerShell cmdlets for provisioning Windows 10 (reference)](provisioning-powershell.md)
+- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
 - [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
 - [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
-
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/configuration/provisioning-packages/provisioning-multivariant.md b/windows/configuration/provisioning-packages/provisioning-multivariant.md
index 6e54b39009..a2b51681ca 100644
--- a/windows/configuration/provisioning-packages/provisioning-multivariant.md
+++ b/windows/configuration/provisioning-packages/provisioning-multivariant.md
@@ -1,5 +1,5 @@
 ---
-title: Create a provisioning package with multivariant settings (Windows 10)
+title: Create a provisioning package with multivariant settings (Windows 10/11)
 description: Create a provisioning package with multivariant settings to customize the provisioned settings for defined conditions.
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -7,8 +7,7 @@ ms.sitesec: library
 author: greg-lindsay
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 11/08/2017
-ms.reviewer: 
+ms.reviewer: gkomatsu
 manager: dansimp
 ms.author: greglin
 ---
@@ -19,7 +18,7 @@ ms.author: greglin
 **Applies to**
 
 -   Windows 10
--   Windows 10 Mobile
+-   Windows 11
 
 
 In your organization, you might have different configuration requirements for devices that you manage. You can create separate provisioning packages for each group of devices in your organization that have different requirements. Or, you can create a multivariant provisioning package, a single provisioning package that can work for multiple conditions. For example, in a single provisioning package, you can define one set of customization settings that will apply to devices set up for French and a different set of customization settings for devices set up for Japanese. 
@@ -40,35 +39,35 @@ A **Target** can have more than one **TargetState**, and a **TargetState** can h
 The following table describes the logic for the target definition.
 
 <table><tr><td>When all <strong>Condition</strong> elements are TRUE, <strong>TargetState</strong> is TRUE.</td><td><img src="../images/icd-multi-targetstate-true.png" alt="Target state is true when all conditions are true"/></td></tr>
-<tr><td>If any of the <strong>TargetState</strong> elements is TRUE, <strong>Target</strong> is TRUE, and the <strong>Id</strong> can be used for setting customizations.</td><td><img src="../images/icd-multi-target-true.png" alt="Target is true if any target state is true"/></td></tr></table>
+<tr><td>If any of the <strong>TargetState</strong> elements is TRUE, <strong>Target</strong> is TRUE, and the <strong>ID</strong> can be used for setting customizations.</td><td><img src="../images/icd-multi-target-true.png" alt="Target is true if any target state is true"/></td></tr></table>
 
 ### Conditions
 
-The following table shows the conditions supported in Windows 10 provisioning for a **TargetState**:
+The following table shows the conditions supported in Windows client provisioning for a **TargetState**:
 
 
-| Condition Name | Condition priority | Windows 10 Mobile | Windows 10 for desktop editions | Value type | Value description |
-| --- | --- | --- | --- | --- | --- |
-| MNC | P0 | Supported | Supported | Digit string | Use to target settings based on the Mobile Network Code (MNC) value. |
-| MCC | P0 | Supported | Supported | Digit string | Use to target settings based on the Mobile Country Code (MCC) value. |
-| SPN | P0 | Supported | Supported | String | Use to target settings based on the Service Provider Name (SPN) value. |
-| PNN | P0 | Supported | Supported | String | Use to target settings based on public land mobile network (PLMN) Network Name value. |
-| GID1 | P0 | Supported | Supported | Digit string | Use to target settings based on the Group Identifier (level 1) value. |
-| ICCID | P0 | Supported | Supported | Digit string | Use to target settings based on the Integrated Circuit Card Identifier (ICCID) value. |
-| Roaming | P0 | Supported | N/A | Boolean | Use to specify roaming. Set the value to **1** (roaming) or **0** (non-roaming). | 
-| UICC | P0 | Supported | N/A | Enumeration | Use to specify the Universal Integrated Circuit Card (UICC) state. Set the value to one of the following:</br></br></br>- 0 - Empty</br>- 1 - Ready</br>- 2 - Locked |
-| UICCSLOT | P0 | Supported | N/A | Digit string | Use to specify the UICC slot. Set the value one of the following:</br></br></br>- 0 - Slot 0</br>- 1 - Slot 1 |
-| ProcessorType | P1 | Supported | Supported | String | Use to target settings based on the processor type. |
-| ProcessorName | P1 | Supported | Supported | String | Use to target settings based on the processor name. |
-| AoAc ("Always On, Always Connected") | P1 | Supported | Supported | Boolean | Set the value to **0** (false) or **1** (true). If this condition is TRUE, the system supports the S0 low power idle model. |
-| PowerPlatformRole | P1 | Supported | Supported | Enumeration | Indicates the preferred power management profile. Set the value based on the [POWER_PLATFORM_ROLE enumeration](/windows/win32/api/winnt/ne-winnt-power_platform_role).  |
-| Architecture | P1 | Supported | Supported | String | Matches the PROCESSOR_ARCHITECTURE environment variable. |
-| Server | P1 | Supported | Supported | Boolean | Set the value to **0** (false) or **1** (true) to identify a server. |
-| Region | P1 | Supported | Supported | Enumeration | Use to target settings based on country/region, using the 2-digit alpha ISO code per [ISO 3166-1 alpha-2](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2). |
-| Lang | P1 | Supported | Supported | Enumeration | Use to target settings based on language code, using the 2-digit [ISO 639 alpha-2 code](https://en.wikipedia.org/wiki/ISO_639).  |
+| Condition Name | Condition priority | Windows client for desktop editions | Value type | Value description |
+| --- | --- | --- | --- | --- |
+| MNC | P0 | Supported | Digit string | Use to target settings based on the Mobile Network Code (MNC) value. |
+| MCC | P0 | Supported | Digit string | Use to target settings based on the Mobile Country Code (MCC) value. |
+| SPN | P0 | Supported | String | Use to target settings based on the Service Provider Name (SPN) value. |
+| PNN | P0 |  Supported | String | Use to target settings based on public land mobile network (PLMN) Network Name value. |
+| GID1 | P0 | Supported | Digit string | Use to target settings based on the Group Identifier (level 1) value. |
+| ICCID | P0 | Supported | Digit string | Use to target settings based on the Integrated Circuit Card Identifier (ICCID) value. |
+| Roaming | P0 | N/A | Boolean | Use to specify roaming. Set the value to **1** (roaming) or **0** (non-roaming). | 
+| UICC | P0 | N/A | Enumeration | Use to specify the Universal Integrated Circuit Card (UICC) state. Set the value to one of the following:</br></br></br>- 0 - Empty</br>- 1 - Ready</br>- 2 - Locked |
+| UICCSLOT | P0 | N/A | Digit string | Use to specify the UICC slot. Set the value one of the following:</br></br></br>- 0 - Slot 0</br>- 1 - Slot 1 |
+| ProcessorType | P1 | Supported | String | Use to target settings based on the processor type. |
+| ProcessorName | P1 | Supported | String | Use to target settings based on the processor name. |
+| AoAc ("Always On, Always Connected") | P1 | Supported | Boolean | Set the value to **0** (false) or **1** (true). If this condition is TRUE, the system supports the S0 low power idle model. |
+| PowerPlatformRole | P1 | Supported | Enumeration | Indicates the preferred power management profile. Set the value based on the [POWER_PLATFORM_ROLE enumeration](/windows/win32/api/winnt/ne-winnt-power_platform_role).  |
+| Architecture | P1 | Supported | String | Matches the PROCESSOR_ARCHITECTURE environment variable. |
+| Server | P1 | Supported | Boolean | Set the value to **0** (false) or **1** (true) to identify a server. |
+| Region | P1 | Supported | Enumeration | Use to target settings based on country/region, using the 2-digit alpha ISO code per [ISO 3166-1 alpha-2](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2). |
+| Lang | P1 | Supported | Enumeration | Use to target settings based on language code, using the 2-digit [ISO 639 alpha-2 code](https://en.wikipedia.org/wiki/ISO_639).  |
 
 
-The matching types supported in Windows 10 are:
+The matching types supported in Windows client are:
 
 | Matching type | Syntax | Example |
 | --- | --- | --- |
@@ -79,7 +78,7 @@ The matching types supported in Windows 10 are:
 
 ### TargetState priorities
 
-You can define more than one **TargetState** within a provisioning package to apply settings to devices that match device conditions. When the provisioning engine evalues each **TargetState**, more than one **TargetState** may fit current device conditions. To determine the order in which the settings are applied, the system assigns a priority to every **TargetState**. 
+You can define more than one **TargetState** within a provisioning package to apply settings to devices that match device conditions. When the provisioning engine evaluates each **TargetState**, more than one **TargetState** may fit current device conditions. To determine the order in which the settings are applied, the system assigns a priority to every **TargetState**. 
 
 A setting that matches a **TargetState** with a lower priority is applied before the setting that matches a **TargetState** with a higher priority. This means that a setting for the **TargetState** with the higher priority can overwrite a setting for the **TargetState** with the lower priority.
 
@@ -281,38 +280,29 @@ In this example, the **StoreFile** corresponds to the location of the settings s
 
 ## Events that trigger provisioning
 
-When you install the multivariant provisioning package on a Windows 10 device, the provisioning engine applies the matching condition settings at every event and triggers provisioning.
+When you install the multivariant provisioning package on a Windows client device, the provisioning engine applies the matching condition settings at every event and triggers provisioning.
 
-The following events trigger provisioning on Windows 10 devices:
+The following events trigger provisioning on Windows client devices:
 
-| Event | Windows 10 Mobile | Windows 10 for desktop editions |
-| --- | --- | --- |
-| System boot | Supported | Supported |
-| Operating system update | Supported | Planned |
-| Package installation during device first run experience | Supported | Supported |
-| Detection of SIM presence or update | Supported | Supported |
-| Package installation at runtime | Supported | Supported |
-| Roaming detected | Supported | Not supported |
+| Event | Windows client for desktop editions |
+| --- | --- | 
+| System boot | Supported |
+| Operating system update | Planned |
+| Package installation during device first run experience | Supported |
+| Detection of SIM presence or update | Supported |
+| Package installation at runtime | Supported |
+| Roaming detected Not supported |
  
+## Related articles
 
- 
-
-
-
-
-
- 
-
-## Related topics
-
-- [Provisioning packages for Windows 10](provisioning-packages.md)
-- [How provisioning works in Windows 10](provisioning-how-it-works.md)
+- [Provisioning packages for Windows client](provisioning-packages.md)
+- [How provisioning works in Windows client](provisioning-how-it-works.md)
 - [Install Windows Configuration Designer](provisioning-install-icd.md)
 - [Create a provisioning package](provisioning-create-package.md)
 - [Apply a provisioning package](provisioning-apply-package.md)
 - [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
 - [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
 - [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
-- [PowerShell cmdlets for provisioning Windows 10 (reference)](provisioning-powershell.md)
+- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
 - [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
 
diff --git a/windows/configuration/provisioning-packages/provisioning-packages.md b/windows/configuration/provisioning-packages/provisioning-packages.md
index e788dfc0a5..049789b70b 100644
--- a/windows/configuration/provisioning-packages/provisioning-packages.md
+++ b/windows/configuration/provisioning-packages/provisioning-packages.md
@@ -1,6 +1,6 @@
 ---
-title: Provisioning packages (Windows)
-description: With Windows 10 and Windows 11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
+title: Provisioning packages overview on Windows 10/11
+description: With Windows 10 and Windows 11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. Learn about what provisioning packages, are and what they do.
 ms.assetid: 287706E5-063F-4AB5-902C-A0DF6D0730BC
 ms.reviewer: 
 manager: dansimp
@@ -11,7 +11,7 @@ author: greg-lindsay
 ms.author: greglin
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 09/07/2021
+
 ---
 
 # Provisioning packages for Windows
@@ -24,9 +24,9 @@ ms.date: 09/07/2021
 
 Windows provisioning makes it easy for IT administrators to configure end-user devices without imaging. Using Windows provisioning, an IT administrator can easily specify desired configuration and settings required to enroll the devices into management and then apply that configuration to target devices in a matter of minutes. It is best suited for small- to medium-sized businesses with deployments that range from tens to a few hundred computers. 
 
-A provisioning package (.ppkg) is a container for a collection of configuration settings. With Windows 10 and 11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
+A provisioning package (.ppkg) is a container for a collection of configuration settings. With Windows client, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
 
-Provisioning packages are simple enough that with a short set of written instructions, a student or non-technical employee can use them to configure their device. This can result in a significant reduction in the time required to configure multiple devices in your organization.
+Provisioning packages are simple enough that with a short set of written instructions, a student, or non-technical employee can use them to configure their device. This can result in a significant reduction in the time required to configure multiple devices in your organization.
 
 <!-- The [Windows Assessment and Deployment Kit (ADK) for Windows 10](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) includes the Windows Configuration Designer, a tool for configuring provisioning packages.--> 
 Windows Configuration Designer is available as an [app in the Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22). 
@@ -75,17 +75,18 @@ Provisioning packages can be:
 
 The following table describes settings that you can configure using the wizards in Windows Configuration Designer to create provisioning packages.
 
+| Step | Description | Desktop wizard | Kiosk wizard | HoloLens wizard |
+| --- | --- | --- | --- | --- |
+| Set up device | Assign device name, enter product key to upgrade Windows, configure shared used, remove pre-installed software | ✔️ | ✔️ | ✔️ |
+| Set up network | Connect to a Wi-Fi network | ✔️ | ✔️ | ✔️ |
+| Account management | Enroll device in Active Directory, enroll device in Azure Active Directory, or create a local administrator account | ✔️ | ✔️ | ✔️ |
+| Bulk Enrollment in Azure AD | Enroll device in Azure Active Directory</br></br>Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, [set up Azure AD join in your organization](/azure/active-directory/active-directory-azureadjoin-setup). | ❌ | ❌ | ❌ |
+| Add applications | Install applications using the provisioning package.  | ✔️ | ✔️ | ❌ |
+| Add certificates | Include a certificate file in the provisioning package. | ✔️ | ✔️ | ✔️ |
+| Configure kiosk account and app | Create local account to run the kiosk mode app, specify the app to run in kiosk mode | ❌ | ✔️ | ❌ |
+| Configure kiosk common settings | Set tablet mode, configure welcome and shutdown screens, turn off timeout settings | ❌ | ✔️ | ❌ |
+| Developer Setup | Enable Developer Mode  | ❌ | ❌ | ✔️ |
 
-<table><tr><td align="left"><strong>Step</strong></td><td align="left"><strong>Description</strong></td><td><strong>Desktop wizard</strong></td><td><strong>Kiosk wizard</strong></td><td><strong>HoloLens wizard</strong></td></tr>
-<tr><td valign="top">Set up device</td><td valign="top">Assign device name,</br>enter product key to upgrade Windows,</br>configure shared used,</br>remove pre-installed software</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr>
-<tr><td valign="top">Set up network</td><td valign="top">Connect to a Wi-Fi network</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr>
-<tr><td valign="top">Account management</td><td valign="top">Enroll device in Active Directory,</br>enroll device in Azure Active Directory,</br>or create a local administrator account</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="no1"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr>
-<tr><td valign="top">Bulk Enrollment in Azure AD</td><td valign="top">Enroll device in Azure Active Directory</br></br>Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, <a href="/azure/active-directory/active-directory-azureadjoin-setup" data-raw-source="[set up Azure AD join in your organization](/azure/active-directory/active-directory-azureadjoin-setup)">set up Azure AD join in your organization</a>.</td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no5"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no4"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no2"/></td></tr>
-<tr><td valign="top">Add applications</td><td valign="top">Install applications using the provisioning package.</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no3"/></td></tr>
-<tr><td valign="top">Add certificates</td><td valign="top">Include a certificate file in the provisioning package.</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr>
-<tr><td valign="top">Configure kiosk account and app</td><td valign="top">Create local account to run the kiosk mode app,</br>specify the app to run in kiosk mode</td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no6"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no7"/></td></tr>
-<tr><td valign="top">Configure kiosk common settings</td><td valign="top">Set tablet mode,</br>configure welcome and shutdown screens,</br>turn off timeout settings</td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no8"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no9"/></td></tr>
-<tr><td valign="top">Developer Setup</td><td valign="top">Enable Developer Mode.</td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no22"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no11"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr></table>
 
 <!-- <table><tr><td align="left"><strong>Step</strong></td><td align="left"><strong>Description</strong></td><td><strong>Desktop wizard</strong></td><td align="center"><strong>Mobile wizard</strong></td><td><strong>Kiosk wizard</strong></td><td><strong>HoloLens wizard</strong></td></tr> -->
 <!-- <tr><td valign="top">Set up device</td><td valign="top">Assign device name,</br>enter product key to upgrade Windows,</br>configure shared used,</br>remove pre-installed software</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></br>(Only device name and upgrade key)</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr> -->
@@ -112,20 +113,17 @@ The following table describes settings that you can configure using the wizards
 The following table provides some examples of settings that you can configure using the Windows Configuration Designer advanced editor to create provisioning packages.
 
 
-|           Customization options            |                                                          Examples                                                           |
-|--------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------|
+| Customization options |  Examples  |
+|---|---|
 | Bulk Active Directory join and device name | Join devices to Active Directory domain and assign device names using hardware-specific serial numbers or random characters |
-|                Applications                |                                         Windows apps, line-of-business applications                                         |
-|          Bulk enrollment into MDM          |                                    Automatic enrollment into a third-party MDM service\*                                    |
-|                Certificates                |                                   Root certification authority (CA), client certificates                                    |
-|           Connectivity profiles            |                                                Wi-Fi, proxy settings, Email                                                 |
-|            Enterprise policies             |                Security restrictions (password, device lock, camera, and so on), encryption, update settings                |
-|                Data assets                 |                                             Documents, music, videos, pictures                                              |
-|          Start menu customization          |                                           Start menu layout, application pinning                                            |
-|                   Other                    |                     Home and lock screen wallpaper, computer name, domain join, DNS settings, and so on                     |
-
-\* Using a provisioning package for auto-enrollment to Microsoft Endpoint Manager is not supported. Use the Configuration Manager console to enroll devices.
-
+| Applications  |   Windows apps, line-of-business applications  |
+| Bulk enrollment into MDM  | Automatic enrollment into a third-party MDM service <br/><br/>Using a provisioning package for auto-enrollment to Microsoft Endpoint Manager isn't supported. To enroll devices, use the Configuration Manager console. |
+| Certificates | Root certification authority (CA), client certificates |
+| Connectivity profiles | Wi-Fi, proxy settings, Email   |
+| Enterprise policies | Security restrictions (password, device lock, camera, and so on), encryption, update settings |
+| Data assets | Documents, music, videos, pictures  |
+| Start menu customization | Start menu layout, application pinning  |
+| Other | Home and lock screen wallpaper, computer name, domain join, DNS settings, and so on  |
 
 For details about the settings you can customize in provisioning packages, see [Windows Provisioning settings reference]( https://go.microsoft.com/fwlink/p/?LinkId=619012).
 
@@ -146,34 +144,31 @@ WCD supports the following scenarios for IT administrators:
 
 * **Advanced provisioning (deployment of classic (Win32) and Universal Windows Platform (UWP) apps, and certificates)** – Allows an IT administrator to use WCD to open provisioning packages in the advanced settings editor and include apps for deployment on end-user devices. 
 
-* **Mobile device enrollment into management** - Enables IT administrators to purchase off-the-shelf retail Windows devices and enroll them into mobile device management (MDM) before handing them to end-users in the organization. IT administrators can use WCD to specify the management end-point and apply the configuration on target devices by connecting them to a Windows PC (tethered deployment) or through an SD card. Supported management end-points include: 
+* **Mobile device enrollment into management** - Enables IT administrators to purchase off-the-shelf retail Windows devices and enroll them into mobile device management (MDM) before handing them to end users in the organization. IT administrators can use WCD to specify the management endpoint and apply the configuration on target devices by connecting them to a Windows PC (tethered deployment) or through an SD card. Supported management end-points include: 
 
-    * Microsoft Intune (certificate-based enrollment) 
-    * AirWatch (password-string based enrollment) 
-    * Mobile Iron (password-string based enrollment) 
-    * Other MDMs (cert-based enrollment) 
+  - Microsoft Intune (certificate-based enrollment) 
+  - AirWatch (password-string based enrollment) 
+  - Mobile Iron (password-string based enrollment) 
+  - Other MDMs (cert-based enrollment) 
 
 <!--  > [!NOTE] -->
 <!--  > Windows ICD in Windows 10, version 1607, also provided a wizard to create provisioning packages for school PCs. To learn more, see [Set up students' PCs to join domain](/education/windows/). -->
 
 ## Learn more
 
-For more information about provisioning, watch the following videos: 
+For more information about provisioning, watch the following video: 
 
-- [Provisioning Windows 10 devices with new tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
+- [Provisioning Windows client devices with new tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
 
-- [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922)
+## Related articles
 
-## Related topics
-
-- [How provisioning works in Windows 10](provisioning-how-it-works.md)
+- [How provisioning works in Windows client](provisioning-how-it-works.md)
 - [Install Windows Configuration Designer](provisioning-install-icd.md)
 - [Create a provisioning package](provisioning-create-package.md)
 - [Apply a provisioning package](provisioning-apply-package.md)
 - [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
 - [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
 - [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
-- [PowerShell cmdlets for provisioning Windows 10 (reference)](provisioning-powershell.md)
+- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
 - [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
 - [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
-- [Use Windows Configuration Designer to configure Windows 10 Mobile devices](../mobile-devices/provisioning-configure-mobile.md)
diff --git a/windows/configuration/provisioning-packages/provisioning-powershell.md b/windows/configuration/provisioning-packages/provisioning-powershell.md
index 4ed15d47fc..fc04ddb757 100644
--- a/windows/configuration/provisioning-packages/provisioning-powershell.md
+++ b/windows/configuration/provisioning-packages/provisioning-powershell.md
@@ -1,5 +1,5 @@
 ---
-title: PowerShell cmdlets for provisioning Windows 10 (Windows 10)
+title: PowerShell cmdlets for provisioning Windows 10/11 (Windows 10/11)
 description: 
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -8,32 +8,68 @@ author: greg-lindsay
 ms.author: greglin
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 07/27/2017
-ms.reviewer: 
+ms.reviewer: gkomatsu
 manager: dansimp
 ---
 
-# PowerShell cmdlets for provisioning Windows 10 (reference)
+# PowerShell cmdlets for provisioning Windows client (reference)
 
 
 **Applies to**
 
 - Windows 10
-- Windows 10 Mobile
+- Windows 11
 
-Windows 10, version 1703, ships with Windows Provisioning PowerShell cmdlets. These cmdlets make it easy to script the following functions.
+Windows client includes Provisioning PowerShell cmdlets. These cmdlets make it easy to script the following functions.
 
+## cmdlets
 
+- **Add-ProvisioningPackage**: Applies a provisioning package.
 
-<table><tr><th>Cmdlet</th><th>Use this cmdlet to</th><th>Syntax</th></tr>
-<tr><td>Add-ProvisioningPackage</td><td> Apply a provisioning package</td><td><code>Add-ProvisioningPackage [-Path] &lt;string&gt; [-ForceInstall] [-LogsFolder &lt;string&gt;] [-QuietInstall] [-WprpFile &lt;string&gt;] [&lt;CommonParameters&gt;]</code></td></tr>
-<tr><td rowspan="3">Remove-ProvisioningPackage</td><td rowspan="3">Remove a provisioning package</td><td>   <code>Remove-ProvisioningPackage -PackageId &lt;string&gt; [-LogsFolder &lt;string&gt;] [-WprpFile &lt;string&gt;]  [&lt;CommonParameters&gt;]</code> </td></tr><tr><td> <code>Remove-ProvisioningPackage -Path &lt;string&gt; [-LogsFolder &lt;string&gt;] [-WprpFile &lt;string&gt;]  [&lt;CommonParameters&gt;]</code> </td></tr><tr><td> <code>Remove-ProvisioningPackage -AllInstalledPackages [-LogsFolder &lt;string&gt;] [-WprpFile &lt;string&gt;]  [&lt;CommonParameters&gt;]</code> </td></tr>
-<tr><td rowspan="3">Get-ProvisioningPackage </td><td rowspan="3">   Get information about an installed provisioning package </td><td> <code>Get-ProvisioningPackage -PackageId &lt;string&gt; [-LogsFolder &lt;string&gt;] [-WprpFile &lt;string&gt;]  [&lt;CommonParameters&gt;]</code> </td></tr><tr><td><code>Get-ProvisioningPackage -Path &lt;string&gt; [-LogsFolder &lt;string&gt;] [-WprpFile &lt;string&gt;] [&lt;CommonParameters&gt;]</code> </td></tr><tr><td> <code>Get-ProvisioningPackage -AllInstalledPackages [-LogsFolder &lt;string&gt;] [-WprpFile &lt;string&gt;]  [&lt;CommonParameters&gt;]</code> </td></tr>
-<tr><td rowspan="2"> Export-ProvisioningPackage</td><td rowspan="2">    Extract the contents of a provisioning package</td><td> <code>Export-ProvisioningPackage -PackageId &lt;string&gt; -OutputFolder &lt;string&gt; [-Overwrite] [-AnswerFileOnly] [-LogsFolder &lt;string&gt;] [-WprpFile &lt;string&gt;]  [&lt;CommonParameters&gt;]</code> </td></tr><tr><td> <code>Export-ProvisioningPackage -Path &lt;string&gt; -OutputFolder &lt;string&gt; [-Overwrite] [-AnswerFileOnly] [-LogsFolder &lt;string&gt;] [-WprpFile &lt;string&gt;]  [&lt;CommonParameters&gt;]</code> </td></tr>
-<tr><td> Install-TrustedProvisioningCertificate </td><td>   Adds a certificate to the Trusted Certificate store </td><td><code>Install-TrustedProvisioningCertificate &lt;path to local certificate file on disk&gt;</code>  </td></tr>
-<tr><td>Get-TrustedProvisioningCertificate</td><td> List all installed trusted provisioning certificates; use this cmdlet to get the certificate thumbprint to use with the <strong>Uninstall-TrustedProvisioningCertificate</strong> cmdlet</td><td><code>Get-TrustedProvisioningCertificate</code></td></tr>
-<tr><td>Uninstall-TrustedProvisioningCertificate </td><td> Remove a previously installed provisioning certificate</td><td><code>Uninstall-TrustedProvisioningCertificate &lt;thumbprint&gt;</code></td></tr>
-</table>	
+  Syntax:
+
+  - `Add-ProvisioningPackage [-Path] <string> [-ForceInstall] [-LogsFolder <string>] [-QuietInstall] [-WprpFile <string>] [<CommonParameters>]`
+
+- **Remove-ProvisioningPackage**: Removes a provisioning package.
+
+  Syntax:
+
+  - `Remove-ProvisioningPackage -PackageId <string> [-LogsFolder <string>] [-WprpFile <string>] [<CommonParameters>]`
+  - `Remove-ProvisioningPackage -Path <string> [-LogsFolder <string>] [-WprpFile <string>] [<CommonParameters>]`
+  - `Remove-ProvisioningPackage -AllInstalledPackages [-LogsFolder <string>] [-WprpFile <string>] [<CommonParameters>]`
+
+- **Get-ProvisioningPackage**: Gets information about an installed provisioning package.
+
+  Syntax:
+
+  - `Get-ProvisioningPackage -PackageId <string> [-LogsFolder <string>] [-WprpFile <string>] [<CommonParameters>]`
+  - `Get-ProvisioningPackage -Path <string> [-LogsFolder <string>] [-WprpFile <string>] [<CommonParameters>]`
+  - `Get-ProvisioningPackage -AllInstalledPackages [-LogsFolder <string>] [-WprpFile <string>] [<CommonParameters>]`
+
+- **Export-ProvisioningPackage**: Extracts the contents of a provisioning package.
+
+  Syntax:
+
+  - `Export-ProvisioningPackage -PackageId <string> -OutputFolder <string> [-Overwrite] [-AnswerFileOnly] [-LogsFolder <string>] [-WprpFile <string>] [<CommonParameters>]`
+  - `Export-ProvisioningPackage -Path <string> -OutputFolder <string> [-Overwrite] [-AnswerFileOnly] [-LogsFolder <string>] [-WprpFile <string>] [<CommonParameters>]`
+
+- **Install-TrustedProvisioningCertificate**: Adds a certificate to the Trusted Certificate store.
+
+  Syntax:
+
+  - `Install-TrustedProvisioningCertificate <path to local certificate file on disk>`
+
+- **Get-TrustedProvisioningCertificate**: Lists all installed trusted provisioning certificates. Use this cmdlet to get the certificate thumbprint to use with the `Uninstall-TrustedProvisioningCertificate` cmdlet. 
+
+  Syntax:
+
+  - `Get-TrustedProvisioningCertificate`
+
+- **Uninstall-TrustedProvisioningCertificate**: Removes a previously installed provisioning certificate.
+
+  Syntax:
+
+  - `Uninstall-TrustedProvisioningCertificate <thumbprint>`
 
 >[!NOTE]
 > You can use Get-Help to get usage help on any command. For example: `Get-Help Add-ProvisioningPackage`
@@ -51,9 +87,9 @@ Trace logs are captured when using cmdlets. The following logs are available in
 >When applying provisioning packages using Powershell cmdlets, the default behavior is to suppress the prompt that appears when applying an unsigned provisioning package. This is by design so that provisioning packages can be applied as part of existing scripts.
 
 
-## Related topics
+## Related articles
 
-- [How provisioning works in Windows 10](provisioning-how-it-works.md)
+- [How provisioning works in Windows client](provisioning-how-it-works.md)
 - [Install Windows Configuration Designer](provisioning-install-icd.md)
 - [Create a provisioning package](provisioning-create-package.md)
 - [Apply a provisioning package](provisioning-apply-package.md)
@@ -63,15 +99,3 @@ Trace logs are captured when using cmdlets. The following logs are available in
 - [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
 - [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
 
-
-
-
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md b/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
index 6e01640c44..978c59acd8 100644
--- a/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
+++ b/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
@@ -1,6 +1,6 @@
 ---
-title: Use a script to install a desktop app in provisioning packages (Windows 10)
-description: With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
+title: Use a script to install a desktop app in provisioning packages (Windows 10/11)
+description: With Windows 10/11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -8,8 +8,7 @@ author: greg-lindsay
 ms.author: greglin
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 07/27/2017
-ms.reviewer: 
+ms.reviewer: gkomatsu
 manager: dansimp
 ---
 
@@ -19,14 +18,11 @@ manager: dansimp
 **Applies to**
 
 -   Windows 10
--   Windows 10 Mobile
+-   Windows 11
 
-This walkthrough describes how to leverage the ability to include scripts in a Windows 10 provisioning package to install Win32 applications. Scripted operations other than installing apps can also be performed, however, some care is needed in order to avoid unintended behavior during script execution (see [Remarks](#remarks) below). 
+This walkthrough describes how to include scripts in a Windows client provisioning package to install Win32 applications. Scripted operations other than installing apps can also be performed, however, some care is needed in order to avoid unintended behavior during script execution (see [Remarks](#remarks) below). 
 
->**Prerequisite**: [Windows Assessment and Deployment Kit (ADK) for Windows 10](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit), version 1511 or higher 
-
->[!NOTE]
->This scenario is only supported for installing applications on Windows 10 for desktop, version 1511 or higher.
+>**Prerequisite**: [Windows Assessment and Deployment Kit (ADK) for Windows](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit)
 
 ## Assemble the application assets
 
@@ -37,9 +33,9 @@ This walkthrough describes how to leverage the ability to include scripts in a W
 <span id="cab" />
 ## Cab the application assets
 
-1. Create a .DDF file as below, replacing *file1* and *file2* with the files you want to package, and adding the name of file/directory.
+1. Create a `.DDF` file as below, replacing *file1* and *file2* with the files you want to package, and adding the name of file/directory.
 
-    ```
+    ```ddf
     ;*** MSDN Sample Source Code MakeCAB Directive file example
     
     ;
@@ -89,15 +85,15 @@ This walkthrough describes how to leverage the ability to include scripts in a W
 
 2. Use makecab to create the cab files.
 
-    ```
+    ```makecab
     Makecab -f <path to DDF file>
     ```
 
 ## Create the script to install the application
 
-In Windows 10, version 1607 and earlier, create a script to perform whatever work is needed to install the application(s). The following examples are provided to help get started authoring the orchestrator script that will execute the required installers. In practice, the orchestrator script may reference many more assets than those in these examples.
+Create a script to perform whatever work is needed to install the application(s). The following examples are provided to help get started authoring the orchestrator script that will execute the required installers. In practice, the orchestrator script may reference many more assets than those in these examples.
 
-In Windows 10, version 1703, you don’t need to create an orchestrator script. You can have one command line per app. If necessary, you can create a script that logs the output per app, as mentioned below (rather than one orchestrator script for the entire provisioning package). 
+You don’t need to create an orchestrator script. You can have one command line per app. If necessary, you can create a script that logs the output per app, as mentioned below (rather than one orchestrator script for the entire provisioning package). 
 
 >[!NOTE]
 >All actions performed by the script must happen silently, showing no UI and requiring no user interaction.
@@ -108,15 +104,16 @@ In Windows 10, version 1703, you don’t need to create an orchestrator script.
 
 Granular logging is not built in, so the logging must be built into the script itself. Here is an example script that logs ‘Hello World’ to a logfile. When run on the device, the logfile will be available after provisioning is completed. As you will see in the following examples, it’s recommended that you log each action that your script performs.
 
-```
+```log
 set LOGFILE=%SystemDrive%\HelloWorld.log
 echo Hello, World >> %LOGFILE% 
 ```
+
 ### .exe example
 
-This example script shows how to create a log output file on the system drive, install an app from a .exe installer, and echo the results to the log file.
+This example script shows how to create a log output file on the system drive, install an app from an `.exe` installer, and echo the results to the log file.
 
-```
+```exe
 set LOGFILE=%SystemDrive%\Fiddler_install.log
 echo Installing Fiddler.exe >> %LOGFILE%
 fiddler4setup.exe /S >> %LOGFILE%
@@ -127,7 +124,7 @@ echo result: %ERRORLEVEL% >> %LOGFILE%
 
 This is the same as the previous installer, but installs the app from an MSI installer. Notice that msiexec is called with the /quiet flag in order to meet the silent requirement of scripts run from within a provisioning package.
 
-```
+```msi
 set LOGFILE=%SystemDrive%\IPOverUsb_install.log
 echo Installing IpOverUsbInstaller.msi >> %LOGFILE%
 msiexec /i IpOverUsbInstaller.msi /quiet >> %LOGFILE%
@@ -136,9 +133,9 @@ echo result: %ERRORLEVEL% >> %LOGFILE%
 
 ### PowerShell example
 
-This is an example script with logging that shows how to run a powershell script from the provisioning commands setting. Note that the PowerShell script referenced from this example must also be included in the package, and obey the same requirements as all scripts run from within the provisioning package: it must execute silently, with no user interaction.
+This is an example script with logging that shows how to run a PowerShell script from the provisioning commands setting. The PowerShell script referenced from this example must also be included in the package, and obey the same requirements as all scripts run from within the provisioning package: it must execute silently, with no user interaction.
 
-```
+```powershell
 set LOGFILE=%SystemDrive%\my_powershell_script.log
 echo Running my_powershell_script.ps1 in system context >> %LOGFILE%
 echo Executing "PsExec.exe -accepteula -i -s cmd.exe /c powershell.exe my_powershell_script.ps1" >> %LOGFILE%
@@ -147,11 +144,12 @@ echo result: %ERRORLEVEL% >> %LOGFILE%
 ```
 
 <span id="cab-extract" />
+
 ### Extract from a .CAB example
 
-This example script shows expansion of a .cab from the provisioning commands script, as well as installation of the expanded setup.exe
+This example script shows expansion of a .cab from the provisioning commands script, and installation of the expanded setup.exe
 
-```
+```cab
 set LOGFILE=%SystemDrive%\install_my_app.log
 echo Expanding installer_assets.cab >> %LOGFILE%
 expand -r installer_assets.cab -F:* . >> %LOGFILE%
@@ -163,9 +161,9 @@ echo result: %ERRORLEVEL% >> %LOGFILE%
 
 ### Calling multiple scripts in the package
 
-In Windows 10, version 1703, your provisioning package can include multiple CommandLines.
+Your provisioning package can include multiple CommandLines.
 
-In Windows 10, version 1607 and earlier, you are allowed one CommandLine per provisioning package. The batch files shown above are orchestrator scripts that manage the installation and call any other scripts included in the provisioning package. The orchestrator script is what should be invoked from the CommandLine specified in the package. 
+You are allowed one CommandLine per provisioning package. The batch files shown above are orchestrator scripts that manage the installation and call any other scripts included in the provisioning package. The orchestrator script is what should be invoked from the CommandLine specified in the package. 
 
 Here’s a table describing this relationship, using the PowerShell example from above:
 
@@ -174,16 +172,16 @@ Here’s a table describing this relationship, using the PowerShell example from
 | --- | --- | --- |
 | ProvisioningCommands/DeviceContext/CommandLine | cmd /c PowerShell_Example.bat | The command line needed to invoke the orchestrator script. |
 | ProvisioningCommands/DeviceContext/CommandFiles | PowerShell_Example.bat | The single orchestrator script referenced by the command line that handles calling into the required installers or performing any other actions such as expanding cab files. This script must do the required logging. |
-| ProvisioningCommands/DeviceContext/CommandFiles | my_powershell_script.ps1 | Other assets referenced by the orchestrator script. In this example there is only one, but there could be many assets referenced here. One common use case is using the orchestrator to call a series of install.exe or setup.exe installers to install several applications. Each of those installers must be included as an asset here. |
+| ProvisioningCommands/DeviceContext/CommandFiles | my_powershell_script.ps1 | Other assets referenced by the orchestrator script. In this example, there is only one, but there could be many assets referenced here. One common use case is using the orchestrator to call a series of install.exe or setup.exe installers to install several applications. Each of those installers must be included as an asset here. |
 
  
-### Add script to provisioning package (Windows 10, version 1607)
+### Add script to provisioning package
  
 When you have the batch file written and the referenced assets ready to include, you can add them to a provisioning package in the Window Configuration Designer. 
 
 Using Windows Configuration Designer, specify the full details of how the script should be run in the CommandLine setting in the provisioning package. This includes flags or any other parameters that you would normally type on the command line. So for example if the package contained an app installer called install.exe and a script used to automate the install called InstallMyApp.bat, the `ProvisioningCommands/DeviceContext/CommandLine` setting should be configured to: 
 
-```
+```bat
 cmd /c InstallMyApp.bat
 ```
 
@@ -201,20 +199,21 @@ When you are done, [build the package](provisioning-create-package.md#build-pack
  
 
 ### Remarks
+
 1. No user interaction or console output is supported via ProvisioningCommands. All work needs to be silent. If your script attempts to do any of the following it will cause undefined behavior, and could put the device in an unrecoverable state if executed during setup or the Out of Box Experience:
     a. Echo to console
     b. Display anything on the screen
     c. Prompt the user with a dialog or install wizard
 2. When applied at first boot, provisioning runs early in the boot sequence and before a user context has been established; care must be taken to only include installers that can run at this time. Other installers can be provisioned via a management tool.
-3. If the device is put into an unrecoverable state because of a bad script, you can reset it using [recovery options in Windows 10](https://support.microsoft.com/help/12415/windows-10-recovery-options).
+3. If the device is put into an unrecoverable state because of a bad script, you can reset it using [recovery options in Windows client](https://support.microsoft.com/help/12415/windows-10-recovery-options).
 4. The CommandFile assets are deployed on the device to a temporary folder unique to each package.
-    - For Windows 10, version 1607 and earlier:
-        a. For packages added during the out of box experience, this is usually in `%WINDIR%\system32\config\systemprofile\appdata\local\Temp\ProvisioningPkgTmp\<{PackageIdGuid}>\Commands`
-        b. For packages added by double-clicking on an already deployed device, this will be in the temp folder for the user executing the PPKG: `%TMP%\ProvisioningPkgTmp\<{PackageIdGuid}>\Commands`
-    - For Windows 10, version 1703:
-        a. For packages added during the out of box experience, this is usually in `%WINDIR%\system32\config\systemprofile\appdata\local\Temp\ProvisioningPkgTmp\<{PackageIdGuid}>\Commands\0`
+
+    1. For packages added during the out of box experience, this is usually in `%WINDIR%\system32\config\systemprofile\appdata\local\Temp\ProvisioningPkgTmp\<{PackageIdGuid}>\Commands\0`
+
         The `0` after `Commands\` refers to the installation order and indicates the first app to be installed. The number will increment for each app in the package.
-        b. For packages added by double-clicking on an already deployed device, this will be in the temp folder for the user executing the provisioning package: `%TMP%\ProvisioningPkgTmp\<{PackageIdGuid}>\Commands\0`
+
+    2. For packages added by double-clicking on an already deployed device, this will be in the temp folder for the user executing the provisioning package: `%TMP%\ProvisioningPkgTmp\<{PackageIdGuid}>\Commands\0`
+
 5. The command line will be executed with the directory the CommandFiles were deployed to as the working directory. This means you do not need to specific the full path to assets in the command line or from within any script.
 6. The runtime provisioning component will attempt to run the scripts from the provisioning package at the earliest point possible, depending on the stage when the PPKG was added. For example, if the package was added during the Out-of-Box Experience, it will be run immediately after the package is applied, while the out of box experience is still happening. This is before the user account configuration options are presented to the user. A spinning progress dialog will appear and “please wait” will be displayed on the screen. 
 
@@ -223,15 +222,15 @@ When you are done, [build the package](provisioning-create-package.md#build-pack
 7. The scripts are executed in the background as the rest of provisioning continues to run. For packages added on existing systems using the double-click to install, there is no notification that provisioning or script execution has completed
 
 
-## Related topics
+## Related articles
 
-- [Provisioning packages for Windows 10](provisioning-packages.md)
-- [How provisioning works in Windows 10](provisioning-how-it-works.md)
+- [Provisioning packages for Windows client](provisioning-packages.md)
+- [How provisioning works in Windows client](provisioning-how-it-works.md)
 - [Install Windows Configuration Designer](provisioning-install-icd.md)
 - [Create a provisioning package](provisioning-create-package.md)
 - [Apply a provisioning package](provisioning-apply-package.md)
 - [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
 - [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
 - [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
-- [PowerShell cmdlets for provisioning Windows 10 (reference)](provisioning-powershell.md)
+- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
 - [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
diff --git a/windows/configuration/provisioning-packages/provisioning-uninstall-package.md b/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
index 02e79a47a9..1515705748 100644
--- a/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
@@ -1,6 +1,6 @@
 ---
-title: Uninstall a provisioning package - reverted settings (Windows 10)
-description: This topic lists the settings that are reverted when you uninstall a provisioning package.
+title: Uninstall a provisioning package - reverted settings (Windows 10/11)
+description: This article lists the settings that are reverted when you uninstall a provisioning package on Windows 10/11 desktop client devices.
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -8,20 +8,19 @@ author: greg-lindsay
 ms.author: greglin
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 07/27/2017
-ms.reviewer: 
+ms.reviewer: gkomatsu
 manager: dansimp
 ---
 
-# Settings changed when you uninstall a provisioning package
+# Settings changed when you uninstall a provisioning package on Windows 10/11
 
 
 **Applies to**
 
 -   Windows 10
--   Windows 10 Mobile
+-   Windows 11
 
-When you uninstall a provisioning package, only certain settings are revertible. This topic lists the settings that are reverted when you uninstall a provisioning package.
+When you uninstall a provisioning package, only certain settings are revertible. This article lists the settings that are reverted when you uninstall a provisioning package.
 
 
 As an administrator, you can uninstall by using the **Add or remove a package for work or school** option available under **Settings** > **Accounts** > **Access work or school**.
@@ -79,19 +78,15 @@ Here is the list of revertible settings based on configuration service providers
 
 
 
-## Related topics
+## Related articles
 
-- [Provisioning packages for Windows 10](provisioning-packages.md)
-- [How provisioning works in Windows 10](provisioning-how-it-works.md)
+- [Provisioning packages for Windows client](provisioning-packages.md)
+- [How provisioning works in Windows client](provisioning-how-it-works.md)
 - [Install Windows Configuration Designer](provisioning-install-icd.md)
 - [Create a provisioning package](provisioning-create-package.md)
 - [Apply a provisioning package](provisioning-apply-package.md)
 - [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
 - [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
-- [PowerShell cmdlets for provisioning Windows 10 (reference)](provisioning-powershell.md)
+- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
 - [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
 - [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
-
- 
-
- 
\ No newline at end of file

From ab86e4f2540fede500f06da7bc1ba1e822102324 Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Tue, 21 Sep 2021 20:54:39 -0400
Subject: [PATCH 566/671] replaced html tables; fixed validation suggestions

---
 ...can-use-configuration-service-providers.md | 12 ++--
 .../provision-pcs-for-initial-deployment.md   | 72 ++++++++++++++++---
 .../provisioning-apply-package.md             |  2 +-
 .../provisioning-command-line.md              |  4 +-
 .../provisioning-create-package.md            |  2 +-
 .../provisioning-how-it-works.md              |  2 +-
 .../provisioning-install-icd.md               |  3 +-
 .../provisioning-multivariant.md              | 13 ++--
 .../provisioning-packages.md                  |  7 +-
 .../provisioning-powershell.md                |  2 +-
 .../provisioning-script-to-install-app.md     |  1 -
 11 files changed, 87 insertions(+), 33 deletions(-)

diff --git a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
index 658cadc4da..65eac1c2a8 100644
--- a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
+++ b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
@@ -2,7 +2,7 @@
 title: Configuration service providers for IT pros (Windows 10/11)
 description: Describes how IT pros and system administrators can use configuration service providers (CSPs) to configure devices. 
 ms.assetid: 25C1FDCA-0E10-42A1-A368-984FFDB2B7B6
-ms.reviewer: 
+ms.reviewer: gkomatsu
 manager: dansimp
 ms.prod: w10
 ms.mktglfcycl: manage
@@ -32,7 +32,7 @@ Each CSP provides access to specific settings. For example, the [Wi-Fi CSP](/win
 
 CSPs are behind many of the management tasks and policies for Windows client, both in Microsoft Intune and in non-Microsoft MDM service providers. For example, in Intune, the policy to allow search suggestions in the Microsoft Edge address bar uses **Browser/AllowSearchSuggestionsinAddressBar** in the [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider).
 
-![how intune maps to csp.](../images/policytocsp.png)
+:::image type="content" source="../images/policytocsp.png" alt-text="How intune maps to CSP":::
 
 CSPs receive configuration policies in the XML-based Synchronization Markup Language (SyncML) format, pushed from an MDM-compliant management server, such as Microsoft Intune. Traditional enterprise management systems, such as Microsoft Endpoint Configuration Manager, can also target CSPs, by using a client-side Windows Management Instrumentation (WMI)-to-CSP Bridge.
 
@@ -58,7 +58,7 @@ You can use Windows Configuration Designer to create [provisioning packages](./p
 
 Many settings in Windows Configuration Designer will display documentation for that setting in the center pane, and will include a reference to the CSP if the setting uses one, as shown in the following image.
 
-![how help content appears in icd.](../images/cspinicd.png)
+:::image type="content" source="../images/cspinicd.png" alt-text="In Windows Configuration Designer, how help content appears in icd.":::
 
 [Provisioning packages in Windows client](provisioning-packages.md) explains how to use the Windows Configuration Designer tool to create a runtime provisioning package.
 
@@ -78,7 +78,7 @@ All CSPs are documented in the [Configuration service provider reference](/windo
 
 The [CSP reference](/windows/client-management/mdm/configuration-service-provider-reference) tells you which CSPs are supported on each edition of Windows, and links to the documentation for each individual CSP.
 
-![csp per windows edition.](../images/csptable.png)
+:::image type="content" source="../images/csptable.png" alt-text="The CSP reference shows the supported Windows editions":::
 
 The documentation for each CSP follows the same structure. After an introduction that explains the purpose of the CSP, a diagram shows the parts of the CSP in tree format.
 
@@ -86,7 +86,7 @@ The full path to a specific configuration setting is represented by its Open Mob
 
 The following example shows the diagram for the [AssignedAccess CSP](/windows/client-management/mdm/assignedaccess-csp). The diagram maps to the XML for that CSP. Notice the different shapes in the diagram: rounded elements are nodes, and rectangular elements are settings or policies for which a value must be supplied.
 
-![assigned access csp tree.](../images/provisioning-csp-assignedaccess.png)
+:::image type="content" source="../images/provisioning-csp-assignedaccess.png" alt-text="The CSP reference shows the assigned access csp tree.":::
 
 The element in the tree diagram after the root node tells you the name of the CSP. Knowing this structure, you would recognize in XML the parts of the URI path for that CSP and, if you saw it in XML, you would know which CSP reference to look up. For example, in the following OMS-URI path for the kiosk mode app settings, you can see that it uses the [AssignedAccess CSP](/windows/client-management/mdm/assignedaccess-csp).
 
@@ -96,7 +96,7 @@ The element in the tree diagram after the root node tells you the name of the CS
 
 When an element in the diagram uses _italic_ font, it indicates a placeholder for specific information, such as the tenant ID in the following example.
 
-![placeholder in csp tree.](../images/csp-placeholder.png)
+:::image type="content" source="../images/csp-placeholder.png" alt-text="The placeholder in the CSP tree":::
 
 After the diagram, the documentation describes each element. For each policy or setting, the valid values are listed.
 
diff --git a/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md b/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
index f826a8a266..7bcc415747 100644
--- a/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
@@ -58,7 +58,7 @@ Provisioning packages can include management instructions and policies, installa
 > [!TIP]
 > Use the desktop wizard to create a package with the common settings, then switch to the advanced editor to add other settings, apps, policies, etc.
 >
->![open advanced editor.](../images/icd-simple-edit.png)
+> :::image type="content" source="../images/icd-simple-edit.png" alt-text="In the desktop wizard, open the advanced editor.":::
 
 ## Create the provisioning package
 
@@ -68,26 +68,76 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
 
 2. Click **Provision desktop devices**.
 
-   ![ICD start options.](../images/icd-create-options-1703.png)   
+    :::image type="content" source="../images/icd-create-options-1703.png" alt-text="In Windows Configuration Designer, see the ICD start options.":::
 
 3. Name your project and click **Finish**. The pages for desktop provisioning will walk you through the following steps.
 
-   ![ICD desktop provisioning.](../images/icd-desktop-1703.png)
+    :::image type="content" source="../images/icd-desktop-1703.png" alt-text="In Windows Configuration Designer, select Finish, and see the ICD desktop provisioning.":::
   
 > [!IMPORTANT]
 > When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
 
 ## Configure settings
 
+1. Enable device setup:
 
-<table>
-<tr><td valign="top"><img src="../images/one.png" alt="step one"/><img src="../images/set-up-device.png" alt="set up device"/></br></br>Enter a name for the device.</br></br>(Optional) Select a license file to upgrade Windows client to a different edition. <a href="/windows/deployment/upgrade/windows-10-edition-upgrades" data-raw-source="[See the permitted upgrades.](/windows/deployment/upgrade/windows-10-edition-upgrades)">See the permitted upgrades.</a></br></br>Toggle <strong>Yes</strong> or <strong>No</strong> to <strong>Configure devices for shared use</strong>. This setting optimizes Windows client for shared use scenarios. <a href="../set-up-shared-or-guest-pc.md" data-raw-source="[Learn more about shared PC configuration.](../set-up-shared-or-guest-pc.md)">Learn more about shared PC configuration.</a></br></br>You can also select to remove pre-installed software from the device. </td><td><img src="../images/set-up-device-details-desktop.png" alt="device name, upgrade to enterprise, shared use, remove pre-installed software"/></td></tr>
-<tr><td valign="top"><img src="../images/two.png" alt="step two"/>  <img src="../images/set-up-network.png" alt="set up network"/></br></br>Toggle <strong>On</strong> or <strong>Off</strong> for wireless network connectivity. If you select <strong>On</strong>, enter the SSID, the network type (<strong>Open</strong> or <strong>WPA2-Personal</strong>), and (if <strong>WPA2-Personal</strong>) the password for the wireless network.</td><td><img src="../images/set-up-network-details-desktop.png" alt="Enter network SSID and type"/></td></tr>
-<tr><td valign="top"><img src="../images/three.png" alt="step three"/>  <img src="../images/account-management.png" alt="account management"/></br></br>Enable account management if you want to configure settings on this page. </br></br>You can enroll the device in Active Directory, enroll in Azure Active Directory, or create a local administrator account on the device</br></br>To enroll the device in Active Directory, enter the credentials for a least-privileged user account to join the device to the domain.</br></br>Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, <a href="/azure/active-directory/active-directory-azureadjoin-setup" data-raw-source="[set up Azure AD join in your organization](/azure/active-directory/active-directory-azureadjoin-setup)">set up Azure AD join in your organization</a>. The <strong>maximum number of devices per user</strong> setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 180 days from the date you get the token). Click <strong>Get bulk token</strong>. In the <strong>Let&#39;s get you signed in</strong> window, enter an account that has permissions to join a device to Azure AD, and then the password. Click <strong>Accept</strong> to give Windows Configuration Designer the necessary permissions. </br></br>To create a local administrator account, select that option and enter a user name and password. </br></br><strong>Important:</strong> If you create a local account in the provisioning package, you must change the password using the <strong>Settings</strong> app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in.  </td><td><img src="../images/account-management-details.png" alt="join Active Directory, Azure AD, or create a local admin account"/></td></tr>
-<tr><td valign="top"><img src="../images/four.png" alt="step four"/> <img src="../images/add-applications.png" alt="add applications"/></br></br>You can install multiple applications, both Windows desktop applications (Win32) and Universal Windows Platform (UWP) apps, in a provisioning package. The settings in this step vary according to the application that you select. For help with the settings, see <a href="provision-pcs-with-apps.md" data-raw-source="[Provision PCs with apps](provision-pcs-with-apps.md)">Provision PCs with apps</a>. </td><td><img src="../images/add-applications-details.png" alt="add an application"/></td></tr>
-<tr><td valign="top"><img src="../images/five.png" alt="step five"/> <img src="../images/add-certificates.png" alt="add certificates"/></br></br>To provision the device with a certificate, click <strong>Add a certificate</strong>. Enter a name for the certificate, and then browse to and select the certificate to be used.</td><td><img src="../images/add-certificates-details.png" alt="add a certificate"/></td></tr> 
-<tr><td valign="top">  <img src="../images/finish.png" alt="The 'finish' button as displayed when provisioning a desktop device in Windows Configuration Designer."/></br></br>You can set a password to protect your provisioning package. You must enter this password when you apply the provisioning package to a device.</td><td><img src="../images/finish-details.png" alt="Protect your package"/></td></tr>
-</table>
+    :::image type="content" source="../images/set-up-device-details-desktop.png" alt-text="In Windows Configuration Designer, enable device setup, enter the device name, the product key to upgrade, turn off shared use, and remove preinstalled software.":::
+
+    If you want to enable device setup, select **Set up device**, and configure the following settings:
+
+    - **Device name**: Required. Enter a unique 15-character name for the device. You can use variables to add unique characters to the name, such as `Contoso-%SERIAL%` and `Contoso-%RAND:5%`.
+    - **Enter product key**: Optional. Select a license file to upgrade Windows client to a different edition. For more information, see [the permitted upgrades](/windows/deployment/upgrade/windows-10-edition-upgrades).
+    - **Configure devices for shared use**: Select **Yes** or **No** to optimize the Windows client for shared use scenarios.
+    - **Remove pre-installed software**: Optional. Select **Yes** if you want to remove preinstalled software.
+
+2. Set up the network:
+
+    :::image type="content" source="../images/set-up-network-details-desktop.png" alt-text="In Windows Configuration Designer, turn on wireless connectivity, enter the network SSID, and network type.":::
+
+    If you want to enable network setup, select **Set up network**, and configure the following settings:
+
+    - **Set up network**: To enable wireless connectivity, select **On**.
+    - **Network SSID**: Enter the Service Set IDentifier (SSID) of the network.
+    - **Network type**: Select **Open** or **WPA2-Personal**. If you select **WPA2-Personal**, enter the password for the wireless network.
+
+3. Enable account management:
+
+    :::image type="content" source="../images/account-management-details.png" alt-text="In Windows Configuration Designer, join Active Directory, Azure AD, or create a local admin account.":::
+
+    If you want to enable account management, select **Account Management**, and configure the following settings:
+
+    - **Manage organization/school accounts**: Choose how devices are enrolled. Your options:
+      - **Active Directory**: Enter the credentials for a least-privileged user account to join the device to the domain.
+      - **Azure Active Directory**: Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, [set up Azure AD join in your organization](/azure/active-directory/active-directory-azureadjoin-setup). In your Azure AD tenant, the **maximum number of devices per user** setting determines how many times the bulk token in the wizard can be used.
+
+        If you select this option, enter a friendly name for the bulk token you get using the wizard. Set an expiration date for the token. The maximum is 180 days from the date you get the token. Select **Get bulk token**. In **Let's get you signed in**, enter an account that has permissions to join a device to Azure AD, and then the password. Select **Accept** to give Windows Configuration Designer the necessary permissions.
+
+        You must run Windows Configuration Designer on Windows client to configure Azure AD enrollment using any of the wizards.
+
+      - **Local administrator**: If you select this option, enter a user name and password. If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password isn't changed during that period, the account might be locked out, and unable to sign in.
+
+4. Add applications:
+
+    :::image type="content" source="../images/add-applications-details.png" alt-text="In Windows Configuration Designer, add an application.":::
+
+    To add applications to the devices, select **Add applications**. You can install multiple applications, including Windows desktop applications (Win32) and Universal Windows Platform (UWP) apps. The settings in this step vary depending on the application you select. For help with the settings, see [Provision PCs with apps](provisioning-packages/provision-pcs-with-apps.md).
+
+5. Add certificates:
+
+    :::image type="content" source="../images/add-certificates-details.png" alt-text="In Windows Configuration Designer, add a certificate.":::
+
+    To add a certificate to the devices, select **Add certificates**, and configure the following settings:
+
+    - **Certificate name**: Enter a name for the certificate.
+    - **Certificate path**: Browse and select the certificate you want to add.
+
+6. Finish:
+
+    :::image type="content" source="../images/finish-details.png" alt-text="In Windows Configuration Designer, protect your package with a password.":::
+
+    To complete the wizard, select **Finish**, and configure the following setting:
+
+    - **Protect your package**: Select **Yes** or **No** to password protect your provisioning package. When you apply the provisioning package to a device, you must enter this password.
 
 After you're done, click **Create**. It only takes a few seconds. When the package is built, the location where the package is stored is displayed as a hyperlink at the bottom of the page.
 
diff --git a/windows/configuration/provisioning-packages/provisioning-apply-package.md b/windows/configuration/provisioning-packages/provisioning-apply-package.md
index 65c0c03a4d..b3cf6aa867 100644
--- a/windows/configuration/provisioning-packages/provisioning-apply-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-apply-package.md
@@ -8,7 +8,7 @@ author: greg-lindsay
 ms.author: greglin
 ms.topic: article
 ms.localizationpriority: medium
-ms.reviewer: 
+ms.reviewer: gkomatsu
 manager: dansimp
 ---
 
diff --git a/windows/configuration/provisioning-packages/provisioning-command-line.md b/windows/configuration/provisioning-packages/provisioning-command-line.md
index e73f3d5450..308f6bad92 100644
--- a/windows/configuration/provisioning-packages/provisioning-command-line.md
+++ b/windows/configuration/provisioning-packages/provisioning-command-line.md
@@ -1,6 +1,6 @@
 ---
 title: Windows Configuration Designer command-line interface (Windows 10/11)
-description: 
+description: Learn more about the ICD syntax, switches, and arguments that you can use in the Windows Configuration Designer command-line interface for Windows10/11 client devices.
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -30,7 +30,7 @@ You can use the Windows Configuration Designer command-line interface (CLI) to a
 
 ## Syntax
 
-``` icd
+``` cmd
 icd.exe /Build-ProvisioningPackage /CustomizationXML:<path_to_xml> /PackagePath:<path_to_ppkg> 
 [/StoreFile:<path_to_storefile>]  [/MSPackageRoot:<path_to_mspackage_directory>]  [/OEMInputXML:<path_to_xml>]
 [/ProductName:<product_name>]  [/Variables:<name>:<value>] [[+|-]Encrypted] [[+|-]Overwrite] [/?]
diff --git a/windows/configuration/provisioning-packages/provisioning-create-package.md b/windows/configuration/provisioning-packages/provisioning-create-package.md
index c9767905ce..7d3bd564aa 100644
--- a/windows/configuration/provisioning-packages/provisioning-create-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-create-package.md
@@ -8,7 +8,7 @@ author: greg-lindsay
 ms.author: greglin
 ms.topic: article
 ms.localizationpriority: medium
-ms.reviewer: 
+ms.reviewer: gkomatsu
 manager: dansimp
 ---
 
diff --git a/windows/configuration/provisioning-packages/provisioning-how-it-works.md b/windows/configuration/provisioning-packages/provisioning-how-it-works.md
index e4ff8043f6..3d1a473ae6 100644
--- a/windows/configuration/provisioning-packages/provisioning-how-it-works.md
+++ b/windows/configuration/provisioning-packages/provisioning-how-it-works.md
@@ -8,7 +8,7 @@ author: greg-lindsay
 ms.author: greglin
 ms.topic: article
 ms.localizationpriority: medium
-ms.reviewer: 
+ms.reviewer: gkomatsu
 manager: dansimp
 ---
 
diff --git a/windows/configuration/provisioning-packages/provisioning-install-icd.md b/windows/configuration/provisioning-packages/provisioning-install-icd.md
index e43cd69d98..97a69772ee 100644
--- a/windows/configuration/provisioning-packages/provisioning-install-icd.md
+++ b/windows/configuration/provisioning-packages/provisioning-install-icd.md
@@ -8,7 +8,7 @@ author: greg-lindsay
 ms.author: greglin
 ms.topic: article
 ms.localizationpriority: medium
-ms.reviewer: 
+ms.reviewer: gkomatsu
 manager: dansimp
 ---
 
@@ -26,6 +26,7 @@ Use the Windows Configuration Designer tool to create provisioning packages to e
 
 Windows Configuration Designer can create provisioning packages for Windows client desktop, including Windows IoT Core, as well as Microsoft Surface Hub and Microsoft HoloLens. You can run Windows Configuration Designer on the following operating systems:
 
+- Windows 11
 - Windows 10 - x86 and amd64
 - Windows 8.1 Update - x86 and amd64
 - Windows 8.1 - x86 and amd64
diff --git a/windows/configuration/provisioning-packages/provisioning-multivariant.md b/windows/configuration/provisioning-packages/provisioning-multivariant.md
index a2b51681ca..028b44c522 100644
--- a/windows/configuration/provisioning-packages/provisioning-multivariant.md
+++ b/windows/configuration/provisioning-packages/provisioning-multivariant.md
@@ -36,10 +36,15 @@ A **Target** can have more than one **TargetState**, and a **TargetState** can h
 
 ![Target with multiple target states and conditions.](../images/multi-target.png)
 
-The following table describes the logic for the target definition.
+The following information describes the logic for the target definition:
 
-<table><tr><td>When all <strong>Condition</strong> elements are TRUE, <strong>TargetState</strong> is TRUE.</td><td><img src="../images/icd-multi-targetstate-true.png" alt="Target state is true when all conditions are true"/></td></tr>
-<tr><td>If any of the <strong>TargetState</strong> elements is TRUE, <strong>Target</strong> is TRUE, and the <strong>ID</strong> can be used for setting customizations.</td><td><img src="../images/icd-multi-target-true.png" alt="Target is true if any target state is true"/></td></tr></table>
+- When all **Condition** elements are TRUE, **TargetState** is TRUE:
+
+  :::image type="content" source="../images/icd-multi-targetstate-true.png" alt-text="Target state is true when all conditions are true.":::
+
+- If any of the **TargetState** elements is TRUE, **Target** is TRUE, and the **ID** can be used for setting customizations:
+
+  :::image type="content" source="../images/icd-multi-target-true.png" alt-text="Target is true if any target state is true":::
 
 ### Conditions
 
@@ -291,7 +296,7 @@ The following events trigger provisioning on Windows client devices:
 | Package installation during device first run experience | Supported |
 | Detection of SIM presence or update | Supported |
 | Package installation at runtime | Supported |
-| Roaming detected Not supported |
+| Roaming detected | Not supported |
  
 ## Related articles
 
diff --git a/windows/configuration/provisioning-packages/provisioning-packages.md b/windows/configuration/provisioning-packages/provisioning-packages.md
index 049789b70b..b7a5d07216 100644
--- a/windows/configuration/provisioning-packages/provisioning-packages.md
+++ b/windows/configuration/provisioning-packages/provisioning-packages.md
@@ -2,7 +2,7 @@
 title: Provisioning packages overview on Windows 10/11
 description: With Windows 10 and Windows 11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. Learn about what provisioning packages, are and what they do.
 ms.assetid: 287706E5-063F-4AB5-902C-A0DF6D0730BC
-ms.reviewer: 
+ms.reviewer: gkomatsu
 manager: dansimp
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -100,7 +100,6 @@ The following table describes settings that you can configure using the wizards
 <!-- <tr><td valign="top">Developer Setup</td><td valign="top">Enable Developer Mode.</td><td align="center" valign="top"><img src="../images/crossmark.png" alt="n777o"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no444"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no888"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr></table> -->
 
 - [Instructions for the desktop wizard](provision-pcs-for-initial-deployment.md)
-- [Instructions for the mobile wizard](../mobile-devices/provisioning-configure-mobile.md)
 - [Instructions for the kiosk wizard](../kiosk-single-app.md#wizard)
 - [Instructions for the HoloLens wizard](/hololens/hololens-provisioning#wizard)
 
@@ -134,7 +133,7 @@ For details about the settings you can customize in provisioning packages, see [
 
 WCD, simplified common provisioning scenarios. 
 
-![Configuration Designer options.](../images/icd.png)
+:::image type="content" source="../images/icd.png" alt-text="Configuration Designer options":::
 
 WCD supports the following scenarios for IT administrators:
 
@@ -148,7 +147,7 @@ WCD supports the following scenarios for IT administrators:
 
   - Microsoft Intune (certificate-based enrollment) 
   - AirWatch (password-string based enrollment) 
-  - Mobile Iron (password-string based enrollment) 
+  - MobileIron (password-string based enrollment) 
   - Other MDMs (cert-based enrollment) 
 
 <!--  > [!NOTE] -->
diff --git a/windows/configuration/provisioning-packages/provisioning-powershell.md b/windows/configuration/provisioning-packages/provisioning-powershell.md
index fc04ddb757..48b748a916 100644
--- a/windows/configuration/provisioning-packages/provisioning-powershell.md
+++ b/windows/configuration/provisioning-packages/provisioning-powershell.md
@@ -1,6 +1,6 @@
 ---
 title: PowerShell cmdlets for provisioning Windows 10/11 (Windows 10/11)
-description: 
+description: Learn morea bout the Windows PowerShell cmdlets that you can use with Provisioning packages on Windows10/11 client desktop devices.
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md b/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
index 978c59acd8..51948f41b8 100644
--- a/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
+++ b/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
@@ -30,7 +30,6 @@ This walkthrough describes how to include scripts in a Windows client provisioni
 
 2. If you need to include a directory structure of files, you will need to cab the assets for easy inclusion in the provisioning packages.
 
-<span id="cab" />
 ## Cab the application assets
 
 1. Create a `.DDF` file as below, replacing *file1* and *file2* with the files you want to package, and adding the name of file/directory.

From 16cfd252d7f8f479e251b0c43ab090ccefec707f Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Tue, 21 Sep 2021 21:03:56 -0400
Subject: [PATCH 567/671] fixed bookmarks

---
 .../provision-pcs-for-initial-deployment.md                   | 2 +-
 .../provisioning-packages/provision-pcs-with-apps.md          | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md b/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
index 7bcc415747..f4325299ce 100644
--- a/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
@@ -120,7 +120,7 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
 
     :::image type="content" source="../images/add-applications-details.png" alt-text="In Windows Configuration Designer, add an application.":::
 
-    To add applications to the devices, select **Add applications**. You can install multiple applications, including Windows desktop applications (Win32) and Universal Windows Platform (UWP) apps. The settings in this step vary depending on the application you select. For help with the settings, see [Provision PCs with apps](provisioning-packages/provision-pcs-with-apps.md).
+    To add applications to the devices, select **Add applications**. You can install multiple applications, including Windows desktop applications (Win32) and Universal Windows Platform (UWP) apps. The settings in this step vary depending on the application you select. For help with the settings, see [Provision PCs with apps](provision-pcs-with-apps.md).
 
 5. Add certificates:
 
diff --git a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
index 312c48ca63..491e382778 100644
--- a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
@@ -50,7 +50,7 @@ When you add an app in a Windows Configuration Designer wizard, the appropriate
 
 - **Restart required**: Optionally, specify if you want to reboot after a successful install of this app 
 
-- **Required win32 app dependencies**: Optionally, specify more files that are required for the installation of the app. For installers that have multiple file dependencies or have directory structures, [create a cab file of the assets](provisioning-script-to-install-app.md#cab). The installation script should [include expansion of the .cab file](provisioning-script-to-install-app.md#cab-extract).
+- **Required win32 app dependencies**: Optionally, specify more files that are required for the installation of the app. For installers that have multiple file dependencies or have directory structures, [create a cab file of the assets](provisioning-script-to-install-app.md#cab-the-application-assets). The installation script should [include expansion of the .cab file](provisioning-script-to-install-app.md#cab-extract).
 
 ### Exe or other installer
 
@@ -62,7 +62,7 @@ When you add an app in a Windows Configuration Designer wizard, the appropriate
 
 - **Restart required**: Optionally, specify if you want to reboot after a successful install of this app 
 
-- **Required win32 app dependencies**: Optionally, specify more files that are required for the installation of the app. For installers that have multiple file dependencies or have directory structures, [create a cab file of the assets](provisioning-script-to-install-app.md#cab). The installation script should [include expansion of the .cab file](provisioning-script-to-install-app.md#cab-extract).
+- **Required win32 app dependencies**: Optionally, specify more files that are required for the installation of the app. For installers that have multiple file dependencies or have directory structures, [create a cab file of the assets](provisioning-script-to-install-app.md#cab-the-application-assets). The installation script should [include expansion of the .cab file](provisioning-script-to-install-app.md#cab-extract).
 
 
 <span id="adv" />

From b338907bfcbc35071f77258e5d6ee85ad5cde3bd Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Tue, 21 Sep 2021 21:29:54 -0400
Subject: [PATCH 568/671] replaced some instances of intune with endpoint
 mananger; updating with master

---
 .../customize-taskbar-windows-11.md              | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/windows/configuration/customize-taskbar-windows-11.md b/windows/configuration/customize-taskbar-windows-11.md
index 9d438d7209..bbbe4869dd 100644
--- a/windows/configuration/customize-taskbar-windows-11.md
+++ b/windows/configuration/customize-taskbar-windows-11.md
@@ -1,6 +1,6 @@
 ---
 title: Configure and customize Windows 11 taskbar | Microsoft Docs
-description: On Windows 11 devices, pin and unpin default apps and organization apps on the taskbar using an XML file. Deploy the taskbar XML file using Group Policy or MDM and Microsoft Intune. See what happens to the taskbar when the Windows OS client is installed or upgraded.
+description: On Windows 11 devices, pin and unpin default apps and organization apps on the taskbar using an XML file. Deploy the taskbar XML file using Group Policy or MDM and Microsoft Endpoint Manager. See what happens to the taskbar when the Windows OS client is installed or upgraded.
 ms.assetid: 
 manager: dougeby
 ms.author: mandia
@@ -10,7 +10,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mobile
 author: MandiOhlinger
-ms.date: 09/16/2021
+ms.date: 09/21/2021
 ms.localizationpriority: medium
 ---
 
@@ -137,7 +137,7 @@ This article shows you how to create the XML file, add apps to the XML, and depl
 
 ## Use Group Policy or MDM to create and deploy a taskbar policy
 
-Now that you have the XML file with your customized taskbar, you're ready to deploy it to devices in your organization. You can deploy your taskbar XML file using Group Policy, or using an MDM provider, like Microsoft Intune.
+Now that you have the XML file with your customized taskbar, you're ready to deploy it to devices in your organization. You can deploy your taskbar XML file using Group Policy, or using an MDM provider, like Microsoft Endpoint Manager.
 
 This section shows you how to deploy the XML both ways.
 
@@ -163,11 +163,11 @@ Use the following steps to add your XML file to a group policy, and apply the po
 
     For more information on using group policies, see [Implement Group Policy Objects](/learn/modules/implement-group-policy-objects/).
 
-### Create a Microsoft Intune policy to deploy your XML file
+### Create a Microsoft Endpoint Manager policy to deploy your XML file
 
-MDM providers can deploy policies to devices managed by the organization, including organization-owned devices, and personal or bring your own device (BYOD). Using an MDM provider, such as Microsoft Intune, you can deploy a policy that configures the pinned list.
+MDM providers can deploy policies to devices managed by the organization, including organization-owned devices, and personal or bring your own device (BYOD). Using an MDM provider, such as Microsoft Endpoint Manager, you can deploy a policy that configures the pinned list.
 
-Use the following steps to create an Intune policy that deploys your taskbar XML file:
+Use the following steps to create an Endpoint Manager policy that deploys your taskbar XML file:
 
 1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 
@@ -187,11 +187,11 @@ Use the following steps to create an Intune policy that deploys your taskbar XML
 
 6. In **Configuration settings**, select **Start** > **Start menu layout**. Browse to, and select your taskbar XML file.
 
-7. Select **Next**, and configure the rest of the policy settings. For more specific information, see [Configure device restriction settings in Microsoft Intune](/mem/intune/configuration/device-restrictions-configure).
+7. Select **Next**, and configure the rest of the policy settings. For more specific information, see [Configure device restriction settings](/mem/intune/configuration/device-restrictions-configure).
 
 8. When the policy is created, you can deploy it now, or deploy it later. Since this policy is a customized taskbar, the policy can also be deployed before users sign in the first time.
 
-    For more information and guidance on assigning policies using Microsoft Intune, see [Assign user and device profiles in Microsoft Intune](/mem/intune/configuration/device-profile-assign).
+    For more information and guidance on assigning policies using Microsoft Endpoint Manager, see [Assign user and device profiles](/mem/intune/configuration/device-profile-assign).
 
 > [!NOTE]
 > For third party partner MDM solutions, you may need to use an OMA-URI setting for Start layout, based on the [Policy configuration service provider (CSP)](/windows/client-management/mdm/policy-configuration-service-provider). The OMA-URI setting is `./User/Vendor/MSFT/Policy/Config/Start/StartLayout`.

From df30e12a4d779c70b0f7c654a1637ccd65c0f96c Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Wed, 22 Sep 2021 09:08:03 -0400
Subject: [PATCH 569/671] small change

---
 windows/configuration/supported-csp-taskbar-windows.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/configuration/supported-csp-taskbar-windows.md b/windows/configuration/supported-csp-taskbar-windows.md
index 65eee0ffa3..8b3445593f 100644
--- a/windows/configuration/supported-csp-taskbar-windows.md
+++ b/windows/configuration/supported-csp-taskbar-windows.md
@@ -10,7 +10,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mobile
 author: MandiOhlinger
-ms.date: 09/16/2021
+ms.date: 09/22/2021
 ms.localizationpriority: medium
 ---
 
@@ -20,7 +20,7 @@ ms.localizationpriority: medium
 
 - Windows 11
 
-The Windows OS exposes CSPs that are used by MDM providers, like [Microsoft Endpoint Manager](/mem/endpoint-manager-overview). In an MDM policy, these CSPs are settings that you configure in a policy. When the policy is ready, you deploy the policy to your devices.
+The Windows OS exposes CSPs that are used by MDM providers, like [Microsoft Endpoint Manager](/mem/endpoint-manager-overview). In an MDM policy, these CSPs are settings that you configure. When the policy is ready, you deploy the policy to your devices.
 
 This article lists the CSPs that are available to customize the Taskbar for Windows 11 devices. Windows 11 uses the [Policy CSP - Start](/windows/client-management/mdm/policy-csp-start).
 

From 6dba05e4594c6c97d015a5befec5fec127359336 Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Wed, 22 Sep 2021 09:59:52 -0400
Subject: [PATCH 570/671] clarifying csp vs group policy vs mdm policy

---
 .../customize-start-menu-layout-windows-11.md | 37 +++++++++++++------
 1 file changed, 25 insertions(+), 12 deletions(-)

diff --git a/windows/configuration/customize-start-menu-layout-windows-11.md b/windows/configuration/customize-start-menu-layout-windows-11.md
index 90070e8930..610c21f286 100644
--- a/windows/configuration/customize-start-menu-layout-windows-11.md
+++ b/windows/configuration/customize-start-menu-layout-windows-11.md
@@ -10,7 +10,6 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mobile
 author: MandiOhlinger
-ms.date: 09/14/2021
 ms.localizationpriority: medium
 ---
 
@@ -54,10 +53,25 @@ Start has the following areas:
 
   This article shows you how to use the **ConfigureStartPins** policy.
 
-- **All apps**: Users select this option to see an alphabetical list of all the apps on the device. This section can't be customized using the JSON file. You can use the `Start/ShowOrHideMostUsedApps` CSP, which is a policy to configure the "Most used" section at the top of the all apps list.
-- **Recommended**: Shows recently opened files and recently installed apps. This section can't be customized using the JSON file. To prevent files from showing in this section, you can use the [Start/HideRecentJumplists CSP](/windows/client-management/mdm/policy-csp-start#start-hiderecentjumplists). This CSP also hides recent files that show from the taskbar.
+- **All apps**: Users select this option to see an alphabetical list of all the apps on the device. This section can't be customized using the JSON file.
 
-  You can use an MDM provider, like Microsoft Intune, to manage the [Start/HideRecentJumplists CSP](/windows/client-management/mdm/policy-csp-start#start-hiderecentjumplists) on your devices. For more information on the Start menu settings you can configure in a Microsoft Intune policy, see [Windows 10 (and later) device settings to allow or restrict features using Intune](/mem/intune/configuration/device-restrictions-windows-10#start).
+  The `[Start/HideFrequentlyUsedApps CSP](/windows/client-management/mdm/policy-csp-start#start-hidefrequentlyusedapps)` exposes settings that configure the "Most used" section, which is at the top of the all apps list.
+
+  In Endpoint Manager, you can configure this Start menu layout feature, and more. For more information on the Start menu settings you can configure in an Endpoint Manager policy, see [Windows 10/11 device settings to allow or restrict features](/mem/intune/configuration/device-restrictions-windows-10#start).
+
+  In Group Policy, there are policies that include settings that control the Start menu layout. Some policies may not work as expected. Be sure to test your policies before broadly deploying them across your devices:
+
+  - `Computer Configuration\Administrative Templates\Start Menu and Taskbar`
+  - `User Configuration\Administrative Templates\Start Menu and Taskbar`
+
+- **Recommended**: Shows recently opened files and recently installed apps. This section can't be customized using the JSON file.
+
+  The  [Start/HideRecentJumplists CSP](/windows/client-management/mdm/policy-csp-start#start-hiderecentjumplists) exposes settings that prevent files from showing in this section. This CSP also hides recent files that show from the taskbar. In Endpoint Manager, you can configure this feature, and more. For more information on the Start menu settings you can configure in an Endpoint Manager policy, see [Windows 10/11 device settings to allow or restrict features using Intune](/mem/intune/configuration/device-restrictions-windows-10#start).
+
+  In Group Policy, there are policies that include settings that control the Start menu layout. Some policies may not work as expected. Be sure to test your policies before broadly deploying them across your devices:
+
+  - `Computer Configuration\Administrative Templates\Start Menu and Taskbar`
+  - `User Configuration\Administrative Templates\Start Menu and Taskbar`
 
 ## Create the JSON file
 
@@ -111,13 +125,13 @@ If you're familiar with creating JSON files, you can create your own `LayoutModi
 
 Now that you have the JSON syntax, you're ready to deploy your customized Start layout to devices in your organization.
 
-MDM providers can deploy policies to devices managed by the organization, including organization-owned devices, and personal or bring your own device (BYOD).  Using an MDM provider, such as Microsoft Intune, you can deploy a policy that configures the pinned list.
+MDM providers can deploy policies to devices managed by the organization, including organization-owned devices, and personal or bring your own device (BYOD).  Using an MDM provider, such as Microsoft Endpoint Manager, you can deploy a policy that configures the pinned list.
 
-This section shows you how to create a pinned list policy in Microsoft Intune. There isn't a Group Policy to create a pinned list.
+This section shows you how to create a pinned list policy in Endpoint Manager. There isn't a Group Policy to create a pinned list.
 
-### Create a pinned list using a Microsoft Intune policy
+### Create a pinned list using an Endpoint Manager policy
 
-To deploy this policy in Microsoft Intune, the devices must be enrolled in Microsoft Intune, and managed by your organization. For more information, see [What is device enrollment in Intune?](/mem/intune/enrollment/device-enrollment).
+To deploy this policy, the devices must be enrolled, and managed by your organization. For more information, see [What is device enrollment?](/mem/intune/enrollment/device-enrollment).
 
 1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 2. Select **Devices** > **Configuration profiles** > **Create profile**.
@@ -159,11 +173,10 @@ To deploy this policy in Microsoft Intune, the devices must be enrolled in Micro
 8. Select **Save** > **Next** to save your changes.
 9. Configure the rest of the policy settings. For more specific information, see [Create a profile with custom settings in Intune](/mem/intune/configuration/custom-settings-configure).
 
-The Windows OS has many CSPs that apply to the Start menu. Using an MDM provider, like Intune, you can use these CSPs to customize Start even more. For a list, see [Supported CSP policies for Windows 11 Start menu](supported-csp-start-menu-layout-windows.md).
+The Windows OS has exposes many CSPs that apply to the Start menu. For a list, see [Supported CSP policies for Windows 11 Start menu](supported-csp-start-menu-layout-windows.md).
 
 ### Deploy the policy using Microsoft Intune
 
-When the policy is created, you can deploy it now, or deploy it later. Since this policy is a customized Start layout, the policy can be deployed before users sign in the first time.
-
-For more information on assigning policies using Microsoft Intune, see [Assign user and device profiles in Microsoft Intune](/mem/intune/configuration/device-profile-assign).
+When the policy is created, you can deploy it now, or deploy it later. Since this policy is a customized Start layout, the policy can be deployed anytime, including before users sign in the first time.
 
+For more information and guidance on assigning policies, see [Assign user and device profiles](/mem/intune/configuration/device-profile-assign).

From 40006d3ed7e011737a222fa6dd4033fdffeab587 Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Wed, 22 Sep 2021 10:11:46 -0400
Subject: [PATCH 571/671] review updates

---
 .../customize-start-menu-layout-windows-11.md | 26 ++++++++++---------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/windows/configuration/customize-start-menu-layout-windows-11.md b/windows/configuration/customize-start-menu-layout-windows-11.md
index 610c21f286..f10b516b5c 100644
--- a/windows/configuration/customize-start-menu-layout-windows-11.md
+++ b/windows/configuration/customize-start-menu-layout-windows-11.md
@@ -1,6 +1,6 @@
 ---
 title: Add or remove pinned apps on the Start menu in Windows 11 | Microsoft Docs
-description: Export Start layout to LayoutModification.json with pinned apps, add or remove pinned apps, and use the JSON text in an MDM policy to deploy a custom Start menu layout to Windows 11 devices.
+description: Export Start layout to LayoutModification.json with pinned apps, and add or remove pinned apps. Use the JSON text in an MDM policy to deploy a custom Start menu layout to Windows 11 devices.
 ms.assetid: 
 manager: dougeby
 ms.author: mandia
@@ -27,7 +27,7 @@ For example, you can override the default set of apps with your own a set of pin
 
 To add apps you want pinned to the Start menu, you use a JSON file. In previous Windows versions, IT administrators used an XML file to customize the Start menu. The XML file isn't available on Windows 11 and later ***unless*** [you're an OEM](/windows-hardware/customize/desktop/customize-the-windows-11-start-menu).
 
-This article shows you how to export an existing Start menu layout, and use the JSON in a Microsoft Intune MDM policy.
+This article shows you how to export an existing Start menu layout, and use the JSON in a Microsoft Endpoint Manager policy.
 
 ## Before you begin
 
@@ -51,24 +51,26 @@ Start has the following areas:
 
 - **Pinned**: Shows pinned apps, or a subset of all of the apps installed on the device. You can create a list of pinned apps you want on the devices using the **ConfigureStartPins** policy. **ConfigureStartPins** overrides the entire layout, which also removes apps that are pinned by default.
 
-  This article shows you how to use the **ConfigureStartPins** policy.
+  This article shows you [how to use the **ConfigureStartPins** policy](#get-the-pinnedlist-json).
 
 - **All apps**: Users select this option to see an alphabetical list of all the apps on the device. This section can't be customized using the JSON file.
 
-  The `[Start/HideFrequentlyUsedApps CSP](/windows/client-management/mdm/policy-csp-start#start-hidefrequentlyusedapps)` exposes settings that configure the "Most used" section, which is at the top of the all apps list.
+  The [Start/HideFrequentlyUsedApps CSP](/windows/client-management/mdm/policy-csp-start#start-hidefrequentlyusedapps) exposes settings that configure the "Most used" section, which is at the top of the all apps list.
 
-  In Endpoint Manager, you can configure this Start menu layout feature, and more. For more information on the Start menu settings you can configure in an Endpoint Manager policy, see [Windows 10/11 device settings to allow or restrict features](/mem/intune/configuration/device-restrictions-windows-10#start).
+  In **Endpoint Manager**, you can configure this Start menu layout feature, and more. For more information on the Start menu settings you can configure in an Endpoint Manager policy, see [Windows 10/11 device settings to allow or restrict features](/mem/intune/configuration/device-restrictions-windows-10#start).
 
-  In Group Policy, there are policies that include settings that control the Start menu layout. Some policies may not work as expected. Be sure to test your policies before broadly deploying them across your devices:
+  In **Group Policy**, there are policies that include settings that control the Start menu layout. Some policies may not work as expected. Be sure to test your policies before broadly deploying them across your devices:
 
   - `Computer Configuration\Administrative Templates\Start Menu and Taskbar`
   - `User Configuration\Administrative Templates\Start Menu and Taskbar`
 
 - **Recommended**: Shows recently opened files and recently installed apps. This section can't be customized using the JSON file.
 
-  The  [Start/HideRecentJumplists CSP](/windows/client-management/mdm/policy-csp-start#start-hiderecentjumplists) exposes settings that prevent files from showing in this section. This CSP also hides recent files that show from the taskbar. In Endpoint Manager, you can configure this feature, and more. For more information on the Start menu settings you can configure in an Endpoint Manager policy, see [Windows 10/11 device settings to allow or restrict features using Intune](/mem/intune/configuration/device-restrictions-windows-10#start).
+  The  [Start/HideRecentJumplists CSP](/windows/client-management/mdm/policy-csp-start#start-hiderecentjumplists) exposes settings that prevent files from showing in this section. This CSP also hides recent files that show from the taskbar.
 
-  In Group Policy, there are policies that include settings that control the Start menu layout. Some policies may not work as expected. Be sure to test your policies before broadly deploying them across your devices:
+  In **Endpoint Manager**, you can configure this feature, and more. For more information on the Start menu settings you can configure in an Endpoint Manager policy, see [Windows 10/11 device settings to allow or restrict features](/mem/intune/configuration/device-restrictions-windows-10#start).
+
+  In **Group Policy**, there are policies that include settings that control the Start menu layout. Some policies may not work as expected. Be sure to test your policies before broadly deploying them across your devices:
 
   - `Computer Configuration\Administrative Templates\Start Menu and Taskbar`
   - `User Configuration\Administrative Templates\Start Menu and Taskbar`
@@ -171,12 +173,12 @@ To deploy this policy, the devices must be enrolled, and managed by your organiz
     :::image type="content" source="./images/customize-start-menu-layout-windows-11/endpoint-manager-admin-center-custom-oma-uri-start-layout.png" alt-text="Custom OMA-URI settings to customize Start menu layout using pinnedList":::
 
 8. Select **Save** > **Next** to save your changes.
-9. Configure the rest of the policy settings. For more specific information, see [Create a profile with custom settings in Intune](/mem/intune/configuration/custom-settings-configure).
+9. Configure the rest of the policy settings. For more specific information, see [Create a profile with custom settings](/mem/intune/configuration/custom-settings-configure).
 
-The Windows OS has exposes many CSPs that apply to the Start menu. For a list, see [Supported CSP policies for Windows 11 Start menu](supported-csp-start-menu-layout-windows.md).
+The Windows OS exposes many CSPs that apply to the Start menu. For a list, see [Supported CSP policies for Windows 11 Start menu](supported-csp-start-menu-layout-windows.md).
 
-### Deploy the policy using Microsoft Intune
+### Deploy the policy using Endpoint Manager
 
 When the policy is created, you can deploy it now, or deploy it later. Since this policy is a customized Start layout, the policy can be deployed anytime, including before users sign in the first time.
 
-For more information and guidance on assigning policies, see [Assign user and device profiles](/mem/intune/configuration/device-profile-assign).
+For more information and guidance on assigning policies to devices in your organization, see [Assign user and device profiles](/mem/intune/configuration/device-profile-assign).

From 53a782e7abb26217c1b6ad3b1b56833674fb7622 Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Wed, 22 Sep 2021 11:15:10 -0400
Subject: [PATCH 572/671] PM review updates

---
 .../provisioning-apply-package.md             |  4 +-
 .../provisioning-create-package.md            | 12 +---
 .../provisioning-install-icd.md               | 65 ++++++++-----------
 .../provisioning-script-to-install-app.md     |  4 +-
 .../provisioning-uninstall-package.md         |  2 +-
 5 files changed, 33 insertions(+), 54 deletions(-)

diff --git a/windows/configuration/provisioning-packages/provisioning-apply-package.md b/windows/configuration/provisioning-packages/provisioning-apply-package.md
index b3cf6aa867..44ef49c0ab 100644
--- a/windows/configuration/provisioning-packages/provisioning-apply-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-apply-package.md
@@ -12,7 +12,7 @@ ms.reviewer: gkomatsu
 manager: dansimp
 ---
 
-# Apply a provisioning package on Windows 10/11
+# Apply a provisioning package
 
 
 **Applies to**
@@ -40,7 +40,7 @@ Provisioning packages can be applied to client devices during the first-run expe
 3. The next screen asks you to select a provisioning source. Select **Removable Media** and select **Next**.
 
     ![Provision this device.](../images/prov.jpg)
-    
+
 4. Select the provisioning package (`.ppkg`) that you want to apply, and select **Next**.
 
     ![Choose a package.](../images/choose-package.png)
diff --git a/windows/configuration/provisioning-packages/provisioning-create-package.md b/windows/configuration/provisioning-packages/provisioning-create-package.md
index 7d3bd564aa..1725673b90 100644
--- a/windows/configuration/provisioning-packages/provisioning-create-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-create-package.md
@@ -12,7 +12,7 @@ ms.reviewer: gkomatsu
 manager: dansimp
 ---
 
-# Create a provisioning package for Windows 10/11
+# Create a provisioning package
 
 
 **Applies to**
@@ -29,12 +29,7 @@ You can use Windows Configuration Designer to create a provisioning package (`.p
 
 ## Start a new project
 
-1. Open Windows Configuration Designer:
-   - From either the Start screen or Start menu search, type **Windows Configuration Designer**, and then select the **Windows Configuration Designer** shortcut. 
-
-     or
-
-   - If you installed Windows Configuration Designer from the ADK, navigate to `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86` (on an x64 computer) or `C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe` (on an x86 computer), and then select **ICD.exe**.
+1. Open Windows Configuration Designer: From either the Start menu or Start menu search, type **Windows Configuration Designer**, and then select the **Windows Configuration Designer** shortcut.
 
 2. Select your desired option on the **Start** page, which offers multiple options for creating a provisioning package, as shown in the following image:
 
@@ -77,9 +72,6 @@ You can use Windows Configuration Designer to create a provisioning package (`.p
 
 6. In the **Available customizations** pane, you can now configure settings for the package. 
 
-
-
-
 ## Configure settings
 
 For an advanced provisioning project, Windows Configuration Designer opens the **Available customizations** pane. The example in the following image is based on **All Windows desktop editions** settings.
diff --git a/windows/configuration/provisioning-packages/provisioning-install-icd.md b/windows/configuration/provisioning-packages/provisioning-install-icd.md
index 97a69772ee..2185e1123a 100644
--- a/windows/configuration/provisioning-packages/provisioning-install-icd.md
+++ b/windows/configuration/provisioning-packages/provisioning-install-icd.md
@@ -12,19 +12,21 @@ ms.reviewer: gkomatsu
 manager: dansimp
 ---
 
-# Install Windows Configuration Designer
+# Install Windows Configuration Designer, and learn about any limitations
 
 
 **Applies to**
 
--   Windows 10
--   Windows 11
+- Windows 10
+- Windows 11
 
-Use the Windows Configuration Designer tool to create provisioning packages to easily configure devices running Windows client. Windows Configuration Designer is primarily designed for use by IT departments for business and educational institutions who need to provision bring-your-own-device (BYOD) and business-supplied devices.
+Use the Windows Configuration Designer tool to create provisioning packages to easily configure devices running Windows client. Windows Configuration Designer is primarily used by IT departments for business and educational institutions who need to provision bring-your-own-device (BYOD) and business-supplied devices.
 
 ## Supported platforms
 
-Windows Configuration Designer can create provisioning packages for Windows client desktop, including Windows IoT Core, as well as Microsoft Surface Hub and Microsoft HoloLens. You can run Windows Configuration Designer on the following operating systems:
+Windows Configuration Designer can create provisioning packages for Windows client desktop, including Windows IoT Core, Microsoft Surface Hub, and Microsoft HoloLens. You can run Windows Configuration Designer on the following operating systems:
+
+**Client OS**:
 
 - Windows 11
 - Windows 10 - x86 and amd64
@@ -32,6 +34,9 @@ Windows Configuration Designer can create provisioning packages for Windows clie
 - Windows 8.1 - x86 and amd64
 - Windows 8 - x86 and amd64
 - Windows 7 - x86 and amd64
+
+**Server OS**:
+
 - Windows Server 2016
 - Windows Server 2012 R2 Update
 - Windows Server 2012 R2
@@ -43,50 +48,34 @@ Windows Configuration Designer can create provisioning packages for Windows clie
 
 ## Install Windows Configuration Designer
 
-On devices running Windows client, you can install [the Windows Configuration Designer app from the Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22). To run Windows Configuration Designer on other operating systems or in languages other than English, install it from the [Windows Assessment and Deployment Kit (ADK) for Windows](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit).
-
->[!NOTE]
->If you install Windows Configuration Designer from both the ADK and Microsoft Store, the Store app will not open.
->
->The Windows Configuration Designer App from Microsoft Store currently supports only English. For a localized version of the Windows Configuration Designer, install it from the Windows ADK. 
-
-1. Go to [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) and select **Get Windows ADK** for the version of Windows client that you want to create provisioning packages for (version 1511, 1607, or 1703).
-
-    >[!NOTE]
-    >The rest of this procedure uses Windows ADK for Windows 10, version 1703 as an example.
-    
-2. Save **adksetup.exe** and then run it.
-
-3. On the **Specify Location** page, select an installation path and then click **Next**.
-    >[!NOTE]
-    >The estimated disk space listed on this page applies to the full Windows ADK. If you only install Windows Configuration Designer, the space requirement is approximately 32 MB.
-4. Make a selection on the **Windows Kits Privacy** page, and then click **Next**.
-
-5. Accept the **License Agreement**, and then click **Next**.
-
-6. On the **Select the features you want to install** page, clear all selections except **Configuration Designer**, and then click **Install**.
-
-    ![Only Configuration Designer selected for installation.](../images/icd-install.png)
+On devices running Windows client, you can install [the Windows Configuration Designer app](https://www.microsoft.com/store/apps/9nblggh4tx22) from the Microsoft Store.
 
 ## Current Windows Configuration Designer limitations
 
-- Windows Configuration Designer will not work properly if the Group Policy setting **Policies > Administrative Templates > Windows Components > Internet Explorer > Security Zones: Use only machine settings** is enabled. We recommend that you run Windows Configuration Designer on a different device, rather than change the security setting. 
+- Windows Configuration Designer doesn't work properly if the **Policies > Administrative Templates > Windows Components > Internet Explorer > Security Zones: Use only machine settings** Group Policy setting is enabled. Instead of changing the security setting, we recommend you run Windows Configuration Designer on a different device.
 
 - You can only run one instance of Windows Configuration Designer on your computer at a time.
 
-- Be aware that when adding apps and drivers, all files stored in the same folder will be imported and may cause errors during the build process.
+- When adding apps and drivers, all files stored in the same folder are imported, and may cause errors during the build process.
 
-- The Windows Configuration Designer UI does not support multivariant configurations. Instead, you must use the Windows Configuration Designer command-line interface to configure multivariant settings. For more information, see [Create a provisioning package with multivariant settings](provisioning-multivariant.md).
+- The Windows Configuration Designer UI doesn't support multivariant configurations. Instead, you must use the Windows Configuration Designer command-line interface to configure multivariant settings. For more information, see [Create a provisioning package with multivariant settings](provisioning-multivariant.md).
 
-- While you can open multiple projects at the same time within Windows Configuration Designer, you can only build one project at a time.
+- In Windows Configuration Designer, you can only build one project at a time. You can open multiple projects at the same time, but you can only build one at a time.
 
-- In order to enable the simplified authoring jscripts to work on a server SKU running Windows Configuration Designer, you need to explicitly enable **Allow websites to prompt for information using scripted windows**. Do this by opening Internet Explorer and then navigating to **Settings** > **Internet Options** > **Security**  -> **Custom level** > **Allow websites to prompt for information using scripted windows**, and then choose **Enable**. 
+- To enable the simplified authoring jscripts to work on a server SKU running Windows Configuration Designer, you must enable **Allow websites to prompt for information using scripted windows**:
 
-- If you copy a Windows Configuration Designer project from one PC to another PC, make sure that all the associated files for the deployment assets, such as apps and drivers, are copied along with the project to the same path as it was on the original PC. 
+  1. Open Internet Explorer.
+  2. Go to **Settings** > **Internet Options** > **Security** > **Custom level**.
+  3. Select **Allow websites to prompt for information using scripted windows** > **Enable**.
 
-    For example, when you add a driver to a provisioned package, you must copy the .INF file to a local directory on the PC that is running Windows Configuration Designer. If you don't do this, and attempt to use a copied version of this project on a different PC, Windows Configuration Designer might attempt to resolve the path to the files that point to the original PC.
- 
-- **Recommended**: Before starting, copy all source files to the PC running Windows Configuration Designer, rather than using external sources like network shares or removable drives. This reduces the risk of interrupting the build process from a temporary network issue or from disconnecting the USB device.
+- If you copy a Windows Configuration Designer project from one PC to another PC, then:
+
+  - Copy all the associated files for the deployment assets with the project, including apps and drivers.
+  - Copy all the files to the same path as the original PC.
+
+  For example, when you add a driver to a provisioned package, you must copy the `.INF` file to a local directory on the PC that's running Windows Configuration Designer. If you don't copy the `.INF` file, and use a copied version of this project on a different PC, then Windows Configuration Designer might resolve the file paths to the original PC.
+
+- **Recommended**: Before starting, copy all source files to the PC running Windows Configuration Designer. Don't use external sources, like network shares or removable drives. Using local files reduces the risk of interrupting the build process from a network issue, or from disconnecting the USB device.
 
 **Next step**: [How to create a provisioning package](provisioning-create-package.md)
 
diff --git a/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md b/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
index 51948f41b8..a894ed2312 100644
--- a/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
+++ b/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
@@ -20,9 +20,7 @@ manager: dansimp
 -   Windows 10
 -   Windows 11
 
-This walkthrough describes how to include scripts in a Windows client provisioning package to install Win32 applications. Scripted operations other than installing apps can also be performed, however, some care is needed in order to avoid unintended behavior during script execution (see [Remarks](#remarks) below). 
-
->**Prerequisite**: [Windows Assessment and Deployment Kit (ADK) for Windows](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit)
+This walkthrough describes how to include scripts in a Windows client provisioning package to install Win32 applications. Scripted operations other than installing apps can also be performed. However, some care is needed to avoid unintended behavior during script execution (see [Remarks](#remarks) below).
 
 ## Assemble the application assets
 
diff --git a/windows/configuration/provisioning-packages/provisioning-uninstall-package.md b/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
index 1515705748..4a25836a61 100644
--- a/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
@@ -12,7 +12,7 @@ ms.reviewer: gkomatsu
 manager: dansimp
 ---
 
-# Settings changed when you uninstall a provisioning package on Windows 10/11
+# Settings changed when you uninstall a provisioning package
 
 
 **Applies to**

From 915ab0329591beb68c4b97b94b4383169f89f3c5 Mon Sep 17 00:00:00 2001
From: Diana Hanson <v-dihans@microsoft.com>
Date: Wed, 22 Sep 2021 11:28:08 -0600
Subject: [PATCH 573/671] Update
 customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md

Acrolinx fix
---
 ...-start-screens-by-using-provisioning-packages-and-icd.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md b/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
index 95b9c579b5..8a44c817f3 100644
--- a/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
+++ b/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
@@ -1,5 +1,5 @@
 ---
-title: Customize Windows 10 Start and tasbkar with provisioning packages (Windows 10)
+title: Customize Windows 10 Start and taskbar with provisioning packages (Windows 10)
 description: In Windows 10, you can use a provisioning package to deploy a customized Start layout to users.
 ms.assetid: AC952899-86A0-42FC-9E3C-C25F45B1ACAC
 ms.reviewer: 
@@ -138,5 +138,5 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
 - [Add image for secondary tiles](start-secondary-tiles.md)
 - [Start layout XML for desktop editions of Windows 10 (reference)](start-layout-xml-desktop.md)
 - [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md)
-- [Customize Windows 10 Start and tasbkar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
-- [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md)
\ No newline at end of file
+- [Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
+- [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md)

From d30ed8acd7559aaf712bba98fa4df71e1cc30644 Mon Sep 17 00:00:00 2001
From: Diana Hanson <v-dihans@microsoft.com>
Date: Wed, 22 Sep 2021 11:28:49 -0600
Subject: [PATCH 574/671] Update provisioning-powershell.md

Acro fix
---
 .../provisioning-packages/provisioning-powershell.md            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/configuration/provisioning-packages/provisioning-powershell.md b/windows/configuration/provisioning-packages/provisioning-powershell.md
index 48b748a916..50e9c56a1e 100644
--- a/windows/configuration/provisioning-packages/provisioning-powershell.md
+++ b/windows/configuration/provisioning-packages/provisioning-powershell.md
@@ -1,6 +1,6 @@
 ---
 title: PowerShell cmdlets for provisioning Windows 10/11 (Windows 10/11)
-description: Learn morea bout the Windows PowerShell cmdlets that you can use with Provisioning packages on Windows10/11 client desktop devices.
+description: Learn more about the Windows PowerShell cmdlets that you can use with Provisioning packages on Windows10/11 client desktop devices.
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library

From aa544eecba519c8535cef9547ad44e39bd37d908 Mon Sep 17 00:00:00 2001
From: jaimeo <jaimeo@microsoft.com>
Date: Wed, 22 Sep 2021 11:12:31 -0700
Subject: [PATCH 575/671] more mostly small updates

---
 .../update/deploy-updates-configmgr.md        |  7 ++---
 .../update/deploy-updates-intune.md           |  7 ++---
 .../deployment/update/fod-and-lang-packs.md   |  9 ++++---
 .../deployment/update/media-dynamic-update.md |  5 +++-
 windows/deployment/update/optional-content.md | 25 +++++++++++-------
 .../update/servicing-stack-updates.md         |  7 ++---
 .../update-compliance-configuration-mem.md    |  4 +++
 ...aas-deployment-rings-windows-10-updates.md |  2 +-
 .../update/waas-manage-updates-wsus.md        | 19 +++++++-------
 .../deployment/update/waas-wufb-csp-mdm.md    | 26 +++----------------
 windows/deployment/update/waas-wufb-intune.md |  2 +-
 .../update/windows-update-resources.md        |  1 +
 12 files changed, 58 insertions(+), 56 deletions(-)

diff --git a/windows/deployment/update/deploy-updates-configmgr.md b/windows/deployment/update/deploy-updates-configmgr.md
index c62f135de1..73f4b8e93f 100644
--- a/windows/deployment/update/deploy-updates-configmgr.md
+++ b/windows/deployment/update/deploy-updates-configmgr.md
@@ -1,6 +1,6 @@
 ---
-title: Deploy Windows 10 updates with Configuration Manager (Windows 10)
-description: Deploy Windows 10 updates with Configuration Manager
+title: Deploy Windows client updates with Configuration Manager
+description: Deploy Windows client updates with Configuration Manager
 ms.prod: w10
 ms.mktglfcycl: manage
 author: jaimeo
@@ -15,6 +15,7 @@ ms.topic: article
 
 **Applies to**
 
-- Windows 10
+-   Windows 10
+-   Windows 11
 
 See the Microsoft Endpoint Manager [documentation](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) for details about using Configuration Manager to deploy and manage Windows 10 updates.
\ No newline at end of file
diff --git a/windows/deployment/update/deploy-updates-intune.md b/windows/deployment/update/deploy-updates-intune.md
index 5079d8a8f7..e871e5e68c 100644
--- a/windows/deployment/update/deploy-updates-intune.md
+++ b/windows/deployment/update/deploy-updates-intune.md
@@ -1,6 +1,6 @@
 ---
 title: Deploy updates with Intune
-description: Deploy Windows 10 updates with Intune
+description: Deploy Windows client updates with Intune
 ms.prod: w10
 ms.mktglfcycl: manage
 author: jaimeo
@@ -15,6 +15,7 @@ ms.topic: article
 
 **Applies to**
 
-- Windows 10
+-   Windows 10
+-   Windows 11
 
-See the Microsoft Intune [documentation](/mem/intune/protect/windows-update-for-business-configure#windows-10-feature-updates) for details about using Intune to deploy and manage Windows 10 updates.
\ No newline at end of file
+See the Microsoft Intune [documentation](/mem/intune/protect/windows-update-for-business-configure#windows-10-feature-updates) for details about using Intune to deploy and manage Windows client updates.
\ No newline at end of file
diff --git a/windows/deployment/update/fod-and-lang-packs.md b/windows/deployment/update/fod-and-lang-packs.md
index fc45328c40..13a811171f 100644
--- a/windows/deployment/update/fod-and-lang-packs.md
+++ b/windows/deployment/update/fod-and-lang-packs.md
@@ -16,15 +16,18 @@ ms.custom: seo-marvel-apr2020
 ---
 # How to make Features on Demand and language packs available when you're using WSUS or Configuration Manager
 
-> Applies to: Windows 10
+**Applies to**
 
-In Windows 10 version 21H2, non-Administrator user accounts can add both a display language and its corresponding language features.
+-   Windows 10
+-   Windows 11
+
+In Windows 10 version 21H2 and later, non-Administrator user accounts can add both a display language and its corresponding language features.
 
 As of Windows 10 version 1709, you can't use Windows Server Update Services (WSUS) to host [Features on Demand](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities) (FODs) locally. Starting with Windows 10 version 1803, language packs can no longer be hosted on WSUS.
 
 The **Specify settings for optional component installation and component repair** policy, located under `Computer Configuration\Administrative Templates\System` in the Group Policy Editor, can be used to specify alternate ways to acquire FOD packages, language packages, and content for corruption repair. However, it's important to note this policy only allows specifying one alternate location and behaves differently across OS versions.
 
-In Windows 10 version 1709 and 1803, changing the **Specify settings for optional component installation and component repair** policy to download content from Windows Update enables acquisition of FOD packages while also enabling corruption repair. Specifying a network location works for either, depending on the content is found at that location.  Changing this policy on these OS versions does not influence how language packs are acquired.
+In Windows 10 versions 1709 and 1803, changing the **Specify settings for optional component installation and component repair** policy to download content from Windows Update enables acquisition of FOD packages while also enabling corruption repair. Specifying a network location works for either, depending on the content is found at that location.  Changing this policy on these OS versions does not influence how language packs are acquired.
 
 In Windows 10 version 1809 and beyond, changing the **Specify settings for optional component installation and component repair** policy also influences how language packs are acquired, however language packs can only be acquired directly from Windows Update. It's currently not possible to acquire them from a network share. Specifying a network location works for FOD packages or corruption repair, depending on the content at that location.
 
diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md
index 3758d0c313..01eadf3247 100644
--- a/windows/deployment/update/media-dynamic-update.md
+++ b/windows/deployment/update/media-dynamic-update.md
@@ -16,7 +16,10 @@ ms.topic: article
 
 # Update Windows installation media with Dynamic Update
 
-**Applies to**: Windows 10, Windows 11
+**Applies to**
+
+-   Windows 10
+-   Windows 11
 
 This topic explains how to acquire and apply Dynamic Update packages to existing Windows images *prior to deployment* and includes Windows PowerShell scripts you can use to automate this process.
 
diff --git a/windows/deployment/update/optional-content.md b/windows/deployment/update/optional-content.md
index addb9d4952..ba64d92859 100644
--- a/windows/deployment/update/optional-content.md
+++ b/windows/deployment/update/optional-content.md
@@ -15,9 +15,14 @@ ms.topic: article
 
 # Migrating and acquiring optional Windows content during updates
 
+**Applies to**
+
+-   Windows 10
+-   Windows 11
+
 This article provides some background on the problem of keeping language resources and Features on Demand during operating system updates and offers guidance to help you move forward in the short term and prepare for the long term.
 
-When you update the operating system, it’s critical to keep language resources and Features on Demand (FODs). Many commercial organizations use Configuration Manager or other management tools to distribute and orchestrate Windows 10 setup using a local Windows image or WIM file (a “media-based” or “task-sequence-based” update). Others do in-place updates using an approved Windows 10 feature update by using Windows Server Update Services (WSUS), Configuration Manager, or equivalent tools (a "servicing-based” update). 
+When you update the operating system, it’s critical to keep language resources and Features on Demand (FODs). Many commercial organizations use Configuration Manager or other management tools to distribute and orchestrate Windows client setup using a local Windows image or WIM file (a “media-based” or “task-sequence-based” update). Others do in-place updates using an approved Windows client feature update by using Windows Server Update Services (WSUS), Configuration Manager, or equivalent tools (a "servicing-based” update). 
 
 Neither approach contains the full set of Windows optional features that a user’s device might need, so those features are not migrated to the new operating system. Further, those features are not available in Configuration Manager or WSUS for on-premises acquisition after a feature update 
 
@@ -43,11 +48,11 @@ Windows Setup needs access to the optional content to do this. Since optional co
 
 ### User-initiated feature acquisition failure
 
-The second challenge involves a failure to acquire features when a user requests them. Imagine a user running a device with a new version of Windows 10, either by using a clean installation or an in-place update. The user visits Settings, and attempts to install a second language, additional language experience features, or other optional content. Again, since these features are not in the operating system, the packages need to be acquired. For a typical user with internet access, Windows will acquire the features from a nearby Microsoft content delivery network, and everything works as designed. For commercial users, some might not have internet access or have policies to prevent acquisition over the internet. In these situations, Windows must acquire the content from an alternative location. When the content can’t be found, users are frustrated and another help desk call could result. This pain point is sometimes referred to as "failure to acquire optional content.”
+The second challenge involves a failure to acquire features when a user requests them. Imagine a user running a device with a new version of Windows client, either by using a clean installation or an in-place update. The user visits Settings, and attempts to install a second language, additional language experience features, or other optional content. Again, since these features are not in the operating system, the packages need to be acquired. For a typical user with internet access, Windows will acquire the features from a nearby Microsoft content delivery network, and everything works as designed. For commercial users, some might not have internet access or have policies to prevent acquisition over the internet. In these situations, Windows must acquire the content from an alternative location. When the content can’t be found, users are frustrated and another help desk call could result. This pain point is sometimes referred to as "failure to acquire optional content.”
 
 ## Options for acquiring optional content
 
-Most commercial organizations understand the pain points outlined above, and discussions typically start with them asking what plans are available to address these challenges. The following table includes multiple options for consideration, depending on how you are currently deploying Windows 10. In this table,
+Most commercial organizations understand the pain points outlined above, and discussions typically start with them asking what plans are available to address these challenges. The following table includes multiple options for consideration, depending on how you are currently deploying Windows client. In this table,
 
 - Migration means it supports optional content migration during an update.
 - Acquisition means it supports optional content acquisition (that is, initiated by the user).
@@ -70,21 +75,21 @@ Most commercial organizations understand the pain points outlined above, and dis
 
 Windows Update for Business solves the optional content problem. Optional content is published and available for acquisition by Windows Setup from a nearby Microsoft content delivery network and acquired using the Unified Update Platform. Optional content migration and acquisition scenarios "just work" when the device is connected to an update service that uses the Unified Update Platform, such as Windows Update or Windows Update for Business. If for some reason a language pack fails to install during the update, the update will automatically roll back.
 
-Starting with Windows 10, version 1709, we introduced the [Unified Update Platform](https://blogs.windows.com/windowsexperience/2016/11/03/introducing-unified-update-platform-uup/). The Unified Update Platform is an improvement in the underlying Windows update technology that results in smaller download sizes and a more efficient protocol for checking for updates, acquiring and installing the packages needed, and getting current in one update step. The technology is "unified" because it brings together the update stack for Windows 10, Windows Server, and other products, such as HoloLens. The Unified Update Platform is not currently integrated with WSUS.
+Starting with Windows 10, version 1709, we introduced the [Unified Update Platform](https://blogs.windows.com/windowsexperience/2016/11/03/introducing-unified-update-platform-uup/). The Unified Update Platform is an improvement in the underlying Windows update technology that results in smaller download sizes and a more efficient protocol for checking for updates, acquiring and installing the packages needed, and getting current in one update step. The technology is "unified" because it brings together the update stack for Windows client, Windows Server, and other products, such as HoloLens. The Unified Update Platform is not currently integrated with WSUS.
 
-You should consider moving to Windows Update for Business. Not only will the optional content scenario work seamlessly (as it does for consumer devices today), but you also get the full benefits of smaller download sizes also known as Express Updates. Further, devices that use  devices are immune to the challenge of upgrading a Windows 10 device where the operating system installation language is inadvertently changed to a new language. Otherwise, any future media-based feature updates can fail when the installation media has a different installation language. See [Upgrading Windows 10 devices with installation media different than the original OS install language](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/upgrading-windows-10-devices-with-installation-media-different/ba-p/746126) for more details, as well as our [Ignite 2019 theater session THR4002](https://medius.studios.ms/video/asset/HIGHMP4/IG19-THR4002) on this topic.
+You should consider moving to Windows Update for Business. Not only will the optional content scenario work seamlessly (as it does for consumer devices today), but you also get the full benefits of smaller download sizes also known as Express Updates. Further, devices that use  devices are immune to the challenge of upgrading a Windows client device where the operating system installation language is inadvertently changed to a new language. Otherwise, any future media-based feature updates can fail when the installation media has a different installation language. See [Upgrading Windows 10 devices with installation media different than the original OS install language](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/upgrading-windows-10-devices-with-installation-media-different/ba-p/746126) for more details, as well as our [Ignite 2019 theater session THR4002](https://medius.studios.ms/video/asset/HIGHMP4/IG19-THR4002) on this topic.
 
 ### Option 2: Enable Dynamic Update
 
-If you’re not ready to move to Windows Update, another option is to enable Dynamic Update during a feature update. As soon as a Windows 10 feature update starts, whether via a media-based update or a WSUS-based feature update, Dynamic Update is one of the first steps invoked. Windows 10 Setup connects to an internet-facing URL hosted by Microsoft to fetch Dynamic Update content, and then applies those updates to the operating system installation media. The content acquired includes the following:
+If you’re not ready to move to Windows Update, another option is to enable Dynamic Update during a feature update. As soon as a Windows feature update starts, whether via a media-based update or a WSUS-based feature update, Dynamic Update is one of the first steps invoked. Windows Setup connects to an internet-facing URL hosted by Microsoft to fetch Dynamic Update content, and then applies those updates to the operating system installation media. The content acquired includes the following:
 
 - Setup updates: Fixes to Setup.exe binaries or any files that Setup uses for feature updates.
 - Safe OS updates: Fixes for the "safe OS" that are used to update Windows recovery environment (WinRE).
-- Servicing stack updates: Fixes that are necessary to address the Windows 10 servicing stack issue and thus required to complete the feature update.
+- Servicing stack updates: Fixes that are necessary to address the Windows servicing stack issue and thus required to complete the feature update.
 - Latest cumulative update: Installs the latest cumulative quality update.
 - Driver updates: Latest version of applicable drivers that have already been published by manufacturers into Windows Update and meant specifically for Dynamic Update.
 
-In addition to these updates for the new operating system, Dynamic Update will acquire optional content during the update process to ensure that the device has this content present when the update completes. So, although the device is not connected to Windows Update, it will fetch content from a nearby Microsoft content download network (CDN). This addresses the first pain point with optional content, but not user-initiated acquisition. By default, [Dynamic Update](/windows-hardware/manufacture/desktop/windows-setup-command-line-options#dynamicupdate) is enabled by Windows 10 Setup. You can enable or disable Dynamic Update by using the /DynamicUpdate option in Windows Setup. If you use the servicing-based approach, you can set this with setupconfig.ini. See [Windows Setup Automation Overview](/windows-hardware/manufacture/desktop/windows-setup-automation-overview) for details.
+In addition to these updates for the new operating system, Dynamic Update will acquire optional content during the update process to ensure that the device has this content present when the update completes. So, although the device is not connected to Windows Update, it will fetch content from a nearby Microsoft content download network (CDN). This addresses the first pain point with optional content, but not user-initiated acquisition. By default, [Dynamic Update](/windows-hardware/manufacture/desktop/windows-setup-command-line-options#dynamicupdate) is enabled by Windows Setup. You can enable or disable Dynamic Update by using the /DynamicUpdate option in Windows Setup. If you use the servicing-based approach, you can set this with setupconfig.ini. See [Windows Setup Automation Overview](/windows-hardware/manufacture/desktop/windows-setup-automation-overview) for details.
 
 Starting in Windows 10, version 2004, Dynamic Update can be configured with additional options. For example, you might want to have the benefits of optional content migration without automatically acquiring the latest quality update. You can do that with the /DynamicUpdate NoLCU option of Windows Setup. Afterward, you would separately follow your existing process for testing and approving monthly updates. The downside of this approach is the device will go through an additional reboot for the latest cumulative update since it was not available during the feature update.
 
@@ -109,7 +114,7 @@ The benefit of this option is that the Windows image can include those additiona
 
 ### Option 4: Install language features during deployment
 
-A partial solution to address the first pain point of failing to migrate optional content during upgrade is to inject a subset of optional content during the upgrade process. This approach uses the Windows 10 Setup option [/InstallLangPacks](/windows-hardware/manufacture/desktop/windows-setup-command-line-options#installlangpacks) to add Language Packs and language capabilities such as text-to-speech recognition from a folder that contains the packages. This approach lets an IT pro take a subset of optional content and stage them within their network. If you use the servicing-based approach, you can configure InstallLangPacks using setupconfig.ini. See [Windows Setup Automation Overview](/windows-hardware/manufacture/desktop/windows-setup-automation-overview) for details.
+A partial solution to address the first pain point of failing to migrate optional content during upgrade is to inject a subset of optional content during the upgrade process. This approach uses the Windows Setup option [/InstallLangPacks](/windows-hardware/manufacture/desktop/windows-setup-command-line-options#installlangpacks) to add Language Packs and language capabilities such as text-to-speech recognition from a folder that contains the packages. This approach lets an IT pro take a subset of optional content and stage them within their network. If you use the servicing-based approach, you can configure InstallLangPacks using setupconfig.ini. See [Windows Setup Automation Overview](/windows-hardware/manufacture/desktop/windows-setup-automation-overview) for details.
 
 When Setup runs, it will inject these packages into the new operating system during installation. This means it can be an alternative to enabling Dynamic Update or customizing the operating system image before deployment. You must take care with this approach, because the packages cannot be renamed. Further, the content is coming from two separate release media ISOs. The key is to copy both the FOD packages and the FOD metadata .cab from the FOD ISO into the folder, as well as the architecture-specific Language Pack .cabs from the LPLIP ISO. Also, starting with Windows 10, version 1903, the behavior changed. In Windows 10, version 1809 and earlier, failure to install the packages wasn’t a fatal error. Starting with Windows 10, version 1903, we treat InstallLangPacks failures as fatal, and roll back the entire upgrade. The idea is to not leave the user in a bad state since media-based upgrades don’t migrate FOD and languages (unless Dynamic Update is enabled).
 
@@ -141,7 +146,7 @@ For more information about the Unified Update Platform and the approaches outlin
 - [Ignite 2019 theater session THR4002](https://medius.studios.ms/video/asset/HIGHMP4/IG19-THR4002)
 - [Run custom actions during feature update](/windows-hardware/manufacture/desktop/windows-setup-enable-custom-actions)
 - [Unified Update Platform](https://blogs.windows.com/windowsexperience/2016/11/03/introducing-unified-update-platform-uup/)
-- [Updating Windows 10 media with Dynamic Update packages](media-dynamic-update.md)
+- [Updating Windows installation media with Dynamic Update packages](media-dynamic-update.md)
 - [Windows Setup Automation Overview](/windows-hardware/manufacture/desktop/windows-setup-automation-overview) 
 
 
diff --git a/windows/deployment/update/servicing-stack-updates.md b/windows/deployment/update/servicing-stack-updates.md
index 6b9563437a..15a43dfe2f 100644
--- a/windows/deployment/update/servicing-stack-updates.md
+++ b/windows/deployment/update/servicing-stack-updates.md
@@ -1,5 +1,5 @@
 ---
-title: Servicing stack updates (Windows 10)
+title: Servicing stack updates
 description: In this article, learn how servicing stack updates improve the code that installs the other updates.
 ms.prod: w10
 ms.mktglfcycl: manage
@@ -20,7 +20,8 @@ ms.custom: seo-marvel-apr2020
 
 **Applies to**
 
-- Windows 10, Windows 8.1, Windows 8, Windows 7
+-   Windows 10
+-   Windows 11
 
 ## What is a servicing stack update?
 Servicing stack updates provide fixes to the servicing stack, the component that installs Windows updates. Additionally, it contains the "component-based servicing stack" (CBS), which is a key underlying component for several elements of Windows deployment, such as DISM, SFC, changing Windows features or roles, and repairing components. The CBS is a small component that typically does not have updates released every month.
@@ -38,7 +39,7 @@ Servicing stack update are released depending on new issues or vulnerabilities.
 
 ## What's the difference between a servicing stack update and a cumulative update?
 
-Both Windows 10 and Windows Server use the cumulative update mechanism, in which many fixes to improve the quality and security of Windows are packaged into a single update. Each cumulative update includes the changes and fixes from all previous updates.
+Both Windows client and Windows Server use the cumulative update mechanism, in which many fixes to improve the quality and security of Windows are packaged into a single update. Each cumulative update includes the changes and fixes from all previous updates.
 
 Servicing stack updates must ship separately from the cumulative updates because they modify the component that installs Windows updates. The servicing stack is released separately because the servicing stack itself requires an update. For example, the cumulative update [KB4284880](https://support.microsoft.com/help/4284880/windows-10-update-kb4284880) requires the [May 17, 2018 servicing stack update](https://support.microsoft.com/help/4132216), which includes updates to Windows Update.
 
diff --git a/windows/deployment/update/update-compliance-configuration-mem.md b/windows/deployment/update/update-compliance-configuration-mem.md
index f700affa62..55c83a3ecc 100644
--- a/windows/deployment/update/update-compliance-configuration-mem.md
+++ b/windows/deployment/update/update-compliance-configuration-mem.md
@@ -16,6 +16,10 @@ ms.topic: article
 ---
 
 # Configuring Microsoft Endpoint Manager devices for Update Compliance
+**Applies to**
+
+-   Windows 10
+-   Windows 11
 
 > [!NOTE]
 > As of May 10, 2021, a new policy is required to use Update Compliance: "Allow Update Compliance Processing." For more details, see the Mobile Device Management policies and Group policies tables.
diff --git a/windows/deployment/update/waas-deployment-rings-windows-10-updates.md b/windows/deployment/update/waas-deployment-rings-windows-10-updates.md
index 177e2b07ca..833473b99a 100644
--- a/windows/deployment/update/waas-deployment-rings-windows-10-updates.md
+++ b/windows/deployment/update/waas-deployment-rings-windows-10-updates.md
@@ -12,7 +12,7 @@ ms.collection: M365-modern-desktop
 ms.topic: article
 ---
 
-# Build deployment rings for Windows 10 updates
+# Build deployment rings for Windows client updates
 
 **Applies to**
 
diff --git a/windows/deployment/update/waas-manage-updates-wsus.md b/windows/deployment/update/waas-manage-updates-wsus.md
index bc2accd828..3556cec273 100644
--- a/windows/deployment/update/waas-manage-updates-wsus.md
+++ b/windows/deployment/update/waas-manage-updates-wsus.md
@@ -27,13 +27,13 @@ ms.topic: article
 
 WSUS is a Windows Server role available in the Windows Server operating systems. It provides a single hub for Windows updates within an organization. WSUS allows companies not only to defer updates but also to selectively approve them, choose when they’re delivered, and determine which individual devices or groups of devices receive them. WSUS provides additional control over Windows Update for Business but does not provide all the scheduling options and deployment flexibility that Microsoft Endpoint Manager provides.
 
-When you choose WSUS as your source for Windows updates, you use Group Policy to point Windows 10 client devices to the WSUS server for their updates. From there, updates are periodically downloaded to the WSUS server and managed, approved, and deployed through the WSUS administration console or Group Policy, streamlining enterprise update management. If you’re currently using WSUS to manage Windows updates in your environment, you can continue to do so in Windows 10. 
+When you choose WSUS as your source for Windows updates, you use Group Policy to point Windows client devices to the WSUS server for their updates. From there, updates are periodically downloaded to the WSUS server and managed, approved, and deployed through the WSUS administration console or Group Policy, streamlining enterprise update management. If you’re currently using WSUS to manage Windows updates in your environment, you can continue to do so in Windows 11. 
 
 
 
-## Requirements for Windows 10 servicing with WSUS
+## Requirements for Windows client servicing with WSUS
 
-To be able to use WSUS to manage and deploy Windows 10 feature updates, you must use a supported WSUS version: 
+To be able to use WSUS to manage and deploy Windows feature updates, you must use a supported WSUS version: 
 - WSUS 10.0.14393 (role in Windows Server 2016)
 - WSUS 10.0.17763 (role in Windows Server 2019) 
 - WSUS 6.2 and 6.3 (role in Windows Server 2012 and Windows Server 2012 R2)
@@ -109,7 +109,7 @@ As Windows clients refresh their computer policies (the default Group Policy ref
 ## Create computer groups in the WSUS Administration Console
 
 >[!NOTE]
->The following procedures use the groups from Table 1 in [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) as examples.
+>The following procedures use the groups from Table 1 in [Build deployment rings for Windows client updates](waas-deployment-rings-windows-10-updates.md) as examples.
 
 You can use computer groups to target a subset of devices that have specific quality and feature updates. These groups represent your deployment rings, as controlled by WSUS. You can populate the groups either manually by using the WSUS Administration Console or automatically through Group Policy. Regardless of the method you choose, you must first create the groups in the WSUS Administration Console. 
 
@@ -242,10 +242,11 @@ The next time the clients in the **Ring 4 Broad Business Users** security group
 For clients that should have their feature updates approved as soon as they’re available, you can configure Automatic Approval rules in WSUS.
 
 >[!NOTE]
->WSUS respects the client device's servicing branch. If you approve a feature update while it is still in one branch, such as Insider Preview, WSUS will install the update only on devices that are in that servicing branch. When Microsoft releases the build for Semi-Annual Channel, the devices in the Semi-Annual Channel will install it. Windows Update for Business branch settings do not apply to feature updates through WSUS.
+>WSUS respects the client device's servicing branch. If you approve a feature update while it is still in one branch, such as Insider Preview, WSUS will install the update only on devices that are in that servicing branch. When Microsoft releases the build for Semi-Annual Channel (or General Availability Channel), the devices in that will install it. Windows Update for Business branch settings do not apply to feature updates through WSUS.
 
 
-**To configure an Automatic Approval rule for Windows 10 feature updates and approve them for the Ring 3 Broad IT deployment ring**
+**To configure an Automatic Approval rule for Windows client feature updates and approve them for the Ring 3 Broad IT deployment ring**
+This example uses Windows 10, but the process is the same for Windows 11.
 
 1. In the WSUS Administration Console, go to Update Services\\*Server_Name*\Options, and then select **Automatic Approvals**.
 
@@ -274,16 +275,16 @@ For clients that should have their feature updates approved as soon as they’re
     >[!NOTE]
     >WSUS does not honor any existing month/week/day [deferral settings](waas-configure-wufb.md#configure-when-devices-receive-feature-updates). That said, if you’re using Windows Update for Business for a computer for which WSUS is also managing updates, when WSUS approves the update, it will be installed on the computer regardless of whether you configured Group Policy to wait.
 
-Now, whenever Windows 10 feature updates are published to WSUS, they will automatically be approved for the **Ring 3 Broad IT** deployment ring with an installation deadline of 1 week.
+Now, whenever Windows client feature updates are published to WSUS, they will automatically be approved for the **Ring 3 Broad IT** deployment ring with an installation deadline of 1 week.
 
 > [!WARNING]
-> The auto approval rule runs after synchronization occurs. This means that the *next* upgrade for each Windows 10 version will be approved. If you select **Run Rule**, all possible updates that meet the criteria will be approved, potentially including older updates that you don't actually want--which can be a problem when the download sizes are very large.
+> The auto approval rule runs after synchronization occurs. This means that the *next* upgrade for each Windows client version will be approved. If you select **Run Rule**, all possible updates that meet the criteria will be approved, potentially including older updates that you don't actually want--which can be a problem when the download sizes are very large.
 
 ## Manually approve and deploy feature updates
 
 You can manually approve updates and set deadlines for installation within the WSUS Administration Console, as well. It might be best to approve update rules manually after your pilot deployment has been updated.
 
-To simplify the manual approval process, start by creating a software update view that contains only Windows 10 updates.
+To simplify the manual approval process, start by creating a software update view that contains only Windows 10 (in this example) updates. The process is the same for Windows 11 updates.
 
 > [!NOTE]
 > If you approve more than one feature update for a computer, an error can result with the client. Approve only one feature update per computer.  
diff --git a/windows/deployment/update/waas-wufb-csp-mdm.md b/windows/deployment/update/waas-wufb-csp-mdm.md
index bdc0a8d662..bef5342d10 100644
--- a/windows/deployment/update/waas-wufb-csp-mdm.md
+++ b/windows/deployment/update/waas-wufb-csp-mdm.md
@@ -16,7 +16,8 @@ ms.topic: article
 
 **Applies to**
 
-- Windows 10
+-   Windows 10
+-   Windows 11
 
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
 
@@ -29,7 +30,7 @@ An IT administrator can set policies for Windows Update for Business by using Mi
 
 To manage updates with Windows Update for Business, you should prepare with these steps, if you haven't already:
 
-- Create Active Directory security groups that align with the deployment rings you use to phase deployment of updates. See [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) to learn more about deployment rings in Windows 10.
+- Create Active Directory security groups that align with the deployment rings you use to phase deployment of updates. See [Build deployment rings for Windows client updates](waas-deployment-rings-windows-10-updates.md) to learn more about deployment rings in Windows client.
 - Allow access to the Windows Update service.
 
 
@@ -39,7 +40,7 @@ You can control when updates are applied, for example by deferring when an updat
 
 ### Determine which updates you want offered to your devices
 
-Both Windows 10 feature and quality updates are automatically offered to devices that are connected to Windows Update using Windows Update for Business policies. However, you can choose whether you want the devices to additionally receive other Microsoft Updates or drivers that are applicable to that device.
+Both feature and quality updates are automatically offered to devices that are connected to Windows Update using Windows Update for Business policies. However, you can choose whether you want the devices to additionally receive other Microsoft Updates or drivers that are applicable to that device.
 
 To enable Microsoft Updates use [Update/AllwMUUpdateService](/windows/client-management/mdm/policy-csp-update#update-allowmuupdateservice).
 
@@ -194,22 +195,3 @@ When you disable this setting, users will see **Some settings are managed by you
 If you use Windows Server Update Server (WSUS), you can prevent users from scanning Windows Update. To do this, use [Update/SetDisableUXWUAccess](/windows/client-management/mdm/policy-csp-update#update-setdisableuxwuaccess).
 
 
-
-
-## Related topics
-
-- [Update Windows 10 in the enterprise](index.md)
-- [Overview of Windows as a service](waas-overview.md)
-- [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md)
-- [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md)
-- [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md)
-- [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md)
-- [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md)
-- [Configure BranchCache for Windows 10 updates](waas-branchcache.md) 
-- [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)
-- [Configure Windows Update for Business](waas-configure-wufb.md)
-- [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md)
-- [Walkthrough: use Intune to configure Windows Update for Business](/intune/windows-update-for-business-configure)
-- [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)
-- [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service)
-- [Manage device restarts after updates](waas-restart.md)
\ No newline at end of file
diff --git a/windows/deployment/update/waas-wufb-intune.md b/windows/deployment/update/waas-wufb-intune.md
index 8922733a56..fe639fa3d6 100644
--- a/windows/deployment/update/waas-wufb-intune.md
+++ b/windows/deployment/update/waas-wufb-intune.md
@@ -1,5 +1,5 @@
 ---
-title: Walkthrough use Intune to configure Windows Update for Business (Windows 10)
+title: Walkthrough use Intune to configure Windows Update for Business
 description: In this article, learn how to configure Windows Update for Business settings using Microsoft Intune.
 ms.prod: w10
 ms.mktglfcycl: manage
diff --git a/windows/deployment/update/windows-update-resources.md b/windows/deployment/update/windows-update-resources.md
index b9eb08a9e3..fd1d2c3d80 100644
--- a/windows/deployment/update/windows-update-resources.md
+++ b/windows/deployment/update/windows-update-resources.md
@@ -18,6 +18,7 @@ author: jaimeo
 **Applies to**:
 
 - Windows 10
+- Windows 11
 - Windows Server 2016
 - Windows Server 2019
 

From 97dac93d989edc9d6d9881b71f2d9403b2b4eb59 Mon Sep 17 00:00:00 2001
From: Mandi Ohlinger <Mandi.Ohlinger@microsoft.com>
Date: Wed, 22 Sep 2021 14:23:41 -0400
Subject: [PATCH 576/671] Fixed markdown syntax

---
 .../provisioning-packages/provision-pcs-with-apps.md     | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
index 491e382778..182d0e0207 100644
--- a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
@@ -139,7 +139,8 @@ For details about the settings you can customize in provisioning packages, see [
 1. When you are done configuring the provisioning package, on the **File** menu, select **Save**.
 
 2. Read the warning that project files may contain sensitive information, and select **OK**.
-   > **Important**  When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
+
+    When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location, and delete the project files when they're no longer needed.
 
 3. On the **Export** menu, select **Provisioning package**.
 
@@ -156,8 +157,8 @@ For details about the settings you can customize in provisioning packages, see [
 
    -   **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by selecting **Select...** and choosing the certificate you want to use to sign the package.
 
-       **Important**  
-       We recommend that you include a trusted provisioning certificate in your provisioning package. When the package is applied to a device, the certificate is added to the system store and any package signed with that certificate thereafter can be applied silently. 
+    > [!TIP]
+    > We recommend that you include a trusted provisioning certificate in your provisioning package. When the package is applied to a device, the certificate is added to the system store. Any package signed with that certificate can be applied silently. 
 
 7. Select **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows ICD uses the project folder as the output location.<p>
    Optionally, you can select **Browse** to change the default output location.
@@ -205,4 +206,4 @@ For details about the settings you can customize in provisioning packages, see [
 - [NFC-based device provisioning](../mobile-devices/provisioning-nfc.md)
 - [Use the package splitter tool](../mobile-devices/provisioning-package-splitter.md)
 - [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
-- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
\ No newline at end of file
+- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)

From f7c6b2cca32d55fee61858e02f720ed3c4199423 Mon Sep 17 00:00:00 2001
From: Mandi Ohlinger <Mandi.Ohlinger@microsoft.com>
Date: Wed, 22 Sep 2021 14:25:24 -0400
Subject: [PATCH 577/671] Fixed spacing

---
 .../provisioning-packages/provisioning-create-package.md    | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/configuration/provisioning-packages/provisioning-create-package.md b/windows/configuration/provisioning-packages/provisioning-create-package.md
index 1725673b90..5086aae14b 100644
--- a/windows/configuration/provisioning-packages/provisioning-create-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-create-package.md
@@ -67,8 +67,8 @@ You can use Windows Configuration Designer to create a provisioning package (`.p
 
 5. On the **Import a provisioning package (optional)** page, you can select **Finish** to create your project, or browse to and select an existing provisioning package to import to your project, and then select **Finish**.
 
->[!TIP]
->**Import a provisioning package** can make it easier to create different provisioning packages that all have certain settings in common. For example, you could create a provisioning package that contains the settings for your organization's network, and then import it into other packages that you create so you don't have to reconfigure those common settings repeatedly.
+    >[!TIP]
+    >**Import a provisioning package** can make it easier to create different provisioning packages that all have certain settings in common. For example, you could create a provisioning package that includes the settings for your organization's network. Then, import that package into other packages that you create so you don't have to reconfigure those common settings repeatedly.
 
 6. In the **Available customizations** pane, you can now configure settings for the package. 
 
@@ -162,4 +162,4 @@ For details on each specific setting, see [Windows Provisioning settings referen
 - [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
 - [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
 - [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
-- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
\ No newline at end of file
+- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)

From 1175f4a6d49cc3de051fa0f352cb9dedb7507049 Mon Sep 17 00:00:00 2001
From: jaimeo <jaimeo@microsoft.com>
Date: Wed, 22 Sep 2021 11:28:06 -0700
Subject: [PATCH 578/671] working around Acrolinx's incorrect flagging of setup

---
 windows/deployment/update/optional-content.md | 30 +++++++++----------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/windows/deployment/update/optional-content.md b/windows/deployment/update/optional-content.md
index ba64d92859..cad3343d01 100644
--- a/windows/deployment/update/optional-content.md
+++ b/windows/deployment/update/optional-content.md
@@ -34,7 +34,7 @@ Optional content includes the following items:
 - Language-based and regional FODs (for example, Language.Basic~~~ja-jp~0.0.1.0)
 - Local Experience Packs 
 
-Optional content isn’t included by default in the Windows image file that is part of the operating system media available in the Volume Licensing Service Center (VLSC). Instead, it’s released as an additional ISO file on VLSC. Shipping these features out of the operating system media and shipping them separately reduces the disk footprint of Windows. This provides more space for user’s data. It also reduces the time needed to service the operating system, whether installing a monthly quality update or upgrading to a newer version. A smaller default Windows image also means less data to transmit over the network.
+Optional content isn’t included by default in the Windows image file that is part of the operating system media available in the Volume Licensing Service Center (VLSC). Instead, it’s released as an additional ISO file on VLSC. Shipping these features out of the operating system media and shipping them separately reduces the disk footprint of Windows. This approach provides more space for user’s data. It also reduces the time needed to service the operating system, whether installing a monthly quality update or upgrading to a newer version. A smaller default Windows image also means less data to transmit over the network.
 
 ## Why is acquiring optional content challenging?
 
@@ -42,13 +42,13 @@ The challenges surrounding optional content typically fall into two groups:
 
 ### Incomplete operating system updates
 
-The first challenge is related to content migration during a feature update. When Windows Setup performs an in-place update, the new operating is written to the user’s disk alongside the old version. This is a temporary folder, where a second clean operating system is installed and prepared for the user to "move into." When this happens, Windows Setup enumerates optional content installed already in the current version and plans to install the new version of this content in the new operating system. 
+The first challenge is related to content migration during a feature update. When Windows Setup performs an in-place update, the new operating system is written to the user’s disk alongside the old version in a temporary folder, where a second clean operating system is installed and prepared for the user to "move into." When operation happens, Windows Setup enumerates optional content installed already in the current version and plans to install the new version of this content in the new operating system. 
  
-Windows Setup needs access to the optional content to do this. Since optional content is not in the Windows image by default, Windows Setup must look elsewhere to get the Windows packages, stage them, and then install them in the new operating system. When the content can’t be found, the result is an update that is missing features on the device, a frustrated end user, and likely a help desk call. This pain point is sometimes referred to "failure to migrate optional content during update." For media-based updates, Windows will automatically try again once the new operating system boots. We call this “latent acquisition.” 
+Windows Setup needs access to the optional content. Since optional content is not in the Windows image by default, Windows Setup must look elsewhere to get the Windows packages, stage them, and then install them in the new operating system. When the content can’t be found, the result is an update that is missing features on the device, a frustrated end user, and likely a help desk call. This pain point is sometimes referred to "failure to migrate optional content during update." For media-based updates, Windows will automatically try again once the new operating system boots. We call this “latent acquisition.” 
 
 ### User-initiated feature acquisition failure
 
-The second challenge involves a failure to acquire features when a user requests them. Imagine a user running a device with a new version of Windows client, either by using a clean installation or an in-place update. The user visits Settings, and attempts to install a second language, additional language experience features, or other optional content. Again, since these features are not in the operating system, the packages need to be acquired. For a typical user with internet access, Windows will acquire the features from a nearby Microsoft content delivery network, and everything works as designed. For commercial users, some might not have internet access or have policies to prevent acquisition over the internet. In these situations, Windows must acquire the content from an alternative location. When the content can’t be found, users are frustrated and another help desk call could result. This pain point is sometimes referred to as "failure to acquire optional content.”
+The second challenge involves a failure to acquire features when a user requests them. Imagine a user running a device with a new version of Windows client, either by using a clean installation or an in-place update. The user visits Settings, and attempts to install a second language, more language experience features, or other optional content. Again, since these features are not in the operating system, the packages need to be acquired. For a typical user with internet access, Windows will acquire the features from a nearby Microsoft content delivery network, and everything works as designed. For commercial users, some might not have internet access or have policies to prevent acquisition over the internet. In these situations, Windows must acquire the content from an alternative location. When the content can’t be found, users are frustrated and another help desk call could result. This pain point is sometimes referred to as "failure to acquire optional content.”
 
 ## Options for acquiring optional content
 
@@ -77,7 +77,7 @@ Windows Update for Business solves the optional content problem. Optional conten
 
 Starting with Windows 10, version 1709, we introduced the [Unified Update Platform](https://blogs.windows.com/windowsexperience/2016/11/03/introducing-unified-update-platform-uup/). The Unified Update Platform is an improvement in the underlying Windows update technology that results in smaller download sizes and a more efficient protocol for checking for updates, acquiring and installing the packages needed, and getting current in one update step. The technology is "unified" because it brings together the update stack for Windows client, Windows Server, and other products, such as HoloLens. The Unified Update Platform is not currently integrated with WSUS.
 
-You should consider moving to Windows Update for Business. Not only will the optional content scenario work seamlessly (as it does for consumer devices today), but you also get the full benefits of smaller download sizes also known as Express Updates. Further, devices that use  devices are immune to the challenge of upgrading a Windows client device where the operating system installation language is inadvertently changed to a new language. Otherwise, any future media-based feature updates can fail when the installation media has a different installation language. See [Upgrading Windows 10 devices with installation media different than the original OS install language](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/upgrading-windows-10-devices-with-installation-media-different/ba-p/746126) for more details, as well as our [Ignite 2019 theater session THR4002](https://medius.studios.ms/video/asset/HIGHMP4/IG19-THR4002) on this topic.
+Consider moving to Windows Update for Business. Not only will the optional content scenario work seamlessly (as it does for consumer devices today), but you also get the full benefits of smaller download sizes also known as Express Updates. Further, devices that use  devices are immune to the challenge of upgrading a Windows client device where the operating system installation language is inadvertently changed to a new language. Otherwise, any future media-based feature updates can fail when the installation media has a different installation language. For more info, see [Upgrading Windows 10 devices with installation media different than the original OS install language](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/upgrading-windows-10-devices-with-installation-media-different/ba-p/746126) for more details, and our [Ignite 2019 theater session THR4002](https://medius.studios.ms/video/asset/HIGHMP4/IG19-THR4002) on this topic.
 
 ### Option 2: Enable Dynamic Update
 
@@ -89,16 +89,16 @@ If you’re not ready to move to Windows Update, another option is to enable Dyn
 - Latest cumulative update: Installs the latest cumulative quality update.
 - Driver updates: Latest version of applicable drivers that have already been published by manufacturers into Windows Update and meant specifically for Dynamic Update.
 
-In addition to these updates for the new operating system, Dynamic Update will acquire optional content during the update process to ensure that the device has this content present when the update completes. So, although the device is not connected to Windows Update, it will fetch content from a nearby Microsoft content download network (CDN). This addresses the first pain point with optional content, but not user-initiated acquisition. By default, [Dynamic Update](/windows-hardware/manufacture/desktop/windows-setup-command-line-options#dynamicupdate) is enabled by Windows Setup. You can enable or disable Dynamic Update by using the /DynamicUpdate option in Windows Setup. If you use the servicing-based approach, you can set this with setupconfig.ini. See [Windows Setup Automation Overview](/windows-hardware/manufacture/desktop/windows-setup-automation-overview) for details.
+In addition to these updates for the new operating system, Dynamic Update will acquire optional content during the update process to ensure that the device has this content present when the update completes. So, although the device is not connected to Windows Update, it will fetch content from a nearby Microsoft content download network (CDN). This approach addresses the first pain point with optional content, but not user-initiated acquisition. By default, [Dynamic Update](/windows-hardware/manufacture/desktop/windows-setup-command-line-options#dynamicupdate) is enabled by Windows Setup. You can enable or disable Dynamic Update by using the /DynamicUpdate option in Windows Setup. If you use the servicing-based approach, you can set this value with setupconfig.ini. See [Windows Setup Automation Overview](/windows-hardware/manufacture/desktop/windows-setup-automation-overview) for details.
 
-Starting in Windows 10, version 2004, Dynamic Update can be configured with additional options. For example, you might want to have the benefits of optional content migration without automatically acquiring the latest quality update. You can do that with the /DynamicUpdate NoLCU option of Windows Setup. Afterward, you would separately follow your existing process for testing and approving monthly updates. The downside of this approach is the device will go through an additional reboot for the latest cumulative update since it was not available during the feature update.
+Starting in Windows 10, version 2004, Dynamic Update can be configured with more options. For example, you might want to have the benefits of optional content migration without automatically acquiring the latest quality update. You can do that with the /DynamicUpdate NoLCU option of Windows Setup. Afterward, you would separately follow your existing process for testing and approving monthly updates. The downside of this approach is the device will reboot again for the latest cumulative update since it was not available during the feature update.
 
-One additional consideration when using Dynamic Update is the impact to your network. One of the top blockers for this approach is the concern that each device will separately fetch this content from Microsoft. Windows 10, version 2004 setup now downloads Dynamic Update content using Delivery Optimization when available.
+One further consideration when using Dynamic Update is the affect on your network. One of the top blockers for this approach is the concern that each device will separately fetch this content from Microsoft. Windows 10, version 2004 setup now downloads Dynamic Update content using Delivery Optimization when available.
  For devices that aren’t connected to the internet, a subset of the Dynamic Update content is available by using WSUS and the Microsoft catalog. 
 
 ### Option 3: Customize the Windows Image before deployment
 
- For many organizations, the deployment workflow involves a Configuration Manager task sequence that performs a media-based update. Some customers either don’t have internet connectivity, or the connectivity is poor and so they can’t enable Dynamic Update. In these cases, we recommend installing optional content prior to deployment. This is sometimes referred to as customizing the installation media.
+ For many organizations, the deployment workflow involves a Configuration Manager task sequence that performs a media-based update. Some customers either don’t have internet connectivity, or the connectivity is poor and so they can’t enable Dynamic Update. In these cases, we recommend installing optional content prior to deployment. This activity is sometimes referred to as customizing the installation media.
 
 You can customize the Windows image in these ways:
 
@@ -109,24 +109,24 @@ You can customize the Windows image in these ways:
 - Adding or removing languages
 - Adding or removing Features on Demand
 
-The benefit of this option is that the Windows image can include those additional languages, language experience features, and other Features on Demand through one-time updates to the image. Then you can use them in an existing task sequence or custom deployment where Setup.exe is involved. The downside of this approach is that it requires some preparation of the image in advance, including scripting with DISM to install the additional packages. It also means the image is the same for all devices that consume it and might contain more features than some users need. For more information on customizing your media, see [Updating Windows 10 media with Dynamic Update packages](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/updating-windows-10-media-with-dynamic-update-packages/ba-p/982477) and our [Ignite 2019 theater session THR3073](https://medius.studios.ms/video/asset/HIGHMP4/IG19-THR3073). Also like Option 2, you still have a solution for migration of optional content, but not supporting user-initiated optional content acquisition. Also, there is a variation of this option in which media is updated *on the device* just before installation. This allows for device-specific image customization based on what's currently installed.
+The benefit of this option is that the Windows image can include those additional languages, language experience features, and other Features on Demand through one-time updates to the image. Then you can use them in an existing task sequence or custom deployment where Setup.exe is involved. The downside of this approach is that it requires some preparation of the image in advance, including scripting with DISM to install the additional packages. It also means the image is the same for all devices that consume it and might contain more features than some users need. For more information on customizing your media, see [Updating Windows 10 media with Dynamic Update packages](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/updating-windows-10-media-with-dynamic-update-packages/ba-p/982477) and our [Ignite 2019 theater session THR3073](https://medius.studios.ms/video/asset/HIGHMP4/IG19-THR3073). Also like Option 2, you still have a solution for migration of optional content, but not supporting user-initiated optional content acquisition. Also, there is a variation of this option in which media is updated *on the device* just before installation. This option allows for device-specific image customization based on what's currently installed.
 
 
 ### Option 4: Install language features during deployment
 
 A partial solution to address the first pain point of failing to migrate optional content during upgrade is to inject a subset of optional content during the upgrade process. This approach uses the Windows Setup option [/InstallLangPacks](/windows-hardware/manufacture/desktop/windows-setup-command-line-options#installlangpacks) to add Language Packs and language capabilities such as text-to-speech recognition from a folder that contains the packages. This approach lets an IT pro take a subset of optional content and stage them within their network. If you use the servicing-based approach, you can configure InstallLangPacks using setupconfig.ini. See [Windows Setup Automation Overview](/windows-hardware/manufacture/desktop/windows-setup-automation-overview) for details.
 
-When Setup runs, it will inject these packages into the new operating system during installation. This means it can be an alternative to enabling Dynamic Update or customizing the operating system image before deployment. You must take care with this approach, because the packages cannot be renamed. Further, the content is coming from two separate release media ISOs. The key is to copy both the FOD packages and the FOD metadata .cab from the FOD ISO into the folder, as well as the architecture-specific Language Pack .cabs from the LPLIP ISO. Also, starting with Windows 10, version 1903, the behavior changed. In Windows 10, version 1809 and earlier, failure to install the packages wasn’t a fatal error. Starting with Windows 10, version 1903, we treat InstallLangPacks failures as fatal, and roll back the entire upgrade. The idea is to not leave the user in a bad state since media-based upgrades don’t migrate FOD and languages (unless Dynamic Update is enabled).
+When Setup runs, it will inject these packages into the new operating system during installation. It can be an alternative to enabling Dynamic Update or customizing the operating system image before deployment. You must take care with this approach, because the packages cannot be renamed. Further, the content is coming from two separate release media ISOs. The key is to copy both the FOD packages and the FOD metadata .cab from the FOD ISO into the folder, and the architecture-specific Language Pack .cabs from the LPLIP ISO. Also, starting with Windows 10, version 1903, the behavior changed. In Windows 10, version 1809 and earlier, failure to install the packages wasn’t a fatal error. Starting with Windows 10, version 1903, we treat InstallLangPacks failures as fatal, and roll back the entire upgrade. The idea is to not leave the user in a bad state since media-based upgrades don’t migrate FOD and languages (unless Dynamic Update is enabled).
 
-This approach has some interesting benefits. The original Windows image doesn’t need to be modified, possibly saving time and scripting. For some commercial customers, this is implemented as their primary pain point has to do with language support immediately after the update. 
+This approach has some interesting benefits. The original Windows image doesn’t need to be modified, possibly saving time and scripting. 
 
 ### Option 5: Install optional content after deployment
 
-This option is like Option 3 in that you customize the operating system image with additional optional content after it’s deployed. IT pros can extend the behavior of Windows Setup by running their own custom action scripts during and after a feature update. See [Run custom actions during feature update](/windows-hardware/manufacture/desktop/windows-setup-enable-custom-actions) for details. With this approach, you can create a device-specific migration of optional content by capturing the optional content that is installed in the operating system, and then saving this list to install the same optional content in the new operating system. Like Option 4, you would internally host a network share that contains the source of the optional content packages. Then, during the execution of Setup on the device, capture the list of installed optional content from the source operating system and save. Later, after Setup completes, you use the list to install the optional content, which leaves the user’s device without loss of functionality. 
+This option is like Option 3 in that you customize the operating system image with more optional content after it’s deployed. IT pros can extend the behavior of Windows Setup by running their own custom action scripts during and after a feature update. See [Run custom actions during feature update](/windows-hardware/manufacture/desktop/windows-setup-enable-custom-actions) for details. With this approach, you can create a device-specific migration of optional content by capturing the optional content that is installed in the operating system, and then saving this list to install the same optional content in the new operating system. Like Option 4, you would internally host a network share that contains the source of the optional content packages. Then, during the execution of Setup on the device, capture the list of installed optional content from the source operating system and save. Later, after Setup completes, you use the list to install the optional content, which leaves the user’s device without loss of functionality. 
 
 ### Option 6: Configure an alternative source for optional content
 
-Several of the options address ways to address optional content migration issues during an in-place update. To address the second pain point of easily acquiring optional content in the user-initiated case, you can configure each device by using the Specify settings for optional component installation and component repair Group Policy. This policy setting specifies the network locations that will be used for the repair of operating system corruption and for enabling optional features that have had their payload files removed. This approach has the disadvantage of additional content to be hosted within your network (additional to the operating system image you might be still deploying to some clients) but has the advantage of acquiring content within your network. Some reminders about this policy:
+Several of the options address ways to address optional content migration issues during an in-place update. To address the second pain point of easily acquiring optional content in the user-initiated case, you can configure each device by using the Specify settings for optional component installation and component repair Group Policy. This policy setting specifies the network locations that will be used for the repair of operating system corruption and for enabling optional features that have had their payload files removed. This approach has the disadvantage of more content to be hosted within your network (in addition to the operating system image you might be still deploying to some clients) but has the advantage of acquiring content within your network. Some reminders about this policy:
 
 - The file path to the alternate source must be a fully qualified path; multiple locations can be separated by a semicolon.
 - This setting does not support installing language packs from Alternate source file path, only Features on Demand. If the policy is configured to acquire content from Windows Update, language packs will be acquired.
@@ -569,7 +569,7 @@ Dismount-DiskImage -ImagePath $FOD_ISO_PATH -ErrorAction ignore | Out-Null
 
 ### Saving optional content in the source operating system
 
-To save optional content state in the source operating system, we create a custom action script to run before the operating system installs. In this script, we save optional features and language resources to a file. We also make a local copy of the repo with only those files needed based on the languages installed on the source operating system. This will limit the files to copy.
+To save optional content state in the source operating system, we create a custom action script to run before the operating system installs. In this script, we save optional features and language resources to a file. We also make a local copy of the repo with only those files needed based on the languages installed on the source operating system. This action will limit the files to copy.
 
 
 ```powershell

From ca1a68321b0958558ba3848707a9cb883ca29a6d Mon Sep 17 00:00:00 2001
From: jaimeo <jaimeo@microsoft.com>
Date: Wed, 22 Sep 2021 11:38:32 -0700
Subject: [PATCH 579/671] working around more Acrolinx mistakes

---
 .../update/waas-deployment-rings-windows-10-updates.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/deployment/update/waas-deployment-rings-windows-10-updates.md b/windows/deployment/update/waas-deployment-rings-windows-10-updates.md
index 833473b99a..4070bb332d 100644
--- a/windows/deployment/update/waas-deployment-rings-windows-10-updates.md
+++ b/windows/deployment/update/waas-deployment-rings-windows-10-updates.md
@@ -37,15 +37,15 @@ Table 1 provides an example of the deployment rings you might use.
 
 | Deployment ring | Servicing channel | Deferral for feature updates | Deferral for quality updates | Example |
 | --- | --- | --- | --- | --- |
-| Preview | Windows Insider Program | None | None | A few machines to evaluate early builds prior to their arrival to the semi-annual channel |
-| Broad | Semi-annual channel | 120 days | 7-14 days | Broadly deployed to most of the organization and monitored for feedback</br>Pause updates if there are critical issues |
-| Critical | Semi-annual channel | 180 days | 30 days | Devices that are critical and will only receive updates once they've been vetted for a period of time by the majority of the organization |
+| Preview | Windows Insider Program | None | None | A few machines to evaluate early builds prior to their arrival to the Semi-Annual channel |
+| Broad | Semi-Annual channel | 120 days | 7-14 days | Broadly deployed to most of the organization and monitored for feedback</br>Pause updates if there are critical issues |
+| Critical | Semi-Annual channel | 180 days | 30 days | Devices that are critical and will only receive updates once they've been vetted for some time by most of the organization |
 
 >[!NOTE]
 >In this example, there are no rings made up of the long-term servicing channel (LTSC). The LTSC does not receive feature updates. 
 
 
-As Table 1 shows, each combination of servicing channel and deployment group is tied to a specific deployment ring. As you can see, the associated groups of devices are combined with a servicing channel to specify which deployment ring those devices and their users fall into. The naming convention used to identify the rings is completely customizable as long as the name clearly identifies the sequence. Deployment rings represent a sequential deployment timeline, regardless of the servicing channel they contain. Deployment rings will likely rarely change for an organization, but they should be periodically assessed to ensure that the deployment cadence still makes sense. 
+As Table 1 shows, each combination of servicing channel and deployment group is tied to a specific deployment ring. As you can see, the associated groups of devices are combined with a servicing channel to specify which deployment ring those devices and their users fall into. The naming convention used to identify the rings is customizable as long as the name clearly identifies the sequence. Deployment rings represent a sequential deployment timeline, regardless of the servicing channel they contain. Deployment rings will likely rarely change for an organization, but they should be periodically assessed to ensure that the deployment cadence still makes sense. 
 
 
 ## Steps to manage updates for Windows client
@@ -54,7 +54,7 @@ As Table 1 shows, each combination of servicing channel and deployment group is
 | --- | --- |
 | ![done.](images/checklistdone.png) | [Learn about updates and servicing channels](waas-overview.md) |
 | ![done.](images/checklistdone.png) | [Prepare servicing strategy for Windows client updates](waas-servicing-strategy-windows-10-updates.md) |
-| ![done.](images/checklistdone.png) | Build deployment rings for Windows client updates (this topic) |
+| ![done.](images/checklistdone.png) | Build deployment rings for Windows client updates (this article) |
 | ![to do.](images/checklistbox.gif) | [Assign devices to servicing channels for Windows client updates](waas-servicing-channels-windows-10-updates.md) |
 | ![to do.](images/checklistbox.gif) | [Optimize update delivery for Windows client updates](waas-optimize-windows-10-updates.md) |
 | ![to do.](images/checklistbox.gif) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)</br>or [Deploy Windows client updates using Windows Server Update Services](waas-manage-updates-wsus.md)</br>or [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) |

From 54cb5d9489d71bc3575e229b1a5fed7d4443b688 Mon Sep 17 00:00:00 2001
From: Evan Miller <v-evmill@microsoft.com>
Date: Wed, 22 Sep 2021 15:23:44 -0700
Subject: [PATCH 580/671] Update application management with transparency

---
 .../mdm/policy-csp-applicationmanagement.md   | 140 +++++++++---------
 1 file changed, 70 insertions(+), 70 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md
index 983dc1cc33..2843bc4633 100644
--- a/windows/client-management/mdm/policy-csp-applicationmanagement.md
+++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md
@@ -78,23 +78,23 @@ manager: dansimp
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>✔️</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>✔️</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>✔️</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>✔️</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>✔️</td>
 </tr>
 </table>
 
@@ -147,23 +147,23 @@ The following list shows the supported values:
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>✔️</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>✔️</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>✔️</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>✔️</td>
 </tr>
 </table>
 
@@ -216,23 +216,23 @@ The following list shows the supported values:
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>✔️</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>✔️</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>✔️</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>✔️</td>
 </tr>
 </table>
 
@@ -285,23 +285,23 @@ The following list shows the supported values:
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>✔️</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>✔️</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>✔️</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>✔️</td>
 </tr>
 </table>
 
@@ -356,23 +356,23 @@ The following list shows the supported values:
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>✔️</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>✔️</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>✔️</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>✔️</td>
 </tr>
 </table>
 
@@ -424,23 +424,23 @@ Most restricted value: 0
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>8</sup></td>
+    <td>✔️<sup>8</sup></td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>8</sup></td>
+    <td>✔️<sup>8</sup></td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>8</sup></td>
+    <td>✔️<sup>8</sup></td>
 </tr>
 
 </table>
@@ -501,23 +501,23 @@ The following list shows the supported values:
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>✔️<sup>1</sup></td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>✔️<sup>1</sup></td>
 </tr>
 </table>
 
@@ -567,23 +567,23 @@ The following list shows the supported values:
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+    <td>✔️<sup>5</sup></td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+    <td>✔️<sup>5</sup></td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+    <td>✔️<sup>5</sup></td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+    <td>✔️<sup>5</sup></td>
 </tr>
 </table>
 
@@ -638,23 +638,23 @@ For this policy to work, the Windows apps need to declare in their manifest that
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>✔️<sup>4</sup></td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>✔️<sup>4</sup></td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>✔️<sup>4</sup></td>
 </tr>
 </table>
 
@@ -709,23 +709,23 @@ This setting supports a range of values between 0 and 1.
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>✔️<sup>4</sup></td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>✔️<sup>4</sup></td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>✔️<sup>4</sup></td>
 </tr>
 </table>
 
@@ -781,23 +781,23 @@ This setting supports a range of values between 0 and 1.
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>✔️</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>✔️</td>
 </tr>
 </table>
 
@@ -851,23 +851,23 @@ The following list shows the supported values:
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>✔️</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>✔️</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>✔️</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>✔️</td>
 </tr>
 </table>
 
@@ -919,23 +919,23 @@ The following list shows the supported values:
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>✔️</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>✔️</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>✔️</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>✔️</td>
 </tr>
 </table>
 
@@ -987,23 +987,23 @@ The following list shows the supported values:
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+    <td>✔️<sup>5</sup></td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+    <td>✔️<sup>5</sup></td>
 </tr>
 </table>
 

From 1121eb9b44061c1c90a0aaca8003ddd6e903a76a Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Thu, 23 Sep 2021 12:32:21 -0400
Subject: [PATCH 581/671] PM review updates

---
 windows/configuration/kiosk-prepare.md    | 202 +++++++++++++++++++---
 windows/configuration/kiosk-single-app.md |  55 ++++--
 2 files changed, 216 insertions(+), 41 deletions(-)

diff --git a/windows/configuration/kiosk-prepare.md b/windows/configuration/kiosk-prepare.md
index 69c2860ab5..34a2fc97a4 100644
--- a/windows/configuration/kiosk-prepare.md
+++ b/windows/configuration/kiosk-prepare.md
@@ -22,34 +22,190 @@ ms.topic: article
 - Windows 10 Pro, Enterprise, and Education
 - Windows 11
 
-> [!WARNING]
-> For kiosks in public-facing environments with auto sign-in enabled, you should use a user account with the least privileges, such as a local standard user account.
->
-> Assigned access can be configured via Windows Management Instrumentation (WMI) or configuration service provider (CSP) to run its applications under a domain user or service account, rather than a local account. However, use of domain user or service accounts introduces risks that might allow an attacker subverting the assigned access application to gain access to sensitive domain resources that have been inadvertently left accessible to any domain account. We recommend that customers proceed with caution when using domain accounts with assigned access, and consider the domain resources potentially exposed by the decision to do so.
 
-> [!IMPORTANT]
-> [User account control (UAC)](/windows/security/identity-protection/user-account-control/user-account-control-overview) must be turned on to enable kiosk mode.
->
-> Kiosk mode is not supported over a remote desktop connection. Your kiosk users must sign in on the physical device that is set up as a kiosk.
+
+## Before you begin
+
+- [User account control (UAC)](/windows/security/identity-protection/user-account-control/user-account-control-overview) must be turned on to enable kiosk mode.
+- Kiosk mode isn't supported over a remote desktop connection. Your kiosk users must sign in on the physical device that's set up as a kiosk.
+- For kiosks in public-facing environments with auto sign-in enabled, you should use a user account with the least privileges, such as a local standard user account.
+
+  Assigned access can be configured using Windows Management Instrumentation (WMI) or configuration service provider (CSP). Assigned access runs an application using a domain user or service account, not a local account. Using a domain user or service accounts has risks, and might allow an attacker to gain access to domain resources that are accessible to any domain account. When using domain accounts with assigned access, proceed with caution. Consider the domain resources potentially exposed by using a domain account.
+
+- MDM providers, such as [Microsoft Endpoint Manager](/mem/endpoint-manager-getting-started), use the configuration service providers (CSP) exposed by the Windows OS to manage settings on devices. In this article, we mention these services. If you're not managing your devices using an MDM provider, the following resources may help you get started:
+
+  - [Microsoft Endpoint Manager](/mem/endpoint-manager-getting-started)
+  - [What is Microsoft Intune](/mem/intune/fundamentals/what-is-intune) and [Microsoft Intune planning guide](/mem/intune/fundamentals/intune-planning-guide)
+  - [What is Configuration Manager?](/mem/configmgr/core/understand/introduction)
 
 ## Configuration recommendations
 
-For a more secure kiosk experience, we recommend that you make the following configuration changes to the device before you configure it as a kiosk: 
+For a more secure kiosk experience, we recommend that you make the following configuration changes to the device before you configure it as a kiosk:
 
-| Recommendation | How to |
-| --- | --- |
-|Hide update notifications<br>(New starting in Windows 10, version 1809)   | Go to **Group Policy Editor** &gt; **Computer Configuration** &gt; **Administrative Templates\\Windows Components\\Windows Update\\Display options for update notifications**<br>-or-<br>Use the MDM setting **Update/UpdateNotificationLevel** from the [**Policy/Update** configuration service provider](/windows/client-management/mdm/policy-csp-update#update-updatenotificationlevel)<br>-or-<br>Add the following registry keys as type DWORD (32-bit) in the path of **HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate**:<br>**\SetUpdateNotificationLevel** with a value of `1`, and **\UpdateNotificationLevel** with a value of `1` to hide all notifications except restart warnings, or value of `2` to hide all notifications, including restart warnings. |
-| Enable and schedule automatic updates | Go to **Group Policy Editor** &gt; **Computer Configuration** &gt; **Administrative Templates\\Windows Components\\Windows Update\\Configure Automatic Updates**, and select `option 4 (Auto download and schedule the install)`<br>-or-<br>Use the MDM setting **Update/AllowAutoUpdate** from the [**Policy/Update** configuration service provider](/windows/client-management/mdm/policy-csp-update#update-allowautoupdate), and select `option 3 (Auto install and restart at a specified time)`<br><br>**Note:** Installations can take from between 30 minutes and 2 hours, depending on the device, so you should schedule updates to occur when a block of 3-4 hours is available.<br><br>To schedule the automatic update, configure **Schedule Install Day**, **Schedule Install Time**, and **Schedule Install Week**. |
-| Enable automatic restart at the scheduled time | Go to **Group Policy Editor** &gt; **Computer Configuration** &gt; **Administrative Templates\\Windows Components\\Windows Update\\Always automatically restart at the scheduled time** |
-| Replace "blue screen" with blank screen for OS errors   | Add the following registry key as DWORD (32-bit) type with a value of `1`:</br></br>**HKLM\SYSTEM\CurrentControlSet\Control\CrashControl\DisplayDisabled** |
-| Put device in **Tablet mode**. | If you want users to be able to use the touch (on screen) keyboard, go to **Settings** &gt; **System** &gt; **Tablet mode** and choose **On.** Don't turn on this setting if users will not interact with the kiosk, such as for a digital sign.
-Hide **Ease of access** feature on the sign-in screen. |     See [how to disable the Ease of Access button in the registry.](/windows-hardware/customize/enterprise/complementary-features-to-custom-logon#welcome-screen)
-| Disable the hardware power button. |     Go to **Power Options** &gt; **Choose what the power button does**, change the setting to **Do nothing**, and then **Save changes**. |
-| Remove the power button from the sign-in screen. |     Go to **Computer Configuration** &gt; **Windows Settings** &gt; **Security Settings** &gt; **Local Policies** &gt;**Security Options** &gt; **Shutdown: Allow system to be shut down without having to log on** and select **Disabled.** |
-| Disable the camera. |     Go to **Settings** &gt; **Privacy** &gt; **Camera**, and turn off **Let apps use my camera**. |
-| Turn off app notifications on the lock screen. |     Go to **Group Policy Editor** &gt; **Computer Configuration** &gt; **Administrative Templates\\System\\Logon\\Turn off app notifications on the lock screen**. |
-| Disable removable media. |     Go to **Group Policy Editor** &gt; **Computer Configuration** &gt; **Administrative Templates\\System\\Device Installation\\Device Installation Restrictions**. Review the policy settings available in **Device Installation Restrictions** for the settings applicable to your situation.</br></br>**NOTE**: To prevent this policy from affecting a member of the Administrators group, in **Device Installation Restrictions**, enable **Allow administrators to override Device Installation Restriction policies**. |
+- **Hide update notifications**. Starting with Windows 10 version 1809, you can hide notifications from showing on the devices. To enable this feature, you have the following options:
 
+  - **Use Group policy**: `Computer Configuration\Administrative Templates\Windows Components\Windows Update\Display options for update notifications`
+
+  - **Use an MDM provider**: This feature uses the [Update/UpdateNotificationLevel CSP](/windows/client-management/mdm/policy-csp-update#update-updatenotificationlevel). In Endpoint Manager, you can use the [Windows update settings](/mem/intune/protect/windows-update-settings) to manage this feature.
+
+  - **Use the registry**:
+
+    1. Open Registry Editor (regedit).
+    2. Go to `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate`.
+    3. Create a **New** > **DWORD (32-bit) Value**. Enter `SetUpdateNotificationLevel`, and set its value to `1`.
+    4. Create a **New** > **DWORD (32-bit) Value**. Enter `UpdateNotificationLevel`. For value, you can enter:
+
+        - `1`: Hides all notifications except restart warnings.
+        - `2`: Hides all notifications, including restart warnings.
+
+- **Enable and schedule automatic updates**. To enable this feature, you have the following options:
+
+  - **Use Group policy**: `Computer Configuration\Administrative Templates\Windows Components\Windows Update\Configure Automatic Updates`. Select `4 - Auto download and schedule the install`.
+  - **Use an MDM provider**: This feature uses the [Update/AllowAutoUpdate CSP](/windows/client-management/mdm/policy-csp-update#update-allowautoupdate). Select `3 - Auto install and restart at a specified time`. In Endpoint Manager, you can use the [Windows update settings](/mem/intune/protect/windows-update-settings) to manage this feature.
+
+  You can also schedule automatic updates, including **Schedule Install Day**, **Schedule Install Time**, and **Schedule Install Week**. Installations can take between 30 minutes and 2 hours, depending on the device. Schedule updates to occur when a block of 3-4 hours is available.
+
+- **Enable automatic restart at the scheduled time**. To enable this feature, you have the following options:
+
+  - **Use Group policy**: `Computer Configuration\Administrative Templates\Windows Components\Windows Update\Always automatically restart at the scheduled time`. Select `4 - Auto download and schedule the install`.
+
+  - **Use an MDM provider**: This feature uses the [Update/ActiveHoursStart](/windows/client-management/mdm/policy-csp-update#update-activehoursstart) and [Update/ActiveHoursEnd](/windows/client-management/mdm/policy-csp-update#update-activehoursend) CSPs. In Endpoint Manager, you can use the [Windows update settings](/mem/intune/protect/windows-update-settings) to manage this feature.
+
+- **Replace "blue screen" with blank screen for OS errors**. To enable this feature, use the Registry Editor:
+
+  1. Open Registry Editor (regedit).
+  2. Go to `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl`.
+  3. Create a **New** > **DWORD (32-bit) Value**. Enter `DisplayDisabled`, and set its value to `1`.
+
+- **Put device in "Tablet mode"**. If you want users to use the touch screen, without using a keyboard or mouse, then turn on tablet mode using the Settings app. If users won't interact with the kiosk, such as for a digital sign, then don't turn on this setting.
+
+  Applies to Windows 10 only. Currently, Tablet mode isn't supported on Windows 11.
+
+  Your options:
+
+  - Use the **Settings** app:
+    1. Open the **Settings** app.
+    2. Go to **System** > **Tablet mode**.
+    3. Configure the settings you want.
+
+  - Use the **Action Center**:
+    1. On your device, swipe in from the left.
+    2. Select **Tablet mode**.
+
+- **Hide "Ease of access" feature on the sign-in screen**: To enable this feature, you have the following options:
+
+  - **Use an MDM provider**: In Endpoint Manager, you can use the [Control Panel and Settings](/mem/intune/configuration/device-restrictions-windows-10#control-panel-and-settings) to manage this feature.
+  - **Use the registry**: For more information, see [how to disable the Ease of Access button in the registry](/windows-hardware/customize/enterprise/complementary-features-to-custom-logon#welcome-screen).
+
+- **Disable the hardware power button**: To enable this feature, you have the following options:
+
+  - **Use the Settings app**:
+    1. Open the **Settings** app.
+    2. Go to **System** > **Power & Sleep** > **Additional power settings** > **Choose what the power button does**.
+    3. Select **Do nothing**.
+    4. **Save changes**.
+
+  - **Use Group Policy**: Your options:
+
+    - `Computer Configuration\Administrative Templates\System\Power Management\Button Settings`: Set `Select Power Button Action on Battery` and `Select Power Button Action on Plugged In` to **Take no action**.
+    - `User Configuration\Administrative Templates\Start Menu and Taskbar\Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands`: This policy hides the buttons, but doesn't disable them.
+    - `Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Shut down the system`: Remove the users or groups from this policy.
+
+      To prevent this policy from affecting a member of the Administrators group, be sure to keep the Administrators group.
+
+  - **Use an MDM provider**: In Endpoint Manager, you have some options:
+
+    - [Settings Catalog](/mem/intune/configuration/settings-catalog): This option lists all the settings you can configure, including the administrative templates used in on-premises Group Policy. Configure the following settings:
+
+      - `Power\Select Power Button Action on Battery`: Set to **Take no action**.
+      - `Power\Select Power Button Action on Plugged In`: Set to **Take no action**.
+      - `Start\Hide Power Button`: Set to **Enabled**. This policy hides the button, but doesn't disable it.
+
+    - [Administrative templates](/mem/intune/configuration/administrative-templates-windows): These templates are the administrative templates used in on-premises Group Policy. Configure the following setting:
+
+      - `\Start menu and Taskbar\Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands`: This policy hides the buttons, but doesn't disable them.
+
+      When looking at settings, check the supported OS for each setting to make sure it applies.
+
+    - [Start settings in a device configuration profile](/mem/intune/configuration/device-restrictions-windows-10#start): This option shows this setting, and all the Start menu settings you can manage.
+
+- **Remove the power button from the sign-in screen**. To enable this feature, you have the following options:
+
+  - **Use Group Policy**: `Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Shutdown: Allow system to be shut down without having to log on`. Select **Disabled**.
+
+  - **Use MDM**: In Endpoint Manager, you have the following option:
+
+    - [Settings Catalog](/mem/intune/configuration/settings-catalog): This option lists all the settings you can configure, including the administrative templates used in on-premises Group Policy. Configure the following setting:
+
+      - `Local Policies Security Options\Shutdown Allow System To Be Shut Down Without Having To Log On`: Set to **Disabled**.
+
+- **Disable the camera**: To enable this feature, you have the following options:
+
+  - **Use the Settings app**: 
+    1. Open the **Settings** app.
+    2. Go to **Privacy** > **Camera**.
+    3. Select **Allow apps use my camera** > **Off**.
+
+  - **Use Group Policy**: `Computer Configuration\Administrative Templates\Windows Components\Camera: Allow use of camera`: Select **Disabled**.
+
+  - **Use an MDM provider**: This feature uses the [Policy CSP - Camera](/windows/client-management/mdm/policy-csp-camera). In Endpoint Manager, you have the following options:
+
+    - [General settings in a device configuration profile](/mem/intune/configuration/device-restrictions-windows-10#general): This option shows this setting, and more settings you can manage.
+    - [Settings Catalog](/mem/intune/configuration/settings-catalog): This option lists all the settings you can configure, including the administrative templates used in on-premises Group Policy. Configure the following setting:
+
+      - `Camera\Allow camera`: Set to **Not allowed**.
+
+- **Turn off app notifications on the lock screen**: To enable this feature, you have the following options:
+
+  - **Use the Settings app**:
+
+    1. Open the **Settings** app.
+    2. Go to **System** > **Notifications & actions**.
+    3. In **Show notifications on the lock screen**, select **Off**.
+
+  - **Use Group policy**:
+    - `Computer Configuration\Administrative Templates\System\Logon\Turn off app notifications on the lock screen`: Select **Enabled**.
+    - `User Configuration\Administrative Templates\Start Menu and Taskbar\Notifications\Turn off toast notifications on the lock screen`: Select **Enabled**.
+
+  - **Use an MDM provider**: This feature uses the [AboveLock/AllowToasts CSP](/windows/client-management/mdm/policy-csp-abovelock#abovelock-allowtoasts). In Endpoint Manager, you have the following options:
+
+    - [Locked screen experience device configuration profile](/mem/intune/configuration/device-restrictions-windows-10#locked-screen-experience): See this setting, and more settings you can manage.
+
+    - [Administrative templates](/mem/intune/configuration/administrative-templates-windows): These templates are the administrative templates used in on-premises Group Policy. Configure the following settings:
+
+      - `\Start Menu and Taskbar\Notifications\Turn off toast notifications on the lock screen`: Select **Enabled**.
+      - `\System\Logon\Turn off app notifications on the lock screen`: Select **Enabled**.
+
+      When looking at settings, check the supported OS for each setting to make sure it applies.
+
+    - [Settings Catalog](/mem/intune/configuration/settings-catalog): This option lists all the settings you can configure, including the administrative templates used in on-premises Group Policy. Configure the following settings:
+
+      - `\Start Menu and Taskbar\Notifications\Turn off toast notifications on the lock screen`: Select **Enabled**.
+      - `\System\Logon\Turn off app notifications on the lock screen`: Select **Enabled**.
+
+- **Disable removable media**:  To enable this feature, you have the following options:
+
+  - **Use Group policy**: `Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions`. Review the available settings that apply to your situation.
+
+    To prevent this policy from affecting a member of the Administrators group, select `Allow administrators to override Device Installation Restriction policies` > **Enabled**.
+
+  - **Use an MDM provider**: In Endpoint Manager, you have the following options:
+
+    - [General settings in a device configuration profile](/mem/intune/configuration/device-restrictions-windows-10#general): See the **Removable storage** setting, and more settings you can manage.
+
+    - [Administrative templates](/mem/intune/configuration/administrative-templates-windows): These templates are the administrative templates used in on-premises Group Policy. Configure the following settings:
+
+      - `\System\Device Installation`: There are several policies you can manage, including restrictions in `\System\Device Installation\Device Installation Restrictions`.
+
+        To prevent this policy from affecting a member of the Administrators group, select `Allow administrators to override Device Installation Restriction policies` > **Enabled**.
+
+      When looking at settings, check the supported OS for each setting to make sure it applies.
+
+    - [Settings Catalog](/mem/intune/configuration/settings-catalog): This option lists all the settings you can configure, including the administrative templates used in on-premises Group Policy. Configure the following settings:
+
+      - `\Administrative Templates\System\Device Installation`: There are several policies you can manage, including restrictions in `\System\Device Installation\Device Installation Restrictions`. 
+
+        To prevent this policy from affecting a member of the Administrators group, select `Allow administrators to override Device Installation Restriction policies` > **Enabled**.
 
 ## Enable logging
 
@@ -89,7 +245,7 @@ You may also want to set up **automatic logon** for your kiosk device. When your
    - *DefaultPassword*: set value as the password for the account.
 
      > [!NOTE]
-     > If *DefaultUserName* and *DefaultPassword* aren't there, add them as **New** &gt; **String Value**.
+     > If *DefaultUserName* and *DefaultPassword* aren't there, add them as **New** > **String Value**.
 
    - *DefaultDomainName*: set value for domain, only for domain accounts. For local accounts, do not add this key.
 
diff --git a/windows/configuration/kiosk-single-app.md b/windows/configuration/kiosk-single-app.md
index fb1cd6eaee..8487537cc8 100644
--- a/windows/configuration/kiosk-single-app.md
+++ b/windows/configuration/kiosk-single-app.md
@@ -11,7 +11,6 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 author: greg-lindsay
 ms.localizationpriority: medium
-ms.date: 09/21/2021
 ms.topic: article
 ---
 
@@ -34,18 +33,38 @@ A single-app kiosk uses the Assigned Access feature to run a single app above th
 
 You have several options for configuring your single-app kiosk. 
 
-| Option | Description |
-| --- | --- |
-| [Locally, in Settings](#local) | The **Set up a kiosk** (previously named **Set up assigned access**) option in **Settings** is a quick and easy method to set up a single device as a kiosk for a local standard user account. <br><br>This option is supported on: <br>- Windows 10 Pro, Enterprise, and Education<br>- Windows 11 |
-| [PowerShell](#powershell) | You can use Windows PowerShell cmdlets to set up a single-app kiosk. First, you need to [create the user account](https://support.microsoft.com/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10) on the device and install the kiosk app for that account.<br><br>This option is supported on: <br>- Windows 10 Pro, Enterprise, and Education<br>- Windows 11 |
-| [The kiosk wizard in Windows Configuration Designer](#wizard) | Windows Configuration Designer is a tool that produces a *provisioning package*. A provisioning package includes configuration settings that can be applied to one or more devices during the first-run experience (OOBE), or after OOBE is done (runtime). Using the kiosk wizard, you can also create the kiosk user account, install the kiosk app, and configure more useful settings.<br><br>This option is supported on: <br>- Windows 10 Pro version 1709+, Enterprise, and Education<br>- Windows 11 |
-| [Microsoft Intune or other mobile device management (MDM) provider](#mdm) | For managed devices, you can use MDM to set up a kiosk configuration.<br><br>This option is supported on: <br>- Windows 10 Pro version 1709+, Enterprise, and Education<br>- Windows 11 |
+- [Locally, in Settings](#local):  The **Set up a kiosk** (previously named **Set up assigned access**) option in **Settings** is a quick and easy method to set up a single device as a kiosk for a local standard user account. 
 
->[!TIP]
->You can also configure a kiosk account and app for single-app kiosk within [XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) by using a [kiosk profile](lock-down-windows-10-to-specific-apps.md#profile).  
+  This option supports:
+
+  - Windows 10 Pro, Enterprise, and Education
+  - Windows 11
+
+- [PowerShell](#powershell): You can use Windows PowerShell cmdlets to set up a single-app kiosk. First, you need to [create the user account](https://support.microsoft.com/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10) on the device and install the kiosk app for that account.
+
+  This option supports:
+
+  - Windows 10 Pro, Enterprise, and Education
+  - Windows 11
+
+- [The kiosk wizard in Windows Configuration Designer](#wizard): Windows Configuration Designer is a tool that produces a *provisioning package*. A provisioning package includes configuration settings that can be applied to one or more devices during the first-run experience (OOBE), or after OOBE is done (runtime). Using the kiosk wizard, you can also create the kiosk user account, install the kiosk app, and configure more useful settings.
+
+  This option supports:
+
+  - Windows 10 Pro version 1709+, Enterprise, and Education
+  - Windows 11
+
+- [Microsoft Intune or other mobile device management (MDM) provider](#mdm): For devices managed by your organization, you can use MDM to set up a kiosk configuration.
+
+  This option supports:
+
+  - Windows 10 Pro version 1709+, Enterprise, and Education
+  - Windows 11
+
+> [!TIP]
+> You can also configure a kiosk account and app for single-app kiosk within [XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) by using a [kiosk profile](lock-down-windows-10-to-specific-apps.md#profile).  
 >
->Be sure to check the [configuration recommendations](kiosk-prepare.md) before you set up your kiosk.
-
+> Be sure to check the [configuration recommendations](kiosk-prepare.md) before you set up your kiosk.
 
 
 <span id="local"/>
@@ -66,9 +85,9 @@ You can use **Settings** to quickly configure one or a few devices as a kiosk.
 
 When your kiosk is a local device that isn't managed by Active Directory or Azure Active Directory, there is a default setting that enables automatic sign-in after a restart. That means that when the device restarts, the last signed-in user will be signed in automatically. If the last signed-in user is the kiosk account, the kiosk app will be launched automatically after the device restarts.
 
-- If you want the kiosk account to sign in automatically and the kiosk app launched when the device restarts, then you don't need to do anything.
+- If you want the kiosk account to sign in automatically, and the kiosk app launched when the device restarts, then you don't need to do anything.
 
-- If you don't want the kiosk account to sign in automatically when the device restarts, then you must change the default setting before you configure the device as a kiosk. Sign in with the account that you will assign as the kiosk account, go to **Settings** > **Accounts** > **Sign-in options**, and set the **Use my sign-in info to automatically finish setting up my device after an update or restart** setting to **Off**. After you change the setting, you can apply the kiosk configuration to the device.
+- If you don't want the kiosk account to sign in automatically when the device restarts, then you must change the default setting before you configure the device as a kiosk. Sign in with the account that you will assign as the kiosk account. Open the **Settings** app > **Accounts** > **Sign-in options**. Set the **Use my sign-in info to automatically finish setting up my device after an update or restart** setting to **Off**. After you change the setting, you can apply the kiosk configuration to the device.
 
   ![Screenshot of automatic sign-in setting.](images/auto-signin.png)
 
@@ -76,7 +95,7 @@ When your kiosk is a local device that isn't managed by Active Directory or Azur
 
 When you set up a kiosk (also known as *assigned access*) in **Settings** for Windows client, you create the kiosk user account at the same time. To set up assigned access in PC settings:
 
-1.  Go to **Start** &gt; **Settings** &gt; **Accounts** &gt; **Other users**.
+1.  Open the **Settings** app > **Accounts**. Select **Other users** or **Family and other users**.
 
 2.  Select **Set up a kiosk > Assigned access**, and then select **Get started**.
 
@@ -104,7 +123,7 @@ When you set up a kiosk (also known as *assigned access*) in **Settings** for Wi
 
 **To set up assigned access in PC settings**
 
-1.  Go to **Start** &gt; **Settings** &gt; **Accounts** &gt; **Other people**.
+1.  Go to **Start** > **Settings** > **Accounts** > **Other people**.
 
 2.  Select **Set up assigned access**.
 
@@ -209,7 +228,7 @@ When you use the **Provision kiosk devices** wizard in Windows Configuration Des
     If you want to enable network setup, select **Set up network**, and configure the following settings:
 
     - **Set up network**: To enable wireless connectivity, select **On**.
-    - **Network SSID**: Enter the Service Set IDentifier (SSID) of the network.
+    - **Network SSID**: Enter the Service Set Identifier (SSID) of the network.
     - **Network type**: Select **Open** or **WPA2-Personal**. If you select **WPA2-Personal**, enter the password for the wireless network.
 
 3. Enable account management:
@@ -282,7 +301,7 @@ When you use the **Provision kiosk devices** wizard in Windows Configuration Des
     - **Protect your package**: Select **Yes** to password protect your provisioning package. When you apply the provisioning package to a device, you must enter this password.
 
 >[!NOTE]
->If you want to use [the advanced editor in Windows Configuration Designer](provisioning-packages/provisioning-create-package.md#configure-settings), specify the user account and app (by AUMID) in **Runtime settings** &gt; **AssignedAccess** &gt; **AssignedAccessSettings**
+>If you want to use [the advanced editor in Windows Configuration Designer](provisioning-packages/provisioning-create-package.md#configure-settings), specify the user account and app (by AUMID) in **Runtime settings** > **AssignedAccess** > **AssignedAccessSettings**
 
 >[!IMPORTANT]
 >When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
@@ -296,7 +315,7 @@ When you use the **Provision kiosk devices** wizard in Windows Configuration Des
 >App type: 
 > - UWP
 >
->OS edition: 
+>OS: 
 > - Windows 10 Pro version 1709+, Ent, Edu
 > - Windows 11
 >

From 10f06e4ac30f346b3d0aaa59eff1f00f35cc49bc Mon Sep 17 00:00:00 2001
From: Ashok Lobo <v-ashoklobo@microsoft.com>
Date: Thu, 23 Sep 2021 22:14:07 +0530
Subject: [PATCH 582/671] Updated for task 5441135

---
 ...man-protocol-over-ikev2-vpn-connections.md | 11 ++++++-----
 ...n-on-sso-over-vpn-and-wi-fi-connections.md |  4 ++--
 .../vpn/vpn-authentication.md                 |  6 +++---
 .../vpn/vpn-auto-trigger-profile.md           | 14 +++++++-------
 .../vpn/vpn-conditional-access.md             |  9 +++++----
 .../vpn/vpn-connection-type.md                | 10 +++++-----
 .../identity-protection/vpn/vpn-guide.md      | 13 ++++++++-----
 .../vpn/vpn-name-resolution.md                |  6 +++---
 .../vpn/vpn-office-365-optimization.md        | 19 ++++++++++---------
 .../vpn/vpn-profile-options.md                | 10 +++++-----
 .../identity-protection/vpn/vpn-routing.md    |  6 +++---
 .../vpn/vpn-security-features.md              |  8 ++++----
 12 files changed, 61 insertions(+), 55 deletions(-)

diff --git a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
index bbb6ddc586..907bcfc24c 100644
--- a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
+++ b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
@@ -1,5 +1,5 @@
 ---
-title: How to configure Diffie Hellman protocol over IKEv2 VPN connections (Windows 10)
+title: How to configure Diffie Hellman protocol over IKEv2 VPN connections (Windows 10 and Windows 11)
 description: Learn how to update the Diffie Hellman configuration of VPN servers and clients by running VPN cmdlets to secure connections.
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -8,16 +8,17 @@ ms.pagetype: security, networking
 author: dansimp
 ms.author: dansimp
 ms.localizationpriority: medium
-ms.date: 02/08/2018
+ms.date: 09/23/2021
 ms.reviewer: 
 manager: dansimp
 ---
 
 # How to configure Diffie Hellman protocol over IKEv2 VPN connections
 
->Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows 10
+>Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows 10, Windows 11
+
+In IKEv2 VPN connections, the default configuration for Diffie Hellman group is Group 2, which is not secure for IKE exchanges.
 
-In IKEv2 VPN connections, the default configuration for Diffie Hellman group is Group 2, which is not secure for IKE exchanges. 
 To secure the connections, update the configuration of VPN servers and clients by running VPN cmdlets.
 
 ## VPN server
@@ -28,7 +29,7 @@ For VPN servers that run Windows Server 2012 R2 or later, you need to run [Set-V
 Set-VpnServerConfiguration -TunnelType IKEv2 -CustomPolicy
 ```
 
-On an earlier versions of Windows Server, run [Set-VpnServerIPsecConfiguration](/previous-versions/windows/powershell-scripting/hh918373(v=wps.620)). Since `Set-VpnServerIPsecConfiguration` doesn’t have `-TunnelType`, the configuration applies to all tunnel types on the server.
+On an earlier version of Windows Server, run [Set-VpnServerIPsecConfiguration](/previous-versions/windows/powershell-scripting/hh918373(v=wps.620)). Since `Set-VpnServerIPsecConfiguration` doesn’t have `-TunnelType`, the configuration applies to all tunnel types on the server.
 
 ```powershell
 Set-VpnServerIPsecConfiguration -CustomPolicy
diff --git a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
index 21c295bad1..510a5a9e76 100644
--- a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
+++ b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
@@ -1,12 +1,12 @@
 ---
-title: How to use Single Sign-On (SSO) over VPN and Wi-Fi connections (Windows 10)
+title: How to use Single Sign-On (SSO) over VPN and Wi-Fi connections (Windows 10 and Windows 11)
 description: Explains requirements to enable Single Sign-On (SSO) to on-premises domain resources over WiFi or VPN connections.
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/23/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
diff --git a/windows/security/identity-protection/vpn/vpn-authentication.md b/windows/security/identity-protection/vpn/vpn-authentication.md
index 2c0a581e8d..3bbf5138a7 100644
--- a/windows/security/identity-protection/vpn/vpn-authentication.md
+++ b/windows/security/identity-protection/vpn/vpn-authentication.md
@@ -1,5 +1,5 @@
 ---
-title: VPN authentication options (Windows 10)
+title: VPN authentication options (Windows 10 and Windows 11)
 description: Learn about the EAP authentication methods that Windows supports in VPNs to provide secure authentication using username/password and certificate-based methods.
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -7,7 +7,7 @@ ms.sitesec: library
 ms.pagetype: security, networking
 author: dansimp
 ms.localizationpriority: medium
-ms.date: 07/27/2017
+ms.date: 09/23/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -17,7 +17,7 @@ ms.author: dansimp
 
 **Applies to**
 -   Windows 10
--   Windows 10 Mobile
+-   Windows 11
 
 In addition to older and less-secure password-based authentication methods (which should be avoided), the built-in VPN solution uses Extensible Authentication Protocol (EAP) to provide secure authentication using both user name and password, and certificate-based methods. You can only configure EAP-based authentication if you select a built-in VPN type (IKEv2, L2TP, PPTP or Automatic).
 
diff --git a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md
index 44b05da541..d457659b18 100644
--- a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md
+++ b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md
@@ -1,13 +1,13 @@
 ---
-title: VPN auto-triggered profile options (Windows 10)
-description: Learn about the types of auto-trigger rules for VPNs in Windows 10, which start a VPN when it is needed to access a resource.
+title: VPN auto-triggered profile options (Windows 10 and Windows 11)
+description: Learn about the types of auto-trigger rules for VPNs in Windows, which start a VPN when it is needed to access a resource.
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, networking
 author: dansimp
 ms.localizationpriority: medium
-ms.date: 07/27/2017
+ms.date: 09/23/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -17,9 +17,9 @@ ms.author: dansimp
 
 **Applies to**
 -   Windows 10
--   Windows 10 Mobile
+-   Windows 11
 
-In Windows 10, a number of features were added to auto-trigger VPN so users won’t have to manually connect when VPN is needed to access necessary resources. There are three different types of auto-trigger rules: 
+In Windows 10 and Windows 11, a number of features were added to auto-trigger VPN so users won’t have to manually connect when VPN is needed to access necessary resources. There are three different types of auto-trigger rules: 
 
 - App trigger
 - Name-based trigger
@@ -31,7 +31,7 @@ In Windows 10, a number of features were added to auto-trigger VPN so users won
 
 ## App trigger
 
-VPN profiles in Windows 10 can be configured to connect automatically on the launch of a specified set of applications. You can configure desktop or Universal Windows Platform (UWP) apps to trigger a VPN connection. You can also configure per-app VPN and specify traffic rules for each app. See [Traffic filters](vpn-security-features.md#traffic-filters) for more details.
+VPN profiles in Windows 10 and Windows 11 can be configured to connect automatically on the launch of a specified set of applications. You can configure desktop or Universal Windows Platform (UWP) apps to trigger a VPN connection. You can also configure per-app VPN and specify traffic rules for each app. See [Traffic filters](vpn-security-features.md#traffic-filters) for more details.
 
 The app identifier for a desktop app is a file path. The app identifier for a UWP app is a package family name.
 
@@ -54,7 +54,7 @@ There are four types of name-based triggers:
 
 ## Always On
 
-Always On is a feature in Windows 10 which enables the active VPN profile to connect automatically on the following triggers: 
+Always On is a feature in Windows 10 and Windows 11 which enables the active VPN profile to connect automatically on the following triggers: 
 
 - User sign-in 
 - Network change 
diff --git a/windows/security/identity-protection/vpn/vpn-conditional-access.md b/windows/security/identity-protection/vpn/vpn-conditional-access.md
index 66baa88e46..068d41d1a5 100644
--- a/windows/security/identity-protection/vpn/vpn-conditional-access.md
+++ b/windows/security/identity-protection/vpn/vpn-conditional-access.md
@@ -1,5 +1,5 @@
 ---
-title: VPN and conditional access (Windows 10)
+title: VPN and conditional access (Windows 10 and Windows 11)
 description: Learn how to integrate the VPN client with the Conditional Access Platform, so you can create access rules for Azure Active Directory (Azure AD) connected apps.
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -10,12 +10,12 @@ ms.author: dansimp
 manager: dansimp
 ms.reviewer: 
 ms.localizationpriority: medium
-ms.date: 03/21/2019
+ms.date: 09/23/2021
 ---
 
 # VPN and conditional access
 
->Applies to: Windows 10 and Windows 10 Mobile
+>Applies to: Windows 10 and Windows 11
 
 The VPN client is now able to integrate with the cloud-based Conditional Access Platform to provide a device compliance option for remote clients. Conditional Access is a policy-based evaluation engine that lets you create access rules for any Azure Active Directory (Azure AD) connected application.  
 
@@ -91,7 +91,7 @@ The VPN client side connection flow works as follows:
  
 When a VPNv2 Profile is configured with \<DeviceCompliance> \<Enabled>true<\/Enabled> the VPN client uses this connection flow:
 
-1.	 The VPN client calls into Windows 10’s Azure AD Token Broker, identifying itself as a VPN client.
+1.	 The VPN client calls into Windows 10’s or Windows 11’s Azure AD Token Broker, identifying itself as a VPN client.
 
 2.	 The Azure AD Token Broker authenticates to Azure AD and provides it with information about the device trying to connect. The Azure AD Server checks if the device is in compliance with the policies.
 
@@ -110,6 +110,7 @@ See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](/windows/clien
 - [Azure Active Directory conditional access](/azure/active-directory/conditional-access/overview)
 - [Getting started with Azure Active Directory Conditional Access](/azure/active-directory/authentication/tutorial-enable-azure-mfa)
 - [Control the health of Windows 10-based devices](../../threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md)
+- Control the health of Windows 11-based devices
 - [Tip of the Day: The Conditional Access Framework and Device Compliance for VPN (Part 1)](/archive/blogs/tip_of_the_day/tip-of-the-day-the-conditional-access-framework-and-device-compliance-for-vpn)
 - [Tip of the Day: The Conditional Access Framework and Device Compliance for VPN (Part 2)](/archive/blogs/tip_of_the_day/tip-of-the-day-the-conditional-access-framework-and-device-compliance-for-vpn-part-2)
 - [Tip of the Day: The Conditional Access Framework and Device Compliance for VPN (Part 3)](/archive/blogs/tip_of_the_day/tip-of-the-day-the-conditional-access-framework-and-device-compliance-for-vpn-part-3)
diff --git a/windows/security/identity-protection/vpn/vpn-connection-type.md b/windows/security/identity-protection/vpn/vpn-connection-type.md
index 465f79924f..90b1a56b41 100644
--- a/windows/security/identity-protection/vpn/vpn-connection-type.md
+++ b/windows/security/identity-protection/vpn/vpn-connection-type.md
@@ -1,5 +1,5 @@
 ---
-title: VPN connection types (Windows 10)
+title: VPN connection types (Windows 10 and Windows 11)
 description: Learn about Windows VPN platform clients and the VPN connection-type features that can be configured.
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -7,7 +7,7 @@ ms.sitesec: library
 ms.pagetype: security, networking
 author: dansimp
 ms.localizationpriority: medium
-ms.date: 11/13/2020
+ms.date: 08/23/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -17,11 +17,11 @@ ms.author: dansimp
 
 **Applies to**
 -   Windows 10
--   Windows 10 Mobile
+-   Windows 11
 
 Virtual private networks (VPNs) are point-to-point connections across a private or public network, such as the Internet. A VPN client uses special TCP/IP or UDP-based protocols, called *tunneling protocols*, to make a virtual call to a virtual port on a VPN server. In a typical VPN deployment, a client initiates a virtual point-to-point connection to a remote access server over the Internet. The remote access server answers the call, authenticates the caller, and transfers data between the VPN client and the organization’s private network.
 
-There are many options for VPN clients. In Windows 10, the built-in plug-in and the Universal Windows Platform (UWP) VPN plug-in platform are built on top of the Windows VPN platform. This guide focuses on the Windows VPN platform clients and the features that can be configured. 
+There are many options for VPN clients. In Windows 10 and Windows 11, the built-in plug-in and the Universal Windows Platform (UWP) VPN plug-in platform are built on top of the Windows VPN platform. This guide focuses on the Windows VPN platform clients and the features that can be configured. 
 
 ![VPN connection types.](images/vpn-connection.png)
 
@@ -56,7 +56,7 @@ There are many options for VPN clients. In Windows 10, the built-in plug-in and
  
 ## Universal Windows Platform VPN plug-in
 
-The Universal Windows Platform (UWP) VPN plug-ins were introduced in Windows 10, although there were originally separate versions available for the Windows 8.1 Mobile and Windows 8.1 PC platforms. Using the UWP platform, third-party VPN providers can create app-containerized plug-ins using WinRT APIs, eliminating the complexity and problems often associated with writing to system-level drivers.  
+The Universal Windows Platform (UWP) VPN plug-ins were introduced in Windows 10 and Windows 11, although there were originally separate versions available for the Windows 8.1 Mobile and Windows 8.1 PC platforms. Using the UWP platform, third-party VPN providers can create app-containerized plug-ins using WinRT APIs, eliminating the complexity and problems often associated with writing to system-level drivers.  
 
 There are a number of Universal Windows Platform VPN applications, such as Pulse Secure, Cisco AnyConnect, F5 Access, Sonicwall Mobile Connect, and Check Point Capsule. If you want to use a UWP VPN plug-in, work with your vendor for any custom settings needed to configure your VPN solution.
 
diff --git a/windows/security/identity-protection/vpn/vpn-guide.md b/windows/security/identity-protection/vpn/vpn-guide.md
index 51eda0028d..0f5115c791 100644
--- a/windows/security/identity-protection/vpn/vpn-guide.md
+++ b/windows/security/identity-protection/vpn/vpn-guide.md
@@ -1,28 +1,31 @@
 ---
-title: Windows 10 VPN technical guide (Windows 10)
-description: Learn about decisions to make for Windows 10 clients in your enterprise VPN solution and how to configure your deployment.
+title: Windows VPN technical guide (Windows 10 and Windows 11)
+description: Learn about decisions to make for Windows 10 and Windows 11 clients in your enterprise VPN solution and how to configure your deployment.
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: dansimp
 ms.localizationpriority: medium
-ms.date: 11/13/2020
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
 ---
 
-# Windows 10 VPN technical guide
+# Windows VPN technical guide
 
 
 **Applies to**
 
 - Windows 10
+- Windows 11
 
-This guide will walk you through the decisions you will make for Windows 10 clients in your enterprise VPN solution and how to configure your deployment. This guide references the [VPNv2 Configuration Service Provider (CSP)](/windows/client-management/mdm/vpnv2-csp) and provides mobile device management (MDM) configuration instructions using Microsoft Intune and the VPN Profile template for Windows 10.
+This guide will walk you through the decisions you will make for Windows 10 and Windows 11 clients in your enterprise VPN solution and how to configure your deployment. This guide references the [VPNv2 Configuration Service Provider (CSP)](/windows/client-management/mdm/vpnv2-csp) and provides mobile device management (MDM) configuration instructions using Microsoft Intune and the VPN Profile template for Windows 10 and Windows 11.
 
 To create a Windows 10 VPN device configuration profile see: [Windows 10 and Windows Holographic device settings to add VPN connections using Intune](/mem/intune/configuration/vpn-settings-windows-10).
 
+To create a Windows 11 VPN device configuration profile see:
+
 > [!NOTE]
 > This guide does not explain server deployment.
 
diff --git a/windows/security/identity-protection/vpn/vpn-name-resolution.md b/windows/security/identity-protection/vpn/vpn-name-resolution.md
index 70cec8d554..a61584597c 100644
--- a/windows/security/identity-protection/vpn/vpn-name-resolution.md
+++ b/windows/security/identity-protection/vpn/vpn-name-resolution.md
@@ -1,5 +1,5 @@
 ---
-title: VPN name resolution (Windows 10)
+title: VPN name resolution (Windows 10 and Windows 11)
 description: Learn how the name resolution setting in the VPN profile configures how name resolution works when a VPN client connects to a VPN server.
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -7,7 +7,7 @@ ms.sitesec: library
 ms.pagetype: security, networking
 author: dansimp
 ms.localizationpriority: medium
-ms.date: 07/27/2017
+ms.date: 09/23/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -17,7 +17,7 @@ ms.author: dansimp
 
 **Applies to**
 -   Windows 10
--   Windows 10 Mobile
+-   Windows 11
 
 When the VPN client connects to the VPN server, the VPN client receives the client IP address. The client may also receive the IP address of the Domain Name System (DNS) server and the IP address of the Windows Internet Name Service (WINS) server.
 
diff --git a/windows/security/identity-protection/vpn/vpn-office-365-optimization.md b/windows/security/identity-protection/vpn/vpn-office-365-optimization.md
index 5c4221a574..562a872615 100644
--- a/windows/security/identity-protection/vpn/vpn-office-365-optimization.md
+++ b/windows/security/identity-protection/vpn/vpn-office-365-optimization.md
@@ -1,5 +1,5 @@
 ---
-title: Optimizing Office 365 traffic for remote workers with the native Windows 10 VPN client
+title: Optimizing Office 365 traffic for remote workers with the native Windows 10 or Windows 11 VPN client
 description: tbd
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -9,20 +9,20 @@ audience: ITPro
 ms.topic: article
 author: kelleyvice-msft
 ms.localizationpriority: medium
-ms.date: 04/07/2020
+ms.date: 09/23/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: jajo
 ---
 
-# Optimizing Office 365 traffic for remote workers with the native Windows 10 VPN client
+# Optimizing Office 365 traffic for remote workers with the native Windows 10 and Windows 11 VPN client
 
-This article describes how to configure the recommendations in the article [Optimize Office 365 connectivity for remote users using VPN split tunneling](/office365/enterprise/office-365-vpn-split-tunnel) for the *native Windows 10 VPN client*. This guidance enables VPN administrators to optimize Office 365 usage while still ensuring that all other traffic goes over the VPN connection and through existing security gateways and tooling.
+This article describes how to configure the recommendations in the article [Optimize Office 365 connectivity for remote users using VPN split tunneling](/office365/enterprise/office-365-vpn-split-tunnel) for the *native Windows 10 and Windows 11 VPN client*. This guidance enables VPN administrators to optimize Office 365 usage while still ensuring that all other traffic goes over the VPN connection and through existing security gateways and tooling.
 
-This can be achieved for the native/built-in Windows 10 VPN client using a _Force Tunneling with Exclusions_ approach. This allows you to define IP-based exclusions *even when using force tunneling* in order to "split" certain traffic to use the physical interface while still forcing all other traffic via the VPN interface. Traffic addressed to specifically defined destinations (like those listed in the Office 365 optimize categories) will therefore follow a much more direct and efficient path, without the need to traverse or "hairpin" via the VPN tunnel and back out of the corporate network. For cloud-services like Office 365, this makes a huge difference in performance and usability for remote users.
+This can be achieved for the native/built-in Windows 10 and Windows 11 VPN client using a _Force Tunneling with Exclusions_ approach. This allows you to define IP-based exclusions *even when using force tunneling* in order to "split" certain traffic to use the physical interface while still forcing all other traffic via the VPN interface. Traffic addressed to specifically defined destinations (like those listed in the Office 365 optimize categories) will therefore follow a much more direct and efficient path, without the need to traverse or "hairpin" via the VPN tunnel and back out of the corporate network. For cloud-services like Office 365, this makes a huge difference in performance and usability for remote users.
 
 > [!NOTE]
-> The term _force tunneling with exclusions_ is sometimes confusingly called "split tunnels" by other vendors and in some online documentation. For Windows 10 VPN, the term _split tunneling_ is defined differently as described in the article [VPN routing decisions](./vpn-routing.md#split-tunnel-configuration).
+> The term _force tunneling with exclusions_ is sometimes confusingly called "split tunnels" by other vendors and in some online documentation. For Windows 10 and Windows 11 VPN, the term _split tunneling_ is defined differently as described in the article [VPN routing decisions](./vpn-routing.md#split-tunnel-configuration).
 
 ## Solution Overview
 
@@ -30,7 +30,7 @@ The solution is based upon the use of a VPN Configuration Service Provider Refer
 
 Typically, these VPN profiles are distributed using a Mobile Device Management solution like Intune, as described in [VPN profile options](./vpn-profile-options.md#apply-profilexml-using-intune) and [Configure the VPN client by using Intune](/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/vpn-deploy-client-vpn-connections#configure-the-vpn-client-by-using-intune).
 
-To enable the use of force tunneling in Windows 10 VPN, the `<RoutingPolicyType>` setting is typically configured with a value of _ForceTunnel_ in your existing Profile XML (or script) by way of the following entry, under the `<NativeProfile></NativeProfile>` section:
+To enable the use of force tunneling in Windows 10 or Windows 11 VPN, the `<RoutingPolicyType>` setting is typically configured with a value of _ForceTunnel_ in your existing Profile XML (or script) by way of the following entry, under the `<NativeProfile></NativeProfile>` section:
 
 ```xml
 <RoutingPolicyType>ForceTunnel</RoutingPolicyType>
@@ -90,13 +90,13 @@ An example of a PowerShell script that can be used to update a force tunnel VPN
 
 <#
 .SYNOPSIS
-    Applies or updates recommended Office 365 optimize IP address exclusions to an existing force tunnel Windows 10 VPN profile
+    Applies or updates recommended Office 365 optimize IP address exclusions to an existing force tunnel Windows 10 and Windows 11 VPN profile
 .DESCRIPTION
     Connects to the Office 365 worldwide commercial service instance endpoints to obtain the latest published IP address ranges
     Compares the optimized IP addresses with those contained in the supplied VPN Profile (PowerShell or XML file)
     Adds or updates IP addresses as necessary and saves the resultant file with "-NEW" appended to the file name
 .PARAMETERS
-    Filename and path for a supplied Windows 10 VPN profile file in either PowerShell or XML format
+    Filename and path for a supplied Windows 10 or Windows 11 VPN profile file in either PowerShell or XML format
 .NOTES
     Requires at least Windows 10 Version 1803 with KB4493437, 1809 with KB4490481, or later
 .VERSION
@@ -430,6 +430,7 @@ if ($VPNprofilefile -ne "" -and $FileExtension -eq ".xml")
 
 This solution is supported with the following versions of Windows:
 
+- Windows 11
 - Windows 10 1903/1909 and newer: Included, no action needed
 - Windows 10 1809: At least [KB4490481](https://support.microsoft.com/help/4490481/windows-10-update-kb4490481)
 - Windows 10 1803: At least [KB4493437](https://support.microsoft.com/help/4493437/windows-10-update-kb4493437)
diff --git a/windows/security/identity-protection/vpn/vpn-profile-options.md b/windows/security/identity-protection/vpn/vpn-profile-options.md
index 96eae8c6ac..5e9b0572db 100644
--- a/windows/security/identity-protection/vpn/vpn-profile-options.md
+++ b/windows/security/identity-protection/vpn/vpn-profile-options.md
@@ -1,6 +1,6 @@
 ---
-title: VPN profile options (Windows 10)
-description: Windows 10 adds Virtual Private Network (VPN) profile options to help manage how users connect. VPNs give users secure remote access to the company network.
+title: VPN profile options (Windows 10 and Windows 11)
+description: Windows adds Virtual Private Network (VPN) profile options to help manage how users connect. VPNs give users secure remote access to the company network.
 ms.assetid: E3F99DF9-863D-4E28-BAED-5C1B1B913523
 ms.reviewer: 
 manager: dansimp
@@ -18,9 +18,9 @@ ms.date: 05/17/2018
 
 **Applies to**
 -   Windows 10
--   Windows 10 Mobile
+-   Windows 11
 
-Most of the VPN settings in Windows 10 can be configured in VPN profiles using Microsoft Intune or Microsoft Endpoint Configuration Manager. All VPN settings in Windows 10 can be configured using the **ProfileXML** node in the [VPNv2 configuration service provider (CSP)](/windows/client-management/mdm/vpnv2-csp). 
+Most of the VPN settings in Windows 10 and Windows 11 can be configured in VPN profiles using Microsoft Intune or Microsoft Endpoint Configuration Manager. All VPN settings in Windows 10 and Windows 11 can be configured using the **ProfileXML** node in the [VPNv2 configuration service provider (CSP)](/windows/client-management/mdm/vpnv2-csp). 
 
 >[!NOTE]
 >If you're not familiar with CSPs, read [Introduction to configuration service providers (CSPs)](/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers) first.
@@ -299,7 +299,7 @@ The following is a sample plug-in VPN profile. This blob would fall under the Pr
 
 ## Apply ProfileXML using Intune
 
-After you configure the settings that you want using ProfileXML, you can apply it using Intune and a **Custom Configuration (Windows 10 Desktop and Mobile and later)** policy.
+After you configure the settings that you want using ProfileXML, you can apply it using Intune and a **Custom Configuration (Windows 10 or Windows 11 Desktop and Mobile and later)** policy.
 
 1. Sign into the [Azure portal](https://portal.azure.com).
 2. Go to **Intune** > **Device Configuration** > **Profiles**.
diff --git a/windows/security/identity-protection/vpn/vpn-routing.md b/windows/security/identity-protection/vpn/vpn-routing.md
index ea0cb1c3ae..5c2b3d00e1 100644
--- a/windows/security/identity-protection/vpn/vpn-routing.md
+++ b/windows/security/identity-protection/vpn/vpn-routing.md
@@ -1,5 +1,5 @@
 ---
-title: VPN routing decisions (Windows 10)
+title: VPN routing decisions (Windows 10 and Windows 10)
 description: Learn about approaches that either send all data through a VPN or only selected data. The one you choose impacts capacity planning and security expectations.
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -7,7 +7,7 @@ ms.sitesec: library
 ms.pagetype: security, networking
 author: dansimp
 ms.localizationpriority: medium
-ms.date: 07/27/2017
+ms.date: 09/23/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -17,7 +17,7 @@ ms.author: dansimp
 
 **Applies to**
 -   Windows 10
--   Windows 10 Mobile
+-   Windows 11
 
 Network routes are required for the stack to understand which interface to use for outbound traffic. One of the most important decision points for VPN configuration is whether you want to send all the data through VPN (*force tunnel*) or only some data through the VPN (*split tunnel*). This decision impacts the configuration and the capacity planning, as well as security expectations from the connection. 
 
diff --git a/windows/security/identity-protection/vpn/vpn-security-features.md b/windows/security/identity-protection/vpn/vpn-security-features.md
index c84ab32cb0..88d9c1dfba 100644
--- a/windows/security/identity-protection/vpn/vpn-security-features.md
+++ b/windows/security/identity-protection/vpn/vpn-security-features.md
@@ -1,5 +1,5 @@
 ---
-title: VPN security features (Windows 10)
+title: VPN security features (Windows 10 and Windows 11)
 description: Learn about security features for VPN, including LockDown VPN, Windows Information Protection integration with VPN, and traffic filters.
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -7,7 +7,7 @@ ms.sitesec: library
 ms.pagetype: security, networking
 author: dansimp
 ms.localizationpriority: medium
-ms.date: 07/27/2017
+ms.date: 09/03/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -17,14 +17,14 @@ ms.author: dansimp
 
 **Applies to**
 - Windows 10
-- Windows 10 Mobile
+- Windows 11
 
 
 ## Windows Information Protection (WIP) integration with VPN
 
 Windows Information Protection provides capabilities allowing the separation and protection of enterprise data against disclosure across both company and personally owned devices, without requiring additional changes to the environments or the apps themselves. Additionally, when used with Rights Management Services (RMS), WIP can help to protect enterprise data locally.
 
-The **EdpModeId** node in the [VPNv2 Configuration Service Provider (CSP)](/windows/client-management/mdm/vpnv2-csp) allows a Windows 10 VPN client to integrate with WIP, extending its functionality to remote devices. Use case scenarios for WIP include:
+The **EdpModeId** node in the [VPNv2 Configuration Service Provider (CSP)](/windows/client-management/mdm/vpnv2-csp) allows a Windows 10 or Windows 11 VPN client to integrate with WIP, extending its functionality to remote devices. Use case scenarios for WIP include:
 
 - Core functionality: File encryption and file access blocking
 - UX policy enforcement: Restricting copy/paste, drag/drop, and sharing operations

From 318286a8d2b6f8f6ceee2c96abc0b424b59f7fbe Mon Sep 17 00:00:00 2001
From: Alice-at-Microsoft
 <79878795+Alice-at-Microsoft@users.noreply.github.com>
Date: Tue, 21 Sep 2021 11:27:30 -0700
Subject: [PATCH 583/671] Update deployment-service-overview.md

Group Policy info, links to Intune
---
 .../update/deployment-service-overview.md         | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/windows/deployment/update/deployment-service-overview.md b/windows/deployment/update/deployment-service-overview.md
index 63c9c6aa24..546749d1dd 100644
--- a/windows/deployment/update/deployment-service-overview.md
+++ b/windows/deployment/update/deployment-service-overview.md
@@ -81,7 +81,7 @@ To use the deployment service, you use a management tool built on the platform,
 
 ### Using Microsoft Endpoint Manager
 
-Microsoft Endpoint Manager integrates with the deployment service to provide Windows client update management capabilities. For more information, see [Windows 10 feature updates policy in Intune](/mem/intune/protect/windows-10-feature-updates).
+Microsoft Endpoint Manager integrates with the deployment service to provide Windows client update management capabilities. For more information, see [Feature updates for Windows 10 and later policy in Intune](/mem/intune/protect/windows-10-feature-updates).
 
 ### Scripting common actions using PowerShell
 
@@ -115,7 +115,7 @@ You should continue to use deployment rings as part of the servicing strategy fo
 
 ### Monitoring deployments to detect rollback issues
 
-During a feature update deployment, driver combinations can sometimes result in an unexpected update failure that makes the device revert to the previously installed operating system version. The deployment service can monitor devices for such issues and automatically pause deployments when this happens, giving you time to detect and mitigate issues.
+During deployments of Windows 11 or Windows 10 feature updates, driver combinations can sometimes result in an unexpected update failure that makes the device revert to the previously installed operating system version. The deployment service can monitor devices for such issues and automatically pause deployments when this happens, giving you time to detect and mitigate issues.
 
 
 ### How to enable deployment protections
@@ -124,21 +124,16 @@ Deployment scheduling controls are always available, but to take advantage of th
 
 #### Device prerequisites
 
-> [!NOTE]
-> Deployment protections are currently in preview and available if you're using Update Compliance. If you set these policies on a a device that isn't enrolled in Update Compliance, there is no effect.
-
 - Diagnostic data is set to *Required* or *Optional*.
 - The **AllowWUfBCloudProcessing** policy is set to **8**.
 
 #### Set the **AllowWUfBCloudProcessing** policy
 
-To enroll devices in Windows Update for Business cloud processing, set the **AllowWUfBCloudProcessing** policy using mobile device management (MDM) policy.
-
-> [!NOTE]
-> Setting this policy by using Group Policy isn't currently supported.
+To enroll devices in Windows Update for Business cloud processing, set the **AllowWUfBCloudProcessing** policy using mobile device management (MDM) policy or Group Policy.
 
 | Policy                                                                                                       | Sets registry key under **HKLM\\Software**                                |
 |--------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------|
+| GPO for Windows 10, version 1809 or later: Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > **Allow WUfB Cloud Processing** | \\Policies\\Microsoft\\Windows\\DataCollection\\AllowWUfBCloudProcessing |
 | MDM for Windows 10, version 1809 or later: ../Vendor/MSFT/ Policy/Config/System/**AllowWUfBCloudProcessing** | \\Microsoft\\PolicyManager\\default\\System\\AllowWUfBCloudProcessing |
 
 Following is an example of setting the policy using Microsoft Endpoint Manager:
@@ -184,5 +179,5 @@ Avoid using different channels to manage the same resources. If you use Microsof
 
 To learn more about the deployment service, try the following:
 
-- [Windows 10 feature updates policy in Intune](/mem/intune/protect/windows-10-feature-updates)
+- [Feature updates for Windows 10 and later policy in Intune](/mem/intune/protect/windows-10-feature-updates)
 - [Windows updates API overview in Microsoft Graph](/graph/windowsupdates-concept-overview)

From bc278d95fcb81200e59e50e3c841054687bb8911 Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Thu, 23 Sep 2021 13:40:41 -0400
Subject: [PATCH 584/671] Added ms.reviewer

---
 .../find-the-application-user-model-id-of-an-installed-app.md  | 2 +-
 windows/configuration/guidelines-for-assigned-access-app.md    | 3 +--
 windows/configuration/kiosk-additional-reference.md            | 2 +-
 windows/configuration/kiosk-mdm-bridge.md                      | 3 +--
 windows/configuration/kiosk-methods.md                         | 2 +-
 windows/configuration/kiosk-policies.md                        | 3 +--
 windows/configuration/kiosk-prepare.md                         | 2 +-
 windows/configuration/kiosk-shelllauncher.md                   | 2 +-
 windows/configuration/kiosk-single-app.md                      | 2 +-
 windows/configuration/kiosk-troubleshoot.md                    | 2 +-
 windows/configuration/kiosk-validate.md                        | 3 +--
 windows/configuration/kiosk-xml.md                             | 3 +--
 windows/configuration/lock-down-windows-10-applocker.md        | 2 +-
 windows/configuration/lock-down-windows-10-to-specific-apps.md | 2 +-
 windows/configuration/set-up-shared-or-guest-pc.md             | 2 +-
 windows/configuration/setup-digital-signage.md                 | 2 +-
 16 files changed, 16 insertions(+), 21 deletions(-)

diff --git a/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md b/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md
index f5540c6ddd..6d4c284574 100644
--- a/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md
+++ b/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md
@@ -1,6 +1,6 @@
 ---
 title: Find the Application User Model ID of an installed app
-ms.reviewer: 
+ms.reviewer: sybruckm
 manager: dansimp
 description: To configure assigned access (kiosk mode), you need the Application User Model ID (AUMID) of apps installed on a device. 
 author: greg-lindsay
diff --git a/windows/configuration/guidelines-for-assigned-access-app.md b/windows/configuration/guidelines-for-assigned-access-app.md
index 78f688c2a8..5a019e0862 100644
--- a/windows/configuration/guidelines-for-assigned-access-app.md
+++ b/windows/configuration/guidelines-for-assigned-access-app.md
@@ -9,8 +9,7 @@ author: greg-lindsay
 ms.localizationpriority: medium
 ms.author: greglin
 ms.topic: article
-ms.date: 10/02/2018
-ms.reviewer: 
+ms.reviewer: sybruckm
 manager: dansimp
 ---
 
diff --git a/windows/configuration/kiosk-additional-reference.md b/windows/configuration/kiosk-additional-reference.md
index 62e069a572..c772c6f064 100644
--- a/windows/configuration/kiosk-additional-reference.md
+++ b/windows/configuration/kiosk-additional-reference.md
@@ -2,7 +2,7 @@
 title: More kiosk methods and reference information (Windows 10/11)
 description: Find more information for configuring, validating, and troubleshooting kiosk configuration.
 ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
-ms.reviewer: 
+ms.reviewer: sybruckm
 manager: dansimp
 ms.author: greglin
 keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"]
diff --git a/windows/configuration/kiosk-mdm-bridge.md b/windows/configuration/kiosk-mdm-bridge.md
index 85ad833603..ec7e635617 100644
--- a/windows/configuration/kiosk-mdm-bridge.md
+++ b/windows/configuration/kiosk-mdm-bridge.md
@@ -2,7 +2,7 @@
 title: Use MDM Bridge WMI Provider to create a Windows 10/11 kiosk (Windows 10/11)
 description: Environments that use Windows Management Instrumentation (WMI) can use the MDM Bridge WMI Provider to configure the MDM_AssignedAccess class.
 ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
-ms.reviewer: 
+ms.reviewer: sybruckm
 manager: dansimp
 ms.author: greglin
 keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"]
@@ -11,7 +11,6 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 author: greg-lindsay
 ms.localizationpriority: medium
-ms.date: 11/07/2018
 ms.topic: article
 ---
 
diff --git a/windows/configuration/kiosk-methods.md b/windows/configuration/kiosk-methods.md
index 6688c3e6e4..0c36aa0d52 100644
--- a/windows/configuration/kiosk-methods.md
+++ b/windows/configuration/kiosk-methods.md
@@ -1,6 +1,6 @@
 ---
 title: Configure kiosks and digital signs on Windows 10/11 desktop editions
-ms.reviewer: 
+ms.reviewer: sybruckm
 manager: dansimp
 ms.author: greglin
 description: In this article, learn about the methods for configuring kiosks and digital signs on Windows 10 or Windows 11 desktop editions.
diff --git a/windows/configuration/kiosk-policies.md b/windows/configuration/kiosk-policies.md
index df85323213..67ac26aee2 100644
--- a/windows/configuration/kiosk-policies.md
+++ b/windows/configuration/kiosk-policies.md
@@ -2,7 +2,7 @@
 title: Policies enforced on kiosk devices (Windows 10/11)
 description: Learn about the policies enforced on a device when you configure it as a kiosk.
 ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
-ms.reviewer: 
+ms.reviewer: sybruckm
 manager: dansimp
 keywords: ["lockdown", "app restrictions", "applocker"]
 ms.prod: w10
@@ -11,7 +11,6 @@ ms.sitesec: library
 ms.pagetype: edu, security
 author: greg-lindsay
 ms.localizationpriority: medium
-ms.date: 07/30/2018
 ms.author: greglin
 ms.topic: article
 ---
diff --git a/windows/configuration/kiosk-prepare.md b/windows/configuration/kiosk-prepare.md
index 34a2fc97a4..5eef3d900c 100644
--- a/windows/configuration/kiosk-prepare.md
+++ b/windows/configuration/kiosk-prepare.md
@@ -2,7 +2,7 @@
 title: Prepare a device for kiosk configuration on Windows 10/11 | Microsoft Docs
 description: Learn how to prepare a device for kiosk configuration. Also, learn about the recommended kiosk configuration changes.
 ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
-ms.reviewer: 
+ms.reviewer: sybruckm
 manager: dansimp
 ms.author: greglin
 keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"]
diff --git a/windows/configuration/kiosk-shelllauncher.md b/windows/configuration/kiosk-shelllauncher.md
index a9119c35f2..954ec4d664 100644
--- a/windows/configuration/kiosk-shelllauncher.md
+++ b/windows/configuration/kiosk-shelllauncher.md
@@ -2,7 +2,7 @@
 title: Use Shell Launcher to create a Windows 10/11 kiosk (Windows 10/11)
 description: Shell Launcher lets you change the default shell that launches when a user signs in to a device.
 ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
-ms.reviewer: 
+ms.reviewer: sybruckm
 manager: dansimp
 ms.author: greglin
 keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"]
diff --git a/windows/configuration/kiosk-single-app.md b/windows/configuration/kiosk-single-app.md
index 8487537cc8..3a71008734 100644
--- a/windows/configuration/kiosk-single-app.md
+++ b/windows/configuration/kiosk-single-app.md
@@ -2,7 +2,7 @@
 title: Set up a single-app kiosk on Windows 10/11
 description: A single-use device is easy to set up in Windows 10 and Windows 11 for desktop editions (Pro, Enterprise, and Education).
 ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
-ms.reviewer: 
+ms.reviewer: sybruckm
 manager: dansimp
 ms.author: greglin
 keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"]
diff --git a/windows/configuration/kiosk-troubleshoot.md b/windows/configuration/kiosk-troubleshoot.md
index b271f00d82..83bba68ec0 100644
--- a/windows/configuration/kiosk-troubleshoot.md
+++ b/windows/configuration/kiosk-troubleshoot.md
@@ -2,7 +2,7 @@
 title: Troubleshoot kiosk mode issues (Windows 10/11)
 description: Learn how to troubleshoot single-app and multi-app kiosk configurations, as well as common problems like sign-in issues.
 ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
-ms.reviewer: 
+ms.reviewer: sybruckm
 manager: dansimp
 keywords: ["lockdown", "app restrictions"]
 ms.prod: w10
diff --git a/windows/configuration/kiosk-validate.md b/windows/configuration/kiosk-validate.md
index ca90b1212e..a43d130016 100644
--- a/windows/configuration/kiosk-validate.md
+++ b/windows/configuration/kiosk-validate.md
@@ -2,7 +2,7 @@
 title: Validate kiosk configuration (Windows 10/11)
 description: In this article, learn what to expect on a multi-app kiosk in Windows 10/11 Pro, Enterprise, and Education.
 ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
-ms.reviewer: 
+ms.reviewer: sybruckm
 manager: dansimp
 ms.author: greglin
 keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"]
@@ -11,7 +11,6 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 author: greg-lindsay
 ms.localizationpriority: medium
-ms.date: 07/30/2018
 ms.topic: article
 ---
 
diff --git a/windows/configuration/kiosk-xml.md b/windows/configuration/kiosk-xml.md
index a8544cb71f..372752eb5e 100644
--- a/windows/configuration/kiosk-xml.md
+++ b/windows/configuration/kiosk-xml.md
@@ -2,7 +2,7 @@
 title: Assigned Access configuration kiosk XML reference (Windows 10/11)
 description: Learn about the assigned access configuration (kiosk) for XML and XSD for kiosk device configuration in Windows 10/11.
 ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
-ms.reviewer: 
+ms.reviewer: sybruckm
 manager: dansimp
 keywords: ["lockdown", "app restrictions", "applocker"]
 ms.prod: w10
@@ -11,7 +11,6 @@ ms.sitesec: library
 ms.pagetype: edu, security
 author: greg-lindsay
 ms.localizationpriority: medium
-ms.date: 10/02/2018
 ms.author: greglin
 ms.topic: article
 ---
diff --git a/windows/configuration/lock-down-windows-10-applocker.md b/windows/configuration/lock-down-windows-10-applocker.md
index 5c2cfa795b..defdcf5b6c 100644
--- a/windows/configuration/lock-down-windows-10-applocker.md
+++ b/windows/configuration/lock-down-windows-10-applocker.md
@@ -2,7 +2,7 @@
 title: Use AppLocker to create a Windows 10 kiosk that runs multiple apps (Windows 10)
 description: Learn how to use AppLocker to configure a kiosk device running Windows 10 Enterprise or Windows 10 Education so that users can only run a few specific apps.
 ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
-ms.reviewer: 
+ms.reviewer: sybruckm
 manager: dansimp
 keywords: ["lockdown", "app restrictions", "applocker"]
 ms.prod: w10
diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index 2fa40326a6..f69fd1d740 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -2,7 +2,7 @@
 title: Set up a multi-app kiosk on Windows 10 | Microsoft Docs
 description: Learn how to configure a kiosk device running Windows 10 so that users can only run a few specific apps.
 ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
-ms.reviewer: 
+ms.reviewer: sybruckm
 manager: dansimp
 keywords: ["lockdown", "app restrictions", "applocker"]
 ms.prod: w10
diff --git a/windows/configuration/set-up-shared-or-guest-pc.md b/windows/configuration/set-up-shared-or-guest-pc.md
index ef26049efa..f47dd5956d 100644
--- a/windows/configuration/set-up-shared-or-guest-pc.md
+++ b/windows/configuration/set-up-shared-or-guest-pc.md
@@ -9,7 +9,7 @@ author: greg-lindsay
 ms.author: greglin
 ms.topic: article
 ms.localizationpriority: medium
-ms.reviewer: 
+ms.reviewer: sybruckm
 manager: dansimp
 ---
 
diff --git a/windows/configuration/setup-digital-signage.md b/windows/configuration/setup-digital-signage.md
index 792409071b..d545a5cc63 100644
--- a/windows/configuration/setup-digital-signage.md
+++ b/windows/configuration/setup-digital-signage.md
@@ -2,7 +2,7 @@
 title: Set up digital signs on Windows 10/11
 description: A single-use device such as a digital sign is easy to set up in Windows 10 and Windows 11 (Pro, Enterprise, and Education).
 ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
-ms.reviewer: 
+ms.reviewer: sybruckm
 manager: dansimp
 ms.author: greglin
 keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage", "kiosk browser", "browser"]

From 8533f02468a373563699cb8c24e58f1e91fa8ba5 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 23 Sep 2021 11:32:56 -0700
Subject: [PATCH 585/671] Update
 allow-com-object-registration-in-windows-defender-application-control-policy.md

---
 ...ows-defender-application-control-policy.md | 20 ++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
index 88be69c40f..077345760e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
@@ -23,16 +23,16 @@ ms.technology: mde
 
 -   Windows 10
 -   Windows 11
--   Windows Server 2016 and above
+-   Windows Server 2016 and later
 
->[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
-
->[!IMPORTANT]
->Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
 
 The [Microsoft Component Object Model (COM)](/windows/desktop/com/the-component-object-model) is a platform-independent, distributed, object-oriented system for creating binary software components that can interact. COM specifies an object model and programming requirements that enable COM objects to interact with other objects.
 
+> [!IMPORTANT]
+> Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 ### COM object configurability in WDAC policy
 
 Prior to the Windows 10 1903 update, Windows Defender Application Control (WDAC) enforced a built-in allow list for COM object registration. While this mechanism works for most common application usage scenarios, customers have provided feedback that there are cases where additional COM objects need to be allowed. The 1903 update to Windows 10 introduces the ability to specify allowed COM objects via their GUID in the WDAC policy.
@@ -54,11 +54,13 @@ Get GUID of application to allow in one of the following ways:
 ### Author policy setting to allow or deny COM object GUID
 
 Three elements:
+
 - Provider: platform on which code is running (values are  Powershell, WSH, IE, VBA, MSI, or a wildcard “AllHostIds”)
 - Key: GUID for the program you wish to run, in the format Key="{33333333-4444-4444-1616-161616161616}"
 - ValueName: needs to be set to "EnterpriseDefinedClsId"
 
 One attribute:
+
 - Value: needs to be “true” for allow and “false” for deny<br/>
   **Note**: Deny only works in base policies, not supplemental policies
 - The setting needs to be placed in the order of ASCII values (first by Provider, then Key, then ValueName)
@@ -96,7 +98,7 @@ Example 3: Allows a specific COM object to register in PowerShell
 ```
 ### How to configure settings for the CLSIDs
 
-Given the following example of an error in the Event Viewer (**Application and Service Logs** > **Microsoft** > **Windows** > **AppLocker** > **MSI and Script**):
+Here's an example of an error in the Event Viewer (**Application and Service Logs** > **Microsoft** > **Windows** > **AppLocker** > **MSI and Script**):
 
 Log Name: Microsoft-Windows-AppLocker/MSI and Script<br/>
 Source: Microsoft-Windows-AppLocker<br/>
@@ -136,7 +138,7 @@ Event XML:
 </Event>
 ```
 
-To add this CLSID to the existing policy, use the following steps:
+To add this CLSID to the existing policy, follow these steps:
 
 1. Open PowerShell ISE with Administrative privileges.
 2. Copy and edit this command, then run it from the admin PowerShell ISE. Consider the policy name to be `WDAC_policy.xml`.
@@ -154,4 +156,4 @@ Once the command has been run, you will find that the following section is added
         <Boolean>true</Boolean>
       </Value>
     </Setting>
-```
\ No newline at end of file
+```

From e61142d1ede0ee4dfe2d84e263d6c5a5686f3cbc Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Thu, 23 Sep 2021 15:13:30 -0400
Subject: [PATCH 586/671] fixed blocking issues

---
 windows/configuration/kiosk-policies.md                       | 2 +-
 windows/configuration/kiosk-shelllauncher.md                  | 2 +-
 windows/configuration/kiosk-xml.md                            | 4 ++--
 .../configuration/lock-down-windows-10-to-specific-apps.md    | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/configuration/kiosk-policies.md b/windows/configuration/kiosk-policies.md
index 67ac26aee2..a12e1a5b19 100644
--- a/windows/configuration/kiosk-policies.md
+++ b/windows/configuration/kiosk-policies.md
@@ -21,7 +21,7 @@ ms.topic: article
 **Applies to**
 
 - Windows 10 Pro, Enterprise, and Education
-- Windwos 11
+- Windows 11
 
 
 
diff --git a/windows/configuration/kiosk-shelllauncher.md b/windows/configuration/kiosk-shelllauncher.md
index 954ec4d664..3b720d1bbe 100644
--- a/windows/configuration/kiosk-shelllauncher.md
+++ b/windows/configuration/kiosk-shelllauncher.md
@@ -293,7 +293,7 @@ Value|Description
 
 These action can be used as default action, or can be mapped to a specific exit code. Refer to [Shell Launcher](/windows-hardware/customize/enterprise/wesl-usersettingsetcustomshell) to see how these codes with Shell Launcher WMI.
 
-To configure these action with Shell Launcher CSP, use below syntax in the shell launcher configuration xml. You can specify at most 4 custom actions mapping to 4 exit codes, and one default action for all other exit codes. When app exits and if the exit code is not found in the custom action mapping, or there is no default action defined, it will be no-op, i.e. nothing happens. So it's recommeded to at least define DefaultAction. [Get XML examples for different Shell Launcher v2 configurations.](https://github.com/Microsoft/Windows-iotcore-samples/tree/develop/Samples/ShellLauncherV2)
+To configure these action with Shell Launcher CSP, use below syntax in the shell launcher configuration xml. You can specify at most 4 custom actions mapping to 4 exit codes, and one default action for all other exit codes. When app exits and if the exit code is not found in the custom action mapping, or there is no default action defined, it will be no-op, i.e. nothing happens. So it's recommended to at least define DefaultAction. [Get XML examples for different Shell Launcher v2 configurations.](https://github.com/Microsoft/Windows-iotcore-samples/tree/develop/Samples/ShellLauncherV2)
 ``` xml
 <ReturnCodeActions>
     <ReturnCodeAction ReturnCode="0" Action="RestartShell"/>
diff --git a/windows/configuration/kiosk-xml.md b/windows/configuration/kiosk-xml.md
index 372752eb5e..5ffdb783e5 100644
--- a/windows/configuration/kiosk-xml.md
+++ b/windows/configuration/kiosk-xml.md
@@ -21,7 +21,7 @@ ms.topic: article
 **Applies to**
 
 - Windows 10
-- Windwos 11
+- Windows 11
 
 ## Full XML sample
 
@@ -645,7 +645,7 @@ IT Admin now can specify user access to Downloads folder, Removable drives, or n
 >[!NOTE]
 >Updated for Windows 10, version 1903+.
 
-The following XML schema is for AssignedAccess Configuration up to Windows 10 1803 release.:
+The following XML schema is for AssignedAccess Configuration up to Windows 10 1803 release:
 
 ```xml
 <?xml version="1.0" encoding="utf-8"?>
diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index f69fd1d740..2461a34568 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -64,7 +64,7 @@ Watch how to use a provisioning package to configure a multi-app kiosk.
 
 >[!VIDEO https://www.microsoft.com/videoplayer/embed/fa125d0f-77e4-4f64-b03e-d634a4926884?autoplay=false]
 
-If you don't want to use a provisioning package, you can deploy the configuration XML file using [mobile device management (MDM)](#use-mdm-to-deploy-the-multi-app configuration), or you can configure assigned access using the [MDM Bridge WMI Provider](kiosk-mdm-bridge.md).
+If you don't want to use a provisioning package, you can deploy the configuration XML file using [mobile device management (MDM)](#use-mdm-to-deploy-the-multi-app-configuration), or you can configure assigned access using the [MDM Bridge WMI Provider](kiosk-mdm-bridge.md).
 
 ### Prerequisites
 

From b2c888c918b9b1ad6ad72a4f6f95823b1111f1c5 Mon Sep 17 00:00:00 2001
From: "L.P" <pavel.lucian@yahoo.com>
Date: Thu, 23 Sep 2021 15:01:29 -0500
Subject: [PATCH 587/671] Update
 manage-device-installation-with-group-policy.md

/deviceids does not appear to be a valid switch for this command

  /enum-devices [/connected | /disconnected] [/instanceid <instance ID>]
                [/class <name | GUID>] [/problem [<code>]] [/ids] [/relations]
                [/drivers]
---
 .../manage-device-installation-with-group-policy.md             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/manage-device-installation-with-group-policy.md b/windows/client-management/manage-device-installation-with-group-policy.md
index 25ce17d38a..a3cff7c1bf 100644
--- a/windows/client-management/manage-device-installation-with-group-policy.md
+++ b/windows/client-management/manage-device-installation-with-group-policy.md
@@ -281,7 +281,7 @@ To find device identification strings using Device Manager
 ### Getting device identifiers using PnPUtil
 
 ```console
-pnputil /enum-devices /deviceids
+pnputil /enum-devices /ids
 ```
 
 Here is an example of an output for a single device on a machine:

From 8a02668349e7053a64783e27a2cb67820a5d0fb2 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 23 Sep 2021 13:48:19 -0700
Subject: [PATCH 588/671] Corrected note styles

---
 ...n-in-windows-defender-application-control-policy.md | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
index 077345760e..30cf6e4905 100644
--- a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
@@ -37,7 +37,8 @@ The [Microsoft Component Object Model (COM)](/windows/desktop/com/the-component-
 
 Prior to the Windows 10 1903 update, Windows Defender Application Control (WDAC) enforced a built-in allow list for COM object registration. While this mechanism works for most common application usage scenarios, customers have provided feedback that there are cases where additional COM objects need to be allowed. The 1903 update to Windows 10 introduces the ability to specify allowed COM objects via their GUID in the WDAC policy.
 
-**NOTE**: To add this functionality to other versions of Windows 10, you can install the following or later updates:
+> [!NOTE]
+> To add this functionality to other versions of Windows 10, you can install the following or later updates.
 
 - Windows 10, 1809 June 18, 2019—KB4501371 (OS Build 17763.592) (https://support.microsoft.com/help/4501371/windows-10-update-kb4501371)
 - Windows 10, 1803 June 18, 2019—KB4503288 (OS Build 17134.858) (https://support.microsoft.com/help/4503288/windows-10-update-kb4503288)
@@ -61,8 +62,11 @@ Three elements:
 
 One attribute:
 
-- Value: needs to be “true” for allow and “false” for deny<br/>
-  **Note**: Deny only works in base policies, not supplemental policies
+- Value: needs to be “true” for allow and “false” for deny
+
+  > [!NOTE]
+  > Deny only works in base policies, not supplemental policies
+
 - The setting needs to be placed in the order of ASCII values (first by Provider, then Key, then ValueName)
 
 ### Examples

From ec904ce7a97c76a12e67c2c26f6bd0e1764ee469 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 23 Sep 2021 13:50:23 -0700
Subject: [PATCH 589/671] Indented content in a list item

---
 ...ows-defender-application-control-policy.md | 29 ++++++++++---------
 1 file changed, 15 insertions(+), 14 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
index 30cf6e4905..5d98c29cbb 100644
--- a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
@@ -145,19 +145,20 @@ Event XML:
 To add this CLSID to the existing policy, follow these steps:
 
 1. Open PowerShell ISE with Administrative privileges.
+
 2. Copy and edit this command, then run it from the admin PowerShell ISE. Consider the policy name to be `WDAC_policy.xml`.
 
-```PowerShell
-PS C:\WINDOWS\system32> Set-CIPolicySetting -FilePath <path to policy xml>\WDAC_policy.xml -Key "{f8d253d9-89a4-4daa-87b6-1168369f0b21}" -Provider WSH -Value true -ValueName EnterpriseDefinedClsId -ValueType Boolean
-```
-
-Once the command has been run, you will find that the following section is added to the policy XML.
-
-```XML
-  <Settings>
-    <Setting Provider="WSH" Key="{f8d253d9-89a4-4daa-87b6-1168369f0b21}" ValueName="EnterpriseDefinedClsId">
-      <Value>
-        <Boolean>true</Boolean>
-      </Value>
-    </Setting>
-```
+    ```PowerShell
+    PS C:\WINDOWS\system32> Set-CIPolicySetting -FilePath <path to policy xml>\WDAC_policy.xml -Key "{f8d253d9-89a4-4daa-87b6-1168369f0b21}" -Provider WSH -Value true -ValueName EnterpriseDefinedClsId -ValueType Boolean
+    ```
+    
+    Once the command has been run, you will find that the following section is added to the policy XML.
+    
+    ```XML
+      <Settings>
+        <Setting Provider="WSH" Key="{f8d253d9-89a4-4daa-87b6-1168369f0b21}" ValueName="EnterpriseDefinedClsId">
+          <Value>
+            <Boolean>true</Boolean>
+          </Value>
+        </Setting>
+    ```

From 865bb67f9308ab7afd17b5e1a5cbd264b504d863 Mon Sep 17 00:00:00 2001
From: Carmen Forsmann <cmforsmann@live.com>
Date: Thu, 23 Sep 2021 15:50:06 -0700
Subject: [PATCH 590/671] Update delivery-optimization-workflow.md

---
 .../update/delivery-optimization-workflow.md    | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/windows/deployment/update/delivery-optimization-workflow.md b/windows/deployment/update/delivery-optimization-workflow.md
index f849ad5038..4336f3ab23 100644
--- a/windows/deployment/update/delivery-optimization-workflow.md
+++ b/windows/deployment/update/delivery-optimization-workflow.md
@@ -24,8 +24,9 @@ ms.topic: article
 
 This workflow allows Delivery Optimization to securely and efficiently deliver requested content to the calling device. Delivery Optimization uses content metadata to determine all available locations to pull content from, as well as content verification.
 
-1. When a download starts, the Delivery Optimization client attempts to get its content metadata from the Delivery Optimization service. This content metadata is a hash file containing the SHA-256 block-level hashes of each piece in the file (typically one piece = 1 MB). The authenticity of the content metadata file itself is verified prior to any content being downloaded.
-2. Once the content metadata file is verified, Delivery Optimization accesses the requested pieces of the content file, over an SSL channel.
+
+1. When a download starts, the Delivery Optimization client attempts to get its content metadata. This content metadata is a hash file containing the SHA-256 block-level hashes of each piece in the file (typically one piece = 1 MB).
+2. The authenticity of the content metadata file itself is verified prior to any content being downloaded using a hash that is obtained via an SSL channel from the Delivery Optimization service. The same channel is used to ensure the content is curated and authorized to leverage peer-to-peer.
 3. When Delivery Optimization pulls a certain piece of the hash from another peer, it verifies the hash against the known hash in the content metadata file.
 4. If a peer provides an invalid piece, that piece is discarded. When a peer sends multiple bad pieces, it's banned and will no longer be used as a source by the Delivery Optimization client performing the download.
 5. If Delivery Optimization is unable to obtain the content metadata file, or if the verification of the hash file itself fails, the download will fall back to “simple mode” (pulling content only from an HTTP source) and peer-to-peer won't be allowed.
@@ -35,9 +36,9 @@ This workflow allows Delivery Optimization to securely and efficiently deliver r
 
 |Endpoint hostname|Port|Name|Description|Data sent from the computer to the endpoint
 |--------------------------------------------|--------|---------------|-----------------------|------------------------|
-| geover-prod.do.dsp.mp.microsoft.com <br> geo-prod.do.dsp.mp.microsoft.com <br> geo.prod.do.dsp.mp.microsoft.com <br> geover.prod.do.dsp.mp.microsoft.com | 443 | Geo | Service used to identify the location of the device in order to direct it to the nearest data center. | **Profile**: The device type (for example, PC or Xbox) <br> **doClientVersion**: The version of the DoSvc Client <br> **groupID**: Group the device belongs to (set with DownloadMode = '2' (Group download mode) + groupID group policy / MDM policies) |
-| kv\*.prod.do.dsp.mp.microsoft.com | 443| KeyValue | Bootstrap service provides endpoints for all other services as well as device configs. | **countryCode**: The country the client is connected from <br> **doClientVersion**: The version of the DoSvc Client <br> **Profile**: The device type (for example, PC or Xbox) <br> **eId**: Client grouping Id <br> **CacheHost**: Cache host id |
-| cp\*.prod.do.dsp.mp.microsoft.com <br> | 443 | Content Policy | Provides content specific policies as well as content metadata URLs. | **Profile**: The device type (for example, PC or Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the dosvc client <br> **countryCode**: The country the client is connected from <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **eId**: Client grouping Id <br> **CacheHost**: Cache host id |
-| disc\*.prod.do.dsp.mp.microsoft.com | 443 | Discovery | Directs clients to a particular instance of the peer matching service (Array), ensuing that clients are collocated by factors, such as content, groupId and external IP. | **Profile**: The device type (for example, PC or Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the dosvc client <br> **partitionId**: Client partitioning hint <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **eId**: Client grouping Id |
-| array\*.prod.do.dsp.mp.microsoft.com | 443 | Arrays | Provides the client with list of peers that have the same content and belong to the same peer group. | **Profile**: The device type (for example, PC or Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the dosvc client <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **PeerId**:  Identified of the device running DO client <br> **ReportedIp**: The internal / private IP Address <br> **IsBackground**: Is the download interactive or background <br> **Uploaded**: Total bytes uploaded to peers <br> **Downloaded**: Total bytes downloaded from peers <br> **DownloadedCdn**: Total bytes downloaded from CDN <br> **Left**: Bytes left to download <br> **Peers Wanted**: Total number of peers wanted <br> **Group Id**: Group the device belongs to (set via DownloadMode 2 + Group ID GP / MDM policies) <br> **Scope**: The Download mode <br> **UploadedBPS**: The upload speed in bytes per second <br> **DownloadBPS**: The download speed in Bytes per second <br> **eId**: Client grouping Id |
-| dl.delivery.mp.microsoft.com <br> emdl.ws.microsoft.com | | |  | Metadata download can come from different hostnames, but it's required for peer to peer. |  
+| geover-prod.do.dsp.mp.microsoft.com <br> geo-prod.do.dsp.mp.microsoft.com <br> geo.prod.do.dsp.mp.microsoft.com <br> geover.prod.do.dsp.mp.microsoft.com | 443 | Geo | Service used to identify the location of the device in order to direct it to the nearest data center. | **Profile**: The device type (for example, PC or Xbox) <br> **doClientVersion**: The version of the DoSvc client <br> **groupID**: Group the device belongs to (set with DownloadMode = '2' (Group download mode) + groupID group policy / MDM policies) |
+| kv\*.prod.do.dsp.mp.microsoft.com | 443| KeyValue | Bootstrap service provides endpoints for all other services as well as device configs. | **countryCode**: The country the client is connected from <br> **doClientVersion**: The version of the DoSvc client <br> **Profile**: The device type (for example, PC or Xbox) <br> **eId**: Client grouping Id <br> **CacheHost**: Cache host id |
+| cp\*.prod.do.dsp.mp.microsoft.com <br> | 443 | Content Policy | Provides content specific policies as well as content metadata URLs. | **Profile**: The device type (for example, PC or Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the DoSvc client <br> **countryCode**: The country the client is connected from <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **eId**: Client grouping Id <br> **CacheHost**: Cache host id |
+| disc\*.prod.do.dsp.mp.microsoft.com | 443 | Discovery | Directs clients to a particular instance of the peer matching service (Array), ensuing that clients are collocated by factors, such as content, groupId and external IP. | **Profile**: The device type (for example, PC or Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the DoSvc client <br> **partitionId**: Client partitioning hint <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **eId**: Client grouping Id |
+| array\*.prod.do.dsp.mp.microsoft.com | 443 | Arrays | Provides the client with list of peers that have the same content and belong to the same peer group. | **Profile**: The device type (for example, PC or Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the DoSvc client <br> **altCatalogId**: If ContentId isn't available, use the download URL instead <br> **PeerId**:  Identified of the device running DO client <br> **ReportedIp**: The internal / private IP Address <br> **IsBackground**: Is the download interactive or background <br> **Uploaded**: Total bytes uploaded to peers <br> **Downloaded**: Total bytes downloaded from peers <br> **DownloadedCdn**: Total bytes downloaded from CDN <br> **Left**: Bytes left to download <br> **Peers Wanted**: Total number of peers wanted <br> **Group Id**: Group the device belongs to (set via DownloadMode 2 + Group ID GP / MDM policies) <br> **Scope**: The Download mode <br> **UploadedBPS**: The upload speed in bytes per second <br> **DownloadBPS**: The download speed in Bytes per second <br> **eId**: Client grouping Id |
+| dl.delivery.mp.microsoft.com <br> emdl.ws.microsoft.com | 80 | Delivery Optimization metadata file hosting | CDN hostnames for Delivery Optimization content metadata files | Metadata download can come from different hostnames, but it's required for peer to peer. |  

From ba009e52696e3281952087fcaa469d0c366d2db9 Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Thu, 23 Sep 2021 19:42:56 -0400
Subject: [PATCH 591/671] added not supported CSPs

---
 .../customize-taskbar-windows-11.md           |  1 -
 ...supported-csp-start-menu-layout-windows.md | 12 ++++++-
 .../supported-csp-taskbar-windows.md          | 34 +++++++++++++++++--
 3 files changed, 43 insertions(+), 4 deletions(-)

diff --git a/windows/configuration/customize-taskbar-windows-11.md b/windows/configuration/customize-taskbar-windows-11.md
index bbbe4869dd..5cbfc1ef09 100644
--- a/windows/configuration/customize-taskbar-windows-11.md
+++ b/windows/configuration/customize-taskbar-windows-11.md
@@ -10,7 +10,6 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mobile
 author: MandiOhlinger
-ms.date: 09/21/2021
 ms.localizationpriority: medium
 ---
 
diff --git a/windows/configuration/supported-csp-start-menu-layout-windows.md b/windows/configuration/supported-csp-start-menu-layout-windows.md
index d26c7b384d..3c2d63c994 100644
--- a/windows/configuration/supported-csp-start-menu-layout-windows.md
+++ b/windows/configuration/supported-csp-start-menu-layout-windows.md
@@ -10,7 +10,6 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mobile
 author: MandiOhlinger
-ms.date: 09/13/2021
 ms.localizationpriority: medium
 ---
 
@@ -57,6 +56,17 @@ For information on customizing the Start menu layout using policy, see [Customiz
 ## Existing CSP policies that Windows 11 doesn't support
 
 - [Start/StartLayout](/windows/client-management/mdm/policy-csp-start#start-startlayout)
+  - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Start Layout`
+
 - [Start/HideRecentlyAddedApps](/windows/client-management/mdm/policy-csp-start#start-hiderecentlyaddedapps)
+  - Group policy: `Computer Configuration\Administrative Templates\Start Menu and Taskbar\Remove "Recently added" list from Start Menu`
+
 - [Start/HideAppList](/windows/client-management/mdm/policy-csp-start#start-hideapplist)
+  - Group policy:
+    - `Computer Configuration\Administrative Templates\Start Menu and Taskbar\Remove All Programs list from the Start menu`
+    - `User Configuration\Administrative Templates\Start Menu and Taskbar\Remove All Programs list from the Start menu`
+
 - [Start/DisableContextMenus](/windows/client-management/mdm/policy-csp-start#start-disablecontextmenus)
+  - Group policy: 
+    - `Computer Configuration\Administrative Templates\Start Menu and Taskbar\Disable context menus in the Start Menu`
+    - `User Configuration\Administrative Templates\Start Menu and Taskbar\Disable context menus in the Start Menu`
diff --git a/windows/configuration/supported-csp-taskbar-windows.md b/windows/configuration/supported-csp-taskbar-windows.md
index 8b3445593f..2d7577e32a 100644
--- a/windows/configuration/supported-csp-taskbar-windows.md
+++ b/windows/configuration/supported-csp-taskbar-windows.md
@@ -10,7 +10,6 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mobile
 author: MandiOhlinger
-ms.date: 09/22/2021
 ms.localizationpriority: medium
 ---
 
@@ -28,10 +27,41 @@ For more general information, see [Configuration service provider (CSP) referenc
 
 ## Existing CSP policies that Windows 11 taskbar supports
 
-- [Start/HideRecentJumplists CSP](/windows/client-management/mdm/policy-csp-start.mdstart-hiderecentjumplists)
+- [Start/HideRecentJumplists CSP](/windows/client-management/mdm/policy-csp-start#start-hiderecentjumplists)
   - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Do not keep history of recently opened documents`
   - Local setting: Settings > Personalization > Start > Show recently opened items in Jump Lists on Start or the taskbar
 
 - [Start/NoPinningToTaskbar](/windows/client-management/mdm/policy-csp-start#start-nopinningtotaskbar)
   - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Do not allow pinning programs to the Taskbar`
   - Local setting: None
+
+## Existing CSP policies that Windows 11 doesn't support
+
+The following list includes some of the CSP policies that aren't supported on Windows 11:
+
+- [TaskbarLockAll CSP](/windows/client-management/mdm/policy-csp-admx-taskbar#admx-taskbar-taskbarlockall)
+  - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Lock all taskbar settings`
+
+- [TaskbarNoAddRemoveToolbar CSP](/windows/client-management/mdm/policy-csp-admx-taskbar#admx-taskbar-taskbarnoaddremovetoolbar)
+  - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Prevent users from adding or removing toolbars`
+
+- [TaskbarNoDragToolbar CSP](/windows/client-management/mdm/policy-csp-admx-taskbar#admx-taskbar-taskbarnodragtoolbar)
+  - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Prevent users from rearranging toolbars`
+
+- [TaskbarNoRedock CSP](/windows/client-management/mdm/policy-csp-admx-taskbar#admx-taskbar-taskbarnoredock)
+  - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Prevent users from moving taskbar to another screen dock location`
+
+- [TaskbarNoResize CSP](/windows/client-management/mdm/policy-csp-admx-taskbar#admx-taskbar-taskbarnoresize)
+  - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Prevent users from resizing the taskbar`
+
+- [NoToolbarsOnTaskbar CSP](/windows/client-management/mdm/policy-csp-admx-startmenu#admx-startmenu-notoolbarsontaskbar)
+  - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Do not display any custom toolbars in the taskbar`
+
+- [NoTaskGrouping CSP](/windows/client-management/mdm/policy-csp-admx-startmenu#admx-startmenu-notaskgrouping)
+  - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Prevent grouping of taskbar items`
+
+- [HidePeopleBar CSP](/windows/client-management/mdm/policy-csp-start#start-hidepeoplebar)
+  - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Remove the People Bar from the taskbar`
+
+- [QuickLaunchEnabled CSP](/windows/client-management/mdm/policy-csp-admx-startmenu#admx-startmenu-quicklaunchenabled)
+  - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Show QuickLaunch on Taskbar`

From 0efafa2077b9009fef00c7e5e5811b8320c950b8 Mon Sep 17 00:00:00 2001
From: Meghana Athavale <v-mathavale@microsoft.com>
Date: Fri, 24 Sep 2021 13:54:53 +0530
Subject: [PATCH 592/671] Updated

---
 .../mdm/policy-csp-admx-nca.md                |  67 +---
 .../mdm/policy-csp-admx-ncsi.md               |  60 +---
 .../mdm/policy-csp-admx-netlogon.md           | 256 +++----------
 .../mdm/policy-csp-admx-networkconnections.md | 200 ++---------
 .../mdm/policy-csp-admx-offlinefiles.md       | 339 +++---------------
 .../mdm/policy-csp-admx-peertopeercaching.md  |  74 +---
 .../policy-csp-admx-performancediagnostics.md |  39 +-
 .../mdm/policy-csp-admx-power.md              | 186 ++--------
 ...licy-csp-admx-powershellexecutionpolicy.md |  39 +-
 .../mdm/policy-csp-admx-printing.md           | 193 ++--------
 .../mdm/policy-csp-admx-printing2.md          |  74 +---
 .../mdm/policy-csp-admx-programs.md           |  60 +---
 .../mdm/policy-csp-admx-reliability.md        |  39 +-
 .../mdm/policy-csp-admx-remoteassistance.md   |  25 +-
 .../mdm/policy-csp-admx-removablestorage.md   | 235 ++----------
 15 files changed, 350 insertions(+), 1536 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-admx-nca.md b/windows/client-management/mdm/policy-csp-admx-nca.md
index 1148c8b887..1ed67abd42 100644
--- a/windows/client-management/mdm/policy-csp-admx-nca.md
+++ b/windows/client-management/mdm/policy-csp-admx-nca.md
@@ -13,8 +13,12 @@ manager: dansimp
 ---
 
 # Policy CSP - ADMX_nca
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <hr/>
 
@@ -118,12 +122,7 @@ Each string can be one of the following types:
 You must configure this setting to have complete NCA functionality.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -189,12 +188,7 @@ ADMX Info:
 This policy setting specifies commands configured by the administrator for custom logging. These commands will run in addition to default log commands.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -266,12 +260,7 @@ Each entry consists of the text PING: followed by the IPv6 address of an IPsec t
 You must configure this setting to have complete NCA functionality.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -339,12 +328,7 @@ This policy setting specifies the string that appears for DirectAccess connectiv
 If this setting is not configured, the string that appears for DirectAccess connectivity is “Corporate Connection”.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -421,12 +405,7 @@ To restore the DirectAccess rules to the NRPT and resume normal DirectAccess fun
 If this setting is not configured, users do not have Connect or Disconnect options.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -493,12 +472,7 @@ This policy setting specifies whether NCA service runs in Passive Mode or not.
 
 Set this to Disabled to keep NCA probing actively all the time. If this setting is not configured, NCA probing is in active mode by default.
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -568,12 +542,7 @@ Set this to Disabled to prevent user confusion when you are just using DirectAcc
 If this setting is not configured, the entry for DirectAccess connectivity appears.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -641,12 +610,7 @@ This policy setting specifies the e-mail address to be used when sending the log
 When the user sends the log files to the Administrator, NCA uses the default e-mail client to open a new message with the support email address in the To: field of the message, then attaches the generated log files as a .html file. The user can review the message and add additional information before sending the message.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -659,8 +623,7 @@ ADMX Info:
 <!--/Policy-->
 <hr/>
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-admx-ncsi.md b/windows/client-management/mdm/policy-csp-admx-ncsi.md
index a970faaac9..9aff94fad5 100644
--- a/windows/client-management/mdm/policy-csp-admx-ncsi.md
+++ b/windows/client-management/mdm/policy-csp-admx-ncsi.md
@@ -13,8 +13,12 @@ manager: dansimp
 ---
 
 # Policy CSP - ADMX_NCSI
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <hr/>
 
@@ -101,12 +105,7 @@ manager: dansimp
 This policy setting  enables you to specify the expected address of the host name used for the DNS probe. Successful resolution of the host name to this address indicates corporate connectivity.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -172,12 +171,7 @@ ADMX Info:
 This policy setting enables you to specify the host name of a computer known to be on the corporate network. Successful resolution of this host name to the expected address indicates corporate connectivity.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -243,12 +237,7 @@ ADMX Info:
 This policy setting enables you to specify the list of IPv6 corporate site prefixes to monitor for corporate connectivity. Reachability of addresses with any of these prefixes indicates corporate connectivity.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -314,12 +303,7 @@ ADMX Info:
 This policy setting enables you to specify the URL of the corporate website, against which an active probe is performed.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -388,12 +372,7 @@ ADMX Info:
 This policy setting enables you to specify the HTTPS URL of the corporate website that clients use to determine the current domain location (i.e. whether the computer is inside or outside the corporate network). Reachability of the URL destination indicates that the client location is inside corporate network; otherwise it is outside the network.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -459,12 +438,7 @@ ADMX Info:
 This policy setting enables you to specify DNS binding behavior. NCSI by default will restrict DNS lookups to the interface it is currently probing on. If you enable this setting, NCSI will allow the DNS lookups to happen on any interface.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -530,12 +504,7 @@ ADMX Info:
 This Policy setting enables you to specify passive polling behavior. NCSI polls various measurements throughout the network stack on a frequent interval to determine if network connectivity has been lost.  Use the options to control the passive polling behavior.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -548,7 +517,6 @@ ADMX Info:
 <!--/Policy-->
 <hr/>
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-admx-netlogon.md b/windows/client-management/mdm/policy-csp-admx-netlogon.md
index 4b32723dd1..60cfff66e4 100644
--- a/windows/client-management/mdm/policy-csp-admx-netlogon.md
+++ b/windows/client-management/mdm/policy-csp-admx-netlogon.md
@@ -13,8 +13,12 @@ manager: dansimp
 ---
 
 # Policy CSP - ADMX_Netlogon
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <hr/>
 
@@ -197,12 +201,7 @@ To specify this behavior in the DC Locator DNS SRV records, click Enabled, and t
 If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -276,12 +275,7 @@ If you disable this policy setting, DC Locator APIs will ONLY return IPv4 DC add
 If you do not configure this policy setting, DC Locator APIs can return IPv4/IPv6 DC address. This is the default behavior of the DC Locator.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -355,12 +349,7 @@ If you enable this policy setting, when the AllowSingleLabelDnsDomain policy is
 If you disable this policy setting, when the AllowSingleLabelDnsDomain policy is not enabled, computers to which this policy is applied, will only use NetBIOS name resolution to attempt to locate a domain controller hosting an Active Directory domain specified with a single-label name. The computers will not attempt DNS name resolution in this case, unless the computer is searching for a domain with a single label DNS name to which this computer is joined, in the Active Directory forest.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -436,12 +425,7 @@ If you disable this policy setting, Net Logon will not allow the negotiation and
 If you do not configure this policy setting, Net Logon will not allow the negotiation and use of older cryptography algorithms.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -517,12 +501,7 @@ If you disable this policy setting, computers to which this setting is applied w
 If you do not configure this policy setting, it is not applied to any computers, and computers use their local configuration.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -596,12 +575,7 @@ If you disable this policy setting, the DCs will not register site-specific DC L
 If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -678,12 +652,7 @@ If you enable or do not configure this policy setting, the DC location algorithm
 If you disable this policy setting, the DC location algorithm can use NetBIOS-based discovery as a fallback mechanism when DNS based discovery fails.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -759,12 +728,7 @@ If you disable this policy setting, the DCs will not attempt to verify any passw
 If you do not configure this policy setting, it is not applied to any DCs.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -843,12 +807,7 @@ If the value of this setting is less than the value specified in the NegativeCac
 > If the value for this setting is too large, a client will not attempt to find any DCs that were initially unavailable. If the value set in this setting is very small and the DC is not available, the traffic caused by periodic DC discoveries may be excessive.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -929,12 +888,7 @@ If the value for this setting is smaller than the value specified for the Initia
 If the value for this setting is too small and the DC is not available, the frequent retries may produce excessive network traffic.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1007,12 +961,7 @@ The default value for this setting is to not quit retrying (0). The maximum valu
 > If the value for this setting is too small, a client will stop trying to find a DC too soon.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1080,12 +1029,7 @@ ADMX Info:
 This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that periodically attempt to locate DCs, and it is applied before  returning the DC information to the caller program. The default value for this setting is infinite (4294967200). The maximum value for this setting is (4294967200), while the maximum that is not treated as infinity is 49 days (49*24*60*60=4233600). Any larger value is treated as infinity. The minimum value for this setting is to always refresh (0).
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1161,12 +1105,7 @@ If you specify zero for this policy setting, the default behavior occurs as desc
 If you disable this policy setting or do not configure it, the default behavior occurs as described above.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1266,12 +1205,7 @@ If you disable this policy setting, DCs configured to perform dynamic registrati
 If you do not configure this policy setting, DCs use their local configuration.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1348,12 +1282,7 @@ To specify the Refresh Interval of the DC records, click Enabled, and then enter
 If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1430,12 +1359,7 @@ The default local configuration is enabled.
 
 A reboot is not required for changes to this setting to take effect.
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1506,12 +1430,7 @@ To specify the TTL for DC Locator DNS records, click Enabled, and then enter a v
 
 If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1583,12 +1502,7 @@ To specify the expected dial-up delay at logon, click Enabled, and then enter th
 If you do not configure this policy setting, it is not applied to any computers, and computers use their local configuration.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1664,12 +1578,7 @@ If you disable this policy setting, Force Rediscovery will be used by default fo
 If you do not configure this policy setting, Force Rediscovery will be used by default for the machine at every 12 hour interval, unless the local machine setting in the registry is a different value.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1743,12 +1652,7 @@ To specify the sites covered by the GC Locator DNS SRV records, click Enabled, a
 If you do not configure this policy setting, it is not applied to any GCs, and GCs use their local configuration.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1825,12 +1729,7 @@ If you enable this policy setting, this DC does not process incoming mailslot me
 If you disable or do not configure this policy setting, this DC processes incoming mailslot messages. This is the default behavior of DC Locator.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1904,12 +1803,7 @@ To specify the Priority in the DC Locator DNS SRV resource records, click Enable
 If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1983,12 +1877,7 @@ To specify the Weight in the DC Locator DNS SRV records, click Enabled, and then
 If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2060,12 +1949,7 @@ By default, the maximum size of the log file is 20MB. If you enable this policy
 If you disable or do not configure this policy setting, the default behavior occurs as indicated above.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2139,12 +2023,7 @@ To specify the sites covered by the DC Locator application directory partition-s
 If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2217,12 +2096,7 @@ The default value for this setting is 45 seconds. The maximum value for this set
 > If the value for this setting is too large, a client will not attempt to find any DCs that were initially unavailable. If the value for this setting is too small, clients will attempt to find DCs even when none are available.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2301,12 +2175,7 @@ By default, the Netlogon share will grant shared read access to files on the sha
 If you enable this policy setting, domain administrators should ensure that the only applications using the exclusive read capability in the domain are those approved by the administrator.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2376,12 +2245,7 @@ This policy setting determines when a successful DC cache entry is refreshed. Th
 The default value for this setting is 30 minutes (1800). The maximum value for this setting is (4294967200), while the maximum that is not treated as infinity is 49 days (49*24*60*60=4233600). Any larger value will be treated as infinity. The minimum value for this setting is to always refresh (0).
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2460,12 +2324,7 @@ To specify this behavior, click Enabled and then enter a value. The range of val
 If you do not configure this policy setting, it is not applied to any computers, and computers use their local configuration.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2543,12 +2402,7 @@ None of these operations are critical. 15 minutes is optimal in all but extreme
 To enable the setting, click Enabled, and then specify the interval in seconds.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2622,12 +2476,7 @@ To specify the sites covered by the DC Locator DNS SRV records, click Enabled, a
 If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2701,12 +2550,7 @@ To specify the site name for this setting, click Enabled, and then enter the sit
 If you do not configure this policy setting, it is not applied to any computers, and computers use their local configuration.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2785,12 +2629,7 @@ By default, the SYSVOL share will grant shared read access to files on the share
 If you enable this policy setting, domain administrators should ensure that the only applications using the exclusive read capability in the domain are those approved by the administrator.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2866,12 +2705,7 @@ If you disable this policy setting, Try Next Closest Site DC Location will not b
 If you do not configure this policy setting, Try Next Closest Site DC Location will not be used by default for the machine. If the DS_TRY_NEXTCLOSEST_SITE flag is used explicitly, the Next Closest Site behavior will be used.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2945,12 +2779,7 @@ If you disable this policy setting, DCs will not register DC Locator DNS resourc
 If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2963,7 +2792,6 @@ ADMX Info:
 <!--/Policy-->
 <hr/>
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-admx-networkconnections.md b/windows/client-management/mdm/policy-csp-admx-networkconnections.md
index 22f39d543e..93c7d26bdf 100644
--- a/windows/client-management/mdm/policy-csp-admx-networkconnections.md
+++ b/windows/client-management/mdm/policy-csp-admx-networkconnections.md
@@ -14,8 +14,12 @@ manager: dansimp
 
 # Policy CSP - ADMX_NetworkConnections
 
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <hr/>
 
@@ -177,12 +181,7 @@ The Install and Uninstall buttons appear in the properties dialog box for connec
 > Nonadministrators are already prohibited from adding and removing connection components, regardless of this setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -259,12 +258,7 @@ If you disable this setting or do not configure it, the Advanced Settings item i
 > Nonadministrators are already prohibited from accessing the Advanced Settings dialog box, regardless of this setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -346,12 +340,7 @@ Changing this setting from Enabled to Not Configured does not enable the Advance
 > To open the Advanced TCP/IP Setting dialog box, in the Network Connections folder, right-click a connection icon, and click Properties. For remote access connections, click the Networking tab.  In the "Components checked are used by this connection" box, click Internet Protocol (TCP/IP), click the Properties button, and then click the Advanced button.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -428,12 +417,7 @@ If you disable this setting or do not configure it, the Properties dialog box fo
 > Nonadministrators are already prohibited from enabling or disabling components for a LAN connection, regardless of this setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -516,12 +500,7 @@ When enabled, the "Prohibit deletion of remote access connections" setting takes
 > This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -602,12 +581,7 @@ When enabled, this setting takes precedence over the "Ability to delete all user
 > This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -681,12 +655,7 @@ If the "Enable Network Connections settings for Administrators" is disabled or n
 If you disable this setting or do not configure it, the Remote Access Preferences item is enabled for all users.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -756,12 +725,7 @@ When enabled, the icon for Internet access will be shown in the system tray even
 If you disable this setting or do not configure it, the "local access only" icon will be used when a user is connected to a network with local access only.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -838,12 +802,7 @@ If you disable this setting or do not configure it, Windows XP settings that exi
 > This setting is intended to be used in a situation in which the Group Policy object that these settings are being applied to contains both Windows 2000 Professional and Windows XP Professional computers, and identical Network Connections policy behavior is required between all Windows 2000 Professional and Windows XP Professional computers.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -917,12 +876,7 @@ If you disable this policy setting, traffic between remote client computers runn
 If you do not configure this policy setting, traffic between remote client computers running DirectAccess and the Internet is not routed through the internal network.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -992,12 +946,7 @@ If you enable this policy setting, this condition will not be reported as an err
 If you disable or do not configure this policy setting, a DHCP-configured connection that has not been assigned an IP address will be reported via a notification, providing the user with information as to how the problem can be resolved.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1082,12 +1031,7 @@ The Local Area Connection Properties dialog box includes a list of the network c
 > Nonadministrators are already prohibited from accessing properties of components for a LAN connection, regardless of this setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1164,12 +1108,7 @@ If you do not configure this setting, only Administrators and Network Configurat
 > Administrators can still enable/disable LAN connections from Device Manager when this setting is disabled.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1248,12 +1187,7 @@ If you disable this setting or do not configure it, a Properties menu item appea
 > Nonadministrators have the right to view the properties dialog box for a connection but not to make changes, regardless of this setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1330,12 +1264,7 @@ If you disable this setting or do not configure it, the Make New Connection icon
 > This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1414,12 +1343,7 @@ If you enable the "Windows Firewall: Protect all network connections" policy set
 If you disable this setting or do not configure it, the Internet Connection Firewall is disabled when a LAN Connection or VPN connection is created, but users can use the Advanced tab in the connection properties to enable it. The Internet Connection Firewall is enabled by default on the connection for which Internet Connection Sharing is enabled. In addition, remote access connections created through the Make New Connection Wizard have the Internet Connection Firewall enabled.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1502,12 +1426,7 @@ If you do not configure this setting, only Administrators and Network Configurat
 > This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1590,12 +1509,7 @@ The Networking tab of the Remote Access Connection Properties dialog box include
 > This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1667,12 +1581,7 @@ If the "Enable Network Connections settings for Administrators" is disabled or n
 If you disable this setting or do not configure it, the Connect and Disconnect options for remote access connections are available to all users. Users can connect or disconnect a remote access connection by double-clicking the icon representing the connection, by right-clicking it, or by using the File menu.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1753,12 +1662,7 @@ If you disable this setting or do not configure it, a Properties menu item appea
 > This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1839,12 +1743,7 @@ When the "Ability to rename LAN connections or remote access connections availab
 This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1923,12 +1822,7 @@ If this setting is not configured, only Administrators and Network Configuration
 > This setting does not prevent users from using other programs, such as Internet Explorer, to rename remote access connections.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2005,12 +1899,7 @@ If you do not configure this setting, only Administrators and Network Configurat
 When the "Ability to rename LAN connections or remote access connections available to all users" setting is configured (set to either enabled or disabled), this setting does not apply.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2087,12 +1976,7 @@ If you disable this setting or do not configure it, the Rename option is enabled
 > This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2175,12 +2059,7 @@ Nonadministrators are already prohibited from configuring Internet Connection Sh
 Disabling this setting does not prevent Wireless Hosted Networking from using the ICS service for DHCP services. To prevent the ICS service from running, on the Network Permissions tab in the network's policy properties, select the "Don't use hosted networks" check box.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2254,12 +2133,7 @@ If the "Enable Network Connections settings for Administrators" is disabled or n
 If you disable this setting or do not configure it, the connection status taskbar icon and  Status dialog box are available to all users.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2329,12 +2203,7 @@ If you enable this policy setting, domain users must elevate when setting a netw
 If you disable or do not configure this policy setting, domain users can set a network's location without elevating.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2347,6 +2216,5 @@ ADMX Info:
 <!--/Policy-->
 <hr/>
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 <!--/Policies-->
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md
index 51ec6464ca..27a8bd6ae6 100644
--- a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md
+++ b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md
@@ -13,8 +13,12 @@ manager: dansimp
 ---
 
 # Policy CSP - ADMX_OfflineFiles
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <hr/>
 
@@ -224,12 +228,7 @@ If you enable this setting, when you make a folder available offline, all folder
 If you disable this setting or do not configure it, the system asks users whether they want subfolders to be made available offline when they make a parent folder available offline.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -304,12 +303,7 @@ If you do not configure this policy setting, no files or folders are made availa
 > This setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy settings will be combined and all specified files will be available for offline use.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -384,12 +378,7 @@ If you do not configure this policy setting, no files or folders are made availa
 > This setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy settings will be combined and all specified files will be available for offline use.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -461,12 +450,7 @@ You can also configure Background Sync for network shares that are in user selec
 If you disable or do not configure this policy setting, Windows performs a background sync of offline folders in the slow-link mode at a default interval with the start of the sync varying between 0 and 60 additional minutes. In Windows 7 and Windows Server 2008 R2, the default sync interval is 360 minutes. In Windows 8 and Windows Server 2012, the default sync interval is 120 minutes.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -548,12 +532,7 @@ If you enable this setting and specify an auto-cached space limit greater than t
 This setting replaces the Default Cache Size setting used by pre-Windows Vista systems.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -638,12 +617,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 Also, see the "Non-default server disconnect actions" setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -728,12 +702,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 Also, see the "Non-default server disconnect actions" setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -814,12 +783,7 @@ If you do not configure this setting, disk space for automatically cached files
 > To change the amount of disk space used for automatic caching without specifying a setting, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then use the slider bar associated with the "Amount of disk space to use for temporary offline files" option.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -894,12 +858,7 @@ If you do not configure this policy setting, Offline Files is enabled on Windows
 > Changes to this policy setting do not take effect until the affected computer is restarted.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -977,12 +936,7 @@ If you do not configure this policy setting, encryption of the Offline Files cac
 
 This setting is applied at user logon. If this setting is changed after user logon then user logoff and logon is required for this setting to take effect.
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1063,12 +1017,7 @@ To use this setting, in the "Enter" box, select the number corresponding to the
 > This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1149,12 +1098,7 @@ To use this setting, in the "Enter" box, select the number corresponding to the
 > This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1224,12 +1168,7 @@ If you enable this policy setting, a user will be unable to create files with th
 If you disable or do not configure this policy setting, a user can create a file of any type in the folders that have been made available offline.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1304,12 +1243,7 @@ To use this setting, type the file name extension in the "Extensions" box. To ty
 > To make changes to this setting effective, you must log off and log on again.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1394,12 +1328,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 Also, see the "Non-default server disconnect actions" setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1484,12 +1413,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 Also, see the "Non-default server disconnect actions" setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1564,12 +1488,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 > To view the Offline Files Folder, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then click "View Files."
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1644,12 +1563,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 > To view the Offline Files Folder, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then click "View Files."
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1724,12 +1638,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 > This setting provides a quick method for locking down the default settings for Offline Files. To accept the defaults, just enable this setting. You do not have to disable any other settings in this folder.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1804,12 +1713,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 > This setting provides a quick method for locking down the default settings for Offline Files. To accept the defaults, just enable this setting. You do not have to disable any other settings in this folder.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1883,12 +1787,7 @@ If you disable or do not configure this policy setting, users can manually speci
 > - The "Make Available Offline" command is called "Always available offline" on computers running Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, or Windows Vista.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1962,12 +1861,7 @@ If you disable or do not configure this policy setting, users can manually speci
 > - The "Make Available Offline" command is called "Always available offline" on computers running Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, or Windows Vista.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2045,12 +1939,7 @@ If you do not configure this policy setting, the "Make Available Offline" comman
 > - If the "Remove 'Make Available Offline' command" policy setting is enabled, this setting has no effect.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2128,12 +2017,7 @@ If you do not configure this policy setting, the "Make Available Offline" comman
 > - If the "Remove 'Make Available Offline' command" policy setting is enabled, this setting has no effect.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2214,12 +2098,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 > To display or hide reminder balloons without establishing a setting, in Windows Explorer, on the Tools menu, click Folder Options, and then click the Offline Files tab. This setting corresponds to the "Enable reminders" check box.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2300,12 +2179,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 > To display or hide reminder balloons without establishing a setting, in Windows Explorer, on the Tools menu, click Folder Options, and then click the Offline Files tab. This setting corresponds to the "Enable reminders" check box.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2379,12 +2253,7 @@ If you enable this policy setting, transparent caching is enabled and configurab
 If you disable or do not configure this policy setting, remote files will be not be transparently cached on client computers.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2456,12 +2325,7 @@ If you enable this setting, when you make a folder available offline, all folder
 If you disable this setting or do not configure it, the system asks users whether they want subfolders to be made available offline when they make a parent folder available offline.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2534,12 +2398,7 @@ If you disable this setting or do not configure it, automatically and manually c
 > Files are not synchronized before they are deleted. Any changes to local files since the last synchronization are lost.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2609,12 +2468,7 @@ If you enable or do not configure this policy setting, only new files and folder
 If you disable this policy setting, all administratively assigned folders are synchronized at logon.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2689,12 +2543,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 > To set reminder balloon frequency without establishing a setting, in Windows Explorer, on the Tools menu, click Folder Options, and then click the Offline Files tab. This setting corresponds to the "Display reminder balloons every ... minutes" option.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2769,12 +2618,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 > To set reminder balloon frequency without establishing a setting, in Windows Explorer, on the Tools menu, click Folder Options, and then click the Offline Files tab. This setting corresponds to the "Display reminder balloons every ... minutes" option.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2844,12 +2688,7 @@ Reminder balloons appear when the user's connection to a network file is lost or
 This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2919,12 +2758,7 @@ Reminder balloons appear when the user's connection to a network file is lost or
 This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2994,12 +2828,7 @@ Reminder balloons appear when the user's connection to a network file is lost or
 This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -3069,12 +2898,7 @@ Reminder balloons appear when the user's connection to a network file is lost or
 This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -3154,12 +2978,7 @@ In Windows 8 or Windows Server 2012, set the Latency threshold to 1ms to keep us
 If you disable this policy setting, computers will not use the slow-link mode.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -3234,12 +3053,6 @@ If this setting is disabled or not configured, the default threshold value of 64
 > Use the following formula when entering the slow link value: [ bps / 100]. For example, if you want to set a threshold value of 128,000 bps, enter a value of 1280.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -3318,12 +3131,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 > To change the synchronization method without changing a setting, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then select the "Synchronize all offline files before logging off" option.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -3402,12 +3210,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 > To change the synchronization method without changing a setting, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then select the "Synchronize all offline files before logging off" option.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -3486,12 +3289,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 > To change the synchronization method without setting a setting, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then select the "Synchronize all offline files before logging on" option.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -3572,12 +3370,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 > To change the synchronization method without setting a setting, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then select the "Synchronize all offline files before logging on" option.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -3650,12 +3443,7 @@ If you disable or do not configuring this setting, files are not synchronized wh
 > If the computer is suspended by closing the display on a portable computer, files are not synchronized. If multiple users are logged on to the computer at the time the computer is suspended, a synchronization is not performed.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -3728,12 +3516,7 @@ If you disable or do not configuring this setting, files are not synchronized wh
 > If the computer is suspended by closing the display on a portable computer, files are not synchronized. If multiple users are logged on to the computer at the time the computer is suspended, a synchronization is not performed.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -3803,12 +3586,7 @@ If you enable this setting, synchronization can occur in the background when the
 If this setting is disabled or not configured, synchronization will not run in the background on network folders when the user's network is roaming, near, or over the plan's data limit. The network folder must also be in "slow-link" mode, as specified by the "Configure slow-link mode" policy to avoid network usage.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -3878,12 +3656,7 @@ If you enable this policy setting, the "Work offline" command is not displayed i
 If you disable or do not configure this policy setting, the "Work offline" command is displayed in File Explorer.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -3953,12 +3726,7 @@ If you enable this policy setting, the "Work offline" command is not displayed i
 If you disable or do not configure this policy setting, the "Work offline" command is displayed in File Explorer.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -3971,8 +3739,7 @@ ADMX Info:
 <!--/Policy-->
 <hr/>
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md
index 06e6d88a46..e3e5caf8a1 100644
--- a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md
+++ b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md
@@ -13,8 +13,12 @@ manager: dansimp
 ---
 
 # Policy CSP - ADMX_PeerToPeerCaching
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <hr/>
 
@@ -121,12 +125,7 @@ Select one of the following:
 > This policy setting is supported on computers that are running Windows Vista Business, Enterprise, and Ultimate editions with Background Intelligent Transfer Service (BITS) 4.0 installed.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -205,12 +204,7 @@ Select one of the following:
 > This policy setting is supported on computers that are running Windows Vista Business, Enterprise, and Ultimate editions with Background Intelligent Transfer Service (BITS) 4.0 installed.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -295,12 +289,7 @@ Hosted cache clients must trust the server certificate that is issued to the hos
 > This policy setting is supported on computers that are running Windows Vista Business, Enterprise, and Ultimate editions with Background Intelligent Transfer Service (BITS) 4.0 installed.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -388,12 +377,7 @@ Select one of the following:
 - Disabled. With this selection, this policy is not applied to client computers.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -477,12 +461,7 @@ In circumstances where this setting is enabled, you can also select and configur
 - Hosted cache servers. To add hosted cache server computer names to this policy setting, click Enabled, and then click Show. The Show Contents dialog box opens. Click Value, and then type the computer names of the hosted cache servers.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -560,12 +539,7 @@ In circumstances where this policy setting is enabled, you can also select and c
 - Type the maximum round trip network latency (milliseconds) after which caching begins. Specifies the amount of time, in milliseconds, after which BranchCache client computers begin to cache content locally.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -650,12 +624,7 @@ In circumstances where this setting is enabled, you can also select and configur
 > This policy setting is supported on computers that are running Windows Vista Business, Enterprise, and Ultimate editions with Background Intelligent Transfer Service (BITS) 4.0 installed.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -737,12 +706,7 @@ In circumstances where this setting is enabled, you can also select and configur
 - Specify the age in days for which segments in the data cache are valid.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -827,12 +791,7 @@ Select from the following versions
 - Windows 8. If you select this version, Windows 8 will run the version of BranchCache that is included in the operating system.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -845,7 +804,6 @@ ADMX Info:
 <!--/Policy-->
 <hr/>
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 <!--/Policies-->
diff --git a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md
index 088f65c0dc..c0586ccf19 100644
--- a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md
+++ b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md
@@ -13,8 +13,12 @@ manager: dansimp
 ---
 
 # Policy CSP - ADMX_PerformanceDiagnostics
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <hr/>
 
@@ -104,12 +108,7 @@ No system restart or service restart is required for this policy to take effect:
 This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios will not be executed.  The DPS can be configured with the Services snap-in to the Microsoft Management Console.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -187,12 +186,7 @@ No system restart or service restart is required for this policy to take effect:
 This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios will not be executed.  The DPS can be configured with the Services snap-in to the Microsoft Management Console.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -270,12 +264,7 @@ No system restart or service restart is required for this policy to take effect:
 This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios will not be executed.  The DPS can be configured with the Services snap-in to the Microsoft Management Console.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -353,12 +342,7 @@ No system restart or service restart is required for this policy to take effect:
 This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios will not be executed.  The DPS can be configured with the Services snap-in to the Microsoft Management Console.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -371,8 +355,7 @@ ADMX Info:
 <!--/Policy-->
 <hr/>
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-admx-power.md b/windows/client-management/mdm/policy-csp-admx-power.md
index 4b6fc28e8f..46c9adf221 100644
--- a/windows/client-management/mdm/policy-csp-admx-power.md
+++ b/windows/client-management/mdm/policy-csp-admx-power.md
@@ -13,8 +13,12 @@ manager: dansimp
 ---
 
 # Policy CSP - ADMX_Power
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <hr/>
 
@@ -161,12 +165,7 @@ If you disable this policy setting, network connectivity in standby is not guara
 If you do not configure this policy setting, users control this setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -236,12 +235,7 @@ If you enable this policy setting, an application or service may prevent the sys
 If you disable or do not configure this policy setting, users control this setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -315,12 +309,7 @@ If you enable this policy setting, select one of the following actions:
 If you disable this policy or do not configure this policy setting, users control this setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -390,12 +379,7 @@ If you enable this policy setting, any application, service, or device driver pr
 If you disable or do not configure this policy setting, applications, services, or drivers do not prevent Windows from automatically transitioning to sleep. Only user input is used to determine if Windows should automatically sleep.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -465,12 +449,7 @@ If you enable this policy setting, any application, service, or device driver pr
 If you disable or do not configure this policy setting, applications, services, or drivers do not prevent Windows from automatically transitioning to sleep. Only user input is used to determine if Windows should automatically sleep.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -540,12 +519,7 @@ If you enable this policy setting, the computer automatically sleeps when networ
 If you disable or do not configure this policy setting, the computer does not automatically sleep when network files are open.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -615,12 +589,7 @@ If you enable this policy setting, the computer automatically sleeps when networ
 If you disable or do not configure this policy setting, the computer does not automatically sleep when network files are open.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -690,12 +659,7 @@ If you enable this policy setting, you must specify a power plan, specified as a
 If you disable or do not configure this policy setting, users can see and change this setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -770,12 +734,7 @@ If you enable this policy setting, select one of the following actions:
 If you disable or do not configure this policy setting, users control this setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -850,12 +809,7 @@ If you enable this policy setting, select one of the following actions:
 If you disable or do not configure this policy setting, users control this setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -927,12 +881,7 @@ To set the action that is triggered, see the "Critical Battery Notification Acti
 If you disable this policy setting or do not configure it, users control this setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1006,12 +955,7 @@ The notification will only be shown if the "Low Battery Notification Action" pol
 If you disable or do not configure this policy setting, users can control this setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1083,12 +1027,7 @@ To set the action that is triggered, see the "Low Battery Notification Action" p
 If you disable this policy setting or do not configure it, users control this setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1160,12 +1099,7 @@ If you disable this policy setting, network connectivity in standby is not guara
 If you do not configure this policy setting, users control this setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1235,12 +1169,7 @@ If you enable this policy setting, an application or service may prevent the sys
 If you disable or do not configure this policy setting, users control this setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1314,12 +1243,7 @@ If you enable this policy setting, select one of the following actions:
 If you disable this policy or do not configure this policy setting, users control this setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1389,12 +1313,7 @@ If you enable this policy setting, you must provide a value, in seconds, indicat
 If you disable or do not configure this policy setting, users can see and change this setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1464,12 +1383,7 @@ If you enable this policy setting, you must provide a value, in seconds, indicat
 If you disable or do not configure this policy setting, users can see and change this setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1545,12 +1459,7 @@ If you enable this policy setting, the computer system safely shuts down and rem
 If you disable or do not configure this policy setting, the computer system safely shuts down to a fully powered-off state.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1622,12 +1531,7 @@ If you disable this policy setting, the desktop background slideshow is disabled
 If you disable or do not configure this policy setting, users control this setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1699,12 +1603,7 @@ If you disable this policy setting, the desktop background slideshow is disabled
 If you disable or do not configure this policy setting, users control this setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1774,12 +1673,7 @@ If you enable this policy setting, specify a power plan from the Active Power Pl
 If you disable or do not configure this policy setting, users control this setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1849,12 +1743,7 @@ If you enable this policy setting, the client computer is locked and prompted fo
 If you disable or do not configure this policy setting, users control if their computer is automatically locked or not after performing a resume operation.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1924,12 +1813,7 @@ If you enable this policy setting, Power Throttling will be turned off.
 If you disable or do not configure this policy setting, users control this setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1999,12 +1883,7 @@ If you enable this policy setting, you must enter a numeric value (percentage) t
 If you disable or do not configure this policy setting, users can see and change this setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2017,7 +1896,6 @@ ADMX Info:
 <!--/Policy-->
 <hr/>
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md
index e53466c621..d2d7e0d5b4 100644
--- a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md
+++ b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md
@@ -13,8 +13,12 @@ manager: dansimp
 ---
 
 # Policy CSP - ADMX_PowerShellExecutionPolicy
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <hr/>
 
@@ -102,12 +106,7 @@ To add modules and snap-ins to the policy setting list, click Show, and then typ
 > This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -183,12 +182,7 @@ If you disable this policy setting, no scripts are allowed to run.
 > This policy setting exists under both "Computer Configuration" and "User Configuration" in the Local Group Policy Editor. The "Computer Configuration" has precedence over "User Configuration."  If you disable or do not configure this policy setting, it reverts to a per-machine preference setting; the default if that is not configured is "No scripts allowed."
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -264,12 +258,7 @@ If you use the OutputDirectory setting to enable transcript logging to a shared
 > This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -343,12 +332,7 @@ If this policy setting is disabled or not configured, this policy setting does n
 > This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -361,7 +345,6 @@ ADMX Info:
 <!--/Policy-->
 <hr/>
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 <!--/Policies-->
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-printing.md b/windows/client-management/mdm/policy-csp-admx-printing.md
index e2d5216e21..cceb1665c6 100644
--- a/windows/client-management/mdm/policy-csp-admx-printing.md
+++ b/windows/client-management/mdm/policy-csp-admx-printing.md
@@ -13,8 +13,12 @@ manager: dansimp
 ---
 
 # Policy CSP - ADMX_Printing
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <hr/>
 
@@ -170,12 +174,7 @@ Internet printing is an extension of Internet Information Services (IIS). To use
 Also, see the "Custom support URL in the Printers folder's left pane" setting in this folder and the "Browse a common Web site to find printers" setting in User Configuration\Administrative Templates\Control Panel\Printers.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -252,12 +251,7 @@ If you disable this policy setting, then print drivers will be loaded within all
 > - This policy setting is only checked once during the lifetime of a process. After changing the policy, a running application must be relaunched before settings take effect.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -334,12 +328,7 @@ Also, see the "Activate Internet printing" setting in this setting folder and th
 Web view is affected by the "Turn on Classic Shell" and "Do not allow Folder Options to be opened from the Options button on the View tab of the ribbon" settings in User Configuration\Administrative Templates\Windows Components\Windows Explorer, and by the "Enable Active Desktop" setting in User Configuration\Administrative Templates\Desktop\Active Desktop.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -413,12 +402,7 @@ This policy setting is not configured by default, and the behavior depends on th
 By default, Windows Ultimate, Professional and Home SKUs will continue to search for compatible Point and Print drivers from Windows Update, if needed. However, you must explicitly enable this policy setting for other versions of Windows (for example Windows Enterprise, and all versions of Windows Server 2008 R2 and later) to have the same behavior.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -502,12 +486,7 @@ In Windows 10 and later, only TCP/IP printers can be shown in the wizard. If you
 In Windows 8 and later, Bluetooth printers are not shown so its limit does not apply to those versions of Windows.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -580,12 +559,7 @@ If you disable this setting, the network printer browse page is removed from wit
 > This setting affects the Add Printer Wizard only. It does not prevent users from using other programs to search for shared printers or to connect to network printers.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -666,12 +640,7 @@ If you do not enable this policy setting, the behavior is the same as disabling
 > In cases where the client print driver does not match the server print driver (mismatched connection), the client will always process the print job, regardless of the setting of this policy.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -739,12 +708,7 @@ Determines whether the XPS Rasterization Service or the XPS-to-GDI conversion (X
 This setting may improve the performance of the XPS Rasterization Service or the XPS-to-GDI conversion (XGC) on machines that have a relatively powerful CPU as compared to the machine’s GPU.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -818,12 +782,7 @@ This setting makes it easy for users to find the printers you want them to add.
 Also, see the "Custom support URL in the Printers folder's left pane" and "Activate Internet printing" settings in "Computer Configuration\Administrative Templates\Printers."
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -898,12 +857,7 @@ If you enable this setting, installation of a printer using a kernel-mode driver
 > By applying this policy, existing kernel-mode drivers will be disabled upon installation of service packs or reinstallation of the Windows XP operating system. This policy does not apply to 64-bit kernel-mode printer drivers as they cannot be installed and associated with a print queue.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -975,12 +929,7 @@ If you disable this setting, Windows will manage the default printer.
 If you do not configure this setting, default printer management will not change. 
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1050,12 +999,7 @@ If you enable this group policy setting, the default MXDW output format is the l
 If you disable or do not configure this policy setting, the default MXDW output format is OpenXPS (*.oxps).
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1127,12 +1071,7 @@ This setting does not prevent users from running other programs to delete a prin
 If this policy is disabled, or not configured, users can delete printers using the methods described above.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1213,12 +1152,7 @@ In Windows 10 and later, only TCP/IP printers can be shown in the wizard. If you
 In Windows 8 and later, Bluetooth printers are not shown so its limit does not apply to those versions of Windows.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1288,12 +1222,7 @@ If this setting is enabled, users will only be able to point and print to printe
 If this setting is disabled, or not configured, users will not be restricted to package-aware point and print only.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1363,12 +1292,7 @@ If this setting is enabled, users will only be able to point and print to printe
 If this setting is disabled, or not configured, users will not be restricted to package-aware point and print only.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1442,12 +1366,7 @@ If this setting is enabled, users will only be able to package point and print t
 If this setting is disabled, or not configured, package point and print will not be restricted to specific print servers.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1521,12 +1440,7 @@ If this setting is enabled, users will only be able to package point and print t
 If this setting is disabled, or not configured, package point and print will not be restricted to specific print servers.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1600,12 +1514,7 @@ Type the location of the user's computer. When users search for printers, the sy
 If you disable this setting or do not configure it, and the user does not type a location as a search criterion, the system searches for a nearby printer based on the IP address and subnet mask of the user's computer.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1677,12 +1586,7 @@ If you enable this setting, users can browse for printers by location without kn
 If you disable this setting or do not configure it, Location Tracking is disabled. Printer proximity is estimated using the standard method (that is, based on IP address and subnet mask).
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1757,12 +1661,7 @@ If you disable this policy setting, the print spooler will execute print drivers
 > - This policy setting takes effect without restarting the print spooler service.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1837,12 +1736,7 @@ If you disable or do not configure this policy setting, the print spooler uses t
 > - This policy setting takes effect without restarting the print spooler service.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1914,12 +1808,7 @@ If you enable this policy setting, these searches begin at the location you spec
 This setting only provides a starting point for Active Directory searches for printers. It does not restrict user searches through Active Directory.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1996,12 +1885,7 @@ If you do not configure this setting, shared printers are announced to browse ma
 > A client license is used each time a client computer announces a printer to a print browse master on the domain.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2074,12 +1958,7 @@ If you enable this policy setting, the print job name will be included in new lo
 > This setting does not apply to Branch Office Direct Printing jobs.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2151,12 +2030,7 @@ If you enable this policy setting, then all printer extensions will not be allow
 If you disable this policy setting or do not configure it, then all printer extensions that have been installed will be allowed to run.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2169,7 +2043,6 @@ ADMX Info:
 <!--/Policy-->
 <hr/>
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 <!--/Policies-->
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-printing2.md b/windows/client-management/mdm/policy-csp-admx-printing2.md
index 6dd43fb7c3..be91226a5a 100644
--- a/windows/client-management/mdm/policy-csp-admx-printing2.md
+++ b/windows/client-management/mdm/policy-csp-admx-printing2.md
@@ -13,8 +13,12 @@ manager: dansimp
 ---
 
 # Policy CSP - ADMX_Printing2
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <hr/>
 
@@ -116,12 +120,7 @@ The default behavior is to automatically publish shared printers in Active Direc
 > This setting is ignored if the "Allow printers to be published" setting is disabled.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -196,12 +195,7 @@ If you disable this setting, the domain controller does not prune this computer'
 > You can use the "Directory Pruning Interval" and "Directory Pruning Retry" settings to adjust the contact interval and number of contact attempts.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -283,12 +277,7 @@ You can enable this setting to change the default behavior. To use this setting,
 > If you disable automatic pruning, remember to delete printer objects manually whenever you remove a printer or print server.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -365,12 +354,7 @@ If you do not configure or disable this setting the default values will be used.
 > This setting is used only on domain controllers.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -445,12 +429,7 @@ By default, the pruning thread runs at normal priority. However, you can adjust
 > This setting is used only on domain controllers.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -527,12 +506,7 @@ If you do not configure or disable this setting, the default values are used.
 > This setting is used only on domain controllers.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -609,12 +583,7 @@ Note: This setting does not affect the logging of pruning events; the actual pru
 > This setting is used only on domain controllers.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -686,12 +655,7 @@ When the policy is disabled, the spooler will not accept client connections nor
 The spooler must be restarted for changes to this policy to take effect.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -763,12 +727,7 @@ To enable this additional verification, enable this setting, and then select a v
 To disable verification, disable this setting, or enable this setting and select "Never" for the verification interval.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -781,6 +740,5 @@ ADMX Info:
 <!--/Policy-->
 <hr/>
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 <!--/Policies-->
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-programs.md b/windows/client-management/mdm/policy-csp-admx-programs.md
index 666626b0f5..d6dcf488e4 100644
--- a/windows/client-management/mdm/policy-csp-admx-programs.md
+++ b/windows/client-management/mdm/policy-csp-admx-programs.md
@@ -13,8 +13,12 @@ manager: dansimp
 ---
 
 # Policy CSP - ADMX_Programs
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <hr/>
 
@@ -109,12 +113,7 @@ This setting does not prevent users from using other tools and methods to change
 This setting does not prevent the Default Programs icon from appearing on the Start menu.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -191,12 +190,7 @@ If this setting is disabled or is not configured, the "Install a program from th
 > If the "Hide Programs Control Panel" setting is enabled, this setting is ignored.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -268,12 +262,7 @@ If this setting is disabled or not configured, the "View installed updates" task
 This setting does not prevent users from using other tools and methods to install or uninstall programs.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -343,12 +332,7 @@ If this setting is disabled or not configured, "Programs and Features" will be a
 This setting does not prevent users from using other tools and methods to view or uninstall programs.  It also does not prevent users from linking to related Programs Control Panel Features including Windows Features, Get Programs, or Windows Marketplace.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -422,12 +406,7 @@ When enabled, this setting takes precedence over the other settings in this fold
 This setting does not prevent users from using other tools and methods to install or uninstall programs.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -497,12 +476,7 @@ If this setting is disabled or is not configured, the "Turn Windows features on
 This setting does not prevent users from using other tools and methods to configure services or enable or disable program components.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -577,12 +551,7 @@ If this feature is disabled or is not configured, the "Get new programs from Win
 > If the "Hide Programs control Panel" setting is enabled, this setting is ignored.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -595,8 +564,7 @@ ADMX Info:
 <!--/Policy-->
 <hr/>
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-admx-reliability.md b/windows/client-management/mdm/policy-csp-admx-reliability.md
index c5d4d1c0ef..90b7ddfb6a 100644
--- a/windows/client-management/mdm/policy-csp-admx-reliability.md
+++ b/windows/client-management/mdm/policy-csp-admx-reliability.md
@@ -13,8 +13,12 @@ manager: dansimp
 ---
 
 # Policy CSP - ADMX_Reliability
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <hr/>
 
@@ -101,12 +105,7 @@ If you do not configure this policy setting, the Persistent System Timestamp is
 > This feature might interfere with power configuration settings that turn off hard disks after a period of inactivity. These power settings may be accessed in the Power Options Control Panel.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -182,12 +181,7 @@ If you do not configure this policy setting, users can adjust this setting using
 Also see the "Configure Error Reporting" policy setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -266,12 +260,7 @@ If you do not configure this policy setting, the default behavior for the System
 > By default, the System State Data feature is always enabled on Windows Server 2003.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -352,12 +341,7 @@ If you do not configure this policy setting, the default behavior for the Shutdo
 > By default, the Shutdown Event Tracker is only displayed on computers running Windows Server.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -370,8 +354,7 @@ ADMX Info:
 <!--/Policy-->
 <hr/>
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md
index f4cf7d10ed..a6af07f6c6 100644
--- a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md
+++ b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md
@@ -13,8 +13,12 @@ manager: dansimp
 ---
 
 # Policy CSP - ADMX_RemoteAssistance
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <hr/>
 
@@ -92,12 +96,7 @@ If you disable this policy setting, computers running this version and a previou
 If you do not configure this policy setting, users can configure the setting in System Properties in the Control Panel.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -185,12 +184,7 @@ If you disable this policy setting, application-based settings are used.
 If you do not configure this policy setting, application-based settings are used.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -202,7 +196,6 @@ ADMX Info:
 <!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
-> [!NOTE]
-> These policies are for upcoming release.
+
 
 <!--/Policies-->
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-removablestorage.md b/windows/client-management/mdm/policy-csp-admx-removablestorage.md
index 2f66562c7a..da757e7ffe 100644
--- a/windows/client-management/mdm/policy-csp-admx-removablestorage.md
+++ b/windows/client-management/mdm/policy-csp-admx-removablestorage.md
@@ -13,8 +13,12 @@ manager: dansimp
 ---
 
 # Policy CSP - ADMX_RemovableStorage
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+>[!TIP]
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <hr/>
 
@@ -183,12 +187,7 @@ If you disable or do not configure this setting, the operating system does not f
 > If no reboot is forced, the access right does not take effect until the operating system is restarted.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -261,12 +260,7 @@ If you disable or do not configure this setting, the operating system does not f
 > If no reboot is forced, the access right does not take effect until the operating system is restarted.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -336,12 +330,7 @@ If you enable this policy setting, execute access is denied to this removable st
 If you disable or do not configure this policy setting, execute access is allowed to this removable storage class.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -410,12 +399,7 @@ If you enable this policy setting, read access is denied to this removable stora
 
 If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -485,12 +469,7 @@ If you enable this policy setting, read access is denied to this removable stora
 If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -560,12 +539,7 @@ If you enable this policy setting, write access is denied to this removable stor
 If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -635,12 +609,7 @@ If you enable this policy setting, write access is denied to this removable stor
 If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -710,12 +679,7 @@ If you enable this policy setting, read access is denied to these removable stor
 If you disable or do not configure this policy setting, read access is allowed to these removable storage classes.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -785,12 +749,7 @@ If you enable this policy setting, read access is denied to these removable stor
 If you disable or do not configure this policy setting, read access is allowed to these removable storage classes.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -860,12 +819,7 @@ If you enable this policy setting, write access is denied to these removable sto
 If you disable or do not configure this policy setting, write access is allowed to these removable storage classes.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -934,12 +888,7 @@ If you enable this policy setting, write access is denied to these removable sto
 If you disable or do not configure this policy setting, write access is allowed to these removable storage classes.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1008,12 +957,7 @@ If you enable this policy setting, execute access is denied to this removable st
 If you disable or do not configure this policy setting, execute access is allowed to this removable storage class.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1082,12 +1026,7 @@ If you enable this policy setting, read access is denied to this removable stora
 If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1156,12 +1095,7 @@ If you enable this policy setting, read access is denied to this removable stora
 If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1229,12 +1163,7 @@ If you enable this policy setting, write access is denied to this removable stor
 
 If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1303,12 +1232,7 @@ If you enable this policy setting, write access is denied to this removable stor
 If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1376,12 +1300,7 @@ If you enable this policy setting, execute access is denied to this removable st
 
 If you disable or do not configure this policy setting, execute access is allowed to this removable storage class.
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1450,12 +1369,7 @@ If you enable this policy setting, read access is denied to this removable stora
 If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1523,12 +1437,7 @@ If you enable this policy setting, read access is denied to this removable stora
 
 If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1600,12 +1509,7 @@ If you disable or do not configure this policy setting, write access is allowed
 > To require that users write data to BitLocker-protected storage, enable the policy setting "Deny write access to drives not protected by BitLocker," which is located in "Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives."
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1676,12 +1580,7 @@ If you enable this policy setting, no access is allowed to any removable storage
 If you disable or do not configure this policy setting, write and read accesses are allowed to all removable storage classes.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1752,12 +1651,7 @@ If you enable this policy setting, no access is allowed to any removable storage
 If you disable or do not configure this policy setting, write and read accesses are allowed to all removable storage classes.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1826,12 +1720,7 @@ If you enable this policy setting, remote users can open direct handles to remov
 If you disable or do not configure this policy setting, remote users cannot open direct handles to removable storage devices in remote sessions.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1900,12 +1789,7 @@ If you enable this policy setting, execute access is denied to this removable st
 If you disable or do not configure this policy setting, execute access is allowed to this removable storage class.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1973,12 +1857,7 @@ If you enable this policy setting, read access is denied to this removable stora
 
 If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2047,12 +1926,7 @@ If you enable this policy setting, read access is denied to this removable stora
 If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2120,12 +1994,7 @@ If you enable this policy setting, write access is denied to this removable stor
 
 If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2194,12 +2063,7 @@ If you enable this policy setting, write access is denied to this removable stor
 If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2268,12 +2132,7 @@ If you enable this policy setting, read access is denied to this removable stora
 If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2341,12 +2200,7 @@ If you enable this policy setting, read access is denied to this removable stora
 
 If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2415,12 +2269,7 @@ If you enable this policy setting, write access is denied to this removable stor
 If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2489,12 +2338,7 @@ If you enable this policy setting, write access is denied to this removable stor
 If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2506,7 +2350,6 @@ ADMX Info:
 <!--/Policy-->
 <hr/>
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
+
 
 <!--/Policies-->
\ No newline at end of file

From 543fd35c3f3e6df659e1ee852af28fdddf7d5e04 Mon Sep 17 00:00:00 2001
From: uisei <80758324+uisei@users.noreply.github.com>
Date: Fri, 24 Sep 2021 15:00:09 +0100
Subject: [PATCH 593/671] Azure AD temporary access pass

Based on feedback from customer in a case, the web sign-in is already restricted to Azure AD temporary access pass.
Otherwise you receive an error: AADSTS130506: Access Pass must be used for Web Sign In. Contact your admin to get an Access Pass.
---
 windows/whats-new/whats-new-windows-10-version-1809.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/whats-new/whats-new-windows-10-version-1809.md b/windows/whats-new/whats-new-windows-10-version-1809.md
index 6410248ff6..b1a660bf1a 100644
--- a/windows/whats-new/whats-new-windows-10-version-1809.md
+++ b/windows/whats-new/whats-new-windows-10-version-1809.md
@@ -247,7 +247,7 @@ Do you have shared devices deployed in your work place? **Fast sign-in** enables
 >[!IMPORTANT]
 >This is a private preview feature and therefore not meant or recommended for production purposes.
 
-Until now, Windows logon only supported the use of identities federated to ADFS or other providers that support the WS-Fed protocol. We are introducing **web sign-in**, a new way of signing into your Windows PC. Web sign-in enables Windows logon support for credentials not available on Windows (for example, Azure AD temporary access pass). Going forward, web sign-in will be restricted to only support Azure AD temporary access pass. 
+Until now, Windows logon only supported the use of identities federated to ADFS or other providers that support the WS-Fed protocol. We are introducing **web sign-in**, a new way of signing into your Windows PC. Web sign-in enables Windows logon support for credentials not available on Windows and it´s restricted to only support Azure AD temporary access pass.
 
 **To try out web sign-in:**
 1. Azure AD Join your Windows 10 PC. (Web sign-in is only supported on Azure AD Joined PCs).

From aac4b469d328ffeb9b7921da3302cdf18a403edd Mon Sep 17 00:00:00 2001
From: Greg Lindsay <greg.lindsay@microsoft.com>
Date: Fri, 24 Sep 2021 10:08:44 -0700
Subject: [PATCH 594/671] Update whats-new-windows-10-version-1809.md

---
 windows/whats-new/whats-new-windows-10-version-1809.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/whats-new/whats-new-windows-10-version-1809.md b/windows/whats-new/whats-new-windows-10-version-1809.md
index b1a660bf1a..a00511c390 100644
--- a/windows/whats-new/whats-new-windows-10-version-1809.md
+++ b/windows/whats-new/whats-new-windows-10-version-1809.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: greg-lindsay
-manager: laurawi
+manager: dougeby
 ms.author: greglin
 ms.localizationpriority: high
 ms.topic: article
@@ -247,7 +247,7 @@ Do you have shared devices deployed in your work place? **Fast sign-in** enables
 >[!IMPORTANT]
 >This is a private preview feature and therefore not meant or recommended for production purposes.
 
-Until now, Windows logon only supported the use of identities federated to ADFS or other providers that support the WS-Fed protocol. We are introducing **web sign-in**, a new way of signing into your Windows PC. Web sign-in enables Windows logon support for credentials not available on Windows and it´s restricted to only support Azure AD temporary access pass.
+Until now, Windows logon only supported the use of identities federated to ADFS or other providers that support the WS-Fed protocol. We are introducing **web sign-in**, a new way of signing into your Windows PC. Web sign-in enables Windows logon support for credentials not available on Windows. Web sign-in is restricted to only support Azure AD temporary access pass.
 
 **To try out web sign-in:**
 1. Azure AD Join your Windows 10 PC. (Web sign-in is only supported on Azure AD Joined PCs).

From 0c9ee789d670160e3c019c36816592e1ce6a96c5 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Mon, 27 Sep 2021 17:21:55 +0530
Subject: [PATCH 595/671] Updated

---
 .../mdm/policy-csp-abovelock.md               | 12 ++-
 .../mdm/policy-csp-accounts.md                | 54 +++++++----
 .../mdm/policy-csp-activexcontrols.md         | 21 +++--
 .../policy-csp-admx-activexinstallservice.md  | 32 +++----
 .../mdm/policy-csp-admx-addremoveprograms.md  | 89 ++++---------------
 .../mdm/policy-csp-admx-appcompat.md          | 64 ++-----------
 6 files changed, 96 insertions(+), 176 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md
index 36f429b833..b872c74469 100644
--- a/windows/client-management/mdm/policy-csp-abovelock.md
+++ b/windows/client-management/mdm/policy-csp-abovelock.md
@@ -46,19 +46,23 @@ manager: dansimp
 </tr>
 <tr>
     <td>Home</td>
-    <td>No</td><td>No</td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
+    <td>Yes</td>
+    <td>Yes</td>
 
 </table>
 
diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md
index 2416669864..ed466fe64a 100644
--- a/windows/client-management/mdm/policy-csp-accounts.md
+++ b/windows/client-management/mdm/policy-csp-accounts.md
@@ -48,27 +48,33 @@ manager: dansimp
 </tr>
 <tr>
     <td>Home</td>
-    <td>No</td><td>No</td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Mobile</td>
-    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Mobile Enterprise</td>
-    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -121,27 +127,33 @@ The following list shows the supported values:
 </tr>
 <tr>
     <td>Pro</td>
-    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Mobile</td>
-    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Mobile Enterprise</td>
-    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -191,27 +203,33 @@ The following list shows the supported values:
 </tr>
 <tr>
     <td>Pro</td>
-    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Mobile</td>
-    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Mobile Enterprise</td>
-    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md
index 05a023f63f..95c9e7d80b 100644
--- a/windows/client-management/mdm/policy-csp-activexcontrols.md
+++ b/windows/client-management/mdm/policy-csp-activexcontrols.md
@@ -14,6 +14,12 @@ manager: dansimp
 
 # Policy CSP - ActiveXControls
 
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 
 <hr/>
@@ -46,15 +52,18 @@ manager: dansimp
 </tr>
 <tr>
     <td>Pro</td>
-    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td>Yes, starting in Windows 10, version 1607</td><td>Yes</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </table>
 
 <!--/SupportedSKUs-->
@@ -79,12 +88,6 @@ If you disable or do not configure this policy setting, ActiveX controls prompt
 Note: Wild card characters cannot be used when specifying the host URLs.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
diff --git a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
index 6194474bad..c574952e31 100644
--- a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
+++ b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
@@ -13,8 +13,14 @@ manager: dansimp
 ---
 
 # Policy CSP - ADMX_ActiveXInstallService
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <hr/>
 
@@ -36,24 +42,28 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
     <th>Windows 10</th>
     <th>Windows 11</th>
 <tr>
     <td>Home</td>
-    <td>No</td><td>No</td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td>Yes, starting in Windows 10, version 1903</td><td>Yes</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td>Yes, starting in Windows 10, version 1903</td><td>Yes</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td>Yes, starting in Windows 10, version 1903</td><td>Yes</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </table>
 
 <!--/SupportedSKUs-->
@@ -81,12 +91,6 @@ If the trusted site uses the HTTPS protocol, this policy setting can also contro
 > This policy setting applies to all sites in Trusted zones.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -99,8 +103,6 @@ ADMX Info:
 <!--/Policy-->
 <hr/>
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
index 6e80fa4b4b..f7b9ef9ea1 100644
--- a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
+++ b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
@@ -14,8 +14,13 @@ manager: dansimp
 
 # Policy CSP - ADMX_AddRemovePrograms
 
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <hr/>
 
@@ -121,12 +126,6 @@ If you disable this setting or do not configure it, all programs (Category: All)
 > This setting is ignored if either the "Remove Add or Remove Programs" setting or the "Hide Add New Programs page" setting is enabled.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -176,8 +175,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
@@ -208,12 +207,6 @@ If you disable this setting or do not configure it, the "Add a program from CD-R
 > If the "Hide Add New Programs page" setting is enabled, this setting is ignored. Also, if the "Prevent removable media source for any install" setting (located in User Configuration\Administrative Templates\Windows Components\Windows Installer) is enabled, users cannot add programs from removable media, regardless of this setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -295,12 +288,7 @@ If you disable this setting or do not configure it, "Add programs from Microsoft
 > If the "Hide Add New Programs page" setting is enabled, this setting is ignored.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -384,12 +372,7 @@ If you disable this setting or do not configure it, "Add programs from your netw
 > If the "Hide Add New Programs page" setting is enabled, this setting is ignored.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -467,12 +450,7 @@ This policy setting removes the Add New Programs button from the Add or Remove P
 If you disable this setting or do not configure it, the Add New Programs button is available to all users. This setting does not prevent users from using other tools and methods to install programs.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -551,12 +529,7 @@ This policy setting prevents users from using Add or Remove Programs. This setti
 If you disable this setting or do not configure it, Add or Remove Programs is available to all users. When enabled, this setting takes precedence over the other settings in this folder. This setting does not prevent users from using other tools and methods to install or uninstall programs.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -636,12 +609,7 @@ If you disable this setting or do not configure it, the Set Program Access and D
 
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -719,12 +687,7 @@ This policy setting removes the Change or Remove Programs button from the Add or
 If you disable this setting or do not configure it, the Change or Remove Programs page is available to all users. This setting does not prevent users from using other tools and methods to delete or uninstall programs.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -806,12 +769,7 @@ If you disable this setting or do not configure it, "Set up services" appears on
 > When "Set up services" does not appear, clicking the Add/Remove Windows Components button starts the Windows Component Wizard immediately. Because the only remaining option on the Add/Remove Windows Components page starts the wizard, that option is selected automatically, and the page is bypassed. To remove "Set up services" and prevent the Windows Component Wizard from starting, enable the "Hide Add/Remove Windows Components page" setting. If the "Hide Add/Remove Windows Components page" setting is enabled, this setting is ignored.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -893,12 +851,6 @@ If you disable this setting or do not configure it, the Support Info hyperlink a
 > Not all programs provide a support information hyperlink.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -977,12 +929,7 @@ This policy setting removes the Add/Remove Windows Components button from the Ad
 If you disable this setting or do not configure it, the Add/Remove Windows Components button is available to all users. This setting does not prevent users from using other tools and methods to configure services or add or remove program components. However, this setting blocks user access to the Windows Component Wizard.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1003,8 +950,6 @@ ADMX Info:
 <!--/Validation-->
 <!--/Policy-->
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-admx-appcompat.md b/windows/client-management/mdm/policy-csp-admx-appcompat.md
index d3ca0e63c5..2708da9adc 100644
--- a/windows/client-management/mdm/policy-csp-admx-appcompat.md
+++ b/windows/client-management/mdm/policy-csp-admx-appcompat.md
@@ -14,8 +14,12 @@ manager: dansimp
 
 # Policy CSP - ADMX_AppCompat
 
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <hr/>
 
@@ -128,12 +132,6 @@ If the status is set to Not Configured, the OS falls back on a local policy set
 > This setting appears only in Computer Configuration.
 <!--/Description-->
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -205,12 +203,6 @@ Enabling this policy setting removes the property page from the context-menus, b
 
 <!--/Description-->
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -286,12 +278,6 @@ Disabling telemetry will take effect on any newly launched applications. To ensu
 
 <!--/Description-->
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -368,12 +354,6 @@ If you disable or do not configure this policy setting, the Switchback will be t
 Reboot the system after changing the setting to ensure that your system accurately reflects those changes.
 <!--/Description-->
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -451,12 +431,6 @@ This option is useful to server administrators who require faster performance an
 
 <!--/Description-->
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -524,12 +498,6 @@ This policy setting exists only for backward compatibility, and is not valid for
 
 <!--/Description-->
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -604,12 +572,6 @@ If you disable or do not configure this policy setting, the PCA will be turned o
 
 <!--/Description-->
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -683,12 +645,6 @@ If you disable or do not configure this policy setting, Steps Recorder will be e
 
 <!--/Description-->
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -765,12 +721,6 @@ If you disable or do not configure this policy setting, the Inventory Collector
 
 <!--/Description-->
 
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -782,8 +732,6 @@ ADMX Info:
 <!--/ADMXBacked-->
 <!--/Policy-->
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 <!--/Policies-->
 

From cfdf35de1e40ab11c4fbf2f2d6ab2c36cebd3583 Mon Sep 17 00:00:00 2001
From: Asha Iyengar <v-aiyengar@microsoft.com>
Date: Mon, 27 Sep 2021 19:19:25 +0530
Subject: [PATCH 596/671] Minor correction

---
 .../identity-protection/vpn/vpn-auto-trigger-profile.md         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md
index d457659b18..5054091e14 100644
--- a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md
+++ b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md
@@ -19,7 +19,7 @@ ms.author: dansimp
 -   Windows 10
 -   Windows 11
 
-In Windows 10 and Windows 11, a number of features were added to auto-trigger VPN so users won’t have to manually connect when VPN is needed to access necessary resources. There are three different types of auto-trigger rules: 
+In Windows 10 and Windows 11, a number of features have been added to auto-trigger VPN so users won’t have to manually connect when VPN is needed to access necessary resources. There are three different types of auto-trigger rules: 
 
 - App trigger
 - Name-based trigger

From ecfc4a369df8e59a30bec83f2df5e93baa2a3d2f Mon Sep 17 00:00:00 2001
From: Asha Iyengar <v-aiyengar@microsoft.com>
Date: Mon, 27 Sep 2021 19:32:49 +0530
Subject: [PATCH 597/671] Minor correction

---
 .../identity-protection/vpn/vpn-auto-trigger-profile.md         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md
index 5054091e14..128afcfee9 100644
--- a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md
+++ b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md
@@ -31,7 +31,7 @@ In Windows 10 and Windows 11, a number of features have been added to auto-trigg
 
 ## App trigger
 
-VPN profiles in Windows 10 and Windows 11 can be configured to connect automatically on the launch of a specified set of applications. You can configure desktop or Universal Windows Platform (UWP) apps to trigger a VPN connection. You can also configure per-app VPN and specify traffic rules for each app. See [Traffic filters](vpn-security-features.md#traffic-filters) for more details.
+VPN profiles in Windows 10 or Windows 11 can be configured to connect automatically on the launch of a specified set of applications. You can configure desktop or Universal Windows Platform (UWP) apps to trigger a VPN connection. You can also configure per-app VPN and specify traffic rules for each app. See [Traffic filters](vpn-security-features.md#traffic-filters) for more details.
 
 The app identifier for a desktop app is a file path. The app identifier for a UWP app is a package family name.
 

From d38a73b2c53b275b65ab5dbe3d5f908549cec532 Mon Sep 17 00:00:00 2001
From: Asha Iyengar <v-aiyengar@microsoft.com>
Date: Mon, 27 Sep 2021 19:36:25 +0530
Subject: [PATCH 598/671] Minor corrections

Also removed the following sentence, as we cannot have incomplete sentences in the documentation:

To create a Windows 11 VPN device configuration profile see:
---
 windows/security/identity-protection/vpn/vpn-guide.md | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/windows/security/identity-protection/vpn/vpn-guide.md b/windows/security/identity-protection/vpn/vpn-guide.md
index 0f5115c791..3f23cadc79 100644
--- a/windows/security/identity-protection/vpn/vpn-guide.md
+++ b/windows/security/identity-protection/vpn/vpn-guide.md
@@ -1,6 +1,6 @@
 ---
 title: Windows VPN technical guide (Windows 10 and Windows 11)
-description: Learn about decisions to make for Windows 10 and Windows 11 clients in your enterprise VPN solution and how to configure your deployment.
+description: Learn about decisions to make for Windows 10 or Windows 11 clients in your enterprise VPN solution and how to configure your deployment.
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -20,12 +20,10 @@ ms.author: dansimp
 - Windows 10
 - Windows 11
 
-This guide will walk you through the decisions you will make for Windows 10 and Windows 11 clients in your enterprise VPN solution and how to configure your deployment. This guide references the [VPNv2 Configuration Service Provider (CSP)](/windows/client-management/mdm/vpnv2-csp) and provides mobile device management (MDM) configuration instructions using Microsoft Intune and the VPN Profile template for Windows 10 and Windows 11.
+This guide will walk you through the decisions you will make for Windows 10 or Windows 11 clients in your enterprise VPN solution and how to configure your deployment. This guide references the [VPNv2 Configuration Service Provider (CSP)](/windows/client-management/mdm/vpnv2-csp) and provides mobile device management (MDM) configuration instructions using Microsoft Intune and the VPN Profile template for Windows 10 and Windows 11.
 
 To create a Windows 10 VPN device configuration profile see: [Windows 10 and Windows Holographic device settings to add VPN connections using Intune](/mem/intune/configuration/vpn-settings-windows-10).
 
-To create a Windows 11 VPN device configuration profile see:
-
 > [!NOTE]
 > This guide does not explain server deployment.
 
@@ -45,4 +43,4 @@ To create a Windows 11 VPN device configuration profile see:
 
 ## Learn more
 
-- [Create VPN profiles to connect to VPN servers in Intune](/mem/intune/configuration/vpn-settings-configure)
\ No newline at end of file
+- [Create VPN profiles to connect to VPN servers in Intune](/mem/intune/configuration/vpn-settings-configure)

From d0551f280a43b95c4568c7e92c5c2e85d55b7081 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Mon, 27 Sep 2021 21:13:01 +0500
Subject: [PATCH 599/671] Update policy-csp-timelanguagesettings.md

---
 .../client-management/mdm/policy-csp-timelanguagesettings.md   | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
index 8ef9349148..732cf867cc 100644
--- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md
+++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
@@ -76,6 +76,9 @@ manager: dansimp
 <!--Description-->
 Specifies the time zone to be applied to the device. This is the standard Windows name for the target time zone.
 
+> [!TIP]
+> To get the list of available time zones, run `Get-TimeZone -ListAvailable` in PowerShell.
+
 <!--/Description-->
 <!--SupportedValues-->
 

From 2dfc9da62b3fb802653f7c0f951e85ddf3847278 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Mon, 27 Sep 2021 10:48:42 -0700
Subject: [PATCH 600/671] fixing broken links

---
 windows/security/index.yml                       | 16 ++++++++--------
 .../windows-security-baselines.md                | 11 ++++-------
 2 files changed, 12 insertions(+), 15 deletions(-)

diff --git a/windows/security/index.yml b/windows/security/index.yml
index 64e0ecd4fb..d7f93945a5 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -38,7 +38,7 @@ landingContent:
       - linkListType: concept
         links:
         - text: Trusted Platform Module
-          url: /windows/security/information-protection/tpm/trusted-platform-module-top-node.md
+          url: information-protection/tpm/trusted-platform-module-top-node.md
         - text: Hardware-based root of trust
           url: threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md
         - text: System Guard Secure Launch and SMM protection
@@ -46,7 +46,7 @@ landingContent:
         - text: Virtualization-based protection of code integrity
           url: threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
         - text: Kernel DMA Protection
-          url: /windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
+          url: information-protection/kernel-dma-protection-for-thunderbolt.md
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)
@@ -109,7 +109,7 @@ landingContent:
         - text: Windows Credential Theft Mitigation
           url: identity-protection/windows-credential-theft-mitigation-guide-abstract.md
         - text: Protect domain credentials
-          url: /windows/security/identity-protection/credential-guard/credential-guard.md
+          url: identity-protection/credential-guard/credential-guard.md
         - text: Windows Defender Credential Guard
           url: identity-protection/credential-guard/credential-guard.md
         - text: Lost or forgotten passwords
@@ -151,13 +151,13 @@ landingContent:
       - linkListType: reference
         links:
           - text: Microsoft Security Development Lifecycle
-            url: /windows/security/threat-protection/msft-security-dev-lifecycle.md
+            url: threat-protection/msft-security-dev-lifecycle.md
           - text: Microsoft Bug Bounty
-            url: /windows/security/threat-protection/microsoft-bug-bounty-program.md
+            url: threat-protection/microsoft-bug-bounty-program.md
           - text: Common Criteria Certifications
-            url: /windows/security/threat-protection/windows-platform-common-criteria.md
+            url: threat-protection/windows-platform-common-criteria.md
           - text: Federal Information Processing Standard (FIPS) 140 Validation
-            url: /windows/security/threat-protection/fips-140-validation.md
+            url: threat-protection/fips-140-validation.md
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card (optional)
@@ -166,5 +166,5 @@ landingContent:
       - linkListType: reference
         links:
         - text: Windows and Privacy Compliance
-          url: /windows/privacy/windows-10-and-privacy-compliance.md
+          url: /windows/privacy/windows-10-and-privacy-compliance
 
diff --git a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md
index ce11769894..435be7648b 100644
--- a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md
+++ b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md
@@ -51,16 +51,13 @@ You can use security baselines to:
 
 ## Where can I get the security baselines? 
 
-[Windows MDM (Mobile Device Management) baselines](/mem/intune/protect/security-baseline-settings-mdm-all.md) are the settings that Microsoft Intune supports for devices that run Windows 10 and Windows 11. The default values for settings represent the recommended configuration for applicable devices.
+There are several ways to get and use security baselines:
 
-[MDM (Mobile Device Management) security baselines](/windows/client-management/mdm/#mdm-security-baseline.md) function like the Microsoft group policy-based security baselines and can easily integrate this into an existing MDM management tool. 
+1. You can download the security baselines from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=55319). This download page is for the Security Compliance Toolkit (SCT), which comprises tools that can assist admins in managing  baselines in addition to the security baselines. The security baselines are included in the [Security Compliance Toolkit (SCT)](security-compliance-toolkit-10.md), which can be downloaded from the Microsoft Download Center. The SCT also includes tools to help admins manage the security baselines. You can also [Get Support for the security baselines](get-support-for-security-baselines.md) 
 
-You can download the security baselines from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=55319). This download page is for the Security Compliance Toolkit (SCT), which comprises tools that can assist admins in managing  baselines in addition to the security baselines.
+2. [MDM (Mobile Device Management) security baselines](/windows/client-management/mdm/#mdm-security-baseline.md) function like the Microsoft group policy-based security baselines and can easily integrate this into an existing MDM management tool. 
 
-The security baselines are included in the [Security Compliance Toolkit (SCT)](security-compliance-toolkit-10.md), which can be downloaded from the Microsoft Download Center. The SCT also includes tools to help admins manage the security baselines. 
-
-[![Security Compliance Toolkit.](./../images/security-compliance-toolkit-1.png)](security-compliance-toolkit-10.md) 
-[![Get Support.](./../images/get-support.png)](get-support-for-security-baselines.md) 
+3. MDM Security baselines can easily be configures in Microsoft Endpoint Manager on devices that run Windows 10 and 11. The following article provides the detail steps: [Windows MDM (Mobile Device Management) baselines](/mem/intune/protect/security-baseline-settings-mdm-all.md).
 
 ## Community
 

From 28ac62dcb159d8eaba97289699b4b6ec0b146f4a Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Mon, 27 Sep 2021 11:42:02 -0700
Subject: [PATCH 601/671] WDAC landing page

---
 .../windows-defender-application-control/index.yml                | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 windows/security/threat-protection/windows-defender-application-control/index.yml

diff --git a/windows/security/threat-protection/windows-defender-application-control/index.yml b/windows/security/threat-protection/windows-defender-application-control/index.yml
new file mode 100644
index 0000000000..e69de29bb2

From 838fca04d007ed7517f040c9b2f080ef9ce54876 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Mon, 27 Sep 2021 11:42:14 -0700
Subject: [PATCH 602/671] WDAC landing

---
 .../index.yml                                 | 117 ++++++++++++++++++
 1 file changed, 117 insertions(+)

diff --git a/windows/security/threat-protection/windows-defender-application-control/index.yml b/windows/security/threat-protection/windows-defender-application-control/index.yml
index e69de29bb2..cc794d927c 100644
--- a/windows/security/threat-protection/windows-defender-application-control/index.yml
+++ b/windows/security/threat-protection/windows-defender-application-control/index.yml
@@ -0,0 +1,117 @@
+### YamlMime:Landing
+
+title: Application Control for Windows
+metadata:
+  title: Application Control for Windows
+  description: Landing page for Windows Defender Application Control
+# services: service
+# ms.service: microsoft-WDAC-AppLocker
+# ms.subservice: Application-Control
+# ms.topic: landing-page
+# author: Kim Klein
+# ms.author: Jordan Geurten 
+# manager: Jeffrey Sutherland
+# ms.update: 04/30/2021
+# linkListType: overview | how-to-guide | tutorial | video
+landingContent:
+# Cards and links should be based on top customer tasks or top subjects
+# Start card title with a verb
+  # Card
+  - title: Learn about Application Control
+    linkLists:
+      - linkListType: overview
+        links:
+          - text: What is WDAC (WDAC Overview)?
+            url: wdac-and-applocker-overview.md
+          - text: What is AppLocker?
+            url: applocker\applocker-overview.md
+          - text: WDAC and AppLocker feature availability
+            url: feature-availability.md  
+  # Card               
+  - title: Learn about Policy Design
+    linkLists:
+      - linkListType: overview
+        links:
+          - text: Using code signing to simplify application control
+            url: use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
+          - text: Recommended blocks 
+            url: microsoft-recommended-block-rules.md
+          - text: Recommended driver blocks 
+            url: microsoft-recommended-driver-block-rules.md
+          - text: Example policies
+            url: example-wdac-base-policies.md
+          - text: LOB Win32 apps on S Mode
+            url: LOB-win32-apps-on-s.md
+          - text: Managing multiple policies
+            url: deploy-multiple-windows-defender-application-control-policies.md
+      - linkListType: how-to-guide
+        links:
+          - text: Create a WDAC policy for a lightly managed device
+            url: create-wdac-policy-for-lightly-managed-devices.md
+          - text: Create a WDAC policy for a fully managed device
+            url: create-wdac-policy-for-fully-managed-devices.md
+          - text: Create a WDAC policy for a fixed-workload
+            url: create-initial-default-policy.md
+          - text: Using catalog files
+            url: deploy-catalog-files-to-support-windows-defender-application-control.md
+          - text: WDAC Wizard tool
+            url: wdac-wizard.md
+      #- linkListType: Tutorial (videos)
+      #  links:
+      #    - text: Using the WDAC Wizard
+      #      url:  video md
+      #    - text: Specifying custom values
+      #      url:  video md
+  # Card
+  - title: Learn about Policy Configuration
+    linkLists:
+      - linkListType: overview
+        links:
+          - text: Understanding policy and file rules
+            url: select-types-of-rules-to-create.md
+      - linkListType: how-to-guide
+        links:
+          - text: Allow managed installer and configure managed installer rules
+            url: configure-authorized-apps-deployed-with-a-managed-installer.md
+          - text: Allow reputable apps with ISG
+            url: use-windows-defender-application-control-with-intelligent-security-graph.md
+          - text: Managed MSIX and Appx Packaged Apps
+            url: manage-packaged-apps-with-windows-defender-application-control.md
+          - text: Allow com object registration
+            url: allow-com-object-registration-in-windows-defender-application-control-policy.md
+          - text: Manage plug-ins, add-ins and modules
+            url: use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md
+  # Card
+  - title: Learn how to deploy WDAC Policies
+    linkLists:
+      - linkListType: overview
+        links:
+          - text: Signed policies
+            url: use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
+          - text: Audit and enforce policies
+            url: audit-and-enforce-windows-defender-application-control-policies.md
+          - text: Disabling WDAC policies
+            url: disable-windows-defender-application-control-policies.md
+      - linkListType: tutorial
+        links:
+          - text: Deployment with MDM
+            url: deploy-windows-defender-application-control-policies-using-intune.md
+          - text: Deployment with MEMCM
+            url: deployment/deploy-wdac-policies-with-memcm.md
+          - text: Deployment with script and refresh policy
+            url: deployment/deploy-wdac-policies-with-script.md
+          - text: Deployment with Group Policy
+            url: deploy-windows-defender-application-control-policies-using-group-policy.md
+  # Card
+  - title: Learn how to monitor WDAC events
+    linkLists:
+      - linkListType: overview
+        links:
+          - text: Understanding event IDs
+            url: event-id-explanations.md
+          - text: Understanding event Tags
+            url: event-tag-explanations.md
+      - linkListType: how-to-guide
+        links:
+          - text: Querying using advanced hunting
+            url: querying-application-control-events-centrally-using-advanced-hunting.md
\ No newline at end of file

From c042afdbed4ae1d4e811f2277a97736f5ba9544e Mon Sep 17 00:00:00 2001
From: nandans-msft <91498973+nandans-msft@users.noreply.github.com>
Date: Mon, 27 Sep 2021 21:24:08 +0100
Subject: [PATCH 603/671] Link to Feature Updates Deployment

On line 53, added a link to the Feature Updates for Windows 10 documentation for added clarity.
---
 windows/whats-new/windows-11-prepare.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/whats-new/windows-11-prepare.md b/windows/whats-new/windows-11-prepare.md
index b301ed3de2..d8e46a6497 100644
--- a/windows/whats-new/windows-11-prepare.md
+++ b/windows/whats-new/windows-11-prepare.md
@@ -50,7 +50,7 @@ The tools that you use for core workloads during Windows 10 deployments can stil
     - The product field must specify Windows 11 in order for devices to upgrade to Windows 11. If only the target version field is configured, the device will be offered matching versions of the same product. 
     - For example, if a device is running <i>Windows 10, version 2004</i> and only the target version is configured to 21H1, this device will be offered version <i>Windows 10, version 21H1</i>, even if multiple products have a 21H1 version.
 - Quality update deferrals will continue to work the same across both Windows 10 and Windows 11. This is true regardless of which management tool you use to configure Windows Update for Business policies.
-- If you use Microsoft Intune and have a Microsoft 365 E3 license, you will be able to use feature update deployments to easily update devices from one release of Windows 10 to another, or to upgrade Windows 10 devices to Windows 11. You can also continue using the same update experience controls to manage Windows 10 and Windows 11. 
+- If you use Microsoft Intune and have a Microsoft 365 E3 license, you will be able to use [Feature Update Deployments](mem/intune/protect/windows-10-feature-updates) to easily update devices from one release of Windows 10 to another, or to upgrade Windows 10 devices to Windows 11. You can also continue using the same update experience controls to manage Windows 10 and Windows 11. 
 
 ## Cloud-based management
 

From ee789c0ceb1293a053e3a698d277a628c7d6c7d9 Mon Sep 17 00:00:00 2001
From: nandans-msft <91498973+nandans-msft@users.noreply.github.com>
Date: Mon, 27 Sep 2021 21:31:39 +0100
Subject: [PATCH 604/671] Extra clarification.

Line 53 - Added extra clarification for the Feature Update Deployment to indicate holds.
---
 windows/whats-new/windows-11-prepare.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/whats-new/windows-11-prepare.md b/windows/whats-new/windows-11-prepare.md
index d8e46a6497..11ae4f3231 100644
--- a/windows/whats-new/windows-11-prepare.md
+++ b/windows/whats-new/windows-11-prepare.md
@@ -50,7 +50,7 @@ The tools that you use for core workloads during Windows 10 deployments can stil
     - The product field must specify Windows 11 in order for devices to upgrade to Windows 11. If only the target version field is configured, the device will be offered matching versions of the same product. 
     - For example, if a device is running <i>Windows 10, version 2004</i> and only the target version is configured to 21H1, this device will be offered version <i>Windows 10, version 21H1</i>, even if multiple products have a 21H1 version.
 - Quality update deferrals will continue to work the same across both Windows 10 and Windows 11. This is true regardless of which management tool you use to configure Windows Update for Business policies.
-- If you use Microsoft Intune and have a Microsoft 365 E3 license, you will be able to use [Feature Update Deployments](mem/intune/protect/windows-10-feature-updates) to easily update devices from one release of Windows 10 to another, or to upgrade Windows 10 devices to Windows 11. You can also continue using the same update experience controls to manage Windows 10 and Windows 11. 
+- If you use Microsoft Intune and have a Microsoft 365 E3 license, you will be able to use [Feature Update Deployments](mem/intune/protect/windows-10-feature-updates) to easily update devices from one release of Windows 10 to another, or to upgrade Windows 10 devices to Windows 11. You can also continue using the same update experience controls to manage Windows 10 and Windows 11. If you aren’t ready to move to Windows 11, keep the Feature Update Deployment at the version you are currently on. When you are ready to start upgrading devices, change the feature update deployment setting to specify Windows 11. 
 
 ## Cloud-based management
 

From 2a904b020deeb70aab049c0fafe9871edb7750d6 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Mon, 27 Sep 2021 13:45:33 -0700
Subject: [PATCH 605/671] Acrolinx: "certficates"

---
 .../security/identity-protection/vpn/vpn-authentication.md    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/identity-protection/vpn/vpn-authentication.md b/windows/security/identity-protection/vpn/vpn-authentication.md
index 3bbf5138a7..77824138a9 100644
--- a/windows/security/identity-protection/vpn/vpn-authentication.md
+++ b/windows/security/identity-protection/vpn/vpn-authentication.md
@@ -27,7 +27,7 @@ Windows supports a number of EAP authentication methods.
 <thead><tr><th>Method</th><th>Details</th></thead>
 <tbody>
 <tr><td>EAP-Microsoft Challenge Handshake Authentication Protocol version 2 (EAP-MSCHAPv2)</td><td><ul><li>User name and password authentication</li><li>Winlogon credentials - can specify authentication with computer sign-in credentials</li></ul></td></tr>
-<tr><td>EAP-Transport Layer Security (EAP-TLS) </td><td><ul><li>Supports the following types of certificate authentication<ul><li>Certificate with keys in the software Key Storage Provider (KSP)</li><li>Certificate with keys in Trusted Platform Module (TPM) KSP</li><li>Smart card certficates</li><li>Windows Hello for Business certificate</li></ul></li><li>Certificate filtering<ul><li>Certificate filtering can be enabled to search for a particular certificate to use to authenticate with</li><li>Filtering can be Issuer-based or Enhanced Key Usage (EKU)-based</li></ul></li><li>Server validation - with TLS, server validation can be toggled on or off<ul><li>Server name - specify the server to validate</li><li>Server certificate - trusted root certificate to validate the server</li><li>Notification - specify if the user should get a notification asking whether to trust the server or not</li></ul></li></ul></td></tr>
+<tr><td>EAP-Transport Layer Security (EAP-TLS) </td><td><ul><li>Supports the following types of certificate authentication<ul><li>Certificate with keys in the software Key Storage Provider (KSP)</li><li>Certificate with keys in Trusted Platform Module (TPM) KSP</li><li>Smart card certificates</li><li>Windows Hello for Business certificate</li></ul></li><li>Certificate filtering<ul><li>Certificate filtering can be enabled to search for a particular certificate to use to authenticate with</li><li>Filtering can be Issuer-based or Enhanced Key Usage (EKU)-based</li></ul></li><li>Server validation - with TLS, server validation can be toggled on or off<ul><li>Server name - specify the server to validate</li><li>Server certificate - trusted root certificate to validate the server</li><li>Notification - specify if the user should get a notification asking whether to trust the server or not</li></ul></li></ul></td></tr>
 <tr><td><a href="/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754179(v=ws.11)">Protected Extensible Authentication Protocol (PEAP)</a></td><td><ul><li>Server validation - with PEAP, server validation can be toggled on or off<ul><li>Server name - specify the server to validate</li><li>Server certificate - trusted root certificate to validate the server</li><li>Notification - specify if the user should get a notification asking whether to trust the server or not</li></ul></li><li>Inner method - the outer method creates a secure tunnel inside while the inner method is used to complete the authentication<ul><li>EAP-MSCHAPv2</li><li>EAP-TLS</li></ul><li>Fast Reconnect: reduces the delay between an authentication request by a client and the response by the Network Policy Server (NPS) or other Remote Authentication Dial-in User Service (RADIUS) server. This reduces resource requirements for both client and server, and minimizes the number of times that users are prompted for credentials.<li><a href="/openspecs/windows_protocols/ms-peap/757a16c7-0826-4ba9-bb71-8c3f1339e937">Cryptobinding</a>: By deriving and exchanging values from the PEAP phase 1 key material (<b>Tunnel Key</b>) and from the PEAP phase 2 inner EAP method key material (<b>Inner Session Key</b>), it is possible to prove that the two authentications terminate at the same two entities (PEAP peer and PEAP server). This process, termed "cryptobinding", is used to protect the PEAP negotiation against "Man in the Middle" attacks.</li></li></ul></td></tr>
 <tr><td>Tunneled Transport Layer Security (TTLS)</td><td><ul><li>Inner method<ul><li>Non-EAP<ul><li>Password Authentication Protocol (PAP)</li><li>CHAP</li><li>MSCHAP</li><li>MSCHAPv2</li></ul></li><li>EAP<ul><li>MSCHAPv2</li><li>TLS</li></ul></li></ul></li><li>Server validation: in TTLS, the server must be validated. The following can be configured:<ul><li>Server name</li><li>Trusted root certificate for server certificate</li><li>Whether there should be a server validation notification</li></ul></li></ul></td></tr></tbody>
 </table>
@@ -62,4 +62,4 @@ The following image shows the field for EAP XML in a Microsoft Intune VPN profil
 - [VPN name resolution](vpn-name-resolution.md)
 - [VPN auto-triggered profile options](vpn-auto-trigger-profile.md)
 - [VPN security features](vpn-security-features.md)
-- [VPN profile options](vpn-profile-options.md)
\ No newline at end of file
+- [VPN profile options](vpn-profile-options.md)

From 868d1f60442f6e1b61e4875f175248c560fa530e Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Mon, 27 Sep 2021 13:49:21 -0700
Subject: [PATCH 606/671] Labeled code blocks; added vertical spacing

---
 .../vpn/vpn-profile-options.md                | 20 +++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/windows/security/identity-protection/vpn/vpn-profile-options.md b/windows/security/identity-protection/vpn/vpn-profile-options.md
index 5e9b0572db..8e683158b9 100644
--- a/windows/security/identity-protection/vpn/vpn-profile-options.md
+++ b/windows/security/identity-protection/vpn/vpn-profile-options.md
@@ -56,7 +56,7 @@ The ProfileXML node was added to the VPNv2 CSP to allow users to deploy VPN prof
 
 The following is a sample Native VPN profile. This blob would fall under the ProfileXML node. 
 
-```
+```xml
 <VPNProfile>  
   <ProfileName>TestVpnProfile</ProfileName>  
   <NativeProfile>  
@@ -222,7 +222,7 @@ The following is a sample Native VPN profile. This blob would fall under the Pro
 
 The following is a sample plug-in VPN profile. This blob would fall under the ProfileXML node. 
 
-```
+```xml
 <VPNProfile>
 	<ProfileName>TestVpnProfile</ProfileName>
 	<PluginProfile>
@@ -294,7 +294,6 @@ The following is a sample plug-in VPN profile. This blob would fall under the Pr
 		<AutoConfigUrl>Helloworld.Com</AutoConfigUrl>
 	</Proxy>
 </VPNProfile>  
-
 ```
 
 ## Apply ProfileXML using Intune
@@ -302,18 +301,31 @@ The following is a sample plug-in VPN profile. This blob would fall under the Pr
 After you configure the settings that you want using ProfileXML, you can apply it using Intune and a **Custom Configuration (Windows 10 or Windows 11 Desktop and Mobile and later)** policy.
 
 1. Sign into the [Azure portal](https://portal.azure.com).
+
 2. Go to **Intune** > **Device Configuration** > **Profiles**.
+
 3. Click **Create Profile**.
+
 4. Enter a name and (optionally) a description.
+
 5. Choose **Windows 10 and later** as the platform.
+
 6. Choose **Custom** as the profile type and click **Add**.
+
 8. Enter a name and (optionally) a description.
+
 9. Enter the OMA-URI **./user/vendor/MSFT/VPNv2/_VPN profile name_/ProfileXML**.
+
 10. Set Data type to **String (XML file)**.
+
 11. Upload the profile XML file.
+
 12. Click **OK**.
+
     ![Custom VPN profile.](images/custom-vpn-profile.png)
+
 13. Click **OK**, then **Create**.
+
 14. Assign the profile.
 
 
@@ -332,4 +344,4 @@ After you configure the settings that you want using ProfileXML, you can apply i
 - [VPN and conditional access](vpn-conditional-access.md)
 - [VPN name resolution](vpn-name-resolution.md)
 - [VPN auto-triggered profile options](vpn-auto-trigger-profile.md)
-- [VPN security features](vpn-security-features.md)
\ No newline at end of file
+- [VPN security features](vpn-security-features.md)

From 2a261bac7590e6a8a14913c99b3e652de542ed68 Mon Sep 17 00:00:00 2001
From: nandans-msft <91498973+nandans-msft@users.noreply.github.com>
Date: Mon, 27 Sep 2021 21:54:17 +0100
Subject: [PATCH 607/671] Changing upper case in link

Line 54 - changing upper case letters in the link as suggested by JaimeO.
---
 windows/whats-new/windows-11-prepare.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/whats-new/windows-11-prepare.md b/windows/whats-new/windows-11-prepare.md
index 11ae4f3231..ad8033c027 100644
--- a/windows/whats-new/windows-11-prepare.md
+++ b/windows/whats-new/windows-11-prepare.md
@@ -50,7 +50,7 @@ The tools that you use for core workloads during Windows 10 deployments can stil
     - The product field must specify Windows 11 in order for devices to upgrade to Windows 11. If only the target version field is configured, the device will be offered matching versions of the same product. 
     - For example, if a device is running <i>Windows 10, version 2004</i> and only the target version is configured to 21H1, this device will be offered version <i>Windows 10, version 21H1</i>, even if multiple products have a 21H1 version.
 - Quality update deferrals will continue to work the same across both Windows 10 and Windows 11. This is true regardless of which management tool you use to configure Windows Update for Business policies.
-- If you use Microsoft Intune and have a Microsoft 365 E3 license, you will be able to use [Feature Update Deployments](mem/intune/protect/windows-10-feature-updates) to easily update devices from one release of Windows 10 to another, or to upgrade Windows 10 devices to Windows 11. You can also continue using the same update experience controls to manage Windows 10 and Windows 11. If you aren’t ready to move to Windows 11, keep the Feature Update Deployment at the version you are currently on. When you are ready to start upgrading devices, change the feature update deployment setting to specify Windows 11. 
+- If you use Microsoft Intune and have a Microsoft 365 E3 license, you will be able to use [feature update deployments](mem/intune/protect/windows-10-feature-updates) to easily update devices from one release of Windows 10 to another, or to upgrade Windows 10 devices to Windows 11. You can also continue using the same update experience controls to manage Windows 10 and Windows 11. If you aren’t ready to move to Windows 11, keep the Feature Update Deployment at the version you are currently on. When you are ready to start upgrading devices, change the feature update deployment setting to specify Windows 11. 
 
 ## Cloud-based management
 

From 386d9ee05ffd8ebdebd34d6b773e0e5a339179e7 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Mon, 27 Sep 2021 13:55:10 -0700
Subject: [PATCH 608/671] Update
 windows/security/threat-protection/windows-defender-application-control/index.yml

Co-authored-by: Jordan Geurten <jogeurte@microsoft.com>
---
 .../windows-defender-application-control/index.yml              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/index.yml b/windows/security/threat-protection/windows-defender-application-control/index.yml
index cc794d927c..1d905f2f89 100644
--- a/windows/security/threat-protection/windows-defender-application-control/index.yml
+++ b/windows/security/threat-protection/windows-defender-application-control/index.yml
@@ -21,7 +21,7 @@ landingContent:
     linkLists:
       - linkListType: overview
         links:
-          - text: What is WDAC (WDAC Overview)?
+          - text: What is Windows Defender Application Control (WDAC)?
             url: wdac-and-applocker-overview.md
           - text: What is AppLocker?
             url: applocker\applocker-overview.md

From 38ebbb7e4fe790a86d1b167355629d69bd6c79ea Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Mon, 27 Sep 2021 13:55:24 -0700
Subject: [PATCH 609/671] Update
 windows/security/threat-protection/windows-defender-application-control/index.yml

Co-authored-by: Jordan Geurten <jogeurte@microsoft.com>
---
 .../windows-defender-application-control/index.yml              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/index.yml b/windows/security/threat-protection/windows-defender-application-control/index.yml
index 1d905f2f89..9f25459a54 100644
--- a/windows/security/threat-protection/windows-defender-application-control/index.yml
+++ b/windows/security/threat-protection/windows-defender-application-control/index.yml
@@ -113,5 +113,5 @@ landingContent:
             url: event-tag-explanations.md
       - linkListType: how-to-guide
         links:
-          - text: Querying using advanced hunting
+          - text: Querying events using advanced hunting
             url: querying-application-control-events-centrally-using-advanced-hunting.md
\ No newline at end of file

From d6008c20c83972e42fdbcb7d6114e6f07e860876 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Mon, 27 Sep 2021 13:55:41 -0700
Subject: [PATCH 610/671] Update
 windows/security/threat-protection/windows-defender-application-control/index.yml

Co-authored-by: Jordan Geurten <jogeurte@microsoft.com>
---
 .../windows-defender-application-control/index.yml              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/index.yml b/windows/security/threat-protection/windows-defender-application-control/index.yml
index 9f25459a54..aa94483b51 100644
--- a/windows/security/threat-protection/windows-defender-application-control/index.yml
+++ b/windows/security/threat-protection/windows-defender-application-control/index.yml
@@ -86,7 +86,7 @@ landingContent:
     linkLists:
       - linkListType: overview
         links:
-          - text: Signed policies
+          - text: Using signed policies to protect against tampering
             url: use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
           - text: Audit and enforce policies
             url: audit-and-enforce-windows-defender-application-control-policies.md

From a4eeae92e3e73dab56ce82e59916f7464d834839 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Mon, 27 Sep 2021 13:55:50 -0700
Subject: [PATCH 611/671] Update
 windows/security/threat-protection/windows-defender-application-control/index.yml

Co-authored-by: Jordan Geurten <jogeurte@microsoft.com>
---
 .../windows-defender-application-control/index.yml              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/index.yml b/windows/security/threat-protection/windows-defender-application-control/index.yml
index aa94483b51..1dfb1ad68e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/index.yml
+++ b/windows/security/threat-protection/windows-defender-application-control/index.yml
@@ -52,7 +52,7 @@ landingContent:
             url: create-wdac-policy-for-fully-managed-devices.md
           - text: Create a WDAC policy for a fixed-workload
             url: create-initial-default-policy.md
-          - text: Using catalog files
+          - text: Deploying catalog files for WDAC management
             url: deploy-catalog-files-to-support-windows-defender-application-control.md
           - text: WDAC Wizard tool
             url: wdac-wizard.md

From a8b34e773e5a2f3517b070a4cf723969729711e2 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Mon, 27 Sep 2021 13:55:58 -0700
Subject: [PATCH 612/671] Update
 windows/security/threat-protection/windows-defender-application-control/index.yml

Co-authored-by: Jordan Geurten <jogeurte@microsoft.com>
---
 .../windows-defender-application-control/index.yml              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/index.yml b/windows/security/threat-protection/windows-defender-application-control/index.yml
index 1dfb1ad68e..a7ad5b3447 100644
--- a/windows/security/threat-protection/windows-defender-application-control/index.yml
+++ b/windows/security/threat-protection/windows-defender-application-control/index.yml
@@ -38,7 +38,7 @@ landingContent:
             url: microsoft-recommended-block-rules.md
           - text: Recommended driver blocks 
             url: microsoft-recommended-driver-block-rules.md
-          - text: Example policies
+          - text: Example WDAC policies
             url: example-wdac-base-policies.md
           - text: LOB Win32 apps on S Mode
             url: LOB-win32-apps-on-s.md

From f80a7eab76ad2e0720d26d7c289ea0d8fce51929 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Mon, 27 Sep 2021 13:56:12 -0700
Subject: [PATCH 613/671] Update
 windows/security/threat-protection/windows-defender-application-control/index.yml

Co-authored-by: Jordan Geurten <jogeurte@microsoft.com>
---
 .../windows-defender-application-control/index.yml              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/index.yml b/windows/security/threat-protection/windows-defender-application-control/index.yml
index a7ad5b3447..ef19a07a45 100644
--- a/windows/security/threat-protection/windows-defender-application-control/index.yml
+++ b/windows/security/threat-protection/windows-defender-application-control/index.yml
@@ -36,7 +36,7 @@ landingContent:
             url: use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
           - text: Recommended blocks 
             url: microsoft-recommended-block-rules.md
-          - text: Recommended driver blocks 
+          - text: Microsoft's Recommended Driver Blocklist
             url: microsoft-recommended-driver-block-rules.md
           - text: Example WDAC policies
             url: example-wdac-base-policies.md

From bb6509fd97d5ff8645046187ef4cd8a97f4f0081 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Mon, 27 Sep 2021 13:56:23 -0700
Subject: [PATCH 614/671] Update
 windows/security/threat-protection/windows-defender-application-control/index.yml

Co-authored-by: Jordan Geurten <jogeurte@microsoft.com>
---
 .../windows-defender-application-control/index.yml              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/index.yml b/windows/security/threat-protection/windows-defender-application-control/index.yml
index ef19a07a45..461c852493 100644
--- a/windows/security/threat-protection/windows-defender-application-control/index.yml
+++ b/windows/security/threat-protection/windows-defender-application-control/index.yml
@@ -34,7 +34,7 @@ landingContent:
         links:
           - text: Using code signing to simplify application control
             url: use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
-          - text: Recommended blocks 
+          - text: Microsoft's Recommended Blocklist
             url: microsoft-recommended-block-rules.md
           - text: Microsoft's Recommended Driver Blocklist
             url: microsoft-recommended-driver-block-rules.md

From 72a76311c9e3acf95041ab4d6622c700ed979eb6 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Mon, 27 Sep 2021 13:56:34 -0700
Subject: [PATCH 615/671] Update
 windows/security/threat-protection/windows-defender-application-control/index.yml

Co-authored-by: Jordan Geurten <jogeurte@microsoft.com>
---
 .../windows-defender-application-control/index.yml              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/index.yml b/windows/security/threat-protection/windows-defender-application-control/index.yml
index 461c852493..ef5892459f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/index.yml
+++ b/windows/security/threat-protection/windows-defender-application-control/index.yml
@@ -54,7 +54,7 @@ landingContent:
             url: create-initial-default-policy.md
           - text: Deploying catalog files for WDAC management
             url: deploy-catalog-files-to-support-windows-defender-application-control.md
-          - text: WDAC Wizard tool
+          - text: Using the WDAC Wizard
             url: wdac-wizard.md
       #- linkListType: Tutorial (videos)
       #  links:

From 61b73948e29f1d500056eeea83417868d1d995ce Mon Sep 17 00:00:00 2001
From: nandans-msft <91498973+nandans-msft@users.noreply.github.com>
Date: Mon, 27 Sep 2021 22:03:05 +0100
Subject: [PATCH 616/671] Minor tweaks

Line 53 - changed the second occurrence of feature update deployments to lower case, added "set at the version...".
---
 windows/whats-new/windows-11-prepare.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/whats-new/windows-11-prepare.md b/windows/whats-new/windows-11-prepare.md
index ad8033c027..da063c4529 100644
--- a/windows/whats-new/windows-11-prepare.md
+++ b/windows/whats-new/windows-11-prepare.md
@@ -50,7 +50,7 @@ The tools that you use for core workloads during Windows 10 deployments can stil
     - The product field must specify Windows 11 in order for devices to upgrade to Windows 11. If only the target version field is configured, the device will be offered matching versions of the same product. 
     - For example, if a device is running <i>Windows 10, version 2004</i> and only the target version is configured to 21H1, this device will be offered version <i>Windows 10, version 21H1</i>, even if multiple products have a 21H1 version.
 - Quality update deferrals will continue to work the same across both Windows 10 and Windows 11. This is true regardless of which management tool you use to configure Windows Update for Business policies.
-- If you use Microsoft Intune and have a Microsoft 365 E3 license, you will be able to use [feature update deployments](mem/intune/protect/windows-10-feature-updates) to easily update devices from one release of Windows 10 to another, or to upgrade Windows 10 devices to Windows 11. You can also continue using the same update experience controls to manage Windows 10 and Windows 11. If you aren’t ready to move to Windows 11, keep the Feature Update Deployment at the version you are currently on. When you are ready to start upgrading devices, change the feature update deployment setting to specify Windows 11. 
+- If you use Microsoft Intune and have a Microsoft 365 E3 license, you will be able to use [feature update deployments](/mem/intune/protect/windows-10-feature-updates) to easily update devices from one release of Windows 10 to another, or to upgrade Windows 10 devices to Windows 11. You can also continue using the same update experience controls to manage Windows 10 and Windows 11. If you aren’t ready to move to Windows 11, keep the feature update version set at the version you are currently on. When you are ready to start upgrading devices, change the feature update deployment setting to specify Windows 11. 
 
 ## Cloud-based management
 

From fecb25bdd9a571843207297922dd1ae728721346 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Mon, 27 Sep 2021 14:20:39 -0700
Subject: [PATCH 617/671] edits

---
 .../TOC.yml                                   |  3 +++
 .../zero-trust-windows-device-health.md       | 19 ++++++++++---------
 2 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.yml b/windows/security/threat-protection/windows-defender-application-control/TOC.yml
index c867f6aee4..6e2bbdd64b 100644
--- a/windows/security/threat-protection/windows-defender-application-control/TOC.yml
+++ b/windows/security/threat-protection/windows-defender-application-control/TOC.yml
@@ -1,5 +1,8 @@
 - name: Application Control for Windows
+  href: index.yml
+- name: About application control for Windows
   href: windows-defender-application-control.md
+  expanded: true
   items: 
     - name: WDAC and AppLocker Overview
       href: wdac-and-applocker-overview.md
diff --git a/windows/security/zero-trust-windows-device-health.md b/windows/security/zero-trust-windows-device-health.md
index 259a09da92..17f22fad49 100644
--- a/windows/security/zero-trust-windows-device-health.md
+++ b/windows/security/zero-trust-windows-device-health.md
@@ -25,23 +25,24 @@ The [Zero Trust Principles](https://www.microsoft.com/security/business/zero-tru
 
 - **Assume breach**. Prevent attackers from obtaining access to minimize potential damage to data and systems. Protect privileged roles, verify end-to-end encryption, use analytics to get visibility, and drive threat detection to improve defenses.
 
-For Windows 11, the Zero Trust concept of verify explicitly applies to the risks introduced by both devices and users. Windows 11 provides IT administrators the attestation and measurements to determine whether a device meets requirements and can be trusted. And Windows 11 works out of the box with Microsoft Intune and Azure Active Directory, so access decisions and enforcement are seamless. Plus, IT Administrators can easily customize Windows 11 to meet specific user and policy requirements for access, privacy, compliance, and more.
+The Zero Trust concept of **verify explicitly** applies to the risks introduced by both devices and users. Windows provides IT administrators the attestation and measurements to determine whether a device meets requirements and can be trusted. Microsoft Intune and Azure Active Directory can be used to manage and enforce access. Plus, IT Administrators can easily customize Windows to meet specific user and policy requirements for access, privacy, compliance, and more.
 
 ## Device health attestation on Windows
-Zero Trust principles state that all endpoints are untrusted unless they are verified. The verification process uses remote attestation as the secure channel to determine and present the device’s health. Remote attestation determines:
-
-- If the device can be trusted. The determination is made with the help of a secure root of trust (Trusted Platform Module). Devices can attest that the TPM is enabled and in the attestation flow.
-
-- If the OS booted correctly. Many security risks can emerge during the boot process as this process can be the most privileged component of the whole system.
+ Many security risks can emerge during the boot process as this process can be the most privileged component of the whole system. Zero Trust principles state that all endpoints are untrusted unless they are verified. The verification process uses remote attestation as the secure channel to determine and present the device’s health. Remote attestation determines:
 
+- If the device can be trusted.
+- If the operating system booted correctly.
 - If the OS has the right set of security features enabled.
-Windows includes many security features to help protect users from malware and attacks. However, trusting the Windows security components can only be achieved if the platform boots as expected and was not tampered with. Windows relies on Unified Extensible Firmware Interface (UEFI) Secure Boot, ELAM, DRTM, Trusted Boot and other low-level hardware and firmware security features to protect your PC from attacks. When you power on your PC until your anti-malware starts, Windows is backed with the appropriate hardware configurations helps keep you safe. [Measured and Trusted boot](information-protection/secure-the-windows-10-boot-process.md), implemented by bootloaders and BIOS, verifies and cryptographically records each step of the boot in a chained manner. These events are bound to a security coprocessor (TPM) that acts as the Root of Trust. Remote Attestation is the mechanism by which these events are read and verified by a service to provide a verifiable, unbiased, and tamper resilient report. Remote attestation is the trusted auditor of your systems boot, allowing relying parties to bind trust to the device and its security. 
+
+These determinations are made with the help of a secure root of trust using the Trusted Platform Module (TPM). Devices can attest that the TPM is enabled in the attestation flow, and that the device has not been tampered with. 
+
+Windows includes many security features to help protect users from malware and attacks. However, trusting the Windows security components can only be achieved if the platform boots as expected and was not tampered with. Windows relies on Unified Extensible Firmware Interface (UEFI) Secure Boot, Early-launch antimalware (ELAM), Dynamic Root of Trust for Measurement (DRTM), Trusted Boot, and other low-level hardware and firmware security features. When you power on your PC until your anti-malware starts, Windows is backed with the appropriate hardware configuration to help keep you safe. [Measured and Trusted boot](information-protection/secure-the-windows-10-boot-process.md), implemented by bootloaders and BIOS, verifies and cryptographically records each step of the boot in a chained manner. These events are bound to a security coprocessor (TPM) that acts as the Root of Trust. Remote Attestation is the mechanism by which these events are read and verified by a service to provide a verifiable, unbiased, and tamper resilient report. Remote attestation is the trusted auditor of your system's boot, allowing specific entities to trust the device. 
 
 A summary of the steps involved in attestation and Zero Trust on the device side are as follows:
 
 1. During each step of the boot process, such as a file load, update of special variables, and more, information such as file hashes and signature are measured in the TPM PCRs. The measurements are bound by a [Trusted Computing Group specification](https://trustedcomputinggroup.org/resource/pc-client-platform-tpm-profile-ptp-specification/) (TCG) that dictates what events can be recorded and the format of each event.
 
-2. Once Windows has booted, the attestor/verifier requests the TPM to fetch the measurements stored in its Platform Configuration Register (PCR) alongside a TCG log. Both of these together form the attestation evidence that’s sent to the attestation service (learn more about the attestation service below).
+2. Once Windows has booted, the attestor/verifier requests the TPM to fetch the measurements stored in its Platform Configuration Register (PCR) alongside a TCG log. Both of these together form the attestation evidence that is then sent to the attestation service.
 
 3. The TPM is verified by using the keys/cryptographic material available on the chipset with an [Azure Certificate Service](/windows-server/identity/ad-ds/manage/component-updates/tpm-key-attestation).
 
@@ -57,7 +58,7 @@ A summary of the steps involved in attestation and Zero Trust on the device side
 
 7. The device then sends the report to the MEM cloud to assess the trustworthiness of the platform according to the admin-configured device compliance rules.
 
-8. Conditional access, along with device-compliance state then decides to grant access to protected resource or not.
+8. Conditional access, along with device-compliance state then decides to allow or deny access.
 
 ## Additional Resources
 

From 0f4818f4450a47084d35bd9984847baffc036b65 Mon Sep 17 00:00:00 2001
From: mapalko <mapalko@microsoft.com>
Date: Mon, 27 Sep 2021 14:30:35 -0700
Subject: [PATCH 618/671] fixing date on multi-camera support in WHFB FAQ

---
 .../identity-protection/hello-for-business/hello-faq.yml        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml
index 405b6710ad..d2bee6b47c 100644
--- a/windows/security/identity-protection/hello-for-business/hello-faq.yml
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml
@@ -71,7 +71,7 @@ sections:
 
       - question: Can I use an external Windows Hello compatible camera when my laptop is closed or docked?
         answer: |
-          Yes. Starting with Windows 10, version 21H2 an external Windows Hello compatible camera can be used if a device already supports an internal Windows Hello camera. When both cameras are present, the external camera will be be used for face authentication. For more information see [IT tools to support Windows 10, version 21H1](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/it-tools-to-support-windows-10-version-21h1/ba-p/2365103).
+          Yes. Starting with Windows 10, version 21H1 an external Windows Hello compatible camera can be used if a device already supports an internal Windows Hello camera. When both cameras are present, the external camera will be be used for face authentication. For more information see [IT tools to support Windows 10, version 21H1](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/it-tools-to-support-windows-10-version-21h1/ba-p/2365103).
 
       - question: Why does authentication fail immediately after provisioning hybrid key trust?
         answer: |

From e2aadb9625e489d40c5f35c0ff6310322dd9a6b6 Mon Sep 17 00:00:00 2001
From: mapalko <mapalko@microsoft.com>
Date: Mon, 27 Sep 2021 15:08:27 -0700
Subject: [PATCH 619/671] Adding not that MDM cert trust policy should not be
 configured when deploying certs via scep

---
 .../hello-hybrid-aadj-sso-cert.md             | 130 ++++++++++++++----
 1 file changed, 100 insertions(+), 30 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
index 61eb44f8f8..ccb1a890ff 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
@@ -33,6 +33,7 @@ If you plan to use certificates for on-premises single-sign on, then follow thes
 > Ensure you have performed the configurations in [Azure AD joined devices for On-premises Single-Sign On](hello-hybrid-aadj-sso-base.md) before you continue.
 
 Steps you will perform include:
+
 - [Prepare Azure AD Connect](#prepare-azure-ad-connect)
 - [Prepare the Network Device Enrollment Services Service Account](#prepare-the-network-device-enrollment-services-ndes-service-account)
 - [Prepare Active Directory Certificate Services](#prepare-active-directory-certificate-authority)
@@ -42,12 +43,14 @@ Steps you will perform include:
 - [Create and Assign a Simple Certificate Enrollment Protocol (SCEP) Certificate Profile](#create-and-assign-a-simple-certificate-enrollment-protocol-scep-certificate-profile)
 
 ## Requirements
+
 You need to install and configure additional infrastructure to provide Azure AD joined devices with on-premises single-sign on.
 
 - An existing Windows Server 2012 R2 or later Enterprise Certificate Authority
 - A Windows Server 2012 R2 domain joined server that hosts the Network Device Enrollment Services role
 
 ### High Availability
+
 The Network Device Enrollment Services (NDES) server role acts as a certificate registration authority.  Certificate registration servers enroll certificates on behalf of the user.  Users request certificates from the NDES service rather than directly from the issuing certificate authority.
 
 The architecture of the NDES server prevents it from being clustered or load balanced for high availability.  To provide high availability, you need to install more than one identically configured NDES servers and use Microsoft Intune to load balance then (in round-robin fashion).
@@ -61,9 +64,11 @@ The Network Device Enrollment Service (NDES) server role can issue up to three u
 If you need to deploy more than three types of certificates to the Azure AD joined device, you need additional NDES servers.  Alternatively, consider consolidating certificate templates to reduce the number of certificate templates.
 
 ### Network Requirements
+
 All communication occurs securely over port 443.
 
 ## Prepare Azure AD Connect
+
 Successful authentication to on-premises resources using a certificate requires the certificate to provide a hint about the on-premises domain.  The hint can be the user's Active Directory distinguished name as the subject of the certificate, or the hint can be the user's user principal name where the suffix matches the Active Directory domain name.
 
 Most environments change the user principal name suffix to match the organization's external domain name (or vanity domain), which prevents the user principal name as a hint to locate a domain controller.  Therefore, the certificate needs the user's on-premises distinguished name in the subject to properly locate a domain controller.
@@ -71,6 +76,7 @@ Most environments change the user principal name suffix to match the organizatio
 To include the on-premises distinguished name in the certificate's subject, Azure AD Connect must replicate the Active Directory **distinguishedName** attribute to the Azure Active Directory **onPremisesDistinguishedName** attribute.  Azure AD Connect version 1.1.819 includes the proper synchronization rules needed for these attributes.
 
 ### Verify AAD Connect version
+
 Sign-in to computer running Azure AD Connect with access equivalent to _local administrator_.
 
 1. Open **Synchronization Services** from the **Azure AD Connect** folder.
@@ -78,6 +84,7 @@ Sign-in to computer running Azure AD Connect with access equivalent to _local ad
 3. If the version number is not **1.1.819** or later, then upgrade Azure AD Connect to the latest version.
 
 ### Verify the onPremisesDistinguishedName attribute is synchronized
+
 The easiest way to verify the onPremisesDistingushedNamne attribute is synchronized is to use Azure AD Graph Explorer.
 
 1. Open a web browser and navigate to https://graphexplorer.azurewebsites.net/
@@ -89,6 +96,7 @@ The easiest way to verify the onPremisesDistingushedNamne attribute is synchroni
 ## Prepare the Network Device Enrollment Services (NDES) Service Account
 
 ### Create the NDES Servers global security group
+
 The deployment uses the **NDES Servers** security group to assign the NDES service the proper user right assignments.
 
 Sign-in to a domain controller or management workstation with access equivalent to _domain administrator_.
@@ -100,6 +108,7 @@ Sign-in to a domain controller or management workstation with access equivalent
 5. Click **OK**.
 
 ### Add the NDES server to the NDES Servers global security group
+
 Sign-in to a domain controller or management workstation with access equivalent to _domain administrator_.
 
 1. Open **Active Directory Users and Computers**.
@@ -111,6 +120,7 @@ Sign-in to a domain controller or management workstation with access equivalent
 > For high-availability, you should have more than one NDES server to service Windows Hello for Business certificate requests.  You should add additional Windows Hello for Business NDES servers to this group to ensure they receive the proper configuration.
 
 ### Create the NDES Service Account
+
 The Network Device Enrollment Services (NDES) role runs under a service account. Typically, it is preferential to run services using a Group Managed Service Account (GMSA).  While the NDES role can be configured to run using a GMSA, the Intune Certificate Connector was not designed nor tested using a GMSA and is considered an unsupported configuration.  The deployment uses a normal services account.
 
 Sign-in to a domain controller or management workstation with access equivalent to _domain administrator_.
@@ -124,6 +134,7 @@ Sign-in to a domain controller or management workstation with access equivalent
 > Configuring the service's account password to **Password never expires** may be more convenient, but it presents a security risk.  Normal service account passwords should expire in accordance with the organizations user password expiration policy.  Create a reminder to change the service account's password two weeks before it will expire.  Share the reminder with others that are allowed to change the password to ensure the password is changed before it expires.
 
 ### Create the NDES Service User Rights Group Policy object
+
 The Group Policy object ensures the NDES Service account has the proper user right to assign all the NDES servers in the **NDES Servers** group.  As you add new NDES servers to your environment and this group, the service account automatically receives the proper user rights through the Group Policy.
 
 Sign-in a domain controller or management workstations with _Domain Admin_ equivalent credentials.
@@ -141,6 +152,7 @@ Sign-in a domain controller or management workstations with _Domain Admin_ equiv
 11. Close the **Group Policy Management Editor**.
 
 ### Configure security for the NDES Service User Rights Group Policy object
+
 The best way to deploy the **NDES Service User Rights** Group Policy object is to use security group filtering. This enables you to easily manage the computers that receive the Group Policy settings by adding them to a group.
 
 Sign-in to a domain controller or management workstation with access equivalent to _domain administrator_.
@@ -153,6 +165,7 @@ Sign-in to a domain controller or management workstation with access equivalent
 6. In the **Group or User names** list, select **Authenticated Users**.  In the **Permissions for Authenticated Users** list, clear the **Allow** check box for the **Apply Group Policy** permission. Click **OK**.
 
 ### Deploy the NDES Service User Rights Group Policy object
+
 The application of the **NDES Service User Rights** Group Policy object uses security group filtering.  This enables you to link the Group Policy object at the domain, ensuring the Group Policy object is within scope to all computers. However, the security group filtering ensures only computers included in the **NDES Servers** global security group receive and apply the Group Policy object, which results in providing the **NDESSvc** service account with the proper user rights.
 
 Sign-in to a domain controller or management workstation with access equivalent to _domain administrator_.
@@ -165,6 +178,7 @@ Sign-in to a domain controller or management workstation with access equivalent
 > Linking the **NDES Service User Rights** Group Policy object to the domain ensures the Group Policy object is in scope for all computers. However, not all computers will have the policy settings applied to them. Only computers that are members of the **NDES Servers** global security group receive the policy settings. All others computers ignore the Group Policy object.
 
 ## Prepare Active Directory Certificate Authority
+
 You must prepare the public key infrastructure and the issuing certificate authority to support issuing certificates using Microsoft Intune and the Network Devices Enrollment Services (NDES) server role.  In this task, you will
 
 - Configure the certificate authority to let Intune provide validity periods
@@ -173,6 +187,7 @@ You must prepare the public key infrastructure and the issuing certificate autho
 - Publish certificate templates
 
 ### Configure the certificate authority to let Intune provide validity periods
+
 When deploying certificates using Microsoft Intune, you have the option of providing the validity period in the SCEP certificate profile rather than relying on the validity period in the certificate template.  If you need to issue the same certificate with different validity periods, it may be advantageous to use the SCEP profile, given the limited number of certificates a single NDES server can issue.
 
 > [!NOTE]
@@ -181,12 +196,15 @@ When deploying certificates using Microsoft Intune, you have the option of provi
 Sign-in to the issuing certificate authority with access equivalent to _local administrator_.
 
 1. Open an elevated command prompt and type the following command:
+
    ```
    certutil -setreg Policy\EditFlags +EDITF_ATTRIBUTEENDDATE
    ```
-2. Restart the **Active Directory Certificate Services** service.
+
+1. Restart the **Active Directory Certificate Services** service.
 
 ### Create an NDES-Intune authentication certificate template
+
 NDES uses a server authentication certificate to authenticate the server endpoint, which encrypts the communication between it and the connecting client.  The Intune Certificate Connector uses a client authentication certificate template to authenticate to the certificate registration point.
 
 Sign-in to the issuing certificate authority or management workstations with _Domain Admin_ equivalent credentials.
@@ -207,6 +225,7 @@ Sign-in to the issuing certificate authority or management workstations with _Do
 10. Click on the **Apply** to save changes and close the console.
 
 ### Create an Azure AD joined Windows Hello for Business authentication certificate template
+
 During Windows Hello for Business provisioning,  Windows requests an authentication certificate from Microsoft Intune, which requests the authentication certificate on behalf of the user.  This task configures the Windows Hello for Business authentication certificate template.  You use the name of the certificate template when configuring the NDES Server.
 
 Sign in a certificate authority or management workstations with _Domain Admin equivalent_ credentials.
@@ -225,10 +244,11 @@ Sign in a certificate authority or management workstations with _Domain Admin eq
 8. On the **Subject** tab, select **Supply in the request**.
 9. On the **Request Handling** tab, select **Signature and encryption** from the **Purpose** list.  Select the **Renew with same key** check box. Select **Enroll subject without requiring any user input**.
 10. On the **Security** tab, click **Add**. Type **NDESSvc** in the **Enter the object names to select** text box and click **OK**.
-12. Select  **NDESSvc** from the **Group or users names** list. In the **Permissions for NDES Servers** section, select the **Allow** check box for **Read** and **Enroll**. Clear the **Allow** check box for the **Enroll** and **Autoenroll** permissions for all other entries in the **Group or users names** section if the check boxes are not already cleared. Click **OK**.
-13. Close the console.
+11. Select  **NDESSvc** from the **Group or users names** list. In the **Permissions for NDES Servers** section, select the **Allow** check box for **Read** and **Enroll**. Clear the **Allow** check box for the **Enroll** and **Autoenroll** permissions for all other entries in the **Group or users names** section if the check boxes are not already cleared. Click **OK**.
+12. Close the console.
 
 ### Publish certificate templates
+
 The certificate authority may only issue certificates for certificate templates that are published to that certificate authority.  If you have more than one certificate authority and you want that certificate authority to issue certificates based on a specific certificate template, then you must publish the certificate template to all certificate authorities that are expected to issue the certificate.
 
 > [!Important]
@@ -244,16 +264,19 @@ Sign-in to the certificate authority or management workstations with an _Enterpr
 6. Close the console.
 
 ## Install and Configure the NDES Role
+
 This section includes the following topics:
-* Install the Network Device Enrollment Service Role
-* Configure the NDES service account
-* Configure the NDES role and Certificate Templates
-* Create a Web Application Proxy for the Internal NDES URL.
-* Enroll for an NDES-Intune Authentication Certificate
-* Configure the Web Server Certificate for NDES
-* Verify the configuration
+
+- Install the Network Device Enrollment Service Role
+- Configure the NDES service account
+- Configure the NDES role and Certificate Templates
+- Create a Web Application Proxy for the Internal NDES URL.
+- Enroll for an NDES-Intune Authentication Certificate
+- Configure the Web Server Certificate for NDES
+- Verify the configuration
 
 ### Install the Network Device Enrollment Services Role
+
 Install the Network Device Enrollment Service role on a computer other than the issuing certificate authority.
 
 Sign-in to the certificate authority or management workstations with an _Enterprise Admin_ equivalent credentials.
@@ -272,11 +295,13 @@ Sign-in to the certificate authority or management workstations with an _Enterpr
    ![Server Manager ADCS NDES Role.](images/aadjcert/servermanager-adcs-ndes-role-checked.png)
 7. Click **Next** on the **Web Server Role (IIS)** page.
 8. On the **Select role services** page for the Web Serve role, Select the following additional services if they are not already selected and then click **Next**.
-   * **Web Server > Security > Request Filtering**
-   * **Web Server > Application Development > ASP.NET 3.5**.
-   * **Web Server > Application Development > ASP.NET 4.5**.   .
-   * **Management Tools > IIS 6 Management Compatibility > IIS 6 Metabase Compatibility**
-   * **Management Tools > IIS 6 Management Compatibility > IIS 6 WMI Compatibility**
+
+   - **Web Server > Security > Request Filtering**
+   - **Web Server > Application Development > ASP.NET 3.5**.
+   - **Web Server > Application Development > ASP.NET 4.5**.   .
+   - **Management Tools > IIS 6 Management Compatibility > IIS 6 Metabase Compatibility**
+   - **Management Tools > IIS 6 Management Compatibility > IIS 6 WMI Compatibility**
+
    ![Server Manager Web Server Role.](images/aadjcert/servermanager-adcs-webserver-role.png)
 9. Click **Install**. When the installation completes, continue with the next procedure.  **Do not click Close**.
    > [!IMPORTANT]
@@ -284,9 +309,11 @@ Sign-in to the certificate authority or management workstations with an _Enterpr
    ![.NET Side by Side.](images/aadjcert/dotNet35sidebyside.png)
 
 ### Configure the NDES service account
+
 This task adds the NDES service account to the local IIS_USRS group.  The task also configures the NDES service account for Kerberos authentication and delegation
 
 #### Add the NDES service account to the IIS_USRS group
+
 Sign-in the NDES server with access equivalent to _local administrator_.
 
 1. Start the **Local Users and Groups** management console (`lusrmgr.msc`).
@@ -295,10 +322,12 @@ Sign-in the NDES server with access equivalent to _local administrator_.
 4. Close the management console.
 
 #### Register a Service Principal Name on the NDES Service account
+
 Sign-in the NDES server with access equivalent to _Domain Admins_.
 
 1. Open an elevated command prompt.
 2. Type the following command to register the service principal name
+
    ```
    setspn -s http/[FqdnOfNdesServer] [DomainName\\NdesServiceAccount]
    ```
@@ -313,6 +342,7 @@ Sign-in the NDES server with access equivalent to _Domain Admins_.
 ![Set SPN command prompt.](images/aadjcert/setspn-commandprompt.png)
 
 #### Configure the NDES Service account for delegation
+
 The NDES service enrolls certificates on behalf of users.  Therefore, you want to limit the actions it can perform on behalf of the user. You do this through delegation.
 
 Sign-in a domain controller with a minimum access equivalent to _Domain Admins_.
@@ -332,9 +362,11 @@ Sign-in a domain controller with a minimum access equivalent to _Domain Admins_.
 10. Click **OK**.  Close **Active Directory Users and Computers**.
 
 ### Configure the NDES Role and Certificate Templates
+
 This task configures the NDES role and the certificate templates the NDES server issues.
 
 #### Configure the NDES Role
+
 Sign-in to the certificate authority or management workstations with an _Enterprise Admin_ equivalent credentials.
 
 > [!NOTE]
@@ -355,13 +387,15 @@ Sign-in to the certificate authority or management workstations with an _Enterpr
 7. On the **Cryptography for NDES** page, click **Next**.
 8. Review the **Confirmation** page.  Click **Configure**.
    ![NDES Confirmation.](images/aadjcert/ndesconfig05.png)
-8. Click **Close** after the configuration completes.
+9. Click **Close** after the configuration completes.
 
 #### Configure Certificate Templates on NDES
+
 A single NDES server can request a maximum of three certificate templates.  The NDES server determines which certificate to issue based on the incoming certificate request that is assigned in the Microsoft Intune SCEP certificate profile.  The Microsoft Intune SCEP certificate profile has three values.
-* Digital Signature
-* Key Encipherment
-* Key Encipherment, Digital Signature
+
+- Digital Signature
+- Key Encipherment
+- Key Encipherment, Digital Signature
 
 Each value maps to a registry value name in the NDES server.  The NDES server translates an incoming SCEP provided value into the corresponding certificate template.  The table below shows the SCEP profile values of the NDES certificate template registry value names.
 
@@ -380,6 +414,7 @@ Sign-in to the NDES Server with _local administrator_ equivalent credentials.
 1. Open an elevated command prompt.
 2. Using the table above, decide which registry value name you will use to request Windows Hello for Business authentication certificates for Azure AD joined devices.
 3. Type the following command:
+
    ```
    reg add HKLM\Software\Microsoft\Cryptography\MSCEP /v [registryValueName] /t REG_SZ /d [certificateTemplateName]
    ```
@@ -387,6 +422,7 @@ Sign-in to the NDES Server with _local administrator_ equivalent credentials.
    ```
    reg add HKLM\Software\Microsoft\Cryptography\MSCEP /v SignatureTemplate /t REG_SZ /d AADJWHFBAuthentication
    ```
+
 4. Type **Y** when the command asks for permission to overwrite the existing value.
 5. Close the command prompt.
 
@@ -394,6 +430,7 @@ Sign-in to the NDES Server with _local administrator_ equivalent credentials.
 > Use the **name** of the certificate template; not the **display name**.  The certificate template name does not include spaces.  You can view the certificate names by looking at the **General** tab of the certificate template's properties in the **Certificates Templates** management console (`certtmpl.msc`).
 
 ### Create a Web Application Proxy for the internal NDES URL.
+
 Certificate enrollment for Azure AD joined devices occurs over the Internet.  As a result, the internal NDES URLs must be accessible externally. You can do this easily and securely using Azure Active Directory Application Proxy.  Azure AD Application Proxy provides single sign-on and secure remote access for web applications hosted on-premises, such as Network Device Enrollment Services.
 
 Ideally, you configure your Microsoft Intune SCEP certificate profile to use multiple external NDES URLs.  This enables Microsoft Intune to round-robin load balance the certificate requests to identically configured NDES Servers (each NDES server can accommodate approximately 300 concurrent requests).  Microsoft Intune sends these requests to Azure AD Application Proxies.
@@ -403,6 +440,7 @@ Azure AD Application proxies are serviced by lightweight Application Proxy Conne
 Connector group automatically round-robin, load balance the Azure AD Application proxy requests to the connectors within the assigned connector group.  This ensures Windows Hello for Business certificate requests have multiple dedicated Azure AD Application Proxy connectors exclusively available to satisfy enrollment requests.  Load balancing the NDES servers and connectors should ensure users enroll their Windows Hello for Business certificates in a timely manner.
 
 #### Download and Install the Application Proxy Connector Agent
+
 Sign-in a workstation with access equivalent to a _domain user_.
 
 1. Sign-in to the [Azure Portal](https://portal.azure.com/) with access equivalent to **Global Administrator**.
@@ -424,6 +462,7 @@ Sign-in a workstation with access equivalent to a _domain user_.
 10. Repeat steps 5 - 10 for each device that will run the Azure AD Application Proxy connector for Windows Hello for Business certificate deployments.
 
 #### Create a Connector Group
+
 Sign-in a workstation with access equivalent to a _domain user_.
 
 1. Sign-in to the [Azure Portal](https://portal.azure.com/) with access equivalent to **Global Administrator**.
@@ -436,6 +475,7 @@ Sign-in a workstation with access equivalent to a _domain user_.
 6. Click **Save**.
 
 #### Create the Azure Application Proxy
+
 Sign-in a workstation with access equivalent to a _domain user_.
 
 1. Sign-in to the [Azure Portal](https://portal.azure.com/) with access equivalent to **Global Administrator**.
@@ -456,6 +496,7 @@ Sign-in a workstation with access equivalent to a _domain user_.
     > Write down the internal and external URLs.  You will need this information when you enroll the NDES-Intune Authentication certificate.
 
 ### Enroll the NDES-Intune Authentication certificate
+
 This task enrolls a client and server authentication certificate used by the Intune connector and the NDES server.
 
 Sign-in the NDES server with access equivalent to _local administrators_.
@@ -470,10 +511,11 @@ Sign-in the NDES server with access equivalent to _local administrators_.
    ![Example of Certificate Properties Subject Tab - This is what shows when you click the above link.](images/aadjcert/ndes-TLS-Cert-Enroll-subjectNameWithExternalName.png)
 8. Under **Subject name**, select **Common Name** from the **Type** list.  Type the internal URL used in the previous task (without the https://, for example **ndes.corp.mstepdemo.net**) and then click **Add**.
 9. Under **Alternative name**, select **DNS** from the **Type** list.  Type the internal URL used in the previous task (without the https://, for example **ndes.corp.mstepdemo.net**).  Click **Add**. Type the external URL used in the previous task (without the https://, for example **ndes-mstephendemo.msappproxy.net**). Click **Add**. Click **OK** when finished.
-9. Click **Enroll**
-10. Repeat these steps for all NDES Servers used to request Windows Hello for Business authentication certificates for Azure AD joined devices.
+10. Click **Enroll**
+11. Repeat these steps for all NDES Servers used to request Windows Hello for Business authentication certificates for Azure AD joined devices.
 
 ### Configure the Web Server Role
+
 This task configures the Web Server role on the NDES server to use the server authentication certificate.
 
 Sign-in the NDES server with access equivalent to _local administrator_.
@@ -491,19 +533,23 @@ Sign-in the NDES server with access equivalent to _local administrator_.
 8. Close **Internet Information Services (IIS) Manager**.
 
 ### Verify the configuration
+
 This task confirms the TLS configuration for the NDES server.
 
 Sign-in the NDES server with access equivalent to _local administrator_.
 
 #### Disable Internet Explorer Enhanced Security Configuration
+
 1. Open **Server Manager**. Click **Local Server** from the navigation pane.
 2. Click **On** next to **IE Enhanced Security Configuration** in the **Properties** section.
 3. In the **Internet Explorer Enhanced Security Configuration** dialog, under **Administrators**, select **Off**.  Click **OK**.
 4. Close **Server Manager**.
 
 #### Test the NDES web server
+
 1. Open **Internet Explorer**.
 2. In the navigation bar, type
+
    ```
    https://[fqdnHostName]/certsrv/mscep/mscep.dll
    ```
@@ -516,16 +562,18 @@ A web page similar to the following should appear in your web browser.  If you d
 Confirm the web site uses the server authentication certificate.
 ![NDES IIS Console: Confirm](images/aadjcert/ndes-https-website-test-01-show-cert.png)
 
-
 ## Configure Network Device Enrollment Services to work with Microsoft Intune
+
 You have successfully configured the Network Device Enrollment Services.  You must now modify the configuration to work with the Intune Certificate Connector.  In this task, you will enable the NDES server and http.sys to handle long URLs.
 
 - Configure NDES to support long URLs
 
 ### Configure NDES and HTTP to support long URLs
+
 Sign-in the NDES server with access equivalent to _local administrator_.
 
 #### Configure the Default Web Site
+
 1. Start **Internet Information Services (IIS) Manager** from **Administrative Tools**.
 2. Expand the node that has the name of the NDES server.  Expand **Sites** and select **Default Web Site**.
 3. In the content pane, double-click **Request Filtering**.  Click **Edit Feature Settings...** in the action pane.
@@ -539,18 +587,23 @@ Sign-in the NDES server with access equivalent to _local administrator_.
 10. Click **OK**.  Close **Internet Information Services (IIS) Manager**.
 
 #### Configure Parameters for HTTP.SYS
+
 1. Open an elevated command prompt.
 2. Run the following commands:
+
    ```
    reg add HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters /v MaxFieldLength /t REG_DWORD /d 65534
    reg add HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters /v MaxRequestBytes /t REG_DWORD /d 65534
    ```
+
 3. Restart the NDES server.
 
 ## Download, Install and Configure the Intune Certificate Connector
+
 The Intune Certificate Connector application enables Microsoft Intune to enroll certificates using your on-premises PKI for users on devices managed by Microsoft Intune.
 
 ### Download Intune Certificate Connector
+
 Sign-in a workstation with access equivalent to a _domain user_.
 
 1. Sign-in to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/).
@@ -561,6 +614,7 @@ Sign-in a workstation with access equivalent to a _domain user_.
 5. Sign-out of the Microsoft Endpoint Manager admin center.
 
 ### Install the Intune Certificate Connector
+
 Sign-in the NDES server with access equivalent to _domain administrator_.
 
 1. Copy the Intune Certificate Connector Setup (NDESConnectorSetup.exe) downloaded in the previous task locally to the NDES server.
@@ -588,6 +642,7 @@ Sign-in the NDES server with access equivalent to _domain administrator_.
     ![Intune Connector install 07.](images/aadjcert/intunecertconnectorinstall-07.png)
 
 ### Configure the Intune Certificate Connector
+
 Sign-in the NDES server with access equivalent to _domain administrator_.
 
 1. The **NDES Connector** user interface should be open from the last task.
@@ -608,9 +663,11 @@ Sign-in the NDES server with access equivalent to _domain administrator_.
 
 
 ### Configure the NDES Connector for certificate revocation (**Optional**)
+
 Optionally (not required), you can configure the Intune connector for certificate revocation when a device is wiped, unenrolled, or when the certificate profile falls out of scope for the targeted user (users is removed, deleted, or the profile is deleted).
 
 #### Enabling the NDES Service account for revocation
+
 Sign-in the certificate authority used by the NDES Connector with access equivalent to _domain administrator_.
 
 1. Start the **Certification Authority** management console.
@@ -620,6 +677,7 @@ Sign-in the certificate authority used by the NDES Connector with access equival
 4. Close the **Certification Authority**
 
 #### Enable the NDES Connector for certificate revocation
+
 Sign-in the NDES server with access equivalent to _domain administrator_.
 
 1. Open the **NDES Connector** user interface (**\<install_Path>\NDESConnectorUI\NDESConnectorUI.exe**).
@@ -628,19 +686,24 @@ Sign-in the NDES server with access equivalent to _domain administrator_.
 3. Restart the **Intune Connector Service** and the **World Wide Web Publishing Service**.
 
 ### Test the NDES Connector
+
 Sign-in the NDES server with access equivalent to _domain admin_.
 
 1. Open a command prompt.
 2. Type the following command to confirm the NDES Connector's last connection time is current.
+
    ```
    reg query hklm\software\Microsoft\MicrosoftIntune\NDESConnector\ConnectionStatus
    ```
+
 3. Close the command prompt.
 4. Open **Internet Explorer**.
 5. In the navigation bar, type:
+
    ```
    https://[fqdnHostName]/certsrv/mscep/mscep.dll
    ```
+
    where **[fqdnHostName]** is the fully qualified internal DNS host name of the NDES server.
    A web page showing a 403 error (similar to the following) should appear in your web browser.  If you do not see a similar page, or you get a **503 Service unavailable** message, ensure the NDES Service account has the proper user rights.  You can also review the application event log for events with the **NetworkDeviceEnrollmentSerice** source.
    ![NDES web site test after Intune Certificate Connector.](images/aadjcert/ndes-https-website-test-after-intune-connector.png)
@@ -649,6 +712,7 @@ Sign-in the NDES server with access equivalent to _domain admin_.
 ## Create and Assign a Simple Certificate Enrollment Protocol (SCEP) Certificate Profile
 
 ### Create an AADJ WHFB Certificate Users Group
+
 Sign-in a workstation with access equivalent to a _domain user_.
 
 1. Sign-in to the [Azure Portal](https://portal.azure.com/) with access equivalent to **Global Administrator**.
@@ -663,6 +727,7 @@ Sign-in a workstation with access equivalent to a _domain user_.
 9. Click **Create**.
 
 ### Create a SCEP Certificate Profile
+
 Sign-in a workstation with access equivalent to a _domain user_.
 
 1. Sign-in to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/).
@@ -697,6 +762,7 @@ Sign-in a workstation with access equivalent to a _domain user_.
 19. Click **Next** several times to skip the **Scope tags**, **Assignments**, and **Applicability Rules** steps of the wizard and click **Create**.
 
 ### Assign Group to the WHFB Certificate Enrollment Certificate Profile
+
 Sign-in a workstation with access equivalent to a _domain user_.
 
 1. Sign-in to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/).
@@ -710,13 +776,17 @@ Sign-in a workstation with access equivalent to a _domain user_.
 
 You have successfully completed the configuration.  Add users that need to enroll a Windows Hello for Business authentication certificate to the **AADJ WHFB Certificate Users** group.  This group, combined with the device enrollment Windows Hello for Business configuration prompts the user to enroll for Windows Hello for Business and enroll a certificate that can be used to authentication to on-premises resources.
 
+> [!NOTE]
+> The Passport for Work configuration service provider (CSP) which is used to manage Windows Hello for Business with Mobile Device Management (MDM) contains a policy called UseCertificateForOnPremAuth. This policy is not needed when deploying certificates to Windows Hello for Business users through the instructions outlined in this document and should not be configured. Devices managed with MDM where UseCertificateForOnPremAuth is enabled will fail a prerequisite check for Windows Hello for Business provisioning. This failure will block users from setting up Windows Hello for Business if they don't already have it configured.
+
 ## Section Review
+
 > [!div class="checklist"]
-> * Requirements
-> * Prepare Azure AD Connect
-> * Prepare the Network Device Enrollment Services (NDES) Service Account
-> * Prepare Active Directory Certificate Authority
-> * Install and Configure the NDES Role
-> * Configure Network Device Enrollment Services to work with Microsoft Intune
-> * Download, Install, and Configure the Intune Certificate Connector
-> * Create and Assign a Simple Certificate Enrollment Protocol (SCEP Certificate Profile)
+> - Requirements
+> - Prepare Azure AD Connect
+> - Prepare the Network Device Enrollment Services (NDES) Service Account
+> - Prepare Active Directory Certificate Authority
+> - Install and Configure the NDES Role
+> - Configure Network Device Enrollment Services to work with Microsoft Intune
+> - Download, Install, and Configure the Intune Certificate Connector
+> - Create and Assign a Simple Certificate Enrollment Protocol (SCEP Certificate Profile)

From 7c1e0164710c7e22c5c8fc0423cb0bc3c26eea45 Mon Sep 17 00:00:00 2001
From: mapalko <mapalko@microsoft.com>
Date: Mon, 27 Sep 2021 15:33:54 -0700
Subject: [PATCH 620/671] fix link in hybrid key whfb settings

---
 .../hello-for-business/hello-hybrid-key-whfb-settings.md        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md
index b4a6ed10da..b849c9ce8a 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md
@@ -45,7 +45,7 @@ For the most efficient deployment, configure these technologies in order beginni
 <hr>
 
 ## Follow the Windows Hello for Business hybrid key trust deployment guide
-1. [Overview](hello-hybrid-cert-trust.md)
+1. [Overview](hello-hybrid-key-trust.md)
 2. [Prerequisites](hello-hybrid-key-trust-prereqs.md)
 3. [New Installation Baseline](hello-hybrid-key-new-install.md)
 4. [Configure Directory Synchronization](hello-hybrid-key-trust-dirsync.md)

From 7d0e4c9b3476fcf8777f1afb14c08ffd02c93be4 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Mon, 27 Sep 2021 19:01:18 -0700
Subject: [PATCH 621/671] Acrolinx: "Bitlocker"

---
 windows/security/TOC.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 5773487419..d150e02df0 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -75,7 +75,7 @@
      items:
      - name: Encrypted Hard Drive
        href: information-protection/encrypted-hard-drive.md
-     - name: Bitlocker 
+     - name: BitLocker 
        href: information-protection/bitlocker/bitlocker-overview.md
        items: 
         - name: Overview of BitLocker Device Encryption in Windows

From 56482fd86dc864f69a11794597b39ebcabcb8dc0 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Mon, 27 Sep 2021 19:01:41 -0700
Subject: [PATCH 622/671] Acrolinx: "sessions.Learn"

---
 windows/security/identity.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity.md b/windows/security/identity.md
index b9a43f3ca6..0cfa07beba 100644
--- a/windows/security/identity.md
+++ b/windows/security/identity.md
@@ -20,7 +20,7 @@ Malicious actors launch millions of password attacks every day. Weak passwords,
 | Security capabilities | Description |
 |:---|:---|
 | Securing user identity with Windows Hello  |  Windows Hello and Windows Hello for Business replace password-based authentication with a stronger authentication model to sign into your device using a passcode (PIN) or other biometric based authentication. This PIN or biometric based authentication is only valid on the device that you registered it for and cannot be used on another deviceLearn more: [Windows Hello for Business](identity-protection\hello-for-business\hello-overview.md) |
-| Windows Defender Credential Guard and Remote Credential Guard | Windows Defender Credential Guard helps protects your systems from credential theft attack techniques (pass-the-hash or pass-the-ticket) as well as helping prevent malware from accessing system secrets even if the process is running with admin privileges. Windows Defender Remote Credential Guard helps you protect your credentials over a Remote Desktop connection by redirecting Kerberos requests back to the device that's requesting the connection. It also provides single sign-on experiences for Remote Desktop sessions.Learn more: [Protect derived domain credentials with Windows Defender Credential Guard](identity-protection/credential-guard/credential-guard-how-it-works.md) and [Protect Remote Desktop credentials with Windows Defender Remote Credential Guard](identity-protection/remote-credential-guard.md)|
+| Windows Defender Credential Guard and Remote Credential Guard | Windows Defender Credential Guard helps protects your systems from credential theft attack techniques (pass-the-hash or pass-the-ticket) as well as helping prevent malware from accessing system secrets even if the process is running with admin privileges. Windows Defender Remote Credential Guard helps you protect your credentials over a Remote Desktop connection by redirecting Kerberos requests back to the device that's requesting the connection. It also provides single sign-on experiences for Remote Desktop sessions. Learn more: [Protect derived domain credentials with Windows Defender Credential Guard](identity-protection/credential-guard/credential-guard-how-it-works.md) and [Protect Remote Desktop credentials with Windows Defender Remote Credential Guard](identity-protection/remote-credential-guard.md)|
 | FIDO Alliance | Fast Identity Online (FIDO) defined protocols are becoming the open standard for providing strong authentication that helps prevent phishing and are user-friendly and privacy-respecting. Windows 11 supports the use of device sign-in with FIDO 2 security keys, and with Microsoft Edge or other modern browsers, supports the use of secure FIDO-backed credentials to keep user accounts protected. Learn more about the [FIDO Alliance](https://fidoalliance.org/). |
 | Microsoft Authenticator | The Microsoft Authenticator app is a perfect companion to help keep secure with Windows 11. It allows easy, secure sign-ins for all your online accounts using multi-factor authentication, passwordless phone sign-in, or password autofill. You also have additional account management options for your Microsoft personal, work, or school accounts. Microsoft Authenticator can be used to set up multi-factor authentication for your users. Learn more: [Enable passwordless sign-in with the Microsoft Authenticator app](/azure/active-directory/authentication/howto-authentication-passwordless-phone.md).  |
 | Smart Cards | Smart cards are tamper-resistant portable storage devices that can enhance the security of tasks in Windows, such as authenticating clients, signing code, securing e-mail, and signing in with Windows domain accounts. Learn more about [Smart Cards](identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md).|

From 8141b262f48821f7a6b0c0d0b234ef0db6f24ef9 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Mon, 27 Sep 2021 19:08:57 -0700
Subject: [PATCH 623/671] Acrolinx: "navigiation"

---
 .../windows-defender-security-center/wdsc-device-security.md    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md
index dfa866ecb4..8526440bc9 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md
@@ -29,7 +29,7 @@ You can choose to hide the section from users of the machine. This can be useful
 
 ## Hide the Device security section
 
-You can choose to hide the entire section by using Group Policy. The section will not appear on the home page of the Windows Security app, and its icon will not be shown on the navigiation bar on the side of the app.
+You can choose to hide the entire section by using Group Policy. The section will not appear on the home page of the Windows Security app, and its icon will not be shown on the navigation bar on the side of the app.
 
 This can only be done in Group Policy.
 

From ccea675fe492f9382d171abe75ba28eb4b7f8e64 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Mon, 27 Sep 2021 19:10:04 -0700
Subject: [PATCH 624/671] Acrolinx: "navigiation"

---
 .../windows-defender-security-center/wdsc-family-options.md     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md
index a719854982..a9e4a148c5 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md
@@ -33,7 +33,7 @@ In Windows 10, version 1709, the section can be hidden from users of the machine
 
 ## Hide the Family options section
 
-You can choose to hide the entire section by using Group Policy. The section will not appear on the home page of the Windows Security app, and its icon will not be shown on the navigiation bar on the side of the app.
+You can choose to hide the entire section by using Group Policy. The section will not appear on the home page of the Windows Security app, and its icon will not be shown on the navigation bar on the side of the app.
 
 This can only be done in Group Policy.
 

From bf6c648e6b493a316a279d758785747d0e426a5d Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Mon, 27 Sep 2021 20:05:35 -0700
Subject: [PATCH 625/671] Added image border via updated image reference

---
 .../wdsc-windows-10-in-s-mode.md                                | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md
index 3b0f4cf952..7f3ef48df0 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md
@@ -26,7 +26,7 @@ Windows 10 in S mode is streamlined for tighter security and superior performanc
 
 The Windows Security interface is a little different in Windows 10 in S mode. The **Virus & threat protection** area has fewer options, because the built-in security of Windows 10 in S mode prevents viruses and other threats from running on devices in your organization. In addition, devices running Windows 10 in S mode receive security updates automatically.
 
-![Screen shot of the Windows Security app Virus & threat protection area in Windows 10 in S mode.](images/security-center-virus-and-threat-protection-windows-10-in-s-mode.png)
+:::image type="content" alt-text="Screen shot of the Windows Security app Virus & threat protection area in Windows 10 in S mode." source="images/security-center-virus-and-threat-protection-windows-10-in-s-mode.png":::
 
 For more information about Windows 10 in S mode, including how to switch out of S mode, see [Windows 10 Pro/Enterprise in S mode](/windows/deployment/windows-10-pro-in-s-mode).
 

From 4fa1b3ca16538d60ee76e158e716d964fa70f54c Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Tue, 28 Sep 2021 11:35:38 +0530
Subject: [PATCH 626/671] Updated

---
 .../mdm/policy-csp-admx-ciphersuiteorder.md   |  31 +-
 .../mdm/policy-csp-admx-com.md                |  31 +-
 .../mdm/policy-csp-admx-controlpanel.md       |  55 ++--
 .../policy-csp-admx-controlpaneldisplay.md    | 264 +++++-------------
 .../mdm/policy-csp-admx-cpls.md               |  22 +-
 .../policy-csp-admx-credentialproviders.md    |  46 +--
 .../mdm/policy-csp-admx-credssp.md            | 122 ++------
 .../mdm/policy-csp-admx-credui.md             |  36 +--
 .../mdm/policy-csp-admx-ctrlaltdel.md         |  52 ++--
 9 files changed, 188 insertions(+), 471 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
index b0f0a3ca01..514efdce81 100644
--- a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
+++ b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
@@ -14,8 +14,12 @@ manager: dansimp
 
 # Policy CSP - ADMX_CipherSuiteOrder
 
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <hr/>
 
@@ -66,8 +70,8 @@ manager: dansimp
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -93,12 +97,7 @@ If you disable or do not configure this policy setting, default cipher suite ord
 For information about supported cipher suites, see [Cipher Suites in TLS/SSL (Schannel SSP)](/windows/win32/secauthn/cipher-suites-in-schannel).
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -145,8 +144,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -182,12 +181,6 @@ CertUtil.exe -DisplayEccCurve
 ```
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -200,7 +193,5 @@ ADMX Info:
 <!--/Policy-->
 <hr/>
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 <!--/Policies-->
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-com.md b/windows/client-management/mdm/policy-csp-admx-com.md
index 515d46c987..abac5580d8 100644
--- a/windows/client-management/mdm/policy-csp-admx-com.md
+++ b/windows/client-management/mdm/policy-csp-admx-com.md
@@ -14,8 +14,12 @@ manager: dansimp
 
 # Policy CSP - ADMX_COM
 
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <hr/>
 
@@ -66,8 +70,8 @@ manager: dansimp
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -95,12 +99,7 @@ If you disable or do not configure this policy setting, the program continues wi
 This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -147,8 +146,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -176,12 +175,6 @@ If you disable or do not configure this policy setting, the program continues wi
 This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -194,7 +187,5 @@ ADMX Info:
 <!--/Policy-->
 <hr/>
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-admx-controlpanel.md b/windows/client-management/mdm/policy-csp-admx-controlpanel.md
index bd127d636b..bdd6e7f313 100644
--- a/windows/client-management/mdm/policy-csp-admx-controlpanel.md
+++ b/windows/client-management/mdm/policy-csp-admx-controlpanel.md
@@ -13,8 +13,13 @@ manager: dansimp
 ---
 
 # Policy CSP - ADMX_ControlPanel
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <hr/>
 
@@ -71,8 +76,8 @@ manager: dansimp
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -104,12 +109,7 @@ If both the "Hide specified Control Panel items" setting and the "Show only spec
 > The Display Control Panel item cannot be hidden in the Desktop context menu by using this setting. To hide the Display Control Panel item and prevent users from modifying the computer's display settings use the "Disable Display Control Panel" setting instead.  Note: To hide pages in the System Settings app, use the "Settings Page Visibility" setting under Computer Configuration.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -154,8 +154,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -184,12 +184,7 @@ If this policy setting is not configured, the Control Panel opens to the view us
 > Icon size is dependent upon what the user has set it to in the previous session.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -234,8 +229,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -271,12 +266,7 @@ This setting removes PC settings from:
 If users try to select a Control Panel item from the Properties item on a context menu, a message appears explaining that a setting prevents the action.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -324,8 +314,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -358,12 +348,6 @@ If both the "Hide specified Control Panel items" setting and the "Show only spec
 > To hide pages in the System Settings app, use the "Settings Page Visibility" setting under Computer Configuration.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -376,7 +360,4 @@ ADMX Info:
 <!--/Policy-->
 <hr/>
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
-
 <!--/Policies-->
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
index 828dd52285..d86682733e 100644
--- a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
+++ b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
@@ -13,8 +13,13 @@ manager: dansimp
 ---
 
 # Policy CSP - ADMX_ControlPanelDisplay
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <hr/>
 
@@ -131,8 +136,8 @@ manager: dansimp
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -156,12 +161,7 @@ If you enable this setting, the Display Control Panel does not run. When users t
 Also, see the "Prohibit access to the Control Panel" (User Configuration\Administrative Templates\Control Panel) and "Remove programs on Settings menu" (User Configuration\Administrative Templates\Start Menu & Taskbar) settings.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -210,8 +210,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -234,12 +234,7 @@ Removes the Settings tab from Display in Control Panel.
 This setting prevents users from using Control Panel to add, configure, or change the display settings on the computer.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -289,8 +284,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -317,12 +312,6 @@ If you disable or do not configure this setting, a user may change the color sch
 For Windows 7 and later, use the "Prevent changing color and appearance" setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -371,8 +360,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -400,12 +389,6 @@ If you disable or do not configure this setting, there is no effect.
 > If you enable this setting but do not specify a theme using the "load a specific theme" setting, the theme defaults to whatever the user previously set or the system default.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -454,8 +437,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -480,12 +463,6 @@ When enabled on Windows XP, this setting disables the "Windows and buttons" drop
 When enabled on Windows XP and later systems, this setting prevents users and applications from changing the visual style through the command line.  Also, a user may not apply a different visual style when changing themes.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -534,8 +511,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -564,12 +541,6 @@ If you enable it, a screen saver runs, provided the following two conditions hol
 Also, see the "Prevent changing Screen Saver" setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -618,8 +589,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -648,12 +619,7 @@ This can be used in conjunction with the "Prevent changing lock screen and logon
 Note: This setting only applies to Enterprise, Education, and Server SKUs.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -702,8 +668,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -728,12 +694,6 @@ If this setting is enabled, the "Font size" drop-down list on the Appearance tab
 If you disable or do not configure this setting, a user may change the font size using the "Font size" drop-down list on the Appearance tab.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -782,8 +742,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -808,12 +768,6 @@ By default, users can change the background image shown when the machine is lock
 If you enable this setting, the user will not be able to change their lock screen and logon image, and they will instead see the default image.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -862,8 +816,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -892,12 +846,6 @@ If the "Force a specific background and accent color" policy is also set on a su
 If the "Force a specific Start background" policy is also set on a supported version of Windows, then that background takes precedence over this policy.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -946,8 +894,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -974,12 +922,6 @@ If this setting is disabled or not configured, the Color (or Window Color) page
 For systems prior to Windows Vista, this setting hides the Appearance and Themes tabs in the in Display in Control Panel.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1028,8 +970,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -1060,12 +1002,6 @@ Note: You must also enable the "Desktop Wallpaper" setting to prevent users from
 Also, see the "Allow only bitmapped wallpaper" setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1114,8 +1050,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -1142,12 +1078,6 @@ If you enable this setting, none of the desktop icons can be changed by the user
 For systems prior to Windows Vista, this setting also hides the Desktop tab in the Display Control Panel.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1196,8 +1126,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -1222,12 +1152,6 @@ If you enable this policy setting, users that are not required to press CTRL + A
 If you disable or do not configure this policy setting, users that are not required to press CTRL + ALT + DEL before signing in will see a lock screen after locking their PC. They must dismiss the lock screen using touch, the keyboard, or by dragging it with the mouse.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1276,8 +1200,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -1302,12 +1226,6 @@ By default, users can use the Pointers tab in the Mouse Control Panel to add, re
 If you enable this setting, none of the mouse pointer scheme settings can be changed by the user.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1356,8 +1274,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -1380,12 +1298,6 @@ Prevents the Screen Saver dialog from opening in the Personalization or Display
 This setting prevents users from using Control Panel to add, configure, or change the screen saver on the computer. It does not prevent a screen saver from running.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1434,8 +1346,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -1460,12 +1372,6 @@ By default, users can use the Sounds tab in the Sound Control Panel to add, remo
 If you enable this setting, none of the Sound Scheme settings can be changed by the user.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1514,8 +1420,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -1540,12 +1446,6 @@ By default, users can change the background and accent colors.
 If this setting is enabled, the background and accent colors of Windows will be set to the specified colors and users cannot change those colors. This setting will not be applied if the specified colors do not meet a contrast ratio of 2:1 with white text.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1594,8 +1494,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -1627,12 +1527,6 @@ To ensure that a computer will be password protected, enable the "Enable Screen
 > To remove the Screen Saver dialog, use the "Prevent changing Screen Saver" setting.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1679,8 +1573,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -1715,12 +1609,6 @@ This setting has no effect under any of the following circumstances:
 When not configured, whatever wait time is set on the client through the Screen Saver dialog in the Personalization or Display Control Panel is used. The default is 15 minutes.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1739,8 +1627,9 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
@@ -1768,8 +1657,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -1801,12 +1690,6 @@ If the specified screen saver is not installed on a computer to which this setti
 > This setting can be superseded by the "Enable Screen Saver" setting.  If the "Enable Screen Saver" setting is disabled, this setting is ignored, and screen savers do not run.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1855,8 +1738,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -1881,12 +1764,6 @@ If you enable this setting, the theme that you specify will be applied when a ne
 If you disable or do not configure this setting, the default theme will be applied at the first logon.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1905,8 +1782,9 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
@@ -1934,8 +1812,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -1969,12 +1847,6 @@ If you disable or do not configure this setting, the users can select the visual
 > To select the Windows Classic visual style, leave the box blank beside "Path to Visual Style:" and enable this setting. When running Windows 8 or Windows RT, you cannot apply the Windows Classic visual style.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2023,8 +1895,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -2049,12 +1921,6 @@ If this setting is set to zero or not configured, then Start uses the default ba
 If this setting is set to a nonzero value, then Start uses the specified background, and users cannot change it. If the specified background is not supported, the default background is used.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -2067,7 +1933,5 @@ ADMX Info:
 <!--/Policy-->
 <hr/>
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 <!--/Policies-->
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-cpls.md b/windows/client-management/mdm/policy-csp-admx-cpls.md
index e1ee9b86de..71ba7fb9c0 100644
--- a/windows/client-management/mdm/policy-csp-admx-cpls.md
+++ b/windows/client-management/mdm/policy-csp-admx-cpls.md
@@ -13,8 +13,13 @@ manager: dansimp
 ---
 
 # Policy CSP - ADMX_Cpls
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <hr/>
 
@@ -66,8 +71,8 @@ manager: dansimp
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -95,12 +100,7 @@ If you enable this policy setting, the default user account picture will display
 If you disable or do not configure this policy setting, users will be able to customize their account pictures.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -113,8 +113,6 @@ ADMX Info:
 <!--/Policy-->
 <hr/>
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
index 0cad585609..92d2b7cfc2 100644
--- a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
+++ b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
@@ -13,8 +13,13 @@ manager: dansimp
 ---
 
 # Policy CSP - ADMX_CredentialProviders
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <hr/>
 
@@ -72,8 +77,8 @@ manager: dansimp
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -102,12 +107,7 @@ If you don't configure this policy setting on a domain-joined device, a user can
 If you don't configure this policy setting on a workgroup device, a user on a Connected Standby device can change the amount of time after the device's screen turns off before a password is required when waking the device. The time is limited by any EAS settings or Group Policies that affect the maximum idle time before a device locks. Additionally, if a password is required when a screensaver turns on, the screensaver timeout will limit the options the user may choose.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -156,8 +156,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -185,12 +185,6 @@ If you disable or do not configure this policy setting, the system picks the def
 > A list of registered credential providers and their GUIDs can be found in the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -240,8 +234,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -269,12 +263,6 @@ If you enable this policy, an administrator can specify the CLSIDs of the creden
 If you disable or do not configure this policy, all installed and otherwise enabled credential providers are available for authentication purposes.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -287,9 +275,5 @@ ADMX Info:
 <!--/Policy-->
 <hr/>
 
-> [!NOTE]
-> These policies are for upcoming release.
 
-<!--/Policies-->
-
-These policies are currently only available as part of a Windows Insider release.
\ No newline at end of file
+<!--/Policies-->
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-credssp.md b/windows/client-management/mdm/policy-csp-admx-credssp.md
index f55b199a4f..2c66db1203 100644
--- a/windows/client-management/mdm/policy-csp-admx-credssp.md
+++ b/windows/client-management/mdm/policy-csp-admx-credssp.md
@@ -13,8 +13,13 @@ manager: dansimp
 ---
 
 # Policy CSP - ADMX_CredSsp
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <hr/>
 
@@ -96,8 +101,8 @@ manager: dansimp
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -132,12 +137,7 @@ If you disable or do not configure (by default) this policy setting, delegation
 > - TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -186,8 +186,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -228,12 +228,6 @@ https://go.microsoft.com/fwlink/?LinkId=301508
 > - TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -282,8 +276,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -319,12 +313,6 @@ If you enable this policy setting, CredSSP version support will be selected base
 For more information about the vulnerability and servicing requirements for protection, see https://go.microsoft.com/fwlink/?linkid=866660
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -373,8 +361,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -412,12 +400,6 @@ If you disable this policy setting, delegation of fresh credentials is not permi
 > - TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -466,8 +448,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -505,12 +487,6 @@ If you disable this policy setting, delegation of fresh credentials is not permi
 > - TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -559,8 +535,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -598,12 +574,6 @@ If you disable this policy setting, delegation of saved credentials is not permi
 > - TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -652,8 +622,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -691,12 +661,6 @@ If you disable this policy setting, delegation of saved credentials is not permi
 > - TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -745,8 +709,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -782,12 +746,6 @@ If you disable or do not configure (by default) this policy setting, this policy
 This policy setting can be used in combination with the "Allow delegating default credentials" policy setting to define exceptions for specific servers that are otherwise permitted when using wildcard characters in the "Allow delegating default credentials" server list.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -836,8 +794,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -873,12 +831,6 @@ If you disable or do not configure (by default) this policy setting, this policy
 This policy setting can be used in combination with the "Allow delegating fresh credentials" policy setting to define exceptions for specific servers that are otherwise permitted when using wildcard characters in the "Allow delegating fresh credentials" server list.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -927,8 +879,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -964,12 +916,6 @@ If you disable or do not configure (by default) this policy setting, this policy
 This policy setting can be used in combination with the "Allow delegating saved credentials" policy setting to define exceptions for specific servers that are otherwise permitted when using wildcard characters in the "Allow delegating saved credentials" server list.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1018,8 +964,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -1056,12 +1002,6 @@ If you disable or do not configure this policy setting, Restricted Admin and Rem
 > On Windows 8.1 and Windows Server 2012 R2, enabling this policy will enforce Restricted Administration mode, regardless of the mode chosen. These versions do not support Remote Credential Guard.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -1074,8 +1014,6 @@ ADMX Info:
 <!--/Policy-->
 <hr/>
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-admx-credui.md b/windows/client-management/mdm/policy-csp-admx-credui.md
index d1ad1b5737..b6e48f936c 100644
--- a/windows/client-management/mdm/policy-csp-admx-credui.md
+++ b/windows/client-management/mdm/policy-csp-admx-credui.md
@@ -13,8 +13,13 @@ manager: dansimp
 ---
 
 # Policy CSP - ADMX_CredUI
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <hr/>
 
@@ -69,8 +74,8 @@ manager: dansimp
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -98,12 +103,6 @@ If you enable this policy setting, users will be required to enter Windows crede
 If you disable or do not configure this policy setting, users will enter Windows credentials within the user’s desktop session, potentially allowing malicious code access to the user’s Windows credentials.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -152,8 +151,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -174,12 +173,7 @@ ADMX Info:
 Available in the latest Windows 10 Insider Preview Build. If you turn this policy setting on, local users won’t be able to set up and use security questions to reset their passwords.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -190,10 +184,6 @@ ADMX Info:
 
 <!--/ADMXBacked-->
 <!--/Policy-->
-<hr/>
-
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
-
+<
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
index 9836d5e9d0..0098e79df8 100644
--- a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
+++ b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
@@ -13,8 +13,13 @@ manager: dansimp
 ---
 
 # Policy CSP - ADMX_CtrlAltDel
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <hr/>
 
@@ -75,8 +80,8 @@ manager: dansimp
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -101,12 +106,7 @@ If you enable this policy setting, the 'Change Password' button on the Windows S
 However, users are still able to change their password when prompted by the system. The system prompts users for a new password when an administrator requires a new password or their password is expiring.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -156,8 +156,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -187,12 +187,6 @@ If you disable or do not configure this policy setting, users will be able to lo
 > To lock a computer without configuring a setting, press Ctrl+Alt+Delete, and then click Lock this computer.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -240,8 +234,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -268,12 +262,6 @@ If you enable this policy setting, users will not be able to access Task Manager
 If you disable or do not configure this policy setting, users can access Task Manager to start and stop programs, monitor the performance of their computers, view and monitor all programs running on their computers, including system services, find the executable names of programs, and change the priority of the process in which programs run.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -322,8 +310,8 @@ ADMX Info:
 </tr>
 <tr>
     <td>Education</td>
-    <td>No</td>
-    <td>No</td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </tr>
 </table>
@@ -350,12 +338,6 @@ Also, see the 'Remove Logoff on the Start Menu' policy setting.
 If you disable or do not configure this policy setting, users can see and select the Log off menu item when they press Ctrl+Alt+Del.
 
 <!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
 <!--ADMXBacked-->
 ADMX Info:  
@@ -368,8 +350,6 @@ ADMX Info:
 <!--/Policy-->
 <hr/>
 
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
 
 <!--/Policies-->
 

From c16ef88881d0a1331e6a08f45c3eaa44c5491929 Mon Sep 17 00:00:00 2001
From: Meghana Athavale <v-mathavale@microsoft.com>
Date: Tue, 28 Sep 2021 14:18:38 +0530
Subject: [PATCH 627/671] Updated with review comments

---
 .../mdm/policy-csp-admx-networkconnections.md       | 13 ++++++-------
 .../mdm/policy-csp-admx-printing.md                 |  4 +---
 .../mdm/policy-csp-admx-reliability.md              |  2 --
 3 files changed, 7 insertions(+), 12 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-admx-networkconnections.md b/windows/client-management/mdm/policy-csp-admx-networkconnections.md
index 93c7d26bdf..e0e2c1610b 100644
--- a/windows/client-management/mdm/policy-csp-admx-networkconnections.md
+++ b/windows/client-management/mdm/policy-csp-admx-networkconnections.md
@@ -792,14 +792,13 @@ This policy setting determines whether settings that existed in Windows 2000 Ser
 
 The set of Network Connections group settings that existed in Windows 2000 Professional also exists in Windows XP Professional. In Windows 2000 Professional, all of these settings had the ability to prohibit the use of certain features from Administrators.
 
-By default, Network Connections group settings in Windows XP Professional do not have the ability to prohibit the use of features from Administrators.
+By default, Network Connections group settings in Windows do not have the ability to prohibit the use of features from Administrators.
 
-If you enable this setting, the Windows XP settings that existed in Windows 2000 Professional will have the ability to prohibit Administrators from using certain features. These settings are "Ability to rename LAN connections or remote access connections available to all users", "Prohibit access to properties of components of a LAN connection", "Prohibit access to properties of components of a remote access connection", "Ability to access TCP/IP advanced configuration", "Prohibit access to the Advanced Settings Item on the Advanced Menu", "Prohibit adding and removing components for a LAN or remote access connection", "Prohibit access to properties of a LAN connection", "Prohibit Enabling/Disabling components of a LAN connection", "Ability to change properties of an all user remote access connection", "Prohibit changing properties of a private remote access connection", "Prohibit deletion of remote access connections", "Ability to delete all user remote access connections", "Prohibit connecting and disconnecting a remote access connection", "Ability to Enable/Disable a LAN connection", "Prohibit access to the New Connection Wizard", "Prohibit renaming private remote access connections", "Prohibit access to the Remote Access Preferences item on the Advanced menu", "Prohibit viewing of status for an active connection". When this setting is enabled, settings that exist in both Windows 2000 Professional and Windows XP Professional behave the same for administrators.
+If you enable this setting, the Windows XP settings that existed in Windows 2000 Professional will have the ability to prohibit Administrators from using certain features. These settings are "Ability to rename LAN connections or remote access connections available to all users", "Prohibit access to properties of components of a LAN connection", "Prohibit access to properties of components of a remote access connection", "Ability to access TCP/IP advanced configuration", "Prohibit access to the Advanced Settings Item on the Advanced Menu", "Prohibit adding and removing components for a LAN or remote access connection", "Prohibit access to properties of a LAN connection", "Prohibit Enabling/Disabling components of a LAN connection", "Ability to change properties of an all user remote access connection", "Prohibit changing properties of a private remote access connection", "Prohibit deletion of remote access connections", "Ability to delete all user remote access connections", "Prohibit connecting and disconnecting a remote access connection", "Ability to Enable/Disable a LAN connection", "Prohibit access to the New Connection Wizard", "Prohibit renaming private remote access connections", "Prohibit access to the Remote Access Preferences item on the Advanced menu", "Prohibit viewing of status for an active connection". When this setting is enabled, settings that exist in both Windows 2000 Professional and Windows behave the same for administrators.
+
+If you disable this setting or do not configure it, Windows settings that existed in Windows 2000 will not apply to administrators.
 
-If you disable this setting or do not configure it, Windows XP settings that existed in Windows 2000 will not apply to administrators.
 
-> [!NOTE]
-> This setting is intended to be used in a situation in which the Group Policy object that these settings are being applied to contains both Windows 2000 Professional and Windows XP Professional computers, and identical Network Connections policy behavior is required between all Windows 2000 Professional and Windows XP Professional computers.
 
 <!--/Description-->
 
@@ -1501,7 +1500,7 @@ If you disable this setting or do not configure it, the Properties button is ena
 
 The Networking tab of the Remote Access Connection Properties dialog box includes a list of the network components that the connection uses. To view or change the properties of a component, click the name of the component, and then click the Properties button beneath the component list.
 
-> [NOTE]
+> [!NOTE]
 > Not all network components have configurable properties. For components that are not configurable, the Properties button is always disabled.
 >
 > When the "Ability to change properties of an all user remote access connection" or "Prohibit changing properties of a private remote access connection" settings are set to deny access to the Remote Access Connection Properties dialog box, the Properties button for remote access connection components is blocked.
@@ -2045,7 +2044,7 @@ ICS lets administrators configure their system as an Internet gateway for a smal
 
 If you enable this setting, ICS cannot be enabled or configured by administrators, and the ICS service cannot run on the computer. The Advanced tab in the Properties dialog box for a LAN or remote access connection is removed. The Internet Connection Sharing page is removed from the New Connection Wizard. The Network Setup Wizard is disabled.
 
-If you disable this setting or do not configure it and have two or more connections, administrators can enable ICS. The Advanced tab in the properties dialog box for a LAN or remote access connection is available. In addition, the user is presented with the option to enable Internet Connection Sharing in the Network Setup Wizard and Make New Connection Wizard. (The Network Setup Wizard is available only in Windows XP Professional.)
+If you disable this setting or do not configure it and have two or more connections, administrators can enable ICS. The Advanced tab in the properties dialog box for a LAN or remote access connection is available. In addition, the user is presented with the option to enable Internet Connection Sharing in the Network Setup Wizard and Make New Connection Wizard. 
 
 By default, ICS is disabled when you create a remote access connection, but administrators can use the Advanced tab to enable it. When running the New Connection Wizard or Network Setup Wizard, administrators can choose to enable ICS.
 
diff --git a/windows/client-management/mdm/policy-csp-admx-printing.md b/windows/client-management/mdm/policy-csp-admx-printing.md
index cceb1665c6..fe3a0db756 100644
--- a/windows/client-management/mdm/policy-csp-admx-printing.md
+++ b/windows/client-management/mdm/policy-csp-admx-printing.md
@@ -399,7 +399,6 @@ If you disable this policy setting, the client computer will only search the loc
 
 This policy setting is not configured by default, and the behavior depends on the version of Windows that you are using.
 
-By default, Windows Ultimate, Professional and Home SKUs will continue to search for compatible Point and Print drivers from Windows Update, if needed. However, you must explicitly enable this policy setting for other versions of Windows (for example Windows Enterprise, and all versions of Windows Server 2008 R2 and later) to have the same behavior.
 
 <!--/Description-->
 
@@ -847,14 +846,13 @@ ADMX Info:
 <!--Description-->
 Determines whether printers using kernel-mode drivers may be installed on the local computer.  Kernel-mode drivers have access to system-wide memory, and therefore poorly-written kernel-mode drivers can cause stop errors.
 
-If you disable this setting, or do not configure it, then printers using a kernel-mode drivers may be installed on the local computer running Windows XP Home Edition and Windows XP Professional.
 
 If you do not configure this setting on Windows Server 2003 family products, the installation of kernel-mode printer drivers will be blocked.
 
 If you enable this setting, installation of a printer using a kernel-mode driver will not be allowed.
 
 > [!NOTE]
-> By applying this policy, existing kernel-mode drivers will be disabled upon installation of service packs or reinstallation of the Windows XP operating system. This policy does not apply to 64-bit kernel-mode printer drivers as they cannot be installed and associated with a print queue.
+> This policy does not apply to 64-bit kernel-mode printer drivers as they cannot be installed and associated with a print queue.
 
 <!--/Description-->
 
diff --git a/windows/client-management/mdm/policy-csp-admx-reliability.md b/windows/client-management/mdm/policy-csp-admx-reliability.md
index 90b7ddfb6a..d7e4ecc5bc 100644
--- a/windows/client-management/mdm/policy-csp-admx-reliability.md
+++ b/windows/client-management/mdm/policy-csp-admx-reliability.md
@@ -256,8 +256,6 @@ If you disable this policy setting, the System State Data feature is never activ
 
 If you do not configure this policy setting, the default behavior for the System State Data feature occurs.
 
-> [!NOTE]
-> By default, the System State Data feature is always enabled on Windows Server 2003.
 
 <!--/Description-->
 

From 4a5580786e1a6ae71e2f8e4f7bf1894b575ffb82 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Tue, 28 Sep 2021 07:39:57 -0700
Subject: [PATCH 628/671] Update docfx.json

Changing Microsoft 365 security to Windows security
---
 windows/security/docfx.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/docfx.json b/windows/security/docfx.json
index 3a997cd1e9..d1a625e8bd 100644
--- a/windows/security/docfx.json
+++ b/windows/security/docfx.json
@@ -48,7 +48,7 @@
           "folder_relative_path_in_docset": "./"
         }
       },
-      "titleSuffix": "Microsoft 365 Security",
+      "titleSuffix": "Windows security",
       "contributors_to_exclude": [
         "rjagiewich", 
         "traya1", 

From 046287fd565696df7282b2b0fcb2c6053ac1b021 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 28 Sep 2021 10:22:53 -0700
Subject: [PATCH 629/671] Update policy-csp-timelanguagesettings.md

---
 .../client-management/mdm/policy-csp-timelanguagesettings.md    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
index 732cf867cc..b6c1c6d85e 100644
--- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md
+++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.technology: windows
 author: manikadhiman
 ms.localizationpriority: medium
-ms.date: 09/27/2019
+ms.date: 09/28/2021
 ms.reviewer: 
 manager: dansimp
 ---

From 5d0648b05cdcd08b123f75493d84d164114f68c4 Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Tue, 28 Sep 2021 11:26:13 -0700
Subject: [PATCH 630/671] update with 11

---
 .../windows-10-subscription-activation.md     | 60 +++++++++++--------
 1 file changed, 35 insertions(+), 25 deletions(-)

diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md
index 16e8c70c2a..b52b567397 100644
--- a/windows/deployment/windows-10-subscription-activation.md
+++ b/windows/deployment/windows-10-subscription-activation.md
@@ -1,6 +1,6 @@
 ---
-title: Windows 10 Subscription Activation
-description: In this article, you will learn how to dynamically enable Windows 10 Enterprise or Education subscriptions.
+title: Windows 10/11 Subscription Activation
+description: In this article, you will learn how to dynamically enable Windows 10 and Windows 11 Enterprise or Education subscriptions.
 keywords: upgrade, update, task sequence, deploy
 ms.custom: seo-marvel-apr2020
 ms.prod: w10
@@ -17,45 +17,49 @@ search.appverid:
 ms.topic: article
 ---
 
-# Windows 10 Subscription Activation
+# Windows 10/11 Subscription Activation
 
-Starting with Windows 10, version 1703 Windows 10 Pro supports the Subscription Activation feature, enabling users to “step-up” from Windows 10 Pro to **Windows 10 Enterprise** automatically if they are subscribed to Windows 10 Enterprise E3 or E5.
+Applies to:
+- Windows 10
+- Windows 11
 
-With Windows 10, version 1903 the Subscription Activation feature also supports the ability to step-up from Windows 10 Pro Education to the Enterprise grade edition for educational institutions—**Windows 10 Education**.
+Starting with Windows 10, version 1703 Windows 10 Pro supports the Subscription Activation feature, enabling users to “step-up” from Windows 10 Pro or Windows 11 Pro to **Windows 10 Enterprise** or **Windows 11 Enterprise**, respectively, if they are subscribed to Windows 10/11 Enterprise E3 or E5.
+
+With Windows 10, version 1903 and later, the Subscription Activation feature also supports the ability to step-up from Windows 10 Pro Education or Windows 11 Pro Education to the Enterprise grade editions for educational institutions—**Windows 10 Education** or **Windows 11 Education**.
 
 The Subscription Activation feature eliminates the need to manually deploy Windows 10 Enterprise or Education images on each target device, then later standing up on-prem key management services such as KMS or MAK based activation, entering Generic Volume License Keys (GVLKs), and subsequently rebooting client devices.
 
-## Subscription Activation for Windows 10 Enterprise
+## Subscription Activation for Windows 10 Enterprise and Windows 11 Enterprise
 
-With Windows 10, version 1703 both Windows 10 Enterprise E3 and Windows 10 Enterprise E5 are available as online services via subscription. Deploying [Windows 10 Enterprise](planning/windows-10-enterprise-faq-itpro.yml) in your organization can now be accomplished with no keys and no reboots.
+With Windows 10, version 1703 and later both Windows 10/11 Enterprise E3 and Windows 10/11 Enterprise E5 are available as online services via subscription. Deploying [Windows 10 Enterprise or Windows 11 Enterprise](planning/windows-10-enterprise-faq-itpro.yml) in your organization can now be accomplished with no keys and no reboots.
 
  If you are running Windows 10, version 1703 or later:
 
-- Devices with a current Windows 10 Pro license can be seamlessly upgraded to Windows 10 Enterprise.
-- Product key-based Windows 10 Enterprise software licenses can be transitioned to Windows 10 Enterprise subscriptions.
+- Devices with a current Windows 10 Pro license or Windows 11 Pro license can be seamlessly upgraded to Windows 10 Enterprise or Windows 11 Enterprise, respectively.
+- Product key-based Windows 10 Enterprise or Windows 11 Enterpise software licenses can be transitioned to Windows 10 Enterprise and Windows 11 Enterprise subscriptions.
 
 Organizations that have an Enterprise agreement can also benefit from the new service, using traditional Active Directory-joined devices. In this scenario, the Active Directory user that signs in on their device must be synchronized with Azure AD using [Azure AD Connect Sync](/azure/active-directory/connect/active-directory-aadconnectsync-whatis).
 
-## Subscription Activation for Windows 10 Education
+## Subscription Activation for Windows 10 Education and Windows 11 Education
 
-Subscription Activation for Education works the same as the Enterprise version, but in order to use Subscription Activation for Education, you must have a device running Windows 10 Pro Education, version 1903 or later and an active subscription plan with a Windows 10 Enterprise license. For more information, see the [requirements](#windows-10-education-requirements) section.
+Subscription Activation for Education works the same as the Enterprise version, but in order to use Subscription Activation for Education, you must have a device running Windows 10 Pro Education, version 1903 or later and an active subscription plan with a Windows 10 Enterprise or Windows 11 Enterprise license. For more information, see the [requirements](#windows-10-education-requirements) section.
 
 ## Summary
 
 - [Inherited Activation](#inherited-activation): Description of a new feature available in Windows 10, version 1803 and later.
 - [The evolution of Windows 10 deployment](#the-evolution-of-deployment): A short history of Windows deployment.
 - [Requirements](#requirements): Prerequisites to use the Windows 10 Subscription Activation model.
-- [Benefits](#benefits): Advantages of Windows 10 subscription-based licensing.
+- [Benefits](#benefits): Advantages of Windows 10/11 subscription-based licensing.
 - [How it works](#how-it-works): A summary of the subscription-based licensing option.
-- [Virtual Desktop Access (VDA)](#virtual-desktop-access-vda): Enable Windows 10 Subscription Activation for VMs in the cloud.
+- [Virtual Desktop Access (VDA)](#virtual-desktop-access-vda): Enable Windows 10/11 Subscription Activation for VMs in the cloud.
 
-For information on how to deploy Windows 10 Enterprise licenses, see [Deploy Windows 10 Enterprise licenses](deploy-enterprise-licenses.md).
+For information on how to deploy Windows 10 Enterprise licenses, see [Deploy Windows 10/11 Enterprise licenses](deploy-enterprise-licenses.md).
 
 ## Inherited Activation
 
-Inherited Activation is a new feature available in Windows 10, version 1803 that allows Windows 10 virtual machines to inherit activation state from their Windows 10 host.
+Inherited Activation is a new feature available in Windows 10, version 1803 or later that allows Windows 10/11 virtual machines to inherit activation state from their Windows 10/11 host.
 
-When a user with Windows 10 E3/E5 or A3/A5 license assigned creates a new Windows 10 virtual machine (VM) using a Windows 10 local host, the VM inherits the activation state from a host machine independent of whether user signs on with a local account or using an Azure Active Directory (AAD) account on a VM.
+When a user with Windows 10/11 E3/E5 or A3/A5 license assigned creates a new Windows 10 virtual machine (VM) using a Windows 10/11 local host, the VM inherits the activation state from a host machine independent of whether user signs on with a local account or using an Azure Active Directory (AAD) account on a VM.
 
 To support Inherited Activation, both the host computer and the VM must be running Windows 10, version 1803 or later. The hypervisor platform must also be Windows Hyper-V.
 
@@ -83,12 +87,15 @@ The following figure illustrates how deploying Windows 10 has evolved with each
 
 - **Windows 10, version 1903** updates Windows 10 Subscription Activation to enable step up from Windows 10 Pro Education to Windows 10 Education for those with a qualifying Windows 10 or Microsoft 365 subscription.
 
+> [!NOTE]
+> All the benefits of Windows 10 Subscription Activation are carried forward with Windows 11 and Windows 10/11 Subscription Activation.
+
 ## Requirements
 
-### Windows 10 Enterprise requirements
+### Windows 10/11 Enterprise requirements
 
 > [!NOTE]
-> The following requirements do not apply to general Windows 10 activation on Azure. Azure activation requires a connection to Azure KMS only, and supports workgroup, Hybrid, and Azure AD-joined VMs. In most scenarios, activation of Azure VMs happens automatically. For more information, see [Understanding Azure KMS endpoints for Windows product activation of Azure Virtual Machines](/azure/virtual-machines/troubleshooting/troubleshoot-activation-problems#understanding-azure-kms-endpoints-for-windows-product-activation-of-azure-virtual-machines).
+> The following requirements do not apply to general Windows 10/11 activation on Azure. Azure activation requires a connection to Azure KMS only, and supports workgroup, Hybrid, and Azure AD-joined VMs. In most scenarios, activation of Azure VMs happens automatically. For more information, see [Understanding Azure KMS endpoints for Windows product activation of Azure Virtual Machines](/azure/virtual-machines/troubleshooting/troubleshoot-activation-problems#understanding-azure-kms-endpoints-for-windows-product-activation-of-azure-virtual-machines).
 
 > [!NOTE]
 > Currently, Subscription Activation is only available on commercial tenants and is currently not available on US GCC, GCC High, or DoD tenants.
@@ -99,7 +106,7 @@ For Microsoft customers with Enterprise Agreements (EA) or Microsoft Products &
 - Azure Active Directory (Azure AD) available for identity management.
 - Devices must be Azure AD-joined or Hybrid Azure AD joined. Workgroup-joined or Azure AD registered devices are not supported.
 
-For Microsoft customers that do not have EA or MPSA, you can obtain Windows 10 Enterprise E3/E5 or A3/A5 through a cloud solution provider (CSP). Identity management and device requirements are the same when you use CSP to manage licenses, with the exception that Windows 10 Enterprise E3 is also available through CSP to devices running Windows 10, version 1607. For more information about obtaining Windows 10 Enterprise E3 through your CSP, see [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md).
+For Microsoft customers that do not have EA or MPSA, you can obtain Windows 10 Enterprise E3/E5 or A3/A5 through a cloud solution provider (CSP). Identity management and device requirements are the same when you use CSP to manage licenses, with the exception that Windows 10/11 Enterprise E3 is also available through CSP to devices running Windows 10, version 1607. For more information about obtaining Windows 10/11 Enterprise E3 through your CSP, see [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md).
 
 If devices are running Windows 7 or Windows 8.1, see [New Windows 10 upgrade benefits for Windows Cloud Subscriptions in CSP](https://www.microsoft.com/en-us/microsoft-365/blog/2017/01/19/new-windows-10-upgrade-benefits-windows-cloud-subscriptions-csp/)
 
@@ -123,7 +130,7 @@ If the device is running Windows 10, version 1809 or later:
 
    ![Subscription Activation with MFA example 3.](images/sa-mfa3.png)
 
-### Windows 10 Education requirements
+### Windows 10/11 Education requirements
 
 - Windows 10 Pro Education, version 1903 or later installed on the devices to be upgraded.
 
@@ -139,7 +146,7 @@ If the device is running Windows 10, version 1809 or later:
 
 ## Benefits
 
-With Windows 10 Enterprise or Windows 10 Education, businesses and institutions can benefit from enterprise-level security and control. Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Windows 10 Education or Windows 10 Enterprise to their users. Now, with Windows 10 Enterprise E3 or A3 and E5 or A5 being available as a true online service, it is available in select channels thus allowing all organizations to take advantage of enterprise-grade Windows 10 features. To compare Windows 10 editions and review pricing, see the following:
+With Windows 10/11 Enterprise or Windows 10/11 Education, businesses and institutions can benefit from enterprise-level security and control. Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Windows 10/11 Education or Windows 10/11 Enterprise to their users. Now, with Windows 10/11 Enterprise E3 or A3 and E5 or A5 being available as a true online service, it is available in select channels thus allowing all organizations to take advantage of enterprise-grade Windows 10 features. To compare Windows 10 editions and review pricing, see the following:
 
 - [Compare Windows 10 editions](https://www.microsoft.com/windowsforbusiness/compare)
 - [Enterprise Mobility + Security Pricing Options](https://www.microsoft.com/cloud-platform/enterprise-mobility-security-pricing)
@@ -158,6 +165,9 @@ You can benefit by moving to Windows as an online service in the following ways:
 
 ## How it works
 
+> [!NOTE]
+. The following Windows 10 examples and scenarios also apply to Windows 11.
+
 The device is AAD joined from **Settings > Accounts > Access work or school**.
 
 The IT administrator assigns Windows 10 Enterprise to a user. See the following figure.
@@ -214,8 +224,8 @@ If you’re running Windows 7, it can be more work.  A wipe-and-load approach w
 
 The following policies apply to acquisition and renewal of licenses on devices:
 - Devices that have been upgraded will attempt to renew licenses about every 30 days, and must be connected to the Internet to successfully acquire or renew a license.
-- If a device is disconnected from the Internet until its current subscription expires, the operating system will revert to Windows 10 Pro or Windows 10 Pro Education. As soon as the device is connected to the Internet again, the license will automatically renew.
-- Up to five devices can be upgraded for each user license. If the user license is used for a sixth device, the operating system on the computer to which a user has not logged in the longest will revert to Windows 10 Pro or Windows 10 Pro Education.
+- If a device is disconnected from the Internet until its current subscription expires, the operating system will revert to Windows 10/11 Pro or Windows 10/11 Pro Education. As soon as the device is connected to the Internet again, the license will automatically renew.
+- Up to five devices can be upgraded for each user license. If the user license is used for a sixth device, the operating system on the computer to which a user has not logged in the longest will revert to Windows 10/11 Pro or Windows 10/11 Pro Education.
 - If a device meets the requirements and a licensed user signs in on that device, it will be upgraded.
 
 Licenses can be reallocated from one user to another user, allowing you to optimize your licensing investment against changing needs.
@@ -224,7 +234,7 @@ When you have the required Azure AD subscription, group-based licensing is the p
 
 ### Existing Enterprise deployments
 
-If you are running Windows 10, version 1803 or later, Subscription Activation will automatically pull the firmware-embedded Windows 10 activation key and activate the underlying Pro License. The license will then step-up to Windows 10 Enterprise using Subscription Activation. This automatically migrates your devices from KMS or MAK activated Enterprise to Subscription activated Enterprise.
+If you are running Windows 10, version 1803 or later, Subscription Activation will automatically pull the firmware-embedded Windows 10 activation key and activate the underlying Pro License. The license will then step-up to Windows 10/11 Enterprise using Subscription Activation. This automatically migrates your devices from KMS or MAK activated Enterprise to Subscription activated Enterprise.
 
 > [!CAUTION]
 > Firmware-embedded Windows 10 activation happens automatically only when we go through OOBE (Out Of Box Experience).
@@ -273,7 +283,7 @@ See [Deploy Windows 10 Enterprise licenses](deploy-enterprise-licenses.md).
 
 ## Virtual Desktop Access (VDA)
 
-Subscriptions to Windows 10 Enterprise are also available for virtualized clients. Windows 10 Enterprise E3 and E5 are available for Virtual Desktop Access (VDA) in Windows Azure or in another [qualified multitenant hoster](https://microsoft.com/en-us/CloudandHosting/licensing_sca.aspx).
+Subscriptions to Windows 10/11 Enterprise are also available for virtualized clients. Windows 10/11 Enterprise E3 and E5 are available for Virtual Desktop Access (VDA) in Windows Azure or in another [qualified multitenant hoster](https://microsoft.com/en-us/CloudandHosting/licensing_sca.aspx).
 
 Virtual machines (VMs) must be configured to enable Windows 10 Enterprise subscriptions for VDA. Active Directory-joined and Azure Active Directory-joined clients are supported. See [Enable VDA for Subscription Activation](vda-subscription-activation.md).
 

From acc1caa9c0efe9909c332368c165e2daabc5b7d1 Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Tue, 28 Sep 2021 12:15:45 -0700
Subject: [PATCH 631/671] update with 11

---
 windows/deployment/TOC.yml                    |  6 +-
 .../windows-10-enterprise-e3-overview.md      | 67 +++++++++----------
 .../windows-10-subscription-activation.md     | 24 ++-----
 3 files changed, 40 insertions(+), 57 deletions(-)

diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml
index 18817d1d38..cdcc9f1abd 100644
--- a/windows/deployment/TOC.yml
+++ b/windows/deployment/TOC.yml
@@ -134,13 +134,13 @@
                   href: deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
             - name: Subscription Activation
               items:
-                - name: Windows 10 Subscription Activation
+                - name: Windows 10/11 Subscription Activation
                   href: windows-10-subscription-activation.md
-                - name: Windows 10 Enterprise E3 in CSP
+                - name: Windows 10/11 Enterprise E3 in CSP
                   href: windows-10-enterprise-e3-overview.md
                 - name: Configure VDA for Subscription Activation
                   href: vda-subscription-activation.md
-                - name: Deploy Windows 10 Enterprise licenses
+                - name: Deploy Windows 10/11 Enterprise licenses
                   href: deploy-enterprise-licenses.md
         - name: Deploy Windows 10 updates
           items:
diff --git a/windows/deployment/windows-10-enterprise-e3-overview.md b/windows/deployment/windows-10-enterprise-e3-overview.md
index 33fe4e9e80..f9f45982f7 100644
--- a/windows/deployment/windows-10-enterprise-e3-overview.md
+++ b/windows/deployment/windows-10-enterprise-e3-overview.md
@@ -1,5 +1,5 @@
 ---
-title: Windows 10 Enterprise E3 in CSP
+title: Windows 10/11 Enterprise E3 in CSP
 description: Describes Windows 10 Enterprise E3, an offering that delivers, by subscription, the features of Windows 10 Enterprise edition.
 keywords: upgrade, update, task sequence, deploy
 ms.prod: w10
@@ -7,9 +7,9 @@ ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.sitesec: library
 ms.pagetype: mdt
-ms.date: 08/24/2017
+ms.date: 09/28/2021
 ms.reviewer: 
-manager: laurawi
+manager: dougeby
 ms.audience: itpro
 author: greg-lindsay
 audience: itpro
@@ -17,51 +17,46 @@ ms.collection: M365-modern-desktop
 ms.topic: article
 ---
 
-# Windows 10 Enterprise E3 in CSP
+# Windows 10/11 Enterprise E3 in CSP
 
-Windows 10 Enterprise E3 launched in the Cloud Solution Provider (CSP) channel on September 1, 2016. Windows 10 Enterprise E3 in CSP is a new offering that delivers, by subscription, exclusive features reserved for Windows 10 Enterprise edition. This offering is available through the Cloud Solution Provider (CSP) channel via the Partner Center as an online service. Windows 10 Enterprise E3 in CSP provides a flexible, per-user subscription for small- and medium-sized organizations (from one to hundreds of users). To take advantage of this offering, you must have the following:
+Windows 10 Enterprise E3 launched in the Cloud Solution Provider (CSP) channel on September 1, 2016. Windows 10/11 Enterprise E3 in CSP is available now for both Windows 10 and Windows 11.  It delivers, by subscription, exclusive features reserved for Windows 10 or Windows 11 Enterprise editions. This offering is available through the Cloud Solution Provider (CSP) channel via the Partner Center as an online service. Windows 10/11 Enterprise E3 in CSP provides a flexible, per-user subscription for small- and medium-sized organizations (from one to hundreds of users). To take advantage of this offering, you must have the following:
 
--   Windows 10 Pro, version 1607 (Windows 10 Anniversary Update) or later, installed and activated, on the devices to be upgraded
+-   Windows 10 Pro, version 1607 (Windows 10 Anniversary Update) or later, installed and activated, on the devices to be upgraded. Windows 11 is considered "later" in this context.
 -   Azure Active Directory (Azure AD) available for identity management
 
-Starting with Windows 10, version 1607 (Windows 10 Anniversary Update), you can move from Windows 10 Pro to Windows 10 Enterprise more easily than ever before—no keys and no reboots. After one of your users enters the Azure AD credentials associated with a Windows 10 Enterprise E3 license, the operating system turns from Windows 10 Pro to Windows 10 Enterprise and all the appropriate Windows 10 Enterprise features are unlocked. When a subscription license expires or is transferred to another user, the Windows 10 Enterprise device seamlessly steps back down to Windows 10 Pro.
+Starting with Windows 10, version 1607 (Windows 10 Anniversary Update), you can move from Windows 10 Pro or Windows 11 Pro to Windows 10 Enterprise or Windows 11 Enterprise more easily than ever before—no keys and no reboots. After one of your users enters the Azure AD credentials associated with a Windows 10/11 Enterprise E3 license, the operating system turns from Windows 10 Pro to Windows 10 Enterprise or Windows 11 Pro to Windows 11 Enterprise and all the appropriate Enterprise features are unlocked. When a subscription license expires or is transferred to another user, the Enterprise device seamlessly steps back down to Windows 10 Pro or Windows 11 Pro.
 
-Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Windows 10 Enterprise to their users. Now, with Windows 10 Enterprise E3 in CSP, small- and medium-sized organizations can more easily take advantage of Windows 10 Enterprise features.
+Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Windows 10 Enterprise or Windows 11 Enterprise to their users. Now, with Windows 10/11 Enterprise E3 in CSP, small- and medium-sized organizations can more easily take advantage of Enterprise edition features.
 
-When you purchase Windows 10 Enterprise E3 via a partner, you get the following benefits:
-
--   **Windows 10 Enterprise edition**. Devices currently running Windows 10 Pro, version 1607 can get Windows 10 Enterprise Current Branch (CB) or Current Branch for Business (CBB). This benefit does not include Long Term Service Branch (LTSB).
-
--   **Support from one to hundreds of users**. Although the Windows 10 Enterprise E3 in CSP program does not have a limitation on the number of licenses an organization can have, the program is designed for small- and medium-sized organizations.
+When you purchase Windows 10/11 Enterprise E3 via a partner, you get the following benefits:
 
+-   **Windows 10/11 Enterprise edition**. Devices currently running Windows 10 Pro or Windows 11 Pro can get Windows 10/11 Enterprise Current Branch (CB) or Current Branch for Business (CBB). This benefit does not include Long Term Service Branch (LTSB).
+-   **Support from one to hundreds of users**. Although the Windows 10/11 Enterprise E3 in CSP program does not have a limitation on the number of licenses an organization can have, the program is designed for small- and medium-sized organizations.
 -   **Deploy on up to five devices**. For each user covered by the license, you can deploy Windows 10 Enterprise edition on up to five devices.
-
--   **Roll back to Windows 10 Pro at any time**. When a user’s subscription expires or is transferred to another user, the Windows 10 Enterprise device reverts seamlessly to Windows 10 Pro edition (after a grace period of up to 90 days).
-
--   **Monthly, per-user pricing model**. This makes Windows 10 Enterprise E3 affordable for any organization.
-
+-   **Roll back to Windows 10 Pro at any time**. When a user’s subscription expires or is transferred to another user, the Windows 10/11 Enterprise device reverts seamlessly to Windows 10/11 Pro edition (after a grace period of up to 90 days).
+-   **Monthly, per-user pricing model**. This makes Windows 10/11 Enterprise E3 affordable for any organization.
 -   **Move licenses between users**. Licenses can be quickly and easily reallocated from one user to another user, allowing you to optimize your licensing investment against changing needs.
 
-How does the Windows 10 Enterprise E3 in CSP program compare with Microsoft Volume Licensing Agreements and Software Assurance?
+How does the Windows 10/11 Enterprise E3 in CSP program compare with Microsoft Volume Licensing Agreements and Software Assurance?
 
 -   [Microsoft Volume Licensing](https://www.microsoft.com/licensing/default.aspx) programs are broader in scope, providing organizations with access to licensing for all Microsoft products.
 
 -   [Software Assurance](https://www.microsoft.com/Licensing/licensing-programs/software-assurance-default.aspx) provides organizations with the following categories of benefits:
 
     -   **Deployment and management**. These benefits include planning services, Microsoft Desktop Optimization (MDOP), Windows Virtual Desktop Access Rights, Windows-To-Go Rights, Windows Roaming Use Rights, Windows Thin PC, Windows RT Companion VDA Rights, and other benefits.
-
     -   **Training**. These benefits include training vouchers, online e-learning, and a home use program.
-
     -   **Support**. These benefits include 24x7 problem resolution support, backup capabilities for disaster recovery, System Center Global Service Monitor, and a passive secondary instance of SQL Server.
-
     -   **Specialized**. These benefits include step-up licensing availability (which enables you to migrate software from an earlier edition to a higher-level edition) and to spread license and Software Assurance payments across three equal, annual sums.
 
-    In addition, in Windows 10 Enterprise E3 in CSP, a partner can manage your licenses for you. With Software Assurance, you, the customer, manage your own licenses.
+    In addition, in Windows 10/11 Enterprise E3 in CSP, a partner can manage your licenses for you. With Software Assurance, you, the customer, manage your own licenses.
 
-In summary, the Windows 10 Enterprise E3 in CSP program is an upgrade offering that provides small- and medium-sized organizations easier, more flexible access to the benefits of Windows 10 Enterprise edition, whereas Microsoft Volume Licensing programs and Software Assurance are broader in scope and provide benefits beyond access to Windows 10 Enterprise edition.
+In summary, the Windows 10/11 Enterprise E3 in CSP program is an upgrade offering that provides small- and medium-sized organizations easier, more flexible access to the benefits of Windows 10 Enterprise edition, whereas Microsoft Volume Licensing programs and Software Assurance are broader in scope and provide benefits beyond access to the Enterprise edition of Windows 10 or Windows 11.
 
 ## Compare Windows 10 Pro and Enterprise editions
 
+> [NOTE!]
+> The following table only lists Windows 10. More information will be available about differences between Windows 11 editions after Windows 11 is generally available.
+
 Windows 10 Enterprise edition has a number of features that are unavailable in Windows 10 Pro. Table 1 lists the Windows 10 Enterprise features not found in Windows 10 Pro. Many of these features are security-related, whereas others enable finer-grained device management.
 
 *Table 1. Windows 10 Enterprise features not found in Windows 10 Pro*
@@ -140,19 +135,19 @@ Windows 10 Enterprise edition has a number of features that are unavailable in
 </tbody>
 </table>
 
-## Deployment of Windows 10 Enterprise E3 licenses
+## Deployment of Windows 10/11 Enterprise E3 licenses
 
 See [Deploy Windows 10 Enterprise licenses](deploy-enterprise-licenses.md).
 
-## Deploy Windows 10 Enterprise features
+## Deploy Windows 10/11 Enterprise features
 
-Now that you have Windows 10 Enterprise edition running on devices, how do you take advantage of the Enterprise edition features and capabilities? What are the next steps that need to be taken for each of the features discussed in [Table 1](#compare-windows10-pro-and-enterprise-editions)?
+Now that you have Windows 10/11 Enterprise edition running on devices, how do you take advantage of the Enterprise edition features and capabilities? What are the next steps that need to be taken for each of the features discussed in [Table 1](#compare-windows10-pro-and-enterprise-editions)?
 
-The following sections provide you with the high-level tasks that need to be performed in your environment to help users take advantage of the Windows 10 Enterprise edition features.
+The following sections provide you with the high-level tasks that need to be performed in your environment to help users take advantage of the Windows 10/11 Enterprise edition features.
 
 ### Credential Guard\*
 
-You can implement Credential Guard on Windows 10 Enterprise devices by turning on Credential Guard on these devices. Credential Guard uses Windows 10 virtualization-based security features (Hyper-V features) that must be enabled on each device before you can turn on Credential Guard. You can turn on Credential Guard by using one of the following methods:
+You can implement Credential Guard on Windows 10 Enterprise devices by turning on Credential Guard on these devices. Credential Guard uses Windows 10/11 virtualization-based security features (Hyper-V features) that must be enabled on each device before you can turn on Credential Guard. You can turn on Credential Guard by using one of the following methods:
 
 -   **Automated**. You can automatically turn on Credential Guard for one or more devices by using Group Policy. The Group Policy settings automatically add the virtualization-based security features and configure the Credential Guard registry settings on managed devices.
 
@@ -174,7 +169,7 @@ For more information about implementing Credential Guard, see the following reso
 
 ### Device Guard
 
-Now that the devices have Windows 10 Enterprise, you can implement Device Guard on the Windows 10 Enterprise devices by performing the following steps:
+Now that the devices have Windows 10/11 Enterprise, you can implement Device Guard on the Windows 10 Enterprise devices by performing the following steps:
 
 1.  **Optionally, create a signing certificate for code integrity policies**. As you deploy code integrity policies, you might need to sign catalog files or code integrity policies internally. To do this, you will either need a publicly issued code signing certificate (that you purchase) or an internal certificate authority (CA). If you choose to use an internal CA, you will need to create a code signing certificate.
 
@@ -197,7 +192,7 @@ For more information about implementing Device Guard, see:
 
 ### AppLocker management
 
-You can manage AppLocker in Windows 10 Enterprise by using Group Policy. Group Policy requires that the you have AD DS and that the Windows 10 Enterprise devices are joined to the your AD DS domain. You can create AppLocker rules by using Group Policy, and then target those rules to the appropriate devices.
+You can manage AppLocker in Windows 10 Enterprise by using Group Policy. Group Policy requires that the you have AD DS and that the Windows 10/11 Enterprise devices are joined to the your AD DS domain. You can create AppLocker rules by using Group Policy, and then target those rules to the appropriate devices.
 
 For more information about AppLocker management by using Group Policy, see [AppLocker deployment guide](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide).
 
@@ -209,7 +204,7 @@ App-V requires an App-V server infrastructure to support App-V clients. The prim
 
 -   **App-V sequencer**. The App-V sequencer is a typical client device that is used to sequence (capture) apps and prepare them for hosting from the App-V server. You install apps on the App-V sequencer, and the App-V sequencer software determines the files and registry settings that are changed during app installation. Then the sequencer captures these settings to create a virtualized app.
 
--   **App-V client**. The App-V client must be enabled on any client device on which apps will be run from the App-V server. These will be the Windows 10 Enterprise E3 devices.
+-   **App-V client**. The App-V client must be enabled on any client device on which apps will be run from the App-V server. These will be the Windows 10/11 Enterprise E3 devices.
 
 For more information about implementing the App-V server, App-V sequencer, and App-V client, see the following resources:
 
@@ -253,7 +248,7 @@ The Managed User Experience feature is a set of Windows 10 Enterprise edition f
 
 ## Related topics
 
-[Windows 10 Enterprise Subscription Activation](windows-10-subscription-activation.md)
-<BR>[Connect domain-joined devices to Azure AD for Windows 10 experiences](/azure/active-directory/devices/hybrid-azuread-join-plan)
-<BR>[Compare Windows 10 editions](https://www.microsoft.com/WindowsForBusiness/Compare)
-<BR>[Windows for business](https://www.microsoft.com/windowsforbusiness/default.aspx)
\ No newline at end of file
+[Windows 10/11 Enterprise Subscription Activation](windows-10-subscription-activation.md)<br>
+[Connect domain-joined devices to Azure AD for Windows 10 experiences](/azure/active-directory/devices/hybrid-azuread-join-plan)<br>
+[Compare Windows 10 editions](https://www.microsoft.com/WindowsForBusiness/Compare)<br>
+[Windows for business](https://www.microsoft.com/windowsforbusiness/default.aspx)<br>
\ No newline at end of file
diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md
index b52b567397..3582a6b312 100644
--- a/windows/deployment/windows-10-subscription-activation.md
+++ b/windows/deployment/windows-10-subscription-activation.md
@@ -27,7 +27,7 @@ Starting with Windows 10, version 1703 Windows 10 Pro supports the Subscription
 
 With Windows 10, version 1903 and later, the Subscription Activation feature also supports the ability to step-up from Windows 10 Pro Education or Windows 11 Pro Education to the Enterprise grade editions for educational institutions—**Windows 10 Education** or **Windows 11 Education**.
 
-The Subscription Activation feature eliminates the need to manually deploy Windows 10 Enterprise or Education images on each target device, then later standing up on-prem key management services such as KMS or MAK based activation, entering Generic Volume License Keys (GVLKs), and subsequently rebooting client devices.
+The Subscription Activation feature eliminates the need to manually deploy Enterprise or Education edition images on each target device, then later standing up on-prem key management services such as KMS or MAK based activation, entering Generic Volume License Keys (GVLKs), and subsequently rebooting client devices.
 
 ## Subscription Activation for Windows 10 Enterprise and Windows 11 Enterprise
 
@@ -42,7 +42,7 @@ Organizations that have an Enterprise agreement can also benefit from the new se
 
 ## Subscription Activation for Windows 10 Education and Windows 11 Education
 
-Subscription Activation for Education works the same as the Enterprise version, but in order to use Subscription Activation for Education, you must have a device running Windows 10 Pro Education, version 1903 or later and an active subscription plan with a Windows 10 Enterprise or Windows 11 Enterprise license. For more information, see the [requirements](#windows-10-education-requirements) section.
+Subscription Activation for Education works the same as the Enterprise version, but in order to use Subscription Activation for Education, you must have a device running Windows 10 Pro Education, version 1903 or later and an active subscription plan with a Windows 10 Enterprise or Windows 11 Enterprise license. For more information, see the [requirements](#windows-10-11-education-requirements) section.
 
 ## Summary
 
@@ -59,7 +59,7 @@ For information on how to deploy Windows 10 Enterprise licenses, see [Deploy Win
 
 Inherited Activation is a new feature available in Windows 10, version 1803 or later that allows Windows 10/11 virtual machines to inherit activation state from their Windows 10/11 host.
 
-When a user with Windows 10/11 E3/E5 or A3/A5 license assigned creates a new Windows 10 virtual machine (VM) using a Windows 10/11 local host, the VM inherits the activation state from a host machine independent of whether user signs on with a local account or using an Azure Active Directory (AAD) account on a VM.
+When a user with Windows 10/11 E3/E5 or A3/A5 license assigned creates a new Windows 10 or Windows 11 virtual machine (VM) using a Windows 10/11 local host, the VM inherits the activation state from a host machine independent of whether user signs on with a local account or using an Azure Active Directory (AAD) account on a VM.
 
 To support Inherited Activation, both the host computer and the VM must be running Windows 10, version 1803 or later. The hypervisor platform must also be Windows Hyper-V.
 
@@ -72,37 +72,28 @@ The following figure illustrates how deploying Windows 10 has evolved with each
 ![Illustration of how Windows 10 deployment has evolved.](images/sa-evolution.png)
 
 - **Windows 7** required you to redeploy the operating system using a full wipe-and-load process if you wanted to change from Windows 7 Professional to Windows 10 Enterprise.<br>
-
 - **Windows 8.1** added support for a Windows 8.1 Pro to Windows 8.1 Enterprise in-place upgrade (considered a “repair upgrade” because the OS version was the same before and after).  This was a lot easier than wipe-and-load, but it was still time-consuming.<br>
-
 - **Windows 10, version 1507** added the ability to install a new product key using a provisioning package or using MDM to change the SKU.  This required a reboot, which would install the new OS components, and took several minutes to complete. However, it was a lot quicker than in-place upgrade.<br>
-
 - **Windows 10, version 1607** made a big leap forward. Now you can just change the product key and the SKU instantly changes from Windows 10 Pro to Windows 10 Enterprise.  In addition to provisioning packages and MDM, you can just inject a key using SLMGR.VBS (which injects the key into WMI), so it became trivial to do this using a command line.<br>
-
 - **Windows 10, version 1703** made this “step-up” from Windows 10 Pro to Windows 10 Enterprise automatic for those that subscribed to Windows 10 Enterprise E3 or E5 via the CSP program.<br>
-
 - **Windows 10, version 1709** adds support for Windows 10 Subscription Activation, very similar to the CSP support but for large enterprises, enabling the use of Azure AD for assigning licenses to users. When those users sign in on an AD or Azure AD-joined machine, it automatically steps up from Windows 10 Pro to Windows 10 Enterprise.<br>
-
 - **Windows 10, version 1803** updates Windows 10 Subscription Activation to enable pulling activation keys directly from firmware for devices that support firmware-embedded keys. It is no longer necessary to run a script to perform the activation step on Windows 10 Pro prior to activating Enterprise. For virtual machines and hosts running Windows 10, version 1803 [Inherited Activation](#inherited-activation) is also enabled.<br>
-
 - **Windows 10, version 1903** updates Windows 10 Subscription Activation to enable step up from Windows 10 Pro Education to Windows 10 Education for those with a qualifying Windows 10 or Microsoft 365 subscription.
-
-> [!NOTE]
-> All the benefits of Windows 10 Subscription Activation are carried forward with Windows 11 and Windows 10/11 Subscription Activation.
+- **Windows 11** updates Subscription Activation to work on both Windows 10 and Windows 11 devices. **Important**: Subscription activation does not update a device from Windows 10 to Windows 11. Only the edition is updated.
 
 ## Requirements
 
 ### Windows 10/11 Enterprise requirements
 
 > [!NOTE]
-> The following requirements do not apply to general Windows 10/11 activation on Azure. Azure activation requires a connection to Azure KMS only, and supports workgroup, Hybrid, and Azure AD-joined VMs. In most scenarios, activation of Azure VMs happens automatically. For more information, see [Understanding Azure KMS endpoints for Windows product activation of Azure Virtual Machines](/azure/virtual-machines/troubleshooting/troubleshoot-activation-problems#understanding-azure-kms-endpoints-for-windows-product-activation-of-azure-virtual-machines).
+> The following requirements do not apply to general Windows client activation on Azure. Azure activation requires a connection to Azure KMS only, and supports workgroup, Hybrid, and Azure AD-joined VMs. In most scenarios, activation of Azure VMs happens automatically. For more information, see [Understanding Azure KMS endpoints for Windows product activation of Azure Virtual Machines](/azure/virtual-machines/troubleshooting/troubleshoot-activation-problems#understanding-azure-kms-endpoints-for-windows-product-activation-of-azure-virtual-machines).
 
 > [!NOTE]
 > Currently, Subscription Activation is only available on commercial tenants and is currently not available on US GCC, GCC High, or DoD tenants.
 
 For Microsoft customers with Enterprise Agreements (EA) or Microsoft Products & Services Agreements (MPSA), you must have the following:
 
-- Windows 10 (Pro or Enterprise) version 1703 or later installed on the devices to be upgraded.
+- Windows 10 (Pro or Enterprise) version 1703 or later installed on the devices to be upgraded. Windows 11 is considered a "later" version in this context.
 - Azure Active Directory (Azure AD) available for identity management.
 - Devices must be Azure AD-joined or Hybrid Azure AD joined. Workgroup-joined or Azure AD registered devices are not supported.
 
@@ -133,11 +124,8 @@ If the device is running Windows 10, version 1809 or later:
 ### Windows 10/11 Education requirements
 
 - Windows 10 Pro Education, version 1903 or later installed on the devices to be upgraded.
-
 - A device with a Windows 10 Pro Education digital license. You can confirm this information in **Settings > Update & Security > Activation**.
-
 - The Education tenant must have an active subscription to Microsoft 365 with a Windows 10 Enterprise license or a Windows 10 Enterprise or Education subscription.
-
 - Devices must be Azure AD-joined or Hybrid Azure AD joined. Workgroup-joined or Azure AD registered devices are not supported.
 
 > [!IMPORTANT]

From 246e887958b4b73f7fdf44d4d332fed0adbbae1f Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Tue, 28 Sep 2021 12:26:57 -0700
Subject: [PATCH 632/671] update with 11

---
 .../deployment/deploy-enterprise-licenses.md  | 80 ++++++++-----------
 .../deployment/vda-subscription-activation.md |  4 +-
 2 files changed, 37 insertions(+), 47 deletions(-)

diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md
index 1101efd400..35d5e7ad7f 100644
--- a/windows/deployment/deploy-enterprise-licenses.md
+++ b/windows/deployment/deploy-enterprise-licenses.md
@@ -1,10 +1,10 @@
 ---
-title: Deploy Windows 10 Enterprise licenses
+title: Deploy Windows 10/11 Enterprise licenses
 ms.reviewer: 
 manager: laurawi
 ms.audience: itpro
 ms.author: greglin
-description: Steps to deploy Windows 10 Enterprise licenses for Windows 10 Enterprise E3 or E5 Subscription Activation, or for Windows 10 Enterprise E3 in CSP
+description: Steps to deploy Windows 10 Enterprise or Windows 11 Enterprise licenses for Windows 10/11 Enterprise E3 or E5 Subscription Activation, or for Windows 10/11 Enterprise E3 in CSP
 keywords: upgrade, update, task sequence, deploy
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -16,18 +16,18 @@ author: greg-lindsay
 ms.topic: article
 ---
 
-# Deploy Windows 10 Enterprise licenses
+# Deploy Windows 10/11 Enterprise licenses
 
-This topic describes how to deploy Windows 10 Enterprise E3 or E5 licenses with [Windows 10 Enterprise Subscription Activation](windows-10-subscription-activation.md) or [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md) and Azure Active Directory (Azure AD).
+This topic describes how to deploy Windows 10 or Windows 11 Enterprise E3 or E5 licenses with [Windows 10/11 Enterprise Subscription Activation](windows-10-subscription-activation.md) or [Windows 10/11 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md) and Azure Active Directory (Azure AD).
 
->[!NOTE]
->* Windows 10 Enterprise Subscription Activation (EA or MPSA) requires Windows 10 Pro, version 1703 or later.
->* Windows 10 Enterprise E3 in CSP requires Windows 10 Pro, version 1607 or later.
->* Automatic, non-KMS activation requires Windows 10, version 1803 or later, on a device with a firmware-embedded activation key.
->* Windows 10 Enterprise Subscription Activation requires Windows 10 Enterprise per user licensing; it does not work on per device based licensing.
+> [!NOTE]
+> * Windows 10/11 Enterprise Subscription Activation (EA or MPSA) requires Windows 10 Pro, version 1703 or later. Windows 11 is considered "later" in this context.
+> * Windows 10/11 Enterprise E3 in CSP requires Windows 10 Pro, version 1607 or later.
+> * Automatic, non-KMS activation requires Windows 10, version 1803 or later, on a device with a firmware-embedded activation key.
+> * Windows 10/11 Enterprise Subscription Activation requires Windows 10/11 Enterprise per user licensing; it does not work on per device based licensing.
 
->[!IMPORTANT]
->An issue has been identified where devices can lose activation status or be blocked from upgrading to Windows Enterprise if the device is not able to connect to Windows Update. A workaround is to ensure that devices do not have the REG_DWORD present HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DoNotConnectToWindowsUpdateInternetLocations and set to 1.  If this REG_DWORD is present, it must be set to 0.
+> [!IMPORTANT]
+> An issue has been identified where devices can lose activation status or be blocked from upgrading to Windows Enterprise if the device is not able to connect to Windows Update. A workaround is to ensure that devices do not have the REG_DWORD present HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DoNotConnectToWindowsUpdateInternetLocations and set to 1.  If this REG_DWORD is present, it must be set to 0.
 > 
 >Also ensure that the Group Policy setting: Computer Configuration > Administrative Templates > Windows Components > Windows Update > "Do not connect to any Windows Update Internet locations" is set to "Disabled".
 
@@ -50,24 +50,17 @@ If you are an EA customer with an existing Office 365 tenant, use the following
    - **AAA-51069** - Win10UsrOLSActv Alng MonthlySub Addon E3
    - **AAA-51068** - Win10UsrOLSActv Alng MonthlySub Addon E5
    
-1. After placing an order, the OLS admin on the agreement will receive a service activation email, indicating their subscription licenses have been provisioned on the tenant.
-
-1. The admin can now assign subscription licenses to users.
+2. After placing an order, the OLS admin on the agreement will receive a service activation email, indicating their subscription licenses have been provisioned on the tenant.
+3. The admin can now assign subscription licenses to users.
 
 Use the following process if you need to update contact information and retrigger activation in order to resend the activation email:
 
 1. Sign in to the [Microsoft Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx).
-
 2. Click **Subscriptions**.
-
 3. Click **Online Services Agreement List**.
-
 4. Enter your agreement number, and then click **Search**.
-
 5. Click the **Service Name**.
-
 6. In the **Subscription Contact** section, click the name listed under **Last Name**.
-
 7. Update the contact information, then click **Update Contact Details**. This will trigger a new email.
 
 Also in this article:
@@ -76,9 +69,9 @@ Also in this article:
 
 ## Active Directory synchronization with Azure AD
 
-You probably have on-premises Active Directory Domain Services (AD DS) domains. Users will use their domain-based credentials to sign in to the AD DS domain. Before you start deploying Windows 10 Enterprise E3 or E5 licenses to users, you need to synchronize the identities in the on-premises ADDS domain with Azure AD.
+You probably have on-premises Active Directory Domain Services (AD DS) domains. Users will use their domain-based credentials to sign in to the AD DS domain. Before you start deploying Windows 10/11 Enterprise E3 or E5 licenses to users, you need to synchronize the identities in the on-premises ADDS domain with Azure AD.
 
-You might ask why you need to synchronize these identities. The answer is so that users will have a *single identity* that they can use to access their on-premises apps and cloud services that use Azure AD (such as Windows 10 Enterprise E3 or E5). This means that users can use their existing credentials to sign in to Azure AD and access the cloud services that you provide and manage for them.
+You might ask why you need to synchronize these identities. The answer is so that users will have a *single identity* that they can use to access their on-premises apps and cloud services that use Azure AD (such as Windows 10/11 Enterprise E3 or E5). This means that users can use their existing credentials to sign in to Azure AD and access the cloud services that you provide and manage for them.
 
 **Figure 1** illustrates the integration between the on-premises AD DS domain with Azure AD. [Microsoft Azure Active Directory Connect](https://www.microsoft.com/download/details.aspx?id=47594) (Azure AD Connect) is responsible for synchronization of identities between the on-premises AD DS domain and Azure AD. Azure AD Connect is a service that you can install on-premises or in a virtual machine in Azure.
 
@@ -91,16 +84,16 @@ For more information about integrating on-premises AD DS domains with Azure AD,
 -   [Integrating your on-premises identities with Azure Active Directory](/azure/active-directory/hybrid/whatis-hybrid-identity)
 -   [Azure AD + Domain Join + Windows 10](https://blogs.technet.microsoft.com/enterprisemobility/2016/02/17/azure-ad-domain-join-windows-10/)
 
->[!NOTE]
->If you are implementing Azure AD, and you already have an on-premises domain, you don't need to integrate with Azure AD, since your main authentication method is your internal AD. If you want to manage all your infrastructure in the cloud, you can safely configure your domain controller remotely to integrate your computers with Azure AD, but you won't be able to apply fine controls using GPO. Azure AD is best suited for the global administration of devices when you don't have any on-premises servers.
+> [!NOTE]
+> If you are implementing Azure AD, and you already have an on-premises domain, you don't need to integrate with Azure AD, since your main authentication method is your internal AD. If you want to manage all your infrastructure in the cloud, you can safely configure your domain controller remotely to integrate your computers with Azure AD, but you won't be able to apply fine controls using GPO. Azure AD is best suited for the global administration of devices when you don't have any on-premises servers.
 
 ## Preparing for deployment: reviewing requirements
 
-Devices must be running Windows 10 Pro, version 1703, and be Azure Active Directory joined, or hybrid domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. For more information, see [Review requirements on devices](#review-requirements-on-devices), later in this topic.
+Devices must be running Windows 10 Pro, version 1703, or later and be Azure Active Directory joined, or hybrid domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. For more information, see [Review requirements on devices](#review-requirements-on-devices), later in this topic.
 
 ## Assigning licenses to users
 
-Upon acquisition of Windows 10 subscription has been completed (Windows 10 Business, E3 or E5), customers will receive an email that will provide guidance on how to use Windows as an online service:
+Upon acquisition of Windows 10/11 subscription has been completed (Windows 10 Business, E3 or E5), customers will receive an email that will provide guidance on how to use Windows as an online service:
 
 > [!div class="mx-imgBorder"]
 > ![profile.](images/al01.png)
@@ -121,11 +114,11 @@ The following methods are available to assign licenses:
 
 ## Explore the upgrade experience
 
-Now that your subscription has been established and Windows 10 Enterprise E3 or E5 licenses have been assigned to users, the users are ready to upgrade their devices running Windows 10 Pro, (version 1703 or later) to Windows 10 Enterprise. What will the users experience? How will they upgrade their devices?
+Now that your subscription has been established and Windows 10 Enterprise E3 or E5 licenses have been assigned to users, the users are ready to upgrade their devices running Windows 10 Pro, (version 1703 or later) to Windows 10/11 Enterprise. What will the users experience? How will they upgrade their devices?
 
 ### Step 1: Join Windows 10 Pro devices to Azure AD
 
-Users can join a Windows 10 Pro device to Azure AD the first time they start the device (during setup), or they can join a device that they already use running Windows 10 Pro, version 1703.
+Users can join a Windows 10/11 Pro device to Azure AD the first time they start the device (during setup), or they can join a device that they already use running Windows 10 Pro, version 1703 or later.
 
 **To join a device to Azure AD the first time the device is started**
 
@@ -176,16 +169,15 @@ Now the device is Azure AD–joined to the company's subscription.
 
 ### Step 2: Pro edition activation
 
->[!IMPORTANT]
->If your device is running Windows 10, version 1803 or later, this step is not needed. From Windows 10, version 1803, the device will automatically activate Windows 10 Enterprise using the firmware-embedded activation key.
->If the device is running Windows 10, version 1703 or 1709, then Windows 10 Pro must be successfully activated in **Settings &gt; Update & Security &gt; Activation**, as illustrated in **Figure 7a**.
+> [!IMPORTANT]
+> If your device is running Windows 10, version 1803 or later, this step is not needed. From Windows 10, version 1803, the device will automatically activate Windows 10 Enterprise using the firmware-embedded activation key.
+> If the device is running Windows 10, version 1703 or 1709, then Windows 10 Pro must be successfully activated in **Settings &gt; Update & Security &gt; Activation**, as illustrated in **Figure 7a**.
 
 <br/><span id="win-10-pro-activated"/>
 <img src="images/sa-pro-activation.png" alt="Windows 10 Pro activated" width="710" height="440" />
 <br><strong>Figure 7a - Windows 10 Pro activation in Settings</strong> 
 
-Windows 10 Pro activation is required before Enterprise E3 or E5 can be enabled (Windows 10, versions 1703 and 1709 only).
-
+Windows 10/11 Pro activation is required before Enterprise E3 or E5 can be enabled (Windows 10, versions 1703 and 1709 only).
 
 ### Step 3: Sign in using Azure AD account
 
@@ -197,35 +189,33 @@ Once the device is joined to your Azure AD subscription, the user will sign in b
 
 ### Step 4: Verify that Enterprise edition is enabled
 
-You can verify the Windows 10 Enterprise E3 or E5 subscription in **Settings &gt; Update & Security &gt; Activation**, as illustrated in **Figure 9**.
+You can verify the Windows 10/11 Enterprise E3 or E5 subscription in **Settings &gt; Update & Security &gt; Activation**, as illustrated in **Figure 9**.
 
 <br/><span id="win-10-activated-subscription-active"/>
 <img src="images/enterprise-e3-win-10-activated-enterprise-subscription-active.png" alt="Windows 10 activated and subscription active" width="624" height="407" />
 
 **Figure 9 - Windows 10 Enterprise subscription in Settings** 
 
+If there are any problems with the Windows 10/11 Enterprise E3 or E5 license or the activation of the license, the **Activation** panel will display the appropriate error message or status. You can use this information to help you diagnose the licensing and activation process.
 
-If there are any problems with the Windows 10 Enterprise E3 or E5 license or the activation of the license, the **Activation** panel will display the appropriate error message or status. You can use this information to help you diagnose the licensing and activation process.
-
->[!NOTE]
->If you use slmgr /dli or /dlv commands to retrieve the activation information for the Windows 10 E3 or E5 license, the license information displayed will be the following:
->Name: Windows(R), Professional edition
->Description: Windows(R) Operating System, RETAIL channel
->Partial Product Key: 3V66T
+> [!NOTE]
+> If you use slmgr /dli or /dlv commands to retrieve the activation information for the Windows 10 E3 or E5 license, the license information displayed will be the following:
+> Name: Windows(R), Professional edition
+> Description: Windows(R) Operating System, RETAIL channel
+> Partial Product Key: 3V66T
 
 ## Virtual Desktop Access (VDA)
 
-Subscriptions to Windows 10 Enterprise are also available for virtualized clients. Windows 10 Enterprise E3 and E5 are available for Virtual Desktop Access (VDA) in Windows Azure or in another [qualified multitenant hoster](https://aka.ms/qmth).
+Subscriptions to Windows 10/11 Enterprise are also available for virtualized clients. Windows 10/11 Enterprise E3 and E5 are available for Virtual Desktop Access (VDA) in Windows Azure or in another [qualified multitenant hoster](https://aka.ms/qmth).
 
 Virtual machines (VMs) must be configured to enable Windows 10 Enterprise subscriptions for VDA. Active Directory-joined and Azure Active Directory-joined clients are supported. See [Enable VDA for Enterprise Subscription Activation](vda-subscription-activation.md).
 
 ## Troubleshoot the user experience
 
-In some instances, users may experience problems with the Windows 10 Enterprise E3 or E5 subscription. The most common problems that users may experience are as follows:
+In some instances, users may experience problems with the Windows 10/11 Enterprise E3 or E5 subscription. The most common problems that users may experience are as follows:
 
 - The existing Windows 10 Pro, version 1703 or 1709 operating system is not activated. This problem does not apply to Windows 10, version 1803 or later.
-
-- The Windows 10 Enterprise E3 or E5 subscription has lapsed or has been removed.
+- The Windows 10/11 Enterprise E3 or E5 subscription has lapsed or has been removed.
 
 Use the following figures to help you troubleshoot when users experience these common problems:
 
diff --git a/windows/deployment/vda-subscription-activation.md b/windows/deployment/vda-subscription-activation.md
index 25ae02c985..c7c43f8741 100644
--- a/windows/deployment/vda-subscription-activation.md
+++ b/windows/deployment/vda-subscription-activation.md
@@ -20,7 +20,7 @@ ms.collection: M365-modern-desktop
 
 # Configure VDA for Windows 10 Subscription Activation
 
-This document describes how to configure virtual machines (VMs) to enable [Windows 10 Subscription Activation](windows-10-subscription-activation.md) in a Windows Virtual Desktop Access (VDA) scenario. Windows VDA is a device or user-based licensing mechanism for managing access to virtual desktops.
+This document describes how to configure virtual machines (VMs) to enable [Windows 10/11 Subscription Activation](windows-10-subscription-activation.md) in a Windows Virtual Desktop Access (VDA) scenario. Windows VDA is a device or user-based licensing mechanism for managing access to virtual desktops.
 
 Deployment instructions are provided for the following scenarios:
 1. [Active Directory-joined VMs](#active-directory-joined-vms)
@@ -29,7 +29,7 @@ Deployment instructions are provided for the following scenarios:
 
 ## Requirements
 
-- VMs must be running Windows 10 Pro, version 1703 (also known as the Creator's Update) or later.
+- VMs must be running Windows 10 Pro, version 1703 (also known as the Creator's Update) or later. 
 - VMs must be Active Directory-joined or Azure Active Directory (AAD)-joined.
 - VMs must be generation 1.
 - VMs must be hosted by a [Qualified Multitenant Hoster](https://www.microsoft.com/en-us/CloudandHosting/licensing_sca.aspx) (QMTH).

From 47467de7ff79e6e291e90e74a3783b3c73cb66fd Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Tue, 28 Sep 2021 15:31:56 -0400
Subject: [PATCH 633/671] Updating applies to

---
 .../add-apps-and-features.md                  |  7 ++---
 .../app-v/appv-auto-batch-sequencing.md       |  9 ++++---
 .../app-v/appv-auto-batch-updating.md         |  9 ++++---
 .../app-v/appv-auto-provision-a-vm.md         | 13 +++++----
 .../appv-client-configuration-settings.md     |  9 ++++---
 .../appv-create-a-package-accelerator.md      |  7 +++--
 ...application-package-package-accelerator.md |  7 +++--
 .../appv-create-and-use-a-project-template.md |  9 ++++---
 ...g-and-managing-virtualized-applications.md |  9 ++++---
 .../app-v/appv-deploy-the-appv-server.md      |  6 ++---
 .../app-v/appv-deploying-appv.md              |  9 ++++---
 ...eploying-microsoft-office-2010-wth-appv.md |  9 ++++---
 ...ploying-microsoft-office-2013-with-appv.md | 11 +++++---
 ...ploying-microsoft-office-2016-with-appv.md | 15 ++++++-----
 ...deploying-the-appv-sequencer-and-client.md |  9 ++++---
 .../app-v/appv-deploying-the-appv-server.md   | 10 +++----
 .../app-v/appv-deployment-checklist.md        |  7 +++--
 .../appv-enable-the-app-v-desktop-client.md   | 11 +++++---
 .../app-v/appv-evaluating-appv.md             | 10 ++++---
 .../app-v/appv-for-windows.md                 |  9 ++++---
 .../app-v/appv-getting-started.md             | 27 ++++++++++---------
 .../app-v/appv-high-level-architecture.md     |  7 +++--
 .../app-v/appv-install-the-sequencer.md       |  9 ++++---
 ...an-existing-virtual-application-package.md |  8 +++---
 .../app-v/appv-operations.md                  |  7 +++--
 .../app-v/appv-planning-checklist.md          |  9 ++++---
 ...v-planning-folder-redirection-with-appv.md |  7 +++--
 .../app-v/appv-planning-for-appv.md           |  7 +++--
 ...lanning-for-high-availability-with-appv.md |  5 +++-
 ...ing-for-sequencer-and-client-deployment.md |  9 ++++---
 ...ppv-planning-for-using-appv-with-office.md |  9 ++++---
 ...ctronic-software-distribution-solutions.md |  7 +++--
 .../app-v/appv-planning-to-deploy-appv.md     | 11 +++++---
 .../app-v/appv-preparing-your-environment.md  |  7 +++--
 .../app-v/appv-prerequisites.md               | 14 ++++++----
 .../app-v/appv-security-considerations.md     |  7 +++--
 .../app-v/appv-sequence-a-new-application.md  |  9 ++++---
 .../app-v/appv-supported-configurations.md    | 18 +++++++++----
 .../apps-in-windows-10.md                     | 11 ++++----
 .../provisioned-apps-windows-client-os.md     |  9 ++++---
 .../sideload-apps-in-windows-10.md            | 16 +++++------
 .../system-apps-windows-client-os.md          |  9 ++++---
 42 files changed, 260 insertions(+), 147 deletions(-)

diff --git a/windows/application-management/add-apps-and-features.md b/windows/application-management/add-apps-and-features.md
index 30c4423927..557504605e 100644
--- a/windows/application-management/add-apps-and-features.md
+++ b/windows/application-management/add-apps-and-features.md
@@ -16,9 +16,10 @@ ms.topic: article
 
 # Add or hide features on the Windows client OS
 
-> Applies to:
-> 
-> - Windows 10
+**Applies to**:
+
+- Windows 10
+- Windows 11
 
 The Windows client operating systems include more features that you and your users can install. These features are called [Features on Demand](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities) (opens another Microsoft web site), and can be installed at any time. On your organization-owned devices, you may want to control access to these other features.
 
diff --git a/windows/application-management/app-v/appv-auto-batch-sequencing.md b/windows/application-management/app-v/appv-auto-batch-sequencing.md
index fe2fe8690a..bed697e971 100644
--- a/windows/application-management/app-v/appv-auto-batch-sequencing.md
+++ b/windows/application-management/app-v/appv-auto-batch-sequencing.md
@@ -1,5 +1,5 @@
 ---
-title: Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer) (Windows 10)
+title: Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer) (Windows 10/11)
 description: How to automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer).
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,11 +14,14 @@ ms.topic: article
 ---
 # Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)
 
->Applies to: Windows 10, version 1703
+**Applies to**:
+
+- Windows 10
+- Windows 11
 
 Sequencing multiple apps at the same time requires you to install and start Microsoft Application Virtualization Sequencer (App-V Sequencer), and to install the necessary apps to collect any changes made to the operating system during the installation and building of the App-V package.
 
-In Windows 10, version 1703, running the App-V Sequencer automatically captures and stores your customizations as an App-V project template (.appvt) file. If you want to make changes to this package later, your customizations will be automatically loaded from this template file. This is applicable to all of the sequencing scenarios:
+Starting with Windows 10 version 1703, running the App-V Sequencer automatically captures and stores your customizations as an App-V project template (.appvt) file. If you want to make changes to this package later, your customizations will be automatically loaded from this template file. This is applicable to all of the sequencing scenarios:
 
 - Using the **New-BatchAppVSequencerPackages** cmdlet
 - Using the App-V Sequencer interface
diff --git a/windows/application-management/app-v/appv-auto-batch-updating.md b/windows/application-management/app-v/appv-auto-batch-updating.md
index 24651988b3..52349a97ee 100644
--- a/windows/application-management/app-v/appv-auto-batch-updating.md
+++ b/windows/application-management/app-v/appv-auto-batch-updating.md
@@ -1,5 +1,5 @@
 ---
-title: Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer) (Windows 10)
+title: Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer) (Windows 10/11)
 description: How to automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer).
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,11 +14,14 @@ ms.topic: article
 ---
 # Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)
 
->Applies to: Windows 10, version 1703
+**Applies to**:
+
+- Windows 10
+- Windows 11
 
 Updating multiple apps at the same time follows a similar process to the one used for [automatically sequencing multiple apps at the same time](appv-auto-batch-sequencing.md). However, when updating, you'll also have to pass your previously created app package files to the App-V Sequencer cmdlet.
 
-Starting with Windows 10, version 1703, running the New-BatchAppVSequencerPackages cmdlet or the App-V Sequencer interface captures and stores all of your customizations as an App-V project template. If you want to make changes to this package later, your customizations are automatically loaded from this template file.
+Starting with Windows 10 version 1703, running the New-BatchAppVSequencerPackages cmdlet or the App-V Sequencer interface captures and stores all of your customizations as an App-V project template. If you want to make changes to this package later, your customizations are automatically loaded from this template file.
 
 >[!NOTE]
 >If you're trying to sequence multiple apps at the same time, see [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-sequencing.md).
diff --git a/windows/application-management/app-v/appv-auto-provision-a-vm.md b/windows/application-management/app-v/appv-auto-provision-a-vm.md
index 1acb2935e3..2cfba09688 100644
--- a/windows/application-management/app-v/appv-auto-provision-a-vm.md
+++ b/windows/application-management/app-v/appv-auto-provision-a-vm.md
@@ -1,5 +1,5 @@
 ---
-title: Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer) (Windows 10)
+title: Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer) (Windows 10/11)
 description: How to automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer) PowerShell cmdlet or the user interface.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,9 +14,12 @@ ms.topic: article
 ---
 # Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)
 
->Applies to: Windows 10, version 1703
+**Applies to**:
 
-Previous versions of the App-V Sequencer have required you to manually create your sequencing environment. Windows 10, version 1703 introduces two new PowerShell cmdlets, New-AppVSequencerVM and Connect-AppvSequencerVM, which automatically create your sequencing environment for you, including provisioning your virtual machine.
+- Windows 10
+- Windows 11
+
+Previous versions of the App-V Sequencer have required you to manually create your sequencing environment. Starting with Windows 10 version 1703, the `New-AppVSequencerVM` and `Connect-AppvSequencerVM` Windows PowerShell cmdlets are available, which automatically create your sequencing environment for you, including provisioning your virtual machine.
 
 ## Automatic VM provisioning of the sequencing environment
 
@@ -54,7 +57,7 @@ For this process to work, you must have a base operating system available as a V
 
 After you have a VHD file, you must provision your VM for auto-sequencing.
 
-1. On the Host device, install Windows 10, version 1703 and the **Microsoft Application Virtualization (App-V) Auto Sequencer** component from the matching version of the Windows Assessment and Deployment Kit (ADK). For more info on how to install the App-V Sequencer, see [Install the App-V Sequencer](appv-install-the-sequencer.md).
+1. On the Host device, install the Windows client and the **Microsoft Application Virtualization (App-V) Auto Sequencer** component from the matching version of the Windows Assessment and Deployment Kit (ADK). For more info on how to install the App-V Sequencer, see [Install the App-V Sequencer](appv-install-the-sequencer.md).
 2. Make sure that Hyper-V is turned on. For more info about turning on and using Hyper-V, see [Hyper-V on Windows Server 2016](/windows-server/virtualization/hyper-v/Hyper-V-on-Windows-Server).
 3. Open PowerShell as an admin and run the **New-AppVSequencerVM** cmdlet, using the following parameters:
 
@@ -93,7 +96,7 @@ If your apps require custom prerequisites, such as Microsoft SQL Server, we reco
 
 #### Provision an existing VM
 
-1. On the Host device, install Windows 10, version 1703 and the **Microsoft Application Virtualization (App-V) Auto Sequencer** component from the matching version of the Windows Assessment and Deployment Kit (ADK). For more info on how to install the App-V Sequencer, see [Install the App-V Sequencer](appv-install-the-sequencer.md).
+1. On the Host device, install the Windows client and the **Microsoft Application Virtualization (App-V) Auto Sequencer** component from the matching version of the Windows Assessment and Deployment Kit (ADK). For more info on how to install the App-V Sequencer, see [Install the App-V Sequencer](appv-install-the-sequencer.md).
 
 2. Open PowerShell as an admin and run the **Connect-AppvSequencerVM** cmdlet, using the following parameters:
 
diff --git a/windows/application-management/app-v/appv-client-configuration-settings.md b/windows/application-management/app-v/appv-client-configuration-settings.md
index b0821ae348..c27a0a72b1 100644
--- a/windows/application-management/app-v/appv-client-configuration-settings.md
+++ b/windows/application-management/app-v/appv-client-configuration-settings.md
@@ -1,5 +1,5 @@
 ---
-title: About Client Configuration Settings (Windows 10)
+title: About Client Configuration Settings (Windows 10/11)
 description: Learn about the App-V client configuration settings and how to use Windows PowerShell to modify the client configuration settings.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,10 @@ ms.topic: article
 ---
 # About Client Configuration Settings
 
->Applies to: Windows 10, version 1607
+**Applies to**:
+
+- Windows 10
+- Windows 11
 
 The Microsoft Application Virtualization (App-V) client stores its configuration in the registry. Understanding how the register's format for data works can help you better understand the client, as you can configure many client actions by changing registry entries. This topic lists the App-V client configuration settings and explains their uses. You can use Windows PowerShell to modify the client configuration settings. For more information about using Windows PowerShell and App-V see [Administering App-V by using Windows PowerShell](appv-administering-appv-with-powershell.md).
 
@@ -29,7 +32,7 @@ The following table provides information about App-V client configuration settin
 |------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------|
 |                     Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-PackageInstallationRoot**<br>String                     |                                                                                                                                                                                                                                                                                                                                       Specifies directory where all new applications and updates will be installed.                                                                                                                                                                                                                                                                                                                                       | Policy value not written (same as Not Configured) |
 |                        Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-PackageSourceRoot**<br>String                        |                                                                                                                                                                                                                                                                                                                                                Overrides source location for downloading package content.                                                                                                                                                                                                                                                                                                                                                 | Policy value not written (same as Not Configured) |
-|       Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-AllowHighCostLaunch**<br>True (enabled); False (Disabled state)       |                                                                                                                                                                                                                                                                                                  This setting controls whether virtualized applications are launched on Windows 10 machines connected by a metered network connection (for example, 4G).                                                                                                                                                                                                                                                                                                  |                         0                         |
+|       Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-AllowHighCostLaunch**<br>True (enabled); False (Disabled state)       |                                                                                                                                                                                                                                                                                                  This setting controls whether virtualized applications are launched on Windows client machines connected by a metered network connection (for example, 4G).                                                                                                                                                                                                                                                                                                  |                         0                         |
 |                 Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-ReestablishmentRetries**<br>Integer (0–99)                  |                                                                                                                                                                                                                                                                                                                                                 Specifies the number of times to retry a dropped session.                                                                                                                                                                                                                                                                                                                                                 | Policy value not written (same as Not Configured) |
 |                Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-ReestablishmentInterval**<br>Integer (0–3600)                |                                                                                                                                                                                                                                                                                                                                    Specifies the number of seconds between attempts to reestablish a dropped session.                                                                                                                                                                                                                                                                                                                                     | Policy value not written (same as Not Configured) |
 |                        Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-LocationProvider**<br>String                         |                                                                                                                                                                                                                                                                                                                            Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface.                                                                                                                                                                                                                                                                                                                             | Policy value not written (same as Not Configured) |
diff --git a/windows/application-management/app-v/appv-create-a-package-accelerator.md b/windows/application-management/app-v/appv-create-a-package-accelerator.md
index 19d0617e41..bc872e32f4 100644
--- a/windows/application-management/app-v/appv-create-a-package-accelerator.md
+++ b/windows/application-management/app-v/appv-create-a-package-accelerator.md
@@ -1,5 +1,5 @@
 ---
-title: How to create a package accelerator (Windows 10)
+title: How to create a package accelerator (Windows 10/11)
 description: Learn how to create App-V Package Accelerators to automatically generate new virtual application packages.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,10 @@ ms.topic: article
 ---
 # How to create a package accelerator
 
->Applies to: Windows 10, version 1607
+**Applies to**:
+
+- Windows 10
+- Windows 11
 
 App-V Package Accelerators automatically generate new virtual application packages.
 
diff --git a/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md b/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md
index f091625f1a..0386b3f99e 100644
--- a/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md
+++ b/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md
@@ -1,5 +1,5 @@
 ---
-title: How to create a virtual application package using an App-V Package Accelerator (Windows 10)
+title: How to create a virtual application package using an App-V Package Accelerator (Windows 10/11)
 description: How to create a virtual application package using an App-V Package Accelerator.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,10 @@ ms.topic: article
 ---
 # How to create a virtual application package using an App-V Package Accelerator
 
->Applies to: Windows 10, version 1607
+**Applies to**:
+
+- Windows 10
+- Windows 11
 
 Use the following procedure to create a virtual application package with the App-V Package Accelerator.
 
diff --git a/windows/application-management/app-v/appv-create-and-use-a-project-template.md b/windows/application-management/app-v/appv-create-and-use-a-project-template.md
index 4927af50b8..29401f6f29 100644
--- a/windows/application-management/app-v/appv-create-and-use-a-project-template.md
+++ b/windows/application-management/app-v/appv-create-and-use-a-project-template.md
@@ -1,5 +1,5 @@
 ---
-title: Create and apply an App-V project template to a sequenced App-V package (Windows 10)
+title: Create and apply an App-V project template to a sequenced App-V package (Windows 10/11)
 description: Steps for how to create and apply an App-V project template (.appvt) to a sequenced App-V package.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,12 +14,15 @@ ms.topic: article
 ---
 # Create and apply an App-V project template to a sequenced App-V package
 
->Applies to: Windows 10, version 1607
+**Applies to**:
+
+- Windows 10
+- Windows 11
 
 You can use an App-V Project Template (.appvt) file to save commonly applied settings associated with an existing virtual application package. You can then apply these settings whenever you create new virtual application packages in your environment, streamlining the package creation process. App-V Project Templates differ from App-V Package Accelerators because App-V Package Accelerators are application-specific, while App-V Project Templates can be applied to multiple applications. To learn more about package accelerators, see [How to create a package accelerator](appv-create-a-package-accelerator.md).
 
 >[!IMPORTANT]
->In Windows 10, version 1703, running the **New-AppvSequencerPackage** or the **Update-AppvSequencerPackage** cmdlets will automatically capture and store your customizations as an App-V Project Template. If you want to make changes to this package later, you can automatically load your customizations from this template file. If you have an auto-saved template and you attempt to load another template through the *TemplateFilePath* parameter, the customization value from the parameter will override the auto-saved template.
+>Starting with Windows 10 version 1703, running the **New-AppvSequencerPackage** or the **Update-AppvSequencerPackage** cmdlets will automatically capture and store your customizations as an App-V Project Template. If you want to make changes to this package later, you can automatically load your customizations from this template file. If you have an auto-saved template and you attempt to load another template through the *TemplateFilePath* parameter, the customization value from the parameter will override the auto-saved template.
 
 ## Create a project template
 
diff --git a/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md b/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
index 0d5400a65a..76e0a87b14 100644
--- a/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
+++ b/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
@@ -1,5 +1,5 @@
 ---
-title: Creating and managing App-V virtualized applications (Windows 10)
+title: Creating and managing App-V virtualized applications (Windows 10/11)
 description: Create and manage App-V virtualized applications to monitor and record the installation process for an application to be run as a virtualized application.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,10 @@ ms.topic: article
 ---
 # Creating and managing App-V virtualized applications
 
->Applies to: Windows 10, version 1607
+**Applies to**:
+
+- Windows 10
+- Windows 11
 
 After you have properly deployed the Microsoft Application Virtualization (App-V) sequencer, you can use it to monitor and record the installation and setup process for an application to be run as a virtualized application.
 
@@ -119,7 +122,7 @@ A template can specify and store multiple settings as follows:
 - **General Options**. Enables the use of **Windows Installer**, **Append Package Version to Filename**.
 - **Exclusion Items.** Contains the Exclusion pattern list.
 
-In Windows 10, version 1703, running the **new-appvsequencerpackage** or **update-appvsequencepackage** cmdlets automatically captures and stores all of your customizations as an App-V project template. If you want to make changes to this package later, your customizations are automatically loaded from this template file.
+Starting with Windows 10 version 1703, running the **new-appvsequencerpackage** or **update-appvsequencepackage** cmdlets automatically captures and stores all of your customizations as an App-V project template. If you want to make changes to this package later, your customizations are automatically loaded from this template file.
 
 >[!IMPORTANT]
 >If you attempt to load another template through the *_TemplateFilePath_* parameter while already having an auto-saved template, the customization value from the parameter will override the auto-saved template.
diff --git a/windows/application-management/app-v/appv-deploy-the-appv-server.md b/windows/application-management/app-v/appv-deploy-the-appv-server.md
index e8fa0ac8b9..a29b019396 100644
--- a/windows/application-management/app-v/appv-deploy-the-appv-server.md
+++ b/windows/application-management/app-v/appv-deploy-the-appv-server.md
@@ -1,6 +1,6 @@
 ---
-title: How to Deploy the App-V Server (Windows 10)
-description: Use these instructions to deploy the Application Virtualization (App-V) Server in App-V for Windows 10.
+title: How to Deploy the App-V Server (Windows 10/11)
+description: Use these instructions to deploy the Application Virtualization (App-V) Server in App-V for Windows 10/11.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@@ -32,7 +32,7 @@ ms.topic: article
 1. Download the App-V server components. All five App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package, which can be downloaded from either of the following locations:
 
     * The [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/subscriptions/downloads/default.aspx#FileId=65215). You must have a MSDN subscription to download the MDOP ISO package from this site.
-    * The [Volume Licensing Service Center](https://www.microsoft.com/licensing/default.aspx) if you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/WindowsForBusiness/windows-product-home).
+    * The [Volume Licensing Service Center](https://www.microsoft.com/licensing/default.aspx) if you're using [Windows client for Enterprise or Education](https://www.microsoft.com/WindowsForBusiness/windows-product-home).
 
 2. Copy the App-V server installation files to the computer on which you want to install it.
 
diff --git a/windows/application-management/app-v/appv-deploying-appv.md b/windows/application-management/app-v/appv-deploying-appv.md
index 04cd90525d..10fee7b05b 100644
--- a/windows/application-management/app-v/appv-deploying-appv.md
+++ b/windows/application-management/app-v/appv-deploying-appv.md
@@ -1,5 +1,5 @@
 ---
-title: Deploying App-V (Windows 10)
+title: Deploying App-V (Windows 10/11)
 description: App-V supports several different deployment options. Learn how to complete App-V deployment at different stages in your App-V deployment.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -12,9 +12,12 @@ manager: dansimp
 ms.author: greglin
 ms.topic: article
 ---
-# Deploying App-V for Windows 10
+# Deploying App-V for Windows client
 
->Applies to: Windows 10, version 1607
+**Applies to**:
+
+- Windows 10
+- Windows 11
 
 App-V supports several different deployment options. Review this topic for information about the tasks that you must complete at different stages in your deployment.
 
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
index 7a38ac29e7..f4ac45ec12 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
@@ -1,5 +1,5 @@
 ---
-title: Deploying Microsoft Office 2010 by Using App-V (Windows 10)
+title: Deploying Microsoft Office 2010 by Using App-V (Windows 10/11)
 description: Create Office 2010 packages for Microsoft Application Virtualization (App-V) using the App-V Sequencer or the App-V Package Accelerator.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,10 @@ ms.topic: article
 ---
 # Deploying Microsoft Office 2010 by Using App-V
 
->Applies to: Windows 10, version 1607
+**Applies to**:
+
+- Windows 10
+- Windows 11
 
 You can create Office 2010 packages for Microsoft Application Virtualization (App-V) using one of the following methods:
 
@@ -37,7 +40,7 @@ Sequencing Office 2010 is one of the main methods for creating an Office 2010 pa
 
 ## Creating Office 2010 App-V packages using package accelerators
 
-Office 2010 App-V packages can be created through package accelerators. Microsoft has provided package accelerators for creating Office 2010 on Windows 10, Windows 8, and Windows 7. The following pages will show you which package accelerator is best for creating Office 2010 App-V packages on your version of Windows:
+Office 2010 App-V packages can be created through package accelerators. Microsoft has provided package accelerators for creating Office 2010 on Windows 10/11, Windows 8, and Windows 7. The following pages will show you which package accelerator is best for creating Office 2010 App-V packages on your version of Windows:
 
 * [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 8](https://gallery.technet.microsoft.com/App-V-50-Package-a29410db)
 * [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 7](https://gallery.technet.microsoft.com/App-V-50-Package-e7ef536b)
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
index 778f467100..c986e312c3 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
@@ -1,5 +1,5 @@
 ---
-title: Deploying Microsoft Office 2013 by Using App-V (Windows 10)
+title: Deploying Microsoft Office 2013 by Using App-V (Windows 10/11)
 description: Use Application Virtualization (App-V) to deliver Microsoft Office 2013 as a virtualized application to computers in your organization.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,10 @@ ms.topic: article
 ---
 # Deploying Microsoft Office 2013 by Using App-V
 
->Applies to: Windows 10, version 1607
+**Applies to**:
+
+- Windows 10
+- Windows 11
 
 Use the information in this article to use Application Virtualization (App-V) to deliver Microsoft Office 2013 as a virtualized application to computers in your organization. For information about using App-V to deliver Office 2010, see [Deploying Microsoft Office 2010 by Using App-V](appv-deploying-microsoft-office-2010-wth-appv.md). To successfully deploy Office 2013 with App-V, you need to be familiar with Office 2013 and App-V.
 
@@ -73,7 +76,7 @@ Before you start, make sure that the computer on which you are installing the Of
 
 You create Office 2013 App-V packages with the Office Deployment Tool. The following instructions explain how to create an Office 2013 App-V package with Volume Licensing or Subscription Licensing.
 
-Create Office 2013 App-V packages on 64-bit Windows computers. Once created, the Office 2013 App-V package will run on 32-bit and 64-bit Windows 7, Windows 8.1, and Windows 10 computers.
+Create Office 2013 App-V packages on 64-bit Windows computers. Once created, the Office 2013 App-V package will run on 32-bit and 64-bit Windows 7, Windows 8.1, and Windows 10/11 computers.
 
 ### Download the Office Deployment Tool
 
@@ -148,7 +151,7 @@ After you download the Office 2013 applications through the Office Deployment To
 
 #### What you'll need to do
 
-* Create the Office 2013 App-V packages on 64-bit Windows computers. However, the package will run on 32-bit and 64-bit Windows 7, Windows 8, and Windows 10 computers.
+* Create the Office 2013 App-V packages on 64-bit Windows computers. However, the package will run on 32-bit and 64-bit Windows 7, Windows 8, and Windows 10/11 computers.
 * Create an Office App-V package for either the Subscription Licensing package or Volume Licensing by using the Office Deployment Tool, then modify the **Customconfig.xml** configuration file.
 
     The following table summarizes the values you need to enter in the **Customconfig.xml** file for the licensing model you’re using. The steps in the sections that follow the table will specify the exact entries you need to make.
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
index 654fa05a45..15a331200f 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
@@ -1,5 +1,5 @@
 ---
-title: Deploying Microsoft Office 2016 by using App-V (Windows 10)
+title: Deploying Microsoft Office 2016 by using App-V (Windows 10/11)
 description: Use Application Virtualization (App-V) to deliver Microsoft Office 2016 as a virtualized application to computers in your organization.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,10 @@ ms.topic: article
 ---
 # Deploying Microsoft Office 2016 by using App-V
 
->Applies to: Windows 10, version 1607
+**Applies to**:
+
+- Windows 10
+- Windows 11
 
 Use the information in this article to use Application Virtualization (App-V) to deliver Microsoft Office 2016 as a virtualized application to computers in your organization. For information about using App-V to deliver Office 2013, see [Deploying Microsoft Office 2013 by using App-V](appv-deploying-microsoft-office-2013-with-appv.md). For information about using App-V to deliver Office 2010, see [Deploying Microsoft Office 2010 by using App-V](appv-deploying-microsoft-office-2010-wth-appv.md).
 
@@ -64,7 +67,7 @@ The computer on which you are installing the Office Deployment Tool must have th
 | Prerequisite     | Description    |
 |----------------------|--------------------|
 | Prerequisite software    | .Net Framework 4    |
-| Supported operating systems | 64-bit version of Windows 10<br>64-bit version of Windows 8 or 8.1<br>64-bit version of Windows 7 |
+| Supported operating systems | 64-bit version of Windows 10/11<br>64-bit version of Windows 8 or 8.1<br>64-bit version of Windows 7 |
 
 >[!NOTE]
 >In this topic, the term “Office 2016 App-V package” refers to subscription licensing.
@@ -73,7 +76,7 @@ The computer on which you are installing the Office Deployment Tool must have th
 
 You create Office 2016 App-V packages by using the Office Deployment Tool. The following instructions explain how to create an Office 2016 App-V package with subscription licensing.
 
-Create Office 2016 App-V packages on 64-bit Windows computers. Once created, the Office 2016 App-V package will run on 32-bit and 64-bit Windows 7, Windows 8.1, and Windows 10 computers.
+Create Office 2016 App-V packages on 64-bit Windows computers. Once created, the Office 2016 App-V package will run on 32-bit and 64-bit Windows 7, Windows 8.1, and Windows 10/11 computers.
 
 ### Download the Office Deployment Tool
 
@@ -146,7 +149,7 @@ After you download the Office 2016 applications through the Office Deployment To
 
 #### What you’ll need to do
 
-* Create the Office 2016 App-V packages on 64-bit Windows computers. However, the package will run on 32-bit and 64-bit Windows 7, Windows 8 or 8.1, and Windows 10 computers.
+* Create the Office 2016 App-V packages on 64-bit Windows computers. However, the package will run on 32-bit and 64-bit Windows 7, Windows 8 or 8.1, and Windows 10/11 computers.
 * Create an Office App-V package for either Subscription Licensing package by using the Office Deployment Tool, and then modify the **Customconfig.xml** configuration file.
 
     The following table summarizes the values you need to enter in the **Customconfig.xml** file. The steps in the sections that follow the table will specify the exact entries you need to make.
@@ -377,7 +380,7 @@ The following table describes the requirements and options for deploying Visio 2
 
 ## Related topics
 
-* [Deploying App-V for Windows 10](appv-deploying-appv.md)
+* [Deploying App-V for Windows client](appv-deploying-appv.md)
 * [Deploying Microsoft Office 2013 by using App-V](appv-deploying-microsoft-office-2013-with-appv.md)
 * [Deploying Microsoft Office 2010 by using App-V](appv-deploying-microsoft-office-2010-wth-appv.md)
 * [Office 2016 Deployment Tool for Click-to-Run](https://www.microsoft.com/download/details.aspx?id=49117)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md b/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
index 9547612b38..484a48bf68 100644
--- a/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
+++ b/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
@@ -1,5 +1,5 @@
 ---
-title: Deploying the App-V Sequencer and configuring the client (Windows 10)
+title: Deploying the App-V Sequencer and configuring the client (Windows 10/11)
 description: Learn how to deploy the App-V Sequencer and configure the client by using the ADMX template and Group Policy.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,10 @@ ms.topic: article
 ---
 # Deploying the App-V Sequencer and configuring the client
 
->Applies to: Windows 10, version 1607
+**Applies to**:
+
+- Windows 10
+- Windows 11
 
 The App-V Sequencer and client let administrators to virtualize and run virtual applications.
 
@@ -23,7 +26,7 @@ The App-V Sequencer and client let administrators to virtualize and run virtual
 The App-V client is the component that runs a virtualized application on a target computer. The client lets users interact with icons and file types, starting virtualized applications. The client can also get the virtual application content from the management server.
 
 >[!NOTE]
->In Windows 10, version 1607, App-V is included with the operating system. You only need to enable it.
+>Starting with Windows 10 version 1607, App-V is included with the operating system. You only need to enable it.
 
 [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md)
 
diff --git a/windows/application-management/app-v/appv-deploying-the-appv-server.md b/windows/application-management/app-v/appv-deploying-the-appv-server.md
index 71d9510a36..5677a2f846 100644
--- a/windows/application-management/app-v/appv-deploying-the-appv-server.md
+++ b/windows/application-management/app-v/appv-deploying-the-appv-server.md
@@ -1,6 +1,6 @@
 ---
-title: Deploying the App-V Server (Windows 10)
-description: Learn how to deploy the Application Virtualization (App-V) Server in App-V for Windows 10 by using different deployment configurations described in this article.
+title: Deploying the App-V Server (Windows 10/11)
+description: Learn how to deploy the Application Virtualization (App-V) Server in App-V for Windows 10/11 by using different deployment configurations described in this article.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@@ -19,9 +19,9 @@ ms.topic: article
 You can install the Application Virtualization (App-V) server components using different deployment configurations, which are described in this topic. Before you install the server features, review the server section of [App-V security considerations](appv-security-considerations.md).
 
 >[!NOTE]
->If you plan to use the App-V server components in your deployment, note that the version number is still listed as App-V 5.x, as the App-V server components have not changed in App-V for Windows 10.
+>If you plan to use the App-V server components in your deployment, note that the version number is still listed as App-V 5.x, as the App-V server components have not changed in App-V for Windows client.
 
-To learn more about deploying App-V for Windows 10, read [What's new in App-V](appv-about-appv.md).
+To learn more about deploying App-V for Windows client, read [What's new in App-V](appv-about-appv.md).
 
 >[!IMPORTANT]
 >Before installing and configuring the App-V servers, you must specify the port or ports where each component will be hosted. You must also add the associated firewall rules to allow incoming requests to access the specified ports, as the installer does not modify firewall settings.
@@ -49,7 +49,7 @@ App-V offers the following five server components, each of which serves a specif
 All five App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package, which can be downloaded from either of the following locations:
 
 * The [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/subscriptions/downloads/default.aspx#FileId=65215). You must have a MSDN subscription to download the MDOP ISO package from this site.
-* The [Volume Licensing Service Center](https://www.microsoft.com/licensing/default.aspx) if you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/WindowsForBusiness/windows-product-home).
+* The [Volume Licensing Service Center](https://www.microsoft.com/licensing/default.aspx) if you're using [Windows client for Enterprise or Education](https://www.microsoft.com/WindowsForBusiness/windows-product-home).
 
 In large organizations, you might want to install more than one instance of the server components to get the following benefits.
 
diff --git a/windows/application-management/app-v/appv-deployment-checklist.md b/windows/application-management/app-v/appv-deployment-checklist.md
index 4183212c31..72d0a6d1d0 100644
--- a/windows/application-management/app-v/appv-deployment-checklist.md
+++ b/windows/application-management/app-v/appv-deployment-checklist.md
@@ -1,5 +1,5 @@
 ---
-title: App-V Deployment Checklist (Windows 10)
+title: App-V Deployment Checklist (Windows 10/11)
 description: Use the App-V deployment checklist to understand the recommended steps and items to consider when deploying App-V features.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,10 @@ ms.topic: article
 ---
 # App-V Deployment Checklist
 
->Applies to: Windows 10, version 1607
+**Applies to**:
+
+- Windows 10
+- Windows 11
 
 This checklist outlines the recommended steps and items to consider when deploying App-V features. Use it to organize your priorities while you deploy App-V. You can copy this checklist into a spreadsheet program and customize it for your use.
 
diff --git a/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md b/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md
index 7aa623a0a3..69000c221c 100644
--- a/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md
+++ b/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md
@@ -1,6 +1,6 @@
 ---
-title: Enable the App-V in-box client (Windows 10)
-description: Learn how to enable the Microsoft Application Virtualization (App-V) in-box client installed with Windows 10.
+title: Enable the App-V in-box client (Windows 10/11)
+description: Learn how to enable the Microsoft Application Virtualization (App-V) in-box client installed with Windows 10/11.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@@ -14,11 +14,14 @@ ms.topic: article
 ---
 # Enable the App-V in-box client
 
->Applies to: Windows 10, version 1607
+**Applies to**:
+
+- Windows 10
+- Windows 11
 
 The App-V client is the component that runs virtualized applications on user devices. Once you enable the client, users can interact with icons and file names to start virtualized applications. The client can also get virtual application content from the management server.
 
-With Windows 10, version 1607, the App-V client is installed automatically. However, you'll still need to enable the client yourself to allow user devices to access and run virtual applications. You can set up the client with the Group Policy editor or with Windows PowerShell.
+Starting with Windows 10 version 1607, the App-V client is installed automatically. However, you'll still need to enable the client yourself to allow user devices to access and run virtual applications. You can set up the client with the Group Policy editor or with Windows PowerShell.
 
 Here's how to enable the App-V client with Group Policy:
 
diff --git a/windows/application-management/app-v/appv-evaluating-appv.md b/windows/application-management/app-v/appv-evaluating-appv.md
index 731ea42546..10d3e83e75 100644
--- a/windows/application-management/app-v/appv-evaluating-appv.md
+++ b/windows/application-management/app-v/appv-evaluating-appv.md
@@ -1,6 +1,6 @@
 ---
-title: Evaluating App-V (Windows 10)
-description: Learn how to evaluate App-V for Windows 10 in a lab environment before deploying into a production environment.
+title: Evaluating App-V (Windows 10/11)
+description: Learn how to evaluate App-V for Windows 10/11 in a lab environment before deploying into a production environment.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@@ -15,8 +15,10 @@ ms.author: greglin
 
 # Evaluating App-V
 
-**Applies to**
--   Windows 10, version 1607
+**Applies to**:
+
+- Windows 10
+- Windows 11
 
 > [!NOTE]
 > [!INCLUDE [Application Virtualization will be end of life in April 2026](../includes/app-v-end-life-statement.md)]
diff --git a/windows/application-management/app-v/appv-for-windows.md b/windows/application-management/app-v/appv-for-windows.md
index 51b2a21a10..0cc3adc116 100644
--- a/windows/application-management/app-v/appv-for-windows.md
+++ b/windows/application-management/app-v/appv-for-windows.md
@@ -1,5 +1,5 @@
 ---
-title: Application Virtualization (App-V) (Windows 10)
+title: Application Virtualization (App-V) (Windows 10/11)
 description: See various topics that can help you administer Application Virtualization (App-V) and its components.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -12,9 +12,12 @@ manager: dansimp
 ms.author: greglin
 ms.topic: article
 ---
-# Application Virtualization (App-V) for Windows 10 overview
+# Application Virtualization (App-V) for Windows client overview
 
->Applies to: Windows 10, version 1607
+**Applies to**:
+
+- Windows 10
+- Windows 11
 
 > [!NOTE]
 > [!INCLUDE [Application Virtualization will be end of life in April 2026](../includes/app-v-end-life-statement.md)]
diff --git a/windows/application-management/app-v/appv-getting-started.md b/windows/application-management/app-v/appv-getting-started.md
index fd20851076..3f649a92c9 100644
--- a/windows/application-management/app-v/appv-getting-started.md
+++ b/windows/application-management/app-v/appv-getting-started.md
@@ -1,6 +1,6 @@
 ---
-title: Getting Started with App-V (Windows 10)
-description: Get started with Microsoft Application Virtualization (App-V) for Windows 10. App-V for Windows 10 delivers Win32 applications to users as virtual applications.
+title: Getting Started with App-V (Windows 10/11)
+description: Get started with Microsoft Application Virtualization (App-V) for Windows 10/11. App-V for Windows client devices delivers Win32 applications to users as virtual applications.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@@ -12,35 +12,38 @@ manager: dansimp
 ms.author: greglin
 ms.topic: article
 ---
-# Getting started with App-V for Windows 10
+# Getting started with App-V for Windows client
 
->Applies to: Windows 10, version 1607
+**Applies to**:
+
+- Windows 10
+- Windows 11
 
 > [!NOTE]
 > [!INCLUDE [Application Virtualization will be end of life in April 2026](../includes/app-v-end-life-statement.md)]
 
-Microsoft Application Virtualization (App-V) for Windows 10 delivers Win32 applications to users as virtual applications. Virtual applications are installed on centrally managed servers and delivered to users as a service in real time and on an as-needed basis. Users launch virtual applications from familiar access points and interact with them as if they were installed locally.
+Microsoft Application Virtualization (App-V) for Windows delivers Win32 applications to users as virtual applications. Virtual applications are installed on centrally managed servers and delivered to users as a service in real time and on an as-needed basis. Users launch virtual applications from familiar access points and interact with them as if they were installed locally.
 
-With the release of Windows 10, version 1607, App-V is included with the [Windows 10 for Enterprise edition](https://www.microsoft.com/WindowsForBusiness/windows-for-enterprise). If you're new to Windows 10 and App-V, you’ll need to download, activate, and install server- and client-side components to start delivering virtual applications to users. To learn what you need to know before getting started with App-V, see the [Application Virtualization (App-V) overview](appv-for-windows.md).
+Starting with Windows 10 version 1607, App-V is included with the [Windows 10 for Enterprise edition](https://www.microsoft.com/WindowsForBusiness/windows-for-enterprise). If you're new to Windows client and App-V, you’ll need to download, activate, and install server- and client-side components to start delivering virtual applications to users. To learn what you need to know before getting started with App-V, see the [Application Virtualization (App-V) overview](appv-for-windows.md).
 
-If you’re already using App-V, performing an in-place upgrade to Windows 10 on user devices automatically installs the App-V client and migrates users’ App-V applications and settings. For more information about how to configure an existing App-V installation after upgrading user devices to Windows 10, see [Upgrading to App-V for Windows 10 from an existing installation](appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md).
+If you’re already using App-V, performing an in-place upgrade to Windows 10/11 on user devices automatically installs the App-V client and migrates users’ App-V applications and settings. For more information about how to configure an existing App-V installation after upgrading user devices to Windows 10/11, see [Upgrading to App-V for Windows from an existing installation](appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md).
 
 >[!IMPORTANT]
 >You can upgrade your existing App-V installation to App-V for Windows from App-V versions 5.0 SP2 and higher only. If you are using an earlier version of App-V, you’ll need to upgrade your existing App-V installation to App-V 5.0 SP2 before upgrading to App-V for Windows.
 
 To learn more about previous versions of App-V, see [MDOP information experience](/microsoft-desktop-optimization-pack/index).
 
-## Getting started with App-V for Windows 10 (new installations)
+## Getting started with App-V for Windows (new installations)
 
-To start using App-V to deliver virtual applications to users, you’ll need to download, enable, and install server- and client-side components. The following table describes the App-V for Windows 10 components, what they do, and where to find them.
+To start using App-V to deliver virtual applications to users, you’ll need to download, enable, and install server- and client-side components. The following table describes the App-V for Windows client components, what they do, and where to find them.
 
 <!--App-V Remote Desktop Services (RDS) client once had its own row in the table below, and could have its own row again. As of 7/29/2016, it's in the same row as App-V client --> 
 
 | Component  | What it does     | Where to find it     |
 |------------|--|------|
-| App-V server components | App-V offers five server components that work together to allow you to host and publish virtual applications, generate usage reports, and manage your App-V environment. For more details, see [Deploying the App-V Server](appv-deploying-the-appv-server.md).<br><br>If you're already using App-V 5.x, you don't need to redeploy the App-V server components, as they haven't changed since App-V 5.0's release. | The App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package that can be downloaded from the following locations:<br><br> If you have a Microsoft Developer Network (MSDN) subscription, use the [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/subscriptions/downloads/default.aspx#FileId=65215) to download the MDOP ISO package.<br><br> If you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/WindowsForBusiness/windows-product-home), download it from the [Volume Licensing Service Center](https://www.microsoft.com/licensing/default.aspx).<br><br>See [Deploying the App-V Server](appv-deploying-the-appv-server.md) for more information about installing and using the server components.|
-| App-V client and App-V Remote Desktop Services (RDS) client | The App-V client is the component that runs virtualized applications on user devices, allowing users to interact with icons and file names to start virtualized applications. | The App-V client is automatically installed with Windows 10, version 1607. <br><br>To learn how to enable the client, see [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md).           |
-| App-V sequencer      | Use the App-V sequencer to convert Win32 applications into virtual packages for deployment to user devices. Devices must run the App-V client to allow users to interact with virtual applications.    | Installed with the [Windows Assessment and Deployment kit (ADK) for Windows 10, version 1607](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit).  |
+| App-V server components | App-V offers five server components that work together to allow you to host and publish virtual applications, generate usage reports, and manage your App-V environment. For more details, see [Deploying the App-V Server](appv-deploying-the-appv-server.md).<br><br>If you're already using App-V 5.x, you don't need to redeploy the App-V server components, as they haven't changed since App-V 5.0's release. | The App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package that can be downloaded from the following locations:<br><br> If you have a Microsoft Developer Network (MSDN) subscription, use the [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/subscriptions/downloads/default.aspx#FileId=65215) to download the MDOP ISO package.<br><br> If you're using [Windows client for Enterprise or Education](https://www.microsoft.com/WindowsForBusiness/windows-product-home), download it from the [Volume Licensing Service Center](https://www.microsoft.com/licensing/default.aspx).<br><br>See [Deploying the App-V Server](appv-deploying-the-appv-server.md) for more information about installing and using the server components.|
+| App-V client and App-V Remote Desktop Services (RDS) client | The App-V client is the component that runs virtualized applications on user devices, allowing users to interact with icons and file names to start virtualized applications. | Starting with Windows 10 version 1607, the App-V client is automatically installed. <br><br>To learn how to enable the client, see [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md).           |
+| App-V sequencer      | Use the App-V sequencer to convert Win32 applications into virtual packages for deployment to user devices. Devices must run the App-V client to allow users to interact with virtual applications.    | Installed with the [Windows Assessment and Deployment kit (ADK) for Windows client](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit).  |
 
 For more information about these components, see [High Level Architecture for App-V](appv-high-level-architecture.md).
 
diff --git a/windows/application-management/app-v/appv-high-level-architecture.md b/windows/application-management/app-v/appv-high-level-architecture.md
index 7c11b77a24..fef069e911 100644
--- a/windows/application-management/app-v/appv-high-level-architecture.md
+++ b/windows/application-management/app-v/appv-high-level-architecture.md
@@ -1,5 +1,5 @@
 ---
-title: High-level architecture for App-V (Windows 10)
+title: High-level architecture for App-V (Windows 10/11)
 description: Use the information in this article to simplify your Microsoft Application Virtualization (App-V) deployment.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,10 @@ ms.topic: article
 ---
 # High-level architecture for App-V
 
->Applies to: Windows 10, version 1607
+**Applies to**:
+
+- Windows 10
+- Windows 11
 
 Use the following information to simplify your Microsoft Application Virtualization (App-V) deployment.
 
diff --git a/windows/application-management/app-v/appv-install-the-sequencer.md b/windows/application-management/app-v/appv-install-the-sequencer.md
index 9bde5d0531..633c980c5b 100644
--- a/windows/application-management/app-v/appv-install-the-sequencer.md
+++ b/windows/application-management/app-v/appv-install-the-sequencer.md
@@ -1,5 +1,5 @@
 ---
-title: Install the App-V Sequencer (Windows 10)
+title: Install the App-V Sequencer (Windows 10/11)
 description: Learn how to install the App-V Sequencer to convert Win32 applications into virtual packages for deployment to user devices.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,11 +14,14 @@ ms.topic: article
 ---
 # Install the App-V Sequencer
 
->Applies to: Windows 10, version 1607
+**Applies to**:
+
+- Windows 10
+- Windows 11
 
 Use the App-V Sequencer to convert Win32 applications into virtual packages for deployment to user devices. Those devices must be running the App-V client to allow users to interact with virtual applications.
 
-The App-V Sequencer is included in the Windows 10 Assessment and Deployment Kit (Windows ADK).
+The App-V Sequencer is included in the Windows client Assessment and Deployment Kit (Windows ADK).
 
 >[!NOTE]
 >The computer that will run the sequencer must not have the App-V client enabled. As a best practice, choose a computer with the same hardware and software configurations as the computers that will run the virtual applications. The sequencing process is resource-intensive, so make sure the computer that will run the Sequencer has plenty of memory, a fast processor, and a fast hard drive.
diff --git a/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md b/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
index 0cc6df1e55..6b47cd4840 100644
--- a/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
+++ b/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
@@ -1,5 +1,5 @@
 ---
-title: How to Modify an Existing Virtual Application Package (Windows 10)
+title: How to Modify an Existing Virtual Application Package (Windows 10/11)
 description: Learn how to modify an existing virtual application package and add a new application to an existing virtual application package.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -15,8 +15,10 @@ ms.author: greglin
 
 # How to Modify an Existing Virtual Application Package
 
-**Applies to**
--   Windows 10, version 1607
+**Applies to**:
+
+- Windows 10
+- Windows 11
 
 This topic explains how to:
 
diff --git a/windows/application-management/app-v/appv-operations.md b/windows/application-management/app-v/appv-operations.md
index 91ddd5b656..d098e56921 100644
--- a/windows/application-management/app-v/appv-operations.md
+++ b/windows/application-management/app-v/appv-operations.md
@@ -1,5 +1,5 @@
 ---
-title: Operations for App-V (Windows 10)
+title: Operations for App-V (Windows 10/11)
 description: Learn about the various types of App-V administration and operating tasks that are typically performed by an administrator.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,10 @@ ms.topic: article
 ---
 # Operations for App-V
 
->Applies to: Windows 10, version 1607
+**Applies to**:
+
+- Windows 10
+- Windows 11
 
 This section of the Microsoft Application Virtualization (App-V) Administrator’s Guide includes information about the various types of App-V administration and operating tasks that are typically performed by an administrator. This section also includes step-by-step procedures to help you successfully perform those tasks.
 
diff --git a/windows/application-management/app-v/appv-planning-checklist.md b/windows/application-management/app-v/appv-planning-checklist.md
index 50887ca724..b85b69132e 100644
--- a/windows/application-management/app-v/appv-planning-checklist.md
+++ b/windows/application-management/app-v/appv-planning-checklist.md
@@ -1,11 +1,11 @@
 ---
-title: App-V Planning Checklist (Windows 10)
+title: App-V Planning Checklist (Windows 10/11)
 description: Learn about the recommended steps and items to consider when planning an Application Virtualization (App-V) deployment.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.prod: w10
+ms.prod: w10/11
 ms.date: 04/18/2018
 ms.reviewer: 
 manager: dansimp
@@ -14,7 +14,10 @@ ms.topic: article
 ---
 # App-V Planning Checklist
 
->Applies to: Windows 10, version 1607
+**Applies to**:
+
+- Windows 10/11
+- Windows 11
 
 This checklist can be used to help you plan for preparing your organization for an App-V deployment.
 
diff --git a/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md b/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
index 18032d260a..5a586baefb 100644
--- a/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
+++ b/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
@@ -1,5 +1,5 @@
 ---
-title: Planning to Use Folder Redirection with App-V (Windows 10)
+title: Planning to Use Folder Redirection with App-V (Windows 10/11)
 description: Learn about folder redirection with App-V. Folder redirection enables users and administrators to redirect the path of a folder to a new location.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,10 @@ ms.topic: article
 ---
 # Planning to Use Folder Redirection with App-V
 
->Applies to: Windows 10, version 1607
+**Applies to**:
+
+- Windows 10
+- Windows 11
 
 Microsoft Application Virtualization (App-V) supports the use of folder redirection, a feature that enables users and administrators to redirect the path of a folder to a new location.
 
diff --git a/windows/application-management/app-v/appv-planning-for-appv.md b/windows/application-management/app-v/appv-planning-for-appv.md
index 9f7685040d..6f5c42093c 100644
--- a/windows/application-management/app-v/appv-planning-for-appv.md
+++ b/windows/application-management/app-v/appv-planning-for-appv.md
@@ -1,5 +1,5 @@
 ---
-title: Planning for App-V (Windows 10)
+title: Planning for App-V (Windows 10/11)
 description: Use the information in this article to plan to deploy App-V without disrupting your existing network or user experience.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,10 @@ ms.topic: article
 ---
 # Planning for App-V
 
->Applies to: Windows 10, version 1607
+**Applies to**:
+
+- Windows 10
+- Windows 11
 
 > [!NOTE]
 > [!INCLUDE [Application Virtualization will be end of life in April 2026](../includes/app-v-end-life-statement.md)]
diff --git a/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md b/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
index 4cdce6102f..500b47e979 100644
--- a/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
+++ b/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
@@ -14,7 +14,10 @@ ms.topic: article
 ---
 # Planning for high availability with App-V Server
 
->Applies to: Windows 10, version 1607
+**Applies to**:
+
+- Windows 10
+- Windows 11
 
 Microsoft Application Virtualization (App-V) system configurations can take advantage of options that maintain a high available service level.
 
diff --git a/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md b/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
index f6e0a38b9e..380ec453b7 100644
--- a/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
+++ b/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
@@ -1,5 +1,5 @@
 ---
-title: Planning for the App-V Sequencer and Client Deployment (Windows 10)
+title: Planning for the App-V Sequencer and Client Deployment (Windows 10/11)
 description: Learn what you need to do to plan for the App-V Sequencer and Client deployment, and where to find additional information about the deployment process.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,10 @@ ms.topic: article
 ---
 # Planning for the App-V Sequencer and Client Deployment
 
->Applies to: Windows 10, version 1607
+**Applies to**:
+
+- Windows 10
+- Windows 11
 
 Before you can use App-V, you must install the App-V Sequencer and enable the App-V client. You can also the App-V shared content store, although it isn't required. The following sections will tell you how to set these up.
 
@@ -38,7 +41,7 @@ Ideally, you should install the sequencer on a computer running as a virtual mac
 
 ## Planning for App-V client deployment
 
-In Windows 10, version 1607, the App-V client is included with the operating system. For more information, see [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md).
+Starting with Windows 10 version 1607, the App-V client is included with the operating system. For more information, see [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md).
 
 ## Planning for the App-V Shared Content Store (SCS)
 
diff --git a/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md b/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
index 9db1afb81a..a7779a7e96 100644
--- a/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
+++ b/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
@@ -1,5 +1,5 @@
 ---
-title: Planning for Deploying App-V with Office (Windows 10)
+title: Planning for Deploying App-V with Office (Windows 10/11)
 description: Use the information in this article to plan how to deploy Office within Microsoft Application Virtualization (App-V).
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,10 @@ ms.topic: article
 ---
 # Planning for deploying App-V with Office
 
->Applies to: Windows 10, version 1607
+**Applies to**:
+
+- Windows 10
+- Windows 11
 
 Use the following information to plan how to deploy Office within Microsoft Application Virtualization (App-V).
 
@@ -92,7 +95,7 @@ To bypass the auto-registration operation for native Word 2010, follow these ste
 
    * In Windows 7k, select **Start**, type **regedit** in the Start Search box, then select the Enter key.
 
-   * In Windows 8.1 or Windows 10, enter **regedit**, select **Enter** on the Start page, then select the Enter key.
+   * In Windows client, enter **regedit**, select **Enter** on the Start page, then select the Enter key.
 
      If you're prompted for an administrator password, enter the password. If you're prompted for a confirmation, select **Continue**.
 3. Locate and then select the following registry subkey:
diff --git a/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
index a5ab9870cf..776072fef4 100644
--- a/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
@@ -1,5 +1,5 @@
 ---
-title: Planning to Deploy App-V with an Electronic Software Distribution System (Windows 10)
+title: Planning to Deploy App-V with an Electronic Software Distribution System (Windows 10/11)
 description: Planning to Deploy App-V with an Electronic Software Distribution System
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,10 @@ ms.topic: article
 ---
 # Planning to Deploy App-V with an electronic software distribution system
 
->Applies to: Windows 10, version 1607
+**Applies to**:
+
+- Windows 10
+- Windows 11
 
 If you are using an electronic software distribution (ESD) system to deploy App-V packages, review the following planning considerations. For information about deploying App-V with Microsoft Endpoint Configuration Manager, see [Introduction to application management in Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682125(v=technet.10)#BKMK_Appv).
 
diff --git a/windows/application-management/app-v/appv-planning-to-deploy-appv.md b/windows/application-management/app-v/appv-planning-to-deploy-appv.md
index 0b26e63e8a..0793ec479e 100644
--- a/windows/application-management/app-v/appv-planning-to-deploy-appv.md
+++ b/windows/application-management/app-v/appv-planning-to-deploy-appv.md
@@ -1,5 +1,5 @@
 ---
-title: Planning to Deploy App-V (Windows 10)
+title: Planning to Deploy App-V (Windows 10/11)
 description: Learn about the different deployment configurations and requirements to consider before you deploy App-V for Windows 10.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -12,11 +12,14 @@ manager: dansimp
 ms.author: greglin
 ms.topic: article
 ---
-# Planning to Deploy App-V for Windows 10
+# Planning to Deploy App-V for Windows client
 
->Applies to: Windows 10, version 1607
+**Applies to**:
 
-There are several different deployment configurations and requirements to consider before you deploy App-V for Windows 10. Review this topic for information about what you'll need to make a deployment plan that best meets your needs.
+- Windows 10
+- Windows 11
+
+There are several different deployment configurations and requirements to consider before you deploy App-V for Windows client. Review this topic for information about what you'll need to make a deployment plan that best meets your needs.
 
 ## App-V supported configurations
 
diff --git a/windows/application-management/app-v/appv-preparing-your-environment.md b/windows/application-management/app-v/appv-preparing-your-environment.md
index 9753d170ef..7b441ae569 100644
--- a/windows/application-management/app-v/appv-preparing-your-environment.md
+++ b/windows/application-management/app-v/appv-preparing-your-environment.md
@@ -1,5 +1,5 @@
 ---
-title: Preparing Your Environment for App-V (Windows 10)
+title: Preparing Your Environment for App-V (Windows 10/11)
 description: Use this info to prepare for deployment configurations and prerequisites for Microsoft Application Virtualization (App-V).
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@@ -14,7 +14,10 @@ ms.topic: article
 ---
 # Preparing your environment for App-V
 
->Applies to: Windows 10, version 1607
+**Applies to**:
+
+- Windows 10
+- Windows 11
 
 There are several different deployment configurations and prerequisites that you must consider before creating your deployment plan for Microsoft App-V. The following articles will help you gather the information you need to set up a deployment plan that best suits your business’ needs.
 
diff --git a/windows/application-management/app-v/appv-prerequisites.md b/windows/application-management/app-v/appv-prerequisites.md
index 2cdfd2d90c..fabd6776e3 100644
--- a/windows/application-management/app-v/appv-prerequisites.md
+++ b/windows/application-management/app-v/appv-prerequisites.md
@@ -1,5 +1,5 @@
 ---
-title: App-V Prerequisites (Windows 10)
+title: App-V Prerequisites (Windows 10/11)
 description: Learn about the prerequisites you need before you begin installing Application Virtualization (App-V).
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -12,11 +12,15 @@ manager: dansimp
 ms.author: greglin
 ms.topic: article
 ---
-# App-V for Windows 10 prerequisites
 
->Applies to: Windows 10, version 1607
+# App-V for Windows client prerequisites
 
-Before installing App-V for Windows 10, ensure that you have installed all of the following required prerequisite software.
+**Applies to**:
+
+- Windows 10
+- Windows 11
+
+Before installing App-V for Windows client, ensure that you have installed all of the following required prerequisite software.
 
 For a list of supported operating systems and hardware requirements for the App-V server, sequencer, and client, see [App-V Supported Configurations](appv-supported-configurations.md).
 
@@ -26,7 +30,7 @@ The following table indicates the software that is already installed for differe
 
 |Operating system|Prerequisite description|
 |---|---|
-|Windows 10|All prerequisite software is already installed.|
+|Windows 10/11|All prerequisite software is already installed.|
 |Windows 8.1|All prerequisite software is already installed.<br>If you're running Windows 8, upgrade to Windows 8.1 before using App-V.|
 |Windows Server 2016|The following prerequisite software is already installed:<br>- Microsoft .NET Framework 4.5<br>- Windows PowerShell 3.0<br><br>Installing Windows PowerShell requires a restart.|
 |Windows 7|No prerequisite software is installed. You must install the software before you can install App-V.|
diff --git a/windows/application-management/app-v/appv-security-considerations.md b/windows/application-management/app-v/appv-security-considerations.md
index 02603d57b2..6707151ad2 100644
--- a/windows/application-management/app-v/appv-security-considerations.md
+++ b/windows/application-management/app-v/appv-security-considerations.md
@@ -1,5 +1,5 @@
 ---
-title: App-V Security Considerations (Windows 10)
+title: App-V Security Considerations (Windows 10/11)
 description: Learn about accounts and groups, log files, and other security-related considerations for Microsoft Application Virtualization (App-V).
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,10 @@ ms.topic: article
 ---
 # App-V security considerations
 
->Applies to: Windows 10, version 1607
+**Applies to**:
+
+- Windows 10
+- Windows 11
 
 This topic contains a brief overview of the accounts and groups, log files, and other security-related considerations for Microsoft Application Virtualization (App-V).
 
diff --git a/windows/application-management/app-v/appv-sequence-a-new-application.md b/windows/application-management/app-v/appv-sequence-a-new-application.md
index 0c47bf69b6..84d323ae88 100644
--- a/windows/application-management/app-v/appv-sequence-a-new-application.md
+++ b/windows/application-management/app-v/appv-sequence-a-new-application.md
@@ -1,5 +1,5 @@
 ---
-title: Manually sequence a new app using the Microsoft Application Virtualization Sequencer (App-V Sequencer) (Windows 10)
+title: Manually sequence a new app using the Microsoft Application Virtualization Sequencer (App-V Sequencer) (Windows 10/11)
 description: Learn how to manually sequence a new app by using the App-V Sequencer that's included with the Windows ADK.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,9 +14,12 @@ ms.topic: article
 ---
 # Manually sequence a new app using the Microsoft Application Virtualization Sequencer (App-V Sequencer)
 
->Applies to: Windows 10, version 1607 and later
+**Applies to**:
 
-In Windows 10, version 1607, the App-V Sequencer is included with the Windows ADK. For more info on how to install the App-V Sequencer, see [Install the App-V Sequencer](appv-install-the-sequencer.md).
+- Windows 10
+- Windows 11
+
+Starting with Windows 10 version 1607, the App-V Sequencer is included with the Windows ADK. For more info on how to install the App-V Sequencer, see [Install the App-V Sequencer](appv-install-the-sequencer.md).
 
 ## Before you start sequencing
 
diff --git a/windows/application-management/app-v/appv-supported-configurations.md b/windows/application-management/app-v/appv-supported-configurations.md
index f2d40d15b1..4fe89ecc0c 100644
--- a/windows/application-management/app-v/appv-supported-configurations.md
+++ b/windows/application-management/app-v/appv-supported-configurations.md
@@ -1,6 +1,6 @@
 ---
-title: App-V Supported Configurations (Windows 10)
-description: Learn the requirements to install and run App-V supported configurations in your Windows 10 environment.
+title: App-V Supported Configurations (Windows 10/11)
+description: Learn the requirements to install and run App-V supported configurations in your Windows 10/11 environment.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@@ -14,9 +14,17 @@ ms.topic: article
 ---
 # App-V Supported Configurations
 
->Applies to: Windows 10, version 1607; Window Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 (Extended Security Update)
+**Applies to**:
 
-This topic specifies the requirements to install and run App-V in your Windows 10 environment. For information about prerequisite software such as the .NET Framework, see [App-V prerequisites](appv-prerequisites.md).
+- Windows 10
+- Windows 11
+- Window Server 2019
+- Windows Server 2016
+- Windows Server 2012 R2
+- Windows Server 2012
+- Windows Server 2008 R2 (Extended Security Update)
+
+This topic specifies the requirements to install and run App-V in your Windows client environment. For information about prerequisite software such as the .NET Framework, see [App-V prerequisites](appv-prerequisites.md).
 
 ## App-V Server system requirements
 
@@ -98,7 +106,7 @@ The following table lists the SQL Server versions that are supported for the App
 
 ## App-V client and Remote Desktop Services client requirements
 
-With Windows 10, version 1607 and later releases, the App-V client is included with Windows 10 Enterprise and Windows 10 Education. The App-V client is no longer part of the Microsoft Desktop Optimization Pack. Before you can use the App-V client, it must be enabled, as described in [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md).
+Starting with Windows 10 version 1607, the App-V client is included with Windows Enterprise and Windows Education. The App-V client is no longer part of the Microsoft Desktop Optimization Pack. Before you can use the App-V client, it must be enabled, as described in [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md).
 
 Similarly, the App-V Remote Desktop Services (RDS) client is included with Windows Server 2016 Standard and Windows Server 2016 Datacenter.
 
diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md
index f30e8fa94f..43bc4bec68 100644
--- a/windows/application-management/apps-in-windows-10.md
+++ b/windows/application-management/apps-in-windows-10.md
@@ -1,5 +1,5 @@
 ---
-title: Learn about the different app types in Windows 10 | Microsoft Docs
+title: Learn about the different app types in Windows 10/11 | Microsoft Docs
 ms.reviewer: 
 manager: dougeby
 description: Learn more and understand the different types of apps that run on Windows 10 and Windows 11. For example, learn more about UWP, WPF, Win32, and Windows Forms apps, including the best way to install these apps.
@@ -15,9 +15,10 @@ ms.topic: article
 
 # Overview of apps on Windows client devices
 
-> Applies to:
->
-> - Windows 10
+**Applies to**:
+
+- Windows 10
+- Windows 11
 
 ## Before you begin
 
@@ -76,7 +77,7 @@ When your apps are ready, you can add or deploy these apps to your Windows devic
 
 - **Manually install**: On your devices, users can install apps from the Microsoft Store, from the internet, and from an organization shared drive. These apps, and more, are listed in **Settings** > **Apps** > **Apps and Features**.
 
-  If you want to prevent users from downloading apps on organization owned devices, use an MDM provider, like Microsoft Intune. For example, you can create a policy that allows or prevents users from sideloading apps, only allow the private store, and more. For more information on the features you can restrict, see [Windows 10 (and newer) device settings to allow or restrict features using Intune](/mem/intune/configuration/device-restrictions-windows-10).
+  If you want to prevent users from downloading apps on organization owned devices, use an MDM provider, like Microsoft Intune. For example, you can create a policy that allows or prevents users from sideloading apps, only allow the private store, and more. For more information on the features you can restrict, see [Windows client device settings to allow or restrict features using Intune](/mem/intune/configuration/device-restrictions-windows-10).
 
   For an overview of the different types of device policies you can create, see [Apply features and settings on your devices using device profiles in Microsoft Intune](/mem/intune/configuration/device-profiles).
 
diff --git a/windows/application-management/provisioned-apps-windows-client-os.md b/windows/application-management/provisioned-apps-windows-client-os.md
index 48795d6801..04aa767487 100644
--- a/windows/application-management/provisioned-apps-windows-client-os.md
+++ b/windows/application-management/provisioned-apps-windows-client-os.md
@@ -2,7 +2,7 @@
 title: Get the provisioned apps on Windows client operating system | Microsoft Docs
 ms.reviewer: 
 manager: dougeby
-description: Use the Windows PowerShell Get-AppxProvisionedPackage command to get a list off the provisioned apps installed in Windows OS. See a list of some common provisioned apps installed a Windows Enterprise client computer or device, including Windows 10.
+description: Use the Windows PowerShell Get-AppxProvisionedPackage command to get a list off the provisioned apps installed in Windows OS. See a list of some common provisioned apps installed a Windows Enterprise client computer or device, including Windows 10/11.
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -15,9 +15,10 @@ ms.topic: article
 
 # Provisioned apps installed with the Windows client OS
 
-> Applies to:
->
-> - Windows 10
+**Applies to**:
+
+- Windows 10
+- Windows 11
 
 Provisioned apps are included with the OS, and automatically installed when a user signs into a Windows device the first time. They are per-user apps, and typically installed in the `C:\Program Files\WindowsApps` folder. On your Windows devices, you can use Windows PowerShell to see the provisioned apps automatically installed.
 
diff --git a/windows/application-management/sideload-apps-in-windows-10.md b/windows/application-management/sideload-apps-in-windows-10.md
index 7edd100ef0..645475d40c 100644
--- a/windows/application-management/sideload-apps-in-windows-10.md
+++ b/windows/application-management/sideload-apps-in-windows-10.md
@@ -1,6 +1,6 @@
 ---
 title: Sideload LOB apps in Windows client OS | Microsoft Docs
-description: Learn how to sideload line-of-business (LOB) apps in Windows client operating systems, including Windows 10. When you sideload an app, you deploy a signed app package to a device.
+description: Learn how to sideload line-of-business (LOB) apps in Windows client operating systems, including Windows 10/11. When you sideload an app, you deploy a signed app package to a device.
 ms.assetid: C46B27D0-375B-4F7A-800E-21595CF1D53D
 ms.reviewer: 
 manager: dougeby
@@ -10,15 +10,15 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mobile
 author: greg-lindsay
-ms.date: 08/31/2021
 ms.localizationpriority: medium
 ---
 
 # Sideload line of business (LOB) apps in Windows client devices
 
-> Applies to:
->
-> - Windows 10
+**Applies to**:
+
+- Windows 10
+- Windows 11
 
 > [!NOTE]
 > Starting with Windows 10 2004, sideloading is enabled by default. You can deploy a signed package onto a device without a special configuration.
@@ -56,9 +56,9 @@ Managed devices are typically owned by your organization. They're managed by Gro
 Unmanaged devices are devices that are not managed by your organization. These devices are typically personal devices owned by users. Users can turn on sideloading using the Settings app.
 
 > [!IMPORTANT]
-> To install an app on Windows 10 and later, you can:
+> To install an app on Windows client, you can:
 >
-> - [Install Windows 10 apps from a web page](/windows/msix/app-installer/installing-windows10-apps-web).
+> - [Install Windows apps from a web page](/windows/msix/app-installer/installing-windows10-apps-web).
 > - Users can double-click any `.msix` or `.appx` package.
 
 ### User interface
@@ -98,7 +98,7 @@ This step installs the app certificate to the local device. Installing the certi
 
     -OR-
 
-    You can use a runtime provisioning package to import a security certificate. For information about applying a provisioning package to a Windows 10 device, see runtime instructions on [Create a provisioning package for Windows 10](/windows/configuration/provisioning-packages/provisioning-create-package).
+    You can use a runtime provisioning package to import a security certificate. For information about applying a provisioning package, see runtime instructions on [Create a provisioning package](/windows/configuration/provisioning-packages/provisioning-create-package).
 
 ## Step 3: Install the app
 
diff --git a/windows/application-management/system-apps-windows-client-os.md b/windows/application-management/system-apps-windows-client-os.md
index 6ebea1ded8..d498c17fb4 100644
--- a/windows/application-management/system-apps-windows-client-os.md
+++ b/windows/application-management/system-apps-windows-client-os.md
@@ -2,7 +2,7 @@
 title: Get the system apps on Windows client operating system | Microsoft Docs
 ms.reviewer: 
 manager: dougeby
-description: Use the Windows PowerShell Get-AppxPackage command to get a list off the system apps installed in Windows OS. See a list of some common system apps installed a Windows Enterprise client computer or device, including Windows 10.
+description: Use the Windows PowerShell Get-AppxPackage command to get a list off the system apps installed in Windows OS. See a list of some common system apps installed a Windows Enterprise client computer or device, including Windows 10/11.
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -15,9 +15,10 @@ ms.topic: article
 
 # System apps installed with the Windows client OS
 
-> Applies to:
->
-> - Windows 10
+**Applies to**:
+
+- Windows 10
+- Windows 11
 
 On all Windows devices, the OS automatically installs some apps. These apps are called system apps, and are typically installed in the `C:\Windows\` folder. On your Windows devices, you can use Windows PowerShell to see the system apps automatically installed.
 

From d1ee55fb2680e4f0b12bc6a121cac491df6bbbe3 Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Tue, 28 Sep 2021 12:38:39 -0700
Subject: [PATCH 634/671] update with 11

---
 windows/deployment/windows-10-enterprise-e3-overview.md  | 6 +++++-
 windows/deployment/windows-10-subscription-activation.md | 6 +++---
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/windows/deployment/windows-10-enterprise-e3-overview.md b/windows/deployment/windows-10-enterprise-e3-overview.md
index f9f45982f7..2eeaf3054d 100644
--- a/windows/deployment/windows-10-enterprise-e3-overview.md
+++ b/windows/deployment/windows-10-enterprise-e3-overview.md
@@ -1,6 +1,6 @@
 ---
 title: Windows 10/11 Enterprise E3 in CSP
-description: Describes Windows 10 Enterprise E3, an offering that delivers, by subscription, the features of Windows 10 Enterprise edition.
+description: Describes Windows 10/11 Enterprise E3, an offering that delivers, by subscription, the features of Windows 10/11 Enterprise edition.
 keywords: upgrade, update, task sequence, deploy
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -19,6 +19,10 @@ ms.topic: article
 
 # Windows 10/11 Enterprise E3 in CSP
 
+Applies to:
+- Windows 10
+- Windows 11
+
 Windows 10 Enterprise E3 launched in the Cloud Solution Provider (CSP) channel on September 1, 2016. Windows 10/11 Enterprise E3 in CSP is available now for both Windows 10 and Windows 11.  It delivers, by subscription, exclusive features reserved for Windows 10 or Windows 11 Enterprise editions. This offering is available through the Cloud Solution Provider (CSP) channel via the Partner Center as an online service. Windows 10/11 Enterprise E3 in CSP provides a flexible, per-user subscription for small- and medium-sized organizations (from one to hundreds of users). To take advantage of this offering, you must have the following:
 
 -   Windows 10 Pro, version 1607 (Windows 10 Anniversary Update) or later, installed and activated, on the devices to be upgraded. Windows 11 is considered "later" in this context.
diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md
index 3582a6b312..398d4cb1c4 100644
--- a/windows/deployment/windows-10-subscription-activation.md
+++ b/windows/deployment/windows-10-subscription-activation.md
@@ -29,7 +29,7 @@ With Windows 10, version 1903 and later, the Subscription Activation feature als
 
 The Subscription Activation feature eliminates the need to manually deploy Enterprise or Education edition images on each target device, then later standing up on-prem key management services such as KMS or MAK based activation, entering Generic Volume License Keys (GVLKs), and subsequently rebooting client devices.
 
-## Subscription Activation for Windows 10 Enterprise and Windows 11 Enterprise
+## Subscription Activation for Windows 10/11 Enterprise
 
 With Windows 10, version 1703 and later both Windows 10/11 Enterprise E3 and Windows 10/11 Enterprise E5 are available as online services via subscription. Deploying [Windows 10 Enterprise or Windows 11 Enterprise](planning/windows-10-enterprise-faq-itpro.yml) in your organization can now be accomplished with no keys and no reboots.
 
@@ -40,9 +40,9 @@ With Windows 10, version 1703 and later both Windows 10/11 Enterprise E3 and Win
 
 Organizations that have an Enterprise agreement can also benefit from the new service, using traditional Active Directory-joined devices. In this scenario, the Active Directory user that signs in on their device must be synchronized with Azure AD using [Azure AD Connect Sync](/azure/active-directory/connect/active-directory-aadconnectsync-whatis).
 
-## Subscription Activation for Windows 10 Education and Windows 11 Education
+## Subscription Activation for Windows 10/11 Education
 
-Subscription Activation for Education works the same as the Enterprise version, but in order to use Subscription Activation for Education, you must have a device running Windows 10 Pro Education, version 1903 or later and an active subscription plan with a Windows 10 Enterprise or Windows 11 Enterprise license. For more information, see the [requirements](#windows-10-11-education-requirements) section.
+Subscription Activation for Education works the same as the Enterprise version, but in order to use Subscription Activation for Education, you must have a device running Windows 10 Pro Education, version 1903 or later and an active subscription plan with a Windows 10 Enterprise or Windows 11 Enterprise license. For more information, see the [requirements](#windows-1011-education-requirements) section.
 
 ## Summary
 

From 5319d8da7fa75dca539ba5efb0db11ec39419fcb Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Tue, 28 Sep 2021 15:41:15 -0400
Subject: [PATCH 635/671] fixed typo

---
 windows/application-management/app-v/appv-planning-checklist.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/application-management/app-v/appv-planning-checklist.md b/windows/application-management/app-v/appv-planning-checklist.md
index b85b69132e..38dcba49db 100644
--- a/windows/application-management/app-v/appv-planning-checklist.md
+++ b/windows/application-management/app-v/appv-planning-checklist.md
@@ -16,7 +16,7 @@ ms.topic: article
 
 **Applies to**:
 
-- Windows 10/11
+- Windows 10
 - Windows 11
 
 This checklist can be used to help you plan for preparing your organization for an App-V deployment.

From 4f6b56af6e1165cd9603c4fe32b61fb6636fe10c Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Tue, 28 Sep 2021 15:42:25 -0400
Subject: [PATCH 636/671] fixed another typo

---
 windows/application-management/app-v/appv-planning-checklist.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/application-management/app-v/appv-planning-checklist.md b/windows/application-management/app-v/appv-planning-checklist.md
index 38dcba49db..ec6b16a771 100644
--- a/windows/application-management/app-v/appv-planning-checklist.md
+++ b/windows/application-management/app-v/appv-planning-checklist.md
@@ -5,7 +5,7 @@ author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.prod: w10/11
+ms.prod: w10
 ms.date: 04/18/2018
 ms.reviewer: 
 manager: dansimp

From e48fe882c5e09760efc805e4a44a71e169fada04 Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Tue, 28 Sep 2021 13:24:08 -0700
Subject: [PATCH 637/671] update with 11

---
 .../windows-10-enterprise-e3-overview.md      |  6 ++---
 .../windows-10-subscription-activation.md     | 23 +++++++++++--------
 2 files changed, 16 insertions(+), 13 deletions(-)

diff --git a/windows/deployment/windows-10-enterprise-e3-overview.md b/windows/deployment/windows-10-enterprise-e3-overview.md
index 2eeaf3054d..e1d673f759 100644
--- a/windows/deployment/windows-10-enterprise-e3-overview.md
+++ b/windows/deployment/windows-10-enterprise-e3-overview.md
@@ -23,12 +23,12 @@ Applies to:
 - Windows 10
 - Windows 11
 
-Windows 10 Enterprise E3 launched in the Cloud Solution Provider (CSP) channel on September 1, 2016. Windows 10/11 Enterprise E3 in CSP is available now for both Windows 10 and Windows 11.  It delivers, by subscription, exclusive features reserved for Windows 10 or Windows 11 Enterprise editions. This offering is available through the Cloud Solution Provider (CSP) channel via the Partner Center as an online service. Windows 10/11 Enterprise E3 in CSP provides a flexible, per-user subscription for small- and medium-sized organizations (from one to hundreds of users). To take advantage of this offering, you must have the following:
+Windows 10 Enterprise E3 launched in the Cloud Solution Provider (CSP) channel on September 1, 2016. With the release of Windows 11, Windows 10/11 Enterprise E3 in CSP is available.  It delivers, by subscription, exclusive features reserved for Windows 10 or Windows 11 Enterprise editions. This offering is available through the Cloud Solution Provider (CSP) channel via the Partner Center as an online service. Windows 10/11 Enterprise E3 in CSP provides a flexible, per-user subscription for small- and medium-sized organizations (from one to hundreds of users). To take advantage of this offering, you must have the following:
 
--   Windows 10 Pro, version 1607 (Windows 10 Anniversary Update) or later, installed and activated, on the devices to be upgraded. Windows 11 is considered "later" in this context.
+-   Windows 10 Pro, version 1607 (Windows 10 Anniversary Update) or later (or Windows 11), installed and activated, on the devices to be upgraded.
 -   Azure Active Directory (Azure AD) available for identity management
 
-Starting with Windows 10, version 1607 (Windows 10 Anniversary Update), you can move from Windows 10 Pro or Windows 11 Pro to Windows 10 Enterprise or Windows 11 Enterprise more easily than ever before—no keys and no reboots. After one of your users enters the Azure AD credentials associated with a Windows 10/11 Enterprise E3 license, the operating system turns from Windows 10 Pro to Windows 10 Enterprise or Windows 11 Pro to Windows 11 Enterprise and all the appropriate Enterprise features are unlocked. When a subscription license expires or is transferred to another user, the Enterprise device seamlessly steps back down to Windows 10 Pro or Windows 11 Pro.
+You can move from Windows 10 Pro or Windows 11 Pro to Windows 10 Enterprise or Windows 11 Enterprise more easily than ever before — with no keys, and no reboots. After one of your users enters the Azure AD credentials associated with a Windows 10/11 Enterprise E3 license, the operating system turns from Windows 10 Pro to Windows 10 Enterprise or Windows 11 Pro to Windows 11 Enterprise and all the appropriate Enterprise features are unlocked. When a subscription license expires or is transferred to another user, the Enterprise device seamlessly steps back down to Windows 10 Pro or Windows 11 Pro.
 
 Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Windows 10 Enterprise or Windows 11 Enterprise to their users. Now, with Windows 10/11 Enterprise E3 in CSP, small- and medium-sized organizations can more easily take advantage of Enterprise edition features.
 
diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md
index 398d4cb1c4..b1736d3583 100644
--- a/windows/deployment/windows-10-subscription-activation.md
+++ b/windows/deployment/windows-10-subscription-activation.md
@@ -31,7 +31,7 @@ The Subscription Activation feature eliminates the need to manually deploy Enter
 
 ## Subscription Activation for Windows 10/11 Enterprise
 
-With Windows 10, version 1703 and later both Windows 10/11 Enterprise E3 and Windows 10/11 Enterprise E5 are available as online services via subscription. Deploying [Windows 10 Enterprise or Windows 11 Enterprise](planning/windows-10-enterprise-faq-itpro.yml) in your organization can now be accomplished with no keys and no reboots.
+With Windows 10, version 1703 and later both Windows 10/11 Enterprise E3 and Windows 10/11 Enterprise E5 are available as online services via subscription. Deploying Windows 10 Enterprise or Windows 11 Enterprise in your organization can now be accomplished with no keys and no reboots.
 
  If you are running Windows 10, version 1703 or later:
 
@@ -40,24 +40,27 @@ With Windows 10, version 1703 and later both Windows 10/11 Enterprise E3 and Win
 
 Organizations that have an Enterprise agreement can also benefit from the new service, using traditional Active Directory-joined devices. In this scenario, the Active Directory user that signs in on their device must be synchronized with Azure AD using [Azure AD Connect Sync](/azure/active-directory/connect/active-directory-aadconnectsync-whatis).
 
-## Subscription Activation for Windows 10/11 Education
+> [!NOTE]
+> You cannot use Subscripton Activation to upgrade from Windows 10 to Windows 11. The operating system version does not change when you switch to Enterprise edition.
 
-Subscription Activation for Education works the same as the Enterprise version, but in order to use Subscription Activation for Education, you must have a device running Windows 10 Pro Education, version 1903 or later and an active subscription plan with a Windows 10 Enterprise or Windows 11 Enterprise license. For more information, see the [requirements](#windows-1011-education-requirements) section.
+## Subscription Activation for Education
 
-## Summary
+Subscription Activation for Education works the same as the Enterprise version, but in order to use Subscription Activation for Education, you must have a device running Windows 10 Pro Education, version 1903 or later (or Windows 11) and an active subscription plan with a Windows 10/11 Enterprise license. For more information, see the [requirements](#windows-1011-education-requirements) section.
+
+## In this article
 
 - [Inherited Activation](#inherited-activation): Description of a new feature available in Windows 10, version 1803 and later.
-- [The evolution of Windows 10 deployment](#the-evolution-of-deployment): A short history of Windows deployment.
-- [Requirements](#requirements): Prerequisites to use the Windows 10 Subscription Activation model.
-- [Benefits](#benefits): Advantages of Windows 10/11 subscription-based licensing.
+- [The evolution of deployment](#the-evolution-of-deployment): A short history of Windows deployment.
+- [Requirements](#requirements): Prerequisites to use the Windows 10/11 Subscription Activation model.
+- [Benefits](#benefits): Advantages of subscription-based licensing.
 - [How it works](#how-it-works): A summary of the subscription-based licensing option.
-- [Virtual Desktop Access (VDA)](#virtual-desktop-access-vda): Enable Windows 10/11 Subscription Activation for VMs in the cloud.
+- [Virtual Desktop Access (VDA)](#virtual-desktop-access-vda): Enable Windows 10 Subscription Activation for VMs in the cloud.
 
 For information on how to deploy Windows 10 Enterprise licenses, see [Deploy Windows 10/11 Enterprise licenses](deploy-enterprise-licenses.md).
 
 ## Inherited Activation
 
-Inherited Activation is a new feature available in Windows 10, version 1803 or later that allows Windows 10/11 virtual machines to inherit activation state from their Windows 10/11 host.
+Inherited Activation is a new feature available in Windows 10, version 1803 or later (Windows 11 is considered "later" here) that allows Windows 10/11 virtual machines to inherit activation state from their Windows 10/11 host.
 
 When a user with Windows 10/11 E3/E5 or A3/A5 license assigned creates a new Windows 10 or Windows 11 virtual machine (VM) using a Windows 10/11 local host, the VM inherits the activation state from a host machine independent of whether user signs on with a local account or using an Azure Active Directory (AAD) account on a VM.
 
@@ -154,7 +157,7 @@ You can benefit by moving to Windows as an online service in the following ways:
 ## How it works
 
 > [!NOTE]
-. The following Windows 10 examples and scenarios also apply to Windows 11.
+> The following Windows 10 examples and scenarios also apply to Windows 11.
 
 The device is AAD joined from **Settings > Accounts > Access work or school**.
 

From 8af70e6c8781e51a0183d9adb26aca64cfd59c68 Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Tue, 28 Sep 2021 13:31:50 -0700
Subject: [PATCH 638/671] update with 11

---
 windows/deployment/windows-10-subscription-activation.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md
index b1736d3583..55559f11aa 100644
--- a/windows/deployment/windows-10-subscription-activation.md
+++ b/windows/deployment/windows-10-subscription-activation.md
@@ -10,7 +10,7 @@ ms.sitesec: library
 ms.pagetype: mdt
 audience: itpro
 author: greg-lindsay
-manager: laurawi
+manager: dougeby
 ms.collection: M365-modern-desktop
 search.appverid:
 - MET150
@@ -47,7 +47,7 @@ Organizations that have an Enterprise agreement can also benefit from the new se
 
 Subscription Activation for Education works the same as the Enterprise version, but in order to use Subscription Activation for Education, you must have a device running Windows 10 Pro Education, version 1903 or later (or Windows 11) and an active subscription plan with a Windows 10/11 Enterprise license. For more information, see the [requirements](#windows-1011-education-requirements) section.
 
-## In this article
+## Article summary
 
 - [Inherited Activation](#inherited-activation): Description of a new feature available in Windows 10, version 1803 and later.
 - [The evolution of deployment](#the-evolution-of-deployment): A short history of Windows deployment.
@@ -56,7 +56,7 @@ Subscription Activation for Education works the same as the Enterprise version,
 - [How it works](#how-it-works): A summary of the subscription-based licensing option.
 - [Virtual Desktop Access (VDA)](#virtual-desktop-access-vda): Enable Windows 10 Subscription Activation for VMs in the cloud.
 
-For information on how to deploy Windows 10 Enterprise licenses, see [Deploy Windows 10/11 Enterprise licenses](deploy-enterprise-licenses.md).
+For information on how to deploy Enterprise licenses, see [Deploy Windows 10/11 Enterprise licenses](deploy-enterprise-licenses.md).
 
 ## Inherited Activation
 

From 032397009672607734df52d1941f34fef9609b69 Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Tue, 28 Sep 2021 16:34:40 -0400
Subject: [PATCH 639/671] app-v round 2

---
 ...ministrator-with-the-management-console.md |  4 +--
 ...de-packages-with-the-management-console.md |  4 +--
 ...appv-administering-appv-with-powershell.md |  4 +--
 ...pplications-with-the-management-console.md |  4 +--
 ...inistrators-to-enable-connection-groups.md |  4 +--
 ...ation-publishing-and-client-interaction.md |  4 +--
 ...ment-configuration-file-with-powershell.md |  6 ++--
 ...user-configuration-file-with-powershell.md |  6 ++--
 .../app-v/appv-auto-batch-sequencing.md       |  5 +--
 .../app-v/appv-auto-batch-updating.md         |  5 +--
 .../appv-auto-clean-unpublished-packages.md   |  6 ++--
 .../app-v/appv-auto-provision-a-vm.md         |  5 +--
 .../app-v/appv-available-mdm-settings.md      | 34 +++++++++----------
 .../app-v/appv-capacity-planning.md           |  2 +-
 .../appv-client-configuration-settings.md     |  5 +--
 ...to-packages-with-the-management-console.md |  4 +--
 ...on-groups-to-ignore-the-package-version.md |  4 +--
 ...eive-updates-from-the-publishing-server.md |  4 +--
 .../appv-connect-to-the-management-console.md |  4 +--
 .../app-v/appv-connection-group-file.md       |  4 +--
 ...pv-connection-group-virtual-environment.md |  4 +--
 ...e-created-in-a-previous-version-of-appv.md | 12 +++----
 ...blished-and-globally-published-packages.md |  4 +--
 .../app-v/appv-create-a-connection-group.md   |  4 +--
 ...ration-file-with-the-management-console.md |  4 +--
 ...e-a-package-accelerator-with-powershell.md |  4 +--
 .../appv-create-a-package-accelerator.md      |  5 +--
 ...application-package-package-accelerator.md |  5 +--
 .../appv-create-and-use-a-project-template.md |  5 +--
 ...g-and-managing-virtualized-applications.md |  5 +--
 ...-extensions-with-the-management-console.md |  4 +--
 ...e-a-package-with-the-management-console.md |  4 +--
 .../app-v/appv-dynamic-configuration.md       |  6 ++--
 .../app-v/appv-for-windows.md                 |  5 +--
 ...-a-packages-with-the-management-console.md |  4 +--
 ...hing-server-with-the-management-console.md |  5 ++-
 ...f-a-package-with-the-management-console.md |  5 ++-
 ...-extensions-with-the-management-console.md |  5 ++-
 .../applies-to-windows-client-versions.md     | 15 ++++++++
 39 files changed, 104 insertions(+), 119 deletions(-)
 create mode 100644 windows/application-management/includes/applies-to-windows-client-versions.md

diff --git a/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md b/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md
index 2b8eb78f4d..ba98c209b2 100644
--- a/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md
@@ -1,5 +1,5 @@
 ---
-title: How to Add or Remove an Administrator by Using the Management Console (Windows 10)
+title: How to Add or Remove an Administrator by Using the Management Console (Windows 10/11)
 description: Add or remove an administrator on the Microsoft Application Virtualization (App-V) server by using the Management Console.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,7 @@ ms.topic: article
 ---
 # How to add or remove an administrator by using the Management Console
 
->Applies to: Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 Use the following procedures to add or remove an administrator on the Microsoft Application Virtualization (App-V) server.
 
diff --git a/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md b/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md
index d09522b1ba..a91752fa7d 100644
--- a/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md
@@ -1,5 +1,5 @@
 ---
-title: How to Add or Upgrade Packages by Using the Management Console (Windows 10)
+title: How to Add or Upgrade Packages by Using the Management Console (Windows 10/11)
 description: Add or remove an administrator on the Microsoft Application Virtualization (App-V) server by using the Management Console.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,7 @@ ms.topic: article
 ---
 # How to add or upgrade packages by using the Management Console
 
->Applies to: Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 You can use the following procedure to add or upgrade a package to the App-V Management Console. To upgrade a package that already exists in the Management Console, use the following steps and import the upgraded package using the same package **Name**.
 
diff --git a/windows/application-management/app-v/appv-administering-appv-with-powershell.md b/windows/application-management/app-v/appv-administering-appv-with-powershell.md
index fd18bc7d76..92659b1ce8 100644
--- a/windows/application-management/app-v/appv-administering-appv-with-powershell.md
+++ b/windows/application-management/app-v/appv-administering-appv-with-powershell.md
@@ -1,5 +1,5 @@
 ---
-title: Administering App-V by using Windows PowerShell (Windows 10)
+title: Administering App-V by using Windows PowerShell (Windows 10/11)
 description: Administer App-V by using Windows PowerShell and learn where to find more information about PowerShell for App-V.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,7 @@ ms.topic: article
 ---
 # Administering App-V by using Windows PowerShell
 
->Applies to: Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 Microsoft Application Virtualization (App-V) supports Windows PowerShell cmdlets that give administrators a quick and easy way to manage App-V. The following sections will tell you more about how to use Windows PowerShell with App-V.
 
diff --git a/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md b/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md
index 9b26750d0e..32b6f0bef7 100644
--- a/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md
@@ -1,5 +1,5 @@
 ---
-title: Administering App-V Virtual Applications by using the Management Console (Windows 10)
+title: Administering App-V Virtual Applications by using the Management Console (Windows 10/11)
 description: Administering App-V Virtual Applications by using the Management Console
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,7 @@ ms.topic: article
 ---
 # Administering App-V Virtual Applications by using the Management Console
 
->Applies to: Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 Use the Microsoft Application Virtualization (App-V) management server to manage packages, connection groups, and package access in your environment. The server publishes application icons, shortcuts, and file type associations to authorized computers running the App-V client. One or more management servers typically share a common data store for configuration and package information.
 
diff --git a/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md b/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md
index af9ea8e786..728de7998a 100644
--- a/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md
+++ b/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md
@@ -1,5 +1,5 @@
 ---
-title: Only Allow Admins to Enable Connection Groups (Windows 10)
+title: Only Allow Admins to Enable Connection Groups (Windows 10/11)
 description: Configure the App-V client so that only administrators, not users, can enable or disable connection groups.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,7 @@ ms.topic: article
 ---
 # How to allow only administrators to enable connection groups
 
->Applies to: Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 You can configure the App-V client so that only administrators, not users, can enable or disable connection groups. In earlier versions of App-V, there was no way to restrict access to disabling connection groups to users.
 
diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
index 130ad633ee..0c949d9dd5 100644
--- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
+++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
@@ -1,5 +1,5 @@
 ---
-title: Application Publishing and Client Interaction (Windows 10)
+title: Application Publishing and Client Interaction (Windows 10/11)
 description: Learn technical information about common App-V Client operations and their integration with the local operating system.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,7 @@ ms.topic: article
 ---
 # Application publishing and client interaction
 
->Applies to: Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 This article provides technical information about common App-V Client operations and their integration with the local operating system.
 
diff --git a/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md b/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md
index bf6f0effd2..a8a744e7e2 100644
--- a/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md
+++ b/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md
@@ -1,6 +1,6 @@
 ---
-title: Apply deployment config file via Windows PowerShell (Windows 10)
-description: How to apply the deployment configuration file by using Windows PowerShell for Windows 10.
+title: Apply deployment config file via Windows PowerShell (Windows 10/11)
+description: How to apply the deployment configuration file by using Windows PowerShell for Windows 10/11.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@@ -14,7 +14,7 @@ ms.topic: article
 ---
 # How to apply the deployment configuration file by using Windows PowerShell
 
->Applies to: Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 When you add or set a package to a computer running the App-V client before it's been published, a dynamic deployment configuration file is applied to it. The dynamic deployment configuration file configures the default settings for the package that all users share on the computer running the App-V client. This section will tell you how to use a deployment configuration file.
 
diff --git a/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md b/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md
index 851e74f1e6..1650a46de5 100644
--- a/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md
+++ b/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md
@@ -1,6 +1,6 @@
 ---
-title: How to apply the user configuration file by using Windows PowerShell (Windows 10)
-description: How to apply the user configuration file by using Windows PowerShell (Windows 10).
+title: How to apply the user configuration file by using Windows PowerShell (Windows 10/11)
+description: How to apply the user configuration file by using Windows PowerShell (Windows 10/11).
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@@ -14,7 +14,7 @@ ms.topic: article
 ---
 # How to apply the user configuration file by using Windows PowerShell
 
->Applies to: Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 When you publish a package to a specific user, you'll also need to specify a dynamic user configuration file to tell that package how to run.
 
diff --git a/windows/application-management/app-v/appv-auto-batch-sequencing.md b/windows/application-management/app-v/appv-auto-batch-sequencing.md
index bed697e971..7875e506a1 100644
--- a/windows/application-management/app-v/appv-auto-batch-sequencing.md
+++ b/windows/application-management/app-v/appv-auto-batch-sequencing.md
@@ -14,10 +14,7 @@ ms.topic: article
 ---
 # Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)
 
-**Applies to**:
-
-- Windows 10
-- Windows 11
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 Sequencing multiple apps at the same time requires you to install and start Microsoft Application Virtualization Sequencer (App-V Sequencer), and to install the necessary apps to collect any changes made to the operating system during the installation and building of the App-V package.
 
diff --git a/windows/application-management/app-v/appv-auto-batch-updating.md b/windows/application-management/app-v/appv-auto-batch-updating.md
index 52349a97ee..3ce6b6faac 100644
--- a/windows/application-management/app-v/appv-auto-batch-updating.md
+++ b/windows/application-management/app-v/appv-auto-batch-updating.md
@@ -14,10 +14,7 @@ ms.topic: article
 ---
 # Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)
 
-**Applies to**:
-
-- Windows 10
-- Windows 11
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 Updating multiple apps at the same time follows a similar process to the one used for [automatically sequencing multiple apps at the same time](appv-auto-batch-sequencing.md). However, when updating, you'll also have to pass your previously created app package files to the App-V Sequencer cmdlet.
 
diff --git a/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md b/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md
index acf7bb3cdf..38ab629d22 100644
--- a/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md
+++ b/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md
@@ -1,5 +1,5 @@
 ---
-title: Auto-remove unpublished packages on App-V client (Windows 10)
+title: Auto-remove unpublished packages on App-V client (Windows 10/11)
 description: How to automatically clean up any unpublished packages on your App-V client devices.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,9 +14,9 @@ ms.topic: article
 ---
 # Automatically clean up unpublished packages on the App-V client
 
->Applies to: Windows 10, version 1703
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
-If you wanted to free up additional storage space in previous versions of App-V, you would have had to manually remove your unpublished packages from your client devices. Windows 10, version 1703 introduces the ability to use PowerShell or Group Policy settings to automatically clean up your unpublished packages after restarting your device.
+If you wanted to free up additional storage space in previous versions of App-V, you would have had to manually remove your unpublished packages from your client devices. Starting with Windows 10 version 1703, use PowerShell or Group Policy settings to automatically clean up your unpublished packages after restarting your device.
 
 ## Clean up with PowerShell cmdlets
 
diff --git a/windows/application-management/app-v/appv-auto-provision-a-vm.md b/windows/application-management/app-v/appv-auto-provision-a-vm.md
index 2cfba09688..f9e98f0849 100644
--- a/windows/application-management/app-v/appv-auto-provision-a-vm.md
+++ b/windows/application-management/app-v/appv-auto-provision-a-vm.md
@@ -14,10 +14,7 @@ ms.topic: article
 ---
 # Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)
 
-**Applies to**:
-
-- Windows 10
-- Windows 11
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 Previous versions of the App-V Sequencer have required you to manually create your sequencing environment. Starting with Windows 10 version 1703, the `New-AppVSequencerVM` and `Connect-AppvSequencerVM` Windows PowerShell cmdlets are available, which automatically create your sequencing environment for you, including provisioning your virtual machine.
 
diff --git a/windows/application-management/app-v/appv-available-mdm-settings.md b/windows/application-management/app-v/appv-available-mdm-settings.md
index 2b73883501..107fab760e 100644
--- a/windows/application-management/app-v/appv-available-mdm-settings.md
+++ b/windows/application-management/app-v/appv-available-mdm-settings.md
@@ -1,5 +1,5 @@
 ---
-title: Available Mobile Device Management (MDM) settings for App-V (Windows 10)
+title: Available Mobile Device Management (MDM) settings for App-V (Windows 10/11)
 description: Learn the available Mobile Device Management (MDM) settings you can use to configure App-V on Windows 10.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,22 +14,22 @@ ms.topic: article
 ---
 # Available Mobile Device Management (MDM) settings for App-V
 
-With Windows 10, version 1703, you can configure, deploy, and manage your App-V apps with the following Mobile Device Management (MDM) settings. For the full list of available settings, see the [EnterpriseAppVManagement CSP](/windows/client-management/mdm/enterpriseappvmanagement-csp) page.
+Starting with Windows 10 version 1703, you can configure, deploy, and manage your App-V apps with the following Mobile Device Management (MDM) settings. For the full list of available settings, see the [EnterpriseAppVManagement CSP](/windows/client-management/mdm/enterpriseappvmanagement-csp) page.
 
 |Policy name|Supported versions|URI full path|Data type|Values|
 |---|---|---|---|---|
-|Name|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPackageManagement/<enterprise_id>/ <package_family_name>/<package_full_name>/Name|String|Read-only data, provided by your App-V packages.|
-|Version|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPackageManagement/<enterprise_id>/ <package_family_name>/<package_full_name>/Version|String|Read-only data, provided by your App-V packages.|
-|Publisher|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPackageManagement/<enterprise_id>/ <package_family_name>/<package_full_name>/Publisher|String|Read-only data, provided by your App-V packages.|
-|InstallLocation|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPackageManagement/<enterprise_id>/ <package_family_name>/<package_full_name>/InstallLocation|String|Read-only data, provided by your App-V packages.|
-|InstallDate|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPackageManagement/<enterprise_id>/ <package_family_name>/<package_full_name>/InstallDate|String|Read-only data, provided by your App-V packages.|
-|Users|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPackageManagement/<enterprise_id>/ <package_family_name>/<package_full_name>/Users|String|Read-only data, provided by your App-V packages.|
-|AppVPackageID|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPackageManagement/<enterprise_id>/ <package_family_name>/<package_full_name>/AppVPackageID|String|Read-only data, provided by your App-V packages.|
-|AppVVersionID|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPackageManagement/<enterprise_id>/ <package_family_name>/<package_full_name>/AppVVersionID|String|Read-only data, provided by your App-V packages.|
-|AppVPackageUri|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPackageManagement/<enterprise_id>/ <package_family_name>/<package_full_name>/AppVPackageUri|String|Read-only data, provided by your App-V packages.|
-|LastError|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/<br>AppVPublishing/LastSync/LastError|String|Read-only data, provided by your App-V packages.|
-|LastErrorDescription|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPublishing/LastSync/LastErrorDescription|String|- **0**: No errors returned during publish.<br>- **1**: Unpublish groups failed during publish.<br>- **2**: Publish no-group packages failed during publish.<br>- **3**: Publish group packages failed during publish.<br>- **4**: Unpublish packages failed during publish.<br>- **5**: New policy write failed during publish.<br>- **6**: Multiple non-fatal errors occurred during publish.|
-|SyncStatusDescription|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPublishing/LastSync/SyncStatusDescription|String|- **0**: App-V publishing is idle.<br>- **1**: App-V connection groups publish in progress.<br>- **2**: App-V packages (non-connection group) publish in progress.<br>- **3**: App-V packages (connection group) publish in progress.<br>- **4**: App-V packages unpublish in progress.|
-|SyncProgress|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPublishing/LastSync/SyncProgress|String|- **0**: App-V Sync is idle.<br>- **1**: App-V Sync is initializing.<br>- **2**: App-V Sync is in progress.<br>- **3**: App-V Sync is complete.<br>- **4**: App-V Sync requires device reboot.|
-|PublishXML|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/<br>AppVPublishing/Sync/PublishXML|String|Custom value, entered by admin.|
-|Policy|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/<br>AppVDynamicPolicy/configurationid/Policy|String|Custom value, entered by admin.|
\ No newline at end of file
+|Name|Windows 10/11|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPackageManagement/<enterprise_id>/ <package_family_name>/<package_full_name>/Name|String|Read-only data, provided by your App-V packages.|
+|Version|Windows 10/11|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPackageManagement/<enterprise_id>/ <package_family_name>/<package_full_name>/Version|String|Read-only data, provided by your App-V packages.|
+|Publisher|Windows 10/11|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPackageManagement/<enterprise_id>/ <package_family_name>/<package_full_name>/Publisher|String|Read-only data, provided by your App-V packages.|
+|InstallLocation|Windows 10/11|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPackageManagement/<enterprise_id>/ <package_family_name>/<package_full_name>/InstallLocation|String|Read-only data, provided by your App-V packages.|
+|InstallDate|Windows 10/11|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPackageManagement/<enterprise_id>/ <package_family_name>/<package_full_name>/InstallDate|String|Read-only data, provided by your App-V packages.|
+|Users|Windows 10/11|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPackageManagement/<enterprise_id>/ <package_family_name>/<package_full_name>/Users|String|Read-only data, provided by your App-V packages.|
+|AppVPackageID|Windows 10/11|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPackageManagement/<enterprise_id>/ <package_family_name>/<package_full_name>/AppVPackageID|String|Read-only data, provided by your App-V packages.|
+|AppVVersionID|Windows 10/11|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPackageManagement/<enterprise_id>/ <package_family_name>/<package_full_name>/AppVVersionID|String|Read-only data, provided by your App-V packages.|
+|AppVPackageUri|Windows 10/11|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPackageManagement/<enterprise_id>/ <package_family_name>/<package_full_name>/AppVPackageUri|String|Read-only data, provided by your App-V packages.|
+|LastError|Windows 10/11|./Vendor/MSFT/EnterpriseAppVManagement/<br>AppVPublishing/LastSync/LastError|String|Read-only data, provided by your App-V packages.|
+|LastErrorDescription|Windows 10/11|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPublishing/LastSync/LastErrorDescription|String|- **0**: No errors returned during publish.<br>- **1**: Unpublish groups failed during publish.<br>- **2**: Publish no-group packages failed during publish.<br>- **3**: Publish group packages failed during publish.<br>- **4**: Unpublish packages failed during publish.<br>- **5**: New policy write failed during publish.<br>- **6**: Multiple non-fatal errors occurred during publish.|
+|SyncStatusDescription|Windows 10/11|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPublishing/LastSync/SyncStatusDescription|String|- **0**: App-V publishing is idle.<br>- **1**: App-V connection groups publish in progress.<br>- **2**: App-V packages (non-connection group) publish in progress.<br>- **3**: App-V packages (connection group) publish in progress.<br>- **4**: App-V packages unpublish in progress.|
+|SyncProgress|Windows 10/11|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPublishing/LastSync/SyncProgress|String|- **0**: App-V Sync is idle.<br>- **1**: App-V Sync is initializing.<br>- **2**: App-V Sync is in progress.<br>- **3**: App-V Sync is complete.<br>- **4**: App-V Sync requires device reboot.|
+|PublishXML|Windows 10/11|./Vendor/MSFT/EnterpriseAppVManagement/<br>AppVPublishing/Sync/PublishXML|String|Custom value, entered by admin.|
+|Policy|Windows 10/11|./Vendor/MSFT/EnterpriseAppVManagement/<br>AppVDynamicPolicy/configurationid/Policy|String|Custom value, entered by admin.|
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-capacity-planning.md b/windows/application-management/app-v/appv-capacity-planning.md
index 76f23f4537..75a7a8d6ec 100644
--- a/windows/application-management/app-v/appv-capacity-planning.md
+++ b/windows/application-management/app-v/appv-capacity-planning.md
@@ -1,5 +1,5 @@
 ---
-title: App-V Capacity Planning (Windows 10)
+title: App-V Capacity Planning (Windows 10/11)
 description: Use these recommendations as a baseline to help determine capacity planning information that is appropriate to your organization’s App-V infrastructure.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
diff --git a/windows/application-management/app-v/appv-client-configuration-settings.md b/windows/application-management/app-v/appv-client-configuration-settings.md
index c27a0a72b1..f66d17b837 100644
--- a/windows/application-management/app-v/appv-client-configuration-settings.md
+++ b/windows/application-management/app-v/appv-client-configuration-settings.md
@@ -14,10 +14,7 @@ ms.topic: article
 ---
 # About Client Configuration Settings
 
-**Applies to**:
-
-- Windows 10
-- Windows 11
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 The Microsoft Application Virtualization (App-V) client stores its configuration in the registry. Understanding how the register's format for data works can help you better understand the client, as you can configure many client actions by changing registry entries. This topic lists the App-V client configuration settings and explains their uses. You can use Windows PowerShell to modify the client configuration settings. For more information about using Windows PowerShell and App-V see [Administering App-V by using Windows PowerShell](appv-administering-appv-with-powershell.md).
 
diff --git a/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md b/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md
index 82dca3e617..92657e83fa 100644
--- a/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md
@@ -1,5 +1,5 @@
 ---
-title: How to configure access to packages by using the Management Console (Windows 10)
+title: How to configure access to packages by using the Management Console (Windows 10/11)
 description: How to configure access to packages by using the App-V Management Console.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,7 @@ ms.topic: article
 ---
 # How to configure access to packages by using the Management Console
 
->Applies to: Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 Before you deploy an App-V virtualized package, you must configure the Active Directory Domain Services (AD DS) security groups that will be allowed to access and run the applications. The security groups may contain computers or users. Entitling a package to a computer group publishes the package globally to all computers in the group.
 
diff --git a/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md b/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md
index 12b44773a7..c2d3446d5e 100644
--- a/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md
+++ b/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md
@@ -1,5 +1,5 @@
 ---
-title: How to make a connection group ignore the package version (Windows 10)
+title: How to make a connection group ignore the package version (Windows 10/11)
 description: Learn how to make a connection group ignore the package version with the App-V Server Management Console.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,7 @@ ms.topic: article
 ---
 # How to make a connection group ignore the package version
 
-> Applies to: Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 You can use Application Virtualization (App-V) to configure a connection group to use any version of a package, simplifying package upgrades and reducing the number of connection groups you need to create.
 
diff --git a/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md b/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md
index 9dadc20365..b4b2fc014d 100644
--- a/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md
+++ b/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md
@@ -1,5 +1,5 @@
 ---
-title: How to configure the client to receive package and connection groups updates from the publishing server (Windows 10)
+title: How to configure the client to receive package and connection groups updates from the publishing server (Windows 10/11)
 description: How to configure the client to receive package and connection groups updates from the publishing server.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,7 @@ ms.topic: article
 ---
 # How to configure the client to receive package and connection groups updates from the publishing server
 
->Applies to: Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 The App-V publishing server's single-point management and high scalability lets you deploy packages and connection groups and keep them up to date.
 
diff --git a/windows/application-management/app-v/appv-connect-to-the-management-console.md b/windows/application-management/app-v/appv-connect-to-the-management-console.md
index b2414c2635..48b893e5af 100644
--- a/windows/application-management/app-v/appv-connect-to-the-management-console.md
+++ b/windows/application-management/app-v/appv-connect-to-the-management-console.md
@@ -1,5 +1,5 @@
 ---
-title: How to connect to the Management Console (Windows 10)
+title: How to connect to the Management Console (Windows 10/11)
 description: In this article, learn the procedure for connecting to the App-V Management Console through your web browser.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,7 @@ ms.topic: article
 ---
 # How to connect to the Management Console
 
->Applies to: Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 Use the following procedure to connect to the App-V Management Console.
 
diff --git a/windows/application-management/app-v/appv-connection-group-file.md b/windows/application-management/app-v/appv-connection-group-file.md
index 70072685d4..b73008a5ac 100644
--- a/windows/application-management/app-v/appv-connection-group-file.md
+++ b/windows/application-management/app-v/appv-connection-group-file.md
@@ -1,5 +1,5 @@
 ---
-title: About the connection group file (Windows 10)
+title: About the connection group file (Windows 10/11)
 description: A summary of what the connection group file is and how to configure it.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,7 @@ ms.topic: article
 ---
 # About the connection group file
 
->Applies to: Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 ## Connection group file overview
 
diff --git a/windows/application-management/app-v/appv-connection-group-virtual-environment.md b/windows/application-management/app-v/appv-connection-group-virtual-environment.md
index a1a9c16649..dcd72b455c 100644
--- a/windows/application-management/app-v/appv-connection-group-virtual-environment.md
+++ b/windows/application-management/app-v/appv-connection-group-virtual-environment.md
@@ -1,5 +1,5 @@
 ---
-title: About the connection group virtual environment (Windows 10)
+title: About the connection group virtual environment (Windows 10/11)
 description: Learn how the connection group virtual environment works and how package priority is determined.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,7 @@ ms.topic: article
 ---
 # About the connection group virtual environment
 
->Applies to: Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 ## How package priority is determined
 
diff --git a/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md b/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
index 44e0487b4e..1088fd28a2 100644
--- a/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
+++ b/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
@@ -1,5 +1,5 @@
 ---
-title: How to convert a package created in a previous version of App-V (Windows 10)
+title: How to convert a package created in a previous version of App-V (Windows 10/11)
 description: Use the package converter utility to convert a virtual application package created in a previous version of App-V.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,7 @@ ms.topic: article
 ---
 # How to convert a package created in a previous version of App-V
 
->Applies to: Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 You can use the package converter utility to upgrade virtual application packages created by previous versions of App-V. This section will tell you how to convert existing virtual application packages for upgrade.
 
@@ -28,9 +28,9 @@ The package converter can only directly convert packages created by an App-V seq
 
 ## App-V 4.6 installation folder is redirected to virtual file system root
 
-When you convert packages from App-V 4.6 to App-V for Windows 10, the App-V for Windows 10 package can access the hardcoded drive that you were required to use when you created 4.6 packages. The drive letter will be the drive you selected as the installation drive on the 4.6 sequencing machine. (The default drive is drive Q.)
+When you convert packages from App-V 4.6 to App-V for Windows 10/11, the App-V for Windows client package can access the hardcoded drive that you were required to use when you created 4.6 packages. The drive letter will be the drive you selected as the installation drive on the 4.6 sequencing machine. (The default drive is drive Q.)
 
-The App-V package converter will save the App-V 4.6 installation root folder and short folder names in the FilesystemMetadata.xml file in the **Filesystem** element. When the App-V for Windows 10 client creates the virtual process, it will map requests from the App-V 4.6 installation root to the virtual file system root.
+The App-V package converter will save the App-V 4.6 installation root folder and short folder names in the FilesystemMetadata.xml file in the **Filesystem** element. When the App-V for Windows client creates the virtual process, it will map requests from the App-V 4.6 installation root to the virtual file system root.
 
 ## Getting started
 
@@ -50,9 +50,9 @@ The App-V package converter will save the App-V 4.6 installation root folder and
      ConvertFrom-AppvLegacyPackage C:\contentStore C:\convertedPackages
      ```
 
-     In this cmdlet, `C:\contentStore` represents the location of the existing package and `C:\convertedPackages` is the output directory to which the resulting App-V for Windows 10 virtual application package file will be saved. By default, if you do not specify a new name, the old package name will be used.
+     In this cmdlet, `C:\contentStore` represents the location of the existing package and `C:\convertedPackages` is the output directory to which the resulting App-V for Windows client virtual application package file will be saved. By default, if you do not specify a new name, the old package name will be used.
 
-     Additionally, the package converter optimizes performance of packages in App-V for Windows 10 by setting the package to stream fault the App-V package.  This is more performant than the primary feature block and fully downloading the package. The flag **DownloadFullPackageOnFirstLaunch** allows you to convert the package and set the package to be fully downloaded by default.
+     Additionally, the package converter optimizes performance of packages in App-V for Windows client by setting the package to stream fault the App-V package.  This is more performant than the primary feature block and fully downloading the package. The flag **DownloadFullPackageOnFirstLaunch** allows you to convert the package and set the package to be fully downloaded by default.
 
      > [!NOTE]
      > Before you specify the output directory, you must create the output directory.
diff --git a/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md b/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md
index 1b3212816f..70409e9d70 100644
--- a/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md
+++ b/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md
@@ -1,5 +1,5 @@
 ---
-title: How to create a connection croup with user-published and globally published packages (Windows 10)
+title: How to create a connection croup with user-published and globally published packages (Windows 10/11)
 description: How to create a connection croup with user-published and globally published packages.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,7 @@ ms.topic: article
 ---
 # How to create a connection croup with user-published and globally published packages
 
->Applies to: Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 You can create user-entitled connection groups that contain both user-published and globally published packages, using either of the following methods:
 
diff --git a/windows/application-management/app-v/appv-create-a-connection-group.md b/windows/application-management/app-v/appv-create-a-connection-group.md
index 38fb3646e7..35002a1b2b 100644
--- a/windows/application-management/app-v/appv-create-a-connection-group.md
+++ b/windows/application-management/app-v/appv-create-a-connection-group.md
@@ -1,5 +1,5 @@
 ---
-title: How to create a connection group (Windows 10)
+title: How to create a connection group (Windows 10/11)
 description: Learn how to create a connection group with the App-V Management Console and where to find information about managing connection groups.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,7 @@ ms.topic: article
 ---
 # How to create a connection group
 
->Applies to: Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 Use these steps to create a connection group by using the App-V Management Console. To use Windows PowerShell to create connection groups, see [How to manage connection groups on a stand-alone computer by using Windows PowerShell](appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md).
 
diff --git a/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md b/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md
index 34f45644e9..877f356159 100644
--- a/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md
@@ -1,5 +1,5 @@
 ---
-title: How to create a custom configuration file by using the App-V Management Console (Windows 10)
+title: How to create a custom configuration file by using the App-V Management Console (Windows 10/11)
 description: How to create a custom configuration file by using the App-V Management Console.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,7 @@ ms.topic: article
 ---
 # How to create a custom configuration file by using the App-V Management Console
 
->Applies to: Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 You can use a dynamic configuration to customize an App-V package for a specific user. However, you must first create the dynamic user configuration (.xml) file or the dynamic deployment configuration file before you can use the files. Creation of the file is an advanced manual operation. For general information about dynamic user configuration files, see [About App-V dynamic configuration](appv-dynamic-configuration.md).
 
diff --git a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md
index 3e6fe295f1..79b713f591 100644
--- a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md
+++ b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md
@@ -1,5 +1,5 @@
 ---
-title: How to create a package accelerator by using Windows PowerShell (Windows 10)
+title: How to create a package accelerator by using Windows PowerShell (Windows 10/11)
 description: Learn how to create an App-v Package Accelerator by using Windows PowerShell. App-V Package Accelerators automatically sequence large, complex applications.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,7 @@ ms.topic: article
 ---
 # How to create a package accelerator by using Windows PowerShell
 
->Applies to: Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 App-V Package Accelerators automatically sequence large, complex applications. Also, when you apply an App-V Package Accelerator, you don't have to manually install an application to create the virtualized package.
 
diff --git a/windows/application-management/app-v/appv-create-a-package-accelerator.md b/windows/application-management/app-v/appv-create-a-package-accelerator.md
index bc872e32f4..c9eff04f48 100644
--- a/windows/application-management/app-v/appv-create-a-package-accelerator.md
+++ b/windows/application-management/app-v/appv-create-a-package-accelerator.md
@@ -14,10 +14,7 @@ ms.topic: article
 ---
 # How to create a package accelerator
 
-**Applies to**:
-
-- Windows 10
-- Windows 11
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 App-V Package Accelerators automatically generate new virtual application packages.
 
diff --git a/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md b/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md
index 0386b3f99e..7a9d9a8b7f 100644
--- a/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md
+++ b/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md
@@ -14,10 +14,7 @@ ms.topic: article
 ---
 # How to create a virtual application package using an App-V Package Accelerator
 
-**Applies to**:
-
-- Windows 10
-- Windows 11
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 Use the following procedure to create a virtual application package with the App-V Package Accelerator.
 
diff --git a/windows/application-management/app-v/appv-create-and-use-a-project-template.md b/windows/application-management/app-v/appv-create-and-use-a-project-template.md
index 29401f6f29..908c5fc16f 100644
--- a/windows/application-management/app-v/appv-create-and-use-a-project-template.md
+++ b/windows/application-management/app-v/appv-create-and-use-a-project-template.md
@@ -14,10 +14,7 @@ ms.topic: article
 ---
 # Create and apply an App-V project template to a sequenced App-V package
 
-**Applies to**:
-
-- Windows 10
-- Windows 11
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 You can use an App-V Project Template (.appvt) file to save commonly applied settings associated with an existing virtual application package. You can then apply these settings whenever you create new virtual application packages in your environment, streamlining the package creation process. App-V Project Templates differ from App-V Package Accelerators because App-V Package Accelerators are application-specific, while App-V Project Templates can be applied to multiple applications. To learn more about package accelerators, see [How to create a package accelerator](appv-create-a-package-accelerator.md).
 
diff --git a/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md b/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
index 76e0a87b14..6a372fbbdf 100644
--- a/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
+++ b/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
@@ -14,10 +14,7 @@ ms.topic: article
 ---
 # Creating and managing App-V virtualized applications
 
-**Applies to**:
-
-- Windows 10
-- Windows 11
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 After you have properly deployed the Microsoft Application Virtualization (App-V) sequencer, you can use it to monitor and record the installation and setup process for an application to be run as a virtualized application.
 
diff --git a/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md b/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md
index b6ed9b54af..4de66c5d97 100644
--- a/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md
@@ -1,5 +1,5 @@
 ---
-title: How to customize virtual application extensions for a specific AD group by using the Management Console (Windows 10)
+title: How to customize virtual application extensions for a specific AD group by using the Management Console (Windows 10/11)
 description: How to customize virtual application extensions for a specific AD group by using the Management Console.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,7 @@ ms.topic: article
 ---
 # How to customize virtual applications extensions for a specific AD group by using the Management Console
 
->Applies to: Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 Use the following procedure to customize the virtual application extensions for an Active Directory (AD) group.
 
diff --git a/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md b/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md
index 989346048b..775893310a 100644
--- a/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md
@@ -1,5 +1,5 @@
 ---
-title: How to delete a package in the Management Console (Windows 10)
+title: How to delete a package in the Management Console (Windows 10/11)
 description: Learn how to delete a package in the App-V Management Console and where to find information about operations for App-V.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,7 @@ ms.topic: article
 ---
 # How to delete a package in the Management Console
 
->Applies to: Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 Use the following procedure to delete an App-V package.
 
diff --git a/windows/application-management/app-v/appv-dynamic-configuration.md b/windows/application-management/app-v/appv-dynamic-configuration.md
index 8d5b3cafad..26a4d6b23c 100644
--- a/windows/application-management/app-v/appv-dynamic-configuration.md
+++ b/windows/application-management/app-v/appv-dynamic-configuration.md
@@ -1,5 +1,5 @@
 ---
-title: About App-V Dynamic Configuration (Windows 10)
+title: About App-V Dynamic Configuration (Windows 10/11)
 description: Learn how to create or edit an existing Application Virtualization (App-V) dynamic configuration file.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,7 @@ ms.topic: article
 ---
 # About App-V dynamic configuration
 
->Applies to: Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 You can use dynamic configuration to customize an App-V package for a user. This article will tell you how to create or edit an existing dynamic configuration file.
 
@@ -562,7 +562,7 @@ The following table describes the various script events and the context under wh
 
 ### Using multiple scripts on a single event trigger
 
-App-V supports the use of multiple scripts on a single event trigger for App-V packages, including packages that you convert from App-V 4.6 to App-V for Windows 10. To enable the use of multiple scripts, App-V uses a script launcher application, named ScriptRunner.exe, which is included in the App-V client.
+App-V supports the use of multiple scripts on a single event trigger for App-V packages, including packages that you convert from App-V 4.6 to App-V for Windows client. To enable the use of multiple scripts, App-V uses a script launcher application, named ScriptRunner.exe, which is included in the App-V client.
 
 #### How to use multiple scripts on a single event trigger
 
diff --git a/windows/application-management/app-v/appv-for-windows.md b/windows/application-management/app-v/appv-for-windows.md
index 0cc3adc116..32c7f7e7ef 100644
--- a/windows/application-management/app-v/appv-for-windows.md
+++ b/windows/application-management/app-v/appv-for-windows.md
@@ -14,10 +14,7 @@ ms.topic: article
 ---
 # Application Virtualization (App-V) for Windows client overview
 
-**Applies to**:
-
-- Windows 10
-- Windows 11
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 > [!NOTE]
 > [!INCLUDE [Application Virtualization will be end of life in April 2026](../includes/app-v-end-life-statement.md)]
diff --git a/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md b/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md
index c438b69062..f50ef817a3 100644
--- a/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md
@@ -1,5 +1,5 @@
 ---
-title: How to publish a package by using the Management console (Windows 10)
+title: How to publish a package by using the Management console (Windows 10/11)
 description: Learn how the Management console in App-V can help you enable admin controls as well as publish App-V packages.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,7 @@ ms.topic: article
 ---
 # How to publish a package by using the Management console
 
->Applies to: Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 Use the following procedure to publish an App-V package. Once you publish a package, computers running the App-V client can access and run the applications in that package.
 
diff --git a/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md b/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md
index 7023d46bce..509d82740c 100644
--- a/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md
@@ -1,5 +1,5 @@
 ---
-title: How to Register and Unregister a Publishing Server by Using the Management Console (Windows 10)
+title: How to Register and Unregister a Publishing Server by Using the Management Console (Windows 10/11)
 description: How to Register and Unregister a Publishing Server by Using the Management Console
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -15,8 +15,7 @@ ms.author: greglin
 
 # How to Register and Unregister a Publishing Server by Using the Management Console
 
-**Applies to**
--   Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 You can register and unregister publishing servers that will synchronize with the App-V management server. You can also see the last attempt that the publishing server made to synchronize the information with the management server.
 
diff --git a/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md b/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md
index 28caecc4fa..52fd89cf85 100644
--- a/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md
@@ -1,5 +1,5 @@
 ---
-title: How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console (Windows 10)
+title: How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console (Windows 10/11)
 description: How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -15,8 +15,7 @@ ms.author: greglin
 
 # How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console
 
-**Applies to**
--   Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 Use the following procedure to transfer the access and default package configurations to another version of a package by using the management console.
 
diff --git a/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md b/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md
index 96494e493b..3e7c56d05e 100644
--- a/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md
@@ -1,5 +1,5 @@
 ---
-title: How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console (Windows 10)
+title: How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console (Windows 10/11)
 description: How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -15,8 +15,7 @@ ms.author: greglin
 
 # How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console
 
-**Applies to**
--   Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 Use the following procedure to view and configure default package extensions.
 
diff --git a/windows/application-management/includes/applies-to-windows-client-versions.md b/windows/application-management/includes/applies-to-windows-client-versions.md
new file mode 100644
index 0000000000..33ade955c1
--- /dev/null
+++ b/windows/application-management/includes/applies-to-windows-client-versions.md
@@ -0,0 +1,15 @@
+---
+author: MandiOhlinger
+ms.author: mandia
+ms.date: 09/28/2021
+ms.reviewer: 
+audience: itpro
+manager: dansimp
+ms.prod: w10
+ms.topic: include
+---
+
+**Applies to**:
+
+- Windows 10
+- Windows 11

From 003394794a309fba980f065a1ff1d096c7e1a7ca Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Tue, 28 Sep 2021 13:40:14 -0700
Subject: [PATCH 640/671] update

---
 .../windows-10-subscription-activation.md     | 24 ++++++++++---------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md
index 55559f11aa..725f2f12f6 100644
--- a/windows/deployment/windows-10-subscription-activation.md
+++ b/windows/deployment/windows-10-subscription-activation.md
@@ -29,6 +29,19 @@ With Windows 10, version 1903 and later, the Subscription Activation feature als
 
 The Subscription Activation feature eliminates the need to manually deploy Enterprise or Education edition images on each target device, then later standing up on-prem key management services such as KMS or MAK based activation, entering Generic Volume License Keys (GVLKs), and subsequently rebooting client devices.
 
+See the following topics:
+
+- [Subscription Activation](#subscription-activation-for-windows-1011-enterprise): An introduction to Subscription Activation for Windows 10/11 Enterprise.
+- [Subscription Activation for Education](#subscription-activation-for-windows-1011-enterprise): Information about Subscription Activation for Windows 10/11 Education.
+- [Inherited Activation](#inherited-activation): Description of a new feature available in Windows 10, version 1803 and later.
+- [The evolution of deployment](#the-evolution-of-deployment): A short history of Windows deployment.
+- [Requirements](#requirements): Prerequisites to use the Windows 10/11 Subscription Activation model.
+- [Benefits](#benefits): Advantages of subscription-based licensing.
+- [How it works](#how-it-works): A summary of the subscription-based licensing option.
+- [Virtual Desktop Access (VDA)](#virtual-desktop-access-vda): How to enable Windows 10 Subscription Activation for VMs in the cloud.
+
+For information on how to deploy Enterprise licenses, see [Deploy Windows 10/11 Enterprise licenses](deploy-enterprise-licenses.md).
+
 ## Subscription Activation for Windows 10/11 Enterprise
 
 With Windows 10, version 1703 and later both Windows 10/11 Enterprise E3 and Windows 10/11 Enterprise E5 are available as online services via subscription. Deploying Windows 10 Enterprise or Windows 11 Enterprise in your organization can now be accomplished with no keys and no reboots.
@@ -47,17 +60,6 @@ Organizations that have an Enterprise agreement can also benefit from the new se
 
 Subscription Activation for Education works the same as the Enterprise version, but in order to use Subscription Activation for Education, you must have a device running Windows 10 Pro Education, version 1903 or later (or Windows 11) and an active subscription plan with a Windows 10/11 Enterprise license. For more information, see the [requirements](#windows-1011-education-requirements) section.
 
-## Article summary
-
-- [Inherited Activation](#inherited-activation): Description of a new feature available in Windows 10, version 1803 and later.
-- [The evolution of deployment](#the-evolution-of-deployment): A short history of Windows deployment.
-- [Requirements](#requirements): Prerequisites to use the Windows 10/11 Subscription Activation model.
-- [Benefits](#benefits): Advantages of subscription-based licensing.
-- [How it works](#how-it-works): A summary of the subscription-based licensing option.
-- [Virtual Desktop Access (VDA)](#virtual-desktop-access-vda): Enable Windows 10 Subscription Activation for VMs in the cloud.
-
-For information on how to deploy Enterprise licenses, see [Deploy Windows 10/11 Enterprise licenses](deploy-enterprise-licenses.md).
-
 ## Inherited Activation
 
 Inherited Activation is a new feature available in Windows 10, version 1803 or later (Windows 11 is considered "later" here) that allows Windows 10/11 virtual machines to inherit activation state from their Windows 10/11 host.

From 6308ff83d7eedb81621151a6c83fbd8ae2cbfa3d Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Tue, 28 Sep 2021 17:15:06 -0400
Subject: [PATCH 641/671] app-v applies to round 3

---
 .../app-v/appv-delete-a-connection-group.md   |  4 ++--
 ...-deploy-appv-databases-with-sql-scripts.md |  2 +-
 ...ctronic-software-distribution-solutions.md |  4 ++--
 ...pv-deploy-the-appv-server-with-a-script.md |  2 +-
 .../app-v/appv-deploying-appv.md              |  5 +----
 ...eploying-microsoft-office-2010-wth-appv.md |  5 +----
 ...ploying-microsoft-office-2013-with-appv.md |  5 +----
 ...ploying-microsoft-office-2016-with-appv.md |  5 +----
 ...ctronic-software-distribution-solutions.md |  2 +-
 ...deploying-the-appv-sequencer-and-client.md |  5 +----
 .../app-v/appv-deployment-checklist.md        |  5 +----
 ...ctronic-software-distribution-solutions.md |  4 ++--
 ...ting-on-the-appv-client-with-powershell.md |  5 ++---
 .../appv-enable-the-app-v-desktop-client.md   |  5 +----
 .../app-v/appv-evaluating-appv.md             |  5 +----
 .../app-v/appv-getting-started.md             |  5 +----
 .../app-v/appv-high-level-architecture.md     |  5 +----
 ...ed-security-identifiers-with-powershell.md |  2 +-
 ...porting-databases-on-separate-computers.md |  2 +-
 ...agement-server-on-a-standalone-computer.md |  2 +-
 ...-publishing-server-on-a-remote-computer.md |  2 +-
 ...porting-server-on-a-standalone-computer.md |  2 +-
 .../app-v/appv-install-the-sequencer.md       |  5 +----
 ...-powershell-cmdlets-and-get-cmdlet-help.md |  4 ++--
 .../app-v/appv-maintaining-appv.md            | 10 ++++-----
 ...-a-stand-alone-computer-with-powershell.md |  4 ++--
 ...-a-stand-alone-computer-with-powershell.md |  5 ++---
 .../app-v/appv-managing-connection-groups.md  |  5 ++---
 ...grating-to-appv-from-a-previous-version.md | 11 +++++-----
 ...an-existing-virtual-application-package.md |  5 +----
 ...fy-client-configuration-with-powershell.md |  5 ++---
 ...ove-the-appv-server-to-another-computer.md |  2 +-
 .../app-v/appv-operations.md                  |  5 +----
 .../app-v/appv-performance-guidance.md        | 18 +++++++++-------
 .../app-v/appv-planning-checklist.md          |  5 +----
 ...v-planning-folder-redirection-with-appv.md |  5 +----
 ...ppv-planning-for-appv-server-deployment.md |  2 +-
 .../app-v/appv-planning-for-appv.md           |  5 +----
 ...lanning-for-high-availability-with-appv.md |  5 +----
 ...ing-for-sequencer-and-client-deployment.md |  5 +----
 ...ppv-planning-for-using-appv-with-office.md |  5 +----
 ...ctronic-software-distribution-solutions.md |  5 +----
 .../app-v/appv-planning-to-deploy-appv.md     |  5 +----
 .../app-v/appv-preparing-your-environment.md  |  5 +----
 .../app-v/appv-prerequisites.md               |  5 +----
 .../app-v/appv-publish-a-connection-group.md  |  4 ++--
 ...release-notes-for-appv-for-windows-1703.md | 15 +++++++------
 .../app-v/appv-reporting.md                   |  4 ++--
 ...plications-inside-a-virtual-environment.md |  3 ++-
 .../app-v/appv-security-considerations.md     |  5 +----
 .../app-v/appv-sequence-a-new-application.md  |  5 +----
 ...appv-sequence-a-package-with-powershell.md |  7 +++----
 .../app-v/appv-technical-reference.md         |  5 ++---
 .../app-v/appv-troubleshooting.md             | 11 +++++-----
 ...indows-10-from-an-existing-installation.md | 21 +++++++++----------
 ...ppv-using-the-client-management-console.md |  5 ++---
 ...viewing-appv-server-publishing-metadata.md | 12 +++++------
 57 files changed, 114 insertions(+), 197 deletions(-)

diff --git a/windows/application-management/app-v/appv-delete-a-connection-group.md b/windows/application-management/app-v/appv-delete-a-connection-group.md
index a252b5a53d..a1a8185b9a 100644
--- a/windows/application-management/app-v/appv-delete-a-connection-group.md
+++ b/windows/application-management/app-v/appv-delete-a-connection-group.md
@@ -1,5 +1,5 @@
 ---
-title: How to delete a connection group (Windows 10)
+title: How to delete a connection group (Windows 10/11)
 description: Learn how to delete an existing App-V connection group in the App-V Management Console and where to find information about managing connection groups.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,7 @@ ms.topic: article
 ---
 # How to delete a connection group
 
->Applies to: Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 Use the following procedure to delete an existing App-V connection group.
 
diff --git a/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md b/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md
index 8fd2c674f6..5cdd91138e 100644
--- a/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md
+++ b/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md
@@ -1,5 +1,5 @@
 ---
-title: How to Deploy the App-V Databases by Using SQL Scripts (Windows 10)
+title: How to Deploy the App-V Databases by Using SQL Scripts (Windows 10/11)
 description: Learn how to use SQL scripts to install the App-V databases and upgrade the App-V databases to a later version.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
diff --git a/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
index 0d670783b7..a8477d90ae 100644
--- a/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
@@ -1,5 +1,5 @@
 ---
-title: How to deploy App-V packages using electronic software distribution (Windows 10)
+title: How to deploy App-V packages using electronic software distribution (Windows 10/11)
 description: Learn how use an electronic software distribution (ESD) system to deploy App-V virtual applications to App-V clients.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,7 @@ ms.topic: article
 ---
 # How to deploy App-V packages using electronic software distribution
 
->Applies to: Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 You can use an electronic software distribution (ESD) system to deploy App-V virtual applications to App-V clients.
 
diff --git a/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md b/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md
index 467272455a..ead9d82133 100644
--- a/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md
+++ b/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md
@@ -1,5 +1,5 @@
 ---
-title: How to Deploy the App-V Server Using a Script (Windows 10)
+title: How to Deploy the App-V Server Using a Script (Windows 10/11)
 description: 'Learn how to deploy the App-V server by using a script (appv_server_setup.exe) from the command line.'
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
diff --git a/windows/application-management/app-v/appv-deploying-appv.md b/windows/application-management/app-v/appv-deploying-appv.md
index 10fee7b05b..148567438b 100644
--- a/windows/application-management/app-v/appv-deploying-appv.md
+++ b/windows/application-management/app-v/appv-deploying-appv.md
@@ -14,10 +14,7 @@ ms.topic: article
 ---
 # Deploying App-V for Windows client
 
-**Applies to**:
-
-- Windows 10
-- Windows 11
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 App-V supports several different deployment options. Review this topic for information about the tasks that you must complete at different stages in your deployment.
 
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
index f4ac45ec12..5ec4cf5cad 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
@@ -14,10 +14,7 @@ ms.topic: article
 ---
 # Deploying Microsoft Office 2010 by Using App-V
 
-**Applies to**:
-
-- Windows 10
-- Windows 11
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 You can create Office 2010 packages for Microsoft Application Virtualization (App-V) using one of the following methods:
 
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
index c986e312c3..e895318669 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
@@ -14,10 +14,7 @@ ms.topic: article
 ---
 # Deploying Microsoft Office 2013 by Using App-V
 
-**Applies to**:
-
-- Windows 10
-- Windows 11
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 Use the information in this article to use Application Virtualization (App-V) to deliver Microsoft Office 2013 as a virtualized application to computers in your organization. For information about using App-V to deliver Office 2010, see [Deploying Microsoft Office 2010 by Using App-V](appv-deploying-microsoft-office-2010-wth-appv.md). To successfully deploy Office 2013 with App-V, you need to be familiar with Office 2013 and App-V.
 
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
index 15a331200f..cbe270cf7d 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
@@ -14,10 +14,7 @@ ms.topic: article
 ---
 # Deploying Microsoft Office 2016 by using App-V
 
-**Applies to**:
-
-- Windows 10
-- Windows 11
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 Use the information in this article to use Application Virtualization (App-V) to deliver Microsoft Office 2016 as a virtualized application to computers in your organization. For information about using App-V to deliver Office 2013, see [Deploying Microsoft Office 2013 by using App-V](appv-deploying-microsoft-office-2013-with-appv.md). For information about using App-V to deliver Office 2010, see [Deploying Microsoft Office 2010 by using App-V](appv-deploying-microsoft-office-2010-wth-appv.md).
 
diff --git a/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md
index 032233877b..9485202cc5 100644
--- a/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md
@@ -14,7 +14,7 @@ ms.topic: article
 ---
 # Deploying App-V packages by using electronic software distribution (ESD)
 
->Applies to: Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 You can deploy App-V packages using an electronic software distribution (ESD) solution. For information about planning to deploy App-V packages with an ESD, see [Planning to deploy App-V with an electronic software distribution system](appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md).
 
diff --git a/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md b/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
index 484a48bf68..bfd34cfcaa 100644
--- a/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
+++ b/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
@@ -14,10 +14,7 @@ ms.topic: article
 ---
 # Deploying the App-V Sequencer and configuring the client
 
-**Applies to**:
-
-- Windows 10
-- Windows 11
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 The App-V Sequencer and client let administrators to virtualize and run virtual applications.
 
diff --git a/windows/application-management/app-v/appv-deployment-checklist.md b/windows/application-management/app-v/appv-deployment-checklist.md
index 72d0a6d1d0..aa72671760 100644
--- a/windows/application-management/app-v/appv-deployment-checklist.md
+++ b/windows/application-management/app-v/appv-deployment-checklist.md
@@ -14,10 +14,7 @@ ms.topic: article
 ---
 # App-V Deployment Checklist
 
-**Applies to**:
-
-- Windows 10
-- Windows 11
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 This checklist outlines the recommended steps and items to consider when deploying App-V features. Use it to organize your priorities while you deploy App-V. You can copy this checklist into a spreadsheet program and customize it for your use.
 
diff --git a/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
index 93ddd8f4d6..bd42de3c84 100644
--- a/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
@@ -1,5 +1,5 @@
 ---
-title: How to Enable Only Administrators to Publish Packages by Using an ESD (Windows 10)
+title: How to Enable Only Administrators to Publish Packages by Using an ESD (Windows 10/11)
 description: Learn how to enable only administrators to publish packages by bsing an electronic software delivery (ESD).
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,7 @@ ms.topic: article
 ---
 # How to enable only administrators to publish packages by using an ESD
 
->Applies to: Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 Starting in App-V 5.0 SP3, you can configure the App-V client so that only administrators (not end users) can publish or unpublish packages. In earlier versions of App-V, you could not prevent end users from performing these tasks.
 
diff --git a/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md b/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md
index 8b6dd8e9fc..3983d8787c 100644
--- a/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md
+++ b/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md
@@ -1,5 +1,5 @@
 ---
-title: How to Enable Reporting on the App-V Client by Using Windows PowerShell (Windows 10)
+title: How to Enable Reporting on the App-V Client by Using Windows PowerShell (Windows 10/11)
 description: How to Enable Reporting on the App-V Client by Using Windows PowerShell
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,8 +14,7 @@ ms.topic: article
 ---
 # How to Enable Reporting on the App-V Client by Using Windows PowerShell
 
-**Applies to**
--   Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 Use the following procedure to configure the App-V for reporting.
 
diff --git a/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md b/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md
index 69000c221c..a0fd066d26 100644
--- a/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md
+++ b/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md
@@ -14,10 +14,7 @@ ms.topic: article
 ---
 # Enable the App-V in-box client
 
-**Applies to**:
-
-- Windows 10
-- Windows 11
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 The App-V client is the component that runs virtualized applications on user devices. Once you enable the client, users can interact with icons and file names to start virtualized applications. The client can also get virtual application content from the management server.
 
diff --git a/windows/application-management/app-v/appv-evaluating-appv.md b/windows/application-management/app-v/appv-evaluating-appv.md
index 10d3e83e75..e15b0a5209 100644
--- a/windows/application-management/app-v/appv-evaluating-appv.md
+++ b/windows/application-management/app-v/appv-evaluating-appv.md
@@ -15,10 +15,7 @@ ms.author: greglin
 
 # Evaluating App-V
 
-**Applies to**:
-
-- Windows 10
-- Windows 11
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 > [!NOTE]
 > [!INCLUDE [Application Virtualization will be end of life in April 2026](../includes/app-v-end-life-statement.md)]
diff --git a/windows/application-management/app-v/appv-getting-started.md b/windows/application-management/app-v/appv-getting-started.md
index 3f649a92c9..0e3c91919c 100644
--- a/windows/application-management/app-v/appv-getting-started.md
+++ b/windows/application-management/app-v/appv-getting-started.md
@@ -14,10 +14,7 @@ ms.topic: article
 ---
 # Getting started with App-V for Windows client
 
-**Applies to**:
-
-- Windows 10
-- Windows 11
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 > [!NOTE]
 > [!INCLUDE [Application Virtualization will be end of life in April 2026](../includes/app-v-end-life-statement.md)]
diff --git a/windows/application-management/app-v/appv-high-level-architecture.md b/windows/application-management/app-v/appv-high-level-architecture.md
index fef069e911..62ec6658b4 100644
--- a/windows/application-management/app-v/appv-high-level-architecture.md
+++ b/windows/application-management/app-v/appv-high-level-architecture.md
@@ -14,10 +14,7 @@ ms.topic: article
 ---
 # High-level architecture for App-V
 
-**Applies to**:
-
-- Windows 10
-- Windows 11
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 Use the following information to simplify your Microsoft Application Virtualization (App-V) deployment.
 
diff --git a/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md b/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md
index b0daa8e5c6..446fb2362d 100644
--- a/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md
+++ b/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md
@@ -1,5 +1,5 @@
 ---
-title: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell (Windows 10)
+title: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell (Windows 10/11)
 description: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
diff --git a/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md b/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md
index b48c88fe55..2f8a941579 100644
--- a/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md
+++ b/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md
@@ -1,5 +1,5 @@
 ---
-title: How to Install the Management and Reporting Databases on separate computers from the Management and Reporting Services (Windows 10)
+title: How to Install the Management and Reporting Databases on separate computers from the Management and Reporting Services (Windows 10/11)
 description: How to install the Management and Reporting Databases on separate computers from the Management and Reporting Services.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
diff --git a/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md b/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md
index 9a7bb5df47..c7c54d8a32 100644
--- a/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md
+++ b/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md
@@ -1,5 +1,5 @@
 ---
-title: How to install the Management Server on a Standalone Computer and Connect it to the Database (Windows 10)
+title: How to install the Management Server on a Standalone Computer and Connect it to the Database (Windows 10/11)
 description: How to install the Management Server on a Standalone Computer and Connect it to the Database
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
diff --git a/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md b/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md
index 3ac42e959a..261eb206aa 100644
--- a/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md
+++ b/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md
@@ -1,5 +1,5 @@
 ---
-title: Install the Publishing Server on a Remote Computer (Windows 10)
+title: Install the Publishing Server on a Remote Computer (Windows 10/11)
 description: Use the procedures in this article to install the Microsoft Application Virtualization (App-V) publishing server on a separate computer.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
diff --git a/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md b/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md
index 41fb1e6ffa..f2848972d7 100644
--- a/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md
+++ b/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md
@@ -1,5 +1,5 @@
 ---
-title: How to install the Reporting Server on a standalone computer and connect it to the database (Windows 10)
+title: How to install the Reporting Server on a standalone computer and connect it to the database (Windows 10/11)
 description: How to install the App-V Reporting Server on a Standalone Computer and Connect it to the Database
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
diff --git a/windows/application-management/app-v/appv-install-the-sequencer.md b/windows/application-management/app-v/appv-install-the-sequencer.md
index 633c980c5b..410d7b4f25 100644
--- a/windows/application-management/app-v/appv-install-the-sequencer.md
+++ b/windows/application-management/app-v/appv-install-the-sequencer.md
@@ -14,10 +14,7 @@ ms.topic: article
 ---
 # Install the App-V Sequencer
 
-**Applies to**:
-
-- Windows 10
-- Windows 11
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 Use the App-V Sequencer to convert Win32 applications into virtual packages for deployment to user devices. Those devices must be running the App-V client to allow users to interact with virtual applications.
 
diff --git a/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md b/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
index 3f38081e58..c79bfcbc87 100644
--- a/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
+++ b/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
@@ -1,5 +1,5 @@
 ---
-title: How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help (Windows 10)
+title: How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help (Windows 10/11)
 description: How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,7 @@ ms.topic: article
 ---
 # How to load the Windows PowerShell cmdlets for App-V and get cmdlet help
 
->Applies to: Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 ## Requirements for using Windows PowerShell cmdlets
 
diff --git a/windows/application-management/app-v/appv-maintaining-appv.md b/windows/application-management/app-v/appv-maintaining-appv.md
index 6375ae29ad..543c13a48b 100644
--- a/windows/application-management/app-v/appv-maintaining-appv.md
+++ b/windows/application-management/app-v/appv-maintaining-appv.md
@@ -1,11 +1,11 @@
 ---
-title: Maintaining App-V (Windows 10)
-description: After you have deployed App-V for Windows 10, you can use the following information to maintain the App-V infrastructure.
+title: Maintaining App-V (Windows 10/11)
+description: After you have deployed App-V for Windows 10/11, you can use the following information to maintain the App-V infrastructure.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.prod: w10
+ms.prod: w10/11
 ms.date: 09/27/2018
 ms.reviewer: 
 manager: dansimp
@@ -14,9 +14,9 @@ ms.topic: article
 ---
 # Maintaining App-V
 
->Applies to: Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
-After you have deployed App-V for Windows 10, you can use the following information to maintain the App-V infrastructure.
+After you have deployed App-V for Windows client, you can use the following information to maintain the App-V infrastructure.
 
 ## Moving the App-V server
 
diff --git a/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md b/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
index 278b757481..102c1d61e6 100644
--- a/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
+++ b/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
@@ -1,5 +1,5 @@
 ---
-title: How to manage App-V packages running on a stand-alone computer by using Windows PowerShell (Windows 10)
+title: How to manage App-V packages running on a stand-alone computer by using Windows PowerShell (Windows 10/11)
 description: How to manage App-V packages running on a stand-alone computer by using Windows PowerShell.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,7 @@ ms.topic: article
 ---
 # How to manage App-V packages running on a stand-alone computer by using Windows PowerShell
 
->Applies to: Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 The following sections explain how to perform various management tasks on a stand-alone client computer with Windows PowerShell cmdlets.
 
diff --git a/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md b/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md
index 5333448a99..88a684ce46 100644
--- a/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md
+++ b/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md
@@ -1,5 +1,5 @@
 ---
-title: How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell (Windows 10)
+title: How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell (Windows 10/11)
 description: How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -15,8 +15,7 @@ ms.author: greglin
 
 # How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell
 
-**Applies to**
--   Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 An App-V connection group allows you to run all the virtual applications as a defined set of packages in a single virtual environment. For example, you can virtualize an application and its plug-ins by using separate packages, but run them together in a single connection group.
 
diff --git a/windows/application-management/app-v/appv-managing-connection-groups.md b/windows/application-management/app-v/appv-managing-connection-groups.md
index 1a1fed1187..bfbd7fe594 100644
--- a/windows/application-management/app-v/appv-managing-connection-groups.md
+++ b/windows/application-management/app-v/appv-managing-connection-groups.md
@@ -1,5 +1,5 @@
 ---
-title: Managing Connection Groups (Windows 10)
+title: Managing Connection Groups (Windows 10/11)
 description: Connection groups can allow administrators to manage packages independently and avoid having to add the same application multiple times to a client computer.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -15,8 +15,7 @@ ms.author: greglin
 
 # Managing Connection Groups
 
-**Applies to**
--   Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 Connection groups enable the applications within a package to interact with each other in the virtual environment, while remaining isolated from the rest of the system. By using connection groups, administrators can manage packages independently and can avoid having to add the same application multiple times to a client computer.
 
diff --git a/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md b/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md
index da8bf8b6cc..894d080a23 100644
--- a/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md
+++ b/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md
@@ -1,6 +1,6 @@
 ---
-title: Migrating to App-V from a Previous Version (Windows 10)
-description: Learn how to migrate to Microsoft Application Virtualization (App-V) for Windows 10 from a previous version.
+title: Migrating to App-V from a Previous Version (Windows 10/11)
+description: Learn how to migrate to Microsoft Application Virtualization (App-V) for Windows 10/11 from a previous version.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@@ -15,10 +15,9 @@ ms.author: greglin
 
 # Migrating to App-V from previous versions
 
-**Applies to**
--   Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
-To migrate from App-V 4.x to App-V for Windows 10, you must upgrade to App-V 5.x first. 
+To migrate from App-V 4.x to App-V for Windows 10/11, you must upgrade to App-V 5.x first. 
 
 ## <a href="" id="bkmk-pkgconvimprove"></a>Improvements to the App-V Package Converter
 
@@ -34,7 +33,7 @@ You can also use the `–OSDsToIncludeInPackage` parameter with the `ConvertFrom
 </colgroup>
 <thead>
 <tr class="header">
-<th align="left">New in App-V for Windows 10</th>
+<th align="left">New in App-V for Windows client</th>
 <th align="left">Prior to App-V for Windows 10</th>
 </tr>
 </thead>
diff --git a/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md b/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
index 6b47cd4840..69acd8e60e 100644
--- a/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
+++ b/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
@@ -15,10 +15,7 @@ ms.author: greglin
 
 # How to Modify an Existing Virtual Application Package
 
-**Applies to**:
-
-- Windows 10
-- Windows 11
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 This topic explains how to:
 
diff --git a/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md b/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md
index ad99c8c0b2..552c9efd53 100644
--- a/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md
+++ b/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md
@@ -1,5 +1,5 @@
 ---
-title: How to Modify Client Configuration by Using Windows PowerShell (Windows 10)
+title: How to Modify Client Configuration by Using Windows PowerShell (Windows 10/11)
 description: Learn how to modify the Application Virtualization (App-V) client configuration by using Windows PowerShell.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -15,8 +15,7 @@ ms.author: greglin
 
 # How to Modify Client Configuration by Using Windows PowerShell
 
-**Applies to**
--   Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 Use the following procedure to configure the App-V client configuration.
 
diff --git a/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md b/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
index ea80b1f3c8..e3bd963ee4 100644
--- a/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
+++ b/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
@@ -1,5 +1,5 @@
 ---
-title: How to Move the App-V Server to Another Computer (Windows 10)
+title: How to Move the App-V Server to Another Computer (Windows 10/11)
 description: Learn how to create a new management server console in your environment and learn how to connect it to the App-V database.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
diff --git a/windows/application-management/app-v/appv-operations.md b/windows/application-management/app-v/appv-operations.md
index d098e56921..08dba24e7a 100644
--- a/windows/application-management/app-v/appv-operations.md
+++ b/windows/application-management/app-v/appv-operations.md
@@ -14,10 +14,7 @@ ms.topic: article
 ---
 # Operations for App-V
 
-**Applies to**:
-
-- Windows 10
-- Windows 11
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 This section of the Microsoft Application Virtualization (App-V) Administrator’s Guide includes information about the various types of App-V administration and operating tasks that are typically performed by an administrator. This section also includes step-by-step procedures to help you successfully perform those tasks.
 
diff --git a/windows/application-management/app-v/appv-performance-guidance.md b/windows/application-management/app-v/appv-performance-guidance.md
index dba895b3b1..392ba61769 100644
--- a/windows/application-management/app-v/appv-performance-guidance.md
+++ b/windows/application-management/app-v/appv-performance-guidance.md
@@ -1,5 +1,5 @@
 ---
-title: Performance Guidance for Application Virtualization (Windows 10)
+title: Performance Guidance for Application Virtualization (Windows 10/11)
 description: Learn how to configure App-V for optimal performance, optimize virtual app packages, and provide a better user experience with RDS and VDI.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -15,11 +15,13 @@ ms.author: greglin
 
 # Performance Guidance for Application Virtualization
 
-**Applies to**
--   Windows 7 SP1
--   Windows 10 
--   Server 2012 R2
--   Server 2016
+**Applies to**:
+
+- Windows 7 SP1
+- Windows 10 
+- Windows 11
+- Server 2012 R2
+- Server 2016
 
 Learn how to configure App-V for optimal performance, optimize virtual app packages, and provide a better user experience with RDS and VDI.
 
@@ -270,11 +272,11 @@ We recommend using User Experience Virtualization (UE-V) to capture and centrali
 
 For more information, see:
 
-- [User Experience Virtualization (UE-V) for Windows 10 overview](/windows/configuration/ue-v/uev-for-windows)
+- [User Experience Virtualization (UE-V) for Windows client overview](/windows/configuration/ue-v/uev-for-windows)
 
 - [Get Started with UE-V](/windows/configuration/ue-v/uev-getting-started)
 
-In essence all that is required is to enable the UE-V service and download the following Microsoft authored App-V settings template from the [Microsoft User Experience Virtualization (UE-V) template gallery](https://gallery.technet.microsoft.com/Authored-UE-V-Settings-bb442a33). Register the template. For more information about UE-V templates, see [User Experience Virtualization (UE-V) for Windows 10 overview](/windows/configuration/ue-v/uev-for-windows).
+In essence all that is required is to enable the UE-V service and download the following Microsoft authored App-V settings template from the [Microsoft User Experience Virtualization (UE-V) template gallery](https://gallery.technet.microsoft.com/Authored-UE-V-Settings-bb442a33). Register the template. For more information about UE-V templates, see [User Experience Virtualization (UE-V) for Windows client overview](/windows/configuration/ue-v/uev-for-windows).
 
 **Note**  
 Without performing an additional configuration step, User Environment Virtualization (UE-V) will not be able to synchronize the Start menu shortcuts (.lnk files) on the target computer. The .lnk file type is excluded by default.
diff --git a/windows/application-management/app-v/appv-planning-checklist.md b/windows/application-management/app-v/appv-planning-checklist.md
index ec6b16a771..90f3c89418 100644
--- a/windows/application-management/app-v/appv-planning-checklist.md
+++ b/windows/application-management/app-v/appv-planning-checklist.md
@@ -14,10 +14,7 @@ ms.topic: article
 ---
 # App-V Planning Checklist
 
-**Applies to**:
-
-- Windows 10
-- Windows 11
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 This checklist can be used to help you plan for preparing your organization for an App-V deployment.
 
diff --git a/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md b/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
index 5a586baefb..40386c2097 100644
--- a/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
+++ b/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
@@ -14,10 +14,7 @@ ms.topic: article
 ---
 # Planning to Use Folder Redirection with App-V
 
-**Applies to**:
-
-- Windows 10
-- Windows 11
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 Microsoft Application Virtualization (App-V) supports the use of folder redirection, a feature that enables users and administrators to redirect the path of a folder to a new location.
 
diff --git a/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md b/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md
index f17f8cf5e9..b5f01d47c7 100644
--- a/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md
+++ b/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md
@@ -1,5 +1,5 @@
 ---
-title: Planning for the App-V Server Deployment (Windows 10)
+title: Planning for the App-V Server Deployment (Windows 10/11)
 description: Learn what you need to know so you can plan for the Microsoft Application Virtualization (App-V) 5.1 server deployment.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
diff --git a/windows/application-management/app-v/appv-planning-for-appv.md b/windows/application-management/app-v/appv-planning-for-appv.md
index 6f5c42093c..0f7c0bbb39 100644
--- a/windows/application-management/app-v/appv-planning-for-appv.md
+++ b/windows/application-management/app-v/appv-planning-for-appv.md
@@ -14,10 +14,7 @@ ms.topic: article
 ---
 # Planning for App-V
 
-**Applies to**:
-
-- Windows 10
-- Windows 11
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 > [!NOTE]
 > [!INCLUDE [Application Virtualization will be end of life in April 2026](../includes/app-v-end-life-statement.md)]
diff --git a/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md b/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
index 500b47e979..f3e4e0b58f 100644
--- a/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
+++ b/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
@@ -14,10 +14,7 @@ ms.topic: article
 ---
 # Planning for high availability with App-V Server
 
-**Applies to**:
-
-- Windows 10
-- Windows 11
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 Microsoft Application Virtualization (App-V) system configurations can take advantage of options that maintain a high available service level.
 
diff --git a/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md b/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
index 380ec453b7..f1c589ae07 100644
--- a/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
+++ b/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
@@ -14,10 +14,7 @@ ms.topic: article
 ---
 # Planning for the App-V Sequencer and Client Deployment
 
-**Applies to**:
-
-- Windows 10
-- Windows 11
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 Before you can use App-V, you must install the App-V Sequencer and enable the App-V client. You can also the App-V shared content store, although it isn't required. The following sections will tell you how to set these up.
 
diff --git a/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md b/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
index a7779a7e96..c5885a941b 100644
--- a/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
+++ b/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
@@ -14,10 +14,7 @@ ms.topic: article
 ---
 # Planning for deploying App-V with Office
 
-**Applies to**:
-
-- Windows 10
-- Windows 11
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 Use the following information to plan how to deploy Office within Microsoft Application Virtualization (App-V).
 
diff --git a/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
index 776072fef4..12d3de4f82 100644
--- a/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
@@ -14,10 +14,7 @@ ms.topic: article
 ---
 # Planning to Deploy App-V with an electronic software distribution system
 
-**Applies to**:
-
-- Windows 10
-- Windows 11
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 If you are using an electronic software distribution (ESD) system to deploy App-V packages, review the following planning considerations. For information about deploying App-V with Microsoft Endpoint Configuration Manager, see [Introduction to application management in Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682125(v=technet.10)#BKMK_Appv).
 
diff --git a/windows/application-management/app-v/appv-planning-to-deploy-appv.md b/windows/application-management/app-v/appv-planning-to-deploy-appv.md
index 0793ec479e..3bb30afe33 100644
--- a/windows/application-management/app-v/appv-planning-to-deploy-appv.md
+++ b/windows/application-management/app-v/appv-planning-to-deploy-appv.md
@@ -14,10 +14,7 @@ ms.topic: article
 ---
 # Planning to Deploy App-V for Windows client
 
-**Applies to**:
-
-- Windows 10
-- Windows 11
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 There are several different deployment configurations and requirements to consider before you deploy App-V for Windows client. Review this topic for information about what you'll need to make a deployment plan that best meets your needs.
 
diff --git a/windows/application-management/app-v/appv-preparing-your-environment.md b/windows/application-management/app-v/appv-preparing-your-environment.md
index 7b441ae569..979f7a1094 100644
--- a/windows/application-management/app-v/appv-preparing-your-environment.md
+++ b/windows/application-management/app-v/appv-preparing-your-environment.md
@@ -14,10 +14,7 @@ ms.topic: article
 ---
 # Preparing your environment for App-V
 
-**Applies to**:
-
-- Windows 10
-- Windows 11
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 There are several different deployment configurations and prerequisites that you must consider before creating your deployment plan for Microsoft App-V. The following articles will help you gather the information you need to set up a deployment plan that best suits your business’ needs.
 
diff --git a/windows/application-management/app-v/appv-prerequisites.md b/windows/application-management/app-v/appv-prerequisites.md
index fabd6776e3..0e3e61bac8 100644
--- a/windows/application-management/app-v/appv-prerequisites.md
+++ b/windows/application-management/app-v/appv-prerequisites.md
@@ -15,10 +15,7 @@ ms.topic: article
 
 # App-V for Windows client prerequisites
 
-**Applies to**:
-
-- Windows 10
-- Windows 11
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 Before installing App-V for Windows client, ensure that you have installed all of the following required prerequisite software.
 
diff --git a/windows/application-management/app-v/appv-publish-a-connection-group.md b/windows/application-management/app-v/appv-publish-a-connection-group.md
index 27eb277fc2..4297883e3a 100644
--- a/windows/application-management/app-v/appv-publish-a-connection-group.md
+++ b/windows/application-management/app-v/appv-publish-a-connection-group.md
@@ -1,5 +1,5 @@
 ---
-title: How to Publish a Connection Group (Windows 10)
+title: How to Publish a Connection Group (Windows 10/11)
 description: Learn how to publish a connection group to computers that run the Application Virtualization (App-V) client.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,7 @@ ms.topic: article
 ---
 # How to Publish a Connection Group
 
->Applies to: Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 After you create a connection group, you must publish it to computers that run the App-V client.
 
diff --git a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md
index 993c86f316..8765ba9fa6 100644
--- a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md
+++ b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md
@@ -1,6 +1,6 @@
 ---
-title: Release Notes for App-V for Windows 10, version 1703 (Windows 10)
-description: A list of known issues and workarounds for App-V running on Windows 10, version 1703.
+title: Release Notes for App-V for Windows 10 version 1703 (Windows 10/11)
+description: A list of known issues and workarounds for App-V running on Windows 10 version 1703 and Windows 11.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@@ -13,12 +13,11 @@ ms.author: greglin
 ---
 
 
-# Release Notes for App-V for Windows 10, version 1703
+# Release Notes for App-V for Windows 10 version 1703 and later
 
-**Applies to**
--   Windows 10, version 1703
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
-The following are known issues and workarounds for Application Virtualization (App-V) running on Windows 10, version 1703.
+The following are known issues and workarounds for Application Virtualization (App-V) running on Windows 10 version 1703 and later
 
 <table border="1">
     <thead>
@@ -106,7 +105,7 @@ The following are known issues and workarounds for Application Virtualization (A
 
 
 ## Related resources list
-For information that can help with troubleshooting App-V for Windows 10, see:
+For information that can help with troubleshooting App-V for Windows client, see:
 - [Application Virtualization (App-V): List of Microsoft Support Knowledge Base Articles](https://social.technet.microsoft.com/wiki/contents/articles/14272.app-v-v5-x-list-of-microsoft-support-knowledge-base-articles.aspx)
 
 - [The Official Microsoft App-V Team Blog](/archive/blogs/appv/)
@@ -119,6 +118,6 @@ For information that can help with troubleshooting App-V for Windows 10, see:
 <br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
 ## Related topics
-- [What's new in App-V for Windows 10](appv-about-appv.md)
+- [What's new in App-V for Windows client](appv-about-appv.md)
 
 - [Release Notes for App-V for Windows 10, version 1607](appv-release-notes-for-appv-for-windows-1703.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-reporting.md b/windows/application-management/app-v/appv-reporting.md
index a777b5a01e..31fd82260d 100644
--- a/windows/application-management/app-v/appv-reporting.md
+++ b/windows/application-management/app-v/appv-reporting.md
@@ -1,5 +1,5 @@
 ---
-title: About App-V Reporting (Windows 10)
+title: About App-V Reporting (Windows 10/11)
 description: Learn how the App-V reporting feature collects information about computers running the App-V client and virtual application package usage.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -14,7 +14,7 @@ ms.topic: article
 ---
 # About App-V reporting
 
->Applies to: Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 Application Virtualization (App-V) includes a built-in reporting feature that collects information about computers running the App-V client and virtual application package usage. You can generate reports from a centralized database with this information.
 
diff --git a/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md b/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md
index d552115faf..b22a3ebbce 100644
--- a/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md
+++ b/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md
@@ -1,5 +1,5 @@
 ---
-title: Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications (Windows 10)
+title: Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications (Windows 10/11)
 description: Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -18,6 +18,7 @@ ms.author: greglin
 **Applies to**
 -   Windows 7 SP1
 -   Windows 10
+- Windows 11
 -   Windows Server 2012 R2
 -   Windows Server 2016
 
diff --git a/windows/application-management/app-v/appv-security-considerations.md b/windows/application-management/app-v/appv-security-considerations.md
index 6707151ad2..36f3d39141 100644
--- a/windows/application-management/app-v/appv-security-considerations.md
+++ b/windows/application-management/app-v/appv-security-considerations.md
@@ -14,10 +14,7 @@ ms.topic: article
 ---
 # App-V security considerations
 
-**Applies to**:
-
-- Windows 10
-- Windows 11
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 This topic contains a brief overview of the accounts and groups, log files, and other security-related considerations for Microsoft Application Virtualization (App-V).
 
diff --git a/windows/application-management/app-v/appv-sequence-a-new-application.md b/windows/application-management/app-v/appv-sequence-a-new-application.md
index 84d323ae88..c456583c56 100644
--- a/windows/application-management/app-v/appv-sequence-a-new-application.md
+++ b/windows/application-management/app-v/appv-sequence-a-new-application.md
@@ -14,10 +14,7 @@ ms.topic: article
 ---
 # Manually sequence a new app using the Microsoft Application Virtualization Sequencer (App-V Sequencer)
 
-**Applies to**:
-
-- Windows 10
-- Windows 11
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 Starting with Windows 10 version 1607, the App-V Sequencer is included with the Windows ADK. For more info on how to install the App-V Sequencer, see [Install the App-V Sequencer](appv-install-the-sequencer.md).
 
diff --git a/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md b/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md
index 6a5a084f6a..60d9e3bf9e 100644
--- a/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md
+++ b/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md
@@ -1,5 +1,5 @@
 ---
-title: How to sequence a package by using Windows PowerShell (Windows 10)
+title: How to sequence a package by using Windows PowerShell (Windows 10/11)
 description: Learn how to sequence a new Microsoft Application Virtualization (App-V) package by using Windows PowerShell.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -15,8 +15,7 @@ ms.author: greglin
 
 # How to Sequence a Package by using Windows PowerShell
 
-**Applies to**
--   Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 Use the following procedure to create a new App-V package using Windows PowerShell.
 
@@ -63,7 +62,7 @@ The following list displays additional optional parameters that can be used with
 
 -   FullLoad - specifies that the package must be fully downloaded to the computer running the App-V before it can be opened.
 
-In Windows 10, version 1703, running the new-appvsequencerpackage or the update-appvsequencepackage cmdlets automatically captures and stores all of your customizations as an App-V project template. If you want to make changes to this package later, your customizations are automatically loaded from this template file. 
+Starting with Windows 10 version 1703, the `new-appvsequencerpackage` or the `update-appvsequencepackage` cmdlets automatically capture and store all of your customizations as an App-V project template. If you want to make changes to this package later, your customizations are automatically loaded from this template file. 
 
 > [!IMPORTANT]
 > If you have an auto-saved template and you attempt to load another template through the _TemplateFilePath_ parameter, the customization value from the parameter will override the auto-saved template. 
diff --git a/windows/application-management/app-v/appv-technical-reference.md b/windows/application-management/app-v/appv-technical-reference.md
index ec6e36ed71..378c6cf052 100644
--- a/windows/application-management/app-v/appv-technical-reference.md
+++ b/windows/application-management/app-v/appv-technical-reference.md
@@ -1,5 +1,5 @@
 ---
-title: Technical Reference for App-V (Windows 10)
+title: Technical Reference for App-V (Windows 10/11)
 description: Learn strategy and context for many performance optimization practices in this technical reference for Application Virtualization (App-V).
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -15,8 +15,7 @@ ms.author: greglin
 
 # Technical Reference for App-V
 
-**Applies to**
--   Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 This section provides reference information related to managing App-V.
 
diff --git a/windows/application-management/app-v/appv-troubleshooting.md b/windows/application-management/app-v/appv-troubleshooting.md
index 2ee6c51728..0ca75469ad 100644
--- a/windows/application-management/app-v/appv-troubleshooting.md
+++ b/windows/application-management/app-v/appv-troubleshooting.md
@@ -1,5 +1,5 @@
 ---
-title: Troubleshooting App-V (Windows 10)
+title: Troubleshooting App-V (Windows 10/11)
 description: Learn how to find information about troubleshooting Application Virtualization (App-V) and information about other App-V topics.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -15,10 +15,9 @@ ms.author: greglin
 
 # Troubleshooting App-V
 
-**Applies to**
--   Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
-For information that can help with troubleshooting App-V for Windows 10, see:
+For information that can help with troubleshooting App-V for Windows client, see:
 
 - [Application Virtualization (App-V): List of Microsoft Support Knowledge Base Articles](https://social.technet.microsoft.com/wiki/contents/articles/14272.app-v-v5-x-list-of-microsoft-support-knowledge-base-articles.aspx)
 
@@ -33,9 +32,9 @@ For information that can help with troubleshooting App-V for Windows 10, see:
 
 ## Other resources
 
--   [Application Virtualization (App-V) for Windows 10 overview](appv-for-windows.md)
+-   [Application Virtualization (App-V) for Windows client overview](appv-for-windows.md)
 
--   [Getting Started with App-V for Windows 10](appv-getting-started.md)
+-   [Getting Started with App-V for Windows client](appv-getting-started.md)
 
 -   [Planning for App-V](appv-planning-for-appv.md)
 
diff --git a/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md b/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md
index fd2a4d1bf4..f1e570b02a 100644
--- a/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md
+++ b/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md
@@ -1,6 +1,6 @@
 ---
-title: Upgrading to App-V for Windows 10 from an existing installation (Windows 10)
-description: Learn about upgrading to Application Virtualization (App-V) for Windows 10 from an existing installation.
+title: Upgrading to App-V for Windows 10/11 from an existing installation (Windows 10/11)
+description: Learn about upgrading to Application Virtualization (App-V) for Windows 10/11 from an existing installation.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@@ -12,14 +12,13 @@ manager: dansimp
 ms.author: greglin
 ---
 
-# Upgrading to App-V for Windows 10 from an existing installation
+# Upgrading to App-V for Windows client from an existing installation
 
-**Applies to**
--   Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
-If you’re already using App-V and you’re planning to upgrade user devices to Windows 10, you need to make only the following few adjustments to your existing environment to start using App-V for Windows 10. 
+If you’re already using App-V and you’re planning to upgrade user devices to Windows 10/11, you need to make only the following few adjustments to your existing environment to start using App-V for Windows client. 
 
-1. [Upgrade user devices to Windows 10](#upgrade-user-devices-to-windows-10). Performing an in-place upgrade automatically installs the App-V client and migrates users’ App-V applications and settings.
+1. [Upgrade user devices to Windows 10/11](#upgrade-user-devices-to-windows-10). Performing an in-place upgrade automatically installs the App-V client and migrates users’ App-V applications and settings.
 
 2. [Verify that App-V applications and settings were migrated correctly](#verify-that-app-v-applications-and-settings-were-migrated-correctly).
 
@@ -31,13 +30,13 @@ If you’re already using App-V and you’re planning to upgrade user devices to
 
 These steps are explained in more detail below.
 
-## Upgrade user devices to Windows 10
+## Upgrade user devices to Windows 10/11
 
-Performing an in-place upgrade automatically installs the App-V client and migrates users’ App-V applications and settings. See the [Windows 10 and Windows 10 Mobile document set](/windows/windows-10/) for information about upgrading user devices to Windows 10. 
+Performing an in-place upgrade automatically installs the App-V client and migrates users’ App-V applications and settings. See the [Windows document set](/windows/windows-10/) for information about upgrading user devices. 
 
 ## Verify that App-V applications and settings were migrated correctly
 
-After upgrading a user device to Windows 10, it’s important to verify that App-V applications and settings were migrated correctly during the upgrade. 
+After upgrading a user device, it’s important to verify that App-V applications and settings were migrated correctly during the upgrade. 
 
 To verify that the user’s App-V application packages were migrated correctly, type `Get-AppvClientPackage` in Windows PowerShell.
 
@@ -45,7 +44,7 @@ To verify that the user’s App-V settings were migrated correctly, type `Get-Ap
 
 ## Enable the in-box App-V client
 
-With Windows 10, the App-V client is installed automatically. You need to enable the client to allow user devices to access and run virtual applications. You can enable the client with the Group Policy editor or with Windows PowerShell. 
+With Windows 10/11, the App-V client is installed automatically. You need to enable the client to allow user devices to access and run virtual applications. You can enable the client with the Group Policy editor or with Windows PowerShell. 
 
 **To enable the App-V client with Group Policy**
 
diff --git a/windows/application-management/app-v/appv-using-the-client-management-console.md b/windows/application-management/app-v/appv-using-the-client-management-console.md
index 1f463763a0..4d7ae4ff1a 100644
--- a/windows/application-management/app-v/appv-using-the-client-management-console.md
+++ b/windows/application-management/app-v/appv-using-the-client-management-console.md
@@ -1,5 +1,5 @@
 ---
-title: Using the App-V Client Management Console (Windows 10)
+title: Using the App-V Client Management Console (Windows 10/11)
 description: Learn how to use the Application Virtualization (App-V) client management console to manage packages on the computer running the App-V client.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -15,8 +15,7 @@ ms.author: greglin
 
 # Using the App-V Client Management Console
 
-**Applies to**
--   Windows 10, version 1607
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 This topic provides information about using the Application Virtualization (App-V) client management console to manage packages on the computer running the App-V client.
 
diff --git a/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md b/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md
index 8cb9a3b085..eebe3e0c35 100644
--- a/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md
+++ b/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md
@@ -1,5 +1,5 @@
 ---
-title: Viewing App-V Server Publishing Metadata (Windows 10)
+title: Viewing App-V Server Publishing Metadata (Windows 10/11)
 description: Use this procedure to view App-V Server publishing metadata, which can help you resolve publishing-related issues.
 author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
@@ -42,7 +42,7 @@ You can view the metadata for each request in an Internet browser by using a que
 
 ## <a href="" id="bkmk-syntax-view-pub-meta"></a>Query syntax for viewing publishing metadata
 
-This section provides information about queries for viewing publishing metadata for App-V 5.0 SP3 Server and App-V 5.1 server. The App-V server components have not changed since App-V 5.0 was released, so App-V 5.x Server is the version of the server used with App-V for Windows 10.
+This section provides information about queries for viewing publishing metadata for App-V 5.0 SP3 Server and App-V 5.1 server. The App-V server components have not changed since App-V 5.0 was released, so App-V 5.x Server is the version of the server used with App-V for Windows client.
 
 **Query syntax**
 
@@ -58,7 +58,7 @@ In this example:
 
 - A computer running Windows Server 2016 named “pubsvr01” hosts the Publishing service.
 
-- The Windows client is Windows 10, 64-bit.
+- The Windows client is 64-bit.
 
 **Query parameter descriptions**
 
@@ -68,7 +68,7 @@ The following table describes the parameters shown in the preceding **Query synt
 |------------|---------------|
 | `<PubServer>`  |  Name of the App-V Publishing server. |
 | `<Publishing Port#>` | Port to the App-V Publishing server, which you defined when you configured the Publishing server. |
-| `ClientVersion=<BuildNumber>` | Windows 10 build number. You can obtain this number by running the following Windows PowerShell command:<br>`(Get-CimInstance Win32_OperatingSystem).version`  |
+| `ClientVersion=<BuildNumber>` | Windows client build number. You can obtain this number by running the following Windows PowerShell command:<br>`(Get-CimInstance Win32_OperatingSystem).version`  |
 | `ClientOS=<OSStringValue>` | Operating system of the computer that is running the App-V client. Refer to the table that follows for the correct value.<br>You can omit this parameter, with the result that only the packages that were sequenced to support all operating systems will appear in the metadata. |
 
 To get the name of the Publishing server and the port number (`http://<PubServer>:<Publishing Port#>`) from the App-V client, look at the URL configuration of the <strong>Get-AppvPublishingServer</strong> Windows PowerShell cmdlet.
@@ -92,12 +92,12 @@ In your publishing metadata query, enter the string values that correspond to th
 </thead>
 <tbody>
 <tr class="odd">
-<td align="left"><p>Windows 10</p></td>
+<td align="left"><p>Windows 10/11</p></td>
 <td align="left"><p>64-bit</p></td>
 <td align="left"><p>WindowsClient_10.0_x64</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p>Windows 10</p></td>
+<td align="left"><p>Windows 10/11</p></td>
 <td align="left"><p>32-bit</p></td>
 <td align="left"><p>WindowsClient_10.0_x86</p></td>
 </tr>

From ef6e223a3334a7691877472377414ea2c6fe36aa Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Tue, 28 Sep 2021 17:21:57 -0400
Subject: [PATCH 642/671] fixed validation warnings and suggestions

---
 .../appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md     | 2 +-
 windows/application-management/app-v/appv-maintaining-appv.md   | 2 +-
 ...ing-to-app-v-for-windows-10-from-an-existing-installation.md | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md b/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
index c79bfcbc87..081235fe4b 100644
--- a/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
+++ b/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
@@ -82,7 +82,7 @@ Starting in App-V 5.0 SP3, cmdlet help is available in two formats:
 |App-V Sequencer|**Update-Help -Module AppvSequencer**|
 |App-V Client|**Update-Help -Module AppvClient**|
 
-* Online in the [Microsoft Desktop Optimization Pack](/powershell/mdop/get-started?view=win-mdop2-ps).
+* Online in the [Microsoft Desktop Optimization Pack](/powershell/mdop/get-started).
 
 ## Displaying the help for a Windows PowerShell cmdlet
 
diff --git a/windows/application-management/app-v/appv-maintaining-appv.md b/windows/application-management/app-v/appv-maintaining-appv.md
index 543c13a48b..b67604f857 100644
--- a/windows/application-management/app-v/appv-maintaining-appv.md
+++ b/windows/application-management/app-v/appv-maintaining-appv.md
@@ -5,7 +5,7 @@ author: greg-lindsay
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.prod: w10/11
+ms.prod: w10
 ms.date: 09/27/2018
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md b/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md
index f1e570b02a..1645168178 100644
--- a/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md
+++ b/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md
@@ -18,7 +18,7 @@ ms.author: greglin
 
 If you’re already using App-V and you’re planning to upgrade user devices to Windows 10/11, you need to make only the following few adjustments to your existing environment to start using App-V for Windows client. 
 
-1. [Upgrade user devices to Windows 10/11](#upgrade-user-devices-to-windows-10). Performing an in-place upgrade automatically installs the App-V client and migrates users’ App-V applications and settings.
+1. [Upgrade user devices to Windows 10/11](#upgrade-user-devices-to-windows-10-11). Performing an in-place upgrade automatically installs the App-V client and migrates users’ App-V applications and settings.
 
 2. [Verify that App-V applications and settings were migrated correctly](#verify-that-app-v-applications-and-settings-were-migrated-correctly).
 

From 645b4c380d0f00821393a6fe85f2a5c30aa18606 Mon Sep 17 00:00:00 2001
From: MandiOhlinger <mandi.ohlinger@microsoft.com>
Date: Tue, 28 Sep 2021 17:28:02 -0400
Subject: [PATCH 643/671] fixed bookmark

---
 ...ing-to-app-v-for-windows-10-from-an-existing-installation.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md b/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md
index 1645168178..cb48f4c88a 100644
--- a/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md
+++ b/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md
@@ -18,7 +18,7 @@ ms.author: greglin
 
 If you’re already using App-V and you’re planning to upgrade user devices to Windows 10/11, you need to make only the following few adjustments to your existing environment to start using App-V for Windows client. 
 
-1. [Upgrade user devices to Windows 10/11](#upgrade-user-devices-to-windows-10-11). Performing an in-place upgrade automatically installs the App-V client and migrates users’ App-V applications and settings.
+1. [Upgrade user devices to Windows 10/11](#upgrade-user-devices-to-windows-1011). Performing an in-place upgrade automatically installs the App-V client and migrates users’ App-V applications and settings.
 
 2. [Verify that App-V applications and settings were migrated correctly](#verify-that-app-v-applications-and-settings-were-migrated-correctly).
 

From 7e23517a5ad917e516841d9455ab16427a37bae6 Mon Sep 17 00:00:00 2001
From: Mandi Ohlinger <Mandi.Ohlinger@microsoft.com>
Date: Tue, 28 Sep 2021 17:34:57 -0400
Subject: [PATCH 644/671] 10/11

---
 .../enterprise-background-activity-controls.md              | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/application-management/enterprise-background-activity-controls.md b/windows/application-management/enterprise-background-activity-controls.md
index 0a72c19e87..9c4133cd25 100644
--- a/windows/application-management/enterprise-background-activity-controls.md
+++ b/windows/application-management/enterprise-background-activity-controls.md
@@ -17,7 +17,7 @@ To provide the best experience for consumers, Windows provides controls that giv
 
 By default, resource limits are imposed on applications. Foreground apps are given the most memory and execution time; background apps get less. Users are thus protected from poor foreground app performance and heavy battery drain.
 
-Enterprise users want the same ability to enable or limit background activity. In Windows 10, version 1703 (also known as the Creators Update), enterprises can now configure settings via policy and provisioning that control background activity.
+Enterprise users want the same ability to enable or limit background activity. Starting with Windows 10 version 1703, enterprises can now configure settings via policy and provisioning that control background activity.
 
 ## Background activity controls
 
@@ -33,7 +33,7 @@ Here is the set of available controls for mobile devices: 
 
 ![Battery usage by app on mobile.](images/battery-usage-by-app-mobile.png)
 
-Although the user interface differs across editions of the operating system, the policy and developer interface is consistent across Windows 10. For more information about these controls, see [Optimize background activity](/windows/uwp/debug-test-perf/optimize-background-activity).
+Although the user interface differs across editions of the operating system, the policy and developer interface is consistent across Windows clients. For more information about these controls, see [Optimize background activity](/windows/uwp/debug-test-perf/optimize-background-activity).
 
 ## Enterprise background activity controls 
 
@@ -62,4 +62,4 @@ The Universal Windows Platform ensures that consumers will have great battery li
 
 - [Run in the background indefinitely](/windows/uwp/launch-resume/run-in-the-background-indefinetly)
 - [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider#privacy-letappsruninbackground)
-[Optimize background activity](/windows/uwp/debug-test-perf/optimize-background-activity)
\ No newline at end of file
+[Optimize background activity](/windows/uwp/debug-test-perf/optimize-background-activity)

From bf43d60452829c13a1d0c3ff2a2c270dd31d66e7 Mon Sep 17 00:00:00 2001
From: Mandi Ohlinger <Mandi.Ohlinger@microsoft.com>
Date: Tue, 28 Sep 2021 17:38:49 -0400
Subject: [PATCH 645/671] 10/11

---
 .../manage-windows-mixed-reality.md           | 32 +++++++++++--------
 1 file changed, 18 insertions(+), 14 deletions(-)

diff --git a/windows/application-management/manage-windows-mixed-reality.md b/windows/application-management/manage-windows-mixed-reality.md
index 2305949341..775ad66f85 100644
--- a/windows/application-management/manage-windows-mixed-reality.md
+++ b/windows/application-management/manage-windows-mixed-reality.md
@@ -1,5 +1,5 @@
 ---
-title: Enable or block Windows Mixed Reality apps in the enterprise (Windows 10)
+title: Enable or block Windows Mixed Reality apps in the enterprise (Windows 10/11)
 description: Learn how to enable Windows Mixed Reality apps in WSUS or block the Windows Mixed Reality portal in enterprises.
 ms.reviewer: 
 manager: dansimp
@@ -15,37 +15,41 @@ ms.topic: article
 
 # Enable or block Windows Mixed Reality apps in enterprises
 
-**Applies to**
-
--   Windows 10
+[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
 
-[Windows Mixed Reality](https://blogs.windows.com/windowsexperience/2017/10/03/the-era-of-windows-mixed-reality-begins-october-17/) was introduced in Windows 10, version 1709 (also known as the Fall Creators Update), as a [Windows 10 Feature on Demand (FOD)](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities). Features on Demand are Windows feature packages that can be added at any time. When a Windows 10 PC needs a new feature, it can request the feature package from Windows Update.
+[Windows Mixed Reality](https://blogs.windows.com/windowsexperience/2017/10/03/the-era-of-windows-mixed-reality-begins-october-17/) was introduced in Windows 10, version 1709 (also known as the Fall Creators Update), as a [Windows Feature on Demand (FOD)](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities). Features on Demand are Windows feature packages that can be added at any time. When a Windows client needs a new feature, it can request the feature package from Windows Update.
 
 Organizations that use Windows Server Update Services (WSUS) must take action to [enable Windows Mixed Reality](#enable-windows-mixed-reality-in-wsus). Any organization that wants to prohibit use of Windows Mixed Reality can [block the installation of the Mixed Reality Portal](#block-the-mixed-reality-portal).
 
 ## Enable Windows Mixed Reality in WSUS
 
-1. [Check your version of Windows 10.](https://support.microsoft.com/help/13443/windows-which-operating-system)
+1. [Check your version of Windows.](https://support.microsoft.com/help/13443/windows-which-operating-system)
 
    >[!NOTE]
    >You must be on at least Windows 10, version 1709, to run Windows Mixed Reality.
 
 2. Windows Mixed Reality Feature on Demand (FOD) is downloaded from Windows Update. If access to Windows Update is blocked, you must manually install the Windows Mixed Reality FOD.
 
-   1. Download the FOD .cab file for [Windows 10, version 2004](https://software-download.microsoft.com/download/pr/6cf73b63/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab), [Windows 10, version 1903 and 1909](https://software-download.microsoft.com/download/pr/Microsoft-Windows-Holographic-Desktop-FOD-Package-31bf3856ad364e35-amd64.cab), [Windows 10, version 1809](https://software-download.microsoft.com/download/pr/microsoft-windows-holographic-desktop-fod-package31bf3856ad364e35amd64_1.cab), [Windows 10, version 1803](https://download.microsoft.com/download/9/9/3/9934B163-FA01-4108-A38A-851B4ACD1244/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab), or [Windows 10, version 1709](https://download.microsoft.com/download/6/F/8/6F816172-AC7D-4F45-B967-D573FB450CB7/Microsoft-Windows-Holographic-Desktop-FOD-Package.cab).
+   1. Download the FOD .cab file:
 
-      > [!NOTE]
-      > You must download the FOD .cab file that matches your operating system version.
+        - [Windows 10, version 2004](https://software-download.microsoft.com/download/pr/6cf73b63/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab)
+        - [Windows 10, version 1903 and 1909](https://software-download.microsoft.com/download/pr/Microsoft-Windows-Holographic-Desktop-FOD-Package-31bf3856ad364e35-amd64.cab)
+        - [Windows 10, version 1809](https://software-download.microsoft.com/download/pr/microsoft-windows-holographic-desktop-fod-package31bf3856ad364e35amd64_1.cab)
+        - [Windows 10, version 1803](https://download.microsoft.com/download/9/9/3/9934B163-FA01-4108-A38A-851B4ACD1244/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab)
+        - [Windows 10, version 1709](https://download.microsoft.com/download/6/F/8/6F816172-AC7D-4F45-B967-D573FB450CB7/Microsoft-Windows-Holographic-Desktop-FOD-Package.cab)
+
+        > [!NOTE]
+        > You must download the FOD .cab file that matches your operating system version.
 
    1. Use `Dism` to add Windows Mixed Reality FOD to the image.
 
-      ```powershell
-      Dism /Online /Add-Package /PackagePath:(path)
-      ```
+        ```powershell
+        Dism /Online /Add-Package /PackagePath:(path)
+        ```
       
-      > [!NOTE]
-      > You must rename the FOD .CAB file to : **Microsoft-Windows-Holographic-Desktop-FOD-Package\~31bf3856ad364e35\~amd64\~\~.cab**
+        > [!NOTE]
+        > You must rename the FOD .CAB file to : **Microsoft-Windows-Holographic-Desktop-FOD-Package\~31bf3856ad364e35\~amd64\~\~.cab**
 
    1. In **Settings** > **Update & Security** > **Windows Update**, select **Check for updates**.
 

From 667f3fd7d5e6f5f75bbf1f2627848670d11f8fe0 Mon Sep 17 00:00:00 2001
From: Mandi Ohlinger <Mandi.Ohlinger@microsoft.com>
Date: Tue, 28 Sep 2021 17:43:02 -0400
Subject: [PATCH 646/671] Fixed path

---
 windows/application-management/manage-windows-mixed-reality.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/application-management/manage-windows-mixed-reality.md b/windows/application-management/manage-windows-mixed-reality.md
index 775ad66f85..8640d74fc3 100644
--- a/windows/application-management/manage-windows-mixed-reality.md
+++ b/windows/application-management/manage-windows-mixed-reality.md
@@ -15,7 +15,7 @@ ms.topic: article
 
 # Enable or block Windows Mixed Reality apps in enterprises
 
-[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
+[!INCLUDE [Applies to Windows client versions](./includes/applies-to-windows-client-versions.md)]
 
 
 [Windows Mixed Reality](https://blogs.windows.com/windowsexperience/2017/10/03/the-era-of-windows-mixed-reality-begins-october-17/) was introduced in Windows 10, version 1709 (also known as the Fall Creators Update), as a [Windows Feature on Demand (FOD)](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities). Features on Demand are Windows feature packages that can be added at any time. When a Windows client needs a new feature, it can request the feature package from Windows Update.

From c77db21b149a0828f8fcae518d242b08d21e2370 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Tue, 28 Sep 2021 17:25:11 -0700
Subject: [PATCH 647/671] feedback

---
 windows/security/hardware.md | 2 +-
 windows/security/index.yml   | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/hardware.md b/windows/security/hardware.md
index ae5f6ae709..435dd886c2 100644
--- a/windows/security/hardware.md
+++ b/windows/security/hardware.md
@@ -24,4 +24,4 @@ These new threats call for computing hardware that is secure down to the very co
 | Hardware-based root of trust with Windows Defender System Guard | To protect critical resources such as Windows authentication, single sign-on tokens, Windows Hello, and the Virtual Trusted Platform Module, a system's firmware and hardware must be trustworthy.  <br> Windows Defender System Guard helps protect and maintain the integrity of the system as it starts up and validate that system integrity has truly been maintained through local and remote attestation. <br><br/> Learn more about [How a hardware-based root of trust helps protect Windows](threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md) and [System Guard Secure Launch and SMM protection](threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md). |
 | Enable virtualization-based protection of code integrity | Hypervisor-protected Code Integrity (HVCI) is a  virtualization based security (VBS) feature available in Windows. In the Windows Device Security settings, HVCI is referred to as Memory Integrity. <br> HVCI and VBS improve the threat model of Windows and provide stronger protections against malware trying to exploit the Windows Kernel. VBS uses the Windows Hypervisor to create an isolated virtual environment that becomes the root of trust of the OS that assumes the kernel can be compromised. HVCI is a critical component that protects and hardens this virtual environment by running kernel mode code integrity within it and restricting kernel memory allocations that could be used to compromise the system. <br><br/> Learn more: [Enable virtualization-based protection of code integrity](threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md).
 | Kernel Direct Memory Access (DMA) Protection | PCIe hot plug devices such as Thunderbolt, USB4, and CFexpress allow users to attach new classes of external peripherals, including graphics cards or other PCI devices, to their PCs with an experience identical to USB. Because PCI hot plug ports are external and easily accessible, PCs are susceptible to drive-by Direct Memory Access (DMA) attacks.  Memory access protection (also known as Kernel DMA Protection)  protects PCs against drive-by DMA attacks that use PCIe hot plug devices by limiting these external peripherals from being able to directly copy memory when the user has locked their PC. <br><br/> Learn more about [Kernel DMA Protection](information-protection/kernel-dma-protection-for-thunderbolt.md). |
-| Secure core devices | Microsoft is working closely with OEM partners and silicon vendors to build Secured-core PCs that feature deeply integrated hardware, firmware, and software to ensure enhanced security for devices, identities, and data. <br><br/> Secured-core PCs provide protections that are useful against sophisticated attacks and can provide increased assurance when handling mission-critical data in some of the most data-sensitive industries, such as healthcare workers that handle medical records and other personally identifiable information (PII), commercial roles that handle high business impact and highly sensitive data, such as a financial controller with earnings data. <br><br/> Learn more about [Secure core PCs](/windows-hardware/design/device-experiences/oem-highly-secure).| 
+| Secured-core PCs | Microsoft is working closely with OEM partners and silicon vendors to build Secured-core PCs that feature deeply integrated hardware, firmware, and software to ensure enhanced security for devices, identities, and data. <br><br/> Secured-core PCs provide protections that are useful against sophisticated attacks and can provide increased assurance when handling mission-critical data in some of the most data-sensitive industries, such as healthcare workers that handle medical records and other personally identifiable information (PII), commercial roles that handle high business impact and highly sensitive data, such as a financial controller with earnings data. <br><br/> Learn more about [Secured-core PCs](/windows-hardware/design/device-experiences/oem-highly-secure).| 
diff --git a/windows/security/index.yml b/windows/security/index.yml
index d7f93945a5..7a5576692b 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -39,9 +39,9 @@ landingContent:
         links:
         - text: Trusted Platform Module
           url: information-protection/tpm/trusted-platform-module-top-node.md
-        - text: Hardware-based root of trust
+        - text: Windows Defender System Guard firmware protection
           url: threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md
-        - text: System Guard Secure Launch and SMM protection
+        - text: System Guard Secure Launch and SMM protection enablement
           url: threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md
         - text: Virtualization-based protection of code integrity
           url: threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md

From 54df60f9ee4747a95558f69f4fbc88cac833f120 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Wed, 29 Sep 2021 20:46:59 +0530
Subject: [PATCH 648/671] Updated

---
 images/no.png                                  | Bin 874 -> 0 bytes
 images/yes.png                                 | Bin 614 -> 0 bytes
 includes/appliesto-2013-2016-2019-xxx-md.md    |   1 -
 includes/appliesto-xxx-2016-2019-SUB-xxx-md.md |   1 -
 4 files changed, 2 deletions(-)
 delete mode 100644 images/no.png
 delete mode 100644 images/yes.png
 delete mode 100644 includes/appliesto-2013-2016-2019-xxx-md.md
 delete mode 100644 includes/appliesto-xxx-2016-2019-SUB-xxx-md.md

diff --git a/images/no.png b/images/no.png
deleted file mode 100644
index 1aa084e6a3326f74e77306adc0bab27e6225b291..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 874
zcmV-w1C{)VP)<h;3K|Lk000e1NJLTq0012T000pP1^@s6AyKDv00004b3#c}2nYxW
zd<bNS00009a7bBm000fw000fw0YWI7cmMzZ8FWQhbW?9;ba!ELWdL_~cP?peYja~^
zaAhuUa%Y?FJQ@H10_RCYK~y-6ot5iLQ*ju_zh|E9?95E3d1I)gk(Oj=7d1pH3N5e~
z_9i6grGJ5MBKiaLl?CNO6bh##T6xJXQzx{cc+E*|+ANLmwySeHyPjV!Wa`$m%?A#g
z@56b%pY!|u9-bdX2*FXJQLd21vf}b%v67o&MkI54ye6m1HL_)QsOsx#7Z0nYqJ=if
z70ijmgr_Gn(r@QxXQU@5N(D3>1D+=^TCDiFvbv#PS{_?BS{~Hb)mp=v5JDn;p0srp
zDBgaW-85T$<dE2QI7#=QO5f7icPE@r#K4B;cDAGU^PJz$AI1xc{vq|RhURuzsFxtp
zZB0&0cwSjvoG%bi0DyV@62cvg&ae!R*9QQ&QFbXSEjdXM`b|X8M!6y{Hz)I!G(JuM
z0K=MT464S^KdcD?Pib}NQ>xMZegr&Ez=(t>Ey}+rZ+~|$YN#|mt~xI#D<z;$Wyv6<
zY3P0|qi;wJo+p^n>M*RC1^}GS&Ol&CvNL58mSw8<`_Yj=Sus;0jgQ;anX**WR8^qo
z!zlEI6<DlxY?v$nfa_O^aN%6u-l_x?Vp*{)>Xk~wOloK@0FDs|c7az*3xk0BemZ5p
zjtJ`U`t0HIYnvwcd45-~uA9K~|2CI5q&^}j=W^>fmpdpo@%1}K$7cZm1$j9T(lqo-
zD;NlAE&y;ixwWXF)~)TqKWm$=fS#PwK{Yl50H`P_L}f)WYN{%Bn#-^p1h&}h;M|_6
zsG(k;PdPsOP3!af0RW6h2#TU`t+WW2&z}LXcg8}R1|t%IqISA>L^Hi$wr({A8Advh
znp(TgD!)wp4on-P*&22V8O^rc_nG+x>kCEi-6M}dLI~Pk4?I*)YBzZP|D#Z=GuU2s
z54MK$i3&;x!LwIAWgWdrt;u5Zhl6c9IP&J>=weG}-~EF;qQ2Sypi!<6CnX$zBw@ux
zu@W{-!ZJym%VTqLt~Ce8Ef~$V$Mto!=7Z}00)LUfCpD&o@&Et;07*qoM6N<$f~ppT
Awg3PC

diff --git a/images/yes.png b/images/yes.png
deleted file mode 100644
index d2285c5c46cfb8c983a2a725f4ff13e241a5f319..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 614
zcmV-s0-61ZP)<h;3K|Lk000e1NJLTq0012T000pP1^@s6AyKDv00004b3#c}2nYxW
zd<bNS00009a7bBm000fw000fw0YWI7cmMzZ8FWQhbW?9;ba!ELWdL_~cP?peYja~^
zaAhuUa%Y?FJQ@H10pm$TK~y-6rIpP~R8bs;pEF&ZX@=3h+|(rHBFsK*Zj=i*!rkOf
zh=j<*8G;Cxt~>Mxgdo$d#k7bF$_Of$yBR1%&{?RX(S-St3z34+VrXLUxEO`o(2VC^
z&+dKC``+ikIsC3rO5tTmTbu{3118W0ECLx|N?K~XR#&)%N?U}1$3VPBECs}*rB?S1
zmA1GByabvx;(1^|T58NQRNA5u$N~}VQ$hi_EG_lbY5H7zU_=M#69$IQzbk`4QrhBx
zYpAqE6u6_4?QTsFyE=~F2=7`QK(A})PI1q5<wT5V<R1Ay%M?q$s`hoErc;FKn>ZRg
z^H1P-gUOB71V0No-put^_M={)ZBB8!{R91Gn!^WM00`C{<JP6uY^f5X(>)YRo0a`@
zUZ9IkkzRO6sJ@B5s7*s4!p)1LGzL!cc0SJf@3}quy3mYM<bJ$kEPIzjfm1x_nCJA7
zE+$rn$*#T7>gz(MDvjB-=e++ih~EgalK(_1H>BM+G@)tWBhcwIC%->I;N$c9E4Ear
zT6YO}<}}<)q!wTX2x%S^KmlFSQfa5DJ&~lPz5(}vzb=4}DuLkbFLMD%0_`<otCWYm
z{l87u&>e6c&_{XFn7~=ecbB33Xr4+-ZB*-T1Bh3d_?=3=T>t<807*qoM6N<$f|?{1
AbN~PV

diff --git a/includes/appliesto-2013-2016-2019-xxx-md.md b/includes/appliesto-2013-2016-2019-xxx-md.md
deleted file mode 100644
index 9a496e3070..0000000000
--- a/includes/appliesto-2013-2016-2019-xxx-md.md
+++ /dev/null
@@ -1 +0,0 @@
-<Token>**APPLIES TO:** ![yes](../media/yes.png)2013 ![yes](../media/yes.png)2016 ![yes](../media/yes.png)2019 ![no](../media/no.png)SharePoint in Microsoft 365</Token>
diff --git a/includes/appliesto-xxx-2016-2019-SUB-xxx-md.md b/includes/appliesto-xxx-2016-2019-SUB-xxx-md.md
deleted file mode 100644
index a97c23d538..0000000000
--- a/includes/appliesto-xxx-2016-2019-SUB-xxx-md.md
+++ /dev/null
@@ -1 +0,0 @@
-<Token>**APPLIES TO:** ![no-img-13](../media/no.png)2013 ![yes-img-16](../media/yes.png)2016 ![yes-img-19](../media/yes.png)2019 ![yes-img-se](../media/yes.png)Subscription Edition ![no-img-sop](../media/no.png)SharePoint in Microsoft 365</Token>

From 9512fa141ad4475b23bfdb5cb2729ca5a31d551d Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Wed, 29 Sep 2021 08:21:53 -0700
Subject: [PATCH 649/671] update

---
 windows/deployment/windows-10-enterprise-e3-overview.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/windows-10-enterprise-e3-overview.md b/windows/deployment/windows-10-enterprise-e3-overview.md
index e1d673f759..f68b6a5e42 100644
--- a/windows/deployment/windows-10-enterprise-e3-overview.md
+++ b/windows/deployment/windows-10-enterprise-e3-overview.md
@@ -37,7 +37,7 @@ When you purchase Windows 10/11 Enterprise E3 via a partner, you get the follo
 -   **Windows 10/11 Enterprise edition**. Devices currently running Windows 10 Pro or Windows 11 Pro can get Windows 10/11 Enterprise Current Branch (CB) or Current Branch for Business (CBB). This benefit does not include Long Term Service Branch (LTSB).
 -   **Support from one to hundreds of users**. Although the Windows 10/11 Enterprise E3 in CSP program does not have a limitation on the number of licenses an organization can have, the program is designed for small- and medium-sized organizations.
 -   **Deploy on up to five devices**. For each user covered by the license, you can deploy Windows 10 Enterprise edition on up to five devices.
--   **Roll back to Windows 10 Pro at any time**. When a user’s subscription expires or is transferred to another user, the Windows 10/11 Enterprise device reverts seamlessly to Windows 10/11 Pro edition (after a grace period of up to 90 days).
+-   **Roll back to Windows 10/11 Pro at any time**. When a user’s subscription expires or is transferred to another user, the Windows 10/11 Enterprise device reverts seamlessly to Windows 10/11 Pro edition (after a grace period of up to 90 days).
 -   **Monthly, per-user pricing model**. This makes Windows 10/11 Enterprise E3 affordable for any organization.
 -   **Move licenses between users**. Licenses can be quickly and easily reallocated from one user to another user, allowing you to optimize your licensing investment against changing needs.
 

From 6e7795c0f93dac82b9089389e03d3a144fe2a86f Mon Sep 17 00:00:00 2001
From: Baard Hermansen <cavebaard@gmail.com>
Date: Wed, 29 Sep 2021 19:01:29 +0200
Subject: [PATCH 650/671] Update policy-csp-localpoliciessecurityoptions.md

Corrected two Notes sections that did not display correctly.
---
 .../policy-csp-localpoliciessecurityoptions.md    | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
index 1c0cdcacb8..1b78a514c8 100644
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@@ -14,7 +14,6 @@ manager: dansimp
 
 # Policy CSP - LocalPoliciesSecurityOptions
 
-
 <hr/>
 
 <!--Policies-->
@@ -164,11 +163,10 @@ manager: dansimp
   </dd>
 </dl>
 
-
 <hr/>
 
 > [!NOTE]
-> To find data formats (and other policy-related details), see [Policy DDF file](./policy-ddf-file.md). 
+> To find data formats (and other policy-related details), see [Policy DDF file](./policy-ddf-file.md).
 
 <!--Policy-->
 <a href="" id="localpoliciessecurityoptions-accounts-blockmicrosoftaccounts"></a>**LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts**  
@@ -3189,8 +3187,9 @@ This policy setting controls the behavior of the elevation prompt for administra
 The options are:
 
 - 0 - Elevate without prompting: Allows privileged accounts to perform an operation that requires elevation without requiring consent or credentials.
-      > [!NOTE]
-      > Use this option only in the most constrained environments.
+
+  > [!NOTE]
+  > Use this option only in the most constrained environments.
 
 - 1 - Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a privileged user name and password. If the user enters valid credentials, the operation continues with the user's highest available privilege.
 
@@ -3565,8 +3564,10 @@ This policy setting controls the behavior of all User Account Control (UAC) poli
 
 The options are:
 - 0 - Disabled: Admin Approval Mode and all related UAC policy settings are disabled.
-      > [!NOTE]
-      > If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced.
+
+  > [!NOTE]
+  > If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced.
+
 - 1 - Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode. 
 
 

From 9a4b2257b4501cf808d7e2e3a739f486a9de5033 Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 29 Sep 2021 10:39:17 -0700
Subject: [PATCH 651/671] Update faq-md-app-guard.yml

---
 .../faq-md-app-guard.yml                             | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml
index 9ad53a26f5..c0d45b5bad 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml
@@ -9,7 +9,7 @@ metadata:
   ms.localizationpriority: medium
   author: denisebmsft
   ms.author: deniseb
-  ms.date: 07/23/2021
+  ms.date: 09/29/2021
   ms.reviewer:
   manager: dansimp
   ms.custom: asr
@@ -217,6 +217,16 @@ sections:
           Policy: Allow installation of devices using drivers that match these device setup classes
           - `{71a27cdd-812a-11d0-bec7-08002be2092f}`
 
+      - question: |
+          I'm encountering TCP fragmentation issues, and cannot enable my VPN connection. How do I fix this?
+        answer: |
+          WinNAT drops ICMP/UDP messages with packets greater than MTU when using Default Switch or Docker NAT network. Support for this has been added in [KB4571744](https://www.catalog.update.microsoft.com/Search.aspx?q=4571744). To fix the issue, install the update and enable the fix by following these steps:
+
+          1. Ensure that the FragmentAware DWORD is set to 1 in this registry setting: `\Registry\Machine\SYSTEM\CurrentControlSet\Services\Winnat`.
+
+          2. Reboot the device.
+
+
 additionalContent: |
 
   ## See also

From 159c1c40cc824fa70767c910b870b54572c88802 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Wed, 29 Sep 2021 10:58:33 -0700
Subject: [PATCH 652/671] ZT updates

---
 windows/security/zero-trust-windows-device-health.md | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/windows/security/zero-trust-windows-device-health.md b/windows/security/zero-trust-windows-device-health.md
index 17f22fad49..324d3a7083 100644
--- a/windows/security/zero-trust-windows-device-health.md
+++ b/windows/security/zero-trust-windows-device-health.md
@@ -27,6 +27,12 @@ The [Zero Trust Principles](https://www.microsoft.com/security/business/zero-tru
 
 The Zero Trust concept of **verify explicitly** applies to the risks introduced by both devices and users. Windows provides IT administrators the attestation and measurements to determine whether a device meets requirements and can be trusted. Microsoft Intune and Azure Active Directory can be used to manage and enforce access. Plus, IT Administrators can easily customize Windows to meet specific user and policy requirements for access, privacy, compliance, and more.
 
+Zero Trust moves enterprise defenses from static, network-based perimeters to focus on users, assets, and resources. Both [Conditional access](/azure/active-directory/conditional-access/overview) and Device health attestation are used to help grant access to corporate resources.
+
+[Conditional access](/azure/active-directory/conditional-access/overview) evaluates identity signals to confirm that users are who they say they are. Access can then be allowed or blocked based on this information.
+
+For devices, each device needs to prove that it hasn't been tampered with and is in a good state. Windows 11 supports remote attestation to help confirm device compliance. This helps users access corporate resources whether they’re in the office, at home, or when they’re traveling. This capability is critical part of enabling hybrid, modern work environment.
+
 ## Device health attestation on Windows
  Many security risks can emerge during the boot process as this process can be the most privileged component of the whole system. Zero Trust principles state that all endpoints are untrusted unless they are verified. The verification process uses remote attestation as the secure channel to determine and present the device’s health. Remote attestation determines:
 
@@ -34,9 +40,9 @@ The Zero Trust concept of **verify explicitly** applies to the risks introduced
 - If the operating system booted correctly.
 - If the OS has the right set of security features enabled.
 
-These determinations are made with the help of a secure root of trust using the Trusted Platform Module (TPM). Devices can attest that the TPM is enabled in the attestation flow, and that the device has not been tampered with. 
+These determinations are made with the help of a secure root of trust using the Trusted Platform Module (TPM). Devices can attest that the TPM is enabled in the attestation flow, and that the device has not been tampered with.
 
-Windows includes many security features to help protect users from malware and attacks. However, trusting the Windows security components can only be achieved if the platform boots as expected and was not tampered with. Windows relies on Unified Extensible Firmware Interface (UEFI) Secure Boot, Early-launch antimalware (ELAM), Dynamic Root of Trust for Measurement (DRTM), Trusted Boot, and other low-level hardware and firmware security features. When you power on your PC until your anti-malware starts, Windows is backed with the appropriate hardware configuration to help keep you safe. [Measured and Trusted boot](information-protection/secure-the-windows-10-boot-process.md), implemented by bootloaders and BIOS, verifies and cryptographically records each step of the boot in a chained manner. These events are bound to a security coprocessor (TPM) that acts as the Root of Trust. Remote Attestation is the mechanism by which these events are read and verified by a service to provide a verifiable, unbiased, and tamper resilient report. Remote attestation is the trusted auditor of your system's boot, allowing specific entities to trust the device. 
+Windows includes many security features to help protect users from malware and attacks. However, trusting the Windows security components can only be achieved if the platform boots as expected and was not tampered with. Windows relies on Unified Extensible Firmware Interface (UEFI) Secure Boot, Early-launch antimalware (ELAM), Dynamic Root of Trust for Measurement (DRTM), Trusted Boot, and other low-level hardware and firmware security features. When you power on your PC until your anti-malware starts, Windows is backed with the appropriate hardware configuration to help keep you safe. [Measured and Trusted boot](information-protection/secure-the-windows-10-boot-process.md), implemented by bootloaders and BIOS, verifies and cryptographically records each step of the boot in a chained manner. These events are bound to a security coprocessor (TPM) that acts as the Root of Trust. Remote Attestation is the mechanism by which these events are read and verified by a service to provide a verifiable, unbiased, and tamper resilient report. Remote attestation is the trusted auditor of your system's boot, allowing specific entities to trust the device.
 
 A summary of the steps involved in attestation and Zero Trust on the device side are as follows:
 

From 93dac72e3bcf49e30d29794daff02be31595dd5d Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 29 Sep 2021 11:02:42 -0700
Subject: [PATCH 653/671] Update policy-csp-localpoliciessecurityoptions.md

---
 ...policy-csp-localpoliciessecurityoptions.md | 79 +++++++++----------
 1 file changed, 39 insertions(+), 40 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
index 1b78a514c8..4b4556e7e0 100644
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@@ -5,9 +5,9 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.localizationpriority: medium
-ms.date: 05/02/2021
+ms.date: 09/29/2021
 ms.reviewer: 
 manager: dansimp
 ---
@@ -522,9 +522,8 @@ Devices: Allow undock without having to log on.
 This security setting determines whether a portable computer can be undocked without having to log on. If this policy is enabled, logon is not required and an external hardware eject button can be used to undock the computer. If disabled, a user must log on and have the Remove computer from docking station privilege to undock the computer.
 Default: Enabled.
 
-Caution:
-
-Disabling this policy may tempt users to try and physically remove the laptop from its docking station using methods other than the external hardware eject button. Since this may cause damage to the hardware, this setting, in general, should only be disabled on laptop configurations that are physically securable.
+> [!CAUTION]
+> Disabling this policy may tempt users to try and physically remove the laptop from its docking station using methods other than the external hardware eject button. Since this may cause damage to the hardware, this setting, in general, should only be disabled on laptop configurations that are physically securable.
 
 <!--/Description-->
 <!--RegistryMapped-->
@@ -664,7 +663,7 @@ For a computer to print to a shared printer, the driver for that shared printer
 Default on servers: Enabled.
 Default on workstations: Disabled
 
->[!Note]
+>[!NOTE]
 >This setting does not affect the ability to add a local printer. This setting does not affect Administrators.
 
 <!--/Description-->
@@ -1411,14 +1410,14 @@ If this setting is enabled, the Microsoft network client will not communicate wi
  
 Default: Disabled.   
 
->[!Note] 
->All Windows operating systems support both a client-side SMB component and a server-side SMB component.Enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
->- Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing. 
->- Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
->- Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing. 
->- Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled. 
+> [!Note] 
+> All Windows operating systems support both a client-side SMB component and a server-side SMB component.Enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
+> - Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing. 
+> - Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
+> - Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing. 
+> - Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled. 
 >
->SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](/troubleshoot/windows-server/networking/reduced-performance-after-smb-encryption-signing).
+> SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](/troubleshoot/windows-server/networking/reduced-performance-after-smb-encryption-signing).
 
 <!--/Description-->
 <!--RegistryMapped-->
@@ -1491,16 +1490,16 @@ If this setting is enabled, the Microsoft network client will ask the server to
 
 Default: Enabled.
 
->[!Note]
->All Windows operating systems support both a client-side SMB component and a server-side SMB component. Enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
->- Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
->- Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
->- Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
->- Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
->If both client-side and server-side SMB signing is enabled and the client establishes an SMB 1.0 connection to the server, SMB signing will be attempted.
+> [!Note]
+> All Windows operating systems support both a client-side SMB component and a server-side SMB component. Enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
+> - Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
+> - Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
+> - Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
+> - Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
+> If both client-side and server-side SMB signing is enabled and the client establishes an SMB 1.0 connection to the server, SMB signing will be attempted.
 >
->SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections.
-For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](/troubleshoot/windows-server/networking/reduced-performance-after-smb-encryption-signing).
+> SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections.
+> For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](/troubleshoot/windows-server/networking/reduced-performance-after-smb-encryption-signing).
 
 <!--/Description-->
 <!--RegistryMapped-->
@@ -1726,16 +1725,16 @@ If this setting is enabled, the Microsoft network server will not communicate wi
 
 Default: Disabled for member servers. Enabled for domain controllers.
 
->[!Note]
->All Windows operating systems support both a client-side SMB component and a server-side SMB component. Enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
->- Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
->- Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
->- Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
->- Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
+> [!NOTE]
+> All Windows operating systems support both a client-side SMB component and a server-side SMB component. Enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
+> - Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
+> - Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
+> - Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
+> - Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
 >
->Similarly, if client-side SMB signing is required, that client will not be able to establish a session with servers that do not have packet signing enabled. By default, server-side SMB signing is enabled only on domain controllers.
->If server-side SMB signing is enabled, SMB packet signing will be negotiated with clients that have client-side SMB signing enabled.
->SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](/troubleshoot/windows-server/networking/reduced-performance-after-smb-encryption-signing).
+> Similarly, if client-side SMB signing is required, that client will not be able to establish a session with servers that do not have packet signing enabled. By default, server-side SMB signing is enabled only on domain controllers.
+> If server-side SMB signing is enabled, SMB packet signing will be negotiated with clients that have client-side SMB signing enabled.
+> SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](/troubleshoot/windows-server/networking/reduced-performance-after-smb-encryption-signing).
 
 <!--/Description-->
 <!--RegistryMapped-->
@@ -1808,15 +1807,15 @@ If this setting is enabled, the Microsoft network server will negotiate SMB pack
 
 Default: Enabled on domain controllers only.
 
->[!Note]
+> [!NOTE]
 > All Windows operating systems support both a client-side SMB component and a server-side SMB component. Enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
->- Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
->- Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
->- Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
->- Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
->If both client-side and server-side SMB signing is enabled and the client establishes an SMB 1.0 connection to the server, SMB signing will be attempted.
+> - Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
+> - Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
+> - Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
+> - Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
+> If both client-side and server-side SMB signing is enabled and the client establishes an SMB 1.0 connection to the server, SMB signing will be attempted.
 >
->SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections.
+> SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections.
 For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](/troubleshoot/windows-server/networking/reduced-performance-after-smb-encryption-signing).
 
 <!--/Description-->
@@ -1894,8 +1893,8 @@ Disabled: No additional restrictions. Rely on default permissions.
 Default on workstations: Enabled.
 Default on server:Enabled.
 
->[!Important]
->This policy has no impact on domain controllers.
+> [!IMPORTANT]
+> This policy has no impact on domain controllers.
 
 <!--/Description-->
 <!--RegistryMapped-->

From 9b4ed72c9f675475b12343a28a50ae412921150f Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 29 Sep 2021 11:25:40 -0700
Subject: [PATCH 654/671] Update policy-csp-localpoliciessecurityoptions.md

---
 .../mdm/policy-csp-localpoliciessecurityoptions.md           | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
index 4b4556e7e0..e181048e21 100644
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@@ -302,9 +302,8 @@ This security setting determines whether local accounts that are not password pr
 
 Default: Enabled.
 
-Warning:
-
-Computers that are not in physically secure locations should always enforce strong password policies for all local user accounts. Otherwise, anyone with physical access to the computer can log on by using a user account that does not have a password. This is especially important for portable computers.
+> [!WARNING]
+> Computers that are not in physically secure locations should always enforce strong password policies for all local user accounts. Otherwise, anyone with physical access to the computer can log on by using a user account that does not have a password. This is especially important for portable computers.
 If you apply this security policy to the Everyone group, no one will be able to log on through Remote Desktop Services.
 
 This setting does not affect logons that use domain accounts.

From b5a33b988ae9afe22cd9052f6af93a6f57cd020f Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Wed, 29 Sep 2021 13:26:11 -0700
Subject: [PATCH 655/671] addtl edits

---
 windows/security/zero-trust-windows-device-health.md | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/windows/security/zero-trust-windows-device-health.md b/windows/security/zero-trust-windows-device-health.md
index 324d3a7083..a90992f99b 100644
--- a/windows/security/zero-trust-windows-device-health.md
+++ b/windows/security/zero-trust-windows-device-health.md
@@ -27,11 +27,13 @@ The [Zero Trust Principles](https://www.microsoft.com/security/business/zero-tru
 
 The Zero Trust concept of **verify explicitly** applies to the risks introduced by both devices and users. Windows provides IT administrators the attestation and measurements to determine whether a device meets requirements and can be trusted. Microsoft Intune and Azure Active Directory can be used to manage and enforce access. Plus, IT Administrators can easily customize Windows to meet specific user and policy requirements for access, privacy, compliance, and more.
 
-Zero Trust moves enterprise defenses from static, network-based perimeters to focus on users, assets, and resources. Both [Conditional access](/azure/active-directory/conditional-access/overview) and Device health attestation are used to help grant access to corporate resources.
+**Device health attestation** and **conditional access** are used to grant access to corporate resources. This helps reinforce a Zero Trust paradigm that moves enterprise defenses from static, network- based perimeters to focus on users, assets, and resources.
 
-[Conditional access](/azure/active-directory/conditional-access/overview) evaluates identity signals to confirm that users are who they say they are. Access can then be allowed or blocked based on this information.
+[Conditional access](/azure/active-directory/conditional-access/overview) evaluates identity signals to confirm that users are who they say they are before they are granted access to corporate resources. 
 
-For devices, each device needs to prove that it hasn't been tampered with and is in a good state. Windows 11 supports remote attestation to help confirm device compliance. This helps users access corporate resources whether they’re in the office, at home, or when they’re traveling. This capability is critical part of enabling hybrid, modern work environment.
+Windows 11 supports device health attestation to confirm that devices are in a good state and have not been tampered with. This helps users access corporate resources whether they’re in the office, at home, or when they’re traveling.
+
+Attestation provides assurance of trust as it can verify the identity and status of essential components and that the device, firmware, and boot process has not been altered. Information about the firmware, boot process, and software, which is cryptographically stored in the security co-processor (TPM), is used to validate the security state of the device. Once the device is attested it can be granted access to resources.
 
 ## Device health attestation on Windows
  Many security risks can emerge during the boot process as this process can be the most privileged component of the whole system. Zero Trust principles state that all endpoints are untrusted unless they are verified. The verification process uses remote attestation as the secure channel to determine and present the device’s health. Remote attestation determines:

From 6d5d104357edd1df611197833685e96e083a31aa Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Wed, 29 Sep 2021 15:41:42 -0700
Subject: [PATCH 656/671] edits

---
 windows/security/zero-trust-windows-device-health.md | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/windows/security/zero-trust-windows-device-health.md b/windows/security/zero-trust-windows-device-health.md
index a90992f99b..f24284a5f3 100644
--- a/windows/security/zero-trust-windows-device-health.md
+++ b/windows/security/zero-trust-windows-device-health.md
@@ -15,9 +15,9 @@ ms.technology: windows-sec
 ---
 
 # Zero Trust and Windows device health
-Today’s organizations need a new security model that more effectively adapts to the complexity of the modern environment, embraces the hybrid workplace, and protects people, devices, apps, and data wherever they’re located. Implementing a Zero Trust model for security addresses today's complex work environments.
+Today’s organizations need a new security model that more effectively adapts to the complexity of the modern environment, embraces the hybrid workplace, and protects people, devices, apps, and data wherever they’re located. Implementing a Zero Trust model for security helps addresses today's complex environments.
 
-The [Zero Trust Principles](https://www.microsoft.com/security/business/zero-trust) are threefold.
+The [Zero Trust Principles](https://www.microsoft.com/security/business/zero-trust) are:
 
 - **Verify explicitly**. Always authenticate and authorize based on all available data points, including user identity, location, device health, service or workload, data classification, and monitor anomalies.
 
@@ -25,9 +25,7 @@ The [Zero Trust Principles](https://www.microsoft.com/security/business/zero-tru
 
 - **Assume breach**. Prevent attackers from obtaining access to minimize potential damage to data and systems. Protect privileged roles, verify end-to-end encryption, use analytics to get visibility, and drive threat detection to improve defenses.
 
-The Zero Trust concept of **verify explicitly** applies to the risks introduced by both devices and users. Windows provides IT administrators the attestation and measurements to determine whether a device meets requirements and can be trusted. Microsoft Intune and Azure Active Directory can be used to manage and enforce access. Plus, IT Administrators can easily customize Windows to meet specific user and policy requirements for access, privacy, compliance, and more.
-
-**Device health attestation** and **conditional access** are used to grant access to corporate resources. This helps reinforce a Zero Trust paradigm that moves enterprise defenses from static, network- based perimeters to focus on users, assets, and resources.
+The Zero Trust concept of **verify explicitly** applies to the risks introduced by both devices and users. Windows enables **device health attestation** and **conditional access** capabilities, which are used to grant access to corporate resources. 
 
 [Conditional access](/azure/active-directory/conditional-access/overview) evaluates identity signals to confirm that users are who they say they are before they are granted access to corporate resources. 
 
@@ -36,7 +34,7 @@ Windows 11 supports device health attestation to confirm that devices are in a g
 Attestation provides assurance of trust as it can verify the identity and status of essential components and that the device, firmware, and boot process has not been altered. Information about the firmware, boot process, and software, which is cryptographically stored in the security co-processor (TPM), is used to validate the security state of the device. Once the device is attested it can be granted access to resources.
 
 ## Device health attestation on Windows
- Many security risks can emerge during the boot process as this process can be the most privileged component of the whole system. Zero Trust principles state that all endpoints are untrusted unless they are verified. The verification process uses remote attestation as the secure channel to determine and present the device’s health. Remote attestation determines:
+ Many security risks can emerge during the boot process as this process can be the most privileged component of the whole system. The verification process uses remote attestation as the secure channel to determine and present the device’s health. Remote attestation determines:
 
 - If the device can be trusted.
 - If the operating system booted correctly.

From 049b1d451549da4ebeed67668127573c4d5c4afe Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Wed, 29 Sep 2021 15:51:06 -0700
Subject: [PATCH 657/671] acrolinx

---
 .../zero-trust-windows-device-health.md        | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/windows/security/zero-trust-windows-device-health.md b/windows/security/zero-trust-windows-device-health.md
index f24284a5f3..1462084e1e 100644
--- a/windows/security/zero-trust-windows-device-health.md
+++ b/windows/security/zero-trust-windows-device-health.md
@@ -15,9 +15,9 @@ ms.technology: windows-sec
 ---
 
 # Zero Trust and Windows device health
-Today’s organizations need a new security model that more effectively adapts to the complexity of the modern environment, embraces the hybrid workplace, and protects people, devices, apps, and data wherever they’re located. Implementing a Zero Trust model for security helps addresses today's complex environments.
+Organizations need a security model that more effectively adapts to the complexity of the modern work environment. IT admins need to embrace the hybrid workplace, while protecting people, devices, apps, and data wherever they’re located. Implementing a Zero Trust model for security helps addresses today's complex environments.
 
-The [Zero Trust Principles](https://www.microsoft.com/security/business/zero-trust) are:
+The [Zero Trust](https://www.microsoft.com/security/business/zero-trust) principles are:
 
 - **Verify explicitly**. Always authenticate and authorize based on all available data points, including user identity, location, device health, service or workload, data classification, and monitor anomalies.
 
@@ -29,18 +29,18 @@ The Zero Trust concept of **verify explicitly** applies to the risks introduced
 
 [Conditional access](/azure/active-directory/conditional-access/overview) evaluates identity signals to confirm that users are who they say they are before they are granted access to corporate resources. 
 
-Windows 11 supports device health attestation to confirm that devices are in a good state and have not been tampered with. This helps users access corporate resources whether they’re in the office, at home, or when they’re traveling.
+Windows 11 supports device health attestation, helping to confirm that devices are in a good state and have not been tampered with. This capability helps users access corporate resources whether they’re in the office, at home, or when they’re traveling.
 
-Attestation provides assurance of trust as it can verify the identity and status of essential components and that the device, firmware, and boot process has not been altered. Information about the firmware, boot process, and software, which is cryptographically stored in the security co-processor (TPM), is used to validate the security state of the device. Once the device is attested it can be granted access to resources.
+Attestation helps verify the identity and status of essential components and that the device, firmware, and boot process have not been altered. Information about the firmware, boot process, and software, is used to validate the security state of the device. This information is cryptographically stored in the security co-processor Trusted Platform Module (TPM). Once the device is attested, it can be granted access to resources.
 
 ## Device health attestation on Windows
  Many security risks can emerge during the boot process as this process can be the most privileged component of the whole system. The verification process uses remote attestation as the secure channel to determine and present the device’s health. Remote attestation determines:
 
-- If the device can be trusted.
-- If the operating system booted correctly.
-- If the OS has the right set of security features enabled.
+- If the device can be trusted
+- If the operating system booted correctly
+- If the OS has the right set of security features enabled
 
-These determinations are made with the help of a secure root of trust using the Trusted Platform Module (TPM). Devices can attest that the TPM is enabled in the attestation flow, and that the device has not been tampered with.
+These determinations are made with the help of a secure root of trust using the Trusted Platform Module (TPM). Devices can attest that the TPM is enabled, and that the device has not been tampered with.
 
 Windows includes many security features to help protect users from malware and attacks. However, trusting the Windows security components can only be achieved if the platform boots as expected and was not tampered with. Windows relies on Unified Extensible Firmware Interface (UEFI) Secure Boot, Early-launch antimalware (ELAM), Dynamic Root of Trust for Measurement (DRTM), Trusted Boot, and other low-level hardware and firmware security features. When you power on your PC until your anti-malware starts, Windows is backed with the appropriate hardware configuration to help keep you safe. [Measured and Trusted boot](information-protection/secure-the-windows-10-boot-process.md), implemented by bootloaders and BIOS, verifies and cryptographically records each step of the boot in a chained manner. These events are bound to a security coprocessor (TPM) that acts as the Root of Trust. Remote Attestation is the mechanism by which these events are read and verified by a service to provide a verifiable, unbiased, and tamper resilient report. Remote attestation is the trusted auditor of your system's boot, allowing specific entities to trust the device.
 
@@ -66,6 +66,6 @@ A summary of the steps involved in attestation and Zero Trust on the device side
 
 8. Conditional access, along with device-compliance state then decides to allow or deny access.
 
-## Additional Resources
+## Other Resources
 
 Learn more about Microsoft Zero Trust solutions in the [Zero Trust Guidance Center](/security/zero-trust/).

From d140fcbf6a8026e82ad3db8690fd02ecae698cfa Mon Sep 17 00:00:00 2001
From: Alekhya Jupudi <v-aljupudi@microsoft.com>
Date: Thu, 30 Sep 2021 11:22:51 +0530
Subject: [PATCH 658/671] Defender App Guard Link text correction-01

Change to Learn more about the [Windows Defender Application Control feature availability](feature-availability.md)
---
 .../windows-defender-application-control/LOB-win32-apps-on-s.md | 2 +-
 ...gistration-in-windows-defender-application-control-policy.md | 2 +-
 ...and-enforce-windows-defender-application-control-policies.md | 2 +-
 .../audit-windows-defender-application-control-policies.md      | 2 +-
 ...nfigure-authorized-apps-deployed-with-a-managed-installer.md | 2 +-
 .../configure-wdac-managed-installer.md                         | 2 +-
 ...ode-signing-cert-for-windows-defender-application-control.md | 2 +-
 .../create-initial-default-policy.md                            | 2 +-
 .../create-wdac-policy-for-fully-managed-devices.md             | 2 +-
 .../create-wdac-policy-for-lightly-managed-devices.md           | 2 +-
 ...log-files-to-support-windows-defender-application-control.md | 2 +-
 ...oy-multiple-windows-defender-application-control-policies.md | 2 +-
 ...-defender-application-control-policies-using-group-policy.md | 2 +-
 ...indows-defender-application-control-policies-using-intune.md | 2 +-
 .../disable-windows-defender-application-control-policies.md    | 2 +-
 .../enforce-windows-defender-application-control-policies.md    | 2 +-
 .../example-wdac-base-policies.md                               | 2 +-
 ...e-packaged-apps-with-windows-defender-application-control.md | 2 +-
 .../merge-windows-defender-application-control-policies.md      | 2 +-
 .../microsoft-recommended-block-rules.md                        | 2 +-
 .../microsoft-recommended-driver-block-rules.md                 | 2 +-
 .../plan-windows-defender-application-control-management.md     | 2 +-
 .../select-types-of-rules-to-create.md                          | 2 +-
 .../windows-defender-application-control/types-of-devices.md    | 2 +-
 ...dows-defender-application-control-policy-design-decisions.md | 2 +-
 25 files changed, 25 insertions(+), 25 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md b/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md
index 9c23deaecd..1fd7837df9 100644
--- a/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md
+++ b/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md
@@ -26,7 +26,7 @@ ms.technology: mde
 -   Windows 11
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 Beginning with the Windows 10 November 2019 update (build 18363), Microsoft Intune enables customers to deploy and run business critical Win32 applications and Windows components that are normally blocked in S mode (ex. PowerShell.exe) on their Intune-managed Windows in S mode devices.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
index 5d98c29cbb..f200b445bc 100644
--- a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
@@ -26,7 +26,7 @@ ms.technology: mde
 -   Windows Server 2016 and later
 
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 The [Microsoft Component Object Model (COM)](/windows/desktop/com/the-component-object-model) is a platform-independent, distributed, object-oriented system for creating binary software components that can interact. COM specifies an object model and programming requirements that enable COM objects to interact with other objects.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md
index 671bd29bf1..62270b6e8e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md
@@ -27,7 +27,7 @@ ms.technology: mde
 -   Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 Running Application Control in audit mode lets you discover applications, binaries, and scripts that are missing from your WDAC policy but should be included.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md
index 706f2e6d6a..0ca71721d8 100644
--- a/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md
@@ -27,7 +27,7 @@ ms.technology: mde
 -   Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 Running Application Control in audit mode lets you discover applications, binaries, and scripts that are missing from your WDAC policy but should be included.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md
index 70e5a3a31d..26506a422a 100644
--- a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md
+++ b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md
@@ -27,7 +27,7 @@ ms.technology: mde
 -   Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 Windows 10, version 1703 introduced a new option for Windows Defender Application Control (WDAC), called _managed installer_, that helps balance security and manageability when enforcing application control policies. This option lets you automatically allow applications installed by a designated software distribution solution such as Microsoft Endpoint Configuration Manager.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md
index a6fe5ce62e..fb11f5cbf8 100644
--- a/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md
+++ b/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md
@@ -27,7 +27,7 @@ ms.technology: mde
 -   Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 Setting up managed installer tracking and application execution enforcement requires applying both an AppLocker and WDAC policy with specific rules and options enabled.
 There are three primary steps to keep in mind:
diff --git a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
index 761ea31822..7f12604edc 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
@@ -27,7 +27,7 @@ ms.technology: mde
 -   Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 As you deploy Windows Defender Application Control (WDAC), you might need to sign catalog files or WDAC policies internally. To do this, you will either need a publicly issued code signing certificate or an internal CA. If you have purchased a code signing certificate, you can skip this topic and instead follow other topics listed in the [Windows Defender Application Control Deployment Guide](windows-defender-application-control-deployment-guide.md). 
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md
index 40ab4ad3bd..4d96dd5039 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md
@@ -27,7 +27,7 @@ ms.technology: mde
 -   Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 This section outlines the process to create a WDAC policy for fixed-workload devices within an organization. Fixed-workload devices tend to be dedicated to a specific functional purpose and share common configuration attributes with other devices servicing the same functional role. Examples of fixed-workload devices may include Active Directory Domain Controllers, Secure Admin Workstations, pharmaceutical drug-mixing equipment, manufacturing devices, cash registers, ATMs, etc.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md
index 0037968837..ae19d1e80f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md
@@ -28,7 +28,7 @@ ms.technology: mde
 -   Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 This section outlines the process to create a WDAC policy for **fully managed devices** within an organization. The key difference between this scenario and [lightly managed devices](create-wdac-policy-for-lightly-managed-devices.md) is that all software deployed to a fully managed device is managed by IT and users of the device cannot install arbitrary apps. Ideally, all apps are deployed using a software distribution solution, such as Microsoft Endpoint Manager (MEM). Additionally, users on fully managed devices should ideally run as standard user and only authorized IT pros have administrative access.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md
index 76199f55b5..98d4991e37 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md
@@ -28,7 +28,7 @@ ms.technology: mde
 -   Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 This section outlines the process to create a WDAC policy for **lightly managed devices** within an organization. Typically, organizations that are new to application control will be most successful if they start with a permissive policy like the one described in this topic. Organizations can choose to harden the policy over time to achieve a stronger overall security posture on their WDAC-managed devices as described in later topics.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md
index bdb0bb25f6..fbe13edbe5 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md
@@ -27,7 +27,7 @@ ms.technology: mde
 -   Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 Catalog files can be important in your deployment of Windows Defender Application Control (WDAC) if you have unsigned line-of-business (LOB) applications for which the process of signing is difficult. To prepare to create WDAC policies that allow these trusted applications but block unsigned code (most malware is unsigned), you create a *catalog file* that contains information about the trusted applications. After you sign and distribute the catalog, your trusted applications can be handled by WDAC in the same way as any other signed application. With this foundation, you can more easily block all unsigned applications, allowing only signed applications to run.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md
index 9ea7cc663a..96abd74691 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md
@@ -27,7 +27,7 @@ ms.technology: mde
 -   Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 Prior to Windows 10 1903, WDAC only supported a single active policy on a system at any given time. This significantly limited customers in situations where multiple policies with different intents would be useful. Beginning with Windows 10 version 1903, WDAC supports up to 32 active policies on a device at once in order to enable the following scenarios:
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md
index dea3b62b33..8482f5f1c0 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md
@@ -27,7 +27,7 @@ ms.technology: mde
 -   Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 > [!NOTE]
 > Group Policy-based deployment of WDAC policies only supports single-policy format WDAC policies. To use WDAC on devices running Windows 10 1903 and greater, or Windows 11, we recommend using an alternative method for policy deployment.
diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md
index 29fbbe9431..7b44dba695 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md
@@ -27,7 +27,7 @@ ms.technology: mde
 -   Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 You can use a Mobile Device Management (MDM) solution, like Microsoft Endpoint Manager (MEM) Intune, to configure Windows Defender Application Control (WDAC) on client machines. Intune includes native support for WDAC which can be a helpful starting point, but customers may find the available circle-of-trust options too limiting. To deploy a custom policy through Intune and define your own circle of trust, you can configure a profile using Custom OMA-URI. If your organization uses another MDM solution, check with your solution provider for WDAC policy deployment steps.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md
index ad706276ac..bff322daff 100644
--- a/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md
@@ -27,7 +27,7 @@ ms.technology: mde
 -   Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 This topic covers how to disable unsigned or signed WDAC policies.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md
index 5dd1fd73f9..685ffd83a1 100644
--- a/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md
@@ -25,7 +25,7 @@ ms.localizationpriority: medium
 -   Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 You should now have one or more WDAC policies broadly deployed in audit mode. You have analyzed events collected from the devices with those policies and you're ready to enforce. Use this procedure to prepare and deploy your WDAC policies in enforcement mode.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md b/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md
index 4e249a4f50..b12655562e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md
@@ -28,7 +28,7 @@ ms.technology: mde
 -   Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 When creating policies for use with Windows Defender Application Control (WDAC), start from an existing base policy and then add or remove rules to build your own custom policy. Windows includes several example policies that can be used, or organizations that use the Device Guard Signing Service can download a starter policy from that service.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md
index 2d0ccf9451..5939c67fde 100644
--- a/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md
+++ b/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md
@@ -27,7 +27,7 @@ ms.technology: mde
 -   Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 This topic for IT professionals describes concepts and lists procedures to help you manage packaged apps with Windows Defender Application Control (WDAC) as part of your overall application control strategy.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md
index f2561cb90c..1c0bf07bd4 100644
--- a/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md
@@ -25,7 +25,7 @@ ms.localizationpriority: medium
 -   Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 This article shows how to merge multiple policy XML files together and how to merge rules directly into a policy. WDAC deployments often include a few base policies and optional supplemental policies for specific use cases.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
index d9e8974465..53d81d3ab1 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
@@ -27,7 +27,7 @@ ms.date: 08/23/2021
 -   Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 Members of the security community<sup>*</sup> continuously collaborate with Microsoft to help protect customers. With the help of their valuable reports, Microsoft has identified a list of valid applications that an attacker could also potentially use to bypass Windows Defender Application Control. 
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
index 56ff102873..21119863f7 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
@@ -26,7 +26,7 @@ ms.date:
 -   Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 Microsoft has strict requirements for code running in kernel. So, malicious actors are turning to exploit vulnerabilities in legitimate and signed kernel drivers to run malware in kernel. One of the many strengths of the Windows platform is our strong collaboration with independent hardware vendors (IHVs) and OEMs. Microsoft works closely with our IHVs and security community to ensure the highest level of driver security for our customers and when vulnerabilities in drivers do arise, that they're patched and rolled out to the ecosystem in an expedited manner. Microsoft then adds the vulnerable versions of the drivers to our ecosystem block policy, which is applied to the following sets of devices:
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md b/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md
index 0c319af7e6..bff9aace8e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md
+++ b/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md
@@ -27,7 +27,7 @@ ms.technology: mde
 -   Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 This topic describes the decisions you need to make to establish the processes for managing and maintaining Windows Defender Application Control (WDAC) policies.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
index 403aab58d8..69855b69b3 100644
--- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
+++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
@@ -27,7 +27,7 @@ ms.technology: mde
 -   Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 Windows Defender Application Control (WDAC) can control what runs on Windows 10 and Windows 11 by setting policies that specify whether a driver or application is trusted. A policy includes *policy rules* that control options such as audit mode, and *file rules* (or *file rule levels*) that specify how applications are identified and trusted.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md b/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md
index a4f3db57bd..024f7881f7 100644
--- a/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md
+++ b/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 Typically, deployment of Windows Defender Application Control (WDAC) happens best in phases, rather than being a feature that you simply “turn on.” The choice and sequence of phases depends on the way various computers and other devices are used in your organization, and to what degree IT manages those devices. The following table can help you begin to develop a plan for deploying WDAC in your organization. It is common for organizations to have device use cases across each of the categories described.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md
index ce15020a22..e0abed5fef 100644
--- a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md
+++ b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 This topic is for the IT professional and lists the design questions, possible answers, and ramifications of the decisions when you plan a deployment of application control policies by using Windows Defender Application Control (WDAC) within a Windows operating system environment.
 

From b3ef0445f149091e5d720600f45c2c1df979f071 Mon Sep 17 00:00:00 2001
From: Alekhya Jupudi <v-aljupudi@microsoft.com>
Date: Thu, 30 Sep 2021 11:30:16 +0530
Subject: [PATCH 659/671] Defender App Guard Link text correction-02

Change to Learn more about the Windows Defender Application Control feature availability
---
 ...dd-rules-for-packaged-apps-to-existing-applocker-rule-set.md | 2 +-
 .../applocker/administer-applocker.md                           | 2 +-
 .../applocker/applocker-architecture-and-components.md          | 2 +-
 .../applocker/applocker-functions.md                            | 2 +-
 .../applocker/applocker-overview.md                             | 2 +-
 .../applocker/applocker-policies-deployment-guide.md            | 2 +-
 .../applocker/applocker-policies-design-guide.md                | 2 +-
 .../applocker/applocker-policy-use-scenarios.md                 | 2 +-
 .../applocker/applocker-processes-and-interactions.md           | 2 +-
 .../deployment/deploy-wdac-policies-with-memcm.md               | 2 +-
 .../deployment/deploy-wdac-policies-with-script.md              | 2 +-
 .../operations/known-issues.md                                  | 2 +-
 ...lify-application-control-for-classic-windows-applications.md | 2 +-
 ...vice-guard-signing-portal-in-microsoft-store-for-business.md | 2 +-
 ...ct-windows-defender-application-control-against-tampering.md | 2 +-
 ...l-policy-to-control-specific-plug-ins-add-ins-and-modules.md | 2 +-
 ...ender-application-control-with-intelligent-security-graph.md | 2 +-
 .../wdac-and-applocker-overview.md                              | 2 +-
 .../wdac-wizard-create-base-policy.md                           | 2 +-
 .../wdac-wizard-create-supplemental-policy.md                   | 2 +-
 .../wdac-wizard-editing-policy.md                               | 2 +-
 .../windows-defender-application-control/wdac-wizard.md         | 2 +-
 .../windows-defender-application-control-deployment-guide.md    | 2 +-
 .../windows-defender-application-control-design-guide.md        | 2 +-
 .../windows-defender-application-control-operational-guide.md   | 2 +-
 .../windows-defender-application-control.md                     | 2 +-
 26 files changed, 26 insertions(+), 26 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md b/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
index 9036f3e4c1..727135ff89 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes how to update your existing AppLocker policies for packaged apps using the Remote Server Administration Toolkit (RSAT).
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md
index 7f2698f4c6..9838e069b1 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals provides links to specific procedures to use when administering AppLocker policies.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md
index 44cb55c39e..f11b29225e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professional describes AppLocker’s basic architecture and its major components.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md
index c6b0e3ecf4..a095a49531 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This article for the IT professional lists the functions and security levels for the Software Restriction Policies (SRP) and AppLocker features.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md
index 93a162dc9a..45cbf5c074 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic provides a description of AppLocker and can help you decide if your organization can benefit from deploying AppLocker application control policies. AppLocker helps you control which apps and files users can run. These include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md
index 86a8829b86..d5c03fc57e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md
@@ -28,7 +28,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals introduces the concepts and describes the steps required to deploy AppLocker policies.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md
index a7d286ac77..d0df809923 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for the IT professional introduces the design and planning steps required to deploy application control policies by using AppLocker.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md
index 9afaf76dd4..1314f32db2 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for the IT professional lists the various application control scenarios in which AppLocker policies can be effectively implemented.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md
index 72c593b20b..ccb2db435b 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for the IT professional describes the process dependencies and interactions when AppLocker evaluates and enforces rules.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md
index 3dcca008bc..b8900a28dc 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md
@@ -25,7 +25,7 @@ ms.localizationpriority: medium
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 You can use Microsoft Endpoint Configuration Manager (MEMCM) to configure Windows Defender Application Control (WDAC) on client machines.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
index 2212ae92fb..67dadf4ccd 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
@@ -25,7 +25,7 @@ ms.localizationpriority: medium
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic describes how to deploy Windows Defender Application Control (WDAC) policies using script. The instructions below use PowerShell but can work with any scripting host.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md b/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md
index 3cd76bde2b..015e6b6e50 100644
--- a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md
+++ b/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md
@@ -26,7 +26,7 @@ ms.localizationpriority: medium
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic covers tips and tricks for admins as well as known issues with WDAC.
 Test this configuration in your lab before enabling it in production.
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
index dae8561c9b..392ab9a072 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 This topic covers guidelines for using code signing control classic Windows apps.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md
index 73f07b3405..79b9e0a33c 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 You can sign code integrity policies with the Device Guard signing portal to prevent them from being tampered with after they're deployed.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
index 11d3f0df1e..e2da88bed6 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 Signed WDAC policies give organizations the highest level of malware protection available in Windows. In addition to their enforced policy rules, signed policies cannot be modified or deleted by a user or administrator on the computer. These policies are designed to prevent administrative tampering and kernel mode exploit access. With this in mind, it is much more difficult to remove signed WDAC policies. Note that SecureBoot must be enabled in order to restrict users from updating or removing signed WDAC policies.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md
index 22a1c3c03a..5ce6dec509 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 As of Windows 10, version 1703, you can use WDAC policies not only to control applications, but also to control whether specific plug-ins, add-ins, and modules can run from specific apps (such as a line-of-business application or a browser):
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md
index 22c3b5e232..d1f5ea9591 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 Application control can be difficult to implement in organizations that don't deploy and manage applications through an IT-managed system. In such environments, users can acquire the applications they want to use for work, making it hard to build an effective application control policy.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md b/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md
index e8557445d0..37d3a19f84 100644
--- a/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md
+++ b/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md
@@ -28,7 +28,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 Windows 10 and Windows 11 include two technologies that can be used for application control, depending on your organization's specific scenarios and requirements: Windows Defender Application Control (WDAC) and AppLocker.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md
index b0f068d8b7..eb2d098d4b 100644
--- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md
@@ -28,7 +28,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 When creating policies for use with Windows Defender Application Control (WDAC), it is recommended to start with a template policy and then add or remove rules to suit your application control scenario. For this reason, the WDAC Wizard offers three template policies to start from and customize during the base policy creation workflow. Prerequisite information about application control can be accessed through the [WDAC design guide](windows-defender-application-control-design-guide.md). This page outlines the steps to create a new application control policy from a template, configure the policy options, and the signer and file rules. 
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md
index f11d86f9a7..71046d7308 100644
--- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md
@@ -28,7 +28,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 Beginning in Windows 10 version 1903, WDAC supports the creation of multiple active policies on a device. One or more supplemental policies allow customers to expand a [WDAC base policy](wdac-wizard-create-base-policy.md) to increase the circle of trust of the policy. A supplemental policy can expand only one base policy, but multiple supplementals can expand the same base policy. When using supplemental policies, applications allowed by the base or its supplemental policy/policies will be allowed to execute.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md
index d696659c2a..754f399a47 100644
--- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md
@@ -28,7 +28,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 The WDAC Wizard makes editing and viewing WDAC policies easier than the PowerShell cmdlets or manually. The Wizard currently supports the following editing capabilities: 
 <ul>
diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md
index 4cdeb72f21..3143fd1d5c 100644
--- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md
+++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md
@@ -28,7 +28,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 The Windows Defender Application Control (WDAC) policy Wizard is an open-source Windows desktop application written in C# and bundled as an MSIX package. The Wizard was built to provide security architects with security, and system administrators with a more user-friendly means to create, edit, and merge WDAC policies. The Wizard desktop application uses the [ConfigCI PowerShell Cmdlets](/powershell/module/configci) in the backend so the output policy of the Wizard and PowerShell cmdlets is identical.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md
index 40512b4dda..b3d650b5e2 100644
--- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md
+++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 You should now have one or more WDAC policies ready to deploy. If you haven't yet completed the steps described in the [WDAC Design Guide](windows-defender-application-control-design-guide.md), do so now before proceeding.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md
index 57db67bee8..6617b5581c 100644
--- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md
+++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md
@@ -28,7 +28,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 This guide covers design and planning for Windows Defender Application Control (WDAC). It is intended to help security architects, security administrators, and system administrators create a plan that addresses specific application control requirements for different departments or business groups within an organization.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md
index 31c5d1fe8e..8d5d8dda4a 100644
--- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md
+++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 After designing and deploying your Windows Defender Application Control (WDAC) policies, this guide covers understanding the effects your policies are having and troubleshooting when they are not behaving as expected. It contains information on where to find events and what they mean, and also querying these events with Microsoft Defender for Endpoint Advanced Hunting feature.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md
index abe51d1188..9d17eb7f30 100644
--- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md
+++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md
@@ -28,7 +28,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
 With thousands of new malicious files created every day, using traditional methods like antivirus solutions—signature-based detection to fight against malware—provides an inadequate defense against new attacks.
 

From 200f30988fcf9b86b1dc67ff8bfeb0da0b831bd2 Mon Sep 17 00:00:00 2001
From: Alekhya Jupudi <v-aljupudi@microsoft.com>
Date: Thu, 30 Sep 2021 11:35:44 +0530
Subject: [PATCH 660/671] Defender App Guard Link text correction-03

Change to Learn more about the Windows Defender Application Control feature availability
---
 .../applocker/applocker-settings.md                             | 2 +-
 .../applocker/applocker-technical-reference.md                  | 2 +-
 .../applocker/configure-an-applocker-policy-for-audit-only.md   | 2 +-
 .../configure-an-applocker-policy-for-enforce-rules.md          | 2 +-
 .../applocker/configure-exceptions-for-an-applocker-rule.md     | 2 +-
 .../applocker/configure-the-appLocker-reference-device.md       | 2 +-
 .../applocker/configure-the-application-identity-service.md     | 2 +-
 .../applocker/create-a-rule-for-packaged-apps.md                | 2 +-
 .../applocker/create-a-rule-that-uses-a-file-hash-condition.md  | 2 +-
 .../applocker/create-a-rule-that-uses-a-path-condition.md       | 2 +-
 .../applocker/create-a-rule-that-uses-a-publisher-condition.md  | 2 +-
 .../applocker/create-applocker-default-rules.md                 | 2 +-
 ...eate-list-of-applications-deployed-to-each-business-group.md | 2 +-
 .../applocker/create-your-applocker-policies.md                 | 2 +-
 .../applocker/create-your-applocker-rules.md                    | 2 +-
 .../applocker/delete-an-applocker-rule.md                       | 2 +-
 ...loy-applocker-policies-by-using-the-enforce-rules-setting.md | 2 +-
 .../applocker/deploy-the-applocker-policy-into-production.md    | 2 +-
 .../determine-group-policy-structure-and-rule-enforcement.md    | 2 +-
 ...applications-are-digitally-signed-on-a-reference-computer.md | 2 +-
 .../applocker/determine-your-application-control-objectives.md  | 2 +-
 ...m-url-message-when-users-try-to-run-a-blocked-application.md | 2 +-
 .../applocker/dll-rules-in-applocker.md                         | 2 +-
 ...ent-group-policy-structure-and-applocker-rule-enforcement.md | 2 +-
 .../applocker/document-your-application-list.md                 | 2 +-
 .../applocker/document-your-applocker-rules.md                  | 2 +-
 .../applocker/edit-an-applocker-policy.md                       | 2 +-
 27 files changed, 27 insertions(+), 27 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md
index e6ffbc2ba9..504b6ddc8e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for the IT professional lists the settings used by AppLocker.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md
index 49e952d360..72e525eb33 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This overview topic for IT professionals provides links to the topics in the technical reference.
 AppLocker advances the application control features and functionality of Software Restriction Policies. AppLocker contains new capabilities and extensions that allow you to create rules to allow or deny apps from running based on unique identities of files and to specify which users or groups can run those apps.
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md
index 44e68d79c2..0c75f461a6 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes how to set AppLocker policies to **Audit only** within your IT environment by using AppLocker.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md
index e59657993f..411f862d54 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes the steps to enable the AppLocker policy enforcement setting.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md
index a018cafadb..f349cab5c6 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes the steps to specify which apps can or cannot run as exceptions to an AppLocker rule.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md
index e836660931..1f654436af 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for the IT professional describes the steps to create an AppLocker policy platform structure on a reference computer.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md
index 0501a133b2..37736b98e8 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals shows how to configure the Application Identity service to start automatically or manually.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md
index eecd667d2b..6a921a1a9f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This article for IT professionals shows how to create an AppLocker rule for packaged apps with a publisher condition.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md
index 141694e9b1..ae414198e7 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals shows how to create an AppLocker rule with a file hash condition.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md
index 3efd61d7e9..305a8f1f28 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals shows how to create an AppLocker rule with a path condition.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md
index 8554f3c9f2..e54c7be041 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals shows how to create an AppLocker rule with a publisher condition.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md
index 1b41d7d17d..7d5cb87442 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes the steps to create a standard set of AppLocker rules that will allow Windows system files to run.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md
index 61d80caa45..ca15623e30 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic describes the process of gathering app usage requirements from each business group in order to implement application control policies by using AppLocker.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md
index a4dd6d3cbb..3a1109a239 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This overview topic for the IT professional describes the steps to create an AppLocker policy and prepare it for deployment.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md
index 49afa8e599..bbf2bbc5f2 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for the IT professional describes what you need to know about AppLocker rules and the methods that you can to create rules.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md b/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md
index d99290ca20..a76438913f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This article for IT professionals describes the steps to delete an AppLocker rule. 
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md b/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
index 4eacf25176..bd37f7dbd6 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes the steps to deploy AppLocker policies by using the enforcement setting method.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md b/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md
index 1cef053c49..801357a512 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for the IT professional describes the tasks that should be completed before you deploy AppLocker application control settings.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md
index 4e97c71abe..56fabec7f0 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This overview topic describes the process to follow when you are planning to deploy AppLocker rules.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md
index cd61c3ae04..0f79249eb4 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for the IT professional describes how to use AppLocker logs and tools to determine which applications are digitally signed.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md
index 90e037220c..f1a3d2fdb0 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This article helps with decisions you need to make to determine what applications to control and how to control them by comparing Software Restriction Policies (SRP) and AppLocker.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md b/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
index 0337e87f46..33e52bdb43 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes the steps for displaying a customized message to users when an AppLocker policy denies access to an app.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md
index f547e9a47c..90d0e55f8b 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic describes the file formats and available default rules for the DLL rule collection.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md b/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md
index 94b76c08b1..28c6e63bf2 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This planning topic describes what you need to investigate, determine, and record in your application control policies plan when you use AppLocker.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md
index abace52005..19976bf113 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This planning topic describes the app information that you should document when you create a list of apps for AppLocker policies.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md
index 61e0ea6cd7..d456dd6197 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic describes what AppLocker rule conditions to associate with each file, how to associate these rule conditions, the source of the rule, and whether the file should be included or excluded.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md
index d9503e8a00..d3e0de4082 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes the steps required to modify an AppLocker policy.
 

From ffb416767d0234d7899e6b3fcced1d253f93194f Mon Sep 17 00:00:00 2001
From: Alekhya Jupudi <v-aljupudi@microsoft.com>
Date: Thu, 30 Sep 2021 11:41:29 +0530
Subject: [PATCH 661/671] Defender App Guard Link text correction-04

Change to Learn more about the Windows Defender Application Control feature availability
---
 .../applocker/edit-applocker-rules.md                           | 2 +-
 .../applocker/enable-the-dll-rule-collection.md                 | 2 +-
 .../applocker/enforce-applocker-rules.md                        | 2 +-
 .../applocker/executable-rules-in-applocker.md                  | 2 +-
 .../applocker/export-an-applocker-policy-from-a-gpo.md          | 2 +-
 .../applocker/export-an-applocker-policy-to-an-xml-file.md      | 2 +-
 .../applocker/how-applocker-works-techref.md                    | 2 +-
 .../import-an-applocker-policy-from-another-computer.md         | 2 +-
 .../applocker/import-an-applocker-policy-into-a-gpo.md          | 2 +-
 .../applocker/maintain-applocker-policies.md                    | 2 +-
 .../applocker/manage-packaged-apps-with-applocker.md            | 2 +-
 .../merge-applocker-policies-by-using-set-applockerpolicy.md    | 2 +-
 .../applocker/merge-applocker-policies-manually.md              | 2 +-
 .../applocker/monitor-application-usage-with-applocker.md       | 2 +-
 .../applocker/optimize-applocker-performance.md                 | 2 +-
 ...ckaged-apps-and-packaged-app-installer-rules-in-applocker.md | 2 +-
 .../applocker/plan-for-applocker-policy-management.md           | 2 +-
 .../applocker/refresh-an-applocker-policy.md                    | 2 +-
 .../applocker/requirements-for-deploying-applocker-policies.md  | 2 +-
 .../applocker/requirements-to-use-applocker.md                  | 2 +-
 .../applocker/run-the-automatically-generate-rules-wizard.md    | 2 +-
 .../applocker/script-rules-in-applocker.md                      | 2 +-
 .../applocker/security-considerations-for-applocker.md          | 2 +-
 .../applocker/select-types-of-rules-to-create.md                | 2 +-
 .../test-an-applocker-policy-by-using-test-applockerpolicy.md   | 2 +-
 .../applocker/test-and-update-an-applocker-policy.md            | 2 +-
 .../applocker/tools-to-use-with-applocker.md                    | 2 +-
 .../applocker/understand-applocker-enforcement-settings.md      | 2 +-
 28 files changed, 28 insertions(+), 28 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md
index ae57316f95..4a6c308d6c 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes the steps to edit a publisher rule, path rule, and file hash rule in AppLocker.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md b/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md
index a7127c01e3..a4fda0421a 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes the steps to enable the DLL rule collection feature for AppLocker.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md
index d5af5704b4..d5979bfac8 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes how to enforce application control rules by using AppLocker.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md
index 4a08f289bb..6737670f69 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic describes the file formats and available default rules for the executable rule collection.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md b/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md
index 6a31ee8659..8069b0c488 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes the steps to export an AppLocker policy from a Group Policy Object (GPO) so that it can be modified.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md b/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md
index b31a06093c..13a340752a 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes the steps to export an AppLocker policy to an XML file for review or testing.
 Membership in the local **Administrators** group, or equivalent, is the minimum required to complete this procedure.
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md b/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md
index a69c492e7b..f2f21ec59a 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for the IT professional provides links to topics about AppLocker architecture and components, processes and interactions, rules and policies.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md
index ee2571025c..2ca831ad61 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes how to import an AppLocker policy.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md
index a1f2c8e829..ea0d11ab6b 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes the steps to import an AppLocker policy into a Group Policy Object (GPO).
 AppLocker policies can be created as local security policies and modified like any other local security policy, or they can be created as part of a GPO and managed by using Group Policy. You can create AppLocker policies on any supported computer. For info about which Windows editions are supported, see [Requirements to Use AppLocker](requirements-to-use-applocker.md).
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md
index 495e5578cb..fbd1e8bf5b 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md
@@ -26,7 +26,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic describes how to maintain rules within AppLocker policies.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md
index 963ec6547b..fb2455652e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes concepts and lists procedures to help you manage Packaged apps with AppLocker as part of your overall application control strategy.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md
index 1034d8e194..a054a02bd9 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes the steps to merge AppLocker policies by using Windows PowerShell.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md
index c6beb49771..8e26890ee4 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes the steps to manually merge AppLocker policies to update the Group Policy Object (GPO).
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md
index 15bd4e6197..80d37a8614 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes how to monitor app usage when AppLocker policies are applied.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md b/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md
index 15357f0a4c..bda74906e4 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes how to optimize AppLocker policy enforcement.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md
index 7cd27ec5a6..ca8932c6f8 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic explains the AppLocker rule collection for packaged app installers and packaged apps.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md b/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md
index 5a2aab5ef9..58c2a7e1aa 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for describes the decisions you need to make to establish the processes for managing and maintaining AppLocker policies.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md
index c306fa8809..82a4c1e458 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes the steps to force an update for an AppLocker policy.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md
index 3d09d68ef3..229cfda610 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This deployment topic for the IT professional lists the requirements that you need to consider before you deploy AppLocker policies.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md
index 63b249672d..3c707b81d5 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for the IT professional lists software requirements to use AppLocker on the supported Windows operating systems.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md b/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md
index 4c9ff4b21a..f17c70b80d 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes steps to run the wizard to create AppLocker rules on a reference device.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md
index 4b4ca99f66..9076c55024 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic describes the file formats and available default rules for the script rule collection.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md
index 006efd19a1..975f550c4a 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for the IT professional describes the security considerations you need to address when implementing AppLocker.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md
index 9dedd807d1..d550e452bd 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic lists resources you can use when selecting your application control policy rules by using AppLocker.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md
index ca0dc2f8e4..d75ba70771 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes the steps to test an AppLocker policy prior to importing it into a Group Policy Object (GPO) or another computer.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md
index 3a42a9d7aa..389120fbf6 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic discusses the steps required to test an AppLocker policy prior to deployment.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md
index 19eb7cd1d3..a2e61460e0 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for the IT professional describes the tools available to create and administer AppLocker policies.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md
index 7058ee0c64..e675fb2869 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic describes the AppLocker enforcement settings for rule collections.
 

From 92e26e71d4babc400827488bbee05976dfc5d6a7 Mon Sep 17 00:00:00 2001
From: Alekhya Jupudi <v-aljupudi@microsoft.com>
Date: Thu, 30 Sep 2021 11:48:46 +0530
Subject: [PATCH 662/671] Defender App Guard Link text correction-04

Change to Learn more about the Windows Defender Application Control feature availability
---
 .../applocker/understand-applocker-policy-design-decisions.md   | 2 +-
 ...rules-and-enforcement-setting-inheritance-in-group-policy.md | 2 +-
 .../understand-the-applocker-policy-deployment-process.md       | 2 +-
 .../understanding-applocker-allow-and-deny-actions-on-rules.md  | 2 +-
 .../applocker/understanding-applocker-default-rules.md          | 2 +-
 .../applocker/understanding-applocker-rule-behavior.md          | 2 +-
 .../applocker/understanding-applocker-rule-collections.md       | 2 +-
 .../applocker/understanding-applocker-rule-condition-types.md   | 2 +-
 .../applocker/understanding-applocker-rule-exceptions.md        | 2 +-
 .../understanding-the-file-hash-rule-condition-in-applocker.md  | 2 +-
 .../understanding-the-path-rule-condition-in-applocker.md       | 2 +-
 .../understanding-the-publisher-rule-condition-in-applocker.md  | 2 +-
 ...erence-computer-to-create-and-maintain-applocker-policies.md | 2 +-
 ...cker-and-software-restriction-policies-in-the-same-domain.md | 2 +-
 .../applocker/use-the-applocker-windows-powershell-cmdlets.md   | 2 +-
 .../applocker/using-event-viewer-with-applocker.md              | 2 +-
 ...sing-software-restriction-policies-and-applocker-policies.md | 2 +-
 .../applocker/what-is-applocker.md                              | 2 +-
 .../applocker/windows-installer-rules-in-applocker.md           | 2 +-
 .../applocker/working-with-applocker-policies.md                | 2 +-
 .../applocker/working-with-applocker-rules.md                   | 2 +-
 21 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md
index ccdfd461a6..423a4d1362 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for the IT professional lists the design questions, possible answers, and ramifications of the decisions when you plan a deployment of application control policies by using AppLocker within a Windows operating system environment.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md
index 5803246cf1..92387a5fd9 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for the IT professional describes how application control policies configured in AppLocker are applied through Group Policy.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md
index 23383522f6..799df0904c 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This planning and deployment topic for the IT professional describes the process for using AppLocker when deploying application control policies.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md
index 319498a599..73277f9b7e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic explains the differences between allow and deny actions on AppLocker rules.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md
index 7a33f4dde5..5bf6447ed9 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professional describes the set of rules that can be used to ensure that required Windows system files are allowed to run when the policy is applied.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md
index 92f40c3d8c..cace268255 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic describes how AppLocker rules are enforced by using the allow and deny options in AppLocker.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md
index e8cf87080b..70106f07bf 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic explains the five different types of AppLocker rules used to enforce AppLocker policies.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md
index 80ce31b642..5e0876bc46 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for the IT professional describes the three types of AppLocker rule conditions.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md
index c4cf8ac3ea..a83a41aef9 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic describes the result of applying AppLocker rule exceptions to rule collections.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md
index 1bb2c999af..62751a55dd 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic explains the AppLocker file hash rule condition, the advantages and disadvantages, and how it is applied.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md
index e8856ed8ee..365ad545e5 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic explains the AppLocker path rule condition, the advantages and disadvantages, and how it is applied.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md
index 8dade37801..6c68cb3be5 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic explains the AppLocker publisher rule condition, what controls are available, and how it is applied.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md
index a283a7ab4f..9a97cd9a36 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for the IT professional describes the steps to create and maintain AppLocker policies by using a reference computer.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md b/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md
index 6dcd91c001..41241819f1 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes concepts and procedures to help you manage your application control strategy using Software Restriction Policies and AppLocker.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md b/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md
index ce28a56e21..a27af3c553 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes how each AppLocker Windows PowerShell cmdlet can help you administer your AppLocker application control policies.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md
index 3015885de1..d0a93e2296 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic lists AppLocker events and describes how to use Event Viewer with AppLocker.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md
index 79b2485918..142eeb4cf9 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for the IT professional describes how to use Software Restriction Policies (SRP) and AppLocker policies in the same Windows deployment.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md
index b65a70c0fe..2bb5d4a07b 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for the IT professional describes what AppLocker is and how its features differ from Software Restriction Policies.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md
index 0975dd70c7..c5a2d513e3 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic describes the file formats and available default rules for the Windows Installer rule collection.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md
index e4c6caae70..6e13cbce6e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md
@@ -27,7 +27,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals provides links to procedural topics about creating, maintaining, and testing AppLocker policies.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md
index 74ce2ea9d8..f05e000e74 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md
@@ -25,7 +25,7 @@ ms.technology: mde
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes AppLocker rule types and how to work with them for your application control policies.
 

From c0fd324765d65488a685f0f3a3520e9f13ae557a Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Thu, 30 Sep 2021 12:05:27 +0530
Subject: [PATCH 663/671] Update policy-csp-update.md

---
 .../mdm/policy-csp-update.md                  | 82 +++++++++++++++++++
 1 file changed, 82 insertions(+)

diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 1fe9517d3d..b41fd6dc19 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -198,6 +198,9 @@ manager: dansimp
   <dd>
     <a href="#update-setproxybehaviorforupdatedetection">Update/SetProxyBehaviorForUpdateDetection</a>
   </dd>
+  <dd> 
+    <a href="#update-targetproductversion">Update/TargetProductVersion</a> 
+  </dd>
   <dd> 
     <a href="#update-targetreleaseversion">Update/TargetReleaseVersion</a> 
   </dd>
@@ -4284,6 +4287,85 @@ The following list shows the supported values:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="update-targetproductversion"></a>**Update/TargetProductVersion**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10, version 2004 and later. Enables IT administrators to specify which product they would like their device(s) to move to and/or stay on until they reach end of service or reconfigure the policy to target a new product. 
+
+If no product is specified, the device will continue receiving newer versions of the Windows product it is currently on. For details about different Windows 10 versions, see [https://docs.microsoft.com/windows/release-health/release-information](https://docs.microsoft.com/windows/release-health/release-information).
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP Friendly name: *Select the target Feature Update version*
+-   GP name: *TargetProductVersion*
+-   GP element: *TargetProductVersionId*
+-   GP path: *Windows Components/Windows Update/Windows Update for Business*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+Value type is a string containing a Windows product, forexample, “Windows 11” or “11” or “Windows 10”.
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+By using this Windows Update for Business policy to upgrade devices to a new product (ex. Windows 11) you are agreeing that when applying this operating system to a device either 
+(1) The applicable Windows license was purchased though volume licensing, or 
+(2) That you are authorized to bind your organization and are accepting on its behalf the relevant Microsoft Software License Terms to be found here: (https://www.microsoft.com/Useterms).
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="update-targetreleaseversion"></a>**Update/TargetReleaseVersion**  
 

From 05818270a70291c26ea3c90358d6e2e9270280c0 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Thu, 30 Sep 2021 12:48:23 +0530
Subject: [PATCH 664/671] Update policy-csp-update.md

---
 windows/client-management/mdm/policy-csp-update.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index b41fd6dc19..b357e14f2d 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -4339,7 +4339,8 @@ The following list shows the supported values:
 <!--Description-->
 Available in Windows 10, version 2004 and later. Enables IT administrators to specify which product they would like their device(s) to move to and/or stay on until they reach end of service or reconfigure the policy to target a new product. 
 
-If no product is specified, the device will continue receiving newer versions of the Windows product it is currently on. For details about different Windows 10 versions, see [https://docs.microsoft.com/windows/release-health/release-information](https://docs.microsoft.com/windows/release-health/release-information).
+If no product is specified, the device will continue receiving newer versions of the Windows product it is currently on. For details about different Windows 10 versions, see [release information](/windows/release-health/release-information).
+
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  

From ff820249ab4e4edb0e6a1c9c0d0bc04c9cdd2598 Mon Sep 17 00:00:00 2001
From: Diana Hanson <v-dihans@microsoft.com>
Date: Thu, 30 Sep 2021 09:57:14 -0600
Subject: [PATCH 665/671] Update
 windows/client-management/mdm/policy-csp-update.md

---
 windows/client-management/mdm/policy-csp-update.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index b357e14f2d..8b1cc3fa9f 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -4352,7 +4352,7 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--SupportedValues-->
-Value type is a string containing a Windows product, forexample, “Windows 11” or “11” or “Windows 10”.
+Value type is a string containing a Windows product, for example, “Windows 11” or “11” or “Windows 10”.
 <!--/SupportedValues-->
 <!--Example-->
 

From 593db0fed827594675a509c6cc27ab9ee0522a2a Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Thu, 30 Sep 2021 09:15:44 -0700
Subject: [PATCH 666/671] update

---
 .../deployment/vda-subscription-activation.md | 27 +++++++++++--------
 1 file changed, 16 insertions(+), 11 deletions(-)

diff --git a/windows/deployment/vda-subscription-activation.md b/windows/deployment/vda-subscription-activation.md
index c7c43f8741..a478f26f76 100644
--- a/windows/deployment/vda-subscription-activation.md
+++ b/windows/deployment/vda-subscription-activation.md
@@ -1,7 +1,7 @@
 ---
-title: Configure VDA for Windows 10 Subscription Activation
+title: Configure VDA for Windows 10/11 Subscription Activation
 ms.reviewer: 
-manager: laurawi
+manager: dougeby
 ms.audience: itpro
 ms.author: greglin
 author: greg-lindsay
@@ -18,7 +18,11 @@ ms.topic: article
 ms.collection: M365-modern-desktop
 ---
 
-# Configure VDA for Windows 10 Subscription Activation
+# Configure VDA for Windows 10/11 Subscription Activation
+
+Applies to:
+- Windows 10
+- Windows 11
 
 This document describes how to configure virtual machines (VMs) to enable [Windows 10/11 Subscription Activation](windows-10-subscription-activation.md) in a Windows Virtual Desktop Access (VDA) scenario. Windows VDA is a device or user-based licensing mechanism for managing access to virtual desktops.
 
@@ -29,17 +33,18 @@ Deployment instructions are provided for the following scenarios:
 
 ## Requirements
 
-- VMs must be running Windows 10 Pro, version 1703 (also known as the Creator's Update) or later. 
+- VMs must be running Windows 10 Pro, version 1703 or later (Windows 11 is "later"). 
 - VMs must be Active Directory-joined or Azure Active Directory (AAD)-joined.
-- VMs must be generation 1.
-- VMs must be hosted by a [Qualified Multitenant Hoster](https://www.microsoft.com/en-us/CloudandHosting/licensing_sca.aspx) (QMTH).
+- VMs must be hosted by a Qualified Multitenant Hoster (QMTH). 
+    - For more information, see (Qualified Multitenant Hoster (QMTH)
+Program)[https://download.microsoft.com/download/3/D/4/3D445779-2870-4E3D-AFCB-D35D2E1BC095/QMTH%20Authorized%20Partner%20List.pdf]
 
 ## Activation
 
 ### Scenario 1
 
-- The VM is running Windows 10, version 1803 or later.
-- The VM is hosted in Azure or another [Qualified Multitenant Hoster](https://www.microsoft.com/en-us/CloudandHosting/licensing_sca.aspx) (QMTH).
+- The VM is running Windows 10, version 1803 or later (ex: Windows 11).
+- The VM is hosted in Azure or another Qualified Multitenant Hoster (QMTH).
 
     When a user with VDA rights signs in to the VM using their AAD credentials, the VM is automatically stepped-up to Enterprise and activated. There is no need to perform Windows 10 Pro activation. This eliminates the need to maintain KMS or MAK in the qualifying cloud infrastructure.
 
@@ -51,9 +56,9 @@ Deployment instructions are provided for the following scenarios:
 
 ### Scenario 3
 
-- The VM is running Windows 10, version 1703 or 1709, or the hoster is not an authorized [QMTH](https://www.microsoft.com/en-us/CloudandHosting/licensing_sca.aspx) partner.
+- The VM is running Windows 10, version 1703 or 1709, or the hoster is not an authorized [QMTH](https://download.microsoft.com/download/3/D/4/3D445779-2870-4E3D-AFCB-D35D2E1BC095/QMTH%20Authorized%20Partner%20List.pdf) partner.
 
-    In this scenario, the underlying Windows 10 Pro license must be activated prior to Subscription Activation of Windows 10 Enterprise. Activation is accomplished using a Windows 10 Pro Generic Volume License Key (GVLK) and a Volume License KMS activation server provided by the hoster. Alternatively, a KMS activation server can be used. KMS activation is provided for Azure VMs. For more information, see [Troubleshoot Azure Windows virtual machine activation problems](/azure/virtual-machines/troubleshooting/troubleshoot-activation-problems).
+    In this scenario, the underlying Windows 10/11 Pro license must be activated prior to Subscription Activation of Windows 10/11 Enterprise. Activation is accomplished using a Generic Volume License Key (GVLK) and a Volume License KMS activation server provided by the hoster. Alternatively, a KMS activation server can be used. KMS activation is provided for Azure VMs. For more information, see [Troubleshoot Azure Windows virtual machine activation problems](/azure/virtual-machines/troubleshooting/troubleshoot-activation-problems).
 
 For examples of activation issues, see [Troubleshoot the user experience](./deploy-enterprise-licenses.md#troubleshoot-the-user-experience).
 
@@ -147,6 +152,6 @@ To create custom RDP settings for Azure:
 
 ## Related topics
 
-[Windows 10 Subscription Activation](windows-10-subscription-activation.md)
+[Windows 10/11 Subscription Activation](windows-10-subscription-activation.md)
 <BR>[Recommended settings for VDI desktops](/windows-server/remote/remote-desktop-services/rds-vdi-recommendations)
 <BR>[Licensing the Windows Desktop for VDI Environments](https://download.microsoft.com/download/1/1/4/114A45DD-A1F7-4910-81FD-6CAF401077D0/Microsoft%20VDI%20and%20VDA%20FAQ%20v3%200.pdf)
\ No newline at end of file

From 0587eb2f8e0c778c10b7a2689ac4c6886518eb8a Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Thu, 30 Sep 2021 09:35:04 -0700
Subject: [PATCH 667/671] update

---
 windows/deployment/windows-10-subscription-activation.md | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md
index 725f2f12f6..76e534a4ae 100644
--- a/windows/deployment/windows-10-subscription-activation.md
+++ b/windows/deployment/windows-10-subscription-activation.md
@@ -23,8 +23,12 @@ Applies to:
 - Windows 10
 - Windows 11
 
-Starting with Windows 10, version 1703 Windows 10 Pro supports the Subscription Activation feature, enabling users to “step-up” from Windows 10 Pro or Windows 11 Pro to **Windows 10 Enterprise** or **Windows 11 Enterprise**, respectively, if they are subscribed to Windows 10/11 Enterprise E3 or E5.
+> [!NOTE]
+> The Subscription Activation feature is available for qualifying devices running Windows 10 or Windows 11. This feature enables you to "step-up" from a Pro edition to the Enterprise or Education edition of Windows client. You cannot use Subscripton Activation to upgrade from Windows 10 to Windows 11, for example. The operating system version does not change when you switch to Enterprise edition.
 
+Starting with Windows 10, version 1703, Windows 10 Pro supports the Subscription Activation feature, enabling users to “step-up” from Windows 10 Pro or Windows 11 Pro to **Windows 10 Enterprise** or **Windows 11 Enterprise**, respectively, if they are subscribed to Windows 10/11 Enterprise E3 or E5.
+
+**Education edition**<br>
 With Windows 10, version 1903 and later, the Subscription Activation feature also supports the ability to step-up from Windows 10 Pro Education or Windows 11 Pro Education to the Enterprise grade editions for educational institutions—**Windows 10 Education** or **Windows 11 Education**.
 
 The Subscription Activation feature eliminates the need to manually deploy Enterprise or Education edition images on each target device, then later standing up on-prem key management services such as KMS or MAK based activation, entering Generic Volume License Keys (GVLKs), and subsequently rebooting client devices.
@@ -53,9 +57,6 @@ With Windows 10, version 1703 and later both Windows 10/11 Enterprise E3 and Win
 
 Organizations that have an Enterprise agreement can also benefit from the new service, using traditional Active Directory-joined devices. In this scenario, the Active Directory user that signs in on their device must be synchronized with Azure AD using [Azure AD Connect Sync](/azure/active-directory/connect/active-directory-aadconnectsync-whatis).
 
-> [!NOTE]
-> You cannot use Subscripton Activation to upgrade from Windows 10 to Windows 11. The operating system version does not change when you switch to Enterprise edition.
-
 ## Subscription Activation for Education
 
 Subscription Activation for Education works the same as the Enterprise version, but in order to use Subscription Activation for Education, you must have a device running Windows 10 Pro Education, version 1903 or later (or Windows 11) and an active subscription plan with a Windows 10/11 Enterprise license. For more information, see the [requirements](#windows-1011-education-requirements) section.

From 9731fbb12d7993ca409b9edcc69a8b24d0fc0800 Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Thu, 30 Sep 2021 09:48:23 -0700
Subject: [PATCH 668/671] update

---
 windows/deployment/windows-10-subscription-activation.md | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md
index 76e534a4ae..177dacf63d 100644
--- a/windows/deployment/windows-10-subscription-activation.md
+++ b/windows/deployment/windows-10-subscription-activation.md
@@ -23,12 +23,8 @@ Applies to:
 - Windows 10
 - Windows 11
 
-> [!NOTE]
-> The Subscription Activation feature is available for qualifying devices running Windows 10 or Windows 11. This feature enables you to "step-up" from a Pro edition to the Enterprise or Education edition of Windows client. You cannot use Subscripton Activation to upgrade from Windows 10 to Windows 11, for example. The operating system version does not change when you switch to Enterprise edition.
-
 Starting with Windows 10, version 1703, Windows 10 Pro supports the Subscription Activation feature, enabling users to “step-up” from Windows 10 Pro or Windows 11 Pro to **Windows 10 Enterprise** or **Windows 11 Enterprise**, respectively, if they are subscribed to Windows 10/11 Enterprise E3 or E5.
 
-**Education edition**<br>
 With Windows 10, version 1903 and later, the Subscription Activation feature also supports the ability to step-up from Windows 10 Pro Education or Windows 11 Pro Education to the Enterprise grade editions for educational institutions—**Windows 10 Education** or **Windows 11 Education**.
 
 The Subscription Activation feature eliminates the need to manually deploy Enterprise or Education edition images on each target device, then later standing up on-prem key management services such as KMS or MAK based activation, entering Generic Volume License Keys (GVLKs), and subsequently rebooting client devices.
@@ -51,12 +47,14 @@ For information on how to deploy Enterprise licenses, see [Deploy Windows 10/11
 With Windows 10, version 1703 and later both Windows 10/11 Enterprise E3 and Windows 10/11 Enterprise E5 are available as online services via subscription. Deploying Windows 10 Enterprise or Windows 11 Enterprise in your organization can now be accomplished with no keys and no reboots.
 
  If you are running Windows 10, version 1703 or later:
-
 - Devices with a current Windows 10 Pro license or Windows 11 Pro license can be seamlessly upgraded to Windows 10 Enterprise or Windows 11 Enterprise, respectively.
 - Product key-based Windows 10 Enterprise or Windows 11 Enterpise software licenses can be transitioned to Windows 10 Enterprise and Windows 11 Enterprise subscriptions.
 
 Organizations that have an Enterprise agreement can also benefit from the new service, using traditional Active Directory-joined devices. In this scenario, the Active Directory user that signs in on their device must be synchronized with Azure AD using [Azure AD Connect Sync](/azure/active-directory/connect/active-directory-aadconnectsync-whatis).
 
+> [!NOTE]
+> The Subscription Activation feature is available for qualifying devices running Windows 10 or Windows 11. You cannot use Subscription Activation to upgrade from Windows 10 to Windows 11.
+
 ## Subscription Activation for Education
 
 Subscription Activation for Education works the same as the Enterprise version, but in order to use Subscription Activation for Education, you must have a device running Windows 10 Pro Education, version 1903 or later (or Windows 11) and an active subscription plan with a Windows 10/11 Enterprise license. For more information, see the [requirements](#windows-1011-education-requirements) section.

From 8f5b2533b83594b6a799899995d8fd89e8aa6231 Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Thu, 30 Sep 2021 10:02:06 -0700
Subject: [PATCH 669/671] update

---
 windows/deployment/vda-subscription-activation.md        | 9 ++++-----
 windows/deployment/windows-10-enterprise-e3-overview.md  | 9 +++++----
 windows/deployment/windows-10-subscription-activation.md | 6 ++----
 3 files changed, 11 insertions(+), 13 deletions(-)

diff --git a/windows/deployment/vda-subscription-activation.md b/windows/deployment/vda-subscription-activation.md
index a478f26f76..a7081e65f1 100644
--- a/windows/deployment/vda-subscription-activation.md
+++ b/windows/deployment/vda-subscription-activation.md
@@ -33,11 +33,10 @@ Deployment instructions are provided for the following scenarios:
 
 ## Requirements
 
-- VMs must be running Windows 10 Pro, version 1703 or later (Windows 11 is "later"). 
+- VMs must be running Windows 10 Pro, version 1703 or later. Windows 11 is "later" in this context. 
 - VMs must be Active Directory-joined or Azure Active Directory (AAD)-joined.
 - VMs must be hosted by a Qualified Multitenant Hoster (QMTH). 
-    - For more information, see (Qualified Multitenant Hoster (QMTH)
-Program)[https://download.microsoft.com/download/3/D/4/3D445779-2870-4E3D-AFCB-D35D2E1BC095/QMTH%20Authorized%20Partner%20List.pdf]
+    - For more information, see [Qualified Multitenant Hoster Program](https://download.microsoft.com/download/3/D/4/3D445779-2870-4E3D-AFCB-D35D2E1BC095/QMTH%20Authorized%20Partner%20List.pdf) (PDF download).
 
 ## Activation
 
@@ -46,13 +45,13 @@ Program)[https://download.microsoft.com/download/3/D/4/3D445779-2870-4E3D-AFCB-D
 - The VM is running Windows 10, version 1803 or later (ex: Windows 11).
 - The VM is hosted in Azure or another Qualified Multitenant Hoster (QMTH).
 
-    When a user with VDA rights signs in to the VM using their AAD credentials, the VM is automatically stepped-up to Enterprise and activated. There is no need to perform Windows 10 Pro activation. This eliminates the need to maintain KMS or MAK in the qualifying cloud infrastructure.
+    When a user with VDA rights signs in to the VM using their AAD credentials, the VM is automatically stepped-up to Enterprise and activated. There is no need to perform Windows 10/11 Pro activation. This eliminates the need to maintain KMS or MAK in the qualifying cloud infrastructure.
 
 ### Scenario 2
 
 - The Hyper-V host and the VM are both running Windows 10, version 1803 or later.
 
-    [Inherited Activation](./windows-10-subscription-activation.md#inherited-activation) is enabled. All VMs created by a user with a Windows 10 E3 or E5 license are automatically activated independent of whether a user signs in with a local account or using an Azure Active Directory account.
+    [Inherited Activation](./windows-10-subscription-activation.md#inherited-activation) is enabled. All VMs created by a user with a Windows 10/11 E3 or E5 license are automatically activated independent of whether a user signs in with a local account or using an Azure Active Directory account.
 
 ### Scenario 3
 
diff --git a/windows/deployment/windows-10-enterprise-e3-overview.md b/windows/deployment/windows-10-enterprise-e3-overview.md
index f68b6a5e42..a4d743c9db 100644
--- a/windows/deployment/windows-10-enterprise-e3-overview.md
+++ b/windows/deployment/windows-10-enterprise-e3-overview.md
@@ -23,12 +23,14 @@ Applies to:
 - Windows 10
 - Windows 11
 
-Windows 10 Enterprise E3 launched in the Cloud Solution Provider (CSP) channel on September 1, 2016. With the release of Windows 11, Windows 10/11 Enterprise E3 in CSP is available.  It delivers, by subscription, exclusive features reserved for Windows 10 or Windows 11 Enterprise editions. This offering is available through the Cloud Solution Provider (CSP) channel via the Partner Center as an online service. Windows 10/11 Enterprise E3 in CSP provides a flexible, per-user subscription for small- and medium-sized organizations (from one to hundreds of users). To take advantage of this offering, you must have the following:
+Windows 10 Enterprise E3 launched in the Cloud Solution Provider (CSP) channel on September 1, 2016. With the release of Windows 11, Windows 10/11 Enterprise E3 in CSP is available.  
+
+Windows 10/11 Enterprise E3 in CSP delivers, by subscription, exclusive features reserved for Windows 10 or Windows 11 Enterprise editions. This offering is available through the Cloud Solution Provider (CSP) channel via the Partner Center as an online service. Windows 10/11 Enterprise E3 in CSP provides a flexible, per-user subscription for small- and medium-sized organizations (from one to hundreds of users). To take advantage of this offering, you must have the following:
 
 -   Windows 10 Pro, version 1607 (Windows 10 Anniversary Update) or later (or Windows 11), installed and activated, on the devices to be upgraded.
 -   Azure Active Directory (Azure AD) available for identity management
 
-You can move from Windows 10 Pro or Windows 11 Pro to Windows 10 Enterprise or Windows 11 Enterprise more easily than ever before — with no keys, and no reboots. After one of your users enters the Azure AD credentials associated with a Windows 10/11 Enterprise E3 license, the operating system turns from Windows 10 Pro to Windows 10 Enterprise or Windows 11 Pro to Windows 11 Enterprise and all the appropriate Enterprise features are unlocked. When a subscription license expires or is transferred to another user, the Enterprise device seamlessly steps back down to Windows 10 Pro or Windows 11 Pro.
+You can move from Windows 10 Pro or Windows 11 Pro to Windows 10 Enterprise or Windows 11 Enterprise more easily than ever before — with no keys, and no reboots. After one of your users enters the Azure AD credentials associated with a Windows 10/11 Enterprise E3 license, the operating system turns from Windows 10 Pro to Windows 10 Enterprise or Windows 11 Pro to Windows 11 Enterprise, and all the appropriate Enterprise features are unlocked. When a subscription license expires or is transferred to another user, the Enterprise device seamlessly steps back down to Windows 10 Pro or Windows 11 Pro.
 
 Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Windows 10 Enterprise or Windows 11 Enterprise to their users. Now, with Windows 10/11 Enterprise E3 in CSP, small- and medium-sized organizations can more easily take advantage of Enterprise edition features.
 
@@ -44,7 +46,6 @@ When you purchase Windows 10/11 Enterprise E3 via a partner, you get the follo
 How does the Windows 10/11 Enterprise E3 in CSP program compare with Microsoft Volume Licensing Agreements and Software Assurance?
 
 -   [Microsoft Volume Licensing](https://www.microsoft.com/licensing/default.aspx) programs are broader in scope, providing organizations with access to licensing for all Microsoft products.
-
 -   [Software Assurance](https://www.microsoft.com/Licensing/licensing-programs/software-assurance-default.aspx) provides organizations with the following categories of benefits:
 
     -   **Deployment and management**. These benefits include planning services, Microsoft Desktop Optimization (MDOP), Windows Virtual Desktop Access Rights, Windows-To-Go Rights, Windows Roaming Use Rights, Windows Thin PC, Windows RT Companion VDA Rights, and other benefits.
@@ -58,7 +59,7 @@ In summary, the Windows 10/11 Enterprise E3 in CSP program is an upgrade offeri
 
 ## Compare Windows 10 Pro and Enterprise editions
 
-> [NOTE!]
+> [!NOTE]
 > The following table only lists Windows 10. More information will be available about differences between Windows 11 editions after Windows 11 is generally available.
 
 Windows 10 Enterprise edition has a number of features that are unavailable in Windows 10 Pro. Table 1 lists the Windows 10 Enterprise features not found in Windows 10 Pro. Many of these features are security-related, whereas others enable finer-grained device management.
diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md
index 177dacf63d..b4f0e331eb 100644
--- a/windows/deployment/windows-10-subscription-activation.md
+++ b/windows/deployment/windows-10-subscription-activation.md
@@ -71,9 +71,7 @@ To support Inherited Activation, both the host computer and the VM must be runni
 
 > The original version of this section can be found at [Changing between Windows SKUs](/archive/blogs/mniehaus/changing-between-windows-skus).
 
-The following figure illustrates how deploying Windows 10 has evolved with each release. With this release, deployment is automatic.
-
-![Illustration of how Windows 10 deployment has evolved.](images/sa-evolution.png)
+The following list illustrates how deploying Windows client has evolved with each release:
 
 - **Windows 7** required you to redeploy the operating system using a full wipe-and-load process if you wanted to change from Windows 7 Professional to Windows 10 Enterprise.<br>
 - **Windows 8.1** added support for a Windows 8.1 Pro to Windows 8.1 Enterprise in-place upgrade (considered a “repair upgrade” because the OS version was the same before and after).  This was a lot easier than wipe-and-load, but it was still time-consuming.<br>
@@ -92,7 +90,7 @@ The following figure illustrates how deploying Windows 10 has evolved with each
 > [!NOTE]
 > The following requirements do not apply to general Windows client activation on Azure. Azure activation requires a connection to Azure KMS only, and supports workgroup, Hybrid, and Azure AD-joined VMs. In most scenarios, activation of Azure VMs happens automatically. For more information, see [Understanding Azure KMS endpoints for Windows product activation of Azure Virtual Machines](/azure/virtual-machines/troubleshooting/troubleshoot-activation-problems#understanding-azure-kms-endpoints-for-windows-product-activation-of-azure-virtual-machines).
 
-> [!NOTE]
+> [!IMPORTANT]
 > Currently, Subscription Activation is only available on commercial tenants and is currently not available on US GCC, GCC High, or DoD tenants.
 
 For Microsoft customers with Enterprise Agreements (EA) or Microsoft Products & Services Agreements (MPSA), you must have the following:

From b41a13dd9fa59c7f5d99f029ff56d692b1188d3d Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Thu, 30 Sep 2021 10:16:53 -0700
Subject: [PATCH 670/671] update

---
 windows/deployment/deploy-enterprise-licenses.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md
index 35d5e7ad7f..9b4d7283c3 100644
--- a/windows/deployment/deploy-enterprise-licenses.md
+++ b/windows/deployment/deploy-enterprise-licenses.md
@@ -114,9 +114,9 @@ The following methods are available to assign licenses:
 
 ## Explore the upgrade experience
 
-Now that your subscription has been established and Windows 10 Enterprise E3 or E5 licenses have been assigned to users, the users are ready to upgrade their devices running Windows 10 Pro, (version 1703 or later) to Windows 10/11 Enterprise. What will the users experience? How will they upgrade their devices?
+Now that your subscription has been established and Windows 10/11 Enterprise E3 or E5 licenses have been assigned to users, the users are ready to upgrade their devices running Windows 10 Pro, (version 1703 or later) to Windows 10/11 Enterprise. What will the users experience? How will they upgrade their devices?
 
-### Step 1: Join Windows 10 Pro devices to Azure AD
+### Step 1: Join Windows 10/11 Pro devices to Azure AD
 
 Users can join a Windows 10/11 Pro device to Azure AD the first time they start the device (during setup), or they can join a device that they already use running Windows 10 Pro, version 1703 or later.
 
@@ -206,7 +206,7 @@ If there are any problems with the Windows 10/11 Enterprise E3 or E5 license or
 
 ## Virtual Desktop Access (VDA)
 
-Subscriptions to Windows 10/11 Enterprise are also available for virtualized clients. Windows 10/11 Enterprise E3 and E5 are available for Virtual Desktop Access (VDA) in Windows Azure or in another [qualified multitenant hoster](https://aka.ms/qmth).
+Subscriptions to Windows 10/11 Enterprise are also available for virtualized clients. Windows 10/11 Enterprise E3 and E5 are available for Virtual Desktop Access (VDA) in Windows Azure or in another [Qualified Multitenant Hoster](https://download.microsoft.com/download/3/D/4/3D445779-2870-4E3D-AFCB-D35D2E1BC095/QMTH%20Authorized%20Partner%20List.pdf) (PDF download).
 
 Virtual machines (VMs) must be configured to enable Windows 10 Enterprise subscriptions for VDA. Active Directory-joined and Azure Active Directory-joined clients are supported. See [Enable VDA for Enterprise Subscription Activation](vda-subscription-activation.md).
 

From 9bb0cb08eafba88b46fcdae2cea14f254c3d1acb Mon Sep 17 00:00:00 2001
From: greg-lindsay <greg.lindsay@microsoft.com>
Date: Thu, 30 Sep 2021 10:21:04 -0700
Subject: [PATCH 671/671] typo

---
 windows/deployment/windows-10-subscription-activation.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md
index b4f0e331eb..4d6d62258a 100644
--- a/windows/deployment/windows-10-subscription-activation.md
+++ b/windows/deployment/windows-10-subscription-activation.md
@@ -48,7 +48,7 @@ With Windows 10, version 1703 and later both Windows 10/11 Enterprise E3 and Win
 
  If you are running Windows 10, version 1703 or later:
 - Devices with a current Windows 10 Pro license or Windows 11 Pro license can be seamlessly upgraded to Windows 10 Enterprise or Windows 11 Enterprise, respectively.
-- Product key-based Windows 10 Enterprise or Windows 11 Enterpise software licenses can be transitioned to Windows 10 Enterprise and Windows 11 Enterprise subscriptions.
+- Product key-based Windows 10 Enterprise or Windows 11 Enterprise software licenses can be transitioned to Windows 10 Enterprise and Windows 11 Enterprise subscriptions.
 
 Organizations that have an Enterprise agreement can also benefit from the new service, using traditional Active Directory-joined devices. In this scenario, the Active Directory user that signs in on their device must be synchronized with Azure AD using [Azure AD Connect Sync](/azure/active-directory/connect/active-directory-aadconnectsync-whatis).