From 30c8ef0b94608c66876fcb0237e6320fc5e01202 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 19 Oct 2023 17:03:38 -0400 Subject: [PATCH] operations guide --- .../bitlocker/images/preboot-recovery-key.png | Bin 0 -> 53033 bytes .../bitlocker/recovery-guide.md | 79 +++++++++++------- 2 files changed, 47 insertions(+), 32 deletions(-) create mode 100644 windows/security/operating-system-security/data-protection/bitlocker/images/preboot-recovery-key.png diff --git a/windows/security/operating-system-security/data-protection/bitlocker/images/preboot-recovery-key.png b/windows/security/operating-system-security/data-protection/bitlocker/images/preboot-recovery-key.png new file mode 100644 index 0000000000000000000000000000000000000000..7c07a0989264052a2ca89b8db02e57e3949bd8f0 GIT binary patch literal 53033 zcmeFZc{E$w|394SpzghN9@NxUTWz(pC^c6H+M240nze)yK@l26I?~%3>Y8e9t2GNX z#4Ji{3P~$SB?t{dBBCM*iNx=uy`SIr`|tCt_5Aa!&socIoPEx*_j~X2o?fr_{`-cN zne-nA{s4hM($}tDz6k9|l$pIBxVRzY zrrAXh3MW4Y{ISW$#L@%=`k46V+MUfH5U%ywWs_SEHp~lM==Ly))CpOqx_{tdn|D^fCkx&8(RJaaF^!K;2=9enFP zT4mx>K#oJbxzh>l+09I{xE6Nyt6!xHcq9#^@PeE&IHR~A>cXY&k(Cuh`pn>pDER9t zsSU=5?aOX|3=w*k!%WUSv!?JUA_NC>E4CCFK8ciHW4|1V-51r^_=eBh1N2{fV0m{q z6v>Qv)hFxcZ4fKQA`C_(a$hqpgp)Q?qa7tNEcXYji90;0s13g#2F4-Zb%%4B%7P`J)U`mR5)1>V%OzVLm5j4b(m1L!t*okO%<%UkdlO|;J# z$0#G8Vg7AuYD4muktoe^7(@A?u@Jf1w6691Nuu4q&GU*%qKfrtB4zz0Ys#1bS|RY( z>Z~1A_p6NSeAxK-&Fv-?)tw@;@Wa`?Cb;-h!M&bgY+E zaaoiWN2!PZX)CO?Y1zx_W?RK!V$+)Fz4+3#~%L6-g7neStwv1jW)+f8;y zS^hirwgv7T&X+$W*Td`o)0y<93BtbN5R;9+pQ>zv`TvXBh%eSo`=tll0uF;>&V?i9 zG>142E;pIvNE^woOHZo(L43#Cc ztaKLS^*3z^dQ9CY;NALtU**_e_q{&2MB^!mLPWtu9I0L^GEiYtiSd6Hy4R7#5S8e5%f2Doe+_Hf>P3)6;2M`%{jVpK zjsG8u`7`N{h*OY_)docOj~KmB4|mw?#FwE~L#5)v5jCq^Bio#4hL8@t)S*H~6xrl* z?t8BC6Q*9!+&I1MXr#73VXh8uuVUTe97x7KVUpsxOkuZ&k~%6uvDN>^OvZ2&p3kas zAHmF%=b-yHsN*{s*$6^yu2fvYSfEs|)rdHaC?z2(;iaNf~No5BYr0^)uYF=@d3^DB#tN z(yOn`&p~5IJuG^;h# z-RQYR{B`;yXX5V)*SfhaFYS`5TA`<>+&`a8f%obO2!C-4kqhH` zH?q%x+?Jzyi8Uto=t$FTD&N(X*1((Fr0lXL1JORD#qc3q!|1EC(EUofTlzug1xa#J zX?AF$PJ-hgvuJUjc*5<|K(F1-S7~z~1Wo7tOB`1{0S1YODR;aIUCYxIe2RFJ(FM*V zp?7Xl`5G}17=8A^n&eRPvCTk?b+arV3!9akTM zlC4y8!uS~G9Zs}_!=RBQ${j-`B?)8UK%jQbkXc1TS;W1?%$GING&I#VYaH^AV*;|K zLi1x^NI>qQPVeBTTyNOdgj1>@oRM}ztJqI&^AoFqp|_5Z&(q23tslYp$q6ls-kgv2 zTmQlFy|<@s_sU$nvj-OM5kF4=G**$>VEjq)(`|LA_!p4t+wV^d;43U28AN{7Jh{6E zq97;Fh>Omuv6Om{$;eQ1Zm;+EjFkT2*iJFPD0CkkgfD$T%5KtS`5!RJ=3Rdn7N~F` zhg_F}R1|zojJ7*{Sh>wSBfUy7VNEV33Xac@H9pJfo&opX!)xpbd@o~QOMFuMFbaS0 zpkaN55jQ_hl^u5v8jI|pox=2y2|VpOWo9>9MfBCNb0n=XT1odj;i~W&%{JlZ&mEuc z)Uc?!ja3%>e7>)k9zqu^okDlP8v0jn!SVEABN1OQc|)G^fIQuQ-m%3gw8~LTCP!a zNq|}AB%hNv<{rE7vcCF$SqzzL|0`H4L;tDz{lkD`?lf&`cBWYuv0okIy*x6AKH%BA7deoL{+2xVDp+YPIB$lsAd-**jvw@m!&n`xm*B*NZs7H=|2j&D97@OzVgA z+Y&XW14C*cy$k#V*xjc03tCXv_h`bwMSp92?)LDc3+fy0MUtq^UG*CG5_;81`4&Fk z&RzLgFJ}mtxWLhZ$wATxHx8Xgtm@#ngy^{WP=e#d)Ai8x0;uo$>Rg9T!Wtimq`rjB zW+na8UmUjU$PulxOX1N{mr0*)TH`PA9Ae*#&=gVQzqpQ8J@$FTo@0jWz%s7@ZPb#p>h|p4|Yq)aX zO$G*dosZ~O(O&cahUn|=@}6kz-r8oDORrT3wJv3N$6n!8BTyE$Gt3h&^P+ybqqY2v ztF)nEgfhncM1qlGa_>RL5LyW-%sv#PZ=ksECaU+R5?FQvME_T>t~#E>h9zaGiF@^s zc@*UBU@i%JoPudtXLF8EN(QdG2sOQ{;qhIo?X@?GI#vlwZ2+DEa+1Nl`q|@;5ZeAY_Va!I%^A6|Ip{0uU6qVn25Ic zGTI9FDDB`nJHMq>C9=wtt($uNb8XtHt!$eA=t8D|1ViRhNb2lld_FS$TnoL&Ru0Sm`e~%22#_Kyi9aG!n`?Yl;DmK0aRgrC_E{e;L0SbDJVnNefOXo#dJ23qjI^*(@lkw8v!V$p zjty$eAGge;BXT*PUNUr^HBbZpx-AxVRo#cD3q5WMogyV|li^=II%F89c$ zTv3DUd4q_qN%~AIvg+s^GxwS&FUk+B!e{0?JAD3@n+DPhmA%~^5%K(&)L>tGpg6^%d6lU`@*(2?gEdy$%W|$Sgqb> zMCpZa6Nl`tjrrzcifPmYhv@WgC1Af9`Q)-~M!uhYBb^w&1;^czTlCa2;0IN*yed7i!AZmzfj%%zr^cg*f+urEwX?BvInw@0;6_T<$#$U zVi|ax+rPnrWdQhw!)D1>Odo(RXZpU$Ff&!sF@qk|)uJhBIaNLNoGjiDJ zcbZj;M)f(srKj!K%RenPBBuG>lfI;RZ#iSu?k}{CpLngW{Z);uG}RKo{~GA-@-clr zvwMvY_n*N5;WB)c6Rs_s2ZFcKWY(WvVK*a7=D=Iv&U51ECD*=LR>Bzg2KfSwOB2b3 z>w@nd-ulq4qCxoSDk!T~;)~r$cKM)MwM{-N{5t7zVd8p0W9iwF@X-MUX5lM^2ll;Pp_jrdT;3iEUPW+oqTPcFb}WI5Ni zY@>c6D(MTs>REPDNq?93fmw#!9j_$0TM2FYntX&_!c=`!ufnJSo4P^9qd~8BaTxMkX=8 z*ZlAQN;-78xz2nzYfOsy^+VZ?27l%m9~aQ5XsmwDqmEF&{lV}nz5EwCl4I$&{Bu&m zBbfx{yp|f0Rk1!3TJQJLbZW2E-8!mapkGd*IOWm*qh}ul$TH1jwlR#Gevab3#o|s_ zxALuHhogJLl9GnRvTmdA01@=F3Jxf4f)cDQMHpQl(YllrcezDWja9gxwIjCwTelq&=Z( z&H_VL)AS3!k<1NuYc6$NyQ$ruWlTpG-S@mgO7a#M;dg)0N34bS61uFR_h@8j|Ka~F zkA>!+OVaBBvHt$IV%650&tCOSsB(_s-mAXWHMP16`F;0wN`v&Fk(!+nK9&<)ZPA1X zkKZj3n7hOsh&ZC?Ov@O4{_SZR84+Sa%q(+8j3(Ba64jbe;HOCTvBc4XXRXPCl|*+k zAfegyFu5~8XG(+C!Y`6mfse#nNYSF9FXXM$#N>aK35FI_BfB&PYt?n$!wr*wCM_hqoDggVf>8qdh+1~4I2-enuxeS&Nhu6Kk>q0a)p(G zlH2x9VH~enbwE5}w@(8p6XiqHmU3T9LXu%X$s|}eB#e5XqY1j(=VCgyv8m$>;-~Pz z4+s&u5-zdo`#8%}y}98;k)yXq?O#%lSfX)b=*mdhp`b`FZ~9NmSYx--PriN5nx1(a zmf`bRPzE`ls9~8A4!zV~U!E;tz*=3YmNO%&F-#M=@j9|5jorK3`>T3ZQ#dckho+k= zFo5MKd>sje&tM@{edcR27D4toImAC*(K7YI1*^-#ME)|Scc3IF?~Wzi96eWJda&h`RK6nrTLs_>lR$tMV|zrECKpN_Myyr(Hu#O4#(Ac>(rM@UFgXBJ5Nf29a-eWK;Aa7vCRh75|69 zE|i)cGdj}raT$T!oaFWG-_@extTQyKQ>62MN0v4%^X$pyqi^I?a+U>L3q{wgSDsBo zk!2TLv%aV1UB&@^Mno?)L|M4gYZOkM&N7WpNcOlROX%?4Gyw$vXSlo*l$q%FeM&7< zlHLuAgMwhg_}LL0O(m+Vu&SKMY`)jQS{kJ}L2g(nPY=r63|T|+7tt2_^+Xj z1-(ukn2*af)2q}hQTx;zhV3rVXPlWB^-Vo^$bBR?v{~m#oTJ3VCCPM6KUgMCxJl`o zjB@pul-av^Ya44gqGud;@W_Vi7g6vh&vxDhpPuB_bW8Otr9yp`*kSi-6dHTg$Y(6K zHqQrFC?QMqKYQLY?_FE=2j{X6>%1^nav%oW)6XQo3V9>DU`2|#R%I>DL*wLBuVh+GQyl2)^q$8 zB;6&P^L4L_z5vLRy+FI>K<%4)7t-!Gp0SQN6z;i|Dx$E59&I6D5$qAMNo93#9Sh0u(bR* zuhl%~B;m)xt&GA1Z|-BJ0c9z-!6e_}nE_Tem3N(-mDK1Avzji*^#(QD+3qG1-11fs z3axqSw9$_y&fop>(sX}|_&a=G6n_CDsFX-k+h8^Pw|~NDBy78r%9-!+8(g_mAh6*y z=F9FOW=qss*kr*j#pYwtMqcqZJDJQL0d3}Ca^ZNnTeL98Rl(njQk9q29Ey+m_I#wv zLcxW8s~~p_70hZs+{@kGSEyyO>dc+ZaB!k|DhwJ@bL^3zhh4 zEWSS%JBW{!acLH@2!VO!0Qhq2S3+tz5diz&&;nW}Ct{GsA}aA0_VOlA3}YCk)gl8S zo7zm*#p%)u81dU9=xrjyAw-=^!=%rDt|Q({fZl|oFn5t0VI-=Q%WSzP^ii?SJInu- zNRF@qMq7!^c`%QcoLp$)EaUEbZ5Jti$AouyE;Th_1ngg!)~pV|D`-t zL@7c_ip7#`thTZ|hUAIaHR7WU75<;o3+n%6F#NxzZs1hKxEBADQ0JBya2fImkDgnK zFb-^-q3&_^p^U$z2S)>*jh#P+JsoAFBu+o@zXP*gcemLH%^S&!%E8wJ(h9}qS&0_~ z%+$jxQSTo^gFM!A8{v=yTs@fU@LyLh5n;iK1 z6Tj5cjHq#$Sef}!lwN&B1ZOZKgA}*a?2CHVfKxP#a)eF%V+a%M_8DLI6h^}runPFR zP=wV;Yx73pgz^)plj%wm9m>%-RodcybR>^G7T`w-PKa;Xa7eI7p9@!UvrXe<#flH; zsU;P?-TCBz`U{{a#rp8CtI@M1~p+k8i0RRtdkeIbxjMC51pG4Z|#4Dy)84Lydv%R5as4iOM0b2qv(}&a8{u_iS z91=(|mUQJIpkBwD%JA}F=hj8ezA)EcgdXf+khgORj;dBS7F4-VV?_%i9&e;9JWkqH z7BiS1$3M^gA?Hk*3||_|pf~KoR3tgUpCSd8acL|Bd=Tuhgdzhte~jMXppEw7^n)bT z-7tTvQk2$zGKK<@-Wa+|s*N}knPanjz0czqNH3xe%CZ`%<0%i7o5{!+U0Qpqqj~kR zw|qA(rXWtn%K4v&`$Ryh2`&v7KHbxp;ZIaS%*;X>0Qa}eemki8v<8Plw4qoi$9%@BFH|E{8n1SRpY{jg*JaYZ?lbkua#j77750h8hJ7_$0KZiSxPs&&15Fup9<)xTpW7 zRI)_fmG*z0V!`~mKGKFWrK8V-{h^_iVPfDOoeOAlk9{WzdP?dvrj4DkQJkQ?IgKFkk??n9vfCNtViQO zsXw8#5I1P+j(@j$AcoMor$I2`?Bgab%DPzOFw&}I&BZ(=TKuR=nhNgbF ztKKmhoB5+g*oYmi$d)9!-|yi=)PwtMxef~T^&%D%r9Uk+7dnRN_TS9_H`?`nyuQ6o zfl1LKC!h27wCnZ%#)j(*J}IclX!@o>9+R)OMm;0wpS{AdcfGXtto$J(cl~dz1%)Ek zve9Y2ZoY8jej2Tg5~)HSyTTx87**t0XHK_Vg`cY!`=~%n1J{`AkD&o;amE-39C`t( zS+vmjQAunoK-M=f!@&HuPawE<)=|txPSPLKG|RbeH~>L2ls{%x zp?*@IKr;tzQWEL`Rr8L0Zl@lSVTPF>t!U;wsdIO&h#lSoii=pU%JnRe7Se%lI@xPo z!`0o51(>Um8fo@C61^(PLq;RyZf+5W0YsA0^Y4FuLFH%)FkOb?c%j0DjE4JA}I+GG=PAPPyRzuT8DX8GIkG za~9<9v?U<}2wdDGmDYM`beh5H4>{ZNZP_8Svj-1aj9tsQ*Q=XGbe>wvFl+kj7_{rs zlg2X;6=+iezRJ*b0GE?UcmZvkK6SrCPg4NDFr{>QRp8hQRZOP$ zpF)Pjsq$8aw;^>u_Cqjkq_%9Ie52TS$i_}6?-W!_pe(fp^`XAapT~x#XCy3*0cld# zW?DY1D>Rx1kOPJ{+}At5uO;6|;gl4LEA6)4Q+p0eQfQvrZ{c%I?>31XO7qZ<$te2^)<5&`|^_X>R5|sY3=py_O_7+PMat1rnO2uqLwQc?V^4dk|kk)lu(4i#)c?wbAzWWlRW<)587i)tMWU8$Os-uZ->hu*~-?FR)C z6{<#96srdTAdbRlbXs_ zCRe(W&stS?)Is#wsW((}Cddtj9}sV#v?(>7edIUP*(G?+H(yv(+4z4;@G2uf7=kL&8Daf9i%`> z$1r@*Cp(3@xSv%~2O)7iGP%$}4i8<+J%P8LAO=vDR>McP;>iWg<5v7;bWt$$_0cld z_oFjs7b2XEAPU8Sip}WgzWT5_*9G5vZRD}+QEwR384==Sw&G0sZjp>HNC z?xti5&7G^Gj0MMS_hNJAX=r7I+>x#U6Qff3mrJDlUW1%T-Ekk&r(SY(u-jW)E6(B0 zoKhUlv+y~ub`TQ{b!YRL{N#wF#ylBX*ckroiJaGoYeTh9*i_n({Z-kNZ+&pQcf<69 z)Ucz8&ZbQo6;;x6%ZlR@RrmGTP1$C$!bVqe^0!VP+)m7*JL&zvJ}>ut5}b4N)L03- zA*KzHy$;8QF$f(#PmPV9$okLPH^H6)#@Xk!|B9mOr`_+ z{%CEpOWn?kR(IS5zrrmyz^Fr=w z>(gjg2ivA3)xZ<4ExE+ z;F*4|l`=Dcl-cawv|y-Nk4n+NohuMHg_^WfOq;fb;0;|VeXlMU%!j*V4ozCvoEdAe}k!c$>rA5tQlbkF)TeyNQmQVnNf+% z42`g*)VH*^?6Rxo(&g1i-$9>e@{GY%|8Q>LEm<5{Y&k2P)XF@*d`Ld3;QS#OcFXMY zT#$uXfSxfbPt)sVoRMXhnclG3W?!l2=3Ns-31y-4UQKK#CewGzGuND2OQscGsmv0g zf*X*slXqr3zpjEmFDtu~negoj4^yN+!HWt-Er#zXcAyr}EF>S)q7kmj zm1ZaMKM?*lI(a-J-0POCZgSNDyBY8wv%bTdPJ_>woB1bwyVL<~ygN_r)vlxD4^CQ? z8gbHT#t`gP1$| z1Ut!Y&Y-1MxM=1IJM+pdYa>itV_wFc32+BNY!k^}bJjj=;fMRToe8#&65V z<(I$umXseL(Gy)DOt8rV2S<@UIVTZa)=$-hG1Y>l6%s%~YIj5)EwIZU7u_c6drYC#~i-qb{^y1B)K}PV+?hZ8GI|1gtoO@|ldp*>;%TZU2T~+}Aty4Sd ztMA1;r0VTde)Lr>l`&%IK`JAf*LAX**@>tmZeG@~)q~+U=u*>UcmP zNpJCGs|_v(@v>B2LdcqKV8gqXpPCg7Td*ICa*go{PAYq zGO1aa#O7q*ke6 zJPm)JN;hRkG+lMI9P*^Ul|Yju6JcsXj6hpqk5 z;BYK`tP}!me`H>#vX*&;YYeGACg0tf1~bt-%F^mO)TQ;-j9nVH-=K2cnoc}m6|YA* zdz#qn8*uZu$@Em0Ww?SoPmyYBkl=*Xvu*0sqIoqWxWIxK8z+28LJjcGRzr6DgkiWM z)cOLy@2N&Kj9CzSDI|?m6k%`5J2u)B-fpqa8JY=!0m@Z|i{*qh;y2NTU*tHT>|B}M zLE4##!;gYYH>w9G&)EBpXKOQ;2l9>NQbt1dx@sEsE{`^RD(tf&Opp4of0ErO-9K@d z;dMiL_3Gi@erCskwz8Umx9JHLzE4U9Ml!9Mu0aIxZ2D`P2BJG0RsCRKYiVeDVd`M=~)|(ZLWv+iHY_|yo0OalL$;8i<=N4HQyrx*~vCPAd4_?y=%10WGHB`(~MpVrb$2SGOX}-&;!rNez}orY+Yol zH#44d=f&i}oxz2N0Wqn>I=wb?kI|vkmRXSw=RV?N+1uAv)RcaJ2?H~H7T60paDwl`!F9fd!VVKwy>hij33UlrGHJ@ zq1=||B3B;G>UTgP$9qx;)~zcu=q>3l<%z*%X+Pmm*#R~1-k8CUWhR25F1HfWm^cr|3vru{NUG@ac`#m5Ug+eNLaxtxlgTg&&+yLq`eVqJWmmc| z61X-(N?|Jv+Hwn`s>Y-~Ul(HIH|0wZ?2>E!t6QYL1ZUeKtJV8Yq=p!IXD-_SD09Th zp*bCe zBLqs*r)$KJ1hC{DiUz9tuB+y#RENDzubl5o$yu#FNlsl1ak-$^V_mV0BRkQMZ2fB6pGp18@m<`ykyWGzfSUK}0TkawL;rgqZ8TLn>!t#miO>NU~ z$8g@KiYSzk`aY?L<`;|@wWUwJN^d7N1w8h{d3=>A%p`uZU{TT+PZA4iLXrzI$1HPK zNH7j94<6WjvbWYCxV+SC_cr>~g0UQ!-ZInPNb}g5YbqYnzvSdqkPD6sgz9_y7WU3> zp_)qIRjX^Jjx~*bes!YS^VU`uBZv5`$3U*^Ashc}Pg&)FuZyI+ZNgJkW!qrdnmz1f zs?5Z|S>w{38husnv|PbLAIr5J$aq0zbOw5|h!!eyc92BuJ)DLxB>f6+J<3)ukx;BS zccC@9bH}Y|mwLa?PQ6fatv!@`TDdfaaYcq#9EF$O?Aoh0mN)tihVVHH)lCgHHtMR$ zo14fD*T-cmpzp*M7%k|#7c^P=CRR{>*u;bRTt_o&@7+9Qrehax+v}I69f25|FqO;VzFiZ3oP{0D z)9vk-lzL=lNj1b%%z<3SG64Ojrdf6GthXTd*cYgc_tt_n?;anxV~{u#J*G#6Xi*|F zt#U&H(r{(e^-+b{v^Q#uk3$uRj>6$+5&tvPBLdt%{koRWFi7(qUW6#JnK$T{OfO#< zHb}6!( zg{|}d+R|VHzBTK{1=j&6Vf;?7cxN9YaLB#%r{j4p?%@$@HC^nQ45^h?Hgz2-q?EcT zX80=G7o*(l0{lkW<<8M;NVC2bb@vG*SpJw%dNDQKW}#tj;;oXjPr&{?66#CgV&F&! zuve#3gESb=EdRK9y^FaBXIt}huIV`rY{-?N>SIDzKX-+1uEm#GQqwB^)0#M0ECiq# zt)ij|PR5~%Pi0kPP(CPY=JyZWNqrSCc)S8Uzixk935>o=IHHpZjSB3v!tbm)_V9$V zgxQI%s3tA5ui*E7bQ?Okh|ga8+juY$-uVSqlctnIUAWgXsp#Kh}Dm z3)K3p#)6-89zT&xj@Spt!KaoTWzo5+73Cv+7;Uhc1m3iv?{VJg=2eVf%*T83?==ON8^E8>KqG;vhAb_ zFhFTc*Oseu7STU)8QMaFoGW1Zs1HW;<)dIo<|u%W>;u&O(y0Ei-Pcu|_5MC)`Dp*# za>=FXT4GjB%y%Gy*wZ`MuEU(@9=P*bhkrZw&%54PxO1=%p=Z2ZJ8W1l~8mFf-cyI99+!}Qe#rW6nW+LxTJEUysR7%MQO11zRvCUMyCdH ze`6rt$t0oDD6)eeFPTrGsw}J$8m;0YazYo=wGYim1yoDJ69+3^^Z1!>S}d{z-4o3$ z(u_ZA5ux^d3G#rjSWv)YWI1STG^Jmb{iH+xNr+PG5xt+^n{n(xQ$d!Rj%1vl=fHS@ z^nq}f;3u}ll;nV0BtI!5Wu2oiSC!zt;L{32+yb?@7Hx#6jU?!+OF*1p`KH5OJFp`J z6U@9UMnuzJy8D826mr!g8C=9D?Ws+#WhhwtF*q_f==9Z`?w{69SRa`X`GA?@6Zk#h@5E*BAnAV{!>h_cE*-t=KlysvS=_L zQ@!24VrZ)b3rKpx8$_g93Gtm}rF}c4TwdtxC3n5+fy8?YCH|-?#+{XYl6)&XG>0xD zs6si+{lx&nQE$BlQN;F@*3k!Uj=N4NTsS%fO{n*84cB`T!x(BYzK^U@2Y8F`LbN*U z=hv&i%a?lJ#eMHPKI7k|X{=xSm7h`FEimFQ)^Z~2u=y4lhJg?NIRUa&%H({oD9p|S zQ`m+T#_~3eErbgy^5%xGz2EzrR(rj`8PLAzqsr@AN}GeN!ppDZL>yp;9@GJQfqP3_ zW3y=PQ&Cy8*B>^n4A)Zs2@y7!+`dsTWdM-t>AY^wfosNogPxBc%L_us)7gg84!tGK zR=tLakz5ASo?}A4MS8_NpBI9Q3Wjdt0D18rZxq)8&TF;<1Q4gQ>mBw+XMfK@EBZ_0fc+A@+o96lV-T9!EN?g~_rmghn171N-2L0VQjiJVKB zzD*I1ttJ5RE~p9M5xE{x&;U}rDzI353uMF9p-j=K9C_K)#vJ8|>#xFDr0&<;=TAcq z7H*vF*+CecZkU_3^0B}8&PKplVzB%p0%T3Hx36@Q?seO+TqPdeuR0BH(Gaq=fH(^* zH~ff5EZm}|@HAhKhHl3~2%h1oW>T{=%rhwb6B9&_C{^a`jMl^H&WAVE(YE87Ij^KD zdS@4}4czC`i#0=r@&LwY=p@YMWs2i)i+qf+T-}{-0BCnCoxP0eyxLZU)Jb!2yA{qQ?qrLrIFN5hE1 zxa+xt(Mrw&1Uw!^yaxX;ma%*9vF-O_TCU`#KRo;i`;JK5`Os(C@o{34ld`9|96Bc- z`7#BjyDhQh%<6s}GF1%iPI2^gj-3w9zm6^)&HmbqQx}-l4Px&&*EYoWL{EjU8u@C4 zushL92lQ)k5Y$=6fVX2YmmM8ox3V%Aj;j`fs6y<$KTQ#CCm{c*lf$Cj7>y)cWuXX>lCQQaw!btD)|GW@h0iHqt>N~YzRDYr-V)& zqJAurMhXMwl|T8|nj#EWvaiHWEpRrbFBBW0fr8^mALAnZ)UbCQ4@Sr-37ys`%aJtV zepJ7{Zu9B<&fXArLyjAapTjGRSg0x+ID0MDy`a^+VSX@73#+{IhkA%UsVi!v0yE}a zY^-ZNFqe@)hno!pyvRG(LoQS8(|rw3(?1~?g7eJPvEfstn~423d2m3?eU|cM!yf^q zT6h{9>u+D|3CENN;7KsGfoOcSePC1n$lr{%Q)w`xvKKR)CWM>Xr4tq3=~aFU*ms=! z=TENmB`A_-;Mx#ZRVLmZ(MtLouUfhy8)4s1ts2Th&ItXD=3wZ?QHRMuG3zxf4YdEE z>(P8k&BLnI5`Fr6f*e4jl8)*+jPKrqv}Rj>F=Yl++2neALz~(^-^>e%rr$r>6b!}F ztoqCIAeqz^M?o zNw6NkEsCR_--xk&Aw^IB0bbMAkX7T}nGfubz?04mpL$`gpQl3? zS{rbUhfJp3jkwjt?LA8?0ITpBAC@&Uwr;j?-eoMT;}g9ikAH>JXI}V=SllT8f{SN6 zZ8P9pKX(m2=Bs2}zNyi;9;h>m4jX#XeYOvcPW0?OjPDWchWA-xgwq)b9o9;%AEVdB z)Jpo)Zk>O(w<$ZY;f($<6Swv*>JyIzU>z~O)dF0k`IxRzV21|SY$qp)6Gdz>j1XW$o~kBf11|ijx2rg5`Z(dqujJt#zdbYk)gJr(Z4LJuQ)o8k)P$kG0luhOUzZ{|LJU z@=kJ_N#HD;C`A?{?<^H@GE3O9< zvc=mcMDSMvV+7hO!uO!_utO~5(xB|5`md!`2?6GChZHGcv=TXW6@Prv=kd^;wg@%( z{;T+A(~F-rRZ5-9$~S(w^T4sMO+YO?Wq0MVt9^`Y*-cGMo>kCmp19n0@RP4IS^!j} z>pT!5I7Q#RzY3hrKrqOFDi3hMjV1tT7v#7IT|&%FL}a#SLkh zTyjgDGIPtxHAHhkQv@n2o5>|}%azQO%q=%uP$+9OMI~1hR5C?WL{vls1n#fR|M&kN z_lx^@mN(CfXL#k|!2w^c>%7kETt1)AS;-l!guN>&XBb=(1wTk!iKb(w7Ujm(wUEqd)hmlSG~2Kv|6?I`Y)l==*O;sEdyjj?hn{J zw{VoR?R@yL?)mY}-XG>eD5sLp{ueep{A6S0LOHD~p6(g9%>lVRq)GSv(yww(#m!ZrV^xZ80z6u_Q06>-^hWcX zBy3ac;rjiU{|xK(Po&LnR>gg;=7&{lh}ocG@{*IxAq~~yE{j$R#RNs2?29%=f^9==1&6dn6M-FSscHi zL)P_$q9ki8^dZ+%foCGjJ$sC!9}ba5rKRDn5D?h#hd&J4K^j@9Z5y+tbb6!l$ylW$ z!I2JhdzQteF|1)At(aQ->0!~cj}E&dFg@~=H( z{jLTa03;|xL*hCchAq0GNxO6Lzur!EPk3h-D6LfUqW-9+F{q$<$NnvKk7JmZM_3~m z%mv)x2b_bc7#{gCqBK2p#}_$UrmFKq)-R^jyzv(y9S?~sT@BM|)3rA48PlKlhtivI zsMXpLqkmk?s4YOx{aAnGs}F?tn z0YtbDf#S~Kk2(kCRq~31v2h$eq8?G1w4e)C+wifiakmbgP&2!;VoxT0`aBy)82q&MF-Kxbn=q;sY*{j;mHp|x zFg%`y_j>3DGWgE5=wzGvAZ? zBi_{txE~+YXgtiDTCc=F-qypD|9Or+%d#k;wsBfQnrdfJjeG zE0>R2%B0JG`0yT)&D=v-YkQ6At>TB-z0Uo`Oyd?-PW9k~^rD{`D+IcZHa|ZQf?n6^ zJW(WcQy005329|{8~~2Vs{O=qMU4?MF3!Y`^{I3gt+-yvp1vK#`Mcfc+cLh00g6f$ zvJKzT+zLGV6Lw*_y4&r-`7!%!i<6&7WbX3^@8tH7qIxe{B}7-kJQ7prqF8aE()Wn9 zWzB`^QrVtP)Y|OOk+12{_c!h93YUPx?k(rWrTPn*?5FR{0SAZ314s*TZ8|%M#B!sr zrk$s0d0K@&YVqpW2eg{S|Eyv(^}mAC8wYI;3A!4}p3==l@2OD)biPoaWQ&;lLRh$o zc*F;{ZUw9WrNW7KIHyJMt^_fH5p5-yUAaxuIxW&VA)r4n;=lf|n)sG2GIPXf4T7_4 zpEFFXx=()>d7llOOqYLKPMp{JraC>6zL5TVd+vG7*ENzbp0lsRdDWY+pYgRoX!)OLw%8Q z=q*MQ53T-R;Qun=FGUNK2_cSkBZ}2jNIKR3qG)LL+|I7iS(-NUkF?1WL_MR z(B8EZ8bU0cG#W|D+B7Jme@(??38_bKn0fZuqaNqs;$XPQ*X<^shpu%>U=o zpnW$*>!??f>!paW=9gwGqZqd^6bJGvUhEd&Oq0|FCn^@jQN>%yj1n#A(`+k5O zE9Y~9>bZIU~ zy;>s)ZSYhU3QYn3GJ0L|?1o2)D-+;JX`rQB0un$1bK&pxJ2TZ)m4J3zg^<*Vx(d`b zXu~hn0Fd^ZE%f%c#JM0&#zvBdjLyz?0%{&SFeMRcaruouTHyiqL)hn|Wd~ z^8@EcOLLv+x*w){2diKuTa1}Kce$~Epj%A&?j2H({bhO0&g`Bsg*Rb9Q<}+RQm@q9 z;x*by)E0#Cd1MddlI3LF%ndQN z4KW9wpcp1_)_lxZp)Iqu3pv@2Zg^)L1TGM`1rWbuZoJUozB`6?iFwMg8snGmP_3xm zV|InyO5CuVF^X8ipqS#nhHGf#eoH%A9SQcMB2?M=Uz1XV~g+Mh87R$8-M?9zFyEy zkrsX3{B~D@nifZH&jaL-sAZ{o-+meFAPSTk;dEkS3p}p6Ntz4ln^R#*7RK1jAdJ84 z+-v3S^NsN--IOj@l0c^=#7%YFZ6~pv&Td#_tvVj!@k7BL0{~Q^FJF99b;(#Bt1OKN z3Ym4oy>v;Zkoy~LdYGkbB@0B$NjK$h+|XKQD@9wiB1Rs&$=s;b$$l#HR`tPcl<9Px z2J_GHQ`whAIORQ|8?lisD_aqN-*V$AJb=kKrKSQJq|!L0Rtx+>XI= zL!givPp;DXwAv!@lKg-H7zt4Ur`eIYw3W%Rsf_kw+)5+whlhV-BbE$Ugp|SY+1TzQ zR$y#Mpqu-v1VK8qI0IV-VKkH?H!Ws$pFD@7OOciC3;ne$AFfJHG?h3TPL+54UN54j zvu*ZunIcnb(Do8Cr$N6k@G~P z0j}dUpm?gSi#|j*ol~*j=^NQn9`$oT+uN$2G`6%78;sJu%d!34>Vv0)#Z?x106Cm+ zkRzD;qOhVpLN_Fn5Dai+;<`qRN)_eCtx%_>k)?&Tt|;%ErEYJNo~tuV#F_4fe0 zG-5dpqa3xE!M52s542x`#o>Zjyyxn3dyp{<>*=lGs_zX5a>is`@MiYECuA8cQYp1< zf76X6=Az4Hms+}Eo~9r3=pqGPG!T2*i`B*`7M7j0o0jC>`a%D;ilY$nX*<=pt-h;j z^%g(VVbC~G8K`y`4sR(rz6qlPy*~=J6UK=wEhD-4Apm$wLe35P)yIFoj>~`xyEEdqQnU}Iiqj)!@?I4xhF!+wb)Q~*)`_D- z9x?b-A&$w{R1}${=EIroCdCWqa3Br_8jX0<<4lp(Dk#WP zXM(q-Ix~YpTG!cSByAY29s}yI6?dP(u-D;P(Gf#6y}8YN`R=-MaL)Sm%hbjU1m4@2 z1Y!o@_rQn8RH{8G)M9F(vL^-r_mj(=McFq80S!Q0Wvq8J5|&1a(nl4JoQF;{o)pjpmG4!t(65a(31DHK!3h6+{% zaW0QR^Hjp8KwePehhBccZ0q71Qk}QmCHIoh=!RZ43@Skm^Gxemk?;(hZ!WhizA%Uo zc$y72<*nW$3N8k!+SA5(F%E9X+)~wCH_BuFP+16mzT-QYyZ%7+toD-i5aHY*M9ALB zSLwf?f5sLcE%4!2PH2H|fu}4$sy4^!!IA6q(l~n5ag|Xi(8lvOGh0QaZel<1)TQcs zB-woA(r;#Gq-c2J##`>xf{@SdTZuXokKX&-PZv8CU?!IP9|n=ur3U3y`n9}o-j zP4qPjql$8o-30%F`mjBy>^+|hVD8Pki4$elx{vrHn911`#;IGoK5cGRDNAE`9G4}4 zK1W*xbHEfW79#;@_eW-BS_s^;PD# zchb^Y3is3x6}L_TbeONgnp-699@W-6VwJ9FfAdvtl~M0;TcqXfu1TS|+tkhMyT~7@ zQ$cduU6(q&@6@5}amYiLeB4!=(b72gS4pe6)|QB1>)0iC&KFop`yq+wW#5gLx}CxF z!qg$=Ei;1M=l=N0+0*)}>w_cGaK%$47YrCzIjrl6e^3Mm7@NI>Oz}y2n{y39RVTW^`vRbu&A!s0?J7?tAah#bkk$ovsqr$cwkz1cVLO9 z>&qcl>ntLHt4;Yh%Pbl&X3~3w&u$n{9tPy4Kdn=}3!3m~TnV&(^h|*CX5GU&4l$hj z$hD3E%?F$!CD|;i=A7ywY`yLnxhg{a%E4U9+z>0nmO8yeK80A|>P>l`Ca-6&K91x` zJ_u`gLG6G(7#Ui8zS_j{c>Se3%Qu9QMHhwR$XN@ZF2y4Rh)1gOa&zxV&tQsI&Ac#O z5%OJuwRuirzY8{|OVpUK&fd^z`$$--3d!O)k<7`(3`b7ePu7+9Wg2x^BSV$p-d24H z9y_Ilv#lzD*D!jorG1~cr2>zmG#{KU(|^58kiX7cn59QBIDbZ1POJ+O@~9)Np*VCd zE28_?R91@~hlZFajXnheqojq9i74G}(G0Wr{)998^U+m88NQ^#feU-m6pYzu{64(}=Zgt_YwI>Ct=??~ z3iNA6yRsTh3n z6fJ!^y)RRCKud}z@>47MDk&DhF)qjV9*({vuHmjU?lHSIsO7QVEDHjZo6T`I8?*{g z>D@<*;AZA{E3p;=t614%Xl=Bly=U zC6;&hsi`o-j55+6pO3`O{H0G3jgMo8q?T+AG!Pl_WJivUmdb+x!rW=+muPbd%b<$tOYCmorZJ4oR|% z2-eA`pxW>X@X@j{fIoFb9Y0M}Qo1qooOuW=9%x>!bT4JcZPdIER~xP}E~vr|#S>3I zWSDDI@7DroLbDvhXNH3|IBfW$i&>1}`327$Y4~DLt1WQm{Qb~w%BZTgjXOxg_P5jM zCN*C-F{$~C-YaG1r|Ws2uK>plZzTaW5+B^WhyybUxq6~gy$zwckx@gYt~f(gNg0{Z zn$xir%F07cjA>npzoi)HZ6@byvc-q^?tU5d3^uOby_&?#{&vnlVWY3Z0uF78JRqBl zM{KjnpqnjpG+Om=boP795U;A+6A~!L-*8Ua;W-d7Vasc8xyT%n$^oW#N2y81lnMYfz^1 zB;NxP-zahC8g}VW7!ljY&rlfkWrDmHVvr~JN#_@CAP!u2vL3=sfhNvouA4GObv{Hy zwrdpwGf3_p!@s=`%Yuv=W?mPSoA$a%E|b+c(`FS5j$huZFR|x$XcVN?*_Tm=8V-0( zIP=J1!_tZ2_ikn#)whxyb&D=8d8;>M4FXtt?=YyDJ#|1Z)WDJ3S(ofpuo4>&rq-N> zO|)7$T(~;P2ShGi+xnXER3GJ79oN$NSHVthG!$8{cw~?Lgw2@cnYpKvoB0h|zbb^P z$UmdZn_Vq&trKs!`+vN?9-dn}_l6>;jqm;gSwEaXiwRTmT|3YJp=*jW`I#`cwKv;t;^#3ie zx#$(x%P;h3mq>>?)|e!ObVpWih7N|GfHBkcH%XtkF@^l@@PcD9IvS!DDoJr;54J!> zt=J_-@kTwvgwb%xI;zedzu>z7_tq|w)V|V-&I~N`@Y3jM9B6uXJVLAl7h4cUx(Xwb zBP<>bMurmfPcaIjqt%p@KyTDOzQ$y;)%Uk#+^EsED7<1C*ileScgLTeA~Y=fA7x?*PNl z#Wax`;n~tYwc1(*MOf5D7n80eL#^e`T6=+VIi@hLppmw%9!{Hs7lpK%Q`tIcK~pcb zB>yHzdd9z{&1N*Mn-@3k8-Nct#*O5i6OCWNkYYz$3;i-~S7E(iU9Wy=fei)Lt_qrB z)f~*C1!FaGooKb#a8H2dW~dVcJyZxg z-o0b)51@u{{JT>$J=HyO7im83=(46;mD_z?zTA$7<-YBOprK1&0)DrSF>_l;A#3@7 z3Rtn5P39|hnpfR!QyNs~W$c4i0oA*DuTx==e+Wj8VxuTpFv4l7G#%M{yV zsI9g)TynDF+UDey9g3?ix??OXaWR_@PJRfEOJtR)T~i*be{4_^;C91x8;05Gt=SjS z}%OxeBN+Dq95HC?UDEd5i>616J0 z+~cwpkWAG}^1>>*nhVVaTaSc~u)_}Xlzy@LzFO%$74VRi6)-bTQv7s{jd@|Ma?GB_ zgi*yklViJ#v2rgpgHgw!PO3gtyQfnosvT1yRop{HFcdQK!vnMIyrvewFZy^HUdmwg zHW6J9ICt|$G0*yM(GiA8Ym&K9>b_9a;m?QmdwJi7hjQka^Q%t)EUb zxs1rw8~(k#9hzzzc*9$>pwX0~*pnIDYsX}tx%d88z)XUzhpQpXf?m}eh7rIjJ*Y{b z>jc0QTsl`X9m(May*J0QJP$@ljIgl9+`sVo%0Q-!=^(6I6e~7fS~$C{EopIc{)3OV zy3+clHu|}s!N4nE+h(3RFy?D|qoyJ6_@iPQYp7*o(hSsTB3C(Qwyo&Ro{gQI5hKhj zHs;L!faa-J?uoO`?IK%tgy>O*?IYK((y+w|hYD3-7@6?suC&FgNe|MVo#=G_aOFe8 zl-!}uqiIcPFU~c75B_?gz?OSs`4^4LKU>u+Jvg=N{Ha@?Wc0wc+V^Z@B6jY58liD- z-a^Z2*X;Y@-7X;+zis<9>3+#xtr#g313wYw#;)eJZHPaou_L30y&Fc}nB@s6*I8eO zFE4F2ApQI}Pu*c2ue|rYEoti(JdG^n!gTJ4XSJE^NP^#+zZF*leh*f<=xX(Yy0_TfN_VznqPEx) z*Iln%l5@qEy8TQZJiS4?7!%;oEC|4+h_)paIp3epo`4sNLPiqKlDd;;D(E?RY`I6M z+Z>YVr4z>toj<+4DvB#I_4RmtCC?~;`3S9D%@Lf)By((Dx{?40mSrr-&f07y0 z2!Jk_!|d=BYXi&#k<>EqQI$^r)L#L zDY<|fJ9n>o1rA5ke6U{H0|yW0?65p?M;IhPngiSPtiNkaZz?Vs(`8BRAiK>Ubl+#H zQN~5YZN4DqGzbg!XM{fLm3Thmz6k3|t4iJ+k692y`oIV)flkKGgNdbo1BuABM>5Y< z%f|0MH>%YHWgf`Miq&QWOju|LJBm*;@ikXNe<+OOOy_8r#QbHD3m-`rrx!OhUblKM z+c7WY&Y<;-PKK#*2%u1+duJ{NW6~Tub<^B`I!Ws;>GfK{&obE(2-Gi7>D(yt@yiOQ z#sjM1i@%|WEe)dTaIt{*d#WgdE7=1+D`VWx~WO~QYE`A z7k1oQU+<;tRb<@{Q4Wrb>)jaWXQ(UA{B4{(BC=qxC2Qx!0IzJrl8sj8+=b$3hc?~A zh2&c_8)e4fQP8D3^hvh#8f1*PPu83N#SRM5XWiEm-8h${>pMyCx=)X_8mYwUXE?99 zlg=Z8c zf(mh>ualKI`~P55LDPq?mVzf!elZ#R8(S3-8afilX~^-jqAcuFS3s+283H%wdgO;f zZp@<8JTsWc-D|r|FtITPROUx>wva{{TD333E`6y=ax|-vgT}!gP$uJuZDrx?jGH#^ z((?Y$?-SI=D8E^&Flez$bu$=YC&L=PDbX8jzUDZyNZeZm6U z2P;f_6h3Y2qY>$^jZA12>B-!E}gs0tZBOr#abcc+MPF%y06YU;zT?YXib zC1>iD^LbEx8eQjQ1;o3rdgb~<666PGwZ7c-Uw#)#W@@mTY){ zy`X`N+1%?S6<9!F3&DVXBgTOL(0J!TK$zCB1kH?hjKw2gSX_I%c$gK2V<})Dyt*rH z&8VJ8%Zf(*8EVF5ePm0I!Rax_Ct2v9j@?nMo&eK1weyr`sZ6tjqF+C@AmFNB+|NZ} z1_FiMbbd}n{X|2yw@DM(AEl{V{2*5DE!Gw@UNvTA(1sS+8_h58;Pu8rQfI`*h#_cS zGJy^<@7f1JmbV#?$8h}t-RO5#z?=w;%(NTLu|tiPp-E_5%xqjc?O1VH#P+!&b3OHV z2Z<)S|EH_XWm)fT%+30ShAzHRR$;GY6yNL-hF^f?|hVp@w~REN?GUB;)M3FfdUq}B0KslvoH-C|OA3)HJw2?MJ; zFg0`H>G<7VK`yS3$83;4e9T3NE;T3|mV#dPl3tU8krf=#bpL6eAmdA=r7+Por@Ka# zDkZ8wUZ7EnD23`&#|FV$zQ*#wuguTiF0Tw6a=o8tp9fYNPf8eH$)#N2omxX2r98^l zi19*)bKoanxj&J(kK6>}e6jyuW0p!s%(NI}PP1(P1x_S;Awi|ClxqPcmTSB_4qJoA zQa>@*YGTj7F2d;w)od;yCXpY|!MG1c0VZF<_oN+sM%}PD(%XZ|o!VIA7F`STu^Ed< z$$(!GSz`3AOD;0TyAX8vht0tdr``7g3!Yq{JgX1S>5I=veA69ROJGIN18Wsg%tOL% zS4-uPOn1yMso_Q%bkqtUAG3UYyi^NTr9e}L$+a=XtmYJv-6-LDQH-f1_o;>M9c`4_ zLhphB2<9Lb84VzUuRQ>KruHC#(Gg!-N0NUPk$x1kYZcPbd@e2Ts1g?saqxeOfYJRvtQLCv`eI8WTxK3g~m7bUE`)eFk@S6ypvk zpbg)Y=O^^5{s|hAg35b4T|F?MJ8XMZUM9p)F@sVa^Q-T|Da!2lc){XLx$Ti+d;>Ee zo_eJCkH}(61{?aMb@m=wd<6mPt;v8w=ZUezaP>kbIhzhw+>(11-(Nb2br;>IMMw?i_qw4EtCP5~ISrL#S-AX z;EXse3Y*~EDHvm=iun!D!GKTACW0GhB`AvgL5xxR>2qJ=)NfxB2fXrZZ@^lKUvM_b zZh)}AgSooF#qgR!!rPJc;z+-_DT04D@$tc{B5NW2=+xKCKUfHI>O9m3EhDo|iHm5` z>gI&GuIa}dDc!Arn-db0%iQ$-L~g-Mw_xOrx$j$S8Hd-yifg0D!x@@VN2Pt2LMhS@ z89TotLRyS5NLAAT%TqPZvtZ0|>vJ)XYS>2(V+?~x4H^AV$O+rU)>yQQt555@TC`)f2r9iWo6bHH8~lTqZ5hBnjTw%H?K;XoimlsO1T(_ z{HKA=2<`?}LDD$MR$OH^p;kW88>Eh-AXvetV6ho3GY^tiIsUG1#WCeCEqKj7%1Fu( zT?}g`;&9Qv84^g8*9j1_b5Op}Ts(K@@SHf(scSOR*{cyHK5ISz_Q~01fV9N5NVEBN zqeFZY@;z!n=UzxGvT>7iN&V90=Y&c2&0y?<)(dr@SE>eo1W_}JOsylT{A7da4e&JH zMcUbbsGCh5eQ1@2E~xV8@vy?ppdmLY%anP20ohjco9RgYZcf!BM~2xTh3O)7vX?WA z+*6__qy`3EryZG~yD`R3bl32`JV?<%9I=_t?v9mg+}B_Z1S*~^DeQ(%e?>@(#gQY- zY$)!A;22oQu`aS#b472gx z&4A0JKb8>*IZDULebs@H^PHfc{ne zqYB?;&?BEnyt_=V2(Qj;<}(eMpBrj79ebItE|#cv8xce~6`mph;4E;bGn;S|R#Ue< zn7t!O6^kRZ35qm(l6*2XY;cZ#;$Bd%W!p-)kvSm{Js!bUiZ0;*bi3lVg)ag(S95QrkTM011W zA6n-ewHSO|1?rinR$P8s5J*kfW}Bg5NBT&xu-slTg-5N0SN5Pn__YJDpJF*(AC4iTOdE0 zH6UNQtOTd)X5(Cok5_<^v*b2lKu`3f57p?bdW-n4Xw|-ox~7Q!$pA)s8$0f)6LB*y z8420=v3rf0^AgOw-B-pw49{~W%Do^p%uJ~h`+<-B&*$=%M1fbaN#Ymssfq)k8T&My z8lgKhZ&;e_dcDpzC5k7x)%mvy&7&hO(05ywcmE&^^o|Skzt&KHa|rjY zX#2r4iC5Qk>w5`pOwiV)WCTGjD+eOc{?f_W<&uL&wE557b9eUWL|d?GYSB(y;Y~D= z{eEk&0blH>Df38maV-Y|!cIa4<3}>%E`QU2mXR6Eaor#NdQcrb;K~0&K0NdfWc6KZ z(*OL-pWcP!RrrgB#Rw{qD3WwWI&tv8gXbk^A3PIQD12)wUcuyD%;5Jt9soHNSOyY( z+HQy8*OyvFmQA(QNTiNS;SxeOVv&22v0&a;IZ6por#}tFUXWzl=4qYZ~d$RR0LPk440Xxj+utqVH=*Ibp~mO0*xgmkRFVNH!?FPdcTa zbzWBIm-Ll(8IR%c6T3UnbPJ1<7fcEDcGT4tv}EkYM(#~@BE1|cReSTKXnmuvj(DpO z%^RW;-K?gTo1F3|_<+JUsCc#Qo7DnyTB5hzzzqTDjr#9A@3+eSd2A6}UmLb2F3-bA zxS(9L3R2q8Pu84>^YgD4Q*r^P%xKpz-Y1!DTZ&zk!lVVuD|07KIJhfPC*dECu~FPy zB%&{j6f4!uZurg*bT%m@9Rm@shUEf=jzv1$?+iCVx<_u%rr$MJCyg!I#-ut|PvKl)-j zJ)=koSxw`+q!c&$OyZ_m&jAI&Zzk$5e*D941mGFAcc1qY&sql^pGlv^In+xcg;n8`(1Y@>}7hgx=zrNYE^P?fqch5K!kARpVb!S4(+36 z-VJj`YS`MDnAFn`dP^rv&oL*8Z<>U!MwwIVos=!qL@@I=F$N#|Y635PC8X79T_8N# z*6*$u8UT#42%gT#?(mKAc}tihxMW`_&fB-7&QfYCST>;(=ilg~ua{;gk}~@7IR_9~ zt%2U4A+?L=*+c9*aZ8c3mJsx{Z$i?52}S@WXx~2c06utrydgNv{G9K~*At$eR!YN& zK0Z0VR#+(3_>(l$cTrM!^Ul&R-FWcVxgMyS-Z;Y1R9K4Bb4htX=RT-UH}H?ZslTD6 zt0xg5?xmK~%W#vBFcvofQpjtQtX;7y3(KzF z2!a!L(k`#B^+f!9EWhXHfhSelTO+1?j6_#0>8;!uh&^)RAit2_Gfp`nTVTXn^%GpW zE&QzNR`0_-;fmH=M9(r}MhKX+mO8bcA6Hiqm|dn;53_Nk!-Inri$0+bOus$MJ4XOl zXjkBE@G&`t4jEiLuC9CdYt@ciEP1oc-Ku@aKHQ==4_mr(nU(2`=h{zr`W>FbF13|< zAwb2&+^1(t$$i&9)Gg8s3GuoE`n77S^|g z#Tph|mp?4B(u~P;#yv^7W*PP6zHz?i@dx%no>oIuZjR!%Lr|72 z+g!I0;BtP33DiiMMM66&nvVQ%EHd>M6wJtiuwE-R^zpE=q~Bp=|8r;F%>}rO2IST= z-b|iI8U^Q&_j#kFedTc<1`Cctht&vcFQW^nmU7nII;OW6#vv!Bh=Dr*y8SEGN8(VI z#Pk81z9Dk+M4^O`Wg{)xQBey^_ymDQ(RIa~wE28j5XGCS{;3ox+O}}e+7}&5lqKa@ z#i_}q`rHx6!0vdCY^XjA1R1KbEb$okJLxQ|BB4Td;VE8Ftcu&2*o2nk!4Qq_)B(?_z;w=Uk^KV7ki3q306`+XrEIJ-H- zS_+AV1WVEzv-S{NOCNN~nczjz`q0!fje8!9q#KAMQl^T`tAa>Z?)NWhva`zGh^$UB z#rr0uH`a22`@iC0n`ws&XeXjnhD=z6OLe6Us$%@7pL^$>V##X-t$|ulK=YTAvVq*N z4yzZJx8gGN;hB`u{~VVB;JCQRT{es`EVhxte*OqQCfh3TK@p}YK@MjNegYh(;JPR< zZT_+0u4w9s$(@DZ$sGhBk0OSTM9XPrs{-;K>gvhsa0)Lw-{`!lh-@vg+DRLtWx{GEwqa78b0J5_0MO5IkBq{ilm^d zG7L4tgvnS4sB3Kxy8i1>PsE~;WTLd>9_;BnigcnU$;9D#BQ3+|$v)#k;g{*=)FT?d z8(xR^vyJhd>6c7zrWtqJFb#Agt>!{6z9xP`M2jY`X8uDky`lX-k(RIgjeox2|3>)r z?;F3Z!2c;a{dal(T^?Ws{`ZvSU!(ZfDE>7HnHT?0()@qV%)e*m-!t>?nfbpi2>$CS z{`D09dWwHN#lN27e_9T}xU_Gte?zYSsdD@u`bqyR)c@ZqA9u-j|I;;FcUp*`@D4V@ z5Yw4Hx4tdM7p{Cr5fVYh9Cpc%liG7<%M|hk)uqi-o*-`?BY<8gaHJjdk+#M8^>$0z zdZ+C4Z>6+}Q5U@Ss5ZTT(U{)gvA3d%Mf#uxuM(Q;$|(p|+o1R~hkh#^vW^4QU|@tL ziaS@}MvmWV15qqCr$N-S&z-OS{2gjzK->%PElb34U&f}b8hADZz;jQRRhuGboq7X+8H(KA z%0z`TnvMmNSA72t)dkgM;*cvmNRI``gwjyV3ax4*w{9vcq=eKkeN2bPqZn>fl&C7P zaBDg4%KrlJ;w@Iv8xcgzPgOuYFaBp4bhDT{O5-TWSseLpIeN$QEwExU`_sKybF$=3 zY~>g@8rq!0E<;Fh@~8GK?Y?`E5B%B&$|O(~JSH>who&QP^jpL5+ZQCSHt&dj{s6?c z5Ri;Nb-n&#pDOolBV>Aj#p;ZcWUdU6w|aK})jECN`}60;Yn>84f{n?^ic*W6aN~1= zrIu&F5hHTorik}*4T#*qK+9mqwwTgb?$CUI+5}8v(1o1)C^iR%yS~7t+UbW#3s>7> z7d|-TY%_+Z!L9f}hqqD$aw_z`b&HdrEuyAPVIdN~C7effE3;_3hzbx27P&THBoAmT zpC$l}%mmJ$?qD1hra^^>On@FX6o&s4J3Jgi2)T;Rr&tX~jyWx8()8n0N8fOxoJ)HD zXlxv|@+v+~PV8;+jv}?B3%?n}Tf?mh%%}}^bt4NYnZ8+F46f58iI6ZcKW9ajpAlj$6T6a)n8!hBvOyOqYI{67loNDYRk`%ZV zTnXE1ShDhsayfX$z*b+>oP|i8jD?GgVECbnBa^*0OI0Y zx0z*OUUlnd&k7_uEG>S$vHch@i51lQq*_|!K2m9Yl^Wsaz#O_Tsm;*kxDn`?pP7<= z=y96vy^TSAX~1n5+xCL!PZbIP4TJ`~$XE?@U=Wb6kS>zg?sObDu9MLw`f~*}X@e5fhNfVT-tR9M3y7noaJc|1(Zb>1}{cKsEKVA_J}-L)gIVeqo)taDYd z7xB)_Bf#>ZAv1~SbQS2-!UA$E6b_^byW&Y0 z^|~~(##2ASat&O6hJ8Jof}KpP3TFM+p~N@<;%ya4A%D4lXL~*=bGP(O+i8sQT;f&h z;{DA45;h*rkxSdp+J)*TNLqt6!&KXU*^d_GD9x#=> zWh6+HJr3aTyi@KK2wj@~-xu0FvzfSbmsCdZVcabb=bW-H0^n#%B(1}1A z(0u4l43rEJD9OcfPF|a9@5AcPjsB^nVO58DKrCrJJ=S+&#AE5fi;|RXOP8h92InHX z^KT!#&|>}Rs*V$*Ydw!$v&$K9+jsJ!mK_QhEc<;gSh`9o<765;J{|(&LPd1&E{K8; zjtI*x+G|2%Hk=;AO`tNkP%29C=xh@S6|q=S6{!Opw9MhBv1o+n1Zn_ATT6U!TM#P@ zqppy+$4hULZWMk&D58ufb3Dj``!~*A~mwod{NBE-%BJcFaB}o~)VMNE7?{MW!5i zKlr3GTU}0NA}tfy9Ym_9-IP_V~bnM+J zLY_WLK3#Eic7tX)^r%+dae~a3&M!Fon1eD1D{u5G9}>0fBwTg zNL8(=F!~3r2`J?y^S6}=M_PdFt#)cX0Me>IlsLL`hkCAUtV>LAYSLc?>vw-^A6~uP zXTZ*4tKC_5YlHDNUx$=2hg|88*Bf@)Sxs>&xV{muVll18qMVRai{CC&5m%A+gO>HD z7xF-mh$Xl=JR8HjhEdA&tt)-K1rL&mP9z(>-45VPmAp*Y0kPhOg@FPmtT5{n z6v`MQQ(3TdvG9R7K>f(C`)NH;fZ9}{g5NP zgdC6CI9ped6sLV;;j(fTznk@FQd@&+5Lc!Dc;ZL7Jl8^daqeB{9Jq68xtd0VnC&vz zSE#F91Y7WZUD)BO=rb-s8f@yWw#oXQ)~z`Cp7B}md4hcB6>F?B^Rm8gRD1o(C$_>) zzN?kw_z!K-f4rHx6ZG>7YabhGChFOG5V>DjFWA_l8yWITQqKxuS;(OgnN5#o0=2dl z-iaaH>p#POHSnk`uc#jj48J3krGi|o{9``wEt~Z^rwXGvCn@8r!i#>$35&g_hOSQc zcTHn>UOwH;maO>aMlUTRDs2#aFZ~v_7phwKroYsu!G9i+x{@SQ-r17E|8{{c09UuQ z?cQg%wOorkrd``7g0NAAis$1GzuauenH3Bpf1JpdepQ^BJjf57lo2I{5?c#|QFG9% zGRq&&UUv3-GiLL-HA&W`QB^`+KsczguWqX?;`!87CvEcy3$jebjhDkgax8yb%G}JoN-m?fI#F*$K%NXaod4pF{n;Df zI~E5KdOTF0?1Gd-ljg*+p!nzVd|8A9(21*$(u!zhuAH zPuX@i_I{Q>&i!|*3ju4ir=UO;PJP@H0Hko?(U``cqGQXp;J$t10hK*A2zmD?*k^w) z`~j<8brT}aY#3%0uV>D?eZC@?mgUUg4qcc>=Y-=7-oiBnL+>yyY)r7W+#<;in`*krZ`UxMO<}EE|YhHwaaPuOQzhJNUv@qO=wee zweyn^hdw3^cY7$X^d<(Y0ItIwSe8t#pFGE}*r`0C!CGE7ZK75)!IXVMtb#sNBS0Sj zhkTfa_^2im#}sV7nTRYlA5+!EP*(AR0hth=m;j#jeA6ayF}~0uXa<2 zOCm@1w?6Q@J^(jH^DF4Bdhk%r;ee7BZz{w2Ed$v7Vrx!oi@TM3=h_x(3{PCt9K7VT z8=gH@YFx5pcru!5R>q~i(F(O|J~*G?e`YSOG#cE{l4?2e3m>35gyAmHFUZK%{c$~3 zG?V|l0#jRkQO)>7@gxY*OOqv7Tf@Poy0JoEwG*~`LE6hc zE-A@P2fo>P&jpztoGI?2Ytt;U)_cCy(aByZH;+#NZ`4J9j2MA9EE{SMc?IMh_HUVT zA9Nts?uSZ4A5{KOM&vG5&!X6Qnvh%334?*SXfgGFwfCJ-O=VHrsEi7V*imVM1r-ql zA#_v}8%PJK5gBR>5$S;t3l1W6hTcV__g*3iMTvrd7$86hy(WYJAqgZT`7Ss!?^@r_ z_s{!h?k^VW-kWpwIrp5spR@P#SUvAfSXl6)d^H;sIE=zc$QXU!C6StwdoiffY%;DQ)MrsC2j75kne1$E(1tK2GuG4z10>d5 z+n#wgH~92xIwF~y4ToMraxZpSwuS(l@)gHP86XzSRS@S?ThL-nL@uwC3ZfEEILIcs_6vt49BQAmeryqcK9nPL!CvspqUDq20Mo^qz_NWU%#5Y zUPqFOzvuLM4XuUZS+03uD|fFsbpgI+wF7Ly(8+z>iR_;}To}P`9}T3G_10QSEG5@? zXl=Ey*<#&xSNtVhp2ymJ8NUz+pkAY>fAU;o4B=L4!l(h)|F6tp^YZuA@f+U}gl?87+?T=?<_X zThUam{+IXHEFsrWxBFU&DoIXSxM)~y2)##~4JA-ZIjJiR&;4sMXa~Pnp4qJGhW{>! z8+On47}abT<{kKsPtaw5^NcS@&wGPO)q-y499>W3OL9MV_WpRBC=>6|di4E_Gty(R zN3{7e(CW2ef@C%F`~`vmZV0{3k{s5l%5W7Bb!k}W@LZ4m@vQ38GRuEVwBip}y(is& zIm+*_DTuwBWZ7C64@ePo~h6wkhi~-1)|Z3I70B$FI}F&9@7t(l9jJ>_1p;0WTaZ zVi5nv-?i_6=Ewi(;>jbKWr+g0{g@s#4pot`s3)L%_~`k0Gl zUXB~l0_b&5c{pD-IQSPy8V47eDio~=&bU)zyVGUb?QpWqoYqNA>8 zx@&GnB)@l6$B|^cdZNc;EviX3eW1r*GB9s*5$8C3Ij6}KRHb(}5kBbbfz8Az`ctHs|W@STxvw?7Wfv4x%y>xdSMK!eS)z1 z-=i9N@Tz08vP=R5ao*HN_zg~=q7f3~ksD%u(jl$VqFceS(K|Z<*)O4;fXISOMKP_~HZ%;R_ z{+Msd?e97QY}-V0V=fY==|fjQTp8U; zVC(G@UTSidTRyegO2$AWxV>S{N@ttVWewF@86lz@ey`9WZ~(mMCP79e`#GY}aZ?f+ zHS01k`hC8=uhZhq1T9Wu=E3{aak&W}dyNBHSkn`J?CM#ZZT?`zx3HYiD4MfsI9J+NAB5_1v2V}(nLVW;Nj?y!42 z=WL;5XbtzLj>;47K-P`njohMkVQ?|1`eDP*;|s4B!ii+K#PVHmci?QGZuX0&fzs;y8)?S!%TEGBFhYb|eRs_9`rEH}^6^yE?24I9XpYP%=g)L|wnViW* zp4=FUH*yd=ALJxgf1$Dm9rH99dOZI6Ww0r@3dnAA{^t1+eK_sx+e=x5-g7v+0JJO)0SlL4fREuFMi-2 z+W2gL!F+FNTvi5>_h47%p_A!8u1B8-dG@Rig@O!&`_h24vw{|rv(s78()4l`hr`^_=cTtv50o78bT zaDc@Mi_J?MHe}t+rOC}$*xfcC=q@ov__GjZl9dCV5RulY#Jah&?-c<}va@gyJqr=9K$x-kAM8Y$83P0Y8 z4e}+=J8j)IUNuJ(;%nZ0FCR`J#eEYn5(dMKHQ>H^CFxtpt49U^dCda5rLw#jk2Ad1 z4G_Jets0)eL=WaI{<+L*ur&N7cYu1i)g^`GD;vEUW%g{p)-jkisW{e6+(r*~<21HtF?GNr(BrsxoFb|IUQwGZOfhW%?X{ z^RGwv;{O*nPSS*$4?F{kTvR}I^qJWo9lud9lDuy=z=|7y`bFmcICv}bf2$WD`;DBI z%*_7}r;ghB6A?J80R;zfn5bNd=uyuAFD5;)8mZ$+TFW2Fye7+Ls_@POg7YmU_tG5x&J++eQS&mCZzX)PD>B(CBT0H9y>Tv)_%CM&x&_VM67JVE8wK189Y5mFUOxsW4;YLGDh%!f-D&a~GR=fIIr_^(E|RFot6nZ*_dz zu)fj&nT)e50w3{A3(lUQz{@xO!J{WWL$VKk*bQ{B8kwQG;jpXRZgsg=7{j46{JM<* zZG;6S(`_R*KV)p-&JjDC=DvYzA+pY9&vJ)8+9w~^e3)6Wq_q7z&2Ru~ugE|;Y3?NF z%3?qnLoY$bFi8U-T17(ZAt^r331jN&L0C!H&-NUFsf~&=WLV`bM zlZSnV5J!oP$rkdlbl&VY+&)7uZL2+0HM6Pf87exOQj+t!rtb@<&UT>IhU8j#pp%I*p$<8(w#1+tGZ+AV(c2Zh`3ZEQ zGca$A(f_5IiR4sZV1z69q9NhPG#xkx3FD3W9k?90Ig=)f&j3P}(SaLRH#m7<2|8BN zfErEYB+wokFMu1)&%j6V5>>3h>418Dq#XW@G{F}G3b6M^^7hxbbo@E9&qE{VJ+r>D z`&oyEw=I$W76Y(7K$AE>@}UPxb~A{T2qre0%vj-)eb?+#-=V#>g;xeS{LPDxoS=hN z6DA&imD#RaQo1-J`!he?$PitjK=fYTW6(z`V!Og(B~?TgH*N-+a&n8%Bb$WzIiNZo zu}0Bhf3Fo#HAM5UzJ%AnY`bw|Z10Ry?a)&qTvbI-&R&zto^4Y?TFYAAOhdmoy;`+Z zYs1wfoOjh1ZwE@rB6iM{RU^B}MB^p^$bM*ID1fb;_0oHPJnxPZIYH}&lYQ#rE0nlH zh@8zF@gw{*%2luWOhnjvg!A+7#M&wke?9m3Uc=!*Z}K&rPR|_4xbn+b?nn^^T4#X# z%3QLyBg69-iHry0A4hV8R)axNQ94=1q|;@|$4GG;<*opTk3zuG+0!0mw;Cb}ktUD~ZW6V4#_5}KY0}eBtH!ym zAD%gyfWt-Ijih>SdCDo0BkVegvSL;cQ|vo;wJJ*ip5GHk_9ab)ZGVmVfGCMLd7!3z zrl|#Aoi#JB=dZUYMEoe9Wi|G;Hb}n3=H}a=CIC+C7SvR1Eaq>RGJctvR>k`TUbiBO zCVuS8eleFJgAC~IIWoRT@LD=2HPOa%qk24v4XHPvkBo%n9_0_mX%-!sr=R~a^g6mu{?oA;BJ88ka7S^hk_5F#FAD8X`3cj* z&W))=_r$nk?>)KSzt=?COnpe;v2;urI{e`I&;FF%+P%o0G=G31w+d-NWqV~~yS;Oz zqPQ2QRHMeSkw{jd=P|@Vhi+W9LcX{y#4bavec8H1eCVjU=chl;A4NZk&PkGJ zlrN8h*x@oUX&Ptc;u{^TkGXG_RBM#>bg^wyhD+ypRPMBh&!Z9T+FlU=ARa?aDYK;G z3JFRg_ICc7bv>zW=6w|3FX&qr0-Zbhra)tW=w2++3;S979bO)EKIr+HH4zb2F$i*g zGIsyPHpDeuY2R|?sN{!4cNDs#(*L1S&fN6!#PjQ(p6<;ern7q2k4O&c45l2e3E-TM z2$&SrNk8$|o25Yc%C1iz;If7Gd5Cy=K-oyH6?^58Y!GD$_i=n>g$*l9Vc3du0e-F7 zgaYw=Ki!Dh^}rA>sn+;Grkiwm>#z-JcugD2e~W4bhj@W{~<}wO-C+Q~c#ZD(3{layi2g1HRxJp^Y*SOn}V}x z%1-n%Q&$y=eqI~4Yb^()V~HYD+L!w?bmN&s-)79VtXvx>S_#(< zb4#t}o@+{!ndZ7=o_+N#-!;QWC}Y|P5qtkgyKu64BO?38SfqGWDUGiFO(wMf&yH&Q zaQ_83`t^}2ye_P+i0V(L8-KEF*qE(Ffb@gAb4teMx3S4ZIlxl-W?nTIG`FCwpQ*!Z zX*^YEX4ECPNBV2(`J2Uu74=i?t1g%ut!(->8)-j+4PeEO&tCy1SwyrwnC+W;Y>C6T}V66l`NZ zfl|KM*X-W(6OHysX0w!D@qYLPACr$D==2;Nx2t01igmg?{EimLTBNnuj8$*cy`Ivx z{k?FqQe`cMc_0Uj;v9lR_Xu94N-zVNjdlHuI-!E~%UMsx4ES?i)xzF!-Ih*;mg&|( zL(`m|`U*94gQ!E*ydMNuVM0kneEy)gV)qBT8UOg2Oq6rFDBbIdtv$HD#8&=^*4(|S zo7=8sfYq)faV5F85yJB>2FBKLh2QRZh#H2TBnKprFxrQ@Zz&vs2qs>9d}cjDn0}@@ ztZ+L2ZiX^(L7MPgwspnS>ml(Z?#~3}n`ewzYb!VO)p;$vx{&n!%q?rBCr>)56pTF(=3&2h3Zi(MGk@LF}NAv9dOKBux1} znVDjOP`w3iJ|^|MT7vO}KOus7u}AJ0)xk@wC!jk{^kxd*^TDKxrgsxLSD;0(C#oA@ z`u;t_12_e+`07K!g2Y~KZPuKL?Q7x4QW4{e8g6n6o$(u0vi_)!`m{N{h(YSlJ4YlX z{e#oA#>BAZ{2%s=c~04~4|h~#_*S(Sll3@h85buy;oY7T@E6|gEn77&0U}{o@4P3G zKc-t{F&PlM0We)3YW3>XUeOHA=XYw}R(kv%B0gk~_ARy*$N2n(=JU70>A*r2JPetfNOj9O1XkS?Td}7*2tK+XoHi-q-29TlhS?ddjcaok{mB>wv?%9Tgdl#Hd)haE)48P zE^__)=R7ws`6IvAeDyiD)!RW)!0Ag0C|apq)poKTmufs_xw3=9)~3nR_sm!5&1t~U z4$k?guPOwoSGASkic(jN_rdE0k_N@ktAnRUl^~>*EbO&HjUMo3=8YaZx@s8TGBty< zFg};5#beF(;0hfqOHiY}w&9av;YP~2Mpw)S59zfR??8|jJaRbU@8}Vd8{szOOUu4F z)ar70e!98@ls4j8op@VAQY*O8evUi3A|%cfN0)LXcp`EpE!&abA`qwkycBP~f;jmS zVg&{jj!6WLGrElYpldK|*D9d7S&Nn$dxN=E)G{vXflj@<`#Adku(>RGuKUP|_+>A7 z^9@D-!WN;`<9UHo<0=`a0BRj0Dmpz4`53vBoN`7_}}QZlB}K(PV^W%Al%1Qa-R4V&G{6N>~GT{ zYOvBwM+&nm`M5>UuG`56)T12Lay_REBPcQ%h^+0U>$z3g=>kO|7b~8Z)uis4FoGNC zqk8xWyvuxRYBh(w8$Uc9^!(`lqfTvb(%uP{MJk8%zOPwovyqO zAK=$Y?N-n;r;J)jN!$Qqrw(dB)SZ*KnMb}tb~ryT1BzO%nWX!lv|LR;YgB?9R~2D;(q@WpGYV?0#*S?9PQ%1L%dU+kR&-}jr73ViNJ zfz7}SgFIB?=cJ1Wh2O>Q+&$r7h1(PUTQhLhC9&B|aMnhS8u{4wq`403c#HWm^YoFT zS>!X4@H@)Uj$<1`++y4yl`6QV#SV_=pv? zHGfUTCEQ*)8FTYcsj~jHF(1>svMV?RdAL{ir>V=WYpNC%@)}niZ!C10>xcgONG|VC zDA4kn%wg#+>DG;!l?AFAm`x%$rlDo5ah=-aaPf#K_!8Q0JvY~|V>rT|=rLp< zhn9^++R9zJIp^2|l5*ltLB!|ziLXz=Gc5|li@Q#RMr$pX8oMGo&7+~a8~jFp2Fkr< zc#mo9Y_y_^BcoSDrT`A?Cf3fT!-ef#g2p9U5G|rpHPU!SFU6mVZFhv6?58^gb*oEU zoPo~L7iR zo&6DBxHM1j?~WXrUM^W5)nWpW=4YS&tebE*c9Gmw0wle3_QBs61 z#jOqIx-OqSe8mA7lrJgy6}yKj>{B>3*+yM|rg<}UY0tz;3&ITB-dO1b9s0n3f+$QC z8FIEiwEEeS>Q&0&$OcCTzg3V%7q+o?Q!ND~9Z^Z|d`wW%Yj54j=3yMx4-vHG9_QXV z-0(q%cHgp`2D=Z!ld9G1akK#9;KW$+IrFvn`va;=2F-BXv1shZ;khnLtf^U<35tW5 zs)z0OF8j@?arQ%X9%NZ&cv* zudif|8e=rM%@j+`<5-#QNGk;Hz;Gwzd*EwbH%m2(SZ+_4iZXBRy9fRQH{e=(M*u;~ zkIY?P-RD-8xMhuHf(Mk>Ha40+UUv(yNWU!}Oc-H5V{DT9-&h7~(R9~MtWFS`fMb@a zi?)fFuEHR zFhMIn{fUzk6!4n$!C}OqhfV7pwTv%{!#ZVDq_OCrh0uNvML7VP z2d;H!t^E!@eb2Fpx`DAw_Qad*Y`GUiLjb$h_ohYS2XIp0dVjZNR{PfNe2c(}#HY|J z5-paGkz{xGT-yFGz-`)@k?-GA}-n130SPX7-Q|35{SX945U8n82?S1Z8N<1?@QUX!+(pzwi*6g9R6DzuK(X{qZRg0voeeAApramX!fFC zlQlur^4BpqUpbz0HunYB{ul2cU-M|KMN_qXNz+Q#wub{`Ff>7@c<35?JJa;q0}8)h z(`;Ysxin(Av@y$S$Yy@BE`f;^{rv-jsVaq2E6^tHObRHfaObx31h^pKD&6K}Sdd(B z;jZyU!F9jF9`k=%BnN>7EsZ2n)kJhk6EW$5B>Cv5zZ^_&{GBtfcv2J#q{HJoU=U&` z6S-&uE*cn!GW+Lgdr?tr4`QZG63TOHVyDdtTzdI;&wR@w9f`}JVnaBoAx~%Xn|ldd zA^0Cb>p^jqLd!c~q>W4CkzzU&#hc>QBjXMstB3RRLPo*=7>6UhZa1cCVMlB4^}0h1 z@EOJp6ux927YRu766of}h5gzJEIKh;j+eg;ZvgzL8`8^mMO?47HjD*?JXTz~(Y1gc buUkiE6tdF@6|37cVE1l6yj6Ph@vHv_IWhG4 literal 0 HcmV?d00001 diff --git a/windows/security/operating-system-security/data-protection/bitlocker/recovery-guide.md b/windows/security/operating-system-security/data-protection/bitlocker/recovery-guide.md index a53aaf502b..8b56e95869 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/recovery-guide.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/recovery-guide.md @@ -8,39 +8,47 @@ ms.topic: how-to ms.date: 09/29/2023 --- -# BitLocker recovery guide - -This article describes how to recover BitLocker keys from Microsoft Entra ID and Active Directory Domain Services (AD DS). This article assumes that it's understood how to configure devices to automatically backup BitLocker recovery information, and what types of recovery information are saved to Microsoft Entra ID and AD DS. - -## What is BitLocker recovery? +# What is BitLocker recovery? BitLocker recovery is the process by which access to a BitLocker-protected drive can be restored if the drive doesn't unlock using its default unlock mechanism. In a recovery scenario, the following options to restore access to the drive may be available: -- The user can supply a *recovery password*, if available. A recovery password must be allowed by policy settings, so that users can print or save it. The recovery password is a 48-digit string -- *Data recovery agents* can use their credentials to unlock the drive, if configured.If the drive is an operating system drive, the drive must be mounted as a data drive on another device for the data recovery agent to unlock it -- An administrator can obtain the *recovery password* from Microsoft Entra ID or AD DS and use it to unlock the drive. Storing recovery passwords in Microsoft Entra ID or AD DS is recommended to provide a way to obtain recovery passwords for drives in an organization if needed. This method requires to enable the policy settings: - - [Choose how BitLocker-protected operating system drives can be recovered](configure.md?tabs=os#choose-how-bitlocker-protected-operating-system-drives-can-be-recovered) - - [Choose how BitLocker-protected fixed drives can be recovered](configure.md?tabs=fixed#choose-how-bitlocker-protected-fixed-drives-can-be-recovered) - - [Choose how BitLocker-protected removable drives can be recovered](configure.md?tabs=removable#choose-how-bitlocker-protected-removable-drives-can-be-recovered) +:::row::: + :::column span="2"::: + **Recovery password**: A 48-digit number used to unlock a volume when it is in recovery mode. The recovery password may be saved as a text file, printed or stored in Microsoft Entra ID or Active Directory. The user can supply a *recovery password*, if available. A recovery password must be allowed by policy settings, so that users can print or save it. + :::column-end::: + :::column span="2"::: + :::image type="content" source="images/preboot-recovery.png" alt-text="Screenshot of the default BitLocker recovery screen asking to plug a USB drive with the recovery key." lightbox="images/preboot-recovery.png" border="false"::: + :::column-end::: +:::row-end::: +:::row::: + :::column span="2"::: + **Recovery key**: an encryption key stored on removable media that can be used for recovering data encrypted on a BitLocker volume. The file name has a format of .bek. For the OS drive, the recovery key can be used to gain access to the device if BitLocker detects a condition that prevents it from unlocking the drive when the device is starting up. A recovery key can also be used to gain access to fixed data drives and removable drives that are encrypted with BitLocker, if for some reason the password is forgotten or the device can't access the drive. + :::column-end::: + :::column span="2"::: + :::image type="content" source="images/preboot-recovery-key.png" alt-text="Screenshot of the default BitLocker recovery screen asking to plug a USB drive with the recovery key." lightbox="images/preboot-recovery-key.png" border="false"::: + :::column-end::: +:::row-end::: +:::row::: + :::column span="4"::: + **Data Recovery Agent**: A Data Recovery Agent (DRA) is a type of certificate that is associated with an Active Directory security principal and that can be used to access any BitLocker encrypted drives configured with the matching public key protector. *Data recovery agents* can use their credentials to unlock the drive. If the drive is an OS drive, the drive must be mounted as a data drive on another device for the data recovery agent to unlock it + :::column-end::: +:::row-end::: -## What causes BitLocker recovery? +## Common scenarios for BitLocker recovery -The following list provides examples of common events that causes BitLocker to enter recovery mode when attempting to start the operating system drive: +The following list provides some examples of common events that causes BitLocker to enter recovery mode when attempting to start the operating system: -- Changing the BIOS or firmware boot device order on devices with TPM 1.2 +- Changing the BIOS or firmware boot device order (on devices with TPM 1.2) - Having the CD or DVD drive before the hard drive in the BIOS boot order and then inserting or removing a CD or DVD -- Failing to boot from a network drive before booting from the hard drive - Docking or undocking a portable computer +- Losing the USB drive that contains the *startup key* - Changes to the NTFS partition table on the disk -- Entering the personal identification number (PIN) incorrectly too many times +- Entering the wrong PIN too many times - Turning off the support for reading the USB device in the pre-boot environment from the BIOS or UEFI firmware if using USB-based keys instead of a TPM - Turning off, disabling, deactivating, or clearing the TPM - Upgrading critical early startup components, such as a BIOS or UEFI firmware upgrade -- Forgetting the PIN when PIN authentication has been enabled -- Upgrading TPM firmware -- Adding or removing hardware - Removing, inserting, or completely depleting the charge on a smart battery on a portable computer - Changes to the boot manager on the disk - Hiding the TPM from the operating system @@ -48,25 +56,18 @@ The following list provides examples of common events that causes BitLocker to e - Moving the BitLocker-protected drive into a new computer - Upgrading the motherboard to a new one with a new TPM - Failing the TPM self-test -- Changing the usage authorization for the storage root key of the TPM to a non-zero value - > [!NOTE] - > The BitLocker TPM initialization process sets the usage authorization value to zero, so another user or process must explicitly have changed this value. - -- Disabling the code integrity check or enabling test signing on Windows Boot Manager (Bootmgr) -- Using a BIOS hot key during the boot process to change the boot order to something other than the hard drive - -> [!NOTE] -> Before beginning recovery, it is recommend to determine what caused recovery. This might help prevent the problem from occurring again in the future. For instance, if it is determined that an attacker has modified the computer by obtaining physical access, new security policies can be created for tracking who has physical presence. After the recovery password has been used to recover access to the PC, BitLocker reseals the encryption key to the current values of the measured components. +Before beginning recovery, it's recommend to determine what caused recovery. This might help to prevent the problem from occurring again in the future. For instance, if it is determined that an attacker has modified the computer by obtaining physical access, new security policies can be created for tracking who has physical presence. After the recovery password has been used to recover access to the device, BitLocker reseals the encryption key to the current values of the measured components. For planned scenarios, such as a known hardware or firmware upgrades, initiating recovery can be avoided by temporarily suspending BitLocker protection. Because suspending BitLocker leaves the drive fully encrypted, the administrator can quickly resume BitLocker protection after the planned task has been completed. Using suspend and resume also reseals the encryption key without requiring the entry of the recovery key. > [!NOTE] -> If suspended BitLocker will automatically resume protection when the PC is rebooted, unless a reboot count is specified using the manage-bde command line tool. +> If suspended, BitLocker automatically resumes protection when the device is rebooted, unless a reboot count is specified using PowerShell or the `manage-bde.exe` command line tool. For more information about suspending BitLocker, review the [BitLocker operations guide](operations-guide.md#suspend-and-resume). -If software maintenance requires the computer to be restarted and two-factor authentication is being used, the BitLocker network unlock feature can be enabled to provide the secondary authentication factor when the computers don't have a user to provide the additional authentication method. +If software maintenance requires the computer to be restarted and two-factor authentication is used, the BitLocker [Network Unlock](network-unlock.md) feature can be enabled to provide the secondary authentication factor when the computers don't have a user to provide the additional authentication method. -Recovery has been described within the context of unplanned or undesired behavior. However, recovery can also be caused as an intended production scenario, for example in order to manage access control. When desktop or laptop computers are redeployed to other departments or employees in the enterprise, BitLocker can be forced into recovery before the computer is given to a new user. +> [!TIP] +> Recovery is described within the context of unplanned or undesired behavior. However, recovery can also be caused as an intended production scenario, for example in order to manage access control. When devices are redeployed to other departments or employees in the organization, BitLocker can be forced into recovery before the device is delivered to a new user. ## BitLocker recovery process @@ -94,6 +95,13 @@ In some cases, users might have the recovery password in a printout or a USB fla If the user doesn't have a recovery password printed or on a USB flash drive, the user will need to be able to retrieve the recovery password from an online source. If the PC is a member of a domain, the recovery password can be backed up to AD DS. **However, back up of the recovery password to AD DS does not happen by default.** Backup of the recovery password to AD DS has to be configured via the appropriate group policy settings **before** BitLocker was enabled on the PC. BitLocker group policy settings can be found in the Local Group Policy Editor or the Group Policy Management Console (GPMC) under **Computer Configuration** > **Administrative Templates** > **Windows Components** > **BitLocker Drive Encryption**. The following policy settings define the recovery methods that can be used to restore access to a BitLocker-protected drive if an authentication method fails or is unable to be used. This method requires to enable the policy settings: + + - [Choose how BitLocker-protected operating system drives can be recovered](configure.md?tabs=os#choose-how-bitlocker-protected-operating-system-drives-can-be-recovered) + - [Choose how BitLocker-protected fixed drives can be recovered](configure.md?tabs=fixed#choose-how-bitlocker-protected-fixed-drives-can-be-recovered) + - [Choose how BitLocker-protected removable drives can be recovered](configure.md?tabs=removable#choose-how-bitlocker-protected-removable-drives-can-be-recovered) + +An administrator can obtain the *recovery password* from Microsoft Entra ID or AD DS and use it to unlock the drive. Storing recovery passwords in Microsoft Entra ID or AD DS is recommended to provide a way to obtain recovery passwords for drives in an organization if needed. This method requires to enable the policy settings: + - [Choose how BitLocker-protected operating system drives can be recovered](configure.md?tabs=os#choose-how-bitlocker-protected-operating-system-drives-can-be-recovered) - [Choose how BitLocker-protected fixed drives can be recovered](configure.md?tabs=fixed#choose-how-bitlocker-protected-fixed-drives-can-be-recovered) - [Choose how BitLocker-protected removable drives can be recovered](configure.md?tabs=removable#choose-how-bitlocker-protected-removable-drives-can-be-recovered) @@ -237,4 +245,11 @@ Windows RE will also ask for a BitLocker recovery key when a **Remove everything The BitLocker recovery screen in Windows RE has the accessibility tools like narrator and on-screen keyboard to help enter the BitLocker recovery key. If the BitLocker recovery key is requested by the Windows boot manager, those tools might not be available. -To activate the narrator during BitLocker recovery in Windows RE, press WIN+CTRL+ENTER. To activate the on-screen keyboard, select a text input control. \ No newline at end of file +To activate the narrator during BitLocker recovery in Windows RE, press WIN+CTRL+ENTER. To activate the on-screen keyboard, select a text input control. + + + + +# BitLocker recovery guide + +This article describes how to recover BitLocker keys from Microsoft Entra ID and Active Directory Domain Services (AD DS). This article assumes that it's understood how to configure devices to automatically backup BitLocker recovery information, and what types of recovery information are saved to Microsoft Entra ID and AD DS. \ No newline at end of file