From 90a15ea0e19d8ce9c25b76bb101829841781e72d Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Mon, 8 Jan 2024 15:58:26 -0800
Subject: [PATCH 001/290] dep-rsa1024-8644149
---
windows/whats-new/deprecated-features.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md
index c04bfd3133..a83a65af90 100644
--- a/windows/whats-new/deprecated-features.md
+++ b/windows/whats-new/deprecated-features.md
@@ -47,6 +47,7 @@ The features in this article are no longer being actively developed, and might b
| Feature | Details and mitigation | Deprecation announced |
|---|---|---|
+| TLS server authentication certificates using RSA keys with key lengths shorter than 2048 bits | Support for certificates using RSA keys with key lengths shorter than 2048 bits will be deprecated. Internet standards and regulatory bodies disallowed the use of 1024-bit keys in 2013 ([Transitioning of Cryptographic Algorithms and Key Sizes - Discussion Paper (nist.gov)](https://csrc.nist.gov/CSRC/media/Projects/Key-Management/documents/transitions/Transitioning_CryptoAlgos_070209.pdf)), recommending specifically that RSA keys should have a key length of 2048 bits or longer. This deprecation focuses on ensuring that all RSA certificates used for TLS server authentication must have key lengths greater than or equal to 2048 bits to be considered valid by Windows. TLS certificates issued by enterprise or test certification authorities (CA) aren't impacted with this change. However, we recommend that they be updated to RSA keys greater than or equal to 2048 bits as a security best practice. This change is necessary to preserve security of Windows customers using certificates for authentication and cryptographic purposes.| January 2024|
| Windows Mixed Reality | [Windows Mixed Reality](/windows/mixed-reality/enthusiast-guide/before-you-start) is deprecated and will be removed in a future release of Windows. This deprecation includes the [Mixed Reality Portal](/windows/mixed-reality/enthusiast-guide/install-windows-mixed-reality) app, and [Windows Mixed Reality for SteamVR](/windows/mixed-reality/enthusiast-guide/using-steamvr-with-windows-mixed-reality) and Steam VR Beta. As of November 1, 2026, for consumer editions of Windows and November 1, 2027 for commercial editions of Windows, Windows Mixed Reality will no longer be available for download via the Mixed Reality Portal app, Windows Mixed Reality for SteamVR, and Steam VR beta, and we'll discontinue support. At that time, Windows Mixed Reality will no longer receive security updates, nonsecurity updates, bug fixes, technical support, or online technical content updates. Existing Windows Mixed Reality devices will continue to work with Steam until users upgrade to a version of Windows that doesn't include Windows Mixed Reality. This deprecation doesn't impact HoloLens. We remain committed to HoloLens and our enterprise customers. | December 2023 |
| Microsoft Defender Application Guard for Edge | [Microsoft Defender Application Guard](/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview), including the [Windows Isolated App Launcher APIs](/windows/win32/api/isolatedapplauncher/), is being deprecated for Microsoft Edge for Business and [will no longer be updated](feature-lifecycle.md). Please download the [Microsoft Edge For Business Security Whitepaper](https://edgestatic.azureedge.net/shared/cms/pdfs/Microsoft_Edge_Security_Whitepaper_v2.pdf) to learn more about Edge for Business security capabilities. | December 2023 |
| Legacy console mode | The [legacy console mode](/windows/console/legacymode) is deprecated and no longer being updated. In future Windows releases, it will be available as an optional [Feature on Demand](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities). This feature won't be installed by default. | December 2023 |
From 69fbdf874e82a3fb76ff8843eb269f3436d99b69 Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Mon, 8 Jan 2024 16:02:28 -0800
Subject: [PATCH 002/290] dep-rsa1024-8644149
---
windows/whats-new/deprecated-features.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md
index a83a65af90..566f837f0c 100644
--- a/windows/whats-new/deprecated-features.md
+++ b/windows/whats-new/deprecated-features.md
@@ -47,7 +47,7 @@ The features in this article are no longer being actively developed, and might b
| Feature | Details and mitigation | Deprecation announced |
|---|---|---|
-| TLS server authentication certificates using RSA keys with key lengths shorter than 2048 bits | Support for certificates using RSA keys with key lengths shorter than 2048 bits will be deprecated. Internet standards and regulatory bodies disallowed the use of 1024-bit keys in 2013 ([Transitioning of Cryptographic Algorithms and Key Sizes - Discussion Paper (nist.gov)](https://csrc.nist.gov/CSRC/media/Projects/Key-Management/documents/transitions/Transitioning_CryptoAlgos_070209.pdf)), recommending specifically that RSA keys should have a key length of 2048 bits or longer. This deprecation focuses on ensuring that all RSA certificates used for TLS server authentication must have key lengths greater than or equal to 2048 bits to be considered valid by Windows. TLS certificates issued by enterprise or test certification authorities (CA) aren't impacted with this change. However, we recommend that they be updated to RSA keys greater than or equal to 2048 bits as a security best practice. This change is necessary to preserve security of Windows customers using certificates for authentication and cryptographic purposes.| January 2024|
+| TLS server authentication certificates using RSA keys with key lengths shorter than 2048 bits | Support for certificates using RSA keys with key lengths shorter than 2048 bits will be deprecated. Internet standards and regulatory bodies disallowed the use of 1024-bit keys in 2013 ([Transitioning of Cryptographic Algorithms and Key Sizes - Discussion Paper (nist.gov)](https://csrc.nist.gov/CSRC/media/Projects/Key-Management/documents/transitions/Transitioning_CryptoAlgos_070209.pdf)), recommending specifically that RSA keys should have a key length of 2048 bits or longer. This deprecation focuses on ensuring that all RSA certificates used for TLS server authentication must have key lengths greater than or equal to 2048 bits to be considered valid by Windows. TLS certificates issued by enterprise or test certification authorities (CA) aren't impacted with this change. However, we recommend that they be updated to RSA keys greater than or equal to 2048 bits as a security best practice. This change is necessary to preserve security of Windows customers using certificates for authentication and cryptographic purposes.| January 2024|
| Windows Mixed Reality | [Windows Mixed Reality](/windows/mixed-reality/enthusiast-guide/before-you-start) is deprecated and will be removed in a future release of Windows. This deprecation includes the [Mixed Reality Portal](/windows/mixed-reality/enthusiast-guide/install-windows-mixed-reality) app, and [Windows Mixed Reality for SteamVR](/windows/mixed-reality/enthusiast-guide/using-steamvr-with-windows-mixed-reality) and Steam VR Beta. As of November 1, 2026, for consumer editions of Windows and November 1, 2027 for commercial editions of Windows, Windows Mixed Reality will no longer be available for download via the Mixed Reality Portal app, Windows Mixed Reality for SteamVR, and Steam VR beta, and we'll discontinue support. At that time, Windows Mixed Reality will no longer receive security updates, nonsecurity updates, bug fixes, technical support, or online technical content updates. Existing Windows Mixed Reality devices will continue to work with Steam until users upgrade to a version of Windows that doesn't include Windows Mixed Reality. This deprecation doesn't impact HoloLens. We remain committed to HoloLens and our enterprise customers. | December 2023 |
| Microsoft Defender Application Guard for Edge | [Microsoft Defender Application Guard](/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview), including the [Windows Isolated App Launcher APIs](/windows/win32/api/isolatedapplauncher/), is being deprecated for Microsoft Edge for Business and [will no longer be updated](feature-lifecycle.md). Please download the [Microsoft Edge For Business Security Whitepaper](https://edgestatic.azureedge.net/shared/cms/pdfs/Microsoft_Edge_Security_Whitepaper_v2.pdf) to learn more about Edge for Business security capabilities. | December 2023 |
| Legacy console mode | The [legacy console mode](/windows/console/legacymode) is deprecated and no longer being updated. In future Windows releases, it will be available as an optional [Feature on Demand](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities). This feature won't be installed by default. | December 2023 |
From 5cd440133f2dda0fdb64fc52d640548ee5828e22 Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Mon, 8 Jan 2024 16:04:42 -0800
Subject: [PATCH 003/290] dep-rsa1024-8644149
---
windows/whats-new/deprecated-features.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md
index 566f837f0c..a3a8c47e8c 100644
--- a/windows/whats-new/deprecated-features.md
+++ b/windows/whats-new/deprecated-features.md
@@ -47,7 +47,7 @@ The features in this article are no longer being actively developed, and might b
| Feature | Details and mitigation | Deprecation announced |
|---|---|---|
-| TLS server authentication certificates using RSA keys with key lengths shorter than 2048 bits | Support for certificates using RSA keys with key lengths shorter than 2048 bits will be deprecated. Internet standards and regulatory bodies disallowed the use of 1024-bit keys in 2013 ([Transitioning of Cryptographic Algorithms and Key Sizes - Discussion Paper (nist.gov)](https://csrc.nist.gov/CSRC/media/Projects/Key-Management/documents/transitions/Transitioning_CryptoAlgos_070209.pdf)), recommending specifically that RSA keys should have a key length of 2048 bits or longer. This deprecation focuses on ensuring that all RSA certificates used for TLS server authentication must have key lengths greater than or equal to 2048 bits to be considered valid by Windows. TLS certificates issued by enterprise or test certification authorities (CA) aren't impacted with this change. However, we recommend that they be updated to RSA keys greater than or equal to 2048 bits as a security best practice. This change is necessary to preserve security of Windows customers using certificates for authentication and cryptographic purposes.| January 2024|
+| TLS server authentication certificates using RSA keys with key lengths shorter than 2048 bits | Support for certificates using RSA keys with key lengths shorter than 2048 bits will be deprecated. Internet standards and regulatory bodies disallowed the use of 1024-bit keys in 2013, recommending specifically that RSA keys should have a key length of 2048 bits or longer. For more information, see [Transitioning of Cryptographic Algorithms and Key Sizes - Discussion Paper (nist.gov)](https://csrc.nist.gov/CSRC/media/Projects/Key-Management/documents/transitions/Transitioning_CryptoAlgos_070209.pdf). This deprecation focuses on ensuring that all RSA certificates used for TLS server authentication must have key lengths greater than or equal to 2048 bits to be considered valid by Windows. TLS certificates issued by enterprise or test certification authorities (CA) aren't impacted with this change. However, we recommend that they be updated to RSA keys greater than or equal to 2048 bits as a security best practice. This change is necessary to preserve security of Windows customers using certificates for authentication and cryptographic purposes.| January 2024|
| Windows Mixed Reality | [Windows Mixed Reality](/windows/mixed-reality/enthusiast-guide/before-you-start) is deprecated and will be removed in a future release of Windows. This deprecation includes the [Mixed Reality Portal](/windows/mixed-reality/enthusiast-guide/install-windows-mixed-reality) app, and [Windows Mixed Reality for SteamVR](/windows/mixed-reality/enthusiast-guide/using-steamvr-with-windows-mixed-reality) and Steam VR Beta. As of November 1, 2026, for consumer editions of Windows and November 1, 2027 for commercial editions of Windows, Windows Mixed Reality will no longer be available for download via the Mixed Reality Portal app, Windows Mixed Reality for SteamVR, and Steam VR beta, and we'll discontinue support. At that time, Windows Mixed Reality will no longer receive security updates, nonsecurity updates, bug fixes, technical support, or online technical content updates. Existing Windows Mixed Reality devices will continue to work with Steam until users upgrade to a version of Windows that doesn't include Windows Mixed Reality. This deprecation doesn't impact HoloLens. We remain committed to HoloLens and our enterprise customers. | December 2023 |
| Microsoft Defender Application Guard for Edge | [Microsoft Defender Application Guard](/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview), including the [Windows Isolated App Launcher APIs](/windows/win32/api/isolatedapplauncher/), is being deprecated for Microsoft Edge for Business and [will no longer be updated](feature-lifecycle.md). Please download the [Microsoft Edge For Business Security Whitepaper](https://edgestatic.azureedge.net/shared/cms/pdfs/Microsoft_Edge_Security_Whitepaper_v2.pdf) to learn more about Edge for Business security capabilities. | December 2023 |
| Legacy console mode | The [legacy console mode](/windows/console/legacymode) is deprecated and no longer being updated. In future Windows releases, it will be available as an optional [Feature on Demand](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities). This feature won't be installed by default. | December 2023 |
From 0aa2f7c43100934409f846916af2e0b765eb3b30 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Sat, 3 Feb 2024 12:15:59 -0500
Subject: [PATCH 004/290] Add quickstart guides to kiosk configuration
---
.../configuration/kiosk/quickstart-kiosk.md | 159 ++++++++++++++++++
.../kiosk/quickstart-restricted-experience.md | 75 +++++++++
windows/configuration/kiosk/toc.yml | 6 +
3 files changed, 240 insertions(+)
create mode 100644 windows/configuration/kiosk/quickstart-kiosk.md
create mode 100644 windows/configuration/kiosk/quickstart-restricted-experience.md
diff --git a/windows/configuration/kiosk/quickstart-kiosk.md b/windows/configuration/kiosk/quickstart-kiosk.md
new file mode 100644
index 0000000000..2686019689
--- /dev/null
+++ b/windows/configuration/kiosk/quickstart-kiosk.md
@@ -0,0 +1,159 @@
+---
+title: "Quickstart: configure a single-app kiosk"
+description: Learn how to configure a single-app kiosk using Windows Configuration Designer, Microsoft Intune, PowerShell or GPO.
+ms.topic: quickstart
+ms.date: 01/29/2024
+---
+
+# Quickstart: configure a kiosk experience
+
+The configuration of a single-app kiosk can be done using:
+
+- Microsoft Intune/MDM
+- a provisioning package (PPKG)
+- PowerShell
+- the Settings app
+
+When using the Settings app, you can configure Take a Test in kiosk mode using a local account only. This option is recommended for devices that aren't managed.
+The other options allow you to configure a single app kiosk using a local account, or an account defined in the directory.
+
+Follow the instructions below to configure your devices, selecting the option that best suits your needs.
+
+#### [:::image type="icon" source="../images/icons/intune.svg"::: **Intune**](#tab/intune)
+
+[!INCLUDE [intune-custom-settings-1](../../../includes/configure/intune-custom-settings-1.md)]
+
+| Setting |
+|--------|
+| OMA-URI: **`./Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn`** Data type: **Integer** Value: **1**|
+
+[!INCLUDE [intune-custom-settings-2](../../../includes/configure/intune-custom-settings-2.md)]
+[!INCLUDE [intune-custom-settings-info](../../../includes/configure/intune-custom-settings-info.md)]
+
+#### [:::image type="icon" source="../images/icons/provisioning-package.svg"::: **PPKG**](#tab/ppkg)
+
+[Create a provisioning package][WIN-1] using Windows Configuration Designer with the following settings:
+
+| Setting |
+|--------|
+| Path: **`SharedPC/AccountManagement/KioskModeAUMID`** Value: **Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App**|
+| Path: **`SharedPC/AccountManagement/KioskModeUserTileDisplayText`** Value: **Take a Test** (or a string of your choice to display in the sing-in screen)|
+
+Follow the steps in [Apply a provisioning package][WIN-2] to apply the package that you created.
+
+#### [:::image type="icon" source="images/icons/powershell.svg"::: **PowerShell**](#tab/powershell)
+
+Configure your devices using PowerShell scripts via the [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal). For more information, see [Using PowerShell scripting with the WMI Bridge Provider](/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider).
+
+> [!IMPORTANT]
+> For all device settings, the WMI Bridge client must be executed as SYSTEM (LocalSystem) account.
+>
+> To test a PowerShell script, you can:
+>
+> 1. [Download the psexec tool](/sysinternals/downloads/psexec)
+> 1. Open an elevated command prompt and run: `psexec.exe -i -s powershell.exe`
+> 1. Run the script in the PowerShell session
+
+Edit the following sample PowerShell script to:
+
+- Customize the assessment URL with **$testURL**
+- Change the kiosk user tile name displayed in the sign-in screen with **$userTileName**
+
+```powershell
+$testURL = "https://contoso.com/algebra-exam"
+$userTileName = "Take a Test"
+$namespaceName = "root\cimv2\mdm\dmmap"
+$ParentID="./Vendor/MSFT/Policy/Config"
+
+#Configure SharedPC
+$className = "MDM_SharedPC"
+$instance = "SharedPC"
+$cimObject = Get-CimInstance -Namespace $namespaceName -ClassName $className
+if (-not ($cimObject)) {
+ $cimObject = New-CimInstance -Namespace $namespaceName -ClassName $className -Property @{ParentID=$ParentID;InstanceID=$instance}
+}
+$cimObject.AccountModel = 1
+$cimObject.EnableAccountManager = $true
+$cimObject.KioskModeAUMID = "Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App"
+$cimObject.KioskModeUserTileDisplayText = $userTileName
+Set-CimInstance -CimInstance $cimObject
+
+#Configure SecureAssessment
+$className = "MDM_SecureAssessment"
+$instance = "SecureAssessment"
+$cimObject = Get-CimInstance -Namespace $namespaceName -ClassName $className
+if (-not ($cimObject)) {
+ $cimObject = New-CimInstance -Namespace $namespaceName -ClassName $className -Property @{ParentID=$ParentID;InstanceID=$instance}
+}
+$cimObject.LaunchURI= $testURL
+Set-CimInstance -CimInstance $cimObject
+
+#Configure interactive logon
+$className = "MDM_Policy_Config01_LocalPoliciesSecurityOptions02"
+$instance = "LocalPoliciesSecurityOptions"
+$cimObject = Get-CimInstance -Namespace $namespaceName -ClassName $className
+if (-not ($cimObject)) {
+ $cimObject = New-CimInstance -Namespace $namespaceName -ClassName $className -Property @{ParentID=$ParentID;InstanceID=$instance}
+}
+$cimObject.InteractiveLogon_DoNotDisplayLastSignedIn = 1
+Set-CimInstance -CimInstance $cimObject
+
+#Configure Windows logon
+$className = "MDM_Policy_Config01_WindowsLogon02"
+$instance = "WindowsLogon"
+$cimObject = Get-CimInstance -Namespace $namespaceName -ClassName $className
+if (-not ($cimObject)) {
+ $cimObject = New-CimInstance -Namespace $namespaceName -ClassName $className -Property @{ParentID=$ParentID;InstanceID=$instance}
+}
+$cimObject.HideFastUserSwitching = 1
+Set-CimInstance -CimInstance $cimObject
+```
+
+#### [:::image type="icon" source="images/icons/windows-os.svg"::: **Settings app**](#tab/win)
+
+To create a local account, and configure Take a Test in kiosk mode using the Settings app:
+
+1. Sign into the Windows device with an administrator account
+1. Open the **Settings** app and select **Accounts** > **Other Users**
+1. Under **Other users**, select **Add account** > **I don't have this person's sign-in information** > **Add a user without a Microsoft account**
+1. Provide a user name and password for the account that will be used for testing
+ :::image type="content" source="./images/takeatest/settings-accounts-create-take-a-test-account.png" alt-text="Use the Settings app to create a test-taking account." border="true":::
+1. Select **Accounts > Access work or school**
+1. Select **Create a test-taking account**
+ :::image type="content" source="./images/takeatest/settings-accounts-set-up-take-a-test-account.png" alt-text="Use the Settings app to set up a test-taking account." border="true":::
+1. Under **Add an account for taking tests**, select **Add account** > Select the account created in step 4
+ :::image type="content" source="./images/takeatest/settings-accounts-choose-take-a-test-account.png" alt-text="Use the Settings app to choose the test-taking account." border="true":::
+1. Under **Enter the tests's web address**, enter the assessment URL
+1. Under **Test taking settings** select the options you want to enable during the test
+ - To enable printing, select **Require printing**
+
+ > [!NOTE]
+ > Make sure a printer is pre-configured on the Take a Test account if you're enabling this option.
+
+ - To enable teachers to monitor screens, select **Allow screen monitoring**
+ - To allow text suggestions, select **Allow text suggestions**
+
+1. To take the test, a student must sign in using the test-taking account selected in step 4
+ :::image type="content" source="./images/takeatest/login-screen-take-a-test-single-pc.png" alt-text="Windows 11 SE login screen with the take a test account." border="true":::
+
+ > [!NOTE]
+ > To sign-in with a local account on a device that is joined to Microsoft Entra ID or Active Directory, you must prefix the username with either `\` or `.\`.
+
+---
+
+## How to use Take a Test in kiosk mode
+
+Once the devices are configured, a new user tile will be available in the sign-in screen. If selected, Take a Test will be executed in kiosk mode using the guest account, opening the assessment URL.
+
+## How to exit Take a Test
+
+To exit the Take a Test app at any time, press Ctrl+Alt+Delete. You'll be prompted to sign out of the test-taking account, or return to the test. Once signed out, the device will be unlocked from kiosk mode and can be used as normal.
+
+The following animation shows the process of signing in to the test-taking account, taking a test, and exiting the test:
+
+:::image type="content" source="./images/takeatest/sign-in-sign-out.gif" alt-text="Signing in and signing out with a test account" border="true":::
+
+
+
+[WIN-1]: /windows/configuration/provisioning-packages/provisioning-create-package
+[WIN-2]: /windows/configuration/provisioning-packages/provisioning-apply-package
diff --git a/windows/configuration/kiosk/quickstart-restricted-experience.md b/windows/configuration/kiosk/quickstart-restricted-experience.md
new file mode 100644
index 0000000000..8efadba6cf
--- /dev/null
+++ b/windows/configuration/kiosk/quickstart-restricted-experience.md
@@ -0,0 +1,75 @@
+---
+title: "Quickstart: Configure a restricted user experience"
+description: Learn how to configure a restricted user experience using Windows Configuration Designer, Microsoft Intune, PowerShell or GPO.
+ms.topic: quickstart
+ms.date: 01/29/2024
+---
+
+# Quickstart: Configure a restricted user experience
+
+This quickstart provides practical examples of how to configure a restricted user experience on Windows.
+
+A restricted user experience allows you to control which applications are allowed to be executed in a locked down Windows desktop.
+
+The examples describe the steps using Windows Configuration Designer, Microsoft Intune, PowerShell, and group policy.
+
+## Prerequisites
+
+
+
+## Open [Cloud Shell, Azure CLI, or PowerShell]
+
+
+```msgraph-interactive
+POST https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations
+Content-Type: application/json
+
+{ "id": "00-0000-0000-0000-000000000000", "displayName": "_MSLearn_Example", "description": "Collection of settings for Assigned Access", "roleScopeTagIds": [ "0" ], "@odata.type": "#microsoft.graph.windows10CustomConfiguration", "omaSettings": [ { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "HideTaskViewButton", "description": "Hide the task View Button", "omaUri": "./Device/Vendor/MSFT/Policy/Config/Start/HideTaskViewButton", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "HideSwitchAccount", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Start/HideSwitchAccount", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "HideSignOut", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Start/HideSignOut", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "HideShutDown", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Start/HideShutDown", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "HideRestart", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Start/HideRestart", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "HideRecommendedSection", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Start/HideRecommendedSection", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "AllowPinnedFolderSettings", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Start/AllowPinnedFolderSettings", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "ConfigureSearchOnTaskbarMode", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Search/ConfigureSearchOnTaskbarMode", "secretReferenceValueId": null, "isEncrypted": false, "value": 0, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingString", "displayName": "StartLayout", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Start/StartLayout", "secretReferenceValueId": "0c90cfe3-8e60-4fd5-b0c6-d47addf7c65d_2c9b3961-f9df-43ac-8e14-c90a31a5067e_3aa60e8b-4dcb-4ce5-be8e-1bbd5211429b", "isEncrypted": true, "value": "****" }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "DisableSearch", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Search/DisableSearch", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "HideUserTile", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Start/HideUserTile", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingString", "displayName": "AssignedAccess_Configuration", "description": null, "omaUri": "./Vendor/MSFT/AssignedAccess/Configuration", "secretReferenceValueId": null, "isEncrypted": true, "value": "\n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n" }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "EnableTouchKeyboardAutoInvokeInDesktopMode", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode", "secretReferenceValueId": null, "isEncrypted": false, "value": 2, "isReadOnly": false } ], "assignments@odata.context": "https://graph.microsoft.com/beta/$metadata#deviceManagement/deviceConfigurations('2c9b3961-f9df-43ac-8e14-c90a31a5067e')/microsoft.graph.windows10CustomConfiguration/assignments" }
+```
+
+
+
+## [verb] * [noun]
+
+[Introduce a task and its role in completing the process.]
+
+
+
+1. Procedure step
+1. Procedure step
+1. Procedure step
+
+## Next steps
+
+> [!div class="nextstepaction"]
+> [Next sequential article title](link.md)
diff --git a/windows/configuration/kiosk/toc.yml b/windows/configuration/kiosk/toc.yml
index 3362daaabd..947226dafc 100644
--- a/windows/configuration/kiosk/toc.yml
+++ b/windows/configuration/kiosk/toc.yml
@@ -1,6 +1,12 @@
items:
- name: Overview
href: kiosk-methods.md
+- name: Quickstarts
+ items:
+ - name: Configure a kiosk experience
+ href: quickstart-kiosk.md
+ - name: Configure a restricted user experience
+ href: quickstart-restricted-experience.md
- name: Prepare a device for kiosk configuration
href: kiosk-prepare.md
- name: Set up digital signs
From bb2fb18507ac61b9948a54557b2d7d642a578e78 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Sat, 3 Feb 2024 18:33:57 -0500
Subject: [PATCH 005/290] Fix bug in login functionality
---
.../configuration/kiosk/quickstart-restricted-experience.md | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/windows/configuration/kiosk/quickstart-restricted-experience.md b/windows/configuration/kiosk/quickstart-restricted-experience.md
index 8efadba6cf..b710f170ff 100644
--- a/windows/configuration/kiosk/quickstart-restricted-experience.md
+++ b/windows/configuration/kiosk/quickstart-restricted-experience.md
@@ -33,12 +33,11 @@ under the "Prerequisites" H2, enter "None" in plain text
## Open [Cloud Shell, Azure CLI, or PowerShell]
-
```msgraph-interactive
POST https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations
Content-Type: application/json
-{ "id": "00-0000-0000-0000-000000000000", "displayName": "_MSLearn_Example", "description": "Collection of settings for Assigned Access", "roleScopeTagIds": [ "0" ], "@odata.type": "#microsoft.graph.windows10CustomConfiguration", "omaSettings": [ { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "HideTaskViewButton", "description": "Hide the task View Button", "omaUri": "./Device/Vendor/MSFT/Policy/Config/Start/HideTaskViewButton", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "HideSwitchAccount", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Start/HideSwitchAccount", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "HideSignOut", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Start/HideSignOut", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "HideShutDown", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Start/HideShutDown", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "HideRestart", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Start/HideRestart", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "HideRecommendedSection", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Start/HideRecommendedSection", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "AllowPinnedFolderSettings", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Start/AllowPinnedFolderSettings", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "ConfigureSearchOnTaskbarMode", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Search/ConfigureSearchOnTaskbarMode", "secretReferenceValueId": null, "isEncrypted": false, "value": 0, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingString", "displayName": "StartLayout", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Start/StartLayout", "secretReferenceValueId": "0c90cfe3-8e60-4fd5-b0c6-d47addf7c65d_2c9b3961-f9df-43ac-8e14-c90a31a5067e_3aa60e8b-4dcb-4ce5-be8e-1bbd5211429b", "isEncrypted": true, "value": "****" }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "DisableSearch", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Search/DisableSearch", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "HideUserTile", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Start/HideUserTile", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingString", "displayName": "AssignedAccess_Configuration", "description": null, "omaUri": "./Vendor/MSFT/AssignedAccess/Configuration", "secretReferenceValueId": null, "isEncrypted": true, "value": "\n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n" }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "EnableTouchKeyboardAutoInvokeInDesktopMode", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode", "secretReferenceValueId": null, "isEncrypted": false, "value": 2, "isReadOnly": false } ], "assignments@odata.context": "https://graph.microsoft.com/beta/$metadata#deviceManagement/deviceConfigurations('2c9b3961-f9df-43ac-8e14-c90a31a5067e')/microsoft.graph.windows10CustomConfiguration/assignments" }
+{ "id": "00-0000-0000-0000-000000000000", "displayName": "_MSLearn_Example", "description": "Collection of settings for Assigned Access", "roleScopeTagIds": [ "0" ], "@odata.type": "#microsoft.graph.windows10CustomConfiguration", "omaSettings": [ { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "HideTaskViewButton", "description": "Hide the task View Button", "omaUri": "./Device/Vendor/MSFT/Policy/Config/Start/HideTaskViewButton", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "HideSwitchAccount", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Start/HideSwitchAccount", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "HideSignOut", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Start/HideSignOut", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "HideShutDown", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Start/HideShutDown", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "HideRestart", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Start/HideRestart", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "HideRecommendedSection", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Start/HideRecommendedSection", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "AllowPinnedFolderSettings", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Start/AllowPinnedFolderSettings", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "ConfigureSearchOnTaskbarMode", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Search/ConfigureSearchOnTaskbarMode", "secretReferenceValueId": null, "isEncrypted": false, "value": 0, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "DisableSearch", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Search/DisableSearch", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "HideUserTile", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Start/HideUserTile", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingString", "displayName": "AssignedAccess_Configuration", "description": null, "omaUri": "./Vendor/MSFT/AssignedAccess/Configuration", "secretReferenceValueId": null, "isEncrypted": true, "value": "\n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n" }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "EnableTouchKeyboardAutoInvokeInDesktopMode", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode", "secretReferenceValueId": null, "isEncrypted": false, "value": 2, "isReadOnly": false } ] }
```
+Edit the following sample PowerShell script to:
-## [verb] * [noun]
+- Customize the assessment URL with **$testURL**
+- Change the kiosk user tile name displayed in the sign-in screen with **$userTileName**
-[Introduce a task and its role in completing the process.]
+```powershell
+```
-
-
-1. Procedure step
-1. Procedure step
-1. Procedure step
+---
## Next steps
> [!div class="nextstepaction"]
> [Next sequential article title](link.md)
+
+
+
+[WIN-1]: /windows/configuration/provisioning-packages/provisioning-create-package
+[WIN-2]: /windows/configuration/provisioning-packages/provisioning-apply-package
From c6f2f01eff47cd909f7b76f182b061d858fbcae4 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Sun, 4 Feb 2024 15:36:09 -0500
Subject: [PATCH 007/290] Refactor code to improve performance and readability
---
windows/configuration/kiosk/quickstart-restricted-experience.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/configuration/kiosk/quickstart-restricted-experience.md b/windows/configuration/kiosk/quickstart-restricted-experience.md
index 7fae283de1..71bda92793 100644
--- a/windows/configuration/kiosk/quickstart-restricted-experience.md
+++ b/windows/configuration/kiosk/quickstart-restricted-experience.md
@@ -41,7 +41,7 @@ under the "Prerequisites" H2, enter "None" in plain text
POST https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations
Content-Type: application/json
-{ "id": "00-0000-0000-0000-000000000000", "displayName": "_MSLearn_Example", "description": "Collection of settings for Assigned Access", "roleScopeTagIds": [ "0" ], "@odata.type": "#microsoft.graph.windows10CustomConfiguration", "omaSettings": [ { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "HideTaskViewButton", "description": "Hide the task View Button", "omaUri": "./Device/Vendor/MSFT/Policy/Config/Start/HideTaskViewButton", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "HideSwitchAccount", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Start/HideSwitchAccount", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "HideSignOut", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Start/HideSignOut", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "HideShutDown", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Start/HideShutDown", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "HideRestart", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Start/HideRestart", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "HideRecommendedSection", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Start/HideRecommendedSection", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "AllowPinnedFolderSettings", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Start/AllowPinnedFolderSettings", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "ConfigureSearchOnTaskbarMode", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Search/ConfigureSearchOnTaskbarMode", "secretReferenceValueId": null, "isEncrypted": false, "value": 0, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "DisableSearch", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Search/DisableSearch", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "HideUserTile", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Start/HideUserTile", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingString", "displayName": "AssignedAccess_Configuration", "description": null, "omaUri": "./Vendor/MSFT/AssignedAccess/Configuration", "secretReferenceValueId": null, "isEncrypted": true, "value": "\n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n" }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "EnableTouchKeyboardAutoInvokeInDesktopMode", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode", "secretReferenceValueId": null, "isEncrypted": false, "value": 2, "isReadOnly": false } ] }
+{ "id": "00-0000-0000-0000-000000000000", "displayName": "_MSLearn_Example", "description": "Collection of settings for Assigned Access", "roleScopeTagIds": [ "0" ], "@odata.type": "#microsoft.graph.windows10CustomConfiguration", "omaSettings": [ { "@odata.type": "#microsoft.graph.omaSettingString", "displayName": "AssignedAccess_Configuration", "description": null, "omaUri": "./Vendor/MSFT/AssignedAccess/Configuration", "secretReferenceValueId": null, "isEncrypted": true, "value": "< ?xml version=\"1.0\" encoding=\"utf-8\" ?>\n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n" }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "EnableTouchKeyboardAutoInvokeInDesktopMode", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode", "secretReferenceValueId": null, "isEncrypted": false, "value": 2, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "HideRecommendedSection", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Start/HideRecommendedSection", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "DisableSearch", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Search/DisableSearch", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "TurnOffWindowsCopilot", "description": null, "omaUri": "./User/Vendor/MSFT/Policy/Config/WindowsAI/TurnOffWindowsCopilot", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false } ] }
```
#### [:::image type="icon" source="../images/icons/provisioning-package.svg"::: **PPKG**](#tab/ppkg)
From f77abdee3a4f2bec8dd883ff0b2fa4d9ca5e1fd1 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Sun, 4 Feb 2024 16:12:07 -0500
Subject: [PATCH 008/290] Fix bug in login functionality
---
.../kiosk/quickstart-restricted-experience.md | 139 +++++++++++++++++-
1 file changed, 138 insertions(+), 1 deletion(-)
diff --git a/windows/configuration/kiosk/quickstart-restricted-experience.md b/windows/configuration/kiosk/quickstart-restricted-experience.md
index 71bda92793..c4e4978e56 100644
--- a/windows/configuration/kiosk/quickstart-restricted-experience.md
+++ b/windows/configuration/kiosk/quickstart-restricted-experience.md
@@ -41,13 +41,67 @@ under the "Prerequisites" H2, enter "None" in plain text
POST https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations
Content-Type: application/json
-{ "id": "00-0000-0000-0000-000000000000", "displayName": "_MSLearn_Example", "description": "Collection of settings for Assigned Access", "roleScopeTagIds": [ "0" ], "@odata.type": "#microsoft.graph.windows10CustomConfiguration", "omaSettings": [ { "@odata.type": "#microsoft.graph.omaSettingString", "displayName": "AssignedAccess_Configuration", "description": null, "omaUri": "./Vendor/MSFT/AssignedAccess/Configuration", "secretReferenceValueId": null, "isEncrypted": true, "value": "< ?xml version=\"1.0\" encoding=\"utf-8\" ?>\n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n" }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "EnableTouchKeyboardAutoInvokeInDesktopMode", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode", "secretReferenceValueId": null, "isEncrypted": false, "value": 2, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "HideRecommendedSection", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Start/HideRecommendedSection", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "DisableSearch", "description": null, "omaUri": "./Device/Vendor/MSFT/Policy/Config/Search/DisableSearch", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false }, { "@odata.type": "#microsoft.graph.omaSettingInteger", "displayName": "TurnOffWindowsCopilot", "description": null, "omaUri": "./User/Vendor/MSFT/Policy/Config/WindowsAI/TurnOffWindowsCopilot", "secretReferenceValueId": null, "isEncrypted": false, "value": 1, "isReadOnly": false } ] }
+{ "id": "00-0000-0000-0000-000000000000", "displayName": "_MSLearn_Example", "description": "Collection of settings for Assigned Access", "roleScopeTagIds": [ "0" ], "@odata.type": "#microsoft.graph.windows10CustomConfiguration", "omaSettings": [ { "@odata.type": "#microsoft.graph.omaSettingString", "displayName": "AssignedAccess_Configuration", "description": null, "omaUri": "./Vendor/MSFT/AssignedAccess/Configuration", "secretReferenceValueId": null, "isEncrypted": true, "value": "< ?xml version=\"1.0\" encoding=\"utf-8\" ?>\n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n" } ] }
```
#### [:::image type="icon" source="../images/icons/provisioning-package.svg"::: **PPKG**](#tab/ppkg)
+```xml
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+```
+
Follow the steps in [Apply a provisioning package][WIN-2] to apply the package that you created.
+#### [:::image type="icon" source="../images/icons/provisioning-package.svg"::: **PowerShell**](#tab/ppkg)
+
Configure your devices using PowerShell scripts via the [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal). For more information, see [Using PowerShell scripting with the WMI Bridge Provider](/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider).
> [!IMPORTANT]
@@ -65,6 +119,89 @@ Edit the following sample PowerShell script to:
- Change the kiosk user tile name displayed in the sign-in screen with **$userTileName**
```powershell
+$eventLogFilterHashTable = @{
+ ProviderName = "Microsoft-Windows-AssignedAccess";
+ StartTime = Get-Date -Millisecond 0
+}
+
+$namespaceName="root\cimv2\mdm\dmmap"
+$className="MDM_AssignedAccess"
+$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className
+$obj.Configuration = [System.Net.WebUtility]::HtmlEncode(@"
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+"@)
+
+$obj = Set-CimInstance -CimInstance $obj -ErrorVariable cimSetError -ErrorAction SilentlyContinue
+if($cimSetError) {
+ Write-Output "An ERROR occurred. Displaying error record and attempting to retrieve error logs...`n"
+ Write-Error -ErrorRecord $cimSetError[0]
+
+ $timeout = New-TimeSpan -Seconds 30
+ $stopwatch = [System.Diagnostics.Stopwatch]::StartNew()
+ do{
+ $events = Get-WinEvent -FilterHashtable $eventLogFilterHashTable -ErrorAction Ignore
+ } until ($events.Count -or $stopwatch.Elapsed -gt $timeout) # wait for the log to be available
+
+ if($events.Count) {
+ $events | ForEach-Object {
+ Write-Output "$($_.TimeCreated) [$($_.LevelDisplayName.ToUpper())] $($_.Message -replace "`n|`r")"
+ }
+ } else {
+ Write-Warning "Timed-out attempting to retrieve event logs..."
+ }
+
+ Exit 1
+}
+
+Write-Output "Successfully applied Assigned Access configuration"
```
---
From d59c73f0998ca749a7075fb02ef44e52566bd4ec Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Sun, 4 Feb 2024 17:16:45 -0500
Subject: [PATCH 009/290] Fix bug in login functionality
---
.../configuration/kiosk/quickstart-restricted-experience.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/windows/configuration/kiosk/quickstart-restricted-experience.md b/windows/configuration/kiosk/quickstart-restricted-experience.md
index c4e4978e56..fbb79e6c02 100644
--- a/windows/configuration/kiosk/quickstart-restricted-experience.md
+++ b/windows/configuration/kiosk/quickstart-restricted-experience.md
@@ -41,7 +41,7 @@ under the "Prerequisites" H2, enter "None" in plain text
POST https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations
Content-Type: application/json
-{ "id": "00-0000-0000-0000-000000000000", "displayName": "_MSLearn_Example", "description": "Collection of settings for Assigned Access", "roleScopeTagIds": [ "0" ], "@odata.type": "#microsoft.graph.windows10CustomConfiguration", "omaSettings": [ { "@odata.type": "#microsoft.graph.omaSettingString", "displayName": "AssignedAccess_Configuration", "description": null, "omaUri": "./Vendor/MSFT/AssignedAccess/Configuration", "secretReferenceValueId": null, "isEncrypted": true, "value": "< ?xml version=\"1.0\" encoding=\"utf-8\" ?>\n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n" } ] }
+{ "id": "00-0000-0000-0000-000000000000", "displayName": "_MSLearn_Example", "description": "Collection of settings for Assigned Access", "roleScopeTagIds": [ "0" ], "@odata.type": "#microsoft.graph.windows10CustomConfiguration", "omaSettings": [ { "@odata.type": "#microsoft.graph.omaSettingString", "displayName": "AssignedAccess_Configuration", "description": null, "omaUri": "./Vendor/MSFT/AssignedAccess/Configuration", "secretReferenceValueId": null, "isEncrypted": true, "value": "\n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n" } ] }
```
#### [:::image type="icon" source="../images/icons/provisioning-package.svg"::: **PPKG**](#tab/ppkg)
@@ -100,7 +100,7 @@ Content-Type: application/json
Follow the steps in [Apply a provisioning package][WIN-2] to apply the package that you created.
-#### [:::image type="icon" source="../images/icons/provisioning-package.svg"::: **PowerShell**](#tab/ppkg)
+#### [:::image type="icon" source="../images/icons/provisioning-package.svg"::: **PowerShell**](#tab/ps)
Configure your devices using PowerShell scripts via the [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal). For more information, see [Using PowerShell scripting with the WMI Bridge Provider](/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider).
From c452c4e610166d4d9415989d3b4b2381bc20106b Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Sun, 4 Feb 2024 18:11:30 -0500
Subject: [PATCH 010/290] Add screenshot to quickstart-restricted-experience.md
---
.../quickstart-restricted-experience.png | Bin 0 -> 259723 bytes
.../kiosk/quickstart-restricted-experience.md | 2 ++
2 files changed, 2 insertions(+)
create mode 100644 windows/configuration/kiosk/images/quickstart-restricted-experience.png
diff --git a/windows/configuration/kiosk/images/quickstart-restricted-experience.png b/windows/configuration/kiosk/images/quickstart-restricted-experience.png
new file mode 100644
index 0000000000000000000000000000000000000000..8229147572b5b5b0a68de6c396445922d2cd28f9
GIT binary patch
literal 259723
zcmV(^K-IsAP)__K~#7F?EPu5
zZ`oBRh^=+*ePh1&a?X@8HKhQJ1xP|dNC*(nWvamLwxhb63ik)w5gw|ep+D3ISA^RU
z;IMJI!?e5osa%DPX-B!j1@5LB8oH@ss$vF#hLn($Qc6kZF@BiHIeV9moOjzE<#J4Sf%UxOi;+I|TI{LEZ
zKhZn(oVb;0&uH8av)+Mzmy__k{F+)>Sz2a*M_D_Sqz@)#eWZ+8xZ%_ZA;T{JkrT&mg
zQ*xRHOtl5;TibGYIr;=}TYm_<-Gj2b#HisL5Lo>lOT?Q9WpC8zf}!#vaF-0Dh|{zD
zoF>FKq@ePdrNdn^bj$Op(9~rD=$63humbwqHK<~ut3QLfJnbN?D9x(u%~20{TkkOF
zk;y5|(Fac>@>V?~YnK_WM=%*O(v>CJ7LL|;V-xnXRhGvv$qYD$%vQWu>6&QbO@<__
zWN*t(bWn-7-u1e_i_g7G4DDBEQ}B8ST7|)^X_D}z59D`cF3s$kSD#l~#b);sl7Ny?
z4D6AZJ=&lVsRT&jTwive<$@=nkv&Sh7SnwztN75G1!R2f^bGCq76vQZOJQTS$`&}#
zKMZ9;qFpuLA(MclNelrE?6>)n5#+VO0?%xEfxdcuwC*_CrL}#EAL2G;7o7-b6ZQ00
zIZw1hgi!KGtryU#g2Ud}6j(ryTrFOdBj`|Ef8ECOZryioBsztDg`QFPdZ1y75mYW}
zTb=R+pKGPxoP~ep$A0(&|0yZS=qG;ecYb^+_8ZIJhnEI!1MCP*05-XGUWu|X+~{Un
zyi-x|H(VRiA{wM934~MK(5HoAVZXkqo++=mKqmHV{6+F;0iffcL<4war
z&&m=-04^%%eLxO1z}{kA-a=K&&Z(^IpwSjgq(KVWBsa8_Rn`Kmth1T6ShoMYI%|iV
zoX8deG?a;5I<#t+*KlIl>S#+4CwvHgv
zwmovPpiC&D99A!pJ<${&{5c%SKkPcV@njXeZ1|lO%(LqEM(}C(CzaQE2TU`7VE$MV
zoy^8YBiSyDj9n(Q;Tkfz9fQ~z!T`T5L$Wy0GMUg8((Jb0{HE*9pgeUgR+(A|H4D^$
zz%KMm;+d>vuRhmXa~Yrrt#}B2>%&Y(Kl6Y1r@!^%6^6h6v%m8{Un>8<`v4%~;+`od
zmGmgfiRtU-F$RICcQdosXTk(v)n5J;WcFHyQJJWQ(1Pq%m(&?cGW4qmpSzK$8qx%p
z*a){M-{kFJFo6^npxJ8FB-@$2dd)#Ms&vW2C!jfOyHV^$986KqXKP}-Lf&}Q6|S_H%vP+ds{G>0+Py`OqotZ
zAqlTCvu9gSWtR1o^HJxcsD2bnT^lE!kuOU&%C(?n>OFBC$%kbK=SnY~%&fQh8DDXkUE4n;F&
zpy90TAT1jI#51=e$VZvIT?V_+BxVa7SZJ%qm(+JthY!=xdXf1Qqao+f`v8mVJCMc|
zcaDHI0zTyGLZ>bn;A4K3pFXpKv42$xzku(BVjx8Vs_QSC2ck
z1-U<1vnf+`I%f1`)n;u~ndfKf;2Q)hiOA6@h+>9ijj@(AV_ol=z)&(8l3G*Cr;&Xs@#_Fn>cZ{H1az7xY@^9P2!O-oh9o+$PatuO
z=nc&sGQpi9rvPH0BB8Hc+sq-%c%NcWglBVwlTXt|SVedzWl{qTNig<+QpQ)v?Vc**
zAW*`-f&O4;T9MqB(~o<=;JMkoHdkGpv(0{(eb7#J$RMv8=bhyvla^|OXyhMyDGVrf
zcCWLGq(LqoVso4g0`JhW|GVG?@K*jP=mjOA2zO#D7VLPdjP9xNR+?Ys8f=j-m&$=#
z?soFl8nf%avjz7^pX`~?Ctwnzw(q_Kk~v#4O+B8_fcY7ar&OMCASG$K*q>>8*}`O|
z?eFoA?Jq+7VIK6fORc79q6??@Rj0ijrlAZjFY
zpW|bda;1|o$0B&rKxkJVUE`}h#BTS*6}M;YlD9_)>)YdU69ky3VObru1zyCxE^>PU4z!2gEo{F|LZ~B$P#;*149BdM4u?Tbuj8G@v#mf+6;3V*E=-KQI)YU
zJ3QRA8`p9&;5s-*_f!tJ6GfrOrtMIxl^&91;)wddg*M8f{JFe!IF8Cmf=v?jBcK@t
zs$HO<%^;Np^sb0-9Xx`Z<)C=bq9B&+16QBA2UtSR#}v&n6*-<%)@EV`wb$32jJR}G
zgNTmNCn(R`vKX02TPvB+05EvKpI*oDY;Kif%^qi)_VqbXDYA~6uS40XQ^5k<5rD=A
z+7r|jm(zYwL8-SD<~AYI?(nv3V;gwwmfYp;)gAr7@FbbRzU*kgKZIQ9UHkDM?n0ze
zsV*)EM5h<+z4yXI`wPXUy}eb#CoI`c>SR3I+VIsq!5p|+B#A_CMV7-
zk!PEV9Jkr^-aC4%q-TF`L)*r-coT+Ii`rfbM3VADmlN`l)*-zcujDwh(P%+;@E?0v
z8R-Bvcch35$tt_YU5h0!icp?(1ZSf;Chc$TdyvvCE~&E|X_GR-x0-
z)`OM4Pxic2$K!CIssCNs=J~yypE1G*Ii5Tw7N?_COvuo#5$~MZiRgbU$KU
zDZ%VC!^{~u&;oia9e!yB5^a^0XIy4wua?EECpKpZ0N!ODDP)TiVafFy%k}ke)--(7
z#&yC8B(=g+`@U_TcQLdB{L~WMz3I+#ba?H`5{d7{8Z2Hb)k@`1&Xw?TbV&DII#1J;
zeR|>YwJ5Bk;-qhmq|~=0eIy6W9vTr;2o5-!9Cgm2Z-8-HLR9f&r9fuv+2`X|9M48l
zoj{DX2gZ2VKwqd=tKKm{UG4;=(>jxh1gy6f#yT6+EO;5_EZJ-dD!Dwi)C63}vTO(&
zHkagDX@G&VQ13bh2F&D)LO$);Xr#xmdZZKqmP7Bv(u?KV5u1;RWHI#AP
z?*>Pte3&ToD1pUcEwD~2oHK^~bE8{KQ>BLES8}4#lcTGFIwKzF9e;p51t*sMfkzvJ
zekI8-1YnFUEA4rWsNy%y-FO4C`gtriVn2vn?tLw!yKBpK;r5hueDv+a*g|lkJ#6
zC&}z-J&COK{zQ31DxF$jV)33!=jg4kyPJ-Vj+S6=xxd#I82X}CMK(p@^?G*WEOuWO
z6Lfe;r}p>h{P_d=*vr>~P!ceNoy`_C5he*`KH%k*s3_(H%f(EoQEaf2co$rmvsLc0
zS?-vLR&LViD;oe)2;Xr>RV*`#E_}BBN5w(cHaPlPCOH-Cx9>U+al8Iwn)4)vh9Njb
z2Z25GWa$S))IBrXblhPybth+8j08nYKVf1D9pP%6$9aKmyo3_rvDu->B;bJ#6(v>h
z@#^TE_4d>xcjZTo?hwYVos%8gWtkzoRhp_KgWU1T0B1NE^cTx;3Y1O?6Sh9QcALS3
zTalmyXMXHDKpAl^)oo}#k6T!;4Yc3Q^yDa~-k%BNeS{@ir?sq9yR9#+)$3%3LnF5A
z0P48Cy%|%yYy6xnvfWm`Beb$0@B%;*B#9~NXd>&it?BXz#@g*v#eCC5p<`w*j5czd
zOmKTWPJq_^^A;R?Y%yqp15A=wi`Hio9d1GAN-1Ea@SD|>FhKwmWnyqfG1$}xo>;)H
z1-e)%Tb8-RNx&V(&|$5mt0yCS#+{Ug^*{}1c_tg6NYDyOG6moJ!NTksB>61pYh>jE
zR>=)78_-L4eUifh=TdrqllHkv?daN#1G;$j)N*}_j+F96DJuA)uN7At*0Lb;EE)hd
zBOK3{vU5w2?(H#MxpFlzvi=t9xgBMl;0VrFa*RZPIy^l+OnEKTu!SzWGU{*Zdgp#<
zui(gQ!M3=WZJkG&yvC<@xNBZ&TxLbac&(q0X?d8(+-vwrTgm{XSb82h#TBN4E23ruus)Io5K(
z$wA_C{GE;1pGALm5UnKs=dt9A+4>1tnf8$E&+G6}w45NW-_9>@=euVEf&l
zr&jN{^lNWGYH8<{xWSxoLUjiL4^@g$szW?2uS~KE`<6sop
zP|f!yj=HgiZ+&E3m~t@8a8holVui7b(Z6&^_gMi99vvWXz^kb$LYj8aiv;fmSmod0
zY`HHpOm9h7cSDh49ww$qtvcs^n_4PN
z#epkMM?vJJBH1hXnjf7CXP}S8OtY7DizDp`XGchqGoXNu`T66MHTx}+tIoFN3XNt_a@~X%@R2C;ew2Iw9PYE>A>$9G
zk$oQ~0NmDuCpzv}>9Ah!hq4Ow?g(F|Dg7NT>Ab5;cJG$6do@@q?eQ|6)sr%Q%f-=Ac`(;t<@&*q3aHuLAbuNAGM)5j88e~P9G~fygqT>%nKh6umu+q2
z)sMmT>RDzoip!KdM8F-2qXCZJq_97!lWct>y}rw`n^%>T-;fWIzd(JAYF-kBIy^h*Af5fR*+|>{%eq;d%1F
zgS1_O)hc>?Y?Nk6+0(=g&Y6~0S9Jg~rd=g(DLDt{#8MvI~-OJtJ0&sY%d
zPD$oLTM>xGR8Pwa@_JhZsL_tXMgI;-C)deBNC&^$GO&HjG=@;)T+kysd~@0~uqPM%
z#+w;vlZ874#FFpzb}yMFSQ9e}^1O~^F4X3SPf;Hw)Fn0mHnwB{ok&Q^HejCd$?h%N
zCXoM4Z{UVVGF{;qWu#3n=9+^0s&Z<(-AHs&TbQAxFyy#amf<=DhQLspUhcPT
z+3yK~Wx`zx(V&7f&^$
zTJ}$BX0WW=I$F+G59W|ZLSkZJH0tZ8@FHbJ(U-bEGejkTT8P?>%%W%nro8>2!a
zfFn*NFl(8;>LfL2Yl7H}_-DWREd6i)|DU7FHDp)iM%HX|~N2J|&jGpyE
z?ERQg1}o8LtGqoSN~wL$6hROpctbJojdpORpS~oh)tm;ybbBbi0nA+=TSxtJg<1;>
zz-+_Keyz2$XSQzokxuzxo8o2}Xc+~L^>xTQ$xbozxnX
zvpq&n?6O8^gMd1w$Aqba+*+!Ou?X`Jp71kFotX>>5p`5LGkv&A3PWbEM&-;&0b2b)
zy!g}0*O#o_Jhy4wl02@CiRs|zi2m^(JwZ<$?k^4R(d`E}=*HoY#?y!Np=XZh
zo^wq1pKFGEUfL+rXh(-fbTqHv{4*TLK+2=}<~4}WVZeyco~<)`6b8sgN70>d@T@$V
zm{$twppl7To)9%*N9Kw!Yr0BDn&A18F3%q8d6T?VO5oOfFaugZ0=(T1K
zJ7*z8FvM5fxH%qaeBp_AW^o*TgM2`*OeRS*Y~7pITJ#Gvo4V|%JF=W@Ofo=0?~t*8
zD-Q{IB~NQabzmpqfK5KafMFjJxO&+zc6rKHbQyjF_02+7j1COQv(kIM#5
zn3?Qzhs_@El`~rs3hf^0nn#8&Aca3L-SIxR{DQe3lVw=b%fiuuE%fK!_7P-cmLHd|
z9n?UrWai3LZV`aOxT}XmPh4%I_WdOw`jHR3hQ9Gq+jRK~ouVKAsLv&
z3v}0)AW^6beA16&4n@wV*r*d4Fr4-@j6KtOcm``Rx)Im#Bk-Vuc)0JZG$8>IGIvE_&el0|1}#OIxx8`
zsO&Jui#!szwdqhV)bB
zht6}a6cYDB_GAS!Gr;6^!^m3~>x^Q^Kn$$6kC-M#-u1GWz>gSq7SD+Fx^1xgfY6OE
z=))#ZeMj3xy+4k@s0Zz4_$E+lg&_tWlFc+jzo{Q=!t5Ch&jHi46UUq#wc8#@F#_KF-g<2R6Nze9M1IvOg<-&^MW&^k0;R+@?4ltG-s(TarXw8@z&mHt%d{KG;FYvUaRJO(BnXfQ$g7
zHGA8#*2J^?d-dQjwp7vS<+6P5)H1^T5C6yCNWcEb4SMjA=jdJc?$gI#I-*ZM+X!;Y
z>50DK!mRvi{}pvBpG+$qPf6pq$+7z=bztATdW$_mj#tH*R(s`bWcJuLhTQ^3zz_+Y
z=s*UJMn00994Sn?#sQ3jCnYHx^YwM~Ydr<{xhw{eQ8o)dyYu99Lu;4W9sm|h>JzB#K&xE#M
zmqD-?!GK_3;+xs_6AK!sh;orT`~mAye&Px6S(g(qnl5V_5v>d)U|3c*%7UXE9lh?@
zRt5HZCroVA$~xKO?9Kx-!1|vGEA?T8O*xsi*tbtD3*Y+8FlL!h+v|3KRQ7mH0fw@J
zU<|W-*q3K?^@WBl9ZR!dZ?+Izj2xAJZ#`
zntZ7QAz#sUatA$kJ#e~}>@ZJ!VPiDNGMh|()mZAqb;*n<*lyS;|!NK
zU4Ot$W#qL(p~I4uTZG_fnW9)`b?M759n$YVc|c!$iRj;d=PCLhyy-5wF*7}I`#!zz
zV5Wy&IHGU9W1`zn9YtG}VY~!;flQ}k17!3kP>K6s0GProY40cLh@BdPQI0b(DZJj7
zo=^c^$M-QB%t=YoMy2RfrN=XjS*;8E^o=qhm=&~AaXYdOWxU;tb_9Zc#(H&4sF?I}5`(~oq&RLdtWg~mbi_Jw@5dpXuOs@tCGU7&0
z333*?-1P@G?}z}uIiNJIg((z(%l?tjMGi>PU99scHf=AX(*zd^|C!1#WEiWkS;Hd2ls78Ta1THX|v|s{VL_fk~
zaT|v!(7CJ?Ez|f7%B;!`4-Py;z;TBpWHsBcQrOn!b$9rPnbn_k?aI1+2TwN&iJ+W!
z%LuLIdW%l1_JzE!T#M|*1tSjHkRAPP!o|la#K~-rbIly2*b4=s0ShH3x|wt`2j^YO
z?v7VNh&Cyg9AT8Mhl3RZC-bBq&Ni{&umdXxk0t%>FY*kimh;RgXM2huN{1KPJS;c5
z-$6j0xJa48jRP}=L}T$_>fY+yAw!8ly+CYVXFCDKR>)?L(sRMOHF1mkCR4o)Yw|4X
zR^kqKS>6+<&t_Ta^>`dI4*3ti)BCtQQ+!G-d84qmUArL@8NewMZNmV9ZkB1+vaxdA
zS8svp{#%yp-rPQZRm|xhJaMpO{=^BmzuY}_U`->8tw3bkd+O
zcgUMhR%|v$5duWbPHY2NOY}-JR_NiqHEp+RIYzu~mqrJ}-`ckEj=#0-*=0|ulOyW-
z+vTDLUJ50-ySsHYIC%S-k14vk*DW{57;pJw6QkoG9pD91(aG8QJ-pw^qWM?6hJe!l
zI7>n1@cP+ySsIqzB|#$@@)tZEuC+$^4Aq7_^}eqhlShI*;RZ*kdbB(**|<{da6Y2n
zdh7-r=v?|6FYVKuhG!jr&DhxACT
zAfUCr?*g2#pN#0*_D0a{WZ4uP>7gR$y#_hH0Dm`l$A
zTl_x?wWZCF<#vo^g-x$qwX!
z&?`Io!IK^Pjo5Oso?C=QSFRnevfWDf2yVwkB+2nyOISgx=Qk%NQo-niy~^fKm%Lr
zCc-FjyzxM?(Tqpis&KVsZgpe2hN=JTT7w|AL}+lvD8mAWz^>s|U&rQcv0?{|DsNgF
zX#HY&u_;$3Hm}-qx7HD$my)5;8m-xbZD67<8Z{Z)kp7w(>Wq(!O^gJM&y!O%Dp>H6
zx3^harLmqUA6LWx1Mhc^gB+nJ>KTT!F)ke%lvNUPmK*{IlI$_B+U5-guz-%?+iw61
zF&&%THlvq~WWbkbhxP`q0WXGs(K56%VDE+-*Y|SYk$2}`K1i@-XuYua$Em-y?sMAW
zB(_8_x)L$0nQJeX73}@4$);kIBoq0{04nkh@w3j`_7F}YS|9A|Xd{TMnq=!0
zod5yCPPt&nfKGmmXZH*g%X0Y12E>>7V8wg54eZA{8Lk6}c
z!7(S8!oK!&i8j+zvx~n$t#W0{ecbtI2Viqc^Akb+Y#4Q_P}^lnnOR%2oc$5vfxsCL
zf{O*_QIUF{lF7Q$q(P|ANNc&)|@tV^G{-&d(^u;AvJg%#Z
zOtwbW{p1%2TisdKRx6)_Hl@D3L(_4CMq}4(=flSA57>!Kb*(lfyt1V3?$D3jzW)xP
z|9qLs{mRoX)31HzQTmrl0QkTAp$l~9e42jplSlOA!CCs;*OsEUy_Tlii2mj`5}hwE
zYAkIXEM*Vo9oAqsM25o&pzqmcib2Tr-rCs!2)zd&}(p~o@x3&hWztv5vi5w?eOj|@)(Q)m6
z^pQAuTOdmmi$}5SE6++;z4$F;!L+En$O-IIIN)rLPIB~EY&nHtCJLe!{|p^d3QQ23
z_1l))$l*Xo5_90i3M>zUr3MG;qc|Xp8(8oP%@b$?wr4VZlJdOyq(8Du49I>=Psc+8
z$PQr}+!NZk9`LlcgLLv^6sYpH8h7_Y2Bsnq@wYg-WS_@mzj|=gzM8QFYZv!t`ZwOV
zNA%PaZ6vVQ8voOmPt#L}r&24gIX}?{?`dBoErNG&q+ilF7R_+1iHs>amQ^(jW9+39
zf1f81#imt!J(u1qCc^d!o)C^#9gJw(
zIuf4J$i4B1SA_?SNCYr)68axkW<^w^zcWgMu&HjEJx$wzTTJhSu_T@bBKdZ4$wR>k5EIl05y{8)OvC(HSN#EB|X^LmNk3BO)5E??dt7^(+7uT4g~9
z^i1)vefvhSOzW1)S+XfUqy)Iez
zWn^Ps!I5Ztf>z9~5)WwTf|l!~DK@QV>t1sMveL{P@R*}UUiE!ZPGYOTi}UIPlo~DS
zw8qnOl`VmXGPW(LKGCrjUbM}iDYxZZ6FZJJqh@hTUgmQWULq_!c-~uq^^+>s>
z&FZ6<7->=+C^A2_McoSR41Xs7QP%#-dcFN#MD=4YYtU4&%W>`Cs0L}}t)$ZN2kw~Z
zvv0YJo_g^b?JWgwzi^h`b^A;&&;|O%FI=HFTslo>mmK21b|2GSXRZ<*HlE!$I%-C;
z%4FOmc@;?7IbTiFzZ_
zl(0o7@i{a+icn7MUvja|+ncdLb3`QtxiIf;;$#LwFwk`tvIcc3Pc_gZFrWxq+g`!+
z%N$pJaiTNC9JC>za_>TcZ1o@e1X-;ml$R42Kh^oWlTnz+_<%i1aJ0&)i*hzRv*Xfe
z;deyy{rGsp4)f}s@xb`V
zU>_B$bz2;;v^G2p_O`a{b_8qDZ>;}zvConXa=~Cviy(2AAupvYaU(zr#zuR(Oxy`Q
zw=YIf%u3+f|4svt2~*h!{0%2b70br|?UT1?3rJ;z2*;%%F2Q%V4}{H17*uf-0)7V<
zZFOrEe|1!GJXzPLnrvF<>sr|s8K8B~MQqRIb6no~XRw<|8>NF$AqgIYY?Wi*Moo!-
zZmcw$kk+6`-5YOqVHUdW^h`hc{)==Z7i-PEy#nA&|MqLI&^>#5^sTpEU4p!6i7Z=R
zM>+zyelT}VfHIdmBE+X>l$o|hfw?Q*?l-~ANe?uf(zB~&fJT&~>XV+a`aQdYj
zvuUGn?EYYSCN0x9ZKOb2K%wn759FChQ=P2K9ZVb!2SV*=g3u0suV1staTgLw||m+AIgk
zkRW~(Hhu=1@BJnc1PxcH7+Wl0CUGAXjtL73nU9S#_*l2w42HPVHVJtc`QvSRiSNk4
zs@oV%bq5Di8f?WRxpOG
z0o;|;`}u`|zEMCDn!YhNf};?Y0B;X!72!KO&GZBJwvUQ(w@R{fdrkN269R+9K8~VZ
z%zZRT;CK;3bSOj~EZ9c7o?+N=c!1Pa1OvI(zpZ>DXpDYb9|i*4j5X4^RhW1TOFu$P
z28H|9Deyk_*fyZj{T{a#BMy66MZl?>BlamMP5*%p2S@^fsdxZwe3;1)$j}mv)O38!Hsz;a<60UEjQZ(W_QI_t
z%cKSugT6$d5@=9$&o`o;^I6a6#8LsesSr*R=w!up0(U3Q6Trw2Pk5pYEk7-bhzrYu
zCNe%N3@ezFUJUJLDerNo6|V7OgBgC-ER%gDD7WOU1UH*jn;5*wyvKk~jVcAJ!xr`s
zkFFhqPWkMUYA%OF<3O(gLh;>godZ(BT4oPKG-S_MApr^6wlsz9FesfTos<$<4Y0(@
zn@&!e^_gc7S&o>5wubmdW90SN_IYMm`61~G4G3GG*^8`N!d)N>$hquDBN^bZq(r+x
zgq!o1V^ZQXQ5rCG-|`=r83{KHViIc4@_T{j5;L)lk;RLNt7Q(vTL_pN;)Op7}I
zz@S)mGJNS8WN&LF0j9gWqs+)YhU|pCZ*f?<-tu+(x6PKN5x(6ghRj~zxo>5gK#-1X
zSaA`@L%ddVh-I(5y{hjsS^C}_&#VJU$A-f`wuFgc5foN>X&jbP~
z;YYNL5qGBbhr9bXkchIr^I+tG!5u0>3ciGra{CBZA9B*R5VOEGoTmq@X!vO)7RF>7
zQAcpx8wx}e#b~5_JbH=-#GD5QJOX`MBLP1=kZ?X86cR;7jzM;~O{p79)_07C%a4ih
zvu2|AnpI{1-{iQXsU&lX=n_s1k-=C2#;I^gI?M1`tC@9r8iP2*aYZL{r_rFv^
zqx^QCR?K#c5`#yam%+1LWrJ2o8+OKq{8_nt#`{^Cc~z$MISudg>Kri85T>mo0t!%O
z=zn}p(&8%7NTkMv38tdjRQ)8O4?b{^wqI$xP~F#nVB!hQMe7UMAe!INpg$G_M3q$B
z)i=|n1jqAWEp?PtouaT$p1twCJw%%`1gWDC*f_MQs_TYp-OH3whGwO_%DhDIZGmeJ
zlpDsdfAWz1IDil)4-U=WH6Imv7}IZn
z`vR)#o%cgTZY#4rjNp2tEl2>Q5y&l+TGz!h$d2_bffKU~TQW%>^%VL@%6qiG^Q!!Q
zKhjGghVn!AL~6hk0eaUV8oF|DICr+FoukT8VIw^?XiTtBBY5b86lx_W{+VV-o$y7
zX45cXCxvjzCQO>q6`y0cj4l`7dUK6$7)o%p-4ieR!3m7
zPL(K_334=!5y+5dS#ixp;-<*MlTzqKG1-1cb|``
zODC+0_fA@NyWO;mA}Rlfrfa$|{!{rdIX{{#LiQNINfhU>MU|_zBv@pv`JB&gZ<|7r
zZI?nF=25uo*PYO=L&DJ;9irn11OP~u=$$v+SKN;EWg-1}um#v8T}Su@`oQ3_H8zX%
z!gDMtvYjm<3e-;V=CFniTZKo1QD7urKK_;yAKA
zE<@z}DKN~*hX#Gpv6FW7+{tDo5T%Gqj<2TS`HlIBeu^
zEck^{s|8OSF
ziK*&*jO;|iSDP#R`eMC4CtYv#he7(F4eYuv&Yi8qmo;)-
zw98{36_rk|3poXcr=6y)Q0K#=bl-nVJ}nu=r@snhgJj(
zldZFhH0n&x(b2ir)5u_&nvRIO>oDCkv6!`c9yOt`ju2%~aQyCNALx0&B?F^N8Tu6n
zxMI|9nI9EOqu7Yp1zfP1G+t$zQa_!MMfxPz_~eSu8`rJ9ZE5%5jjhk@WGD5Dn
zk_T;J7BrifM@&Au&%mPu?*PgjV&+EM8}HjgwNu%U++fY5YSo!yl2A$PXOz)b!@pX8)R`;}j4$-YC@mdmZ~dj2K)WVp^&fhq5d3+-{-XBiP1=mRwI
z(ege}Xw}TF<7g>VK6S<^wH?1LI}?~gtK0&y22t0rgq}NkNz%8q7Xu{!B^^Ek
zy78vquy2JSAQ~9dwI;juC&y8cWygKB(j4p4(&2NECKwT9w(_E4YS82swxHrvdk5%)
zpwO`0B{L3VMNfMJ%k2i=`v@V8UMSt`$2_j*>NJSPF!k#n^&<7LhCx;L7#Z9;Y+n`mAl8>Ex-$;~t`3)q0A#xv21_j4
zas}+MtX4Y%-3Bm`>hkfNj1sQh>>vUVC$X4BYnfg@Z)^E@-C`#b_JUl7(ykeL8*9Ki
zI(+3aJwD7)lMlM;erS?yXRe_(lwv2Vmu-dR|W$A=AJ2wrm7lEfwoWloK!5VHB8?ssa}oh#JGA1fddst!_qu_o}a
zb$4C0G$1gs@wGm7?J$nm7ww}}8U-}{K%j49d<+F94{%({?JA~mmED9Ug&ayd%Sv|A
zIT`jL_b4?A{dx8$(PORUkvXunSQJ?r%%^b1@p#(B)Z)m=_holBl>mm@eEa}qyB|YH
zC<$HHQBRjOO}VSf8|MKM-S0eTq;-AGxW!;3`t>*98L~P48|8FufqL9!$9xn{LpQTF
z3Wq2M#9#wW$9)W+ih=#;Xgts2^rtiv#bGx$SWM8z7%7UExLwV1KdZ*!65V{?SxnQ~
z0Ar)9;ed8SdMT1E@K@&;4+t2@FZ
zUNq#eBgd$GS}GwRXO#}U|6A48bFa^Kk9#z_Y9@!Ap9xUg>mnq%A3STlo!ZJt2Wu}hkfqv@g-B^mWnfywNdgNkp*voa
zb%3%@W7x|D(h28ibZQnOO`Rm!9WxcL(a1}>meup!62F0=3XE+vkXnPRp~0FnCL>d3
zP^}%hXIM7CoxLWp^pcoC+>HL<^=?Y(LiNJ(1OIdPN}7+F^%`+jDK-0wjjM
z;OtE>ww>ERe(nmO)@}9haw@cXbKLOgtES()Zdta2huu;uWcC4pmW{xV+z}D_s9a7R
zVjSIXr$5sQeOcS5S8{~?0V~!qgMr4JF>3X^_(b^9qCO_~3DAJ`NYECp6@|()vJ0JL
z9DhjoHif#~=5=;%#Yu+eTZUNUfD<1avUCz$Iu7k_ns7GB?rpTIox68G$vR@Olm8%&
zM*OX1ESu||TwVuO;Mg+t8hrdZv&XjQn>k+Hwqnw-`=H
zx1QkSLUgLxV3uKh*Tt#NLhAhr%O25&8nrj9%fi~D1^3D8IP#>^k>L1Z%@Coj-aL|t
zV>E)?n|+`uVzuGH-oV(jWZYV*
zGhFd*+*C399){(`UiOHsE>KeQIUkYPRGH<#%HKq9UdL&{sUNfykqz-RYWA;g$HN?J
z*ZeK$B%6}2y$sOK?2zad4BcK#@ns>D1*MO^O|zC;qD0@cp*XLfOAM0N)*#D7UF5FQ
zh92aL(KU3k^(!jFnX=`4$TM-`tWeljPJPb9Dfu;g`7oWa{W2-xOI^*e)@TbnXd9iT
zIrN>u=kCKKzS7HhuV41*kF+(C+oElFjZ_mshVSDUyj;6~Sr(8VC-daxa&}0fD;4;Xz
z=fkqAv;PKtf>;A*T7q)q_Jxf803oUE5DL4t0mY7MKE7;^bLAstpWDliU-LS%XJl{2
zH00`}(R4C~l3N{?wuQm~g*%ISY3FDDnjcX}L<3X0tecFr%r!$j?)09W(*l%S|7)**Yb^uh(-z-P8@jF+YGplY28)MA?tH)
z!2o4In!hUxY+2z@fxXD+WP@rBt6%?_dSiCp+2^4Qiu%O+;g~-1xf;vFH
zXxHQhY^BNSwkWKQUf+{_!$V~_ZCBFB;sfiH855t3gC-yd2io;9P&^BL$+`nN3VQ65
z3T$gmuj*xWz%#I~OucT0JldCx(66t2{HC8w2vc|)ra-cxFvKCg$twYOmF
zo>}+Y6{9#E@7ti?4OVWV?O@g)40s7;UoM^A@XEiru8MTMZJoCu3_H19E+5mn2?erh
zgOP?vx~O;aNVv+92NFvAG2xlbNJ5tm%-V2ahRtE>($RQcZB}cS1Hq84FH?kms*zE6
zCBS6nBt%%nkXpF8m4|fQ$=EoW^D#xCH#|fCAhB%lO
zIFSIqBxJ0eTOHrZ#F|R_!3plzKBDzezP*?S5vh3e*9|rpyFhF@r_&FNdDWM?AjP>j
z)rlFLz$@Vvj~^pVoJs6Kh^N@ed`%2g*1ktSq-}vx+1S=U`5aCgq2Yvoly&LojC-OG
z5SkrUyQZOh#olY7e?$Im=>CadV$m0X%R+9|L!(RATN9r!_5%NU*(A3TZ`LJw8cAR3
zX>h%kpU_MDHy<7xg8Zj#K?KWep6@$1fPx2GO-g9nqb
zjwP4|;^gxy5
zE#u{YapNV&Li4Imn!LUl-B`2Q
zItj@V&xT5%C#C~Bya?5WYri!XxQKwE((&KtdnG?sxqRbbl92hC{R00(G;e
zldh~eBO4eBp>3pmU3DjDlt(ZcG7RM{%S0R@M`-&p)gnt0BxVnCDr5k^*}a;jrp~U)
z+S22Gd0CE8t~n3P^?pB)2I_i1XP?OvgV}JEmL+Eka=}1=WP6Dqo4Y>3=5;oD!+x1inM|2nxo!XqE`KWT)fTIOpsz?<7BM9~
zi)?QXhSovzmP{QJfq$}YtWzJfN$2|<$MB7l+W4$z;xI9`J%AM(H+1|%2kPgLJ%$Q4
z$sAgSv`u)8I!wQK2n%TE;M_wMzk8d$)&{(eZC+g9WeLFcF5XJ#ANgH+>9McSdv3c-
zPks4|UB^)?0-Z^tOhsh5J~%ug`oeG13r{{qnCdLYwX2uuf!p`#@!$Ec>09nPMUQ{%
zx9D}Z9?^4;e2(U$quN`fbvXotI>k`I?;XR|=)S?4aq$sxFT7B9%z|;C+p0@yW}VrK
z&N!QH-2hh=#UQ$Wuk
z2hp)#XJA%keWrn-o}TTKP*z<4CgVXW>(>-(jR2+|Bt-ydq0eW~Cm#d=KlB6bjw}4-
zhEYxjGC?wsBN@mVwC{9u0_r+GNj3tfms-1=+6y2g0yd6pQ9PC$=mDkXc}!%t5vKbD
z;$#dG$}%nD5kdrS>uhDUBc1#JNU2?vC)brZ21QP%o`DXR08ZKt$KV{{l8y|?o+a57
zAQ@-5F)*luCDDsw&0|+Dy6=)V7}0REi&mjxf&y07kNW3NtqK!$0Upi@B|qnIN7pg4
zqy86tnH8ewtCzw4@Zg`;ee@m{Kp7v3yVGG7zn2T;N(`{*XoWCILb*f_{i;l_N7D5N
z60gf&ylN5ZLwe@9=jacA?HB2n|HVfZKyJ{(fBGQZd47-XqUY(!M;@kUpL~k$yk(;M
z_Ftm&2hY-DU-&#d`@|D;{_tsf=;I$Bb;p!9g
z^kZMEeciZvb@}}{`j!9eXX%e0ew<$X+Q;dWAA4{q`&Bw~aE0zXbwuZ`JW4M;|4e?X
zg*%kELkq4kbBBV5jw1=Tmc@2@xyN(8zsg3Cw>!E6I85ifZVQdDr?-OA)!$isP
ztikPm3{A3R7V9eew{vdx{rEKU3sT%_gjY`B!mA-dvlp>sxUQsA@k94
zT^1W10qP(lq%Uj)S%OR(XBx^6+6hW<_cEQz4mwG}+^n0C%m^)r+?;snb`~krp
z_(6Q3f%TjYW6Q4CiyZ@p*E@jg^4yll7>ss3Y@F#;9V5Q>es$ED%wb;@xK8g0#n@^{Z~Kzf2Zj+Z=+kD{WS6IZ=i!4*XaJ&-A8YK&AoL0T}*%U
z*~jQ_{q28?{^fu3tMoU&_wDq5`}_Y9z5j#nrLX+yN9n?A-n5KL_I3nVFx5m5QC
z;>KXRthX&;IDFwg4+1?x!I*p+ZAI!%YV1D3l+K)^_*K@@1d7*U*px!sb~M45STK~3
zNoI1}U*4W0X&{|248?KC~~mFMZMqk}4FFFp1}
z`l+A#DSFEf|GV@9Z@ZITdigRv{pi=|E1&x$ojrS&t}Q6M@Y#>kop1dPI=@UUtE9Bi
zhYHy`{_SXDvPqma8|{zeFx*<{nk0t6gzao=%E*Px44POYD1a{eHjM@{O}PHa+)5wu
z2c!&N8<32q0pTh38`rPW!Ic-6-$%YUJVb#4Ht1&kZCSfu3LPHNKA=W5VX$yvLtzaj
zuHEZ!LTX^pw57JycqE65=DfATt|VZTy|j?eS^?G@e$fp14c
zKhl*I>^pv=)9##a)Bt`jvUWrVC5r)3iEPpXzag50{cBLPE
zgW6nZ2LlXhKp9urIWp4
z8>SFv62Mm|uj#_jZYJp#m07J><^&xBl|fmN+LU!2%672Ek!>|fM6tc|bc*)QU7-C_
zXV%r3g8vwN^<8MYwvN4GEh`AIFtuR2`(PMn+sf*6g+T7O=a+G?*-P$CM+fKVz?r|^
z`tztf<1^KJ=1`?hkUbVwXIrT+(1ykhqa~7Crk6Wlf|9Q3w8wG1zrvy#`-$$n_b&SC
z^(%DShyQi@-QW6sx|biNN2fQ@T*{WZ!nyBAjU~fdlQncd*NRx!z(=m%o?}FxYu5IhHgExNAG{nJLv8^Z>KY-
z_6Q+Cqv8VRBX=Ux8Xk8?Xk=oFP+V~^?H-vY22&L-&G>>w%N1O;r}@=z5@uWyP@X+A
ze%dv;(V!J;KqJAPWrMG@XbovQu-=Js!$~olhYh0%{rZb2K{=qK!fXq}C-wmc3X61b
z^ipSi8O>~fVsy#wMhKk?!ps81**XS-j48fi5O0Rxi`WjcZ7csNvwB{Q2J#
zWZ-;sNT2)DPtw6-57GVK`XT!A=RZqd`IFzIw=5aEJMOrHo_yw6dhR8mH@@L^I>$3T
zeR-w_{@Od~Q$PKGq&vRNGw4*wb|M)Wh`r-d*(Wx7=SlygHqu
z*T4N;bp6T|`qHOAP8az)UA_7;y>x@=;-yRU<;a!b?)lonun}Tr|vY>(L*~lG-EweOW&JHJv
zOfSD}6J_rYyacOJyY}KU^!mFl(g)u2E^4v02Ds{NlG2K07PEMVXrW;08(kE^vbRm>
zj03~T%GzFM?#;od5vT0EWmmnd7|h65p`Ma%KnM+_`2)+q3gwqIpba-TVm_rA;udj{
zkI2}d9(?%$QoyX=RyKKBzc+=d9Q-OiaYrelYb%KmoS0i{iP6~wk-^Bpi?23
z=3>wnfmUI_d1FOt)VX`Si53YYR5AlR+aL&brdHUI4X~u5Ic`<=^R+!h-eDkSE-d5HWUpB{qO1
zr(r;uwIsWKD4-&10mkTPs@UF;oe@6;3zuH7%A*hbC~R?(U!n*kiG#uV7Pu%)?MvZe
z|FT`HJ;iCaPOqICMn}nZ!e)Ky9j~gvqh8J+mj<_2z?7`E6<=OzWem?i+9+W#8J)6B
zCtsqxnHUol9JH1$gV&6n;}&~c#+$h&e^;*Epx^p~kI<7>gif8iMW=0pjH4jWd4~7Q
zHcP{94r30@g+J*1GY_WcjZ)2S$x44|P?p4GJvJZT6{tpV6gbT?_Uq_v8cfZuk6vte2CWd;O(t_FJv;e{~Qu3WA`-`QI(()FvC>H6i%ZIj8R
z;_0*JXxiUj?!8P$%XI9Wm(J7KuY8n#mZGlnyk8J{t9B
z+0ppuuPDOucX)7v_O3olfAjl3MCZ?(aYM{D1;Li>Fu^o85XKnfhH_R)k^_tEpE^p(
zj=9>fwrzRcfq$iR0=(>k6`TUHsqVTUnaKm33XwXO7C@BinQV(rgAon91!>vUq8jUO
z)iJ}}oKh3I89fzw8l&Q?G-aSEOpT+Hjim?y6A>7AkrdQOFCQ{{Sp&z*c~EO8Y1_Q<
zX)=M(&D$~j#EoYkWH@5h4EStfFn*PuDjoWpT=uk-1~~pwMXe{4(kzk(WR4r)>Op|&
zzV|Y+lLkCDnVHdXuVlnPG~vMD6zZYuTCfLt7JOE{uxwJd4MrQhQO$m_Sb1}11c4wE
z%mF(SP!9B`)5?P^%ha(tB|*3&N9I{*r*ZJvbgSuQ3-D*@W(;f~HMx&-7C6dko9efG
zTu#NEsJEf`%>J#4fjlRUseGXQGQ9%@6Oe0P+t&y0rQc#>Wb$?i+BM&i?Nca)Wigq<
z8ZqdZ5mzYWej=UnW!oA>Kn_&KXWjCQV?zb^3n}1>fvn5$a^sojU!-68tv@8b!dcvXLBU<4O)+NWGkF
zBrmK@ktC-fE$nwC6oJrW#adD;OR%I2>AqzYi`q!*b%Um_O#*~+qGd_wpWB)+b(|6yc
z>`*a8M9l;qBF@4N6V`5JCUAfh4okw(&iXbkOHX8JL56}bY0wy{TLxz{kq1589i=IeJ%+%-H#P6>JG~|N`
zvI8pkT^SD?Yzoq@EtplB)x8*9UmNY)ct9d1(Lh!?r1vP4O}!SX6>A~qI>*_|G$yw}
zhBw9DWVQ=R=h{qhO|W)Wb)m6G)O;d)wD;a=Y!pv-deU4O?)+&ZjikMSHLGj0p{a
znGm3x$(i+Gd;mDhQEcL50;19r10~~gJKuimMY`wqTj}vDH)x;FhVi4&&uzb%56Oa_
zXzGY`2b-Os&erm}Fn7IWjT;{Z!*+?2A6eS+6VA%z17dbiCG*{UnYT=Yn#QYZPMAun
zIjY<0><__hZ*35P6DNYvvEJNU0=Cz_@d3K;O>fpskXaohq}PQgy|KAsT!4QEeXOyi3W;$H5
zrMKRCA;5tj0*n3|pV&2^ITmef>3C-Gy$(aU+m#v9;DX7FBm==Sd)owUYxJU@?Fkd&
zQy=bJ6z)N99+bhziP^s4sYXw;5n*X!?M}31!JTC*Eg;d+J?n}shQ1Yr@H48gnq4xy
z$lE=l^6gUmRw3x8
z%AU%h_@9Ep7J=gUE~-5Ojg?*)V!Da{$x9NZb^=Ikj4InG!8F@wz#
z4CJHh7?f~iR!#PD774tAO|?TN-Xv+Nb|I!_$yHpOCONaG&_Li~R?-GuzHzfExn-?L
z$Zdsh2u|$DKXJLV5Bzc1q@Y-QK9Djg-DZNUm9Gw6y5%fA`r?Z;@6C0)Dc37dm0;s`
zz=!uM{bBD`JM+l!VFx?zy1n;c`nVRz{mR!X;2Rz;(`p@tI2tqzbyh=10?Q1I3y?5L
zJCrNGrmie)#U25n1y2M{p&8otYuZ0mQ@)daOK?)-Q$IOl2BI1n3;yCvfhW2178#Po
zl|w9(5K6HEooFS50{GFXQ{y!w2l5e#seK_biYg}##86xRXRyxDcK
zbBY!SX}2AU9QMP?NWfwJCfB4JpZDW}CQAllI5&v`DlY6kz~R$pgfyo3m_4Huge@5JcJ(m>PK^^V2z7opeMBCk`|poLV(NlVcC+NXPW&@4Y%u0Jx77<=
zx-q3}LkD=ZC2C+Sa0`%L`P6R#lQ=aNYQpIr3I?8yJ#JvR35`1${X@gzYb{K$8Tw?T
zgCv8Io=d=ij>^GcPGZBrLQeQvz!erD$`ah81RGNp2On{Efe=xy(;q2rH^XYB-O8ZT
zwvjV%L6t;6*aZFyOzkHIi3Wv0+thJCey0~|IE-+cmP6VEEzl_heQcW!CPKLq(K2S7
zqWAJ;joFM37zl4c0yq2!x1gaGNSJe$au)%EZ^~vzNmbYLk;@kas}vnJt4N`RwQIwP
zKnExcR=lWT&O^H3(O>|Yb8~X${Q9h_)11hIjF2@0dUAduk5rkHgA3BJ>Y3Cvy`GU&
zo_Tg`GG5P#?*hg!;?@}F)(2DY$(f8(rS-W5sxYWA?X+p=iIne3TX(oqmW@C!-pu9Z
zc4w0*&L4PpsqdV*fe})opAECGOQ=AA6t#hw@t)y}FN(j(k-x4=@EJpARMv
z@pfSk7}*%)eh%7E-AmF8HkRP0^$Qn-gTw6eq57m=bAmvJLOwYfGvp&CAo8HxVi7Cj
zK+x8p!DcA{=H5OZcW~byfRL_poZxj}ZEQK_S<*m+u|?fB5v_%!UOS&DFcTmn%tZ74
zLckXBGdfydcSPcjgqYSybzpfN3gXu+ATZDrtaG2Mdj>}zxEZDT`e85>CNrXD08wzr
z&A7wKnfx@wma|axcH6xt_u?N02;Y3-uDZ9)FcPr0LmgsJ2ypo2n23@=6Yt&v6f=wj
z!Nimm6(ri>wX&9Bf?+)dp?*hf?LH|
zcpNaZsl3uxVBJ^Cz}r-&;o`j0ja4PtcnSMqd~l@212=mv@JS^fU@!-t95>5ID8Dp=
zNFG=;*a==7;pnw<;%J<;oWy+*TrL2@Qx1Ds#Owxz^FY}MXUxHFTl@~TBqmoFWT3Yz
zo&B`zsmdE849bsi*rGO8+if30r5*}BQwLML76%%K|sL66fz!URndekZoU!krCfZ7^&qc^v_~n8F@;P;2n7
z=t1OP3^6?uy{9r;X{j%)HRxf_RK=BDKw-c}F%|7)DP)Nw9qe*x|DdcJ9BuEvz|kLZ
zH_PNYXj}{%pL{dJy@=Z2F~}|0z*J7KvA{3cf05+Zl^8(F()Z-whC{m@l_dF7!oM9y
z$WYvwdcWVJ0(aPLh}NEZ8xDQxZIsJN2hVAC!29BrkLsbHe6-@y!G3NASiCbsn5|P#
zAT%6(R|e!{i&=%Tq1mAE$i!e~&+D2I=<4RtCPP^_KkG9`y$zZ2dzcyW5hD#6b*8yV
zhK6`mJRQCAS?yJz02;(Pxpa?M9NbPQ`pQdWn9XXbRvjka74Le4-@;cK1&`xofX;AREHImEgy()uTLs}-NZ!*fJ6i&||TQ9@ernr}8AqE@aS!A^{^_b^ybUN@!?N;8}0K|}BN*Na+w^^pg
zD3z^7@XM#sDNKmd!MhR4*?Ll55v>MWfRf2wc197}``}h}5d#yk&MESm_Qt(^_tq52
z_=6C-3-=(yL!nfrRm32lBS>``apFVZj~NGc7C{%;|ENQp?K4zXa2AhKOtYt#Kv*@TMQjwrxwuGO>8
zo^!SU&5;lIqCFRab=joFKv5Y{VSSjrh=Fw6Kkit~i1|07Wl)yF$1!(31l)nedVrMD
zSW=gfO-k6PZVRa+x;BI7noW6hnL)u(00xPpvvuIvHn=~EPgj{eBIqOcpR$ihZjC&&
zI-@{4?W{ycZ}y<61$mP>0B96P^-g{iSabrkW_!)hNxfE0n)#58Z70&ht!ry~3(heXZU&zWKUSCsW?L<_x3%@5H
z@CF?sOCGxKq+^3!qE8uUz79HoRkgf;K(;=nkYS^#W(_#4cMN?^RweOS;C8lA=-g7^
z*Qf|Sck(g?j#>3Ngv#ufxZb*1R(WlMsQ5l}Ww)}7GXRy>O{6ez5g&ww%(9siN?Ejt
zl09zigUwcd=(a(`-*8oNB+oLh_^3ErhL=G!wd@4C-iT&;p*Ts{bGJ=uyV<7V1sGF*
zPa%JzSUKO>|04i529tJ8U_Ur)GEwK(DD0Vp55ORf2l7T>kAQJaYM0-8qHEqwKPuhf
z!*$`H19zen(0kS%oq&6}j#mTLo%A?K)yN{M&zyJ=$Z1)9kBnv1wm2^Xx3FVwpQ_V@
z7$p=uBX94lsV?MeRZfexrw&*K#}VMk@NDHg5Tb9Yp_
zkX0cPSF#|C8xQC^vU}x*Er@P)8Dz?WmwH#o`)L9lbg9ZYO_VGct3zcoV1|YU<`b+B
zB5fPqZ1cf@DI4-B1*ri;gD2L8SfA#6+&F{5tQbw4oK^#`!D8Ep_@0jpCeWNTI7-8D
zW>}*q9wLS_m|^N@iqDQk=8eeSe8ylb^ii|&k!z9yHH4=d{*S!ZvmsU*lb;!6T@9NFQJa|lAKNKD=)QPyn+-imaCpqmrIE6l_HKThnz~#*NMgid}g<0tr*nl>~PA^**ZvyVAZCw
ztxjO94RU~B`eYojH-p7(pf$r}+0mIpo-6l+T_&1ciD$&DwhtXUCEp?@6VL{;E~ikC
zClhMGO}lEA9Y|yWsdFpYPa5tu>$+tsC$jRNLZB0hOJwoMU-IZktWSDJmjNXoVFsDPZlHaQ7$^8k6#DKjh^{;A2y1tl
z2Y1Ius2=UE161hCZPo+f>;u9?R5n&*MIC`~BD_G5Qs3Y=*RTf-0Bn+7{c#74GcXh%
zbuLYd7e&)iBsL-maGTym!=`~7X?mXtoLz(17p`-RI86q{`mnl4RSBbt|5+*Rz9Lno
zG;PZs&kkwL^bVXEnAtYNj_gXFZcyw+`7@!Rv{5TXCdv04p22wnh%~twBlu;sHz!O!
zlH+cT&ji!x;Jk<(Cgi2RI0lN_9vOWTla0OZH5;F1B7BKM>qpj2VYN3o-6=_{SNUP(
ztpC{ak2`pqA$OnMuHmHt1?fvBMY1N%ja1k5!i>w}_JfZR<0E{_C1NNs`gta<;*+EfKJc
z6#y!-vJqr9p+m$2M@Jy0nAsh*1>|V&a9xwQ4Ird#1%1j>qmCgbI=lT7f_?}D-m;w;
zpT1RPw2B=HtGDR?`d*F{16zOBgh9Rp6pyhlm4oP@8w@1C92{GyD1sgggoptfn`ZaL
zjWMIsY4YHG;n;QAT~*v!7?P6oEX=21)3tofYz~Cg
z1j7U1iAi__J5D`27pZ5M!=et^Yn!t1><((0=D?>qW6?iN?>i8Z+D=$E1l2f(^$ku1
z&sAF~O-o@jY;`g}kbg#}ER3AUVADY^eMU14A_O8Y+>kevn#g28)XBxVFG?8}R6lS>
zz^hLFOa{X8x>m+c@thn+TaYcOY*+$s#BW<5l4Y^o6gz{nuE*51jfR#ZJ0j2)qR%Os
zWtV}8ETCd{I8ZXm!fV(Bt5Fz5*-G}vVU`9Uap
zM6lG=GIHcN=kf-3)3XQ!I}63AYve{9ns6;4!et*hV-ah0th^9T`M6zG-V5rb%8t>~
zvPCXY4B2>m>knia*BNqW(*z2e7^bWx84ZPIfHf^Wp$Gt4Ks+NeG6Ag`X9ww$P@lyV
zqkAdGp<_BjAJpoWs~H0FpuGgFUY)zxA!a>9(F}hVb+lo(FP@PL!SJzG%C;%qp4kQ(
z$$+$tC&pNVy>Y|rTi93B>KJm^+xlHlfFQwu2?m^Kdq^_wM4j!AqmK^=Xo&nT&-dW3
z`DTW}bM)g|lcC>Af^O}$s+H&U&qBe#U!JzdOxZw)~!^jzF}Mya2)I=CKv0
zYr$22I`gZ1i;L1(*;UNA<2Qm+%!Ms;}&2w^bUu1jio>Vub!
z`dfJPQTeEL-&SI3dK9Ay*6Z;h6oH`h0I3qPuUoTG;>_rPW4#iY;P`M7#(&iYhbLI$
z$Kf0rcA0BnJk7a8;2Qmz0c4_NgjyT0R>Wzt5?g=f!K4mOCYs3h#*0xhgVGZyrezF#
z^_Kx3_RtKdo&6I=?E7C~z|T&mY-C*_`_U-WwUJyi@_9>y=ENtLZbI;C+iK(`=pVY|
zUY+vPD5sIBcw0pA(fLM~Ske@ni)MT%7Xd!$Lk_1Gj*kh~o%u$wtU;zaI+PHTFF|_%
zHoV6PU-aNT^rBW*=_3Nv@t(X5&us|>P82rClRH3d4?H>a0D%<)1s#^bY(YNo#xtxW
zS&pd%$gYFx$g$a#DP!XoJ`#mBvTD;5{LF{Y+LR^Ztm+cw#BovkL!sNQpY^diYmiB3
z)@@EBdVDY3LmCEsgKTKV6=+1{5?z$x@>*Ab#6aTc^oojrwPnJbcw(Z_3@q-py3tH#2LA5P
zD*y&{!UArW9kyvSleJI05jp=q(-QLp!E!0eeXx>4su%NFeW*e7#QuZ=Itg3@pQmn=JWWe$G$v0)0jgBiRQ=PDAF-Ktur2&JumvUd}`bC!D@@U!jvXm^@)W%+Rls~9X4uRWvoUtQ2V+H
z{D`)R#^gfFgibilp+;Gyax=DSL51GmcoJ236?hepNk_AjTLFL-vJ&Oz`;&j-6y-_a&_0tQH(kbF6m50@D-=h%xb%gJ5HitiMP)j
z#tHSo*2rO|#sfqOgWPbQC<1I?x)~m97kG!rn7k06AjmWBv<`zQU6K%xDRsh|2fbYY
z)VSIHQC43A2MnArXiTW3pvS=`dkLb4*NehbvMua)8AM*0PjilSnJ*#_Ry+U^H138I
zxsygfjiPlDEid488qNwA%0^y3!-zRVBG{4sc_5{7;TRdrGo>kVYz1sa!0B2-KB$m@
z%VoA>5)OFd9{vcJ$muRI{m2w=?NaEIXR;FSGtFlTJxA)r4+lhHLRg3*C}h{acwwyz
z7_o6=li7OFTCmnRGHKRzM=O;#A2hl?$C^l^0sBiUAOZw7`>I&}lI)&8MecDYa$9XurZELBc#TV`Vo91!cWObk4kRm!u6$X2Af?icYlhv-NFPbJHq+N;G4e`FN|=
zvMiEeqrPEaj2Vu8V37C+jv)oYN^1-neDhLHk~AxkJiCKg9t%h;Xe3FxA{o38@e2Fo
ze2y%RVj-wc;_(IEbNqy8Lv;~VACXs_2<};D>X;>~nVtlu&`pz7bRbLBZU_WW+L$^g
zw^*I=z=5?ukltiwN995I^l{%Dt>Cq5B8?>v|nukIy5#HV+y89A4-4Og45}
ztT7E$Mh(?zM^`64WYh-dV8LzJ#>&D`8>X=1GHjjb6}wmob_ins^*VS3=hvfA9-Mi%
z040c2=sgbAg!B>Af-jSs}Y`24fh(1roe%67sZ>mX!wKfdbXpwEZ2J6b#
zgK2*lEV^;lfFVHVz{gdCX*|^+6q!y|9*}3Wn)8fLXNB=^0I&rLc!0Ad5AL)kiWa75
z3`Q**Avn1scDB?ERm{<%1Mn=Wmo=G@kO%BH_DP|zDvkJ}gouHJBsCPoXX6kT8JH6D
z7pGd^u1?$}Jt`9nJko6?OAAQmo~we-=Ln#UAF01~v~9RJWE}m9pdAp`fz{v@VU!-)
zXwPITfh-}{3Hcg3D4j?PNDLBvzz^3pz0A;_jF@F2!JM3-Ak;#H1Ibukg8r8Y_gOVW
z*}IQys_%2gQ?j3uk$2d%buz)T0i&kAp^tzCZLBFYqu>&`el@i1yW2#e^wVQ8r?P>clvf@-Oniv1lr4?hXdn{Fn#x#%&L$WCF
zglH^KePi5La|>^IHT#=a78OTgF`$%yKoKrw_B_j_Z9vEV22=fmwRR#d4~zy*pGSfu
z41L&oj{6LgkInt@$6Lb{a;I5I-EqeF?h&8|TvOX<{n
zqRC1tY%lQ43XkKJ8cZjj0%aM%t#H}&vDqK@?P{33f0t>><}o#_j^6BVEu8sL{}bM5
zLvne^4$(8*q!t5BxvQXkvTg-jcOAj3)5G|NG^NPaS{=-Qnx5oPL7#Vga@HwrNj-D@
zX#*qbWZWv1zLRZ2Of)}e627PzY#f2T^4EvepoFVnXEdSQz!4sZ%}*!N*(hBN8jLaY)9CX@#rXfk7LNSr?ORO?xMu^Xn+Pk8he_
z>N_##nCJa{>#z`G^3U&TneI(3MADu!WIFoj-KKw7iGadqt|-xSf6ZN*4*>O`^O=AMsc38yGja*JV}C1*xM
zF|2%}R}HL`?hIwkU?et`K424Hx8odZaLnPLLqa(-MXcKls6W>4&FgdwujtF!EcyM`
z_Fj{(8oO=u+3l>CmNbiFtO|~Pyvl|r`
z`5YY6|7+RyH5TQ;G{rhN3JYlMCgV&($x2oL7+9n*dRE1z<`kaE+%;3||EI7?Vo=hK
z7_ejwh%BPYI^jm&?b{=>$%OG*+nt=}Q_?{aU>gy#+hw8+VrEwupYnDhlW*}eacpW$
z$PW^XWy$24Eby7ymkR`+seKB(6;uYDOs30hW#B~2!K(@Jf&i#U@)X-Vd9Y%i&m(Lv
z@b~__6$X1q-VuX**Lo9^e@~W7PL!vt-yYY;H6&$~39xnbO6YFoHobkJF{aQb90&;~v8q1Uf_T#@ZF6>l0*{n;;if@ukmtdA
zN^j4DjG=8qd4|RspB?6q%>L+?EHpX>qG>o#eH6Leh)7x!JGt(V>kz9<_@KB6nb%4F
z!0a%<-(F<2PH+aoU@JeSunCnR+NNkp9KZnXwmXCYjq8b{P}m8d++nn1ORyJZWq9tN
z69rSY&ffWedFdW^_jz4+1&4^QX|U0qD@GCo-EM?A41iNWXzO5TH{d}FnZ&oN*)gd*
z6Vx;dDU`^tYMr|_lKhdoLxM56K1W`(!hMkLZ$5H!@H1i1E*-o|RC{ZZOtISswdaE)
zI+~B-8?XIg4XKjaXR)e}v9_QuS6+1pCJ_QeK^ftmdJ+oSZZpsrN2?(-(mPwk-#Q1}
z6L%yGM=+>0D&{Oi0NzO-NB_09M9}B~BR4)pEE+~fx_Uuh?MIDh>t?3dE7Ra^d^N*~
zep2i?0jeFJ2uVy7M07(84FcVRY~qIAoT;zlu^OfQs+yDL_LAWK{wdm<_PjsO6mr-J
z)CcFSc$f8pjeuPWD7i%LWZfi!v+W7F3gV(ac3ioWe}4qp!sI%;74Y?mBLW-Z?U3F}D#MpWizn{8;ul`1^KUevYYR4vA>DoD==4rRfMChVsY3uqscx;qTiy3H(Mo91KO-
z7Et%_=YB?Y8J@)N)<&-c0Tag9v-iQ&4?KN?XKjbQ&o%$8UDM>g6jRh4@h+9^X-E`V
zZlX0zXkK_1@7A!NM4on)#p_pFw(st^vd8tamYrO-{5V<$&exYg^p$G|bouI4I(_;y
z?VmaY_Lw5;W75k+5vYcpw*g<3y-9=RS|+%Tf7Dv@?40p&o!ANH+DwVV)MxepPs@a*
z%pS83$a>%Je&1%c7-AGb|0D{MWLV8`+9xCRzR9Wd8Ct@BWPMiuEg0Po)Gp$p?!M6y
z_|@A-0$FJGU!wd#n8%sDD7Tr}GXf)95rJK2`|VRQ&~Ca`0;K@ak?R#+$VWvS-w*ZC
zjn<2H8X+eYM%j_s!)aqvp!&n#G_1YSkm;0_LK4hGX>A6fS`p!b<#lQqWN75!b@XcR
zwoi-AdfoaF?bxR2%I~z+!>|*9X&DV#C-xCxt8d@YY*Kmk>NPrhdY|sU`&K%=KiK5>
z=J6MNFx@;}?ZL0`{wuA^ub|#>i-hetv$T)svx
zUAaQ%&Yt%T+}X366jR5};V-)_SUN8RO$b+N^u1e4~by?Nq
z$02y(NUtW}xAOa}%SNz_L~zsti_333v)9QG<7^bfI*j!oG%Dw#3iL*xCxe`M7wB0Z
zL^KM|)(7XG9#3$DG(y3%x`f2m+cQCCkCnybW382hVh==GLBh$K&X&{zz2fC93XbTr71;fr#o9fyz|gttCxic;&`L=tUFz!
zG&1}WKd~dd1@um^QDjH)J}7`^B$t1#UAsoNT{ugZ79(`?xOv<>ZXP#}Ki^}2nK8NZ
z(m6VJW}lvU{tBHseU_$ujzq6Ic1S-EE@QzhWf*6LC}zey50V^JI7#yZ_B+lH1XkZ2
zK9`{#0iP)VjzDq0x#=j6nLP~b24(Hq%3~}t2*t?5yc0!U1aZvZjI(_Z0>n}gdz7!Y
zJ6dP|WTTw@@~n--8bYkNnc3R`L%Qx?pD&EPv9$W^v`oRS7`^9r~@%(AJ
zdE7j19ygDh$G^Jc{FzfEx7|X|yl{oiOlQd6qOM2vpKU7D@>sLR1MVj^%JKz2kOk{k
zIN5MNAH4foX7?U_tmdAY5rW?DgFh!ZQLwZsvk|wrKlCXv+TFG-&fMrVLl9HQ0slH)
z8n&cFIZ0UujUfDFhV|eW8RU|~HGAFw4bq`@y)^#v-YI%y?;L&k)LFW+1a|XuwA^0)
z_{i6W6w!Nn653my?@xzxiH_*?H<;dV?KGV`+Vi$r45EEPx|jsso=G?~MzCg}LZG(~
z9#N}1H(kg9PEVf{Zu(FmQq{2^Sd6TE?=Qk&F2dRYC_9hI-)gf}HZdf_H;-nI@*y~u
zP$oi}!zjVm_h~k-^m1@;K)0MeMHfyO=p7xlmp1nI_tPFze__XQggxnq@8+@l*hR;i
zG`@MI`
zAwvJDF=OoeDG&|8Z|U^9sOM9sPM;vF`xkr|eSC!4
z5U;+R$Yt9IMJdD$AcbDy1z;IYtivYAWcfY`4NpzTfp-tp1X(ZBt@
zdKh+Y!cHvv($9S(pjUaH{^abv^qDhv(IM}V2WS@5aS=EDREk#f>D3mgRiQiDKcFw&
z@g#lb{zvHO)Dc-IY$KF9%9sX$4&{ZT_Q{vc0|d?IwRwD>ceEu0qlP|>==CJg$#~day-PV_Exc`1^pZbAR{4)K)AN(Qx=5PKceenxl
zq(AF1FYy23FZ|+Id6t{cJ^LK}vtRjV^vIVUp}z`8$(UZga;5%0T!Qdx*REDPKKq%^
z(sR#0M}Hy5(tnYY-}sH+pskVkCqD5Bdh&@U=`Zpq+XG#`e1%@YtjW#e=JA*6C|k1J
za`wz(*JgJ|Xj@~gwR#G0{>|67r^##B0)O{~_*ByUE&t{LA-DYine{zK3U6bXt>){9
zTG+wKXRX?0-Wix#89y_vV8jBmPd#8
z3UovoOnpaP@9FndK1Cln`&xQp|3YN!Jas4<)x|gQ5NY3bpq|=#zP)9-_wp^z)5CB4
z6x~>|eI97A#ppf0%A|>7t-@~pI~uzL#kVby*bebnKcE2KYiP`eH&f6bjj}@9vs#$abSN(N3%aK
z#;;u4XQfK{Ql>sHUxkpl1|+G!<-d}FyzjpI=o`Q38!LomTbc5w1!}t`NSNn2r^0Y}A_Dt
zSofNH-}~N2ci(+?!?o+vU@0)y{SZaG-Acm^p+9nbGL4O{j?ZC(x6-$3tJFDESY}=3
zFoF;1Vqfy8^%dS(@iN-X`a8j^Jh1jk-Fk0sIKK4KOUppw_m}GiKg!6>KpLxYY1lhF4jM2a-X^;wxZ3#
zln2kemR_9B6Ydaggp?HEVH!!9?6IFt!P3$4cen%_hjioIWqRy^kJ1|-e*a>5_Z)4^
zUquR4;)BO0k_TS@LM91m22m8-HOc!c!FF_-l>2tKpy6?wTZOG%n~udgxKq3DL=PKu
zO=N2)fR>U4E7qX0jt)tu#Vu%@+x~@%quk#+ermA1z)^(l{`>C_C0Ode?QL(PfAUZM
z3B_W-T?f}ds{{?V+;V{~UTntd!H+*kUwiax)oFj{hrW}pU%O5p{gaQ@KHvGychUoI
zet>@NXMe5+JMVeVx6zls@@4wkSHDVU&YYq5zyJMo{l<0ro!|Z)di?RnYf$v22i{bB
zyL#m+ed<%6s{P${*Io3|i!afa9{E!3=Ya1}U+8~xnR{T#jF4R4^Qo_eaD-~H})(=Y$>e@(aDc54mLZduy+
z?(hC?`p6&uF+KD2Gj!_`3>RGRsKM?Z{vkc{%riC6{m_R#M4$Nh$LY~WAFVKc_`@Gw
z0=lHvbz4tn~jr|I*b|9o99dE>?n`oSOi!HQSO
zx)yp|zI>V9_ulu_4B?;t>7Q1%eE0W!S8XEzA$szuCmW5gU8A=yJbYlG*)RT=zeso9
zb!VM2E_5wH@*gkw6nM^^JKKUUU~$3o_kaKQX>V_@_WQc~Uq@G#tmNQJ1_BHhE)6dd-zU@8qnNNRa$!6@;_DgoK;8kG0bm?NH
z(;MITMtaw~-bG*h;uq;NpZQG1`P<+3?G@L5{;U6-?zrO)dikZ7>BHamz4XZkAEd8*
z`72eP?z-o$g|-h?UVrcRewc2#a0}f$ZXSOXj{Rw(c*#MnJOph1WgM|!MRfTOsb3b4
z_}Wu;pW=lmXVlV8B!eT?^i#xe=3mUO>x+Se-E@_*-{)1<^0*^r;>ht^!HCxmtE|f5
z%vXhl?Yl)WKwf)iiGQ{E`jsEUT{5ga>;{Vm!vX{y9h?Jw`xmG3_kFP<W`si8M2Gb*j7q}%7OP~wErn_YJ3XN5ejJ?1!f_FQ%94?p}cz2hD4
z(Ea*^KDGoa_uhLio#ZI}lz^xN5P!4;H6=56{@giw_zPd4Z~2yQsX^1H9{d!2$8!He
z-}RvySe1a~&EN3mnq~XG@Bcn}_L*ntx#jPNe&~m4n=P9q^uZ5)um%%>z?Y+1JlK;bn)@Ay=Oyi=lFM;WIe&=^C_}^Bi%|?_7BF!SDPa{nCH+OBL?#SoremzxL~N_3G6c
ze3!MMH?H5H2S52>4HVCwJxhQ6umAPR*Rmv_(Cqs1{9E7st@OLU^ScXO-%4+M(;MM)
zT{n-L$6x*x2@~0*`
zed}2|bMFPZ?2Gs6X2>QVMlsPh
ze%h<3X`|#7`FPH7U$Qu+Z)icD`?$Rvj+3K9b$2q|K5-M2>so^`*-Qbe(cAV0PGuT
zHti>V;wR`I{6GG|vB9q$#X*+z3f<(=}Uj#}bf~
z>{>Z4ESZ@yE&b9G(A{z89Y~ehW(jCcpFZQ|EAF6?*Oq{xWVdWx%BfSQY7kg5N#zS6
zNc0joJh5c6?tRU@K6P9&N%aMf<$39++$(UG7emUui%URL+ASHe63CXU*7twk_ZcAd
zD8X_G=05U~k5qcT`GGgra|v`VUA$B?hK`s}tW^P>E$yB^cfPh+0`QXQDmb4zbFS98
zc=2K__x|^PN6mDVVD)>x=X=_eIpA1=_7XVXb@yF9wOU@j*js|x(`VYW{>v|4u9?ds
zDrXiN7x?Wcfopm3<^1{c72I+z#|zKDNN<1p+w1R=oh+Hdf=9`ux|#Eg10}`z#Si#kalpy>$xw!G#9jxA5WOrHgd)
zxOx0lIBc_f%=`#O7VZv2H&V8lo@U#H`%GTg%K8mnYWnWqmlp7Z;LvQgDt+pY)jNz^l@v%K?Dm4gM1#On`di#SorqBut;>wgMu5?@YD#{I_;<#wg^jpv1+N9T
zo{`l)F*v|}8y=S340L$i^y-;IsHB*pKS0KUA}#dgQ;VVJJ$hytfq!br96a*JAEOr^
zUjn_uQ^fm=^E!3w0?!3Hc%JE{Pd`Ur`|XG5xi36c7sa=4*;>y9+PO_R)^l0gQ`X)b
z)xQ!*zI69zgV_4w15aArg;UW$K}l!>vg)AH?%kyaUH2DLxcYEzyLaztR!{_2K9Fw)
z-KIKcpYm+mt>_z11_?8Dt$RAS91{dSxbStfIJQ6fm}zf<7dv!Bhob`@RWw3UpLuoR
z<50%fdyi{?eWP0&H9VHO?^yz~pZt%0l79AQf0q8;zw>wK<4acW|MDOHefmHDpMHYA
zumnhQjAoPo;gLt$)MS}rErC|a_>_R4OtY5XC7V>H2TQi=?AbGQomcC=@$Jqf(EGxY
z2`pK_XP0Tdni*1~M5};YJZLIw3`-WQOou-6>@#&bxdkZQRKoK6i6uMtmbbp81|Q{3
z-_lOWE|siZc~*j}(@XGI0h+u+X*8v-}}{
zO2+W5Z+~kIVoNZUS>4(%!FQcXe(}YH<`37bnjIy$KDW@XWa(a5`u*xxzFPY&>oGs|
z$xqScB`7ah*?V8}8oKA+d+4EuK36lZrEHn9ef){X7Z_iz?OWz8f?GpsbBGnU2haeuk{x)cApY
zma7$3-L-^?`>mJ>^DwBJ3U!~+1!m1pYb|M8c}*JXwQyAYclq1Xvi7+#^mp#VDD)Qn
zCgL!92_wPG;Oo`D`5RK=h
z&Kj1MTP(sOplNel3}|pCC~U!)U0d)%9>|bC=R_8QAk%1p
zLdMqMki1Nkm^2MrXAU6}Xp=X@CAR=&`-n-W$BXjZxO$mh|C+n#uG?>qVk|DGFl-`g
zYMREQrk3Sv=dz{7g>$Em&(1B6@4e?<`hmak1N6f`{KNFU-}k-r4NHdaJ@0uB{pgSW
z2z}QwEqL4Qw{2Hn+JAnTx-8kI5(Itwk_EfCIPfwJTmr{3mHC<_I4IX;+U}O+*|{al
zbKm{e3iiK6CeLX%@~y+vB2}WC0Hrhz_Ko|Oh=wx
z+Wf-9U#Mli^rbJ+yWjI}x^>BdJ-h@(pL^)@^v&P$&2+f*UDg*CoUHwa9(t%vh5xm8
z)OO3%3VvlRTM1|iZAxJDrezB9YhV4E2c`vw!huWD#{Uvve(a+kt69;~cIo@d<*RhxLc0<`mq7Ln
z%hYapR(Mn3JhRZN(AID%G=J!`57pqg1XX1{UYWiv>-Gwd@4oBqWeWOj^?sqnr#|_~
z8eG0^$=;U0@!`)uT>C8fhmS3K^W+OxXz$b+)ddTdH2D&R9S#i{QW9nr6xt;d1Ssq<>H8yH
zpu>;}v&>Yt-VfW>|00tZ)1jllaG2SHcKY922d<|#AIqt|+?zl>TN39jaE8m?hp>3iwdKKnF1`Q^u!KyC^2PAyYmixc5x8iz{|
zw+KXib-H%iGIqRV=;nhfMAt9V{`nhp$9rD4OsgzYE7Ovt*?XBz@4rlE_b$_!Q!mk(
z{VR*HzD%d~mf&v*{Pv~;y7Te((j8B|TM3epuyuDPbe5H&G{P}lD3y)%eN3D2%51`|
zqa*zWtpL;7kJ>1&>eYWeqd5IC
z{Z`g~9e2bBwe1GblC4aXcb(fRZ_o13$J=q%4EouIF=$%?r=S1%pQpd|Z~iTc0R_=7
z{o*gxDZ;bo&vqH+R`*Xo^`|YMyX(%>u7kJ*6SRS|AjBCTgRx{rYn|oBul?Gu(f5D<
z_t)Ub+I?=B;w%}>5)>j0iE`i8o<9KDT0KWP;f)jEl&*7k!AH(~u;1RMjA;Uv@Wi~n
zdE7kyQXGrG9xMZwN1uJU>aTq@gM`6Tw9Hz#c7bR@+&7}}C?4RCKmH&+_{dXq`uxSZ
zRHH7*DE{4E>|@rMI>?8a4Wu^xYd%-FQ#3uS-$P%&Z*ZzF>}%=rt=f++=@R|qs;y5a
zj9Y9|e){T=d*KmVueWKe|zz2i9
z`UNZj;-_|_AH!|+dL^bT=S7Gfe)c*&@zrH|wZAy|CE$~3zs%3HGTLxk9kE2a~(S-Oji!!
z>AV#H;n6;HhE5C9_NGVdI4SHpy&YM|c$TB=CJ`lL^ZZL!m*9N=MEmWHjxy~z(Es5v
zS{%%)GPEkQS$+q(c~?E!1tXl7zmmD)u7NV8xOZwV;{!#?+p}Bkj>?bjtw_b|-(|g8
zd8@S;@OLj+)-uhh&D5i0Ds7!3_JL(qeergGTkwqF-@L~wmJTmA`#;Hjx_R6@{^}eh
zY4PlfSA64i{H{4HZ?EMh;iSSc_K5qKRh+PWoA;q+{AgKlRv~1s{m|e6FXyeLO*0n+uDp8+)HH;7omPleF{bmo`4K&lXL@7
z3@Fz}#tB;tvKxnY?xk^cnX-NOk!MKumXz+^sipL(B>>!OZ*tbPc#}t&
z>=SfW$7;2j@w$6U-D?_s2@(#E_UY**&415rx2&grUp-3yoj6JmRo)Ek@q6F5fBRpG
ztkHe1y{}G1mxKQ@0Ce-XdE7i+(NS#jb1z<{gT+6cI(;gF56pu|*!wuK+WGJevEW};
zUxl)Ykp+uDh4IJ8=fZXLwtXvl}LIPucenV!A81Ymoomw@b4&El0HsJu~AW-jX{
zvqgZG8<#)*C-nWdU!!}^?IqDDA4dAn{ddsW^0u8^UT&4Cq$QY>8#S{h^AhYG9@Gq9
zSu|bV_}toP_Rsg|gESc7r2F}(c{`tb-zxR>J#fsR*<0fN9+dUb9SFNXS%DjE?S~HO
zG_%+YN&8*aM;$FP@WeAO(T#(n<2CueXU8ar`b!g6=}7u!pm+1QdHmHo${YVrJo^$|
zxqd`vPM@J_-8qKwZ8k5$CVNq1y~bOkCyr^y@C`XY(8lP`+t7zUiU8H!4&~l)nHgTk
zy>TYdf}mAhSpzZ(tX`SbH6Z#59VdMmiIL((9yx%gh+H-z3X3n
znD}cC(*yV24Q<)NL7}rt@bKDG0g=#06CbfDd|2>t0#La$QD0t%^?wv1eEEvM<81sOoDHW*Lsr&P%_ag4gFGTe4`TV
zm#p~JyAEIK(<5%fhx6EA78iX^ed1fEfp2I5)9F(!%lr7VFVZtFUZxv2bQkxVf#1#J
z=5h15d3=2iX@22w3G$wM=?Z=AsTb<5v}bj%&oYd+X;-l|=@jeVEV)$6;7pDtkKFF-
z+M@`3B)x3WIfzzPw_|C(mi?P(3}s$PeAxUe2jUbi%>E{aMSWfuxa9_^Yb#!Muxp0E
zvJV(XZ|dS(y6b6N8U7xniu#&s&^eR5gU=qdKY_ofk~fEL$G!nKF>YiW6~q^P>fUx*
zS!NZm>zC>1;ZM=t>GP{^*;?7cqci1=+a=IrS*CL5CA-HZn|EVr^kwW2*8xJkltDiPq%J0iZ7^g%Yt{%b+J$j`1;B^fdyVktO|oa>fonQ6sHw
z4`S6Av@=DYtjv~{*Nera(NCnXx5h#GAi*onm;EK!D+_q99o(SH&t0xt)$H#xp>6Q>
zixPc=Fj89M(CWmrL9Ee;--5KVxeDP_-y08N!aXn+zTy|4iusSAj8LwJyo0qeYEMHy
z(wdcq1sdFPo~V~OR(i?G@CBz3)=uBLTm6OR5E+}j-TFJ3`$U^k!Lt3!l$L@zIukBlryi>Tje}3Srl>kO^ER_A
zqdkdh2^^AcqbzZPBTElR&AlP`3pnE+Y<3yc_B(n(?Op*E-ti2A7`onur^z1uYhKT@9
zbIL?g$3JpBJCf6hg2UtN4}*VVCOIy{;e6V??$D0#2@Tq^3vu!#4yLT8Wi2@so7`C0
z2F51(lh+j
zg76aLEtx!?+Vm}zK(GAqQT@hW5!{Q{zJbo)cr6`!j1+C8ID>=X47&0Pk5_1shfv7i
zZl_RCcAcTj$O<^oW?kcL9abk28z-Bw%!(YI9s7|Xlm(u$rO5J+ey?_}^5Kexgzg-H
zDNXAd4K`8IJTV1}=k9~dxlubjoG&c9Y!J1
z6v^v&MF5dJE*O*s{}eEb)|nsx?%o)8nVtgUnBoDN`#K#dFQNO}YxX=$snS9tz4~I0
zy`eW5Orqk*ActsiS-XzGi8~*~JH34^!Jjq=AiTNsKcx(`08=Xj7*r*uQ(miMRIz~u
z81T08K`6d5qOxpCFi0+Kaur-)N35he3wh0$WLeV=Hg?5YST+2EJ{DL_b3#
z=?dzMBY$0go>eZUfL{lU25)U^ru^9~P8MVpY?6zQz12wB25Yd7V>DZOVrqv2z@~EW
z;(;V`ldm@xognHIgN@ckC*01$_>6<$h*Wj0vkNdv(8`QDT&8PwQ&djskB*Qa{w3l$
zwG5z7Gj7Y@S{I4kAWZ)n-t3^%JF9_XtSh(WIqhv#r7mwp1Kj-%8|8N~_>o-YqyZlm
z$&h4w)U!RE1=ksh+t=gzw}v?lOu2ik{WIrl%4_C?x;J-W4IjeZUj=R3@8G;zjZT(3
zG6zf?^^7I^P7eY{ti-yozf8gI30*x>0A@9m!n(L~i94TratZX7X+1tg4?p%I-GA4G
z2FDa+czF6eUFK)owk%8FNA-=|_Es*c$HNFaEMZNF9|&pQ8$VR2qSGz>YNDLYOm!t^O&U#6qY${
zx-7{_ATUfAB%t!_@0FKw;1g_08c_%4n#`=PkmtV8Xg2WFF>*6(&Sx04)fU~N+cboP
zVp-Y5qSl^e2c7OdM{X`%=>zZwbmd}BeqzsHGd{TeHb>dMKEmj%?U`k^lqWH8cOp3w
zS>6RWgMDXX)AP`2?E|uDfnQo2K;kkJE+R5F2tK(JR^5>n2?#M|t)h-5VTgU(A{&qp
zc_4_+9N(8R<7t7g8#R3usfvU-(JtHNYnW_nCDjckGo-SLz0py7l>moQ_{Q2A3<`vD
zrlQKf%&L-{)tx1q9UZU)K6;YK)L{0_+`Q`W!`?3Ra2oA4=1Z;Opl)CIqdqYQywJZ6fl
zEM@|w1^fJbVG%Xo9
zD#6~8-TTOApQLLy4$0VK=KF=|`K8Szb4M2BwZFFg$`O?hX`DZ}hu;3||AfvSUK%PX
z+kag^}{5E-Zx_Bxv+34GYqA?zF*F5*F|Pf>L*Q6;^kpuhJ^aa8Q4&^ru9
zsxG@R3U-Cr4SfBjFKGjWT0}Rct{d_S`SKuA8t1`a>%Z`NMwiSciwadJRBOiu2+0>)
zyK}N1M5;2-f)7wcbgi+t2%8>|$-3F2`jCO1W|Jr%9ju1GWmv*r<+>AbdS*?qmz{tY
z9D~EOi8APk*+Z3`xpNq9_EdhFj!jKpz2m?oZ_yP!Ag&D$mCcD04;;2MFoC)P^3T|Z
z_*An8*U}~_muX4=BF6;&vFp~?`t<{!E`%b1|8@p?L@R&Z2a%(*zZ|EuB)5G`ThRBo
zXhXz<+dwon5
zQ%vUry1b`5yX)Yu`!V{KDT_GJ6-@keX8Z$O{dC
z`9o&#{nDWvq((_P|M&|g~6A{v%)j1yb?wo7|BSMSG0^*)-^Cmc@PoeMZ<
zrfe`65clArPBBhVMlCHP;mm1K;N#5-Os)0CLJhB&#~1N;cgis#uiV%R5lpePeXOQ%
z&Y~+V^fNp-fH$(4k#`fq6hWrl>&;HzPW?$G76az9=tn;W|5B5uS;Yg|k&L
zIh@$>blNc|gAow8gi>&j;Xw=@1J=kq=WLu2%^@PoJWV$6&;dycwAnFi!I*Z+)-`fP
z)TUeZl(PLR-P#9EfpQLq2Z45X_WLyuR=i{Vm}`L3w(_PV0VsHf`i(Rdho2)z(>9S@
z0VR1mM4kC2qIju~oW_w6Qdq!e`q)ctRp_q3pTY=wjh@06P%+()VISwL#hbKgx0
zYC|7K!5wzQ;J?D}&qheosm}TBJ{W8+uMC<2X(Kr4Mj8dgDRflJYQ2d&g#sZ>O63!0-3vMmhBhHb
z?(pk)8a^^@RJJuu4O9yeZTeDNHrVwOT`D>KWn}2o;W@q(hKrRDAuHkzuo?)91T5f6
zL7pjUrYZTlJ%K5cN!K$)L3gk|;1KomlRLzTaSEEVom59*Yk-7eIy7VebD{1I!mAE1vEwDH&N;0Ft%s
zG=X$+G&re_v>P}e4`?#LxiXk^*CWL+mV~N>lE9u-=IsTpR(FCdHIWC;NI4^XT5Q{7
z!uV=E+TdM%rPtN%q}ZGU9v^iK}h{~_BPqyt@e^o`cp<){vn{W2gGAKFjR}Qbm~GI}%&DcMAvLWXvEOGGM9V6W
z8F#Yj!r6spCh__%G$zayznRbkqB~EnMyF}*+k{3}uP49*q&t~h$snj`S>H@2cDX0X
zrpE_~V2lOqkE5dSwe5kl%p3-~SY(6416(&eD&w(_y!TIT>t~0DZIEKJC=j&R)V2jw
z-jXki9rrH$x5Ra3_zUG;sZCElJnUCZ`y)%;5pDz#2gucEkP}5G9vKJ)07o~fe8s{
zI}-$R?1L`XaR{=U*KWH)3C%vYx~+iyL|mMe336?7YI
zp`0-^Io+i`_y)MBA_g-tyo;Mb?6uEQTTF{)Acc_uWM#p
z+?SBS#RzkgkclGPN|`#zZTFcyYY4OTJz++fJ-oJdC(!L4GrS%Kk%Xp(!yMGVsw6J|
zIra#}D!#R>6RuOa^O4U#
zPyg`e|Ac<;<6oo~U%uKRc?H~=wJ7c3V*DR{;(7Wne&r+d&=()4j(ka;JW4M>O(ATU
z))jr*EExb!GBr4|u;$EOv@<$q5Haw9gS&!OI`mQnC;
zcxF&F<
zdzcnYOCy$q)<|OYYK?j{2%+gg25(Au0R;%kJD_|~KC9BZmzmGsdt>(>aklyPiTLk(
zSyD&legFSQoH%EnZN9zFJ||9)^I}`!Y)JHwdFl>4o+Ol*+O8~>XlRJOQh*C#aUpdm
zX>6GoqDL|)P+;jK2xL*{hBr!1n|LwHx>;hpuuz0>SVB&-3iY5<=een3yO)0(Exs*O
z2~xFU%n~dUXXk0EK`M5cu0^mh|Mtb*ZqIEUSH8KYm76WdZQX1v0wh5Mo$9vBI%{hq
z!`8jLNW$P)yX16&d{)|3$KSw2jrD=WDUS%clRQm7C1lqH=(W5!Akn_n?Nfm1VpWEUyK>THjCx
zICI&8L-e{d2eXuo;LOQg{P9=32w%4`ra$+`2J9U)C7E{e{-?k95Pt80OOTT{LoPoH
z-`9o3|IFnP|Nb2h;j59%-Z`D?9Da)|6n?FKSzOb__4Rwow6ycc
z4O?r5p?srJEhvypV_8#Rhki3~YPvYJ0J}UXtVjh(vl5FH;~c-(Izgq;JTJWq0L>}f
z_>AwKX<<2Q1ZmkfC7vW-f+nYXK0iiZ+#&0lGc+Y=ADX-Y1F`@1tf#b0BYaA_Wz&NP
z{(u416QFHR?)p^ZT)TQrnPE{$IYo#@+j4O58U0etJu|(m=~re}Q^sm*erCx#{SoLU
zFCC|qe%mw37+r>vl##02)BQw;_amNCP1tN%Z)7m6*|y6~XuFrd3I*{waV578H3zI}
z3)!u%Q9C(z#|V;h)om2~ay?ACnqvjok$?vgRjaI43M{7orT}aJ1?aO_nIZNJb%@n$
zT34JpnRD7O>60W`vf7YLgExM)X+}
zP!F>$knXs=wcaxj76i1hjZ5%4vuZIMMa>@NfJAd-VoO01Hz!q#RhQx|8O@TJe<3|#
zICK31)d}_4p<%&;%obI9oJ-r_uICH?7GhQ`MT+i8pp}9(xI3(px$ll?UXdgw@=EW7
z=+s7^`sSdImk@C0ILJy}!fM&;{iZaEozCBa#Dx~{`Ibn!wMw=(#u5(r*6!W)LPk&fMYo>DiQ`A`?1RtXBTrnw!QKJB{uQ_5zB2=UcdF^!UC@i?=e_q9KxYl_9S9zH
z>>@t(=yNfp)*My)+}Yj5pZ-%{h_k1UU};iGxjO&{CAPnCpaXIVf{@{9C2M=Y*Mae2
z#rS%FpdK1bMj76_3a0pn+_z}n`oMcY@xT7fjVYCw*7`ZH&&P<|qsiBsIjv%A7Z{v|
z8MtCijAwY~_Zw&0ec*rxIjzvDQpA2=R#AXIV@LpfFw20l4lu$YnvS@fz5mMgL4lA^
zzz}+7jzI%J)A(Q`Mm0HrIUX@UKw`jtWWX)Zj45X3`F!tS&X1ocrz3(uSdiQ*3x`zD
zf%HQ`L5<OE4L1no_x_>8yJh;$^zE!h$Hk)7bUMpfoZ$eh*Nx&uyKrgmG&LNOOqb
zI#yZ`w=@IzRIHG<>*e(SED~A+rNKKTzS%#crZX47N1-WiXG3S-q=)JJ5D(ns+Aie9
zpvHTqVLE9WLd7zu^8SZ5Fd#}>zSHzca;#!D5u#RhP+dm|8yMAmuredXm^%W*z%Fdr
ztFV4+2F9HA=;9-|QyvUQiauF=LOPKHIw4+m+8MHG#m3lfB|-!&*sTDmSPl{hv@(cu
z9B>sdoV4Ikf&>YyVbZeQ8VClT6!DM-jE_>mGy3hzPsXs}YC92-3fmW=WbPLzz+q3Y
za^Svp8J!-l9D~&pT494dA^le97OWY&x=C28^i-^nsGDYI`i2z$8yu{s*DrZkpNxM3
zSqQ_rX2QPp>}kC3Da8-G@mV}_aX+38IXHP1ICBo@B76;lLe%2{if3GA0(J&`-B-K{
zuXypT-BXP9)9Gt^XaB|1cV^fzf--TaCYUl)4%4VDhb~B3jt_YajyK;v)0z3YJU8fA
zoA=pJRPh??j^58_prM_di??y-V9uh9YJ@pp?m#-lw^3trj)VIgE5iIqNb?{hfW?2C
zo+yD;8^J3g1k*ZZYX91&>tA?L=YuJsGWb_+%)r}_-gHPR%gP!aL_5WOxHGqFP4@{>
zRY|9Enl>Gz$tevPiD)Ae)g3|J3Z^X}3+P1a(lblNjzR)?zvw!x9nZFU%R
zO7=4yKHo!IugoM8!!><%+!A`?SOcQX{u3$YzyvF0a^{eBDmx^fc`a5@INihhM|%6L
z@SqN(y3rbJ`Sr9t<=>#7kDoYpOcc(DTR%J)@XmVh==Q}FjV4=?Q|K#cM`Z1k^+)R<
zD*DVl){udp*3dz(+jt(jTLa1*fN9FZbab&!6j%m9UX?Bf9=f=ft_6Vsa9OXmfI~}N
z8m6Okf7-rAfAdWmOKRs_$D~Qr?b