From cfdf29dfbaa871c53ef496a4efeac0b08e9581c5 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 8 Jan 2024 15:23:49 -0500 Subject: [PATCH] Update Windows Hello for Business deployment options --- .../hello-for-business/deploy/index.md | 5 ++- .../hello-for-business/how-it-works.md | 42 +++++++++--------- .../images/hello-container.png | Bin 52877 -> 53078 bytes 3 files changed, 23 insertions(+), 24 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/deploy/index.md b/windows/security/identity-protection/hello-for-business/deploy/index.md index 0da8019716..061c4a62e1 100644 --- a/windows/security/identity-protection/hello-for-business/deploy/index.md +++ b/windows/security/identity-protection/hello-for-business/deploy/index.md @@ -207,7 +207,7 @@ Hybrid and on-premises deployments use directory synchronization, however, each Windows Hello for Business provides a rich set of granular policy settings. There are two main options to configure Windows Hello for Business: configuration service provider (CSP) and group policy (GPO). -- The CSP option is ideal for devices that are managed through a Mobile Device Management (MDM) solution, like Microsoft Intune. CSPs can also be configured with [provisioning packages](/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers#csps-in-windows-configuration-designer) +- The CSP option is ideal for devices that are managed through a Mobile Device Management (MDM) solution, like Microsoft Intune. CSPs can also be configured with [provisioning packages][WIN-1] - GPO can be used to configure domain joined devices and where devices aren't managed via MDM || Deployment model | Device configuration options| @@ -306,4 +306,5 @@ Now that you've read about the different deployment options and requirements, yo [KB-2]: https://support.microsoft.com/topic/5010414 [KB-3]: https://support.microsoft.com/topic/4534307 [KB-4]: https://support.microsoft.com/topic/4534321 -[MEM-1]: /mem/intune/enrollment/quickstart-setup-auto-enrollment \ No newline at end of file +[MEM-1]: /mem/intune/enrollment/quickstart-setup-auto-enrollment +[WIN-1]: /windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers#csps-in-windows-configuration-designer diff --git a/windows/security/identity-protection/hello-for-business/how-it-works.md b/windows/security/identity-protection/hello-for-business/how-it-works.md index 2cae34b3ec..842fc5048e 100644 --- a/windows/security/identity-protection/hello-for-business/how-it-works.md +++ b/windows/security/identity-protection/hello-for-business/how-it-works.md @@ -12,10 +12,6 @@ ms.topic: concept-article ## How Windows Hello for Business works: key points - Windows Hello credentials are based on certificate or asymmetrical key pair. Windows Hello credentials can be bound to the device, and the token that is obtained using the credential is also bound to the device. -- Keys can be generated in hardware (TPM 1.2 or 2.0 for enterprises, and TPM 2.0 for consumers) or software, based on the policy. To guarantee that keys are generated in hardware, you must set policy. -- Authentication is the two-factor authentication with the combination of a key or certificate tied to a device and something that the person knows (a PIN) or something that the person is (biometrics). The Windows Hello gesture doesn't roam between devices and isn't shared with the server. Biometrics templates are stored locally on a device. The PIN is never stored or shared. -- The private key never leaves a device when using TPM. The authenticating server has a public key that is mapped to the user account during the registration process. -- Certificate private keys can be protected by the Windows Hello container and the Windows Hello gesture. --> Windows Hello for Business is a distributed system that requires multiple technologies to work together. To simplify the explanation of how Windows Hello for Business works, it can be broken down into 5 phases. 2 of these phases are required only for specific deplyoment types. @@ -48,9 +44,9 @@ Windows Hello for Business is a distributed system that requires multiple techno During this phase, the user authenticates using one form of authentication (typically, username/password) to request a new Windows Hello for Business credential. The provisioning flow requires a second factor of authentication before it can create a strong, two-factor Windows Hello for Business credential. After multi-factor authentication (MFA), the provisioning process: - 1. **Generates a key pair** bound to the Trusted Platform Module (TPM), if available, or in software. The private key is stored and protected by the TPM, and can't be exported - 2. **Registers the public key** with the IdP - + + 1. **Generates a key pair** bound to the Trusted Platform Module (TPM), if available, or in software. The private key is stored locally and protected by the TPM, and can't be exported + 1. **Registers the public key** with the IdP, mapped to the user account :::column-end::: :::row-end::: :::row::: @@ -113,21 +109,18 @@ Device registration is identified by the *join type*. For more information, see The IdP validates the user identity and maps the Windows Hello public key to a user account during the registration step. - ### Windows Hello data storage @@ -191,8 +183,7 @@ Windows Hello also generates an administrative key that the user or administrato At this point, the user has a PIN gesture defined on the device and an associated protector key for that PIN gesture. That means the user is able to securely sign in to the device with the PIN and thus be able to establish a trusted session with the device to add support for a biometric gesture as an alternative for the PIN. When you add a biometric gesture, it follows the same basic sequence: the user authenticates to the system by using the PIN, and then registers the new biometric, after which Windows generates a unique key pair and stores it securely. Future sign-ins can then use either the PIN or the registered biometric gestures. -For more information, read [how provisioning works](how-it-works-provisioning.md). ---> +For more information, see [how provisioning works](how-it-works-provisioning.md). ## Key synchronization (optional) @@ -200,6 +191,13 @@ For more information, read [how provisioning works](how-it-works-provisioning.md ## Authentication +Authentication is the two-factor authentication with the combination of: + +- A key, or certificate, tied to a device and + - something that the person knows (a PIN) or + - something that the person is (biometrics) + + PIN entry and biometric gesture both trigger Windows to use the private key to cryptographically sign data that is sent to the identity provider. The identity provider verifies the user's identity and authenticates the user. Neither the PIN nor the private portion of the credential are ever sent to the IdP, and the PIN is not stored on the device. The PIN and bio gestures are user-provided entropy when performing operations that use the private portion of the credential. @@ -232,4 +230,4 @@ Changes to a user account password doesn't affect sign-in or unlock, since Windo > > To learn more, see: > -> [Plan a Windows Hello for Business Deploymen](deploy/index.md) +> [Plan a Windows Hello for Business Deployment](deploy/index.md) diff --git a/windows/security/identity-protection/hello-for-business/images/hello-container.png b/windows/security/identity-protection/hello-for-business/images/hello-container.png index 09ba0e89b771379cdee9e12e7a6d3011c2dcf338..bcb9a9b03b8584375ec3143e8910fce65162645a 100644 GIT binary patch delta 13166 zcmZ|0by!qk+wLt0GW5{hE!_;wFmwqbCDMYlfRr#SzyXHt29Zz@Noh%GkVZPCk?w|X zeD?dk$G7*f_xv+)uUWI!9oKzczw4an?8lQIAIBM>?Nk~*$pTIyqgQ{7-8%PsvHDp* z7ql`OV$BmtdlVjxG&vZT3{;hfrB_8iu4q%W-C?>BWBJRLC>=jf@ynN}!Ih@N;+J02 z2en5DM#JONVC>Et(y-s{=XeRxGwN2qDwz`9tu#_#lk?>ng}&FvldWY|4|f6bUo$7_ zTo#J?^vtub_aVS>_I8oqET@;rnliLI(;(^B#V4hP14)IYH=FKInV-iCpazTYRU^Mf zj~#csX;RMSGW(oeM2AvMTAM5L@tLl;v}~hO9HEx=YL<)cVuL;$NcW0YS0^EbLm?ET z+d8bX*@Y2>PIE!bX1Kp4;t4Dt3x=p3%+6*Qzj}pFA$|>PZImg$v{?_d=-{p;`V#`z zm?T5X)4rZGeqF&}9NUG-JQF=@wd9k0LF}76z_df8BQT;pgbT}xn)Ak!FyO^IyBxM! zDYv_A!HzdsW{)->au)rQf$&kGaiX}$7R80tXwnZc_bX)Vz^>c9|0oZ7CYinr@JH_9 zEOV)higN&nI1F@}W$6bS7dHx=PN@rmkgw;xd?Y1lewiwJkQ_m}cKHsSKbSSxn7X0` zt#Q3s5%sT?nFEn+8$_3lfwe}oQzWKzowI*T#6`fVCQetg5nH5|xNfOmOzerviq4dj zEF-~{<;~O7S%l%r8U{pl>cxI|vj_8dvnlZ+0Yt!r)nheu>l5S9 zH~V7q@GdmbRSFqI=QsouS`Ep0a*}R+9`jGrjz5)U9$=!+B#Q$-5i-_)8tnB5Y&c6y zbb$mIp!U!)CFM_DpJT`yXC@t16v_-Q{&BXu32PG9r<~%=x8kYFj(3`x#?X;hGi`Z*l^%YE+zF828LXN6`jU zSi0fj;qTK-k9PA4h}3%z$A}>c3ia_t$J&6l`UcO7xT`+z4SXg{uDKv!tKyGH zhURQjm3b@}m>lU216eBeUUQm04T|9GaTLBI#elIgM@izO>!%BGQ5Wx_yUmDT5LG8M zun`jThQy5CPANxZ3Qu1*ujqj8=|6N@8dOsmSSAeX)g}D`tCiw)3 z^2_$CLiNx%X6#_~K0JL*?O?q?6_?5fwAs5PU6G!(TzzW10oyUH0d+3U=*+C?yQIDQ z{x84khr!HkvVqudd|{rET@Z|LeKbG|-Aas$`lC(A$ckj?tL5H!7PFu%vahP)dx`#2 z@(j4$rOgBFF5xB&3FJb9gMrl^b!U|?A)THX(0R(`tPZ~5%(}|T%4z2X2)=y_zy4u| zEL{BUbk2Oi@{^uswNY^ywSQA4j5E2os@&8>2*MScZ6c0s*&K9pz}s?r41Al?{CJo2 zOVQRtxJB1u(vF|(t>$nJwcsmI2xR7o6?W|tq6t;;ur~~_Kyp1j7|7W_evTkAOOcXE z&kV7kfLl@>Jfbx*T_Qm7Gjyut>m$!K!&U}|Ki+v&6$NN}tPxqt)B8^no)Whkv5!GX zS3}wN=eLi(9QASpagZnUJpo9PURm<#$iFScui3tc0z*{;I0w{Nka~RlG#_#57GL(al+jY7|81xy4-$xSfzrH&f4n1=iBbr|Jc2rt7phx}zMP_R9Q#MHmW|+LQHcWJWj}_-|6udrT{Ly2e-^ zYpG9&%k{o8>l`POQP7_=E+_&c{931tQVirAFB@*(tq!sS5m*h*^XQ5bHBwTusNQd+ z5FlyMiNMNx@5718aRZY;4%*Sq9Fo%Ctid|S2R%CfaJW?Wx z_v;~13|gXAwi_w@Ce=JY3%@syhuCpR|$ z^Bx}h&I@iqA+kXw&NOb!40C^<=DDrVis8R{RWr^*O_|uzaFlIr*wlmVqWLsrL|M*l z^BI8UGt0DDVcxXfK5~CULr#i2_Ngsyt{ZcXwT1~1XP{`Q9ih-kh4@U$-M*qPSmHOO zpb7XMX+L3Bg;8M$jBP3ChZluDQY@gxbakHz& zA@>)@0QU;nlUu|5kn8o<$ft+-N=&e(s3k*LGaZwz!62!CCKbT`n{6#g7XOvDTgiSj zag5@S@o&%Iy%BAdmc$4ZwR?X!$&~Ai5nupZ4u-CGCYrlk(qe|ri?M_;IK27Lm*+wQ z1=)*d-Ks?>NVmD1lQ(%ke;Oh0>@nLSjRYxn3O%)YD!p{lg|X{Rrx3uJr6IK zm}t33RRV(=VUU63pRI>0y$B+8iz$L9z0qoPopDX7P?Q7b*k8Nl;K0b91RI%~nZ;z4 zaEd>DGrn!C{C4qOKdj-;$nr@&;E{FaGir9xrJjQTk4YurZSw}4dMWBIEQfGt&2c)v zG6V0{skJ%$}fjjl>o&%9Gi3ie$VYaVaIkK;PsV_Fc z$GhBe8bit>&^ND{8nHT=^1}9QYRNZ-T*#Dg`b+LeMUVJhB~_SyU3#7;1biy;;NhaY z;qvw+e`fLKdXNTxhrRWJ65#M5hDy@oczpMh|D=$_A{@^DSR?0k0%HN_ow`ywNS#_C zC^xdzrJ6JsL=*zqej5BKW6iOGXsMVBp+}bcS3*pTzTW=0%IsOD)j1iSzE+q*EM!I| zE{H|l-x}Wi{TOk|z49{5S&e=BOW!gSv~9KDI4o-xL$i z@KPWQj$tcUruCJSH1WIhvMlZMfwT{QcRy=%WwoN`3UD-rt?{NZ!`{dHZy@4~7`rbH zmRujIo`!HyC>89e6(ZsmSx74{f)m-HrYT~mbx0=LitOoqo~U{ryl-AO82rEdU(`Udzsy%NA)b;X%Ze zyglYX&3S?5kI)1#v{#IDqX5lDIPHENzv^<)&es0SLlMMOz?j96VTN91_2gVLlcHrp zw;>susWd2d;(au&LCW7*I^k=*iIzoCRDhjT`|1!Jq39X?Zm>!+Tk zO-|lfxeb=%=j)|sZ~JhH*IxPT2U5-d@)Jiz3rtXqX3Ks2^BR#`KeIPD5UA=VG}gCV z(2~I~!0q8XT-?UJ;=052yT2$CqB`yDC5`RF18{lKovc}ng(!COYsF!w7 zzc3esbV8IMsFQ#E3HQTex~dnq5gRP&>uOeG2?<5_n8cXVS+TAaT(5l2{n^6e{duyX z7hp?w&eE*JC6(U(5 z2kOikPOG*_opsU>zNEP_b|+>trvO@18VO2`AWlJtP6rKjkhPcdwQN(s5_2p!K|S-kga##Si18_ zGa)~4o%P(Q6W?(TCEOK_-CeK_&6##oCXl1Nm#%(5Q&cTHKK@p2c2dd@$N|M}N)>i@ z>xTTVgpE0qcg5t!=a%mhqT|eKa$Y^#!P3a|j+vPXS(6<^xQ)s9$sXWx4xr-lDP80N z-1ZCL+rd*BFv-{sFEMSUYsuRi$P{nC=pm4?>DQ67O1%pOTg`X?T~3Q10?SnT9t#UN zjbWbC1Snt-GV5C{eRYl$&8* zXtf;vM(KPLe+SDMMmtjkCXgG*gj;=SNqJ+nduQtj`WM<6~{N2G_6|+j)t0|ILD73rqv*Z{sSOu~3u-K!e_P zV$&#_6yHfp07j8fih+@rp`7LwI@RP9jt8;yqPFjUOqMC}SS?}W5fIE;64F4&zFU=V zo|R^f#wY1~7@?oTuHSgO7r*d&K)H5msfkFrepvRT$S^8Q_xPo#->>DCpeH}0k=Lgr zv6hky!+@k{o)Njxj!H|yV@N>uy0 zmQ>0KJ6mtQ9`8Vnj1?taX}EJ>(bY_qs9RZ(1yx;Z-GoD_jM=Z()&%rU={2uOZ?w=b z#<2bJ1qB5y54cfX=eBIp;8iL{@f4K6&|t7v6YEG+ZZUsv7B#XsLEK$R*^?IpF28l) z&3g3y47lE-`{;qZV8J>ML8l!(i|-%|+4&_l8xs;2@Wu4rRje3pKGWjK{^rSq#d6T+ z>F5JzzO^pJ?X&5F?xoLjA7kK*+jQw89nR%Qo;Z`0Q$r+~A6=6(5arI%O+5I!Q z7M9)6WhuWi#^^wVOp0O{!AwV{NH!?%;at$X9tpJVuy1T`Hom_dT#0a}eF(v&z_XW0 zdn9>0{-O%_yENDUTs_~Cy3oStl1#sZpaLuHb)TzKwf`V^tWYy0M~9)6V5 z%9XM?<{OFO1?hX+HvFZ&M2?+2+NnRgPDA}Otis4R9aIb^o6Qj^QDMF94QjT%Y)geY z_Aj@{crri`S1W!s*!e5mt(QBQw&yoGfPg166JMt7clWDf{fsZ4$J(l2T(Hc|g`OvK z34^0V2d?Hpwweqm@qEnm(HU7BUP@z&BmlXYQ12A=BR5gM|lz-E#P|F7bvB1Ts zYHNca;aBH_P+cz@D+M{9*cLwNi+ae>UKlb*t&rpyB(JB~Uioj*P3dliBV#+}L+YfH4wSY4Q;PFCYE5^)?_r1Vux zt(xDWGi&X!Z$BCjH#+kuGL*%g;17}bSNt5748E_VQcmdeZhjp>y$}F3-Z=Ri=$$|O zLpi0$kG`-x#c4#JRPz08nXDj{ovwHt{@rs6ZkFuf8pH;(%L+f~$|tPuVorxu$jx|@ zpB~{LF|36O4k%AAQ&Uo!R&~DP_h}^zAric9-Img`2&0{wjMyv3dmhLQ}+ z+QtAoe*~-u{+Qig-B{jxq*JP^4(kbVSCu!pkCOH&S6C=^T@#ky=fB82o%t8h{V&;_ zp%}|V&7i%4qGgs?*u{kHyIGibFf(HK_wU*ef)$mUFf{g9;K#BD$e&je^TjiG*CeT*UBe-OPP|uKSPinJ&f@D<`_zj zT+BS$%y}QxQ>sV@{@+boz1I zT^an$jaMWL#SD9dkcz+=yj{}yOQKMT&%9Al)wU?)eZ5l?;Npx(gqGi0^n#&6dO}EO z6tHWw#E~eA`5qOPP^^|?AsfYN177mVuEHb{_%KrDW=BUyTTf3>)A_CZ%tmTwreenF z!wBcVFWRWm1YtdMLP+|<;PU-6~hCx(4vQ^D5`R0onViFvG z#S&J&3JU0rAz|ycbPigg4f*h_izJu^mw7df7DqQ$wE@;qxOmyC+3L&U&rmxP(bhq% z2(k|jx;f+=xw4*+L){pTM*`td3jbOKpk_l()I#vfu9TO&=M2LTtJ14}5+A_t{7n9` zrIuMzX&O5J`Kv(&g4+SEt2@mM+jZoxeX^e< z0kNFdoc#M*WZlWN89YOkrX0Fcq(hG}ew>D%tbSaz?uiL0S0hP1yP)-sz92^WM=sIo zy2I+vFrFbD*SLD}Ld4hu@=5{Zi3dvC7?dp$EU^T~4DfjrwpxOiW{xz`_r9s+poc*E z!ayF#9$QRSM35$Va>OUPz@aMq75XDZPAyH%&hx_m0k`$TiP@OErwLEf|KcRcKGe79 zDj39bzQvnPg}E5I+syxrR+~LyS>axtn!5@tioT)G=(39kAh{eW9G}V)>mAk2IfQ~< zH5GCi`WQ1|`==u>_ToMRXNgggER6s!HDP}2-JVts1W^Gzl-_4ne zA>!D7vOarWJV{TvX=!kgaG|3b z-6%e*m_bI?dsnyj-hb+osiM*0UBhydT{B-}_5`5QQuL6`{csz5c2?DDf;->(VPEK| zoMB>4=XNLO?@sycKEFcz?zA{6|5;wsNnn`9DhTFaUOWWZoqf%dsZB)sR^1g~jQ-a9 znpDi2SD`j~$jXg~p)9PyrG>Z`d~7GwowjXmoho~UYhDQ#?HUKcc_{17g>bDB-(aGU zF2E=ANm*`Ygp2K!7k5~__Hz&}_7G&389BnCrRupUQgGEm@4FTsik(Znt5fm}S=2b= z@-9hcoBDvPS`_n~y!rRdbch2vX z1Fbi9U({F;r0AtQta4xtE62b%`5zF_BfwB!zCxZ=B6gnUnn-XFt(F|b0xD)^f9w#H zYyj^5>@W}v5^G|%RvTj`ArCs|-MJ{uV&uHh@>?9yo;8?zcc)sc`U=K5h|s@-NdH9< z=!T)ps~*m{H|AUYjmj}1dL=t$ z=5JOEIS_G8|I(DexDaGFOc>Usg!IGNM#Os%F}Vz#kRv^itMz}=8r4jWUL>g|&QDeN z*hJquqRs3d9~lp+n3DR|xp8zc>+z9~BHUaJ22gynrt2d(PWXd~$9rZ9V6VS`?Hxd(}6; z_aeZx#wdab80A^e5Vb;L`V1HJmu?xoeTj4o8Go#A;CYeHlpDQdoWJSnMz?sL?t2m% z9VkbAk9SbdsC)YN`dkwBYy6XvBojge_aPx};jyj+@)6RFXWe~of&<;(cSLHy<0BSb ze3Ztk!cqI(V-QDr5w>m`2M&KS$4_WP)0vRH=t00bFrS+vvSL~{!z-m{@OH5p6(l{D zDz|oQ`YsB-s&y7KpOe8>*QL}l;$|H!#y0*Ewi?F<8ZOSZh`mO)J4JZXR8_&D27I(m>%`||JnZ+rK= zj+GBUm*KQ3jJ7*P{}R;0NJ4r7n-+}MQ}uYBA6uEoL%kx7wIc4_Dh~3ds`@|3vfkUG z9QV{46q|{@w$Vnq6U_@Lkmk|Kx>wX+8^g1aZ^KK*+o2#X92DWcs$Y?|`}{TOYj``i)MQ(?j=xFKLyecea*@fA=V=ugFT06G7sQXQ1hKGpdw2V%8mtuHfbjU+wXGg#>L*8a`72 z>?rMYx6l>UEC5r=oNz8yL@>;43VSHtuSv~9uA9rB6@E_AA>8VG`BMCJ#Wi?BXaBbx z!_B7Lq+H_J4^AQ+BJ8=4uzONcY+O7dsA}stpJhx$>|A$BcNZD{59h=*FYglr|PysG@F9n=AenzN~z1c=G#&0^Ex3uHqk}i(ANj)lMs)B+uH%yfR0| zEyFl~36sx<33Zbj=E-WA>&8Eeq7r|ii!T1FrE=-dpFh0;{_(C1;LZKZRfOm7X#5y# z_!aZ|d%$lTt(|rY6w%`4$a1Tx@(cCr z&XJ+*St!o%O3QuhMgq9~K=Dz;IltP|xZSW!rs8nK>X-xce)Zw0nl)#LIcv?UDtK;A zwXtczvgRUOV}p!mx@G2Rf^j!L+g2CQoQatWNTR`G6sme6A?Pdob>dv`WcE=k_t^Y6 z@EC{sy3S=6N-P%1=AMk`1Uw&x$2jpB5i(ro=G=;zhULLlboe92Vwdbq-R`;W&9zi> z+N3uMP68!hwK(2FFL6EW>LQpiUrz=^WL&0-XXnSgzLoS-lY90Xl0q7Fm(pnZL6Zj< zH$W~mHS1EWq6<|GWZ#EU&A zd9>+j{!~WS0*M$*zN1`Zu?%u9*JQ~5coZfT;&h~MCf?I~Jkpgt+2Fv>`EcbeTWaU5 zP@VOa7@J86#b6`}lcH6qA?DYBIPy5^^*Z*pVdoc&xv_>)hel-5PIc;CcT+Udu%tp+ zpEmFP+9BWoo~rno1l+e6o7_p?QcaS>M%RV2t>Q=Bp{k?*E=ut@g#?=M#L8cP!-kX3 zwBF*HO8+)1VCATHxQ3GPT>Ga-Oe#)`5xU`Wr8fU?u{ zP!b(k+LjpLLbvMnA`F$*<1tKAw6wbt(BLv5Nb&97CsJo8C5M0$XlzQ;b8-lmI$F>b z7M;2o#!S+ZL*nj349HQ4UE#e<2rG)vF{9}5vq@K1#C9+F(oMW%K&e@EHGVH;4&9?9%@S8|yX;*+(B9TqmLMH>SQ;L3ir@z%=mf3*$4Q z*t{$-)C3EMUQ4bn-)9VoIs#u`yP*5`s3*z1QhHl4*CT^Y7DU{naJ_3Rs*#^`!zPm= z)?o0ekbtVnw>xPd;va+sG4Xz&_xPT8vh;Nt;7+gYOR!4?1E`M?yMaU=|DI7;_Yuzj z_0^bfNjZ(MjPpP*Qt;-2=K0f!lzf$Fh(~u?mlBG|qdLVAMeetG*g2xp)4zs$q$VfN z>V2gYmUbGL&k|JpSK&oz8wynRn2m8Nw_<4RaZ}`N5 zB$;>KOfi!`hwWhPO@|4(K=u9`{SirXsiVzWOQB8CmdT7!|3j~+#HYjbWvk;q%4?T% z6~QIf+`29M?8b6srrdV_19@AZAIP`=!C4T?sV)~#=+<>rcnQcby+W7SD7gFIpOENEOg%9`Wwc!8k_3ItQK;*((TlV zH3d^!++FWQ7x1;q+AiL*8Zw~jJqQExF*6iS`{HoGWYLupd}iPia!zjENwu>qs8T@Z zY-w+w`zX|zQ62B6Sw%&~v$|%@nN>v$I^98S^!ELgu1MgIAF|OUa(7kQ`{XhcP28VD z=VM8vyJ=WeRaIzpO!7`0i`<9hva+AE-+Nfkh}c?2dr)=!!QMY%cuWNkD9BSyapa_^ z&!k7dD9KolVq#)zO>|n`|Cm@{5q5qf212ZS#exCRfEUU#@zcp{F;6R-6p%!j)+Yj^@h9xtsKe zP_V2STD*m3)*0Og`iBIYL$~f68=8bn)@*FHz01`WVF&}I-)JqHKZCH((`rD}0M$3iCE=e+Vad?5Qe z6ykezVSCg(Omp3~rh{5utPH*Vc`3gcu`yG)4XLNf%bxt4HwBlJvR%0C8kNR|hg;ND zs!;P8_!Ky_+V(Ki3>M2MUja_-F>qgBNJZY47J^8!W2x&-uby4O9j|?>F8zAfrCPVS zKH@IabVuhNW3KDCtc(@eT;H9kssrxJyvRT*-_HA@=9ra6$uw7A*AnXDx@+);sR$L1&( zlbPHp_ReY){znGGk(Ba-l)>(}H=a>>EYsj+eoJQcYL8WZYrOUFb@pc_^|V!GXe^2; z4ZqK>myfb*04C2`#$w`k=}9+GLF_<;d!UpNTd9VOQR_L3flH7o1cFiQ^kM6>a-=j- zsBXNA0xqNZOT*J2H@_Lb+v_PSdA^MLIThgU{{4?nUd-cQgB%sZ&c>d=)zjP%ud&OT zHZ7@uoVHV?-O2@%3=S#5OT<-Hv#}_btC#7RDaVg!e!xBEfPK3WHA8XB+0Or%P#9BmpfZ7reJa@hxC+S8F{gaddc$V2jAo6ici$@&35? zT$oScdhfer8PY9U8! z9hPNBA|Z$j%e(VXi1kGcszh%onBOpNPH2wJbccqrOW=V&o0^Gjto3CSDGQSEfS-#U zJGv~Elv221jc!)~)v7?2A_Atwe?)~)Pmp07ZfPXSAxh-c&;$alG&pL*(jO z#rA$dF6_W?H@dA)0}%N2a5#lB0Wkbit7s_O+x3c)Gz+jqz7lgGiV-`dgpeJjt{lC(m+)oP!%Of zTo5kc^P*DTze70}Q=(G8uX5nr8EAWH9n-5ufO;njfwK0j_|Zx_;&pG2V2h%=B&H#Jp{$G zkez@|^U+bv*?QrepP~lHo_C-hDoFwR!-&qGLTzEp@~oqXu=O#GgoH(IbU43?5k{*32+v6vx=OG5uiOX7ilK zmw8vR%Q_>I8XlExGYW2nfLj}Gnzu>A5=Pkw{A1MeuHPT!4l@C>>eOncsn^$AFGA0k z7_{3@1<$%wY)?NsNGOPKr!7NJbx_v=T5)ub!WR1dOz@Z-YWghpkZp2xzUIjLFPu>_ zwIZbT?{dC*)CEN%yL!+<{qz3bX z0Kx4{nk9%=mtWR$cYz+r`IN+);LJO)kj|X|WmdXE2`#6!TgSy=#tOo_wK~h+e)kJH z9Rp8wmxYPez^5ADa{T7B9`;skFTR+j6wpT&5o3v6E7idZb1ZRmJ&k zeVA2%?-kYW(rN6Hz}RN(w=wf5N88QlCOGnRMrWWIE=-wqTbDf{n*G{m;{glkxu0?n zI3ET|_>IIRu3UD#wr=_l?uplelI2io)RKLwfC|^Sv$e+RO2m_eS~bng5C|-teA7)M zi<6>SRZM;DIuJA-EHK;xzu_&;DLPV&a`?$mvrKukaJhwHNia`?KW|k3#%*!;$l>kY z_DQPpz{S&VIrG?|X17{-62ricY0mf4-exFI$F>>DN49`Z|GDD}bGm7@bN--jmG|Rm zaSIvw*>=uM%w5c0&+P8@U@;eS-4~3OSPHEbda%#3n*aQEzt_}HKlH`eUkBwZ(6tV? zpz&9eRmUfieP$$`efK_vC`&wBh{%9+$~9(qb;xaURmpF`P|olgaRB)JcZn4m@zACt zdpD2fv5uv9nnW_TS@4ZZTa{Q_pWWw=+PIkd%T!T}#`Csz#mK%K#;s_^g#W{fr}viq zpoQ%Ohnxr)1g-L{re+cn9X1++i%CW{DMkF6(pVVp-DzGQT#1C+7nLpG%dDogr30Sm zoYHF?Eq4`=n}K|TED8z^?z_wEZnDjsm4`FLJM7!nY+WO2?fwt8FH3!4u&fgHluQRJzA7Ca`Ary52ppsQA)V0{Xd={y0#yA z@lo=3&$bg$PB2Usl){60ed5kpAq#GriIPLT8&d%Onci%${+HiOlE}pPKWQ*%`_X?) zKBxut?^RzJqmn49p*p5yLIs;C8#4sL6`^$3(J&>u27pnz5ef#U``@j0CkGh|BI3$| z66MqslF0WS9{rb7>|cVc{A8f|U*`VL&UrbOO?BfsfjYhUHfixjNFg6JRCNlqB}7>M z-THyOpNIMn0jkkne4@0q4-vP8e~aqgKFcA%&j@Bg-1Z(NdZvk ckEn-7x;czOxx45Yk5CUaC2d$4)FSx*1LVIFyZf8SnGF=bXedZoi}Nl|C;r-`7U1{# z58=J|JNe*2o5wMD+fwb&rqB#sEBl(b$-_y`SZC80NnGRO&8bF5TbI>X!sUR!T5<_Ia88k52G2aI#YTcX7%gW&X(lpFO<2XYB0l729j1f$8$^T2xx%jFbD} z2nEl@Npd$uzry$$x7Uy8lxp%OWnnXK-qO*Q9vX6$l8c+OtrFhb?5>kVt27&|`MHd> zX`TT@#K7Zg5AM)kIHJY30ySd^-sDS<-O7wcgl!?A?{p>86%%l?FbdOc)n&!2)6Yu` zeDyEYck3AgbXoD;bu)VdR zsVQ{RRa}HXO^q<7wtV!akx7M2?n$pPbXCnRg4VSkt8O9+0f=af(2(e-UQNSom4}xr zX=)HNt}~TcsURmm*-s+;(x=o}(uk*CYH#a`N?k^z)Il7{;ZyvLjaL1{8ju=4K|LR8 zx+g*SwV%EsWip1BX2_k^Tat*4j0C7M>B8~6K39+jy@EAGgIq#8E%9MUe=bPk$8456 zOV1k>U{XsVfM#l}V=TY5)7Rp55wOWL&F*q|3=-mHlcMT&@A;?Oy39hxZ_0FH1avRB zYSYA-c8yJ!W&j9Mf2Nt=|D%hU ziu{=Albth372;Tf3_g$jJ8OPyb-$2NFx9;t&|EtE*%@6h z-fF7VWL(9q?^$6A;)r9^`IapIf|X5c`eS7EUvMQ5JRJZ(R0dVr~DwRGw z?AIH1ErgggusVums=nlFEobBK8i{w0rht2eKL6Zs9^bpg$`(&CxRXp-IhTWxev3JX z1^}w&PamC^5`EVICUU7DMU&6cD7!@9HV5kVAht z>ArtqDIUTX@c9SGgMhot2S4ZWw{l$*o`46Xy7G75^_Kd|Om^7j=9QiMd6_DnlGPN; z!WH4vy>PuyQ&sD@4)wE%P9^CFlI1bVB04~}9kI&?oB(h8GI_uX35Flao2b+HCpw$` zOs=%D&86|JU8(X##!C9A~P>{ zjCfd2v4DzIEc7IOQ59--o@sXQZnmECw-p`1nfPplod;y6V}!`a8xDf*1h%Eq;Q??6 z6Af|yeyBdOjyYESPdpD39{it(F_BQ0(B=H?VIYA@r{6;EtGiYAX5&2Z$D6Y0{STKLydvij z4k!|u6LGolFE3XTK!qpnQkfsE=~5o-`MKVCDLLKFG_ACT^qANbpm5087?ojM z*nn8WrgPASP{@6#O$!kL*&Y5UoMz`A4GMmoBn_cQYzH=TQ~NtJxeh|-BemW)2}$S*RUHCFj_5I8pL#&apHYc$vt{57iX zTPTL8=)hTR1d>k<2XV*%l&ksTj03SL0-$#++~f+;p)MfX`SWSnPWm$^L1l83?r7!D zc7pcANo57P%cP`p(3)R+0s9B8?WgFx!Te`gW-0nY=y|%(=6b|$7#bQA%A>O2%|$+T z7C|f(T*wI(!a&`{p~z!g>_UjiB}uEc4E3C!!*U7jgd7r)O@IblO@OqdczJi^!-W6*gIlRpMU#<*iQcDNk+5%M#P6JB0H zJ&u@=gL?r70=Q(b-1|7xCdZ856kf~wwZ4qR6Mo9#onBYPy=W?4EhvkVG5*+89Z84I zLboKD5tk6&#jD^-RbPawY6kx_3RdI zub-x1Ne}s`JBtXo*3@{58jVv@x$=<;+p4wZdOHtXKbIFjLQ~P8lmeiQ1MA%cw427| zg$5yD_|peeK%6Ol4AdI(h06{iF^ufU)u@#@kYXFNkaium4|U?)XwJdsp2n@=gdzcZd%AnFd=kYu{&-6psU^&YnQFv&xCDJMBruUCL zo)0GlJn^nnNA}cF(3t*JZ*5J@a~b~)?I-gk=v$y8yL|r z>}xW%bzZ9fha!16|7pnH%;PI;Vov3(S2&*$wsx19d0s@BT>ZJ1H!3Av_2#!rnO-03 z*wn9Z>a>TL(TX{?ydf;W6llO>M^P-i)Q|~Br%Dwg2jcg@y*o=>Q zE=;*Hs>MKLzHzwnx$HN;u&;2$wN<0p@MIFW1iUBQLzx%^j-yooiiZh98M}IEW-^4@ z3b~LmMUDs9&6tpEND5T}LCqP6Tt@EXKH~b}{JW^>s9bmc5)H=YP0&_YL41o{s(c7l z-;ojbKXw*yW$y*EYD4A_&KGW&s7DwrVV@>j5ESVe_k0X5q@$16sF((>Jm1ouB}Kxu zfYMB$fGg{Q?g45R9%HHwj&gUQ2)v*Vd*uZ(>A=Qy7kOsKi0usJ3N|25;7-1OZaCyY z8?@_Yb1tvP+Zc|tE~<{F)n8WxaD6x$q!-0i67yijrno!HUE943I=V0N=8xd=U1abc zVnm;JWXgW|+LtqXS?GDf7*Wh+x0IGw+3a$^3;6=!!p*y7h8v(fEN zL8TF-(5G+To;ZC>4V=b1nfNGEf?7wpOI0PG(YP>6tTKppsIH*?iI-1*_4j9B9*KEP zg5%;_%eYc~`ce_)#2(+Y2CvHo;X3+SL9A^8HugW4bD$LQzkituarH*+R2GCF#jh#7 zVyT`1-*SRjehhmI1`R5Bty;2R6^Qazxsf22R}{U{EtfluQKoIjcd-i#P@z!f?*PV) zbM(aDt3WDN9lweei0R!HGvjKaOo!;IYR+JPcMvvhHT_Ht^ROt^%Yud*XpB3gdO}q5 z7U+e9hb3*s0>z93Hr_uetB6iDH#!2eM%l2HA6t0e#%!4!HO*MA^vfvbSRC9~*4eL} zzHb`XKVV*6WDe=yUsmeFrsv$jz|LJ!><0OsdEzecD{_WlZ{p{nm(J>#d)?P`lHP~$ zBnnr0J!go!LD;evgEHI6i0*IWoanzC?|i^C+rC;oGt9YZ=yT$Ad~-Y$2v{C|4f*NZ z2Zl2xsjA6t6>^jXV?am4P1o+GC|V%|PLMc9X2$;BJDcw0#6-uNE3X|vYWkAIu(16> zyI2h(=;0=#b>?qt5uOnI~m%gN|4>JUl^Ri54xWFeqWsva6HxwTnJV~EFN_BwN*wd z>LxBu2iRjzmjci>op{AY5;iT+c=iYrmHN!c$Tc_FfQb%pw#T!X+%;gspq!{45_W-K0U|8=}T?2Un8exup z^V6H*jLERo_1uI1`B_N~-{Wv6$_L2vkmV=oPKX=g_)p;Q zY4^}{6kIt=(E6R}lwr26aJ6ENO3SU!8$=D2zxuZ`3GWj&HPWAW@-P|j5>wA&0eQG? zy!l1okbyz5?r3Yh%lnB>BsjLKFFkqW<>ePQ`cnmPwrLce+oQ|Yw>i~5GvJXgeZef6 z7QJd10{Ro6er=X8Y>o`c9Uk>FbV62-v(vr~qlzTiHcl>QlW z2%nMnmm1^OS3SJfmj$|4VZkHQVw$-Xh*MO&;N^mDh$WUN)$Uxq00qX#i zegjwa(2>XIDa>~Tyz<@CSz($8DN-~Cp16bKb4eSGzD%P%%AP)ZZ*HLkgH#2cS=-)B zb@ru{N|}S8u_v@RUMxSQ9X*DJ^^NfZf!?0NZOTFUZyWVr*$*RQ^V-4BAy>NToN?140S=0R ztLK!vni0-q3ol^`Ol=%(UwpP20W+-B`0Vw&^3yF?Z_xXOPy!mD@M@UFN0PoC$oQCI zmrJ)0ZKZX3|FE=M%==e!U zz_n(KKuA@j5`(u69~W)2FQt)uXPU;Vj|;O!-Y0ZB`ylNG;^D8%ew53qS~oJ zZaEz+wR;(vaGbgQZbiV>IP-tAi77pzO@A?scc-(3I$P>dui>BV2%r!XGw6FXtQCWGRU=_K8U<>m0R~GOR9wFXMz~xldH>LHD zarc&gyAP`5UYXdYBEl(2Rf35i=6vjFi7;1Y*+N^zyED1zX9#zvAGSM;m#wYiEf>Ci-v!{>utl(&G{`twtUSXamGu!Qq-XL{WZKF+$R z5v${giI=d%%3a}m0zPmb2E z>;CMEU_V~*I3j~9BhgJ_xpGpjRYxm-@7}}OW_{bW@g{4n^-T|K3Wf=Cc4UYZ@U^$fk`BQ@QFU0mL>RU2gE4rAy3e`rg(@BS!wQhAB zo`?(QbF}hVC;b?EG@SB=`Cok-2MFm20!^ZGRf#BG4E!-h@U# zfNF!<1|YAm`S5mgUhQ_NX}dX#f5=o_PdSBqwQRxet(%DI)}_31n9ZBykmwd>tsM^6 zjE~V1(|*K(Yi2i={Evb@j4=DY{Uf))lGARHu7eNO(wpoE8|P}%SI|%84BE|mvAtoI z8;x39AP+{h=|>Dz-E7^|my{#=;Suhdcr|>r27o!^2x53G##Lj3-#yGh3Z=5k;gy^C zIqUcRS+#{Y^7^d4o0?W({Dq^X()SAOHzXyTdg%^7JUFLO*WFgFzj#aVdmVfz{{*$A zSH%bryYM-TrSKJRkwRGtbWKR)EKINZ5dK2}><)oqqK}aE+$DB$g^Gr8MpX-(Ja>`r z^Z+A7P<_eTvP=V&^o5VDEWLsW*pcu#;0OzGq_m=AAmOkPB|H_7vE?KVH=j91cT)0RJ}GP zN}XN;y~(VXZH{3uhJB@nS+C9a?N|fz0CSu~WgauL{_0oY{rMmnK_8#?Tk5QMpTOm- za<{Z4-gHVe`604rA}+zP31Gy&#<-Tn5~$td_=)rkj`R!ILoD0O67>0|b$HIrtD>yF zyml)YG|_fhNn0&H{Phu=+dB@k|EuF^@3dpa~Lvgb)Kjpb=|(+gnSLle^IDo@!Kqm- zEhn-jIju|FJ7oBXe^)h2@#ISawsYww6`*>4Pb2gl*_1BWi6{5Rl)I!qKZcq~_ zf))4W;M|1bchk@xg_wzH4 z^M5Zl1we*%S_m1(2b*2Fy`u56L3v^qMp23p3R(=gbZ)D@7ygf=E@Uam0jJ9irQE(8 zP-5NTY8EwXEchh|D(irkcl(2^W?GUulR;BlHW4Pef@)jqA;=mcJ;03 z8+u(hqU4k65B-I&L3DtTk|7zoC(64xW1=cvRv~b4S&6Av)Q?4MEQ>QS z-dV?d*8QzH2E?;*4L--?vPZYmRJmu`b5~th2~LJRwBdK(JV)9|c-OENkbQfApUYTv zm6|4MJEJ%&=h`qUGi@#&0t%}%T#^7K3Y{fLcJ4mYF9GksB7mT`MO_(p&LUM;_vw?Y zRo#aekXEiiEtKKAf>D7Ox*Up?jR?B8jpgTc{l`Qg8<2u^;6&-~aKpuMCR4;l^-hz0 zCli_UiBYrl!0im?L^ZptNPgBxpdeEv0Sj~CSmuR`MXZ-2pHu(ABGwfQ&E4MmP_V@6 z2U@f^+UX_W-uGsS6BSNwLyn>0q1P?G)suC9ittG~P_AIAO||&oRYkzH;;HAqUEryx z@1!$ou>SvX*2kmzjg{snzxN(0D3H?q28@4v*cn}am?GhiW{%zr!nx|BAWd29j25cm z_qlSEr=4WY%>=_!v6+IB7>V!mj}{|p@fnbVFNWq*h;O1Mfh%H~Yo^wIj9IthJFS{U z)>54R5wGEr?w^TrIxZed7jt4FpGI~5Itd5Y=sHF6>*p?rFx{+*vCYiWu6GZfp1MOd zw9Wn5Sw$SJVwb~hiILvTb>(;JzUpI}E$h1g?DGD+lU&jISjM$|SrR5&@hKE31P}u% z%3FR9Nto`K(&3ZI?QfFbCApobxJX}ct$@yPDA^MhBhbxG?rbZOm%LPc zcPyUNttfxh?|+^)GocnDmheBItO?A?XcLn+uj9D_cp>=N6zW0mbs34YNMxMLYEGOG zX`zngMWaDM;Fpxx9C|gmG%K&4MD{p}B$rEF*`yKjN!nyP4p|x%Mj}d-kniqjM+uUq z<=)2BjV`K zO`XyWk2jh*xqp;wZOY7T73EXEl~8Ot*4WI>Qp^zq3jBRH`m)_S)WJmOXbhg2d6ol> zSX6n%jY`@zdcS>MS66C2T;K!IQ_e!W`G$k9g0Bkg(k`-Y$tVd00dlx<^C*W&6!3Z* z6U80b4tdb>V3jkJmso*nX`k4S(e}~vQUHRF(KAii-Tc;$=<3|*M zV*Y6>lVZF3`;K-JJiWEVp)QTLDs4~Sn+CeT-}1bupPNsRO~$ovjjG&di!2|!m|ke; zx^dD_xQyL-n}z?X*|W4Y9EI32JkF>|YD7QXggn4fk?RN}b>|U`j?7K#5ulMAr8U*a zy{KJ+FkY08XwPC?kG%a3`39AqBt8K}6u*vB-WjV5TBKk(V!LYBZWh!r8WKMatlcahBIrhEp5%Vx81e!v-_si zwTN#IgIy>qj*XOfHweOM%m`a29m;!!L(vsrqJy;By|MN>zb>xc`5R6_$9xEt$>nET zH!W#QztWZ|0^6}}VfrMG3b8OKH=B=b1sCT*E?umOKAFxXUmP9){V)uD*xA{s){LX& z>$dj(rwHgU#R~O0+Khy;hZp6Qx9DAV*r9Y%$X%8s_?iituZ+zQ7qZiy$XJ&kAdr19 z`Auewui|XNLXE30?+g#u%F}I&=5lg9^e4E|`0!-Lz>6G+3}s)KB3LJ#@NNM=JGU%Vkl7GoR0u z^)V6PQdf?xlEaRlMZanl{AH}OjPLq;dY&KC?{Wg*KmE_HpgTcYx}XiC^&afWmQpSa ziGd+w43XGM(KE2)ttD1b?IB%)vB6HPy5*8!^8QmoAtb!XYt3HWV0Z(GG(EF0k)wqi zI-s24pRI_zztlDSzf;!Nmv?KGd*`0qr?+f()yQ?%C_YNS&_mtXoQh5CH_5OzmjRE_*)Ht ze8Qqs9OGw_aFC4*t`e4PDW74B_UQ+c{C7N(;^uw3;;;DAg8xEIWYq&K+Yi(~zkGSV z_p$&{fu8yoghC0j+tdHOAckDlL>+q}Hrj;Pt@bYp&Bw#ij>Gawv%anItfeF z&o4QdnLE-Ytoo*b)W4U5HiYZW;}asLbj^4Si^5#e`up{C^#m+ECzDq!%h>MbLtJ&nwMx~BKIm)_w4q4z=8>Ki zkLCs?yyJ(pBsmW6oRnwzd6S&c+mI5M>WdPW8j1o~S4%2ZbM^fiH4=)~cx>D7;E!+e zht(G;GmOY%$U}K$GMz>8z_l#C6u&M=?A`Adzh0}QHx|B$d_?=bDPU|Yb>;LON{XW)zcok&=d5e&yLR50Tnzn(Dw;Wr+2Xvc+n$55m)CUP;2`Y?eaxxv z?k5I-ep32&+sqQHLVZ%%^CQLnYfvNwHNZjisjT^fskBH$6E*u%VZ97U9(0|~=S7cQ zXT%0$nI%uqnt+fHW#(KF2XonthPwJQMLa{%@`{R)v1t8!^`--)jGm&D44hGyR2VnFa*Ip3mx!yZaK#GyR&|OBj!9&K4Dp! zc?Tc0@Bu}zucBePU|mthhCJrMs)ow{B3Vo#>dCm}@I2p_O(b{xdEPjOI{zof0{$<^ zqVlfE!cJ{N#G@H==754MSbZO$u6_F5p+koRlH|%L4Snxj@Z49J3HMvrvef4moEgdEcNUA z`L7OvTitzv(O$LXSF=VbmAp5=9CoavB2TMxg`GAb|KMurzCO4o$FBKCo3_@$9>4X_ z8Eoh9rPk@vwHUj%v&WEDG>Mv?o@4VQ7>3%xH=a?4zf~vCA|oRiDTPn$*>hrKhFDJ} z9%ojTSbfq|RqS-%Nvq0A5L;ba3)IYS-wnB0rj}k75Ef3HBuH;WkVpg9N(_2qz=Uw+ zjEg~~kb1fpnZ&7>`uG7pb)#ckjMy7Nen9YYx@a0m<2a$Bq6+jiIoXjRh-hvgv-{!A zX$`T#EmbtRrKiOvD8#eMHc3k1*ur3tLlQahQ9h!oD=j%0JJvX@X=%u2q%j*9^Et1jgeqxx-rkFsB-o`k45@iyT_Fk%F(8tzg(=m0N?3bX ztbRvFs_hp>@HLK>P)vpv)7u4?mz0qv-KMES1+YXFtWRtm#GEGnQ~7zQw8H9;7VsZ5 zCER7=k@$fw)7SHK+}t$AOVIO7c7_+^aV~pxHmWLiK4#?d`aK^Y{aszkKkF8+KcJ7# z?zpXZZ5@T;E-%P;+-TJl=m5k`My0>Mv~xPidFptx3wTs;MMh(dYMcgCNdr}?iS%W8D=ZhhE|6u_` z=AiL9NpQciN!gr*yKIQH^z-6528-_(5LA0SX{D{iGR@h$A7!kH#El z<@yCV_(`RVzuufnw&~;18iqL93uG4;U0xg0mWI(yc+6^&w%453QmC%Rh(p?RGJnWY zn!)3R+#8y^$Wy5#tNp6!JDZ(XdhVL=ym6nk4SaklVM`FIE&W&gVMl>!f*O*P?KEd9 zuwVBjYWGqAm&Nk&xeKx9mQ`0fyh^3Wm>WN=9K_Y(5Ec0-j>Q?@VpZ|+O`rS^oB`lVO~%Nxl)aVki3n=V2)o!MFtm7!mhz4uJQAWl9aR~SEAjsNt3#nE<; zQi<2Nn{k*P>RJvM0yj-lKTd6qeX+_)IidCm*${Ssot!9oOW8DkpAE-~_qO#fhQZ1r z;II0?MRF+|e}3Wl48@D)o}U0o8d8zrjBD)-#Ep40r;%y#aQ*Q5oi65{ zmEwCz_6i1Gp)zVRd5o#Sx>QK9wM}1Er$zfA{u1qbNZ|`K z67z%#GT8n&eKcTZ(TS=!7jls37_NQef@S;4))@L%6P)l#%XZ<8eg2S{P~bdmIo+<7 zJey5sW@aWx(jXQ;w?=|^4i|K0=x%m5kBx!PcF$*|Z0G95UYeN_XAc>^ z*V7pD=T%0=5IKCBIIkk+5Qmda;SO4i=&I)cOEJ8ea{S{IZMy?&l-ry)1J7^aLMvqI z6`B;ee9;f-;|a;4wDl)?0l3ePBYN!)btNtp_=HWO#LG8)@5}Og&s*Q^KBYor6*XoG z35Wf6+t?}2--7lycGoy;Jv%NwDoAMIs*O^kOfaf;KnyerK8xZ3T-`A0lP)mGbNhP3er7FRUsqAX@Q=S@N zG{RM41kl#=G?*9zeoW}9@YlG9djT6+zvN^h;8r)PxYr{oayuV07%BI|&ImiYr00bk z>7;_$M=WK^uhP=~&XhGVJw$?t-b%sf)B>48h>lx zQ3D9&9 zr=tG4{JdGO(=tRm7kJF&er!WLFH~Xa%;uVE);?zLa(6y?%E9+*%paM3HY3l|I;=;T5z#}q;d131P7xPukw};c zw7GulnX`Y;`d?_{0dpLZKLO24K3y_ZGZf`O2~eqs#h*=*f52Bn8ws|Fy|}eFgyNw7 zC)#*(nn@bJF7JkU|3@$iKV6r~uPx-NZ-QRnm4*y?_|ej~dE#F4aNS~C{8e*i439s6 zg;hPUzUar_b$d;QN89M$7>5CK%-Ddr2Y|%EXP%eFY;dMUjXuD;mN^!MI&p$cYMDdX zi?s933)nh3c3%c7VC!Z>kWFet_`=Civhw;voh$&=vZ zL<(F-nhFMxV-Fd&L7l_3Szbnq)>x@>YA81|`EEJBecF6hMYzlPbejcR2bZwj>M=ce zZ8~^F2)qoKRj|tEP-Xlzqe8IQ4~nF_Q^H9T2Kq&cb$~(hUt!rg2>R#F(<2T;XjfX~ zIrgxiN&hM>D8c#(I1cNNdiF0h_}@)$5~GUn->x~jXiA9?x)Ok;3GJyjjyIprE*S8z z-;+@*SQ-I0Wlm-IN!cE?rcj9@(vX;I3drRu(oPz)~KcbKt9=_^*>pk+CL@lL- v4